diff options
author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-04-15 14:47:07 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-04-15 14:47:07 +0200 |
commit | 018ee24528b421b213771074a0a6c1bb7d7fd402 (patch) | |
tree | a2b6bddb5c04cea7144e0f035668b885343b9a20 | |
parent | ae57c2cb23e758018439f4002c0b8d34eb55b9d6 (diff) | |
download | stable-queue-018ee24528b421b213771074a0a6c1bb7d7fd402.tar.gz |
5.10-stable patches
added patches:
btrfs-qgroup-correctly-model-root-qgroup-rsv-in-convert.patch
drm-client-fully-protect-modes-with-dev-mode_config.mutex.patch
vhost-add-smp_rmb-in-vhost_vq_avail_empty.patch
x86-cpu-actually-turn-off-mitigations-by-default-for-speculation_mitigations-n.patch
5 files changed, 215 insertions, 0 deletions
diff --git a/queue-5.10/btrfs-qgroup-correctly-model-root-qgroup-rsv-in-convert.patch b/queue-5.10/btrfs-qgroup-correctly-model-root-qgroup-rsv-in-convert.patch new file mode 100644 index 0000000000..d4c2b2d565 --- /dev/null +++ b/queue-5.10/btrfs-qgroup-correctly-model-root-qgroup-rsv-in-convert.patch @@ -0,0 +1,38 @@ +From 141fb8cd206ace23c02cd2791c6da52c1d77d42a Mon Sep 17 00:00:00 2001 +From: Boris Burkov <boris@bur.io> +Date: Tue, 19 Mar 2024 10:54:22 -0700 +Subject: btrfs: qgroup: correctly model root qgroup rsv in convert + +From: Boris Burkov <boris@bur.io> + +commit 141fb8cd206ace23c02cd2791c6da52c1d77d42a upstream. + +We use add_root_meta_rsv and sub_root_meta_rsv to track prealloc and +pertrans reservations for subvolumes when quotas are enabled. The +convert function does not properly increment pertrans after decrementing +prealloc, so the count is not accurate. + +Note: we check that the fs is not read-only to mirror the logic in +qgroup_convert_meta, which checks that before adding to the pertrans rsv. + +Fixes: 8287475a2055 ("btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta reserved space") +CC: stable@vger.kernel.org # 6.1+ +Reviewed-by: Qu Wenruo <wqu@suse.com> +Signed-off-by: Boris Burkov <boris@bur.io> +Signed-off-by: David Sterba <dsterba@suse.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + fs/btrfs/qgroup.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/btrfs/qgroup.c ++++ b/fs/btrfs/qgroup.c +@@ -4114,6 +4114,8 @@ void btrfs_qgroup_convert_reserved_meta( + BTRFS_QGROUP_RSV_META_PREALLOC); + trace_qgroup_meta_convert(root, num_bytes); + qgroup_convert_meta(fs_info, root->root_key.objectid, num_bytes); ++ if (!sb_rdonly(fs_info->sb)) ++ add_root_meta_rsv(root, num_bytes, BTRFS_QGROUP_RSV_META_PERTRANS); + } + + /* diff --git a/queue-5.10/drm-client-fully-protect-modes-with-dev-mode_config.mutex.patch b/queue-5.10/drm-client-fully-protect-modes-with-dev-mode_config.mutex.patch new file mode 100644 index 0000000000..8d4b196b88 --- /dev/null +++ b/queue-5.10/drm-client-fully-protect-modes-with-dev-mode_config.mutex.patch @@ -0,0 +1,56 @@ +From 3eadd887dbac1df8f25f701e5d404d1b90fd0fea Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala@linux.intel.com> +Date: Thu, 4 Apr 2024 23:33:25 +0300 +Subject: drm/client: Fully protect modes[] with dev->mode_config.mutex +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ville Syrjälä <ville.syrjala@linux.intel.com> + +commit 3eadd887dbac1df8f25f701e5d404d1b90fd0fea upstream. + +The modes[] array contains pointers to modes on the connectors' +mode lists, which are protected by dev->mode_config.mutex. +Thus we need to extend modes[] the same protection or by the +time we use it the elements may already be pointing to +freed/reused memory. + +Cc: stable@vger.kernel.org +Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10583 +Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com> +Link: https://patchwork.freedesktop.org/patch/msgid/20240404203336.10454-2-ville.syrjala@linux.intel.com +Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> +Reviewed-by: Jani Nikula <jani.nikula@intel.com> +Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/gpu/drm/drm_client_modeset.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/gpu/drm/drm_client_modeset.c ++++ b/drivers/gpu/drm/drm_client_modeset.c +@@ -774,6 +774,7 @@ int drm_client_modeset_probe(struct drm_ + unsigned int total_modes_count = 0; + struct drm_client_offset *offsets; + unsigned int connector_count = 0; ++ /* points to modes protected by mode_config.mutex */ + struct drm_display_mode **modes; + struct drm_crtc **crtcs; + int i, ret = 0; +@@ -842,7 +843,6 @@ int drm_client_modeset_probe(struct drm_ + drm_client_pick_crtcs(client, connectors, connector_count, + crtcs, modes, 0, width, height); + } +- mutex_unlock(&dev->mode_config.mutex); + + drm_client_modeset_release(client); + +@@ -872,6 +872,7 @@ int drm_client_modeset_probe(struct drm_ + modeset->y = offset->y; + } + } ++ mutex_unlock(&dev->mode_config.mutex); + + mutex_unlock(&client->modeset_mutex); + out: diff --git a/queue-5.10/series b/queue-5.10/series index aebdfe7d8a..2bfc94e827 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -29,3 +29,7 @@ net-ena-wrong-missing-io-completions-check-order.patch net-ena-fix-incorrect-descriptor-free-behavior.patch iommu-vt-d-allocate-local-memory-for-page-request-qu.patch mailbox-imx-fix-suspend-failue.patch +btrfs-qgroup-correctly-model-root-qgroup-rsv-in-convert.patch +drm-client-fully-protect-modes-with-dev-mode_config.mutex.patch +vhost-add-smp_rmb-in-vhost_vq_avail_empty.patch +x86-cpu-actually-turn-off-mitigations-by-default-for-speculation_mitigations-n.patch diff --git a/queue-5.10/vhost-add-smp_rmb-in-vhost_vq_avail_empty.patch b/queue-5.10/vhost-add-smp_rmb-in-vhost_vq_avail_empty.patch new file mode 100644 index 0000000000..ca0146d8d8 --- /dev/null +++ b/queue-5.10/vhost-add-smp_rmb-in-vhost_vq_avail_empty.patch @@ -0,0 +1,70 @@ +From 22e1992cf7b034db5325660e98c41ca5afa5f519 Mon Sep 17 00:00:00 2001 +From: Gavin Shan <gshan@redhat.com> +Date: Thu, 28 Mar 2024 10:21:47 +1000 +Subject: vhost: Add smp_rmb() in vhost_vq_avail_empty() + +From: Gavin Shan <gshan@redhat.com> + +commit 22e1992cf7b034db5325660e98c41ca5afa5f519 upstream. + +A smp_rmb() has been missed in vhost_vq_avail_empty(), spotted by +Will. Otherwise, it's not ensured the available ring entries pushed +by guest can be observed by vhost in time, leading to stale available +ring entries fetched by vhost in vhost_get_vq_desc(), as reported by +Yihuang Yu on NVidia's grace-hopper (ARM64) platform. + + /home/gavin/sandbox/qemu.main/build/qemu-system-aarch64 \ + -accel kvm -machine virt,gic-version=host -cpu host \ + -smp maxcpus=1,cpus=1,sockets=1,clusters=1,cores=1,threads=1 \ + -m 4096M,slots=16,maxmem=64G \ + -object memory-backend-ram,id=mem0,size=4096M \ + : \ + -netdev tap,id=vnet0,vhost=true \ + -device virtio-net-pci,bus=pcie.8,netdev=vnet0,mac=52:54:00:f1:26:b0 + : + guest# netperf -H 10.26.1.81 -l 60 -C -c -t UDP_STREAM + virtio_net virtio0: output.0:id 100 is not a head! + +Add the missed smp_rmb() in vhost_vq_avail_empty(). When tx_can_batch() +returns true, it means there's still pending tx buffers. Since it might +read indices, so it still can bypass the smp_rmb() in vhost_get_vq_desc(). +Note that it should be safe until vq->avail_idx is changed by commit +275bf960ac697 ("vhost: better detection of available buffers"). + +Fixes: 275bf960ac69 ("vhost: better detection of available buffers") +Cc: <stable@kernel.org> # v4.11+ +Reported-by: Yihuang Yu <yihyu@redhat.com> +Suggested-by: Will Deacon <will@kernel.org> +Signed-off-by: Gavin Shan <gshan@redhat.com> +Acked-by: Jason Wang <jasowang@redhat.com> +Message-Id: <20240328002149.1141302-2-gshan@redhat.com> +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> +Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/vhost/vhost.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +--- a/drivers/vhost/vhost.c ++++ b/drivers/vhost/vhost.c +@@ -2513,9 +2513,19 @@ bool vhost_vq_avail_empty(struct vhost_d + r = vhost_get_avail_idx(vq, &avail_idx); + if (unlikely(r)) + return false; ++ + vq->avail_idx = vhost16_to_cpu(vq, avail_idx); ++ if (vq->avail_idx != vq->last_avail_idx) { ++ /* Since we have updated avail_idx, the following ++ * call to vhost_get_vq_desc() will read available ++ * ring entries. Make sure that read happens after ++ * the avail_idx read. ++ */ ++ smp_rmb(); ++ return false; ++ } + +- return vq->avail_idx == vq->last_avail_idx; ++ return true; + } + EXPORT_SYMBOL_GPL(vhost_vq_avail_empty); + diff --git a/queue-5.10/x86-cpu-actually-turn-off-mitigations-by-default-for-speculation_mitigations-n.patch b/queue-5.10/x86-cpu-actually-turn-off-mitigations-by-default-for-speculation_mitigations-n.patch new file mode 100644 index 0000000000..dc7085e042 --- /dev/null +++ b/queue-5.10/x86-cpu-actually-turn-off-mitigations-by-default-for-speculation_mitigations-n.patch @@ -0,0 +1,47 @@ +From f337a6a21e2fd67eadea471e93d05dd37baaa9be Mon Sep 17 00:00:00 2001 +From: Sean Christopherson <seanjc@google.com> +Date: Tue, 9 Apr 2024 10:51:05 -0700 +Subject: x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Sean Christopherson <seanjc@google.com> + +commit f337a6a21e2fd67eadea471e93d05dd37baaa9be upstream. + +Initialize cpu_mitigations to CPU_MITIGATIONS_OFF if the kernel is built +with CONFIG_SPECULATION_MITIGATIONS=n, as the help text quite clearly +states that disabling SPECULATION_MITIGATIONS is supposed to turn off all +mitigations by default. + + │ If you say N, all mitigations will be disabled. You really + │ should know what you are doing to say so. + +As is, the kernel still defaults to CPU_MITIGATIONS_AUTO, which results in +some mitigations being enabled in spite of SPECULATION_MITIGATIONS=n. + +Fixes: f43b9876e857 ("x86/retbleed: Add fine grained Kconfig knobs") +Signed-off-by: Sean Christopherson <seanjc@google.com> +Signed-off-by: Ingo Molnar <mingo@kernel.org> +Reviewed-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> +Cc: stable@vger.kernel.org +Cc: Linus Torvalds <torvalds@linux-foundation.org> +Link: https://lore.kernel.org/r/20240409175108.1512861-2-seanjc@google.com +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + kernel/cpu.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/kernel/cpu.c ++++ b/kernel/cpu.c +@@ -2600,7 +2600,8 @@ enum cpu_mitigations { + }; + + static enum cpu_mitigations cpu_mitigations __ro_after_init = +- CPU_MITIGATIONS_AUTO; ++ IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : ++ CPU_MITIGATIONS_OFF; + + static int __init mitigations_parse_cmdline(char *arg) + { |