From 0749adab1c770463588d0e55810f3f9ef3ea138a Mon Sep 17 00:00:00 2001 From: Dan Aloni Date: Mon, 19 Dec 2022 11:48:25 +0200 Subject: [PATCH] Changes representative of linux-3.10.0-1160.83.1.el7.tar.xz --- Documentation/kernel-parameters.txt | 1 + Makefile | 2 +- arch/x86/include/asm/nospec-branch.h | 1 + arch/x86/include/asm/spec_ctrl.h | 1 + arch/x86/kernel/cpu/amd.c | 2 - arch/x86/kernel/cpu/bugs.c | 34 ++++++ arch/x86/kernel/spec_ctrl.c | 10 ++ arch/x86/mm/mem_encrypt_boot.S | 6 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 3 +- drivers/net/usb/ax88179_178a.c | 128 ++++++++++++++------ drivers/scsi/hosts.c | 1 + drivers/scsi/scsi.c | 1 + drivers/scsi/scsi_error.c | 90 +++++++++----- drivers/scsi/scsi_lib.c | 1 + include/scsi/scsi_cmnd.h | 2 +- include/scsi/scsi_host.h | 4 + mm/swap_state.c | 9 ++ scripts/kernel.spec | 19 ++- 18 files changed, 239 insertions(+), 76 deletions(-) diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index 9b478eb4145b5e..721aa46b3515be 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -3529,6 +3529,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted. Specific mitigations can also be selected manually: retpoline[,force] - replace indirect branches + retpoline,amd - AMD-specific minimal thunk ibrs - Intel: Indirect Branch Restricted Speculation (kernel) ibrs_always - Intel: Indirect Branch Restricted Speculation (kernel and user space) diff --git a/Makefile b/Makefile index 995a2d9a14c308..ab7150106e222e 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ EXTRAVERSION = NAME = Unicycling Gorilla RHEL_MAJOR = 7 RHEL_MINOR = 9 -RHEL_RELEASE = 1160.81.1 +RHEL_RELEASE = 1160.83.1 # # DRM backport version diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index 7f9549fa998ea3..56b10d3213f0de 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -220,6 +220,7 @@ enum spectre_v2_mitigation { SPECTRE_V2_RETPOLINE_MINIMAL, SPECTRE_V2_RETPOLINE_NO_IBPB, SPECTRE_V2_RETPOLINE_UNSAFE_MODULE, + SPECTRE_V2_RETPOLINE_AMD, SPECTRE_V2_RETPOLINE, SPECTRE_V2_RETPOLINE_IBRS_USER, SPECTRE_V2_IBRS, diff --git a/arch/x86/include/asm/spec_ctrl.h b/arch/x86/include/asm/spec_ctrl.h index 3c8c27fffeeeb2..1e5a38853a2e8d 100644 --- a/arch/x86/include/asm/spec_ctrl.h +++ b/arch/x86/include/asm/spec_ctrl.h @@ -204,6 +204,7 @@ void spec_ctrl_enable_ibrs_enhanced(void); bool spec_ctrl_force_enable_ibp_disabled(void); bool spec_ctrl_cond_enable_ibp_disabled(void); void spec_ctrl_enable_retpoline(void); +void spec_ctrl_enable_retpoline_amd(void); bool spec_ctrl_enable_retpoline_ibrs_user(void); void spec_ctrl_set_ssbd(bool ssbd_on); diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 93d41928ebd549..619851c677bd2e 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -903,8 +903,6 @@ static void init_amd(struct cpuinfo_x86 *c) if (c->x86 == 0x10 || c->x86 == 0x12) set_cpu_cap(c, X86_FEATURE_IBP_DISABLE); - - set_cpu_cap(c, X86_FEATURE_RETPOLINE_AMD); } #ifdef CONFIG_X86_32 diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 5546d93b0160b1..7d3e938e7b6bba 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -149,6 +149,7 @@ enum spectre_v2_mitigation_cmd { SPECTRE_V2_CMD_FORCE, SPECTRE_V2_CMD_AUTO, SPECTRE_V2_CMD_RETPOLINE, + SPECTRE_V2_CMD_RETPOLINE_AMD, SPECTRE_V2_CMD_RETPOLINE_FORCE, SPECTRE_V2_CMD_RETPOLINE_IBRS_USER, SPECTRE_V2_CMD_IBRS, @@ -160,6 +161,7 @@ static const char *spectre_v2_strings[] = { [SPECTRE_V2_RETPOLINE_MINIMAL] = "Vulnerable: Minimal ASM retpoline", [SPECTRE_V2_RETPOLINE_NO_IBPB] = "Vulnerable: Retpoline without IBPB", [SPECTRE_V2_RETPOLINE_UNSAFE_MODULE] = "Vulnerable: Retpoline with unsafe module(s)", + [SPECTRE_V2_RETPOLINE_AMD] = "Vulnerable: AMD retpoline (LFENCE/JMP)", [SPECTRE_V2_RETPOLINE] = "Mitigation: Full retpoline", [SPECTRE_V2_RETPOLINE_IBRS_USER] = "Mitigation: Full retpoline and IBRS (user space)", [SPECTRE_V2_IBRS] = "Mitigation: IBRS (kernel)", @@ -813,6 +815,8 @@ static void __init retbleed_select_mitigation(void) #undef pr_fmt #define pr_fmt(fmt) "Spectre V2 : " fmt +#define SPECTRE_V2_LFENCE_MSG "WARNING: AMD retpoline (LFENCE/JMP) is not a recommended mitigation for this CPU, data leaks possible!\n" + static inline bool match_option(const char *arg, int arglen, const char *opt) { int len = strlen(opt); @@ -828,6 +832,7 @@ static const struct { { "off", SPECTRE_V2_CMD_NONE, false }, { "on", SPECTRE_V2_CMD_FORCE, true }, { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false }, + { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_AMD, false }, { "retpoline,force", SPECTRE_V2_CMD_RETPOLINE_FORCE, false }, { "retpoline,ibrs_user",SPECTRE_V2_CMD_RETPOLINE_IBRS_USER,false }, { "ibrs", SPECTRE_V2_CMD_IBRS, false }, @@ -877,6 +882,8 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) } if ((cmd == SPECTRE_V2_CMD_RETPOLINE || + cmd == SPECTRE_V2_CMD_RETPOLINE_AMD || + cmd == SPECTRE_V2_CMD_RETPOLINE_FORCE || cmd == SPECTRE_V2_CMD_RETPOLINE_IBRS_USER) && !IS_ENABLED(CONFIG_RETPOLINE)) { pr_err("%s selected but not compiled in. Switching to AUTO select\n", @@ -884,6 +891,28 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) return SPECTRE_V2_CMD_AUTO; } + if (cmd == SPECTRE_V2_CMD_RETPOLINE_AMD) { + /* + * Originally, RHEL7 would unconditionally set the capability + * X86_FEATURE_RETPOLINE_AMD in init_amd() to alternatively + * patch over its retpoline code with a single LFENCE call + * before the indirect jump. + * + * With that becoming a command line option now, we need to + * select SPECTRE_V2_CMD_AUTO in case "retpoline,amd" gets + * parsed on non-AMD systems. + */ + if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD) + return SPECTRE_V2_CMD_AUTO; + + if (!boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) { + pr_warn("%s selected, but CPU doesn't have a serializing LFENCE. " \ + "Switching to AUTO select\n", + mitigation_options[i].option); + return SPECTRE_V2_CMD_AUTO; + } + } + /* * RETBleed affected CPUs (Intel) depend on IBRS as an effective * mitigation mechanism. We'll override spectre_v2=retpoline with @@ -952,6 +981,11 @@ void __spectre_v2_select_mitigation(void) spec_ctrl_enable_retpoline(); return; + case SPECTRE_V2_CMD_RETPOLINE_AMD: + pr_warn(SPECTRE_V2_LFENCE_MSG); + spec_ctrl_enable_retpoline_amd(); + return; + case SPECTRE_V2_CMD_IBRS: if (spec_ctrl_force_enable_ibrs()) return; diff --git a/arch/x86/kernel/spec_ctrl.c b/arch/x86/kernel/spec_ctrl.c index bd9153f54b0f0f..43e715d1fc8b06 100644 --- a/arch/x86/kernel/spec_ctrl.c +++ b/arch/x86/kernel/spec_ctrl.c @@ -21,6 +21,7 @@ static DEFINE_MUTEX(spec_ctrl_mutex); static bool noibrs_cmdline __read_mostly; static bool ibp_disabled __read_mostly; static bool unsafe_module __read_mostly; +static bool retpoline_amd_mode __read_mostly; static unsigned int ibrs_mode __read_mostly; /* @@ -490,6 +491,13 @@ void spec_ctrl_enable_retpoline(void) set_spec_ctrl_retp(true); } +void spec_ctrl_enable_retpoline_amd(void) +{ + retpoline_amd_mode = true; + setup_force_cpu_cap(X86_FEATURE_RETPOLINE_AMD); + set_spec_ctrl_retp(true); +} + bool spec_ctrl_enable_retpoline_ibrs_user(void) { if (!cpu_has_spec_ctrl()) @@ -535,6 +543,8 @@ enum spectre_v2_mitigation spec_ctrl_get_mitigation(void) mode = SPECTRE_V2_RETPOLINE_UNSAFE_MODULE; else if (ibrs_mode == IBRS_ENABLED_USER) mode = SPECTRE_V2_RETPOLINE_IBRS_USER; + else if (retpoline_amd_mode) + mode = SPECTRE_V2_RETPOLINE_AMD; else mode = SPECTRE_V2_RETPOLINE; } diff --git a/arch/x86/mm/mem_encrypt_boot.S b/arch/x86/mm/mem_encrypt_boot.S index d63da82337ee5e..9c1ef8557dc895 100644 --- a/arch/x86/mm/mem_encrypt_boot.S +++ b/arch/x86/mm/mem_encrypt_boot.S @@ -66,7 +66,8 @@ ENTRY(sme_encrypt_execute) movq %rbp, %rsp /* Restore original stack pointer */ pop %rbp - RET + ret + int3 ENDPROC(sme_encrypt_execute) ENTRY(__enc_copy) @@ -152,6 +153,7 @@ ENTRY(__enc_copy) pop %r12 pop %r15 - RET + ret + int3 .L__enc_copy_end: ENDPROC(__enc_copy) diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c index 19b6253c73c56e..d3934c41d674b5 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_main.c +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c @@ -4784,7 +4784,8 @@ static void i40e_clear_interrupt_scheme(struct i40e_pf *pf) { int i; - i40e_free_misc_vector(pf); + if (test_bit(__I40E_MISC_IRQ_REQUESTED, pf->state)) + i40e_free_misc_vector(pf); i40e_put_lump(pf->irq_pile, pf->iwarp_base_vector, I40E_IWARP_IRQ_PILE_ID); diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c index 7f496ccdd27254..1940f31facf0f2 100644 --- a/drivers/net/usb/ax88179_178a.c +++ b/drivers/net/usb/ax88179_178a.c @@ -1375,58 +1375,119 @@ static int ax88179_rx_fixup(struct usbnet *dev, struct sk_buff *skb) u16 hdr_off; u32 *pkt_hdr; - /* This check is no longer done by usbnet */ - if (skb->len < dev->net->hard_header_len) + /* At the end of the SKB, there's a header telling us how many packets + * are bundled into this buffer and where we can find an array of + * per-packet metadata (which contains elements encoded into u16). + */ + + /* SKB contents for current firmware: + * + * ... + * + * + * ... + * + * + * + * where: + * contains pkt_len bytes: + * 2 bytes of IP alignment pseudo header + * packet received + * contains 4 bytes: + * pkt_len and fields AX_RXHDR_* + * 0-7 bytes to terminate at + * 8 bytes boundary (64-bit). + * 4 bytes to make rx_hdr terminate at + * 8 bytes boundary (64-bit) + * contains 4 bytes: + * pkt_len=0 and AX_RXHDR_DROP_ERR + * contains 4 bytes: + * pkt_cnt and hdr_off (offset of + * ) + * + * pkt_cnt is number of entrys in the per-packet metadata. + * In current firmware there is 2 entrys per packet. + * The first points to the packet and the + * second is a dummy header. + * This was done probably to align fields in 64-bit and + * maintain compatibility with old firmware. + * This code assumes that and are + * optional. + */ + + if (skb->len < 4) return 0; - skb_trim(skb, skb->len - 4); - memcpy(&rx_hdr, skb_tail_pointer(skb), 4); - le32_to_cpus(&rx_hdr); - + rx_hdr = get_unaligned_le32(skb_tail_pointer(skb)); pkt_cnt = (u16)rx_hdr; hdr_off = (u16)(rx_hdr >> 16); + + if (pkt_cnt == 0) + return 0; + + /* Make sure that the bounds of the metadata array are inside the SKB + * (and in front of the counter at the end). + */ + if (pkt_cnt * 4 + hdr_off > skb->len) + return 0; pkt_hdr = (u32 *)(skb->data + hdr_off); - while (pkt_cnt--) { + /* Packets must not overlap the metadata array */ + skb_trim(skb, hdr_off); + + for (; pkt_cnt > 0; pkt_cnt--, pkt_hdr++) { + u16 pkt_len_plus_padd; u16 pkt_len; le32_to_cpus(pkt_hdr); pkt_len = (*pkt_hdr >> 16) & 0x1fff; + pkt_len_plus_padd = (pkt_len + 7) & 0xfff8; + + /* Skip dummy header used for alignment + */ + if (pkt_len == 0) + continue; + + if (pkt_len_plus_padd > skb->len) + return 0; /* Check CRC or runt packet */ - if ((*pkt_hdr & AX_RXHDR_CRC_ERR) || - (*pkt_hdr & AX_RXHDR_DROP_ERR)) { - skb_pull(skb, (pkt_len + 7) & 0xFFF8); - pkt_hdr++; + if ((*pkt_hdr & (AX_RXHDR_CRC_ERR | AX_RXHDR_DROP_ERR)) || + pkt_len < 2 + ETH_HLEN) { + dev->net->stats.rx_errors++; + skb_pull(skb, pkt_len_plus_padd); continue; } - if (pkt_cnt == 0) { - /* Skip IP alignment psudo header */ + /* last packet */ + if (pkt_len_plus_padd == skb->len) { + skb_trim(skb, pkt_len); + + /* Skip IP alignment pseudo header */ skb_pull(skb, 2); - skb->len = pkt_len; - skb_set_tail_pointer(skb, pkt_len); - skb->truesize = pkt_len + sizeof(struct sk_buff); + + skb->truesize = SKB_TRUESIZE(pkt_len_plus_padd); ax88179_rx_checksum(skb, pkt_hdr); return 1; } ax_skb = skb_clone(skb, GFP_ATOMIC); - if (ax_skb) { - ax_skb->len = pkt_len; - ax_skb->data = skb->data + 2; - skb_set_tail_pointer(ax_skb, pkt_len); - ax_skb->truesize = pkt_len + sizeof(struct sk_buff); - ax88179_rx_checksum(ax_skb, pkt_hdr); - usbnet_skb_return(dev, ax_skb); - } else { + if (!ax_skb) return 0; - } + skb_trim(ax_skb, pkt_len); - skb_pull(skb, (pkt_len + 7) & 0xFFF8); - pkt_hdr++; + /* Skip IP alignment pseudo header */ + skb_pull(ax_skb, 2); + + skb->truesize = pkt_len_plus_padd + + SKB_DATA_ALIGN(sizeof(struct sk_buff)); + ax88179_rx_checksum(ax_skb, pkt_hdr); + usbnet_skb_return(dev, ax_skb); + + skb_pull(skb, pkt_len_plus_padd); } - return 1; + + return 0; } static struct sk_buff * @@ -1436,6 +1497,7 @@ ax88179_tx_fixup(struct usbnet *dev, struct sk_buff *skb, gfp_t flags) int frame_size = dev->maxpacket; int mss = skb_shinfo(skb)->gso_size; int headroom; + void *ptr; tx_hdr1 = skb->len; tx_hdr2 = mss; @@ -1450,13 +1512,9 @@ ax88179_tx_fixup(struct usbnet *dev, struct sk_buff *skb, gfp_t flags) return NULL; } - skb_push(skb, 4); - cpu_to_le32s(&tx_hdr2); - skb_copy_to_linear_data(skb, &tx_hdr2, 4); - - skb_push(skb, 4); - cpu_to_le32s(&tx_hdr1); - skb_copy_to_linear_data(skb, &tx_hdr1, 4); + ptr = skb_push(skb, 8); + put_unaligned_le32(tx_hdr1, ptr); + put_unaligned_le32(tx_hdr2, ptr + 4); return skb; } diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c index 53d68906568afd..ac1be7b120412f 100644 --- a/drivers/scsi/hosts.c +++ b/drivers/scsi/hosts.c @@ -405,6 +405,7 @@ struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize) shost->shost_state = SHOST_CREATED; INIT_LIST_HEAD(&shost->__devices); INIT_LIST_HEAD(&shost->__targets); + INIT_LIST_HEAD(&shost->eh_abort_list); INIT_LIST_HEAD(&shost->eh_cmd_q); INIT_LIST_HEAD(&shost->starved_list); init_waitqueue_head(&shost->host_wait); diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c index 3aa50cccc2c282..ed867fd96b52c5 100644 --- a/drivers/scsi/scsi.c +++ b/drivers/scsi/scsi.c @@ -273,6 +273,7 @@ struct scsi_cmnd *scsi_get_command(struct scsi_device *dev, gfp_t gfp_mask) cmd->device = dev; INIT_LIST_HEAD(&cmd->list); + INIT_LIST_HEAD(&cmd->eh_entry); INIT_DELAYED_WORK(&cmd->abort_work, scmd_eh_abort_handler); spin_lock_irqsave(&dev->list_lock, flags); list_add_tail(&cmd->list, &dev->cmd_list); diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c index 3183377f951517..40407c6372a344 100644 --- a/drivers/scsi/scsi_error.c +++ b/drivers/scsi/scsi_error.c @@ -118,46 +118,70 @@ scmd_eh_abort_handler(struct work_struct *work) struct scsi_cmnd *scmd = container_of(work, struct scsi_cmnd, abort_work.work); struct scsi_device *sdev = scmd->device; + struct Scsi_Host *shost = sdev->host; int rtn; + unsigned long flags; - if (scsi_host_eh_past_deadline(sdev->host)) { + if (scsi_host_eh_past_deadline(shost)) { SCSI_LOG_ERROR_RECOVERY(3, scmd_printk(KERN_INFO, scmd, "eh timeout, not aborting\n")); - } else { - SCSI_LOG_ERROR_RECOVERY(3, + goto out; + } + + SCSI_LOG_ERROR_RECOVERY(3, scmd_printk(KERN_INFO, scmd, "aborting command\n")); - rtn = scsi_try_to_abort_cmd(sdev->host->hostt, scmd); - if (rtn == SUCCESS) { - set_host_byte(scmd, DID_TIME_OUT); - if (scsi_host_eh_past_deadline(sdev->host)) { - SCSI_LOG_ERROR_RECOVERY(3, - scmd_printk(KERN_INFO, scmd, - "eh timeout, not retrying " - "aborted command\n")); - } else if (!scsi_noretry_cmd(scmd) && - (++scmd->retries <= scmd->allowed)) { - SCSI_LOG_ERROR_RECOVERY(3, - scmd_printk(KERN_WARNING, scmd, - "retry aborted command\n")); - scsi_queue_insert(scmd, SCSI_MLQUEUE_EH_RETRY); - return; - } else { - SCSI_LOG_ERROR_RECOVERY(3, - scmd_printk(KERN_WARNING, scmd, - "finish aborted command\n")); - scsi_finish_command(scmd); - return; - } - } else { - SCSI_LOG_ERROR_RECOVERY(3, - scmd_printk(KERN_INFO, scmd, - "cmd abort %s\n", - (rtn == FAST_IO_FAIL) ? - "not send" : "failed")); - } + rtn = scsi_try_to_abort_cmd(shost->hostt, scmd); + if (rtn != SUCCESS) { + SCSI_LOG_ERROR_RECOVERY(3, + scmd_printk(KERN_INFO, scmd, + "cmd abort %s\n", + (rtn == FAST_IO_FAIL) ? + "not send" : "failed")); + goto out; } + set_host_byte(scmd, DID_TIME_OUT); + if (scsi_host_eh_past_deadline(shost)) { + SCSI_LOG_ERROR_RECOVERY(3, + scmd_printk(KERN_INFO, scmd, + "eh timeout, not retrying " + "aborted command\n")); + goto out; + } + + spin_lock_irqsave(shost->host_lock, flags); + list_del_init(&scmd->eh_entry); + + /* + * If the abort succeeds, and there is no further + * EH action, clear the ->last_reset time. + */ + if (list_empty(&shost->eh_abort_list) && + list_empty(&shost->eh_cmd_q)) + if (shost->eh_deadline != -1) + shost->last_reset = 0; + + spin_unlock_irqrestore(shost->host_lock, flags); + + if (!scsi_noretry_cmd(scmd) && + (++scmd->retries <= scmd->allowed)) { + SCSI_LOG_ERROR_RECOVERY(3, + scmd_printk(KERN_WARNING, scmd, + "retry aborted command\n")); + scsi_queue_insert(scmd, SCSI_MLQUEUE_EH_RETRY); + } else { + SCSI_LOG_ERROR_RECOVERY(3, + scmd_printk(KERN_WARNING, scmd, + "finish aborted command\n")); + scsi_finish_command(scmd); + } + return; + +out: + spin_lock_irqsave(shost->host_lock, flags); + list_del_init(&scmd->eh_entry); + spin_unlock_irqrestore(shost->host_lock, flags); if (!scsi_eh_scmd_add(scmd, 0)) { SCSI_LOG_ERROR_RECOVERY(3, @@ -208,6 +232,8 @@ scsi_abort_command(struct scsi_cmnd *scmd) if (shost->eh_deadline != -1 && !shost->last_reset) shost->last_reset = jiffies; + BUG_ON(!list_empty(&scmd->eh_entry)); + list_add_tail(&scmd->eh_entry, &shost->eh_abort_list); spin_unlock_irqrestore(shost->host_lock, flags); scmd->eh_eflags |= SCSI_EH_ABORT_SCHEDULED; diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index 14a49b32779f32..768f4f9608e574 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -1826,6 +1826,7 @@ static int scsi_mq_prep_fn(struct request *req) cmd->prot_op = SCSI_PROT_NORMAL; INIT_LIST_HEAD(&cmd->list); + INIT_LIST_HEAD(&cmd->eh_entry); INIT_DELAYED_WORK(&cmd->abort_work, scmd_eh_abort_handler); cmd->jiffies_at_alloc = jiffies; diff --git a/include/scsi/scsi_cmnd.h b/include/scsi/scsi_cmnd.h index 02c43dbba2e050..6517e173e1c885 100644 --- a/include/scsi/scsi_cmnd.h +++ b/include/scsi/scsi_cmnd.h @@ -60,7 +60,7 @@ struct scsi_pointer { struct scsi_cmnd { struct scsi_device *device; struct list_head list; /* scsi_cmnd participates in queue lists */ - struct list_head eh_entry; /* entry for the host eh_cmd_q */ + struct list_head eh_entry; /* entry for the host eh_abort_list/eh_cmd_q */ struct delayed_work abort_work; int eh_eflags; /* Used by error handlr */ diff --git a/include/scsi/scsi_host.h b/include/scsi/scsi_host.h index 8efd7d92c5507a..05816fb8513f40 100644 --- a/include/scsi/scsi_host.h +++ b/include/scsi/scsi_host.h @@ -806,8 +806,12 @@ struct Scsi_Host { * The following padding has been inserted before ABI freeze to * allow extending the structure while preserve ABI. */ +#ifndef __GENKSYMS__ + struct list_head eh_abort_list; +#else RH_KABI_RESERVE_P(1) RH_KABI_RESERVE_P(2) +#endif RH_KABI_RESERVE_P(3) RH_KABI_RESERVE_P(4) RH_KABI_RESERVE_P(5) diff --git a/mm/swap_state.c b/mm/swap_state.c index 1604f801e2082a..becfebea15e73e 100644 --- a/mm/swap_state.c +++ b/mm/swap_state.c @@ -40,7 +40,11 @@ struct backing_dev_info swap_backing_dev_info = { struct address_space *swapper_spaces[MAX_SWAPFILES]; static unsigned int nr_swapper_spaces[MAX_SWAPFILES]; +#if defined(CONFIG_PPC64) +bool swap_vma_readahead = false; +#else bool swap_vma_readahead = true; +#endif #define SWAP_RA_WIN_SHIFT (PAGE_SHIFT / 2) #define SWAP_RA_HITS_MASK ((1UL << SWAP_RA_WIN_SHIFT) - 1) @@ -795,6 +799,11 @@ static ssize_t vma_ra_enabled_store(struct kobject *kobj, else return -EINVAL; +#if defined(CONFIG_PPC64) + WARN_ONCE(swap_vma_readahead == true, + "WARNING: Enabling VMA-based swap readahead is not recommended for this platform, " + "please refer to https://access.redhat.com/solutions/5368911 for further details"); +#endif return count; } static struct kobj_attribute vma_ra_enabled_attr = diff --git a/scripts/kernel.spec b/scripts/kernel.spec index aa787d4a14aa9e..af1d0b5a6fe27b 100644 --- a/scripts/kernel.spec +++ b/scripts/kernel.spec @@ -20,10 +20,10 @@ Summary: The Linux kernel %global distro_build 1160 %define rpmversion 3.10.0 -%define pkgrelease 1160.81.1.el7 +%define pkgrelease 1160.83.1.el7 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 1160.81.1%{?dist} +%define specrelease 1160.83.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -1804,6 +1804,21 @@ fi %kernel_variant_files %{with_kdump} kdump %changelog +* Mon Dec 19 2022 Rado Vrbovsky [3.10.0-1160.83.1.el7] +- x86/sme: avoid using __x86_return_thunk (Rafael Aquini) [2122158] +- scsi: core: Simplify control flow in scmd_eh_abort_handler() (Ewan D. Milne) [2128337] +- scsi: core: Avoid leaving shost->last_reset with stale value if EH does not run (Ewan D. Milne) [2128337] +- [netdrv] i40e: Fix freeing of uninitialized misc IRQ vector (Jamie Bainbridge) [2129248] +- x86/speculation: Use generic retpoline by default on AMD (Rafael Aquini) [2062165] {CVE-2021-26401} + +* Thu Dec 08 2022 Rado Vrbovsky [3.10.0-1160.82.1.el7] +- net: usb: ax88179_178a: Fix packet receiving (Jose Ignacio Tornos Martinez) [2120504] {CVE-2022-2964} +- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (Jose Ignacio Tornos Martinez) [2120504] {CVE-2022-2964} +- net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (Jose Ignacio Tornos Martinez) [2120504] {CVE-2022-2964} +- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (Jose Ignacio Tornos Martinez) [2120504] {CVE-2022-2964} +- net: usb: ax88179_178a: fix packet alignment padding (Jose Ignacio Tornos Martinez) [2120504] {CVE-2022-2964} +- mm: swap: disable swap_vma_readahead for PPC64 (Rafael Aquini) [2142455] + * Thu Nov 24 2022 Rado Vrbovsky [3.10.0-1160.81.1.el7] - [netdrv] bnxt: don't lock the tx queue from napi poll (Jamie Bainbridge) [2110869] - [netdrv] bnxt_en: reverse order of TX disable and carrier off (Jamie Bainbridge) [2110869]