Home Home > GIT Browse > vanilla
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Thumshirn <jthumshirn@suse.de>2019-07-30 14:59:51 +0200
committerJohannes Thumshirn <jthumshirn@suse.de>2019-07-30 14:59:51 +0200
commitda7f31961b4a8809b1a484c589c6f4a1eff089b8 (patch)
treef484fe4e9e966e59c24735cc2f78fa4c71130853
parent5efac6463624f050a23a909237368dcbd3488a3d (diff)
parent79fa23458f04571f01a9165ba0a4109ecb4d4fff (diff)
Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4_EMBARGO
Conflicts: series.conf
-rw-r--r--patches.arch/s390-jump_label-replace-stop_machine-with-smp_call_f.patch118
-rw-r--r--patches.fixes/IB-mlx5-Fix-leaking-stack-memory-to-userspace.patch30
-rw-r--r--patches.fixes/s390-zcrypt-fix-wrong-dispatching-for-control-domain-cprbs166
-rw-r--r--series.conf3
4 files changed, 317 insertions, 0 deletions
diff --git a/patches.arch/s390-jump_label-replace-stop_machine-with-smp_call_f.patch b/patches.arch/s390-jump_label-replace-stop_machine-with-smp_call_f.patch
new file mode 100644
index 0000000000..62069c7797
--- /dev/null
+++ b/patches.arch/s390-jump_label-replace-stop_machine-with-smp_call_f.patch
@@ -0,0 +1,118 @@
+From: Heiko Carstens <heiko.carstens@de.ibm.com>
+Subject: kernel: jump label transformation performance
+
+References: bsc#1137534 bsc#1137535 LTC#178058 LTC#178059
+Patch-mainline: v5.3-rc1
+Git-commit: a646ef398e72a2ac40bea974808ffcf1bea4e7f4
+
+Description: kernel: jump label transformation performance
+Symptom: Unresponsive systems together with huge amounts of observable
+ diagnose 0x44 calls.
+Problem: Jump label instruction patching is done in the context of
+ stop_machine_run, which synchronizes all CPUs of a system.
+ If this happens concurrently on many virtual systems and the
+ sum of all virtual CPUs is (significantly) higher than the
+ amount of pyhsical CPUs of the underlying hypervisor, this
+ may lead to long delays, when the kernel tries to synchronize
+ CPUs. In worst case scenarios this can lead to systems which
+ are unresponsive for several minutes.
+Solution: For jump label instruction patching it is not necessary to
+ synchronize all CPUs. Instead the mask bits of the used branch
+ instruction can simply be overwritten. To make the patched
+ instruction visible for all other CPUs in the configuration a
+ subsequent signal processor to all other CPUs is sufficient.
+Reproduction: -
+
+Upstream-Description:
+
+ s390/jump_label: replace stop_machine with smp_call_function
+
+ The use of stop_machine to replace the mask bits of the jump label branch
+ is a very heavy-weight operation. This is in fact not necessary, the
+ mask of the branch can simply be updated, followed by a signal processor
+ to all the other CPUs to force them to pick up the modified instruction.
+
+ Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+ [heiko.carstens@de.ibm.com]: Change jump_label_make_nop() so we get
+ brcl 0,offset instead of brcl 0,0. This
+ makes sure that only the mask part of the
+ instruction gets changed when updated.
+ Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
+
+Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ arch/s390/kernel/jump_label.c | 18 +++++-------------
+ arch/s390/mm/maccess.c | 9 +++++----
+ 2 files changed, 10 insertions(+), 17 deletions(-)
+
+--- a/arch/s390/kernel/jump_label.c
++++ b/arch/s390/kernel/jump_label.c
+@@ -23,9 +23,9 @@ struct insn_args {
+
+ static void jump_label_make_nop(struct jump_entry *entry, struct insn *insn)
+ {
+- /* brcl 0,0 */
++ /* brcl 0,offset */
+ insn->opcode = 0xc004;
+- insn->offset = 0;
++ insn->offset = (entry->target - entry->code) >> 1;
+ }
+
+ static void jump_label_make_branch(struct jump_entry *entry, struct insn *insn)
+@@ -77,23 +77,15 @@ static void __jump_label_transform(struc
+ s390_kernel_write((void *)entry->code, &new, sizeof(new));
+ }
+
+-static int __sm_arch_jump_label_transform(void *data)
++static void __jump_label_sync(void *dummy)
+ {
+- struct insn_args *args = data;
+-
+- __jump_label_transform(args->entry, args->type, 0);
+- return 0;
+ }
+
+ void arch_jump_label_transform(struct jump_entry *entry,
+ enum jump_label_type type)
+ {
+- struct insn_args args;
+-
+- args.entry = entry;
+- args.type = type;
+-
+- stop_machine_cpuslocked(__sm_arch_jump_label_transform, &args, NULL);
++ __jump_label_transform(entry, type, 0);
++ smp_call_function(__jump_label_sync, NULL, 1);
+ }
+
+ void arch_jump_label_transform_static(struct jump_entry *entry,
+--- a/arch/s390/mm/maccess.c
++++ b/arch/s390/mm/maccess.c
+@@ -50,21 +50,22 @@ static notrace long s390_kernel_write_od
+ * Therefore we have a read-modify-write sequence: the function reads eight
+ * bytes from destination at an eight byte boundary, modifies the bytes
+ * requested and writes the result back in a loop.
+- *
+- * Note: this means that this function may not be called concurrently on
+- * several cpus with overlapping words, since this may potentially
+- * cause data corruption.
+ */
++static DEFINE_SPINLOCK(s390_kernel_write_lock);
++
+ void notrace s390_kernel_write(void *dst, const void *src, size_t size)
+ {
++ unsigned long flags;
+ long copied;
+
++ spin_lock_irqsave(&s390_kernel_write_lock, flags);
+ while (size) {
+ copied = s390_kernel_write_odd(dst, src, size);
+ dst += copied;
+ src += copied;
+ size -= copied;
+ }
++ spin_unlock_irqrestore(&s390_kernel_write_lock, flags);
+ }
+
+ static int __memcpy_real(void *dest, void *src, size_t count)
diff --git a/patches.fixes/IB-mlx5-Fix-leaking-stack-memory-to-userspace.patch b/patches.fixes/IB-mlx5-Fix-leaking-stack-memory-to-userspace.patch
new file mode 100644
index 0000000000..b9702b9a5b
--- /dev/null
+++ b/patches.fixes/IB-mlx5-Fix-leaking-stack-memory-to-userspace.patch
@@ -0,0 +1,30 @@
+From: Jason Gunthorpe <jgg@mellanox.com>
+Date: Tue, 14 Aug 2018 15:33:52 -0600
+Subject: IB/mlx5: Fix leaking stack memory to userspace
+Patch-mainline: v4.19-rc1
+Git-commit: 0625b4ba1a5d4703c7fb01c497bd6c156908af00
+References: bsc#1143045 CVE-2018-20855
+
+mlx5_ib_create_qp_resp was never initialized and only the first 4 bytes
+were written.
+
+Fixes: 41d902cb7c32 ("RDMA/mlx5: Fix definition of mlx5_ib_create_qp_resp")
+Cc: <stable@vger.kernel.org>
+Acked-by: Leon Romanovsky <leonro@mellanox.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
+---
+ drivers/infiniband/hw/mlx5/qp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/infiniband/hw/mlx5/qp.c
++++ b/drivers/infiniband/hw/mlx5/qp.c
+@@ -1524,7 +1524,7 @@ static int create_qp_common(struct mlx5_
+ struct mlx5_ib_resources *devr = &dev->devr;
+ int inlen = MLX5_ST_SZ_BYTES(create_qp_in);
+ struct mlx5_core_dev *mdev = dev->mdev;
+- struct mlx5_ib_create_qp_resp resp;
++ struct mlx5_ib_create_qp_resp resp = {};
+ struct mlx5_ib_cq *send_cq;
+ struct mlx5_ib_cq *recv_cq;
+ unsigned long flags;
diff --git a/patches.fixes/s390-zcrypt-fix-wrong-dispatching-for-control-domain-cprbs b/patches.fixes/s390-zcrypt-fix-wrong-dispatching-for-control-domain-cprbs
new file mode 100644
index 0000000000..42dabc7ed9
--- /dev/null
+++ b/patches.fixes/s390-zcrypt-fix-wrong-dispatching-for-control-domain-cprbs
@@ -0,0 +1,166 @@
+From: Harald Freudenberger <freude@linux.ibm.com>
+Date: Tue, 21 May 2019 13:50:09 +0200
+Subject: s390/zcrypt: Fix wrong dispatching for control domain CPRBs
+Git-commit: 7379e652797c0b9b5f6caea1576f2dff9ce6a708
+Patch-mainline: v5.2-rc1
+References: bsc#1137811 LTC#178088
+
+The zcrypt device driver does not handle CPRBs which address
+a control domain correctly. This fix introduces a workaround:
+The domain field of the request CPRB is checked if there is
+a valid domain value in there. If this is true and the value
+is a control only domain (a domain which is enabled in the
+crypto config ADM mask but disabled in the AQM mask) the
+CPRB is forwarded to the default usage domain. If there is
+no default domain, the request is rejected with an ENODEV.
+
+This fix is important for maintaining crypto adapters. For
+example one LPAR can use a crypto adapter domain ('Control
+and Usage') but another LPAR needs to be able to maintain
+this adapter domain ('Control'). Scenarios like this did
+not work properly and the patch enables this.
+
+Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
+Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
+Acked-by: Petr Tesarik <ptesarik@suse.com>
+---
+ arch/s390/include/asm/ap.h | 4 ++--
+ drivers/s390/crypto/ap_bus.c | 28 +++++++++++++++++++++++-----
+ drivers/s390/crypto/ap_bus.h | 3 +++
+ drivers/s390/crypto/zcrypt_api.c | 17 ++++++++++++++---
+ 4 files changed, 42 insertions(+), 10 deletions(-)
+
+--- a/arch/s390/include/asm/ap.h
++++ b/arch/s390/include/asm/ap.h
+@@ -72,8 +72,8 @@ struct ap_config_info {
+ unsigned char Nd; /* max # of Domains - 1 */
+ unsigned char _reserved3[10];
+ unsigned int apm[8]; /* AP ID mask */
+- unsigned int aqm[8]; /* AP queue mask */
+- unsigned int adm[8]; /* AP domain mask */
++ unsigned int aqm[8]; /* AP (usage) queue mask */
++ unsigned int adm[8]; /* AP (control) domain mask */
+ unsigned char _reserved4[16];
+ } __aligned(8);
+
+--- a/drivers/s390/crypto/ap_bus.c
++++ b/drivers/s390/crypto/ap_bus.c
+@@ -256,19 +256,37 @@ static inline int ap_test_config_card_id
+ }
+
+ /*
+- * ap_test_config_domain(): Test, whether an AP usage domain is configured.
++ * ap_test_config_usage_domain(): Test, whether an AP usage domain
++ * is configured.
+ * @domain AP usage domain ID
+ *
+ * Returns 0 if the usage domain is not configured
+ * 1 if the usage domain is configured or
+ * if the configuration information is not available
+ */
+-static inline int ap_test_config_domain(unsigned int domain)
++int ap_test_config_usage_domain(unsigned int domain)
+ {
+ if (!ap_configuration) /* QCI not supported */
+ return domain < 16;
+ return ap_test_config(ap_configuration->aqm, domain);
+ }
++EXPORT_SYMBOL(ap_test_config_usage_domain);
++
++/*
++ * ap_test_config_ctrl_domain(): Test, whether an AP control domain
++ * is configured.
++ * @domain AP control domain ID
++ *
++ * Returns 1 if the control domain is configured
++ * 0 in all other cases
++ */
++int ap_test_config_ctrl_domain(unsigned int domain)
++{
++ if (!ap_configuration) /* QCI not supported */
++ return 0;
++ return ap_test_config(ap_configuration->adm, domain);
++}
++EXPORT_SYMBOL(ap_test_config_ctrl_domain);
+
+ /**
+ * ap_query_queue(): Check if an AP queue is available.
+@@ -960,7 +978,7 @@ static int ap_select_domain(void)
+ best_domain = -1;
+ max_count = 0;
+ for (i = 0; i < AP_DOMAINS; i++) {
+- if (!ap_test_config_domain(i))
++ if (!ap_test_config_usage_domain(i))
+ continue;
+ count = 0;
+ for (j = 0; j < AP_DEVICES; j++) {
+@@ -1056,7 +1074,7 @@ static void ap_scan_bus(struct work_stru
+ (void *)(long) qid,
+ __match_queue_device_with_qid);
+ aq = dev ? to_ap_queue(dev) : NULL;
+- if (!ap_test_config_domain(dom)) {
++ if (!ap_test_config_usage_domain(dom)) {
+ if (dev) {
+ /* Queue device exists but has been
+ * removed from configuration.
+@@ -1150,7 +1168,7 @@ static void ap_reset_all(void)
+ int i, j;
+
+ for (i = 0; i < AP_DOMAINS; i++) {
+- if (!ap_test_config_domain(i))
++ if (!ap_test_config_usage_domain(i))
+ continue;
+ for (j = 0; j < AP_DEVICES; j++) {
+ if (!ap_test_config_card_id(j))
+--- a/drivers/s390/crypto/ap_bus.h
++++ b/drivers/s390/crypto/ap_bus.h
+@@ -251,6 +251,9 @@ void ap_wait(enum ap_wait wait);
+ void ap_request_timeout(unsigned long data);
+ void ap_bus_force_rescan(void);
+
++int ap_test_config_usage_domain(unsigned int domain);
++int ap_test_config_ctrl_domain(unsigned int domain);
++
+ void ap_queue_init_reply(struct ap_queue *aq, struct ap_message *ap_msg);
+ struct ap_queue *ap_queue_create(ap_qid_t qid, int device_type);
+ void ap_queue_remove(struct ap_queue *aq);
+--- a/drivers/s390/crypto/zcrypt_api.c
++++ b/drivers/s390/crypto/zcrypt_api.c
+@@ -381,7 +381,7 @@ long zcrypt_send_cprb(struct ica_xcRB *x
+ struct ap_message ap_msg;
+ unsigned int weight, pref_weight;
+ unsigned int func_code;
+- unsigned short *domain;
++ unsigned short *domain, tdom;
+ int qid = 0, rc = -ENODEV;
+
+ trace_s390_zcrypt_req(xcRB, TB_ZSECSENDCPRB);
+@@ -391,6 +391,17 @@ long zcrypt_send_cprb(struct ica_xcRB *x
+ if (rc)
+ goto out;
+
++ /*
++ * If a valid target domain is set and this domain is NOT a usage
++ * domain but a control only domain, use the default domain as target.
++ */
++ tdom = *domain;
++ if (tdom >= 0 && tdom < AP_DOMAINS &&
++ !ap_test_config_usage_domain(tdom) &&
++ ap_test_config_ctrl_domain(tdom) &&
++ ap_domain_index >= 0)
++ tdom = ap_domain_index;
++
+ pref_zc = NULL;
+ pref_zq = NULL;
+ spin_lock(&zcrypt_list_lock);
+@@ -410,8 +421,8 @@ long zcrypt_send_cprb(struct ica_xcRB *x
+ /* check if device is online and eligible */
+ if (!zq->online ||
+ !zq->ops->send_cprb ||
+- ((*domain != (unsigned short) AUTOSELECT) &&
+- (*domain != AP_QID_QUEUE(zq->queue->qid))))
++ (tdom != (unsigned short) AUTOSELECT &&
++ tdom != AP_QID_QUEUE(zq->queue->qid)))
+ continue;
+ if (zcrypt_queue_compare(zq, pref_zq,
+ weight, pref_weight))
diff --git a/series.conf b/series.conf
index cdb0f70612..283764e763 100644
--- a/series.conf
+++ b/series.conf
@@ -18941,6 +18941,7 @@
patches.drivers/rdma-cxgb4-Remove-a-set-but-not-used-variable.patch
patches.drivers/IB-IPoIB-Set-ah-valid-flag-in-multicast-send-flow.patch
patches.drivers/rdma-cxgb4-fix-some-info-leaks.patch
+ patches.fixes/IB-mlx5-Fix-leaking-stack-memory-to-userspace.patch
patches.fixes/dax-remove-VM_MIXEDMAP-for-fsdax-and-device-dax.patch
patches.fixes/fs-dcache.c-fix-kmemcheck-splat-at-take_dentry_name_.patch
patches.suse/mm-page_alloc-double-zone-s-batchsize.patch
@@ -23004,6 +23005,7 @@
patches.drivers/Staging-vc04_services-Fix-a-couple-error-codes.patch
patches.drivers/staging-vc04_services-prevent-integer-overflow-in-cr.patch
patches.fixes/PCI-PM-Avoid-possible-suspend-to-idle-issue.patch
+ patches.fixes/s390-zcrypt-fix-wrong-dispatching-for-control-domain-cprbs
patches.suse/memcg-make-it-work-on-sparse-non-0-node-systems.patch
patches.suse/kernel-signal.c-trace_signal_deliver-when-signal_gro.patch
patches.fixes/scsi-zfcp-fix-missing-zfcp_port-reference-put-on-ebusy-from-port_remove
@@ -23143,6 +23145,7 @@
patches.drm/drm-amdgpu-gfx9-use-reset-default-for-PA_SC_FIFO_SIZ.patch
patches.fixes/scsi-target-iblock-fix-overrun-in-write-same-emulation
patches.drivers/dmaengine-imx-sdma-remove-BD_INTR-for-channel0.patch
+ patches.arch/s390-jump_label-replace-stop_machine-with-smp_call_f.patch
patches.suse/x86-topology-Add-CPUID.1F-multi-die-package-support.patch
patches.suse/x86-topology-Create-topology_max_die_per_package.patch
patches.suse/cpu-topology-Export-die_id.patch