diff --git a/debian.nvidia-bos/changelog b/debian.nvidia-bos/changelog index afcbeefd4ec40..c277060084cc8 100644 --- a/debian.nvidia-bos/changelog +++ b/debian.nvidia-bos/changelog @@ -1,3 +1,238 @@ +linux-nvidia-bos (7.0.0-2006.6) resolute; urgency=medium + + * resolute/linux-nvidia-bos: 7.0.0-2006.6 -proposed tracker (LP: #2153497) + + * Packaging resync (LP: #1786013) + - [Packaging] debian.nvidia-bos/dkms-versions -- update from kernel- + versions (adhoc/d2026.05.20) + + * Add CXL Type-2 device support, RAS error handling, reset, state + save/restore, and interleaving support (LP: #2143032) // CXL: Backport + Type-2, state save/restore, and reset support (LP: #2153819) + - NVIDIA: VR: SAUCE: [Config] CXL config annotations for Type-2 device and + RAS support + - NVIDIA: VR: SAUCE: [Config] Enable CXL DAX and KMEM built-in for CXL + memory access + - NVIDIA: VR: SAUCE: [Config] Add PCI_CXL annotation for CXL state + save/restore + - NVIDIA: VR: SAUCE: PCI: Add CXL DVSEC control, lock, and range register + definitions + - NVIDIA: VR: SAUCE: cxl: Move HDM decoder and register map definitions to + include/cxl/cxl.h + - NVIDIA: VR: SAUCE: PCI: Add virtual extended cap save buffer for CXL + state + - NVIDIA: VR: SAUCE: PCI: Add cxl DVSEC state save/restore across resets + - NVIDIA: VR: SAUCE: PCI: Add HDM decoder state save/restore + - NVIDIA: VR: SAUCE: PCI: Add CXL DVSEC reset and capability register + definitions + - NVIDIA: VR: SAUCE: PCI: Export pci_dev_save_and_disable() and + pci_dev_restore() + - NVIDIA: VR: SAUCE: cxl: Add memory offlining and cache flush helpers + - NVIDIA: VR: SAUCE: cxl: Add multi-function sibling coordination for CXL + reset + - NVIDIA: VR: SAUCE: cxl: Add CXL DVSEC reset sequence and flow + orchestration + - NVIDIA: VR: SAUCE: cxl: Add cxl_reset sysfs interface for PCI devices + - NVIDIA: VR: SAUCE: Documentation: ABI: Add CXL PCI cxl_reset sysfs + attribute + + * CXL: Backport Type-2, state save/restore, and reset support (LP: #2153819) + - cxl: support Type2 when initializing cxl_dev_state + - cxl: export internal structs for external Type2 drivers + - cxl: Move pci generic code from cxl_pci to core/cxl_pci + - cxl/pci: Remove redundant cxl_pci_find_port() call + - NVIDIA: VR: SAUCE: sfc: add cxl support + - NVIDIA: VR: SAUCE: cxl/sfc: Map cxl regs + - NVIDIA: VR: SAUCE: cxl/sfc: Initialize dpa without a mailbox + - NVIDIA: VR: SAUCE: cxl: Prepare memdev creation for type2 + - NVIDIA: VR: SAUCE: sfc: create type2 cxl memdev + - NVIDIA: VR: SAUCE: cxl: attach region to an accelerator/type2 memdev + - NVIDIA: VR: SAUCE: cxl: Avoid dax creation for accelerators + - NVIDIA: VR: SAUCE: sfc: support pio mapping based on cxl + - NVIDIA: VR: SAUCE: dax/hmem: Request cxl_acpi and cxl_pci before walking + Soft Reserved ranges + - NVIDIA: VR: SAUCE: dax/hmem: Gate Soft Reserved deferral on DEV_DAX_CXL + - NVIDIA: VR: SAUCE: cxl/region: Skip decoder reset on detach for + autodiscovered regions + - NVIDIA: VR: SAUCE: dax/cxl, hmem: Initialize hmem early and defer + dax_cxl binding + - NVIDIA: VR: SAUCE: dax: Track all dax_region allocations under a global + resource tree + - NVIDIA: VR: SAUCE: cxl/region: Add helper to check Soft Reserved + containment by CXL regions + - NVIDIA: VR: SAUCE: dax: Add deferred-work helpers for dax_hmem and + dax_cxl coordination + - NVIDIA: VR: SAUCE: dax/hmem, cxl: Defer and resolve ownership of Soft + Reserved memory ranges + - NVIDIA: VR: SAUCE: dax/hmem: Reintroduce Soft Reserved ranges back into + the iomem tree + - NVIDIA: VR: SAUCE: cxl/region: Support multi-level interleaving with + smaller granularities for lower levels + - NVIDIA: SAUCE: Revert "NVIDIA: VR: SAUCE: cxl: add support for cxl + reset" + + * Installer fails internally with a RSync error due to page fault + (LP: #2150640) + - NVIDIA: SAUCE: ovl: keep err zero after successful ovl_cache_get() + + * Refresh series: Allow ATS to be always on for certain ATS-capable devices + (LP: #2150727) + - Revert "NVIDIA: VR: SAUCE: iommu/arm-smmu-v3: Allow ATS to be always on" + - Revert "NVIDIA: VR: SAUCE: PCI: Allow ATS to be always on for non-CXL + NVIDIA GPUs" + - Revert "NVIDIA: VR: SAUCE: PCI: Allow ATS to be always on for CXL.cache + capable devices" + - NVIDIA: VR: SAUCE: PCI: Allow ATS to be always on for CXL.cache capable + devices + - NVIDIA: VR: SAUCE: PCI: Allow ATS to be always on for pre-CXL devices + - NVIDIA: VR: SAUCE: iommu/arm-smmu-v3: Allow ATS to be always on + + * Pull CPPC mailing list patches for Spark (LP: #2131705) + - ACPI: CPPC: Add cppc_get_perf() API to read performance controls + - ACPI: CPPC: Warn on missing mandatory DESIRED_PERF register + - ACPI: CPPC: Extend cppc_set_epp_perf() for FFH/SystemMemory + - cpufreq: CPPC: Update cached perf_ctrls on sysfs write + - cpufreq: cppc: Update MIN_PERF/MAX_PERF in target callbacks + - ACPI: CPPC: add APIs and sysfs interface for perf_limited + - cpufreq: CPPC: Add sysfs documentation for perf_limited + - ACPI: CPPC: Move reference performance to capabilities + - ACPI: CPPC: Fix uninitialized ref variable in cppc_get_perf_caps() + - ACPI: CPPC: Check cpc_read() return values consistently + - cpufreq: Remove max_freq_req update for pre-existing policy + - cpufreq: Add boost_freq_req QoS request + - cpufreq: Allocate QoS freq_req objects with policy + - cpufreq/amd-pstate: Cache the max frequency in cpudata + - NVIDIA: SAUCE: cpufreq: Extract cpufreq_policy_init_qos() function + - NVIDIA: SAUCE: cpufreq: Set default policy->min/max values for all + drivers + - NVIDIA: SAUCE: cpufreq: Remove driver default policy->min/max init + - NVIDIA: SAUCE: cpufreq: Use policy->min/max init as QoS request + - NVIDIA: SAUCE: cpufreq: CPPC: add autonomous mode boot parameter support + + * Backport Vera PMU support (LP: #2149756) + - Revert "NVIDIA: VR: SAUCE: perf vendor events arm64: Add Tegra410 + Olympus PMU events" + - Revert "NVIDIA: VR: SAUCE: perf: add NVIDIA Tegra410 C2C PMU" + - Revert "NVIDIA: VR: SAUCE: perf: add NVIDIA Tegra410 CPU Memory Latency + PMU" + - Revert "NVIDIA: VR: SAUCE: perf/arm_cspmu: nvidia: Add Tegra410 PCIE-TGT + PMU" + - Revert "NVIDIA: VR: SAUCE: perf/arm_cspmu: nvidia: Add Tegra410 PCIE + PMU" + - Revert "NVIDIA: VR: SAUCE: perf/arm_cspmu: Add arm_cspmu_acpi_dev_get" + - Revert "NVIDIA: VR: SAUCE: perf/arm_cspmu: nvidia: Add Tegra410 UCF PMU" + - Revert "NVIDIA: VR: SAUCE: perf/arm_cspmu: nvidia: Rename doc to + Tegra241" + - perf/arm_cspmu: nvidia: Rename doc to Tegra241 + - perf/arm_cspmu: nvidia: Add Tegra410 UCF PMU + - perf/arm_cspmu: Add arm_cspmu_acpi_dev_get + - perf/arm_cspmu: nvidia: Add Tegra410 PCIE PMU + - perf/arm_cspmu: nvidia: Add Tegra410 PCIE-TGT PMU + - perf: add NVIDIA Tegra410 CPU Memory Latency PMU + - perf: add NVIDIA Tegra410 C2C PMU + - perf vendor events arm64: Add Tegra410 Olympus PMU events + - NVIDIA: VR: SAUCE: perf/arm_pmu: Skip PMCCNTR_EL0 on NVIDIA Olympus + + * Backport lan743x driver patches (LP: #2152064) + - net: microchip: lan743x: add ethtool nway_reset support + - net: lan743x: fix SGMII detection on PCI1xxxx B0+ during warm reset + - net: lan743x: rename chip_rev to fpga_rev + + * Backport SMT-aware asymmetric CPU capacity idle selection (LP: #2150671) + - NVIDIA: VR: SAUCE: sched/fair: Attach sched_domain_shared to + sd_asym_cpucapacity + - NVIDIA: VR: SAUCE: sched/fair: Prefer fully-idle SMT cores in asym- + capacity idle selection + - NVIDIA: VR: SAUCE: sched/fair: Reject misfit pulls onto busy SMT + siblings on asym-capacity + - NVIDIA: VR: SAUCE: sched/fair: Add SIS_UTIL support to + select_idle_capacity() + + * Forward-port of the full Arm Live Firmware Activation (LFA) v2 series + (LP: #2150652) + - Revert "NVIDIA: VR: SAUCE: firmware: smccc: register as platform driver" + - Revert "NVIDIA: VR: SAUCE: firmware: smccc: add timeout, touch wdt" + - Revert "NVIDIA: VR: SAUCE: firmware: smccc: add support for Live + Firmware Activation (LFA)" + - NVIDIA: VR: SAUCE: dt-bindings: arm: Add Live Firmware Activation + binding + - NVIDIA: VR: SAUCE: firmware: smccc: Add support for Live Firmware + Activation (LFA) + - NVIDIA: VR: SAUCE: firmware: smccc: lfa: Move image rescanning + - NVIDIA: VR: SAUCE: firmware: smccc: lfa: Add timeout and trigger + watchdog + - NVIDIA: VR: SAUCE: firmware: smccc: lfa: Register ACPI notification + - NVIDIA: VR: SAUCE: firmware: smccc: lfa: Add auto_activate sysfs file + - NVIDIA: VR: SAUCE: firmware: smccc: lfa: Register DT interrupt + - NVIDIA: VR: SAUCE: firmware: smccc: lfa: introduce SMC access lock + - NVIDIA: VR: SAUCE: firmware: smccc: lfa: handle LFA_BUSY in PRIME and + ACTIVATE + - NVIDIA: VR: SAUCE: firmware: smccc: lfa: Emit a uevent on inventory + updates + + * Introduce a sharded cache affinity scope (LP: #2150467) + - workqueue: fix parse_affn_scope() prefix matching bug + - workqueue: fix typo in WQ_AFFN_SMT comment + - workqueue: add WQ_AFFN_CACHE_SHARD affinity scope + - workqueue: set WQ_AFFN_CACHE_SHARD as the default affinity scope + - tools/workqueue: add CACHE_SHARD support to wq_dump.py + - workqueue: add test_workqueue benchmark module + - docs: workqueue: document WQ_AFFN_CACHE_SHARD affinity scope + - workqueue: avoid unguarded 64-bit division + - workqueue: validate cpumask_first() result in + llc_populate_cpu_shard_id() + - [Config] nvidia: Defaults for CONFIG_TEST_WORKQUEUE + + * UBUNTU: [Config] nvidia: Disable default CMA reservation (LP: #2150898) + - [Config] nvidia: Disable default CMA reservation + + * Backport Use device ID range for DGX Spark iGPU (LP: #2150487) + - NVIDIA: SAUCE: iommu/arm-smmu-v3: Use device ID range for DGX Spark iGPU + iommu quirk + + * Backport NVIDIA: SAUCE: iommu/arm-smmu-v3: Use identity domain for ASPEED + BMC devices (LP: #2150470) + - NVIDIA: SAUCE: iommu/arm-smmu-v3: Use identity domain for ASPEED BMC + devices + + * Update GDS/NVMe SAUCE for v6.17 (LP: #2134960) // [linux-nvidia-7.0]: + Forward-port GDS/NVFS content (LP: #2150289) + - NVIDIA: SAUCE: Patch NVMe/NVMeoF driver to support GDS on Linux 7.0 + Kernel + + * Backport Set LED_HW_PLUGGABLE for NPEM and fix class init ordering issue + of CXL/fwctl (LP: #2149918) + - PCI/NPEM: Set LED_HW_PLUGGABLE for hotplug-capable ports + - fwctl: Fix class init ordering to avoid NULL pointer dereference on + device removal + + * gpio: tegra186: Simplify GPIO line name prefix and support multi-socket + devices (LP: #2148664) + - gpio: tegra186: Simplify GPIO line name prefix handling + - gpio: tegra186: Support multi-socket devices + - Revert "NVIDIA: SAUCE: serial: 8250_mtk: Add ACPI support" + - NVIDIA: SAUCE: MEDIATEK: serial: 8250_mtk: Add ACPI support + + * fix r8169 vs r8127 contention for Spark (LP: #2144345) + - NVIDIA: SAUCE: r8169: remove PCI IDs claimed by r8127 driver + + * Backport of the vfio/nvgrace-gpu Blackwell-Next GPU readiness check (v3) + from LKML to 26.04_linux-nvidia. (LP: #2148701) + - NVIDIA: SAUCE: vfio/nvgrace-gpu: Add Blackwell-Next GPU readiness check + via CXL DVSEC + + [ Ubuntu: 7.0.0-15.15 ] + + * resolute/linux: 7.0.0-15.15 -proposed tracker (LP: #2148866) + * Qualcomm X1E: Speaker overdrive causes hardware protection shutdown + (LP: #2149808) + - SAUCE: ASoC: qcom: x1e80100: limit speaker volumes + * intel-ipu7 / intel-ipu7-isys modules are shipped unsigned in latest + Resolute kernels, breaking Secure Boot systems (LP: #2148718) + - [packaging] add intel-ipu7 to signature inclusion list + + -- Jacob Martin Thu, 21 May 2026 16:29:40 -0500 + linux-nvidia-bos (7.0.0-2005.5) resolute; urgency=medium * resolute/linux-nvidia-bos: 7.0.0-2005.5 -proposed tracker (LP: #2148362) diff --git a/debian.nvidia-bos/config/annotations b/debian.nvidia-bos/config/annotations index 854c543bb2a1c..562d154cdd155 100644 --- a/debian.nvidia-bos/config/annotations +++ b/debian.nvidia-bos/config/annotations @@ -45,9 +45,6 @@ CONFIG_ARM64_WORKAROUND_TRBE_OVERWRITE_FILL_MODE note<'Required for Grace enable CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE policy<{'arm64': 'y'}> CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE note<'Required for Grace enablement'> -CONFIG_CACHEMAINT_FOR_HOTPLUG policy<{'amd64': '-', 'arm64': 'n'}> -CONFIG_CACHEMAINT_FOR_HOTPLUG note<'Optional HiSilicon HHA cache maintenance driver; depends on GENERIC_CPU_CACHE_MAINTENANCE; not needed for NVIDIA platforms'> - CONFIG_ARM_FFA_TRANSPORT policy<{'arm64': 'y'}> CONFIG_ARM_FFA_TRANSPORT note<'LP: #2111511'> @@ -57,6 +54,9 @@ CONFIG_ARM_LFA note<'LP: #2138342'> CONFIG_ARM_SMMU_V3_IOMMUFD policy<{'arm64': 'y'}> CONFIG_ARM_SMMU_V3_IOMMUFD note<'LP: #2095028'> +CONFIG_CACHEMAINT_FOR_HOTPLUG policy<{'amd64': '-', 'arm64': 'n'}> +CONFIG_CACHEMAINT_FOR_HOTPLUG note<'Optional HiSilicon HHA cache maintenance driver; depends on GENERIC_CPU_CACHE_MAINTENANCE; not needed for NVIDIA platforms'> + CONFIG_CMA_SIZE_MBYTES policy<{'amd64': '0', 'arm64': '0'}> CONFIG_CMA_SIZE_MBYTES note<'LP: #2150898'> @@ -141,6 +141,15 @@ CONFIG_CXL_PORT note<'Required for CXL port enum CONFIG_CXL_RAS policy<{'amd64': 'y', 'arm64': 'y'}> CONFIG_CXL_RAS note<'New def_bool replacing PCIEAER_CXL; auto-enabled with ACPI_APEI_GHES+PCIEAER+CXL_BUS; CXL RAS error handling support'> +CONFIG_DEV_DAX policy<{'amd64': 'y', 'arm64': 'y'}> +CONFIG_DEV_DAX note<'Override debian.master m-'> + +CONFIG_DEV_DAX_CXL policy<{'amd64': 'y', 'arm64': 'y'}> +CONFIG_DEV_DAX_CXL note<'Override debian.master m-'> + +CONFIG_DEV_DAX_KMEM policy<{'amd64': 'y', 'arm64': 'y'}> +CONFIG_DEV_DAX_KMEM note<'Override debian.master m-'> + CONFIG_DRM_NOUVEAU policy<{'amd64': 'n', 'arm64': 'n'}> CONFIG_DRM_NOUVEAU note<'Disable nouveau for NVIDIA kernels'> @@ -213,9 +222,6 @@ CONFIG_NOUVEAU_PLATFORM_DRIVER note<'Disable nouveau for NVIDIA CONFIG_NR_CPUS policy<{'amd64': '8192', 'arm64': '512'}> CONFIG_NR_CPUS note<'LP: #1864198'> -CONFIG_PCIEAER_CXL policy<{'amd64': '-', 'arm64': '-'}> -CONFIG_PCIEAER_CXL note<'Removed by commit d18f1b7beadf (PCI/AER: Replace PCIEAER_CXL symbol with CXL_RAS)'> - CONFIG_NVGRACE_EGM policy<{'arm64': 'm'}> CONFIG_NVGRACE_EGM note<'LP: #2119656'> @@ -228,6 +234,12 @@ CONFIG_NVIDIA_TEGRA410_C2C_PMU note<'LP: #2139315'> CONFIG_NVIDIA_TEGRA410_CMEM_LATENCY_PMU policy<{'arm64': 'm'}> CONFIG_NVIDIA_TEGRA410_CMEM_LATENCY_PMU note<'LP: #2139315'> +CONFIG_PCIEAER_CXL policy<{'amd64': '-', 'arm64': '-'}> +CONFIG_PCIEAER_CXL note<'Removed by commit d18f1b7beadf (PCI/AER: Replace PCIEAER_CXL symbol with CXL_RAS)'> + +CONFIG_PCI_CXL policy<{'amd64': 'y', 'arm64': 'y'}> +CONFIG_PCI_CXL note<'Hidden bool; auto-enabled by CXL_BUS; PCI core CXL DVSEC and HDM state save/restore support'> + CONFIG_PID_IN_CONTEXTIDR policy<{'arm64': 'y'}> CONFIG_PID_IN_CONTEXTIDR note<'Required for Grace enablement'> @@ -264,18 +276,6 @@ CONFIG_UBUNTU_ODM_DRIVERS note<'Disable all Ubuntu ODM dri CONFIG_ULTRASOC_SMB policy<{'arm64': 'n'}> CONFIG_ULTRASOC_SMB note<'Required for Grace enablement'> -CONFIG_DEV_DAX policy<{'amd64': 'y', 'arm64': 'y'}> -CONFIG_DEV_DAX note<'Override debian.master m->y; required built-in for DEV_DAX_CXL=y'> - -CONFIG_DEV_DAX_CXL policy<{'amd64': 'y', 'arm64': 'y'}> -CONFIG_DEV_DAX_CXL note<'Override debian.master m->y; CXL RAM region DAX access; depends on CXL_BUS+CXL_REGION+DEV_DAX'> - -CONFIG_DEV_DAX_KMEM policy<{'amd64': 'y', 'arm64': 'y'}> -CONFIG_DEV_DAX_KMEM note<'Override debian.master m->y; map CXL DAX devices as System-RAM'> - -CONFIG_PCI_CXL policy<{'amd64': 'y', 'arm64': 'y'}> -CONFIG_PCI_CXL note<'Hidden bool; auto-enabled by CXL_BUS; PCI core CXL DVSEC and HDM state save/restore support'> - CONFIG_VFIO_CONTAINER policy<{'amd64': 'y', 'arm64': 'n'}> CONFIG_VFIO_CONTAINER note<'LP: #2095028'> @@ -286,4 +286,5 @@ CONFIG_VFIO_IOMMU_TYPE1 note<'LP: #2095028'> # ---- Annotations without notes ---- CONFIG_BCH policy<{'amd64': 'm', 'arm64': 'y'}> +CONFIG_HISI_SOC_HHA policy<{'arm64': '-'}> CONFIG_MTD_NAND_CORE policy<{'amd64': 'm', 'arm64': 'y'}> diff --git a/debian.nvidia-bos/dkms-versions b/debian.nvidia-bos/dkms-versions index fd8e9c633b136..4f3033658247c 100644 --- a/debian.nvidia-bos/dkms-versions +++ b/debian.nvidia-bos/dkms-versions @@ -1,2 +1,3 @@ -zfs-linux 2.4.1-1ubuntu1 modulename=zfs debpath=pool/universe/z/%package%/zfs-dkms_%version%_all.deb arch=amd64 arch=arm64 arch=ppc64el arch=riscv64 arch=s390x rprovides=spl-modules rprovides=spl-dkms rprovides=zfs-modules rprovides=zfs-dkms off_series=true +zfs-linux 2.4.1-1ubuntu5 modulename=zfs debpath=pool/universe/z/%package%/zfs-dkms_%version%_all.deb arch=amd64 arch=arm64 arch=ppc64el arch=riscv64 arch=s390x rprovides=spl-modules rprovides=spl-dkms rprovides=zfs-modules rprovides=zfs-dkms off_series=true v4l2loopback 0.15.3-1ubuntu2 modulename=v4l2loopback debpath=pool/universe/v/%package%/v4l2loopback-dkms_%version%_all.deb arch=amd64 rprovides=v4l2loopback-modules rprovides=v4l2loopback-dkms off_series=true +nvidia-fs 2.28.4-1 modulename=nvidia-fs debpath=pool/universe/n/%package%/nvidia-fs-dkms_%version%_amd64.deb arch=amd64 arch=arm64 rprovides=nvidia-fs-modules rprovides=nvidia-fs-dkms type=standalone diff --git a/debian.nvidia-bos/tracking-bug b/debian.nvidia-bos/tracking-bug index 445d5824e700a..572c4a12d5dcf 100644 --- a/debian.nvidia-bos/tracking-bug +++ b/debian.nvidia-bos/tracking-bug @@ -1 +1 @@ -2148362 d2026.04.13-1 +2153497 d2026.05.20-1 diff --git a/include/linux/sched.h b/include/linux/sched.h index 5a5d3dbc9cdf3..9d4fb641a6c1d 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -998,6 +998,9 @@ struct task_struct { unsigned sched_rt_mutex:1; #endif + /* Save user-dumpable when mm goes away */ + unsigned user_dumpable:1; + /* Bit to tell TOMOYO we're in execve(): */ unsigned in_execve:1; unsigned in_iowait:1; diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h index 578b8038b2117..8d77828b75155 100644 --- a/include/trace/events/rxrpc.h +++ b/include/trace/events/rxrpc.h @@ -161,8 +161,6 @@ E_(rxrpc_call_poke_timer_now, "Timer-now") #define rxrpc_skb_traces \ - EM(rxrpc_skb_eaten_by_unshare, "ETN unshare ") \ - EM(rxrpc_skb_eaten_by_unshare_nomem, "ETN unshar-nm") \ EM(rxrpc_skb_get_call_rx, "GET call-rx ") \ EM(rxrpc_skb_get_conn_secured, "GET conn-secd") \ EM(rxrpc_skb_get_conn_work, "GET conn-work") \ @@ -189,6 +187,7 @@ EM(rxrpc_skb_put_purge, "PUT purge ") \ EM(rxrpc_skb_put_purge_oob, "PUT purge-oob") \ EM(rxrpc_skb_put_response, "PUT response ") \ + EM(rxrpc_skb_put_response_copy, "PUT resp-cpy ") \ EM(rxrpc_skb_put_rotate, "PUT rotate ") \ EM(rxrpc_skb_put_unknown, "PUT unknown ") \ EM(rxrpc_skb_see_conn_work, "SEE conn-work") \ @@ -197,6 +196,7 @@ EM(rxrpc_skb_see_recvmsg_oob, "SEE recvm-oob") \ EM(rxrpc_skb_see_reject, "SEE reject ") \ EM(rxrpc_skb_see_rotate, "SEE rotate ") \ + EM(rxrpc_skb_see_unshare_nomem, "SEE unshar-nm") \ E_(rxrpc_skb_see_version, "SEE version ") #define rxrpc_local_traces \ diff --git a/kernel/exit.c b/kernel/exit.c index ede3117fa7d41..bbb44fd3ffba2 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -571,6 +571,7 @@ static void exit_mm(void) */ smp_mb__after_spinlock(); local_irq_disable(); + current->user_dumpable = (get_dumpable(mm) == SUID_DUMP_USER); current->mm = NULL; membarrier_update_current_mm(NULL); enter_lazy_tlb(mm, current); diff --git a/kernel/ptrace.c b/kernel/ptrace.c index 392ec2f75f013..0e3ab697cff5c 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c @@ -272,11 +272,24 @@ static bool ptrace_has_cap(struct user_namespace *ns, unsigned int mode) return ns_capable(ns, CAP_SYS_PTRACE); } +static bool task_still_dumpable(struct task_struct *task, unsigned int mode) +{ + struct mm_struct *mm = task->mm; + if (mm) { + if (get_dumpable(mm) == SUID_DUMP_USER) + return true; + return ptrace_has_cap(mm->user_ns, mode); + } + + if (task->user_dumpable) + return true; + return ptrace_has_cap(&init_user_ns, mode); +} + /* Returns 0 on success, -errno on denial. */ static int __ptrace_may_access(struct task_struct *task, unsigned int mode) { const struct cred *cred = current_cred(), *tcred; - struct mm_struct *mm; kuid_t caller_uid; kgid_t caller_gid; @@ -337,11 +350,8 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode) * Pairs with a write barrier in commit_creds(). */ smp_rmb(); - mm = task->mm; - if (mm && - ((get_dumpable(mm) != SUID_DUMP_USER) && - !ptrace_has_cap(mm->user_ns, mode))) - return -EPERM; + if (!task_still_dumpable(task, mode)) + return -EPERM; return security_ptrace_access_check(task, mode); } diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 6dfc0bcdef654..6a5febbdbee49 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c @@ -873,7 +873,8 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) nfrags = 1; goto skip_cow; - } else if (!skb_has_frag_list(skb)) { + } else if (!skb_has_frag_list(skb) && + !skb_has_shared_frag(skb)) { nfrags = skb_shinfo(skb)->nr_frags; nfrags++; diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index e4790cc7b5c2e..5bcd73cbdb41c 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c @@ -1233,6 +1233,8 @@ static int __ip_append_data(struct sock *sk, if (err < 0) goto error; copy = err; + if (!(flags & MSG_NO_SHARED_FRAGS)) + skb_shinfo(skb)->flags |= SKBFL_SHARED_FRAG; wmem_alloc_delta += copy; } else if (!zc) { int i = skb_shinfo(skb)->nr_frags; diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 9f75313734f8c..9c06c5a1419dc 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c @@ -915,7 +915,8 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) nfrags = 1; goto skip_cow; - } else if (!skb_has_frag_list(skb)) { + } else if (!skb_has_frag_list(skb) && + !skb_has_shared_frag(skb)) { nfrags = skb_shinfo(skb)->nr_frags; nfrags++; diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 8e2a6b28cea7a..3f14e363c96e2 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1765,6 +1765,8 @@ static int __ip6_append_data(struct sock *sk, if (err < 0) goto error; copy = err; + if (!(flags & MSG_NO_SHARED_FRAGS)) + skb_shinfo(skb)->flags |= SKBFL_SHARED_FRAG; wmem_alloc_delta += copy; } else if (!zc) { int i = skb_shinfo(skb)->nr_frags; diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h index 96ecb83c90715..27c2aa2dd023c 100644 --- a/net/rxrpc/ar-internal.h +++ b/net/rxrpc/ar-internal.h @@ -1486,7 +1486,6 @@ int rxrpc_server_keyring(struct rxrpc_sock *, sockptr_t, int); void rxrpc_kernel_data_consumed(struct rxrpc_call *, struct sk_buff *); void rxrpc_new_skb(struct sk_buff *, enum rxrpc_skb_trace); void rxrpc_see_skb(struct sk_buff *, enum rxrpc_skb_trace); -void rxrpc_eaten_skb(struct sk_buff *, enum rxrpc_skb_trace); void rxrpc_get_skb(struct sk_buff *, enum rxrpc_skb_trace); void rxrpc_free_skb(struct sk_buff *, enum rxrpc_skb_trace); void rxrpc_purge_queue(struct sk_buff_head *); diff --git a/net/rxrpc/call_event.c b/net/rxrpc/call_event.c index fec59d9338b9f..2b19b252225e5 100644 --- a/net/rxrpc/call_event.c +++ b/net/rxrpc/call_event.c @@ -332,7 +332,27 @@ bool rxrpc_input_call_event(struct rxrpc_call *call) saw_ack |= sp->hdr.type == RXRPC_PACKET_TYPE_ACK; - rxrpc_input_call_packet(call, skb); + if (sp->hdr.type == RXRPC_PACKET_TYPE_DATA && + sp->hdr.securityIndex != 0 && + (skb_cloned(skb) || + skb_has_frag_list(skb) || + skb_has_shared_frag(skb))) { + /* Unshare the packet so that it can be + * modified by in-place decryption. + */ + struct sk_buff *nskb = skb_copy(skb, GFP_ATOMIC); + + if (nskb) { + rxrpc_new_skb(nskb, rxrpc_skb_new_unshared); + rxrpc_input_call_packet(call, nskb); + rxrpc_free_skb(nskb, rxrpc_skb_put_call_rx); + } else { + /* OOM - Drop the packet. */ + rxrpc_see_skb(skb, rxrpc_skb_see_unshare_nomem); + } + } else { + rxrpc_input_call_packet(call, skb); + } rxrpc_free_skb(skb, rxrpc_skb_put_call_rx); did_receive = true; } diff --git a/net/rxrpc/conn_event.c b/net/rxrpc/conn_event.c index 9a41ec708aeb9..b582ad91d610a 100644 --- a/net/rxrpc/conn_event.c +++ b/net/rxrpc/conn_event.c @@ -240,6 +240,34 @@ static void rxrpc_call_is_secure(struct rxrpc_call *call) rxrpc_notify_socket(call); } +static int rxrpc_verify_response(struct rxrpc_connection *conn, + struct sk_buff *skb) +{ + int ret; + + if (skb_cloned(skb) || skb_has_frag_list(skb) || + skb_has_shared_frag(skb)) { + /* Copy the packet if shared so that we can do in-place + * decryption. + */ + struct sk_buff *nskb = skb_copy(skb, GFP_NOFS); + + if (nskb) { + rxrpc_new_skb(nskb, rxrpc_skb_new_unshared); + ret = conn->security->verify_response(conn, nskb); + rxrpc_free_skb(nskb, rxrpc_skb_put_response_copy); + } else { + /* OOM - Drop the packet. */ + rxrpc_see_skb(skb, rxrpc_skb_see_unshare_nomem); + ret = -ENOMEM; + } + } else { + ret = conn->security->verify_response(conn, skb); + } + + return ret; +} + /* * connection-level Rx packet processor */ @@ -270,7 +298,7 @@ static int rxrpc_process_event(struct rxrpc_connection *conn, } spin_unlock_irq(&conn->state_lock); - ret = conn->security->verify_response(conn, skb); + ret = rxrpc_verify_response(conn, skb); if (ret < 0) return ret; diff --git a/net/rxrpc/io_thread.c b/net/rxrpc/io_thread.c index 6979569319252..dc5184a2fa9d1 100644 --- a/net/rxrpc/io_thread.c +++ b/net/rxrpc/io_thread.c @@ -192,13 +192,12 @@ static bool rxrpc_extract_abort(struct sk_buff *skb) /* * Process packets received on the local endpoint */ -static bool rxrpc_input_packet(struct rxrpc_local *local, struct sk_buff **_skb) +static bool rxrpc_input_packet(struct rxrpc_local *local, struct sk_buff *skb) { struct rxrpc_connection *conn; struct sockaddr_rxrpc peer_srx; struct rxrpc_skb_priv *sp; struct rxrpc_peer *peer = NULL; - struct sk_buff *skb = *_skb; bool ret = false; skb_pull(skb, sizeof(struct udphdr)); @@ -244,25 +243,6 @@ static bool rxrpc_input_packet(struct rxrpc_local *local, struct sk_buff **_skb) return rxrpc_bad_message(skb, rxrpc_badmsg_zero_call); if (sp->hdr.seq == 0) return rxrpc_bad_message(skb, rxrpc_badmsg_zero_seq); - - /* Unshare the packet so that it can be modified for in-place - * decryption. - */ - if (sp->hdr.securityIndex != 0) { - skb = skb_unshare(skb, GFP_ATOMIC); - if (!skb) { - rxrpc_eaten_skb(*_skb, rxrpc_skb_eaten_by_unshare_nomem); - *_skb = NULL; - return just_discard; - } - - if (skb != *_skb) { - rxrpc_eaten_skb(*_skb, rxrpc_skb_eaten_by_unshare); - *_skb = skb; - rxrpc_new_skb(skb, rxrpc_skb_new_unshared); - sp = rxrpc_skb(skb); - } - } break; case RXRPC_PACKET_TYPE_CHALLENGE: @@ -494,7 +474,7 @@ int rxrpc_io_thread(void *data) switch (skb->mark) { case RXRPC_SKB_MARK_PACKET: skb->priority = 0; - if (!rxrpc_input_packet(local, &skb)) + if (!rxrpc_input_packet(local, skb)) rxrpc_reject_packet(local, skb); trace_rxrpc_rx_done(skb->mark, skb->priority); rxrpc_free_skb(skb, rxrpc_skb_put_input); diff --git a/net/rxrpc/skbuff.c b/net/rxrpc/skbuff.c index 3bcd6ee803960..e2169d1a14b5f 100644 --- a/net/rxrpc/skbuff.c +++ b/net/rxrpc/skbuff.c @@ -46,15 +46,6 @@ void rxrpc_get_skb(struct sk_buff *skb, enum rxrpc_skb_trace why) skb_get(skb); } -/* - * Note the dropping of a ref on a socket buffer by the core. - */ -void rxrpc_eaten_skb(struct sk_buff *skb, enum rxrpc_skb_trace why) -{ - int n = atomic_inc_return(&rxrpc_n_rx_skbs); - trace_rxrpc_skb(skb, 0, n, why); -} - /* * Note the destruction of a socket buffer. */