From 734233561cf5c777fc3d612e9c579f7c4151af10 Mon Sep 17 00:00:00 2001 From: Peng Zhang Date: Fri, 9 Jun 2023 22:31:33 +0800 Subject: [PATCH] Update kernel to v5.10.180 This commit updates kernel to 5.10.180 to fix following CVE issue: CVE-2023-32233: https://nvd.nist.gov/vuln/detail/CVE-2023-32233 CVE-2023-31436: https://nvd.nist.gov/vuln/detail/CVE-2023-31436 CVE-2023-2513: https://nvd.nist.gov/vuln/detail/CVE-2023-2513 CVE-2023-1859: https://nvd.nist.gov/vuln/detail/CVE-2023-1859 CVE-2023-34256: https://nvd.nist.gov/vuln/detail/CVE-2023-34256 One of our source patches requires refresh against the new kernel source. It was deleted for content has been contained in the new kernel: xfs-drop-submit-side-trans-alloc-for-append-ioends.patch Verification: - Build kernel and out of tree modules success for rt and std. - Build iso success for rt and std. - Install success onto a AIO-DX lab with rt kernel. - Boot up successfully in the lab. - The sanity testing was done by our test team and no regression defect was found. - The cyclictest benchmark was also run on the starlingx lab, the result is "samples: 259200000 avg: 1660 max: 10167 99.9999th percentile: 2527 overflows: 0", It is not big difference with 5.10.177 for avg and max. Closes-Bug: 2021927 Change-Id: Ia676889d752715dc404132ed66e2f2ddb7d17d62 Signed-off-by: Peng Zhang --- ...0027-Upgrade-5.10-kernel-to-5.10.180.patch | 30 ++++ kernel-rt/debian/deb_patches/series | 1 + kernel-rt/debian/dl_hook | 2 +- kernel-rt/debian/meta_data.yaml | 8 +- ...t-side-trans-alloc-for-append-ioends.patch | 138 ------------------ kernel-rt/debian/patches/series | 1 - ...0026-Upgrade-5.10-kernel-to-5.10.180.patch | 30 ++++ kernel-std/debian/deb_patches/series | 1 + kernel-std/debian/dl_hook | 2 +- kernel-std/debian/meta_data.yaml | 8 +- ...t-side-trans-alloc-for-append-ioends.patch | 138 ------------------ kernel-std/debian/patches/series | 1 - 12 files changed, 72 insertions(+), 288 deletions(-) create mode 100644 kernel-rt/debian/deb_patches/0027-Upgrade-5.10-kernel-to-5.10.180.patch delete mode 100644 kernel-rt/debian/patches/0035-xfs-drop-submit-side-trans-alloc-for-append-ioends.patch create mode 100644 kernel-std/debian/deb_patches/0026-Upgrade-5.10-kernel-to-5.10.180.patch delete mode 100644 kernel-std/debian/patches/0034-xfs-drop-submit-side-trans-alloc-for-append-ioends.patch diff --git a/kernel-rt/debian/deb_patches/0027-Upgrade-5.10-kernel-to-5.10.180.patch b/kernel-rt/debian/deb_patches/0027-Upgrade-5.10-kernel-to-5.10.180.patch new file mode 100644 index 00000000..d2693cc4 --- /dev/null +++ b/kernel-rt/debian/deb_patches/0027-Upgrade-5.10-kernel-to-5.10.180.patch @@ -0,0 +1,30 @@ +From a926519f62c34dc42ef02a5058e411744688d29e Mon Sep 17 00:00:00 2001 +From: Peng Zhang +Date: Wed, 31 May 2023 06:34:23 +0000 +Subject: [PATCH] Upgrade 5.10 kernel to 5.10.180 + +Update debian/changelog. + +Signed-off-by: Peng Zhang +--- + debian/changelog | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/debian/changelog b/debian/changelog +index 48ba1d8d6..24e7f5a77 100644 +--- a/debian/changelog ++++ b/debian/changelog +@@ -1,3 +1,10 @@ ++linux-rt (5.10.180-1) unstable; urgency=medium ++ ++ * New upstream update: ++ https://git.yoctoproject.org/linux-yocto/log/?h=v5.10%2Fstandard%2Fpreempt-rt%2Fbase&qt=range&q=288dde44f13d9c4e997737c1dfbe4d835d28868e ++ ++ -- Peng Zhang Wed, 31 May 2023 05:52:46 +0000 ++ + linux-rt (5.10.177-1) unstable; urgency=medium + + * New upstream update: +-- +2.30.2 + diff --git a/kernel-rt/debian/deb_patches/series b/kernel-rt/debian/deb_patches/series index bb668420..7f807f39 100644 --- a/kernel-rt/debian/deb_patches/series +++ b/kernel-rt/debian/deb_patches/series @@ -24,3 +24,4 @@ 0024-Fix-badly-formatted-trailer-line.patch 0025-Upgrade-5.10-kernel-to-5.10.177.patch 0026-Disable-unprivileged-eBPF-by-default.patch +0027-Upgrade-5.10-kernel-to-5.10.180.patch diff --git a/kernel-rt/debian/dl_hook b/kernel-rt/debian/dl_hook index 3ebf83ac..efc67af8 100755 --- a/kernel-rt/debian/dl_hook +++ b/kernel-rt/debian/dl_hook @@ -24,7 +24,7 @@ # building. # Tools needed: tar/sed -KERNEL_HEAD_COMMIT=f6146935c0b2cb2d342d8d188e7779c8244883a3 +KERNEL_HEAD_COMMIT=288dde44f13d9c4e997737c1dfbe4d835d28868e DEBIAN_FILE=linux_5.10.28-1.debian.tar.xz tar xvf linux-yocto-${KERNEL_HEAD_COMMIT}.tar.gz diff --git a/kernel-rt/debian/meta_data.yaml b/kernel-rt/debian/meta_data.yaml index 2d2b9ed7..9a3273da 100644 --- a/kernel-rt/debian/meta_data.yaml +++ b/kernel-rt/debian/meta_data.yaml @@ -1,14 +1,14 @@ --- -debver: 5.10.177 +debver: 5.10.180 debname: linux-rt dl_hook: dl_hook dl_files: - linux-yocto-f6146935c0b2cb2d342d8d188e7779c8244883a3.tar.gz: + linux-yocto-288dde44f13d9c4e997737c1dfbe4d835d28868e.tar.gz: topdir: null url: "https://git.yoctoproject.org/linux-yocto/snapshot/\ - linux-yocto-f6146935c0b2cb2d342d8d188e7779c8244883a3.tar.gz" - sha256sum: 42b4ea8c50c83468e1b9370037e2e41247a298e1836a8483255edfe10f7b6194 + linux-yocto-288dde44f13d9c4e997737c1dfbe4d835d28868e.tar.gz" + sha256sum: 3fbf9669adf06002f6febc4edc9087eaba2b284ec84c20896365d74529696951 linux_5.10.28-1.debian.tar.xz: topdir: null url: diff --git a/kernel-rt/debian/patches/0035-xfs-drop-submit-side-trans-alloc-for-append-ioends.patch b/kernel-rt/debian/patches/0035-xfs-drop-submit-side-trans-alloc-for-append-ioends.patch deleted file mode 100644 index 66d7d42f..00000000 --- a/kernel-rt/debian/patches/0035-xfs-drop-submit-side-trans-alloc-for-append-ioends.patch +++ /dev/null @@ -1,138 +0,0 @@ -From 8182ec00803085354761bbadf0287cad7eac0e2f Mon Sep 17 00:00:00 2001 -From: Brian Foster -Date: Fri, 9 Apr 2021 10:27:43 -0700 -Subject: [PATCH 1/4] xfs: drop submit side trans alloc for append ioends - -Per-inode ioend completion batching has a log reservation deadlock -vector between preallocated append transactions and transactions -that are acquired at completion time for other purposes (i.e., -unwritten extent conversion or COW fork remaps). For example, if the -ioend completion workqueue task executes on a batch of ioends that -are sorted such that an append ioend sits at the tail, it's possible -for the outstanding append transaction reservation to block -allocation of transactions required to process preceding ioends in -the list. - -Append ioend completion is historically the common path for on-disk -inode size updates. While file extending writes may have completed -sometime earlier, the on-disk inode size is only updated after -successful writeback completion. These transactions are preallocated -serially from writeback context to mitigate concurrency and -associated log reservation pressure across completions processed by -multi-threaded workqueue tasks. - -However, now that delalloc blocks unconditionally map to unwritten -extents at physical block allocation time, size updates via append -ioends are relatively rare. This means that inode size updates most -commonly occur as part of the preexisting completion time -transaction to convert unwritten extents. As a result, there is no -longer a strong need to preallocate size update transactions. - -Remove the preallocation of inode size update transactions to avoid -the ioend completion processing log reservation deadlock. Instead, -continue to send all potential size extending ioends to workqueue -context for completion and allocate the transaction from that -context. This ensures that no outstanding log reservation is owned -by the ioend completion worker task when it begins to process -ioends. - -Signed-off-by: Brian Foster -Reviewed-by: Christoph Hellwig -Reviewed-by: Darrick J. Wong -Signed-off-by: Darrick J. Wong -[commit 7cd3099f4925d7c15887d1940ebd65acd66100f5 upstream - git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git] -Signed-off-by: Zhixiong Chi ---- - fs/xfs/xfs_aops.c | 45 +++------------------------------------------ - 1 file changed, 3 insertions(+), 42 deletions(-) - -diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c -index b4186d666..60943b28f 100644 ---- a/fs/xfs/xfs_aops.c -+++ b/fs/xfs/xfs_aops.c -@@ -39,33 +39,6 @@ static inline bool xfs_ioend_is_append(struct iomap_ioend *ioend) - XFS_I(ioend->io_inode)->i_d.di_size; - } - --STATIC int --xfs_setfilesize_trans_alloc( -- struct iomap_ioend *ioend) --{ -- struct xfs_mount *mp = XFS_I(ioend->io_inode)->i_mount; -- struct xfs_trans *tp; -- int error; -- -- error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp); -- if (error) -- return error; -- -- ioend->io_private = tp; -- -- /* -- * We may pass freeze protection with a transaction. So tell lockdep -- * we released it. -- */ -- __sb_writers_release(ioend->io_inode->i_sb, SB_FREEZE_FS); -- /* -- * We hand off the transaction to the completion thread now, so -- * clear the flag here. -- */ -- xfs_trans_clear_context(tp); -- return 0; --} -- - /* - * Update on-disk file size now that data has been written to disk. - */ -@@ -182,12 +155,10 @@ xfs_end_ioend( - error = xfs_reflink_end_cow(ip, offset, size); - else if (ioend->io_type == IOMAP_UNWRITTEN) - error = xfs_iomap_write_unwritten(ip, offset, size, false); -- else -- ASSERT(!xfs_ioend_is_append(ioend) || ioend->io_private); - -+ if (!error && xfs_ioend_is_append(ioend)) -+ error = xfs_setfilesize(ip, ioend->io_offset, ioend->io_size); - done: -- if (ioend->io_private) -- error = xfs_setfilesize_ioend(ioend, error); - iomap_finish_ioends(ioend, error); - memalloc_nofs_restore(nofs_flag); - } -@@ -237,7 +208,7 @@ xfs_end_io( - - static inline bool xfs_ioend_needs_workqueue(struct iomap_ioend *ioend) - { -- return ioend->io_private || -+ return xfs_ioend_is_append(ioend) || - ioend->io_type == IOMAP_UNWRITTEN || - (ioend->io_flags & IOMAP_F_SHARED); - } -@@ -250,8 +221,6 @@ xfs_end_bio( - struct xfs_inode *ip = XFS_I(ioend->io_inode); - unsigned long flags; - -- ASSERT(xfs_ioend_needs_workqueue(ioend)); -- - spin_lock_irqsave(&ip->i_ioend_lock, flags); - if (list_empty(&ip->i_ioend_list)) - WARN_ON_ONCE(!queue_work(ip->i_mount->m_unwritten_workqueue, -@@ -501,14 +470,6 @@ xfs_prepare_ioend( - ioend->io_offset, ioend->io_size); - } - -- /* Reserve log space if we might write beyond the on-disk inode size. */ -- if (!status && -- ((ioend->io_flags & IOMAP_F_SHARED) || -- ioend->io_type != IOMAP_UNWRITTEN) && -- xfs_ioend_is_append(ioend) && -- !ioend->io_private) -- status = xfs_setfilesize_trans_alloc(ioend); -- - memalloc_nofs_restore(nofs_flag); - - if (xfs_ioend_needs_workqueue(ioend)) --- -2.34.1 - diff --git a/kernel-rt/debian/patches/series b/kernel-rt/debian/patches/series index 411f646f..6391d91a 100644 --- a/kernel-rt/debian/patches/series +++ b/kernel-rt/debian/patches/series @@ -30,7 +30,6 @@ 0032-KVM-x86-Expose-AVX512_FP16-for-supported-CPUID.patch 0033-tools-headers-cpufeatures-Sync-with-the-kernel-sourc.patch 0034-rcu-Avoid-running-boost-kthreads-on-isolated-CPUs.patch -0035-xfs-drop-submit-side-trans-alloc-for-append-ioends.patch 0036-xfs-open-code-ioend-needs-workqueue-helper.patch 0037-xfs-drop-unused-ioend-private-merge-and-setfilesize-.patch 0038-xfs-drop-unnecessary-setfilesize-helper.patch diff --git a/kernel-std/debian/deb_patches/0026-Upgrade-5.10-kernel-to-5.10.180.patch b/kernel-std/debian/deb_patches/0026-Upgrade-5.10-kernel-to-5.10.180.patch new file mode 100644 index 00000000..7a4d2187 --- /dev/null +++ b/kernel-std/debian/deb_patches/0026-Upgrade-5.10-kernel-to-5.10.180.patch @@ -0,0 +1,30 @@ +From 3a0c32c4f6e0ce759fd2a3f4212713263325f568 Mon Sep 17 00:00:00 2001 +From: Peng Zhang +Date: Wed, 31 May 2023 09:01:46 +0000 +Subject: [PATCH] Upgrade 5.10 kernel to 5.10.180 + +Update debian/changelog. + +Signed-off-by: Peng Zhang +--- + debian/changelog | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/debian/changelog b/debian/changelog +index ba1d52e21..b612904e7 100644 +--- a/debian/changelog ++++ b/debian/changelog +@@ -1,3 +1,10 @@ ++linux (5.10.180-1) unstable; urgency=medium ++ ++ * New upstream update: ++ https://git.yoctoproject.org/linux-yocto/log/?h=v5.10%2Fstandard%2Fbase&qt=range&q=c6515d2a698792220bed8fd39ccbcfec64d1130f ++ ++ -- Peng Zhang Wed, 31 May 2023 08:56:14 +0000 ++ + linux (5.10.177-1) unstable; urgency=medium + + * New upstream update: +-- +2.30.2 + diff --git a/kernel-std/debian/deb_patches/series b/kernel-std/debian/deb_patches/series index 6f42f7a2..6fad83a9 100644 --- a/kernel-std/debian/deb_patches/series +++ b/kernel-std/debian/deb_patches/series @@ -23,3 +23,4 @@ 0023-Fix-badly-formatted-trailer-line.patch 0024-Upgrade-5.10-kernel-to-5.10.177.patch 0025-Disable-unprivileged-eBPF-by-default.patch +0026-Upgrade-5.10-kernel-to-5.10.180.patch diff --git a/kernel-std/debian/dl_hook b/kernel-std/debian/dl_hook index 3d091bfa..9c914b37 100755 --- a/kernel-std/debian/dl_hook +++ b/kernel-std/debian/dl_hook @@ -5,7 +5,7 @@ # be put at the same path where this script is located. # Tools needed: tar -KERNEL_HEAD_COMMIT=cf160f367e3ceb54cde11392a80413b152ca4e15 +KERNEL_HEAD_COMMIT=c6515d2a698792220bed8fd39ccbcfec64d1130f DEBIAN_FILE=linux_5.10.28-1.debian.tar.xz tar xvf linux-yocto-${KERNEL_HEAD_COMMIT}.tar.gz diff --git a/kernel-std/debian/meta_data.yaml b/kernel-std/debian/meta_data.yaml index 7923db4e..27b44e3e 100644 --- a/kernel-std/debian/meta_data.yaml +++ b/kernel-std/debian/meta_data.yaml @@ -1,14 +1,14 @@ --- -debver: 5.10.177 +debver: 5.10.180 debname: linux dl_hook: dl_hook dl_files: - linux-yocto-cf160f367e3ceb54cde11392a80413b152ca4e15.tar.gz: + linux-yocto-c6515d2a698792220bed8fd39ccbcfec64d1130f.tar.gz: topdir: null url: "https://git.yoctoproject.org/linux-yocto/snapshot/\ - linux-yocto-cf160f367e3ceb54cde11392a80413b152ca4e15.tar.gz" - sha256sum: 0529974cb05301f5b330289d47b2896ddb6ecb7dd454b13a45275290c0d8e608 + linux-yocto-c6515d2a698792220bed8fd39ccbcfec64d1130f.tar.gz" + sha256sum: d4e8a5d0b7ffffcf1c3f5c4e7d7132419bbf7a5d98c38e0d07bae5b8d56195d3 linux_5.10.28-1.debian.tar.xz: topdir: null url: diff --git a/kernel-std/debian/patches/0034-xfs-drop-submit-side-trans-alloc-for-append-ioends.patch b/kernel-std/debian/patches/0034-xfs-drop-submit-side-trans-alloc-for-append-ioends.patch deleted file mode 100644 index 66d7d42f..00000000 --- a/kernel-std/debian/patches/0034-xfs-drop-submit-side-trans-alloc-for-append-ioends.patch +++ /dev/null @@ -1,138 +0,0 @@ -From 8182ec00803085354761bbadf0287cad7eac0e2f Mon Sep 17 00:00:00 2001 -From: Brian Foster -Date: Fri, 9 Apr 2021 10:27:43 -0700 -Subject: [PATCH 1/4] xfs: drop submit side trans alloc for append ioends - -Per-inode ioend completion batching has a log reservation deadlock -vector between preallocated append transactions and transactions -that are acquired at completion time for other purposes (i.e., -unwritten extent conversion or COW fork remaps). For example, if the -ioend completion workqueue task executes on a batch of ioends that -are sorted such that an append ioend sits at the tail, it's possible -for the outstanding append transaction reservation to block -allocation of transactions required to process preceding ioends in -the list. - -Append ioend completion is historically the common path for on-disk -inode size updates. While file extending writes may have completed -sometime earlier, the on-disk inode size is only updated after -successful writeback completion. These transactions are preallocated -serially from writeback context to mitigate concurrency and -associated log reservation pressure across completions processed by -multi-threaded workqueue tasks. - -However, now that delalloc blocks unconditionally map to unwritten -extents at physical block allocation time, size updates via append -ioends are relatively rare. This means that inode size updates most -commonly occur as part of the preexisting completion time -transaction to convert unwritten extents. As a result, there is no -longer a strong need to preallocate size update transactions. - -Remove the preallocation of inode size update transactions to avoid -the ioend completion processing log reservation deadlock. Instead, -continue to send all potential size extending ioends to workqueue -context for completion and allocate the transaction from that -context. This ensures that no outstanding log reservation is owned -by the ioend completion worker task when it begins to process -ioends. - -Signed-off-by: Brian Foster -Reviewed-by: Christoph Hellwig -Reviewed-by: Darrick J. Wong -Signed-off-by: Darrick J. Wong -[commit 7cd3099f4925d7c15887d1940ebd65acd66100f5 upstream - git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git] -Signed-off-by: Zhixiong Chi ---- - fs/xfs/xfs_aops.c | 45 +++------------------------------------------ - 1 file changed, 3 insertions(+), 42 deletions(-) - -diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c -index b4186d666..60943b28f 100644 ---- a/fs/xfs/xfs_aops.c -+++ b/fs/xfs/xfs_aops.c -@@ -39,33 +39,6 @@ static inline bool xfs_ioend_is_append(struct iomap_ioend *ioend) - XFS_I(ioend->io_inode)->i_d.di_size; - } - --STATIC int --xfs_setfilesize_trans_alloc( -- struct iomap_ioend *ioend) --{ -- struct xfs_mount *mp = XFS_I(ioend->io_inode)->i_mount; -- struct xfs_trans *tp; -- int error; -- -- error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp); -- if (error) -- return error; -- -- ioend->io_private = tp; -- -- /* -- * We may pass freeze protection with a transaction. So tell lockdep -- * we released it. -- */ -- __sb_writers_release(ioend->io_inode->i_sb, SB_FREEZE_FS); -- /* -- * We hand off the transaction to the completion thread now, so -- * clear the flag here. -- */ -- xfs_trans_clear_context(tp); -- return 0; --} -- - /* - * Update on-disk file size now that data has been written to disk. - */ -@@ -182,12 +155,10 @@ xfs_end_ioend( - error = xfs_reflink_end_cow(ip, offset, size); - else if (ioend->io_type == IOMAP_UNWRITTEN) - error = xfs_iomap_write_unwritten(ip, offset, size, false); -- else -- ASSERT(!xfs_ioend_is_append(ioend) || ioend->io_private); - -+ if (!error && xfs_ioend_is_append(ioend)) -+ error = xfs_setfilesize(ip, ioend->io_offset, ioend->io_size); - done: -- if (ioend->io_private) -- error = xfs_setfilesize_ioend(ioend, error); - iomap_finish_ioends(ioend, error); - memalloc_nofs_restore(nofs_flag); - } -@@ -237,7 +208,7 @@ xfs_end_io( - - static inline bool xfs_ioend_needs_workqueue(struct iomap_ioend *ioend) - { -- return ioend->io_private || -+ return xfs_ioend_is_append(ioend) || - ioend->io_type == IOMAP_UNWRITTEN || - (ioend->io_flags & IOMAP_F_SHARED); - } -@@ -250,8 +221,6 @@ xfs_end_bio( - struct xfs_inode *ip = XFS_I(ioend->io_inode); - unsigned long flags; - -- ASSERT(xfs_ioend_needs_workqueue(ioend)); -- - spin_lock_irqsave(&ip->i_ioend_lock, flags); - if (list_empty(&ip->i_ioend_list)) - WARN_ON_ONCE(!queue_work(ip->i_mount->m_unwritten_workqueue, -@@ -501,14 +470,6 @@ xfs_prepare_ioend( - ioend->io_offset, ioend->io_size); - } - -- /* Reserve log space if we might write beyond the on-disk inode size. */ -- if (!status && -- ((ioend->io_flags & IOMAP_F_SHARED) || -- ioend->io_type != IOMAP_UNWRITTEN) && -- xfs_ioend_is_append(ioend) && -- !ioend->io_private) -- status = xfs_setfilesize_trans_alloc(ioend); -- - memalloc_nofs_restore(nofs_flag); - - if (xfs_ioend_needs_workqueue(ioend)) --- -2.34.1 - diff --git a/kernel-std/debian/patches/series b/kernel-std/debian/patches/series index 46f5ffce..5600d867 100644 --- a/kernel-std/debian/patches/series +++ b/kernel-std/debian/patches/series @@ -29,7 +29,6 @@ 0031-KVM-x86-Expose-AVX512_FP16-for-supported-CPUID.patch 0032-tools-headers-cpufeatures-Sync-with-the-kernel-sourc.patch 0033-rcu-Avoid-running-boost-kthreads-on-isolated-CPUs.patch -0034-xfs-drop-submit-side-trans-alloc-for-append-ioends.patch 0035-xfs-open-code-ioend-needs-workqueue-helper.patch 0036-xfs-drop-unused-ioend-private-merge-and-setfilesize-.patch 0037-xfs-drop-unnecessary-setfilesize-helper.patch