Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Thumshirn <jthumshirn@suse.de>2019-09-17 13:34:50 +0200
committerJohannes Thumshirn <jthumshirn@suse.de>2019-09-17 13:34:50 +0200
commitcb6d00206bcfcd5eeb21716b72432b30be78f261 (patch)
tree65e87cf3ee1c8aec509e80e15ecde3a4d0b46a56
parent3f65d1596af0f66babebd09bda405d5c5f4d4d5a (diff)
parent700d2e9ac5473579edfbccea9121f8652c6c33dd (diff)
Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4
Conflicts: series.conf
-rw-r--r--blacklist.conf1
-rw-r--r--patches.suse/0001-drm-i915-Restore-relaxed-padding-OCL_OOB_SUPPRES_ENA.patch50
-rw-r--r--patches.suse/Btrfs-do-not-abort-transaction-at-btrfs_update_root-.patch56
-rw-r--r--patches.suse/Btrfs-fix-assertion-failure-during-fsync-and-use-of-.patch189
-rw-r--r--patches.suse/iommu-amd-fix-race-in-increase_address_space66
-rw-r--r--patches.suse/iommu-amd-flush-old-domains-in-kdump-kernel77
-rw-r--r--patches.suse/net-ibmvnic-Fix-missing-in-__ibmvnic_reset.patch3
-rw-r--r--patches.suse/net-ibmvnic-free-reset-work-of-removed-device-from-q.patch3
-rw-r--r--patches.suse/vhost-make-sure-log_num-in_num.patch58
-rw-r--r--series.conf12
10 files changed, 506 insertions, 9 deletions
diff --git a/blacklist.conf b/blacklist.conf
index 3e1cf1ca17..90b5799f55 100644
--- a/blacklist.conf
+++ b/blacklist.conf
@@ -1366,3 +1366,4 @@ fa74f5e380b6d671735d72ab36646b781af3f876 # requires an earlier commit that break
aa56a292ce623734ddd30f52d73f527d1f3529b5 # drm/i915: reverted by below
cb6d7c7dc7ff8cace666ddec66334117a6068ce2 # drm/i915: ditto (cherry-picked)
505a8ec7e11ae5236c4a154a1e24ef49a8349600 # drm/i915: reverting two above
+73df167c819e49d65576e3015f2b1385034baafb # pointless patch and kabi breaker
diff --git a/patches.suse/0001-drm-i915-Restore-relaxed-padding-OCL_OOB_SUPPRES_ENA.patch b/patches.suse/0001-drm-i915-Restore-relaxed-padding-OCL_OOB_SUPPRES_ENA.patch
new file mode 100644
index 0000000000..23fa4e3b75
--- /dev/null
+++ b/patches.suse/0001-drm-i915-Restore-relaxed-padding-OCL_OOB_SUPPRES_ENA.patch
@@ -0,0 +1,50 @@
+From 2eb0964eec5f1d99f9eaf4963eee267acc72b615 Mon Sep 17 00:00:00 2001
+From: Chris Wilson <chris@chris-wilson.co.uk>
+Date: Wed, 4 Sep 2019 11:07:07 +0100
+Subject: drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+
+Git-commit: 2eb0964eec5f1d99f9eaf4963eee267acc72b615
+Patch-mainline: v5.3
+References: bsc#1142635
+No-fix: 9d7b01e93526efe79dbf75b69cc5972b5a4f7b37
+
+This bit was fliped on for "syncing dependencies between camera and
+graphics". BSpec has no recollection why, and it is causing
+unrecoverable GPU hangs with Vulkan compute workloads.
+
+From BSpec, setting bit5 to 0 enables relaxed padding requirements for
+buffers, 1D and 2D non-array, non-MSAA, non-mip-mapped linear surfaces;
+and *must* be set to 0h on skl+ to ensure "Out of Bounds" case is
+suppressed.
+
+Reported-by: Jason Ekstrand <jason@jlekstrand.net>
+Suggested-by: Jason Ekstrand <jason@jlekstrand.net>
+Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=110998
+Fixes: 8424171e135c ("drm/i915/gen9: h/w w/a: syncing dependencies between camera and graphics")
+Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
+Tested-by: denys.kostin@globallogic.com
+Cc: Jason Ekstrand <jason@jlekstrand.net>
+Cc: Mika Kuoppala <mika.kuoppala@linux.intel.com>
+Cc: <stable@vger.kernel.org> # v4.1+
+Reviewed-by: Mika Kuoppala <mika.kuoppala@linux.intel.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20190904100707.7377-1-chris@chris-wilson.co.uk
+(cherry picked from commit 9d7b01e93526efe79dbf75b69cc5972b5a4f7b37)
+Signed-off-by: Jani Nikula <jani.nikula@intel.com>
+Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
+---
+ drivers/gpu/drm/i915/intel_engine_cs.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+--- a/drivers/gpu/drm/i915/intel_engine_cs.c
++++ b/drivers/gpu/drm/i915/intel_engine_cs.c
+@@ -1004,11 +1004,6 @@ static int gen9_init_workarounds(struct
+ FLOW_CONTROL_ENABLE |
+ PARTIAL_INSTRUCTION_SHOOTDOWN_DISABLE);
+
+- /* Syncing dependencies between camera and graphics:skl,bxt,kbl */
+- if (!IS_COFFEELAKE(dev_priv))
+- WA_SET_BIT_MASKED(HALF_SLICE_CHICKEN3,
+- GEN9_DISABLE_OCL_OOB_SUPPRESS_LOGIC);
+-
+ /* WaEnableYV12BugFixInHalfSliceChicken7:skl,bxt,kbl,glk,cfl */
+ /* WaEnableSamplerGPGPUPreemptionSupport:skl,bxt,kbl,cfl */
+ WA_SET_BIT_MASKED(GEN9_HALF_SLICE_CHICKEN7,
diff --git a/patches.suse/Btrfs-do-not-abort-transaction-at-btrfs_update_root-.patch b/patches.suse/Btrfs-do-not-abort-transaction-at-btrfs_update_root-.patch
new file mode 100644
index 0000000000..99612e6414
--- /dev/null
+++ b/patches.suse/Btrfs-do-not-abort-transaction-at-btrfs_update_root-.patch
@@ -0,0 +1,56 @@
+From: Filipe Manana <fdmanana@suse.com>
+Date: Mon, 29 Apr 2019 13:08:14 +0100
+Git-commit: 72bd2323ec87722c115a5906bc6a1b31d11e8f54
+Patch-mainline: 5.2
+Subject: [PATCH] Btrfs: do not abort transaction at btrfs_update_root() after
+ failure to COW path
+References: bsc#1150933
+
+Currently when we fail to COW a path at btrfs_update_root() we end up
+always aborting the transaction. However all the current callers of
+btrfs_update_root() are able to deal with errors returned from it, many do
+end up aborting the transaction themselves (directly or not, such as the
+transaction commit path), other BUG_ON() or just gracefully cancel whatever
+they were doing.
+
+When syncing the fsync log, we call btrfs_update_root() through
+tree-log.c:update_log_root(), and if it returns an -ENOSPC error, the log
+sync code does not abort the transaction, instead it gracefully handles
+the error and returns -EAGAIN to the fsync handler, so that it falls back
+to a transaction commit. Any other error different from -ENOSPC, makes the
+log sync code abort the transaction.
+
+So remove the transaction abort from btrfs_update_log() when we fail to
+COW a path to update the root item, so that if an -ENOSPC failure happens
+we avoid aborting the current transaction and have a chance of the fsync
+succeeding after falling back to a transaction commit.
+
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=203413
+Fixes: 79787eaab46121 ("btrfs: replace many BUG_ONs with proper error handling")
+Cc: stable@vger.kernel.org # 4.4+
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Reviewed-by: Anand Jain <anand.jain@oracle.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+---
+ fs/btrfs/root-tree.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/fs/btrfs/root-tree.c b/fs/btrfs/root-tree.c
+index 39e2b2417ed5..f942e9a70b74 100644
+--- a/fs/btrfs/root-tree.c
++++ b/fs/btrfs/root-tree.c
+@@ -145,10 +145,8 @@ int btrfs_update_root(struct btrfs_trans_handle *trans, struct btrfs_root
+ return -ENOMEM;
+
+ ret = btrfs_search_slot(trans, root, key, path, 0, 1);
+- if (ret < 0) {
+- btrfs_abort_transaction(trans, ret);
++ if (ret < 0)
+ goto out;
+- }
+
+ if (ret > 0) {
+ btrfs_crit(fs_info,
+--
+2.16.4
+
diff --git a/patches.suse/Btrfs-fix-assertion-failure-during-fsync-and-use-of-.patch b/patches.suse/Btrfs-fix-assertion-failure-during-fsync-and-use-of-.patch
new file mode 100644
index 0000000000..268077d040
--- /dev/null
+++ b/patches.suse/Btrfs-fix-assertion-failure-during-fsync-and-use-of-.patch
@@ -0,0 +1,189 @@
+From: Filipe Manana <fdmanana@suse.com>
+Date: Tue, 10 Sep 2019 15:26:49 +0100
+Git-commit: 410f954cb1d1c79ae485dd83a175f21954fd87cd
+Patch-mainline: 5.3
+References: bsc#1150562
+Subject: [PATCH] Btrfs: fix assertion failure during fsync and use of stale
+ transaction
+
+Sometimes when fsync'ing a file we need to log that other inodes exist and
+when we need to do that we acquire a reference on the inodes and then drop
+that reference using iput() after logging them.
+
+That generally is not a problem except if we end up doing the final iput()
+(dropping the last reference) on the inode and that inode has a link count
+of 0, which can happen in a very short time window if the logging path
+gets a reference on the inode while it's being unlinked.
+
+In that case we end up getting the eviction callback, btrfs_evict_inode(),
+invoked through the iput() call chain which needs to drop all of the
+inode's items from its subvolume btree, and in order to do that, it needs
+to join a transaction at the helper function evict_refill_and_join().
+However because the task previously started a transaction at the fsync
+handler, btrfs_sync_file(), it has current->journal_info already pointing
+to a transaction handle and therefore evict_refill_and_join() will get
+that transaction handle from btrfs_join_transaction(). From this point on,
+two different problems can happen:
+
+1) evict_refill_and_join() will often change the transaction handle's
+ block reserve (->block_rsv) and set its ->bytes_reserved field to a
+ value greater than 0. If evict_refill_and_join() never commits the
+ transaction, the eviction handler ends up decreasing the reference
+ count (->use_count) of the transaction handle through the call to
+ btrfs_end_transaction(), and after that point we have a transaction
+ handle with a NULL ->block_rsv (which is the value prior to the
+ transaction join from evict_refill_and_join()) and a ->bytes_reserved
+ value greater than 0. If after the eviction/iput completes the inode
+ logging path hits an error or it decides that it must fallback to a
+ transaction commit, the btrfs fsync handle, btrfs_sync_file(), gets a
+ non-zero value from btrfs_log_dentry_safe(), and because of that
+ non-zero value it tries to commit the transaction using a handle with
+ a NULL ->block_rsv and a non-zero ->bytes_reserved value. This makes
+ the transaction commit hit an assertion failure at
+ btrfs_trans_release_metadata() because ->bytes_reserved is not zero but
+ the ->block_rsv is NULL. The produced stack trace for that is like the
+ following:
+
+ [192922.917158] assertion failed: !trans->bytes_reserved, file: fs/btrfs/transaction.c, line: 816
+ [192922.917553] ------------[ cut here ]------------
+ [192922.917922] kernel BUG at fs/btrfs/ctree.h:3532!
+ [192922.918310] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC PTI
+ [192922.918666] CPU: 2 PID: 883 Comm: fsstress Tainted: G W 5.1.4-btrfs-next-47 #1
+ [192922.919035] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014
+ [192922.919801] RIP: 0010:assfail.constprop.25+0x18/0x1a [btrfs]
+ (...)
+ [192922.920925] RSP: 0018:ffffaebdc8a27da8 EFLAGS: 00010286
+ [192922.921315] RAX: 0000000000000051 RBX: ffff95c9c16a41c0 RCX: 0000000000000000
+ [192922.921692] RDX: 0000000000000000 RSI: ffff95cab6b16838 RDI: ffff95cab6b16838
+ [192922.922066] RBP: ffff95c9c16a41c0 R08: 0000000000000000 R09: 0000000000000000
+ [192922.922442] R10: ffffaebdc8a27e70 R11: 0000000000000000 R12: ffff95ca731a0980
+ [192922.922820] R13: 0000000000000000 R14: ffff95ca84c73338 R15: ffff95ca731a0ea8
+ [192922.923200] FS: 00007f337eda4e80(0000) GS:ffff95cab6b00000(0000) knlGS:0000000000000000
+ [192922.923579] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ [192922.923948] CR2: 00007f337edad000 CR3: 00000001e00f6002 CR4: 00000000003606e0
+ [192922.924329] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+ [192922.924711] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+ [192922.925105] Call Trace:
+ [192922.925505] btrfs_trans_release_metadata+0x10c/0x170 [btrfs]
+ [192922.925911] btrfs_commit_transaction+0x3e/0xaf0 [btrfs]
+ [192922.926324] btrfs_sync_file+0x44c/0x490 [btrfs]
+ [192922.926731] do_fsync+0x38/0x60
+ [192922.927138] __x64_sys_fdatasync+0x13/0x20
+ [192922.927543] do_syscall_64+0x60/0x1c0
+ [192922.927939] entry_SYSCALL_64_after_hwframe+0x49/0xbe
+ (...)
+ [192922.934077] ---[ end trace f00808b12068168f ]---
+
+2) If evict_refill_and_join() decides to commit the transaction, it will
+ be able to do it, since the nested transaction join only increments the
+ transaction handle's ->use_count reference counter and it does not
+ prevent the transaction from getting committed. This means that after
+ eviction completes, the fsync logging path will be using a transaction
+ handle that refers to an already committed transaction. What happens
+ when using such a stale transaction can be unpredictable, we are at
+ least having a use-after-free on the transaction handle itself, since
+ the transaction commit will call kmem_cache_free() against the handle
+ regardless of its ->use_count value, or we can end up silently losing
+ all the updates to the log tree after that iput() in the logging path,
+ or using a transaction handle that in the meanwhile was allocated to
+ another task for a new transaction, etc, pretty much unpredictable
+ what can happen.
+
+In order to fix both of them, instead of using iput() during logging, use
+btrfs_add_delayed_iput(), so that the logging path of fsync never drops
+the last reference on an inode, that step is offloaded to a safe context
+(usually the cleaner kthread).
+
+The assertion failure issue was sporadically triggered by the test case
+generic/475 from fstests, which loads the dm error target while fsstress
+is running, which lead to fsync failing while logging inodes with -EIO
+errors and then trying later to commit the transaction, triggering the
+assertion failure.
+
+CC: stable@vger.kernel.org # 4.4+
+Reviewed-by: Josef Bacik <josef@toxicpanda.com>
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+---
+ fs/btrfs/tree-log.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
+index cc91cba8ca3e..4bc1d5999931 100644
+--- a/fs/btrfs/tree-log.c
++++ b/fs/btrfs/tree-log.c
+@@ -5153,7 +5153,7 @@ static int log_conflicting_inodes(struct btrfs_trans_handle *trans,
+ BTRFS_I(inode),
+ LOG_OTHER_INODE_ALL,
+ 0, LLONG_MAX, ctx);
+- iput(inode);
++ btrfs_add_delayed_iput(inode);
+ }
+ }
+ continue;
+@@ -5168,7 +5168,7 @@ static int log_conflicting_inodes(struct btrfs_trans_handle *trans,
+ ret = btrfs_log_inode(trans, root, BTRFS_I(inode),
+ LOG_OTHER_INODE, 0, LLONG_MAX, ctx);
+ if (ret) {
+- iput(inode);
++ btrfs_add_delayed_iput(inode);
+ continue;
+ }
+
+@@ -5177,7 +5177,7 @@ static int log_conflicting_inodes(struct btrfs_trans_handle *trans,
+ key.offset = 0;
+ ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
+ if (ret < 0) {
+- iput(inode);
++ btrfs_add_delayed_iput(inode);
+ continue;
+ }
+
+@@ -5224,7 +5224,7 @@ static int log_conflicting_inodes(struct btrfs_trans_handle *trans,
+ }
+ path->slots[0]++;
+ }
+- iput(inode);
++ btrfs_add_delayed_iput(inode);
+ }
+
+ return ret;
+@@ -5864,7 +5864,7 @@ static int log_new_dir_dentries(struct btrfs_trans_handle *trans,
+ }
+
+ if (btrfs_inode_in_log(BTRFS_I(di_inode), trans->transid)) {
+- iput(di_inode);
++ btrfs_add_delayed_iput(di_inode);
+ break;
+ }
+
+@@ -5876,7 +5876,7 @@ static int log_new_dir_dentries(struct btrfs_trans_handle *trans,
+ if (!ret &&
+ btrfs_must_commit_transaction(trans, BTRFS_I(di_inode)))
+ ret = 1;
+- iput(di_inode);
++ btrfs_add_delayed_iput(di_inode);
+ if (ret)
+ goto next_dir_inode;
+ if (ctx->log_new_dentries) {
+@@ -6023,7 +6023,7 @@ static int btrfs_log_all_parents(struct btrfs_trans_handle *trans,
+ if (!ret && ctx && ctx->log_new_dentries)
+ ret = log_new_dir_dentries(trans, root,
+ BTRFS_I(dir_inode), ctx);
+- iput(dir_inode);
++ btrfs_add_delayed_iput(dir_inode);
+ if (ret)
+ goto out;
+ }
+@@ -6066,7 +6066,7 @@ static int log_new_ancestors(struct btrfs_trans_handle *trans,
+ ret = btrfs_log_inode(trans, root, BTRFS_I(inode),
+ LOG_INODE_EXISTS,
+ 0, LLONG_MAX, ctx);
+- iput(inode);
++ btrfs_add_delayed_iput(inode);
+ if (ret)
+ return ret;
+
+--
+2.16.4
+
diff --git a/patches.suse/iommu-amd-fix-race-in-increase_address_space b/patches.suse/iommu-amd-fix-race-in-increase_address_space
new file mode 100644
index 0000000000..2e793c5ad7
--- /dev/null
+++ b/patches.suse/iommu-amd-fix-race-in-increase_address_space
@@ -0,0 +1,66 @@
+From: Joerg Roedel <jroedel@suse.de>
+Date: Fri, 6 Sep 2019 10:39:54 +0200
+Subject: iommu/amd: Fix race in increase_address_space()
+Git-commit: 754265bcab78a9014f0f99cd35e0d610fcd7dfa7
+Patch-mainline: v5.3-rc8
+References: bsc#1150860
+
+After the conversion to lock-less dma-api call the
+increase_address_space() function can be called without any
+locking. Multiple CPUs could potentially race for increasing
+the address space, leading to invalid domain->mode settings
+and invalid page-tables. This has been happening in the wild
+under high IO load and memory pressure.
+
+Fix the race by locking this operation. The function is
+called infrequently so that this does not introduce
+a performance regression in the dma-api path again.
+
+Reported-by: Qian Cai <cai@lca.pw>
+Fixes: 256e4621c21a ('iommu/amd: Make use of the generic IOVA allocator')
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+---
+ drivers/iommu/amd_iommu.c | 16 +++++++++++-----
+ 1 file changed, 11 insertions(+), 5 deletions(-)
+
+--- a/drivers/iommu/amd_iommu.c
++++ b/drivers/iommu/amd_iommu.c
+@@ -1382,18 +1382,21 @@ static void domain_flush_devices(struct
+ * another level increases the size of the address space by 9 bits to a size up
+ * to 64 bits.
+ */
+-static bool increase_address_space(struct protection_domain *domain,
++static void increase_address_space(struct protection_domain *domain,
+ gfp_t gfp)
+ {
++ unsigned long flags;
+ u64 *pte;
+
+- if (domain->mode == PAGE_MODE_6_LEVEL)
++ spin_lock_irqsave(&domain->lock, flags);
++
++ if (WARN_ON_ONCE(domain->mode == PAGE_MODE_6_LEVEL))
+ /* address space already 64 bit large */
+- return false;
++ goto out;
+
+ pte = (void *)get_zeroed_page(gfp);
+ if (!pte)
+- return false;
++ goto out;
+
+ *pte = PM_LEVEL_PDE(domain->mode,
+ iommu_virt_to_phys(domain->pt_root));
+@@ -1401,7 +1404,10 @@ static bool increase_address_space(struc
+ domain->mode += 1;
+ domain->updated = true;
+
+- return true;
++out:
++ spin_unlock_irqrestore(&domain->lock, flags);
++
++ return;
+ }
+
+ static u64 *alloc_pte(struct protection_domain *domain,
+
diff --git a/patches.suse/iommu-amd-flush-old-domains-in-kdump-kernel b/patches.suse/iommu-amd-flush-old-domains-in-kdump-kernel
new file mode 100644
index 0000000000..75510d27c6
--- /dev/null
+++ b/patches.suse/iommu-amd-flush-old-domains-in-kdump-kernel
@@ -0,0 +1,77 @@
+From: Stuart Hayes <stuart.w.hayes@gmail.com>
+Date: Thu, 5 Sep 2019 12:09:48 -0500
+Subject: iommu/amd: Flush old domains in kdump kernel
+Git-commit: 36b7200f67dfe75b416b5281ed4ace9927b513bc
+Patch-mainline: v5.3-rc8
+References: bsc#1150861
+
+When devices are attached to the amd_iommu in a kdump kernel, the old device
+table entries (DTEs), which were copied from the crashed kernel, will be
+overwritten with a new domain number. When the new DTE is written, the IOMMU
+is told to flush the DTE from its internal cache--but it is not told to flush
+the translation cache entries for the old domain number.
+
+Without this patch, AMD systems using the tg3 network driver fail when kdump
+tries to save the vmcore to a network system, showing network timeouts and
+(sometimes) IOMMU errors in the kernel log.
+
+This patch will flush IOMMU translation cache entries for the old domain when
+a DTE gets overwritten with a new domain number.
+
+Signed-off-by: Stuart Hayes <stuart.w.hayes@gmail.com>
+Fixes: 3ac3e5ee5ed5 ('iommu/amd: Copy old trans table from old kernel')
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+---
+ drivers/iommu/amd_iommu.c | 24 ++++++++++++++++++++++++
+ 1 file changed, 24 insertions(+)
+
+--- a/drivers/iommu/amd_iommu.c
++++ b/drivers/iommu/amd_iommu.c
+@@ -1195,6 +1195,17 @@ static void iommu_flush_tlb_all(struct a
+ iommu_completion_wait(iommu);
+ }
+
++static void amd_iommu_flush_tlb_domid(struct amd_iommu *iommu, u32 dom_id)
++{
++ struct iommu_cmd cmd;
++
++ build_inv_iommu_pages(&cmd, 0, CMD_INV_IOMMU_ALL_PAGES_ADDRESS,
++ dom_id, 1);
++ iommu_queue_command(iommu, &cmd);
++
++ iommu_completion_wait(iommu);
++}
++
+ static void iommu_flush_all(struct amd_iommu *iommu)
+ {
+ struct iommu_cmd cmd;
+@@ -2049,6 +2060,7 @@ static void set_dte_entry(u16 devid, str
+ {
+ u64 pte_root = 0;
+ u64 flags = 0;
++ u32 old_domid;
+
+ if (domain->mode != PAGE_MODE_NONE)
+ pte_root = iommu_virt_to_phys(domain->pt_root);
+@@ -2091,8 +2103,20 @@ static void set_dte_entry(u16 devid, str
+ flags &= ~DEV_DOMID_MASK;
+ flags |= domain->id;
+
++ old_domid = amd_iommu_dev_table[devid].data[1] & DEV_DOMID_MASK;
+ amd_iommu_dev_table[devid].data[1] = flags;
+ amd_iommu_dev_table[devid].data[0] = pte_root;
++
++ /*
++ * A kdump kernel might be replacing a domain ID that was copied from
++ * the previous kernel--if so, it needs to flush the translation cache
++ * entries for the old domain ID that is being overwritten
++ */
++ if (old_domid) {
++ struct amd_iommu *iommu = amd_iommu_rlookup_table[devid];
++
++ amd_iommu_flush_tlb_domid(iommu, old_domid);
++ }
+ }
+
+ static void clear_dte_entry(u16 devid)
+
diff --git a/patches.suse/net-ibmvnic-Fix-missing-in-__ibmvnic_reset.patch b/patches.suse/net-ibmvnic-Fix-missing-in-__ibmvnic_reset.patch
index 95f3d19f72..6c75789000 100644
--- a/patches.suse/net-ibmvnic-Fix-missing-in-__ibmvnic_reset.patch
+++ b/patches.suse/net-ibmvnic-Fix-missing-in-__ibmvnic_reset.patch
@@ -4,8 +4,7 @@ Date: Mon, 9 Sep 2019 22:44:51 +0200
Subject: [PATCH] net/ibmvnic: Fix missing { in __ibmvnic_reset
References: bsc#1149652 ltc#179635
-Patch-mainline: queued
-Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git
+Patch-mainline: v5.3
Git-commit: c8dc55956b09b53ccffceb6e3146981210e27821
Commit 1c2977c09499 ("net/ibmvnic: free reset work of removed device from queue")
diff --git a/patches.suse/net-ibmvnic-free-reset-work-of-removed-device-from-q.patch b/patches.suse/net-ibmvnic-free-reset-work-of-removed-device-from-q.patch
index 884e2d48a4..fe6e727fe5 100644
--- a/patches.suse/net-ibmvnic-free-reset-work-of-removed-device-from-q.patch
+++ b/patches.suse/net-ibmvnic-free-reset-work-of-removed-device-from-q.patch
@@ -7,8 +7,7 @@ Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
References: bsc#1149652 ltc#179635
-Patch-mainline: queued
-Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git
+Patch-mainline: v5.3
Git-commit: 1c2977c094998de032fee6e898c88b4a05483d08
Commit 36f1031c51a2 ("ibmvnic: Do not process reset during or after
diff --git a/patches.suse/vhost-make-sure-log_num-in_num.patch b/patches.suse/vhost-make-sure-log_num-in_num.patch
new file mode 100644
index 0000000000..a350c6c7c4
--- /dev/null
+++ b/patches.suse/vhost-make-sure-log_num-in_num.patch
@@ -0,0 +1,58 @@
+From 060423bfdee3f8bc6e2c1bac97de24d5415e2bc4 Mon Sep 17 00:00:00 2001
+From: yongduan <yongduan@tencent.com>
+Date: Wed, 11 Sep 2019 17:44:24 +0800
+Subject: [PATCH] vhost: make sure log_num < in_num
+Git-commit: 060423bfdee3f8bc6e2c1bac97de24d5415e2bc4
+Patch-mainline: v5.3
+References: bsc#1150112,CVE-2019-14835
+
+The code assumes log_num < in_num everywhere, and that is true as long as
+in_num is incremented by descriptor iov count, and log_num by 1. However
+this breaks if there's a zero sized descriptor.
+
+As a result, if a malicious guest creates a vring desc with desc.len = 0,
+it may cause the host kernel to crash by overflowing the log array. This
+bug can be triggered during the VM migration.
+
+There's no need to log when desc.len = 0, so just don't increment log_num
+in this case.
+
+Fixes: 3a4d5c94e959 ("vhost_net: a kernel-level virtio server")
+Cc: stable@vger.kernel.org
+Reviewed-by: Lidong Chen <lidongchen@tencent.com>
+Signed-off-by: ruippan <ruippan@tencent.com>
+Signed-off-by: yongduan <yongduan@tencent.com>
+Acked-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/vhost/vhost.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
+index 34ea219936e3..acabf20b069e 100644
+--- a/drivers/vhost/vhost.c
++++ b/drivers/vhost/vhost.c
+@@ -2180,7 +2180,7 @@ static int get_indirect(struct vhost_virtqueue *vq,
+ /* If this is an input descriptor, increment that count. */
+ if (access == VHOST_ACCESS_WO) {
+ *in_num += ret;
+- if (unlikely(log)) {
++ if (unlikely(log && ret)) {
+ log[*log_num].addr = vhost64_to_cpu(vq, desc.addr);
+ log[*log_num].len = vhost32_to_cpu(vq, desc.len);
+ ++*log_num;
+@@ -2321,7 +2321,7 @@ int vhost_get_vq_desc(struct vhost_virtqueue *vq,
+ /* If this is an input descriptor,
+ * increment that count. */
+ *in_num += ret;
+- if (unlikely(log)) {
++ if (unlikely(log && ret)) {
+ log[*log_num].addr = vhost64_to_cpu(vq, desc.addr);
+ log[*log_num].len = vhost32_to_cpu(vq, desc.len);
+ ++*log_num;
+--
+2.16.4
+
diff --git a/series.conf b/series.conf
index 85ce51390b..a44d2cc1ce 100644
--- a/series.conf
+++ b/series.conf
@@ -13768,6 +13768,7 @@
patches.suse/0014-kernfs-fix-regression-in-kernfs_fop_write-caused-by-.patch
patches.suse/0015-seq_file-fix-incomplete-reset-on-read-from-zero-offs.patch
patches.suse/kvm-expose-new-cpu-features-to-guest.patch
+ patches.suse/KVM-X86-Reduce-the-overhead-when-lapic_timer_advance.patch
patches.suse/kvm-x86-fix-escape-of-guest-dr6-to-the-host
patches.suse/01-documentation-virtual-kvm-add-amd-secure-encrypted-virtualization-sev.patch
patches.suse/02-x86-cpu-amd-add-the-secure-encrypted-virtualization-cpu-feature.patch
@@ -23643,6 +23644,7 @@
patches.suse/vsock-virtio-free-packets-during-the-socket-release.patch
patches.suse/vsock-virtio-Initialize-core-virtio-vsock-before-reg.patch
patches.suse/btrfs-don-t-double-unlock-on-error-in-btrfs_punch_ho.patch
+ patches.suse/Btrfs-do-not-abort-transaction-at-btrfs_update_root-.patch
patches.suse/0001-btrfs-extent-tree-Fix-a-bug-that-btrfs-is-unable-to-.patch
patches.suse/btrfs-fix-race-between-ranged-fsync-and-writeback-of.patch
patches.suse/btrfs-tree-checker-detect-file-extent-items-with-ove.patch
@@ -24520,9 +24522,12 @@
patches.suse/keys-Fix-missing-null-pointer-check-in-request_key_a.patch
patches.suse/powerpc-tm-Fix-FP-VMX-unavailable-exceptions-inside-.patch
patches.suse/powerpc-tm-Fix-restoring-FP-VMX-facility-incorrectly.patch
+ patches.suse/iommu-amd-flush-old-domains-in-kdump-kernel
+ patches.suse/iommu-amd-fix-race-in-increase_address_space
+ patches.suse/vhost-make-sure-log_num-in_num.patch
+ patches.suse/Btrfs-fix-assertion-failure-during-fsync-and-use-of-.patch
+ patches.suse/0001-drm-i915-Restore-relaxed-padding-OCL_OOB_SUPPRES_ENA.patch
patches.suse/Revert-Bluetooth-validate-BLE-connection-interval-up.patch
-
- # davem/net
patches.suse/net-ibmvnic-free-reset-work-of-removed-device-from-q.patch
patches.suse/net-ibmvnic-Fix-missing-in-__ibmvnic_reset.patch
@@ -25338,9 +25343,6 @@
patches.kabi/kabi-fix-struct-ufs_reg-removal-of-unused-field
- # bsc#1149083
- patches.suse/KVM-X86-Reduce-the-overhead-when-lapic_timer_advance.patch
-
########################################################
# You'd better have a good reason for adding a patch
# below here.