autopatch/kernel
5
0
Fork 1
Code Issues Pull Requests Releases Activity

Sync with a9

Browse Source
This commit is contained in:
Andrew Lukoshko 2026-03-30 09:47:27 +00:00
parent 6b0daf7d92
commit abf0cae5b0
6 changed files with 300 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
config.yaml
View File

@ -33,6 +33,9 @@ actions:
- type: "source"
name: "almalinuxima.x509"
number: 103
- type: "source"
name: "almalinuxnvidia1.x509"
number: 106
- type: "patch"
name: "ppc64le-kvm-support.patch"
number: "Latest"
@ -81,7 +84,7 @@ actions:
%define pesign_name_0 centossecureboot201
%else
%ifarch x86_64 aarch64
%define pesign_name_0 redhatsecureboot501
%define pesign_name_0 redhatsecureboot801
%endif
%ifarch s390x
%define pesign_name_0 redhatsecureboot302
@ -90,7 +93,7 @@ actions:
%define pesign_name_0 redhatsecureboot701
%endif
%endif
replace: "%define pesign_name_0 almalinuxsecurebootca0"
replace: "%define pesign_name_0 almalinuxsecureboot0"
count: 1
- target: "spec"
find: "Source103: almalinuxima.x509"
@ -98,6 +101,15 @@ actions:
Source103: almalinuxima.x509
Source104: almalinuxima.x509
count: 1
- target: "spec"
find: |
openssl x509 -inform der -in %{SOURCE105} -out nvidiagpuoot001.pem
cat rheldup3.pem rhelkpatch1.pem rhelimaca1.pem nvidiagpuoot001.pem > ../certs/rhel.pem
replace: |
openssl x509 -inform der -in %{SOURCE105} -out nvidiagpuoot001.pem
openssl x509 -inform der -in %{SOURCE106} -out almalinuxnvidia.pem
cat rheldup3.pem rhelkpatch1.pem rhelimaca1.pem nvidiagpuoot001.pem almalinuxnvidia.pem > ../certs/rhel.pem
count: 1
- target: "spec"
find: "Summary: Various documentation bits found in the kernel source"
replace: |
@ -169,6 +181,10 @@ actions:
find: "UKI_secureboot_name=redhatsecureboot504"
replace: "UKI_secureboot_name=alsecureboot001"
count: 1
- target: "spec"
find: "UKI_secureboot_cert=%{SOURCE153}"
replace: "UKI_secureboot_cert=%{_datadir}/pki/sb-certs/secureboot-uki-virt-%{_arch}.cer"
count: 1
- target: "spec"
find: "# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel"
replace: "# AlmaLinux UEFI Secure Boot CA cert, which can be used to authenticate the kernel"
@ -229,6 +245,7 @@ actions:
# PPC64le KVM support config
Source10001: kernel-ppc64le-kvm-rhel.config
Source10002: kernel-ppc64le-kvm-debug-rhel.config
count: 1
- target: "spec"
find: |
@ -263,6 +280,21 @@ actions:
The kernel package contains a variant of the PPC64le Linux kernel with
KVM support.
%endif
%if %{with_ppc_kvm} && %{with_debug}
%define variant_summary The Linux kernel compiled with extra debugging enabled
%if !%{debugbuildsenabled}
%kernel_variant_package -m kvm-debug
%else
%kernel_variant_package kvm-debug
%endif
%description kvm-debug-core
The debug kernel package contains a variant of the PPC64le Linux kernel with
KVM support.
This variant of the kernel has numerous debugging options enabled.
It should only be installed when trying to gather additional information
on kernel bugs, as some of these options impact performance noticably.
%endif
count: 1
- target: "spec"
find: |
@ -276,6 +308,9 @@ actions:
%if %{with_ppc_kvm}
git apply $RPM_SOURCE_DIR/ppc64le-kvm-support.patch
%if %{with_debug}
BuildKernel %make_target %kernel_image %{_use_vdso} kvm-debug
%endif
BuildKernel %make_target %kernel_image %{_use_vdso} kvm
%endif
count: 1
@ -297,6 +332,9 @@ actions:
if [ "%{with_ppc_kvm}" -ne "0" ]; then \
%{modsign_cmd} certs/signing_key.pem.sign+kvm certs/signing_key.x509.sign+kvm $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+kvm/ \
fi \
if [ "%{with_ppc_kvm}" -ne "0" ] && [ "%{with_debug}" -ne "0" ]; then \
%{modsign_cmd} certs/signing_key.pem.sign+kvm-debug certs/signing_key.x509.sign+kvm-debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+kvm-debug/ \
fi \
count: 1
- target: "spec"
find: |
@ -314,13 +352,65 @@ actions:
%kernel_variant_preun -v kvm
%kernel_variant_post -v kvm
%endif
%if %{with_ppc_kvm} && %{with_debug}
%kernel_variant_preun -v kvm-debug
%kernel_variant_post -v kvm-debug
%endif
count: 1
- target: "spec"
find: |
%if %{with_debug_meta}
%files debug
%files debug-core
%files debug-devel
%files debug-devel-matched
%files debug-modules
%files debug-modules-core
%files debug-modules-extra
%if %{with_arm64_64k}
%files 64k-debug
%files 64k-debug-core
%files 64k-debug-devel
%files 64k-debug-devel-matched
%files 64k-debug-modules
%files 64k-debug-modules-extra
%endif
replace: |
%if %{with_debug_meta}
%files debug
%files debug-core
%files debug-devel
%files debug-devel-matched
%files debug-modules
%files debug-modules-core
%files debug-modules-extra
%if %{with_arm64_64k}
%files 64k-debug
%files 64k-debug-core
%files 64k-debug-devel
%files 64k-debug-devel-matched
%files 64k-debug-modules
%files 64k-debug-modules-extra
%endif
%if %{with_ppc_kvm}
%files kvm-debug
%files kvm-debug-core
%files kvm-debug-devel
%files kvm-debug-devel-matched
%files kvm-debug-modules
%files kvm-debug-modules-extra
%endif
count: 1
- target: "spec"
find: |
%kernel_variant_files %{_use_vdso} %{with_arm64_64k} 64k
replace: |
%kernel_variant_files %{_use_vdso} %{with_arm64_64k} 64k
%if %{with_ppc_kvm}
%kernel_variant_files %{_use_vdso} %{with_ppc_kvm} kvm
%kernel_variant_files %{_use_vdso} %{with_debug} kvm-debug
%endif
count: 1
- delete_line:
@ -348,13 +438,16 @@ actions:
if [ "$KernelExtension" == "gz" ]; then
gzip -f9 $SignImage
fi
- |
# Temporary use redhatsecureboot504 for x86 UKI, see RHEL-122230
Source153: redhatsecureboot504.cer
- run_script:
- script: "copy_ppc64le_config.sh"
cwd: "rpms"
- changelog_entry:
- name: "Andrei Lukoshko"
- name: "Andrew Lukoshko"
email: "alukoshko@almalinux.org"
line:
- "hpsa: bring back deprecated PCI ids #CFHack #CFHack2024"

3
files/0004-Bring-back-deprecated-pci-ids-to-qla2xxx-driver.patch
View File

@ -14,7 +14,7 @@ index 036f26c42..1d7b684dc 100644
@@ -8121,7 +8121,6 @@ static const struct pci_error_handlers qla2xxx_err_handler = {
};
static struct pci_device_id qla2xxx_pci_tbl[] = {
static const struct pci_device_id qla2xxx_pci_tbl[] = {
-#ifndef CONFIG_RHEL_DIFFERENCES
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2100) },
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2200) },
@ -40,4 +40,3 @@ index 036f26c42..1d7b684dc 100644
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2261) },
--
2.27.0

BIN
files/almalinuxnvidia1.x509 Normal file
View File

Binary file not shown.

54
files/b86dbf455d75ce54314efc826364259b8a87a8d0.patch Normal file
View File

@ -0,0 +1,54 @@
From b86dbf455d75ce54314efc826364259b8a87a8d0 Mon Sep 17 00:00:00 2001
From: Olga Kornievskaia <okorniev@redhat.com>
Date: Mon, 3 Mar 2025 12:09:08 -0500
Subject: [PATCH] NFSD: fix hang in nfsd4_shutdown_callback
JIRA: https://issues.redhat.com/browse/RHEL-81291
CVE: CVE-2025-21795
commit 036ac2778f7b28885814c6fbc07e156ad1624d03
Author: Dai Ngo <dai.ngo@oracle.com>
Date: Thu Jan 30 11:01:27 2025 -0800
NFSD: fix hang in nfsd4_shutdown_callback
If nfs4_client is in courtesy state then there is no point to send
the callback. This causes nfsd4_shutdown_callback to hang since
cl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP
notifies NFSD that the connection was dropped.
This patch modifies nfsd4_run_cb_work to skip the RPC call if
nfs4_client is in courtesy state.
Signed-off-by: Dai Ngo <dai.ngo@oracle.com>
Fixes: 66af25799940 ("NFSD: add courteous server support for thread with only delegation")
Cc: stable@vger.kernel.org
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Olga Kornievskaia <okorniev@redhat.com>
---
fs/nfsd/nfs4callback.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index 0d7cc2f9a8e07..d8eed853d528d 100644
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -1480,8 +1480,11 @@ nfsd4_run_cb_work(struct work_struct *work)
nfsd4_process_cb_update(cb);
clnt = clp->cl_cb_client;
- if (!clnt) {
- /* Callback channel broken, or client killed; give up: */
+ if (!clnt || clp->cl_state == NFSD4_COURTESY) {
+ /*
+ * Callback channel broken, client killed or
+ * nfs4_client in courtesy state; give up.
+ */
nfsd41_destroy_cb(cb);
return;
}
--
GitLab

203
files/ppc64le-kvm-support.patch
View File

@ -1,31 +1,55 @@
From 524ab50336b1190547ceb8074260a1fbebfee0be Mon Sep 17 00:00:00 2001
From: Sean Christopherson <seanjc@google.com>
Date: Mon, 6 Dec 2021 20:54:14 +0100
Subject: [PATCH 1/3] KVM: PPC: Avoid referencing userspace memory region in
memslot updates
From 3c806e795bf954e4dc28b75887a89095815325ed Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@almalinux.org>
Date: Sat, 17 May 2025 08:48:11 +0000
Subject: [PATCH] =?UTF-8?q?Bring=20back=20KVM=20support=20for=20PPC=C2=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
For PPC HV, get the number of pages directly from the new memslot instead
of computing the same from the userspace memory region, and explicitly
check for !DELETE instead of inferring the same when toggling mmio_update.
The motivation for these changes is to avoid referencing the @mem param
so that it can be dropped in a future commit.
No functional change intended.
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Message-Id: <1e97fb5198be25f98ef82e63a8d770c682264cc9.1638817639.git.maciej.szmigiero@oracle.com>
Backport of the following upstream commits:
524ab50336b1190547ceb8074260a1fbebfee0be
93b71801a8274cd9511557faf04365a5de487197
f771b55731fc82b1e8e9ef123f6f1b8d8c92bc63
---
arch/powerpc/include/asm/kvm_ppc.h | 4 ----
arch/powerpc/kvm/book3s.c | 6 ++----
arch/powerpc/kvm/book3s_hv.c | 12 +++---------
arch/powerpc/kvm/book3s_pr.c | 2 --
arch/powerpc/kvm/booke.c | 2 --
arch/powerpc/kvm/powerpc.c | 4 ++--
6 files changed, 7 insertions(+), 23 deletions(-)
Documentation/virt/kvm/api.rst | 14 ++++++++++++++
arch/powerpc/include/asm/kvm_ppc.h | 4 ----
arch/powerpc/include/asm/setup.h | 2 ++
arch/powerpc/kvm/book3s.c | 6 ++----
arch/powerpc/kvm/book3s_64_vio_hv.c | 2 +-
arch/powerpc/kvm/book3s_hv.c | 12 +++---------
arch/powerpc/kvm/book3s_pr.c | 2 --
arch/powerpc/kvm/booke.c | 2 --
arch/powerpc/kvm/powerpc.c | 21 +++++++++++++++++++--
arch/powerpc/platforms/pseries/setup.c | 13 ++++++++++++-
10 files changed, 53 insertions(+), 25 deletions(-)
diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
index 9f2f130c6..64aca1034 100644
--- a/Documentation/virt/kvm/api.rst
+++ b/Documentation/virt/kvm/api.rst
@@ -7735,6 +7735,20 @@ indicated by the fd to the VM this is called on.
This is intended to support intra-host migration of VMs between userspace VMMs,
upgrading the VMM process without interrupting the guest.
+7.30 KVM_CAP_PPC_AIL_MODE_3
+-------------------------------
+
+:Capability: KVM_CAP_PPC_AIL_MODE_3
+:Architectures: ppc
+:Type: vm
+
+This capability indicates that the kernel supports the mode 3 setting for the
+"Address Translation Mode on Interrupt" aka "Alternate Interrupt Location"
+resource that is controlled with the H_SET_MODE hypercall.
+
+This capability allows a guest kernel to use a better-performance mode for
+handling interrupts and system calls.
+
7.31 KVM_CAP_DISABLE_QUIRKS2
----------------------------
diff --git a/arch/powerpc/include/asm/kvm_ppc.h b/arch/powerpc/include/asm/kvm_ppc.h
index 5c80c4955..6874cd89d 100644
index 254a41648..e16491011 100644
--- a/arch/powerpc/include/asm/kvm_ppc.h
+++ b/arch/powerpc/include/asm/kvm_ppc.h
@@ -199,12 +199,10 @@ extern void kvmppc_core_destroy_vm(struct kvm *kvm);
@ -54,6 +78,24 @@ index 5c80c4955..6874cd89d 100644
struct kvm_memory_slot *old,
const struct kvm_memory_slot *new,
enum kvm_mr_change change);
diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h
index 31f315223..1868e4a07 100644
--- a/arch/powerpc/include/asm/setup.h
+++ b/arch/powerpc/include/asm/setup.h
@@ -27,11 +27,13 @@ void setup_panic(void);
#define ARCH_PANIC_TIMEOUT 180
#ifdef CONFIG_PPC_PSERIES
+extern bool pseries_reloc_on_exception(void);
extern bool pseries_enable_reloc_on_exc(void);
extern void pseries_disable_reloc_on_exc(void);
extern void pseries_big_endian_exceptions(void);
extern void pseries_little_endian_exceptions(void);
#else
+static inline bool pseries_reloc_on_exception(void) { return false; }
static inline bool pseries_enable_reloc_on_exc(void) { return false; }
static inline void pseries_disable_reloc_on_exc(void) {}
static inline void pseries_big_endian_exceptions(void) {}
diff --git a/arch/powerpc/kvm/book3s.c b/arch/powerpc/kvm/book3s.c
index 64fd4b3ea..cb7b5f365 100644
--- a/arch/powerpc/kvm/book3s.c
@ -82,8 +124,21 @@ index 64fd4b3ea..cb7b5f365 100644
}
bool kvm_unmap_gfn_range(struct kvm *kvm, struct kvm_gfn_range *range)
diff --git a/arch/powerpc/kvm/book3s_64_vio_hv.c b/arch/powerpc/kvm/book3s_64_vio_hv.c
index f38dfe195..16e5872a1 100644
--- a/arch/powerpc/kvm/book3s_64_vio_hv.c
+++ b/arch/powerpc/kvm/book3s_64_vio_hv.c
@@ -488,7 +488,7 @@ long kvmppc_rm_h_put_tce_indirect(struct kvm_vcpu *vcpu,
/*
* used to check for invalidations in progress
*/
- mmu_seq = kvm->mmu_notifier_seq;
+ mmu_seq = kvm->mmu_invalidate_seq;
smp_rmb();
stt = kvmppc_find_table(vcpu->kvm, liobn);
diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
index 9c3c9fd5e..7f4c188f3 100644
index 5b2530818..f6ce07b4b 100644
--- a/arch/powerpc/kvm/book3s_hv.c
+++ b/arch/powerpc/kvm/book3s_hv.c
@@ -4777,15 +4777,12 @@ static void kvmppc_core_free_memslot_hv(struct kvm_memory_slot *slot)
@ -127,7 +182,7 @@ index 9c3c9fd5e..7f4c188f3 100644
/*
diff --git a/arch/powerpc/kvm/book3s_pr.c b/arch/powerpc/kvm/book3s_pr.c
index 7891b9d0c..c0ae926af 100644
index 48b48311a..6884c04f2 100644
--- a/arch/powerpc/kvm/book3s_pr.c
+++ b/arch/powerpc/kvm/book3s_pr.c
@@ -1892,7 +1892,6 @@ static void kvmppc_core_flush_memslot_pr(struct kvm *kvm,
@ -167,10 +222,34 @@ index b06ca6646..6cf2db284 100644
const struct kvm_memory_slot *new,
enum kvm_mr_change change)
diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c
index 818815e15..f8f39a858 100644
index 818815e15..b89271923 100644
--- a/arch/powerpc/kvm/powerpc.c
+++ b/arch/powerpc/kvm/powerpc.c
@@ -686,7 +686,7 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
@@ -662,6 +662,23 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
r = 1;
break;
#endif
+ case KVM_CAP_PPC_AIL_MODE_3:
+ r = 0;
+ /*
+ * KVM PR, POWER7, and some POWER9s don't support AIL=3 mode.
+ * The POWER9s can support it if the guest runs in hash mode,
+ * but QEMU doesn't necessarily query the capability in time.
+ */
+ if (hv_enabled) {
+ if (kvmhv_on_pseries()) {
+ if (pseries_reloc_on_exception())
+ r = 1;
+ } else if (cpu_has_feature(CPU_FTR_ARCH_207S) &&
+ !cpu_has_feature(CPU_FTR_P9_RADIX_PREFETCH_BUG)) {
+ r = 1;
+ }
+ }
+ break;
default:
r = 0;
break;
@@ -686,7 +703,7 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
struct kvm_memory_slot *new,
enum kvm_mr_change change)
{
@ -179,7 +258,7 @@ index 818815e15..f8f39a858 100644
}
void kvm_arch_commit_memory_region(struct kvm *kvm,
@@ -694,7 +694,7 @@ void kvm_arch_commit_memory_region(struct kvm *kvm,
@@ -694,7 +711,7 @@ void kvm_arch_commit_memory_region(struct kvm *kvm,
const struct kvm_memory_slot *new,
enum kvm_mr_change change)
{
@ -188,32 +267,44 @@ index 818815e15..f8f39a858 100644
}
void kvm_arch_flush_shadow_memslot(struct kvm *kvm,
--
2.39.5 (Apple Git-154)
From 8c62d250a23bbbb1ecd84d4d475e7623810275aa Mon Sep 17 00:00:00 2001
From: eabdullin <eabdullin@almalinux.org>
Date: Tue, 8 Apr 2025 10:13:43 +0300
Subject: [PATCH 3/3] powerpc/kvm: use mmu_invalidate_seq instead of
mmu_notifier_seq
---
arch/powerpc/kvm/book3s_64_vio_hv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/kvm/book3s_64_vio_hv.c b/arch/powerpc/kvm/book3s_64_vio_hv.c
index f38dfe195..16e5872a1 100644
--- a/arch/powerpc/kvm/book3s_64_vio_hv.c
+++ b/arch/powerpc/kvm/book3s_64_vio_hv.c
@@ -488,7 +488,7 @@ long kvmppc_rm_h_put_tce_indirect(struct kvm_vcpu *vcpu,
/*
* used to check for invalidations in progress
*/
- mmu_seq = kvm->mmu_notifier_seq;
+ mmu_seq = kvm->mmu_invalidate_seq;
smp_rmb();
diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c
index f5c2718e2..1f7e535ab 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -367,6 +367,14 @@ static void pseries_lpar_idle(void)
pseries_idle_epilog();
}
stt = kvmppc_find_table(vcpu->kvm, liobn);
+static bool pseries_reloc_on_exception_enabled;
+
+bool pseries_reloc_on_exception(void)
+{
+ return pseries_reloc_on_exception_enabled;
+}
+EXPORT_SYMBOL_GPL(pseries_reloc_on_exception);
+
/*
* Enable relocation on during exceptions. This has partition wide scope and
* may take a while to complete, if it takes longer than one second we will
@@ -391,6 +399,7 @@ bool pseries_enable_reloc_on_exc(void)
" on exceptions: %ld\n", rc);
return false;
}
+ pseries_reloc_on_exception_enabled = true;
return true;
}
@@ -418,7 +427,9 @@ void pseries_disable_reloc_on_exc(void)
break;
mdelay(get_longbusy_msecs(rc));
}
- if (rc != H_SUCCESS)
+ if (rc == H_SUCCESS)
+ pseries_reloc_on_exception_enabled = false;
+ else
pr_warn("Warning: Failed to disable relocation on exceptions: %ld\n",
rc);
}
--
2.39.5 (Apple Git-154)
2.43.5

3
scripts/copy_ppc64le_config.sh
View File

@ -1,2 +1,3 @@
cp SOURCES/kernel-ppc64le-rhel.config SOURCES/kernel-ppc64le-kvm-rhel.config
sed -i 's|# CONFIG_KVM_BOOK3S_64 is not set|CONFIG_KVM_BOOK3S_64=m\nCONFIG_KVM_BOOK3S_64_HV=m\n# CONFIG_KVM_BOOK3S_64_PR is not set\n# CONFIG_KVM_BOOK3S_HV_EXIT_TIMING is not set\nCONFIG_KVM_BOOK3S_PR_POSSIBLE=y\nCONFIG_KVM_XICS=y|g' SOURCES/kernel-ppc64le-kvm-rhel.config
cp SOURCES/kernel-ppc64le-debug-rhel.config SOURCES/kernel-ppc64le-kvm-debug-rhel.config
sed -i 's|# CONFIG_KVM_BOOK3S_64 is not set|CONFIG_KVM_BOOK3S_64=m\nCONFIG_KVM_BOOK3S_64_HV=m\n# CONFIG_KVM_BOOK3S_64_PR is not set\n# CONFIG_KVM_BOOK3S_HV_EXIT_TIMING is not set\nCONFIG_KVM_BOOK3S_PR_POSSIBLE=y\nCONFIG_KVM_XICS=y|g' SOURCES/kernel-ppc64le-kvm*-rhel.config