diff --git a/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch b/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch index f69c4e3..4ef8c48 100644 --- a/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch +++ b/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch @@ -55,10 +55,10 @@ Signed-off-by: Thomas Lamprecht 2 files changed, 111 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt -index c06b0d7abcbb..c0d8867359bc 100644 +index 2698999c2aed..5fef2f65f634 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -4188,6 +4188,15 @@ +@@ -4209,6 +4209,15 @@ Also, it enforces the PCI Local Bus spec rule that those bits should be 0 in system reset events (useful for kexec/kdump cases). diff --git a/patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch b/patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch index 24f7586..8620696 100644 --- a/patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch +++ b/patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch @@ -13,7 +13,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 07aae60288f9..949b7204cf52 100644 +index ba827a450103..dd2b2b0ce3a5 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -79,7 +79,7 @@ module_param(halt_poll_ns, uint, 0644); diff --git a/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch b/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch index 08e3783..4a202b4 100644 --- a/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch +++ b/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch @@ -14,10 +14,10 @@ Signed-off-by: Fabian Grünbichler 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/dev.c b/net/core/dev.c -index 404125e7a57a..365707a07058 100644 +index e1ea81afe37f..6ae53bede3b2 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -10258,7 +10258,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list) +@@ -10260,7 +10260,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list) if (time_after(jiffies, warning_time + READ_ONCE(netdev_unregister_timeout_secs) * HZ)) { list_for_each_entry(dev, list, todo_list) { diff --git a/patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch b/patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch new file mode 100644 index 0000000..74ad0af --- /dev/null +++ b/patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch @@ -0,0 +1,133 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Lamprecht +Date: Fri, 14 Jul 2023 18:10:32 +0200 +Subject: [PATCH] kvm: xsave set: mask-out PKRU bit in xfeatures if vCPU has no + support +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixes live-migrations & snapshot-rollback of VMs with a restricted +CPU type (e.g., qemu64) from our 5.15 based kernel (default Proxmox +VE 7.4) to the 6.2 (and future newer) of Proxmox VE 8.0. + +Previous to ad856280ddea ("x86/kvm/fpu: Limit guest user_xfeatures to +supported bits of XCR0") the PKRU bit of the host could leak into the +state from the guest, which caused trouble when migrating between +hosts with different CPUs, i.e., where the source supported it but +the target did not, causing a general protection fault when the guest +tried to use a pkru related instruction after the migration. + +But the fix, while welcome, caused a temporary out-of-sync state when +migrating such a VM from a kernel without the fix to a kernel with +the fix, as it threw of KVM when the CPUID of the guest and most of +the state doesn't report XSAVE and thus any xfeatures, but PKRU and +the related state is set as enabled, causing the vCPU to spin at 100% +without any progress forever. + +The fix could be at two sites, either in QEMU or in the kernel, I +choose the kernel as we have all the info there for a targeted +heuristic so that we don't have to adapt QEMU and qemu-server, the +latter even on both sides. + +Still, a short summary of the possible fixes and short drawbacks: +* on QEMU-side either + - clear the PKRU state in the migration saved state would be rather + complicated to implement as the vCPU is initialised way before we + have the saved xfeature state available to check what we'd need + to do, plus the user-space only gets a memory blob from ioctl + KVM_GET_XSAVE2 that it passes to KVM_SET_XSAVE ioctl, there are + no ABI guarantees, and while the struct seem stable for 5.15 to + 6.5-rc1, that doesn't has to be for future kernels, so off the + table. + - enforce that the CPUID reports PKU support even if it normally + wouldn't. While this works (tested by hard-coding it as POC) it + is a) not really nice and b) needs some interaction from + qemu-server to enable this flag as otherwise we have no good info + to decide when it's OK to do this, which means we need to adapt + both PVE 7 and 8's qemu-server and also pve-qemu, workable but + not optimal + +* on Kernel/KVM-side we can hook into the set XSAVE ioctl specific to + the KVM subsystem, which already reduces chance of regression for + all other places. There we have access to the union/struct + definitions of the saved state and thus can savely cast to that. + We also got access to the vCPU's CPUID capabilities, meaning we can + check if the XCR0 (first XSAVE Control Register) reports + that it support the PKRU feature, and if it does *NOT* but the + saved xfeatures register from XSAVE *DOES* report it, we can safely + assume that this combination is due to an migration from an older, + leaky kernel – and clear the bit in the xfeature register before + restoring it to the guest vCPU KVM state, avoiding the confusing + situation that made the vCPU spin at 100%. + This should be safe to do, as the guest vCPU CPUID never reported + support for the PKRU feature, and it's also a relatively niche and + newish feature. + +If it gains us something we can drop this patch a bit in the future +Proxmox VE 9 major release, but we should ensure that VMs that where +started before PVE 8 cannot be directly live-migrated to the release +that includes that change; so we should rather only drop it if the +maintenance burden is high. + +Signed-off-by: Thomas Lamprecht +--- + arch/x86/kvm/cpuid.c | 6 ++++++ + arch/x86/kvm/cpuid.h | 2 ++ + arch/x86/kvm/x86.c | 13 +++++++++++++ + 3 files changed, 21 insertions(+) + +diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c +index 596061c1610e..9cbf12eca1d9 100644 +--- a/arch/x86/kvm/cpuid.c ++++ b/arch/x86/kvm/cpuid.c +@@ -251,6 +251,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent) + return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; + } + ++bool vcpu_supports_xsave_pkru(struct kvm_vcpu *vcpu) { ++ u64 guest_supported_xcr0 = cpuid_get_supported_xcr0( ++ vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent); ++ return (guest_supported_xcr0 & XFEATURE_MASK_PKRU) != 0; ++} ++ + static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *entries, + int nent) + { +diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h +index b1658c0de847..12a02851ff57 100644 +--- a/arch/x86/kvm/cpuid.h ++++ b/arch/x86/kvm/cpuid.h +@@ -32,6 +32,8 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu, + bool kvm_cpuid(struct kvm_vcpu *vcpu, u32 *eax, u32 *ebx, + u32 *ecx, u32 *edx, bool exact_only); + ++bool vcpu_supports_xsave_pkru(struct kvm_vcpu *vcpu); ++ + u32 xstate_required_size(u64 xstate_bv, bool compacted); + + int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu); +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index ef53767fb7c8..7d8b14f8807e 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -5335,6 +5335,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu, + if (fpstate_is_confidential(&vcpu->arch.guest_fpu)) + return 0; + ++ if (!vcpu_supports_xsave_pkru(vcpu)) { ++ void *buf = guest_xsave->region; ++ union fpregs_state *ustate = buf; ++ if (ustate->xsave.header.xfeatures & XFEATURE_MASK_PKRU) { ++ printk( ++ KERN_NOTICE "clearing PKRU xfeature bit as vCPU from PID %d" ++ " reports no PKRU support - migration from fpu-leaky kernel?", ++ current->pid ++ ); ++ ustate->xsave.header.xfeatures &= ~XFEATURE_MASK_PKRU; ++ } ++ } ++ + return fpu_copy_uabi_to_guest_fpstate(&vcpu->arch.guest_fpu, + guest_xsave->region, + kvm_caps.supported_xcr0, diff --git a/patches/kernel/0009-KVM-x86-mmu-Grab-memslot-for-correct-address-space-i.patch b/patches/kernel/0009-KVM-x86-mmu-Grab-memslot-for-correct-address-space-i.patch new file mode 100644 index 0000000..078891d --- /dev/null +++ b/patches/kernel/0009-KVM-x86-mmu-Grab-memslot-for-correct-address-space-i.patch @@ -0,0 +1,82 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Thu, 1 Jun 2023 18:01:37 -0700 +Subject: [PATCH] KVM: x86/mmu: Grab memslot for correct address space in NX + recovery worker + +commit 817fa998362d6ea9fabd5e97af8e9e2eb5f0e6f2 upstream. + +Factor in the address space (non-SMM vs. SMM) of the target shadow page +when recovering potential NX huge pages, otherwise KVM will retrieve the +wrong memslot when zapping shadow pages that were created for SMM. The +bug most visibly manifests as a WARN on the memslot being non-NULL, but +the worst case scenario is that KVM could unaccount the shadow page +without ensuring KVM won't install a huge page, i.e. if the non-SMM slot +is being dirty logged, but the SMM slot is not. + + ------------[ cut here ]------------ + WARNING: CPU: 1 PID: 3911 at arch/x86/kvm/mmu/mmu.c:7015 + kvm_nx_huge_page_recovery_worker+0x38c/0x3d0 [kvm] + CPU: 1 PID: 3911 Comm: kvm-nx-lpage-re + RIP: 0010:kvm_nx_huge_page_recovery_worker+0x38c/0x3d0 [kvm] + RSP: 0018:ffff99b284f0be68 EFLAGS: 00010246 + RAX: 0000000000000000 RBX: ffff99b284edd000 RCX: 0000000000000000 + RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 + RBP: ffff9271397024e0 R08: 0000000000000000 R09: ffff927139702450 + R10: 0000000000000000 R11: 0000000000000001 R12: ffff99b284f0be98 + R13: 0000000000000000 R14: ffff9270991fcd80 R15: 0000000000000003 + FS: 0000000000000000(0000) GS:ffff927f9f640000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 00007f0aacad3ae0 CR3: 000000088fc2c005 CR4: 00000000003726e0 + Call Trace: + +__pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [kvm] + kvm_vm_worker_thread+0x106/0x1c0 [kvm] + kthread+0xd9/0x100 + ret_from_fork+0x2c/0x50 + + ---[ end trace 0000000000000000 ]--- + +This bug was exposed by commit edbdb43fc96b ("KVM: x86: Preserve TDP MMU +roots until they are explicitly invalidated"), which allowed KVM to retain +SMM TDP MMU roots effectively indefinitely. Before commit edbdb43fc96b, +KVM would zap all SMM TDP MMU roots and thus all SMM TDP MMU shadow pages +once all vCPUs exited SMM, which made the window where this bug (recovering +an SMM NX huge page) could be encountered quite tiny. To hit the bug, the +NX recovery thread would have to run while at least one vCPU was in SMM. +Most VMs typically only use SMM during boot, and so the problematic shadow +pages were gone by the time the NX recovery thread ran. + +Now that KVM preserves TDP MMU roots until they are explicitly invalidated +(e.g. by a memslot deletion), the window to trigger the bug is effectively +never closed because most VMMs don't delete memslots after boot (except +for a handful of special scenarios). + +Fixes: eb298605705a ("KVM: x86/mmu: Do not recover dirty-tracked NX Huge Pages") +Reported-by: Fabio Coatti +Closes: https://lore.kernel.org/all/CADpTngX9LESCdHVu_2mQkNGena_Ng2CphWNwsRGSMxzDsTjU2A@mail.gmail.com +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20230602010137.784664-1-seanjc@google.com +Signed-off-by: Sean Christopherson +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Thomas Lamprecht +--- + arch/x86/kvm/mmu/mmu.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c +index dcca08a08bd0..3220c1285984 100644 +--- a/arch/x86/kvm/mmu/mmu.c ++++ b/arch/x86/kvm/mmu/mmu.c +@@ -6945,7 +6945,10 @@ static void kvm_recover_nx_huge_pages(struct kvm *kvm) + */ + slot = NULL; + if (atomic_read(&kvm->nr_memslots_dirty_logging)) { +- slot = gfn_to_memslot(kvm, sp->gfn); ++ struct kvm_memslots *slots; ++ ++ slots = kvm_memslots_for_spte_role(kvm, sp->role); ++ slot = __gfn_to_memslot(slots, sp->gfn); + WARN_ON_ONCE(!slot); + } + diff --git a/patches/kernel/0010-nvme-don-t-reject-probe-due-to-duplicate-IDs-for-sin.patch b/patches/kernel/0010-nvme-don-t-reject-probe-due-to-duplicate-IDs-for-sin.patch new file mode 100644 index 0000000..dd6f907 --- /dev/null +++ b/patches/kernel/0010-nvme-don-t-reject-probe-due-to-duplicate-IDs-for-sin.patch @@ -0,0 +1,76 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Thu, 13 Jul 2023 15:30:42 +0200 +Subject: [PATCH] nvme: don't reject probe due to duplicate IDs for + single-ported PCIe devices + +While duplicate IDs are still very harmful, including the potential to easily +see changing devices in /dev/disk/by-id, it turn out they are extremely +common for cheap end user NVMe devices. + +Relax our check for them for so that it doesn't reject the probe on +single-ported PCIe devices, but prints a big warning instead. In doubt +we'd still like to see quirk entries to disable the potential for +changing supposed stable device identifier links, but this will at least +allow users how have two (or more) of these devices to use them without +having to manually add a new PCI ID entry with the quirk through sysfs or +by patching the kernel. + +Fixes: 2079f41ec6ff ("nvme: check that EUI/GUID/UUID are globally unique") +Cc: stable@vger.kernel.org # 6.0+ +Co-developed-by: Sagi Grimberg +Signed-off-by: Christoph Hellwig +Signed-off-by: Keith Busch +Signed-off-by: Thomas Lamprecht +--- + drivers/nvme/host/core.c | 36 +++++++++++++++++++++++++++++++++--- + 1 file changed, 33 insertions(+), 3 deletions(-) + +diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c +index d567762545b0..f350df252d27 100644 +--- a/drivers/nvme/host/core.c ++++ b/drivers/nvme/host/core.c +@@ -4162,10 +4162,40 @@ static int nvme_init_ns_head(struct nvme_ns *ns, struct nvme_ns_info *info) + + ret = nvme_global_check_duplicate_ids(ctrl->subsys, &info->ids); + if (ret) { +- dev_err(ctrl->device, +- "globally duplicate IDs for nsid %d\n", info->nsid); ++ /* ++ * We've found two different namespaces on two different ++ * subsystems that report the same ID. This is pretty nasty ++ * for anything that actually requires unique device ++ * identification. In the kernel we need this for multipathing, ++ * and in user space the /dev/disk/by-id/ links rely on it. ++ * ++ * If the device also claims to be multi-path capable back off ++ * here now and refuse the probe the second device as this is a ++ * recipe for data corruption. If not this is probably a ++ * cheap consumer device if on the PCIe bus, so let the user ++ * proceed and use the shiny toy, but warn that with changing ++ * probing order (which due to our async probing could just be ++ * device taking longer to startup) the other device could show ++ * up at any time. ++ */ + nvme_print_device_info(ctrl); +- return ret; ++ if ((ns->ctrl->ops->flags & NVME_F_FABRICS) || /* !PCIe */ ++ ((ns->ctrl->subsys->cmic & NVME_CTRL_CMIC_MULTI_CTRL) && ++ info->is_shared)) { ++ dev_err(ctrl->device, ++ "ignoring nsid %d because of duplicate IDs\n", ++ info->nsid); ++ return ret; ++ } ++ ++ dev_err(ctrl->device, ++ "clearing duplicate IDs for nsid %d\n", info->nsid); ++ dev_err(ctrl->device, ++ "use of /dev/disk/by-id/ may cause data corruption\n"); ++ memset(&info->ids.nguid, 0, sizeof(info->ids.nguid)); ++ memset(&info->ids.uuid, 0, sizeof(info->ids.uuid)); ++ memset(&info->ids.eui64, 0, sizeof(info->ids.eui64)); ++ ctrl->quirks |= NVME_QUIRK_BOGUS_NID; + } + + mutex_lock(&ctrl->subsys->lock); diff --git a/patches/kernel/0011-igc-Fix-Kernel-Panic-during-ndo_tx_timeout-callback.patch b/patches/kernel/0011-igc-Fix-Kernel-Panic-during-ndo_tx_timeout-callback.patch new file mode 100644 index 0000000..43e2269 --- /dev/null +++ b/patches/kernel/0011-igc-Fix-Kernel-Panic-during-ndo_tx_timeout-callback.patch @@ -0,0 +1,384 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Muhammad Husaini Zulkifli +Date: Mon, 24 Jul 2023 09:12:50 -0700 +Subject: [PATCH] igc: Fix Kernel Panic during ndo_tx_timeout callback + +The Xeon validation group has been carrying out some loaded tests +with various HW configurations, and they have seen some transmit +queue time out happening during the test. This will cause the +reset adapter function to be called by igc_tx_timeout(). +Similar race conditions may arise when the interface is being brought +down and up in igc_reinit_locked(), an interrupt being generated, and +igc_clean_tx_irq() being called to complete the TX. + +When the igc_tx_timeout() function is invoked, this patch will turn +off all TX ring HW queues during igc_down() process. TX ring HW queues +will be activated again during the igc_configure_tx_ring() process +when performing the igc_up() procedure later. + +This patch also moved existing igc_disable_tx_ring_hw() to avoid using +forward declaration. + +Kernel trace: +[ 7678.747813] ------------[ cut here ]------------ +[ 7678.757914] NETDEV WATCHDOG: enp1s0 (igc): transmit queue 2 timed out +[ 7678.770117] WARNING: CPU: 0 PID: 13 at net/sched/sch_generic.c:525 dev_watchdog+0x1ae/0x1f0 +[ 7678.784459] Modules linked in: xt_conntrack nft_chain_nat xt_MASQUERADE xt_addrtype nft_compat +nf_tables nfnetlink br_netfilter bridge stp llc overlay dm_mod emrcha(PO) emriio(PO) rktpm(PO) +cegbuf_mod(PO) patch_update(PO) se(PO) sgx_tgts(PO) mktme(PO) keylocker(PO) svtdx(PO) svfs_pci_hotplug(PO) +vtd_mod(PO) davemem(PO) svmabort(PO) svindexio(PO) usbx2(PO) ehci_sched(PO) svheartbeat(PO) ioapic(PO) +sv8259(PO) svintr(PO) lt(PO) pcierootport(PO) enginefw_mod(PO) ata(PO) smbus(PO) spiflash_cdf(PO) arden(PO) +dsa_iax(PO) oobmsm_punit(PO) cpm(PO) svkdb(PO) ebg_pch(PO) pch(PO) sviotargets(PO) svbdf(PO) svmem(PO) +svbios(PO) dram(PO) svtsc(PO) targets(PO) superio(PO) svkernel(PO) cswitch(PO) mcf(PO) pentiumIII_mod(PO) +fs_svfs(PO) mdevdefdb(PO) svfs_os_services(O) ixgbe mdio mdio_devres libphy emeraldrapids_svdefs(PO) +regsupport(O) libnvdimm nls_cp437 snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_intel +snd_intel_dspcfg snd_hda_codec snd_hwdep x86_pkg_temp_thermal snd_hda_core snd_pcm snd_timer isst_if_mbox_pci +[ 7678.784496] input_leds isst_if_mmio sg snd isst_if_common soundcore wmi button sad9(O) drm fuse backlight +configfs efivarfs ip_tables x_tables vmd sdhci led_class rtl8150 r8152 hid_generic pegasus mmc_block usbhid +mmc_core hid megaraid_sas ixgb igb i2c_algo_bit ice i40e hpsa scsi_transport_sas e1000e e1000 e100 ax88179_178a +usbnet xhci_pci sd_mod xhci_hcd t10_pi crc32c_intel crc64_rocksoft igc crc64 crc_t10dif usbcore +crct10dif_generic ptp crct10dif_common usb_common pps_core +[ 7679.200403] RIP: 0010:dev_watchdog+0x1ae/0x1f0 +[ 7679.210201] Code: 28 e9 53 ff ff ff 4c 89 e7 c6 05 06 42 b9 00 01 e8 17 d1 fb ff 44 89 e9 4c +89 e6 48 c7 c7 40 ad fb 81 48 89 c2 e8 52 62 82 ff <0f> 0b e9 72 ff ff ff 65 8b 05 80 7d 7c 7e +89 c0 48 0f a3 05 0a c1 +[ 7679.245438] RSP: 0018:ffa00000001f7d90 EFLAGS: 00010282 +[ 7679.256021] RAX: 0000000000000000 RBX: ff11000109938440 RCX: 0000000000000000 +[ 7679.268710] RDX: ff11000361e26cd8 RSI: ff11000361e1b880 RDI: ff11000361e1b880 +[ 7679.281314] RBP: ffa00000001f7da8 R08: ff1100035f8fffe8 R09: 0000000000027ffb +[ 7679.293840] R10: 0000000000001f0a R11: ff1100035f840000 R12: ff11000109938000 +[ 7679.306276] R13: 0000000000000002 R14: dead000000000122 R15: ffa00000001f7e18 +[ 7679.318648] FS: 0000000000000000(0000) GS:ff11000361e00000(0000) knlGS:0000000000000000 +[ 7679.332064] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 7679.342757] CR2: 00007ffff7fca168 CR3: 000000013b08a006 CR4: 0000000000471ef8 +[ 7679.354984] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 7679.367207] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 +[ 7679.379370] PKRU: 55555554 +[ 7679.386446] Call Trace: +[ 7679.393152] +[ 7679.399363] ? __pfx_dev_watchdog+0x10/0x10 +[ 7679.407870] call_timer_fn+0x31/0x110 +[ 7679.415698] expire_timers+0xb2/0x120 +[ 7679.423403] run_timer_softirq+0x179/0x1e0 +[ 7679.431532] ? __schedule+0x2b1/0x820 +[ 7679.439078] __do_softirq+0xd1/0x295 +[ 7679.446426] ? __pfx_smpboot_thread_fn+0x10/0x10 +[ 7679.454867] run_ksoftirqd+0x22/0x30 +[ 7679.462058] smpboot_thread_fn+0xb7/0x160 +[ 7679.469670] kthread+0xcd/0xf0 +[ 7679.476097] ? __pfx_kthread+0x10/0x10 +[ 7679.483211] ret_from_fork+0x29/0x50 +[ 7679.490047] +[ 7679.495204] ---[ end trace 0000000000000000 ]--- +[ 7679.503179] igc 0000:01:00.0 enp1s0: Register Dump +[ 7679.511230] igc 0000:01:00.0 enp1s0: Register Name Value +[ 7679.519892] igc 0000:01:00.0 enp1s0: CTRL 181c0641 +[ 7679.528782] igc 0000:01:00.0 enp1s0: STATUS 40280683 +[ 7679.537551] igc 0000:01:00.0 enp1s0: CTRL_EXT 10000040 +[ 7679.546284] igc 0000:01:00.0 enp1s0: MDIC 180a3800 +[ 7679.554942] igc 0000:01:00.0 enp1s0: ICR 00000081 +[ 7679.563503] igc 0000:01:00.0 enp1s0: RCTL 04408022 +[ 7679.571963] igc 0000:01:00.0 enp1s0: RDLEN[0-3] 00001000 00001000 00001000 00001000 +[ 7679.583075] igc 0000:01:00.0 enp1s0: RDH[0-3] 00000068 000000b6 0000000f 00000031 +[ 7679.594162] igc 0000:01:00.0 enp1s0: RDT[0-3] 00000066 000000b2 0000000e 00000030 +[ 7679.605174] igc 0000:01:00.0 enp1s0: RXDCTL[0-3] 02040808 02040808 02040808 02040808 +[ 7679.616196] igc 0000:01:00.0 enp1s0: RDBAL[0-3] 1bb7c000 1bb7f000 1bb82000 0ef33000 +[ 7679.627242] igc 0000:01:00.0 enp1s0: RDBAH[0-3] 00000001 00000001 00000001 00000001 +[ 7679.638256] igc 0000:01:00.0 enp1s0: TCTL a503f0fa +[ 7679.646607] igc 0000:01:00.0 enp1s0: TDBAL[0-3] 2ba4a000 1bb6f000 1bb74000 1bb79000 +[ 7679.657609] igc 0000:01:00.0 enp1s0: TDBAH[0-3] 00000001 00000001 00000001 00000001 +[ 7679.668551] igc 0000:01:00.0 enp1s0: TDLEN[0-3] 00001000 00001000 00001000 00001000 +[ 7679.679470] igc 0000:01:00.0 enp1s0: TDH[0-3] 000000a7 0000002d 000000bf 000000d9 +[ 7679.690406] igc 0000:01:00.0 enp1s0: TDT[0-3] 000000a7 0000002d 000000bf 000000d9 +[ 7679.701264] igc 0000:01:00.0 enp1s0: TXDCTL[0-3] 02100108 02100108 02100108 02100108 +[ 7679.712123] igc 0000:01:00.0 enp1s0: Reset adapter +[ 7683.085967] igc 0000:01:00.0 enp1s0: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX +[ 8086.945561] ------------[ cut here ]------------ +Entering kdb (current=0xffffffff8220b200, pid 0) on processor 0 +Oops: (null) due to oops @ 0xffffffff81573888 +RIP: 0010:dql_completed+0x148/0x160 +Code: c9 00 48 89 57 58 e9 46 ff ff ff 45 85 e4 41 0f 95 c4 41 39 db 0f 95 +c1 41 84 cc 74 05 45 85 ed 78 0a 44 89 c1 e9 27 ff ff ff <0f> 0b 01 f6 44 89 +c1 29 f1 0f 48 ca eb 8c cc cc cc cc cc cc cc cc +RSP: 0018:ffa0000000003e00 EFLAGS: 00010287 +RAX: 000000000000006c RBX: ffa0000003eb0f78 RCX: ff11000109938000 +RDX: 0000000000000003 RSI: 0000000000000160 RDI: ff110001002e9480 +RBP: ffa0000000003ed8 R08: ff110001002e93c0 R09: ffa0000000003d28 +R10: 0000000000007cc0 R11: 0000000000007c54 R12: 00000000ffffffd9 +R13: ff1100037039cb00 R14: 00000000ffffffd9 R15: ff1100037039c048 +FS: 0000000000000000(0000) GS:ff11000361e00000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 00007ffff7fca168 CR3: 000000013b08a003 CR4: 0000000000471ef8 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 +PKRU: 55555554 +Call Trace: + + ? igc_poll+0x1a9/0x14d0 [igc] + __napi_poll+0x2e/0x1b0 + net_rx_action+0x126/0x250 + __do_softirq+0xd1/0x295 + irq_exit_rcu+0xc5/0xf0 + common_interrupt+0x86/0xa0 + + + asm_common_interrupt+0x27/0x40 +RIP: 0010:cpuidle_enter_state+0xd3/0x3e0 +Code: 73 f1 ff ff 49 89 c6 8b 05 e2 ca a7 00 85 c0 0f 8f b3 02 00 00 31 ff e8 1b +de 75 ff 80 7d d7 00 0f 85 cd 01 00 00 fb 45 85 ff <0f> 88 fd 00 00 00 49 63 cf +4c 2b 75 c8 48 8d 04 49 48 89 ca 48 8d +RSP: 0018:ffffffff82203df0 EFLAGS: 00000202 +RAX: ff11000361e2a200 RBX: 0000000000000002 RCX: 000000000000001f +RDX: 0000000000000000 RSI: 000000003cf3cf3d RDI: 0000000000000000 +RBP: ffffffff82203e28 R08: 0000075ae38471c8 R09: 0000000000000018 +R10: 000000000000031a R11: ffffffff8238dca0 R12: ffd1ffffff200000 +R13: ffffffff8238dca0 R14: 0000075ae38471c8 R15: 0000000000000002 + cpuidle_enter+0x2e/0x50 + call_cpuidle+0x23/0x40 + do_idle+0x1be/0x220 + cpu_startup_entry+0x20/0x30 + rest_init+0xb5/0xc0 + arch_call_rest_init+0xe/0x30 + start_kernel+0x448/0x760 + x86_64_start_kernel+0x109/0x150 + secondary_startup_64_no_verify+0xe0/0xeb + +more> +[0]kdb> + +[0]kdb> +[0]kdb> go +Catastrophic error detected +kdb_continue_catastrophic=0, type go a second time if you really want to +continue +[0]kdb> go +Catastrophic error detected +kdb_continue_catastrophic=0, attempting to continue +[ 8086.955689] refcount_t: underflow; use-after-free. +[ 8086.955697] WARNING: CPU: 0 PID: 0 at lib/refcount.c:28 refcount_warn_saturate+0xc2/0x110 +[ 8086.955706] Modules linked in: xt_conntrack nft_chain_nat xt_MASQUERADE xt_addrtype nft_compat +nf_tables nfnetlink br_netfilter bridge stp llc overlay dm_mod emrcha(PO) emriio(PO) rktpm(PO) +cegbuf_mod(PO) patch_update(PO) se(PO) sgx_tgts(PO) mktme(PO) keylocker(PO) svtdx(PO) +svfs_pci_hotplug(PO) vtd_mod(PO) davemem(PO) svmabort(PO) svindexio(PO) usbx2(PO) ehci_sched(PO) +svheartbeat(PO) ioapic(PO) sv8259(PO) svintr(PO) lt(PO) pcierootport(PO) enginefw_mod(PO) ata(PO) +smbus(PO) spiflash_cdf(PO) arden(PO) dsa_iax(PO) oobmsm_punit(PO) cpm(PO) svkdb(PO) ebg_pch(PO) +pch(PO) sviotargets(PO) svbdf(PO) svmem(PO) svbios(PO) dram(PO) svtsc(PO) targets(PO) superio(PO) +svkernel(PO) cswitch(PO) mcf(PO) pentiumIII_mod(PO) fs_svfs(PO) mdevdefdb(PO) svfs_os_services(O) +ixgbe mdio mdio_devres libphy emeraldrapids_svdefs(PO) regsupport(O) libnvdimm nls_cp437 +snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg +snd_hda_codec snd_hwdep x86_pkg_temp_thermal snd_hda_core snd_pcm snd_timer isst_if_mbox_pci +[ 8086.955751] input_leds isst_if_mmio sg snd isst_if_common soundcore wmi button sad9(O) drm +fuse backlight configfs efivarfs ip_tables x_tables vmd sdhci led_class rtl8150 r8152 hid_generic +pegasus mmc_block usbhid mmc_core hid megaraid_sas ixgb igb i2c_algo_bit ice i40e hpsa +scsi_transport_sas e1000e e1000 e100 ax88179_178a usbnet xhci_pci sd_mod xhci_hcd t10_pi +crc32c_intel crc64_rocksoft igc crc64 crc_t10dif usbcore crct10dif_generic ptp crct10dif_common +usb_common pps_core +[ 8086.955784] RIP: 0010:refcount_warn_saturate+0xc2/0x110 +[ 8086.955788] Code: 01 e8 82 e7 b4 ff 0f 0b 5d c3 cc cc cc cc 80 3d 68 c6 eb 00 00 75 81 +48 c7 c7 a0 87 f6 81 c6 05 58 c6 eb 00 01 e8 5e e7 b4 ff <0f> 0b 5d c3 cc cc cc cc 80 3d +42 c6 eb 00 00 0f 85 59 ff ff ff 48 +[ 8086.955790] RSP: 0018:ffa0000000003da0 EFLAGS: 00010286 +[ 8086.955793] RAX: 0000000000000000 RBX: ff1100011da40ee0 RCX: ff11000361e1b888 +[ 8086.955794] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ff11000361e1b880 +[ 8086.955795] RBP: ffa0000000003da0 R08: 80000000ffff9f45 R09: ffa0000000003d28 +[ 8086.955796] R10: ff1100035f840000 R11: 0000000000000028 R12: ff11000319ff8000 +[ 8086.955797] R13: ff1100011bb79d60 R14: 00000000ffffffd6 R15: ff1100037039cb00 +[ 8086.955798] FS: 0000000000000000(0000) GS:ff11000361e00000(0000) knlGS:0000000000000000 +[ 8086.955800] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 8086.955801] CR2: 00007ffff7fca168 CR3: 000000013b08a003 CR4: 0000000000471ef8 +[ 8086.955803] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 8086.955803] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 +[ 8086.955804] PKRU: 55555554 +[ 8086.955805] Call Trace: +[ 8086.955806] +[ 8086.955808] tcp_wfree+0x112/0x130 +[ 8086.955814] skb_release_head_state+0x24/0xa0 +[ 8086.955818] napi_consume_skb+0x9c/0x160 +[ 8086.955821] igc_poll+0x5d8/0x14d0 [igc] +[ 8086.955835] __napi_poll+0x2e/0x1b0 +[ 8086.955839] net_rx_action+0x126/0x250 +[ 8086.955843] __do_softirq+0xd1/0x295 +[ 8086.955846] irq_exit_rcu+0xc5/0xf0 +[ 8086.955851] common_interrupt+0x86/0xa0 +[ 8086.955857] +[ 8086.955857] +[ 8086.955858] asm_common_interrupt+0x27/0x40 +[ 8086.955862] RIP: 0010:cpuidle_enter_state+0xd3/0x3e0 +[ 8086.955866] Code: 73 f1 ff ff 49 89 c6 8b 05 e2 ca a7 00 85 c0 0f 8f b3 02 00 00 31 ff e8 +1b de 75 ff 80 7d d7 00 0f 85 cd 01 00 00 fb 45 85 ff <0f> 88 fd 00 00 00 49 63 cf 4c 2b 75 +c8 48 8d 04 49 48 89 ca 48 8d +[ 8086.955867] RSP: 0018:ffffffff82203df0 EFLAGS: 00000202 +[ 8086.955869] RAX: ff11000361e2a200 RBX: 0000000000000002 RCX: 000000000000001f +[ 8086.955870] RDX: 0000000000000000 RSI: 000000003cf3cf3d RDI: 0000000000000000 +[ 8086.955871] RBP: ffffffff82203e28 R08: 0000075ae38471c8 R09: 0000000000000018 +[ 8086.955872] R10: 000000000000031a R11: ffffffff8238dca0 R12: ffd1ffffff200000 +[ 8086.955873] R13: ffffffff8238dca0 R14: 0000075ae38471c8 R15: 0000000000000002 +[ 8086.955875] cpuidle_enter+0x2e/0x50 +[ 8086.955880] call_cpuidle+0x23/0x40 +[ 8086.955884] do_idle+0x1be/0x220 +[ 8086.955887] cpu_startup_entry+0x20/0x30 +[ 8086.955889] rest_init+0xb5/0xc0 +[ 8086.955892] arch_call_rest_init+0xe/0x30 +[ 8086.955895] start_kernel+0x448/0x760 +[ 8086.955898] x86_64_start_kernel+0x109/0x150 +[ 8086.955900] secondary_startup_64_no_verify+0xe0/0xeb +[ 8086.955904] +[ 8086.955904] ---[ end trace 0000000000000000 ]--- +[ 8086.955912] ------------[ cut here ]------------ +[ 8086.955913] kernel BUG at lib/dynamic_queue_limits.c:27! +[ 8086.955918] invalid opcode: 0000 [#1] SMP +[ 8086.955922] RIP: 0010:dql_completed+0x148/0x160 +[ 8086.955925] Code: c9 00 48 89 57 58 e9 46 ff ff ff 45 85 e4 41 0f 95 c4 41 39 db +0f 95 c1 41 84 cc 74 05 45 85 ed 78 0a 44 89 c1 e9 27 ff ff ff <0f> 0b 01 f6 44 89 +c1 29 f1 0f 48 ca eb 8c cc cc cc cc cc cc cc cc +[ 8086.955927] RSP: 0018:ffa0000000003e00 EFLAGS: 00010287 +[ 8086.955928] RAX: 000000000000006c RBX: ffa0000003eb0f78 RCX: ff11000109938000 +[ 8086.955929] RDX: 0000000000000003 RSI: 0000000000000160 RDI: ff110001002e9480 +[ 8086.955930] RBP: ffa0000000003ed8 R08: ff110001002e93c0 R09: ffa0000000003d28 +[ 8086.955931] R10: 0000000000007cc0 R11: 0000000000007c54 R12: 00000000ffffffd9 +[ 8086.955932] R13: ff1100037039cb00 R14: 00000000ffffffd9 R15: ff1100037039c048 +[ 8086.955933] FS: 0000000000000000(0000) GS:ff11000361e00000(0000) knlGS:0000000000000000 +[ 8086.955934] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 8086.955935] CR2: 00007ffff7fca168 CR3: 000000013b08a003 CR4: 0000000000471ef8 +[ 8086.955936] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 8086.955937] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 +[ 8086.955938] PKRU: 55555554 +[ 8086.955939] Call Trace: +[ 8086.955939] +[ 8086.955940] ? igc_poll+0x1a9/0x14d0 [igc] +[ 8086.955949] __napi_poll+0x2e/0x1b0 +[ 8086.955952] net_rx_action+0x126/0x250 +[ 8086.955956] __do_softirq+0xd1/0x295 +[ 8086.955958] irq_exit_rcu+0xc5/0xf0 +[ 8086.955961] common_interrupt+0x86/0xa0 +[ 8086.955964] +[ 8086.955965] +[ 8086.955965] asm_common_interrupt+0x27/0x40 +[ 8086.955968] RIP: 0010:cpuidle_enter_state+0xd3/0x3e0 +[ 8086.955971] Code: 73 f1 ff ff 49 89 c6 8b 05 e2 ca a7 00 85 c0 0f 8f b3 02 00 00 +31 ff e8 1b de 75 ff 80 7d d7 00 0f 85 cd 01 00 00 fb 45 85 ff <0f> 88 fd 00 00 00 +49 63 cf 4c 2b 75 c8 48 8d 04 49 48 89 ca 48 8d +[ 8086.955972] RSP: 0018:ffffffff82203df0 EFLAGS: 00000202 +[ 8086.955973] RAX: ff11000361e2a200 RBX: 0000000000000002 RCX: 000000000000001f +[ 8086.955974] RDX: 0000000000000000 RSI: 000000003cf3cf3d RDI: 0000000000000000 +[ 8086.955974] RBP: ffffffff82203e28 R08: 0000075ae38471c8 R09: 0000000000000018 +[ 8086.955975] R10: 000000000000031a R11: ffffffff8238dca0 R12: ffd1ffffff200000 +[ 8086.955976] R13: ffffffff8238dca0 R14: 0000075ae38471c8 R15: 0000000000000002 +[ 8086.955978] cpuidle_enter+0x2e/0x50 +[ 8086.955981] call_cpuidle+0x23/0x40 +[ 8086.955984] do_idle+0x1be/0x220 +[ 8086.955985] cpu_startup_entry+0x20/0x30 +[ 8086.955987] rest_init+0xb5/0xc0 +[ 8086.955990] arch_call_rest_init+0xe/0x30 +[ 8086.955992] start_kernel+0x448/0x760 +[ 8086.955994] x86_64_start_kernel+0x109/0x150 +[ 8086.955996] secondary_startup_64_no_verify+0xe0/0xeb +[ 8086.955998] +[ 8086.955999] Modules linked in: xt_conntrack nft_chain_nat xt_MASQUERADE xt_addrtype +nft_compat nf_tables nfnetlink br_netfilter bridge stp llc overlay dm_mod emrcha(PO) emriio(PO) +rktpm(PO) cegbuf_mod(PO) patch_update(PO) se(PO) sgx_tgts(PO) mktme(PO) keylocker(PO) svtdx(PO) +svfs_pci_hotplug(PO) vtd_mod(PO) davemem(PO) svmabort(PO) svindexio(PO) usbx2(PO) ehci_sched(PO) +svheartbeat(PO) ioapic(PO) sv8259(PO) svintr(PO) lt(PO) pcierootport(PO) enginefw_mod(PO) ata(PO) +smbus(PO) spiflash_cdf(PO) arden(PO) dsa_iax(PO) oobmsm_punit(PO) cpm(PO) svkdb(PO) ebg_pch(PO) +pch(PO) sviotargets(PO) svbdf(PO) svmem(PO) svbios(PO) dram(PO) svtsc(PO) targets(PO) superio(PO) +svkernel(PO) cswitch(PO) mcf(PO) pentiumIII_mod(PO) fs_svfs(PO) mdevdefdb(PO) svfs_os_services(O) +ixgbe mdio mdio_devres libphy emeraldrapids_svdefs(PO) regsupport(O) libnvdimm nls_cp437 +snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg +snd_hda_codec snd_hwdep x86_pkg_temp_thermal snd_hda_core snd_pcm snd_timer isst_if_mbox_pci +[ 8086.956029] input_leds isst_if_mmio sg snd isst_if_common soundcore wmi button sad9(O) drm +fuse backlight configfs efivarfs ip_tables x_tables vmd sdhci led_class rtl8150 r8152 hid_generic +pegasus mmc_block usbhid mmc_core hid megaraid_sas ixgb igb i2c_algo_bit ice i40e hpsa +scsi_transport_sas e1000e e1000 e100 ax88179_178a usbnet xhci_pci sd_mod xhci_hcd t10_pi +crc32c_intel crc64_rocksoft igc crc64 crc_t10dif usbcore crct10dif_generic ptp crct10dif_common +usb_common pps_core +[16762.543675] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.593 msecs +[16762.543678] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.595 msecs +[16762.543673] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.495 msecs +[16762.543679] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.599 msecs +[16762.543678] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.598 msecs +[16762.543690] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.605 msecs +[16762.543684] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.599 msecs +[16762.543693] INFO: NMI handler (kgdb_nmi_handler) took too long to run: 8675587.613 msecs +[16762.543784] ---[ end trace 0000000000000000 ]--- +[16762.849099] RIP: 0010:dql_completed+0x148/0x160 +PANIC: Fatal exception in interrupt + +Fixes: 9b275176270e ("igc: Add ndo_tx_timeout support") +Tested-by: Alejandra Victoria Alcaraz +Signed-off-by: Muhammad Husaini Zulkifli +Acked-by: Sasha Neftin +Tested-by: Naama Meir +Signed-off-by: Tony Nguyen +Reviewed-by: Simon Horman +Signed-off-by: David S. Miller +(cherry-picked from commit d4a7ce642100765119a872d4aba1bf63e3a22c8a) +Signed-off-by: Fiona Ebner +--- + drivers/net/ethernet/intel/igc/igc_main.c | 40 ++++++++++++++++------- + 1 file changed, 28 insertions(+), 12 deletions(-) + +diff --git a/drivers/net/ethernet/intel/igc/igc_main.c b/drivers/net/ethernet/intel/igc/igc_main.c +index 8b554311518c..a3f89e1dca72 100644 +--- a/drivers/net/ethernet/intel/igc/igc_main.c ++++ b/drivers/net/ethernet/intel/igc/igc_main.c +@@ -310,6 +310,33 @@ static void igc_clean_all_tx_rings(struct igc_adapter *adapter) + igc_clean_tx_ring(adapter->tx_ring[i]); + } + ++static void igc_disable_tx_ring_hw(struct igc_ring *ring) ++{ ++ struct igc_hw *hw = &ring->q_vector->adapter->hw; ++ u8 idx = ring->reg_idx; ++ u32 txdctl; ++ ++ txdctl = rd32(IGC_TXDCTL(idx)); ++ txdctl &= ~IGC_TXDCTL_QUEUE_ENABLE; ++ txdctl |= IGC_TXDCTL_SWFLUSH; ++ wr32(IGC_TXDCTL(idx), txdctl); ++} ++ ++/** ++ * igc_disable_all_tx_rings_hw - Disable all transmit queue operation ++ * @adapter: board private structure ++ */ ++static void igc_disable_all_tx_rings_hw(struct igc_adapter *adapter) ++{ ++ int i; ++ ++ for (i = 0; i < adapter->num_tx_queues; i++) { ++ struct igc_ring *tx_ring = adapter->tx_ring[i]; ++ ++ igc_disable_tx_ring_hw(tx_ring); ++ } ++} ++ + /** + * igc_setup_tx_resources - allocate Tx resources (Descriptors) + * @tx_ring: tx descriptor ring (for a specific queue) to setup +@@ -4993,6 +5020,7 @@ void igc_down(struct igc_adapter *adapter) + /* clear VLAN promisc flag so VFTA will be updated if necessary */ + adapter->flags &= ~IGC_FLAG_VLAN_PROMISC; + ++ igc_disable_all_tx_rings_hw(adapter); + igc_clean_all_tx_rings(adapter); + igc_clean_all_rx_rings(adapter); + } +@@ -7094,18 +7122,6 @@ void igc_enable_rx_ring(struct igc_ring *ring) + igc_alloc_rx_buffers(ring, igc_desc_unused(ring)); + } + +-static void igc_disable_tx_ring_hw(struct igc_ring *ring) +-{ +- struct igc_hw *hw = &ring->q_vector->adapter->hw; +- u8 idx = ring->reg_idx; +- u32 txdctl; +- +- txdctl = rd32(IGC_TXDCTL(idx)); +- txdctl &= ~IGC_TXDCTL_QUEUE_ENABLE; +- txdctl |= IGC_TXDCTL_SWFLUSH; +- wr32(IGC_TXDCTL(idx), txdctl); +-} +- + void igc_disable_tx_ring(struct igc_ring *ring) + { + igc_disable_tx_ring_hw(ring); diff --git a/patches/kernel/0012-mm-suppress-mm-fault-logging-if-fatal-signal-already.patch b/patches/kernel/0012-mm-suppress-mm-fault-logging-if-fatal-signal-already.patch new file mode 100644 index 0000000..769811b --- /dev/null +++ b/patches/kernel/0012-mm-suppress-mm-fault-logging-if-fatal-signal-already.patch @@ -0,0 +1,67 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Tue, 25 Jul 2023 09:38:32 -0700 +Subject: [PATCH] mm: suppress mm fault logging if fatal signal already pending + +Commit eda0047296a1 ("mm: make the page fault mmap locking killable") +intentionally made it much easier to trigger the "page fault fails +because a fatal signal is pending" situation, by having the mmap locking +fail early in that case. + +We have long aborted page faults in other fatal cases when the actual IO +for a page is interrupted by SIGKILL - which is particularly useful for +the traditional case of NFS hanging due to network issues, but local +filesystems could cause it too if you happened to get the SIGKILL while +waiting for a page to be faulted in (eg lock_folio_maybe_drop_mmap()). + +So aborting the page fault wasn't a new condition - but it now triggers +earlier, before we even get to 'handle_mm_fault()'. And as a result the +error doesn't go through our 'fault_signal_pending()' logic, and doesn't +get filtered away there. + +Normally you'd never even notice, because if a fatal signal is pending, +the new SIGSEGV we send ends up being ignored anyway. + +But it turns out that there is one very noticeable exception: if you +enable 'show_unhandled_signals', the aborted page fault will be logged +in the kernel messages, and you'll get a scary line looking something +like this in your logs: + + pverados[2183248]: segfault at 55e5a00f9ae0 ip 000055e5a00f9ae0 sp 00007ffc0720bea8 error 14 in perl[55e5a00d4000+195000] likely on CPU 10 (core 4, socket 0) + +which is rather misleading. It's not really a segfault at all, it's +just "the thread was killed before the page fault completed, so we +aborted the page fault". + +Fix this by just making it clear that a pending fatal signal means that +any new signal coming in after that is implicitly handled. This will +avoid the misleading logging, since now the signal isn't 'unhandled' any +more. + +Reported-and-tested-by: Fiona Ebner +Tested-by: Thomas Lamprecht +Link: https://lore.kernel.org/lkml/8d063a26-43f5-0bb7-3203-c6a04dc159f8@proxmox.com/ +Acked-by: Oleg Nesterov +Fixes: eda0047296a1 ("mm: make the page fault mmap locking killable") +Signed-off-by: Linus Torvalds +(cherry-picked from commit 5f0bc0b042fc77ff70e14c790abdec960cde4ec1) +Signed-off-by: Fiona Ebner +--- + kernel/signal.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/kernel/signal.c b/kernel/signal.c +index ae26da61c4d9..060f834e9c1a 100644 +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -561,6 +561,10 @@ bool unhandled_signal(struct task_struct *tsk, int sig) + if (handler != SIG_IGN && handler != SIG_DFL) + return false; + ++ /* If dying, we handle all new signals by ignoring them */ ++ if (fatal_signal_pending(tsk)) ++ return false; ++ + /* if ptraced, let the tracer determine */ + return !tsk->ptrace; + } diff --git a/submodules/ubuntu-kernel b/submodules/ubuntu-kernel index 1e60c4f..0b17739 160000 --- a/submodules/ubuntu-kernel +++ b/submodules/ubuntu-kernel @@ -1 +1 @@ -Subproject commit 1e60c4f3601e8d00341d9a20756a742b90d68681 +Subproject commit 0b1773963f11c7e9ea4fa0d0ed55dd3581cfe635