* Moved subdirectories from kernel/ into a new repo
* Removed references to kernel from this repo's file lists
Change-Id: I386418f51169dd9b8c977bae328060077ac44b93
Depends on: I4b171accd8b489c92f6d2c69cb7aa5c63e75f336
Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
Problem:
Broken bios creates inaccurate DMAR tables,
reporting some bridges as having endpoint types.
This causes IOMMU initialization to bail
out early with an error code, the result of
which is vfio not working correctly.
This is seen on some Skylake based Wolfpass
server platforms with up-to-date bios installed.
Solution:
Instead of just bailing out of IOMMU
initialization when such a condition is found,
we report it and continue. The IOMMU ends
up successfully initialized anyway. We do this
only on platforms that have the Skylake bridges
where this issue has been seen.
This change is inspired by a similar one posted by
Lu Baolu of Intel Corp to lkml
https://lkml.org/lkml/2019/12/24/15
Change-Id: Ief2df7099b6118eab7f99d5531616926a7a3eb27
Closes-Bug: 1847335
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
History:
Back in the day, we didn't have an initramfs
to allow us to load disk drivers as modules. All
disk drivers had to be built-in. In CentOS 7.3,
the mpt2sas and mpt3sas driver code was reorganized
to allow for a common code base. But along with that,
those drivers would only now build as modules. We
created a patch which involved taking a snapshot of
mpt driver code, and massaged it all into building
as built-in drivers.
Problem:
That old code snapshot along with the fact
that those two drivers initialize without their
associated hardware being present (they are built-in),
seems to cause interference with some other LSI raid
controllers, namely Harpoon in AVAGO MR9460-8i via a
Huawei enclosure.
Solution:
Simply revert to building those two mptsas drivers as
modules, the way CentOS intended. They will reside
on initramfs and be loaded automatically if the
appropriate hardware is present. With these drivers now
out of the way, the problematic raid controller works
fine, driven by the megaraid_sas driver.
Change-Id: I054c2396df4e659c324e70bffcf3940ad93c9354
Closes-Bug: 1866293
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
We do not build the regmap_mmio module portion of it
as that functionality is already in the kernel.
Change-Id: Ia5c33ae9f72d3a7cdf7b771f353551ae664ccc76
Story: 2006740
Task: 38837
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Advised by Intel to move to this version for
proper supported N3000 fpga behavior.
Change-Id: Ice87cdcdec80c2533a5d01fd5fcac54ee91f6723
Story: 2006740
Task: 38760
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
The newer versions of the opae fpga driver requires
it. As it is a hidden config option, we get it
enabled indirectly by setting MFD_SYSCON.
Change-Id: I9d97ab642ffffc2dff43ff1c1a591b0a52ad9c41
Story: 2006740
Task: 38742
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Problem: The out-of-tree Mellanox driver detects the presence
of page pool support in the new kernel, and thus wants to use it.
However, page pools are not configured to be on in the new kernel
by default (CONFIG_PAGE_POOL), and not only that, the config
option is hidden ie. it is not user selectable. The built-in
Mellanox driver selects it, but we don't use the built-in driver.
The out-of-tree driver does compile but not all pieces of it
will load properly, specifically the mlx5 pieces which rely on
page pool functionality being enabled in the kernel.
Solution: Simply disable kernel page pool use in the
out-of-tree Mellanox driver, making it work the same way as
it did with the older kernel.
Change-Id: If7e7155867d539352fcd0ea3acd5a17dd9d9579f
Closes-Bug: 1860347
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
This upgrade fixes the CVEs listed below. We refresh the patches
against the new kernel source.
The patch 15 is now included in new version, so I drop it
in the new patch.
CVE bug: CVE-2019-11810:kernel: a NULL pointer dereference in
drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS
CVE bug: CVE-2019-11811: kernel: use-after-free in IPMI Edit
CVE bug: CVE-2019-14835: kernel: vhost-net: guest to host kernel
escape during migration
Closes-Bug: 1849206
Closes-Bug: 1849209
Closes-Bug: 1847817
Change-Id: I217cf8684e31dacea627c33462e5e4b6e089c38f
Depends-On: https://review.opendev.org/#/c/695355/
Signed-off-by: Robin Lu <bin1.lu@intel.com>
This upgrade fixes the CVEs listed below. We refresh the patches
against the new rt-kernel source.
rcu-Don-t-wake-rcuc-X-kthreads-on-NOCB-CPUs.patch is deleted
because upstream has fixed this bug, and it is no longer needed.
CVE bug: CVE-2019-11810:kernel: a NULL pointer dereference in
drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS
CVE bug: CVE-2019-11811: kernel: use-after-free in IPMI Edit
CVE bug: CVE-2019-14835: kernel: vhost-net: guest to host kernel
escape during migration
Closes-Bug: 1849206
Closes-Bug: 1849209
Closes-Bug: 1847817
Change-Id: Iaf5eae5d64b621f44f8faad51d22f9439431911f
Depends-On: https://review.opendev.org/#/c/695355/
Signed-off-by: Robin Lu <bin1.lu@intel.com>
Uprev i40e to version 2.10.19.30
i40evf gets replaced by iavf version 3.7.61.20
The iavf driver supports both fortville and columbiaville,
so they decided to rename from i40evf to something more generic.
We get to drop the patch which polls for coming out of
reset as it was incorporated upstream.
The Intel FPGA Programmable Acceleration Card N3000 contains
dual Intel XL710 NICs and an FPGA for acceleration purposes.
This driver upgrade is required to support those NICs.
Change-Id: Ifbec94bcc00a8cce9fe97bf0eb41556b8bd3e592
Story: 2006740
Task: 37542
Depends-On: https://review.opendev.org/#/c/695061
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Includes a spec file for building and changes to get the
kernel modules into the load.
Change-Id: I6e075e19b1e4deefd7f5bcb11fec34c383b313b8
Story: 2006495
Task: 36607
Depends-On: https://review.opendev.org/#/c/682058/
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
These leaks were observed in the RT kernel but the fixes
are not RT specific. We deemed it prudent to also
include the fixes in the std kernel as well.
See the specific patches for details.
Change-Id: I00e6d06a82e289806e5d51008ea1597735b2ad0f
Closes-Bug: 1836638
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Security Fix(es):
(CVE-2019-11477)-
An integer overflow flaw was found in the way
the Linux kernel's networking subsystem processed
TCP Selective Acknowledgment (SACK) segments.
While processing SACK segments,
the Linux kernel's socket buffer (SKB) data structure
becomes fragmented. Each fragment is about TCP
maximum segment size (MSS) bytes.
To efficiently process SACK blocks, the Linux kernel merges
multiple fragmented SKBs into one, potentially overflowing
the variable holding the number of segments.
A remote attacker could use this flaw to crash the Linux kernel
by sending a crafted sequence of SACK segments on a TCP
connection with small value of TCP MSS,
resulting in a denial of service (DoS).
(CVE-2019-11478)-
Kernel: tcp: excessive resource consumption while processing SACK
blocks allows remote denial of service.
(CVE-2019-11479)-
Kernel: tcp: excessive resource consumption for TCP connections with low MSS
allows remote denial of service.
Details:
https://access.redhat.com/errata/RHSA-2019:1481https://access.redhat.com/errata/RHSA-2019:1486https://nvd.nist.gov/vuln/detail/
Closes-Bug: 1836685
Depends-On: https://review.opendev.org/670856
Change-Id: I150bdf60cec23058e656c60a3fdd677a14259795
Signed-off-by: zhao.shuai <zhaos@neusoft.com>
Security Fix(es):
(CVE-2019-11477)-
An integer overflow flaw was found in the way
the Linux kernel's networking subsystem processed
TCP Selective Acknowledgment (SACK) segments.
While processing SACK segments,
the Linux kernel's socket buffer (SKB) data structure
becomes fragmented. Each fragment is about TCP
maximum segment size (MSS) bytes.
To efficiently process SACK blocks, the Linux kernel merges
multiple fragmented SKBs into one, potentially overflowing
the variable holding the number of segments.
A remote attacker could use this flaw to crash the Linux kernel
by sending a crafted sequence of SACK segments on a TCP
connection with small value of TCP MSS,
resulting in a denial of service (DoS).
(CVE-2019-11478)-
Kernel: tcp: excessive resource consumption while processing SACK blocks
allows remote denial of service.
(CVE-2019-11479)-
Kernel: tcp: excessive resource consumption for TCP connections with low MSS
allows remote denial of service.
Details:
https://access.redhat.com/errata/RHSA-2019:1481https://access.redhat.com/errata/RHSA-2019:1486https://nvd.nist.gov/vuln/detail/
Closes-Bug: 1836685
Depends-On: https://review.opendev.org/670856
Change-Id: I24cd556b9aafd2aa3234ab2f0b7dd6b23185ffd2
Signed-off-by: zhao.shuai <zhaos@neusoft.com>
back port upstream patch
ebe06187bf
the epi is removed from list by list_del_rcu(&epi->fllink);
under list_for_each_entry_rcu() without rcu_read_lock.
if the rcu grace-period thread free epi before next list_for_each loop,
the content of epi will be corrupted.
Change-Id: I75dbf8ada5ca4734761efe260ca6d6f85886b180
Closes-Bug: 1837430
Suggested-by: daniel.badea@windriver.com
Signed-off-by: Bin Yang <bin.yang@intel.com>
Low-latency profile of StarlingX is affected by a deadlock in
CFS scheduler. spin_lock is used in IRQ handler there instead of
spin_lock_irqsave. This leads to an attempt to lock the same
spinlock twice and inevitable system freeze. Backporting c0ad4aa4d8
commit from upstream kernel to cure the issue.
Change-Id: I5416c0e0886f42d2bcec8e3e5da063e6af6916f8
Closes-bug: 1832854
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
The kernel memory accounting in the RHEL kernel is broken and
results in a slab memory leak when it is enabled. See the
following bug for details:
https://bugzilla.redhat.com/show_bug.cgi?id=1507149
Unfortunately, this option is enabled by default, so it must be
disabled. Even worse, the kernel won't compile with the option
disabled, so a fix for the compile error is also included.
Change-Id: I627106ae25f86204c1954c1c21171bbef348afaf
Closes-Bug: 1835534
Signed-off-by: Bart Wensley <barton.wensley@windriver.com>
New set of CVEs was reported against Intel CPUs: CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091.
For these CVEs there are RH and CentOS updates available.
CVE-2018-12126:
Microarchitectural Store Buffer Data Sampling (MSBDS):
Store buffers on some microprocessors utilizing speculative
execution may allow an authenticated user to potentially
enable information disclosure via a side channel with local access.
A list of impacted products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-12127:
Microarchitectural Load Port Data Sampling (MLPDS):
Load ports on some microprocessors utilizing speculative execution
may allow an authenticated user to potentially enable information
disclosure via a side channel with local access. A list of impacted
products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-12130:
Microarchitectural Fill Buffer Data Sampling (MFBDS):
Fill buffers on some microprocessors utilizing speculative execution
may allow an authenticated user to potentially enable information
disclosure via a side channel with local access. A list of impacted
products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2019-11091:
Microarchitectural Data Sampling Uncacheable Memory(MDSUM):
Uncacheable memory on some microprocessors utilizing speculative
execution may allow an authenticated user to potentially enable
information disclosure via a side channel with local access.
A list of impacted products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf
These are from the http://cve.mitre.org website.
These are the MDS security CVEs.
The patch is modified as follows:
1.Delete the 929-931 line of the arch/x86/kernel/cpu/cacheinfo.c file,
because starlingx's Porting-Cacheinfo-from-Kernel-4.10.17.patch
removes the ici_cpuid4_info structure.
2.The build-logic-and-sources-for-TiC.patch version number
has been modified.
3.In addition to the modifications in the files in 1 and 2,
other patches only modify the line number.
Closes-Bug: 1830487
Depends-On: https://review.opendev.org/663071
Change-Id: I4cad783311ed4a6c60b4f69bdad75d773d0cd23d
Signed-off-by: zhiguo.zhang <zhiguox.zhang@intel.com>
New set of CVEs was reported against Intel CPUs: CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091.
For these CVEs there are RH and CentOS updates available.
CVE-2018-12126:
Microarchitectural Store Buffer Data Sampling (MSBDS):
Store buffers on some microprocessors utilizing speculative
execution may allow an authenticated user to potentially
enable information disclosure via a side channel with local access.
A list of impacted products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-12127:
Microarchitectural Load Port Data Sampling (MLPDS):
Load ports on some microprocessors utilizing speculative execution
may allow an authenticated user to potentially enable information
disclosure via a side channel with local access. A list of impacted
products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-12130:
Microarchitectural Fill Buffer Data Sampling (MFBDS):
Fill buffers on some microprocessors utilizing speculative execution
may allow an authenticated user to potentially enable information
disclosure via a side channel with local access. A list of impacted
products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2019-11091:
Microarchitectural Data Sampling Uncacheable Memory(MDSUM):
Uncacheable memory on some microprocessors utilizing speculative
execution may allow an authenticated user to potentially enable
information disclosure via a side channel with local access.
A list of impacted products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf
These are from the http://cve.mitre.org website.
These are the MDS security CVEs.
The patch is modified as follows:
1.Delete the 929-931 line of the arch/x86/kernel/cpu/cacheinfo.c
file,
because starlingx's Porting-Cacheinfo-from-Kernel-4.10.17.patch
removes the ici_cpuid4_info structure.
2.Except for the modification of the file in 1, the other patches
only modify the line number.
Closes-Bug: 1830487
Depends-On: https://review.opendev.org/663071
Change-Id: I16ac63df21eeb85b4fc3ab19d539986e77c8c0d3
Signed-off-by: zhiguo.zhang <zhiguox.zhang@intel.com>
This commit upgrades the ixgbe and ixgbevf drivers to the
latest versions.
ixgbe is upversioned to 5.5.5 from 5.5.3
ixgbevf is upversioned to 4.5.3 from 4.5.1
For ixgbe, Intel has noted that RHEL 7.6 support is introduced
in version 5.5.5, whereas only RHEL 7.5 support is present in version
5.5.3. The 5.5.5 version will also pick up a bug fix needed
for SR-IOV operations.
For ixgbevf, Intel has verified RHEL 7.6 support in version 4.5.3,
while they have verified only RHEL 7.5 in version 4.5.1.
Depends-On: https://review.opendev.org/#/c/664280
Change-Id: Ic7e0089a7b218094f3367cdce17ec950359cedae
Closes-Bug: #1830636
Signed-off-by: Steven Webster <steven.webster@windriver.com>
1. Update qat driver version from QAT1.7.Upstream.L.1.0.3-42
to QAT1.7.L.4.5.0-00034;
2. StarlingX need the specific qat_service, which is in qat17/files/qat_service
3. qat_service patch file "0001-Install-config-file-for-each-VF_new.patch"
is not neeeded.
4. Delete qat_service patching process in qat17.spec
Story: 2004901
Task: 29235
Depends-On: https://review.opendev.org/#/c/654830
Change-Id: Id675512a522d88c9a0378e367a87f81d1bde2703
Signed-off-by: Long.Li <longx.li@intel.com>
integrity tarball in my local mirror is wrong, cause the patch is
not correct. Correct the patch with the right tarball.
Story: 2004521
Task: 29194
Change-Id: Iee0e7afa12b8583d1bb3d620a5f7626a28f57fed
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
Porting upstream patch to fix the build failure with CentOS 7.6 kernel
If we choose to upgrade tpm driver to include this patch, there will
be other build failure due to some structure missing in 957 kernel.
So I decide to back port upstream patch instead of upgrade tpm driver.
Depends-On: https://review.openstack.org/625785
Depends-On: https://review.openstack.org/625786
Story: 2004521
Task: 28534
Change-Id: I00d88f4d27ac47107825a17b3bf6d8c74194a7ff
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
Porting upstream patch to fix the build failure with the new kernel
Depends-On: https://review.openstack.org/625785
Depends-On: https://review.openstack.org/625786
Story: 2004521
Task: 28584
Change-Id: I261d2d9534d90064d250ffabc11221caadcc2a04
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
The compile issue is fixed with new version, so delete the patch.
Depends-On: https://review.openstack.org/627744
Depends-On: https://review.openstack.org/625785
Story: 2004521
Task: 28671
Change-Id: Ib4851888be98351ffa6a0d847e7871c30a75ad48
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
It is for CentOS 7.6 support
Depends-On: https://review.openstack.org/627739
Story: 2004521
Task: 28532
Change-Id: I6a008dfa28a51316f2e2138213fb9b803f357ce8
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
timer-Reduce-timer-migration-overhead-if-disabled.patch
timer-Minimize-nohz-off-overhead.patch
two patches already included in upgraded kernel
remove description in meta patch.
fix compile error in drbd_req.c for improper usage of
request queue API; fix warning in kernel/bpf/core.c
for implicit declaration trace call for CFLAG
-Werror-implicit-function-declaration.
remove patch change is_swiotlb_buffer in lib/swiotlb.c
As change already in new kernel code.
explicitly disable three config, CONFIG_TORTURE_TEST=n,
CONFIG_RCU_TORTURE_TEST=n, CONFIG_LOCK_TORTURE_TEST=n.
As torture.c, locktorture.c, rcutorture.c are introduced
by new kernel release, which request CONFIG_PERCPU_RWSEM
be enabled. But config file generated by merge
kernel-3.10.0-x86_64-rt.config in source rpm and
kernel-3.10.0-x86_64-rt.config.tis_extra in meta_patch,
disable CONFIG_PERCPU_RWSEM, which makes build error
with "undefined symbol". These three file are built to
generate one module for one upper layer torture test
tool, so explicitly disable these config.
Depends-On: https://review.openstack.org/625773/
Story: 2004521
Task: 28352
Change-Id: I0f7e7db51aa38e98eae1219196a926ed8fc1b152
Signed-off-by: Martin, Chen <haochuan.z.chen@intel.com>
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
fix compile error in drbd_req.c for improper usage of
request queue API; fix warning in kernel/bpf/core.c
for implicit declaration trace call for CFLAG
-Werror-implicit-function-declaration
remove patch change is_swiotlb_buffer in lib/swiotlb.c
As change already in new kernel code base
Story: 2004521
Task: 28260
Depends-On: https://review.openstack.org/625773/
Change-Id: I4a3af98b6efe6d31e66db39302f3af8c4ff19d2c
Signed-off-by: Martin, Chen <haochuan.z.chen@intel.com>
"compat-Statically-initialize-families.patch" is already contained in
the new version, so delete it.
Reset TIS_PATCH_VER to 0 since version is upgraded.
Depends-On: https://review.openstack.org/605292
Story: 2003597
Task: 26588
Change-Id: I628f5b0497df188ea9fa7b7860b56de78382c510
Signed-off-by: slin14 <shuicheng.lin@intel.com>
the standard kernel includes a public ima certificate
that does not match the development signing key
This modification simply updates the certificate
with the proper version
Closes-Bug: #1797204
Change-Id: Ic085ad0c1c4527e31efa96906475f79701d8fb79
Signed-off-by: Paul-Emile Element <Paul-Emile.Element@windriver.com>
Story: 2003596
Task: 24917
Depends-On: https://review.openstack.org/601202
since related rpm is also upgraded, no longer need to downgrade the linux-firmware and compiler dependencies
Change-Id: I9e535f95d18f3db8b4b9c4375504e82c4597d697
Signed-off-by: slin14 <shuicheng.lin@intel.com>
Story: 2003596
Task: 26354
Depends-On: https://review.openstack.org/601202
no longer need to downgrade the linux-firmware and compiler dependencies
Change-Id: I23ae86b523ef0d8a25c0a1fed141393efad02b69
Signed-off-by: slin14 <shuicheng.lin@intel.com>
Problem:
The kernel is sporadically reporting build failures due to
'no space on device' when compiled in a 10 GB tmpfs.
Solution:
Two parts:
1) Increase required size to 11 GB in the build_srpm.data.
2) Modify build system to allow alocation of a 11 GB tmpfs.
Change-Id: I48aeff586f71ee5000a99354e33d199a38afec9e
Story: 2002835
Task: 24519
Signed-off-by: Scott Little <scott.little@windriver.com>
The IEEE 1588 standard defines a method to precisely
synchronize distributed clocks over Ethernet networks. The
standard defines a Precision Time Protocol (PTP), which can
be used to achieve synchronization within a few dozen
microseconds. In addition, with the help of special hardware
time stamping units, it can be possible to achieve
synchronization to within a few hundred nanoseconds.
Story: 2002935
Task: 22922
Change-Id: Ibb4e9b8f61198c88d3aaec02f441574b580afdd7
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
Davlet Panech