[pve-devel] [PATCH kernel 2/4] drop patches applied upstream

Fabian Grünbichler f.gruenbichler at proxmox.com
Wed Feb 22 14:22:47 CET 2017


Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
 Makefile                                           |   3 -
 ...hrottle-on-IO-only-when-there-are-too-man.patch | 118 ----------
 0002-Revert-mm-oom-rework-oom-detection.patch      | 255 ---------------------
 ...x86-fix-emulation-of-MOV-SS-null-selector.patch | 107 ---------
 4 files changed, 483 deletions(-)
 delete mode 100644 0001-Revert-mm-throttle-on-IO-only-when-there-are-too-man.patch
 delete mode 100644 0002-Revert-mm-oom-rework-oom-detection.patch
 delete mode 100644 CVE-2017-2583-KVM-x86-fix-emulation-of-MOV-SS-null-selector.patch

diff --git a/Makefile b/Makefile
index 814ec49..cce044b 100644
--- a/Makefile
+++ b/Makefile
@@ -265,9 +265,6 @@ ${KERNEL_SRC}/README ${KERNEL_CFG_ORG}: ${KERNELSRCTAR}
 	# IPoIB performance regression fix
 	cd ${KERNEL_SRC}; patch -p1 < ../IB-ipoib-move-back-the-IB-LL-address-into-the-hard-header.patch
 	cd ${KERNEL_SRC}; patch -p1 < ../cgroup-cpuset-add-cpuset.remap_cpus.patch
-	cd ${KERNEL_SRC}; patch -p1 < ../0001-Revert-mm-throttle-on-IO-only-when-there-are-too-man.patch
-	cd ${KERNEL_SRC}; patch -p1 < ../0002-Revert-mm-oom-rework-oom-detection.patch
-	cd ${KERNEL_SRC}; patch -p1 < ../CVE-2017-2583-KVM-x86-fix-emulation-of-MOV-SS-null-selector.patch
 	cd ${KERNEL_SRC}; patch -p1 < ../CVE-2017-2596-kvm-page-reference-leakage-in-handle_vmon.patch
 	sed -i ${KERNEL_SRC}/Makefile -e 's/^EXTRAVERSION.*$$/EXTRAVERSION=${EXTRAVERSION}/'
 	touch $@
diff --git a/0001-Revert-mm-throttle-on-IO-only-when-there-are-too-man.patch b/0001-Revert-mm-throttle-on-IO-only-when-there-are-too-man.patch
deleted file mode 100644
index b4ff5a8..0000000
--- a/0001-Revert-mm-throttle-on-IO-only-when-there-are-too-man.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From 3168fc7faf603da9d523c9dffbec6fee5b1a8a04 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler at proxmox.com>
-Date: Wed, 4 Jan 2017 11:29:00 +0100
-Subject: [PATCH 1/2] Revert "mm: throttle on IO only when there are too many
- dirty and writeback pages"
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This reverts commit 57e9ef475661f46769cad6c0ed9a13f0cec1dbd8.
-
-Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
----
- mm/backing-dev.c | 20 +++++++++++++++++---
- mm/page_alloc.c  | 41 ++++-------------------------------------
- 2 files changed, 21 insertions(+), 40 deletions(-)
-
-diff --git a/mm/backing-dev.c b/mm/backing-dev.c
-index a1aef87..9ef80bf 100644
---- a/mm/backing-dev.c
-+++ b/mm/backing-dev.c
-@@ -976,8 +976,9 @@ EXPORT_SYMBOL(congestion_wait);
-  * jiffies for either a BDI to exit congestion of the given @sync queue
-  * or a write to complete.
-  *
-- * In the absence of zone congestion, cond_resched() is called to yield
-- * the processor if necessary but otherwise does not sleep.
-+ * In the absence of zone congestion, a short sleep or a cond_resched is
-+ * performed to yield the processor and to allow other subsystems to make
-+ * a forward progress.
-  *
-  * The return value is 0 if the sleep is for the full timeout. Otherwise,
-  * it is the number of jiffies that were still remaining when the function
-@@ -997,7 +998,20 @@ long wait_iff_congested(struct zone *zone, int sync, long timeout)
- 	 */
- 	if (atomic_read(&nr_wb_congested[sync]) == 0 ||
- 	    !test_bit(ZONE_CONGESTED, &zone->flags)) {
--		cond_resched();
-+
-+		/*
-+		 * Memory allocation/reclaim might be called from a WQ
-+		 * context and the current implementation of the WQ
-+		 * concurrency control doesn't recognize that a particular
-+		 * WQ is congested if the worker thread is looping without
-+		 * ever sleeping. Therefore we have to do a short sleep
-+		 * here rather than calling cond_resched().
-+		 */
-+		if (current->flags & PF_WQ_WORKER)
-+			schedule_timeout_uninterruptible(1);
-+		else
-+			cond_resched();
-+
- 		/* In case we scheduled, work out time remaining */
- 		ret = timeout - (jiffies - start);
- 		if (ret < 0)
-diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index aadbd7e..f13b503 100644
---- a/mm/page_alloc.c
-+++ b/mm/page_alloc.c
-@@ -3038,9 +3038,8 @@ should_reclaim_retry(gfp_t gfp_mask, unsigned order,
- 	for_each_zone_zonelist_nodemask(zone, z, ac->zonelist, ac->high_zoneidx,
- 					ac->nodemask) {
- 		unsigned long available;
--		unsigned long reclaimable;
- 
--		available = reclaimable = zone_reclaimable_pages(zone);
-+		available = zone_reclaimable_pages(zone);
- 		available -= DIV_ROUND_UP(no_progress_loops * available,
- 					  MAX_RECLAIM_RETRIES);
- 		available += zone_page_state_snapshot(zone, NR_FREE_PAGES);
-@@ -3050,41 +3049,9 @@ should_reclaim_retry(gfp_t gfp_mask, unsigned order,
- 		 * available?
- 		 */
- 		if (__zone_watermark_ok(zone, order, min_wmark_pages(zone),
--				ac->classzone_idx, alloc_flags, available)) {
--			/*
--			 * If we didn't make any progress and have a lot of
--			 * dirty + writeback pages then we should wait for
--			 * an IO to complete to slow down the reclaim and
--			 * prevent from pre mature OOM
--			 */
--			if (!did_some_progress) {
--				unsigned long writeback;
--				unsigned long dirty;
--
--				writeback = zone_page_state_snapshot(zone,
--								     NR_WRITEBACK);
--				dirty = zone_page_state_snapshot(zone, NR_FILE_DIRTY);
--
--				if (2*(writeback + dirty) > reclaimable) {
--					congestion_wait(BLK_RW_ASYNC, HZ/10);
--					return true;
--				}
--			}
--
--			/*
--			 * Memory allocation/reclaim might be called from a WQ
--			 * context and the current implementation of the WQ
--			 * concurrency control doesn't recognize that
--			 * a particular WQ is congested if the worker thread is
--			 * looping without ever sleeping. Therefore we have to
--			 * do a short sleep here rather than calling
--			 * cond_resched().
--			 */
--			if (current->flags & PF_WQ_WORKER)
--				schedule_timeout_uninterruptible(1);
--			else
--				cond_resched();
--
-+				ac->high_zoneidx, alloc_flags, available)) {
-+			/* Wait for some write requests to complete then retry */
-+			wait_iff_congested(zone, BLK_RW_ASYNC, HZ/50);
- 			return true;
- 		}
- 	}
--- 
-2.1.4
-
diff --git a/0002-Revert-mm-oom-rework-oom-detection.patch b/0002-Revert-mm-oom-rework-oom-detection.patch
deleted file mode 100644
index 5a1ec76..0000000
--- a/0002-Revert-mm-oom-rework-oom-detection.patch
+++ /dev/null
@@ -1,255 +0,0 @@
-From 6e2588df3dc3d1704eae939ed9c9425000f48069 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler at proxmox.com>
-Date: Wed, 4 Jan 2017 11:29:26 +0100
-Subject: [PATCH 2/2] Revert "mm, oom: rework oom detection"
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This reverts commit c630ec12d831521b0566481eb56d7257b051911e.
-
-Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
----
- include/linux/swap.h |   1 -
- mm/page_alloc.c      | 100 +++++----------------------------------------------
- mm/vmscan.c          |  25 ++++++++++---
- 3 files changed, 29 insertions(+), 97 deletions(-)
-
-diff --git a/include/linux/swap.h b/include/linux/swap.h
-index 1498c5a..d8ca2ea 100644
---- a/include/linux/swap.h
-+++ b/include/linux/swap.h
-@@ -318,7 +318,6 @@ extern void lru_cache_add_active_or_unevictable(struct page *page,
- 						struct vm_area_struct *vma);
- 
- /* linux/mm/vmscan.c */
--extern unsigned long zone_reclaimable_pages(struct zone *zone);
- extern unsigned long try_to_free_pages(struct zonelist *zonelist, int order,
- 					gfp_t gfp_mask, nodemask_t *mask);
- extern int __isolate_lru_page(struct page *page, isolate_mode_t mode);
-diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index f13b503..56319cf 100644
---- a/mm/page_alloc.c
-+++ b/mm/page_alloc.c
-@@ -2988,77 +2988,6 @@ static inline bool is_thp_gfp_mask(gfp_t gfp_mask)
- 	return (gfp_mask & (GFP_TRANSHUGE | __GFP_KSWAPD_RECLAIM)) == GFP_TRANSHUGE;
- }
- 
--/*
-- * Maximum number of reclaim retries without any progress before OOM killer
-- * is consider as the only way to move forward.
-- */
--#define MAX_RECLAIM_RETRIES 16
--
--/*
-- * Checks whether it makes sense to retry the reclaim to make a forward progress
-- * for the given allocation request.
-- * The reclaim feedback represented by did_some_progress (any progress during
-- * the last reclaim round), pages_reclaimed (cumulative number of reclaimed
-- * pages) and no_progress_loops (number of reclaim rounds without any progress
-- * in a row) is considered as well as the reclaimable pages on the applicable
-- * zone list (with a backoff mechanism which is a function of no_progress_loops).
-- *
-- * Returns true if a retry is viable or false to enter the oom path.
-- */
--static inline bool
--should_reclaim_retry(gfp_t gfp_mask, unsigned order,
--		     struct alloc_context *ac, int alloc_flags,
--		     bool did_some_progress, unsigned long pages_reclaimed,
--		     int no_progress_loops)
--{
--	struct zone *zone;
--	struct zoneref *z;
--
--	/*
--	 * Make sure we converge to OOM if we cannot make any progress
--	 * several times in the row.
--	 */
--	if (no_progress_loops > MAX_RECLAIM_RETRIES)
--		return false;
--
--	if (order > PAGE_ALLOC_COSTLY_ORDER) {
--		if (pages_reclaimed >= (1<<order))
--			return false;
--
--		if (did_some_progress)
--			return true;
--	}
--
--	/*
--	 * Keep reclaiming pages while there is a chance this will lead somewhere.
--	 * If none of the target zones can satisfy our allocation request even
--	 * if all reclaimable pages are considered then we are screwed and have
--	 * to go OOM.
--	 */
--	for_each_zone_zonelist_nodemask(zone, z, ac->zonelist, ac->high_zoneidx,
--					ac->nodemask) {
--		unsigned long available;
--
--		available = zone_reclaimable_pages(zone);
--		available -= DIV_ROUND_UP(no_progress_loops * available,
--					  MAX_RECLAIM_RETRIES);
--		available += zone_page_state_snapshot(zone, NR_FREE_PAGES);
--
--		/*
--		 * Would the allocation succeed if we reclaimed the whole
--		 * available?
--		 */
--		if (__zone_watermark_ok(zone, order, min_wmark_pages(zone),
--				ac->high_zoneidx, alloc_flags, available)) {
--			/* Wait for some write requests to complete then retry */
--			wait_iff_congested(zone, BLK_RW_ASYNC, HZ/50);
--			return true;
--		}
--	}
--
--	return false;
--}
--
- static inline struct page *
- __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order,
- 						struct alloc_context *ac)
-@@ -3071,7 +3000,6 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order,
- 	enum migrate_mode migration_mode = MIGRATE_ASYNC;
- 	bool deferred_compaction = false;
- 	int contended_compaction = COMPACT_CONTENDED_NONE;
--	int no_progress_loops = 0;
- 
- 	/*
- 	 * In the slowpath, we sanity check order to avoid ever trying to
-@@ -3223,24 +3151,14 @@ retry:
- 	if (gfp_mask & __GFP_NORETRY)
- 		goto noretry;
- 
--	/*
--	 * Do not retry costly high order allocations unless they are
--	 * __GFP_REPEAT
--	 */
--	if (order > PAGE_ALLOC_COSTLY_ORDER && !(gfp_mask & __GFP_REPEAT))
--		goto noretry;
--
--	if (did_some_progress) {
--		no_progress_loops = 0;
--		pages_reclaimed += did_some_progress;
--	} else {
--		no_progress_loops++;
--	}
--
--	if (should_reclaim_retry(gfp_mask, order, ac, alloc_flags,
--				 did_some_progress > 0, pages_reclaimed,
--				 no_progress_loops))
-+	/* Keep reclaiming pages as long as there is reasonable progress */
-+	pages_reclaimed += did_some_progress;
-+	if ((did_some_progress && order <= PAGE_ALLOC_COSTLY_ORDER) ||
-+	    ((gfp_mask & __GFP_REPEAT) && pages_reclaimed < (1 << order))) {
-+		/* Wait for some write requests to complete then retry */
-+		wait_iff_congested(ac->preferred_zone, BLK_RW_ASYNC, HZ/50);
- 		goto retry;
-+	}
- 
- 	/* Reclaim has failed us, start killing things */
- 	page = __alloc_pages_may_oom(gfp_mask, order, ac, &did_some_progress);
-@@ -3248,10 +3166,8 @@ retry:
- 		goto got_pg;
- 
- 	/* Retry as long as the OOM killer is making progress */
--	if (did_some_progress) {
--		no_progress_loops = 0;
-+	if (did_some_progress)
- 		goto retry;
--	}
- 
- noretry:
- 	/*
-diff --git a/mm/vmscan.c b/mm/vmscan.c
-index 56f902d..3597160 100644
---- a/mm/vmscan.c
-+++ b/mm/vmscan.c
-@@ -192,7 +192,7 @@ static bool sane_reclaim(struct scan_control *sc)
- }
- #endif
- 
--unsigned long zone_reclaimable_pages(struct zone *zone)
-+static unsigned long zone_reclaimable_pages(struct zone *zone)
- {
- 	unsigned long nr;
- 
-@@ -2492,8 +2492,10 @@ static inline bool compaction_ready(struct zone *zone, int order)
-  *
-  * If a zone is deemed to be full of pinned pages then just give it a light
-  * scan then give up on it.
-+ *
-+ * Returns true if a zone was reclaimable.
-  */
--static void shrink_zones(struct zonelist *zonelist, struct scan_control *sc)
-+static bool shrink_zones(struct zonelist *zonelist, struct scan_control *sc)
- {
- 	struct zoneref *z;
- 	struct zone *zone;
-@@ -2501,6 +2503,7 @@ static void shrink_zones(struct zonelist *zonelist, struct scan_control *sc)
- 	unsigned long nr_soft_scanned;
- 	gfp_t orig_mask;
- 	enum zone_type requested_highidx = gfp_zone(sc->gfp_mask);
-+	bool reclaimable = false;
- 
- 	/*
- 	 * If the number of buffer_heads in the machine exceeds the maximum
-@@ -2565,10 +2568,17 @@ static void shrink_zones(struct zonelist *zonelist, struct scan_control *sc)
- 						&nr_soft_scanned);
- 			sc->nr_reclaimed += nr_soft_reclaimed;
- 			sc->nr_scanned += nr_soft_scanned;
-+			if (nr_soft_reclaimed)
-+				reclaimable = true;
- 			/* need some check for avoid more shrink_zone() */
- 		}
- 
--		shrink_zone(zone, sc, zone_idx(zone) == classzone_idx);
-+		if (shrink_zone(zone, sc, zone_idx(zone) == classzone_idx))
-+			reclaimable = true;
-+
-+		if (global_reclaim(sc) &&
-+		    !reclaimable && zone_reclaimable(zone))
-+			reclaimable = true;
- 	}
- 
- 	/*
-@@ -2576,6 +2586,8 @@ static void shrink_zones(struct zonelist *zonelist, struct scan_control *sc)
- 	 * promoted it to __GFP_HIGHMEM.
- 	 */
- 	sc->gfp_mask = orig_mask;
-+
-+	return reclaimable;
- }
- 
- /*
-@@ -2600,6 +2612,7 @@ static unsigned long do_try_to_free_pages(struct zonelist *zonelist,
- 	int initial_priority = sc->priority;
- 	unsigned long total_scanned = 0;
- 	unsigned long writeback_threshold;
-+	bool zones_reclaimable;
- retry:
- 	delayacct_freepages_start();
- 
-@@ -2610,7 +2623,7 @@ retry:
- 		vmpressure_prio(sc->gfp_mask, sc->target_mem_cgroup,
- 				sc->priority);
- 		sc->nr_scanned = 0;
--		shrink_zones(zonelist, sc);
-+		zones_reclaimable = shrink_zones(zonelist, sc);
- 
- 		total_scanned += sc->nr_scanned;
- 		if (sc->nr_reclaimed >= sc->nr_to_reclaim)
-@@ -2657,6 +2670,10 @@ retry:
- 		goto retry;
- 	}
- 
-+	/* Any of the zones still reclaimable?  Don't OOM. */
-+	if (zones_reclaimable)
-+		return 1;
-+
- 	return 0;
- }
- 
--- 
-2.1.4
-
diff --git a/CVE-2017-2583-KVM-x86-fix-emulation-of-MOV-SS-null-selector.patch b/CVE-2017-2583-KVM-x86-fix-emulation-of-MOV-SS-null-selector.patch
deleted file mode 100644
index 3a984ed..0000000
--- a/CVE-2017-2583-KVM-x86-fix-emulation-of-MOV-SS-null-selector.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From 33ab91103b3415e12457e3104f0e4517ce12d0f3 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini at redhat.com>
-Date: Thu, 12 Jan 2017 15:02:32 +0100
-Subject: KVM: x86: fix emulation of "MOV SS, null selector"
-
-This is CVE-2017-2583.  On Intel this causes a failed vmentry because
-SS's type is neither 3 nor 7 (even though the manual says this check is
-only done for usable SS, and the dmesg splat says that SS is unusable!).
-On AMD it's worse: svm.c is confused and sets CPL to 0 in the vmcb.
-
-The fix fabricates a data segment descriptor when SS is set to a null
-selector, so that CPL and SS.DPL are set correctly in the VMCS/vmcb.
-Furthermore, only allow setting SS to a NULL selector if SS.RPL < 3;
-this in turn ensures CPL < 3 because RPL must be equal to CPL.
-
-Thanks to Andy Lutomirski and Willy Tarreau for help in analyzing
-the bug and deciphering the manuals.
-
-Reported-by: Xiaohan Zhang <zhangxiaohan1 at huawei.com>
-Fixes: 79d5b4c3cd809c770d4bf9812635647016c56011
-Cc: stable at nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
----
- arch/x86/kvm/emulate.c | 48 ++++++++++++++++++++++++++++++++++++++----------
- 1 file changed, 38 insertions(+), 10 deletions(-)
-
-diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index f36d0fa..cedbba0 100644
---- a/arch/x86/kvm/emulate.c
-+++ b/arch/x86/kvm/emulate.c
-@@ -1585,7 +1585,6 @@ static int write_segment_descriptor(struct x86_emulate_ctxt *ctxt,
- 				    &ctxt->exception);
- }
- 
--/* Does not support long mode */
- static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
- 				     u16 selector, int seg, u8 cpl,
- 				     enum x86_transfer_type transfer,
-@@ -1622,20 +1621,34 @@ static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
- 
- 	rpl = selector & 3;
- 
--	/* NULL selector is not valid for TR, CS and SS (except for long mode) */
--	if ((seg == VCPU_SREG_CS
--	     || (seg == VCPU_SREG_SS
--		 && (ctxt->mode != X86EMUL_MODE_PROT64 || rpl != cpl))
--	     || seg == VCPU_SREG_TR)
--	    && null_selector)
--		goto exception;
--
- 	/* TR should be in GDT only */
- 	if (seg == VCPU_SREG_TR && (selector & (1 << 2)))
- 		goto exception;
- 
--	if (null_selector) /* for NULL selector skip all following checks */
-+	/* NULL selector is not valid for TR, CS and (except for long mode) SS */
-+	if (null_selector) {
-+		if (seg == VCPU_SREG_CS || seg == VCPU_SREG_TR)
-+			goto exception;
-+
-+		if (seg == VCPU_SREG_SS) {
-+			if (ctxt->mode != X86EMUL_MODE_PROT64 || rpl != cpl)
-+				goto exception;
-+
-+			/*
-+			 * ctxt->ops->set_segment expects the CPL to be in
-+			 * SS.DPL, so fake an expand-up 32-bit data segment.
-+			 */
-+			seg_desc.type = 3;
-+			seg_desc.p = 1;
-+			seg_desc.s = 1;
-+			seg_desc.dpl = cpl;
-+			seg_desc.d = 1;
-+			seg_desc.g = 1;
-+		}
-+
-+		/* Skip all following checks */
- 		goto load;
-+	}
- 
- 	ret = read_segment_descriptor(ctxt, selector, &seg_desc, &desc_addr);
- 	if (ret != X86EMUL_CONTINUE)
-@@ -1751,6 +1764,21 @@ static int load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
- 				   u16 selector, int seg)
- {
- 	u8 cpl = ctxt->ops->cpl(ctxt);
-+
-+	/*
-+	 * None of MOV, POP and LSS can load a NULL selector in CPL=3, but
-+	 * they can load it at CPL<3 (Intel's manual says only LSS can,
-+	 * but it's wrong).
-+	 *
-+	 * However, the Intel manual says that putting IST=1/DPL=3 in
-+	 * an interrupt gate will result in SS=3 (the AMD manual instead
-+	 * says it doesn't), so allow SS=3 in __load_segment_descriptor
-+	 * and only forbid it here.
-+	 */
-+	if (seg == VCPU_SREG_SS && selector == 3 &&
-+	    ctxt->mode == X86EMUL_MODE_PROT64)
-+		return emulate_exception(ctxt, GP_VECTOR, 0, true);
-+
- 	return __load_segment_descriptor(ctxt, selector, seg, cpl,
- 					 X86_TRANSFER_NONE, NULL);
- }
--- 
-cgit v0.12
-
-- 
2.1.4





More information about the pve-devel mailing list