Merge remote-tracking branch 'origin/f29' into f29-user-thl-vanilla-fedora

4 files changed, 3 insertions, 307 deletions

diff --git a/0001-Revert-drm-i915-fbdev-Actually-configure-untiled-dis.patch b/0001-Revert-drm-i915-fbdev-Actually-configure-untiled-dis.patch
deleted file mode 100644
index b6fa0783c..000000000
--- a/0001-Revert-drm-i915-fbdev-Actually-configure-untiled-dis.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From e90ac616e4b1d49ec9092086b0e10108df12157d Mon Sep 17 00:00:00 2001
-From: Fedora Kernel Team <kernel-team@fedoraproject.org>
-Date: Tue, 5 Mar 2019 12:56:35 -0600
-Subject: [PATCH] Revert drm/i915/fbdev: Actually configure untiled displays
-
----
- drivers/gpu/drm/i915/intel_fbdev.c | 12 +++++-------
- 1 file changed, 5 insertions(+), 7 deletions(-)
-
-diff --git a/drivers/gpu/drm/i915/intel_fbdev.c b/drivers/gpu/drm/i915/intel_fbdev.c
-index e0c02a9..9e2e998 100644
---- a/drivers/gpu/drm/i915/intel_fbdev.c
-+++ b/drivers/gpu/drm/i915/intel_fbdev.c
-@@ -336,8 +336,8 @@ static bool intel_fb_initial_config(struct drm_fb_helper *fb_helper,
- 				    bool *enabled, int width, int height)
- {
- 	struct drm_i915_private *dev_priv = to_i915(fb_helper->dev);
-+	unsigned long conn_configured, conn_seq, mask;
- 	unsigned int count = min(fb_helper->connector_count, BITS_PER_LONG);
--	unsigned long conn_configured, conn_seq;
- 	int i, j;
- 	bool *save_enabled;
- 	bool fallback = true, ret = true;
-@@ -355,9 +355,10 @@ static bool intel_fb_initial_config(struct drm_fb_helper *fb_helper,
- 		drm_modeset_backoff(&ctx);
-
- 	memcpy(save_enabled, enabled, count);
--	conn_seq = GENMASK(count - 1, 0);
-+	mask = GENMASK(count - 1, 0);
- 	conn_configured = 0;
- retry:
-+	conn_seq = conn_configured;
- 	for (i = 0; i < count; i++) {
- 		struct drm_fb_helper_connector *fb_conn;
- 		struct drm_connector *connector;
-@@ -370,8 +371,7 @@ static bool intel_fb_initial_config(struct drm_fb_helper *fb_helper,
- 		if (conn_configured & BIT(i))
- 			continue;
-
--		/* First pass, only consider tiled connectors */
--		if (conn_seq == GENMASK(count - 1, 0) && !connector->has_tile)
-+		if (conn_seq == 0 && !connector->has_tile)
- 			continue;
-
- 		if (connector->status == connector_status_connected)
-@@ -475,10 +475,8 @@ static bool intel_fb_initial_config(struct drm_fb_helper *fb_helper,
- 		conn_configured |= BIT(i);
- 	}
-
--	if (conn_configured != conn_seq) { /* repeat until no more are found */
--		conn_seq = conn_configured;
-+	if ((conn_configured & mask) != mask && conn_configured != conn_seq)
- 		goto retry;
--	}
-
- 	/*
- 	 * If the BIOS didn't enable everything it could, fall back to have the
--- 
-2.20.1
-
diff --git a/kernel.spec b/kernel.spec
index 8ffba15d7..77d3d96b4 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -614,24 +614,15 @@ Patch501: input-rmi4-remove-the-need-for-artifical-IRQ.patch
 # https://patchwork.kernel.org/patch/10752253/
 Patch504: efi-use-32-bit-alignment-for-efi_guid_t.patch
 
-# https://bugs.freedesktop.org/show_bug.cgi?id=109806
-Patch512: 0001-Revert-drm-i915-fbdev-Actually-configure-untiled-dis.patch
-
 # rhbz 1689750, patch submitted upstream
 Patch513: 0001-virt-vbox-Implement-passing-requestor-info-to-the-ho.patch
 
 # rhbz 1683382
 Patch515: nfsv4.1-avoid-false-retries.patch
 
-# CVE-2019-3882 rhbz 1689426 1695571
-Patch517: vfio-type1-limit-dma-mappings-per-container.patch
-
 # CVE-2019-9500 rhbz 1701224 1701226
 Patch518: 0001-brcmfmac-assure-SSID-length-from-firmware-is-limited.patch
 
-# rhbz 1701077
-Patch519: nfsd-wake-waiters-blocked-on-file_lock-before-deleting-it.patch
-
 # CVE-2019-9503 rhbz 1701842 1701843
 Patch520: 0001-brcmfmac-add-subtype-check-for-event-handling-in-dat.patch
 
@@ -1923,6 +1914,9 @@ fi
 #
 #
 %changelog
+* Thu May 02 2019 Laura Abbott <labbott@redhat.com> - 5.0.11-200
+- Linux v5.0.11
+
 * Tue Apr 30 2019 Hans de Goede <hdegoede@redhat.com>
 - Fix wifi on various ideapad models not working (rhbz#1703338)
 
diff --git a/nfsd-wake-waiters-blocked-on-file_lock-before-deleting-it.patch b/nfsd-wake-waiters-blocked-on-file_lock-before-deleting-it.patch
deleted file mode 100644
index 0b4cfbe16..000000000
--- a/nfsd-wake-waiters-blocked-on-file_lock-before-deleting-it.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From patchwork Sat Apr 20 10:15:48 2019
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-X-Patchwork-Submitter: Jeff Layton <jlayton@kernel.org>
-X-Patchwork-Id: 10910147
-Return-Path: <linux-nfs-owner@kernel.org>
-Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
- [172.30.200.125])
-	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0C1AE14DB
-	for <patchwork-linux-nfs@patchwork.kernel.org>;
- Sat, 20 Apr 2019 10:15:53 +0000 (UTC)
-Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
-	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E858821FAC
-	for <patchwork-linux-nfs@patchwork.kernel.org>;
- Sat, 20 Apr 2019 10:15:52 +0000 (UTC)
-Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
-	id D5EA228818; Sat, 20 Apr 2019 10:15:52 +0000 (UTC)
-X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
-	pdx-wl-mail.web.codeaurora.org
-X-Spam-Level: 
-X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
-	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham
-	version=3.3.1
-Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
-	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BF69021FAC
-	for <patchwork-linux-nfs@patchwork.kernel.org>;
- Sat, 20 Apr 2019 10:15:51 +0000 (UTC)
-Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
-        id S1726082AbfDTKPu (ORCPT
-        <rfc822;patchwork-linux-nfs@patchwork.kernel.org>);
-        Sat, 20 Apr 2019 06:15:50 -0400
-Received: from mail.kernel.org ([198.145.29.99]:36092 "EHLO mail.kernel.org"
-        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
-        id S1725920AbfDTKPu (ORCPT <rfc822;linux-nfs@vger.kernel.org>);
-        Sat, 20 Apr 2019 06:15:50 -0400
-Received: from tleilax.poochiereds.net (cpe-71-70-156-158.nc.res.rr.com
- [71.70.156.158])
-        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
-        (No client certificate requested)
-        by mail.kernel.org (Postfix) with ESMTPSA id 649D32087B;
-        Sat, 20 Apr 2019 10:15:49 +0000 (UTC)
-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
-        s=default; t=1555755349;
-        bh=Sqynm2vSbQ1pAh/3FcXrwFTMrJUwFTkrxoodJHFBfA0=;
-        h=From:To:Cc:Subject:Date:From;
-        b=TFlYii+F3H67zOX8b/mENa/XRCx1SjMI2/gLtscPnA5l6T0dG8aC/E+FJLvMeNLHo
-         pu2zlPSdszk+MBMfWQrfUpKGCP7CPqfyk7F1rXRIr6kNYp2tE2gKYyIWvCkVPE45iX
-         LngnHXERmf/R52j7gg2ENj+yjuOh07AifhxH1J00=
-From: Jeff Layton <jlayton@kernel.org>
-To: bfields@fieldses.org
-Cc: slawek1211@gmail.com, neilb@suse.com, linux-nfs@vger.kernel.org
-Subject: [PATCH] nfsd: wake waiters blocked on file_lock before deleting it
-Date: Sat, 20 Apr 2019 06:15:48 -0400
-Message-Id: <20190420101548.8552-1-jlayton@kernel.org>
-X-Mailer: git-send-email 2.20.1
-MIME-Version: 1.0
-Sender: linux-nfs-owner@vger.kernel.org
-Precedence: bulk
-List-ID: <linux-nfs.vger.kernel.org>
-X-Mailing-List: linux-nfs@vger.kernel.org
-X-Virus-Scanned: ClamAV using ClamSMTP
-
-After a blocked nfsd file_lock request is deleted, knfsd will send a
-callback to the client and then free the request. Commit 16306a61d3b7
-("fs/locks: always delete_block after waiting.") changed it such that
-locks_delete_block is always called on a request after it is awoken,
-but that patch missed fixing up blocked nfsd request handling.
-
-Call locks_delete_block on the block to wake up any locks still blocked
-on the nfsd lock request before sending the callback.
-
-URL: https://bugzilla.kernel.org/show_bug.cgi?id=203363
-Fixes: 16306a61d3b7 ("fs/locks: always delete_block after waiting.")
-Reported-by: Slawomir Pryczek <slawek1211@gmail.com>
-Cc: Neil Brown <neilb@suse.com>
-Signed-off-by: Jeff Layton <jlayton@kernel.org>
----
- fs/nfsd/nfs4state.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
-index 6a45fb00c5fc..1960e8fd9ad1 100644
---- a/fs/nfsd/nfs4state.c
-+++ b/fs/nfsd/nfs4state.c
-@@ -298,6 +298,14 @@ remove_blocked_locks(struct nfs4_lockowner *lo)
- 	}
- }
- 
-+static void
-+nfsd4_cb_notify_lock_prepare(struct nfsd4_callback *cb)
-+{
-+	struct nfsd4_blocked_lock	*nbl = container_of(cb,
-+						struct nfsd4_blocked_lock, nbl_cb);
-+	locks_delete_block(&nbl->nbl_lock);
-+}
-+
- static int
- nfsd4_cb_notify_lock_done(struct nfsd4_callback *cb, struct rpc_task *task)
- {
-@@ -325,6 +333,7 @@ nfsd4_cb_notify_lock_release(struct nfsd4_callback *cb)
- }
- 
- static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops = {
-+	.prepare	= nfsd4_cb_notify_lock_prepare,
- 	.done		= nfsd4_cb_notify_lock_done,
- 	.release	= nfsd4_cb_notify_lock_release,
- };
diff --git a/vfio-type1-limit-dma-mappings-per-container.patch b/vfio-type1-limit-dma-mappings-per-container.patch
deleted file mode 100644
index da814fa0e..000000000
--- a/vfio-type1-limit-dma-mappings-per-container.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-From mboxrd@z Thu Jan  1 00:00:00 1970
-Return-Path: <SRS0=/BGd=SD=vger.kernel.org=linux-kernel-owner@kernel.org>
-X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
-	aws-us-west-2-korg-lkml-1.web.codeaurora.org
-X-Spam-Level: 
-X-Spam-Status: No, score=-7.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
-	INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS autolearn=ham
-	autolearn_force=no version=3.4.0
-Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
-	by smtp.lore.kernel.org (Postfix) with ESMTP id 5BCBAC43381
-	for <linux-kernel@archiver.kernel.org>; Mon,  1 Apr 2019 20:16:59 +0000 (UTC)
-Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
-	by mail.kernel.org (Postfix) with ESMTP id 31C4F20896
-	for <linux-kernel@archiver.kernel.org>; Mon,  1 Apr 2019 20:16:59 +0000 (UTC)
-Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
-        id S1726867AbfDAUQ5 (ORCPT
-        <rfc822;linux-kernel@archiver.kernel.org>);
-        Mon, 1 Apr 2019 16:16:57 -0400
-Received: from mx1.redhat.com ([209.132.183.28]:52924 "EHLO mx1.redhat.com"
-        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
-        id S1726284AbfDAUQ5 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
-        Mon, 1 Apr 2019 16:16:57 -0400
-Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22])
-        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
-        (No client certificate requested)
-        by mx1.redhat.com (Postfix) with ESMTPS id 6BC20307D933;
-        Mon,  1 Apr 2019 20:16:57 +0000 (UTC)
-Received: from gimli.home (ovpn-116-99.phx2.redhat.com [10.3.116.99])
-        by smtp.corp.redhat.com (Postfix) with ESMTP id AF2DC104C53F;
-        Mon,  1 Apr 2019 20:16:52 +0000 (UTC)
-Subject: [PATCH] vfio/type1: Limit DMA mappings per container
-From:   Alex Williamson <alex.williamson@redhat.com>
-To:     alex.williamson@redhat.com
-Cc:     kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
-        eric.auger@redhat.com, cohuck@redhat.com
-Date:   Mon, 01 Apr 2019 14:16:52 -0600
-Message-ID: <155414977872.12780.13728555131525362206.stgit@gimli.home>
-User-Agent: StGit/0.19-dirty
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 7bit
-X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
-X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Mon, 01 Apr 2019 20:16:57 +0000 (UTC)
-Sender: linux-kernel-owner@vger.kernel.org
-Precedence: bulk
-List-ID: <linux-kernel.vger.kernel.org>
-X-Mailing-List: linux-kernel@vger.kernel.org
-Archived-At: <https://lore.kernel.org/lkml/155414977872.12780.13728555131525362206.stgit@gimli.home/>
-List-Archive: <https://lore.kernel.org/lkml/>
-List-Post: <mailto:linux-kernel@vger.kernel.org>
-
-Memory backed DMA mappings are accounted against a user's locked
-memory limit, including multiple mappings of the same memory.  This
-accounting bounds the number of such mappings that a user can create.
-However, DMA mappings that are not backed by memory, such as DMA
-mappings of device MMIO via mmaps, do not make use of page pinning
-and therefore do not count against the user's locked memory limit.
-These mappings still consume memory, but the memory is not well
-associated to the process for the purpose of oom killing a task.
-
-To add bounding on this use case, we introduce a limit to the total
-number of concurrent DMA mappings that a user is allowed to create.
-This limit is exposed as a tunable module option where the default
-value of 64K is expected to be well in excess of any reasonable use
-case (a large virtual machine configuration would typically only make
-use of tens of concurrent mappings).
-
-This fixes CVE-2019-3882.
-
-Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
----
- drivers/vfio/vfio_iommu_type1.c |   14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-
-diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
-index 73652e21efec..7fc8fd7d4dc7 100644
---- a/drivers/vfio/vfio_iommu_type1.c
-+++ b/drivers/vfio/vfio_iommu_type1.c
-@@ -58,12 +58,18 @@ module_param_named(disable_hugepages,
- MODULE_PARM_DESC(disable_hugepages,
- 		 "Disable VFIO IOMMU support for IOMMU hugepages.");
- 
-+static int dma_entry_limit __read_mostly = U16_MAX;
-+module_param_named(dma_entry_limit, dma_entry_limit, int, 0644);
-+MODULE_PARM_DESC(dma_entry_limit,
-+		 "Maximum number of user DMA mappings per container (65535).");
-+
- struct vfio_iommu {
- 	struct list_head	domain_list;
- 	struct vfio_domain	*external_domain; /* domain for external user */
- 	struct mutex		lock;
- 	struct rb_root		dma_list;
- 	struct blocking_notifier_head notifier;
-+	atomic_t		dma_avail;
- 	bool			v2;
- 	bool			nesting;
- };
-@@ -836,6 +842,7 @@ static void vfio_remove_dma(struct vfio_iommu *iommu, struct vfio_dma *dma)
- 	vfio_unlink_dma(iommu, dma);
- 	put_task_struct(dma->task);
- 	kfree(dma);
-+	atomic_inc(&iommu->dma_avail);
- }
- 
- static unsigned long vfio_pgsize_bitmap(struct vfio_iommu *iommu)
-@@ -1081,8 +1088,14 @@ static int vfio_dma_do_map(struct vfio_iommu *iommu,
- 		goto out_unlock;
- 	}
- 
-+	if (!atomic_add_unless(&iommu->dma_avail, -1, 0)) {
-+		ret = -ENOSPC;
-+		goto out_unlock;
-+	}
-+
- 	dma = kzalloc(sizeof(*dma), GFP_KERNEL);
- 	if (!dma) {
-+		atomic_inc(&iommu->dma_avail);
- 		ret = -ENOMEM;
- 		goto out_unlock;
- 	}
-@@ -1583,6 +1596,7 @@ static void *vfio_iommu_type1_open(unsigned long arg)
- 
- 	INIT_LIST_HEAD(&iommu->domain_list);
- 	iommu->dma_list = RB_ROOT;
-+	atomic_set(&iommu->dma_avail, dma_entry_limit);
- 	mutex_init(&iommu->lock);
- 	BLOCKING_INIT_NOTIFIER_HEAD(&iommu->notifier);
- 
-
-