diff options
-rw-r--r-- | .SRCINFO | 18 | ||||
-rw-r--r-- | 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch | 16 | ||||
-rw-r--r-- | 0002-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch | 645 | ||||
-rw-r--r-- | PKGBUILD | 14 |
4 files changed, 22 insertions, 671 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-rc - pkgver = 5.8.15rc1 + pkgver = 5.9.2rc1 pkgrel = 1 url = https://www.kernel.org/ arch = x86_64 @@ -8,24 +8,22 @@ pkgbase = linux-rc makedepends = kmod makedepends = libelf options = !strip - source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.8.15-rc1.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.8.15-rc1.sign - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.8.14.tar.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.8.14.tar.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.2-rc1.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.2-rc1.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.1.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.1.tar.sign source = config source = 0000-sphinx-workaround.patch source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch - source = 0002-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E - b2sums = 1b71874456dd9d0a24d1c1f886a03dc1d61d5229b948db3feac8783e6b96c6d21c1b59e02bf5e2d06ac7fad6562e0bd2f76cb6b26d71e81cd072933e5a12ddd0 + b2sums = 9d61bcbcca4f8ffc573a2634ebf0768f2d90bf85634690f976094b7f0910e97bd12f3593444939773f99823a32bb98f50385aa738401d6eaca7cfb319101d2ef b2sums = SKIP - b2sums = b14f2306a7e503118e67e8b854341baadafeff39b526600f6e0855ad6e11723187865bf86fc5a1b9adbfa96f9c36a212554548dd146ca6f8abdeac1e29bae08d + b2sums = 65eeccf077194ce03d5dbc1e8ea8f6022d709bc930945a49880fb87d71992e0614cf5ee92eb1b60fe2e3ed41fe17f0c176bbbad5f2cf0a2a349e1b08e6236558 b2sums = SKIP b2sums = 040cd9c2871f38537f5acac43baff091f46b8143fe66552238484b584456afd7f2862337056e27d3d8e034bcd68e030a4e47a059e9c92e4a416443bab2bc59db b2sums = b4e1377d97ad7e8144d6e55b6d43731e3271a5aec65b65ca6d81026a95f15f549b9303fb3c6f492099ca691e3f65f4cf7f0c3aa742df03b396d7f6d81813aa95 - b2sums = 81cdb769c2e829e71ada51fdd97ff2a5ce129d2a556f8de69687e7dbab7705ca0725e6c01676c5aa38408caa9f50a6c864556ca5cc3eefb7ed2592d066aa1486 - b2sums = 3d8d7849bee869adced3696c1bf4cb05ac3918ab73a9a28249a2869a370ece25564051b1e60af788b827f35c6021b548d8d577acaf1d39058db457a2c3e3b95b + b2sums = 3c5cdf6da7ff5312bfe2a8dcd18e58c8e1a3408e1612be60417ed33866e9e70da77db88435fe49483c907c5ff45d4b9ed979aaa96d485cef976c6aa6fdaa834c pkgname = linux-rc pkgdesc = The release candidate kernel and modules diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch index 4cff96d4fc79..80364739ab93 100644 --- a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch +++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch @@ -1,4 +1,4 @@ -From 78508a927d710e4077f50f188b69ba5000b68e78 Mon Sep 17 00:00:00 2001 +From c7c51372f02b8b45275897e5728ef28a35b82658 Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> Date: Mon, 16 Sep 2019 04:53:20 +0200 Subject: [PATCH 1/3] ZEN: Add sysctl and CONFIG to disallow unprivileged @@ -36,10 +36,10 @@ index 6ef1c7109fc4..2140091b0b8d 100644 { return &init_user_ns; diff --git a/init/Kconfig b/init/Kconfig -index 0498af567f70..078a0b73effd 100644 +index d6a0b31b13dc..2420d38cbfb9 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1140,6 +1140,22 @@ config USER_NS +@@ -1168,6 +1168,22 @@ config USER_NS If unsure, say N. @@ -63,7 +63,7 @@ index 0498af567f70..078a0b73effd 100644 bool "PID Namespaces" default y diff --git a/kernel/fork.c b/kernel/fork.c -index efc5493203ae..90859b7531d3 100644 +index da8d360fb032..e1a347df77ac 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -96,6 +96,10 @@ @@ -77,7 +77,7 @@ index efc5493203ae..90859b7531d3 100644 #include <asm/pgalloc.h> #include <linux/uaccess.h> #include <asm/mmu_context.h> -@@ -1861,6 +1865,10 @@ static __latent_entropy struct task_struct *copy_process( +@@ -1841,6 +1845,10 @@ static __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -88,7 +88,7 @@ index efc5493203ae..90859b7531d3 100644 /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -2961,6 +2969,12 @@ int ksys_unshare(unsigned long unshare_flags) +@@ -2900,6 +2908,12 @@ int ksys_unshare(unsigned long unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; @@ -102,7 +102,7 @@ index efc5493203ae..90859b7531d3 100644 if (err) goto bad_unshare_out; diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index db1ce7af2563..9b73467e279d 100644 +index afad085960b8..a94828fb31c2 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -103,6 +103,9 @@ @@ -115,7 +115,7 @@ index db1ce7af2563..9b73467e279d 100644 #if defined(CONFIG_SYSCTL) -@@ -1882,6 +1885,15 @@ static struct ctl_table kern_table[] = { +@@ -1902,6 +1905,15 @@ static struct ctl_table kern_table[] = { .proc_handler = proc_dointvec, }, #endif diff --git a/0002-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch b/0002-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch deleted file mode 100644 index 8fe7510b736b..000000000000 --- a/0002-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch +++ /dev/null @@ -1,645 +0,0 @@ -From 4e456a10768c64b2d2129b67caf21a7b79a1945b Mon Sep 17 00:00:00 2001 -From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org> -Date: Wed, 15 Jul 2020 22:42:07 +0200 -Subject: [PATCH 2/3] virt: vbox: Add support for the new - VBG_IOCTL_ACQUIRE_GUEST_CAPABILITIES ioctl - -https://lore.kernel.org/patchwork/cover/1270301/ - -Needed for https://bugs.archlinux.org/task/67253 - -Squashed commit of the following: - -commit 0d7bec556896815f4920a5ed87339732c697175c -Author: Hans de Goede <hdegoede@redhat.com> -Date: Thu Jul 9 14:08:58 2020 +0200 - - virt: vbox: Fix some comments which talk about the "session spinlock" - - The session lock is a mutex, not a spinlock, fix the comments to match. - - Acked-by: Arnd Bergmann <arnd@arndb.de> - Signed-off-by: Hans de Goede <hdegoede@redhat.com> - -commit fed91350029e0c3bf626bd55a148e766587ec439 -Author: Hans de Goede <hdegoede@redhat.com> -Date: Thu Jul 9 14:08:57 2020 +0200 - - virt: vbox: Log unknown ioctl requests as error - - Every now and then upstream adds new ioctls without notifying us, - log unknown ioctl requests as an error to catch these. - - Acked-by: Arnd Bergmann <arnd@arndb.de> - Signed-off-by: Hans de Goede <hdegoede@redhat.com> - -commit 245d06f4c1b8f84cde07d14c09296a4fe90a26f0 -Author: Hans de Goede <hdegoede@redhat.com> -Date: Thu Jul 9 14:08:56 2020 +0200 - - virt: vbox: Add a few new vmmdev request types to the userspace whitelist - - Upstream VirtualBox has defined and is using a few new request types for - vmmdev requests passed through /dev/vboxguest to the hypervisor. - - Add the defines for these to vbox_vmmdev_types.h and add add them to the - whitelists of vmmdev requests which userspace is allowed to make. - - BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1789545 - Acked-by: Arnd Bergmann <arnd@arndb.de> - Signed-off-by: Hans de Goede <hdegoede@redhat.com> - -commit 2f24f5446915322bbbb1ccf4ee2297512feab942 -Author: Hans de Goede <hdegoede@redhat.com> -Date: Thu Jul 9 14:08:55 2020 +0200 - - virt: vbox: Add support for the new VBG_IOCTL_ACQUIRE_GUEST_CAPABILITIES ioctl - - Add support for the new VBG_IOCTL_ACQUIRE_GUEST_CAPABILITIES ioctl, this - is necessary for automatic resizing of the guest resolution to match the - VM-window size to work with the new VMSVGA virtual GPU which is now the - new default in VirtualBox. - - BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1789545 - Acked-by: Arnd Bergmann <arnd@arndb.de> - Signed-off-by: Hans de Goede <hdegoede@redhat.com> - -commit 2fc9822453e8dd215765cd2b28e5e6e26338829e -Author: Hans de Goede <hdegoede@redhat.com> -Date: Thu Jul 9 14:08:54 2020 +0200 - - virt: vbox: Add vbg_set_host_capabilities() helper function - - Add vbg_set_host_capabilities() helper function, this is a preparation - patch for adding support for the VBGL_IOCTL_GUEST_CAPS_ACQUIRE ioctl. - - Acked-by: Arnd Bergmann <arnd@arndb.de> - Signed-off-by: Hans de Goede <hdegoede@redhat.com> - -commit 1594daf929c8691849c00e49e4a1ed977048addc -Author: Hans de Goede <hdegoede@redhat.com> -Date: Thu Jul 9 14:08:53 2020 +0200 - - virt: vbox: Rename guest_caps struct members to set_guest_caps - - Rename guest_caps[_tracker] struct members to set_guest_caps[_tracker] - this is a preparation patch for adding support for the - VBGL_IOCTL_GUEST_CAPS_ACQUIRE ioctl. - - Acked-by: Arnd Bergmann <arnd@arndb.de> - Signed-off-by: Hans de Goede <hdegoede@redhat.com> - -commit d7f3b7cec66d171cf5194ad37f647f4562da6ccc -Author: Hans de Goede <hdegoede@redhat.com> -Date: Thu Jul 9 14:08:52 2020 +0200 - - virt: vbox: Fix guest capabilities mask check - - Check the passed in capabilities against VMMDEV_GUEST_CAPABILITIES_MASK - instead of against VMMDEV_EVENT_VALID_EVENT_MASK. - This tightens the allowed mask from 0x7ff to 0x7. - - Fixes: 0ba002bc4393 ("virt: Add vboxguest driver for Virtual Box Guest integration") - Cc: stable@vger.kernel.org - Acked-by: Arnd Bergmann <arnd@arndb.de> - Signed-off-by: Hans de Goede <hdegoede@redhat.com> - -commit f6694fa90e2183874def2d022d097795e2269a15 -Author: Hans de Goede <hdegoede@redhat.com> -Date: Thu Jul 9 14:08:51 2020 +0200 - - virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream - - Until this commit the mainline kernel version (this version) of the - vboxguest module contained a bug where it defined - VBGL_IOCTL_VMMDEV_REQUEST_BIG and VBGL_IOCTL_LOG using - _IOC(_IOC_READ | _IOC_WRITE, 'V', ...) instead of - _IO(V, ...) as the out of tree VirtualBox upstream version does. - - Since the VirtualBox userspace bits are always built against VirtualBox - upstream's headers, this means that so far the mainline kernel version - of the vboxguest module has been failing these 2 ioctls with -ENOTTY. - I guess that VBGL_IOCTL_VMMDEV_REQUEST_BIG is never used causing us to - not hit that one and sofar the vboxguest driver has failed to actually - log any log messages passed it through VBGL_IOCTL_LOG. - - This commit changes the VBGL_IOCTL_VMMDEV_REQUEST_BIG and VBGL_IOCTL_LOG - defines to match the out of tree VirtualBox upstream vboxguest version, - while keeping compatibility with the old wrong request defines so as - to not break the kernel ABI in case someone has been using the old - request defines. - - Fixes: f6ddd094f579 ("virt: Add vboxguest driver for Virtual Box Guest integration UAPI") - Cc: stable@vger.kernel.org - Acked-by: Arnd Bergmann <arnd@arndb.de> - Reviewed-by: Arnd Bergmann <arnd@arndb.de> - Signed-off-by: Hans de Goede <hdegoede@redhat.com> ---- - drivers/virt/vboxguest/vboxguest_core.c | 266 +++++++++++++++++++---- - drivers/virt/vboxguest/vboxguest_core.h | 23 +- - drivers/virt/vboxguest/vboxguest_utils.c | 1 + - include/linux/vbox_utils.h | 1 + - include/uapi/linux/vbox_vmmdev_types.h | 3 + - include/uapi/linux/vboxguest.h | 24 ++ - 6 files changed, 269 insertions(+), 49 deletions(-) - -diff --git a/drivers/virt/vboxguest/vboxguest_core.c b/drivers/virt/vboxguest/vboxguest_core.c -index 18ebd7a6af98..0b43efddea22 100644 ---- a/drivers/virt/vboxguest/vboxguest_core.c -+++ b/drivers/virt/vboxguest/vboxguest_core.c -@@ -559,7 +559,7 @@ static int vbg_reset_host_event_filter(struct vbg_dev *gdev, - * Changes the event filter mask for the given session. - * - * This is called in response to VBG_IOCTL_CHANGE_FILTER_MASK as well as to -- * do session cleanup. Takes the session spinlock. -+ * do session cleanup. Takes the session mutex. - * - * Return: 0 or negative errno value. - * @gdev: The Guest extension device. -@@ -662,7 +662,156 @@ static int vbg_reset_host_capabilities(struct vbg_dev *gdev) - } - - /** -- * Sets the guest capabilities for a session. Takes the session spinlock. -+ * Set guest capabilities on the host. -+ * Must be called with gdev->session_mutex hold. -+ * Return: 0 or negative errno value. -+ * @gdev: The Guest extension device. -+ * @session: The session. -+ * @session_termination: Set if we're called by the session cleanup code. -+ */ -+static int vbg_set_host_capabilities(struct vbg_dev *gdev, -+ struct vbg_session *session, -+ bool session_termination) -+{ -+ struct vmmdev_mask *req; -+ u32 caps; -+ int rc; -+ -+ WARN_ON(!mutex_is_locked(&gdev->session_mutex)); -+ -+ caps = gdev->acquired_guest_caps | gdev->set_guest_caps_tracker.mask; -+ -+ if (gdev->guest_caps_host == caps) -+ return 0; -+ -+ /* On termination the requestor is the kernel, as we're cleaning up. */ -+ req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_GUEST_CAPABILITIES, -+ session_termination ? VBG_KERNEL_REQUEST : -+ session->requestor); -+ if (!req) { -+ gdev->guest_caps_host = U32_MAX; -+ return -ENOMEM; -+ } -+ -+ req->or_mask = caps; -+ req->not_mask = ~caps; -+ rc = vbg_req_perform(gdev, req); -+ vbg_req_free(req, sizeof(*req)); -+ -+ gdev->guest_caps_host = (rc >= 0) ? caps : U32_MAX; -+ -+ return vbg_status_code_to_errno(rc); -+} -+ -+/** -+ * Acquire (get exclusive access) guest capabilities for a session. -+ * Takes the session mutex. -+ * Return: 0 or negative errno value. -+ * @gdev: The Guest extension device. -+ * @session: The session. -+ * @flags: Flags (VBGL_IOC_AGC_FLAGS_XXX). -+ * @or_mask: The capabilities to add. -+ * @not_mask: The capabilities to remove. -+ * @session_termination: Set if we're called by the session cleanup code. -+ * This tweaks the error handling so we perform -+ * proper session cleanup even if the host -+ * misbehaves. -+ */ -+static int vbg_acquire_session_capabilities(struct vbg_dev *gdev, -+ struct vbg_session *session, -+ u32 or_mask, u32 not_mask, -+ u32 flags, bool session_termination) -+{ -+ unsigned long irqflags; -+ bool wakeup = false; -+ int ret = 0; -+ -+ mutex_lock(&gdev->session_mutex); -+ -+ if (gdev->set_guest_caps_tracker.mask & or_mask) { -+ vbg_err("%s error: cannot acquire caps which are currently set\n", -+ __func__); -+ ret = -EINVAL; -+ goto out; -+ } -+ -+ /* -+ * Mark any caps in the or_mask as now being in acquire-mode. Note -+ * once caps are in acquire_mode they always stay in this mode. -+ * This impacts event handling, so we take the event-lock. -+ */ -+ spin_lock_irqsave(&gdev->event_spinlock, irqflags); -+ gdev->acquire_mode_guest_caps |= or_mask; -+ spin_unlock_irqrestore(&gdev->event_spinlock, irqflags); -+ -+ /* If we only have to switch the caps to acquire mode, we're done. */ -+ if (flags & VBGL_IOC_AGC_FLAGS_CONFIG_ACQUIRE_MODE) -+ goto out; -+ -+ not_mask &= ~or_mask; /* or_mask takes priority over not_mask */ -+ not_mask &= session->acquired_guest_caps; -+ or_mask &= ~session->acquired_guest_caps; -+ -+ if (or_mask == 0 && not_mask == 0) -+ goto out; -+ -+ if (gdev->acquired_guest_caps & or_mask) { -+ ret = -EBUSY; -+ goto out; -+ } -+ -+ gdev->acquired_guest_caps |= or_mask; -+ gdev->acquired_guest_caps &= ~not_mask; -+ /* session->acquired_guest_caps impacts event handling, take the lock */ -+ spin_lock_irqsave(&gdev->event_spinlock, irqflags); -+ session->acquired_guest_caps |= or_mask; -+ session->acquired_guest_caps &= ~not_mask; -+ spin_unlock_irqrestore(&gdev->event_spinlock, irqflags); -+ -+ ret = vbg_set_host_capabilities(gdev, session, session_termination); -+ /* Roll back on failure, unless it's session termination time. */ -+ if (ret < 0 && !session_termination) { -+ gdev->acquired_guest_caps &= ~or_mask; -+ gdev->acquired_guest_caps |= not_mask; -+ spin_lock_irqsave(&gdev->event_spinlock, irqflags); -+ session->acquired_guest_caps &= ~or_mask; -+ session->acquired_guest_caps |= not_mask; -+ spin_unlock_irqrestore(&gdev->event_spinlock, irqflags); -+ } -+ -+ /* -+ * If we added a capability, check if that means some other thread in -+ * our session should be unblocked because there are events pending -+ * (the result of vbg_get_allowed_event_mask_for_session() may change). -+ * -+ * HACK ALERT! When the seamless support capability is added we generate -+ * a seamless change event so that the ring-3 client can sync with -+ * the seamless state. -+ */ -+ if (ret == 0 && or_mask != 0) { -+ spin_lock_irqsave(&gdev->event_spinlock, irqflags); -+ -+ if (or_mask & VMMDEV_GUEST_SUPPORTS_SEAMLESS) -+ gdev->pending_events |= -+ VMMDEV_EVENT_SEAMLESS_MODE_CHANGE_REQUEST; -+ -+ if (gdev->pending_events) -+ wakeup = true; -+ -+ spin_unlock_irqrestore(&gdev->event_spinlock, irqflags); -+ -+ if (wakeup) -+ wake_up(&gdev->event_wq); -+ } -+ -+out: -+ mutex_unlock(&gdev->session_mutex); -+ -+ return ret; -+} -+ -+/** -+ * Sets the guest capabilities for a session. Takes the session mutex. - * Return: 0 or negative errno value. - * @gdev: The Guest extension device. - * @session: The session. -@@ -678,62 +827,40 @@ static int vbg_set_session_capabilities(struct vbg_dev *gdev, - u32 or_mask, u32 not_mask, - bool session_termination) - { -- struct vmmdev_mask *req; - u32 changed, previous; -- int rc, ret = 0; -- -- /* -- * Allocate a request buffer before taking the spinlock, when -- * the session is being terminated the requestor is the kernel, -- * as we're cleaning up. -- */ -- req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_GUEST_CAPABILITIES, -- session_termination ? VBG_KERNEL_REQUEST : -- session->requestor); -- if (!req) { -- if (!session_termination) -- return -ENOMEM; -- /* Ignore allocation failure, we must do session cleanup. */ -- } -+ int ret = 0; - - mutex_lock(&gdev->session_mutex); - -+ if (gdev->acquire_mode_guest_caps & or_mask) { -+ vbg_err("%s error: cannot set caps which are in acquire_mode\n", -+ __func__); -+ ret = -EBUSY; -+ goto out; -+ } -+ - /* Apply the changes to the session mask. */ -- previous = session->guest_caps; -- session->guest_caps |= or_mask; -- session->guest_caps &= ~not_mask; -+ previous = session->set_guest_caps; -+ session->set_guest_caps |= or_mask; -+ session->set_guest_caps &= ~not_mask; - - /* If anything actually changed, update the global usage counters. */ -- changed = previous ^ session->guest_caps; -+ changed = previous ^ session->set_guest_caps; - if (!changed) - goto out; - -- vbg_track_bit_usage(&gdev->guest_caps_tracker, changed, previous); -- or_mask = gdev->guest_caps_tracker.mask; -- -- if (gdev->guest_caps_host == or_mask || !req) -- goto out; -+ vbg_track_bit_usage(&gdev->set_guest_caps_tracker, changed, previous); - -- gdev->guest_caps_host = or_mask; -- req->or_mask = or_mask; -- req->not_mask = ~or_mask; -- rc = vbg_req_perform(gdev, req); -- if (rc < 0) { -- ret = vbg_status_code_to_errno(rc); -- -- /* Failed, roll back (unless it's session termination time). */ -- gdev->guest_caps_host = U32_MAX; -- if (session_termination) -- goto out; -- -- vbg_track_bit_usage(&gdev->guest_caps_tracker, changed, -- session->guest_caps); -- session->guest_caps = previous; -+ ret = vbg_set_host_capabilities(gdev, session, session_termination); -+ /* Roll back on failure, unless it's session termination time. */ -+ if (ret < 0 && !session_termination) { -+ vbg_track_bit_usage(&gdev->set_guest_caps_tracker, changed, -+ session->set_guest_caps); -+ session->set_guest_caps = previous; - } - - out: - mutex_unlock(&gdev->session_mutex); -- vbg_req_free(req, sizeof(*req)); - - return ret; - } -@@ -949,6 +1076,7 @@ void vbg_core_close_session(struct vbg_session *session) - struct vbg_dev *gdev = session->gdev; - int i, rc; - -+ vbg_acquire_session_capabilities(gdev, session, 0, U32_MAX, 0, true); - vbg_set_session_capabilities(gdev, session, 0, U32_MAX, true); - vbg_set_session_event_filter(gdev, session, 0, U32_MAX, true); - -@@ -1006,6 +1134,25 @@ static int vbg_ioctl_driver_version_info( - return 0; - } - -+/* Must be called with the event_lock held */ -+static u32 vbg_get_allowed_event_mask_for_session(struct vbg_dev *gdev, -+ struct vbg_session *session) -+{ -+ u32 acquire_mode_caps = gdev->acquire_mode_guest_caps; -+ u32 session_acquired_caps = session->acquired_guest_caps; -+ u32 allowed_events = VMMDEV_EVENT_VALID_EVENT_MASK; -+ -+ if ((acquire_mode_caps & VMMDEV_GUEST_SUPPORTS_GRAPHICS) && -+ !(session_acquired_caps & VMMDEV_GUEST_SUPPORTS_GRAPHICS)) -+ allowed_events &= ~VMMDEV_EVENT_DISPLAY_CHANGE_REQUEST; -+ -+ if ((acquire_mode_caps & VMMDEV_GUEST_SUPPORTS_SEAMLESS) && -+ !(session_acquired_caps & VMMDEV_GUEST_SUPPORTS_SEAMLESS)) -+ allowed_events &= ~VMMDEV_EVENT_SEAMLESS_MODE_CHANGE_REQUEST; -+ -+ return allowed_events; -+} -+ - static bool vbg_wait_event_cond(struct vbg_dev *gdev, - struct vbg_session *session, - u32 event_mask) -@@ -1017,6 +1164,7 @@ static bool vbg_wait_event_cond(struct vbg_dev *gdev, - spin_lock_irqsave(&gdev->event_spinlock, flags); - - events = gdev->pending_events & event_mask; -+ events &= vbg_get_allowed_event_mask_for_session(gdev, session); - wakeup = events || session->cancel_waiters; - - spin_unlock_irqrestore(&gdev->event_spinlock, flags); -@@ -1031,6 +1179,7 @@ static u32 vbg_consume_events_locked(struct vbg_dev *gdev, - { - u32 events = gdev->pending_events & event_mask; - -+ events &= vbg_get_allowed_event_mask_for_session(gdev, session); - gdev->pending_events &= ~events; - return events; - } -@@ -1150,7 +1299,9 @@ static int vbg_req_allowed(struct vbg_dev *gdev, struct vbg_session *session, - case VMMDEVREQ_VIDEO_ACCEL_ENABLE: - case VMMDEVREQ_VIDEO_ACCEL_FLUSH: - case VMMDEVREQ_VIDEO_SET_VISIBLE_REGION: -+ case VMMDEVREQ_VIDEO_UPDATE_MONITOR_POSITIONS: - case VMMDEVREQ_GET_DISPLAY_CHANGE_REQEX: -+ case VMMDEVREQ_GET_DISPLAY_CHANGE_REQ_MULTI: - case VMMDEVREQ_GET_SEAMLESS_CHANGE_REQ: - case VMMDEVREQ_GET_VRDPCHANGE_REQ: - case VMMDEVREQ_LOG_STRING: -@@ -1432,6 +1583,29 @@ static int vbg_ioctl_change_filter_mask(struct vbg_dev *gdev, - false); - } - -+static int vbg_ioctl_acquire_guest_capabilities(struct vbg_dev *gdev, -+ struct vbg_session *session, -+ struct vbg_ioctl_acquire_guest_caps *caps) -+{ -+ u32 flags, or_mask, not_mask; -+ -+ if (vbg_ioctl_chk(&caps->hdr, sizeof(caps->u.in), 0)) -+ return -EINVAL; -+ -+ flags = caps->u.in.flags; -+ or_mask = caps->u.in.or_mask; -+ not_mask = caps->u.in.not_mask; -+ -+ if (flags & ~VBGL_IOC_AGC_FLAGS_VALID_MASK) -+ return -EINVAL; -+ -+ if ((or_mask | not_mask) & ~VMMDEV_GUEST_CAPABILITIES_MASK) -+ return -EINVAL; -+ -+ return vbg_acquire_session_capabilities(gdev, session, or_mask, -+ not_mask, flags, false); -+} -+ - static int vbg_ioctl_change_guest_capabilities(struct vbg_dev *gdev, - struct vbg_session *session, struct vbg_ioctl_set_guest_caps *caps) - { -@@ -1452,7 +1626,7 @@ static int vbg_ioctl_change_guest_capabilities(struct vbg_dev *gdev, - if (ret) - return ret; - -- caps->u.out.session_caps = session->guest_caps; -+ caps->u.out.session_caps = session->set_guest_caps; - caps->u.out.global_caps = gdev->guest_caps_host; - - return 0; -@@ -1541,6 +1715,8 @@ int vbg_core_ioctl(struct vbg_session *session, unsigned int req, void *data) - return vbg_ioctl_interrupt_all_wait_events(gdev, session, data); - case VBG_IOCTL_CHANGE_FILTER_MASK: - return vbg_ioctl_change_filter_mask(gdev, session, data); -+ case VBG_IOCTL_ACQUIRE_GUEST_CAPABILITIES: -+ return vbg_ioctl_acquire_guest_capabilities(gdev, session, data); - case VBG_IOCTL_CHANGE_GUEST_CAPABILITIES: - return vbg_ioctl_change_guest_capabilities(gdev, session, data); - case VBG_IOCTL_CHECK_BALLOON: -@@ -1563,7 +1739,7 @@ int vbg_core_ioctl(struct vbg_session *session, unsigned int req, void *data) - return vbg_ioctl_log(data); - } - -- vbg_debug("VGDrvCommonIoCtl: Unknown req %#08x\n", req); -+ vbg_err_ratelimited("Userspace made an unknown ioctl req %#08x\n", req); - return -ENOTTY; - } - -diff --git a/drivers/virt/vboxguest/vboxguest_core.h b/drivers/virt/vboxguest/vboxguest_core.h -index 77c3a9c8255d..ab4bf64e2cec 100644 ---- a/drivers/virt/vboxguest/vboxguest_core.h -+++ b/drivers/virt/vboxguest/vboxguest_core.h -@@ -118,11 +118,21 @@ struct vbg_dev { - u32 event_filter_host; - - /** -- * Usage counters for guest capabilities. Indexed by capability bit -+ * Guest capabilities which have been switched to acquire_mode. -+ */ -+ u32 acquire_mode_guest_caps; -+ /** -+ * Guest capabilities acquired by vbg_acquire_session_capabilities(). -+ * Only one session can acquire a capability at a time. -+ */ -+ u32 acquired_guest_caps; -+ /** -+ * Usage counters for guest capabilities requested through -+ * vbg_set_session_capabilities(). Indexed by capability bit - * number, one count per session using a capability. - * Protected by session_mutex. - */ -- struct vbg_bit_usage_tracker guest_caps_tracker; -+ struct vbg_bit_usage_tracker set_guest_caps_tracker; - /** - * The guest capabilities last reported to the host (or UINT32_MAX). - * Protected by session_mutex. -@@ -164,11 +174,16 @@ struct vbg_session { - */ - u32 event_filter; - /** -- * Guest capabilities for this session. -+ * Guest capabilities acquired by vbg_acquire_session_capabilities(). -+ * Only one session can acquire a capability at a time. -+ */ -+ u32 acquired_guest_caps; -+ /** -+ * Guest capabilities set through vbg_set_session_capabilities(). - * A capability claimed by any guest session will be reported to the - * host. Protected by vbg_gdev.session_mutex. - */ -- u32 guest_caps; -+ u32 set_guest_caps; - /** VMMDEV_REQUESTOR_* flags */ - u32 requestor; - /** Set on CANCEL_ALL_WAITEVENTS, protected by vbg_devevent_spinlock. */ -diff --git a/drivers/virt/vboxguest/vboxguest_utils.c b/drivers/virt/vboxguest/vboxguest_utils.c -index 7396187ee32a..ea05af41ec69 100644 ---- a/drivers/virt/vboxguest/vboxguest_utils.c -+++ b/drivers/virt/vboxguest/vboxguest_utils.c -@@ -59,6 +59,7 @@ EXPORT_SYMBOL(name) - VBG_LOG(vbg_info, pr_info); - VBG_LOG(vbg_warn, pr_warn); - VBG_LOG(vbg_err, pr_err); -+VBG_LOG(vbg_err_ratelimited, pr_err_ratelimited); - #if defined(DEBUG) && !defined(CONFIG_DYNAMIC_DEBUG) - VBG_LOG(vbg_debug, pr_debug); - #endif -diff --git a/include/linux/vbox_utils.h b/include/linux/vbox_utils.h -index ff56c443180c..db8a7d118093 100644 ---- a/include/linux/vbox_utils.h -+++ b/include/linux/vbox_utils.h -@@ -16,6 +16,7 @@ struct vbg_dev; - __printf(1, 2) void vbg_info(const char *fmt, ...); - __printf(1, 2) void vbg_warn(const char *fmt, ...); - __printf(1, 2) void vbg_err(const char *fmt, ...); -+__printf(1, 2) void vbg_err_ratelimited(const char *fmt, ...); - - /* Only use backdoor logging for non-dynamic debug builds */ - #if defined(DEBUG) && !defined(CONFIG_DYNAMIC_DEBUG) -diff --git a/include/uapi/linux/vbox_vmmdev_types.h b/include/uapi/linux/vbox_vmmdev_types.h -index c27289fd619a..f8a8d6b3c521 100644 ---- a/include/uapi/linux/vbox_vmmdev_types.h -+++ b/include/uapi/linux/vbox_vmmdev_types.h -@@ -63,6 +63,7 @@ enum vmmdev_request_type { - VMMDEVREQ_SET_GUEST_CAPABILITIES = 56, - VMMDEVREQ_VIDEMODE_SUPPORTED2 = 57, /* since version 3.2.0 */ - VMMDEVREQ_GET_DISPLAY_CHANGE_REQEX = 80, /* since version 4.2.4 */ -+ VMMDEVREQ_GET_DISPLAY_CHANGE_REQ_MULTI = 81, - VMMDEVREQ_HGCM_CONNECT = 60, - VMMDEVREQ_HGCM_DISCONNECT = 61, - VMMDEVREQ_HGCM_CALL32 = 62, -@@ -92,6 +93,8 @@ enum vmmdev_request_type { - VMMDEVREQ_WRITE_COREDUMP = 218, - VMMDEVREQ_GUEST_HEARTBEAT = 219, - VMMDEVREQ_HEARTBEAT_CONFIGURE = 220, -+ VMMDEVREQ_NT_BUG_CHECK = 221, -+ VMMDEVREQ_VIDEO_UPDATE_MONITOR_POSITIONS = 222, - /* Ensure the enum is a 32 bit data-type */ - VMMDEVREQ_SIZEHACK = 0x7fffffff - }; -diff --git a/include/uapi/linux/vboxguest.h b/include/uapi/linux/vboxguest.h -index f79d7abe27db..15125f6ec60d 100644 ---- a/include/uapi/linux/vboxguest.h -+++ b/include/uapi/linux/vboxguest.h -@@ -257,6 +257,30 @@ VMMDEV_ASSERT_SIZE(vbg_ioctl_change_filter, 24 + 8); - _IOWR('V', 12, struct vbg_ioctl_change_filter) - - -+/** VBG_IOCTL_ACQUIRE_GUEST_CAPABILITIES data structure. */ -+struct vbg_ioctl_acquire_guest_caps { -+ /** The header. */ -+ struct vbg_ioctl_hdr hdr; -+ union { -+ struct { -+ /** Flags (VBGL_IOC_AGC_FLAGS_XXX). */ -+ __u32 flags; -+ /** Capabilities to set (VMMDEV_GUEST_SUPPORTS_XXX). */ -+ __u32 or_mask; -+ /** Capabilities to drop (VMMDEV_GUEST_SUPPORTS_XXX). */ -+ __u32 not_mask; -+ } in; -+ } u; -+}; -+VMMDEV_ASSERT_SIZE(vbg_ioctl_acquire_guest_caps, 24 + 12); -+ -+#define VBGL_IOC_AGC_FLAGS_CONFIG_ACQUIRE_MODE 0x00000001 -+#define VBGL_IOC_AGC_FLAGS_VALID_MASK 0x00000001 -+ -+#define VBG_IOCTL_ACQUIRE_GUEST_CAPABILITIES \ -+ _IOWR('V', 13, struct vbg_ioctl_acquire_guest_caps) -+ -+ - /** VBG_IOCTL_CHANGE_GUEST_CAPABILITIES data structure. */ - struct vbg_ioctl_set_guest_caps { - /** The header. */ --- -2.28.0 - @@ -3,11 +3,11 @@ pkgbase=linux-rc pkgrel=1 -_srcname=linux-5.8 -_major=5.8 +_srcname=linux-5.9 +_major=5.9 ### on initial release this is null otherwise it is the current stable subversion ### ie 1,2,3 corresponding $_major.1, $_major.3 etc -_minor=14 +_minor=1 _minorc=$((_minor+1)) ### on initial release this is just $_major _fullver=$_major.$_minor @@ -30,20 +30,18 @@ source=( config # the main kernel config file 0000-sphinx-workaround.patch 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch - 0002-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) -b2sums=('1b71874456dd9d0a24d1c1f886a03dc1d61d5229b948db3feac8783e6b96c6d21c1b59e02bf5e2d06ac7fad6562e0bd2f76cb6b26d71e81cd072933e5a12ddd0' +b2sums=('9d61bcbcca4f8ffc573a2634ebf0768f2d90bf85634690f976094b7f0910e97bd12f3593444939773f99823a32bb98f50385aa738401d6eaca7cfb319101d2ef' 'SKIP' - 'b14f2306a7e503118e67e8b854341baadafeff39b526600f6e0855ad6e11723187865bf86fc5a1b9adbfa96f9c36a212554548dd146ca6f8abdeac1e29bae08d' + '65eeccf077194ce03d5dbc1e8ea8f6022d709bc930945a49880fb87d71992e0614cf5ee92eb1b60fe2e3ed41fe17f0c176bbbad5f2cf0a2a349e1b08e6236558' 'SKIP' '040cd9c2871f38537f5acac43baff091f46b8143fe66552238484b584456afd7f2862337056e27d3d8e034bcd68e030a4e47a059e9c92e4a416443bab2bc59db' 'b4e1377d97ad7e8144d6e55b6d43731e3271a5aec65b65ca6d81026a95f15f549b9303fb3c6f492099ca691e3f65f4cf7f0c3aa742df03b396d7f6d81813aa95' - '81cdb769c2e829e71ada51fdd97ff2a5ce129d2a556f8de69687e7dbab7705ca0725e6c01676c5aa38408caa9f50a6c864556ca5cc3eefb7ed2592d066aa1486' - '3d8d7849bee869adced3696c1bf4cb05ac3918ab73a9a28249a2869a370ece25564051b1e60af788b827f35c6021b548d8d577acaf1d39058db457a2c3e3b95b') + '3c5cdf6da7ff5312bfe2a8dcd18e58c8e1a3408e1612be60417ed33866e9e70da77db88435fe49483c907c5ff45d4b9ed979aaa96d485cef976c6aa6fdaa834c') export KBUILD_BUILD_HOST=archlinux |