diff -Nru qemu-8.0.4+dfsg/debian/changelog qemu-8.0.4+dfsg/debian/changelog --- qemu-8.0.4+dfsg/debian/changelog 2023-10-03 22:13:20.000000000 +0000 +++ qemu-8.0.4+dfsg/debian/changelog 2023-11-30 13:22:57.000000000 +0000 @@ -1,3 +1,35 @@ +qemu (1:8.0.4+dfsg-1ubuntu3.23.10.2) mantic-security; urgency=medium + + * SECURITY UPDATE: OOB read in RDMA device + - debian/patches/CVE-2023-1544.patch: protect against buggy or + malicious guest driver in hw/rdma/vmw/pvrdma_main.c. + - CVE-2023-1544 + * SECURITY UPDATE: null pointer deref in NVME device + - debian/patches/CVE-2023-40360.patch: fix null pointer access in + directive receive in hw/nvme/ctrl.c. + - CVE-2023-40360 + * SECURITY UPDATE: OOB read in NVME device + - debian/patches/CVE-2023-4135.patch: fix oob memory read in fdp events + log in hw/nvme/ctrl.c. + - CVE-2023-4135 + * SECURITY UPDATE: division by zero via scsi block size + - debian/patches/CVE-2023-42467.patch: disallow block sizes smaller + than 512 in hw/scsi/scsi-disk.c. + - CVE-2023-42467 + * SECURITY UPDATE: disk offset 0 access + - debian/patches/CVE-2023-5088.patch: cancel async DMA operation before + resetting state in hw/ide/core.c. + - CVE-2023-5088 + + -- Marc Deslauriers Thu, 30 Nov 2023 08:22:57 -0500 + +qemu (1:8.0.4+dfsg-1ubuntu3.23.10.1) mantic; urgency=medium + + * d/p/u/lp2003673-*.patch: Enable passthrough of IBM Z crypto + hardware to Secure Execution guests. (LP: #2003673) + + -- Sergio Durigan Junior Mon, 30 Oct 2023 16:16:32 -0400 + qemu (1:8.0.4+dfsg-1ubuntu3) mantic; urgency=medium * d/rules: Get rid of binary-helper target; explicitly invoke its diff -Nru qemu-8.0.4+dfsg/debian/patches/CVE-2023-1544.patch qemu-8.0.4+dfsg/debian/patches/CVE-2023-1544.patch --- qemu-8.0.4+dfsg/debian/patches/CVE-2023-1544.patch 1970-01-01 00:00:00.000000000 +0000 +++ qemu-8.0.4+dfsg/debian/patches/CVE-2023-1544.patch 2023-11-30 13:21:39.000000000 +0000 @@ -0,0 +1,65 @@ +From 85fc35afa93c7320d1641d344d0c5dfbe341d087 Mon Sep 17 00:00:00 2001 +From: Yuval Shaia +Date: Wed, 1 Mar 2023 16:29:26 +0200 +Subject: [PATCH] hw/pvrdma: Protect against buggy or malicious guest driver + +Guest driver allocates and initialize page tables to be used as a ring +of descriptors for CQ and async events. +The page table that represents the ring, along with the number of pages +in the page table is passed to the device. +Currently our device supports only one page table for a ring. + +Let's make sure that the number of page table entries the driver +reports, do not exceeds the one page table size. + +Reported-by: Soul Chen +Signed-off-by: Yuval Shaia +Fixes: CVE-2023-1544 +Message-ID: <20230301142926.18686-1-yuval.shaia.ml@gmail.com> +Signed-off-by: Thomas Huth +--- + hw/rdma/vmw/pvrdma_main.c | 16 +++++++++++++++- + 1 file changed, 15 insertions(+), 1 deletion(-) + +diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c +index 4fc67120256..55b338046e6 100644 +--- a/hw/rdma/vmw/pvrdma_main.c ++++ b/hw/rdma/vmw/pvrdma_main.c +@@ -91,19 +91,33 @@ static int init_dev_ring(PvrdmaRing *ring, PvrdmaRingState **ring_state, + dma_addr_t dir_addr, uint32_t num_pages) + { + uint64_t *dir, *tbl; +- int rc = 0; ++ int max_pages, rc = 0; + + if (!num_pages) { + rdma_error_report("Ring pages count must be strictly positive"); + return -EINVAL; + } + ++ /* ++ * Make sure we can satisfy the requested number of pages in a single ++ * TARGET_PAGE_SIZE sized page table (taking into account that first entry ++ * is reserved for ring-state) ++ */ ++ max_pages = TARGET_PAGE_SIZE / sizeof(dma_addr_t) - 1; ++ if (num_pages > max_pages) { ++ rdma_error_report("Maximum pages on a single directory must not exceed %d\n", ++ max_pages); ++ return -EINVAL; ++ } ++ + dir = rdma_pci_dma_map(pci_dev, dir_addr, TARGET_PAGE_SIZE); + if (!dir) { + rdma_error_report("Failed to map to page directory (ring %s)", name); + rc = -ENOMEM; + goto out; + } ++ ++ /* We support only one page table for a ring */ + tbl = rdma_pci_dma_map(pci_dev, dir[0], TARGET_PAGE_SIZE); + if (!tbl) { + rdma_error_report("Failed to map to page table (ring %s)", name); +-- +GitLab + diff -Nru qemu-8.0.4+dfsg/debian/patches/CVE-2023-40360.patch qemu-8.0.4+dfsg/debian/patches/CVE-2023-40360.patch --- qemu-8.0.4+dfsg/debian/patches/CVE-2023-40360.patch 1970-01-01 00:00:00.000000000 +0000 +++ qemu-8.0.4+dfsg/debian/patches/CVE-2023-40360.patch 2023-11-30 13:22:06.000000000 +0000 @@ -0,0 +1,31 @@ +From 6c8f8456cb0b239812dee5211881426496da7b98 Mon Sep 17 00:00:00 2001 +From: Klaus Jensen +Date: Tue, 8 Aug 2023 17:16:13 +0200 +Subject: [PATCH] hw/nvme: fix null pointer access in directive receive + +nvme_directive_receive() does not check if an endurance group has been +configured (set) prior to testing if flexible data placement is enabled +or not. + +Fix this. + +Cc: qemu-stable@nongnu.org +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1815 +Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation") +Reviewed-by: Jesper Wendel Devantier +Signed-off-by: Klaus Jensen +--- + hw/nvme/ctrl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/hw/nvme/ctrl.c ++++ b/hw/nvme/ctrl.c +@@ -6862,7 +6862,7 @@ static uint16_t nvme_directive_receive(N + case NVME_DIRECTIVE_IDENTIFY: + switch (doper) { + case NVME_DIRECTIVE_RETURN_PARAMS: +- if (ns->endgrp->fdp.enabled) { ++ if (ns->endgrp && ns->endgrp->fdp.enabled) { + id.supported |= 1 << NVME_DIRECTIVE_DATA_PLACEMENT; + id.enabled |= 1 << NVME_DIRECTIVE_DATA_PLACEMENT; + id.persistent |= 1 << NVME_DIRECTIVE_DATA_PLACEMENT; diff -Nru qemu-8.0.4+dfsg/debian/patches/CVE-2023-4135.patch qemu-8.0.4+dfsg/debian/patches/CVE-2023-4135.patch --- qemu-8.0.4+dfsg/debian/patches/CVE-2023-4135.patch 1970-01-01 00:00:00.000000000 +0000 +++ qemu-8.0.4+dfsg/debian/patches/CVE-2023-4135.patch 2023-11-30 13:22:20.000000000 +0000 @@ -0,0 +1,36 @@ +From ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Mon Sep 17 00:00:00 2001 +From: Klaus Jensen +Date: Thu, 3 Aug 2023 20:44:23 +0200 +Subject: [PATCH] hw/nvme: fix oob memory read in fdp events log + +As reported by Trend Micro's Zero Day Initiative, an oob memory read +vulnerability exists in nvme_fdp_events(). The host-provided offset is +not verified. + +Fix this. + +This is only exploitable when Flexible Data Placement mode (fdp=on) is +enabled. + +Fixes: CVE-2023-4135 +Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation") +Reported-by: Trend Micro's Zero Day Initiative +Signed-off-by: Klaus Jensen +--- + hw/nvme/ctrl.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/hw/nvme/ctrl.c ++++ b/hw/nvme/ctrl.c +@@ -5091,6 +5091,11 @@ static uint16_t nvme_fdp_events(NvmeCtrl + } + + log_size = sizeof(NvmeFdpEventsLog) + ebuf->nelems * sizeof(NvmeFdpEvent); ++ ++ if (off >= log_size) { ++ return NVME_INVALID_FIELD | NVME_DNR; ++ } ++ + trans_len = MIN(log_size - off, buf_len); + elog = g_malloc0(log_size); + elog->num_events = cpu_to_le32(ebuf->nelems); diff -Nru qemu-8.0.4+dfsg/debian/patches/CVE-2023-42467.patch qemu-8.0.4+dfsg/debian/patches/CVE-2023-42467.patch --- qemu-8.0.4+dfsg/debian/patches/CVE-2023-42467.patch 1970-01-01 00:00:00.000000000 +0000 +++ qemu-8.0.4+dfsg/debian/patches/CVE-2023-42467.patch 2023-11-30 13:22:28.000000000 +0000 @@ -0,0 +1,44 @@ +From 7cfcc79b0ab800959716738aff9419f53fc68c9c Mon Sep 17 00:00:00 2001 +From: Thomas Huth +Date: Mon, 25 Sep 2023 11:18:54 +0200 +Subject: [PATCH] hw/scsi/scsi-disk: Disallow block sizes smaller than 512 + [CVE-2023-42467] + +We are doing things like + + nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE); + +in the code here (e.g. in scsi_disk_emulate_mode_sense()), so if +the blocksize is smaller than BDRV_SECTOR_SIZE (=512), this crashes +with a division by 0 exception. Thus disallow block sizes of 256 +bytes to avoid this situation. + +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1813 +CVE: 2023-42467 +Signed-off-by: Thomas Huth +Message-ID: <20230925091854.49198-1-thuth@redhat.com> +Signed-off-by: Paolo Bonzini +--- + hw/scsi/scsi-disk.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c +index e0d79c7966c..477ee2bcd47 100644 +--- a/hw/scsi/scsi-disk.c ++++ b/hw/scsi/scsi-disk.c +@@ -1628,9 +1628,10 @@ static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) + * Since the existing code only checks/updates bits 8-15 of the block + * size, restrict ourselves to the same requirement for now to ensure + * that a block size set by a block descriptor and then read back by +- * a subsequent SCSI command will be the same ++ * a subsequent SCSI command will be the same. Also disallow a block ++ * size of 256 since we cannot handle anything below BDRV_SECTOR_SIZE. + */ +- if (bs && !(bs & ~0xff00) && bs != s->qdev.blocksize) { ++ if (bs && !(bs & ~0xfe00) && bs != s->qdev.blocksize) { + s->qdev.blocksize = bs; + trace_scsi_disk_mode_select_set_blocksize(s->qdev.blocksize); + } +-- +GitLab + diff -Nru qemu-8.0.4+dfsg/debian/patches/CVE-2023-5088.patch qemu-8.0.4+dfsg/debian/patches/CVE-2023-5088.patch --- qemu-8.0.4+dfsg/debian/patches/CVE-2023-5088.patch 1970-01-01 00:00:00.000000000 +0000 +++ qemu-8.0.4+dfsg/debian/patches/CVE-2023-5088.patch 2023-11-30 13:22:41.000000000 +0000 @@ -0,0 +1,105 @@ +From 7d7512019fc40c577e2bdd61f114f31a9eb84a8e Mon Sep 17 00:00:00 2001 +From: Fiona Ebner +Date: Wed, 6 Sep 2023 15:09:21 +0200 +Subject: [PATCH] hw/ide: reset: cancel async DMA operation before resetting + state +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If there is a pending DMA operation during ide_bus_reset(), the fact +that the IDEState is already reset before the operation is canceled +can be problematic. In particular, ide_dma_cb() might be called and +then use the reset IDEState which contains the signature after the +reset. When used to construct the IO operation this leads to +ide_get_sector() returning 0 and nsector being 1. This is particularly +bad, because a write command will thus destroy the first sector which +often contains a partition table or similar. + +Traces showing the unsolicited write happening with IDEState +0x5595af6949d0 being used after reset: + +> ahci_port_write ahci(0x5595af6923f0)[0]: port write [reg:PxSCTL] @ 0x2c: 0x00000300 +> ahci_reset_port ahci(0x5595af6923f0)[0]: reset port +> ide_reset IDEstate 0x5595af6949d0 +> ide_reset IDEstate 0x5595af694da8 +> ide_bus_reset_aio aio_cancel +> dma_aio_cancel dbs=0x7f64600089a0 +> dma_blk_cb dbs=0x7f64600089a0 ret=0 +> dma_complete dbs=0x7f64600089a0 ret=0 cb=0x5595acd40b30 +> ahci_populate_sglist ahci(0x5595af6923f0)[0] +> ahci_dma_prepare_buf ahci(0x5595af6923f0)[0]: prepare buf limit=512 prepared=512 +> ide_dma_cb IDEState 0x5595af6949d0; sector_num=0 n=1 cmd=DMA WRITE +> dma_blk_io dbs=0x7f6420802010 bs=0x5595ae2c6c30 offset=0 to_dev=1 +> dma_blk_cb dbs=0x7f6420802010 ret=0 + +> (gdb) p *qiov +> $11 = {iov = 0x7f647c76d840, niov = 1, {{nalloc = 1, local_iov = {iov_base = 0x0, +> iov_len = 512}}, {__pad = "\001\000\000\000\000\000\000\000\000\000\000", +> size = 512}}} +> (gdb) bt +> #0 blk_aio_pwritev (blk=0x5595ae2c6c30, offset=0, qiov=0x7f6420802070, flags=0, +> cb=0x5595ace6f0b0 , opaque=0x7f6420802010) +> at ../block/block-backend.c:1682 +> #1 0x00005595ace6f185 in dma_blk_cb (opaque=0x7f6420802010, ret=) +> at ../softmmu/dma-helpers.c:179 +> #2 0x00005595ace6f778 in dma_blk_io (ctx=0x5595ae0609f0, +> sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512, +> io_func=io_func@entry=0x5595ace6ee30 , +> io_func_opaque=io_func_opaque@entry=0x5595ae2c6c30, +> cb=0x5595acd40b30 , opaque=0x5595af6949d0, +> dir=DMA_DIRECTION_TO_DEVICE) at ../softmmu/dma-helpers.c:244 +> #3 0x00005595ace6f90a in dma_blk_write (blk=0x5595ae2c6c30, +> sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512, +> cb=cb@entry=0x5595acd40b30 , opaque=opaque@entry=0x5595af6949d0) +> at ../softmmu/dma-helpers.c:280 +> #4 0x00005595acd40e18 in ide_dma_cb (opaque=0x5595af6949d0, ret=) +> at ../hw/ide/core.c:953 +> #5 0x00005595ace6f319 in dma_complete (ret=0, dbs=0x7f64600089a0) +> at ../softmmu/dma-helpers.c:107 +> #6 dma_blk_cb (opaque=0x7f64600089a0, ret=0) at ../softmmu/dma-helpers.c:127 +> #7 0x00005595ad12227d in blk_aio_complete (acb=0x7f6460005b10) +> at ../block/block-backend.c:1527 +> #8 blk_aio_complete (acb=0x7f6460005b10) at ../block/block-backend.c:1524 +> #9 blk_aio_write_entry (opaque=0x7f6460005b10) at ../block/block-backend.c:1594 +> #10 0x00005595ad258cfb in coroutine_trampoline (i0=, +> i1=) at ../util/coroutine-ucontext.c:177 + +Signed-off-by: Fiona Ebner +Reviewed-by: Philippe Mathieu-Daudé +Tested-by: simon.rowe@nutanix.com +Message-ID: <20230906130922.142845-1-f.ebner@proxmox.com> +Signed-off-by: Philippe Mathieu-Daudé +--- + hw/ide/core.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +--- a/hw/ide/core.c ++++ b/hw/ide/core.c +@@ -2513,19 +2513,19 @@ static void ide_dummy_transfer_stop(IDES + + void ide_bus_reset(IDEBus *bus) + { +- bus->unit = 0; +- bus->cmd = 0; +- ide_reset(&bus->ifs[0]); +- ide_reset(&bus->ifs[1]); +- ide_clear_hob(bus); +- +- /* pending async DMA */ ++ /* pending async DMA - needs the IDEState before it is reset */ + if (bus->dma->aiocb) { + trace_ide_bus_reset_aio(); + blk_aio_cancel(bus->dma->aiocb); + bus->dma->aiocb = NULL; + } + ++ bus->unit = 0; ++ bus->cmd = 0; ++ ide_reset(&bus->ifs[0]); ++ ide_reset(&bus->ifs[1]); ++ ide_clear_hob(bus); ++ + /* reset dma provider too */ + if (bus->dma->ops->reset) { + bus->dma->ops->reset(bus->dma); diff -Nru qemu-8.0.4+dfsg/debian/patches/series qemu-8.0.4+dfsg/debian/patches/series --- qemu-8.0.4+dfsg/debian/patches/series 2023-09-27 18:31:37.000000000 +0000 +++ qemu-8.0.4+dfsg/debian/patches/series 2023-11-30 13:22:37.000000000 +0000 @@ -24,3 +24,15 @@ ubuntu/define-ubuntu-machine-types.patch ubuntu/pre-bionic-256k-ipxe-efi-roms.patch ubuntu/qboot-Disable-LTO-for-ELF-binary-build-step.patch +ubuntu/lp2003673-update-linux-headers-6.3rc5.patch +ubuntu/lp2003673-update-linux-headers-6.5rc1.patch +ubuntu/lp2003673-s390x-fix-missing-subsystem-reset-registration.patch +ubuntu/lp2003673-s390x-system-reset-before-unprotect-on-reboot.patch +ubuntu/lp2003673-update-linux-headers-6.6rc1.patch +ubuntu/lp2003673-s390x-refactor-ap-functionalities.patch +ubuntu/lp2003673-s390x-ap-passthrough-for-pv-guests.patch +CVE-2023-1544.patch +CVE-2023-40360.patch +CVE-2023-4135.patch +CVE-2023-42467.patch +CVE-2023-5088.patch diff -Nru qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-s390x-ap-passthrough-for-pv-guests.patch qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-s390x-ap-passthrough-for-pv-guests.patch --- qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-s390x-ap-passthrough-for-pv-guests.patch 1970-01-01 00:00:00.000000000 +0000 +++ qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-s390x-ap-passthrough-for-pv-guests.patch 2023-10-30 20:16:32.000000000 +0000 @@ -0,0 +1,178 @@ +From: Steffen Eiden +Date: Wed, 23 Aug 2023 16:22:19 +0200 +Subject: target/s390x: AP-passthrough for PV guests + +Enabling AP-passthrough(AP-pt) for PV-guest by using the new CPU +features for PV-AP-pt of KVM. + +As usual QEMU first checks which CPU features are available and then +sets them if available and selected by user. An additional check is done +to verify that PV-AP can only be enabled if "regular" AP-pt is enabled +as well. Note that KVM itself does not enforce this restriction. + +Reviewed-by: Michael Mueller +Reviewed-by: Thomas Huth +Signed-off-by: Steffen Eiden +Message-ID: <20230823142219.1046522-6-seiden@linux.ibm.com> +Signed-off-by: Thomas Huth + +Origin: upstream, https://gitlab.com/qemu-project/qemu/-/commit/5ac951519c +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2003673 +--- + target/s390x/cpu_features.h | 1 + + target/s390x/cpu_features_def.h.inc | 4 +++ + target/s390x/cpu_models.c | 2 ++ + target/s390x/gen-features.c | 2 ++ + target/s390x/kvm/kvm.c | 70 +++++++++++++++++++++++++++++++++++++ + 5 files changed, 79 insertions(+) + +diff --git a/target/s390x/cpu_features.h b/target/s390x/cpu_features.h +index 87463f0..a9bd68a 100644 +--- a/target/s390x/cpu_features.h ++++ b/target/s390x/cpu_features.h +@@ -43,6 +43,7 @@ typedef enum { + S390_FEAT_TYPE_KDSA, + S390_FEAT_TYPE_SORTL, + S390_FEAT_TYPE_DFLTCC, ++ S390_FEAT_TYPE_UV_FEAT_GUEST, + } S390FeatType; + + /* Definition of a CPU feature */ +diff --git a/target/s390x/cpu_features_def.h.inc b/target/s390x/cpu_features_def.h.inc +index e3cfe63..e68da9b 100644 +--- a/target/s390x/cpu_features_def.h.inc ++++ b/target/s390x/cpu_features_def.h.inc +@@ -379,3 +379,7 @@ DEF_FEAT(DEFLATE_GHDT, "dfltcc-gdht", DFLTCC, 1, "DFLTCC GDHT") + DEF_FEAT(DEFLATE_CMPR, "dfltcc-cmpr", DFLTCC, 2, "DFLTCC CMPR") + DEF_FEAT(DEFLATE_XPND, "dfltcc-xpnd", DFLTCC, 4, "DFLTCC XPND") + DEF_FEAT(DEFLATE_F0, "dfltcc-f0", DFLTCC, 192, "DFLTCC format 0 parameter-block") ++ ++/* Features exposed via the UV-CALL instruction */ ++DEF_FEAT(UV_FEAT_AP, "appv", UV_FEAT_GUEST, 4, "AP instructions installed for secure guests") ++DEF_FEAT(UV_FEAT_AP_INTR, "appvi", UV_FEAT_GUEST, 5, "AP instructions interruption support for secure guests") +diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c +index ae8880e..b5ae455 100644 +--- a/target/s390x/cpu_models.c ++++ b/target/s390x/cpu_models.c +@@ -483,6 +483,8 @@ static void check_consistency(const S390CPUModel *model) + { S390_FEAT_DIAG_318, S390_FEAT_EXTENDED_LENGTH_SCCB }, + { S390_FEAT_NNPA, S390_FEAT_VECTOR }, + { S390_FEAT_RDP, S390_FEAT_LOCAL_TLB_CLEARING }, ++ { S390_FEAT_UV_FEAT_AP, S390_FEAT_AP }, ++ { S390_FEAT_UV_FEAT_AP_INTR, S390_FEAT_UV_FEAT_AP }, + }; + int i; + +diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c +index 1e3b7c0..2b2bfc3 100644 +--- a/target/s390x/gen-features.c ++++ b/target/s390x/gen-features.c +@@ -576,6 +576,8 @@ static uint16_t full_GEN16_GA1[] = { + S390_FEAT_RDP, + S390_FEAT_PAI, + S390_FEAT_PAIE, ++ S390_FEAT_UV_FEAT_AP, ++ S390_FEAT_UV_FEAT_AP_INTR, + }; + + +diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c +index d973768..309f870 100644 +--- a/target/s390x/kvm/kvm.c ++++ b/target/s390x/kvm/kvm.c +@@ -2307,6 +2307,42 @@ static bool ap_enabled(const S390FeatBitmap features) + return test_bit(S390_FEAT_AP, features); + } + ++static bool uv_feat_supported(void) ++{ ++ return kvm_vm_check_attr(kvm_state, KVM_S390_VM_CPU_MODEL, ++ KVM_S390_VM_CPU_PROCESSOR_UV_FEAT_GUEST); ++} ++ ++static int query_uv_feat_guest(S390FeatBitmap features) ++{ ++ struct kvm_s390_vm_cpu_uv_feat prop = {}; ++ struct kvm_device_attr attr = { ++ .group = KVM_S390_VM_CPU_MODEL, ++ .attr = KVM_S390_VM_CPU_MACHINE_UV_FEAT_GUEST, ++ .addr = (uint64_t) &prop, ++ }; ++ int rc; ++ ++ /* AP support check is currently the only user of the UV feature test */ ++ if (!(uv_feat_supported() && ap_available())) { ++ return 0; ++ } ++ ++ rc = kvm_vm_ioctl(kvm_state, KVM_GET_DEVICE_ATTR, &attr); ++ if (rc) { ++ return rc; ++ } ++ ++ if (prop.ap) { ++ set_bit(S390_FEAT_UV_FEAT_AP, features); ++ } ++ if (prop.ap_intr) { ++ set_bit(S390_FEAT_UV_FEAT_AP_INTR, features); ++ } ++ ++ return 0; ++} ++ + static int kvm_to_feat[][2] = { + { KVM_S390_VM_CPU_FEAT_ESOP, S390_FEAT_ESOP }, + { KVM_S390_VM_CPU_FEAT_SIEF2, S390_FEAT_SIE_F2 }, +@@ -2501,11 +2537,38 @@ void kvm_s390_get_host_cpu_model(S390CPUModel *model, Error **errp) + set_bit(S390_FEAT_DIAG_318, model->features); + } + ++ /* Test for Ultravisor features that influence secure guest behavior */ ++ query_uv_feat_guest(model->features); ++ + /* strip of features that are not part of the maximum model */ + bitmap_and(model->features, model->features, model->def->full_feat, + S390_FEAT_MAX); + } + ++static int configure_uv_feat_guest(const S390FeatBitmap features) ++{ ++ struct kvm_s390_vm_cpu_uv_feat uv_feat = {}; ++ struct kvm_device_attr attribute = { ++ .group = KVM_S390_VM_CPU_MODEL, ++ .attr = KVM_S390_VM_CPU_PROCESSOR_UV_FEAT_GUEST, ++ .addr = (__u64) &uv_feat, ++ }; ++ ++ /* AP support check is currently the only user of the UV feature test */ ++ if (!(uv_feat_supported() && ap_enabled(features))) { ++ return 0; ++ } ++ ++ if (test_bit(S390_FEAT_UV_FEAT_AP, features)) { ++ uv_feat.ap = 1; ++ } ++ if (test_bit(S390_FEAT_UV_FEAT_AP_INTR, features)) { ++ uv_feat.ap_intr = 1; ++ } ++ ++ return kvm_vm_ioctl(kvm_state, KVM_SET_DEVICE_ATTR, &attribute); ++} ++ + static void kvm_s390_configure_apie(bool interpret) + { + uint64_t attr = interpret ? KVM_S390_VM_CRYPTO_ENABLE_APIE : +@@ -2569,6 +2632,13 @@ void kvm_s390_apply_cpu_model(const S390CPUModel *model, Error **errp) + if (ap_enabled(model->features)) { + kvm_s390_configure_apie(true); + } ++ ++ /* configure UV-features for the guest indicated via query / test_bit */ ++ rc = configure_uv_feat_guest(model->features); ++ if (rc) { ++ error_setg(errp, "KVM: Error configuring CPU UV features %d", rc); ++ return; ++ } + } + + void kvm_s390_restart_interrupt(S390CPU *cpu) diff -Nru qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-s390x-fix-missing-subsystem-reset-registration.patch qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-s390x-fix-missing-subsystem-reset-registration.patch --- qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-s390x-fix-missing-subsystem-reset-registration.patch 1970-01-01 00:00:00.000000000 +0000 +++ qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-s390x-fix-missing-subsystem-reset-registration.patch 2023-10-30 20:16:32.000000000 +0000 @@ -0,0 +1,33 @@ +From: Janosch Frank +Date: Wed, 23 Aug 2023 16:22:15 +0200 +Subject: s390x/ap: fix missing subsystem reset registration + +A subsystem reset contains a reset of AP resources which has been +missing. Adding the AP bridge to the list of device types that need +reset fixes this issue. + +Reviewed-by: Jason J. Herne +Reviewed-by: Tony Krowiak +Signed-off-by: Janosch Frank +Fixes: a51b3153 ("s390x/ap: base Adjunct Processor (AP) object model") +Message-ID: <20230823142219.1046522-2-seiden@linux.ibm.com> +Signed-off-by: Thomas Huth + +Origin: upstream, https://gitlab.com/qemu-project/qemu/-/commit/297ec01f0b +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2003673 +--- + hw/s390x/s390-virtio-ccw.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c +index 2e1f0f0..59d83e1 100644 +--- a/hw/s390x/s390-virtio-ccw.c ++++ b/hw/s390x/s390-virtio-ccw.c +@@ -109,6 +109,7 @@ static const char *const reset_dev_types[] = { + "s390-flic", + "diag288", + TYPE_S390_PCI_HOST_BRIDGE, ++ TYPE_AP_BRIDGE, + }; + + static void subsystem_reset(void) diff -Nru qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-s390x-refactor-ap-functionalities.patch qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-s390x-refactor-ap-functionalities.patch --- qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-s390x-refactor-ap-functionalities.patch 1970-01-01 00:00:00.000000000 +0000 +++ qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-s390x-refactor-ap-functionalities.patch 2023-10-30 20:16:32.000000000 +0000 @@ -0,0 +1,100 @@ +From: Steffen Eiden +Date: Wed, 23 Aug 2023 16:22:18 +0200 +Subject: target/s390x/kvm: Refactor AP functionalities + +kvm_s390_set_attr() is a misleading name as it only sets attributes for +the KVM_S390_VM_CRYPTO group. Therefore, rename it to +kvm_s390_set_crypto_attr(). + +Add new functions ap_available() and ap_enabled() to avoid code +duplication later. + +Reviewed-by: Thomas Huth +Reviewed-by: Michael Mueller +Signed-off-by: Steffen Eiden +Message-ID: <20230823142219.1046522-5-seiden@linux.ibm.com> +Signed-off-by: Thomas Huth + +Origin: upstream, https://gitlab.com/qemu-project/qemu/-/commit/354383c122 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2003673 +--- + target/s390x/kvm/kvm.c | 24 +++++++++++++++++------- + 1 file changed, 17 insertions(+), 7 deletions(-) + +diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c +index 3ac7ec9..d973768 100644 +--- a/target/s390x/kvm/kvm.c ++++ b/target/s390x/kvm/kvm.c +@@ -250,7 +250,7 @@ static void kvm_s390_enable_cmma(void) + trace_kvm_enable_cmma(rc); + } + +-static void kvm_s390_set_attr(uint64_t attr) ++static void kvm_s390_set_crypto_attr(uint64_t attr) + { + struct kvm_device_attr attribute = { + .group = KVM_S390_VM_CRYPTO, +@@ -275,7 +275,7 @@ static void kvm_s390_init_aes_kw(void) + } + + if (kvm_vm_check_attr(kvm_state, KVM_S390_VM_CRYPTO, attr)) { +- kvm_s390_set_attr(attr); ++ kvm_s390_set_crypto_attr(attr); + } + } + +@@ -289,7 +289,7 @@ static void kvm_s390_init_dea_kw(void) + } + + if (kvm_vm_check_attr(kvm_state, KVM_S390_VM_CRYPTO, attr)) { +- kvm_s390_set_attr(attr); ++ kvm_s390_set_crypto_attr(attr); + } + } + +@@ -2296,6 +2296,17 @@ static int configure_cpu_subfunc(const S390FeatBitmap features) + return kvm_vm_ioctl(kvm_state, KVM_SET_DEVICE_ATTR, &attr); + } + ++static bool ap_available(void) ++{ ++ return kvm_vm_check_attr(kvm_state, KVM_S390_VM_CRYPTO, ++ KVM_S390_VM_CRYPTO_ENABLE_APIE); ++} ++ ++static bool ap_enabled(const S390FeatBitmap features) ++{ ++ return test_bit(S390_FEAT_AP, features); ++} ++ + static int kvm_to_feat[][2] = { + { KVM_S390_VM_CPU_FEAT_ESOP, S390_FEAT_ESOP }, + { KVM_S390_VM_CPU_FEAT_SIEF2, S390_FEAT_SIE_F2 }, +@@ -2475,8 +2486,7 @@ void kvm_s390_get_host_cpu_model(S390CPUModel *model, Error **errp) + return; + } + /* for now, we can only provide the AP feature with HW support */ +- if (kvm_vm_check_attr(kvm_state, KVM_S390_VM_CRYPTO, +- KVM_S390_VM_CRYPTO_ENABLE_APIE)) { ++ if (ap_available()) { + set_bit(S390_FEAT_AP, model->features); + } + +@@ -2502,7 +2512,7 @@ static void kvm_s390_configure_apie(bool interpret) + KVM_S390_VM_CRYPTO_DISABLE_APIE; + + if (kvm_vm_check_attr(kvm_state, KVM_S390_VM_CRYPTO, attr)) { +- kvm_s390_set_attr(attr); ++ kvm_s390_set_crypto_attr(attr); + } + } + +@@ -2556,7 +2566,7 @@ void kvm_s390_apply_cpu_model(const S390CPUModel *model, Error **errp) + kvm_s390_enable_cmma(); + } + +- if (test_bit(S390_FEAT_AP, model->features)) { ++ if (ap_enabled(model->features)) { + kvm_s390_configure_apie(true); + } + } diff -Nru qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-s390x-system-reset-before-unprotect-on-reboot.patch qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-s390x-system-reset-before-unprotect-on-reboot.patch --- qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-s390x-system-reset-before-unprotect-on-reboot.patch 1970-01-01 00:00:00.000000000 +0000 +++ qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-s390x-system-reset-before-unprotect-on-reboot.patch 2023-10-30 20:16:32.000000000 +0000 @@ -0,0 +1,51 @@ +From: Janosch Frank +Date: Fri, 1 Sep 2023 11:48:51 +0000 +Subject: s390x: do a subsystem reset before the unprotect on reboot + +Bound APQNs have to be reset before tearing down the secure config via +s390_machine_unprotect(). Otherwise the Ultravisor will return a error +code. + +So let's do a subsystem_reset() which includes a AP reset before the +unprotect call. We'll do a full device_reset() afterwards which will +reset some devices twice. That's ok since we can't move the +device_reset() before the unprotect as it includes a CPU clear reset +which the Ultravisor does not expect at that point in time. + +Signed-off-by: Janosch Frank +Message-ID: <20230901114851.154357-1-frankja@linux.ibm.com> +Tested-by: Viktor Mihajlovski +Acked-by: Christian Borntraeger +Signed-off-by: Thomas Huth + +Origin: upstream, https://gitlab.com/qemu-project/qemu/-/commit/ef1535901a +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2003673 +--- + hw/s390x/s390-virtio-ccw.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c +index 59d83e1..cbf1780 100644 +--- a/hw/s390x/s390-virtio-ccw.c ++++ b/hw/s390x/s390-virtio-ccw.c +@@ -441,10 +441,20 @@ static void s390_machine_reset(MachineState *machine, ShutdownCause reason) + switch (reset_type) { + case S390_RESET_EXTERNAL: + case S390_RESET_REIPL: ++ /* ++ * Reset the subsystem which includes a AP reset. If a PV ++ * guest had APQNs attached the AP reset is a prerequisite to ++ * unprotecting since the UV checks if all APQNs are reset. ++ */ ++ subsystem_reset(); + if (s390_is_pv()) { + s390_machine_unprotect(ms); + } + ++ /* ++ * Device reset includes CPU clear resets so this has to be ++ * done AFTER the unprotect call above. ++ */ + qemu_devices_reset(reason); + s390_crypto_reset(); + diff -Nru qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-update-linux-headers-6.3rc5.patch qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-update-linux-headers-6.3rc5.patch --- qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-update-linux-headers-6.3rc5.patch 1970-01-01 00:00:00.000000000 +0000 +++ qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-update-linux-headers-6.3rc5.patch 2023-10-30 20:16:32.000000000 +0000 @@ -0,0 +1,820 @@ +From: David 'Digit' Turner +Date: Wed, 5 Apr 2023 19:21:09 +0200 +Subject: Update linux headers to v6.3rc5 + +commit 7e364e56293bb98cae1b55fd835f5991c4e96e7d + +Signed-off-by: David 'Digit' Turner +Message-Id: <20230405172109.3081788-4-digit@google.com> +Signed-off-by: Paolo Bonzini + +Origin: upstream, https://gitlab.com/qemu-project/qemu/-/commit/c5c0fdbe39a +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2003673 +Applied-Upstream: v8.1.2 +--- + include/standard-headers/drm/drm_fourcc.h | 12 +++ + include/standard-headers/linux/ethtool.h | 48 ++++++++++- + include/standard-headers/linux/fuse.h | 45 ++++++++++- + include/standard-headers/linux/pci_regs.h | 1 + + include/standard-headers/linux/vhost_types.h | 2 + + include/standard-headers/linux/virtio_blk.h | 105 ++++++++++++++++++++++++ + linux-headers/asm-arm64/kvm.h | 1 + + linux-headers/asm-x86/kvm.h | 34 +++++++- + linux-headers/linux/const.h | 36 +++++++++ + linux-headers/linux/kvm.h | 9 +++ + linux-headers/linux/memfd.h | 39 +++++++++ + linux-headers/linux/nvme_ioctl.h | 114 +++++++++++++++++++++++++++ + linux-headers/linux/stddef.h | 47 +++++++++++ + linux-headers/linux/vfio.h | 15 ++-- + linux-headers/linux/vhost.h | 8 ++ + 15 files changed, 506 insertions(+), 10 deletions(-) + create mode 100644 linux-headers/linux/const.h + create mode 100644 linux-headers/linux/memfd.h + create mode 100644 linux-headers/linux/nvme_ioctl.h + create mode 100644 linux-headers/linux/stddef.h + +diff --git a/include/standard-headers/drm/drm_fourcc.h b/include/standard-headers/drm/drm_fourcc.h +index 69cab17..dc3e611 100644 +--- a/include/standard-headers/drm/drm_fourcc.h ++++ b/include/standard-headers/drm/drm_fourcc.h +@@ -87,6 +87,18 @@ extern "C" { + * + * The authoritative list of format modifier codes is found in + * `include/uapi/drm/drm_fourcc.h` ++ * ++ * Open Source User Waiver ++ * ----------------------- ++ * ++ * Because this is the authoritative source for pixel formats and modifiers ++ * referenced by GL, Vulkan extensions and other standards and hence used both ++ * by open source and closed source driver stacks, the usual requirement for an ++ * upstream in-kernel or open source userspace user does not apply. ++ * ++ * To ensure, as much as feasible, compatibility across stacks and avoid ++ * confusion with incompatible enumerations stakeholders for all relevant driver ++ * stacks should approve additions. + */ + + #define fourcc_code(a, b, c, d) ((uint32_t)(a) | ((uint32_t)(b) << 8) | \ +diff --git a/include/standard-headers/linux/ethtool.h b/include/standard-headers/linux/ethtool.h +index 87176ab..99fcddf 100644 +--- a/include/standard-headers/linux/ethtool.h ++++ b/include/standard-headers/linux/ethtool.h +@@ -711,6 +711,24 @@ enum ethtool_stringset { + ETH_SS_COUNT + }; + ++/** ++ * enum ethtool_mac_stats_src - source of ethtool MAC statistics ++ * @ETHTOOL_MAC_STATS_SRC_AGGREGATE: ++ * if device supports a MAC merge layer, this retrieves the aggregate ++ * statistics of the eMAC and pMAC. Otherwise, it retrieves just the ++ * statistics of the single (express) MAC. ++ * @ETHTOOL_MAC_STATS_SRC_EMAC: ++ * if device supports a MM layer, this retrieves the eMAC statistics. ++ * Otherwise, it retrieves the statistics of the single (express) MAC. ++ * @ETHTOOL_MAC_STATS_SRC_PMAC: ++ * if device supports a MM layer, this retrieves the pMAC statistics. ++ */ ++enum ethtool_mac_stats_src { ++ ETHTOOL_MAC_STATS_SRC_AGGREGATE, ++ ETHTOOL_MAC_STATS_SRC_EMAC, ++ ETHTOOL_MAC_STATS_SRC_PMAC, ++}; ++ + /** + * enum ethtool_module_power_mode_policy - plug-in module power mode policy + * @ETHTOOL_MODULE_POWER_MODE_POLICY_HIGH: Module is always in high power mode. +@@ -779,6 +797,31 @@ enum ethtool_podl_pse_pw_d_status { + ETHTOOL_PODL_PSE_PW_D_STATUS_ERROR, + }; + ++/** ++ * enum ethtool_mm_verify_status - status of MAC Merge Verify function ++ * @ETHTOOL_MM_VERIFY_STATUS_UNKNOWN: ++ * verification status is unknown ++ * @ETHTOOL_MM_VERIFY_STATUS_INITIAL: ++ * the 802.3 Verify State diagram is in the state INIT_VERIFICATION ++ * @ETHTOOL_MM_VERIFY_STATUS_VERIFYING: ++ * the Verify State diagram is in the state VERIFICATION_IDLE, ++ * SEND_VERIFY or WAIT_FOR_RESPONSE ++ * @ETHTOOL_MM_VERIFY_STATUS_SUCCEEDED: ++ * indicates that the Verify State diagram is in the state VERIFIED ++ * @ETHTOOL_MM_VERIFY_STATUS_FAILED: ++ * the Verify State diagram is in the state VERIFY_FAIL ++ * @ETHTOOL_MM_VERIFY_STATUS_DISABLED: ++ * verification of preemption operation is disabled ++ */ ++enum ethtool_mm_verify_status { ++ ETHTOOL_MM_VERIFY_STATUS_UNKNOWN, ++ ETHTOOL_MM_VERIFY_STATUS_INITIAL, ++ ETHTOOL_MM_VERIFY_STATUS_VERIFYING, ++ ETHTOOL_MM_VERIFY_STATUS_SUCCEEDED, ++ ETHTOOL_MM_VERIFY_STATUS_FAILED, ++ ETHTOOL_MM_VERIFY_STATUS_DISABLED, ++}; ++ + /** + * struct ethtool_gstrings - string set for data tagging + * @cmd: Command number = %ETHTOOL_GSTRINGS +@@ -1183,7 +1226,7 @@ struct ethtool_rxnfc { + uint32_t rule_cnt; + uint32_t rss_context; + }; +- uint32_t rule_locs[0]; ++ uint32_t rule_locs[]; + }; + + +@@ -1741,6 +1784,9 @@ enum ethtool_link_mode_bit_indices { + ETHTOOL_LINK_MODE_800000baseDR8_2_Full_BIT = 96, + ETHTOOL_LINK_MODE_800000baseSR8_Full_BIT = 97, + ETHTOOL_LINK_MODE_800000baseVR8_Full_BIT = 98, ++ ETHTOOL_LINK_MODE_10baseT1S_Full_BIT = 99, ++ ETHTOOL_LINK_MODE_10baseT1S_Half_BIT = 100, ++ ETHTOOL_LINK_MODE_10baseT1S_P2MP_Half_BIT = 101, + + /* must be last entry */ + __ETHTOOL_LINK_MODE_MASK_NBITS +diff --git a/include/standard-headers/linux/fuse.h b/include/standard-headers/linux/fuse.h +index a1af78d..35c131a 100644 +--- a/include/standard-headers/linux/fuse.h ++++ b/include/standard-headers/linux/fuse.h +@@ -201,6 +201,11 @@ + * 7.38 + * - add FUSE_EXPIRE_ONLY flag to fuse_notify_inval_entry + * - add FOPEN_PARALLEL_DIRECT_WRITES ++ * - add total_extlen to fuse_in_header ++ * - add FUSE_MAX_NR_SECCTX ++ * - add extension header ++ * - add FUSE_EXT_GROUPS ++ * - add FUSE_CREATE_SUPP_GROUP + */ + + #ifndef _LINUX_FUSE_H +@@ -358,6 +363,8 @@ struct fuse_file_lock { + * FUSE_SECURITY_CTX: add security context to create, mkdir, symlink, and + * mknod + * FUSE_HAS_INODE_DAX: use per inode DAX ++ * FUSE_CREATE_SUPP_GROUP: add supplementary group info to create, mkdir, ++ * symlink and mknod (single group that matches parent) + */ + #define FUSE_ASYNC_READ (1 << 0) + #define FUSE_POSIX_LOCKS (1 << 1) +@@ -394,6 +401,7 @@ struct fuse_file_lock { + /* bits 32..63 get shifted down 32 bits into the flags2 field */ + #define FUSE_SECURITY_CTX (1ULL << 32) + #define FUSE_HAS_INODE_DAX (1ULL << 33) ++#define FUSE_CREATE_SUPP_GROUP (1ULL << 34) + + /** + * CUSE INIT request/reply flags +@@ -499,6 +507,17 @@ struct fuse_file_lock { + */ + #define FUSE_EXPIRE_ONLY (1 << 0) + ++/** ++ * extension type ++ * FUSE_MAX_NR_SECCTX: maximum value of &fuse_secctx_header.nr_secctx ++ * FUSE_EXT_GROUPS: &fuse_supp_groups extension ++ */ ++enum fuse_ext_type { ++ /* Types 0..31 are reserved for fuse_secctx_header */ ++ FUSE_MAX_NR_SECCTX = 31, ++ FUSE_EXT_GROUPS = 32, ++}; ++ + enum fuse_opcode { + FUSE_LOOKUP = 1, + FUSE_FORGET = 2, /* no reply */ +@@ -882,7 +901,8 @@ struct fuse_in_header { + uint32_t uid; + uint32_t gid; + uint32_t pid; +- uint32_t padding; ++ uint16_t total_extlen; /* length of extensions in 8byte units */ ++ uint16_t padding; + }; + + struct fuse_out_header { +@@ -1043,4 +1063,27 @@ struct fuse_secctx_header { + uint32_t nr_secctx; + }; + ++/** ++ * struct fuse_ext_header - extension header ++ * @size: total size of this extension including this header ++ * @type: type of extension ++ * ++ * This is made compatible with fuse_secctx_header by using type values > ++ * FUSE_MAX_NR_SECCTX ++ */ ++struct fuse_ext_header { ++ uint32_t size; ++ uint32_t type; ++}; ++ ++/** ++ * struct fuse_supp_groups - Supplementary group extension ++ * @nr_groups: number of supplementary groups ++ * @groups: flexible array of group IDs ++ */ ++struct fuse_supp_groups { ++ uint32_t nr_groups; ++ uint32_t groups[]; ++}; ++ + #endif /* _LINUX_FUSE_H */ +diff --git a/include/standard-headers/linux/pci_regs.h b/include/standard-headers/linux/pci_regs.h +index 85ab127..dc2000e 100644 +--- a/include/standard-headers/linux/pci_regs.h ++++ b/include/standard-headers/linux/pci_regs.h +@@ -693,6 +693,7 @@ + #define PCI_EXP_LNKCTL2_TX_MARGIN 0x0380 /* Transmit Margin */ + #define PCI_EXP_LNKCTL2_HASD 0x0020 /* HW Autonomous Speed Disable */ + #define PCI_EXP_LNKSTA2 0x32 /* Link Status 2 */ ++#define PCI_EXP_LNKSTA2_FLIT 0x0400 /* Flit Mode Status */ + #define PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 0x32 /* end of v2 EPs w/ link */ + #define PCI_EXP_SLTCAP2 0x34 /* Slot Capabilities 2 */ + #define PCI_EXP_SLTCAP2_IBPD 0x00000001 /* In-band PD Disable Supported */ +diff --git a/include/standard-headers/linux/vhost_types.h b/include/standard-headers/linux/vhost_types.h +index c41a73fe..88600e2 100644 +--- a/include/standard-headers/linux/vhost_types.h ++++ b/include/standard-headers/linux/vhost_types.h +@@ -163,5 +163,7 @@ struct vhost_vdpa_iova_range { + #define VHOST_BACKEND_F_IOTLB_ASID 0x3 + /* Device can be suspended */ + #define VHOST_BACKEND_F_SUSPEND 0x4 ++/* Device can be resumed */ ++#define VHOST_BACKEND_F_RESUME 0x5 + + #endif +diff --git a/include/standard-headers/linux/virtio_blk.h b/include/standard-headers/linux/virtio_blk.h +index e81715c..7155b1a 100644 +--- a/include/standard-headers/linux/virtio_blk.h ++++ b/include/standard-headers/linux/virtio_blk.h +@@ -41,6 +41,7 @@ + #define VIRTIO_BLK_F_DISCARD 13 /* DISCARD is supported */ + #define VIRTIO_BLK_F_WRITE_ZEROES 14 /* WRITE ZEROES is supported */ + #define VIRTIO_BLK_F_SECURE_ERASE 16 /* Secure Erase is supported */ ++#define VIRTIO_BLK_F_ZONED 17 /* Zoned block device */ + + /* Legacy feature bits */ + #ifndef VIRTIO_BLK_NO_LEGACY +@@ -135,6 +136,16 @@ struct virtio_blk_config { + /* Secure erase commands must be aligned to this number of sectors. */ + __virtio32 secure_erase_sector_alignment; + ++ /* Zoned block device characteristics (if VIRTIO_BLK_F_ZONED) */ ++ struct virtio_blk_zoned_characteristics { ++ uint32_t zone_sectors; ++ uint32_t max_open_zones; ++ uint32_t max_active_zones; ++ uint32_t max_append_sectors; ++ uint32_t write_granularity; ++ uint8_t model; ++ uint8_t unused2[3]; ++ } zoned; + } QEMU_PACKED; + + /* +@@ -172,6 +183,27 @@ struct virtio_blk_config { + /* Secure erase command */ + #define VIRTIO_BLK_T_SECURE_ERASE 14 + ++/* Zone append command */ ++#define VIRTIO_BLK_T_ZONE_APPEND 15 ++ ++/* Report zones command */ ++#define VIRTIO_BLK_T_ZONE_REPORT 16 ++ ++/* Open zone command */ ++#define VIRTIO_BLK_T_ZONE_OPEN 18 ++ ++/* Close zone command */ ++#define VIRTIO_BLK_T_ZONE_CLOSE 20 ++ ++/* Finish zone command */ ++#define VIRTIO_BLK_T_ZONE_FINISH 22 ++ ++/* Reset zone command */ ++#define VIRTIO_BLK_T_ZONE_RESET 24 ++ ++/* Reset All zones command */ ++#define VIRTIO_BLK_T_ZONE_RESET_ALL 26 ++ + #ifndef VIRTIO_BLK_NO_LEGACY + /* Barrier before this op. */ + #define VIRTIO_BLK_T_BARRIER 0x80000000 +@@ -191,6 +223,72 @@ struct virtio_blk_outhdr { + __virtio64 sector; + }; + ++/* ++ * Supported zoned device models. ++ */ ++ ++/* Regular block device */ ++#define VIRTIO_BLK_Z_NONE 0 ++/* Host-managed zoned device */ ++#define VIRTIO_BLK_Z_HM 1 ++/* Host-aware zoned device */ ++#define VIRTIO_BLK_Z_HA 2 ++ ++/* ++ * Zone descriptor. A part of VIRTIO_BLK_T_ZONE_REPORT command reply. ++ */ ++struct virtio_blk_zone_descriptor { ++ /* Zone capacity */ ++ uint64_t z_cap; ++ /* The starting sector of the zone */ ++ uint64_t z_start; ++ /* Zone write pointer position in sectors */ ++ uint64_t z_wp; ++ /* Zone type */ ++ uint8_t z_type; ++ /* Zone state */ ++ uint8_t z_state; ++ uint8_t reserved[38]; ++}; ++ ++struct virtio_blk_zone_report { ++ uint64_t nr_zones; ++ uint8_t reserved[56]; ++ struct virtio_blk_zone_descriptor zones[]; ++}; ++ ++/* ++ * Supported zone types. ++ */ ++ ++/* Conventional zone */ ++#define VIRTIO_BLK_ZT_CONV 1 ++/* Sequential Write Required zone */ ++#define VIRTIO_BLK_ZT_SWR 2 ++/* Sequential Write Preferred zone */ ++#define VIRTIO_BLK_ZT_SWP 3 ++ ++/* ++ * Zone states that are available for zones of all types. ++ */ ++ ++/* Not a write pointer (conventional zones only) */ ++#define VIRTIO_BLK_ZS_NOT_WP 0 ++/* Empty */ ++#define VIRTIO_BLK_ZS_EMPTY 1 ++/* Implicitly Open */ ++#define VIRTIO_BLK_ZS_IOPEN 2 ++/* Explicitly Open */ ++#define VIRTIO_BLK_ZS_EOPEN 3 ++/* Closed */ ++#define VIRTIO_BLK_ZS_CLOSED 4 ++/* Read-Only */ ++#define VIRTIO_BLK_ZS_RDONLY 13 ++/* Full */ ++#define VIRTIO_BLK_ZS_FULL 14 ++/* Offline */ ++#define VIRTIO_BLK_ZS_OFFLINE 15 ++ + /* Unmap this range (only valid for write zeroes command) */ + #define VIRTIO_BLK_WRITE_ZEROES_FLAG_UNMAP 0x00000001 + +@@ -217,4 +315,11 @@ struct virtio_scsi_inhdr { + #define VIRTIO_BLK_S_OK 0 + #define VIRTIO_BLK_S_IOERR 1 + #define VIRTIO_BLK_S_UNSUPP 2 ++ ++/* Error codes that are specific to zoned block devices */ ++#define VIRTIO_BLK_S_ZONE_INVALID_CMD 3 ++#define VIRTIO_BLK_S_ZONE_UNALIGNED_WP 4 ++#define VIRTIO_BLK_S_ZONE_OPEN_RESOURCE 5 ++#define VIRTIO_BLK_S_ZONE_ACTIVE_RESOURCE 6 ++ + #endif /* _LINUX_VIRTIO_BLK_H */ +diff --git a/linux-headers/asm-arm64/kvm.h b/linux-headers/asm-arm64/kvm.h +index a7cfefb..d7e7bb8 100644 +--- a/linux-headers/asm-arm64/kvm.h ++++ b/linux-headers/asm-arm64/kvm.h +@@ -109,6 +109,7 @@ struct kvm_regs { + #define KVM_ARM_VCPU_SVE 4 /* enable SVE for this CPU */ + #define KVM_ARM_VCPU_PTRAUTH_ADDRESS 5 /* VCPU uses address authentication */ + #define KVM_ARM_VCPU_PTRAUTH_GENERIC 6 /* VCPU uses generic authentication */ ++#define KVM_ARM_VCPU_HAS_EL2 7 /* Support nested virtualization */ + + struct kvm_vcpu_init { + __u32 target; +diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h +index 2747d2c..2937e7b 100644 +--- a/linux-headers/asm-x86/kvm.h ++++ b/linux-headers/asm-x86/kvm.h +@@ -9,6 +9,7 @@ + + #include + #include ++#include + + #define KVM_PIO_PAGE_OFFSET 1 + #define KVM_COALESCED_MMIO_PAGE_OFFSET 2 +@@ -505,8 +506,8 @@ struct kvm_nested_state { + * KVM_{GET,PUT}_NESTED_STATE ioctl values. + */ + union { +- struct kvm_vmx_nested_state_data vmx[0]; +- struct kvm_svm_nested_state_data svm[0]; ++ __DECLARE_FLEX_ARRAY(struct kvm_vmx_nested_state_data, vmx); ++ __DECLARE_FLEX_ARRAY(struct kvm_svm_nested_state_data, svm); + } data; + }; + +@@ -523,6 +524,35 @@ struct kvm_pmu_event_filter { + #define KVM_PMU_EVENT_ALLOW 0 + #define KVM_PMU_EVENT_DENY 1 + ++#define KVM_PMU_EVENT_FLAG_MASKED_EVENTS BIT(0) ++#define KVM_PMU_EVENT_FLAGS_VALID_MASK (KVM_PMU_EVENT_FLAG_MASKED_EVENTS) ++ ++/* ++ * Masked event layout. ++ * Bits Description ++ * ---- ----------- ++ * 7:0 event select (low bits) ++ * 15:8 umask match ++ * 31:16 unused ++ * 35:32 event select (high bits) ++ * 36:54 unused ++ * 55 exclude bit ++ * 63:56 umask mask ++ */ ++ ++#define KVM_PMU_ENCODE_MASKED_ENTRY(event_select, mask, match, exclude) \ ++ (((event_select) & 0xFFULL) | (((event_select) & 0XF00ULL) << 24) | \ ++ (((mask) & 0xFFULL) << 56) | \ ++ (((match) & 0xFFULL) << 8) | \ ++ ((__u64)(!!(exclude)) << 55)) ++ ++#define KVM_PMU_MASKED_ENTRY_EVENT_SELECT \ ++ (GENMASK_ULL(7, 0) | GENMASK_ULL(35, 32)) ++#define KVM_PMU_MASKED_ENTRY_UMASK_MASK (GENMASK_ULL(63, 56)) ++#define KVM_PMU_MASKED_ENTRY_UMASK_MATCH (GENMASK_ULL(15, 8)) ++#define KVM_PMU_MASKED_ENTRY_EXCLUDE (BIT_ULL(55)) ++#define KVM_PMU_MASKED_ENTRY_UMASK_MASK_SHIFT (56) ++ + /* for KVM_{GET,SET,HAS}_DEVICE_ATTR */ + #define KVM_VCPU_TSC_CTRL 0 /* control group for the timestamp counter (TSC) */ + #define KVM_VCPU_TSC_OFFSET 0 /* attribute for the TSC offset */ +diff --git a/linux-headers/linux/const.h b/linux-headers/linux/const.h +new file mode 100644 +index 0000000..5e48987 +--- /dev/null ++++ b/linux-headers/linux/const.h +@@ -0,0 +1,36 @@ ++/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ ++/* const.h: Macros for dealing with constants. */ ++ ++#ifndef _LINUX_CONST_H ++#define _LINUX_CONST_H ++ ++/* Some constant macros are used in both assembler and ++ * C code. Therefore we cannot annotate them always with ++ * 'UL' and other type specifiers unilaterally. We ++ * use the following macros to deal with this. ++ * ++ * Similarly, _AT() will cast an expression with a type in C, but ++ * leave it unchanged in asm. ++ */ ++ ++#ifdef __ASSEMBLY__ ++#define _AC(X,Y) X ++#define _AT(T,X) X ++#else ++#define __AC(X,Y) (X##Y) ++#define _AC(X,Y) __AC(X,Y) ++#define _AT(T,X) ((T)(X)) ++#endif ++ ++#define _UL(x) (_AC(x, UL)) ++#define _ULL(x) (_AC(x, ULL)) ++ ++#define _BITUL(x) (_UL(1) << (x)) ++#define _BITULL(x) (_ULL(1) << (x)) ++ ++#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (typeof(x))(a) - 1) ++#define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask)) ++ ++#define __KERNEL_DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) ++ ++#endif /* _LINUX_CONST_H */ +diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h +index 1e2c16c..599de3c 100644 +--- a/linux-headers/linux/kvm.h ++++ b/linux-headers/linux/kvm.h +@@ -581,6 +581,8 @@ struct kvm_s390_mem_op { + struct { + __u8 ar; /* the access register number */ + __u8 key; /* access key, ignored if flag unset */ ++ __u8 pad1[6]; /* ignored */ ++ __u64 old_addr; /* ignored if cmpxchg flag unset */ + }; + __u32 sida_offset; /* offset into the sida */ + __u8 reserved[32]; /* ignored */ +@@ -593,11 +595,17 @@ struct kvm_s390_mem_op { + #define KVM_S390_MEMOP_SIDA_WRITE 3 + #define KVM_S390_MEMOP_ABSOLUTE_READ 4 + #define KVM_S390_MEMOP_ABSOLUTE_WRITE 5 ++#define KVM_S390_MEMOP_ABSOLUTE_CMPXCHG 6 ++ + /* flags for kvm_s390_mem_op->flags */ + #define KVM_S390_MEMOP_F_CHECK_ONLY (1ULL << 0) + #define KVM_S390_MEMOP_F_INJECT_EXCEPTION (1ULL << 1) + #define KVM_S390_MEMOP_F_SKEY_PROTECTION (1ULL << 2) + ++/* flags specifying extension support via KVM_CAP_S390_MEM_OP_EXTENSION */ ++#define KVM_S390_MEMOP_EXTENSION_CAP_BASE (1 << 0) ++#define KVM_S390_MEMOP_EXTENSION_CAP_CMPXCHG (1 << 1) ++ + /* for KVM_INTERRUPT */ + struct kvm_interrupt { + /* in */ +@@ -1173,6 +1181,7 @@ struct kvm_ppc_resize_hpt { + #define KVM_CAP_DIRTY_LOG_RING_ACQ_REL 223 + #define KVM_CAP_S390_PROTECTED_ASYNC_DISABLE 224 + #define KVM_CAP_DIRTY_LOG_RING_WITH_BITMAP 225 ++#define KVM_CAP_PMU_EVENT_MASKED_EVENTS 226 + + #ifdef KVM_CAP_IRQ_ROUTING + +diff --git a/linux-headers/linux/memfd.h b/linux-headers/linux/memfd.h +new file mode 100644 +index 0000000..01c0324 +--- /dev/null ++++ b/linux-headers/linux/memfd.h +@@ -0,0 +1,39 @@ ++/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ ++#ifndef _LINUX_MEMFD_H ++#define _LINUX_MEMFD_H ++ ++#include ++ ++/* flags for memfd_create(2) (unsigned int) */ ++#define MFD_CLOEXEC 0x0001U ++#define MFD_ALLOW_SEALING 0x0002U ++#define MFD_HUGETLB 0x0004U ++/* not executable and sealed to prevent changing to executable. */ ++#define MFD_NOEXEC_SEAL 0x0008U ++/* executable */ ++#define MFD_EXEC 0x0010U ++ ++/* ++ * Huge page size encoding when MFD_HUGETLB is specified, and a huge page ++ * size other than the default is desired. See hugetlb_encode.h. ++ * All known huge page size encodings are provided here. It is the ++ * responsibility of the application to know which sizes are supported on ++ * the running system. See mmap(2) man page for details. ++ */ ++#define MFD_HUGE_SHIFT HUGETLB_FLAG_ENCODE_SHIFT ++#define MFD_HUGE_MASK HUGETLB_FLAG_ENCODE_MASK ++ ++#define MFD_HUGE_64KB HUGETLB_FLAG_ENCODE_64KB ++#define MFD_HUGE_512KB HUGETLB_FLAG_ENCODE_512KB ++#define MFD_HUGE_1MB HUGETLB_FLAG_ENCODE_1MB ++#define MFD_HUGE_2MB HUGETLB_FLAG_ENCODE_2MB ++#define MFD_HUGE_8MB HUGETLB_FLAG_ENCODE_8MB ++#define MFD_HUGE_16MB HUGETLB_FLAG_ENCODE_16MB ++#define MFD_HUGE_32MB HUGETLB_FLAG_ENCODE_32MB ++#define MFD_HUGE_256MB HUGETLB_FLAG_ENCODE_256MB ++#define MFD_HUGE_512MB HUGETLB_FLAG_ENCODE_512MB ++#define MFD_HUGE_1GB HUGETLB_FLAG_ENCODE_1GB ++#define MFD_HUGE_2GB HUGETLB_FLAG_ENCODE_2GB ++#define MFD_HUGE_16GB HUGETLB_FLAG_ENCODE_16GB ++ ++#endif /* _LINUX_MEMFD_H */ +diff --git a/linux-headers/linux/nvme_ioctl.h b/linux-headers/linux/nvme_ioctl.h +new file mode 100644 +index 0000000..f8df31d +--- /dev/null ++++ b/linux-headers/linux/nvme_ioctl.h +@@ -0,0 +1,114 @@ ++/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ ++/* ++ * Definitions for the NVM Express ioctl interface ++ * Copyright (c) 2011-2014, Intel Corporation. ++ */ ++ ++#ifndef _LINUX_NVME_IOCTL_H ++#define _LINUX_NVME_IOCTL_H ++ ++#include ++ ++struct nvme_user_io { ++ __u8 opcode; ++ __u8 flags; ++ __u16 control; ++ __u16 nblocks; ++ __u16 rsvd; ++ __u64 metadata; ++ __u64 addr; ++ __u64 slba; ++ __u32 dsmgmt; ++ __u32 reftag; ++ __u16 apptag; ++ __u16 appmask; ++}; ++ ++struct nvme_passthru_cmd { ++ __u8 opcode; ++ __u8 flags; ++ __u16 rsvd1; ++ __u32 nsid; ++ __u32 cdw2; ++ __u32 cdw3; ++ __u64 metadata; ++ __u64 addr; ++ __u32 metadata_len; ++ __u32 data_len; ++ __u32 cdw10; ++ __u32 cdw11; ++ __u32 cdw12; ++ __u32 cdw13; ++ __u32 cdw14; ++ __u32 cdw15; ++ __u32 timeout_ms; ++ __u32 result; ++}; ++ ++struct nvme_passthru_cmd64 { ++ __u8 opcode; ++ __u8 flags; ++ __u16 rsvd1; ++ __u32 nsid; ++ __u32 cdw2; ++ __u32 cdw3; ++ __u64 metadata; ++ __u64 addr; ++ __u32 metadata_len; ++ union { ++ __u32 data_len; /* for non-vectored io */ ++ __u32 vec_cnt; /* for vectored io */ ++ }; ++ __u32 cdw10; ++ __u32 cdw11; ++ __u32 cdw12; ++ __u32 cdw13; ++ __u32 cdw14; ++ __u32 cdw15; ++ __u32 timeout_ms; ++ __u32 rsvd2; ++ __u64 result; ++}; ++ ++/* same as struct nvme_passthru_cmd64, minus the 8b result field */ ++struct nvme_uring_cmd { ++ __u8 opcode; ++ __u8 flags; ++ __u16 rsvd1; ++ __u32 nsid; ++ __u32 cdw2; ++ __u32 cdw3; ++ __u64 metadata; ++ __u64 addr; ++ __u32 metadata_len; ++ __u32 data_len; ++ __u32 cdw10; ++ __u32 cdw11; ++ __u32 cdw12; ++ __u32 cdw13; ++ __u32 cdw14; ++ __u32 cdw15; ++ __u32 timeout_ms; ++ __u32 rsvd2; ++}; ++ ++#define nvme_admin_cmd nvme_passthru_cmd ++ ++#define NVME_IOCTL_ID _IO('N', 0x40) ++#define NVME_IOCTL_ADMIN_CMD _IOWR('N', 0x41, struct nvme_admin_cmd) ++#define NVME_IOCTL_SUBMIT_IO _IOW('N', 0x42, struct nvme_user_io) ++#define NVME_IOCTL_IO_CMD _IOWR('N', 0x43, struct nvme_passthru_cmd) ++#define NVME_IOCTL_RESET _IO('N', 0x44) ++#define NVME_IOCTL_SUBSYS_RESET _IO('N', 0x45) ++#define NVME_IOCTL_RESCAN _IO('N', 0x46) ++#define NVME_IOCTL_ADMIN64_CMD _IOWR('N', 0x47, struct nvme_passthru_cmd64) ++#define NVME_IOCTL_IO64_CMD _IOWR('N', 0x48, struct nvme_passthru_cmd64) ++#define NVME_IOCTL_IO64_CMD_VEC _IOWR('N', 0x49, struct nvme_passthru_cmd64) ++ ++/* io_uring async commands: */ ++#define NVME_URING_CMD_IO _IOWR('N', 0x80, struct nvme_uring_cmd) ++#define NVME_URING_CMD_IO_VEC _IOWR('N', 0x81, struct nvme_uring_cmd) ++#define NVME_URING_CMD_ADMIN _IOWR('N', 0x82, struct nvme_uring_cmd) ++#define NVME_URING_CMD_ADMIN_VEC _IOWR('N', 0x83, struct nvme_uring_cmd) ++ ++#endif /* _LINUX_NVME_IOCTL_H */ +diff --git a/linux-headers/linux/stddef.h b/linux-headers/linux/stddef.h +new file mode 100644 +index 0000000..bb6ea51 +--- /dev/null ++++ b/linux-headers/linux/stddef.h +@@ -0,0 +1,47 @@ ++/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ ++#ifndef _LINUX_STDDEF_H ++#define _LINUX_STDDEF_H ++ ++ ++ ++#ifndef __always_inline ++#define __always_inline __inline__ ++#endif ++ ++/** ++ * __struct_group() - Create a mirrored named and anonyomous struct ++ * ++ * @TAG: The tag name for the named sub-struct (usually empty) ++ * @NAME: The identifier name of the mirrored sub-struct ++ * @ATTRS: Any struct attributes (usually empty) ++ * @MEMBERS: The member declarations for the mirrored structs ++ * ++ * Used to create an anonymous union of two structs with identical layout ++ * and size: one anonymous and one named. The former's members can be used ++ * normally without sub-struct naming, and the latter can be used to ++ * reason about the start, end, and size of the group of struct members. ++ * The named struct can also be explicitly tagged for layer reuse, as well ++ * as both having struct attributes appended. ++ */ ++#define __struct_group(TAG, NAME, ATTRS, MEMBERS...) \ ++ union { \ ++ struct { MEMBERS } ATTRS; \ ++ struct TAG { MEMBERS } ATTRS NAME; \ ++ } ++ ++/** ++ * __DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union ++ * ++ * @TYPE: The type of each flexible array element ++ * @NAME: The name of the flexible array member ++ * ++ * In order to have a flexible array member in a union or alone in a ++ * struct, it needs to be wrapped in an anonymous struct with at least 1 ++ * named member, but that member can be empty. ++ */ ++#define __DECLARE_FLEX_ARRAY(TYPE, NAME) \ ++ struct { \ ++ struct { } __empty_ ## NAME; \ ++ TYPE NAME[]; \ ++ } ++#endif +diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h +index c59692c..4a534ed 100644 +--- a/linux-headers/linux/vfio.h ++++ b/linux-headers/linux/vfio.h +@@ -49,7 +49,11 @@ + /* Supports VFIO_DMA_UNMAP_FLAG_ALL */ + #define VFIO_UNMAP_ALL 9 + +-/* Supports the vaddr flag for DMA map and unmap */ ++/* ++ * Supports the vaddr flag for DMA map and unmap. Not supported for mediated ++ * devices, so this capability is subject to change as groups are added or ++ * removed. ++ */ + #define VFIO_UPDATE_VADDR 10 + + /* +@@ -1343,8 +1347,7 @@ struct vfio_iommu_type1_info_dma_avail { + * Map process virtual addresses to IO virtual addresses using the + * provided struct vfio_dma_map. Caller sets argsz. READ &/ WRITE required. + * +- * If flags & VFIO_DMA_MAP_FLAG_VADDR, update the base vaddr for iova, and +- * unblock translation of host virtual addresses in the iova range. The vaddr ++ * If flags & VFIO_DMA_MAP_FLAG_VADDR, update the base vaddr for iova. The vaddr + * must have previously been invalidated with VFIO_DMA_UNMAP_FLAG_VADDR. To + * maintain memory consistency within the user application, the updated vaddr + * must address the same memory object as originally mapped. Failure to do so +@@ -1395,9 +1398,9 @@ struct vfio_bitmap { + * must be 0. This cannot be combined with the get-dirty-bitmap flag. + * + * If flags & VFIO_DMA_UNMAP_FLAG_VADDR, do not unmap, but invalidate host +- * virtual addresses in the iova range. Tasks that attempt to translate an +- * iova's vaddr will block. DMA to already-mapped pages continues. This +- * cannot be combined with the get-dirty-bitmap flag. ++ * virtual addresses in the iova range. DMA to already-mapped pages continues. ++ * Groups may not be added to the container while any addresses are invalid. ++ * This cannot be combined with the get-dirty-bitmap flag. + */ + struct vfio_iommu_type1_dma_unmap { + __u32 argsz; +diff --git a/linux-headers/linux/vhost.h b/linux-headers/linux/vhost.h +index f9f115a..92e1b70 100644 +--- a/linux-headers/linux/vhost.h ++++ b/linux-headers/linux/vhost.h +@@ -180,4 +180,12 @@ + */ + #define VHOST_VDPA_SUSPEND _IO(VHOST_VIRTIO, 0x7D) + ++/* Resume a device so it can resume processing virtqueue requests ++ * ++ * After the return of this ioctl the device will have restored all the ++ * necessary states and it is fully operational to continue processing the ++ * virtqueue descriptors. ++ */ ++#define VHOST_VDPA_RESUME _IO(VHOST_VIRTIO, 0x7E) ++ + #endif diff -Nru qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-update-linux-headers-6.5rc1.patch qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-update-linux-headers-6.5rc1.patch --- qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-update-linux-headers-6.5rc1.patch 1970-01-01 00:00:00.000000000 +0000 +++ qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-update-linux-headers-6.5rc1.patch 2023-10-30 20:16:32.000000000 +0000 @@ -0,0 +1,1565 @@ +From: =?utf-8?q?C=C3=A9dric_Le_Goater?= +Date: Sun, 9 Jul 2023 23:23:08 +0200 +Subject: linux-headers: update to v6.5-rc1 +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Reviewed-by: Thomas Huth +Signed-off-by: Cédric Le Goater + +Origin: upstream, https://gitlab.com/qemu-project/qemu/-/commit/d0bf492f387 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2003673 +Applied-Upstream: v8.1.2 +--- + include/standard-headers/drm/drm_fourcc.h | 43 ++++++++ + include/standard-headers/linux/const.h | 2 +- + include/standard-headers/linux/pci_regs.h | 1 + + include/standard-headers/linux/vhost_types.h | 16 +++ + include/standard-headers/linux/virtio_blk.h | 18 ++-- + include/standard-headers/linux/virtio_config.h | 6 ++ + include/standard-headers/linux/virtio_net.h | 1 + + linux-headers/asm-arm64/bitsperlong.h | 23 ----- + linux-headers/asm-arm64/kvm.h | 33 ++++++ + linux-headers/asm-generic/bitsperlong.h | 13 ++- + linux-headers/asm-generic/unistd.h | 134 +++++++------------------ + linux-headers/asm-mips/unistd_n32.h | 1 + + linux-headers/asm-mips/unistd_n64.h | 1 + + linux-headers/asm-mips/unistd_o32.h | 1 + + linux-headers/asm-powerpc/unistd_32.h | 1 + + linux-headers/asm-powerpc/unistd_64.h | 1 + + linux-headers/asm-riscv/bitsperlong.h | 13 --- + linux-headers/asm-riscv/kvm.h | 134 ++++++++++++++++++++++++- + linux-headers/asm-riscv/unistd.h | 9 ++ + linux-headers/asm-s390/unistd_32.h | 2 + + linux-headers/asm-s390/unistd_64.h | 2 + + linux-headers/asm-x86/kvm.h | 3 + + linux-headers/asm-x86/unistd_32.h | 1 + + linux-headers/asm-x86/unistd_64.h | 1 + + linux-headers/asm-x86/unistd_x32.h | 1 + + linux-headers/linux/const.h | 2 +- + linux-headers/linux/kvm.h | 18 +++- + linux-headers/linux/mman.h | 14 +++ + linux-headers/linux/psp-sev.h | 7 ++ + linux-headers/linux/userfaultfd.h | 17 +++- + linux-headers/linux/vfio.h | 27 +++++ + linux-headers/linux/vhost.h | 31 ++++++ + 32 files changed, 423 insertions(+), 154 deletions(-) + +diff --git a/include/standard-headers/drm/drm_fourcc.h b/include/standard-headers/drm/drm_fourcc.h +index dc3e611..72279f4 100644 +--- a/include/standard-headers/drm/drm_fourcc.h ++++ b/include/standard-headers/drm/drm_fourcc.h +@@ -656,6 +656,49 @@ extern "C" { + */ + #define I915_FORMAT_MOD_4_TILED_DG2_RC_CCS_CC fourcc_mod_code(INTEL, 12) + ++/* ++ * Intel Color Control Surfaces (CCS) for display ver. 14 render compression. ++ * ++ * The main surface is tile4 and at plane index 0, the CCS is linear and ++ * at index 1. A 64B CCS cache line corresponds to an area of 4x1 tiles in ++ * main surface. In other words, 4 bits in CCS map to a main surface cache ++ * line pair. The main surface pitch is required to be a multiple of four ++ * tile4 widths. ++ */ ++#define I915_FORMAT_MOD_4_TILED_MTL_RC_CCS fourcc_mod_code(INTEL, 13) ++ ++/* ++ * Intel Color Control Surfaces (CCS) for display ver. 14 media compression ++ * ++ * The main surface is tile4 and at plane index 0, the CCS is linear and ++ * at index 1. A 64B CCS cache line corresponds to an area of 4x1 tiles in ++ * main surface. In other words, 4 bits in CCS map to a main surface cache ++ * line pair. The main surface pitch is required to be a multiple of four ++ * tile4 widths. For semi-planar formats like NV12, CCS planes follow the ++ * Y and UV planes i.e., planes 0 and 1 are used for Y and UV surfaces, ++ * planes 2 and 3 for the respective CCS. ++ */ ++#define I915_FORMAT_MOD_4_TILED_MTL_MC_CCS fourcc_mod_code(INTEL, 14) ++ ++/* ++ * Intel Color Control Surface with Clear Color (CCS) for display ver. 14 render ++ * compression. ++ * ++ * The main surface is tile4 and is at plane index 0 whereas CCS is linear ++ * and at index 1. The clear color is stored at index 2, and the pitch should ++ * be ignored. The clear color structure is 256 bits. The first 128 bits ++ * represents Raw Clear Color Red, Green, Blue and Alpha color each represented ++ * by 32 bits. The raw clear color is consumed by the 3d engine and generates ++ * the converted clear color of size 64 bits. The first 32 bits store the Lower ++ * Converted Clear Color value and the next 32 bits store the Higher Converted ++ * Clear Color value when applicable. The Converted Clear Color values are ++ * consumed by the DE. The last 64 bits are used to store Color Discard Enable ++ * and Depth Clear Value Valid which are ignored by the DE. A CCS cache line ++ * corresponds to an area of 4x1 tiles in the main surface. The main surface ++ * pitch is required to be a multiple of 4 tile widths. ++ */ ++#define I915_FORMAT_MOD_4_TILED_MTL_RC_CCS_CC fourcc_mod_code(INTEL, 15) ++ + /* + * Tiled, NV12MT, grouped in 64 (pixels) x 32 (lines) -sized macroblocks + * +diff --git a/include/standard-headers/linux/const.h b/include/standard-headers/linux/const.h +index 5e48987..1eb84b5 100644 +--- a/include/standard-headers/linux/const.h ++++ b/include/standard-headers/linux/const.h +@@ -28,7 +28,7 @@ + #define _BITUL(x) (_UL(1) << (x)) + #define _BITULL(x) (_ULL(1) << (x)) + +-#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (typeof(x))(a) - 1) ++#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (__typeof__(x))(a) - 1) + #define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask)) + + #define __KERNEL_DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) +diff --git a/include/standard-headers/linux/pci_regs.h b/include/standard-headers/linux/pci_regs.h +index dc2000e..e5f558d 100644 +--- a/include/standard-headers/linux/pci_regs.h ++++ b/include/standard-headers/linux/pci_regs.h +@@ -738,6 +738,7 @@ + #define PCI_EXT_CAP_ID_DVSEC 0x23 /* Designated Vendor-Specific */ + #define PCI_EXT_CAP_ID_DLF 0x25 /* Data Link Feature */ + #define PCI_EXT_CAP_ID_PL_16GT 0x26 /* Physical Layer 16.0 GT/s */ ++#define PCI_EXT_CAP_ID_PL_32GT 0x2A /* Physical Layer 32.0 GT/s */ + #define PCI_EXT_CAP_ID_DOE 0x2E /* Data Object Exchange */ + #define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_DOE + +diff --git a/include/standard-headers/linux/vhost_types.h b/include/standard-headers/linux/vhost_types.h +index 88600e2..6691a3c 100644 +--- a/include/standard-headers/linux/vhost_types.h ++++ b/include/standard-headers/linux/vhost_types.h +@@ -47,6 +47,22 @@ struct vhost_vring_addr { + uint64_t log_guest_addr; + }; + ++struct vhost_worker_state { ++ /* ++ * For VHOST_NEW_WORKER the kernel will return the new vhost_worker id. ++ * For VHOST_FREE_WORKER this must be set to the id of the vhost_worker ++ * to free. ++ */ ++ unsigned int worker_id; ++}; ++ ++struct vhost_vring_worker { ++ /* vring index */ ++ unsigned int index; ++ /* The id of the vhost_worker returned from VHOST_NEW_WORKER */ ++ unsigned int worker_id; ++}; ++ + /* no alignment requirement */ + struct vhost_iotlb_msg { + uint64_t iova; +diff --git a/include/standard-headers/linux/virtio_blk.h b/include/standard-headers/linux/virtio_blk.h +index 7155b1a..d7be3cf 100644 +--- a/include/standard-headers/linux/virtio_blk.h ++++ b/include/standard-headers/linux/virtio_blk.h +@@ -138,11 +138,11 @@ struct virtio_blk_config { + + /* Zoned block device characteristics (if VIRTIO_BLK_F_ZONED) */ + struct virtio_blk_zoned_characteristics { +- uint32_t zone_sectors; +- uint32_t max_open_zones; +- uint32_t max_active_zones; +- uint32_t max_append_sectors; +- uint32_t write_granularity; ++ __virtio32 zone_sectors; ++ __virtio32 max_open_zones; ++ __virtio32 max_active_zones; ++ __virtio32 max_append_sectors; ++ __virtio32 write_granularity; + uint8_t model; + uint8_t unused2[3]; + } zoned; +@@ -239,11 +239,11 @@ struct virtio_blk_outhdr { + */ + struct virtio_blk_zone_descriptor { + /* Zone capacity */ +- uint64_t z_cap; ++ __virtio64 z_cap; + /* The starting sector of the zone */ +- uint64_t z_start; ++ __virtio64 z_start; + /* Zone write pointer position in sectors */ +- uint64_t z_wp; ++ __virtio64 z_wp; + /* Zone type */ + uint8_t z_type; + /* Zone state */ +@@ -252,7 +252,7 @@ struct virtio_blk_zone_descriptor { + }; + + struct virtio_blk_zone_report { +- uint64_t nr_zones; ++ __virtio64 nr_zones; + uint8_t reserved[56]; + struct virtio_blk_zone_descriptor zones[]; + }; +diff --git a/include/standard-headers/linux/virtio_config.h b/include/standard-headers/linux/virtio_config.h +index 965ee6a..8a7d0dc 100644 +--- a/include/standard-headers/linux/virtio_config.h ++++ b/include/standard-headers/linux/virtio_config.h +@@ -97,6 +97,12 @@ + */ + #define VIRTIO_F_SR_IOV 37 + ++/* ++ * This feature indicates that the driver passes extra data (besides ++ * identifying the virtqueue) in its device notifications. ++ */ ++#define VIRTIO_F_NOTIFICATION_DATA 38 ++ + /* + * This feature indicates that the driver can reset a queue individually. + */ +diff --git a/include/standard-headers/linux/virtio_net.h b/include/standard-headers/linux/virtio_net.h +index c0e7970..2325485 100644 +--- a/include/standard-headers/linux/virtio_net.h ++++ b/include/standard-headers/linux/virtio_net.h +@@ -61,6 +61,7 @@ + #define VIRTIO_NET_F_GUEST_USO6 55 /* Guest can handle USOv6 in. */ + #define VIRTIO_NET_F_HOST_USO 56 /* Host can handle USO in. */ + #define VIRTIO_NET_F_HASH_REPORT 57 /* Supports hash report */ ++#define VIRTIO_NET_F_GUEST_HDRLEN 59 /* Guest provides the exact hdr_len value. */ + #define VIRTIO_NET_F_RSS 60 /* Supports RSS RX steering */ + #define VIRTIO_NET_F_RSC_EXT 61 /* extended coalescing info */ + #define VIRTIO_NET_F_STANDBY 62 /* Act as standby for another device +diff --git a/linux-headers/asm-arm64/bitsperlong.h b/linux-headers/asm-arm64/bitsperlong.h +index 485d60b..6dc0bb0 100644 +--- a/linux-headers/asm-arm64/bitsperlong.h ++++ b/linux-headers/asm-arm64/bitsperlong.h +@@ -1,24 +1 @@ +-/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +-/* +- * Copyright (C) 2012 ARM Ltd. +- * +- * This program is free software; you can redistribute it and/or modify +- * it under the terms of the GNU General Public License version 2 as +- * published by the Free Software Foundation. +- * +- * This program is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * +- * You should have received a copy of the GNU General Public License +- * along with this program. If not, see . +- */ +-#ifndef __ASM_BITSPERLONG_H +-#define __ASM_BITSPERLONG_H +- +-#define __BITS_PER_LONG 64 +- + #include +- +-#endif /* __ASM_BITSPERLONG_H */ +diff --git a/linux-headers/asm-arm64/kvm.h b/linux-headers/asm-arm64/kvm.h +index d7e7bb8..38e5957 100644 +--- a/linux-headers/asm-arm64/kvm.h ++++ b/linux-headers/asm-arm64/kvm.h +@@ -198,6 +198,15 @@ struct kvm_arm_copy_mte_tags { + __u64 reserved[2]; + }; + ++/* ++ * Counter/Timer offset structure. Describe the virtual/physical offset. ++ * To be used with KVM_ARM_SET_COUNTER_OFFSET. ++ */ ++struct kvm_arm_counter_offset { ++ __u64 counter_offset; ++ __u64 reserved; ++}; ++ + #define KVM_ARM_TAGS_TO_GUEST 0 + #define KVM_ARM_TAGS_FROM_GUEST 1 + +@@ -363,6 +372,10 @@ enum { + KVM_REG_ARM_VENDOR_HYP_BIT_PTP = 1, + }; + ++/* Device Control API on vm fd */ ++#define KVM_ARM_VM_SMCCC_CTRL 0 ++#define KVM_ARM_VM_SMCCC_FILTER 0 ++ + /* Device Control API: ARM VGIC */ + #define KVM_DEV_ARM_VGIC_GRP_ADDR 0 + #define KVM_DEV_ARM_VGIC_GRP_DIST_REGS 1 +@@ -402,6 +415,8 @@ enum { + #define KVM_ARM_VCPU_TIMER_CTRL 1 + #define KVM_ARM_VCPU_TIMER_IRQ_VTIMER 0 + #define KVM_ARM_VCPU_TIMER_IRQ_PTIMER 1 ++#define KVM_ARM_VCPU_TIMER_IRQ_HVTIMER 2 ++#define KVM_ARM_VCPU_TIMER_IRQ_HPTIMER 3 + #define KVM_ARM_VCPU_PVTIME_CTRL 2 + #define KVM_ARM_VCPU_PVTIME_IPA 0 + +@@ -458,6 +473,24 @@ enum { + /* run->fail_entry.hardware_entry_failure_reason codes. */ + #define KVM_EXIT_FAIL_ENTRY_CPU_UNSUPPORTED (1ULL << 0) + ++enum kvm_smccc_filter_action { ++ KVM_SMCCC_FILTER_HANDLE = 0, ++ KVM_SMCCC_FILTER_DENY, ++ KVM_SMCCC_FILTER_FWD_TO_USER, ++ ++}; ++ ++struct kvm_smccc_filter { ++ __u32 base; ++ __u32 nr_functions; ++ __u8 action; ++ __u8 pad[15]; ++}; ++ ++/* arm64-specific KVM_EXIT_HYPERCALL flags */ ++#define KVM_HYPERCALL_EXIT_SMC (1U << 0) ++#define KVM_HYPERCALL_EXIT_16BIT (1U << 1) ++ + #endif + + #endif /* __ARM_KVM_H__ */ +diff --git a/linux-headers/asm-generic/bitsperlong.h b/linux-headers/asm-generic/bitsperlong.h +index 0aac245..75f320f 100644 +--- a/linux-headers/asm-generic/bitsperlong.h ++++ b/linux-headers/asm-generic/bitsperlong.h +@@ -2,6 +2,17 @@ + #ifndef __ASM_GENERIC_BITS_PER_LONG + #define __ASM_GENERIC_BITS_PER_LONG + ++#ifndef __BITS_PER_LONG ++/* ++ * In order to keep safe and avoid regression, only unify uapi ++ * bitsperlong.h for some archs which are using newer toolchains ++ * that have the definitions of __CHAR_BIT__ and __SIZEOF_LONG__. ++ * See the following link for more info: ++ * https://lore.kernel.org/linux-arch/b9624545-2c80-49a1-ac3c-39264a591f7b@app.fastmail.com/ ++ */ ++#if defined(__CHAR_BIT__) && defined(__SIZEOF_LONG__) ++#define __BITS_PER_LONG (__CHAR_BIT__ * __SIZEOF_LONG__) ++#else + /* + * There seems to be no way of detecting this automatically from user + * space, so 64 bit architectures should override this in their +@@ -9,8 +20,8 @@ + * both 32 and 64 bit user space must not rely on CONFIG_64BIT + * to decide it, but rather check a compiler provided macro. + */ +-#ifndef __BITS_PER_LONG + #define __BITS_PER_LONG 32 + #endif ++#endif + + #endif /* __ASM_GENERIC_BITS_PER_LONG */ +diff --git a/linux-headers/asm-generic/unistd.h b/linux-headers/asm-generic/unistd.h +index 45fa180..fd6c1cb 100644 +--- a/linux-headers/asm-generic/unistd.h ++++ b/linux-headers/asm-generic/unistd.h +@@ -38,12 +38,12 @@ __SYSCALL(__NR_io_destroy, sys_io_destroy) + __SC_COMP(__NR_io_submit, sys_io_submit, compat_sys_io_submit) + #define __NR_io_cancel 3 + __SYSCALL(__NR_io_cancel, sys_io_cancel) ++ + #if defined(__ARCH_WANT_TIME32_SYSCALLS) || __BITS_PER_LONG != 32 + #define __NR_io_getevents 4 + __SC_3264(__NR_io_getevents, sys_io_getevents_time32, sys_io_getevents) + #endif + +-/* fs/xattr.c */ + #define __NR_setxattr 5 + __SYSCALL(__NR_setxattr, sys_setxattr) + #define __NR_lsetxattr 6 +@@ -68,58 +68,38 @@ __SYSCALL(__NR_removexattr, sys_removexattr) + __SYSCALL(__NR_lremovexattr, sys_lremovexattr) + #define __NR_fremovexattr 16 + __SYSCALL(__NR_fremovexattr, sys_fremovexattr) +- +-/* fs/dcache.c */ + #define __NR_getcwd 17 + __SYSCALL(__NR_getcwd, sys_getcwd) +- +-/* fs/cookies.c */ + #define __NR_lookup_dcookie 18 + __SC_COMP(__NR_lookup_dcookie, sys_lookup_dcookie, compat_sys_lookup_dcookie) +- +-/* fs/eventfd.c */ + #define __NR_eventfd2 19 + __SYSCALL(__NR_eventfd2, sys_eventfd2) +- +-/* fs/eventpoll.c */ + #define __NR_epoll_create1 20 + __SYSCALL(__NR_epoll_create1, sys_epoll_create1) + #define __NR_epoll_ctl 21 + __SYSCALL(__NR_epoll_ctl, sys_epoll_ctl) + #define __NR_epoll_pwait 22 + __SC_COMP(__NR_epoll_pwait, sys_epoll_pwait, compat_sys_epoll_pwait) +- +-/* fs/fcntl.c */ + #define __NR_dup 23 + __SYSCALL(__NR_dup, sys_dup) + #define __NR_dup3 24 + __SYSCALL(__NR_dup3, sys_dup3) + #define __NR3264_fcntl 25 + __SC_COMP_3264(__NR3264_fcntl, sys_fcntl64, sys_fcntl, compat_sys_fcntl64) +- +-/* fs/inotify_user.c */ + #define __NR_inotify_init1 26 + __SYSCALL(__NR_inotify_init1, sys_inotify_init1) + #define __NR_inotify_add_watch 27 + __SYSCALL(__NR_inotify_add_watch, sys_inotify_add_watch) + #define __NR_inotify_rm_watch 28 + __SYSCALL(__NR_inotify_rm_watch, sys_inotify_rm_watch) +- +-/* fs/ioctl.c */ + #define __NR_ioctl 29 + __SC_COMP(__NR_ioctl, sys_ioctl, compat_sys_ioctl) +- +-/* fs/ioprio.c */ + #define __NR_ioprio_set 30 + __SYSCALL(__NR_ioprio_set, sys_ioprio_set) + #define __NR_ioprio_get 31 + __SYSCALL(__NR_ioprio_get, sys_ioprio_get) +- +-/* fs/locks.c */ + #define __NR_flock 32 + __SYSCALL(__NR_flock, sys_flock) +- +-/* fs/namei.c */ + #define __NR_mknodat 33 + __SYSCALL(__NR_mknodat, sys_mknodat) + #define __NR_mkdirat 34 +@@ -130,25 +110,21 @@ __SYSCALL(__NR_unlinkat, sys_unlinkat) + __SYSCALL(__NR_symlinkat, sys_symlinkat) + #define __NR_linkat 37 + __SYSCALL(__NR_linkat, sys_linkat) ++ + #ifdef __ARCH_WANT_RENAMEAT + /* renameat is superseded with flags by renameat2 */ + #define __NR_renameat 38 + __SYSCALL(__NR_renameat, sys_renameat) + #endif /* __ARCH_WANT_RENAMEAT */ + +-/* fs/namespace.c */ + #define __NR_umount2 39 + __SYSCALL(__NR_umount2, sys_umount) + #define __NR_mount 40 + __SYSCALL(__NR_mount, sys_mount) + #define __NR_pivot_root 41 + __SYSCALL(__NR_pivot_root, sys_pivot_root) +- +-/* fs/nfsctl.c */ + #define __NR_nfsservctl 42 + __SYSCALL(__NR_nfsservctl, sys_ni_syscall) +- +-/* fs/open.c */ + #define __NR3264_statfs 43 + __SC_COMP_3264(__NR3264_statfs, sys_statfs64, sys_statfs, \ + compat_sys_statfs64) +@@ -161,7 +137,6 @@ __SC_COMP_3264(__NR3264_truncate, sys_truncate64, sys_truncate, \ + #define __NR3264_ftruncate 46 + __SC_COMP_3264(__NR3264_ftruncate, sys_ftruncate64, sys_ftruncate, \ + compat_sys_ftruncate64) +- + #define __NR_fallocate 47 + __SC_COMP(__NR_fallocate, sys_fallocate, compat_sys_fallocate) + #define __NR_faccessat 48 +@@ -186,20 +161,12 @@ __SYSCALL(__NR_openat, sys_openat) + __SYSCALL(__NR_close, sys_close) + #define __NR_vhangup 58 + __SYSCALL(__NR_vhangup, sys_vhangup) +- +-/* fs/pipe.c */ + #define __NR_pipe2 59 + __SYSCALL(__NR_pipe2, sys_pipe2) +- +-/* fs/quota.c */ + #define __NR_quotactl 60 + __SYSCALL(__NR_quotactl, sys_quotactl) +- +-/* fs/readdir.c */ + #define __NR_getdents64 61 + __SYSCALL(__NR_getdents64, sys_getdents64) +- +-/* fs/read_write.c */ + #define __NR3264_lseek 62 + __SC_3264(__NR3264_lseek, sys_llseek, sys_lseek) + #define __NR_read 63 +@@ -218,12 +185,9 @@ __SC_COMP(__NR_pwrite64, sys_pwrite64, compat_sys_pwrite64) + __SC_COMP(__NR_preadv, sys_preadv, compat_sys_preadv) + #define __NR_pwritev 70 + __SC_COMP(__NR_pwritev, sys_pwritev, compat_sys_pwritev) +- +-/* fs/sendfile.c */ + #define __NR3264_sendfile 71 + __SYSCALL(__NR3264_sendfile, sys_sendfile64) + +-/* fs/select.c */ + #if defined(__ARCH_WANT_TIME32_SYSCALLS) || __BITS_PER_LONG != 32 + #define __NR_pselect6 72 + __SC_COMP_3264(__NR_pselect6, sys_pselect6_time32, sys_pselect6, compat_sys_pselect6_time32) +@@ -231,21 +195,17 @@ __SC_COMP_3264(__NR_pselect6, sys_pselect6_time32, sys_pselect6, compat_sys_psel + __SC_COMP_3264(__NR_ppoll, sys_ppoll_time32, sys_ppoll, compat_sys_ppoll_time32) + #endif + +-/* fs/signalfd.c */ + #define __NR_signalfd4 74 + __SC_COMP(__NR_signalfd4, sys_signalfd4, compat_sys_signalfd4) +- +-/* fs/splice.c */ + #define __NR_vmsplice 75 + __SYSCALL(__NR_vmsplice, sys_vmsplice) + #define __NR_splice 76 + __SYSCALL(__NR_splice, sys_splice) + #define __NR_tee 77 + __SYSCALL(__NR_tee, sys_tee) +- +-/* fs/stat.c */ + #define __NR_readlinkat 78 + __SYSCALL(__NR_readlinkat, sys_readlinkat) ++ + #if defined(__ARCH_WANT_NEW_STAT) || defined(__ARCH_WANT_STAT64) + #define __NR3264_fstatat 79 + __SC_3264(__NR3264_fstatat, sys_fstatat64, sys_newfstatat) +@@ -253,13 +213,13 @@ __SC_3264(__NR3264_fstatat, sys_fstatat64, sys_newfstatat) + __SC_3264(__NR3264_fstat, sys_fstat64, sys_newfstat) + #endif + +-/* fs/sync.c */ + #define __NR_sync 81 + __SYSCALL(__NR_sync, sys_sync) + #define __NR_fsync 82 + __SYSCALL(__NR_fsync, sys_fsync) + #define __NR_fdatasync 83 + __SYSCALL(__NR_fdatasync, sys_fdatasync) ++ + #ifdef __ARCH_WANT_SYNC_FILE_RANGE2 + #define __NR_sync_file_range2 84 + __SC_COMP(__NR_sync_file_range2, sys_sync_file_range2, \ +@@ -270,9 +230,9 @@ __SC_COMP(__NR_sync_file_range, sys_sync_file_range, \ + compat_sys_sync_file_range) + #endif + +-/* fs/timerfd.c */ + #define __NR_timerfd_create 85 + __SYSCALL(__NR_timerfd_create, sys_timerfd_create) ++ + #if defined(__ARCH_WANT_TIME32_SYSCALLS) || __BITS_PER_LONG != 32 + #define __NR_timerfd_settime 86 + __SC_3264(__NR_timerfd_settime, sys_timerfd_settime32, \ +@@ -282,45 +242,35 @@ __SC_3264(__NR_timerfd_gettime, sys_timerfd_gettime32, \ + sys_timerfd_gettime) + #endif + +-/* fs/utimes.c */ + #if defined(__ARCH_WANT_TIME32_SYSCALLS) || __BITS_PER_LONG != 32 + #define __NR_utimensat 88 + __SC_3264(__NR_utimensat, sys_utimensat_time32, sys_utimensat) + #endif + +-/* kernel/acct.c */ + #define __NR_acct 89 + __SYSCALL(__NR_acct, sys_acct) +- +-/* kernel/capability.c */ + #define __NR_capget 90 + __SYSCALL(__NR_capget, sys_capget) + #define __NR_capset 91 + __SYSCALL(__NR_capset, sys_capset) +- +-/* kernel/exec_domain.c */ + #define __NR_personality 92 + __SYSCALL(__NR_personality, sys_personality) +- +-/* kernel/exit.c */ + #define __NR_exit 93 + __SYSCALL(__NR_exit, sys_exit) + #define __NR_exit_group 94 + __SYSCALL(__NR_exit_group, sys_exit_group) + #define __NR_waitid 95 + __SC_COMP(__NR_waitid, sys_waitid, compat_sys_waitid) +- +-/* kernel/fork.c */ + #define __NR_set_tid_address 96 + __SYSCALL(__NR_set_tid_address, sys_set_tid_address) + #define __NR_unshare 97 + __SYSCALL(__NR_unshare, sys_unshare) + +-/* kernel/futex.c */ + #if defined(__ARCH_WANT_TIME32_SYSCALLS) || __BITS_PER_LONG != 32 + #define __NR_futex 98 + __SC_3264(__NR_futex, sys_futex_time32, sys_futex) + #endif ++ + #define __NR_set_robust_list 99 + __SC_COMP(__NR_set_robust_list, sys_set_robust_list, \ + compat_sys_set_robust_list) +@@ -328,43 +278,40 @@ __SC_COMP(__NR_set_robust_list, sys_set_robust_list, \ + __SC_COMP(__NR_get_robust_list, sys_get_robust_list, \ + compat_sys_get_robust_list) + +-/* kernel/hrtimer.c */ + #if defined(__ARCH_WANT_TIME32_SYSCALLS) || __BITS_PER_LONG != 32 + #define __NR_nanosleep 101 + __SC_3264(__NR_nanosleep, sys_nanosleep_time32, sys_nanosleep) + #endif + +-/* kernel/itimer.c */ + #define __NR_getitimer 102 + __SC_COMP(__NR_getitimer, sys_getitimer, compat_sys_getitimer) + #define __NR_setitimer 103 + __SC_COMP(__NR_setitimer, sys_setitimer, compat_sys_setitimer) +- +-/* kernel/kexec.c */ + #define __NR_kexec_load 104 + __SC_COMP(__NR_kexec_load, sys_kexec_load, compat_sys_kexec_load) +- +-/* kernel/module.c */ + #define __NR_init_module 105 + __SYSCALL(__NR_init_module, sys_init_module) + #define __NR_delete_module 106 + __SYSCALL(__NR_delete_module, sys_delete_module) +- +-/* kernel/posix-timers.c */ + #define __NR_timer_create 107 + __SC_COMP(__NR_timer_create, sys_timer_create, compat_sys_timer_create) ++ + #if defined(__ARCH_WANT_TIME32_SYSCALLS) || __BITS_PER_LONG != 32 + #define __NR_timer_gettime 108 + __SC_3264(__NR_timer_gettime, sys_timer_gettime32, sys_timer_gettime) + #endif ++ + #define __NR_timer_getoverrun 109 + __SYSCALL(__NR_timer_getoverrun, sys_timer_getoverrun) ++ + #if defined(__ARCH_WANT_TIME32_SYSCALLS) || __BITS_PER_LONG != 32 + #define __NR_timer_settime 110 + __SC_3264(__NR_timer_settime, sys_timer_settime32, sys_timer_settime) + #endif ++ + #define __NR_timer_delete 111 + __SYSCALL(__NR_timer_delete, sys_timer_delete) ++ + #if defined(__ARCH_WANT_TIME32_SYSCALLS) || __BITS_PER_LONG != 32 + #define __NR_clock_settime 112 + __SC_3264(__NR_clock_settime, sys_clock_settime32, sys_clock_settime) +@@ -377,15 +324,10 @@ __SC_3264(__NR_clock_nanosleep, sys_clock_nanosleep_time32, \ + sys_clock_nanosleep) + #endif + +-/* kernel/printk.c */ + #define __NR_syslog 116 + __SYSCALL(__NR_syslog, sys_syslog) +- +-/* kernel/ptrace.c */ + #define __NR_ptrace 117 + __SC_COMP(__NR_ptrace, sys_ptrace, compat_sys_ptrace) +- +-/* kernel/sched/core.c */ + #define __NR_sched_setparam 118 + __SYSCALL(__NR_sched_setparam, sys_sched_setparam) + #define __NR_sched_setscheduler 119 +@@ -406,13 +348,13 @@ __SYSCALL(__NR_sched_yield, sys_sched_yield) + __SYSCALL(__NR_sched_get_priority_max, sys_sched_get_priority_max) + #define __NR_sched_get_priority_min 126 + __SYSCALL(__NR_sched_get_priority_min, sys_sched_get_priority_min) ++ + #if defined(__ARCH_WANT_TIME32_SYSCALLS) || __BITS_PER_LONG != 32 + #define __NR_sched_rr_get_interval 127 + __SC_3264(__NR_sched_rr_get_interval, sys_sched_rr_get_interval_time32, \ + sys_sched_rr_get_interval) + #endif + +-/* kernel/signal.c */ + #define __NR_restart_syscall 128 + __SYSCALL(__NR_restart_syscall, sys_restart_syscall) + #define __NR_kill 129 +@@ -431,18 +373,18 @@ __SC_COMP(__NR_rt_sigaction, sys_rt_sigaction, compat_sys_rt_sigaction) + __SC_COMP(__NR_rt_sigprocmask, sys_rt_sigprocmask, compat_sys_rt_sigprocmask) + #define __NR_rt_sigpending 136 + __SC_COMP(__NR_rt_sigpending, sys_rt_sigpending, compat_sys_rt_sigpending) ++ + #if defined(__ARCH_WANT_TIME32_SYSCALLS) || __BITS_PER_LONG != 32 + #define __NR_rt_sigtimedwait 137 + __SC_COMP_3264(__NR_rt_sigtimedwait, sys_rt_sigtimedwait_time32, \ + sys_rt_sigtimedwait, compat_sys_rt_sigtimedwait_time32) + #endif ++ + #define __NR_rt_sigqueueinfo 138 + __SC_COMP(__NR_rt_sigqueueinfo, sys_rt_sigqueueinfo, \ + compat_sys_rt_sigqueueinfo) + #define __NR_rt_sigreturn 139 + __SC_COMP(__NR_rt_sigreturn, sys_rt_sigreturn, compat_sys_rt_sigreturn) +- +-/* kernel/sys.c */ + #define __NR_setpriority 140 + __SYSCALL(__NR_setpriority, sys_setpriority) + #define __NR_getpriority 141 +@@ -507,7 +449,6 @@ __SYSCALL(__NR_prctl, sys_prctl) + #define __NR_getcpu 168 + __SYSCALL(__NR_getcpu, sys_getcpu) + +-/* kernel/time.c */ + #if defined(__ARCH_WANT_TIME32_SYSCALLS) || __BITS_PER_LONG != 32 + #define __NR_gettimeofday 169 + __SC_COMP(__NR_gettimeofday, sys_gettimeofday, compat_sys_gettimeofday) +@@ -517,7 +458,6 @@ __SC_COMP(__NR_settimeofday, sys_settimeofday, compat_sys_settimeofday) + __SC_3264(__NR_adjtimex, sys_adjtimex_time32, sys_adjtimex) + #endif + +-/* kernel/sys.c */ + #define __NR_getpid 172 + __SYSCALL(__NR_getpid, sys_getpid) + #define __NR_getppid 173 +@@ -534,12 +474,11 @@ __SYSCALL(__NR_getegid, sys_getegid) + __SYSCALL(__NR_gettid, sys_gettid) + #define __NR_sysinfo 179 + __SC_COMP(__NR_sysinfo, sys_sysinfo, compat_sys_sysinfo) +- +-/* ipc/mqueue.c */ + #define __NR_mq_open 180 + __SC_COMP(__NR_mq_open, sys_mq_open, compat_sys_mq_open) + #define __NR_mq_unlink 181 + __SYSCALL(__NR_mq_unlink, sys_mq_unlink) ++ + #if defined(__ARCH_WANT_TIME32_SYSCALLS) || __BITS_PER_LONG != 32 + #define __NR_mq_timedsend 182 + __SC_3264(__NR_mq_timedsend, sys_mq_timedsend_time32, sys_mq_timedsend) +@@ -547,12 +486,11 @@ __SC_3264(__NR_mq_timedsend, sys_mq_timedsend_time32, sys_mq_timedsend) + __SC_3264(__NR_mq_timedreceive, sys_mq_timedreceive_time32, \ + sys_mq_timedreceive) + #endif ++ + #define __NR_mq_notify 184 + __SC_COMP(__NR_mq_notify, sys_mq_notify, compat_sys_mq_notify) + #define __NR_mq_getsetattr 185 + __SC_COMP(__NR_mq_getsetattr, sys_mq_getsetattr, compat_sys_mq_getsetattr) +- +-/* ipc/msg.c */ + #define __NR_msgget 186 + __SYSCALL(__NR_msgget, sys_msgget) + #define __NR_msgctl 187 +@@ -561,20 +499,18 @@ __SC_COMP(__NR_msgctl, sys_msgctl, compat_sys_msgctl) + __SC_COMP(__NR_msgrcv, sys_msgrcv, compat_sys_msgrcv) + #define __NR_msgsnd 189 + __SC_COMP(__NR_msgsnd, sys_msgsnd, compat_sys_msgsnd) +- +-/* ipc/sem.c */ + #define __NR_semget 190 + __SYSCALL(__NR_semget, sys_semget) + #define __NR_semctl 191 + __SC_COMP(__NR_semctl, sys_semctl, compat_sys_semctl) ++ + #if defined(__ARCH_WANT_TIME32_SYSCALLS) || __BITS_PER_LONG != 32 + #define __NR_semtimedop 192 + __SC_3264(__NR_semtimedop, sys_semtimedop_time32, sys_semtimedop) + #endif ++ + #define __NR_semop 193 + __SYSCALL(__NR_semop, sys_semop) +- +-/* ipc/shm.c */ + #define __NR_shmget 194 + __SYSCALL(__NR_shmget, sys_shmget) + #define __NR_shmctl 195 +@@ -583,8 +519,6 @@ __SC_COMP(__NR_shmctl, sys_shmctl, compat_sys_shmctl) + __SC_COMP(__NR_shmat, sys_shmat, compat_sys_shmat) + #define __NR_shmdt 197 + __SYSCALL(__NR_shmdt, sys_shmdt) +- +-/* net/socket.c */ + #define __NR_socket 198 + __SYSCALL(__NR_socket, sys_socket) + #define __NR_socketpair 199 +@@ -615,40 +549,30 @@ __SYSCALL(__NR_shutdown, sys_shutdown) + __SC_COMP(__NR_sendmsg, sys_sendmsg, compat_sys_sendmsg) + #define __NR_recvmsg 212 + __SC_COMP(__NR_recvmsg, sys_recvmsg, compat_sys_recvmsg) +- +-/* mm/filemap.c */ + #define __NR_readahead 213 + __SC_COMP(__NR_readahead, sys_readahead, compat_sys_readahead) +- +-/* mm/nommu.c, also with MMU */ + #define __NR_brk 214 + __SYSCALL(__NR_brk, sys_brk) + #define __NR_munmap 215 + __SYSCALL(__NR_munmap, sys_munmap) + #define __NR_mremap 216 + __SYSCALL(__NR_mremap, sys_mremap) +- +-/* security/keys/keyctl.c */ + #define __NR_add_key 217 + __SYSCALL(__NR_add_key, sys_add_key) + #define __NR_request_key 218 + __SYSCALL(__NR_request_key, sys_request_key) + #define __NR_keyctl 219 + __SC_COMP(__NR_keyctl, sys_keyctl, compat_sys_keyctl) +- +-/* arch/example/kernel/sys_example.c */ + #define __NR_clone 220 + __SYSCALL(__NR_clone, sys_clone) + #define __NR_execve 221 + __SC_COMP(__NR_execve, sys_execve, compat_sys_execve) +- + #define __NR3264_mmap 222 + __SC_3264(__NR3264_mmap, sys_mmap2, sys_mmap) +-/* mm/fadvise.c */ + #define __NR3264_fadvise64 223 + __SC_COMP(__NR3264_fadvise64, sys_fadvise64_64, compat_sys_fadvise64_64) + +-/* mm/, CONFIG_MMU only */ ++/* CONFIG_MMU only */ + #ifndef __ARCH_NOMMU + #define __NR_swapon 224 + __SYSCALL(__NR_swapon, sys_swapon) +@@ -691,6 +615,7 @@ __SC_COMP(__NR_rt_tgsigqueueinfo, sys_rt_tgsigqueueinfo, \ + __SYSCALL(__NR_perf_event_open, sys_perf_event_open) + #define __NR_accept4 242 + __SYSCALL(__NR_accept4, sys_accept4) ++ + #if defined(__ARCH_WANT_TIME32_SYSCALLS) || __BITS_PER_LONG != 32 + #define __NR_recvmmsg 243 + __SC_COMP_3264(__NR_recvmmsg, sys_recvmmsg_time32, sys_recvmmsg, compat_sys_recvmmsg_time32) +@@ -706,6 +631,7 @@ __SC_COMP_3264(__NR_recvmmsg, sys_recvmmsg_time32, sys_recvmmsg, compat_sys_recv + #define __NR_wait4 260 + __SC_COMP(__NR_wait4, sys_wait4, compat_sys_wait4) + #endif ++ + #define __NR_prlimit64 261 + __SYSCALL(__NR_prlimit64, sys_prlimit64) + #define __NR_fanotify_init 262 +@@ -716,10 +642,12 @@ __SYSCALL(__NR_fanotify_mark, sys_fanotify_mark) + __SYSCALL(__NR_name_to_handle_at, sys_name_to_handle_at) + #define __NR_open_by_handle_at 265 + __SYSCALL(__NR_open_by_handle_at, sys_open_by_handle_at) ++ + #if defined(__ARCH_WANT_TIME32_SYSCALLS) || __BITS_PER_LONG != 32 + #define __NR_clock_adjtime 266 + __SC_3264(__NR_clock_adjtime, sys_clock_adjtime32, sys_clock_adjtime) + #endif ++ + #define __NR_syncfs 267 + __SYSCALL(__NR_syncfs, sys_syncfs) + #define __NR_setns 268 +@@ -770,15 +698,19 @@ __SYSCALL(__NR_pkey_alloc, sys_pkey_alloc) + __SYSCALL(__NR_pkey_free, sys_pkey_free) + #define __NR_statx 291 + __SYSCALL(__NR_statx, sys_statx) ++ + #if defined(__ARCH_WANT_TIME32_SYSCALLS) || __BITS_PER_LONG != 32 + #define __NR_io_pgetevents 292 + __SC_COMP_3264(__NR_io_pgetevents, sys_io_pgetevents_time32, sys_io_pgetevents, compat_sys_io_pgetevents) + #endif ++ + #define __NR_rseq 293 + __SYSCALL(__NR_rseq, sys_rseq) + #define __NR_kexec_file_load 294 + __SYSCALL(__NR_kexec_file_load, sys_kexec_file_load) ++ + /* 295 through 402 are unassigned to sync up with generic numbers, don't use */ ++ + #if defined(__SYSCALL_COMPAT) || __BITS_PER_LONG == 32 + #define __NR_clock_gettime64 403 + __SYSCALL(__NR_clock_gettime64, sys_clock_gettime) +@@ -844,13 +776,14 @@ __SYSCALL(__NR_fsmount, sys_fsmount) + __SYSCALL(__NR_fspick, sys_fspick) + #define __NR_pidfd_open 434 + __SYSCALL(__NR_pidfd_open, sys_pidfd_open) ++ + #ifdef __ARCH_WANT_SYS_CLONE3 + #define __NR_clone3 435 + __SYSCALL(__NR_clone3, sys_clone3) + #endif ++ + #define __NR_close_range 436 + __SYSCALL(__NR_close_range, sys_close_range) +- + #define __NR_openat2 437 + __SYSCALL(__NR_openat2, sys_openat2) + #define __NR_pidfd_getfd 438 +@@ -865,7 +798,6 @@ __SC_COMP(__NR_epoll_pwait2, sys_epoll_pwait2, compat_sys_epoll_pwait2) + __SYSCALL(__NR_mount_setattr, sys_mount_setattr) + #define __NR_quotactl_fd 443 + __SYSCALL(__NR_quotactl_fd, sys_quotactl_fd) +- + #define __NR_landlock_create_ruleset 444 + __SYSCALL(__NR_landlock_create_ruleset, sys_landlock_create_ruleset) + #define __NR_landlock_add_rule 445 +@@ -877,17 +809,19 @@ __SYSCALL(__NR_landlock_restrict_self, sys_landlock_restrict_self) + #define __NR_memfd_secret 447 + __SYSCALL(__NR_memfd_secret, sys_memfd_secret) + #endif ++ + #define __NR_process_mrelease 448 + __SYSCALL(__NR_process_mrelease, sys_process_mrelease) +- + #define __NR_futex_waitv 449 + __SYSCALL(__NR_futex_waitv, sys_futex_waitv) +- + #define __NR_set_mempolicy_home_node 450 + __SYSCALL(__NR_set_mempolicy_home_node, sys_set_mempolicy_home_node) + ++#define __NR_cachestat 451 ++__SYSCALL(__NR_cachestat, sys_cachestat) ++ + #undef __NR_syscalls +-#define __NR_syscalls 451 ++#define __NR_syscalls 452 + + /* + * 32 bit systems traditionally used different +diff --git a/linux-headers/asm-mips/unistd_n32.h b/linux-headers/asm-mips/unistd_n32.h +index 1f14a6f..8233f06 100644 +--- a/linux-headers/asm-mips/unistd_n32.h ++++ b/linux-headers/asm-mips/unistd_n32.h +@@ -379,5 +379,6 @@ + #define __NR_process_mrelease (__NR_Linux + 448) + #define __NR_futex_waitv (__NR_Linux + 449) + #define __NR_set_mempolicy_home_node (__NR_Linux + 450) ++#define __NR_cachestat (__NR_Linux + 451) + + #endif /* _ASM_UNISTD_N32_H */ +diff --git a/linux-headers/asm-mips/unistd_n64.h b/linux-headers/asm-mips/unistd_n64.h +index e5a8ebe..a174edc 100644 +--- a/linux-headers/asm-mips/unistd_n64.h ++++ b/linux-headers/asm-mips/unistd_n64.h +@@ -355,5 +355,6 @@ + #define __NR_process_mrelease (__NR_Linux + 448) + #define __NR_futex_waitv (__NR_Linux + 449) + #define __NR_set_mempolicy_home_node (__NR_Linux + 450) ++#define __NR_cachestat (__NR_Linux + 451) + + #endif /* _ASM_UNISTD_N64_H */ +diff --git a/linux-headers/asm-mips/unistd_o32.h b/linux-headers/asm-mips/unistd_o32.h +index 871d571..c1a5351 100644 +--- a/linux-headers/asm-mips/unistd_o32.h ++++ b/linux-headers/asm-mips/unistd_o32.h +@@ -425,5 +425,6 @@ + #define __NR_process_mrelease (__NR_Linux + 448) + #define __NR_futex_waitv (__NR_Linux + 449) + #define __NR_set_mempolicy_home_node (__NR_Linux + 450) ++#define __NR_cachestat (__NR_Linux + 451) + + #endif /* _ASM_UNISTD_O32_H */ +diff --git a/linux-headers/asm-powerpc/unistd_32.h b/linux-headers/asm-powerpc/unistd_32.h +index 585c7fe..8206758 100644 +--- a/linux-headers/asm-powerpc/unistd_32.h ++++ b/linux-headers/asm-powerpc/unistd_32.h +@@ -432,6 +432,7 @@ + #define __NR_process_mrelease 448 + #define __NR_futex_waitv 449 + #define __NR_set_mempolicy_home_node 450 ++#define __NR_cachestat 451 + + + #endif /* _ASM_UNISTD_32_H */ +diff --git a/linux-headers/asm-powerpc/unistd_64.h b/linux-headers/asm-powerpc/unistd_64.h +index 350f7ec..7be98c1 100644 +--- a/linux-headers/asm-powerpc/unistd_64.h ++++ b/linux-headers/asm-powerpc/unistd_64.h +@@ -404,6 +404,7 @@ + #define __NR_process_mrelease 448 + #define __NR_futex_waitv 449 + #define __NR_set_mempolicy_home_node 450 ++#define __NR_cachestat 451 + + + #endif /* _ASM_UNISTD_64_H */ +diff --git a/linux-headers/asm-riscv/bitsperlong.h b/linux-headers/asm-riscv/bitsperlong.h +index cc5c45a..6dc0bb0 100644 +--- a/linux-headers/asm-riscv/bitsperlong.h ++++ b/linux-headers/asm-riscv/bitsperlong.h +@@ -1,14 +1 @@ +-/* SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note */ +-/* +- * Copyright (C) 2012 ARM Ltd. +- * Copyright (C) 2015 Regents of the University of California +- */ +- +-#ifndef _ASM_RISCV_BITSPERLONG_H +-#define _ASM_RISCV_BITSPERLONG_H +- +-#define __BITS_PER_LONG (__SIZEOF_POINTER__ * 8) +- + #include +- +-#endif /* _ASM_RISCV_BITSPERLONG_H */ +diff --git a/linux-headers/asm-riscv/kvm.h b/linux-headers/asm-riscv/kvm.h +index 92af6f3..930fdc4 100644 +--- a/linux-headers/asm-riscv/kvm.h ++++ b/linux-headers/asm-riscv/kvm.h +@@ -12,8 +12,10 @@ + #ifndef __ASSEMBLY__ + + #include ++#include + #include + ++#define __KVM_HAVE_IRQ_LINE + #define __KVM_HAVE_READONLY_MEM + + #define KVM_COALESCED_MMIO_PAGE_OFFSET 1 +@@ -52,6 +54,7 @@ struct kvm_riscv_config { + unsigned long mvendorid; + unsigned long marchid; + unsigned long mimpid; ++ unsigned long zicboz_block_size; + }; + + /* CORE registers for KVM_GET_ONE_REG and KVM_SET_ONE_REG */ +@@ -64,7 +67,7 @@ struct kvm_riscv_core { + #define KVM_RISCV_MODE_S 1 + #define KVM_RISCV_MODE_U 0 + +-/* CSR registers for KVM_GET_ONE_REG and KVM_SET_ONE_REG */ ++/* General CSR registers for KVM_GET_ONE_REG and KVM_SET_ONE_REG */ + struct kvm_riscv_csr { + unsigned long sstatus; + unsigned long sie; +@@ -78,6 +81,17 @@ struct kvm_riscv_csr { + unsigned long scounteren; + }; + ++/* AIA CSR registers for KVM_GET_ONE_REG and KVM_SET_ONE_REG */ ++struct kvm_riscv_aia_csr { ++ unsigned long siselect; ++ unsigned long iprio1; ++ unsigned long iprio2; ++ unsigned long sieh; ++ unsigned long siph; ++ unsigned long iprio1h; ++ unsigned long iprio2h; ++}; ++ + /* TIMER registers for KVM_GET_ONE_REG and KVM_SET_ONE_REG */ + struct kvm_riscv_timer { + __u64 frequency; +@@ -105,9 +119,31 @@ enum KVM_RISCV_ISA_EXT_ID { + KVM_RISCV_ISA_EXT_SVINVAL, + KVM_RISCV_ISA_EXT_ZIHINTPAUSE, + KVM_RISCV_ISA_EXT_ZICBOM, ++ KVM_RISCV_ISA_EXT_ZICBOZ, ++ KVM_RISCV_ISA_EXT_ZBB, ++ KVM_RISCV_ISA_EXT_SSAIA, ++ KVM_RISCV_ISA_EXT_V, ++ KVM_RISCV_ISA_EXT_SVNAPOT, + KVM_RISCV_ISA_EXT_MAX, + }; + ++/* ++ * SBI extension IDs specific to KVM. This is not the same as the SBI ++ * extension IDs defined by the RISC-V SBI specification. ++ */ ++enum KVM_RISCV_SBI_EXT_ID { ++ KVM_RISCV_SBI_EXT_V01 = 0, ++ KVM_RISCV_SBI_EXT_TIME, ++ KVM_RISCV_SBI_EXT_IPI, ++ KVM_RISCV_SBI_EXT_RFENCE, ++ KVM_RISCV_SBI_EXT_SRST, ++ KVM_RISCV_SBI_EXT_HSM, ++ KVM_RISCV_SBI_EXT_PMU, ++ KVM_RISCV_SBI_EXT_EXPERIMENTAL, ++ KVM_RISCV_SBI_EXT_VENDOR, ++ KVM_RISCV_SBI_EXT_MAX, ++}; ++ + /* Possible states for kvm_riscv_timer */ + #define KVM_RISCV_TIMER_STATE_OFF 0 + #define KVM_RISCV_TIMER_STATE_ON 1 +@@ -118,6 +154,8 @@ enum KVM_RISCV_ISA_EXT_ID { + /* If you need to interpret the index values, here is the key: */ + #define KVM_REG_RISCV_TYPE_MASK 0x00000000FF000000 + #define KVM_REG_RISCV_TYPE_SHIFT 24 ++#define KVM_REG_RISCV_SUBTYPE_MASK 0x0000000000FF0000 ++#define KVM_REG_RISCV_SUBTYPE_SHIFT 16 + + /* Config registers are mapped as type 1 */ + #define KVM_REG_RISCV_CONFIG (0x01 << KVM_REG_RISCV_TYPE_SHIFT) +@@ -131,8 +169,12 @@ enum KVM_RISCV_ISA_EXT_ID { + + /* Control and status registers are mapped as type 3 */ + #define KVM_REG_RISCV_CSR (0x03 << KVM_REG_RISCV_TYPE_SHIFT) ++#define KVM_REG_RISCV_CSR_GENERAL (0x0 << KVM_REG_RISCV_SUBTYPE_SHIFT) ++#define KVM_REG_RISCV_CSR_AIA (0x1 << KVM_REG_RISCV_SUBTYPE_SHIFT) + #define KVM_REG_RISCV_CSR_REG(name) \ + (offsetof(struct kvm_riscv_csr, name) / sizeof(unsigned long)) ++#define KVM_REG_RISCV_CSR_AIA_REG(name) \ ++ (offsetof(struct kvm_riscv_aia_csr, name) / sizeof(unsigned long)) + + /* Timer registers are mapped as type 4 */ + #define KVM_REG_RISCV_TIMER (0x04 << KVM_REG_RISCV_TYPE_SHIFT) +@@ -152,6 +194,96 @@ enum KVM_RISCV_ISA_EXT_ID { + /* ISA Extension registers are mapped as type 7 */ + #define KVM_REG_RISCV_ISA_EXT (0x07 << KVM_REG_RISCV_TYPE_SHIFT) + ++/* SBI extension registers are mapped as type 8 */ ++#define KVM_REG_RISCV_SBI_EXT (0x08 << KVM_REG_RISCV_TYPE_SHIFT) ++#define KVM_REG_RISCV_SBI_SINGLE (0x0 << KVM_REG_RISCV_SUBTYPE_SHIFT) ++#define KVM_REG_RISCV_SBI_MULTI_EN (0x1 << KVM_REG_RISCV_SUBTYPE_SHIFT) ++#define KVM_REG_RISCV_SBI_MULTI_DIS (0x2 << KVM_REG_RISCV_SUBTYPE_SHIFT) ++#define KVM_REG_RISCV_SBI_MULTI_REG(__ext_id) \ ++ ((__ext_id) / __BITS_PER_LONG) ++#define KVM_REG_RISCV_SBI_MULTI_MASK(__ext_id) \ ++ (1UL << ((__ext_id) % __BITS_PER_LONG)) ++#define KVM_REG_RISCV_SBI_MULTI_REG_LAST \ ++ KVM_REG_RISCV_SBI_MULTI_REG(KVM_RISCV_SBI_EXT_MAX - 1) ++ ++/* V extension registers are mapped as type 9 */ ++#define KVM_REG_RISCV_VECTOR (0x09 << KVM_REG_RISCV_TYPE_SHIFT) ++#define KVM_REG_RISCV_VECTOR_CSR_REG(name) \ ++ (offsetof(struct __riscv_v_ext_state, name) / sizeof(unsigned long)) ++#define KVM_REG_RISCV_VECTOR_REG(n) \ ++ ((n) + sizeof(struct __riscv_v_ext_state) / sizeof(unsigned long)) ++ ++/* Device Control API: RISC-V AIA */ ++#define KVM_DEV_RISCV_APLIC_ALIGN 0x1000 ++#define KVM_DEV_RISCV_APLIC_SIZE 0x4000 ++#define KVM_DEV_RISCV_APLIC_MAX_HARTS 0x4000 ++#define KVM_DEV_RISCV_IMSIC_ALIGN 0x1000 ++#define KVM_DEV_RISCV_IMSIC_SIZE 0x1000 ++ ++#define KVM_DEV_RISCV_AIA_GRP_CONFIG 0 ++#define KVM_DEV_RISCV_AIA_CONFIG_MODE 0 ++#define KVM_DEV_RISCV_AIA_CONFIG_IDS 1 ++#define KVM_DEV_RISCV_AIA_CONFIG_SRCS 2 ++#define KVM_DEV_RISCV_AIA_CONFIG_GROUP_BITS 3 ++#define KVM_DEV_RISCV_AIA_CONFIG_GROUP_SHIFT 4 ++#define KVM_DEV_RISCV_AIA_CONFIG_HART_BITS 5 ++#define KVM_DEV_RISCV_AIA_CONFIG_GUEST_BITS 6 ++ ++/* ++ * Modes of RISC-V AIA device: ++ * 1) EMUL (aka Emulation): Trap-n-emulate IMSIC ++ * 2) HWACCEL (aka HW Acceleration): Virtualize IMSIC using IMSIC guest files ++ * 3) AUTO (aka Automatic): Virtualize IMSIC using IMSIC guest files whenever ++ * available otherwise fallback to trap-n-emulation ++ */ ++#define KVM_DEV_RISCV_AIA_MODE_EMUL 0 ++#define KVM_DEV_RISCV_AIA_MODE_HWACCEL 1 ++#define KVM_DEV_RISCV_AIA_MODE_AUTO 2 ++ ++#define KVM_DEV_RISCV_AIA_IDS_MIN 63 ++#define KVM_DEV_RISCV_AIA_IDS_MAX 2048 ++#define KVM_DEV_RISCV_AIA_SRCS_MAX 1024 ++#define KVM_DEV_RISCV_AIA_GROUP_BITS_MAX 8 ++#define KVM_DEV_RISCV_AIA_GROUP_SHIFT_MIN 24 ++#define KVM_DEV_RISCV_AIA_GROUP_SHIFT_MAX 56 ++#define KVM_DEV_RISCV_AIA_HART_BITS_MAX 16 ++#define KVM_DEV_RISCV_AIA_GUEST_BITS_MAX 8 ++ ++#define KVM_DEV_RISCV_AIA_GRP_ADDR 1 ++#define KVM_DEV_RISCV_AIA_ADDR_APLIC 0 ++#define KVM_DEV_RISCV_AIA_ADDR_IMSIC(__vcpu) (1 + (__vcpu)) ++#define KVM_DEV_RISCV_AIA_ADDR_MAX \ ++ (1 + KVM_DEV_RISCV_APLIC_MAX_HARTS) ++ ++#define KVM_DEV_RISCV_AIA_GRP_CTRL 2 ++#define KVM_DEV_RISCV_AIA_CTRL_INIT 0 ++ ++/* ++ * The device attribute type contains the memory mapped offset of the ++ * APLIC register (range 0x0000-0x3FFF) and it must be 4-byte aligned. ++ */ ++#define KVM_DEV_RISCV_AIA_GRP_APLIC 3 ++ ++/* ++ * The lower 12-bits of the device attribute type contains the iselect ++ * value of the IMSIC register (range 0x70-0xFF) whereas the higher order ++ * bits contains the VCPU id. ++ */ ++#define KVM_DEV_RISCV_AIA_GRP_IMSIC 4 ++#define KVM_DEV_RISCV_AIA_IMSIC_ISEL_BITS 12 ++#define KVM_DEV_RISCV_AIA_IMSIC_ISEL_MASK \ ++ ((1U << KVM_DEV_RISCV_AIA_IMSIC_ISEL_BITS) - 1) ++#define KVM_DEV_RISCV_AIA_IMSIC_MKATTR(__vcpu, __isel) \ ++ (((__vcpu) << KVM_DEV_RISCV_AIA_IMSIC_ISEL_BITS) | \ ++ ((__isel) & KVM_DEV_RISCV_AIA_IMSIC_ISEL_MASK)) ++#define KVM_DEV_RISCV_AIA_IMSIC_GET_ISEL(__attr) \ ++ ((__attr) & KVM_DEV_RISCV_AIA_IMSIC_ISEL_MASK) ++#define KVM_DEV_RISCV_AIA_IMSIC_GET_VCPU(__attr) \ ++ ((__attr) >> KVM_DEV_RISCV_AIA_IMSIC_ISEL_BITS) ++ ++/* One single KVM irqchip, ie. the AIA */ ++#define KVM_NR_IRQCHIPS 1 ++ + #endif + + #endif /* __LINUX_KVM_RISCV_H */ +diff --git a/linux-headers/asm-riscv/unistd.h b/linux-headers/asm-riscv/unistd.h +index 73d7cdd..950ab3f 100644 +--- a/linux-headers/asm-riscv/unistd.h ++++ b/linux-headers/asm-riscv/unistd.h +@@ -43,3 +43,12 @@ + #define __NR_riscv_flush_icache (__NR_arch_specific_syscall + 15) + #endif + __SYSCALL(__NR_riscv_flush_icache, sys_riscv_flush_icache) ++ ++/* ++ * Allows userspace to query the kernel for CPU architecture and ++ * microarchitecture details across a given set of CPUs. ++ */ ++#ifndef __NR_riscv_hwprobe ++#define __NR_riscv_hwprobe (__NR_arch_specific_syscall + 14) ++#endif ++__SYSCALL(__NR_riscv_hwprobe, sys_riscv_hwprobe) +diff --git a/linux-headers/asm-s390/unistd_32.h b/linux-headers/asm-s390/unistd_32.h +index 8e644d6..ef772cc 100644 +--- a/linux-headers/asm-s390/unistd_32.h ++++ b/linux-headers/asm-s390/unistd_32.h +@@ -419,8 +419,10 @@ + #define __NR_landlock_create_ruleset 444 + #define __NR_landlock_add_rule 445 + #define __NR_landlock_restrict_self 446 ++#define __NR_memfd_secret 447 + #define __NR_process_mrelease 448 + #define __NR_futex_waitv 449 + #define __NR_set_mempolicy_home_node 450 ++#define __NR_cachestat 451 + + #endif /* _ASM_S390_UNISTD_32_H */ +diff --git a/linux-headers/asm-s390/unistd_64.h b/linux-headers/asm-s390/unistd_64.h +index 51da542..32354a0 100644 +--- a/linux-headers/asm-s390/unistd_64.h ++++ b/linux-headers/asm-s390/unistd_64.h +@@ -367,8 +367,10 @@ + #define __NR_landlock_create_ruleset 444 + #define __NR_landlock_add_rule 445 + #define __NR_landlock_restrict_self 446 ++#define __NR_memfd_secret 447 + #define __NR_process_mrelease 448 + #define __NR_futex_waitv 449 + #define __NR_set_mempolicy_home_node 450 ++#define __NR_cachestat 451 + + #endif /* _ASM_S390_UNISTD_64_H */ +diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h +index 2937e7b..2b3a8f7 100644 +--- a/linux-headers/asm-x86/kvm.h ++++ b/linux-headers/asm-x86/kvm.h +@@ -557,4 +557,7 @@ struct kvm_pmu_event_filter { + #define KVM_VCPU_TSC_CTRL 0 /* control group for the timestamp counter (TSC) */ + #define KVM_VCPU_TSC_OFFSET 0 /* attribute for the TSC offset */ + ++/* x86-specific KVM_EXIT_HYPERCALL flags. */ ++#define KVM_EXIT_HYPERCALL_LONG_MODE BIT(0) ++ + #endif /* _ASM_X86_KVM_H */ +diff --git a/linux-headers/asm-x86/unistd_32.h b/linux-headers/asm-x86/unistd_32.h +index 87e1e97..37b32d8 100644 +--- a/linux-headers/asm-x86/unistd_32.h ++++ b/linux-headers/asm-x86/unistd_32.h +@@ -441,6 +441,7 @@ + #define __NR_process_mrelease 448 + #define __NR_futex_waitv 449 + #define __NR_set_mempolicy_home_node 450 ++#define __NR_cachestat 451 + + + #endif /* _ASM_UNISTD_32_H */ +diff --git a/linux-headers/asm-x86/unistd_64.h b/linux-headers/asm-x86/unistd_64.h +index 147a78d..5b55d67 100644 +--- a/linux-headers/asm-x86/unistd_64.h ++++ b/linux-headers/asm-x86/unistd_64.h +@@ -363,6 +363,7 @@ + #define __NR_process_mrelease 448 + #define __NR_futex_waitv 449 + #define __NR_set_mempolicy_home_node 450 ++#define __NR_cachestat 451 + + + #endif /* _ASM_UNISTD_64_H */ +diff --git a/linux-headers/asm-x86/unistd_x32.h b/linux-headers/asm-x86/unistd_x32.h +index 27098db..e8a0075 100644 +--- a/linux-headers/asm-x86/unistd_x32.h ++++ b/linux-headers/asm-x86/unistd_x32.h +@@ -316,6 +316,7 @@ + #define __NR_process_mrelease (__X32_SYSCALL_BIT + 448) + #define __NR_futex_waitv (__X32_SYSCALL_BIT + 449) + #define __NR_set_mempolicy_home_node (__X32_SYSCALL_BIT + 450) ++#define __NR_cachestat (__X32_SYSCALL_BIT + 451) + #define __NR_rt_sigaction (__X32_SYSCALL_BIT + 512) + #define __NR_rt_sigreturn (__X32_SYSCALL_BIT + 513) + #define __NR_ioctl (__X32_SYSCALL_BIT + 514) +diff --git a/linux-headers/linux/const.h b/linux-headers/linux/const.h +index 5e48987..1eb84b5 100644 +--- a/linux-headers/linux/const.h ++++ b/linux-headers/linux/const.h +@@ -28,7 +28,7 @@ + #define _BITUL(x) (_UL(1) << (x)) + #define _BITULL(x) (_ULL(1) << (x)) + +-#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (typeof(x))(a) - 1) ++#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (__typeof__(x))(a) - 1) + #define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask)) + + #define __KERNEL_DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) +diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h +index 599de3c..1f3f333 100644 +--- a/linux-headers/linux/kvm.h ++++ b/linux-headers/linux/kvm.h +@@ -341,8 +341,11 @@ struct kvm_run { + __u64 nr; + __u64 args[6]; + __u64 ret; +- __u32 longmode; +- __u32 pad; ++ ++ union { ++ __u32 longmode; ++ __u64 flags; ++ }; + } hypercall; + /* KVM_EXIT_TPR_ACCESS */ + struct { +@@ -1182,6 +1185,9 @@ struct kvm_ppc_resize_hpt { + #define KVM_CAP_S390_PROTECTED_ASYNC_DISABLE 224 + #define KVM_CAP_DIRTY_LOG_RING_WITH_BITMAP 225 + #define KVM_CAP_PMU_EVENT_MASKED_EVENTS 226 ++#define KVM_CAP_COUNTER_OFFSET 227 ++#define KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE 228 ++#define KVM_CAP_ARM_SUPPORTED_BLOCK_SIZES 229 + + #ifdef KVM_CAP_IRQ_ROUTING + +@@ -1434,6 +1440,8 @@ enum kvm_device_type { + #define KVM_DEV_TYPE_XIVE KVM_DEV_TYPE_XIVE + KVM_DEV_TYPE_ARM_PV_TIME, + #define KVM_DEV_TYPE_ARM_PV_TIME KVM_DEV_TYPE_ARM_PV_TIME ++ KVM_DEV_TYPE_RISCV_AIA, ++#define KVM_DEV_TYPE_RISCV_AIA KVM_DEV_TYPE_RISCV_AIA + KVM_DEV_TYPE_MAX, + }; + +@@ -1449,7 +1457,7 @@ struct kvm_vfio_spapr_tce { + #define KVM_CREATE_VCPU _IO(KVMIO, 0x41) + #define KVM_GET_DIRTY_LOG _IOW(KVMIO, 0x42, struct kvm_dirty_log) + #define KVM_SET_NR_MMU_PAGES _IO(KVMIO, 0x44) +-#define KVM_GET_NR_MMU_PAGES _IO(KVMIO, 0x45) ++#define KVM_GET_NR_MMU_PAGES _IO(KVMIO, 0x45) /* deprecated */ + #define KVM_SET_USER_MEMORY_REGION _IOW(KVMIO, 0x46, \ + struct kvm_userspace_memory_region) + #define KVM_SET_TSS_ADDR _IO(KVMIO, 0x47) +@@ -1541,6 +1549,8 @@ struct kvm_s390_ucas_mapping { + #define KVM_SET_PMU_EVENT_FILTER _IOW(KVMIO, 0xb2, struct kvm_pmu_event_filter) + #define KVM_PPC_SVM_OFF _IO(KVMIO, 0xb3) + #define KVM_ARM_MTE_COPY_TAGS _IOR(KVMIO, 0xb4, struct kvm_arm_copy_mte_tags) ++/* Available with KVM_CAP_COUNTER_OFFSET */ ++#define KVM_ARM_SET_COUNTER_OFFSET _IOW(KVMIO, 0xb5, struct kvm_arm_counter_offset) + + /* ioctl for vm fd */ + #define KVM_CREATE_DEVICE _IOWR(KVMIO, 0xe0, struct kvm_create_device) +@@ -1603,7 +1613,7 @@ struct kvm_s390_ucas_mapping { + #define KVM_GET_DEBUGREGS _IOR(KVMIO, 0xa1, struct kvm_debugregs) + #define KVM_SET_DEBUGREGS _IOW(KVMIO, 0xa2, struct kvm_debugregs) + /* +- * vcpu version available with KVM_ENABLE_CAP ++ * vcpu version available with KVM_CAP_ENABLE_CAP + * vm version available with KVM_CAP_ENABLE_CAP_VM + */ + #define KVM_ENABLE_CAP _IOW(KVMIO, 0xa3, struct kvm_enable_cap) +diff --git a/linux-headers/linux/mman.h b/linux-headers/linux/mman.h +index 434986f..4e8cb60 100644 +--- a/linux-headers/linux/mman.h ++++ b/linux-headers/linux/mman.h +@@ -4,6 +4,7 @@ + + #include + #include ++#include + + #define MREMAP_MAYMOVE 1 + #define MREMAP_FIXED 2 +@@ -41,4 +42,17 @@ + #define MAP_HUGE_2GB HUGETLB_FLAG_ENCODE_2GB + #define MAP_HUGE_16GB HUGETLB_FLAG_ENCODE_16GB + ++struct cachestat_range { ++ __u64 off; ++ __u64 len; ++}; ++ ++struct cachestat { ++ __u64 nr_cache; ++ __u64 nr_dirty; ++ __u64 nr_writeback; ++ __u64 nr_evicted; ++ __u64 nr_recently_evicted; ++}; ++ + #endif /* _LINUX_MMAN_H */ +diff --git a/linux-headers/linux/psp-sev.h b/linux-headers/linux/psp-sev.h +index 51d8b39..12ccb70 100644 +--- a/linux-headers/linux/psp-sev.h ++++ b/linux-headers/linux/psp-sev.h +@@ -36,6 +36,13 @@ enum { + * SEV Firmware status code + */ + typedef enum { ++ /* ++ * This error code is not in the SEV spec. Its purpose is to convey that ++ * there was an error that prevented the SEV firmware from being called. ++ * The SEV API error codes are 16 bits, so the -1 value will not overlap ++ * with possible values from the specification. ++ */ ++ SEV_RET_NO_FW_CALL = -1, + SEV_RET_SUCCESS = 0, + SEV_RET_INVALID_PLATFORM_STATE, + SEV_RET_INVALID_GUEST_STATE, +diff --git a/linux-headers/linux/userfaultfd.h b/linux-headers/linux/userfaultfd.h +index ba5d0df..14e4022 100644 +--- a/linux-headers/linux/userfaultfd.h ++++ b/linux-headers/linux/userfaultfd.h +@@ -38,7 +38,8 @@ + UFFD_FEATURE_MINOR_HUGETLBFS | \ + UFFD_FEATURE_MINOR_SHMEM | \ + UFFD_FEATURE_EXACT_ADDRESS | \ +- UFFD_FEATURE_WP_HUGETLBFS_SHMEM) ++ UFFD_FEATURE_WP_HUGETLBFS_SHMEM | \ ++ UFFD_FEATURE_WP_UNPOPULATED) + #define UFFD_API_IOCTLS \ + ((__u64)1 << _UFFDIO_REGISTER | \ + (__u64)1 << _UFFDIO_UNREGISTER | \ +@@ -203,6 +204,12 @@ struct uffdio_api { + * + * UFFD_FEATURE_WP_HUGETLBFS_SHMEM indicates that userfaultfd + * write-protection mode is supported on both shmem and hugetlbfs. ++ * ++ * UFFD_FEATURE_WP_UNPOPULATED indicates that userfaultfd ++ * write-protection mode will always apply to unpopulated pages ++ * (i.e. empty ptes). This will be the default behavior for shmem ++ * & hugetlbfs, so this flag only affects anonymous memory behavior ++ * when userfault write-protection mode is registered. + */ + #define UFFD_FEATURE_PAGEFAULT_FLAG_WP (1<<0) + #define UFFD_FEATURE_EVENT_FORK (1<<1) +@@ -217,6 +224,7 @@ struct uffdio_api { + #define UFFD_FEATURE_MINOR_SHMEM (1<<10) + #define UFFD_FEATURE_EXACT_ADDRESS (1<<11) + #define UFFD_FEATURE_WP_HUGETLBFS_SHMEM (1<<12) ++#define UFFD_FEATURE_WP_UNPOPULATED (1<<13) + __u64 features; + + __u64 ioctls; +@@ -297,6 +305,13 @@ struct uffdio_writeprotect { + struct uffdio_continue { + struct uffdio_range range; + #define UFFDIO_CONTINUE_MODE_DONTWAKE ((__u64)1<<0) ++ /* ++ * UFFDIO_CONTINUE_MODE_WP will map the page write protected on ++ * the fly. UFFDIO_CONTINUE_MODE_WP is available only if the ++ * write protected ioctl is implemented for the range ++ * according to the uffdio_register.ioctls. ++ */ ++#define UFFDIO_CONTINUE_MODE_WP ((__u64)1<<1) + __u64 mode; + + /* +diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h +index 4a534ed..16db890 100644 +--- a/linux-headers/linux/vfio.h ++++ b/linux-headers/linux/vfio.h +@@ -213,6 +213,7 @@ struct vfio_device_info { + #define VFIO_DEVICE_FLAGS_AP (1 << 5) /* vfio-ap device */ + #define VFIO_DEVICE_FLAGS_FSL_MC (1 << 6) /* vfio-fsl-mc device */ + #define VFIO_DEVICE_FLAGS_CAPS (1 << 7) /* Info supports caps */ ++#define VFIO_DEVICE_FLAGS_CDX (1 << 8) /* vfio-cdx device */ + __u32 num_regions; /* Max region index + 1 */ + __u32 num_irqs; /* Max IRQ index + 1 */ + __u32 cap_offset; /* Offset within info struct of first cap */ +@@ -240,6 +241,20 @@ struct vfio_device_info { + #define VFIO_DEVICE_INFO_CAP_ZPCI_UTIL 3 + #define VFIO_DEVICE_INFO_CAP_ZPCI_PFIP 4 + ++/* ++ * The following VFIO_DEVICE_INFO capability reports support for PCIe AtomicOp ++ * completion to the root bus with supported widths provided via flags. ++ */ ++#define VFIO_DEVICE_INFO_CAP_PCI_ATOMIC_COMP 5 ++struct vfio_device_info_cap_pci_atomic_comp { ++ struct vfio_info_cap_header header; ++ __u32 flags; ++#define VFIO_PCI_ATOMIC_COMP32 (1 << 0) ++#define VFIO_PCI_ATOMIC_COMP64 (1 << 1) ++#define VFIO_PCI_ATOMIC_COMP128 (1 << 2) ++ __u32 reserved; ++}; ++ + /** + * VFIO_DEVICE_GET_REGION_INFO - _IOWR(VFIO_TYPE, VFIO_BASE + 8, + * struct vfio_region_info) +@@ -511,6 +526,9 @@ struct vfio_region_info_cap_nvlink2_lnkspd { + * then add and unmask vectors, it's up to userspace to make the decision + * whether to allocate the maximum supported number of vectors or tear + * down setup and incrementally increase the vectors as each is enabled. ++ * Absence of the NORESIZE flag indicates that vectors can be enabled ++ * and disabled dynamically without impacting other vectors within the ++ * index. + */ + struct vfio_irq_info { + __u32 argsz; +@@ -646,6 +664,15 @@ enum { + VFIO_CCW_NUM_IRQS + }; + ++/* ++ * The vfio-ap bus driver makes use of the following IRQ index mapping. ++ * Unimplemented IRQ types return a count of zero. ++ */ ++enum { ++ VFIO_AP_REQ_IRQ_INDEX, ++ VFIO_AP_NUM_IRQS ++}; ++ + /** + * VFIO_DEVICE_GET_PCI_HOT_RESET_INFO - _IOWR(VFIO_TYPE, VFIO_BASE + 12, + * struct vfio_pci_hot_reset_info) +diff --git a/linux-headers/linux/vhost.h b/linux-headers/linux/vhost.h +index 92e1b70..f5c48b6 100644 +--- a/linux-headers/linux/vhost.h ++++ b/linux-headers/linux/vhost.h +@@ -45,6 +45,25 @@ + #define VHOST_SET_LOG_BASE _IOW(VHOST_VIRTIO, 0x04, __u64) + /* Specify an eventfd file descriptor to signal on log write. */ + #define VHOST_SET_LOG_FD _IOW(VHOST_VIRTIO, 0x07, int) ++/* By default, a device gets one vhost_worker that its virtqueues share. This ++ * command allows the owner of the device to create an additional vhost_worker ++ * for the device. It can later be bound to 1 or more of its virtqueues using ++ * the VHOST_ATTACH_VRING_WORKER command. ++ * ++ * This must be called after VHOST_SET_OWNER and the caller must be the owner ++ * of the device. The new thread will inherit caller's cgroups and namespaces, ++ * and will share the caller's memory space. The new thread will also be ++ * counted against the caller's RLIMIT_NPROC value. ++ * ++ * The worker's ID used in other commands will be returned in ++ * vhost_worker_state. ++ */ ++#define VHOST_NEW_WORKER _IOR(VHOST_VIRTIO, 0x8, struct vhost_worker_state) ++/* Free a worker created with VHOST_NEW_WORKER if it's not attached to any ++ * virtqueue. If userspace is not able to call this for workers its created, ++ * the kernel will free all the device's workers when the device is closed. ++ */ ++#define VHOST_FREE_WORKER _IOW(VHOST_VIRTIO, 0x9, struct vhost_worker_state) + + /* Ring setup. */ + /* Set number of descriptors in ring. This parameter can not +@@ -70,6 +89,18 @@ + #define VHOST_VRING_BIG_ENDIAN 1 + #define VHOST_SET_VRING_ENDIAN _IOW(VHOST_VIRTIO, 0x13, struct vhost_vring_state) + #define VHOST_GET_VRING_ENDIAN _IOW(VHOST_VIRTIO, 0x14, struct vhost_vring_state) ++/* Attach a vhost_worker created with VHOST_NEW_WORKER to one of the device's ++ * virtqueues. ++ * ++ * This will replace the virtqueue's existing worker. If the replaced worker ++ * is no longer attached to any virtqueues, it can be freed with ++ * VHOST_FREE_WORKER. ++ */ ++#define VHOST_ATTACH_VRING_WORKER _IOW(VHOST_VIRTIO, 0x15, \ ++ struct vhost_vring_worker) ++/* Return the vring worker's ID */ ++#define VHOST_GET_VRING_WORKER _IOWR(VHOST_VIRTIO, 0x16, \ ++ struct vhost_vring_worker) + + /* The following ioctls use eventfd file descriptors to signal and poll + * for events. */ diff -Nru qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-update-linux-headers-6.6rc1.patch qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-update-linux-headers-6.6rc1.patch --- qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-update-linux-headers-6.6rc1.patch 1970-01-01 00:00:00.000000000 +0000 +++ qemu-8.0.4+dfsg/debian/patches/ubuntu/lp2003673-update-linux-headers-6.6rc1.patch 2023-10-30 20:16:32.000000000 +0000 @@ -0,0 +1,782 @@ +From: Thomas Huth +Date: Tue, 12 Sep 2023 11:24:40 +0200 +Subject: linux-headers: Update to Linux v6.6-rc1 + +This update contains the required header changes for the +"target/s390x: AP-passthrough for PV guests" patch from +Steffen Eiden. + +Message-ID: <20230912093432.180041-1-thuth@redhat.com> +Signed-off-by: Thomas Huth + +Origin: upstream, https://gitlab.com/qemu-project/qemu/-/commit/da3c22c74a +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2003673 +--- + include/standard-headers/linux/fuse.h | 63 ++++++++++- + include/standard-headers/linux/vhost_types.h | 4 + + include/standard-headers/linux/virtio_net.h | 14 +++ + linux-headers/asm-arm64/bitsperlong.h | 23 ++++ + linux-headers/asm-generic/unistd.h | 5 +- + linux-headers/asm-mips/unistd_n32.h | 1 + + linux-headers/asm-mips/unistd_n64.h | 1 + + linux-headers/asm-mips/unistd_o32.h | 1 + + linux-headers/asm-powerpc/unistd_32.h | 1 + + linux-headers/asm-powerpc/unistd_64.h | 1 + + linux-headers/asm-riscv/bitsperlong.h | 13 +++ + linux-headers/asm-riscv/kvm.h | 16 +++ + linux-headers/asm-s390/kvm.h | 16 +++ + linux-headers/asm-s390/unistd_32.h | 1 + + linux-headers/asm-s390/unistd_64.h | 1 + + linux-headers/asm-x86/mman.h | 10 +- + linux-headers/asm-x86/unistd_32.h | 1 + + linux-headers/asm-x86/unistd_64.h | 2 + + linux-headers/asm-x86/unistd_x32.h | 1 + + linux-headers/linux/kvm.h | 13 ++- + linux-headers/linux/stddef.h | 4 + + linux-headers/linux/userfaultfd.h | 25 ++++- + linux-headers/linux/vfio.h | 150 ++++++++++++++++++++++++++- + 23 files changed, 351 insertions(+), 16 deletions(-) + +diff --git a/include/standard-headers/linux/fuse.h b/include/standard-headers/linux/fuse.h +index 35c131a..6b97938 100644 +--- a/include/standard-headers/linux/fuse.h ++++ b/include/standard-headers/linux/fuse.h +@@ -206,6 +206,11 @@ + * - add extension header + * - add FUSE_EXT_GROUPS + * - add FUSE_CREATE_SUPP_GROUP ++ * - add FUSE_HAS_EXPIRE_ONLY ++ * ++ * 7.39 ++ * - add FUSE_DIRECT_IO_RELAX ++ * - add FUSE_STATX and related structures + */ + + #ifndef _LINUX_FUSE_H +@@ -237,7 +242,7 @@ + #define FUSE_KERNEL_VERSION 7 + + /** Minor version number of this interface */ +-#define FUSE_KERNEL_MINOR_VERSION 38 ++#define FUSE_KERNEL_MINOR_VERSION 39 + + /** The node ID of the root inode */ + #define FUSE_ROOT_ID 1 +@@ -264,6 +269,40 @@ struct fuse_attr { + uint32_t flags; + }; + ++/* ++ * The following structures are bit-for-bit compatible with the statx(2) ABI in ++ * Linux. ++ */ ++struct fuse_sx_time { ++ int64_t tv_sec; ++ uint32_t tv_nsec; ++ int32_t __reserved; ++}; ++ ++struct fuse_statx { ++ uint32_t mask; ++ uint32_t blksize; ++ uint64_t attributes; ++ uint32_t nlink; ++ uint32_t uid; ++ uint32_t gid; ++ uint16_t mode; ++ uint16_t __spare0[1]; ++ uint64_t ino; ++ uint64_t size; ++ uint64_t blocks; ++ uint64_t attributes_mask; ++ struct fuse_sx_time atime; ++ struct fuse_sx_time btime; ++ struct fuse_sx_time ctime; ++ struct fuse_sx_time mtime; ++ uint32_t rdev_major; ++ uint32_t rdev_minor; ++ uint32_t dev_major; ++ uint32_t dev_minor; ++ uint64_t __spare2[14]; ++}; ++ + struct fuse_kstatfs { + uint64_t blocks; + uint64_t bfree; +@@ -365,6 +404,9 @@ struct fuse_file_lock { + * FUSE_HAS_INODE_DAX: use per inode DAX + * FUSE_CREATE_SUPP_GROUP: add supplementary group info to create, mkdir, + * symlink and mknod (single group that matches parent) ++ * FUSE_HAS_EXPIRE_ONLY: kernel supports expiry-only entry invalidation ++ * FUSE_DIRECT_IO_RELAX: relax restrictions in FOPEN_DIRECT_IO mode, for now ++ * allow shared mmap + */ + #define FUSE_ASYNC_READ (1 << 0) + #define FUSE_POSIX_LOCKS (1 << 1) +@@ -402,6 +444,8 @@ struct fuse_file_lock { + #define FUSE_SECURITY_CTX (1ULL << 32) + #define FUSE_HAS_INODE_DAX (1ULL << 33) + #define FUSE_CREATE_SUPP_GROUP (1ULL << 34) ++#define FUSE_HAS_EXPIRE_ONLY (1ULL << 35) ++#define FUSE_DIRECT_IO_RELAX (1ULL << 36) + + /** + * CUSE INIT request/reply flags +@@ -568,6 +612,7 @@ enum fuse_opcode { + FUSE_REMOVEMAPPING = 49, + FUSE_SYNCFS = 50, + FUSE_TMPFILE = 51, ++ FUSE_STATX = 52, + + /* CUSE specific operations */ + CUSE_INIT = 4096, +@@ -632,6 +677,22 @@ struct fuse_attr_out { + struct fuse_attr attr; + }; + ++struct fuse_statx_in { ++ uint32_t getattr_flags; ++ uint32_t reserved; ++ uint64_t fh; ++ uint32_t sx_flags; ++ uint32_t sx_mask; ++}; ++ ++struct fuse_statx_out { ++ uint64_t attr_valid; /* Cache timeout for the attributes */ ++ uint32_t attr_valid_nsec; ++ uint32_t flags; ++ uint64_t spare[2]; ++ struct fuse_statx stat; ++}; ++ + #define FUSE_COMPAT_MKNOD_IN_SIZE 8 + + struct fuse_mknod_in { +diff --git a/include/standard-headers/linux/vhost_types.h b/include/standard-headers/linux/vhost_types.h +index 6691a3c..5ad07e1 100644 +--- a/include/standard-headers/linux/vhost_types.h ++++ b/include/standard-headers/linux/vhost_types.h +@@ -181,5 +181,9 @@ struct vhost_vdpa_iova_range { + #define VHOST_BACKEND_F_SUSPEND 0x4 + /* Device can be resumed */ + #define VHOST_BACKEND_F_RESUME 0x5 ++/* Device supports the driver enabling virtqueues both before and after ++ * DRIVER_OK ++ */ ++#define VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK 0x6 + + #endif +diff --git a/include/standard-headers/linux/virtio_net.h b/include/standard-headers/linux/virtio_net.h +index 2325485..0f88417 100644 +--- a/include/standard-headers/linux/virtio_net.h ++++ b/include/standard-headers/linux/virtio_net.h +@@ -56,6 +56,7 @@ + #define VIRTIO_NET_F_MQ 22 /* Device supports Receive Flow + * Steering */ + #define VIRTIO_NET_F_CTRL_MAC_ADDR 23 /* Set MAC address */ ++#define VIRTIO_NET_F_VQ_NOTF_COAL 52 /* Device supports virtqueue notification coalescing */ + #define VIRTIO_NET_F_NOTF_COAL 53 /* Device supports notifications coalescing */ + #define VIRTIO_NET_F_GUEST_USO4 54 /* Guest can handle USOv4 in. */ + #define VIRTIO_NET_F_GUEST_USO6 55 /* Guest can handle USOv6 in. */ +@@ -391,5 +392,18 @@ struct virtio_net_ctrl_coal_rx { + }; + + #define VIRTIO_NET_CTRL_NOTF_COAL_RX_SET 1 ++#define VIRTIO_NET_CTRL_NOTF_COAL_VQ_SET 2 ++#define VIRTIO_NET_CTRL_NOTF_COAL_VQ_GET 3 ++ ++struct virtio_net_ctrl_coal { ++ uint32_t max_packets; ++ uint32_t max_usecs; ++}; ++ ++struct virtio_net_ctrl_coal_vq { ++ uint16_t vqn; ++ uint16_t reserved; ++ struct virtio_net_ctrl_coal coal; ++}; + + #endif /* _LINUX_VIRTIO_NET_H */ +diff --git a/linux-headers/asm-arm64/bitsperlong.h b/linux-headers/asm-arm64/bitsperlong.h +index 6dc0bb0..485d60b 100644 +--- a/linux-headers/asm-arm64/bitsperlong.h ++++ b/linux-headers/asm-arm64/bitsperlong.h +@@ -1 +1,24 @@ ++/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ ++/* ++ * Copyright (C) 2012 ARM Ltd. ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program. If not, see . ++ */ ++#ifndef __ASM_BITSPERLONG_H ++#define __ASM_BITSPERLONG_H ++ ++#define __BITS_PER_LONG 64 ++ + #include ++ ++#endif /* __ASM_BITSPERLONG_H */ +diff --git a/linux-headers/asm-generic/unistd.h b/linux-headers/asm-generic/unistd.h +index fd6c1cb..abe087c 100644 +--- a/linux-headers/asm-generic/unistd.h ++++ b/linux-headers/asm-generic/unistd.h +@@ -820,8 +820,11 @@ __SYSCALL(__NR_set_mempolicy_home_node, sys_set_mempolicy_home_node) + #define __NR_cachestat 451 + __SYSCALL(__NR_cachestat, sys_cachestat) + ++#define __NR_fchmodat2 452 ++__SYSCALL(__NR_fchmodat2, sys_fchmodat2) ++ + #undef __NR_syscalls +-#define __NR_syscalls 452 ++#define __NR_syscalls 453 + + /* + * 32 bit systems traditionally used different +diff --git a/linux-headers/asm-mips/unistd_n32.h b/linux-headers/asm-mips/unistd_n32.h +index 8233f06..46d8500 100644 +--- a/linux-headers/asm-mips/unistd_n32.h ++++ b/linux-headers/asm-mips/unistd_n32.h +@@ -380,5 +380,6 @@ + #define __NR_futex_waitv (__NR_Linux + 449) + #define __NR_set_mempolicy_home_node (__NR_Linux + 450) + #define __NR_cachestat (__NR_Linux + 451) ++#define __NR_fchmodat2 (__NR_Linux + 452) + + #endif /* _ASM_UNISTD_N32_H */ +diff --git a/linux-headers/asm-mips/unistd_n64.h b/linux-headers/asm-mips/unistd_n64.h +index a174edc..c2f7ac6 100644 +--- a/linux-headers/asm-mips/unistd_n64.h ++++ b/linux-headers/asm-mips/unistd_n64.h +@@ -356,5 +356,6 @@ + #define __NR_futex_waitv (__NR_Linux + 449) + #define __NR_set_mempolicy_home_node (__NR_Linux + 450) + #define __NR_cachestat (__NR_Linux + 451) ++#define __NR_fchmodat2 (__NR_Linux + 452) + + #endif /* _ASM_UNISTD_N64_H */ +diff --git a/linux-headers/asm-mips/unistd_o32.h b/linux-headers/asm-mips/unistd_o32.h +index c1a5351..757c68f 100644 +--- a/linux-headers/asm-mips/unistd_o32.h ++++ b/linux-headers/asm-mips/unistd_o32.h +@@ -426,5 +426,6 @@ + #define __NR_futex_waitv (__NR_Linux + 449) + #define __NR_set_mempolicy_home_node (__NR_Linux + 450) + #define __NR_cachestat (__NR_Linux + 451) ++#define __NR_fchmodat2 (__NR_Linux + 452) + + #endif /* _ASM_UNISTD_O32_H */ +diff --git a/linux-headers/asm-powerpc/unistd_32.h b/linux-headers/asm-powerpc/unistd_32.h +index 8206758..8ef94bb 100644 +--- a/linux-headers/asm-powerpc/unistd_32.h ++++ b/linux-headers/asm-powerpc/unistd_32.h +@@ -433,6 +433,7 @@ + #define __NR_futex_waitv 449 + #define __NR_set_mempolicy_home_node 450 + #define __NR_cachestat 451 ++#define __NR_fchmodat2 452 + + + #endif /* _ASM_UNISTD_32_H */ +diff --git a/linux-headers/asm-powerpc/unistd_64.h b/linux-headers/asm-powerpc/unistd_64.h +index 7be98c1..0e7ee43 100644 +--- a/linux-headers/asm-powerpc/unistd_64.h ++++ b/linux-headers/asm-powerpc/unistd_64.h +@@ -405,6 +405,7 @@ + #define __NR_futex_waitv 449 + #define __NR_set_mempolicy_home_node 450 + #define __NR_cachestat 451 ++#define __NR_fchmodat2 452 + + + #endif /* _ASM_UNISTD_64_H */ +diff --git a/linux-headers/asm-riscv/bitsperlong.h b/linux-headers/asm-riscv/bitsperlong.h +index 6dc0bb0..cc5c45a 100644 +--- a/linux-headers/asm-riscv/bitsperlong.h ++++ b/linux-headers/asm-riscv/bitsperlong.h +@@ -1 +1,14 @@ ++/* SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note */ ++/* ++ * Copyright (C) 2012 ARM Ltd. ++ * Copyright (C) 2015 Regents of the University of California ++ */ ++ ++#ifndef _ASM_RISCV_BITSPERLONG_H ++#define _ASM_RISCV_BITSPERLONG_H ++ ++#define __BITS_PER_LONG (__SIZEOF_POINTER__ * 8) ++ + #include ++ ++#endif /* _ASM_RISCV_BITSPERLONG_H */ +diff --git a/linux-headers/asm-riscv/kvm.h b/linux-headers/asm-riscv/kvm.h +index 930fdc4..992c5e4 100644 +--- a/linux-headers/asm-riscv/kvm.h ++++ b/linux-headers/asm-riscv/kvm.h +@@ -55,6 +55,7 @@ struct kvm_riscv_config { + unsigned long marchid; + unsigned long mimpid; + unsigned long zicboz_block_size; ++ unsigned long satp_mode; + }; + + /* CORE registers for KVM_GET_ONE_REG and KVM_SET_ONE_REG */ +@@ -124,6 +125,12 @@ enum KVM_RISCV_ISA_EXT_ID { + KVM_RISCV_ISA_EXT_SSAIA, + KVM_RISCV_ISA_EXT_V, + KVM_RISCV_ISA_EXT_SVNAPOT, ++ KVM_RISCV_ISA_EXT_ZBA, ++ KVM_RISCV_ISA_EXT_ZBS, ++ KVM_RISCV_ISA_EXT_ZICNTR, ++ KVM_RISCV_ISA_EXT_ZICSR, ++ KVM_RISCV_ISA_EXT_ZIFENCEI, ++ KVM_RISCV_ISA_EXT_ZIHPM, + KVM_RISCV_ISA_EXT_MAX, + }; + +@@ -193,6 +200,15 @@ enum KVM_RISCV_SBI_EXT_ID { + + /* ISA Extension registers are mapped as type 7 */ + #define KVM_REG_RISCV_ISA_EXT (0x07 << KVM_REG_RISCV_TYPE_SHIFT) ++#define KVM_REG_RISCV_ISA_SINGLE (0x0 << KVM_REG_RISCV_SUBTYPE_SHIFT) ++#define KVM_REG_RISCV_ISA_MULTI_EN (0x1 << KVM_REG_RISCV_SUBTYPE_SHIFT) ++#define KVM_REG_RISCV_ISA_MULTI_DIS (0x2 << KVM_REG_RISCV_SUBTYPE_SHIFT) ++#define KVM_REG_RISCV_ISA_MULTI_REG(__ext_id) \ ++ ((__ext_id) / __BITS_PER_LONG) ++#define KVM_REG_RISCV_ISA_MULTI_MASK(__ext_id) \ ++ (1UL << ((__ext_id) % __BITS_PER_LONG)) ++#define KVM_REG_RISCV_ISA_MULTI_REG_LAST \ ++ KVM_REG_RISCV_ISA_MULTI_REG(KVM_RISCV_ISA_EXT_MAX - 1) + + /* SBI extension registers are mapped as type 8 */ + #define KVM_REG_RISCV_SBI_EXT (0x08 << KVM_REG_RISCV_TYPE_SHIFT) +diff --git a/linux-headers/asm-s390/kvm.h b/linux-headers/asm-s390/kvm.h +index e2afd95..023a276 100644 +--- a/linux-headers/asm-s390/kvm.h ++++ b/linux-headers/asm-s390/kvm.h +@@ -159,6 +159,22 @@ struct kvm_s390_vm_cpu_subfunc { + __u8 reserved[1728]; + }; + ++#define KVM_S390_VM_CPU_PROCESSOR_UV_FEAT_GUEST 6 ++#define KVM_S390_VM_CPU_MACHINE_UV_FEAT_GUEST 7 ++ ++#define KVM_S390_VM_CPU_UV_FEAT_NR_BITS 64 ++struct kvm_s390_vm_cpu_uv_feat { ++ union { ++ struct { ++ __u64 : 4; ++ __u64 ap : 1; /* bit 4 */ ++ __u64 ap_intr : 1; /* bit 5 */ ++ __u64 : 58; ++ }; ++ __u64 feat; ++ }; ++}; ++ + /* kvm attributes for crypto */ + #define KVM_S390_VM_CRYPTO_ENABLE_AES_KW 0 + #define KVM_S390_VM_CRYPTO_ENABLE_DEA_KW 1 +diff --git a/linux-headers/asm-s390/unistd_32.h b/linux-headers/asm-s390/unistd_32.h +index ef772cc..716fa36 100644 +--- a/linux-headers/asm-s390/unistd_32.h ++++ b/linux-headers/asm-s390/unistd_32.h +@@ -424,5 +424,6 @@ + #define __NR_futex_waitv 449 + #define __NR_set_mempolicy_home_node 450 + #define __NR_cachestat 451 ++#define __NR_fchmodat2 452 + + #endif /* _ASM_S390_UNISTD_32_H */ +diff --git a/linux-headers/asm-s390/unistd_64.h b/linux-headers/asm-s390/unistd_64.h +index 32354a0..b2a11b1 100644 +--- a/linux-headers/asm-s390/unistd_64.h ++++ b/linux-headers/asm-s390/unistd_64.h +@@ -372,5 +372,6 @@ + #define __NR_futex_waitv 449 + #define __NR_set_mempolicy_home_node 450 + #define __NR_cachestat 451 ++#define __NR_fchmodat2 452 + + #endif /* _ASM_S390_UNISTD_64_H */ +diff --git a/linux-headers/asm-x86/mman.h b/linux-headers/asm-x86/mman.h +index 775dbd3..46cdc94 100644 +--- a/linux-headers/asm-x86/mman.h ++++ b/linux-headers/asm-x86/mman.h +@@ -3,14 +3,10 @@ + #define _ASM_X86_MMAN_H + + #define MAP_32BIT 0x40 /* only give out 32bit addresses */ ++#define MAP_ABOVE4G 0x80 /* only map above 4GB */ + +-#ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS +-#define arch_calc_vm_prot_bits(prot, key) ( \ +- ((key) & 0x1 ? VM_PKEY_BIT0 : 0) | \ +- ((key) & 0x2 ? VM_PKEY_BIT1 : 0) | \ +- ((key) & 0x4 ? VM_PKEY_BIT2 : 0) | \ +- ((key) & 0x8 ? VM_PKEY_BIT3 : 0)) +-#endif ++/* Flags for map_shadow_stack(2) */ ++#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ + + #include + +diff --git a/linux-headers/asm-x86/unistd_32.h b/linux-headers/asm-x86/unistd_32.h +index 37b32d8..d749ad1 100644 +--- a/linux-headers/asm-x86/unistd_32.h ++++ b/linux-headers/asm-x86/unistd_32.h +@@ -442,6 +442,7 @@ + #define __NR_futex_waitv 449 + #define __NR_set_mempolicy_home_node 450 + #define __NR_cachestat 451 ++#define __NR_fchmodat2 452 + + + #endif /* _ASM_UNISTD_32_H */ +diff --git a/linux-headers/asm-x86/unistd_64.h b/linux-headers/asm-x86/unistd_64.h +index 5b55d67..cea6728 100644 +--- a/linux-headers/asm-x86/unistd_64.h ++++ b/linux-headers/asm-x86/unistd_64.h +@@ -364,6 +364,8 @@ + #define __NR_futex_waitv 449 + #define __NR_set_mempolicy_home_node 450 + #define __NR_cachestat 451 ++#define __NR_fchmodat2 452 ++#define __NR_map_shadow_stack 453 + + + #endif /* _ASM_UNISTD_64_H */ +diff --git a/linux-headers/asm-x86/unistd_x32.h b/linux-headers/asm-x86/unistd_x32.h +index e8a0075..5b2e79b 100644 +--- a/linux-headers/asm-x86/unistd_x32.h ++++ b/linux-headers/asm-x86/unistd_x32.h +@@ -317,6 +317,7 @@ + #define __NR_futex_waitv (__X32_SYSCALL_BIT + 449) + #define __NR_set_mempolicy_home_node (__X32_SYSCALL_BIT + 450) + #define __NR_cachestat (__X32_SYSCALL_BIT + 451) ++#define __NR_fchmodat2 (__X32_SYSCALL_BIT + 452) + #define __NR_rt_sigaction (__X32_SYSCALL_BIT + 512) + #define __NR_rt_sigreturn (__X32_SYSCALL_BIT + 513) + #define __NR_ioctl (__X32_SYSCALL_BIT + 514) +diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h +index 1f3f333..0d74ee9 100644 +--- a/linux-headers/linux/kvm.h ++++ b/linux-headers/linux/kvm.h +@@ -1414,9 +1414,16 @@ struct kvm_device_attr { + __u64 addr; /* userspace address of attr data */ + }; + +-#define KVM_DEV_VFIO_GROUP 1 +-#define KVM_DEV_VFIO_GROUP_ADD 1 +-#define KVM_DEV_VFIO_GROUP_DEL 2 ++#define KVM_DEV_VFIO_FILE 1 ++ ++#define KVM_DEV_VFIO_FILE_ADD 1 ++#define KVM_DEV_VFIO_FILE_DEL 2 ++ ++/* KVM_DEV_VFIO_GROUP aliases are for compile time uapi compatibility */ ++#define KVM_DEV_VFIO_GROUP KVM_DEV_VFIO_FILE ++ ++#define KVM_DEV_VFIO_GROUP_ADD KVM_DEV_VFIO_FILE_ADD ++#define KVM_DEV_VFIO_GROUP_DEL KVM_DEV_VFIO_FILE_DEL + #define KVM_DEV_VFIO_GROUP_SET_SPAPR_TCE 3 + + enum kvm_device_type { +diff --git a/linux-headers/linux/stddef.h b/linux-headers/linux/stddef.h +index bb6ea51..9bb0708 100644 +--- a/linux-headers/linux/stddef.h ++++ b/linux-headers/linux/stddef.h +@@ -45,3 +45,7 @@ + TYPE NAME[]; \ + } + #endif ++ ++#ifndef __counted_by ++#define __counted_by(m) ++#endif +diff --git a/linux-headers/linux/userfaultfd.h b/linux-headers/linux/userfaultfd.h +index 14e4022..59978fb 100644 +--- a/linux-headers/linux/userfaultfd.h ++++ b/linux-headers/linux/userfaultfd.h +@@ -39,7 +39,8 @@ + UFFD_FEATURE_MINOR_SHMEM | \ + UFFD_FEATURE_EXACT_ADDRESS | \ + UFFD_FEATURE_WP_HUGETLBFS_SHMEM | \ +- UFFD_FEATURE_WP_UNPOPULATED) ++ UFFD_FEATURE_WP_UNPOPULATED | \ ++ UFFD_FEATURE_POISON) + #define UFFD_API_IOCTLS \ + ((__u64)1 << _UFFDIO_REGISTER | \ + (__u64)1 << _UFFDIO_UNREGISTER | \ +@@ -49,12 +50,14 @@ + (__u64)1 << _UFFDIO_COPY | \ + (__u64)1 << _UFFDIO_ZEROPAGE | \ + (__u64)1 << _UFFDIO_WRITEPROTECT | \ +- (__u64)1 << _UFFDIO_CONTINUE) ++ (__u64)1 << _UFFDIO_CONTINUE | \ ++ (__u64)1 << _UFFDIO_POISON) + #define UFFD_API_RANGE_IOCTLS_BASIC \ + ((__u64)1 << _UFFDIO_WAKE | \ + (__u64)1 << _UFFDIO_COPY | \ ++ (__u64)1 << _UFFDIO_WRITEPROTECT | \ + (__u64)1 << _UFFDIO_CONTINUE | \ +- (__u64)1 << _UFFDIO_WRITEPROTECT) ++ (__u64)1 << _UFFDIO_POISON) + + /* + * Valid ioctl command number range with this API is from 0x00 to +@@ -71,6 +74,7 @@ + #define _UFFDIO_ZEROPAGE (0x04) + #define _UFFDIO_WRITEPROTECT (0x06) + #define _UFFDIO_CONTINUE (0x07) ++#define _UFFDIO_POISON (0x08) + #define _UFFDIO_API (0x3F) + + /* userfaultfd ioctl ids */ +@@ -91,6 +95,8 @@ + struct uffdio_writeprotect) + #define UFFDIO_CONTINUE _IOWR(UFFDIO, _UFFDIO_CONTINUE, \ + struct uffdio_continue) ++#define UFFDIO_POISON _IOWR(UFFDIO, _UFFDIO_POISON, \ ++ struct uffdio_poison) + + /* read() structure */ + struct uffd_msg { +@@ -225,6 +231,7 @@ struct uffdio_api { + #define UFFD_FEATURE_EXACT_ADDRESS (1<<11) + #define UFFD_FEATURE_WP_HUGETLBFS_SHMEM (1<<12) + #define UFFD_FEATURE_WP_UNPOPULATED (1<<13) ++#define UFFD_FEATURE_POISON (1<<14) + __u64 features; + + __u64 ioctls; +@@ -321,6 +328,18 @@ struct uffdio_continue { + __s64 mapped; + }; + ++struct uffdio_poison { ++ struct uffdio_range range; ++#define UFFDIO_POISON_MODE_DONTWAKE ((__u64)1<<0) ++ __u64 mode; ++ ++ /* ++ * Fields below here are written by the ioctl and must be at the end: ++ * the copy_from_user will not read past here. ++ */ ++ __s64 updated; ++}; ++ + /* + * Flags for the userfaultfd(2) system call itself. + */ +diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h +index 16db890..acf72b4 100644 +--- a/linux-headers/linux/vfio.h ++++ b/linux-headers/linux/vfio.h +@@ -217,6 +217,7 @@ struct vfio_device_info { + __u32 num_regions; /* Max region index + 1 */ + __u32 num_irqs; /* Max IRQ index + 1 */ + __u32 cap_offset; /* Offset within info struct of first cap */ ++ __u32 pad; + }; + #define VFIO_DEVICE_GET_INFO _IO(VFIO_TYPE, VFIO_BASE + 7) + +@@ -677,11 +678,60 @@ enum { + * VFIO_DEVICE_GET_PCI_HOT_RESET_INFO - _IOWR(VFIO_TYPE, VFIO_BASE + 12, + * struct vfio_pci_hot_reset_info) + * ++ * This command is used to query the affected devices in the hot reset for ++ * a given device. ++ * ++ * This command always reports the segment, bus, and devfn information for ++ * each affected device, and selectively reports the group_id or devid per ++ * the way how the calling device is opened. ++ * ++ * - If the calling device is opened via the traditional group/container ++ * API, group_id is reported. User should check if it has owned all ++ * the affected devices and provides a set of group fds to prove the ++ * ownership in VFIO_DEVICE_PCI_HOT_RESET ioctl. ++ * ++ * - If the calling device is opened as a cdev, devid is reported. ++ * Flag VFIO_PCI_HOT_RESET_FLAG_DEV_ID is set to indicate this ++ * data type. All the affected devices should be represented in ++ * the dev_set, ex. bound to a vfio driver, and also be owned by ++ * this interface which is determined by the following conditions: ++ * 1) Has a valid devid within the iommufd_ctx of the calling device. ++ * Ownership cannot be determined across separate iommufd_ctx and ++ * the cdev calling conventions do not support a proof-of-ownership ++ * model as provided in the legacy group interface. In this case ++ * valid devid with value greater than zero is provided in the return ++ * structure. ++ * 2) Does not have a valid devid within the iommufd_ctx of the calling ++ * device, but belongs to the same IOMMU group as the calling device ++ * or another opened device that has a valid devid within the ++ * iommufd_ctx of the calling device. This provides implicit ownership ++ * for devices within the same DMA isolation context. In this case ++ * the devid value of VFIO_PCI_DEVID_OWNED is provided in the return ++ * structure. ++ * ++ * A devid value of VFIO_PCI_DEVID_NOT_OWNED is provided in the return ++ * structure for affected devices where device is NOT represented in the ++ * dev_set or ownership is not available. Such devices prevent the use ++ * of VFIO_DEVICE_PCI_HOT_RESET ioctl outside of the proof-of-ownership ++ * calling conventions (ie. via legacy group accessed devices). Flag ++ * VFIO_PCI_HOT_RESET_FLAG_DEV_ID_OWNED would be set when all the ++ * affected devices are represented in the dev_set and also owned by ++ * the user. This flag is available only when ++ * flag VFIO_PCI_HOT_RESET_FLAG_DEV_ID is set, otherwise reserved. ++ * When set, user could invoke VFIO_DEVICE_PCI_HOT_RESET with a zero ++ * length fd array on the calling device as the ownership is validated ++ * by iommufd_ctx. ++ * + * Return: 0 on success, -errno on failure: + * -enospc = insufficient buffer, -enodev = unsupported for device. + */ + struct vfio_pci_dependent_device { +- __u32 group_id; ++ union { ++ __u32 group_id; ++ __u32 devid; ++#define VFIO_PCI_DEVID_OWNED 0 ++#define VFIO_PCI_DEVID_NOT_OWNED -1 ++ }; + __u16 segment; + __u8 bus; + __u8 devfn; /* Use PCI_SLOT/PCI_FUNC */ +@@ -690,6 +740,8 @@ struct vfio_pci_dependent_device { + struct vfio_pci_hot_reset_info { + __u32 argsz; + __u32 flags; ++#define VFIO_PCI_HOT_RESET_FLAG_DEV_ID (1 << 0) ++#define VFIO_PCI_HOT_RESET_FLAG_DEV_ID_OWNED (1 << 1) + __u32 count; + struct vfio_pci_dependent_device devices[]; + }; +@@ -700,6 +752,24 @@ struct vfio_pci_hot_reset_info { + * VFIO_DEVICE_PCI_HOT_RESET - _IOW(VFIO_TYPE, VFIO_BASE + 13, + * struct vfio_pci_hot_reset) + * ++ * A PCI hot reset results in either a bus or slot reset which may affect ++ * other devices sharing the bus/slot. The calling user must have ++ * ownership of the full set of affected devices as determined by the ++ * VFIO_DEVICE_GET_PCI_HOT_RESET_INFO ioctl. ++ * ++ * When called on a device file descriptor acquired through the vfio ++ * group interface, the user is required to provide proof of ownership ++ * of those affected devices via the group_fds array in struct ++ * vfio_pci_hot_reset. ++ * ++ * When called on a direct cdev opened vfio device, the flags field of ++ * struct vfio_pci_hot_reset_info reports the ownership status of the ++ * affected devices and this ioctl must be called with an empty group_fds ++ * array. See above INFO ioctl definition for ownership requirements. ++ * ++ * Mixed usage of legacy groups and cdevs across the set of affected ++ * devices is not supported. ++ * + * Return: 0 on success, -errno on failure. + */ + struct vfio_pci_hot_reset { +@@ -828,6 +898,83 @@ struct vfio_device_feature { + + #define VFIO_DEVICE_FEATURE _IO(VFIO_TYPE, VFIO_BASE + 17) + ++/* ++ * VFIO_DEVICE_BIND_IOMMUFD - _IOR(VFIO_TYPE, VFIO_BASE + 18, ++ * struct vfio_device_bind_iommufd) ++ * @argsz: User filled size of this data. ++ * @flags: Must be 0. ++ * @iommufd: iommufd to bind. ++ * @out_devid: The device id generated by this bind. devid is a handle for ++ * this device/iommufd bond and can be used in IOMMUFD commands. ++ * ++ * Bind a vfio_device to the specified iommufd. ++ * ++ * User is restricted from accessing the device before the binding operation ++ * is completed. Only allowed on cdev fds. ++ * ++ * Unbind is automatically conducted when device fd is closed. ++ * ++ * Return: 0 on success, -errno on failure. ++ */ ++struct vfio_device_bind_iommufd { ++ __u32 argsz; ++ __u32 flags; ++ __s32 iommufd; ++ __u32 out_devid; ++}; ++ ++#define VFIO_DEVICE_BIND_IOMMUFD _IO(VFIO_TYPE, VFIO_BASE + 18) ++ ++/* ++ * VFIO_DEVICE_ATTACH_IOMMUFD_PT - _IOW(VFIO_TYPE, VFIO_BASE + 19, ++ * struct vfio_device_attach_iommufd_pt) ++ * @argsz: User filled size of this data. ++ * @flags: Must be 0. ++ * @pt_id: Input the target id which can represent an ioas or a hwpt ++ * allocated via iommufd subsystem. ++ * Output the input ioas id or the attached hwpt id which could ++ * be the specified hwpt itself or a hwpt automatically created ++ * for the specified ioas by kernel during the attachment. ++ * ++ * Associate the device with an address space within the bound iommufd. ++ * Undo by VFIO_DEVICE_DETACH_IOMMUFD_PT or device fd close. This is only ++ * allowed on cdev fds. ++ * ++ * If a vfio device is currently attached to a valid hw_pagetable, without doing ++ * a VFIO_DEVICE_DETACH_IOMMUFD_PT, a second VFIO_DEVICE_ATTACH_IOMMUFD_PT ioctl ++ * passing in another hw_pagetable (hwpt) id is allowed. This action, also known ++ * as a hw_pagetable replacement, will replace the device's currently attached ++ * hw_pagetable with a new hw_pagetable corresponding to the given pt_id. ++ * ++ * Return: 0 on success, -errno on failure. ++ */ ++struct vfio_device_attach_iommufd_pt { ++ __u32 argsz; ++ __u32 flags; ++ __u32 pt_id; ++}; ++ ++#define VFIO_DEVICE_ATTACH_IOMMUFD_PT _IO(VFIO_TYPE, VFIO_BASE + 19) ++ ++/* ++ * VFIO_DEVICE_DETACH_IOMMUFD_PT - _IOW(VFIO_TYPE, VFIO_BASE + 20, ++ * struct vfio_device_detach_iommufd_pt) ++ * @argsz: User filled size of this data. ++ * @flags: Must be 0. ++ * ++ * Remove the association of the device and its current associated address ++ * space. After it, the device should be in a blocking DMA state. This is only ++ * allowed on cdev fds. ++ * ++ * Return: 0 on success, -errno on failure. ++ */ ++struct vfio_device_detach_iommufd_pt { ++ __u32 argsz; ++ __u32 flags; ++}; ++ ++#define VFIO_DEVICE_DETACH_IOMMUFD_PT _IO(VFIO_TYPE, VFIO_BASE + 20) ++ + /* + * Provide support for setting a PCI VF Token, which is used as a shared + * secret between PF and VF drivers. This feature may only be set on a +@@ -1304,6 +1451,7 @@ struct vfio_iommu_type1_info { + #define VFIO_IOMMU_INFO_CAPS (1 << 1) /* Info supports caps */ + __u64 iova_pgsizes; /* Bitmap of supported page sizes */ + __u32 cap_offset; /* Offset within info struct of first cap */ ++ __u32 pad; + }; + + /*