--- /dev/null
+From 64ffd2f1d00c6235dabe9704bbb0d9ce3e28147f Mon Sep 17 00:00:00 2001
+From: Mario Limonciello <mario.limonciello@amd.com>
+Date: Fri, 20 Oct 2023 10:26:29 -0500
+Subject: drm/amd: Disable ASPM for VI w/ all Intel systems
+
+From: Mario Limonciello <mario.limonciello@amd.com>
+
+commit 64ffd2f1d00c6235dabe9704bbb0d9ce3e28147f upstream.
+
+Originally we were quirking ASPM disabled specifically for VI when
+used with Alder Lake, but it appears to have problems with Rocket
+Lake as well.
+
+Like we've done in the case of dpm for newer platforms, disable
+ASPM for all Intel systems.
+
+Cc: stable@vger.kernel.org # 5.15+
+Fixes: 0064b0ce85bb ("drm/amd/pm: enable ASPM by default")
+Reported-and-tested-by: Paolo Gentili <paolo.gentili@canonical.com>
+Closes: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2036742
+Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
+Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/amdgpu/vi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/amd/amdgpu/vi.c
++++ b/drivers/gpu/drm/amd/amdgpu/vi.c
+@@ -1147,7 +1147,7 @@ static void vi_program_aspm(struct amdgp
+ bool bL1SS = false;
+ bool bClkReqSupport = true;
+
+- if (!amdgpu_device_should_use_aspm(adev) || !amdgpu_device_aspm_support_quirk())
++ if (!amdgpu_device_should_use_aspm(adev) || !amdgpu_device_pcie_dynamic_switching_supported())
+ return;
+
+ if (adev->flags & AMD_IS_APU ||
--- /dev/null
+From 4cbed7702eb775cca22fff6827a549092cb59f61 Mon Sep 17 00:00:00 2001
+From: Umesh Nerlige Ramappa <umesh.nerlige.ramappa@intel.com>
+Date: Fri, 20 Oct 2023 08:24:41 -0700
+Subject: drm/i915/pmu: Check if pmu is closed before stopping event
+
+From: Umesh Nerlige Ramappa <umesh.nerlige.ramappa@intel.com>
+
+commit 4cbed7702eb775cca22fff6827a549092cb59f61 upstream.
+
+When the driver unbinds, pmu is unregistered and i915->uabi_engines is
+set to RB_ROOT. Due to this, when i915 PMU tries to stop the engine
+events, it issues a warn_on because engine lookup fails.
+
+All perf hooks are taking care of this using a pmu->closed flag that is
+set when PMU unregisters. The stop event seems to have been left out.
+
+Check for pmu->closed in pmu_event_stop as well.
+
+Based on discussion here -
+https://patchwork.freedesktop.org/patch/492079/?series=105790&rev=2
+
+v2: s/is/if/ in commit title
+v3: Add fixes tag and cc stable
+
+Cc: <stable@vger.kernel.org> # v5.11+
+Fixes: b00bccb3f0bb ("drm/i915/pmu: Handle PCI unbind")
+Signed-off-by: Umesh Nerlige Ramappa <umesh.nerlige.ramappa@intel.com>
+Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
+Reviewed-by: Andi Shyti <andi.shyti@linux.intel.com>
+Signed-off-by: Andi Shyti <andi.shyti@linux.intel.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20231020152441.3764850-1-umesh.nerlige.ramappa@intel.com
+(cherry picked from commit 31f6a06f0c543b43a38fab10f39e5fc45ad62aa2)
+Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/i915/i915_pmu.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/drivers/gpu/drm/i915/i915_pmu.c
++++ b/drivers/gpu/drm/i915/i915_pmu.c
+@@ -761,9 +761,18 @@ static void i915_pmu_event_start(struct
+
+ static void i915_pmu_event_stop(struct perf_event *event, int flags)
+ {
++ struct drm_i915_private *i915 =
++ container_of(event->pmu, typeof(*i915), pmu.base);
++ struct i915_pmu *pmu = &i915->pmu;
++
++ if (pmu->closed)
++ goto out;
++
+ if (flags & PERF_EF_UPDATE)
+ i915_pmu_event_read(event);
+ i915_pmu_disable(event);
++
++out:
+ event->hw.state = PERF_HES_STOPPED;
+ }
+
--- /dev/null
+From 229e2253766c7cdfe024f1fe280020cc4711087c Mon Sep 17 00:00:00 2001
+From: Gregory Price <gourry.memverge@gmail.com>
+Date: Tue, 3 Oct 2023 10:48:56 -0400
+Subject: mm/migrate: fix do_pages_move for compat pointers
+
+From: Gregory Price <gourry.memverge@gmail.com>
+
+commit 229e2253766c7cdfe024f1fe280020cc4711087c upstream.
+
+do_pages_move does not handle compat pointers for the page list.
+correctly. Add in_compat_syscall check and appropriate get_user fetch
+when iterating the page list.
+
+It makes the syscall in compat mode (32-bit userspace, 64-bit kernel)
+work the same way as the native 32-bit syscall again, restoring the
+behavior before my broken commit 5b1b561ba73c ("mm: simplify
+compat_sys_move_pages").
+
+More specifically, my patch moved the parsing of the 'pages' array from
+the main entry point into do_pages_stat(), which left the syscall
+working correctly for the 'stat' operation (nodes = NULL), while the
+'move' operation (nodes != NULL) is now missing the conversion and
+interprets 'pages' as an array of 64-bit pointers instead of the
+intended 32-bit userspace pointers.
+
+It is possible that nobody noticed this bug because the few
+applications that actually call move_pages are unlikely to run in
+compat mode because of their large memory requirements, but this
+clearly fixes a user-visible regression and should have been caught by
+ltp.
+
+Link: https://lkml.kernel.org/r/20231003144857.752952-1-gregory.price@memverge.com
+Fixes: 5b1b561ba73c ("mm: simplify compat_sys_move_pages")
+Signed-off-by: Gregory Price <gregory.price@memverge.com>
+Reported-by: Arnd Bergmann <arnd@arndb.de>
+Co-developed-by: Arnd Bergmann <arnd@arndb.de>
+Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/migrate.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+--- a/mm/migrate.c
++++ b/mm/migrate.c
+@@ -1788,6 +1788,7 @@ static int do_pages_move(struct mm_struc
+ const int __user *nodes,
+ int __user *status, int flags)
+ {
++ compat_uptr_t __user *compat_pages = (void __user *)pages;
+ int current_node = NUMA_NO_NODE;
+ LIST_HEAD(pagelist);
+ int start, i;
+@@ -1801,8 +1802,17 @@ static int do_pages_move(struct mm_struc
+ int node;
+
+ err = -EFAULT;
+- if (get_user(p, pages + i))
+- goto out_flush;
++ if (in_compat_syscall()) {
++ compat_uptr_t cp;
++
++ if (get_user(cp, compat_pages + i))
++ goto out_flush;
++
++ p = compat_ptr(cp);
++ } else {
++ if (get_user(p, pages + i))
++ goto out_flush;
++ }
+ if (get_user(node, nodes + i))
+ goto out_flush;
+ addr = (unsigned long)untagged_addr(p);
--- /dev/null
+From 61e21cf2d2c3cc5e60e8d0a62a77e250fccda62c Mon Sep 17 00:00:00 2001
+From: Kemeng Shi <shikemeng@huaweicloud.com>
+Date: Wed, 27 Sep 2023 17:44:01 +0800
+Subject: mm/page_alloc: correct start page when guard page debug is enabled
+
+From: Kemeng Shi <shikemeng@huaweicloud.com>
+
+commit 61e21cf2d2c3cc5e60e8d0a62a77e250fccda62c upstream.
+
+When guard page debug is enabled and set_page_guard returns success, we
+miss to forward page to point to start of next split range and we will do
+split unexpectedly in page range without target page. Move start page
+update before set_page_guard to fix this.
+
+As we split to wrong target page, then splited pages are not able to merge
+back to original order when target page is put back and splited pages
+except target page is not usable. To be specific:
+
+Consider target page is the third page in buddy page with order 2.
+| buddy-2 | Page | Target | Page |
+
+After break down to target page, we will only set first page to Guard
+because of bug.
+| Guard | Page | Target | Page |
+
+When we try put_page_back_buddy with target page, the buddy page of target
+if neither guard nor buddy, Then it's not able to construct original page
+with order 2
+| Guard | Page | buddy-0 | Page |
+
+All pages except target page is not in free list and is not usable.
+
+Link: https://lkml.kernel.org/r/20230927094401.68205-1-shikemeng@huaweicloud.com
+Fixes: 06be6ff3d2ec ("mm,hwpoison: rework soft offline for free pages")
+Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com>
+Acked-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
+Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
+Cc: Oscar Salvador <osalvador@suse.de>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/page_alloc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/page_alloc.c
++++ b/mm/page_alloc.c
+@@ -9481,6 +9481,7 @@ static void break_down_buddy_pages(struc
+ next_page = page;
+ current_buddy = page + size;
+ }
++ page = next_page;
+
+ if (set_page_guard(zone, current_buddy, high, migratetype))
+ continue;
+@@ -9488,7 +9489,6 @@ static void break_down_buddy_pages(struc
+ if (current_buddy != target) {
+ add_to_free_list(current_buddy, zone, high, migratetype);
+ set_buddy_order(current_buddy, high);
+- page = next_page;
+ }
+ }
+ }
--- /dev/null
+From 1aee9158bc978f91701c5992e395efbc6da2de3c Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Sat, 14 Oct 2023 21:34:40 -0400
+Subject: nfsd: lock_rename() needs both directories to live on the same fs
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 1aee9158bc978f91701c5992e395efbc6da2de3c upstream.
+
+... checking that after lock_rename() is too late. Incidentally,
+NFSv2 had no nfserr_xdev...
+
+Fixes: aa387d6ce153 "nfsd: fix EXDEV checking in rename"
+Cc: stable@vger.kernel.org # v3.9+
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Acked-by: Chuck Lever <chuck.lever@oracle.com>
+Tested-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfsd/vfs.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/fs/nfsd/vfs.c
++++ b/fs/nfsd/vfs.c
+@@ -1762,6 +1762,12 @@ nfsd_rename(struct svc_rqst *rqstp, stru
+ if (!flen || isdotent(fname, flen) || !tlen || isdotent(tname, tlen))
+ goto out;
+
++ err = (rqstp->rq_vers == 2) ? nfserr_acces : nfserr_xdev;
++ if (ffhp->fh_export->ex_path.mnt != tfhp->fh_export->ex_path.mnt)
++ goto out;
++ if (ffhp->fh_export->ex_path.dentry != tfhp->fh_export->ex_path.dentry)
++ goto out;
++
+ retry:
+ host_err = fh_want_write(ffhp);
+ if (host_err) {
+@@ -1796,12 +1802,6 @@ retry:
+ if (ndentry == trap)
+ goto out_dput_new;
+
+- host_err = -EXDEV;
+- if (ffhp->fh_export->ex_path.mnt != tfhp->fh_export->ex_path.mnt)
+- goto out_dput_new;
+- if (ffhp->fh_export->ex_path.dentry != tfhp->fh_export->ex_path.dentry)
+- goto out_dput_new;
+-
+ if ((ndentry->d_sb->s_export_op->flags & EXPORT_OP_CLOSE_BEFORE_UNLINK) &&
+ nfsd_has_cached_files(ndentry)) {
+ close_cached = true;
mptcp-more-conservative-check-for-zero-probes.patch
mcb-return-actual-parsed-size-when-reading-chameleon.patch
mcb-lpc-reallocate-memory-region-to-avoid-memory-ove.patch
+virtio_balloon-fix-endless-deflation-and-inflation-on-arm64.patch
+virtio-mmio-fix-memory-leak-of-vm_dev.patch
+vhost-allow-null-msg.size-on-vhost_iotlb_invalidate.patch
+mm-page_alloc-correct-start-page-when-guard-page-debug-is-enabled.patch
+mm-migrate-fix-do_pages_move-for-compat-pointers.patch
+nfsd-lock_rename-needs-both-directories-to-live-on-the-same-fs.patch
+drm-i915-pmu-check-if-pmu-is-closed-before-stopping-event.patch
+drm-amd-disable-aspm-for-vi-w-all-intel-systems.patch
--- /dev/null
+From ca50ec377c2e94b0a9f8735de2856cd0f13beab4 Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Wed, 27 Sep 2023 16:05:44 +0200
+Subject: vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE
+
+From: Eric Auger <eric.auger@redhat.com>
+
+commit ca50ec377c2e94b0a9f8735de2856cd0f13beab4 upstream.
+
+Commit e2ae38cf3d91 ("vhost: fix hung thread due to erroneous iotlb
+entries") Forbade vhost iotlb msg with null size to prevent entries
+with size = start = 0 and last = ULONG_MAX to end up in the iotlb.
+
+Then commit 95932ab2ea07 ("vhost: allow batching hint without size")
+only applied the check for VHOST_IOTLB_UPDATE and VHOST_IOTLB_INVALIDATE
+message types to fix a regression observed with batching hit.
+
+Still, the introduction of that check introduced a regression for
+some users attempting to invalidate the whole ULONG_MAX range by
+setting the size to 0. This is the case with qemu/smmuv3/vhost
+integration which does not work anymore. It Looks safe to partially
+revert the original commit and allow VHOST_IOTLB_INVALIDATE messages
+with null size. vhost_iotlb_del_range() will compute a correct end
+iova. Same for vhost_vdpa_iotlb_unmap().
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Fixes: e2ae38cf3d91 ("vhost: fix hung thread due to erroneous iotlb entries")
+Cc: stable@vger.kernel.org # v5.17+
+Acked-by: Jason Wang <jasowang@redhat.com>
+Message-Id: <20230927140544.205088-1-eric.auger@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/vhost/vhost.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/drivers/vhost/vhost.c
++++ b/drivers/vhost/vhost.c
+@@ -1171,9 +1171,7 @@ ssize_t vhost_chr_write_iter(struct vhos
+ goto done;
+ }
+
+- if ((msg.type == VHOST_IOTLB_UPDATE ||
+- msg.type == VHOST_IOTLB_INVALIDATE) &&
+- msg.size == 0) {
++ if (msg.type == VHOST_IOTLB_UPDATE && msg.size == 0) {
+ ret = -EINVAL;
+ goto done;
+ }
--- /dev/null
+From fab7f259227b8f70aa6d54e1de1a1f5f4729041c Mon Sep 17 00:00:00 2001
+From: Maximilian Heyne <mheyne@amazon.de>
+Date: Mon, 11 Sep 2023 09:03:29 +0000
+Subject: virtio-mmio: fix memory leak of vm_dev
+
+From: Maximilian Heyne <mheyne@amazon.de>
+
+commit fab7f259227b8f70aa6d54e1de1a1f5f4729041c upstream.
+
+With the recent removal of vm_dev from devres its memory is only freed
+via the callback virtio_mmio_release_dev. However, this only takes
+effect after device_add is called by register_virtio_device. Until then
+it's an unmanaged resource and must be explicitly freed on error exit.
+
+This bug was discovered and resolved using Coverity Static Analysis
+Security Testing (SAST) by Synopsys, Inc.
+
+Cc: stable@vger.kernel.org
+Fixes: 55c91fedd03d ("virtio-mmio: don't break lifecycle of vm_dev")
+Signed-off-by: Maximilian Heyne <mheyne@amazon.de>
+Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
+Tested-by: Catalin Marinas <catalin.marinas@arm.com>
+Reviewed-by: Xuan Zhuo <xuanzhuo@linux.alibaba.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+Message-Id: <20230911090328.40538-1-mheyne@amazon.de>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
+---
+ drivers/virtio/virtio_mmio.c | 19 ++++++++++++++-----
+ 1 file changed, 14 insertions(+), 5 deletions(-)
+
+--- a/drivers/virtio/virtio_mmio.c
++++ b/drivers/virtio/virtio_mmio.c
+@@ -596,14 +596,17 @@ static int virtio_mmio_probe(struct plat
+ spin_lock_init(&vm_dev->lock);
+
+ vm_dev->base = devm_platform_ioremap_resource(pdev, 0);
+- if (IS_ERR(vm_dev->base))
+- return PTR_ERR(vm_dev->base);
++ if (IS_ERR(vm_dev->base)) {
++ rc = PTR_ERR(vm_dev->base);
++ goto free_vm_dev;
++ }
+
+ /* Check magic value */
+ magic = readl(vm_dev->base + VIRTIO_MMIO_MAGIC_VALUE);
+ if (magic != ('v' | 'i' << 8 | 'r' << 16 | 't' << 24)) {
+ dev_warn(&pdev->dev, "Wrong magic value 0x%08lx!\n", magic);
+- return -ENODEV;
++ rc = -ENODEV;
++ goto free_vm_dev;
+ }
+
+ /* Check device version */
+@@ -611,7 +614,8 @@ static int virtio_mmio_probe(struct plat
+ if (vm_dev->version < 1 || vm_dev->version > 2) {
+ dev_err(&pdev->dev, "Version %ld not supported!\n",
+ vm_dev->version);
+- return -ENXIO;
++ rc = -ENXIO;
++ goto free_vm_dev;
+ }
+
+ vm_dev->vdev.id.device = readl(vm_dev->base + VIRTIO_MMIO_DEVICE_ID);
+@@ -620,7 +624,8 @@ static int virtio_mmio_probe(struct plat
+ * virtio-mmio device with an ID 0 is a (dummy) placeholder
+ * with no function. End probing now with no error reported.
+ */
+- return -ENODEV;
++ rc = -ENODEV;
++ goto free_vm_dev;
+ }
+ vm_dev->vdev.id.vendor = readl(vm_dev->base + VIRTIO_MMIO_VENDOR_ID);
+
+@@ -650,6 +655,10 @@ static int virtio_mmio_probe(struct plat
+ put_device(&vm_dev->vdev.dev);
+
+ return rc;
++
++free_vm_dev:
++ kfree(vm_dev);
++ return rc;
+ }
+
+ static int virtio_mmio_remove(struct platform_device *pdev)
--- /dev/null
+From 07622bd415639e9709579f400afd19e7e9866e5e Mon Sep 17 00:00:00 2001
+From: Gavin Shan <gshan@redhat.com>
+Date: Thu, 31 Aug 2023 11:10:07 +1000
+Subject: virtio_balloon: Fix endless deflation and inflation on arm64
+
+From: Gavin Shan <gshan@redhat.com>
+
+commit 07622bd415639e9709579f400afd19e7e9866e5e upstream.
+
+The deflation request to the target, which isn't unaligned to the
+guest page size causes endless deflation and inflation actions. For
+example, we receive the flooding QMP events for the changes on memory
+balloon's size after a deflation request to the unaligned target is
+sent for the ARM64 guest, where we have 64KB base page size.
+
+ /home/gavin/sandbox/qemu.main/build/qemu-system-aarch64 \
+ -accel kvm -machine virt,gic-version=host -cpu host \
+ -smp maxcpus=8,cpus=8,sockets=2,clusters=2,cores=2,threads=1 \
+ -m 1024M,slots=16,maxmem=64G \
+ -object memory-backend-ram,id=mem0,size=512M \
+ -object memory-backend-ram,id=mem1,size=512M \
+ -numa node,nodeid=0,memdev=mem0,cpus=0-3 \
+ -numa node,nodeid=1,memdev=mem1,cpus=4-7 \
+ : \
+ -device virtio-balloon-pci,id=balloon0,bus=pcie.10
+
+ { "execute" : "balloon", "arguments": { "value" : 1073672192 } }
+ {"return": {}}
+ {"timestamp": {"seconds": 1693272173, "microseconds": 88667}, \
+ "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}}
+ {"timestamp": {"seconds": 1693272174, "microseconds": 89704}, \
+ "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}}
+ {"timestamp": {"seconds": 1693272175, "microseconds": 90819}, \
+ "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}}
+ {"timestamp": {"seconds": 1693272176, "microseconds": 91961}, \
+ "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}}
+ {"timestamp": {"seconds": 1693272177, "microseconds": 93040}, \
+ "event": "BALLOON_CHANGE", "data": {"actual": 1073676288}}
+ {"timestamp": {"seconds": 1693272178, "microseconds": 94117}, \
+ "event": "BALLOON_CHANGE", "data": {"actual": 1073676288}}
+ {"timestamp": {"seconds": 1693272179, "microseconds": 95337}, \
+ "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}}
+ {"timestamp": {"seconds": 1693272180, "microseconds": 96615}, \
+ "event": "BALLOON_CHANGE", "data": {"actual": 1073676288}}
+ {"timestamp": {"seconds": 1693272181, "microseconds": 97626}, \
+ "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}}
+ {"timestamp": {"seconds": 1693272182, "microseconds": 98693}, \
+ "event": "BALLOON_CHANGE", "data": {"actual": 1073676288}}
+ {"timestamp": {"seconds": 1693272183, "microseconds": 99698}, \
+ "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}}
+ {"timestamp": {"seconds": 1693272184, "microseconds": 100727}, \
+ "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}}
+ {"timestamp": {"seconds": 1693272185, "microseconds": 90430}, \
+ "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}}
+ {"timestamp": {"seconds": 1693272186, "microseconds": 102999}, \
+ "event": "BALLOON_CHANGE", "data": {"actual": 1073676288}}
+ :
+ <The similar QMP events repeat>
+
+Fix it by aligning the target up to the guest page size, 64KB in this
+specific case. With this applied, no flooding QMP events are observed
+and the memory balloon's size can be stablizied to 0x3ffe0000 soon
+after the deflation request is sent.
+
+ { "execute" : "balloon", "arguments": { "value" : 1073672192 } }
+ {"return": {}}
+ {"timestamp": {"seconds": 1693273328, "microseconds": 793075}, \
+ "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}}
+ { "execute" : "query-balloon" }
+ {"return": {"actual": 1073610752}}
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Gavin Shan <gshan@redhat.com>
+Tested-by: Zhenyu Zhang <zhenyzha@redhat.com>
+Message-Id: <20230831011007.1032822-1-gshan@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: David Hildenbrand <david@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/virtio/virtio_balloon.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/drivers/virtio/virtio_balloon.c
++++ b/drivers/virtio/virtio_balloon.c
+@@ -402,7 +402,11 @@ static inline s64 towards_target(struct
+ virtio_cread_le(vb->vdev, struct virtio_balloon_config, num_pages,
+ &num_pages);
+
+- target = num_pages;
++ /*
++ * Aligned up to guest page size to avoid inflating and deflating
++ * balloon endlessly.
++ */
++ target = ALIGN(num_pages, VIRTIO_BALLOON_PAGES_PER_PAGE);
+ return target - vb->num_pages;
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
