libkrun · slp · Jun 1, 2026 · May 18, 2026 · May 18, 2026
@@ -6,8 +6,8 @@ KERNEL_PATCHES = $(shell find patches/ -name "0*.patch" | sort)
 KERNEL_C_BUNDLE = kernel.c
 
 ABI_VERSION = 5
-FULL_VERSION = 5.4.0
-TIMESTAMP = "Fri May  8 14:25:15 CEST 2026"
+FULL_VERSION = 5.4.1
+TIMESTAMP = "Mon May 18 08:49:58 CEST 2026"
 
 KERNEL_FLAGS = KBUILD_BUILD_TIMESTAMP=$(TIMESTAMP)
 KERNEL_FLAGS += KBUILD_BUILD_USER=root

@@ -1,4 +1,4 @@
-From ff5dbd901b0688a006fafcba07449d4a116b7317 Mon Sep 17 00:00:00 2001
+From 1b8951549a0a2f83eaad338de50b91294cfbeb13 Mon Sep 17 00:00:00 2001
 From: Sergio Lopez <slp@sinrega.org>
 Date: Fri, 10 Sep 2021 13:05:01 +0200
 Subject: [PATCH 1/4] virtio: enable DMA API if memory is restricted

@@ -1,4 +1,4 @@
-From dd2119161ec3510a5ca2946dcadd5043f19ff4ed Mon Sep 17 00:00:00 2001
+From a8f382f4f103c2b8407877982c3259d95bc32a01 Mon Sep 17 00:00:00 2001
 From: Sergio Lopez <slp@redhat.com>
 Date: Thu, 20 Oct 2022 10:23:16 +0200
 Subject: [PATCH 2/4] x86/sev: write AP reset vector

@@ -1,4 +1,4 @@
-From 45bce0f81b5111fac6e6979a8709e8bd87661ef4 Mon Sep 17 00:00:00 2001
+From 4147420d99395414ccf3daa60c83462d21246a03 Mon Sep 17 00:00:00 2001
 From: Sergio Lopez <slp@redhat.com>
 Date: Wed, 3 Aug 2022 12:35:12 +0200
 Subject: [PATCH 3/4] Implement driver to retrieve secrets from cmdline

@@ -1,4 +1,4 @@
-From 126c045600e62f2e1bda8568cee52de30b6d0aff Mon Sep 17 00:00:00 2001
+From 9929b02ac95570117dc150386109a2a23538ceba Mon Sep 17 00:00:00 2001
 From: Sergio Lopez <slp@redhat.com>
 Date: Wed, 5 Jun 2024 16:20:08 +0200
 Subject: [PATCH 4/4] x86/sev: Avoid using native_cpuid

@@ -1,7 +1,7 @@
 From db20a79e5810bc9fc77655acde5c8e13e7942ba9 Mon Sep 17 00:00:00 2001
 From: Sergio Lopez <slp@redhat.com>
 Date: Thu, 2 Mar 2023 07:34:49 +0100
-Subject: [PATCH 01/32] krunfw: Don't panic when init dies
+Subject: [PATCH 01/34] krunfw: Don't panic when init dies
 
 In libkrun, the isolated process runs as PID 1. When it exits,
 trigger an orderly reboot instead of panic'ing.

@@ -1,7 +1,7 @@
 From 2e7df3e03121c97e16bb72de31e8b5ba9908971a Mon Sep 17 00:00:00 2001
 From: Sergio Lopez <slp@redhat.com>
 Date: Mon, 16 May 2022 16:04:27 +0200
-Subject: [PATCH 02/32] krunfw: Ignore run_cmd on orderly reboot
+Subject: [PATCH 02/34] krunfw: Ignore run_cmd on orderly reboot
 
 We don't really support restarting the conventional way, so ignore
 "run_cmd" so we can fall back to an emergency sync and reboot.

@@ -1,7 +1,7 @@
 From 8ca8db16da5001752ca7d782a60d9af85e7899b7 Mon Sep 17 00:00:00 2001
 From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
 Date: Sat, 10 Jun 2023 00:58:28 +0000
-Subject: [PATCH 03/32] vsock/dgram: generalize recvmsg and drop
+Subject: [PATCH 03/34] vsock/dgram: generalize recvmsg and drop
  transport->dgram_dequeue
 
 This commit drops the transport->dgram_dequeue callback and makes

@@ -1,7 +1,7 @@
 From 0530d4f1e7c9112d492330d74bab3426ef4f5cf6 Mon Sep 17 00:00:00 2001
 From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
 Date: Sat, 10 Jun 2023 00:58:29 +0000
-Subject: [PATCH 04/32] vsock: refactor transport lookup code
+Subject: [PATCH 04/34] vsock: refactor transport lookup code
 
 Introduce new reusable function vsock_connectible_lookup_transport()
 that performs the transport lookup logic.

@@ -1,7 +1,7 @@
 From 365643863f3166d827024d4b6067222a6453d015 Mon Sep 17 00:00:00 2001
 From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
 Date: Sat, 10 Jun 2023 00:58:30 +0000
-Subject: [PATCH 05/32] vsock: support multi-transport datagrams
+Subject: [PATCH 05/34] vsock: support multi-transport datagrams
 
 This patch adds support for multi-transport datagrams.
 

@@ -1,7 +1,7 @@
 From cc6d6e946fdfd0e5aa2e1a9a1c6f4ecc199c2181 Mon Sep 17 00:00:00 2001
 From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
 Date: Sat, 10 Jun 2023 00:58:31 +0000
-Subject: [PATCH 06/32] vsock: make vsock bind reusable
+Subject: [PATCH 06/34] vsock: make vsock bind reusable
 
 This commit makes the bind table management functions in vsock usable
 for different bind tables. For use by datagrams in a future patch.

@@ -1,7 +1,7 @@
 From 33ddfd0056365235338e46e289657fc1c1355bc2 Mon Sep 17 00:00:00 2001
 From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
 Date: Sat, 10 Jun 2023 00:58:32 +0000
-Subject: [PATCH 07/32] virtio/vsock: add VIRTIO_VSOCK_F_DGRAM feature bit
+Subject: [PATCH 07/34] virtio/vsock: add VIRTIO_VSOCK_F_DGRAM feature bit
 
 This commit adds a feature bit for virtio vsock to support datagrams.
 

@@ -1,7 +1,7 @@
 From 2883434bdf71f2441c1d34788fb138c010533254 Mon Sep 17 00:00:00 2001
 From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
 Date: Sat, 10 Jun 2023 00:58:33 +0000
-Subject: [PATCH 08/32] virtio/vsock: support dgrams
+Subject: [PATCH 08/34] virtio/vsock: support dgrams
 
 This commit adds support for datagrams over virtio/vsock.
 

@@ -0,0 +1,55 @@
+From 43fbbbc07f1ababcbfb305548aacdb5711dacf80 Mon Sep 17 00:00:00 2001
+From: Xuewei Niu <niuxuewei.nxw@antgroup.com>
+Date: Tue, 8 Jul 2025 14:36:12 +0800
+Subject: [PATCH 09/34] vsock: Add support for SIOCINQ ioctl
+
+Add support for SIOCINQ ioctl, indicating the length of bytes unread in the
+socket. The value is obtained from `vsock_stream_has_data()`.
+
+Signed-off-by: Xuewei Niu <niuxuewei.nxw@antgroup.com>
+Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
+Reviewed-by: Luigi Leonardi <leonardi@redhat.com>
+Link: https://patch.msgid.link/20250708-siocinq-v6-2-3775f9a9e359@antgroup.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+(cherry picked from commit f7c72265927540fb24c99fee8a54da7db537656c)
+Signed-off-by: Sergio Lopez <slp@redhat.com>
+---
+ net/vmw_vsock/af_vsock.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
+index e949c9892c2c..23700ee6d732 100644
+--- a/net/vmw_vsock/af_vsock.c
++++ b/net/vmw_vsock/af_vsock.c
+@@ -1545,6 +1545,28 @@ static int vsock_do_ioctl(struct socket *sock, unsigned int cmd,
+ 	vsk = vsock_sk(sk);
+
+ 	switch (cmd) {
++	case SIOCINQ: {
++		ssize_t n_bytes;
++
++		if (!vsk->transport) {
++			ret = -EOPNOTSUPP;
++			break;
++		}
++
++		if (sock_type_connectible(sk->sk_type) &&
++		    sk->sk_state == TCP_LISTEN) {
++			ret = -EINVAL;
++			break;
++		}
++
++		n_bytes = vsock_stream_has_data(vsk);
++		if (n_bytes < 0) {
++			ret = n_bytes;
++			break;
++		}
++		ret = put_user(n_bytes, arg);
++		break;
++	}
+ 	case SIOCOUTQ: {
+ 		ssize_t n_bytes;
+
+-- 
+2.54.0
+
@@ -0,0 +1,133 @@
+From dcebe73b6fe14c1eb1c098c58dbcac9edc1df508 Mon Sep 17 00:00:00 2001
+From: Sergio Lopez <slp@redhat.com>
+Date: Thu, 28 May 2026 11:43:46 +0200
+Subject: [PATCH 10/34] virtio/vsock: implement has_data for DGRAM
+
+Signed-off-by: Sergio Lopez <slp@redhat.com>
+---
+ include/linux/virtio_vsock.h            |  1 +
+ include/net/af_vsock.h                  |  2 ++
+ net/vmw_vsock/af_vsock.c                | 15 ++++++++++++++-
+ net/vmw_vsock/virtio_transport.c        |  1 +
+ net/vmw_vsock/virtio_transport_common.c | 15 +++++++++++++++
+ net/vmw_vsock/vsock_loopback.c          |  1 +
+ 6 files changed, 34 insertions(+), 1 deletion(-)
+
+diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h
+index e3d7afa29894..34220effc4b0 100644
+--- a/include/linux/virtio_vsock.h
++++ b/include/linux/virtio_vsock.h
+@@ -215,6 +215,7 @@ ssize_t
+ virtio_transport_seqpacket_dequeue(struct vsock_sock *vsk,
+ 				   struct msghdr *msg,
+ 				   int flags);
++s64 virtio_transport_dgram_has_data(struct vsock_sock *vsk);
+ s64 virtio_transport_stream_has_data(struct vsock_sock *vsk);
+ s64 virtio_transport_stream_has_space(struct vsock_sock *vsk);
+ u32 virtio_transport_seqpacket_has_data(struct vsock_sock *vsk);
+diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h
+index 5f93bb290a83..45469aa8cf60 100644
+--- a/include/net/af_vsock.h
++++ b/include/net/af_vsock.h
+@@ -76,6 +76,7 @@ struct vsock_sock {
+ };
+
+ s64 vsock_connectible_has_data(struct vsock_sock *vsk);
++s64 vsock_dgram_has_data(struct vsock_sock *vsk);
+ s64 vsock_stream_has_data(struct vsock_sock *vsk);
+ s64 vsock_stream_has_space(struct vsock_sock *vsk);
+ struct sock *vsock_create_connected(struct sock *parent);
+@@ -134,6 +135,7 @@ struct vsock_transport {
+ 	 * header.
+ 	 */
+ 	const size_t dgram_payload_offset;
++	s64 (*dgram_has_data)(struct vsock_sock *);
+
+ 	/* STREAM. */
+ 	/* TODO: stream_bind() */
+diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
+index 23700ee6d732..ebd995fc6f5d 100644
+--- a/net/vmw_vsock/af_vsock.c
++++ b/net/vmw_vsock/af_vsock.c
+@@ -1007,6 +1007,15 @@ s64 vsock_stream_has_data(struct vsock_sock *vsk)
+ }
+ EXPORT_SYMBOL_GPL(vsock_stream_has_data);
+
++s64 vsock_dgram_has_data(struct vsock_sock *vsk)
++{
++	if (WARN_ON(!vsk->transport))
++		return 0;
++
++	return vsk->transport->dgram_has_data(vsk);
++}
++EXPORT_SYMBOL_GPL(vsock_dgram_has_data);
++
+ s64 vsock_connectible_has_data(struct vsock_sock *vsk)
+ {
+ 	struct sock *sk = sk_vsock(vsk);
+@@ -1559,7 +1568,11 @@ static int vsock_do_ioctl(struct socket *sock, unsigned int cmd,
+ 			break;
+ 		}
+
+-		n_bytes = vsock_stream_has_data(vsk);
++		if (sk->sk_type == SOCK_DGRAM)
++			n_bytes = vsock_dgram_has_data(vsk);
++		else
++			n_bytes = vsock_stream_has_data(vsk);
++
+ 		if (n_bytes < 0) {
+ 			ret = n_bytes;
+ 			break;
+diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c
+index 58d15edd296e..43eeeb32a318 100644
+--- a/net/vmw_vsock/virtio_transport.c
++++ b/net/vmw_vsock/virtio_transport.c
+@@ -558,6 +558,7 @@ static struct virtio_transport virtio_transport = {
+ 		.dgram_get_cid		  = virtio_transport_dgram_get_cid,
+ 		.dgram_get_port		  = virtio_transport_dgram_get_port,
+ 		.dgram_get_length	  = virtio_transport_dgram_get_length,
++		.dgram_has_data		  = virtio_transport_dgram_has_data,
+
+ 		.stream_dequeue           = virtio_transport_stream_dequeue,
+ 		.stream_enqueue           = virtio_transport_stream_enqueue,
+diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
+index b3ee9ce90b5d..2cae5e2295b1 100644
+--- a/net/vmw_vsock/virtio_transport_common.c
++++ b/net/vmw_vsock/virtio_transport_common.c
+@@ -907,6 +907,21 @@ int virtio_transport_dgram_get_length(struct sk_buff *skb, size_t *len)
+ }
+ EXPORT_SYMBOL_GPL(virtio_transport_dgram_get_length);
+
++s64 virtio_transport_dgram_has_data(struct vsock_sock *vsk)
++{
++	struct sock *sk = sk_vsock(vsk);
++	struct sk_buff *skb;
++	s64 bytes = 0;
++
++	spin_lock_bh(&sk->sk_receive_queue.lock);
++	skb_queue_walk(&sk->sk_receive_queue, skb)
++		bytes += skb->len;
++	spin_unlock_bh(&sk->sk_receive_queue.lock);
++
++	return bytes;
++}
++EXPORT_SYMBOL_GPL(virtio_transport_dgram_has_data);
++
+ s64 virtio_transport_stream_has_data(struct vsock_sock *vsk)
+ {
+ 	struct virtio_vsock_sock *vvs = vsk->trans;
+diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c
+index b3066c854bb9..09e6162030b0 100644
+--- a/net/vmw_vsock/vsock_loopback.c
++++ b/net/vmw_vsock/vsock_loopback.c
+@@ -71,6 +71,7 @@ static struct virtio_transport loopback_transport = {
+ 		.dgram_get_cid		  = virtio_transport_dgram_get_cid,
+ 		.dgram_get_port		  = virtio_transport_dgram_get_port,
+ 		.dgram_get_length	  = virtio_transport_dgram_get_length,
++		.dgram_has_data		  = virtio_transport_dgram_has_data,
+
+ 		.stream_dequeue           = virtio_transport_stream_dequeue,
+ 		.stream_enqueue           = virtio_transport_stream_enqueue,
+-- 
+2.54.0
+
@@ -1,7 +1,7 @@
-From 2afce693dedb3bc54648665488d346bbc17ab73a Mon Sep 17 00:00:00 2001
+From acc54e7a37c7bdf21f7d6da1cd1462c134484f37 Mon Sep 17 00:00:00 2001
 From: Sergio Lopez <slp@redhat.com>
 Date: Thu, 19 May 2022 22:38:26 +0200
-Subject: [PATCH 09/32] Transparent Socket Impersonation implementation
+Subject: [PATCH 11/34] Transparent Socket Impersonation implementation
 
 Transparent Socket Impersonation (AF_TSI) is an address family that
 provides sockets presenting two simultaneous personalities, one of
@@ -31,11 +31,11 @@ Signed-off-by: Matej Hrica <mhrica@redhat.com>
  net/socket.c                        |    3 +
  net/tsi/Kconfig                     |    7 +
  net/tsi/Makefile                    |    4 +
- net/tsi/af_tsi.c                    | 1571 +++++++++++++++++++++++++++
+ net/tsi/af_tsi.c                    | 1577 +++++++++++++++++++++++++++
  net/tsi/af_tsi.h                    |  107 ++
  security/selinux/hooks.c            |    8 +-
  security/selinux/include/classmap.h |    3 +-
- 10 files changed, 1710 insertions(+), 3 deletions(-)
+ 10 files changed, 1716 insertions(+), 3 deletions(-)
  create mode 100644 net/tsi/Kconfig
  create mode 100644 net/tsi/Makefile
  create mode 100644 net/tsi/af_tsi.c
@@ -128,10 +128,10 @@ index 000000000000..8b3cf74116a5
 +tsi-y := af_tsi.o
 diff --git a/net/tsi/af_tsi.c b/net/tsi/af_tsi.c
 new file mode 100644
-index 000000000000..e266f968405b
+index 000000000000..3d2bcd8d2ba4
 --- /dev/null
 +++ b/net/tsi/af_tsi.c
-@@ -0,0 +1,1571 @@
+@@ -0,0 +1,1577 @@
 +/* SPDX-License-Identifier: GPL-2.0-only */
 +/*
 + * Transparent Socket Impersonation Driver
@@ -908,11 +908,13 @@ index 000000000000..e266f968405b
 +	struct sock *sk = sock->sk;
 +	struct tsi_sock *tsk;
 +	struct socket *isocket;
++	struct socket *vsocket;
 +	int err;
 +
 +	lock_sock(sk);
 +	tsk = tsi_sk(sock->sk);
 +	isocket = tsk->isocket;
++	vsocket = tsk->vsocket;
 +
 +	switch (tsk->status) {
 +	case S_HYBRID:
@@ -924,7 +926,11 @@ index 000000000000..e266f968405b
 +		}
 +		break;
 +	case S_VSOCK:
-+		err = -EOPNOTSUPP;
++		if (vsocket) {
++			err = vsocket->ops->ioctl(vsocket, cmd, arg);
++		} else {
++			err = -EOPNOTSUPP;
++		}
 +		break;
 +	}
 +

@@ -1,7 +1,7 @@
-From 11f6bba30167239d54f27fccbeb3ddb319fb360f Mon Sep 17 00:00:00 2001
+From 7ba69a39a7184bd593b5c633ea870903fbedeb5d Mon Sep 17 00:00:00 2001
 From: Sergio Lopez <slp@redhat.com>
 Date: Thu, 19 May 2022 22:42:01 +0200
-Subject: [PATCH 10/32] tsi: allow hijacking sockets (tsi_hijack)
+Subject: [PATCH 12/34] tsi: allow hijacking sockets (tsi_hijack)
 
 Add a kernel command line option (tsi_hijack) enabling users to
 request the kernel to hijack AF_INET(SOCK_STREAM || SOCK_DGRAM)
@@ -68,7 +68,7 @@ index f317719ee75c..0d3d172fceec 100644
  	pf = rcu_dereference(net_families[family]);
  	err = -EAFNOSUPPORT;
 diff --git a/net/tsi/af_tsi.c b/net/tsi/af_tsi.c
-index e266f968405b..a8940e3e98a5 100644
+index 3d2bcd8d2ba4..bd3dc75b3129 100644
 --- a/net/tsi/af_tsi.c
 +++ b/net/tsi/af_tsi.c
 @@ -547,7 +547,7 @@ static int tsi_accept(struct socket *sock, struct socket *newsock,

@@ -1,7 +1,7 @@
-From 995eef6ce4407bc20831b242c77ee011d84fea4d Mon Sep 17 00:00:00 2001
+From 13804d0a9d630bdca8ac1f4dea14d0261eaf9eb7 Mon Sep 17 00:00:00 2001
 From: Asahi Lina <lina@asahilina.net>
 Date: Wed, 25 Sep 2024 16:35:34 +0200
-Subject: [PATCH 11/32] arm64: cpufeature: Unify SCOPE_LOCAL_CPU early & late
+Subject: [PATCH 13/34] arm64: cpufeature: Unify SCOPE_LOCAL_CPU early & late
  behavior
 
 SCOPE_LOCAL_CPU is mostly used for CPU errata. The early feature logic

@@ -1,7 +1,7 @@
-From 582250ebe10df99415a233af1f40384004594d3b Mon Sep 17 00:00:00 2001
+From 8e65f9b0a12d8a2dbafcd6b61972ee6aac16e21c Mon Sep 17 00:00:00 2001
 From: Hector Martin <marcan@marcan.st>
 Date: Thu, 11 Apr 2024 09:51:20 +0900
-Subject: [PATCH 12/32] prctl: Introduce PR_{SET,GET}_MEM_MODEL
+Subject: [PATCH 14/34] prctl: Introduce PR_{SET,GET}_MEM_MODEL
 
 On some architectures, it is possible to query and/or change the CPU
 memory model. This allows userspace to switch to a stricter memory model