--- /dev/null
+From ccc031e26afe60d2a5a3d93dabd9c978210825fb Mon Sep 17 00:00:00 2001
+From: Jiachen Zhang <zhangjiachen.jaycee@bytedance.com>
+Date: Wed, 28 Sep 2022 20:19:34 +0800
+Subject: fuse: always revalidate rename target dentry
+
+From: Jiachen Zhang <zhangjiachen.jaycee@bytedance.com>
+
+commit ccc031e26afe60d2a5a3d93dabd9c978210825fb upstream.
+
+The previous commit df8629af2934 ("fuse: always revalidate if exclusive
+create") ensures that the dentries are revalidated on O_EXCL creates. This
+commit complements it by also performing revalidation for rename target
+dentries. Otherwise, a rename target file that only exists in kernel
+dentry cache but not in the filesystem will result in EEXIST if
+RENAME_NOREPLACE flag is used.
+
+Signed-off-by: Jiachen Zhang <zhangjiachen.jaycee@bytedance.com>
+Signed-off-by: Zhang Tianci <zhangtianci.1997@bytedance.com>
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Signed-off-by: Yang Bo <yb203166@antfin.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/fuse/dir.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/fuse/dir.c
++++ b/fs/fuse/dir.c
+@@ -214,7 +214,7 @@ static int fuse_dentry_revalidate(struct
+ if (inode && fuse_is_bad(inode))
+ goto invalid;
+ else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) ||
+- (flags & (LOOKUP_EXCL | LOOKUP_REVAL))) {
++ (flags & (LOOKUP_EXCL | LOOKUP_REVAL | LOOKUP_RENAME_TARGET))) {
+ struct fuse_entry_out outarg;
+ FUSE_ARGS(args);
+ struct fuse_forget_link *forget;
--- /dev/null
+From a25bc8486f9c01c1af6b6c5657234b2eee2c39d6 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@linaro.org>
+Date: Wed, 19 Apr 2023 13:16:13 +0300
+Subject: KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg()
+
+From: Dan Carpenter <dan.carpenter@linaro.org>
+
+commit a25bc8486f9c01c1af6b6c5657234b2eee2c39d6 upstream.
+
+The KVM_REG_SIZE() comes from the ioctl and it can be a power of two
+between 0-32768 but if it is more than sizeof(long) this will corrupt
+memory.
+
+Fixes: 99adb567632b ("KVM: arm/arm64: Add save/restore support for firmware workaround state")
+Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
+Reviewed-by: Steven Price <steven.price@arm.com>
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/r/4efbab8c-640f-43b2-8ac6-6d68e08280fe@kili.mountain
+Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/kvm/hypercalls.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/arm64/kvm/hypercalls.c
++++ b/arch/arm64/kvm/hypercalls.c
+@@ -397,6 +397,8 @@ int kvm_arm_set_fw_reg(struct kvm_vcpu *
+ u64 val;
+ int wa_level;
+
++ if (KVM_REG_SIZE(reg->id) != sizeof(val))
++ return -ENOENT;
+ if (copy_from_user(&val, uaddr, KVM_REG_SIZE(reg->id)))
+ return -EFAULT;
+
--- /dev/null
+From 35dcb3ac663a16510afc27ba2725d70c15e012a5 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <maz@kernel.org>
+Date: Tue, 18 Apr 2023 13:57:37 +0100
+Subject: KVM: arm64: Make vcpu flag updates non-preemptible
+
+From: Marc Zyngier <maz@kernel.org>
+
+commit 35dcb3ac663a16510afc27ba2725d70c15e012a5 upstream.
+
+Per-vcpu flags are updated using a non-atomic RMW operation.
+Which means it is possible to get preempted between the read and
+write operations.
+
+Another interesting thing to note is that preemption also updates
+flags, as we have some flag manipulation in both the load and put
+operations.
+
+It is thus possible to lose information communicated by either
+load or put, as the preempted flag update will overwrite the flags
+when the thread is resumed. This is specially critical if either
+load or put has stored information which depends on the physical
+CPU the vcpu runs on.
+
+This results in really elusive bugs, and kudos must be given to
+Mostafa for the long hours of debugging, and finally spotting
+the problem.
+
+Fix it by disabling preemption during the RMW operation, which
+ensures that the state stays consistent. Also upgrade vcpu_get_flag
+path to use READ_ONCE() to make sure the field is always atomically
+accessed.
+
+Fixes: e87abb73e594 ("KVM: arm64: Add helpers to manipulate vcpu flags among a set")
+Reported-by: Mostafa Saleh <smostafa@google.com>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20230418125737.2327972-1-maz@kernel.org
+Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/include/asm/kvm_host.h | 19 ++++++++++++++++++-
+ 1 file changed, 18 insertions(+), 1 deletion(-)
+
+--- a/arch/arm64/include/asm/kvm_host.h
++++ b/arch/arm64/include/asm/kvm_host.h
+@@ -449,9 +449,22 @@ struct kvm_vcpu_arch {
+ ({ \
+ __build_check_flag(v, flagset, f, m); \
+ \
+- v->arch.flagset & (m); \
++ READ_ONCE(v->arch.flagset) & (m); \
+ })
+
++/*
++ * Note that the set/clear accessors must be preempt-safe in order to
++ * avoid nesting them with load/put which also manipulate flags...
++ */
++#ifdef __KVM_NVHE_HYPERVISOR__
++/* the nVHE hypervisor is always non-preemptible */
++#define __vcpu_flags_preempt_disable()
++#define __vcpu_flags_preempt_enable()
++#else
++#define __vcpu_flags_preempt_disable() preempt_disable()
++#define __vcpu_flags_preempt_enable() preempt_enable()
++#endif
++
+ #define __vcpu_set_flag(v, flagset, f, m) \
+ do { \
+ typeof(v->arch.flagset) *fset; \
+@@ -459,9 +472,11 @@ struct kvm_vcpu_arch {
+ __build_check_flag(v, flagset, f, m); \
+ \
+ fset = &v->arch.flagset; \
++ __vcpu_flags_preempt_disable(); \
+ if (HWEIGHT(m) > 1) \
+ *fset &= ~(m); \
+ *fset |= (f); \
++ __vcpu_flags_preempt_enable(); \
+ } while (0)
+
+ #define __vcpu_clear_flag(v, flagset, f, m) \
+@@ -471,7 +486,9 @@ struct kvm_vcpu_arch {
+ __build_check_flag(v, flagset, f, m); \
+ \
+ fset = &v->arch.flagset; \
++ __vcpu_flags_preempt_disable(); \
+ *fset &= ~(m); \
++ __vcpu_flags_preempt_enable(); \
+ } while (0)
+
+ #define vcpu_get_flag(v, ...) __vcpu_get_flag((v), __VA_ARGS__)
--- /dev/null
+From 6dcbd0a69c84a8ae7a442840a8cf6b1379dc8f16 Mon Sep 17 00:00:00 2001
+From: Jiaxun Yang <jiaxun.yang@flygoat.com>
+Date: Sat, 8 Apr 2023 21:33:48 +0100
+Subject: MIPS: Define RUNTIME_DISCARD_EXIT in LD script
+
+From: Jiaxun Yang <jiaxun.yang@flygoat.com>
+
+commit 6dcbd0a69c84a8ae7a442840a8cf6b1379dc8f16 upstream.
+
+MIPS's exit sections are discarded at runtime as well.
+
+Fixes link error:
+`.exit.text' referenced in section `__jump_table' of fs/fuse/inode.o:
+defined in discarded section `.exit.text' of fs/fuse/inode.o
+
+Fixes: 99cb0d917ffa ("arch: fix broken BuildID for arm64 and riscv")
+Reported-by: "kernelci.org bot" <bot@kernelci.org>
+Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/mips/kernel/vmlinux.lds.S | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/mips/kernel/vmlinux.lds.S
++++ b/arch/mips/kernel/vmlinux.lds.S
+@@ -15,6 +15,8 @@
+ #define EMITS_PT_NOTE
+ #endif
+
++#define RUNTIME_DISCARD_EXIT
++
+ #include <asm-generic/vmlinux.lds.h>
+
+ #undef mips
sched-fair-detect-capacity-inversion.patch
sched-fair-consider-capacity-inversion-in-util_fits_cpu.patch
sched-fair-fixes-for-capacity-inversion-detection.patch
+kvm-arm64-make-vcpu-flag-updates-non-preemptible.patch
+kvm-arm64-fix-buffer-overflow-in-kvm_arm_set_fw_reg.patch
+mips-define-runtime_discard_exit-in-ld-script.patch
+fuse-always-revalidate-rename-target-dentry.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
