--- /dev/null
+From b757b47a2fcba584d4a32fd7ee68faca510ab96f Mon Sep 17 00:00:00 2001
+From: Will Deacon <will@kernel.org>
+Date: Thu, 23 Jul 2020 11:17:14 +0100
+Subject: KVM: arm64: Don't inherit exec permission across page-table levels
+
+From: Will Deacon <will@kernel.org>
+
+commit b757b47a2fcba584d4a32fd7ee68faca510ab96f upstream.
+
+If a stage-2 page-table contains an executable, read-only mapping at the
+pte level (e.g. due to dirty logging being enabled), a subsequent write
+fault to the same page which tries to install a larger block mapping
+(e.g. due to dirty logging having been disabled) will erroneously inherit
+the exec permission and consequently skip I-cache invalidation for the
+rest of the block.
+
+Ensure that exec permission is only inherited by write faults when the
+new mapping is of the same size as the existing one. A subsequent
+instruction abort will result in I-cache invalidation for the entire
+block mapping.
+
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Tested-by: Quentin Perret <qperret@google.com>
+Reviewed-by: Quentin Perret <qperret@google.com>
+Cc: Marc Zyngier <maz@kernel.org>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20200723101714.15873-1-will@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ virt/kvm/arm/mmu.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+--- a/virt/kvm/arm/mmu.c
++++ b/virt/kvm/arm/mmu.c
+@@ -1199,7 +1199,7 @@ static bool stage2_get_leaf_entry(struct
+ return true;
+ }
+
+-static bool stage2_is_exec(struct kvm *kvm, phys_addr_t addr)
++static bool stage2_is_exec(struct kvm *kvm, phys_addr_t addr, unsigned long sz)
+ {
+ pud_t *pudp;
+ pmd_t *pmdp;
+@@ -1211,11 +1211,11 @@ static bool stage2_is_exec(struct kvm *k
+ return false;
+
+ if (pudp)
+- return kvm_s2pud_exec(pudp);
++ return sz <= PUD_SIZE && kvm_s2pud_exec(pudp);
+ else if (pmdp)
+- return kvm_s2pmd_exec(pmdp);
++ return sz <= PMD_SIZE && kvm_s2pmd_exec(pmdp);
+ else
+- return kvm_s2pte_exec(ptep);
++ return sz == PAGE_SIZE && kvm_s2pte_exec(ptep);
+ }
+
+ static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache,
+@@ -1805,7 +1805,8 @@ static int user_mem_abort(struct kvm_vcp
+ * execute permissions, and we preserve whatever we have.
+ */
+ needs_exec = exec_fault ||
+- (fault_status == FSC_PERM && stage2_is_exec(kvm, fault_ipa));
++ (fault_status == FSC_PERM &&
++ stage2_is_exec(kvm, fault_ipa, vma_pagesize));
+
+ if (vma_pagesize == PUD_SIZE) {
+ pud_t new_pud = kvm_pfn_pud(pfn, mem_type);
--- /dev/null
+From d2286ba7d574ba3103a421a2f9ec17cb5b0d87a1 Mon Sep 17 00:00:00 2001
+From: Wanpeng Li <wanpengli@tencent.com>
+Date: Fri, 31 Jul 2020 11:12:19 +0800
+Subject: KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled
+
+From: Wanpeng Li <wanpengli@tencent.com>
+
+commit d2286ba7d574ba3103a421a2f9ec17cb5b0d87a1 upstream.
+
+Prevent setting the tscdeadline timer if the lapic is hw disabled.
+
+Fixes: bce87cce88 (KVM: x86: consolidate different ways to test for in-kernel LAPIC)
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
+Message-Id: <1596165141-28874-1-git-send-email-wanpengli@tencent.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/lapic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/lapic.c
++++ b/arch/x86/kvm/lapic.c
+@@ -2085,7 +2085,7 @@ void kvm_set_lapic_tscdeadline_msr(struc
+ {
+ struct kvm_lapic *apic = vcpu->arch.apic;
+
+- if (!lapic_in_kernel(vcpu) || apic_lvtt_oneshot(apic) ||
++ if (!kvm_apic_present(vcpu) || apic_lvtt_oneshot(apic) ||
+ apic_lvtt_period(apic))
+ return;
+
xen-netfront-fix-potential-deadlock-in-xennet_remove.patch
risc-v-set-maximum-number-of-mapped-pages-correctly.patch
drivers-net-wan-lapb-corrected-the-usage-of-skb_cow.patch
+kvm-arm64-don-t-inherit-exec-permission-across-page-table-levels.patch
+kvm-lapic-prevent-setting-the-tscdeadline-timer-if-the-lapic-is-hw-disabled.patch
+x86-i8259-use-printk_deferred-to-prevent-deadlock.patch
--- /dev/null
+From bdd65589593edd79b6a12ce86b3b7a7c6dae5208 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Wed, 29 Jul 2020 10:53:28 +0200
+Subject: x86/i8259: Use printk_deferred() to prevent deadlock
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit bdd65589593edd79b6a12ce86b3b7a7c6dae5208 upstream.
+
+0day reported a possible circular locking dependency:
+
+Chain exists of:
+ &irq_desc_lock_class --> console_owner --> &port_lock_key
+
+ Possible unsafe locking scenario:
+
+ CPU0 CPU1
+ ---- ----
+ lock(&port_lock_key);
+ lock(console_owner);
+ lock(&port_lock_key);
+ lock(&irq_desc_lock_class);
+
+The reason for this is a printk() in the i8259 interrupt chip driver
+which is invoked with the irq descriptor lock held, which reverses the
+lock operations vs. printk() from arbitrary contexts.
+
+Switch the printk() to printk_deferred() to avoid that.
+
+Reported-by: kernel test robot <lkp@intel.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/87365abt2v.fsf@nanos.tec.linutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/i8259.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/i8259.c
++++ b/arch/x86/kernel/i8259.c
+@@ -207,7 +207,7 @@ spurious_8259A_irq:
+ * lets ACK and report it. [once per IRQ]
+ */
+ if (!(spurious_irq_mask & irqmask)) {
+- printk(KERN_DEBUG
++ printk_deferred(KERN_DEBUG
+ "spurious 8259A interrupt: IRQ%d.\n", irq);
+ spurious_irq_mask |= irqmask;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
