Fixes for 6.6

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-6.6/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch b/queue-6.6/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch
new file mode 100644 (file)
index 0000000..78eb919
--- /dev/null
+++ b/queue-6.6/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch
@@ -0,0 +1,54 @@
+From 61037d8ce9ca3c05c9463935e58da639204a59f6 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 24 Apr 2024 17:39:58 +0000
+Subject: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
+
+From: Oliver Upton <oliver.upton@linux.dev>
+
+[ Upstream commit 6ddb4f372fc63210034b903d96ebbeb3c7195adb ]
+
+vgic_v2_parse_attr() is responsible for finding the vCPU that matches
+the user-provided CPUID, which (of course) may not be valid. If the ID
+is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled
+gracefully.
+
+Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id()
+actually returns something and fail the ioctl if not.
+
+Cc: stable@vger.kernel.org
+Fixes: 7d450e282171 ("KVM: arm/arm64: vgic-new: Add userland access to VGIC dist registers")
+Reported-by: Alexander Potapenko <glider@google.com>
+Tested-by: Alexander Potapenko <glider@google.com>
+Reviewed-by: Alexander Potapenko <glider@google.com>
+Reviewed-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/r/20240424173959.3776798-2-oliver.upton@linux.dev
+Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c
+index c11962f901e0c..2f9e8c611f642 100644
+--- a/arch/arm64/kvm/vgic/vgic-kvm-device.c
++++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c
+@@ -337,12 +337,12 @@ int kvm_register_vgic_device(unsigned long type)
+ int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr,
+                      struct vgic_reg_attr *reg_attr)
+ {
+-      int cpuid;
++      int cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr);
+ 
+-      cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr);
+-
+-      reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid);
+       reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK;
++      reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid);
++      if (!reg_attr->vcpu)
++              return -EINVAL;
+ 
+       return 0;
+ }
+-- 
+2.43.0
+

diff --git a/queue-6.6/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch b/queue-6.6/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch
new file mode 100644 (file)
index 0000000..4d0f4a5
--- /dev/null
+++ b/queue-6.6/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch
@@ -0,0 +1,51 @@
+From 8dfadf055d300143690fd5639a065097a89d17ab Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 27 Sep 2023 10:09:04 +0100
+Subject: KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
+
+From: Marc Zyngier <maz@kernel.org>
+
+[ Upstream commit 4e7728c81a54b17bd33be402ac140bc11bb0c4f4 ]
+
+When parsing a GICv2 attribute that contains a cpuid, handle this
+as the vcpu_id, not a vcpu_idx, as userspace cannot really know
+the mapping between the two. For this, use kvm_get_vcpu_by_id()
+instead of kvm_get_vcpu().
+
+Take this opportunity to get rid of the pointless check against
+online_vcpus, which doesn't make much sense either, and switch
+to FIELD_GET as a way to extract the vcpu_id.
+
+Reviewed-by: Zenghui Yu <yuzenghui@huawei.com>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/r/20230927090911.3355209-5-maz@kernel.org
+Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
+Stable-dep-of: 6ddb4f372fc6 ("KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c
+index 212b73a715c1c..c11962f901e0c 100644
+--- a/arch/arm64/kvm/vgic/vgic-kvm-device.c
++++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c
+@@ -339,13 +339,9 @@ int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr,
+ {
+       int cpuid;
+ 
+-      cpuid = (attr->attr & KVM_DEV_ARM_VGIC_CPUID_MASK) >>
+-               KVM_DEV_ARM_VGIC_CPUID_SHIFT;
++      cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr);
+ 
+-      if (cpuid >= atomic_read(&dev->kvm->online_vcpus))
+-              return -EINVAL;
+-
+-      reg_attr->vcpu = kvm_get_vcpu(dev->kvm, cpuid);
++      reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid);
+       reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK;
+ 
+       return 0;
+-- 
+2.43.0
+

diff --git a/queue-6.6/series b/queue-6.6/series
index 91ea37e18cbc1a0916c42c22a56579f66a4e6052..5ef3f09b26fc500e336f70d0da333ffc7f987e8d 100644 (file)
--- a/queue-6.6/series
+++ b/queue-6.6/series
@@ -92,3 +92,5 @@ clk-sunxi-ng-h6-reparent-cpux-during-pll-cpux-rate-c.patch
 powerpc-pseries-make-max-polling-consistent-for-long.patch
 powerpc-pseries-iommu-lpar-panics-during-boot-up-wit.patch
 swiotlb-initialise-restricted-pool-list_head-when-sw.patch
+kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch
+kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch