--- /dev/null
+From 1caa71a7a600f7781ce05ef1e84701c459653663 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <maz@kernel.org>
+Date: Wed, 7 Jun 2023 15:38:44 +0100
+Subject: KVM: arm64: Restore GICv2-on-GICv3 functionality
+
+From: Marc Zyngier <maz@kernel.org>
+
+commit 1caa71a7a600f7781ce05ef1e84701c459653663 upstream.
+
+When reworking the vgic locking, the vgic distributor registration
+got simplified, which was a very good cleanup. But just a tad too
+radical, as we now register the *native* vgic only, ignoring the
+GICv2-on-GICv3 that allows pre-historic VMs (or so I thought)
+to run.
+
+As it turns out, QEMU still defaults to GICv2 in some cases, and
+this breaks Nathan's setup!
+
+Fix it by propagating the *requested* vgic type rather than the
+host's version.
+
+Fixes: 59112e9c390b ("KVM: arm64: vgic: Fix a circular locking issue")
+Reported-by: Nathan Chancellor <nathan@kernel.org>
+Tested-by: Nathan Chancellor <nathan@kernel.org>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+link: https://lore.kernel.org/r/20230606221525.GA2269598@dev-arch.thelio-3990X
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/kvm/vgic/vgic-init.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+--- a/arch/arm64/kvm/vgic/vgic-init.c
++++ b/arch/arm64/kvm/vgic/vgic-init.c
+@@ -446,6 +446,7 @@ int vgic_lazy_init(struct kvm *kvm)
+ int kvm_vgic_map_resources(struct kvm *kvm)
+ {
+ struct vgic_dist *dist = &kvm->arch.vgic;
++ enum vgic_type type;
+ gpa_t dist_base;
+ int ret = 0;
+
+@@ -460,10 +461,13 @@ int kvm_vgic_map_resources(struct kvm *k
+ if (!irqchip_in_kernel(kvm))
+ goto out;
+
+- if (dist->vgic_model == KVM_DEV_TYPE_ARM_VGIC_V2)
++ if (dist->vgic_model == KVM_DEV_TYPE_ARM_VGIC_V2) {
+ ret = vgic_v2_map_resources(kvm);
+- else
++ type = VGIC_V2;
++ } else {
+ ret = vgic_v3_map_resources(kvm);
++ type = VGIC_V3;
++ }
+
+ if (ret) {
+ __kvm_vgic_destroy(kvm);
+@@ -473,8 +477,7 @@ int kvm_vgic_map_resources(struct kvm *k
+ dist_base = dist->vgic_dist_base;
+ mutex_unlock(&kvm->arch.config_lock);
+
+- ret = vgic_register_dist_iodev(kvm, dist_base,
+- kvm_vgic_global_state.type);
++ ret = vgic_register_dist_iodev(kvm, dist_base, type);
+ if (ret) {
+ kvm_err("Unable to register VGIC dist MMIO regions\n");
+ kvm_vgic_destroy(kvm);
--- /dev/null
+From 043d2acf57227db1fdaaa620b2a420acfaa56d6e Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Wed, 14 Jun 2023 23:20:18 +0200
+Subject: netfilter: nf_tables: drop module reference after updating chain
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 043d2acf57227db1fdaaa620b2a420acfaa56d6e upstream.
+
+Otherwise the module reference counter is leaked.
+
+Fixes b9703ed44ffb ("netfilter: nf_tables: support for adding new devices to an existing netdev chain")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nf_tables_api.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -2664,6 +2664,8 @@ static int nf_tables_updchain(struct nft
+ nft_trans_basechain(trans) = basechain;
+ INIT_LIST_HEAD(&nft_trans_chain_hooks(trans));
+ list_splice(&hook.list, &nft_trans_chain_hooks(trans));
++ if (nla[NFTA_CHAIN_HOOK])
++ module_put(hook.type->owner);
+
+ nft_trans_commit_list_add_tail(ctx->net, trans);
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
