--- /dev/null
+From da5a3ce66b8bb51b0ea8a89f42aac153903f90fb Mon Sep 17 00:00:00 2001
+From: Mark Rutland <mark.rutland@arm.com>
+Date: Wed, 17 Oct 2018 17:42:10 +0100
+Subject: KVM: arm64: Fix caching of host MDCR_EL2 value
+
+From: Mark Rutland <mark.rutland@arm.com>
+
+commit da5a3ce66b8bb51b0ea8a89f42aac153903f90fb upstream.
+
+At boot time, KVM stashes the host MDCR_EL2 value, but only does this
+when the kernel is not running in hyp mode (i.e. is non-VHE). In these
+cases, the stashed value of MDCR_EL2.HPMN happens to be zero, which can
+lead to CONSTRAINED UNPREDICTABLE behaviour.
+
+Since we use this value to derive the MDCR_EL2 value when switching
+to/from a guest, after a guest have been run, the performance counters
+do not behave as expected. This has been observed to result in accesses
+via PMXEVTYPER_EL0 and PMXEVCNTR_EL0 not affecting the relevant
+counters, resulting in events not being counted. In these cases, only
+the fixed-purpose cycle counter appears to work as expected.
+
+Fix this by always stashing the host MDCR_EL2 value, regardless of VHE.
+
+Cc: Christopher Dall <christoffer.dall@arm.com>
+Cc: James Morse <james.morse@arm.com>
+Cc: Will Deacon <will.deacon@arm.com>
+Cc: stable@vger.kernel.org
+Fixes: 1e947bad0b63b351 ("arm64: KVM: Skip HYP setup when already running in HYP")
+Tested-by: Robin Murphy <robin.murphy@arm.com>
+Signed-off-by: Mark Rutland <mark.rutland@arm.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/kvm/arm.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/arm/kvm/arm.c
++++ b/arch/arm/kvm/arm.c
+@@ -1092,8 +1092,6 @@ static void cpu_init_hyp_mode(void *dumm
+
+ __cpu_init_hyp_mode(pgd_ptr, hyp_stack_ptr, vector_ptr);
+ __cpu_init_stage2();
+-
+- kvm_arm_init_debug();
+ }
+
+ static void cpu_hyp_reinit(void)
+@@ -1108,6 +1106,8 @@ static void cpu_hyp_reinit(void)
+ if (__hyp_get_vectors() == hyp_default_vectors)
+ cpu_init_hyp_mode(NULL);
+ }
++
++ kvm_arm_init_debug();
+ }
+
+ static void cpu_hyp_reset(void)
--- /dev/null
+From 5e1275808630ea3b2c97c776f40e475017535f72 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Wed, 31 Oct 2018 12:15:23 +0100
+Subject: ovl: check whiteout in ovl_create_over_whiteout()
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit 5e1275808630ea3b2c97c776f40e475017535f72 upstream.
+
+Kaixuxia repors that it's possible to crash overlayfs by removing the
+whiteout on the upper layer before creating a directory over it. This is a
+reproducer:
+
+ mkdir lower upper work merge
+ touch lower/file
+ mount -t overlay overlay -olowerdir=lower,upperdir=upper,workdir=work merge
+ rm merge/file
+ ls -al merge/file
+ rm upper/file
+ ls -al merge/
+ mkdir merge/file
+
+Before commencing with a vfs_rename(..., RENAME_EXCHANGE) verify that the
+lookup of "upper" is positive and is a whiteout, and return ESTALE
+otherwise.
+
+Reported by: kaixuxia <xiakaixu1987@gmail.com>
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Fixes: e9be9d5e76e3 ("overlay filesystem")
+Cc: <stable@vger.kernel.org> # v3.18
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+--- a/fs/overlayfs/dir.c
++++ b/fs/overlayfs/dir.c
+@@ -392,6 +392,10 @@ static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode,
+ if (IS_ERR(upper))
+ goto out_dput;
+
++ err = -ESTALE;
++ if (d_is_negative(upper) || !IS_WHITEOUT(d_inode(upper)))
++ goto out_dput2;
++
+ err = ovl_create_real(wdir, newdentry, cattr, hardlink, true);
+ if (err)
+ goto out_dput2;
+--
+2.14.5
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
