--- /dev/null
+From 51b958e5aeb1e18c00332e0b37c5d4e95a3eff84 Mon Sep 17 00:00:00 2001
+From: David Edmondson <david.edmondson@oracle.com>
+Date: Tue, 3 Nov 2020 12:04:00 +0000
+Subject: KVM: x86: clflushopt should be treated as a no-op by emulation
+
+From: David Edmondson <david.edmondson@oracle.com>
+
+commit 51b958e5aeb1e18c00332e0b37c5d4e95a3eff84 upstream.
+
+The instruction emulator ignores clflush instructions, yet fails to
+support clflushopt. Treat both similarly.
+
+Fixes: 13e457e0eebf ("KVM: x86: Emulator does not decode clflush well")
+Signed-off-by: David Edmondson <david.edmondson@oracle.com>
+Message-Id: <20201103120400.240882-1-david.edmondson@oracle.com>
+Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/emulate.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/emulate.c
++++ b/arch/x86/kvm/emulate.c
+@@ -3922,6 +3922,12 @@ static int em_clflush(struct x86_emulate
+ return X86EMUL_CONTINUE;
+ }
+
++static int em_clflushopt(struct x86_emulate_ctxt *ctxt)
++{
++ /* emulating clflushopt regardless of cpuid */
++ return X86EMUL_CONTINUE;
++}
++
+ static int em_movsxd(struct x86_emulate_ctxt *ctxt)
+ {
+ ctxt->dst.val = (s32) ctxt->src.val;
+@@ -4411,7 +4417,7 @@ static const struct opcode group11[] = {
+ };
+
+ static const struct gprefix pfx_0f_ae_7 = {
+- I(SrcMem | ByteOp, em_clflush), N, N, N,
++ I(SrcMem | ByteOp, em_clflush), I(SrcMem | ByteOp, em_clflushopt), N, N,
+ };
+
+ static const struct group_dual group15 = { {
--- /dev/null
+From dcd479e10a0510522a5d88b29b8f79ea3467d501 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Fri, 9 Oct 2020 14:17:11 +0200
+Subject: mac80211: always wind down STA state
+
+From: Johannes Berg <johannes.berg@intel.com>
+
+commit dcd479e10a0510522a5d88b29b8f79ea3467d501 upstream.
+
+When (for example) an IBSS station is pre-moved to AUTHORIZED
+before it's inserted, and then the insertion fails, we don't
+clean up the fast RX/TX states that might already have been
+created, since we don't go through all the state transitions
+again on the way down.
+
+Do that, if it hasn't been done already, when the station is
+freed. I considered only freeing the fast TX/RX state there,
+but we might add more state so it's more robust to wind down
+the state properly.
+
+Note that we warn if the station was ever inserted, it should
+have been properly cleaned up in that case, and the driver
+will probably not like things happening out of order.
+
+Reported-by: syzbot+2e293dbd67de2836ba42@syzkaller.appspotmail.com
+Link: https://lore.kernel.org/r/20201009141710.7223b322a955.I95bd08b9ad0e039c034927cce0b75beea38e059b@changeid
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/mac80211/sta_info.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+--- a/net/mac80211/sta_info.c
++++ b/net/mac80211/sta_info.c
+@@ -242,6 +242,24 @@ struct sta_info *sta_info_get_by_idx(str
+ */
+ void sta_info_free(struct ieee80211_local *local, struct sta_info *sta)
+ {
++ /*
++ * If we had used sta_info_pre_move_state() then we might not
++ * have gone through the state transitions down again, so do
++ * it here now (and warn if it's inserted).
++ *
++ * This will clear state such as fast TX/RX that may have been
++ * allocated during state transitions.
++ */
++ while (sta->sta_state > IEEE80211_STA_NONE) {
++ int ret;
++
++ WARN_ON_ONCE(test_sta_flag(sta, WLAN_STA_INSERTED));
++
++ ret = sta_info_move_state(sta, sta->sta_state - 1);
++ if (WARN_ONCE(ret, "sta_info_move_state() returned %d\n", ret))
++ break;
++ }
++
+ if (sta->rate_ctrl)
+ rate_control_free_sta(sta);
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
