--- /dev/null
+From 8daee952b4389729358665fb91949460641659d4 Mon Sep 17 00:00:00 2001
+From: Wolfram Sang <wsa+renesas@sang-engineering.com>
+Date: Thu, 12 Mar 2020 14:32:44 +0100
+Subject: i2c: acpi: put device when verifying client fails
+
+From: Wolfram Sang <wsa+renesas@sang-engineering.com>
+
+commit 8daee952b4389729358665fb91949460641659d4 upstream.
+
+i2c_verify_client() can fail, so we need to put the device when that
+happens.
+
+Fixes: 525e6fabeae2 ("i2c / ACPI: add support for ACPI reconfigure notifications")
+Reported-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
+Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
+Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/i2c/i2c-core-acpi.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+--- a/drivers/i2c/i2c-core-acpi.c
++++ b/drivers/i2c/i2c-core-acpi.c
+@@ -394,9 +394,17 @@ EXPORT_SYMBOL_GPL(i2c_acpi_find_adapter_
+ static struct i2c_client *i2c_acpi_find_client_by_adev(struct acpi_device *adev)
+ {
+ struct device *dev;
++ struct i2c_client *client;
+
+ dev = bus_find_device_by_acpi_dev(&i2c_bus_type, adev);
+- return dev ? i2c_verify_client(dev) : NULL;
++ if (!dev)
++ return NULL;
++
++ client = i2c_verify_client(dev);
++ if (!client)
++ put_device(dev);
++
++ return client;
+ }
+
+ static int i2c_acpi_notify(struct notifier_block *nb, unsigned long value,
--- /dev/null
+From 730ad0ede130015a773229573559e97ba0943065 Mon Sep 17 00:00:00 2001
+From: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
+Date: Thu, 12 Mar 2020 05:18:39 -0500
+Subject: iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE
+
+From: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
+
+commit 730ad0ede130015a773229573559e97ba0943065 upstream.
+
+Commit b9c6ff94e43a ("iommu/amd: Re-factor guest virtual APIC
+(de-)activation code") accidentally left out the ir_data pointer when
+calling modity_irte_ga(), which causes the function amd_iommu_update_ga()
+to return prematurely due to struct amd_ir_data.ref is NULL and
+the "is_run" bit of IRTE does not get updated properly.
+
+This results in bad I/O performance since IOMMU AVIC always generate GA Log
+entry and notify IOMMU driver and KVM when it receives interrupt from the
+PCI pass-through device instead of directly inject interrupt to the vCPU.
+
+Fixes by passing ir_data when calling modify_irte_ga() as done previously.
+
+Fixes: b9c6ff94e43a ("iommu/amd: Re-factor guest virtual APIC (de-)activation code")
+Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iommu/amd_iommu.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/iommu/amd_iommu.c
++++ b/drivers/iommu/amd_iommu.c
+@@ -3836,7 +3836,7 @@ int amd_iommu_activate_guest_mode(void *
+ entry->lo.fields_vapic.ga_tag = ir_data->ga_tag;
+
+ return modify_irte_ga(ir_data->irq_2_irte.devid,
+- ir_data->irq_2_irte.index, entry, NULL);
++ ir_data->irq_2_irte.index, entry, ir_data);
+ }
+ EXPORT_SYMBOL(amd_iommu_activate_guest_mode);
+
+@@ -3862,7 +3862,7 @@ int amd_iommu_deactivate_guest_mode(void
+ APICID_TO_IRTE_DEST_HI(cfg->dest_apicid);
+
+ return modify_irte_ga(ir_data->irq_2_irte.devid,
+- ir_data->irq_2_irte.index, entry, NULL);
++ ir_data->irq_2_irte.index, entry, ir_data);
+ }
+ EXPORT_SYMBOL(amd_iommu_deactivate_guest_mode);
+
--- /dev/null
+From b0bb0c22c4db623f2e7b1a471596fbf1c22c6dc5 Mon Sep 17 00:00:00 2001
+From: Zhenzhong Duan <zhenzhong.duan@gmail.com>
+Date: Thu, 12 Mar 2020 14:09:54 +0800
+Subject: iommu/vt-d: Fix the wrong printing in RHSA parsing
+
+From: Zhenzhong Duan <zhenzhong.duan@gmail.com>
+
+commit b0bb0c22c4db623f2e7b1a471596fbf1c22c6dc5 upstream.
+
+When base address in RHSA structure doesn't match base address in
+each DRHD structure, the base address in last DRHD is printed out.
+
+This doesn't make sense when there are multiple DRHD units, fix it
+by printing the buggy RHSA's base address.
+
+Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
+Signed-off-by: Zhenzhong Duan <zhenzhong.duan@gmail.com>
+Fixes: fd0c8894893cb ("intel-iommu: Set a more specific taint flag for invalid BIOS DMAR tables")
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iommu/dmar.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/iommu/dmar.c
++++ b/drivers/iommu/dmar.c
+@@ -475,7 +475,7 @@ static int dmar_parse_one_rhsa(struct ac
+ pr_warn(FW_BUG
+ "Your BIOS is broken; RHSA refers to non-existent DMAR unit at %llx\n"
+ "BIOS vendor: %s; Ver: %s; Product Version: %s\n",
+- drhd->reg_base_addr,
++ rhsa->base_address,
+ dmi_get_system_info(DMI_BIOS_VENDOR),
+ dmi_get_system_info(DMI_BIOS_VERSION),
+ dmi_get_system_info(DMI_PRODUCT_VERSION));
--- /dev/null
+From da72a379b2ec0bad3eb265787f7008bead0b040c Mon Sep 17 00:00:00 2001
+From: Daniel Drake <drake@endlessm.com>
+Date: Thu, 12 Mar 2020 14:09:55 +0800
+Subject: iommu/vt-d: Ignore devices with out-of-spec domain number
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Daniel Drake <drake@endlessm.com>
+
+commit da72a379b2ec0bad3eb265787f7008bead0b040c upstream.
+
+VMD subdevices are created with a PCI domain ID of 0x10000 or
+higher.
+
+These subdevices are also handled like all other PCI devices by
+dmar_pci_bus_notifier().
+
+However, when dmar_alloc_pci_notify_info() take records of such devices,
+it will truncate the domain ID to a u16 value (in info->seg).
+The device at (e.g.) 10000:00:02.0 is then treated by the DMAR code as if
+it is 0000:00:02.0.
+
+In the unlucky event that a real device also exists at 0000:00:02.0 and
+also has a device-specific entry in the DMAR table,
+dmar_insert_dev_scope() will crash on:
+ BUG_ON(i >= devices_cnt);
+
+That's basically a sanity check that only one PCI device matches a
+single DMAR entry; in this case we seem to have two matching devices.
+
+Fix this by ignoring devices that have a domain number higher than
+what can be looked up in the DMAR table.
+
+This problem was carefully diagnosed by Jian-Hong Pan.
+
+Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
+Signed-off-by: Daniel Drake <drake@endlessm.com>
+Fixes: 59ce0515cdaf3 ("iommu/vt-d: Update DRHD/RMRR/ATSR device scope caches when PCI hotplug happens")
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iommu/dmar.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/drivers/iommu/dmar.c
++++ b/drivers/iommu/dmar.c
+@@ -28,6 +28,7 @@
+ #include <linux/slab.h>
+ #include <linux/iommu.h>
+ #include <linux/numa.h>
++#include <linux/limits.h>
+ #include <asm/irq_remapping.h>
+ #include <asm/iommu_table.h>
+
+@@ -128,6 +129,13 @@ dmar_alloc_pci_notify_info(struct pci_de
+
+ BUG_ON(dev->is_virtfn);
+
++ /*
++ * Ignore devices that have a domain number higher than what can
++ * be looked up in DMAR, e.g. VMD subdevices with domain 0x10000
++ */
++ if (pci_domain_nr(dev->bus) > U16_MAX)
++ return NULL;
++
+ /* Only generate path[] for device addition event */
+ if (event == BUS_NOTIFY_ADD_DEVICE)
+ for (tmp = dev; tmp; tmp = tmp->bus->self)
--- /dev/null
+From d78008de6103c708171baff9650a7862645d23b0 Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Tue, 3 Mar 2020 15:02:45 +0100
+Subject: netfilter: nf_tables: dump NFTA_CHAIN_FLAGS attribute
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit d78008de6103c708171baff9650a7862645d23b0 upstream.
+
+Missing NFTA_CHAIN_FLAGS netlink attribute when dumping basechain
+definitions.
+
+Fixes: c9626a2cbdb2 ("netfilter: nf_tables: add hardware offload support")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nf_tables_api.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -1405,6 +1405,11 @@ static int nf_tables_fill_chain_info(str
+ lockdep_commit_lock_is_held(net));
+ if (nft_dump_stats(skb, stats))
+ goto nla_put_failure;
++
++ if ((chain->flags & NFT_CHAIN_HW_OFFLOAD) &&
++ nla_put_be32(skb, NFTA_CHAIN_FLAGS,
++ htonl(NFT_CHAIN_HW_OFFLOAD)))
++ goto nla_put_failure;
+ }
+
+ if (nla_put_be32(skb, NFTA_CHAIN_USE, htonl(chain->use)))
--- /dev/null
+From 6a42cefb25d8bdc1b391f4a53c78c32164eea2dd Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Fri, 6 Mar 2020 17:37:28 +0100
+Subject: netfilter: nft_chain_nat: inet family is missing module ownership
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 6a42cefb25d8bdc1b391f4a53c78c32164eea2dd upstream.
+
+Set owner to THIS_MODULE, otherwise the nft_chain_nat module might be
+removed while there are still inet/nat chains in place.
+
+[ 117.942096] BUG: unable to handle page fault for address: ffffffffa0d5e040
+[ 117.942101] #PF: supervisor read access in kernel mode
+[ 117.942103] #PF: error_code(0x0000) - not-present page
+[ 117.942106] PGD 200c067 P4D 200c067 PUD 200d063 PMD 3dc909067 PTE 0
+[ 117.942113] Oops: 0000 [#1] PREEMPT SMP PTI
+[ 117.942118] CPU: 3 PID: 27 Comm: kworker/3:0 Not tainted 5.6.0-rc3+ #348
+[ 117.942133] Workqueue: events nf_tables_trans_destroy_work [nf_tables]
+[ 117.942145] RIP: 0010:nf_tables_chain_destroy.isra.0+0x94/0x15a [nf_tables]
+[ 117.942149] Code: f6 45 54 01 0f 84 d1 00 00 00 80 3b 05 74 44 48 8b 75 e8 48 c7 c7 72 be de a0 e8 56 e6 2d e0 48 8b 45 e8 48 c7 c7 7f be de a0 <48> 8b 30 e8 43 e6 2d e0 48 8b 45 e8 48 8b 40 10 48 85 c0 74 5b 8b
+[ 117.942152] RSP: 0018:ffffc9000015be10 EFLAGS: 00010292
+[ 117.942155] RAX: ffffffffa0d5e040 RBX: ffff88840be87fc2 RCX: 0000000000000007
+[ 117.942158] RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffffffffa0debe7f
+[ 117.942160] RBP: ffff888403b54b50 R08: 0000000000001482 R09: 0000000000000004
+[ 117.942162] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8883eda7e540
+[ 117.942164] R13: dead000000000122 R14: dead000000000100 R15: ffff888403b3db80
+[ 117.942167] FS: 0000000000000000(0000) GS:ffff88840e4c0000(0000) knlGS:0000000000000000
+[ 117.942169] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 117.942172] CR2: ffffffffa0d5e040 CR3: 00000003e4c52002 CR4: 00000000001606e0
+[ 117.942174] Call Trace:
+[ 117.942188] nf_tables_trans_destroy_work.cold+0xd/0x12 [nf_tables]
+[ 117.942196] process_one_work+0x1d6/0x3b0
+[ 117.942200] worker_thread+0x45/0x3c0
+[ 117.942203] ? process_one_work+0x3b0/0x3b0
+[ 117.942210] kthread+0x112/0x130
+[ 117.942214] ? kthread_create_worker_on_cpu+0x40/0x40
+[ 117.942221] ret_from_fork+0x35/0x40
+
+nf_tables_chain_destroy() crashes on module_put() because the module is
+gone.
+
+Fixes: d164385ec572 ("netfilter: nat: add inet family nat support")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nft_chain_nat.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/netfilter/nft_chain_nat.c
++++ b/net/netfilter/nft_chain_nat.c
+@@ -89,6 +89,7 @@ static const struct nft_chain_type nft_c
+ .name = "nat",
+ .type = NFT_CHAIN_T_NAT,
+ .family = NFPROTO_INET,
++ .owner = THIS_MODULE,
+ .hook_mask = (1 << NF_INET_PRE_ROUTING) |
+ (1 << NF_INET_LOCAL_IN) |
+ (1 << NF_INET_LOCAL_OUT) |
--- /dev/null
+From 9d6effb2f1523eb84516e44213c00f2fd9e6afff Mon Sep 17 00:00:00 2001
+From: Jakub Kicinski <kuba@kernel.org>
+Date: Mon, 2 Mar 2020 21:08:32 -0800
+Subject: netfilter: nft_payload: add missing attribute validation for payload csum flags
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+commit 9d6effb2f1523eb84516e44213c00f2fd9e6afff upstream.
+
+Add missing attribute validation for NFTA_PAYLOAD_CSUM_FLAGS
+to the netlink policy.
+
+Fixes: 1814096980bb ("netfilter: nft_payload: layer 4 checksum adjustment for pseudoheader fields")
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nft_payload.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/netfilter/nft_payload.c
++++ b/net/netfilter/nft_payload.c
+@@ -129,6 +129,7 @@ static const struct nla_policy nft_paylo
+ [NFTA_PAYLOAD_LEN] = { .type = NLA_U32 },
+ [NFTA_PAYLOAD_CSUM_TYPE] = { .type = NLA_U32 },
+ [NFTA_PAYLOAD_CSUM_OFFSET] = { .type = NLA_U32 },
++ [NFTA_PAYLOAD_CSUM_FLAGS] = { .type = NLA_U32 },
+ };
+
+ static int nft_payload_init(const struct nft_ctx *ctx,
--- /dev/null
+From 88a637719a1570705c02cacb3297af164b1714e7 Mon Sep 17 00:00:00 2001
+From: Jakub Kicinski <kuba@kernel.org>
+Date: Mon, 2 Mar 2020 21:08:33 -0800
+Subject: netfilter: nft_tunnel: add missing attribute validation for tunnels
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+commit 88a637719a1570705c02cacb3297af164b1714e7 upstream.
+
+Add missing attribute validation for tunnel source and
+destination ports to the netlink policy.
+
+Fixes: af308b94a2a4 ("netfilter: nf_tables: add tunnel support")
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nft_tunnel.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/netfilter/nft_tunnel.c
++++ b/net/netfilter/nft_tunnel.c
+@@ -339,6 +339,8 @@ static const struct nla_policy nft_tunne
+ [NFTA_TUNNEL_KEY_FLAGS] = { .type = NLA_U32, },
+ [NFTA_TUNNEL_KEY_TOS] = { .type = NLA_U8, },
+ [NFTA_TUNNEL_KEY_TTL] = { .type = NLA_U8, },
++ [NFTA_TUNNEL_KEY_SPORT] = { .type = NLA_U16, },
++ [NFTA_TUNNEL_KEY_DPORT] = { .type = NLA_U16, },
+ [NFTA_TUNNEL_KEY_OPTS] = { .type = NLA_NESTED, },
+ };
+
perf-bench-futex-wake-restore-thread-count-default-to-online-cpu-count.patch
netfilter-nf_tables-free-flowtable-hooks-on-hook-register-error.patch
netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch
+netfilter-nft_payload-add-missing-attribute-validation-for-payload-csum-flags.patch
+netfilter-nft_tunnel-add-missing-attribute-validation-for-tunnels.patch
+netfilter-nf_tables-dump-nfta_chain_flags-attribute.patch
+netfilter-nft_chain_nat-inet-family-is-missing-module-ownership.patch
+iommu-vt-d-fix-the-wrong-printing-in-rhsa-parsing.patch
+iommu-vt-d-ignore-devices-with-out-of-spec-domain-number.patch
+i2c-acpi-put-device-when-verifying-client-fails.patch
+iommu-amd-fix-iommu-avic-not-properly-update-the-is_run-bit-in-irte.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
