4.19-stable patches

added patches:
	crypto-qat-fix-adf_dev_reset_sync-memory-leak.patch
	kvm-arm64-allow-aarch32-pstate.m-to-be-restored-as-system-mode.patch

diff --git a/queue-4.19/crypto-qat-fix-adf_dev_reset_sync-memory-leak.patch b/queue-4.19/crypto-qat-fix-adf_dev_reset_sync-memory-leak.patch
new file mode 100644 (file)
index 0000000..ff7d3e1
--- /dev/null
+++ b/queue-4.19/crypto-qat-fix-adf_dev_reset_sync-memory-leak.patch
@@ -0,0 +1,71 @@
+From d3b17c6d9dddc2db3670bc9be628b122416a3d26 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Wed, 8 May 2024 16:39:51 +0800
+Subject: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit d3b17c6d9dddc2db3670bc9be628b122416a3d26 upstream.
+
+Using completion_done to determine whether the caller has gone
+away only works after a complete call.  Furthermore it's still
+possible that the caller has not yet called wait_for_completion,
+resulting in another potential UAF.
+
+Fix this by making the caller use cancel_work_sync and then freeing
+the memory safely.
+
+Fixes: 7d42e097607c ("crypto: qat - resolve race condition during AER recovery")
+Cc: <stable@vger.kernel.org> #6.8+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/crypto/qat/qat_common/adf_aer.c |   19 +++++--------------
+ 1 file changed, 5 insertions(+), 14 deletions(-)
+
+--- a/drivers/crypto/qat/qat_common/adf_aer.c
++++ b/drivers/crypto/qat/qat_common/adf_aer.c
+@@ -139,8 +139,7 @@ static void adf_device_reset_worker(stru
+       if (adf_dev_init(accel_dev) || adf_dev_start(accel_dev)) {
+               /* The device hanged and we can't restart it so stop here */
+               dev_err(&GET_DEV(accel_dev), "Restart device failed\n");
+-              if (reset_data->mode == ADF_DEV_RESET_ASYNC ||
+-                  completion_done(&reset_data->compl))
++              if (reset_data->mode == ADF_DEV_RESET_ASYNC)
+                       kfree(reset_data);
+               WARN(1, "QAT: device restart failed. Device is unusable\n");
+               return;
+@@ -148,16 +147,8 @@ static void adf_device_reset_worker(stru
+       adf_dev_restarted_notify(accel_dev);
+       clear_bit(ADF_STATUS_RESTARTING, &accel_dev->status);
+ 
+-      /*
+-       * The dev is back alive. Notify the caller if in sync mode
+-       *
+-       * If device restart will take a more time than expected,
+-       * the schedule_reset() function can timeout and exit. This can be
+-       * detected by calling the completion_done() function. In this case
+-       * the reset_data structure needs to be freed here.
+-       */
+-      if (reset_data->mode == ADF_DEV_RESET_ASYNC ||
+-          completion_done(&reset_data->compl))
++      /* The dev is back alive. Notify the caller if in sync mode */
++      if (reset_data->mode == ADF_DEV_RESET_ASYNC)
+               kfree(reset_data);
+       else
+               complete(&reset_data->compl);
+@@ -192,10 +183,10 @@ static int adf_dev_aer_schedule_reset(st
+               if (!timeout) {
+                       dev_err(&GET_DEV(accel_dev),
+                               "Reset device timeout expired\n");
++                      cancel_work_sync(&reset_data->reset_work);
+                       ret = -EFAULT;
+-              } else {
+-                      kfree(reset_data);
+               }
++              kfree(reset_data);
+               return ret;
+       }
+       return 0;

diff --git a/queue-4.19/kvm-arm64-allow-aarch32-pstate.m-to-be-restored-as-system-mode.patch b/queue-4.19/kvm-arm64-allow-aarch32-pstate.m-to-be-restored-as-system-mode.patch
new file mode 100644 (file)
index 0000000..d33f836
--- /dev/null
+++ b/queue-4.19/kvm-arm64-allow-aarch32-pstate.m-to-be-restored-as-system-mode.patch
@@ -0,0 +1,34 @@
+From dfe6d190f38fc5df5ff2614b463a5195a399c885 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <maz@kernel.org>
+Date: Fri, 24 May 2024 15:19:55 +0100
+Subject: KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
+
+From: Marc Zyngier <maz@kernel.org>
+
+commit dfe6d190f38fc5df5ff2614b463a5195a399c885 upstream.
+
+It appears that we don't allow a vcpu to be restored in AArch32
+System mode, as we *never* included it in the list of valid modes.
+
+Just add it to the list of allowed modes.
+
+Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu")
+Cc: stable@vger.kernel.org
+Acked-by: Oliver Upton <oliver.upton@linux.dev>
+Link: https://lore.kernel.org/r/20240524141956.1450304-3-maz@kernel.org
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/kvm/guest.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/arm64/kvm/guest.c
++++ b/arch/arm64/kvm/guest.c
+@@ -175,6 +175,7 @@ static int set_core_reg(struct kvm_vcpu
+               case PSR_AA32_MODE_SVC:
+               case PSR_AA32_MODE_ABT:
+               case PSR_AA32_MODE_UND:
++              case PSR_AA32_MODE_SYS:
+                       if (!vcpu_el1_is_32bit(vcpu))
+                               return -EINVAL;
+                       break;

diff --git a/queue-4.19/series b/queue-4.19/series
index 9b0ce9246a9782eaed368e6d2b7e1c08b9e32a0e..8ca261d0937c2bf644e29df6173afb3430e14aa6 100644 (file)
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -196,3 +196,5 @@ netfilter-nf_tables-do-not-compare-internal-table-flags-on-updates.patch
 netfilter-nf_tables-mark-set-as-dead-when-unbinding-anonymous-set-with-timeout.patch
 netfilter-nf_tables-reject-new-basechain-after-table-flag-update.patch
 netfilter-nf_tables-discard-table-flag-update-with-pending-basechain-deletion.patch
+kvm-arm64-allow-aarch32-pstate.m-to-be-restored-as-system-mode.patch
+crypto-qat-fix-adf_dev_reset_sync-memory-leak.patch