Fixes for 6.1

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-6.1/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch b/queue-6.1/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch
new file mode 100644 (file)
index 0000000..d0f82fa
--- /dev/null
+++ b/queue-6.1/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch
@@ -0,0 +1,54 @@
+From 2fc0f80a773da0594d81651ad83b9bce35aa518e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 24 Apr 2024 17:39:58 +0000
+Subject: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
+
+From: Oliver Upton <oliver.upton@linux.dev>
+
+[ Upstream commit 6ddb4f372fc63210034b903d96ebbeb3c7195adb ]
+
+vgic_v2_parse_attr() is responsible for finding the vCPU that matches
+the user-provided CPUID, which (of course) may not be valid. If the ID
+is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled
+gracefully.
+
+Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id()
+actually returns something and fail the ioctl if not.
+
+Cc: stable@vger.kernel.org
+Fixes: 7d450e282171 ("KVM: arm/arm64: vgic-new: Add userland access to VGIC dist registers")
+Reported-by: Alexander Potapenko <glider@google.com>
+Tested-by: Alexander Potapenko <glider@google.com>
+Reviewed-by: Alexander Potapenko <glider@google.com>
+Reviewed-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/r/20240424173959.3776798-2-oliver.upton@linux.dev
+Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c
+index 97ead28f81425..63731fb3d8f63 100644
+--- a/arch/arm64/kvm/vgic/vgic-kvm-device.c
++++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c
+@@ -337,12 +337,12 @@ int kvm_register_vgic_device(unsigned long type)
+ int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr,
+                      struct vgic_reg_attr *reg_attr)
+ {
+-      int cpuid;
++      int cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr);
+ 
+-      cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr);
+-
+-      reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid);
+       reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK;
++      reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid);
++      if (!reg_attr->vcpu)
++              return -EINVAL;
+ 
+       return 0;
+ }
+-- 
+2.43.0
+

diff --git a/queue-6.1/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch b/queue-6.1/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch
new file mode 100644 (file)
index 0000000..5fcda99
--- /dev/null
+++ b/queue-6.1/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch
@@ -0,0 +1,51 @@
+From 52fbc03a053455ff8d15b67a0e273ab2f211cc81 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 27 Sep 2023 10:09:04 +0100
+Subject: KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
+
+From: Marc Zyngier <maz@kernel.org>
+
+[ Upstream commit 4e7728c81a54b17bd33be402ac140bc11bb0c4f4 ]
+
+When parsing a GICv2 attribute that contains a cpuid, handle this
+as the vcpu_id, not a vcpu_idx, as userspace cannot really know
+the mapping between the two. For this, use kvm_get_vcpu_by_id()
+instead of kvm_get_vcpu().
+
+Take this opportunity to get rid of the pointless check against
+online_vcpus, which doesn't make much sense either, and switch
+to FIELD_GET as a way to extract the vcpu_id.
+
+Reviewed-by: Zenghui Yu <yuzenghui@huawei.com>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/r/20230927090911.3355209-5-maz@kernel.org
+Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
+Stable-dep-of: 6ddb4f372fc6 ("KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c
+index bf4b3d9631ce1..97ead28f81425 100644
+--- a/arch/arm64/kvm/vgic/vgic-kvm-device.c
++++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c
+@@ -339,13 +339,9 @@ int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr,
+ {
+       int cpuid;
+ 
+-      cpuid = (attr->attr & KVM_DEV_ARM_VGIC_CPUID_MASK) >>
+-               KVM_DEV_ARM_VGIC_CPUID_SHIFT;
++      cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr);
+ 
+-      if (cpuid >= atomic_read(&dev->kvm->online_vcpus))
+-              return -EINVAL;
+-
+-      reg_attr->vcpu = kvm_get_vcpu(dev->kvm, cpuid);
++      reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid);
+       reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK;
+ 
+       return 0;
+-- 
+2.43.0
+

diff --git a/queue-6.1/series b/queue-6.1/series
index cb6df035fc91e7468657bc50c096c738d6c3dbba..9fe4e5b045f1dc1108675e38158c316e0ce02ec6 100644 (file)
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -89,3 +89,5 @@ powerpc-pseries-move-plpks-constants-to-header-file.patch
 powerpc-pseries-implement-signed-update-for-plpks-ob.patch
 powerpc-pseries-make-max-polling-consistent-for-long.patch
 powerpc-pseries-iommu-lpar-panics-during-boot-up-wit.patch
+kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch
+kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch