Fixes for 5.10

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-5.10/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch b/queue-5.10/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch
new file mode 100644 (file)
index 0000000..525d8ab
--- /dev/null
+++ b/queue-5.10/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch
@@ -0,0 +1,54 @@
+From 9191375c9e7f3e6e48053bdfa17fd148e49be6f8 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 24 Apr 2024 17:39:58 +0000
+Subject: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
+
+From: Oliver Upton <oliver.upton@linux.dev>
+
+[ Upstream commit 6ddb4f372fc63210034b903d96ebbeb3c7195adb ]
+
+vgic_v2_parse_attr() is responsible for finding the vCPU that matches
+the user-provided CPUID, which (of course) may not be valid. If the ID
+is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled
+gracefully.
+
+Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id()
+actually returns something and fail the ioctl if not.
+
+Cc: stable@vger.kernel.org
+Fixes: 7d450e282171 ("KVM: arm/arm64: vgic-new: Add userland access to VGIC dist registers")
+Reported-by: Alexander Potapenko <glider@google.com>
+Tested-by: Alexander Potapenko <glider@google.com>
+Reviewed-by: Alexander Potapenko <glider@google.com>
+Reviewed-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/r/20240424173959.3776798-2-oliver.upton@linux.dev
+Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c
+index 640cfa0c0f4cc..e80b638b78271 100644
+--- a/arch/arm64/kvm/vgic/vgic-kvm-device.c
++++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c
+@@ -284,12 +284,12 @@ int kvm_register_vgic_device(unsigned long type)
+ int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr,
+                      struct vgic_reg_attr *reg_attr)
+ {
+-      int cpuid;
++      int cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr);
+ 
+-      cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr);
+-
+-      reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid);
+       reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK;
++      reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid);
++      if (!reg_attr->vcpu)
++              return -EINVAL;
+ 
+       return 0;
+ }
+-- 
+2.43.0
+

diff --git a/queue-5.10/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch b/queue-5.10/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch
new file mode 100644 (file)
index 0000000..68c68c6
--- /dev/null
+++ b/queue-5.10/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch
@@ -0,0 +1,51 @@
+From 8dd015580e4f42ba8d0bcdb3db509b7c066bcf14 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 27 Sep 2023 10:09:04 +0100
+Subject: KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
+
+From: Marc Zyngier <maz@kernel.org>
+
+[ Upstream commit 4e7728c81a54b17bd33be402ac140bc11bb0c4f4 ]
+
+When parsing a GICv2 attribute that contains a cpuid, handle this
+as the vcpu_id, not a vcpu_idx, as userspace cannot really know
+the mapping between the two. For this, use kvm_get_vcpu_by_id()
+instead of kvm_get_vcpu().
+
+Take this opportunity to get rid of the pointless check against
+online_vcpus, which doesn't make much sense either, and switch
+to FIELD_GET as a way to extract the vcpu_id.
+
+Reviewed-by: Zenghui Yu <yuzenghui@huawei.com>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/r/20230927090911.3355209-5-maz@kernel.org
+Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
+Stable-dep-of: 6ddb4f372fc6 ("KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c
+index 7740995de982e..640cfa0c0f4cc 100644
+--- a/arch/arm64/kvm/vgic/vgic-kvm-device.c
++++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c
+@@ -286,13 +286,9 @@ int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr,
+ {
+       int cpuid;
+ 
+-      cpuid = (attr->attr & KVM_DEV_ARM_VGIC_CPUID_MASK) >>
+-               KVM_DEV_ARM_VGIC_CPUID_SHIFT;
++      cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr);
+ 
+-      if (cpuid >= atomic_read(&dev->kvm->online_vcpus))
+-              return -EINVAL;
+-
+-      reg_attr->vcpu = kvm_get_vcpu(dev->kvm, cpuid);
++      reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid);
+       reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK;
+ 
+       return 0;
+-- 
+2.43.0
+

diff --git a/queue-5.10/series b/queue-5.10/series
index 9f4654c0d54cb719dec9d4b43c30f62ed43e6b2b..043464de3a591dd702a23aa1c03c05105ef32da8 100644 (file)
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -41,3 +41,5 @@ net-gro-add-flush-check-in-udp_gro_receive_segment.patch
 clk-sunxi-ng-add-support-for-the-allwinner-h616-ccu.patch
 clk-sunxi-ng-unregister-clocks-resets-when-unbinding.patch
 clk-sunxi-ng-h6-reparent-cpux-during-pll-cpux-rate-c.patch
+kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch
+kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch