--- /dev/null
+From bed5b60bf67ccd8957b8c0558fead30c4a3f5d3f Mon Sep 17 00:00:00 2001
+From: Lv Ruyi <lv.ruyi@zte.com.cn>
+Date: Tue, 29 Mar 2022 10:40:04 +0000
+Subject: proc: bootconfig: Add null pointer check
+
+From: Lv Ruyi <lv.ruyi@zte.com.cn>
+
+commit bed5b60bf67ccd8957b8c0558fead30c4a3f5d3f upstream.
+
+kzalloc is a memory allocation function which can return NULL when some
+internal memory errors happen. It is safer to add null pointer check.
+
+Link: https://lkml.kernel.org/r/20220329104004.2376879-1-lv.ruyi@zte.com.cn
+
+Cc: stable@vger.kernel.org
+Fixes: c1a3c36017d4 ("proc: bootconfig: Add /proc/bootconfig to show boot config list")
+Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
+Reported-by: Zeal Robot <zealci@zte.com.cn>
+Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/proc/bootconfig.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/proc/bootconfig.c
++++ b/fs/proc/bootconfig.c
+@@ -32,6 +32,8 @@ static int __init copy_xbc_key_value_lis
+ int ret = 0;
+
+ key = kzalloc(XBC_KEYLEN_MAX, GFP_KERNEL);
++ if (!key)
++ return -ENOMEM;
+
+ xbc_for_each_key_value(leaf, val) {
+ ret = xbc_node_compose_key(leaf, key, XBC_KEYLEN_MAX);
--- /dev/null
+From 063452fd94d153d4eb38ad58f210f3d37a09cca4 Mon Sep 17 00:00:00 2001
+From: Yang Zhong <yang.zhong@intel.com>
+Date: Sat, 29 Jan 2022 09:36:46 -0800
+Subject: x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation
+
+From: Yang Zhong <yang.zhong@intel.com>
+
+commit 063452fd94d153d4eb38ad58f210f3d37a09cca4 upstream.
+
+ARCH_REQ_XCOMP_PERM is supposed to add the requested feature to the
+permission bitmap of thread_group_leader()->fpu. But the code overwrites
+the bitmap with the requested feature bit only rather than adding it.
+
+Fix the code to add the requested feature bit to the master bitmask.
+
+Fixes: db8268df0983 ("x86/arch_prctl: Add controls for dynamic XSTATE components")
+Signed-off-by: Yang Zhong <yang.zhong@intel.com>
+Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Paolo Bonzini <bonzini@gnu.org>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20220129173647.27981-2-chang.seok.bae@intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kernel/fpu/xstate.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/fpu/xstate.c
++++ b/arch/x86/kernel/fpu/xstate.c
+@@ -1639,7 +1639,7 @@ static int __xstate_request_perm(u64 per
+
+ perm = guest ? &fpu->guest_perm : &fpu->perm;
+ /* Pairs with the READ_ONCE() in xstate_get_group_perm() */
+- WRITE_ONCE(perm->__state_perm, requested);
++ WRITE_ONCE(perm->__state_perm, mask);
+ /* Protected by sighand lock */
+ perm->__state_size = ksize;
+ perm->__user_state_size = usize;
--- /dev/null
+From 4009a4ac82dd95b8cd2b62bd30019476983f0aff Mon Sep 17 00:00:00 2001
+From: Joerg Roedel <jroedel@suse.de>
+Date: Mon, 21 Mar 2022 10:33:51 +0100
+Subject: x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
+
+From: Joerg Roedel <jroedel@suse.de>
+
+commit 4009a4ac82dd95b8cd2b62bd30019476983f0aff upstream.
+
+The io-specific memcpy/memset functions use string mmio accesses to do
+their work. Under SEV, the hypervisor can't emulate these instructions
+because they read/write directly from/to encrypted memory.
+
+KVM will inject a page fault exception into the guest when it is asked
+to emulate string mmio instructions for an SEV guest:
+
+ BUG: unable to handle page fault for address: ffffc90000065068
+ #PF: supervisor read access in kernel mode
+ #PF: error_code(0x0000) - not-present page
+ PGD 8000100000067 P4D 8000100000067 PUD 80001000fb067 PMD 80001000fc067 PTE 80000000fed40173
+ Oops: 0000 [#1] PREEMPT SMP NOPTI
+ CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.0-rc7 #3
+
+As string mmio for an SEV guest can not be supported by the
+hypervisor, unroll the instructions for CC_ATTR_GUEST_UNROLL_STRING_IO
+enabled kernels.
+
+This issue appears when kernels are launched in recent libvirt-managed
+SEV virtual machines, because virt-install started to add a tpm-crb
+device to the guest by default and proactively because, raisins:
+
+ https://github.com/virt-manager/virt-manager/commit/eb58c09f488b0633ed1eea012cd311e48864401e
+
+and as that commit says, the default adding of a TPM can be disabled
+with "virt-install ... --tpm none".
+
+The kernel driver for tpm-crb uses memcpy_to/from_io() functions to
+access MMIO memory, resulting in a page-fault injected by KVM and
+crashing the kernel at boot.
+
+ [ bp: Massage and extend commit message. ]
+
+Fixes: d8aa7eea78a1 ('x86/mm: Add Secure Encrypted Virtualization (SEV) support')
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20220321093351.23976-1-joro@8bytes.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/lib/iomem.c | 65 ++++++++++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 57 insertions(+), 8 deletions(-)
+
+--- a/arch/x86/lib/iomem.c
++++ b/arch/x86/lib/iomem.c
+@@ -22,7 +22,7 @@ static __always_inline void rep_movs(voi
+ : "memory");
+ }
+
+-void memcpy_fromio(void *to, const volatile void __iomem *from, size_t n)
++static void string_memcpy_fromio(void *to, const volatile void __iomem *from, size_t n)
+ {
+ if (unlikely(!n))
+ return;
+@@ -38,9 +38,8 @@ void memcpy_fromio(void *to, const volat
+ }
+ rep_movs(to, (const void *)from, n);
+ }
+-EXPORT_SYMBOL(memcpy_fromio);
+
+-void memcpy_toio(volatile void __iomem *to, const void *from, size_t n)
++static void string_memcpy_toio(volatile void __iomem *to, const void *from, size_t n)
+ {
+ if (unlikely(!n))
+ return;
+@@ -56,14 +55,64 @@ void memcpy_toio(volatile void __iomem *
+ }
+ rep_movs((void *)to, (const void *) from, n);
+ }
++
++static void unrolled_memcpy_fromio(void *to, const volatile void __iomem *from, size_t n)
++{
++ const volatile char __iomem *in = from;
++ char *out = to;
++ int i;
++
++ for (i = 0; i < n; ++i)
++ out[i] = readb(&in[i]);
++}
++
++static void unrolled_memcpy_toio(volatile void __iomem *to, const void *from, size_t n)
++{
++ volatile char __iomem *out = to;
++ const char *in = from;
++ int i;
++
++ for (i = 0; i < n; ++i)
++ writeb(in[i], &out[i]);
++}
++
++static void unrolled_memset_io(volatile void __iomem *a, int b, size_t c)
++{
++ volatile char __iomem *mem = a;
++ int i;
++
++ for (i = 0; i < c; ++i)
++ writeb(b, &mem[i]);
++}
++
++void memcpy_fromio(void *to, const volatile void __iomem *from, size_t n)
++{
++ if (cc_platform_has(CC_ATTR_GUEST_UNROLL_STRING_IO))
++ unrolled_memcpy_fromio(to, from, n);
++ else
++ string_memcpy_fromio(to, from, n);
++}
++EXPORT_SYMBOL(memcpy_fromio);
++
++void memcpy_toio(volatile void __iomem *to, const void *from, size_t n)
++{
++ if (cc_platform_has(CC_ATTR_GUEST_UNROLL_STRING_IO))
++ unrolled_memcpy_toio(to, from, n);
++ else
++ string_memcpy_toio(to, from, n);
++}
+ EXPORT_SYMBOL(memcpy_toio);
+
+ void memset_io(volatile void __iomem *a, int b, size_t c)
+ {
+- /*
+- * TODO: memset can mangle the IO patterns quite a bit.
+- * perhaps it would be better to use a dumb one:
+- */
+- memset((void *)a, b, c);
++ if (cc_platform_has(CC_ATTR_GUEST_UNROLL_STRING_IO)) {
++ unrolled_memset_io(a, b, c);
++ } else {
++ /*
++ * TODO: memset can mangle the IO patterns quite a bit.
++ * perhaps it would be better to use a dumb one:
++ */
++ memset((void *)a, b, c);
++ }
+ }
+ EXPORT_SYMBOL(memset_io);
projects / thirdparty / kernel / stable-queue.git / commitdiff
