4.4-stable patches

added patches:
	fscrypto-require-write-access-to-mount-to-set-encryption-policy.patch
	mips-kvm-check-for-pfn-noslot-case.patch
	revert-kvm-x86-fix-missed-hardware-breakpoints.patch

diff --git a/queue-4.4/fscrypto-require-write-access-to-mount-to-set-encryption-policy.patch b/queue-4.4/fscrypto-require-write-access-to-mount-to-set-encryption-policy.patch
new file mode 100644 (file)
index 0000000..b193d65
--- /dev/null
+++ b/queue-4.4/fscrypto-require-write-access-to-mount-to-set-encryption-policy.patch
@@ -0,0 +1,42 @@
+From ba63f23d69a3a10e7e527a02702023da68ef8a6d Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Thu, 8 Sep 2016 14:20:38 -0700
+Subject: fscrypto: require write access to mount to set encryption policy
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit ba63f23d69a3a10e7e527a02702023da68ef8a6d upstream.
+
+Since setting an encryption policy requires writing metadata to the
+filesystem, it should be guarded by mnt_want_write/mnt_drop_write.
+Otherwise, a user could cause a write to a frozen or readonly
+filesystem.  This was handled correctly by f2fs but not by ext4.  Make
+fscrypt_process_policy() handle it rather than relying on the filesystem
+to get it right.
+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Cc: stable@vger.kernel.org # 4.1+; check fs/{ext4,f2fs}
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Acked-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/ioctl.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/fs/ext4/ioctl.c
++++ b/fs/ext4/ioctl.c
+@@ -629,7 +629,13 @@ resizefs_out:
+                       goto encryption_policy_out;
+               }
+ 
++              err = mnt_want_write_file(filp);
++              if (err)
++                      goto encryption_policy_out;
++
+               err = ext4_process_policy(&policy, inode);
++
++              mnt_drop_write_file(filp);
+ encryption_policy_out:
+               return err;
+ #else

diff --git a/queue-4.4/mips-kvm-check-for-pfn-noslot-case.patch b/queue-4.4/mips-kvm-check-for-pfn-noslot-case.patch
new file mode 100644 (file)
index 0000000..a87bb56
--- /dev/null
+++ b/queue-4.4/mips-kvm-check-for-pfn-noslot-case.patch
@@ -0,0 +1,53 @@
+From ba913e4f72fc9cfd03dad968dfb110eb49211d80 Mon Sep 17 00:00:00 2001
+From: James Hogan <james.hogan@imgtec.com>
+Date: Fri, 19 Aug 2016 14:30:29 +0100
+Subject: MIPS: KVM: Check for pfn noslot case
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: James Hogan <james.hogan@imgtec.com>
+
+commit ba913e4f72fc9cfd03dad968dfb110eb49211d80 upstream.
+
+When mapping a page into the guest we error check using is_error_pfn(),
+however this doesn't detect a value of KVM_PFN_NOSLOT, indicating an
+error HVA for the page. This can only happen on MIPS right now due to
+unusual memslot management (e.g. being moved / removed / resized), or
+with an Enhanced Virtual Memory (EVA) configuration where the default
+KVM_HVA_ERR_* and kvm_is_error_hva() definitions are unsuitable (fixed
+in a later patch). This case will be treated as a pfn of zero, mapping
+the first page of physical memory into the guest.
+
+It would appear the MIPS KVM port wasn't updated prior to being merged
+(in v3.10) to take commit 81c52c56e2b4 ("KVM: do not treat noslot pfn as
+a error pfn") into account (merged v3.8), which converted a bunch of
+is_error_pfn() calls to is_error_noslot_pfn(). Switch to using
+is_error_noslot_pfn() instead to catch this case properly.
+
+Fixes: 858dd5d45733 ("KVM/MIPS32: MMU/TLB operations for the Guest.")
+Signed-off-by: James Hogan <james.hogan@imgtec.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Radim Krčmář <rkrcmar@redhat.com>
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Cc: linux-mips@linux-mips.org
+Cc: kvm@vger.kernel.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+[james.hogan@imgtec.com: Backport to v4.7.y]
+Signed-off-by: James Hogan <james.hogan@imgtec.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/mips/kvm/tlb.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/kvm/tlb.c
++++ b/arch/mips/kvm/tlb.c
+@@ -152,7 +152,7 @@ static int kvm_mips_map_page(struct kvm
+       srcu_idx = srcu_read_lock(&kvm->srcu);
+       pfn = kvm_mips_gfn_to_pfn(kvm, gfn);
+ 
+-      if (kvm_mips_is_error_pfn(pfn)) {
++      if (is_error_noslot_pfn(pfn)) {
+               kvm_err("Couldn't get pfn for gfn %#" PRIx64 "!\n", gfn);
+               err = -EFAULT;
+               goto out;

diff --git a/queue-4.4/revert-kvm-x86-fix-missed-hardware-breakpoints.patch b/queue-4.4/revert-kvm-x86-fix-missed-hardware-breakpoints.patch
new file mode 100644 (file)
index 0000000..1bc594c
--- /dev/null
+++ b/queue-4.4/revert-kvm-x86-fix-missed-hardware-breakpoints.patch
@@ -0,0 +1,54 @@
+From pbonzini@redhat.com  Tue Sep 20 14:08:11 2016
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 15 Sep 2016 23:52:43 +0200
+Subject: Revert "KVM: x86: fix missed hardware breakpoints"
+To: stable@vger.kernel.org
+Cc: matt@codeblueprint.co.uk, Paolo Bonzini <pbonzini@redhat.com>
+Message-ID: <1473976363-22653-1-git-send-email-pbonzini@redhat.com>
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+[the change is part of 70e4da7a8ff62f2775337b705f45c804bb450454, which
+is already in stable kernels 4.1.y to 4.4.y.  this part of the fix
+however was later undone, so remove the line again]
+
+The following patches were applied in the wrong order in -stable. This
+is the order as they appear in Linus' tree,
+
+ [0] commit 4e422bdd2f84 ("KVM: x86: fix missed hardware breakpoints")
+ [1] commit 172b2386ed16 ("KVM: x86: fix missed hardware breakpoints")
+ [2] commit 70e4da7a8ff6 ("KVM: x86: fix root cause for missed hardware breakpoints")
+
+but this is the order for linux-4.4.y
+
+ [1] commit fc90441e728a ("KVM: x86: fix missed hardware breakpoints")
+ [2] commit 25e8618619a5 ("KVM: x86: fix root cause for missed hardware breakpoints")
+ [0] commit 0f6e5e26e68f ("KVM: x86: fix missed hardware breakpoints")
+
+The upshot is that KVM_DEBUGREG_RELOAD is always set when returning
+from kvm_arch_vcpu_load() in stable, but not in Linus' tree.
+
+This happened because [0] and [1] are the same patch.  [0] and [1] come from two
+different merges, and the later merge is trivially resolved; when [2]
+is applied it reverts both of them.  Instead, when using the [1][2][0]
+order, patches applies normally but "KVM: x86: fix missed hardware
+breakpoints" is present in the final tree.
+
+Reported-by: Matt Fleming <matt@codeblueprint.co.uk>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/x86.c |    1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -2735,7 +2735,6 @@ void kvm_arch_vcpu_load(struct kvm_vcpu
+       }
+ 
+       kvm_make_request(KVM_REQ_STEAL_UPDATE, vcpu);
+-      vcpu->arch.switch_db_regs |= KVM_DEBUGREG_RELOAD;
+ }
+ 
+ void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu)

diff --git a/queue-4.4/series b/queue-4.4/series
index d62fd0abaac11ecb624108150b7d69b65b5511c1..85d3123b341d986ed6c19cb7158c60f664bd1340 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -1,3 +1,6 @@
 ext4-use-__gfp_nofail-in-ext4_free_blocks.patch
 fscrypto-add-authorization-check-for-setting-encryption-policy.patch
 clocksource-drivers-sun4i-clear-interrupts-after-stopping-timer-in-probe-function.patch
+mips-kvm-check-for-pfn-noslot-case.patch
+revert-kvm-x86-fix-missed-hardware-breakpoints.patch
+fscrypto-require-write-access-to-mount-to-set-encryption-policy.patch