--- /dev/null
+From b757b47a2fcba584d4a32fd7ee68faca510ab96f Mon Sep 17 00:00:00 2001
+From: Will Deacon <will@kernel.org>
+Date: Thu, 23 Jul 2020 11:17:14 +0100
+Subject: KVM: arm64: Don't inherit exec permission across page-table levels
+
+From: Will Deacon <will@kernel.org>
+
+commit b757b47a2fcba584d4a32fd7ee68faca510ab96f upstream.
+
+If a stage-2 page-table contains an executable, read-only mapping at the
+pte level (e.g. due to dirty logging being enabled), a subsequent write
+fault to the same page which tries to install a larger block mapping
+(e.g. due to dirty logging having been disabled) will erroneously inherit
+the exec permission and consequently skip I-cache invalidation for the
+rest of the block.
+
+Ensure that exec permission is only inherited by write faults when the
+new mapping is of the same size as the existing one. A subsequent
+instruction abort will result in I-cache invalidation for the entire
+block mapping.
+
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Tested-by: Quentin Perret <qperret@google.com>
+Reviewed-by: Quentin Perret <qperret@google.com>
+Cc: Marc Zyngier <maz@kernel.org>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20200723101714.15873-1-will@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ virt/kvm/arm/mmu.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+--- a/virt/kvm/arm/mmu.c
++++ b/virt/kvm/arm/mmu.c
+@@ -1198,7 +1198,7 @@ static bool stage2_get_leaf_entry(struct
+ return true;
+ }
+
+-static bool stage2_is_exec(struct kvm *kvm, phys_addr_t addr)
++static bool stage2_is_exec(struct kvm *kvm, phys_addr_t addr, unsigned long sz)
+ {
+ pud_t *pudp;
+ pmd_t *pmdp;
+@@ -1210,11 +1210,11 @@ static bool stage2_is_exec(struct kvm *k
+ return false;
+
+ if (pudp)
+- return kvm_s2pud_exec(pudp);
++ return sz <= PUD_SIZE && kvm_s2pud_exec(pudp);
+ else if (pmdp)
+- return kvm_s2pmd_exec(pmdp);
++ return sz <= PMD_SIZE && kvm_s2pmd_exec(pmdp);
+ else
+- return kvm_s2pte_exec(ptep);
++ return sz == PAGE_SIZE && kvm_s2pte_exec(ptep);
+ }
+
+ static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache,
+@@ -1801,7 +1801,8 @@ static int user_mem_abort(struct kvm_vcp
+ * execute permissions, and we preserve whatever we have.
+ */
+ needs_exec = exec_fault ||
+- (fault_status == FSC_PERM && stage2_is_exec(kvm, fault_ipa));
++ (fault_status == FSC_PERM &&
++ stage2_is_exec(kvm, fault_ipa, vma_pagesize));
+
+ if (vma_pagesize == PUD_SIZE) {
+ pud_t new_pud = kvm_pfn_pud(pfn, mem_type);
--- /dev/null
+From d2286ba7d574ba3103a421a2f9ec17cb5b0d87a1 Mon Sep 17 00:00:00 2001
+From: Wanpeng Li <wanpengli@tencent.com>
+Date: Fri, 31 Jul 2020 11:12:19 +0800
+Subject: KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled
+
+From: Wanpeng Li <wanpengli@tencent.com>
+
+commit d2286ba7d574ba3103a421a2f9ec17cb5b0d87a1 upstream.
+
+Prevent setting the tscdeadline timer if the lapic is hw disabled.
+
+Fixes: bce87cce88 (KVM: x86: consolidate different ways to test for in-kernel LAPIC)
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
+Message-Id: <1596165141-28874-1-git-send-email-wanpengli@tencent.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/lapic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/lapic.c
++++ b/arch/x86/kvm/lapic.c
+@@ -2136,7 +2136,7 @@ void kvm_set_lapic_tscdeadline_msr(struc
+ {
+ struct kvm_lapic *apic = vcpu->arch.apic;
+
+- if (!lapic_in_kernel(vcpu) || apic_lvtt_oneshot(apic) ||
++ if (!kvm_apic_present(vcpu) || apic_lvtt_oneshot(apic) ||
+ apic_lvtt_period(apic))
+ return;
+
--- /dev/null
+From 830f01b089b12bbe93bd55f2d62837253012a30e Mon Sep 17 00:00:00 2001
+From: Wanpeng Li <wanpengli@tencent.com>
+Date: Fri, 31 Jul 2020 11:12:21 +0800
+Subject: KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM
+
+From: Wanpeng Li <wanpengli@tencent.com>
+
+commit 830f01b089b12bbe93bd55f2d62837253012a30e upstream.
+
+'Commit 8566ac8b8e7c ("KVM: SVM: Implement pause loop exit logic in SVM")'
+drops disable pause loop exit/pause filtering capability completely, I
+guess it is a merge fault by Radim since disable vmexits capabilities and
+pause loop exit for SVM patchsets are merged at the same time. This patch
+reintroduces the disable pause loop exit/pause filtering capability support.
+
+Reported-by: Haiwei Li <lihaiwei@tencent.com>
+Tested-by: Haiwei Li <lihaiwei@tencent.com>
+Fixes: 8566ac8b ("KVM: SVM: Implement pause loop exit logic in SVM")
+Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
+Message-Id: <1596165141-28874-3-git-send-email-wanpengli@tencent.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/svm/svm.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- a/arch/x86/kvm/svm/svm.c
++++ b/arch/x86/kvm/svm/svm.c
+@@ -1105,7 +1105,7 @@ static void init_vmcb(struct vcpu_svm *s
+ svm->nested.vmcb = 0;
+ svm->vcpu.arch.hflags = 0;
+
+- if (pause_filter_count) {
++ if (!kvm_pause_in_guest(svm->vcpu.kvm)) {
+ control->pause_filter_count = pause_filter_count;
+ if (pause_filter_thresh)
+ control->pause_filter_thresh = pause_filter_thresh;
+@@ -2682,7 +2682,7 @@ static int pause_interception(struct vcp
+ struct kvm_vcpu *vcpu = &svm->vcpu;
+ bool in_kernel = (svm_get_cpl(vcpu) == 0);
+
+- if (pause_filter_thresh)
++ if (!kvm_pause_in_guest(vcpu->kvm))
+ grow_ple_window(vcpu);
+
+ kvm_vcpu_on_spin(vcpu, in_kernel);
+@@ -3727,7 +3727,7 @@ static void svm_handle_exit_irqoff(struc
+
+ static void svm_sched_in(struct kvm_vcpu *vcpu, int cpu)
+ {
+- if (pause_filter_thresh)
++ if (!kvm_pause_in_guest(vcpu->kvm))
+ shrink_ple_window(vcpu);
+ }
+
+@@ -3892,6 +3892,9 @@ static void svm_vm_destroy(struct kvm *k
+
+ static int svm_vm_init(struct kvm *kvm)
+ {
++ if (!pause_filter_count || !pause_filter_thresh)
++ kvm->arch.pause_in_guest = true;
++
+ if (avic) {
+ int ret = avic_vm_init(kvm);
+ if (ret)
risc-v-set-maximum-number-of-mapped-pages-correctly.patch
drivers-net-wan-lapb-corrected-the-usage-of-skb_cow.patch
riscv-parse-all-memory-blocks-to-remove-unusable-mem.patch
+kvm-arm64-don-t-inherit-exec-permission-across-page-table-levels.patch
+kvm-lapic-prevent-setting-the-tscdeadline-timer-if-the-lapic-is-hw-disabled.patch
+kvm-svm-fix-disable-pause-loop-exit-pause-filtering-capability-on-svm.patch
+x86-i8259-use-printk_deferred-to-prevent-deadlock.patch
--- /dev/null
+From bdd65589593edd79b6a12ce86b3b7a7c6dae5208 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Wed, 29 Jul 2020 10:53:28 +0200
+Subject: x86/i8259: Use printk_deferred() to prevent deadlock
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit bdd65589593edd79b6a12ce86b3b7a7c6dae5208 upstream.
+
+0day reported a possible circular locking dependency:
+
+Chain exists of:
+ &irq_desc_lock_class --> console_owner --> &port_lock_key
+
+ Possible unsafe locking scenario:
+
+ CPU0 CPU1
+ ---- ----
+ lock(&port_lock_key);
+ lock(console_owner);
+ lock(&port_lock_key);
+ lock(&irq_desc_lock_class);
+
+The reason for this is a printk() in the i8259 interrupt chip driver
+which is invoked with the irq descriptor lock held, which reverses the
+lock operations vs. printk() from arbitrary contexts.
+
+Switch the printk() to printk_deferred() to avoid that.
+
+Reported-by: kernel test robot <lkp@intel.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/87365abt2v.fsf@nanos.tec.linutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/i8259.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/i8259.c
++++ b/arch/x86/kernel/i8259.c
+@@ -207,7 +207,7 @@ spurious_8259A_irq:
+ * lets ACK and report it. [once per IRQ]
+ */
+ if (!(spurious_irq_mask & irqmask)) {
+- printk(KERN_DEBUG
++ printk_deferred(KERN_DEBUG
+ "spurious 8259A interrupt: IRQ%d.\n", irq);
+ spurious_irq_mask |= irqmask;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
