--- /dev/null
+From 3204be4109ad681523e3461ce64454c79278450a Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <maz@kernel.org>
+Date: Tue, 9 Jun 2020 08:40:35 +0100
+Subject: KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
+
+From: Marc Zyngier <maz@kernel.org>
+
+commit 3204be4109ad681523e3461ce64454c79278450a upstream.
+
+AArch32 CP1x registers are overlayed on their AArch64 counterparts
+in the vcpu struct. This leads to an interesting problem as they
+are stored in their CPU-local format, and thus a CP1x register
+doesn't "hit" the lower 32bit portion of the AArch64 register on
+a BE host.
+
+To workaround this unfortunate situation, introduce a bias trick
+in the vcpu_cp1x() accessors which picks the correct half of the
+64bit register.
+
+Cc: stable@vger.kernel.org
+Reported-by: James Morse <james.morse@arm.com>
+Tested-by: James Morse <james.morse@arm.com>
+Acked-by: James Morse <james.morse@arm.com>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/include/asm/kvm_host.h | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/arch/arm64/include/asm/kvm_host.h
++++ b/arch/arm64/include/asm/kvm_host.h
+@@ -290,8 +290,10 @@ struct kvm_vcpu_arch {
+ * CP14 and CP15 live in the same array, as they are backed by the
+ * same system registers.
+ */
+-#define vcpu_cp14(v,r) ((v)->arch.ctxt.copro[(r)])
+-#define vcpu_cp15(v,r) ((v)->arch.ctxt.copro[(r)])
++#define CPx_BIAS IS_ENABLED(CONFIG_CPU_BIG_ENDIAN)
++
++#define vcpu_cp14(v,r) ((v)->arch.ctxt.copro[(r) ^ CPx_BIAS])
++#define vcpu_cp15(v,r) ((v)->arch.ctxt.copro[(r) ^ CPx_BIAS])
+
+ #ifdef CONFIG_CPU_BIG_ENDIAN
+ #define vcpu_cp15_64_high(v,r) vcpu_cp15((v),(r))
--- /dev/null
+From fe2b73dba47fb6d6922df1ad44e83b1754d5ed4d Mon Sep 17 00:00:00 2001
+From: Xing Li <lixing@loongson.cn>
+Date: Sat, 23 May 2020 15:56:28 +0800
+Subject: KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data)
+
+From: Xing Li <lixing@loongson.cn>
+
+commit fe2b73dba47fb6d6922df1ad44e83b1754d5ed4d upstream.
+
+The code in decode_config4() of arch/mips/kernel/cpu-probe.c
+
+ asid_mask = MIPS_ENTRYHI_ASID;
+ if (config4 & MIPS_CONF4_AE)
+ asid_mask |= MIPS_ENTRYHI_ASIDX;
+ set_cpu_asid_mask(c, asid_mask);
+
+set asid_mask to cpuinfo->asid_mask.
+
+So in order to support variable ASID_MASK, KVM_ENTRYHI_ASID should also
+be changed to cpu_asid_mask(&boot_cpu_data).
+
+Cc: Stable <stable@vger.kernel.org> #4.9+
+Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
+Signed-off-by: Xing Li <lixing@loongson.cn>
+[Huacai: Change current_cpu_data to boot_cpu_data for optimization]
+Signed-off-by: Huacai Chen <chenhc@lemote.com>
+Message-Id: <1590220602-3547-2-git-send-email-chenhc@lemote.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/include/asm/kvm_host.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/include/asm/kvm_host.h
++++ b/arch/mips/include/asm/kvm_host.h
+@@ -244,7 +244,7 @@ enum emulation_result {
+ #define MIPS3_PG_FRAME 0x3fffffc0
+
+ #define VPN2_MASK 0xffffe000
+-#define KVM_ENTRYHI_ASID MIPS_ENTRYHI_ASID
++#define KVM_ENTRYHI_ASID cpu_asid_mask(&boot_cpu_data)
+ #define TLB_IS_GLOBAL(x) ((x).tlb_lo[0] & (x).tlb_lo[1] & ENTRYLO_G)
+ #define TLB_VPN2(x) ((x).tlb_hi & VPN2_MASK)
+ #define TLB_ASID(x) ((x).tlb_hi & KVM_ENTRYHI_ASID)
--- /dev/null
+From 5816c76dea116a458f1932eefe064e35403248eb Mon Sep 17 00:00:00 2001
+From: Xing Li <lixing@loongson.cn>
+Date: Sat, 23 May 2020 15:56:29 +0800
+Subject: KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits
+
+From: Xing Li <lixing@loongson.cn>
+
+commit 5816c76dea116a458f1932eefe064e35403248eb upstream.
+
+If a CPU support more than 32bit vmbits (which is true for 64bit CPUs),
+VPN2_MASK set to fixed 0xffffe000 will lead to a wrong EntryHi in some
+functions such as _kvm_mips_host_tlb_inv().
+
+The cpu_vmbits definition of 32bit CPU in cpu-features.h is 31, so we
+still use the old definition.
+
+Cc: Stable <stable@vger.kernel.org>
+Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
+Signed-off-by: Xing Li <lixing@loongson.cn>
+[Huacai: Improve commit messages]
+Signed-off-by: Huacai Chen <chenhc@lemote.com>
+Message-Id: <1590220602-3547-3-git-send-email-chenhc@lemote.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/include/asm/kvm_host.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/arch/mips/include/asm/kvm_host.h
++++ b/arch/mips/include/asm/kvm_host.h
+@@ -243,7 +243,11 @@ enum emulation_result {
+ #define MIPS3_PG_SHIFT 6
+ #define MIPS3_PG_FRAME 0x3fffffc0
+
++#if defined(CONFIG_64BIT)
++#define VPN2_MASK GENMASK(cpu_vmbits - 1, 13)
++#else
+ #define VPN2_MASK 0xffffe000
++#endif
+ #define KVM_ENTRYHI_ASID cpu_asid_mask(&boot_cpu_data)
+ #define TLB_IS_GLOBAL(x) ((x).tlb_lo[0] & (x).tlb_lo[1] & ENTRYLO_G)
+ #define TLB_VPN2(x) ((x).tlb_hi & VPN2_MASK)
--- /dev/null
+From 6c0238c4a62b3a0b1201aeb7e33a4636d552a436 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Wed, 20 May 2020 08:02:17 -0400
+Subject: KVM: nSVM: leave ASID aside in copy_vmcb_control_area
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+commit 6c0238c4a62b3a0b1201aeb7e33a4636d552a436 upstream.
+
+Restoring the ASID from the hsave area on VMEXIT is wrong, because its
+value depends on the handling of TLB flushes. Just skipping the field in
+copy_vmcb_control_area will do.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/svm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/svm.c
++++ b/arch/x86/kvm/svm.c
+@@ -2734,7 +2734,7 @@ static inline void copy_vmcb_control_are
+ dst->iopm_base_pa = from->iopm_base_pa;
+ dst->msrpm_base_pa = from->msrpm_base_pa;
+ dst->tsc_offset = from->tsc_offset;
+- dst->asid = from->asid;
++ /* asid not copied, it is handled manually for svm->vmcb. */
+ dst->tlb_ctl = from->tlb_ctl;
+ dst->int_ctl = from->int_ctl;
+ dst->int_vector = from->int_vector;
--- /dev/null
+From 2ebac8bb3c2d35f5135466490fc8eeaf3f3e2d37 Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <sean.j.christopherson@intel.com>
+Date: Thu, 27 Feb 2020 09:44:30 -0800
+Subject: KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
+
+From: Sean Christopherson <sean.j.christopherson@intel.com>
+
+commit 2ebac8bb3c2d35f5135466490fc8eeaf3f3e2d37 upstream.
+
+Consult only the basic exit reason, i.e. bits 15:0 of vmcs.EXIT_REASON,
+when determining whether a nested VM-Exit should be reflected into L1 or
+handled by KVM in L0.
+
+For better or worse, the switch statement in nested_vmx_exit_reflected()
+currently defaults to "true", i.e. reflects any nested VM-Exit without
+dedicated logic. Because the case statements only contain the basic
+exit reason, any VM-Exit with modifier bits set will be reflected to L1,
+even if KVM intended to handle it in L0.
+
+Practically speaking, this only affects EXIT_REASON_MCE_DURING_VMENTRY,
+i.e. a #MC that occurs on nested VM-Enter would be incorrectly routed to
+L1, as "failed VM-Entry" is the only modifier that KVM can currently
+encounter. The SMM modifiers will never be generated as KVM doesn't
+support/employ a SMI Transfer Monitor. Ditto for "exit from enclave",
+as KVM doesn't yet support virtualizing SGX, i.e. it's impossible to
+enter an enclave in a KVM guest (L1 or L2).
+
+Fixes: 644d711aa0e1 ("KVM: nVMX: Deciding if L0 or L1 should handle an L2 exit")
+Cc: Jim Mattson <jmattson@google.com>
+Cc: Xiaoyao Li <xiaoyao.li@intel.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
+Message-Id: <20200227174430.26371-1-sean.j.christopherson@intel.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/vmx.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -8207,7 +8207,7 @@ static bool nested_vmx_exit_handled(stru
+ return true;
+ }
+
+- switch (exit_reason) {
++ switch ((u16)exit_reason) {
+ case EXIT_REASON_EXCEPTION_NMI:
+ if (is_nmi(intr_info))
+ return false;
spi-bcm2835-fix-controller-unregister-order.patch
ovl-initialize-error-in-ovl_copy_xattr.patch
proc-use-new_inode-not-new_inode_pseudo.patch
+video-fbdev-w100fb-fix-a-potential-double-free.patch
+kvm-nsvm-leave-asid-aside-in-copy_vmcb_control_area.patch
+kvm-nvmx-consult-only-the-basic-exit-reason-when-routing-nested-exit.patch
+kvm-mips-define-kvm_entryhi_asid-to-cpu_asid_mask-boot_cpu_data.patch
+kvm-mips-fix-vpn2_mask-definition-for-variable-cpu_vmbits.patch
+kvm-arm64-make-vcpu_cp1x-work-on-big-endian-hosts.patch
--- /dev/null
+From 18722d48a6bb9c2e8d046214c0a5fd19d0a7c9f6 Mon Sep 17 00:00:00 2001
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Date: Wed, 6 May 2020 20:19:02 +0200
+Subject: video: fbdev: w100fb: Fix a potential double free.
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+commit 18722d48a6bb9c2e8d046214c0a5fd19d0a7c9f6 upstream.
+
+Some memory is vmalloc'ed in the 'w100fb_save_vidmem' function and freed in
+the 'w100fb_restore_vidmem' function. (these functions are called
+respectively from the 'suspend' and the 'resume' functions)
+
+However, it is also freed in the 'remove' function.
+
+In order to avoid a potential double free, set the corresponding pointer
+to NULL once freed in the 'w100fb_restore_vidmem' function.
+
+Fixes: aac51f09d96a ("[PATCH] w100fb: Rewrite for platform independence")
+Cc: Richard Purdie <rpurdie@rpsys.net>
+Cc: Antonino Daplas <adaplas@pol.net>
+Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
+Cc: <stable@vger.kernel.org> # v2.6.14+
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
+Link: https://patchwork.freedesktop.org/patch/msgid/20200506181902.193290-1-christophe.jaillet@wanadoo.fr
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/video/fbdev/w100fb.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/video/fbdev/w100fb.c
++++ b/drivers/video/fbdev/w100fb.c
+@@ -583,6 +583,7 @@ static void w100fb_restore_vidmem(struct
+ memsize=par->mach->mem->size;
+ memcpy_toio(remapped_fbuf + (W100_FB_BASE-MEM_WINDOW_BASE), par->saved_extmem, memsize);
+ vfree(par->saved_extmem);
++ par->saved_extmem = NULL;
+ }
+ if (par->saved_intmem) {
+ memsize=MEM_INT_SIZE;
+@@ -591,6 +592,7 @@ static void w100fb_restore_vidmem(struct
+ else
+ memcpy_toio(remapped_fbuf + (W100_FB_BASE-MEM_WINDOW_BASE), par->saved_intmem, memsize);
+ vfree(par->saved_intmem);
++ par->saved_intmem = NULL;
+ }
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
