4.9-stable patches

added patches:
	cifs-remove-bogus-debug-code.patch
	kvm-x86-mmu-commit-zap-of-remaining-invalid-pages-when-recovering-lpages.patch

diff --git a/queue-4.9/cifs-remove-bogus-debug-code.patch b/queue-4.9/cifs-remove-bogus-debug-code.patch
new file mode 100644 (file)
index 0000000..00c3828
--- /dev/null
+++ b/queue-4.9/cifs-remove-bogus-debug-code.patch
@@ -0,0 +1,72 @@
+From d367cb960ce88914898cbfa43645c2e43ede9465 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Wed, 16 Sep 2020 23:18:21 +0300
+Subject: cifs: remove bogus debug code
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit d367cb960ce88914898cbfa43645c2e43ede9465 upstream.
+
+The "end" pointer is either NULL or it points to the next byte to parse.
+If there isn't a next byte then dereferencing "end" is an off-by-one out
+of bounds error.  And, of course, if it's NULL that leads to an Oops.
+Printing "*end" doesn't seem very useful so let's delete this code.
+
+Also for the last debug statement, I noticed that it should be printing
+"sequence_end" instead of "end" so fix that as well.
+
+Reported-by: Dominik Maier <dmaier@sect.tu-berlin.de>
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/asn1.c |   16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+--- a/fs/cifs/asn1.c
++++ b/fs/cifs/asn1.c
+@@ -541,8 +541,8 @@ decode_negTokenInit(unsigned char *secur
+               return 0;
+       } else if ((cls != ASN1_CTX) || (con != ASN1_CON)
+                  || (tag != ASN1_EOC)) {
+-              cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 0\n",
+-                       cls, con, tag, end, *end);
++              cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p exit 0\n",
++                       cls, con, tag, end);
+               return 0;
+       }
+ 
+@@ -552,8 +552,8 @@ decode_negTokenInit(unsigned char *secur
+               return 0;
+       } else if ((cls != ASN1_UNI) || (con != ASN1_CON)
+                  || (tag != ASN1_SEQ)) {
+-              cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 1\n",
+-                       cls, con, tag, end, *end);
++              cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p exit 1\n",
++                       cls, con, tag, end);
+               return 0;
+       }
+ 
+@@ -563,8 +563,8 @@ decode_negTokenInit(unsigned char *secur
+               return 0;
+       } else if ((cls != ASN1_CTX) || (con != ASN1_CON)
+                  || (tag != ASN1_EOC)) {
+-              cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 0\n",
+-                       cls, con, tag, end, *end);
++              cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p exit 0\n",
++                       cls, con, tag, end);
+               return 0;
+       }
+ 
+@@ -575,8 +575,8 @@ decode_negTokenInit(unsigned char *secur
+               return 0;
+       } else if ((cls != ASN1_UNI) || (con != ASN1_CON)
+                  || (tag != ASN1_SEQ)) {
+-              cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 1\n",
+-                       cls, con, tag, end, *end);
++              cifs_dbg(FYI, "cls = %d con = %d tag = %d sequence_end = %p exit 1\n",
++                       cls, con, tag, sequence_end);
+               return 0;
+       }
+ 

diff --git a/queue-4.9/kvm-x86-mmu-commit-zap-of-remaining-invalid-pages-when-recovering-lpages.patch b/queue-4.9/kvm-x86-mmu-commit-zap-of-remaining-invalid-pages-when-recovering-lpages.patch
new file mode 100644 (file)
index 0000000..e5168ed
--- /dev/null
+++ b/queue-4.9/kvm-x86-mmu-commit-zap-of-remaining-invalid-pages-when-recovering-lpages.patch
@@ -0,0 +1,39 @@
+From e89505698c9f70125651060547da4ff5046124fc Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <sean.j.christopherson@intel.com>
+Date: Wed, 23 Sep 2020 11:37:28 -0700
+Subject: KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages
+
+From: Sean Christopherson <sean.j.christopherson@intel.com>
+
+commit e89505698c9f70125651060547da4ff5046124fc upstream.
+
+Call kvm_mmu_commit_zap_page() after exiting the "prepare zap" loop in
+kvm_recover_nx_lpages() to finish zapping pages in the unlikely event
+that the loop exited due to lpage_disallowed_mmu_pages being empty.
+Because the recovery thread drops mmu_lock() when rescheduling, it's
+possible that lpage_disallowed_mmu_pages could be emptied by a different
+thread without to_zap reaching zero despite to_zap being derived from
+the number of disallowed lpages.
+
+Fixes: 1aa9b9572b105 ("kvm: x86: mmu: Recovery of shattered NX large pages")
+Cc: Junaid Shahid <junaids@google.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
+Message-Id: <20200923183735.584-2-sean.j.christopherson@intel.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/mmu.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -5321,6 +5321,7 @@ static void kvm_recover_nx_lpages(struct
+                               cond_resched_lock(&kvm->mmu_lock);
+               }
+       }
++      kvm_mmu_commit_zap_page(kvm, &invalid_list);
+ 
+       spin_unlock(&kvm->mmu_lock);
+       srcu_read_unlock(&kvm->srcu, rcu_idx);

diff --git a/queue-4.9/series b/queue-4.9/series
index 486b7739f8ad9e1ca433ea558025246dfcd52a94..6e5c998acb9249ddf0be9d003c1d01a6d75757b0 100644 (file)
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -8,3 +8,5 @@ net-hdlc_raw_eth-clear-the-iff_tx_skb_sharing-flag-after-calling-ether_setup.pat
 nfc-ensure-presence-of-nfc_attr_firmware_name-attribute-in-nfc_genl_fw_download.patch
 tcp-fix-to-update-snd_wl1-in-bulk-receiver-fast-path.patch
 icmp-randomize-the-global-rate-limiter.patch
+cifs-remove-bogus-debug-code.patch
+kvm-x86-mmu-commit-zap-of-remaining-invalid-pages-when-recovering-lpages.patch