From: Greg Kroah-Hartman Date: Sun, 23 Apr 2023 10:31:58 +0000 (+0200) Subject: 6.1-stable patches X-Git-Tag: v4.14.314~45 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=07104cc08c1ac9b3ce52a7d0430b32c8944b50d6;p=thirdparty%2Fkernel%2Fstable-queue.git 6.1-stable patches added patches: fuse-always-revalidate-rename-target-dentry.patch kvm-arm64-fix-buffer-overflow-in-kvm_arm_set_fw_reg.patch kvm-arm64-make-vcpu-flag-updates-non-preemptible.patch mips-define-runtime_discard_exit-in-ld-script.patch --- diff --git a/queue-6.1/fuse-always-revalidate-rename-target-dentry.patch b/queue-6.1/fuse-always-revalidate-rename-target-dentry.patch new file mode 100644 index 00000000000..053fc61d164 --- /dev/null +++ b/queue-6.1/fuse-always-revalidate-rename-target-dentry.patch @@ -0,0 +1,36 @@ +From ccc031e26afe60d2a5a3d93dabd9c978210825fb Mon Sep 17 00:00:00 2001 +From: Jiachen Zhang +Date: Wed, 28 Sep 2022 20:19:34 +0800 +Subject: fuse: always revalidate rename target dentry + +From: Jiachen Zhang + +commit ccc031e26afe60d2a5a3d93dabd9c978210825fb upstream. + +The previous commit df8629af2934 ("fuse: always revalidate if exclusive +create") ensures that the dentries are revalidated on O_EXCL creates. This +commit complements it by also performing revalidation for rename target +dentries. Otherwise, a rename target file that only exists in kernel +dentry cache but not in the filesystem will result in EEXIST if +RENAME_NOREPLACE flag is used. + +Signed-off-by: Jiachen Zhang +Signed-off-by: Zhang Tianci +Signed-off-by: Miklos Szeredi +Signed-off-by: Yang Bo +Signed-off-by: Greg Kroah-Hartman +--- + fs/fuse/dir.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/fuse/dir.c ++++ b/fs/fuse/dir.c +@@ -214,7 +214,7 @@ static int fuse_dentry_revalidate(struct + if (inode && fuse_is_bad(inode)) + goto invalid; + else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) || +- (flags & (LOOKUP_EXCL | LOOKUP_REVAL))) { ++ (flags & (LOOKUP_EXCL | LOOKUP_REVAL | LOOKUP_RENAME_TARGET))) { + struct fuse_entry_out outarg; + FUSE_ARGS(args); + struct fuse_forget_link *forget; diff --git a/queue-6.1/kvm-arm64-fix-buffer-overflow-in-kvm_arm_set_fw_reg.patch b/queue-6.1/kvm-arm64-fix-buffer-overflow-in-kvm_arm_set_fw_reg.patch new file mode 100644 index 00000000000..0b9bee68838 --- /dev/null +++ b/queue-6.1/kvm-arm64-fix-buffer-overflow-in-kvm_arm_set_fw_reg.patch @@ -0,0 +1,36 @@ +From a25bc8486f9c01c1af6b6c5657234b2eee2c39d6 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Wed, 19 Apr 2023 13:16:13 +0300 +Subject: KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() + +From: Dan Carpenter + +commit a25bc8486f9c01c1af6b6c5657234b2eee2c39d6 upstream. + +The KVM_REG_SIZE() comes from the ioctl and it can be a power of two +between 0-32768 but if it is more than sizeof(long) this will corrupt +memory. + +Fixes: 99adb567632b ("KVM: arm/arm64: Add save/restore support for firmware workaround state") +Signed-off-by: Dan Carpenter +Reviewed-by: Steven Price +Reviewed-by: Eric Auger +Reviewed-by: Marc Zyngier +Link: https://lore.kernel.org/r/4efbab8c-640f-43b2-8ac6-6d68e08280fe@kili.mountain +Signed-off-by: Oliver Upton +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/kvm/hypercalls.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/arm64/kvm/hypercalls.c ++++ b/arch/arm64/kvm/hypercalls.c +@@ -397,6 +397,8 @@ int kvm_arm_set_fw_reg(struct kvm_vcpu * + u64 val; + int wa_level; + ++ if (KVM_REG_SIZE(reg->id) != sizeof(val)) ++ return -ENOENT; + if (copy_from_user(&val, uaddr, KVM_REG_SIZE(reg->id))) + return -EFAULT; + diff --git a/queue-6.1/kvm-arm64-make-vcpu-flag-updates-non-preemptible.patch b/queue-6.1/kvm-arm64-make-vcpu-flag-updates-non-preemptible.patch new file mode 100644 index 00000000000..d3a02f6da7c --- /dev/null +++ b/queue-6.1/kvm-arm64-make-vcpu-flag-updates-non-preemptible.patch @@ -0,0 +1,91 @@ +From 35dcb3ac663a16510afc27ba2725d70c15e012a5 Mon Sep 17 00:00:00 2001 +From: Marc Zyngier +Date: Tue, 18 Apr 2023 13:57:37 +0100 +Subject: KVM: arm64: Make vcpu flag updates non-preemptible + +From: Marc Zyngier + +commit 35dcb3ac663a16510afc27ba2725d70c15e012a5 upstream. + +Per-vcpu flags are updated using a non-atomic RMW operation. +Which means it is possible to get preempted between the read and +write operations. + +Another interesting thing to note is that preemption also updates +flags, as we have some flag manipulation in both the load and put +operations. + +It is thus possible to lose information communicated by either +load or put, as the preempted flag update will overwrite the flags +when the thread is resumed. This is specially critical if either +load or put has stored information which depends on the physical +CPU the vcpu runs on. + +This results in really elusive bugs, and kudos must be given to +Mostafa for the long hours of debugging, and finally spotting +the problem. + +Fix it by disabling preemption during the RMW operation, which +ensures that the state stays consistent. Also upgrade vcpu_get_flag +path to use READ_ONCE() to make sure the field is always atomically +accessed. + +Fixes: e87abb73e594 ("KVM: arm64: Add helpers to manipulate vcpu flags among a set") +Reported-by: Mostafa Saleh +Signed-off-by: Marc Zyngier +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20230418125737.2327972-1-maz@kernel.org +Signed-off-by: Oliver Upton +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/include/asm/kvm_host.h | 19 ++++++++++++++++++- + 1 file changed, 18 insertions(+), 1 deletion(-) + +--- a/arch/arm64/include/asm/kvm_host.h ++++ b/arch/arm64/include/asm/kvm_host.h +@@ -449,9 +449,22 @@ struct kvm_vcpu_arch { + ({ \ + __build_check_flag(v, flagset, f, m); \ + \ +- v->arch.flagset & (m); \ ++ READ_ONCE(v->arch.flagset) & (m); \ + }) + ++/* ++ * Note that the set/clear accessors must be preempt-safe in order to ++ * avoid nesting them with load/put which also manipulate flags... ++ */ ++#ifdef __KVM_NVHE_HYPERVISOR__ ++/* the nVHE hypervisor is always non-preemptible */ ++#define __vcpu_flags_preempt_disable() ++#define __vcpu_flags_preempt_enable() ++#else ++#define __vcpu_flags_preempt_disable() preempt_disable() ++#define __vcpu_flags_preempt_enable() preempt_enable() ++#endif ++ + #define __vcpu_set_flag(v, flagset, f, m) \ + do { \ + typeof(v->arch.flagset) *fset; \ +@@ -459,9 +472,11 @@ struct kvm_vcpu_arch { + __build_check_flag(v, flagset, f, m); \ + \ + fset = &v->arch.flagset; \ ++ __vcpu_flags_preempt_disable(); \ + if (HWEIGHT(m) > 1) \ + *fset &= ~(m); \ + *fset |= (f); \ ++ __vcpu_flags_preempt_enable(); \ + } while (0) + + #define __vcpu_clear_flag(v, flagset, f, m) \ +@@ -471,7 +486,9 @@ struct kvm_vcpu_arch { + __build_check_flag(v, flagset, f, m); \ + \ + fset = &v->arch.flagset; \ ++ __vcpu_flags_preempt_disable(); \ + *fset &= ~(m); \ ++ __vcpu_flags_preempt_enable(); \ + } while (0) + + #define vcpu_get_flag(v, ...) __vcpu_get_flag((v), __VA_ARGS__) diff --git a/queue-6.1/mips-define-runtime_discard_exit-in-ld-script.patch b/queue-6.1/mips-define-runtime_discard_exit-in-ld-script.patch new file mode 100644 index 00000000000..779b6743707 --- /dev/null +++ b/queue-6.1/mips-define-runtime_discard_exit-in-ld-script.patch @@ -0,0 +1,35 @@ +From 6dcbd0a69c84a8ae7a442840a8cf6b1379dc8f16 Mon Sep 17 00:00:00 2001 +From: Jiaxun Yang +Date: Sat, 8 Apr 2023 21:33:48 +0100 +Subject: MIPS: Define RUNTIME_DISCARD_EXIT in LD script + +From: Jiaxun Yang + +commit 6dcbd0a69c84a8ae7a442840a8cf6b1379dc8f16 upstream. + +MIPS's exit sections are discarded at runtime as well. + +Fixes link error: +`.exit.text' referenced in section `__jump_table' of fs/fuse/inode.o: +defined in discarded section `.exit.text' of fs/fuse/inode.o + +Fixes: 99cb0d917ffa ("arch: fix broken BuildID for arm64 and riscv") +Reported-by: "kernelci.org bot" +Signed-off-by: Jiaxun Yang +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Greg Kroah-Hartman +--- + arch/mips/kernel/vmlinux.lds.S | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/mips/kernel/vmlinux.lds.S ++++ b/arch/mips/kernel/vmlinux.lds.S +@@ -15,6 +15,8 @@ + #define EMITS_PT_NOTE + #endif + ++#define RUNTIME_DISCARD_EXIT ++ + #include + + #undef mips diff --git a/queue-6.1/series b/queue-6.1/series index d1121b96a64..e2e2eae3dfd 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -79,3 +79,7 @@ mm-mmap-regression-fix-for-unmapped_area-_topdown.patch sched-fair-detect-capacity-inversion.patch sched-fair-consider-capacity-inversion-in-util_fits_cpu.patch sched-fair-fixes-for-capacity-inversion-detection.patch +kvm-arm64-make-vcpu-flag-updates-non-preemptible.patch +kvm-arm64-fix-buffer-overflow-in-kvm_arm_set_fw_reg.patch +mips-define-runtime_discard_exit-in-ld-script.patch +fuse-always-revalidate-rename-target-dentry.patch