From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 15 Nov 2021 13:25:05 +0000 (+0100)
Subject: 5.14-stable patches
X-Git-Tag: v5.4.160~59
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=10d3fd55cfbf3397f6c3a76b13e84772dccf5ec9;p=thirdparty%2Fkernel%2Fstable-queue.git

5.14-stable patches

added patches:
	kvm-x86-move-guest_pv_has-out-of-user_access-section.patch
---

diff --git a/queue-5.14/kvm-x86-move-guest_pv_has-out-of-user_access-section.patch b/queue-5.14/kvm-x86-move-guest_pv_has-out-of-user_access-section.patch
new file mode 100644
index 00000000000..72adbe9ce05
--- /dev/null
+++ b/queue-5.14/kvm-x86-move-guest_pv_has-out-of-user_access-section.patch
@@ -0,0 +1,55 @@
+From 3e067fd8503d6205aa0c1c8f48f6b209c592d19c Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 12 Nov 2021 02:53:41 -0500
+Subject: KVM: x86: move guest_pv_has out of user_access section
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+commit 3e067fd8503d6205aa0c1c8f48f6b209c592d19c upstream.
+
+When UBSAN is enabled, the code emitted for the call to guest_pv_has
+includes a call to __ubsan_handle_load_invalid_value.  objtool
+complains that this call happens with UACCESS enabled; to avoid
+the warning, pull the calls to user_access_begin into both arms
+of the "if" statement, after the check for guest_pv_has.
+
+Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
+Cc: David Woodhouse <dwmw2@infradead.org>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/x86.c |    9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -3222,9 +3222,6 @@ static void record_steal_time(struct kvm
+ 	}
+ 
+ 	st = (struct kvm_steal_time __user *)ghc->hva;
+-	if (!user_access_begin(st, sizeof(*st)))
+-		return;
+-
+ 	/*
+ 	 * Doing a TLB flush here, on the guest's behalf, can avoid
+ 	 * expensive IPIs.
+@@ -3233,6 +3230,9 @@ static void record_steal_time(struct kvm
+ 		u8 st_preempted = 0;
+ 		int err = -EFAULT;
+ 
++		if (!user_access_begin(st, sizeof(*st)))
++			return;
++
+ 		asm volatile("1: xchgb %0, %2\n"
+ 			     "xor %1, %1\n"
+ 			     "2:\n"
+@@ -3255,6 +3255,9 @@ static void record_steal_time(struct kvm
+ 		if (!user_access_begin(st, sizeof(*st)))
+ 			goto dirty;
+ 	} else {
++		if (!user_access_begin(st, sizeof(*st)))
++			return;
++
+ 		unsafe_put_user(0, &st->preempted, out);
+ 		vcpu->arch.st.preempted = 0;
+ 	}
diff --git a/queue-5.14/series b/queue-5.14/series
index 369b9c42172..e2458f7888d 100644
--- a/queue-5.14/series
+++ b/queue-5.14/series
@@ -792,3 +792,4 @@ parisc-flush-kernel-data-mapping-in-set_pte_at-when-installing-pte-for-user-page
 mips-fix-duplicated-slashes-for-platform-file-path.patch
 mips-fix-assembly-error-from-mipsr2-code-used-within-mips_isa_arch_level.patch
 x86-mce-add-errata-workaround-for-skylake-skx37.patch
+kvm-x86-move-guest_pv_has-out-of-user_access-section.patch