From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 3 Aug 2020 10:10:47 +0000 (+0200)
Subject: 5.4-stable patches
X-Git-Tag: v5.7.13~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=19b5dbb61cb02f55816143000d1d675081cafc4c;p=thirdparty%2Fkernel%2Fstable-queue.git

5.4-stable patches

added patches:
	kvm-arm64-don-t-inherit-exec-permission-across-page-table-levels.patch
	kvm-lapic-prevent-setting-the-tscdeadline-timer-if-the-lapic-is-hw-disabled.patch
	x86-i8259-use-printk_deferred-to-prevent-deadlock.patch
---

diff --git a/queue-5.4/kvm-arm64-don-t-inherit-exec-permission-across-page-table-levels.patch b/queue-5.4/kvm-arm64-don-t-inherit-exec-permission-across-page-table-levels.patch
new file mode 100644
index 00000000000..459a425b8ae
--- /dev/null
+++ b/queue-5.4/kvm-arm64-don-t-inherit-exec-permission-across-page-table-levels.patch
@@ -0,0 +1,70 @@
+From b757b47a2fcba584d4a32fd7ee68faca510ab96f Mon Sep 17 00:00:00 2001
+From: Will Deacon <will@kernel.org>
+Date: Thu, 23 Jul 2020 11:17:14 +0100
+Subject: KVM: arm64: Don't inherit exec permission across page-table levels
+
+From: Will Deacon <will@kernel.org>
+
+commit b757b47a2fcba584d4a32fd7ee68faca510ab96f upstream.
+
+If a stage-2 page-table contains an executable, read-only mapping at the
+pte level (e.g. due to dirty logging being enabled), a subsequent write
+fault to the same page which tries to install a larger block mapping
+(e.g. due to dirty logging having been disabled) will erroneously inherit
+the exec permission and consequently skip I-cache invalidation for the
+rest of the block.
+
+Ensure that exec permission is only inherited by write faults when the
+new mapping is of the same size as the existing one. A subsequent
+instruction abort will result in I-cache invalidation for the entire
+block mapping.
+
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Tested-by: Quentin Perret <qperret@google.com>
+Reviewed-by: Quentin Perret <qperret@google.com>
+Cc: Marc Zyngier <maz@kernel.org>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20200723101714.15873-1-will@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ virt/kvm/arm/mmu.c |   11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+--- a/virt/kvm/arm/mmu.c
++++ b/virt/kvm/arm/mmu.c
+@@ -1199,7 +1199,7 @@ static bool stage2_get_leaf_entry(struct
+ 	return true;
+ }
+ 
+-static bool stage2_is_exec(struct kvm *kvm, phys_addr_t addr)
++static bool stage2_is_exec(struct kvm *kvm, phys_addr_t addr, unsigned long sz)
+ {
+ 	pud_t *pudp;
+ 	pmd_t *pmdp;
+@@ -1211,11 +1211,11 @@ static bool stage2_is_exec(struct kvm *k
+ 		return false;
+ 
+ 	if (pudp)
+-		return kvm_s2pud_exec(pudp);
++		return sz <= PUD_SIZE && kvm_s2pud_exec(pudp);
+ 	else if (pmdp)
+-		return kvm_s2pmd_exec(pmdp);
++		return sz <= PMD_SIZE && kvm_s2pmd_exec(pmdp);
+ 	else
+-		return kvm_s2pte_exec(ptep);
++		return sz == PAGE_SIZE && kvm_s2pte_exec(ptep);
+ }
+ 
+ static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache,
+@@ -1805,7 +1805,8 @@ static int user_mem_abort(struct kvm_vcp
+ 	 * execute permissions, and we preserve whatever we have.
+ 	 */
+ 	needs_exec = exec_fault ||
+-		(fault_status == FSC_PERM && stage2_is_exec(kvm, fault_ipa));
++		(fault_status == FSC_PERM &&
++		 stage2_is_exec(kvm, fault_ipa, vma_pagesize));
+ 
+ 	if (vma_pagesize == PUD_SIZE) {
+ 		pud_t new_pud = kvm_pfn_pud(pfn, mem_type);
diff --git a/queue-5.4/kvm-lapic-prevent-setting-the-tscdeadline-timer-if-the-lapic-is-hw-disabled.patch b/queue-5.4/kvm-lapic-prevent-setting-the-tscdeadline-timer-if-the-lapic-is-hw-disabled.patch
new file mode 100644
index 00000000000..e941e09fa6f
--- /dev/null
+++ b/queue-5.4/kvm-lapic-prevent-setting-the-tscdeadline-timer-if-the-lapic-is-hw-disabled.patch
@@ -0,0 +1,33 @@
+From d2286ba7d574ba3103a421a2f9ec17cb5b0d87a1 Mon Sep 17 00:00:00 2001
+From: Wanpeng Li <wanpengli@tencent.com>
+Date: Fri, 31 Jul 2020 11:12:19 +0800
+Subject: KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled
+
+From: Wanpeng Li <wanpengli@tencent.com>
+
+commit d2286ba7d574ba3103a421a2f9ec17cb5b0d87a1 upstream.
+
+Prevent setting the tscdeadline timer if the lapic is hw disabled.
+
+Fixes: bce87cce88 (KVM: x86: consolidate different ways to test for in-kernel LAPIC)
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
+Message-Id: <1596165141-28874-1-git-send-email-wanpengli@tencent.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/lapic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/lapic.c
++++ b/arch/x86/kvm/lapic.c
+@@ -2085,7 +2085,7 @@ void kvm_set_lapic_tscdeadline_msr(struc
+ {
+ 	struct kvm_lapic *apic = vcpu->arch.apic;
+ 
+-	if (!lapic_in_kernel(vcpu) || apic_lvtt_oneshot(apic) ||
++	if (!kvm_apic_present(vcpu) || apic_lvtt_oneshot(apic) ||
+ 			apic_lvtt_period(apic))
+ 		return;
+ 
diff --git a/queue-5.4/series b/queue-5.4/series
index f340cf0285c..6a6aa71008e 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -82,3 +82,6 @@ cxgb4-add-missing-release-on-skb-in-uld_send.patch
 xen-netfront-fix-potential-deadlock-in-xennet_remove.patch
 risc-v-set-maximum-number-of-mapped-pages-correctly.patch
 drivers-net-wan-lapb-corrected-the-usage-of-skb_cow.patch
+kvm-arm64-don-t-inherit-exec-permission-across-page-table-levels.patch
+kvm-lapic-prevent-setting-the-tscdeadline-timer-if-the-lapic-is-hw-disabled.patch
+x86-i8259-use-printk_deferred-to-prevent-deadlock.patch
diff --git a/queue-5.4/x86-i8259-use-printk_deferred-to-prevent-deadlock.patch b/queue-5.4/x86-i8259-use-printk_deferred-to-prevent-deadlock.patch
new file mode 100644
index 00000000000..63fb6ec8ff9
--- /dev/null
+++ b/queue-5.4/x86-i8259-use-printk_deferred-to-prevent-deadlock.patch
@@ -0,0 +1,51 @@
+From bdd65589593edd79b6a12ce86b3b7a7c6dae5208 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Wed, 29 Jul 2020 10:53:28 +0200
+Subject: x86/i8259: Use printk_deferred() to prevent deadlock
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit bdd65589593edd79b6a12ce86b3b7a7c6dae5208 upstream.
+
+0day reported a possible circular locking dependency:
+
+Chain exists of:
+  &irq_desc_lock_class --> console_owner --> &port_lock_key
+
+ Possible unsafe locking scenario:
+
+       CPU0                    CPU1
+       ----                    ----
+  lock(&port_lock_key);
+                               lock(console_owner);
+                               lock(&port_lock_key);
+  lock(&irq_desc_lock_class);
+
+The reason for this is a printk() in the i8259 interrupt chip driver
+which is invoked with the irq descriptor lock held, which reverses the
+lock operations vs. printk() from arbitrary contexts.
+
+Switch the printk() to printk_deferred() to avoid that.
+
+Reported-by: kernel test robot <lkp@intel.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/87365abt2v.fsf@nanos.tec.linutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/i8259.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/i8259.c
++++ b/arch/x86/kernel/i8259.c
+@@ -207,7 +207,7 @@ spurious_8259A_irq:
+ 		 * lets ACK and report it. [once per IRQ]
+ 		 */
+ 		if (!(spurious_irq_mask & irqmask)) {
+-			printk(KERN_DEBUG
++			printk_deferred(KERN_DEBUG
+ 			       "spurious 8259A interrupt: IRQ%d.\n", irq);
+ 			spurious_irq_mask |= irqmask;
+ 		}