From: Sasha Levin <sashal@kernel.org>
Date: Thu, 9 May 2024 10:09:35 +0000 (-0400)
Subject: Fixes for 5.15
X-Git-Tag: v4.19.314~110
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3d80f28a39dc15e3d57b5c9d6d488ccec6bc8114;p=thirdparty%2Fkernel%2Fstable-queue.git

Fixes for 5.15

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-5.15/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch b/queue-5.15/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch
new file mode 100644
index 00000000000..c0b7aabe2d7
--- /dev/null
+++ b/queue-5.15/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch
@@ -0,0 +1,54 @@
+From e740840063592bcd0ac28468e6376bd01d661cee Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 24 Apr 2024 17:39:58 +0000
+Subject: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
+
+From: Oliver Upton <oliver.upton@linux.dev>
+
+[ Upstream commit 6ddb4f372fc63210034b903d96ebbeb3c7195adb ]
+
+vgic_v2_parse_attr() is responsible for finding the vCPU that matches
+the user-provided CPUID, which (of course) may not be valid. If the ID
+is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled
+gracefully.
+
+Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id()
+actually returns something and fail the ioctl if not.
+
+Cc: stable@vger.kernel.org
+Fixes: 7d450e282171 ("KVM: arm/arm64: vgic-new: Add userland access to VGIC dist registers")
+Reported-by: Alexander Potapenko <glider@google.com>
+Tested-by: Alexander Potapenko <glider@google.com>
+Reviewed-by: Alexander Potapenko <glider@google.com>
+Reviewed-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/r/20240424173959.3776798-2-oliver.upton@linux.dev
+Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c
+index 640cfa0c0f4cc..e80b638b78271 100644
+--- a/arch/arm64/kvm/vgic/vgic-kvm-device.c
++++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c
+@@ -284,12 +284,12 @@ int kvm_register_vgic_device(unsigned long type)
+ int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr,
+ 		       struct vgic_reg_attr *reg_attr)
+ {
+-	int cpuid;
++	int cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr);
+ 
+-	cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr);
+-
+-	reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid);
+ 	reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK;
++	reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid);
++	if (!reg_attr->vcpu)
++		return -EINVAL;
+ 
+ 	return 0;
+ }
+-- 
+2.43.0
+
diff --git a/queue-5.15/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch b/queue-5.15/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch
new file mode 100644
index 00000000000..2ec160c246e
--- /dev/null
+++ b/queue-5.15/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch
@@ -0,0 +1,51 @@
+From 108001239c8553b8406ce278ecab7fbc4bef6659 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 27 Sep 2023 10:09:04 +0100
+Subject: KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
+
+From: Marc Zyngier <maz@kernel.org>
+
+[ Upstream commit 4e7728c81a54b17bd33be402ac140bc11bb0c4f4 ]
+
+When parsing a GICv2 attribute that contains a cpuid, handle this
+as the vcpu_id, not a vcpu_idx, as userspace cannot really know
+the mapping between the two. For this, use kvm_get_vcpu_by_id()
+instead of kvm_get_vcpu().
+
+Take this opportunity to get rid of the pointless check against
+online_vcpus, which doesn't make much sense either, and switch
+to FIELD_GET as a way to extract the vcpu_id.
+
+Reviewed-by: Zenghui Yu <yuzenghui@huawei.com>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/r/20230927090911.3355209-5-maz@kernel.org
+Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
+Stable-dep-of: 6ddb4f372fc6 ("KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c
+index 7740995de982e..640cfa0c0f4cc 100644
+--- a/arch/arm64/kvm/vgic/vgic-kvm-device.c
++++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c
+@@ -286,13 +286,9 @@ int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr,
+ {
+ 	int cpuid;
+ 
+-	cpuid = (attr->attr & KVM_DEV_ARM_VGIC_CPUID_MASK) >>
+-		 KVM_DEV_ARM_VGIC_CPUID_SHIFT;
++	cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr);
+ 
+-	if (cpuid >= atomic_read(&dev->kvm->online_vcpus))
+-		return -EINVAL;
+-
+-	reg_attr->vcpu = kvm_get_vcpu(dev->kvm, cpuid);
++	reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid);
+ 	reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK;
+ 
+ 	return 0;
+-- 
+2.43.0
+
diff --git a/queue-5.15/series b/queue-5.15/series
index db32ea601a0..30ad33c743c 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -62,3 +62,5 @@ drm-panel-ili9341-respect-deferred-probe.patch
 drm-panel-ili9341-use-predefined-error-codes.patch
 net-gro-add-flush-check-in-udp_gro_receive_segment.patch
 clk-sunxi-ng-h6-reparent-cpux-during-pll-cpux-rate-c.patch
+kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch
+kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch