From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 26 Jun 2023 14:23:42 +0000 (+0200)
Subject: 6.3-stable patches
X-Git-Tag: v4.14.320~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=43d3f0aee96f7c2fb28e49c46480340accf265b9;p=thirdparty%2Fkernel%2Fstable-queue.git

6.3-stable patches

added patches:
	kvm-arm64-restore-gicv2-on-gicv3-functionality.patch
	netfilter-nf_tables-drop-module-reference-after-updating-chain.patch
---

diff --git a/queue-6.3/kvm-arm64-restore-gicv2-on-gicv3-functionality.patch b/queue-6.3/kvm-arm64-restore-gicv2-on-gicv3-functionality.patch
new file mode 100644
index 00000000000..56984405f78
--- /dev/null
+++ b/queue-6.3/kvm-arm64-restore-gicv2-on-gicv3-functionality.patch
@@ -0,0 +1,67 @@
+From 1caa71a7a600f7781ce05ef1e84701c459653663 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <maz@kernel.org>
+Date: Wed, 7 Jun 2023 15:38:44 +0100
+Subject: KVM: arm64: Restore GICv2-on-GICv3 functionality
+
+From: Marc Zyngier <maz@kernel.org>
+
+commit 1caa71a7a600f7781ce05ef1e84701c459653663 upstream.
+
+When reworking the vgic locking, the vgic distributor registration
+got simplified, which was a very good cleanup. But just a tad too
+radical, as we now register the *native* vgic only, ignoring the
+GICv2-on-GICv3 that allows pre-historic VMs (or so I thought)
+to run.
+
+As it turns out, QEMU still defaults to GICv2 in some cases, and
+this breaks Nathan's setup!
+
+Fix it by propagating the *requested* vgic type rather than the
+host's version.
+
+Fixes: 59112e9c390b ("KVM: arm64: vgic: Fix a circular locking issue")
+Reported-by: Nathan Chancellor <nathan@kernel.org>
+Tested-by: Nathan Chancellor <nathan@kernel.org>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+link: https://lore.kernel.org/r/20230606221525.GA2269598@dev-arch.thelio-3990X
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/kvm/vgic/vgic-init.c |   11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+--- a/arch/arm64/kvm/vgic/vgic-init.c
++++ b/arch/arm64/kvm/vgic/vgic-init.c
+@@ -446,6 +446,7 @@ int vgic_lazy_init(struct kvm *kvm)
+ int kvm_vgic_map_resources(struct kvm *kvm)
+ {
+ 	struct vgic_dist *dist = &kvm->arch.vgic;
++	enum vgic_type type;
+ 	gpa_t dist_base;
+ 	int ret = 0;
+ 
+@@ -460,10 +461,13 @@ int kvm_vgic_map_resources(struct kvm *k
+ 	if (!irqchip_in_kernel(kvm))
+ 		goto out;
+ 
+-	if (dist->vgic_model == KVM_DEV_TYPE_ARM_VGIC_V2)
++	if (dist->vgic_model == KVM_DEV_TYPE_ARM_VGIC_V2) {
+ 		ret = vgic_v2_map_resources(kvm);
+-	else
++		type = VGIC_V2;
++	} else {
+ 		ret = vgic_v3_map_resources(kvm);
++		type = VGIC_V3;
++	}
+ 
+ 	if (ret) {
+ 		__kvm_vgic_destroy(kvm);
+@@ -473,8 +477,7 @@ int kvm_vgic_map_resources(struct kvm *k
+ 	dist_base = dist->vgic_dist_base;
+ 	mutex_unlock(&kvm->arch.config_lock);
+ 
+-	ret = vgic_register_dist_iodev(kvm, dist_base,
+-				       kvm_vgic_global_state.type);
++	ret = vgic_register_dist_iodev(kvm, dist_base, type);
+ 	if (ret) {
+ 		kvm_err("Unable to register VGIC dist MMIO regions\n");
+ 		kvm_vgic_destroy(kvm);
diff --git a/queue-6.3/netfilter-nf_tables-drop-module-reference-after-updating-chain.patch b/queue-6.3/netfilter-nf_tables-drop-module-reference-after-updating-chain.patch
new file mode 100644
index 00000000000..88049c9ff9c
--- /dev/null
+++ b/queue-6.3/netfilter-nf_tables-drop-module-reference-after-updating-chain.patch
@@ -0,0 +1,29 @@
+From 043d2acf57227db1fdaaa620b2a420acfaa56d6e Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Wed, 14 Jun 2023 23:20:18 +0200
+Subject: netfilter: nf_tables: drop module reference after updating chain
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 043d2acf57227db1fdaaa620b2a420acfaa56d6e upstream.
+
+Otherwise the module reference counter is leaked.
+
+Fixes b9703ed44ffb ("netfilter: nf_tables: support for adding new devices to an existing netdev chain")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nf_tables_api.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -2664,6 +2664,8 @@ static int nf_tables_updchain(struct nft
+ 	nft_trans_basechain(trans) = basechain;
+ 	INIT_LIST_HEAD(&nft_trans_chain_hooks(trans));
+ 	list_splice(&hook.list, &nft_trans_chain_hooks(trans));
++	if (nla[NFTA_CHAIN_HOOK])
++		module_put(hook.type->owner);
+ 
+ 	nft_trans_commit_list_add_tail(ctx->net, trans);
+ 
diff --git a/queue-6.3/series b/queue-6.3/series
index c2c22bbf31f..53268810352 100644
--- a/queue-6.3/series
+++ b/queue-6.3/series
@@ -192,3 +192,5 @@ vhost_net-revert-upend_idx-only-on-retriable-error.patch
 x86-unwind-orc-add-elf-section-with-orc-version-iden.patch
 x86-apic-fix-kernel-panic-when-booting-with-intremap.patch
 i2c-imx-lpi2c-fix-type-char-overflow-issue-when-calc.patch
+netfilter-nf_tables-drop-module-reference-after-updating-chain.patch
+kvm-arm64-restore-gicv2-on-gicv3-functionality.patch