From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 19 Nov 2018 15:22:57 +0000 (+0100)
Subject: 4.9-stable patches
X-Git-Tag: v4.19.3~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=47ea51bfd6596fec75a904d554458b17861ae189;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	kvm-arm64-fix-caching-of-host-mdcr_el2-value.patch
	ovl-check-whiteout-in-ovl_create_over_whiteout.patch
---

diff --git a/queue-4.9/kvm-arm64-fix-caching-of-host-mdcr_el2-value.patch b/queue-4.9/kvm-arm64-fix-caching-of-host-mdcr_el2-value.patch
new file mode 100644
index 00000000000..b9b28cd5df2
--- /dev/null
+++ b/queue-4.9/kvm-arm64-fix-caching-of-host-mdcr_el2-value.patch
@@ -0,0 +1,57 @@
+From da5a3ce66b8bb51b0ea8a89f42aac153903f90fb Mon Sep 17 00:00:00 2001
+From: Mark Rutland <mark.rutland@arm.com>
+Date: Wed, 17 Oct 2018 17:42:10 +0100
+Subject: KVM: arm64: Fix caching of host MDCR_EL2 value
+
+From: Mark Rutland <mark.rutland@arm.com>
+
+commit da5a3ce66b8bb51b0ea8a89f42aac153903f90fb upstream.
+
+At boot time, KVM stashes the host MDCR_EL2 value, but only does this
+when the kernel is not running in hyp mode (i.e. is non-VHE). In these
+cases, the stashed value of MDCR_EL2.HPMN happens to be zero, which can
+lead to CONSTRAINED UNPREDICTABLE behaviour.
+
+Since we use this value to derive the MDCR_EL2 value when switching
+to/from a guest, after a guest have been run, the performance counters
+do not behave as expected. This has been observed to result in accesses
+via PMXEVTYPER_EL0 and PMXEVCNTR_EL0 not affecting the relevant
+counters, resulting in events not being counted. In these cases, only
+the fixed-purpose cycle counter appears to work as expected.
+
+Fix this by always stashing the host MDCR_EL2 value, regardless of VHE.
+
+Cc: Christopher Dall <christoffer.dall@arm.com>
+Cc: James Morse <james.morse@arm.com>
+Cc: Will Deacon <will.deacon@arm.com>
+Cc: stable@vger.kernel.org
+Fixes: 1e947bad0b63b351 ("arm64: KVM: Skip HYP setup when already running in HYP")
+Tested-by: Robin Murphy <robin.murphy@arm.com>
+Signed-off-by: Mark Rutland <mark.rutland@arm.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/kvm/arm.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/arm/kvm/arm.c
++++ b/arch/arm/kvm/arm.c
+@@ -1092,8 +1092,6 @@ static void cpu_init_hyp_mode(void *dumm
+ 
+ 	__cpu_init_hyp_mode(pgd_ptr, hyp_stack_ptr, vector_ptr);
+ 	__cpu_init_stage2();
+-
+-	kvm_arm_init_debug();
+ }
+ 
+ static void cpu_hyp_reinit(void)
+@@ -1108,6 +1106,8 @@ static void cpu_hyp_reinit(void)
+ 		if (__hyp_get_vectors() == hyp_default_vectors)
+ 			cpu_init_hyp_mode(NULL);
+ 	}
++
++	kvm_arm_init_debug();
+ }
+ 
+ static void cpu_hyp_reset(void)
diff --git a/queue-4.9/ovl-check-whiteout-in-ovl_create_over_whiteout.patch b/queue-4.9/ovl-check-whiteout-in-ovl_create_over_whiteout.patch
new file mode 100644
index 00000000000..7810174bc47
--- /dev/null
+++ b/queue-4.9/ovl-check-whiteout-in-ovl_create_over_whiteout.patch
@@ -0,0 +1,48 @@
+From 5e1275808630ea3b2c97c776f40e475017535f72 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Wed, 31 Oct 2018 12:15:23 +0100
+Subject: ovl: check whiteout in ovl_create_over_whiteout()
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit 5e1275808630ea3b2c97c776f40e475017535f72 upstream.
+
+Kaixuxia repors that it's possible to crash overlayfs by removing the
+whiteout on the upper layer before creating a directory over it.  This is a
+reproducer:
+
+ mkdir lower upper work merge
+ touch lower/file
+ mount -t overlay overlay -olowerdir=lower,upperdir=upper,workdir=work merge
+ rm merge/file
+ ls -al merge/file
+ rm upper/file
+ ls -al merge/
+ mkdir merge/file
+
+Before commencing with a vfs_rename(..., RENAME_EXCHANGE) verify that the
+lookup of "upper" is positive and is a whiteout, and return ESTALE
+otherwise.
+
+Reported by: kaixuxia <xiakaixu1987@gmail.com>
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Fixes: e9be9d5e76e3 ("overlay filesystem")
+Cc: <stable@vger.kernel.org> # v3.18
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+--- a/fs/overlayfs/dir.c
++++ b/fs/overlayfs/dir.c
+@@ -392,6 +392,10 @@ static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode,
+ 	if (IS_ERR(upper))
+ 		goto out_dput;
+ 
++	err = -ESTALE;
++	if (d_is_negative(upper) || !IS_WHITEOUT(d_inode(upper)))
++		goto out_dput2;
++
+ 	err = ovl_create_real(wdir, newdentry, cattr, hardlink, true);
+ 	if (err)
+ 		goto out_dput2;
+-- 
+2.14.5
+
diff --git a/queue-4.9/series b/queue-4.9/series
index a79127736a0..4c7665a9ac7 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -79,3 +79,5 @@ drm-rockchip-allow-driver-to-be-shutdown-on-reboot-kexec.patch
 drm-dp_mst-check-if-primary-mstb-is-null.patch
 drm-i915-hdmi-add-hdmi-2.0-audio-clock-recovery-n-values.patch
 drm-i915-execlists-force-write-serialisation-into-context-image-vs-execution.patch
+kvm-arm64-fix-caching-of-host-mdcr_el2-value.patch
+ovl-check-whiteout-in-ovl_create_over_whiteout.patch