From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 27 Jul 2021 11:20:40 +0000 (+0200)
Subject: 4.19-stable patches
X-Git-Tag: v4.4.277~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=523bd7b0ff97869ebad7aa343c3004ca38da5048;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	kvm-use-kvm_pfn_t-for-local-pfn-variable-in-hva_to_pfn_remapped.patch
---

diff --git a/queue-4.19/kvm-use-kvm_pfn_t-for-local-pfn-variable-in-hva_to_pfn_remapped.patch b/queue-4.19/kvm-use-kvm_pfn_t-for-local-pfn-variable-in-hva_to_pfn_remapped.patch
new file mode 100644
index 00000000000..462b958978e
--- /dev/null
+++ b/queue-4.19/kvm-use-kvm_pfn_t-for-local-pfn-variable-in-hva_to_pfn_remapped.patch
@@ -0,0 +1,50 @@
+From a9545779ee9e9e103648f6f2552e73cfe808d0f4 Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <seanjc@google.com>
+Date: Mon, 8 Feb 2021 12:19:40 -0800
+Subject: KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Sean Christopherson <seanjc@google.com>
+
+commit a9545779ee9e9e103648f6f2552e73cfe808d0f4 upstream.
+
+Use kvm_pfn_t, a.k.a. u64, for the local 'pfn' variable when retrieving
+a so called "remapped" hva/pfn pair.  In theory, the hva could resolve to
+a pfn in high memory on a 32-bit kernel.
+
+This bug was inadvertantly exposed by commit bd2fae8da794 ("KVM: do not
+assume PTE is writable after follow_pfn"), which added an error PFN value
+to the mix, causing gcc to comlain about overflowing the unsigned long.
+
+  arch/x86/kvm/../../../virt/kvm/kvm_main.c: In function âhva_to_pfn_remappedâ:
+  include/linux/kvm_host.h:89:30: error: conversion from âlong long unsigned intâ
+                                  to âlong unsigned intâ changes value from
+                                  â9218868437227405314â to â2â [-Werror=overflow]
+   89 | #define KVM_PFN_ERR_RO_FAULT (KVM_PFN_ERR_MASK + 2)
+      |                              ^
+virt/kvm/kvm_main.c:1935:9: note: in expansion of macro âKVM_PFN_ERR_RO_FAULTâ
+
+Cc: stable@vger.kernel.org
+Fixes: add6a0cd1c5b ("KVM: MMU: try to fix up page faults before giving up")
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Message-Id: <20210208201940.1258328-1-seanjc@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ virt/kvm/kvm_main.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/virt/kvm/kvm_main.c
++++ b/virt/kvm/kvm_main.c
+@@ -1501,7 +1501,7 @@ static int hva_to_pfn_remapped(struct vm
+ 			       bool write_fault, bool *writable,
+ 			       kvm_pfn_t *p_pfn)
+ {
+-	unsigned long pfn;
++	kvm_pfn_t pfn;
+ 	pte_t *ptep;
+ 	spinlock_t *ptl;
+ 	int r;
diff --git a/queue-4.19/series b/queue-4.19/series
index db27258d0b4..515b4f4689b 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -108,6 +108,7 @@ nds32-fix-up-stack-guard-gap.patch
 drm-return-enotty-for-non-drm-ioctls.patch
 kvm-do-not-assume-pte-is-writable-after-follow_pfn.patch
 kvm-do-not-allow-mapping-valid-but-non-reference-counted-pages.patch
+kvm-use-kvm_pfn_t-for-local-pfn-variable-in-hva_to_pfn_remapped.patch
 net-dsa-mv88e6xxx-use-correct-.stats_set_histogram-on-topaz.patch
 net-bcmgenet-ensure-ext_energy_det_mask-is-clear.patch
 iio-accel-bma180-use-explicit-member-assignment.patch