From: Greg Kroah-Hartman Date: Mon, 28 Jan 2019 13:53:34 +0000 (+0100) Subject: 4.4-stable patches X-Git-Tag: v4.9.154~39 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=75b6d0fed6fa814fd0412102a7ff6e60f2914472;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: kvm-x86-fix-single-step-debugging.patch x86-kaslr-fix-incorrect-i8254-outb-parameters.patch --- diff --git a/queue-4.4/kvm-x86-fix-single-step-debugging.patch b/queue-4.4/kvm-x86-fix-single-step-debugging.patch new file mode 100644 index 00000000000..0a11ec7ada4 --- /dev/null +++ b/queue-4.4/kvm-x86-fix-single-step-debugging.patch @@ -0,0 +1,43 @@ +From 5cc244a20b86090c087073c124284381cdf47234 Mon Sep 17 00:00:00 2001 +From: Alexander Popov +Date: Mon, 21 Jan 2019 15:48:40 +0300 +Subject: KVM: x86: Fix single-step debugging + +From: Alexander Popov + +commit 5cc244a20b86090c087073c124284381cdf47234 upstream. + +The single-step debugging of KVM guests on x86 is broken: if we run +gdb 'stepi' command at the breakpoint when the guest interrupts are +enabled, RIP always jumps to native_apic_mem_write(). Then other +nasty effects follow. + +Long investigation showed that on Jun 7, 2017 the +commit c8401dda2f0a00cd25c0 ("KVM: x86: fix singlestepping over syscall") +introduced the kvm_run.debug corruption: kvm_vcpu_do_singlestep() can +be called without X86_EFLAGS_TF set. + +Let's fix it. Please consider that for -stable. + +Signed-off-by: Alexander Popov +Cc: stable@vger.kernel.org +Fixes: c8401dda2f0a00cd25c0 ("KVM: x86: fix singlestepping over syscall") +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/x86.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -5524,8 +5524,7 @@ restart: + toggle_interruptibility(vcpu, ctxt->interruptibility); + vcpu->arch.emulate_regs_need_sync_to_vcpu = false; + kvm_rip_write(vcpu, ctxt->eip); +- if (r == EMULATE_DONE && +- (ctxt->tf || (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP))) ++ if (r == EMULATE_DONE && ctxt->tf) + kvm_vcpu_do_singlestep(vcpu, &r); + if (!ctxt->have_exception || + exception_type(ctxt->exception.vector) == EXCPT_TRAP) diff --git a/queue-4.4/series b/queue-4.4/series index 905ecc4263f..565e17f10e1 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -16,3 +16,5 @@ tty-handle-problem-if-line-discipline-does-not-have-receive_buf.patch tty-n_hdlc-fix-__might_sleep-warning.patch cifs-fix-possible-hang-during-async-mtu-reads-and-writes.patch input-xpad-add-support-for-steelseries-stratus-duo.patch +kvm-x86-fix-single-step-debugging.patch +x86-kaslr-fix-incorrect-i8254-outb-parameters.patch diff --git a/queue-4.4/x86-kaslr-fix-incorrect-i8254-outb-parameters.patch b/queue-4.4/x86-kaslr-fix-incorrect-i8254-outb-parameters.patch new file mode 100644 index 00000000000..642e0e05fd8 --- /dev/null +++ b/queue-4.4/x86-kaslr-fix-incorrect-i8254-outb-parameters.patch @@ -0,0 +1,39 @@ +From 7e6fc2f50a3197d0e82d1c0e86282976c9e6c8a4 Mon Sep 17 00:00:00 2001 +From: Daniel Drake +Date: Mon, 7 Jan 2019 11:40:24 +0800 +Subject: x86/kaslr: Fix incorrect i8254 outb() parameters + +From: Daniel Drake + +commit 7e6fc2f50a3197d0e82d1c0e86282976c9e6c8a4 upstream. + +The outb() function takes parameters value and port, in that order. Fix +the parameters used in the kalsr i8254 fallback code. + +Fixes: 5bfce5ef55cb ("x86, kaslr: Provide randomness functions") +Signed-off-by: Daniel Drake +Signed-off-by: Thomas Gleixner +Cc: bp@alien8.de +Cc: hpa@zytor.com +Cc: linux@endlessm.com +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20190107034024.15005-1-drake@endlessm.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/boot/compressed/aslr.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/x86/boot/compressed/aslr.c ++++ b/arch/x86/boot/compressed/aslr.c +@@ -25,8 +25,8 @@ static inline u16 i8254(void) + u16 status, timer; + + do { +- outb(I8254_PORT_CONTROL, +- I8254_CMD_READBACK | I8254_SELECT_COUNTER0); ++ outb(I8254_CMD_READBACK | I8254_SELECT_COUNTER0, ++ I8254_PORT_CONTROL); + status = inb(I8254_PORT_COUNTER0); + timer = inb(I8254_PORT_COUNTER0); + timer |= inb(I8254_PORT_COUNTER0) << 8;