From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 17 May 2021 08:49:10 +0000 (+0200)
Subject: 5.11-stable patches
X-Git-Tag: v5.4.120~49
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a3306a7909aa5995371beddb1f2eef9e9d580385;p=thirdparty%2Fkernel%2Fstable-queue.git

5.11-stable patches

added patches:
	kvm-vmx-disable-preemption-when-probing-user-return-msrs.patch
	kvm-vmx-do-not-advertise-rdpid-if-enable_rdtscp-control-is-unsupported.patch
---

diff --git a/queue-5.11/btrfs-fix-race-leading-to-unpersisted-data-and-metadata-on-fsync.patch b/queue-5.11/btrfs-fix-race-leading-to-unpersisted-data-and-metadata-on-fsync.patch
index f79720522d5..a6f76e5d6e8 100644
--- a/queue-5.11/btrfs-fix-race-leading-to-unpersisted-data-and-metadata-on-fsync.patch
+++ b/queue-5.11/btrfs-fix-race-leading-to-unpersisted-data-and-metadata-on-fsync.patch
@@ -201,9 +201,9 @@ Signed-off-by: Filipe Manana <fdmanana@suse.com>
 Signed-off-by: David Sterba <dsterba@suse.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
- fs/btrfs/file.c     |   35 +++++++++++++++++++++++++----------
+ fs/btrfs/file.c     |   36 +++++++++++++++++++++++++-----------
  fs/btrfs/tree-log.c |    3 ++-
- 2 files changed, 27 insertions(+), 11 deletions(-)
+ 2 files changed, 27 insertions(+), 12 deletions(-)
 
 --- a/fs/btrfs/file.c
 +++ b/fs/btrfs/file.c
@@ -238,7 +238,15 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  /*
   * fsync call for both files and directories.  This logs the inode into
   * the tree log instead of forcing full commits whenever possible.
-@@ -2196,17 +2220,8 @@ int btrfs_sync_file(struct file *file, l
+@@ -2097,7 +2121,6 @@ int btrfs_sync_file(struct file *file, l
+ {
+ 	struct dentry *dentry = file_dentry(file);
+ 	struct inode *inode = d_inode(dentry);
+-	struct btrfs_fs_info *fs_info = btrfs_sb(inode->i_sb);
+ 	struct btrfs_root *root = BTRFS_I(inode)->root;
+ 	struct btrfs_trans_handle *trans;
+ 	struct btrfs_log_ctx ctx;
+@@ -2196,17 +2219,8 @@ int btrfs_sync_file(struct file *file, l
  
  	atomic_inc(&root->log_batch);
  
diff --git a/queue-5.11/kvm-vmx-disable-preemption-when-probing-user-return-msrs.patch b/queue-5.11/kvm-vmx-disable-preemption-when-probing-user-return-msrs.patch
new file mode 100644
index 00000000000..ce10f998ba4
--- /dev/null
+++ b/queue-5.11/kvm-vmx-disable-preemption-when-probing-user-return-msrs.patch
@@ -0,0 +1,82 @@
+From 5104d7ffcf24749939bea7fdb5378d186473f890 Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <seanjc@google.com>
+Date: Tue, 4 May 2021 10:17:24 -0700
+Subject: KVM: VMX: Disable preemption when probing user return MSRs
+
+From: Sean Christopherson <seanjc@google.com>
+
+commit 5104d7ffcf24749939bea7fdb5378d186473f890 upstream.
+
+Disable preemption when probing a user return MSR via RDSMR/WRMSR.  If
+the MSR holds a different value per logical CPU, the WRMSR could corrupt
+the host's value if KVM is preempted between the RDMSR and WRMSR, and
+then rescheduled on a different CPU.
+
+Opportunistically land the helper in common x86, SVM will use the helper
+in a future commit.
+
+Fixes: 4be534102624 ("KVM: VMX: Initialize vmx->guest_msrs[] right after allocation")
+Cc: stable@vger.kernel.org
+Cc: Xiaoyao Li <xiaoyao.li@intel.com>
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Message-Id: <20210504171734.1434054-6-seanjc@google.com>
+Reviewed-by: Jim Mattson <jmattson@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/include/asm/kvm_host.h |    1 +
+ arch/x86/kvm/vmx/vmx.c          |    5 +----
+ arch/x86/kvm/x86.c              |   16 ++++++++++++++++
+ 3 files changed, 18 insertions(+), 4 deletions(-)
+
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -1694,6 +1694,7 @@ int kvm_pv_send_ipi(struct kvm *kvm, uns
+ 		    unsigned long icr, int op_64_bit);
+ 
+ void kvm_define_user_return_msr(unsigned index, u32 msr);
++int kvm_probe_user_return_msr(u32 msr);
+ int kvm_set_user_return_msr(unsigned index, u64 val, u64 mask);
+ 
+ u64 kvm_scale_tsc(struct kvm_vcpu *vcpu, u64 tsc);
+--- a/arch/x86/kvm/vmx/vmx.c
++++ b/arch/x86/kvm/vmx/vmx.c
+@@ -6850,12 +6850,9 @@ static int vmx_create_vcpu(struct kvm_vc
+ 
+ 	for (i = 0; i < ARRAY_SIZE(vmx_uret_msrs_list); ++i) {
+ 		u32 index = vmx_uret_msrs_list[i];
+-		u32 data_low, data_high;
+ 		int j = vmx->nr_uret_msrs;
+ 
+-		if (rdmsr_safe(index, &data_low, &data_high) < 0)
+-			continue;
+-		if (wrmsr_safe(index, data_low, data_high) < 0)
++		if (kvm_probe_user_return_msr(index))
+ 			continue;
+ 
+ 		vmx->guest_uret_msrs[j].slot = i;
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -323,6 +323,22 @@ static void kvm_on_user_return(struct us
+ 	}
+ }
+ 
++int kvm_probe_user_return_msr(u32 msr)
++{
++	u64 val;
++	int ret;
++
++	preempt_disable();
++	ret = rdmsrl_safe(msr, &val);
++	if (ret)
++		goto out;
++	ret = wrmsrl_safe(msr, val);
++out:
++	preempt_enable();
++	return ret;
++}
++EXPORT_SYMBOL_GPL(kvm_probe_user_return_msr);
++
+ void kvm_define_user_return_msr(unsigned slot, u32 msr)
+ {
+ 	BUG_ON(slot >= KVM_MAX_NR_USER_RETURN_MSRS);
diff --git a/queue-5.11/kvm-vmx-do-not-advertise-rdpid-if-enable_rdtscp-control-is-unsupported.patch b/queue-5.11/kvm-vmx-do-not-advertise-rdpid-if-enable_rdtscp-control-is-unsupported.patch
new file mode 100644
index 00000000000..567a8b7d64c
--- /dev/null
+++ b/queue-5.11/kvm-vmx-do-not-advertise-rdpid-if-enable_rdtscp-control-is-unsupported.patch
@@ -0,0 +1,42 @@
+From 8aec21c04caa2000f91cf8822ae0811e4b0c3971 Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <seanjc@google.com>
+Date: Tue, 4 May 2021 10:17:20 -0700
+Subject: KVM: VMX: Do not advertise RDPID if ENABLE_RDTSCP control is unsupported
+
+From: Sean Christopherson <seanjc@google.com>
+
+commit 8aec21c04caa2000f91cf8822ae0811e4b0c3971 upstream.
+
+Clear KVM's RDPID capability if the ENABLE_RDTSCP secondary exec control is
+unsupported.  Despite being enumerated in a separate CPUID flag, RDPID is
+bundled under the same VMCS control as RDTSCP and will #UD in VMX non-root
+if ENABLE_RDTSCP is not enabled.
+
+Fixes: 41cd02c6f7f6 ("kvm: x86: Expose RDPID in KVM_GET_SUPPORTED_CPUID")
+Cc: stable@vger.kernel.org
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Message-Id: <20210504171734.1434054-2-seanjc@google.com>
+Reviewed-by: Jim Mattson <jmattson@google.com>
+Reviewed-by: Reiji Watanabe <reijiw@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/vmx/vmx.c |    6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/vmx/vmx.c
++++ b/arch/x86/kvm/vmx/vmx.c
+@@ -7288,9 +7288,11 @@ static __init void vmx_set_cpu_caps(void
+ 	if (!cpu_has_vmx_xsaves())
+ 		kvm_cpu_cap_clear(X86_FEATURE_XSAVES);
+ 
+-	/* CPUID 0x80000001 */
+-	if (!cpu_has_vmx_rdtscp())
++	/* CPUID 0x80000001 and 0x7 (RDPID) */
++	if (!cpu_has_vmx_rdtscp()) {
+ 		kvm_cpu_cap_clear(X86_FEATURE_RDTSCP);
++		kvm_cpu_cap_clear(X86_FEATURE_RDPID);
++	}
+ 
+ 	if (cpu_has_vmx_waitpkg())
+ 		kvm_cpu_cap_check_and_set(X86_FEATURE_WAITPKG);
diff --git a/queue-5.11/series b/queue-5.11/series
index a1bcb6e1360..b183740fd59 100644
--- a/queue-5.11/series
+++ b/queue-5.11/series
@@ -298,3 +298,5 @@ xen-gntdev-fix-gntdev_mmap-error-exit-path.patch
 kvm-x86-emulate-rdpid-only-if-rdtscp-is-supported.patch
 kvm-x86-move-rdpid-emulation-intercept-to-its-own-enum.patch
 kvm-nvmx-always-make-an-attempt-to-map-evmcs-after-migration.patch
+kvm-vmx-do-not-advertise-rdpid-if-enable_rdtscp-control-is-unsupported.patch
+kvm-vmx-disable-preemption-when-probing-user-return-msrs.patch