From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 26 Feb 2020 18:23:09 +0000 (+0100)
Subject: 5.4-stable patches
X-Git-Tag: v4.4.215~52
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a9036e5b2779115d3d3ca52ddb14ccfcbf90e750;p=thirdparty%2Fkernel%2Fstable-queue.git

5.4-stable patches

added patches:
	kvm-nvmx-don-t-emulate-instructions-in-guest-mode.patch
	kvm-x86-don-t-notify-userspace-ioapic-on-edge-triggered-interrupt-eoi.patch
	sched-psi-fix-oob-write-when-writing-0-bytes-to-psi-files.patch
---

diff --git a/queue-5.4/kvm-nvmx-don-t-emulate-instructions-in-guest-mode.patch b/queue-5.4/kvm-nvmx-don-t-emulate-instructions-in-guest-mode.patch
new file mode 100644
index 00000000000..c807541d9d5
--- /dev/null
+++ b/queue-5.4/kvm-nvmx-don-t-emulate-instructions-in-guest-mode.patch
@@ -0,0 +1,34 @@
+From 07721feee46b4b248402133228235318199b05ec Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Tue, 4 Feb 2020 15:26:29 -0800
+Subject: KVM: nVMX: Don't emulate instructions in guest mode
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+commit 07721feee46b4b248402133228235318199b05ec upstream.
+
+vmx_check_intercept is not yet fully implemented. To avoid emulating
+instructions disallowed by the L1 hypervisor, refuse to emulate
+instructions by default.
+
+Cc: stable@vger.kernel.org
+[Made commit, added commit msg - Oliver]
+Signed-off-by: Oliver Upton <oupton@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/vmx/vmx.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/vmx/vmx.c
++++ b/arch/x86/kvm/vmx/vmx.c
+@@ -7151,7 +7151,7 @@ static int vmx_check_intercept(struct kv
+ 	}
+ 
+ 	/* TODO: check more intercepts... */
+-	return X86EMUL_CONTINUE;
++	return X86EMUL_UNHANDLEABLE;
+ }
+ 
+ #ifdef CONFIG_X86_64
diff --git a/queue-5.4/kvm-x86-don-t-notify-userspace-ioapic-on-edge-triggered-interrupt-eoi.patch b/queue-5.4/kvm-x86-don-t-notify-userspace-ioapic-on-edge-triggered-interrupt-eoi.patch
new file mode 100644
index 00000000000..fda6473e829
--- /dev/null
+++ b/queue-5.4/kvm-x86-don-t-notify-userspace-ioapic-on-edge-triggered-interrupt-eoi.patch
@@ -0,0 +1,38 @@
+From 7455a8327674e1a7c9a1f5dd1b0743ab6713f6d1 Mon Sep 17 00:00:00 2001
+From: Miaohe Lin <linmiaohe@huawei.com>
+Date: Fri, 14 Feb 2020 10:32:38 +0800
+Subject: KVM: x86: don't notify userspace IOAPIC on edge-triggered interrupt EOI
+
+From: Miaohe Lin <linmiaohe@huawei.com>
+
+commit 7455a8327674e1a7c9a1f5dd1b0743ab6713f6d1 upstream.
+
+Commit 13db77347db1 ("KVM: x86: don't notify userspace IOAPIC on edge
+EOI") said, edge-triggered interrupts don't set a bit in TMR, which means
+that IOAPIC isn't notified on EOI. And var level indicates level-triggered
+interrupt.
+But commit 3159d36ad799 ("KVM: x86: use generic function for MSI parsing")
+replace var level with irq.level by mistake. Fix it by changing irq.level
+to irq.trig_mode.
+
+Cc: stable@vger.kernel.org
+Fixes: 3159d36ad799 ("KVM: x86: use generic function for MSI parsing")
+Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/irq_comm.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/irq_comm.c
++++ b/arch/x86/kvm/irq_comm.c
+@@ -416,7 +416,7 @@ void kvm_scan_ioapic_routes(struct kvm_v
+ 
+ 			kvm_set_msi_irq(vcpu->kvm, entry, &irq);
+ 
+-			if (irq.level && kvm_apic_match_dest(vcpu, NULL, 0,
++			if (irq.trig_mode && kvm_apic_match_dest(vcpu, NULL, 0,
+ 						irq.dest_id, irq.dest_mode))
+ 				__set_bit(irq.vector, ioapic_handled_vectors);
+ 		}
diff --git a/queue-5.4/sched-psi-fix-oob-write-when-writing-0-bytes-to-psi-files.patch b/queue-5.4/sched-psi-fix-oob-write-when-writing-0-bytes-to-psi-files.patch
new file mode 100644
index 00000000000..95b9c013244
--- /dev/null
+++ b/queue-5.4/sched-psi-fix-oob-write-when-writing-0-bytes-to-psi-files.patch
@@ -0,0 +1,37 @@
+From 6fcca0fa48118e6d63733eb4644c6cd880c15b8f Mon Sep 17 00:00:00 2001
+From: Suren Baghdasaryan <surenb@google.com>
+Date: Mon, 3 Feb 2020 13:22:16 -0800
+Subject: sched/psi: Fix OOB write when writing 0 bytes to PSI files
+
+From: Suren Baghdasaryan <surenb@google.com>
+
+commit 6fcca0fa48118e6d63733eb4644c6cd880c15b8f upstream.
+
+Issuing write() with count parameter set to 0 on any file under
+/proc/pressure/ will cause an OOB write because of the access to
+buf[buf_size-1] when NUL-termination is performed. Fix this by checking
+for buf_size to be non-zero.
+
+Signed-off-by: Suren Baghdasaryan <surenb@google.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Acked-by: Johannes Weiner <hannes@cmpxchg.org>
+Link: https://lkml.kernel.org/r/20200203212216.7076-1-surenb@google.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/sched/psi.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/kernel/sched/psi.c
++++ b/kernel/sched/psi.c
+@@ -1199,6 +1199,9 @@ static ssize_t psi_write(struct file *fi
+ 	if (static_branch_likely(&psi_disabled))
+ 		return -EOPNOTSUPP;
+ 
++	if (!nbytes)
++		return -EINVAL;
++
+ 	buf_size = min(nbytes, sizeof(buf));
+ 	if (copy_from_user(buf, user_buf, buf_size))
+ 		return -EFAULT;
diff --git a/queue-5.4/series b/queue-5.4/series
index 08d7118d8b5..e2325595720 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -73,3 +73,6 @@ drm-amdgpu-gfx10-disable-gfxoff-when-reading-rlc-clock.patch
 drm-nouveau-kms-gv100-re-set-lut-after-clearing-for-modesets.patch
 drm-i915-wean-off-drm_pci_alloc-drm_pci_free.patch
 drm-i915-update-drm-i915-bug-filing-url.patch
+sched-psi-fix-oob-write-when-writing-0-bytes-to-psi-files.patch
+kvm-nvmx-don-t-emulate-instructions-in-guest-mode.patch
+kvm-x86-don-t-notify-userspace-ioapic-on-edge-triggered-interrupt-eoi.patch