From: Greg Kroah-Hartman Date: Sat, 24 Oct 2020 09:47:05 +0000 (+0200) Subject: 5.9-stable patches X-Git-Tag: v4.4.241~43 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c5cef8c1595e207c9440a2f1bb646c40a3e08c9d;p=thirdparty%2Fkernel%2Fstable-queue.git 5.9-stable patches added patches: alsa-hda-don-t-register-a-cb-func-if-it-is-registered-already.patch alsa-hda-fix-the-return-value-if-cb-func-is-already-registered.patch alsa-hda-realtek-add-mute-led-support-for-hp-elitebook-845-g7.patch alsa-hda-realtek-enable-audio-jacks-of-asus-d700sa-with-alc887.patch alsa-hda-realtek-set-mic-to-auto-detect-on-a-hp-aio-machine.patch alsa-hda-realtek-the-front-mic-on-a-hp-machine-doesn-t-work.patch alsa-usb-audio-line6-pod-go-interface-requires-static-clock-rate-quirk.patch arm64-make-use-of-arch_workaround_1-even-when-kvm-is-not-enabled.patch cifs-remove-bogus-debug-code.patch cifs-return-the-error-from-crypt_message-when-enc-dec-key-not-found.patch kvm-nvmx-morph-notification-vector-irq-on-nested-vm-enter-to-pending-pi.patch kvm-nvmx-reload-vmcs01-if-getting-vmcs12-s-pages-fails.patch kvm-nvmx-reset-the-segment-cache-when-stuffing-guest-segs.patch kvm-svm-initialize-prev_ga_tag-before-use.patch kvm-x86-intercept-la57-to-inject-gp-fault-when-it-s-reserved.patch kvm-x86-mmu-commit-zap-of-remaining-invalid-pages-when-recovering-lpages.patch smb3-do-not-try-to-cache-root-directory-if-dir-leases-not-supported.patch smb3-fix-stat-when-special-device-file-and-mounted-with-modefromsid.patch smb3-resolve-data-corruption-of-tcp-server-info-fields.patch smb3.1.1-fix-ids-returned-in-posix-query-dir.patch --- diff --git a/queue-5.9/alsa-hda-don-t-register-a-cb-func-if-it-is-registered-already.patch b/queue-5.9/alsa-hda-don-t-register-a-cb-func-if-it-is-registered-already.patch new file mode 100644 index 00000000000..3c30b26709f --- /dev/null +++ b/queue-5.9/alsa-hda-don-t-register-a-cb-func-if-it-is-registered-already.patch @@ -0,0 +1,58 @@ +From f4794c6064a83d2c57b264bd299c367d172d1044 Mon Sep 17 00:00:00 2001 +From: Hui Wang +Date: Wed, 30 Sep 2020 13:51:46 +0800 +Subject: ALSA: hda - Don't register a cb func if it is registered already + +From: Hui Wang + +commit f4794c6064a83d2c57b264bd299c367d172d1044 upstream. + +If the caller of enable_callback_mst() passes a cb func, the callee +function will malloc memory and link this cb func to the list +unconditionally. This will introduce problem if caller is in the +hda_codec_ops.init() since the init() will be repeatedly called in the +codec rt_resume(). + +So far, the patch_hdmi.c and patch_ca0132.c call enable_callback_mst() +in the hda_codec_ops.init(). + +Signed-off-by: Hui Wang +Cc: +Link: https://lore.kernel.org/r/20200930055146.5665-1-hui.wang@canonical.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/hda_jack.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +--- a/sound/pci/hda/hda_jack.c ++++ b/sound/pci/hda/hda_jack.c +@@ -275,6 +275,18 @@ int snd_hda_jack_detect_state_mst(struct + } + EXPORT_SYMBOL_GPL(snd_hda_jack_detect_state_mst); + ++static bool func_is_already_in_callback_list(struct hda_jack_tbl *jack, ++ hda_jack_callback_fn func) ++{ ++ struct hda_jack_callback *cb; ++ ++ for (cb = jack->callback; cb; cb = cb->next) { ++ if (cb->func == func) ++ return true; ++ } ++ return false; ++} ++ + /** + * snd_hda_jack_detect_enable_mst - enable the jack-detection + * @codec: the HDA codec +@@ -297,7 +309,7 @@ snd_hda_jack_detect_enable_callback_mst( + jack = snd_hda_jack_tbl_new(codec, nid, dev_id); + if (!jack) + return ERR_PTR(-ENOMEM); +- if (func) { ++ if (func && !func_is_already_in_callback_list(jack, func)) { + callback = kzalloc(sizeof(*callback), GFP_KERNEL); + if (!callback) + return ERR_PTR(-ENOMEM); diff --git a/queue-5.9/alsa-hda-fix-the-return-value-if-cb-func-is-already-registered.patch b/queue-5.9/alsa-hda-fix-the-return-value-if-cb-func-is-already-registered.patch new file mode 100644 index 00000000000..e61c1ed7fea --- /dev/null +++ b/queue-5.9/alsa-hda-fix-the-return-value-if-cb-func-is-already-registered.patch @@ -0,0 +1,68 @@ +From 033e4040d453f1f7111e5957a54f3019eb089cc6 Mon Sep 17 00:00:00 2001 +From: Hui Wang +Date: Thu, 22 Oct 2020 11:02:21 +0800 +Subject: ALSA: hda - Fix the return value if cb func is already registered + +From: Hui Wang + +commit 033e4040d453f1f7111e5957a54f3019eb089cc6 upstream. + +If the cb function is already registered, should return the pointer +of the structure hda_jack_callback which contains this cb func, but +instead it returns the NULL. + +Now fix it by replacing func_is_already_in_callback_list() with +find_callback_from_list(). + +Fixes: f4794c6064a8 ("ALSA: hda - Don't register a cb func if it is registered already") +Reported-and-suggested-by: Dan Carpenter +Cc: +Signed-off-by: Hui Wang +Link: https://lore.kernel.org/r/20201022030221.22393-1-hui.wang@canonical.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/hda_jack.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +--- a/sound/pci/hda/hda_jack.c ++++ b/sound/pci/hda/hda_jack.c +@@ -275,16 +275,21 @@ int snd_hda_jack_detect_state_mst(struct + } + EXPORT_SYMBOL_GPL(snd_hda_jack_detect_state_mst); + +-static bool func_is_already_in_callback_list(struct hda_jack_tbl *jack, +- hda_jack_callback_fn func) ++static struct hda_jack_callback * ++find_callback_from_list(struct hda_jack_tbl *jack, ++ hda_jack_callback_fn func) + { + struct hda_jack_callback *cb; + ++ if (!func) ++ return NULL; ++ + for (cb = jack->callback; cb; cb = cb->next) { + if (cb->func == func) +- return true; ++ return cb; + } +- return false; ++ ++ return NULL; + } + + /** +@@ -309,7 +314,10 @@ snd_hda_jack_detect_enable_callback_mst( + jack = snd_hda_jack_tbl_new(codec, nid, dev_id); + if (!jack) + return ERR_PTR(-ENOMEM); +- if (func && !func_is_already_in_callback_list(jack, func)) { ++ ++ callback = find_callback_from_list(jack, func); ++ ++ if (func && !callback) { + callback = kzalloc(sizeof(*callback), GFP_KERNEL); + if (!callback) + return ERR_PTR(-ENOMEM); diff --git a/queue-5.9/alsa-hda-realtek-add-mute-led-support-for-hp-elitebook-845-g7.patch b/queue-5.9/alsa-hda-realtek-add-mute-led-support-for-hp-elitebook-845-g7.patch new file mode 100644 index 00000000000..72013df3b8f --- /dev/null +++ b/queue-5.9/alsa-hda-realtek-add-mute-led-support-for-hp-elitebook-845-g7.patch @@ -0,0 +1,33 @@ +From 08befca40026136c14c3cd84f9e36c4cd20a358e Mon Sep 17 00:00:00 2001 +From: Qiu Wenbo +Date: Fri, 2 Oct 2020 20:44:54 +0800 +Subject: ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 + +From: Qiu Wenbo + +commit 08befca40026136c14c3cd84f9e36c4cd20a358e upstream. + +After installing archlinux, the mute led and micmute led are not working +at all. This patch fix this issue by applying a fixup from similar +model. These mute leds are confirmed working on HP Elitebook 845 G7. + +Signed-off-by: Qiu Wenbo +Cc: +Link: https://lore.kernel.org/r/20201002124454.7240-1-qiuwenbo@kylinos.com.cn +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -7774,6 +7774,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x103c, 0x8729, "HP", ALC285_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8736, "HP", ALC285_FIXUP_HP_GPIO_AMP_INIT), + SND_PCI_QUIRK(0x103c, 0x874e, "HP", ALC274_FIXUP_HP_MIC), ++ SND_PCI_QUIRK(0x103c, 0x8760, "HP", ALC285_FIXUP_HP_MUTE_LED), + SND_PCI_QUIRK(0x103c, 0x877a, "HP", ALC285_FIXUP_HP_MUTE_LED), + SND_PCI_QUIRK(0x103c, 0x877d, "HP", ALC236_FIXUP_HP_MUTE_LED), + SND_PCI_QUIRK(0x1043, 0x103e, "ASUS X540SA", ALC256_FIXUP_ASUS_MIC), diff --git a/queue-5.9/alsa-hda-realtek-enable-audio-jacks-of-asus-d700sa-with-alc887.patch b/queue-5.9/alsa-hda-realtek-enable-audio-jacks-of-asus-d700sa-with-alc887.patch new file mode 100644 index 00000000000..d6a25fd6f75 --- /dev/null +++ b/queue-5.9/alsa-hda-realtek-enable-audio-jacks-of-asus-d700sa-with-alc887.patch @@ -0,0 +1,99 @@ +From ca184355db8e60290fa34bf61c13308e6f4f50d3 Mon Sep 17 00:00:00 2001 +From: Jian-Hong Pan +Date: Wed, 7 Oct 2020 13:22:25 +0800 +Subject: ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 + +From: Jian-Hong Pan + +commit ca184355db8e60290fa34bf61c13308e6f4f50d3 upstream. + +The ASUS D700SA desktop's audio (1043:2390) with ALC887 cannot detect +the headset microphone and another headphone jack until +ALC887_FIXUP_ASUS_HMIC and ALC887_FIXUP_ASUS_AUDIO quirks are applied. +The NID 0x15 maps as the headset microphone and NID 0x19 maps as another +headphone jack. Also need the function like alc887_fixup_asus_jack to +enable the audio jacks. + +Signed-off-by: Jian-Hong Pan +Signed-off-by: Kailang Yang +Cc: +Link: https://lore.kernel.org/r/20201007052224.22611-1-jhp@endlessos.org +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 42 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 42 insertions(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -1930,6 +1930,8 @@ enum { + ALC1220_FIXUP_CLEVO_P950, + ALC1220_FIXUP_CLEVO_PB51ED, + ALC1220_FIXUP_CLEVO_PB51ED_PINS, ++ ALC887_FIXUP_ASUS_AUDIO, ++ ALC887_FIXUP_ASUS_HMIC, + }; + + static void alc889_fixup_coef(struct hda_codec *codec, +@@ -2142,6 +2144,31 @@ static void alc1220_fixup_clevo_pb51ed(s + alc_fixup_headset_mode_no_hp_mic(codec, fix, action); + } + ++static void alc887_asus_hp_automute_hook(struct hda_codec *codec, ++ struct hda_jack_callback *jack) ++{ ++ struct alc_spec *spec = codec->spec; ++ unsigned int vref; ++ ++ snd_hda_gen_hp_automute(codec, jack); ++ ++ if (spec->gen.hp_jack_present) ++ vref = AC_PINCTL_VREF_80; ++ else ++ vref = AC_PINCTL_VREF_HIZ; ++ snd_hda_set_pin_ctl(codec, 0x19, PIN_HP | vref); ++} ++ ++static void alc887_fixup_asus_jack(struct hda_codec *codec, ++ const struct hda_fixup *fix, int action) ++{ ++ struct alc_spec *spec = codec->spec; ++ if (action != HDA_FIXUP_ACT_PROBE) ++ return; ++ snd_hda_set_pin_ctl_cache(codec, 0x1b, PIN_HP); ++ spec->gen.hp_automute_hook = alc887_asus_hp_automute_hook; ++} ++ + static const struct hda_fixup alc882_fixups[] = { + [ALC882_FIXUP_ABIT_AW9D_MAX] = { + .type = HDA_FIXUP_PINS, +@@ -2399,6 +2426,20 @@ static const struct hda_fixup alc882_fix + .chained = true, + .chain_id = ALC1220_FIXUP_CLEVO_PB51ED, + }, ++ [ALC887_FIXUP_ASUS_AUDIO] = { ++ .type = HDA_FIXUP_PINS, ++ .v.pins = (const struct hda_pintbl[]) { ++ { 0x15, 0x02a14150 }, /* use as headset mic, without its own jack detect */ ++ { 0x19, 0x22219420 }, ++ {} ++ }, ++ }, ++ [ALC887_FIXUP_ASUS_HMIC] = { ++ .type = HDA_FIXUP_FUNC, ++ .v.func = alc887_fixup_asus_jack, ++ .chained = true, ++ .chain_id = ALC887_FIXUP_ASUS_AUDIO, ++ }, + }; + + static const struct snd_pci_quirk alc882_fixup_tbl[] = { +@@ -2432,6 +2473,7 @@ static const struct snd_pci_quirk alc882 + SND_PCI_QUIRK(0x1043, 0x13c2, "Asus A7M", ALC882_FIXUP_EAPD), + SND_PCI_QUIRK(0x1043, 0x1873, "ASUS W90V", ALC882_FIXUP_ASUS_W90V), + SND_PCI_QUIRK(0x1043, 0x1971, "Asus W2JC", ALC882_FIXUP_ASUS_W2JC), ++ SND_PCI_QUIRK(0x1043, 0x2390, "Asus D700SA", ALC887_FIXUP_ASUS_HMIC), + SND_PCI_QUIRK(0x1043, 0x835f, "Asus Eee 1601", ALC888_FIXUP_EEE1601), + SND_PCI_QUIRK(0x1043, 0x84bc, "ASUS ET2700", ALC887_FIXUP_ASUS_BASS), + SND_PCI_QUIRK(0x1043, 0x8691, "ASUS ROG Ranger VIII", ALC882_FIXUP_GPIO3), diff --git a/queue-5.9/alsa-hda-realtek-set-mic-to-auto-detect-on-a-hp-aio-machine.patch b/queue-5.9/alsa-hda-realtek-set-mic-to-auto-detect-on-a-hp-aio-machine.patch new file mode 100644 index 00000000000..50c5e0a801b --- /dev/null +++ b/queue-5.9/alsa-hda-realtek-set-mic-to-auto-detect-on-a-hp-aio-machine.patch @@ -0,0 +1,68 @@ +From 13468bfa8c58731dc9ecda1cd9b22a191114f944 Mon Sep 17 00:00:00 2001 +From: Hui Wang +Date: Mon, 28 Sep 2020 16:01:17 +0800 +Subject: ALSA: hda/realtek - set mic to auto detect on a HP AIO machine + +From: Hui Wang + +commit 13468bfa8c58731dc9ecda1cd9b22a191114f944 upstream. + +Recently we enabled a HP AIO machine, we found the mic on the machine +couldn't record any sound and it couldn't detect plugging and +unplugging as well. + +Through debugging we found the mic is set to manual detect mode, after +setting it to auto detect mode, it could detect plugging and +unplugging and could record sound. + +Cc: +Signed-off-by: Hui Wang +Link: https://lore.kernel.org/r/20200928080117.12435-1-hui.wang@canonical.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -6234,6 +6234,7 @@ enum { + ALC269_FIXUP_LEMOTE_A190X, + ALC256_FIXUP_INTEL_NUC8_RUGGED, + ALC255_FIXUP_XIAOMI_HEADSET_MIC, ++ ALC274_FIXUP_HP_MIC, + }; + + static const struct hda_fixup alc269_fixups[] = { +@@ -7613,6 +7614,14 @@ static const struct hda_fixup alc269_fix + .chained = true, + .chain_id = ALC289_FIXUP_ASUS_GA401 + }, ++ [ALC274_FIXUP_HP_MIC] = { ++ .type = HDA_FIXUP_VERBS, ++ .v.verbs = (const struct hda_verb[]) { ++ { 0x20, AC_VERB_SET_COEF_INDEX, 0x45 }, ++ { 0x20, AC_VERB_SET_PROC_COEF, 0x5089 }, ++ { } ++ }, ++ }, + }; + + static const struct snd_pci_quirk alc269_fixup_tbl[] = { +@@ -7764,6 +7773,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x103c, 0x869d, "HP", ALC236_FIXUP_HP_MUTE_LED), + SND_PCI_QUIRK(0x103c, 0x8729, "HP", ALC285_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8736, "HP", ALC285_FIXUP_HP_GPIO_AMP_INIT), ++ SND_PCI_QUIRK(0x103c, 0x874e, "HP", ALC274_FIXUP_HP_MIC), + SND_PCI_QUIRK(0x103c, 0x877a, "HP", ALC285_FIXUP_HP_MUTE_LED), + SND_PCI_QUIRK(0x103c, 0x877d, "HP", ALC236_FIXUP_HP_MUTE_LED), + SND_PCI_QUIRK(0x1043, 0x103e, "ASUS X540SA", ALC256_FIXUP_ASUS_MIC), +@@ -8089,6 +8099,7 @@ static const struct hda_model_fixup alc2 + {.id = ALC256_FIXUP_MEDION_HEADSET_NO_PRESENCE, .name = "alc256-medion-headset"}, + {.id = ALC298_FIXUP_SAMSUNG_HEADPHONE_VERY_QUIET, .name = "alc298-samsung-headphone"}, + {.id = ALC255_FIXUP_XIAOMI_HEADSET_MIC, .name = "alc255-xiaomi-headset"}, ++ {.id = ALC274_FIXUP_HP_MIC, .name = "alc274-hp-mic-detect"}, + {} + }; + #define ALC225_STANDARD_PINS \ diff --git a/queue-5.9/alsa-hda-realtek-the-front-mic-on-a-hp-machine-doesn-t-work.patch b/queue-5.9/alsa-hda-realtek-the-front-mic-on-a-hp-machine-doesn-t-work.patch new file mode 100644 index 00000000000..54059ea0f72 --- /dev/null +++ b/queue-5.9/alsa-hda-realtek-the-front-mic-on-a-hp-machine-doesn-t-work.patch @@ -0,0 +1,34 @@ +From 148ebf548a1af366fc797fcc7d03f0bb92b12a79 Mon Sep 17 00:00:00 2001 +From: Jeremy Szu +Date: Thu, 8 Oct 2020 18:56:44 +0800 +Subject: ALSA: hda/realtek - The front Mic on a HP machine doesn't work + +From: Jeremy Szu + +commit 148ebf548a1af366fc797fcc7d03f0bb92b12a79 upstream. + +On a HP ZCentral, the front Mic could not be detected. + +The codec of the HP ZCentrol is alc671 and it needs to override the pin +configuration to enable the headset mic. + +Signed-off-by: Jeremy Szu +Cc: +Link: https://lore.kernel.org/r/20201008105645.65505-1-jeremy.szu@canonical.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -9623,6 +9623,7 @@ static const struct snd_pci_quirk alc662 + SND_PCI_QUIRK(0x1028, 0x0698, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1028, 0x069f, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x103c, 0x1632, "HP RP5800", ALC662_FIXUP_HP_RP5800), ++ SND_PCI_QUIRK(0x103c, 0x873e, "HP", ALC671_FIXUP_HP_HEADSET_MIC2), + SND_PCI_QUIRK(0x1043, 0x1080, "Asus UX501VW", ALC668_FIXUP_HEADSET_MODE), + SND_PCI_QUIRK(0x1043, 0x11cd, "Asus N550", ALC662_FIXUP_ASUS_Nx50), + SND_PCI_QUIRK(0x1043, 0x13df, "Asus N550JX", ALC662_FIXUP_BASS_1A), diff --git a/queue-5.9/alsa-usb-audio-line6-pod-go-interface-requires-static-clock-rate-quirk.patch b/queue-5.9/alsa-usb-audio-line6-pod-go-interface-requires-static-clock-rate-quirk.patch new file mode 100644 index 00000000000..c120713b2bb --- /dev/null +++ b/queue-5.9/alsa-usb-audio-line6-pod-go-interface-requires-static-clock-rate-quirk.patch @@ -0,0 +1,33 @@ +From 7da4c510abff8ad47eb2d7cc9a97def5a411947f Mon Sep 17 00:00:00 2001 +From: Lukasz Halman +Date: Tue, 20 Oct 2020 08:14:09 +0200 +Subject: ALSA: usb-audio: Line6 Pod Go interface requires static clock rate quirk + +From: Lukasz Halman + +commit 7da4c510abff8ad47eb2d7cc9a97def5a411947f upstream. + +Recently released Line6 Pod Go requires static clock rate quirk to make +its usb audio interface working. Added its usb id to the list of similar +line6 devices. + +Signed-off-by: Lukasz Halman +Cc: +Link: https://lore.kernel.org/r/20201020061409.GA24382@TAG009442538903 +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/usb/format.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/usb/format.c ++++ b/sound/usb/format.c +@@ -406,6 +406,7 @@ static int line6_parse_audio_format_rate + case USB_ID(0x0e41, 0x4242): /* Line6 Helix Rack */ + case USB_ID(0x0e41, 0x4244): /* Line6 Helix LT */ + case USB_ID(0x0e41, 0x4246): /* Line6 HX-Stomp */ ++ case USB_ID(0x0e41, 0x4247): /* Line6 Pod Go */ + case USB_ID(0x0e41, 0x4248): /* Line6 Helix >= fw 2.82 */ + case USB_ID(0x0e41, 0x4249): /* Line6 Helix Rack >= fw 2.82 */ + case USB_ID(0x0e41, 0x424a): /* Line6 Helix LT >= fw 2.82 */ diff --git a/queue-5.9/arm64-make-use-of-arch_workaround_1-even-when-kvm-is-not-enabled.patch b/queue-5.9/arm64-make-use-of-arch_workaround_1-even-when-kvm-is-not-enabled.patch new file mode 100644 index 00000000000..79824569c43 --- /dev/null +++ b/queue-5.9/arm64-make-use-of-arch_workaround_1-even-when-kvm-is-not-enabled.patch @@ -0,0 +1,46 @@ +From b11483ef5a502663732c6ca1b58d14ff9eedd6f7 Mon Sep 17 00:00:00 2001 +From: Marc Zyngier +Date: Thu, 16 Jul 2020 17:11:08 +0100 +Subject: arm64: Make use of ARCH_WORKAROUND_1 even when KVM is not enabled + +From: Marc Zyngier + +commit b11483ef5a502663732c6ca1b58d14ff9eedd6f7 upstream. + +We seem to be pretending that we don't have any firmware mitigation +when KVM is not compiled in, which is not quite expected. + +Bring back the mitigation in this case. + +Fixes: 4db61fef16a1 ("arm64: kvm: Modernize __smccc_workaround_1_smc_start annotations") +Cc: +Signed-off-by: Marc Zyngier +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/cpu_errata.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/arch/arm64/kernel/cpu_errata.c ++++ b/arch/arm64/kernel/cpu_errata.c +@@ -234,14 +234,17 @@ static int detect_harden_bp_fw(void) + smccc_end = NULL; + break; + +-#if IS_ENABLED(CONFIG_KVM) + case SMCCC_CONDUIT_SMC: + cb = call_smc_arch_workaround_1; ++#if IS_ENABLED(CONFIG_KVM) + smccc_start = __smccc_workaround_1_smc; + smccc_end = __smccc_workaround_1_smc + + __SMCCC_WORKAROUND_1_SMC_SZ; +- break; ++#else ++ smccc_start = NULL; ++ smccc_end = NULL; + #endif ++ break; + + default: + return -1; diff --git a/queue-5.9/cifs-remove-bogus-debug-code.patch b/queue-5.9/cifs-remove-bogus-debug-code.patch new file mode 100644 index 00000000000..074390b0797 --- /dev/null +++ b/queue-5.9/cifs-remove-bogus-debug-code.patch @@ -0,0 +1,72 @@ +From d367cb960ce88914898cbfa43645c2e43ede9465 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Wed, 16 Sep 2020 23:18:21 +0300 +Subject: cifs: remove bogus debug code + +From: Dan Carpenter + +commit d367cb960ce88914898cbfa43645c2e43ede9465 upstream. + +The "end" pointer is either NULL or it points to the next byte to parse. +If there isn't a next byte then dereferencing "end" is an off-by-one out +of bounds error. And, of course, if it's NULL that leads to an Oops. +Printing "*end" doesn't seem very useful so let's delete this code. + +Also for the last debug statement, I noticed that it should be printing +"sequence_end" instead of "end" so fix that as well. + +Reported-by: Dominik Maier +Signed-off-by: Dan Carpenter +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/asn1.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +--- a/fs/cifs/asn1.c ++++ b/fs/cifs/asn1.c +@@ -530,8 +530,8 @@ decode_negTokenInit(unsigned char *secur + return 0; + } else if ((cls != ASN1_CTX) || (con != ASN1_CON) + || (tag != ASN1_EOC)) { +- cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 0\n", +- cls, con, tag, end, *end); ++ cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p exit 0\n", ++ cls, con, tag, end); + return 0; + } + +@@ -541,8 +541,8 @@ decode_negTokenInit(unsigned char *secur + return 0; + } else if ((cls != ASN1_UNI) || (con != ASN1_CON) + || (tag != ASN1_SEQ)) { +- cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 1\n", +- cls, con, tag, end, *end); ++ cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p exit 1\n", ++ cls, con, tag, end); + return 0; + } + +@@ -552,8 +552,8 @@ decode_negTokenInit(unsigned char *secur + return 0; + } else if ((cls != ASN1_CTX) || (con != ASN1_CON) + || (tag != ASN1_EOC)) { +- cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 0\n", +- cls, con, tag, end, *end); ++ cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p exit 0\n", ++ cls, con, tag, end); + return 0; + } + +@@ -564,8 +564,8 @@ decode_negTokenInit(unsigned char *secur + return 0; + } else if ((cls != ASN1_UNI) || (con != ASN1_CON) + || (tag != ASN1_SEQ)) { +- cifs_dbg(FYI, "cls = %d con = %d tag = %d end = %p (%d) exit 1\n", +- cls, con, tag, end, *end); ++ cifs_dbg(FYI, "cls = %d con = %d tag = %d sequence_end = %p exit 1\n", ++ cls, con, tag, sequence_end); + return 0; + } + diff --git a/queue-5.9/cifs-return-the-error-from-crypt_message-when-enc-dec-key-not-found.patch b/queue-5.9/cifs-return-the-error-from-crypt_message-when-enc-dec-key-not-found.patch new file mode 100644 index 00000000000..cbca51fc416 --- /dev/null +++ b/queue-5.9/cifs-return-the-error-from-crypt_message-when-enc-dec-key-not-found.patch @@ -0,0 +1,44 @@ +From 0bd294b55a5de442370c29fa53bab17aef3ff318 Mon Sep 17 00:00:00 2001 +From: Shyam Prasad N +Date: Thu, 15 Oct 2020 10:41:31 -0700 +Subject: cifs: Return the error from crypt_message when enc/dec key not found. + +From: Shyam Prasad N + +commit 0bd294b55a5de442370c29fa53bab17aef3ff318 upstream. + +In crypt_message, when smb2_get_enc_key returns error, we need to +return the error back to the caller. If not, we end up processing +the message further, causing a kernel oops due to unwarranted access +of memory. + +Call Trace: +smb3_receive_transform+0x120/0x870 [cifs] +cifs_demultiplex_thread+0xb53/0xc20 [cifs] +? cifs_handle_standard+0x190/0x190 [cifs] +kthread+0x116/0x130 +? kthread_park+0x80/0x80 +ret_from_fork+0x1f/0x30 + +Signed-off-by: Shyam Prasad N +Reviewed-by: Pavel Shilovsky +Reviewed-by: Ronnie Sahlberg +CC: Stable +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/smb2ops.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/cifs/smb2ops.c ++++ b/fs/cifs/smb2ops.c +@@ -3924,7 +3924,7 @@ crypt_message(struct TCP_Server_Info *se + if (rc) { + cifs_server_dbg(VFS, "%s: Could not get %scryption key\n", __func__, + enc ? "en" : "de"); +- return 0; ++ return rc; + } + + rc = smb3_crypto_aead_allocate(server); diff --git a/queue-5.9/kvm-nvmx-morph-notification-vector-irq-on-nested-vm-enter-to-pending-pi.patch b/queue-5.9/kvm-nvmx-morph-notification-vector-irq-on-nested-vm-enter-to-pending-pi.patch new file mode 100644 index 00000000000..3dbb812b202 --- /dev/null +++ b/queue-5.9/kvm-nvmx-morph-notification-vector-irq-on-nested-vm-enter-to-pending-pi.patch @@ -0,0 +1,96 @@ +From 25bb2cf97139f81e3bb8910d26016a529019528e Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Wed, 12 Aug 2020 10:51:29 -0700 +Subject: KVM: nVMX: Morph notification vector IRQ on nested VM-Enter to pending PI + +From: Sean Christopherson + +commit 25bb2cf97139f81e3bb8910d26016a529019528e upstream. + +On successful nested VM-Enter, check for pending interrupts and convert +the highest priority interrupt to a pending posted interrupt if it +matches L2's notification vector. If the vCPU receives a notification +interrupt before nested VM-Enter (assuming L1 disables IRQs before doing +VM-Enter), the pending interrupt (for L1) should be recognized and +processed as a posted interrupt when interrupts become unblocked after +VM-Enter to L2. + +This fixes a bug where L1/L2 will get stuck in an infinite loop if L1 is +trying to inject an interrupt into L2 by setting the appropriate bit in +L2's PIR and sending a self-IPI prior to VM-Enter (as opposed to KVM's +method of manually moving the vector from PIR->vIRR/RVI). KVM will +observe the IPI while the vCPU is in L1 context and so won't immediately +morph it to a posted interrupt for L2. The pending interrupt will be +seen by vmx_check_nested_events(), cause KVM to force an immediate exit +after nested VM-Enter, and eventually be reflected to L1 as a VM-Exit. +After handling the VM-Exit, L1 will see that L2 has a pending interrupt +in PIR, send another IPI, and repeat until L2 is killed. + +Note, posted interrupts require virtual interrupt deliveriy, and virtual +interrupt delivery requires exit-on-interrupt, ergo interrupts will be +unconditionally unmasked on VM-Enter if posted interrupts are enabled. + +Fixes: 705699a13994 ("KVM: nVMX: Enable nested posted interrupt processing") +Cc: stable@vger.kernel.org +Cc: Liran Alon +Signed-off-by: Sean Christopherson +Message-Id: <20200812175129.12172-1-sean.j.christopherson@intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/lapic.c | 7 +++++++ + arch/x86/kvm/lapic.h | 1 + + arch/x86/kvm/vmx/nested.c | 8 ++++++++ + 3 files changed, 16 insertions(+) + +--- a/arch/x86/kvm/lapic.c ++++ b/arch/x86/kvm/lapic.c +@@ -488,6 +488,12 @@ static inline void apic_clear_irr(int ve + } + } + ++void kvm_apic_clear_irr(struct kvm_vcpu *vcpu, int vec) ++{ ++ apic_clear_irr(vec, vcpu->arch.apic); ++} ++EXPORT_SYMBOL_GPL(kvm_apic_clear_irr); ++ + static inline void apic_set_isr(int vec, struct kvm_lapic *apic) + { + struct kvm_vcpu *vcpu; +@@ -2461,6 +2467,7 @@ int kvm_apic_has_interrupt(struct kvm_vc + __apic_update_ppr(apic, &ppr); + return apic_has_interrupt_for_ppr(apic, ppr); + } ++EXPORT_SYMBOL_GPL(kvm_apic_has_interrupt); + + int kvm_apic_accept_pic_intr(struct kvm_vcpu *vcpu) + { +--- a/arch/x86/kvm/lapic.h ++++ b/arch/x86/kvm/lapic.h +@@ -89,6 +89,7 @@ int kvm_lapic_reg_read(struct kvm_lapic + bool kvm_apic_match_dest(struct kvm_vcpu *vcpu, struct kvm_lapic *source, + int shorthand, unsigned int dest, int dest_mode); + int kvm_apic_compare_prio(struct kvm_vcpu *vcpu1, struct kvm_vcpu *vcpu2); ++void kvm_apic_clear_irr(struct kvm_vcpu *vcpu, int vec); + bool __kvm_apic_update_irr(u32 *pir, void *regs, int *max_irr); + bool kvm_apic_update_irr(struct kvm_vcpu *vcpu, u32 *pir, int *max_irr); + void kvm_apic_update_ppr(struct kvm_vcpu *vcpu); +--- a/arch/x86/kvm/vmx/nested.c ++++ b/arch/x86/kvm/vmx/nested.c +@@ -3528,6 +3528,14 @@ static int nested_vmx_run(struct kvm_vcp + if (unlikely(status != NVMX_VMENTRY_SUCCESS)) + goto vmentry_failed; + ++ /* Emulate processing of posted interrupts on VM-Enter. */ ++ if (nested_cpu_has_posted_intr(vmcs12) && ++ kvm_apic_has_interrupt(vcpu) == vmx->nested.posted_intr_nv) { ++ vmx->nested.pi_pending = true; ++ kvm_make_request(KVM_REQ_EVENT, vcpu); ++ kvm_apic_clear_irr(vcpu, vmx->nested.posted_intr_nv); ++ } ++ + /* Hide L1D cache contents from the nested guest. */ + vmx->vcpu.arch.l1tf_flush_l1d = true; + diff --git a/queue-5.9/kvm-nvmx-reload-vmcs01-if-getting-vmcs12-s-pages-fails.patch b/queue-5.9/kvm-nvmx-reload-vmcs01-if-getting-vmcs12-s-pages-fails.patch new file mode 100644 index 00000000000..8470f92bdc7 --- /dev/null +++ b/queue-5.9/kvm-nvmx-reload-vmcs01-if-getting-vmcs12-s-pages-fails.patch @@ -0,0 +1,40 @@ +From b89d5ad00e789967a5e2c5335f75c48755bebd88 Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Wed, 23 Sep 2020 11:44:47 -0700 +Subject: KVM: nVMX: Reload vmcs01 if getting vmcs12's pages fails + +From: Sean Christopherson + +commit b89d5ad00e789967a5e2c5335f75c48755bebd88 upstream. + +Reload vmcs01 when bailing from nested_vmx_enter_non_root_mode() as KVM +expects vmcs01 to be loaded when is_guest_mode() is false. + +Fixes: 671ddc700fd08 ("KVM: nVMX: Don't leak L1 MMIO regions to L2") +Cc: stable@vger.kernel.org +Cc: Dan Cross +Cc: Jim Mattson +Cc: Peter Shier +Signed-off-by: Sean Christopherson +Message-Id: <20200923184452.980-3-sean.j.christopherson@intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/vmx/nested.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/arch/x86/kvm/vmx/nested.c ++++ b/arch/x86/kvm/vmx/nested.c +@@ -3346,8 +3346,10 @@ enum nvmx_vmentry_status nested_vmx_ente + prepare_vmcs02_early(vmx, vmcs12); + + if (from_vmentry) { +- if (unlikely(!nested_get_vmcs12_pages(vcpu))) ++ if (unlikely(!nested_get_vmcs12_pages(vcpu))) { ++ vmx_switch_vmcs(vcpu, &vmx->vmcs01); + return NVMX_VMENTRY_KVM_INTERNAL_ERROR; ++ } + + if (nested_vmx_check_vmentry_hw(vcpu)) { + vmx_switch_vmcs(vcpu, &vmx->vmcs01); diff --git a/queue-5.9/kvm-nvmx-reset-the-segment-cache-when-stuffing-guest-segs.patch b/queue-5.9/kvm-nvmx-reset-the-segment-cache-when-stuffing-guest-segs.patch new file mode 100644 index 00000000000..b0ca7130d6b --- /dev/null +++ b/queue-5.9/kvm-nvmx-reset-the-segment-cache-when-stuffing-guest-segs.patch @@ -0,0 +1,74 @@ +From fc387d8daf3960c5e1bc18fa353768056f4fd394 Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Wed, 23 Sep 2020 11:44:46 -0700 +Subject: KVM: nVMX: Reset the segment cache when stuffing guest segs + +From: Sean Christopherson + +commit fc387d8daf3960c5e1bc18fa353768056f4fd394 upstream. + +Explicitly reset the segment cache after stuffing guest segment regs in +prepare_vmcs02_rare(). Although the cache is reset when switching to +vmcs02, there is nothing that prevents KVM from re-populating the cache +prior to writing vmcs02 with vmcs12's values. E.g. if the vCPU is +preempted after switching to vmcs02 but before prepare_vmcs02_rare(), +kvm_arch_vcpu_put() will dereference GUEST_SS_AR_BYTES via .get_cpl() +and cache the stale vmcs02 value. While the current code base only +caches stale data in the preemption case, it's theoretically possible +future code could read a segment register during the nested flow itself, +i.e. this isn't technically illegal behavior in kvm_arch_vcpu_put(), +although it did introduce the bug. + +This manifests as an unexpected nested VM-Enter failure when running +with unrestricted guest disabled if the above preemption case coincides +with L1 switching L2's CPL, e.g. when switching from a L2 vCPU at CPL3 +to to a L2 vCPU at CPL0. stack_segment_valid() will see the new SS_SEL +but the old SS_AR_BYTES and incorrectly mark the guest state as invalid +due to SS.dpl != SS.rpl. + +Don't bother updating the cache even though prepare_vmcs02_rare() writes +every segment. With unrestricted guest, guest segments are almost never +read, let alone L2 guest segments. On the other hand, populating the +cache requires a large number of memory writes, i.e. it's unlikely to be +a net win. Updating the cache would be a win when unrestricted guest is +not supported, as guest_state_valid() will immediately cache all segment +registers. But, nested virtualization without unrestricted guest is +dirt slow, saving some VMREADs won't change that, and every CPU +manufactured in the last decade supports unrestricted guest. In other +words, the extra (minor) complexity isn't worth the trouble. + +Note, kvm_arch_vcpu_put() may see stale data when querying guest CPL +depending on when preemption occurs. This is "ok" in that the usage is +imperfect by nature, i.e. it's used heuristically to improve performance +but doesn't affect functionality. kvm_arch_vcpu_put() could be "fixed" +by also disabling preemption while loading segments, but that's +pointless and misleading as reading state from kvm_sched_{in,out}() is +guaranteed to see stale data in one form or another. E.g. even if all +the usage of regs_avail is fixed to call kvm_register_mark_available() +after the associated state is set, the individual state might still be +stale with respect to the overall vCPU state. I.e. making functional +decisions in an asynchronous hook is doomed from the get go. Thankfully +KVM doesn't do that. + +Fixes: de63ad4cf4973 ("KVM: X86: implement the logic for spinlock optimization") +Cc: stable@vger.kernel.org +Signed-off-by: Sean Christopherson +Message-Id: <20200923184452.980-2-sean.j.christopherson@intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/vmx/nested.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/x86/kvm/vmx/nested.c ++++ b/arch/x86/kvm/vmx/nested.c +@@ -2408,6 +2408,8 @@ static void prepare_vmcs02_rare(struct v + vmcs_writel(GUEST_TR_BASE, vmcs12->guest_tr_base); + vmcs_writel(GUEST_GDTR_BASE, vmcs12->guest_gdtr_base); + vmcs_writel(GUEST_IDTR_BASE, vmcs12->guest_idtr_base); ++ ++ vmx->segment_cache.bitmask = 0; + } + + if (!hv_evmcs || !(hv_evmcs->hv_clean_fields & diff --git a/queue-5.9/kvm-svm-initialize-prev_ga_tag-before-use.patch b/queue-5.9/kvm-svm-initialize-prev_ga_tag-before-use.patch new file mode 100644 index 00000000000..c792f45c54c --- /dev/null +++ b/queue-5.9/kvm-svm-initialize-prev_ga_tag-before-use.patch @@ -0,0 +1,62 @@ +From f6426ab9c957e97418ac5b0466538792767b1738 Mon Sep 17 00:00:00 2001 +From: Suravee Suthikulpanit +Date: Sat, 3 Oct 2020 23:27:07 +0000 +Subject: KVM: SVM: Initialize prev_ga_tag before use + +From: Suravee Suthikulpanit + +commit f6426ab9c957e97418ac5b0466538792767b1738 upstream. + +The function amd_ir_set_vcpu_affinity makes use of the parameter struct +amd_iommu_pi_data.prev_ga_tag to determine if it should delete struct +amd_iommu_pi_data from a list when not running in AVIC mode. + +However, prev_ga_tag is initialized only when AVIC is enabled. The non-zero +uninitialized value can cause unintended code path, which ends up making +use of the struct vcpu_svm.ir_list and ir_list_lock without being +initialized (since they are intended only for the AVIC case). + +This triggers NULL pointer dereference bug in the function vm_ir_list_del +with the following call trace: + + svm_update_pi_irte+0x3c2/0x550 [kvm_amd] + ? proc_create_single_data+0x41/0x50 + kvm_arch_irq_bypass_add_producer+0x40/0x60 [kvm] + __connect+0x5f/0xb0 [irqbypass] + irq_bypass_register_producer+0xf8/0x120 [irqbypass] + vfio_msi_set_vector_signal+0x1de/0x2d0 [vfio_pci] + vfio_msi_set_block+0x77/0xe0 [vfio_pci] + vfio_pci_set_msi_trigger+0x25c/0x2f0 [vfio_pci] + vfio_pci_set_irqs_ioctl+0x88/0xb0 [vfio_pci] + vfio_pci_ioctl+0x2ea/0xed0 [vfio_pci] + ? alloc_file_pseudo+0xa5/0x100 + vfio_device_fops_unl_ioctl+0x26/0x30 [vfio] + ? vfio_device_fops_unl_ioctl+0x26/0x30 [vfio] + __x64_sys_ioctl+0x96/0xd0 + do_syscall_64+0x37/0x80 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + +Therefore, initialize prev_ga_tag to zero before use. This should be safe +because ga_tag value 0 is invalid (see function avic_vm_init). + +Fixes: dfa20099e26e ("KVM: SVM: Refactor AVIC vcpu initialization into avic_init_vcpu()") +Signed-off-by: Suravee Suthikulpanit +Message-Id: <20201003232707.4662-1-suravee.suthikulpanit@amd.com> +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/svm/avic.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/kvm/svm/avic.c ++++ b/arch/x86/kvm/svm/avic.c +@@ -868,6 +868,7 @@ int svm_update_pi_irte(struct kvm *kvm, + * - Tell IOMMU to use legacy mode for this interrupt. + * - Retrieve ga_tag of prior interrupt remapping data. + */ ++ pi.prev_ga_tag = 0; + pi.is_guest_mode = false; + ret = irq_set_vcpu_affinity(host_irq, &pi); + diff --git a/queue-5.9/kvm-x86-intercept-la57-to-inject-gp-fault-when-it-s-reserved.patch b/queue-5.9/kvm-x86-intercept-la57-to-inject-gp-fault-when-it-s-reserved.patch new file mode 100644 index 00000000000..3c20bbf5e9e --- /dev/null +++ b/queue-5.9/kvm-x86-intercept-la57-to-inject-gp-fault-when-it-s-reserved.patch @@ -0,0 +1,51 @@ +From 6e1d849fa3296526e64b75fa227b6377cd0fd3da Mon Sep 17 00:00:00 2001 +From: Lai Jiangshan +Date: Tue, 29 Sep 2020 21:16:55 -0700 +Subject: KVM: x86: Intercept LA57 to inject #GP fault when it's reserved + +From: Lai Jiangshan + +commit 6e1d849fa3296526e64b75fa227b6377cd0fd3da upstream. + +Unconditionally intercept changes to CR4.LA57 so that KVM correctly +injects a #GP fault if the guest attempts to set CR4.LA57 when it's +supported in hardware but not exposed to the guest. + +Long term, KVM needs to properly handle CR4 bits that can be under guest +control but also may be reserved from the guest's perspective. But, KVM +currently sets the CR4 guest/host mask only during vCPU creation, and +reworking flows to change that will take a bit of elbow grease. + +Even if/when generic support for intercepting reserved bits exists, it's +probably not worth letting the guest set CR4.LA57 directly. LA57 can't +be toggled while long mode is enabled, thus it's all but guaranteed to +be set once (maybe twice, e.g. by BIOS and kernel) during boot and never +touched again. On the flip side, letting the guest own CR4.LA57 may +incur extra VMREADs. In other words, this temporary "hack" is probably +also the right long term fix. + +Fixes: fd8cb433734e ("KVM: MMU: Expose the LA57 feature to VM.") +Cc: stable@vger.kernel.org +Cc: Lai Jiangshan +Signed-off-by: Lai Jiangshan +[sean: rewrote changelog] +Signed-off-by: Sean Christopherson +Message-Id: <20200930041659.28181-2-sean.j.christopherson@intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/kvm_cache_regs.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/kvm/kvm_cache_regs.h ++++ b/arch/x86/kvm/kvm_cache_regs.h +@@ -7,7 +7,7 @@ + #define KVM_POSSIBLE_CR0_GUEST_BITS X86_CR0_TS + #define KVM_POSSIBLE_CR4_GUEST_BITS \ + (X86_CR4_PVI | X86_CR4_DE | X86_CR4_PCE | X86_CR4_OSFXSR \ +- | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_PGE | X86_CR4_TSD) ++ | X86_CR4_OSXMMEXCPT | X86_CR4_PGE | X86_CR4_TSD) + + #define BUILD_KVM_GPR_ACCESSORS(lname, uname) \ + static __always_inline unsigned long kvm_##lname##_read(struct kvm_vcpu *vcpu)\ diff --git a/queue-5.9/kvm-x86-mmu-commit-zap-of-remaining-invalid-pages-when-recovering-lpages.patch b/queue-5.9/kvm-x86-mmu-commit-zap-of-remaining-invalid-pages-when-recovering-lpages.patch new file mode 100644 index 00000000000..348cf4dae5f --- /dev/null +++ b/queue-5.9/kvm-x86-mmu-commit-zap-of-remaining-invalid-pages-when-recovering-lpages.patch @@ -0,0 +1,39 @@ +From e89505698c9f70125651060547da4ff5046124fc Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Wed, 23 Sep 2020 11:37:28 -0700 +Subject: KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages + +From: Sean Christopherson + +commit e89505698c9f70125651060547da4ff5046124fc upstream. + +Call kvm_mmu_commit_zap_page() after exiting the "prepare zap" loop in +kvm_recover_nx_lpages() to finish zapping pages in the unlikely event +that the loop exited due to lpage_disallowed_mmu_pages being empty. +Because the recovery thread drops mmu_lock() when rescheduling, it's +possible that lpage_disallowed_mmu_pages could be emptied by a different +thread without to_zap reaching zero despite to_zap being derived from +the number of disallowed lpages. + +Fixes: 1aa9b9572b105 ("kvm: x86: mmu: Recovery of shattered NX large pages") +Cc: Junaid Shahid +Cc: stable@vger.kernel.org +Signed-off-by: Sean Christopherson +Message-Id: <20200923183735.584-2-sean.j.christopherson@intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/mmu/mmu.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/kvm/mmu/mmu.c ++++ b/arch/x86/kvm/mmu/mmu.c +@@ -6376,6 +6376,7 @@ static void kvm_recover_nx_lpages(struct + cond_resched_lock(&kvm->mmu_lock); + } + } ++ kvm_mmu_commit_zap_page(kvm, &invalid_list); + + spin_unlock(&kvm->mmu_lock); + srcu_read_unlock(&kvm->srcu, rcu_idx); diff --git a/queue-5.9/series b/queue-5.9/series index 550a93ebe52..d8ae5cbe27d 100644 --- a/queue-5.9/series +++ b/queue-5.9/series @@ -56,3 +56,23 @@ ixgbe-fix-probing-of-multi-port-devices-with-one-mdio.patch mptcp-mptcp_kunit_tests-should-depend-on-mptcp-instead-of-selecting-it.patch net-openvswitch-fix-to-make-sure-flow_lookup-is-not-preempted.patch sfc-move-initialisation-of-efx-filter_sem-to-efx_init_struct.patch +alsa-hda-don-t-register-a-cb-func-if-it-is-registered-already.patch +alsa-hda-fix-the-return-value-if-cb-func-is-already-registered.patch +alsa-usb-audio-line6-pod-go-interface-requires-static-clock-rate-quirk.patch +alsa-hda-realtek-the-front-mic-on-a-hp-machine-doesn-t-work.patch +alsa-hda-realtek-set-mic-to-auto-detect-on-a-hp-aio-machine.patch +alsa-hda-realtek-add-mute-led-support-for-hp-elitebook-845-g7.patch +alsa-hda-realtek-enable-audio-jacks-of-asus-d700sa-with-alc887.patch +cifs-remove-bogus-debug-code.patch +cifs-return-the-error-from-crypt_message-when-enc-dec-key-not-found.patch +smb3-resolve-data-corruption-of-tcp-server-info-fields.patch +smb3.1.1-fix-ids-returned-in-posix-query-dir.patch +smb3-do-not-try-to-cache-root-directory-if-dir-leases-not-supported.patch +smb3-fix-stat-when-special-device-file-and-mounted-with-modefromsid.patch +arm64-make-use-of-arch_workaround_1-even-when-kvm-is-not-enabled.patch +kvm-nvmx-morph-notification-vector-irq-on-nested-vm-enter-to-pending-pi.patch +kvm-nvmx-reset-the-segment-cache-when-stuffing-guest-segs.patch +kvm-nvmx-reload-vmcs01-if-getting-vmcs12-s-pages-fails.patch +kvm-x86-mmu-commit-zap-of-remaining-invalid-pages-when-recovering-lpages.patch +kvm-x86-intercept-la57-to-inject-gp-fault-when-it-s-reserved.patch +kvm-svm-initialize-prev_ga_tag-before-use.patch diff --git a/queue-5.9/smb3-do-not-try-to-cache-root-directory-if-dir-leases-not-supported.patch b/queue-5.9/smb3-do-not-try-to-cache-root-directory-if-dir-leases-not-supported.patch new file mode 100644 index 00000000000..b3383dd5082 --- /dev/null +++ b/queue-5.9/smb3-do-not-try-to-cache-root-directory-if-dir-leases-not-supported.patch @@ -0,0 +1,40 @@ +From 3c6e65e679182d55779ef6f8582f0945af4319b0 Mon Sep 17 00:00:00 2001 +From: Steve French +Date: Wed, 21 Oct 2020 00:15:42 -0500 +Subject: smb3: do not try to cache root directory if dir leases not supported + +From: Steve French + +commit 3c6e65e679182d55779ef6f8582f0945af4319b0 upstream. + +To servers which do not support directory leases (e.g. Samba) +it is wasteful to try to open_shroot (ie attempt to cache the +root directory handle). Skip attempt to open_shroot when +server does not indicate support for directory leases. + +Cuts the number of requests on mount from 17 to 15, and +cuts the number of requests on stat of the root directory +from 4 to 3. + +Signed-off-by: Steve French +CC: Stable # v5.1+ +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/connect.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/fs/cifs/connect.c ++++ b/fs/cifs/connect.c +@@ -3595,7 +3595,10 @@ cifs_get_tcon(struct cifs_ses *ses, stru + */ + tcon->retry = volume_info->retry; + tcon->nocase = volume_info->nocase; +- tcon->nohandlecache = volume_info->nohandlecache; ++ if (ses->server->capabilities & SMB2_GLOBAL_CAP_DIRECTORY_LEASING) ++ tcon->nohandlecache = volume_info->nohandlecache; ++ else ++ tcon->nohandlecache = 1; + tcon->nodelete = volume_info->nodelete; + tcon->local_lease = volume_info->local_lease; + INIT_LIST_HEAD(&tcon->pending_opens); diff --git a/queue-5.9/smb3-fix-stat-when-special-device-file-and-mounted-with-modefromsid.patch b/queue-5.9/smb3-fix-stat-when-special-device-file-and-mounted-with-modefromsid.patch new file mode 100644 index 00000000000..9bdaa415636 --- /dev/null +++ b/queue-5.9/smb3-fix-stat-when-special-device-file-and-mounted-with-modefromsid.patch @@ -0,0 +1,45 @@ +From 3c3317daef0afa0cd541fc9c1bfd6ce8bbf1129a Mon Sep 17 00:00:00 2001 +From: Steve French +Date: Wed, 21 Oct 2020 13:12:08 -0500 +Subject: smb3: fix stat when special device file and mounted with modefromsid + +From: Steve French + +commit 3c3317daef0afa0cd541fc9c1bfd6ce8bbf1129a upstream. + +When mounting with modefromsid mount option, it was possible to +get the error on stat of a fifo or char or block device: + "cannot stat : Operation not supported" + +Special devices can be stored as reparse points by some servers +(e.g. Windows NFS server and when using the SMB3.1.1 POSIX +Extensions) but when the modefromsid mount option is used +the client attempts to get the ACL for the file which requires +opening with OPEN_REPARSE_POINT create option. + +Signed-off-by: Steve French +CC: Stable +Reviewed-by: Ronnie Sahlberg +Reviewed-by: Shyam Prasad N +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/smb2ops.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/fs/cifs/smb2ops.c ++++ b/fs/cifs/smb2ops.c +@@ -3072,7 +3072,12 @@ get_smb2_acl_by_path(struct cifs_sb_info + oparms.tcon = tcon; + oparms.desired_access = READ_CONTROL; + oparms.disposition = FILE_OPEN; +- oparms.create_options = cifs_create_options(cifs_sb, 0); ++ /* ++ * When querying an ACL, even if the file is a symlink we want to open ++ * the source not the target, and so the protocol requires that the ++ * client specify this flag when opening a reparse point ++ */ ++ oparms.create_options = cifs_create_options(cifs_sb, 0) | OPEN_REPARSE_POINT; + oparms.fid = &fid; + oparms.reconnect = false; + diff --git a/queue-5.9/smb3-resolve-data-corruption-of-tcp-server-info-fields.patch b/queue-5.9/smb3-resolve-data-corruption-of-tcp-server-info-fields.patch new file mode 100644 index 00000000000..40e6e5dfabb --- /dev/null +++ b/queue-5.9/smb3-resolve-data-corruption-of-tcp-server-info-fields.patch @@ -0,0 +1,77 @@ +From 62593011247c8a8cfeb0c86aff84688b196727c2 Mon Sep 17 00:00:00 2001 +From: Rohith Surabattula +Date: Thu, 8 Oct 2020 09:58:41 +0000 +Subject: SMB3: Resolve data corruption of TCP server info fields + +From: Rohith Surabattula + +commit 62593011247c8a8cfeb0c86aff84688b196727c2 upstream. + +TCP server info field server->total_read is modified in parallel by +demultiplex thread and decrypt offload worker thread. server->total_read +is used in calculation to discard the remaining data of PDU which is +not read into memory. + +Because of parallel modification, server->total_read can get corrupted +and can result in discarding the valid data of next PDU. + +Signed-off-by: Rohith Surabattula +Reviewed-by: Aurelien Aptel +Reviewed-by: Pavel Shilovsky +CC: Stable #5.4+ +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/smb2ops.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +--- a/fs/cifs/smb2ops.c ++++ b/fs/cifs/smb2ops.c +@@ -4103,7 +4103,8 @@ smb3_is_transform_hdr(void *buf) + static int + decrypt_raw_data(struct TCP_Server_Info *server, char *buf, + unsigned int buf_data_size, struct page **pages, +- unsigned int npages, unsigned int page_data_size) ++ unsigned int npages, unsigned int page_data_size, ++ bool is_offloaded) + { + struct kvec iov[2]; + struct smb_rqst rqst = {NULL}; +@@ -4129,7 +4130,8 @@ decrypt_raw_data(struct TCP_Server_Info + + memmove(buf, iov[1].iov_base, buf_data_size); + +- server->total_read = buf_data_size + page_data_size; ++ if (!is_offloaded) ++ server->total_read = buf_data_size + page_data_size; + + return rc; + } +@@ -4342,7 +4344,7 @@ static void smb2_decrypt_offload(struct + struct mid_q_entry *mid; + + rc = decrypt_raw_data(dw->server, dw->buf, dw->server->vals->read_rsp_size, +- dw->ppages, dw->npages, dw->len); ++ dw->ppages, dw->npages, dw->len, true); + if (rc) { + cifs_dbg(VFS, "error decrypting rc=%d\n", rc); + goto free_pages; +@@ -4448,7 +4450,7 @@ receive_encrypted_read(struct TCP_Server + + non_offloaded_decrypt: + rc = decrypt_raw_data(server, buf, server->vals->read_rsp_size, +- pages, npages, len); ++ pages, npages, len, false); + if (rc) + goto free_pages; + +@@ -4504,7 +4506,7 @@ receive_encrypted_standard(struct TCP_Se + server->total_read += length; + + buf_size = pdu_length - sizeof(struct smb2_transform_hdr); +- length = decrypt_raw_data(server, buf, buf_size, NULL, 0, 0); ++ length = decrypt_raw_data(server, buf, buf_size, NULL, 0, 0, false); + if (length) + return length; + diff --git a/queue-5.9/smb3.1.1-fix-ids-returned-in-posix-query-dir.patch b/queue-5.9/smb3.1.1-fix-ids-returned-in-posix-query-dir.patch new file mode 100644 index 00000000000..bbe5e4b77bb --- /dev/null +++ b/queue-5.9/smb3.1.1-fix-ids-returned-in-posix-query-dir.patch @@ -0,0 +1,71 @@ +From 9934430e2178d5164eb1ac91a9b092f9e7e64745 Mon Sep 17 00:00:00 2001 +From: Steve French +Date: Tue, 20 Oct 2020 02:02:02 -0500 +Subject: SMB3.1.1: Fix ids returned in POSIX query dir + +From: Steve French + +commit 9934430e2178d5164eb1ac91a9b092f9e7e64745 upstream. + +We were setting the uid/gid to the default in each dir entry +in the parsing of the POSIX query dir response, rather +than attempting to map the user and group SIDs returned by +the server to well known SIDs (or upcall if not found). + +CC: Stable +Reviewed-by: Aurelien Aptel +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/cifsacl.c | 5 +++-- + fs/cifs/cifsproto.h | 2 ++ + fs/cifs/readdir.c | 5 ++--- + 3 files changed, 7 insertions(+), 5 deletions(-) + +--- a/fs/cifs/cifsacl.c ++++ b/fs/cifs/cifsacl.c +@@ -338,7 +338,7 @@ invalidate_key: + goto out_key_put; + } + +-static int ++int + sid_to_id(struct cifs_sb_info *cifs_sb, struct cifs_sid *psid, + struct cifs_fattr *fattr, uint sidtype) + { +@@ -359,7 +359,8 @@ sid_to_id(struct cifs_sb_info *cifs_sb, + return -EIO; + } + +- if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UID_FROM_ACL) { ++ if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UID_FROM_ACL) || ++ (cifs_sb_master_tcon(cifs_sb)->posix_extensions)) { + uint32_t unix_id; + bool is_group; + +--- a/fs/cifs/cifsproto.h ++++ b/fs/cifs/cifsproto.h +@@ -209,6 +209,8 @@ extern int cifs_set_file_info(struct ino + extern int cifs_rename_pending_delete(const char *full_path, + struct dentry *dentry, + const unsigned int xid); ++extern int sid_to_id(struct cifs_sb_info *cifs_sb, struct cifs_sid *psid, ++ struct cifs_fattr *fattr, uint sidtype); + extern int cifs_acl_to_fattr(struct cifs_sb_info *cifs_sb, + struct cifs_fattr *fattr, struct inode *inode, + bool get_mode_from_special_sid, +--- a/fs/cifs/readdir.c ++++ b/fs/cifs/readdir.c +@@ -267,9 +267,8 @@ cifs_posix_to_fattr(struct cifs_fattr *f + if (reparse_file_needs_reval(fattr)) + fattr->cf_flags |= CIFS_FATTR_NEED_REVAL; + +- /* TODO map SIDs */ +- fattr->cf_uid = cifs_sb->mnt_uid; +- fattr->cf_gid = cifs_sb->mnt_gid; ++ sid_to_id(cifs_sb, &parsed.owner, fattr, SIDOWNER); ++ sid_to_id(cifs_sb, &parsed.group, fattr, SIDGROUP); + } + + static void __dir_info_to_fattr(struct cifs_fattr *fattr, const void *info)