From: Greg Kroah-Hartman Date: Tue, 20 Sep 2016 12:10:44 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v4.4.22~21 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d6b6a29f83af4ff0dc20381255889868662bcf23;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: fscrypto-require-write-access-to-mount-to-set-encryption-policy.patch mips-kvm-check-for-pfn-noslot-case.patch revert-kvm-x86-fix-missed-hardware-breakpoints.patch --- diff --git a/queue-4.4/fscrypto-require-write-access-to-mount-to-set-encryption-policy.patch b/queue-4.4/fscrypto-require-write-access-to-mount-to-set-encryption-policy.patch new file mode 100644 index 00000000000..b193d652cbe --- /dev/null +++ b/queue-4.4/fscrypto-require-write-access-to-mount-to-set-encryption-policy.patch @@ -0,0 +1,42 @@ +From ba63f23d69a3a10e7e527a02702023da68ef8a6d Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Thu, 8 Sep 2016 14:20:38 -0700 +Subject: fscrypto: require write access to mount to set encryption policy + +From: Eric Biggers + +commit ba63f23d69a3a10e7e527a02702023da68ef8a6d upstream. + +Since setting an encryption policy requires writing metadata to the +filesystem, it should be guarded by mnt_want_write/mnt_drop_write. +Otherwise, a user could cause a write to a frozen or readonly +filesystem. This was handled correctly by f2fs but not by ext4. Make +fscrypt_process_policy() handle it rather than relying on the filesystem +to get it right. + +Signed-off-by: Eric Biggers +Cc: stable@vger.kernel.org # 4.1+; check fs/{ext4,f2fs} +Signed-off-by: Theodore Ts'o +Acked-by: Jaegeuk Kim +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/ioctl.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/fs/ext4/ioctl.c ++++ b/fs/ext4/ioctl.c +@@ -629,7 +629,13 @@ resizefs_out: + goto encryption_policy_out; + } + ++ err = mnt_want_write_file(filp); ++ if (err) ++ goto encryption_policy_out; ++ + err = ext4_process_policy(&policy, inode); ++ ++ mnt_drop_write_file(filp); + encryption_policy_out: + return err; + #else diff --git a/queue-4.4/mips-kvm-check-for-pfn-noslot-case.patch b/queue-4.4/mips-kvm-check-for-pfn-noslot-case.patch new file mode 100644 index 00000000000..a87bb56234e --- /dev/null +++ b/queue-4.4/mips-kvm-check-for-pfn-noslot-case.patch @@ -0,0 +1,53 @@ +From ba913e4f72fc9cfd03dad968dfb110eb49211d80 Mon Sep 17 00:00:00 2001 +From: James Hogan +Date: Fri, 19 Aug 2016 14:30:29 +0100 +Subject: MIPS: KVM: Check for pfn noslot case +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: James Hogan + +commit ba913e4f72fc9cfd03dad968dfb110eb49211d80 upstream. + +When mapping a page into the guest we error check using is_error_pfn(), +however this doesn't detect a value of KVM_PFN_NOSLOT, indicating an +error HVA for the page. This can only happen on MIPS right now due to +unusual memslot management (e.g. being moved / removed / resized), or +with an Enhanced Virtual Memory (EVA) configuration where the default +KVM_HVA_ERR_* and kvm_is_error_hva() definitions are unsuitable (fixed +in a later patch). This case will be treated as a pfn of zero, mapping +the first page of physical memory into the guest. + +It would appear the MIPS KVM port wasn't updated prior to being merged +(in v3.10) to take commit 81c52c56e2b4 ("KVM: do not treat noslot pfn as +a error pfn") into account (merged v3.8), which converted a bunch of +is_error_pfn() calls to is_error_noslot_pfn(). Switch to using +is_error_noslot_pfn() instead to catch this case properly. + +Fixes: 858dd5d45733 ("KVM/MIPS32: MMU/TLB operations for the Guest.") +Signed-off-by: James Hogan +Cc: Paolo Bonzini +Cc: Radim Krčmář +Cc: Ralf Baechle +Cc: linux-mips@linux-mips.org +Cc: kvm@vger.kernel.org +Signed-off-by: Paolo Bonzini +[james.hogan@imgtec.com: Backport to v4.7.y] +Signed-off-by: James Hogan +Signed-off-by: Greg Kroah-Hartman +--- + arch/mips/kvm/tlb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/mips/kvm/tlb.c ++++ b/arch/mips/kvm/tlb.c +@@ -152,7 +152,7 @@ static int kvm_mips_map_page(struct kvm + srcu_idx = srcu_read_lock(&kvm->srcu); + pfn = kvm_mips_gfn_to_pfn(kvm, gfn); + +- if (kvm_mips_is_error_pfn(pfn)) { ++ if (is_error_noslot_pfn(pfn)) { + kvm_err("Couldn't get pfn for gfn %#" PRIx64 "!\n", gfn); + err = -EFAULT; + goto out; diff --git a/queue-4.4/revert-kvm-x86-fix-missed-hardware-breakpoints.patch b/queue-4.4/revert-kvm-x86-fix-missed-hardware-breakpoints.patch new file mode 100644 index 00000000000..1bc594c079f --- /dev/null +++ b/queue-4.4/revert-kvm-x86-fix-missed-hardware-breakpoints.patch @@ -0,0 +1,54 @@ +From pbonzini@redhat.com Tue Sep 20 14:08:11 2016 +From: Paolo Bonzini +Date: Thu, 15 Sep 2016 23:52:43 +0200 +Subject: Revert "KVM: x86: fix missed hardware breakpoints" +To: stable@vger.kernel.org +Cc: matt@codeblueprint.co.uk, Paolo Bonzini +Message-ID: <1473976363-22653-1-git-send-email-pbonzini@redhat.com> + +From: Paolo Bonzini + +[the change is part of 70e4da7a8ff62f2775337b705f45c804bb450454, which +is already in stable kernels 4.1.y to 4.4.y. this part of the fix +however was later undone, so remove the line again] + +The following patches were applied in the wrong order in -stable. This +is the order as they appear in Linus' tree, + + [0] commit 4e422bdd2f84 ("KVM: x86: fix missed hardware breakpoints") + [1] commit 172b2386ed16 ("KVM: x86: fix missed hardware breakpoints") + [2] commit 70e4da7a8ff6 ("KVM: x86: fix root cause for missed hardware breakpoints") + +but this is the order for linux-4.4.y + + [1] commit fc90441e728a ("KVM: x86: fix missed hardware breakpoints") + [2] commit 25e8618619a5 ("KVM: x86: fix root cause for missed hardware breakpoints") + [0] commit 0f6e5e26e68f ("KVM: x86: fix missed hardware breakpoints") + +The upshot is that KVM_DEBUGREG_RELOAD is always set when returning +from kvm_arch_vcpu_load() in stable, but not in Linus' tree. + +This happened because [0] and [1] are the same patch. [0] and [1] come from two +different merges, and the later merge is trivially resolved; when [2] +is applied it reverts both of them. Instead, when using the [1][2][0] +order, patches applies normally but "KVM: x86: fix missed hardware +breakpoints" is present in the final tree. + +Reported-by: Matt Fleming +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/x86.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -2735,7 +2735,6 @@ void kvm_arch_vcpu_load(struct kvm_vcpu + } + + kvm_make_request(KVM_REQ_STEAL_UPDATE, vcpu); +- vcpu->arch.switch_db_regs |= KVM_DEBUGREG_RELOAD; + } + + void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu) diff --git a/queue-4.4/series b/queue-4.4/series index d62fd0abaac..85d3123b341 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -1,3 +1,6 @@ ext4-use-__gfp_nofail-in-ext4_free_blocks.patch fscrypto-add-authorization-check-for-setting-encryption-policy.patch clocksource-drivers-sun4i-clear-interrupts-after-stopping-timer-in-probe-function.patch +mips-kvm-check-for-pfn-noslot-case.patch +revert-kvm-x86-fix-missed-hardware-breakpoints.patch +fscrypto-require-write-access-to-mount-to-set-encryption-policy.patch