From: Greg Kroah-Hartman Date: Sat, 12 Mar 2022 14:04:07 +0000 (+0100) Subject: 4.19-stable patches X-Git-Tag: v4.9.307~24 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ee2fa6069119cb9f0b96c49104142e8fd03d9627;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: arm-fix-thumb2-regression-with-spectre-bhb.patch virtio-acknowledge-all-features-before-access.patch virtio-unexport-virtio_finalize_features.patch --- diff --git a/queue-4.19/arm-fix-thumb2-regression-with-spectre-bhb.patch b/queue-4.19/arm-fix-thumb2-regression-with-spectre-bhb.patch new file mode 100644 index 00000000000..98eb9fa1195 --- /dev/null +++ b/queue-4.19/arm-fix-thumb2-regression-with-spectre-bhb.patch @@ -0,0 +1,37 @@ +From 6c7cb60bff7aec24b834343ff433125f469886a3 Mon Sep 17 00:00:00 2001 +From: "Russell King (Oracle)" +Date: Fri, 11 Mar 2022 17:13:17 +0000 +Subject: ARM: fix Thumb2 regression with Spectre BHB + +From: Russell King (Oracle) + +commit 6c7cb60bff7aec24b834343ff433125f469886a3 upstream. + +When building for Thumb2, the vectors make use of a local label. Sadly, +the Spectre BHB code also uses a local label with the same number which +results in the Thumb2 reference pointing at the wrong place. Fix this +by changing the number used for the Spectre BHB local label. + +Fixes: b9baf5c8c5c3 ("ARM: Spectre-BHB workaround") +Tested-by: Nathan Chancellor +Signed-off-by: Russell King (Oracle) +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/kernel/entry-armv.S | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm/kernel/entry-armv.S ++++ b/arch/arm/kernel/entry-armv.S +@@ -1067,9 +1067,9 @@ vector_bhb_loop8_\name: + + @ bhb workaround + mov r0, #8 +-1: b . + 4 ++3: b . + 4 + subs r0, r0, #1 +- bne 1b ++ bne 3b + dsb + isb + b 2b diff --git a/queue-4.19/series b/queue-4.19/series index 89ac01b79a0..347741f2a4e 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -20,3 +20,6 @@ staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch net-macb-fix-lost-rx-packet-wakeup-race-in-napi-receive.patch riscv-fix-auipc-jalr-relocation-range-checks.patch kvm-arm64-reset-pmc_el0-to-avoid-a-panic-on-systems-with-no-pmu.patch +virtio-unexport-virtio_finalize_features.patch +virtio-acknowledge-all-features-before-access.patch +arm-fix-thumb2-regression-with-spectre-bhb.patch diff --git a/queue-4.19/virtio-acknowledge-all-features-before-access.patch b/queue-4.19/virtio-acknowledge-all-features-before-access.patch new file mode 100644 index 00000000000..a060a62d5f1 --- /dev/null +++ b/queue-4.19/virtio-acknowledge-all-features-before-access.patch @@ -0,0 +1,140 @@ +From 4fa59ede95195f267101a1b8916992cf3f245cdb Mon Sep 17 00:00:00 2001 +From: "Michael S. Tsirkin" +Date: Fri, 14 Jan 2022 14:58:41 -0500 +Subject: virtio: acknowledge all features before access + +From: Michael S. Tsirkin + +commit 4fa59ede95195f267101a1b8916992cf3f245cdb upstream. + +The feature negotiation was designed in a way that +makes it possible for devices to know which config +fields will be accessed by drivers. + +This is broken since commit 404123c2db79 ("virtio: allow drivers to +validate features") with fallout in at least block and net. We have a +partial work-around in commit 2f9a174f918e ("virtio: write back +F_VERSION_1 before validate") which at least lets devices find out which +format should config space have, but this is a partial fix: guests +should not access config space without acknowledging features since +otherwise we'll never be able to change the config space format. + +To fix, split finalize_features from virtio_finalize_features and +call finalize_features with all feature bits before validation, +and then - if validation changed any bits - once again after. + +Since virtio_finalize_features no longer writes out features +rename it to virtio_features_ok - since that is what it does: +checks that features are ok with the device. + +As a side effect, this also reduces the amount of hypervisor accesses - +we now only acknowledge features once unless we are clearing any +features when validating (which is uncommon). + +IRC I think that this was more or less always the intent in the spec but +unfortunately the way the spec is worded does not say this explicitly, I +plan to address this at the spec level, too. + +Acked-by: Jason Wang +Cc: stable@vger.kernel.org +Fixes: 404123c2db79 ("virtio: allow drivers to validate features") +Fixes: 2f9a174f918e ("virtio: write back F_VERSION_1 before validate") +Cc: "Halil Pasic" +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/virtio/virtio.c | 39 +++++++++++++++++++++------------------ + include/linux/virtio_config.h | 3 ++- + 2 files changed, 23 insertions(+), 19 deletions(-) + +--- a/drivers/virtio/virtio.c ++++ b/drivers/virtio/virtio.c +@@ -165,14 +165,11 @@ void virtio_add_status(struct virtio_dev + } + EXPORT_SYMBOL_GPL(virtio_add_status); + +-static int virtio_finalize_features(struct virtio_device *dev) ++/* Do some validation, then set FEATURES_OK */ ++static int virtio_features_ok(struct virtio_device *dev) + { +- int ret = dev->config->finalize_features(dev); + unsigned status; + +- if (ret) +- return ret; +- + if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) + return 0; + +@@ -221,17 +218,6 @@ static int virtio_dev_probe(struct devic + driver_features_legacy = driver_features; + } + +- /* +- * Some devices detect legacy solely via F_VERSION_1. Write +- * F_VERSION_1 to force LE config space accesses before FEATURES_OK for +- * these when needed. +- */ +- if (drv->validate && !virtio_legacy_is_little_endian() +- && device_features & BIT_ULL(VIRTIO_F_VERSION_1)) { +- dev->features = BIT_ULL(VIRTIO_F_VERSION_1); +- dev->config->finalize_features(dev); +- } +- + if (device_features & (1ULL << VIRTIO_F_VERSION_1)) + dev->features = driver_features & device_features; + else +@@ -242,13 +228,26 @@ static int virtio_dev_probe(struct devic + if (device_features & (1ULL << i)) + __virtio_set_bit(dev, i); + ++ err = dev->config->finalize_features(dev); ++ if (err) ++ goto err; ++ + if (drv->validate) { ++ u64 features = dev->features; ++ + err = drv->validate(dev); + if (err) + goto err; ++ ++ /* Did validation change any features? Then write them again. */ ++ if (features != dev->features) { ++ err = dev->config->finalize_features(dev); ++ if (err) ++ goto err; ++ } + } + +- err = virtio_finalize_features(dev); ++ err = virtio_features_ok(dev); + if (err) + goto err; + +@@ -412,7 +411,11 @@ int virtio_device_restore(struct virtio_ + /* We have a driver! */ + virtio_add_status(dev, VIRTIO_CONFIG_S_DRIVER); + +- ret = virtio_finalize_features(dev); ++ ret = dev->config->finalize_features(dev); ++ if (ret) ++ goto err; ++ ++ ret = virtio_features_ok(dev); + if (ret) + goto err; + +--- a/include/linux/virtio_config.h ++++ b/include/linux/virtio_config.h +@@ -51,8 +51,9 @@ struct irq_affinity; + * Returns the first 32 feature bits (all we currently need). + * @finalize_features: confirm what device features we'll be using. + * vdev: the virtio_device +- * This gives the final feature bits for the device: it can change ++ * This sends the driver feature bits to the device: it can change + * the dev->feature bits if it wants. ++ * Note: despite the name this can be called any number of times. + * Returns 0 on success or error status + * @bus_name: return the bus name associated with the device + * vdev: the virtio_device diff --git a/queue-4.19/virtio-unexport-virtio_finalize_features.patch b/queue-4.19/virtio-unexport-virtio_finalize_features.patch new file mode 100644 index 00000000000..d57775fcf68 --- /dev/null +++ b/queue-4.19/virtio-unexport-virtio_finalize_features.patch @@ -0,0 +1,50 @@ +From 838d6d3461db0fdbf33fc5f8a69c27b50b4a46da Mon Sep 17 00:00:00 2001 +From: "Michael S. Tsirkin" +Date: Fri, 14 Jan 2022 14:56:15 -0500 +Subject: virtio: unexport virtio_finalize_features + +From: Michael S. Tsirkin + +commit 838d6d3461db0fdbf33fc5f8a69c27b50b4a46da upstream. + +virtio_finalize_features is only used internally within virtio. +No reason to export it. + +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Cornelia Huck +Acked-by: Jason Wang +Signed-off-by: Greg Kroah-Hartman +--- + drivers/virtio/virtio.c | 3 +-- + include/linux/virtio.h | 1 - + 2 files changed, 1 insertion(+), 3 deletions(-) + +--- a/drivers/virtio/virtio.c ++++ b/drivers/virtio/virtio.c +@@ -165,7 +165,7 @@ void virtio_add_status(struct virtio_dev + } + EXPORT_SYMBOL_GPL(virtio_add_status); + +-int virtio_finalize_features(struct virtio_device *dev) ++static int virtio_finalize_features(struct virtio_device *dev) + { + int ret = dev->config->finalize_features(dev); + unsigned status; +@@ -185,7 +185,6 @@ int virtio_finalize_features(struct virt + } + return 0; + } +-EXPORT_SYMBOL_GPL(virtio_finalize_features); + + static int virtio_dev_probe(struct device *_d) + { +--- a/include/linux/virtio.h ++++ b/include/linux/virtio.h +@@ -151,7 +151,6 @@ void virtio_break_device(struct virtio_d + void virtio_config_changed(struct virtio_device *dev); + void virtio_config_disable(struct virtio_device *dev); + void virtio_config_enable(struct virtio_device *dev); +-int virtio_finalize_features(struct virtio_device *dev); + #ifdef CONFIG_PM_SLEEP + int virtio_device_freeze(struct virtio_device *dev); + int virtio_device_restore(struct virtio_device *dev);