From 9ad4e7bb9363ae002b89acd19b0077cbd2efe304 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 13 Jun 2024 09:20:46 +0200
Subject: [PATCH] 4.19-stable patches

added patches:
	crypto-qat-fix-adf_dev_reset_sync-memory-leak.patch
	kvm-arm64-allow-aarch32-pstate.m-to-be-restored-as-system-mode.patch
---
 ...t-fix-adf_dev_reset_sync-memory-leak.patch | 71 +++++++++++++++++++
 ...tate.m-to-be-restored-as-system-mode.patch | 34 +++++++++
 queue-4.19/series                             |  2 +
 3 files changed, 107 insertions(+)
 create mode 100644 queue-4.19/crypto-qat-fix-adf_dev_reset_sync-memory-leak.patch
 create mode 100644 queue-4.19/kvm-arm64-allow-aarch32-pstate.m-to-be-restored-as-system-mode.patch

diff --git a/queue-4.19/crypto-qat-fix-adf_dev_reset_sync-memory-leak.patch b/queue-4.19/crypto-qat-fix-adf_dev_reset_sync-memory-leak.patch
new file mode 100644
index 00000000000..ff7d3e1ecc2
--- /dev/null
+++ b/queue-4.19/crypto-qat-fix-adf_dev_reset_sync-memory-leak.patch
@@ -0,0 +1,71 @@
+From d3b17c6d9dddc2db3670bc9be628b122416a3d26 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Wed, 8 May 2024 16:39:51 +0800
+Subject: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit d3b17c6d9dddc2db3670bc9be628b122416a3d26 upstream.
+
+Using completion_done to determine whether the caller has gone
+away only works after a complete call.  Furthermore it's still
+possible that the caller has not yet called wait_for_completion,
+resulting in another potential UAF.
+
+Fix this by making the caller use cancel_work_sync and then freeing
+the memory safely.
+
+Fixes: 7d42e097607c ("crypto: qat - resolve race condition during AER recovery")
+Cc: <stable@vger.kernel.org> #6.8+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/crypto/qat/qat_common/adf_aer.c |   19 +++++--------------
+ 1 file changed, 5 insertions(+), 14 deletions(-)
+
+--- a/drivers/crypto/qat/qat_common/adf_aer.c
++++ b/drivers/crypto/qat/qat_common/adf_aer.c
+@@ -139,8 +139,7 @@ static void adf_device_reset_worker(stru
+ 	if (adf_dev_init(accel_dev) || adf_dev_start(accel_dev)) {
+ 		/* The device hanged and we can't restart it so stop here */
+ 		dev_err(&GET_DEV(accel_dev), "Restart device failed\n");
+-		if (reset_data->mode == ADF_DEV_RESET_ASYNC ||
+-		    completion_done(&reset_data->compl))
++		if (reset_data->mode == ADF_DEV_RESET_ASYNC)
+ 			kfree(reset_data);
+ 		WARN(1, "QAT: device restart failed. Device is unusable\n");
+ 		return;
+@@ -148,16 +147,8 @@ static void adf_device_reset_worker(stru
+ 	adf_dev_restarted_notify(accel_dev);
+ 	clear_bit(ADF_STATUS_RESTARTING, &accel_dev->status);
+ 
+-	/*
+-	 * The dev is back alive. Notify the caller if in sync mode
+-	 *
+-	 * If device restart will take a more time than expected,
+-	 * the schedule_reset() function can timeout and exit. This can be
+-	 * detected by calling the completion_done() function. In this case
+-	 * the reset_data structure needs to be freed here.
+-	 */
+-	if (reset_data->mode == ADF_DEV_RESET_ASYNC ||
+-	    completion_done(&reset_data->compl))
++	/* The dev is back alive. Notify the caller if in sync mode */
++	if (reset_data->mode == ADF_DEV_RESET_ASYNC)
+ 		kfree(reset_data);
+ 	else
+ 		complete(&reset_data->compl);
+@@ -192,10 +183,10 @@ static int adf_dev_aer_schedule_reset(st
+ 		if (!timeout) {
+ 			dev_err(&GET_DEV(accel_dev),
+ 				"Reset device timeout expired\n");
++			cancel_work_sync(&reset_data->reset_work);
+ 			ret = -EFAULT;
+-		} else {
+-			kfree(reset_data);
+ 		}
++		kfree(reset_data);
+ 		return ret;
+ 	}
+ 	return 0;
diff --git a/queue-4.19/kvm-arm64-allow-aarch32-pstate.m-to-be-restored-as-system-mode.patch b/queue-4.19/kvm-arm64-allow-aarch32-pstate.m-to-be-restored-as-system-mode.patch
new file mode 100644
index 00000000000..d33f836963b
--- /dev/null
+++ b/queue-4.19/kvm-arm64-allow-aarch32-pstate.m-to-be-restored-as-system-mode.patch
@@ -0,0 +1,34 @@
+From dfe6d190f38fc5df5ff2614b463a5195a399c885 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <maz@kernel.org>
+Date: Fri, 24 May 2024 15:19:55 +0100
+Subject: KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
+
+From: Marc Zyngier <maz@kernel.org>
+
+commit dfe6d190f38fc5df5ff2614b463a5195a399c885 upstream.
+
+It appears that we don't allow a vcpu to be restored in AArch32
+System mode, as we *never* included it in the list of valid modes.
+
+Just add it to the list of allowed modes.
+
+Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu")
+Cc: stable@vger.kernel.org
+Acked-by: Oliver Upton <oliver.upton@linux.dev>
+Link: https://lore.kernel.org/r/20240524141956.1450304-3-maz@kernel.org
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/kvm/guest.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/arm64/kvm/guest.c
++++ b/arch/arm64/kvm/guest.c
+@@ -175,6 +175,7 @@ static int set_core_reg(struct kvm_vcpu
+ 		case PSR_AA32_MODE_SVC:
+ 		case PSR_AA32_MODE_ABT:
+ 		case PSR_AA32_MODE_UND:
++		case PSR_AA32_MODE_SYS:
+ 			if (!vcpu_el1_is_32bit(vcpu))
+ 				return -EINVAL;
+ 			break;
diff --git a/queue-4.19/series b/queue-4.19/series
index 9b0ce9246a9..8ca261d0937 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -196,3 +196,5 @@ netfilter-nf_tables-do-not-compare-internal-table-flags-on-updates.patch
 netfilter-nf_tables-mark-set-as-dead-when-unbinding-anonymous-set-with-timeout.patch
 netfilter-nf_tables-reject-new-basechain-after-table-flag-update.patch
 netfilter-nf_tables-discard-table-flag-update-with-pending-basechain-deletion.patch
+kvm-arm64-allow-aarch32-pstate.m-to-be-restored-as-system-mode.patch
+crypto-qat-fix-adf_dev_reset_sync-memory-leak.patch
-- 
2.47.3