From a20f0b20328f7d308a028e45778305153e11b6bf Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Thu, 9 May 2024 06:09:35 -0400 Subject: [PATCH] Fixes for 6.1 Signed-off-by: Sasha Levin --- ...2-check-for-non-null-vcpu-in-vgic_v2.patch | 54 +++++++++++++++++++ ...2-use-cpuid-from-userspace-as-vcpu_i.patch | 51 ++++++++++++++++++ queue-6.1/series | 2 + 3 files changed, 107 insertions(+) create mode 100644 queue-6.1/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch create mode 100644 queue-6.1/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch diff --git a/queue-6.1/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch b/queue-6.1/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch new file mode 100644 index 00000000000..d0f82fa66de --- /dev/null +++ b/queue-6.1/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch @@ -0,0 +1,54 @@ +From 2fc0f80a773da0594d81651ad83b9bce35aa518e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Apr 2024 17:39:58 +0000 +Subject: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() + +From: Oliver Upton + +[ Upstream commit 6ddb4f372fc63210034b903d96ebbeb3c7195adb ] + +vgic_v2_parse_attr() is responsible for finding the vCPU that matches +the user-provided CPUID, which (of course) may not be valid. If the ID +is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled +gracefully. + +Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() +actually returns something and fail the ioctl if not. + +Cc: stable@vger.kernel.org +Fixes: 7d450e282171 ("KVM: arm/arm64: vgic-new: Add userland access to VGIC dist registers") +Reported-by: Alexander Potapenko +Tested-by: Alexander Potapenko +Reviewed-by: Alexander Potapenko +Reviewed-by: Marc Zyngier +Link: https://lore.kernel.org/r/20240424173959.3776798-2-oliver.upton@linux.dev +Signed-off-by: Oliver Upton +Signed-off-by: Sasha Levin +--- + arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c +index 97ead28f81425..63731fb3d8f63 100644 +--- a/arch/arm64/kvm/vgic/vgic-kvm-device.c ++++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c +@@ -337,12 +337,12 @@ int kvm_register_vgic_device(unsigned long type) + int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr, + struct vgic_reg_attr *reg_attr) + { +- int cpuid; ++ int cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); + +- cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); +- +- reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); + reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK; ++ reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); ++ if (!reg_attr->vcpu) ++ return -EINVAL; + + return 0; + } +-- +2.43.0 + diff --git a/queue-6.1/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch b/queue-6.1/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch new file mode 100644 index 00000000000..5fcda99c66c --- /dev/null +++ b/queue-6.1/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch @@ -0,0 +1,51 @@ +From 52fbc03a053455ff8d15b67a0e273ab2f211cc81 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 27 Sep 2023 10:09:04 +0100 +Subject: KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id + +From: Marc Zyngier + +[ Upstream commit 4e7728c81a54b17bd33be402ac140bc11bb0c4f4 ] + +When parsing a GICv2 attribute that contains a cpuid, handle this +as the vcpu_id, not a vcpu_idx, as userspace cannot really know +the mapping between the two. For this, use kvm_get_vcpu_by_id() +instead of kvm_get_vcpu(). + +Take this opportunity to get rid of the pointless check against +online_vcpus, which doesn't make much sense either, and switch +to FIELD_GET as a way to extract the vcpu_id. + +Reviewed-by: Zenghui Yu +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20230927090911.3355209-5-maz@kernel.org +Signed-off-by: Oliver Upton +Stable-dep-of: 6ddb4f372fc6 ("KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()") +Signed-off-by: Sasha Levin +--- + arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c +index bf4b3d9631ce1..97ead28f81425 100644 +--- a/arch/arm64/kvm/vgic/vgic-kvm-device.c ++++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c +@@ -339,13 +339,9 @@ int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr, + { + int cpuid; + +- cpuid = (attr->attr & KVM_DEV_ARM_VGIC_CPUID_MASK) >> +- KVM_DEV_ARM_VGIC_CPUID_SHIFT; ++ cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); + +- if (cpuid >= atomic_read(&dev->kvm->online_vcpus)) +- return -EINVAL; +- +- reg_attr->vcpu = kvm_get_vcpu(dev->kvm, cpuid); ++ reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); + reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK; + + return 0; +-- +2.43.0 + diff --git a/queue-6.1/series b/queue-6.1/series index cb6df035fc9..9fe4e5b045f 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -89,3 +89,5 @@ powerpc-pseries-move-plpks-constants-to-header-file.patch powerpc-pseries-implement-signed-update-for-plpks-ob.patch powerpc-pseries-make-max-polling-consistent-for-long.patch powerpc-pseries-iommu-lpar-panics-during-boot-up-wit.patch +kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch +kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch -- 2.47.2