From a9093e7e87908c1a8c241018d41dd0dc9f23096f Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Thu, 9 May 2024 06:09:36 -0400 Subject: [PATCH] Fixes for 5.10 Signed-off-by: Sasha Levin --- ...2-check-for-non-null-vcpu-in-vgic_v2.patch | 54 +++++++++++++++++++ ...2-use-cpuid-from-userspace-as-vcpu_i.patch | 51 ++++++++++++++++++ queue-5.10/series | 2 + 3 files changed, 107 insertions(+) create mode 100644 queue-5.10/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch create mode 100644 queue-5.10/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch diff --git a/queue-5.10/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch b/queue-5.10/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch new file mode 100644 index 00000000000..525d8ab36d3 --- /dev/null +++ b/queue-5.10/kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch @@ -0,0 +1,54 @@ +From 9191375c9e7f3e6e48053bdfa17fd148e49be6f8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Apr 2024 17:39:58 +0000 +Subject: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() + +From: Oliver Upton + +[ Upstream commit 6ddb4f372fc63210034b903d96ebbeb3c7195adb ] + +vgic_v2_parse_attr() is responsible for finding the vCPU that matches +the user-provided CPUID, which (of course) may not be valid. If the ID +is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled +gracefully. + +Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() +actually returns something and fail the ioctl if not. + +Cc: stable@vger.kernel.org +Fixes: 7d450e282171 ("KVM: arm/arm64: vgic-new: Add userland access to VGIC dist registers") +Reported-by: Alexander Potapenko +Tested-by: Alexander Potapenko +Reviewed-by: Alexander Potapenko +Reviewed-by: Marc Zyngier +Link: https://lore.kernel.org/r/20240424173959.3776798-2-oliver.upton@linux.dev +Signed-off-by: Oliver Upton +Signed-off-by: Sasha Levin +--- + arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c +index 640cfa0c0f4cc..e80b638b78271 100644 +--- a/arch/arm64/kvm/vgic/vgic-kvm-device.c ++++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c +@@ -284,12 +284,12 @@ int kvm_register_vgic_device(unsigned long type) + int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr, + struct vgic_reg_attr *reg_attr) + { +- int cpuid; ++ int cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); + +- cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); +- +- reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); + reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK; ++ reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); ++ if (!reg_attr->vcpu) ++ return -EINVAL; + + return 0; + } +-- +2.43.0 + diff --git a/queue-5.10/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch b/queue-5.10/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch new file mode 100644 index 00000000000..68c68c6eced --- /dev/null +++ b/queue-5.10/kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch @@ -0,0 +1,51 @@ +From 8dd015580e4f42ba8d0bcdb3db509b7c066bcf14 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 27 Sep 2023 10:09:04 +0100 +Subject: KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id + +From: Marc Zyngier + +[ Upstream commit 4e7728c81a54b17bd33be402ac140bc11bb0c4f4 ] + +When parsing a GICv2 attribute that contains a cpuid, handle this +as the vcpu_id, not a vcpu_idx, as userspace cannot really know +the mapping between the two. For this, use kvm_get_vcpu_by_id() +instead of kvm_get_vcpu(). + +Take this opportunity to get rid of the pointless check against +online_vcpus, which doesn't make much sense either, and switch +to FIELD_GET as a way to extract the vcpu_id. + +Reviewed-by: Zenghui Yu +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20230927090911.3355209-5-maz@kernel.org +Signed-off-by: Oliver Upton +Stable-dep-of: 6ddb4f372fc6 ("KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()") +Signed-off-by: Sasha Levin +--- + arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c +index 7740995de982e..640cfa0c0f4cc 100644 +--- a/arch/arm64/kvm/vgic/vgic-kvm-device.c ++++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c +@@ -286,13 +286,9 @@ int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr, + { + int cpuid; + +- cpuid = (attr->attr & KVM_DEV_ARM_VGIC_CPUID_MASK) >> +- KVM_DEV_ARM_VGIC_CPUID_SHIFT; ++ cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); + +- if (cpuid >= atomic_read(&dev->kvm->online_vcpus)) +- return -EINVAL; +- +- reg_attr->vcpu = kvm_get_vcpu(dev->kvm, cpuid); ++ reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); + reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK; + + return 0; +-- +2.43.0 + diff --git a/queue-5.10/series b/queue-5.10/series index 9f4654c0d54..043464de3a5 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -41,3 +41,5 @@ net-gro-add-flush-check-in-udp_gro_receive_segment.patch clk-sunxi-ng-add-support-for-the-allwinner-h616-ccu.patch clk-sunxi-ng-unregister-clocks-resets-when-unbinding.patch clk-sunxi-ng-h6-reparent-cpux-during-pll-cpux-rate-c.patch +kvm-arm64-vgic-v2-use-cpuid-from-userspace-as-vcpu_i.patch +kvm-arm64-vgic-v2-check-for-non-null-vcpu-in-vgic_v2.patch -- 2.47.2