From: Greg Kroah-Hartman Date: Mon, 20 Jun 2022 10:17:40 +0000 (+0200) Subject: 5.10-stable patches X-Git-Tag: v5.4.200~18 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5956ddc9aecd8af1a8724bf2c6d335549f4b3ad1;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: alsa-hda-realtek-fix-right-sounds-and-mute-micmute-leds-for-hp-machine.patch kvm-svm-use-kzalloc-for-sev-ioctl-interfaces-to-prevent-kernel-data-leak.patch kvm-x86-account-a-variety-of-miscellaneous-allocations.patch mm-page_alloc-validate-buddy-before-check-its-migratetype.patch virtio-pci-remove-wrong-address-verification-in-vp_del_vqs.patch --- diff --git a/queue-5.10/alsa-hda-realtek-fix-right-sounds-and-mute-micmute-leds-for-hp-machine.patch b/queue-5.10/alsa-hda-realtek-fix-right-sounds-and-mute-micmute-leds-for-hp-machine.patch new file mode 100644 index 00000000000..c96db631da4 --- /dev/null +++ b/queue-5.10/alsa-hda-realtek-fix-right-sounds-and-mute-micmute-leds-for-hp-machine.patch @@ -0,0 +1,33 @@ +From foo@baz Mon Jun 20 12:08:03 PM CEST 2022 +From: Andy Chi +Date: Fri, 13 May 2022 20:16:45 +0800 +Subject: ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine + +From: Andy Chi + +commit 024a7ad9eb4df626ca8c77fef4f67fd0ebd559d2 upstream. + +The HP EliteBook 630 is using ALC236 codec which used 0x02 to control mute LED +and 0x01 to control micmute LED. Therefore, add a quirk to make it works. + +Signed-off-by: Andy Chi +Cc: +Link: https://lore.kernel.org/r/20220513121648.28584-1-andy.chi@canonical.com +Signed-off-by: Takashi Iwai +[sudip: adjust context] +Signed-off-by: Sudip Mukherjee +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -8793,6 +8793,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x103c, 0x8873, "HP ZBook Studio 15.6 Inch G8 Mobile Workstation PC", ALC285_FIXUP_HP_GPIO_AMP_INIT), + SND_PCI_QUIRK(0x103c, 0x888d, "HP ZBook Power 15.6 inch G8 Mobile Workstation PC", ALC236_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8896, "HP EliteBook 855 G8 Notebook PC", ALC285_FIXUP_HP_MUTE_LED), ++ SND_PCI_QUIRK(0x103c, 0x89aa, "HP EliteBook 630 G9", ALC236_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x1043, 0x103e, "ASUS X540SA", ALC256_FIXUP_ASUS_MIC), + SND_PCI_QUIRK(0x1043, 0x103f, "ASUS TX300", ALC282_FIXUP_ASUS_TX300), + SND_PCI_QUIRK(0x1043, 0x106d, "Asus K53BE", ALC269_FIXUP_LIMIT_INT_MIC_BOOST), diff --git a/queue-5.10/kvm-svm-use-kzalloc-for-sev-ioctl-interfaces-to-prevent-kernel-data-leak.patch b/queue-5.10/kvm-svm-use-kzalloc-for-sev-ioctl-interfaces-to-prevent-kernel-data-leak.patch new file mode 100644 index 00000000000..b508661dabb --- /dev/null +++ b/queue-5.10/kvm-svm-use-kzalloc-for-sev-ioctl-interfaces-to-prevent-kernel-data-leak.patch @@ -0,0 +1,58 @@ +From foo@baz Mon Jun 20 12:06:29 PM CEST 2022 +From: Ashish Kalra +Date: Mon, 16 May 2022 15:43:10 +0000 +Subject: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak + +From: Ashish Kalra + +commit d22d2474e3953996f03528b84b7f52cc26a39403 upstream. + +For some sev ioctl interfaces, the length parameter that is passed maybe +less than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data +that PSP firmware returns. In this case, kmalloc will allocate memory +that is the size of the input rather than the size of the data. +Since PSP firmware doesn't fully overwrite the allocated buffer, these +sev ioctl interface may return uninitialized kernel slab memory. + +Reported-by: Andy Nguyen +Suggested-by: David Rientjes +Suggested-by: Peter Gonda +Cc: kvm@vger.kernel.org +Cc: stable@vger.kernel.org +Cc: linux-kernel@vger.kernel.org +Fixes: eaf78265a4ab3 ("KVM: SVM: Move SEV code to separate file") +Fixes: 2c07ded06427d ("KVM: SVM: add support for SEV attestation command") +Fixes: 4cfdd47d6d95a ("KVM: SVM: Add KVM_SEV SEND_START command") +Fixes: d3d1af85e2c75 ("KVM: SVM: Add KVM_SEND_UPDATE_DATA command") +Fixes: eba04b20e4861 ("KVM: x86: Account a variety of miscellaneous allocations") +Signed-off-by: Ashish Kalra +Reviewed-by: Peter Gonda +Message-Id: <20220516154310.3685678-1-Ashish.Kalra@amd.com> +Signed-off-by: Paolo Bonzini +[sudip: adjust context] +Signed-off-by: Sudip Mukherjee +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/svm/sev.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/x86/kvm/svm/sev.c ++++ b/arch/x86/kvm/svm/sev.c +@@ -537,7 +537,7 @@ static int sev_launch_measure(struct kvm + } + + ret = -ENOMEM; +- blob = kmalloc(params.len, GFP_KERNEL_ACCOUNT); ++ blob = kzalloc(params.len, GFP_KERNEL_ACCOUNT); + if (!blob) + goto e_free; + +@@ -676,7 +676,7 @@ static int __sev_dbg_decrypt_user(struct + if (!IS_ALIGNED(dst_paddr, 16) || + !IS_ALIGNED(paddr, 16) || + !IS_ALIGNED(size, 16)) { +- tpage = (void *)alloc_page(GFP_KERNEL); ++ tpage = (void *)alloc_page(GFP_KERNEL | __GFP_ZERO); + if (!tpage) + return -ENOMEM; + diff --git a/queue-5.10/kvm-x86-account-a-variety-of-miscellaneous-allocations.patch b/queue-5.10/kvm-x86-account-a-variety-of-miscellaneous-allocations.patch new file mode 100644 index 00000000000..7dd133cdbe5 --- /dev/null +++ b/queue-5.10/kvm-x86-account-a-variety-of-miscellaneous-allocations.patch @@ -0,0 +1,62 @@ +From foo@baz Mon Jun 20 12:06:29 PM CEST 2022 +From: Sean Christopherson +Date: Tue, 30 Mar 2021 19:30:25 -0700 +Subject: KVM: x86: Account a variety of miscellaneous allocations + +From: Sean Christopherson + +commit eba04b20e4861d9bdbd8470a13c0c6e824521a36 upstream. + +Switch to GFP_KERNEL_ACCOUNT for a handful of allocations that are +clearly associated with a single task/VM. + +Note, there are a several SEV allocations that aren't accounted, but +those can (hopefully) be fixed by using the local stack for memory. + +Signed-off-by: Sean Christopherson +Message-Id: <20210331023025.2485960-3-seanjc@google.com> +Signed-off-by: Paolo Bonzini +[sudip: adjust context] +Signed-off-by: Sudip Mukherjee +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/svm/nested.c | 4 ++-- + arch/x86/kvm/svm/sev.c | 2 +- + arch/x86/kvm/vmx/vmx.c | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +--- a/arch/x86/kvm/svm/nested.c ++++ b/arch/x86/kvm/svm/nested.c +@@ -1198,8 +1198,8 @@ static int svm_set_nested_state(struct k + return -EINVAL; + + ret = -ENOMEM; +- ctl = kzalloc(sizeof(*ctl), GFP_KERNEL); +- save = kzalloc(sizeof(*save), GFP_KERNEL); ++ ctl = kzalloc(sizeof(*ctl), GFP_KERNEL_ACCOUNT); ++ save = kzalloc(sizeof(*save), GFP_KERNEL_ACCOUNT); + if (!ctl || !save) + goto out_free; + +--- a/arch/x86/kvm/svm/sev.c ++++ b/arch/x86/kvm/svm/sev.c +@@ -537,7 +537,7 @@ static int sev_launch_measure(struct kvm + } + + ret = -ENOMEM; +- blob = kmalloc(params.len, GFP_KERNEL); ++ blob = kmalloc(params.len, GFP_KERNEL_ACCOUNT); + if (!blob) + goto e_free; + +--- a/arch/x86/kvm/vmx/vmx.c ++++ b/arch/x86/kvm/vmx/vmx.c +@@ -619,7 +619,7 @@ static int hv_enable_direct_tlbflush(str + * evmcs in singe VM shares same assist page. + */ + if (!*p_hv_pa_pg) +- *p_hv_pa_pg = kzalloc(PAGE_SIZE, GFP_KERNEL); ++ *p_hv_pa_pg = kzalloc(PAGE_SIZE, GFP_KERNEL_ACCOUNT); + + if (!*p_hv_pa_pg) + return -ENOMEM; diff --git a/queue-5.10/mm-page_alloc-validate-buddy-before-check-its-migratetype.patch b/queue-5.10/mm-page_alloc-validate-buddy-before-check-its-migratetype.patch new file mode 100644 index 00000000000..14047e2584a --- /dev/null +++ b/queue-5.10/mm-page_alloc-validate-buddy-before-check-its-migratetype.patch @@ -0,0 +1,39 @@ +From 787af64d05cd528aac9ad16752d11bb1c6061bb9 Mon Sep 17 00:00:00 2001 +From: Zi Yan +Date: Wed, 30 Mar 2022 15:45:43 -0700 +Subject: mm: page_alloc: validate buddy before check its migratetype. + +From: Zi Yan + +commit 787af64d05cd528aac9ad16752d11bb1c6061bb9 upstream. + +Whenever a buddy page is found, page_is_buddy() should be called to +check its validity. Add the missing check during pageblock merge check. + +Fixes: 1dd214b8f21c ("mm: page_alloc: avoid merging non-fallbackable pageblocks with others") +Link: https://lore.kernel.org/all/20220330154208.71aca532@gandalf.local.home/ +Reported-and-tested-by: Steven Rostedt +Signed-off-by: Zi Yan +Signed-off-by: Linus Torvalds +Fixes: d9dddbf55667 ("mm/page_alloc: prevent merging between isolated and other pageblocks") +Cc: stable@vger.kernel.org +Reported-by: zjb194813@alibaba-inc.com +Reported-by: tianhu.hh@alibaba-inc.com +Signed-off-by: Xianting Tian +Signed-off-by: Greg Kroah-Hartman +--- + mm/page_alloc.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -1049,6 +1049,9 @@ continue_merging: + + buddy_pfn = __find_buddy_pfn(pfn, order); + buddy = page + (buddy_pfn - pfn); ++ ++ if (!page_is_buddy(page, buddy, order)) ++ goto done_merging; + buddy_mt = get_pageblock_migratetype(buddy); + + if (migratetype != buddy_mt diff --git a/queue-5.10/series b/queue-5.10/series index 9c3641da432..6d217d6bf4b 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -71,3 +71,8 @@ ext4-fix-bug_on-ext4_mb_use_inode_pa.patch ext4-make-variable-count-signed.patch ext4-add-reserved-gdt-blocks-check.patch kvm-arm64-don-t-read-a-hw-interrupt-pending-state-in-user-context.patch +kvm-x86-account-a-variety-of-miscellaneous-allocations.patch +kvm-svm-use-kzalloc-for-sev-ioctl-interfaces-to-prevent-kernel-data-leak.patch +alsa-hda-realtek-fix-right-sounds-and-mute-micmute-leds-for-hp-machine.patch +virtio-pci-remove-wrong-address-verification-in-vp_del_vqs.patch +mm-page_alloc-validate-buddy-before-check-its-migratetype.patch diff --git a/queue-5.10/virtio-pci-remove-wrong-address-verification-in-vp_del_vqs.patch b/queue-5.10/virtio-pci-remove-wrong-address-verification-in-vp_del_vqs.patch new file mode 100644 index 00000000000..fe4b6216986 --- /dev/null +++ b/queue-5.10/virtio-pci-remove-wrong-address-verification-in-vp_del_vqs.patch @@ -0,0 +1,52 @@ +From 7e415282b41bf0d15c6e0fe268f822d9b083f2f7 Mon Sep 17 00:00:00 2001 +From: Murilo Opsfelder Araujo +Date: Thu, 14 Apr 2022 23:30:02 -0300 +Subject: virtio-pci: Remove wrong address verification in vp_del_vqs() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Murilo Opsfelder Araujo + +commit 7e415282b41bf0d15c6e0fe268f822d9b083f2f7 upstream. + +GCC 12 enhanced -Waddress when comparing array address to null [0], +which warns: + + drivers/virtio/virtio_pci_common.c: In function ‘vp_del_vqs’: + drivers/virtio/virtio_pci_common.c:257:29: warning: the comparison will always evaluate as ‘true’ for the pointer operand in ‘vp_dev->msix_affinity_masks + (sizetype)((long unsigned int)i * 256)’ must not be NULL [-Waddress] + 257 | if (vp_dev->msix_affinity_masks[i]) + | ^~~~~~ + +In fact, the verification is comparing the result of a pointer +arithmetic, the address "msix_affinity_masks + i", which will always +evaluate to true. + +Under the hood, free_cpumask_var() calls kfree(), which is safe to pass +NULL, not requiring non-null verification. So remove the verification +to make compiler happy (happy compiler, happy life). + +[0] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102103 + +Signed-off-by: Murilo Opsfelder Araujo +Message-Id: <20220415023002.49805-1-muriloo@linux.ibm.com> +Signed-off-by: Michael S. Tsirkin +Acked-by: Christophe de Dinechin +Cc: Sudip Mukherjee +Signed-off-by: Greg Kroah-Hartman +--- + drivers/virtio/virtio_pci_common.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/virtio/virtio_pci_common.c ++++ b/drivers/virtio/virtio_pci_common.c +@@ -254,8 +254,7 @@ void vp_del_vqs(struct virtio_device *vd + + if (vp_dev->msix_affinity_masks) { + for (i = 0; i < vp_dev->msix_vectors; i++) +- if (vp_dev->msix_affinity_masks[i]) +- free_cpumask_var(vp_dev->msix_affinity_masks[i]); ++ free_cpumask_var(vp_dev->msix_affinity_masks[i]); + } + + if (vp_dev->msix_enabled) {