--- /dev/null
+From 511da98d207d5c0675a10351b01e37cbe50a79e5 Mon Sep 17 00:00:00 2001
+From: Yu Zhang <yu.c.zhang@linux.intel.com>
+Date: Fri, 1 Feb 2019 00:09:43 +0800
+Subject: kvm: x86: Return LA57 feature based on hardware capability
+
+From: Yu Zhang <yu.c.zhang@linux.intel.com>
+
+commit 511da98d207d5c0675a10351b01e37cbe50a79e5 upstream.
+
+Previously, 'commit 372fddf70904 ("x86/mm: Introduce the 'no5lvl' kernel
+parameter")' cleared X86_FEATURE_LA57 in boot_cpu_data, if Linux chooses
+to not run in 5-level paging mode. Yet boot_cpu_data is queried by
+do_cpuid_ent() as the host capability later when creating vcpus, and Qemu
+will not be able to detect this feature and create VMs with LA57 feature.
+
+As discussed earlier, VMs can still benefit from extended linear address
+width, e.g. to enhance features like ASLR. So we would like to fix this,
+by return the true hardware capability when Qemu queries.
+
+Signed-off-by: Yu Zhang <yu.c.zhang@linux.intel.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/cpuid.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/arch/x86/kvm/cpuid.c
++++ b/arch/x86/kvm/cpuid.c
+@@ -337,6 +337,7 @@ static inline int __do_cpuid_ent(struct
+ unsigned f_mpx = kvm_mpx_supported() ? F(MPX) : 0;
+ unsigned f_xsaves = kvm_x86_ops->xsaves_supported() ? F(XSAVES) : 0;
+ unsigned f_umip = kvm_x86_ops->umip_emulated() ? F(UMIP) : 0;
++ unsigned f_la57 = 0;
+
+ /* cpuid 1.edx */
+ const u32 kvm_cpuid_1_edx_x86_features =
+@@ -491,7 +492,10 @@ static inline int __do_cpuid_ent(struct
+ // TSC_ADJUST is emulated
+ entry->ebx |= F(TSC_ADJUST);
+ entry->ecx &= kvm_cpuid_7_0_ecx_x86_features;
++ f_la57 = entry->ecx & F(LA57);
+ cpuid_mask(&entry->ecx, CPUID_7_ECX);
++ /* Set LA57 based on hardware capability. */
++ entry->ecx |= f_la57;
+ entry->ecx |= f_umip;
+ /* PKU is not yet implemented for shadow paging. */
+ if (!tdp_enabled || !boot_cpu_has(X86_FEATURE_OSPKE))
--- /dev/null
+From 51d0af222f6fa43134c6187ab4f374630f6e0d96 Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@nbd.name>
+Date: Fri, 22 Feb 2019 13:21:15 +0100
+Subject: mac80211: allocate tailroom for forwarded mesh packets
+
+From: Felix Fietkau <nbd@nbd.name>
+
+commit 51d0af222f6fa43134c6187ab4f374630f6e0d96 upstream.
+
+Forwarded packets enter the tx path through ieee80211_add_pending_skb,
+which skips the ieee80211_skb_resize call.
+Fixes WARN_ON in ccmp_encrypt_skb and resulting packet loss.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/mac80211/rx.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -2598,6 +2598,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80
+ struct ieee80211_sub_if_data *sdata = rx->sdata;
+ struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
+ u16 ac, q, hdrlen;
++ int tailroom = 0;
+
+ hdr = (struct ieee80211_hdr *) skb->data;
+ hdrlen = ieee80211_hdrlen(hdr->frame_control);
+@@ -2684,8 +2685,12 @@ ieee80211_rx_h_mesh_fwding(struct ieee80
+ if (!ifmsh->mshcfg.dot11MeshForwarding)
+ goto out;
+
++ if (sdata->crypto_tx_tailroom_needed_cnt)
++ tailroom = IEEE80211_ENCRYPT_TAILROOM;
++
+ fwd_skb = skb_copy_expand(skb, local->tx_headroom +
+- sdata->encrypt_headroom, 0, GFP_ATOMIC);
++ sdata->encrypt_headroom,
++ tailroom, GFP_ATOMIC);
+ if (!fwd_skb)
+ goto out;
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
