Fixes for 4.9

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-4.9/kvm-vmx-do-not-allow-reexecute_instruction-when-skip.patch b/queue-4.9/kvm-vmx-do-not-allow-reexecute_instruction-when-skip.patch
new file mode 100644 (file)
index 0000000..63c1227
--- /dev/null
+++ b/queue-4.9/kvm-vmx-do-not-allow-reexecute_instruction-when-skip.patch
@@ -0,0 +1,53 @@
+From d3451c98976f3f0bc5159ceba848f2eb8abd3dfb Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 23 Aug 2018 13:56:46 -0700
+Subject: KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO
+ instr
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Sean Christopherson <sean.j.christopherson@intel.com>
+
+[ Upstream commit c4409905cd6eb42cfd06126e9226b0150e05a715 ]
+
+Re-execution after an emulation decode failure is only intended to
+handle a case where two or vCPUs race to write a shadowed page, i.e.
+we should never re-execute an instruction as part of MMIO emulation.
+As handle_ept_misconfig() is only used for MMIO emulation, it should
+pass EMULTYPE_NO_REEXECUTE when using the emulator to skip an instr
+in the fast-MMIO case where VM_EXIT_INSTRUCTION_LEN is invalid.
+
+And because the cr2 value passed to x86_emulate_instruction() is only
+destined for use when retrying or reexecuting, we can simply call
+emulate_instruction().
+
+Fixes: d391f1207067 ("x86/kvm/vmx: do not use vm-exit instruction length
+                      for fast MMIO when running nested")
+Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
+Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/kvm/vmx.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
+index 8bd336651de52..1fa4545c55e35 100644
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -6564,8 +6564,8 @@ static int handle_ept_misconfig(struct kvm_vcpu *vcpu)
+                       return 1;
+               }
+               else
+-                      return x86_emulate_instruction(vcpu, gpa, EMULTYPE_SKIP,
+-                                                     NULL, 0) == EMULATE_DONE;
++                      return emulate_instruction(vcpu, EMULTYPE_SKIP) ==
++                                                              EMULATE_DONE;
+       }
+ 
+       ret = kvm_mmu_page_fault(vcpu, gpa, PFERR_RSVD_MASK, NULL, 0);
+-- 
+2.20.1
+

diff --git a/queue-4.9/net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch b/queue-4.9/net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch
new file mode 100644 (file)
index 0000000..13c6971
--- /dev/null
+++ b/queue-4.9/net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch
@@ -0,0 +1,63 @@
+From a1a902ae60038650a70b7f50ce1fcc3d4c996c88 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 9 Oct 2018 17:48:15 +0200
+Subject: net: ipv4: don't let PMTU updates increase route MTU
+
+From: Sabrina Dubroca <sd@queasysnail.net>
+
+[ Upstream commit 28d35bcdd3925e7293408cdb8aa5f2aac5f0d6e3 ]
+
+When an MTU update with PMTU smaller than net.ipv4.route.min_pmtu is
+received, we must clamp its value. However, we can receive a PMTU
+exception with PMTU < old_mtu < ip_rt_min_pmtu, which would lead to an
+increase in PMTU.
+
+To fix this, take the smallest of the old MTU and ip_rt_min_pmtu.
+
+Before this patch, in case of an update, the exception's MTU would
+always change. Now, an exception can have only its lock flag updated,
+but not the MTU, so we need to add a check on locking to the following
+"is this exception getting updated, or close to expiring?" test.
+
+Fixes: d52e5a7e7ca4 ("ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu")
+Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
+Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/ipv4/route.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/net/ipv4/route.c b/net/ipv4/route.c
+index 6058dbc4e2c19..8f5c6fa54ac09 100644
+--- a/net/ipv4/route.c
++++ b/net/ipv4/route.c
+@@ -991,21 +991,22 @@ out:     kfree_skb(skb);
+ static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
+ {
+       struct dst_entry *dst = &rt->dst;
++      u32 old_mtu = ipv4_mtu(dst);
+       struct fib_result res;
+       bool lock = false;
+ 
+       if (ip_mtu_locked(dst))
+               return;
+ 
+-      if (ipv4_mtu(dst) < mtu)
++      if (old_mtu < mtu)
+               return;
+ 
+       if (mtu < ip_rt_min_pmtu) {
+               lock = true;
+-              mtu = ip_rt_min_pmtu;
++              mtu = min(old_mtu, ip_rt_min_pmtu);
+       }
+ 
+-      if (rt->rt_pmtu == mtu &&
++      if (rt->rt_pmtu == mtu && !lock &&
+           time_before(jiffies, dst->expires - ip_rt_mtu_expires / 2))
+               return;
+ 
+-- 
+2.20.1
+

diff --git a/queue-4.9/series b/queue-4.9/series
index 464d52ac3988e41dc7c5a240782f248343a4e3c6..ebc7b81b5d1e98353aeb143a7cc7daab20f2ab57 100644 (file)
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -47,3 +47,5 @@ net-mvneta-fix-the-case-where-the-last-poll-did-not-process-all-rx.patch
 hsr-use-rcu_read_lock-in-hsr_get_node_-list-status.patch
 hsr-add-restart-routine-into-hsr_get_node_list.patch
 hsr-set-.netnsok-flag.patch
+kvm-vmx-do-not-allow-reexecute_instruction-when-skip.patch
+net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch