--- /dev/null
+From 8aa36a8dcde3183d84db7b0d622ffddcebb61077 Mon Sep 17 00:00:00 2001
+From: Ulf Magnusson <ulfalizer@gmail.com>
+Date: Mon, 5 Feb 2018 02:21:13 +0100
+Subject: ARM: mvebu: Fix broken PL310_ERRATA_753970 selects
+
+From: Ulf Magnusson <ulfalizer@gmail.com>
+
+commit 8aa36a8dcde3183d84db7b0d622ffddcebb61077 upstream.
+
+The MACH_ARMADA_375 and MACH_ARMADA_38X boards select ARM_ERRATA_753970,
+but it was renamed to PL310_ERRATA_753970 by commit fa0ce4035d48 ("ARM:
+7162/1: errata: tidy up Kconfig options for PL310 errata workarounds").
+
+Fix the selects to use the new name.
+
+Discovered with the
+https://github.com/ulfalizer/Kconfiglib/blob/master/examples/list_undefined.py
+script.
+Fixes: fa0ce4035d48 ("ARM: 7162/1: errata: tidy up Kconfig options for
+PL310 errata workarounds"
+cc: stable@vger.kernel.org
+Signed-off-by: Ulf Magnusson <ulfalizer@gmail.com>
+Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/mach-mvebu/Kconfig | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/arm/mach-mvebu/Kconfig
++++ b/arch/arm/mach-mvebu/Kconfig
+@@ -37,7 +37,7 @@ config MACH_ARMADA_370
+ config MACH_ARMADA_375
+ bool "Marvell Armada 375 boards" if ARCH_MULTI_V7
+ select ARM_ERRATA_720789
+- select ARM_ERRATA_753970
++ select PL310_ERRATA_753970
+ select ARM_GIC
+ select ARMADA_375_CLK
+ select HAVE_ARM_SCU
+@@ -52,7 +52,7 @@ config MACH_ARMADA_375
+ config MACH_ARMADA_38X
+ bool "Marvell Armada 380/385 boards" if ARCH_MULTI_V7
+ select ARM_ERRATA_720789
+- select ARM_ERRATA_753970
++ select PL310_ERRATA_753970
+ select ARM_GIC
+ select ARMADA_38X_CLK
+ select HAVE_ARM_SCU
--- /dev/null
+From 95e057e25892eaa48cad1e2d637b80d0f1a4fac5 Mon Sep 17 00:00:00 2001
+From: Wanpeng Li <wanpengli@tencent.com>
+Date: Thu, 8 Feb 2018 15:32:45 +0800
+Subject: KVM: X86: Fix SMRAM accessing even if VM is shutdown
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Wanpeng Li <wanpengli@tencent.com>
+
+commit 95e057e25892eaa48cad1e2d637b80d0f1a4fac5 upstream.
+
+Reported by syzkaller:
+
+ WARNING: CPU: 6 PID: 2434 at arch/x86/kvm/vmx.c:6660 handle_ept_misconfig+0x54/0x1e0 [kvm_intel]
+ CPU: 6 PID: 2434 Comm: repro_test Not tainted 4.15.0+ #4
+ RIP: 0010:handle_ept_misconfig+0x54/0x1e0 [kvm_intel]
+ Call Trace:
+ vmx_handle_exit+0xbd/0xe20 [kvm_intel]
+ kvm_arch_vcpu_ioctl_run+0xdaf/0x1d50 [kvm]
+ kvm_vcpu_ioctl+0x3e9/0x720 [kvm]
+ do_vfs_ioctl+0xa4/0x6a0
+ SyS_ioctl+0x79/0x90
+ entry_SYSCALL_64_fastpath+0x25/0x9c
+
+The testcase creates a first thread to issue KVM_SMI ioctl, and then creates
+a second thread to mmap and operate on the same vCPU. This triggers a race
+condition when running the testcase with multiple threads. Sometimes one thread
+exits with a triple fault while another thread mmaps and operates on the same
+vCPU. Because CS=0x3000/IP=0x8000 is not mapped, accessing the SMI handler
+results in an EPT misconfig. This patch fixes it by returning RET_PF_EMULATE
+in kvm_handle_bad_page(), which will go on to cause an emulation failure and an
+exit with KVM_EXIT_INTERNAL_ERROR.
+
+Reported-by: syzbot+c1d9517cab094dae65e446c0c5b4de6c40f4dc58@syzkaller.appspotmail.com
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Radim Krčmář <rkrcmar@redhat.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/mmu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -2698,7 +2698,7 @@ static int kvm_handle_bad_page(struct kv
+ return 0;
+ }
+
+- return -EFAULT;
++ return RET_PF_EMULATE;
+ }
+
+ static void transparent_hugepage_adjust(struct kvm_vcpu *vcpu,
projects / thirdparty / kernel / stable-queue.git / commitdiff
