--- /dev/null
+From fcf044891c84e38fc90eb736b818781bccf94e38 Mon Sep 17 00:00:00 2001
+From: Florian Fainelli <f.fainelli@gmail.com>
+Date: Thu, 18 Mar 2021 21:03:33 -0700
+Subject: ARM: Qualify enabling of swiotlb_init()
+
+From: Florian Fainelli <f.fainelli@gmail.com>
+
+commit fcf044891c84e38fc90eb736b818781bccf94e38 upstream.
+
+We do not need a SWIOTLB unless we have DRAM that is addressable beyond
+the arm_dma_limit. Compare max_pfn with arm_dma_pfn_limit to determine
+whether we do need a SWIOTLB to be initialized.
+
+Fixes: ad3c7b18c5b3 ("arm: use swiotlb for bounce buffering on LPAE configs")
+Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm/mm/init.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/arch/arm/mm/init.c
++++ b/arch/arm/mm/init.c
+@@ -469,7 +469,11 @@ static void __init free_highpages(void)
+ void __init mem_init(void)
+ {
+ #ifdef CONFIG_ARM_LPAE
+- swiotlb_init(1);
++ if (swiotlb_force == SWIOTLB_FORCE ||
++ max_pfn > arm_dma_pfn_limit)
++ swiotlb_init(1);
++ else
++ swiotlb_force = SWIOTLB_NO_FORCE;
+ #endif
+
+ set_max_mapnr(pfn_to_page(max_pfn) - mem_map);
--- /dev/null
+From 3a2b2eb55681158d3e3ef464fbf47574cf0c517c Mon Sep 17 00:00:00 2001
+From: nick black <dankamongmen@gmail.com>
+Date: Mon, 30 Aug 2021 04:56:15 -0400
+Subject: console: consume APC, DM, DCS
+
+From: nick black <dankamongmen@gmail.com>
+
+commit 3a2b2eb55681158d3e3ef464fbf47574cf0c517c upstream.
+
+The Linux console's VT102 implementation already consumes OSC
+("Operating System Command") sequences, probably because that's how
+palette changes are transmitted.
+
+In addition to OSC, there are three other major clases of ANSI control
+strings: APC ("Application Program Command"), PM ("Privacy Message"),
+and DCS ("Device Control String"). They are handled similarly to OSC in
+terms of termination.
+
+Source: vt100.net
+
+Add three new enumerated states, one for each of these types. All three
+are handled the same way right now--they simply consume input until
+terminated. I hope to expand upon this firmament in the future. Add
+new predicate ansi_control_string(), returning true for any of these
+states. Replace explicit checks against ESosc with calls to this
+function. Transition to these states appropriately from the escape
+initiation (ESesc) state.
+
+This was motivated by the following Notcurses bugs:
+
+ https://github.com/dankamongmen/notcurses/issues/2050
+ https://github.com/dankamongmen/notcurses/issues/1828
+ https://github.com/dankamongmen/notcurses/issues/2069
+
+where standard VT sequences are not consumed by the Linux console. It's
+not necessary that the Linux console *support* these sequences, but it
+ought *consume* these well-specified classes of sequences.
+
+Tested by sending a variety of escape sequences to the console, and
+verifying that they still worked, or were now properly consumed.
+Verified that the escapes were properly terminated at a generic level.
+Verified that the Notcurses tools continued to show expected output on
+the Linux console, except now without escape bleedthrough.
+
+Link: https://lore.kernel.org/lkml/YSydL0q8iaUfkphg@schwarzgerat.orthanc/
+Signed-off-by: nick black <dankamongmen@gmail.com>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Jiri Slaby <jirislaby@kernel.org>
+Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
+Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/tty/vt/vt.c | 31 +++++++++++++++++++++++++++----
+ 1 file changed, 27 insertions(+), 4 deletions(-)
+
+--- a/drivers/tty/vt/vt.c
++++ b/drivers/tty/vt/vt.c
+@@ -2070,7 +2070,7 @@ static void restore_cur(struct vc_data *
+
+ enum { ESnormal, ESesc, ESsquare, ESgetpars, ESfunckey,
+ EShash, ESsetG0, ESsetG1, ESpercent, EScsiignore, ESnonstd,
+- ESpalette, ESosc };
++ ESpalette, ESosc, ESapc, ESpm, ESdcs };
+
+ /* console_lock is held (except via vc_init()) */
+ static void reset_terminal(struct vc_data *vc, int do_clear)
+@@ -2124,20 +2124,28 @@ static void reset_terminal(struct vc_dat
+ csi_J(vc, 2);
+ }
+
++/* is this state an ANSI control string? */
++static bool ansi_control_string(unsigned int state)
++{
++ if (state == ESosc || state == ESapc || state == ESpm || state == ESdcs)
++ return true;
++ return false;
++}
++
+ /* console_lock is held */
+ static void do_con_trol(struct tty_struct *tty, struct vc_data *vc, int c)
+ {
+ /*
+ * Control characters can be used in the _middle_
+- * of an escape sequence.
++ * of an escape sequence, aside from ANSI control strings.
+ */
+- if (vc->vc_state == ESosc && c>=8 && c<=13) /* ... except for OSC */
++ if (ansi_control_string(vc->vc_state) && c >= 8 && c <= 13)
+ return;
+ switch (c) {
+ case 0:
+ return;
+ case 7:
+- if (vc->vc_state == ESosc)
++ if (ansi_control_string(vc->vc_state))
+ vc->vc_state = ESnormal;
+ else if (vc->vc_bell_duration)
+ kd_mksound(vc->vc_bell_pitch, vc->vc_bell_duration);
+@@ -2196,6 +2204,12 @@ static void do_con_trol(struct tty_struc
+ case ']':
+ vc->vc_state = ESnonstd;
+ return;
++ case '_':
++ vc->vc_state = ESapc;
++ return;
++ case '^':
++ vc->vc_state = ESpm;
++ return;
+ case '%':
+ vc->vc_state = ESpercent;
+ return;
+@@ -2212,6 +2226,9 @@ static void do_con_trol(struct tty_struc
+ case 'H':
+ vc->vc_tab_stop[7 & (vc->vc_x >> 5)] |= (1 << (vc->vc_x & 31));
+ return;
++ case 'P':
++ vc->vc_state = ESdcs;
++ return;
+ case 'Z':
+ respond_ID(tty);
+ return;
+@@ -2531,8 +2548,14 @@ static void do_con_trol(struct tty_struc
+ vc->vc_translate = set_translate(vc->vc_G1_charset, vc);
+ vc->vc_state = ESnormal;
+ return;
++ case ESapc:
++ return;
+ case ESosc:
+ return;
++ case ESpm:
++ return;
++ case ESdcs:
++ return;
+ default:
+ vc->vc_state = ESnormal;
+ }
--- /dev/null
+From 8750e72a79dda2f665ce17b62049f4d62130d991 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>
+Date: Thu, 7 Nov 2019 07:53:42 -0500
+Subject: KVM: remember position in kvm->vcpus array
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Radim Krčmář <rkrcmar@redhat.com>
+
+commit 8750e72a79dda2f665ce17b62049f4d62130d991 upstream.
+
+Fetching an index for any vcpu in kvm->vcpus array by traversing
+the entire array everytime is costly.
+This patch remembers the position of each vcpu in kvm->vcpus array
+by storing it in vcpus_idx under kvm_vcpu structure.
+
+Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
+Signed-off-by: Nitesh Narayan Lal <nitesh@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+[borntraeger@de.ibm.com]: backport to 4.19 (also fits for 5.4)
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Acked-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/kvm_host.h | 11 +++--------
+ virt/kvm/kvm_main.c | 5 +++--
+ 2 files changed, 6 insertions(+), 10 deletions(-)
+
+--- a/include/linux/kvm_host.h
++++ b/include/linux/kvm_host.h
+@@ -266,7 +266,8 @@ struct kvm_vcpu {
+ struct preempt_notifier preempt_notifier;
+ #endif
+ int cpu;
+- int vcpu_id;
++ int vcpu_id; /* id given by userspace at creation */
++ int vcpu_idx; /* index in kvm->vcpus array */
+ int srcu_idx;
+ int mode;
+ u64 requests;
+@@ -571,13 +572,7 @@ static inline struct kvm_vcpu *kvm_get_v
+
+ static inline int kvm_vcpu_get_idx(struct kvm_vcpu *vcpu)
+ {
+- struct kvm_vcpu *tmp;
+- int idx;
+-
+- kvm_for_each_vcpu(idx, tmp, vcpu->kvm)
+- if (tmp == vcpu)
+- return idx;
+- BUG();
++ return vcpu->vcpu_idx;
+ }
+
+ #define kvm_for_each_memslot(memslot, slots) \
+--- a/virt/kvm/kvm_main.c
++++ b/virt/kvm/kvm_main.c
+@@ -2864,7 +2864,8 @@ static int kvm_vm_ioctl_create_vcpu(stru
+ goto unlock_vcpu_destroy;
+ }
+
+- BUG_ON(kvm->vcpus[atomic_read(&kvm->online_vcpus)]);
++ vcpu->vcpu_idx = atomic_read(&kvm->online_vcpus);
++ BUG_ON(kvm->vcpus[vcpu->vcpu_idx]);
+
+ /* Now it's all set up, let userspace reach it */
+ kvm_get_kvm(kvm);
+@@ -2874,7 +2875,7 @@ static int kvm_vm_ioctl_create_vcpu(stru
+ goto unlock_vcpu_destroy;
+ }
+
+- kvm->vcpus[atomic_read(&kvm->online_vcpus)] = vcpu;
++ kvm->vcpus[vcpu->vcpu_idx] = vcpu;
+
+ /*
+ * Pairs with smp_rmb() in kvm_get_vcpu. Write kvm->vcpus
--- /dev/null
+From a8b92b8c1eac8d655a97b1e90f4d83c25d9b9a18 Mon Sep 17 00:00:00 2001
+From: David Hildenbrand <david@redhat.com>
+Date: Thu, 9 Sep 2021 16:59:42 +0200
+Subject: s390/pci_mmio: fully validate the VMA before calling follow_pte()
+
+From: David Hildenbrand <david@redhat.com>
+
+commit a8b92b8c1eac8d655a97b1e90f4d83c25d9b9a18 upstream.
+
+We should not walk/touch page tables outside of VMA boundaries when
+holding only the mmap sem in read mode. Evil user space can modify the
+VMA layout just before this function runs and e.g., trigger races with
+page table removal code since commit dd2283f2605e ("mm: mmap: zap pages
+with read mmap_sem in munmap").
+
+find_vma() does not check if the address is >= the VMA start address;
+use vma_lookup() instead.
+
+Reviewed-by: Niklas Schnelle <schnelle@linux.ibm.com>
+Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com>
+Fixes: dd2283f2605e ("mm: mmap: zap pages with read mmap_sem in munmap")
+Signed-off-by: David Hildenbrand <david@redhat.com>
+Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/s390/pci/pci_mmio.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/s390/pci/pci_mmio.c
++++ b/arch/s390/pci/pci_mmio.c
+@@ -128,7 +128,7 @@ static long get_pfn(unsigned long user_a
+ down_read(¤t->mm->mmap_sem);
+ ret = -EINVAL;
+ vma = find_vma(current->mm, user_addr);
+- if (!vma)
++ if (!vma || user_addr < vma->vm_start)
+ goto out;
+ ret = -EACCES;
+ if (!(vma->vm_flags & access))
pci-pci-bridge-emul-add-pcie-root-capabilities-register.patch
pci-aardvark-fix-reporting-crs-value.patch
pci-acpi-add-ampere-altra-soc-mcfg-quirk.patch
+kvm-remember-position-in-kvm-vcpus-array.patch
+console-consume-apc-dm-dcs.patch
+s390-pci_mmio-fully-validate-the-vma-before-calling-follow_pte.patch
+arm-qualify-enabling-of-swiotlb_init.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
