From: Greg Kroah-Hartman Date: Mon, 13 Jul 2020 16:17:38 +0000 (+0200) Subject: 5.7-stable patches X-Git-Tag: v5.7.9~25 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=000f7158bfbb8519c242134135ce923ffc2906bb;p=thirdparty%2Fkernel%2Fstable-queue.git 5.7-stable patches added patches: alsa-hda-realtek-enable-audio-jacks-of-acer-vcopperbox-with-alc269vc.patch alsa-hda-realtek-enable-headset-mic-of-acer-c20-820-with-alc269vc.patch alsa-hda-realtek-enable-headset-mic-of-acer-veriton-n4660g-with-alc269vc.patch kvm-arm64-annotate-hyp-nmi-related-functions-as-__always_inline.patch kvm-arm64-fix-definition-of-page_hyp_device.patch kvm-arm64-stop-clobbering-x0-for-hvc_soft_restart.patch kvm-x86-bit-8-of-non-leaf-pdpes-is-not-reserved.patch kvm-x86-inject-gp-if-guest-attempts-to-toggle-cr4.la57-in-64-bit-mode.patch kvm-x86-mark-cr4.tsd-as-being-possibly-owned-by-the-guest.patch --- diff --git a/queue-5.7/alsa-hda-realtek-enable-audio-jacks-of-acer-vcopperbox-with-alc269vc.patch b/queue-5.7/alsa-hda-realtek-enable-audio-jacks-of-acer-vcopperbox-with-alc269vc.patch new file mode 100644 index 00000000000..a23e55113c9 --- /dev/null +++ b/queue-5.7/alsa-hda-realtek-enable-audio-jacks-of-acer-vcopperbox-with-alc269vc.patch @@ -0,0 +1,60 @@ +From 8eae7e9b3967f08efaa4d70403aec513cbe45ad0 Mon Sep 17 00:00:00 2001 +From: Jian-Hong Pan +Date: Mon, 6 Jul 2020 15:18:25 +0800 +Subject: ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC + +From: Jian-Hong Pan + +commit 8eae7e9b3967f08efaa4d70403aec513cbe45ad0 upstream. + +The Acer desktop vCopperbox with ALC269VC cannot detect the MIC of +headset, the line out and internal speaker until +ALC269VC_FIXUP_ACER_VCOPPERBOX_PINS quirk applied. + +Signed-off-by: Jian-Hong Pan +Signed-off-by: Chris Chiu +Cc: +Link: https://lore.kernel.org/r/20200706071826.39726-1-jian-hong@endlessm.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -6114,6 +6114,7 @@ enum { + ALC236_FIXUP_HP_MUTE_LED, + ALC298_FIXUP_SAMSUNG_HEADPHONE_VERY_QUIET, + ALC295_FIXUP_ASUS_MIC_NO_PRESENCE, ++ ALC269VC_FIXUP_ACER_VCOPPERBOX_PINS, + }; + + static const struct hda_fixup alc269_fixups[] = { +@@ -7292,6 +7293,17 @@ static const struct hda_fixup alc269_fix + .chained = true, + .chain_id = ALC269_FIXUP_HEADSET_MODE + }, ++ [ALC269VC_FIXUP_ACER_VCOPPERBOX_PINS] = { ++ .type = HDA_FIXUP_PINS, ++ .v.pins = (const struct hda_pintbl[]) { ++ { 0x14, 0x90100120 }, /* use as internal speaker */ ++ { 0x18, 0x02a111f0 }, /* use as headset mic, without its own jack detect */ ++ { 0x1a, 0x01011020 }, /* use as line out */ ++ { }, ++ }, ++ .chained = true, ++ .chain_id = ALC269_FIXUP_HEADSET_MIC ++ }, + }; + + static const struct snd_pci_quirk alc269_fixup_tbl[] = { +@@ -7311,6 +7323,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x1025, 0x1099, "Acer Aspire E5-523G", ALC255_FIXUP_ACER_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1025, 0x110e, "Acer Aspire ES1-432", ALC255_FIXUP_ACER_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1025, 0x1246, "Acer Predator Helios 500", ALC299_FIXUP_PREDATOR_SPK), ++ SND_PCI_QUIRK(0x1025, 0x1247, "Acer vCopperbox", ALC269VC_FIXUP_ACER_VCOPPERBOX_PINS), + SND_PCI_QUIRK(0x1025, 0x128f, "Acer Veriton Z6860G", ALC286_FIXUP_ACER_AIO_HEADSET_MIC), + SND_PCI_QUIRK(0x1025, 0x1290, "Acer Veriton Z4860G", ALC286_FIXUP_ACER_AIO_HEADSET_MIC), + SND_PCI_QUIRK(0x1025, 0x1291, "Acer Veriton Z4660G", ALC286_FIXUP_ACER_AIO_HEADSET_MIC), diff --git a/queue-5.7/alsa-hda-realtek-enable-headset-mic-of-acer-c20-820-with-alc269vc.patch b/queue-5.7/alsa-hda-realtek-enable-headset-mic-of-acer-c20-820-with-alc269vc.patch new file mode 100644 index 00000000000..9f6851cbb6d --- /dev/null +++ b/queue-5.7/alsa-hda-realtek-enable-headset-mic-of-acer-c20-820-with-alc269vc.patch @@ -0,0 +1,58 @@ +From 6e15d1261d522d1d222f8f89b23c6966905e9049 Mon Sep 17 00:00:00 2001 +From: Jian-Hong Pan +Date: Mon, 6 Jul 2020 15:18:27 +0800 +Subject: ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC + +From: Jian-Hong Pan + +commit 6e15d1261d522d1d222f8f89b23c6966905e9049 upstream. + +The Acer Aspire C20-820 AIO's audio (1025:1065) with ALC269VC can't +detect the headset microphone until ALC269VC_FIXUP_ACER_HEADSET_MIC +quirk maps the NID 0x18 as the headset mic pin. + +Signed-off-by: Jian-Hong Pan +Signed-off-by: Daniel Drake +Cc: +Link: https://lore.kernel.org/r/20200706071826.39726-2-jian-hong@endlessm.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -6115,6 +6115,7 @@ enum { + ALC298_FIXUP_SAMSUNG_HEADPHONE_VERY_QUIET, + ALC295_FIXUP_ASUS_MIC_NO_PRESENCE, + ALC269VC_FIXUP_ACER_VCOPPERBOX_PINS, ++ ALC269VC_FIXUP_ACER_HEADSET_MIC, + }; + + static const struct hda_fixup alc269_fixups[] = { +@@ -7304,6 +7305,15 @@ static const struct hda_fixup alc269_fix + .chained = true, + .chain_id = ALC269_FIXUP_HEADSET_MIC + }, ++ [ALC269VC_FIXUP_ACER_HEADSET_MIC] = { ++ .type = HDA_FIXUP_PINS, ++ .v.pins = (const struct hda_pintbl[]) { ++ { 0x18, 0x02a11030 }, /* use as headset mic */ ++ { } ++ }, ++ .chained = true, ++ .chain_id = ALC269_FIXUP_HEADSET_MIC ++ }, + }; + + static const struct snd_pci_quirk alc269_fixup_tbl[] = { +@@ -7319,6 +7329,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x1025, 0x0775, "Acer Aspire E1-572", ALC271_FIXUP_HP_GATE_MIC_JACK_E1_572), + SND_PCI_QUIRK(0x1025, 0x079b, "Acer Aspire V5-573G", ALC282_FIXUP_ASPIRE_V5_PINS), + SND_PCI_QUIRK(0x1025, 0x102b, "Acer Aspire C24-860", ALC286_FIXUP_ACER_AIO_MIC_NO_PRESENCE), ++ SND_PCI_QUIRK(0x1025, 0x1065, "Acer Aspire C20-820", ALC269VC_FIXUP_ACER_HEADSET_MIC), + SND_PCI_QUIRK(0x1025, 0x106d, "Acer Cloudbook 14", ALC283_FIXUP_CHROME_BOOK), + SND_PCI_QUIRK(0x1025, 0x1099, "Acer Aspire E5-523G", ALC255_FIXUP_ACER_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1025, 0x110e, "Acer Aspire ES1-432", ALC255_FIXUP_ACER_MIC_NO_PRESENCE), diff --git a/queue-5.7/alsa-hda-realtek-enable-headset-mic-of-acer-veriton-n4660g-with-alc269vc.patch b/queue-5.7/alsa-hda-realtek-enable-headset-mic-of-acer-veriton-n4660g-with-alc269vc.patch new file mode 100644 index 00000000000..cf8c7716918 --- /dev/null +++ b/queue-5.7/alsa-hda-realtek-enable-headset-mic-of-acer-veriton-n4660g-with-alc269vc.patch @@ -0,0 +1,57 @@ +From 781c90c034d994c6a4e2badf189128a95ed864c2 Mon Sep 17 00:00:00 2001 +From: Jian-Hong Pan +Date: Mon, 6 Jul 2020 15:18:29 +0800 +Subject: ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC + +From: Jian-Hong Pan + +commit 781c90c034d994c6a4e2badf189128a95ed864c2 upstream. + +The Acer Veriton N4660G desktop's audio (1025:1248) with ALC269VC cannot +detect the headset microphone until ALC269VC_FIXUP_ACER_MIC_NO_PRESENCE +quirk maps the NID 0x18 as the headset mic pin. + +Signed-off-by: Jian-Hong Pan +Cc: +Link: https://lore.kernel.org/r/20200706071826.39726-3-jian-hong@endlessm.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -6116,6 +6116,7 @@ enum { + ALC295_FIXUP_ASUS_MIC_NO_PRESENCE, + ALC269VC_FIXUP_ACER_VCOPPERBOX_PINS, + ALC269VC_FIXUP_ACER_HEADSET_MIC, ++ ALC269VC_FIXUP_ACER_MIC_NO_PRESENCE, + }; + + static const struct hda_fixup alc269_fixups[] = { +@@ -7314,6 +7315,15 @@ static const struct hda_fixup alc269_fix + .chained = true, + .chain_id = ALC269_FIXUP_HEADSET_MIC + }, ++ [ALC269VC_FIXUP_ACER_MIC_NO_PRESENCE] = { ++ .type = HDA_FIXUP_PINS, ++ .v.pins = (const struct hda_pintbl[]) { ++ { 0x18, 0x01a11130 }, /* use as headset mic, without its own jack detect */ ++ { } ++ }, ++ .chained = true, ++ .chain_id = ALC269_FIXUP_HEADSET_MIC ++ }, + }; + + static const struct snd_pci_quirk alc269_fixup_tbl[] = { +@@ -7335,6 +7345,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x1025, 0x110e, "Acer Aspire ES1-432", ALC255_FIXUP_ACER_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1025, 0x1246, "Acer Predator Helios 500", ALC299_FIXUP_PREDATOR_SPK), + SND_PCI_QUIRK(0x1025, 0x1247, "Acer vCopperbox", ALC269VC_FIXUP_ACER_VCOPPERBOX_PINS), ++ SND_PCI_QUIRK(0x1025, 0x1248, "Acer Veriton N4660G", ALC269VC_FIXUP_ACER_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1025, 0x128f, "Acer Veriton Z6860G", ALC286_FIXUP_ACER_AIO_HEADSET_MIC), + SND_PCI_QUIRK(0x1025, 0x1290, "Acer Veriton Z4860G", ALC286_FIXUP_ACER_AIO_HEADSET_MIC), + SND_PCI_QUIRK(0x1025, 0x1291, "Acer Veriton Z4660G", ALC286_FIXUP_ACER_AIO_HEADSET_MIC), diff --git a/queue-5.7/kvm-arm64-annotate-hyp-nmi-related-functions-as-__always_inline.patch b/queue-5.7/kvm-arm64-annotate-hyp-nmi-related-functions-as-__always_inline.patch new file mode 100644 index 00000000000..218c969cc2a --- /dev/null +++ b/queue-5.7/kvm-arm64-annotate-hyp-nmi-related-functions-as-__always_inline.patch @@ -0,0 +1,77 @@ +From 7733306bd593c737c63110175da6c35b4b8bb32c Mon Sep 17 00:00:00 2001 +From: Alexandru Elisei +Date: Thu, 18 Jun 2020 18:12:54 +0100 +Subject: KVM: arm64: Annotate hyp NMI-related functions as __always_inline + +From: Alexandru Elisei + +commit 7733306bd593c737c63110175da6c35b4b8bb32c upstream. + +The "inline" keyword is a hint for the compiler to inline a function. The +functions system_uses_irq_prio_masking() and gic_write_pmr() are used by +the code running at EL2 on a non-VHE system, so mark them as +__always_inline to make sure they'll always be part of the .hyp.text +section. + +This fixes the following splat when trying to run a VM: + +[ 47.625273] Kernel panic - not syncing: HYP panic: +[ 47.625273] PS:a00003c9 PC:0000ca0b42049fc4 ESR:86000006 +[ 47.625273] FAR:0000ca0b42049fc4 HPFAR:0000000010001000 PAR:0000000000000000 +[ 47.625273] VCPU:0000000000000000 +[ 47.647261] CPU: 1 PID: 217 Comm: kvm-vcpu-0 Not tainted 5.8.0-rc1-ARCH+ #61 +[ 47.654508] Hardware name: Globalscale Marvell ESPRESSOBin Board (DT) +[ 47.661139] Call trace: +[ 47.663659] dump_backtrace+0x0/0x1cc +[ 47.667413] show_stack+0x18/0x24 +[ 47.670822] dump_stack+0xb8/0x108 +[ 47.674312] panic+0x124/0x2f4 +[ 47.677446] panic+0x0/0x2f4 +[ 47.680407] SMP: stopping secondary CPUs +[ 47.684439] Kernel Offset: disabled +[ 47.688018] CPU features: 0x240402,20002008 +[ 47.692318] Memory Limit: none +[ 47.695465] ---[ end Kernel panic - not syncing: HYP panic: +[ 47.695465] PS:a00003c9 PC:0000ca0b42049fc4 ESR:86000006 +[ 47.695465] FAR:0000ca0b42049fc4 HPFAR:0000000010001000 PAR:0000000000000000 +[ 47.695465] VCPU:0000000000000000 ]--- + +The instruction abort was caused by the code running at EL2 trying to fetch +an instruction which wasn't mapped in the EL2 translation tables. Using +objdump showed the two functions as separate symbols in the .text section. + +Fixes: 85738e05dc38 ("arm64: kvm: Unmask PMR before entering guest") +Cc: stable@vger.kernel.org +Signed-off-by: Alexandru Elisei +Signed-off-by: Marc Zyngier +Acked-by: James Morse +Link: https://lore.kernel.org/r/20200618171254.1596055-1-alexandru.elisei@arm.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/include/asm/arch_gicv3.h | 2 +- + arch/arm64/include/asm/cpufeature.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm64/include/asm/arch_gicv3.h ++++ b/arch/arm64/include/asm/arch_gicv3.h +@@ -109,7 +109,7 @@ static inline u32 gic_read_pmr(void) + return read_sysreg_s(SYS_ICC_PMR_EL1); + } + +-static inline void gic_write_pmr(u32 val) ++static __always_inline void gic_write_pmr(u32 val) + { + write_sysreg_s(val, SYS_ICC_PMR_EL1); + } +--- a/arch/arm64/include/asm/cpufeature.h ++++ b/arch/arm64/include/asm/cpufeature.h +@@ -668,7 +668,7 @@ static inline bool system_supports_gener + cpus_have_const_cap(ARM64_HAS_GENERIC_AUTH); + } + +-static inline bool system_uses_irq_prio_masking(void) ++static __always_inline bool system_uses_irq_prio_masking(void) + { + return IS_ENABLED(CONFIG_ARM64_PSEUDO_NMI) && + cpus_have_const_cap(ARM64_HAS_IRQ_PRIO_MASKING); diff --git a/queue-5.7/kvm-arm64-fix-definition-of-page_hyp_device.patch b/queue-5.7/kvm-arm64-fix-definition-of-page_hyp_device.patch new file mode 100644 index 00000000000..421788ced51 --- /dev/null +++ b/queue-5.7/kvm-arm64-fix-definition-of-page_hyp_device.patch @@ -0,0 +1,41 @@ +From 68cf617309b5f6f3a651165f49f20af1494753ae Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Wed, 8 Jul 2020 17:25:46 +0100 +Subject: KVM: arm64: Fix definition of PAGE_HYP_DEVICE + +From: Will Deacon + +commit 68cf617309b5f6f3a651165f49f20af1494753ae upstream. + +PAGE_HYP_DEVICE is intended to encode attribute bits for an EL2 stage-1 +pte mapping a device. Unfortunately, it includes PROT_DEVICE_nGnRE which +encodes attributes for EL1 stage-1 mappings such as UXN and nG, which are +RES0 for EL2, and DBM which is meaningless as TCR_EL2.HD is not set. + +Fix the definition of PAGE_HYP_DEVICE so that it doesn't set RES0 bits +at EL2. + +Acked-by: Marc Zyngier +Cc: Marc Zyngier +Cc: Catalin Marinas +Cc: James Morse +Cc: +Link: https://lore.kernel.org/r/20200708162546.26176-1-will@kernel.org +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/include/asm/pgtable-prot.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm64/include/asm/pgtable-prot.h ++++ b/arch/arm64/include/asm/pgtable-prot.h +@@ -56,7 +56,7 @@ extern bool arm64_use_ng_mappings; + #define PAGE_HYP __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN) + #define PAGE_HYP_EXEC __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY) + #define PAGE_HYP_RO __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN) +-#define PAGE_HYP_DEVICE __pgprot(PROT_DEVICE_nGnRE | PTE_HYP) ++#define PAGE_HYP_DEVICE __pgprot(_PROT_DEFAULT | PTE_ATTRINDX(MT_DEVICE_nGnRE) | PTE_HYP | PTE_HYP_XN) + + #define PAGE_S2_MEMATTR(attr) \ + ({ \ diff --git a/queue-5.7/kvm-arm64-stop-clobbering-x0-for-hvc_soft_restart.patch b/queue-5.7/kvm-arm64-stop-clobbering-x0-for-hvc_soft_restart.patch new file mode 100644 index 00000000000..cbc8911c93b --- /dev/null +++ b/queue-5.7/kvm-arm64-stop-clobbering-x0-for-hvc_soft_restart.patch @@ -0,0 +1,53 @@ +From b9e10d4a6c9f5cbe6369ce2c17ebc67d2e5a4be5 Mon Sep 17 00:00:00 2001 +From: Andrew Scull +Date: Mon, 6 Jul 2020 10:52:59 +0100 +Subject: KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART + +From: Andrew Scull + +commit b9e10d4a6c9f5cbe6369ce2c17ebc67d2e5a4be5 upstream. + +HVC_SOFT_RESTART is given values for x0-2 that it should installed +before exiting to the new address so should not set x0 to stub HVC +success or failure code. + +Fixes: af42f20480bf1 ("arm64: hyp-stub: Zero x0 on successful stub handling") +Cc: stable@vger.kernel.org +Signed-off-by: Andrew Scull +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20200706095259.1338221-1-ascull@google.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kvm/hyp-init.S | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +--- a/arch/arm64/kvm/hyp-init.S ++++ b/arch/arm64/kvm/hyp-init.S +@@ -136,11 +136,15 @@ SYM_CODE_START(__kvm_handle_stub_hvc) + + 1: cmp x0, #HVC_RESET_VECTORS + b.ne 1f +-reset: ++ + /* +- * Reset kvm back to the hyp stub. Do not clobber x0-x4 in +- * case we coming via HVC_SOFT_RESTART. ++ * Set the HVC_RESET_VECTORS return code before entering the common ++ * path so that we do not clobber x0-x2 in case we are coming via ++ * HVC_SOFT_RESTART. + */ ++ mov x0, xzr ++reset: ++ /* Reset kvm back to the hyp stub. */ + mrs x5, sctlr_el2 + mov_q x6, SCTLR_ELx_FLAGS + bic x5, x5, x6 // Clear SCTL_M and etc +@@ -151,7 +155,6 @@ reset: + /* Install stub vectors */ + adr_l x5, __hyp_stub_vectors + msr vbar_el2, x5 +- mov x0, xzr + eret + + 1: /* Bad stub call */ diff --git a/queue-5.7/kvm-x86-bit-8-of-non-leaf-pdpes-is-not-reserved.patch b/queue-5.7/kvm-x86-bit-8-of-non-leaf-pdpes-is-not-reserved.patch new file mode 100644 index 00000000000..1ca73708228 --- /dev/null +++ b/queue-5.7/kvm-x86-bit-8-of-non-leaf-pdpes-is-not-reserved.patch @@ -0,0 +1,37 @@ +From 5ecad245de2ae23dc4e2dbece92f8ccfbaed2fa7 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Tue, 30 Jun 2020 07:07:20 -0400 +Subject: KVM: x86: bit 8 of non-leaf PDPEs is not reserved + +From: Paolo Bonzini + +commit 5ecad245de2ae23dc4e2dbece92f8ccfbaed2fa7 upstream. + +Bit 8 would be the "global" bit, which does not quite make sense for non-leaf +page table entries. Intel ignores it; AMD ignores it in PDEs and PDPEs, but +reserves it in PML4Es. + +Probably, earlier versions of the AMD manual documented it as reserved in PDPEs +as well, and that behavior made it into KVM as well as kvm-unit-tests; fix it. + +Cc: stable@vger.kernel.org +Reported-by: Nadav Amit +Fixes: a0c0feb57992 ("KVM: x86: reserve bit 8 of non-leaf PDPEs and PML4Es in 64-bit mode on AMD", 2014-09-03) +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/mmu/mmu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/kvm/mmu/mmu.c ++++ b/arch/x86/kvm/mmu/mmu.c +@@ -4484,7 +4484,7 @@ __reset_rsvds_bits_mask(struct kvm_vcpu + nonleaf_bit8_rsvd | rsvd_bits(7, 7) | + rsvd_bits(maxphyaddr, 51); + rsvd_check->rsvd_bits_mask[0][2] = exb_bit_rsvd | +- nonleaf_bit8_rsvd | gbpages_bit_rsvd | ++ gbpages_bit_rsvd | + rsvd_bits(maxphyaddr, 51); + rsvd_check->rsvd_bits_mask[0][1] = exb_bit_rsvd | + rsvd_bits(maxphyaddr, 51); diff --git a/queue-5.7/kvm-x86-inject-gp-if-guest-attempts-to-toggle-cr4.la57-in-64-bit-mode.patch b/queue-5.7/kvm-x86-inject-gp-if-guest-attempts-to-toggle-cr4.la57-in-64-bit-mode.patch new file mode 100644 index 00000000000..e5496c6c30a --- /dev/null +++ b/queue-5.7/kvm-x86-inject-gp-if-guest-attempts-to-toggle-cr4.la57-in-64-bit-mode.patch @@ -0,0 +1,44 @@ +From d74fcfc1f0ff4b6c26ecef1f9e48d8089ab4eaac Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Thu, 2 Jul 2020 19:17:14 -0700 +Subject: KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode + +From: Sean Christopherson + +commit d74fcfc1f0ff4b6c26ecef1f9e48d8089ab4eaac upstream. + +Inject a #GP on MOV CR4 if CR4.LA57 is toggled in 64-bit mode, which is +illegal per Intel's SDM: + + CR4.LA57 + 57-bit linear addresses (bit 12 of CR4) ... blah blah blah ... + This bit cannot be modified in IA-32e mode. + +Note, the pseudocode for MOV CR doesn't call out the fault condition, +which is likely why the check was missed during initial development. +This is arguably an SDM bug and will hopefully be fixed in future +release of the SDM. + +Fixes: fd8cb433734ee ("KVM: MMU: Expose the LA57 feature to VM.") +Cc: stable@vger.kernel.org +Reported-by: Sebastien Boeuf +Signed-off-by: Sean Christopherson +Message-Id: <20200703021714.5549-1-sean.j.christopherson@intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/x86.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -964,6 +964,8 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, u + if (is_long_mode(vcpu)) { + if (!(cr4 & X86_CR4_PAE)) + return 1; ++ if ((cr4 ^ old_cr4) & X86_CR4_LA57) ++ return 1; + } else if (is_paging(vcpu) && (cr4 & X86_CR4_PAE) + && ((cr4 ^ old_cr4) & pdptr_bits) + && !load_pdptrs(vcpu, vcpu->arch.walk_mmu, diff --git a/queue-5.7/kvm-x86-mark-cr4.tsd-as-being-possibly-owned-by-the-guest.patch b/queue-5.7/kvm-x86-mark-cr4.tsd-as-being-possibly-owned-by-the-guest.patch new file mode 100644 index 00000000000..991a0ce85c3 --- /dev/null +++ b/queue-5.7/kvm-x86-mark-cr4.tsd-as-being-possibly-owned-by-the-guest.patch @@ -0,0 +1,53 @@ +From 7c83d096aed055a7763a03384f92115363448b71 Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Thu, 2 Jul 2020 21:04:21 -0700 +Subject: KVM: x86: Mark CR4.TSD as being possibly owned by the guest + +From: Sean Christopherson + +commit 7c83d096aed055a7763a03384f92115363448b71 upstream. + +Mark CR4.TSD as being possibly owned by the guest as that is indeed the +case on VMX. Without TSD being tagged as possibly owned by the guest, a +targeted read of CR4 to get TSD could observe a stale value. This bug +is benign in the current code base as the sole consumer of TSD is the +emulator (for RDTSC) and the emulator always "reads" the entirety of CR4 +when grabbing bits. + +Add a build-time assertion in to ensure VMX doesn't hand over more CR4 +bits without also updating x86. + +Fixes: 52ce3c21aec3 ("x86,kvm,vmx: Don't trap writes to CR4.TSD") +Cc: stable@vger.kernel.org +Signed-off-by: Sean Christopherson +Message-Id: <20200703040422.31536-2-sean.j.christopherson@intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/kvm_cache_regs.h | 2 +- + arch/x86/kvm/vmx/vmx.c | 2 ++ + 2 files changed, 3 insertions(+), 1 deletion(-) + +--- a/arch/x86/kvm/kvm_cache_regs.h ++++ b/arch/x86/kvm/kvm_cache_regs.h +@@ -7,7 +7,7 @@ + #define KVM_POSSIBLE_CR0_GUEST_BITS X86_CR0_TS + #define KVM_POSSIBLE_CR4_GUEST_BITS \ + (X86_CR4_PVI | X86_CR4_DE | X86_CR4_PCE | X86_CR4_OSFXSR \ +- | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_PGE) ++ | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_PGE | X86_CR4_TSD) + + #define BUILD_KVM_GPR_ACCESSORS(lname, uname) \ + static __always_inline unsigned long kvm_##lname##_read(struct kvm_vcpu *vcpu)\ +--- a/arch/x86/kvm/vmx/vmx.c ++++ b/arch/x86/kvm/vmx/vmx.c +@@ -3932,6 +3932,8 @@ void vmx_set_constant_host_state(struct + + void set_cr4_guest_host_mask(struct vcpu_vmx *vmx) + { ++ BUILD_BUG_ON(KVM_CR4_GUEST_OWNED_BITS & ~KVM_POSSIBLE_CR4_GUEST_BITS); ++ + vmx->vcpu.arch.cr4_guest_owned_bits = KVM_CR4_GUEST_OWNED_BITS; + if (enable_ept) + vmx->vcpu.arch.cr4_guest_owned_bits |= X86_CR4_PGE; diff --git a/queue-5.7/series b/queue-5.7/series index b5460bcbf08..15bd090331d 100644 --- a/queue-5.7/series +++ b/queue-5.7/series @@ -111,3 +111,12 @@ alsa-hda-let-hs_mic-be-picked-ahead-of-hp_mic.patch alsa-usb-audio-add-quirk-for-macrosilicon-ms2109.patch alsa-usb-audio-add-implicit-feedback-quirk-for-rtx6001.patch alsa-hda-realtek-fix-lenovo-thinkpad-x1-carbon-7th-quirk-subdevice-id.patch +alsa-hda-realtek-enable-audio-jacks-of-acer-vcopperbox-with-alc269vc.patch +alsa-hda-realtek-enable-headset-mic-of-acer-c20-820-with-alc269vc.patch +alsa-hda-realtek-enable-headset-mic-of-acer-veriton-n4660g-with-alc269vc.patch +kvm-arm64-fix-definition-of-page_hyp_device.patch +kvm-arm64-stop-clobbering-x0-for-hvc_soft_restart.patch +kvm-arm64-annotate-hyp-nmi-related-functions-as-__always_inline.patch +kvm-x86-bit-8-of-non-leaf-pdpes-is-not-reserved.patch +kvm-x86-inject-gp-if-guest-attempts-to-toggle-cr4.la57-in-64-bit-mode.patch +kvm-x86-mark-cr4.tsd-as-being-possibly-owned-by-the-guest.patch