From: Greg Kroah-Hartman Date: Sun, 8 Sep 2024 10:38:14 +0000 (+0200) Subject: drop broken kvm patch from 5.10 and 5.15 X-Git-Tag: v4.19.322~114 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=99f195fa996322e599cbbcf5d0550237d267e63f;p=thirdparty%2Fkernel%2Fstable-queue.git drop broken kvm patch from 5.10 and 5.15 --- diff --git a/queue-5.10/kvm-x86-acquire-kvm-srcu-when-handling-kvm_set_vcpu_events.patch b/queue-5.10/kvm-x86-acquire-kvm-srcu-when-handling-kvm_set_vcpu_events.patch deleted file mode 100644 index 858af1cd154..00000000000 --- a/queue-5.10/kvm-x86-acquire-kvm-srcu-when-handling-kvm_set_vcpu_events.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 4bcdd831d9d01e0fb64faea50732b59b2ee88da1 Mon Sep 17 00:00:00 2001 -From: Sean Christopherson -Date: Tue, 23 Jul 2024 16:20:55 -0700 -Subject: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS - -From: Sean Christopherson - -commit 4bcdd831d9d01e0fb64faea50732b59b2ee88da1 upstream. - -Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly -leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX -reads guest memory. - -Note, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN -via sync_regs(), which already holds SRCU. I.e. trying to precisely use -kvm_vcpu_srcu_read_lock() around the problematic SMM code would cause -problems. Acquiring SRCU isn't all that expensive, so for simplicity, -grab it unconditionally for KVM_SET_VCPU_EVENTS. - - ============================= - WARNING: suspicious RCU usage - 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted - ----------------------------- - include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage! - - other info that might help us debug this: - - rcu_scheduler_active = 2, debug_locks = 1 - 1 lock held by repro/1071: - #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm] - - stack backtrace: - CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552 - Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 - Call Trace: - - dump_stack_lvl+0x7f/0x90 - lockdep_rcu_suspicious+0x13f/0x1a0 - kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm] - kvm_vcpu_read_guest+0x3e/0x90 [kvm] - nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel] - load_vmcs12_host_state+0x432/0xb40 [kvm_intel] - vmx_leave_nested+0x30/0x40 [kvm_intel] - kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm] - kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm] - ? mark_held_locks+0x49/0x70 - ? kvm_vcpu_ioctl+0x7d/0x970 [kvm] - ? kvm_vcpu_ioctl+0x497/0x970 [kvm] - kvm_vcpu_ioctl+0x497/0x970 [kvm] - ? lock_acquire+0xba/0x2d0 - ? find_held_lock+0x2b/0x80 - ? do_user_addr_fault+0x40c/0x6f0 - ? lock_release+0xb7/0x270 - __x64_sys_ioctl+0x82/0xb0 - do_syscall_64+0x6c/0x170 - entry_SYSCALL_64_after_hwframe+0x4b/0x53 - RIP: 0033:0x7ff11eb1b539 - - -Fixes: f7e570780efc ("KVM: x86: Forcibly leave nested virt when SMM state is toggled") -Cc: stable@vger.kernel.org -Link: https://lore.kernel.org/r/20240723232055.3643811-1-seanjc@google.com -Signed-off-by: Sean Christopherson -Signed-off-by: Greg Kroah-Hartman ---- - arch/x86/kvm/x86.c | 2 ++ - 1 file changed, 2 insertions(+) - ---- a/arch/x86/kvm/x86.c -+++ b/arch/x86/kvm/x86.c -@@ -4968,7 +4968,9 @@ long kvm_arch_vcpu_ioctl(struct file *fi - if (copy_from_user(&events, argp, sizeof(struct kvm_vcpu_events))) - break; - -+ kvm_vcpu_srcu_read_lock(vcpu); - r = kvm_vcpu_ioctl_x86_set_vcpu_events(vcpu, &events); -+ kvm_vcpu_srcu_read_unlock(vcpu); - break; - } - case KVM_GET_DEBUGREGS: { diff --git a/queue-5.10/series b/queue-5.10/series index 8909be509e5..6013f87ca03 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -53,7 +53,6 @@ i2c-use-is_reachable-for-substituting-empty-acpi-functions.patch bpf-cgroup-assign-cgroup-in-cgroup_sk_alloc-when-called-from-interrupt.patch sch-netem-fix-use-after-free-in-netem_dequeue.patch asoc-dapm-fix-uaf-for-snd_soc_pcm_runtime-object.patch -kvm-x86-acquire-kvm-srcu-when-handling-kvm_set_vcpu_events.patch alsa-hda-conexant-add-pincfg-quirk-to-enable-top-speakers-on-sirius-devices.patch alsa-hda-realtek-add-patch-for-internal-mic-in-lenovo-v145.patch alsa-hda-realtek-support-mute-led-on-hp-laptop-14-dq2xxx.patch diff --git a/queue-5.15/kvm-x86-acquire-kvm-srcu-when-handling-kvm_set_vcpu_events.patch b/queue-5.15/kvm-x86-acquire-kvm-srcu-when-handling-kvm_set_vcpu_events.patch deleted file mode 100644 index 3119327644f..00000000000 --- a/queue-5.15/kvm-x86-acquire-kvm-srcu-when-handling-kvm_set_vcpu_events.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 4bcdd831d9d01e0fb64faea50732b59b2ee88da1 Mon Sep 17 00:00:00 2001 -From: Sean Christopherson -Date: Tue, 23 Jul 2024 16:20:55 -0700 -Subject: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS - -From: Sean Christopherson - -commit 4bcdd831d9d01e0fb64faea50732b59b2ee88da1 upstream. - -Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly -leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX -reads guest memory. - -Note, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN -via sync_regs(), which already holds SRCU. I.e. trying to precisely use -kvm_vcpu_srcu_read_lock() around the problematic SMM code would cause -problems. Acquiring SRCU isn't all that expensive, so for simplicity, -grab it unconditionally for KVM_SET_VCPU_EVENTS. - - ============================= - WARNING: suspicious RCU usage - 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted - ----------------------------- - include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage! - - other info that might help us debug this: - - rcu_scheduler_active = 2, debug_locks = 1 - 1 lock held by repro/1071: - #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm] - - stack backtrace: - CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552 - Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 - Call Trace: - - dump_stack_lvl+0x7f/0x90 - lockdep_rcu_suspicious+0x13f/0x1a0 - kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm] - kvm_vcpu_read_guest+0x3e/0x90 [kvm] - nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel] - load_vmcs12_host_state+0x432/0xb40 [kvm_intel] - vmx_leave_nested+0x30/0x40 [kvm_intel] - kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm] - kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm] - ? mark_held_locks+0x49/0x70 - ? kvm_vcpu_ioctl+0x7d/0x970 [kvm] - ? kvm_vcpu_ioctl+0x497/0x970 [kvm] - kvm_vcpu_ioctl+0x497/0x970 [kvm] - ? lock_acquire+0xba/0x2d0 - ? find_held_lock+0x2b/0x80 - ? do_user_addr_fault+0x40c/0x6f0 - ? lock_release+0xb7/0x270 - __x64_sys_ioctl+0x82/0xb0 - do_syscall_64+0x6c/0x170 - entry_SYSCALL_64_after_hwframe+0x4b/0x53 - RIP: 0033:0x7ff11eb1b539 - - -Fixes: f7e570780efc ("KVM: x86: Forcibly leave nested virt when SMM state is toggled") -Cc: stable@vger.kernel.org -Link: https://lore.kernel.org/r/20240723232055.3643811-1-seanjc@google.com -Signed-off-by: Sean Christopherson -Signed-off-by: Greg Kroah-Hartman ---- - arch/x86/kvm/x86.c | 2 ++ - 1 file changed, 2 insertions(+) - ---- a/arch/x86/kvm/x86.c -+++ b/arch/x86/kvm/x86.c -@@ -5292,7 +5292,9 @@ long kvm_arch_vcpu_ioctl(struct file *fi - if (copy_from_user(&events, argp, sizeof(struct kvm_vcpu_events))) - break; - -+ kvm_vcpu_srcu_read_lock(vcpu); - r = kvm_vcpu_ioctl_x86_set_vcpu_events(vcpu, &events); -+ kvm_vcpu_srcu_read_unlock(vcpu); - break; - } - case KVM_GET_DEBUGREGS: { diff --git a/queue-5.15/series b/queue-5.15/series index da5a83d9ded..fa3ee598753 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -61,7 +61,6 @@ ext4-handle-redirtying-in-ext4_bio_write_page.patch i2c-use-is_reachable-for-substituting-empty-acpi-functions.patch sch-netem-fix-use-after-free-in-netem_dequeue.patch asoc-dapm-fix-uaf-for-snd_soc_pcm_runtime-object.patch -kvm-x86-acquire-kvm-srcu-when-handling-kvm_set_vcpu_events.patch kvm-svm-fix-emulation-of-msr-reads-writes-of-msr_fs_base-and-msr_gs_base.patch kvm-svm-don-t-advertise-bus-lock-detect-to-guest-if-svm-support-is-missing.patch alsa-hda-conexant-add-pincfg-quirk-to-enable-top-speakers-on-sirius-devices.patch