From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 13 Jul 2020 16:16:42 +0000 (+0200)
Subject: 4.9-stable patches
X-Git-Tag: v5.7.9~29
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a4b50429da3963357bd1412d5afdb9760a744fa4;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	kvm-arm64-fix-definition-of-page_hyp_device.patch
	kvm-x86-bit-8-of-non-leaf-pdpes-is-not-reserved.patch
---

diff --git a/queue-4.9/kvm-arm64-fix-definition-of-page_hyp_device.patch b/queue-4.9/kvm-arm64-fix-definition-of-page_hyp_device.patch
new file mode 100644
index 00000000000..f4bbb7ce6aa
--- /dev/null
+++ b/queue-4.9/kvm-arm64-fix-definition-of-page_hyp_device.patch
@@ -0,0 +1,41 @@
+From 68cf617309b5f6f3a651165f49f20af1494753ae Mon Sep 17 00:00:00 2001
+From: Will Deacon <will@kernel.org>
+Date: Wed, 8 Jul 2020 17:25:46 +0100
+Subject: KVM: arm64: Fix definition of PAGE_HYP_DEVICE
+
+From: Will Deacon <will@kernel.org>
+
+commit 68cf617309b5f6f3a651165f49f20af1494753ae upstream.
+
+PAGE_HYP_DEVICE is intended to encode attribute bits for an EL2 stage-1
+pte mapping a device. Unfortunately, it includes PROT_DEVICE_nGnRE which
+encodes attributes for EL1 stage-1 mappings such as UXN and nG, which are
+RES0 for EL2, and DBM which is meaningless as TCR_EL2.HD is not set.
+
+Fix the definition of PAGE_HYP_DEVICE so that it doesn't set RES0 bits
+at EL2.
+
+Acked-by: Marc Zyngier <maz@kernel.org>
+Cc: Marc Zyngier <maz@kernel.org>
+Cc: Catalin Marinas <catalin.marinas@arm.com>
+Cc: James Morse <james.morse@arm.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20200708162546.26176-1-will@kernel.org
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/include/asm/pgtable-prot.h |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm64/include/asm/pgtable-prot.h
++++ b/arch/arm64/include/asm/pgtable-prot.h
+@@ -65,7 +65,7 @@
+ #define PAGE_HYP		__pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN)
+ #define PAGE_HYP_EXEC		__pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY)
+ #define PAGE_HYP_RO		__pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN)
+-#define PAGE_HYP_DEVICE		__pgprot(PROT_DEVICE_nGnRE | PTE_HYP)
++#define PAGE_HYP_DEVICE		__pgprot(_PROT_DEFAULT | PTE_ATTRINDX(MT_DEVICE_nGnRE) | PTE_HYP | PTE_HYP_XN)
+ 
+ #define PAGE_S2			__pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY)
+ #define PAGE_S2_DEVICE		__pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN)
diff --git a/queue-4.9/kvm-x86-bit-8-of-non-leaf-pdpes-is-not-reserved.patch b/queue-4.9/kvm-x86-bit-8-of-non-leaf-pdpes-is-not-reserved.patch
new file mode 100644
index 00000000000..27404d7ca27
--- /dev/null
+++ b/queue-4.9/kvm-x86-bit-8-of-non-leaf-pdpes-is-not-reserved.patch
@@ -0,0 +1,37 @@
+From 5ecad245de2ae23dc4e2dbece92f8ccfbaed2fa7 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Tue, 30 Jun 2020 07:07:20 -0400
+Subject: KVM: x86: bit 8 of non-leaf PDPEs is not reserved
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+commit 5ecad245de2ae23dc4e2dbece92f8ccfbaed2fa7 upstream.
+
+Bit 8 would be the "global" bit, which does not quite make sense for non-leaf
+page table entries.  Intel ignores it; AMD ignores it in PDEs and PDPEs, but
+reserves it in PML4Es.
+
+Probably, earlier versions of the AMD manual documented it as reserved in PDPEs
+as well, and that behavior made it into KVM as well as kvm-unit-tests; fix it.
+
+Cc: stable@vger.kernel.org
+Reported-by: Nadav Amit <namit@vmware.com>
+Fixes: a0c0feb57992 ("KVM: x86: reserve bit 8 of non-leaf PDPEs and PML4Es in 64-bit mode on AMD", 2014-09-03)
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/mmu.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -3849,7 +3849,7 @@ __reset_rsvds_bits_mask(struct kvm_vcpu
+ 			nonleaf_bit8_rsvd | rsvd_bits(7, 7) |
+ 			rsvd_bits(maxphyaddr, 51);
+ 		rsvd_check->rsvd_bits_mask[0][2] = exb_bit_rsvd |
+-			nonleaf_bit8_rsvd | gbpages_bit_rsvd |
++			gbpages_bit_rsvd |
+ 			rsvd_bits(maxphyaddr, 51);
+ 		rsvd_check->rsvd_bits_mask[0][1] = exb_bit_rsvd |
+ 			rsvd_bits(maxphyaddr, 51);
diff --git a/queue-4.9/series b/queue-4.9/series
index bba7cb2f366..43a27bd0b73 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -17,3 +17,5 @@ net-macb-mark-device-wake-capable-when-magic-packet-.patch
 alsa-opl3-fix-infoleak-in-opl3.patch
 alsa-hda-let-hs_mic-be-picked-ahead-of-hp_mic.patch
 alsa-usb-audio-add-quirk-for-macrosilicon-ms2109.patch
+kvm-arm64-fix-definition-of-page_hyp_device.patch
+kvm-x86-bit-8-of-non-leaf-pdpes-is-not-reserved.patch