From 618132376e2adc9d14be2cea79de12bdcc0bc422 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 25 Feb 2019 15:22:16 +0100
Subject: [PATCH] 4.19-stable patches

added patches:
	kvm-x86-return-la57-feature-based-on-hardware-capability.patch
	mac80211-allocate-tailroom-for-forwarded-mesh-packets.patch
---
 ...feature-based-on-hardware-capability.patch | 49 +++++++++++++++++++
 ...-tailroom-for-forwarded-mesh-packets.patch | 46 +++++++++++++++++
 queue-4.19/series                             |  2 +
 3 files changed, 97 insertions(+)
 create mode 100644 queue-4.19/kvm-x86-return-la57-feature-based-on-hardware-capability.patch
 create mode 100644 queue-4.19/mac80211-allocate-tailroom-for-forwarded-mesh-packets.patch

diff --git a/queue-4.19/kvm-x86-return-la57-feature-based-on-hardware-capability.patch b/queue-4.19/kvm-x86-return-la57-feature-based-on-hardware-capability.patch
new file mode 100644
index 00000000000..afaca45aced
--- /dev/null
+++ b/queue-4.19/kvm-x86-return-la57-feature-based-on-hardware-capability.patch
@@ -0,0 +1,49 @@
+From 511da98d207d5c0675a10351b01e37cbe50a79e5 Mon Sep 17 00:00:00 2001
+From: Yu Zhang <yu.c.zhang@linux.intel.com>
+Date: Fri, 1 Feb 2019 00:09:43 +0800
+Subject: kvm: x86: Return LA57 feature based on hardware capability
+
+From: Yu Zhang <yu.c.zhang@linux.intel.com>
+
+commit 511da98d207d5c0675a10351b01e37cbe50a79e5 upstream.
+
+Previously, 'commit 372fddf70904 ("x86/mm: Introduce the 'no5lvl' kernel
+parameter")' cleared X86_FEATURE_LA57 in boot_cpu_data, if Linux chooses
+to not run in 5-level paging mode. Yet boot_cpu_data is queried by
+do_cpuid_ent() as the host capability later when creating vcpus, and Qemu
+will not be able to detect this feature and create VMs with LA57 feature.
+
+As discussed earlier, VMs can still benefit from extended linear address
+width, e.g. to enhance features like ASLR. So we would like to fix this,
+by return the true hardware capability when Qemu queries.
+
+Signed-off-by: Yu Zhang <yu.c.zhang@linux.intel.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/cpuid.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/arch/x86/kvm/cpuid.c
++++ b/arch/x86/kvm/cpuid.c
+@@ -337,6 +337,7 @@ static inline int __do_cpuid_ent(struct
+ 	unsigned f_mpx = kvm_mpx_supported() ? F(MPX) : 0;
+ 	unsigned f_xsaves = kvm_x86_ops->xsaves_supported() ? F(XSAVES) : 0;
+ 	unsigned f_umip = kvm_x86_ops->umip_emulated() ? F(UMIP) : 0;
++	unsigned f_la57 = 0;
+ 
+ 	/* cpuid 1.edx */
+ 	const u32 kvm_cpuid_1_edx_x86_features =
+@@ -491,7 +492,10 @@ static inline int __do_cpuid_ent(struct
+ 			// TSC_ADJUST is emulated
+ 			entry->ebx |= F(TSC_ADJUST);
+ 			entry->ecx &= kvm_cpuid_7_0_ecx_x86_features;
++			f_la57 = entry->ecx & F(LA57);
+ 			cpuid_mask(&entry->ecx, CPUID_7_ECX);
++			/* Set LA57 based on hardware capability. */
++			entry->ecx |= f_la57;
+ 			entry->ecx |= f_umip;
+ 			/* PKU is not yet implemented for shadow paging. */
+ 			if (!tdp_enabled || !boot_cpu_has(X86_FEATURE_OSPKE))
diff --git a/queue-4.19/mac80211-allocate-tailroom-for-forwarded-mesh-packets.patch b/queue-4.19/mac80211-allocate-tailroom-for-forwarded-mesh-packets.patch
new file mode 100644
index 00000000000..fca786f39e4
--- /dev/null
+++ b/queue-4.19/mac80211-allocate-tailroom-for-forwarded-mesh-packets.patch
@@ -0,0 +1,46 @@
+From 51d0af222f6fa43134c6187ab4f374630f6e0d96 Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@nbd.name>
+Date: Fri, 22 Feb 2019 13:21:15 +0100
+Subject: mac80211: allocate tailroom for forwarded mesh packets
+
+From: Felix Fietkau <nbd@nbd.name>
+
+commit 51d0af222f6fa43134c6187ab4f374630f6e0d96 upstream.
+
+Forwarded packets enter the tx path through ieee80211_add_pending_skb,
+which skips the ieee80211_skb_resize call.
+Fixes WARN_ON in ccmp_encrypt_skb and resulting packet loss.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/mac80211/rx.c |    7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -2598,6 +2598,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80
+ 	struct ieee80211_sub_if_data *sdata = rx->sdata;
+ 	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
+ 	u16 ac, q, hdrlen;
++	int tailroom = 0;
+ 
+ 	hdr = (struct ieee80211_hdr *) skb->data;
+ 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
+@@ -2684,8 +2685,12 @@ ieee80211_rx_h_mesh_fwding(struct ieee80
+ 	if (!ifmsh->mshcfg.dot11MeshForwarding)
+ 		goto out;
+ 
++	if (sdata->crypto_tx_tailroom_needed_cnt)
++		tailroom = IEEE80211_ENCRYPT_TAILROOM;
++
+ 	fwd_skb = skb_copy_expand(skb, local->tx_headroom +
+-				       sdata->encrypt_headroom, 0, GFP_ATOMIC);
++				       sdata->encrypt_headroom,
++				  tailroom, GFP_ATOMIC);
+ 	if (!fwd_skb)
+ 		goto out;
+ 
diff --git a/queue-4.19/series b/queue-4.19/series
index 2be7238d8c4..c1b6ad4c55d 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -127,3 +127,5 @@ drm-amdgpu-set-dpm_flag_never_skip-when-enabling-pm-runtime.patch
 gpu-drm-radeon-set-dpm_flag_never_skip-when-enabling-pm-runtime.patch
 drm-i915-fbdev-actually-configure-untiled-displays.patch
 drm-amd-display-fix-mst-reboot-poweroff-sequence.patch
+mac80211-allocate-tailroom-for-forwarded-mesh-packets.patch
+kvm-x86-return-la57-feature-based-on-hardware-capability.patch
-- 
2.47.3