From 6ec2d03e7d6d97b7c9003b7d0b1cfbc284ca5242 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Sat, 28 Mar 2020 19:40:04 -0400 Subject: [PATCH] Fixes for 4.9 Signed-off-by: Sasha Levin --- ...llow-reexecute_instruction-when-skip.patch | 53 ++++++++++++++++ ...-let-pmtu-updates-increase-route-mtu.patch | 63 +++++++++++++++++++ queue-4.9/series | 2 + 3 files changed, 118 insertions(+) create mode 100644 queue-4.9/kvm-vmx-do-not-allow-reexecute_instruction-when-skip.patch create mode 100644 queue-4.9/net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch diff --git a/queue-4.9/kvm-vmx-do-not-allow-reexecute_instruction-when-skip.patch b/queue-4.9/kvm-vmx-do-not-allow-reexecute_instruction-when-skip.patch new file mode 100644 index 00000000000..63c1227b7ea --- /dev/null +++ b/queue-4.9/kvm-vmx-do-not-allow-reexecute_instruction-when-skip.patch @@ -0,0 +1,53 @@ +From d3451c98976f3f0bc5159ceba848f2eb8abd3dfb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 23 Aug 2018 13:56:46 -0700 +Subject: KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO + instr +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Sean Christopherson + +[ Upstream commit c4409905cd6eb42cfd06126e9226b0150e05a715 ] + +Re-execution after an emulation decode failure is only intended to +handle a case where two or vCPUs race to write a shadowed page, i.e. +we should never re-execute an instruction as part of MMIO emulation. +As handle_ept_misconfig() is only used for MMIO emulation, it should +pass EMULTYPE_NO_REEXECUTE when using the emulator to skip an instr +in the fast-MMIO case where VM_EXIT_INSTRUCTION_LEN is invalid. + +And because the cr2 value passed to x86_emulate_instruction() is only +destined for use when retrying or reexecuting, we can simply call +emulate_instruction(). + +Fixes: d391f1207067 ("x86/kvm/vmx: do not use vm-exit instruction length + for fast MMIO when running nested") +Cc: Vitaly Kuznetsov +Signed-off-by: Sean Christopherson +Cc: stable@vger.kernel.org +Signed-off-by: Radim Krčmář +Signed-off-by: Sasha Levin +--- + arch/x86/kvm/vmx.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c +index 8bd336651de52..1fa4545c55e35 100644 +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -6564,8 +6564,8 @@ static int handle_ept_misconfig(struct kvm_vcpu *vcpu) + return 1; + } + else +- return x86_emulate_instruction(vcpu, gpa, EMULTYPE_SKIP, +- NULL, 0) == EMULATE_DONE; ++ return emulate_instruction(vcpu, EMULTYPE_SKIP) == ++ EMULATE_DONE; + } + + ret = kvm_mmu_page_fault(vcpu, gpa, PFERR_RSVD_MASK, NULL, 0); +-- +2.20.1 + diff --git a/queue-4.9/net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch b/queue-4.9/net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch new file mode 100644 index 00000000000..13c6971330e --- /dev/null +++ b/queue-4.9/net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch @@ -0,0 +1,63 @@ +From a1a902ae60038650a70b7f50ce1fcc3d4c996c88 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 9 Oct 2018 17:48:15 +0200 +Subject: net: ipv4: don't let PMTU updates increase route MTU + +From: Sabrina Dubroca + +[ Upstream commit 28d35bcdd3925e7293408cdb8aa5f2aac5f0d6e3 ] + +When an MTU update with PMTU smaller than net.ipv4.route.min_pmtu is +received, we must clamp its value. However, we can receive a PMTU +exception with PMTU < old_mtu < ip_rt_min_pmtu, which would lead to an +increase in PMTU. + +To fix this, take the smallest of the old MTU and ip_rt_min_pmtu. + +Before this patch, in case of an update, the exception's MTU would +always change. Now, an exception can have only its lock flag updated, +but not the MTU, so we need to add a check on locking to the following +"is this exception getting updated, or close to expiring?" test. + +Fixes: d52e5a7e7ca4 ("ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu") +Signed-off-by: Sabrina Dubroca +Reviewed-by: Stefano Brivio +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/ipv4/route.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/net/ipv4/route.c b/net/ipv4/route.c +index 6058dbc4e2c19..8f5c6fa54ac09 100644 +--- a/net/ipv4/route.c ++++ b/net/ipv4/route.c +@@ -991,21 +991,22 @@ out: kfree_skb(skb); + static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu) + { + struct dst_entry *dst = &rt->dst; ++ u32 old_mtu = ipv4_mtu(dst); + struct fib_result res; + bool lock = false; + + if (ip_mtu_locked(dst)) + return; + +- if (ipv4_mtu(dst) < mtu) ++ if (old_mtu < mtu) + return; + + if (mtu < ip_rt_min_pmtu) { + lock = true; +- mtu = ip_rt_min_pmtu; ++ mtu = min(old_mtu, ip_rt_min_pmtu); + } + +- if (rt->rt_pmtu == mtu && ++ if (rt->rt_pmtu == mtu && !lock && + time_before(jiffies, dst->expires - ip_rt_mtu_expires / 2)) + return; + +-- +2.20.1 + diff --git a/queue-4.9/series b/queue-4.9/series index 464d52ac398..ebc7b81b5d1 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -47,3 +47,5 @@ net-mvneta-fix-the-case-where-the-last-poll-did-not-process-all-rx.patch hsr-use-rcu_read_lock-in-hsr_get_node_-list-status.patch hsr-add-restart-routine-into-hsr_get_node_list.patch hsr-set-.netnsok-flag.patch +kvm-vmx-do-not-allow-reexecute_instruction-when-skip.patch +net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch -- 2.47.3