From 76a090eb22943b1769dd050972d054981f7c3161 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 7 Nov 2022 17:56:49 +0100 Subject: [PATCH] 5.4-stable patches added patches: alsa-usb-audio-add-quirks-for-macrosilicon-ms2100-ms2106-devices.patch ext4-fix-bug_on-when-directory-entry-has-invalid-rec_len.patch ext4-fix-warning-in-ext4_da_release_space.patch kvm-x86-emulator-em_sysexit-should-update-ctxt-mode.patch kvm-x86-emulator-introduce-emulator_recalc_and_set_mode.patch kvm-x86-emulator-update-the-emulation-mode-after-cr0-write.patch kvm-x86-mask-off-reserved-bits-in-cpuid.80000008h.patch kvm-x86-mask-off-reserved-bits-in-cpuid.8000001ah.patch parisc-avoid-printing-the-hardware-path-twice.patch parisc-export-iosapic_serial_irq-symbol-for-serial-port-driver.patch parisc-make-8250_gsc-driver-dependend-on-config_parisc.patch --- ...r-macrosilicon-ms2100-ms2106-devices.patch | 99 +++++++++++ ...-directory-entry-has-invalid-rec_len.patch | 69 ++++++++ ...fix-warning-in-ext4_da_release_space.patch | 102 +++++++++++ ...r-em_sysexit-should-update-ctxt-mode.patch | 36 ++++ ...troduce-emulator_recalc_and_set_mode.patch | 163 ++++++++++++++++++ ...e-the-emulation-mode-after-cr0-write.patch | 55 ++++++ ...off-reserved-bits-in-cpuid.80000008h.patch | 38 ++++ ...off-reserved-bits-in-cpuid.8000001ah.patch | 35 ++++ ...oid-printing-the-hardware-path-twice.patch | 77 +++++++++ ...al_irq-symbol-for-serial-port-driver.patch | 30 ++++ ...sc-driver-dependend-on-config_parisc.patch | 36 ++++ queue-5.4/series | 11 ++ 12 files changed, 751 insertions(+) create mode 100644 queue-5.4/alsa-usb-audio-add-quirks-for-macrosilicon-ms2100-ms2106-devices.patch create mode 100644 queue-5.4/ext4-fix-bug_on-when-directory-entry-has-invalid-rec_len.patch create mode 100644 queue-5.4/ext4-fix-warning-in-ext4_da_release_space.patch create mode 100644 queue-5.4/kvm-x86-emulator-em_sysexit-should-update-ctxt-mode.patch create mode 100644 queue-5.4/kvm-x86-emulator-introduce-emulator_recalc_and_set_mode.patch create mode 100644 queue-5.4/kvm-x86-emulator-update-the-emulation-mode-after-cr0-write.patch create mode 100644 queue-5.4/kvm-x86-mask-off-reserved-bits-in-cpuid.80000008h.patch create mode 100644 queue-5.4/kvm-x86-mask-off-reserved-bits-in-cpuid.8000001ah.patch create mode 100644 queue-5.4/parisc-avoid-printing-the-hardware-path-twice.patch create mode 100644 queue-5.4/parisc-export-iosapic_serial_irq-symbol-for-serial-port-driver.patch create mode 100644 queue-5.4/parisc-make-8250_gsc-driver-dependend-on-config_parisc.patch diff --git a/queue-5.4/alsa-usb-audio-add-quirks-for-macrosilicon-ms2100-ms2106-devices.patch b/queue-5.4/alsa-usb-audio-add-quirks-for-macrosilicon-ms2100-ms2106-devices.patch new file mode 100644 index 00000000000..2190b486030 --- /dev/null +++ b/queue-5.4/alsa-usb-audio-add-quirks-for-macrosilicon-ms2100-ms2106-devices.patch @@ -0,0 +1,99 @@ +From 6e2c9105e0b743c92a157389d40f00b81bdd09fe Mon Sep 17 00:00:00 2001 +From: John Veness +Date: Fri, 24 Jun 2022 15:07:57 +0100 +Subject: ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices + +From: John Veness + +commit 6e2c9105e0b743c92a157389d40f00b81bdd09fe upstream. + +Treat the claimed 96kHz 1ch in the descriptors as 48kHz 2ch, so that +the audio stream doesn't sound mono. Also fix initial stream +alignment, so that left and right channels are in the correct order. + +Signed-off-by: John Veness +Link: https://lore.kernel.org/r/20220624140757.28758-1-john-linux@pelago.org.uk +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/usb/quirks-table.h | 58 +++++++++++++++++++++++++++++++++++++++++++++++ + sound/usb/quirks.c | 1 + 2 files changed, 59 insertions(+) + +--- a/sound/usb/quirks-table.h ++++ b/sound/usb/quirks-table.h +@@ -3760,6 +3760,64 @@ ALC1220_VB_DESKTOP(0x26ce, 0x0a01), /* A + }, + + /* ++ * MacroSilicon MS2100/MS2106 based AV capture cards ++ * ++ * These claim 96kHz 1ch in the descriptors, but are actually 48kHz 2ch. ++ * They also need QUIRK_AUDIO_ALIGN_TRANSFER, which makes one wonder if ++ * they pretend to be 96kHz mono as a workaround for stereo being broken ++ * by that... ++ * ++ * They also have an issue with initial stream alignment that causes the ++ * channels to be swapped and out of phase, which is dealt with in quirks.c. ++ */ ++{ ++ .match_flags = USB_DEVICE_ID_MATCH_DEVICE | ++ USB_DEVICE_ID_MATCH_INT_CLASS | ++ USB_DEVICE_ID_MATCH_INT_SUBCLASS, ++ .idVendor = 0x534d, ++ .idProduct = 0x0021, ++ .bInterfaceClass = USB_CLASS_AUDIO, ++ .bInterfaceSubClass = USB_SUBCLASS_AUDIOCONTROL, ++ .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) { ++ .vendor_name = "MacroSilicon", ++ .product_name = "MS210x", ++ .ifnum = QUIRK_ANY_INTERFACE, ++ .type = QUIRK_COMPOSITE, ++ .data = &(const struct snd_usb_audio_quirk[]) { ++ { ++ .ifnum = 2, ++ .type = QUIRK_AUDIO_ALIGN_TRANSFER, ++ }, ++ { ++ .ifnum = 2, ++ .type = QUIRK_AUDIO_STANDARD_MIXER, ++ }, ++ { ++ .ifnum = 3, ++ .type = QUIRK_AUDIO_FIXED_ENDPOINT, ++ .data = &(const struct audioformat) { ++ .formats = SNDRV_PCM_FMTBIT_S16_LE, ++ .channels = 2, ++ .iface = 3, ++ .altsetting = 1, ++ .altset_idx = 1, ++ .attributes = 0, ++ .endpoint = 0x82, ++ .ep_attr = USB_ENDPOINT_XFER_ISOC | ++ USB_ENDPOINT_SYNC_ASYNC, ++ .rates = SNDRV_PCM_RATE_CONTINUOUS, ++ .rate_min = 48000, ++ .rate_max = 48000, ++ } ++ }, ++ { ++ .ifnum = -1 ++ } ++ } ++ } ++}, ++ ++/* + * MacroSilicon MS2109 based HDMI capture cards + * + * These claim 96kHz 1ch in the descriptors, but are actually 48kHz 2ch. +--- a/sound/usb/quirks.c ++++ b/sound/usb/quirks.c +@@ -1440,6 +1440,7 @@ void snd_usb_set_format_quirk(struct snd + case USB_ID(0x041e, 0x3f19): /* E-Mu 0204 USB */ + set_format_emu_quirk(subs, fmt); + break; ++ case USB_ID(0x534d, 0x0021): /* MacroSilicon MS2100/MS2106 */ + case USB_ID(0x534d, 0x2109): /* MacroSilicon MS2109 */ + subs->stream_offset_adj = 2; + break; diff --git a/queue-5.4/ext4-fix-bug_on-when-directory-entry-has-invalid-rec_len.patch b/queue-5.4/ext4-fix-bug_on-when-directory-entry-has-invalid-rec_len.patch new file mode 100644 index 00000000000..d17ed0a65cb --- /dev/null +++ b/queue-5.4/ext4-fix-bug_on-when-directory-entry-has-invalid-rec_len.patch @@ -0,0 +1,69 @@ +From 17a0bc9bd697f75cfdf9b378d5eb2d7409c91340 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Lu=C3=ADs=20Henriques?= +Date: Wed, 12 Oct 2022 14:13:30 +0100 +Subject: ext4: fix BUG_ON() when directory entry has invalid rec_len +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Luís Henriques + +commit 17a0bc9bd697f75cfdf9b378d5eb2d7409c91340 upstream. + +The rec_len field in the directory entry has to be a multiple of 4. A +corrupted filesystem image can be used to hit a BUG() in +ext4_rec_len_to_disk(), called from make_indexed_dir(). + + ------------[ cut here ]------------ + kernel BUG at fs/ext4/ext4.h:2413! + ... + RIP: 0010:make_indexed_dir+0x53f/0x5f0 + ... + Call Trace: + + ? add_dirent_to_buf+0x1b2/0x200 + ext4_add_entry+0x36e/0x480 + ext4_add_nondir+0x2b/0xc0 + ext4_create+0x163/0x200 + path_openat+0x635/0xe90 + do_filp_open+0xb4/0x160 + ? __create_object.isra.0+0x1de/0x3b0 + ? _raw_spin_unlock+0x12/0x30 + do_sys_openat2+0x91/0x150 + __x64_sys_open+0x6c/0xa0 + do_syscall_64+0x3c/0x80 + entry_SYSCALL_64_after_hwframe+0x46/0xb0 + +The fix simply adds a call to ext4_check_dir_entry() to validate the +directory entry, returning -EFSCORRUPTED if the entry is invalid. + +CC: stable@kernel.org +Link: https://bugzilla.kernel.org/show_bug.cgi?id=216540 +Signed-off-by: Luís Henriques +Link: https://lore.kernel.org/r/20221012131330.32456-1-lhenriques@suse.de +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/namei.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +--- a/fs/ext4/namei.c ++++ b/fs/ext4/namei.c +@@ -2141,8 +2141,16 @@ static int make_indexed_dir(handle_t *ha + memcpy(data2, de, len); + de = (struct ext4_dir_entry_2 *) data2; + top = data2 + len; +- while ((char *)(de2 = ext4_next_entry(de, blocksize)) < top) ++ while ((char *)(de2 = ext4_next_entry(de, blocksize)) < top) { ++ if (ext4_check_dir_entry(dir, NULL, de, bh2, data2, len, ++ (data2 + (blocksize - csum_size) - ++ (char *) de))) { ++ brelse(bh2); ++ brelse(bh); ++ return -EFSCORRUPTED; ++ } + de = de2; ++ } + de->rec_len = ext4_rec_len_to_disk(data2 + (blocksize - csum_size) - + (char *) de, blocksize); + diff --git a/queue-5.4/ext4-fix-warning-in-ext4_da_release_space.patch b/queue-5.4/ext4-fix-warning-in-ext4_da_release_space.patch new file mode 100644 index 00000000000..13827f49116 --- /dev/null +++ b/queue-5.4/ext4-fix-warning-in-ext4_da_release_space.patch @@ -0,0 +1,102 @@ +From 1b8f787ef547230a3249bcf897221ef0cc78481b Mon Sep 17 00:00:00 2001 +From: Ye Bin +Date: Tue, 18 Oct 2022 10:27:01 +0800 +Subject: ext4: fix warning in 'ext4_da_release_space' + +From: Ye Bin + +commit 1b8f787ef547230a3249bcf897221ef0cc78481b upstream. + +Syzkaller report issue as follows: +EXT4-fs (loop0): Free/Dirty block details +EXT4-fs (loop0): free_blocks=0 +EXT4-fs (loop0): dirty_blocks=0 +EXT4-fs (loop0): Block reservation details +EXT4-fs (loop0): i_reserved_data_blocks=0 +EXT4-fs warning (device loop0): ext4_da_release_space:1527: ext4_da_release_space: ino 18, to_free 1 with only 0 reserved data blocks +------------[ cut here ]------------ +WARNING: CPU: 0 PID: 92 at fs/ext4/inode.c:1528 ext4_da_release_space+0x25e/0x370 fs/ext4/inode.c:1524 +Modules linked in: +CPU: 0 PID: 92 Comm: kworker/u4:4 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 +Workqueue: writeback wb_workfn (flush-7:0) +RIP: 0010:ext4_da_release_space+0x25e/0x370 fs/ext4/inode.c:1528 +RSP: 0018:ffffc900015f6c90 EFLAGS: 00010296 +RAX: 42215896cd52ea00 RBX: 0000000000000000 RCX: 42215896cd52ea00 +RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000 +RBP: 1ffff1100e907d96 R08: ffffffff816aa79d R09: fffff520002bece5 +R10: fffff520002bece5 R11: 1ffff920002bece4 R12: ffff888021fd2000 +R13: ffff88807483ecb0 R14: 0000000000000001 R15: ffff88807483e740 +FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 00005555569ba628 CR3: 000000000c88e000 CR4: 00000000003506f0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +Call Trace: + + ext4_es_remove_extent+0x1ab/0x260 fs/ext4/extents_status.c:1461 + mpage_release_unused_pages+0x24d/0xef0 fs/ext4/inode.c:1589 + ext4_writepages+0x12eb/0x3be0 fs/ext4/inode.c:2852 + do_writepages+0x3c3/0x680 mm/page-writeback.c:2469 + __writeback_single_inode+0xd1/0x670 fs/fs-writeback.c:1587 + writeback_sb_inodes+0xb3b/0x18f0 fs/fs-writeback.c:1870 + wb_writeback+0x41f/0x7b0 fs/fs-writeback.c:2044 + wb_do_writeback fs/fs-writeback.c:2187 [inline] + wb_workfn+0x3cb/0xef0 fs/fs-writeback.c:2227 + process_one_work+0x877/0xdb0 kernel/workqueue.c:2289 + worker_thread+0xb14/0x1330 kernel/workqueue.c:2436 + kthread+0x266/0x300 kernel/kthread.c:376 + ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 + + +Above issue may happens as follows: +ext4_da_write_begin + ext4_create_inline_data + ext4_clear_inode_flag(inode, EXT4_INODE_EXTENTS); + ext4_set_inode_flag(inode, EXT4_INODE_INLINE_DATA); +__ext4_ioctl + ext4_ext_migrate -> will lead to eh->eh_entries not zero, and set extent flag +ext4_da_write_begin + ext4_da_convert_inline_data_to_extent + ext4_da_write_inline_data_begin + ext4_da_map_blocks + ext4_insert_delayed_block + if (!ext4_es_scan_clu(inode, &ext4_es_is_delonly, lblk)) + if (!ext4_es_scan_clu(inode, &ext4_es_is_mapped, lblk)) + ext4_clu_mapped(inode, EXT4_B2C(sbi, lblk)); -> will return 1 + allocated = true; + ext4_es_insert_delayed_block(inode, lblk, allocated); +ext4_writepages + mpage_map_and_submit_extent(handle, &mpd, &give_up_on_write); -> return -ENOSPC + mpage_release_unused_pages(&mpd, give_up_on_write); -> give_up_on_write == 1 + ext4_es_remove_extent + ext4_da_release_space(inode, reserved); + if (unlikely(to_free > ei->i_reserved_data_blocks)) + -> to_free == 1 but ei->i_reserved_data_blocks == 0 + -> then trigger warning as above + +To solve above issue, forbid inode do migrate which has inline data. + +Cc: stable@kernel.org +Reported-by: syzbot+c740bb18df70ad00952e@syzkaller.appspotmail.com +Signed-off-by: Ye Bin +Reviewed-by: Jan Kara +Link: https://lore.kernel.org/r/20221018022701.683489-1-yebin10@huawei.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/migrate.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/ext4/migrate.c ++++ b/fs/ext4/migrate.c +@@ -443,7 +443,8 @@ int ext4_ext_migrate(struct inode *inode + * already is extent-based, error out. + */ + if (!ext4_has_feature_extents(inode->i_sb) || +- (ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))) ++ ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS) || ++ ext4_has_inline_data(inode)) + return -EINVAL; + + if (S_ISLNK(inode->i_mode) && inode->i_blocks == 0) diff --git a/queue-5.4/kvm-x86-emulator-em_sysexit-should-update-ctxt-mode.patch b/queue-5.4/kvm-x86-emulator-em_sysexit-should-update-ctxt-mode.patch new file mode 100644 index 00000000000..0f84972cd6a --- /dev/null +++ b/queue-5.4/kvm-x86-emulator-em_sysexit-should-update-ctxt-mode.patch @@ -0,0 +1,36 @@ +From 5015bb89b58225f97df6ac44383e7e8c8662c8c9 Mon Sep 17 00:00:00 2001 +From: Maxim Levitsky +Date: Tue, 25 Oct 2022 15:47:28 +0300 +Subject: KVM: x86: emulator: em_sysexit should update ctxt->mode + +From: Maxim Levitsky + +commit 5015bb89b58225f97df6ac44383e7e8c8662c8c9 upstream. + +SYSEXIT is one of the instructions that can change the +processor mode, thus ctxt->mode should be updated after it. + +Note that this is likely a benign bug, because the only problematic +mode change is from 32 bit to 64 bit which can lead to truncation of RIP, +and it is not possible to do with sysexit, +since sysexit running in 32 bit mode will be limited to 32 bit version. + +Signed-off-by: Maxim Levitsky +Message-Id: <20221025124741.228045-11-mlevitsk@redhat.com> +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/emulate.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -2953,6 +2953,7 @@ static int em_sysexit(struct x86_emulate + ops->set_segment(ctxt, ss_sel, &ss, 0, VCPU_SREG_SS); + + ctxt->_eip = rdx; ++ ctxt->mode = usermode; + *reg_write(ctxt, VCPU_REGS_RSP) = rcx; + + return X86EMUL_CONTINUE; diff --git a/queue-5.4/kvm-x86-emulator-introduce-emulator_recalc_and_set_mode.patch b/queue-5.4/kvm-x86-emulator-introduce-emulator_recalc_and_set_mode.patch new file mode 100644 index 00000000000..a5a5da2ae90 --- /dev/null +++ b/queue-5.4/kvm-x86-emulator-introduce-emulator_recalc_and_set_mode.patch @@ -0,0 +1,163 @@ +From d087e0f79fa0dd336a9a6b2f79ec23120f5eff73 Mon Sep 17 00:00:00 2001 +From: Maxim Levitsky +Date: Tue, 25 Oct 2022 15:47:29 +0300 +Subject: KVM: x86: emulator: introduce emulator_recalc_and_set_mode + +From: Maxim Levitsky + +commit d087e0f79fa0dd336a9a6b2f79ec23120f5eff73 upstream. + +Some instructions update the cpu execution mode, which needs to update the +emulation mode. + +Extract this code, and make assign_eip_far use it. + +assign_eip_far now reads CS, instead of getting it via a parameter, +which is ok, because callers always assign CS to the same value +before calling this function. + +No functional change is intended. + +Signed-off-by: Maxim Levitsky +Message-Id: <20221025124741.228045-12-mlevitsk@redhat.com> +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/emulate.c | 85 ++++++++++++++++++++++++++++++++----------------- + 1 file changed, 57 insertions(+), 28 deletions(-) + +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -776,8 +776,7 @@ static int linearize(struct x86_emulate_ + ctxt->mode, linear); + } + +-static inline int assign_eip(struct x86_emulate_ctxt *ctxt, ulong dst, +- enum x86emul_mode mode) ++static inline int assign_eip(struct x86_emulate_ctxt *ctxt, ulong dst) + { + ulong linear; + int rc; +@@ -787,41 +786,71 @@ static inline int assign_eip(struct x86_ + + if (ctxt->op_bytes != sizeof(unsigned long)) + addr.ea = dst & ((1UL << (ctxt->op_bytes << 3)) - 1); +- rc = __linearize(ctxt, addr, &max_size, 1, false, true, mode, &linear); ++ rc = __linearize(ctxt, addr, &max_size, 1, false, true, ctxt->mode, &linear); + if (rc == X86EMUL_CONTINUE) + ctxt->_eip = addr.ea; + return rc; + } + ++static inline int emulator_recalc_and_set_mode(struct x86_emulate_ctxt *ctxt) ++{ ++ u64 efer; ++ struct desc_struct cs; ++ u16 selector; ++ u32 base3; ++ ++ ctxt->ops->get_msr(ctxt, MSR_EFER, &efer); ++ ++ if (!(ctxt->ops->get_cr(ctxt, 0) & X86_CR0_PE)) { ++ /* Real mode. cpu must not have long mode active */ ++ if (efer & EFER_LMA) ++ return X86EMUL_UNHANDLEABLE; ++ ctxt->mode = X86EMUL_MODE_REAL; ++ return X86EMUL_CONTINUE; ++ } ++ ++ if (ctxt->eflags & X86_EFLAGS_VM) { ++ /* Protected/VM86 mode. cpu must not have long mode active */ ++ if (efer & EFER_LMA) ++ return X86EMUL_UNHANDLEABLE; ++ ctxt->mode = X86EMUL_MODE_VM86; ++ return X86EMUL_CONTINUE; ++ } ++ ++ if (!ctxt->ops->get_segment(ctxt, &selector, &cs, &base3, VCPU_SREG_CS)) ++ return X86EMUL_UNHANDLEABLE; ++ ++ if (efer & EFER_LMA) { ++ if (cs.l) { ++ /* Proper long mode */ ++ ctxt->mode = X86EMUL_MODE_PROT64; ++ } else if (cs.d) { ++ /* 32 bit compatibility mode*/ ++ ctxt->mode = X86EMUL_MODE_PROT32; ++ } else { ++ ctxt->mode = X86EMUL_MODE_PROT16; ++ } ++ } else { ++ /* Legacy 32 bit / 16 bit mode */ ++ ctxt->mode = cs.d ? X86EMUL_MODE_PROT32 : X86EMUL_MODE_PROT16; ++ } ++ ++ return X86EMUL_CONTINUE; ++} ++ + static inline int assign_eip_near(struct x86_emulate_ctxt *ctxt, ulong dst) + { +- return assign_eip(ctxt, dst, ctxt->mode); ++ return assign_eip(ctxt, dst); + } + +-static int assign_eip_far(struct x86_emulate_ctxt *ctxt, ulong dst, +- const struct desc_struct *cs_desc) ++static int assign_eip_far(struct x86_emulate_ctxt *ctxt, ulong dst) + { +- enum x86emul_mode mode = ctxt->mode; +- int rc; ++ int rc = emulator_recalc_and_set_mode(ctxt); + +-#ifdef CONFIG_X86_64 +- if (ctxt->mode >= X86EMUL_MODE_PROT16) { +- if (cs_desc->l) { +- u64 efer = 0; ++ if (rc != X86EMUL_CONTINUE) ++ return rc; + +- ctxt->ops->get_msr(ctxt, MSR_EFER, &efer); +- if (efer & EFER_LMA) +- mode = X86EMUL_MODE_PROT64; +- } else +- mode = X86EMUL_MODE_PROT32; /* temporary value */ +- } +-#endif +- if (mode == X86EMUL_MODE_PROT16 || mode == X86EMUL_MODE_PROT32) +- mode = cs_desc->d ? X86EMUL_MODE_PROT32 : X86EMUL_MODE_PROT16; +- rc = assign_eip(ctxt, dst, mode); +- if (rc == X86EMUL_CONTINUE) +- ctxt->mode = mode; +- return rc; ++ return assign_eip(ctxt, dst); + } + + static inline int jmp_rel(struct x86_emulate_ctxt *ctxt, int rel) +@@ -2237,7 +2266,7 @@ static int em_jmp_far(struct x86_emulate + if (rc != X86EMUL_CONTINUE) + return rc; + +- rc = assign_eip_far(ctxt, ctxt->src.val, &new_desc); ++ rc = assign_eip_far(ctxt, ctxt->src.val); + /* Error handling is not implemented. */ + if (rc != X86EMUL_CONTINUE) + return X86EMUL_UNHANDLEABLE; +@@ -2318,7 +2347,7 @@ static int em_ret_far(struct x86_emulate + &new_desc); + if (rc != X86EMUL_CONTINUE) + return rc; +- rc = assign_eip_far(ctxt, eip, &new_desc); ++ rc = assign_eip_far(ctxt, eip); + /* Error handling is not implemented. */ + if (rc != X86EMUL_CONTINUE) + return X86EMUL_UNHANDLEABLE; +@@ -3550,7 +3579,7 @@ static int em_call_far(struct x86_emulat + if (rc != X86EMUL_CONTINUE) + return rc; + +- rc = assign_eip_far(ctxt, ctxt->src.val, &new_desc); ++ rc = assign_eip_far(ctxt, ctxt->src.val); + if (rc != X86EMUL_CONTINUE) + goto fail; + diff --git a/queue-5.4/kvm-x86-emulator-update-the-emulation-mode-after-cr0-write.patch b/queue-5.4/kvm-x86-emulator-update-the-emulation-mode-after-cr0-write.patch new file mode 100644 index 00000000000..a2d44141b2d --- /dev/null +++ b/queue-5.4/kvm-x86-emulator-update-the-emulation-mode-after-cr0-write.patch @@ -0,0 +1,55 @@ +From ad8f9e69942c7db90758d9d774157e53bce94840 Mon Sep 17 00:00:00 2001 +From: Maxim Levitsky +Date: Tue, 25 Oct 2022 15:47:31 +0300 +Subject: KVM: x86: emulator: update the emulation mode after CR0 write + +From: Maxim Levitsky + +commit ad8f9e69942c7db90758d9d774157e53bce94840 upstream. + +Update the emulation mode when handling writes to CR0, because +toggling CR0.PE switches between Real and Protected Mode, and toggling +CR0.PG when EFER.LME=1 switches between Long and Protected Mode. + +This is likely a benign bug because there is no writeback of state, +other than the RIP increment, and when toggling CR0.PE, the CPU has +to execute code from a very low memory address. + +Signed-off-by: Maxim Levitsky +Message-Id: <20221025124741.228045-14-mlevitsk@redhat.com> +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/emulate.c | 16 +++++++++++++++- + 1 file changed, 15 insertions(+), 1 deletion(-) + +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -3726,11 +3726,25 @@ static int em_movbe(struct x86_emulate_c + + static int em_cr_write(struct x86_emulate_ctxt *ctxt) + { +- if (ctxt->ops->set_cr(ctxt, ctxt->modrm_reg, ctxt->src.val)) ++ int cr_num = ctxt->modrm_reg; ++ int r; ++ ++ if (ctxt->ops->set_cr(ctxt, cr_num, ctxt->src.val)) + return emulate_gp(ctxt, 0); + + /* Disable writeback. */ + ctxt->dst.type = OP_NONE; ++ ++ if (cr_num == 0) { ++ /* ++ * CR0 write might have updated CR0.PE and/or CR0.PG ++ * which can affect the cpu's execution mode. ++ */ ++ r = emulator_recalc_and_set_mode(ctxt); ++ if (r != X86EMUL_CONTINUE) ++ return r; ++ } ++ + return X86EMUL_CONTINUE; + } + diff --git a/queue-5.4/kvm-x86-mask-off-reserved-bits-in-cpuid.80000008h.patch b/queue-5.4/kvm-x86-mask-off-reserved-bits-in-cpuid.80000008h.patch new file mode 100644 index 00000000000..589b099ef10 --- /dev/null +++ b/queue-5.4/kvm-x86-mask-off-reserved-bits-in-cpuid.80000008h.patch @@ -0,0 +1,38 @@ +From 7030d8530e533844e2f4b0e7476498afcd324634 Mon Sep 17 00:00:00 2001 +From: Jim Mattson +Date: Thu, 29 Sep 2022 15:52:00 -0700 +Subject: KVM: x86: Mask off reserved bits in CPUID.80000008H + +From: Jim Mattson + +commit 7030d8530e533844e2f4b0e7476498afcd324634 upstream. + +KVM_GET_SUPPORTED_CPUID should only enumerate features that KVM +actually supports. The following ranges of CPUID.80000008H are reserved +and should be masked off: + ECX[31:18] + ECX[11:8] + +In addition, the PerfTscSize field at ECX[17:16] should also be zero +because KVM does not set the PERFTSC bit at CPUID.80000001H.ECX[27]. + +Fixes: 24c82e576b78 ("KVM: Sanitize cpuid") +Signed-off-by: Jim Mattson +Message-Id: <20220929225203.2234702-3-jmattson@google.com> +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/cpuid.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/kvm/cpuid.c ++++ b/arch/x86/kvm/cpuid.c +@@ -759,6 +759,7 @@ static inline int __do_cpuid_func(struct + g_phys_as = phys_as; + + entry->eax = g_phys_as | (virt_as << 8); ++ entry->ecx &= ~(GENMASK(31, 16) | GENMASK(11, 8)); + entry->edx = 0; + entry->ebx &= kvm_cpuid_8000_0008_ebx_x86_features; + cpuid_mask(&entry->ebx, CPUID_8000_0008_EBX); diff --git a/queue-5.4/kvm-x86-mask-off-reserved-bits-in-cpuid.8000001ah.patch b/queue-5.4/kvm-x86-mask-off-reserved-bits-in-cpuid.8000001ah.patch new file mode 100644 index 00000000000..da72be257d8 --- /dev/null +++ b/queue-5.4/kvm-x86-mask-off-reserved-bits-in-cpuid.8000001ah.patch @@ -0,0 +1,35 @@ +From 079f6889818dd07903fb36c252532ab47ebb6d48 Mon Sep 17 00:00:00 2001 +From: Jim Mattson +Date: Thu, 29 Sep 2022 15:52:01 -0700 +Subject: KVM: x86: Mask off reserved bits in CPUID.8000001AH + +From: Jim Mattson + +commit 079f6889818dd07903fb36c252532ab47ebb6d48 upstream. + +KVM_GET_SUPPORTED_CPUID should only enumerate features that KVM +actually supports. In the case of CPUID.8000001AH, only three bits are +currently defined. The 125 reserved bits should be masked off. + +Fixes: 24c82e576b78 ("KVM: Sanitize cpuid") +Signed-off-by: Jim Mattson +Message-Id: <20220929225203.2234702-4-jmattson@google.com> +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/cpuid.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/x86/kvm/cpuid.c ++++ b/arch/x86/kvm/cpuid.c +@@ -791,6 +791,9 @@ static inline int __do_cpuid_func(struct + entry->ecx = entry->edx = 0; + break; + case 0x8000001a: ++ entry->eax &= GENMASK(2, 0); ++ entry->ebx = entry->ecx = entry->edx = 0; ++ break; + case 0x8000001e: + break; + /*Add support for Centaur's CPUID instruction*/ diff --git a/queue-5.4/parisc-avoid-printing-the-hardware-path-twice.patch b/queue-5.4/parisc-avoid-printing-the-hardware-path-twice.patch new file mode 100644 index 00000000000..cc3eaeaae7d --- /dev/null +++ b/queue-5.4/parisc-avoid-printing-the-hardware-path-twice.patch @@ -0,0 +1,77 @@ +From 2b6ae0962b421103feb41a80406732944b0665b3 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Fri, 28 Oct 2022 18:12:49 +0200 +Subject: parisc: Avoid printing the hardware path twice + +From: Helge Deller + +commit 2b6ae0962b421103feb41a80406732944b0665b3 upstream. + +Avoid that the hardware path is shown twice in the kernel log, and clean +up the output of the version numbers to show up in the same order as +they are listed in the hardware database in the hardware.c file. +Additionally, optimize the memory footprint of the hardware database +and mark some code as init code. + +Fixes: cab56b51ec0e ("parisc: Fix device names in /proc/iomem") +Signed-off-by: Helge Deller +Cc: # v4.9+ +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/include/asm/hardware.h | 12 ++++++------ + arch/parisc/kernel/drivers.c | 14 ++++++-------- + 2 files changed, 12 insertions(+), 14 deletions(-) + +--- a/arch/parisc/include/asm/hardware.h ++++ b/arch/parisc/include/asm/hardware.h +@@ -10,12 +10,12 @@ + #define SVERSION_ANY_ID PA_SVERSION_ANY_ID + + struct hp_hardware { +- unsigned short hw_type:5; /* HPHW_xxx */ +- unsigned short hversion; +- unsigned long sversion:28; +- unsigned short opt; +- const char name[80]; /* The hardware description */ +-}; ++ unsigned int hw_type:8; /* HPHW_xxx */ ++ unsigned int hversion:12; ++ unsigned int sversion:12; ++ unsigned char opt; ++ unsigned char name[59]; /* The hardware description */ ++} __packed; + + struct parisc_device; + +--- a/arch/parisc/kernel/drivers.c ++++ b/arch/parisc/kernel/drivers.c +@@ -882,15 +882,13 @@ void __init walk_central_bus(void) + &root); + } + +-static void print_parisc_device(struct parisc_device *dev) ++static __init void print_parisc_device(struct parisc_device *dev) + { +- char hw_path[64]; +- static int count; ++ static int count __initdata; + +- print_pa_hwpath(dev, hw_path); +- pr_info("%d. %s at %pap [%s] { %d, 0x%x, 0x%.3x, 0x%.5x }", +- ++count, dev->name, &(dev->hpa.start), hw_path, dev->id.hw_type, +- dev->id.hversion_rev, dev->id.hversion, dev->id.sversion); ++ pr_info("%d. %s at %pap { type:%d, hv:%#x, sv:%#x, rev:%#x }", ++ ++count, dev->name, &(dev->hpa.start), dev->id.hw_type, ++ dev->id.hversion, dev->id.sversion, dev->id.hversion_rev); + + if (dev->num_addrs) { + int k; +@@ -1079,7 +1077,7 @@ static __init int qemu_print_iodc_data(s + + + +-static int print_one_device(struct device * dev, void * data) ++static __init int print_one_device(struct device * dev, void * data) + { + struct parisc_device * pdev = to_parisc_device(dev); + diff --git a/queue-5.4/parisc-export-iosapic_serial_irq-symbol-for-serial-port-driver.patch b/queue-5.4/parisc-export-iosapic_serial_irq-symbol-for-serial-port-driver.patch new file mode 100644 index 00000000000..15e07ce93cd --- /dev/null +++ b/queue-5.4/parisc-export-iosapic_serial_irq-symbol-for-serial-port-driver.patch @@ -0,0 +1,30 @@ +From a0c9f1f2e53b8eb2ae43987a30e547ba56b4fa18 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Thu, 27 Oct 2022 09:12:05 +0200 +Subject: parisc: Export iosapic_serial_irq() symbol for serial port driver + +From: Helge Deller + +commit a0c9f1f2e53b8eb2ae43987a30e547ba56b4fa18 upstream. + +The parisc serial port driver needs this symbol when it's compiled +as module. + +Signed-off-by: Helge Deller +Reported-by: kernel test robot +Cc: +Signed-off-by: Greg Kroah-Hartman +--- + drivers/parisc/iosapic.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/parisc/iosapic.c ++++ b/drivers/parisc/iosapic.c +@@ -875,6 +875,7 @@ int iosapic_serial_irq(struct parisc_dev + + return vi->txn_irq; + } ++EXPORT_SYMBOL(iosapic_serial_irq); + #endif + + diff --git a/queue-5.4/parisc-make-8250_gsc-driver-dependend-on-config_parisc.patch b/queue-5.4/parisc-make-8250_gsc-driver-dependend-on-config_parisc.patch new file mode 100644 index 00000000000..1a211eb3af0 --- /dev/null +++ b/queue-5.4/parisc-make-8250_gsc-driver-dependend-on-config_parisc.patch @@ -0,0 +1,36 @@ +From e8a18e3f00f3ee8d07c17ab1ea3ad4df4a3b6fe0 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Fri, 21 Oct 2022 07:44:49 +0200 +Subject: parisc: Make 8250_gsc driver dependend on CONFIG_PARISC + +From: Helge Deller + +commit e8a18e3f00f3ee8d07c17ab1ea3ad4df4a3b6fe0 upstream. + +Although the name of the driver 8250_gsc.c suggests that it handles +only serial ports on the GSC bus, it does handle serial ports listed +in the parisc machine inventory as well, e.g. the serial ports in a +C8000 PCI-only workstation. + +Change the dependency to CONFIG_PARISC, so that the driver gets included +in the kernel even if CONFIG_GSC isn't set. + +Reported-by: Mikulas Patocka +Cc: +Signed-off-by: Helge Deller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/serial/8250/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/tty/serial/8250/Kconfig ++++ b/drivers/tty/serial/8250/Kconfig +@@ -108,7 +108,7 @@ config SERIAL_8250_CONSOLE + + config SERIAL_8250_GSC + tristate +- depends on SERIAL_8250 && GSC ++ depends on SERIAL_8250 && PARISC + default SERIAL_8250 + + config SERIAL_8250_DMA diff --git a/queue-5.4/series b/queue-5.4/series index 9464d75ecee..b8df3f4b1d7 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -55,3 +55,14 @@ fuse-add-file_modified-to-fallocate.patch efi-random-reduce-seed-size-to-32-bytes.patch perf-x86-intel-fix-pebs-event-constraints-for-icl.patch perf-x86-intel-add-cooper-lake-stepping-to-isolation_ucodes.patch +alsa-usb-audio-add-quirks-for-macrosilicon-ms2100-ms2106-devices.patch +parisc-make-8250_gsc-driver-dependend-on-config_parisc.patch +parisc-export-iosapic_serial_irq-symbol-for-serial-port-driver.patch +parisc-avoid-printing-the-hardware-path-twice.patch +ext4-fix-warning-in-ext4_da_release_space.patch +ext4-fix-bug_on-when-directory-entry-has-invalid-rec_len.patch +kvm-x86-mask-off-reserved-bits-in-cpuid.8000001ah.patch +kvm-x86-mask-off-reserved-bits-in-cpuid.80000008h.patch +kvm-x86-emulator-em_sysexit-should-update-ctxt-mode.patch +kvm-x86-emulator-introduce-emulator_recalc_and_set_mode.patch +kvm-x86-emulator-update-the-emulation-mode-after-cr0-write.patch -- 2.47.3