From f0eb1f387b5f3f5c84758aad29dc2d60b3b76e66 Mon Sep 17 00:00:00 2001
From: Sasha Levin <sashal@kernel.org>
Date: Sun, 19 Apr 2020 21:21:57 -0400
Subject: [PATCH] Fixes for 4.4

Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 ...-for-null-arg_name-in-parse_features.patch | 41 ++++++++++++++
 ...ture-ssbd-doesn-t-imply-guest-featur.patch | 53 +++++++++++++++++++
 queue-4.4/series                              |  2 +
 3 files changed, 96 insertions(+)
 create mode 100644 queue-4.4/dm-flakey-check-for-null-arg_name-in-parse_features.patch
 create mode 100644 queue-4.4/kvm-x86-host-feature-ssbd-doesn-t-imply-guest-featur.patch

diff --git a/queue-4.4/dm-flakey-check-for-null-arg_name-in-parse_features.patch b/queue-4.4/dm-flakey-check-for-null-arg_name-in-parse_features.patch
new file mode 100644
index 00000000000..e0032d13c26
--- /dev/null
+++ b/queue-4.4/dm-flakey-check-for-null-arg_name-in-parse_features.patch
@@ -0,0 +1,41 @@
+From f3ee2c3187f99fdeabdc4fc471dc3d242b814b03 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 3 Dec 2017 21:14:12 -0600
+Subject: dm flakey: check for null arg_name in parse_features()
+
+From: Goldwyn Rodrigues <rgoldwyn@suse.com>
+
+[ Upstream commit 7690e25302dc7d0cd42b349e746fe44b44a94f2b ]
+
+One can crash dm-flakey by specifying more feature arguments than the
+number of features supplied.  Checking for null in arg_name avoids
+this.
+
+dmsetup create flakey-test --table "0 66076080 flakey /dev/sdb9 0 0 180 2 drop_writes"
+
+Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
+Signed-off-by: Mike Snitzer <snitzer@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/md/dm-flakey.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/drivers/md/dm-flakey.c b/drivers/md/dm-flakey.c
+index 78f403b45ab3e..bf82e4ccb5847 100644
+--- a/drivers/md/dm-flakey.c
++++ b/drivers/md/dm-flakey.c
+@@ -69,6 +69,11 @@ static int parse_features(struct dm_arg_set *as, struct flakey_c *fc,
+ 		arg_name = dm_shift_arg(as);
+ 		argc--;
+ 
++		if (!arg_name) {
++			ti->error = "Insufficient feature arguments";
++			return -EINVAL;
++		}
++
+ 		/*
+ 		 * drop_writes
+ 		 */
+-- 
+2.20.1
+
diff --git a/queue-4.4/kvm-x86-host-feature-ssbd-doesn-t-imply-guest-featur.patch b/queue-4.4/kvm-x86-host-feature-ssbd-doesn-t-imply-guest-featur.patch
new file mode 100644
index 00000000000..26208592f32
--- /dev/null
+++ b/queue-4.4/kvm-x86-host-feature-ssbd-doesn-t-imply-guest-featur.patch
@@ -0,0 +1,53 @@
+From be1d2e480aecfcd25395397c044830050b972018 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 13 Dec 2019 16:15:15 -0800
+Subject: kvm: x86: Host feature SSBD doesn't imply guest feature
+ SPEC_CTRL_SSBD
+
+From: Jim Mattson <jmattson@google.com>
+
+commit 396d2e878f92ec108e4293f1c77ea3bc90b414ff upstream.
+
+The host reports support for the synthetic feature X86_FEATURE_SSBD
+when any of the three following hardware features are set:
+  CPUID.(EAX=7,ECX=0):EDX.SSBD[bit 31]
+  CPUID.80000008H:EBX.AMD_SSBD[bit 24]
+  CPUID.80000008H:EBX.VIRT_SSBD[bit 25]
+
+Either of the first two hardware features implies the existence of the
+IA32_SPEC_CTRL MSR, but CPUID.80000008H:EBX.VIRT_SSBD[bit 25] does
+not. Therefore, CPUID.(EAX=7,ECX=0):EDX.SSBD[bit 31] should only be
+set in the guest if CPUID.(EAX=7,ECX=0):EDX.SSBD[bit 31] or
+CPUID.80000008H:EBX.AMD_SSBD[bit 24] is set on the host.
+
+Fixes: 0c54914d0c52a ("KVM: x86: use Intel speculation bugs and features as derived in generic x86 code")
+Signed-off-by: Jim Mattson <jmattson@google.com>
+Reviewed-by: Jacob Xu <jacobhxu@google.com>
+Reviewed-by: Peter Shier <pshier@google.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Reported-by: Eric Biggers <ebiggers@kernel.org>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+[bwh: Backported to 4.x: adjust indentation]
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/kvm/cpuid.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
+index f876414ca8a34..13bda3fcf42bf 100644
+--- a/arch/x86/kvm/cpuid.c
++++ b/arch/x86/kvm/cpuid.c
+@@ -457,7 +457,8 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
+ 				entry->edx |= F(SPEC_CTRL);
+ 			if (boot_cpu_has(X86_FEATURE_STIBP))
+ 				entry->edx |= F(INTEL_STIBP);
+-			if (boot_cpu_has(X86_FEATURE_SSBD))
++			if (boot_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) ||
++			    boot_cpu_has(X86_FEATURE_AMD_SSBD))
+ 				entry->edx |= F(SPEC_CTRL_SSBD);
+ 			/*
+ 			 * We emulate ARCH_CAPABILITIES in software even
+-- 
+2.20.1
+
diff --git a/queue-4.4/series b/queue-4.4/series
index dfbeec81984..49c3cd7375e 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -63,3 +63,5 @@ asoc-intel-mrfld-fix-incorrect-check-on-p-sink.patch
 asoc-intel-mrfld-return-error-codes-when-an-error-occurs.patch
 alsa-usb-audio-don-t-override-ignore_ctl_error-value-from-the-map.patch
 mac80211_hwsim-use-kstrndup-in-place-of-kasprintf.patch
+dm-flakey-check-for-null-arg_name-in-parse_features.patch
+kvm-x86-host-feature-ssbd-doesn-t-imply-guest-featur.patch
-- 
2.47.3