- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] powerpc/pseries: Fix unitialized timer reset on migration" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8604895a34d92f5e186ceb931b0d1b384030ea3d Mon Sep 17 00:00:00 2001 From: Michael Bringmann <mwb(a)linux.vnet.ibm.com> Date: Thu, 20 Sep 2018 11:45:13 -0500 Subject: [PATCH] powerpc/pseries: Fix unitialized timer reset on migration After migration of a powerpc LPAR, the kernel executes code to update the system state to reflect new platform characteristics. Such changes include modifications to device tree properties provided to the system by PHYP. Property notifications received by the post_mobility_fixup() code are passed along to the kernel in general through a call to of_update_property() which in turn passes such events back to all modules through entries like the '.notifier_call' function within the NUMA module. When the NUMA module updates its state, it resets its event timer. If this occurs after a previous call to stop_topology_update() or on a system without VPHN enabled, the code runs into an unitialized timer structure and crashes. This patch adds a safety check along this path toward the problem code. An example crash log is as follows. ibmvscsi 30000081: Re-enabling adapter! ------------[ cut here ]------------ kernel BUG at kernel/time/timer.c:958! Oops: Exception in kernel mode, sig: 5 [#1] LE SMP NR_CPUS=2048 NUMA pSeries Modules linked in: nfsv3 nfs_acl nfs tcp_diag udp_diag inet_diag lockd unix_diag af_packet_diag netlink_diag grace fscache sunrpc xts vmx_crypto pseries_rng sg binfmt_misc ip_tables xfs libcrc32c sd_mod ibmvscsi ibmveth scsi_transport_srp dm_mirror dm_region_hash dm_log dm_mod CPU: 11 PID: 3067 Comm: drmgr Not tainted 4.17.0+ #179 ... NIP mod_timer+0x4c/0x400 LR reset_topology_timer+0x40/0x60 Call Trace: 0xc0000003f9407830 (unreliable) reset_topology_timer+0x40/0x60 dt_update_callback+0x100/0x120 notifier_call_chain+0x90/0x100 __blocking_notifier_call_chain+0x60/0x90 of_property_notify+0x90/0xd0 of_update_property+0x104/0x150 update_dt_property+0xdc/0x1f0 pseries_devicetree_update+0x2d0/0x510 post_mobility_fixup+0x7c/0xf0 migration_store+0xa4/0xc0 kobj_attr_store+0x30/0x60 sysfs_kf_write+0x64/0xa0 kernfs_fop_write+0x16c/0x240 __vfs_write+0x40/0x200 vfs_write+0xc8/0x240 ksys_write+0x5c/0x100 system_call+0x58/0x6c Fixes: 5d88aa85c00b ("powerpc/pseries: Update CPU maps when device tree is updated") Cc: stable(a)vger.kernel.org # v3.10+ Signed-off-by: Michael Bringmann <mwb(a)linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c index 35ac5422903a..b5a71baedbc2 100644 --- a/arch/powerpc/mm/numa.c +++ b/arch/powerpc/mm/numa.c @@ -1452,7 +1452,8 @@ static struct timer_list topology_timer; static void reset_topology_timer(void) { - mod_timer(&topology_timer, jiffies + topology_timer_secs * HZ); + if (vphn_enabled) + mod_timer(&topology_timer, jiffies + topology_timer_secs * HZ); } #ifdef CONFIG_SMP

7 years

1
0
0 0

FAILED: patch "[PATCH] powerpc: Avoid code patching freed init sections" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 51c3c62b58b357e8d35e4cc32f7b4ec907426fe3 Mon Sep 17 00:00:00 2001 From: Michael Neuling <mikey(a)neuling.org> Date: Fri, 14 Sep 2018 11:14:11 +1000 Subject: [PATCH] powerpc: Avoid code patching freed init sections This stops us from doing code patching in init sections after they've been freed. In this chain: kvm_guest_init() -> kvm_use_magic_page() -> fault_in_pages_readable() -> __get_user() -> __get_user_nocheck() -> barrier_nospec(); We have a code patching location at barrier_nospec() and kvm_guest_init() is an init function. This whole chain gets inlined, so when we free the init section (hence kvm_guest_init()), this code goes away and hence should no longer be patched. We seen this as userspace memory corruption when using a memory checker while doing partition migration testing on powervm (this starts the code patching post migration via /sys/kernel/mobility/migration). In theory, it could also happen when using /sys/kernel/debug/powerpc/barrier_nospec. Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Michael Neuling <mikey(a)neuling.org> Reviewed-by: Nicholas Piggin <npiggin(a)gmail.com> Reviewed-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h index 1a951b00465d..1fffbba8d6a5 100644 --- a/arch/powerpc/include/asm/setup.h +++ b/arch/powerpc/include/asm/setup.h @@ -9,6 +9,7 @@ extern void ppc_printk_progress(char *s, unsigned short hex); extern unsigned int rtas_data; extern unsigned long long memory_limit; +extern bool init_mem_is_free; extern unsigned long klimit; extern void *zalloc_maybe_bootmem(size_t size, gfp_t mask); diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 850f3b8f4da5..6ae2777c220d 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,6 +28,12 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(exec_addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); + return 0; + } + __put_user_size(instr, patch_addr, 4, err); if (err) return err; diff --git a/arch/powerpc/mm/mem.c b/arch/powerpc/mm/mem.c index 5c8530d0c611..04ccb274a620 100644 --- a/arch/powerpc/mm/mem.c +++ b/arch/powerpc/mm/mem.c @@ -63,6 +63,7 @@ #endif unsigned long long memory_limit; +bool init_mem_is_free; #ifdef CONFIG_HIGHMEM pte_t *kmap_pte; @@ -396,6 +397,7 @@ void free_initmem(void) { ppc_md.progress = ppc_printk_progress; mark_initmem_nx(); + init_mem_is_free = true; free_initmem_default(POISON_FREE_INITMEM); }

7 years

1
0
0 0

[GIT PULL] commits for Linux 4.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 2f411a0873a9daa20ae16cf5879d11bbea267582: Linux 4.18.11 (2018-09-29 02:56:03 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.18-01102018 for you to fetch changes up to f117a21eb2c294b9c1858bfdcc3323cf1d8256f7: x86/pti: Fix section mismatch warning/error (2018-09-29 13:00:48 -0400) - ---------------------------------------------------------------- for-greg-4.18-01102018 - ---------------------------------------------------------------- Akshu Agrawal (1): clk: x86: Set default parent to 48Mhz Anirudh Venkataramanan (3): ice: Fix multiple static analyser warnings ice: Fix bugs in control queue processing ice: Fix a few null pointer dereference issues Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Brett Creeley (1): ice: Set VLAN flags correctly Christian KÃ¶nig (2): drm/amdgpu: fix VM clearing for the root PD drm/amdgpu: fix preamble handling Dan Carpenter (1): hwmon: (adt7475) Make adt7475_read_word() return errors Daniel Borkmann (2): bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys bpf, sockmap: fix sock hash count in alloc_sock_hash_elem Emily Deng (2): amdgpu: fix multi-process hang issue drm/amdgpu: Need to set moved to true when evict bo Eric Sandeen (1): isofs: reject hardware sector size > 2048 bytes Ganesh Goudar (1): crypto: chtls - fix null dereference chtls_free_uld() Huazhong Tan (3): net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES net: hns: fix skb->truesize underestimation net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES Jacob Keller (3): ice: Report stats for allocated queues via ethtool stats ice: Use order_base_2 to calculate higher power of 2 i40e: fix condition of WARN_ONCE for stat strings James Smart (1): nvme-fcloop: Fix dropped LS's to removed target port Jesse Brandeburg (1): ice: Fix potential return of uninitialized value John Fastabend (2): tls: possible hang when do_tcp_sendpages hits sndbuf is full case bpf: sockmap: write_space events need to be passed to TCP handler Kevin Yang (2): tcp_bbr: add bbr_check_probe_rtt_done() helper tcp_bbr: in restart from idle, see if we should exit PROBE_RTT Leonard Crestez (1): Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" Linus Walleij (1): ata: ftide010: Add a quirk for SQ201 Lothar Felten (1): hwmon: (ina2xx) fix sysfs shunt resistor read access Ludovic Desroches (2): mmc: atmel-mci: fix bad logic of sg_copy_{from,to}_buffer conversion mmc: android-goldfish: fix bad logic of sg_copy_{from,to}_buffer conversion Marc Zyngier (2): arm/arm64: smccc-1.1: Make return values unsigned long arm/arm64: smccc-1.1: Handle function result as parameters Martyna Szapar (1): i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled Mika Westerberg (1): i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Pavel Machek (1): ARM: dts: omap4-droid4: fix vibrations on Droid 4 Preethi Banala (1): ice: Clean control queues only when they are initialized Quentin Monnet (1): tools: bpftool: return from do_event_pipe() on bad arguments Randy Dunlap (1): x86/pti: Fix section mismatch warning/error Rex Zhu (2): drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode drm/amdgpu: Update power state at the end of smu hw_init. Samuel Mendoza-Jonas (1): net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler Sebastian Basierski (1): ixgbe: fix driver behaviour after issuing VFLR Srikanth Jampala (1): crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions. Tomer Tayar (4): qed: Wait for ready indication before rereading the shmem qed: Wait for MCP halt and resume commands to take place qed: Prevent a possible deadlock during driver load and unload qed: Avoid sending mailbox commands when MFW is not responsive Tony Lindgren (5): ARM: OMAP2+: Fix null hwmod for ti-sysc debug ARM: OMAP2+: Fix module address for modules using mpu_rt_idx bus: ti-sysc: Fix module register ioremap for larger offsets bus: ti-sysc: Fix no_console_suspend handling ARM: dts: omap4-droid4: Fix emmc errors seen on some devices Documentation/hwmon/ina2xx | 2 +- arch/arm/boot/dts/imx7d.dtsi | 12 +- arch/arm/boot/dts/omap4-droid4-xt894.dts | 20 +-- arch/arm/mach-omap2/omap_hwmod.c | 39 ++++- arch/x86/mm/pti.c | 2 +- drivers/ata/pata_ftide010.c | 27 ++-- drivers/bus/ti-sysc.c | 37 +++-- drivers/clk/x86/clk-st.c | 2 +- drivers/crypto/cavium/nitrox/nitrox_dev.h | 3 +- drivers/crypto/cavium/nitrox/nitrox_lib.c | 1 + drivers/crypto/cavium/nitrox/nitrox_reqmgr.c | 57 ++++--- drivers/crypto/chelsio/chtls/chtls.h | 5 + drivers/crypto/chelsio/chtls/chtls_main.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 +- drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 +- drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 +- drivers/hwmon/adt7475.c | 14 +- drivers/hwmon/ina2xx.c | 13 +- drivers/i2c/busses/i2c-i801.c | 9 +- drivers/mmc/host/android-goldfish.c | 4 +- drivers/mmc/host/atmel-mci.c | 12 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 6 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 6 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 15 +- drivers/net/ethernet/intel/ice/ice.h | 7 + drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 25 +-- drivers/net/ethernet/intel/ice/ice_common.c | 27 ++-- drivers/net/ethernet/intel/ice/ice_controlq.c | 29 ++-- drivers/net/ethernet/intel/ice/ice_ethtool.c | 52 +++++-- drivers/net/ethernet/intel/ice/ice_main.c | 98 +++++++----- drivers/net/ethernet/intel/ice/ice_switch.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 26 ++++ drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 1 + drivers/net/ethernet/qlogic/qed/qed_mcp.c | 187 +++++++++++++++++++---- drivers/net/ethernet/qlogic/qed/qed_mcp.h | 27 ++-- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 2 + drivers/nvme/target/fcloop.c | 3 +- drivers/thermal/of-thermal.c | 7 +- fs/isofs/inode.c | 7 + include/linux/arm-smccc.h | 38 +++-- include/linux/platform_data/ina2xx.h | 2 +- kernel/bpf/sockmap.c | 11 +- net/ipv4/tcp_bbr.c | 38 +++-- net/ncsi/ncsi-netlink.c | 4 +- net/tls/tls_main.c | 9 +- tools/bpf/bpftool/map_perf_ring.c | 5 +- 52 files changed, 662 insertions(+), 291 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluywpsACgkQ3qZv95d3 LNx9WBAAvcn2Gvpjl2YxDGayv1KJBfdF1pT4HGnuqc8IvasHy8gC2xlQOArwtuHw OUE6h2Qk7ysGUpSGa4nfCVGfWRBxLMThW7028Uyd8SxUschbHH0YNuxi9uRZiGot C8Ukc2q5MNs8R59aWX9lBIhW+dJUtLrwdKnqDeRujP5k3ufOOo6S/IobQCnoP3Cj DHZClDCjtpaGgvpuYInlAOysEjUst6dV5NKb8th8dUTNoj+aQ9SUevbepIZfeoxx Qt79dyx97S3LW7ULCFt5PlUwtcYZ1l/nXvj3RMnu3t644iT/SWO8M/mljwgPznu5 EwSiaHnu3vylI93/t9t3W77UcS54KeyjtIQ4hctaoN8vVK98uIA0cjFBfj/ZkOeZ 2nmAoKxsLImB5dApVqdUiURXtqHKn06Ql4AtgJ4Y+5nyjDz7bCS1jBcIcS77zjNT 0Ac6dhfHoWQTQR4JaEVCft3tOxA3962sN7gIAJgGOFBYB4nUpjtfo2tCqTH+ybYj zIhLbI09p5xWUEVs3LDvNIlATf55b6K5Bgt2dakV+RycJNl5XvqXiTvh/Yfa40U/ 7XzE+pH6/QULkwRX68XbRpKnnIen3lxJ7dAT9jmd+U2xSOcL38vWmQb3oFY38SbM /JJZywrt0+oxIEJ4TlDXynA1MoaPA30z3IR4ZAFzQYlSCTjv3Is= =XHyP -----END PGP SIGNATURE-----

7 years

2
1
0 0

Re: Patch "audit: Fix extended comparison of GID/EGID" has been added to the 4.18-stable tree

by Ondrej Mosnacek

Hi, On Sat, Sep 29, 2018 at 2:10 PM <gregkh(a)linuxfoundation.org> wrote: > This is a note to let you know that I've just added the patch titled > > audit: Fix extended comparison of GID/EGID > > to the 4.18-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > audit-fix-extended-comparison-of-gid-egid.patch > and it can be found in the queue-4.18 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. IIRC Paul didn't want this patch to go to stable (he asked me to remove the Cc: stable@... line), since the bug has been there for a long time and any user affected by it either doesn't care or might actually (maybe unknowingly) rely on it. I still kept the Fixes: line so it is clear which commit introduced the bug. Paul, any comments? In any case, if you decide to push this patch into stable (note that it is queued also for 4.14, 4.9, 4.4, and 3.18), then make sure to include also commit 4b09791ba059 ("cred: conditionally declare groups-related functions") to avoid build errors with CONFIG_MULTIUSER=n and CONFIG_AUDIT_SYSCALL=y. It is a non-functional commit for the rest of the kernel. > > > From foo@baz Sat Sep 29 04:24:28 PDT 2018 > From: "Ondrej Mosnáček" <omosnace(a)redhat.com> > Date: Tue, 5 Jun 2018 11:00:10 +0200 > Subject: audit: Fix extended comparison of GID/EGID > > From: "Ondrej Mosnáček" <omosnace(a)redhat.com> > > [ Upstream commit af85d1772e31fed34165a1b3decef340cf4080c0 ] > > The audit_filter_rules() function in auditsc.c used the in_[e]group_p() > functions to check GID/EGID match, but these functions use the current > task's credentials, while the comparison should use the credentials of > the task given to audit_filter_rules() as a parameter (tsk). > > Note that we can use group_search(cred->group_info, ...) as a > replacement for both in_group_p and in_egroup_p as these functions only > compare the parameter to cred->fsgid/egid and then call group_search. > > In fact, the usage of in_group_p was even more incorrect: it compares to > cred->fsgid (which is usually equal to cred->egid) and not cred->gid. > > GitHub issue: > https://github.com/linux-audit/audit-kernel/issues/82 > > Fixes: 37eebe39c973 ("audit: improve GID/EGID comparation logic") > Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> > Signed-off-by: Paul Moore <paul(a)paul-moore.com> > Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > kernel/auditsc.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -494,20 +494,20 @@ static int audit_filter_rules(struct tas > result = audit_gid_comparator(cred->gid, f->op, f->gid); > if (f->op == Audit_equal) { > if (!result) > - result = in_group_p(f->gid); > + result = groups_search(cred->group_info, f->gid); > } else if (f->op == Audit_not_equal) { > if (result) > - result = !in_group_p(f->gid); > + result = !groups_search(cred->group_info, f->gid); > } > break; > case AUDIT_EGID: > result = audit_gid_comparator(cred->egid, f->op, f->gid); > if (f->op == Audit_equal) { > if (!result) > - result = in_egroup_p(f->gid); > + result = groups_search(cred->group_info, f->gid); > } else if (f->op == Audit_not_equal) { > if (result) > - result = !in_egroup_p(f->gid); > + result = !groups_search(cred->group_info, f->gid); > } > break; > case AUDIT_SGID: > > > Patches currently in stable-queue which might be from omosnace(a)redhat.com are > > queue-4.18/audit-fix-extended-comparison-of-gid-egid.patch Thanks, -- Ondrej Mosnacek <omosnace at redhat dot com> Associate Software Engineer, Security Technologies Red Hat, Inc.

7 years

3
2
0 0

Please apply "ext4: verify the depth of extent tree in ext4_find_extent()" to 3.18.y

by Greg Hackmann

bc890a602471 ("ext4: verify the depth of extent tree in ext4_find_extent()") fixes a potential buffer overrun when mounting corrupted ext4 filesystems. It was taken into 4.4.y and later but not 3.18.y, probably because it doesn't build as-is against 3.18. Ben Hutchings has a backport in the latest 3.16.y release (09999807edd8) which would work for 3.18.y too.

7 years

2
1
0 0

[PATCH v4.9.y] ext4: never move the system.data xattr out of the inode body

by Guenter Roeck

From: Theodore Ts'o <tytso(a)mit.edu> commit 8cdb5240ec5928b20490a2bb34cb87e9a5f40226 upstream. When expanding the extra isize space, we must never move the system.data xattr out of the inode body. For performance reasons, it doesn't make any sense, and the inline data implementation assumes that system.data xattr is never in the external xattr block. This addresses CVE-2018-10880 https://bugzilla.kernel.org/show_bug.cgi?id=200005 Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)kernel.org [groeck: Context changes] Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> --- I thought the 4.4.y backport should apply, but I think it doesn't after all. This backport applies to v4.9.y. fs/ext4/xattr.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index fdcbe0f2814f..c19c96840480 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -1426,6 +1426,11 @@ static int ext4_xattr_make_inode_space(handle_t *handle, struct inode *inode, last = IFIRST(header); /* Find the entry best suited to be pushed into EA block */ for (; !IS_LAST_ENTRY(last); last = EXT4_XATTR_NEXT(last)) { + /* never move system.data out of the inode */ + if ((last->e_name_len == 4) && + (last->e_name_index == EXT4_XATTR_INDEX_SYSTEM) && + !memcmp(last->e_name, "data", 4)) + continue; total_size = EXT4_XATTR_SIZE(le32_to_cpu(last->e_value_size)) + EXT4_XATTR_LEN(last->e_name_len); -- 2.7.4

7 years

3
2
0 0

FAILED: patch "[PATCH] arm64: KVM: Sanitize PSTATE.M when being set from userspace" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2a3f93459d689d990b3ecfbe782fec89b97d3279 Mon Sep 17 00:00:00 2001 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Thu, 27 Sep 2018 16:53:22 +0100 Subject: [PATCH] arm64: KVM: Sanitize PSTATE.M when being set from userspace Not all execution modes are valid for a guest, and some of them depend on what the HW actually supports. Let's verify that what userspace provides is compatible with both the VM settings and the HW capabilities. Cc: <stable(a)vger.kernel.org> Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu") Reviewed-by: Christoffer Dall <christoffer.dall(a)arm.com> Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Dave Martin <Dave.Martin(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index 3088463bafc1..a6c9fbaeaefc 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -152,17 +152,25 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) } if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) { - u32 mode = (*(u32 *)valp) & PSR_AA32_MODE_MASK; + u64 mode = (*(u64 *)valp) & PSR_AA32_MODE_MASK; switch (mode) { case PSR_AA32_MODE_USR: + if (!system_supports_32bit_el0()) + return -EINVAL; + break; case PSR_AA32_MODE_FIQ: case PSR_AA32_MODE_IRQ: case PSR_AA32_MODE_SVC: case PSR_AA32_MODE_ABT: case PSR_AA32_MODE_UND: + if (!vcpu_el1_is_32bit(vcpu)) + return -EINVAL; + break; case PSR_MODE_EL0t: case PSR_MODE_EL1t: case PSR_MODE_EL1h: + if (vcpu_el1_is_32bit(vcpu)) + return -EINVAL; break; default: err = -EINVAL;

7 years

1
0
0 0

FAILED: patch "[PATCH] arm64: KVM: Sanitize PSTATE.M when being set from userspace" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2a3f93459d689d990b3ecfbe782fec89b97d3279 Mon Sep 17 00:00:00 2001 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Thu, 27 Sep 2018 16:53:22 +0100 Subject: [PATCH] arm64: KVM: Sanitize PSTATE.M when being set from userspace Not all execution modes are valid for a guest, and some of them depend on what the HW actually supports. Let's verify that what userspace provides is compatible with both the VM settings and the HW capabilities. Cc: <stable(a)vger.kernel.org> Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu") Reviewed-by: Christoffer Dall <christoffer.dall(a)arm.com> Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Dave Martin <Dave.Martin(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index 3088463bafc1..a6c9fbaeaefc 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -152,17 +152,25 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) } if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) { - u32 mode = (*(u32 *)valp) & PSR_AA32_MODE_MASK; + u64 mode = (*(u64 *)valp) & PSR_AA32_MODE_MASK; switch (mode) { case PSR_AA32_MODE_USR: + if (!system_supports_32bit_el0()) + return -EINVAL; + break; case PSR_AA32_MODE_FIQ: case PSR_AA32_MODE_IRQ: case PSR_AA32_MODE_SVC: case PSR_AA32_MODE_ABT: case PSR_AA32_MODE_UND: + if (!vcpu_el1_is_32bit(vcpu)) + return -EINVAL; + break; case PSR_MODE_EL0t: case PSR_MODE_EL1t: case PSR_MODE_EL1h: + if (vcpu_el1_is_32bit(vcpu)) + return -EINVAL; break; default: err = -EINVAL;

7 years

1
0
0 0

FAILED: patch "[PATCH] arm64: KVM: Sanitize PSTATE.M when being set from userspace" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2a3f93459d689d990b3ecfbe782fec89b97d3279 Mon Sep 17 00:00:00 2001 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Thu, 27 Sep 2018 16:53:22 +0100 Subject: [PATCH] arm64: KVM: Sanitize PSTATE.M when being set from userspace Not all execution modes are valid for a guest, and some of them depend on what the HW actually supports. Let's verify that what userspace provides is compatible with both the VM settings and the HW capabilities. Cc: <stable(a)vger.kernel.org> Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu") Reviewed-by: Christoffer Dall <christoffer.dall(a)arm.com> Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Dave Martin <Dave.Martin(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index 3088463bafc1..a6c9fbaeaefc 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -152,17 +152,25 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) } if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) { - u32 mode = (*(u32 *)valp) & PSR_AA32_MODE_MASK; + u64 mode = (*(u64 *)valp) & PSR_AA32_MODE_MASK; switch (mode) { case PSR_AA32_MODE_USR: + if (!system_supports_32bit_el0()) + return -EINVAL; + break; case PSR_AA32_MODE_FIQ: case PSR_AA32_MODE_IRQ: case PSR_AA32_MODE_SVC: case PSR_AA32_MODE_ABT: case PSR_AA32_MODE_UND: + if (!vcpu_el1_is_32bit(vcpu)) + return -EINVAL; + break; case PSR_MODE_EL0t: case PSR_MODE_EL1t: case PSR_MODE_EL1h: + if (vcpu_el1_is_32bit(vcpu)) + return -EINVAL; break; default: err = -EINVAL;

7 years

1
0
0 0

FAILED: patch "[PATCH] arm64: KVM: Sanitize PSTATE.M when being set from userspace" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2a3f93459d689d990b3ecfbe782fec89b97d3279 Mon Sep 17 00:00:00 2001 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Thu, 27 Sep 2018 16:53:22 +0100 Subject: [PATCH] arm64: KVM: Sanitize PSTATE.M when being set from userspace Not all execution modes are valid for a guest, and some of them depend on what the HW actually supports. Let's verify that what userspace provides is compatible with both the VM settings and the HW capabilities. Cc: <stable(a)vger.kernel.org> Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu") Reviewed-by: Christoffer Dall <christoffer.dall(a)arm.com> Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Dave Martin <Dave.Martin(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index 3088463bafc1..a6c9fbaeaefc 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -152,17 +152,25 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) } if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) { - u32 mode = (*(u32 *)valp) & PSR_AA32_MODE_MASK; + u64 mode = (*(u64 *)valp) & PSR_AA32_MODE_MASK; switch (mode) { case PSR_AA32_MODE_USR: + if (!system_supports_32bit_el0()) + return -EINVAL; + break; case PSR_AA32_MODE_FIQ: case PSR_AA32_MODE_IRQ: case PSR_AA32_MODE_SVC: case PSR_AA32_MODE_ABT: case PSR_AA32_MODE_UND: + if (!vcpu_el1_is_32bit(vcpu)) + return -EINVAL; + break; case PSR_MODE_EL0t: case PSR_MODE_EL1t: case PSR_MODE_EL1h: + if (vcpu_el1_is_32bit(vcpu)) + return -EINVAL; break; default: err = -EINVAL;

7 years

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror