Commit 4cbc418a authored by Paolo Bonzini's avatar Paolo Bonzini
Browse files

Merge branch 'cve-2019-3016' into kvm-next-5.6 

From Boris Ostrovsky:

The KVM hypervisor may provide a guest with ability to defer remote TLB
flush when the remote VCPU is not running. When this feature is used,
the TLB flush will happen only when the remote VPCU is scheduled to run
again. This will avoid unnecessary (and expensive) IPIs.

Under certain circumstances, when a guest initiates such deferred action,
the hypervisor may miss the request. It is also possible that the guest
may mistakenly assume that it has already marked remote VCPU as needing
a flush when in fact that request had already been processed by the
hypervisor. In both cases this will result in an invalid translation
being present in a vCPU, potentially allowing accesses to memory locations
in that guest's address space that should not be accessible.

Note that only intra-guest memory is vulnerable.

The five patches address both of these problems:
1. The first patch makes sure the hypervisor doesn't accidentally clear
a guest's remote flush request
2. The rest of the patches prevent the race between hypervisor
acknowledging a remote flush request and guest issuing a new one.

Conflicts:
	arch/x86/kvm/x86.c [move from kvm_arch_vcpu_free to kvm_arch_vcpu_destroy]
parents 1d5920c3 a6bd811f

Documentation/devicetree/bindings/spi/spi-controller.yaml

+2 −2
Original line number Diff line number Diff line
@@ -111,7 +111,7 @@ patternProperties: 
      spi-rx-bus-width:

        allOf:

          - $ref: /schemas/types.yaml#/definitions/uint32

          - enum: [ 1, 2, 4 ]

          - enum: [ 1, 2, 4, 8 ]

          - default: 1

        description:

          Bus width to the SPI bus used for MISO.
@@ -123,7 +123,7 @@ patternProperties: 
      spi-tx-bus-width:

        allOf:

          - $ref: /schemas/types.yaml#/definitions/uint32

          - enum: [ 1, 2, 4 ]

          - enum: [ 1, 2, 4, 8 ]

          - default: 1

        description:

          Bus width to the SPI bus used for MOSI.

arch/arc/include/asm/entry-arcv2.h

+4 −4
Original line number Diff line number Diff line
@@ -162,7 +162,7 @@ 
#endif



#ifdef CONFIG_ARC_HAS_ACCL_REGS

	ST2	r58, r59, PT_sp + 12

	ST2	r58, r59, PT_r58

#endif



.endm
@@ -172,8 +172,8 @@ 


	LD2	gp, fp, PT_r26		; gp (r26), fp (r27)



	ld	r12, [sp, PT_sp + 4]

	ld	r30, [sp, PT_sp + 8]

	ld	r12, [sp, PT_r12]

	ld	r30, [sp, PT_r30]



	; Restore SP (into AUX_USER_SP) only if returning to U mode

	;  - for K mode, it will be implicitly restored as stack is unwound
@@ -190,7 +190,7 @@ 
#endif



#ifdef CONFIG_ARC_HAS_ACCL_REGS

	LD2	r58, r59, PT_sp + 12

	LD2	r58, r59, PT_r58

#endif

.endm

arch/arc/include/asm/hugepage.h

+0 −1
Original line number Diff line number Diff line
@@ -8,7 +8,6 @@ 
#define _ASM_ARC_HUGEPAGE_H



#include <linux/types.h>

#define __ARCH_USE_5LEVEL_HACK

#include <asm-generic/pgtable-nopmd.h>



static inline pte_t pmd_pte(pmd_t pmd)

arch/arc/kernel/asm-offsets.c

+9 −1
Original line number Diff line number Diff line
@@ -66,7 +66,15 @@ int main(void) 


	DEFINE(SZ_CALLEE_REGS, sizeof(struct callee_regs));

	DEFINE(SZ_PT_REGS, sizeof(struct pt_regs));

	DEFINE(PT_user_r25, offsetof(struct pt_regs, user_r25));



#ifdef CONFIG_ISA_ARCV2

	OFFSET(PT_r12, pt_regs, r12);

	OFFSET(PT_r30, pt_regs, r30);

#endif

#ifdef CONFIG_ARC_HAS_ACCL_REGS

	OFFSET(PT_r58, pt_regs, r58);

	OFFSET(PT_r59, pt_regs, r59);

#endif



	return 0;

}

arch/arc/plat-eznps/Kconfig

+1 −1
Original line number Diff line number Diff line
@@ -7,7 +7,7 @@ 
menuconfig ARC_PLAT_EZNPS

	bool "\"EZchip\" ARC dev platform"

	select CPU_BIG_ENDIAN

	select CLKSRC_NPS

	select CLKSRC_NPS if !PHYS_ADDR_T_64BIT

	select EZNPS_GIC

	select EZCHIP_NPS_MANAGEMENT_ENET if ETHERNET

	help

CRA Git | Maintained and supported by SUSTech CRA and CCSE