From 576d33f2b5b02da8c14410bd497c95011ce6f37f Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sun, 14 Jun 2020 11:19:32 +0200 Subject: [PATCH] Drop pre-requisites and patches for CVE-2019-3016 --- debian/changelog | 10 - ...VM-Introduce-a-new-guest-mapping-API.patch | 161 ---------- ...ck-if-page-is-valid-in-kvm_vcpu_unma.patch | 36 --- .../kvm-fix-compilation-on-aarch64.patch | 54 ---- .../s390x/kvm-fix-compilation-on-s390.patch | 35 --- .../kvm-fix-compile-on-s390-part-2.patch | 38 --- ...sync-GUEST_BNDCFGS-when-it-comes-fro.patch | 58 ---- ...Clean-up-host-s-steal-time-structure.patch | 86 ----- ...e-KVM_VCPU_FLUSH_TLB-flag-is-not-mis.patch | 130 -------- ...x86-kvm-Cache-gfn-to-pfn-translation.patch | 296 ------------------ .../x86-kvm-Introduce-kvm_-un-map_gfn.patch | 114 ------- debian/patches/series | 11 - 12 files changed, 1029 deletions(-) delete mode 100644 debian/patches/bugfix/all/KVM-Introduce-a-new-guest-mapping-API.patch delete mode 100644 debian/patches/bugfix/all/KVM-Properly-check-if-page-is-valid-in-kvm_vcpu_unma.patch delete mode 100644 debian/patches/bugfix/arm64/kvm-fix-compilation-on-aarch64.patch delete mode 100644 debian/patches/bugfix/s390x/kvm-fix-compilation-on-s390.patch delete mode 100644 debian/patches/bugfix/s390x/kvm-fix-compile-on-s390-part-2.patch delete mode 100644 debian/patches/bugfix/x86/KVM-nVMX-Always-sync-GUEST_BNDCFGS-when-it-comes-fro.patch delete mode 100644 debian/patches/bugfix/x86/x86-KVM-Clean-up-host-s-steal-time-structure.patch delete mode 100644 debian/patches/bugfix/x86/x86-KVM-Make-sure-KVM_VCPU_FLUSH_TLB-flag-is-not-mis.patch delete mode 100644 debian/patches/bugfix/x86/x86-kvm-Cache-gfn-to-pfn-translation.patch delete mode 100644 debian/patches/bugfix/x86/x86-kvm-Introduce-kvm_-un-map_gfn.patch diff --git a/debian/changelog b/debian/changelog index b95a6a39b..b7b74a21e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -39,16 +39,6 @@ linux (4.19.119-1) UNRELEASED; urgency=medium - scsi: smartpqi: fix call trace in device discovery - PCI/ASPM: Allow re-enabling Clock PM - KVM: VMX: Zero out *all* general purpose registers after VM-Exit - - KVM: nVMX: Always sync GUEST_BNDCFGS when it comes from vmcs01 - - KVM: Introduce a new guest mapping API - - kvm: fix compilation on aarch64 - - kvm: fix compilation on s390 - - kvm: fix compile on s390 part 2 - - KVM: Properly check if "page" is valid in kvm_vcpu_unmap - - x86/kvm: Introduce kvm_(un)map_gfn() - - x86/kvm: Cache gfn to pfn translation - - x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed - - x86/KVM: Clean up host's steal time structure - cxgb4: fix adapter crash due to wrong MC size - cxgb4: fix large delays in PTP synchronization - ipv6: fix restrict IPV6_ADDRFORM operation diff --git a/debian/patches/bugfix/all/KVM-Introduce-a-new-guest-mapping-API.patch b/debian/patches/bugfix/all/KVM-Introduce-a-new-guest-mapping-API.patch deleted file mode 100644 index 378b02428..000000000 --- a/debian/patches/bugfix/all/KVM-Introduce-a-new-guest-mapping-API.patch +++ /dev/null @@ -1,161 +0,0 @@ -From: KarimAllah Ahmed -Date: Thu, 31 Jan 2019 21:24:34 +0100 -Subject: [03/11] KVM: Introduce a new guest mapping API -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=0125ed16a990014e27001f72fe75ad567da45f87 - -commit e45adf665a53df0db37f784ed87c6b57ddd81885 upstream. - -In KVM, specially for nested guests, there is a dominant pattern of: - - => map guest memory -> do_something -> unmap guest memory - -In addition to all this unnecessarily noise in the code due to boiler plate -code, most of the time the mapping function does not properly handle memory -that is not backed by "struct page". This new guest mapping API encapsulate -most of this boiler plate code and also handles guest memory that is not -backed by "struct page". - -The current implementation of this API is using memremap for memory that is -not backed by a "struct page" which would lead to a huge slow-down if it -was used for high-frequency mapping operations. The API does not have any -effect on current setups where guest memory is backed by a "struct page". -Further patches are going to also introduce a pfn-cache which would -significantly improve the performance of the memremap case. - -Signed-off-by: KarimAllah Ahmed -Reviewed-by: Konrad Rzeszutek Wilk -Signed-off-by: Paolo Bonzini -[bwh: Backported to 4.19 as dependency of commit 1eff70a9abd4 - "x86/kvm: Introduce kvm_(un)map_gfn()"] -Signed-off-by: Ben Hutchings -Signed-off-by: Sasha Levin ---- - include/linux/kvm_host.h | 28 ++++++++++++++++++ - virt/kvm/kvm_main.c | 64 ++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 92 insertions(+) - -diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index 0f99ecc01bc7..bef95dba14e8 100644 ---- a/include/linux/kvm_host.h -+++ b/include/linux/kvm_host.h -@@ -206,6 +206,32 @@ enum { - READING_SHADOW_PAGE_TABLES, - }; - -+#define KVM_UNMAPPED_PAGE ((void *) 0x500 + POISON_POINTER_DELTA) -+ -+struct kvm_host_map { -+ /* -+ * Only valid if the 'pfn' is managed by the host kernel (i.e. There is -+ * a 'struct page' for it. When using mem= kernel parameter some memory -+ * can be used as guest memory but they are not managed by host -+ * kernel). -+ * If 'pfn' is not managed by the host kernel, this field is -+ * initialized to KVM_UNMAPPED_PAGE. -+ */ -+ struct page *page; -+ void *hva; -+ kvm_pfn_t pfn; -+ kvm_pfn_t gfn; -+}; -+ -+/* -+ * Used to check if the mapping is valid or not. Never use 'kvm_host_map' -+ * directly to check for that. -+ */ -+static inline bool kvm_vcpu_mapped(struct kvm_host_map *map) -+{ -+ return !!map->hva; -+} -+ - /* - * Sometimes a large or cross-page mmio needs to be broken up into separate - * exits for userspace servicing. -@@ -711,7 +737,9 @@ struct kvm_memslots *kvm_vcpu_memslots(struct kvm_vcpu *vcpu); - struct kvm_memory_slot *kvm_vcpu_gfn_to_memslot(struct kvm_vcpu *vcpu, gfn_t gfn); - kvm_pfn_t kvm_vcpu_gfn_to_pfn_atomic(struct kvm_vcpu *vcpu, gfn_t gfn); - kvm_pfn_t kvm_vcpu_gfn_to_pfn(struct kvm_vcpu *vcpu, gfn_t gfn); -+int kvm_vcpu_map(struct kvm_vcpu *vcpu, gpa_t gpa, struct kvm_host_map *map); - struct page *kvm_vcpu_gfn_to_page(struct kvm_vcpu *vcpu, gfn_t gfn); -+void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, bool dirty); - unsigned long kvm_vcpu_gfn_to_hva(struct kvm_vcpu *vcpu, gfn_t gfn); - unsigned long kvm_vcpu_gfn_to_hva_prot(struct kvm_vcpu *vcpu, gfn_t gfn, bool *writable); - int kvm_vcpu_read_guest_page(struct kvm_vcpu *vcpu, gfn_t gfn, void *data, int offset, -diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 4e499b78569b..ec1479abb29d 100644 ---- a/virt/kvm/kvm_main.c -+++ b/virt/kvm/kvm_main.c -@@ -1705,6 +1705,70 @@ struct page *gfn_to_page(struct kvm *kvm, gfn_t gfn) - } - EXPORT_SYMBOL_GPL(gfn_to_page); - -+static int __kvm_map_gfn(struct kvm_memory_slot *slot, gfn_t gfn, -+ struct kvm_host_map *map) -+{ -+ kvm_pfn_t pfn; -+ void *hva = NULL; -+ struct page *page = KVM_UNMAPPED_PAGE; -+ -+ if (!map) -+ return -EINVAL; -+ -+ pfn = gfn_to_pfn_memslot(slot, gfn); -+ if (is_error_noslot_pfn(pfn)) -+ return -EINVAL; -+ -+ if (pfn_valid(pfn)) { -+ page = pfn_to_page(pfn); -+ hva = kmap(page); -+ } else { -+ hva = memremap(pfn_to_hpa(pfn), PAGE_SIZE, MEMREMAP_WB); -+ } -+ -+ if (!hva) -+ return -EFAULT; -+ -+ map->page = page; -+ map->hva = hva; -+ map->pfn = pfn; -+ map->gfn = gfn; -+ -+ return 0; -+} -+ -+int kvm_vcpu_map(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map) -+{ -+ return __kvm_map_gfn(kvm_vcpu_gfn_to_memslot(vcpu, gfn), gfn, map); -+} -+EXPORT_SYMBOL_GPL(kvm_vcpu_map); -+ -+void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, -+ bool dirty) -+{ -+ if (!map) -+ return; -+ -+ if (!map->hva) -+ return; -+ -+ if (map->page) -+ kunmap(map->page); -+ else -+ memunmap(map->hva); -+ -+ if (dirty) { -+ kvm_vcpu_mark_page_dirty(vcpu, map->gfn); -+ kvm_release_pfn_dirty(map->pfn); -+ } else { -+ kvm_release_pfn_clean(map->pfn); -+ } -+ -+ map->hva = NULL; -+ map->page = NULL; -+} -+EXPORT_SYMBOL_GPL(kvm_vcpu_unmap); -+ - struct page *kvm_vcpu_gfn_to_page(struct kvm_vcpu *vcpu, gfn_t gfn) - { - kvm_pfn_t pfn; --- -2.27.0.rc0 - diff --git a/debian/patches/bugfix/all/KVM-Properly-check-if-page-is-valid-in-kvm_vcpu_unma.patch b/debian/patches/bugfix/all/KVM-Properly-check-if-page-is-valid-in-kvm_vcpu_unma.patch deleted file mode 100644 index 20d6bb262..000000000 --- a/debian/patches/bugfix/all/KVM-Properly-check-if-page-is-valid-in-kvm_vcpu_unma.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: KarimAllah Ahmed -Date: Wed, 10 Jul 2019 11:13:13 +0200 -Subject: [07/11] KVM: Properly check if "page" is valid in kvm_vcpu_unmap -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=ec81ed2fba221b8bb92b8010e82d92e1de3b39fa - -commit b614c6027896ff9ad6757122e84760d938cab15e upstream. - -The field "page" is initialized to KVM_UNMAPPED_PAGE when it is not used -(i.e. when the memory lives outside kernel control). So this check will -always end up using kunmap even for memremap regions. - -Fixes: e45adf665a53 ("KVM: Introduce a new guest mapping API") -Signed-off-by: KarimAllah Ahmed -Signed-off-by: Paolo Bonzini -Signed-off-by: Ben Hutchings -Signed-off-by: Sasha Levin ---- - virt/kvm/kvm_main.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 5b949aa273de..33b288469c70 100644 ---- a/virt/kvm/kvm_main.c -+++ b/virt/kvm/kvm_main.c -@@ -1754,7 +1754,7 @@ void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, - if (!map->hva) - return; - -- if (map->page) -+ if (map->page != KVM_UNMAPPED_PAGE) - kunmap(map->page); - #ifdef CONFIG_HAS_IOMEM - else --- -2.27.0.rc0 - diff --git a/debian/patches/bugfix/arm64/kvm-fix-compilation-on-aarch64.patch b/debian/patches/bugfix/arm64/kvm-fix-compilation-on-aarch64.patch deleted file mode 100644 index a24c0086d..000000000 --- a/debian/patches/bugfix/arm64/kvm-fix-compilation-on-aarch64.patch +++ /dev/null @@ -1,54 +0,0 @@ -From: Paolo Bonzini -Date: Fri, 17 May 2019 14:08:53 +0200 -Subject: [04/11] kvm: fix compilation on aarch64 -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=94659e93c93c23dfaada78aaad45183867698f74 - -commit c011d23ba046826ccf8c4a4a6c1d01c9ccaa1403 upstream. - -Commit e45adf665a53 ("KVM: Introduce a new guest mapping API", 2019-01-31) -introduced a build failure on aarch64 defconfig: - -$ make -j$(nproc) ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- O=out defconfig \ - Image.gz -... -../arch/arm64/kvm/../../../virt/kvm/kvm_main.c: - In function '__kvm_map_gfn': -../arch/arm64/kvm/../../../virt/kvm/kvm_main.c:1763:9: error: - implicit declaration of function 'memremap'; did you mean 'memset_p'? -../arch/arm64/kvm/../../../virt/kvm/kvm_main.c:1763:46: error: - 'MEMREMAP_WB' undeclared (first use in this function) -../arch/arm64/kvm/../../../virt/kvm/kvm_main.c: - In function 'kvm_vcpu_unmap': -../arch/arm64/kvm/../../../virt/kvm/kvm_main.c:1795:3: error: - implicit declaration of function 'memunmap'; did you mean 'vm_munmap'? - -because these functions are declared in rather than , -and the former was being pulled in already on x86 but not on aarch64. - -Reported-by: Nathan Chancellor -Signed-off-by: Paolo Bonzini -[bwh: Backported to 4.19: adjust context] -Signed-off-by: Ben Hutchings -Signed-off-by: Sasha Levin ---- - virt/kvm/kvm_main.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index ec1479abb29d..4a5ea263edf6 100644 ---- a/virt/kvm/kvm_main.c -+++ b/virt/kvm/kvm_main.c -@@ -52,9 +52,9 @@ - #include - #include - #include -+#include - - #include --#include - #include - #include - #include --- -2.27.0.rc0 - diff --git a/debian/patches/bugfix/s390x/kvm-fix-compilation-on-s390.patch b/debian/patches/bugfix/s390x/kvm-fix-compilation-on-s390.patch deleted file mode 100644 index daf06e518..000000000 --- a/debian/patches/bugfix/s390x/kvm-fix-compilation-on-s390.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Paolo Bonzini -Date: Mon, 20 May 2019 12:06:36 +0200 -Subject: [05/11] kvm: fix compilation on s390 -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=bef6507903d91be2d1a06c11d980a722b176bc09 - -commit d30b214d1d0addb7b2c9c78178d1501cd39a01fb upstream. - -s390 does not have memremap, even though in this particular case it -would be useful. - -Signed-off-by: Paolo Bonzini -Signed-off-by: Ben Hutchings -Signed-off-by: Sasha Levin ---- - virt/kvm/kvm_main.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 4a5ea263edf6..f99b99b77a48 100644 ---- a/virt/kvm/kvm_main.c -+++ b/virt/kvm/kvm_main.c -@@ -1722,8 +1722,10 @@ static int __kvm_map_gfn(struct kvm_memory_slot *slot, gfn_t gfn, - if (pfn_valid(pfn)) { - page = pfn_to_page(pfn); - hva = kmap(page); -+#ifdef CONFIG_HAS_IOMEM - } else { - hva = memremap(pfn_to_hpa(pfn), PAGE_SIZE, MEMREMAP_WB); -+#endif - } - - if (!hva) --- -2.27.0.rc0 - diff --git a/debian/patches/bugfix/s390x/kvm-fix-compile-on-s390-part-2.patch b/debian/patches/bugfix/s390x/kvm-fix-compile-on-s390-part-2.patch deleted file mode 100644 index d7e2ebb29..000000000 --- a/debian/patches/bugfix/s390x/kvm-fix-compile-on-s390-part-2.patch +++ /dev/null @@ -1,38 +0,0 @@ -From: Christian Borntraeger -Date: Mon, 27 May 2019 10:28:25 +0200 -Subject: [06/11] kvm: fix compile on s390 part 2 -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=e25441275142a0d57a51025213c4b6ef17b193e6 - -commit eb1f2f387db8c0d084581fb26e7faffde700bc8e upstream. - -We also need to fence the memunmap part. - -Fixes: e45adf665a53 ("KVM: Introduce a new guest mapping API") -Fixes: d30b214d1d0a (kvm: fix compilation on s390) -Cc: Michal Kubecek -Cc: KarimAllah Ahmed -Signed-off-by: Christian Borntraeger -Signed-off-by: Ben Hutchings -Signed-off-by: Sasha Levin ---- - virt/kvm/kvm_main.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index f99b99b77a48..5b949aa273de 100644 ---- a/virt/kvm/kvm_main.c -+++ b/virt/kvm/kvm_main.c -@@ -1756,8 +1756,10 @@ void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, - - if (map->page) - kunmap(map->page); -+#ifdef CONFIG_HAS_IOMEM - else - memunmap(map->hva); -+#endif - - if (dirty) { - kvm_vcpu_mark_page_dirty(vcpu, map->gfn); --- -2.27.0.rc0 - diff --git a/debian/patches/bugfix/x86/KVM-nVMX-Always-sync-GUEST_BNDCFGS-when-it-comes-fro.patch b/debian/patches/bugfix/x86/KVM-nVMX-Always-sync-GUEST_BNDCFGS-when-it-comes-fro.patch deleted file mode 100644 index 139ca7039..000000000 --- a/debian/patches/bugfix/x86/KVM-nVMX-Always-sync-GUEST_BNDCFGS-when-it-comes-fro.patch +++ /dev/null @@ -1,58 +0,0 @@ -From: Sean Christopherson -Date: Tue, 7 May 2019 09:06:28 -0700 -Subject: [02/11] KVM: nVMX: Always sync GUEST_BNDCFGS when it comes from - vmcs01 -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=7570af489e73c55690d3666c360d0a6d56acdc12 - -commit 3b013a2972d5bc344d6eaa8f24fdfe268211e45f upstream. - -If L1 does not set VM_ENTRY_LOAD_BNDCFGS, then L1's BNDCFGS value must -be propagated to vmcs02 since KVM always runs with VM_ENTRY_LOAD_BNDCFGS -when MPX is supported. Because the value effectively comes from vmcs01, -vmcs02 must be updated even if vmcs12 is clean. - -Fixes: 62cf9bd8118c4 ("KVM: nVMX: Fix emulation of VM_ENTRY_LOAD_BNDCFGS") -Cc: Liran Alon -Signed-off-by: Sean Christopherson -Signed-off-by: Paolo Bonzini -[bwh: Backported to 4.19: adjust filename, context] -Signed-off-by: Ben Hutchings -Signed-off-by: Sasha Levin ---- - arch/x86/kvm/vmx.c | 13 ++++++------- - 1 file changed, 6 insertions(+), 7 deletions(-) - -diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index e4d0ad06790e..ccbddc80ad55 100644 ---- a/arch/x86/kvm/vmx.c -+++ b/arch/x86/kvm/vmx.c -@@ -12137,13 +12137,9 @@ static void prepare_vmcs02_full(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12) - - set_cr4_guest_host_mask(vmx); - -- if (kvm_mpx_supported()) { -- if (vmx->nested.nested_run_pending && -- (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS)) -- vmcs_write64(GUEST_BNDCFGS, vmcs12->guest_bndcfgs); -- else -- vmcs_write64(GUEST_BNDCFGS, vmx->nested.vmcs01_guest_bndcfgs); -- } -+ if (kvm_mpx_supported() && vmx->nested.nested_run_pending && -+ (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS)) -+ vmcs_write64(GUEST_BNDCFGS, vmcs12->guest_bndcfgs); - - if (enable_vpid) { - if (nested_cpu_has_vpid(vmcs12) && vmx->nested.vpid02) -@@ -12207,6 +12203,9 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12, - kvm_set_dr(vcpu, 7, vcpu->arch.dr7); - vmcs_write64(GUEST_IA32_DEBUGCTL, vmx->nested.vmcs01_debugctl); - } -+ if (kvm_mpx_supported() && (!vmx->nested.nested_run_pending || -+ !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS))) -+ vmcs_write64(GUEST_BNDCFGS, vmx->nested.vmcs01_guest_bndcfgs); - if (vmx->nested.nested_run_pending) { - vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, - vmcs12->vm_entry_intr_info_field); --- -2.27.0.rc0 - diff --git a/debian/patches/bugfix/x86/x86-KVM-Clean-up-host-s-steal-time-structure.patch b/debian/patches/bugfix/x86/x86-KVM-Clean-up-host-s-steal-time-structure.patch deleted file mode 100644 index 38a102f7c..000000000 --- a/debian/patches/bugfix/x86/x86-KVM-Clean-up-host-s-steal-time-structure.patch +++ /dev/null @@ -1,86 +0,0 @@ -From: Boris Ostrovsky -Date: Fri, 6 Dec 2019 15:36:12 +0000 -Subject: [11/11] x86/KVM: Clean up host's steal time structure -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=c434092ef8172ed027f2bd9afcd42c0ee5002b85 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-3016 - -commit a6bd811f1209fe1c64c9f6fd578101d6436c6b6e upstream. - -Now that we are mapping kvm_steal_time from the guest directly we -don't need keep a copy of it in kvm_vcpu_arch.st. The same is true -for the stime field. - -This is part of CVE-2019-3016. - -Signed-off-by: Boris Ostrovsky -Reviewed-by: Joao Martins -Signed-off-by: Paolo Bonzini -Signed-off-by: Ben Hutchings -Signed-off-by: Sasha Levin ---- - arch/x86/include/asm/kvm_host.h | 3 +-- - arch/x86/kvm/x86.c | 11 +++-------- - 2 files changed, 4 insertions(+), 10 deletions(-) - -diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h -index ca9c7110b99d..33136395db8f 100644 ---- a/arch/x86/include/asm/kvm_host.h -+++ b/arch/x86/include/asm/kvm_host.h -@@ -622,10 +622,9 @@ struct kvm_vcpu_arch { - bool pvclock_set_guest_stopped_request; - - struct { -+ u8 preempted; - u64 msr_val; - u64 last_steal; -- struct gfn_to_hva_cache stime; -- struct kvm_steal_time steal; - struct gfn_to_pfn_cache cache; - } st; - -diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index d77822e03ff6..6bfc9eaf8dee 100644 ---- a/arch/x86/kvm/x86.c -+++ b/arch/x86/kvm/x86.c -@@ -2418,7 +2418,7 @@ static void record_steal_time(struct kvm_vcpu *vcpu) - if (xchg(&st->preempted, 0) & KVM_VCPU_FLUSH_TLB) - kvm_vcpu_flush_tlb(vcpu, false); - -- vcpu->arch.st.steal.preempted = 0; -+ vcpu->arch.st.preempted = 0; - - if (st->version & 1) - st->version += 1; /* first time write, random junk */ -@@ -2577,11 +2577,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) - if (data & KVM_STEAL_RESERVED_MASK) - return 1; - -- if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.st.stime, -- data & KVM_STEAL_VALID_BITS, -- sizeof(struct kvm_steal_time))) -- return 1; -- - vcpu->arch.st.msr_val = data; - - if (!(data & KVM_MSR_ENABLED)) -@@ -3280,7 +3275,7 @@ static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu) - if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED)) - return; - -- if (vcpu->arch.st.steal.preempted) -+ if (vcpu->arch.st.preempted) - return; - - if (kvm_map_gfn(vcpu, vcpu->arch.st.msr_val >> PAGE_SHIFT, &map, -@@ -3290,7 +3285,7 @@ static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu) - st = map.hva + - offset_in_page(vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS); - -- st->preempted = vcpu->arch.st.steal.preempted = KVM_VCPU_PREEMPTED; -+ st->preempted = vcpu->arch.st.preempted = KVM_VCPU_PREEMPTED; - - kvm_unmap_gfn(vcpu, &map, &vcpu->arch.st.cache, true, true); - } --- -2.27.0.rc0 - diff --git a/debian/patches/bugfix/x86/x86-KVM-Make-sure-KVM_VCPU_FLUSH_TLB-flag-is-not-mis.patch b/debian/patches/bugfix/x86/x86-KVM-Make-sure-KVM_VCPU_FLUSH_TLB-flag-is-not-mis.patch deleted file mode 100644 index d6235ad03..000000000 --- a/debian/patches/bugfix/x86/x86-KVM-Make-sure-KVM_VCPU_FLUSH_TLB-flag-is-not-mis.patch +++ /dev/null @@ -1,130 +0,0 @@ -From: Boris Ostrovsky -Date: Thu, 5 Dec 2019 03:45:32 +0000 -Subject: [10/11] x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=b5b79c757e6f22f17d8ddf2979abb7bf231bb327 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-3016 - -commit b043138246a41064527cf019a3d51d9f015e9796 upstream. - -There is a potential race in record_steal_time() between setting -host-local vcpu->arch.st.steal.preempted to zero (i.e. clearing -KVM_VCPU_PREEMPTED) and propagating this value to the guest with -kvm_write_guest_cached(). Between those two events the guest may -still see KVM_VCPU_PREEMPTED in its copy of kvm_steal_time, set -KVM_VCPU_FLUSH_TLB and assume that hypervisor will do the right -thing. Which it won't. - -Instad of copying, we should map kvm_steal_time and that will -guarantee atomicity of accesses to @preempted. - -This is part of CVE-2019-3016. - -Signed-off-by: Boris Ostrovsky -Reviewed-by: Joao Martins -Signed-off-by: Paolo Bonzini -[bwh: Backported to 4.19: No tracepoint in record_steal_time().] -Signed-off-by: Ben Hutchings -Signed-off-by: Sasha Levin ---- - arch/x86/kvm/x86.c | 49 +++++++++++++++++++++++++++------------------- - 1 file changed, 29 insertions(+), 20 deletions(-) - -diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 6916f46909ab..d77822e03ff6 100644 ---- a/arch/x86/kvm/x86.c -+++ b/arch/x86/kvm/x86.c -@@ -2397,43 +2397,45 @@ static void kvm_vcpu_flush_tlb(struct kvm_vcpu *vcpu, bool invalidate_gpa) - - static void record_steal_time(struct kvm_vcpu *vcpu) - { -+ struct kvm_host_map map; -+ struct kvm_steal_time *st; -+ - if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED)) - return; - -- if (unlikely(kvm_read_guest_cached(vcpu->kvm, &vcpu->arch.st.stime, -- &vcpu->arch.st.steal, sizeof(struct kvm_steal_time)))) -+ /* -EAGAIN is returned in atomic context so we can just return. */ -+ if (kvm_map_gfn(vcpu, vcpu->arch.st.msr_val >> PAGE_SHIFT, -+ &map, &vcpu->arch.st.cache, false)) - return; - -+ st = map.hva + -+ offset_in_page(vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS); -+ - /* - * Doing a TLB flush here, on the guest's behalf, can avoid - * expensive IPIs. - */ -- if (xchg(&vcpu->arch.st.steal.preempted, 0) & KVM_VCPU_FLUSH_TLB) -+ if (xchg(&st->preempted, 0) & KVM_VCPU_FLUSH_TLB) - kvm_vcpu_flush_tlb(vcpu, false); - -- if (vcpu->arch.st.steal.version & 1) -- vcpu->arch.st.steal.version += 1; /* first time write, random junk */ -+ vcpu->arch.st.steal.preempted = 0; - -- vcpu->arch.st.steal.version += 1; -+ if (st->version & 1) -+ st->version += 1; /* first time write, random junk */ - -- kvm_write_guest_cached(vcpu->kvm, &vcpu->arch.st.stime, -- &vcpu->arch.st.steal, sizeof(struct kvm_steal_time)); -+ st->version += 1; - - smp_wmb(); - -- vcpu->arch.st.steal.steal += current->sched_info.run_delay - -+ st->steal += current->sched_info.run_delay - - vcpu->arch.st.last_steal; - vcpu->arch.st.last_steal = current->sched_info.run_delay; - -- kvm_write_guest_cached(vcpu->kvm, &vcpu->arch.st.stime, -- &vcpu->arch.st.steal, sizeof(struct kvm_steal_time)); -- - smp_wmb(); - -- vcpu->arch.st.steal.version += 1; -+ st->version += 1; - -- kvm_write_guest_cached(vcpu->kvm, &vcpu->arch.st.stime, -- &vcpu->arch.st.steal, sizeof(struct kvm_steal_time)); -+ kvm_unmap_gfn(vcpu, &map, &vcpu->arch.st.cache, true, false); - } - - int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) -@@ -3272,18 +3274,25 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu) - - static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu) - { -+ struct kvm_host_map map; -+ struct kvm_steal_time *st; -+ - if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED)) - return; - - if (vcpu->arch.st.steal.preempted) - return; - -- vcpu->arch.st.steal.preempted = KVM_VCPU_PREEMPTED; -+ if (kvm_map_gfn(vcpu, vcpu->arch.st.msr_val >> PAGE_SHIFT, &map, -+ &vcpu->arch.st.cache, true)) -+ return; -+ -+ st = map.hva + -+ offset_in_page(vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS); -+ -+ st->preempted = vcpu->arch.st.steal.preempted = KVM_VCPU_PREEMPTED; - -- kvm_write_guest_offset_cached(vcpu->kvm, &vcpu->arch.st.stime, -- &vcpu->arch.st.steal.preempted, -- offsetof(struct kvm_steal_time, preempted), -- sizeof(vcpu->arch.st.steal.preempted)); -+ kvm_unmap_gfn(vcpu, &map, &vcpu->arch.st.cache, true, true); - } - - void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu) --- -2.27.0.rc0 - diff --git a/debian/patches/bugfix/x86/x86-kvm-Cache-gfn-to-pfn-translation.patch b/debian/patches/bugfix/x86/x86-kvm-Cache-gfn-to-pfn-translation.patch deleted file mode 100644 index 56a2e14dc..000000000 --- a/debian/patches/bugfix/x86/x86-kvm-Cache-gfn-to-pfn-translation.patch +++ /dev/null @@ -1,296 +0,0 @@ -From: Boris Ostrovsky -Date: Thu, 5 Dec 2019 01:30:51 +0000 -Subject: [09/11] x86/kvm: Cache gfn to pfn translation -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=ccfc73e56da7c8e68ab6a543c5b8cd0b83c9e9bb -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-3016 - -commit 917248144db5d7320655dbb41d3af0b8a0f3d589 upstream. - -__kvm_map_gfn()'s call to gfn_to_pfn_memslot() is -* relatively expensive -* in certain cases (such as when done from atomic context) cannot be called - -Stashing gfn-to-pfn mapping should help with both cases. - -This is part of CVE-2019-3016. - -Signed-off-by: Boris Ostrovsky -Reviewed-by: Joao Martins -Signed-off-by: Paolo Bonzini -Signed-off-by: Ben Hutchings -Signed-off-by: Sasha Levin ---- - arch/x86/include/asm/kvm_host.h | 1 + - arch/x86/kvm/x86.c | 10 ++++ - include/linux/kvm_host.h | 7 ++- - include/linux/kvm_types.h | 9 ++- - virt/kvm/kvm_main.c | 98 ++++++++++++++++++++++++++------- - 5 files changed, 103 insertions(+), 22 deletions(-) - -diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h -index 5c99b9bfce04..ca9c7110b99d 100644 ---- a/arch/x86/include/asm/kvm_host.h -+++ b/arch/x86/include/asm/kvm_host.h -@@ -626,6 +626,7 @@ struct kvm_vcpu_arch { - u64 last_steal; - struct gfn_to_hva_cache stime; - struct kvm_steal_time steal; -+ struct gfn_to_pfn_cache cache; - } st; - - u64 tsc_offset; -diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 1a6e1aa2fb29..6916f46909ab 100644 ---- a/arch/x86/kvm/x86.c -+++ b/arch/x86/kvm/x86.c -@@ -8634,6 +8634,9 @@ static void fx_init(struct kvm_vcpu *vcpu) - void kvm_arch_vcpu_free(struct kvm_vcpu *vcpu) - { - void *wbinvd_dirty_mask = vcpu->arch.wbinvd_dirty_mask; -+ struct gfn_to_pfn_cache *cache = &vcpu->arch.st.cache; -+ -+ kvm_release_pfn(cache->pfn, cache->dirty, cache); - - kvmclock_reset(vcpu); - -@@ -9298,11 +9301,18 @@ int kvm_arch_create_memslot(struct kvm *kvm, struct kvm_memory_slot *slot, - - void kvm_arch_memslots_updated(struct kvm *kvm, u64 gen) - { -+ struct kvm_vcpu *vcpu; -+ int i; -+ - /* - * memslots->generation has been incremented. - * mmio generation may have reached its maximum value. - */ - kvm_mmu_invalidate_mmio_sptes(kvm, gen); -+ -+ /* Force re-initialization of steal_time cache */ -+ kvm_for_each_vcpu(i, vcpu, kvm) -+ kvm_vcpu_kick(vcpu); - } - - int kvm_arch_prepare_memory_region(struct kvm *kvm, -diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index 303c1a6916ce..dabb60f90726 100644 ---- a/include/linux/kvm_host.h -+++ b/include/linux/kvm_host.h -@@ -708,6 +708,7 @@ void kvm_set_pfn_dirty(kvm_pfn_t pfn); - void kvm_set_pfn_accessed(kvm_pfn_t pfn); - void kvm_get_pfn(kvm_pfn_t pfn); - -+void kvm_release_pfn(kvm_pfn_t pfn, bool dirty, struct gfn_to_pfn_cache *cache); - int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int offset, - int len); - int kvm_read_guest_atomic(struct kvm *kvm, gpa_t gpa, void *data, -@@ -738,10 +739,12 @@ struct kvm_memory_slot *kvm_vcpu_gfn_to_memslot(struct kvm_vcpu *vcpu, gfn_t gfn - kvm_pfn_t kvm_vcpu_gfn_to_pfn_atomic(struct kvm_vcpu *vcpu, gfn_t gfn); - kvm_pfn_t kvm_vcpu_gfn_to_pfn(struct kvm_vcpu *vcpu, gfn_t gfn); - int kvm_vcpu_map(struct kvm_vcpu *vcpu, gpa_t gpa, struct kvm_host_map *map); --int kvm_map_gfn(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map); -+int kvm_map_gfn(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map, -+ struct gfn_to_pfn_cache *cache, bool atomic); - struct page *kvm_vcpu_gfn_to_page(struct kvm_vcpu *vcpu, gfn_t gfn); - void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, bool dirty); --int kvm_unmap_gfn(struct kvm_vcpu *vcpu, struct kvm_host_map *map, bool dirty); -+int kvm_unmap_gfn(struct kvm_vcpu *vcpu, struct kvm_host_map *map, -+ struct gfn_to_pfn_cache *cache, bool dirty, bool atomic); - unsigned long kvm_vcpu_gfn_to_hva(struct kvm_vcpu *vcpu, gfn_t gfn); - unsigned long kvm_vcpu_gfn_to_hva_prot(struct kvm_vcpu *vcpu, gfn_t gfn, bool *writable); - int kvm_vcpu_read_guest_page(struct kvm_vcpu *vcpu, gfn_t gfn, void *data, int offset, -diff --git a/include/linux/kvm_types.h b/include/linux/kvm_types.h -index 8bf259dae9f6..a38729c8296f 100644 ---- a/include/linux/kvm_types.h -+++ b/include/linux/kvm_types.h -@@ -32,7 +32,7 @@ struct kvm_memslots; - - enum kvm_mr_change; - --#include -+#include - - /* - * Address types: -@@ -63,4 +63,11 @@ struct gfn_to_hva_cache { - struct kvm_memory_slot *memslot; - }; - -+struct gfn_to_pfn_cache { -+ u64 generation; -+ gfn_t gfn; -+ kvm_pfn_t pfn; -+ bool dirty; -+}; -+ - #endif /* __KVM_TYPES_H__ */ -diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 8e29b2e0bf2e..aca15bd1cc4c 100644 ---- a/virt/kvm/kvm_main.c -+++ b/virt/kvm/kvm_main.c -@@ -1705,27 +1705,72 @@ struct page *gfn_to_page(struct kvm *kvm, gfn_t gfn) - } - EXPORT_SYMBOL_GPL(gfn_to_page); - -+void kvm_release_pfn(kvm_pfn_t pfn, bool dirty, struct gfn_to_pfn_cache *cache) -+{ -+ if (pfn == 0) -+ return; -+ -+ if (cache) -+ cache->pfn = cache->gfn = 0; -+ -+ if (dirty) -+ kvm_release_pfn_dirty(pfn); -+ else -+ kvm_release_pfn_clean(pfn); -+} -+ -+static void kvm_cache_gfn_to_pfn(struct kvm_memory_slot *slot, gfn_t gfn, -+ struct gfn_to_pfn_cache *cache, u64 gen) -+{ -+ kvm_release_pfn(cache->pfn, cache->dirty, cache); -+ -+ cache->pfn = gfn_to_pfn_memslot(slot, gfn); -+ cache->gfn = gfn; -+ cache->dirty = false; -+ cache->generation = gen; -+} -+ - static int __kvm_map_gfn(struct kvm_memslots *slots, gfn_t gfn, -- struct kvm_host_map *map) -+ struct kvm_host_map *map, -+ struct gfn_to_pfn_cache *cache, -+ bool atomic) - { - kvm_pfn_t pfn; - void *hva = NULL; - struct page *page = KVM_UNMAPPED_PAGE; - struct kvm_memory_slot *slot = __gfn_to_memslot(slots, gfn); -+ u64 gen = slots->generation; - - if (!map) - return -EINVAL; - -- pfn = gfn_to_pfn_memslot(slot, gfn); -+ if (cache) { -+ if (!cache->pfn || cache->gfn != gfn || -+ cache->generation != gen) { -+ if (atomic) -+ return -EAGAIN; -+ kvm_cache_gfn_to_pfn(slot, gfn, cache, gen); -+ } -+ pfn = cache->pfn; -+ } else { -+ if (atomic) -+ return -EAGAIN; -+ pfn = gfn_to_pfn_memslot(slot, gfn); -+ } - if (is_error_noslot_pfn(pfn)) - return -EINVAL; - - if (pfn_valid(pfn)) { - page = pfn_to_page(pfn); -- hva = kmap(page); -+ if (atomic) -+ hva = kmap_atomic(page); -+ else -+ hva = kmap(page); - #ifdef CONFIG_HAS_IOMEM -- } else { -+ } else if (!atomic) { - hva = memremap(pfn_to_hpa(pfn), PAGE_SIZE, MEMREMAP_WB); -+ } else { -+ return -EINVAL; - #endif - } - -@@ -1740,20 +1785,25 @@ static int __kvm_map_gfn(struct kvm_memslots *slots, gfn_t gfn, - return 0; - } - --int kvm_map_gfn(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map) -+int kvm_map_gfn(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map, -+ struct gfn_to_pfn_cache *cache, bool atomic) - { -- return __kvm_map_gfn(kvm_memslots(vcpu->kvm), gfn, map); -+ return __kvm_map_gfn(kvm_memslots(vcpu->kvm), gfn, map, -+ cache, atomic); - } - EXPORT_SYMBOL_GPL(kvm_map_gfn); - - int kvm_vcpu_map(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map) - { -- return __kvm_map_gfn(kvm_vcpu_memslots(vcpu), gfn, map); -+ return __kvm_map_gfn(kvm_vcpu_memslots(vcpu), gfn, map, -+ NULL, false); - } - EXPORT_SYMBOL_GPL(kvm_vcpu_map); - - static void __kvm_unmap_gfn(struct kvm_memory_slot *memslot, -- struct kvm_host_map *map, bool dirty) -+ struct kvm_host_map *map, -+ struct gfn_to_pfn_cache *cache, -+ bool dirty, bool atomic) - { - if (!map) - return; -@@ -1761,34 +1811,44 @@ static void __kvm_unmap_gfn(struct kvm_memory_slot *memslot, - if (!map->hva) - return; - -- if (map->page != KVM_UNMAPPED_PAGE) -- kunmap(map->page); -+ if (map->page != KVM_UNMAPPED_PAGE) { -+ if (atomic) -+ kunmap_atomic(map->hva); -+ else -+ kunmap(map->page); -+ } - #ifdef CONFIG_HAS_IOMEM -- else -+ else if (!atomic) - memunmap(map->hva); -+ else -+ WARN_ONCE(1, "Unexpected unmapping in atomic context"); - #endif - -- if (dirty) { -+ if (dirty) - mark_page_dirty_in_slot(memslot, map->gfn); -- kvm_release_pfn_dirty(map->pfn); -- } else { -- kvm_release_pfn_clean(map->pfn); -- } -+ -+ if (cache) -+ cache->dirty |= dirty; -+ else -+ kvm_release_pfn(map->pfn, dirty, NULL); - - map->hva = NULL; - map->page = NULL; - } - --int kvm_unmap_gfn(struct kvm_vcpu *vcpu, struct kvm_host_map *map, bool dirty) -+int kvm_unmap_gfn(struct kvm_vcpu *vcpu, struct kvm_host_map *map, -+ struct gfn_to_pfn_cache *cache, bool dirty, bool atomic) - { -- __kvm_unmap_gfn(gfn_to_memslot(vcpu->kvm, map->gfn), map, dirty); -+ __kvm_unmap_gfn(gfn_to_memslot(vcpu->kvm, map->gfn), map, -+ cache, dirty, atomic); - return 0; - } - EXPORT_SYMBOL_GPL(kvm_unmap_gfn); - - void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, bool dirty) - { -- __kvm_unmap_gfn(kvm_vcpu_gfn_to_memslot(vcpu, map->gfn), map, dirty); -+ __kvm_unmap_gfn(kvm_vcpu_gfn_to_memslot(vcpu, map->gfn), map, NULL, -+ dirty, false); - } - EXPORT_SYMBOL_GPL(kvm_vcpu_unmap); - --- -2.27.0.rc0 - diff --git a/debian/patches/bugfix/x86/x86-kvm-Introduce-kvm_-un-map_gfn.patch b/debian/patches/bugfix/x86/x86-kvm-Introduce-kvm_-un-map_gfn.patch deleted file mode 100644 index dedbfea03..000000000 --- a/debian/patches/bugfix/x86/x86-kvm-Introduce-kvm_-un-map_gfn.patch +++ /dev/null @@ -1,114 +0,0 @@ -From: Boris Ostrovsky -Date: Tue, 12 Nov 2019 16:35:06 +0000 -Subject: [08/11] x86/kvm: Introduce kvm_(un)map_gfn() -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=e36d68ec5090599058650152547d4a58ef3d79a0 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-3016 - -commit 1eff70a9abd46f175defafd29bc17ad456f398a7 upstream. - -kvm_vcpu_(un)map operates on gfns from any current address space. -In certain cases we want to make sure we are not mapping SMRAM -and for that we can use kvm_(un)map_gfn() that we are introducing -in this patch. - -This is part of CVE-2019-3016. - -Signed-off-by: Boris Ostrovsky -Reviewed-by: Joao Martins -Signed-off-by: Paolo Bonzini -Signed-off-by: Ben Hutchings -Signed-off-by: Sasha Levin ---- - include/linux/kvm_host.h | 2 ++ - virt/kvm/kvm_main.c | 29 ++++++++++++++++++++++++----- - 2 files changed, 26 insertions(+), 5 deletions(-) - -diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index bef95dba14e8..303c1a6916ce 100644 ---- a/include/linux/kvm_host.h -+++ b/include/linux/kvm_host.h -@@ -738,8 +738,10 @@ struct kvm_memory_slot *kvm_vcpu_gfn_to_memslot(struct kvm_vcpu *vcpu, gfn_t gfn - kvm_pfn_t kvm_vcpu_gfn_to_pfn_atomic(struct kvm_vcpu *vcpu, gfn_t gfn); - kvm_pfn_t kvm_vcpu_gfn_to_pfn(struct kvm_vcpu *vcpu, gfn_t gfn); - int kvm_vcpu_map(struct kvm_vcpu *vcpu, gpa_t gpa, struct kvm_host_map *map); -+int kvm_map_gfn(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map); - struct page *kvm_vcpu_gfn_to_page(struct kvm_vcpu *vcpu, gfn_t gfn); - void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, bool dirty); -+int kvm_unmap_gfn(struct kvm_vcpu *vcpu, struct kvm_host_map *map, bool dirty); - unsigned long kvm_vcpu_gfn_to_hva(struct kvm_vcpu *vcpu, gfn_t gfn); - unsigned long kvm_vcpu_gfn_to_hva_prot(struct kvm_vcpu *vcpu, gfn_t gfn, bool *writable); - int kvm_vcpu_read_guest_page(struct kvm_vcpu *vcpu, gfn_t gfn, void *data, int offset, -diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 33b288469c70..8e29b2e0bf2e 100644 ---- a/virt/kvm/kvm_main.c -+++ b/virt/kvm/kvm_main.c -@@ -1705,12 +1705,13 @@ struct page *gfn_to_page(struct kvm *kvm, gfn_t gfn) - } - EXPORT_SYMBOL_GPL(gfn_to_page); - --static int __kvm_map_gfn(struct kvm_memory_slot *slot, gfn_t gfn, -+static int __kvm_map_gfn(struct kvm_memslots *slots, gfn_t gfn, - struct kvm_host_map *map) - { - kvm_pfn_t pfn; - void *hva = NULL; - struct page *page = KVM_UNMAPPED_PAGE; -+ struct kvm_memory_slot *slot = __gfn_to_memslot(slots, gfn); - - if (!map) - return -EINVAL; -@@ -1739,14 +1740,20 @@ static int __kvm_map_gfn(struct kvm_memory_slot *slot, gfn_t gfn, - return 0; - } - -+int kvm_map_gfn(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map) -+{ -+ return __kvm_map_gfn(kvm_memslots(vcpu->kvm), gfn, map); -+} -+EXPORT_SYMBOL_GPL(kvm_map_gfn); -+ - int kvm_vcpu_map(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map) - { -- return __kvm_map_gfn(kvm_vcpu_gfn_to_memslot(vcpu, gfn), gfn, map); -+ return __kvm_map_gfn(kvm_vcpu_memslots(vcpu), gfn, map); - } - EXPORT_SYMBOL_GPL(kvm_vcpu_map); - --void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, -- bool dirty) -+static void __kvm_unmap_gfn(struct kvm_memory_slot *memslot, -+ struct kvm_host_map *map, bool dirty) - { - if (!map) - return; -@@ -1762,7 +1769,7 @@ void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, - #endif - - if (dirty) { -- kvm_vcpu_mark_page_dirty(vcpu, map->gfn); -+ mark_page_dirty_in_slot(memslot, map->gfn); - kvm_release_pfn_dirty(map->pfn); - } else { - kvm_release_pfn_clean(map->pfn); -@@ -1771,6 +1778,18 @@ void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, - map->hva = NULL; - map->page = NULL; - } -+ -+int kvm_unmap_gfn(struct kvm_vcpu *vcpu, struct kvm_host_map *map, bool dirty) -+{ -+ __kvm_unmap_gfn(gfn_to_memslot(vcpu->kvm, map->gfn), map, dirty); -+ return 0; -+} -+EXPORT_SYMBOL_GPL(kvm_unmap_gfn); -+ -+void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, bool dirty) -+{ -+ __kvm_unmap_gfn(kvm_vcpu_gfn_to_memslot(vcpu, map->gfn), map, dirty); -+} - EXPORT_SYMBOL_GPL(kvm_vcpu_unmap); - - struct page *kvm_vcpu_gfn_to_page(struct kvm_vcpu *vcpu, gfn_t gfn) --- -2.27.0.rc0 - diff --git a/debian/patches/series b/debian/patches/series index d7661dd06..fd84df1a1 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -307,17 +307,6 @@ bugfix/all/netlabel-cope-with-NULL-catmap.patch bugfix/all/fs-binfmt_elf.c-allocate-initialized-memory-in-fill_.patch bugfix/all/kernel-relay.c-handle-alloc_percpu-returning-NULL-in.patch bugfix/all/mm-Fix-mremap-not-considering-huge-pmd-devmap.patch -# pre-requisites and CVE-2019-3016 -bugfix/x86/KVM-nVMX-Always-sync-GUEST_BNDCFGS-when-it-comes-fro.patch -bugfix/all/KVM-Introduce-a-new-guest-mapping-API.patch -bugfix/arm64/kvm-fix-compilation-on-aarch64.patch -bugfix/s390x/kvm-fix-compilation-on-s390.patch -bugfix/s390x/kvm-fix-compile-on-s390-part-2.patch -bugfix/all/KVM-Properly-check-if-page-is-valid-in-kvm_vcpu_unma.patch -bugfix/x86/x86-kvm-Introduce-kvm_-un-map_gfn.patch -bugfix/x86/x86-kvm-Cache-gfn-to-pfn-translation.patch -bugfix/x86/x86-KVM-Make-sure-KVM_VCPU_FLUSH_TLB-flag-is-not-mis.patch -bugfix/x86/x86-KVM-Clean-up-host-s-steal-time-structure.patch bugfix/x86/srbds/0001-x86-cpu-Add-a-steppings-field-to-struct-x86_cpu_id.patch bugfix/x86/srbds/0002-x86-cpu-Add-table-argument-to-cpu_matches.patch bugfix/x86/srbds/0003-x86-speculation-Add-Special-Register-Buffer-Data-Sam.patch