rebase patches on top of Ubuntu-5.11.0-34.36

(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch b/patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch
index 164d21c0059455ad1ecc46dfcf49853fbcd552c9..4b8057523d2a2afbf4a64ec150aa75a4df0171b1 100644 (file)
--- a/patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch
+++ b/patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch
@@ -55,10 +55,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  2 files changed, 111 insertions(+)
 
 diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index 52b2f13eb26f..8c1bec09424b 100644
+index ee85be64b680..a38a8e44422e 100644
 --- a/Documentation/admin-guide/kernel-parameters.txt
 +++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -3647,6 +3647,15 @@
+@@ -3653,6 +3653,15 @@
                                Also, it enforces the PCI Local Bus spec
                                rule that those bits should be 0 in system reset
                                events (useful for kexec/kdump cases).
@@ -75,7 +75,7 @@ index 52b2f13eb26f..8c1bec09424b 100644
                                Safety option to keep boot IRQs enabled. This
                                should never be necessary.
 diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
-index fb13b3109a43..ee39f6c3dc3a 100644
+index f32e521ade1e..4f3558d0c00a 100644
 --- a/drivers/pci/quirks.c
 +++ b/drivers/pci/quirks.c
 @@ -192,6 +192,106 @@ static int __init pci_apply_final_quirks(void)
@@ -185,7 +185,7 @@ index fb13b3109a43..ee39f6c3dc3a 100644
  /*
   * Decoding should be disabled for a PCI device during BAR sizing to avoid
   * conflict. But doing so may cause problems on host bridge and perhaps other
-@@ -4770,6 +4870,8 @@ static const struct pci_dev_acs_enabled {
+@@ -4857,6 +4957,8 @@ static const struct pci_dev_acs_enabled {
        { PCI_VENDOR_ID_CAVIUM, PCI_ANY_ID, pci_quirk_cavium_acs },
        /* APM X-Gene */
        { PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs },

diff --git a/patches/kernel/0004-kvm-disable-default-dynamic-halt-polling-growth.patch b/patches/kernel/0004-kvm-disable-default-dynamic-halt-polling-growth.patch
index 5db6088fdf9ecec974310cb1f4d195db51e8b36a..885469393a012b4fbcb2a9e227a576ac82613c3f 100644 (file)
--- a/patches/kernel/0004-kvm-disable-default-dynamic-halt-polling-growth.patch
+++ b/patches/kernel/0004-kvm-disable-default-dynamic-halt-polling-growth.patch
@@ -13,7 +13,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 7377346be880..0979e4ab19ae 100644
+index 14e6c73a6031..c191c9e50735 100644
 --- a/virt/kvm/kvm_main.c
 +++ b/virt/kvm/kvm_main.c
 @@ -77,7 +77,7 @@ module_param(halt_poll_ns, uint, 0644);

diff --git a/patches/kernel/0007-io_uring-don-t-block-level-reissue-off-completion-pa.patch b/patches/kernel/0007-io_uring-don-t-block-level-reissue-off-completion-pa.patch
index ec9ce571e6b1526a35138984cadb51dff6eb3673..fad9c67f92ee1371d86a2bb579e3b5133059441d 100644 (file)
--- a/patches/kernel/0007-io_uring-don-t-block-level-reissue-off-completion-pa.patch
+++ b/patches/kernel/0007-io_uring-don-t-block-level-reissue-off-completion-pa.patch
@@ -27,7 +27,7 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
  1 file changed, 7 insertions(+)
 
 diff --git a/fs/io_uring.c b/fs/io_uring.c
-index 2b86b413641a..11f615033c70 100644
+index a0d42aea3aa1..ce5cf51a5667 100644
 --- a/fs/io_uring.c
 +++ b/fs/io_uring.c
 @@ -2731,6 +2731,13 @@ static bool io_rw_reissue(struct io_kiocb *req, long res)
@@ -44,6 +44,3 @@ index 2b86b413641a..11f615033c70 100644
        lockdep_assert_held(&req->ctx->uring_lock);
  
        ret = io_sq_thread_acquire_mm_files(req->ctx, req);
--- 
-2.30.2
-

diff --git a/patches/kernel/0008-UBUNTU-SAUCE-KVM-nSVM-avoid-picking-up-unsupported-b.patch b/patches/kernel/0008-UBUNTU-SAUCE-KVM-nSVM-avoid-picking-up-unsupported-b.patch
deleted file mode 100644 (file)
index 696a17f..0000000
--- a/patches/kernel/0008-UBUNTU-SAUCE-KVM-nSVM-avoid-picking-up-unsupported-b.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Maxim Levitsky <mlevitsk@redhat.com>
-Date: Thu, 29 Jul 2021 17:54:04 +0300
-Subject: [PATCH] UBUNTU: SAUCE: KVM: nSVM: avoid picking up unsupported bits
- from L2 in int_ctl
-
-This fixes CVE-2021-3653 that allowed a malicious L1 to run L2 with
-AVIC enabled, which allowed the L2 to exploit the uninitialized and enabled
-AVIC to read/write the host physical memory at some offsets.
-
-The bug was discovered by Maxim Levitsky.
-
-Fixes: 3d6368ef580a ("KVM: SVM: Add VMRUN handler")
-Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-CVE-2021-3653
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Acked-by: Ben Romer <benjamin.romer@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit d4c8d125f361e6aef5d58490672f7efa83dab257)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/x86/include/asm/svm.h |  2 ++
- arch/x86/kvm/svm/nested.c  | 11 +++++++----
- arch/x86/kvm/svm/svm.c     |  8 ++++----
- 3 files changed, 13 insertions(+), 8 deletions(-)
-
-diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
-index 1c561945b426..6278111bbf97 100644
---- a/arch/x86/include/asm/svm.h
-+++ b/arch/x86/include/asm/svm.h
-@@ -178,6 +178,8 @@ struct __attribute__ ((__packed__)) vmcb_control_area {
- #define V_IGN_TPR_SHIFT 20
- #define V_IGN_TPR_MASK (1 << V_IGN_TPR_SHIFT)
- 
-+#define V_IRQ_INJECTION_BITS_MASK (V_IRQ_MASK | V_INTR_PRIO_MASK | V_IGN_TPR_MASK)
-+
- #define V_INTR_MASKING_SHIFT 24
- #define V_INTR_MASKING_MASK (1 << V_INTR_MASKING_SHIFT)
- 
-diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
-index 0b3bf6e2aeb9..049d3cbbee5a 100644
---- a/arch/x86/kvm/svm/nested.c
-+++ b/arch/x86/kvm/svm/nested.c
-@@ -429,7 +429,10 @@ static void nested_prepare_vmcb_save(struct vcpu_svm *svm, struct vmcb *vmcb12)
- 
- static void nested_prepare_vmcb_control(struct vcpu_svm *svm)
- {
--      const u32 mask = V_INTR_MASKING_MASK | V_GIF_ENABLE_MASK | V_GIF_MASK;
-+      const u32 int_ctl_vmcb01_bits =
-+              V_INTR_MASKING_MASK | V_GIF_MASK | V_GIF_ENABLE_MASK;
-+
-+      const u32 int_ctl_vmcb12_bits = V_TPR_MASK | V_IRQ_INJECTION_BITS_MASK;
- 
-       if (nested_npt_enabled(svm))
-               nested_svm_init_mmu_context(&svm->vcpu);
-@@ -437,9 +440,9 @@ static void nested_prepare_vmcb_control(struct vcpu_svm *svm)
-       svm->vmcb->control.tsc_offset = svm->vcpu.arch.tsc_offset =
-               svm->vcpu.arch.l1_tsc_offset + svm->nested.ctl.tsc_offset;
- 
--      svm->vmcb->control.int_ctl             =
--              (svm->nested.ctl.int_ctl & ~mask) |
--              (svm->nested.hsave->control.int_ctl & mask);
-+      svm->vmcb->control.int_ctl =
-+              (svm->nested.ctl.int_ctl & int_ctl_vmcb12_bits) |
-+              (svm->nested.hsave->control.int_ctl & int_ctl_vmcb01_bits);
- 
-       svm->vmcb->control.virt_ext            = svm->nested.ctl.virt_ext;
-       svm->vmcb->control.int_vector          = svm->nested.ctl.int_vector;
-diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
-index 786c0eb8bd29..b676386f877e 100644
---- a/arch/x86/kvm/svm/svm.c
-+++ b/arch/x86/kvm/svm/svm.c
-@@ -1547,17 +1547,17 @@ static void svm_set_vintr(struct vcpu_svm *svm)
- 
- static void svm_clear_vintr(struct vcpu_svm *svm)
- {
--      const u32 mask = V_TPR_MASK | V_GIF_ENABLE_MASK | V_GIF_MASK | V_INTR_MASKING_MASK;
-       svm_clr_intercept(svm, INTERCEPT_VINTR);
- 
-       /* Drop int_ctl fields related to VINTR injection.  */
--      svm->vmcb->control.int_ctl &= mask;
-+      svm->vmcb->control.int_ctl &= ~V_IRQ_INJECTION_BITS_MASK;
-       if (is_guest_mode(&svm->vcpu)) {
--              svm->nested.hsave->control.int_ctl &= mask;
-+              svm->nested.hsave->control.int_ctl &= ~V_IRQ_INJECTION_BITS_MASK;
- 
-               WARN_ON((svm->vmcb->control.int_ctl & V_TPR_MASK) !=
-                       (svm->nested.ctl.int_ctl & V_TPR_MASK));
--              svm->vmcb->control.int_ctl |= svm->nested.ctl.int_ctl & ~mask;
-+              svm->vmcb->control.int_ctl |= svm->nested.ctl.int_ctl &
-+                      V_IRQ_INJECTION_BITS_MASK;
-       }
- 
-       vmcb_mark_dirty(svm->vmcb, VMCB_INTR);

diff --git a/patches/kernel/0009-UBUNTU-SAUCE-KVM-nSVM-always-intercept-VMLOAD-VMSAVE.patch b/patches/kernel/0009-UBUNTU-SAUCE-KVM-nSVM-always-intercept-VMLOAD-VMSAVE.patch
deleted file mode 100644 (file)
index 48f3c30..0000000
--- a/patches/kernel/0009-UBUNTU-SAUCE-KVM-nSVM-always-intercept-VMLOAD-VMSAVE.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Maxim Levitsky <mlevitsk@redhat.com>
-Date: Thu, 29 Jul 2021 18:37:38 +0300
-Subject: [PATCH] UBUNTU: SAUCE: KVM: nSVM: always intercept VMLOAD/VMSAVE when
- nested
-
-If L1 disables VMLOAD/VMSAVE intercepts, and doesn't enable
-Virtual VMLOAD/VMSAVE (currently not supported for the nested hypervisor),
-then VMLOAD/VMSAVE must operate on the L1 physical memory, which is only
-possible by making L0 intercept these instructions.
-
-Failure to do so allowed the nested guest to run VMLOAD/VMSAVE unintercepted,
-and thus read/write portions of the host physical memory.
-
-This fixes CVE-2021-3656, which was discovered by Maxim Levitsky and
-Paolo Bonzini.
-
-Fixes: 89c8a4984fc9 ("KVM: SVM: Enable Virtual VMLOAD VMSAVE feature")
-Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-CVE-2021-3656
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
-Acked-by: Stefan Bader <stefan.bader@canonical.com>
-Acked-by: Ben Romer <benjamin.romer@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit 7e23c00e809c1669676363962e2ef9df1bd2840b)
-Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
----
- arch/x86/kvm/svm/nested.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
-index 049d3cbbee5a..3bd5c7d6716e 100644
---- a/arch/x86/kvm/svm/nested.c
-+++ b/arch/x86/kvm/svm/nested.c
-@@ -147,6 +147,9 @@ void recalc_intercepts(struct vcpu_svm *svm)
- 
-       for (i = 0; i < MAX_INTERCEPT; i++)
-               c->intercepts[i] |= g->intercepts[i];
-+
-+      vmcb_set_intercept(c, INTERCEPT_VMLOAD);
-+      vmcb_set_intercept(c, INTERCEPT_VMSAVE);
- }
- 
- static void copy_vmcb_control_area(struct vmcb_control_area *dst,