Linux v4.18.12
This commit is contained in:
Laura Abbott
parent
a3b5129661
commit
97e2dc2c53
|
|
@ -1,155 +0,0 @@
|
|||
From d26c25a9d19b5976b319af528886f89cf455692d Mon Sep 17 00:00:00 2001
|
||||
From: Dave Martin <Dave.Martin@arm.com>
|
||||
Date: Thu, 27 Sep 2018 16:53:21 +0100
|
||||
Subject: arm64: KVM: Tighten guest core register access from userspace
|
||||
|
||||
From: Dave Martin <Dave.Martin@arm.com>
|
||||
|
||||
commit d26c25a9d19b5976b319af528886f89cf455692d upstream.
|
||||
|
||||
We currently allow userspace to access the core register file
|
||||
in about any possible way, including straddling multiple
|
||||
registers and doing unaligned accesses.
|
||||
|
||||
This is not the expected use of the ABI, and nobody is actually
|
||||
using it that way. Let's tighten it by explicitly checking
|
||||
the size and alignment for each field of the register file.
|
||||
|
||||
Cc: <stable@vger.kernel.org>
|
||||
Fixes: 2f4a07c5f9fe ("arm64: KVM: guest one-reg interface")
|
||||
Reviewed-by: Christoffer Dall <christoffer.dall@arm.com>
|
||||
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
|
||||
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
|
||||
[maz: rewrote Dave's initial patch to be more easily backported]
|
||||
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
|
||||
Signed-off-by: Will Deacon <will.deacon@arm.com>
|
||||
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||
|
||||
---
|
||||
arch/arm64/kvm/guest.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 45 insertions(+)
|
||||
|
||||
--- a/arch/arm64/kvm/guest.c
|
||||
+++ b/arch/arm64/kvm/guest.c
|
||||
@@ -57,6 +57,45 @@ static u64 core_reg_offset_from_id(u64 i
|
||||
return id & ~(KVM_REG_ARCH_MASK | KVM_REG_SIZE_MASK | KVM_REG_ARM_CORE);
|
||||
}
|
||||
|
||||
+static int validate_core_offset(const struct kvm_one_reg *reg)
|
||||
+{
|
||||
+ u64 off = core_reg_offset_from_id(reg->id);
|
||||
+ int size;
|
||||
+
|
||||
+ switch (off) {
|
||||
+ case KVM_REG_ARM_CORE_REG(regs.regs[0]) ...
|
||||
+ KVM_REG_ARM_CORE_REG(regs.regs[30]):
|
||||
+ case KVM_REG_ARM_CORE_REG(regs.sp):
|
||||
+ case KVM_REG_ARM_CORE_REG(regs.pc):
|
||||
+ case KVM_REG_ARM_CORE_REG(regs.pstate):
|
||||
+ case KVM_REG_ARM_CORE_REG(sp_el1):
|
||||
+ case KVM_REG_ARM_CORE_REG(elr_el1):
|
||||
+ case KVM_REG_ARM_CORE_REG(spsr[0]) ...
|
||||
+ KVM_REG_ARM_CORE_REG(spsr[KVM_NR_SPSR - 1]):
|
||||
+ size = sizeof(__u64);
|
||||
+ break;
|
||||
+
|
||||
+ case KVM_REG_ARM_CORE_REG(fp_regs.vregs[0]) ...
|
||||
+ KVM_REG_ARM_CORE_REG(fp_regs.vregs[31]):
|
||||
+ size = sizeof(__uint128_t);
|
||||
+ break;
|
||||
+
|
||||
+ case KVM_REG_ARM_CORE_REG(fp_regs.fpsr):
|
||||
+ case KVM_REG_ARM_CORE_REG(fp_regs.fpcr):
|
||||
+ size = sizeof(__u32);
|
||||
+ break;
|
||||
+
|
||||
+ default:
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+
|
||||
+ if (KVM_REG_SIZE(reg->id) == size &&
|
||||
+ IS_ALIGNED(off, size / sizeof(__u32)))
|
||||
+ return 0;
|
||||
+
|
||||
+ return -EINVAL;
|
||||
+}
|
||||
+
|
||||
static int get_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
|
||||
{
|
||||
/*
|
||||
@@ -76,6 +115,9 @@ static int get_core_reg(struct kvm_vcpu
|
||||
(off + (KVM_REG_SIZE(reg->id) / sizeof(__u32))) >= nr_regs)
|
||||
return -ENOENT;
|
||||
|
||||
+ if (validate_core_offset(reg))
|
||||
+ return -EINVAL;
|
||||
+
|
||||
if (copy_to_user(uaddr, ((u32 *)regs) + off, KVM_REG_SIZE(reg->id)))
|
||||
return -EFAULT;
|
||||
|
||||
@@ -98,6 +140,9 @@ static int set_core_reg(struct kvm_vcpu
|
||||
(off + (KVM_REG_SIZE(reg->id) / sizeof(__u32))) >= nr_regs)
|
||||
return -ENOENT;
|
||||
|
||||
+ if (validate_core_offset(reg))
|
||||
+ return -EINVAL;
|
||||
+
|
||||
if (KVM_REG_SIZE(reg->id) > sizeof(tmp))
|
||||
return -EINVAL;
|
||||
|
||||
From 2a3f93459d689d990b3ecfbe782fec89b97d3279 Mon Sep 17 00:00:00 2001
|
||||
From: Marc Zyngier <marc.zyngier@arm.com>
|
||||
Date: Thu, 27 Sep 2018 16:53:22 +0100
|
||||
Subject: arm64: KVM: Sanitize PSTATE.M when being set from userspace
|
||||
|
||||
From: Marc Zyngier <marc.zyngier@arm.com>
|
||||
|
||||
commit 2a3f93459d689d990b3ecfbe782fec89b97d3279 upstream.
|
||||
|
||||
Not all execution modes are valid for a guest, and some of them
|
||||
depend on what the HW actually supports. Let's verify that what
|
||||
userspace provides is compatible with both the VM settings and
|
||||
the HW capabilities.
|
||||
|
||||
Cc: <stable@vger.kernel.org>
|
||||
Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu")
|
||||
Reviewed-by: Christoffer Dall <christoffer.dall@arm.com>
|
||||
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
|
||||
Reviewed-by: Dave Martin <Dave.Martin@arm.com>
|
||||
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
|
||||
Signed-off-by: Will Deacon <will.deacon@arm.com>
|
||||
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||
|
||||
---
|
||||
arch/arm64/kvm/guest.c | 10 +++++++++-
|
||||
1 file changed, 9 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/arch/arm64/kvm/guest.c
|
||||
+++ b/arch/arm64/kvm/guest.c
|
||||
@@ -152,17 +152,25 @@ static int set_core_reg(struct kvm_vcpu
|
||||
}
|
||||
|
||||
if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) {
|
||||
- u32 mode = (*(u32 *)valp) & COMPAT_PSR_MODE_MASK;
|
||||
+ u64 mode = (*(u64 *)valp) & COMPAT_PSR_MODE_MASK;
|
||||
switch (mode) {
|
||||
case COMPAT_PSR_MODE_USR:
|
||||
+ if (!system_supports_32bit_el0())
|
||||
+ return -EINVAL;
|
||||
+ break;
|
||||
case COMPAT_PSR_MODE_FIQ:
|
||||
case COMPAT_PSR_MODE_IRQ:
|
||||
case COMPAT_PSR_MODE_SVC:
|
||||
case COMPAT_PSR_MODE_ABT:
|
||||
case COMPAT_PSR_MODE_UND:
|
||||
+ if (!vcpu_el1_is_32bit(vcpu))
|
||||
+ return -EINVAL;
|
||||
+ break;
|
||||
case PSR_MODE_EL0t:
|
||||
case PSR_MODE_EL1t:
|
||||
case PSR_MODE_EL1h:
|
||||
+ if (vcpu_el1_is_32bit(vcpu))
|
||||
+ return -EINVAL;
|
||||
break;
|
||||
default:
|
||||
err = -EINVAL;
|
||||
13
kernel.spec
13
kernel.spec
|
|
@ -42,7 +42,7 @@ Summary: The Linux kernel
|
|||
# For non-released -rc kernels, this will be appended after the rcX and
|
||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||
#
|
||||
%global baserelease 301
|
||||
%global baserelease 300
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
|
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 11
|
||||
%define stable_update 12
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
|
@ -674,15 +674,9 @@ Patch531: xsa270.patch
|
|||
Patch533: 0001-random-add-a-config-option-to-trust-the-CPU-s-hwrng.patch
|
||||
Patch534: 0001-random-make-CPU-trust-a-boot-parameter.patch
|
||||
|
||||
# rhbz 1628394
|
||||
Patch536: powerpc-ipv6.patch
|
||||
|
||||
# rhbz 1634250
|
||||
Patch537: HID-intel-ish-hid-Enable-Sunrise-Point-H-ish-driver.patch
|
||||
|
||||
# rhbz 1635475 1635476
|
||||
Patch538: arm64_kvm_security.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -1942,6 +1936,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Thu Oct 04 2018 Laura Abbott <labbott@redhat.com> - 4.18.12-300
|
||||
- Linux v4.18.12
|
||||
|
||||
* Wed Oct 3 2018 Peter Robinson <pbrobinson@fedoraproject.org>
|
||||
- Fixes for Ampere platforms
|
||||
|
||||
|
|
|
|||
|
|
@ -1,44 +0,0 @@
|
|||
From 85682a7e3b9c664995ad477520f917039afdc330 Mon Sep 17 00:00:00 2001
|
||||
From: Christophe Leroy <christophe.leroy@c-s.fr>
|
||||
Date: Mon, 10 Sep 2018 06:09:04 +0000
|
||||
Subject: powerpc: fix csum_ipv6_magic() on little endian platforms
|
||||
|
||||
On little endian platforms, csum_ipv6_magic() keeps len and proto in
|
||||
CPU byte order. This generates a bad results leading to ICMPv6 packets
|
||||
from other hosts being dropped by powerpc64le platforms.
|
||||
|
||||
In order to fix this, len and proto should be converted to network
|
||||
byte order ie bigendian byte order. However checksumming 0x12345678
|
||||
and 0x56341278 provide the exact same result so it is enough to
|
||||
rotate the sum of len and proto by 1 byte.
|
||||
|
||||
PPC32 only support bigendian so the fix is needed for PPC64 only
|
||||
|
||||
Fixes: e9c4943a107b ("powerpc: Implement csum_ipv6_magic in assembly")
|
||||
Reported-by: Jianlin Shi <jishi@redhat.com>
|
||||
Reported-by: Xin Long <lucien.xin@gmail.com>
|
||||
Cc: <stable@vger.kernel.org> # 4.18+
|
||||
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
|
||||
Tested-by: Xin Long <lucien.xin@gmail.com>
|
||||
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
|
||||
---
|
||||
arch/powerpc/lib/checksum_64.S | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/arch/powerpc/lib/checksum_64.S b/arch/powerpc/lib/checksum_64.S
|
||||
index 886ed94b9c13..d05c8af4ac51 100644
|
||||
--- a/arch/powerpc/lib/checksum_64.S
|
||||
+++ b/arch/powerpc/lib/checksum_64.S
|
||||
@@ -443,6 +443,9 @@ _GLOBAL(csum_ipv6_magic)
|
||||
addc r0, r8, r9
|
||||
ld r10, 0(r4)
|
||||
ld r11, 8(r4)
|
||||
+#ifdef CONFIG_CPU_LITTLE_ENDIAN
|
||||
+ rotldi r5, r5, 8
|
||||
+#endif
|
||||
adde r0, r0, r10
|
||||
add r5, r5, r7
|
||||
adde r0, r0, r11
|
||||
--
|
||||
cgit 1.2-0.3.lf.el7
|
||||
|
||||
2
sources
2
sources
|
|
@ -1,2 +1,2 @@
|
|||
SHA512 (linux-4.18.tar.xz) = 950eb85ac743b291afe9f21cd174d823e25f11883ee62cecfbfff8fe8c5672aae707654b1b8f29a133b1f2e3529e63b9f7fba4c45d6dacccc8000b3a9a9ae038
|
||||
SHA512 (patch-4.18.11.xz) = a1cfab9c4fb7bec8da33fa95da0986ed7605ff9953fd425f5122978c462a6024886955827ce52a87f93312d5e17a4533606bbabf3e6ad6a5dd353d430db92e7e
|
||||
SHA512 (patch-4.18.12.xz) = 26d739fd52d4017666bc4f3203cc71ed48ed92a6b42e683421dfbffd67cddab0ebdeccc3a46d1e8e1e6b7fe22a7881c0c08c87936e2fc19238d25f09f1b494e3
|
||||
|
|
|
|||
Loading…
Reference in New Issue