diff --git a/patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch b/patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch index c6d917c..f54bcc5 100644 --- a/patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch +++ b/patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch @@ -55,7 +55,7 @@ Signed-off-by: Thomas Lamprecht 2 files changed, 111 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt -index bfc1f87aa9ae..ed601c66eef0 100644 +index b5272568a8f3..f1ef6820d39e 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -3945,6 +3945,15 @@ diff --git a/patches/kernel/0004-kvm-disable-default-dynamic-halt-polling-growth.patch b/patches/kernel/0004-kvm-disable-default-dynamic-halt-polling-growth.patch index bd9e730..52ee27e 100644 --- a/patches/kernel/0004-kvm-disable-default-dynamic-halt-polling-growth.patch +++ b/patches/kernel/0004-kvm-disable-default-dynamic-halt-polling-growth.patch @@ -13,7 +13,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 3ae5f6a3eae4..1888f6a9306b 100644 +index 3ffed093d3ea..0356aa39f654 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -79,7 +79,7 @@ module_param(halt_poll_ns, uint, 0644); diff --git a/patches/kernel/0008-do-not-generate-split-BTF-type-info-per-default.patch b/patches/kernel/0008-do-not-generate-split-BTF-type-info-per-default.patch index 5bb4858..cca6ccb 100644 --- a/patches/kernel/0008-do-not-generate-split-BTF-type-info-per-default.patch +++ b/patches/kernel/0008-do-not-generate-split-BTF-type-info-per-default.patch @@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug -index ead81fad883c..9d76f3c39735 100644 +index dbbd243c865f..406d781fa9ff 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug -@@ -325,7 +325,7 @@ config PAHOLE_HAS_SPLIT_BTF +@@ -331,7 +331,7 @@ config PAHOLE_HAS_SPLIT_BTF def_bool PAHOLE_VERSION >= 119 config DEBUG_INFO_BTF_MODULES diff --git a/patches/kernel/0016-KVM-x86-emulator-em_sysexit-should-update-ctxt-mode.patch b/patches/kernel/0016-KVM-x86-emulator-em_sysexit-should-update-ctxt-mode.patch deleted file mode 100644 index d1fe3f4..0000000 --- a/patches/kernel/0016-KVM-x86-emulator-em_sysexit-should-update-ctxt-mode.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Maxim Levitsky -Date: Wed, 3 Aug 2022 18:50:00 +0300 -Subject: [PATCH] KVM: x86: emulator: em_sysexit should update ctxt->mode - -This is one of the instructions that can change the -processor mode. - -Note that this is likely a benign bug, because the only problematic -mode change is from 32 bit to 64 bit which can lead to truncation of RIP, -and it is not possible to do with sysexit, -since sysexit running in 32 bit mode will be limited to 32 bit version. - -Signed-off-by: Maxim Levitsky -Signed-off-by: Thomas Lamprecht ---- - arch/x86/kvm/emulate.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index 3b4e1d8d239a..ad58eb751b4f 100644 ---- a/arch/x86/kvm/emulate.c -+++ b/arch/x86/kvm/emulate.c -@@ -2861,6 +2861,7 @@ static int em_sysexit(struct x86_emulate_ctxt *ctxt) - ops->set_segment(ctxt, ss_sel, &ss, 0, VCPU_SREG_SS); - - ctxt->_eip = rdx; -+ ctxt->mode = usermode; - *reg_write(ctxt, VCPU_REGS_RSP) = rcx; - - return X86EMUL_CONTINUE; diff --git a/patches/kernel/0018-KVM-x86-emulator-update-the-emulation-mode-after-rsm.patch b/patches/kernel/0016-KVM-x86-emulator-update-the-emulation-mode-after-rsm.patch similarity index 96% rename from patches/kernel/0018-KVM-x86-emulator-update-the-emulation-mode-after-rsm.patch rename to patches/kernel/0016-KVM-x86-emulator-update-the-emulation-mode-after-rsm.patch index e827be1..757677c 100644 --- a/patches/kernel/0018-KVM-x86-emulator-update-the-emulation-mode-after-rsm.patch +++ b/patches/kernel/0016-KVM-x86-emulator-update-the-emulation-mode-after-rsm.patch @@ -17,7 +17,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 5 insertions(+) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index e095debb7022..9dc100399c94 100644 +index cb96e4354f31..23e4fce033a3 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -2638,6 +2638,11 @@ static int em_rsm(struct x86_emulate_ctxt *ctxt) diff --git a/patches/kernel/0017-KVM-x86-emulator-introduce-emulator_recalc_and_set_m.patch b/patches/kernel/0017-KVM-x86-emulator-introduce-emulator_recalc_and_set_m.patch deleted file mode 100644 index e0a489e..0000000 --- a/patches/kernel/0017-KVM-x86-emulator-introduce-emulator_recalc_and_set_m.patch +++ /dev/null @@ -1,158 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Maxim Levitsky -Date: Wed, 3 Aug 2022 18:50:01 +0300 -Subject: [PATCH] KVM: x86: emulator: introduce emulator_recalc_and_set_mode - -Some instructions update the cpu execution mode, which needs -to update the emulation mode. - -Extract this code, and make assign_eip_far use it. - -assign_eip_far now reads CS, instead of getting it via a parameter, -which is ok, because callers always assign CS to the -same value before calling it. - -No functional change is intended. - -Signed-off-by: Maxim Levitsky -Signed-off-by: Thomas Lamprecht ---- - arch/x86/kvm/emulate.c | 85 ++++++++++++++++++++++++++++-------------- - 1 file changed, 57 insertions(+), 28 deletions(-) - -diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index ad58eb751b4f..e095debb7022 100644 ---- a/arch/x86/kvm/emulate.c -+++ b/arch/x86/kvm/emulate.c -@@ -795,8 +795,7 @@ static int linearize(struct x86_emulate_ctxt *ctxt, - ctxt->mode, linear); - } - --static inline int assign_eip(struct x86_emulate_ctxt *ctxt, ulong dst, -- enum x86emul_mode mode) -+static inline int assign_eip(struct x86_emulate_ctxt *ctxt, ulong dst) - { - ulong linear; - int rc; -@@ -806,41 +805,71 @@ static inline int assign_eip(struct x86_emulate_ctxt *ctxt, ulong dst, - - if (ctxt->op_bytes != sizeof(unsigned long)) - addr.ea = dst & ((1UL << (ctxt->op_bytes << 3)) - 1); -- rc = __linearize(ctxt, addr, &max_size, 1, false, true, mode, &linear); -+ rc = __linearize(ctxt, addr, &max_size, 1, false, true, ctxt->mode, &linear); - if (rc == X86EMUL_CONTINUE) - ctxt->_eip = addr.ea; - return rc; - } - -+static inline int emulator_recalc_and_set_mode(struct x86_emulate_ctxt *ctxt) -+{ -+ u64 efer; -+ struct desc_struct cs; -+ u16 selector; -+ u32 base3; -+ -+ ctxt->ops->get_msr(ctxt, MSR_EFER, &efer); -+ -+ if (!ctxt->ops->get_cr(ctxt, 0) & X86_CR0_PE) { -+ /* Real mode. cpu must not have long mode active */ -+ if (efer & EFER_LMA) -+ return X86EMUL_UNHANDLEABLE; -+ ctxt->mode = X86EMUL_MODE_REAL; -+ return X86EMUL_CONTINUE; -+ } -+ -+ if (ctxt->eflags & X86_EFLAGS_VM) { -+ /* Protected/VM86 mode. cpu must not have long mode active */ -+ if (efer & EFER_LMA) -+ return X86EMUL_UNHANDLEABLE; -+ ctxt->mode = X86EMUL_MODE_VM86; -+ return X86EMUL_CONTINUE; -+ } -+ -+ if (!ctxt->ops->get_segment(ctxt, &selector, &cs, &base3, VCPU_SREG_CS)) -+ return X86EMUL_UNHANDLEABLE; -+ -+ if (efer & EFER_LMA) { -+ if (cs.l) { -+ /* Proper long mode */ -+ ctxt->mode = X86EMUL_MODE_PROT64; -+ } else if (cs.d) { -+ /* 32 bit compatibility mode*/ -+ ctxt->mode = X86EMUL_MODE_PROT32; -+ } else { -+ ctxt->mode = X86EMUL_MODE_PROT16; -+ } -+ } else { -+ /* Legacy 32 bit / 16 bit mode */ -+ ctxt->mode = cs.d ? X86EMUL_MODE_PROT32 : X86EMUL_MODE_PROT16; -+ } -+ -+ return X86EMUL_CONTINUE; -+} -+ - static inline int assign_eip_near(struct x86_emulate_ctxt *ctxt, ulong dst) - { -- return assign_eip(ctxt, dst, ctxt->mode); -+ return assign_eip(ctxt, dst); - } - --static int assign_eip_far(struct x86_emulate_ctxt *ctxt, ulong dst, -- const struct desc_struct *cs_desc) -+static int assign_eip_far(struct x86_emulate_ctxt *ctxt, ulong dst) - { -- enum x86emul_mode mode = ctxt->mode; -- int rc; -+ int rc = emulator_recalc_and_set_mode(ctxt); - --#ifdef CONFIG_X86_64 -- if (ctxt->mode >= X86EMUL_MODE_PROT16) { -- if (cs_desc->l) { -- u64 efer = 0; -+ if (rc != X86EMUL_CONTINUE) -+ return rc; - -- ctxt->ops->get_msr(ctxt, MSR_EFER, &efer); -- if (efer & EFER_LMA) -- mode = X86EMUL_MODE_PROT64; -- } else -- mode = X86EMUL_MODE_PROT32; /* temporary value */ -- } --#endif -- if (mode == X86EMUL_MODE_PROT16 || mode == X86EMUL_MODE_PROT32) -- mode = cs_desc->d ? X86EMUL_MODE_PROT32 : X86EMUL_MODE_PROT16; -- rc = assign_eip(ctxt, dst, mode); -- if (rc == X86EMUL_CONTINUE) -- ctxt->mode = mode; -- return rc; -+ return assign_eip(ctxt, dst); - } - - static inline int jmp_rel(struct x86_emulate_ctxt *ctxt, int rel) -@@ -2153,7 +2182,7 @@ static int em_jmp_far(struct x86_emulate_ctxt *ctxt) - if (rc != X86EMUL_CONTINUE) - return rc; - -- rc = assign_eip_far(ctxt, ctxt->src.val, &new_desc); -+ rc = assign_eip_far(ctxt, ctxt->src.val); - /* Error handling is not implemented. */ - if (rc != X86EMUL_CONTINUE) - return X86EMUL_UNHANDLEABLE; -@@ -2234,7 +2263,7 @@ static int em_ret_far(struct x86_emulate_ctxt *ctxt) - &new_desc); - if (rc != X86EMUL_CONTINUE) - return rc; -- rc = assign_eip_far(ctxt, eip, &new_desc); -+ rc = assign_eip_far(ctxt, eip); - /* Error handling is not implemented. */ - if (rc != X86EMUL_CONTINUE) - return X86EMUL_UNHANDLEABLE; -@@ -3458,7 +3487,7 @@ static int em_call_far(struct x86_emulate_ctxt *ctxt) - if (rc != X86EMUL_CONTINUE) - return rc; - -- rc = assign_eip_far(ctxt, ctxt->src.val, &new_desc); -+ rc = assign_eip_far(ctxt, ctxt->src.val); - if (rc != X86EMUL_CONTINUE) - goto fail; - diff --git a/patches/kernel/0020-KVM-x86-emulator-smm-add-structs-for-KVM-s-smram-lay.patch b/patches/kernel/0017-KVM-x86-emulator-smm-add-structs-for-KVM-s-smram-lay.patch similarity index 97% rename from patches/kernel/0020-KVM-x86-emulator-smm-add-structs-for-KVM-s-smram-lay.patch rename to patches/kernel/0017-KVM-x86-emulator-smm-add-structs-for-KVM-s-smram-lay.patch index 3841e0d..c7e09d1 100644 --- a/patches/kernel/0020-KVM-x86-emulator-smm-add-structs-for-KVM-s-smram-lay.patch +++ b/patches/kernel/0017-KVM-x86-emulator-smm-add-structs-for-KVM-s-smram-lay.patch @@ -17,10 +17,10 @@ Signed-off-by: Thomas Lamprecht 3 files changed, 225 insertions(+) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index 70ed6c458084..a332d6f5d4dc 100644 +index 23e4fce033a3..f169be004aab 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c -@@ -5827,3 +5827,9 @@ bool emulator_can_use_gpa(struct x86_emulate_ctxt *ctxt) +@@ -5829,3 +5829,9 @@ bool emulator_can_use_gpa(struct x86_emulate_ctxt *ctxt) return true; } @@ -267,10 +267,10 @@ index fb09cd22cb7f..0b2bbcce321a 100644 #if defined(CONFIG_X86_32) #define X86EMUL_MODE_HOST X86EMUL_MODE_PROT32 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index a4377e50a721..d394cf17a864 100644 +index a6c96f6f9257..6b3c5e4df3e8 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -12502,6 +12502,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_exit); +@@ -12600,6 +12600,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_exit); static int __init kvm_x86_init(void) { kvm_mmu_x86_module_init(); diff --git a/patches/kernel/0021-KVM-x86-emulator-smm-use-smram-structs-in-the-common.patch b/patches/kernel/0018-KVM-x86-emulator-smm-use-smram-structs-in-the-common.patch similarity index 91% rename from patches/kernel/0021-KVM-x86-emulator-smm-use-smram-structs-in-the-common.patch rename to patches/kernel/0018-KVM-x86-emulator-smm-use-smram-structs-in-the-common.patch index 25af0ca..622574e 100644 --- a/patches/kernel/0021-KVM-x86-emulator-smm-use-smram-structs-in-the-common.patch +++ b/patches/kernel/0018-KVM-x86-emulator-smm-use-smram-structs-in-the-common.patch @@ -40,7 +40,7 @@ index 1172a201d851..c4e382af1853 100644 int (*mem_enc_op)(struct kvm *kvm, void __user *argp); diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index a332d6f5d4dc..382d7773a8b0 100644 +index f169be004aab..d3cc1b8e2ea6 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -2566,16 +2566,18 @@ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, @@ -105,10 +105,10 @@ index 0b2bbcce321a..3b37b3e17379 100644 int (*set_xcr)(struct x86_emulate_ctxt *ctxt, u32 index, u64 xcr); }; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c -index 81b8eb0fa912..de82175f0aad 100644 +index 6deb0553ff01..703d63ea1398 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c -@@ -4313,12 +4313,14 @@ static int svm_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection) +@@ -4299,12 +4299,14 @@ static int svm_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection) return !svm_smi_blocked(vcpu); } @@ -124,7 +124,7 @@ index 81b8eb0fa912..de82175f0aad 100644 if (!is_guest_mode(vcpu)) return 0; -@@ -4360,7 +4362,7 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, char *smstate) +@@ -4346,7 +4348,7 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, char *smstate) return 0; } @@ -133,7 +133,7 @@ index 81b8eb0fa912..de82175f0aad 100644 { struct vcpu_svm *svm = to_svm(vcpu); struct kvm_host_map map, map_save; -@@ -4368,6 +4370,8 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const char *smstate) +@@ -4354,6 +4356,8 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const char *smstate) struct vmcb *vmcb12; int ret; @@ -143,10 +143,10 @@ index 81b8eb0fa912..de82175f0aad 100644 return 0; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c -index ff1861312448..290f4d0aca7e 100644 +index cbf61741d39f..7ee57827710a 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c -@@ -7594,7 +7594,7 @@ static int vmx_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection) +@@ -7604,7 +7604,7 @@ static int vmx_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection) return !is_smm(vcpu); } @@ -155,7 +155,7 @@ index ff1861312448..290f4d0aca7e 100644 { struct vcpu_vmx *vmx = to_vmx(vcpu); -@@ -7608,7 +7608,7 @@ static int vmx_enter_smm(struct kvm_vcpu *vcpu, char *smstate) +@@ -7618,7 +7618,7 @@ static int vmx_enter_smm(struct kvm_vcpu *vcpu, char *smstate) return 0; } @@ -165,10 +165,10 @@ index ff1861312448..290f4d0aca7e 100644 struct vcpu_vmx *vmx = to_vmx(vcpu); int ret; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index d394cf17a864..f416ccf8a71f 100644 +index 6b3c5e4df3e8..dd496c99d984 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -7351,9 +7351,9 @@ static void emulator_exiting_smm(struct x86_emulate_ctxt *ctxt) +@@ -7421,9 +7421,9 @@ static void emulator_exiting_smm(struct x86_emulate_ctxt *ctxt) } static int emulator_leave_smm(struct x86_emulate_ctxt *ctxt, @@ -180,7 +180,7 @@ index d394cf17a864..f416ccf8a71f 100644 } static void emulator_triple_fault(struct x86_emulate_ctxt *ctxt) -@@ -9212,25 +9212,25 @@ static void enter_smm(struct kvm_vcpu *vcpu) +@@ -9300,25 +9300,25 @@ static void enter_smm(struct kvm_vcpu *vcpu) struct kvm_segment cs, ds; struct desc_ptr dt; unsigned long cr0; diff --git a/patches/kernel/0022-KVM-x86-emulator-smm-use-smram-struct-for-32-bit-smr.patch b/patches/kernel/0019-KVM-x86-emulator-smm-use-smram-struct-for-32-bit-smr.patch similarity index 97% rename from patches/kernel/0022-KVM-x86-emulator-smm-use-smram-struct-for-32-bit-smr.patch rename to patches/kernel/0019-KVM-x86-emulator-smm-use-smram-struct-for-32-bit-smr.patch index 9c9c191..c13017a 100644 --- a/patches/kernel/0022-KVM-x86-emulator-smm-use-smram-struct-for-32-bit-smr.patch +++ b/patches/kernel/0019-KVM-x86-emulator-smm-use-smram-struct-for-32-bit-smr.patch @@ -15,7 +15,7 @@ Signed-off-by: Thomas Lamprecht 2 files changed, 60 insertions(+), 96 deletions(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index 382d7773a8b0..616337ad077c 100644 +index d3cc1b8e2ea6..0dd18d66f3b7 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -2343,25 +2343,17 @@ static void rsm_set_desc_flags(struct desc_struct *desc, u32 flags) @@ -145,10 +145,10 @@ index 382d7773a8b0..616337ad077c 100644 if (ret != X86EMUL_CONTINUE) goto emulate_shutdown; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index f416ccf8a71f..c42e8be7b4ab 100644 +index dd496c99d984..23f83e92e6b8 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -9066,22 +9066,18 @@ static u32 enter_smm_get_segment_flags(struct kvm_segment *seg) +@@ -9154,22 +9154,18 @@ static u32 enter_smm_get_segment_flags(struct kvm_segment *seg) return flags; } @@ -179,7 +179,7 @@ index f416ccf8a71f..c42e8be7b4ab 100644 } #ifdef CONFIG_X86_64 -@@ -9102,54 +9098,47 @@ static void enter_smm_save_seg_64(struct kvm_vcpu *vcpu, char *buf, int n) +@@ -9190,54 +9186,47 @@ static void enter_smm_save_seg_64(struct kvm_vcpu *vcpu, char *buf, int n) } #endif @@ -257,7 +257,7 @@ index f416ccf8a71f..c42e8be7b4ab 100644 } #ifdef CONFIG_X86_64 -@@ -9220,7 +9209,7 @@ static void enter_smm(struct kvm_vcpu *vcpu) +@@ -9308,7 +9297,7 @@ static void enter_smm(struct kvm_vcpu *vcpu) enter_smm_save_state_64(vcpu, (char *)&smram); else #endif diff --git a/patches/kernel/0019-KVM-x86-emulator-update-the-emulation-mode-after-CR0.patch b/patches/kernel/0019-KVM-x86-emulator-update-the-emulation-mode-after-CR0.patch deleted file mode 100644 index 36bb961..0000000 --- a/patches/kernel/0019-KVM-x86-emulator-update-the-emulation-mode-after-CR0.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Maxim Levitsky -Date: Wed, 3 Aug 2022 18:50:03 +0300 -Subject: [PATCH] KVM: x86: emulator: update the emulation mode after CR0 write - -CR0.PE toggles real/protected mode, thus its update -should update the emulation mode. - -This is likely a benign bug because there is no writeback -of state, other than the RIP increment, and when toggling -CR0.PE, the CPU has to execute code from a very low memory address. - -Also CR0.PG toggle when EFER.LMA is set, toggles the long mode. - -Signed-off-by: Maxim Levitsky -Signed-off-by: Thomas Lamprecht ---- - arch/x86/kvm/emulate.c | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index 9dc100399c94..70ed6c458084 100644 ---- a/arch/x86/kvm/emulate.c -+++ b/arch/x86/kvm/emulate.c -@@ -3634,11 +3634,23 @@ static int em_movbe(struct x86_emulate_ctxt *ctxt) - - static int em_cr_write(struct x86_emulate_ctxt *ctxt) - { -- if (ctxt->ops->set_cr(ctxt, ctxt->modrm_reg, ctxt->src.val)) -+ int cr_num = ctxt->modrm_reg; -+ int r; -+ -+ if (ctxt->ops->set_cr(ctxt, cr_num, ctxt->src.val)) - return emulate_gp(ctxt, 0); - - /* Disable writeback. */ - ctxt->dst.type = OP_NONE; -+ -+ if (cr_num == 0) { -+ /* CR0 write might have updated CR0.PE and/or CR0.PG -+ * which can affect the cpu execution mode */ -+ r = emulator_recalc_and_set_mode(ctxt); -+ if (r != X86EMUL_CONTINUE) -+ return r; -+ } -+ - return X86EMUL_CONTINUE; - } - diff --git a/patches/kernel/0023-KVM-x86-emulator-smm-use-smram-struct-for-64-bit-smr.patch b/patches/kernel/0020-KVM-x86-emulator-smm-use-smram-struct-for-64-bit-smr.patch similarity index 97% rename from patches/kernel/0023-KVM-x86-emulator-smm-use-smram-struct-for-64-bit-smr.patch rename to patches/kernel/0020-KVM-x86-emulator-smm-use-smram-struct-for-64-bit-smr.patch index 79a1240..38d578c 100644 --- a/patches/kernel/0023-KVM-x86-emulator-smm-use-smram-struct-for-64-bit-smr.patch +++ b/patches/kernel/0020-KVM-x86-emulator-smm-use-smram-struct-for-64-bit-smr.patch @@ -16,7 +16,7 @@ Signed-off-by: Thomas Lamprecht 2 files changed, 62 insertions(+), 101 deletions(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index 616337ad077c..72e895b0b61a 100644 +index 0dd18d66f3b7..37c1662b5508 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -2357,24 +2357,16 @@ static void rsm_load_seg_32(struct x86_emulate_ctxt *ctxt, @@ -154,10 +154,10 @@ index 616337ad077c..72e895b0b61a 100644 #endif ret = rsm_load_state_32(ctxt, &smram.smram32); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index c42e8be7b4ab..0f38c8fa4287 100644 +index 23f83e92e6b8..9c95bd0423ab 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -9081,20 +9081,17 @@ static void enter_smm_save_seg_32(struct kvm_vcpu *vcpu, +@@ -9169,20 +9169,17 @@ static void enter_smm_save_seg_32(struct kvm_vcpu *vcpu, } #ifdef CONFIG_X86_64 @@ -185,7 +185,7 @@ index c42e8be7b4ab..0f38c8fa4287 100644 } #endif -@@ -9142,57 +9139,51 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat +@@ -9230,57 +9227,51 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat } #ifdef CONFIG_X86_64 @@ -268,7 +268,7 @@ index c42e8be7b4ab..0f38c8fa4287 100644 } #endif -@@ -9206,7 +9197,7 @@ static void enter_smm(struct kvm_vcpu *vcpu) +@@ -9294,7 +9285,7 @@ static void enter_smm(struct kvm_vcpu *vcpu) memset(smram.bytes, 0, sizeof(smram.bytes)); #ifdef CONFIG_X86_64 if (guest_cpuid_has(vcpu, X86_FEATURE_LM)) diff --git a/patches/kernel/0024-KVM-x86-SVM-use-smram-structs.patch b/patches/kernel/0021-KVM-x86-SVM-use-smram-structs.patch similarity index 93% rename from patches/kernel/0024-KVM-x86-SVM-use-smram-structs.patch rename to patches/kernel/0021-KVM-x86-SVM-use-smram-structs.patch index 52f0152..1897dda 100644 --- a/patches/kernel/0024-KVM-x86-SVM-use-smram-structs.patch +++ b/patches/kernel/0021-KVM-x86-SVM-use-smram-structs.patch @@ -34,10 +34,10 @@ index c4e382af1853..932c0f659468 100644 int alloc_all_memslots_rmaps(struct kvm *kvm); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c -index de82175f0aad..399a7f2e0d1f 100644 +index 703d63ea1398..8742bb38b40f 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c -@@ -4319,15 +4319,11 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram) +@@ -4305,15 +4305,11 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram) struct kvm_host_map map_save; int ret; @@ -55,7 +55,7 @@ index de82175f0aad..399a7f2e0d1f 100644 svm->vmcb->save.rax = vcpu->arch.regs[VCPU_REGS_RAX]; svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP]; -@@ -4366,28 +4362,23 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const union kvm_smram *smram) +@@ -4352,28 +4348,23 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const union kvm_smram *smram) { struct vcpu_svm *svm = to_svm(vcpu); struct kvm_host_map map, map_save; @@ -87,7 +87,7 @@ index de82175f0aad..399a7f2e0d1f 100644 return 1; ret = 1; -@@ -4412,7 +4403,7 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const union kvm_smram *smram) +@@ -4398,7 +4389,7 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const union kvm_smram *smram) vmcb12 = map.hva; nested_load_control_from_vmcb12(svm, &vmcb12->control); diff --git a/patches/kernel/0025-KVM-x86-SVM-don-t-save-SVM-state-to-SMRAM-when-VM-is.patch b/patches/kernel/0022-KVM-x86-SVM-don-t-save-SVM-state-to-SMRAM-when-VM-is.patch similarity index 92% rename from patches/kernel/0025-KVM-x86-SVM-don-t-save-SVM-state-to-SMRAM-when-VM-is.patch rename to patches/kernel/0022-KVM-x86-SVM-don-t-save-SVM-state-to-SMRAM-when-VM-is.patch index db7fb4c..2f063f6 100644 --- a/patches/kernel/0025-KVM-x86-SVM-don-t-save-SVM-state-to-SMRAM-when-VM-is.patch +++ b/patches/kernel/0022-KVM-x86-SVM-don-t-save-SVM-state-to-SMRAM-when-VM-is.patch @@ -19,10 +19,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 9 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c -index 399a7f2e0d1f..cbfd9b23c32b 100644 +index 8742bb38b40f..b11f03673d07 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c -@@ -4322,6 +4322,15 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram) +@@ -4308,6 +4308,15 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram) if (!is_guest_mode(vcpu)) return 0; diff --git a/patches/kernel/0026-KVM-x86-emulator-smm-preserve-interrupt-shadow-in-SM.patch b/patches/kernel/0023-KVM-x86-emulator-smm-preserve-interrupt-shadow-in-SM.patch similarity index 93% rename from patches/kernel/0026-KVM-x86-emulator-smm-preserve-interrupt-shadow-in-SM.patch rename to patches/kernel/0023-KVM-x86-emulator-smm-preserve-interrupt-shadow-in-SM.patch index 24ba648..c5cd841 100644 --- a/patches/kernel/0026-KVM-x86-emulator-smm-preserve-interrupt-shadow-in-SM.patch +++ b/patches/kernel/0023-KVM-x86-emulator-smm-preserve-interrupt-shadow-in-SM.patch @@ -30,7 +30,7 @@ Signed-off-by: Thomas Lamprecht 3 files changed, 32 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index 72e895b0b61a..dbd65ea22e46 100644 +index 37c1662b5508..b70adbee03b7 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -2419,7 +2419,7 @@ static int rsm_load_state_32(struct x86_emulate_ctxt *ctxt, @@ -128,10 +128,10 @@ index 3b37b3e17379..a64c190abf28 100644 __CHECK_SMRAM64_OFFSET(auto_hlt_restart, 0xFEC9); __CHECK_SMRAM64_OFFSET(reserved2, 0xFECA); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 0f38c8fa4287..e6da373339ca 100644 +index 9c95bd0423ab..210a310ee96c 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -7338,6 +7338,11 @@ static void emulator_set_nmi_mask(struct x86_emulate_ctxt *ctxt, bool masked) +@@ -7408,6 +7408,11 @@ static void emulator_set_nmi_mask(struct x86_emulate_ctxt *ctxt, bool masked) static_call(kvm_x86_set_nmi_mask)(emul_to_vcpu(ctxt), masked); } @@ -143,7 +143,7 @@ index 0f38c8fa4287..e6da373339ca 100644 static unsigned emulator_get_hflags(struct x86_emulate_ctxt *ctxt) { return emul_to_vcpu(ctxt)->arch.hflags; -@@ -7407,6 +7412,7 @@ static const struct x86_emulate_ops emulate_ops = { +@@ -7477,6 +7482,7 @@ static const struct x86_emulate_ops emulate_ops = { .guest_has_fxsr = emulator_guest_has_fxsr, .guest_has_rdpid = emulator_guest_has_rdpid, .set_nmi_mask = emulator_set_nmi_mask, @@ -151,7 +151,7 @@ index 0f38c8fa4287..e6da373339ca 100644 .get_hflags = emulator_get_hflags, .exiting_smm = emulator_exiting_smm, .leave_smm = emulator_leave_smm, -@@ -9136,6 +9142,8 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat +@@ -9224,6 +9230,8 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat smram->cr4 = kvm_read_cr4(vcpu); smram->smm_revision = 0x00020000; smram->smbase = vcpu->arch.smbase; @@ -160,7 +160,7 @@ index 0f38c8fa4287..e6da373339ca 100644 } #ifdef CONFIG_X86_64 -@@ -9184,6 +9192,8 @@ static void enter_smm_save_state_64(struct kvm_vcpu *vcpu, struct kvm_smram_stat +@@ -9272,6 +9280,8 @@ static void enter_smm_save_state_64(struct kvm_vcpu *vcpu, struct kvm_smram_stat enter_smm_save_seg_64(vcpu, &smram->ds, VCPU_SREG_DS); enter_smm_save_seg_64(vcpu, &smram->fs, VCPU_SREG_FS); enter_smm_save_seg_64(vcpu, &smram->gs, VCPU_SREG_GS); @@ -169,7 +169,7 @@ index 0f38c8fa4287..e6da373339ca 100644 } #endif -@@ -9220,6 +9230,8 @@ static void enter_smm(struct kvm_vcpu *vcpu) +@@ -9308,6 +9318,8 @@ static void enter_smm(struct kvm_vcpu *vcpu) kvm_set_rflags(vcpu, X86_EFLAGS_FIXED); kvm_rip_write(vcpu, 0x8000); diff --git a/patches/kernel/0027-KVM-SVM-fix-tsc-scaling-cache-logic.patch b/patches/kernel/0024-KVM-SVM-fix-tsc-scaling-cache-logic.patch similarity index 92% rename from patches/kernel/0027-KVM-SVM-fix-tsc-scaling-cache-logic.patch rename to patches/kernel/0024-KVM-SVM-fix-tsc-scaling-cache-logic.patch index a5af35e..942391f 100644 --- a/patches/kernel/0027-KVM-SVM-fix-tsc-scaling-cache-logic.patch +++ b/patches/kernel/0024-KVM-SVM-fix-tsc-scaling-cache-logic.patch @@ -42,10 +42,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c -index cbfd9b23c32b..14d6cad2afdc 100644 +index b11f03673d07..11a9d3aef354 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c -@@ -472,11 +472,24 @@ static int has_svm(void) +@@ -466,11 +466,24 @@ static int has_svm(void) return 1; } @@ -71,7 +71,7 @@ index cbfd9b23c32b..14d6cad2afdc 100644 cpu_svm_disable(); -@@ -518,8 +531,7 @@ static int svm_hardware_enable(void) +@@ -512,8 +525,7 @@ static int svm_hardware_enable(void) wrmsrl(MSR_VM_HSAVE_PA, __sme_page_pa(sd->save_area)); if (static_cpu_has(X86_FEATURE_TSCRATEMSR)) { @@ -81,7 +81,7 @@ index cbfd9b23c32b..14d6cad2afdc 100644 } -@@ -1132,9 +1144,10 @@ static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) +@@ -1126,9 +1138,10 @@ static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) static void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier) { @@ -93,7 +93,7 @@ index cbfd9b23c32b..14d6cad2afdc 100644 /* Evaluate instruction intercepts that depend on guest CPUID features. */ static void svm_recalc_instruction_intercepts(struct kvm_vcpu *vcpu, struct vcpu_svm *svm) -@@ -1457,13 +1470,8 @@ static void svm_prepare_guest_switch(struct kvm_vcpu *vcpu) +@@ -1452,13 +1465,8 @@ static void svm_prepare_guest_switch(struct kvm_vcpu *vcpu) vmsave(__sme_page_pa(sd->save_area)); } diff --git a/patches/kernel/0028-ext4-fix-check-for-block-being-out-of-directory-size.patch b/patches/kernel/0028-ext4-fix-check-for-block-being-out-of-directory-size.patch deleted file mode 100644 index e9dc9c9..0000000 --- a/patches/kernel/0028-ext4-fix-check-for-block-being-out-of-directory-size.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Jan Kara -Date: Mon, 22 Aug 2022 13:48:32 +0200 -Subject: [PATCH] ext4: fix check for block being out of directory size - -commit 61a1d87a324ad5e3ed27c6699dfc93218fcf3201 upstream. - -The check in __ext4_read_dirblock() for block being outside of directory -size was wrong because it compared block number against directory size -in bytes. Fix it. - -Fixes: 65f8ea4cd57d ("ext4: check if directory block is within i_size") -CVE: CVE-2022-1184 -CC: stable@vger.kernel.org -Signed-off-by: Jan Kara -Reviewed-by: Lukas Czerner -Link: https://lore.kernel.org/r/20220822114832.1482-1-jack@suse.cz -Signed-off-by: Theodore Ts'o -Signed-off-by: Greg Kroah-Hartman -Signed-off-by: Thomas Lamprecht ---- - fs/ext4/namei.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c -index 7d3ec39121f7..86ee0e0eef67 100644 ---- a/fs/ext4/namei.c -+++ b/fs/ext4/namei.c -@@ -126,7 +126,7 @@ static struct buffer_head *__ext4_read_dirblock(struct inode *inode, - struct ext4_dir_entry *dirent; - int is_dx_block = 0; - -- if (block >= inode->i_size) { -+ if (block >= inode->i_size >> inode->i_blkbits) { - ext4_error_inode(inode, func, line, block, - "Attempting to read directory block (%u) that is past i_size (%llu)", - block, inode->i_size); diff --git a/patches/kernel/0029-drm-virtio-Correct-drm_gem_shmem_get_sg_table-error-.patch b/patches/kernel/0029-drm-virtio-Correct-drm_gem_shmem_get_sg_table-error-.patch deleted file mode 100644 index ba40121..0000000 --- a/patches/kernel/0029-drm-virtio-Correct-drm_gem_shmem_get_sg_table-error-.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Dmitry Osipenko -Date: Thu, 30 Jun 2022 23:07:18 +0300 -Subject: [PATCH] drm/virtio: Correct drm_gem_shmem_get_sg_table() error - handling - -[ Upstream commit 64b88afbd92fbf434759d1896a7cf705e1c00e79 ] - -Previous commit fixed checking of the ERR_PTR value returned by -drm_gem_shmem_get_sg_table(), but it missed to zero out the shmem->pages, -which will crash virtio_gpu_cleanup_object(). Add the missing zeroing of -the shmem->pages. - -Fixes: c24968734abf ("drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init") -Reviewed-by: Emil Velikov -Signed-off-by: Dmitry Osipenko -Link: http://patchwork.freedesktop.org/patch/msgid/20220630200726.1884320-2-dmitry.osipenko@collabora.com -Signed-off-by: Gerd Hoffmann -Signed-off-by: Sasha Levin -Signed-off-by: Thomas Lamprecht ---- - drivers/gpu/drm/virtio/virtgpu_object.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/drivers/gpu/drm/virtio/virtgpu_object.c b/drivers/gpu/drm/virtio/virtgpu_object.c -index 9af9f355e0a7..826ba2222062 100644 ---- a/drivers/gpu/drm/virtio/virtgpu_object.c -+++ b/drivers/gpu/drm/virtio/virtgpu_object.c -@@ -169,6 +169,7 @@ static int virtio_gpu_object_shmem_init(struct virtio_gpu_device *vgdev, - shmem->pages = drm_gem_shmem_get_sg_table(&bo->base); - if (IS_ERR(shmem->pages)) { - drm_gem_shmem_unpin(&bo->base); -+ shmem->pages = NULL; - return PTR_ERR(shmem->pages); - } - diff --git a/patches/kernel/0030-netfilter-nf_tables-relax-NFTA_SET_ELEM_KEY_END-set-.patch b/patches/kernel/0030-netfilter-nf_tables-relax-NFTA_SET_ELEM_KEY_END-set-.patch deleted file mode 100644 index 9f62524..0000000 --- a/patches/kernel/0030-netfilter-nf_tables-relax-NFTA_SET_ELEM_KEY_END-set-.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Mon, 17 Oct 2022 14:12:58 +0200 -Subject: [PATCH] netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags - requirements - -[ Upstream commit 96df8360dbb435cc69f7c3c8db44bf8b1c24cd7b ] - -Otherwise EINVAL is bogusly reported to userspace when deleting a set -element. NFTA_SET_ELEM_KEY_END does not need to be set in case of: - -- insertion: if not present, start key is used as end key. -- deletion: only start key needs to be specified, end key is ignored. - -Hence, relax the sanity check. - -Fixes: 88cccd908d51 ("netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flags") -Signed-off-by: Pablo Neira Ayuso -Signed-off-by: Sasha Levin -Signed-off-by: Thomas Lamprecht ---- - net/netfilter/nf_tables_api.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c -index 460ad341d160..f7a5b8414423 100644 ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -5720,8 +5720,9 @@ static bool nft_setelem_valid_key_end(const struct nft_set *set, - (NFT_SET_CONCAT | NFT_SET_INTERVAL)) { - if (flags & NFT_SET_ELEM_INTERVAL_END) - return false; -- if (!nla[NFTA_SET_ELEM_KEY_END] && -- !(flags & NFT_SET_ELEM_CATCHALL)) -+ -+ if (nla[NFTA_SET_ELEM_KEY_END] && -+ flags & NFT_SET_ELEM_CATCHALL) - return false; - } else { - if (nla[NFTA_SET_ELEM_KEY_END]) diff --git a/submodules/ubuntu-jammy b/submodules/ubuntu-jammy index 4f32dea..8c53ac6 160000 --- a/submodules/ubuntu-jammy +++ b/submodules/ubuntu-jammy @@ -1 +1 @@ -Subproject commit 4f32dead2e302c1fdd963831e8ad6096248ae4e2 +Subproject commit 8c53ac60ea5695a4650f28f7344bec01e1c48c8f