1. 26 Oct, 2020 4 commits
  2. 25 Oct, 2020 17 commits
  3. 24 Oct, 2020 19 commits
    • Linus Torvalds's avatar
      Merge tag 'block-5.10-2020-10-24' of git://git.kernel.dk/linux-block · d7691390
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - NVMe pull request from Christoph
           - rdma error handling fixes (Chao Leng)
           - fc error handling and reconnect fixes (James Smart)
           - fix the qid displace when tracing ioctl command (Keith Busch)
           - don't use BLK_MQ_REQ_NOWAIT for passthru (Chaitanya Kulkarni)
           - fix MTDT for passthru (Logan Gunthorpe)
           - blacklist Write Same on more devices (Kai-Heng Feng)
           - fix an uninitialized work struct (zhenwei pi)"
      
       - lightnvm out-of-bounds fix (Colin)
      
       - SG allocation leak fix (Doug)
      
       - rnbd fixes (Gioh, Guoqing, Jack)
      
       - zone error translation fixes (Keith)
      
       - kerneldoc markup fix (Mauro)
      
       - zram lockdep fix (Peter)
      
       - Kill unused io_context members (Yufen)
      
       - NUMA memory allocation cleanup (Xianting)
      
       - NBD config wakeup fix (Xiubo)
      
      * tag 'block-5.10-2020-10-24' of git://git.kernel.dk/linux-block: (27 commits)
        block: blk-mq: fix a kernel-doc markup
        nvme-fc: shorten r...
      d7691390
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.10-2020-10-24' of git://git.kernel.dk/linux-block · af004187
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
      
       - fsize was missed in previous unification of work flags
      
       - Few fixes cleaning up the flags unification creds cases (Pavel)
      
       - Fix NUMA affinities for completely unplugged/replugged node for io-wq
      
       - Two fallout fixes from the set_fs changes. One local to io_uring, one
         for the splice entry point that io_uring uses.
      
       - Linked timeout fixes (Pavel)
      
       - Removal of ->flush() ->files work-around that we don't need anymore
         with referenced files (Pavel)
      
       - Various cleanups (Pavel)
      
      * tag 'io_uring-5.10-2020-10-24' of git://git.kernel.dk/linux-block:
        splice: change exported internal do_splice() helper to take kernel offset
        io_uring: make loop_rw_iter() use original user supplied pointers
        io_uring: remove req cancel in ->flush()
        io-wq: re-set NUMA node affinities if CPUs come online
        io_uring: don't reuse linked_timeout
        io_uring: unify fsize with def->work_flags
        io_uring: fix racy REQ_F_LINK_TIMEOUT clearing
        io_uring: do poll's hash_node init in common code
        io_uring: inline io_poll_task_handler()
        io_uring: remove extra ->file check in poll prep
        io_uring: make cached_cq_overflow non atomic_t
        io_uring: inline io_fail_links()
        io_uring: kill ref get/drop in personality init
        io_uring: flags-based creds init in queue
      af004187
    • Linus Torvalds's avatar
      Merge tag 'libata-5.10-2020-10-24' of git://git.kernel.dk/linux-block · cb6b2897
      Linus Torvalds authored
      Pull libata fixes from Jens Axboe:
       "Two minor libata fixes:
      
         - Fix a DMA boundary mask regression for sata_rcar (Geert)
      
         - kerneldoc markup fix (Mauro)"
      
      * tag 'libata-5.10-2020-10-24' of git://git.kernel.dk/linux-block:
        ata: fix some kernel-doc markups
        ata: sata_rcar: Fix DMA boundary mask
      cb6b2897
    • Linus Torvalds's avatar
      Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 0eac1102
      Linus Torvalds authored
      Pull misc vfs updates from Al Viro:
       "Assorted stuff all over the place (the largest group here is
        Christoph's stat cleanups)"
      
      * 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        fs: remove KSTAT_QUERY_FLAGS
        fs: remove vfs_stat_set_lookup_flags
        fs: move vfs_fstatat out of line
        fs: implement vfs_stat and vfs_lstat in terms of vfs_fstatat
        fs: remove vfs_statx_fd
        fs: omfs: use kmemdup() rather than kmalloc+memcpy
        [PATCH] reduce boilerplate in fsid handling
        fs: Remove duplicated flag O_NDELAY occurring twice in VALID_OPEN_FLAGS
        selftests: mount: add nosymfollow tests
        Add a "nosymfollow" mount option.
      0eac1102
    • Linus Torvalds's avatar
      Merge tag 'dma-mapping-5.10-1' of git://git.infradead.org/users/hch/dma-mapping · 1b307ac8
      Linus Torvalds authored
      Pull dma-mapping fixes from Christoph Hellwig:
      
       - document the new dma_{alloc,free}_pages() API
      
       - two fixups for the dma-mapping.h split
      
      * tag 'dma-mapping-5.10-1' of git://git.infradead.org/users/hch/dma-mapping:
        dma-mapping: document dma_{alloc,free}_pages
        dma-mapping: move more functions to dma-map-ops.h
        ARM/sa1111: add a missing include of dma-map-ops.h
      1b307ac8
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 9bf8d8bc
      Linus Torvalds authored
      Pull KVM fixes from Paolo Bonzini:
       "Two fixes for this merge window, and an unrelated bugfix for a host
        hang"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: ioapic: break infinite recursion on lazy EOI
        KVM: vmx: rename pi_init to avoid conflict with paride
        KVM: x86/mmu: Avoid modulo operator on 64-bit value to fix i386 build
      9bf8d8bc
    • Linus Torvalds's avatar
      Merge tag 'x86_seves_fixes_for_v5.10_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · c51ae124
      Linus Torvalds authored
      Pull x86 SEV-ES fixes from Borislav Petkov:
       "Three fixes to SEV-ES to correct setting up the new early pagetable on
        5-level paging machines, to always map boot_params and the kernel
        cmdline, and disable stack protector for ../compressed/head{32,64}.c.
        (Arvind Sankar)"
      
      * tag 'x86_seves_fixes_for_v5.10_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/boot/64: Explicitly map boot_params and command line
        x86/head/64: Disable stack protection for head$(BITS).o
        x86/boot/64: Initialize 5-level paging variables earlier
      c51ae124
    • Willy Tarreau's avatar
      random32: add a selftest for the prandom32 code · c6e169bc
      Willy Tarreau authored
      Given that this code is new, let's add a selftest for it as well.
      It doesn't rely on fixed sets, instead it picks 1024 numbers and
      verifies that they're not more correlated than desired.
      
      Link: https://lore.kernel.org/netdev/20200808152628.GA27941@SDF.ORG/
      
      
      Cc: George Spelvin <lkml@sdf.org>
      Cc: Amit Klein <aksecurity@gmail.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: tytso@mit.edu
      Cc: Florian Westphal <fw@strlen.de>
      Cc: Marc Plumb <lkml.mplumb@gmail.com>
      Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
      c6e169bc
    • Willy Tarreau's avatar
      random32: add noise from network and scheduling activity · 3744741a
      Willy Tarreau authored
      With the removal of the interrupt perturbations in previous random32
      change (random32: make prandom_u32() output unpredictable), the PRNG
      has become 100% deterministic again. While SipHash is expected to be
      way more robust against brute force than the previous Tausworthe LFSR,
      there's still the risk that whoever has even one temporary access to
      the PRNG's internal state is able to predict all subsequent draws till
      the next reseed (roughly every minute). This may happen through a side
      channel attack or any data leak.
      
      This patch restores the spirit of commit f227e3ec ("random32: update
      the net random state on interrupt and activity") in that it will perturb
      the internal PRNG's statee using externally collected noise, except that
      it will not pick that noise from the random pool's bits nor upon
      interrupt, but will rather combine a few elements along the Tx path
      that are collectively hard to predict, such as dev, skb and txq
      pointers, packet length and jiffies values. These ones are combined
      using a single round of SipHash into a single long variable that is
      mixed with the net_rand_state upon each invocation.
      
      The operation was inlined because it produces very small and efficient
      code, typically 3 xor, 2 add and 2 rol. The performance was measured
      to be the same (even very slightly better) than before the switch to
      SipHash; on a 6-core 12-thread Core i7-8700k equipped with a 40G NIC
      (i40e), the connection rate dropped from 556k/s to 555k/s while the
      SYN cookie rate grew from 5.38 Mpps to 5.45 Mpps.
      
      Link: https://lore.kernel.org/netdev/20200808152628.GA27941@SDF.ORG/
      
      
      Cc: George Spelvin <lkml@sdf.org>
      Cc: Amit Klein <aksecurity@gmail.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: tytso@mit.edu
      Cc: Florian Westphal <fw@strlen.de>
      Cc: Marc Plumb <lkml.mplumb@gmail.com>
      Tested-by: default avatarSedat Dilek <sedat.dilek@gmail.com>
      Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
      3744741a
    • George Spelvin's avatar
      random32: make prandom_u32() output unpredictable · c51f8f88
      George Spelvin authored
      Non-cryptographic PRNGs may have great statistical properties, but
      are usually trivially predictable to someone who knows the algorithm,
      given a small sample of their output.  An LFSR like prandom_u32() is
      particularly simple, even if the sample is widely scattered bits.
      
      It turns out the network stack uses prandom_u32() for some things like
      random port numbers which it would prefer are *not* trivially predictable.
      Predictability led to a practical DNS spoofing attack.  Oops.
      
      This patch replaces the LFSR with a homebrew cryptographic PRNG based
      on the SipHash round function, which is in turn seeded with 128 bits
      of strong random key.  (The authors of SipHash have *not* been consulted
      about this abuse of their algorithm.)  Speed is prioritized over security;
      attacks are rare, while performance is always wanted.
      
      Replacing all callers of prandom_u32() is the quick fix.
      Whether to reinstate a weaker PRNG for uses which can tolerate it
      is an open question.
      
      Commit f227e3ec
      
       ("random32: update the net random state on interrupt
      and activity") was an earlier attempt at a solution.  This patch replaces
      it.
      Reported-by: default avatarAmit Klein <aksecurity@gmail.com>
      Cc: Willy Tarreau <w@1wt.eu>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: tytso@mit.edu
      Cc: Florian Westphal <fw@strlen.de>
      Cc: Marc Plumb <lkml.mplumb@gmail.com>
      Fixes: f227e3ec
      
       ("random32: update the net random state on interrupt and activity")
      Signed-off-by: default avatarGeorge Spelvin <lkml@sdf.org>
      Link: https://lore.kernel.org/netdev/20200808152628.GA27941@SDF.ORG/
      [ willy: partial reversal of f227e3ec
      
      ; moved SIPROUND definitions
        to prandom.h for later use; merged George's prandom_seed() proposal;
        inlined siprand_u32(); replaced the net_rand_state[] array with 4
        members to fix a build issue; cosmetic cleanups to make checkpatch
        happy; fixed RANDOM32_SELFTEST build ]
      Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
      c51f8f88
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · b6f96e75
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
      
       - A fix for undetected data corruption on Power9 Nimbus <= DD2.1 in the
         emulation of VSX loads. The affected CPUs were not widely available.
      
       - Two fixes for machine check handling in guests under PowerVM.
      
       - A fix for our recent changes to SMP setup, when
         CONFIG_CPUMASK_OFFSTACK=y.
      
       - Three fixes for races in the handling of some of our powernv sysfs
         attributes.
      
       - One change to remove TM from the set of Power10 CPU features.
      
       - A couple of other minor fixes.
      
      Thanks to: Aneesh Kumar K.V, Christophe Leroy, Ganesh Goudar, Jordan
      Niethe, Mahesh Salgaonkar, Michael Neuling, Oliver O'Halloran, Qian Cai,
      Srikar Dronamraju, Vasant Hegde.
      
      * tag 'powerpc-5.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/pseries: Avoid using addr_to_pfn in real mode
        powerpc/uaccess: Don't use "m<>" constraint with GCC 4.9
        powerpc/eeh: Fix eeh_dev_check_failure() for PE#0
        powerpc/64s: Remove TM from Power10 features
        selftests/powerpc: Make alignment handler test P9N DD2.1 vector CI load workaround
        powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation
        powerpc/powernv/dump: Handle multiple writes to ack attribute
        powerpc/powernv/dump: Fix race while processing OPAL dump
        powerpc/smp: Use GFP_ATOMIC while allocating tmp mask
        powerpc/smp: Remove unnecessary variable
        powerpc/mce: Avoid nmi_enter/exit in real mode on pseries hash
        powerpc/opal_elog: Handle multiple writes to ack attribute
      b6f96e75
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-5.10-mw1' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · 0593c1b4
      Linus Torvalds authored
      Pull more RISC-V updates from Palmer Dabbelt:
       "Just a single patch set: the remainder of Christoph's work to remove
        set_fs, including the RISC-V portion"
      
      * tag 'riscv-for-linus-5.10-mw1' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: remove address space overrides using set_fs()
        riscv: implement __get_kernel_nofault and __put_user_nofault
        riscv: refactor __get_user and __put_user
        riscv: use memcpy based uaccess for nommu again
        asm-generic: make the set_fs implementation optional
        asm-generic: add nommu implementations of __{get,put}_kernel_nofault
        asm-generic: improve the nommu {get,put}_user handling
        uaccess: provide a generic TASK_SIZE_MAX definition
      0593c1b4
    • Linus Torvalds's avatar
      Merge tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 45fe6058
      Linus Torvalds authored
      Pull ARM SoC defconfig updates from Olof Johansson:
       "We keep this in a separate branch to avoid cross-branch conflicts, but
        most of the material here is fairly boring -- some new drivers turned
        on for hardware since they were merged, and some refreshed files due
        to time having moved a lot of entries around"
      
      * tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (33 commits)
        ARM: multi_v7_defconfig: add FMC2 EBI controller support
        arm64: defconfig: enable Qualcomm ASoC modules
        arm64: defconfig: qcom: enable GPU clock controller for SM8[12]50
        arm64: defconfig: enable INTERCONNECT for Qualcomm chipsets
        arm64: defconfig: enable the sl28cpld board management controller
        arm64: defconfig: Enable the eLCDIF and Raydium RM67191 drivers
        arm64: defconfig: Enable Qcom SNPS Femto PHY
        ARM: configs: Update Realview defconfig
        ARM: configs: Update Versatile defconfig
        ARM: config: aspeed_g5: Enable IBM OP Panel driver
        ARM: config: aspeed-g5: Enable I2C GPIO mux driver
        ARM: config: aspeed: Fix selection of media drivers
        arm64: defconfig: Enable Samsung S3FWRN5 NFC driver
        ARM: omap2plus_defconfig: enable generic net options
        ARM: omap2plus_defconfig: enable twl4030_madc as a loadable module
        arm64: defconfig: Enable clock driver for ROHM BD718x7 PMIC
        arm64: defconfig: Build ADMA and ACONNECT driver
        arm64: defconfig: Build AHUB component drivers
        arm64: defconfig: Enable Lontium LT9611 driver
        arm64: defcondfig: Enable USB ACM and FTDI drivers
        ...
      45fe6058
    • Linus Torvalds's avatar
      Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · e533cda1
      Linus Torvalds authored
      Pull ARM Devicetree updates from Olof Johansson:
       "As usual, most of the changes are to devicetrees.
      
        Besides smaller fixes, some refactorings and cleanups, some of the new
        platforms and chips (or significant features) supported are below:
      
        Broadcom boards:
         - Cisco Meraki MR32 (BCM53016-based)
         - BCM2711 (RPi4) display pipeline support
      
        Actions Semi boards:
         - Caninos Loucos Labrador SBC (S500-based)
         - RoseapplePi SBC (S500-based)
      
        Allwinner SoCs/boards:
         - A100 SoC with Perf1 board
         - Mali, DMA, Cetrus and IR support for R40 SoC
      
        Amlogic boards:
         - Libretch S905x CC V2 board
         - Hardkernel ODROID-N2+ board
      
        Aspeed boards/platforms:
         - Wistron Mowgli (AST2500-based, Power9 OpenPower server)
         - Facebook Wedge400 (AST2500-based, ToR switch)
      
        Hisilicon SoC:
         - SD5203 SoC
      
        Nvidia boards:
         - Tegra234 VDK, for pre-silicon Orin SoC
      
        NXP i.MX boards:
         - Librem 5 phone
         - i.MX8MM DDR4 EVK...
      e533cda1
    • Linus Torvalds's avatar
      Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 2e368dd2
      Linus Torvalds authored
      Pull ARM SoC-related driver updates from Olof Johansson:
       "Various driver updates for platforms. A bulk of this is smaller fixes
        or cleanups, but some of the new material this time around is:
      
         - Support for Nvidia Tegra234 SoC
      
         - Ring accelerator support for TI AM65x
      
         - PRUSS driver for TI platforms
      
         - Renesas support for R-Car V3U SoC
      
         - Reset support for Cortex-M4 processor on i.MX8MQ
      
        There are also new socinfo entries for a handful of different SoCs and
        platforms"
      
      * tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (131 commits)
        drm/mediatek: reduce clear event
        soc: mediatek: cmdq: add clear option in cmdq_pkt_wfe api
        soc: mediatek: cmdq: add jump function
        soc: mediatek: cmdq: add write_s_mask value function
        soc: mediatek: cmdq: add write_s value function
        soc: mediatek: cmdq: add read_s function
        soc: mediatek: cmdq: add write_s_mask function
        soc: mediatek: cmdq: add write_s function
        soc: mediatek: cmdq: add address shift in jump
        soc: mediatek: mtk-infracfg: Fix kerneldoc
        soc: amlogic: pm-domains: use always-on flag
        reset: sti: reset-syscfg: fix struct description warnings
        reset: imx7: add the cm4 reset for i.MX8MQ
        dt-bindings: reset: imx8mq: add m4 reset
        reset: Fix and extend kerneldoc
        reset: reset-zynqmp: Added support for Versal platform
        dt-bindings: reset: Updated binding for Versal reset driver
        reset: imx7: Support module build
        soc: fsl: qe: Remove unnessesary check in ucc_set_tdm_rxtx_clk
        soc: fsl: qman: convert to use be32_add_cpu()
        ...
      2e368dd2
    • Linus Torvalds's avatar
      Merge tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · e731f314
      Linus Torvalds authored
      Pull ARM SoC platform updates from Olof Johansson:
       "SoC changes, a substantial part of this is cleanup of some of the
        older platforms that used to have a bunch of board files.
      
        In particular:
      
         - Remove non-DT i.MX platforms that haven't seen activity in years,
           it's time to remove them.
      
         - A bunch of cleanup and removal of platform data for TI/OMAP
           platforms, moving over to genpd for power/reset control (yay!)
      
         - Major cleanup of Samsung S3C24xx and S3C64xx platforms, moving them
           closer to multiplatform support (not quite there yet, but getting
           close).
      
        There are a few other changes too, smaller fixlets, etc. For new
        platform support, the primary ones are:
      
         - New SoC: Hisilicon SD5203, ARM926EJ-S platform.
      
         - Cpufreq support for i.MX7ULP"
      
      * tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (121 commits)
        ARM: mstar: Select MStar intc
        ARM: stm32: Replace HT...
      e731f314
    • Linus Torvalds's avatar
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 1f70935f
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "I had queued up a batch of fixes that got a bit close to the release
        for sending in before the merge window opened, so I'm including them
        in the merge window batch instead.
      
        Mostly smaller DT tweaks and fixes, the usual mix that we tend to have
        through the releases"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
        ARM: dts: iwg20d-q7-common: Fix touch controller probe failure
        ARM: OMAP2+: Restore MPU power domain if cpu_cluster_pm_enter() fails
        ARM: dts: am33xx: modify AM33XX_IOPAD for #pinctrl-cells = 2
        soc: actions: include header to fix missing prototype
        arm64: dts: ti: k3-j721e: Rename mux header and update macro names
        soc: qcom: pdr: Fixup array type of get_domain_list_resp message
        arm64: dts: qcom: pm660: Fix missing pound sign in interrupt-cells
        arm64: dts: qcom: kitakami: Temporarily disable SDHCI1
        arm64: dts: sdm630: Temporarily disable SMMUs by default
        arm64: dts: sdm845: Fixup OPP table for all qup devices
        arm64: dts: allwinner: h5: remove Mali GPU PMU module
        ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator
        soc: xilinx: Fix error code in zynqmp_pm_probe()
      1f70935f
    • Vitaly Kuznetsov's avatar
      KVM: ioapic: break infinite recursion on lazy EOI · 77377064
      Vitaly Kuznetsov authored
      During shutdown the IOAPIC trigger mode is reset to edge triggered
      while the vfio-pci INTx is still registered with a resampler.
      This allows us to get into an infinite loop:
      
      ioapic_set_irq
        -> ioapic_lazy_update_eoi
        -> kvm_ioapic_update_eoi_one
        -> kvm_notify_acked_irq
        -> kvm_notify_acked_gsi
        -> (via irq_acked fn ptr) irqfd_resampler_ack
        -> kvm_set_irq
        -> (via set fn ptr) kvm_set_ioapic_irq
        -> kvm_ioapic_set_irq
        -> ioapic_set_irq
      
      Commit 8be8f932 ("kvm: ioapic: Restrict lazy EOI update to
      edge-triggered interrupts", 2020-05-04) acknowledges that this recursion
      loop exists and tries to avoid it at the call to ioapic_lazy_update_eoi,
      but at this point the scenario is already set, we have an edge interrupt
      with resampler on the same gsi.
      
      Fortunately, the only user of irq ack notifiers (in addition to resamplefd)
      is i8254 timer interrupt reinjection.  These are edge-triggered, so in
      principle they would need the call to kvm_ioapic_update_eoi_one from
      ioapic_lazy_update_eoi, but they already disable AVIC(*), so they don't
      need the lazy EOI behavior.  Therefore, remove the call to
      kvm_ioapic_update_eoi_one from ioapic_lazy_update_eoi.
      
      This fixes CVE-2020-27152.  Note that this issue cannot happen with
      SR-IOV assigned devices because virtual functions do not have INTx,
      only MSI.
      
      Fixes: f458d039
      
       ("kvm: ioapic: Lazy update IOAPIC EOI")
      Suggested-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Tested-by: default avatarAlex Williamson <alex.williamson@redhat.com>
      Signed-off-by: default avatarVitaly Kuznetsov <vkuznets@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      77377064
    • Paolo Bonzini's avatar
      KVM: vmx: rename pi_init to avoid conflict with paride · a3ff25fc
      Paolo Bonzini authored
      allyesconfig results in:
      
      ld: drivers/block/paride/paride.o: in function `pi_init':
      (.text+0x1340): multiple definition of `pi_init'; arch/x86/kvm/vmx/posted_intr.o:posted_intr.c:(.init.text+0x0): first defined here
      make: *** [Makefile:1164: vmlinux] Error 1
      
      because commit:
      
      commit 8888cdd0
      
      
      Author: Xiaoyao Li <xiaoyao.li@intel.com>
      Date:   Wed Sep 23 11:31:11 2020 -0700
      
          KVM: VMX: Extract posted interrupt support to separate files
      
      added another pi_init(), though one already existed in the paride code.
      Reported-by: default avatarJens Axboe <axboe@kernel.dk>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      a3ff25fc