From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0818F20297C; Fri, 15 May 2026 16:10:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778861413; cv=none; b=eUpdKS87dAhmfpPdAh4dbrlZsQqp/55RVDBfO52FZX4Yk6eEeprmTxvrFGWRu0t+GIC2FQCkXfRTTk6q50qajqnXPqkK1cWgOwstPtVGG3VqZW71yG1jKTq7U/rZrqVzgc7puEEifJfNWTxaAXMI1Ez6VYnazpPpEFXliMSAx6U= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778861413; c=relaxed/simple; bh=Q4gfd8/8a/PFoQTmhcskWfx91tpyQLdqnZAvA0JW+Ig=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=X8JEMqrcM+5n3lvpYN2fmYqQsr3qhzm/1pA1VSpyYmTYSQOL/DaI4GHmgK7wG2Tc7NJRtqXwVjtwfxzjgetK9WaCnjuX1EGSf98vArmtI9RD+UfK067ghUFj54fSpcMgEjU7NuJ0bINJ5u2xShvfJKXoQ/7feRav2IcpERMybqM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=CxqOhxMv; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="CxqOhxMv" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6CCA8C2BCB0; Fri, 15 May 2026 16:10:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1778861412; bh=Q4gfd8/8a/PFoQTmhcskWfx91tpyQLdqnZAvA0JW+Ig=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CxqOhxMvGRJkc+/tWdgakueWknNI1IoCT7HxYLwgQKWtOBS3zbBYapjQMSt5KPMri 5fgbJoW6y60QEltgrtrypLT9NN9CnDFUWY0PCjbGuYsGaY516MRY9i1RqCYpGfnfFI 6qmhfzHnoShP6V2s7Pyi1KNIyCUCPETNGHCEaANc= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, David Woodhouse , Marc Zyngier Subject: [PATCH 6.6 292/474] KVM: arm64: vgic: Fix IIDR revision field extracted from wrong value Date: Fri, 15 May 2026 17:46:41 +0200 Message-ID: <20260515154721.318546558@linuxfoundation.org> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260515154715.053014143@linuxfoundation.org> References: <20260515154715.053014143@linuxfoundation.org> User-Agent: quilt/0.69 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 6.6-stable review patch. If anyone has any objections, please let me know. ------------------ From: David Woodhouse commit a0e6ae45af17e8b27958830595799c702ffbab8d upstream. The uaccess write handlers for GICD_IIDR in both GICv2 and GICv3 extract the revision field from 'reg' (the current IIDR value read back from the emulated distributor) instead of 'val' (the value userspace is trying to write). This means userspace can never actually change the implementation revision — the extracted value is always the current one. Fix the FIELD_GET to use 'val' so that userspace can select a different revision for migration compatibility. Fixes: 49a1a2c70a7f ("KVM: arm64: vgic-v3: Advertise GICR_CTLR.{IR, CES} as a new GICD_IIDR revision") Signed-off-by: David Woodhouse Link: https://patch.msgid.link/20260407210949.2076251-2-dwmw2@infradead.org Signed-off-by: Marc Zyngier Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman --- arch/arm64/kvm/vgic/vgic-mmio-v2.c | 2 +- arch/arm64/kvm/vgic/vgic-mmio-v3.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/arch/arm64/kvm/vgic/vgic-mmio-v2.c +++ b/arch/arm64/kvm/vgic/vgic-mmio-v2.c @@ -91,7 +91,7 @@ static int vgic_mmio_uaccess_write_v2_mi * migration from old kernels to new kernels with legacy * userspace. */ - reg = FIELD_GET(GICD_IIDR_REVISION_MASK, reg); + reg = FIELD_GET(GICD_IIDR_REVISION_MASK, val); switch (reg) { case KVM_VGIC_IMP_REV_2: case KVM_VGIC_IMP_REV_3: --- a/arch/arm64/kvm/vgic/vgic-mmio-v3.c +++ b/arch/arm64/kvm/vgic/vgic-mmio-v3.c @@ -167,7 +167,7 @@ static int vgic_mmio_uaccess_write_v3_mi if ((reg ^ val) & ~GICD_IIDR_REVISION_MASK) return -EINVAL; - reg = FIELD_GET(GICD_IIDR_REVISION_MASK, reg); + reg = FIELD_GET(GICD_IIDR_REVISION_MASK, val); switch (reg) { case KVM_VGIC_IMP_REV_2: case KVM_VGIC_IMP_REV_3: