From a13100d5f167dc5a7dcce5553a3e54822e973f95 Mon Sep 17 00:00:00 2001 From: Michal Kubecek Date: Aug 02 2021 21:00:23 +0000 Subject: Merge branch 'users/jziviani/SLE15-SP2/for-next' into SLE15-SP2 Pull kvm fixes from Jose R. Ziviani. --- diff --git a/patches.suse/kvm-i8254-remove-redundant-assignment-to-pointer-s.patch b/patches.suse/kvm-i8254-remove-redundant-assignment-to-pointer-s.patch new file mode 100644 index 0000000..15ae679 --- /dev/null +++ b/patches.suse/kvm-i8254-remove-redundant-assignment-to-pointer-s.patch @@ -0,0 +1,35 @@ +From: Colin Ian King +Date: Wed, 10 Jun 2020 00:31:21 +0100 +Subject: kvm: i8254: remove redundant assignment to pointer s +Git-commit: cd18eaeaffa6e5291cdbcd591334d577c4e897df +Patch-mainline: v5.8-rc1 +References: bsc#1188770 + +The pointer s is being assigned a value that is never read, the +assignment is redundant and can be removed. + +Addresses-Coverity: ("Unused value") +Signed-off-by: Colin Ian King +Message-Id: <20200609233121.1118683-1-colin.king@canonical.com> +Fixes: 7837699fa6d7 ("KVM: In kernel PIT model") +Signed-off-by: Paolo Bonzini +Signed-off-by: Jose R. Ziviani +--- + arch/x86/kvm/i8254.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c +index 4a6dc54cc12b..bf49f8084086 100644 +--- a/arch/x86/kvm/i8254.c ++++ b/arch/x86/kvm/i8254.c +@@ -450,7 +450,6 @@ static int pit_ioport_write(struct kvm_vcpu *vcpu, + if (channel == 3) { + /* Read-Back Command. */ + for (channel = 0; channel < 3; channel++) { +- s = &pit_state->channels[channel]; + if (val & (2 << channel)) { + if (!(val & 0x20)) + pit_latch_count(pit, channel); +-- +2.32.0 + diff --git a/patches.suse/kvm-lapic-prevent-setting-the-tscdeadline-timer-if-t.patch b/patches.suse/kvm-lapic-prevent-setting-the-tscdeadline-timer-if-t.patch new file mode 100644 index 0000000..545f1a1 --- /dev/null +++ b/patches.suse/kvm-lapic-prevent-setting-the-tscdeadline-timer-if-t.patch @@ -0,0 +1,36 @@ +From: Wanpeng Li +Date: Fri, 31 Jul 2020 11:12:19 +0800 +Subject: KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw + disabled +Git-commit: d2286ba7d574ba3103a421a2f9ec17cb5b0d87a1 +Patch-mainline: v5.8 +References: bsc#1188771 + +Prevent setting the tscdeadline timer if the lapic is hw disabled. + +Fixes: bce87cce88 (KVM: x86: consolidate different ways to test for in-kernel LAPIC) +Cc: +Signed-off-by: Wanpeng Li +Message-Id: <1596165141-28874-1-git-send-email-wanpengli@tencent.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Jose R. Ziviani +--- + arch/x86/kvm/lapic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c +index 77cf8818aa40..19068fae8f97 100644 +--- a/arch/x86/kvm/lapic.c ++++ b/arch/x86/kvm/lapic.c +@@ -2090,7 +2090,7 @@ void kvm_set_lapic_tscdeadline_msr(struct kvm_vcpu *vcpu, u64 data) + { + struct kvm_lapic *apic = vcpu->arch.apic; + +- if (!lapic_in_kernel(vcpu) || apic_lvtt_oneshot(apic) || ++ if (!kvm_apic_present(vcpu) || apic_lvtt_oneshot(apic) || + apic_lvtt_period(apic)) + return; + +-- +2.32.0 + diff --git a/patches.suse/kvm-lapic-restore-guard-to-prevent-illegal-apic-regi.patch b/patches.suse/kvm-lapic-restore-guard-to-prevent-illegal-apic-regi.patch new file mode 100644 index 0000000..b829267 --- /dev/null +++ b/patches.suse/kvm-lapic-restore-guard-to-prevent-illegal-apic-regi.patch @@ -0,0 +1,41 @@ +From: Jim Mattson +Date: Wed, 2 Jun 2021 13:52:24 -0700 +Subject: kvm: LAPIC: Restore guard to prevent illegal APIC register access +Git-commit: 218bf772bddd221489c38dde6ef8e917131161f6 +Patch-mainline: v5.13-rc7 +References: bsc#1188772 + +Per the SDM, "any access that touches bytes 4 through 15 of an APIC +register may cause undefined behavior and must not be executed." +Worse, such an access in kvm_lapic_reg_read can result in a leak of +kernel stack contents. Prior to commit 01402cf81051 ("kvm: LAPIC: +write down valid APIC registers"), such an access was explicitly +disallowed. Restore the guard that was removed in that commit. + +Fixes: 01402cf81051 ("kvm: LAPIC: write down valid APIC registers") +Signed-off-by: Jim Mattson +Reported-by: syzbot +Message-Id: <20210602205224.3189316-1-jmattson@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Jose R. Ziviani +--- + arch/x86/kvm/lapic.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c +index 19068fae8f97..c935c28b4b00 100644 +--- a/arch/x86/kvm/lapic.c ++++ b/arch/x86/kvm/lapic.c +@@ -1337,6 +1337,9 @@ int kvm_lapic_reg_read(struct kvm_lapic *apic, u32 offset, int len, + if (!apic_x2apic_mode(apic)) + valid_reg_mask |= APIC_REG_MASK(APIC_ARBPRI); + ++ if (alignment + len > 4) ++ return 1; ++ + if (offset > 0x3f0 || !(valid_reg_mask & APIC_REG_MASK(offset))) + return 1; + +-- +2.32.0 + diff --git a/patches.suse/kvm-nvmx-consult-only-the-basic-exit-reason-when-rou.patch b/patches.suse/kvm-nvmx-consult-only-the-basic-exit-reason-when-rou.patch new file mode 100644 index 0000000..1190e1e --- /dev/null +++ b/patches.suse/kvm-nvmx-consult-only-the-basic-exit-reason-when-rou.patch @@ -0,0 +1,54 @@ +From: Sean Christopherson +Date: Thu, 27 Feb 2020 09:44:30 -0800 +Subject: KVM: nVMX: Consult only the "basic" exit reason when routing nested + exit +Git-commit: 2ebac8bb3c2d35f5135466490fc8eeaf3f3e2d37 +Patch-mainline: v5.8-rc1 +References: bsc#1188773 + +Consult only the basic exit reason, i.e. bits 15:0 of vmcs.EXIT_REASON, +when determining whether a nested VM-Exit should be reflected into L1 or +handled by KVM in L0. + +For better or worse, the switch statement in nested_vmx_exit_reflected() +currently defaults to "true", i.e. reflects any nested VM-Exit without +dedicated logic. Because the case statements only contain the basic +exit reason, any VM-Exit with modifier bits set will be reflected to L1, +even if KVM intended to handle it in L0. + +Practically speaking, this only affects EXIT_REASON_MCE_DURING_VMENTRY, +i.e. a #MC that occurs on nested VM-Enter would be incorrectly routed to +L1, as "failed VM-Entry" is the only modifier that KVM can currently +encounter. The SMM modifiers will never be generated as KVM doesn't +support/employ a SMI Transfer Monitor. Ditto for "exit from enclave", +as KVM doesn't yet support virtualizing SGX, i.e. it's impossible to +enter an enclave in a KVM guest (L1 or L2). + +Fixes: 644d711aa0e1 ("KVM: nVMX: Deciding if L0 or L1 should handle an L2 exit") +Cc: Jim Mattson +Cc: Xiaoyao Li +Cc: stable@vger.kernel.org +Signed-off-by: Sean Christopherson +Message-Id: <20200227174430.26371-1-sean.j.christopherson@intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Jose R. Ziviani +--- + arch/x86/kvm/vmx/nested.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c +index a20083ac1ea3..6ee196da166d 100644 +--- a/arch/x86/kvm/vmx/nested.c ++++ b/arch/x86/kvm/vmx/nested.c +@@ -5380,7 +5380,7 @@ bool nested_vmx_exit_reflected(struct kvm_vcpu *vcpu, u32 exit_reason) + vmcs_read32(VM_EXIT_INTR_ERROR_CODE), + KVM_ISA_VMX); + +- switch (exit_reason) { ++ switch ((u16)exit_reason) { + case EXIT_REASON_EXCEPTION_NMI: + if (is_nmi(intr_info)) + return false; +-- +2.32.0 + diff --git a/patches.suse/kvm-nvmx-ensure-64-bit-shift-when-checking-vmfunc-bi.patch b/patches.suse/kvm-nvmx-ensure-64-bit-shift-when-checking-vmfunc-bi.patch new file mode 100644 index 0000000..7904d40 --- /dev/null +++ b/patches.suse/kvm-nvmx-ensure-64-bit-shift-when-checking-vmfunc-bi.patch @@ -0,0 +1,52 @@ +From: Sean Christopherson +Date: Wed, 9 Jun 2021 16:42:22 -0700 +Subject: KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap +Git-commit: 0e75225dfa4c5d5d51291f54a3d2d5895bad38da +Patch-mainline: v5.14-rc1 +References: bsc#1188774 + +Use BIT_ULL() instead of an open-coded shift to check whether or not a +function is enabled in L1's VMFUNC bitmap. This is a benign bug as KVM +supports only bit 0, and will fail VM-Enter if any other bits are set, +i.e. bits 63:32 are guaranteed to be zero. + +Note, "function" is bounded by hardware as VMFUNC will #UD before taking +a VM-Exit if the function is greater than 63. + +Before: + if ((vmcs12->vm_function_control & (1 << function)) == 0) + 0x000000000001a916 <+118>: mov $0x1,%eax + 0x000000000001a91b <+123>: shl %cl,%eax + 0x000000000001a91d <+125>: cltq + 0x000000000001a91f <+127>: and 0x128(%rbx),%rax + +After: + if (!(vmcs12->vm_function_control & BIT_ULL(function & 63))) + 0x000000000001a955 <+117>: mov 0x128(%rbx),%rdx + 0x000000000001a95c <+124>: bt %rax,%rdx + +Fixes: 27c42a1bb867 ("KVM: nVMX: Enable VMFUNC for the L1 hypervisor") +Signed-off-by: Sean Christopherson +Message-Id: <20210609234235.1244004-3-seanjc@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Jose R. Ziviani +--- + arch/x86/kvm/vmx/nested.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c +index 14093234438f..f3f4cc7f8e09 100644 +--- a/arch/x86/kvm/vmx/nested.c ++++ b/arch/x86/kvm/vmx/nested.c +@@ -5121,7 +5121,7 @@ static int handle_vmfunc(struct kvm_vcpu *vcpu) + } + + vmcs12 = get_vmcs12(vcpu); +- if ((vmcs12->vm_function_control & (1 << function)) == 0) ++ if (!(vmcs12->vm_function_control & BIT_ULL(function))) + goto fail; + + switch (function) { +-- +2.32.0 + diff --git a/patches.suse/kvm-nvmx-preserve-exception-priority-irrespective-of.patch b/patches.suse/kvm-nvmx-preserve-exception-priority-irrespective-of.patch new file mode 100644 index 0000000..b63b363 --- /dev/null +++ b/patches.suse/kvm-nvmx-preserve-exception-priority-irrespective-of.patch @@ -0,0 +1,82 @@ +From: Sean Christopherson +Date: Wed, 22 Apr 2020 19:25:38 -0700 +Subject: KVM: nVMX: Preserve exception priority irrespective of exiting + behavior +Git-commit: 6ce347af1499deff5890a52aedacd451330af706 +Patch-mainline: v5.8-rc1 +References: bsc#1188777 + +Short circuit vmx_check_nested_events() if an exception is pending and +needs to be injected into L2, priority between coincident events is not +dependent on exiting behavior. This fixes a bug where a single-step #DB +that is not intercepted by L1 is incorrectly dropped due to servicing a +VMX Preemption Timer VM-Exit. + +Injected exceptions also need to be blocked if nested VM-Enter is +pending or an exception was already injected, otherwise injecting the +exception could overwrite an existing event injection from L1. +Technically, this scenario should be impossible, i.e. KVM shouldn't +inject its own exception during nested VM-Enter. This will be addressed +in a future patch. + +Note, event priority between SMI, NMI and INTR is incorrect for L2, e.g. +SMI should take priority over VM-Exit on NMI/INTR, and NMI that is +injected into L2 should take priority over VM-Exit INTR. This will also +be addressed in a future patch. + +Fixes: b6b8a1451fc4 ("KVM: nVMX: Rework interception of IRQs and NMIs") +Reported-by: Jim Mattson +Cc: Oliver Upton +Cc: Peter Shier +Signed-off-by: Sean Christopherson +Message-Id: <20200423022550.15113-2-sean.j.christopherson@intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Jose R. Ziviani +--- + arch/x86/kvm/vmx/nested.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c +index bd96be3ca456..f047940c1795 100644 +--- a/arch/x86/kvm/vmx/nested.c ++++ b/arch/x86/kvm/vmx/nested.c +@@ -3455,11 +3455,11 @@ static int vmx_check_nested_events(struct kvm_vcpu *vcpu, bool __unused) + /* + * Process any exceptions that are not debug traps before MTF. + */ +- if (vcpu->arch.exception.pending && +- !vmx_pending_dbg_trap(vcpu) && +- nested_vmx_check_exception(vcpu, &exit_qual)) { ++ if (vcpu->arch.exception.pending && !vmx_pending_dbg_trap(vcpu)) { + if (block_nested_events) + return -EBUSY; ++ if (!nested_vmx_check_exception(vcpu, &exit_qual)) ++ goto no_vmexit; + nested_vmx_inject_exception_vmexit(vcpu, exit_qual); + return 0; + } +@@ -3472,10 +3472,11 @@ static int vmx_check_nested_events(struct kvm_vcpu *vcpu, bool __unused) + return 0; + } + +- if (vcpu->arch.exception.pending && +- nested_vmx_check_exception(vcpu, &exit_qual)) { ++ if (vcpu->arch.exception.pending) { + if (block_nested_events) + return -EBUSY; ++ if (!nested_vmx_check_exception(vcpu, &exit_qual)) ++ goto no_vmexit; + nested_vmx_inject_exception_vmexit(vcpu, exit_qual); + return 0; + } +@@ -3510,6 +3511,7 @@ static int vmx_check_nested_events(struct kvm_vcpu *vcpu, bool __unused) + return 0; + } + ++no_vmexit: + vmx_complete_nested_posted_interrupt(vcpu); + return 0; + } +-- +2.32.0 + diff --git a/series.conf b/series.conf index b7adf7b..88888f1 100644 --- a/series.conf +++ b/series.conf @@ -13554,6 +13554,7 @@ patches.suse/kgdb-Fix-spurious-true-from-in_dbg_master.patch patches.suse/kgdb-Drop-malformed-kernel-doc-comment.patch patches.suse/kvm-svm-avoid-infinite-loop-on-npf-from-bad-address + patches.suse/kvm-nvmx-preserve-exception-priority-irrespective-of.patch patches.suse/rcuwait-Let-rcuwait_wake_up-return-whether-or-not-a-.patch patches.suse/kvm-x86-only-do-l1tf-workaround-on-affected-processors patches.suse/kvm-x86-mmu-set-mmio_value-to-0-if-reserved-pf-can-t-be-generated @@ -14199,6 +14200,8 @@ patches.suse/amdgpu-a-NULL-mm-does-not-mean-a-thread-is-a-kthread.patch patches.suse/0001-xen-pvcalls-back-test-for-errors-when-calling-backen.patch patches.suse/KVM-x86-Fix-APIC-page-invalidation-race.patch + patches.suse/kvm-nvmx-consult-only-the-basic-exit-reason-when-rou.patch + patches.suse/kvm-i8254-remove-redundant-assignment-to-pointer-s.patch patches.suse/KVM-arm64-Stop-writing-aarch32-s-CSSELR-into-ACTLR.patch patches.suse/KVM-arm64-Make-vcpu_cp1x-work-on-Big-Endian-hosts.patch patches.suse/pwm-img-Call-pm_runtime_put-in-pm_runtime_get_sync-f.patch @@ -14921,6 +14924,7 @@ patches.suse/bpf-Fix-map-leak-in-HASH_OF_MAPS-map.patch patches.suse/net-bpfilter-Initialize-pos-in-__bpfilter_process_so.patch patches.suse/vxlan-fix-memleak-of-fdb.patch + patches.suse/kvm-lapic-prevent-setting-the-tscdeadline-timer-if-t.patch patches.suse/x86-i8259-Use-printk_deferred-to-prevent-deadlock.patch patches.suse/tpm-Require-that-all-digests-are-present-in-TCG_PCR_.patch patches.suse/btrfs-remove-no-longer-necessary-chunk-mutex-locking.patch @@ -20050,6 +20054,7 @@ patches.suse/dmaengine-mediatek-free-the-proper-desc-in-desc_free.patch patches.suse/dmaengine-mediatek-do-not-issue-a-new-desc-if-one-is.patch patches.suse/dmaengine-mediatek-use-GFP_NOWAIT-instead-of-GFP_ATO.patch + patches.suse/kvm-lapic-restore-guard-to-prevent-illegal-apic-regi.patch patches.suse/usb-dwc3-core-fix-kernel-panic-when-do-reboot.patch patches.suse/usb-core-hub-Disable-autosuspend-for-Cypress-CY7C656.patch patches.suse/tracing-Do-not-stop-recording-cmdlines-when-tracing-is-off.patch @@ -20134,6 +20139,7 @@ patches.suse/hwmon-max31790-Fix-fan-speed-reporting-for-fan7.12.patch patches.suse/hwmon-max31790-Report-correct-current-pwm-duty-cycle.patch patches.suse/hwmon-max31790-Fix-pwmX_enable-attributes.patch + patches.suse/kvm-nvmx-ensure-64-bit-shift-when-checking-vmfunc-bi.patch patches.suse/media-mdk-mdp-fix-pm_runtime_get_sync-usage-count.patch patches.suse/media-sh_vou-fix-pm_runtime_get_sync-usage-count.patch patches.suse/media-mtk-vcodec-fix-PM-runtime-get-logic.patch