--- /dev/null
+From cad4b3d4ab1f062708fff33f44d246853f51e966 Mon Sep 17 00:00:00 2001
+From: Michael Mueller <mimu@linux.ibm.com>
+Date: Tue, 17 Sep 2024 17:18:34 +0200
+Subject: KVM: s390: Change virtual to physical address access in diag 0x258 handler
+
+From: Michael Mueller <mimu@linux.ibm.com>
+
+commit cad4b3d4ab1f062708fff33f44d246853f51e966 upstream.
+
+The parameters for the diag 0x258 are real addresses, not virtual, but
+KVM was using them as virtual addresses. This only happened to work, since
+the Linux kernel as a guest used to have a 1:1 mapping for physical vs
+virtual addresses.
+
+Fix KVM so that it correctly uses the addresses as real addresses.
+
+Cc: stable@vger.kernel.org
+Fixes: 8ae04b8f500b ("KVM: s390: Guest's memory access functions get access registers")
+Suggested-by: Vasily Gorbik <gor@linux.ibm.com>
+Signed-off-by: Michael Mueller <mimu@linux.ibm.com>
+Signed-off-by: Nico Boehr <nrb@linux.ibm.com>
+Reviewed-by: Christian Borntraeger <borntraeger@linux.ibm.com>
+Reviewed-by: Heiko Carstens <hca@linux.ibm.com>
+Link: https://lore.kernel.org/r/20240917151904.74314-3-nrb@linux.ibm.com
+Acked-by: Janosch Frank <frankja@linux.ibm.com>
+Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/s390/kvm/diag.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/s390/kvm/diag.c
++++ b/arch/s390/kvm/diag.c
+@@ -78,7 +78,7 @@ static int __diag_page_ref_service(struc
+ vcpu->stat.diagnose_258++;
+ if (vcpu->run->s.regs.gprs[rx] & 7)
+ return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
+- rc = read_guest(vcpu, vcpu->run->s.regs.gprs[rx], rx, &parm, sizeof(parm));
++ rc = read_guest_real(vcpu, vcpu->run->s.regs.gprs[rx], &parm, sizeof(parm));
+ if (rc)
+ return kvm_s390_inject_prog_cond(vcpu, rc);
+ if (parm.parm_version != 2 || parm.parm_len < 5 || parm.code != 0x258)
--- /dev/null
+From dee3df68ab4b00fff6bdf9fc39541729af37307c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas.weissschuh@linutronix.de>
+Date: Mon, 14 Oct 2024 07:50:07 +0200
+Subject: s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
+
+commit dee3df68ab4b00fff6bdf9fc39541729af37307c upstream.
+
+According to the VT220 specification the possible character combinations
+sent on RETURN are only CR or CRLF [0].
+
+ The Return key sends either a CR character (0/13) or a CR
+ character (0/13) and an LF character (0/10), depending on the
+ set/reset state of line feed/new line mode (LNM).
+
+The sclp/vt220 driver however uses LFCR. This can confuse tools, for
+example the kunit runner.
+
+Link: https://vt100.net/docs/vt220-rm/chapter3.html#S3.2
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Cc: stable@vger.kernel.org
+Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
+Reviewed-by: Sven Schnelle <svens@linux.ibm.com>
+Link: https://lore.kernel.org/r/20241014-s390-kunit-v1-2-941defa765a6@linutronix.de
+Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/s390/char/sclp_vt220.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/s390/char/sclp_vt220.c
++++ b/drivers/s390/char/sclp_vt220.c
+@@ -325,7 +325,7 @@ sclp_vt220_add_msg(struct sclp_vt220_req
+ buffer = (void *) ((addr_t) sccb + sccb->header.length);
+
+ if (convertlf) {
+- /* Perform Linefeed conversion (0x0a -> 0x0a 0x0d)*/
++ /* Perform Linefeed conversion (0x0a -> 0x0d 0x0a)*/
+ for (from=0, to=0;
+ (from < count) && (to < sclp_vt220_space_left(request));
+ from++) {
+@@ -334,8 +334,8 @@ sclp_vt220_add_msg(struct sclp_vt220_req
+ /* Perform conversion */
+ if (c == 0x0a) {
+ if (to + 1 < sclp_vt220_space_left(request)) {
+- ((unsigned char *) buffer)[to++] = c;
+ ((unsigned char *) buffer)[to++] = 0x0d;
++ ((unsigned char *) buffer)[to++] = c;
+ } else
+ break;
+
mm-swapfile-skip-hugetlb-pages-for-unuse_vma.patch
wifi-mac80211-fix-potential-key-use-after-free.patch
kvm-fix-a-data-race-on-last_boosted_vcpu-in-kvm_vcpu_on_spin.patch
+s390-sclp_vt220-convert-newlines-to-crlf-instead-of-lfcr.patch
+kvm-s390-change-virtual-to-physical-address-access-in-diag-0x258-handler.patch
+x86-cpufeatures-define-x86_feature_amd_ibpb_ret.patch
--- /dev/null
+From ff898623af2ed564300752bba83a680a1e4fec8d Mon Sep 17 00:00:00 2001
+From: Jim Mattson <jmattson@google.com>
+Date: Fri, 13 Sep 2024 10:32:27 -0700
+Subject: x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
+
+From: Jim Mattson <jmattson@google.com>
+
+commit ff898623af2ed564300752bba83a680a1e4fec8d upstream.
+
+AMD's initial implementation of IBPB did not clear the return address
+predictor. Beginning with Zen4, AMD's IBPB *does* clear the return address
+predictor. This behavior is enumerated by CPUID.80000008H:EBX.IBPB_RET[30].
+
+Define X86_FEATURE_AMD_IBPB_RET for use in KVM_GET_SUPPORTED_CPUID,
+when determining cross-vendor capabilities.
+
+Suggested-by: Venkatesh Srinivas <venkateshs@chromium.org>
+Signed-off-by: Jim Mattson <jmattson@google.com>
+Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
+Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
+Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: <stable@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/include/asm/cpufeatures.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/include/asm/cpufeatures.h
++++ b/arch/x86/include/asm/cpufeatures.h
+@@ -217,7 +217,7 @@
+ #define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE ( 7*32+23) /* "" Disable Speculative Store Bypass. */
+ #define X86_FEATURE_LS_CFG_SSBD ( 7*32+24) /* "" AMD SSBD implementation via LS_CFG MSR */
+ #define X86_FEATURE_IBRS ( 7*32+25) /* Indirect Branch Restricted Speculation */
+-#define X86_FEATURE_IBPB ( 7*32+26) /* Indirect Branch Prediction Barrier */
++#define X86_FEATURE_IBPB ( 7*32+26) /* "ibpb" Indirect Branch Prediction Barrier without a guaranteed RSB flush */
+ #define X86_FEATURE_STIBP ( 7*32+27) /* Single Thread Indirect Branch Predictors */
+ #define X86_FEATURE_ZEN ( 7*32+28) /* "" CPU is AMD family 0x17 (Zen) */
+ #define X86_FEATURE_L1TF_PTEINV ( 7*32+29) /* "" L1TF workaround PTE inversion */
+@@ -308,6 +308,7 @@
+ #define X86_FEATURE_VIRT_SSBD (13*32+25) /* Virtualized Speculative Store Bypass Disable */
+ #define X86_FEATURE_AMD_SSB_NO (13*32+26) /* "" Speculative Store Bypass is fixed in hardware. */
+ #define X86_FEATURE_BTC_NO (13*32+29) /* "" Not vulnerable to Branch Type Confusion */
++#define X86_FEATURE_AMD_IBPB_RET (13*32+30) /* IBPB clears return address predictor */
+
+ /* Thermal and Power Management Leaf, CPUID level 0x00000006 (EAX), word 14 */
+ #define X86_FEATURE_DTHERM (14*32+ 0) /* Digital Thermal Sensor */
projects / thirdparty / kernel / stable-queue.git / commitdiff
