--- /dev/null
+From paulus@ozlabs.org Thu Aug 3 12:20:26 2017
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Mon, 31 Jul 2017 10:43:37 +1000
+Subject: KVM: PPC: Book3S HV: Reload HTM registers explicitly
+To: stable@vger.kernel.org
+Message-ID: <20170731004337.girl42lozwohoobi@oak.ozlabs.ibm.com>
+Content-Disposition: inline
+
+From: Paul Mackerras <paulus@ozlabs.org>
+
+Commit 46a704f8409f ("KVM: PPC: Book3S HV: Preserve userspace HTM
+state properly", 2017-06-15) added code which assumes that the kernel
+is able to handle a TM (transactional memory) unavailable interrupt
+from userspace by reloading the TM-related registers and enabling TM
+for the process. That ability was added in the 4.9 kernel; earlier
+kernel versions simply panic on getting the TM unavailable interrupt.
+
+Since commit 46a704f8409f has been backported to the 4.4 stable tree
+as commit 824b9506e4f2, 4.4.75 and subsequent versions are vulnerable
+to a userspace-triggerable panic.
+
+This patch fixes the problem by explicitly reloading the TM-related
+registers before returning to userspace, rather than disabling TM
+for the process.
+
+Commit 46a704f8409f also failed to enable TM for the kernel, leading
+to a TM unavailable interrupt in the kernel, causing an oops. This
+fixes that problem too, by enabling TM before accessing the TM
+registers. That problem is fixed upstream by the patch "KVM: PPC:
+Book3S HV: Enable TM before accessing TM registers".
+
+Fixes: 824b9506e4f2 ("KVM: PPC: Book3S HV: Preserve userspace HTM state properly")
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/powerpc/kvm/book3s_hv.c | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+--- a/arch/powerpc/kvm/book3s_hv.c
++++ b/arch/powerpc/kvm/book3s_hv.c
+@@ -2711,10 +2711,11 @@ static int kvmppc_vcpu_run_hv(struct kvm
+ run->fail_entry.hardware_entry_failure_reason = 0;
+ return -EINVAL;
+ }
++ /* Enable TM so we can read the TM SPRs */
++ mtmsr(mfmsr() | MSR_TM);
+ current->thread.tm_tfhar = mfspr(SPRN_TFHAR);
+ current->thread.tm_tfiar = mfspr(SPRN_TFIAR);
+ current->thread.tm_texasr = mfspr(SPRN_TEXASR);
+- current->thread.regs->msr &= ~MSR_TM;
+ }
+ #endif
+
+@@ -2782,6 +2783,19 @@ static int kvmppc_vcpu_run_hv(struct kvm
+ }
+ mtspr(SPRN_VRSAVE, user_vrsave);
+
++ /*
++ * Since we don't do lazy TM reload, we need to reload
++ * the TM registers here.
++ */
++#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
++ if (cpu_has_feature(CPU_FTR_TM) && current->thread.regs &&
++ (current->thread.regs->msr & MSR_TM)) {
++ mtspr(SPRN_TFHAR, current->thread.tm_tfhar);
++ mtspr(SPRN_TFIAR, current->thread.tm_tfiar);
++ mtspr(SPRN_TEXASR, current->thread.tm_texasr);
++ }
++#endif
++
+ out:
+ vcpu->arch.state = KVMPPC_VCPU_NOTREADY;
+ atomic_dec(&vcpu->kvm->arch.vcpus_running);
--- /dev/null
+From 7ceaa6dcd8c6f59588428cec37f3c8093dd1011f Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Fri, 16 Jun 2017 11:53:19 +1000
+Subject: KVM: PPC: Book3S HV: Save/restore host values of debug registers
+
+From: Paul Mackerras <paulus@ozlabs.org>
+
+commit 7ceaa6dcd8c6f59588428cec37f3c8093dd1011f upstream.
+
+At present, HV KVM on POWER8 and POWER9 machines loses any instruction
+or data breakpoint set in the host whenever a guest is run.
+Instruction breakpoints are currently only used by xmon, but ptrace
+and the perf_event subsystem can set data breakpoints as well as xmon.
+
+To fix this, we save the host values of the debug registers (CIABR,
+DAWR and DAWRX) before entering the guest and restore them on exit.
+To provide space to save them in the stack frame, we expand the stack
+frame allocated by kvmppc_hv_entry() from 112 to 144 bytes.
+
+[paulus@ozlabs.org - Adjusted stack offsets since we aren't saving
+ POWER9-specific registers.]
+
+Fixes: b005255e12a3 ("KVM: PPC: Book3S HV: Context-switch new POWER8 SPRs", 2014-01-08)
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/powerpc/kvm/book3s_hv_rmhandlers.S | 39 ++++++++++++++++++++++++++------
+ 1 file changed, 32 insertions(+), 7 deletions(-)
+
+--- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
++++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
+@@ -36,6 +36,13 @@
+ #define NAPPING_CEDE 1
+ #define NAPPING_NOVCPU 2
+
++/* Stack frame offsets for kvmppc_hv_entry */
++#define SFS 112
++#define STACK_SLOT_TRAP (SFS-4)
++#define STACK_SLOT_CIABR (SFS-16)
++#define STACK_SLOT_DAWR (SFS-24)
++#define STACK_SLOT_DAWRX (SFS-32)
++
+ /*
+ * Call kvmppc_hv_entry in real mode.
+ * Must be called with interrupts hard-disabled.
+@@ -274,10 +281,10 @@ kvm_novcpu_exit:
+ bl kvmhv_accumulate_time
+ #endif
+ 13: mr r3, r12
+- stw r12, 112-4(r1)
++ stw r12, STACK_SLOT_TRAP(r1)
+ bl kvmhv_commence_exit
+ nop
+- lwz r12, 112-4(r1)
++ lwz r12, STACK_SLOT_TRAP(r1)
+ b kvmhv_switch_to_host
+
+ /*
+@@ -489,7 +496,7 @@ kvmppc_hv_entry:
+ */
+ mflr r0
+ std r0, PPC_LR_STKOFF(r1)
+- stdu r1, -112(r1)
++ stdu r1, -SFS(r1)
+
+ /* Save R1 in the PACA */
+ std r1, HSTATE_HOST_R1(r13)
+@@ -643,6 +650,16 @@ kvmppc_got_guest:
+ mtspr SPRN_PURR,r7
+ mtspr SPRN_SPURR,r8
+
++ /* Save host values of some registers */
++BEGIN_FTR_SECTION
++ mfspr r5, SPRN_CIABR
++ mfspr r6, SPRN_DAWR
++ mfspr r7, SPRN_DAWRX
++ std r5, STACK_SLOT_CIABR(r1)
++ std r6, STACK_SLOT_DAWR(r1)
++ std r7, STACK_SLOT_DAWRX(r1)
++END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
++
+ BEGIN_FTR_SECTION
+ /* Set partition DABR */
+ /* Do this before re-enabling PMU to avoid P7 DABR corruption bug */
+@@ -1266,8 +1283,6 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
+ */
+ li r0, 0
+ mtspr SPRN_IAMR, r0
+- mtspr SPRN_CIABR, r0
+- mtspr SPRN_DAWRX, r0
+ mtspr SPRN_PSPB, r0
+ mtspr SPRN_TCSCR, r0
+ mtspr SPRN_WORT, r0
+@@ -1426,6 +1441,16 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
+ slbia
+ ptesync
+
++ /* Restore host values of some registers */
++BEGIN_FTR_SECTION
++ ld r5, STACK_SLOT_CIABR(r1)
++ ld r6, STACK_SLOT_DAWR(r1)
++ ld r7, STACK_SLOT_DAWRX(r1)
++ mtspr SPRN_CIABR, r5
++ mtspr SPRN_DAWR, r6
++ mtspr SPRN_DAWRX, r7
++END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
++
+ /*
+ * POWER7/POWER8 guest -> host partition switch code.
+ * We don't have to lock against tlbies but we do
+@@ -1535,8 +1560,8 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
+ li r0, KVM_GUEST_MODE_NONE
+ stb r0, HSTATE_IN_GUEST(r13)
+
+- ld r0, 112+PPC_LR_STKOFF(r1)
+- addi r1, r1, 112
++ ld r0, SFS+PPC_LR_STKOFF(r1)
++ addi r1, r1, SFS
+ mtlr r0
+ blr
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
