+++ /dev/null
-From c81dd0c57eac8918bc162b79a18f49308e91f362 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 28 Apr 2023 11:27:53 +0200
-Subject: KVM: s390: fix race in gmap_make_secure()
-
-From: Claudio Imbrenda <imbrenda@linux.ibm.com>
-
-[ Upstream commit c148dc8e2fa403be501612ee409db866eeed35c0 ]
-
-Fix a potential race in gmap_make_secure() and remove the last user of
-follow_page() without FOLL_GET.
-
-The old code is locking something it doesn't have a reference to, and
-as explained by Jason and David in this discussion:
-https://lore.kernel.org/linux-mm/Y9J4P%2FRNvY1Ztn0Q@nvidia.com/
-it can lead to all kind of bad things, including the page getting
-unmapped (MADV_DONTNEED), freed, reallocated as a larger folio and the
-unlock_page() would target the wrong bit.
-There is also another race with the FOLL_WRITE, which could race
-between the follow_page() and the get_locked_pte().
-
-The main point is to remove the last use of follow_page() without
-FOLL_GET or FOLL_PIN, removing the races can be considered a nice
-bonus.
-
-Link: https://lore.kernel.org/linux-mm/Y9J4P%2FRNvY1Ztn0Q@nvidia.com/
-Suggested-by: Jason Gunthorpe <jgg@nvidia.com>
-Fixes: 214d9bbcd3a6 ("s390/mm: provide memory management functions for protected KVM guests")
-Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
-Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
-Message-Id: <20230428092753.27913-2-imbrenda@linux.ibm.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- arch/s390/kernel/uv.c | 32 +++++++++++---------------------
- 1 file changed, 11 insertions(+), 21 deletions(-)
-
-diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c
-index afb9bbfc475b9..1d49744614326 100644
---- a/arch/s390/kernel/uv.c
-+++ b/arch/s390/kernel/uv.c
-@@ -160,21 +160,10 @@ static int expected_page_refs(struct page *page)
- return res;
- }
-
--static int make_secure_pte(pte_t *ptep, unsigned long addr,
-- struct page *exp_page, struct uv_cb_header *uvcb)
-+static int make_page_secure(struct page *page, struct uv_cb_header *uvcb)
- {
-- pte_t entry = READ_ONCE(*ptep);
-- struct page *page;
- int expected, cc = 0;
-
-- if (!pte_present(entry))
-- return -ENXIO;
-- if (pte_val(entry) & _PAGE_INVALID)
-- return -ENXIO;
--
-- page = pte_page(entry);
-- if (page != exp_page)
-- return -ENXIO;
- if (PageWriteback(page))
- return -EAGAIN;
- expected = expected_page_refs(page);
-@@ -265,17 +254,18 @@ int gmap_make_secure(struct gmap *gmap, unsigned long gaddr, void *uvcb)
- goto out;
-
- rc = -ENXIO;
-- page = follow_page(vma, uaddr, FOLL_WRITE);
-- if (IS_ERR_OR_NULL(page))
-- goto out;
--
-- lock_page(page);
- ptep = get_locked_pte(gmap->mm, uaddr, &ptelock);
-- if (should_export_before_import(uvcb, gmap->mm))
-- uv_convert_from_secure(page_to_phys(page));
-- rc = make_secure_pte(ptep, uaddr, page, uvcb);
-+ if (pte_present(*ptep) && !(pte_val(*ptep) & _PAGE_INVALID) && pte_write(*ptep)) {
-+ page = pte_page(*ptep);
-+ rc = -EAGAIN;
-+ if (trylock_page(page)) {
-+ if (should_export_before_import(uvcb, gmap->mm))
-+ uv_convert_from_secure(page_to_phys(page));
-+ rc = make_page_secure(page, uvcb);
-+ unlock_page(page);
-+ }
-+ }
- pte_unmap_unlock(ptep, ptelock);
-- unlock_page(page);
- out:
- mmap_read_unlock(gmap->mm);
-
---
-2.39.2
-
+++ /dev/null
-From 048e2024597b7061e660aab60619d149d453166b Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Tue, 28 Jun 2022 15:56:07 +0200
-Subject: KVM: s390: pv: add export before import
-
-From: Claudio Imbrenda <imbrenda@linux.ibm.com>
-
-[ Upstream commit 72b1daff2671cef2c8cccc6c4e52f8d5ce4ebe58 ]
-
-Due to upcoming changes, it will be possible to temporarily have
-multiple protected VMs in the same address space, although only one
-will be actually active.
-
-In that scenario, it is necessary to perform an export of every page
-that is to be imported, since the hardware does not allow a page
-belonging to a protected guest to be imported into a different
-protected guest.
-
-This also applies to pages that are shared, and thus accessible by the
-host.
-
-Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
-Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
-Link: https://lore.kernel.org/r/20220628135619.32410-7-imbrenda@linux.ibm.com
-Message-Id: <20220628135619.32410-7-imbrenda@linux.ibm.com>
-Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
-Stable-dep-of: c148dc8e2fa4 ("KVM: s390: fix race in gmap_make_secure()")
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- arch/s390/kernel/uv.c | 28 ++++++++++++++++++++++++++++
- 1 file changed, 28 insertions(+)
-
-diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c
-index 09b80d371409b..afb9bbfc475b9 100644
---- a/arch/s390/kernel/uv.c
-+++ b/arch/s390/kernel/uv.c
-@@ -202,6 +202,32 @@ static int make_secure_pte(pte_t *ptep, unsigned long addr,
- return uvcb->rc == 0x10a ? -ENXIO : -EINVAL;
- }
-
-+/**
-+ * should_export_before_import - Determine whether an export is needed
-+ * before an import-like operation
-+ * @uvcb: the Ultravisor control block of the UVC to be performed
-+ * @mm: the mm of the process
-+ *
-+ * Returns whether an export is needed before every import-like operation.
-+ * This is needed for shared pages, which don't trigger a secure storage
-+ * exception when accessed from a different guest.
-+ *
-+ * Although considered as one, the Unpin Page UVC is not an actual import,
-+ * so it is not affected.
-+ *
-+ * No export is needed also when there is only one protected VM, because the
-+ * page cannot belong to the wrong VM in that case (there is no "other VM"
-+ * it can belong to).
-+ *
-+ * Return: true if an export is needed before every import, otherwise false.
-+ */
-+static bool should_export_before_import(struct uv_cb_header *uvcb, struct mm_struct *mm)
-+{
-+ if (uvcb->cmd == UVC_CMD_UNPIN_PAGE_SHARED)
-+ return false;
-+ return atomic_read(&mm->context.protected_count) > 1;
-+}
-+
- /*
- * Requests the Ultravisor to make a page accessible to a guest.
- * If it's brought in the first time, it will be cleared. If
-@@ -245,6 +271,8 @@ int gmap_make_secure(struct gmap *gmap, unsigned long gaddr, void *uvcb)
-
- lock_page(page);
- ptep = get_locked_pte(gmap->mm, uaddr, &ptelock);
-+ if (should_export_before_import(uvcb, gmap->mm))
-+ uv_convert_from_secure(page_to_phys(page));
- rc = make_secure_pte(ptep, uaddr, page, uvcb);
- pte_unmap_unlock(ptep, ptelock);
- unlock_page(page);
---
-2.39.2
-
+++ /dev/null
-From cc906bbbb096c62a9801917856b3691fe89fba35 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Mon, 20 Sep 2021 15:24:52 +0200
-Subject: KVM: s390: pv: avoid stalls when making pages secure
-
-From: Claudio Imbrenda <imbrenda@linux.ibm.com>
-
-[ Upstream commit f0a1a0615a6ff6d38af2c65a522698fb4bb85df6 ]
-
-Improve make_secure_pte to avoid stalls when the system is heavily
-overcommitted. This was especially problematic in kvm_s390_pv_unpack,
-because of the loop over all pages that needed unpacking.
-
-Due to the locks being held, it was not possible to simply replace
-uv_call with uv_call_sched. A more complex approach was
-needed, in which uv_call is replaced with __uv_call, which does not
-loop. When the UVC needs to be executed again, -EAGAIN is returned, and
-the caller (or its caller) will try again.
-
-When -EAGAIN is returned, the path is the same as when the page is in
-writeback (and the writeback check is also performed, which is
-harmless).
-
-Fixes: 214d9bbcd3a672 ("s390/mm: provide memory management functions for protected KVM guests")
-Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
-Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
-Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
-Link: https://lore.kernel.org/r/20210920132502.36111-5-imbrenda@linux.ibm.com
-Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
-Stable-dep-of: c148dc8e2fa4 ("KVM: s390: fix race in gmap_make_secure()")
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- arch/s390/kernel/uv.c | 29 +++++++++++++++++++++++------
- arch/s390/kvm/intercept.c | 5 +++++
- 2 files changed, 28 insertions(+), 6 deletions(-)
-
-diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c
-index f95ccbd396925..09b80d371409b 100644
---- a/arch/s390/kernel/uv.c
-+++ b/arch/s390/kernel/uv.c
-@@ -165,7 +165,7 @@ static int make_secure_pte(pte_t *ptep, unsigned long addr,
- {
- pte_t entry = READ_ONCE(*ptep);
- struct page *page;
-- int expected, rc = 0;
-+ int expected, cc = 0;
-
- if (!pte_present(entry))
- return -ENXIO;
-@@ -181,12 +181,25 @@ static int make_secure_pte(pte_t *ptep, unsigned long addr,
- if (!page_ref_freeze(page, expected))
- return -EBUSY;
- set_bit(PG_arch_1, &page->flags);
-- rc = uv_call(0, (u64)uvcb);
-+ /*
-+ * If the UVC does not succeed or fail immediately, we don't want to
-+ * loop for long, or we might get stall notifications.
-+ * On the other hand, this is a complex scenario and we are holding a lot of
-+ * locks, so we can't easily sleep and reschedule. We try only once,
-+ * and if the UVC returned busy or partial completion, we return
-+ * -EAGAIN and we let the callers deal with it.
-+ */
-+ cc = __uv_call(0, (u64)uvcb);
- page_ref_unfreeze(page, expected);
-- /* Return -ENXIO if the page was not mapped, -EINVAL otherwise */
-- if (rc)
-- rc = uvcb->rc == 0x10a ? -ENXIO : -EINVAL;
-- return rc;
-+ /*
-+ * Return -ENXIO if the page was not mapped, -EINVAL for other errors.
-+ * If busy or partially completed, return -EAGAIN.
-+ */
-+ if (cc == UVC_CC_OK)
-+ return 0;
-+ else if (cc == UVC_CC_BUSY || cc == UVC_CC_PARTIAL)
-+ return -EAGAIN;
-+ return uvcb->rc == 0x10a ? -ENXIO : -EINVAL;
- }
-
- /*
-@@ -239,6 +252,10 @@ int gmap_make_secure(struct gmap *gmap, unsigned long gaddr, void *uvcb)
- mmap_read_unlock(gmap->mm);
-
- if (rc == -EAGAIN) {
-+ /*
-+ * If we are here because the UVC returned busy or partial
-+ * completion, this is just a useless check, but it is safe.
-+ */
- wait_on_page_writeback(page);
- } else if (rc == -EBUSY) {
- /*
-diff --git a/arch/s390/kvm/intercept.c b/arch/s390/kvm/intercept.c
-index aeb0e0865e890..0eacd29033173 100644
---- a/arch/s390/kvm/intercept.c
-+++ b/arch/s390/kvm/intercept.c
-@@ -534,6 +534,11 @@ static int handle_pv_uvc(struct kvm_vcpu *vcpu)
- */
- if (rc == -EINVAL)
- return 0;
-+ /*
-+ * If we got -EAGAIN here, we simply return it. It will eventually
-+ * get propagated all the way to userspace, which should then try
-+ * again.
-+ */
- return rc;
- }
-
---
-2.39.2
-
af_packet-don-t-send-zero-byte-data-in-packet_sendms.patch
drm-amdgpu-add-a-missing-lock-for-amdgpu_sched.patch
alsa-caiaq-input-add-error-handling-for-unsupported-.patch
-kvm-s390-pv-avoid-stalls-when-making-pages-secure.patch
-kvm-s390-pv-add-export-before-import.patch
-kvm-s390-fix-race-in-gmap_make_secure.patch
net-dsa-mt7530-fix-corrupt-frames-using-trgmii-on-40.patch
virtio_net-split-free_unused_bufs.patch
virtio_net-suppress-cpu-stall-when-free_unused_bufs.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
