From: Sasha Levin <sashal@kernel.org>
Date: Sat, 28 Jan 2023 03:46:12 +0000 (-0500)
Subject: Fixes for 5.15
X-Git-Tag: v5.10.166~64
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0d6849433c58924dc50d6a02e8a36375e2d00133;p=thirdparty%2Fkernel%2Fstable-queue.git

Fixes for 5.15

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-5.15/kvm-svm-fix-tsc-scaling-cache-logic.patch b/queue-5.15/kvm-svm-fix-tsc-scaling-cache-logic.patch
new file mode 100644
index 00000000000..8bff69ba6f7
--- /dev/null
+++ b/queue-5.15/kvm-svm-fix-tsc-scaling-cache-logic.patch
@@ -0,0 +1,132 @@
+From 08eb83c24e5000516b1922b50ee304a1d13f1e41 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 6 Jun 2022 21:11:49 +0300
+Subject: KVM: SVM: fix tsc scaling cache logic
+
+From: Maxim Levitsky <mlevitsk@redhat.com>
+
+[ Upstream commit 11d39e8cc43e1c6737af19ca9372e590061b5ad2 ]
+
+SVM uses a per-cpu variable to cache the current value of the
+tsc scaling multiplier msr on each cpu.
+
+Commit 1ab9287add5e2
+("KVM: X86: Add vendor callbacks for writing the TSC multiplier")
+broke this caching logic.
+
+Refactor the code so that all TSC scaling multiplier writes go through
+a single function which checks and updates the cache.
+
+This fixes the following scenario:
+
+1. A CPU runs a guest with some tsc scaling ratio.
+
+2. New guest with different tsc scaling ratio starts on this CPU
+   and terminates almost immediately.
+
+   This ensures that the short running guest had set the tsc scaling ratio just
+   once when it was set via KVM_SET_TSC_KHZ. Due to the bug,
+   the per-cpu cache is not updated.
+
+3. The original guest continues to run, it doesn't restore the msr
+   value back to its own value, because the cache matches,
+   and thus continues to run with a wrong tsc scaling ratio.
+
+Fixes: 1ab9287add5e2 ("KVM: X86: Add vendor callbacks for writing the TSC multiplier")
+Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
+Message-Id: <20220606181149.103072-1-mlevitsk@redhat.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/kvm/svm/svm.c | 34 +++++++++++++++++++++++-----------
+ arch/x86/kvm/svm/svm.h |  1 +
+ 2 files changed, 24 insertions(+), 11 deletions(-)
+
+diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
+index 773420203305..c1a758038892 100644
+--- a/arch/x86/kvm/svm/svm.c
++++ b/arch/x86/kvm/svm/svm.c
+@@ -465,11 +465,24 @@ static int has_svm(void)
+ 	return 1;
+ }
+ 
++void __svm_write_tsc_multiplier(u64 multiplier)
++{
++	preempt_disable();
++
++	if (multiplier == __this_cpu_read(current_tsc_ratio))
++		goto out;
++
++	wrmsrl(MSR_AMD64_TSC_RATIO, multiplier);
++	__this_cpu_write(current_tsc_ratio, multiplier);
++out:
++	preempt_enable();
++}
++
+ static void svm_hardware_disable(void)
+ {
+ 	/* Make sure we clean up behind us */
+ 	if (static_cpu_has(X86_FEATURE_TSCRATEMSR))
+-		wrmsrl(MSR_AMD64_TSC_RATIO, TSC_RATIO_DEFAULT);
++		__svm_write_tsc_multiplier(TSC_RATIO_DEFAULT);
+ 
+ 	cpu_svm_disable();
+ 
+@@ -511,8 +524,11 @@ static int svm_hardware_enable(void)
+ 	wrmsrl(MSR_VM_HSAVE_PA, __sme_page_pa(sd->save_area));
+ 
+ 	if (static_cpu_has(X86_FEATURE_TSCRATEMSR)) {
+-		wrmsrl(MSR_AMD64_TSC_RATIO, TSC_RATIO_DEFAULT);
+-		__this_cpu_write(current_tsc_ratio, TSC_RATIO_DEFAULT);
++		/*
++		 * Set the default value, even if we don't use TSC scaling
++		 * to avoid having stale value in the msr
++		 */
++		__svm_write_tsc_multiplier(TSC_RATIO_DEFAULT);
+ 	}
+ 
+ 
+@@ -1125,9 +1141,10 @@ static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset)
+ 
+ static void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier)
+ {
+-	wrmsrl(MSR_AMD64_TSC_RATIO, multiplier);
++	__svm_write_tsc_multiplier(multiplier);
+ }
+ 
++
+ /* Evaluate instruction intercepts that depend on guest CPUID features. */
+ static void svm_recalc_instruction_intercepts(struct kvm_vcpu *vcpu,
+ 					      struct vcpu_svm *svm)
+@@ -1451,13 +1468,8 @@ static void svm_prepare_guest_switch(struct kvm_vcpu *vcpu)
+ 		vmsave(__sme_page_pa(sd->save_area));
+ 	}
+ 
+-	if (static_cpu_has(X86_FEATURE_TSCRATEMSR)) {
+-		u64 tsc_ratio = vcpu->arch.tsc_scaling_ratio;
+-		if (tsc_ratio != __this_cpu_read(current_tsc_ratio)) {
+-			__this_cpu_write(current_tsc_ratio, tsc_ratio);
+-			wrmsrl(MSR_AMD64_TSC_RATIO, tsc_ratio);
+-		}
+-	}
++	if (static_cpu_has(X86_FEATURE_TSCRATEMSR))
++		__svm_write_tsc_multiplier(vcpu->arch.tsc_scaling_ratio);
+ 
+ 	if (likely(tsc_aux_uret_slot >= 0))
+ 		kvm_set_user_return_msr(tsc_aux_uret_slot, svm->tsc_aux, -1ull);
+diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
+index 7004f356edf9..1d9b1a9e4398 100644
+--- a/arch/x86/kvm/svm/svm.h
++++ b/arch/x86/kvm/svm/svm.h
+@@ -487,6 +487,7 @@ int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr,
+ int nested_svm_exit_special(struct vcpu_svm *svm);
+ void nested_load_control_from_vmcb12(struct vcpu_svm *svm,
+ 				     struct vmcb_control_area *control);
++void __svm_write_tsc_multiplier(u64 multiplier);
+ void nested_sync_control_from_vmcb02(struct vcpu_svm *svm);
+ void nested_vmcb02_compute_g_pat(struct vcpu_svm *svm);
+ void svm_switch_vmcb(struct vcpu_svm *svm, struct kvm_vmcb_info *target_vmcb);
+-- 
+2.39.0
+
diff --git a/queue-5.15/scsi-hpsa-fix-allocation-size-for-scsi_host_alloc.patch b/queue-5.15/scsi-hpsa-fix-allocation-size-for-scsi_host_alloc.patch
new file mode 100644
index 00000000000..37cdc2f0802
--- /dev/null
+++ b/queue-5.15/scsi-hpsa-fix-allocation-size-for-scsi_host_alloc.patch
@@ -0,0 +1,40 @@
+From 8b1e3d90b3f0b2f34757471648b636ec9dde17f0 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 18 Jan 2023 06:12:55 +0300
+Subject: scsi: hpsa: Fix allocation size for scsi_host_alloc()
+
+From: Alexey V. Vissarionov <gremlin@altlinux.org>
+
+[ Upstream commit bbbd25499100c810ceaf5193c3cfcab9f7402a33 ]
+
+The 'h' is a pointer to struct ctlr_info, so it's just 4 or 8 bytes, while
+the structure itself is much bigger.
+
+Found by Linux Verification Center (linuxtesting.org) with SVACE.
+
+Fixes: edd163687ea5 ("hpsa: add driver for HP Smart Array controllers.")
+Link: https://lore.kernel.org/r/20230118031255.GE15213@altlinux.org
+Signed-off-by: Alexey V. Vissarionov <gremlin@altlinux.org>
+Acked-by: Don Brace <don.brace@microchip.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/hpsa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
+index cf7988de7b90..8aa5c22ae3ff 100644
+--- a/drivers/scsi/hpsa.c
++++ b/drivers/scsi/hpsa.c
+@@ -5848,7 +5848,7 @@ static int hpsa_scsi_host_alloc(struct ctlr_info *h)
+ {
+ 	struct Scsi_Host *sh;
+ 
+-	sh = scsi_host_alloc(&hpsa_driver_template, sizeof(h));
++	sh = scsi_host_alloc(&hpsa_driver_template, sizeof(struct ctlr_info));
+ 	if (sh == NULL) {
+ 		dev_err(&h->pdev->dev, "scsi_host_alloc failed\n");
+ 		return -ENOMEM;
+-- 
+2.39.0
+
diff --git a/queue-5.15/series b/queue-5.15/series
index 21f540d2b37..68800b8450e 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -144,3 +144,5 @@ docs-fix-path-paste-o-for-sys-kernel-warn_count.patch
 exit-use-read_once-for-all-oops-warn-limit-reads.patch
 bluetooth-hci_sync-cancel-cmd_timer-if-hci_open-fail.patch
 drm-amdgpu-complete-gfxoff-allow-signal-during-suspend-without-delay.patch
+scsi-hpsa-fix-allocation-size-for-scsi_host_alloc.patch
+kvm-svm-fix-tsc-scaling-cache-logic.patch