From: Greg Kroah-Hartman Date: Mon, 30 Jan 2023 05:55:19 +0000 (+0100) Subject: 6.1-stable patches X-Git-Tag: v5.10.166~31 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=57ad11642cacf9bed72dd6c6371284a2ff43b566;p=thirdparty%2Fkernel%2Fstable-queue.git 6.1-stable patches added patches: input-i8042-add-clevo-pcx0dx-to-i8042-quirk-table.patch revert-input-synaptics-switch-touchpad-on-hp-laptop-15-da3001tu-to-rmi-mode.patch x86-sev-add-sev-snp-guest-feature-negotiation-support.patch --- diff --git a/queue-6.1/input-i8042-add-clevo-pcx0dx-to-i8042-quirk-table.patch b/queue-6.1/input-i8042-add-clevo-pcx0dx-to-i8042-quirk-table.patch new file mode 100644 index 00000000000..ca6f9720fe1 --- /dev/null +++ b/queue-6.1/input-i8042-add-clevo-pcx0dx-to-i8042-quirk-table.patch @@ -0,0 +1,39 @@ +From 9c445d2637c938a800fcc8b5f0b10e60c94460c7 Mon Sep 17 00:00:00 2001 +From: Werner Sembach +Date: Tue, 10 Jan 2023 14:45:24 +0100 +Subject: Input: i8042 - add Clevo PCX0DX to i8042 quirk table + +From: Werner Sembach + +commit 9c445d2637c938a800fcc8b5f0b10e60c94460c7 upstream. + +The Clevo PCX0DX/TUXEDO XP1511, need quirks for the keyboard to not be +occasionally unresponsive after resume. + +Signed-off-by: Werner Sembach +Cc: stable@vger.kernel.org +Reviewed-by: Hans de Goede +Reviewed-by: Mattijs Korpershoek +Link: https://lore.kernel.org/r/20230110134524.553620-1-wse@tuxedocomputers.com +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman +--- + drivers/input/serio/i8042-acpipnpio.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/input/serio/i8042-acpipnpio.h ++++ b/drivers/input/serio/i8042-acpipnpio.h +@@ -1240,6 +1240,13 @@ static const struct dmi_system_id i8042_ + }, + { + .matches = { ++ DMI_MATCH(DMI_BOARD_NAME, "PCX0DX"), ++ }, ++ .driver_data = (void *)(SERIO_QUIRK_NOMUX | SERIO_QUIRK_RESET_ALWAYS | ++ SERIO_QUIRK_NOLOOP | SERIO_QUIRK_NOPNP) ++ }, ++ { ++ .matches = { + DMI_MATCH(DMI_BOARD_NAME, "X170SM"), + }, + .driver_data = (void *)(SERIO_QUIRK_NOMUX | SERIO_QUIRK_RESET_ALWAYS | diff --git a/queue-6.1/revert-input-synaptics-switch-touchpad-on-hp-laptop-15-da3001tu-to-rmi-mode.patch b/queue-6.1/revert-input-synaptics-switch-touchpad-on-hp-laptop-15-da3001tu-to-rmi-mode.patch new file mode 100644 index 00000000000..e281fbf1e20 --- /dev/null +++ b/queue-6.1/revert-input-synaptics-switch-touchpad-on-hp-laptop-15-da3001tu-to-rmi-mode.patch @@ -0,0 +1,33 @@ +From 3c44e2b6cde674797b76e76d3a903a63ce8a18bb Mon Sep 17 00:00:00 2001 +From: Dmitry Torokhov +Date: Fri, 16 Dec 2022 13:15:34 -0800 +Subject: Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" + +From: Dmitry Torokhov + +commit 3c44e2b6cde674797b76e76d3a903a63ce8a18bb upstream. + +This reverts commit ac5408991ea6b06e29129b4d4861097c4c3e0d59 because +it causes loss of keyboard on HP 15-da1xxx. + +Fixes: ac5408991ea6 ("Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode") +Reported-by: Jiri Slaby +Link: https://lore.kernel.org/r/824effa5-8b9a-c28a-82bb-9b0ab24623e1@kernel.org +Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1206358 +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman +--- + drivers/input/mouse/synaptics.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/input/mouse/synaptics.c ++++ b/drivers/input/mouse/synaptics.c +@@ -192,7 +192,6 @@ static const char * const smbus_pnp_ids[ + "SYN3221", /* HP 15-ay000 */ + "SYN323d", /* HP Spectre X360 13-w013dx */ + "SYN3257", /* HP Envy 13-ad105ng */ +- "SYN3286", /* HP Laptop 15-da3001TU */ + NULL + }; + diff --git a/queue-6.1/series b/queue-6.1/series index 28d7aa14227..9c75671ed6c 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -301,3 +301,6 @@ treewide-fix-up-files-incorrectly-marked-executable.patch tools-gpio-fix-c-option-of-gpio-event-mon.patch fix-up-more-non-executable-files-marked-executable.patch revert-mm-compaction-fix-set-skip-in-fast_find_migrateblock.patch +revert-input-synaptics-switch-touchpad-on-hp-laptop-15-da3001tu-to-rmi-mode.patch +input-i8042-add-clevo-pcx0dx-to-i8042-quirk-table.patch +x86-sev-add-sev-snp-guest-feature-negotiation-support.patch diff --git a/queue-6.1/x86-sev-add-sev-snp-guest-feature-negotiation-support.patch b/queue-6.1/x86-sev-add-sev-snp-guest-feature-negotiation-support.patch new file mode 100644 index 00000000000..eb697735bda --- /dev/null +++ b/queue-6.1/x86-sev-add-sev-snp-guest-feature-negotiation-support.patch @@ -0,0 +1,259 @@ +From 8c29f016540532582721cec1dbf6d144873433ba Mon Sep 17 00:00:00 2001 +From: Nikunj A Dadhania +Date: Wed, 18 Jan 2023 11:49:43 +0530 +Subject: x86/sev: Add SEV-SNP guest feature negotiation support + +From: Nikunj A Dadhania + +commit 8c29f016540532582721cec1dbf6d144873433ba upstream. + +The hypervisor can enable various new features (SEV_FEATURES[1:63]) and start a +SNP guest. Some of these features need guest side implementation. If any of +these features are enabled without it, the behavior of the SNP guest will be +undefined. It may fail booting in a non-obvious way making it difficult to +debug. + +Instead of allowing the guest to continue and have it fail randomly later, +detect this early and fail gracefully. + +The SEV_STATUS MSR indicates features which the hypervisor has enabled. While +booting, SNP guests should ascertain that all the enabled features have guest +side implementation. In case a feature is not implemented in the guest, the +guest terminates booting with GHCB protocol Non-Automatic Exit(NAE) termination +request event, see "SEV-ES Guest-Hypervisor Communication Block Standardization" +document (currently at https://developer.amd.com/wp-content/resources/56421.pdf), +section "Termination Request". + +Populate SW_EXITINFO2 with mask of unsupported features that the hypervisor can +easily report to the user. + +More details in the AMD64 APM Vol 2, Section "SEV_STATUS MSR". + + [ bp: + - Massage. + - Move snp_check_features() call to C code. + Note: the CC:stable@ aspect here is to be able to protect older, stable + kernels when running on newer hypervisors. Or not "running" but fail + reliably and in a well-defined manner instead of randomly. ] + +Fixes: cbd3d4f7c4e5 ("x86/sev: Check SEV-SNP features support") +Signed-off-by: Nikunj A Dadhania +Signed-off-by: Borislav Petkov (AMD) +Reviewed-by: Tom Lendacky +Cc: +Link: https://lore.kernel.org/r/20230118061943.534309-1-nikunj@amd.com +Signed-off-by: Greg Kroah-Hartman +--- + Documentation/x86/amd-memory-encryption.rst | 36 ++++++++++++++ + arch/x86/boot/compressed/ident_map_64.c | 6 ++ + arch/x86/boot/compressed/misc.h | 2 + arch/x86/boot/compressed/sev.c | 70 ++++++++++++++++++++++++++++ + arch/x86/include/asm/msr-index.h | 20 ++++++++ + arch/x86/include/uapi/asm/svm.h | 6 ++ + 6 files changed, 140 insertions(+) + +--- a/Documentation/x86/amd-memory-encryption.rst ++++ b/Documentation/x86/amd-memory-encryption.rst +@@ -95,3 +95,39 @@ by supplying mem_encrypt=on on the kerne + not enable SME, then Linux will not be able to activate memory encryption, even + if configured to do so by default or the mem_encrypt=on command line parameter + is specified. ++ ++Secure Nested Paging (SNP) ++========================== ++ ++SEV-SNP introduces new features (SEV_FEATURES[1:63]) which can be enabled ++by the hypervisor for security enhancements. Some of these features need ++guest side implementation to function correctly. The below table lists the ++expected guest behavior with various possible scenarios of guest/hypervisor ++SNP feature support. ++ +++-----------------+---------------+---------------+------------------+ ++| Feature Enabled | Guest needs | Guest has | Guest boot | ++| by the HV | implementation| implementation| behaviour | +++=================+===============+===============+==================+ ++| No | No | No | Boot | ++| | | | | +++-----------------+---------------+---------------+------------------+ ++| No | Yes | No | Boot | ++| | | | | +++-----------------+---------------+---------------+------------------+ ++| No | Yes | Yes | Boot | ++| | | | | +++-----------------+---------------+---------------+------------------+ ++| Yes | No | No | Boot with | ++| | | | feature enabled | +++-----------------+---------------+---------------+------------------+ ++| Yes | Yes | No | Graceful boot | ++| | | | failure | +++-----------------+---------------+---------------+------------------+ ++| Yes | Yes | Yes | Boot with | ++| | | | feature enabled | +++-----------------+---------------+---------------+------------------+ ++ ++More details in AMD64 APM[1] Vol 2: 15.34.10 SEV_STATUS MSR ++ ++[1] https://www.amd.com/system/files/TechDocs/40332.pdf +--- a/arch/x86/boot/compressed/ident_map_64.c ++++ b/arch/x86/boot/compressed/ident_map_64.c +@@ -180,6 +180,12 @@ void initialize_identity_maps(void *rmod + + /* Load the new page-table. */ + write_cr3(top_level_pgt); ++ ++ /* ++ * Now that the required page table mappings are established and a ++ * GHCB can be used, check for SNP guest/HV feature compatibility. ++ */ ++ snp_check_features(); + } + + static pte_t *split_large_pmd(struct x86_mapping_info *info, +--- a/arch/x86/boot/compressed/misc.h ++++ b/arch/x86/boot/compressed/misc.h +@@ -126,6 +126,7 @@ static inline void console_init(void) + + #ifdef CONFIG_AMD_MEM_ENCRYPT + void sev_enable(struct boot_params *bp); ++void snp_check_features(void); + void sev_es_shutdown_ghcb(void); + extern bool sev_es_check_ghcb_fault(unsigned long address); + void snp_set_page_private(unsigned long paddr); +@@ -143,6 +144,7 @@ static inline void sev_enable(struct boo + if (bp) + bp->cc_blob_address = 0; + } ++static inline void snp_check_features(void) { } + static inline void sev_es_shutdown_ghcb(void) { } + static inline bool sev_es_check_ghcb_fault(unsigned long address) + { +--- a/arch/x86/boot/compressed/sev.c ++++ b/arch/x86/boot/compressed/sev.c +@@ -208,6 +208,23 @@ void sev_es_shutdown_ghcb(void) + error("Can't unmap GHCB page"); + } + ++static void __noreturn sev_es_ghcb_terminate(struct ghcb *ghcb, unsigned int set, ++ unsigned int reason, u64 exit_info_2) ++{ ++ u64 exit_info_1 = SVM_VMGEXIT_TERM_REASON(set, reason); ++ ++ vc_ghcb_invalidate(ghcb); ++ ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_TERM_REQUEST); ++ ghcb_set_sw_exit_info_1(ghcb, exit_info_1); ++ ghcb_set_sw_exit_info_2(ghcb, exit_info_2); ++ ++ sev_es_wr_ghcb_msr(__pa(ghcb)); ++ VMGEXIT(); ++ ++ while (true) ++ asm volatile("hlt\n" : : : "memory"); ++} ++ + bool sev_es_check_ghcb_fault(unsigned long address) + { + /* Check whether the fault was on the GHCB page */ +@@ -270,6 +287,59 @@ static void enforce_vmpl0(void) + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0); + } + ++/* ++ * SNP_FEATURES_IMPL_REQ is the mask of SNP features that will need ++ * guest side implementation for proper functioning of the guest. If any ++ * of these features are enabled in the hypervisor but are lacking guest ++ * side implementation, the behavior of the guest will be undefined. The ++ * guest could fail in non-obvious way making it difficult to debug. ++ * ++ * As the behavior of reserved feature bits is unknown to be on the ++ * safe side add them to the required features mask. ++ */ ++#define SNP_FEATURES_IMPL_REQ (MSR_AMD64_SNP_VTOM | \ ++ MSR_AMD64_SNP_REFLECT_VC | \ ++ MSR_AMD64_SNP_RESTRICTED_INJ | \ ++ MSR_AMD64_SNP_ALT_INJ | \ ++ MSR_AMD64_SNP_DEBUG_SWAP | \ ++ MSR_AMD64_SNP_VMPL_SSS | \ ++ MSR_AMD64_SNP_SECURE_TSC | \ ++ MSR_AMD64_SNP_VMGEXIT_PARAM | \ ++ MSR_AMD64_SNP_VMSA_REG_PROTECTION | \ ++ MSR_AMD64_SNP_RESERVED_BIT13 | \ ++ MSR_AMD64_SNP_RESERVED_BIT15 | \ ++ MSR_AMD64_SNP_RESERVED_MASK) ++ ++/* ++ * SNP_FEATURES_PRESENT is the mask of SNP features that are implemented ++ * by the guest kernel. As and when a new feature is implemented in the ++ * guest kernel, a corresponding bit should be added to the mask. ++ */ ++#define SNP_FEATURES_PRESENT (0) ++ ++void snp_check_features(void) ++{ ++ u64 unsupported; ++ ++ if (!(sev_status & MSR_AMD64_SEV_SNP_ENABLED)) ++ return; ++ ++ /* ++ * Terminate the boot if hypervisor has enabled any feature lacking ++ * guest side implementation. Pass on the unsupported features mask through ++ * EXIT_INFO_2 of the GHCB protocol so that those features can be reported ++ * as part of the guest boot failure. ++ */ ++ unsupported = sev_status & SNP_FEATURES_IMPL_REQ & ~SNP_FEATURES_PRESENT; ++ if (unsupported) { ++ if (ghcb_version < 2 || (!boot_ghcb && !early_setup_ghcb())) ++ sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); ++ ++ sev_es_ghcb_terminate(boot_ghcb, SEV_TERM_SET_GEN, ++ GHCB_SNP_UNSUPPORTED, unsupported); ++ } ++} ++ + void sev_enable(struct boot_params *bp) + { + unsigned int eax, ebx, ecx, edx; +--- a/arch/x86/include/asm/msr-index.h ++++ b/arch/x86/include/asm/msr-index.h +@@ -571,6 +571,26 @@ + #define MSR_AMD64_SEV_ES_ENABLED BIT_ULL(MSR_AMD64_SEV_ES_ENABLED_BIT) + #define MSR_AMD64_SEV_SNP_ENABLED BIT_ULL(MSR_AMD64_SEV_SNP_ENABLED_BIT) + ++/* SNP feature bits enabled by the hypervisor */ ++#define MSR_AMD64_SNP_VTOM BIT_ULL(3) ++#define MSR_AMD64_SNP_REFLECT_VC BIT_ULL(4) ++#define MSR_AMD64_SNP_RESTRICTED_INJ BIT_ULL(5) ++#define MSR_AMD64_SNP_ALT_INJ BIT_ULL(6) ++#define MSR_AMD64_SNP_DEBUG_SWAP BIT_ULL(7) ++#define MSR_AMD64_SNP_PREVENT_HOST_IBS BIT_ULL(8) ++#define MSR_AMD64_SNP_BTB_ISOLATION BIT_ULL(9) ++#define MSR_AMD64_SNP_VMPL_SSS BIT_ULL(10) ++#define MSR_AMD64_SNP_SECURE_TSC BIT_ULL(11) ++#define MSR_AMD64_SNP_VMGEXIT_PARAM BIT_ULL(12) ++#define MSR_AMD64_SNP_IBS_VIRT BIT_ULL(14) ++#define MSR_AMD64_SNP_VMSA_REG_PROTECTION BIT_ULL(16) ++#define MSR_AMD64_SNP_SMT_PROTECTION BIT_ULL(17) ++ ++/* SNP feature bits reserved for future use. */ ++#define MSR_AMD64_SNP_RESERVED_BIT13 BIT_ULL(13) ++#define MSR_AMD64_SNP_RESERVED_BIT15 BIT_ULL(15) ++#define MSR_AMD64_SNP_RESERVED_MASK GENMASK_ULL(63, 18) ++ + #define MSR_AMD64_VIRT_SPEC_CTRL 0xc001011f + + /* AMD Collaborative Processor Performance Control MSRs */ +--- a/arch/x86/include/uapi/asm/svm.h ++++ b/arch/x86/include/uapi/asm/svm.h +@@ -116,6 +116,12 @@ + #define SVM_VMGEXIT_AP_CREATE 1 + #define SVM_VMGEXIT_AP_DESTROY 2 + #define SVM_VMGEXIT_HV_FEATURES 0x8000fffd ++#define SVM_VMGEXIT_TERM_REQUEST 0x8000fffe ++#define SVM_VMGEXIT_TERM_REASON(reason_set, reason_code) \ ++ /* SW_EXITINFO1[3:0] */ \ ++ (((((u64)reason_set) & 0xf)) | \ ++ /* SW_EXITINFO1[11:4] */ \ ++ ((((u64)reason_code) & 0xff) << 4)) + #define SVM_VMGEXIT_UNSUPPORTED_EVENT 0x8000ffff + + /* Exit code reserved for hypervisor/software use */