From: Greg Kroah-Hartman Date: Sun, 5 Dec 2021 12:46:34 +0000 (+0100) Subject: 5.10-stable patches X-Git-Tag: v4.4.294~40 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=58824cf7d04f97cd4c7014f335d90cd8cdd1ddab;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: drm-amd-display-allow-dsc-on-supported-mst-branch-devices.patch drm-amdgpu-add-amdgpu_amdkfd_resume_iommu.patch drm-amdgpu-init-iommu-after-amdkfd-device-init.patch drm-amdgpu-move-iommu_resume-before-ip-init-resume.patch drm-amdkfd-fix-boot-failure-when-iommu-is-disabled-in-picasso.patch drm-amdkfd-separate-kfd_iommu_resume-from-kfd_resume.patch ipv6-fix-memory-leak-in-fib6_rule_suppress.patch kvm-arm64-avoid-setting-the-upper-32-bits-of-tcr_el2-and-cptr_el2-to-1.patch kvm-disallow-user-memslot-with-size-that-exceeds-unsigned-long.patch kvm-nvmx-flush-current-vpid-l1-vs.-l2-for-kvm_req_tlb_flush_guest.patch kvm-x86-use-a-stable-condition-around-all-vt-d-pi-paths.patch kvm-x86-use-vcpu-arch.walk_mmu-for-kvm_mmu_invlpg.patch tracing-histograms-string-compares-should-not-care-about-signed-values.patch --- diff --git a/queue-5.10/drm-amd-display-allow-dsc-on-supported-mst-branch-devices.patch b/queue-5.10/drm-amd-display-allow-dsc-on-supported-mst-branch-devices.patch new file mode 100644 index 00000000000..4937609e707 --- /dev/null +++ b/queue-5.10/drm-amd-display-allow-dsc-on-supported-mst-branch-devices.patch @@ -0,0 +1,83 @@ +From 94ebc035456a4ccacfbbef60c444079a256623ad Mon Sep 17 00:00:00 2001 +From: Nicholas Kazlauskas +Date: Fri, 12 Nov 2021 15:27:32 -0500 +Subject: drm/amd/display: Allow DSC on supported MST branch devices + +From: Nicholas Kazlauskas + +commit 94ebc035456a4ccacfbbef60c444079a256623ad upstream. + +[Why] +When trying to lightup two 4k60 non-DSC displays behind a branch device +that supports DSC we can't lightup both at once due to bandwidth +limitations - each requires 48 VCPI slots but we only have 63. + +[How] +The workaround already exists in the code but is guarded by a CONFIG +that cannot be set by the user and shouldn't need to be. + +Check for specific branch device IDs to device whether to enable +the workaround for multiple display scenarios. + +Reviewed-by: Hersen Wu +Acked-by: Bhawanpreet Lakha +Signed-off-by: Nicholas Kazlauskas +Tested-by: Daniel Wheeler +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 20 +++++++++--- + 1 file changed, 16 insertions(+), 4 deletions(-) + +--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c ++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +@@ -36,6 +36,8 @@ + #include "dm_helpers.h" + + #include "dc_link_ddc.h" ++#include "ddc_service_types.h" ++#include "dpcd_defs.h" + + #include "i2caux_interface.h" + #if defined(CONFIG_DEBUG_FS) +@@ -152,6 +154,16 @@ static const struct drm_connector_funcs + }; + + #if defined(CONFIG_DRM_AMD_DC_DCN) ++static bool needs_dsc_aux_workaround(struct dc_link *link) ++{ ++ if (link->dpcd_caps.branch_dev_id == DP_BRANCH_DEVICE_ID_90CC24 && ++ (link->dpcd_caps.dpcd_rev.raw == DPCD_REV_14 || link->dpcd_caps.dpcd_rev.raw == DPCD_REV_12) && ++ link->dpcd_caps.sink_count.bits.SINK_COUNT >= 2) ++ return true; ++ ++ return false; ++} ++ + static bool validate_dsc_caps_on_connector(struct amdgpu_dm_connector *aconnector) + { + struct dc_sink *dc_sink = aconnector->dc_sink; +@@ -159,7 +171,7 @@ static bool validate_dsc_caps_on_connect + u8 dsc_caps[16] = { 0 }; + + aconnector->dsc_aux = drm_dp_mst_dsc_aux_for_port(port); +-#if defined(CONFIG_HP_HOOK_WORKAROUND) ++ + /* + * drm_dp_mst_dsc_aux_for_port() will return NULL for certain configs + * because it only check the dsc/fec caps of the "port variable" and not the dock +@@ -169,10 +181,10 @@ static bool validate_dsc_caps_on_connect + * Workaround: explicitly check the use case above and use the mst dock's aux as dsc_aux + * + */ +- +- if (!aconnector->dsc_aux && !port->parent->port_parent) ++ if (!aconnector->dsc_aux && !port->parent->port_parent && ++ needs_dsc_aux_workaround(aconnector->dc_link)) + aconnector->dsc_aux = &aconnector->mst_port->dm_dp_aux.aux; +-#endif ++ + if (!aconnector->dsc_aux) + return false; + diff --git a/queue-5.10/drm-amdgpu-add-amdgpu_amdkfd_resume_iommu.patch b/queue-5.10/drm-amdgpu-add-amdgpu_amdkfd_resume_iommu.patch new file mode 100644 index 00000000000..3b945389f49 --- /dev/null +++ b/queue-5.10/drm-amdgpu-add-amdgpu_amdkfd_resume_iommu.patch @@ -0,0 +1,51 @@ +From 8066008482e533e91934bee49765bf8b4a7c40db Mon Sep 17 00:00:00 2001 +From: James Zhu +Date: Tue, 7 Sep 2021 11:27:31 -0400 +Subject: drm/amdgpu: add amdgpu_amdkfd_resume_iommu + +From: James Zhu + +commit 8066008482e533e91934bee49765bf8b4a7c40db upstream. + +Add amdgpu_amdkfd_resume_iommu for amdgpu. + +Bug: https://bugzilla.kernel.org/show_bug.cgi?id=211277 +Signed-off-by: James Zhu +Reviewed-by: Felix Kuehling +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 10 ++++++++++ + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 1 + + 2 files changed, 11 insertions(+) + +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c +@@ -194,6 +194,16 @@ void amdgpu_amdkfd_suspend(struct amdgpu + kgd2kfd_suspend(adev->kfd.dev, run_pm); + } + ++int amdgpu_amdkfd_resume_iommu(struct amdgpu_device *adev) ++{ ++ int r = 0; ++ ++ if (adev->kfd.dev) ++ r = kgd2kfd_resume_iommu(adev->kfd.dev); ++ ++ return r; ++} ++ + int amdgpu_amdkfd_resume(struct amdgpu_device *adev, bool run_pm) + { + int r = 0; +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h +@@ -126,6 +126,7 @@ int amdgpu_amdkfd_init(void); + void amdgpu_amdkfd_fini(void); + + void amdgpu_amdkfd_suspend(struct amdgpu_device *adev, bool run_pm); ++int amdgpu_amdkfd_resume_iommu(struct amdgpu_device *adev); + int amdgpu_amdkfd_resume(struct amdgpu_device *adev, bool run_pm); + void amdgpu_amdkfd_interrupt(struct amdgpu_device *adev, + const void *ih_ring_entry); diff --git a/queue-5.10/drm-amdgpu-init-iommu-after-amdkfd-device-init.patch b/queue-5.10/drm-amdgpu-init-iommu-after-amdkfd-device-init.patch new file mode 100644 index 00000000000..6ed8f2476dc --- /dev/null +++ b/queue-5.10/drm-amdgpu-init-iommu-after-amdkfd-device-init.patch @@ -0,0 +1,54 @@ +From 714d9e4574d54596973ee3b0624ee4a16264d700 Mon Sep 17 00:00:00 2001 +From: Yifan Zhang +Date: Tue, 28 Sep 2021 15:42:35 +0800 +Subject: drm/amdgpu: init iommu after amdkfd device init + +From: Yifan Zhang + +commit 714d9e4574d54596973ee3b0624ee4a16264d700 upstream. + +This patch is to fix clinfo failure in Raven/Picasso: + +Number of platforms: 1 + Platform Profile: FULL_PROFILE + Platform Version: OpenCL 2.2 AMD-APP (3364.0) + Platform Name: AMD Accelerated Parallel Processing + Platform Vendor: Advanced Micro Devices, Inc. + Platform Extensions: cl_khr_icd cl_amd_event_callback + + Platform Name: AMD Accelerated Parallel Processing Number of devices: 0 + +Signed-off-by: Yifan Zhang +Reviewed-by: James Zhu +Tested-by: James Zhu +Acked-by: Felix Kuehling +Signed-off-by: Alex Deucher +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c +@@ -2220,10 +2220,6 @@ static int amdgpu_device_ip_init(struct + if (r) + goto init_failed; + +- r = amdgpu_amdkfd_resume_iommu(adev); +- if (r) +- goto init_failed; +- + r = amdgpu_device_ip_hw_init_phase1(adev); + if (r) + goto init_failed; +@@ -2259,6 +2255,10 @@ static int amdgpu_device_ip_init(struct + amdgpu_xgmi_add_device(adev); + amdgpu_amdkfd_device_init(adev); + ++ r = amdgpu_amdkfd_resume_iommu(adev); ++ if (r) ++ goto init_failed; ++ + amdgpu_fru_get_product_info(adev); + + init_failed: diff --git a/queue-5.10/drm-amdgpu-move-iommu_resume-before-ip-init-resume.patch b/queue-5.10/drm-amdgpu-move-iommu_resume-before-ip-init-resume.patch new file mode 100644 index 00000000000..80a74e27c03 --- /dev/null +++ b/queue-5.10/drm-amdgpu-move-iommu_resume-before-ip-init-resume.patch @@ -0,0 +1,57 @@ +From f02abeb0779700c308e661a412451b38962b8a0b Mon Sep 17 00:00:00 2001 +From: James Zhu +Date: Tue, 7 Sep 2021 11:32:22 -0400 +Subject: drm/amdgpu: move iommu_resume before ip init/resume + +From: James Zhu + +commit f02abeb0779700c308e661a412451b38962b8a0b upstream. + +Separate iommu_resume from kfd_resume, and move it before +other amdgpu ip init/resume. + +Bug: https://bugzilla.kernel.org/show_bug.cgi?id=211277 +Signed-off-by: James Zhu +Reviewed-by: Felix Kuehling +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c +@@ -2220,6 +2220,10 @@ static int amdgpu_device_ip_init(struct + if (r) + goto init_failed; + ++ r = amdgpu_amdkfd_resume_iommu(adev); ++ if (r) ++ goto init_failed; ++ + r = amdgpu_device_ip_hw_init_phase1(adev); + if (r) + goto init_failed; +@@ -2913,6 +2917,10 @@ static int amdgpu_device_ip_resume(struc + { + int r; + ++ r = amdgpu_amdkfd_resume_iommu(adev); ++ if (r) ++ return r; ++ + r = amdgpu_device_ip_resume_phase1(adev); + if (r) + return r; +@@ -4296,6 +4304,10 @@ static int amdgpu_do_asic_reset(struct a + + if (!r) { + dev_info(tmp_adev->dev, "GPU reset succeeded, trying to resume\n"); ++ r = amdgpu_amdkfd_resume_iommu(tmp_adev); ++ if (r) ++ goto out; ++ + r = amdgpu_device_ip_resume_phase1(tmp_adev); + if (r) + goto out; diff --git a/queue-5.10/drm-amdkfd-fix-boot-failure-when-iommu-is-disabled-in-picasso.patch b/queue-5.10/drm-amdkfd-fix-boot-failure-when-iommu-is-disabled-in-picasso.patch new file mode 100644 index 00000000000..212c1f408e2 --- /dev/null +++ b/queue-5.10/drm-amdkfd-fix-boot-failure-when-iommu-is-disabled-in-picasso.patch @@ -0,0 +1,48 @@ +From afd18180c07026f94a80ff024acef5f4159084a4 Mon Sep 17 00:00:00 2001 +From: Yifan Zhang +Date: Mon, 11 Oct 2021 20:37:01 +0800 +Subject: drm/amdkfd: fix boot failure when iommu is disabled in Picasso. + +From: Yifan Zhang + +commit afd18180c07026f94a80ff024acef5f4159084a4 upstream. + +When IOMMU disabled in sbios and kfd in iommuv2 path, iommuv2 +init will fail. But this failure should not block amdgpu driver init. + +Reported-by: youling +Tested-by: youling +Signed-off-by: Yifan Zhang +Reviewed-by: James Zhu +Signed-off-by: Alex Deucher +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 4 ---- + drivers/gpu/drm/amd/amdkfd/kfd_device.c | 3 +++ + 2 files changed, 3 insertions(+), 4 deletions(-) + +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c +@@ -2255,10 +2255,6 @@ static int amdgpu_device_ip_init(struct + amdgpu_xgmi_add_device(adev); + amdgpu_amdkfd_device_init(adev); + +- r = amdgpu_amdkfd_resume_iommu(adev); +- if (r) +- goto init_failed; +- + amdgpu_fru_get_product_info(adev); + + init_failed: +--- a/drivers/gpu/drm/amd/amdkfd/kfd_device.c ++++ b/drivers/gpu/drm/amd/amdkfd/kfd_device.c +@@ -751,6 +751,9 @@ bool kgd2kfd_device_init(struct kfd_dev + + kfd_cwsr_init(kfd); + ++ if(kgd2kfd_resume_iommu(kfd)) ++ goto device_iommu_error; ++ + if (kfd_resume(kfd)) + goto kfd_resume_error; + diff --git a/queue-5.10/drm-amdkfd-separate-kfd_iommu_resume-from-kfd_resume.patch b/queue-5.10/drm-amdkfd-separate-kfd_iommu_resume-from-kfd_resume.patch new file mode 100644 index 00000000000..51e7d767399 --- /dev/null +++ b/queue-5.10/drm-amdkfd-separate-kfd_iommu_resume-from-kfd_resume.patch @@ -0,0 +1,64 @@ +From fefc01f042f44ede373ee66773b8238dd8fdcb55 Mon Sep 17 00:00:00 2001 +From: James Zhu +Date: Tue, 7 Sep 2021 11:13:02 -0400 +Subject: drm/amdkfd: separate kfd_iommu_resume from kfd_resume + +From: James Zhu + +commit fefc01f042f44ede373ee66773b8238dd8fdcb55 upstream. + +Separate kfd_iommu_resume from kfd_resume for fine-tuning +of amdgpu device init/resume/reset/recovery sequence. + +v2: squash in fix for !CONFIG_HSA_AMD + +Bug: https://bugzilla.kernel.org/show_bug.cgi?id=211277 +Signed-off-by: James Zhu +Reviewed-by: Felix Kuehling +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 1 + + drivers/gpu/drm/amd/amdkfd/kfd_device.c | 12 ++++++++---- + 2 files changed, 9 insertions(+), 4 deletions(-) + +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h +@@ -262,6 +262,7 @@ bool kgd2kfd_device_init(struct kfd_dev + const struct kgd2kfd_shared_resources *gpu_resources); + void kgd2kfd_device_exit(struct kfd_dev *kfd); + void kgd2kfd_suspend(struct kfd_dev *kfd, bool run_pm); ++int kgd2kfd_resume_iommu(struct kfd_dev *kfd); + int kgd2kfd_resume(struct kfd_dev *kfd, bool run_pm); + int kgd2kfd_pre_reset(struct kfd_dev *kfd); + int kgd2kfd_post_reset(struct kfd_dev *kfd); +--- a/drivers/gpu/drm/amd/amdkfd/kfd_device.c ++++ b/drivers/gpu/drm/amd/amdkfd/kfd_device.c +@@ -896,17 +896,21 @@ int kgd2kfd_resume(struct kfd_dev *kfd, + return ret; + } + +-static int kfd_resume(struct kfd_dev *kfd) ++int kgd2kfd_resume_iommu(struct kfd_dev *kfd) + { + int err = 0; + + err = kfd_iommu_resume(kfd); +- if (err) { ++ if (err) + dev_err(kfd_device, + "Failed to resume IOMMU for device %x:%x\n", + kfd->pdev->vendor, kfd->pdev->device); +- return err; +- } ++ return err; ++} ++ ++static int kfd_resume(struct kfd_dev *kfd) ++{ ++ int err = 0; + + err = kfd->dqm->ops.start(kfd->dqm); + if (err) { diff --git a/queue-5.10/ipv6-fix-memory-leak-in-fib6_rule_suppress.patch b/queue-5.10/ipv6-fix-memory-leak-in-fib6_rule_suppress.patch new file mode 100644 index 00000000000..1618cbdff35 --- /dev/null +++ b/queue-5.10/ipv6-fix-memory-leak-in-fib6_rule_suppress.patch @@ -0,0 +1,118 @@ +From cdef485217d30382f3bf6448c54b4401648fe3f1 Mon Sep 17 00:00:00 2001 +From: msizanoen1 +Date: Tue, 23 Nov 2021 13:48:32 +0100 +Subject: ipv6: fix memory leak in fib6_rule_suppress + +From: msizanoen1 + +commit cdef485217d30382f3bf6448c54b4401648fe3f1 upstream. + +The kernel leaks memory when a `fib` rule is present in IPv6 nftables +firewall rules and a suppress_prefix rule is present in the IPv6 routing +rules (used by certain tools such as wg-quick). In such scenarios, every +incoming packet will leak an allocation in `ip6_dst_cache` slab cache. + +After some hours of `bpftrace`-ing and source code reading, I tracked +down the issue to ca7a03c41753 ("ipv6: do not free rt if +FIB_LOOKUP_NOREF is set on suppress rule"). + +The problem with that change is that the generic `args->flags` always have +`FIB_LOOKUP_NOREF` set[1][2] but the IPv6-specific flag +`RT6_LOOKUP_F_DST_NOREF` might not be, leading to `fib6_rule_suppress` not +decreasing the refcount when needed. + +How to reproduce: + - Add the following nftables rule to a prerouting chain: + meta nfproto ipv6 fib saddr . mark . iif oif missing drop + This can be done with: + sudo nft create table inet test + sudo nft create chain inet test test_chain '{ type filter hook prerouting priority filter + 10; policy accept; }' + sudo nft add rule inet test test_chain meta nfproto ipv6 fib saddr . mark . iif oif missing drop + - Run: + sudo ip -6 rule add table main suppress_prefixlength 0 + - Watch `sudo slabtop -o | grep ip6_dst_cache` to see memory usage increase + with every incoming ipv6 packet. + +This patch exposes the protocol-specific flags to the protocol +specific `suppress` function, and check the protocol-specific `flags` +argument for RT6_LOOKUP_F_DST_NOREF instead of the generic +FIB_LOOKUP_NOREF when decreasing the refcount, like this. + +[1]: https://github.com/torvalds/linux/blob/ca7a03c4175366a92cee0ccc4fec0038c3266e26/net/ipv6/fib6_rules.c#L71 +[2]: https://github.com/torvalds/linux/blob/ca7a03c4175366a92cee0ccc4fec0038c3266e26/net/ipv6/fib6_rules.c#L99 + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=215105 +Fixes: ca7a03c41753 ("ipv6: do not free rt if FIB_LOOKUP_NOREF is set on suppress rule") +Cc: stable@vger.kernel.org +Signed-off-by: Jason A. Donenfeld +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + include/net/fib_rules.h | 4 +++- + net/core/fib_rules.c | 2 +- + net/ipv4/fib_rules.c | 1 + + net/ipv6/fib6_rules.c | 4 ++-- + 4 files changed, 7 insertions(+), 4 deletions(-) + +--- a/include/net/fib_rules.h ++++ b/include/net/fib_rules.h +@@ -69,7 +69,7 @@ struct fib_rules_ops { + int (*action)(struct fib_rule *, + struct flowi *, int, + struct fib_lookup_arg *); +- bool (*suppress)(struct fib_rule *, ++ bool (*suppress)(struct fib_rule *, int, + struct fib_lookup_arg *); + int (*match)(struct fib_rule *, + struct flowi *, int); +@@ -218,7 +218,9 @@ INDIRECT_CALLABLE_DECLARE(int fib4_rule_ + struct fib_lookup_arg *arg)); + + INDIRECT_CALLABLE_DECLARE(bool fib6_rule_suppress(struct fib_rule *rule, ++ int flags, + struct fib_lookup_arg *arg)); + INDIRECT_CALLABLE_DECLARE(bool fib4_rule_suppress(struct fib_rule *rule, ++ int flags, + struct fib_lookup_arg *arg)); + #endif +--- a/net/core/fib_rules.c ++++ b/net/core/fib_rules.c +@@ -323,7 +323,7 @@ jumped: + if (!err && ops->suppress && INDIRECT_CALL_MT(ops->suppress, + fib6_rule_suppress, + fib4_rule_suppress, +- rule, arg)) ++ rule, flags, arg)) + continue; + + if (err != -EAGAIN) { +--- a/net/ipv4/fib_rules.c ++++ b/net/ipv4/fib_rules.c +@@ -141,6 +141,7 @@ INDIRECT_CALLABLE_SCOPE int fib4_rule_ac + } + + INDIRECT_CALLABLE_SCOPE bool fib4_rule_suppress(struct fib_rule *rule, ++ int flags, + struct fib_lookup_arg *arg) + { + struct fib_result *result = (struct fib_result *) arg->result; +--- a/net/ipv6/fib6_rules.c ++++ b/net/ipv6/fib6_rules.c +@@ -267,6 +267,7 @@ INDIRECT_CALLABLE_SCOPE int fib6_rule_ac + } + + INDIRECT_CALLABLE_SCOPE bool fib6_rule_suppress(struct fib_rule *rule, ++ int flags, + struct fib_lookup_arg *arg) + { + struct fib6_result *res = arg->result; +@@ -294,8 +295,7 @@ INDIRECT_CALLABLE_SCOPE bool fib6_rule_s + return false; + + suppress_route: +- if (!(arg->flags & FIB_LOOKUP_NOREF)) +- ip6_rt_put(rt); ++ ip6_rt_put_flags(rt, flags); + return true; + } + diff --git a/queue-5.10/kvm-arm64-avoid-setting-the-upper-32-bits-of-tcr_el2-and-cptr_el2-to-1.patch b/queue-5.10/kvm-arm64-avoid-setting-the-upper-32-bits-of-tcr_el2-and-cptr_el2-to-1.patch new file mode 100644 index 00000000000..da38515739c --- /dev/null +++ b/queue-5.10/kvm-arm64-avoid-setting-the-upper-32-bits-of-tcr_el2-and-cptr_el2-to-1.patch @@ -0,0 +1,54 @@ +From 1f80d15020d7f130194821feb1432b67648c632d Mon Sep 17 00:00:00 2001 +From: Catalin Marinas +Date: Thu, 25 Nov 2021 15:20:14 +0000 +Subject: KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 to 1 + +From: Catalin Marinas + +commit 1f80d15020d7f130194821feb1432b67648c632d upstream. + +Having a signed (1 << 31) constant for TCR_EL2_RES1 and CPTR_EL2_TCPAC +causes the upper 32-bit to be set to 1 when assigning them to a 64-bit +variable. Bit 32 in TCR_EL2 is no longer RES0 in ARMv8.7: with FEAT_LPA2 +it changes the meaning of bits 49:48 and 9:8 in the stage 1 EL2 page +table entries. As a result of the sign-extension, a non-VHE kernel can +no longer boot on a model with ARMv8.7 enabled. + +CPTR_EL2 still has the top 32 bits RES0 but we should preempt any future +problems + +Make these top bit constants unsigned as per commit df655b75c43f +("arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1"). + +Signed-off-by: Catalin Marinas +Reported-by: Chris January +Cc: +Cc: Will Deacon +Cc: Marc Zyngier +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20211125152014.2806582-1-catalin.marinas@arm.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/include/asm/kvm_arm.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm64/include/asm/kvm_arm.h ++++ b/arch/arm64/include/asm/kvm_arm.h +@@ -83,7 +83,7 @@ + #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H) + + /* TCR_EL2 Registers bits */ +-#define TCR_EL2_RES1 ((1 << 31) | (1 << 23)) ++#define TCR_EL2_RES1 ((1U << 31) | (1 << 23)) + #define TCR_EL2_TBI (1 << 20) + #define TCR_EL2_PS_SHIFT 16 + #define TCR_EL2_PS_MASK (7 << TCR_EL2_PS_SHIFT) +@@ -268,7 +268,7 @@ + #define CPTR_EL2_TFP_SHIFT 10 + + /* Hyp Coprocessor Trap Register */ +-#define CPTR_EL2_TCPAC (1 << 31) ++#define CPTR_EL2_TCPAC (1U << 31) + #define CPTR_EL2_TAM (1 << 30) + #define CPTR_EL2_TTA (1 << 20) + #define CPTR_EL2_TFP (1 << CPTR_EL2_TFP_SHIFT) diff --git a/queue-5.10/kvm-disallow-user-memslot-with-size-that-exceeds-unsigned-long.patch b/queue-5.10/kvm-disallow-user-memslot-with-size-that-exceeds-unsigned-long.patch new file mode 100644 index 00000000000..1b46da1fc5d --- /dev/null +++ b/queue-5.10/kvm-disallow-user-memslot-with-size-that-exceeds-unsigned-long.patch @@ -0,0 +1,43 @@ +From 6b285a5587506bae084cf9a3ed5aa491d623b91b Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Thu, 4 Nov 2021 00:25:03 +0000 +Subject: KVM: Disallow user memslot with size that exceeds "unsigned long" + +From: Sean Christopherson + +commit 6b285a5587506bae084cf9a3ed5aa491d623b91b upstream. + +Reject userspace memslots whose size exceeds the storage capacity of an +"unsigned long". KVM's uAPI takes the size as u64 to support large slots +on 64-bit hosts, but does not account for the size being truncated on +32-bit hosts in various flows. The access_ok() check on the userspace +virtual address in particular casts the size to "unsigned long" and will +check the wrong number of bytes. + +KVM doesn't actually support slots whose size doesn't fit in an "unsigned +long", e.g. KVM's internal kvm_memory_slot.npages is an "unsigned long", +not a "u64", and misc arch specific code follows that behavior. + +Fixes: fa3d315a4ce2 ("KVM: Validate userspace_addr of memslot when registered") +Cc: stable@vger.kernel.org +Signed-off-by: Sean Christopherson +Reviewed-by: Maciej S. Szmigiero +Message-Id: <20211104002531.1176691-3-seanjc@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + virt/kvm/kvm_main.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/virt/kvm/kvm_main.c ++++ b/virt/kvm/kvm_main.c +@@ -1297,7 +1297,8 @@ int __kvm_set_memory_region(struct kvm * + id = (u16)mem->slot; + + /* General sanity checks */ +- if (mem->memory_size & (PAGE_SIZE - 1)) ++ if ((mem->memory_size & (PAGE_SIZE - 1)) || ++ (mem->memory_size != (unsigned long)mem->memory_size)) + return -EINVAL; + if (mem->guest_phys_addr & (PAGE_SIZE - 1)) + return -EINVAL; diff --git a/queue-5.10/kvm-nvmx-flush-current-vpid-l1-vs.-l2-for-kvm_req_tlb_flush_guest.patch b/queue-5.10/kvm-nvmx-flush-current-vpid-l1-vs.-l2-for-kvm_req_tlb_flush_guest.patch new file mode 100644 index 00000000000..7ed48812c7b --- /dev/null +++ b/queue-5.10/kvm-nvmx-flush-current-vpid-l1-vs.-l2-for-kvm_req_tlb_flush_guest.patch @@ -0,0 +1,81 @@ +From 2b4a5a5d56881ece3c66b9a9a8943a6f41bd7349 Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Thu, 25 Nov 2021 01:49:43 +0000 +Subject: KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST + +From: Sean Christopherson + +commit 2b4a5a5d56881ece3c66b9a9a8943a6f41bd7349 upstream. + +Flush the current VPID when handling KVM_REQ_TLB_FLUSH_GUEST instead of +always flushing vpid01. Any TLB flush that is triggered when L2 is +active is scoped to L2's VPID (if it has one), e.g. if L2 toggles CR4.PGE +and L1 doesn't intercept PGE writes, then KVM's emulation of the TLB +flush needs to be applied to L2's VPID. + +Reported-by: Lai Jiangshan +Fixes: 07ffaf343e34 ("KVM: nVMX: Sync all PGDs on nested transition with shadow paging") +Cc: stable@vger.kernel.org +Signed-off-by: Sean Christopherson +Message-Id: <20211125014944.536398-2-seanjc@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/vmx/vmx.c | 23 ++++++++++++++--------- + 1 file changed, 14 insertions(+), 9 deletions(-) + +--- a/arch/x86/kvm/vmx/vmx.c ++++ b/arch/x86/kvm/vmx/vmx.c +@@ -2908,6 +2908,13 @@ static void vmx_flush_tlb_all(struct kvm + } + } + ++static inline int vmx_get_current_vpid(struct kvm_vcpu *vcpu) ++{ ++ if (is_guest_mode(vcpu)) ++ return nested_get_vpid02(vcpu); ++ return to_vmx(vcpu)->vpid; ++} ++ + static void vmx_flush_tlb_current(struct kvm_vcpu *vcpu) + { + struct kvm_mmu *mmu = vcpu->arch.mmu; +@@ -2920,31 +2927,29 @@ static void vmx_flush_tlb_current(struct + if (enable_ept) + ept_sync_context(construct_eptp(vcpu, root_hpa, + mmu->shadow_root_level)); +- else if (!is_guest_mode(vcpu)) +- vpid_sync_context(to_vmx(vcpu)->vpid); + else +- vpid_sync_context(nested_get_vpid02(vcpu)); ++ vpid_sync_context(vmx_get_current_vpid(vcpu)); + } + + static void vmx_flush_tlb_gva(struct kvm_vcpu *vcpu, gva_t addr) + { + /* +- * vpid_sync_vcpu_addr() is a nop if vmx->vpid==0, see the comment in ++ * vpid_sync_vcpu_addr() is a nop if vpid==0, see the comment in + * vmx_flush_tlb_guest() for an explanation of why this is ok. + */ +- vpid_sync_vcpu_addr(to_vmx(vcpu)->vpid, addr); ++ vpid_sync_vcpu_addr(vmx_get_current_vpid(vcpu), addr); + } + + static void vmx_flush_tlb_guest(struct kvm_vcpu *vcpu) + { + /* +- * vpid_sync_context() is a nop if vmx->vpid==0, e.g. if enable_vpid==0 +- * or a vpid couldn't be allocated for this vCPU. VM-Enter and VM-Exit +- * are required to flush GVA->{G,H}PA mappings from the TLB if vpid is ++ * vpid_sync_context() is a nop if vpid==0, e.g. if enable_vpid==0 or a ++ * vpid couldn't be allocated for this vCPU. VM-Enter and VM-Exit are ++ * required to flush GVA->{G,H}PA mappings from the TLB if vpid is + * disabled (VM-Enter with vpid enabled and vpid==0 is disallowed), + * i.e. no explicit INVVPID is necessary. + */ +- vpid_sync_context(to_vmx(vcpu)->vpid); ++ vpid_sync_context(vmx_get_current_vpid(vcpu)); + } + + void vmx_ept_load_pdptrs(struct kvm_vcpu *vcpu) diff --git a/queue-5.10/kvm-x86-use-a-stable-condition-around-all-vt-d-pi-paths.patch b/queue-5.10/kvm-x86-use-a-stable-condition-around-all-vt-d-pi-paths.patch new file mode 100644 index 00000000000..6d34808e164 --- /dev/null +++ b/queue-5.10/kvm-x86-use-a-stable-condition-around-all-vt-d-pi-paths.patch @@ -0,0 +1,90 @@ +From 53b7ca1a359389276c76fbc9e1009d8626a17e40 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Mon, 22 Nov 2021 19:43:11 -0500 +Subject: KVM: x86: Use a stable condition around all VT-d PI paths + +From: Paolo Bonzini + +commit 53b7ca1a359389276c76fbc9e1009d8626a17e40 upstream. + +Currently, checks for whether VT-d PI can be used refer to the current +status of the feature in the current vCPU; or they more or less pick +vCPU 0 in case a specific vCPU is not available. + +However, these checks do not attempt to synchronize with changes to +the IRTE. In particular, there is no path that updates the IRTE when +APICv is re-activated on vCPU 0; and there is no path to wakeup a CPU +that has APICv disabled, if the wakeup occurs because of an IRTE +that points to a posted interrupt. + +To fix this, always go through the VT-d PI path as long as there are +assigned devices and APICv is available on both the host and the VM side. +Since the relevant condition was copied over three times, take the hint +and factor it into a separate function. + +Suggested-by: Sean Christopherson +Cc: stable@vger.kernel.org +Reviewed-by: Sean Christopherson +Reviewed-by: Maxim Levitsky +Reviewed-by: David Matlack +Message-Id: <20211123004311.2954158-5-pbonzini@redhat.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/vmx/posted_intr.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +--- a/arch/x86/kvm/vmx/posted_intr.c ++++ b/arch/x86/kvm/vmx/posted_intr.c +@@ -5,6 +5,7 @@ + #include + + #include "lapic.h" ++#include "irq.h" + #include "posted_intr.h" + #include "trace.h" + #include "vmx.h" +@@ -77,13 +78,18 @@ after_clear_sn: + pi_set_on(pi_desc); + } + ++static bool vmx_can_use_vtd_pi(struct kvm *kvm) ++{ ++ return irqchip_in_kernel(kvm) && enable_apicv && ++ kvm_arch_has_assigned_device(kvm) && ++ irq_remapping_cap(IRQ_POSTING_CAP); ++} ++ + void vmx_vcpu_pi_put(struct kvm_vcpu *vcpu) + { + struct pi_desc *pi_desc = vcpu_to_pi_desc(vcpu); + +- if (!kvm_arch_has_assigned_device(vcpu->kvm) || +- !irq_remapping_cap(IRQ_POSTING_CAP) || +- !kvm_vcpu_apicv_active(vcpu)) ++ if (!vmx_can_use_vtd_pi(vcpu->kvm)) + return; + + /* Set SN when the vCPU is preempted */ +@@ -141,9 +147,7 @@ int pi_pre_block(struct kvm_vcpu *vcpu) + struct pi_desc old, new; + struct pi_desc *pi_desc = vcpu_to_pi_desc(vcpu); + +- if (!kvm_arch_has_assigned_device(vcpu->kvm) || +- !irq_remapping_cap(IRQ_POSTING_CAP) || +- !kvm_vcpu_apicv_active(vcpu)) ++ if (!vmx_can_use_vtd_pi(vcpu->kvm)) + return 0; + + WARN_ON(irqs_disabled()); +@@ -256,9 +260,7 @@ int pi_update_irte(struct kvm *kvm, unsi + struct vcpu_data vcpu_info; + int idx, ret = 0; + +- if (!kvm_arch_has_assigned_device(kvm) || +- !irq_remapping_cap(IRQ_POSTING_CAP) || +- !kvm_vcpu_apicv_active(kvm->vcpus[0])) ++ if (!vmx_can_use_vtd_pi(kvm)) + return 0; + + idx = srcu_read_lock(&kvm->irq_srcu); diff --git a/queue-5.10/kvm-x86-use-vcpu-arch.walk_mmu-for-kvm_mmu_invlpg.patch b/queue-5.10/kvm-x86-use-vcpu-arch.walk_mmu-for-kvm_mmu_invlpg.patch new file mode 100644 index 00000000000..adb063a2cda --- /dev/null +++ b/queue-5.10/kvm-x86-use-vcpu-arch.walk_mmu-for-kvm_mmu_invlpg.patch @@ -0,0 +1,36 @@ +From 05b29633c7a956d5675f5fbba70db0d26aa5e73e Mon Sep 17 00:00:00 2001 +From: Lai Jiangshan +Date: Wed, 24 Nov 2021 20:20:46 +0800 +Subject: KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() + +From: Lai Jiangshan + +commit 05b29633c7a956d5675f5fbba70db0d26aa5e73e upstream. + +INVLPG operates on guest virtual address, which are represented by +vcpu->arch.walk_mmu. In nested virtualization scenarios, +kvm_mmu_invlpg() was using the wrong MMU structure; if L2's invlpg were +emulated by L0 (in practice, it hardly happen) when nested two-dimensional +paging is enabled, the call to ->tlb_flush_gva() would be skipped and +the hardware TLB entry would not be invalidated. + +Signed-off-by: Lai Jiangshan +Message-Id: <20211124122055.64424-5-jiangshanlai@gmail.com> +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/mmu/mmu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/kvm/mmu/mmu.c ++++ b/arch/x86/kvm/mmu/mmu.c +@@ -5152,7 +5152,7 @@ EXPORT_SYMBOL_GPL(kvm_mmu_invalidate_gva + + void kvm_mmu_invlpg(struct kvm_vcpu *vcpu, gva_t gva) + { +- kvm_mmu_invalidate_gva(vcpu, vcpu->arch.mmu, gva, INVALID_PAGE); ++ kvm_mmu_invalidate_gva(vcpu, vcpu->arch.walk_mmu, gva, INVALID_PAGE); + ++vcpu->stat.invlpg; + } + EXPORT_SYMBOL_GPL(kvm_mmu_invlpg); diff --git a/queue-5.10/series b/queue-5.10/series index 9511d475832..075ed784277 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -37,3 +37,16 @@ s390-pci-move-pseudo-mmio-to-prevent-mio-overlap.patch fget-check-that-the-fd-still-exists-after-getting-a-ref-to-it.patch sata_fsl-fix-uaf-in-sata_fsl_port_stop-when-rmmod-sata_fsl.patch sata_fsl-fix-warning-in-remove_proc_entry-when-rmmod-sata_fsl.patch +ipv6-fix-memory-leak-in-fib6_rule_suppress.patch +drm-amd-display-allow-dsc-on-supported-mst-branch-devices.patch +kvm-disallow-user-memslot-with-size-that-exceeds-unsigned-long.patch +kvm-nvmx-flush-current-vpid-l1-vs.-l2-for-kvm_req_tlb_flush_guest.patch +kvm-x86-use-a-stable-condition-around-all-vt-d-pi-paths.patch +kvm-arm64-avoid-setting-the-upper-32-bits-of-tcr_el2-and-cptr_el2-to-1.patch +kvm-x86-use-vcpu-arch.walk_mmu-for-kvm_mmu_invlpg.patch +tracing-histograms-string-compares-should-not-care-about-signed-values.patch +drm-amdkfd-separate-kfd_iommu_resume-from-kfd_resume.patch +drm-amdgpu-add-amdgpu_amdkfd_resume_iommu.patch +drm-amdgpu-move-iommu_resume-before-ip-init-resume.patch +drm-amdgpu-init-iommu-after-amdkfd-device-init.patch +drm-amdkfd-fix-boot-failure-when-iommu-is-disabled-in-picasso.patch diff --git a/queue-5.10/tracing-histograms-string-compares-should-not-care-about-signed-values.patch b/queue-5.10/tracing-histograms-string-compares-should-not-care-about-signed-values.patch new file mode 100644 index 00000000000..ed070174a9c --- /dev/null +++ b/queue-5.10/tracing-histograms-string-compares-should-not-care-about-signed-values.patch @@ -0,0 +1,41 @@ +From 450fec13d9170127678f991698ac1a5b05c02e2f Mon Sep 17 00:00:00 2001 +From: "Steven Rostedt (VMware)" +Date: Tue, 30 Nov 2021 12:31:23 -0500 +Subject: tracing/histograms: String compares should not care about signed values + +From: Steven Rostedt (VMware) + +commit 450fec13d9170127678f991698ac1a5b05c02e2f upstream. + +When comparing two strings for the "onmatch" histogram trigger, fields +that are strings use string comparisons, which do not care about being +signed or not. + +Do not fail to match two string fields if one is unsigned char array and +the other is a signed char array. + +Link: https://lore.kernel.org/all/20211129123043.5cfd687a@gandalf.local.home/ + +Cc: stable@vgerk.kernel.org +Cc: Tom Zanussi +Cc: Yafang Shao +Fixes: b05e89ae7cf3b ("tracing: Accept different type for synthetic event fields") +Reviewed-by: Masami Hiramatsu +Reported-by: Sven Schnelle +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/trace_events_hist.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/trace/trace_events_hist.c ++++ b/kernel/trace/trace_events_hist.c +@@ -3344,7 +3344,7 @@ static int check_synth_field(struct synt + + if (strcmp(field->type, hist_field->type) != 0) { + if (field->size != hist_field->size || +- field->is_signed != hist_field->is_signed) ++ (!field->is_string && field->is_signed != hist_field->is_signed)) + return -EINVAL; + } +