From: Greg Kroah-Hartman Date: Wed, 15 Sep 2021 11:39:37 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v5.14.5~48 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=80946e82d0b3066b0d12f7b46746b048d95e1937;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: 9p-xen-fix-end-of-loop-tests-for-list_for_each_entry.patch blk-zoned-allow-blkreportzone-without-cap_sys_admin.patch blk-zoned-allow-zone-management-send-operations-without-cap_sys_admin.patch include-linux-list.h-add-a-macro-to-test-if-entry-is-pointing-to-the-head.patch pci-msi-skip-masking-msi-x-on-xen-pv.patch powerpc-perf-hv-gpci-fix-counter-value-parsing.patch rtc-tps65910-correct-driver-module-alias.patch xen-fix-setting-of-max_pfn-in-shared_info.patch --- diff --git a/queue-4.14/9p-xen-fix-end-of-loop-tests-for-list_for_each_entry.patch b/queue-4.14/9p-xen-fix-end-of-loop-tests-for-list_for_each_entry.patch new file mode 100644 index 00000000000..355abf0a563 --- /dev/null +++ b/queue-4.14/9p-xen-fix-end-of-loop-tests-for-list_for_each_entry.patch @@ -0,0 +1,46 @@ +From 732b33d0dbf17e9483f0b50385bf606f724f50a2 Mon Sep 17 00:00:00 2001 +From: Harshvardhan Jha +Date: Tue, 27 Jul 2021 05:37:10 +0530 +Subject: 9p/xen: Fix end of loop tests for list_for_each_entry + +From: Harshvardhan Jha + +commit 732b33d0dbf17e9483f0b50385bf606f724f50a2 upstream. + +This patch addresses the following problems: + - priv can never be NULL, so this part of the check is useless + - if the loop ran through the whole list, priv->client is invalid and +it is more appropriate and sufficient to check for the end of +list_for_each_entry loop condition. + +Link: http://lkml.kernel.org/r/20210727000709.225032-1-harshvardhan.jha@oracle.com +Signed-off-by: Harshvardhan Jha +Reviewed-by: Stefano Stabellini +Tested-by: Stefano Stabellini +Cc: +Signed-off-by: Dominique Martinet +Signed-off-by: Greg Kroah-Hartman +--- + net/9p/trans_xen.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/net/9p/trans_xen.c ++++ b/net/9p/trans_xen.c +@@ -139,7 +139,7 @@ static bool p9_xen_write_todo(struct xen + + static int p9_xen_request(struct p9_client *client, struct p9_req_t *p9_req) + { +- struct xen_9pfs_front_priv *priv = NULL; ++ struct xen_9pfs_front_priv *priv; + RING_IDX cons, prod, masked_cons, masked_prod; + unsigned long flags; + u32 size = p9_req->tc->size; +@@ -152,7 +152,7 @@ static int p9_xen_request(struct p9_clie + break; + } + read_unlock(&xen_9pfs_lock); +- if (!priv || priv->client != client) ++ if (list_entry_is_head(priv, &xen_9pfs_devs, list)) + return -EINVAL; + + num = p9_req->tc->tag % priv->num_rings; diff --git a/queue-4.14/blk-zoned-allow-blkreportzone-without-cap_sys_admin.patch b/queue-4.14/blk-zoned-allow-blkreportzone-without-cap_sys_admin.patch new file mode 100644 index 00000000000..b862258d8a5 --- /dev/null +++ b/queue-4.14/blk-zoned-allow-blkreportzone-without-cap_sys_admin.patch @@ -0,0 +1,45 @@ +From 4d643b66089591b4769bcdb6fd1bfeff2fe301b8 Mon Sep 17 00:00:00 2001 +From: Niklas Cassel +Date: Wed, 11 Aug 2021 11:05:19 +0000 +Subject: blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN + +From: Niklas Cassel + +commit 4d643b66089591b4769bcdb6fd1bfeff2fe301b8 upstream. + +A user space process should not need the CAP_SYS_ADMIN capability set +in order to perform a BLKREPORTZONE ioctl. + +Getting the zone report is required in order to get the write pointer. +Neither read() nor write() requires CAP_SYS_ADMIN, so it is reasonable +that a user space process that can read/write from/to the device, also +can get the write pointer. (Since e.g. writes have to be at the write +pointer.) + +Fixes: 3ed05a987e0f ("blk-zoned: implement ioctls") +Signed-off-by: Niklas Cassel +Reviewed-by: Damien Le Moal +Reviewed-by: Aravind Ramesh +Reviewed-by: Adam Manzanares +Reviewed-by: Himanshu Madhani +Reviewed-by: Johannes Thumshirn +Cc: stable@vger.kernel.org # v4.10+ +Link: https://lore.kernel.org/r/20210811110505.29649-3-Niklas.Cassel@wdc.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + block/blk-zoned.c | 3 --- + 1 file changed, 3 deletions(-) + +--- a/block/blk-zoned.c ++++ b/block/blk-zoned.c +@@ -277,9 +277,6 @@ int blkdev_report_zones_ioctl(struct blo + if (!blk_queue_is_zoned(q)) + return -ENOTTY; + +- if (!capable(CAP_SYS_ADMIN)) +- return -EACCES; +- + if (copy_from_user(&rep, argp, sizeof(struct blk_zone_report))) + return -EFAULT; + diff --git a/queue-4.14/blk-zoned-allow-zone-management-send-operations-without-cap_sys_admin.patch b/queue-4.14/blk-zoned-allow-zone-management-send-operations-without-cap_sys_admin.patch new file mode 100644 index 00000000000..ee2622d0751 --- /dev/null +++ b/queue-4.14/blk-zoned-allow-zone-management-send-operations-without-cap_sys_admin.patch @@ -0,0 +1,51 @@ +From ead3b768bb51259e3a5f2287ff5fc9041eb6f450 Mon Sep 17 00:00:00 2001 +From: Niklas Cassel +Date: Wed, 11 Aug 2021 11:05:18 +0000 +Subject: blk-zoned: allow zone management send operations without CAP_SYS_ADMIN + +From: Niklas Cassel + +commit ead3b768bb51259e3a5f2287ff5fc9041eb6f450 upstream. + +Zone management send operations (BLKRESETZONE, BLKOPENZONE, BLKCLOSEZONE +and BLKFINISHZONE) should be allowed under the same permissions as write(). +(write() does not require CAP_SYS_ADMIN). + +Additionally, other ioctls like BLKSECDISCARD and BLKZEROOUT only check if +the fd was successfully opened with FMODE_WRITE. +(They do not require CAP_SYS_ADMIN). + +Currently, zone management send operations require both CAP_SYS_ADMIN +and that the fd was successfully opened with FMODE_WRITE. + +Remove the CAP_SYS_ADMIN requirement, so that zone management send +operations match the access control requirement of write(), BLKSECDISCARD +and BLKZEROOUT. + +Fixes: 3ed05a987e0f ("blk-zoned: implement ioctls") +Signed-off-by: Niklas Cassel +Reviewed-by: Damien Le Moal +Reviewed-by: Aravind Ramesh +Reviewed-by: Adam Manzanares +Reviewed-by: Himanshu Madhani +Reviewed-by: Johannes Thumshirn +Cc: stable@vger.kernel.org # v4.10+ +Link: https://lore.kernel.org/r/20210811110505.29649-2-Niklas.Cassel@wdc.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + block/blk-zoned.c | 3 --- + 1 file changed, 3 deletions(-) + +--- a/block/blk-zoned.c ++++ b/block/blk-zoned.c +@@ -338,9 +338,6 @@ int blkdev_reset_zones_ioctl(struct bloc + if (!blk_queue_is_zoned(q)) + return -ENOTTY; + +- if (!capable(CAP_SYS_ADMIN)) +- return -EACCES; +- + if (!(mode & FMODE_WRITE)) + return -EBADF; + diff --git a/queue-4.14/include-linux-list.h-add-a-macro-to-test-if-entry-is-pointing-to-the-head.patch b/queue-4.14/include-linux-list.h-add-a-macro-to-test-if-entry-is-pointing-to-the-head.patch new file mode 100644 index 00000000000..8c3ec245590 --- /dev/null +++ b/queue-4.14/include-linux-list.h-add-a-macro-to-test-if-entry-is-pointing-to-the-head.patch @@ -0,0 +1,142 @@ +From e130816164e244b692921de49771eeb28205152d Mon Sep 17 00:00:00 2001 +From: Andy Shevchenko +Date: Thu, 15 Oct 2020 20:11:31 -0700 +Subject: include/linux/list.h: add a macro to test if entry is pointing to the head + +From: Andy Shevchenko + +commit e130816164e244b692921de49771eeb28205152d upstream. + +Add a macro to test if entry is pointing to the head of the list which is +useful in cases like: + + list_for_each_entry(pos, &head, member) { + if (cond) + break; + } + if (list_entry_is_head(pos, &head, member)) + return -ERRNO; + +that allows to avoid additional variable to be added to track if loop has +not been stopped in the middle. + +While here, convert list_for_each_entry*() family of macros to use a new one. + +Signed-off-by: Andy Shevchenko +Signed-off-by: Andrew Morton +Reviewed-by: Cezary Rojewski +Link: https://lkml.kernel.org/r/20200929134342.51489-1-andriy.shevchenko@linux.intel.com +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/list.h | 29 +++++++++++++++++++---------- + 1 file changed, 19 insertions(+), 10 deletions(-) + +--- a/include/linux/list.h ++++ b/include/linux/list.h +@@ -485,6 +485,15 @@ static inline void list_splice_tail_init + pos = n, n = pos->prev) + + /** ++ * list_entry_is_head - test if the entry points to the head of the list ++ * @pos: the type * to cursor ++ * @head: the head for your list. ++ * @member: the name of the list_head within the struct. ++ */ ++#define list_entry_is_head(pos, head, member) \ ++ (&pos->member == (head)) ++ ++/** + * list_for_each_entry - iterate over list of given type + * @pos: the type * to use as a loop cursor. + * @head: the head for your list. +@@ -492,7 +501,7 @@ static inline void list_splice_tail_init + */ + #define list_for_each_entry(pos, head, member) \ + for (pos = list_first_entry(head, typeof(*pos), member); \ +- &pos->member != (head); \ ++ !list_entry_is_head(pos, head, member); \ + pos = list_next_entry(pos, member)) + + /** +@@ -503,7 +512,7 @@ static inline void list_splice_tail_init + */ + #define list_for_each_entry_reverse(pos, head, member) \ + for (pos = list_last_entry(head, typeof(*pos), member); \ +- &pos->member != (head); \ ++ !list_entry_is_head(pos, head, member); \ + pos = list_prev_entry(pos, member)) + + /** +@@ -528,7 +537,7 @@ static inline void list_splice_tail_init + */ + #define list_for_each_entry_continue(pos, head, member) \ + for (pos = list_next_entry(pos, member); \ +- &pos->member != (head); \ ++ !list_entry_is_head(pos, head, member); \ + pos = list_next_entry(pos, member)) + + /** +@@ -542,7 +551,7 @@ static inline void list_splice_tail_init + */ + #define list_for_each_entry_continue_reverse(pos, head, member) \ + for (pos = list_prev_entry(pos, member); \ +- &pos->member != (head); \ ++ !list_entry_is_head(pos, head, member); \ + pos = list_prev_entry(pos, member)) + + /** +@@ -554,7 +563,7 @@ static inline void list_splice_tail_init + * Iterate over list of given type, continuing from current position. + */ + #define list_for_each_entry_from(pos, head, member) \ +- for (; &pos->member != (head); \ ++ for (; !list_entry_is_head(pos, head, member); \ + pos = list_next_entry(pos, member)) + + /** +@@ -567,7 +576,7 @@ static inline void list_splice_tail_init + * Iterate backwards over list of given type, continuing from current position. + */ + #define list_for_each_entry_from_reverse(pos, head, member) \ +- for (; &pos->member != (head); \ ++ for (; !list_entry_is_head(pos, head, member); \ + pos = list_prev_entry(pos, member)) + + /** +@@ -580,7 +589,7 @@ static inline void list_splice_tail_init + #define list_for_each_entry_safe(pos, n, head, member) \ + for (pos = list_first_entry(head, typeof(*pos), member), \ + n = list_next_entry(pos, member); \ +- &pos->member != (head); \ ++ !list_entry_is_head(pos, head, member); \ + pos = n, n = list_next_entry(n, member)) + + /** +@@ -596,7 +605,7 @@ static inline void list_splice_tail_init + #define list_for_each_entry_safe_continue(pos, n, head, member) \ + for (pos = list_next_entry(pos, member), \ + n = list_next_entry(pos, member); \ +- &pos->member != (head); \ ++ !list_entry_is_head(pos, head, member); \ + pos = n, n = list_next_entry(n, member)) + + /** +@@ -611,7 +620,7 @@ static inline void list_splice_tail_init + */ + #define list_for_each_entry_safe_from(pos, n, head, member) \ + for (n = list_next_entry(pos, member); \ +- &pos->member != (head); \ ++ !list_entry_is_head(pos, head, member); \ + pos = n, n = list_next_entry(n, member)) + + /** +@@ -627,7 +636,7 @@ static inline void list_splice_tail_init + #define list_for_each_entry_safe_reverse(pos, n, head, member) \ + for (pos = list_last_entry(head, typeof(*pos), member), \ + n = list_prev_entry(pos, member); \ +- &pos->member != (head); \ ++ !list_entry_is_head(pos, head, member); \ + pos = n, n = list_prev_entry(n, member)) + + /** diff --git a/queue-4.14/pci-msi-skip-masking-msi-x-on-xen-pv.patch b/queue-4.14/pci-msi-skip-masking-msi-x-on-xen-pv.patch new file mode 100644 index 00000000000..c7bbdb9877b --- /dev/null +++ b/queue-4.14/pci-msi-skip-masking-msi-x-on-xen-pv.patch @@ -0,0 +1,55 @@ +From 1a519dc7a73c977547d8b5108d98c6e769c89f4b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Thu, 26 Aug 2021 19:03:42 +0200 +Subject: PCI/MSI: Skip masking MSI-X on Xen PV +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Marek Marczykowski-Górecki + +commit 1a519dc7a73c977547d8b5108d98c6e769c89f4b upstream. + +When running as Xen PV guest, masking MSI-X is a responsibility of the +hypervisor. The guest has no write access to the relevant BAR at all - when +it tries to, it results in a crash like this: + + BUG: unable to handle page fault for address: ffffc9004069100c + #PF: supervisor write access in kernel mode + #PF: error_code(0x0003) - permissions violation + RIP: e030:__pci_enable_msix_range.part.0+0x26b/0x5f0 + e1000e_set_interrupt_capability+0xbf/0xd0 [e1000e] + e1000_probe+0x41f/0xdb0 [e1000e] + local_pci_probe+0x42/0x80 + (...) + +The recently introduced function msix_mask_all() does not check the global +variable pci_msi_ignore_mask which is set by XEN PV to bypass the masking +of MSI[-X] interrupts. + +Add the check to make this function XEN PV compatible. + +Fixes: 7d5ec3d36123 ("PCI/MSI: Mask all unused MSI-X entries") +Signed-off-by: Marek Marczykowski-Górecki +Signed-off-by: Thomas Gleixner +Acked-by: Bjorn Helgaas +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20210826170342.135172-1-marmarek@invisiblethingslab.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pci/msi.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/pci/msi.c ++++ b/drivers/pci/msi.c +@@ -754,6 +754,9 @@ static void msix_mask_all(void __iomem * + u32 ctrl = PCI_MSIX_ENTRY_CTRL_MASKBIT; + int i; + ++ if (pci_msi_ignore_mask) ++ return; ++ + for (i = 0; i < tsize; i++, base += PCI_MSIX_ENTRY_SIZE) + writel(ctrl, base + PCI_MSIX_ENTRY_VECTOR_CTRL); + } diff --git a/queue-4.14/powerpc-perf-hv-gpci-fix-counter-value-parsing.patch b/queue-4.14/powerpc-perf-hv-gpci-fix-counter-value-parsing.patch new file mode 100644 index 00000000000..6a7ad847920 --- /dev/null +++ b/queue-4.14/powerpc-perf-hv-gpci-fix-counter-value-parsing.patch @@ -0,0 +1,67 @@ +From f9addd85fbfacf0d155e83dbee8696d6df5ed0c7 Mon Sep 17 00:00:00 2001 +From: Kajol Jain +Date: Fri, 13 Aug 2021 13:51:58 +0530 +Subject: powerpc/perf/hv-gpci: Fix counter value parsing + +From: Kajol Jain + +commit f9addd85fbfacf0d155e83dbee8696d6df5ed0c7 upstream. + +H_GetPerformanceCounterInfo (0xF080) hcall returns the counter data in +the result buffer. Result buffer has specific format defined in the PAPR +specification. One of the fields is counter offset and width of the +counter data returned. + +Counter data are returned in a unsigned char array in big endian byte +order. To get the final counter data, the values must be left shifted +byte at a time. But commit 220a0c609ad17 ("powerpc/perf: Add support for +the hv gpci (get performance counter info) interface") made the shifting +bitwise and also assumed little endian order. Because of that, hcall +counters values are reported incorrectly. + +In particular this can lead to counters go backwards which messes up the +counter prev vs now calculation and leads to huge counter value +reporting: + + #: perf stat -e hv_gpci/system_tlbie_count_and_time_tlbie_instructions_issued/ + -C 0 -I 1000 + time counts unit events + 1.000078854 18,446,744,073,709,535,232 hv_gpci/system_tlbie_count_and_time_tlbie_instructions_issued/ + 2.000213293 0 hv_gpci/system_tlbie_count_and_time_tlbie_instructions_issued/ + 3.000320107 0 hv_gpci/system_tlbie_count_and_time_tlbie_instructions_issued/ + 4.000428392 0 hv_gpci/system_tlbie_count_and_time_tlbie_instructions_issued/ + 5.000537864 0 hv_gpci/system_tlbie_count_and_time_tlbie_instructions_issued/ + 6.000649087 0 hv_gpci/system_tlbie_count_and_time_tlbie_instructions_issued/ + 7.000760312 0 hv_gpci/system_tlbie_count_and_time_tlbie_instructions_issued/ + 8.000865218 16,448 hv_gpci/system_tlbie_count_and_time_tlbie_instructions_issued/ + 9.000978985 18,446,744,073,709,535,232 hv_gpci/system_tlbie_count_and_time_tlbie_instructions_issued/ + 10.001088891 16,384 hv_gpci/system_tlbie_count_and_time_tlbie_instructions_issued/ + 11.001201435 0 hv_gpci/system_tlbie_count_and_time_tlbie_instructions_issued/ + 12.001307937 18,446,744,073,709,535,232 hv_gpci/system_tlbie_count_and_time_tlbie_instructions_issued/ + +Fix the shifting logic to correct match the format, ie. read bytes in +big endian order. + +Fixes: e4f226b1580b ("powerpc/perf/hv-gpci: Increase request buffer size") +Cc: stable@vger.kernel.org # v4.6+ +Reported-by: Nageswara R Sastry +Signed-off-by: Kajol Jain +Tested-by: Nageswara R Sastry +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20210813082158.429023-1-kjain@linux.ibm.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/perf/hv-gpci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/powerpc/perf/hv-gpci.c ++++ b/arch/powerpc/perf/hv-gpci.c +@@ -168,7 +168,7 @@ static unsigned long single_gpci_request + */ + count = 0; + for (i = offset; i < offset + length; i++) +- count |= arg->bytes[i] << (i - offset); ++ count |= (u64)(arg->bytes[i]) << ((length - 1 - (i - offset)) * 8); + + *value = count; + out: diff --git a/queue-4.14/rtc-tps65910-correct-driver-module-alias.patch b/queue-4.14/rtc-tps65910-correct-driver-module-alias.patch new file mode 100644 index 00000000000..d65227fc315 --- /dev/null +++ b/queue-4.14/rtc-tps65910-correct-driver-module-alias.patch @@ -0,0 +1,33 @@ +From 8d448fa0a8bb1c8d94eef7647edffe9ac81a281e Mon Sep 17 00:00:00 2001 +From: Dmitry Osipenko +Date: Sun, 8 Aug 2021 19:00:30 +0300 +Subject: rtc: tps65910: Correct driver module alias + +From: Dmitry Osipenko + +commit 8d448fa0a8bb1c8d94eef7647edffe9ac81a281e upstream. + +The TPS65910 RTC driver module doesn't auto-load because of the wrong +module alias that doesn't match the device name, fix it. + +Cc: stable@vger.kernel.org +Reported-by: Anton Bambura +Tested-by: Anton Bambura +Signed-off-by: Dmitry Osipenko +Signed-off-by: Alexandre Belloni +Link: https://lore.kernel.org/r/20210808160030.8556-1-digetx@gmail.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/rtc/rtc-tps65910.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/rtc/rtc-tps65910.c ++++ b/drivers/rtc/rtc-tps65910.c +@@ -480,6 +480,6 @@ static struct platform_driver tps65910_r + }; + + module_platform_driver(tps65910_rtc_driver); +-MODULE_ALIAS("platform:rtc-tps65910"); ++MODULE_ALIAS("platform:tps65910-rtc"); + MODULE_AUTHOR("Venu Byravarasu "); + MODULE_LICENSE("GPL"); diff --git a/queue-4.14/series b/queue-4.14/series index b40a787749e..361c14ed717 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -97,3 +97,11 @@ ima-remove-wmissing-prototypes-warning.patch backlight-pwm_bl-improve-bootloader-kernel-device-handover.patch clk-kirkwood-fix-a-clocking-boot-regression.patch fbmem-don-t-allow-too-huge-resolutions.patch +rtc-tps65910-correct-driver-module-alias.patch +blk-zoned-allow-zone-management-send-operations-without-cap_sys_admin.patch +blk-zoned-allow-blkreportzone-without-cap_sys_admin.patch +pci-msi-skip-masking-msi-x-on-xen-pv.patch +powerpc-perf-hv-gpci-fix-counter-value-parsing.patch +xen-fix-setting-of-max_pfn-in-shared_info.patch +include-linux-list.h-add-a-macro-to-test-if-entry-is-pointing-to-the-head.patch +9p-xen-fix-end-of-loop-tests-for-list_for_each_entry.patch diff --git a/queue-4.14/xen-fix-setting-of-max_pfn-in-shared_info.patch b/queue-4.14/xen-fix-setting-of-max_pfn-in-shared_info.patch new file mode 100644 index 00000000000..4eedd9e5fc5 --- /dev/null +++ b/queue-4.14/xen-fix-setting-of-max_pfn-in-shared_info.patch @@ -0,0 +1,51 @@ +From 4b511d5bfa74b1926daefd1694205c7f1bcf677f Mon Sep 17 00:00:00 2001 +From: Juergen Gross +Date: Fri, 30 Jul 2021 11:26:21 +0200 +Subject: xen: fix setting of max_pfn in shared_info + +From: Juergen Gross + +commit 4b511d5bfa74b1926daefd1694205c7f1bcf677f upstream. + +Xen PV guests are specifying the highest used PFN via the max_pfn +field in shared_info. This value is used by the Xen tools when saving +or migrating the guest. + +Unfortunately this field is misnamed, as in reality it is specifying +the number of pages (including any memory holes) of the guest, so it +is the highest used PFN + 1. Renaming isn't possible, as this is a +public Xen hypervisor interface which needs to be kept stable. + +The kernel will set the value correctly initially at boot time, but +when adding more pages (e.g. due to memory hotplug or ballooning) a +real PFN number is stored in max_pfn. This is done when expanding the +p2m array, and the PFN stored there is even possibly wrong, as it +should be the last possible PFN of the just added P2M frame, and not +one which led to the P2M expansion. + +Fix that by setting shared_info->max_pfn to the last possible PFN + 1. + +Fixes: 98dd166ea3a3c3 ("x86/xen/p2m: hint at the last populated P2M entry") +Cc: stable@vger.kernel.org +Signed-off-by: Juergen Gross +Reviewed-by: Jan Beulich +Link: https://lore.kernel.org/r/20210730092622.9973-2-jgross@suse.com +Signed-off-by: Juergen Gross +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/xen/p2m.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/x86/xen/p2m.c ++++ b/arch/x86/xen/p2m.c +@@ -613,8 +613,8 @@ int xen_alloc_p2m_entry(unsigned long pf + } + + /* Expanded the p2m? */ +- if (pfn > xen_p2m_last_pfn) { +- xen_p2m_last_pfn = pfn; ++ if (pfn >= xen_p2m_last_pfn) { ++ xen_p2m_last_pfn = ALIGN(pfn + 1, P2M_PER_PAGE); + HYPERVISOR_shared_info->arch.max_pfn = xen_p2m_last_pfn; + } +