From: Greg Kroah-Hartman Date: Fri, 11 May 2018 07:00:22 +0000 (+0200) Subject: 4.9-stable patches X-Git-Tag: v3.18.109~32 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=855d6e0c3b586e831298ed9ab7b68217a9895849;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: kvm-ppc-book3s-hv-fix-trap-number-return-from-__kvmppc_vcore_entry.patch --- diff --git a/queue-4.9/kvm-ppc-book3s-hv-fix-trap-number-return-from-__kvmppc_vcore_entry.patch b/queue-4.9/kvm-ppc-book3s-hv-fix-trap-number-return-from-__kvmppc_vcore_entry.patch new file mode 100644 index 00000000000..9e7cff6360b --- /dev/null +++ b/queue-4.9/kvm-ppc-book3s-hv-fix-trap-number-return-from-__kvmppc_vcore_entry.patch @@ -0,0 +1,99 @@ +From a8b48a4dccea77e29462e59f1dbf0d5aa1ff167c Mon Sep 17 00:00:00 2001 +From: Paul Mackerras +Date: Wed, 7 Mar 2018 22:17:20 +1100 +Subject: KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry + +From: Paul Mackerras + +commit a8b48a4dccea77e29462e59f1dbf0d5aa1ff167c upstream. + +This fixes a bug where the trap number that is returned by +__kvmppc_vcore_entry gets corrupted. The effect of the corruption +is that IPIs get ignored on POWER9 systems when the IPI is sent via +a doorbell interrupt to a CPU which is executing in a KVM guest. +The effect of the IPI being ignored is often that another CPU locks +up inside smp_call_function_many() (and if that CPU is holding a +spinlock, other CPUs then lock up inside raw_spin_lock()). + +The trap number is currently held in register r12 for most of the +assembly-language part of the guest exit path. In that path, we +call kvmppc_subcore_exit_guest(), which is a C function, without +restoring r12 afterwards. Depending on the kernel config and the +compiler, it may modify r12 or it may not, so some config/compiler +combinations see the bug and others don't. + +To fix this, we arrange for the trap number to be stored on the +stack from the 'guest_bypass:' label until the end of the function, +then the trap number is loaded and returned in r12 as before. + +Cc: stable@vger.kernel.org # v4.8+ +Fixes: fd7bacbca47a ("KVM: PPC: Book3S HV: Fix TB corruption in guest exit path on HMI interrupt") +Signed-off-by: Paul Mackerras +Signed-off-by: Greg Kroah-Hartman + + +--- + arch/powerpc/kvm/book3s_hv_rmhandlers.S | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S ++++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S +@@ -299,7 +299,6 @@ kvm_novcpu_exit: + stw r12, STACK_SLOT_TRAP(r1) + bl kvmhv_commence_exit + nop +- lwz r12, STACK_SLOT_TRAP(r1) + b kvmhv_switch_to_host + + /* +@@ -1023,6 +1022,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR) + + secondary_too_late: + li r12, 0 ++ stw r12, STACK_SLOT_TRAP(r1) + cmpdi r4, 0 + beq 11f + stw r12, VCPU_TRAP(r4) +@@ -1266,12 +1266,12 @@ mc_cont: + bl kvmhv_accumulate_time + #endif + ++ stw r12, STACK_SLOT_TRAP(r1) + mr r3, r12 + /* Increment exit count, poke other threads to exit */ + bl kvmhv_commence_exit + nop + ld r9, HSTATE_KVM_VCPU(r13) +- lwz r12, VCPU_TRAP(r9) + + /* Stop others sending VCPU interrupts to this physical CPU */ + li r0, -1 +@@ -1549,6 +1549,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S) + * POWER7/POWER8 guest -> host partition switch code. + * We don't have to lock against tlbies but we do + * have to coordinate the hardware threads. ++ * Here STACK_SLOT_TRAP(r1) contains the trap number. + */ + kvmhv_switch_to_host: + /* Secondary threads wait for primary to do partition switch */ +@@ -1599,11 +1600,11 @@ BEGIN_FTR_SECTION + END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S) + + /* If HMI, call kvmppc_realmode_hmi_handler() */ ++ lwz r12, STACK_SLOT_TRAP(r1) + cmpwi r12, BOOK3S_INTERRUPT_HMI + bne 27f + bl kvmppc_realmode_hmi_handler + nop +- li r12, BOOK3S_INTERRUPT_HMI + /* + * At this point kvmppc_realmode_hmi_handler would have resync-ed + * the TB. Hence it is not required to subtract guest timebase +@@ -1678,6 +1679,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S) + li r0, KVM_GUEST_MODE_NONE + stb r0, HSTATE_IN_GUEST(r13) + ++ lwz r12, STACK_SLOT_TRAP(r1) /* return trap # in r12 */ + ld r0, SFS+PPC_LR_STKOFF(r1) + addi r1, r1, SFS + mtlr r0 diff --git a/queue-4.9/series b/queue-4.9/series index 07a3ebe8819..8f5b07372c9 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -11,3 +11,4 @@ soreuseport-initialise-timewait-reuseport-field.patch perf-remove-superfluous-allocation-error-check.patch tcp-fix-tcp_repair_queue-bound-checking.patch bdi-fix-oops-in-wb_workfn.patch +kvm-ppc-book3s-hv-fix-trap-number-return-from-__kvmppc_vcore_entry.patch