From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 7 Feb 2022 13:38:00 +0000 (+0100)
Subject: 5.15-stable patches
X-Git-Tag: v4.9.300~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8e4227d05d078f7163f45932cef2d4c81e1aa154;p=thirdparty%2Fkernel%2Fstable-queue.git

5.15-stable patches

added patches:
	kvm-add-guest_state_-enter-exit-_irqoff.patch
---

diff --git a/queue-5.15/kvm-add-guest_state_-enter-exit-_irqoff.patch b/queue-5.15/kvm-add-guest_state_-enter-exit-_irqoff.patch
new file mode 100644
index 00000000000..3a50c96b459
--- /dev/null
+++ b/queue-5.15/kvm-add-guest_state_-enter-exit-_irqoff.patch
@@ -0,0 +1,238 @@
+From ef9989afda73332df566852d6e9ca695c05f10ce Mon Sep 17 00:00:00 2001
+From: Mark Rutland <mark.rutland@arm.com>
+Date: Tue, 1 Feb 2022 13:29:22 +0000
+Subject: kvm: add guest_state_{enter,exit}_irqoff()
+
+From: Mark Rutland <mark.rutland@arm.com>
+
+commit ef9989afda73332df566852d6e9ca695c05f10ce upstream.
+
+When transitioning to/from guest mode, it is necessary to inform
+lockdep, tracing, and RCU in a specific order, similar to the
+requirements for transitions to/from user mode. Additionally, it is
+necessary to perform vtime accounting for a window around running the
+guest, with RCU enabled, such that timer interrupts taken from the guest
+can be accounted as guest time.
+
+Most architectures don't handle all the necessary pieces, and a have a
+number of common bugs, including unsafe usage of RCU during the window
+between guest_enter() and guest_exit().
+
+On x86, this was dealt with across commits:
+
+  87fa7f3e98a1310e ("x86/kvm: Move context tracking where it belongs")
+  0642391e2139a2c1 ("x86/kvm/vmx: Add hardirq tracing to guest enter/exit")
+  9fc975e9efd03e57 ("x86/kvm/svm: Add hardirq tracing on guest enter/exit")
+  3ebccdf373c21d86 ("x86/kvm/vmx: Move guest enter/exit into .noinstr.text")
+  135961e0a7d555fc ("x86/kvm/svm: Move guest enter/exit into .noinstr.text")
+  160457140187c5fb ("KVM: x86: Defer vtime accounting 'til after IRQ handling")
+  bc908e091b326467 ("KVM: x86: Consolidate guest enter/exit logic to common helpers")
+
+... but those fixes are specific to x86, and as the resulting logic
+(while correct) is split across generic helper functions and
+x86-specific helper functions, it is difficult to see that the
+entry/exit accounting is balanced.
+
+This patch adds generic helpers which architectures can use to handle
+guest entry/exit consistently and correctly. The guest_{enter,exit}()
+helpers are split into guest_timing_{enter,exit}() to perform vtime
+accounting, and guest_context_{enter,exit}() to perform the necessary
+context tracking and RCU management. The existing guest_{enter,exit}()
+heleprs are left as wrappers of these.
+
+Atop this, new guest_state_enter_irqoff() and guest_state_exit_irqoff()
+helpers are added to handle the ordering of lockdep, tracing, and RCU
+manageent. These are inteneded to mirror exit_to_user_mode() and
+enter_from_user_mode().
+
+Subsequent patches will migrate architectures over to the new helpers,
+following a sequence:
+
+	guest_timing_enter_irqoff();
+
+	guest_state_enter_irqoff();
+	< run the vcpu >
+	guest_state_exit_irqoff();
+
+	< take any pending IRQs >
+
+	guest_timing_exit_irqoff();
+
+This sequences handles all of the above correctly, and more clearly
+balances the entry and exit portions, making it easier to understand.
+
+The existing helpers are marked as deprecated, and will be removed once
+all architectures have been converted.
+
+There should be no functional change as a result of this patch.
+
+Signed-off-by: Mark Rutland <mark.rutland@arm.com>
+Reviewed-by: Marc Zyngier <maz@kernel.org>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Reviewed-by: Nicolas Saenz Julienne <nsaenzju@redhat.com>
+Message-Id: <20220201132926.3301912-2-mark.rutland@arm.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/kvm_host.h |  112 +++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 109 insertions(+), 3 deletions(-)
+
+--- a/include/linux/kvm_host.h
++++ b/include/linux/kvm_host.h
+@@ -15,6 +15,8 @@
+ #include <linux/minmax.h>
+ #include <linux/mm.h>
+ #include <linux/mmu_notifier.h>
++#include <linux/ftrace.h>
++#include <linux/instrumentation.h>
+ #include <linux/preempt.h>
+ #include <linux/msi.h>
+ #include <linux/slab.h>
+@@ -363,8 +365,11 @@ struct kvm_vcpu {
+ 	int last_used_slot;
+ };
+ 
+-/* must be called with irqs disabled */
+-static __always_inline void guest_enter_irqoff(void)
++/*
++ * Start accounting time towards a guest.
++ * Must be called before entering guest context.
++ */
++static __always_inline void guest_timing_enter_irqoff(void)
+ {
+ 	/*
+ 	 * This is running in ioctl context so its safe to assume that it's the
+@@ -373,7 +378,18 @@ static __always_inline void guest_enter_
+ 	instrumentation_begin();
+ 	vtime_account_guest_enter();
+ 	instrumentation_end();
++}
+ 
++/*
++ * Enter guest context and enter an RCU extended quiescent state.
++ *
++ * Between guest_context_enter_irqoff() and guest_context_exit_irqoff() it is
++ * unsafe to use any code which may directly or indirectly use RCU, tracing
++ * (including IRQ flag tracing), or lockdep. All code in this period must be
++ * non-instrumentable.
++ */
++static __always_inline void guest_context_enter_irqoff(void)
++{
+ 	/*
+ 	 * KVM does not hold any references to rcu protected data when it
+ 	 * switches CPU into a guest mode. In fact switching to a guest mode
+@@ -389,16 +405,79 @@ static __always_inline void guest_enter_
+ 	}
+ }
+ 
+-static __always_inline void guest_exit_irqoff(void)
++/*
++ * Deprecated. Architectures should move to guest_timing_enter_irqoff() and
++ * guest_state_enter_irqoff().
++ */
++static __always_inline void guest_enter_irqoff(void)
++{
++	guest_timing_enter_irqoff();
++	guest_context_enter_irqoff();
++}
++
++/**
++ * guest_state_enter_irqoff - Fixup state when entering a guest
++ *
++ * Entry to a guest will enable interrupts, but the kernel state is interrupts
++ * disabled when this is invoked. Also tell RCU about it.
++ *
++ * 1) Trace interrupts on state
++ * 2) Invoke context tracking if enabled to adjust RCU state
++ * 3) Tell lockdep that interrupts are enabled
++ *
++ * Invoked from architecture specific code before entering a guest.
++ * Must be called with interrupts disabled and the caller must be
++ * non-instrumentable.
++ * The caller has to invoke guest_timing_enter_irqoff() before this.
++ *
++ * Note: this is analogous to exit_to_user_mode().
++ */
++static __always_inline void guest_state_enter_irqoff(void)
++{
++	instrumentation_begin();
++	trace_hardirqs_on_prepare();
++	lockdep_hardirqs_on_prepare(CALLER_ADDR0);
++	instrumentation_end();
++
++	guest_context_enter_irqoff();
++	lockdep_hardirqs_on(CALLER_ADDR0);
++}
++
++/*
++ * Exit guest context and exit an RCU extended quiescent state.
++ *
++ * Between guest_context_enter_irqoff() and guest_context_exit_irqoff() it is
++ * unsafe to use any code which may directly or indirectly use RCU, tracing
++ * (including IRQ flag tracing), or lockdep. All code in this period must be
++ * non-instrumentable.
++ */
++static __always_inline void guest_context_exit_irqoff(void)
+ {
+ 	context_tracking_guest_exit();
++}
+ 
++/*
++ * Stop accounting time towards a guest.
++ * Must be called after exiting guest context.
++ */
++static __always_inline void guest_timing_exit_irqoff(void)
++{
+ 	instrumentation_begin();
+ 	/* Flush the guest cputime we spent on the guest */
+ 	vtime_account_guest_exit();
+ 	instrumentation_end();
+ }
+ 
++/*
++ * Deprecated. Architectures should move to guest_state_exit_irqoff() and
++ * guest_timing_exit_irqoff().
++ */
++static __always_inline void guest_exit_irqoff(void)
++{
++	guest_context_exit_irqoff();
++	guest_timing_exit_irqoff();
++}
++
+ static inline void guest_exit(void)
+ {
+ 	unsigned long flags;
+@@ -408,6 +487,33 @@ static inline void guest_exit(void)
+ 	local_irq_restore(flags);
+ }
+ 
++/**
++ * guest_state_exit_irqoff - Establish state when returning from guest mode
++ *
++ * Entry from a guest disables interrupts, but guest mode is traced as
++ * interrupts enabled. Also with NO_HZ_FULL RCU might be idle.
++ *
++ * 1) Tell lockdep that interrupts are disabled
++ * 2) Invoke context tracking if enabled to reactivate RCU
++ * 3) Trace interrupts off state
++ *
++ * Invoked from architecture specific code after exiting a guest.
++ * Must be invoked with interrupts disabled and the caller must be
++ * non-instrumentable.
++ * The caller has to invoke guest_timing_exit_irqoff() after this.
++ *
++ * Note: this is analogous to enter_from_user_mode().
++ */
++static __always_inline void guest_state_exit_irqoff(void)
++{
++	lockdep_hardirqs_off(CALLER_ADDR0);
++	guest_context_exit_irqoff();
++
++	instrumentation_begin();
++	trace_hardirqs_off_finish();
++	instrumentation_end();
++}
++
+ static inline int kvm_vcpu_exiting_guest_mode(struct kvm_vcpu *vcpu)
+ {
+ 	/*
diff --git a/queue-5.15/series b/queue-5.15/series
index 4c69c3fcff7..b95fcd61fb3 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -89,6 +89,7 @@ selftests-futex-use-variable-make-instead-of-make.patch
 tools-resolve_btfids-do-not-print-any-commands-when-building-silently.patch
 e1000e-separate-adp-board-type-from-tgp.patch
 rtc-cmos-evaluate-century-appropriate.patch
+kvm-add-guest_state_-enter-exit-_irqoff.patch
 kvm-arm64-rework-guest-entry-logic.patch
 perf-copy-perf_event_attr-sig_data-on-modification.patch
 perf-stat-fix-display-of-grouped-aliased-events.patch