From: Greg Kroah-Hartman Date: Fri, 17 Dec 2021 12:22:14 +0000 (+0100) Subject: Revert "Revert "Fixes for 5.15"" X-Git-Tag: v4.4.296~74 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=92c4ca60575ab248fcb02e4af9c492b254f9e827;p=thirdparty%2Fkernel%2Fstable-queue.git Revert "Revert "Fixes for 5.15"" This reverts commit 846dfa766d556267a6889d8e76e37a6b6dd71887. --- diff --git a/queue-5.15/kvm-downgrade-two-bug_ons-to-warn_on_once.patch b/queue-5.15/kvm-downgrade-two-bug_ons-to-warn_on_once.patch new file mode 100644 index 00000000000..4cdc87f6f30 --- /dev/null +++ b/queue-5.15/kvm-downgrade-two-bug_ons-to-warn_on_once.patch @@ -0,0 +1,46 @@ +From 8130808741d5a7f05a29de484da8e93b280bc60b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 22 Nov 2021 18:24:01 -0500 +Subject: KVM: downgrade two BUG_ONs to WARN_ON_ONCE + +From: Paolo Bonzini + +[ Upstream commit 5f25e71e311478f9bb0a8ef49e7d8b95316491d7 ] + +This is not an unrecoverable situation. Users of kvm_read_guest_offset_cached +and kvm_write_guest_offset_cached must expect the read/write to fail, and +therefore it is possible to just return early with an error value. + +Signed-off-by: Paolo Bonzini +Signed-off-by: Sasha Levin +--- + virt/kvm/kvm_main.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c +index ce1847bc898b2..c6bfd4e15d28a 100644 +--- a/virt/kvm/kvm_main.c ++++ b/virt/kvm/kvm_main.c +@@ -3001,7 +3001,8 @@ int kvm_write_guest_offset_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc, + int r; + gpa_t gpa = ghc->gpa + offset; + +- BUG_ON(len + offset > ghc->len); ++ if (WARN_ON_ONCE(len + offset > ghc->len)) ++ return -EINVAL; + + if (slots->generation != ghc->generation) { + if (__kvm_gfn_to_hva_cache_init(slots, ghc, ghc->gpa, ghc->len)) +@@ -3038,7 +3039,8 @@ int kvm_read_guest_offset_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc, + int r; + gpa_t gpa = ghc->gpa + offset; + +- BUG_ON(len + offset > ghc->len); ++ if (WARN_ON_ONCE(len + offset > ghc->len)) ++ return -EINVAL; + + if (slots->generation != ghc->generation) { + if (__kvm_gfn_to_hva_cache_init(slots, ghc, ghc->gpa, ghc->len)) +-- +2.33.0 + diff --git a/queue-5.15/kvm-selftests-make-sure-kvm_create_max_vcpus-test-wo.patch b/queue-5.15/kvm-selftests-make-sure-kvm_create_max_vcpus-test-wo.patch new file mode 100644 index 00000000000..29bbeaddcee --- /dev/null +++ b/queue-5.15/kvm-selftests-make-sure-kvm_create_max_vcpus-test-wo.patch @@ -0,0 +1,90 @@ +From 54a4589964241e2679f20a61c6434711c1752cc0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Nov 2021 14:59:53 +0100 +Subject: KVM: selftests: Make sure kvm_create_max_vcpus test won't hit + RLIMIT_NOFILE + +From: Vitaly Kuznetsov + +[ Upstream commit 908fa88e420f30dde6d80f092795a18ec72ca6d3 ] + +With the elevated 'KVM_CAP_MAX_VCPUS' value kvm_create_max_vcpus test +may hit RLIMIT_NOFILE limits: + + # ./kvm_create_max_vcpus + KVM_CAP_MAX_VCPU_ID: 4096 + KVM_CAP_MAX_VCPUS: 1024 + Testing creating 1024 vCPUs, with IDs 0...1023. + /dev/kvm not available (errno: 24), skipping test + +Adjust RLIMIT_NOFILE limits to make sure KVM_CAP_MAX_VCPUS fds can be +opened. Note, raising hard limit ('rlim_max') requires CAP_SYS_RESOURCE +capability which is generally not needed to run kvm selftests (but without +raising the limit the test is doomed to fail anyway). + +Signed-off-by: Vitaly Kuznetsov +Message-Id: <20211123135953.667434-1-vkuznets@redhat.com> +[Skip the test if the hard limit can be raised. - Paolo] +Reviewed-by: Sean Christopherson +Tested-by: Sean Christopherson +Signed-off-by: Paolo Bonzini +Signed-off-by: Sasha Levin +--- + .../selftests/kvm/kvm_create_max_vcpus.c | 30 +++++++++++++++++++ + 1 file changed, 30 insertions(+) + +diff --git a/tools/testing/selftests/kvm/kvm_create_max_vcpus.c b/tools/testing/selftests/kvm/kvm_create_max_vcpus.c +index 0299cd81b8ba2..aa3795cd7bd3d 100644 +--- a/tools/testing/selftests/kvm/kvm_create_max_vcpus.c ++++ b/tools/testing/selftests/kvm/kvm_create_max_vcpus.c +@@ -12,6 +12,7 @@ + #include + #include + #include ++#include + + #include "test_util.h" + +@@ -40,10 +41,39 @@ int main(int argc, char *argv[]) + { + int kvm_max_vcpu_id = kvm_check_cap(KVM_CAP_MAX_VCPU_ID); + int kvm_max_vcpus = kvm_check_cap(KVM_CAP_MAX_VCPUS); ++ /* ++ * Number of file descriptors reqired, KVM_CAP_MAX_VCPUS for vCPU fds + ++ * an arbitrary number for everything else. ++ */ ++ int nr_fds_wanted = kvm_max_vcpus + 100; ++ struct rlimit rl; + + pr_info("KVM_CAP_MAX_VCPU_ID: %d\n", kvm_max_vcpu_id); + pr_info("KVM_CAP_MAX_VCPUS: %d\n", kvm_max_vcpus); + ++ /* ++ * Check that we're allowed to open nr_fds_wanted file descriptors and ++ * try raising the limits if needed. ++ */ ++ TEST_ASSERT(!getrlimit(RLIMIT_NOFILE, &rl), "getrlimit() failed!"); ++ ++ if (rl.rlim_cur < nr_fds_wanted) { ++ rl.rlim_cur = nr_fds_wanted; ++ if (rl.rlim_max < nr_fds_wanted) { ++ int old_rlim_max = rl.rlim_max; ++ rl.rlim_max = nr_fds_wanted; ++ ++ int r = setrlimit(RLIMIT_NOFILE, &rl); ++ if (r < 0) { ++ printf("RLIMIT_NOFILE hard limit is too low (%d, wanted %d)\n", ++ old_rlim_max, nr_fds_wanted); ++ exit(KSFT_SKIP); ++ } ++ } else { ++ TEST_ASSERT(!setrlimit(RLIMIT_NOFILE, &rl), "setrlimit() failed!"); ++ } ++ } ++ + /* + * Upstream KVM prior to 4.8 does not support KVM_CAP_MAX_VCPU_ID. + * Userspace is supposed to use KVM_CAP_MAX_VCPUS as the maximum ID +-- +2.33.0 + diff --git a/queue-5.15/kvm-vmx-clear-vmx_x86_ops.sync_pir_to_irr-if-apicv-i.patch b/queue-5.15/kvm-vmx-clear-vmx_x86_ops.sync_pir_to_irr-if-apicv-i.patch new file mode 100644 index 00000000000..579a8798487 --- /dev/null +++ b/queue-5.15/kvm-vmx-clear-vmx_x86_ops.sync_pir_to_irr-if-apicv-i.patch @@ -0,0 +1,38 @@ +From aff57bd1c1bda4b2f0b4c5d92854f837fec88a0e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 30 Nov 2021 07:36:41 -0500 +Subject: KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled + +From: Paolo Bonzini + +[ Upstream commit e90e51d5f01d2baae5dcce280866bbb96816e978 ] + +There is nothing to synchronize if APICv is disabled, since neither +other vCPUs nor assigned devices can set PIR.ON. + +Signed-off-by: Paolo Bonzini +Signed-off-by: Sasha Levin +--- + arch/x86/kvm/vmx/vmx.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c +index dacdf2395f01a..4e212f04268bb 100644 +--- a/arch/x86/kvm/vmx/vmx.c ++++ b/arch/x86/kvm/vmx/vmx.c +@@ -7776,10 +7776,10 @@ static __init int hardware_setup(void) + ple_window_shrink = 0; + } + +- if (!cpu_has_vmx_apicv()) { ++ if (!cpu_has_vmx_apicv()) + enable_apicv = 0; ++ if (!enable_apicv) + vmx_x86_ops.sync_pir_to_irr = NULL; +- } + + if (cpu_has_vmx_tsc_scaling()) { + kvm_has_tsc_control = true; +-- +2.33.0 + diff --git a/queue-5.15/kvm-x86-fix-tlb-flush-for-tdp-in-kvm_invalidate_pcid.patch b/queue-5.15/kvm-x86-fix-tlb-flush-for-tdp-in-kvm_invalidate_pcid.patch new file mode 100644 index 00000000000..6f79c1a12de --- /dev/null +++ b/queue-5.15/kvm-x86-fix-tlb-flush-for-tdp-in-kvm_invalidate_pcid.patch @@ -0,0 +1,51 @@ +From 8cb8f818be6f46e87ff6397ea429852357f8048c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 19 Oct 2021 19:01:51 +0800 +Subject: KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() + +From: Lai Jiangshan + +[ Upstream commit e45e9e3998f0001079b09555db5bb3b4257f6746 ] + +The KVM doesn't know whether any TLB for a specific pcid is cached in +the CPU when tdp is enabled. So it is better to flush all the guest +TLB when invalidating any single PCID context. + +The case is very rare or even impossible since KVM generally doesn't +intercept CR3 write or INVPCID instructions when tdp is enabled, so the +fix is mostly for the sake of overall robustness. + +Signed-off-by: Lai Jiangshan +Message-Id: <20211019110154.4091-2-jiangshanlai@gmail.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Sasha Levin +--- + arch/x86/kvm/x86.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index eff065ce6f8e8..3c9e2d236830c 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -1091,6 +1091,18 @@ static void kvm_invalidate_pcid(struct kvm_vcpu *vcpu, unsigned long pcid) + unsigned long roots_to_free = 0; + int i; + ++ /* ++ * MOV CR3 and INVPCID are usually not intercepted when using TDP, but ++ * this is reachable when running EPT=1 and unrestricted_guest=0, and ++ * also via the emulator. KVM's TDP page tables are not in the scope of ++ * the invalidation, but the guest's TLB entries need to be flushed as ++ * the CPU may have cached entries in its TLB for the target PCID. ++ */ ++ if (unlikely(tdp_enabled)) { ++ kvm_make_request(KVM_REQ_TLB_FLUSH_GUEST, vcpu); ++ return; ++ } ++ + /* + * If neither the current CR3 nor any of the prev_roots use the given + * PCID, then nothing needs to be done here because a resync will +-- +2.33.0 + diff --git a/queue-5.15/series b/queue-5.15/series index 11ee256938e..cbf80dec47a 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -1 +1,6 @@ reset-tegra-bpmp-revert-handle-errors-in-bpmp-response.patch +kvm-vmx-clear-vmx_x86_ops.sync_pir_to_irr-if-apicv-i.patch +kvm-selftests-make-sure-kvm_create_max_vcpus-test-wo.patch +kvm-downgrade-two-bug_ons-to-warn_on_once.patch +x86-kvm-remove-unused-ack_notifier-callbacks.patch +kvm-x86-fix-tlb-flush-for-tdp-in-kvm_invalidate_pcid.patch diff --git a/queue-5.15/x86-kvm-remove-unused-ack_notifier-callbacks.patch b/queue-5.15/x86-kvm-remove-unused-ack_notifier-callbacks.patch new file mode 100644 index 00000000000..328c9b951e3 --- /dev/null +++ b/queue-5.15/x86-kvm-remove-unused-ack_notifier-callbacks.patch @@ -0,0 +1,49 @@ +From 172edff19a8068fabe1d77c908708244cc45e981 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 17 Nov 2021 08:16:17 +0100 +Subject: x86/kvm: remove unused ack_notifier callbacks + +From: Juergen Gross + +[ Upstream commit 9dba4d24cbb5524dd39ab1e08886373b17f07ff2 ] + +Commit f52447261bc8c2 ("KVM: irq ack notification") introduced an +ack_notifier() callback in struct kvm_pic and in struct kvm_ioapic +without using them anywhere. Remove those callbacks again. + +Signed-off-by: Juergen Gross +Message-Id: <20211117071617.19504-1-jgross@suse.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Sasha Levin +--- + arch/x86/kvm/ioapic.h | 1 - + arch/x86/kvm/irq.h | 1 - + 2 files changed, 2 deletions(-) + +diff --git a/arch/x86/kvm/ioapic.h b/arch/x86/kvm/ioapic.h +index 27e61ff3ac3e8..f1b2b2a6ff4db 100644 +--- a/arch/x86/kvm/ioapic.h ++++ b/arch/x86/kvm/ioapic.h +@@ -81,7 +81,6 @@ struct kvm_ioapic { + unsigned long irq_states[IOAPIC_NUM_PINS]; + struct kvm_io_device dev; + struct kvm *kvm; +- void (*ack_notifier)(void *opaque, int irq); + spinlock_t lock; + struct rtc_status rtc_status; + struct delayed_work eoi_inject; +diff --git a/arch/x86/kvm/irq.h b/arch/x86/kvm/irq.h +index 650642b18d151..c2d7cfe82d004 100644 +--- a/arch/x86/kvm/irq.h ++++ b/arch/x86/kvm/irq.h +@@ -56,7 +56,6 @@ struct kvm_pic { + struct kvm_io_device dev_master; + struct kvm_io_device dev_slave; + struct kvm_io_device dev_elcr; +- void (*ack_notifier)(void *opaque, int irq); + unsigned long irq_states[PIC_NUM_PINS]; + }; + +-- +2.33.0 +