From: Sasha Levin Date: Thu, 1 Jun 2023 14:57:57 +0000 (-0400) Subject: Drop broken kvm patches from 5.15 X-Git-Tag: v5.4.245~1^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9544594cc7172f0e8fc9200f6b1621fb10bbe60c;p=thirdparty%2Fkernel%2Fstable-queue.git Drop broken kvm patches from 5.15 --- diff --git a/queue-5.15/kvm-s390-fix-race-in-gmap_make_secure.patch b/queue-5.15/kvm-s390-fix-race-in-gmap_make_secure.patch deleted file mode 100644 index a5d9eb8d2ee..00000000000 --- a/queue-5.15/kvm-s390-fix-race-in-gmap_make_secure.patch +++ /dev/null @@ -1,94 +0,0 @@ -From f153850a9af201873191546dd40bc36088c06b66 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Fri, 28 Apr 2023 11:27:53 +0200 -Subject: KVM: s390: fix race in gmap_make_secure() - -From: Claudio Imbrenda - -[ Upstream commit c148dc8e2fa403be501612ee409db866eeed35c0 ] - -Fix a potential race in gmap_make_secure() and remove the last user of -follow_page() without FOLL_GET. - -The old code is locking something it doesn't have a reference to, and -as explained by Jason and David in this discussion: -https://lore.kernel.org/linux-mm/Y9J4P%2FRNvY1Ztn0Q@nvidia.com/ -it can lead to all kind of bad things, including the page getting -unmapped (MADV_DONTNEED), freed, reallocated as a larger folio and the -unlock_page() would target the wrong bit. -There is also another race with the FOLL_WRITE, which could race -between the follow_page() and the get_locked_pte(). - -The main point is to remove the last use of follow_page() without -FOLL_GET or FOLL_PIN, removing the races can be considered a nice -bonus. - -Link: https://lore.kernel.org/linux-mm/Y9J4P%2FRNvY1Ztn0Q@nvidia.com/ -Suggested-by: Jason Gunthorpe -Fixes: 214d9bbcd3a6 ("s390/mm: provide memory management functions for protected KVM guests") -Reviewed-by: Jason Gunthorpe -Signed-off-by: Claudio Imbrenda -Message-Id: <20230428092753.27913-2-imbrenda@linux.ibm.com> -Signed-off-by: Sasha Levin ---- - arch/s390/kernel/uv.c | 32 +++++++++++--------------------- - 1 file changed, 11 insertions(+), 21 deletions(-) - -diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c -index 7d7961c7b1281..66d1248c8c923 100644 ---- a/arch/s390/kernel/uv.c -+++ b/arch/s390/kernel/uv.c -@@ -160,21 +160,10 @@ static int expected_page_refs(struct page *page) - return res; - } - --static int make_secure_pte(pte_t *ptep, unsigned long addr, -- struct page *exp_page, struct uv_cb_header *uvcb) -+static int make_page_secure(struct page *page, struct uv_cb_header *uvcb) - { -- pte_t entry = READ_ONCE(*ptep); -- struct page *page; - int expected, rc = 0; - -- if (!pte_present(entry)) -- return -ENXIO; -- if (pte_val(entry) & _PAGE_INVALID) -- return -ENXIO; -- -- page = pte_page(entry); -- if (page != exp_page) -- return -ENXIO; - if (PageWriteback(page)) - return -EAGAIN; - expected = expected_page_refs(page); -@@ -252,17 +241,18 @@ int gmap_make_secure(struct gmap *gmap, unsigned long gaddr, void *uvcb) - goto out; - - rc = -ENXIO; -- page = follow_page(vma, uaddr, FOLL_WRITE); -- if (IS_ERR_OR_NULL(page)) -- goto out; -- -- lock_page(page); - ptep = get_locked_pte(gmap->mm, uaddr, &ptelock); -- if (should_export_before_import(uvcb, gmap->mm)) -- uv_convert_from_secure(page_to_phys(page)); -- rc = make_secure_pte(ptep, uaddr, page, uvcb); -+ if (pte_present(*ptep) && !(pte_val(*ptep) & _PAGE_INVALID) && pte_write(*ptep)) { -+ page = pte_page(*ptep); -+ rc = -EAGAIN; -+ if (trylock_page(page)) { -+ if (should_export_before_import(uvcb, gmap->mm)) -+ uv_convert_from_secure(page_to_phys(page)); -+ rc = make_page_secure(page, uvcb); -+ unlock_page(page); -+ } -+ } - pte_unmap_unlock(ptep, ptelock); -- unlock_page(page); - out: - mmap_read_unlock(gmap->mm); - --- -2.39.2 - diff --git a/queue-5.15/kvm-s390-pv-add-export-before-import.patch b/queue-5.15/kvm-s390-pv-add-export-before-import.patch deleted file mode 100644 index bf29f843077..00000000000 --- a/queue-5.15/kvm-s390-pv-add-export-before-import.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 3c20c539670f2e36a9a52b8db8aef56467e20f4b Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Tue, 28 Jun 2022 15:56:07 +0200 -Subject: KVM: s390: pv: add export before import - -From: Claudio Imbrenda - -[ Upstream commit 72b1daff2671cef2c8cccc6c4e52f8d5ce4ebe58 ] - -Due to upcoming changes, it will be possible to temporarily have -multiple protected VMs in the same address space, although only one -will be actually active. - -In that scenario, it is necessary to perform an export of every page -that is to be imported, since the hardware does not allow a page -belonging to a protected guest to be imported into a different -protected guest. - -This also applies to pages that are shared, and thus accessible by the -host. - -Signed-off-by: Claudio Imbrenda -Reviewed-by: Janosch Frank -Link: https://lore.kernel.org/r/20220628135619.32410-7-imbrenda@linux.ibm.com -Message-Id: <20220628135619.32410-7-imbrenda@linux.ibm.com> -Signed-off-by: Janosch Frank -Stable-dep-of: c148dc8e2fa4 ("KVM: s390: fix race in gmap_make_secure()") -Signed-off-by: Sasha Levin ---- - arch/s390/kernel/uv.c | 28 ++++++++++++++++++++++++++++ - 1 file changed, 28 insertions(+) - -diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c -index f95ccbd396925..7d7961c7b1281 100644 ---- a/arch/s390/kernel/uv.c -+++ b/arch/s390/kernel/uv.c -@@ -189,6 +189,32 @@ static int make_secure_pte(pte_t *ptep, unsigned long addr, - return rc; - } - -+/** -+ * should_export_before_import - Determine whether an export is needed -+ * before an import-like operation -+ * @uvcb: the Ultravisor control block of the UVC to be performed -+ * @mm: the mm of the process -+ * -+ * Returns whether an export is needed before every import-like operation. -+ * This is needed for shared pages, which don't trigger a secure storage -+ * exception when accessed from a different guest. -+ * -+ * Although considered as one, the Unpin Page UVC is not an actual import, -+ * so it is not affected. -+ * -+ * No export is needed also when there is only one protected VM, because the -+ * page cannot belong to the wrong VM in that case (there is no "other VM" -+ * it can belong to). -+ * -+ * Return: true if an export is needed before every import, otherwise false. -+ */ -+static bool should_export_before_import(struct uv_cb_header *uvcb, struct mm_struct *mm) -+{ -+ if (uvcb->cmd == UVC_CMD_UNPIN_PAGE_SHARED) -+ return false; -+ return atomic_read(&mm->context.protected_count) > 1; -+} -+ - /* - * Requests the Ultravisor to make a page accessible to a guest. - * If it's brought in the first time, it will be cleared. If -@@ -232,6 +258,8 @@ int gmap_make_secure(struct gmap *gmap, unsigned long gaddr, void *uvcb) - - lock_page(page); - ptep = get_locked_pte(gmap->mm, uaddr, &ptelock); -+ if (should_export_before_import(uvcb, gmap->mm)) -+ uv_convert_from_secure(page_to_phys(page)); - rc = make_secure_pte(ptep, uaddr, page, uvcb); - pte_unmap_unlock(ptep, ptelock); - unlock_page(page); --- -2.39.2 - diff --git a/queue-5.15/series b/queue-5.15/series index f79da4072a5..99b6bd6fb16 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -11,8 +11,6 @@ net-mlx5-devcom-serialize-devcom-registration.patch platform-x86-isst-punit-device-mapping-with-sub-numa.patch platform-x86-isst-remove-8-socket-limit.patch net-phy-mscc-enable-vsc8501-2-rgmii-rx-clock.patch -kvm-s390-pv-add-export-before-import.patch -kvm-s390-fix-race-in-gmap_make_secure.patch net-dsa-introduce-helpers-for-iterating-through-port.patch net-dsa-mt7530-rework-mt753-01-_setup.patch net-dsa-mt7530-split-off-common-parts-from-mt7531_se.patch