From: Sasha Levin Date: Mon, 15 May 2023 01:36:00 +0000 (-0400) Subject: Drop more broken 5.15 patches X-Git-Tag: v4.14.315~60 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e0c5035057502c2bce89f7d6fe0d35deef2d0a17;p=thirdparty%2Fkernel%2Fstable-queue.git Drop more broken 5.15 patches --- diff --git a/queue-5.15/kvm-s390-fix-race-in-gmap_make_secure.patch b/queue-5.15/kvm-s390-fix-race-in-gmap_make_secure.patch deleted file mode 100644 index fa2bf1d96ff..00000000000 --- a/queue-5.15/kvm-s390-fix-race-in-gmap_make_secure.patch +++ /dev/null @@ -1,94 +0,0 @@ -From c81dd0c57eac8918bc162b79a18f49308e91f362 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Fri, 28 Apr 2023 11:27:53 +0200 -Subject: KVM: s390: fix race in gmap_make_secure() - -From: Claudio Imbrenda - -[ Upstream commit c148dc8e2fa403be501612ee409db866eeed35c0 ] - -Fix a potential race in gmap_make_secure() and remove the last user of -follow_page() without FOLL_GET. - -The old code is locking something it doesn't have a reference to, and -as explained by Jason and David in this discussion: -https://lore.kernel.org/linux-mm/Y9J4P%2FRNvY1Ztn0Q@nvidia.com/ -it can lead to all kind of bad things, including the page getting -unmapped (MADV_DONTNEED), freed, reallocated as a larger folio and the -unlock_page() would target the wrong bit. -There is also another race with the FOLL_WRITE, which could race -between the follow_page() and the get_locked_pte(). - -The main point is to remove the last use of follow_page() without -FOLL_GET or FOLL_PIN, removing the races can be considered a nice -bonus. - -Link: https://lore.kernel.org/linux-mm/Y9J4P%2FRNvY1Ztn0Q@nvidia.com/ -Suggested-by: Jason Gunthorpe -Fixes: 214d9bbcd3a6 ("s390/mm: provide memory management functions for protected KVM guests") -Reviewed-by: Jason Gunthorpe -Signed-off-by: Claudio Imbrenda -Message-Id: <20230428092753.27913-2-imbrenda@linux.ibm.com> -Signed-off-by: Sasha Levin ---- - arch/s390/kernel/uv.c | 32 +++++++++++--------------------- - 1 file changed, 11 insertions(+), 21 deletions(-) - -diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c -index afb9bbfc475b9..1d49744614326 100644 ---- a/arch/s390/kernel/uv.c -+++ b/arch/s390/kernel/uv.c -@@ -160,21 +160,10 @@ static int expected_page_refs(struct page *page) - return res; - } - --static int make_secure_pte(pte_t *ptep, unsigned long addr, -- struct page *exp_page, struct uv_cb_header *uvcb) -+static int make_page_secure(struct page *page, struct uv_cb_header *uvcb) - { -- pte_t entry = READ_ONCE(*ptep); -- struct page *page; - int expected, cc = 0; - -- if (!pte_present(entry)) -- return -ENXIO; -- if (pte_val(entry) & _PAGE_INVALID) -- return -ENXIO; -- -- page = pte_page(entry); -- if (page != exp_page) -- return -ENXIO; - if (PageWriteback(page)) - return -EAGAIN; - expected = expected_page_refs(page); -@@ -265,17 +254,18 @@ int gmap_make_secure(struct gmap *gmap, unsigned long gaddr, void *uvcb) - goto out; - - rc = -ENXIO; -- page = follow_page(vma, uaddr, FOLL_WRITE); -- if (IS_ERR_OR_NULL(page)) -- goto out; -- -- lock_page(page); - ptep = get_locked_pte(gmap->mm, uaddr, &ptelock); -- if (should_export_before_import(uvcb, gmap->mm)) -- uv_convert_from_secure(page_to_phys(page)); -- rc = make_secure_pte(ptep, uaddr, page, uvcb); -+ if (pte_present(*ptep) && !(pte_val(*ptep) & _PAGE_INVALID) && pte_write(*ptep)) { -+ page = pte_page(*ptep); -+ rc = -EAGAIN; -+ if (trylock_page(page)) { -+ if (should_export_before_import(uvcb, gmap->mm)) -+ uv_convert_from_secure(page_to_phys(page)); -+ rc = make_page_secure(page, uvcb); -+ unlock_page(page); -+ } -+ } - pte_unmap_unlock(ptep, ptelock); -- unlock_page(page); - out: - mmap_read_unlock(gmap->mm); - --- -2.39.2 - diff --git a/queue-5.15/kvm-s390-pv-add-export-before-import.patch b/queue-5.15/kvm-s390-pv-add-export-before-import.patch deleted file mode 100644 index 8f07a61d2bf..00000000000 --- a/queue-5.15/kvm-s390-pv-add-export-before-import.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 048e2024597b7061e660aab60619d149d453166b Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Tue, 28 Jun 2022 15:56:07 +0200 -Subject: KVM: s390: pv: add export before import - -From: Claudio Imbrenda - -[ Upstream commit 72b1daff2671cef2c8cccc6c4e52f8d5ce4ebe58 ] - -Due to upcoming changes, it will be possible to temporarily have -multiple protected VMs in the same address space, although only one -will be actually active. - -In that scenario, it is necessary to perform an export of every page -that is to be imported, since the hardware does not allow a page -belonging to a protected guest to be imported into a different -protected guest. - -This also applies to pages that are shared, and thus accessible by the -host. - -Signed-off-by: Claudio Imbrenda -Reviewed-by: Janosch Frank -Link: https://lore.kernel.org/r/20220628135619.32410-7-imbrenda@linux.ibm.com -Message-Id: <20220628135619.32410-7-imbrenda@linux.ibm.com> -Signed-off-by: Janosch Frank -Stable-dep-of: c148dc8e2fa4 ("KVM: s390: fix race in gmap_make_secure()") -Signed-off-by: Sasha Levin ---- - arch/s390/kernel/uv.c | 28 ++++++++++++++++++++++++++++ - 1 file changed, 28 insertions(+) - -diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c -index 09b80d371409b..afb9bbfc475b9 100644 ---- a/arch/s390/kernel/uv.c -+++ b/arch/s390/kernel/uv.c -@@ -202,6 +202,32 @@ static int make_secure_pte(pte_t *ptep, unsigned long addr, - return uvcb->rc == 0x10a ? -ENXIO : -EINVAL; - } - -+/** -+ * should_export_before_import - Determine whether an export is needed -+ * before an import-like operation -+ * @uvcb: the Ultravisor control block of the UVC to be performed -+ * @mm: the mm of the process -+ * -+ * Returns whether an export is needed before every import-like operation. -+ * This is needed for shared pages, which don't trigger a secure storage -+ * exception when accessed from a different guest. -+ * -+ * Although considered as one, the Unpin Page UVC is not an actual import, -+ * so it is not affected. -+ * -+ * No export is needed also when there is only one protected VM, because the -+ * page cannot belong to the wrong VM in that case (there is no "other VM" -+ * it can belong to). -+ * -+ * Return: true if an export is needed before every import, otherwise false. -+ */ -+static bool should_export_before_import(struct uv_cb_header *uvcb, struct mm_struct *mm) -+{ -+ if (uvcb->cmd == UVC_CMD_UNPIN_PAGE_SHARED) -+ return false; -+ return atomic_read(&mm->context.protected_count) > 1; -+} -+ - /* - * Requests the Ultravisor to make a page accessible to a guest. - * If it's brought in the first time, it will be cleared. If -@@ -245,6 +271,8 @@ int gmap_make_secure(struct gmap *gmap, unsigned long gaddr, void *uvcb) - - lock_page(page); - ptep = get_locked_pte(gmap->mm, uaddr, &ptelock); -+ if (should_export_before_import(uvcb, gmap->mm)) -+ uv_convert_from_secure(page_to_phys(page)); - rc = make_secure_pte(ptep, uaddr, page, uvcb); - pte_unmap_unlock(ptep, ptelock); - unlock_page(page); --- -2.39.2 - diff --git a/queue-5.15/kvm-s390-pv-avoid-stalls-when-making-pages-secure.patch b/queue-5.15/kvm-s390-pv-avoid-stalls-when-making-pages-secure.patch deleted file mode 100644 index da6b9c2c09a..00000000000 --- a/queue-5.15/kvm-s390-pv-avoid-stalls-when-making-pages-secure.patch +++ /dev/null @@ -1,110 +0,0 @@ -From cc906bbbb096c62a9801917856b3691fe89fba35 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Mon, 20 Sep 2021 15:24:52 +0200 -Subject: KVM: s390: pv: avoid stalls when making pages secure - -From: Claudio Imbrenda - -[ Upstream commit f0a1a0615a6ff6d38af2c65a522698fb4bb85df6 ] - -Improve make_secure_pte to avoid stalls when the system is heavily -overcommitted. This was especially problematic in kvm_s390_pv_unpack, -because of the loop over all pages that needed unpacking. - -Due to the locks being held, it was not possible to simply replace -uv_call with uv_call_sched. A more complex approach was -needed, in which uv_call is replaced with __uv_call, which does not -loop. When the UVC needs to be executed again, -EAGAIN is returned, and -the caller (or its caller) will try again. - -When -EAGAIN is returned, the path is the same as when the page is in -writeback (and the writeback check is also performed, which is -harmless). - -Fixes: 214d9bbcd3a672 ("s390/mm: provide memory management functions for protected KVM guests") -Signed-off-by: Claudio Imbrenda -Reviewed-by: Janosch Frank -Reviewed-by: Christian Borntraeger -Link: https://lore.kernel.org/r/20210920132502.36111-5-imbrenda@linux.ibm.com -Signed-off-by: Christian Borntraeger -Stable-dep-of: c148dc8e2fa4 ("KVM: s390: fix race in gmap_make_secure()") -Signed-off-by: Sasha Levin ---- - arch/s390/kernel/uv.c | 29 +++++++++++++++++++++++------ - arch/s390/kvm/intercept.c | 5 +++++ - 2 files changed, 28 insertions(+), 6 deletions(-) - -diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c -index f95ccbd396925..09b80d371409b 100644 ---- a/arch/s390/kernel/uv.c -+++ b/arch/s390/kernel/uv.c -@@ -165,7 +165,7 @@ static int make_secure_pte(pte_t *ptep, unsigned long addr, - { - pte_t entry = READ_ONCE(*ptep); - struct page *page; -- int expected, rc = 0; -+ int expected, cc = 0; - - if (!pte_present(entry)) - return -ENXIO; -@@ -181,12 +181,25 @@ static int make_secure_pte(pte_t *ptep, unsigned long addr, - if (!page_ref_freeze(page, expected)) - return -EBUSY; - set_bit(PG_arch_1, &page->flags); -- rc = uv_call(0, (u64)uvcb); -+ /* -+ * If the UVC does not succeed or fail immediately, we don't want to -+ * loop for long, or we might get stall notifications. -+ * On the other hand, this is a complex scenario and we are holding a lot of -+ * locks, so we can't easily sleep and reschedule. We try only once, -+ * and if the UVC returned busy or partial completion, we return -+ * -EAGAIN and we let the callers deal with it. -+ */ -+ cc = __uv_call(0, (u64)uvcb); - page_ref_unfreeze(page, expected); -- /* Return -ENXIO if the page was not mapped, -EINVAL otherwise */ -- if (rc) -- rc = uvcb->rc == 0x10a ? -ENXIO : -EINVAL; -- return rc; -+ /* -+ * Return -ENXIO if the page was not mapped, -EINVAL for other errors. -+ * If busy or partially completed, return -EAGAIN. -+ */ -+ if (cc == UVC_CC_OK) -+ return 0; -+ else if (cc == UVC_CC_BUSY || cc == UVC_CC_PARTIAL) -+ return -EAGAIN; -+ return uvcb->rc == 0x10a ? -ENXIO : -EINVAL; - } - - /* -@@ -239,6 +252,10 @@ int gmap_make_secure(struct gmap *gmap, unsigned long gaddr, void *uvcb) - mmap_read_unlock(gmap->mm); - - if (rc == -EAGAIN) { -+ /* -+ * If we are here because the UVC returned busy or partial -+ * completion, this is just a useless check, but it is safe. -+ */ - wait_on_page_writeback(page); - } else if (rc == -EBUSY) { - /* -diff --git a/arch/s390/kvm/intercept.c b/arch/s390/kvm/intercept.c -index aeb0e0865e890..0eacd29033173 100644 ---- a/arch/s390/kvm/intercept.c -+++ b/arch/s390/kvm/intercept.c -@@ -534,6 +534,11 @@ static int handle_pv_uvc(struct kvm_vcpu *vcpu) - */ - if (rc == -EINVAL) - return 0; -+ /* -+ * If we got -EAGAIN here, we simply return it. It will eventually -+ * get propagated all the way to userspace, which should then try -+ * again. -+ */ - return rc; - } - --- -2.39.2 - diff --git a/queue-5.15/series b/queue-5.15/series index 7174a93a87b..5d1584e50ca 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -41,9 +41,6 @@ ionic-catch-failure-from-devlink_alloc.patch af_packet-don-t-send-zero-byte-data-in-packet_sendms.patch drm-amdgpu-add-a-missing-lock-for-amdgpu_sched.patch alsa-caiaq-input-add-error-handling-for-unsupported-.patch -kvm-s390-pv-avoid-stalls-when-making-pages-secure.patch -kvm-s390-pv-add-export-before-import.patch -kvm-s390-fix-race-in-gmap_make_secure.patch net-dsa-mt7530-fix-corrupt-frames-using-trgmii-on-40.patch virtio_net-split-free_unused_bufs.patch virtio_net-suppress-cpu-stall-when-free_unused_bufs.patch