From dc105138193ed7cbb59f84f3a947338f75fa7100 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 3 Aug 2017 12:18:39 -0700 Subject: [PATCH] 3.18-stable patches added patches: kvm-ppc-book3s-hv-reload-htm-registers-explicitly.patch kvm-ppc-book3s-hv-save-restore-host-values-of-debug-registers.patch --- ...s-hv-reload-htm-registers-explicitly.patch | 73 ++++++++++++ ...store-host-values-of-debug-registers.patch | 109 ++++++++++++++++++ queue-3.18/series | 2 + 3 files changed, 184 insertions(+) create mode 100644 queue-3.18/kvm-ppc-book3s-hv-reload-htm-registers-explicitly.patch create mode 100644 queue-3.18/kvm-ppc-book3s-hv-save-restore-host-values-of-debug-registers.patch diff --git a/queue-3.18/kvm-ppc-book3s-hv-reload-htm-registers-explicitly.patch b/queue-3.18/kvm-ppc-book3s-hv-reload-htm-registers-explicitly.patch new file mode 100644 index 00000000000..88e94d8b64c --- /dev/null +++ b/queue-3.18/kvm-ppc-book3s-hv-reload-htm-registers-explicitly.patch @@ -0,0 +1,73 @@ +From paulus@ozlabs.org Thu Aug 3 12:17:47 2017 +From: Paul Mackerras +Date: Mon, 31 Jul 2017 10:07:43 +1000 +Subject: KVM: PPC: Book3S HV: Reload HTM registers explicitly +To: stable@vger.kernel.org +Message-ID: <20170731000743.q7hx3bnrssggtgtl@oak.ozlabs.ibm.com> +Content-Disposition: inline + +From: Paul Mackerras + +Commit 46a704f8409f ("KVM: PPC: Book3S HV: Preserve userspace HTM +state properly", 2017-06-15) added code which assumes that the kernel +is able to handle a TM (transactional memory) unavailable interrupt +from userspace by reloading the TM-related registers and enabling TM +for the process. That ability was added in the 4.9 kernel; earlier +kernel versions simply panic on getting the TM unavailable interrupt. + +Since commit 46a704f8409f has been backported to the 3.18 stable tree +as commit 0b423daba180, 3.18.59 and subsequent versions are vulnerable +to a userspace-triggerable panic. + +This patch fixes the problem by explicitly reloading the TM-related +registers before returning to userspace, rather than disabling TM +for the process. + +Commit 46a704f8409f also failed to enable TM for the kernel, leading +to a TM unavailable interrupt in the kernel, causing an oops. This +fixes that problem too, by enabling TM before accessing the TM +registers. That problem is fixed upstream by the patch "KVM: PPC: +Book3S HV: Enable TM before accessing TM registers". + +Fixes: 0b423daba180 ("KVM: PPC: Book3S HV: Preserve userspace HTM state properly") +Signed-off-by: Paul Mackerras +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/kvm/book3s_hv.c | 16 +++++++++++++++- + 1 file changed, 15 insertions(+), 1 deletion(-) + +--- a/arch/powerpc/kvm/book3s_hv.c ++++ b/arch/powerpc/kvm/book3s_hv.c +@@ -1974,10 +1974,11 @@ static int kvmppc_vcpu_run_hv(struct kvm + run->fail_entry.hardware_entry_failure_reason = 0; + return -EINVAL; + } ++ /* Enable TM so we can read the TM SPRs */ ++ mtmsr(mfmsr() | MSR_TM); + current->thread.tm_tfhar = mfspr(SPRN_TFHAR); + current->thread.tm_tfiar = mfspr(SPRN_TFIAR); + current->thread.tm_texasr = mfspr(SPRN_TEXASR); +- current->thread.regs->msr &= ~MSR_TM; + } + #endif + +@@ -2043,6 +2044,19 @@ static int kvmppc_vcpu_run_hv(struct kvm + } + mtspr(SPRN_VRSAVE, user_vrsave); + ++ /* ++ * Since we don't do lazy TM reload, we need to reload ++ * the TM registers here. ++ */ ++#ifdef CONFIG_PPC_TRANSACTIONAL_MEM ++ if (cpu_has_feature(CPU_FTR_TM) && current->thread.regs && ++ (current->thread.regs->msr & MSR_TM)) { ++ mtspr(SPRN_TFHAR, current->thread.tm_tfhar); ++ mtspr(SPRN_TFIAR, current->thread.tm_tfiar); ++ mtspr(SPRN_TEXASR, current->thread.tm_texasr); ++ } ++#endif ++ + out: + vcpu->arch.state = KVMPPC_VCPU_NOTREADY; + atomic_dec(&vcpu->kvm->arch.vcpus_running); diff --git a/queue-3.18/kvm-ppc-book3s-hv-save-restore-host-values-of-debug-registers.patch b/queue-3.18/kvm-ppc-book3s-hv-save-restore-host-values-of-debug-registers.patch new file mode 100644 index 00000000000..e41ecb7c20e --- /dev/null +++ b/queue-3.18/kvm-ppc-book3s-hv-save-restore-host-values-of-debug-registers.patch @@ -0,0 +1,109 @@ +From 7ceaa6dcd8c6f59588428cec37f3c8093dd1011f Mon Sep 17 00:00:00 2001 +From: Paul Mackerras +Date: Fri, 16 Jun 2017 11:53:19 +1000 +Subject: KVM: PPC: Book3S HV: Save/restore host values of debug registers + +From: Paul Mackerras + +commit 7ceaa6dcd8c6f59588428cec37f3c8093dd1011f upstream. + +At present, HV KVM on POWER8 and POWER9 machines loses any instruction +or data breakpoint set in the host whenever a guest is run. +Instruction breakpoints are currently only used by xmon, but ptrace +and the perf_event subsystem can set data breakpoints as well as xmon. + +To fix this, we save the host values of the debug registers (CIABR, +DAWR and DAWRX) before entering the guest and restore them on exit. +To provide space to save them in the stack frame, we expand the stack +frame allocated by kvmppc_hv_entry() from 112 to 144 bytes. + +[paulus@ozlabs.org - Adjusted stack offsets since we aren't saving + POWER9-specific registers.] + +Fixes: b005255e12a3 ("KVM: PPC: Book3S HV: Context-switch new POWER8 SPRs", 2014-01-08) +Signed-off-by: Paul Mackerras +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kvm/book3s_hv_rmhandlers.S | 35 +++++++++++++++++++++++++++----- + 1 file changed, 30 insertions(+), 5 deletions(-) + +--- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S ++++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S +@@ -36,6 +36,12 @@ + #define NAPPING_CEDE 1 + #define NAPPING_NOVCPU 2 + ++/* Stack frame offsets for kvmppc_hv_entry */ ++#define SFS 112 ++#define STACK_SLOT_CIABR (SFS-16) ++#define STACK_SLOT_DAWR (SFS-24) ++#define STACK_SLOT_DAWRX (SFS-32) ++ + /* + * Call kvmppc_hv_entry in real mode. + * Must be called with interrupts hard-disabled. +@@ -360,7 +366,7 @@ kvmppc_hv_entry: + */ + mflr r0 + std r0, PPC_LR_STKOFF(r1) +- stdu r1, -112(r1) ++ stdu r1, -SFS(r1) + + /* Save R1 in the PACA */ + std r1, HSTATE_HOST_R1(r13) +@@ -618,6 +624,16 @@ BEGIN_FTR_SECTION + mtspr SPRN_SPURR,r8 + END_FTR_SECTION_IFSET(CPU_FTR_ARCH_206) + ++ /* Save host values of some registers */ ++BEGIN_FTR_SECTION ++ mfspr r5, SPRN_CIABR ++ mfspr r6, SPRN_DAWR ++ mfspr r7, SPRN_DAWRX ++ std r5, STACK_SLOT_CIABR(r1) ++ std r6, STACK_SLOT_DAWR(r1) ++ std r7, STACK_SLOT_DAWRX(r1) ++END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S) ++ + BEGIN_FTR_SECTION + /* Set partition DABR */ + /* Do this before re-enabling PMU to avoid P7 DABR corruption bug */ +@@ -1180,8 +1196,6 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S) + */ + li r0, 0 + mtspr SPRN_IAMR, r0 +- mtspr SPRN_CIABR, r0 +- mtspr SPRN_DAWRX, r0 + mtspr SPRN_PSPB, r0 + mtspr SPRN_TCSCR, r0 + mtspr SPRN_WORT, r0 +@@ -1358,6 +1372,17 @@ hdec_soon: /* r12 = trap, r13 = paca * + BEGIN_FTR_SECTION + b 32f + END_FTR_SECTION_IFSET(CPU_FTR_ARCH_201) ++ ++ /* Restore host values of some registers */ ++BEGIN_FTR_SECTION ++ ld r5, STACK_SLOT_CIABR(r1) ++ ld r6, STACK_SLOT_DAWR(r1) ++ ld r7, STACK_SLOT_DAWRX(r1) ++ mtspr SPRN_CIABR, r5 ++ mtspr SPRN_DAWR, r6 ++ mtspr SPRN_DAWRX, r7 ++END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S) ++ + /* + * POWER7 guest -> host partition switch code. + * We don't have to lock against tlbies but we do +@@ -1584,8 +1609,8 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S) + li r0, KVM_GUEST_MODE_NONE + stb r0, HSTATE_IN_GUEST(r13) + +- ld r0, 112+PPC_LR_STKOFF(r1) +- addi r1, r1, 112 ++ ld r0, SFS+PPC_LR_STKOFF(r1) ++ addi r1, r1, SFS + mtlr r0 + blr + diff --git a/queue-3.18/series b/queue-3.18/series index 7a0a7705c05..94d41f51cb1 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -5,3 +5,5 @@ powerpc-pseries-fix-of_node_put-underflow-during-reconfig-remove.patch md-raid5-add-thread_group-worker-async_tx_issue_pending_all.patch drm-vmwgfx-fix-gcc-7.1.1-warning.patch kvm-ppc-book3s-hv-restore-critical-sprs-to-host-values-on-guest-exit.patch +kvm-ppc-book3s-hv-reload-htm-registers-explicitly.patch +kvm-ppc-book3s-hv-save-restore-host-values-of-debug-registers.patch -- 2.47.3