From 1bc89ac38e9d76011762a8a402482d57b45711a5 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 18 Dec 2025 13:57:37 +0100 Subject: [PATCH] drop some hv patches from 6.17 --- ...ate-encrypted-buffers-when-requested.patch | 151 -------------- ...msginfo-when-the-buffer-fails-to-dec.patch | 86 -------- ...rivers-hv-vmbus-protocol-version-6.0.patch | 193 ------------------ queue-6.17/series | 3 - 4 files changed, 433 deletions(-) delete mode 100644 queue-6.17/drivers-hv-allocate-encrypted-buffers-when-requested.patch delete mode 100644 queue-6.17/drivers-hv-free-msginfo-when-the-buffer-fails-to-dec.patch delete mode 100644 queue-6.17/drivers-hv-vmbus-protocol-version-6.0.patch diff --git a/queue-6.17/drivers-hv-allocate-encrypted-buffers-when-requested.patch b/queue-6.17/drivers-hv-allocate-encrypted-buffers-when-requested.patch deleted file mode 100644 index 0812549b99..0000000000 --- a/queue-6.17/drivers-hv-allocate-encrypted-buffers-when-requested.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 8c7f822d930cf4aec45b8794cc68dbae34651849 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Wed, 8 Oct 2025 16:34:15 -0700 -Subject: Drivers: hv: Allocate encrypted buffers when requested - -From: Roman Kisel - -[ Upstream commit 0a4534bdf29a5b7f5a355c267d28dad9c40ba252 ] - -Confidential VMBus is built around using buffers not shared with -the host. - -Support allocating encrypted buffers when requested. - -Signed-off-by: Roman Kisel -Reviewed-by: Tianyu Lan -Reviewed-by: Michael Kelley -Signed-off-by: Wei Liu -Stable-dep-of: 510164539f16 ("Drivers: hv: Free msginfo when the buffer fails to decrypt") -Signed-off-by: Sasha Levin ---- - drivers/hv/channel.c | 49 +++++++++++++++++++++++---------------- - drivers/hv/hyperv_vmbus.h | 3 ++- - drivers/hv/ring_buffer.c | 5 ++-- - 3 files changed, 34 insertions(+), 23 deletions(-) - -diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c -index 7c7c66e0dc3f2..1621b95263a5b 100644 ---- a/drivers/hv/channel.c -+++ b/drivers/hv/channel.c -@@ -444,20 +444,23 @@ static int __vmbus_establish_gpadl(struct vmbus_channel *channel, - return ret; - } - -- /* -- * Set the "decrypted" flag to true for the set_memory_decrypted() -- * success case. In the failure case, the encryption state of the -- * memory is unknown. Leave "decrypted" as true to ensure the -- * memory will be leaked instead of going back on the free list. -- */ -- gpadl->decrypted = true; -- ret = set_memory_decrypted((unsigned long)kbuffer, -- PFN_UP(size)); -- if (ret) { -- dev_warn(&channel->device_obj->device, -- "Failed to set host visibility for new GPADL %d.\n", -- ret); -- return ret; -+ gpadl->decrypted = !((channel->co_external_memory && type == HV_GPADL_BUFFER) || -+ (channel->co_ring_buffer && type == HV_GPADL_RING)); -+ if (gpadl->decrypted) { -+ /* -+ * The "decrypted" flag being true assumes that set_memory_decrypted() succeeds. -+ * But if it fails, the encryption state of the memory is unknown. In that case, -+ * leave "decrypted" as true to ensure the memory is leaked instead of going back -+ * on the free list. -+ */ -+ ret = set_memory_decrypted((unsigned long)kbuffer, -+ PFN_UP(size)); -+ if (ret) { -+ dev_warn(&channel->device_obj->device, -+ "Failed to set host visibility for new GPADL %d.\n", -+ ret); -+ return ret; -+ } - } - - init_completion(&msginfo->waitevent); -@@ -545,8 +548,10 @@ static int __vmbus_establish_gpadl(struct vmbus_channel *channel, - * left as true so the memory is leaked instead of being - * put back on the free list. - */ -- if (!set_memory_encrypted((unsigned long)kbuffer, PFN_UP(size))) -- gpadl->decrypted = false; -+ if (gpadl->decrypted) { -+ if (!set_memory_encrypted((unsigned long)kbuffer, PFN_UP(size))) -+ gpadl->decrypted = false; -+ } - } - - return ret; -@@ -677,12 +682,13 @@ static int __vmbus_open(struct vmbus_channel *newchannel, - goto error_clean_ring; - - err = hv_ringbuffer_init(&newchannel->outbound, -- page, send_pages, 0); -+ page, send_pages, 0, newchannel->co_ring_buffer); - if (err) - goto error_free_gpadl; - - err = hv_ringbuffer_init(&newchannel->inbound, &page[send_pages], -- recv_pages, newchannel->max_pkt_size); -+ recv_pages, newchannel->max_pkt_size, -+ newchannel->co_ring_buffer); - if (err) - goto error_free_gpadl; - -@@ -863,8 +869,11 @@ int vmbus_teardown_gpadl(struct vmbus_channel *channel, struct vmbus_gpadl *gpad - - kfree(info); - -- ret = set_memory_encrypted((unsigned long)gpadl->buffer, -- PFN_UP(gpadl->size)); -+ if (gpadl->decrypted) -+ ret = set_memory_encrypted((unsigned long)gpadl->buffer, -+ PFN_UP(gpadl->size)); -+ else -+ ret = 0; - if (ret) - pr_warn("Fail to set mem host visibility in GPADL teardown %d.\n", ret); - -diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h -index 4a01797d48513..0d969f77388ef 100644 ---- a/drivers/hv/hyperv_vmbus.h -+++ b/drivers/hv/hyperv_vmbus.h -@@ -182,7 +182,8 @@ extern int hv_synic_cleanup(unsigned int cpu); - void hv_ringbuffer_pre_init(struct vmbus_channel *channel); - - int hv_ringbuffer_init(struct hv_ring_buffer_info *ring_info, -- struct page *pages, u32 pagecnt, u32 max_pkt_size); -+ struct page *pages, u32 pagecnt, u32 max_pkt_size, -+ bool confidential); - - void hv_ringbuffer_cleanup(struct hv_ring_buffer_info *ring_info); - -diff --git a/drivers/hv/ring_buffer.c b/drivers/hv/ring_buffer.c -index 23ce1fb70de14..3c421a7f78c00 100644 ---- a/drivers/hv/ring_buffer.c -+++ b/drivers/hv/ring_buffer.c -@@ -184,7 +184,8 @@ void hv_ringbuffer_pre_init(struct vmbus_channel *channel) - - /* Initialize the ring buffer. */ - int hv_ringbuffer_init(struct hv_ring_buffer_info *ring_info, -- struct page *pages, u32 page_cnt, u32 max_pkt_size) -+ struct page *pages, u32 page_cnt, u32 max_pkt_size, -+ bool confidential) - { - struct page **pages_wraparound; - int i; -@@ -208,7 +209,7 @@ int hv_ringbuffer_init(struct hv_ring_buffer_info *ring_info, - - ring_info->ring_buffer = (struct hv_ring_buffer *) - vmap(pages_wraparound, page_cnt * 2 - 1, VM_MAP, -- pgprot_decrypted(PAGE_KERNEL)); -+ confidential ? PAGE_KERNEL : pgprot_decrypted(PAGE_KERNEL)); - - kfree(pages_wraparound); - if (!ring_info->ring_buffer) --- -2.51.0 - diff --git a/queue-6.17/drivers-hv-free-msginfo-when-the-buffer-fails-to-dec.patch b/queue-6.17/drivers-hv-free-msginfo-when-the-buffer-fails-to-dec.patch deleted file mode 100644 index cf764ba933..0000000000 --- a/queue-6.17/drivers-hv-free-msginfo-when-the-buffer-fails-to-dec.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 21dda4b283c12e9f17f26add62621b9646e7c4b3 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Wed, 8 Oct 2025 16:34:16 -0700 -Subject: Drivers: hv: Free msginfo when the buffer fails to decrypt - -From: Roman Kisel - -[ Upstream commit 510164539f16062e842a9de762616b5008616fa1 ] - -The early failure path in __vmbus_establish_gpadl() doesn't deallocate -msginfo if the buffer fails to decrypt. - -Fix the leak by breaking out the cleanup code into a separate function -and calling it where required. - -Fixes: d4dccf353db80 ("Drivers: hv: vmbus: Mark vmbus ring buffer visible to host in Isolation VM") -Reported-by: Michael Kelley -Closes: https://lore.kernel.org/linux-hyperv/SN6PR02MB41573796F9787F67E0E97049D472A@SN6PR02MB4157.namprd02.prod.outlook.com -Signed-off-by: Roman Kisel -Reviewed-by: Michael Kelley -Signed-off-by: Wei Liu -Signed-off-by: Sasha Levin ---- - drivers/hv/channel.c | 24 ++++++++++++++++++------ - 1 file changed, 18 insertions(+), 6 deletions(-) - -diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c -index 1621b95263a5b..70270202209b6 100644 ---- a/drivers/hv/channel.c -+++ b/drivers/hv/channel.c -@@ -410,6 +410,21 @@ static int create_gpadl_header(enum hv_gpadl_type type, void *kbuffer, - return 0; - } - -+static void vmbus_free_channel_msginfo(struct vmbus_channel_msginfo *msginfo) -+{ -+ struct vmbus_channel_msginfo *submsginfo, *tmp; -+ -+ if (!msginfo) -+ return; -+ -+ list_for_each_entry_safe(submsginfo, tmp, &msginfo->submsglist, -+ msglistentry) { -+ kfree(submsginfo); -+ } -+ -+ kfree(msginfo); -+} -+ - /* - * __vmbus_establish_gpadl - Establish a GPADL for a buffer or ringbuffer - * -@@ -429,7 +444,7 @@ static int __vmbus_establish_gpadl(struct vmbus_channel *channel, - struct vmbus_channel_gpadl_header *gpadlmsg; - struct vmbus_channel_gpadl_body *gpadl_body; - struct vmbus_channel_msginfo *msginfo = NULL; -- struct vmbus_channel_msginfo *submsginfo, *tmp; -+ struct vmbus_channel_msginfo *submsginfo; - struct list_head *curr; - u32 next_gpadl_handle; - unsigned long flags; -@@ -459,6 +474,7 @@ static int __vmbus_establish_gpadl(struct vmbus_channel *channel, - dev_warn(&channel->device_obj->device, - "Failed to set host visibility for new GPADL %d.\n", - ret); -+ vmbus_free_channel_msginfo(msginfo); - return ret; - } - } -@@ -535,12 +551,8 @@ static int __vmbus_establish_gpadl(struct vmbus_channel *channel, - spin_lock_irqsave(&vmbus_connection.channelmsg_lock, flags); - list_del(&msginfo->msglistentry); - spin_unlock_irqrestore(&vmbus_connection.channelmsg_lock, flags); -- list_for_each_entry_safe(submsginfo, tmp, &msginfo->submsglist, -- msglistentry) { -- kfree(submsginfo); -- } - -- kfree(msginfo); -+ vmbus_free_channel_msginfo(msginfo); - - if (ret) { - /* --- -2.51.0 - diff --git a/queue-6.17/drivers-hv-vmbus-protocol-version-6.0.patch b/queue-6.17/drivers-hv-vmbus-protocol-version-6.0.patch deleted file mode 100644 index ae36a9b437..0000000000 --- a/queue-6.17/drivers-hv-vmbus-protocol-version-6.0.patch +++ /dev/null @@ -1,193 +0,0 @@ -From 3e405c5c587eb43d8daec137bc7efff2027d38a2 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Wed, 8 Oct 2025 16:34:04 -0700 -Subject: Drivers: hv: VMBus protocol version 6.0 - -From: Roman Kisel - -[ Upstream commit 6802d8af47d1dccd9a74a1f708fb9129244ef843 ] - -The confidential VMBus is supported starting from the protocol -version 6.0 onwards. - -Provide the required definitions. No functional changes. - -Signed-off-by: Roman Kisel -Reviewed-by: Alok Tiwari -Reviewed-by: Michael Kelley -Signed-off-by: Wei Liu -Stable-dep-of: 510164539f16 ("Drivers: hv: Free msginfo when the buffer fails to decrypt") -Signed-off-by: Sasha Levin ---- - drivers/hv/hyperv_vmbus.h | 2 ++ - drivers/hv/vmbus_drv.c | 12 +++++++ - include/hyperv/hvgdk_mini.h | 1 + - include/linux/hyperv.h | 69 +++++++++++++++++++++++++++---------- - 4 files changed, 65 insertions(+), 19 deletions(-) - -diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h -index 0b450e53161e5..4a01797d48513 100644 ---- a/drivers/hv/hyperv_vmbus.h -+++ b/drivers/hv/hyperv_vmbus.h -@@ -333,6 +333,8 @@ extern const struct vmbus_channel_message_table_entry - - /* General vmbus interface */ - -+bool vmbus_is_confidential(void); -+ - struct hv_device *vmbus_device_create(const guid_t *type, - const guid_t *instance, - struct vmbus_channel *channel); -diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c -index 2ed5a1e89d694..c2f913b9aad58 100644 ---- a/drivers/hv/vmbus_drv.c -+++ b/drivers/hv/vmbus_drv.c -@@ -56,6 +56,18 @@ static long __percpu *vmbus_evt; - int vmbus_irq; - int vmbus_interrupt; - -+/* -+ * If the Confidential VMBus is used, the data on the "wire" is not -+ * visible to either the host or the hypervisor. -+ */ -+static bool is_confidential; -+ -+bool vmbus_is_confidential(void) -+{ -+ return is_confidential; -+} -+EXPORT_SYMBOL_GPL(vmbus_is_confidential); -+ - /* - * The panic notifier below is responsible solely for unloading the - * vmbus connection, which is necessary in a panic event. -diff --git a/include/hyperv/hvgdk_mini.h b/include/hyperv/hvgdk_mini.h -index 1be7f6a023046..981a687bdc7eb 100644 ---- a/include/hyperv/hvgdk_mini.h -+++ b/include/hyperv/hvgdk_mini.h -@@ -260,6 +260,7 @@ union hv_hypervisor_version_info { - #define HYPERV_CPUID_VIRT_STACK_PROPERTIES 0x40000082 - /* Support for the extended IOAPIC RTE format */ - #define HYPERV_VS_PROPERTIES_EAX_EXTENDED_IOAPIC_RTE BIT(2) -+#define HYPERV_VS_PROPERTIES_EAX_CONFIDENTIAL_VMBUS_AVAILABLE BIT(3) - - #define HYPERV_HYPERVISOR_PRESENT_BIT 0x80000000 - #define HYPERV_CPUID_MIN 0x40000005 -diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h -index a59c5c3e95fb8..a1820fabbfc0c 100644 ---- a/include/linux/hyperv.h -+++ b/include/linux/hyperv.h -@@ -265,16 +265,18 @@ static inline u32 hv_get_avail_to_write_percent( - * Linux kernel. - */ - --#define VERSION_WS2008 ((0 << 16) | (13)) --#define VERSION_WIN7 ((1 << 16) | (1)) --#define VERSION_WIN8 ((2 << 16) | (4)) --#define VERSION_WIN8_1 ((3 << 16) | (0)) --#define VERSION_WIN10 ((4 << 16) | (0)) --#define VERSION_WIN10_V4_1 ((4 << 16) | (1)) --#define VERSION_WIN10_V5 ((5 << 16) | (0)) --#define VERSION_WIN10_V5_1 ((5 << 16) | (1)) --#define VERSION_WIN10_V5_2 ((5 << 16) | (2)) --#define VERSION_WIN10_V5_3 ((5 << 16) | (3)) -+#define VMBUS_MAKE_VERSION(MAJ, MIN) ((((u32)MAJ) << 16) | (MIN)) -+#define VERSION_WS2008 VMBUS_MAKE_VERSION(0, 13) -+#define VERSION_WIN7 VMBUS_MAKE_VERSION(1, 1) -+#define VERSION_WIN8 VMBUS_MAKE_VERSION(2, 4) -+#define VERSION_WIN8_1 VMBUS_MAKE_VERSION(3, 0) -+#define VERSION_WIN10 VMBUS_MAKE_VERSION(4, 0) -+#define VERSION_WIN10_V4_1 VMBUS_MAKE_VERSION(4, 1) -+#define VERSION_WIN10_V5 VMBUS_MAKE_VERSION(5, 0) -+#define VERSION_WIN10_V5_1 VMBUS_MAKE_VERSION(5, 1) -+#define VERSION_WIN10_V5_2 VMBUS_MAKE_VERSION(5, 2) -+#define VERSION_WIN10_V5_3 VMBUS_MAKE_VERSION(5, 3) -+#define VERSION_WIN10_V6_0 VMBUS_MAKE_VERSION(6, 0) - - /* Make maximum size of pipe payload of 16K */ - #define MAX_PIPE_DATA_PAYLOAD (sizeof(u8) * 16384) -@@ -335,14 +337,22 @@ struct vmbus_channel_offer { - } __packed; - - /* Server Flags */ --#define VMBUS_CHANNEL_ENUMERATE_DEVICE_INTERFACE 1 --#define VMBUS_CHANNEL_SERVER_SUPPORTS_TRANSFER_PAGES 2 --#define VMBUS_CHANNEL_SERVER_SUPPORTS_GPADLS 4 --#define VMBUS_CHANNEL_NAMED_PIPE_MODE 0x10 --#define VMBUS_CHANNEL_LOOPBACK_OFFER 0x100 --#define VMBUS_CHANNEL_PARENT_OFFER 0x200 --#define VMBUS_CHANNEL_REQUEST_MONITORED_NOTIFICATION 0x400 --#define VMBUS_CHANNEL_TLNPI_PROVIDER_OFFER 0x2000 -+#define VMBUS_CHANNEL_ENUMERATE_DEVICE_INTERFACE 0x0001 -+/* -+ * This flag indicates that the channel is offered by the paravisor, and must -+ * use encrypted memory for the channel ring buffer. -+ */ -+#define VMBUS_CHANNEL_CONFIDENTIAL_RING_BUFFER 0x0002 -+/* -+ * This flag indicates that the channel is offered by the paravisor, and must -+ * use encrypted memory for GPA direct packets and additional GPADLs. -+ */ -+#define VMBUS_CHANNEL_CONFIDENTIAL_EXTERNAL_MEMORY 0x0004 -+#define VMBUS_CHANNEL_NAMED_PIPE_MODE 0x0010 -+#define VMBUS_CHANNEL_LOOPBACK_OFFER 0x0100 -+#define VMBUS_CHANNEL_PARENT_OFFER 0x0200 -+#define VMBUS_CHANNEL_REQUEST_MONITORED_NOTIFICATION 0x0400 -+#define VMBUS_CHANNEL_TLNPI_PROVIDER_OFFER 0x2000 - - struct vmpacket_descriptor { - u16 type; -@@ -621,6 +631,12 @@ struct vmbus_channel_relid_released { - u32 child_relid; - } __packed; - -+/* -+ * Used by the paravisor only, means that the encrypted ring buffers and -+ * the encrypted external memory are supported -+ */ -+#define VMBUS_FEATURE_FLAG_CONFIDENTIAL_CHANNELS 0x10 -+ - struct vmbus_channel_initiate_contact { - struct vmbus_channel_message_header header; - u32 vmbus_version_requested; -@@ -630,7 +646,8 @@ struct vmbus_channel_initiate_contact { - struct { - u8 msg_sint; - u8 msg_vtl; -- u8 reserved[6]; -+ u8 reserved[2]; -+ u32 feature_flags; /* VMBus version 6.0 */ - }; - }; - u64 monitor_page1; -@@ -1008,6 +1025,10 @@ struct vmbus_channel { - - /* boolean to control visibility of sysfs for ring buffer */ - bool ring_sysfs_visible; -+ /* The ring buffer is encrypted */ -+ bool co_ring_buffer; -+ /* The external memory is encrypted */ -+ bool co_external_memory; - }; - - #define lock_requestor(channel, flags) \ -@@ -1032,6 +1053,16 @@ u64 vmbus_request_addr_match(struct vmbus_channel *channel, u64 trans_id, - u64 rqst_addr); - u64 vmbus_request_addr(struct vmbus_channel *channel, u64 trans_id); - -+static inline bool is_co_ring_buffer(const struct vmbus_channel_offer_channel *o) -+{ -+ return !!(o->offer.chn_flags & VMBUS_CHANNEL_CONFIDENTIAL_RING_BUFFER); -+} -+ -+static inline bool is_co_external_memory(const struct vmbus_channel_offer_channel *o) -+{ -+ return !!(o->offer.chn_flags & VMBUS_CHANNEL_CONFIDENTIAL_EXTERNAL_MEMORY); -+} -+ - static inline bool is_hvsock_offer(const struct vmbus_channel_offer_channel *o) - { - return !!(o->offer.chn_flags & VMBUS_CHANNEL_TLNPI_PROVIDER_OFFER); --- -2.51.0 - diff --git a/queue-6.17/series b/queue-6.17/series index d2fe8350a4..dc2492c589 100644 --- a/queue-6.17/series +++ b/queue-6.17/series @@ -241,9 +241,6 @@ bpf-handle-return-value-of-ftrace_set_filter_ip-in-r.patch selftests-bpf-fix-failure-paths-in-send_signal-test.patch bpf-check-skb-transport_header-is-set-in-bpf_skb_che.patch mshv-fix-deposit-memory-in-mshv_root_hvcall.patch -drivers-hv-vmbus-protocol-version-6.0.patch -drivers-hv-allocate-encrypted-buffers-when-requested.patch -drivers-hv-free-msginfo-when-the-buffer-fails-to-dec.patch mshv-fix-create-memory-region-overlap-check.patch watchdog-wdat_wdt-fix-acpi-table-leak-in-probe-funct.patch watchdog-starfive-fix-resource-leak-in-probe-error-p.patch -- 2.47.3