--- /dev/null
+From f7f86e8ac0ad7cd6792a80137f5a550924966916 Mon Sep 17 00:00:00 2001
+From: Sowjanya Komatineni <skomatineni@nvidia.com>
+Date: Thu, 27 Aug 2020 10:20:57 -0700
+Subject: dt-bindings: mmc: tegra: Add tmclk for Tegra210 and later
+
+From: Sowjanya Komatineni <skomatineni@nvidia.com>
+
+commit f7f86e8ac0ad7cd6792a80137f5a550924966916 upstream.
+
+commit b5a84ecf025a ("mmc: tegra: Add Tegra210 support")
+
+Tegra210 and later uses separate SDMMC_LEGACY_TM clock for data
+timeout.
+
+So, this patch adds "tmclk" to Tegra sdhci clock property in the
+device tree binding.
+
+Fixes: b5a84ecf025a ("mmc: tegra: Add Tegra210 support")
+Cc: stable <stable@vger.kernel.org> # 5.4
+Reviewed-by: Jon Hunter <jonathanh@nvidia.com>
+Signed-off-by: Sowjanya Komatineni <skomatineni@nvidia.com>
+Link: https://lore.kernel.org/r/1598548861-32373-4-git-send-email-skomatineni@nvidia.com
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ Documentation/devicetree/bindings/mmc/nvidia,tegra20-sdhci.txt | 32 +++++++++-
+ 1 file changed, 29 insertions(+), 3 deletions(-)
+
+--- a/Documentation/devicetree/bindings/mmc/nvidia,tegra20-sdhci.txt
++++ b/Documentation/devicetree/bindings/mmc/nvidia,tegra20-sdhci.txt
+@@ -15,8 +15,15 @@ Required properties:
+ - "nvidia,tegra210-sdhci": for Tegra210
+ - "nvidia,tegra186-sdhci": for Tegra186
+ - "nvidia,tegra194-sdhci": for Tegra194
+-- clocks : Must contain one entry, for the module clock.
+- See ../clocks/clock-bindings.txt for details.
++- clocks: For Tegra210, Tegra186 and Tegra194 must contain two entries.
++ One for the module clock and one for the timeout clock.
++ For all other Tegra devices, must contain a single entry for
++ the module clock. See ../clocks/clock-bindings.txt for details.
++- clock-names: For Tegra210, Tegra186 and Tegra194 must contain the
++ strings 'sdhci' and 'tmclk' to represent the module and
++ the timeout clocks, respectively.
++ For all other Tegra devices must contain the string 'sdhci'
++ to represent the module clock.
+ - resets : Must contain an entry for each entry in reset-names.
+ See ../reset/reset.txt for details.
+ - reset-names : Must include the following entries:
+@@ -99,7 +106,7 @@ Optional properties for Tegra210, Tegra1
+
+ Example:
+ sdhci@700b0000 {
+- compatible = "nvidia,tegra210-sdhci", "nvidia,tegra124-sdhci";
++ compatible = "nvidia,tegra124-sdhci";
+ reg = <0x0 0x700b0000 0x0 0x200>;
+ interrupts = <GIC_SPI 14 IRQ_TYPE_LEVEL_HIGH>;
+ clocks = <&tegra_car TEGRA210_CLK_SDMMC1>;
+@@ -107,6 +114,25 @@ sdhci@700b0000 {
+ resets = <&tegra_car 14>;
+ reset-names = "sdhci";
+ pinctrl-names = "sdmmc-3v3", "sdmmc-1v8";
++ pinctrl-0 = <&sdmmc1_3v3>;
++ pinctrl-1 = <&sdmmc1_1v8>;
++ nvidia,pad-autocal-pull-up-offset-3v3 = <0x00>;
++ nvidia,pad-autocal-pull-down-offset-3v3 = <0x7d>;
++ nvidia,pad-autocal-pull-up-offset-1v8 = <0x7b>;
++ nvidia,pad-autocal-pull-down-offset-1v8 = <0x7b>;
++ status = "disabled";
++};
++
++sdhci@700b0000 {
++ compatible = "nvidia,tegra210-sdhci";
++ reg = <0x0 0x700b0000 0x0 0x200>;
++ interrupts = <GIC_SPI 14 IRQ_TYPE_LEVEL_HIGH>;
++ clocks = <&tegra_car TEGRA210_CLK_SDMMC1>,
++ <&tegra_car TEGRA210_CLK_SDMMC_LEGACY>;
++ clock-names = "sdhci", "tmclk";
++ resets = <&tegra_car 14>;
++ reset-names = "sdhci";
++ pinctrl-names = "sdmmc-3v3", "sdmmc-1v8";
+ pinctrl-0 = <&sdmmc1_3v3>;
+ pinctrl-1 = <&sdmmc1_1v8>;
+ nvidia,pad-autocal-pull-up-offset-3v3 = <0x00>;
--- /dev/null
+From e9ee186bb735bfc17fa81dbc9aebf268aee5b41e Mon Sep 17 00:00:00 2001
+From: James Morse <james.morse@arm.com>
+Date: Fri, 21 Aug 2020 15:07:05 +0100
+Subject: KVM: arm64: Add kvm_extable for vaxorcism code
+
+From: James Morse <james.morse@arm.com>
+
+commit e9ee186bb735bfc17fa81dbc9aebf268aee5b41e upstream.
+
+KVM has a one instruction window where it will allow an SError exception
+to be consumed by the hypervisor without treating it as a hypervisor bug.
+This is used to consume asynchronous external abort that were caused by
+the guest.
+
+As we are about to add another location that survives unexpected exceptions,
+generalise this code to make it behave like the host's extable.
+
+KVM's version has to be mapped to EL2 to be accessible on nVHE systems.
+
+The SError vaxorcism code is a one instruction window, so has two entries
+in the extable. Because the KVM code is copied for VHE and nVHE, we end up
+with four entries, half of which correspond with code that isn't mapped.
+
+Cc: <stable@vger.kernel.org> # 5.4.x
+Signed-off-by: James Morse <james.morse@arm.com>
+Reviewed-by: Marc Zyngier <maz@kernel.org>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Andre Przywara <andre.przywara@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/include/asm/kvm_asm.h | 15 +++++++++++
+ arch/arm64/kernel/vmlinux.lds.S | 8 ++++++
+ arch/arm64/kvm/hyp/entry.S | 15 ++++++-----
+ arch/arm64/kvm/hyp/hyp-entry.S | 51 +++++++++++++++++++++++----------------
+ arch/arm64/kvm/hyp/switch.c | 31 +++++++++++++++++++++++
+ 5 files changed, 94 insertions(+), 26 deletions(-)
+
+--- a/arch/arm64/include/asm/kvm_asm.h
++++ b/arch/arm64/include/asm/kvm_asm.h
+@@ -113,6 +113,21 @@ extern u32 __kvm_get_mdcr_el2(void);
+ kern_hyp_va \vcpu
+ .endm
+
++/*
++ * KVM extable for unexpected exceptions.
++ * In the same format _asm_extable, but output to a different section so that
++ * it can be mapped to EL2. The KVM version is not sorted. The caller must
++ * ensure:
++ * x18 has the hypervisor value to allow any Shadow-Call-Stack instrumented
++ * code to write to it, and that SPSR_EL2 and ELR_EL2 are restored by the fixup.
++ */
++.macro _kvm_extable, from, to
++ .pushsection __kvm_ex_table, "a"
++ .align 3
++ .long (\from - .), (\to - .)
++ .popsection
++.endm
++
+ #endif
+
+ #endif /* __ARM_KVM_ASM_H__ */
+--- a/arch/arm64/kernel/vmlinux.lds.S
++++ b/arch/arm64/kernel/vmlinux.lds.S
+@@ -24,6 +24,13 @@ ENTRY(_text)
+
+ jiffies = jiffies_64;
+
++
++#define HYPERVISOR_EXTABLE \
++ . = ALIGN(SZ_8); \
++ __start___kvm_ex_table = .; \
++ *(__kvm_ex_table) \
++ __stop___kvm_ex_table = .;
++
+ #define HYPERVISOR_TEXT \
+ /* \
+ * Align to 4 KB so that \
+@@ -39,6 +46,7 @@ jiffies = jiffies_64;
+ __hyp_idmap_text_end = .; \
+ __hyp_text_start = .; \
+ *(.hyp.text) \
++ HYPERVISOR_EXTABLE \
+ __hyp_text_end = .;
+
+ #define IDMAP_TEXT \
+--- a/arch/arm64/kvm/hyp/entry.S
++++ b/arch/arm64/kvm/hyp/entry.S
+@@ -173,20 +173,23 @@ alternative_endif
+ // This is our single instruction exception window. A pending
+ // SError is guaranteed to occur at the earliest when we unmask
+ // it, and at the latest just after the ISB.
+- .global abort_guest_exit_start
+ abort_guest_exit_start:
+
+ isb
+
+- .global abort_guest_exit_end
+ abort_guest_exit_end:
+
+ msr daifset, #4 // Mask aborts
++ ret
+
+- // If the exception took place, restore the EL1 exception
+- // context so that we can report some information.
+- // Merge the exception code with the SError pending bit.
+- tbz x0, #ARM_EXIT_WITH_SERROR_BIT, 1f
++ _kvm_extable abort_guest_exit_start, 9997f
++ _kvm_extable abort_guest_exit_end, 9997f
++9997:
++ msr daifset, #4 // Mask aborts
++ mov x0, #(1 << ARM_EXIT_WITH_SERROR_BIT)
++
++ // restore the EL1 exception context so that we can report some
++ // information. Merge the exception code with the SError pending bit.
+ msr elr_el2, x2
+ msr esr_el2, x3
+ msr spsr_el2, x4
+--- a/arch/arm64/kvm/hyp/hyp-entry.S
++++ b/arch/arm64/kvm/hyp/hyp-entry.S
+@@ -15,6 +15,30 @@
+ #include <asm/kvm_mmu.h>
+ #include <asm/mmu.h>
+
++.macro save_caller_saved_regs_vect
++ /* x0 and x1 were saved in the vector entry */
++ stp x2, x3, [sp, #-16]!
++ stp x4, x5, [sp, #-16]!
++ stp x6, x7, [sp, #-16]!
++ stp x8, x9, [sp, #-16]!
++ stp x10, x11, [sp, #-16]!
++ stp x12, x13, [sp, #-16]!
++ stp x14, x15, [sp, #-16]!
++ stp x16, x17, [sp, #-16]!
++.endm
++
++.macro restore_caller_saved_regs_vect
++ ldp x16, x17, [sp], #16
++ ldp x14, x15, [sp], #16
++ ldp x12, x13, [sp], #16
++ ldp x10, x11, [sp], #16
++ ldp x8, x9, [sp], #16
++ ldp x6, x7, [sp], #16
++ ldp x4, x5, [sp], #16
++ ldp x2, x3, [sp], #16
++ ldp x0, x1, [sp], #16
++.endm
++
+ .text
+ .pushsection .hyp.text, "ax"
+
+@@ -156,27 +180,14 @@ el2_sync:
+
+
+ el2_error:
+- ldp x0, x1, [sp], #16
++ save_caller_saved_regs_vect
++ stp x29, x30, [sp, #-16]!
++
++ bl kvm_unexpected_el2_exception
++
++ ldp x29, x30, [sp], #16
++ restore_caller_saved_regs_vect
+
+- /*
+- * Only two possibilities:
+- * 1) Either we come from the exit path, having just unmasked
+- * PSTATE.A: change the return code to an EL2 fault, and
+- * carry on, as we're already in a sane state to handle it.
+- * 2) Or we come from anywhere else, and that's a bug: we panic.
+- *
+- * For (1), x0 contains the original return code and x1 doesn't
+- * contain anything meaningful at that stage. We can reuse them
+- * as temp registers.
+- * For (2), who cares?
+- */
+- mrs x0, elr_el2
+- adr x1, abort_guest_exit_start
+- cmp x0, x1
+- adr x1, abort_guest_exit_end
+- ccmp x0, x1, #4, ne
+- b.ne __hyp_panic
+- mov x0, #(1 << ARM_EXIT_WITH_SERROR_BIT)
+ eret
+ sb
+
+--- a/arch/arm64/kvm/hyp/switch.c
++++ b/arch/arm64/kvm/hyp/switch.c
+@@ -14,6 +14,7 @@
+
+ #include <asm/arch_gicv3.h>
+ #include <asm/cpufeature.h>
++#include <asm/extable.h>
+ #include <asm/kprobes.h>
+ #include <asm/kvm_asm.h>
+ #include <asm/kvm_emulate.h>
+@@ -25,6 +26,9 @@
+ #include <asm/processor.h>
+ #include <asm/thread_info.h>
+
++extern struct exception_table_entry __start___kvm_ex_table;
++extern struct exception_table_entry __stop___kvm_ex_table;
++
+ /* Check whether the FP regs were dirtied while in the host-side run loop: */
+ static bool __hyp_text update_fp_enabled(struct kvm_vcpu *vcpu)
+ {
+@@ -791,3 +795,30 @@ void __hyp_text __noreturn hyp_panic(str
+
+ unreachable();
+ }
++
++asmlinkage void __hyp_text kvm_unexpected_el2_exception(void)
++{
++ unsigned long addr, fixup;
++ struct kvm_cpu_context *host_ctxt;
++ struct exception_table_entry *entry, *end;
++ unsigned long elr_el2 = read_sysreg(elr_el2);
++
++ entry = hyp_symbol_addr(__start___kvm_ex_table);
++ end = hyp_symbol_addr(__stop___kvm_ex_table);
++ host_ctxt = &__hyp_this_cpu_ptr(kvm_host_data)->host_ctxt;
++
++ while (entry < end) {
++ addr = (unsigned long)&entry->insn + entry->insn;
++ fixup = (unsigned long)&entry->fixup + entry->fixup;
++
++ if (addr != elr_el2) {
++ entry++;
++ continue;
++ }
++
++ write_sysreg(fixup, elr_el2);
++ return;
++ }
++
++ hyp_panic(host_ctxt);
++}
--- /dev/null
+From 71a7f8cb1ca4ca7214a700b1243626759b6c11d4 Mon Sep 17 00:00:00 2001
+From: James Morse <james.morse@arm.com>
+Date: Fri, 21 Aug 2020 15:07:07 +0100
+Subject: KVM: arm64: Set HCR_EL2.PTW to prevent AT taking synchronous exception
+
+From: James Morse <james.morse@arm.com>
+
+commit 71a7f8cb1ca4ca7214a700b1243626759b6c11d4 upstream.
+
+AT instructions do a translation table walk and return the result, or
+the fault in PAR_EL1. KVM uses these to find the IPA when the value is
+not provided by the CPU in HPFAR_EL1.
+
+If a translation table walk causes an external abort it is taken as an
+exception, even if it was due to an AT instruction. (DDI0487F.a's D5.2.11
+"Synchronous faults generated by address translation instructions")
+
+While we previously made KVM resilient to exceptions taken due to AT
+instructions, the device access causes mismatched attributes, and may
+occur speculatively. Prevent this, by forbidding a walk through memory
+described as device at stage2. Now such AT instructions will report a
+stage2 fault.
+
+Such a fault will cause KVM to restart the guest. If the AT instructions
+always walk the page tables, but guest execution uses the translation cached
+in the TLB, the guest can't make forward progress until the TLB entry is
+evicted. This isn't a problem, as since commit 5dcd0fdbb492 ("KVM: arm64:
+Defer guest entry when an asynchronous exception is pending"), KVM will
+return to the host to process IRQs allowing the rest of the system to keep
+running.
+
+Cc: stable@vger.kernel.org # <v5.3: 5dcd0fdbb492 ("KVM: arm64: Defer guest entry when an asynchronous exception is pending")
+Signed-off-by: James Morse <james.morse@arm.com>
+Reviewed-by: Marc Zyngier <maz@kernel.org>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Andre Przywara <andre.przywara@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/include/asm/kvm_arm.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/arm64/include/asm/kvm_arm.h
++++ b/arch/arm64/include/asm/kvm_arm.h
+@@ -72,11 +72,12 @@
+ * IMO: Override CPSR.I and enable signaling with VI
+ * FMO: Override CPSR.F and enable signaling with VF
+ * SWIO: Turn set/way invalidates into set/way clean+invalidate
++ * PTW: Take a stage2 fault if a stage1 walk steps in device memory
+ */
+ #define HCR_GUEST_FLAGS (HCR_TSC | HCR_TSW | HCR_TWE | HCR_TWI | HCR_VM | \
+ HCR_TVM | HCR_BSU_IS | HCR_FB | HCR_TAC | \
+ HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW | HCR_TLOR | \
+- HCR_FMO | HCR_IMO)
++ HCR_FMO | HCR_IMO | HCR_PTW )
+ #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF)
+ #define HCR_HOST_NVHE_FLAGS (HCR_RW | HCR_API | HCR_APK)
+ #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H)
--- /dev/null
+From 88a84ccccb3966bcc3f309cdb76092a9892c0260 Mon Sep 17 00:00:00 2001
+From: James Morse <james.morse@arm.com>
+Date: Fri, 21 Aug 2020 15:07:06 +0100
+Subject: KVM: arm64: Survive synchronous exceptions caused by AT instructions
+
+From: James Morse <james.morse@arm.com>
+
+commit 88a84ccccb3966bcc3f309cdb76092a9892c0260 upstream.
+
+KVM doesn't expect any synchronous exceptions when executing, any such
+exception leads to a panic(). AT instructions access the guest page
+tables, and can cause a synchronous external abort to be taken.
+
+The arm-arm is unclear on what should happen if the guest has configured
+the hardware update of the access-flag, and a memory type in TCR_EL1 that
+does not support atomic operations. B2.2.6 "Possible implementation
+restrictions on using atomic instructions" from DDI0487F.a lists
+synchronous external abort as a possible behaviour of atomic instructions
+that target memory that isn't writeback cacheable, but the page table
+walker may behave differently.
+
+Make KVM robust to synchronous exceptions caused by AT instructions.
+Add a get_user() style helper for AT instructions that returns -EFAULT
+if an exception was generated.
+
+While KVM's version of the exception table mixes synchronous and
+asynchronous exceptions, only one of these can occur at each location.
+
+Re-enter the guest when the AT instructions take an exception on the
+assumption the guest will take the same exception. This isn't guaranteed
+to make forward progress, as the AT instructions may always walk the page
+tables, but guest execution may use the translation cached in the TLB.
+
+This isn't a problem, as since commit 5dcd0fdbb492 ("KVM: arm64: Defer guest
+entry when an asynchronous exception is pending"), KVM will return to the
+host to process IRQs allowing the rest of the system to keep running.
+
+Cc: stable@vger.kernel.org # <v5.3: 5dcd0fdbb492 ("KVM: arm64: Defer guest entry when an asynchronous exception is pending")
+Signed-off-by: James Morse <james.morse@arm.com>
+Reviewed-by: Marc Zyngier <maz@kernel.org>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Andre Przywara <andre.przywara@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/include/asm/kvm_asm.h | 28 ++++++++++++++++++++++++++++
+ arch/arm64/kvm/hyp/hyp-entry.S | 14 ++++++++++----
+ arch/arm64/kvm/hyp/switch.c | 8 ++++----
+ 3 files changed, 42 insertions(+), 8 deletions(-)
+
+--- a/arch/arm64/include/asm/kvm_asm.h
++++ b/arch/arm64/include/asm/kvm_asm.h
+@@ -88,6 +88,34 @@ extern u32 __kvm_get_mdcr_el2(void);
+ *__hyp_this_cpu_ptr(sym); \
+ })
+
++#define __KVM_EXTABLE(from, to) \
++ " .pushsection __kvm_ex_table, \"a\"\n" \
++ " .align 3\n" \
++ " .long (" #from " - .), (" #to " - .)\n" \
++ " .popsection\n"
++
++
++#define __kvm_at(at_op, addr) \
++( { \
++ int __kvm_at_err = 0; \
++ u64 spsr, elr; \
++ asm volatile( \
++ " mrs %1, spsr_el2\n" \
++ " mrs %2, elr_el2\n" \
++ "1: at "at_op", %3\n" \
++ " isb\n" \
++ " b 9f\n" \
++ "2: msr spsr_el2, %1\n" \
++ " msr elr_el2, %2\n" \
++ " mov %w0, %4\n" \
++ "9:\n" \
++ __KVM_EXTABLE(1b, 2b) \
++ : "+r" (__kvm_at_err), "=&r" (spsr), "=&r" (elr) \
++ : "r" (addr), "i" (-EFAULT)); \
++ __kvm_at_err; \
++} )
++
++
+ #else /* __ASSEMBLY__ */
+
+ .macro hyp_adr_this_cpu reg, sym, tmp
+--- a/arch/arm64/kvm/hyp/hyp-entry.S
++++ b/arch/arm64/kvm/hyp/hyp-entry.S
+@@ -166,13 +166,19 @@ el1_error:
+ b __guest_exit
+
+ el2_sync:
+- /* Check for illegal exception return, otherwise panic */
++ /* Check for illegal exception return */
+ mrs x0, spsr_el2
++ tbnz x0, #20, 1f
+
+- /* if this was something else, then panic! */
+- tst x0, #PSR_IL_BIT
+- b.eq __hyp_panic
++ save_caller_saved_regs_vect
++ stp x29, x30, [sp, #-16]!
++ bl kvm_unexpected_el2_exception
++ ldp x29, x30, [sp], #16
++ restore_caller_saved_regs_vect
+
++ eret
++
++1:
+ /* Let's attempt a recovery from the illegal exception return */
+ get_vcpu_ptr x1, x0
+ mov x0, #ARM_EXCEPTION_IL
+--- a/arch/arm64/kvm/hyp/switch.c
++++ b/arch/arm64/kvm/hyp/switch.c
+@@ -261,10 +261,10 @@ static bool __hyp_text __translate_far_t
+ * saved the guest context yet, and we may return early...
+ */
+ par = read_sysreg(par_el1);
+- asm volatile("at s1e1r, %0" : : "r" (far));
+- isb();
+-
+- tmp = read_sysreg(par_el1);
++ if (!__kvm_at("s1e1r", far))
++ tmp = read_sysreg(par_el1);
++ else
++ tmp = SYS_PAR_EL1_F; /* back to the guest */
+ write_sysreg(par, par_el1);
+
+ if (unlikely(tmp & SYS_PAR_EL1_F))
perf-record-stat-explicitly-call-out-event-modifiers-in-the-documentation.patch
drm-sched-fix-passing-zero-to-ptr_err-warning-v2.patch
drm-etnaviv-fix-ts-cache-flushing-on-gpus-with-blt-engine.patch
+kvm-arm64-add-kvm_extable-for-vaxorcism-code.patch
+kvm-arm64-survive-synchronous-exceptions-caused-by-at-instructions.patch
+kvm-arm64-set-hcr_el2.ptw-to-prevent-at-taking-synchronous-exception.patch
+dt-bindings-mmc-tegra-add-tmclk-for-tegra210-and-later.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
