From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 15 Aug 2024 13:04:21 +0000 (+0200)
Subject: 6.6-stable patches
X-Git-Tag: v4.19.320~19
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6500bef954deee6aafb6eb63ab602602e4b89b88;p=thirdparty%2Fkernel%2Fstable-queue.git

6.6-stable patches

added patches:
	kvm-arm64-don-t-defer-tlb-invalidation-when-zapping-table-entries.patch
	kvm-arm64-don-t-pass-a-tlbi-level-hint-when-zapping-table-entries.patch
---

diff --git a/queue-6.6/kvm-arm64-don-t-defer-tlb-invalidation-when-zapping-table-entries.patch b/queue-6.6/kvm-arm64-don-t-defer-tlb-invalidation-when-zapping-table-entries.patch
new file mode 100644
index 00000000000..a900a8aebfb
--- /dev/null
+++ b/queue-6.6/kvm-arm64-don-t-defer-tlb-invalidation-when-zapping-table-entries.patch
@@ -0,0 +1,65 @@
+From stable+bounces-67767-greg=kroah.com@vger.kernel.org Thu Aug 15 14:49:10 2024
+From: Will Deacon <will@kernel.org>
+Date: Thu, 15 Aug 2024 13:46:25 +0100
+Subject: KVM: arm64: Don't defer TLB invalidation when zapping table entries
+To: stable@vger.kernel.org
+Cc: Will Deacon <will@kernel.org>, Marc Zyngier <maz@kernel.org>, Oliver Upton <oliver.upton@linux.dev>, kvmarm@lists.linux.dev, Raghavendra Rao Ananta <rananta@google.com>, Shaoqin Huang <shahuang@redhat.com>
+Message-ID: <20240815124626.21674-2-will@kernel.org>
+
+From: Will Deacon <will@kernel.org>
+
+commit f62d4c3eb687d87b616b4279acec7862553bda77 upstream.
+
+Commit 7657ea920c54 ("KVM: arm64: Use TLBI range-based instructions for
+unmap") introduced deferred TLB invalidation for the stage-2 page-table
+so that range-based invalidation can be used for the accumulated
+addresses. This works fine if the structure of the page-tables remains
+unchanged, but if entire tables are zapped and subsequently freed then
+we transiently leave the hardware page-table walker with a reference
+to freed memory thanks to the translation walk caches. For example,
+stage2_unmap_walker() will free page-table pages:
+
+	if (childp)
+		mm_ops->put_page(childp);
+
+and issue the TLB invalidation later in kvm_pgtable_stage2_unmap():
+
+	if (stage2_unmap_defer_tlb_flush(pgt))
+		/* Perform the deferred TLB invalidations */
+		kvm_tlb_flush_vmid_range(pgt->mmu, addr, size);
+
+For now, take the conservative approach and invalidate the TLB eagerly
+when we clear a table entry. Note, however, that the existing level
+hint passed to __kvm_tlb_flush_vmid_ipa() is incorrect and will be
+fixed in a subsequent patch.
+
+Cc: Raghavendra Rao Ananta <rananta@google.com>
+Cc: Shaoqin Huang <shahuang@redhat.com>
+Cc: Marc Zyngier <maz@kernel.org>
+Cc: Oliver Upton <oliver.upton@linux.dev>
+Reviewed-by: Shaoqin Huang <shahuang@redhat.com>
+Reviewed-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/r/20240327124853.11206-2-will@kernel.org
+Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
+Cc: <stable@vger.kernel.org> # 6.6.y only
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/kvm/hyp/pgtable.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/arch/arm64/kvm/hyp/pgtable.c
++++ b/arch/arm64/kvm/hyp/pgtable.c
+@@ -861,9 +861,11 @@ static void stage2_unmap_put_pte(const s
+ 	if (kvm_pte_valid(ctx->old)) {
+ 		kvm_clear_pte(ctx->ptep);
+ 
+-		if (!stage2_unmap_defer_tlb_flush(pgt))
++		if (!stage2_unmap_defer_tlb_flush(pgt) ||
++		    kvm_pte_table(ctx->old, ctx->level)) {
+ 			kvm_call_hyp(__kvm_tlb_flush_vmid_ipa, mmu,
+ 					ctx->addr, ctx->level);
++		}
+ 	}
+ 
+ 	mm_ops->put_page(ctx->ptep);
diff --git a/queue-6.6/kvm-arm64-don-t-pass-a-tlbi-level-hint-when-zapping-table-entries.patch b/queue-6.6/kvm-arm64-don-t-pass-a-tlbi-level-hint-when-zapping-table-entries.patch
new file mode 100644
index 00000000000..fd48a60e378
--- /dev/null
+++ b/queue-6.6/kvm-arm64-don-t-pass-a-tlbi-level-hint-when-zapping-table-entries.patch
@@ -0,0 +1,61 @@
+From stable+bounces-67768-greg=kroah.com@vger.kernel.org Thu Aug 15 14:49:11 2024
+From: Will Deacon <will@kernel.org>
+Date: Thu, 15 Aug 2024 13:46:26 +0100
+Subject: KVM: arm64: Don't pass a TLBI level hint when zapping table entries
+To: stable@vger.kernel.org
+Cc: Will Deacon <will@kernel.org>, Marc Zyngier <maz@kernel.org>, Oliver Upton <oliver.upton@linux.dev>, kvmarm@lists.linux.dev, Gavin Shan <gshan@redhat.com>, Quentin Perret <qperret@google.com>, Shaoqin Huang <shahuang@redhat.com>
+Message-ID: <20240815124626.21674-3-will@kernel.org>
+
+From: Will Deacon <will@kernel.org>
+
+commit 36e008323926036650299cfbb2dca704c7aba849 upstream.
+
+The TLBI level hints are for leaf entries only, so take care not to pass
+them incorrectly after clearing a table entry.
+
+Cc: Gavin Shan <gshan@redhat.com>
+Cc: Marc Zyngier <maz@kernel.org>
+Cc: Quentin Perret <qperret@google.com>
+Fixes: 82bb02445de5 ("KVM: arm64: Implement kvm_pgtable_hyp_unmap() at EL2")
+Fixes: 6d9d2115c480 ("KVM: arm64: Add support for stage-2 map()/unmap() in generic page-table")
+Signed-off-by: Will Deacon <will@kernel.org>
+Reviewed-by: Shaoqin Huang <shahuang@redhat.com>
+Reviewed-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/r/20240327124853.11206-3-will@kernel.org
+Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
+Cc: <stable@vger.kernel.org> # 6.6.y only
+[will@: Use '0' instead of TLBI_TTL_UNKNOWN to indicate "no level"]
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/kvm/hyp/pgtable.c |   12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+--- a/arch/arm64/kvm/hyp/pgtable.c
++++ b/arch/arm64/kvm/hyp/pgtable.c
+@@ -523,7 +523,7 @@ static int hyp_unmap_walker(const struct
+ 
+ 		kvm_clear_pte(ctx->ptep);
+ 		dsb(ishst);
+-		__tlbi_level(vae2is, __TLBI_VADDR(ctx->addr, 0), ctx->level);
++		__tlbi_level(vae2is, __TLBI_VADDR(ctx->addr, 0), 0);
+ 	} else {
+ 		if (ctx->end - ctx->addr < granule)
+ 			return -EINVAL;
+@@ -861,10 +861,12 @@ static void stage2_unmap_put_pte(const s
+ 	if (kvm_pte_valid(ctx->old)) {
+ 		kvm_clear_pte(ctx->ptep);
+ 
+-		if (!stage2_unmap_defer_tlb_flush(pgt) ||
+-		    kvm_pte_table(ctx->old, ctx->level)) {
+-			kvm_call_hyp(__kvm_tlb_flush_vmid_ipa, mmu,
+-					ctx->addr, ctx->level);
++		if (kvm_pte_table(ctx->old, ctx->level)) {
++			kvm_call_hyp(__kvm_tlb_flush_vmid_ipa, mmu, ctx->addr,
++				     0);
++		} else if (!stage2_unmap_defer_tlb_flush(pgt)) {
++			kvm_call_hyp(__kvm_tlb_flush_vmid_ipa, mmu, ctx->addr,
++				     ctx->level);
+ 		}
+ 	}
+ 
diff --git a/queue-6.6/series b/queue-6.6/series
index 18882180ab7..a23bca00a32 100644
--- a/queue-6.6/series
+++ b/queue-6.6/series
@@ -63,3 +63,5 @@ revert-jfs-fix-shift-out-of-bounds-in-dbjoin.patch
 revert-input-bcm5974-check-endpoint-type-before-starting-traffic.patch
 mm-debug_vm_pgtable-drop-random_orvalue-trick.patch
 cgroup-move-rcu_head-up-near-the-top-of-cgroup_root.patch
+kvm-arm64-don-t-defer-tlb-invalidation-when-zapping-table-entries.patch
+kvm-arm64-don-t-pass-a-tlbi-level-hint-when-zapping-table-entries.patch