From 090062d73e12f90de1e7bcc0c0582c8f6def3603 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 12 Aug 2022 17:40:35 +0200
Subject: [PATCH] 5.15-stable patches

added patches:
	kvm-nvmx-always-enable-tsc-scaling-for-l2-when-it-was-enabled-for-l1.patch
	kvm-x86-do-not-report-preemption-if-the-steal-time-cache-is-stale.patch
	kvm-x86-revalidate-steal-time-cache-if-msr-value-changes.patch
	kvm-x86-tag-kvm_mmu_x86_module_init-with-__init.patch
	riscv-set-default-pm_power_off-to-null.patch
---
 ...ng-for-l2-when-it-was-enabled-for-l1.patch | 43 ++++++++++++
 ...ion-if-the-steal-time-cache-is-stale.patch | 45 +++++++++++++
 ...teal-time-cache-if-msr-value-changes.patch | 59 +++++++++++++++++
 ...-kvm_mmu_x86_module_init-with-__init.patch | 48 ++++++++++++++
 ...scv-set-default-pm_power_off-to-null.patch | 65 +++++++++++++++++++
 queue-5.15/series                             |  5 ++
 6 files changed, 265 insertions(+)
 create mode 100644 queue-5.15/kvm-nvmx-always-enable-tsc-scaling-for-l2-when-it-was-enabled-for-l1.patch
 create mode 100644 queue-5.15/kvm-x86-do-not-report-preemption-if-the-steal-time-cache-is-stale.patch
 create mode 100644 queue-5.15/kvm-x86-revalidate-steal-time-cache-if-msr-value-changes.patch
 create mode 100644 queue-5.15/kvm-x86-tag-kvm_mmu_x86_module_init-with-__init.patch
 create mode 100644 queue-5.15/riscv-set-default-pm_power_off-to-null.patch

diff --git a/queue-5.15/kvm-nvmx-always-enable-tsc-scaling-for-l2-when-it-was-enabled-for-l1.patch b/queue-5.15/kvm-nvmx-always-enable-tsc-scaling-for-l2-when-it-was-enabled-for-l1.patch
new file mode 100644
index 00000000000..c484461652d
--- /dev/null
+++ b/queue-5.15/kvm-nvmx-always-enable-tsc-scaling-for-l2-when-it-was-enabled-for-l1.patch
@@ -0,0 +1,43 @@
+From 156b9d76e8822f2956c15029acf2d4b171502f3a Mon Sep 17 00:00:00 2001
+From: Vitaly Kuznetsov <vkuznets@redhat.com>
+Date: Tue, 12 Jul 2022 15:50:09 +0200
+Subject: KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1
+
+From: Vitaly Kuznetsov <vkuznets@redhat.com>
+
+commit 156b9d76e8822f2956c15029acf2d4b171502f3a upstream.
+
+Windows 10/11 guests with Hyper-V role (WSL2) enabled are observed to
+hang upon boot or shortly after when a non-default TSC frequency was
+set for L1. The issue is observed on a host where TSC scaling is
+supported. The problem appears to be that Windows doesn't use TSC
+scaling for its guests, even when the feature is advertised, and KVM
+filters SECONDARY_EXEC_TSC_SCALING out when creating L2 controls from
+L1's VMCS. This leads to L2 running with the default frequency (matching
+host's) while L1 is running with an altered one.
+
+Keep SECONDARY_EXEC_TSC_SCALING in secondary exec controls for L2 when
+it was set for L1. TSC_MULTIPLIER is already correctly computed and
+written by prepare_vmcs02().
+
+Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+Fixes: d041b5ea93352b ("KVM: nVMX: Enable nested TSC scaling")
+Cc: stable@vger.kernel.org
+Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
+Link: https://lore.kernel.org/r/20220712135009.952805-1-vkuznets@redhat.com
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/vmx/nested.c |    1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/arch/x86/kvm/vmx/nested.c
++++ b/arch/x86/kvm/vmx/nested.c
+@@ -2273,7 +2273,6 @@ static void prepare_vmcs02_early(struct
+ 				  SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
+ 				  SECONDARY_EXEC_APIC_REGISTER_VIRT |
+ 				  SECONDARY_EXEC_ENABLE_VMFUNC |
+-				  SECONDARY_EXEC_TSC_SCALING |
+ 				  SECONDARY_EXEC_DESC);
+ 
+ 		if (nested_cpu_has(vmcs12,
diff --git a/queue-5.15/kvm-x86-do-not-report-preemption-if-the-steal-time-cache-is-stale.patch b/queue-5.15/kvm-x86-do-not-report-preemption-if-the-steal-time-cache-is-stale.patch
new file mode 100644
index 00000000000..48ea8b4ec6d
--- /dev/null
+++ b/queue-5.15/kvm-x86-do-not-report-preemption-if-the-steal-time-cache-is-stale.patch
@@ -0,0 +1,45 @@
+From c3c28d24d910a746b02f496d190e0e8c6560224b Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 4 Aug 2022 15:28:32 +0200
+Subject: KVM: x86: do not report preemption if the steal time cache is stale
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+commit c3c28d24d910a746b02f496d190e0e8c6560224b upstream.
+
+Commit 7e2175ebd695 ("KVM: x86: Fix recording of guest steal time
+/ preempted status", 2021-11-11) open coded the previous call to
+kvm_map_gfn, but in doing so it dropped the comparison between the cached
+guest physical address and the one in the MSR.  This cause an incorrect
+cache hit if the guest modifies the steal time address while the memslots
+remain the same.  This can happen with kexec, in which case the preempted
+bit is written at the address used by the old kernel instead of
+the old one.
+
+Cc: David Woodhouse <dwmw@amazon.co.uk>
+Cc: stable@vger.kernel.org
+Fixes: 7e2175ebd695 ("KVM: x86: Fix recording of guest steal time / preempted status")
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/x86.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -4378,6 +4378,7 @@ static void kvm_steal_time_set_preempted
+ 	struct kvm_steal_time __user *st;
+ 	struct kvm_memslots *slots;
+ 	static const u8 preempted = KVM_VCPU_PREEMPTED;
++	gpa_t gpa = vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS;
+ 
+ 	/*
+ 	 * The vCPU can be marked preempted if and only if the VM-Exit was on
+@@ -4405,6 +4406,7 @@ static void kvm_steal_time_set_preempted
+ 	slots = kvm_memslots(vcpu->kvm);
+ 
+ 	if (unlikely(slots->generation != ghc->generation ||
++		     gpa != ghc->gpa ||
+ 		     kvm_is_error_hva(ghc->hva) || !ghc->memslot))
+ 		return;
+ 
diff --git a/queue-5.15/kvm-x86-revalidate-steal-time-cache-if-msr-value-changes.patch b/queue-5.15/kvm-x86-revalidate-steal-time-cache-if-msr-value-changes.patch
new file mode 100644
index 00000000000..961474fab7b
--- /dev/null
+++ b/queue-5.15/kvm-x86-revalidate-steal-time-cache-if-msr-value-changes.patch
@@ -0,0 +1,59 @@
+From 901d3765fa804ce42812f1d5b1f3de2dfbb26723 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 4 Aug 2022 15:28:32 +0200
+Subject: KVM: x86: revalidate steal time cache if MSR value changes
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+commit 901d3765fa804ce42812f1d5b1f3de2dfbb26723 upstream.
+
+Commit 7e2175ebd695 ("KVM: x86: Fix recording of guest steal time
+/ preempted status", 2021-11-11) open coded the previous call to
+kvm_map_gfn, but in doing so it dropped the comparison between the cached
+guest physical address and the one in the MSR.  This cause an incorrect
+cache hit if the guest modifies the steal time address while the memslots
+remain the same.  This can happen with kexec, in which case the steal
+time data is written at the address used by the old kernel instead of
+the old one.
+
+While at it, rename the variable from gfn to gpa since it is a plain
+physical address and not a right-shifted one.
+
+Reported-by: Dave Young <ruyang@redhat.com>
+Reported-by: Xiaoying Yan  <yiyan@redhat.com>
+Analyzed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+Cc: David Woodhouse <dwmw@amazon.co.uk>
+Cc: stable@vger.kernel.org
+Fixes: 7e2175ebd695 ("KVM: x86: Fix recording of guest steal time / preempted status")
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/x86.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -3244,6 +3244,7 @@ static void record_steal_time(struct kvm
+ 	struct gfn_to_hva_cache *ghc = &vcpu->arch.st.cache;
+ 	struct kvm_steal_time __user *st;
+ 	struct kvm_memslots *slots;
++	gpa_t gpa = vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS;
+ 	u64 steal;
+ 	u32 version;
+ 
+@@ -3261,13 +3262,12 @@ static void record_steal_time(struct kvm
+ 	slots = kvm_memslots(vcpu->kvm);
+ 
+ 	if (unlikely(slots->generation != ghc->generation ||
++		     gpa != ghc->gpa ||
+ 		     kvm_is_error_hva(ghc->hva) || !ghc->memslot)) {
+-		gfn_t gfn = vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS;
+-
+ 		/* We rely on the fact that it fits in a single page. */
+ 		BUILD_BUG_ON((sizeof(*st) - 1) & KVM_STEAL_VALID_BITS);
+ 
+-		if (kvm_gfn_to_hva_cache_init(vcpu->kvm, ghc, gfn, sizeof(*st)) ||
++		if (kvm_gfn_to_hva_cache_init(vcpu->kvm, ghc, gpa, sizeof(*st)) ||
+ 		    kvm_is_error_hva(ghc->hva) || !ghc->memslot)
+ 			return;
+ 	}
diff --git a/queue-5.15/kvm-x86-tag-kvm_mmu_x86_module_init-with-__init.patch b/queue-5.15/kvm-x86-tag-kvm_mmu_x86_module_init-with-__init.patch
new file mode 100644
index 00000000000..423f520b53b
--- /dev/null
+++ b/queue-5.15/kvm-x86-tag-kvm_mmu_x86_module_init-with-__init.patch
@@ -0,0 +1,48 @@
+From 982bae43f11c37b51d2f1961bb25ef7cac3746fa Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <seanjc@google.com>
+Date: Wed, 3 Aug 2022 22:49:55 +0000
+Subject: KVM: x86: Tag kvm_mmu_x86_module_init() with __init
+
+From: Sean Christopherson <seanjc@google.com>
+
+commit 982bae43f11c37b51d2f1961bb25ef7cac3746fa upstream.
+
+Mark kvm_mmu_x86_module_init() with __init, the entire reason it exists
+is to initialize variables when kvm.ko is loaded, i.e. it must never be
+called after module initialization.
+
+Fixes: 1d0e84806047 ("KVM: x86/mmu: Resolve nx_huge_pages when kvm.ko is loaded")
+Cc: stable@vger.kernel.org
+Reviewed-by: Kai Huang <kai.huang@intel.com>
+Tested-by: Michael Roth <michael.roth@amd.com>
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Message-Id: <20220803224957.1285926-2-seanjc@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/include/asm/kvm_host.h |    2 +-
+ arch/x86/kvm/mmu/mmu.c          |    2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -1562,7 +1562,7 @@ static inline int kvm_arch_flush_remote_
+ 		return -ENOTSUPP;
+ }
+ 
+-void kvm_mmu_x86_module_init(void);
++void __init kvm_mmu_x86_module_init(void);
+ int kvm_mmu_vendor_module_init(void);
+ void kvm_mmu_vendor_module_exit(void);
+ 
+--- a/arch/x86/kvm/mmu/mmu.c
++++ b/arch/x86/kvm/mmu/mmu.c
+@@ -6115,7 +6115,7 @@ static int set_nx_huge_pages(const char
+  * nx_huge_pages needs to be resolved to true/false when kvm.ko is loaded, as
+  * its default value of -1 is technically undefined behavior for a boolean.
+  */
+-void kvm_mmu_x86_module_init(void)
++void __init kvm_mmu_x86_module_init(void)
+ {
+ 	if (nx_huge_pages == -1)
+ 		__set_nx_huge_pages(get_nx_auto_mode());
diff --git a/queue-5.15/riscv-set-default-pm_power_off-to-null.patch b/queue-5.15/riscv-set-default-pm_power_off-to-null.patch
new file mode 100644
index 00000000000..c5f2ac0807f
--- /dev/null
+++ b/queue-5.15/riscv-set-default-pm_power_off-to-null.patch
@@ -0,0 +1,65 @@
+From f2928e224d85e7cc139009ab17cefdfec2df5d11 Mon Sep 17 00:00:00 2001
+From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
+Date: Tue, 7 Sep 2021 01:28:47 +0100
+Subject: riscv: set default pm_power_off to NULL
+
+From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
+
+commit f2928e224d85e7cc139009ab17cefdfec2df5d11 upstream.
+
+Set pm_power_off to NULL like on all other architectures, check if it
+is set in machine_halt() and machine_power_off() and fallback to
+default_power_off if no other power driver got registered.
+
+This brings riscv architecture inline with all other architectures,
+and allows to reuse exiting power drivers unmodified.
+
+Kernels without legacy SBI v0.1 extensions (CONFIG_RISCV_SBI_V01 is
+not set), do not set pm_power_off to sbi_shutdown(). There is no
+support for SBI v0.3 system reset extension either. This prevents
+using gpio_poweroff on SiFive HiFive Unmatched.
+
+Tested on SiFive HiFive unmatched, with a dtb specifying gpio-poweroff
+node and kernel complied without CONFIG_RISCV_SBI_V01.
+
+BugLink: https://bugs.launchpad.net/bugs/1942806
+Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
+Reviewed-by: Anup Patel <anup@brainfault.org>
+Tested-by: Ron Economos <w6rz@comcast.net>
+Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
+Cc: Nathan Chancellor <nathan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/riscv/kernel/reset.c |   12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+--- a/arch/riscv/kernel/reset.c
++++ b/arch/riscv/kernel/reset.c
+@@ -12,7 +12,7 @@ static void default_power_off(void)
+ 		wait_for_interrupt();
+ }
+ 
+-void (*pm_power_off)(void) = default_power_off;
++void (*pm_power_off)(void) = NULL;
+ EXPORT_SYMBOL(pm_power_off);
+ 
+ void machine_restart(char *cmd)
+@@ -23,10 +23,16 @@ void machine_restart(char *cmd)
+ 
+ void machine_halt(void)
+ {
+-	pm_power_off();
++	if (pm_power_off != NULL)
++		pm_power_off();
++	else
++		default_power_off();
+ }
+ 
+ void machine_power_off(void)
+ {
+-	pm_power_off();
++	if (pm_power_off != NULL)
++		pm_power_off();
++	else
++		default_power_off();
+ }
diff --git a/queue-5.15/series b/queue-5.15/series
index 2564d7e9ee4..564c3f3be1d 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -27,3 +27,8 @@ kvm-nvmx-account-for-kvm-reserved-cr4-bits-in-consistency-checks.patch
 kvm-nvmx-inject-ud-if-vmxon-is-attempted-with-incompatible-cr0-cr4.patch
 kvm-x86-mark-tss-busy-during-ltr-emulation-_after_-all-fault-checks.patch
 kvm-x86-set-error-code-to-segment-selector-on-lldt-ltr-non-canonical-gp.patch
+kvm-nvmx-always-enable-tsc-scaling-for-l2-when-it-was-enabled-for-l1.patch
+kvm-x86-tag-kvm_mmu_x86_module_init-with-__init.patch
+kvm-x86-do-not-report-preemption-if-the-steal-time-cache-is-stale.patch
+kvm-x86-revalidate-steal-time-cache-if-msr-value-changes.patch
+riscv-set-default-pm_power_off-to-null.patch
-- 
2.47.3