1. 05 May, 2022 1 commit
  2. 04 May, 2022 12 commits
  3. 01 May, 2022 5 commits
    • Linus Torvalds's avatar
      Linux 5.18-rc5 · 672c0c51
      Linus Torvalds authored
      672c0c51
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · b6b26489
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "ARM:
      
         - Take care of faults occuring between the PARange and IPA range by
           injecting an exception
      
         - Fix S2 faults taken from a host EL0 in protected mode
      
         - Work around Oops caused by a PMU access from a 32bit guest when PMU
           has been created. This is a temporary bodge until we fix it for
           good.
      
        x86:
      
         - Fix potential races when walking host page table
      
         - Fix shadow page table leak when KVM runs nested
      
         - Work around bug in userspace when KVM synthesizes leaf 0x80000021
           on older (pre-EPYC) or Intel processors
      
        Generic (but affects only RISC-V):
      
         - Fix bad user ABI for KVM_EXIT_SYSTEM_EVENT"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: x86: work around QEMU issue with synthetic CPUID leaves
        Revert "x86/mm: Introduce lookup_address_in_mm()"
        KVM: x86/mmu: fix potential races when walking host page table
        KVM: fix bad user ABI for KVM_EXIT_SYSTEM_EVENT
        KVM: x86/mmu: Do not create SPTEs for GFNs that exceed host.MAXPHYADDR
        KVM: arm64: Inject exception on out-of-IPA-range translation fault
        KVM/arm64: Don't emulate a PMU for 32-bit guests if feature not set
        KVM: arm64: Handle host stage-2 faults from 32-bit EL0
      b6b26489
    • Linus Torvalds's avatar
      Merge tag 'x86_urgent_for_v5.18_rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · b2da7df5
      Linus Torvalds authored
      Pull x86 fixes from Borislav Petkov:
      
       - A fix to disable PCI/MSI[-X] masking for XEN_HVM guests as that is
         solely controlled by the hypervisor
      
       - A build fix to make the function prototype (__warn()) as visible as
         the definition itself
      
       - A bunch of objtool annotation fixes which have accumulated over time
      
       - An ORC unwinder fix to handle bad input gracefully
      
       - Well, we thought the microcode gets loaded in time in order to
         restore the microcode-emulated MSRs but we thought wrong. So there's
         a fix for that to have the ordering done properly
      
       - Add new Intel model numbers
      
       - A spelling fix
      
      * tag 'x86_urgent_for_v5.18_rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
        bug: Have __warn() prototype defined unconditionally
        x86/Kconfig: fix the spelling of 'becoming' in X86_KERNEL_IBT config
        objtool: Use offstr() to print address of missing ENDBR
        objtool: Print data address for "!ENDBR" data warnings
        x86/xen: Add ANNOTATE_NOENDBR to startup_xen()
        x86/uaccess: Add ENDBR to __put_user_nocheck*()
        x86/retpoline: Add ANNOTATE_NOENDBR for retpolines
        x86/static_call: Add ANNOTATE_NOENDBR to static call trampoline
        objtool: Enable unreachable warnings for CLANG LTO
        x86,objtool: Explicitly mark idtentry_body()s tail REACHABLE
        x86,objtool: Mark cpu_startup_entry() __noreturn
        x86,xen,objtool: Add UNWIND hint
        lib/strn*,objtool: Enforce user_access_begin() rules
        MAINTAINERS: Add x86 unwinding entry
        x86/unwind/orc: Recheck address range after stack info was updated
        x86/cpu: Load microcode during restore_processor_state()
        x86/cpu: Add new Alderlake and Raptorlake CPU model numbers
      b2da7df5
    • Linus Torvalds's avatar
      Merge tag 'objtool_urgent_for_v5.18_rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · b70ed23c
      Linus Torvalds authored
      Pull objtool fixes from Borislav Petkov:
       "A bunch of objtool fixes to improve unwinding, sibling call detection,
        fallthrough detection and relocation handling of weak symbols when the
        toolchain strips section symbols"
      
      * tag 'objtool_urgent_for_v5.18_rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        objtool: Fix code relocs vs weak symbols
        objtool: Fix type of reloc::addend
        objtool: Fix function fallthrough detection for vmlinux
        objtool: Fix sibling call detection in alternatives
        objtool: Don't set 'jump_dest' for sibling calls
        x86/uaccess: Don't jump between functions
      b70ed23c
    • Linus Torvalds's avatar
      Merge tag 'irq_urgent_for_v5.18_rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d4af0c17
      Linus Torvalds authored
      Pull irq fix from Borislav Petkov:
      
       - Fix locking when accessing device MSI descriptors
      
      * tag 'irq_urgent_for_v5.18_rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        bus: fsl-mc-msi: Fix MSI descriptor mutex lock for msi_first_desc()
      d4af0c17
  4. 30 Apr, 2022 5 commits
    • Linus Torvalds's avatar
      Merge tag 'driver-core-5.18-rc5' of... · 57ae8a49
      Linus Torvalds authored
      Merge tag 'driver-core-5.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
      
      Pull driver core fixes from Greg KH:
       "Here are some small driver core and kernfs fixes for some reported
        problems. They include:
      
         - kernfs regression that is causing oopses in 5.17 and newer releases
      
         - topology sysfs fixes for a few small reported problems.
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'driver-core-5.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        kernfs: fix NULL dereferencing in kernfs_remove
        topology: Fix up build warning in topology_is_visible()
        arch_topology: Do not set llc_sibling if llc_id is invalid
        topology: make core_mask include at least cluster_siblings
        topology/sysfs: Hide PPIN on systems that do not support it.
      57ae8a49
    • Linus Torvalds's avatar
      Merge tag 'char-misc-5.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · e2e5ebec
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are a small number of char/misc/other driver fixes for 5.18-rc5
      
        Nothing major in here, this is mostly IIO driver fixes along with some
        other small things:
      
         - at25 driver fix for systems without a dma-able stack
      
         - phy driver fixes for reported issues
      
         - binder driver fixes for reported issues
      
        All of these have been in linux-next without any reported problems"
      
      * tag 'char-misc-5.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (31 commits)
        eeprom: at25: Use DMA safe buffers
        binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
        binder: Address corner cases in deferred copy and fixup
        phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe()
        iio: imu: inv_icm42600: Fix I2C init possible nack
        iio: dac: ltc2688: fix voltage scale read
        interconnect: qcom: sdx55: Drop IP0 interconnects
        interconnect: qcom: sc7180: Drop IP0 interconnects
        phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
        phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
        phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
        bus: mhi: host: pci_generic: Flush recovery worker during freeze
        bus: mhi: host: pci_generic: Add missing poweroff() PM callback
        phy: ti: tusb1210: Fix an error handling path in tusb1210_probe()
        phy: samsung: exynos5250-sata: fix missing device put in probe error paths
        phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
        phy: ti: Fix missing of_node_put in ti_pipe3_get_sysctrl()
        phy: ti: tusb1210: Make tusb1210_chg_det_states static
        iio:dac:ad3552r: Fix an IS_ERR() vs NULL check
        iio: sx9324: Fix default precharge internal resistance register
        ...
      e2e5ebec
    • Linus Torvalds's avatar
      Merge tag 'tty-5.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · a6b5c5dc
      Linus Torvalds authored
      Pull tty/serial fixes from Greg KH:
       "Here are some small serial driver fixes, and a larger number of GSM
        line discipline fixes for 5.18-rc5.
      
        These include:
      
         - lots of tiny n_gsm fixes for issues to resolve a number of reported
           problems. Seems that people are starting to actually use this code
           again.
      
         - 8250 driver fixes for some devices
      
         - imx serial driver fix
      
         - amba-pl011 driver fix
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'tty-5.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: (27 commits)
        tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output()
        serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
        serial: 8250: Also set sticky MCR bits in console restoration
        tty: n_gsm: fix software flow control handling
        tty: n_gsm: fix invalid use of MSC in advanced option
        tty: n_gsm: fix broken virtual tty handling
        Revert "serial: sc16is7xx: Clear RS485 bits in the shutdown"
        tty: n_gsm: fix missing update of modem controls after DLCI open
        serial: 8250: Fix runtime PM for start_tx() for empty buffer
        serial: imx: fix overrun interrupts in DMA mode
        serial: amba-pl011: do not time out prematurely when draining tx fifo
        tty: n_gsm: fix incorrect UA handling
        tty: n_gsm: fix reset fifo race condition
        tty: n_gsm: fix missing tty wakeup in convergence layer type 2
        tty: n_gsm: fix wrong signal octets encoding in MSC
        tty: n_gsm: fix wrong command frame length field encoding
        tty: n_gsm: fix wrong command retry handling
        tty: n_gsm: fix missing explicit ldisc flush
        tty: n_gsm: fix wrong DLCI release order
        tty: n_gsm: fix insufficient txframe size
        ...
      a6b5c5dc
    • Linus Torvalds's avatar
      Merge tag 'usb-5.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · da1b4042
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are a number of small USB driver fixes for 5.18-rc5 for some
        reported issues and new quirks. They include:
      
         - dwc3 driver fixes
      
         - xhci driver fixes
      
         - typec driver fixes
      
         - new usb-serial driver ids
      
         - added new USB devices to existing quirk tables
      
         - other tiny fixes
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'usb-5.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (31 commits)
        usb: phy: generic: Get the vbus supply
        usb: dwc3: gadget: Return proper request status
        usb: dwc3: pci: add support for the Intel Meteor Lake-P
        usb: dwc3: core: Only handle soft-reset in DCTL
        usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind()
        usb: misc: eud: Fix an error handling path in eud_probe()
        usb: core: Don't hold the device lock while sleeping in do_proc_control()
        usb: dwc3: Try usb-role-switch first in dwc3_drd_init
        usb: dwc3: core: Fix tx/rx threshold settings
        usb: mtu3: fix USB 3.0 dual-role-switch from device to host
        xhci: Enable runtime PM on second Alderlake controller
        usb: dwc3: fix backwards compat with rockchip devices
        dt-bindings: usb: samsung,exynos-usb2: add missing required reg
        usb: misc: fix improper handling of refcount in uss720_probe()
        USB: Fix ehci infinite suspend-resume loop issue in zhaoxin
        usb: typec: tcpm: Fix undefined behavior due to shift overflowing the constant
        usb: typec: rt1719: Fix build error without CONFIG_POWER_SUPPLY
        usb: typec: ucsi: Fix role swapping
        usb: typec: ucsi: Fix reuse of completion structure
        usb: xhci: tegra:Fix PM usage reference leak of tegra_xusb_unpowergate_partitions
        ...
      da1b4042
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · e9512f36
      Linus Torvalds authored
      Pull SCSI fix from James Bottomley:
       "One fix for an endless error loop with the target driver affecting
        tapes"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: target: pscsi: Set SCF_TREAT_READ_AS_NORMAL flag only if there is valid data
      e9512f36
  5. 29 Apr, 2022 17 commits
    • Linus Torvalds's avatar
      Merge tag 'soc-fixes-5.18-3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 8013d1d3
      Linus Torvalds authored
      Pull ARM SoC fixes from Arnd Bergmann:
      
       - A fix for a regression caused by the previous set of bugfixes
         changing tegra and at91 pinctrl properties.
      
         More work is needed to figure out what this should actually be, but a
         revert makes it work for the moment.
      
       - Defconfig regression fixes for tegra after renamed symbols
      
       - Build-time warning and static checker fixes for imx, op-tee, sunxi,
         meson, at91, and omap
      
       - More at91 DT fixes for audio, regulator and spi nodes
      
       - A regression fix for Renesas Hyperflash memory probe
      
       - A stability fix for amlogic boards, modifying the allowed cpufreq
         states
      
       - Multiple fixes for system suspend on omap2+
      
       - DT fixes for various i.MX bugs
      
       - A probe error fix for imx6ull-colibri MMC
      
       - A MAINTAINERS file entry for samsung bug reports
      
      * tag 'soc-fixes-5.18-3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (42 commits)
        Revert "arm: dts: at91: Fix boolean properties with values"
        bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
        Revert "arm64: dts: tegra: Fix boolean properties with values"
        arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
        ARM: dts: imx6ull-colibri: fix vqmmc regulator
        MAINTAINERS: add Bug entry for Samsung and memory controller drivers
        memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode
        ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
        ARM: dts: am3517-evm: Fix misc pinmuxing
        ARM: dts: am33xx-l4: Add missing touchscreen clock properties
        ARM: dts: Fix mmc order for omap3-gta04
        ARM: dts: at91: fix pinctrl phandles
        ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name
        ARM: dts: at91: Describe regulators on at91sam9g20ek
        ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek
        ARM: dts: at91: Fix boolean properties with values
        ARM: dts: at91: use generic node name for dataflash
        ARM: dts: at91: align SPI NOR node name with dtschema
        ARM: dts: at91: sama7g5ek: Align the impedance of the QSPI0's HSIO and PCB lines
        ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines
        ...
      8013d1d3
    • Linus Torvalds's avatar
      Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux · c0e6265e
      Linus Torvalds authored
      Pull clk fixes from Stephen Boyd:
       "A semi-large pile of clk driver fixes this time around.
      
        Nothing is touching the core so these fixes are fairly well contained
        to specific devices that use these clk drivers.
      
         - Some Allwinner SoC fixes to gracefully handle errors and mark an
           RTC clk as critical so that the RTC keeps ticking.
      
         - Fix AXI bus clks and RTC clk design for Microchip PolarFire SoC
           driver introduced this cycle. This has some devicetree bits acked
           by riscv maintainers. We're fixing it now so that the prior
           bindings aren't released in a major kernel version.
      
         - Remove a reset on Microchip PolarFire SoCs that broke when enabling
           CONFIG_PM.
      
         - Set a min/max for the Qualcomm graphics clk. This got broken by the
           clk rate range patches introduced this cycle"
      
      * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
        clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource()
        clk: sunxi-ng: sun6i-rtc: Mark rtc-32k as critical
        riscv: dts: microchip: reparent mpfs clocks
        clk: microchip: mpfs: add RTCREF clock control
        clk: microchip: mpfs: re-parent the configurable clocks
        dt-bindings: rtc: add refclk to mpfs-rtc
        dt-bindings: clk: mpfs: add defines for two new clocks
        dt-bindings: clk: mpfs document msspll dri registers
        riscv: dts: microchip: fix usage of fic clocks on mpfs
        clk: microchip: mpfs: mark CLK_ATHENA as critical
        clk: microchip: mpfs: fix parents for FIC clocks
        clk: qcom: clk-rcg2: fix gfx3d frequency calculation
        clk: microchip: mpfs: don't reset disabled peripherals
        clk: sunxi-ng: fix not NULL terminated coccicheck error
      c0e6265e
    • Linus Torvalds's avatar
      Merge tag 'block-5.18-2022-04-29' of git://git.kernel.dk/linux-block · bd3d3ade
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - Revert of a patch that caused timestamp issues (Tejun)
      
       - iocost warning fix (Tejun)
      
       - bfq warning fix (Jan)
      
      * tag 'block-5.18-2022-04-29' of git://git.kernel.dk/linux-block:
        bfq: Fix warning in bfqq_request_over_limit()
        Revert "block: inherit request start time from bio for BLK_CGROUP"
        iocost: don't reset the inuse weight of under-weighted debtors
      bd3d3ade
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.18-2022-04-29' of git://git.kernel.dk/linux-block · 63b7b3ea
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
       "Pretty boring:
      
         - three patches just adding reserved field checks (me, Eugene)
      
         - Fixing a potential regression with IOPOLL caused by a block change
           (Joseph)"
      
      Boring is good.
      
      * tag 'io_uring-5.18-2022-04-29' of git://git.kernel.dk/linux-block:
        io_uring: check that data field is 0 in ringfd unregister
        io_uring: fix uninitialized field in rw io_kiocb
        io_uring: check reserved fields for recv/recvmsg
        io_uring: check reserved fields for send/sendmsg
      63b7b3ea
    • Linus Torvalds's avatar
      Merge tag 'random-5.18-rc5-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/crng/random · bdda8303
      Linus Torvalds authored
      Pull random number generator fixes from Jason Donenfeld:
      
       - Eric noticed that the memmove() in crng_fast_key_erasure() was bogus,
         so this has been changed to a memcpy() and the confusing situation
         clarified with a detailed comment.
      
       - [Half]SipHash documentation updates from Bagas and Eric, after Eric
         pointed out that the use of HalfSipHash in random.c made a bit of the
         text potentially misleading.
      
      * tag 'random-5.18-rc5-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/crng/random:
        Documentation: siphash: disambiguate HalfSipHash algorithm from hsiphash functions
        Documentation: siphash: enclose HalfSipHash usage example in the literal block
        Documentation: siphash: convert danger note to warning for HalfSipHash
        random: document crng_fast_key_erasure() destination possibility
      bdda8303
    • Linus Torvalds's avatar
      Merge tag 'ceph-for-5.18-rc5' of https://github.com/ceph/ceph-client · bd383b8e
      Linus Torvalds authored
      Pull ceph client fixes from Ilya Dryomov:
       "A fix for a NULL dereference that turns out to be easily triggerable
        by fsync (marked for stable) and a false positive WARN and snap_rwsem
        locking fixups"
      
      * tag 'ceph-for-5.18-rc5' of https://github.com/ceph/ceph-client:
        ceph: fix possible NULL pointer dereference for req->r_session
        ceph: remove incorrect session state check
        ceph: get snap_rwsem read lock in handle_cap_export for ceph_add_cap
        libceph: disambiguate cluster/pool full log message
      bd383b8e
    • Arnd Bergmann's avatar
      Revert "arm: dts: at91: Fix boolean properties with values" · adee8aa2
      Arnd Bergmann authored
      This reverts commit 0dc23d1a, which caused another regression
      as the pinctrl code actually expects an integer value of 0 or 1
      rather than a simple boolean property.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      adee8aa2
    • Paolo Bonzini's avatar
      KVM: x86: work around QEMU issue with synthetic CPUID leaves · f751d8ea
      Paolo Bonzini authored
      Synthesizing AMD leaves up to 0x80000021 caused problems with QEMU,
      which assumes the *host* CPUID[0x80000000].EAX is higher or equal
      to what KVM_GET_SUPPORTED_CPUID reports.
      
      This causes QEMU to issue bogus host CPUIDs when preparing the input
      to KVM_SET_CPUID2.  It can even get into an infinite loop, which is
      only terminated by an abort():
      
         cpuid_data is full, no space for cpuid(eax:0x8000001d,ecx:0x3e)
      
      To work around this, only synthesize those leaves if 0x8000001d exists
      on the host.  The synthetic 0x80000021 leaf is mostly useful on Zen2,
      which satisfies the condition.
      
      Fixes: f144c49e ("KVM: x86: synthesize CPUID leaf 0x80000021h if useful")
      Reported-by: default avatarMaxim Levitsky <mlevitsk@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      f751d8ea
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-fixes-for-v5.18-2022-04-29' of... · 3e71713c
      Linus Torvalds authored
      Merge tag 'perf-tools-fixes-for-v5.18-2022-04-29' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull perf tools fixes from Arnaldo Carvalho de Melo:
      
       - Fix Intel PT (Processor Trace) timeless decoding with perf.data
         directory.
      
       - ARM SPE (Statistical Profiling Extensions) address fixes, for
         synthesized events and for SPE events with physical addresses. Add a
         simple 'perf test' entry to make sure this doesn't regress.
      
       - Remove arch specific processing of kallsyms data to fixup symbol end
         address, fixing excessive memory consumption in the annotation code.
      
      * tag 'perf-tools-fixes-for-v5.18-2022-04-29' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
        perf symbol: Remove arch__symbols__fixup_end()
        perf symbol: Update symbols__fixup_end()
        perf symbol: Pass is_kallsyms to symbols__fixup_end()
        perf test: Add perf_event_attr test for Arm SPE
        perf arm-spe: Fix SPE events with phys addresses
        perf arm-spe: Fix addresses of synthesized SPE events
        perf intel-pt: Fix timeless decoding with perf.data directory
      3e71713c
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-5.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · 2d0de93c
      Linus Torvalds authored
      Pull RISC-V fixes from Palmer Dabbelt:
      
       - A fix to properly ensure a single CPU is running during patch_text().
      
       - A defconfig update to include RPMSG_CTRL when RPMSG_CHAR was set,
         necessary after a recent refactoring.
      
      * tag 'riscv-for-linus-5.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        RISC-V: configs: Configs that had RPMSG_CHAR now get RPMSG_CTRL
        riscv: patch_text: Fixup last cpu should be master
      2d0de93c
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 66c2112b
      Linus Torvalds authored
      Pull arm64 fix from Will Deacon:
       "Rename and reallocate the PT_ARM_MEMTAG_MTE ELF segment type.
      
        This is a fix to the MTE ELF ABI for a bug that was added during the
        most recent merge window as part of the coredump support.
      
        The issue is that the value assigned to the new PT_ARM_MEMTAG_MTE
        segment type has already been allocated to PT_AARCH64_UNWIND by the
        ELF ABI, so we've bumped the value and changed the name of the
        identifier to be better aligned with the existing one"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        elf: Fix the arm64 MTE ELF segment name and value
      66c2112b
    • Sean Christopherson's avatar
      Revert "x86/mm: Introduce lookup_address_in_mm()" · 643d95aa
      Sean Christopherson authored
      Drop lookup_address_in_mm() now that KVM is providing it's own variant
      of lookup_address_in_pgd() that is safe for use with user addresses, e.g.
      guards against page tables being torn down.  A variant that provides a
      non-init mm is inherently dangerous and flawed, as the only reason to use
      an mm other than init_mm is to walk a userspace mapping, and
      lookup_address_in_pgd() does not play nice with userspace mappings, e.g.
      doesn't disable IRQs to block TLB shootdowns and doesn't use READ_ONCE()
      to ensure an upper level entry isn't converted to a huge page between
      checking the PAGE_SIZE bit and grabbing the address of the next level
      down.
      
      This reverts commit 13c72c06.
      Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
      Message-Id: <YmwIi3bXr/1yhYV/@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      643d95aa
    • Paolo Bonzini's avatar
      Merge branch 'kvm-fixes-for-5.18-rc5' into HEAD · 73331c5d
      Paolo Bonzini authored
      Fixes for (relatively) old bugs, to be merged in both the -rc and next
      development trees:
      
      * Fix potential races when walking host page table
      
      * Fix bad user ABI for KVM_EXIT_SYSTEM_EVENT
      
      * Fix shadow page table leak when KVM runs nested
      73331c5d
    • Mingwei Zhang's avatar
      KVM: x86/mmu: fix potential races when walking host page table · 44187235
      Mingwei Zhang authored
      KVM uses lookup_address_in_mm() to detect the hugepage size that the host
      uses to map a pfn.  The function suffers from several issues:
      
       - no usage of READ_ONCE(*). This allows multiple dereference of the same
         page table entry. The TOCTOU problem because of that may cause KVM to
         incorrectly treat a newly generated leaf entry as a nonleaf one, and
         dereference the content by using its pfn value.
      
       - the information returned does not match what KVM needs; for non-present
         entries it returns the level at which the walk was terminated, as long
         as the entry is not 'none'.  KVM needs level information of only 'present'
         entries, otherwise it may regard a non-present PXE entry as a present
         large page mapping.
      
       - the function is not safe for mappings that can be torn down, because it
         does not disable IRQs and because it returns a PTE pointer which is never
         safe to dereference after the function returns.
      
      So implement the logic for walking host page tables directly in KVM, and
      stop using lookup_address_in_mm().
      
      Cc: Sean Christopherson <seanjc@google.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: default avatarMingwei Zhang <mizhang@google.com>
      Message-Id: <20220429031757.2042406-1-mizhang@google.com>
      [Inline in host_pfn_mapping_level, ensure no semantic change for its
       callers. - Paolo]
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      44187235
    • Paolo Bonzini's avatar
      KVM: fix bad user ABI for KVM_EXIT_SYSTEM_EVENT · d495f942
      Paolo Bonzini authored
      When KVM_EXIT_SYSTEM_EVENT was introduced, it included a flags
      member that at the time was unused.  Unfortunately this extensibility
      mechanism has several issues:
      
      - x86 is not writing the member, so it would not be possible to use it
        on x86 except for new events
      
      - the member is not aligned to 64 bits, so the definition of the
        uAPI struct is incorrect for 32- on 64-bit userspace.  This is a
        problem for RISC-V, which supports CONFIG_KVM_COMPAT, but fortunately
        usage of flags was only introduced in 5.18.
      
      Since padding has to be introduced, place a new field in there
      that tells if the flags field is valid.  To allow further extensibility,
      in fact, change flags to an array of 16 values, and store how many
      of the values are valid.  The availability of the new ndata field
      is tied to a system capability; all architectures are changed to
      fill in the field.
      
      To avoid breaking compilation of userspace that was using the flags
      field, provide a userspace-only union to overlap flags with data[0].
      The new field is placed at the same offset for both 32- and 64-bit
      userspace.
      
      Cc: Will Deacon <will@kernel.org>
      Cc: Marc Zyngier <maz@kernel.org>
      Cc: Peter Gonda <pgonda@google.com>
      Cc: Sean Christopherson <seanjc@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Message-Id: <20220422103013.34832-1-pbonzini@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      d495f942
    • Sean Christopherson's avatar
      KVM: x86/mmu: Do not create SPTEs for GFNs that exceed host.MAXPHYADDR · 86931ff7
      Sean Christopherson authored
      Disallow memslots and MMIO SPTEs whose gpa range would exceed the host's
      MAXPHYADDR, i.e. don't create SPTEs for gfns that exceed host.MAXPHYADDR.
      The TDP MMU bounds its zapping based on host.MAXPHYADDR, and so if the
      guest, possibly with help from userspace, manages to coerce KVM into
      creating a SPTE for an "impossible" gfn, KVM will leak the associated
      shadow pages (page tables):
      
        WARNING: CPU: 10 PID: 1122 at arch/x86/kvm/mmu/tdp_mmu.c:57
                                      kvm_mmu_uninit_tdp_mmu+0x4b/0x60 [kvm]
        Modules linked in: kvm_intel kvm irqbypass
        CPU: 10 PID: 1122 Comm: set_memory_regi Tainted: G        W         5.18.0-rc1+ #293
        Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
        RIP: 0010:kvm_mmu_uninit_tdp_mmu+0x4b/0x60 [kvm]
        Call Trace:
         <TASK>
         kvm_arch_destroy_vm+0x130/0x1b0 [kvm]
         kvm_destroy_vm+0x162/0x2d0 [kvm]
         kvm_vm_release+0x1d/0x30 [kvm]
         __fput+0x82/0x240
         task_work_run+0x5b/0x90
         exit_to_user_mode_prepare+0xd2/0xe0
         syscall_exit_to_user_mode+0x1d/0x40
         entry_SYSCALL_64_after_hwframe+0x44/0xae
         </TASK>
      
      On bare metal, encountering an impossible gpa in the page fault path is
      well and truly impossible, barring CPU bugs, as the CPU will signal #PF
      during the gva=>gpa translation (or a similar failure when stuffing a
      physical address into e.g. the VMCS/VMCB).  But if KVM is running as a VM
      itself, the MAXPHYADDR enumerated to KVM may not be the actual MAXPHYADDR
      of the underlying hardware, in which case the hardware will not fault on
      the illegal-from-KVM's-perspective gpa.
      
      Alternatively, KVM could continue allowing the dodgy behavior and simply
      zap the max possible range.  But, for hosts with MAXPHYADDR < 52, that's
      a (minor) waste of cycles, and more importantly, KVM can't reasonably
      support impossible memslots when running on bare metal (or with an
      accurate MAXPHYADDR as a VM).  Note, limiting the overhead by checking if
      KVM is running as a guest is not a safe option as the host isn't required
      to announce itself to the guest in any way, e.g. doesn't need to set the
      HYPERVISOR CPUID bit.
      
      A second alternative to disallowing the memslot behavior would be to
      disallow creating a VM with guest.MAXPHYADDR > host.MAXPHYADDR.  That
      restriction is undesirable as there are legitimate use cases for doing
      so, e.g. using the highest host.MAXPHYADDR out of a pool of heterogeneous
      systems so that VMs can be migrated between hosts with different
      MAXPHYADDRs without running afoul of the allow_smaller_maxphyaddr mess.
      
      Note that any guest.MAXPHYADDR is valid with shadow paging, and it is
      even useful in order to test KVM with MAXPHYADDR=52 (i.e. without
      any reserved physical address bits).
      
      The now common kvm_mmu_max_gfn() is inclusive instead of exclusive.
      The memslot and TDP MMU code want an exclusive value, but the name
      implies the returned value is inclusive, and the MMIO path needs an
      inclusive check.
      
      Fixes: faaf05b0 ("kvm: x86/mmu: Support zapping SPTEs in the TDP MMU")
      Fixes: 524a1e4e ("KVM: x86/mmu: Don't leak non-leaf SPTEs when zapping all SPTEs")
      Cc: stable@vger.kernel.org
      Cc: Maxim Levitsky <mlevitsk@redhat.com>
      Cc: Ben Gardon <bgardon@google.com>
      Cc: David Matlack <dmatlack@google.com>
      Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
      Message-Id: <20220428233416.2446833-1-seanjc@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      86931ff7
    • Paolo Bonzini's avatar
      Merge tag 'kvmarm-fixes-5.18-2' of... · 484c22df
      Paolo Bonzini authored
      Merge tag 'kvmarm-fixes-5.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD
      
      KVM/arm64 fixes for 5.18, take #2
      
      - Take care of faults occuring between the PARange and
        IPA range by injecting an exception
      
      - Fix S2 faults taken from a host EL0 in protected mode
      
      - Work around Oops caused by a PMU access from a 32bit
        guest when PMU has been created. This is a temporary
        bodge until we fix it for good.
      484c22df