1. 13 Jun, 2019 2 commits
  2. 12 Jun, 2019 1 commit
    • Michael Ellerman's avatar
      powerpc/mm/64s/hash: Reallocate context ids on fork · ca72d883
      Michael Ellerman authored
      When using the Hash Page Table (HPT) MMU, userspace memory mappings
      are managed at two levels. Firstly in the Linux page tables, much like
      other architectures, and secondly in the SLB (Segment Lookaside
      Buffer) and HPT. It's the SLB and HPT that are actually used by the
      hardware to do translations.
      
      As part of the series adding support for 4PB user virtual address
      space using the hash MMU, we added support for allocating multiple
      "context ids" per process, one for each 512TB chunk of address space.
      These are tracked in an array called extended_id in the mm_context_t
      of a process that has done a mapping above 512TB.
      
      If such a process forks (ie. clone(2) without CLONE_VM set) it's mm is
      copied, including the mm_context_t, and then init_new_context() is
      called to reinitialise parts of the mm_context_t as appropriate to
      separate the address spaces of the two processes.
      
      The key step in ensuring the two processes have separate address
      spaces is to allocate a new context id for the process, this is done
      at the beginning of hash__init_new_context(). If we didn't allocate a
      new context id then the two processes would share mappings as far as
      the SLB and HPT are concerned, even though their Linux page tables
      would be separate.
      
      For mappings above 512TB, which use the extended_id array, we
      neglected to allocate new context ids on fork, meaning the parent and
      child use the same ids and therefore share those mappings even though
      they're supposed to be separate. This can lead to the parent seeing
      writes done by the child, which is essentially memory corruption.
      
      There is an additional exposure which is that if the child process
      exits, all its context ids are freed, including the context ids that
      are still in use by the parent for mappings above 512TB. One or more
      of those ids can then be reallocated to a third process, that process
      can then read/write to the parent's mappings above 512TB. Additionally
      if the freed id is used for the third process's primary context id,
      then the parent is able to read/write to the third process's mappings
      *below* 512TB.
      
      All of these are fundamental failures to enforce separation between
      processes. The only mitigating factor is that the bug only occurs if a
      process creates mappings above 512TB, and most applications still do
      not create such mappings.
      
      Only machines using the hash page table MMU are affected, eg. PowerPC
      970 (G5), PA6T, Power5/6/7/8/9. By default Power9 bare metal machines
      (powernv) use the Radix MMU and are not affected, unless the machine
      has been explicitly booted in HPT mode (using disable_radix on the
      kernel command line). KVM guests on Power9 may be affected if the host
      or guest is configured to use the HPT MMU. LPARs under PowerVM on
      Power9 are affected as they always use the HPT MMU. Kernels built with
      PAGE_SIZE=4K are not affected.
      
      The fix is relatively simple, we need to reallocate context ids for
      all extended mappings on fork.
      
      Fixes: f384796c ("powerpc/mm: Add support for handling > 512TB address in SLB miss")
      Cc: stable@vger.kernel.org # v4.17+
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      ca72d883
  3. 07 Jun, 2019 4 commits
    • Christophe Leroy's avatar
      powerpc/32s: fix booting with CONFIG_PPC_EARLY_DEBUG_BOOTX · c21f5a9e
      Christophe Leroy authored
      When booting through OF, setup_disp_bat() does nothing because
      disp_BAT are not set. By change, it used to work because BOOTX
      buffer is mapped 1:1 at address 0x81000000 by the bootloader, and
      btext_setup_display() sets virt addr same as phys addr.
      
      But since commit 215b8237 ("powerpc/32s: set up an early static
      hash table for KASAN."), a temporary page table overrides the
      bootloader mapping.
      
      This 0x81000000 is also problematic with the newly implemented
      Kernel Userspace Access Protection (KUAP) because it is within user
      address space.
      
      This patch fixes those issues by properly setting disp_BAT through
      a call to btext_prepare_BAT(), allowing setup_disp_bat() to
      properly setup BAT3 for early bootx screen buffer access.
      Reported-by: default avatarMathieu Malaterre <malat@debian.org>
      Fixes: 215b8237 ("powerpc/32s: set up an early static hash table for KASAN.")
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@c-s.fr>
      Tested-by: default avatarMathieu Malaterre <malat@debian.org>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      c21f5a9e
    • Nicholas Piggin's avatar
      powerpc/64s: __find_linux_pte() synchronization vs pmdp_invalidate() · a00196a2
      Nicholas Piggin authored
      The change to pmdp_invalidate() to mark the pmd with _PAGE_INVALID
      broke the synchronisation against lock free lookups,
      __find_linux_pte()'s pmd_none() check no longer returns true for such
      cases.
      
      Fix this by adding a check for this condition as well.
      
      Fixes: da7ad366 ("powerpc/mm/book3s: Update pmd_present to look at _PAGE_PRESENT bit")
      Cc: stable@vger.kernel.org # v4.20+
      Suggested-by: default avatarAneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
      Signed-off-by: default avatarNicholas Piggin <npiggin@gmail.com>
      Reviewed-by: default avatarAneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      a00196a2
    • Nicholas Piggin's avatar
      powerpc/64s: Fix THP PMD collapse serialisation · 33258a1d
      Nicholas Piggin authored
      Commit 1b2443a5 ("powerpc/book3s64: Avoid multiple endian
      conversion in pte helpers") changed the actual bitwise tests in
      pte_access_permitted by using pte_write() and pte_present() helpers
      rather than raw bitwise testing _PAGE_WRITE and _PAGE_PRESENT bits.
      
      The pte_present() change now returns true for PTEs which are
      !_PAGE_PRESENT and _PAGE_INVALID, which is the combination used by
      pmdp_invalidate() to synchronize access from lock-free lookups.
      pte_access_permitted() is used by pmd_access_permitted(), so allowing
      GUP lock free access to proceed with such PTEs breaks this
      synchronisation.
      
      This bug has been observed on a host using the hash page table MMU,
      with random crashes and corruption in guests, usually together with
      bad PMD messages in the host.
      
      Fix this by adding an explicit check in pmd_access_permitted(), and
      documenting the condition explicitly.
      
      The pte_write() change should be okay, and would prevent GUP from
      falling back to the slow path when encountering savedwrite PTEs, which
      matches what x86 (that does not implement savedwrite) does.
      
      Fixes: 1b2443a5 ("powerpc/book3s64: Avoid multiple endian conversion in pte helpers")
      Cc: stable@vger.kernel.org # v4.20+
      Signed-off-by: default avatarNicholas Piggin <npiggin@gmail.com>
      Reviewed-by: default avatarAneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      33258a1d
    • Christophe Leroy's avatar
      powerpc: Fix kexec failure on book3s/32 · 6c284228
      Christophe Leroy authored
      In the old days, _PAGE_EXEC didn't exist on 6xx aka book3s/32.
      Therefore, allthough __mapin_ram_chunk() was already mapping kernel
      text with PAGE_KERNEL_TEXT and the rest with PAGE_KERNEL, the entire
      memory was executable. Part of the memory (first 512kbytes) was
      mapped with BATs instead of page table, but it was also entirely
      mapped as executable.
      
      In commit 385e89d5 ("powerpc/mm: add exec protection on
      powerpc 603"), we started adding exec protection to some 6xx, namely
      the 603, for pages mapped via pagetables.
      
      Then, in commit 63b2bc61 ("powerpc/mm/32s: Use BATs for
      STRICT_KERNEL_RWX"), the exec protection was extended to BAT mapped
      memory, so that really only the kernel text could be executed.
      
      The problem here is that kexec is based on copying some code into
      upper part of memory then executing it from there in order to install
      a fresh new kernel at its definitive location.
      
      However, the code is position independant and first part of it is
      just there to deactivate the MMU and jump to the second part. So it
      is possible to run this first part inplace instead of running the
      copy. Once the MMU is off, there is no protection anymore and the
      second part of the code will just run as before.
      Reported-by: default avatarAaro Koskinen <aaro.koskinen@iki.fi>
      Fixes: 63b2bc61 ("powerpc/mm/32s: Use BATs for STRICT_KERNEL_RWX")
      Cc: stable@vger.kernel.org # v5.1+
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@c-s.fr>
      Tested-by: default avatarAaro Koskinen <aaro.koskinen@iki.fi>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      6c284228
  4. 26 May, 2019 6 commits
    • Linus Torvalds's avatar
      Linux 5.2-rc2 · cd6c84d8
      Linus Torvalds authored
      cd6c84d8
    • Linus Torvalds's avatar
      Merge tag 'trace-v5.2-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · c5b44095
      Linus Torvalds authored
      Pull tracing warning fix from Steven Rostedt:
       "Make the GCC 9 warning for sub struct memset go away.
      
        GCC 9 now warns about calling memset() on partial structures when it
        goes across multiple fields. This adds a helper for the place in
        tracing that does this type of clearing of a structure"
      
      * tag 'trace-v5.2-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tracing: Silence GCC 9 array bounds warning
      c5b44095
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 862f0a32
      Linus Torvalds authored
      Pull KVM fixes from Paolo Bonzini:
       "The usual smattering of fixes and tunings that came in too late for
        the merge window, but should not wait four months before they appear
        in a release.
      
        I also travelled a bit more than usual in the first part of May, which
        didn't help with picking up patches and reports promptly"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (33 commits)
        KVM: x86: fix return value for reserved EFER
        tools/kvm_stat: fix fields filter for child events
        KVM: selftests: Wrap vcpu_nested_state_get/set functions with x86 guard
        kvm: selftests: aarch64: compile with warnings on
        kvm: selftests: aarch64: fix default vm mode
        kvm: selftests: aarch64: dirty_log_test: fix unaligned memslot size
        KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
        KVM: x86/pmu: do not mask the value that is written to fixed PMUs
        KVM: x86/pmu: mask the result of rdpmc according to the width of the counters
        x86/kvm/pmu: Set AMD's virt PMU version to 1
        KVM: x86: do not spam dmesg with VMCS/VMCB dumps
        kvm: Check irqchip mode before assign irqfd
        kvm: svm/avic: fix off-by-one in checking host APIC ID
        KVM: selftests: do not blindly clobber registers in guest asm
        KVM: selftests: Remove duplicated TEST_ASSERT in hyperv_cpuid.c
        KVM: LAPIC: Expose per-vCPU timer_advance_ns to userspace
        KVM: LAPIC: Fix lapic_timer_advance_ns parameter overflow
        kvm: vmx: Fix -Wmissing-prototypes warnings
        KVM: nVMX: Fix using __this_cpu_read() in preemptible context
        kvm: fix compilation on s390
        ...
      862f0a32
    • Linus Torvalds's avatar
      Merge tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random · 128f2bfa
      Linus Torvalds authored
      Pull /dev/random fix from Ted Ts'o:
       "Fix a soft lockup regression when reading from /dev/random in early
        boot"
      
      * tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
        random: fix soft lockup when trying to read from an uninitialized blocking pool
      128f2bfa
    • Theodore Ts'o's avatar
      random: fix soft lockup when trying to read from an uninitialized blocking pool · 58be0106
      Theodore Ts'o authored
      Fixes: eb9d1bf0: "random: only read from /dev/random after its pool has received 128 bits"
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      58be0106
    • Miguel Ojeda's avatar
      tracing: Silence GCC 9 array bounds warning · 0c97bf86
      Miguel Ojeda authored
      Starting with GCC 9, -Warray-bounds detects cases when memset is called
      starting on a member of a struct but the size to be cleared ends up
      writing over further members.
      
      Such a call happens in the trace code to clear, at once, all members
      after and including `seq` on struct trace_iterator:
      
          In function 'memset',
              inlined from 'ftrace_dump' at kernel/trace/trace.c:8914:3:
          ./include/linux/string.h:344:9: warning: '__builtin_memset' offset
          [8505, 8560] from the object at 'iter' is out of the bounds of
          referenced subobject 'seq' with type 'struct trace_seq' at offset
          4368 [-Warray-bounds]
            344 |  return __builtin_memset(p, c, size);
                |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      In order to avoid GCC complaining about it, we compute the address
      ourselves by adding the offsetof distance instead of referring
      directly to the member.
      
      Since there are two places doing this clear (trace.c and trace_kdb.c),
      take the chance to move the workaround into a single place in
      the internal header.
      
      Link: http://lkml.kernel.org/r/20190523124535.GA12931@gmail.comSigned-off-by: default avatarMiguel Ojeda <miguel.ojeda.sandonis@gmail.com>
      [ Removed unnecessary parenthesis around "iter" ]
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      0c97bf86
  5. 25 May, 2019 5 commits
  6. 24 May, 2019 22 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus-20190524' of git://git.kernel.dk/linux-block · 7fbc78e3
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - NVMe pull request from Keith, with fixes from a few folks.
      
       - bio and sbitmap before atomic barrier fixes (Andrea)
      
       - Hang fix for blk-mq freeze and unfreeze (Bob)
      
       - Single segment count regression fix (Christoph)
      
       - AoE now has a new maintainer
      
       - tools/io_uring/ Makefile fix, and sync with liburing (me)
      
      * tag 'for-linus-20190524' of git://git.kernel.dk/linux-block: (23 commits)
        tools/io_uring: sync with liburing
        tools/io_uring: fix Makefile for pthread library link
        blk-mq: fix hang caused by freeze/unfreeze sequence
        block: remove the bi_seg_{front,back}_size fields in struct bio
        block: remove the segment size check in bio_will_gap
        block: force an unlimited segment size on queues with a virt boundary
        block: don't decrement nr_phys_segments for physically contigous segments
        sbitmap: fix improper use of smp_mb__before_atomic()
        bio: fix improper use of smp_mb__before_atomic()
        aoe: list new maintainer for aoe driver
        nvme-pci: use blk-mq mapping for unmanaged irqs
        nvme: update MAINTAINERS
        nvme: copy MTFA field from identify controller
        nvme: fix memory leak for power latency tolerance
        nvme: release namespace SRCU protection before performing controller ioctls
        nvme: merge nvme_ns_ioctl into nvme_ioctl
        nvme: remove the ifdef around nvme_nvm_ioctl
        nvme: fix srcu locking on error return in nvme_get_ns_from_disk
        nvme: Fix known effects
        nvme-pci: Sync queues on reset
        ...
      7fbc78e3
    • Linus Torvalds's avatar
      Merge tag 'linux-kselftest-5.2-rc2' of... · 7f8b40e3
      Linus Torvalds authored
      Merge tag 'linux-kselftest-5.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
      
      Pull Kselftest fixes from Shuah Khan:
      
       - Two fixes to regressions introduced in kselftest Makefile test run
         output refactoring work (Kees Cook)
      
       - Adding Atom support to syscall_arg_fault test (Tong Bo)
      
      * tag 'linux-kselftest-5.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
        selftests/timers: Add missing fflush(stdout) calls
        selftests: Remove forced unbuffering for test running
        selftests/x86: Support Atom for syscall_arg_fault test
      7f8b40e3
    • Linus Torvalds's avatar
      Merge tag 'devicetree-fixes-for-5.2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux · e7bd3e24
      Linus Torvalds authored
      Pull Devicetree fixes from Rob Herring:
      
       - Update checkpatch.pl to use DT vendor-prefixes.yaml
      
       - Fix DT binding references to files converted to DT schema
      
       - Clean-up Arm CPU binding examples to match schema
      
       - Add Sifive block versioning scheme documentation
      
       - Pass binding directory base to validation tools for reference lookups
      
      * tag 'devicetree-fixes-for-5.2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
        checkpatch.pl: Update DT vendor prefix check
        dt: bindings: mtd: replace references to nand.txt with nand-controller.yaml
        dt-bindings: interrupt-controller: arm,gic: Fix schema errors in example
        dt-bindings: arm: Clean up CPU binding examples
        dt: fix refs that were renamed to json with the same file name
        dt-bindings: Pass binding directory to validation tools
        dt-bindings: sifive: describe sifive-blocks versioning
      e7bd3e24
    • Linus Torvalds's avatar
      Merge tag 'spdx-5.2-rc2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core · 86c2f5d6
      Linus Torvalds authored
      Pule more SPDX updates from Greg KH:
       "Here is another set of reviewed patches that adds SPDX tags to
        different kernel files, based on a set of rules that are being used to
        parse the comments to try to determine that the license of the file is
        "GPL-2.0-or-later".
      
        Only the "obvious" versions of these matches are included here, a
        number of "non-obvious" variants of text have been found but those
        have been postponed for later review and analysis.
      
        These patches have been out for review on the linux-spdx@vger mailing
        list, and while they were created by automatic tools, they were
        hand-verified by a bunch of different people, all whom names are on
        the patches are reviewers"
      
      * tag 'spdx-5.2-rc2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (85 commits)
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 125
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 123
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 122
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 121
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 120
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 119
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 118
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 116
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 114
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 113
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 112
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 111
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 110
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 106
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 105
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 103
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 102
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 101
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 98
        ...
      86c2f5d6
    • Waiman Long's avatar
      locking/lock_events: Use this_cpu_add() when necessary · 51816e9e
      Waiman Long authored
      The kernel test robot has reported that the use of __this_cpu_add()
      causes bug messages like:
      
        BUG: using __this_cpu_add() in preemptible [00000000] code: ...
      
      Given the imprecise nature of the count and the possibility of resetting
      the count and doing the measurement again, this is not really a big
      problem to use the unprotected __this_cpu_*() functions.
      
      To make the preemption checking code happy, the this_cpu_*() functions
      will be used if CONFIG_DEBUG_PREEMPT is defined.
      
      The imprecise nature of the locking counts are also documented with
      the suggestion that we should run the measurement a few times with the
      counts reset in between to get a better picture of what is going on
      under the hood.
      
      Fixes: a8654596 ("locking/rwsem: Enable lock event counting")
      Suggested-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarWaiman Long <longman@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      51816e9e
    • Paolo Bonzini's avatar
      KVM: x86: fix return value for reserved EFER · 66f61c92
      Paolo Bonzini authored
      Commit 11988499 ("KVM: x86: Skip EFER vs. guest CPUID checks for
      host-initiated writes", 2019-04-02) introduced a "return false" in a
      function returning int, and anyway set_efer has a "nonzero on error"
      conventon so it should be returning 1.
      Reported-by: default avatarPavel Machek <pavel@denx.de>
      Fixes: 11988499 ("KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes")
      Cc: Sean Christopherson <sean.j.christopherson@intel.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      66f61c92
    • Stefan Raspl's avatar
      tools/kvm_stat: fix fields filter for child events · 883d25e7
      Stefan Raspl authored
      The fields filter would not work with child fields, as the respective
      parents would not be included. No parents displayed == no childs displayed.
      To reproduce, run on s390 (would work on other platforms, too, but would
      require a different filter name):
      - Run 'kvm_stat -d'
      - Press 'f'
      - Enter 'instruct'
      Notice that events like instruction_diag_44 or instruction_diag_500 are not
      displayed - the output remains empty.
      With this patch, we will filter by matching events and their parents.
      However, consider the following example where we filter by
      instruction_diag_44:
      
        kvm statistics - summary
                         regex filter: instruction_diag_44
         Event                                         Total %Total CurAvg/s
         exit_instruction                                276  100.0       12
           instruction_diag_44                           256   92.8       11
         Total                                           276              12
      
      Note that the parent ('exit_instruction') displays the total events, but
      the childs listed do not match its total (256 instead of 276). This is
      intended (since we're filtering all but one child), but might be confusing
      on first sight.
      Signed-off-by: default avatarStefan Raspl <raspl@linux.ibm.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      883d25e7
    • Thomas Huth's avatar
      KVM: selftests: Wrap vcpu_nested_state_get/set functions with x86 guard · c7957206
      Thomas Huth authored
      struct kvm_nested_state is only available on x86 so far. To be able
      to compile the code on other architectures as well, we need to wrap
      the related code with #ifdefs.
      Signed-off-by: default avatarThomas Huth <thuth@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      c7957206
    • Andrew Jones's avatar
      kvm: selftests: aarch64: compile with warnings on · 98e68344
      Andrew Jones authored
      aarch64 fixups needed to compile with warnings as errors.
      Reviewed-by: default avatarThomas Huth <thuth@redhat.com>
      Signed-off-by: default avatarAndrew Jones <drjones@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      98e68344
    • Andrew Jones's avatar
      kvm: selftests: aarch64: fix default vm mode · 55eda003
      Andrew Jones authored
      VM_MODE_P52V48_4K is not a valid mode for AArch64. Replace its
      use in vm_create_default() with a mode that works and represents
      a good AArch64 default. (We didn't ever see a problem with this
      because we don't have any unit tests using vm_create_default(),
      but it's good to get it fixed in advance.)
      Reported-by: default avatarThomas Huth <thuth@redhat.com>
      Signed-off-by: default avatarAndrew Jones <drjones@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      55eda003
    • Andrew Jones's avatar
      kvm: selftests: aarch64: dirty_log_test: fix unaligned memslot size · bffed38d
      Andrew Jones authored
      The memory slot size must be aligned to the host's page size. When
      testing a guest with a 4k page size on a host with a 64k page size,
      then 3 guest pages are not host page size aligned. Since we just need
      a nearly arbitrary number of extra pages to ensure the memslot is not
      aligned to a 64 host-page boundary for this test, then we can use
      16, as that's 64k aligned, but not 64 * 64k aligned.
      
      Fixes: 76d58e0f ("KVM: fix KVM_CLEAR_DIRTY_LOG for memory slots of unaligned size", 2019-04-17)
      Signed-off-by: default avatarAndrew Jones <drjones@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      bffed38d
    • Christian Borntraeger's avatar
      KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION · 19ec166c
      Christian Borntraeger authored
      kselftests exposed a problem in the s390 handling for memory slots.
      Right now we only do proper memory slot handling for creation of new
      memory slots. Neither MOVE, nor DELETION are handled properly. Let us
      implement those.
      Signed-off-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      19ec166c
    • Paolo Bonzini's avatar
      KVM: x86/pmu: do not mask the value that is written to fixed PMUs · 2924b521
      Paolo Bonzini authored
      According to the SDM, for MSR_IA32_PERFCTR0/1 "the lower-order 32 bits of
      each MSR may be written with any value, and the high-order 8 bits are
      sign-extended according to the value of bit 31", but the fixed counters
      in real hardware are limited to the width of the fixed counters ("bits
      beyond the width of the fixed-function counter are reserved and must be
      written as zeros").  Fix KVM to do the same.
      Reported-by: default avatarNadav Amit <nadav.amit@gmail.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      2924b521
    • Paolo Bonzini's avatar
      KVM: x86/pmu: mask the result of rdpmc according to the width of the counters · 0e6f467e
      Paolo Bonzini authored
      This patch will simplify the changes in the next, by enforcing the
      masking of the counters to RDPMC and RDMSR.
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      0e6f467e
    • Borislav Petkov's avatar
      x86/kvm/pmu: Set AMD's virt PMU version to 1 · a80c4ec1
      Borislav Petkov authored
      After commit:
      
        672ff6cf ("KVM: x86: Raise #GP when guest vCPU do not support PMU")
      
      my AMD guests started #GPing like this:
      
        general protection fault: 0000 [#1] PREEMPT SMP
        CPU: 1 PID: 4355 Comm: bash Not tainted 5.1.0-rc6+ #3
        Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
        RIP: 0010:x86_perf_event_update+0x3b/0xa0
      
      with Code: pointing to RDPMC. It is RDPMC because the guest has the
      hardware watchdog CONFIG_HARDLOCKUP_DETECTOR_PERF enabled which uses
      perf. Instrumenting kvm_pmu_rdpmc() some, showed that it fails due to:
      
        if (!pmu->version)
        	return 1;
      
      which the above commit added. Since AMD's PMU leaves the version at 0,
      that causes the #GP injection into the guest.
      
      Set pmu->version arbitrarily to 1 and move it above the non-applicable
      struct kvm_pmu members.
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>
      Cc: kvm@vger.kernel.org
      Cc: Liran Alon <liran.alon@oracle.com>
      Cc: Mihai Carabas <mihai.carabas@oracle.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: x86@kernel.org
      Cc: stable@vger.kernel.org
      Fixes: 672ff6cf ("KVM: x86: Raise #GP when guest vCPU do not support PMU")
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      a80c4ec1
    • Paolo Bonzini's avatar
      KVM: x86: do not spam dmesg with VMCS/VMCB dumps · 6f2f8453
      Paolo Bonzini authored
      Userspace can easily set up invalid processor state in such a way that
      dmesg will be filled with VMCS or VMCB dumps.  Disable this by default
      using a module parameter.
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      6f2f8453
    • Peter Xu's avatar
      kvm: Check irqchip mode before assign irqfd · 654f1f13
      Peter Xu authored
      When assigning kvm irqfd we didn't check the irqchip mode but we allow
      KVM_IRQFD to succeed with all the irqchip modes.  However it does not
      make much sense to create irqfd even without the kernel chips.  Let's
      provide a arch-dependent helper to check whether a specific irqfd is
      allowed by the arch.  At least for x86, it should make sense to check:
      
      - when irqchip mode is NONE, all irqfds should be disallowed, and,
      
      - when irqchip mode is SPLIT, irqfds that are with resamplefd should
        be disallowed.
      
      For either of the case, previously we'll silently ignore the irq or
      the irq ack event if the irqchip mode is incorrect.  However that can
      cause misterious guest behaviors and it can be hard to triage.  Let's
      fail KVM_IRQFD even earlier to detect these incorrect configurations.
      
      CC: Paolo Bonzini <pbonzini@redhat.com>
      CC: Radim Krčmář <rkrcmar@redhat.com>
      CC: Alex Williamson <alex.williamson@redhat.com>
      CC: Eduardo Habkost <ehabkost@redhat.com>
      Signed-off-by: default avatarPeter Xu <peterx@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      654f1f13
    • Suthikulpanit, Suravee's avatar
      kvm: svm/avic: fix off-by-one in checking host APIC ID · c9bcd3e3
      Suthikulpanit, Suravee authored
      Current logic does not allow VCPU to be loaded onto CPU with
      APIC ID 255. This should be allowed since the host physical APIC ID
      field in the AVIC Physical APIC table entry is an 8-bit value,
      and APIC ID 255 is valid in system with x2APIC enabled.
      Instead, do not allow VCPU load if the host APIC ID cannot be
      represented by an 8-bit value.
      
      Also, use the more appropriate AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK
      instead of AVIC_MAX_PHYSICAL_ID_COUNT.
      Signed-off-by: default avatarSuravee Suthikulpanit <suravee.suthikulpanit@amd.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      c9bcd3e3
    • Paolo Bonzini's avatar
      KVM: selftests: do not blindly clobber registers in guest asm · 204c91ef
      Paolo Bonzini authored
      The guest_code of sync_regs_test is assuming that the compiler will not
      touch %r11 outside the asm that increments it, which is a bit brittle.
      Instead, we can increment a variable and use a dummy asm to ensure the
      increment is not optimized away.  However, we also need to use a
      callee-save register or the compiler will insert a save/restore around
      the vmexit, breaking the whole idea behind the test.
      
      (Yes, "if it ain't broken...", but I would like the test to be clean
      before it is copied into the upcoming s390 selftests).
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      204c91ef
    • Thomas Huth's avatar
      KVM: selftests: Remove duplicated TEST_ASSERT in hyperv_cpuid.c · 12e9612c
      Thomas Huth authored
      The check for entry->index == 0 is done twice. One time should
      be sufficient.
      Suggested-by: default avatarVitaly Kuznetsov <vkuznets@redhat.com>
      Signed-off-by: default avatarThomas Huth <thuth@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      12e9612c
    • Wanpeng Li's avatar
      KVM: LAPIC: Expose per-vCPU timer_advance_ns to userspace · 16ba3ab4
      Wanpeng Li authored
      Expose per-vCPU timer_advance_ns to userspace, so it is able to
      query the auto-adjusted value.
      
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Cc: Sean Christopherson <sean.j.christopherson@intel.com>
      Cc: Liran Alon <liran.alon@oracle.com>
      Signed-off-by: default avatarWanpeng Li <wanpengli@tencent.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      16ba3ab4
    • Wanpeng Li's avatar
      KVM: LAPIC: Fix lapic_timer_advance_ns parameter overflow · 0e6edceb
      Wanpeng Li authored
      After commit c3941d9e (KVM: lapic: Allow user to disable adaptive tuning of
      timer advancement), '-1' enables adaptive tuning starting from default
      advancment of 1000ns. However, we should expose an int instead of an overflow
      uint module parameter.
      
      Before patch:
      
      /sys/module/kvm/parameters/lapic_timer_advance_ns:4294967295
      
      After patch:
      
      /sys/module/kvm/parameters/lapic_timer_advance_ns:-1
      
      Fixes: c3941d9e (KVM: lapic: Allow user to disable adaptive tuning of timer advancement)
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Cc: Sean Christopherson <sean.j.christopherson@intel.com>
      Cc: Liran Alon <liran.alon@oracle.com>
      Reviewed-by: default avatarSean Christopherson <sean.j.christopherson@intel.com>
      Signed-off-by: default avatarWanpeng Li <wanpengli@tencent.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      0e6edceb