ZCR_EL2 controls the upper bound for ZCR_EL1, and is set to
a potentially lower limit when the guest uses SVE. In order
to restore the SVE state on the EL1 host, we must first
reset ZCR_EL2 to its original value.
To make it as lazy as possible on the EL1 host side, set
the SVE trapping in place when exiting from the guest.
On the first EL1 access to SVE, ZCR_EL2 will be restored
to its full glory.
Suggested-by: Andrew Scull <ascull@google.com>
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
(cherry picked from commit beed09067b
git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm.git next)
[will: Fixed trivial conflicts with host stage-2 series]
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 178098380
Test: atest VirtualizationHostTestCases on an EL2-enabled device
Change-Id: I4e43e3ea710f105fe15b08825678109ac5ee2b78
Make sure the guest's ZCR_EL1 is saved before we save/flush the
state. This will be useful in later patches.
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
(cherry picked from commit b145a8437a
git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm.git next)
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 178098380
Test: atest VirtualizationHostTestCases on an EL2-enabled device
Change-Id: I1e3ee364780d9f63436d246431cd82e651dc6571
When running on nVHE, and that the vcpu supports SVE, map the
SVE state at EL2 so that KVM can access it.
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
(cherry picked from commit 0a9a98fda3
git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm.git next)
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 178098380
Test: atest VirtualizationHostTestCases on an EL2-enabled device
Change-Id: Iacc17d38754d40ed36be2c1ff5e5104b75974415
In order to keep the code readable, move the host-save/guest-restore
sequences in their own functions, with the following changes:
- the hypervisor ZCR is now set from C code
- ZCR_EL2 is always used as the EL2 accessor
This results in some minor assembler macro rework.
No functional change intended.
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
(cherry picked from commit 52029198c1
git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm.git next)
[will: Fixed trivial context conflict with host stage-2 series in switch.h]
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 178098380
Test: atest VirtualizationHostTestCases on an EL2-enabled device
Change-Id: Ibcacce83e2eb142ae5c5672b534def83892060bc
A common pattern is to conditionally update ZCR_ELx in order
to avoid the "self-synchronizing" effect that writing to this
register has.
Let's provide an accessor that does exactly this.
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
(cherry picked from commit 71ce1ae56e
git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm.git next)
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 178098380
Test: atest VirtualizationHostTestCases on an EL2-enabled device
Change-Id: I50af5ed0a57182d038f26c12a6ca9e733ac97ba4
The KVM code contains a number of "sve_vq_from_vl(vcpu->arch.sve_max_vl)"
instances, and we are about to add more.
Introduce vcpu_sve_vq() as a shorthand for this expression.
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
(cherry picked from commit 468f3477ef
git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm.git next)
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 178098380
Test: atest VirtualizationHostTestCases on an EL2-enabled device
Change-Id: Ibfa1776c63b84c5b83504b94f76905d4da0dd979
The vcpu_sve_pffr() returns a pointer, which can be an interesting
thing to do on nVHE. Wrap the pointer with kern_hyp_va(), and
take this opportunity to remove the unnecessary casts (sve_state
being a void *).
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
(cherry picked from commit 985d3a1bea
git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm.git next)
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 178098380
Test: atest VirtualizationHostTestCases on an EL2-enabled device
Change-Id: I01203df5e118b35c62f502652da6e6db7f521f7b
Switch to the unified EL1 accessors for ZCR_EL1, which will make
things easier for nVHE support.
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
(cherry picked from commit 83857371d4
git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm.git next)
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 178098380
Test: atest VirtualizationHostTestCases on an EL2-enabled device
Change-Id: I33aeccbd0cf915db9fbc0cac8543394134de490e
as we are about to change the way KVM deals with SVE, provide
KVM with its own save/restore SVE primitives.
No functional change intended.
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
(cherry picked from commit 297b8603e3
git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm.git next)
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 178098380
Test: atest VirtualizationHostTestCases on an EL2-enabled device
Change-Id: I77414def3e06f71324eec25f5a204d04e6c5c328
Over time, this structure is being changed a bunch to fix issues found
in the gadget code as more and more people stress it. So add padding to
handle any needed future changes that might occur.
Of course, now that the padding is there, there never will be any need
to change this structure again...
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I496797469268cc5d3cfafdb19c141b6b6196fe72
There seems to be lots of people wanting to change this structure, and
while it feels internal, due to some SoC patches, there's an ABI that
needs to be preserved here over time.
So add some padding to struct snd_usb_endpoint so that we can maintain
this succesfully in the future.
Of course, now that the padding is there, there never will be any need
to change this structure again...
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I21cb3abbdca2961e33a94b2bc48b49f3fadbd206
Try to mitigate potential future driver core api changes by adding a
padding to struct user_namespace.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2c41281b191cd252db2ddc792699d869ce8d7a4d
Try to mitigate potential future driver core api changes by adding a
padding to struct timer_list.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I74673e2271cd757c4871c9bcb69fd73bb22a722b
Try to mitigate potential future driver core api changes by adding a
padding to struct quota_format_ops, struct dquot_operations, and struct
quotactl_ops.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia957d2f8d9b1a6939cddedc16a7481e9de1a8866
Try to mitigate potential future driver core api changes by adding a
padding to struct mmu_notifier_ops and struct mmu_notifier.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If631445abf20c22830a1c764ff2ccd662a7bd204
Try to mitigate potential future driver core api changes by adding a
padding to struct vm_operations_struct.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I78f84148ef4d3524bd6c5b78e53e06503a4ac3ae
Try to mitigate potential future driver core api changes by adding a
padding to struct kobject, struct kobj_type, and struct kset.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I3c28826dc314c7f1b5c9bb167be82089d53768bb
Try to mitigate potential future driver core api changes by adding a
padding to struct kernfs_syscall_ops and struct kernfs_ops.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1fcb0b81c3ea7d5300da283b275391f95d6d4ec8
Try to mitigate potential future driver core api changes by adding a
padding to struct irq_domain.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8ff0c2162ca5f7f0b6c7a51bf341c6b1b1c856e8
Try to mitigate potential future driver core api changes by adding a
padding to struct resource.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5ff4401c540be7d095f1db27370281b7220af030
Try to mitigate potential future driver core api changes by adding a
padding to struct iomap_ops.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1803d5163f7a1d0320f567b983a8241777284c5e
Try to mitigate potential future driver core api changes by adding a
padding to struct hrtimer.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5432e05386265281d993199599c6f9dcd17a9daf
Try to mitigate potential future driver core api changes by adding a
padding to struct hd_struct, struct blk_integrity, and struct gendisk.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5d19bf942fbedc64f705f5d27ae629c57209df27
Try to mitigate potential future driver core api changes by adding a
padding to struct ethtool_ops.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If9f449cb74e81d048a1c41b33c6b7c5b564ecaf3
Try to mitigate potential future driver core api changes by adding a
padding to struct dma_map_ops.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Icbec584dee3716f341a7831a4810025f690eab4a
Try to mitigate potential future driver core api changes by adding a
padding to a lot of different networking structures:
struct ipv6_devconf
struct proto_ops
struct header_ops
struct napi_struct
struct netdev_queue
struct netdev_rx_queue
struct xfrmdev_ops
struct net_device_ops
struct net_device
struct packet_type
struct sk_buff
struct tlsdev_ops
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I590f004754dbc8beafa40e71cac70a0938c38b4a
Try to mitigate potential future driver core api changes by adding a
padding to struct bio.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib69c7bb8b553cacb9cb7bc020d8ac2bbc75621ba
Try to mitigate potential future driver core api changes by adding a
padding to struct scsi_disk.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1191c786cb341df43a40fa1a82789759b0f431cf
Try to mitigate potential future driver core api changes by adding a
padding to struct pci_sriov, struct pci_dev, struct pci_bus, and struct
pci_driver.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I236df60165b25a33b06fc81f76014162401ba742
When gadget is disconnected, running sequence is like this.
. composite_disconnect
. Call trace:
usb_string_copy+0xd0/0x128
gadget_config_name_configuration_store+0x4
gadget_config_name_attr_store+0x40/0x50
configfs_write_file+0x198/0x1f4
vfs_write+0x100/0x220
SyS_write+0x58/0xa8
. configfs_composite_unbind
. configfs_composite_bind
In configfs_composite_bind, it has
"cn->strings.s = cn->configuration;"
When usb_string_copy is invoked. it would
allocate memory, copy input string, release previous pointed memory space,
and use new allocated memory.
When gadget is connected, host sends down request to get information.
Call trace:
usb_gadget_get_string+0xec/0x168
lookup_string+0x64/0x98
composite_setup+0xa34/0x1ee8
If gadget is disconnected and connected quickly, in the failed case,
cn->configuration memory has been released by usb_string_copy kfree but
configfs_composite_bind hasn't been run in time to assign new allocated
"cn->configuration" pointer to "cn->strings.s".
When "strlen(s->s) of usb_gadget_get_string is being executed, the dangling
memory is accessed, "BUG: KASAN: use-after-free" error occurs.
Cc: stable@vger.kernel.org
Signed-off-by: Jim Lin <jilin@nvidia.com>
Signed-off-by: Macpaul Lin <macpaul.lin@mediatek.com>
Link: https://lore.kernel.org/r/1615444961-13376-1-git-send-email-macpaul.lin@mediatek.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 98f153a10d)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I701efe7bf8b20ab35c84e0441a52633d223224e9
Remove the unused "u32 vdo[3]" part in the tps6598x_rx_identity_reg
struct. This helps avoid "failed to register partner" errors which
happen when tps6598x_read_partner_identity() fails because the
amount of data read is 12 bytes smaller than the struct size.
Note that vdo[3] is already in usb_pd_identity and hence
shouldn't be added to tps6598x_rx_identity_reg as well.
Fixes: f6c56ca91b ("usb: typec: Add the Product Type VDOs to struct usb_pd_identity")
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Reviewed-by: Guido Günther <agx@sigxcpu.org>
Signed-off-by: Elias Rudberg <mail@eliasrudberg.se>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210311124710.6563-1-mail@eliasrudberg.se
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 3cac9104be)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I889e67c743ff494609477af21e1cfd672affeb73
In the situations where the DWC3 gadget stops active transfers, once
calling the dwc3_gadget_giveback(), there is a chance where a function
driver can queue a new USB request in between the time where the dwc3
lock has been released and re-aquired. This occurs after we've already
issued an ENDXFER command. When the stop active transfers continues
to remove USB requests from all dep lists, the newly added request will
also be removed, while controller still has an active TRB for it.
This can lead to the controller accessing an unmapped memory address.
Fix this by ensuring parameters to prevent EP queuing are set before
calling the stop active transfers API.
Fixes: ae7e86108b ("usb: dwc3: Stop active transfers before halting the controller")
Signed-off-by: Wesley Cheng <wcheng@codeaurora.org>
Link: https://lore.kernel.org/r/1615507142-23097-1-git-send-email-wcheng@codeaurora.org
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit f09ddcfcb8)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7b12af154c9c4a0768a30767f4c1abe5b9c27bc7
This reverts commit 5f85626b13.
Temporarily reverting to let partner stabilize. Planning to
re-enable by end of March.
Bug: 182884953
Change-Id: Iffa933d7065d206a73750bd546adc71c637e1581
Signed-off-by: Todd Kjos <tkjos@google.com>
Temporarily reverting to let partner stabilize. Planning to
re-enable by end of March.
Bug: 182884953
Signed-off-by: Todd Kjos <tkjos@google.com>
Change-Id: I83dec946fcb9b6872d3f91aa33afd2ae71a4fe97
This reverts commit 2df558b6f0 ("f2fs: fix to tag FIEMAP_EXTENT_MERGED
in f2fs_fiemap()") as this breaks older Android userspaces without
aosp/1590474.
Bug: 182956687
Change-Id: Iaff9f0f39e03201f198af87c01e6faf38da1b0f0
Signed-off-by: Elliot Berman <eberman@codeaurora.org>
In order to further configure stage-2 page-tables, pass flags to the
init function using a new enum.
The first of these flags allows to disable FWB even if the hardware
supports it as we will need to do so for the host stage-2.
Signed-off-by: Quentin Perret <qperret@google.com>
Link: https://lore.kernel.org/r/20210317141714.383046-2-qperret@google.com
Bug: 178098380
Change-Id: I19441d59f5bd31f6ffbefbab06c7377e29ad3246
When KVM runs in nVHE protected mode, use the host stage 2 to unmap the
hypervisor sections by marking them as owned by the hypervisor itself.
The long-term goal is to ensure the EL2 code can remain robust
regardless of the host's state, so this starts by making sure the host
cannot e.g. write to the .hyp sections directly.
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Quentin Perret <qperret@google.com>
Link: https://lore.kernel.org/r/20210315143536.214621-37-qperret@google.com
Bug: 178098380
Change-Id: I747a37058f65b9cd5b9ce8dc72a8e385cf68f5d2
The host currently writes directly in EL2 per-CPU data sections from
the PMU code when running in nVHE. In preparation for unmapping the EL2
sections from the host stage 2, disable PMU support in protected mode as
we currently do not have a use-case for it.
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Quentin Perret <qperret@google.com>
Link: https://lore.kernel.org/r/20210315143536.214621-36-qperret@google.com
Bug: 178098380
Change-Id: I4e8e2205484f0375a9a9ea15491f099832a03118
We will soon unmap the .hyp sections from the host stage 2 in Protected
nVHE mode, which obviously works with at least page granularity, so make
sure to align them correctly.
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Quentin Perret <qperret@google.com>
Link: https://lore.kernel.org/r/20210315143536.214621-35-qperret@google.com
Bug: 178098380
Change-Id: Ia631ed37a9cc66d83604fa84f901706800529a94
When KVM runs in protected nVHE mode, make use of a stage 2 page-table
to give the hypervisor some control over the host memory accesses. The
host stage 2 is created lazily using large block mappings if possible,
and will default to page mappings in absence of a better solution.
>From this point on, memory accesses from the host to protected memory
regions (e.g. not 'owned' by the host) are fatal and lead to hyp_panic().
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Quentin Perret <qperret@google.com>
Link: https://lore.kernel.org/r/20210315143536.214621-34-qperret@google.com
Bug: 178098380
Change-Id: Id663fd6d2c183cf3a44c5677df29b8cab94f5e4e
Since the host stage 2 will be identity mapped, and since it will own
most of memory, it would preferable for performance to try and use large
block mappings whenever that is possible. To ease this, introduce a new
helper in the KVM page-table code which allows to search for large
ranges of available IPA space. This will be used in the host memory
abort path to greedily idmap large portion of the PA space.
Signed-off-by: Quentin Perret <qperret@google.com>
Acked-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20210315143536.214621-32-qperret@google.com
Bug: 178098380
Change-Id: Ib5a9470a4e7f86e8adfa25d273c56279657c9a22
