Add handlers to exchange information between the
host and the protected guest on vcpu entry and exit, which
most often would happen on running a vcpu.
Signed-off-by: Fuad Tabba <tabba@google.com>
Bug: 209580772
Change-Id: I1716f55f5a1cb75dcde26b58af8f78ee80e4a19e
Signed-off-by: Will Deacon <willdeacon@google.com>
Create and populate a shadow table that contains the state hyp
need for running protected VMs, i.e., struct kvm and struct
kvm_vcpu at EL2.
The memory for this is donated by the host and then unmapped from
the host at stage 1 and at stage 2 (by hyp).
This state is not used yet.
Signed-off-by: Fuad Tabba <tabba@google.com>
Bug: 209580772
Change-Id: Ie2d948f2a5f22a06d615d909de7a60d46944e6d8
Signed-off-by: Will Deacon <willdeacon@google.com>
Create a framework for resetting protected VM system registers to
their architecturally defined reset values.
No functional change intended as these are not hooked in yet.
Signed-off-by: Fuad Tabba <tabba@google.com>
Bug: 209580772
Change-Id: Iafdab9f796897429f0fb8abd5d7df9ca576e1f91
Signed-off-by: Will Deacon <willdeacon@google.com>
Move the computation of the mpidr to its own function in a shared
header, as the computation will be used by hyp in protected mode.
No functional change intended.
Signed-off-by: Fuad Tabba <tabba@google.com>
Bug: 209580772
Change-Id: I531795b43c9747dceea485843eed114675db9354
Signed-off-by: Will Deacon <willdeacon@google.com>
Move the macro defines of the pstate reset values to a shared
header to be used by hyp in protected mode.
No functional change intended.
Signed-off-by: Fuad Tabba <tabba@google.com>
Bug: 209580772
Change-Id: Iafd31108675027a799ce9ff3c5c56b49e87ead67
Signed-off-by: Will Deacon <willdeacon@google.com>
The values of the trapping registers for protected VMs should be
computed from the ground up, and not depend on potentially
preexisting values.
No functional change intended.
Signed-off-by: Fuad Tabba <tabba@google.com>
Bug: 209580772
Change-Id: Iacd3916dd1bbfc8d9cc859f94a9d879e9d456ebc
Signed-off-by: Will Deacon <willdeacon@google.com>
Having a static initializer for hyp_spinlock_t simplifies its
use when there isn't an initializing function.
No functional change intended.
Signed-off-by: Fuad Tabba <tabba@google.com>
Bug: 209580772
Change-Id: Ib1eabe03f49013955a7afcbfcc6a7d3c4a31a736
Signed-off-by: Will Deacon <willdeacon@google.com>
Create a macro definition for the FAR_EL2 mask and use it instead
of a hard-coded value, and put it in a share header to be used by
hyp.
No functional change intended.
Signed-off-by: Fuad Tabba <tabba@google.com>
Bug: 209580772
Change-Id: Ib83932d670cba6bf8f1ed45d2c0e1ed34331d98d
Signed-off-by: Will Deacon <willdeacon@google.com>
Debug and trace are not currently supported for protected guests.
Trap related exceptions and restrict access to related registers.
Signed-off-by: Fuad Tabba <tabba@google.com>
Bug: 209580772
Change-Id: If7483e5b38837d6e7d83c47657a94f16a34ba856
Signed-off-by: Will Deacon <willdeacon@google.com>
In preparation for using some of the pKVM fixed configuration register
definitions to filter the available VM CAPs in the host, split the
nvhe/fixed_config.h header so that the definitions can be shared
with the host, while keeping the hypervisor function prototypes in
the nvhe/ namespace.
Signed-off-by: Will Deacon <will@kernel.org>
Bug: 209580772
Change-Id: I587bbcfebcc89633695fde9a5cfa1546fdca1018
Signed-off-by: Will Deacon <willdeacon@google.com>
Add helpers allowing the hypervisor to check whether a range of pages
are currently shared by the host, and 'pin' them if so by blocking host
unshare operations until the memory has been unpinned. This will allow
the hypervisor to take references on host-provided data-structures
(struct kvm and such) and be guaranteed these pages will remain in a
stable state until it decides to release them, e.g. during guest
teardown.
Signed-off-by: Quentin Perret <qperret@google.com>
Bug: 209580772
Change-Id: I60ff204bd11e78e3e2ce21defc0d94ae916f5097
Signed-off-by: Will Deacon <willdeacon@google.com>
The EL2 vmemmap in nVHE Protected mode is currently very sparse: only
memory pages owned by the hypervisor itself have a matching struct
hyp_page. But since the size of these structs has been reduced
significantly, it appears that we can afford backing the vmemmap for all
of memory.
This will simplify a lot memory tracking as the hypervisor will have a
place to store metadata (e.g. refcounts) that wouldn't otherwise fit in
the 4 SW bits we have in the host stage-2 page-table for instance.
Signed-off-by: Quentin Perret <qperret@google.com>
Bug: 209580772
Change-Id: Idaaf67ae6401765143fd7fe4b12f8f53e9cbf64b
Signed-off-by: Will Deacon <willdeacon@google.com>
We will soon need to manipulate struct hyp_page refcounts from outside
page_alloc.c, so move the helpers to a header file.
Signed-off-by: Quentin Perret <qperret@google.com>
Bug: 209580772
Change-Id: I5cfeeb1e3e6a61cbba70c242cf25e035b26149e7
Signed-off-by: Will Deacon <willdeacon@google.com>
The hypervisor will soon need to donate memory pages to the host to
return pages backing guest VM metadata during guest teardown, so provide
a helper allowing hyp-to-host memory donations.
Signed-off-by: Quentin Perret <qperret@google.com>
Bug: 209580772
Change-Id: I3013e8f69e9d26fae751bb81cc1e66253f0f5039
Signed-off-by: Will Deacon <willdeacon@google.com>
The host will soon need to donate memory pages to the hypervisor to
store VM metadata, so provide a helper function allowing host-to-hyp
memory donations.
Signed-off-by: Quentin Perret <qperret@google.com>
Bug: 209580772
Change-Id: I246978d81bd5301dae13c1f9d3e546334ecd88ad
Signed-off-by: Will Deacon <willdeacon@google.com>
Returning memory ownership of KVM metadata pages to the host once it is
no longer required (i.e. after VM teardown) can be achieved using a
series of memory donations from the hypervisor to the host.
Implement hyp-to-host memory donation.
Signed-off-by: Quentin Perret <qperret@google.com>
Bug: 209580772
Change-Id: I7c77bf6dae0ee7f96cd032d06b1ced5502530786
Signed-off-by: Will Deacon <willdeacon@google.com>
Transferring ownership information of a memory region from one component
to another can be achieved using a "donate" operation, which results
in the previous owner losing access to the underlying pages entirely.
Implement a do_donate() helper, along the same lines as do_{un,}share,
to provide this functionality for the host-to-hyp case.
Signed-off-by: Quentin Perret <qperret@google.com>
Bug: 209580772
Change-Id: I426f8b068450e7e6b93ba05a0aea6ce8f93e6bf7
Signed-off-by: Will Deacon <willdeacon@google.com>
CMOs issued from EL2 cannot directly use the kernel helpers,
as EL2 doesn't have a mapping of the guest pages. Oops.
Instead, use the mm_ops indirection to use helpers that will
perform a mapping at EL2 and allow the CMO to be effective.
Fixes: 25aa28691b ("KVM: arm64: Move guest CMOs to the fault handlers")
Signed-off-by: Marc Zyngier <maz@kernel.org>
Bug: 209777660
Link: https://lore.kernel.org/r/20220114125038.1336965-1-maz@kernel.org
Signed-off-by: Will Deacon <willdeacon@google.com>
Change-Id: I8cd221f7c89a20de28f0bea422641622b8320c1f
The S2MPU must wait for a v9 device to finish invalidation before
accessing its SFRs. Failure to do so can result in memory transaction
timeouts.
Add a loop that polls the STATUS register while the return value has
the BUSY and ON_INVALIDATING bits set.
Test: builds, boots
Bug: 190463801
Bug: 206761586
Signed-off-by: David Brazdil <dbrazdil@google.com>
Change-Id: I00891dc3a8ad185d29757b8622a053a96237b803
Comments in S2MPU driver code were mistakenly prefixed with /**,
denoting a kernel-doc comment. Since these do not match kernel-doc
syntax, replace them with regular /* comments.
Test: n/a
Bug: 190463801
Signed-off-by: David Brazdil <dbrazdil@google.com>
Change-Id: I81ed57f22c2cf9eaa5761f11b4f3b8ce1800f457
Changes in 5.15.14
fscache_cookie_enabled: check cookie is valid before accessing it
selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv()
tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
tracing: Tag trace_percpu_buffer as a percpu pointer
Revert "RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow"
ieee802154: atusb: fix uninit value in atusb_set_extended_addr
i40e: Fix to not show opcode msg on unsuccessful VF MAC change
iavf: Fix limit of total number of queues to active queues of VF
RDMA/core: Don't infoleak GRH fields
Revert "net: usb: r8152: Add MAC passthrough support for more Lenovo Docks"
netrom: fix copying in user data in nr_setsockopt
RDMA/uverbs: Check for null return of kmalloc_array
mac80211: initialize variable have_higher_than_11mbit
mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
sfc: The RX page_ring is optional
i40e: fix use-after-free in i40e_sync_filters_subtask()
i40e: Fix for displaying message regarding NVM version
i40e: Fix incorrect netdev's real number of RX/TX queues
ftrace/samples: Add missing prototypes direct functions
ipv4: Check attribute length for RTA_GATEWAY in multipath route
ipv4: Check attribute length for RTA_FLOW in multipath route
ipv6: Check attribute length for RTA_GATEWAY in multipath route
ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route
lwtunnel: Validate RTA_ENCAP_TYPE attribute length
selftests: net: udpgro_fwd.sh: explicitly checking the available ping feature
sctp: hold endpoint before calling cb in sctp_transport_lookup_process
batman-adv: mcast: don't send link-local multicast to mcast routers
sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
net: ena: Fix undefined state when tx request id is out of bounds
net: ena: Fix wrong rx request id by resetting device
net: ena: Fix error handling when calculating max IO queues number
md/raid1: fix missing bitmap update w/o WriteMostly devices
EDAC/i10nm: Release mdev/mbase when failing to detect HBM
KVM: x86: Check for rmaps allocation
cgroup: Use open-time credentials for process migraton perm checks
cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
cgroup: Use open-time cgroup namespace for process migration perm checks
Revert "i2c: core: support bus regulator controlling in adapter"
i2c: mpc: Avoid out of bounds memory access
xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
power: supply: core: Break capacity loop
power: reset: ltc2952: Fix use of floating point literals
reset: renesas: Fix Runtime PM usage
rndis_host: support Hytera digital radios
gpio: gpio-aspeed-sgpio: Fix wrong hwirq base in irq handler
net ticp:fix a kernel-infoleak in __tipc_sendmsg()
phonet: refcount leak in pep_sock_accep
fbdev: fbmem: add a helper to determine if an aperture is used by a fw fb
drm/amdgpu: disable runpm if we are the primary adapter
power: bq25890: Enable continuous conversion for ADC at charging
ipv6: Continue processing multipath route even if gateway attribute is invalid
ipv6: Do cleanup if attribute validation fails in multipath route
auxdisplay: charlcd: checking for pointer reference before dereferencing
drm/amdgpu: fix dropped backing store handling in amdgpu_dma_buf_move_notify
drm/amd/pm: Fix xgmi link control on aldebaran
usb: mtu3: fix interval value for intr and isoc
scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate
net: udp: fix alignment problem in udp4_seq_show()
atlantic: Fix buff_ring OOB in aq_ring_rx_clean
drm/amd/pm: skip setting gfx cgpg in the s0ix suspend-resume
drm/amdgpu: always reset the asic in suspend (v2)
drm/amdgpu: put SMU into proper state on runpm suspending for BOCO capable platform
mISDN: change function names to avoid conflicts
drm/amd/display: fix B0 TMDS deepcolor no dislay issue
drm/amd/display: Added power down for DCN10
ipv6: raw: check passed optlen before reading
userfaultfd/selftests: fix hugetlb area allocations
ARM: dts: gpio-ranges property is now required
Input: zinitix - make sure the IRQ is allocated before it gets enabled
Revert "drm/amdgpu: stop scheduler when calling hw_fini (v2)"
drm/amd/pm: keep the BACO feature enabled for suspend
Linux 5.15.14
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ifc22d4db0c3aa2164c4769981847e0634f2ad463
This is the default now.
Test: TH
Bug: 212640658
Change-Id: I3fc1d7149f4e180ff1919339beb6432adf73dab3
Signed-off-by: Yifan Hong <elsk@google.com>
(cherry picked from commit 15cc1a6f99)
[ Upstream commit cf73ed894e ]
Since irq request is the last thing in the driver probe, it happens
later than the input device registration. This means that there is a
small time window where if the open method is called the driver will
attempt to enable not yet available irq.
Fix that by moving the irq request before the input device registration.
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Fixes: 26822652c8 ("Input: add zinitix touchscreen driver")
Signed-off-by: Nikita Travkin <nikita@trvn.ru>
Link: https://lore.kernel.org/r/20220106072840.36851-2-nikita@trvn.ru
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f5c7329718 ]
Currently, userfaultfd selftest for hugetlb as run from run_vmtests.sh
or any environment where there are 'just enough' hugetlb pages will
always fail with:
testing events (fork, remap, remove):
ERROR: UFFDIO_COPY error: -12 (errno=12, line=616)
The ENOMEM error code implies there are not enough hugetlb pages.
However, there are free hugetlb pages but they are all reserved. There
is a basic problem with the way the test allocates hugetlb pages which
has existed since the test was originally written.
Due to the way 'cleanup' was done between different phases of the test,
this issue was masked until recently. The issue was uncovered by commit
8ba6e86408 ("userfaultfd/selftests: reinitialize test context in each
test").
For the hugetlb test, src and dst areas are allocated as PRIVATE
mappings of a hugetlb file. This means that at mmap time, pages are
reserved for the src and dst areas. At the start of event testing (and
other tests) the src area is populated which results in allocation of
huge pages to fill the area and consumption of reserves associated with
the area. Then, a child is forked to fault in the dst area. Note that
the dst area was allocated in the parent and hence the parent owns the
reserves associated with the mapping. The child has normal access to
the dst area, but can not use the reserves created/owned by the parent.
Thus, if there are no other huge pages available allocation of a page
for the dst by the child will fail.
Fix by not creating reserves for the dst area. In this way the child
can use free (non-reserved) pages.
Also, MAP_PRIVATE of a file only makes sense if you are interested in
the contents of the file before making a COW copy. The test does not do
this. So, just use MAP_ANONYMOUS | MAP_HUGETLB to create an anonymous
hugetlb mapping. There is no need to create a hugetlb file in the
non-shared case.
Link: https://lkml.kernel.org/r/20211217172919.7861-1-mike.kravetz@oracle.com
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Axel Rasmussen <axelrasmussen@google.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Mina Almasry <almasrymina@google.com>
Cc: Shuah Khan <shuah@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 2eb82577a1 ]
[why]
B0 PHY C map to F, D map to G driver use logic instance, dmub does the
remap. Driver still need use the right PHY instance to access right HW.
[how]
use phyical instance when program PHY register.
[note]
could move resync_control programming to dmub next.
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Reviewed-by: Dmytro Laktyushkin <Dmytro.Laktyushkin@amd.com>
Reviewed-by: Jun Lei <Jun.Lei@amd.com>
Acked-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Signed-off-by: Charlene Liu <Charlene.Liu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 8b5fdfc57c ]
As we build for mips, we meet following error. l1_init error with
multiple definition. Some architecture devices usually marked with
l1, l2, lxx as the start-up phase. so we change the mISDN function
names, align with Isdnl2_xxx.
mips-linux-gnu-ld: drivers/isdn/mISDN/layer1.o: in function `l1_init':
(.text+0x890): multiple definition of `l1_init'; \
arch/mips/kernel/bmips_5xxx_init.o:(.text+0xf0): first defined here
make[1]: *** [home/mips/kernel-build/linux/Makefile:1161: vmlinux] Error 1
Signed-off-by: wolfgang huang <huangjinhui@kylinos.cn>
Reported-by: k2ci <kernel-bot@kylinos.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 7be3be2b02 ]
By setting mp1_state as PP_MP1_STATE_UNLOAD, MP1 will do some proper cleanups and
put itself into a state ready for PNP. That can workaround some random resuming
failure observed on BOCO capable platforms.
Signed-off-by: Evan Quan <evan.quan@amd.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Guchun Chen <guchun.chen@amd.com>
Reviewed-by: Lijo Lazar <lijo.lazar@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit daf8de0874 ]
If the platform suspend happens to fail and the power rail
is not turned off, the GPU will be in an unknown state on
resume, so reset the asic so that it will be in a known
good state on resume even if the platform suspend failed.
v2: handle s0ix
Acked-by: Luben Tuikov <luben.tuikov@amd.com>
Acked-by: Evan Quan <evan.quan@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit c1833c3964 ]
The "__ip6_tnl_parm" struct was left uninitialized causing an invalid
load of random data when the "__ip6_tnl_parm" struct was used elsewhere.
As an example, in the function "ip6_tnl_xmit_ctl()", it tries to access
the "collect_md" member. With "__ip6_tnl_parm" being uninitialized and
containing random data, the UBSAN detected that "collect_md" held a
non-boolean value.
The UBSAN issue is as follows:
===============================================================
UBSAN: invalid-load in net/ipv6/ip6_tunnel.c:1025:14
load of value 30 is not a valid value for type '_Bool'
CPU: 1 PID: 228 Comm: kworker/1:3 Not tainted 5.16.0-rc4+ #8
Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
<TASK>
dump_stack_lvl+0x44/0x57
ubsan_epilogue+0x5/0x40
__ubsan_handle_load_invalid_value+0x66/0x70
? __cpuhp_setup_state+0x1d3/0x210
ip6_tnl_xmit_ctl.cold.52+0x2c/0x6f [ip6_tunnel]
vti6_tnl_xmit+0x79c/0x1e96 [ip6_vti]
? lock_is_held_type+0xd9/0x130
? vti6_rcv+0x100/0x100 [ip6_vti]
? lock_is_held_type+0xd9/0x130
? rcu_read_lock_bh_held+0xc0/0xc0
? lock_acquired+0x262/0xb10
dev_hard_start_xmit+0x1e6/0x820
__dev_queue_xmit+0x2079/0x3340
? mark_lock.part.52+0xf7/0x1050
? netdev_core_pick_tx+0x290/0x290
? kvm_clock_read+0x14/0x30
? kvm_sched_clock_read+0x5/0x10
? sched_clock_cpu+0x15/0x200
? find_held_lock+0x3a/0x1c0
? lock_release+0x42f/0xc90
? lock_downgrade+0x6b0/0x6b0
? mark_held_locks+0xb7/0x120
? neigh_connected_output+0x31f/0x470
? lockdep_hardirqs_on+0x79/0x100
? neigh_connected_output+0x31f/0x470
? ip6_finish_output2+0x9b0/0x1d90
? rcu_read_lock_bh_held+0x62/0xc0
? ip6_finish_output2+0x9b0/0x1d90
ip6_finish_output2+0x9b0/0x1d90
? ip6_append_data+0x330/0x330
? ip6_mtu+0x166/0x370
? __ip6_finish_output+0x1ad/0xfb0
? nf_hook_slow+0xa6/0x170
ip6_output+0x1fb/0x710
? nf_hook.constprop.32+0x317/0x430
? ip6_finish_output+0x180/0x180
? __ip6_finish_output+0xfb0/0xfb0
? lock_is_held_type+0xd9/0x130
ndisc_send_skb+0xb33/0x1590
? __sk_mem_raise_allocated+0x11cf/0x1560
? dst_output+0x4a0/0x4a0
? ndisc_send_rs+0x432/0x610
addrconf_dad_completed+0x30c/0xbb0
? addrconf_rs_timer+0x650/0x650
? addrconf_dad_work+0x73c/0x10e0
addrconf_dad_work+0x73c/0x10e0
? addrconf_dad_completed+0xbb0/0xbb0
? rcu_read_lock_sched_held+0xaf/0xe0
? rcu_read_lock_bh_held+0xc0/0xc0
process_one_work+0x97b/0x1740
? pwq_dec_nr_in_flight+0x270/0x270
worker_thread+0x87/0xbf0
? process_one_work+0x1740/0x1740
kthread+0x3ac/0x490
? set_kthread_struct+0x100/0x100
ret_from_fork+0x22/0x30
</TASK>
===============================================================
The solution is to initialize "__ip6_tnl_parm" struct to zeros in the
"vti6_siocdevprivate()" function.
Signed-off-by: William Zhao <wizhao@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 4daa9ff89e ]
Check if the pointer lcd->ops->init_display exists before dereferencing it.
If a driver called charlcd_init() without defining the ops, this would
return segmentation fault, as happened to me when implementing a charlcd
driver. Checking the pointer before dereferencing protects from
segmentation fault.
Signed-off-by: Luiz Sampaio <sampaio.ime@gmail.com>
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 80211be1b9 upstream.
Instead of one shot run of ADC at beginning of charging, run continuous
conversion to ensure that all charging-related values are monitored
properly (input voltage, input current, themperature etc.).
Signed-off-by: Yauhen Kharuzhy <jekhor@gmail.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
