- Linux-stable-mirror - lists.linaro.org

[PATCH] Revert "x86/mm: implement free pmd/pte page interfaces"

by Joerg Roedel

From: Joerg Roedel <jroedel(a)suse.de> This reverts commit 28ee90fe6048fa7b7ceaeb8831c0e4e454a4cf89. This commit is broken for x86, as it unmaps the PTE and PMD pages and immediatly frees them without doing a TLB flush. Further this lacks synchronization with other page-tables in the system when the PMD pages are not shared between mm_structs. On x86-32 with PAE and PTI patches on-top this patch triggers the BUG_ON in vmalloc_sync_one() because the kernel and the process page-table were not synchronized. Signed-off-by: Joerg Roedel <jroedel(a)suse.de> --- arch/x86/mm/pgtable.c | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index ae98d4c5e32a..fd02a537a80f 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -787,22 +787,7 @@ int pmd_clear_huge(pmd_t *pmd) */ int pud_free_pmd_page(pud_t *pud) { - pmd_t *pmd; - int i; - - if (pud_none(*pud)) - return 1; - - pmd = (pmd_t *)pud_page_vaddr(*pud); - - for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i])) - return 0; - - pud_clear(pud); - free_page((unsigned long)pmd); - - return 1; + return pud_none(*pud); } /** @@ -814,15 +799,6 @@ int pud_free_pmd_page(pud_t *pud) */ int pmd_free_pte_page(pmd_t *pmd) { - pte_t *pte; - - if (pmd_none(*pmd)) - return 1; - - pte = (pte_t *)pmd_page_vaddr(*pmd); - pmd_clear(pmd); - free_page((unsigned long)pte); - - return 1; + return pmd_none(*pmd); } #endif /* CONFIG_HAVE_ARCH_HUGE_VMAP */ -- 2.13.6

7 years, 7 months

5
5
0 0

[PATCH 4/9] x86, pkeys: override pkey when moving away from PROT_EXEC

by Dave Hansen

From: Dave Hansen <dave.hansen(a)linux.intel.com> I got a bug report that the following code (roughly) was causing a SIGSEGV: mprotect(ptr, size, PROT_EXEC); mprotect(ptr, size, PROT_NONE); mprotect(ptr, size, PROT_READ); *ptr = 100; The problem is hit when the mprotect(PROT_EXEC) is implicitly assigned a protection key to the VMA, and made that key ACCESS_DENY|WRITE_DENY. The PROT_NONE mprotect() failed to remove the protection key, and the PROT_NONE-> PROT_READ left the PTE usable, but the pkey still in place and left the memory inaccessible. To fix this, we ensure that we always "override" the pkee at mprotect() if the VMA does not have execute-only permissions, but the VMA has the execute-only pkey. We had a check for PROT_READ/WRITE, but it did not work for PROT_NONE. This entirely removes the PROT_* checks, which ensures that PROT_NONE now works. Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Fixes: 62b5f7d013f ("mm/core, x86/mm/pkeys: Add execute-only protection keys support") Reported-by: Shakeel Butt <shakeelb(a)google.com> Cc: stable(a)vger.kernel.org Cc: Ram Pai <linuxram(a)us.ibm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Michael Ellermen <mpe(a)ellerman.id.au> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Shuah Khan <shuah(a)kernel.org> --- b/arch/x86/include/asm/pkeys.h | 12 +++++++++++- b/arch/x86/mm/pkeys.c | 21 +++++++++++---------- 2 files changed, 22 insertions(+), 11 deletions(-) diff -puN arch/x86/include/asm/pkeys.h~pkeys-abandon-exec-only-pkey-more-aggressively arch/x86/include/asm/pkeys.h --- a/arch/x86/include/asm/pkeys.h~pkeys-abandon-exec-only-pkey-more-aggressively 2018-04-26 10:42:18.971487371 -0700 +++ b/arch/x86/include/asm/pkeys.h 2018-04-26 10:42:18.977487371 -0700 @@ -2,6 +2,8 @@ #ifndef _ASM_X86_PKEYS_H #define _ASM_X86_PKEYS_H +#define ARCH_DEFAULT_PKEY 0 + #define arch_max_pkey() (boot_cpu_has(X86_FEATURE_OSPKE) ? 16 : 1) extern int arch_set_user_pkey_access(struct task_struct *tsk, int pkey, @@ -15,7 +17,7 @@ extern int __execute_only_pkey(struct mm static inline int execute_only_pkey(struct mm_struct *mm) { if (!boot_cpu_has(X86_FEATURE_OSPKE)) - return 0; + return ARCH_DEFAULT_PKEY; return __execute_only_pkey(mm); } @@ -56,6 +58,14 @@ bool mm_pkey_is_allocated(struct mm_stru return false; if (pkey >= arch_max_pkey()) return false; + /* + * The exec-only pkey is set in the allocation map, but + * is not available to any of the user interfaces like + * mprotect_pkey(). + */ + if (pkey == mm->context.execute_only_pkey) + return false; + return mm_pkey_allocation_map(mm) & (1U << pkey); } diff -puN arch/x86/mm/pkeys.c~pkeys-abandon-exec-only-pkey-more-aggressively arch/x86/mm/pkeys.c --- a/arch/x86/mm/pkeys.c~pkeys-abandon-exec-only-pkey-more-aggressively 2018-04-26 10:42:18.973487371 -0700 +++ b/arch/x86/mm/pkeys.c 2018-04-26 10:47:34.806486584 -0700 @@ -94,26 +94,27 @@ int __arch_override_mprotect_pkey(struct */ if (pkey != -1) return pkey; - /* - * Look for a protection-key-drive execute-only mapping - * which is now being given permissions that are not - * execute-only. Move it back to the default pkey. - */ - if (vma_is_pkey_exec_only(vma) && - (prot & (PROT_READ|PROT_WRITE))) { - return 0; - } + /* * The mapping is execute-only. Go try to get the * execute-only protection key. If we fail to do that, * fall through as if we do not have execute-only - * support. + * support in this mm. */ if (prot == PROT_EXEC) { pkey = execute_only_pkey(vma->vm_mm); if (pkey > 0) return pkey; + } else if (vma_is_pkey_exec_only(vma)) { + /* + * Protections are *not* PROT_EXEC, but the mapping + * is using the exec-only pkey. This mapping was + * PROT_EXEC and will no longer be. Move back to + * the default pkey. + */ + return ARCH_DEFAULT_PKEY; } + /* * This is a vanilla, non-pkey mprotect (or we failed to * setup execute-only), inherit the pkey from the VMA we _

7 years, 7 months

1
0
0 0

[PATCH 1/9] x86, pkeys: do not special case protection key 0

by Dave Hansen

From: Dave Hansen <dave.hansen(a)linux.intel.com> mm_pkey_is_allocated() treats pkey 0 as unallocated. That is inconsistent with the manpages, and also inconsistent with mm->context.pkey_allocation_map. Stop special casing it and only disallow values that are actually bad (< 0). The end-user visible effect of this is that you can now use mprotect_pkey() to set pkey=0. This is a bit nicer than what Ram proposed because it is simpler and removes special-casing for pkey 0. On the other hand, it does allow applciations to pkey_free() pkey-0, but that's just a silly thing to do, so we are not going to protect against it. Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Fixes: 58ab9a088dda ("x86/pkeys: Check against max pkey to avoid overflows") Cc: stable(a)kernel.org Cc: Ram Pai <linuxram(a)us.ibm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Michael Ellermen <mpe(a)ellerman.id.au> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org>p Cc: Shuah Khan <shuah(a)kernel.org> --- b/arch/x86/include/asm/mmu_context.h | 2 +- b/arch/x86/include/asm/pkeys.h | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff -puN arch/x86/include/asm/mmu_context.h~x86-pkey-0-default-allocated arch/x86/include/asm/mmu_context.h --- a/arch/x86/include/asm/mmu_context.h~x86-pkey-0-default-allocated 2018-03-26 10:22:33.742170197 -0700 +++ b/arch/x86/include/asm/mmu_context.h 2018-03-26 10:22:33.747170197 -0700 @@ -192,7 +192,7 @@ static inline int init_new_context(struc #ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS if (cpu_feature_enabled(X86_FEATURE_OSPKE)) { - /* pkey 0 is the default and always allocated */ + /* pkey 0 is the default and allocated implicitly */ mm->context.pkey_allocation_map = 0x1; /* -1 means unallocated or invalid */ mm->context.execute_only_pkey = -1; diff -puN arch/x86/include/asm/pkeys.h~x86-pkey-0-default-allocated arch/x86/include/asm/pkeys.h --- a/arch/x86/include/asm/pkeys.h~x86-pkey-0-default-allocated 2018-03-26 10:22:33.744170197 -0700 +++ b/arch/x86/include/asm/pkeys.h 2018-03-26 10:22:33.747170197 -0700 @@ -49,10 +49,10 @@ bool mm_pkey_is_allocated(struct mm_stru { /* * "Allocated" pkeys are those that have been returned - * from pkey_alloc(). pkey 0 is special, and never - * returned from pkey_alloc(). + * from pkey_alloc() or pkey 0 which is allocated + * implicitly when the mm is created. */ - if (pkey <= 0) + if (pkey < 0) return false; if (pkey >= arch_max_pkey()) return false; _

7 years, 7 months

1
0
0 0

[PATCH] NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2

by SZ Lin (林上智)

This patch adds support for PID 0x90b2 of ublox R410M. qmicli -d /dev/cdc-wdm0 --dms-get-manufacturer [/dev/cdc-wdm0] Device manufacturer retrieved: Manufacturer: 'u-blox' qmicli -d /dev/cdc-wdm0 --dms-get-model [/dev/cdc-wdm0] Device model retrieved: Model: 'SARA-R410M-02B' Signed-off-by: SZ Lin (林上智) <sz.lin(a)moxa.com> Cc: stable <stable(a)vger.kernel.org> --- drivers/net/usb/qmi_wwan.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c index c853e7410f5a..51c68fc416fa 100644 --- a/drivers/net/usb/qmi_wwan.c +++ b/drivers/net/usb/qmi_wwan.c @@ -1098,6 +1098,7 @@ static const struct usb_device_id products[] = { {QMI_FIXED_INTF(0x05c6, 0x9080, 8)}, {QMI_FIXED_INTF(0x05c6, 0x9083, 3)}, {QMI_FIXED_INTF(0x05c6, 0x9084, 4)}, + {QMI_FIXED_INTF(0x05c6, 0x90b2, 3)}, /* ublox R410M */ {QMI_FIXED_INTF(0x05c6, 0x920d, 0)}, {QMI_FIXED_INTF(0x05c6, 0x920d, 5)}, {QMI_QUIRK_SET_DTR(0x05c6, 0x9625, 4)}, /* YUGA CLM920-NC5 */ -- 2.17.0

7 years, 7 months

3
2
0 0

[PATCH] Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"

by Hans de Goede

Commit f44cb4b19ed4 ("Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174") is causing bluetooth to no longer work for several people, see: https://bugzilla.redhat.com/show_bug.cgi?id=1568911 So lets revert it for now and try to find another solution for devices which need the modified quirk. Cc: stable(a)vger.kernel.org Cc: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/bluetooth/btusb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 7f987c81c006..55693648b211 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -231,6 +231,7 @@ static const struct usb_device_id blacklist_table[] = { { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, @@ -263,7 +264,6 @@ static const struct usb_device_id blacklist_table[] = { { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, /* QCA ROME chipset */ - { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_QCA_ROME }, { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME }, { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME }, { USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME }, -- 2.17.0

7 years, 7 months

2
4
0 0

[PATCH] RDMA/cxgb4: release hw resources on device removal

by Raju Rangoju

The c4iw_rdev_close() logic was not releasing all the hw resources (PBL and RQT memory) during the device removal event (driver unload / system reboot). This can cause panic in gen_pool_destroy(). The module remove function will wait for all the hw resources to be released during the device removal event. Fixes c12a67fe(iw_cxgb4: free EQ queue memory on last deref) Signed-off-by: Raju Rangoju <rajur(a)chelsio.com> Reviewed-by: Steve Wise <swise(a)opengridcomputing.com> Cc: stable(a)vger.kernel.org --- drivers/infiniband/hw/cxgb4/device.c | 9 ++++++++- drivers/infiniband/hw/cxgb4/iw_cxgb4.h | 4 ++++ drivers/infiniband/hw/cxgb4/resource.c | 26 ++++++++++++++++++++++++-- 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/drivers/infiniband/hw/cxgb4/device.c b/drivers/infiniband/hw/cxgb4/device.c index feeb8ee6f4a2..44161ca4d2a8 100644 --- a/drivers/infiniband/hw/cxgb4/device.c +++ b/drivers/infiniband/hw/cxgb4/device.c @@ -875,6 +875,11 @@ static int c4iw_rdev_open(struct c4iw_rdev *rdev) rdev->status_page->db_off = 0; + init_completion(&rdev->rqt_compl); + init_completion(&rdev->pbl_compl); + kref_init(&rdev->rqt_kref); + kref_init(&rdev->pbl_kref); + return 0; err_free_status_page_and_wr_log: if (c4iw_wr_log && rdev->wr_log) @@ -893,13 +898,15 @@ static int c4iw_rdev_open(struct c4iw_rdev *rdev) static void c4iw_rdev_close(struct c4iw_rdev *rdev) { - destroy_workqueue(rdev->free_workq); kfree(rdev->wr_log); c4iw_release_dev_ucontext(rdev, &rdev->uctx); free_page((unsigned long)rdev->status_page); c4iw_pblpool_destroy(rdev); c4iw_rqtpool_destroy(rdev); + wait_for_completion(&rdev->pbl_compl); + wait_for_completion(&rdev->rqt_compl); c4iw_ocqp_pool_destroy(rdev); + destroy_workqueue(rdev->free_workq); c4iw_destroy_resource(&rdev->resource); } diff --git a/drivers/infiniband/hw/cxgb4/iw_cxgb4.h b/drivers/infiniband/hw/cxgb4/iw_cxgb4.h index cc929002c05e..a60def23e9ef 100644 --- a/drivers/infiniband/hw/cxgb4/iw_cxgb4.h +++ b/drivers/infiniband/hw/cxgb4/iw_cxgb4.h @@ -185,6 +185,10 @@ struct c4iw_rdev { struct wr_log_entry *wr_log; int wr_log_size; struct workqueue_struct *free_workq; + struct completion rqt_compl; + struct completion pbl_compl; + struct kref rqt_kref; + struct kref pbl_kref; }; static inline int c4iw_fatal_error(struct c4iw_rdev *rdev) diff --git a/drivers/infiniband/hw/cxgb4/resource.c b/drivers/infiniband/hw/cxgb4/resource.c index 3cf25997ed2b..0ef25ae05e6f 100644 --- a/drivers/infiniband/hw/cxgb4/resource.c +++ b/drivers/infiniband/hw/cxgb4/resource.c @@ -260,12 +260,22 @@ u32 c4iw_pblpool_alloc(struct c4iw_rdev *rdev, int size) rdev->stats.pbl.cur += roundup(size, 1 << MIN_PBL_SHIFT); if (rdev->stats.pbl.cur > rdev->stats.pbl.max) rdev->stats.pbl.max = rdev->stats.pbl.cur; + kref_get(&rdev->pbl_kref); } else rdev->stats.pbl.fail++; mutex_unlock(&rdev->stats.lock); return (u32)addr; } +static void destroy_pblpool(struct kref *kref) +{ + struct c4iw_rdev *rdev; + + rdev = container_of(kref, struct c4iw_rdev, pbl_kref); + gen_pool_destroy(rdev->pbl_pool); + complete(&rdev->pbl_compl); +} + void c4iw_pblpool_free(struct c4iw_rdev *rdev, u32 addr, int size) { pr_debug("addr 0x%x size %d\n", addr, size); @@ -273,6 +283,7 @@ void c4iw_pblpool_free(struct c4iw_rdev *rdev, u32 addr, int size) rdev->stats.pbl.cur -= roundup(size, 1 << MIN_PBL_SHIFT); mutex_unlock(&rdev->stats.lock); gen_pool_free(rdev->pbl_pool, (unsigned long)addr, size); + kref_put(&rdev->pbl_kref, destroy_pblpool); } int c4iw_pblpool_create(struct c4iw_rdev *rdev) @@ -310,7 +321,7 @@ int c4iw_pblpool_create(struct c4iw_rdev *rdev) void c4iw_pblpool_destroy(struct c4iw_rdev *rdev) { - gen_pool_destroy(rdev->pbl_pool); + kref_put(&rdev->pbl_kref, destroy_pblpool); } /* @@ -331,12 +342,22 @@ u32 c4iw_rqtpool_alloc(struct c4iw_rdev *rdev, int size) rdev->stats.rqt.cur += roundup(size << 6, 1 << MIN_RQT_SHIFT); if (rdev->stats.rqt.cur > rdev->stats.rqt.max) rdev->stats.rqt.max = rdev->stats.rqt.cur; + kref_get(&rdev->rqt_kref); } else rdev->stats.rqt.fail++; mutex_unlock(&rdev->stats.lock); return (u32)addr; } +static void destroy_rqtpool(struct kref *kref) +{ + struct c4iw_rdev *rdev; + + rdev = container_of(kref, struct c4iw_rdev, rqt_kref); + gen_pool_destroy(rdev->rqt_pool); + complete(&rdev->rqt_compl); +} + void c4iw_rqtpool_free(struct c4iw_rdev *rdev, u32 addr, int size) { pr_debug("addr 0x%x size %d\n", addr, size << 6); @@ -344,6 +365,7 @@ void c4iw_rqtpool_free(struct c4iw_rdev *rdev, u32 addr, int size) rdev->stats.rqt.cur -= roundup(size << 6, 1 << MIN_RQT_SHIFT); mutex_unlock(&rdev->stats.lock); gen_pool_free(rdev->rqt_pool, (unsigned long)addr, size << 6); + kref_put(&rdev->rqt_kref, destroy_rqtpool); } int c4iw_rqtpool_create(struct c4iw_rdev *rdev) @@ -380,7 +402,7 @@ int c4iw_rqtpool_create(struct c4iw_rdev *rdev) void c4iw_rqtpool_destroy(struct c4iw_rdev *rdev) { - gen_pool_destroy(rdev->rqt_pool); + kref_put(&rdev->rqt_kref, destroy_rqtpool); } /* -- 2.12.0

7 years, 7 months

2
1
0 0

[PATCH 00/18] s390 spectre mititgation for 4.4

by Martin Schwidefsky

Greetings, this series is the backport of 18 upstream patches to add the current s390 spectre mitigation to kernel version 4.14. One less patch than 4.14 and 4.9 as there is no nested KVM guest support (aka vsie) in 4.4. It follows the x86 approach with array_index_nospec for the v1 spectre attack and retpoline/expoline for v2. As a fallback there is the ppa-12/ppa-13 based defense which requires an micro-code update. Christian Borntraeger (2): KVM: s390: wire up bpb feature s390/entry.S: fix spurious zeroing of r0 Eugeniu Rosca (1): s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) Heiko Carstens (1): s390: enable CPU alternatives unconditionally Martin Schwidefsky (13): s390: scrub registers on kernel entry and KVM exit s390: add optimized array_index_mask_nospec s390/alternative: use a copy of the facility bit mask s390: add options to change branch prediction behaviour for the kernel s390: run user space and KVM guests with modified branch prediction s390: introduce execute-trampolines for branches s390: do not bypass BPENTER for interrupt system calls s390: move nobp parameter functions to nospec-branch.c s390: add automatic detection of the spectre defense s390: report spectre mitigation via syslog s390: add sysfs attributes for spectre s390: correct nospec auto detection init order s390: correct module section names for expoline code revert Vasily Gorbik (1): s390: introduce CPU alternatives Documentation/kernel-parameters.txt | 3 + arch/s390/Kconfig | 47 +++++++ arch/s390/Makefile | 10 ++ arch/s390/include/asm/alternative.h | 149 ++++++++++++++++++++ arch/s390/include/asm/barrier.h | 24 ++++ arch/s390/include/asm/facility.h | 18 +++ arch/s390/include/asm/kvm_host.h | 3 +- arch/s390/include/asm/lowcore.h | 7 +- arch/s390/include/asm/nospec-branch.h | 17 +++ arch/s390/include/asm/processor.h | 4 + arch/s390/include/asm/thread_info.h | 4 + arch/s390/include/uapi/asm/kvm.h | 3 + arch/s390/kernel/Makefile | 5 +- arch/s390/kernel/alternative.c | 112 +++++++++++++++ arch/s390/kernel/early.c | 5 + arch/s390/kernel/entry.S | 250 ++++++++++++++++++++++++++++++---- arch/s390/kernel/ipl.c | 1 + arch/s390/kernel/module.c | 65 ++++++++- arch/s390/kernel/nospec-branch.c | 169 +++++++++++++++++++++++ arch/s390/kernel/processor.c | 18 +++ arch/s390/kernel/setup.c | 14 +- arch/s390/kernel/smp.c | 7 +- arch/s390/kernel/vmlinux.lds.S | 37 +++++ arch/s390/kvm/kvm-s390.c | 13 +- drivers/s390/char/Makefile | 2 + include/uapi/linux/kvm.h | 1 + 26 files changed, 952 insertions(+), 36 deletions(-) create mode 100644 arch/s390/include/asm/alternative.h create mode 100644 arch/s390/include/asm/nospec-branch.h create mode 100644 arch/s390/kernel/alternative.c create mode 100644 arch/s390/kernel/nospec-branch.c -- 2.13.5

7 years, 7 months

3
20
0 0

Re: [PATCH 4.9 30/74] KVM: s390: wire up bpb feature

by Christian Borntraeger

On 04/27/2018 03:58 PM, Greg Kroah-Hartman wrote: > 4.9-stable review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> > > > From: Christian Borntraeger <borntraeger(a)de.ibm.com> Minus the double author and the unrelated white space change this backport looks good. > > [ Upstream commit 35b3fde6203b932b2b1a5b53b3d8808abc9c4f60 ] > > The new firmware interfaces for branch prediction behaviour changes > are transparently available for the guest. Nevertheless, there is > new state attached that should be migrated and properly resetted. > Provide a mechanism for handling reset, migration and VSIE. > > Signed-off-by: Christian Borntraeger <borntraeger(a)de.ibm.com> > Reviewed-by: David Hildenbrand <david(a)redhat.com> > Reviewed-by: Cornelia Huck <cohuck(a)redhat.com> > [Changed capability number to 152. - Radim] > Signed-off-by: Radim Krčmář <rkrcmar(a)redhat.com> > Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > arch/s390/include/asm/kvm_host.h | 3 ++- > arch/s390/include/uapi/asm/kvm.h | 5 ++++- > arch/s390/kvm/kvm-s390.c | 13 ++++++++++++- > arch/s390/kvm/vsie.c | 10 ++++++++++ > include/uapi/linux/kvm.h | 1 + > 5 files changed, 29 insertions(+), 3 deletions(-) > > --- a/arch/s390/include/asm/kvm_host.h > +++ b/arch/s390/include/asm/kvm_host.h > @@ -181,7 +181,8 @@ struct kvm_s390_sie_block { > __u16 ipa; /* 0x0056 */ > __u32 ipb; /* 0x0058 */ > __u32 scaoh; /* 0x005c */ > - __u8 reserved60; /* 0x0060 */ > +#define FPF_BPBC 0x20 > + __u8 fpf; /* 0x0060 */ > __u8 ecb; /* 0x0061 */ > __u8 ecb2; /* 0x0062 */ > #define ECB3_AES 0x04 > --- a/arch/s390/include/uapi/asm/kvm.h > +++ b/arch/s390/include/uapi/asm/kvm.h > @@ -197,6 +197,7 @@ struct kvm_guest_debug_arch { > #define KVM_SYNC_VRS (1UL << 6) > #define KVM_SYNC_RICCB (1UL << 7) > #define KVM_SYNC_FPRS (1UL << 8) > +#define KVM_SYNC_BPBC (1UL << 10) > /* definition of registers in kvm_run */ > struct kvm_sync_regs { > __u64 prefix; /* prefix register */ > @@ -217,7 +218,9 @@ struct kvm_sync_regs { > }; > __u8 reserved[512]; /* for future vector expansion */ > __u32 fpc; /* valid on KVM_SYNC_VRS or KVM_SYNC_FPRS */ > - __u8 padding[52]; /* riccb needs to be 64byte aligned */ > + __u8 bpbc : 1; /* bp mode */ > + __u8 reserved2 : 7; > + __u8 padding1[51]; /* riccb needs to be 64byte aligned */ > __u8 riccb[64]; /* runtime instrumentation controls block */ > }; > > --- a/arch/s390/kvm/kvm-s390.c > +++ b/arch/s390/kvm/kvm-s390.c > @@ -401,6 +401,9 @@ int kvm_vm_ioctl_check_extension(struct > case KVM_CAP_S390_RI: > r = test_facility(64); > break; > + case KVM_CAP_S390_BPB: > + r = test_facility(82); > + break; > default: > r = 0; > } > @@ -1713,6 +1716,8 @@ int kvm_arch_vcpu_init(struct kvm_vcpu * > kvm_s390_set_prefix(vcpu, 0); > if (test_kvm_facility(vcpu->kvm, 64)) > vcpu->run->kvm_valid_regs |= KVM_SYNC_RICCB; > + if (test_kvm_facility(vcpu->kvm, 82)) > + vcpu->run->kvm_valid_regs |= KVM_SYNC_BPBC; > /* fprs can be synchronized via vrs, even if the guest has no vx. With > * MACHINE_HAS_VX, (load|store)_fpu_regs() will work with vrs format. > */ > @@ -1829,7 +1834,6 @@ void kvm_arch_vcpu_load(struct kvm_vcpu > if (test_fp_ctl(current->thread.fpu.fpc)) > /* User space provided an invalid FPC, let's clear it */ > current->thread.fpu.fpc = 0; > - > save_access_regs(vcpu->arch.host_acrs); > restore_access_regs(vcpu->run->s.regs.acrs); > gmap_enable(vcpu->arch.enabled_gmap); > @@ -1877,6 +1881,7 @@ static void kvm_s390_vcpu_initial_reset( > current->thread.fpu.fpc = 0; > vcpu->arch.sie_block->gbea = 1; > vcpu->arch.sie_block->pp = 0; > + vcpu->arch.sie_block->fpf &= ~FPF_BPBC; > vcpu->arch.pfault_token = KVM_S390_PFAULT_TOKEN_INVALID; > kvm_clear_async_pf_completion_queue(vcpu); > if (!kvm_s390_user_cpu_state_ctrl(vcpu->kvm)) > @@ -2744,6 +2749,11 @@ static void sync_regs(struct kvm_vcpu *v > if (riccb->valid) > vcpu->arch.sie_block->ecb3 |= 0x01; > } > + if ((kvm_run->kvm_dirty_regs & KVM_SYNC_BPBC) && > + test_kvm_facility(vcpu->kvm, 82)) { > + vcpu->arch.sie_block->fpf &= ~FPF_BPBC; > + vcpu->arch.sie_block->fpf |= kvm_run->s.regs.bpbc ? FPF_BPBC : 0; > + } > > kvm_run->kvm_dirty_regs = 0; > } > @@ -2762,6 +2772,7 @@ static void store_regs(struct kvm_vcpu * > kvm_run->s.regs.pft = vcpu->arch.pfault_token; > kvm_run->s.regs.pfs = vcpu->arch.pfault_select; > kvm_run->s.regs.pfc = vcpu->arch.pfault_compare; > + kvm_run->s.regs.bpbc = (vcpu->arch.sie_block->fpf & FPF_BPBC) == FPF_BPBC; > } > > int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) > --- a/arch/s390/kvm/vsie.c > +++ b/arch/s390/kvm/vsie.c > @@ -217,6 +217,12 @@ static void unshadow_scb(struct kvm_vcpu > memcpy(scb_o->gcr, scb_s->gcr, 128); > scb_o->pp = scb_s->pp; > > + /* branch prediction */ > + if (test_kvm_facility(vcpu->kvm, 82)) { > + scb_o->fpf &= ~FPF_BPBC; > + scb_o->fpf |= scb_s->fpf & FPF_BPBC; > + } > + > /* interrupt intercept */ > switch (scb_s->icptcode) { > case ICPT_PROGI: > @@ -259,6 +265,7 @@ static int shadow_scb(struct kvm_vcpu *v > scb_s->ecb3 = 0; > scb_s->ecd = 0; > scb_s->fac = 0; > + scb_s->fpf = 0; > > rc = prepare_cpuflags(vcpu, vsie_page); > if (rc) > @@ -316,6 +323,9 @@ static int shadow_scb(struct kvm_vcpu *v > prefix_unmapped(vsie_page); > scb_s->ecb |= scb_o->ecb & 0x10U; > } > + /* branch prediction */ > + if (test_kvm_facility(vcpu->kvm, 82)) > + scb_s->fpf |= scb_o->fpf & FPF_BPBC; > /* SIMD */ > if (test_kvm_facility(vcpu->kvm, 129)) { > scb_s->eca |= scb_o->eca & 0x00020000U; > --- a/include/uapi/linux/kvm.h > +++ b/include/uapi/linux/kvm.h > @@ -870,6 +870,7 @@ struct kvm_ppc_smmu_info { > #define KVM_CAP_S390_USER_INSTR0 130 > #define KVM_CAP_MSI_DEVID 131 > #define KVM_CAP_PPC_HTM 132 > +#define KVM_CAP_S390_BPB 152 > > #ifdef KVM_CAP_IRQ_ROUTING > > >

7 years, 7 months

1
0
0 0

[PATCH] KVM: vmx: update SECONDARY_EXEC_DESC only if CR4.UMIP changes

by Sean Christopherson

Update SECONDARY_EXEC_DESC in SECONDARY_VM_EXEC_CONTROL for UMIP emulation if and only if CR4.UMIP is being modified and UMIP is not supported by hardware, i.e. we're emulating UMIP. If CR4.UMIP is not being changed then it's safe to assume that the previous invocation of vmx_set_cr4() correctly set SECONDARY_EXEC_DESC, i.e. the desired value is already the current value. This avoids unnecessary VMREAD/VMWRITE to SECONDARY_VM_EXEC_CONTROL, which is critical as not all processors support SECONDARY_VM_EXEC_CONTROL. WARN once and signal a fault if CR4.UMIP is changing and UMIP can't be emulated, i.e. SECONDARY_EXEC_DESC can't be set. Prior checks should prevent setting UMIP if it can't be emulated, i.e. UMIP shouldn't have been advertised to the guest if it can't be emulated, regardless of whether or not UMIP is supported in bare metal. Fixes: 0367f205a3b7 ("KVM: vmx: add support for emulating UMIP") Cc: stable(a)vger.kernel.org #4.16 Reported-by: Paolo Zeppegno <pzeppegno(a)gmail.com> Signed-off-by: Sean Christopherson <sean.j.christopherson(a)intel.com> --- arch/x86/kvm/vmx.c | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index aafcc9881e88..1502a2ac7884 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1494,6 +1494,12 @@ static inline bool cpu_has_vmx_vmfunc(void) SECONDARY_EXEC_ENABLE_VMFUNC; } +static bool vmx_umip_emulated(void) +{ + return vmcs_config.cpu_based_2nd_exec_ctrl & + SECONDARY_EXEC_DESC; +} + static inline bool report_flexpriority(void) { return flexpriority_enabled; @@ -4776,14 +4782,20 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) else hw_cr4 |= KVM_PMODE_VM_CR4_ALWAYS_ON; - if ((cr4 & X86_CR4_UMIP) && !boot_cpu_has(X86_FEATURE_UMIP)) { - vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL, - SECONDARY_EXEC_DESC); - hw_cr4 &= ~X86_CR4_UMIP; - } else if (!is_guest_mode(vcpu) || - !nested_cpu_has2(get_vmcs12(vcpu), SECONDARY_EXEC_DESC)) - vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL, - SECONDARY_EXEC_DESC); + if (((cr4 ^ kvm_read_cr4(vcpu)) & X86_CR4_UMIP) && + !boot_cpu_has(X86_FEATURE_UMIP)) { + if (WARN_ON_ONCE(!vmx_umip_emulated())) + return 1; + + if (cr4 & X86_CR4_UMIP) { + vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL, + SECONDARY_EXEC_DESC); + hw_cr4 &= ~X86_CR4_UMIP; + } else if (!is_guest_mode(vcpu) || + !nested_cpu_has2(get_vmcs12(vcpu), SECONDARY_EXEC_DESC)) + vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL, + SECONDARY_EXEC_DESC); + } if (cr4 & X86_CR4_VMXE) { /* @@ -9512,12 +9524,6 @@ static bool vmx_xsaves_supported(void) SECONDARY_EXEC_XSAVES; } -static bool vmx_umip_emulated(void) -{ - return vmcs_config.cpu_based_2nd_exec_ctrl & - SECONDARY_EXEC_DESC; -} - static void vmx_recover_nmi_blocking(struct vcpu_vmx *vmx) { u32 exit_intr_info; -- 2.16.2

7 years, 7 months

2
1
0 0

Re: [PATCH] cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status

by Dan Carpenter

On Fri, Apr 27, 2018 at 08:43:03AM -0600, Scott Bauer wrote: > > > On 04/27/2018 06:41 AM, Dan Carpenter wrote: > > I sent you an email to send this patch, but reviewing it now it's not > > actually a run time bug. The cdrom_slot_status() function takes an > > integer argument so it works. > > It's still runtime bug... I should reword the commit a bit to reflect that it's not > like the upper 32 bit issue that you had found. Look at it this way, ints can be negative, right? > Oh. Yeah. Duh... > The check is as follows: > > 2545: if (((int)arg >= cdi->capacity)) > return -EINVAL <https://elixir.bootlin.com/linux/v4.17-rc2/ident/EINVAL>; > return cdrom_slot_status <https://elixir.bootlin.com/linux/v4.17-rc2/ident/cdrom_slot_status>(cdi, arg); so if (-65536 >= cdi->capacity) it's not so we don't return -einval. And we pass a negative index into cdrom_slot_status. > > > where we do the following (https://elixir.bootlin.com/linux/v4.17-rc2/source/drivers/cdrom/cdrom.c#L13…): > > 1336: > if (info->slots <https://elixir.bootlin.com/linux/v4.17-rc2/ident/slots>[slot <https://elixir.bootlin.com/linux/v4.17-rc2/ident/slot>].disc_present) > ret = CDS_DISC_OK <https://elixir.bootlin.com/linux/v4.17-rc2/ident/CDS_DISC_OK>; > > > > > > > I'm working on a static checker warning for these kinds of bugs: > > > > drivers/cdrom/cdrom.c:2444 cdrom_ioctl_select_disc() warn: truncated comparison 'arg' 'u64max' to 's32max' > > > > drivers/cdrom/cdrom.c > > 2435 static int cdrom_ioctl_select_disc(struct cdrom_device_info *cdi, > > 2436 unsigned long arg) > > 2437 { > > 2438 cd_dbg(CD_DO_IOCTL, "entering CDROM_SELECT_DISC\n"); > > 2439 > > 2440 if (!CDROM_CAN(CDC_SELECT_DISC)) > > 2441 return -ENOSYS; > > 2442 > > 2443 if (arg != CDSL_CURRENT && arg != CDSL_NONE) { > > 2444 if ((int)arg >= cdi->capacity) > > ^^^^^^^^^^^^^^^^^^^^^^^^^ > > 2445 return -EINVAL; > > 2446 } > > 2447 > > 2448 /* > > 2449 * ->select_disc is a hook to allow a driver-specific way of > > 2450 * seleting disc. However, since there is no equivalent hook for > > 2451 * cdrom_slot_status this may not actually be useful... > > 2452 */ > > 2453 if (cdi->ops->select_disc) > > 2454 return cdi->ops->select_disc(cdi, arg); > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > ->select_disc() also take an int so it's fine (plus there is no such > > function so it's dead code). > > > > 2455 > > 2456 cd_dbg(CD_CHANGER, "Using generic cdrom_select_disc()\n"); > > 2457 return cdrom_select_disc(cdi, arg); > > ^^^ > > Also an int. > > > > 2458 } > > > > So I think it's a good idea to fix these just for cleanliness and to > > silence the static checker warnings but it doesn't affect runtime. > > Yeah, this one was "fine" aside from being messy, that's why I didn't send a patch for it. > I'm not convinced any more. Could you patch it and resend? We could end up sending invalid commands to the cdrom firmware when we do cdrom_load_unload() at the end of the cdrom_select_disc() function. Proably there is no impact but we may as well fix it. Here is my analysis if you are curious: 1371 /* If SLOT < 0, unload the current slot. Otherwise, try to load SLOT. */ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ CDSL_CURRENT is INT_MAX and CDSL_NONE is "INT_MAX - 1" but cdrom_select_disc() calls this with slot set to -1. 1372 static int cdrom_load_unload(struct cdrom_device_info *cdi, int slot) 1373 { 1374 struct packet_command cgc; 1375 1376 cd_dbg(CD_CHANGER, "entering cdrom_load_unload()\n"); 1377 if (cdi->sanyo_slot && slot < 0) 1378 return 0; 1379 1380 init_cdrom_command(&cgc, NULL, 0, CGC_DATA_NONE); 1381 cgc.cmd[0] = GPCMD_LOAD_UNLOAD; 1382 cgc.cmd[4] = 2 + (slot >= 0); ^^^^^^^^^^ So cmd[4] is 2. 1383 cgc.cmd[8] = slot; ^^^^^^^^^^^^^^^^^ Here were setting cmd[8] to any u8 value we choose. 1384 cgc.timeout = 60 * HZ; 1385 1386 /* The Sanyo 3 CD changer uses byte 7 of the 1387 GPCMD_TEST_UNIT_READY to command to switch CDs instead of 1388 using the GPCMD_LOAD_UNLOAD opcode. */ 1389 if (cdi->sanyo_slot && -1 < slot) { 1390 cgc.cmd[0] = GPCMD_TEST_UNIT_READY; 1391 cgc.cmd[7] = slot; 1392 cgc.cmd[4] = cgc.cmd[8] = 0; 1393 cdi->sanyo_slot = slot ? slot : 3; 1394 } 1395 1396 return cdi->ops->generic_packet(cdi, &cgc); 1397 } > P.S. Is your static analysis tooling available for the general public to look at? Sure. I've been dorking with it for a couple days and I haven't tested the latest version except on drivers/cdrom/cdrom.c so let me do some more testing and then I'll post it. regards, dan carpenter

7 years, 7 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror