commit 7ceb1c694fd9b8a049eb3b2853455caa7d98cb83 upstream.
Similar to kvm_find_kvm_cpuid_features()/__kvm_find_kvm_cpuid_features(),
introduce a helper to search for the specific hypervisor signature in any
struct kvm_cpuid_entry2 array, not only in vcpu->arch.cpuid_entries.
No functional change intended.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Link: https://lore.kernel.org/r/20240228101837.93642-2-vkuznets@redhat.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Like Xu <likexu@tencent.com>
The future patch will use get_iowait_time() function.
So add extern u64 get_idle_time(struct kernel_cpustat *kcs, int cpu);
in include/linux/kernel_stat.h
kernel/cgroup/cpuset.c also define a get_iowait_time() function which
is basiclly the same as the one in fs/proc/stat.c in commit f02c35d2e6.
And it also includes the include/linux/kernel_stat.h, then we got a conflict.
Fix: f02c35d2e6
Signed-off-by: Hongbo Li <herberthbli@tencent.com>
Add CONFIGs as below:
CONFIG_DRM_SIMPLEDRM=m
CONFIG_FB_SIMPLE=m
CONFIG_SYSFB_SIMPLEFB=y
To support iso's graphic install on more machines.
Signed-off-by: Jianping Liu <frankjpliu@tencent.com>
Reviewed-by: Yongliang Gao <leonylgao@tencent.com>
Add drm configs as below:
CONFIG_DRM_DP_CEC=y
CONFIG_DRM_I2C_NXP_TDA998X=m
CONFIG_DRM_I915_GVT_KVMGT=m
CONFIG_DRM_GM12U320=m
CONFIG_DRM_GUD=m
Add CONFIG_KUNIT=m, CONFIG_DRM_KUNIT_TEST depend on it.
Add CONFIG_THINKPAD_ACPI=m, to select CONFIG_DRM_PRIVACY_SCREEN.
Disable Hyper-V framebuffer driver (CONFIG_FB_HYPERV) so that DRM driver
is used by default.
For arm64, add CONFIG_HYPERV=m for enable CONFIG_DRM_HYPERV=m.
Signed-off-by: Jianping Liu <frankjpliu@tencent.com>
Reviewed-by: Yongliang Gao <leonylgao@tencent.com>
When run "make dist-rpm", there are errors as below:
filter-modules.sh: Failed to filter out external modules, broken depmod:
depmod: WARNING: /drivers/misc/cardreader/rtsx_pci.ko needs unknown symbol mfd_add_devices
depmod: WARNING: /drivers/misc/cardreader/rtsx_pci.ko needs unknown symbol mfd_remove_devices
depmod: WARNING: /drivers/misc/cardreader/rtsx_usb.ko needs unknown symbol mfd_add_devices
depmod: WARNING: /drivers/misc/cardreader/rtsx_usb.ko needs unknown symbol mfd_remove_devices
depmod: WARNING: /drivers/vfio/pci/mlx5/mlx5-vfio-pci.ko needs unknown symbol mlx5_db_free
depmod: WARNING: /drivers/vfio/pci/mlx5/mlx5-vfio-pci.ko needs unknown symbol mlx5_core_destroy_mkey
depmod: WARNING: /drivers/vfio/pci/mlx5/mlx5-vfio-pci.ko needs unknown symbol mlx5_vf_get_core_dev
depmod: WARNING: /drivers/vfio/pci/mlx5/mlx5-vfio-pci.ko needs unknown symbol mlx5_core_alloc_pd
......
Add mfd-core and mlx5_core to "overrides", which will let them back into
kernel-core*.rpm, and sovle "broken depmod" as above.
Signed-off-by: Jianping Liu <frankjpliu@tencent.com>
Reviewed-by: Yongliang Gao <leonylgao@tencent.com>
Upstream commit: 234a557e28b9142e07eae21083a04fffef83ee8d
The current code is using a fixed mapping between the LS7A interrupt source
and the HT interrupt vector. This prevents the utilization of the full
interrupt vector space and therefore limits the number of interrupt source
in a system.
Replace the fixed mapping with a dynamic mapping which allocates a
vector when an interrupt source is set up. This avoids that unused
sources prevent vectors from being used for other devices.
Introduce a mapping table in struct pch_pic, where each interrupt source
will allocate an index as a 'hwirq' number from the table in the order of
application and set table value as interrupt source number. This hwirq
number will be configured as vector in the HT interrupt controller. For an
interrupt source, the validity period of the obtained hwirq will last until
the system reset.
Co-developed-by: Biao Dong <dongbiao@loongson.cn>
Signed-off-by: Biao Dong <dongbiao@loongson.cn>
Co-developed-by: Tianyang Zhang <zhangtianyang@loongson.cn>
Signed-off-by: Tianyang Zhang <zhangtianyang@loongson.cn>
Signed-off-by: Baoqi Zhang <zhangbaoqi@loongson.cn>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20240422093830.27212-1-zhangtianyang@loongson.cn
Signed-off-by: Ming Wang <wangming01@loongson.cn>
Signed-off-by: Jianping Liu <frankjpliu@tencent.com>
OC release need keep consistent with the community's conventions.
Spliting out modules-public and modules-public-removable-media rpm is
inconsistent with the community's conventions.
Revert:
commit 4faa03afdc ("dist: add a modules-public rpm subpackage")
commit 83c70cfab6 ("dist: rename modules-removable-media to
modules-public-removable-media")
Signed-off-by: Jianping Liu <frankjpliu@tencent.com>
Reviewed-by: Yongliang Gao <leonylgao@tencent.com>
Upstream: no
Set guest memory regions in hygon hardware with SET_SMR command.
Secure memory control region(SMCR) is a special memory region which
is dedicated for CSV3 guest's meta data. SET_SMCR command is used to
set SMCR memory in hygon hardware. Both SET_SMR and SET_SMCR should
be issued early during platform initialization.
Signed-off-by: Xin Jiang <jiangxin@hygon.cn>
Signed-off-by: hanliyang <hanliyang@hygon.cn>
Upstream: no
The private memory of a CSV3 guest is isolated from VMM and has to be
physically contiguous. CMA (Contiguous Memory Allocator) is a memory
allocator within the kernel for contiguous physical memory.
Use the CMA for the CSV3 private memory management. In order to
support CSV3, select MMU and CMA when CONIFG_HYGON_CSV is
configured.
Signed-off-by: Xin Jiang <jiangxin@hygon.cn>
Signed-off-by: hanliyang <hanliyang@hygon.cn>
Upstream: no
Define Hygon CSV3 key management command id and structure. CSV3 is
the technology for Hygon secure virtualization to improve security
of guest with secure isolated memory technology in hardware.
The command definition is available in CSV3 spec.
Signed-off-by: Xin Jiang <jiangxin@hygon.cn>
Signed-off-by: hanliyang <hanliyang@hygon.cn>
Upstream: no
When pin_user_pages_fast pin SEV guest memory without FOLL_LONGTERM
flag, the pinning pages may be in CMA area, which resulting in other
applications may can't use the CMA area because the pinning pages
can't be migrated.
Add FOLL_LONGTERM flag to pin_user_pages_fast, which makes sure that we
don't keep non_movable pages (due to page reference count) in CMA area.
So CMA area can be allocated by other applications.
Signed-off-by: Xin Jiang <jiangxin@hygon.cn>
Signed-off-by: hanliyang <hanliyang@hygon.cn>
Upstream: no
Before migrating a page, we need to drain the page out of cpu's
pagevecs if the page is in cpu's pagevecs. Otherwise, the migration
will fail because of incorrect page reference. Whatever the return
value of the function folio_test_lru() is, it does not tell whether
the page is in cpu's pagevecs. Therefore, the check
folio_test_lru() needs to be removed to ensure that the migration
logic is correct.
Signed-off-by: yangge <yangge@hygon.cn>
Signed-off-by: hanliyang <hanliyang@hygon.cn>
Upstream: no
In the past, movable allocations could be disallowed from CMA through
PF_MEMALLOC_PIN. However, since commit 5d0a661d80 ("mm/page_alloc: use
only one PCP list for THP-sized allocations"), THP-sized pages of
different types are put into one PCP list. When allocate a THP with
PF_MEMALLOC_PIN, it would accidentally get a CMA page from PCP list,
which will cause the program to not run correctly. So, PCP list can't
be used for THP-sized allocations when using PF_MEMALLOC_PIN.
Fixes: 5d0a661d80 ("mm/page_alloc: use only one PCP list for THP-sized allocations")
Signed-off-by: yangge <yangge@hygon.cn>
Signed-off-by: hanliyang <hanliyang@hygon.cn>
Upstream: no
If user want to reuse one ASID for many CSV guests, he should provide a
label (i.e. userid) and the length of the label when launch CSV guest.
The reference count of the ASID will be increased if user launch a CSV
guest with the label correspond to the ASID. When a CSV guest which
launch with a label is destroyed, the reference count of the ASID
correspond to the label will be decreased, and the ASID is freed only if
the reference count becomes zero.
The codes for reuse ASID is not compatible with CONFIG_CGROUP_MISC, we
introduce CONFIG_KVM_SUPPORTS_CSV_REUSE_ASID that depends on
!CGROUP_MISC, the code take effect only when
CONFIG_KVM_SUPPORTS_CSV_REUSE_ASID=y.
Signed-off-by: hanliyang <hanliyang@hygon.cn>
Upstream: no
The ghcb pages might be mapped when KVM handling the VMGEXIT events, and
these ghcb pages will be unmapped when prepare to switch to guest mode.
If we try to kill the userspace VMM (e.g. qemu) of a guest, it's
possible that the mapped ghcb pages will never be unmapped which will
cause memory leak. We exposed a serious memory leak by creating and
killing multiple qemu processes for state encrypted guests frequently.
In order to solve this issue, unmap ghcb pages if they're sill mapped
when destroy guest.
Fixes: ce7ea0cfdc ("KVM: SVM: Move GHCB unmapping to fix RCU warning")
Fixes: 291bd20d5d ("KVM: SVM: Add initial support for a VMGEXIT VMEXIT")
Signed-off-by: hanliyang <hanliyang@hygon.cn>
Upstream: no
commit ea30196aea830c17565060644034ac7183d27a1a OpenAnolis.
ANBZ: #3267
Commit 107cd25321 ("Encrypt the initrd earlier for BSP microcode update")
when SME is enabled, initrd will be encrypted at earlier stage. If
initrd is located at e820 reserved area the initrd will be copied to
direct mapping area in relocate_initrd().
In this case source address of initrd should be mapped as encrypted
while copy_from_early_mem() will clear encrypted attribute as the source
address is not in kernel usable area, therefore relocated initrd is
encrypted data and is not able to be unpacked later.
Add new function copy_early_initrd() to preserve _ENC flag in setup.c
and remove copy_from_early_mem() as it's only used once here by x86.
Signed-off-by: Zelin Deng <zelin.deng@linux.alibaba.com>
Reviewed-by: Guanjun <guanjun@linux.alibaba.com>
Reviewed-by: Baolin Wang <baolin.wang@linux.alibaba.com>
Link: https://gitee.com/anolis/cloud-kernel/pulls/932
Signed-off-by: hanliyang <hanliyang@hygon.cn>
Link: https://gitee.com/anolis/cloud-kernel/pulls/2917
Upstream: no
commit e1347ea0e4825294d441f6d8b4405412774ef313 OpenAnolis.
ANBZ: #3267
In some scenarios, we'd want to specify protection attributes when we
are doing early memory map. As early_memremap_prot() is also defined in
loongarch it's better to select ARCH_USE_MEMREMAP_PROT on X86 config to
avoid redefined error.
Signed-off-by: Zelin Deng <zelin.deng@linux.alibaba.com>
Reviewed-by: Guanjun <guanjun@linux.alibaba.com>
Reviewed-by: Baolin Wang <baolin.wang@linux.alibaba.com>
Link: https://gitee.com/anolis/cloud-kernel/pulls/932
[ hly: Fix conflict. ]
Signed-off-by: hanliyang <hanliyang@hygon.cn>
Link: https://gitee.com/anolis/cloud-kernel/pulls/2917
Upstream commit: 3376ca3f1a2075eaa23c5576c47d04d7e8a4adda
Commit 6abe9c1386 ("KVM: X86: Move ignore_msrs handling upper the
stack") changed the 'ignore_msrs' handling, including sanitizing return
values to the caller. This was fine until commit 12bc2132b1 ("KVM:
X86: Do the same ignore_msrs check for feature msrs") which allowed
non-existing feature MSRs to be ignored, i.e. to not generate an error
on the ioctl() level. It even tried to preserve the sanitization of the
return value. However, the logic is flawed, as '*data' will be
overwritten again with the uninitialized stack value of msr.data.
Fix this by simplifying the logic and always initializing msr.data,
vanishing the need for an additional error exit path.
Fixes: 12bc2132b1 ("KVM: X86: Do the same ignore_msrs check for feature msrs")
Signed-off-by: Mathias Krause <minipli@grsecurity.net>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Link: https://lore.kernel.org/r/20240203124522.592778-2-minipli@grsecurity.net
Signed-off-by: Sean Christopherson <seanjc@google.com>
Upstream commit: a26b7cd2254695f8258cc370f33280db0a9a3813
When intercepts are enabled for MSR_IA32_XSS, the host will swap in/out
the guest-defined values while context-switching to/from guest mode.
However, in the case of SEV-ES, vcpu->arch.guest_state_protected is set,
so the guest-defined value is effectively ignored when switching to
guest mode with the understanding that the VMSA will handle swapping
in/out this register state.
However, SVM is still configured to intercept these accesses for SEV-ES
guests, so the values in the initial MSR_IA32_XSS are effectively
read-only, and a guest will experience undefined behavior if it actually
tries to write to this MSR. Fortunately, only CET/shadowstack makes use
of this register on SEV-ES-capable systems currently, which isn't yet
widely used, but this may become more of an issue in the future.
Additionally, enabling intercepts of MSR_IA32_XSS results in #VC
exceptions in the guest in certain paths that can lead to unexpected #VC
nesting levels. One example is SEV-SNP guests when handling #VC
exceptions for CPUID instructions involving leaf 0xD, subleaf 0x1, since
they will access MSR_IA32_XSS as part of servicing the CPUID #VC, then
generate another #VC when accessing MSR_IA32_XSS, which can lead to
guest crashes if an NMI occurs at that point in time. Running perf on a
guest while it is issuing such a sequence is one example where these can
be problematic.
Address this by disabling intercepts of MSR_IA32_XSS for SEV-ES guests
if the host/guest configuration allows it. If the host/guest
configuration doesn't allow for MSR_IA32_XSS, leave it intercepted so
that it can be caught by the existing checks in
kvm_{set,get}_msr_common() if the guest still attempts to access it.
Fixes: 376c6d2850 ("KVM: SVM: Provide support for SEV-ES vCPU creation/loading")
Cc: Alexey Kardashevskiy <aik@amd.com>
Suggested-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Message-Id: <20231016132819.1002933-4-michael.roth@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Upstream: no
The memory region of .bss..decrypted section maybe mapped with encryption
before early boot stage of Linux. If the correspond stale caches lives in
earlier stage were not flushed before we access that memory region in
later stages, then Linux will crash because the stale caches will pollute
the memory.
Fix this issue by flush the caches with encrypted mapping before we
access .bss..decrypted section.
Signed-off-by: hanliyang <hanliyang@hygon.cn>
!146 [next-6.6]kunpeng:Backport hns3 features and bugfixes
!143 [next-6.6] kunpeng:Backport some bugfixes for hisi_sas
!149 [next-6.6]Hygon:Update ccp-crypto driver to support Hygon 4th CPU
& add hct.ko module which needed by HCT engine
!148 [next-6.6]Hygon:Support CSV(2) guest attestation, CSV firmware update,
CSV(2) guest migration, CSV(2) guest reboot, x86-psp communicate interfaces
!147 [next-6.6] Montage:add support for Montage Mont-TSSE Driver
!144 [next-6.6]Support PSP identification for Hygon 4th CPU and print secure
features when running on Hygon CPUs
!141 add 3snic 3s9xx NIC driver Merge pull request
Conflicts:
drivers/scsi/hisi_sas/hisi_sas_main.c
Signed-off-by: Jianping Liu <frankjpliu@tencent.com>
[ Upstream commit 3b0daecfeac0103aba8b293df07a0cbaf8b43f29 ]
This uses calloc instead of doing the multiplication which might
overflow.
This fixes CVE-2024-26817
Cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Jinliang Zheng <alexjlzheng@tencent.com>
Vitaly Kuznetsov