Changes in 5.15.91
memory: tegra: Remove clients SID override programming
memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe()
memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe()
dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG
arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property
ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency'
ARM: dts: imx7d-pico: Use 'clock-frequency'
ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts'
arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux
ARM: imx: add missing of_node_put()
HID: intel_ish-hid: Add check for ishtp_dma_tx_map
arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity
soc: imx8m: Fix incorrect check for of_clk_get_by_name()
reset: uniphier-glue: Use reset_control_bulk API
reset: uniphier-glue: Fix possible null-ptr-deref
EDAC/highbank: Fix memory leak in highbank_mc_probe()
firmware: arm_scmi: Harden shared memory access in fetch_response
firmware: arm_scmi: Harden shared memory access in fetch_notification
tomoyo: fix broken dependency on *.conf.default
RDMA/core: Fix ib block iterator counter overflow
IB/hfi1: Reject a zero-length user expected buffer
IB/hfi1: Reserve user expected TIDs
IB/hfi1: Fix expected receive setup error exit issues
IB/hfi1: Immediately remove invalid memory from hardware
IB/hfi1: Remove user expected buffer invalidate race
affs: initialize fsdata in affs_truncate()
PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe()
arm64: dts: qcom: msm8992: Don't use sfpb mutex
arm64: dts: qcom: msm8992-libra: Add CPU regulators
arm64: dts: qcom: msm8992-libra: Fix the memory map
phy: ti: fix Kconfig warning and operator precedence
NFSD: fix use-after-free in nfsd4_ssc_setup_dul()
ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60
amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent
amd-xgbe: Delay AN timeout during KR training
bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation
phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on()
net: nfc: Fix use-after-free in local_cleanup()
net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs
net: enetc: avoid deadlock in enetc_tx_onestep_tstamp()
sch_htb: Avoid grafting on htb_destroy_class_offload when destroying htb
gpio: use raw spinlock for gpio chip shadowed data
gpio: mxc: Protect GPIO irqchip RMW with bgpio spinlock
gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode
wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
pinctrl/rockchip: Use temporary variable for struct device
pinctrl/rockchip: add error handling for pull/drive register getters
pinctrl: rockchip: fix reading pull type on rk3568
net: stmmac: Fix queue statistics reading
net/sched: sch_taprio: fix possible use-after-free
l2tp: Serialize access to sk_user_data with sk_callback_lock
l2tp: Don't sleep and disable BH under writer-side sk_callback_lock
l2tp: convert l2tp_tunnel_list to idr
l2tp: close all race conditions in l2tp_tunnel_register()
octeontx2-pf: Avoid use of GFP_KERNEL in atomic context
net: usb: sr9700: Handle negative len
net: mdio: validate parameter addr in mdiobus_get_phy()
HID: check empty report_list in hid_validate_values()
HID: check empty report_list in bigben_probe()
net: stmmac: fix invalid call to mdiobus_get_phy()
pinctrl: rockchip: fix mux route data for rk3568
HID: revert CHERRY_MOUSE_000C quirk
usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
Bluetooth: Fix possible deadlock in rfcomm_sk_state_change
net: ipa: disable ipa interrupt during suspend
net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT
net: mlx5: eliminate anonymous module_init & module_exit
drm/panfrost: fix GENERIC_ATOMIC64 dependency
dmaengine: Fix double increment of client_count in dma_chan_get()
net: macb: fix PTP TX timestamp failure due to packet padding
virtio-net: correctly enable callback during start_xmit
l2tp: prevent lockdep issue in l2tp_tunnel_register()
HID: betop: check shape of output reports
cifs: fix potential deadlock in cache_refresh_path()
dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node()
phy: phy-can-transceiver: Skip warning if no "max-bitrate"
drm/amd/display: fix issues with driver unload
nvme-pci: fix timeout request state check
tcp: avoid the lookup process failing to get sk in ehash table
octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt
ptdma: pt_core_execute_cmd() should use spinlock
device property: fix of node refcount leak in fwnode_graph_get_next_endpoint()
w1: fix deadloop in __w1_remove_master_device()
w1: fix WARNING after calling w1_process()
driver core: Fix test_async_probe_init saves device in wrong array
selftests/net: toeplitz: fix race on tpacket_v3 block close
net: dsa: microchip: ksz9477: port map correction in ALU table entry register
thermal/core: Remove duplicate information when an error occurs
thermal/core: Rename 'trips' to 'num_trips'
thermal: Validate new state in cur_state_store()
thermal/core: fix error code in __thermal_cooling_device_register()
thermal: core: call put_device() only after device_register() fails
net: stmmac: enable all safety features by default
tcp: fix rate_app_limited to default to 1
scsi: iscsi: Fix multiple iSCSI session unbind events sent to userspace
cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist
kcsan: test: don't put the expect array on the stack
cpufreq: Add SM6375 to cpufreq-dt-platdev blocklist
ASoC: fsl_micfil: Correct the number of steps on SX controls
net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem
drm: Add orientation quirk for Lenovo ideapad D330-10IGL
s390/debug: add _ASM_S390_ prefix to header guard
s390: expicitly align _edata and _end symbols on page boundary
perf/x86/msr: Add Emerald Rapids
perf/x86/intel/uncore: Add Emerald Rapids
cpufreq: armada-37xx: stop using 0 as NULL pointer
ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC
ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets
spi: spidev: remove debug messages that access spidev->spi without locking
KVM: s390: interrupt: use READ_ONCE() before cmpxchg()
scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id
r8152: add vendor/device ID pair for Microsoft Devkit
platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD
platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK
lockref: stop doing cpu_relax in the cmpxchg loop
firmware: coreboot: Check size of table entry and use flex-array
drm/i915: Allow switching away via vga-switcheroo if uninitialized
Revert "selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID"
drm/i915: Remove unused variable
x86: ACPI: cstate: Optimize C3 entry on AMD CPUs
fs: reiserfs: remove useless new_opts in reiserfs_remount
sysctl: add a new register_sysctl_init() interface
kernel/panic: move panic sysctls to its own file
panic: unset panic_on_warn inside panic()
ubsan: no need to unset panic_on_warn in ubsan_epilogue()
kasan: no need to unset panic_on_warn in end_report()
exit: Add and use make_task_dead.
objtool: Add a missing comma to avoid string concatenation
hexagon: Fix function name in die()
h8300: Fix build errors from do_exit() to make_task_dead() transition
csky: Fix function name in csky_alignment() and die()
ia64: make IA64_MCA_RECOVERY bool instead of tristate
panic: Separate sysctl logic from CONFIG_SMP
exit: Put an upper limit on how often we can oops
exit: Expose "oops_count" to sysfs
exit: Allow oops_limit to be disabled
panic: Consolidate open-coded panic_on_warn checks
panic: Introduce warn_limit
panic: Expose "warn_count" to sysfs
docs: Fix path paste-o for /sys/kernel/warn_count
exit: Use READ_ONCE() for all oops/warn limit reads
Bluetooth: hci_sync: cancel cmd_timer if hci_open failed
drm/amdgpu: complete gfxoff allow signal during suspend without delay
scsi: hpsa: Fix allocation size for scsi_host_alloc()
KVM: SVM: fix tsc scaling cache logic
module: Don't wait for GOING modules
tracing: Make sure trace_printk() can output as soon as it can be used
trace_events_hist: add check for return value of 'create_hist_field'
ftrace/scripts: Update the instructions for ftrace-bisect.sh
cifs: Fix oops due to uncleared server->smbd_conn in reconnect
i2c: mv64xxx: Remove shutdown method from driver
i2c: mv64xxx: Add atomic_xfer method to driver
ksmbd: add smbd max io size parameter
ksmbd: add max connections parameter
ksmbd: do not sign response to session request for guest login
ksmbd: downgrade ndr version error message to debug
ksmbd: limit pdu length size according to connection status
ovl: fail on invalid uid/gid mapping at copy up
KVM: x86/vmx: Do not skip segment attributes if unusable bit is set
KVM: arm64: GICv4.1: Fix race with doorbell on VPE activation/deactivation
thermal: intel: int340x: Protect trip temperature from concurrent updates
ipv6: fix reachability confirmation with proxy_ndp
ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment
EDAC/device: Respect any driver-supplied workqueue polling value
EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info
net: mana: Fix IRQ name - add PCI and queue number
scsi: ufs: core: Fix devfreq deadlocks
i2c: designware: use casting of u64 in clock multiplication to avoid overflow
netlink: prevent potential spectre v1 gadgets
net: fix UaF in netns ops registration error path
drm/i915/selftest: fix intel_selftest_modify_policy argument types
netfilter: nft_set_rbtree: Switch to node list walk for overlap detection
netfilter: nft_set_rbtree: skip elements in transaction from garbage collection
netlink: annotate data races around nlk->portid
netlink: annotate data races around dst_portid and dst_group
netlink: annotate data races around sk_state
ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
ipv4: prevent potential spectre v1 gadget in fib_metrics_match()
netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE
netrom: Fix use-after-free of a listening socket.
net/sched: sch_taprio: do not schedule in taprio_reset()
sctp: fail if no bound addresses can be used for a given scope
riscv/kprobe: Fix instruction simulation of JALR
nvme: fix passthrough csi check
gpio: mxc: Unlock on error path in mxc_flip_edge()
ravb: Rename "no_ptp_cfg_active" and "ptp_cfg_active" variables
net: ravb: Fix lack of register setting after system resumed for Gen3
net: ravb: Fix possible hang if RIS2_QFF1 happen
net: mctp: mark socks as dead on unhash, prevent re-add
thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type()
net/tg3: resolve deadlock in tg3_reset_task() during EEH
net: mdio-mux-meson-g12a: force internal PHY off on mux switch
treewide: fix up files incorrectly marked executable
tools: gpio: fix -c option of gpio-event-mon
Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode"
cpufreq: Move to_gov_attr_set() to cpufreq.h
cpufreq: governor: Use kobject release() method to free dbs_data
kbuild: Allow kernel installation packaging to override pkg-config
block: fix and cleanup bio_check_ro
x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
netfilter: conntrack: unify established states for SCTP paths
perf/x86/amd: fix potential integer overflow on shift of a int
Linux 5.15.91
Change-Id: I3349d802533097ac86e5c680fbd40c00c9719ec7
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit ef3691683d7bfd0a2acf48812e4ffe894f10bfa8 upstream.
To save the vgic LPI pending state with GICv4.1, the VPEs must all be
unmapped from the ITSs so that the sGIC caches can be flushed.
The opposite is done once the state is saved.
This is all done by using the activate/deactivate irqdomain callbacks
directly from the vgic code. Crutially, this is done without holding
the irqdesc lock for the interrupts that represent the VPE. And these
callbacks are changing the state of the irqdesc. What could possibly
go wrong?
If a doorbell fires while we are messing with the irqdesc state,
it will acquire the lock and change the interrupt state concurrently.
Since we don't hole the lock, curruption occurs in on the interrupt
state. Oh well.
While acquiring the lock would fix this (and this was Shanker's
initial approach), this is still a layering violation we could do
without. A better approach is actually to free the VPE interrupt,
do what we have to do, and re-request it.
It is more work, but this usually happens only once in the lifetime
of the VM and we don't really care about this sort of overhead.
Fixes: f66b7b151e ("KVM: arm64: GICv4.1: Try to save VLPI state in save_pending_tables")
Reported-by: Shanker Donthineni <sdonthineni@nvidia.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230118022348.4137094-1-sdonthineni@nvidia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Consolidate the GICv3 VMCR accessor hypercalls into the APR save/restore
hypercalls so that all of the EL2 GICv3 state is covered by a single pair
of hypercalls.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 233587962
Change-Id: Ifb109d1592a82d0858d5040482d5cf686f9e74e2
Despite the userspace ABI clearly defining the bits dealt with by
KVM_DEV_ARM_VGIC_GRP_LEVEL_INFO as a __u32, the kernel uses a u64.
Use a u32 to match the userspace ABI, which will subsequently lead
to some simplifications.
Reviewed-by: Reiji Watanabe <reijiw@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
(cherry picked from commit 38cf0bb7625a58625efeef9ec944671464ff7430)
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 233587962
Bug: 233588291
Change-Id: I68a4ec9614c7e428666d3cfc9f488cce34ca1d47
In order to start making the vgic sysreg access from userspace
similar to all the other sysregs, push the userspace memory
access one level down into vgic_v3_cpu_sysregs_uaccess().
The next step will be to rely on the sysreg infrastructure
to perform this task.
Reviewed-by: Reiji Watanabe <reijiw@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
(cherry picked from commit db25081e147c3cc496b8cd8c9d67f992546df6d5)
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 233587962
Bug: 233588291
Change-Id: Icbe79690a6fa396331db126c0e3573da0ccfe563
Finding out whether a sysreg exists has little to do with that
register being accessed, so drop the is_write parameter.
Also, the reg pointer is completely unused, and we're better off
just passing the attr pointer to the function.
This result in a small cleanup of the calling site, with a new
helper converting the vGIC view of a sysreg into the canonical
one (this is purely cosmetic, as the encoding is the same).
Reviewed-by: Reiji Watanabe <reijiw@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
(cherry picked from commit b61fc0857a3ad4cdee44128ad13685033e237367)
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 233587962
Bug: 233588291
Change-Id: I2c47fc989c226caedd39b57930dc1dba12a2a9d3
Since adversising GICR_CTLR.{IC,CES} is directly observable from
a guest, we need to make it selectable from userspace.
For that, bump the default GICD_IIDR revision and let userspace
downgrade it to the previous default. For GICv2, the two distributor
revisions are strictly equivalent.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20220405182327.205520-5-maz@kernel.org
(cherry picked from commit 49a1a2c70a7fd820fe60a65a3e38ab9095082dc9)
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 233587962
Bug: 233588291
Change-Id: I15f6688a270031f18da9b5c3d88a21aaa0d7167e
Since GICv4.1, it has become legal for an implementation to advertise
GICR_{INVLPIR,INVALLR,SYNCR} while having an ITS, allowing for a more
efficient invalidation scheme (no guest command queue contention when
multiple CPUs are generating invalidations).
Provide the invalidation registers as a primitive to their ITS
counterpart. Note that we don't advertise them to the guest yet
(the architecture allows an implementation to do this).
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Oliver Upton <oupton@google.com>
Link: https://lore.kernel.org/r/20220405182327.205520-4-maz@kernel.org
(cherry picked from commit 4645d11f4a5538ec1221f36e397cfb0115718ffe)
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 233587962
Bug: 233588291
Change-Id: I0ecd02ee491da16bcce472462a4df5ab7115a89e
When disabling LPIs, a guest needs to poll GICR_CTLR.RWP in order
to be sure that the write has taken effect. We so far reported it
as 0, as we didn't advertise that LPIs could be turned off the
first place.
Start tracking this state during which LPIs are being disabled,
and expose the 'in progress' state via the RWP bit.
We also take this opportunity to disallow enabling LPIs and programming
GICR_{PEND,PROP}BASER while LPI disabling is in progress, as allowed by
the architecture (UNPRED behaviour).
We don't advertise the feature to the guest yet (which is allowed by
the architecture).
Reviewed-by: Oliver Upton <oupton@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20220405182327.205520-3-maz@kernel.org
(cherry picked from commit 94828468a6085e6ae148986d300b634b87f86516)
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 233587962
Bug: 233588291
Change-Id: I167111a793e158c5063f6af7b3d7c00fe7488a96
Merge the functions to save and restore vmcr and apr. This can in some
cases reduce the number of hypercalls necessary to load/put the vgic
state in nVHE and will also ease its management in protected mode later
on.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Bug: 209580772
Change-Id: Id85f0698a7a346282e55c15993c274828bd5309c
Signed-off-by: Will Deacon <willdeacon@google.com>
Add the new vgic_check_iorange helper that checks that an iorange is
sane: the start address and size have valid alignments, the range is
within the addressable PA range, start+size doesn't overflow, and the
start wasn't already defined.
No functional change.
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Ricardo Koller <ricarkol@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211005011921.437353-2-ricarkol@google.com
(cherry picked from commit f25c5e4dafd859b941a4654cbab9eb83ff994bcd)
Bug: 204960018
Signed-off-by: Will Deacon <willdeacon@google.com>
Change-Id: Ic702fe5c28dc1c7a7bc5975703acee084b8a7b6b
When a mapped level interrupt (a timer, for example) is deactivated
by the guest, the corresponding host interrupt is equally deactivated.
However, the fate of the pending state still needs to be dealt
with in SW.
This is specially true when the interrupt was in the active+pending
state in the virtual distributor at the point where the guest
was entered. On exit, the pending state is potentially stale
(the guest may have put the interrupt in a non-pending state).
If we don't do anything, the interrupt will be spuriously injected
in the guest. Although this shouldn't have any ill effect (spurious
interrupts are always possible), we can improve the emulation by
detecting the deactivation-while-pending case and resample the
interrupt.
While we're at it, move the logic into a common helper that can
be shared between the two GIC implementations.
Fixes: e40cc57bac ("KVM: arm/arm64: vgic: Support level-triggered mapped interrupts")
Reported-by: Raghavendra Rao Ananta <rananta@google.com>
Tested-by: Raghavendra Rao Ananta <rananta@google.com>
Reviewed-by: Oliver Upton <oupton@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210819180305.1670525-1-maz@kernel.org
Pull kvm updates from Paolo Bonzini:
"ARM:
- Move the arch-specific code into arch/arm64/kvm
- Start the post-32bit cleanup
- Cherry-pick a few non-invasive pre-NV patches
x86:
- Rework of TLB flushing
- Rework of event injection, especially with respect to nested
virtualization
- Nested AMD event injection facelift, building on the rework of
generic code and fixing a lot of corner cases
- Nested AMD live migration support
- Optimization for TSC deadline MSR writes and IPIs
- Various cleanups
- Asynchronous page fault cleanups (from tglx, common topic branch
with tip tree)
- Interrupt-based delivery of asynchronous "page ready" events (host
side)
- Hyper-V MSRs and hypercalls for guest debugging
- VMX preemption timer fixes
s390:
- Cleanups
Generic:
- switch vCPU thread wakeup from swait to rcuwait
The other architectures, and the guest side of the asynchronous page
fault work, will come next week"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (256 commits)
KVM: selftests: fix rdtsc() for vmx_tsc_adjust_test
KVM: check userspace_addr for all memslots
KVM: selftests: update hyperv_cpuid with SynDBG tests
x86/kvm/hyper-v: Add support for synthetic debugger via hypercalls
x86/kvm/hyper-v: enable hypercalls regardless of hypercall page
x86/kvm/hyper-v: Add support for synthetic debugger interface
x86/hyper-v: Add synthetic debugger definitions
KVM: selftests: VMX preemption timer migration test
KVM: nVMX: Fix VMX preemption timer migration
x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit
KVM: x86/pmu: Support full width counting
KVM: x86/pmu: Tweak kvm_pmu_get_msr to pass 'struct msr_data' in
KVM: x86: announce KVM_FEATURE_ASYNC_PF_INT
KVM: x86: acknowledgment mechanism for async pf page ready notifications
KVM: x86: interrupt based APF 'page ready' event delivery
KVM: introduce kvm_read_guest_offset_cached()
KVM: rename kvm_arch_can_inject_async_page_present() to kvm_arch_can_dequeue_async_page_present()
KVM: x86: extend struct kvm_vcpu_pv_apf_data with token info
Revert "KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously"
KVM: VMX: Replace zero-length array with flexible-array
...
