Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 409232a4 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm 

Pull KVM fixes from Paolo Bonzini:
 "ARM fixes:
   - A bug in handling of SPE state for non-vhe systems
   - A fix for a crash on system shutdown
   - Three timer fixes, introduced by the timer optimizations for v4.15

  x86 fixes:
   - fix for a WARN that was introduced in 4.15
   - fix for SMM when guest uses PCID
   - fixes for several bugs found by syzkaller

  ... and a dozen papercut fixes for the kvm_stat tool"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (22 commits)
  tools/kvm_stat: sort '-f help' output
  kvm: x86: fix RSM when PCID is non-zero
  KVM: Fix stack-out-of-bounds read in write_mmio
  KVM: arm/arm64: Fix timer enable flow
  KVM: arm/arm64: Properly handle arch-timer IRQs after vtimer_save_state
  KVM: arm/arm64: timer: Don't set irq as forwarded if no usable GIC
  KVM: arm/arm64: Fix HYP unmapping going off limits
  arm64: kvm: Prevent restoring stale PMSCR_EL1 for vcpu
  KVM/x86: Check input paging mode when cs.l is set
  tools/kvm_stat: add line for totals
  tools/kvm_stat: stop ignoring unhandled arguments
  tools/kvm_stat: suppress usage information on command line errors
  tools/kvm_stat: handle invalid regular expressions
  tools/kvm_stat: add hint on '-f help' to man page
  tools/kvm_stat: fix child trace events accounting
  tools/kvm_stat: fix extra handling of 'help' with fields filter
  tools/kvm_stat: fix missing field update after filter change
  tools/kvm_stat: fix drilldown in events-by-guests mode
  tools/kvm_stat: fix command line option '-g'
  kvm: x86: fix WARN due to uninitialized guest FPU state
  ...
parents d1ce8ceb aa12f594

arch/arm64/kvm/hyp/debug-sr.c

+3 −0
Original line number Diff line number Diff line
@@ -74,6 +74,9 @@ static void __hyp_text __debug_save_spe_nvhe(u64 *pmscr_el1) 
{

	u64 reg;



	/* Clear pmscr in case of early return */

	*pmscr_el1 = 0;



	/* SPE present on this CPU? */

	if (!cpuid_feature_extract_unsigned_field(read_sysreg(id_aa64dfr0_el1),

						  ID_AA64DFR0_PMSVER_SHIFT))

arch/x86/kvm/emulate.c

+25 −7
Original line number Diff line number Diff line
@@ -2390,9 +2390,21 @@ static int rsm_load_seg_64(struct x86_emulate_ctxt *ctxt, u64 smbase, int n) 
}



static int rsm_enter_protected_mode(struct x86_emulate_ctxt *ctxt,

				     u64 cr0, u64 cr4)

				    u64 cr0, u64 cr3, u64 cr4)

{

	int bad;

	u64 pcid;



	/* In order to later set CR4.PCIDE, CR3[11:0] must be zero.  */

	pcid = 0;

	if (cr4 & X86_CR4_PCIDE) {

		pcid = cr3 & 0xfff;

		cr3 &= ~0xfff;

	}



	bad = ctxt->ops->set_cr(ctxt, 3, cr3);

	if (bad)

		return X86EMUL_UNHANDLEABLE;



	/*

	 * First enable PAE, long mode needs it before CR0.PG = 1 is set.
@@ -2411,6 +2423,12 @@ static int rsm_enter_protected_mode(struct x86_emulate_ctxt *ctxt, 
		bad = ctxt->ops->set_cr(ctxt, 4, cr4);

		if (bad)

			return X86EMUL_UNHANDLEABLE;

		if (pcid) {

			bad = ctxt->ops->set_cr(ctxt, 3, cr3 | pcid);

			if (bad)

				return X86EMUL_UNHANDLEABLE;

		}



	}



	return X86EMUL_CONTINUE;
@@ -2421,11 +2439,11 @@ static int rsm_load_state_32(struct x86_emulate_ctxt *ctxt, u64 smbase) 
	struct desc_struct desc;

	struct desc_ptr dt;

	u16 selector;

	u32 val, cr0, cr4;

	u32 val, cr0, cr3, cr4;

	int i;



	cr0 =                      GET_SMSTATE(u32, smbase, 0x7ffc);

	ctxt->ops->set_cr(ctxt, 3, GET_SMSTATE(u32, smbase, 0x7ff8));

	cr3 =                      GET_SMSTATE(u32, smbase, 0x7ff8);

	ctxt->eflags =             GET_SMSTATE(u32, smbase, 0x7ff4) | X86_EFLAGS_FIXED;

	ctxt->_eip =               GET_SMSTATE(u32, smbase, 0x7ff0);
@@ -2467,14 +2485,14 @@ static int rsm_load_state_32(struct x86_emulate_ctxt *ctxt, u64 smbase) 


	ctxt->ops->set_smbase(ctxt, GET_SMSTATE(u32, smbase, 0x7ef8));



	return rsm_enter_protected_mode(ctxt, cr0, cr4);

	return rsm_enter_protected_mode(ctxt, cr0, cr3, cr4);

}



static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, u64 smbase)

{

	struct desc_struct desc;

	struct desc_ptr dt;

	u64 val, cr0, cr4;

	u64 val, cr0, cr3, cr4;

	u32 base3;

	u16 selector;

	int i, r;
@@ -2491,7 +2509,7 @@ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, u64 smbase) 
	ctxt->ops->set_dr(ctxt, 7, (val & DR7_VOLATILE) | DR7_FIXED_1);



	cr0 =                       GET_SMSTATE(u64, smbase, 0x7f58);

	ctxt->ops->set_cr(ctxt, 3,  GET_SMSTATE(u64, smbase, 0x7f50));

	cr3 =                       GET_SMSTATE(u64, smbase, 0x7f50);

	cr4 =                       GET_SMSTATE(u64, smbase, 0x7f48);

	ctxt->ops->set_smbase(ctxt, GET_SMSTATE(u32, smbase, 0x7f00));

	val =                       GET_SMSTATE(u64, smbase, 0x7ed0);
@@ -2519,7 +2537,7 @@ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, u64 smbase) 
	dt.address =                GET_SMSTATE(u64, smbase, 0x7e68);

	ctxt->ops->set_gdt(ctxt, &dt);



	r = rsm_enter_protected_mode(ctxt, cr0, cr4);

	r = rsm_enter_protected_mode(ctxt, cr0, cr3, cr4);

	if (r != X86EMUL_CONTINUE)

		return r;

arch/x86/kvm/mmu.c

+4 −4
Original line number Diff line number Diff line
@@ -3395,7 +3395,7 @@ static int mmu_alloc_direct_roots(struct kvm_vcpu *vcpu) 
		spin_lock(&vcpu->kvm->mmu_lock);

		if(make_mmu_pages_available(vcpu) < 0) {

			spin_unlock(&vcpu->kvm->mmu_lock);

			return 1;

			return -ENOSPC;

		}

		sp = kvm_mmu_get_page(vcpu, 0, 0,

				vcpu->arch.mmu.shadow_root_level, 1, ACC_ALL);
@@ -3410,7 +3410,7 @@ static int mmu_alloc_direct_roots(struct kvm_vcpu *vcpu) 
			spin_lock(&vcpu->kvm->mmu_lock);

			if (make_mmu_pages_available(vcpu) < 0) {

				spin_unlock(&vcpu->kvm->mmu_lock);

				return 1;

				return -ENOSPC;

			}

			sp = kvm_mmu_get_page(vcpu, i << (30 - PAGE_SHIFT),

					i << 30, PT32_ROOT_LEVEL, 1, ACC_ALL);
@@ -3450,7 +3450,7 @@ static int mmu_alloc_shadow_roots(struct kvm_vcpu *vcpu) 
		spin_lock(&vcpu->kvm->mmu_lock);

		if (make_mmu_pages_available(vcpu) < 0) {

			spin_unlock(&vcpu->kvm->mmu_lock);

			return 1;

			return -ENOSPC;

		}

		sp = kvm_mmu_get_page(vcpu, root_gfn, 0,

				vcpu->arch.mmu.shadow_root_level, 0, ACC_ALL);
@@ -3487,7 +3487,7 @@ static int mmu_alloc_shadow_roots(struct kvm_vcpu *vcpu) 
		spin_lock(&vcpu->kvm->mmu_lock);

		if (make_mmu_pages_available(vcpu) < 0) {

			spin_unlock(&vcpu->kvm->mmu_lock);

			return 1;

			return -ENOSPC;

		}

		sp = kvm_mmu_get_page(vcpu, root_gfn, i << 30, PT32_ROOT_LEVEL,

				      0, ACC_ALL);

arch/x86/kvm/x86.c

+35 −13
Original line number Diff line number Diff line
@@ -4384,7 +4384,7 @@ static int vcpu_mmio_read(struct kvm_vcpu *vcpu, gpa_t addr, int len, void *v) 
					 addr, n, v))

		    && kvm_io_bus_read(vcpu, KVM_MMIO_BUS, addr, n, v))

			break;

		trace_kvm_mmio(KVM_TRACE_MMIO_READ, n, addr, *(u64 *)v);

		trace_kvm_mmio(KVM_TRACE_MMIO_READ, n, addr, v);

		handled += n;

		addr += n;

		len -= n;
@@ -4643,7 +4643,7 @@ static int read_prepare(struct kvm_vcpu *vcpu, void *val, int bytes) 
{

	if (vcpu->mmio_read_completed) {

		trace_kvm_mmio(KVM_TRACE_MMIO_READ, bytes,

			       vcpu->mmio_fragments[0].gpa, *(u64 *)val);

			       vcpu->mmio_fragments[0].gpa, val);

		vcpu->mmio_read_completed = 0;

		return 1;

	}
@@ -4665,14 +4665,14 @@ static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, 


static int write_mmio(struct kvm_vcpu *vcpu, gpa_t gpa, int bytes, void *val)

{

	trace_kvm_mmio(KVM_TRACE_MMIO_WRITE, bytes, gpa, *(u64 *)val);

	trace_kvm_mmio(KVM_TRACE_MMIO_WRITE, bytes, gpa, val);

	return vcpu_mmio_write(vcpu, gpa, bytes, val);

}



static int read_exit_mmio(struct kvm_vcpu *vcpu, gpa_t gpa,

			  void *val, int bytes)

{

	trace_kvm_mmio(KVM_TRACE_MMIO_READ_UNSATISFIED, bytes, gpa, 0);

	trace_kvm_mmio(KVM_TRACE_MMIO_READ_UNSATISFIED, bytes, gpa, NULL);

	return X86EMUL_IO_NEEDED;

}
@@ -7264,13 +7264,12 @@ static int complete_emulated_mmio(struct kvm_vcpu *vcpu) 


int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)

{

	struct fpu *fpu = &current->thread.fpu;

	int r;



	fpu__initialize(fpu);



	kvm_sigset_activate(vcpu);



	kvm_load_guest_fpu(vcpu);



	if (unlikely(vcpu->arch.mp_state == KVM_MP_STATE_UNINITIALIZED)) {

		if (kvm_run->immediate_exit) {

			r = -EINTR;
@@ -7296,14 +7295,12 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) 
		}

	}



	kvm_load_guest_fpu(vcpu);



	if (unlikely(vcpu->arch.complete_userspace_io)) {

		int (*cui)(struct kvm_vcpu *) = vcpu->arch.complete_userspace_io;

		vcpu->arch.complete_userspace_io = NULL;

		r = cui(vcpu);

		if (r <= 0)

			goto out_fpu;

			goto out;

	} else

		WARN_ON(vcpu->arch.pio.count || vcpu->mmio_needed);
@@ -7312,9 +7309,8 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) 
	else

		r = vcpu_run(vcpu);



out_fpu:

	kvm_put_guest_fpu(vcpu);

out:

	kvm_put_guest_fpu(vcpu);

	post_kvm_run_save(vcpu);

	kvm_sigset_deactivate(vcpu);
@@ -7384,7 +7380,7 @@ int kvm_arch_vcpu_ioctl_set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs) 
#endif



	kvm_rip_write(vcpu, regs->rip);

	kvm_set_rflags(vcpu, regs->rflags);

	kvm_set_rflags(vcpu, regs->rflags | X86_EFLAGS_FIXED);



	vcpu->arch.exception.pending = false;
@@ -7498,6 +7494,29 @@ int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int idt_index, 
}

EXPORT_SYMBOL_GPL(kvm_task_switch);



int kvm_valid_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs)

{

	if ((sregs->efer & EFER_LME) && (sregs->cr0 & X86_CR0_PG_BIT)) {

		/*

		 * When EFER.LME and CR0.PG are set, the processor is in

		 * 64-bit mode (though maybe in a 32-bit code segment).

		 * CR4.PAE and EFER.LMA must be set.

		 */

		if (!(sregs->cr4 & X86_CR4_PAE_BIT)

		    || !(sregs->efer & EFER_LMA))

			return -EINVAL;

	} else {

		/*

		 * Not in 64-bit mode: EFER.LMA is clear and the code

		 * segment cannot be 64-bit.

		 */

		if (sregs->efer & EFER_LMA || sregs->cs.l)

			return -EINVAL;

	}



	return 0;

}



int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,

				  struct kvm_sregs *sregs)

{
@@ -7510,6 +7529,9 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu, 
			(sregs->cr4 & X86_CR4_OSXSAVE))

		return -EINVAL;



	if (kvm_valid_sregs(vcpu, sregs))

		return -EINVAL;



	apic_base_msr.data = sregs->apic_base;

	apic_base_msr.host_initiated = true;

	if (kvm_set_apic_base(vcpu, &apic_base_msr))

include/kvm/arm_arch_timer.h

+1 −1
Original line number Diff line number Diff line
@@ -62,7 +62,7 @@ struct arch_timer_cpu { 
	bool			enabled;

};



int kvm_timer_hyp_init(void);

int kvm_timer_hyp_init(bool);

int kvm_timer_enable(struct kvm_vcpu *vcpu);

int kvm_timer_vcpu_reset(struct kvm_vcpu *vcpu);

void kvm_timer_vcpu_init(struct kvm_vcpu *vcpu);