1. 20 Jun, 2024 1 commit
    • Sean Christopherson's avatar
      KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes · f3ced000
      Sean Christopherson authored
      Sync pending posted interrupts to the IRR prior to re-scanning I/O APIC
      routes, irrespective of whether the I/O APIC is emulated by userspace or
      by KVM.  If a level-triggered interrupt routed through the I/O APIC is
      pending or in-service for a vCPU, KVM needs to intercept EOIs on said
      vCPU even if the vCPU isn't the destination for the new routing, e.g. if
      servicing an interrupt using the old routing races with I/O APIC
      reconfiguration.
      
      Commit fceb3a36 ("KVM: x86: ioapic: Fix level-triggered EOI and
      userspace I/OAPIC reconfigure race") fixed the common cases, but
      kvm_apic_pending_eoi() only checks if an interrupt is in the local
      APIC's IRR or ISR, i.e. misses the uncommon case where an interrupt is
      pending in the PIR.
      
      Failure to intercept EOI can manifest as guest hangs with Windows 11 if
      the guest uses the RTC as its timekeeping source, e.g. if the VMM doesn't
      expose a more modern form of time to the guest.
      
      Cc: stable@vger.kernel.org
      Cc: Adamos Ttofari <attofari@amazon.de>
      Cc: Raghavendra Rao Ananta <rananta@google.com>
      Reviewed-by: default avatarJim Mattson <jmattson@google.com>
      Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
      Message-ID: <20240611014845.82795-1-seanjc@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      f3ced000
  2. 05 Jun, 2024 2 commits
    • Tao Su's avatar
      KVM: x86/mmu: Don't save mmu_invalidate_seq after checking private attr · db574f2f
      Tao Su authored
      Drop the second snapshot of mmu_invalidate_seq in kvm_faultin_pfn().
      Before checking the mismatch of private vs. shared, mmu_invalidate_seq is
      saved to fault->mmu_seq, which can be used to detect an invalidation
      related to the gfn occurred, i.e. KVM will not install a mapping in page
      table if fault->mmu_seq != mmu_invalidate_seq.
      
      Currently there is a second snapshot of mmu_invalidate_seq, which may not
      be same as the first snapshot in kvm_faultin_pfn(), i.e. the gfn attribute
      may be changed between the two snapshots, but the gfn may be mapped in
      page table without hindrance. Therefore, drop the second snapshot as it
      has no obvious benefits.
      
      Fixes: f6adeae8 ("KVM: x86/mmu: Handle no-slot faults at the beginning of kvm_faultin_pfn()")
      Signed-off-by: default avatarTao Su <tao1.su@linux.intel.com>
      Message-ID: <20240528102234.2162763-1-tao1.su@linux.intel.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      db574f2f
    • Paolo Bonzini's avatar
      Merge tag 'kvmarm-fixes-6.10-1' of... · 45ce0314
      Paolo Bonzini authored
      Merge tag 'kvmarm-fixes-6.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD
      
      KVM/arm64 fixes for 6.10, take #1
      
      - Large set of FP/SVE fixes for pKVM, addressing the fallout
        from the per-CPU data rework and making sure that the host
        is not involved in the FP/SVE switching any more
      
      - Allow FEAT_BTI to be enabled with NV now that FEAT_PAUTH
        is copletely supported
      
      - Fix for the respective priorities of Failed PAC, Illegal
        Execution state and Instruction Abort exceptions
      
      - Fix the handling of AArch32 instruction traps failing their
        condition code, which was broken by the introduction of
        ESR_EL2.ISS2
      
      - Allow vpcus running in AArch32 state to be restored in
        System mode
      
      - Fix AArch32 GPR restore that would lose the 64 bit state
        under some conditions
      45ce0314
  3. 04 Jun, 2024 9 commits
  4. 03 Jun, 2024 6 commits
    • Paolo Bonzini's avatar
      Merge tag 'kvm-riscv-fixes-6.10-1' of https://github.com/kvm-riscv/linux into HEAD · b50788f7
      Paolo Bonzini authored
      KVM/riscv fixes for 6.10, take #1
      
      - No need to use mask when hart-index-bits is 0
      - Fix incorrect reg_subtype labels in kvm_riscv_vcpu_set_reg_isa_ext()
      b50788f7
    • Paolo Bonzini's avatar
      Merge branch 'kvm-fixes-6.10-1' into HEAD · b3233c73
      Paolo Bonzini authored
      * Fixes and debugging help for the #VE sanity check.  Also disable
        it by default, even for CONFIG_DEBUG_KERNEL, because it was found
        to trigger spuriously (most likely a processor erratum as the
        exact symptoms vary by generation).
      
      * Avoid WARN() when two NMIs arrive simultaneously during an NMI-disabled
        situation (GIF=0 or interrupt shadow) when the processor supports
        virtual NMI.  While generally KVM will not request an NMI window
        when virtual NMIs are supported, in this case it *does* have to
        single-step over the interrupt shadow or enable the STGI intercept,
        in order to deliver the latched second NMI.
      
      * Drop support for hand tuning APIC timer advancement from userspace.
        Since we have adaptive tuning, and it has proved to work well,
        drop the module parameter for manual configuration and with it a
        few stupid bugs that it had.
      b3233c73
    • Sean Christopherson's avatar
      KVM: x86: Drop support for hand tuning APIC timer advancement from userspace · 89a58812
      Sean Christopherson authored
      Remove support for specifying a static local APIC timer advancement value,
      and instead present a read-only boolean parameter to let userspace enable
      or disable KVM's dynamic APIC timer advancement.  Realistically, it's all
      but impossible for userspace to specify an advancement that is more
      precise than what KVM's adaptive tuning can provide.  E.g. a static value
      needs to be tuned for the exact hardware and kernel, and if KVM is using
      hrtimers, likely requires additional tuning for the exact configuration of
      the entire system.
      
      Dropping support for a userspace provided value also fixes several flaws
      in the interface.  E.g. KVM interprets a negative value other than -1 as a
      large advancement, toggling between a negative and positive value yields
      unpredictable behavior as vCPUs will switch from dynamic to static
      advancement, changing the advancement in the middle of VM creation can
      result in different values for vCPUs within a VM, etc.  Those flaws are
      mostly fixable, but there's almost no justification for taking on yet more
      complexity (it's minimal complexity, but still non-zero).
      
      The only arguments against using KVM's adaptive tuning is if a setup needs
      a higher maximum, or if the adjustments are too reactive, but those are
      arguments for letting userspace control the absolute max advancement and
      the granularity of each adjustment, e.g. similar to how KVM provides knobs
      for halt polling.
      
      Link: https://lore.kernel.org/all/20240520115334.852510-1-zhoushuling@huawei.com
      Cc: Shuling Zhou <zhoushuling@huawei.com>
      Cc: Marcelo Tosatti <mtosatti@redhat.com>
      Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
      Message-ID: <20240522010304.1650603-1-seanjc@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      89a58812
    • Ravi Bangoria's avatar
      KVM: SEV-ES: Delegate LBR virtualization to the processor · b7e4be0a
      Ravi Bangoria authored
      As documented in APM[1], LBR Virtualization must be enabled for SEV-ES
      guests. Although KVM currently enforces LBRV for SEV-ES guests, there
      are multiple issues with it:
      
      o MSR_IA32_DEBUGCTLMSR is still intercepted. Since MSR_IA32_DEBUGCTLMSR
        interception is used to dynamically toggle LBRV for performance reasons,
        this can be fatal for SEV-ES guests. For ex SEV-ES guest on Zen3:
      
        [guest ~]# wrmsr 0x1d9 0x4
        KVM: entry failed, hardware error 0xffffffff
        EAX=00000004 EBX=00000000 ECX=000001d9 EDX=00000000
      
        Fix this by never intercepting MSR_IA32_DEBUGCTLMSR for SEV-ES guests.
        No additional save/restore logic is required since MSR_IA32_DEBUGCTLMSR
        is of swap type A.
      
      o KVM will disable LBRV if userspace sets MSR_IA32_DEBUGCTLMSR before the
        VMSA is encrypted. Fix this by moving LBRV enablement code post VMSA
        encryption.
      
      [1]: AMD64 Architecture Programmer's Manual Pub. 40332, Rev. 4.07 - June
           2023, Vol 2, 15.35.2 Enabling SEV-ES.
           https://bugzilla.kernel.org/attachment.cgi?id=304653
      
      Fixes: 376c6d28 ("KVM: SVM: Provide support for SEV-ES vCPU creation/loading")
      Co-developed-by: default avatarNikunj A Dadhania <nikunj@amd.com>
      Signed-off-by: default avatarNikunj A Dadhania <nikunj@amd.com>
      Signed-off-by: default avatarRavi Bangoria <ravi.bangoria@amd.com>
      Message-ID: <20240531044644.768-4-ravi.bangoria@amd.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      b7e4be0a
    • Ravi Bangoria's avatar
      KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent · d9220562
      Ravi Bangoria authored
      As documented in APM[1], LBR Virtualization must be enabled for SEV-ES
      guests. So, prevent SEV-ES guests when LBRV support is missing.
      
      [1]: AMD64 Architecture Programmer's Manual Pub. 40332, Rev. 4.07 - June
           2023, Vol 2, 15.35.2 Enabling SEV-ES.
           https://bugzilla.kernel.org/attachment.cgi?id=304653
      
      Fixes: 376c6d28 ("KVM: SVM: Provide support for SEV-ES vCPU creation/loading")
      Signed-off-by: default avatarRavi Bangoria <ravi.bangoria@amd.com>
      Message-ID: <20240531044644.768-3-ravi.bangoria@amd.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      d9220562
    • Nikunj A Dadhania's avatar
      KVM: SEV-ES: Prevent MSR access post VMSA encryption · 27bd5fdc
      Nikunj A Dadhania authored
      KVM currently allows userspace to read/write MSRs even after the VMSA is
      encrypted. This can cause unintentional issues if MSR access has side-
      effects. For ex, while migrating a guest, userspace could attempt to
      migrate MSR_IA32_DEBUGCTLMSR and end up unintentionally disabling LBRV on
      the target. Fix this by preventing access to those MSRs which are context
      switched via the VMSA, once the VMSA is encrypted.
      Suggested-by: default avatarSean Christopherson <seanjc@google.com>
      Signed-off-by: default avatarNikunj A Dadhania <nikunj@amd.com>
      Signed-off-by: default avatarRavi Bangoria <ravi.bangoria@amd.com>
      Message-ID: <20240531044644.768-2-ravi.bangoria@amd.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      27bd5fdc
  5. 02 Jun, 2024 8 commits
  6. 01 Jun, 2024 6 commits
  7. 31 May, 2024 8 commits
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2024-06-01' of https://gitlab.freedesktop.org/drm/kernel · cc8ed4d0
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "This is the weekly fixes. Lots of small fixes across the board, one
        BUG_ON fix in shmem seems most important, otherwise amdgpu, i915, xe
        mostly with small fixes to all the other drivers.
      
        shmem:
         - fix BUG_ON in COW handling
         - warn when trying to pin imported objects
      
        buddy:
         - fix page size handling
      
        dma-buf:
         - sw-sync: Don't interfere with IRQ handling
         - fix kthreads-handling error path
      
        i915:
         - fix a race in audio component by registering it later
         - make DPT object unshrinkable to avoid shrinking when framebuffer
           has not shrunk
         - fix CCS id calculation to fix a perf regression
         - fix selftest caching mode
         - fix FIELD_PREP compiler warnings
         - fix indefinite wait for GT wakeref release
         - revert overeager multi-gt pm reference removal
      
        xe:
         - pcode polling timeout change
         - fix for deadlocks for faulting VMs
         - error-path lock imbalance fix
      
        amdgpu:
         - RAS fix
         - fix colorspace property for MST connectors
         - fix for PCIe DPM
         - silence UBSAN warning
         - GPUVM robustness fix
         - partition fix
         - drop deprecated I2C_CLASS_SPD
      
        amdkfd:
         - revert unused changes for certain 11.0.3 devices
         - simplify APU VRAM handling
      
        lima:
         - fix dma_resv-related deadlock in object pin
      
        msm:
         - remove build-time dependency on Python 3.9
      
        nouveau:
         - nvif: Fix possible integer overflow
      
        panel:
         - lg-sw43408: Select DP helpers; Declare backlight ops as static
         - sitronix-st7789v: Various fixes for jt240mhqs_hwt_ek_e3 panel
      
        panfrost:
         - fix dma_resv-related deadlock in object pin"
      
      * tag 'drm-fixes-2024-06-01' of https://gitlab.freedesktop.org/drm/kernel: (35 commits)
        drm/msm: remove python 3.9 dependency for compiling msm
        drm/panel: sitronix-st7789v: fix display size for jt240mhqs_hwt_ek_e3 panel
        drm/panel: sitronix-st7789v: tweak timing for jt240mhqs_hwt_ek_e3 panel
        drm/panel: sitronix-st7789v: fix timing for jt240mhqs_hwt_ek_e3 panel
        drm/amd/pm: remove deprecated I2C_CLASS_SPD support from newly added SMU_14_0_2
        drm/amdgpu: Make CPX mode auto default in NPS4
        drm/amdkfd: simplify APU VRAM handling
        Revert "drm/amdkfd: fix gfx_target_version for certain 11.0.3 devices"
        drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent
        drm/amdgpu: silence UBSAN warning
        drm/amdgpu: Adjust logic in amdgpu_device_partner_bandwidth()
        drm/i915: Fix audio component initialization
        drm/i915/dpt: Make DPT object unshrinkable
        drm/i915/gt: Fix CCS id's calculation for CCS mode setting
        drm/panel/lg-sw43408: mark sw43408_backlight_ops as static
        drm/i915/selftests: Set always_coherent to false when reading from CPU
        drm/panel/lg-sw43408: select CONFIG_DRM_DISPLAY_DP_HELPER
        drm/i915/guc: avoid FIELD_PREP warning
        drm/i915/gt: Disarm breadcrumbs if engines are already idle
        Revert "drm/i915: Remove extra multi-gt pm-references"
        ...
      cc8ed4d0
    • Linus Torvalds's avatar
      Merge tag 'hwmon-for-v6.10-rc2' of... · 1b907b83
      Linus Torvalds authored
      Merge tag 'hwmon-for-v6.10-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
      
      Pull hwmon fixes from Guenter Roeck:
      
       - sttcs: Fix property spelling
      
       - intel-m10-bmc-hwmon: Fix multiplier for N6000 board power sensor
      
       - ltc2992: Fix memory leak
      
       - dell-smm: Add Dell G15 5511 to fan control whitelist
      
      * tag 'hwmon-for-v6.10-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
        hwmon: (shtc1) Fix property misspelling
        hwmon: (intel-m10-bmc-hwmon) Fix multiplier for N6000 board power sensor
        hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt()
        hwmon: (dell-smm) Add Dell G15 5511 to fan control whitelist
      1b907b83
    • Linus Torvalds's avatar
      Merge tag 'mailbox-fixes-v6.10-rc1' of... · b7087cb3
      Linus Torvalds authored
      Merge tag 'mailbox-fixes-v6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jassibrar/mailbox
      
      Pull mailbox fix from Jassi Brar:
      
       - zynqmp-ipi: fix linker error on some configurations
      
      * tag 'mailbox-fixes-v6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jassibrar/mailbox:
        mailbox: zynqmp-ipi: drop irq_to_desc() call
      b7087cb3
    • Linus Torvalds's avatar
      Merge tag 'spi-fix-v6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi · d5931dd0
      Linus Torvalds authored
      Pull spi fixes from Mark Brown:
       "A series of fixes that came in since the merge window, the main thing
        being the fixes Andy did for DMA sync where we were calling into the
        DMA API in suprising ways and causing issues as a result, the main
        thing being confusing the IOMMU code.
      
        We've also got some fairly important fixes for the stm32 driver, it
        supports a wide range of hardware and some optimisations that were
        done recently have broken on some systems, and a fix to prevent
        glitched signals on the bus in the cadence driver"
      
      * tag 'spi-fix-v6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
        spi: stm32: Don't warn about spurious interrupts
        spi: Assign dummy scatterlist to unidirectional transfers
        spi: cadence: Ensure data lines set to low during dummy-cycle period
        spi: stm32: Revert change that enabled controller before asserting CS
        spi: Check if transfer is mapped before calling DMA sync APIs
        spi: Don't mark message DMA mapped when no transfer in it is
      d5931dd0
    • Linus Torvalds's avatar
      Merge tag 'regulator-fix-v6.10-rc1' of... · 28add42d
      Linus Torvalds authored
      Merge tag 'regulator-fix-v6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
      
      Pull regulator fix from Mark Brown:
       "One fix that came in since -rc1, fixing misuse of a local variable in
        the DT parsing code in the RTQ2208 driver"
      
      * tag 'regulator-fix-v6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
        regulator: rtq2208: Fix invalid memory access when devm_of_regulator_put_matches is called
      28add42d
    • Linus Torvalds's avatar
      Merge tag 'regmap-fix-v6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap · b7c05622
      Linus Torvalds authored
      Pull regmap fix from Mark Brown:
       "The I2C bus was not taking account of the register and any padding
        bytes when handling maximum write sizes supported by an I2C adaptor,
        this patch from Jim Wylder fixes that"
      
      * tag 'regmap-fix-v6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
        regmap-i2c: Subtract reg size from max_write
      b7c05622
    • Linus Torvalds's avatar
      Merge tag 'block-6.10-20240530' of git://git.kernel.dk/linux · 0f9a7517
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - NVMe fixes via Keith:
            - Removing unused fields (Kanchan)
            - Large folio offsets support (Kundan)
            - Multipath NUMA node initialiazation fix (Nilay)
            - Multipath IO stats accounting fixes (Keith)
            - Circular lockdep fix (Keith)
            - Target race condition fix (Sagi)
            - Target memory leak fix (Sagi)
      
       - bcache fixes
      
       - null_blk fixes (Damien)
      
       - Fix regression in io.max due to throttle low removal (Waiman)
      
       - DM limit table fixes (Christoph)
      
       - SCSI and block limit fixes (Christoph)
      
       - zone fixes (Damien)
      
       - Misc fixes (Christoph, Hannes, hexue)
      
      * tag 'block-6.10-20240530' of git://git.kernel.dk/linux: (25 commits)
        blk-throttle: Fix incorrect display of io.max
        block: Fix zone write plugging handling of devices with a runt zone
        block: Fix validation of zoned device with a runt zone
        null_blk: Do not allow runt zone with zone capacity smaller then zone size
        nvmet: fix a possible leak when destroy a ctrl during qp establishment
        nvme: use srcu for iterating namespace list
        bcache: code cleanup in __bch_bucket_alloc_set()
        bcache: call force_wake_up_gc() if necessary in check_should_bypass()
        bcache: allow allocator to invalidate bucket in gc
        block: check for max_hw_sectors underflow
        block: stack max_user_sectors
        sd: also set max_user_sectors when setting max_sectors
        null_blk: Print correct max open zones limit in null_init_zoned_dev()
        block: delete redundant function declaration
        null_blk: Fix return value of nullb_device_power_store()
        dm: make dm_set_zones_restrictions work on the queue limits
        dm: remove dm_check_zoned
        dm: move setting zoned_enabled to dm_table_set_restrictions
        block: remove blk_queue_max_integrity_segments
        nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
        ...
      0f9a7517
    • Linus Torvalds's avatar
      Merge tag 'io_uring-6.10-20240530' of git://git.kernel.dk/linux · 6d541d66
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
       "A couple of minor fixes for issues introduced in the 6.10 merge window:
      
         - Ensure that all read/write ops have an appropriate cleanup handler
           set (Breno)
      
         - Regression for applications still doing multiple mmaps even if
           FEAT_SINGLE_MMAP is set (me)
      
         - Move kmsg inquiry setting above any potential failure point,
           avoiding a spurious NONEMPTY flag setting on early error (me)"
      
      * tag 'io_uring-6.10-20240530' of git://git.kernel.dk/linux:
        io_uring/net: assign kmsg inq/flags before buffer selection
        io_uring/rw: Free iovec before cleaning async data
        io_uring: don't attempt to mmap larger than what the user asks for
      6d541d66