From: Ding Tianhong dingtianhong@huawei.com

ascend inclusion category: feature bugzilla: NA CVE: NA

-------------------------------------------------

The uva from k2u was shared to the whole group now, it was useless for the application user, and waste more cycles for the api caller, so disable it by default for performance, and enable it until the user really need it future.

Signed-off-by: Ding Tianhong dingtianhong@huawei.com Reviewed-by: Kefeng Wang wangkefeng.wang@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- mm/share_pool.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/mm/share_pool.c b/mm/share_pool.c index a83254200e33..72e46686566a 100644 --- a/mm/share_pool.c +++ b/mm/share_pool.c @@ -59,6 +59,9 @@ int enable_mdc_default_group; static const int mdc_default_group_id = 1;

+/* share the uva to the whole group */ +int enable_share_k2u_spg; + /* access control mode */ int sysctl_ac_mode = AC_NONE; /* debug mode */ @@ -1741,7 +1744,12 @@ void *sp_make_share_k2u(unsigned long kva, unsigned long size, pr_err("share pool: k2spg invalid spg id %d\n", spg_id); return ERR_PTR(-EINVAL); } - spa = sp_alloc_area(size_aligned, sp_flags, spg, SPA_TYPE_K2SPG); + + if (enable_share_k2u_spg) + spa = sp_alloc_area(size_aligned, sp_flags, spg, SPA_TYPE_K2SPG); + else + spa = sp_alloc_area(size_aligned, sp_flags, NULL, SPA_TYPE_K2TASK); + if (IS_ERR(spa)) { mutex_unlock(&sp_mutex); if (printk_ratelimit()) @@ -1756,7 +1764,10 @@ void *sp_make_share_k2u(unsigned long kva, unsigned long size, goto out; }

- uva = sp_make_share_kva_to_spg(kva_aligned, spa, spg); + if (spa->spg) + uva = sp_make_share_kva_to_spg(kva_aligned, spa, spg); + else + uva = sp_make_share_kva_to_task(kva_aligned, spa, pid); } else { mutex_unlock(&sp_mutex); pr_err("share pool: failed to make k2u\n"); @@ -2375,6 +2386,13 @@ static int __init mdc_default_group(char *s) } __setup("enable_mdc_default_group", mdc_default_group);

+static int __init enable_share_k2u_to_group(char *s) +{ + enable_share_k2u_spg = 1; + return 1; +} +__setup("enable_sp_share_k2u_spg", enable_share_k2u_to_group); + int proc_sp_group_state(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) {

From: Weilong Chen chenweilong@huawei.com

ascend inclusion category: feature bugzilla: NA CVE: NA

-------------------------------------------------

When the CPU is hunged up by hardware errors, board can't restart by software reset. It needs to be reset by an external reset (for example: saftyisland). Bios check this kind reset, enter the crash kernel and dump the vmcore.

Usage: 1. add a node name:kexecmailbox to dts config. 2. after kexec run, set sysctl -w kernel.kexec_bios_start=1.

Reviewed-by: Ding Tianhong dingtianhong@huawei.com Reviewed-by: Kefeng Wang wangkefeng.wang@huawei.com Reviewed-by: Hanjun Guo guohanjun@huawei.com Signed-off-by: Weilong Chen chenweilong@huawei.com Acked-by: Kefeng Wang wangkefeng.wang@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- arch/arm64/Kconfig | 12 +++++ arch/arm64/configs/hulk_defconfig | 1 + arch/arm64/kernel/Makefile | 1 + arch/arm64/kernel/kexec_mailbox.c | 83 +++++++++++++++++++++++++++++++ include/linux/kexec.h | 8 +++ kernel/kexec_core.c | 32 ++++++++++++ kernel/sysctl.c | 9 ++++ 7 files changed, 146 insertions(+) create mode 100644 arch/arm64/kernel/kexec_mailbox.c

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index cfde721a5961..d93dae75f1a6 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1560,6 +1560,18 @@ config ASCEND_SHARE_POOL help This feature allows multiple processes to share virtual memory both in kernel and user level, which is only enabled for ascend platform. + +config ASCEND_BOOT_CRASH_KERNEL + bool "Support of boot crash kernel from bios" + default y + help + When the CPU is hunged up by hardware errors, board can't restart + by software reset. It needs to be reset by an external reset + (for example: saftyisland). Bios check this kind reset, enter + the crash kernel and dump the vmcore. + Usage: + 1. add a node name:kexecmailbox to dts config. + 2. after kexec run, set sysctl -w kernel.kexec_bios_start=1. endif

endmenu diff --git a/arch/arm64/configs/hulk_defconfig b/arch/arm64/configs/hulk_defconfig index 3b2b957f9ae0..e763311a3f8f 100644 --- a/arch/arm64/configs/hulk_defconfig +++ b/arch/arm64/configs/hulk_defconfig @@ -482,6 +482,7 @@ CONFIG_ASCEND_CHARGE_MIGRATE_HUGEPAGES=y CONFIG_ASCEND_WATCHDOG_SYSFS_CONFIGURE=y CONFIG_ASCEND_AUTO_TUNING_HUGEPAGE=y CONFIG_ASCEND_SHARE_POOL=y +CONFIG_ASCEND_BOOT_CRASH_KERNEL=y CONFIG_ARM64_CNP=y

# diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile index d9237117da97..8a15d44fff67 100644 --- a/arch/arm64/kernel/Makefile +++ b/arch/arm64/kernel/Makefile @@ -54,6 +54,7 @@ arm64-obj-$(CONFIG_RANDOMIZE_BASE) += kaslr.o arm64-obj-$(CONFIG_HIBERNATION) += hibernate.o hibernate-asm.o arm64-obj-$(CONFIG_KEXEC) += machine_kexec.o relocate_kernel.o \ cpu-reset.o +arm64-obj-$(CONFIG_ASCEND_BOOT_CRASH_KERNEL) += kexec_mailbox.o arm64-obj-$(CONFIG_ARM64_RELOC_TEST) += arm64-reloc-test.o arm64-reloc-test-y := reloc_test_core.o reloc_test_syms.o arm64-obj-$(CONFIG_CRASH_DUMP) += crash_dump.o diff --git a/arch/arm64/kernel/kexec_mailbox.c b/arch/arm64/kernel/kexec_mailbox.c new file mode 100644 index 000000000000..1f16fb29c9e4 --- /dev/null +++ b/arch/arm64/kernel/kexec_mailbox.c @@ -0,0 +1,83 @@ +/* + * Huawei Ascend Kexec Mailbox + * + * Copyright (C) 2020 Huawei Limited + * Author: Huawei OS Kernel Lab + * + * This code is based on the hisilicon ascend platform. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#include <linux/kernel.h> +#include <linux/kexec.h> +#include <linux/of.h> +#include <linux/of_address.h> + +#include <asm/cacheflush.h> + +#define MAGIC_NO 0x42494F53UL +#define MAILBOX_ADDR 0x880000000UL + +struct kexec_mailbox { + unsigned long magic; + phys_addr_t reboot_code_phys; + unsigned long kimage_head; + unsigned long kimage_start; + unsigned long kimage_pad; +}; + +/* Global variables for the arm64_relocate_new_kernel routine. */ +extern const unsigned char arm64_relocate_new_kernel[]; +extern const unsigned long arm64_relocate_new_kernel_size; + +unsigned long mailbox_addr = MAILBOX_ADDR; + +int bios_setup_kimage(struct kimage *kimage) +{ + struct kexec_mailbox *bios_addr; + phys_addr_t reboot_code_buffer_phys; + void *reboot_code_buffer; + struct device_node *np; + + /* setup mailbox addr */ + np = of_find_node_by_name(NULL, "kexecmailbox"); + if (np) { + struct resource res; + + of_address_to_resource(np, 0, &res); + mailbox_addr = res.start; + of_node_put(np); + pr_info("kexec_mailbox: use dtb config addr %lx\n", mailbox_addr); + } else + pr_info("kexec_mailbox: use default addr %lx\n", mailbox_addr); + + bios_addr = ioremap_cache(mailbox_addr, sizeof(struct kexec_mailbox)); + if (!bios_addr) + return -EINVAL; + + reboot_code_buffer_phys = page_to_phys(kimage->control_code_page); + reboot_code_buffer = phys_to_virt(reboot_code_buffer_phys); + memcpy(reboot_code_buffer, arm64_relocate_new_kernel, + arm64_relocate_new_kernel_size); + __flush_dcache_area(reboot_code_buffer, arm64_relocate_new_kernel_size); + __flush_icache_range((uintptr_t)reboot_code_buffer, + arm64_relocate_new_kernel_size); + + bios_addr->magic = MAGIC_NO; + bios_addr->reboot_code_phys = reboot_code_buffer_phys; + bios_addr->kimage_head = kimage->head; + bios_addr->kimage_start = kimage->start; + bios_addr->kimage_pad = 0; + pr_info("kexec_mailbox: magic %lx, reboot_code_phys %llx kimage_head %lx kimage_start %lx kimage_pad %lx\n", + bios_addr->magic, + bios_addr->reboot_code_phys, bios_addr->kimage_head, + bios_addr->kimage_start, bios_addr->kimage_pad); + __flush_dcache_area(bios_addr, sizeof(struct kexec_mailbox)); + __flush_icache_range((uintptr_t)bios_addr, sizeof(struct kexec_mailbox)); + + iounmap((void __iomem *)mailbox_addr); + return 0; +} diff --git a/include/linux/kexec.h b/include/linux/kexec.h index d6b8d0a69720..f22c6d882af5 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -285,6 +285,14 @@ extern struct kimage *kexec_image; extern struct kimage *kexec_crash_image; extern int kexec_load_disabled;

+#ifdef CONFIG_ASCEND_BOOT_CRASH_KERNEL +extern int bios_setup_kimage(struct kimage *kimage); +extern int kexec_bios_start; +extern int kexec_sysctl_handler(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, + loff_t *ppos); +#endif + #ifndef kexec_flush_icache_page #define kexec_flush_icache_page(page) #endif diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c index b36c9c46cd2c..38f930887207 100644 --- a/kernel/kexec_core.c +++ b/kernel/kexec_core.c @@ -987,6 +987,34 @@ struct kimage *kexec_image; struct kimage *kexec_crash_image; int kexec_load_disabled;

+#ifdef CONFIG_ASCEND_BOOT_CRASH_KERNEL +int kexec_bios_start; +int kexec_sysctl_handler(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, + loff_t *ppos) +{ + int err; + + err = proc_dointvec(table, write, buffer, lenp, ppos); + if (err) + return err; + + if (write && kexec_bios_start) { + if (mutex_trylock(&kexec_mutex)) { + if (kexec_crash_image) + err = bios_setup_kimage(kexec_crash_image); + else + err = -EINVAL; + mutex_unlock(&kexec_mutex); + } + } + if (err) + kexec_bios_start = 0; + + return err; +} +#endif + /* * No panic_cpu check version of crash_kexec(). This function is called * only when panic_cpu holds the current CPU number; this is the only CPU @@ -994,6 +1022,10 @@ int kexec_load_disabled; */ void __noclone __crash_kexec(struct pt_regs *regs) { +#ifdef CONFIG_ASCEND_BOOT_CRASH_KERNEL + if (kexec_bios_start) + return; +#endif /* Take the kexec_mutex here to prevent sys_kexec_load * running on one cpu from replacing the crash kernel * we are using after a panic on a different cpu. diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 26c215fb37dc..dd01fd0e121f 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -668,6 +668,15 @@ static struct ctl_table kern_table[] = { .extra1 = &one, .extra2 = &one, }, +#ifdef CONFIG_ASCEND_BOOT_CRASH_KERNEL + { + .procname = "kexec_bios_start", + .data = &kexec_bios_start, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = kexec_sysctl_handler, + }, +#endif #endif #ifdef CONFIG_MODULES {

From: Pawel Wieczorkiewicz wipawel@amazon.de

mainline inclusion from mainline-v5.11-rc1 commit 1c728719a4da6e654afb9cc047164755072ed7c9 category: bugfix bugzilla: NA CVE: CVE-2020-29569

--------------------------------

When xen_blkif_disconnect() is called, the kernel thread behind the block interface is stopped by calling kthread_stop(ring->xenblkd). The ring->xenblkd thread pointer being non-NULL determines if the thread has been already stopped. Normally, the thread's function xen_blkif_schedule() sets the ring->xenblkd to NULL, when the thread's main loop ends.

However, when the thread has not been started yet (i.e. wake_up_process() has not been called on it), the xen_blkif_schedule() function would not be called yet.

In such case the kthread_stop() call returns -EINTR and the ring->xenblkd remains dangling. When this happens, any consecutive call to xen_blkif_disconnect (for example in frontend_changed() callback) leads to a kernel crash in kthread_stop() (e.g. NULL pointer dereference in exit_creds()).

This is XSA-350.

Cc: stable@vger.kernel.org # 4.12 Fixes: a24fa22ce22a ("xen/blkback: don't use xen_blkif_get() in xen-blkback kthread") Reported-by: Olivier Benjamin oliben@amazon.com Reported-by: Pawel Wieczorkiewicz wipawel@amazon.de Signed-off-by: Pawel Wieczorkiewicz wipawel@amazon.de Reviewed-by: Julien Grall jgrall@amazon.com Reviewed-by: Juergen Gross jgross@suse.com Signed-off-by: Juergen Gross jgross@suse.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com Reviewed-by: Jason Yan yanaijie@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- drivers/block/xen-blkback/xenbus.c | 1 + 1 file changed, 1 insertion(+)

diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c index 93896c992245..60594768057e 100644 --- a/drivers/block/xen-blkback/xenbus.c +++ b/drivers/block/xen-blkback/xenbus.c @@ -264,6 +264,7 @@ static int xen_blkif_disconnect(struct xen_blkif *blkif)

if (ring->xenblkd) { kthread_stop(ring->xenblkd); + ring->xenblkd = NULL; wake_up(&ring->shutdown_wq); }

From: SeongJae Park sjpark@amazon.de

mainline inclusion from mainline-v5.11-rc1 commit 2e85d32b1c865bec703ce0c962221a5e955c52c2 category: bugfix bugzilla: NA CVE: CVE-2020-29568

--------------------------------

Some code does not directly make 'xenbus_watch' object and call 'register_xenbus_watch()' but use 'xenbus_watch_path()' instead. This commit adds support of 'will_handle' callback in the 'xenbus_watch_path()' and it's wrapper, 'xenbus_watch_pathfmt()'.

This is part of XSA-349

Cc: stable@vger.kernel.org Signed-off-by: SeongJae Park sjpark@amazon.de Reported-by: Michael Kurth mku@amazon.de Reported-by: Pawel Wieczorkiewicz wipawel@amazon.de Reviewed-by: Juergen Gross jgross@suse.com Signed-off-by: Juergen Gross jgross@suse.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com Reviewed-by: Jason Yan yanaijie@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- drivers/block/xen-blkback/xenbus.c | 3 ++- drivers/net/xen-netback/xenbus.c | 2 +- drivers/xen/xen-pciback/xenbus.c | 2 +- drivers/xen/xenbus/xenbus_client.c | 9 +++++++-- drivers/xen/xenbus/xenbus_probe.c | 2 +- include/xen/xenbus.h | 6 +++++- 6 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c index 60594768057e..42af2f37ba4e 100644 --- a/drivers/block/xen-blkback/xenbus.c +++ b/drivers/block/xen-blkback/xenbus.c @@ -652,7 +652,8 @@ static int xen_blkbk_probe(struct xenbus_device *dev, /* setup back pointer */ be->blkif->be = be;

- err = xenbus_watch_pathfmt(dev, &be->backend_watch, backend_changed, + err = xenbus_watch_pathfmt(dev, &be->backend_watch, NULL, + backend_changed, "%s/%s", dev->nodename, "physical-device"); if (err) goto fail; diff --git a/drivers/net/xen-netback/xenbus.c b/drivers/net/xen-netback/xenbus.c index 14273a431d99..107bbd4ae825 100644 --- a/drivers/net/xen-netback/xenbus.c +++ b/drivers/net/xen-netback/xenbus.c @@ -1043,7 +1043,7 @@ static void connect(struct backend_info *be) xenvif_carrier_on(be->vif);

unregister_hotplug_status_watch(be); - err = xenbus_watch_pathfmt(dev, &be->hotplug_status_watch, + err = xenbus_watch_pathfmt(dev, &be->hotplug_status_watch, NULL, hotplug_status_changed, "%s/%s", dev->nodename, "hotplug-status"); if (!err) diff --git a/drivers/xen/xen-pciback/xenbus.c b/drivers/xen/xen-pciback/xenbus.c index 3bbed47da3fa..1e2a996c7515 100644 --- a/drivers/xen/xen-pciback/xenbus.c +++ b/drivers/xen/xen-pciback/xenbus.c @@ -688,7 +688,7 @@ static int xen_pcibk_xenbus_probe(struct xenbus_device *dev,

/* watch the backend node for backend configuration information */ err = xenbus_watch_path(dev, dev->nodename, &pdev->be_watch, - xen_pcibk_be_watch); + NULL, xen_pcibk_be_watch); if (err) goto out;

diff --git a/drivers/xen/xenbus/xenbus_client.c b/drivers/xen/xenbus/xenbus_client.c index 5a8bd3baa6e5..e35bb6b87449 100644 --- a/drivers/xen/xenbus/xenbus_client.c +++ b/drivers/xen/xenbus/xenbus_client.c @@ -114,19 +114,22 @@ EXPORT_SYMBOL_GPL(xenbus_strstate); */ int xenbus_watch_path(struct xenbus_device *dev, const char *path, struct xenbus_watch *watch, + bool (*will_handle)(struct xenbus_watch *, + const char *, const char *), void (*callback)(struct xenbus_watch *, const char *, const char *)) { int err;

watch->node = path; - watch->will_handle = NULL; + watch->will_handle = will_handle; watch->callback = callback;

err = register_xenbus_watch(watch);

if (err) { watch->node = NULL; + watch->will_handle = NULL; watch->callback = NULL; xenbus_dev_fatal(dev, err, "adding watch on %s", path); } @@ -153,6 +156,8 @@ EXPORT_SYMBOL_GPL(xenbus_watch_path); */ int xenbus_watch_pathfmt(struct xenbus_device *dev, struct xenbus_watch *watch, + bool (*will_handle)(struct xenbus_watch *, + const char *, const char *), void (*callback)(struct xenbus_watch *, const char *, const char *), const char *pathfmt, ...) @@ -169,7 +174,7 @@ int xenbus_watch_pathfmt(struct xenbus_device *dev, xenbus_dev_fatal(dev, -ENOMEM, "allocating path for watch"); return -ENOMEM; } - err = xenbus_watch_path(dev, path, watch, callback); + err = xenbus_watch_path(dev, path, watch, will_handle, callback);

if (err) kfree(path); diff --git a/drivers/xen/xenbus/xenbus_probe.c b/drivers/xen/xenbus/xenbus_probe.c index 5b471889d723..d7474ff2c277 100644 --- a/drivers/xen/xenbus/xenbus_probe.c +++ b/drivers/xen/xenbus/xenbus_probe.c @@ -136,7 +136,7 @@ static int watch_otherend(struct xenbus_device *dev) container_of(dev->dev.bus, struct xen_bus_type, bus);

return xenbus_watch_pathfmt(dev, &dev->otherend_watch, - bus->otherend_changed, + NULL, bus->otherend_changed, "%s/%s", dev->otherend, "state"); }

diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h index 55f543fe0bd8..de5ae6c6fa0f 100644 --- a/include/xen/xenbus.h +++ b/include/xen/xenbus.h @@ -199,10 +199,14 @@ void xenbus_probe(struct work_struct *);

int xenbus_watch_path(struct xenbus_device *dev, const char *path, struct xenbus_watch *watch, + bool (*will_handle)(struct xenbus_watch *, + const char *, const char *), void (*callback)(struct xenbus_watch *, const char *, const char *)); -__printf(4, 5) +__printf(5, 6) int xenbus_watch_pathfmt(struct xenbus_device *dev, struct xenbus_watch *watch, + bool (*will_handle)(struct xenbus_watch *, + const char *, const char *), void (*callback)(struct xenbus_watch *, const char *, const char *), const char *pathfmt, ...);

From: SeongJae Park sjpark@amazon.de

mainline inclusion from mainline-v5.11-rc1 commit 3dc86ca6b4c8cfcba9da7996189d1b5a358a94fc category: bugfix bugzilla: NA CVE: CVE-2020-29568

--------------------------------

This commit adds a counter of pending messages for each watch in the struct. It is used to skip unnecessary pending messages lookup in 'unregister_xenbus_watch()'. It could also be used in 'will_handle' callback.

This is part of XSA-349

Cc: stable@vger.kernel.org Signed-off-by: SeongJae Park sjpark@amazon.de Reported-by: Michael Kurth mku@amazon.de Reported-by: Pawel Wieczorkiewicz wipawel@amazon.de Reviewed-by: Juergen Gross jgross@suse.com Signed-off-by: Juergen Gross jgross@suse.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com Reviewed-by: Jason Yan yanaijie@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- drivers/xen/xenbus/xenbus_xs.c | 29 ++++++++++++++++++----------- include/xen/xenbus.h | 2 ++ 2 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c index e8bdbd0a1e26..12e02eb01f59 100644 --- a/drivers/xen/xenbus/xenbus_xs.c +++ b/drivers/xen/xenbus/xenbus_xs.c @@ -711,6 +711,7 @@ int xs_watch_msg(struct xs_watch_event *event) event->path, event->token))) { spin_lock(&watch_events_lock); list_add_tail(&event->list, &watch_events); + event->handle->nr_pending++; wake_up(&watch_events_waitq); spin_unlock(&watch_events_lock); } else @@ -768,6 +769,8 @@ int register_xenbus_watch(struct xenbus_watch *watch)

sprintf(token, "%lX", (long)watch);

+ watch->nr_pending = 0; + down_read(&xs_watch_rwsem);

spin_lock(&watches_lock); @@ -817,11 +820,14 @@ void unregister_xenbus_watch(struct xenbus_watch *watch)

/* Cancel pending watch events. */ spin_lock(&watch_events_lock); - list_for_each_entry_safe(event, tmp, &watch_events, list) { - if (event->handle != watch) - continue; - list_del(&event->list); - kfree(event); + if (watch->nr_pending) { + list_for_each_entry_safe(event, tmp, &watch_events, list) { + if (event->handle != watch) + continue; + list_del(&event->list); + kfree(event); + } + watch->nr_pending = 0; } spin_unlock(&watch_events_lock);

@@ -868,7 +874,6 @@ void xs_suspend_cancel(void)

static int xenwatch_thread(void *unused) { - struct list_head *ent; struct xs_watch_event *event;

xenwatch_pid = current->pid; @@ -883,13 +888,15 @@ static int xenwatch_thread(void *unused) mutex_lock(&xenwatch_mutex);

spin_lock(&watch_events_lock); - ent = watch_events.next; - if (ent != &watch_events) - list_del(ent); + event = list_first_entry_or_null(&watch_events, + struct xs_watch_event, list); + if (event) { + list_del(&event->list); + event->handle->nr_pending--; + } spin_unlock(&watch_events_lock);

- if (ent != &watch_events) { - event = list_entry(ent, struct xs_watch_event, list); + if (event) { event->handle->callback(event->handle, event->path, event->token); kfree(event); diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h index de5ae6c6fa0f..eba01ab5a55e 100644 --- a/include/xen/xenbus.h +++ b/include/xen/xenbus.h @@ -59,6 +59,8 @@ struct xenbus_watch /* Path being watched. */ const char *node;

+ unsigned int nr_pending; + /* * Called just before enqueing new event while a spinlock is held. * The event will be discarded if this callback returns false.

From: Yiwen Jiang jiangyiwen@huawei.com

euleros inclusion category: bugfix bugzilla: 46842 CVE: NA

-------------------------------------------------

In the ARM64 architecture, zero physical address can be used for system ram, so virtual machine can allocate this segment of memory as vm's memory, but in vfio_unmap_unpin() if it found memory physical address is zero, it will call trace. By the way, x86 reserve 0~4k and avoid to happen this scenario.

So avoid to call trace in the ARM64 architecture.

Signed-off-by: Yiwen Jiang jiangyiwen@huawei.com Signed-off-by: Xiangyou Xie xiexiangyou@huawei.com Reviewed-by: Ying Fang fangying1@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- drivers/vfio/vfio_iommu_type1.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c index 5a106963dd08..8c5c99aad00d 100644 --- a/drivers/vfio/vfio_iommu_type1.c +++ b/drivers/vfio/vfio_iommu_type1.c @@ -827,7 +827,9 @@ static long vfio_unmap_unpin(struct vfio_iommu *iommu, struct vfio_dma *dma, phys_addr_t phys, next;

phys = iommu_iova_to_phys(domain->domain, iova); - if (WARN_ON(!phys)) { + if (!phys) { + pr_warn("%s: phys is 0, it's normal if arch is arm\n", + __func__); iova += PAGE_SIZE; continue; }

From: Zenghui Yu yuzenghui@huawei.com

euleros inclusion category: bugfix bugzilla: 46842 CVE: NA

-------------------------------------------------

Doing a full D-cache clean will require to go through the stage2 page table and flush the entries one by one. If a large number of memory is mapped, we have to flush guest with hundreds of MB, thus takes a very long time (Linux timeout during CPU bring).

If timeout in kvm_toggle_cache(), trigger a WARN_ON() like:

[ 614.952893] WARNING: CPU: 61 PID: 23370 at arch/arm64/kvm/../../../virt/kvm/arm/mmu.c:2467 kvm_toggle_cache+0x188/0x218 [ 614.952902] Modules linked in: ... [ 614.952992] CPU: 61 PID: 23370 Comm: CPU 1/KVM Not tainted 5.1.0-rc4+ #83 [ 614.952997] Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.58 10/24/2018 [ 614.953003] pstate: 60000005 (nZCv daif -PAN -UAO) [ 614.953009] pc : kvm_toggle_cache+0x188/0x218 [ 614.953014] lr : kvm_toggle_cache+0x9c/0x218 [ 614.953018] sp : ffff00002f1f3910 [ 614.953023] x29: ffff00002f1f3910 x28: 0000000000000002 [ 614.953029] x27: ffff000011ab7bd8 x26: ffff000011ab5000 [ 614.953036] x25: ffff000011ab7bd8 x24: 0000000000000001 [ 614.953042] x23: 0000000000000000 x22: ffff80a77a3c0000 [ 614.953048] x21: 0000000000000005 x20: ffff000011aab000 [ 614.953054] x19: fffffffffffffe97 x18: ffffffffffffffff [ 614.953061] x17: 0000000000000000 x16: 0000000000000000 [ 614.953067] x15: ffff000011ab5b48 x14: ffff000012969e88 [ 614.953073] x13: ffff000012969adf x12: 0000000005f5e100 [ 614.953079] x11: 0000000005f5e0ff x10: 000000000000002a [ 614.953086] x9 : abcc77118461cefd x8 : 6d69742033303036 [ 614.953092] x7 : ffff000011ae45b0 x6 : 000000023c75873c [ 614.953099] x5 : 0000000000000000 x4 : 0000000000000001 [ 614.953105] x3 : fffffffffffffe80 x2 : 5631d047c2fe0900 [ 614.953111] x1 : 0000000000000000 x0 : 0000000100013373 [ 614.953118] Call trace: [ 614.953125] kvm_toggle_cache+0x188/0x218 [ 614.953131] access_vm_reg+0x88/0x110 [ 614.953136] perform_access+0x7c/0x1f0 [ 614.953142] kvm_handle_sys_reg+0x130/0x358 [ 614.953147] handle_exit+0x14c/0x1c8 [ 614.953153] kvm_arch_vcpu_ioctl_run+0x324/0xa40 [ 614.953159] kvm_vcpu_ioctl+0x3c8/0xa30 [ 614.953169] do_vfs_ioctl+0xc4/0x7f0 [ 614.953175] ksys_ioctl+0x8c/0xa0 [ 614.953180] __arm64_sys_ioctl+0x28/0x38 [ 614.953187] el0_svc_handler+0xd8/0x1a0 [ 614.953194] el0_svc+0x8/0xc [ 614.953232] ---[ end trace f036f6168107fdfd ]---

which will help in OM.

This commit introduces no functional changes.

Signed-off-by: Zenghui Yu yuzenghui@huawei.com Reviewed-by: Ying Fang fangying1@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- virt/kvm/arm/mmu.c | 8 ++++++++ 1 file changed, 8 insertions(+)

diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index aef836a93086..3a74cf59f5c8 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -2511,6 +2511,7 @@ static bool kvm_need_flush_vm(struct kvm_vcpu *vcpu) void kvm_toggle_cache(struct kvm_vcpu *vcpu, bool was_enabled) { bool now_enabled = vcpu_has_cache_enabled(vcpu); + unsigned long timeout = jiffies + HZ;

/* * If switching the MMU+caches on, need to invalidate the caches. @@ -2524,5 +2525,12 @@ void kvm_toggle_cache(struct kvm_vcpu *vcpu, bool was_enabled) if (now_enabled) *vcpu_hcr(vcpu) &= ~HCR_TVM;

+ /* + * Guest's APs will fail to online after waiting for 1 second. + * Tell luser about this issue if already timeout here (mostly + * due to the bad cache maintenance performance). + */ + WARN_ON(time_after(jiffies, timeout)); + trace_kvm_toggle_cache(*vcpu_pc(vcpu), was_enabled, now_enabled); }

From: Xiangyou Xie xiexiangyou@huawei.com

euleros inclusion category: feature bugzilla: 46842 CVE: NA

-------------------------------------------------

There is a delay when injecting a vtimer interrupt. And When vcpu wfx vmexit, it will switch to bgtimer, and the interrupt simulation path will become longer.

Provides a mechanism for bgtimer to trigger in advance, which can be injected into the interrupt in advance to avoid delay.

Signed-off-by: Xiangyou Xie xiexiangyou@huawei.com Reviewed-by: Ying Fang fangying1@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- include/kvm/arm_arch_timer.h | 3 +++ virt/kvm/arm/arch_timer.c | 44 ++++++++++++++++++++++++++++++++++-- virt/kvm/arm/arm.c | 4 ++++ 3 files changed, 49 insertions(+), 2 deletions(-)

diff --git a/include/kvm/arm_arch_timer.h b/include/kvm/arm_arch_timer.h index d6e6a45d1d24..33771352dcd6 100644 --- a/include/kvm/arm_arch_timer.h +++ b/include/kvm/arm_arch_timer.h @@ -76,6 +76,9 @@ int kvm_arm_timer_has_attr(struct kvm_vcpu *vcpu, struct kvm_device_attr *attr);

bool kvm_timer_is_pending(struct kvm_vcpu *vcpu);

+void kvm_timer_schedule(struct kvm_vcpu *vcpu); +void kvm_timer_unschedule(struct kvm_vcpu *vcpu); + u64 kvm_phys_timer_read(void);

void kvm_timer_vcpu_load(struct kvm_vcpu *vcpu); diff --git a/virt/kvm/arm/arch_timer.c b/virt/kvm/arm/arch_timer.c index 0f8cfc95a056..e1dac464e48a 100644 --- a/virt/kvm/arm/arch_timer.c +++ b/virt/kvm/arm/arch_timer.c @@ -36,6 +36,9 @@ static struct timecounter *timecounter; static unsigned int host_vtimer_irq; static u32 host_vtimer_irq_flags;

+static unsigned int bgtimer_advance_cycles; +module_param(bgtimer_advance_cycles, uint, 0644); + static DEFINE_STATIC_KEY_FALSE(has_gic_active_state);

static const struct kvm_irq_level default_ptimer_irq = { @@ -135,6 +138,7 @@ static u64 kvm_timer_earliest_exp(struct kvm_vcpu *vcpu) u64 min_virt = ULLONG_MAX, min_phys = ULLONG_MAX; struct arch_timer_context *vtimer = vcpu_vtimer(vcpu); struct arch_timer_context *ptimer = vcpu_ptimer(vcpu); + u64 min_expire;

if (kvm_timer_irq_can_fire(vtimer)) min_virt = kvm_timer_compute_delta(vtimer); @@ -146,7 +150,17 @@ static u64 kvm_timer_earliest_exp(struct kvm_vcpu *vcpu) if ((min_virt == ULLONG_MAX) && (min_phys == ULLONG_MAX)) return 0;

- return min(min_virt, min_phys); + min_expire = min(min_virt, min_phys); + + if (bgtimer_advance_cycles) { + u64 ns = cyclecounter_cyc2ns(timecounter->cc, + bgtimer_advance_cycles, + timecounter->mask, + &timecounter->frac); + min_expire = min_expire > ns ? min_expire - ns : 0; + } + + return min_expire; }

static enum hrtimer_restart kvm_bg_timer_expire(struct hrtimer *hrt) @@ -354,6 +368,7 @@ static void kvm_timer_blocking(struct kvm_vcpu *vcpu) struct arch_timer_cpu *timer = &vcpu->arch.timer_cpu; struct arch_timer_context *vtimer = vcpu_vtimer(vcpu); struct arch_timer_context *ptimer = vcpu_ptimer(vcpu); + u64 expire;

/* * If both timers are not capable of raising interrupts (disabled or @@ -362,11 +377,30 @@ static void kvm_timer_blocking(struct kvm_vcpu *vcpu) if (!kvm_timer_irq_can_fire(vtimer) && !kvm_timer_irq_can_fire(ptimer)) return;

+ if (hrtimer_active(&timer->bg_timer)) + return; + /* * At least one guest time will expire. Schedule a background timer. * Set the earliest expiration time among the guest timers. */ - soft_timer_start(&timer->bg_timer, kvm_timer_earliest_exp(vcpu)); + expire = kvm_timer_earliest_exp(vcpu); + + if (expire && bgtimer_advance_cycles) { + if (vtimer->cnt_cval > bgtimer_advance_cycles) + vtimer->cnt_cval -= bgtimer_advance_cycles; + } + + soft_timer_start(&timer->bg_timer, expire); +} + +void kvm_timer_schedule(struct kvm_vcpu *vcpu) +{ + if (!bgtimer_advance_cycles || kvm_timer_is_pending(vcpu)) + return; + + vtimer_save_state(vcpu); + kvm_timer_blocking(vcpu); }

static void kvm_timer_unblocking(struct kvm_vcpu *vcpu) @@ -398,6 +432,12 @@ static void vtimer_restore_state(struct kvm_vcpu *vcpu) local_irq_restore(flags); }

+void kvm_timer_unschedule(struct kvm_vcpu *vcpu) +{ + vtimer_restore_state(vcpu); + kvm_timer_unblocking(vcpu); +} + static void set_cntvoff(u64 cntvoff) { u32 low = lower_32_bits(cntvoff); diff --git a/virt/kvm/arm/arm.c b/virt/kvm/arm/arm.c index 8e04e7ee7d08..f2eec858458b 100644 --- a/virt/kvm/arm/arm.c +++ b/virt/kvm/arm/arm.c @@ -378,11 +378,15 @@ void kvm_arch_vcpu_blocking(struct kvm_vcpu *vcpu) preempt_enable();

kvm_vgic_v4_enable_doorbell(vcpu); + + kvm_timer_schedule(vcpu); }

void kvm_arch_vcpu_unblocking(struct kvm_vcpu *vcpu) { kvm_vgic_v4_disable_doorbell(vcpu); + + kvm_timer_unschedule(vcpu); }

int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)

From: Zenghui Yu yuzenghui@huawei.com

euleros inclusion category: feature bugzilla: 46842 CVE: NA

--------------------------------

This is very useful for debuging vgic.

Signed-off-by: Zenghui Yu yuzenghui@huawei.com Signed-off-by: Xiangyou Xie xiexiangyou@huawei.com Reviewed-by: Ying Fang fangying1@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- virt/kvm/arm/vgic/trace.h | 43 +++++++++++++++++++++++++++++++++++++++ virt/kvm/arm/vgic/vgic.c | 4 ++++ 2 files changed, 47 insertions(+)

diff --git a/virt/kvm/arm/vgic/trace.h b/virt/kvm/arm/vgic/trace.h index 55fed77a9f73..f959ffa54156 100644 --- a/virt/kvm/arm/vgic/trace.h +++ b/virt/kvm/arm/vgic/trace.h @@ -27,6 +27,49 @@ TRACE_EVENT(vgic_update_irq_pending, __entry->vcpu_id, __entry->irq, __entry->level) );

+TRACE_EVENT(compute_ap_list_depth, + TP_PROTO(unsigned long vcpu_id, __u32 irq, __u32 hwirq, __u8 source, + __u8 priority, bool level, bool pending_latch, bool active, + bool enabled, bool hw, bool config), + TP_ARGS(vcpu_id, irq, hwirq, source, priority, level, pending_latch, + active, enabled, hw, config), + + TP_STRUCT__entry( + __field(unsigned long, vcpu_id) + __field(__u32, irq) + __field(__u32, hwirq) + __field(__u8, source) + __field(__u8, priority) + __field(bool, level) + __field(bool, pending_latch) + __field(bool, active) + __field(bool, enabled) + __field(bool, hw) + __field(bool, config) + ), + + TP_fast_assign( + __entry->vcpu_id = vcpu_id; + __entry->irq = irq; + __entry->hwirq = hwirq; + __entry->source = source; + __entry->priority = priority; + __entry->level = level; + __entry->pending_latch = pending_latch; + __entry->active = active; + __entry->enabled = enabled; + __entry->hw = hw; + __entry->config = config; + ), + + TP_printk("VCPU: %ld, IRQ %d, HWIRQ: %d, SOURCE: %d, PRIORITY: %d, level: %d, pending_latch: %d, active: %d, enabled: %d, hw: %d, config: %d", + __entry->vcpu_id, __entry->irq, __entry->hwirq, + __entry->source, __entry->priority, __entry->level, + __entry->pending_latch, __entry->active, + __entry->enabled, __entry->hw, __entry->config) +); + + #endif /* _TRACE_VGIC_H */

#undef TRACE_INCLUDE_PATH diff --git a/virt/kvm/arm/vgic/vgic.c b/virt/kvm/arm/vgic/vgic.c index c9c062a39a95..38868b09ba94 100644 --- a/virt/kvm/arm/vgic/vgic.c +++ b/virt/kvm/arm/vgic/vgic.c @@ -779,6 +779,10 @@ static int compute_ap_list_depth(struct kvm_vcpu *vcpu, int w;

raw_spin_lock(&irq->irq_lock); + trace_compute_ap_list_depth(vcpu->vcpu_id, irq->intid, + irq->hwintid, irq->source, irq->priority, + irq->line_level, irq->pending_latch, irq->active, + irq->enabled, irq->hw, irq->config); /* GICv2 SGIs can count for more than one... */ w = vgic_irq_get_lr_count(irq); raw_spin_unlock(&irq->irq_lock);

From: Zenghui Yu yuzenghui@huawei.com

euleros inclusion category: feature bugzilla: 46842 CVE: NA

--------------------------------

Add trace to print LR values

Signed-off-by: Zenghui Yu yuzenghui@huawei.com Signed-off-by: Xiangyou Xie xiexiangyou@huawei.com Reviewed-by: Ying Fang fangying1@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- virt/kvm/arm/vgic/trace.h | 43 +++++++++++++++++++++++++++++++++++++ virt/kvm/arm/vgic/vgic-v3.c | 4 ++++ 2 files changed, 47 insertions(+)

diff --git a/virt/kvm/arm/vgic/trace.h b/virt/kvm/arm/vgic/trace.h index a7b23721b94f..d9abaac6b4d5 100644 --- a/virt/kvm/arm/vgic/trace.h +++ b/virt/kvm/arm/vgic/trace.h @@ -104,6 +104,49 @@ TRACE_EVENT(vgic_flush_lr_state, __entry->vcpu_id, __entry->used_lrs, __entry->multi_sgi) );

+TRACE_EVENT(vgic_v3_populate_lr, + TP_PROTO(unsigned long vcpu_id, __u32 irq, __u64 val, int lr), + TP_ARGS(vcpu_id, irq, val, lr), + + TP_STRUCT__entry( + __field(unsigned long, vcpu_id) + __field(__u32, irq) + __field(__u64, val) + __field(int, lr) + ), + + TP_fast_assign( + __entry->vcpu_id = vcpu_id; + __entry->irq = irq; + __entry->val = val; + __entry->lr = lr; + ), + + TP_printk("VCPU: %ld, IRQ: %d, LR: 0x%llx, Index: %d", + __entry->vcpu_id, __entry->irq, __entry->val, __entry->lr) +); + +TRACE_EVENT(vgic_v3_fold_lr_state, + TP_PROTO(unsigned long vcpu_id, __u32 irq, __u64 val, int lr), + TP_ARGS(vcpu_id, irq, val, lr), + + TP_STRUCT__entry( + __field(unsigned long, vcpu_id) + __field(__u32, irq) + __field(__u64, val) + __field(int, lr) + ), + + TP_fast_assign( + __entry->vcpu_id = vcpu_id; + __entry->irq = irq; + __entry->val = val; + __entry->lr = lr; + ), + + TP_printk("VCPU: %ld, IRQ: %d, LR: 0x%llx, Index: %d", + __entry->vcpu_id, __entry->irq, __entry->val, __entry->lr) +);

#endif /* _TRACE_VGIC_H */

diff --git a/virt/kvm/arm/vgic/vgic-v3.c b/virt/kvm/arm/vgic/vgic-v3.c index 30b3b8284db9..a9c6afec8480 100644 --- a/virt/kvm/arm/vgic/vgic-v3.c +++ b/virt/kvm/arm/vgic/vgic-v3.c @@ -21,6 +21,7 @@ #include <asm/kvm_asm.h>

#include "vgic.h" +#include "trace.h"

static bool group0_trap; static bool group1_trap; @@ -67,6 +68,8 @@ void vgic_v3_fold_lr_state(struct kvm_vcpu *vcpu) is_v2_sgi = vgic_irq_is_sgi(intid); }

+ trace_vgic_v3_fold_lr_state(vcpu->vcpu_id, intid, val, lr); + /* Notify fds when the guest EOI'ed a level-triggered IRQ */ if (lr_signals_eoi_mi(val) && vgic_valid_spi(vcpu->kvm, intid)) kvm_notify_acked_irq(vcpu->kvm, 0, @@ -207,6 +210,7 @@ void vgic_v3_populate_lr(struct kvm_vcpu *vcpu, struct vgic_irq *irq, int lr) val |= (u64)irq->priority << ICH_LR_PRIORITY_SHIFT;

vcpu->arch.vgic_cpu.vgic_v3.vgic_lr[lr] = val; + trace_vgic_v3_populate_lr(vcpu->vcpu_id, irq->intid, val, lr); }

void vgic_v3_clear_lr(struct kvm_vcpu *vcpu, int lr)

From: Zenghui Yu yuzenghui@huawei.com

euleros inclusion category: feature bugzilla: 46842 CVE: NA

--------------------------------

Add trace to print vgic cpu interface

Signed-off-by: Zenghui Yu yuzenghui@huawei.com Signed-off-by: Xiangyou Xie xiexiangyou@huawei.com Reviewed-by: Ying Fang fangying1@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- virt/kvm/arm/vgic/trace.h | 93 +++++++++++++++++++++++++++++++++++++ virt/kvm/arm/vgic/vgic-v3.c | 19 ++++++++ 2 files changed, 112 insertions(+)

diff --git a/virt/kvm/arm/vgic/trace.h b/virt/kvm/arm/vgic/trace.h index d9abaac6b4d5..5285048afb25 100644 --- a/virt/kvm/arm/vgic/trace.h +++ b/virt/kvm/arm/vgic/trace.h @@ -148,6 +148,99 @@ TRACE_EVENT(vgic_v3_fold_lr_state, __entry->vcpu_id, __entry->irq, __entry->val, __entry->lr) );

+TRACE_EVENT(vgic_v3_populate_lr_vgic_if, + TP_PROTO(unsigned long vcpu_id, unsigned long hcr, unsigned long vmcr, + unsigned long sre, unsigned long ap0r0, + unsigned long ap0r1, unsigned long ap0r2, unsigned long ap0r3, + unsigned long ap1r0, unsigned long ap1r1, unsigned long ap1r2, + unsigned long ap1r3), + TP_ARGS(vcpu_id, hcr, vmcr, sre, ap0r0, ap0r1, ap0r2, ap0r3, + ap1r0, ap1r1, ap1r2, ap1r3), + + TP_STRUCT__entry( + __field(unsigned long, vcpu_id) + __field(unsigned long, hcr) + __field(unsigned long, vmcr) + __field(unsigned long, sre) + __field(unsigned long, ap0r0) + __field(unsigned long, ap0r1) + __field(unsigned long, ap0r2) + __field(unsigned long, ap0r3) + __field(unsigned long, ap1r0) + __field(unsigned long, ap1r1) + __field(unsigned long, ap1r2) + __field(unsigned long, ap1r3) + ), + + TP_fast_assign( + __entry->vcpu_id = vcpu_id; + __entry->hcr = hcr; + __entry->vmcr = vmcr; + __entry->sre = sre; + __entry->ap0r0 = ap0r0; + __entry->ap0r1 = ap0r1; + __entry->ap0r2 = ap0r2; + __entry->ap0r3 = ap0r3; + __entry->ap1r0 = ap1r0; + __entry->ap1r1 = ap1r1; + __entry->ap1r2 = ap1r2; + __entry->ap1r3 = ap1r3; + ), + + TP_printk("VCPU: %ld, HCR: 0x%lx, VMCR: 0x%lx, SRE: 0x%lx, ap0r0: 0x%lx, ap0r1: 0x%lx, ap0r2: 0x%lx, ap0r3: 0x%lx, ap1r0: 0x%lx, ap1r1: 0x%lx, ap1r2: 0x%lx, ap1r3: 0x%lx,", + __entry->vcpu_id, __entry->hcr, __entry->vmcr, + __entry->sre, __entry->ap0r0, __entry->ap0r1, + __entry->ap0r2, __entry->ap0r3, __entry->ap1r0, + __entry->ap1r1, __entry->ap1r2, __entry->ap1r3) +); + +TRACE_EVENT(vgic_v3_fold_lr_state_vgic_if, + TP_PROTO(unsigned long vcpu_id, unsigned long hcr, unsigned long vmcr, + unsigned long sre, unsigned long ap0r0, + unsigned long ap0r1, unsigned long ap0r2, unsigned long ap0r3, + unsigned long ap1r0, unsigned long ap1r1, unsigned long ap1r2, + unsigned long ap1r3), + TP_ARGS(vcpu_id, hcr, vmcr, sre, ap0r0, ap0r1, ap0r2, ap0r3, + ap1r0, ap1r1, ap1r2, ap1r3), + + TP_STRUCT__entry( + __field(unsigned long, vcpu_id) + __field(unsigned long, hcr) + __field(unsigned long, vmcr) + __field(unsigned long, sre) + __field(unsigned long, ap0r0) + __field(unsigned long, ap0r1) + __field(unsigned long, ap0r2) + __field(unsigned long, ap0r3) + __field(unsigned long, ap1r0) + __field(unsigned long, ap1r1) + __field(unsigned long, ap1r2) + __field(unsigned long, ap1r3) + ), + + TP_fast_assign( + __entry->vcpu_id = vcpu_id; + __entry->hcr = hcr; + __entry->vmcr = vmcr; + __entry->sre = sre; + __entry->ap0r0 = ap0r0; + __entry->ap0r1 = ap0r1; + __entry->ap0r2 = ap0r2; + __entry->ap0r3 = ap0r3; + __entry->ap1r0 = ap1r0; + __entry->ap1r1 = ap1r1; + __entry->ap1r2 = ap1r2; + __entry->ap1r3 = ap1r3; + ), + + TP_printk("VCPU: %ld, HCR: 0x%lx, VMCR: 0x%lx, SRE: 0x%lx, ap0r0: 0x%lx, ap0r1: 0x%lx, ap0r2: 0x%lx, ap0r3: 0x%lx, ap1r0: 0x%lx, ap1r1: 0x%lx, ap1r2: 0x%lx, ap1r3: 0x%lx,", + __entry->vcpu_id, __entry->hcr, __entry->vmcr, + __entry->sre, __entry->ap0r0, __entry->ap0r1, + __entry->ap0r2, __entry->ap0r3, __entry->ap1r0, + __entry->ap1r1, __entry->ap1r2, __entry->ap1r3) +); + + #endif /* _TRACE_VGIC_H */

#undef TRACE_INCLUDE_PATH diff --git a/virt/kvm/arm/vgic/vgic-v3.c b/virt/kvm/arm/vgic/vgic-v3.c index a9c6afec8480..4d1f7afe26fe 100644 --- a/virt/kvm/arm/vgic/vgic-v3.c +++ b/virt/kvm/arm/vgic/vgic-v3.c @@ -127,6 +127,13 @@ void vgic_v3_fold_lr_state(struct kvm_vcpu *vcpu) }

vgic_cpu->used_lrs = 0; + + trace_vgic_v3_fold_lr_state_vgic_if(vcpu->vcpu_id, cpuif->vgic_hcr, + cpuif->vgic_vmcr, cpuif->vgic_sre, + cpuif->vgic_ap0r[0], cpuif->vgic_ap0r[1], + cpuif->vgic_ap0r[2], cpuif->vgic_ap0r[3], + cpuif->vgic_ap1r[0], cpuif->vgic_ap1r[1], + cpuif->vgic_ap1r[2], cpuif->vgic_ap1r[3]); }

/* Requires the irq to be locked already */ @@ -211,6 +218,18 @@ void vgic_v3_populate_lr(struct kvm_vcpu *vcpu, struct vgic_irq *irq, int lr)

vcpu->arch.vgic_cpu.vgic_v3.vgic_lr[lr] = val; trace_vgic_v3_populate_lr(vcpu->vcpu_id, irq->intid, val, lr); + trace_vgic_v3_populate_lr_vgic_if(vcpu->vcpu_id, + vcpu->arch.vgic_cpu.vgic_v3.vgic_hcr, + vcpu->arch.vgic_cpu.vgic_v3.vgic_vmcr, + vcpu->arch.vgic_cpu.vgic_v3.vgic_sre, + vcpu->arch.vgic_cpu.vgic_v3.vgic_ap0r[0], + vcpu->arch.vgic_cpu.vgic_v3.vgic_ap0r[1], + vcpu->arch.vgic_cpu.vgic_v3.vgic_ap0r[2], + vcpu->arch.vgic_cpu.vgic_v3.vgic_ap0r[3], + vcpu->arch.vgic_cpu.vgic_v3.vgic_ap1r[0], + vcpu->arch.vgic_cpu.vgic_v3.vgic_ap1r[1], + vcpu->arch.vgic_cpu.vgic_v3.vgic_ap1r[2], + vcpu->arch.vgic_cpu.vgic_v3.vgic_ap1r[3]); }

void vgic_v3_clear_lr(struct kvm_vcpu *vcpu, int lr)

From: Roberto Sassu roberto.sassu@huawei.com

hulk inclusion category: feature feature: digest-lists

---------------------------

The EVM ignore mode works similarly to the metadata modification mode. They both allow an operation to be performed even if the operation causes metadata to become invalid.

Currently, evm_reset_status() notifies to IMA that an operation modified metadata only when the metadata modification mode was chosen. This patch sends a notification also when the ignore mode is selected.

Signed-off-by: Roberto Sassu roberto.sassu@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- security/integrity/evm/evm_main.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 5155ff4c4ef2..2d3c1670d8d3 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -570,7 +570,8 @@ static void evm_reset_status(struct inode *inode, int bit)

iint = integrity_iint_find(inode); if (iint) { - if (evm_initialized & EVM_ALLOW_METADATA_WRITES) + if ((evm_initialized & EVM_ALLOW_METADATA_WRITES) || + evm_ignoremode) set_bit(bit, &iint->atomic_flags);

iint->evm_status = INTEGRITY_UNKNOWN;