diff options
Diffstat (limited to 'SOURCES')
-rw-r--r-- | SOURCES/Patchlist.changelog | 12 | ||||
-rw-r--r-- | SOURCES/kernel-aarch64-debug-fedora.config | 5 | ||||
-rw-r--r-- | SOURCES/kernel-aarch64-fedora.config | 5 | ||||
-rw-r--r-- | SOURCES/patch-6.4-redhat.patch | 349 |
4 files changed, 363 insertions, 8 deletions
diff --git a/SOURCES/Patchlist.changelog b/SOURCES/Patchlist.changelog index 50056ec..3897512 100644 --- a/SOURCES/Patchlist.changelog +++ b/SOURCES/Patchlist.changelog @@ -1,3 +1,15 @@ +"https://gitlab.com/cki-project/kernel-ark/-/commit"/f0ba6e68da37465b394524e19c278ba7f1eb5b63 + f0ba6e68da37465b394524e19c278ba7f1eb5b63 KVM: SEV: remove ghcb variable declarations + +"https://gitlab.com/cki-project/kernel-ark/-/commit"/2aa51a1742c6cec31060ee550f78e96ef1a4f8a4 + 2aa51a1742c6cec31060ee550f78e96ef1a4f8a4 KVM: SEV: only access GHCB fields once + +"https://gitlab.com/cki-project/kernel-ark/-/commit"/56fefaa3f32f116c0a6ab4b8d91e45852f36ab2c + 56fefaa3f32f116c0a6ab4b8d91e45852f36ab2c KVM: SEV: snapshot the GHCB before accessing it + +"https://gitlab.com/cki-project/kernel-ark/-/commit"/d2da896865f56b119ba96a5aea155e330998a318 + d2da896865f56b119ba96a5aea155e330998a318 drm/amd/display: Fix a regression on Polaris cards + "https://gitlab.com/cki-project/kernel-ark/-/commit"/65e3a6166a5616d51a1a656bcb97cae229333a1b 65e3a6166a5616d51a1a656bcb97cae229333a1b ACPI: resource: revert "Remove "Zen" specific match and quirks" diff --git a/SOURCES/kernel-aarch64-debug-fedora.config b/SOURCES/kernel-aarch64-debug-fedora.config index 5fd1ac4..9d22ef2 100644 --- a/SOURCES/kernel-aarch64-debug-fedora.config +++ b/SOURCES/kernel-aarch64-debug-fedora.config @@ -2898,9 +2898,8 @@ CONFIG_HYPERV_STORAGE=m # CONFIG_HYPERV_TESTING is not set CONFIG_HYPERV_UTILS=m CONFIG_HYPERV_VSOCKETS=m -CONFIG_HZ=100 -# CONFIG_HZ_1000 is not set -CONFIG_HZ_100=y +CONFIG_HZ_1000=y +# CONFIG_HZ_100 is not set # CONFIG_HZ_200 is not set # CONFIG_HZ_250 is not set # CONFIG_HZ_300 is not set diff --git a/SOURCES/kernel-aarch64-fedora.config b/SOURCES/kernel-aarch64-fedora.config index 63d1f01..74c5710 100644 --- a/SOURCES/kernel-aarch64-fedora.config +++ b/SOURCES/kernel-aarch64-fedora.config @@ -2881,9 +2881,8 @@ CONFIG_HYPERV_STORAGE=m # CONFIG_HYPERV_TESTING is not set CONFIG_HYPERV_UTILS=m CONFIG_HYPERV_VSOCKETS=m -CONFIG_HZ=100 -# CONFIG_HZ_1000 is not set -CONFIG_HZ_100=y +CONFIG_HZ_1000=y +# CONFIG_HZ_100 is not set # CONFIG_HZ_200 is not set # CONFIG_HZ_250 is not set # CONFIG_HZ_300 is not set diff --git a/SOURCES/patch-6.4-redhat.patch b/SOURCES/patch-6.4-redhat.patch index 4f81dfa..4eddfcf 100644 --- a/SOURCES/patch-6.4-redhat.patch +++ b/SOURCES/patch-6.4-redhat.patch @@ -5,6 +5,8 @@ arch/s390/kernel/ipl.c | 5 + arch/s390/kernel/setup.c | 4 + arch/x86/kernel/setup.c | 22 ++-- + arch/x86/kvm/svm/sev.c | 124 ++++++++++----------- + arch/x86/kvm/svm/svm.h | 26 +++++ drivers/acpi/apei/hest.c | 8 ++ drivers/acpi/irq.c | 17 ++- drivers/acpi/resource.c | 60 ++++++++++ @@ -16,6 +18,7 @@ drivers/firmware/efi/efi.c | 124 +++++++++++++++------ drivers/firmware/efi/secureboot.c | 38 +++++++ drivers/firmware/sysfb.c | 18 ++- + .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 2 +- drivers/hid/hid-rmi.c | 66 ----------- drivers/hwtracing/coresight/coresight-etm4x-core.c | 19 ++++ drivers/input/rmi4/rmi_driver.c | 124 ++++++++++++--------- @@ -37,10 +40,10 @@ security/lockdown/Kconfig | 13 +++ security/lockdown/lockdown.c | 1 + security/security.c | 12 ++ - 39 files changed, 558 insertions(+), 179 deletions(-) + 42 files changed, 646 insertions(+), 243 deletions(-) diff --git a/Makefile b/Makefile -index 5547e02f6104..3193786e8ba0 100644 +index bf463afef54b..7717cdde1d65 100644 --- a/Makefile +++ b/Makefile @@ -22,6 +22,18 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ @@ -200,6 +203,335 @@ index 0cccfeb67c3a..a7dccf67c4a1 100644 reserve_initrd(); +diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c +index 69ae5e1b3120..512dfe45d91e 100644 +--- a/arch/x86/kvm/svm/sev.c ++++ b/arch/x86/kvm/svm/sev.c +@@ -2414,15 +2414,18 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *svm) + */ + memset(vcpu->arch.regs, 0, sizeof(vcpu->arch.regs)); + +- vcpu->arch.regs[VCPU_REGS_RAX] = ghcb_get_rax_if_valid(ghcb); +- vcpu->arch.regs[VCPU_REGS_RBX] = ghcb_get_rbx_if_valid(ghcb); +- vcpu->arch.regs[VCPU_REGS_RCX] = ghcb_get_rcx_if_valid(ghcb); +- vcpu->arch.regs[VCPU_REGS_RDX] = ghcb_get_rdx_if_valid(ghcb); +- vcpu->arch.regs[VCPU_REGS_RSI] = ghcb_get_rsi_if_valid(ghcb); ++ BUILD_BUG_ON(sizeof(svm->sev_es.valid_bitmap) != sizeof(ghcb->save.valid_bitmap)); ++ memcpy(&svm->sev_es.valid_bitmap, &ghcb->save.valid_bitmap, sizeof(ghcb->save.valid_bitmap)); + +- svm->vmcb->save.cpl = ghcb_get_cpl_if_valid(ghcb); ++ vcpu->arch.regs[VCPU_REGS_RAX] = kvm_ghcb_get_rax_if_valid(svm, ghcb); ++ vcpu->arch.regs[VCPU_REGS_RBX] = kvm_ghcb_get_rbx_if_valid(svm, ghcb); ++ vcpu->arch.regs[VCPU_REGS_RCX] = kvm_ghcb_get_rcx_if_valid(svm, ghcb); ++ vcpu->arch.regs[VCPU_REGS_RDX] = kvm_ghcb_get_rdx_if_valid(svm, ghcb); ++ vcpu->arch.regs[VCPU_REGS_RSI] = kvm_ghcb_get_rsi_if_valid(svm, ghcb); + +- if (ghcb_xcr0_is_valid(ghcb)) { ++ svm->vmcb->save.cpl = kvm_ghcb_get_cpl_if_valid(svm, ghcb); ++ ++ if (kvm_ghcb_xcr0_is_valid(svm)) { + vcpu->arch.xcr0 = ghcb_get_xcr0(ghcb); + kvm_update_cpuid_runtime(vcpu); + } +@@ -2433,84 +2436,88 @@ static void sev_es_sync_from_ghcb(struct vcpu_svm *svm) + control->exit_code_hi = upper_32_bits(exit_code); + control->exit_info_1 = ghcb_get_sw_exit_info_1(ghcb); + control->exit_info_2 = ghcb_get_sw_exit_info_2(ghcb); ++ svm->sev_es.sw_scratch = kvm_ghcb_get_sw_scratch_if_valid(svm, ghcb); + + /* Clear the valid entries fields */ + memset(ghcb->save.valid_bitmap, 0, sizeof(ghcb->save.valid_bitmap)); + } + ++static u64 kvm_ghcb_get_sw_exit_code(struct vmcb_control_area *control) ++{ ++ return (((u64)control->exit_code_hi) << 32) | control->exit_code; ++} ++ + static int sev_es_validate_vmgexit(struct vcpu_svm *svm) + { +- struct kvm_vcpu *vcpu; +- struct ghcb *ghcb; ++ struct vmcb_control_area *control = &svm->vmcb->control; ++ struct kvm_vcpu *vcpu = &svm->vcpu; + u64 exit_code; + u64 reason; + +- ghcb = svm->sev_es.ghcb; +- + /* + * Retrieve the exit code now even though it may not be marked valid + * as it could help with debugging. + */ +- exit_code = ghcb_get_sw_exit_code(ghcb); ++ exit_code = kvm_ghcb_get_sw_exit_code(control); + + /* Only GHCB Usage code 0 is supported */ +- if (ghcb->ghcb_usage) { ++ if (svm->sev_es.ghcb->ghcb_usage) { + reason = GHCB_ERR_INVALID_USAGE; + goto vmgexit_err; + } + + reason = GHCB_ERR_MISSING_INPUT; + +- if (!ghcb_sw_exit_code_is_valid(ghcb) || +- !ghcb_sw_exit_info_1_is_valid(ghcb) || +- !ghcb_sw_exit_info_2_is_valid(ghcb)) ++ if (!kvm_ghcb_sw_exit_code_is_valid(svm) || ++ !kvm_ghcb_sw_exit_info_1_is_valid(svm) || ++ !kvm_ghcb_sw_exit_info_2_is_valid(svm)) + goto vmgexit_err; + +- switch (ghcb_get_sw_exit_code(ghcb)) { ++ switch (exit_code) { + case SVM_EXIT_READ_DR7: + break; + case SVM_EXIT_WRITE_DR7: +- if (!ghcb_rax_is_valid(ghcb)) ++ if (!kvm_ghcb_rax_is_valid(svm)) + goto vmgexit_err; + break; + case SVM_EXIT_RDTSC: + break; + case SVM_EXIT_RDPMC: +- if (!ghcb_rcx_is_valid(ghcb)) ++ if (!kvm_ghcb_rcx_is_valid(svm)) + goto vmgexit_err; + break; + case SVM_EXIT_CPUID: +- if (!ghcb_rax_is_valid(ghcb) || +- !ghcb_rcx_is_valid(ghcb)) ++ if (!kvm_ghcb_rax_is_valid(svm) || ++ !kvm_ghcb_rcx_is_valid(svm)) + goto vmgexit_err; +- if (ghcb_get_rax(ghcb) == 0xd) +- if (!ghcb_xcr0_is_valid(ghcb)) ++ if (vcpu->arch.regs[VCPU_REGS_RAX] == 0xd) ++ if (!kvm_ghcb_xcr0_is_valid(svm)) + goto vmgexit_err; + break; + case SVM_EXIT_INVD: + break; + case SVM_EXIT_IOIO: +- if (ghcb_get_sw_exit_info_1(ghcb) & SVM_IOIO_STR_MASK) { +- if (!ghcb_sw_scratch_is_valid(ghcb)) ++ if (control->exit_info_1 & SVM_IOIO_STR_MASK) { ++ if (!kvm_ghcb_sw_scratch_is_valid(svm)) + goto vmgexit_err; + } else { +- if (!(ghcb_get_sw_exit_info_1(ghcb) & SVM_IOIO_TYPE_MASK)) +- if (!ghcb_rax_is_valid(ghcb)) ++ if (!(control->exit_info_1 & SVM_IOIO_TYPE_MASK)) ++ if (!kvm_ghcb_rax_is_valid(svm)) + goto vmgexit_err; + } + break; + case SVM_EXIT_MSR: +- if (!ghcb_rcx_is_valid(ghcb)) ++ if (!kvm_ghcb_rcx_is_valid(svm)) + goto vmgexit_err; +- if (ghcb_get_sw_exit_info_1(ghcb)) { +- if (!ghcb_rax_is_valid(ghcb) || +- !ghcb_rdx_is_valid(ghcb)) ++ if (control->exit_info_1) { ++ if (!kvm_ghcb_rax_is_valid(svm) || ++ !kvm_ghcb_rdx_is_valid(svm)) + goto vmgexit_err; + } + break; + case SVM_EXIT_VMMCALL: +- if (!ghcb_rax_is_valid(ghcb) || +- !ghcb_cpl_is_valid(ghcb)) ++ if (!kvm_ghcb_rax_is_valid(svm) || ++ !kvm_ghcb_cpl_is_valid(svm)) + goto vmgexit_err; + break; + case SVM_EXIT_RDTSCP: +@@ -2518,19 +2525,19 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) + case SVM_EXIT_WBINVD: + break; + case SVM_EXIT_MONITOR: +- if (!ghcb_rax_is_valid(ghcb) || +- !ghcb_rcx_is_valid(ghcb) || +- !ghcb_rdx_is_valid(ghcb)) ++ if (!kvm_ghcb_rax_is_valid(svm) || ++ !kvm_ghcb_rcx_is_valid(svm) || ++ !kvm_ghcb_rdx_is_valid(svm)) + goto vmgexit_err; + break; + case SVM_EXIT_MWAIT: +- if (!ghcb_rax_is_valid(ghcb) || +- !ghcb_rcx_is_valid(ghcb)) ++ if (!kvm_ghcb_rax_is_valid(svm) || ++ !kvm_ghcb_rcx_is_valid(svm)) + goto vmgexit_err; + break; + case SVM_VMGEXIT_MMIO_READ: + case SVM_VMGEXIT_MMIO_WRITE: +- if (!ghcb_sw_scratch_is_valid(ghcb)) ++ if (!kvm_ghcb_sw_scratch_is_valid(svm)) + goto vmgexit_err; + break; + case SVM_VMGEXIT_NMI_COMPLETE: +@@ -2546,11 +2553,9 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) + return 0; + + vmgexit_err: +- vcpu = &svm->vcpu; +- + if (reason == GHCB_ERR_INVALID_USAGE) { + vcpu_unimpl(vcpu, "vmgexit: ghcb usage %#x is not valid\n", +- ghcb->ghcb_usage); ++ svm->sev_es.ghcb->ghcb_usage); + } else if (reason == GHCB_ERR_INVALID_EVENT) { + vcpu_unimpl(vcpu, "vmgexit: exit code %#llx is not valid\n", + exit_code); +@@ -2560,11 +2565,8 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) + dump_ghcb(svm); + } + +- /* Clear the valid entries fields */ +- memset(ghcb->save.valid_bitmap, 0, sizeof(ghcb->save.valid_bitmap)); +- +- ghcb_set_sw_exit_info_1(ghcb, 2); +- ghcb_set_sw_exit_info_2(ghcb, reason); ++ ghcb_set_sw_exit_info_1(svm->sev_es.ghcb, 2); ++ ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, reason); + + /* Resume the guest to "return" the error code. */ + return 1; +@@ -2583,7 +2585,7 @@ void sev_es_unmap_ghcb(struct vcpu_svm *svm) + */ + if (svm->sev_es.ghcb_sa_sync) { + kvm_write_guest(svm->vcpu.kvm, +- ghcb_get_sw_scratch(svm->sev_es.ghcb), ++ svm->sev_es.sw_scratch, + svm->sev_es.ghcb_sa, + svm->sev_es.ghcb_sa_len); + svm->sev_es.ghcb_sa_sync = false; +@@ -2629,12 +2631,11 @@ void pre_sev_run(struct vcpu_svm *svm, int cpu) + static int setup_vmgexit_scratch(struct vcpu_svm *svm, bool sync, u64 len) + { + struct vmcb_control_area *control = &svm->vmcb->control; +- struct ghcb *ghcb = svm->sev_es.ghcb; + u64 ghcb_scratch_beg, ghcb_scratch_end; + u64 scratch_gpa_beg, scratch_gpa_end; + void *scratch_va; + +- scratch_gpa_beg = ghcb_get_sw_scratch(ghcb); ++ scratch_gpa_beg = svm->sev_es.sw_scratch; + if (!scratch_gpa_beg) { + pr_err("vmgexit: scratch gpa not provided\n"); + goto e_scratch; +@@ -2705,8 +2706,8 @@ static int setup_vmgexit_scratch(struct vcpu_svm *svm, bool sync, u64 len) + return 0; + + e_scratch: +- ghcb_set_sw_exit_info_1(ghcb, 2); +- ghcb_set_sw_exit_info_2(ghcb, GHCB_ERR_INVALID_SCRATCH_AREA); ++ ghcb_set_sw_exit_info_1(svm->sev_es.ghcb, 2); ++ ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, GHCB_ERR_INVALID_SCRATCH_AREA); + + return 1; + } +@@ -2819,7 +2820,6 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) + struct vcpu_svm *svm = to_svm(vcpu); + struct vmcb_control_area *control = &svm->vmcb->control; + u64 ghcb_gpa, exit_code; +- struct ghcb *ghcb; + int ret; + + /* Validate the GHCB */ +@@ -2844,20 +2844,18 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) + } + + svm->sev_es.ghcb = svm->sev_es.ghcb_map.hva; +- ghcb = svm->sev_es.ghcb_map.hva; + +- trace_kvm_vmgexit_enter(vcpu->vcpu_id, ghcb); +- +- exit_code = ghcb_get_sw_exit_code(ghcb); ++ trace_kvm_vmgexit_enter(vcpu->vcpu_id, svm->sev_es.ghcb); + ++ sev_es_sync_from_ghcb(svm); + ret = sev_es_validate_vmgexit(svm); + if (ret) + return ret; + +- sev_es_sync_from_ghcb(svm); +- ghcb_set_sw_exit_info_1(ghcb, 0); +- ghcb_set_sw_exit_info_2(ghcb, 0); ++ ghcb_set_sw_exit_info_1(svm->sev_es.ghcb, 0); ++ ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, 0); + ++ exit_code = kvm_ghcb_get_sw_exit_code(control); + switch (exit_code) { + case SVM_VMGEXIT_MMIO_READ: + ret = setup_vmgexit_scratch(svm, true, control->exit_info_2); +@@ -2895,13 +2893,13 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) + break; + case 1: + /* Get AP jump table address */ +- ghcb_set_sw_exit_info_2(ghcb, sev->ap_jump_table); ++ ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, sev->ap_jump_table); + break; + default: + pr_err("svm: vmgexit: unsupported AP jump table request - exit_info_1=%#llx\n", + control->exit_info_1); +- ghcb_set_sw_exit_info_1(ghcb, 2); +- ghcb_set_sw_exit_info_2(ghcb, GHCB_ERR_INVALID_INPUT); ++ ghcb_set_sw_exit_info_1(svm->sev_es.ghcb, 2); ++ ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, GHCB_ERR_INVALID_INPUT); + } + + ret = 1; +diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h +index f44751dd8d5d..ece0d5959567 100644 +--- a/arch/x86/kvm/svm/svm.h ++++ b/arch/x86/kvm/svm/svm.h +@@ -190,10 +190,12 @@ struct vcpu_sev_es_state { + /* SEV-ES support */ + struct sev_es_save_area *vmsa; + struct ghcb *ghcb; ++ u8 valid_bitmap[16]; + struct kvm_host_map ghcb_map; + bool received_first_sipi; + + /* SEV-ES scratch area support */ ++ u64 sw_scratch; + void *ghcb_sa; + u32 ghcb_sa_len; + bool ghcb_sa_sync; +@@ -745,4 +747,28 @@ void sev_es_unmap_ghcb(struct vcpu_svm *svm); + void __svm_sev_es_vcpu_run(struct vcpu_svm *svm, bool spec_ctrl_intercepted); + void __svm_vcpu_run(struct vcpu_svm *svm, bool spec_ctrl_intercepted); + ++#define DEFINE_KVM_GHCB_ACCESSORS(field) \ ++ static __always_inline bool kvm_ghcb_##field##_is_valid(const struct vcpu_svm *svm) \ ++ { \ ++ return test_bit(GHCB_BITMAP_IDX(field), \ ++ (unsigned long *)&svm->sev_es.valid_bitmap); \ ++ } \ ++ \ ++ static __always_inline u64 kvm_ghcb_get_##field##_if_valid(struct vcpu_svm *svm, struct ghcb *ghcb) \ ++ { \ ++ return kvm_ghcb_##field##_is_valid(svm) ? ghcb->save.field : 0; \ ++ } \ ++ ++DEFINE_KVM_GHCB_ACCESSORS(cpl) ++DEFINE_KVM_GHCB_ACCESSORS(rax) ++DEFINE_KVM_GHCB_ACCESSORS(rcx) ++DEFINE_KVM_GHCB_ACCESSORS(rdx) ++DEFINE_KVM_GHCB_ACCESSORS(rbx) ++DEFINE_KVM_GHCB_ACCESSORS(rsi) ++DEFINE_KVM_GHCB_ACCESSORS(sw_exit_code) ++DEFINE_KVM_GHCB_ACCESSORS(sw_exit_info_1) ++DEFINE_KVM_GHCB_ACCESSORS(sw_exit_info_2) ++DEFINE_KVM_GHCB_ACCESSORS(sw_scratch) ++DEFINE_KVM_GHCB_ACCESSORS(xcr0) ++ + #endif diff --git a/drivers/acpi/apei/hest.c b/drivers/acpi/apei/hest.c index 6aef1ee5e1bd..8f146b1b4972 100644 --- a/drivers/acpi/apei/hest.c @@ -694,6 +1026,19 @@ index 3c197db42c9d..16e4a2e90fae 100644 pd = sysfb_create_simplefb(si, &mode); if (!IS_ERR(pd)) goto unlock_mutex; +diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +index 9bc86deac9e8..b885c39bd16b 100644 +--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c ++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +@@ -1320,7 +1320,7 @@ int compute_mst_dsc_configs_for_state(struct drm_atomic_state *state, + if (computed_streams[i]) + continue; + +- if (!res_pool->funcs->remove_stream_from_ctx || ++ if (res_pool->funcs->remove_stream_from_ctx && + res_pool->funcs->remove_stream_from_ctx(stream->ctx->dc, dc_state, stream) != DC_OK) + return -EINVAL; + diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c index 84e7ba5314d3..efc96776f761 100644 --- a/drivers/hid/hid-rmi.c |