[x86] Update NX patch set to v7

2019-10-24 22:48:50 +01:00 · 2019-10-24 22:48:50 +01:00 · b2cc5e7f74
parent 96c0e74c50
commit b2cc5e7f74
5 changed files with 41 additions and 24 deletions
--- a/debian/patches/bugfix/x86/itlb_multihit/0009-x86-Add-ITLB_MULTIHIT-bug-infrastructure.patch
+++ b/debian/patches/bugfix/x86/itlb_multihit/0009-x86-Add-ITLB_MULTIHIT-bug-infrastructure.patch
@ -1,5 +1,5 @@
 From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
-Date: Fri, 11 Oct 2019 12:40:12 +0200
+Date: Thu, 24 Oct 2019 18:34:26 +0200
 Subject: x86: Add ITLB_MULTIHIT bug infrastructure

 Some processors may incur a machine check error possibly
--- a/debian/patches/bugfix/x86/itlb_multihit/0010-kvm-mmu-ITLB_MULTIHIT-mitigation.patch
+++ b/debian/patches/bugfix/x86/itlb_multihit/0010-kvm-mmu-ITLB_MULTIHIT-mitigation.patch
@ -1,5 +1,5 @@
 From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Fri, 11 Oct 2019 12:40:14 +0200
+Date: Thu, 24 Oct 2019 18:34:28 +0200
 Subject: kvm: mmu: ITLB_MULTIHIT mitigation

 With some Intel processors, putting the same virtual address in the TLB
@ -30,8 +30,8 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 arch/x86/kernel/cpu/bugs.c                    |  13 +-
 arch/x86/kvm/mmu.c                            | 135 +++++++++++++++++-
 arch/x86/kvm/paging_tmpl.h                    |  29 +++-
- arch/x86/kvm/x86.c                            |   1 +
- 6 files changed, 178 insertions(+), 13 deletions(-)
+ arch/x86/kvm/x86.c                            |   9 ++
+ 6 files changed, 186 insertions(+), 13 deletions(-)

 diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
 index 16607b178b47..b2c1a5c63ab3 100644
@ -451,7 +451,7 @@ index 3b022b08b577..adf42dc8d38b 100644
 
 out_unlock:
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 2714c1a0e59f..406a37aa61c7 100644
+index 2714c1a0e59f..ec80bb27504f 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
@@ -206,6 +206,7 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
@ -462,3 +462,18 @@ index 2714c1a0e59f..406a37aa61c7 100644
 	{ "max_mmu_page_hash_collisions",
 		VM_STAT(max_mmu_page_hash_collisions) },
 	{ NULL }
+@@ -1130,6 +1131,14 @@ u64 kvm_get_arch_capabilities(void)
+ 
+ 	rdmsrl_safe(MSR_IA32_ARCH_CAPABILITIES, &data);
+ 
+	/*
+	 * If nx_huge_pages is enabled, KVM's shadow paging will ensure that
+	 * the nested hypervisor runs with NX huge pages.  If it is not,
+	 * L1 is anyway vulnerable to ITLB_MULTIHIT explots from other
+	 * L1 guests, so it need not worry about its own (L2) guests.
+	 */
+	data |= ARCH_CAP_PSCHANGE_MC_NO;
+
+ 	/*
+ 	 * If we're doing cache flushes (either "always" or "cond")
+ 	 * we will do one whenever the guest does a vmlaunch/vmresume.
--- a/debian/patches/bugfix/x86/itlb_multihit/0011-kvm-Add-helper-function-for-creating-VM-worker-threa.patch
+++ b/debian/patches/bugfix/x86/itlb_multihit/0011-kvm-Add-helper-function-for-creating-VM-worker-threa.patch
@ -1,6 +1,8 @@
 From: Junaid Shahid <junaids@google.com>
-Date: Fri, 11 Oct 2019 12:40:15 +0200
-Subject: kvm: Add helper function for creating VM worker threads
+Date: Thu, 24 Oct 2019 18:34:29 +0200
+Subject: kvm: Add helper function for creating VM worker
+
+ threads

 This adds a function to create a kernel thread associated with a given
 VM. In particular, it ensures that the worker thread inherits the
--- a/debian/patches/bugfix/x86/itlb_multihit/0012-kvm-x86-mmu-Recovery-of-shattered-NX-large-pages.patch
+++ b/debian/patches/bugfix/x86/itlb_multihit/0012-kvm-x86-mmu-Recovery-of-shattered-NX-large-pages.patch
@ -1,5 +1,5 @@
 From: Junaid Shahid <junaids@google.com>
-Date: Fri, 11 Oct 2019 12:40:16 +0200
+Date: Thu, 24 Oct 2019 18:34:30 +0200
 Subject: kvm: x86: mmu: Recovery of shattered NX large pages

 The page table pages corresponding to broken down large pages are
@ -266,10 +266,10 @@ index 65892288bf51..f7b2de7b6382 100644
 +
 #endif
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 406a37aa61c7..1ecadf51f154 100644
+index ec80bb27504f..da688e726632 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
-@@ -8950,6 +8950,7 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
+@@ -8958,6 +8958,7 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
 	INIT_HLIST_HEAD(&kvm->arch.mask_notifier_list);
 	INIT_LIST_HEAD(&kvm->arch.active_mmu_pages);
 	INIT_LIST_HEAD(&kvm->arch.zapped_obsolete_pages);
@ -277,7 +277,7 @@ index 406a37aa61c7..1ecadf51f154 100644
 	INIT_LIST_HEAD(&kvm->arch.assigned_dev_head);
 	atomic_set(&kvm->arch.noncoherent_dma_count, 0);
 
-@@ -8981,6 +8982,11 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
+@@ -8989,6 +8990,11 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
 	return 0;
 }
 
@ -289,7 +289,7 @@ index 406a37aa61c7..1ecadf51f154 100644
 static void kvm_unload_vcpu_mmu(struct kvm_vcpu *vcpu)
 {
 	vcpu_load(vcpu);
-@@ -9082,6 +9088,11 @@ int x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
+@@ -9090,6 +9096,11 @@ int x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
 }
 EXPORT_SYMBOL_GPL(x86_set_memory_region);
 
--- a/debian/patches/series
+++ b/debian/patches/series
@ -258,18 +258,18 @@ bugfix/all/ALSA-usb-audio-Fix-a-stack-buffer-overflow-bug-in-check_input_term.pa
 bugfix/all/vhost-make-sure-log_num-in_num.patch
 bugfix/x86/x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch
 bugfix/all/KVM-coalesced_mmio-add-bounds-checking.patch
-bugfix/x86//itlb_multihit/0001-KVM-x86-adjust-kvm_mmu_page-member-to-save-8-bytes.patch
-bugfix/x86//itlb_multihit/0002-kvm-Convert-kvm_lock-to-a-mutex.patch
-bugfix/x86//itlb_multihit/0003-kvm-x86-Do-not-release-the-page-inside-mmu_set_spte.patch
-bugfix/x86//itlb_multihit/0004-KVM-x86-make-FNAME-fetch-and-__direct_map-more-simil.patch
-bugfix/x86//itlb_multihit/0005-KVM-x86-remove-now-unneeded-hugepage-gfn-adjustment.patch
-bugfix/x86//itlb_multihit/0006-KVM-x86-change-kvm_mmu_page_get_gfn-BUG_ON-to-WARN_O.patch
-bugfix/x86//itlb_multihit/0007-KVM-x86-add-tracepoints-around-__direct_map-and-FNAM.patch
-bugfix/x86//itlb_multihit/0008-kvm-x86-powerpc-do-not-allow-clearing-largepages-deb.patch
-bugfix/x86//itlb_multihit/0009-x86-Add-ITLB_MULTIHIT-bug-infrastructure.patch
-bugfix/x86//itlb_multihit/0010-kvm-mmu-ITLB_MULTIHIT-mitigation.patch
-bugfix/x86//itlb_multihit/0011-kvm-Add-helper-function-for-creating-VM-worker-threa.patch
-bugfix/x86//itlb_multihit/0012-kvm-x86-mmu-Recovery-of-shattered-NX-large-pages.patch
+bugfix/x86/itlb_multihit/0001-KVM-x86-adjust-kvm_mmu_page-member-to-save-8-bytes.patch
+bugfix/x86/itlb_multihit/0002-kvm-Convert-kvm_lock-to-a-mutex.patch
+bugfix/x86/itlb_multihit/0003-kvm-x86-Do-not-release-the-page-inside-mmu_set_spte.patch
+bugfix/x86/itlb_multihit/0004-KVM-x86-make-FNAME-fetch-and-__direct_map-more-simil.patch
+bugfix/x86/itlb_multihit/0005-KVM-x86-remove-now-unneeded-hugepage-gfn-adjustment.patch
+bugfix/x86/itlb_multihit/0006-KVM-x86-change-kvm_mmu_page_get_gfn-BUG_ON-to-WARN_O.patch
+bugfix/x86/itlb_multihit/0007-KVM-x86-add-tracepoints-around-__direct_map-and-FNAM.patch
+bugfix/x86/itlb_multihit/0008-kvm-x86-powerpc-do-not-allow-clearing-largepages-deb.patch
+bugfix/x86/itlb_multihit/0009-x86-Add-ITLB_MULTIHIT-bug-infrastructure.patch
+bugfix/x86/itlb_multihit/0010-kvm-mmu-ITLB_MULTIHIT-mitigation.patch
+bugfix/x86/itlb_multihit/0011-kvm-Add-helper-function-for-creating-VM-worker.patch
+bugfix/x86/itlb_multihit/0012-kvm-x86-mmu-Recovery-of-shattered-NX-large-pages.patch
 bugfix/x86/taa/0013-TAAv6-1.patch
 bugfix/x86/taa/0014-TAAv6-2.patch
 bugfix/x86/taa/0015-TAAv6-3.patch