linux-stable.git/drivers/hv, branch v5.12.2 Linux kernel stable tree mm/memory_hotplug: MEMHP_MERGE_RESOURCE -> MHP_MERGE_RESOURCE 2021-02-26T17:41:00+00:00 David Hildenbrand david@redhat.com 2021-02-26T01:17:17+00:00 26011267e1a7ddaab50b5f81b402ca3e7fc2887c Let's make "MEMHP_MERGE_RESOURCE" consistent with "MHP_NONE", "mhp_t" and "mhp_flags". As discussed recently [1], "mhp" is our internal acronym for memory hotplug now. [1] https://lore.kernel.org/linux-mm/c37de2d0-28a1-4f7d-f944-cfd7d81c334d@redhat.com/ Link: https://lkml.kernel.org/r/20210126115829.10909-1-david@redhat.com Signed-off-by: David Hildenbrand <david@redhat.com> Reviewed-by: Miaohe Lin <linmiaohe@huawei.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Oscar Salvador <osalvador@suse.de> Acked-by: Wei Liu <wei.liu@kernel.org> Reviewed-by: Pankaj Gupta <pankaj.gupta@cloud.ionos.com> Cc: "K. Y. Srinivasan" <kys@microsoft.com> Cc: Haiyang Zhang <haiyangz@microsoft.com> Cc: Stephen Hemminger <sthemmin@microsoft.com> Cc: Jason Wang <jasowang@redhat.com> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> Cc: Juergen Gross <jgross@suse.com> Cc: Stefano Stabellini <sstabellini@kernel.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Anshuman Khandual <anshuman.khandual@arm.com> Cc: Wei Yang <richard.weiyang@linux.alibaba.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Let's make "MEMHP_MERGE_RESOURCE" consistent with "MHP_NONE", "mhp_t" and
"mhp_flags".  As discussed recently [1], "mhp" is our internal acronym for
memory hotplug now.

[1] https://lore.kernel.org/linux-mm/c37de2d0-28a1-4f7d-f944-cfd7d81c334d@redhat.com/

Link: https://lkml.kernel.org/r/20210126115829.10909-1-david@redhat.com
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Acked-by: Wei Liu <wei.liu@kernel.org>
Reviewed-by: Pankaj Gupta <pankaj.gupta@cloud.ionos.com>
Cc: "K. Y. Srinivasan" <kys@microsoft.com>
Cc: Haiyang Zhang <haiyangz@microsoft.com>
Cc: Stephen Hemminger <sthemmin@microsoft.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: Wei Yang <richard.weiyang@linux.alibaba.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Revert "Drivers: hv: vmbus: Copy packets sent by Hyper-V out of the ring buffer" 2021-02-15T10:49:11+00:00 Wei Liu wei.liu@kernel.org 2021-02-15T10:44:58+00:00 3019270282a175defc02c8331786c73e082cd2a8 This reverts commit a8c3209998afb5c4941b49e35b513cea9050cb4a. It is reported that the said commit caused regression in netvsc. Reported-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com> Signed-off-by: Wei Liu <wei.liu@kernel.org> 
This reverts commit a8c3209998afb5c4941b49e35b513cea9050cb4a.

It is reported that the said commit caused regression in netvsc.

Reported-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Drivers: hv: vmbus: skip VMBus initialization if Linux is root 2021-02-11T08:47:06+00:00 Wei Liu wei.liu@kernel.org 2021-02-03T15:04:22+00:00 7e279d78664aa91107ebff4b03eca367967f5908 There is no VMBus and the other infrastructures initialized in hv_acpi_init when Linux is running as the root partition. Signed-off-by: Wei Liu <wei.liu@kernel.org> Reviewed-by: Pavel Tatashin <pasha.tatashin@soleen.com> Reviewed-by: Michael Kelley <mikelley@microsoft.com> Link: https://lore.kernel.org/r/20210203150435.27941-4-wei.liu@kernel.org 
There is no VMBus and the other infrastructures initialized in
hv_acpi_init when Linux is running as the root partition.

Signed-off-by: Wei Liu <wei.liu@kernel.org>
Reviewed-by: Pavel Tatashin <pasha.tatashin@soleen.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20210203150435.27941-4-wei.liu@kernel.org
Drivers: hv: vmbus: Enforce 'VMBus version >= 5.2' on isolated guests 2021-02-11T08:47:05+00:00 Andrea Parri (Microsoft) parri.andrea@gmail.com 2021-02-01T14:48:13+00:00 7ef4b2f0d9adb73eb66e1f87f22953169c3dc7f8 Restrict the protocol version(s) that will be negotiated with the host to be 5.2 or greater if the guest is running isolated. This reduces the footprint of the code that will be exercised by Confidential VMs and hence the exposure to bugs and vulnerabilities. Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com> Reviewed-by: Michael Kelley <mikelley@microsoft.com> Link: https://lore.kernel.org/r/20210201144814.2701-4-parri.andrea@gmail.com Signed-off-by: Wei Liu <wei.liu@kernel.org> 
Restrict the protocol version(s) that will be negotiated with the host
to be 5.2 or greater if the guest is running isolated.  This reduces the
footprint of the code that will be exercised by Confidential VMs and
hence the exposure to bugs and vulnerabilities.

Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20210201144814.2701-4-parri.andrea@gmail.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Drivers: hv: vmbus: Restrict vmbus_devices on isolated guests 2021-02-11T08:47:05+00:00 Andrea Parri (Microsoft) parri.andrea@gmail.com 2021-02-01T14:48:12+00:00 21a4e356d3588806307555c149b80cec3dedb180 Only the VSCs or ICs that have been hardened and that are critical for the successful adoption of Confidential VMs should be allowed if the guest is running isolated. This change reduces the footprint of the code that will be exercised by Confidential VMs and hence the exposure to bugs and vulnerabilities. Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com> Reviewed-by: Michael Kelley <mikelley@microsoft.com> Link: https://lore.kernel.org/r/20210201144814.2701-3-parri.andrea@gmail.com Signed-off-by: Wei Liu <wei.liu@kernel.org> 
Only the VSCs or ICs that have been hardened and that are critical for
the successful adoption of Confidential VMs should be allowed if the
guest is running isolated.  This change reduces the footprint of the
code that will be exercised by Confidential VMs and hence the exposure
to bugs and vulnerabilities.

Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20210201144814.2701-3-parri.andrea@gmail.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
hv_utils: Fix spelling mistake "Hearbeat" -> "Heartbeat" 2021-02-11T08:47:05+00:00 Colin Ian King colin.king@canonical.com 2021-01-27T23:31:36+00:00 bdb49526d25b076af4bd31b2fc66986ff0df1127 There is a spelling mistake in an error message. Fix it. Signed-off-by: Colin Ian King <colin.king@canonical.com> Link: https://lore.kernel.org/r/20210127233136.623465-1-colin.king@canonical.com Signed-off-by: Wei Liu <wei.liu@kernel.org> 
There is a spelling mistake in an error message. Fix it.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Link: https://lore.kernel.org/r/20210127233136.623465-1-colin.king@canonical.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation 2021-02-11T08:47:05+00:00 Dexuan Cui decui@microsoft.com 2021-01-07T01:45:52+00:00 c068e3f484268458defea3e1a19d821017f88d26 When a Linux VM runs on Hyper-V, if the host toolstack doesn't support hibernation for the VM (this happens on old Hyper-V hosts like Windows Server 2016, or new Hyper-V hosts if the admin or user doesn't declare the hibernation intent for the VM), the VM is discouraged from trying hibernation (because the host doesn't guarantee that the VM's virtual hardware configuration will remain exactly the same across hibernation), i.e. the VM should not try to set up the swap partition/file for hibernation, etc. x86 Hyper-V uses the presence of the virtual ACPI S4 state as the indication of the host toolstack support for a VM. Currently there is no easy and reliable way for the userspace to detect the presence of the state (see https://lkml.org/lkml/2020/12/11/1097). Add /sys/bus/vmbus/hibernation for this purpose. Signed-off-by: Dexuan Cui <decui@microsoft.com> Reviewed-by: Michael Kelley <mikelley@microsoft.com> Link: https://lore.kernel.org/r/20210107014552.14234-1-decui@microsoft.com Signed-off-by: Wei Liu <wei.liu@kernel.org> 
When a Linux VM runs on Hyper-V, if the host toolstack doesn't support
hibernation for the VM (this happens on old Hyper-V hosts like Windows
Server 2016, or new Hyper-V hosts if the admin or user doesn't declare
the hibernation intent for the VM), the VM is discouraged from trying
hibernation (because the host doesn't guarantee that the VM's virtual
hardware configuration will remain exactly the same across hibernation),
i.e. the VM should not try to set up the swap partition/file for
hibernation, etc.

x86 Hyper-V uses the presence of the virtual ACPI S4 state as the
indication of the host toolstack support for a VM. Currently there is
no easy and reliable way for the userspace to detect the presence of
the state (see https://lkml.org/lkml/2020/12/11/1097).  Add
/sys/bus/vmbus/hibernation for this purpose.

Signed-off-by: Dexuan Cui <decui@microsoft.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20210107014552.14234-1-decui@microsoft.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Drivers: hv: vmbus: Resolve race condition in vmbus_onoffer_rescind() 2021-02-05T09:55:42+00:00 Andrea Parri (Microsoft) parri.andrea@gmail.com 2020-12-09T07:08:26+00:00 e4d221b42354b2e2ddb9187a806afb651eee2cda An erroneous or malicious host could send multiple rescind messages for a same channel. In vmbus_onoffer_rescind(), the guest maps the channel ID to obtain a pointer to the channel object and it eventually releases such object and associated data. The host could time rescind messages and lead to an use-after-free. Add a new flag to the channel structure to make sure that only one instance of vmbus_onoffer_rescind() can get the reference to the channel object. Reported-by: Juan Vazquez <juvazq@microsoft.com> Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com> Reviewed-by: Michael Kelley <mikelley@microsoft.com> Link: https://lore.kernel.org/r/20201209070827.29335-6-parri.andrea@gmail.com Signed-off-by: Wei Liu <wei.liu@kernel.org> 
An erroneous or malicious host could send multiple rescind messages for
a same channel.  In vmbus_onoffer_rescind(), the guest maps the channel
ID to obtain a pointer to the channel object and it eventually releases
such object and associated data.  The host could time rescind messages
and lead to an use-after-free.  Add a new flag to the channel structure
to make sure that only one instance of vmbus_onoffer_rescind() can get
the reference to the channel object.

Reported-by: Juan Vazquez <juvazq@microsoft.com>
Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20201209070827.29335-6-parri.andrea@gmail.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() 2021-02-05T09:55:42+00:00 Andrea Parri (Microsoft) parri.andrea@gmail.com 2020-12-09T07:08:25+00:00 e3fa4b747f085d2cda09bba0533b86fa76038635 When channel->device_obj is non-NULL, vmbus_onoffer_rescind() could invoke put_device(), that will eventually release the device and free the channel object (cf. vmbus_device_release()). However, a pointer to the object is dereferenced again later to load the primary_channel. The use-after-free can be avoided by noticing that this load/check is redundant if device_obj is non-NULL: primary_channel must be NULL if device_obj is non-NULL, cf. vmbus_add_channel_work(). Fixes: 54a66265d6754b ("Drivers: hv: vmbus: Fix rescind handling") Reported-by: Juan Vazquez <juvazq@microsoft.com> Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com> Reviewed-by: Michael Kelley <mikelley@microsoft.com> Link: https://lore.kernel.org/r/20201209070827.29335-5-parri.andrea@gmail.com Signed-off-by: Wei Liu <wei.liu@kernel.org> 
When channel->device_obj is non-NULL, vmbus_onoffer_rescind() could
invoke put_device(), that will eventually release the device and free
the channel object (cf. vmbus_device_release()).  However, a pointer
to the object is dereferenced again later to load the primary_channel.
The use-after-free can be avoided by noticing that this load/check is
redundant if device_obj is non-NULL: primary_channel must be NULL if
device_obj is non-NULL, cf. vmbus_add_channel_work().

Fixes: 54a66265d6754b ("Drivers: hv: vmbus: Fix rescind handling")
Reported-by: Juan Vazquez <juvazq@microsoft.com>
Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20201209070827.29335-5-parri.andrea@gmail.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Drivers: hv: vmbus: Copy the hv_message in vmbus_on_msg_dpc() 2021-02-05T09:55:42+00:00 Andrea Parri (Microsoft) parri.andrea@gmail.com 2020-12-09T07:08:24+00:00 fe8c1b18a27de4d6ca5d99b3ffb3125dc69a5b76 Since the message is in memory shared with the host, an erroneous or a malicious Hyper-V could 'corrupt' the message while vmbus_on_msg_dpc() or individual message handlers are executing. To prevent it, copy the message into private memory. Reported-by: Juan Vazquez <juvazq@microsoft.com> Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com> Reviewed-by: Michael Kelley <mikelley@microsoft.com> Link: https://lore.kernel.org/r/20201209070827.29335-4-parri.andrea@gmail.com Signed-off-by: Wei Liu <wei.liu@kernel.org> 
Since the message is in memory shared with the host, an erroneous or a
malicious Hyper-V could 'corrupt' the message while vmbus_on_msg_dpc()
or individual message handlers are executing.  To prevent it, copy the
message into private memory.

Reported-by: Juan Vazquez <juvazq@microsoft.com>
Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20201209070827.29335-4-parri.andrea@gmail.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>