On Fri, May 11, 2018 at 04:19:06PM +1000, Paul Mackerras wrote:
> commit a8b48a4dccea77e29462e59f1dbf0d5aa1ff167c upstream.
>
> This fixes a bug where the trap number that is returned by
> __kvmppc_vcore_entry gets corrupted. The effect of the corruption
> is that IPIs get ignored on POWER9 systems when the IPI is sent via
> a doorbell interrupt to a CPU which is executing in a KVM guest.
> The effect of the IPI being ignored is often that another CPU locks
> up inside smp_call_function_many() (and if that CPU is holding a
> spinlock, other CPUs then lock up inside raw_spin_lock()).
>
> The trap number is currently held in register r12 for most of the
> assembly-language part of the guest exit path. In that path, we
> call kvmppc_subcore_exit_guest(), which is a C function, without
> restoring r12 afterwards. Depending on the kernel config and the
> compiler, it may modify r12 or it may not, so some config/compiler
> combinations see the bug and others don't.
>
> To fix this, we arrange for the trap number to be stored on the
> stack from the point where kvmhv_commence_exit is called until the
> end of the function, then the trap number is loaded and returned in
> r12 as before.
>
> Cc: stable@xxxxxxxxxxxxxxx # v4.8+
> Fixes: fd7bacbca47a ("KVM: PPC: Book3S HV: Fix TB corruption in guest exit path on HMI interrupt")
> Signed-off-by: Paul Mackerras <paulus@xxxxxxxxxx>
> ---
> arch/powerpc/kvm/book3s_hv_rmhandlers.S | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
Now applied, thanks.
greg k-h
