3.14-stable patches

added patches:
	mips-kvm-fix-modular-kvm-under-qemu.patch
	signal-remove-warning-about-using-si_tkill-in-rt_sigqueueinfo.patch

diff --git a/queue-3.14/mips-kvm-fix-modular-kvm-under-qemu.patch b/queue-3.14/mips-kvm-fix-modular-kvm-under-qemu.patch
new file mode 100644 (file)
index 0000000..ac9286c
--- /dev/null
+++ b/queue-3.14/mips-kvm-fix-modular-kvm-under-qemu.patch
@@ -0,0 +1,107 @@
+From 797179bc4fe06c89e47a9f36f886f68640b423f8 Mon Sep 17 00:00:00 2001
+From: James Hogan <james.hogan@imgtec.com>
+Date: Thu, 9 Jun 2016 10:50:43 +0100
+Subject: MIPS: KVM: Fix modular KVM under QEMU
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: James Hogan <james.hogan@imgtec.com>
+
+commit 797179bc4fe06c89e47a9f36f886f68640b423f8 upstream.
+
+Copy __kvm_mips_vcpu_run() into unmapped memory, so that we can never
+get a TLB refill exception in it when KVM is built as a module.
+
+This was observed to happen with the host MIPS kernel running under
+QEMU, due to a not entirely transparent optimisation in the QEMU TLB
+handling where TLB entries replaced with TLBWR are copied to a separate
+part of the TLB array. Code in those pages continue to be executable,
+but those mappings persist only until the next ASID switch, even if they
+are marked global.
+
+An ASID switch happens in __kvm_mips_vcpu_run() at exception level after
+switching to the guest exception base. Subsequent TLB mapped kernel
+instructions just prior to switching to the guest trigger a TLB refill
+exception, which enters the guest exception handlers without updating
+EPC. This appears as a guest triggered TLB refill on a host kernel
+mapped (host KSeg2) address, which is not handled correctly as user
+(guest) mode accesses to kernel (host) segments always generate address
+error exceptions.
+
+Signed-off-by: James Hogan <james.hogan@imgtec.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Radim Krčmář <rkrcmar@redhat.com>
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Cc: kvm@vger.kernel.org
+Cc: linux-mips@linux-mips.org
+Cc: <stable@vger.kernel.org> # 3.10.x-
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+[james.hogan@imgtec.com: backported for stable 3.14]
+Signed-off-by: James Hogan <james.hogan@imgtec.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/mips/include/asm/kvm_host.h |    1 +
+ arch/mips/kvm/kvm_locore.S       |    1 +
+ arch/mips/kvm/kvm_mips.c         |   11 ++++++++++-
+ arch/mips/kvm/kvm_mips_int.h     |    2 ++
+ 4 files changed, 14 insertions(+), 1 deletion(-)
+
+--- a/arch/mips/include/asm/kvm_host.h
++++ b/arch/mips/include/asm/kvm_host.h
+@@ -342,6 +342,7 @@ struct kvm_mips_tlb {
+ #define KVM_MIPS_GUEST_TLB_SIZE     64
+ struct kvm_vcpu_arch {
+       void *host_ebase, *guest_ebase;
++      int (*vcpu_run)(struct kvm_run *run, struct kvm_vcpu *vcpu);
+       unsigned long host_stack;
+       unsigned long host_gp;
+ 
+--- a/arch/mips/kvm/kvm_locore.S
++++ b/arch/mips/kvm/kvm_locore.S
+@@ -229,6 +229,7 @@ FEXPORT(__kvm_mips_load_k0k1)
+ 
+       /* Jump to guest */
+       eret
++EXPORT(__kvm_mips_vcpu_run_end)
+ 
+ VECTOR(MIPSX(exception), unknown)
+ /*
+--- a/arch/mips/kvm/kvm_mips.c
++++ b/arch/mips/kvm/kvm_mips.c
+@@ -348,6 +348,15 @@ struct kvm_vcpu *kvm_arch_vcpu_create(st
+       memcpy(gebase + offset, mips32_GuestException,
+              mips32_GuestExceptionEnd - mips32_GuestException);
+ 
++#ifdef MODULE
++      offset += mips32_GuestExceptionEnd - mips32_GuestException;
++      memcpy(gebase + offset, (char *)__kvm_mips_vcpu_run,
++             __kvm_mips_vcpu_run_end - (char *)__kvm_mips_vcpu_run);
++      vcpu->arch.vcpu_run = gebase + offset;
++#else
++      vcpu->arch.vcpu_run = __kvm_mips_vcpu_run;
++#endif
++
+       /* Invalidate the icache for these ranges */
+       mips32_SyncICache((unsigned long) gebase, ALIGN(size, PAGE_SIZE));
+ 
+@@ -431,7 +440,7 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_v
+ 
+       kvm_guest_enter();
+ 
+-      r = __kvm_mips_vcpu_run(run, vcpu);
++      r = vcpu->arch.vcpu_run(run, vcpu);
+ 
+       kvm_guest_exit();
+       local_irq_enable();
+--- a/arch/mips/kvm/kvm_mips_int.h
++++ b/arch/mips/kvm/kvm_mips_int.h
+@@ -27,6 +27,8 @@
+ #define MIPS_EXC_MAX                12
+ /* XXXSL More to follow */
+ 
++extern char __kvm_mips_vcpu_run_end[];
++
+ #define C_TI        (_ULCAST_(1) << 30)
+ 
+ #define KVM_MIPS_IRQ_DELIVER_ALL_AT_ONCE (0)

diff --git a/queue-3.14/series b/queue-3.14/series
index 6daa9514f2ff3aefebbad888f54e0c021fad03da..5c9a88c7688eb8e1368cc3c40ea2d15aeedb1726 100644 (file)
--- a/queue-3.14/series
+++ b/queue-3.14/series
@@ -22,3 +22,5 @@ mm-export-migrate_page_move_mapping-and-migrate_page_copy.patch
 ubifs-implement-migratepage.patch
 posix_acl-add-set_posix_acl.patch
 nfsd-check-permissions-when-setting-acls.patch
+signal-remove-warning-about-using-si_tkill-in-rt_sigqueueinfo.patch
+mips-kvm-fix-modular-kvm-under-qemu.patch

diff --git a/queue-3.14/signal-remove-warning-about-using-si_tkill-in-rt_sigqueueinfo.patch b/queue-3.14/signal-remove-warning-about-using-si_tkill-in-rt_sigqueueinfo.patch
new file mode 100644 (file)
index 0000000..dd41788
--- /dev/null
+++ b/queue-3.14/signal-remove-warning-about-using-si_tkill-in-rt_sigqueueinfo.patch
@@ -0,0 +1,64 @@
+From 69828dce7af2cb6d08ef5a03de687d422fb7ec1f Mon Sep 17 00:00:00 2001
+From: Vladimir Davydov <vdavydov@parallels.com>
+Date: Thu, 16 Apr 2015 12:47:35 -0700
+Subject: signal: remove warning about using SI_TKILL in rt_[tg]sigqueueinfo
+
+From: Vladimir Davydov <vdavydov@parallels.com>
+
+commit 69828dce7af2cb6d08ef5a03de687d422fb7ec1f upstream.
+
+Sending SI_TKILL from rt_[tg]sigqueueinfo was deprecated, so now we issue
+a warning on the first attempt of doing it.  We use WARN_ON_ONCE, which is
+not informative and, what is worse, taints the kernel, making the trinity
+syscall fuzzer complain false-positively from time to time.
+
+It does not look like we need this warning at all, because the behaviour
+changed quite a long time ago (2.6.39), and if an application relies on
+the old API, it gets EPERM anyway and can issue a warning by itself.
+
+So let us zap the warning in kernel.
+
+Signed-off-by: Vladimir Davydov <vdavydov@parallels.com>
+Acked-by: Oleg Nesterov <oleg@redhat.com>
+Cc: Richard Weinberger <richard@nod.at>
+Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/signal.c |   14 +++++---------
+ 1 file changed, 5 insertions(+), 9 deletions(-)
+
+--- a/kernel/signal.c
++++ b/kernel/signal.c
+@@ -3004,11 +3004,9 @@ static int do_rt_sigqueueinfo(pid_t pid,
+        * Nor can they impersonate a kill()/tgkill(), which adds source info.
+        */
+       if ((info->si_code >= 0 || info->si_code == SI_TKILL) &&
+-          (task_pid_vnr(current) != pid)) {
+-              /* We used to allow any < 0 si_code */
+-              WARN_ON_ONCE(info->si_code < 0);
++          (task_pid_vnr(current) != pid))
+               return -EPERM;
+-      }
++
+       info->si_signo = sig;
+ 
+       /* POSIX.1b doesn't mention process groups.  */
+@@ -3053,12 +3051,10 @@ static int do_rt_tgsigqueueinfo(pid_t tg
+       /* Not even root can pretend to send signals from the kernel.
+        * Nor can they impersonate a kill()/tgkill(), which adds source info.
+        */
+-      if (((info->si_code >= 0 || info->si_code == SI_TKILL)) &&
+-          (task_pid_vnr(current) != pid)) {
+-              /* We used to allow any < 0 si_code */
+-              WARN_ON_ONCE(info->si_code < 0);
++      if ((info->si_code >= 0 || info->si_code == SI_TKILL) &&
++          (task_pid_vnr(current) != pid))
+               return -EPERM;
+-      }
++
+       info->si_signo = sig;
+ 
+       return do_send_specific(tgid, pid, sig, info);