removed queue-3.14/kvm-ppc-book3s-hv-save-restore-tm-state-in-h_cede.patch

diff --git a/queue-3.14/kvm-ppc-book3s-hv-save-restore-tm-state-in-h_cede.patch b/queue-3.14/kvm-ppc-book3s-hv-save-restore-tm-state-in-h_cede.patch
deleted file mode 100644 (file)
index 14c9755..0000000
--- a/queue-3.14/kvm-ppc-book3s-hv-save-restore-tm-state-in-h_cede.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 93d17397e4e2182fdaad503e2f9da46202c0f1c3 Mon Sep 17 00:00:00 2001
-From: Paul Mackerras <paulus@ozlabs.org>
-Date: Wed, 22 Jun 2016 15:52:55 +1000
-Subject: KVM: PPC: Book3S HV: Save/restore TM state in H_CEDE
-
-From: Paul Mackerras <paulus@ozlabs.org>
-
-commit 93d17397e4e2182fdaad503e2f9da46202c0f1c3 upstream.
-
-It turns out that if the guest does a H_CEDE while the CPU is in
-a transactional state, and the H_CEDE does a nap, and the nap
-loses the architected state of the CPU (which is is allowed to do),
-then we lose the checkpointed state of the virtual CPU.  In addition,
-the transactional-memory state recorded in the MSR gets reset back
-to non-transactional, and when we try to return to the guest, we take
-a TM bad thing type of program interrupt because we are trying to
-transition from non-transactional to transactional with a hrfid
-instruction, which is not permitted.
-
-The result of the program interrupt occurring at that point is that
-the host CPU will hang in an infinite loop with interrupts disabled.
-Thus this is a denial of service vulnerability in the host which can
-be triggered by any guest (and depending on the guest kernel, it can
-potentially triggered by unprivileged userspace in the guest).
-
-This vulnerability has been assigned the ID CVE-2016-5412.
-
-To fix this, we save the TM state before napping and restore it
-on exit from the nap, when handling a H_CEDE in real mode.  The
-case where H_CEDE exits to host virtual mode is already OK (as are
-other hcalls which exit to host virtual mode) because the exit
-path saves the TM state.
-
-Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- arch/powerpc/kvm/book3s_hv_rmhandlers.S |   13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
---- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
-+++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
-@@ -1901,6 +1901,13 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_206)
-       /* save FP state */
-       bl      kvmppc_save_fp
- 
-+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
-+BEGIN_FTR_SECTION
-+      ld      r9, HSTATE_KVM_VCPU(r13)
-+      bl      kvmppc_save_tm
-+END_FTR_SECTION_IFSET(CPU_FTR_TM)
-+#endif
-+
-       /*
-        * Take a nap until a decrementer or external or doobell interrupt
-        * occurs, with PECE1, PECE0 and PECEDP set in LPCR
-@@ -1935,6 +1942,12 @@ kvm_end_cede:
-       /* Woken by external or decrementer interrupt */
-       ld      r1, HSTATE_HOST_R1(r13)
- 
-+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
-+BEGIN_FTR_SECTION
-+      bl      kvmppc_restore_tm
-+END_FTR_SECTION_IFSET(CPU_FTR_TM)
-+#endif
-+
-       /* load up FP state */
-       bl      kvmppc_load_fp
- 

diff --git a/queue-3.14/series b/queue-3.14/series
index a0b7ad055644e4ea15b98a6278fbf523df1b09a0..b3af6c6d404b93c87edfd2500d0d83173216b1c2 100644 (file)
--- a/queue-3.14/series
+++ b/queue-3.14/series
@@ -3,7 +3,6 @@ usb-renesas_usbhs-protect-the-cfifosel-setting-in-usbhsg_ep_enable.patch
 usb-serial-option-add-support-for-telit-le910-pid-0x1206.patch
 gpio-pca953x-fix-nbank-calculation-for-pca9536.patch
 gpio-intel-mid-remove-potentially-harmful-code.patch
-kvm-ppc-book3s-hv-save-restore-tm-state-in-h_cede.patch
 hp-wmi-fix-wifi-cannot-be-hard-unblocked.patch
 s5p-mfc-set-device-name-for-reserved-memory-region-devs.patch
 s5p-mfc-add-release-callback-for-memory-region-devs.patch