--- /dev/null
+From 1650b4ebc99da4c137bfbfc531be4a2405f951dd Mon Sep 17 00:00:00 2001
+From: Ignacio Alvarado <ikalvarado@google.com>
+Date: Fri, 4 Nov 2016 12:15:55 -0700
+Subject: KVM: Disable irq while unregistering user notifier
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Ignacio Alvarado <ikalvarado@google.com>
+
+commit 1650b4ebc99da4c137bfbfc531be4a2405f951dd upstream.
+
+Function user_notifier_unregister should be called only once for each
+registered user notifier.
+
+Function kvm_arch_hardware_disable can be executed from an IPI context
+which could cause a race condition with a VCPU returning to user mode
+and attempting to unregister the notifier.
+
+Signed-off-by: Ignacio Alvarado <ikalvarado@google.com>
+Fixes: 18863bdd60f8 ("KVM: x86 shared msr infrastructure")
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/x86.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -199,7 +199,18 @@ static void kvm_on_user_return(struct us
+ struct kvm_shared_msrs *locals
+ = container_of(urn, struct kvm_shared_msrs, urn);
+ struct kvm_shared_msr_values *values;
++ unsigned long flags;
+
++ /*
++ * Disabling irqs at this point since the following code could be
++ * interrupted and executed through kvm_arch_hardware_disable()
++ */
++ local_irq_save(flags);
++ if (locals->registered) {
++ locals->registered = false;
++ user_return_notifier_unregister(urn);
++ }
++ local_irq_restore(flags);
+ for (slot = 0; slot < shared_msrs_global.nr; ++slot) {
+ values = &locals->values[slot];
+ if (values->host != values->curr) {
+@@ -207,8 +218,6 @@ static void kvm_on_user_return(struct us
+ values->curr = values->host;
+ }
+ }
+- locals->registered = false;
+- user_return_notifier_unregister(urn);
+ }
+
+ static void shared_msr_update(unsigned slot, u32 msr)
--- /dev/null
+From 7301d6abaea926d685832f7e1f0c37dd206b01f4 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 17 Nov 2016 15:55:46 +0100
+Subject: KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+commit 7301d6abaea926d685832f7e1f0c37dd206b01f4 upstream.
+
+Reported by syzkaller:
+
+ [ INFO: suspicious RCU usage. ]
+ 4.9.0-rc4+ #47 Not tainted
+ -------------------------------
+ ./include/linux/kvm_host.h:536 suspicious rcu_dereference_check() usage!
+
+ stack backtrace:
+ CPU: 1 PID: 6679 Comm: syz-executor Not tainted 4.9.0-rc4+ #47
+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+ ffff880039e2f6d0 ffffffff81c2e46b ffff88003e3a5b40 0000000000000000
+ 0000000000000001 ffffffff83215600 ffff880039e2f700 ffffffff81334ea9
+ ffffc9000730b000 0000000000000004 ffff88003c4f8420 ffff88003d3f8000
+ Call Trace:
+ [< inline >] __dump_stack lib/dump_stack.c:15
+ [<ffffffff81c2e46b>] dump_stack+0xb3/0x118 lib/dump_stack.c:51
+ [<ffffffff81334ea9>] lockdep_rcu_suspicious+0x139/0x180 kernel/locking/lockdep.c:4445
+ [< inline >] __kvm_memslots include/linux/kvm_host.h:534
+ [< inline >] kvm_memslots include/linux/kvm_host.h:541
+ [<ffffffff8105d6ae>] kvm_gfn_to_hva_cache_init+0xa1e/0xce0 virt/kvm/kvm_main.c:1941
+ [<ffffffff8112685d>] kvm_lapic_set_vapic_addr+0xed/0x140 arch/x86/kvm/lapic.c:2217
+
+Reported-by: Dmitry Vyukov <dvyukov@google.com>
+Fixes: fda4e2e85589191b123d31cdc21fd33ee70f50fd
+Cc: Andrew Honig <ahonig@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Reviewed-by: David Hildenbrand <david@redhat.com>
+Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/x86.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -3317,6 +3317,7 @@ long kvm_arch_vcpu_ioctl(struct file *fi
+ };
+ case KVM_SET_VAPIC_ADDR: {
+ struct kvm_vapic_addr va;
++ int idx;
+
+ r = -EINVAL;
+ if (!lapic_in_kernel(vcpu))
+@@ -3324,7 +3325,9 @@ long kvm_arch_vcpu_ioctl(struct file *fi
+ r = -EFAULT;
+ if (copy_from_user(&va, argp, sizeof va))
+ goto out;
++ idx = srcu_read_lock(&vcpu->kvm->srcu);
+ r = kvm_lapic_set_vapic_addr(vcpu, va.vapic_addr);
++ srcu_read_unlock(&vcpu->kvm->srcu, idx);
+ break;
+ }
+ case KVM_X86_SETUP_MCE: {
--- /dev/null
+x86-cpu-amd-fix-cpu_llc_id-for-amd-fam17h-systems.patch
+kvm-x86-fix-missed-srcu-usage-in-kvm_lapic_set_vapic_addr.patch
+kvm-disable-irq-while-unregistering-user-notifier.patch
--- /dev/null
+From b0b6e86846093c5f8820386bc01515f857dd8faa Mon Sep 17 00:00:00 2001
+From: Yazen Ghannam <Yazen.Ghannam@amd.com>
+Date: Tue, 8 Nov 2016 09:35:06 +0100
+Subject: x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems
+
+From: Yazen Ghannam <Yazen.Ghannam@amd.com>
+
+commit b0b6e86846093c5f8820386bc01515f857dd8faa upstream.
+
+cpu_llc_id (Last Level Cache ID) derivation on AMD Fam17h has an
+underflow bug when extracting the socket_id value. It starts from 0
+so subtracting 1 from it will result in an invalid value. This breaks
+scheduling topology later on since the cpu_llc_id will be incorrect.
+
+For example, the the cpu_llc_id of the *other* CPU in the loops in
+set_cpu_sibling_map() underflows and we're generating the funniest
+thread_siblings masks and then when I run 8 threads of nbench, they get
+spread around the LLC domains in a very strange pattern which doesn't
+give you the normal scheduling spread one would expect for performance.
+
+Other things like EDAC use cpu_llc_id so they will be b0rked too.
+
+So, the APIC ID is preset in APICx020 for bits 3 and above: they contain
+the core complex, node and socket IDs.
+
+The LLC is at the core complex level so we can find a unique cpu_llc_id
+by right shifting the APICID by 3 because then the least significant bit
+will be the Core Complex ID.
+
+Tested-by: Borislav Petkov <bp@suse.de>
+Signed-off-by: Yazen Ghannam <Yazen.Ghannam@amd.com>
+[ Cleaned up and extended the commit message. ]
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Acked-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Aravind Gopalakrishnan <aravindksg.lkml@gmail.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Fixes: 3849e91f571d ("x86/AMD: Fix last level cache topology for AMD Fam17h systems")
+Link: http://lkml.kernel.org/r/20161108083506.rvqb5h4chrcptj7d@pd.tnic
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/amd.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+--- a/arch/x86/kernel/cpu/amd.c
++++ b/arch/x86/kernel/cpu/amd.c
+@@ -352,7 +352,6 @@ static void amd_detect_cmp(struct cpuinf
+ #ifdef CONFIG_SMP
+ unsigned bits;
+ int cpu = smp_processor_id();
+- unsigned int socket_id, core_complex_id;
+
+ bits = c->x86_coreid_bits;
+ /* Low order bits define the core id (index of core in socket) */
+@@ -370,10 +369,7 @@ static void amd_detect_cmp(struct cpuinf
+ if (c->x86 != 0x17 || !cpuid_edx(0x80000006))
+ return;
+
+- socket_id = (c->apicid >> bits) - 1;
+- core_complex_id = (c->apicid & ((1 << bits) - 1)) >> 3;
+-
+- per_cpu(cpu_llc_id, cpu) = (socket_id << 3) | core_complex_id;
++ per_cpu(cpu_llc_id, cpu) = c->apicid >> 3;
+ #endif
+ }
+
--- /dev/null
+x86-cpu-deal-with-broken-firmware-vmware-xen.patch
+x86-cpu-amd-fix-cpu_llc_id-for-amd-fam17h-systems.patch
+kvm-x86-fix-missed-srcu-usage-in-kvm_lapic_set_vapic_addr.patch
+kvm-disable-irq-while-unregistering-user-notifier.patch
+arm64-kvm-pmu-fix-aarch32-cycle-counter-access.patch
+kvm-arm64-fix-the-issues-when-guest-pmccfiltr-is-configured.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
