--- /dev/null
+From 0cf9135b773bf32fba9dd8e6699c1b331ee4b749 Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <sean.j.christopherson@intel.com>
+Date: Thu, 7 Mar 2019 15:43:02 -0800
+Subject: KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
+
+From: Sean Christopherson <sean.j.christopherson@intel.com>
+
+commit 0cf9135b773bf32fba9dd8e6699c1b331ee4b749 upstream.
+
+The CPUID flag ARCH_CAPABILITIES is unconditioinally exposed to host
+userspace for all x86 hosts, i.e. KVM advertises ARCH_CAPABILITIES
+regardless of hardware support under the pretense that KVM fully
+emulates MSR_IA32_ARCH_CAPABILITIES. Unfortunately, only VMX hosts
+handle accesses to MSR_IA32_ARCH_CAPABILITIES (despite KVM_GET_MSRS
+also reporting MSR_IA32_ARCH_CAPABILITIES for all hosts).
+
+Move the MSR_IA32_ARCH_CAPABILITIES handling to common x86 code so
+that it's emulated on AMD hosts.
+
+Fixes: 1eaafe91a0df4 ("kvm: x86: IA32_ARCH_CAPABILITIES is always supported")
+Cc: stable@vger.kernel.org
+Reported-by: Xiaoyao Li <xiaoyao.li@linux.intel.com>
+Cc: Jim Mattson <jmattson@google.com>
+Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/kvm_host.h | 1 +
+ arch/x86/kvm/vmx.c | 14 --------------
+ arch/x86/kvm/x86.c | 12 ++++++++++++
+ 3 files changed, 13 insertions(+), 14 deletions(-)
+
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -487,6 +487,7 @@ struct kvm_vcpu_arch {
+ bool tpr_access_reporting;
+ u64 ia32_xss;
+ u64 microcode_version;
++ u64 arch_capabilities;
+
+ /*
+ * Paging state of the vcpu
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -714,7 +714,6 @@ struct vcpu_vmx {
+ u64 msr_guest_kernel_gs_base;
+ #endif
+
+- u64 arch_capabilities;
+ u64 spec_ctrl;
+
+ u32 vm_entry_controls_shadow;
+@@ -3209,12 +3208,6 @@ static int vmx_get_msr(struct kvm_vcpu *
+
+ msr_info->data = to_vmx(vcpu)->spec_ctrl;
+ break;
+- case MSR_IA32_ARCH_CAPABILITIES:
+- if (!msr_info->host_initiated &&
+- !guest_cpuid_has_arch_capabilities(vcpu))
+- return 1;
+- msr_info->data = to_vmx(vcpu)->arch_capabilities;
+- break;
+ case MSR_IA32_SYSENTER_CS:
+ msr_info->data = vmcs_read32(GUEST_SYSENTER_CS);
+ break;
+@@ -3376,11 +3369,6 @@ static int vmx_set_msr(struct kvm_vcpu *
+ vmx_disable_intercept_for_msr(vmx->vmcs01.msr_bitmap, MSR_IA32_PRED_CMD,
+ MSR_TYPE_W);
+ break;
+- case MSR_IA32_ARCH_CAPABILITIES:
+- if (!msr_info->host_initiated)
+- return 1;
+- vmx->arch_capabilities = data;
+- break;
+ case MSR_IA32_CR_PAT:
+ if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT) {
+ if (!kvm_mtrr_valid(vcpu, MSR_IA32_CR_PAT, data))
+@@ -5468,8 +5456,6 @@ static int vmx_vcpu_setup(struct vcpu_vm
+ ++vmx->nmsrs;
+ }
+
+- vmx->arch_capabilities = kvm_get_arch_capabilities();
+-
+ vm_exit_controls_init(vmx, vmcs_config.vmexit_ctrl);
+
+ /* 22.2.1, 20.8.1 */
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -2197,6 +2197,11 @@ int kvm_set_msr_common(struct kvm_vcpu *
+ if (msr_info->host_initiated)
+ vcpu->arch.microcode_version = data;
+ break;
++ case MSR_IA32_ARCH_CAPABILITIES:
++ if (!msr_info->host_initiated)
++ return 1;
++ vcpu->arch.arch_capabilities = data;
++ break;
+ case MSR_EFER:
+ return set_efer(vcpu, data);
+ case MSR_K7_HWCR:
+@@ -2473,6 +2478,12 @@ int kvm_get_msr_common(struct kvm_vcpu *
+ case MSR_IA32_UCODE_REV:
+ msr_info->data = vcpu->arch.microcode_version;
+ break;
++ case MSR_IA32_ARCH_CAPABILITIES:
++ if (!msr_info->host_initiated &&
++ !guest_cpuid_has_arch_capabilities(vcpu))
++ return 1;
++ msr_info->data = vcpu->arch.arch_capabilities;
++ break;
+ case MSR_MTRRcap:
+ case 0x200 ... 0x2ff:
+ return kvm_mtrr_get_msr(vcpu, msr_info->index, &msr_info->data);
+@@ -7672,6 +7683,7 @@ int kvm_arch_vcpu_setup(struct kvm_vcpu
+ {
+ int r;
+
++ vcpu->arch.arch_capabilities = kvm_get_arch_capabilities();
+ kvm_vcpu_mtrr_init(vcpu);
+ r = vcpu_load(vcpu);
+ if (r)
--- /dev/null
+From cf4df407e0d7cde60a45369c2a3414d18e2d4fdd Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Wed, 13 Dec 2017 11:59:39 +0100
+Subject: Revert "USB: core: only clean up what we allocated"
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+commit cf4df407e0d7cde60a45369c2a3414d18e2d4fdd upstream.
+
+This reverts commit 32fd87b3bbf5f7a045546401dfe2894dbbf4d8c3.
+
+Alan wrote a better fix for this...
+
+Cc: Andrey Konovalov <andreyknvl@google.com>
+Cc: stable <stable@vger.kernel.org>
+Cc: Nathan Chancellor <natechancellor@gmail.com>
+Cc: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/core/config.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+--- a/drivers/usb/core/config.c
++++ b/drivers/usb/core/config.c
+@@ -763,21 +763,18 @@ void usb_destroy_configuration(struct us
+ return;
+
+ if (dev->rawdescriptors) {
+- for (i = 0; i < dev->descriptor.bNumConfigurations &&
+- i < USB_MAXCONFIG; i++)
++ for (i = 0; i < dev->descriptor.bNumConfigurations; i++)
+ kfree(dev->rawdescriptors[i]);
+
+ kfree(dev->rawdescriptors);
+ dev->rawdescriptors = NULL;
+ }
+
+- for (c = 0; c < dev->descriptor.bNumConfigurations &&
+- c < USB_MAXCONFIG; c++) {
++ for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
+ struct usb_host_config *cf = &dev->config[c];
+
+ kfree(cf->string);
+- for (i = 0; i < cf->desc.bNumInterfaces &&
+- i < USB_MAXINTERFACES; i++) {
++ for (i = 0; i < cf->desc.bNumInterfaces; i++) {
+ if (cf->intf_cache[i])
+ kref_put(&cf->intf_cache[i]->ref,
+ usb_release_interface_cache);
cpu-hotplug-prevent-crash-when-cpu-bringup-fails-on-config_hotplug_cpu-n.patch
x86-smp-enforce-config_hotplug_cpu-when-smp-y.patch
kvm-reject-device-ioctls-from-processes-other-than-the-vm-s-creator.patch
+kvm-x86-emulate-msr_ia32_arch_capabilities-on-amd-hosts.patch
+usb-gadget-f_hid-fix-deadlock-in-f_hidg_write.patch
+xhci-fix-port-resume-done-detection-for-ss-ports-with-lpm-enabled.patch
+revert-usb-core-only-clean-up-what-we-allocated.patch
--- /dev/null
+From 072684e8c58d17e853f8e8b9f6d9ce2e58d2b036 Mon Sep 17 00:00:00 2001
+From: Radoslav Gerganov <rgerganov@vmware.com>
+Date: Tue, 5 Mar 2019 10:10:34 +0000
+Subject: USB: gadget: f_hid: fix deadlock in f_hidg_write()
+
+From: Radoslav Gerganov <rgerganov@vmware.com>
+
+commit 072684e8c58d17e853f8e8b9f6d9ce2e58d2b036 upstream.
+
+In f_hidg_write() the write_spinlock is acquired before calling
+usb_ep_queue() which causes a deadlock when dummy_hcd is being used.
+This is because dummy_queue() callbacks into f_hidg_req_complete() which
+tries to acquire the same spinlock. This is (part of) the backtrace when
+the deadlock occurs:
+
+ 0xffffffffc06b1410 in f_hidg_req_complete
+ 0xffffffffc06a590a in usb_gadget_giveback_request
+ 0xffffffffc06cfff2 in dummy_queue
+ 0xffffffffc06a4b96 in usb_ep_queue
+ 0xffffffffc06b1eb6 in f_hidg_write
+ 0xffffffff8127730b in __vfs_write
+ 0xffffffff812774d1 in vfs_write
+ 0xffffffff81277725 in SYSC_write
+
+Fix this by releasing the write_spinlock before calling usb_ep_queue()
+
+Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com>
+Tested-by: James Bottomley <James.Bottomley@HansenPartnership.com>
+Cc: stable@vger.kernel.org # 4.11+
+Fixes: 749494b6bdbb ("usb: gadget: f_hid: fix: Move IN request allocation to set_alt()")
+Signed-off-by: Radoslav Gerganov <rgerganov@vmware.com>
+Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/gadget/function/f_hid.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/usb/gadget/function/f_hid.c
++++ b/drivers/usb/gadget/function/f_hid.c
+@@ -340,20 +340,20 @@ try_again:
+ req->complete = f_hidg_req_complete;
+ req->context = hidg;
+
++ spin_unlock_irqrestore(&hidg->write_spinlock, flags);
++
+ status = usb_ep_queue(hidg->in_ep, hidg->req, GFP_ATOMIC);
+ if (status < 0) {
+ ERROR(hidg->func.config->cdev,
+ "usb_ep_queue error on int endpoint %zd\n", status);
+- goto release_write_pending_unlocked;
++ goto release_write_pending;
+ } else {
+ status = count;
+ }
+- spin_unlock_irqrestore(&hidg->write_spinlock, flags);
+
+ return status;
+ release_write_pending:
+ spin_lock_irqsave(&hidg->write_spinlock, flags);
+-release_write_pending_unlocked:
+ hidg->write_pending = 0;
+ spin_unlock_irqrestore(&hidg->write_spinlock, flags);
+
--- /dev/null
+From 6cbcf596934c8e16d6288c7cc62dfb7ad8eadf15 Mon Sep 17 00:00:00 2001
+From: Mathias Nyman <mathias.nyman@linux.intel.com>
+Date: Fri, 22 Mar 2019 17:50:15 +0200
+Subject: xhci: Fix port resume done detection for SS ports with LPM enabled
+
+From: Mathias Nyman <mathias.nyman@linux.intel.com>
+
+commit 6cbcf596934c8e16d6288c7cc62dfb7ad8eadf15 upstream.
+
+A suspended SS port in U3 link state will go to U0 when resumed, but
+can almost immediately after that enter U1 or U2 link power save
+states before host controller driver reads the port status.
+
+Host controller driver only checks for U0 state, and might miss
+the finished resume, leaving flags unclear and skip notifying usb
+code of the wake.
+
+Add U1 and U2 to the possible link states when checking for finished
+port resume.
+
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/host/xhci-ring.c | 9 ++++++---
+ drivers/usb/host/xhci.h | 1 +
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+--- a/drivers/usb/host/xhci-ring.c
++++ b/drivers/usb/host/xhci-ring.c
+@@ -1645,10 +1645,13 @@ static void handle_port_status(struct xh
+ }
+ }
+
+- if ((temp & PORT_PLC) && (temp & PORT_PLS_MASK) == XDEV_U0 &&
+- DEV_SUPERSPEED_ANY(temp)) {
++ if ((temp & PORT_PLC) &&
++ DEV_SUPERSPEED_ANY(temp) &&
++ ((temp & PORT_PLS_MASK) == XDEV_U0 ||
++ (temp & PORT_PLS_MASK) == XDEV_U1 ||
++ (temp & PORT_PLS_MASK) == XDEV_U2)) {
+ xhci_dbg(xhci, "resume SS port %d finished\n", port_id);
+- /* We've just brought the device into U0 through either the
++ /* We've just brought the device into U0/1/2 through either the
+ * Resume state after a device remote wakeup, or through the
+ * U3Exit state after a host-initiated resume. If it's a device
+ * initiated remote wake, don't pass up the link state change,
+--- a/drivers/usb/host/xhci.h
++++ b/drivers/usb/host/xhci.h
+@@ -311,6 +311,7 @@ struct xhci_op_regs {
+ */
+ #define PORT_PLS_MASK (0xf << 5)
+ #define XDEV_U0 (0x0 << 5)
++#define XDEV_U1 (0x1 << 5)
+ #define XDEV_U2 (0x2 << 5)
+ #define XDEV_U3 (0x3 << 5)
+ #define XDEV_INACTIVE (0x6 << 5)
projects / thirdparty / kernel / stable-queue.git / commitdiff
