--- /dev/null
+From c20875a3e638e4a03e099b343ec798edd1af5cc6 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Thu, 12 Nov 2015 16:43:02 +1100
+Subject: KVM: PPC: Book3S HV: Prohibit setting illegal transaction state in MSR
+
+From: Paul Mackerras <paulus@ozlabs.org>
+
+commit c20875a3e638e4a03e099b343ec798edd1af5cc6 upstream.
+
+Currently it is possible for userspace (e.g. QEMU) to set a value
+for the MSR for a guest VCPU which has both of the TS bits set,
+which is an illegal combination. The result of this is that when
+we execute a hrfid (hypervisor return from interrupt doubleword)
+instruction to enter the guest, the CPU will take a TM Bad Thing
+type of program interrupt (vector 0x700).
+
+Now, if PR KVM is configured in the kernel along with HV KVM, we
+actually handle this without crashing the host or giving hypervisor
+privilege to the guest; instead what happens is that we deliver a
+program interrupt to the guest, with SRR0 reflecting the address
+of the hrfid instruction and SRR1 containing the MSR value at that
+point. If PR KVM is not configured in the kernel, then we try to
+run the host's program interrupt handler with the MMU set to the
+guest context, which almost certainly causes a host crash.
+
+This closes the hole by making kvmppc_set_msr_hv() check for the
+illegal combination and force the TS field to a safe value (00,
+meaning non-transactional).
+
+Signed-off-by: Paul Mackerras <paulus@samba.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kvm/book3s_hv.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/arch/powerpc/kvm/book3s_hv.c
++++ b/arch/powerpc/kvm/book3s_hv.c
+@@ -166,6 +166,12 @@ static void kvmppc_core_vcpu_put_hv(stru
+
+ static void kvmppc_set_msr_hv(struct kvm_vcpu *vcpu, u64 msr)
+ {
++ /*
++ * Check for illegal transactional state bit combination
++ * and if we find it, force the TS field to a safe state.
++ */
++ if ((msr & MSR_TS_MASK) == MSR_TS_MASK)
++ msr &= ~MSR_TS_MASK;
+ vcpu->arch.shregs.msr = msr;
+ kvmppc_end_cede(vcpu);
+ }
--- /dev/null
+From 8c31902cffc4d716450be549c66a67a8a3dd479c Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Mon, 4 Jan 2016 10:17:09 -0800
+Subject: x86/boot: Double BOOT_HEAP_SIZE to 64KB
+
+From: "H.J. Lu" <hjl.tools@gmail.com>
+
+commit 8c31902cffc4d716450be549c66a67a8a3dd479c upstream.
+
+When decompressing kernel image during x86 bootup, malloc memory
+for ELF program headers may run out of heap space, which leads
+to system halt. This patch doubles BOOT_HEAP_SIZE to 64KB.
+
+Tested with 32-bit kernel which failed to boot without this patch.
+
+Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
+Acked-by: H. Peter Anvin <hpa@zytor.com>
+Cc: Andy Lutomirski <luto@amacapital.net>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: linux-kernel@vger.kernel.org
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/boot.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/include/asm/boot.h
++++ b/arch/x86/include/asm/boot.h
+@@ -27,7 +27,7 @@
+ #define BOOT_HEAP_SIZE 0x400000
+ #else /* !CONFIG_KERNEL_BZIP2 */
+
+-#define BOOT_HEAP_SIZE 0x8000
++#define BOOT_HEAP_SIZE 0x10000
+
+ #endif /* !CONFIG_KERNEL_BZIP2 */
+
--- /dev/null
+From 2f0c0b2d96b1205efb14347009748d786c2d9ba5 Mon Sep 17 00:00:00 2001
+From: Mario Kleiner <mario.kleiner.de@gmail.com>
+Date: Fri, 18 Dec 2015 20:24:06 +0100
+Subject: x86/reboot/quirks: Add iMac10,1 to pci_reboot_dmi_table[]
+
+From: Mario Kleiner <mario.kleiner.de@gmail.com>
+
+commit 2f0c0b2d96b1205efb14347009748d786c2d9ba5 upstream.
+
+Without the reboot=pci method, the iMac 10,1 simply
+hangs after printing "Restarting system" at the point
+when it should reboot. This fixes it.
+
+Signed-off-by: Mario Kleiner <mario.kleiner.de@gmail.com>
+Cc: Andy Lutomirski <luto@amacapital.net>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Dave Jones <davej@codemonkey.org.uk>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Link: http://lkml.kernel.org/r/1450466646-26663-1-git-send-email-mario.kleiner.de@gmail.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/reboot.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/arch/x86/kernel/reboot.c
++++ b/arch/x86/kernel/reboot.c
+@@ -180,6 +180,14 @@ static struct dmi_system_id __initdata r
+ DMI_MATCH(DMI_PRODUCT_NAME, "iMac9,1"),
+ },
+ },
++ { /* Handle problems with rebooting on the iMac10,1. */
++ .callback = set_pci_reboot,
++ .ident = "Apple iMac10,1",
++ .matches = {
++ DMI_MATCH(DMI_SYS_VENDOR, "Apple Inc."),
++ DMI_MATCH(DMI_PRODUCT_NAME, "iMac10,1"),
++ },
++ },
+
+ /* ASRock */
+ { /* Handle problems with rebooting on ASRock Q1900DC-ITX */
--- /dev/null
+From 22eab1108781eff09961ae7001704f7bd8fb1dce Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@altlinux.org>
+Date: Tue, 1 Dec 2015 00:54:36 +0300
+Subject: x86/signal: Fix restart_syscall number for x32 tasks
+
+From: "Dmitry V. Levin" <ldv@altlinux.org>
+
+commit 22eab1108781eff09961ae7001704f7bd8fb1dce upstream.
+
+When restarting a syscall with regs->ax == -ERESTART_RESTARTBLOCK,
+regs->ax is assigned to a restart_syscall number. For x32 tasks, this
+syscall number must have __X32_SYSCALL_BIT set, otherwise it will be
+an x86_64 syscall number instead of a valid x32 syscall number. This
+issue has been there since the introduction of x32.
+
+Reported-by: strace/tests/restart_syscall.test
+Reported-and-tested-by: Elvira Khabirova <lineprinter0@gmail.com>
+Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
+Cc: Elvira Khabirova <lineprinter0@gmail.com>
+Link: http://lkml.kernel.org/r/20151130215436.GA25996@altlinux.org
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/signal.c | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
+
+--- a/arch/x86/kernel/signal.c
++++ b/arch/x86/kernel/signal.c
+@@ -682,12 +682,15 @@ handle_signal(struct ksignal *ksig, stru
+ signal_setup_done(failed, ksig, test_thread_flag(TIF_SINGLESTEP));
+ }
+
+-#ifdef CONFIG_X86_32
+-#define NR_restart_syscall __NR_restart_syscall
+-#else /* !CONFIG_X86_32 */
+-#define NR_restart_syscall \
+- test_thread_flag(TIF_IA32) ? __NR_ia32_restart_syscall : __NR_restart_syscall
+-#endif /* CONFIG_X86_32 */
++static inline unsigned long get_nr_restart_syscall(const struct pt_regs *regs)
++{
++#if defined(CONFIG_X86_32) || !defined(CONFIG_X86_64)
++ return __NR_restart_syscall;
++#else /* !CONFIG_X86_32 && CONFIG_X86_64 */
++ return test_thread_flag(TIF_IA32) ? __NR_ia32_restart_syscall :
++ __NR_restart_syscall | (regs->orig_ax & __X32_SYSCALL_BIT);
++#endif /* CONFIG_X86_32 || !CONFIG_X86_64 */
++}
+
+ /*
+ * Note that 'init' is a special process: it doesn't get signals it doesn't
+@@ -716,7 +719,7 @@ static void do_signal(struct pt_regs *re
+ break;
+
+ case -ERESTART_RESTARTBLOCK:
+- regs->ax = NR_restart_syscall;
++ regs->ax = get_nr_restart_syscall(regs);
+ regs->ip -= 2;
+ break;
+ }
--- /dev/null
+From 6a1f513776b78c994045287073e55bae44ed9f8c Mon Sep 17 00:00:00 2001
+From: "Ouyang Zhaowei (Charles)" <ouyangzhaowei@huawei.com>
+Date: Wed, 6 May 2015 09:47:04 +0800
+Subject: x86/xen: don't reset vcpu_info on a cancelled suspend
+
+From: "Ouyang Zhaowei (Charles)" <ouyangzhaowei@huawei.com>
+
+commit 6a1f513776b78c994045287073e55bae44ed9f8c upstream.
+
+On a cancelled suspend the vcpu_info location does not change (it's
+still in the per-cpu area registered by xen_vcpu_setup()). So do not
+call xen_hvm_init_shared_info() which would make the kernel think its
+back in the shared info. With the wrong vcpu_info, events cannot be
+received and the domain will hang after a cancelled suspend.
+
+Signed-off-by: Charles Ouyang <ouyangzhaowei@huawei.com>
+Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Signed-off-by: David Vrabel <david.vrabel@citrix.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/xen/suspend.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/xen/suspend.c
++++ b/arch/x86/xen/suspend.c
+@@ -30,7 +30,8 @@ void xen_arch_hvm_post_suspend(int suspe
+ {
+ #ifdef CONFIG_XEN_PVHVM
+ int cpu;
+- xen_hvm_init_shared_info();
++ if (!suspend_cancelled)
++ xen_hvm_init_shared_info();
+ xen_callback_vector();
+ xen_unplug_emulated_devices();
+ if (xen_feature(XENFEAT_hvm_safe_pvclock)) {
--- /dev/null
+From 9c17d96500f78d7ecdb71ca6942830158bc75a2b Mon Sep 17 00:00:00 2001
+From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Date: Tue, 10 Nov 2015 15:10:33 -0500
+Subject: xen/gntdev: Grant maps should not be subject to NUMA balancing
+
+From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+
+commit 9c17d96500f78d7ecdb71ca6942830158bc75a2b upstream.
+
+Doing so will cause the grant to be unmapped and then, during
+fault handling, the fault to be mistakenly treated as NUMA hint
+fault.
+
+In addition, even if those maps could partcipate in NUMA
+balancing, it wouldn't provide any benefit since we are unable
+to determine physical page's node (even if/when VNUMA is
+implemented).
+
+Marking grant maps' VMAs as VM_IO will exclude them from being
+part of NUMA balancing.
+
+Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Signed-off-by: David Vrabel <david.vrabel@citrix.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/xen/gntdev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/xen/gntdev.c
++++ b/drivers/xen/gntdev.c
+@@ -765,7 +765,7 @@ static int gntdev_mmap(struct file *flip
+
+ vma->vm_ops = &gntdev_vmops;
+
+- vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
++ vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP | VM_IO;
+
+ if (use_ptemod)
+ vma->vm_flags |= VM_DONTCOPY;
projects / thirdparty / kernel / stable-queue.git / commitdiff
