--- /dev/null
+From 71c6da846be478a61556717ef1ee1cea91f5d6a8 Mon Sep 17 00:00:00 2001
+From: Andrey Ryabinin <aryabinin@odin.com>
+Date: Thu, 3 Sep 2015 14:32:01 +0300
+Subject: crypto: ghash-clmulni: specify context size for ghash async algorithm
+
+From: Andrey Ryabinin <aryabinin@odin.com>
+
+commit 71c6da846be478a61556717ef1ee1cea91f5d6a8 upstream.
+
+Currently context size (cra_ctxsize) doesn't specified for
+ghash_async_alg. Which means it's zero. Thus crypto_create_tfm()
+doesn't allocate needed space for ghash_async_ctx, so any
+read/write to ctx (e.g. in ghash_async_init_tfm()) is not valid.
+
+Signed-off-by: Andrey Ryabinin <aryabinin@odin.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/crypto/ghash-clmulni-intel_glue.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/x86/crypto/ghash-clmulni-intel_glue.c
++++ b/arch/x86/crypto/ghash-clmulni-intel_glue.c
+@@ -291,6 +291,7 @@ static struct ahash_alg ghash_async_alg
+ .cra_name = "ghash",
+ .cra_driver_name = "ghash-clmulni",
+ .cra_priority = 400,
++ .cra_ctxsize = sizeof(struct ghash_async_ctx),
+ .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC,
+ .cra_blocksize = GHASH_BLOCK_SIZE,
+ .cra_type = &crypto_ahash_type,
--- /dev/null
+From 3af4e5a95184d6d3c1c6a065f163faa174a96a1d Mon Sep 17 00:00:00 2001
+From: Don Zickus <dzickus@redhat.com>
+Date: Mon, 10 Aug 2015 12:06:53 -0400
+Subject: HID: usbhid: Fix the check for HID_RESET_PENDING in hid_io_error
+
+From: Don Zickus <dzickus@redhat.com>
+
+commit 3af4e5a95184d6d3c1c6a065f163faa174a96a1d upstream.
+
+It was reported that after 10-20 reboots, a usb keyboard plugged
+into a docking station would not work unless it was replugged in.
+
+Using usbmon, it turns out the interrupt URBs were streaming with
+callback errors of -71 for some reason. The hid-core.c::hid_io_error was
+supposed to retry and then reset, but the reset wasn't really happening.
+
+The check for HID_NO_BANDWIDTH was inverted. Fix was simple.
+
+Tested by reporter and locally by me by unplugging a keyboard halfway until I
+could recreate a stream of errors but no disconnect.
+
+Signed-off-by: Don Zickus <dzickus@redhat.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/usbhid/hid-core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/hid/usbhid/hid-core.c
++++ b/drivers/hid/usbhid/hid-core.c
+@@ -180,7 +180,7 @@ static void hid_io_error(struct hid_devi
+ if (time_after(jiffies, usbhid->stop_retry)) {
+
+ /* Retries failed, so do a port reset unless we lack bandwidth*/
+- if (test_bit(HID_NO_BANDWIDTH, &usbhid->iofl)
++ if (!test_bit(HID_NO_BANDWIDTH, &usbhid->iofl)
+ && !test_and_set_bit(HID_RESET_PENDING, &usbhid->iofl)) {
+
+ schedule_work(&usbhid->reset_work);
--- /dev/null
+From 6f691251c0350ac52a007c54bf3ef62e9d8cdc5e Mon Sep 17 00:00:00 2001
+From: Xiao Guangrong <guangrong.xiao@linux.intel.com>
+Date: Wed, 5 Aug 2015 12:04:19 +0800
+Subject: KVM: MMU: fix validation of mmio page fault
+
+From: Xiao Guangrong <guangrong.xiao@linux.intel.com>
+
+commit 6f691251c0350ac52a007c54bf3ef62e9d8cdc5e upstream.
+
+We got the bug that qemu complained with "KVM: unknown exit, hardware
+reason 31" and KVM shown these info:
+[84245.284948] EPT: Misconfiguration.
+[84245.285056] EPT: GPA: 0xfeda848
+[84245.285154] ept_misconfig_inspect_spte: spte 0x5eaef50107 level 4
+[84245.285344] ept_misconfig_inspect_spte: spte 0x5f5fadc107 level 3
+[84245.285532] ept_misconfig_inspect_spte: spte 0x5141d18107 level 2
+[84245.285723] ept_misconfig_inspect_spte: spte 0x52e40dad77 level 1
+
+This is because we got a mmio #PF and the handler see the mmio spte becomes
+normal (points to the ram page)
+
+However, this is valid after introducing fast mmio spte invalidation which
+increases the generation-number instead of zapping mmio sptes, a example
+is as follows:
+1. QEMU drops mmio region by adding a new memslot
+2. invalidate all mmio sptes
+3.
+
+ VCPU 0 VCPU 1
+ access the invalid mmio spte
+ access the region originally was MMIO before
+ set the spte to the normal ram map
+
+ mmio #PF
+ check the spte and see it becomes normal ram mapping !!!
+
+This patch fixes the bug just by dropping the check in mmio handler, it's
+good for backport. Full check will be introduced in later patches
+
+Reported-by: Pavel Shirshov <ru.pchel@gmail.com>
+Tested-by: Pavel Shirshov <ru.pchel@gmail.com>
+Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/mmu.c | 45 ---------------------------------------------
+ 1 file changed, 45 deletions(-)
+
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -381,12 +381,6 @@ static u64 __get_spte_lockless(u64 *spte
+ {
+ return ACCESS_ONCE(*sptep);
+ }
+-
+-static bool __check_direct_spte_mmio_pf(u64 spte)
+-{
+- /* It is valid if the spte is zapped. */
+- return spte == 0ull;
+-}
+ #else
+ union split_spte {
+ struct {
+@@ -502,23 +496,6 @@ retry:
+
+ return spte.spte;
+ }
+-
+-static bool __check_direct_spte_mmio_pf(u64 spte)
+-{
+- union split_spte sspte = (union split_spte)spte;
+- u32 high_mmio_mask = shadow_mmio_mask >> 32;
+-
+- /* It is valid if the spte is zapped. */
+- if (spte == 0ull)
+- return true;
+-
+- /* It is valid if the spte is being zapped. */
+- if (sspte.spte_low == 0ull &&
+- (sspte.spte_high & high_mmio_mask) == high_mmio_mask)
+- return true;
+-
+- return false;
+-}
+ #endif
+
+ static bool spte_is_locklessly_modifiable(u64 spte)
+@@ -3215,21 +3192,6 @@ static bool quickly_check_mmio_pf(struct
+ return vcpu_match_mmio_gva(vcpu, addr);
+ }
+
+-
+-/*
+- * On direct hosts, the last spte is only allows two states
+- * for mmio page fault:
+- * - It is the mmio spte
+- * - It is zapped or it is being zapped.
+- *
+- * This function completely checks the spte when the last spte
+- * is not the mmio spte.
+- */
+-static bool check_direct_spte_mmio_pf(u64 spte)
+-{
+- return __check_direct_spte_mmio_pf(spte);
+-}
+-
+ static u64 walk_shadow_page_get_mmio_spte(struct kvm_vcpu *vcpu, u64 addr)
+ {
+ struct kvm_shadow_walk_iterator iterator;
+@@ -3272,13 +3234,6 @@ int handle_mmio_page_fault_common(struct
+ }
+
+ /*
+- * It's ok if the gva is remapped by other cpus on shadow guest,
+- * it's a BUG if the gfn is not a mmio page.
+- */
+- if (direct && !check_direct_spte_mmio_pf(spte))
+- return RET_MMIO_PF_BUG;
+-
+- /*
+ * If the page table is zapped by other cpus, let CPU fault again on
+ * the address.
+ */
--- /dev/null
+From ffa34de03bcfbfa88d8352942bc238bb48e94e2d Mon Sep 17 00:00:00 2001
+From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>
+Date: Sun, 2 Aug 2015 23:11:52 +0200
+Subject: serial: 8250: don't bind to SMSC IrCC IR port
+
+From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>
+
+commit ffa34de03bcfbfa88d8352942bc238bb48e94e2d upstream.
+
+SMSC IrCC SIR/FIR port should not be bound to by
+(legacy) serial driver so its own driver (smsc-ircc2)
+can bind to it.
+
+Signed-off-by: Maciej Szmigiero <mail@maciej.szmigiero.name>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/serial/8250/8250_pnp.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/tty/serial/8250/8250_pnp.c
++++ b/drivers/tty/serial/8250/8250_pnp.c
+@@ -364,6 +364,11 @@ static const struct pnp_device_id pnp_de
+ /* Winbond CIR port, should not be probed. We should keep track
+ of it to prevent the legacy serial driver from probing it */
+ { "WEC1022", CIR_PORT },
++ /*
++ * SMSC IrCC SIR/FIR port, should not be probed by serial driver
++ * as well so its own driver can bind to it.
++ */
++ { "SMCF010", CIR_PORT },
+ { "", 0 }
+ };
+
usb-ftdi_sio-added-custom-pid-for-customware-products.patch
usb-dwc3-ep0-fix-mem-corruption-on-out-transfers-of-more-than-512-bytes.patch
usb-host-ehci-sys-delete-useless-bus_to_hcd-conversion.patch
+serial-8250-don-t-bind-to-smsc-ircc-ir-port.patch
+crypto-ghash-clmulni-specify-context-size-for-ghash-async-algorithm.patch
+hid-usbhid-fix-the-check-for-hid_reset_pending-in-hid_io_error.patch
+kvm-mmu-fix-validation-of-mmio-page-fault.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
