--- /dev/null
+From 6a8b0c6b18f62a277ffb2139d0c0253fe35d7feb Mon Sep 17 00:00:00 2001
+From: Wei Yongjun <weiyj.lk@gmail.com>
+Date: Wed, 10 Aug 2016 03:17:09 +0000
+Subject: dmaengine: at_xdmac: fix to pass correct device identity to free_irq()
+
+From: Wei Yongjun <weiyj.lk@gmail.com>
+
+commit 6a8b0c6b18f62a277ffb2139d0c0253fe35d7feb upstream.
+
+free_irq() expects the same device identity that was passed to
+corresponding request_irq(), otherwise the IRQ is not freed.
+
+Fixes: e1f7c9eee707 ("dmaengine: at_xdmac: creation of the atmel eXtended DMA Controller driver")
+Signed-off-by: Wei Yongjun <weiyj.lk@gmail.com>
+Acked-by: Ludovic Desroches <ludovic.desroches@atmel.com>
+Signed-off-by: Vinod Koul <vinod.koul@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/dma/at_xdmac.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/dma/at_xdmac.c
++++ b/drivers/dma/at_xdmac.c
+@@ -2055,7 +2055,7 @@ err_dma_unregister:
+ err_clk_disable:
+ clk_disable_unprepare(atxdmac->clk);
+ err_free_irq:
+- free_irq(atxdmac->irq, atxdmac->dma.dev);
++ free_irq(atxdmac->irq, atxdmac);
+ return ret;
+ }
+
+@@ -2071,7 +2071,7 @@ static int at_xdmac_remove(struct platfo
+
+ synchronize_irq(atxdmac->irq);
+
+- free_irq(atxdmac->irq, atxdmac->dma.dev);
++ free_irq(atxdmac->irq, atxdmac);
+
+ for (i = 0; i < atxdmac->dma.chancnt; i++) {
+ struct at_xdmac_chan *atchan = &atxdmac->chan[i];
--- /dev/null
+From 735f2770a770156100f534646158cb58cb8b2939 Mon Sep 17 00:00:00 2001
+From: Michal Hocko <mhocko@suse.com>
+Date: Thu, 1 Sep 2016 16:15:13 -0700
+Subject: kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd
+
+From: Michal Hocko <mhocko@suse.com>
+
+commit 735f2770a770156100f534646158cb58cb8b2939 upstream.
+
+Commit fec1d0115240 ("[PATCH] Disable CLONE_CHILD_CLEARTID for abnormal
+exit") has caused a subtle regression in nscd which uses
+CLONE_CHILD_CLEARTID to clear the nscd_certainly_running flag in the
+shared databases, so that the clients are notified when nscd is
+restarted. Now, when nscd uses a non-persistent database, clients that
+have it mapped keep thinking the database is being updated by nscd, when
+in fact nscd has created a new (anonymous) one (for non-persistent
+databases it uses an unlinked file as backend).
+
+The original proposal for the CLONE_CHILD_CLEARTID change claimed
+(https://lkml.org/lkml/2006/10/25/233):
+
+: The NPTL library uses the CLONE_CHILD_CLEARTID flag on clone() syscalls
+: on behalf of pthread_create() library calls. This feature is used to
+: request that the kernel clear the thread-id in user space (at an address
+: provided in the syscall) when the thread disassociates itself from the
+: address space, which is done in mm_release().
+:
+: Unfortunately, when a multi-threaded process incurs a core dump (such as
+: from a SIGSEGV), the core-dumping thread sends SIGKILL signals to all of
+: the other threads, which then proceed to clear their user-space tids
+: before synchronizing in exit_mm() with the start of core dumping. This
+: misrepresents the state of process's address space at the time of the
+: SIGSEGV and makes it more difficult for someone to debug NPTL and glibc
+: problems (misleading him/her to conclude that the threads had gone away
+: before the fault).
+:
+: The fix below is to simply avoid the CLONE_CHILD_CLEARTID action if a
+: core dump has been initiated.
+
+The resulting patch from Roland (https://lkml.org/lkml/2006/10/26/269)
+seems to have a larger scope than the original patch asked for. It
+seems that limitting the scope of the check to core dumping should work
+for SIGSEGV issue describe above.
+
+[Changelog partly based on Andreas' description]
+Fixes: fec1d0115240 ("[PATCH] Disable CLONE_CHILD_CLEARTID for abnormal exit")
+Link: http://lkml.kernel.org/r/1471968749-26173-1-git-send-email-mhocko@kernel.org
+Signed-off-by: Michal Hocko <mhocko@suse.com>
+Tested-by: William Preston <wpreston@suse.com>
+Acked-by: Oleg Nesterov <oleg@redhat.com>
+Cc: Roland McGrath <roland@hack.frob.com>
+Cc: Andreas Schwab <schwab@suse.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/fork.c | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -901,14 +901,12 @@ void mm_release(struct task_struct *tsk,
+ deactivate_mm(tsk, mm);
+
+ /*
+- * If we're exiting normally, clear a user-space tid field if
+- * requested. We leave this alone when dying by signal, to leave
+- * the value intact in a core dump, and to save the unnecessary
+- * trouble, say, a killed vfork parent shouldn't touch this mm.
+- * Userland only wants this done for a sys_exit.
++ * Signal userspace if we're not exiting with a core dump
++ * because we want to leave the value intact for debugging
++ * purposes.
+ */
+ if (tsk->clear_child_tid) {
+- if (!(tsk->flags & PF_SIGNALED) &&
++ if (!(tsk->signal->flags & SIGNAL_GROUP_COREDUMP) &&
+ atomic_read(&mm->mm_users) > 1) {
+ /*
+ * We don't check the error code - if userspace has
--- /dev/null
+From dccbfcf52cebb8963246eba5b177b77f26b34da0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>
+Date: Mon, 8 Aug 2016 20:16:23 +0200
+Subject: KVM: nVMX: postpone VMCS changes on MSR_IA32_APICBASE write
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Radim Krčmář <rkrcmar@redhat.com>
+
+commit dccbfcf52cebb8963246eba5b177b77f26b34da0 upstream.
+
+If vmcs12 does not intercept APIC_BASE writes, then KVM will handle the
+write with vmcs02 as the current VMCS.
+This will incorrectly apply modifications intended for vmcs01 to vmcs02
+and L2 can use it to gain access to L0's x2APIC registers by disabling
+virtualized x2APIC while using msr bitmap that assumes enabled.
+
+Postpone execution of vmx_set_virtual_x2apic_mode until vmcs01 is the
+current VMCS. An alternative solution would temporarily make vmcs01 the
+current VMCS, but it requires more care.
+
+Fixes: 8d14695f9542 ("x86, apicv: add virtual x2apic support")
+Reported-by: Jim Mattson <jmattson@google.com>
+Reviewed-by: Wanpeng Li <wanpeng.li@hotmail.com>
+Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/vmx.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -408,6 +408,7 @@ struct nested_vmx {
+ struct list_head vmcs02_pool;
+ int vmcs02_num;
+ u64 vmcs01_tsc_offset;
++ bool change_vmcs01_virtual_x2apic_mode;
+ /* L2 must run next, and mustn't decide to exit to L1. */
+ bool nested_run_pending;
+ /*
+@@ -8184,6 +8185,12 @@ static void vmx_set_virtual_x2apic_mode(
+ {
+ u32 sec_exec_control;
+
++ /* Postpone execution until vmcs01 is the current VMCS. */
++ if (is_guest_mode(vcpu)) {
++ to_vmx(vcpu)->nested.change_vmcs01_virtual_x2apic_mode = true;
++ return;
++ }
++
+ /*
+ * There is not point to enable virtualize x2apic without enable
+ * apicv
+@@ -10483,6 +10490,12 @@ static void nested_vmx_vmexit(struct kvm
+ /* Update TSC_OFFSET if TSC was changed while L2 ran */
+ vmcs_write64(TSC_OFFSET, vmx->nested.vmcs01_tsc_offset);
+
++ if (vmx->nested.change_vmcs01_virtual_x2apic_mode) {
++ vmx->nested.change_vmcs01_virtual_x2apic_mode = false;
++ vmx_set_virtual_x2apic_mode(vcpu,
++ vcpu->arch.apic_base & X2APIC_ENABLE);
++ }
++
+ /* This is needed for same reason as it was needed in prepare_vmcs02 */
+ vmx->host_rsp = 0;
+
powerpc-prom-fix-sub-processor-option-passed-to-ibm-client-architecture-support.patch
sysctl-handle-error-writing-uint_max-to-u32-fields.patch
asoc-omap-mcpdm-fix-irq-resource-handling.patch
+kernel-fork-fix-clone_child_cleartid-regression-in-nscd.patch
+dmaengine-at_xdmac-fix-to-pass-correct-device-identity-to-free_irq.patch
+kvm-nvmx-postpone-vmcs-changes-on-msr_ia32_apicbase-write.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
