--- /dev/null
+From df376f0de167754da9b3ece4afdb5bb8bf3fbf3e Mon Sep 17 00:00:00 2001
+From: "joshua.a.hay@intel.com" <joshua.a.hay@intel.com>
+Date: Fri, 21 Sep 2012 00:08:21 +0000
+Subject: ixgbe: add support for X540-AT1
+
+From: "joshua.a.hay@intel.com" <joshua.a.hay@intel.com>
+
+commit df376f0de167754da9b3ece4afdb5bb8bf3fbf3e upstream.
+
+This patch adds device support for Ethernet Controller X540-AT1.
+
+Signed-off-by: Josh Hay <joshua.a.hay@intel.com>
+Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
+Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
+Signed-off-by: Abdallah Chatila <Abdallah.Chatila@ericsson.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 1 +
+ drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 1 +
+ drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 ++
+ drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 1 +
+ 4 files changed, 5 insertions(+)
+
+--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_common.c
++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_common.c
+@@ -3216,6 +3216,7 @@ static s32 ixgbe_device_supports_autoneg
+
+ switch (hw->device_id) {
+ case IXGBE_DEV_ID_X540T:
++ case IXGBE_DEV_ID_X540T1:
+ return 0;
+ case IXGBE_DEV_ID_82599_T3_LOM:
+ return 0;
+--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c
++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c
+@@ -2006,6 +2006,7 @@ static int ixgbe_wol_exclusion(struct ix
+ retval = 0;
+ break;
+ case IXGBE_DEV_ID_X540T:
++ case IXGBE_DEV_ID_X540T1:
+ /* check eeprom to see if enabled wol */
+ if ((wol_cap == IXGBE_DEVICE_CAPS_WOL_PORT0_1) ||
+ ((wol_cap == IXGBE_DEVICE_CAPS_WOL_PORT0) &&
+--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+@@ -114,6 +114,7 @@ static DEFINE_PCI_DEVICE_TABLE(ixgbe_pci
+ {PCI_VDEVICE(INTEL, IXGBE_DEV_ID_82599_LS), board_82599 },
+ {PCI_VDEVICE(INTEL, IXGBE_DEV_ID_82599EN_SFP), board_82599 },
+ {PCI_VDEVICE(INTEL, IXGBE_DEV_ID_82599_SFP_SF_QP), board_82599 },
++ {PCI_VDEVICE(INTEL, IXGBE_DEV_ID_X540T1), board_X540 },
+ /* required last entry */
+ {0, }
+ };
+@@ -7060,6 +7061,7 @@ static int __devinit ixgbe_probe(struct
+ adapter->wol = IXGBE_WUFC_MAG;
+ break;
+ case IXGBE_DEV_ID_X540T:
++ case IXGBE_DEV_ID_X540T1:
+ /* Check eeprom to see if it is enabled */
+ hw->eeprom.ops.read(hw, 0x2c, &adapter->eeprom_cap);
+ wol_cap = adapter->eeprom_cap & IXGBE_DEVICE_CAPS_WOL_MASK;
+--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h
++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h
+@@ -67,6 +67,7 @@
+ #define IXGBE_DEV_ID_82599_LS 0x154F
+ #define IXGBE_DEV_ID_X540T 0x1528
+ #define IXGBE_DEV_ID_82599_SFP_SF_QP 0x154A
++#define IXGBE_DEV_ID_X540T1 0x1560
+
+ /* VF Device IDs */
+ #define IXGBE_DEV_ID_82599_VF 0x10ED
--- /dev/null
+From 6d1068b3a98519247d8ba4ec85cd40ac136dbdf9 Mon Sep 17 00:00:00 2001
+From: Petr Matousek <pmatouse@redhat.com>
+Date: Tue, 6 Nov 2012 19:24:07 +0100
+Subject: KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461)
+
+From: Petr Matousek <pmatouse@redhat.com>
+
+commit 6d1068b3a98519247d8ba4ec85cd40ac136dbdf9 upstream.
+
+On hosts without the XSAVE support unprivileged local user can trigger
+oops similar to the one below by setting X86_CR4_OSXSAVE bit in guest
+cr4 register using KVM_SET_SREGS ioctl and later issuing KVM_RUN
+ioctl.
+
+invalid opcode: 0000 [#2] SMP
+Modules linked in: tun ip6table_filter ip6_tables ebtable_nat ebtables
+...
+Pid: 24935, comm: zoog_kvm_monito Tainted: G D 3.2.0-3-686-pae
+EIP: 0060:[<f8b9550c>] EFLAGS: 00210246 CPU: 0
+EIP is at kvm_arch_vcpu_ioctl_run+0x92a/0xd13 [kvm]
+EAX: 00000001 EBX: 000f387e ECX: 00000000 EDX: 00000000
+ESI: 00000000 EDI: 00000000 EBP: ef5a0060 ESP: d7c63e70
+ DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
+Process zoog_kvm_monito (pid: 24935, ti=d7c62000 task=ed84a0c0
+task.ti=d7c62000)
+Stack:
+ 00000001 f70a1200 f8b940a9 ef5a0060 00000000 00200202 f8769009 00000000
+ ef5a0060 000f387e eda5c020 8722f9c8 00015bae 00000000 ed84a0c0 ed84a0c0
+ c12bf02d 0000ae80 ef7f8740 fffffffb f359b740 ef5a0060 f8b85dc1 0000ae80
+Call Trace:
+ [<f8b940a9>] ? kvm_arch_vcpu_ioctl_set_sregs+0x2fe/0x308 [kvm]
+...
+ [<c12bfb44>] ? syscall_call+0x7/0xb
+Code: 89 e8 e8 14 ee ff ff ba 00 00 04 00 89 e8 e8 98 48 ff ff 85 c0 74
+1e 83 7d 48 00 75 18 8b 85 08 07 00 00 31 c9 8b 95 0c 07 00 00 <0f> 01
+d1 c7 45 48 01 00 00 00 c7 45 1c 01 00 00 00 0f ae f0 89
+EIP: [<f8b9550c>] kvm_arch_vcpu_ioctl_run+0x92a/0xd13 [kvm] SS:ESP
+0068:d7c63e70
+
+QEMU first retrieves the supported features via KVM_GET_SUPPORTED_CPUID
+and then sets them later. So guest's X86_FEATURE_XSAVE should be masked
+out on hosts without X86_FEATURE_XSAVE, making kvm_set_cr4 with
+X86_CR4_OSXSAVE fail. Userspaces that allow specifying guest cpuid with
+X86_FEATURE_XSAVE even on hosts that do not support it, might be
+susceptible to this attack from inside the guest as well.
+
+Allow setting X86_CR4_OSXSAVE bit only if host has XSAVE support.
+
+Signed-off-by: Petr Matousek <pmatouse@redhat.com>
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/cpuid.h | 3 +++
+ arch/x86/kvm/x86.c | 3 +++
+ 2 files changed, 6 insertions(+)
+
+--- a/arch/x86/kvm/cpuid.h
++++ b/arch/x86/kvm/cpuid.h
+@@ -23,6 +23,9 @@ static inline bool guest_cpuid_has_xsave
+ {
+ struct kvm_cpuid_entry2 *best;
+
++ if (!static_cpu_has(X86_FEATURE_XSAVE))
++ return 0;
++
+ best = kvm_find_cpuid_entry(vcpu, 1, 0);
+ return best && (best->ecx & bit(X86_FEATURE_XSAVE));
+ }
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -5697,6 +5697,9 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct
+ int pending_vec, max_bits, idx;
+ struct desc_ptr dt;
+
++ if (!guest_cpuid_has_xsave(vcpu) && (sregs->cr4 & X86_CR4_OSXSAVE))
++ return -EINVAL;
++
+ dt.size = sregs->idt.limit;
+ dt.address = sregs->idt.base;
+ kvm_x86_ops->set_idt(vcpu, &dt);
--- /dev/null
+From b03e66a6be91f8389fcd902ab6c1563db1c9c06b Mon Sep 17 00:00:00 2001
+From: David Milburn <dmilburn@redhat.com>
+Date: Mon, 29 Oct 2012 18:00:22 -0500
+Subject: sata_svw: check DMA start bit before reset
+
+From: David Milburn <dmilburn@redhat.com>
+
+commit b03e66a6be91f8389fcd902ab6c1563db1c9c06b upstream.
+
+If kdump is triggered with pending IO, controller may not respond causing
+kdump to fail.
+
+http://marc.info/?l=linux-ide&m=133032255424658&w=2
+
+During error recovery ata_do_dev_read_id never completes due hang
+in mmio_insw.
+
+ata_do_dev_read_id
+ ata_sff_data_xfer
+ ioread16_rep
+ mmio_insw
+
+if DMA start bit is cleared before reset, PIO command is successful
+and kdump succeeds.
+
+Signed-off-by: David Milburn <dmilburn@redhat.com>
+Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
+Cc: CAI Qian <caiqian@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/ata/sata_svw.c | 35 +++++++++++++++++++++++++++++++++++
+ 1 file changed, 35 insertions(+)
+
+--- a/drivers/ata/sata_svw.c
++++ b/drivers/ata/sata_svw.c
+@@ -142,6 +142,39 @@ static int k2_sata_scr_write(struct ata_
+ return 0;
+ }
+
++static int k2_sata_softreset(struct ata_link *link,
++ unsigned int *class, unsigned long deadline)
++{
++ u8 dmactl;
++ void __iomem *mmio = link->ap->ioaddr.bmdma_addr;
++
++ dmactl = readb(mmio + ATA_DMA_CMD);
++
++ /* Clear the start bit */
++ if (dmactl & ATA_DMA_START) {
++ dmactl &= ~ATA_DMA_START;
++ writeb(dmactl, mmio + ATA_DMA_CMD);
++ }
++
++ return ata_sff_softreset(link, class, deadline);
++}
++
++static int k2_sata_hardreset(struct ata_link *link,
++ unsigned int *class, unsigned long deadline)
++{
++ u8 dmactl;
++ void __iomem *mmio = link->ap->ioaddr.bmdma_addr;
++
++ dmactl = readb(mmio + ATA_DMA_CMD);
++
++ /* Clear the start bit */
++ if (dmactl & ATA_DMA_START) {
++ dmactl &= ~ATA_DMA_START;
++ writeb(dmactl, mmio + ATA_DMA_CMD);
++ }
++
++ return sata_sff_hardreset(link, class, deadline);
++}
+
+ static void k2_sata_tf_load(struct ata_port *ap, const struct ata_taskfile *tf)
+ {
+@@ -346,6 +379,8 @@ static struct scsi_host_template k2_sata
+
+ static struct ata_port_operations k2_sata_ops = {
+ .inherits = &ata_bmdma_port_ops,
++ .softreset = k2_sata_softreset,
++ .hardreset = k2_sata_hardreset,
+ .sff_tf_load = k2_sata_tf_load,
+ .sff_tf_read = k2_sata_tf_read,
+ .sff_check_status = k2_stat_check_status,
alsa-hda-add-support-for-realtek-alc292.patch
bas_gigaset-fix-pre_reset-handling.patch
scsi-silence-unnecessary-warnings-about-ioctl-to-partition.patch
+kvm-x86-invalid-opcode-oops-on-set_sregs-with-osxsave-bit-set-cve-2012-4461.patch
+ixgbe-add-support-for-x540-at1.patch
+sata_svw-check-dma-start-bit-before-reset.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
