--- /dev/null
+From 9d42d48a342aee208c1154696196497fdc556bbf Mon Sep 17 00:00:00 2001
+From: Catalin Marinas <catalin.marinas@arm.com>
+Date: Mon, 23 Feb 2015 15:13:40 +0000
+Subject: arm64: compat Fix siginfo_t -> compat_siginfo_t conversion on big endian
+
+From: Catalin Marinas <catalin.marinas@arm.com>
+
+commit 9d42d48a342aee208c1154696196497fdc556bbf upstream.
+
+The native (64-bit) sigval_t union contains sival_int (32-bit) and
+sival_ptr (64-bit). When a compat application invokes a syscall that
+takes a sigval_t value (as part of a larger structure, e.g.
+compat_sys_mq_notify, compat_sys_timer_create), the compat_sigval_t
+union is converted to the native sigval_t with sival_int overlapping
+with either the least or the most significant half of sival_ptr,
+depending on endianness. When the corresponding signal is delivered to a
+compat application, on big endian the current (compat_uptr_t)sival_ptr
+cast always returns 0 since sival_int corresponds to the top part of
+sival_ptr. This patch fixes copy_siginfo_to_user32() so that sival_int
+is copied to the compat_siginfo_t structure.
+
+Reported-by: Bamvor Jian Zhang <bamvor.zhangjian@huawei.com>
+Tested-by: Bamvor Jian Zhang <bamvor.zhangjian@huawei.com>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/kernel/signal32.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/arch/arm64/kernel/signal32.c
++++ b/arch/arm64/kernel/signal32.c
+@@ -151,8 +151,7 @@ int copy_siginfo_to_user32(compat_siginf
+ case __SI_TIMER:
+ err |= __put_user(from->si_tid, &to->si_tid);
+ err |= __put_user(from->si_overrun, &to->si_overrun);
+- err |= __put_user((compat_uptr_t)(unsigned long)from->si_ptr,
+- &to->si_ptr);
++ err |= __put_user(from->si_int, &to->si_int);
+ break;
+ case __SI_POLL:
+ err |= __put_user(from->si_band, &to->si_band);
+@@ -181,7 +180,7 @@ int copy_siginfo_to_user32(compat_siginf
+ case __SI_MESGQ: /* But this is */
+ err |= __put_user(from->si_pid, &to->si_pid);
+ err |= __put_user(from->si_uid, &to->si_uid);
+- err |= __put_user((compat_uptr_t)(unsigned long)from->si_ptr, &to->si_ptr);
++ err |= __put_user(from->si_int, &to->si_int);
+ break;
+ default: /* this is just in case for now ... */
+ err |= __put_user(from->si_pid, &to->si_pid);
--- /dev/null
+From a52d209336f8fc7483a8c7f4a8a7d2a8e1692a6c Mon Sep 17 00:00:00 2001
+From: Martin Vajnar <martin.vajnar@gmail.com>
+Date: Wed, 24 Dec 2014 00:27:57 +0100
+Subject: hx4700: regulator: declare full constraints
+
+From: Martin Vajnar <martin.vajnar@gmail.com>
+
+commit a52d209336f8fc7483a8c7f4a8a7d2a8e1692a6c upstream.
+
+Since the removal of CONFIG_REGULATOR_DUMMY option, the touchscreen stopped
+working. This patch enables the "replacement" for REGULATOR_DUMMY and
+allows the touchscreen to work even though there is no regulator for "vcc".
+
+Signed-off-by: Martin Vajnar <martin.vajnar@gmail.com>
+Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/mach-pxa/hx4700.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/arm/mach-pxa/hx4700.c
++++ b/arch/arm/mach-pxa/hx4700.c
+@@ -892,6 +892,8 @@ static void __init hx4700_init(void)
+ mdelay(10);
+ gpio_set_value(GPIO71_HX4700_ASIC3_nRESET, 1);
+ mdelay(10);
++
++ regulator_has_full_constraints();
+ }
+
+ MACHINE_START(H4700, "HP iPAQ HX4700")
--- /dev/null
+From f798217dfd038af981a18bbe4bc57027a08bb182 Mon Sep 17 00:00:00 2001
+From: James Hogan <james.hogan@imgtec.com>
+Date: Wed, 4 Feb 2015 17:06:37 +0000
+Subject: KVM: MIPS: Don't leak FPU/DSP to guest
+
+From: James Hogan <james.hogan@imgtec.com>
+
+commit f798217dfd038af981a18bbe4bc57027a08bb182 upstream.
+
+The FPU and DSP are enabled via the CP0 Status CU1 and MX bits by
+kvm_mips_set_c0_status() on a guest exit, presumably in case there is
+active state that needs saving if pre-emption occurs. However neither of
+these bits are cleared again when returning to the guest.
+
+This effectively gives the guest access to the FPU/DSP hardware after
+the first guest exit even though it is not aware of its presence,
+allowing FP instructions in guest user code to intermittently actually
+execute instead of trapping into the guest OS for emulation. It will
+then read & manipulate the hardware FP registers which technically
+belong to the user process (e.g. QEMU), or are stale from another user
+process. It can also crash the guest OS by causing an FP exception, for
+which a guest exception handler won't have been registered.
+
+First lets save and disable the FPU (and MSA) state with lose_fpu(1)
+before entering the guest. This simplifies the problem, especially for
+when guest FPU/MSA support is added in the future, and prevents FR=1 FPU
+state being live when the FR bit gets cleared for the guest, which
+according to the architecture causes the contents of the FPU and vector
+registers to become UNPREDICTABLE.
+
+We can then safely remove the enabling of the FPU in
+kvm_mips_set_c0_status(), since there should never be any active FPU or
+MSA state to save at pre-emption, which should plug the FPU leak.
+
+DSP state is always live rather than being lazily restored, so for that
+it is simpler to just clear the MX bit again when re-entering the guest.
+
+Signed-off-by: James Hogan <james.hogan@imgtec.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Cc: Sanjay Lal <sanjayl@kymasys.com>
+Cc: Gleb Natapov <gleb@kernel.org>
+Cc: kvm@vger.kernel.org
+Cc: linux-mips@linux-mips.org
+Cc: <stable@vger.kernel.org> # v3.10+: 044f0f03eca0: MIPS: KVM: Deliver guest interrupts
+Cc: <stable@vger.kernel.org> # v3.10+
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: James Hogan <james.hogan@imgtec.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+This should apply to stable trees 3.12 and 3.14, but not 3.10. The files
+had been renamed since v3.14 so it cherry-picked cleanly but the patch
+didn't apply cleanly. I've also added a reference to the "MIPS: Export
+FP functions used by lose_fpu(1) for KVM" commit which is itself marked
+for stable, but is needed to avoid a build failure when KVM=m.
+---
+ arch/mips/kvm/kvm_locore.S | 2 +-
+ arch/mips/kvm/kvm_mips.c | 6 +++---
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+--- a/arch/mips/kvm/kvm_locore.S
++++ b/arch/mips/kvm/kvm_locore.S
+@@ -428,7 +428,7 @@ __kvm_mips_return_to_guest:
+ /* Setup status register for running guest in UM */
+ .set at
+ or v1, v1, (ST0_EXL | KSU_USER | ST0_IE)
+- and v1, v1, ~ST0_CU0
++ and v1, v1, ~(ST0_CU0 | ST0_MX)
+ .set noat
+ mtc0 v1, CP0_STATUS
+ ehb
+--- a/arch/mips/kvm/kvm_mips.c
++++ b/arch/mips/kvm/kvm_mips.c
+@@ -15,6 +15,7 @@
+ #include <linux/vmalloc.h>
+ #include <linux/fs.h>
+ #include <linux/bootmem.h>
++#include <asm/fpu.h>
+ #include <asm/page.h>
+ #include <asm/cacheflush.h>
+ #include <asm/mmu_context.h>
+@@ -418,6 +419,8 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_v
+ vcpu->mmio_needed = 0;
+ }
+
++ lose_fpu(1);
++
+ local_irq_disable();
+ /* Check if we have any exceptions/interrupts pending */
+ kvm_mips_deliver_interrupts(vcpu,
+@@ -1021,9 +1024,6 @@ void kvm_mips_set_c0_status(void)
+ {
+ uint32_t status = read_c0_status();
+
+- if (cpu_has_fpu)
+- status |= (ST0_CU1);
+-
+ if (cpu_has_dsp)
+ status |= (ST0_MX);
+
--- /dev/null
+From 8e2207cdd087ebb031e9118d1fd0902c6533a5e5 Mon Sep 17 00:00:00 2001
+From: David Hildenbrand <dahi@linux.vnet.ibm.com>
+Date: Thu, 15 Jan 2015 17:56:18 +0100
+Subject: KVM: s390: floating irqs: fix user triggerable endless loop
+
+From: David Hildenbrand <dahi@linux.vnet.ibm.com>
+
+commit 8e2207cdd087ebb031e9118d1fd0902c6533a5e5 upstream.
+
+If a vm with no VCPUs is created, the injection of a floating irq
+leads to an endless loop in the kernel.
+
+Let's skip the search for a destination VCPU for a floating irq if no
+VCPUs were created.
+
+Reviewed-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
+Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
+Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/kvm/interrupt.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/s390/kvm/interrupt.c
++++ b/arch/s390/kvm/interrupt.c
+@@ -739,6 +739,8 @@ int kvm_s390_inject_vm(struct kvm *kvm,
+ list_add_tail(&inti->list, &iter->list);
+ }
+ atomic_set(&fi->active, 1);
++ if (atomic_read(&kvm->online_vcpus) == 0)
++ goto unlock_fi;
+ sigcpu = find_first_bit(fi->idle_mask, KVM_MAX_VCPUS);
+ if (sigcpu == KVM_MAX_VCPUS) {
+ do {
--- /dev/null
+From 7f187922ddf6b67f2999a76dcb71663097b75497 Mon Sep 17 00:00:00 2001
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Tue, 4 Nov 2014 21:30:44 -0200
+Subject: KVM: x86: update masterclock values on TSC writes
+
+From: Marcelo Tosatti <mtosatti@redhat.com>
+
+commit 7f187922ddf6b67f2999a76dcb71663097b75497 upstream.
+
+When the guest writes to the TSC, the masterclock TSC copy must be
+updated as well along with the TSC_OFFSET update, otherwise a negative
+tsc_timestamp is calculated at kvm_guest_time_update.
+
+Once "if (!vcpus_matched && ka->use_master_clock)" is simplified to
+"if (ka->use_master_clock)", the corresponding "if (!ka->use_master_clock)"
+becomes redundant, so remove the do_request boolean and collapse
+everything into a single condition.
+
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/x86.c | 19 ++++++++++---------
+ 1 file changed, 10 insertions(+), 9 deletions(-)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -1207,21 +1207,22 @@ void kvm_track_tsc_matching(struct kvm_v
+ {
+ #ifdef CONFIG_X86_64
+ bool vcpus_matched;
+- bool do_request = false;
+ struct kvm_arch *ka = &vcpu->kvm->arch;
+ struct pvclock_gtod_data *gtod = &pvclock_gtod_data;
+
+ vcpus_matched = (ka->nr_vcpus_matched_tsc + 1 ==
+ atomic_read(&vcpu->kvm->online_vcpus));
+
+- if (vcpus_matched && gtod->clock.vclock_mode == VCLOCK_TSC)
+- if (!ka->use_master_clock)
+- do_request = 1;
+-
+- if (!vcpus_matched && ka->use_master_clock)
+- do_request = 1;
+-
+- if (do_request)
++ /*
++ * Once the masterclock is enabled, always perform request in
++ * order to update it.
++ *
++ * In order to enable masterclock, the host clocksource must be TSC
++ * and the vcpus need to have matched TSCs. When that happens,
++ * perform request to enable masterclock.
++ */
++ if (ka->use_master_clock ||
++ (gtod->clock.vclock_mode == VCLOCK_TSC && vcpus_matched))
+ kvm_make_request(KVM_REQ_MASTERCLOCK_UPDATE, vcpu);
+
+ trace_kvm_track_tsc(vcpu->vcpu_id, ka->nr_vcpus_matched_tsc,
arc-fix-page-address-calculation-if-page_offset-linux_link_base.patch
kvm-s390-floating-irqs-fix-user-triggerable-endless-loop.patch
kvm-mips-don-t-leak-fpu-dsp-to-guest.patch
+kvm-x86-update-masterclock-values-on-tsc-writes.patch
+hx4700-regulator-declare-full-constraints.patch
+arm64-compat-fix-siginfo_t-compat_siginfo_t-conversion-on-big-endian.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
