--- /dev/null
+From 51b00d8509dc69c98740da2ad07308b630d3eb7d Mon Sep 17 00:00:00 2001
+From: Zhenyu Wang <zhenyuw@linux.intel.com>
+Date: Fri, 11 Jan 2019 13:58:53 +0800
+Subject: drm/i915/gvt: Fix mmap range check
+
+From: Zhenyu Wang <zhenyuw@linux.intel.com>
+
+commit 51b00d8509dc69c98740da2ad07308b630d3eb7d upstream.
+
+This is to fix missed mmap range check on vGPU bar2 region
+and only allow to map vGPU allocated GMADDR range, which means
+user space should support sparse mmap to get proper offset for
+mmap vGPU aperture. And this takes care of actual pgoff in mmap
+request as original code always does from beginning of vGPU
+aperture.
+
+Fixes: 659643f7d814 ("drm/i915/gvt/kvmgt: add vfio/mdev support to KVMGT")
+Cc: "Monroy, Rodrigo Axel" <rodrigo.axel.monroy@intel.com>
+Cc: "Orrala Contreras, Alfredo" <alfredo.orrala.contreras@intel.com>
+Cc: stable@vger.kernel.org # v4.10+
+Reviewed-by: Hang Yuan <hang.yuan@intel.com>
+Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/i915/gvt/kvmgt.c | 21 +++++++++++++++++++--
+ 1 file changed, 19 insertions(+), 2 deletions(-)
+
+--- a/drivers/gpu/drm/i915/gvt/kvmgt.c
++++ b/drivers/gpu/drm/i915/gvt/kvmgt.c
+@@ -807,11 +807,18 @@ write_err:
+ return -EFAULT;
+ }
+
++static inline bool intel_vgpu_in_aperture(struct intel_vgpu *vgpu,
++ unsigned long off)
++{
++ return off >= vgpu_aperture_offset(vgpu) &&
++ off < vgpu_aperture_offset(vgpu) + vgpu_aperture_sz(vgpu);
++}
++
+ static int intel_vgpu_mmap(struct mdev_device *mdev, struct vm_area_struct *vma)
+ {
+ unsigned int index;
+ u64 virtaddr;
+- unsigned long req_size, pgoff = 0;
++ unsigned long req_size, pgoff, req_start;
+ pgprot_t pg_prot;
+ struct intel_vgpu *vgpu = mdev_get_drvdata(mdev);
+
+@@ -829,7 +836,17 @@ static int intel_vgpu_mmap(struct mdev_d
+ pg_prot = vma->vm_page_prot;
+ virtaddr = vma->vm_start;
+ req_size = vma->vm_end - vma->vm_start;
+- pgoff = vgpu_aperture_pa_base(vgpu) >> PAGE_SHIFT;
++ pgoff = vma->vm_pgoff &
++ ((1U << (VFIO_PCI_OFFSET_SHIFT - PAGE_SHIFT)) - 1);
++ req_start = pgoff << PAGE_SHIFT;
++
++ if (!intel_vgpu_in_aperture(vgpu, req_start))
++ return -EINVAL;
++ if (req_start + req_size >
++ vgpu_aperture_offset(vgpu) + vgpu_aperture_sz(vgpu))
++ return -EINVAL;
++
++ pgoff = (gvt_aperture_pa_base(vgpu->gvt) >> PAGE_SHIFT) + pgoff;
+
+ return remap_pfn_range(vma, virtaddr, pgoff, req_size, pg_prot);
+ }
--- /dev/null
+From 3f7bb2ec20ce07c02b2002349d256c91a463fcc5 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Tue, 13 Nov 2018 22:57:34 +0000
+Subject: PCI: dwc: Move interrupt acking into the proper callback
+
+From: Marc Zyngier <marc.zyngier@arm.com>
+
+commit 3f7bb2ec20ce07c02b2002349d256c91a463fcc5 upstream.
+
+The write to the status register is really an ACK for the HW,
+and should be treated as such by the driver. Let's move it to the
+irq_ack() callback, which will prevent people from moving it around
+in order to paper over other bugs.
+
+Fixes: 8c934095fa2f ("PCI: dwc: Clear MSI interrupt status after it is handled,
+not before")
+Fixes: 7c5925afbc58 ("PCI: dwc: Move MSI IRQs allocation to IRQ domains
+hierarchical API")
+Link: https://lore.kernel.org/linux-pci/20181113225734.8026-1-marc.zyngier@arm.com/
+Reported-by: Trent Piepho <tpiepho@impinj.com>
+Tested-by: Niklas Cassel <niklas.cassel@linaro.org>
+Tested-by: Gustavo Pimentel <gustavo.pimentel@synopsys.com>
+Tested-by: Stanimir Varbanov <svarbanov@mm-sol.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+[lorenzo.pieralisi@arm.com: updated commit log]
+Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/dwc/pcie-designware-host.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+--- a/drivers/pci/dwc/pcie-designware-host.c
++++ b/drivers/pci/dwc/pcie-designware-host.c
+@@ -45,8 +45,19 @@ static int dw_pcie_wr_own_conf(struct pc
+ return dw_pcie_write(pci->dbi_base + where, size, val);
+ }
+
++static void dwc_irq_ack(struct irq_data *d)
++{
++ struct msi_desc *msi = irq_data_get_msi_desc(d);
++ struct pcie_port *pp = msi_desc_to_pci_sysdata(msi);
++ int pos = d->hwirq % 32;
++ int i = d->hwirq / 32;
++
++ dw_pcie_wr_own_conf(pp, PCIE_MSI_INTR0_STATUS + i * 12, 4, BIT(pos));
++}
++
+ static struct irq_chip dw_msi_irq_chip = {
+ .name = "PCI-MSI",
++ .irq_ack = dwc_irq_ack,
+ .irq_enable = pci_msi_unmask_irq,
+ .irq_disable = pci_msi_mask_irq,
+ .irq_mask = pci_msi_mask_irq,
+@@ -72,8 +83,6 @@ irqreturn_t dw_handle_msi_irq(struct pci
+ pos)) != 32) {
+ irq = irq_find_mapping(pp->irq_domain, i * 32 + pos);
+ generic_handle_irq(irq);
+- dw_pcie_wr_own_conf(pp, PCIE_MSI_INTR0_STATUS + i * 12,
+- 4, 1 << pos);
+ pos++;
+ }
+ }
+@@ -263,7 +272,7 @@ static struct msi_controller dw_pcie_msi
+ static int dw_pcie_msi_map(struct irq_domain *domain, unsigned int irq,
+ irq_hw_number_t hwirq)
+ {
+- irq_set_chip_and_handler(irq, &dw_msi_irq_chip, handle_simple_irq);
++ irq_set_chip_and_handler(irq, &dw_msi_irq_chip, handle_edge_irq);
+ irq_set_chip_data(irq, domain->host_data);
+
+ return 0;
projects / thirdparty / kernel / stable-queue.git / commitdiff
