From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 23 Oct 2014 06:46:53 +0000 (+0800)
Subject: 3.10-stable patches
X-Git-Tag: v3.10.59~31
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0ea1406dc13591883f4e2ed50793885f373ee259;p=thirdparty%2Fkernel%2Fstable-queue.git

3.10-stable patches

added patches:
	kvm-don-t-take-vcpu-mutex-for-obviously-invalid-vcpu-ioctls.patch
	kvm-s390-unintended-fallthrough-for-external-call.patch
	spi-dw-mid-check-that-dma-was-inited-before-exit.patch
	spi-dw-mid-respect-8-bit-mode.patch
	x86-intel-quark-switch-off-cr4.pge-so-tlb-flush-uses-cr3-instead.patch
---

diff --git a/queue-3.10/kvm-don-t-take-vcpu-mutex-for-obviously-invalid-vcpu-ioctls.patch b/queue-3.10/kvm-don-t-take-vcpu-mutex-for-obviously-invalid-vcpu-ioctls.patch
new file mode 100644
index 00000000000..8d126aeebcf
--- /dev/null
+++ b/queue-3.10/kvm-don-t-take-vcpu-mutex-for-obviously-invalid-vcpu-ioctls.patch
@@ -0,0 +1,46 @@
+From 2ea75be3219571d0ec009ce20d9971e54af96e09 Mon Sep 17 00:00:00 2001
+From: David Matlack <dmatlack@google.com>
+Date: Fri, 19 Sep 2014 16:03:25 -0700
+Subject: kvm: don't take vcpu mutex for obviously invalid vcpu ioctls
+
+From: David Matlack <dmatlack@google.com>
+
+commit 2ea75be3219571d0ec009ce20d9971e54af96e09 upstream.
+
+vcpu ioctls can hang the calling thread if issued while a vcpu is running.
+However, invalid ioctls can happen when userspace tries to probe the kind
+of file descriptors (e.g. isatty() calls ioctl(TCGETS)); in that case,
+we know the ioctl is going to be rejected as invalid anyway and we can
+fail before trying to take the vcpu mutex.
+
+This patch does not change functionality, it just makes invalid ioctls
+fail faster.
+
+Signed-off-by: David Matlack <dmatlack@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ virt/kvm/kvm_main.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/virt/kvm/kvm_main.c
++++ b/virt/kvm/kvm_main.c
+@@ -52,6 +52,7 @@
+ 
+ #include <asm/processor.h>
+ #include <asm/io.h>
++#include <asm/ioctl.h>
+ #include <asm/uaccess.h>
+ #include <asm/pgtable.h>
+ 
+@@ -1981,6 +1982,9 @@ static long kvm_vcpu_ioctl(struct file *
+ 	if (vcpu->kvm->mm != current->mm)
+ 		return -EIO;
+ 
++	if (unlikely(_IOC_TYPE(ioctl) != KVMIO))
++		return -EINVAL;
++
+ #if defined(CONFIG_S390) || defined(CONFIG_PPC) || defined(CONFIG_MIPS)
+ 	/*
+ 	 * Special cases: vcpu ioctls that are asynchronous to vcpu execution,
diff --git a/queue-3.10/kvm-s390-unintended-fallthrough-for-external-call.patch b/queue-3.10/kvm-s390-unintended-fallthrough-for-external-call.patch
new file mode 100644
index 00000000000..aea4e977d0f
--- /dev/null
+++ b/queue-3.10/kvm-s390-unintended-fallthrough-for-external-call.patch
@@ -0,0 +1,29 @@
+From f346026e55f1efd3949a67ddd1dcea7c1b9a615e Mon Sep 17 00:00:00 2001
+From: Christian Borntraeger <borntraeger@de.ibm.com>
+Date: Wed, 3 Sep 2014 16:21:32 +0200
+Subject: KVM: s390: unintended fallthrough for external call
+
+From: Christian Borntraeger <borntraeger@de.ibm.com>
+
+commit f346026e55f1efd3949a67ddd1dcea7c1b9a615e upstream.
+
+We must not fallthrough if the conditions for external call are not met.
+
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/kvm/interrupt.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/s390/kvm/interrupt.c
++++ b/arch/s390/kvm/interrupt.c
+@@ -71,6 +71,7 @@ static int __interrupt_is_deliverable(st
+ 			return 0;
+ 		if (vcpu->arch.sie_block->gcr[0] & 0x2000ul)
+ 			return 1;
++		return 0;
+ 	case KVM_S390_INT_EMERGENCY:
+ 		if (psw_extint_disabled(vcpu))
+ 			return 0;
diff --git a/queue-3.10/series b/queue-3.10/series
index e06c661ae7d..792f3516fe8 100644
--- a/queue-3.10/series
+++ b/queue-3.10/series
@@ -3,3 +3,8 @@ btrfs-fix-build_backref_tree-issue-with-multiple-shared-blocks.patch
 btrfs-fix-race-in-wait_sync-ioctl.patch
 fs-add-a-missing-permission-check-to-do_umount.patch
 kvm-x86-fix-stale-mmio-cache-bug.patch
+kvm-s390-unintended-fallthrough-for-external-call.patch
+kvm-don-t-take-vcpu-mutex-for-obviously-invalid-vcpu-ioctls.patch
+x86-intel-quark-switch-off-cr4.pge-so-tlb-flush-uses-cr3-instead.patch
+spi-dw-mid-respect-8-bit-mode.patch
+spi-dw-mid-check-that-dma-was-inited-before-exit.patch
diff --git a/queue-3.10/spi-dw-mid-check-that-dma-was-inited-before-exit.patch b/queue-3.10/spi-dw-mid-check-that-dma-was-inited-before-exit.patch
new file mode 100644
index 00000000000..0b6d76b1dcb
--- /dev/null
+++ b/queue-3.10/spi-dw-mid-check-that-dma-was-inited-before-exit.patch
@@ -0,0 +1,32 @@
+From fb57862ead652454ceeb659617404c5f13bc34b5 Mon Sep 17 00:00:00 2001
+From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Date: Fri, 12 Sep 2014 15:11:58 +0300
+Subject: spi: dw-mid: check that DMA was inited before exit
+
+From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+
+commit fb57862ead652454ceeb659617404c5f13bc34b5 upstream.
+
+If the driver was compiled with DMA support, but DMA channels weren't acquired
+by some reason, mid_spi_dma_exit() will crash the kernel.
+
+Fixes: 7063c0d942a1 (spi/dw_spi: add DMA support)
+Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/spi/spi-dw-mid.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/spi/spi-dw-mid.c
++++ b/drivers/spi/spi-dw-mid.c
+@@ -89,6 +89,8 @@ err_exit:
+ 
+ static void mid_spi_dma_exit(struct dw_spi *dws)
+ {
++	if (!dws->dma_inited)
++		return;
+ 	dma_release_channel(dws->txchan);
+ 	dma_release_channel(dws->rxchan);
+ }
diff --git a/queue-3.10/spi-dw-mid-respect-8-bit-mode.patch b/queue-3.10/spi-dw-mid-respect-8-bit-mode.patch
new file mode 100644
index 00000000000..a586a87d4f0
--- /dev/null
+++ b/queue-3.10/spi-dw-mid-respect-8-bit-mode.patch
@@ -0,0 +1,40 @@
+From b41583e7299046abdc578c33f25ed83ee95b9b31 Mon Sep 17 00:00:00 2001
+From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Date: Thu, 18 Sep 2014 20:08:51 +0300
+Subject: spi: dw-mid: respect 8 bit mode
+
+From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+
+commit b41583e7299046abdc578c33f25ed83ee95b9b31 upstream.
+
+In case of 8 bit mode and DMA usage we end up with every second byte written as
+0. We have to respect bits_per_word settings what this patch actually does.
+
+Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/spi/spi-dw-mid.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/spi/spi-dw-mid.c
++++ b/drivers/spi/spi-dw-mid.c
+@@ -136,7 +136,7 @@ static int mid_spi_dma_transfer(struct d
+ 	txconf.dst_addr = dws->dma_addr;
+ 	txconf.dst_maxburst = LNW_DMA_MSIZE_16;
+ 	txconf.src_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
+-	txconf.dst_addr_width = DMA_SLAVE_BUSWIDTH_2_BYTES;
++	txconf.dst_addr_width = dws->dma_width;
+ 	txconf.device_fc = false;
+ 
+ 	txchan->device->device_control(txchan, DMA_SLAVE_CONFIG,
+@@ -159,7 +159,7 @@ static int mid_spi_dma_transfer(struct d
+ 	rxconf.src_addr = dws->dma_addr;
+ 	rxconf.src_maxburst = LNW_DMA_MSIZE_16;
+ 	rxconf.dst_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
+-	rxconf.src_addr_width = DMA_SLAVE_BUSWIDTH_2_BYTES;
++	rxconf.src_addr_width = dws->dma_width;
+ 	rxconf.device_fc = false;
+ 
+ 	rxchan->device->device_control(rxchan, DMA_SLAVE_CONFIG,
diff --git a/queue-3.10/x86-intel-quark-switch-off-cr4.pge-so-tlb-flush-uses-cr3-instead.patch b/queue-3.10/x86-intel-quark-switch-off-cr4.pge-so-tlb-flush-uses-cr3-instead.patch
new file mode 100644
index 00000000000..8d1fdd77e87
--- /dev/null
+++ b/queue-3.10/x86-intel-quark-switch-off-cr4.pge-so-tlb-flush-uses-cr3-instead.patch
@@ -0,0 +1,53 @@
+From ee1b5b165c0a2f04d2107e634e51f05d0eb107de Mon Sep 17 00:00:00 2001
+From: Bryan O'Donoghue <pure.logic@nexus-software.ie>
+Date: Wed, 24 Sep 2014 00:26:24 +0100
+Subject: x86/intel/quark: Switch off CR4.PGE so TLB flush uses CR3 instead
+
+From: Bryan O'Donoghue <pure.logic@nexus-software.ie>
+
+commit ee1b5b165c0a2f04d2107e634e51f05d0eb107de upstream.
+
+Quark x1000 advertises PGE via the standard CPUID method
+PGE bits exist in Quark X1000's PTEs. In order to flush
+an individual PTE it is necessary to reload CR3 irrespective
+of the PTE.PGE bit.
+
+See Quark Core_DevMan_001.pdf section 6.4.11
+
+This bug was fixed in Galileo kernels, unfixed vanilla kernels are expected to
+crash and burn on this platform.
+
+Signed-off-by: Bryan O'Donoghue <pure.logic@nexus-software.ie>
+Cc: Borislav Petkov <bp@alien8.de>
+Link: http://lkml.kernel.org/r/1411514784-14885-1-git-send-email-pure.logic@nexus-software.ie
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/intel.c |   15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+--- a/arch/x86/kernel/cpu/intel.c
++++ b/arch/x86/kernel/cpu/intel.c
+@@ -154,6 +154,21 @@ static void __cpuinit early_init_intel(s
+ 			setup_clear_cpu_cap(X86_FEATURE_ERMS);
+ 		}
+ 	}
++
++	/*
++	 * Intel Quark Core DevMan_001.pdf section 6.4.11
++	 * "The operating system also is required to invalidate (i.e., flush)
++	 *  the TLB when any changes are made to any of the page table entries.
++	 *  The operating system must reload CR3 to cause the TLB to be flushed"
++	 *
++	 * As a result cpu_has_pge() in arch/x86/include/asm/tlbflush.h should
++	 * be false so that __flush_tlb_all() causes CR3 insted of CR4.PGE
++	 * to be modified
++	 */
++	if (c->x86 == 5 && c->x86_model == 9) {
++		pr_info("Disabling PGE capability bit\n");
++		setup_clear_cpu_cap(X86_FEATURE_PGE);
++	}
+ }
+ 
+ #ifdef CONFIG_X86_32