From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 21 Nov 2016 10:55:55 +0000 (+0100)
Subject: 4.4-stable patches
X-Git-Tag: v4.4.35~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=426ae513bbdd1aea606ac362dbf739235d03917f;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	kvm-disable-irq-while-unregistering-user-notifier.patch
	kvm-x86-fix-missed-srcu-usage-in-kvm_lapic_set_vapic_addr.patch
	x86-cpu-amd-fix-cpu_llc_id-for-amd-fam17h-systems.patch
---

diff --git a/queue-4.4/kvm-disable-irq-while-unregistering-user-notifier.patch b/queue-4.4/kvm-disable-irq-while-unregistering-user-notifier.patch
new file mode 100644
index 00000000000..aa96a2beb84
--- /dev/null
+++ b/queue-4.4/kvm-disable-irq-while-unregistering-user-notifier.patch
@@ -0,0 +1,59 @@
+From 1650b4ebc99da4c137bfbfc531be4a2405f951dd Mon Sep 17 00:00:00 2001
+From: Ignacio Alvarado <ikalvarado@google.com>
+Date: Fri, 4 Nov 2016 12:15:55 -0700
+Subject: KVM: Disable irq while unregistering user notifier
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Ignacio Alvarado <ikalvarado@google.com>
+
+commit 1650b4ebc99da4c137bfbfc531be4a2405f951dd upstream.
+
+Function user_notifier_unregister should be called only once for each
+registered user notifier.
+
+Function kvm_arch_hardware_disable can be executed from an IPI context
+which could cause a race condition with a VCPU returning to user mode
+and attempting to unregister the notifier.
+
+Signed-off-by: Ignacio Alvarado <ikalvarado@google.com>
+Fixes: 18863bdd60f8 ("KVM: x86 shared msr infrastructure")
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Radim KrÄmÃ¡Å <rkrcmar@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/x86.c |   13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -199,7 +199,18 @@ static void kvm_on_user_return(struct us
+ 	struct kvm_shared_msrs *locals
+ 		= container_of(urn, struct kvm_shared_msrs, urn);
+ 	struct kvm_shared_msr_values *values;
++	unsigned long flags;
+ 
++	/*
++	 * Disabling irqs at this point since the following code could be
++	 * interrupted and executed through kvm_arch_hardware_disable()
++	 */
++	local_irq_save(flags);
++	if (locals->registered) {
++		locals->registered = false;
++		user_return_notifier_unregister(urn);
++	}
++	local_irq_restore(flags);
+ 	for (slot = 0; slot < shared_msrs_global.nr; ++slot) {
+ 		values = &locals->values[slot];
+ 		if (values->host != values->curr) {
+@@ -207,8 +218,6 @@ static void kvm_on_user_return(struct us
+ 			values->curr = values->host;
+ 		}
+ 	}
+-	locals->registered = false;
+-	user_return_notifier_unregister(urn);
+ }
+ 
+ static void shared_msr_update(unsigned slot, u32 msr)
diff --git a/queue-4.4/kvm-x86-fix-missed-srcu-usage-in-kvm_lapic_set_vapic_addr.patch b/queue-4.4/kvm-x86-fix-missed-srcu-usage-in-kvm_lapic_set_vapic_addr.patch
new file mode 100644
index 00000000000..f61c6f9021e
--- /dev/null
+++ b/queue-4.4/kvm-x86-fix-missed-srcu-usage-in-kvm_lapic_set_vapic_addr.patch
@@ -0,0 +1,66 @@
+From 7301d6abaea926d685832f7e1f0c37dd206b01f4 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 17 Nov 2016 15:55:46 +0100
+Subject: KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+commit 7301d6abaea926d685832f7e1f0c37dd206b01f4 upstream.
+
+Reported by syzkaller:
+
+    [ INFO: suspicious RCU usage. ]
+    4.9.0-rc4+ #47 Not tainted
+    -------------------------------
+    ./include/linux/kvm_host.h:536 suspicious rcu_dereference_check() usage!
+
+    stack backtrace:
+    CPU: 1 PID: 6679 Comm: syz-executor Not tainted 4.9.0-rc4+ #47
+    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+     ffff880039e2f6d0 ffffffff81c2e46b ffff88003e3a5b40 0000000000000000
+     0000000000000001 ffffffff83215600 ffff880039e2f700 ffffffff81334ea9
+     ffffc9000730b000 0000000000000004 ffff88003c4f8420 ffff88003d3f8000
+    Call Trace:
+     [<     inline     >] __dump_stack lib/dump_stack.c:15
+     [<ffffffff81c2e46b>] dump_stack+0xb3/0x118 lib/dump_stack.c:51
+     [<ffffffff81334ea9>] lockdep_rcu_suspicious+0x139/0x180 kernel/locking/lockdep.c:4445
+     [<     inline     >] __kvm_memslots include/linux/kvm_host.h:534
+     [<     inline     >] kvm_memslots include/linux/kvm_host.h:541
+     [<ffffffff8105d6ae>] kvm_gfn_to_hva_cache_init+0xa1e/0xce0 virt/kvm/kvm_main.c:1941
+     [<ffffffff8112685d>] kvm_lapic_set_vapic_addr+0xed/0x140 arch/x86/kvm/lapic.c:2217
+
+Reported-by: Dmitry Vyukov <dvyukov@google.com>
+Fixes: fda4e2e85589191b123d31cdc21fd33ee70f50fd
+Cc: Andrew Honig <ahonig@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Reviewed-by: David Hildenbrand <david@redhat.com>
+Signed-off-by: Radim KrÄmÃ¡Å <rkrcmar@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/x86.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -3317,6 +3317,7 @@ long kvm_arch_vcpu_ioctl(struct file *fi
+ 	};
+ 	case KVM_SET_VAPIC_ADDR: {
+ 		struct kvm_vapic_addr va;
++		int idx;
+ 
+ 		r = -EINVAL;
+ 		if (!lapic_in_kernel(vcpu))
+@@ -3324,7 +3325,9 @@ long kvm_arch_vcpu_ioctl(struct file *fi
+ 		r = -EFAULT;
+ 		if (copy_from_user(&va, argp, sizeof va))
+ 			goto out;
++		idx = srcu_read_lock(&vcpu->kvm->srcu);
+ 		r = kvm_lapic_set_vapic_addr(vcpu, va.vapic_addr);
++		srcu_read_unlock(&vcpu->kvm->srcu, idx);
+ 		break;
+ 	}
+ 	case KVM_X86_SETUP_MCE: {
diff --git a/queue-4.4/series b/queue-4.4/series
new file mode 100644
index 00000000000..5eacced8604
--- /dev/null
+++ b/queue-4.4/series
@@ -0,0 +1,3 @@
+x86-cpu-amd-fix-cpu_llc_id-for-amd-fam17h-systems.patch
+kvm-x86-fix-missed-srcu-usage-in-kvm_lapic_set_vapic_addr.patch
+kvm-disable-irq-while-unregistering-user-notifier.patch
diff --git a/queue-4.4/x86-cpu-amd-fix-cpu_llc_id-for-amd-fam17h-systems.patch b/queue-4.4/x86-cpu-amd-fix-cpu_llc_id-for-amd-fam17h-systems.patch
new file mode 100644
index 00000000000..0e6eaa98961
--- /dev/null
+++ b/queue-4.4/x86-cpu-amd-fix-cpu_llc_id-for-amd-fam17h-systems.patch
@@ -0,0 +1,68 @@
+From b0b6e86846093c5f8820386bc01515f857dd8faa Mon Sep 17 00:00:00 2001
+From: Yazen Ghannam <Yazen.Ghannam@amd.com>
+Date: Tue, 8 Nov 2016 09:35:06 +0100
+Subject: x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems
+
+From: Yazen Ghannam <Yazen.Ghannam@amd.com>
+
+commit b0b6e86846093c5f8820386bc01515f857dd8faa upstream.
+
+cpu_llc_id (Last Level Cache ID) derivation on AMD Fam17h has an
+underflow bug when extracting the socket_id value. It starts from 0
+so subtracting 1 from it will result in an invalid value. This breaks
+scheduling topology later on since the cpu_llc_id will be incorrect.
+
+For example, the the cpu_llc_id of the *other* CPU in the loops in
+set_cpu_sibling_map() underflows and we're generating the funniest
+thread_siblings masks and then when I run 8 threads of nbench, they get
+spread around the LLC domains in a very strange pattern which doesn't
+give you the normal scheduling spread one would expect for performance.
+
+Other things like EDAC use cpu_llc_id so they will be b0rked too.
+
+So, the APIC ID is preset in APICx020 for bits 3 and above: they contain
+the core complex, node and socket IDs.
+
+The LLC is at the core complex level so we can find a unique cpu_llc_id
+by right shifting the APICID by 3 because then the least significant bit
+will be the Core Complex ID.
+
+Tested-by: Borislav Petkov <bp@suse.de>
+Signed-off-by: Yazen Ghannam <Yazen.Ghannam@amd.com>
+[ Cleaned up and extended the commit message. ]
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Acked-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Aravind Gopalakrishnan <aravindksg.lkml@gmail.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Fixes: 3849e91f571d ("x86/AMD: Fix last level cache topology for AMD Fam17h systems")
+Link: http://lkml.kernel.org/r/20161108083506.rvqb5h4chrcptj7d@pd.tnic
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/amd.c |    6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+--- a/arch/x86/kernel/cpu/amd.c
++++ b/arch/x86/kernel/cpu/amd.c
+@@ -352,7 +352,6 @@ static void amd_detect_cmp(struct cpuinf
+ #ifdef CONFIG_SMP
+ 	unsigned bits;
+ 	int cpu = smp_processor_id();
+-	unsigned int socket_id, core_complex_id;
+ 
+ 	bits = c->x86_coreid_bits;
+ 	/* Low order bits define the core id (index of core in socket) */
+@@ -370,10 +369,7 @@ static void amd_detect_cmp(struct cpuinf
+ 	 if (c->x86 != 0x17 || !cpuid_edx(0x80000006))
+ 		return;
+ 
+-	socket_id	= (c->apicid >> bits) - 1;
+-	core_complex_id	= (c->apicid & ((1 << bits) - 1)) >> 3;
+-
+-	per_cpu(cpu_llc_id, cpu) = (socket_id << 3) | core_complex_id;
++	per_cpu(cpu_llc_id, cpu) = c->apicid >> 3;
+ #endif
+ }
+ 
diff --git a/queue-4.8/series b/queue-4.8/series
new file mode 100644
index 00000000000..b852d265965
--- /dev/null
+++ b/queue-4.8/series
@@ -0,0 +1,6 @@
+x86-cpu-deal-with-broken-firmware-vmware-xen.patch
+x86-cpu-amd-fix-cpu_llc_id-for-amd-fam17h-systems.patch
+kvm-x86-fix-missed-srcu-usage-in-kvm_lapic_set_vapic_addr.patch
+kvm-disable-irq-while-unregistering-user-notifier.patch
+arm64-kvm-pmu-fix-aarch32-cycle-counter-access.patch
+kvm-arm64-fix-the-issues-when-guest-pmccfiltr-is-configured.patch