From: Greg Kroah-Hartman Date: Mon, 1 Apr 2019 12:04:08 +0000 (+0200) Subject: 4.9-stable patches X-Git-Tag: v3.18.138~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6846bbf291bf8fb6b4c4df29ad77829ffafa125d;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: kvm-x86-emulate-msr_ia32_arch_capabilities-on-amd-hosts.patch revert-usb-core-only-clean-up-what-we-allocated.patch usb-gadget-f_hid-fix-deadlock-in-f_hidg_write.patch xhci-fix-port-resume-done-detection-for-ss-ports-with-lpm-enabled.patch --- diff --git a/queue-4.9/kvm-x86-emulate-msr_ia32_arch_capabilities-on-amd-hosts.patch b/queue-4.9/kvm-x86-emulate-msr_ia32_arch_capabilities-on-amd-hosts.patch new file mode 100644 index 00000000000..3b014a6228f --- /dev/null +++ b/queue-4.9/kvm-x86-emulate-msr_ia32_arch_capabilities-on-amd-hosts.patch @@ -0,0 +1,122 @@ +From 0cf9135b773bf32fba9dd8e6699c1b331ee4b749 Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Thu, 7 Mar 2019 15:43:02 -0800 +Subject: KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts + +From: Sean Christopherson + +commit 0cf9135b773bf32fba9dd8e6699c1b331ee4b749 upstream. + +The CPUID flag ARCH_CAPABILITIES is unconditioinally exposed to host +userspace for all x86 hosts, i.e. KVM advertises ARCH_CAPABILITIES +regardless of hardware support under the pretense that KVM fully +emulates MSR_IA32_ARCH_CAPABILITIES. Unfortunately, only VMX hosts +handle accesses to MSR_IA32_ARCH_CAPABILITIES (despite KVM_GET_MSRS +also reporting MSR_IA32_ARCH_CAPABILITIES for all hosts). + +Move the MSR_IA32_ARCH_CAPABILITIES handling to common x86 code so +that it's emulated on AMD hosts. + +Fixes: 1eaafe91a0df4 ("kvm: x86: IA32_ARCH_CAPABILITIES is always supported") +Cc: stable@vger.kernel.org +Reported-by: Xiaoyao Li +Cc: Jim Mattson +Signed-off-by: Sean Christopherson +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/include/asm/kvm_host.h | 1 + + arch/x86/kvm/vmx.c | 14 -------------- + arch/x86/kvm/x86.c | 12 ++++++++++++ + 3 files changed, 13 insertions(+), 14 deletions(-) + +--- a/arch/x86/include/asm/kvm_host.h ++++ b/arch/x86/include/asm/kvm_host.h +@@ -487,6 +487,7 @@ struct kvm_vcpu_arch { + bool tpr_access_reporting; + u64 ia32_xss; + u64 microcode_version; ++ u64 arch_capabilities; + + /* + * Paging state of the vcpu +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -714,7 +714,6 @@ struct vcpu_vmx { + u64 msr_guest_kernel_gs_base; + #endif + +- u64 arch_capabilities; + u64 spec_ctrl; + + u32 vm_entry_controls_shadow; +@@ -3209,12 +3208,6 @@ static int vmx_get_msr(struct kvm_vcpu * + + msr_info->data = to_vmx(vcpu)->spec_ctrl; + break; +- case MSR_IA32_ARCH_CAPABILITIES: +- if (!msr_info->host_initiated && +- !guest_cpuid_has_arch_capabilities(vcpu)) +- return 1; +- msr_info->data = to_vmx(vcpu)->arch_capabilities; +- break; + case MSR_IA32_SYSENTER_CS: + msr_info->data = vmcs_read32(GUEST_SYSENTER_CS); + break; +@@ -3376,11 +3369,6 @@ static int vmx_set_msr(struct kvm_vcpu * + vmx_disable_intercept_for_msr(vmx->vmcs01.msr_bitmap, MSR_IA32_PRED_CMD, + MSR_TYPE_W); + break; +- case MSR_IA32_ARCH_CAPABILITIES: +- if (!msr_info->host_initiated) +- return 1; +- vmx->arch_capabilities = data; +- break; + case MSR_IA32_CR_PAT: + if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT) { + if (!kvm_mtrr_valid(vcpu, MSR_IA32_CR_PAT, data)) +@@ -5468,8 +5456,6 @@ static int vmx_vcpu_setup(struct vcpu_vm + ++vmx->nmsrs; + } + +- vmx->arch_capabilities = kvm_get_arch_capabilities(); +- + vm_exit_controls_init(vmx, vmcs_config.vmexit_ctrl); + + /* 22.2.1, 20.8.1 */ +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -2197,6 +2197,11 @@ int kvm_set_msr_common(struct kvm_vcpu * + if (msr_info->host_initiated) + vcpu->arch.microcode_version = data; + break; ++ case MSR_IA32_ARCH_CAPABILITIES: ++ if (!msr_info->host_initiated) ++ return 1; ++ vcpu->arch.arch_capabilities = data; ++ break; + case MSR_EFER: + return set_efer(vcpu, data); + case MSR_K7_HWCR: +@@ -2473,6 +2478,12 @@ int kvm_get_msr_common(struct kvm_vcpu * + case MSR_IA32_UCODE_REV: + msr_info->data = vcpu->arch.microcode_version; + break; ++ case MSR_IA32_ARCH_CAPABILITIES: ++ if (!msr_info->host_initiated && ++ !guest_cpuid_has_arch_capabilities(vcpu)) ++ return 1; ++ msr_info->data = vcpu->arch.arch_capabilities; ++ break; + case MSR_MTRRcap: + case 0x200 ... 0x2ff: + return kvm_mtrr_get_msr(vcpu, msr_info->index, &msr_info->data); +@@ -7672,6 +7683,7 @@ int kvm_arch_vcpu_setup(struct kvm_vcpu + { + int r; + ++ vcpu->arch.arch_capabilities = kvm_get_arch_capabilities(); + kvm_vcpu_mtrr_init(vcpu); + r = vcpu_load(vcpu); + if (r) diff --git a/queue-4.9/revert-usb-core-only-clean-up-what-we-allocated.patch b/queue-4.9/revert-usb-core-only-clean-up-what-we-allocated.patch new file mode 100644 index 00000000000..5bb16b8f194 --- /dev/null +++ b/queue-4.9/revert-usb-core-only-clean-up-what-we-allocated.patch @@ -0,0 +1,50 @@ +From cf4df407e0d7cde60a45369c2a3414d18e2d4fdd Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman +Date: Wed, 13 Dec 2017 11:59:39 +0100 +Subject: Revert "USB: core: only clean up what we allocated" + +From: Greg Kroah-Hartman + +commit cf4df407e0d7cde60a45369c2a3414d18e2d4fdd upstream. + +This reverts commit 32fd87b3bbf5f7a045546401dfe2894dbbf4d8c3. + +Alan wrote a better fix for this... + +Cc: Andrey Konovalov +Cc: stable +Cc: Nathan Chancellor +Cc: Arnd Bergmann +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/core/config.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +--- a/drivers/usb/core/config.c ++++ b/drivers/usb/core/config.c +@@ -763,21 +763,18 @@ void usb_destroy_configuration(struct us + return; + + if (dev->rawdescriptors) { +- for (i = 0; i < dev->descriptor.bNumConfigurations && +- i < USB_MAXCONFIG; i++) ++ for (i = 0; i < dev->descriptor.bNumConfigurations; i++) + kfree(dev->rawdescriptors[i]); + + kfree(dev->rawdescriptors); + dev->rawdescriptors = NULL; + } + +- for (c = 0; c < dev->descriptor.bNumConfigurations && +- c < USB_MAXCONFIG; c++) { ++ for (c = 0; c < dev->descriptor.bNumConfigurations; c++) { + struct usb_host_config *cf = &dev->config[c]; + + kfree(cf->string); +- for (i = 0; i < cf->desc.bNumInterfaces && +- i < USB_MAXINTERFACES; i++) { ++ for (i = 0; i < cf->desc.bNumInterfaces; i++) { + if (cf->intf_cache[i]) + kref_put(&cf->intf_cache[i]->ref, + usb_release_interface_cache); diff --git a/queue-4.9/series b/queue-4.9/series index f479ce277d0..122b700e8dd 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -49,3 +49,7 @@ perf-intel-pt-fix-tsc-slip.patch cpu-hotplug-prevent-crash-when-cpu-bringup-fails-on-config_hotplug_cpu-n.patch x86-smp-enforce-config_hotplug_cpu-when-smp-y.patch kvm-reject-device-ioctls-from-processes-other-than-the-vm-s-creator.patch +kvm-x86-emulate-msr_ia32_arch_capabilities-on-amd-hosts.patch +usb-gadget-f_hid-fix-deadlock-in-f_hidg_write.patch +xhci-fix-port-resume-done-detection-for-ss-ports-with-lpm-enabled.patch +revert-usb-core-only-clean-up-what-we-allocated.patch diff --git a/queue-4.9/usb-gadget-f_hid-fix-deadlock-in-f_hidg_write.patch b/queue-4.9/usb-gadget-f_hid-fix-deadlock-in-f_hidg_write.patch new file mode 100644 index 00000000000..92af091b8b5 --- /dev/null +++ b/queue-4.9/usb-gadget-f_hid-fix-deadlock-in-f_hidg_write.patch @@ -0,0 +1,64 @@ +From 072684e8c58d17e853f8e8b9f6d9ce2e58d2b036 Mon Sep 17 00:00:00 2001 +From: Radoslav Gerganov +Date: Tue, 5 Mar 2019 10:10:34 +0000 +Subject: USB: gadget: f_hid: fix deadlock in f_hidg_write() + +From: Radoslav Gerganov + +commit 072684e8c58d17e853f8e8b9f6d9ce2e58d2b036 upstream. + +In f_hidg_write() the write_spinlock is acquired before calling +usb_ep_queue() which causes a deadlock when dummy_hcd is being used. +This is because dummy_queue() callbacks into f_hidg_req_complete() which +tries to acquire the same spinlock. This is (part of) the backtrace when +the deadlock occurs: + + 0xffffffffc06b1410 in f_hidg_req_complete + 0xffffffffc06a590a in usb_gadget_giveback_request + 0xffffffffc06cfff2 in dummy_queue + 0xffffffffc06a4b96 in usb_ep_queue + 0xffffffffc06b1eb6 in f_hidg_write + 0xffffffff8127730b in __vfs_write + 0xffffffff812774d1 in vfs_write + 0xffffffff81277725 in SYSC_write + +Fix this by releasing the write_spinlock before calling usb_ep_queue() + +Reviewed-by: James Bottomley +Tested-by: James Bottomley +Cc: stable@vger.kernel.org # 4.11+ +Fixes: 749494b6bdbb ("usb: gadget: f_hid: fix: Move IN request allocation to set_alt()") +Signed-off-by: Radoslav Gerganov +Signed-off-by: Felipe Balbi +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/gadget/function/f_hid.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/usb/gadget/function/f_hid.c ++++ b/drivers/usb/gadget/function/f_hid.c +@@ -340,20 +340,20 @@ try_again: + req->complete = f_hidg_req_complete; + req->context = hidg; + ++ spin_unlock_irqrestore(&hidg->write_spinlock, flags); ++ + status = usb_ep_queue(hidg->in_ep, hidg->req, GFP_ATOMIC); + if (status < 0) { + ERROR(hidg->func.config->cdev, + "usb_ep_queue error on int endpoint %zd\n", status); +- goto release_write_pending_unlocked; ++ goto release_write_pending; + } else { + status = count; + } +- spin_unlock_irqrestore(&hidg->write_spinlock, flags); + + return status; + release_write_pending: + spin_lock_irqsave(&hidg->write_spinlock, flags); +-release_write_pending_unlocked: + hidg->write_pending = 0; + spin_unlock_irqrestore(&hidg->write_spinlock, flags); + diff --git a/queue-4.9/xhci-fix-port-resume-done-detection-for-ss-ports-with-lpm-enabled.patch b/queue-4.9/xhci-fix-port-resume-done-detection-for-ss-ports-with-lpm-enabled.patch new file mode 100644 index 00000000000..93d00b5ac84 --- /dev/null +++ b/queue-4.9/xhci-fix-port-resume-done-detection-for-ss-ports-with-lpm-enabled.patch @@ -0,0 +1,58 @@ +From 6cbcf596934c8e16d6288c7cc62dfb7ad8eadf15 Mon Sep 17 00:00:00 2001 +From: Mathias Nyman +Date: Fri, 22 Mar 2019 17:50:15 +0200 +Subject: xhci: Fix port resume done detection for SS ports with LPM enabled + +From: Mathias Nyman + +commit 6cbcf596934c8e16d6288c7cc62dfb7ad8eadf15 upstream. + +A suspended SS port in U3 link state will go to U0 when resumed, but +can almost immediately after that enter U1 or U2 link power save +states before host controller driver reads the port status. + +Host controller driver only checks for U0 state, and might miss +the finished resume, leaving flags unclear and skip notifying usb +code of the wake. + +Add U1 and U2 to the possible link states when checking for finished +port resume. + +Cc: stable +Signed-off-by: Mathias Nyman +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/host/xhci-ring.c | 9 ++++++--- + drivers/usb/host/xhci.h | 1 + + 2 files changed, 7 insertions(+), 3 deletions(-) + +--- a/drivers/usb/host/xhci-ring.c ++++ b/drivers/usb/host/xhci-ring.c +@@ -1645,10 +1645,13 @@ static void handle_port_status(struct xh + } + } + +- if ((temp & PORT_PLC) && (temp & PORT_PLS_MASK) == XDEV_U0 && +- DEV_SUPERSPEED_ANY(temp)) { ++ if ((temp & PORT_PLC) && ++ DEV_SUPERSPEED_ANY(temp) && ++ ((temp & PORT_PLS_MASK) == XDEV_U0 || ++ (temp & PORT_PLS_MASK) == XDEV_U1 || ++ (temp & PORT_PLS_MASK) == XDEV_U2)) { + xhci_dbg(xhci, "resume SS port %d finished\n", port_id); +- /* We've just brought the device into U0 through either the ++ /* We've just brought the device into U0/1/2 through either the + * Resume state after a device remote wakeup, or through the + * U3Exit state after a host-initiated resume. If it's a device + * initiated remote wake, don't pass up the link state change, +--- a/drivers/usb/host/xhci.h ++++ b/drivers/usb/host/xhci.h +@@ -311,6 +311,7 @@ struct xhci_op_regs { + */ + #define PORT_PLS_MASK (0xf << 5) + #define XDEV_U0 (0x0 << 5) ++#define XDEV_U1 (0x1 << 5) + #define XDEV_U2 (0x2 << 5) + #define XDEV_U3 (0x3 << 5) + #define XDEV_INACTIVE (0x6 << 5)