From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 4 Mar 2015 04:45:37 +0000 (-0800)
Subject: 3.19-stable patches
X-Git-Tag: v3.10.71~18
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6ac9ab3ddb4b97128d2243f1ff48210d85d85e2b;p=thirdparty%2Fkernel%2Fstable-queue.git

3.19-stable patches

added patches:
	arm64-compat-fix-siginfo_t-compat_siginfo_t-conversion-on-big-endian.patch
	hx4700-regulator-declare-full-constraints.patch
	kvm-s390-avoid-memory-leaks-if-__inject_vm-fails.patch
	kvm-s390-base-hrtimer-on-a-monotonic-clock.patch
	kvm-s390-floating-irqs-fix-user-triggerable-endless-loop.patch
	kvm-s390-forward-hrtimer-if-guest-ckc-not-pending-yet.patch
---

diff --git a/queue-3.19/arm64-compat-fix-siginfo_t-compat_siginfo_t-conversion-on-big-endian.patch b/queue-3.19/arm64-compat-fix-siginfo_t-compat_siginfo_t-conversion-on-big-endian.patch
new file mode 100644
index 00000000000..c3c5cc65957
--- /dev/null
+++ b/queue-3.19/arm64-compat-fix-siginfo_t-compat_siginfo_t-conversion-on-big-endian.patch
@@ -0,0 +1,51 @@
+From 9d42d48a342aee208c1154696196497fdc556bbf Mon Sep 17 00:00:00 2001
+From: Catalin Marinas <catalin.marinas@arm.com>
+Date: Mon, 23 Feb 2015 15:13:40 +0000
+Subject: arm64: compat Fix siginfo_t -> compat_siginfo_t conversion on big endian
+
+From: Catalin Marinas <catalin.marinas@arm.com>
+
+commit 9d42d48a342aee208c1154696196497fdc556bbf upstream.
+
+The native (64-bit) sigval_t union contains sival_int (32-bit) and
+sival_ptr (64-bit). When a compat application invokes a syscall that
+takes a sigval_t value (as part of a larger structure, e.g.
+compat_sys_mq_notify, compat_sys_timer_create), the compat_sigval_t
+union is converted to the native sigval_t with sival_int overlapping
+with either the least or the most significant half of sival_ptr,
+depending on endianness. When the corresponding signal is delivered to a
+compat application, on big endian the current (compat_uptr_t)sival_ptr
+cast always returns 0 since sival_int corresponds to the top part of
+sival_ptr. This patch fixes copy_siginfo_to_user32() so that sival_int
+is copied to the compat_siginfo_t structure.
+
+Reported-by: Bamvor Jian Zhang <bamvor.zhangjian@huawei.com>
+Tested-by: Bamvor Jian Zhang <bamvor.zhangjian@huawei.com>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/kernel/signal32.c |    5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/arch/arm64/kernel/signal32.c
++++ b/arch/arm64/kernel/signal32.c
+@@ -154,8 +154,7 @@ int copy_siginfo_to_user32(compat_siginf
+ 	case __SI_TIMER:
+ 		 err |= __put_user(from->si_tid, &to->si_tid);
+ 		 err |= __put_user(from->si_overrun, &to->si_overrun);
+-		 err |= __put_user((compat_uptr_t)(unsigned long)from->si_ptr,
+-				   &to->si_ptr);
++		 err |= __put_user(from->si_int, &to->si_int);
+ 		break;
+ 	case __SI_POLL:
+ 		err |= __put_user(from->si_band, &to->si_band);
+@@ -184,7 +183,7 @@ int copy_siginfo_to_user32(compat_siginf
+ 	case __SI_MESGQ: /* But this is */
+ 		err |= __put_user(from->si_pid, &to->si_pid);
+ 		err |= __put_user(from->si_uid, &to->si_uid);
+-		err |= __put_user((compat_uptr_t)(unsigned long)from->si_ptr, &to->si_ptr);
++		err |= __put_user(from->si_int, &to->si_int);
+ 		break;
+ 	case __SI_SYS:
+ 		err |= __put_user((compat_uptr_t)(unsigned long)
diff --git a/queue-3.19/hx4700-regulator-declare-full-constraints.patch b/queue-3.19/hx4700-regulator-declare-full-constraints.patch
new file mode 100644
index 00000000000..80e92a36d95
--- /dev/null
+++ b/queue-3.19/hx4700-regulator-declare-full-constraints.patch
@@ -0,0 +1,32 @@
+From a52d209336f8fc7483a8c7f4a8a7d2a8e1692a6c Mon Sep 17 00:00:00 2001
+From: Martin Vajnar <martin.vajnar@gmail.com>
+Date: Wed, 24 Dec 2014 00:27:57 +0100
+Subject: hx4700: regulator: declare full constraints
+
+From: Martin Vajnar <martin.vajnar@gmail.com>
+
+commit a52d209336f8fc7483a8c7f4a8a7d2a8e1692a6c upstream.
+
+Since the removal of CONFIG_REGULATOR_DUMMY option, the touchscreen stopped
+working. This patch enables the "replacement" for REGULATOR_DUMMY and
+allows the touchscreen to work even though there is no regulator for "vcc".
+
+Signed-off-by: Martin Vajnar <martin.vajnar@gmail.com>
+Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/mach-pxa/hx4700.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/arm/mach-pxa/hx4700.c
++++ b/arch/arm/mach-pxa/hx4700.c
+@@ -893,6 +893,8 @@ static void __init hx4700_init(void)
+ 	mdelay(10);
+ 	gpio_set_value(GPIO71_HX4700_ASIC3_nRESET, 1);
+ 	mdelay(10);
++
++	regulator_has_full_constraints();
+ }
+ 
+ MACHINE_START(H4700, "HP iPAQ HX4700")
diff --git a/queue-3.19/kvm-s390-avoid-memory-leaks-if-__inject_vm-fails.patch b/queue-3.19/kvm-s390-avoid-memory-leaks-if-__inject_vm-fails.patch
new file mode 100644
index 00000000000..1f8cd830417
--- /dev/null
+++ b/queue-3.19/kvm-s390-avoid-memory-leaks-if-__inject_vm-fails.patch
@@ -0,0 +1,46 @@
+From 428d53be5e7468769d4e7899cca06ed5f783a6e1 Mon Sep 17 00:00:00 2001
+From: David Hildenbrand <dahi@linux.vnet.ibm.com>
+Date: Fri, 16 Jan 2015 12:58:09 +0100
+Subject: KVM: s390: avoid memory leaks if __inject_vm() fails
+
+From: David Hildenbrand <dahi@linux.vnet.ibm.com>
+
+commit 428d53be5e7468769d4e7899cca06ed5f783a6e1 upstream.
+
+We have to delete the allocated interrupt info if __inject_vm() fails.
+
+Otherwise user space can keep flooding kvm with floating interrupts and
+provoke more and more memory leaks.
+
+Reported-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
+Reviewed-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
+Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/kvm/interrupt.c |    6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/arch/s390/kvm/interrupt.c
++++ b/arch/s390/kvm/interrupt.c
+@@ -1233,6 +1233,7 @@ int kvm_s390_inject_vm(struct kvm *kvm,
+ 		       struct kvm_s390_interrupt *s390int)
+ {
+ 	struct kvm_s390_interrupt_info *inti;
++	int rc;
+ 
+ 	inti = kzalloc(sizeof(*inti), GFP_KERNEL);
+ 	if (!inti)
+@@ -1280,7 +1281,10 @@ int kvm_s390_inject_vm(struct kvm *kvm,
+ 	trace_kvm_s390_inject_vm(s390int->type, s390int->parm, s390int->parm64,
+ 				 2);
+ 
+-	return __inject_vm(kvm, inti);
++	rc = __inject_vm(kvm, inti);
++	if (rc)
++		kfree(inti);
++	return rc;
+ }
+ 
+ void kvm_s390_reinject_io_int(struct kvm *kvm,
diff --git a/queue-3.19/kvm-s390-base-hrtimer-on-a-monotonic-clock.patch b/queue-3.19/kvm-s390-base-hrtimer-on-a-monotonic-clock.patch
new file mode 100644
index 00000000000..b58621b2768
--- /dev/null
+++ b/queue-3.19/kvm-s390-base-hrtimer-on-a-monotonic-clock.patch
@@ -0,0 +1,34 @@
+From 0ac96caf0f9381088c673a16d910b1d329670edf Mon Sep 17 00:00:00 2001
+From: David Hildenbrand <dahi@linux.vnet.ibm.com>
+Date: Fri, 12 Dec 2014 15:17:31 +0100
+Subject: KVM: s390: base hrtimer on a monotonic clock
+
+From: David Hildenbrand <dahi@linux.vnet.ibm.com>
+
+commit 0ac96caf0f9381088c673a16d910b1d329670edf upstream.
+
+The hrtimer that handles the wait with enabled timer interrupts
+should not be disturbed by changes of the host time.
+
+This patch changes our hrtimer to be based on a monotonic clock.
+
+Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
+Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/kvm/kvm-s390.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/s390/kvm/kvm-s390.c
++++ b/arch/s390/kvm/kvm-s390.c
+@@ -670,7 +670,7 @@ int kvm_arch_vcpu_setup(struct kvm_vcpu
+ 		if (rc)
+ 			return rc;
+ 	}
+-	hrtimer_init(&vcpu->arch.ckc_timer, CLOCK_REALTIME, HRTIMER_MODE_ABS);
++	hrtimer_init(&vcpu->arch.ckc_timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL);
+ 	vcpu->arch.ckc_timer.function = kvm_s390_idle_wakeup;
+ 	get_cpu_id(&vcpu->arch.cpu_id);
+ 	vcpu->arch.cpu_id.version = 0xff;
diff --git a/queue-3.19/kvm-s390-floating-irqs-fix-user-triggerable-endless-loop.patch b/queue-3.19/kvm-s390-floating-irqs-fix-user-triggerable-endless-loop.patch
new file mode 100644
index 00000000000..79deca66c2d
--- /dev/null
+++ b/queue-3.19/kvm-s390-floating-irqs-fix-user-triggerable-endless-loop.patch
@@ -0,0 +1,36 @@
+From 8e2207cdd087ebb031e9118d1fd0902c6533a5e5 Mon Sep 17 00:00:00 2001
+From: David Hildenbrand <dahi@linux.vnet.ibm.com>
+Date: Thu, 15 Jan 2015 17:56:18 +0100
+Subject: KVM: s390: floating irqs: fix user triggerable endless loop
+
+From: David Hildenbrand <dahi@linux.vnet.ibm.com>
+
+commit 8e2207cdd087ebb031e9118d1fd0902c6533a5e5 upstream.
+
+If a vm with no VCPUs is created, the injection of a floating irq
+leads to an endless loop in the kernel.
+
+Let's skip the search for a destination VCPU for a floating irq if no
+VCPUs were created.
+
+Reviewed-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
+Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
+Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/kvm/interrupt.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/s390/kvm/interrupt.c
++++ b/arch/s390/kvm/interrupt.c
+@@ -1197,6 +1197,8 @@ static int __inject_vm(struct kvm *kvm,
+ 		list_add_tail(&inti->list, &iter->list);
+ 	}
+ 	atomic_set(&fi->active, 1);
++	if (atomic_read(&kvm->online_vcpus) == 0)
++		goto unlock_fi;
+ 	sigcpu = find_first_bit(fi->idle_mask, KVM_MAX_VCPUS);
+ 	if (sigcpu == KVM_MAX_VCPUS) {
+ 		do {
diff --git a/queue-3.19/kvm-s390-forward-hrtimer-if-guest-ckc-not-pending-yet.patch b/queue-3.19/kvm-s390-forward-hrtimer-if-guest-ckc-not-pending-yet.patch
new file mode 100644
index 00000000000..9220c49a938
--- /dev/null
+++ b/queue-3.19/kvm-s390-forward-hrtimer-if-guest-ckc-not-pending-yet.patch
@@ -0,0 +1,78 @@
+From 2d00f759427bb3ed963b60f570830e9eca7e1c69 Mon Sep 17 00:00:00 2001
+From: David Hildenbrand <dahi@linux.vnet.ibm.com>
+Date: Thu, 11 Dec 2014 10:18:01 +0100
+Subject: KVM: s390: forward hrtimer if guest ckc not pending yet
+
+From: David Hildenbrand <dahi@linux.vnet.ibm.com>
+
+commit 2d00f759427bb3ed963b60f570830e9eca7e1c69 upstream.
+
+Patch 0759d0681cae ("KVM: s390: cleanup handle_wait by reusing
+kvm_vcpu_block") changed the way pending guest clock comparator
+interrupts are detected. It was assumed that as soon as the hrtimer
+wakes up, the condition for the guest ckc is satisfied.
+
+This is however only true as long as adjclock() doesn't speed
+up the monotonic clock. Reason is that the hrtimer is based on
+CLOCK_MONOTONIC, the guest clock comparator detection is based
+on the raw TOD clock. If CLOCK_MONOTONIC runs faster than the
+TOD clock, the hrtimer wakes the target VCPU up too early and
+the target VCPU will not detect any pending interrupts, therefore
+going back to sleep. It will never be woken up again because the
+hrtimer has finished. The VCPU is stuck.
+
+As a quick fix, we have to forward the hrtimer until the guest
+clock comparator is really due, to guarantee properly timed wake
+ups.
+
+As the hrtimer callback might be triggered on another cpu, we
+have to make sure that the timer is really stopped and not currently
+executing the callback on another cpu. This can happen if the vcpu
+thread is scheduled onto another physical cpu, but the timer base
+is not migrated. So lets use hrtimer_cancel instead of try_to_cancel.
+
+A proper fix might be to introduce a RAW based hrtimer.
+
+Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
+Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/kvm/interrupt.c |   14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+--- a/arch/s390/kvm/interrupt.c
++++ b/arch/s390/kvm/interrupt.c
+@@ -820,7 +820,7 @@ no_timer:
+ 	__unset_cpu_idle(vcpu);
+ 	vcpu->srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
+ 
+-	hrtimer_try_to_cancel(&vcpu->arch.ckc_timer);
++	hrtimer_cancel(&vcpu->arch.ckc_timer);
+ 	return 0;
+ }
+ 
+@@ -840,10 +840,20 @@ void kvm_s390_vcpu_wakeup(struct kvm_vcp
+ enum hrtimer_restart kvm_s390_idle_wakeup(struct hrtimer *timer)
+ {
+ 	struct kvm_vcpu *vcpu;
++	u64 now, sltime;
+ 
+ 	vcpu = container_of(timer, struct kvm_vcpu, arch.ckc_timer);
+-	kvm_s390_vcpu_wakeup(vcpu);
++	now = get_tod_clock_fast() + vcpu->arch.sie_block->epoch;
++	sltime = tod_to_ns(vcpu->arch.sie_block->ckc - now);
+ 
++	/*
++	 * If the monotonic clock runs faster than the tod clock we might be
++	 * woken up too early and have to go back to sleep to avoid deadlocks.
++	 */
++	if (vcpu->arch.sie_block->ckc > now &&
++	    hrtimer_forward_now(timer, ns_to_ktime(sltime)))
++		return HRTIMER_RESTART;
++	kvm_s390_vcpu_wakeup(vcpu);
+ 	return HRTIMER_NORESTART;
+ }
+ 
diff --git a/queue-3.19/series b/queue-3.19/series
index 01313994bd9..525fbe56e9b 100644
--- a/queue-3.19/series
+++ b/queue-3.19/series
@@ -141,3 +141,9 @@ arc-fix-page-address-calculation-if-page_offset-linux_link_base.patch
 mips-htw-prevent-accidental-htw-start-due-to-nested-htw_-start-stop.patch
 udf-remove-repeated-loads-blocksize.patch
 udf-check-length-of-extended-attributes-and-allocation-descriptors.patch
+kvm-s390-forward-hrtimer-if-guest-ckc-not-pending-yet.patch
+kvm-s390-base-hrtimer-on-a-monotonic-clock.patch
+kvm-s390-floating-irqs-fix-user-triggerable-endless-loop.patch
+kvm-s390-avoid-memory-leaks-if-__inject_vm-fails.patch
+hx4700-regulator-declare-full-constraints.patch
+arm64-compat-fix-siginfo_t-compat_siginfo_t-conversion-on-big-endian.patch