From: Greg Kroah-Hartman Date: Fri, 28 Feb 2020 11:51:39 +0000 (+0100) Subject: drop some powerpc patches from 4.9 queue as well X-Git-Tag: v4.4.215~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6b47e2b85575a6f4c0b71b39799bf17a3b01acf2;p=thirdparty%2Fkernel%2Fstable-queue.git drop some powerpc patches from 4.9 queue as well --- diff --git a/queue-4.9/powerpc-tm-fix-clearing-msr-ts-in-current-when-recla.patch b/queue-4.9/powerpc-tm-fix-clearing-msr-ts-in-current-when-recla.patch deleted file mode 100644 index afaf08605fb..00000000000 --- a/queue-4.9/powerpc-tm-fix-clearing-msr-ts-in-current-when-recla.patch +++ /dev/null @@ -1,291 +0,0 @@ -From d3744c10957f86723df8df8a5058867d550f2f06 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Tue, 11 Feb 2020 00:38:29 -0300 -Subject: powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal - delivery - -From: Gustavo Luiz Duarte - -[ Upstream commit 2464cc4c345699adea52c7aef75707207cb8a2f6 ] - -After a treclaim, we expect to be in non-transactional state. If we -don't clear the current thread's MSR[TS] before we get preempted, then -tm_recheckpoint_new_task() will recheckpoint and we get rescheduled in -suspended transaction state. - -When handling a signal caught in transactional state, -handle_rt_signal64() calls get_tm_stackpointer() that treclaims the -transaction using tm_reclaim_current() but without clearing the -thread's MSR[TS]. This can cause the TM Bad Thing exception below if -later we pagefault and get preempted trying to access the user's -sigframe, using __put_user(). Afterwards, when we are rescheduled back -into do_page_fault() (but now in suspended state since the thread's -MSR[TS] was not cleared), upon executing 'rfid' after completion of -the page fault handling, the exception is raised because a transition -from suspended to non-transactional state is invalid. - - Unexpected TM Bad Thing exception at c00000000000de44 (msr 0x8000000302a03031) tm_scratch=800000010280b033 - Oops: Unrecoverable exception, sig: 6 [#1] - LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries - CPU: 25 PID: 15547 Comm: a.out Not tainted 5.4.0-rc2 #32 - NIP: c00000000000de44 LR: c000000000034728 CTR: 0000000000000000 - REGS: c00000003fe7bd70 TRAP: 0700 Not tainted (5.4.0-rc2) - MSR: 8000000302a03031 CR: 44000884 XER: 00000000 - CFAR: c00000000000dda4 IRQMASK: 0 - PACATMSCRATCH: 800000010280b033 - GPR00: c000000000034728 c000000f65a17c80 c000000001662800 00007fffacf3fd78 - GPR04: 0000000000001000 0000000000001000 0000000000000000 c000000f611f8af0 - GPR08: 0000000000000000 0000000078006001 0000000000000000 000c000000000000 - GPR12: c000000f611f84b0 c00000003ffcb200 0000000000000000 0000000000000000 - GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 - GPR20: 0000000000000000 0000000000000000 0000000000000000 c000000f611f8140 - GPR24: 0000000000000000 00007fffacf3fd68 c000000f65a17d90 c000000f611f7800 - GPR28: c000000f65a17e90 c000000f65a17e90 c000000001685e18 00007fffacf3f000 - NIP [c00000000000de44] fast_exception_return+0xf4/0x1b0 - LR [c000000000034728] handle_rt_signal64+0x78/0xc50 - Call Trace: - [c000000f65a17c80] [c000000000034710] handle_rt_signal64+0x60/0xc50 (unreliable) - [c000000f65a17d30] [c000000000023640] do_notify_resume+0x330/0x460 - [c000000f65a17e20] [c00000000000dcc4] ret_from_except_lite+0x70/0x74 - Instruction dump: - 7c4ff120 e8410170 7c5a03a6 38400000 f8410060 e8010070 e8410080 e8610088 - 60000000 60000000 e8810090 e8210078 <4c000024> 48000000 e8610178 88ed0989 - ---[ end trace 93094aa44b442f87 ]--- - -The simplified sequence of events that triggers the above exception is: - - ... # userspace in NON-TRANSACTIONAL state - tbegin # userspace in TRANSACTIONAL state - signal delivery # kernelspace in SUSPENDED state - handle_rt_signal64() - get_tm_stackpointer() - treclaim # kernelspace in NON-TRANSACTIONAL state - __put_user() - page fault happens. We will never get back here because of the TM Bad Thing exception. - - page fault handling kicks in and we voluntarily preempt ourselves - do_page_fault() - __schedule() - __switch_to(other_task) - - our task is rescheduled and we recheckpoint because the thread's MSR[TS] was not cleared - __switch_to(our_task) - switch_to_tm() - tm_recheckpoint_new_task() - trechkpt # kernelspace in SUSPENDED state - - The page fault handling resumes, but now we are in suspended transaction state - do_page_fault() completes - rfid <----- trying to get back where the page fault happened (we were non-transactional back then) - TM Bad Thing # illegal transition from suspended to non-transactional - -This patch fixes that issue by clearing the current thread's MSR[TS] -just after treclaim in get_tm_stackpointer() so that we stay in -non-transactional state in case we are preempted. In order to make -treclaim and clearing the thread's MSR[TS] atomic from a preemption -perspective when CONFIG_PREEMPT is set, preempt_disable/enable() is -used. It's also necessary to save the previous value of the thread's -MSR before get_tm_stackpointer() is called so that it can be exposed -to the signal handler later in setup_tm_sigcontexts() to inform the -userspace MSR at the moment of the signal delivery. - -Found with tm-signal-context-force-tm kernel selftest. - -Fixes: 2b0a576d15e0 ("powerpc: Add new transactional memory state to the signal context") -Cc: stable@vger.kernel.org # v3.9 -Signed-off-by: Gustavo Luiz Duarte -Acked-by: Michael Neuling -Signed-off-by: Michael Ellerman -Link: https://lore.kernel.org/r/20200211033831.11165-1-gustavold@linux.ibm.com -Signed-off-by: Sasha Levin ---- - arch/powerpc/kernel/signal.c | 17 +++++++++++++++-- - arch/powerpc/kernel/signal_32.c | 28 ++++++++++++++-------------- - arch/powerpc/kernel/signal_64.c | 22 ++++++++++------------ - 3 files changed, 39 insertions(+), 28 deletions(-) - -diff --git a/arch/powerpc/kernel/signal.c b/arch/powerpc/kernel/signal.c -index 3600c0d99ae94..2dbb066d95194 100644 ---- a/arch/powerpc/kernel/signal.c -+++ b/arch/powerpc/kernel/signal.c -@@ -189,14 +189,27 @@ unsigned long get_tm_stackpointer(struct task_struct *tsk) - * normal/non-checkpointed stack pointer. - */ - -+ unsigned long ret = tsk->thread.regs->gpr[1]; -+ - #ifdef CONFIG_PPC_TRANSACTIONAL_MEM - BUG_ON(tsk != current); - - if (MSR_TM_ACTIVE(tsk->thread.regs->msr)) { -+ preempt_disable(); - tm_reclaim_current(TM_CAUSE_SIGNAL); - if (MSR_TM_TRANSACTIONAL(tsk->thread.regs->msr)) -- return tsk->thread.ckpt_regs.gpr[1]; -+ ret = tsk->thread.ckpt_regs.gpr[1]; -+ -+ /* -+ * If we treclaim, we must clear the current thread's TM bits -+ * before re-enabling preemption. Otherwise we might be -+ * preempted and have the live MSR[TS] changed behind our back -+ * (tm_recheckpoint_new_task() would recheckpoint). Besides, we -+ * enter the signal handler in non-transactional state. -+ */ -+ tsk->thread.regs->msr &= ~MSR_TS_MASK; -+ preempt_enable(); - } - #endif -- return tsk->thread.regs->gpr[1]; -+ return ret; - } -diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c -index bec09db6981ea..1bf5eb9f8405a 100644 ---- a/arch/powerpc/kernel/signal_32.c -+++ b/arch/powerpc/kernel/signal_32.c -@@ -515,19 +515,11 @@ static int save_user_regs(struct pt_regs *regs, struct mcontext __user *frame, - */ - static int save_tm_user_regs(struct pt_regs *regs, - struct mcontext __user *frame, -- struct mcontext __user *tm_frame, int sigret) -+ struct mcontext __user *tm_frame, int sigret, -+ unsigned long msr) - { -- unsigned long msr = regs->msr; -- - WARN_ON(tm_suspend_disabled); - -- /* Remove TM bits from thread's MSR. The MSR in the sigcontext -- * just indicates to userland that we were doing a transaction, but we -- * don't want to return in transactional state. This also ensures -- * that flush_fp_to_thread won't set TIF_RESTORE_TM again. -- */ -- regs->msr &= ~MSR_TS_MASK; -- - /* Save both sets of general registers */ - if (save_general_regs(¤t->thread.ckpt_regs, frame) - || save_general_regs(regs, tm_frame)) -@@ -1006,6 +998,10 @@ int handle_rt_signal32(struct ksignal *ksig, sigset_t *oldset, - int sigret; - unsigned long tramp; - struct pt_regs *regs = tsk->thread.regs; -+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM -+ /* Save the thread's msr before get_tm_stackpointer() changes it */ -+ unsigned long msr = regs->msr; -+#endif - - BUG_ON(tsk != current); - -@@ -1038,13 +1034,13 @@ int handle_rt_signal32(struct ksignal *ksig, sigset_t *oldset, - - #ifdef CONFIG_PPC_TRANSACTIONAL_MEM - tm_frame = &rt_sf->uc_transact.uc_mcontext; -- if (MSR_TM_ACTIVE(regs->msr)) { -+ if (MSR_TM_ACTIVE(msr)) { - if (__put_user((unsigned long)&rt_sf->uc_transact, - &rt_sf->uc.uc_link) || - __put_user((unsigned long)tm_frame, - &rt_sf->uc_transact.uc_regs)) - goto badframe; -- if (save_tm_user_regs(regs, frame, tm_frame, sigret)) -+ if (save_tm_user_regs(regs, frame, tm_frame, sigret, msr)) - goto badframe; - } - else -@@ -1451,6 +1447,10 @@ int handle_signal32(struct ksignal *ksig, sigset_t *oldset, - int sigret; - unsigned long tramp; - struct pt_regs *regs = tsk->thread.regs; -+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM -+ /* Save the thread's msr before get_tm_stackpointer() changes it */ -+ unsigned long msr = regs->msr; -+#endif - - BUG_ON(tsk != current); - -@@ -1484,9 +1484,9 @@ int handle_signal32(struct ksignal *ksig, sigset_t *oldset, - - #ifdef CONFIG_PPC_TRANSACTIONAL_MEM - tm_mctx = &frame->mctx_transact; -- if (MSR_TM_ACTIVE(regs->msr)) { -+ if (MSR_TM_ACTIVE(msr)) { - if (save_tm_user_regs(regs, &frame->mctx, &frame->mctx_transact, -- sigret)) -+ sigret, msr)) - goto badframe; - } - else -diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c -index 459c4adf47841..bde4c1b9a0ba8 100644 ---- a/arch/powerpc/kernel/signal_64.c -+++ b/arch/powerpc/kernel/signal_64.c -@@ -192,7 +192,8 @@ static long setup_sigcontext(struct sigcontext __user *sc, - static long setup_tm_sigcontexts(struct sigcontext __user *sc, - struct sigcontext __user *tm_sc, - struct task_struct *tsk, -- int signr, sigset_t *set, unsigned long handler) -+ int signr, sigset_t *set, unsigned long handler, -+ unsigned long msr) - { - /* When CONFIG_ALTIVEC is set, we _always_ setup v_regs even if the - * process never used altivec yet (MSR_VEC is zero in pt_regs of -@@ -207,12 +208,11 @@ static long setup_tm_sigcontexts(struct sigcontext __user *sc, - elf_vrreg_t __user *tm_v_regs = sigcontext_vmx_regs(tm_sc); - #endif - struct pt_regs *regs = tsk->thread.regs; -- unsigned long msr = tsk->thread.regs->msr; - long err = 0; - - BUG_ON(tsk != current); - -- BUG_ON(!MSR_TM_ACTIVE(regs->msr)); -+ BUG_ON(!MSR_TM_ACTIVE(msr)); - - WARN_ON(tm_suspend_disabled); - -@@ -222,13 +222,6 @@ static long setup_tm_sigcontexts(struct sigcontext __user *sc, - */ - msr |= tsk->thread.ckpt_regs.msr & (MSR_FP | MSR_VEC | MSR_VSX); - -- /* Remove TM bits from thread's MSR. The MSR in the sigcontext -- * just indicates to userland that we were doing a transaction, but we -- * don't want to return in transactional state. This also ensures -- * that flush_fp_to_thread won't set TIF_RESTORE_TM again. -- */ -- regs->msr &= ~MSR_TS_MASK; -- - #ifdef CONFIG_ALTIVEC - err |= __put_user(v_regs, &sc->v_regs); - err |= __put_user(tm_v_regs, &tm_sc->v_regs); -@@ -805,6 +798,10 @@ int handle_rt_signal64(struct ksignal *ksig, sigset_t *set, - unsigned long newsp = 0; - long err = 0; - struct pt_regs *regs = tsk->thread.regs; -+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM -+ /* Save the thread's msr before get_tm_stackpointer() changes it */ -+ unsigned long msr = regs->msr; -+#endif - - BUG_ON(tsk != current); - -@@ -822,7 +819,7 @@ int handle_rt_signal64(struct ksignal *ksig, sigset_t *set, - err |= __put_user(0, &frame->uc.uc_flags); - err |= __save_altstack(&frame->uc.uc_stack, regs->gpr[1]); - #ifdef CONFIG_PPC_TRANSACTIONAL_MEM -- if (MSR_TM_ACTIVE(regs->msr)) { -+ if (MSR_TM_ACTIVE(msr)) { - /* The ucontext_t passed to userland points to the second - * ucontext_t (for transactional state) with its uc_link ptr. - */ -@@ -830,7 +827,8 @@ int handle_rt_signal64(struct ksignal *ksig, sigset_t *set, - err |= setup_tm_sigcontexts(&frame->uc.uc_mcontext, - &frame->uc_transact.uc_mcontext, - tsk, ksig->sig, NULL, -- (unsigned long)ksig->ka.sa.sa_handler); -+ (unsigned long)ksig->ka.sa.sa_handler, -+ msr); - } else - #endif - { --- -2.20.1 - diff --git a/queue-4.9/powerpc-tm-fix-endianness-flip-on-trap.patch b/queue-4.9/powerpc-tm-fix-endianness-flip-on-trap.patch deleted file mode 100644 index 40f7ead8080..00000000000 --- a/queue-4.9/powerpc-tm-fix-endianness-flip-on-trap.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 2456d2946f813681e8b0bb1fe57afaf7cf51cf0c Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Sun, 31 Dec 2017 18:20:45 -0500 -Subject: powerpc/tm: Fix endianness flip on trap - -From: Gustavo Romero - -[ Upstream commit 1c200e63d055ec0125e44a5e386b9b78aada7eb3 ] - -Currently it's possible that a thread on PPC64 LE has its endianness -flipped inadvertently to Big-Endian resulting in a crash once the process -is back from the signal handler. - -If giveup_all() is called when regs->msr has the bits MSR.FP and MSR.VEC -disabled (and hence MSR.VSX disabled too) it returns without calling -check_if_tm_restore_required() which copies regs->msr to ckpt_regs->msr if -the process caught a signal whilst in transactional mode. Then once in -setup_tm_sigcontexts() MSR from ckpt_regs.msr is used, but since -check_if_tm_restore_required() was not called previuosly, gp_regs[PT_MSR] -gets a copy of invalid MSR bits as MSR in ckpt_regs was not updated from -regs->msr and so is zeroed. Later when leaving the signal handler once in -sys_rt_sigreturn() the TS bits of gp_regs[PT_MSR] are checked to determine -if restore_tm_sigcontexts() must be called to pull in the correct MSR state -into the user context. Because TS bits are zeroed -restore_tm_sigcontexts() is never called and MSR restored from the user -context on returning from the signal handler has the MSR.LE (the endianness -bit) forced to zero (Big-Endian). That leads, for instance, to 'nop' being -treated as an illegal instruction in the following sequence: - - tbegin. - beq 1f - trap - tend. -1: nop - -on PPC64 LE machines and the process dies just after returning from the -signal handler. - -PPC64 BE is also affected but in a subtle way since forcing Big-Endian on -a BE machine does not change the endianness. - -This commit fixes the issue described above by ensuring that once in -setup_tm_sigcontexts() the MSR used is from regs->msr instead of from -ckpt_regs->msr and by ensuring that we pull in only the MSR.FP, MSR.VEC, -and MSR.VSX bits from ckpt_regs->msr. - -The fix was tested both on LE and BE machines and no regression regarding -the powerpc/tm selftests was observed. - -Signed-off-by: Gustavo Romero -Signed-off-by: Michael Ellerman -Signed-off-by: Sasha Levin ---- - arch/powerpc/kernel/signal_64.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c -index 9d8fd0c74b314..459c4adf47841 100644 ---- a/arch/powerpc/kernel/signal_64.c -+++ b/arch/powerpc/kernel/signal_64.c -@@ -207,7 +207,7 @@ static long setup_tm_sigcontexts(struct sigcontext __user *sc, - elf_vrreg_t __user *tm_v_regs = sigcontext_vmx_regs(tm_sc); - #endif - struct pt_regs *regs = tsk->thread.regs; -- unsigned long msr = tsk->thread.ckpt_regs.msr; -+ unsigned long msr = tsk->thread.regs->msr; - long err = 0; - - BUG_ON(tsk != current); -@@ -216,6 +216,12 @@ static long setup_tm_sigcontexts(struct sigcontext __user *sc, - - WARN_ON(tm_suspend_disabled); - -+ /* Restore checkpointed FP, VEC, and VSX bits from ckpt_regs as -+ * it contains the correct FP, VEC, VSX state after we treclaimed -+ * the transaction and giveup_all() was called on reclaiming. -+ */ -+ msr |= tsk->thread.ckpt_regs.msr & (MSR_FP | MSR_VEC | MSR_VSX); -+ - /* Remove TM bits from thread's MSR. The MSR in the sigcontext - * just indicates to userland that we were doing a transaction, but we - * don't want to return in transactional state. This also ensures --- -2.20.1 - diff --git a/queue-4.9/powerpc-tm-p9-disable-transactionally-suspended-sigc.patch b/queue-4.9/powerpc-tm-p9-disable-transactionally-suspended-sigc.patch deleted file mode 100644 index 1b6d36ac5dc..00000000000 --- a/queue-4.9/powerpc-tm-p9-disable-transactionally-suspended-sigc.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 814ec9943e50993a7c51fee1e1d9e74ddc7ffd07 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Thu, 12 Oct 2017 21:17:19 +1100 -Subject: powerpc/tm: P9 disable transactionally suspended sigcontexts - -From: Michael Neuling - -[ Upstream commit 92fb8690bd04cb421d987d246deac60eef85d272 ] - -Unfortunately userspace can construct a sigcontext which enables -suspend. Thus userspace can force Linux into a path where trechkpt is -executed. - -This patch blocks this from happening on POWER9 by sanity checking -sigcontexts passed in. - -ptrace doesn't have this problem as only MSR SE and BE can be changed -via ptrace. - -This patch also adds a number of WARN_ON()s in case we ever enter -suspend when we shouldn't. This should not happen, but if it does the -symptoms are soft lockup warnings which are not obviously TM related, -so the WARN_ON()s should make it obvious what's happening. - -Signed-off-by: Michael Neuling -Signed-off-by: Cyril Bur -Signed-off-by: Michael Ellerman -Signed-off-by: Sasha Levin ---- - arch/powerpc/kernel/process.c | 2 ++ - arch/powerpc/kernel/signal_32.c | 4 ++++ - arch/powerpc/kernel/signal_64.c | 5 +++++ - 3 files changed, 11 insertions(+) - -diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c -index 54c95e7c74cce..1a08c43a51f8c 100644 ---- a/arch/powerpc/kernel/process.c -+++ b/arch/powerpc/kernel/process.c -@@ -890,6 +890,8 @@ static inline void tm_reclaim_task(struct task_struct *tsk) - if (!MSR_TM_ACTIVE(thr->regs->msr)) - goto out_and_saveregs; - -+ WARN_ON(tm_suspend_disabled); -+ - TM_DEBUG("--- tm_reclaim on pid %d (NIP=%lx, " - "ccr=%lx, msr=%lx, trap=%lx)\n", - tsk->pid, thr->regs->nip, -diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c -index a378b1e80a1aa..bec09db6981ea 100644 ---- a/arch/powerpc/kernel/signal_32.c -+++ b/arch/powerpc/kernel/signal_32.c -@@ -519,6 +519,8 @@ static int save_tm_user_regs(struct pt_regs *regs, - { - unsigned long msr = regs->msr; - -+ WARN_ON(tm_suspend_disabled); -+ - /* Remove TM bits from thread's MSR. The MSR in the sigcontext - * just indicates to userland that we were doing a transaction, but we - * don't want to return in transactional state. This also ensures -@@ -769,6 +771,8 @@ static long restore_tm_user_regs(struct pt_regs *regs, - int i; - #endif - -+ if (tm_suspend_disabled) -+ return 1; - /* - * restore general registers but not including MSR or SOFTE. Also - * take care of keeping r2 (TLS) intact if not a signal. -diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c -index f4c46b0ec611a..9d8fd0c74b314 100644 ---- a/arch/powerpc/kernel/signal_64.c -+++ b/arch/powerpc/kernel/signal_64.c -@@ -214,6 +214,8 @@ static long setup_tm_sigcontexts(struct sigcontext __user *sc, - - BUG_ON(!MSR_TM_ACTIVE(regs->msr)); - -+ WARN_ON(tm_suspend_disabled); -+ - /* Remove TM bits from thread's MSR. The MSR in the sigcontext - * just indicates to userland that we were doing a transaction, but we - * don't want to return in transactional state. This also ensures -@@ -430,6 +432,9 @@ static long restore_tm_sigcontexts(struct task_struct *tsk, - - BUG_ON(tsk != current); - -+ if (tm_suspend_disabled) -+ return -EINVAL; -+ - /* copy the GPRs */ - err |= __copy_from_user(regs->gpr, tm_sc->gp_regs, sizeof(regs->gpr)); - err |= __copy_from_user(&tsk->thread.ckpt_regs, sc->gp_regs, --- -2.20.1 - diff --git a/queue-4.9/series b/queue-4.9/series index b2fea674c66..4b422dc97e2 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -135,9 +135,6 @@ xhci-apply-xhci_pme_stuck_quirk-to-intel-comet-lake-platforms.patch kvm-x86-don-t-notify-userspace-ioapic-on-edge-triggered-interrupt-eoi.patch vt_resizex-get-rid-of-field-by-field-copyin.patch vt-vt_ioctl-fix-race-in-vt_resizex.patch -powerpc-tm-p9-disable-transactionally-suspended-sigc.patch -powerpc-tm-fix-endianness-flip-on-trap.patch -powerpc-tm-fix-clearing-msr-ts-in-current-when-recla.patch lib-stackdepot-fix-outdated-comments.patch lib-stackdepot.c-fix-global-out-of-bounds-in-stack_s.patch kvm-nvmx-don-t-emulate-instructions-in-guest-mode.patch