From: Greg Kroah-Hartman Date: Sat, 9 Apr 2016 18:30:18 +0000 (-0700) Subject: 4.4-stable patches X-Git-Tag: v4.5.1~40 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=91c3dd67b480799d3d1b57d039197f367aeda8f1;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: edac-amd64_edac-shift-wrapping-issue-in-f1x_get_norm_dct_addr.patch edac-sb_edac-fix-computation-of-channel-address.patch kvm-fix-spin_lock_init-order-on-x86.patch kvm-i8254-change-pit-discard-tick-policy.patch kvm-vmx-avoid-guest-hang-on-invalid-invept-instruction.patch kvm-vmx-avoid-guest-hang-on-invalid-invvpid-instruction.patch kvm-vmx-fix-nested-vpid-for-old-kvm-guests.patch kvm-x86-fix-missed-hardware-breakpoints.patch pci-acpi-ia64-fix-io-port-generic-range-check.patch pci-disable-io-mem-decoding-for-devices-with-non-compliant-bars.patch perf-core-fix-perf_sched_count-derailment.patch perf-tools-dont-stop-pmu-parsing-on-alias-parse-error.patch perf-tools-fix-checking-asprintf-return-value.patch perf-tools-fix-python-extension-build.patch perf-x86-intel-add-definition-for-pt-pmi-bit.patch pinctrl-bcm2835-fix-cut-and-paste-error-in-pull-parsing.patch s390-cpumf-add-missing-lpp-magic-initialization.patch s390-fix-floating-pointer-register-corruption-again.patch s390-pci-enforce-fmb-page-boundary-rule.patch sched-cputime-fix-steal_account_process_tick-to-always-return-jiffies.patch sched-preempt-sh-kmap_coherent-relies-on-disabled-preemption.patch thermal-ignore-invalid-trip-points.patch x86-entry-compat-keep-ts_compat-set-during-signal-delivery.patch x86-microcode-intel-make-early-loader-look-for-builtin-microcode-too.patch x86-microcode-untangle-from-blk_dev_initrd.patch x86-pci-mark-broadwell-ep-home-agent-pcu-as-having-non-compliant-bars.patch --- diff --git a/queue-4.4/edac-amd64_edac-shift-wrapping-issue-in-f1x_get_norm_dct_addr.patch b/queue-4.4/edac-amd64_edac-shift-wrapping-issue-in-f1x_get_norm_dct_addr.patch new file mode 100644 index 00000000000..a8a45898a15 --- /dev/null +++ b/queue-4.4/edac-amd64_edac-shift-wrapping-issue-in-f1x_get_norm_dct_addr.patch @@ -0,0 +1,37 @@ +From 6f3508f61c814ee852c199988a62bd954c50dfc1 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Wed, 20 Jan 2016 12:54:51 +0300 +Subject: EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr() + +From: Dan Carpenter + +commit 6f3508f61c814ee852c199988a62bd954c50dfc1 upstream. + +dct_sel_base_off is declared as a u64 but we're only using the lower 32 +bits because of a shift wrapping bug. This can possibly truncate the +upper 16 bits of DctSelBaseOffset[47:26], causing us to misdecode the CS +row. + +Fixes: c8e518d5673d ('amd64_edac: Sanitize f10_get_base_addr_offset') +Signed-off-by: Dan Carpenter +Cc: Aravind Gopalakrishnan +Cc: linux-edac +Link: http://lkml.kernel.org/r/20160120095451.GB19898@mwanda +Signed-off-by: Borislav Petkov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/edac/amd64_edac.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/edac/amd64_edac.c ++++ b/drivers/edac/amd64_edac.c +@@ -1452,7 +1452,7 @@ static u64 f1x_get_norm_dct_addr(struct + u64 chan_off; + u64 dram_base = get_dram_base(pvt, range); + u64 hole_off = f10_dhar_offset(pvt); +- u64 dct_sel_base_off = (pvt->dct_sel_hi & 0xFFFFFC00) << 16; ++ u64 dct_sel_base_off = (u64)(pvt->dct_sel_hi & 0xFFFFFC00) << 16; + + if (hi_rng) { + /* diff --git a/queue-4.4/edac-sb_edac-fix-computation-of-channel-address.patch b/queue-4.4/edac-sb_edac-fix-computation-of-channel-address.patch new file mode 100644 index 00000000000..5e8b959ca27 --- /dev/null +++ b/queue-4.4/edac-sb_edac-fix-computation-of-channel-address.patch @@ -0,0 +1,94 @@ +From eb1af3b71f9d83e45f2fd2fd649356e98e1c582c Mon Sep 17 00:00:00 2001 +From: "Luck, Tony" +Date: Wed, 9 Mar 2016 16:40:48 -0800 +Subject: EDAC/sb_edac: Fix computation of channel address + +From: Tony Luck + +commit eb1af3b71f9d83e45f2fd2fd649356e98e1c582c upstream. + +Large memory Haswell-EX systems with multiple DIMMs per channel were +sometimes reporting the wrong DIMM. + +Found three problems: + + 1) Debug printouts for socket and channel interleave were not interpreting + the register fields correctly. The socket interleave field is a 2^X + value (0=1, 1=2, 2=4, 3=8). The channel interleave is X+1 (0=1, 1=2, + 2=3. 3=4). + + 2) Actual use of the socket interleave value didn't interpret as 2^X + + 3) Conversion of address to channel address was complicated, and wrong. + +Signed-off-by: Tony Luck +Acked-by: Aristeu Rozanski +Cc: Borislav Petkov +Cc: Linus Torvalds +Cc: Mauro Carvalho Chehab +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: linux-edac@vger.kernel.org +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/edac/sb_edac.c | 26 ++++++++++---------------- + 1 file changed, 10 insertions(+), 16 deletions(-) + +--- a/drivers/edac/sb_edac.c ++++ b/drivers/edac/sb_edac.c +@@ -1117,8 +1117,8 @@ static void get_memory_layout(const stru + edac_dbg(0, "TAD#%d: up to %u.%03u GB (0x%016Lx), socket interleave %d, memory interleave %d, TGT: %d, %d, %d, %d, reg=0x%08x\n", + n_tads, gb, (mb*1000)/1024, + ((u64)tmp_mb) << 20L, +- (u32)TAD_SOCK(reg), +- (u32)TAD_CH(reg), ++ (u32)(1 << TAD_SOCK(reg)), ++ (u32)TAD_CH(reg) + 1, + (u32)TAD_TGT0(reg), + (u32)TAD_TGT1(reg), + (u32)TAD_TGT2(reg), +@@ -1396,7 +1396,7 @@ static int get_memory_error_data(struct + } + + ch_way = TAD_CH(reg) + 1; +- sck_way = TAD_SOCK(reg) + 1; ++ sck_way = 1 << TAD_SOCK(reg); + + if (ch_way == 3) + idx = addr >> 6; +@@ -1453,7 +1453,7 @@ static int get_memory_error_data(struct + n_tads, + addr, + limit, +- (u32)TAD_SOCK(reg), ++ sck_way, + ch_way, + offset, + idx, +@@ -1468,18 +1468,12 @@ static int get_memory_error_data(struct + offset, addr); + return -EINVAL; + } +- addr -= offset; +- /* Store the low bits [0:6] of the addr */ +- ch_addr = addr & 0x7f; +- /* Remove socket wayness and remove 6 bits */ +- addr >>= 6; +- addr = div_u64(addr, sck_xch); +-#if 0 +- /* Divide by channel way */ +- addr = addr / ch_way; +-#endif +- /* Recover the last 6 bits */ +- ch_addr |= addr << 6; ++ ++ ch_addr = addr - offset; ++ ch_addr >>= (6 + shiftup); ++ ch_addr /= ch_way * sck_way; ++ ch_addr <<= (6 + shiftup); ++ ch_addr |= addr & ((1 << (6 + shiftup)) - 1); + + /* + * Step 3) Decode rank diff --git a/queue-4.4/kvm-fix-spin_lock_init-order-on-x86.patch b/queue-4.4/kvm-fix-spin_lock_init-order-on-x86.patch new file mode 100644 index 00000000000..c3a986b8e5e --- /dev/null +++ b/queue-4.4/kvm-fix-spin_lock_init-order-on-x86.patch @@ -0,0 +1,84 @@ +From e9ad4ec8379ad1ba6f68b8ca1c26b50b5ae0a327 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Mon, 21 Mar 2016 10:15:25 +0100 +Subject: KVM: fix spin_lock_init order on x86 + +From: Paolo Bonzini + +commit e9ad4ec8379ad1ba6f68b8ca1c26b50b5ae0a327 upstream. + +Moving the initialization earlier is needed in 4.6 because +kvm_arch_init_vm is now using mmu_lock, causing lockdep to +complain: + +[ 284.440294] INFO: trying to register non-static key. +[ 284.445259] the code is fine but needs lockdep annotation. +[ 284.450736] turning off the locking correctness validator. +... +[ 284.528318] [] lock_acquire+0xd3/0x240 +[ 284.533733] [] ? kvm_page_track_register_notifier+0x20/0x60 [kvm] +[ 284.541467] [] _raw_spin_lock+0x41/0x80 +[ 284.546960] [] ? kvm_page_track_register_notifier+0x20/0x60 [kvm] +[ 284.554707] [] kvm_page_track_register_notifier+0x20/0x60 [kvm] +[ 284.562281] [] kvm_mmu_init_vm+0x20/0x30 [kvm] +[ 284.568381] [] kvm_arch_init_vm+0x1ea/0x200 [kvm] +[ 284.574740] [] kvm_dev_ioctl+0xbf/0x4d0 [kvm] + +However, it also helps fixing a preexisting problem, which is why this +patch is also good for stable kernels: kvm_create_vm was incrementing +current->mm->mm_count but not decrementing it at the out_err label (in +case kvm_init_mmu_notifier failed). The new initialization order makes +it possible to add the required mmdrop without adding a new error label. + +Reported-by: Borislav Petkov +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + virt/kvm/kvm_main.c | 21 +++++++++++---------- + 1 file changed, 11 insertions(+), 10 deletions(-) + +--- a/virt/kvm/kvm_main.c ++++ b/virt/kvm/kvm_main.c +@@ -547,6 +547,16 @@ static struct kvm *kvm_create_vm(unsigne + if (!kvm) + return ERR_PTR(-ENOMEM); + ++ spin_lock_init(&kvm->mmu_lock); ++ atomic_inc(¤t->mm->mm_count); ++ kvm->mm = current->mm; ++ kvm_eventfd_init(kvm); ++ mutex_init(&kvm->lock); ++ mutex_init(&kvm->irq_lock); ++ mutex_init(&kvm->slots_lock); ++ atomic_set(&kvm->users_count, 1); ++ INIT_LIST_HEAD(&kvm->devices); ++ + r = kvm_arch_init_vm(kvm, type); + if (r) + goto out_err_no_disable; +@@ -579,16 +589,6 @@ static struct kvm *kvm_create_vm(unsigne + goto out_err; + } + +- spin_lock_init(&kvm->mmu_lock); +- kvm->mm = current->mm; +- atomic_inc(&kvm->mm->mm_count); +- kvm_eventfd_init(kvm); +- mutex_init(&kvm->lock); +- mutex_init(&kvm->irq_lock); +- mutex_init(&kvm->slots_lock); +- atomic_set(&kvm->users_count, 1); +- INIT_LIST_HEAD(&kvm->devices); +- + r = kvm_init_mmu_notifier(kvm); + if (r) + goto out_err; +@@ -613,6 +613,7 @@ out_err_no_disable: + for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) + kvm_free_memslots(kvm, kvm->memslots[i]); + kvm_arch_free_vm(kvm); ++ mmdrop(current->mm); + return ERR_PTR(r); + } + diff --git a/queue-4.4/kvm-i8254-change-pit-discard-tick-policy.patch b/queue-4.4/kvm-i8254-change-pit-discard-tick-policy.patch new file mode 100644 index 00000000000..8bbbef3c2fc --- /dev/null +++ b/queue-4.4/kvm-i8254-change-pit-discard-tick-policy.patch @@ -0,0 +1,77 @@ +From 7dd0fdff145c5be7146d0ac06732ae3613412ac1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= +Date: Wed, 2 Mar 2016 22:56:38 +0100 +Subject: KVM: i8254: change PIT discard tick policy +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Radim Krčmář + +commit 7dd0fdff145c5be7146d0ac06732ae3613412ac1 upstream. + +Discard policy uses ack_notifiers to prevent injection of PIT interrupts +before EOI from the last one. + +This patch changes the policy to always try to deliver the interrupt, +which makes a difference when its vector is in ISR. +Old implementation would drop the interrupt, but proposed one injects to +IRR, like real hardware would. + +The old policy breaks legacy NMI watchdogs, where PIT is used through +virtual wire (LVT0): PIT never sends an interrupt before receiving EOI, +thus a guest deadlock with disabled interrupts will stop NMIs. + +Note that NMI doesn't do EOI, so PIT also had to send a normal interrupt +through IOAPIC. (KVM's PIT is deeply rotten and luckily not used much +in modern systems.) + +Even though there is a chance of regressions, I think we can fix the +LVT0 NMI bug without introducing a new tick policy. + +Reported-by: Yuki Shibuya +Reviewed-by: Paolo Bonzini +Signed-off-by: Radim Krčmář +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/i8254.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +--- a/arch/x86/kvm/i8254.c ++++ b/arch/x86/kvm/i8254.c +@@ -245,7 +245,7 @@ static void kvm_pit_ack_irq(struct kvm_i + * PIC is being reset. Handle it gracefully here + */ + atomic_inc(&ps->pending); +- else if (value > 0) ++ else if (value > 0 && ps->reinject) + /* in this case, we had multiple outstanding pit interrupts + * that we needed to inject. Reinject + */ +@@ -288,7 +288,9 @@ static void pit_do_work(struct kthread_w + * last one has been acked. + */ + spin_lock(&ps->inject_lock); +- if (ps->irq_ack) { ++ if (!ps->reinject) ++ inject = 1; ++ else if (ps->irq_ack) { + ps->irq_ack = 0; + inject = 1; + } +@@ -317,10 +319,10 @@ static enum hrtimer_restart pit_timer_fn + struct kvm_kpit_state *ps = container_of(data, struct kvm_kpit_state, timer); + struct kvm_pit *pt = ps->kvm->arch.vpit; + +- if (ps->reinject || !atomic_read(&ps->pending)) { ++ if (ps->reinject) + atomic_inc(&ps->pending); +- queue_kthread_work(&pt->worker, &pt->expired); +- } ++ ++ queue_kthread_work(&pt->worker, &pt->expired); + + if (ps->is_periodic) { + hrtimer_add_expires_ns(&ps->timer, ps->period); diff --git a/queue-4.4/kvm-vmx-avoid-guest-hang-on-invalid-invept-instruction.patch b/queue-4.4/kvm-vmx-avoid-guest-hang-on-invalid-invept-instruction.patch new file mode 100644 index 00000000000..ee49158e4db --- /dev/null +++ b/queue-4.4/kvm-vmx-avoid-guest-hang-on-invalid-invept-instruction.patch @@ -0,0 +1,31 @@ +From 2849eb4f99d54925c543db12917127f88b3c38ff Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Fri, 18 Mar 2016 16:53:29 +0100 +Subject: KVM: VMX: avoid guest hang on invalid invept instruction + +From: Paolo Bonzini + +commit 2849eb4f99d54925c543db12917127f88b3c38ff upstream. + +A guest executing an invalid invept instruction would hang +because the instruction pointer was not updated. + +Fixes: bfd0a56b90005f8c8a004baf407ad90045c2b11e +Reviewed-by: David Matlack +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/vmx.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -7340,6 +7340,7 @@ static int handle_invept(struct kvm_vcpu + if (!(types & (1UL << type))) { + nested_vmx_failValid(vcpu, + VMXERR_INVALID_OPERAND_TO_INVEPT_INVVPID); ++ skip_emulated_instruction(vcpu); + return 1; + } + diff --git a/queue-4.4/kvm-vmx-avoid-guest-hang-on-invalid-invvpid-instruction.patch b/queue-4.4/kvm-vmx-avoid-guest-hang-on-invalid-invvpid-instruction.patch new file mode 100644 index 00000000000..a58f8f2d834 --- /dev/null +++ b/queue-4.4/kvm-vmx-avoid-guest-hang-on-invalid-invvpid-instruction.patch @@ -0,0 +1,33 @@ +From f6870ee9e53430f2a318ccf0dd5e66bb46194e43 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Fri, 18 Mar 2016 16:53:42 +0100 +Subject: KVM: VMX: avoid guest hang on invalid invvpid instruction + +From: Paolo Bonzini + +commit f6870ee9e53430f2a318ccf0dd5e66bb46194e43 upstream. + +A guest executing an invalid invvpid instruction would hang +because the instruction pointer was not updated. + +Reported-by: jmontleo@redhat.com +Tested-by: jmontleo@redhat.com +Fixes: 99b83ac893b84ed1a62ad6d1f2b6cc32026b9e85 +Reviewed-by: David Matlack +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/vmx.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -7399,6 +7399,7 @@ static int handle_invvpid(struct kvm_vcp + if (!(types & (1UL << type))) { + nested_vmx_failValid(vcpu, + VMXERR_INVALID_OPERAND_TO_INVEPT_INVVPID); ++ skip_emulated_instruction(vcpu); + return 1; + } + diff --git a/queue-4.4/kvm-vmx-fix-nested-vpid-for-old-kvm-guests.patch b/queue-4.4/kvm-vmx-fix-nested-vpid-for-old-kvm-guests.patch new file mode 100644 index 00000000000..d8288e044f2 --- /dev/null +++ b/queue-4.4/kvm-vmx-fix-nested-vpid-for-old-kvm-guests.patch @@ -0,0 +1,63 @@ +From ef697a712a6165aea7779c295604b099e8bfae2e Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Fri, 18 Mar 2016 16:58:38 +0100 +Subject: KVM: VMX: fix nested vpid for old KVM guests + +From: Paolo Bonzini + +commit ef697a712a6165aea7779c295604b099e8bfae2e upstream. + +Old KVM guests invoke single-context invvpid without actually checking +whether it is supported. This was fixed by commit 518c8ae ("KVM: VMX: +Make sure single type invvpid is supported before issuing invvpid +instruction", 2010-08-01) and the patch after, but pre-2.6.36 +kernels lack it including RHEL 6. + +Reported-by: jmontleo@redhat.com +Tested-by: jmontleo@redhat.com +Fixes: 99b83ac893b84ed1a62ad6d1f2b6cc32026b9e85 +Reviewed-by: David Matlack +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/vmx.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -2637,8 +2637,15 @@ static void nested_vmx_setup_ctls_msrs(s + } else + vmx->nested.nested_vmx_ept_caps = 0; + ++ /* ++ * Old versions of KVM use the single-context version without ++ * checking for support, so declare that it is supported even ++ * though it is treated as global context. The alternative is ++ * not failing the single-context invvpid, and it is worse. ++ */ + if (enable_vpid) + vmx->nested.nested_vmx_vpid_caps = VMX_VPID_INVVPID_BIT | ++ VMX_VPID_EXTENT_SINGLE_CONTEXT_BIT | + VMX_VPID_EXTENT_GLOBAL_CONTEXT_BIT; + else + vmx->nested.nested_vmx_vpid_caps = 0; +@@ -7416,12 +7423,17 @@ static int handle_invvpid(struct kvm_vcp + } + + switch (type) { ++ case VMX_VPID_EXTENT_SINGLE_CONTEXT: ++ /* ++ * Old versions of KVM use the single-context version so we ++ * have to support it; just treat it the same as all-context. ++ */ + case VMX_VPID_EXTENT_ALL_CONTEXT: + __vmx_flush_tlb(vcpu, to_vmx(vcpu)->nested.vpid02); + nested_vmx_succeed(vcpu); + break; + default: +- /* Trap single context invalidation invvpid calls */ ++ /* Trap individual address invalidation invvpid calls */ + BUG_ON(1); + break; + } diff --git a/queue-4.4/kvm-x86-fix-missed-hardware-breakpoints.patch b/queue-4.4/kvm-x86-fix-missed-hardware-breakpoints.patch new file mode 100644 index 00000000000..54e2028bfbe --- /dev/null +++ b/queue-4.4/kvm-x86-fix-missed-hardware-breakpoints.patch @@ -0,0 +1,130 @@ +From 4e422bdd2f849d98fffccbc3295c2f0996097fb3 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Wed, 10 Feb 2016 17:50:23 +0100 +Subject: KVM: x86: fix missed hardware breakpoints + +From: Paolo Bonzini + +commit 4e422bdd2f849d98fffccbc3295c2f0996097fb3 upstream. + +Sometimes when setting a breakpoint a process doesn't stop on it. +This is because the debug registers are not loaded correctly on +VCPU load. + +The following simple reproducer from Oleg Nesterov tries using debug +registers in both the host and the guest, for example by running "./bp +0 1" on the host and "./bp 14 15" under QEMU. + + #include + #include + #include + #include + #include + #include + #include + #include + #include + + #define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) + + unsigned long encode_dr7(int drnum, int enable, unsigned int type, unsigned int len) + { + unsigned long dr7; + + dr7 = ((len | type) & 0xf) + << (DR_CONTROL_SHIFT + drnum * DR_CONTROL_SIZE); + if (enable) + dr7 |= (DR_GLOBAL_ENABLE << (drnum * DR_ENABLE_SIZE)); + + return dr7; + } + + int write_dr(int pid, int dr, unsigned long val) + { + return ptrace(PTRACE_POKEUSER, pid, + offsetof (struct user, u_debugreg[dr]), + val); + } + + void set_bp(pid_t pid, void *addr) + { + unsigned long dr7; + assert(write_dr(pid, 0, (long)addr) == 0); + dr7 = encode_dr7(0, 1, DR_RW_EXECUTE, DR_LEN_1); + assert(write_dr(pid, 7, dr7) == 0); + } + + void *get_rip(int pid) + { + return (void*)ptrace(PTRACE_PEEKUSER, pid, + offsetof(struct user, regs.rip), 0); + } + + void test(int nr) + { + void *bp_addr = &&label + nr, *bp_hit; + int pid; + + printf("test bp %d\n", nr); + assert(nr < 16); // see 16 asm nops below + + pid = fork(); + if (!pid) { + assert(ptrace(PTRACE_TRACEME, 0,0,0) == 0); + kill(getpid(), SIGSTOP); + for (;;) { + label: asm ( + "nop; nop; nop; nop;" + "nop; nop; nop; nop;" + "nop; nop; nop; nop;" + "nop; nop; nop; nop;" + ); + } + } + + assert(pid == wait(NULL)); + set_bp(pid, bp_addr); + + for (;;) { + assert(ptrace(PTRACE_CONT, pid, 0, 0) == 0); + assert(pid == wait(NULL)); + + bp_hit = get_rip(pid); + if (bp_hit != bp_addr) + fprintf(stderr, "ERR!! hit wrong bp %ld != %d\n", + bp_hit - &&label, nr); + } + } + + int main(int argc, const char *argv[]) + { + while (--argc) { + int nr = atoi(*++argv); + if (!fork()) + test(nr); + } + + while (wait(NULL) > 0) + ; + return 0; + } + +Suggested-by: Nadadv Amit +Reported-by: Andrey Wagin +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/x86.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -2736,6 +2736,7 @@ void kvm_arch_vcpu_load(struct kvm_vcpu + } + + kvm_make_request(KVM_REQ_STEAL_UPDATE, vcpu); ++ vcpu->arch.switch_db_regs |= KVM_DEBUGREG_RELOAD; + } + + void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu) diff --git a/queue-4.4/pci-acpi-ia64-fix-io-port-generic-range-check.patch b/queue-4.4/pci-acpi-ia64-fix-io-port-generic-range-check.patch new file mode 100644 index 00000000000..95944fd5154 --- /dev/null +++ b/queue-4.4/pci-acpi-ia64-fix-io-port-generic-range-check.patch @@ -0,0 +1,113 @@ +From 4a2e7aab4ffce1e0e79b303dc2f9a03aa9f3a332 Mon Sep 17 00:00:00 2001 +From: Lorenzo Pieralisi +Date: Mon, 21 Mar 2016 11:12:55 +0000 +Subject: PCI: ACPI: IA64: fix IO port generic range check + +From: Lorenzo Pieralisi + +commit 4a2e7aab4ffce1e0e79b303dc2f9a03aa9f3a332 upstream. + +The [0 - 64k] ACPI PCI IO port resource boundary check in: + +acpi_dev_ioresource_flags() + +is currently applied blindly in the ACPI resource parsing to all +architectures, but only x86 suffers from that IO space limitation. + +On arches (ie IA64 and ARM64) where IO space is memory mapped, +the PCI root bridges IO resource windows are firstly initialized from +the _CRS (in acpi_decode_space()) and contain the CPU physical address +at which a root bridge decodes IO space in the CPU physical address +space with the offset value representing the offset required to translate +the PCI bus address into the CPU physical address. + +The IO resource windows are then parsed and updated in arch code +before creating and enumerating PCI buses (eg IA64 add_io_space()) +to map in an arch specific way the obtained CPU physical address range +to a slice of virtual address space reserved to map PCI IO space, +ending up with PCI bridges resource windows containing IO +resources like the following on a working IA64 configuration: + +PCI host bridge to bus 0000:00 +pci_bus 0000:00: root bus resource [io 0x1000000-0x100ffff window] (bus +address [0x0000-0xffff]) +pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000fffff window] +pci_bus 0000:00: root bus resource [mem 0x80000000-0x8fffffff window] +pci_bus 0000:00: root bus resource [mem 0x80004000000-0x800ffffffff window] +pci_bus 0000:00: root bus resource [bus 00] + +This implies that the [0 - 64K] check in acpi_dev_ioresource_flags() +leaves platforms with memory mapped IO space (ie IA64) broken (ie kernel +can't claim IO resources since the host bridge IO resource is disabled +and discarded by ACPI core code, see log on IA64 with missing root bridge +IO resource, silently filtered by current [0 - 64k] check in +acpi_dev_ioresource_flags()): + +PCI host bridge to bus 0000:00 +pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000fffff window] +pci_bus 0000:00: root bus resource [mem 0x80000000-0x8fffffff window] +pci_bus 0000:00: root bus resource [mem 0x80004000000-0x800ffffffff window] +pci_bus 0000:00: root bus resource [bus 00] + +[...] + +pci 0000:00:03.0: [1002:515e] type 00 class 0x030000 +pci 0000:00:03.0: reg 0x10: [mem 0x80000000-0x87ffffff pref] +pci 0000:00:03.0: reg 0x14: [io 0x1000-0x10ff] +pci 0000:00:03.0: reg 0x18: [mem 0x88020000-0x8802ffff] +pci 0000:00:03.0: reg 0x30: [mem 0x88000000-0x8801ffff pref] +pci 0000:00:03.0: supports D1 D2 +pci 0000:00:03.0: can't claim BAR 1 [io 0x1000-0x10ff]: no compatible +bridge window + +For this reason, the IO port resources boundaries check in generic ACPI +parsing code should be guarded with a CONFIG_X86 guard so that more arches +(ie ARM64) can benefit from the generic ACPI resources parsing interface +without incurring in unexpected resource filtering, fixing at the same +time current breakage on IA64. + +This patch factors out IO ports boundary [0 - 64k] check in generic ACPI +code and makes the IO space check X86 specific to make sure that IO +space resources are usable on other arches too. + +Fixes: 3772aea7d6f3 (ia64/PCI/ACPI: Use common ACPI resource parsing interface for host bridge) +Signed-off-by: Lorenzo Pieralisi +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/resource.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +--- a/drivers/acpi/resource.c ++++ b/drivers/acpi/resource.c +@@ -26,8 +26,20 @@ + + #ifdef CONFIG_X86 + #define valid_IRQ(i) (((i) != 0) && ((i) != 2)) ++static inline bool acpi_iospace_resource_valid(struct resource *res) ++{ ++ /* On X86 IO space is limited to the [0 - 64K] IO port range */ ++ return res->end < 0x10003; ++} + #else + #define valid_IRQ(i) (true) ++/* ++ * ACPI IO descriptors on arches other than X86 contain MMIO CPU physical ++ * addresses mapping IO space in CPU physical address space, IO space ++ * resources can be placed anywhere in the 64-bit physical address space. ++ */ ++static inline bool ++acpi_iospace_resource_valid(struct resource *res) { return true; } + #endif + + static bool acpi_dev_resource_len_valid(u64 start, u64 end, u64 len, bool io) +@@ -126,7 +138,7 @@ static void acpi_dev_ioresource_flags(st + if (!acpi_dev_resource_len_valid(res->start, res->end, len, true)) + res->flags |= IORESOURCE_DISABLED | IORESOURCE_UNSET; + +- if (res->end >= 0x10003) ++ if (!acpi_iospace_resource_valid(res)) + res->flags |= IORESOURCE_DISABLED | IORESOURCE_UNSET; + + if (io_decode == ACPI_DECODE_16) diff --git a/queue-4.4/pci-disable-io-mem-decoding-for-devices-with-non-compliant-bars.patch b/queue-4.4/pci-disable-io-mem-decoding-for-devices-with-non-compliant-bars.patch new file mode 100644 index 00000000000..580e28e5ec4 --- /dev/null +++ b/queue-4.4/pci-disable-io-mem-decoding-for-devices-with-non-compliant-bars.patch @@ -0,0 +1,79 @@ +From b84106b4e2290c081cdab521fa832596cdfea246 Mon Sep 17 00:00:00 2001 +From: Bjorn Helgaas +Date: Thu, 25 Feb 2016 14:35:57 -0600 +Subject: PCI: Disable IO/MEM decoding for devices with non-compliant BARs + +From: Bjorn Helgaas + +commit b84106b4e2290c081cdab521fa832596cdfea246 upstream. + +The PCI config header (first 64 bytes of each device's config space) is +defined by the PCI spec so generic software can identify the device and +manage its usage of I/O, memory, and IRQ resources. + +Some non-spec-compliant devices put registers other than BARs where the +BARs should be. When the PCI core sizes these "BARs", the reads and writes +it does may have unwanted side effects, and the "BAR" may appear to +describe non-sensical address space. + +Add a flag bit to mark non-compliant devices so we don't touch their BARs. +Turn off IO/MEM decoding to prevent the devices from consuming address +space, since we can't read the BARs to find out what that address space +would be. + +Signed-off-by: Bjorn Helgaas +Tested-by: Andi Kleen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/probe.c | 14 ++++++++++++++ + include/linux/pci.h | 1 + + 2 files changed, 15 insertions(+) + +--- a/drivers/pci/probe.c ++++ b/drivers/pci/probe.c +@@ -179,6 +179,9 @@ int __pci_read_base(struct pci_dev *dev, + u16 orig_cmd; + struct pci_bus_region region, inverted_region; + ++ if (dev->non_compliant_bars) ++ return 0; ++ + mask = type ? PCI_ROM_ADDRESS_MASK : ~0; + + /* No printks while decoding is disabled! */ +@@ -1174,6 +1177,7 @@ void pci_msi_setup_pci_dev(struct pci_de + int pci_setup_device(struct pci_dev *dev) + { + u32 class; ++ u16 cmd; + u8 hdr_type; + int pos = 0; + struct pci_bus_region region; +@@ -1219,6 +1223,16 @@ int pci_setup_device(struct pci_dev *dev + /* device class may be changed after fixup */ + class = dev->class >> 8; + ++ if (dev->non_compliant_bars) { ++ pci_read_config_word(dev, PCI_COMMAND, &cmd); ++ if (cmd & (PCI_COMMAND_IO | PCI_COMMAND_MEMORY)) { ++ dev_info(&dev->dev, "device has non-compliant BARs; disabling IO/MEM decoding\n"); ++ cmd &= ~PCI_COMMAND_IO; ++ cmd &= ~PCI_COMMAND_MEMORY; ++ pci_write_config_word(dev, PCI_COMMAND, cmd); ++ } ++ } ++ + switch (dev->hdr_type) { /* header type */ + case PCI_HEADER_TYPE_NORMAL: /* standard header */ + if (class == PCI_CLASS_BRIDGE_PCI) +--- a/include/linux/pci.h ++++ b/include/linux/pci.h +@@ -359,6 +359,7 @@ struct pci_dev { + unsigned int io_window_1k:1; /* Intel P2P bridge 1K I/O windows */ + unsigned int irq_managed:1; + unsigned int has_secondary_link:1; ++ unsigned int non_compliant_bars:1; /* broken BARs; ignore them */ + pci_dev_flags_t dev_flags; + atomic_t enable_cnt; /* pci_enable_device has been called */ + diff --git a/queue-4.4/perf-core-fix-perf_sched_count-derailment.patch b/queue-4.4/perf-core-fix-perf_sched_count-derailment.patch new file mode 100644 index 00000000000..3b3cb388091 --- /dev/null +++ b/queue-4.4/perf-core-fix-perf_sched_count-derailment.patch @@ -0,0 +1,69 @@ +From 927a5570855836e5d5859a80ce7e91e963545e8f Mon Sep 17 00:00:00 2001 +From: Alexander Shishkin +Date: Wed, 2 Mar 2016 13:24:14 +0200 +Subject: perf/core: Fix perf_sched_count derailment + +From: Alexander Shishkin + +commit 927a5570855836e5d5859a80ce7e91e963545e8f upstream. + +The error path in perf_event_open() is such that asking for a sampling +event on a PMU that doesn't generate interrupts will end up in dropping +the perf_sched_count even though it hasn't been incremented for this +event yet. + +Given a sufficient amount of these calls, we'll end up disabling +scheduler's jump label even though we'd still have active events in the +system, thereby facilitating the arrival of the infernal regions upon us. + +I'm fixing this by moving account_event() inside perf_event_alloc(). + +Signed-off-by: Alexander Shishkin +Signed-off-by: Peter Zijlstra (Intel) +Cc: Arnaldo Carvalho de Melo +Cc: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Stephane Eranian +Cc: Thomas Gleixner +Cc: Vince Weaver +Cc: vince@deater.net +Link: http://lkml.kernel.org/r/1456917854-29427-1-git-send-email-alexander.shishkin@linux.intel.com +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/events/core.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -7979,6 +7979,9 @@ perf_event_alloc(struct perf_event_attr + } + } + ++ /* symmetric to unaccount_event() in _free_event() */ ++ account_event(event); ++ + return event; + + err_per_task: +@@ -8342,8 +8345,6 @@ SYSCALL_DEFINE5(perf_event_open, + } + } + +- account_event(event); +- + /* + * Special case software events and allow them to be part of + * any hardware group. +@@ -8626,8 +8627,6 @@ perf_event_create_kernel_counter(struct + /* Mark owner so we could distinguish it from user events. */ + event->owner = EVENT_OWNER_KERNEL; + +- account_event(event); +- + ctx = find_get_context(event->pmu, task, event); + if (IS_ERR(ctx)) { + err = PTR_ERR(ctx); diff --git a/queue-4.4/perf-tools-dont-stop-pmu-parsing-on-alias-parse-error.patch b/queue-4.4/perf-tools-dont-stop-pmu-parsing-on-alias-parse-error.patch new file mode 100644 index 00000000000..eba6dabf947 --- /dev/null +++ b/queue-4.4/perf-tools-dont-stop-pmu-parsing-on-alias-parse-error.patch @@ -0,0 +1,74 @@ +From 940db6dcd3f4659303fdf6befe7416adc4d24118 Mon Sep 17 00:00:00 2001 +From: Andi Kleen +Date: Wed, 17 Feb 2016 14:44:55 -0800 +Subject: perf tools: Dont stop PMU parsing on alias parse error + +From: Andi Kleen + +commit 940db6dcd3f4659303fdf6befe7416adc4d24118 upstream. + +When an error happens during alias parsing currently the complete +parsing of all attributes of the PMU is stopped. This is breaks old perf +on a newer kernel that may have not-yet-know alias attributes (such as +.scale or .per-pkg). + +Continue when some attribute is unparseable. + +This is IMHO a stable candidate and should be backported to older +versions to avoid problems with newer kernels. + +v2: Print warnings when something goes wrong. +v3: Change warning to debug output + +Signed-off-by: Andi Kleen +Cc: Jiri Olsa +Link: http://lkml.kernel.org/r/1455749095-18358-1-git-send-email-andi@firstfloor.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/util/pmu.c | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +--- a/tools/perf/util/pmu.c ++++ b/tools/perf/util/pmu.c +@@ -283,13 +283,12 @@ static int pmu_aliases_parse(char *dir, + { + struct dirent *evt_ent; + DIR *event_dir; +- int ret = 0; + + event_dir = opendir(dir); + if (!event_dir) + return -EINVAL; + +- while (!ret && (evt_ent = readdir(event_dir))) { ++ while ((evt_ent = readdir(event_dir))) { + char path[PATH_MAX]; + char *name = evt_ent->d_name; + FILE *file; +@@ -305,17 +304,19 @@ static int pmu_aliases_parse(char *dir, + + snprintf(path, PATH_MAX, "%s/%s", dir, name); + +- ret = -EINVAL; + file = fopen(path, "r"); +- if (!file) +- break; ++ if (!file) { ++ pr_debug("Cannot open %s\n", path); ++ continue; ++ } + +- ret = perf_pmu__new_alias(head, dir, name, file); ++ if (perf_pmu__new_alias(head, dir, name, file) < 0) ++ pr_debug("Cannot set up %s\n", name); + fclose(file); + } + + closedir(event_dir); +- return ret; ++ return 0; + } + + /* diff --git a/queue-4.4/perf-tools-fix-checking-asprintf-return-value.patch b/queue-4.4/perf-tools-fix-checking-asprintf-return-value.patch new file mode 100644 index 00000000000..027525270b9 --- /dev/null +++ b/queue-4.4/perf-tools-fix-checking-asprintf-return-value.patch @@ -0,0 +1,53 @@ +From 26dee028d365fbc0e3326606a8520260b4462381 Mon Sep 17 00:00:00 2001 +From: Wang Nan +Date: Fri, 19 Feb 2016 11:43:52 +0000 +Subject: perf tools: Fix checking asprintf return value + +From: Wang Nan + +commit 26dee028d365fbc0e3326606a8520260b4462381 upstream. + +According to man pages, asprintf returns -1 when failure. This patch +fixes two incorrect return value checker. + +Signed-off-by: Wang Nan +Cc: Adrian Hunter +Cc: Alexei Starovoitov +Cc: Brendan Gregg +Cc: Cody P Schafer +Cc: He Kuang +Cc: Jeremie Galarneau +Cc: Jiri Olsa +Cc: Kirill Smelkov +Cc: Li Zefan +Cc: Masami Hiramatsu +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Zefan Li +Cc: pi3orama@163.com +Fixes: ffeb883e5662 ("perf tools: Show proper error message for wrong terms of hw/sw events") +Link: http://lkml.kernel.org/r/1455882283-79592-5-git-send-email-wangnan0@huawei.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/util/parse-events.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/tools/perf/util/parse-events.c ++++ b/tools/perf/util/parse-events.c +@@ -2101,11 +2101,11 @@ char *parse_events_formats_error_string( + + /* valid terms */ + if (additional_terms) { +- if (!asprintf(&str, "valid terms: %s,%s", +- additional_terms, static_terms)) ++ if (asprintf(&str, "valid terms: %s,%s", ++ additional_terms, static_terms) < 0) + goto fail; + } else { +- if (!asprintf(&str, "valid terms: %s", static_terms)) ++ if (asprintf(&str, "valid terms: %s", static_terms) < 0) + goto fail; + } + return str; diff --git a/queue-4.4/perf-tools-fix-python-extension-build.patch b/queue-4.4/perf-tools-fix-python-extension-build.patch new file mode 100644 index 00000000000..561577b3091 --- /dev/null +++ b/queue-4.4/perf-tools-fix-python-extension-build.patch @@ -0,0 +1,76 @@ +From 67d5268908283c187e0a460048a423256c2fb288 Mon Sep 17 00:00:00 2001 +From: Jiri Olsa +Date: Sat, 27 Feb 2016 21:21:12 +0100 +Subject: perf tools: Fix python extension build + +From: Jiri Olsa + +commit 67d5268908283c187e0a460048a423256c2fb288 upstream. + +The util/python-ext-sources file contains source files required to build +the python extension relative to $(srctree)/tools/perf, + +Such a file path $(FILE).c is handed over to the python extension build +system, which builds the final object in the +$(PYTHON_EXTBUILD)/tmp/$(FILE).o path. + +After the build is done all files from $(PYTHON_EXTBUILD)lib/ are +carried as the result binaries. + +Above system fails when we add source file relative to ../lib, which we +do for: + + ../lib/bitmap.c + ../lib/find_bit.c + ../lib/hweight.c + ../lib/rbtree.c + +All above objects will be built like: + + $(PYTHON_EXTBUILD)/tmp/../lib/bitmap.c + $(PYTHON_EXTBUILD)/tmp/../lib/find_bit.c + $(PYTHON_EXTBUILD)/tmp/../lib/hweight.c + $(PYTHON_EXTBUILD)/tmp/../lib/rbtree.c + +which accidentally happens to be final library path: + + $(PYTHON_EXTBUILD)/lib/ + +Changing setup.py to pass full paths of source files to Extension build +class and thus keep all built objects under $(PYTHON_EXTBUILD)tmp +directory. + +Reported-by: Jeff Bastian +Signed-off-by: Jiri Olsa +Tested-by: Josh Boyer +Cc: David Ahern +Cc: Namhyung Kim +Cc: Peter Zijlstra +Link: http://lkml.kernel.org/r/20160227201350.GB28494@krava.redhat.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/util/setup.py | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/tools/perf/util/setup.py ++++ b/tools/perf/util/setup.py +@@ -22,6 +22,7 @@ cflags = getenv('CFLAGS', '').split() + # switch off several checks (need to be at the end of cflags list) + cflags += ['-fno-strict-aliasing', '-Wno-write-strings', '-Wno-unused-parameter' ] + ++src_perf = getenv('srctree') + '/tools/perf' + build_lib = getenv('PYTHON_EXTBUILD_LIB') + build_tmp = getenv('PYTHON_EXTBUILD_TMP') + libtraceevent = getenv('LIBTRACEEVENT') +@@ -30,6 +31,9 @@ libapikfs = getenv('LIBAPI') + ext_sources = [f.strip() for f in file('util/python-ext-sources') + if len(f.strip()) > 0 and f[0] != '#'] + ++# use full paths with source files ++ext_sources = map(lambda x: '%s/%s' % (src_perf, x) , ext_sources) ++ + perf = Extension('perf', + sources = ext_sources, + include_dirs = ['util/include'], diff --git a/queue-4.4/perf-x86-intel-add-definition-for-pt-pmi-bit.patch b/queue-4.4/perf-x86-intel-add-definition-for-pt-pmi-bit.patch new file mode 100644 index 00000000000..5ad038cb87c --- /dev/null +++ b/queue-4.4/perf-x86-intel-add-definition-for-pt-pmi-bit.patch @@ -0,0 +1,42 @@ +From 5690ae28e472d25e330ad0c637a5cea3fc39fb32 Mon Sep 17 00:00:00 2001 +From: Stephane Eranian +Date: Thu, 3 Mar 2016 20:50:40 +0100 +Subject: perf/x86/intel: Add definition for PT PMI bit + +From: Stephane Eranian + +commit 5690ae28e472d25e330ad0c637a5cea3fc39fb32 upstream. + +This patch adds a definition for GLOBAL_OVFL_STATUS bit 55 +which is used with the Processor Trace (PT) feature. + +Signed-off-by: Stephane Eranian +Signed-off-by: Peter Zijlstra (Intel) +Cc: Alexander Shishkin +Cc: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: Vince Weaver +Cc: adrian.hunter@intel.com +Cc: kan.liang@intel.com +Cc: namhyung@kernel.org +Link: http://lkml.kernel.org/r/1457034642-21837-2-git-send-email-eranian@google.com +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/include/asm/perf_event.h | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/include/asm/perf_event.h ++++ b/arch/x86/include/asm/perf_event.h +@@ -165,6 +165,7 @@ struct x86_pmu_capability { + #define GLOBAL_STATUS_ASIF BIT_ULL(60) + #define GLOBAL_STATUS_COUNTERS_FROZEN BIT_ULL(59) + #define GLOBAL_STATUS_LBRS_FROZEN BIT_ULL(58) ++#define GLOBAL_STATUS_TRACE_TOPAPMI BIT_ULL(55) + + /* + * IBS cpuid feature detection diff --git a/queue-4.4/pinctrl-bcm2835-fix-cut-and-paste-error-in-pull-parsing.patch b/queue-4.4/pinctrl-bcm2835-fix-cut-and-paste-error-in-pull-parsing.patch new file mode 100644 index 00000000000..946e5fa8310 --- /dev/null +++ b/queue-4.4/pinctrl-bcm2835-fix-cut-and-paste-error-in-pull-parsing.patch @@ -0,0 +1,35 @@ +From 2c7e3306d23864d49f686f22e56e180ff0fffb7f Mon Sep 17 00:00:00 2001 +From: Phil Elwell +Date: Mon, 29 Feb 2016 17:30:08 -0800 +Subject: pinctrl-bcm2835: Fix cut-and-paste error in "pull" parsing + +From: Phil Elwell + +commit 2c7e3306d23864d49f686f22e56e180ff0fffb7f upstream. + +The DT bindings for pinctrl-bcm2835 allow both the function and pull +to contain either one entry or one per pin. However, an error in the +DT parsing can cause failures if the number of pulls differs from the +number of functions. + +Signed-off-by: Eric Anholt +Signed-off-by: Phil Elwell +Reviewed-by: Stephen Warren +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pinctrl/bcm/pinctrl-bcm2835.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/pinctrl/bcm/pinctrl-bcm2835.c ++++ b/drivers/pinctrl/bcm/pinctrl-bcm2835.c +@@ -779,7 +779,7 @@ static int bcm2835_pctl_dt_node_to_map(s + } + if (num_pulls) { + err = of_property_read_u32_index(np, "brcm,pull", +- (num_funcs > 1) ? i : 0, &pull); ++ (num_pulls > 1) ? i : 0, &pull); + if (err) + goto out; + err = bcm2835_pctl_dt_node_to_map_pull(pc, np, pin, diff --git a/queue-4.4/s390-cpumf-add-missing-lpp-magic-initialization.patch b/queue-4.4/s390-cpumf-add-missing-lpp-magic-initialization.patch new file mode 100644 index 00000000000..53fa4510064 --- /dev/null +++ b/queue-4.4/s390-cpumf-add-missing-lpp-magic-initialization.patch @@ -0,0 +1,38 @@ +From 8f100bb1ff27873dd71f636da670e503b9ade3c6 Mon Sep 17 00:00:00 2001 +From: Heiko Carstens +Date: Thu, 10 Mar 2016 10:32:21 +0100 +Subject: s390/cpumf: add missing lpp magic initialization + +From: Heiko Carstens + +commit 8f100bb1ff27873dd71f636da670e503b9ade3c6 upstream. + +Add the missing lpp magic initialization for cpu 0. Without this all +samples on cpu 0 do not have the most significant bit set in the +program parameter field, which we use to distinguish between guest and +host samples if the pid is also 0. + +We did initialize the lpp magic in the absolute zero lowcore but +forgot that when switching to the allocated lowcore on cpu 0 only. + +Reported-by: Shu Juan Zhang +Acked-by: Christian Borntraeger +Fixes: e22cf8ca6f75 ("s390/cpumf: rework program parameter setting to detect guest samples") +Signed-off-by: Heiko Carstens +Signed-off-by: Martin Schwidefsky +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/kernel/setup.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/s390/kernel/setup.c ++++ b/arch/s390/kernel/setup.c +@@ -329,6 +329,7 @@ static void __init setup_lowcore(void) + + PAGE_SIZE - STACK_FRAME_OVERHEAD - sizeof(struct pt_regs); + lc->current_task = (unsigned long) init_thread_union.thread_info.task; + lc->thread_info = (unsigned long) &init_thread_union; ++ lc->lpp = LPP_MAGIC; + lc->machine_flags = S390_lowcore.machine_flags; + lc->stfl_fac_list = S390_lowcore.stfl_fac_list; + memcpy(lc->stfle_fac_list, S390_lowcore.stfle_fac_list, diff --git a/queue-4.4/s390-fix-floating-pointer-register-corruption-again.patch b/queue-4.4/s390-fix-floating-pointer-register-corruption-again.patch new file mode 100644 index 00000000000..6c0d40a060e --- /dev/null +++ b/queue-4.4/s390-fix-floating-pointer-register-corruption-again.patch @@ -0,0 +1,149 @@ +From e370e4769463a65dcf8806fa26d2874e0542ac41 Mon Sep 17 00:00:00 2001 +From: Martin Schwidefsky +Date: Thu, 10 Mar 2016 09:52:55 +0100 +Subject: s390: fix floating pointer register corruption (again) + +From: Martin Schwidefsky + +commit e370e4769463a65dcf8806fa26d2874e0542ac41 upstream. + +There is a tricky interaction between the machine check handler +and the critical sections of load_fpu_regs and save_fpu_regs +functions. If the machine check interrupts one of the two +functions the critical section cleanup will complete the function +before the machine check handler s390_do_machine_check is called. +Trouble is that the machine check handler needs to validate the +floating point registers *before* and not *after* the completion +of load_fpu_regs/save_fpu_regs. + +The simplest solution is to rewind the PSW to the start of the +load_fpu_regs/save_fpu_regs and retry the function after the +return from the machine check handler. + +Tested-by: Christian Borntraeger +Signed-off-by: Martin Schwidefsky +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/kernel/entry.S | 106 ----------------------------------------------- + 1 file changed, 2 insertions(+), 104 deletions(-) + +--- a/arch/s390/kernel/entry.S ++++ b/arch/s390/kernel/entry.S +@@ -1197,114 +1197,12 @@ cleanup_critical: + .quad .Lpsw_idle_lpsw + + .Lcleanup_save_fpu_regs: +- TSTMSK __LC_CPU_FLAGS,_CIF_FPU +- bor %r14 +- clg %r9,BASED(.Lcleanup_save_fpu_regs_done) +- jhe 5f +- clg %r9,BASED(.Lcleanup_save_fpu_regs_fp) +- jhe 4f +- clg %r9,BASED(.Lcleanup_save_fpu_regs_vx_high) +- jhe 3f +- clg %r9,BASED(.Lcleanup_save_fpu_regs_vx_low) +- jhe 2f +- clg %r9,BASED(.Lcleanup_save_fpu_fpc_end) +- jhe 1f +- lg %r2,__LC_CURRENT +- aghi %r2,__TASK_thread +-0: # Store floating-point controls +- stfpc __THREAD_FPU_fpc(%r2) +-1: # Load register save area and check if VX is active +- lg %r3,__THREAD_FPU_regs(%r2) +- TSTMSK __LC_MACHINE_FLAGS,MACHINE_FLAG_VX +- jz 4f # no VX -> store FP regs +-2: # Store vector registers (V0-V15) +- VSTM %v0,%v15,0,%r3 # vstm 0,15,0(3) +-3: # Store vector registers (V16-V31) +- VSTM %v16,%v31,256,%r3 # vstm 16,31,256(3) +- j 5f # -> done, set CIF_FPU flag +-4: # Store floating-point registers +- std 0,0(%r3) +- std 1,8(%r3) +- std 2,16(%r3) +- std 3,24(%r3) +- std 4,32(%r3) +- std 5,40(%r3) +- std 6,48(%r3) +- std 7,56(%r3) +- std 8,64(%r3) +- std 9,72(%r3) +- std 10,80(%r3) +- std 11,88(%r3) +- std 12,96(%r3) +- std 13,104(%r3) +- std 14,112(%r3) +- std 15,120(%r3) +-5: # Set CIF_FPU flag +- oi __LC_CPU_FLAGS+7,_CIF_FPU +- lg %r9,48(%r11) # return from save_fpu_regs ++ larl %r9,save_fpu_regs + br %r14 +-.Lcleanup_save_fpu_fpc_end: +- .quad .Lsave_fpu_regs_fpc_end +-.Lcleanup_save_fpu_regs_vx_low: +- .quad .Lsave_fpu_regs_vx_low +-.Lcleanup_save_fpu_regs_vx_high: +- .quad .Lsave_fpu_regs_vx_high +-.Lcleanup_save_fpu_regs_fp: +- .quad .Lsave_fpu_regs_fp +-.Lcleanup_save_fpu_regs_done: +- .quad .Lsave_fpu_regs_done + + .Lcleanup_load_fpu_regs: +- TSTMSK __LC_CPU_FLAGS,_CIF_FPU +- bnor %r14 +- clg %r9,BASED(.Lcleanup_load_fpu_regs_done) +- jhe 1f +- clg %r9,BASED(.Lcleanup_load_fpu_regs_fp) +- jhe 2f +- clg %r9,BASED(.Lcleanup_load_fpu_regs_vx_high) +- jhe 3f +- clg %r9,BASED(.Lcleanup_load_fpu_regs_vx) +- jhe 4f +- lg %r4,__LC_CURRENT +- aghi %r4,__TASK_thread +- lfpc __THREAD_FPU_fpc(%r4) +- TSTMSK __LC_MACHINE_FLAGS,MACHINE_FLAG_VX +- lg %r4,__THREAD_FPU_regs(%r4) # %r4 <- reg save area +- jz 2f # -> no VX, load FP regs +-4: # Load V0 ..V15 registers +- VLM %v0,%v15,0,%r4 +-3: # Load V16..V31 registers +- VLM %v16,%v31,256,%r4 +- j 1f +-2: # Load floating-point registers +- ld 0,0(%r4) +- ld 1,8(%r4) +- ld 2,16(%r4) +- ld 3,24(%r4) +- ld 4,32(%r4) +- ld 5,40(%r4) +- ld 6,48(%r4) +- ld 7,56(%r4) +- ld 8,64(%r4) +- ld 9,72(%r4) +- ld 10,80(%r4) +- ld 11,88(%r4) +- ld 12,96(%r4) +- ld 13,104(%r4) +- ld 14,112(%r4) +- ld 15,120(%r4) +-1: # Clear CIF_FPU bit +- ni __LC_CPU_FLAGS+7,255-_CIF_FPU +- lg %r9,48(%r11) # return from load_fpu_regs ++ larl %r9,load_fpu_regs + br %r14 +-.Lcleanup_load_fpu_regs_vx: +- .quad .Lload_fpu_regs_vx +-.Lcleanup_load_fpu_regs_vx_high: +- .quad .Lload_fpu_regs_vx_high +-.Lcleanup_load_fpu_regs_fp: +- .quad .Lload_fpu_regs_fp +-.Lcleanup_load_fpu_regs_done: +- .quad .Lload_fpu_regs_done + + /* + * Integer constants diff --git a/queue-4.4/s390-pci-enforce-fmb-page-boundary-rule.patch b/queue-4.4/s390-pci-enforce-fmb-page-boundary-rule.patch new file mode 100644 index 00000000000..161108980e4 --- /dev/null +++ b/queue-4.4/s390-pci-enforce-fmb-page-boundary-rule.patch @@ -0,0 +1,49 @@ +From 80c544ded25ac14d7cc3e555abb8ed2c2da99b84 Mon Sep 17 00:00:00 2001 +From: Sebastian Ott +Date: Mon, 14 Mar 2016 15:47:23 +0100 +Subject: s390/pci: enforce fmb page boundary rule + +From: Sebastian Ott + +commit 80c544ded25ac14d7cc3e555abb8ed2c2da99b84 upstream. + +The function measurement block must not cross a page boundary. Ensure +that by raising the alignment requirement to the smallest power of 2 +larger than the size of the fmb. + +Fixes: d0b088531 ("s390/pci: performance statistics and debug infrastructure") +Signed-off-by: Sebastian Ott +Signed-off-by: Martin Schwidefsky +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/include/asm/pci.h | 2 +- + arch/s390/pci/pci.c | 5 ++++- + 2 files changed, 5 insertions(+), 2 deletions(-) + +--- a/arch/s390/include/asm/pci.h ++++ b/arch/s390/include/asm/pci.h +@@ -45,7 +45,7 @@ struct zpci_fmb { + u64 rpcit_ops; + u64 dma_rbytes; + u64 dma_wbytes; +-} __packed __aligned(16); ++} __packed __aligned(64); + + enum zpci_state { + ZPCI_FN_STATE_RESERVED, +--- a/arch/s390/pci/pci.c ++++ b/arch/s390/pci/pci.c +@@ -871,8 +871,11 @@ static inline int barsize(u8 size) + + static int zpci_mem_init(void) + { ++ BUILD_BUG_ON(!is_power_of_2(__alignof__(struct zpci_fmb)) || ++ __alignof__(struct zpci_fmb) < sizeof(struct zpci_fmb)); ++ + zdev_fmb_cache = kmem_cache_create("PCI_FMB_cache", sizeof(struct zpci_fmb), +- 16, 0, NULL); ++ __alignof__(struct zpci_fmb), 0, NULL); + if (!zdev_fmb_cache) + goto error_zdev; + diff --git a/queue-4.4/sched-cputime-fix-steal_account_process_tick-to-always-return-jiffies.patch b/queue-4.4/sched-cputime-fix-steal_account_process_tick-to-always-return-jiffies.patch new file mode 100644 index 00000000000..2adcc443564 --- /dev/null +++ b/queue-4.4/sched-cputime-fix-steal_account_process_tick-to-always-return-jiffies.patch @@ -0,0 +1,72 @@ +From f9c904b7613b8b4c85b10cd6b33ad41b2843fa9d Mon Sep 17 00:00:00 2001 +From: Chris Friesen +Date: Sat, 5 Mar 2016 23:18:48 -0600 +Subject: sched/cputime: Fix steal_account_process_tick() to always return jiffies + +From: Chris Friesen + +commit f9c904b7613b8b4c85b10cd6b33ad41b2843fa9d upstream. + +The callers of steal_account_process_tick() expect it to return +whether a jiffy should be considered stolen or not. + +Currently the return value of steal_account_process_tick() is in +units of cputime, which vary between either jiffies or nsecs +depending on CONFIG_VIRT_CPU_ACCOUNTING_GEN. + +If cputime has nsecs granularity and there is a tiny amount of +stolen time (a few nsecs, say) then we will consider the entire +tick stolen and will not account the tick on user/system/idle, +causing /proc/stats to show invalid data. + +The fix is to change steal_account_process_tick() to accumulate +the stolen time and only account it once it's worth a jiffy. + +(Thanks to Frederic Weisbecker for suggestions to fix a bug in my +first version of the patch.) + +Signed-off-by: Chris Friesen +Signed-off-by: Peter Zijlstra (Intel) +Reviewed-by: Thomas Gleixner +Cc: Frederic Weisbecker +Cc: Linus Torvalds +Cc: Peter Zijlstra +Link: http://lkml.kernel.org/r/56DBBDB8.40305@mail.usask.ca +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/sched/cputime.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +--- a/kernel/sched/cputime.c ++++ b/kernel/sched/cputime.c +@@ -259,21 +259,21 @@ static __always_inline bool steal_accoun + #ifdef CONFIG_PARAVIRT + if (static_key_false(¶virt_steal_enabled)) { + u64 steal; +- cputime_t steal_ct; ++ unsigned long steal_jiffies; + + steal = paravirt_steal_clock(smp_processor_id()); + steal -= this_rq()->prev_steal_time; + + /* +- * cputime_t may be less precise than nsecs (eg: if it's +- * based on jiffies). Lets cast the result to cputime ++ * steal is in nsecs but our caller is expecting steal ++ * time in jiffies. Lets cast the result to jiffies + * granularity and account the rest on the next rounds. + */ +- steal_ct = nsecs_to_cputime(steal); +- this_rq()->prev_steal_time += cputime_to_nsecs(steal_ct); ++ steal_jiffies = nsecs_to_jiffies(steal); ++ this_rq()->prev_steal_time += jiffies_to_nsecs(steal_jiffies); + +- account_steal_time(steal_ct); +- return steal_ct; ++ account_steal_time(jiffies_to_cputime(steal_jiffies)); ++ return steal_jiffies; + } + #endif + return false; diff --git a/queue-4.4/sched-preempt-sh-kmap_coherent-relies-on-disabled-preemption.patch b/queue-4.4/sched-preempt-sh-kmap_coherent-relies-on-disabled-preemption.patch new file mode 100644 index 00000000000..6e2168c62e5 --- /dev/null +++ b/queue-4.4/sched-preempt-sh-kmap_coherent-relies-on-disabled-preemption.patch @@ -0,0 +1,39 @@ +From b15d53d009558d14c4f394a6d1fa2039c7f45c43 Mon Sep 17 00:00:00 2001 +From: David Hildenbrand +Date: Mon, 29 Feb 2016 09:19:24 +0100 +Subject: sched/preempt, sh: kmap_coherent relies on disabled preemption + +From: David Hildenbrand + +commit b15d53d009558d14c4f394a6d1fa2039c7f45c43 upstream. + +kmap_coherent needs disabled preemption to not schedule in the critical +section, just like kmap_coherent on mips and kmap_atomic in general. + +Fixes: 8222dbe21e79 "sched/preempt, mm/fault: Decouple preemption from the page fault logic" +Reported-by: Hans Verkuil +Signed-off-by: David Hildenbrand +Tested-by: Hans Verkuil +Signed-off-by: Rich Felker +Signed-off-by: Greg Kroah-Hartman + +--- + arch/sh/mm/kmap.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/sh/mm/kmap.c ++++ b/arch/sh/mm/kmap.c +@@ -36,6 +36,7 @@ void *kmap_coherent(struct page *page, u + + BUG_ON(!test_bit(PG_dcache_clean, &page->flags)); + ++ preempt_disable(); + pagefault_disable(); + + idx = FIX_CMAP_END - +@@ -64,4 +65,5 @@ void kunmap_coherent(void *kvaddr) + } + + pagefault_enable(); ++ preempt_enable(); + } diff --git a/queue-4.4/series b/queue-4.4/series index 2f19c374f34..a9fa648ccef 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -4,3 +4,29 @@ regulator-core-fix-nested-locking-of-supplies.patch asoc-samsung-pass-dma-channels-as-pointers.patch mmc-sh_mmcif-rework-dma-channel-handling.patch mmc-sh_mmcif-correct-tx-dma-channel-allocation.patch +x86-microcode-intel-make-early-loader-look-for-builtin-microcode-too.patch +x86-microcode-untangle-from-blk_dev_initrd.patch +x86-entry-compat-keep-ts_compat-set-during-signal-delivery.patch +perf-x86-intel-add-definition-for-pt-pmi-bit.patch +x86-pci-mark-broadwell-ep-home-agent-pcu-as-having-non-compliant-bars.patch +kvm-x86-fix-missed-hardware-breakpoints.patch +kvm-i8254-change-pit-discard-tick-policy.patch +kvm-fix-spin_lock_init-order-on-x86.patch +kvm-vmx-avoid-guest-hang-on-invalid-invept-instruction.patch +kvm-vmx-avoid-guest-hang-on-invalid-invvpid-instruction.patch +kvm-vmx-fix-nested-vpid-for-old-kvm-guests.patch +perf-core-fix-perf_sched_count-derailment.patch +perf-tools-dont-stop-pmu-parsing-on-alias-parse-error.patch +perf-tools-fix-checking-asprintf-return-value.patch +perf-tools-fix-python-extension-build.patch +thermal-ignore-invalid-trip-points.patch +sched-cputime-fix-steal_account_process_tick-to-always-return-jiffies.patch +sched-preempt-sh-kmap_coherent-relies-on-disabled-preemption.patch +edac-sb_edac-fix-computation-of-channel-address.patch +edac-amd64_edac-shift-wrapping-issue-in-f1x_get_norm_dct_addr.patch +s390-fix-floating-pointer-register-corruption-again.patch +s390-cpumf-add-missing-lpp-magic-initialization.patch +s390-pci-enforce-fmb-page-boundary-rule.patch +pinctrl-bcm2835-fix-cut-and-paste-error-in-pull-parsing.patch +pci-disable-io-mem-decoding-for-devices-with-non-compliant-bars.patch +pci-acpi-ia64-fix-io-port-generic-range-check.patch diff --git a/queue-4.4/thermal-ignore-invalid-trip-points.patch b/queue-4.4/thermal-ignore-invalid-trip-points.patch new file mode 100644 index 00000000000..da1a5d20d29 --- /dev/null +++ b/queue-4.4/thermal-ignore-invalid-trip-points.patch @@ -0,0 +1,106 @@ +From 81ad4276b505e987dd8ebbdf63605f92cd172b52 Mon Sep 17 00:00:00 2001 +From: Zhang Rui +Date: Fri, 18 Mar 2016 10:03:24 +0800 +Subject: Thermal: Ignore invalid trip points + +From: Zhang Rui + +commit 81ad4276b505e987dd8ebbdf63605f92cd172b52 upstream. + +In some cases, platform thermal driver may report invalid trip points, +thermal core should not take any action for these trip points. + +This fixed a regression that bogus trip point starts to screw up thermal +control on some Lenovo laptops, after +commit bb431ba26c5cd0a17c941ca6c3a195a3a6d5d461 +Author: Zhang Rui +Date: Fri Oct 30 16:31:47 2015 +0800 + + Thermal: initialize thermal zone device correctly + + After thermal zone device registered, as we have not read any + temperature before, thus tz->temperature should not be 0, + which actually means 0C, and thermal trend is not available. + In this case, we need specially handling for the first + thermal_zone_device_update(). + + Both thermal core framework and step_wise governor is + enhanced to handle this. And since the step_wise governor + is the only one that uses trends, so it's the only thermal + governor that needs to be updated. + + Tested-by: Manuel Krause + Tested-by: szegad + Tested-by: prash + Tested-by: amish + Tested-by: Matthias + Reviewed-by: Javi Merino + Signed-off-by: Zhang Rui + Signed-off-by: Chen Yu + +Link: https://bugzilla.redhat.com/show_bug.cgi?id=1317190 +Link: https://bugzilla.kernel.org/show_bug.cgi?id=114551 +Signed-off-by: Zhang Rui +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/thermal/thermal_core.c | 13 ++++++++++++- + include/linux/thermal.h | 2 ++ + 2 files changed, 14 insertions(+), 1 deletion(-) + +--- a/drivers/thermal/thermal_core.c ++++ b/drivers/thermal/thermal_core.c +@@ -454,6 +454,10 @@ static void handle_thermal_trip(struct t + { + enum thermal_trip_type type; + ++ /* Ignore disabled trip points */ ++ if (test_bit(trip, &tz->trips_disabled)) ++ return; ++ + tz->ops->get_trip_type(tz, trip, &type); + + if (type == THERMAL_TRIP_CRITICAL || type == THERMAL_TRIP_HOT) +@@ -1796,6 +1800,7 @@ struct thermal_zone_device *thermal_zone + { + struct thermal_zone_device *tz; + enum thermal_trip_type trip_type; ++ int trip_temp; + int result; + int count; + int passive = 0; +@@ -1867,9 +1872,15 @@ struct thermal_zone_device *thermal_zone + goto unregister; + + for (count = 0; count < trips; count++) { +- tz->ops->get_trip_type(tz, count, &trip_type); ++ if (tz->ops->get_trip_type(tz, count, &trip_type)) ++ set_bit(count, &tz->trips_disabled); + if (trip_type == THERMAL_TRIP_PASSIVE) + passive = 1; ++ if (tz->ops->get_trip_temp(tz, count, &trip_temp)) ++ set_bit(count, &tz->trips_disabled); ++ /* Check for bogus trip points */ ++ if (trip_temp == 0) ++ set_bit(count, &tz->trips_disabled); + } + + if (!passive) { +--- a/include/linux/thermal.h ++++ b/include/linux/thermal.h +@@ -156,6 +156,7 @@ struct thermal_attr { + * @trip_hyst_attrs: attributes for trip points for sysfs: trip hysteresis + * @devdata: private pointer for device private data + * @trips: number of trip points the thermal zone supports ++ * @trips_disabled; bitmap for disabled trips + * @passive_delay: number of milliseconds to wait between polls when + * performing passive cooling. + * @polling_delay: number of milliseconds to wait between polls when +@@ -191,6 +192,7 @@ struct thermal_zone_device { + struct thermal_attr *trip_hyst_attrs; + void *devdata; + int trips; ++ unsigned long trips_disabled; /* bitmap for disabled trips */ + int passive_delay; + int polling_delay; + int temperature; diff --git a/queue-4.4/x86-entry-compat-keep-ts_compat-set-during-signal-delivery.patch b/queue-4.4/x86-entry-compat-keep-ts_compat-set-during-signal-delivery.patch new file mode 100644 index 00000000000..326d2b90fc6 --- /dev/null +++ b/queue-4.4/x86-entry-compat-keep-ts_compat-set-during-signal-delivery.patch @@ -0,0 +1,89 @@ +From 4e79e182b419172e35936a47f098509092d69817 Mon Sep 17 00:00:00 2001 +From: Andy Lutomirski +Date: Wed, 10 Feb 2016 14:15:27 -0800 +Subject: x86/entry/compat: Keep TS_COMPAT set during signal delivery + +From: Andy Lutomirski + +commit 4e79e182b419172e35936a47f098509092d69817 upstream. + +Signal delivery needs to know the sign of an interrupted syscall's +return value in order to detect -ERESTART variants. Normally this +works independently of bitness because syscalls internally return +long. Under ptrace, however, this can break, and syscall_get_error +is supposed to sign-extend regs->ax if needed. + +We were clearing TS_COMPAT too early, though, and this prevented +sign extension, which subtly broke syscall restart under ptrace. + +Reported-by: Robert O'Callahan +Signed-off-by: Andy Lutomirski +Cc: Al Viro +Cc: Andy Lutomirski +Cc: Borislav Petkov +Cc: Brian Gerst +Cc: Denys Vlasenko +Cc: H. Peter Anvin +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Shuah Khan +Cc: Thomas Gleixner +Fixes: c5c46f59e4e7 ("x86/entry: Add new, comprehensible entry and exit handlers written in C") +Link: http://lkml.kernel.org/r/cbce3cf545522f64eb37f5478cb59746230db3b5.1455142412.git.luto@kernel.org +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/entry/common.c | 23 +++++++++++++---------- + 1 file changed, 13 insertions(+), 10 deletions(-) + +--- a/arch/x86/entry/common.c ++++ b/arch/x86/entry/common.c +@@ -268,6 +268,7 @@ static void exit_to_usermode_loop(struct + /* Called with IRQs disabled. */ + __visible inline void prepare_exit_to_usermode(struct pt_regs *regs) + { ++ struct thread_info *ti = pt_regs_to_thread_info(regs); + u32 cached_flags; + + if (IS_ENABLED(CONFIG_PROVE_LOCKING) && WARN_ON(!irqs_disabled())) +@@ -275,12 +276,22 @@ __visible inline void prepare_exit_to_us + + lockdep_sys_exit(); + +- cached_flags = +- READ_ONCE(pt_regs_to_thread_info(regs)->flags); ++ cached_flags = READ_ONCE(ti->flags); + + if (unlikely(cached_flags & EXIT_TO_USERMODE_LOOP_FLAGS)) + exit_to_usermode_loop(regs, cached_flags); + ++#ifdef CONFIG_COMPAT ++ /* ++ * Compat syscalls set TS_COMPAT. Make sure we clear it before ++ * returning to user mode. We need to clear it *after* signal ++ * handling, because syscall restart has a fixup for compat ++ * syscalls. The fixup is exercised by the ptrace_syscall_32 ++ * selftest. ++ */ ++ ti->status &= ~TS_COMPAT; ++#endif ++ + user_enter(); + } + +@@ -332,14 +343,6 @@ __visible inline void syscall_return_slo + if (unlikely(cached_flags & SYSCALL_EXIT_WORK_FLAGS)) + syscall_slow_exit_work(regs, cached_flags); + +-#ifdef CONFIG_COMPAT +- /* +- * Compat syscalls set TS_COMPAT. Make sure we clear it before +- * returning to user mode. +- */ +- ti->status &= ~TS_COMPAT; +-#endif +- + local_irq_disable(); + prepare_exit_to_usermode(regs); + } diff --git a/queue-4.4/x86-microcode-intel-make-early-loader-look-for-builtin-microcode-too.patch b/queue-4.4/x86-microcode-intel-make-early-loader-look-for-builtin-microcode-too.patch new file mode 100644 index 00000000000..3be375d6c41 --- /dev/null +++ b/queue-4.4/x86-microcode-intel-make-early-loader-look-for-builtin-microcode-too.patch @@ -0,0 +1,72 @@ +From 264285ac01673e70557c43ecee338ce97c4c0672 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Wed, 3 Feb 2016 12:33:30 +0100 +Subject: x86/microcode/intel: Make early loader look for builtin microcode too + +From: Borislav Petkov + +commit 264285ac01673e70557c43ecee338ce97c4c0672 upstream. + +Set the initrd @start depending on the presence of an initrd. Otherwise, +builtin microcode loading doesn't work as the start is wrong and we're +using it to compute offset to the microcode blobs. + +Tested-by: Thomas Voegtle +Signed-off-by: Borislav Petkov +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Link: http://lkml.kernel.org/r/1454499225-21544-3-git-send-email-bp@alien8.de +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/microcode/intel.c | 24 ++++++++++++++++-------- + 1 file changed, 16 insertions(+), 8 deletions(-) + +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -555,10 +555,14 @@ scan_microcode(struct mc_saved_data *mc_ + cd.data = NULL; + cd.size = 0; + +- cd = find_cpio_data(p, (void *)start, size, &offset); +- if (!cd.data) { ++ /* try built-in microcode if no initrd */ ++ if (!size) { + if (!load_builtin_intel_microcode(&cd)) + return UCODE_ERROR; ++ } else { ++ cd = find_cpio_data(p, (void *)start, size, &offset); ++ if (!cd.data) ++ return UCODE_ERROR; + } + + return get_matching_model_microcode(0, start, cd.data, cd.size, +@@ -732,16 +736,20 @@ void __init load_ucode_intel_bsp(void) + struct boot_params *p; + + p = (struct boot_params *)__pa_nodebug(&boot_params); +- start = p->hdr.ramdisk_image; + size = p->hdr.ramdisk_size; + +- _load_ucode_intel_bsp( +- (struct mc_saved_data *)__pa_nodebug(&mc_saved_data), +- (unsigned long *)__pa_nodebug(&mc_saved_in_initrd), +- start, size); ++ /* ++ * Set start only if we have an initrd image. We cannot use initrd_start ++ * because it is not set that early yet. ++ */ ++ start = (size ? p->hdr.ramdisk_image : 0); ++ ++ _load_ucode_intel_bsp((struct mc_saved_data *)__pa_nodebug(&mc_saved_data), ++ (unsigned long *)__pa_nodebug(&mc_saved_in_initrd), ++ start, size); + #else +- start = boot_params.hdr.ramdisk_image + PAGE_OFFSET; + size = boot_params.hdr.ramdisk_size; ++ start = (size ? boot_params.hdr.ramdisk_image + PAGE_OFFSET : 0); + + _load_ucode_intel_bsp(&mc_saved_data, mc_saved_in_initrd, start, size); + #endif diff --git a/queue-4.4/x86-microcode-untangle-from-blk_dev_initrd.patch b/queue-4.4/x86-microcode-untangle-from-blk_dev_initrd.patch new file mode 100644 index 00000000000..51ad672d6d9 --- /dev/null +++ b/queue-4.4/x86-microcode-untangle-from-blk_dev_initrd.patch @@ -0,0 +1,153 @@ +From 5f9c01aa7c49a2d74474d6d879a797b8badf29e6 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Wed, 3 Feb 2016 12:33:29 +0100 +Subject: x86/microcode: Untangle from BLK_DEV_INITRD + +From: Borislav Petkov + +commit 5f9c01aa7c49a2d74474d6d879a797b8badf29e6 upstream. + +Thomas Voegtle reported that doing oldconfig with a .config which has +CONFIG_MICROCODE enabled but BLK_DEV_INITRD disabled prevents the +microcode loading mechanism from being built. + +So untangle it from the BLK_DEV_INITRD dependency so that oldconfig +doesn't turn it off and add an explanatory text to its Kconfig help what +the supported methods for supplying microcode are. + +Reported-by: Thomas Voegtle +Tested-by: Thomas Voegtle +Signed-off-by: Borislav Petkov +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Link: http://lkml.kernel.org/r/1454499225-21544-2-git-send-email-bp@alien8.de +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/Kconfig | 23 ++++++++++++----------- + arch/x86/include/asm/microcode.h | 26 ++++++++++++++++++++++++++ + arch/x86/kernel/cpu/microcode/intel.c | 14 ++++---------- + 3 files changed, 42 insertions(+), 21 deletions(-) + +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -1126,22 +1126,23 @@ config MICROCODE + bool "CPU microcode loading support" + default y + depends on CPU_SUP_AMD || CPU_SUP_INTEL +- depends on BLK_DEV_INITRD + select FW_LOADER + ---help--- +- + If you say Y here, you will be able to update the microcode on +- certain Intel and AMD processors. The Intel support is for the +- IA32 family, e.g. Pentium Pro, Pentium II, Pentium III, Pentium 4, +- Xeon etc. The AMD support is for families 0x10 and later. You will +- obviously need the actual microcode binary data itself which is not +- shipped with the Linux kernel. ++ Intel and AMD processors. The Intel support is for the IA32 family, ++ e.g. Pentium Pro, Pentium II, Pentium III, Pentium 4, Xeon etc. The ++ AMD support is for families 0x10 and later. You will obviously need ++ the actual microcode binary data itself which is not shipped with ++ the Linux kernel. + +- This option selects the general module only, you need to select +- at least one vendor specific module as well. ++ The preferred method to load microcode from a detached initrd is described ++ in Documentation/x86/early-microcode.txt. For that you need to enable ++ CONFIG_BLK_DEV_INITRD in order for the loader to be able to scan the ++ initrd for microcode blobs. + +- To compile this driver as a module, choose M here: the module +- will be called microcode. ++ In addition, you can build-in the microcode into the kernel. For that you ++ need to enable FIRMWARE_IN_KERNEL and add the vendor-supplied microcode ++ to the CONFIG_EXTRA_FIRMWARE config option. + + config MICROCODE_INTEL + bool "Intel microcode loading support" +--- a/arch/x86/include/asm/microcode.h ++++ b/arch/x86/include/asm/microcode.h +@@ -2,6 +2,7 @@ + #define _ASM_X86_MICROCODE_H + + #include ++#include + + #define native_rdmsr(msr, val1, val2) \ + do { \ +@@ -168,4 +169,29 @@ static inline void reload_early_microcod + static inline bool + get_builtin_firmware(struct cpio_data *cd, const char *name) { return false; } + #endif ++ ++static inline unsigned long get_initrd_start(void) ++{ ++#ifdef CONFIG_BLK_DEV_INITRD ++ return initrd_start; ++#else ++ return 0; ++#endif ++} ++ ++static inline unsigned long get_initrd_start_addr(void) ++{ ++#ifdef CONFIG_BLK_DEV_INITRD ++#ifdef CONFIG_X86_32 ++ unsigned long *initrd_start_p = (unsigned long *)__pa_nodebug(&initrd_start); ++ ++ return (unsigned long)__pa_nodebug(*initrd_start_p); ++#else ++ return get_initrd_start(); ++#endif ++#else /* CONFIG_BLK_DEV_INITRD */ ++ return 0; ++#endif ++} ++ + #endif /* _ASM_X86_MICROCODE_H */ +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -698,7 +698,7 @@ int __init save_microcode_in_initrd_inte + if (count == 0) + return ret; + +- copy_initrd_ptrs(mc_saved, mc_saved_in_initrd, initrd_start, count); ++ copy_initrd_ptrs(mc_saved, mc_saved_in_initrd, get_initrd_start(), count); + ret = save_microcode(&mc_saved_data, mc_saved, count); + if (ret) + pr_err("Cannot save microcode patches from initrd.\n"); +@@ -760,20 +760,14 @@ void load_ucode_intel_ap(void) + struct mc_saved_data *mc_saved_data_p; + struct ucode_cpu_info uci; + unsigned long *mc_saved_in_initrd_p; +- unsigned long initrd_start_addr; + enum ucode_state ret; + #ifdef CONFIG_X86_32 +- unsigned long *initrd_start_p; + +- mc_saved_in_initrd_p = +- (unsigned long *)__pa_nodebug(mc_saved_in_initrd); ++ mc_saved_in_initrd_p = (unsigned long *)__pa_nodebug(mc_saved_in_initrd); + mc_saved_data_p = (struct mc_saved_data *)__pa_nodebug(&mc_saved_data); +- initrd_start_p = (unsigned long *)__pa_nodebug(&initrd_start); +- initrd_start_addr = (unsigned long)__pa_nodebug(*initrd_start_p); + #else +- mc_saved_data_p = &mc_saved_data; + mc_saved_in_initrd_p = mc_saved_in_initrd; +- initrd_start_addr = initrd_start; ++ mc_saved_data_p = &mc_saved_data; + #endif + + /* +@@ -785,7 +779,7 @@ void load_ucode_intel_ap(void) + + collect_cpu_info_early(&uci); + ret = load_microcode(mc_saved_data_p, mc_saved_in_initrd_p, +- initrd_start_addr, &uci); ++ get_initrd_start_addr(), &uci); + + if (ret != UCODE_OK) + return; diff --git a/queue-4.4/x86-pci-mark-broadwell-ep-home-agent-pcu-as-having-non-compliant-bars.patch b/queue-4.4/x86-pci-mark-broadwell-ep-home-agent-pcu-as-having-non-compliant-bars.patch new file mode 100644 index 00000000000..6ceab865896 --- /dev/null +++ b/queue-4.4/x86-pci-mark-broadwell-ep-home-agent-pcu-as-having-non-compliant-bars.patch @@ -0,0 +1,38 @@ +From b894157145e4ac7598d7062bc93320898a5e059e Mon Sep 17 00:00:00 2001 +From: Bjorn Helgaas +Date: Fri, 26 Feb 2016 09:15:11 -0600 +Subject: x86/PCI: Mark Broadwell-EP Home Agent & PCU as having non-compliant BARs + +From: Bjorn Helgaas + +commit b894157145e4ac7598d7062bc93320898a5e059e upstream. + +The Home Agent and PCU PCI devices in Broadwell-EP have a non-BAR register +where a BAR should be. We don't know what the side effects of sizing the +"BAR" would be, and we don't know what address space the "BAR" might appear +to describe. + +Mark these devices as having non-compliant BARs so the PCI core doesn't +touch them. + +Signed-off-by: Bjorn Helgaas +Tested-by: Andi Kleen +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/pci/fixup.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/arch/x86/pci/fixup.c ++++ b/arch/x86/pci/fixup.c +@@ -540,3 +540,10 @@ static void twinhead_reserve_killing_zon + } + } + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x27B9, twinhead_reserve_killing_zone); ++ ++static void pci_bdwep_bar(struct pci_dev *dev) ++{ ++ dev->non_compliant_bars = 1; ++} ++DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x6fa0, pci_bdwep_bar); ++DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x6fc0, pci_bdwep_bar);