From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 16 Aug 2013 00:46:50 +0000 (-0700)
Subject: 3.10-stable patches
X-Git-Tag: v3.0.92~30
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e6708cf32d3995a9d9144ea839dffc2da9c528cb;p=thirdparty%2Fkernel%2Fstable-queue.git

3.10-stable patches

added patches:
	arm-kvm-add-missing-dsb-before-invalidating-stage-2-tlbs.patch
	arm-kvm-clear-exclusive-monitor-on-all-exception-returns.patch
	arm-kvm-perform-save-restore-of-par.patch
---

diff --git a/queue-3.10/arm-kvm-add-missing-dsb-before-invalidating-stage-2-tlbs.patch b/queue-3.10/arm-kvm-add-missing-dsb-before-invalidating-stage-2-tlbs.patch
new file mode 100644
index 00000000000..79549abb2bf
--- /dev/null
+++ b/queue-3.10/arm-kvm-add-missing-dsb-before-invalidating-stage-2-tlbs.patch
@@ -0,0 +1,34 @@
+From 479c5ae2f8a55509b691494cd13691d3dc31d102 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Fri, 21 Jun 2013 13:08:47 +0100
+Subject: ARM: KVM: add missing dsb before invalidating Stage-2 TLBs
+
+From: Marc Zyngier <marc.zyngier@arm.com>
+
+commit 479c5ae2f8a55509b691494cd13691d3dc31d102 upstream.
+
+When performing a Stage-2 TLB invalidation, it is necessary to
+make sure the write to the page tables is observable by all CPUs.
+
+For this purpose, add a dsb instruction to __kvm_tlb_flush_vmid_ipa
+before doing the TLB invalidation itself.
+
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
+Signed-off-by: Jonghwan Choi <jhbird.choi@samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/kvm/interrupts.S |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/arm/kvm/interrupts.S
++++ b/arch/arm/kvm/interrupts.S
+@@ -49,6 +49,7 @@ __kvm_hyp_code_start:
+ ENTRY(__kvm_tlb_flush_vmid_ipa)
+ 	push	{r2, r3}
+ 
++	dsb	ishst
+ 	add	r0, r0, #KVM_VTTBR
+ 	ldrd	r2, r3, [r0]
+ 	mcrr	p15, 6, r2, r3, c2	@ Write VTTBR
diff --git a/queue-3.10/arm-kvm-clear-exclusive-monitor-on-all-exception-returns.patch b/queue-3.10/arm-kvm-clear-exclusive-monitor-on-all-exception-returns.patch
new file mode 100644
index 00000000000..98266adbee3
--- /dev/null
+++ b/queue-3.10/arm-kvm-clear-exclusive-monitor-on-all-exception-returns.patch
@@ -0,0 +1,47 @@
+From 22cfbb6d730ca2fda236b507d9fba17bf002736c Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Fri, 21 Jun 2013 13:08:48 +0100
+Subject: ARM: KVM: clear exclusive monitor on all exception returns
+
+From: Marc Zyngier <marc.zyngier@arm.com>
+
+commit 22cfbb6d730ca2fda236b507d9fba17bf002736c upstream.
+
+Make sure we clear the exclusive monitor on all exception returns,
+which otherwise could lead to lock corruptions.
+
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
+Signed-off-by: Jonghwan Choi <jhbird.choi@samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/kvm/interrupts.S |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/arch/arm/kvm/interrupts.S
++++ b/arch/arm/kvm/interrupts.S
+@@ -292,6 +292,7 @@ THUMB(	orr	r2, r2, #PSR_T_BIT	)
+ 	ldr	r2, =BSYM(panic)
+ 	msr	ELR_hyp, r2
+ 	ldr	r0, =\panic_str
++	clrex				@ Clear exclusive monitor
+ 	eret
+ .endm
+ 
+@@ -441,6 +442,7 @@ guest_trap:
+ 
+ 4:	pop	{r0, r1}		@ Failed translation, return to guest
+ 	mcrr	p15, 0, r0, r1, c7	@ PAR
++	clrex
+ 	pop	{r0, r1, r2}
+ 	eret
+ 
+@@ -467,6 +469,7 @@ switch_to_guest_vfp:
+ 
+ 	pop	{r3-r7}
+ 	pop	{r0-r2}
++	clrex
+ 	eret
+ #endif
+ 
diff --git a/queue-3.10/arm-kvm-perform-save-restore-of-par.patch b/queue-3.10/arm-kvm-perform-save-restore-of-par.patch
new file mode 100644
index 00000000000..d6f0f984599
--- /dev/null
+++ b/queue-3.10/arm-kvm-perform-save-restore-of-par.patch
@@ -0,0 +1,148 @@
+From 6a077e4ab9cbfbf279fb955bae05b03781c97013 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Fri, 21 Jun 2013 13:08:46 +0100
+Subject: ARM: KVM: perform save/restore of PAR
+
+From: Marc Zyngier <marc.zyngier@arm.com>
+
+commit 6a077e4ab9cbfbf279fb955bae05b03781c97013 upstream.
+
+Not saving PAR is an unfortunate oversight. If the guest performs
+an AT* operation and gets scheduled out before reading the result
+of the translation from PAR, it could become corrupted by another
+guest or the host.
+
+Saving this register is made slightly more complicated as KVM also
+uses it on the permission fault handling path, leading to an ugly
+"stash and restore" sequence. Fortunately, this is already a slow
+path so we don't really care. Also, Linux doesn't do any AT*
+operation, so Linux guests are not impacted by this bug.
+
+  [ Slightly tweaked to use an even register as first operand to ldrd
+    and strd operations in interrupts_head.S - Christoffer ]
+
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
+Signed-off-by: Jonghwan Choi <jhbird.choi@samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/include/asm/kvm_asm.h |   22 ++++++++++++----------
+ arch/arm/kvm/coproc.c          |    4 ++++
+ arch/arm/kvm/interrupts.S      |   12 +++++++++++-
+ arch/arm/kvm/interrupts_head.S |   10 ++++++++--
+ 4 files changed, 35 insertions(+), 13 deletions(-)
+
+--- a/arch/arm/include/asm/kvm_asm.h
++++ b/arch/arm/include/asm/kvm_asm.h
+@@ -37,16 +37,18 @@
+ #define c5_AIFSR	15	/* Auxilary Instrunction Fault Status R */
+ #define c6_DFAR		16	/* Data Fault Address Register */
+ #define c6_IFAR		17	/* Instruction Fault Address Register */
+-#define c9_L2CTLR	18	/* Cortex A15 L2 Control Register */
+-#define c10_PRRR	19	/* Primary Region Remap Register */
+-#define c10_NMRR	20	/* Normal Memory Remap Register */
+-#define c12_VBAR	21	/* Vector Base Address Register */
+-#define c13_CID		22	/* Context ID Register */
+-#define c13_TID_URW	23	/* Thread ID, User R/W */
+-#define c13_TID_URO	24	/* Thread ID, User R/O */
+-#define c13_TID_PRIV	25	/* Thread ID, Privileged */
+-#define c14_CNTKCTL	26	/* Timer Control Register (PL1) */
+-#define NR_CP15_REGS	27	/* Number of regs (incl. invalid) */
++#define c7_PAR		18	/* Physical Address Register */
++#define c7_PAR_high	19	/* PAR top 32 bits */
++#define c9_L2CTLR	20	/* Cortex A15 L2 Control Register */
++#define c10_PRRR	21	/* Primary Region Remap Register */
++#define c10_NMRR	22	/* Normal Memory Remap Register */
++#define c12_VBAR	23	/* Vector Base Address Register */
++#define c13_CID		24	/* Context ID Register */
++#define c13_TID_URW	25	/* Thread ID, User R/W */
++#define c13_TID_URO	26	/* Thread ID, User R/O */
++#define c13_TID_PRIV	27	/* Thread ID, Privileged */
++#define c14_CNTKCTL	28	/* Timer Control Register (PL1) */
++#define NR_CP15_REGS	29	/* Number of regs (incl. invalid) */
+ 
+ #define ARM_EXCEPTION_RESET	  0
+ #define ARM_EXCEPTION_UNDEFINED   1
+--- a/arch/arm/kvm/coproc.c
++++ b/arch/arm/kvm/coproc.c
+@@ -180,6 +180,10 @@ static const struct coproc_reg cp15_regs
+ 			NULL, reset_unknown, c6_DFAR },
+ 	{ CRn( 6), CRm( 0), Op1( 0), Op2( 2), is32,
+ 			NULL, reset_unknown, c6_IFAR },
++
++	/* PAR swapped by interrupt.S */
++	{ CRn( 7), Op1( 0), is64, NULL, reset_unknown64, c7_PAR },
++
+ 	/*
+ 	 * DC{C,I,CI}SW operations:
+ 	 */
+--- a/arch/arm/kvm/interrupts.S
++++ b/arch/arm/kvm/interrupts.S
+@@ -414,6 +414,10 @@ guest_trap:
+ 	mrcne	p15, 4, r2, c6, c0, 4	@ HPFAR
+ 	bne	3f
+ 
++	/* Preserve PAR */
++	mrrc	p15, 0, r0, r1, c7	@ PAR
++	push	{r0, r1}
++
+ 	/* Resolve IPA using the xFAR */
+ 	mcr	p15, 0, r2, c7, c8, 0	@ ATS1CPR
+ 	isb
+@@ -424,13 +428,19 @@ guest_trap:
+ 	lsl	r2, r2, #4
+ 	orr	r2, r2, r1, lsl #24
+ 
++	/* Restore PAR */
++	pop	{r0, r1}
++	mcrr	p15, 0, r0, r1, c7	@ PAR
++
+ 3:	load_vcpu			@ Load VCPU pointer to r0
+ 	str	r2, [r0, #VCPU_HPFAR]
+ 
+ 1:	mov	r1, #ARM_EXCEPTION_HVC
+ 	b	__kvm_vcpu_return
+ 
+-4:	pop	{r0, r1, r2}		@ Failed translation, return to guest
++4:	pop	{r0, r1}		@ Failed translation, return to guest
++	mcrr	p15, 0, r0, r1, c7	@ PAR
++	pop	{r0, r1, r2}
+ 	eret
+ 
+ /*
+--- a/arch/arm/kvm/interrupts_head.S
++++ b/arch/arm/kvm/interrupts_head.S
+@@ -302,11 +302,14 @@ vcpu	.req	r0		@ vcpu pointer always in r
+ 	.endif
+ 
+ 	mrc	p15, 0, r2, c14, c1, 0	@ CNTKCTL
++	mrrc	p15, 0, r4, r5, c7	@ PAR
+ 
+ 	.if \store_to_vcpu == 0
+-	push	{r2}
++	push	{r2,r4-r5}
+ 	.else
+ 	str	r2, [vcpu, #CP15_OFFSET(c14_CNTKCTL)]
++	add	r12, vcpu, #CP15_OFFSET(c7_PAR)
++	strd	r4, r5, [r12]
+ 	.endif
+ .endm
+ 
+@@ -319,12 +322,15 @@ vcpu	.req	r0		@ vcpu pointer always in r
+  */
+ .macro write_cp15_state read_from_vcpu
+ 	.if \read_from_vcpu == 0
+-	pop	{r2}
++	pop	{r2,r4-r5}
+ 	.else
+ 	ldr	r2, [vcpu, #CP15_OFFSET(c14_CNTKCTL)]
++	add	r12, vcpu, #CP15_OFFSET(c7_PAR)
++	ldrd	r4, r5, [r12]
+ 	.endif
+ 
+ 	mcr	p15, 0, r2, c14, c1, 0	@ CNTKCTL
++	mcrr	p15, 0, r4, r5, c7	@ PAR
+ 
+ 	.if \read_from_vcpu == 0
+ 	pop	{r2-r12}
diff --git a/queue-3.10/series b/queue-3.10/series
index b2a830d9cd2..012da446e76 100644
--- a/queue-3.10/series
+++ b/queue-3.10/series
@@ -6,3 +6,6 @@ x86-get_unmapped_area-use-proper-mmap-base-for-bottom-up-direction.patch
 fs-proc-task_mmu.c-fix-buffer-overflow-in-add_page_map.patch
 sched-ensure-update_cfs_shares-is-called-for-parents-of-continuously-running-tasks.patch
 elevator-fix-a-race-in-elevator-switching.patch
+arm-kvm-perform-save-restore-of-par.patch
+arm-kvm-add-missing-dsb-before-invalidating-stage-2-tlbs.patch
+arm-kvm-clear-exclusive-monitor-on-all-exception-returns.patch