From: Greg Kroah-Hartman Date: Sat, 9 Apr 2016 18:40:37 +0000 (-0700) Subject: 3.14-stable patches X-Git-Tag: v4.5.1~38 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e69fd176e6069f884b4523c107ff3d74a2e39a92;p=thirdparty%2Fkernel%2Fstable-queue.git 3.14-stable patches added patches: edac-amd64_edac-shift-wrapping-issue-in-f1x_get_norm_dct_addr.patch kvm-fix-spin_lock_init-order-on-x86.patch kvm-i8254-change-pit-discard-tick-policy.patch kvm-vmx-avoid-guest-hang-on-invalid-invept-instruction.patch pci-disable-io-mem-decoding-for-devices-with-non-compliant-bars.patch --- diff --git a/queue-3.14/edac-amd64_edac-shift-wrapping-issue-in-f1x_get_norm_dct_addr.patch b/queue-3.14/edac-amd64_edac-shift-wrapping-issue-in-f1x_get_norm_dct_addr.patch new file mode 100644 index 00000000000..8b3db99a114 --- /dev/null +++ b/queue-3.14/edac-amd64_edac-shift-wrapping-issue-in-f1x_get_norm_dct_addr.patch @@ -0,0 +1,37 @@ +From 6f3508f61c814ee852c199988a62bd954c50dfc1 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Wed, 20 Jan 2016 12:54:51 +0300 +Subject: EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr() + +From: Dan Carpenter + +commit 6f3508f61c814ee852c199988a62bd954c50dfc1 upstream. + +dct_sel_base_off is declared as a u64 but we're only using the lower 32 +bits because of a shift wrapping bug. This can possibly truncate the +upper 16 bits of DctSelBaseOffset[47:26], causing us to misdecode the CS +row. + +Fixes: c8e518d5673d ('amd64_edac: Sanitize f10_get_base_addr_offset') +Signed-off-by: Dan Carpenter +Cc: Aravind Gopalakrishnan +Cc: linux-edac +Link: http://lkml.kernel.org/r/20160120095451.GB19898@mwanda +Signed-off-by: Borislav Petkov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/edac/amd64_edac.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/edac/amd64_edac.c ++++ b/drivers/edac/amd64_edac.c +@@ -1294,7 +1294,7 @@ static u64 f1x_get_norm_dct_addr(struct + u64 chan_off; + u64 dram_base = get_dram_base(pvt, range); + u64 hole_off = f10_dhar_offset(pvt); +- u64 dct_sel_base_off = (pvt->dct_sel_hi & 0xFFFFFC00) << 16; ++ u64 dct_sel_base_off = (u64)(pvt->dct_sel_hi & 0xFFFFFC00) << 16; + + if (hi_rng) { + /* diff --git a/queue-3.14/kvm-fix-spin_lock_init-order-on-x86.patch b/queue-3.14/kvm-fix-spin_lock_init-order-on-x86.patch new file mode 100644 index 00000000000..366b0590359 --- /dev/null +++ b/queue-3.14/kvm-fix-spin_lock_init-order-on-x86.patch @@ -0,0 +1,84 @@ +From e9ad4ec8379ad1ba6f68b8ca1c26b50b5ae0a327 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Mon, 21 Mar 2016 10:15:25 +0100 +Subject: KVM: fix spin_lock_init order on x86 + +From: Paolo Bonzini + +commit e9ad4ec8379ad1ba6f68b8ca1c26b50b5ae0a327 upstream. + +Moving the initialization earlier is needed in 4.6 because +kvm_arch_init_vm is now using mmu_lock, causing lockdep to +complain: + +[ 284.440294] INFO: trying to register non-static key. +[ 284.445259] the code is fine but needs lockdep annotation. +[ 284.450736] turning off the locking correctness validator. +... +[ 284.528318] [] lock_acquire+0xd3/0x240 +[ 284.533733] [] ? kvm_page_track_register_notifier+0x20/0x60 [kvm] +[ 284.541467] [] _raw_spin_lock+0x41/0x80 +[ 284.546960] [] ? kvm_page_track_register_notifier+0x20/0x60 [kvm] +[ 284.554707] [] kvm_page_track_register_notifier+0x20/0x60 [kvm] +[ 284.562281] [] kvm_mmu_init_vm+0x20/0x30 [kvm] +[ 284.568381] [] kvm_arch_init_vm+0x1ea/0x200 [kvm] +[ 284.574740] [] kvm_dev_ioctl+0xbf/0x4d0 [kvm] + +However, it also helps fixing a preexisting problem, which is why this +patch is also good for stable kernels: kvm_create_vm was incrementing +current->mm->mm_count but not decrementing it at the out_err label (in +case kvm_init_mmu_notifier failed). The new initialization order makes +it possible to add the required mmdrop without adding a new error label. + +Reported-by: Borislav Petkov +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + virt/kvm/kvm_main.c | 21 +++++++++++---------- + 1 file changed, 11 insertions(+), 10 deletions(-) + +--- a/virt/kvm/kvm_main.c ++++ b/virt/kvm/kvm_main.c +@@ -454,6 +454,16 @@ static struct kvm *kvm_create_vm(unsigne + if (!kvm) + return ERR_PTR(-ENOMEM); + ++ spin_lock_init(&kvm->mmu_lock); ++ atomic_inc(¤t->mm->mm_count); ++ kvm->mm = current->mm; ++ kvm_eventfd_init(kvm); ++ mutex_init(&kvm->lock); ++ mutex_init(&kvm->irq_lock); ++ mutex_init(&kvm->slots_lock); ++ atomic_set(&kvm->users_count, 1); ++ INIT_LIST_HEAD(&kvm->devices); ++ + r = kvm_arch_init_vm(kvm, type); + if (r) + goto out_err_nodisable; +@@ -483,16 +493,6 @@ static struct kvm *kvm_create_vm(unsigne + goto out_err; + } + +- spin_lock_init(&kvm->mmu_lock); +- kvm->mm = current->mm; +- atomic_inc(&kvm->mm->mm_count); +- kvm_eventfd_init(kvm); +- mutex_init(&kvm->lock); +- mutex_init(&kvm->irq_lock); +- mutex_init(&kvm->slots_lock); +- atomic_set(&kvm->users_count, 1); +- INIT_LIST_HEAD(&kvm->devices); +- + r = kvm_init_mmu_notifier(kvm); + if (r) + goto out_err; +@@ -512,6 +512,7 @@ out_err_nodisable: + kfree(kvm->buses[i]); + kfree(kvm->memslots); + kvm_arch_free_vm(kvm); ++ mmdrop(current->mm); + return ERR_PTR(r); + } + diff --git a/queue-3.14/kvm-i8254-change-pit-discard-tick-policy.patch b/queue-3.14/kvm-i8254-change-pit-discard-tick-policy.patch new file mode 100644 index 00000000000..469b89e0624 --- /dev/null +++ b/queue-3.14/kvm-i8254-change-pit-discard-tick-policy.patch @@ -0,0 +1,77 @@ +From 7dd0fdff145c5be7146d0ac06732ae3613412ac1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= +Date: Wed, 2 Mar 2016 22:56:38 +0100 +Subject: KVM: i8254: change PIT discard tick policy +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Radim Krčmář + +commit 7dd0fdff145c5be7146d0ac06732ae3613412ac1 upstream. + +Discard policy uses ack_notifiers to prevent injection of PIT interrupts +before EOI from the last one. + +This patch changes the policy to always try to deliver the interrupt, +which makes a difference when its vector is in ISR. +Old implementation would drop the interrupt, but proposed one injects to +IRR, like real hardware would. + +The old policy breaks legacy NMI watchdogs, where PIT is used through +virtual wire (LVT0): PIT never sends an interrupt before receiving EOI, +thus a guest deadlock with disabled interrupts will stop NMIs. + +Note that NMI doesn't do EOI, so PIT also had to send a normal interrupt +through IOAPIC. (KVM's PIT is deeply rotten and luckily not used much +in modern systems.) + +Even though there is a chance of regressions, I think we can fix the +LVT0 NMI bug without introducing a new tick policy. + +Reported-by: Yuki Shibuya +Reviewed-by: Paolo Bonzini +Signed-off-by: Radim Krčmář +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/i8254.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +--- a/arch/x86/kvm/i8254.c ++++ b/arch/x86/kvm/i8254.c +@@ -244,7 +244,7 @@ static void kvm_pit_ack_irq(struct kvm_i + * PIC is being reset. Handle it gracefully here + */ + atomic_inc(&ps->pending); +- else if (value > 0) ++ else if (value > 0 && ps->reinject) + /* in this case, we had multiple outstanding pit interrupts + * that we needed to inject. Reinject + */ +@@ -287,7 +287,9 @@ static void pit_do_work(struct kthread_w + * last one has been acked. + */ + spin_lock(&ps->inject_lock); +- if (ps->irq_ack) { ++ if (!ps->reinject) ++ inject = 1; ++ else if (ps->irq_ack) { + ps->irq_ack = 0; + inject = 1; + } +@@ -316,10 +318,10 @@ static enum hrtimer_restart pit_timer_fn + struct kvm_kpit_state *ps = container_of(data, struct kvm_kpit_state, timer); + struct kvm_pit *pt = ps->kvm->arch.vpit; + +- if (ps->reinject || !atomic_read(&ps->pending)) { ++ if (ps->reinject) + atomic_inc(&ps->pending); +- queue_kthread_work(&pt->worker, &pt->expired); +- } ++ ++ queue_kthread_work(&pt->worker, &pt->expired); + + if (ps->is_periodic) { + hrtimer_add_expires_ns(&ps->timer, ps->period); diff --git a/queue-3.14/kvm-vmx-avoid-guest-hang-on-invalid-invept-instruction.patch b/queue-3.14/kvm-vmx-avoid-guest-hang-on-invalid-invept-instruction.patch new file mode 100644 index 00000000000..7dbb1bc40fc --- /dev/null +++ b/queue-3.14/kvm-vmx-avoid-guest-hang-on-invalid-invept-instruction.patch @@ -0,0 +1,31 @@ +From 2849eb4f99d54925c543db12917127f88b3c38ff Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Fri, 18 Mar 2016 16:53:29 +0100 +Subject: KVM: VMX: avoid guest hang on invalid invept instruction + +From: Paolo Bonzini + +commit 2849eb4f99d54925c543db12917127f88b3c38ff upstream. + +A guest executing an invalid invept instruction would hang +because the instruction pointer was not updated. + +Fixes: bfd0a56b90005f8c8a004baf407ad90045c2b11e +Reviewed-by: David Matlack +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/vmx.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -6423,6 +6423,7 @@ static int handle_invept(struct kvm_vcpu + if (!(types & (1UL << type))) { + nested_vmx_failValid(vcpu, + VMXERR_INVALID_OPERAND_TO_INVEPT_INVVPID); ++ skip_emulated_instruction(vcpu); + return 1; + } + diff --git a/queue-3.14/pci-disable-io-mem-decoding-for-devices-with-non-compliant-bars.patch b/queue-3.14/pci-disable-io-mem-decoding-for-devices-with-non-compliant-bars.patch new file mode 100644 index 00000000000..9e4d14b35e4 --- /dev/null +++ b/queue-3.14/pci-disable-io-mem-decoding-for-devices-with-non-compliant-bars.patch @@ -0,0 +1,79 @@ +From b84106b4e2290c081cdab521fa832596cdfea246 Mon Sep 17 00:00:00 2001 +From: Bjorn Helgaas +Date: Thu, 25 Feb 2016 14:35:57 -0600 +Subject: PCI: Disable IO/MEM decoding for devices with non-compliant BARs + +From: Bjorn Helgaas + +commit b84106b4e2290c081cdab521fa832596cdfea246 upstream. + +The PCI config header (first 64 bytes of each device's config space) is +defined by the PCI spec so generic software can identify the device and +manage its usage of I/O, memory, and IRQ resources. + +Some non-spec-compliant devices put registers other than BARs where the +BARs should be. When the PCI core sizes these "BARs", the reads and writes +it does may have unwanted side effects, and the "BAR" may appear to +describe non-sensical address space. + +Add a flag bit to mark non-compliant devices so we don't touch their BARs. +Turn off IO/MEM decoding to prevent the devices from consuming address +space, since we can't read the BARs to find out what that address space +would be. + +Signed-off-by: Bjorn Helgaas +Tested-by: Andi Kleen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/probe.c | 14 ++++++++++++++ + include/linux/pci.h | 1 + + 2 files changed, 15 insertions(+) + +--- a/drivers/pci/probe.c ++++ b/drivers/pci/probe.c +@@ -175,6 +175,9 @@ int __pci_read_base(struct pci_dev *dev, + struct pci_bus_region region, inverted_region; + bool bar_too_big = false, bar_disabled = false; + ++ if (dev->non_compliant_bars) ++ return 0; ++ + mask = type ? PCI_ROM_ADDRESS_MASK : ~0; + + /* No printks while decoding is disabled! */ +@@ -1074,6 +1077,7 @@ int pci_cfg_space_size(struct pci_dev *d + int pci_setup_device(struct pci_dev *dev) + { + u32 class; ++ u16 cmd; + u8 hdr_type; + struct pci_slot *slot; + int pos = 0; +@@ -1121,6 +1125,16 @@ int pci_setup_device(struct pci_dev *dev + /* device class may be changed after fixup */ + class = dev->class >> 8; + ++ if (dev->non_compliant_bars) { ++ pci_read_config_word(dev, PCI_COMMAND, &cmd); ++ if (cmd & (PCI_COMMAND_IO | PCI_COMMAND_MEMORY)) { ++ dev_info(&dev->dev, "device has non-compliant BARs; disabling IO/MEM decoding\n"); ++ cmd &= ~PCI_COMMAND_IO; ++ cmd &= ~PCI_COMMAND_MEMORY; ++ pci_write_config_word(dev, PCI_COMMAND, cmd); ++ } ++ } ++ + switch (dev->hdr_type) { /* header type */ + case PCI_HEADER_TYPE_NORMAL: /* standard header */ + if (class == PCI_CLASS_BRIDGE_PCI) +--- a/include/linux/pci.h ++++ b/include/linux/pci.h +@@ -344,6 +344,7 @@ struct pci_dev { + unsigned int __aer_firmware_first:1; + unsigned int broken_intx_masking:1; + unsigned int io_window_1k:1; /* Intel P2P bridge 1K I/O windows */ ++ unsigned int non_compliant_bars:1; /* broken BARs; ignore them */ + pci_dev_flags_t dev_flags; + atomic_t enable_cnt; /* pci_enable_device has been called */ + diff --git a/queue-3.14/series b/queue-3.14/series index 75c2f43491e..5f08353d5d7 100644 --- a/queue-3.14/series +++ b/queue-3.14/series @@ -1,2 +1,7 @@ target-drop-incorrect-abort_task-put-for-completed-commands.patch usb-serial-add-google-simple-serial-subclass-support.patch +kvm-i8254-change-pit-discard-tick-policy.patch +kvm-fix-spin_lock_init-order-on-x86.patch +kvm-vmx-avoid-guest-hang-on-invalid-invept-instruction.patch +edac-amd64_edac-shift-wrapping-issue-in-f1x_get_norm_dct_addr.patch +pci-disable-io-mem-decoding-for-devices-with-non-compliant-bars.patch