--- /dev/null
+From 53aa4978d19ae2e80cfa8f70f3b18b96c1b4c018 Mon Sep 17 00:00:00 2001
+From: Yan Zhao <yan.y.zhao@intel.com>
+Date: Wed, 27 Mar 2019 00:55:45 -0400
+Subject: drm/i915/gvt: do not let pin count of shadow mm go negative
+
+[ Upstream commit 663a50ceac75c2208d2ad95365bc8382fd42f44d ]
+
+shadow mm's pin count got increased in workload preparation phase, which
+is after workload scanning.
+it will get decreased in complete_current_workload() anyway after
+workload completion.
+Sometimes, if a workload meets a scanning error, its shadow mm pin count
+will not get increased but will get decreased in the end.
+This patch lets shadow mm's pin count not go below 0.
+
+Fixes: 2707e4446688 ("drm/i915/gvt: vGPU graphics memory virtualization")
+Cc: zhenyuw@linux.intel.com
+Cc: stable@vger.kernel.org #4.14+
+Signed-off-by: Yan Zhao <yan.y.zhao@intel.com>
+Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/i915/gvt/gtt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c
+index 00aad8164dec..542f31ce108f 100644
+--- a/drivers/gpu/drm/i915/gvt/gtt.c
++++ b/drivers/gpu/drm/i915/gvt/gtt.c
+@@ -1940,7 +1940,7 @@ void _intel_vgpu_mm_release(struct kref *mm_ref)
+ */
+ void intel_vgpu_unpin_mm(struct intel_vgpu_mm *mm)
+ {
+- atomic_dec(&mm->pincount);
++ atomic_dec_if_positive(&mm->pincount);
+ }
+
+ /**
+--
+2.19.1
+
--- /dev/null
+From 0b565f2d6cd76df33c6658b01a45ae36a4404826 Mon Sep 17 00:00:00 2001
+From: Jim Mattson <jmattson@google.com>
+Date: Mon, 26 Nov 2018 11:22:32 -0800
+Subject: kvm: nVMX: NMI-window and interrupt-window exiting should wake L2
+ from HLT
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+[ Upstream commit 9ebdfe5230f2e50e3ba05c57723a06e90946815a ]
+
+According to the SDM, "NMI-window exiting" VM-exits wake a logical
+processor from the same inactive states as would an NMI and
+"interrupt-window exiting" VM-exits wake a logical processor from the
+same inactive states as would an external interrupt. Specifically, they
+wake a logical processor from the shutdown state and from the states
+entered using the HLT and MWAIT instructions.
+
+Fixes: 6dfacadd5858 ("KVM: nVMX: Add support for activity state HLT")
+Signed-off-by: Jim Mattson <jmattson@google.com>
+Reviewed-by: Peter Shier <pshier@google.com>
+Suggested-by: Sean Christopherson <sean.j.christopherson@intel.com>
+[Squashed comments of two Jim's patches and used the simplified code
+ hunk provided by Sean. - Radim]
+Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/kvm/vmx.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
+index f99f59625da5..e61ac229a6c1 100644
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -12836,11 +12836,15 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
+ nested_cache_shadow_vmcs12(vcpu, vmcs12);
+
+ /*
+- * If we're entering a halted L2 vcpu and the L2 vcpu won't be woken
+- * by event injection, halt vcpu.
++ * If we're entering a halted L2 vcpu and the L2 vcpu won't be
++ * awakened by event injection or by an NMI-window VM-exit or
++ * by an interrupt-window VM-exit, halt the vcpu.
+ */
+ if ((vmcs12->guest_activity_state == GUEST_ACTIVITY_HLT) &&
+- !(vmcs12->vm_entry_intr_info_field & INTR_INFO_VALID_MASK)) {
++ !(vmcs12->vm_entry_intr_info_field & INTR_INFO_VALID_MASK) &&
++ !(vmcs12->cpu_based_vm_exec_control & CPU_BASED_VIRTUAL_NMI_PENDING) &&
++ !((vmcs12->cpu_based_vm_exec_control & CPU_BASED_VIRTUAL_INTR_PENDING) &&
++ (vmcs12->guest_rflags & X86_EFLAGS_IF))) {
+ vmx->nested.nested_run_pending = 0;
+ return kvm_vcpu_halt(vcpu);
+ }
+--
+2.19.1
+
--- /dev/null
+From feca8e36e9f135abdeab5c69bb3a20824d17ec22 Mon Sep 17 00:00:00 2001
+From: Breno Leitao <leitao@debian.org>
+Date: Mon, 8 Apr 2019 16:32:38 +1000
+Subject: powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM
+
+commit 897bc3df8c5aebb54c32d831f917592e873d0559 upstream.
+
+Commit e1c3743e1a20 ("powerpc/tm: Set MSR[TS] just prior to recheckpoint")
+moved a code block around and this block uses a 'msr' variable outside of
+the CONFIG_PPC_TRANSACTIONAL_MEM, however the 'msr' variable is declared
+inside a CONFIG_PPC_TRANSACTIONAL_MEM block, causing a possible error when
+CONFIG_PPC_TRANSACTION_MEM is not defined.
+
+ error: 'msr' undeclared (first use in this function)
+
+This is not causing a compilation error in the mainline kernel, because
+'msr' is being used as an argument of MSR_TM_ACTIVE(), which is defined as
+the following when CONFIG_PPC_TRANSACTIONAL_MEM is *not* set:
+
+ #define MSR_TM_ACTIVE(x) 0
+
+This patch just fixes this issue avoiding the 'msr' variable usage outside
+the CONFIG_PPC_TRANSACTIONAL_MEM block, avoiding trusting in the
+MSR_TM_ACTIVE() definition.
+
+Cc: stable@vger.kernel.org
+Reported-by: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de>
+Fixes: e1c3743e1a20 ("powerpc/tm: Set MSR[TS] just prior to recheckpoint")
+Signed-off-by: Breno Leitao <leitao@debian.org>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Michael Neuling <mikey@neuling.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/powerpc/kernel/signal_64.c | 23 ++++++++++++++++++-----
+ 1 file changed, 18 insertions(+), 5 deletions(-)
+
+diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
+index bbd1c73243d7..14b0f5b6a373 100644
+--- a/arch/powerpc/kernel/signal_64.c
++++ b/arch/powerpc/kernel/signal_64.c
+@@ -755,12 +755,25 @@ SYSCALL_DEFINE0(rt_sigreturn)
+ if (restore_tm_sigcontexts(current, &uc->uc_mcontext,
+ &uc_transact->uc_mcontext))
+ goto badframe;
+- }
+- else
+- /* Fall through, for non-TM restore */
++ } else
+ #endif
+- if (restore_sigcontext(current, NULL, 1, &uc->uc_mcontext))
+- goto badframe;
++ {
++ /*
++ * Fall through, for non-TM restore
++ *
++ * Unset MSR[TS] on the thread regs since MSR from user
++ * context does not have MSR active, and recheckpoint was
++ * not called since restore_tm_sigcontexts() was not called
++ * also.
++ *
++ * If not unsetting it, the code can RFID to userspace with
++ * MSR[TS] set, but without CPU in the proper state,
++ * causing a TM bad thing.
++ */
++ current->thread.regs->msr &= ~MSR_TS_MASK;
++ if (restore_sigcontext(current, NULL, 1, &uc->uc_mcontext))
++ goto badframe;
++ }
+
+ if (restore_altstack(&uc->uc_stack))
+ goto badframe;
+--
+2.19.1
+
--- /dev/null
+kvm-nvmx-nmi-window-and-interrupt-window-exiting-sho.patch
+drm-i915-gvt-do-not-let-pin-count-of-shadow-mm-go-ne.patch
+powerpc-tm-limit-tm-code-inside-ppc_transactional_me.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
