--- /dev/null
+From 1b92cc34caa8436bca8583ed6937bb506dacef29 Mon Sep 17 00:00:00 2001
+From: Andrew Cooks <andrew.cooks@opengear.com>
+Date: Fri, 2 Aug 2019 14:52:46 +0200
+Subject: i2c: piix4: Fix port selection for AMD Family 16h Model 30h
+
+[ Upstream commit c7c06a1532f3fe106687ac82a13492c6a619ff1c ]
+
+Family 16h Model 30h SMBus controller needs the same port selection fix
+as described and fixed in commit 0fe16195f891 ("i2c: piix4: Fix SMBus port
+selection for AMD Family 17h chips")
+
+commit 6befa3fde65f ("i2c: piix4: Support alternative port selection
+register") also fixed the port selection for Hudson2, but unfortunately
+this is not the exact same device and the AMD naming and PCI Device IDs
+aren't particularly helpful here.
+
+The SMBus port selection register is common to the following Families
+and models, as documented in AMD's publicly available BIOS and Kernel
+Developer Guides:
+
+ 50742 - Family 15h Model 60h-6Fh (PCI_DEVICE_ID_AMD_KERNCZ_SMBUS)
+ 55072 - Family 15h Model 70h-7Fh (PCI_DEVICE_ID_AMD_KERNCZ_SMBUS)
+ 52740 - Family 16h Model 30h-3Fh (PCI_DEVICE_ID_AMD_HUDSON2_SMBUS)
+
+The Hudson2 PCI Device ID (PCI_DEVICE_ID_AMD_HUDSON2_SMBUS) is shared
+between Bolton FCH and Family 16h Model 30h, but the location of the
+SmBus0Sel port selection bits are different:
+
+ 51192 - Bolton Register Reference Guide
+
+We distinguish between Bolton and Family 16h Model 30h using the PCI
+Revision ID:
+
+ Bolton is device 0x780b, revision 0x15
+ Family 16h Model 30h is device 0x780b, revision 0x1F
+ Family 15h Model 60h and 70h are both device 0x790b, revision 0x4A.
+
+The following additional public AMD BKDG documents were checked and do
+not share the same port selection register:
+
+ 42301 - Family 15h Model 00h-0Fh doesn't mention any
+ 42300 - Family 15h Model 10h-1Fh doesn't mention any
+ 49125 - Family 15h Model 30h-3Fh doesn't mention any
+
+ 48751 - Family 16h Model 00h-0Fh uses the previously supported
+ index register SB800_PIIX4_PORT_IDX_ALT at 0x2e
+
+Signed-off-by: Andrew Cooks <andrew.cooks@opengear.com>
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Cc: stable@vger.kernel.org [v4.6+]
+Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/i2c/busses/i2c-piix4.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/drivers/i2c/busses/i2c-piix4.c b/drivers/i2c/busses/i2c-piix4.c
+index 8f1c5f24c1df5..62785aa76b3fb 100644
+--- a/drivers/i2c/busses/i2c-piix4.c
++++ b/drivers/i2c/busses/i2c-piix4.c
+@@ -96,7 +96,7 @@
+ #define SB800_PIIX4_PORT_IDX_MASK 0x06
+ #define SB800_PIIX4_PORT_IDX_SHIFT 1
+
+-/* On kerncz, SmBus0Sel is at bit 20:19 of PMx00 DecodeEn */
++/* On kerncz and Hudson2, SmBus0Sel is at bit 20:19 of PMx00 DecodeEn */
+ #define SB800_PIIX4_PORT_IDX_KERNCZ 0x02
+ #define SB800_PIIX4_PORT_IDX_MASK_KERNCZ 0x18
+ #define SB800_PIIX4_PORT_IDX_SHIFT_KERNCZ 3
+@@ -355,18 +355,16 @@ static int piix4_setup_sb800(struct pci_dev *PIIX4_dev,
+
+ /* Find which register is used for port selection */
+ if (PIIX4_dev->vendor == PCI_VENDOR_ID_AMD) {
+- switch (PIIX4_dev->device) {
+- case PCI_DEVICE_ID_AMD_KERNCZ_SMBUS:
++ if (PIIX4_dev->device == PCI_DEVICE_ID_AMD_KERNCZ_SMBUS ||
++ (PIIX4_dev->device == PCI_DEVICE_ID_AMD_HUDSON2_SMBUS &&
++ PIIX4_dev->revision >= 0x1F)) {
+ piix4_port_sel_sb800 = SB800_PIIX4_PORT_IDX_KERNCZ;
+ piix4_port_mask_sb800 = SB800_PIIX4_PORT_IDX_MASK_KERNCZ;
+ piix4_port_shift_sb800 = SB800_PIIX4_PORT_IDX_SHIFT_KERNCZ;
+- break;
+- case PCI_DEVICE_ID_AMD_HUDSON2_SMBUS:
+- default:
++ } else {
+ piix4_port_sel_sb800 = SB800_PIIX4_PORT_IDX_ALT;
+ piix4_port_mask_sb800 = SB800_PIIX4_PORT_IDX_MASK;
+ piix4_port_shift_sb800 = SB800_PIIX4_PORT_IDX_SHIFT;
+- break;
+ }
+ } else {
+ mutex_lock(&piix4_mutex_sb800);
+--
+2.20.1
+
--- /dev/null
+From 3f590152c7053bd7e3a70d74b74b72363c8b994e Mon Sep 17 00:00:00 2001
+From: Heyi Guo <guoheyi@huawei.com>
+Date: Tue, 27 Aug 2019 12:26:50 +0100
+Subject: KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is long
+
+[ Upstream commit d4a8061a7c5f7c27a2dc002ee4cb89b3e6637e44 ]
+
+If the ap_list is longer than 256 entries, merge_final() in list_sort()
+will call the comparison callback with the same element twice, causing
+a deadlock in vgic_irq_cmp().
+
+Fix it by returning early when irqa == irqb.
+
+Cc: stable@vger.kernel.org # 4.7+
+Fixes: 8e4447457965 ("KVM: arm/arm64: vgic-new: Add IRQ sorting")
+Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
+Signed-off-by: Heyi Guo <guoheyi@huawei.com>
+[maz: massaged commit log and patch, added Fixes and Cc-stable]
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ virt/kvm/arm/vgic/vgic.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/virt/kvm/arm/vgic/vgic.c b/virt/kvm/arm/vgic/vgic.c
+index 6440b56ec90e2..1934dc8a2ce09 100644
+--- a/virt/kvm/arm/vgic/vgic.c
++++ b/virt/kvm/arm/vgic/vgic.c
+@@ -196,6 +196,13 @@ static int vgic_irq_cmp(void *priv, struct list_head *a, struct list_head *b)
+ bool penda, pendb;
+ int ret;
+
++ /*
++ * list_sort may call this function with the same element when
++ * the list is fairly long.
++ */
++ if (unlikely(irqa == irqb))
++ return 0;
++
+ spin_lock(&irqa->irq_lock);
+ spin_lock_nested(&irqb->irq_lock, SINGLE_DEPTH_NESTING);
+
+--
+2.20.1
+
--- /dev/null
+From 0df23640c055d2e5e8926b01ec6166132abeac6b Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <maz@kernel.org>
+Date: Wed, 28 Aug 2019 11:10:16 +0100
+Subject: KVM: arm/arm64: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0 as WI
+
+[ Upstream commit 82e40f558de566fdee214bec68096bbd5e64a6a4 ]
+
+A guest is not allowed to inject a SGI (or clear its pending state)
+by writing to GICD_ISPENDR0 (resp. GICD_ICPENDR0), as these bits are
+defined as WI (as per ARM IHI 0048B 4.3.7 and 4.3.8).
+
+Make sure we correctly emulate the architecture.
+
+Fixes: 96b298000db4 ("KVM: arm/arm64: vgic-new: Add PENDING registers handlers")
+Cc: stable@vger.kernel.org # 4.7+
+Reported-by: Andre Przywara <andre.przywara@arm.com>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ virt/kvm/arm/vgic/vgic-mmio.c | 18 ++++++++++++++++++
+ virt/kvm/arm/vgic/vgic-v2.c | 5 ++++-
+ virt/kvm/arm/vgic/vgic-v3.c | 5 ++++-
+ 3 files changed, 26 insertions(+), 2 deletions(-)
+
+diff --git a/virt/kvm/arm/vgic/vgic-mmio.c b/virt/kvm/arm/vgic/vgic-mmio.c
+index 85814d1bad11e..87742c9803a75 100644
+--- a/virt/kvm/arm/vgic/vgic-mmio.c
++++ b/virt/kvm/arm/vgic/vgic-mmio.c
+@@ -120,6 +120,12 @@ unsigned long vgic_mmio_read_pending(struct kvm_vcpu *vcpu,
+ return value;
+ }
+
++static bool is_vgic_v2_sgi(struct kvm_vcpu *vcpu, struct vgic_irq *irq)
++{
++ return (vgic_irq_is_sgi(irq->intid) &&
++ vcpu->kvm->arch.vgic.vgic_model == KVM_DEV_TYPE_ARM_VGIC_V2);
++}
++
+ void vgic_mmio_write_spending(struct kvm_vcpu *vcpu,
+ gpa_t addr, unsigned int len,
+ unsigned long val)
+@@ -130,6 +136,12 @@ void vgic_mmio_write_spending(struct kvm_vcpu *vcpu,
+ for_each_set_bit(i, &val, len * 8) {
+ struct vgic_irq *irq = vgic_get_irq(vcpu->kvm, vcpu, intid + i);
+
++ /* GICD_ISPENDR0 SGI bits are WI */
++ if (is_vgic_v2_sgi(vcpu, irq)) {
++ vgic_put_irq(vcpu->kvm, irq);
++ continue;
++ }
++
+ spin_lock(&irq->irq_lock);
+ irq->pending = true;
+ if (irq->config == VGIC_CONFIG_LEVEL)
+@@ -150,6 +162,12 @@ void vgic_mmio_write_cpending(struct kvm_vcpu *vcpu,
+ for_each_set_bit(i, &val, len * 8) {
+ struct vgic_irq *irq = vgic_get_irq(vcpu->kvm, vcpu, intid + i);
+
++ /* GICD_ICPENDR0 SGI bits are WI */
++ if (is_vgic_v2_sgi(vcpu, irq)) {
++ vgic_put_irq(vcpu->kvm, irq);
++ continue;
++ }
++
+ spin_lock(&irq->irq_lock);
+
+ if (irq->config == VGIC_CONFIG_LEVEL) {
+diff --git a/virt/kvm/arm/vgic/vgic-v2.c b/virt/kvm/arm/vgic/vgic-v2.c
+index 1ab58f7b5d749..4c2919cc13ca6 100644
+--- a/virt/kvm/arm/vgic/vgic-v2.c
++++ b/virt/kvm/arm/vgic/vgic-v2.c
+@@ -154,7 +154,10 @@ void vgic_v2_populate_lr(struct kvm_vcpu *vcpu, struct vgic_irq *irq, int lr)
+ if (vgic_irq_is_sgi(irq->intid)) {
+ u32 src = ffs(irq->source);
+
+- BUG_ON(!src);
++ if (WARN_RATELIMIT(!src, "No SGI source for INTID %d\n",
++ irq->intid))
++ return;
++
+ val |= (src - 1) << GICH_LR_PHYSID_CPUID_SHIFT;
+ irq->source &= ~(1 << (src - 1));
+ if (irq->source)
+diff --git a/virt/kvm/arm/vgic/vgic-v3.c b/virt/kvm/arm/vgic/vgic-v3.c
+index c7924718990e5..267b1cf88a7fe 100644
+--- a/virt/kvm/arm/vgic/vgic-v3.c
++++ b/virt/kvm/arm/vgic/vgic-v3.c
+@@ -137,7 +137,10 @@ void vgic_v3_populate_lr(struct kvm_vcpu *vcpu, struct vgic_irq *irq, int lr)
+ model == KVM_DEV_TYPE_ARM_VGIC_V2) {
+ u32 src = ffs(irq->source);
+
+- BUG_ON(!src);
++ if (WARN_RATELIMIT(!src, "No SGI source for INTID %d\n",
++ irq->intid))
++ return;
++
+ val |= (src - 1) << GICH_LR_PHYSID_CPUID_SHIFT;
+ irq->source &= ~(1 << (src - 1));
+ if (irq->source)
+--
+2.20.1
+
vmci-release-resource-if-the-work-is-already-queued.patch
revert-cfg80211-fix-processing-world-regdomain-when-non-modular.patch
mac80211-fix-possible-sta-leak.patch
+kvm-arm-arm64-vgic-fix-potential-deadlock-when-ap_li.patch
+kvm-arm-arm64-vgic-v2-handle-sgi-bits-in-gicd_i-s-c-.patch
+i2c-piix4-fix-port-selection-for-amd-family-16h-mode.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
