--- /dev/null
+From f33f79f3d0e5caf04dd889cd7cf636261970f009 Mon Sep 17 00:00:00 2001
+From: Hui Wang <hui.wang@canonical.com>
+Date: Fri, 7 Jul 2017 12:08:29 +0800
+Subject: ALSA: hda/realtek - change the location for one of two front microphones
+
+From: Hui Wang <hui.wang@canonical.com>
+
+commit f33f79f3d0e5caf04dd889cd7cf636261970f009 upstream.
+
+On this Lenovo machine, there are two front mics, and both of them are
+assigned the same name "Mic", but pulseaudio can't support two mics
+with the same name, as a workaround, we change the location for one of
+them, then the driver will assign "Front Mic" and "Mic" for them.
+
+Signed-off-by: Hui Wang <hui.wang@canonical.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_realtek.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -4964,6 +4964,7 @@ enum {
+ ALC233_FIXUP_ASUS_MIC_NO_PRESENCE,
+ ALC233_FIXUP_EAPD_COEF_AND_MIC_NO_PRESENCE,
+ ALC233_FIXUP_LENOVO_MULTI_CODECS,
++ ALC294_FIXUP_LENOVO_MIC_LOCATION,
+ };
+
+ static const struct hda_fixup alc269_fixups[] = {
+@@ -5737,6 +5738,18 @@ static const struct hda_fixup alc269_fix
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc233_alc662_fixup_lenovo_dual_codecs,
+ },
++ [ALC294_FIXUP_LENOVO_MIC_LOCATION] = {
++ .type = HDA_FIXUP_PINS,
++ .v.pins = (const struct hda_pintbl[]) {
++ /* Change the mic location from front to right, otherwise there are
++ two front mics with the same name, pulseaudio can't handle them.
++ This is just a temporary workaround, after applying this fixup,
++ there will be one "Front Mic" and one "Mic" in this machine.
++ */
++ { 0x1a, 0x04a19040 },
++ { }
++ },
++ },
+ };
+
+ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
+@@ -5918,6 +5931,7 @@ static const struct snd_pci_quirk alc269
+ SND_PCI_QUIRK(0x17aa, 0x2233, "Thinkpad", ALC292_FIXUP_TPT460),
+ SND_PCI_QUIRK(0x17aa, 0x30bb, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY),
+ SND_PCI_QUIRK(0x17aa, 0x30e2, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY),
++ SND_PCI_QUIRK(0x17aa, 0x310c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
+ SND_PCI_QUIRK(0x17aa, 0x3112, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY),
+ SND_PCI_QUIRK(0x17aa, 0x3902, "Lenovo E50-80", ALC269_FIXUP_DMIC_THINKPAD_ACPI),
+ SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC),
--- /dev/null
+From 8d5c30308d7c5a17db96fa5452c0232f633377c2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala@linux.intel.com>
+Date: Thu, 27 Apr 2017 19:02:21 +0300
+Subject: ALSA: x86: Clear the pdata.notify_lpe_audio pointer before teardown
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Ville Syrjälä <ville.syrjala@linux.intel.com>
+
+commit 8d5c30308d7c5a17db96fa5452c0232f633377c2 upstream.
+
+Clear the notify function pointer in the platform data before we tear
+down the driver. Otherwise i915 would end up calling a stale function
+pointer and possibly explode.
+
+Cc: Takashi Iwai <tiwai@suse.de>
+Cc: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
+Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
+Link: http://patchwork.freedesktop.org/patch/msgid/20170427160231.13337-3-ville.syrjala@linux.intel.com
+Reviewed-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/x86/intel_hdmi_audio.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/sound/x86/intel_hdmi_audio.c
++++ b/sound/x86/intel_hdmi_audio.c
+@@ -1665,6 +1665,11 @@ static int __maybe_unused hdmi_lpe_audio
+ static void hdmi_lpe_audio_free(struct snd_card *card)
+ {
+ struct snd_intelhad *ctx = card->private_data;
++ struct intel_hdmi_lpe_audio_pdata *pdata = ctx->dev->platform_data;
++
++ spin_lock_irq(&pdata->lpe_audio_slock);
++ pdata->notify_audio_lpe = NULL;
++ spin_unlock_irq(&pdata->lpe_audio_slock);
+
+ cancel_work_sync(&ctx->hdmi_audio_wq);
+
--- /dev/null
+From 1606043f214f912a52195293614935811a6e3e53 Mon Sep 17 00:00:00 2001
+From: Gilad Ben-Yossef <gilad@benyossef.com>
+Date: Wed, 28 Jun 2017 10:22:03 +0300
+Subject: crypto: atmel - only treat EBUSY as transient if backlog
+
+From: Gilad Ben-Yossef <gilad@benyossef.com>
+
+commit 1606043f214f912a52195293614935811a6e3e53 upstream.
+
+The Atmel SHA driver was treating -EBUSY as indication of queueing
+to backlog without checking that backlog is enabled for the request.
+
+Fix it by checking request flags.
+
+Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/atmel-sha.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/crypto/atmel-sha.c
++++ b/drivers/crypto/atmel-sha.c
+@@ -1204,7 +1204,9 @@ static int atmel_sha_finup(struct ahash_
+ ctx->flags |= SHA_FLAGS_FINUP;
+
+ err1 = atmel_sha_update(req);
+- if (err1 == -EINPROGRESS || err1 == -EBUSY)
++ if (err1 == -EINPROGRESS ||
++ (err1 == -EBUSY && (ahash_request_flags(req) &
++ CRYPTO_TFM_REQ_MAY_BACKLOG)))
+ return err1;
+
+ /*
--- /dev/null
+From 7459e1d25ffefa2b1be799477fcc1f6c62f6cec7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Horia=20Geant=C4=83?= <horia.geanta@nxp.com>
+Date: Fri, 7 Jul 2017 16:57:06 +0300
+Subject: crypto: caam - fix signals handling
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Horia Geantă <horia.geanta@nxp.com>
+
+commit 7459e1d25ffefa2b1be799477fcc1f6c62f6cec7 upstream.
+
+Driver does not properly handle the case when signals interrupt
+wait_for_completion_interruptible():
+-it does not check for return value
+-completion structure is allocated on stack; in case a signal interrupts
+the sleep, it will go out of scope, causing the worker thread
+(caam_jr_dequeue) to fail when it accesses it
+
+wait_for_completion_interruptible() is replaced with uninterruptable
+wait_for_completion().
+We choose to block all signals while waiting for I/O (device executing
+the split key generation job descriptor) since the alternative - in
+order to have a deterministic device state - would be to flush the job
+ring (aborting *all* in-progress jobs).
+
+Fixes: 045e36780f115 ("crypto: caam - ahash hmac support")
+Fixes: 4c1ec1f930154 ("crypto: caam - refactor key_gen, sg")
+Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/caam/caamhash.c | 2 +-
+ drivers/crypto/caam/key_gen.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/crypto/caam/caamhash.c
++++ b/drivers/crypto/caam/caamhash.c
+@@ -396,7 +396,7 @@ static int hash_digest_key(struct caam_h
+ ret = caam_jr_enqueue(jrdev, desc, split_key_done, &result);
+ if (!ret) {
+ /* in progress */
+- wait_for_completion_interruptible(&result.completion);
++ wait_for_completion(&result.completion);
+ ret = result.err;
+ #ifdef DEBUG
+ print_hex_dump(KERN_ERR,
+--- a/drivers/crypto/caam/key_gen.c
++++ b/drivers/crypto/caam/key_gen.c
+@@ -149,7 +149,7 @@ int gen_split_key(struct device *jrdev,
+ ret = caam_jr_enqueue(jrdev, desc, split_key_done, &result);
+ if (!ret) {
+ /* in progress */
+- wait_for_completion_interruptible(&result.completion);
++ wait_for_completion(&result.completion);
+ ret = result.err;
+ #ifdef DEBUG
+ print_hex_dump(KERN_ERR, "ctx.key@"__stringify(__LINE__)": ",
--- /dev/null
+From 854b06f768794cd664886ec3ba3a5b1c58d42167 Mon Sep 17 00:00:00 2001
+From: David Gstir <david@sigma-star.at>
+Date: Wed, 28 Jun 2017 15:27:10 +0200
+Subject: crypto: caam - properly set IV after {en,de}crypt
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: David Gstir <david@sigma-star.at>
+
+commit 854b06f768794cd664886ec3ba3a5b1c58d42167 upstream.
+
+Certain cipher modes like CTS expect the IV (req->info) of
+ablkcipher_request (or equivalently req->iv of skcipher_request) to
+contain the last ciphertext block when the {en,de}crypt operation is done.
+This is currently not the case for the CAAM driver which in turn breaks
+e.g. cts(cbc(aes)) when the CAAM driver is enabled.
+
+This patch fixes the CAAM driver to properly set the IV after the
+{en,de}crypt operation of ablkcipher finishes.
+
+This issue was revealed by the changes in the SW CTS mode in commit
+0605c41cc53ca ("crypto: cts - Convert to skcipher")
+
+Signed-off-by: David Gstir <david@sigma-star.at>
+Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/caam/caamalg.c | 20 ++++++++++++++++++--
+ 1 file changed, 18 insertions(+), 2 deletions(-)
+
+--- a/drivers/crypto/caam/caamalg.c
++++ b/drivers/crypto/caam/caamalg.c
+@@ -882,10 +882,10 @@ static void ablkcipher_encrypt_done(stru
+ {
+ struct ablkcipher_request *req = context;
+ struct ablkcipher_edesc *edesc;
+-#ifdef DEBUG
+ struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req);
+ int ivsize = crypto_ablkcipher_ivsize(ablkcipher);
+
++#ifdef DEBUG
+ dev_err(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err);
+ #endif
+
+@@ -904,6 +904,14 @@ static void ablkcipher_encrypt_done(stru
+ #endif
+
+ ablkcipher_unmap(jrdev, edesc, req);
++
++ /*
++ * The crypto API expects us to set the IV (req->info) to the last
++ * ciphertext block. This is used e.g. by the CTS mode.
++ */
++ scatterwalk_map_and_copy(req->info, req->dst, req->nbytes - ivsize,
++ ivsize, 0);
++
+ kfree(edesc);
+
+ ablkcipher_request_complete(req, err);
+@@ -914,10 +922,10 @@ static void ablkcipher_decrypt_done(stru
+ {
+ struct ablkcipher_request *req = context;
+ struct ablkcipher_edesc *edesc;
+-#ifdef DEBUG
+ struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req);
+ int ivsize = crypto_ablkcipher_ivsize(ablkcipher);
+
++#ifdef DEBUG
+ dev_err(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err);
+ #endif
+
+@@ -935,6 +943,14 @@ static void ablkcipher_decrypt_done(stru
+ #endif
+
+ ablkcipher_unmap(jrdev, edesc, req);
++
++ /*
++ * The crypto API expects us to set the IV (req->info) to the last
++ * ciphertext block.
++ */
++ scatterwalk_map_and_copy(req->info, req->src, req->nbytes - ivsize,
++ ivsize, 0);
++
+ kfree(edesc);
+
+ ablkcipher_request_complete(req, err);
--- /dev/null
+From b82ce24426a4071da9529d726057e4e642948667 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Tue, 4 Jul 2017 12:21:12 +0800
+Subject: crypto: sha1-ssse3 - Disable avx2
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit b82ce24426a4071da9529d726057e4e642948667 upstream.
+
+It has been reported that sha1-avx2 can cause page faults by reading
+beyond the end of the input. This patch disables it until it can be
+fixed.
+
+Fixes: 7c1da8d0d046 ("crypto: sha - SHA1 transform x86_64 AVX2")
+Reported-by: Jan Stancek <jstancek@redhat.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/crypto/sha1_ssse3_glue.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/crypto/sha1_ssse3_glue.c
++++ b/arch/x86/crypto/sha1_ssse3_glue.c
+@@ -201,7 +201,7 @@ asmlinkage void sha1_transform_avx2(u32
+
+ static bool avx2_usable(void)
+ {
+- if (avx_usable() && boot_cpu_has(X86_FEATURE_AVX2)
++ if (false && avx_usable() && boot_cpu_has(X86_FEATURE_AVX2)
+ && boot_cpu_has(X86_FEATURE_BMI1)
+ && boot_cpu_has(X86_FEATURE_BMI2))
+ return true;
--- /dev/null
+From 03d2c5114c95797c0aa7d9f463348b171a274fd4 Mon Sep 17 00:00:00 2001
+From: Martin Hicks <mort@bork.org>
+Date: Tue, 2 May 2017 09:38:35 -0400
+Subject: crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Martin Hicks <mort@bork.org>
+
+commit 03d2c5114c95797c0aa7d9f463348b171a274fd4 upstream.
+
+An updated patch that also handles the additional key length requirements
+for the AEAD algorithms.
+
+The max keysize is not 96. For SHA384/512 it's 128, and for the AEAD
+algorithms it's longer still. Extend the max keysize for the
+AEAD size for AES256 + HMAC(SHA512).
+
+Fixes: 357fb60502ede ("crypto: talitos - add sha224, sha384 and sha512 to existing AEAD algorithms")
+Signed-off-by: Martin Hicks <mort@bork.org>
+Acked-by: Horia Geantă <horia.geanta@nxp.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -816,7 +816,7 @@ static void talitos_unregister_rng(struc
+ * HMAC_SNOOP_NO_AFEA (HSNA) instead of type IPSEC_ESP
+ */
+ #define TALITOS_CRA_PRIORITY_AEAD_HSNA (TALITOS_CRA_PRIORITY - 1)
+-#define TALITOS_MAX_KEY_SIZE 96
++#define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + SHA512_BLOCK_SIZE)
+ #define TALITOS_MAX_IV_LENGTH 16 /* max of AES_BLOCK_SIZE, DES3_EDE_BLOCK_SIZE */
+
+ struct talitos_ctx {
+@@ -1495,6 +1495,11 @@ static int ablkcipher_setkey(struct cryp
+ {
+ struct talitos_ctx *ctx = crypto_ablkcipher_ctx(cipher);
+
++ if (keylen > TALITOS_MAX_KEY_SIZE) {
++ crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
++ return -EINVAL;
++ }
++
+ memcpy(&ctx->key, key, keylen);
+ ctx->keylen = keylen;
+
--- /dev/null
+From 4f9dabfaf8df971f8a3b6aa324f8f817be38d538 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Thu, 13 Jul 2017 13:16:56 +0100
+Subject: KEYS: DH: validate __spare field
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 4f9dabfaf8df971f8a3b6aa324f8f817be38d538 upstream.
+
+Syscalls must validate that their reserved arguments are zero and return
+EINVAL otherwise. Otherwise, it will be impossible to actually use them
+for anything in the future because existing programs may be passing
+garbage in. This is standard practice when adding new APIs.
+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Signed-off-by: James Morris <james.l.morris@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/keys/compat_dh.c | 2 ++
+ security/keys/dh.c | 5 +++++
+ 2 files changed, 7 insertions(+)
+
+--- a/security/keys/compat_dh.c
++++ b/security/keys/compat_dh.c
+@@ -33,6 +33,8 @@ long compat_keyctl_dh_compute(struct key
+ kdfcopy.hashname = compat_ptr(compat_kdfcopy.hashname);
+ kdfcopy.otherinfo = compat_ptr(compat_kdfcopy.otherinfo);
+ kdfcopy.otherinfolen = compat_kdfcopy.otherinfolen;
++ memcpy(kdfcopy.__spare, compat_kdfcopy.__spare,
++ sizeof(kdfcopy.__spare));
+
+ return __keyctl_dh_compute(params, buffer, buflen, &kdfcopy);
+ }
+--- a/security/keys/dh.c
++++ b/security/keys/dh.c
+@@ -266,6 +266,11 @@ long __keyctl_dh_compute(struct keyctl_d
+ if (kdfcopy) {
+ char *hashname;
+
++ if (memchr_inv(kdfcopy->__spare, 0, sizeof(kdfcopy->__spare))) {
++ ret = -EINVAL;
++ goto out1;
++ }
++
+ if (buflen > KEYCTL_KDF_MAX_OUTPUT_LEN ||
+ kdfcopy->otherinfolen > KEYCTL_KDF_MAX_OI_LEN) {
+ ret = -EMSGSIZE;
--- /dev/null
+From 691bd4340bef49cf7e5855d06cf24444b5bf2d85 Mon Sep 17 00:00:00 2001
+From: Haozhong Zhang <haozhong.zhang@intel.com>
+Date: Tue, 4 Jul 2017 10:27:41 +0800
+Subject: kvm: vmx: allow host to access guest MSR_IA32_BNDCFGS
+
+From: Haozhong Zhang <haozhong.zhang@intel.com>
+
+commit 691bd4340bef49cf7e5855d06cf24444b5bf2d85 upstream.
+
+It's easier for host applications, such as QEMU, if they can always
+access guest MSR_IA32_BNDCFGS in VMCS, even though MPX is disabled in
+guest cpuid.
+
+Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/vmx.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -3195,7 +3195,8 @@ static int vmx_get_msr(struct kvm_vcpu *
+ msr_info->data = vmcs_readl(GUEST_SYSENTER_ESP);
+ break;
+ case MSR_IA32_BNDCFGS:
+- if (!kvm_mpx_supported() || !guest_cpuid_has_mpx(vcpu))
++ if (!kvm_mpx_supported() ||
++ (!msr_info->host_initiated && !guest_cpuid_has_mpx(vcpu)))
+ return 1;
+ msr_info->data = vmcs_read64(GUEST_BNDCFGS);
+ break;
+@@ -3277,7 +3278,8 @@ static int vmx_set_msr(struct kvm_vcpu *
+ vmcs_writel(GUEST_SYSENTER_ESP, data);
+ break;
+ case MSR_IA32_BNDCFGS:
+- if (!kvm_mpx_supported() || !guest_cpuid_has_mpx(vcpu))
++ if (!kvm_mpx_supported() ||
++ (!msr_info->host_initiated && !guest_cpuid_has_mpx(vcpu)))
+ return 1;
+ if (is_noncanonical_address(data & PAGE_MASK) ||
+ (data & MSR_IA32_BNDCFGS_RSVD))
--- /dev/null
+From 4531662d1abf6c1f0e5c2b86ddb60e61509786c8 Mon Sep 17 00:00:00 2001
+From: Jim Mattson <jmattson@google.com>
+Date: Tue, 23 May 2017 11:52:54 -0700
+Subject: kvm: vmx: Check value written to IA32_BNDCFGS
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Jim Mattson <jmattson@google.com>
+
+commit 4531662d1abf6c1f0e5c2b86ddb60e61509786c8 upstream.
+
+Bits 11:2 must be zero and the linear addess in bits 63:12 must be
+canonical. Otherwise, WRMSR(BNDCFGS) should raise #GP.
+
+Fixes: 0dd376e709975779 ("KVM: x86: add MSR_IA32_BNDCFGS to msrs_to_save")
+Signed-off-by: Jim Mattson <jmattson@google.com>
+Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/msr-index.h | 2 ++
+ arch/x86/kvm/vmx.c | 3 +++
+ 2 files changed, 5 insertions(+)
+
+--- a/arch/x86/include/asm/msr-index.h
++++ b/arch/x86/include/asm/msr-index.h
+@@ -420,6 +420,8 @@
+ #define MSR_IA32_TSC_ADJUST 0x0000003b
+ #define MSR_IA32_BNDCFGS 0x00000d90
+
++#define MSR_IA32_BNDCFGS_RSVD 0x00000ffc
++
+ #define MSR_IA32_XSS 0x00000da0
+
+ #define FEATURE_CONTROL_LOCKED (1<<0)
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -3279,6 +3279,9 @@ static int vmx_set_msr(struct kvm_vcpu *
+ case MSR_IA32_BNDCFGS:
+ if (!kvm_mpx_supported() || !guest_cpuid_has_mpx(vcpu))
+ return 1;
++ if (is_noncanonical_address(data & PAGE_MASK) ||
++ (data & MSR_IA32_BNDCFGS_RSVD))
++ return 1;
+ vmcs_write64(GUEST_BNDCFGS, data);
+ break;
+ case MSR_IA32_TSC:
--- /dev/null
+From a8b6fda38f80e75afa3b125c9e7f2550b579454b Mon Sep 17 00:00:00 2001
+From: Jim Mattson <jmattson@google.com>
+Date: Tue, 23 May 2017 11:52:52 -0700
+Subject: kvm: vmx: Do not disable intercepts for BNDCFGS
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Jim Mattson <jmattson@google.com>
+
+commit a8b6fda38f80e75afa3b125c9e7f2550b579454b upstream.
+
+The MSR permission bitmaps are shared by all VMs. However, some VMs
+may not be configured to support MPX, even when the host does. If the
+host supports VMX and the guest does not, we should intercept accesses
+to the BNDCFGS MSR, so that we can synthesize a #GP
+fault. Furthermore, if the host does not support MPX and the
+"ignore_msrs" kvm kernel parameter is set, then we should intercept
+accesses to the BNDCFGS MSR, so that we can skip over the rdmsr/wrmsr
+without raising a #GP fault.
+
+Fixes: da8999d31818fdc8 ("KVM: x86: Intel MPX vmx and msr handle")
+Signed-off-by: Jim Mattson <jmattson@google.com>
+Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/vmx.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -6547,7 +6547,6 @@ static __init int hardware_setup(void)
+ vmx_disable_intercept_for_msr(MSR_IA32_SYSENTER_CS, false);
+ vmx_disable_intercept_for_msr(MSR_IA32_SYSENTER_ESP, false);
+ vmx_disable_intercept_for_msr(MSR_IA32_SYSENTER_EIP, false);
+- vmx_disable_intercept_for_msr(MSR_IA32_BNDCFGS, true);
+
+ memcpy(vmx_msr_bitmap_legacy_x2apic_apicv,
+ vmx_msr_bitmap_legacy, PAGE_SIZE);
--- /dev/null
+From 4439af9f911ae0243ffe4e2dfc12bace49605d8b Mon Sep 17 00:00:00 2001
+From: Jim Mattson <jmattson@google.com>
+Date: Wed, 24 May 2017 10:49:25 -0700
+Subject: kvm: x86: Guest BNDCFGS requires guest MPX support
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Jim Mattson <jmattson@google.com>
+
+commit 4439af9f911ae0243ffe4e2dfc12bace49605d8b upstream.
+
+The BNDCFGS MSR should only be exposed to the guest if the guest
+supports MPX. (cf. the TSC_AUX MSR and RDTSCP.)
+
+Fixes: 0dd376e709975779 ("KVM: x86: add MSR_IA32_BNDCFGS to msrs_to_save")
+Change-Id: I3ad7c01bda616715137ceac878f3fa7e66b6b387
+Signed-off-by: Jim Mattson <jmattson@google.com>
+Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/cpuid.h | 8 ++++++++
+ arch/x86/kvm/vmx.c | 4 ++--
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/cpuid.h
++++ b/arch/x86/kvm/cpuid.h
+@@ -144,6 +144,14 @@ static inline bool guest_cpuid_has_rtm(s
+ return best && (best->ebx & bit(X86_FEATURE_RTM));
+ }
+
++static inline bool guest_cpuid_has_mpx(struct kvm_vcpu *vcpu)
++{
++ struct kvm_cpuid_entry2 *best;
++
++ best = kvm_find_cpuid_entry(vcpu, 7, 0);
++ return best && (best->ebx & bit(X86_FEATURE_MPX));
++}
++
+ static inline bool guest_cpuid_has_rdtscp(struct kvm_vcpu *vcpu)
+ {
+ struct kvm_cpuid_entry2 *best;
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -3195,7 +3195,7 @@ static int vmx_get_msr(struct kvm_vcpu *
+ msr_info->data = vmcs_readl(GUEST_SYSENTER_ESP);
+ break;
+ case MSR_IA32_BNDCFGS:
+- if (!kvm_mpx_supported())
++ if (!kvm_mpx_supported() || !guest_cpuid_has_mpx(vcpu))
+ return 1;
+ msr_info->data = vmcs_read64(GUEST_BNDCFGS);
+ break;
+@@ -3277,7 +3277,7 @@ static int vmx_set_msr(struct kvm_vcpu *
+ vmcs_writel(GUEST_SYSENTER_ESP, data);
+ break;
+ case MSR_IA32_BNDCFGS:
+- if (!kvm_mpx_supported())
++ if (!kvm_mpx_supported() || !guest_cpuid_has_mpx(vcpu))
+ return 1;
+ vmcs_write64(GUEST_BNDCFGS, data);
+ break;
--- /dev/null
+From 2ca30331c156ca9e97643ad05dd8930b8fe78b01 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Mon, 10 Jul 2017 10:21:40 +0300
+Subject: PM / QoS: return -EINVAL for bogus strings
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 2ca30331c156ca9e97643ad05dd8930b8fe78b01 upstream.
+
+In the current code, if the user accidentally writes a bogus command to
+this sysfs file, then we set the latency tolerance to an uninitialized
+variable.
+
+Fixes: 2d984ad132a8 (PM / QoS: Introcuce latency tolerance device PM QoS type)
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Pavel Machek <pavel@ucw.cz>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/base/power/sysfs.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/base/power/sysfs.c
++++ b/drivers/base/power/sysfs.c
+@@ -272,6 +272,8 @@ static ssize_t pm_qos_latency_tolerance_
+ value = PM_QOS_LATENCY_TOLERANCE_NO_CONSTRAINT;
+ else if (!strcmp(buf, "any") || !strcmp(buf, "any\n"))
+ value = PM_QOS_LATENCY_ANY;
++ else
++ return -EINVAL;
+ }
+ ret = dev_pm_qos_update_user_latency_tolerance(dev, value);
+ return ret < 0 ? ret : n;
--- /dev/null
+From ea0212f40c6bc0594c8eff79266759e3ecd4bacc Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Sun, 25 Jun 2017 19:31:13 +0200
+Subject: PM / wakeirq: Convert to SRCU
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit ea0212f40c6bc0594c8eff79266759e3ecd4bacc upstream.
+
+The wakeirq infrastructure uses RCU to protect the list of wakeirqs. That
+breaks the irq bus locking infrastructure, which is allows sleeping
+functions to be called so interrupt controllers behind slow busses,
+e.g. i2c, can be handled.
+
+The wakeirq functions hold rcu_read_lock and call into irq functions, which
+in case of interrupts using the irq bus locking will trigger a
+might_sleep() splat.
+
+Convert the wakeirq infrastructure to Sleepable RCU and unbreak it.
+
+Fixes: 4990d4fe327b (PM / Wakeirq: Add automated device wake IRQ handling)
+Reported-by: Brian Norris <briannorris@chromium.org>
+Suggested-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+Tested-by: Tony Lindgren <tony@atomide.com>
+Tested-by: Brian Norris <briannorris@chromium.org>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/base/power/wakeup.c | 32 ++++++++++++++++++--------------
+ 1 file changed, 18 insertions(+), 14 deletions(-)
+
+--- a/drivers/base/power/wakeup.c
++++ b/drivers/base/power/wakeup.c
+@@ -60,6 +60,8 @@ static LIST_HEAD(wakeup_sources);
+
+ static DECLARE_WAIT_QUEUE_HEAD(wakeup_count_wait_queue);
+
++DEFINE_STATIC_SRCU(wakeup_srcu);
++
+ static struct wakeup_source deleted_ws = {
+ .name = "deleted",
+ .lock = __SPIN_LOCK_UNLOCKED(deleted_ws.lock),
+@@ -198,7 +200,7 @@ void wakeup_source_remove(struct wakeup_
+ spin_lock_irqsave(&events_lock, flags);
+ list_del_rcu(&ws->entry);
+ spin_unlock_irqrestore(&events_lock, flags);
+- synchronize_rcu();
++ synchronize_srcu(&wakeup_srcu);
+ }
+ EXPORT_SYMBOL_GPL(wakeup_source_remove);
+
+@@ -332,12 +334,12 @@ void device_wakeup_detach_irq(struct dev
+ void device_wakeup_arm_wake_irqs(void)
+ {
+ struct wakeup_source *ws;
++ int srcuidx;
+
+- rcu_read_lock();
++ srcuidx = srcu_read_lock(&wakeup_srcu);
+ list_for_each_entry_rcu(ws, &wakeup_sources, entry)
+ dev_pm_arm_wake_irq(ws->wakeirq);
+-
+- rcu_read_unlock();
++ srcu_read_unlock(&wakeup_srcu, srcuidx);
+ }
+
+ /**
+@@ -348,12 +350,12 @@ void device_wakeup_arm_wake_irqs(void)
+ void device_wakeup_disarm_wake_irqs(void)
+ {
+ struct wakeup_source *ws;
++ int srcuidx;
+
+- rcu_read_lock();
++ srcuidx = srcu_read_lock(&wakeup_srcu);
+ list_for_each_entry_rcu(ws, &wakeup_sources, entry)
+ dev_pm_disarm_wake_irq(ws->wakeirq);
+-
+- rcu_read_unlock();
++ srcu_read_unlock(&wakeup_srcu, srcuidx);
+ }
+
+ /**
+@@ -804,10 +806,10 @@ EXPORT_SYMBOL_GPL(pm_wakeup_dev_event);
+ void pm_print_active_wakeup_sources(void)
+ {
+ struct wakeup_source *ws;
+- int active = 0;
++ int srcuidx, active = 0;
+ struct wakeup_source *last_activity_ws = NULL;
+
+- rcu_read_lock();
++ srcuidx = srcu_read_lock(&wakeup_srcu);
+ list_for_each_entry_rcu(ws, &wakeup_sources, entry) {
+ if (ws->active) {
+ pr_debug("active wakeup source: %s\n", ws->name);
+@@ -823,7 +825,7 @@ void pm_print_active_wakeup_sources(void
+ if (!active && last_activity_ws)
+ pr_debug("last active wakeup source: %s\n",
+ last_activity_ws->name);
+- rcu_read_unlock();
++ srcu_read_unlock(&wakeup_srcu, srcuidx);
+ }
+ EXPORT_SYMBOL_GPL(pm_print_active_wakeup_sources);
+
+@@ -950,8 +952,9 @@ void pm_wakep_autosleep_enabled(bool set
+ {
+ struct wakeup_source *ws;
+ ktime_t now = ktime_get();
++ int srcuidx;
+
+- rcu_read_lock();
++ srcuidx = srcu_read_lock(&wakeup_srcu);
+ list_for_each_entry_rcu(ws, &wakeup_sources, entry) {
+ spin_lock_irq(&ws->lock);
+ if (ws->autosleep_enabled != set) {
+@@ -965,7 +968,7 @@ void pm_wakep_autosleep_enabled(bool set
+ }
+ spin_unlock_irq(&ws->lock);
+ }
+- rcu_read_unlock();
++ srcu_read_unlock(&wakeup_srcu, srcuidx);
+ }
+ #endif /* CONFIG_PM_AUTOSLEEP */
+
+@@ -1026,15 +1029,16 @@ static int print_wakeup_source_stats(str
+ static int wakeup_sources_stats_show(struct seq_file *m, void *unused)
+ {
+ struct wakeup_source *ws;
++ int srcuidx;
+
+ seq_puts(m, "name\t\tactive_count\tevent_count\twakeup_count\t"
+ "expire_count\tactive_since\ttotal_time\tmax_time\t"
+ "last_change\tprevent_suspend_time\n");
+
+- rcu_read_lock();
++ srcuidx = srcu_read_lock(&wakeup_srcu);
+ list_for_each_entry_rcu(ws, &wakeup_sources, entry)
+ print_wakeup_source_stats(m, ws);
+- rcu_read_unlock();
++ srcu_read_unlock(&wakeup_srcu, srcuidx);
+
+ print_wakeup_source_stats(m, &deleted_ws);
+
--- /dev/null
+From f6525b96dd9f68efe374e5aef864975e628de991 Mon Sep 17 00:00:00 2001
+From: Douglas Anderson <dianders@chromium.org>
+Date: Tue, 30 May 2017 15:50:38 -0700
+Subject: pstore: Fix leaked pstore_record in pstore_get_backend_records()
+
+From: Douglas Anderson <dianders@chromium.org>
+
+commit f6525b96dd9f68efe374e5aef864975e628de991 upstream.
+
+When the "if (record->size <= 0)" test is true in
+pstore_get_backend_records() it's pretty clear that nobody holds a
+reference to the allocated pstore_record, yet we don't free it.
+
+Let's free it.
+
+Fixes: 2a2b0acf768c ("pstore: Allocate records on heap instead of stack")
+Signed-off-by: Douglas Anderson <dianders@chromium.org>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/pstore/platform.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/pstore/platform.c
++++ b/fs/pstore/platform.c
+@@ -846,8 +846,10 @@ void pstore_get_backend_records(struct p
+ record->size = psi->read(record);
+
+ /* No more records left in backend? */
+- if (record->size <= 0)
++ if (record->size <= 0) {
++ kfree(record);
+ break;
++ }
+
+ decompress_record(record);
+ rc = pstore_mkfile(root, record);
--- /dev/null
+From 242fc35290bd8cf0effc6e3474e3a417985de2f3 Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@altlinux.org>
+Date: Wed, 5 Jul 2017 19:23:28 +0300
+Subject: sched/headers/uapi: Fix linux/sched/types.h userspace compilation errors
+
+From: Dmitry V. Levin <ldv@altlinux.org>
+
+commit 242fc35290bd8cf0effc6e3474e3a417985de2f3 upstream.
+
+Consistently use types provided by <linux/types.h> to fix the following
+linux/sched/types.h userspace compilation errors:
+
+ /usr/include/linux/sched/types.h:57:2: error: unknown type name 'u32'
+ u32 size;
+ ...
+ u64 sched_period;
+
+Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Fixes: e2d1e2aec572 ("sched/headers: Move various ABI definitions to <uapi/linux/sched/types.h>")
+Link: http://lkml.kernel.org/r/20170705162328.GA11026@altlinux.org
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/uapi/linux/sched/types.h | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+--- a/include/uapi/linux/sched/types.h
++++ b/include/uapi/linux/sched/types.h
+@@ -54,21 +54,21 @@ struct sched_param {
+ * available in the scheduling class file or in Documentation/.
+ */
+ struct sched_attr {
+- u32 size;
++ __u32 size;
+
+- u32 sched_policy;
+- u64 sched_flags;
++ __u32 sched_policy;
++ __u64 sched_flags;
+
+ /* SCHED_NORMAL, SCHED_BATCH */
+- s32 sched_nice;
++ __s32 sched_nice;
+
+ /* SCHED_FIFO, SCHED_RR */
+- u32 sched_priority;
++ __u32 sched_priority;
+
+ /* SCHED_DEADLINE */
+- u64 sched_runtime;
+- u64 sched_deadline;
+- u64 sched_period;
++ __u64 sched_runtime;
++ __u64 sched_deadline;
++ __u64 sched_period;
+ };
+
+ #endif /* _UAPI_LINUX_SCHED_TYPES_H */
--- /dev/null
+From 0372dd2736e02672ac6e189c31f7d8c02ad543cd Mon Sep 17 00:00:00 2001
+From: Peter Zijlstra <peterz@infradead.org>
+Date: Fri, 14 Apr 2017 17:24:02 +0200
+Subject: sched/topology: Fix building of overlapping sched-groups
+
+From: Peter Zijlstra <peterz@infradead.org>
+
+commit 0372dd2736e02672ac6e189c31f7d8c02ad543cd upstream.
+
+When building the overlapping groups, we very obviously should start
+with the previous domain of _this_ @cpu, not CPU-0.
+
+This can be readily demonstrated with a topology like:
+
+ node 0 1 2 3
+ 0: 10 20 30 20
+ 1: 20 10 20 30
+ 2: 30 20 10 20
+ 3: 20 30 20 10
+
+Where (for example) CPU1 ends up generating the following nonsensical groups:
+
+ [] CPU1 attaching sched-domain:
+ [] domain 0: span 0-2 level NUMA
+ [] groups: 1 2 0
+ [] domain 1: span 0-3 level NUMA
+ [] groups: 1-3 (cpu_capacity = 3072) 0-1,3 (cpu_capacity = 3072)
+
+Where the fact that domain 1 doesn't include a group with span 0-2 is
+the obvious fail.
+
+With patch this looks like:
+
+ [] CPU1 attaching sched-domain:
+ [] domain 0: span 0-2 level NUMA
+ [] groups: 1 0 2
+ [] domain 1: span 0-3 level NUMA
+ [] groups: 0-2 (cpu_capacity = 3072) 0,2-3 (cpu_capacity = 3072)
+
+Debugged-by: Lauro Ramos Venancio <lvenanci@redhat.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Mike Galbraith <efault@gmx.de>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: linux-kernel@vger.kernel.org
+Fixes: e3589f6c81e4 ("sched: Allow for overlapping sched_domain spans")
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/sched/topology.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/sched/topology.c
++++ b/kernel/sched/topology.c
+@@ -525,7 +525,7 @@ build_overlap_sched_groups(struct sched_
+
+ cpumask_clear(covered);
+
+- for_each_cpu(i, span) {
++ for_each_cpu_wrap(i, span, cpu) {
+ struct cpumask *sg_span;
+
+ if (cpumask_test_cpu(i, covered))
--- /dev/null
+From 73bb059f9b8a00c5e1bf2f7ca83138c05d05e600 Mon Sep 17 00:00:00 2001
+From: Peter Zijlstra <peterz@infradead.org>
+Date: Tue, 25 Apr 2017 14:00:49 +0200
+Subject: sched/topology: Fix overlapping sched_group_mask
+
+From: Peter Zijlstra <peterz@infradead.org>
+
+commit 73bb059f9b8a00c5e1bf2f7ca83138c05d05e600 upstream.
+
+The point of sched_group_mask is to select those CPUs from
+sched_group_cpus that can actually arrive at this balance domain.
+
+The current code gets it wrong, as can be readily demonstrated with a
+topology like:
+
+ node 0 1 2 3
+ 0: 10 20 30 20
+ 1: 20 10 20 30
+ 2: 30 20 10 20
+ 3: 20 30 20 10
+
+Where (for example) domain 1 on CPU1 ends up with a mask that includes
+CPU0:
+
+ [] CPU1 attaching sched-domain:
+ [] domain 0: span 0-2 level NUMA
+ [] groups: 1 (mask: 1), 2, 0
+ [] domain 1: span 0-3 level NUMA
+ [] groups: 0-2 (mask: 0-2) (cpu_capacity: 3072), 0,2-3 (cpu_capacity: 3072)
+
+This causes sched_balance_cpu() to compute the wrong CPU and
+consequently should_we_balance() will terminate early resulting in
+missed load-balance opportunities.
+
+The fixed topology looks like:
+
+ [] CPU1 attaching sched-domain:
+ [] domain 0: span 0-2 level NUMA
+ [] groups: 1 (mask: 1), 2, 0
+ [] domain 1: span 0-3 level NUMA
+ [] groups: 0-2 (mask: 1) (cpu_capacity: 3072), 0,2-3 (cpu_capacity: 3072)
+
+(note: this relies on OVERLAP domains to always have children, this is
+ true because the regular topology domains are still here -- this is
+ before degenerate trimming)
+
+Debugged-by: Lauro Ramos Venancio <lvenanci@redhat.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Mike Galbraith <efault@gmx.de>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: linux-kernel@vger.kernel.org
+Fixes: e3589f6c81e4 ("sched: Allow for overlapping sched_domain spans")
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/sched/topology.c | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+--- a/kernel/sched/topology.c
++++ b/kernel/sched/topology.c
+@@ -480,6 +480,9 @@ enum s_alloc {
+ * Build an iteration mask that can exclude certain CPUs from the upwards
+ * domain traversal.
+ *
++ * Only CPUs that can arrive at this group should be considered to continue
++ * balancing.
++ *
+ * Asymmetric node setups can result in situations where the domain tree is of
+ * unequal depth, make sure to skip domains that already cover the entire
+ * range.
+@@ -497,11 +500,24 @@ static void build_group_mask(struct sche
+
+ for_each_cpu(i, span) {
+ sibling = *per_cpu_ptr(sdd->sd, i);
+- if (!cpumask_test_cpu(i, sched_domain_span(sibling)))
++
++ /*
++ * Can happen in the asymmetric case, where these siblings are
++ * unused. The mask will not be empty because those CPUs that
++ * do have the top domain _should_ span the domain.
++ */
++ if (!sibling->child)
++ continue;
++
++ /* If we would not end up here, we can't continue from here */
++ if (!cpumask_equal(sg_span, sched_domain_span(sibling->child)))
+ continue;
+
+ cpumask_set_cpu(i, sched_group_mask(sg));
+ }
++
++ /* We must not have empty masks here */
++ WARN_ON_ONCE(cpumask_empty(sched_group_mask(sg)));
+ }
+
+ /*
mnt-make-propagate_umount-less-slow-for-overlapping-mount-propagation-trees.patch
selftests-capabilities-fix-the-test_execve-test.patch
mm-fix-overflow-check-in-expand_upwards.patch
+crypto-talitos-extend-max-key-length-for-sha384-512-hmac-and-aead.patch
+crypto-atmel-only-treat-ebusy-as-transient-if-backlog.patch
+crypto-sha1-ssse3-disable-avx2.patch
+crypto-caam-properly-set-iv-after-en-de-crypt.patch
+crypto-caam-fix-signals-handling.patch
+keys-dh-validate-__spare-field.patch
+sched-headers-uapi-fix-linux-sched-types.h-userspace-compilation-errors.patch
+sched-topology-fix-building-of-overlapping-sched-groups.patch
+sched-topology-fix-overlapping-sched_group_mask.patch
+pm-wakeirq-convert-to-srcu.patch
+pstore-fix-leaked-pstore_record-in-pstore_get_backend_records.patch
+alsa-x86-clear-the-pdata.notify_lpe_audio-pointer-before-teardown.patch
+alsa-hda-realtek-change-the-location-for-one-of-two-front-microphones.patch
+pm-qos-return-einval-for-bogus-strings.patch
+kvm-vmx-do-not-disable-intercepts-for-bndcfgs.patch
+kvm-x86-guest-bndcfgs-requires-guest-mpx-support.patch
+kvm-vmx-check-value-written-to-ia32_bndcfgs.patch
+kvm-vmx-allow-host-to-access-guest-msr_ia32_bndcfgs.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
