From: Sasha Levin Date: Wed, 4 Sep 2019 01:24:32 +0000 (-0400) Subject: fixes for 4.9 X-Git-Tag: v4.4.191~14 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=110eaebd5e54cdc5df2a15d8ee1cf4c2ddeadc71;p=thirdparty%2Fkernel%2Fstable-queue.git fixes for 4.9 Signed-off-by: Sasha Levin --- diff --git a/queue-4.9/i2c-piix4-fix-port-selection-for-amd-family-16h-mode.patch b/queue-4.9/i2c-piix4-fix-port-selection-for-amd-family-16h-mode.patch new file mode 100644 index 00000000000..51d3645d399 --- /dev/null +++ b/queue-4.9/i2c-piix4-fix-port-selection-for-amd-family-16h-mode.patch @@ -0,0 +1,95 @@ +From 1b92cc34caa8436bca8583ed6937bb506dacef29 Mon Sep 17 00:00:00 2001 +From: Andrew Cooks +Date: Fri, 2 Aug 2019 14:52:46 +0200 +Subject: i2c: piix4: Fix port selection for AMD Family 16h Model 30h + +[ Upstream commit c7c06a1532f3fe106687ac82a13492c6a619ff1c ] + +Family 16h Model 30h SMBus controller needs the same port selection fix +as described and fixed in commit 0fe16195f891 ("i2c: piix4: Fix SMBus port +selection for AMD Family 17h chips") + +commit 6befa3fde65f ("i2c: piix4: Support alternative port selection +register") also fixed the port selection for Hudson2, but unfortunately +this is not the exact same device and the AMD naming and PCI Device IDs +aren't particularly helpful here. + +The SMBus port selection register is common to the following Families +and models, as documented in AMD's publicly available BIOS and Kernel +Developer Guides: + + 50742 - Family 15h Model 60h-6Fh (PCI_DEVICE_ID_AMD_KERNCZ_SMBUS) + 55072 - Family 15h Model 70h-7Fh (PCI_DEVICE_ID_AMD_KERNCZ_SMBUS) + 52740 - Family 16h Model 30h-3Fh (PCI_DEVICE_ID_AMD_HUDSON2_SMBUS) + +The Hudson2 PCI Device ID (PCI_DEVICE_ID_AMD_HUDSON2_SMBUS) is shared +between Bolton FCH and Family 16h Model 30h, but the location of the +SmBus0Sel port selection bits are different: + + 51192 - Bolton Register Reference Guide + +We distinguish between Bolton and Family 16h Model 30h using the PCI +Revision ID: + + Bolton is device 0x780b, revision 0x15 + Family 16h Model 30h is device 0x780b, revision 0x1F + Family 15h Model 60h and 70h are both device 0x790b, revision 0x4A. + +The following additional public AMD BKDG documents were checked and do +not share the same port selection register: + + 42301 - Family 15h Model 00h-0Fh doesn't mention any + 42300 - Family 15h Model 10h-1Fh doesn't mention any + 49125 - Family 15h Model 30h-3Fh doesn't mention any + + 48751 - Family 16h Model 00h-0Fh uses the previously supported + index register SB800_PIIX4_PORT_IDX_ALT at 0x2e + +Signed-off-by: Andrew Cooks +Signed-off-by: Jean Delvare +Cc: stable@vger.kernel.org [v4.6+] +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-piix4.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/drivers/i2c/busses/i2c-piix4.c b/drivers/i2c/busses/i2c-piix4.c +index 8f1c5f24c1df5..62785aa76b3fb 100644 +--- a/drivers/i2c/busses/i2c-piix4.c ++++ b/drivers/i2c/busses/i2c-piix4.c +@@ -96,7 +96,7 @@ + #define SB800_PIIX4_PORT_IDX_MASK 0x06 + #define SB800_PIIX4_PORT_IDX_SHIFT 1 + +-/* On kerncz, SmBus0Sel is at bit 20:19 of PMx00 DecodeEn */ ++/* On kerncz and Hudson2, SmBus0Sel is at bit 20:19 of PMx00 DecodeEn */ + #define SB800_PIIX4_PORT_IDX_KERNCZ 0x02 + #define SB800_PIIX4_PORT_IDX_MASK_KERNCZ 0x18 + #define SB800_PIIX4_PORT_IDX_SHIFT_KERNCZ 3 +@@ -355,18 +355,16 @@ static int piix4_setup_sb800(struct pci_dev *PIIX4_dev, + + /* Find which register is used for port selection */ + if (PIIX4_dev->vendor == PCI_VENDOR_ID_AMD) { +- switch (PIIX4_dev->device) { +- case PCI_DEVICE_ID_AMD_KERNCZ_SMBUS: ++ if (PIIX4_dev->device == PCI_DEVICE_ID_AMD_KERNCZ_SMBUS || ++ (PIIX4_dev->device == PCI_DEVICE_ID_AMD_HUDSON2_SMBUS && ++ PIIX4_dev->revision >= 0x1F)) { + piix4_port_sel_sb800 = SB800_PIIX4_PORT_IDX_KERNCZ; + piix4_port_mask_sb800 = SB800_PIIX4_PORT_IDX_MASK_KERNCZ; + piix4_port_shift_sb800 = SB800_PIIX4_PORT_IDX_SHIFT_KERNCZ; +- break; +- case PCI_DEVICE_ID_AMD_HUDSON2_SMBUS: +- default: ++ } else { + piix4_port_sel_sb800 = SB800_PIIX4_PORT_IDX_ALT; + piix4_port_mask_sb800 = SB800_PIIX4_PORT_IDX_MASK; + piix4_port_shift_sb800 = SB800_PIIX4_PORT_IDX_SHIFT; +- break; + } + } else { + mutex_lock(&piix4_mutex_sb800); +-- +2.20.1 + diff --git a/queue-4.9/kvm-arm-arm64-vgic-fix-potential-deadlock-when-ap_li.patch b/queue-4.9/kvm-arm-arm64-vgic-fix-potential-deadlock-when-ap_li.patch new file mode 100644 index 00000000000..8e9309d95a6 --- /dev/null +++ b/queue-4.9/kvm-arm-arm64-vgic-fix-potential-deadlock-when-ap_li.patch @@ -0,0 +1,46 @@ +From 3f590152c7053bd7e3a70d74b74b72363c8b994e Mon Sep 17 00:00:00 2001 +From: Heyi Guo +Date: Tue, 27 Aug 2019 12:26:50 +0100 +Subject: KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is long + +[ Upstream commit d4a8061a7c5f7c27a2dc002ee4cb89b3e6637e44 ] + +If the ap_list is longer than 256 entries, merge_final() in list_sort() +will call the comparison callback with the same element twice, causing +a deadlock in vgic_irq_cmp(). + +Fix it by returning early when irqa == irqb. + +Cc: stable@vger.kernel.org # 4.7+ +Fixes: 8e4447457965 ("KVM: arm/arm64: vgic-new: Add IRQ sorting") +Signed-off-by: Zenghui Yu +Signed-off-by: Heyi Guo +[maz: massaged commit log and patch, added Fixes and Cc-stable] +Signed-off-by: Marc Zyngier +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +--- + virt/kvm/arm/vgic/vgic.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/virt/kvm/arm/vgic/vgic.c b/virt/kvm/arm/vgic/vgic.c +index 6440b56ec90e2..1934dc8a2ce09 100644 +--- a/virt/kvm/arm/vgic/vgic.c ++++ b/virt/kvm/arm/vgic/vgic.c +@@ -196,6 +196,13 @@ static int vgic_irq_cmp(void *priv, struct list_head *a, struct list_head *b) + bool penda, pendb; + int ret; + ++ /* ++ * list_sort may call this function with the same element when ++ * the list is fairly long. ++ */ ++ if (unlikely(irqa == irqb)) ++ return 0; ++ + spin_lock(&irqa->irq_lock); + spin_lock_nested(&irqb->irq_lock, SINGLE_DEPTH_NESTING); + +-- +2.20.1 + diff --git a/queue-4.9/kvm-arm-arm64-vgic-v2-handle-sgi-bits-in-gicd_i-s-c-.patch b/queue-4.9/kvm-arm-arm64-vgic-v2-handle-sgi-bits-in-gicd_i-s-c-.patch new file mode 100644 index 00000000000..483e923bc0c --- /dev/null +++ b/queue-4.9/kvm-arm-arm64-vgic-v2-handle-sgi-bits-in-gicd_i-s-c-.patch @@ -0,0 +1,103 @@ +From 0df23640c055d2e5e8926b01ec6166132abeac6b Mon Sep 17 00:00:00 2001 +From: Marc Zyngier +Date: Wed, 28 Aug 2019 11:10:16 +0100 +Subject: KVM: arm/arm64: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0 as WI + +[ Upstream commit 82e40f558de566fdee214bec68096bbd5e64a6a4 ] + +A guest is not allowed to inject a SGI (or clear its pending state) +by writing to GICD_ISPENDR0 (resp. GICD_ICPENDR0), as these bits are +defined as WI (as per ARM IHI 0048B 4.3.7 and 4.3.8). + +Make sure we correctly emulate the architecture. + +Fixes: 96b298000db4 ("KVM: arm/arm64: vgic-new: Add PENDING registers handlers") +Cc: stable@vger.kernel.org # 4.7+ +Reported-by: Andre Przywara +Signed-off-by: Marc Zyngier +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +--- + virt/kvm/arm/vgic/vgic-mmio.c | 18 ++++++++++++++++++ + virt/kvm/arm/vgic/vgic-v2.c | 5 ++++- + virt/kvm/arm/vgic/vgic-v3.c | 5 ++++- + 3 files changed, 26 insertions(+), 2 deletions(-) + +diff --git a/virt/kvm/arm/vgic/vgic-mmio.c b/virt/kvm/arm/vgic/vgic-mmio.c +index 85814d1bad11e..87742c9803a75 100644 +--- a/virt/kvm/arm/vgic/vgic-mmio.c ++++ b/virt/kvm/arm/vgic/vgic-mmio.c +@@ -120,6 +120,12 @@ unsigned long vgic_mmio_read_pending(struct kvm_vcpu *vcpu, + return value; + } + ++static bool is_vgic_v2_sgi(struct kvm_vcpu *vcpu, struct vgic_irq *irq) ++{ ++ return (vgic_irq_is_sgi(irq->intid) && ++ vcpu->kvm->arch.vgic.vgic_model == KVM_DEV_TYPE_ARM_VGIC_V2); ++} ++ + void vgic_mmio_write_spending(struct kvm_vcpu *vcpu, + gpa_t addr, unsigned int len, + unsigned long val) +@@ -130,6 +136,12 @@ void vgic_mmio_write_spending(struct kvm_vcpu *vcpu, + for_each_set_bit(i, &val, len * 8) { + struct vgic_irq *irq = vgic_get_irq(vcpu->kvm, vcpu, intid + i); + ++ /* GICD_ISPENDR0 SGI bits are WI */ ++ if (is_vgic_v2_sgi(vcpu, irq)) { ++ vgic_put_irq(vcpu->kvm, irq); ++ continue; ++ } ++ + spin_lock(&irq->irq_lock); + irq->pending = true; + if (irq->config == VGIC_CONFIG_LEVEL) +@@ -150,6 +162,12 @@ void vgic_mmio_write_cpending(struct kvm_vcpu *vcpu, + for_each_set_bit(i, &val, len * 8) { + struct vgic_irq *irq = vgic_get_irq(vcpu->kvm, vcpu, intid + i); + ++ /* GICD_ICPENDR0 SGI bits are WI */ ++ if (is_vgic_v2_sgi(vcpu, irq)) { ++ vgic_put_irq(vcpu->kvm, irq); ++ continue; ++ } ++ + spin_lock(&irq->irq_lock); + + if (irq->config == VGIC_CONFIG_LEVEL) { +diff --git a/virt/kvm/arm/vgic/vgic-v2.c b/virt/kvm/arm/vgic/vgic-v2.c +index 1ab58f7b5d749..4c2919cc13ca6 100644 +--- a/virt/kvm/arm/vgic/vgic-v2.c ++++ b/virt/kvm/arm/vgic/vgic-v2.c +@@ -154,7 +154,10 @@ void vgic_v2_populate_lr(struct kvm_vcpu *vcpu, struct vgic_irq *irq, int lr) + if (vgic_irq_is_sgi(irq->intid)) { + u32 src = ffs(irq->source); + +- BUG_ON(!src); ++ if (WARN_RATELIMIT(!src, "No SGI source for INTID %d\n", ++ irq->intid)) ++ return; ++ + val |= (src - 1) << GICH_LR_PHYSID_CPUID_SHIFT; + irq->source &= ~(1 << (src - 1)); + if (irq->source) +diff --git a/virt/kvm/arm/vgic/vgic-v3.c b/virt/kvm/arm/vgic/vgic-v3.c +index c7924718990e5..267b1cf88a7fe 100644 +--- a/virt/kvm/arm/vgic/vgic-v3.c ++++ b/virt/kvm/arm/vgic/vgic-v3.c +@@ -137,7 +137,10 @@ void vgic_v3_populate_lr(struct kvm_vcpu *vcpu, struct vgic_irq *irq, int lr) + model == KVM_DEV_TYPE_ARM_VGIC_V2) { + u32 src = ffs(irq->source); + +- BUG_ON(!src); ++ if (WARN_RATELIMIT(!src, "No SGI source for INTID %d\n", ++ irq->intid)) ++ return; ++ + val |= (src - 1) << GICH_LR_PHYSID_CPUID_SHIFT; + irq->source &= ~(1 << (src - 1)); + if (irq->source) +-- +2.20.1 + diff --git a/queue-4.9/series b/queue-4.9/series index 6fffb442051..c3f5afdedb5 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -77,3 +77,6 @@ stm-class-fix-a-double-free-of-stm_source_device.patch vmci-release-resource-if-the-work-is-already-queued.patch revert-cfg80211-fix-processing-world-regdomain-when-non-modular.patch mac80211-fix-possible-sta-leak.patch +kvm-arm-arm64-vgic-fix-potential-deadlock-when-ap_li.patch +kvm-arm-arm64-vgic-v2-handle-sgi-bits-in-gicd_i-s-c-.patch +i2c-piix4-fix-port-selection-for-amd-family-16h-mode.patch