From: Greg Kroah-Hartman Date: Thu, 20 Mar 2014 18:39:08 +0000 (-0700) Subject: 3.4-stable patches X-Git-Tag: v3.4.84~16 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c7bf311c4ea30346fc56e9442c0c894a3c7771d3;p=thirdparty%2Fkernel%2Fstable-queue.git 3.4-stable patches added patches: kvm-svm-fix-cr8-intercept-window.patch vmxnet3-fix-building-without-config_pci_msi.patch vmxnet3-fix-netpoll-race-condition.patch --- diff --git a/queue-3.4/kvm-svm-fix-cr8-intercept-window.patch b/queue-3.4/kvm-svm-fix-cr8-intercept-window.patch new file mode 100644 index 00000000000..8d312364e45 --- /dev/null +++ b/queue-3.4/kvm-svm-fix-cr8-intercept-window.patch @@ -0,0 +1,52 @@ +From 596f3142d2b7be307a1652d59e7b93adab918437 Mon Sep 17 00:00:00 2001 +From: Radim Krčmář +Date: Tue, 11 Mar 2014 19:11:18 +0100 +Subject: KVM: SVM: fix cr8 intercept window +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Radim Krčmář + +commit 596f3142d2b7be307a1652d59e7b93adab918437 upstream. + +We always disable cr8 intercept in its handler, but only re-enable it +if handling KVM_REQ_EVENT, so there can be a window where we do not +intercept cr8 writes, which allows an interrupt to disrupt a higher +priority task. + +Fix this by disabling intercepts in the same function that re-enables +them when needed. This fixes BSOD in Windows 2008. + +Signed-off-by: Radim Krčmář +Reviewed-by: Marcelo Tosatti +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/svm.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/arch/x86/kvm/svm.c ++++ b/arch/x86/kvm/svm.c +@@ -3007,10 +3007,8 @@ static int cr8_write_interception(struct + u8 cr8_prev = kvm_get_cr8(&svm->vcpu); + /* instruction emulation calls kvm_set_cr8() */ + r = cr_interception(svm); +- if (irqchip_in_kernel(svm->vcpu.kvm)) { +- clr_cr_intercept(svm, INTERCEPT_CR8_WRITE); ++ if (irqchip_in_kernel(svm->vcpu.kvm)) + return r; +- } + if (cr8_prev <= kvm_get_cr8(&svm->vcpu)) + return r; + kvm_run->exit_reason = KVM_EXIT_SET_TPR; +@@ -3566,6 +3564,8 @@ static void update_cr8_intercept(struct + if (is_guest_mode(vcpu) && (vcpu->arch.hflags & HF_VINTR_MASK)) + return; + ++ clr_cr_intercept(svm, INTERCEPT_CR8_WRITE); ++ + if (irr == -1) + return; + diff --git a/queue-3.4/series b/queue-3.4/series index f7b5237324e..4b4e94df705 100644 --- a/queue-3.4/series +++ b/queue-3.4/series @@ -23,3 +23,6 @@ libata-add-ata_horkage_broken_fpdma_aa-quirk-for-seagate-momentus-spinpoint-m8-2 nfs-fix-a-delegation-callback-race.patch fs-proc-base.c-fix-gpf-in-proc-pid-map_files.patch drm-radeon-atom-select-the-proper-number-of-lanes-in.patch +kvm-svm-fix-cr8-intercept-window.patch +vmxnet3-fix-netpoll-race-condition.patch +vmxnet3-fix-building-without-config_pci_msi.patch diff --git a/queue-3.4/vmxnet3-fix-building-without-config_pci_msi.patch b/queue-3.4/vmxnet3-fix-building-without-config_pci_msi.patch new file mode 100644 index 00000000000..b7c344254ba --- /dev/null +++ b/queue-3.4/vmxnet3-fix-building-without-config_pci_msi.patch @@ -0,0 +1,51 @@ +From 0a8d8c446b5429d15ff2d48f46e00d8a08552303 Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Thu, 13 Mar 2014 10:44:34 +0100 +Subject: vmxnet3: fix building without CONFIG_PCI_MSI + +From: Arnd Bergmann + +commit 0a8d8c446b5429d15ff2d48f46e00d8a08552303 upstream. + +Since commit d25f06ea466e "vmxnet3: fix netpoll race condition", +the vmxnet3 driver fails to build when CONFIG_PCI_MSI is disabled, +because it unconditionally references the vmxnet3_msix_rx() +function. + +To fix this, use the same #ifdef in the caller that exists around +the function definition. + +Signed-off-by: Arnd Bergmann +Cc: Neil Horman +Cc: Shreyas Bhatewara +Cc: "VMware, Inc." +Cc: "David S. Miller" +Acked-by: Neil Horman +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/vmxnet3/vmxnet3_drv.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/drivers/net/vmxnet3/vmxnet3_drv.c ++++ b/drivers/net/vmxnet3/vmxnet3_drv.c +@@ -1728,13 +1728,16 @@ static void + vmxnet3_netpoll(struct net_device *netdev) + { + struct vmxnet3_adapter *adapter = netdev_priv(netdev); +- int i; + + switch (adapter->intr.type) { +- case VMXNET3_IT_MSIX: ++#ifdef CONFIG_PCI_MSI ++ case VMXNET3_IT_MSIX: { ++ int i; + for (i = 0; i < adapter->num_rx_queues; i++) + vmxnet3_msix_rx(0, &adapter->rx_queue[i]); + break; ++ } ++#endif + case VMXNET3_IT_MSI: + default: + vmxnet3_intr(0, adapter->netdev); diff --git a/queue-3.4/vmxnet3-fix-netpoll-race-condition.patch b/queue-3.4/vmxnet3-fix-netpoll-race-condition.patch new file mode 100644 index 00000000000..ff67630d24f --- /dev/null +++ b/queue-3.4/vmxnet3-fix-netpoll-race-condition.patch @@ -0,0 +1,78 @@ +From d25f06ea466ea521b563b76661180b4e44714ae6 Mon Sep 17 00:00:00 2001 +From: Neil Horman +Date: Mon, 10 Mar 2014 06:55:55 -0400 +Subject: vmxnet3: fix netpoll race condition + +From: Neil Horman + +commit d25f06ea466ea521b563b76661180b4e44714ae6 upstream. + +vmxnet3's netpoll driver is incorrectly coded. It directly calls +vmxnet3_do_poll, which is the driver internal napi poll routine. As the netpoll +controller method doesn't block real napi polls in any way, there is a potential +for race conditions in which the netpoll controller method and the napi poll +method run concurrently. The result is data corruption causing panics such as this +one recently observed: +PID: 1371 TASK: ffff88023762caa0 CPU: 1 COMMAND: "rs:main Q:Reg" + #0 [ffff88023abd5780] machine_kexec at ffffffff81038f3b + #1 [ffff88023abd57e0] crash_kexec at ffffffff810c5d92 + #2 [ffff88023abd58b0] oops_end at ffffffff8152b570 + #3 [ffff88023abd58e0] die at ffffffff81010e0b + #4 [ffff88023abd5910] do_trap at ffffffff8152add4 + #5 [ffff88023abd5970] do_invalid_op at ffffffff8100cf95 + #6 [ffff88023abd5a10] invalid_op at ffffffff8100bf9b + [exception RIP: vmxnet3_rq_rx_complete+1968] + RIP: ffffffffa00f1e80 RSP: ffff88023abd5ac8 RFLAGS: 00010086 + RAX: 0000000000000000 RBX: ffff88023b5dcee0 RCX: 00000000000000c0 + RDX: 0000000000000000 RSI: 00000000000005f2 RDI: ffff88023b5dcee0 + RBP: ffff88023abd5b48 R8: 0000000000000000 R9: ffff88023a3b6048 + R10: 0000000000000000 R11: 0000000000000002 R12: ffff8802398d4cd8 + R13: ffff88023af35140 R14: ffff88023b60c890 R15: 0000000000000000 + ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 + #7 [ffff88023abd5b50] vmxnet3_do_poll at ffffffffa00f204a [vmxnet3] + #8 [ffff88023abd5b80] vmxnet3_netpoll at ffffffffa00f209c [vmxnet3] + #9 [ffff88023abd5ba0] netpoll_poll_dev at ffffffff81472bb7 + +The fix is to do as other drivers do, and have the poll controller call the top +half interrupt handler, which schedules a napi poll properly to recieve frames + +Tested by myself, successfully. + +Signed-off-by: Neil Horman +CC: Shreyas Bhatewara +CC: "VMware, Inc." +CC: "David S. Miller" +Reviewed-by: Shreyas N Bhatewara +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/vmxnet3/vmxnet3_drv.c | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +--- a/drivers/net/vmxnet3/vmxnet3_drv.c ++++ b/drivers/net/vmxnet3/vmxnet3_drv.c +@@ -1728,12 +1728,18 @@ static void + vmxnet3_netpoll(struct net_device *netdev) + { + struct vmxnet3_adapter *adapter = netdev_priv(netdev); ++ int i; + +- if (adapter->intr.mask_mode == VMXNET3_IMM_ACTIVE) +- vmxnet3_disable_all_intrs(adapter); +- +- vmxnet3_do_poll(adapter, adapter->rx_queue[0].rx_ring[0].size); +- vmxnet3_enable_all_intrs(adapter); ++ switch (adapter->intr.type) { ++ case VMXNET3_IT_MSIX: ++ for (i = 0; i < adapter->num_rx_queues; i++) ++ vmxnet3_msix_rx(0, &adapter->rx_queue[i]); ++ break; ++ case VMXNET3_IT_MSI: ++ default: ++ vmxnet3_intr(0, adapter->netdev); ++ break; ++ } + + } + #endif /* CONFIG_NET_POLL_CONTROLLER */