1. 13 Aug, 2016 2 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 329f4152
      Linus Torvalds authored
      Pull KVM fixes from Radim Krčmář:
       "KVM:
         - lock kvm_device list to prevent corruption on device creation.
      
        PPC:
         - split debugfs initialization from creation of the xics device to
           unlock the newly taken kvm lock earlier.
      
        s390:
         - prevent userspace from triggering two WARN_ON_ONCE.
      
        MIPS:
         - fix several issues in the management of TLB faults (Cc: stable)"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        MIPS: KVM: Propagate kseg0/mapped tlb fault errors
        MIPS: KVM: Fix gfn range check in kseg0 tlb faults
        MIPS: KVM: Add missing gfn range check
        MIPS: KVM: Fix mapped fault broken commpage handling
        KVM: Protect device ops->create and list_add with kvm->lock
        KVM: PPC: Move xics_debugfs_init out of create
        KVM: s390: reset KVM_REQ_MMU_RELOAD if mapping the prefix failed
        KVM: s390: set the prefix initially properly
      329f4152
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · a1e21033
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - an NVMe fix from Gabriel, fixing a suspend/resume issue on some
         setups
      
       - addition of a few missing entries in the block queue sysfs
         documentation, from Joe
      
       - a fix for a sparse shadow warning for the bvec iterator, from
         Johannes
      
       - a writeback deadlock involving raid issuing barriers, and not
         flushing the plug when we wakeup the flusher threads.  From
         Konstantin
      
       - a set of patches for the NVMe target/loop/rdma code, from Roland and
         Sagi
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        bvec: avoid variable shadowing warning
        doc: update block/queue-sysfs.txt entries
        nvme: Suspend all queues before deletion
        mm, writeback: flush plugged IO in wakeup_flusher_threads()
        nvme-rdma: Remove unused includes
        nvme-rdma: start async event handler after reconnecting to a controller
        nvmet: Fix controller serial number inconsistency
        nvmet-rdma: Don't use the inline buffer in order to avoid allocation for small reads
        nvmet-rdma: Correctly handle RDMA device hot removal
        nvme-rdma: Make sure to shutdown the controller if we can
        nvme-loop: Remove duplicate call to nvme_remove_namespaces
        nvme-rdma: Free the I/O tags when we delete the controller
        nvme-rdma: Remove duplicate call to nvme_remove_namespaces
        nvme-rdma: Fix device removal handling
        nvme-rdma: Queue ns scanning after a sucessful reconnection
        nvme-rdma: Don't leak uninitialized memory in connect request private data
      a1e21033
  2. 12 Aug, 2016 29 commits
    • Linus Torvalds's avatar
      Merge tag 'vfio-v4.8-rc2' of git://github.com/awilliam/linux-vfio · f31494bd
      Linus Torvalds authored
      Pull VFIO fix from Alex Williamson:
       "Fix oops when dereferencing empty data (Alex Williamson)"
      
      * tag 'vfio-v4.8-rc2' of git://github.com/awilliam/linux-vfio:
        vfio/pci: Fix NULL pointer oops in error interrupt setup handling
      f31494bd
    • Linus Torvalds's avatar
      Merge tag 'nfsd-4.8-1' of git://linux-nfs.org/~bfields/linux · b112324c
      Linus Torvalds authored
      Pull nfsd fixes from Bruce Fields:
       "Fixes for the dentry refcounting leak I introduced in 4.8-rc1, and for
        races in the LOCK code which appear to go back to the big nfsd state
        lock removal from 3.17"
      
      * tag 'nfsd-4.8-1' of git://linux-nfs.org/~bfields/linux:
        nfsd: don't return an unhashed lock stateid after taking mutex
        nfsd: Fix race between FREE_STATEID and LOCK
        nfsd: fix dentry refcounting on create
      b112324c
    • Linus Torvalds's avatar
      Merge tag 'pm-4.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 9710cb66
      Linus Torvalds authored
      Pull power management fixes from Rafael Wysocki:
       "Two hibernation fixes allowing it to work with the recently added
        randomization of the kernel identity mapping base on x86-64 and one
        cpufreq driver regression fix.
      
        Specifics:
      
         - Fix the x86 identity mapping creation helpers to avoid the
           assumption that the base address of the mapping will always be
           aligned at the PGD level, as it may be aligned at the PUD level if
           address space randomization is enabled (Rafael Wysocki).
      
         - Fix the hibernation core to avoid executing tracing functions
           before restoring the processor state completely during resume
           (Thomas Garnier).
      
         - Fix a recently introduced regression in the powernv cpufreq driver
           that causes it to crash due to an out-of-bounds array access
           (Akshay Adiga)"
      
      * tag 'pm-4.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        PM / hibernate: Restore processor state before using per-CPU variables
        x86/power/64: Always create temporary identity mapping correctly
        cpufreq: powernv: Fix crash in gpstate_timer_handler()
      9710cb66
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 01ea4439
      Linus Torvalds authored
      Pull x86 fixes from Ingo Molnar:
       "This is bigger than usual - the reason is partly a pent-up stream of
        fixes after the merge window and partly accidental.  The fixes are:
      
         - five patches to fix a boot failure on Andy Lutomirsky's laptop
         - four SGI UV platform fixes
         - KASAN fix
         - warning fix
         - documentation update
         - swap entry definition fix
         - pkeys fix
         - irq stats fix"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/apic/x2apic, smp/hotplug: Don't use before alloc in x2apic_cluster_probe()
        x86/efi: Allocate a trampoline if needed in efi_free_boot_services()
        x86/boot: Rework reserve_real_mode() to allow multiple tries
        x86/boot: Defer setup_real_mode() to early_initcall time
        x86/boot: Synchronize trampoline_cr4_features and mmu_cr4_features directly
        x86/boot: Run reserve_bios_regions() after we initialize the memory map
        x86/irq: Do not substract irq_tlb_count from irq_call_count
        x86/mm: Fix swap entry comment and macro
        x86/mm/kaslr: Fix -Wformat-security warning
        x86/mm/pkeys: Fix compact mode by removing protection keys' XSAVE buffer manipulation
        x86/build: Reduce the W=1 warnings noise when compiling x86 syscall tables
        x86/platform/UV: Fix kernel panic running RHEL kdump kernel on UV systems
        x86/platform/UV: Fix problem with UV4 BIOS providing incorrect PXM values
        x86/platform/UV: Fix bug with iounmap() of the UV4 EFI System Table causing a crash
        x86/platform/UV: Fix problem with UV4 Socket IDs not being contiguous
        x86/entry: Clarify the RF saving/restoring situation with SYSCALL/SYSRET
        x86/mm: Disable preemption during CR3 read+write
        x86/mm/KASLR: Increase BRK pages for KASLR memory randomization
        x86/mm/KASLR: Fix physical memory calculation on KASLR memory randomization
        x86, kasan, ftrace: Put APIC interrupt handlers into .irqentry.text
      01ea4439
    • Linus Torvalds's avatar
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 3bc6d8c1
      Linus Torvalds authored
      Pull timer fixes from Ingo Molnar:
       "Misc fixes: a /dev/rtc regression fix, two APIC timer period
        calibration fixes, an ARM clocksource driver fix and a NOHZ
        power use regression fix"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/hpet: Fix /dev/rtc breakage caused by RTC cleanup
        x86/timers/apic: Inform TSC deadline clockevent device about recalibration
        x86/timers/apic: Fix imprecise timer interrupts by eliminating TSC clockevents frequency roundoff error
        timers: Fix get_next_timer_interrupt() computation
        clocksource/arm_arch_timer: Force per-CPU interrupt to be level-triggered
      3bc6d8c1
    • Rafael J. Wysocki's avatar
      Merge branches 'pm-sleep' and 'pm-cpufreq' · 0aeeb3e7
      Rafael J. Wysocki authored
      * pm-sleep:
        PM / hibernate: Restore processor state before using per-CPU variables
        x86/power/64: Always create temporary identity mapping correctly
      
      * pm-cpufreq:
        cpufreq: powernv: Fix crash in gpstate_timer_handler()
      0aeeb3e7
    • Linus Torvalds's avatar
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · e6e7214f
      Linus Torvalds authored
      Pull scheduler fixes from Ingo Molnar:
       "Misc fixes: cputime fixes, two deadline scheduler fixes and a cgroups
        scheduling fix"
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/cputime: Fix omitted ticks passed in parameter
        sched/cputime: Fix steal time accounting
        sched/deadline: Fix lock pinning warning during CPU hotplug
        sched/cputime: Mitigate performance regression in times()/clock_gettime()
        sched/fair: Fix typo in sync_throttle()
        sched/deadline: Fix wrap-around in DL heap
      e6e7214f
    • Thomas Garnier's avatar
      PM / hibernate: Restore processor state before using per-CPU variables · 62822e2e
      Thomas Garnier authored
      Restore the processor state before calling any other functions to
      ensure per-CPU variables can be used with KASLR memory randomization.
      
      Tracing functions use per-CPU variables (GS based on x86) and one was
      called just before restoring the processor state fully. It resulted
      in a double fault when both the tracing & the exception handler
      functions tried to use a per-CPU variable.
      
      Fixes: bb3632c6 (PM / sleep: trace events for suspend/resume)
      Reported-and-tested-by: default avatarBorislav Petkov <bp@suse.de>
      Reported-by: default avatarJiri Kosina <jikos@kernel.org>
      Tested-by: default avatarRafael J. Wysocki <rafael@kernel.org>
      Tested-by: default avatarJiri Kosina <jkosina@suse.cz>
      Signed-off-by: default avatarThomas Garnier <thgarnie@google.com>
      Acked-by: default avatarPavel Machek <pavel@ucw.cz>
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      62822e2e
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · ad83242a
      Linus Torvalds authored
      Pull perf fixes from Ingo Molnar:
       "Mostly tooling fixes, plus two uncore-PMU fixes, an uprobes fix, a
        perf-cgroups fix and an AUX events fix"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/x86/intel/uncore: Add enable_box for client MSR uncore
        perf/x86/intel/uncore: Fix uncore num_counters
        uprobes/x86: Fix RIP-relative handling of EVEX-encoded instructions
        perf/core: Set cgroup in CPU contexts for new cgroup events
        perf/core: Fix sideband list-iteration vs. event ordering NULL pointer deference crash
        perf probe ppc64le: Fix probe location when using DWARF
        perf probe: Add function to post process kernel trace events
        tools: Sync cpufeatures headers with the kernel
        toops: Sync tools/include/uapi/linux/bpf.h with the kernel
        tools: Sync cpufeatures.h and vmx.h with the kernel
        perf probe: Support signedness casting
        perf stat: Avoid skew when reading events
        perf probe: Fix module name matching
        perf probe: Adjust map->reloc offset when finding kernel symbol from map
        perf hists: Trim libtraceevent trace_seq buffers
        perf script: Add 'bpf-output' field to usage message
      ad83242a
    • Jeff Layton's avatar
      nfsd: don't return an unhashed lock stateid after taking mutex · dd257933
      Jeff Layton authored
      nfsd4_lock will take the st_mutex before working with the stateid it
      gets, but between the time when we drop the cl_lock and take the mutex,
      the stateid could become unhashed (a'la FREE_STATEID). If that happens
      the lock stateid returned to the client will be forgotten.
      
      Fix this by first moving the st_mutex acquisition into
      lookup_or_create_lock_state. Then, have it check to see if the lock
      stateid is still hashed after taking the mutex. If it's not, then put
      the stateid and try the find/create again.
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Tested-by: default avatarAlexey Kodanev <alexey.kodanev@oracle.com>
      Cc: stable@vger.kernel.org # feb9dad5 nfsd: Always lock state exclusively.
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      dd257933
    • Linus Torvalds's avatar
      Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 1f8083c6
      Linus Torvalds authored
      Pull locking fixes from Ingo Molnar:
       "Misc fixes: lockstat fix, futex fix on !MMU systems, big endian fix
        for qrwlocks and a race fix for pvqspinlocks"
      
      * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        locking/pvqspinlock: Fix a bug in qstat_read()
        locking/pvqspinlock: Fix double hash race
        locking/qrwlock: Fix write unlock bug on big endian systems
        futex: Assume all mappings are private on !MMU systems
      1f8083c6
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 25db6918
      Linus Torvalds authored
      Pull irq fix from Ingo Molnar:
       "A fix for an MSI regression"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        genirq/msi: Make sure PCI MSIs are activated early
      25db6918
    • Linus Torvalds's avatar
      Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 0e1117b2
      Linus Torvalds authored
      Pull EFI fixes from Ingo Molnar:
       "A fix for EFI capsules and an SGI UV platform fix"
      
      * 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        efi/capsule: Allocate whole capsule into virtual memory
        x86/platform/uv: Skip UV runtime services mapping in the efi_runtime_disabled case
      0e1117b2
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-4.8-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 99091700
      Linus Torvalds authored
      Pull NFS client bugfixes from Trond Myklebust:
       "Highlights include:
      
         - Stable patch from Olga to fix RPCSEC_GSS upcalls when the same user
           needs multiple different security services (e.g.  krb5i and krb5p).
      
         - Stable patch to fix a regression introduced by the use of
           SO_REUSEPORT, and that prevented the use of multiple different NFS
           versions to the same server.
      
         - TCP socket reconnection timer fixes.
      
         - Patch from Neil to disable the use of IPv6 temporary addresses"
      
      * tag 'nfs-for-4.8-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        NFSv4: Cap the transport reconnection timer at 1/2 lease period
        NFSv4: Cleanup the setting of the nfs4 lease period
        SUNRPC: Limit the reconnect backoff timer to the max RPC message timeout
        SUNRPC: Fix reconnection timeouts
        NFSv4.2: LAYOUTSTATS may return NFS4ERR_ADMIN/DELEG_REVOKED
        SUNRPC: disable the use of IPv6 temporary addresses.
        SUNRPC: allow for upcalls for same uid but different gss service
        SUNRPC: Fix up socket autodisconnect
        SUNRPC: Handle EADDRNOTAVAIL on connection failures
      99091700
    • Linus Torvalds's avatar
      Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · c239ae10
      Linus Torvalds authored
      Pull libnvdimm fixes from Dan Williams:
      
       - Fix for the nd_blk (NVDIMM Block Window Aperture) driver.
      
         A spec clarification requires the driver to mask off reserved bits in
         status register.  This is tagged for -stable back to the v4.2 kernel.
      
       - Fix for a kernel crash in the nvdimm unit tests when module loading
         is interrupted with SIGTERM.  Tagged for -stable since validation
         efforts external to Intel use the unit tests for qualifying
         backports.
      
       - Add a new 'size' sysfs attribute for the BTT (NVDIMM Block
         Translation Table) driver to make it symmetric with the other
         namespace personality drivers (PFN and DAX) that provide a size
         attribute for indicating how much namespace capacity is lost to
         metadata.
      
         The BTT change arrived at the start of the merge window and has
         appeared in a -next release.  It can technically wait for 4.9, but it
         is small, fixes asymmetry in the libnvdimm-sysfs interface, and
         something I would have squeezed into the v4.8 pull request had it
         arrived a few days earlier.
      
      * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        tools/testing/nvdimm: fix SIGTERM vs hotplug crash
        nvdimm, btt: add a size attribute for BTTs
        libnvdimm, nd_blk: mask off reserved status bits
      c239ae10
    • Linus Torvalds's avatar
      Merge tag 'sound-4.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 86fc0488
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "A regression fix of HD-audio runtime PM and two USB quirks"
      
      * tag 'sound-4.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: hda - Manage power well properly for resume
        ALSA: usb-audio: Add quirk for ELP HD USB Camera
        ALSA: usb-audio: Add a sample rate quirk for Creative Live! Cam Socialize HD (VF0610)
      86fc0488
    • Linus Torvalds's avatar
      Merge tag 'powerpc-4.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 8766dc68
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
       "Some powerpc fixes for 4.8:
      
        Misc:
         - powerpc/vdso: Fix build rules to rebuild vdsos correctly from Nicholas Piggin
         - powerpc/ptrace: Fix coredump since ptrace TM changes from Cyril Bur
         - powerpc/32: Fix csum_partial_copy_generic() from Christophe Leroy
         - cxl: Set psl_fir_cntl to production environment value from Frederic Barrat
         - powerpc/eeh: Switch to conventional PCI address output in EEH log from Guilherme G. Piccoli
         - cxl: Use fixed width predefined types in data structure. from Philippe Bergheaud
         - powerpc/vdso: Add missing include file from Guenter Roeck
         - powerpc: Fix unused function warning 'lmb_to_memblock' from Alastair D'Silva
         - powerpc/powernv/ioda: Fix TCE invalidate to work in real mode again from Alexey Kardashevskiy
         - powerpc/cell: Add missing error code in spufs_mkgang() from Dan Carpenter
         - crypto: crc32c-vpmsum - Convert to CPU feature based module autoloading from Anton Blanchard
         - powerpc/pasemi: Fix coherent_dma_mask for dma engine from Darren Stevens
      
        Benjamin Herrenschmidt:
         - powerpc/32: Fix crash during static key init
         - powerpc: Update obsolete comment in setup_32.c about early_init()
         - powerpc: Print the kernel load address at the end of prom_init()
         - powerpc/pnv/pci: Fix incorrect PE reservation attempt on some 64-bit BARs
         - powerpc/xics: Properly set Edge/Level type and enable resend
      
        Mahesh Salgaonkar:
         - powerpc/book3s: Fix MCE console messages for unrecoverable MCE.
         - powerpc/powernv: Fix MCE handler to avoid trashing CR0/CR1 registers.
         - powerpc/powernv: Move IDLE_STATE_ENTER_SEQ macro to cpuidle.h
         - powerpc/powernv: Load correct TOC pointer while waking up from winkle.
      
        Andrew Donnellan:
         - cxl: Fix sparse warnings
         - cxl: Fix NULL dereference in cxl_context_init() on PowerVM guests
      
        Michael Ellerman:
         - selftests/powerpc: Specify we expect to build with std=gnu99
         - powerpc/Makefile: Use cflags-y/aflags-y for setting endian options
         - powerpc/pci: Fix endian bug in fixed PHB numbering"
      
      * tag 'powerpc-4.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (26 commits)
        selftests/powerpc: Specify we expect to build with std=gnu99
        powerpc/vdso: Fix build rules to rebuild vdsos correctly
        powerpc/Makefile: Use cflags-y/aflags-y for setting endian options
        powerpc/32: Fix crash during static key init
        powerpc: Update obsolete comment in setup_32.c about early_init()
        powerpc: Print the kernel load address at the end of prom_init()
        powerpc/ptrace: Fix coredump since ptrace TM changes
        powerpc/32: Fix csum_partial_copy_generic()
        cxl: Set psl_fir_cntl to production environment value
        powerpc/pnv/pci: Fix incorrect PE reservation attempt on some 64-bit BARs
        powerpc/book3s: Fix MCE console messages for unrecoverable MCE.
        powerpc/pci: Fix endian bug in fixed PHB numbering
        powerpc/eeh: Switch to conventional PCI address output in EEH log
        cxl: Fix sparse warnings
        cxl: Fix NULL dereference in cxl_context_init() on PowerVM guests
        cxl: Use fixed width predefined types in data structure.
        powerpc/vdso: Add missing include file
        powerpc: Fix unused function warning 'lmb_to_memblock'
        powerpc/powernv: Fix MCE handler to avoid trashing CR0/CR1 registers.
        powerpc/powernv: Move IDLE_STATE_ENTER_SEQ macro to cpuidle.h
        ...
      8766dc68
    • Radim Krčmář's avatar
      Merge tag 'kvm-s390-master-4.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux · 89a1d43e
      Radim Krčmář authored
      KVM: s390: Fixes for 4.8 (via kvm/master)
      
      Here are two fixes found by fuzzing of the ioctl interface.
      Both cases can trigger a WARN_ON_ONCE from user space.
      89a1d43e
    • James Hogan's avatar
      MIPS: KVM: Propagate kseg0/mapped tlb fault errors · 9b731bcf
      James Hogan authored
      Propagate errors from kvm_mips_handle_kseg0_tlb_fault() and
      kvm_mips_handle_mapped_seg_tlb_fault(), usually triggering an internal
      error since they normally indicate the guest accessed bad physical
      memory or the commpage in an unexpected way.
      
      Fixes: 858dd5d4 ("KVM/MIPS32: MMU/TLB operations for the Guest.")
      Fixes: e685c689 ("KVM/MIPS32: Privileged instruction/target branch emulation.")
      Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: linux-mips@linux-mips.org
      Cc: kvm@vger.kernel.org
      Cc: <stable@vger.kernel.org> # 3.10.x-
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      9b731bcf
    • James Hogan's avatar
      MIPS: KVM: Fix gfn range check in kseg0 tlb faults · 0741f52d
      James Hogan authored
      Two consecutive gfns are loaded into host TLB, so ensure the range check
      isn't off by one if guest_pmap_npages is odd.
      
      Fixes: 858dd5d4 ("KVM/MIPS32: MMU/TLB operations for the Guest.")
      Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: linux-mips@linux-mips.org
      Cc: kvm@vger.kernel.org
      Cc: <stable@vger.kernel.org> # 3.10.x-
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      0741f52d
    • James Hogan's avatar
      MIPS: KVM: Add missing gfn range check · 8985d503
      James Hogan authored
      kvm_mips_handle_mapped_seg_tlb_fault() calculates the guest frame number
      based on the guest TLB EntryLo values, however it is not range checked
      to ensure it lies within the guest_pmap. If the physical memory the
      guest refers to is out of range then dump the guest TLB and emit an
      internal error.
      
      Fixes: 858dd5d4 ("KVM/MIPS32: MMU/TLB operations for the Guest.")
      Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: linux-mips@linux-mips.org
      Cc: kvm@vger.kernel.org
      Cc: <stable@vger.kernel.org> # 3.10.x-
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      8985d503
    • James Hogan's avatar
      MIPS: KVM: Fix mapped fault broken commpage handling · c604cffa
      James Hogan authored
      kvm_mips_handle_mapped_seg_tlb_fault() appears to map the guest page at
      virtual address 0 to PFN 0 if the guest has created its own mapping
      there. The intention is unclear, but it may have been an attempt to
      protect the zero page from being mapped to anything but the comm page in
      code paths you wouldn't expect from genuine commpage accesses (guest
      kernel mode cache instructions on that address, hitting trapping
      instructions when executing from that address with a coincidental TLB
      eviction during the KVM handling, and guest user mode accesses to that
      address).
      
      Fix this to check for mappings exactly at KVM_GUEST_COMMPAGE_ADDR (it
      may not be at address 0 since commit 42aa12e7 ("MIPS: KVM: Move
      commpage so 0x0 is unmapped")), and set the corresponding EntryLo to be
      interpreted as 0 (invalid).
      
      Fixes: 858dd5d4 ("KVM/MIPS32: MMU/TLB operations for the Guest.")
      Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: linux-mips@linux-mips.org
      Cc: kvm@vger.kernel.org
      Cc: <stable@vger.kernel.org> # 3.10.x-
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      c604cffa
    • Christoffer Dall's avatar
      KVM: Protect device ops->create and list_add with kvm->lock · a28ebea2
      Christoffer Dall authored
      KVM devices were manipulating list data structures without any form of
      synchronization, and some implementations of the create operations also
      suffered from a lack of synchronization.
      
      Now when we've split the xics create operation into create and init, we
      can hold the kvm->lock mutex while calling the create operation and when
      manipulating the devices list.
      
      The error path in the generic code gets slightly ugly because we have to
      take the mutex again and delete the device from the list, but holding
      the mutex during anon_inode_getfd or releasing/locking the mutex in the
      common non-error path seemed wrong.
      Signed-off-by: default avatarChristoffer Dall <christoffer.dall@linaro.org>
      Reviewed-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Acked-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      a28ebea2
    • Christoffer Dall's avatar
      KVM: PPC: Move xics_debugfs_init out of create · 023e9fdd
      Christoffer Dall authored
      As we are about to hold the kvm->lock during the create operation on KVM
      devices, we should move the call to xics_debugfs_init into its own
      function, since holding a mutex over extended amounts of time might not
      be a good idea.
      
      Introduce an init operation on the kvm_device_ops struct which cannot
      fail and call this, if configured, after the device has been created.
      Signed-off-by: default avatarChristoffer Dall <christoffer.dall@linaro.org>
      Reviewed-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      023e9fdd
    • Julius Niedworok's avatar
      KVM: s390: reset KVM_REQ_MMU_RELOAD if mapping the prefix failed · aca411a4
      Julius Niedworok authored
      When triggering KVM_RUN without a user memory region being mapped
      (KVM_SET_USER_MEMORY_REGION) a validity intercept occurs. This could
      happen, if the user memory region was not mapped initially or if it
      was unmapped after the vcpu is initialized. The function
      kvm_s390_handle_requests checks for the KVM_REQ_MMU_RELOAD bit. The
      check function always clears this bit. If gmap_mprotect_notify
      returns an error code, the mapping failed, but the KVM_REQ_MMU_RELOAD
      was not set anymore. So the next time kvm_s390_handle_requests is
      called, the execution would fall trough the check for
      KVM_REQ_MMU_RELOAD. The bit needs to be resetted, if
      gmap_mprotect_notify returns an error code. Resetting the bit with
      kvm_make_request(KVM_REQ_MMU_RELOAD, vcpu) fixes the bug.
      Reviewed-by: default avatarDavid Hildenbrand <dahi@linux.vnet.ibm.com>
      Signed-off-by: default avatarJulius Niedworok <jniedwor@linux.vnet.ibm.com>
      Signed-off-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      aca411a4
    • Julius Niedworok's avatar
      KVM: s390: set the prefix initially properly · 75a4615c
      Julius Niedworok authored
      When KVM_RUN is triggered on a VCPU without an initial reset, a
      validity intercept occurs.
      Setting the prefix will set the KVM_REQ_MMU_RELOAD bit initially,
      thus preventing the bug.
      Reviewed-by: default avatarDavid Hildenbrand <dahi@linux.vnet.ibm.com>
      Acked-by: default avatarCornelia Huck <cornelia.huck@de.ibm.com>
      Signed-off-by: default avatarJulius Niedworok <jniedwor@linux.vnet.ibm.com>
      Signed-off-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      75a4615c
    • Kan Liang's avatar
      perf/x86/intel/uncore: Add enable_box for client MSR uncore · 95f3be79
      Kan Liang authored
      There are bug reports about miscounting uncore counters on some
      client machines like Sandybridge, Broadwell and Skylake. It is
      very likely to be observed on idle systems.
      
      This issue is caused by a hardware issue. PERF_GLOBAL_CTL could be
      cleared after Package C7, and nothing will be count.
      The related errata (HSD 158) could be found in:
      
        www.intel.com/content/dam/www/public/us/en/documents/specification-updates/4th-gen-core-family-desktop-specification-update.pdf
      
      This patch tries to work around this issue by re-enabling PERF_GLOBAL_CTL
      in ->enable_box(). The workaround does not cover all cases. It helps for new
      events after returning from C7. But it cannot prevent C7, it will still
      miscount if a counter is already active.
      
      There is no drawback in leaving it enabled, so it does not need
      disable_box() here.
      Signed-off-by: default avatarKan Liang <kan.liang@intel.com>
      Cc: <stable@vger.kernel.org>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Vince Weaver <vincent.weaver@maine.edu>
      Link: http://lkml.kernel.org/r/1470925874-59943-1-git-send-email-kan.liang@intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      95f3be79
    • Kan Liang's avatar
      perf/x86/intel/uncore: Fix uncore num_counters · 10e9e7bd
      Kan Liang authored
      Some uncore boxes' num_counters value for Haswell server and
      Broadwell server are not correct (too large, off by one).
      
      This issue was found by comparing the code with the document. Although
      there is no bug report from users yet, accessing non-existent counters
      is dangerous and the behavior is undefined: it may cause miscounting or
      even crashes.
      
      This patch makes them consistent with the uncore document.
      Reported-by: default avatarLukasz Odzioba <lukasz.odzioba@intel.com>
      Signed-off-by: default avatarKan Liang <kan.liang@intel.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Vince Weaver <vincent.weaver@maine.edu>
      Cc: <stable@vger.kernel.org>
      Link: http://lkml.kernel.org/r/1470925820-59847-1-git-send-email-kan.liang@intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      10e9e7bd
    • Denys Vlasenko's avatar
      uprobes/x86: Fix RIP-relative handling of EVEX-encoded instructions · 68187872
      Denys Vlasenko authored
      Since instruction decoder now supports EVEX-encoded instructions, two fixes
      are needed to correctly handle them in uprobes.
      
      Extended bits for MODRM.rm field need to be sanitized just like we do it
      for VEX3, to avoid encoding wrong register for register-relative access.
      
      EVEX has _two_ extended bits: b and x. Theoretically, EVEX.x should be
      ignored by the CPU (since GPRs go only up to 15, not 31), but let's be
      paranoid here: proper encoding for register-relative access
      should have EVEX.x = 1.
      
      Secondly, we should fetch vex.vvvv for EVEX too.
      This is now super easy because instruction decoder populates
      vex_prefix.bytes[2] for all flavors of (e)vex encodings, even for VEX2.
      Signed-off-by: default avatarDenys Vlasenko <dvlasenk@redhat.com>
      Acked-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Acked-by: default avatarSrikar Dronamraju <srikar@linux.vnet.ibm.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Jim Keniston <jkenisto@us.ibm.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Vince Weaver <vincent.weaver@maine.edu>
      Cc: linux-kernel@vger.kernel.org
      Cc: <stable@vger.kernel.org> # v4.1+
      Fixes: 8a764a87 ("x86/asm/decoder: Create artificial 3rd byte for 2-byte VEX")
      Link: http://lkml.kernel.org/r/20160811154521.20469-1-dvlasenk@redhat.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      68187872
  3. 11 Aug, 2016 9 commits