1. 19 Nov, 2014 3 commits
  2. 17 Nov, 2014 11 commits
    • Ludovic Desroches's avatar
      dmaengine: at_xdmac: Add DMA_PRIVATE · fef4cbf2
      Ludovic Desroches authored
      same issue as commit 7f5ae355:
      "Without DMA_PRIVATE the driver is not able to allocate more than one channel.
      Since it uses dma_get_any_slave_channel that calls private_candidate, the
      second allocation fails at
      /* some channels are already publicly allocated */
      "
      Signed-off-by: default avatarLudovic Desroches <ludovic.desroches@atmel.com>
      Signed-off-by: default avatarVinod Koul <vinod.koul@intel.com>
      fef4cbf2
    • Ludovic Desroches's avatar
      ARM: dts: at_xdmac: fix bad value of dma-cells in documentation · 466b3cf1
      Ludovic Desroches authored
      The dma-cells value in the example was 2 instead of 1.
      Signed-off-by: default avatarLudovic Desroches <ludovic.desroches@atmel.com>
      Signed-off-by: default avatarVinod Koul <vinod.koul@intel.com>
      466b3cf1
    • Ludovic Desroches's avatar
      dmaengine: at_xdmac: fix missing spin_unlock · 87809839
      Ludovic Desroches authored
      Lock taken when entering the function but unlock missing before it
      returns.
      Signed-off-by: default avatarLudovic Desroches <ludovic.desroches@atmel.com>
      Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarVinod Koul <vinod.koul@intel.com>
      87809839
    • Cyrille Pitchen's avatar
      dmaengine: at_xdmac: fix a bug in transfer residue computation · 57819276
      Cyrille Pitchen authored
      The total size of the transfer was wrong in at_xdmac_prep_slave_sg()
      resulting in bad computation of the transfer residue by
      at_xdmac_tx_status().
      Signed-off-by: default avatarCyrille Pitchen <cyrille.pitchen@atmel.com>
      Signed-off-by: default avatarLudovic Desroches <ludovic.desroches@atmel.com>
      Signed-off-by: default avatarVinod Koul <vinod.koul@intel.com>
      57819276
    • Cyrille Pitchen's avatar
      dmaengine: at_xdmac: fix software lockup at_xdmac_tx_status() · 4e097820
      Cyrille Pitchen authored
      According to the Atmel eXtended DMA controller datasheet, requesting a
      DMA transfer flush for a channel is only revelant when this transfer is
      source peripheral synchronized.
      
      So we have to check this condition before requesting a channel flush by
      writing the channel bit into the Global channel SoftWare Flush (GSWF)
      register then waiting for flush to complete by monitoring the end of
      Flush Interrupt Status (FIS) bit in the Channel Interrupt Status (CIS)
      register.
      
      Indeed, for non source peripheral synchronized transfer, writing the
      channel bit into the GSWF register does nothing. Especially, the FIS bit
      is never set into the CIS register. The former code looped forever
      waiting for this bit to be set.
      Signed-off-by: default avatarCyrille Pitchen <cyrille.pitchen@atmel.com>
      Signed-off-by: default avatarLudovic Desroches <ludovic.desroches@atmel.com>
      Signed-off-by: default avatarVinod Koul <vinod.koul@intel.com>
      4e097820
    • Ludovic Desroches's avatar
      dmaengine: at_xdmac: remove chancnt affectation · 77e6c9bf
      Ludovic Desroches authored
      Remove chancnt affectation since it is done in dma_async_device_regiser.
      Signed-off-by: default avatarLudovic Desroches <ludovic.desroches@atmel.com>
      Signed-off-by: default avatarVinod Koul <vinod.koul@intel.com>
      77e6c9bf
    • Ludovic Desroches's avatar
      dmaengine: at_xdmac: prefer usage of readl/writel_relaxed · 6e5ae29b
      Ludovic Desroches authored
      _relaxed version of readl and writel are not implemented on all
      architecture so COMPILE_TEST has to be removed in order to not cause
      some build failures.
      Signed-off-by: default avatarLudovic Desroches <ludovic.desroches@atmel.com>
      Signed-off-by: default avatarVinod Koul <vinod.koul@intel.com>
      6e5ae29b
    • Vinod Koul's avatar
      dmaengine: xdmac: fix print warning on dma_addr_t variable · 82e24246
      Vinod Koul authored
      As documented in printk-formats.txt the dma_addr_t should be printed with
      %pad specfiers. This way it works on all archs.
      
       make.cross ARCH=s390
      
      All warnings:
      
         drivers/dma/at_xdmac.c: In function 'at_xdmac_prep_slave_sg':
      >> drivers/dma/at_xdmac.c:621:3: warning: format '%x' expects argument of type 'unsigned int', but argument 5 has type 'dma_addr_t' [-Wformat=]
            dev_dbg(chan2dev(chan),
            ^
      >> drivers/dma/at_xdmac.c:621:3: warning: format '%x' expects argument of type 'unsigned int', but argument 6 has type 'dma_addr_t' [-Wformat=]
      >> drivers/dma/at_xdmac.c:628:4: warning: format '%x' expects argument of type 'unsigned int', but argument 6 has type 'dma_addr_t' [-Wformat=]
             dev_dbg(chan2dev(chan),
             ^
         drivers/dma/at_xdmac.c: In function 'at_xdmac_prep_dma_cyclic':
      >> drivers/dma/at_xdmac.c:663:2: warning: format '%x' expects argument of type 'unsigned int', but argument 5 has type 'dma_addr_t' [-Wformat=]
           dev_dbg(chan2dev(chan), "%s: buf_addr=0x%08x, buf_len=%d, period_len=%d, dir=%s, flags=0x%lx\n",
           ^
      >> drivers/dma/at_xdmac.c:690:3: warning: format '%x' expects argument of type 'unsigned int', but argument 6 has type 'dma_addr_t' [-Wformat=]
            dev_dbg(chan2dev(chan),
            ^
      >> drivers/dma/at_xdmac.c:709:3: warning: format '%x' expects argument of type 'unsigned int', but argument 5 has type 'dma_addr_t' [-Wformat=]
            dev_dbg(chan2dev(chan),
            ^
      >> drivers/dma/at_xdmac.c:709:3: warning: format '%x' expects argument of type 'unsigned int', but argument 6 has type 'dma_addr_t' [-Wformat=]
      >> drivers/dma/at_xdmac.c:716:4: warning: format '%x' expects argument of type 'unsigned int', but argument 6 has type 'dma_addr_t' [-Wformat=]
             dev_dbg(chan2dev(chan),
      
      >> drivers/dma/at_xdmac.c:731:2: warning: format '%x' expects argument of type 'unsigned int', but argument 6 has type 'dma_addr_t' [-Wformat=]
           dev_dbg(chan2dev(chan),
           ^
         drivers/dma/at_xdmac.c: In function 'at_xdmac_prep_dma_memcpy':
      >> drivers/dma/at_xdmac.c:765:2: warning: format '%x' expects argument of type 'unsigned int', but argument 5 has type 'dma_addr_t' [-Wformat=]
           dev_dbg(chan2dev(chan), "%s: src=0x%08x, dest=0x%08x, len=%d, flags=0x%lx\n",
           ^
      >> drivers/dma/at_xdmac.c:765:2: warning: format '%x' expects argument of type 'unsigned int', but argument 6 has type 'dma_addr_t' [-Wformat=]
            dev_dbg(chan2dev(chan), "%s: remaining_size=%u\n", __func__, remaining_size);
                                    ^
      >> drivers/dma/at_xdmac.c:845:3: warning: format '%x' expects argument of type 'unsigned int', but argument 5 has type 'dma_addr_t' [-Wformat=]
            dev_dbg(chan2dev(chan),
            ^
      >> drivers/dma/at_xdmac.c:845:3: warning: format '%x' expects argument of type 'unsigned int', but argument 6 has type 'dma_addr_t' [-Wformat=]
      >> drivers/dma/at_xdmac.c:852:4: warning: format '%x' expects argument of type 'unsigned int', but argument 6 has type 'dma_addr_t' [-Wformat=]
             dev_dbg(chan2dev(chan),
             ^
         drivers/dma/at_xdmac.c: In function 'at_xdmac_tx_status':
      >> drivers/dma/at_xdmac.c:929:2: warning: format '%x' expects argument of type 'unsigned int', but argument 6 has type 'dma_addr_t' [-Wformat=]
           dev_dbg(chan2dev(chan),
      Reported-by: default avatarkbuild test robot <fengguang.wu@intel.com>
      Signed-off-by: default avatarVinod Koul <vinod.koul@intel.com>
      82e24246
    • Vinod Koul's avatar
      dmaengine: xdmac: fix print warning on size_t variable · c66ec04e
      Vinod Koul authored
      As documented in printk-formats.txt the size_t should be printed with
      %zu/%zd specfiers. This way it works on all archs.
      
      make.cross ARCH=avr32
      
      All warnings:
      
         drivers/dma/at_xdmac.c: In function 'at_xdmac_prep_dma_cyclic':
      >> drivers/dma/at_xdmac.c:663: warning: format '%d' expects type 'int', but argument 6 has type 'size_t'
      >> drivers/dma/at_xdmac.c:663: warning: format '%d' expects type 'int', but argument 7 has type 'size_t'
         drivers/dma/at_xdmac.c: In function 'at_xdmac_prep_dma_memcpy':
      >> drivers/dma/at_xdmac.c:765: warning: format '%d' expects type 'int', but argument 7 has type 'size_t'
      >> drivers/dma/at_xdmac.c:794: warning: format '%u' expects type 'unsigned int', but argument 5 has type 'size_t'
      >> drivers/dma/at_xdmac.c:815: warning: format '%u' expects type 'unsigned int', but argument 5 has type 'size_t'
      Reported-by: default avatarkbuild test robot <fengguang.wu@intel.com>
      Signed-off-by: default avatarVinod Koul <vinod.koul@intel.com>
      c66ec04e
    • Vinod Koul's avatar
      dmaengine: at_xdmac: fix usage of read, write wrappers · 2abd4198
      Vinod Koul authored
      This driver uses read_relaxed and writel_relaxed to read, write to IO
      memory. the config defines COMPILE_TEST so gets compiled on different archs.
      This causes issue as few archs like x86 etc don't define it.
      So use readl/writel which is defined in all archs
      Reported-by: default avatarkbuild test robot <fengguang.wu@intel.com>
      Signed-off-by: default avatarVinod Koul <vinod.koul@intel.com>
      2abd4198
    • kbuild test robot's avatar
      dmaengine: at_xdmac: fix semicolon.cocci warnings · 5ac7d582
      kbuild test robot authored
      drivers/dma/at_xdmac.c:702:3-4: Unneeded semicolon
      
       Removes unneeded semicolon.
      
      Generated by: scripts/coccinelle/misc/semicolon.cocci
      Signed-off-by: default avatarFengguang Wu <fengguang.wu@intel.com>
      Signed-off-by: default avatarVinod Koul <vinod.koul@intel.com>
      5ac7d582
  3. 06 Nov, 2014 3 commits
  4. 03 Nov, 2014 4 commits
  5. 02 Nov, 2014 19 commits
    • Linus Torvalds's avatar
      Linux 3.18-rc3 · 0df1f248
      Linus Torvalds authored
      0df1f248
    • Linus Torvalds's avatar
      Merge tag 'for-linus-20141102' of git://git.infradead.org/linux-mtd · 81d92dc1
      Linus Torvalds authored
      Pull MTD fixes from Brian Norris:
       "Three main MTD fixes for 3.18:
      
         - A regression from 3.16 which was noticed in 3.17.  With the
           restructuring of the m25p80.c driver and the SPI NOR library
           framework, we omitted proper listing of the SPI device IDs.  This
           means m25p80.c wouldn't auto-load (modprobe) properly when built as
           a module.  For now, we duplicate the device IDs into both modules.
      
         - The OMAP / ELM modules were depending on an implicit link ordering.
           Use deferred probing so that the new link order (in 3.18-rc) can
           still allow for successful probing.
      
         - Fix suspend/resume support for LH28F640BF NOR flash"
      
      * tag 'for-linus-20141102' of git://git.infradead.org/linux-mtd:
        mtd: cfi_cmdset_0001.c: fix resume for LH28F640BF chips
        mtd: omap: fix mtd devices not showing up
        mtd: m25p80,spi-nor: Fix module aliases for m25p80
        mtd: spi-nor: make spi_nor_scan() take a chip type name, not spi_device_id
        mtd: m25p80: get rid of spi_get_device_id
      81d92dc1
    • Linus Torvalds's avatar
      Merge tag 'scsi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · ad2be379
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "This is a set of six patches consisting of:
         - two MAINTAINER updates
         - two scsi-mq fixs for the old parallel interface (not every request
           is tagged and we need to set the right flags to populate the SPI
           tag message)
         - a fix for a memory leak in scatterlist traversal caused by a
           preallocation update in 3.17
         - an ipv6 fix for cxgbi"
      
      [ The scatterlist fix also came in separately through the block layer tree ]
      
      * tag 'scsi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        MAINTAINERS: ufs - remove self
        MAINTAINERS: change hpsa and cciss maintainer
        libcxgbi : support ipv6 address host_param
        scsi: set REQ_QUEUE for the blk-mq case
        Revert "block: all blk-mq requests are tagged"
        lib/scatterlist: fix memory leak with scsi-mq
      ad2be379
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · 12267166
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Nothing too astounding or major: radeon, i915, vmwgfx, armada and
        exynos.
      
        Biggest ones:
         - vmwgfx has one big locking regression fix
         - i915 has come displayport fixes
         - radeon has some stability and a memory alloc failure
         - armada and exynos have some vblank fixes"
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (24 commits)
        drm/exynos: correct connector->dpms field before resuming
        drm/exynos: enable vblank after DPMS on
        drm/exynos: init kms poll at the end of initialization
        drm/exynos: propagate plane initialization errors
        drm/exynos: vidi: fix build warning
        drm/exynos: remove explicit encoder/connector de-initialization
        drm/exynos: init vblank with real number of crtcs
        drm/vmwgfx: Filter out modes those cannot be supported by the current VRAM size.
        drm/vmwgfx: Fix hash key computation
        drm/vmwgfx: fix lock breakage
        drm/i915/dp: only use training pattern 3 on platforms that support it
        drm/radeon: remove some buggy dead code
        drm/i915: Ignore VBT backlight check on Macbook 2, 1
        drm/radeon: remove invalid pci id
        drm/radeon: dpm fixes for asrock systems
        radeon: clean up coding style differences in radeon_get_bios()
        drm/radeon: Use drm_malloc_ab instead of kmalloc_array
        drm/radeon/dpm: disable ulv support on SI
        drm/i915: Fix GMBUSFREQ on vlv/chv
        drm/i915: Ignore long hpds on eDP ports
        ...
      12267166
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm · 3c43de0f
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
       - add the new bpf syscall to ARM.
       - drop a redundant return statement in __iommu_alloc_remap()
       - fix a performance issue noticed by Thomas Petazzoni with
         kmap_atomic().
       - fix an issue with the L2 cache OF parsing code which caused it to
         incorrectly print warnings on each boot, and make the warning text
         more consistent with the rest of the code
      
      * 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
        ARM: 8180/1: mm: implement no-highmem fast path in kmap_atomic_pfn()
        ARM: 8183/1: l2c: Improve l2c310_of_parse() error message
        ARM: 8181/1: Drop extra return statement
        ARM: 8182/1: l2c: Make l2x0_cache_size_of_parse() return 'int'
        ARM: enable bpf syscall
      3c43de0f
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 7501a533
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "A small set of x86 fixes.  The most serious is an SRCU lockdep fix.
      
        A bit late - needed some time to test the SRCU fix, which only came in
        on Friday"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: vmx: defer load of APIC access page address during reset
        KVM: nVMX: Disable preemption while reading from shadow VMCS
        KVM: x86: Fix far-jump to non-canonical check
        KVM: emulator: fix execution close to the segment limit
        KVM: emulator: fix error code for __linearize
      7501a533
    • Dave Airlie's avatar
      Merge branch 'exynos-drm-fixes' of... · 66338fee
      Dave Airlie authored
      Merge branch 'exynos-drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes
      
      This pull-request includes some bug fixes and code cleanups.
      Especially, this fixes the bind failure issue occurred when it tries
      to re-bind Exynos drm driver after unbound, and the modetest failure
      issue incurred by not having a pair to vblank on and off requests.
      
      * 'exynos-drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos:
        drm/exynos: correct connector->dpms field before resuming
        drm/exynos: enable vblank after DPMS on
        drm/exynos: init kms poll at the end of initialization
        drm/exynos: propagate plane initialization errors
        drm/exynos: vidi: fix build warning
        drm/exynos: remove explicit encoder/connector de-initialization
        drm/exynos: init vblank with real number of crtcs
      66338fee
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 7e05b807
      Linus Torvalds authored
      Pull VFS fixes from Al Viro:
       "A bunch of assorted fixes, most of them followups to overlayfs merge"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        ovl: initialize ->is_cursor
        Return short read or 0 at end of a raw device, not EIO
        isofs: don't bother with ->d_op for normal case
        isofs_cmp(): we'll never see a dentry for . or ..
        overlayfs: fix lockdep misannotation
        ovl: fix check for cursor
        overlayfs: barriers for opening upper-layer directory
        rcu: Provide counterpart to rcu_dereference() for non-RCU situations
        staging: android: logger: Fix log corruption regression
      7e05b807
    • Linus Torvalds's avatar
      irda: stop calling sk_prot->disconnect() on connection failure · 4cb8c359
      Linus Torvalds authored
      The sk_prot is irda's own set of protocol handlers, so irda should
      statically know what that function is anyway, without using an indirect
      pointer.  And as it happens, we know *exactly* what that pointer is
      statically: it's NULL, because irda doesn't define a disconnect
      operation.
      
      So calling that function is doubly wrong, and will just cause an oops.
      Reported-by: default avatarMartin Lang <mlg.hessigheim@gmail.com>
      Cc: Samuel Ortiz <samuel@sortiz.org>
      Cc: David Miller <davem@davemloft.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4cb8c359
    • Andrzej Hajda's avatar
      drm/exynos: correct connector->dpms field before resuming · 74cfe07a
      Andrzej Hajda authored
      During system suspend after connector switch off its dpms field
      is set to connector previous dpms state. To properly resume dpms field
      should be set to its actual state (off) before resuming to previous dpms state.
      Signed-off-by: default avatarAndrzej Hajda <a.hajda@samsung.com>
      Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
      74cfe07a
    • Andrzej Hajda's avatar
      drm/exynos: enable vblank after DPMS on · d6948b2f
      Andrzej Hajda authored
      Before DPMS off driver disables vblank.
      It should be balanced by vblank enable after DPMS on.
      The patch fixes issue with page_flip ioctl not being able
      to acquire vblank counter introduced by patch:
      drm: Always reject drm_vblank_get() after drm_vblank_off()
      Signed-off-by: default avatarAndrzej Hajda <a.hajda@samsung.com>
      Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
      d6948b2f
    • Andrzej Hajda's avatar
      drm/exynos: init kms poll at the end of initialization · 3cb6830a
      Andrzej Hajda authored
      HPD events can be generated by components even if drm_dev is not fully
      initialized, to skip such events kms poll initialization should
      be performed at the end of load callback followed directly by forced
      connection detection.
      Signed-off-by: default avatarAndrzej Hajda <a.hajda@samsung.com>
      Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
      3cb6830a
    • Andrzej Hajda's avatar
      drm/exynos: propagate plane initialization errors · 64f7aed8
      Andrzej Hajda authored
      In case of error during plane initialization load callback
      incorrectly return success, this patch fixes it.
      Signed-off-by: default avatarAndrzej Hajda <a.hajda@samsung.com>
      Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
      64f7aed8
    • Inki Dae's avatar
      drm/exynos: vidi: fix build warning · 9887e2d9
      Inki Dae authored
      encoder object isn't used anymore so remove it.
      Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
      9887e2d9
    • Andrzej Hajda's avatar
      drm/exynos: remove explicit encoder/connector de-initialization · d9aaf757
      Andrzej Hajda authored
      All KMS objects are destroyed by drm_mode_config_cleanup in proper order
      so component drivers should not care about it.
      Signed-off-by: default avatarAndrzej Hajda <a.hajda@samsung.com>
      Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
      d9aaf757
    • Andrzej Hajda's avatar
      drm/exynos: init vblank with real number of crtcs · c52142e6
      Andrzej Hajda authored
      Initialization of vblank with MAX_CRTC caused attempts
      to disabling vblanks for non-existing crtcs in case
      drm used fewer crtcs. The patch fixes it.
      Signed-off-by: default avatarAndrzej Hajda <a.hajda@samsung.com>
      Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
      c52142e6
    • Paolo Bonzini's avatar
      KVM: vmx: defer load of APIC access page address during reset · a73896cb
      Paolo Bonzini authored
      Most call paths to vmx_vcpu_reset do not hold the SRCU lock.  Defer loading
      the APIC access page to the next vmentry.
      
      This avoids the following lockdep splat:
      
      [ INFO: suspicious RCU usage. ]
      3.18.0-rc2-test2+ #70 Not tainted
      -------------------------------
      include/linux/kvm_host.h:474 suspicious rcu_dereference_check() usage!
      
      other info that might help us debug this:
      
      rcu_scheduler_active = 1, debug_locks = 0
      1 lock held by qemu-system-x86/2371:
       #0:  (&vcpu->mutex){+.+...}, at: [<ffffffffa037d800>] vcpu_load+0x20/0xd0 [kvm]
      
      stack backtrace:
      CPU: 4 PID: 2371 Comm: qemu-system-x86 Not tainted 3.18.0-rc2-test2+ #70
      Hardware name: Dell Inc. OptiPlex 9010/0M9KCM, BIOS A12 01/10/2013
       0000000000000001 ffff880209983ca8 ffffffff816f514f 0000000000000000
       ffff8802099b8990 ffff880209983cd8 ffffffff810bd687 00000000000fee00
       ffff880208a2c000 ffff880208a10000 ffff88020ef50040 ffff880209983d08
      Call Trace:
       [<ffffffff816f514f>] dump_stack+0x4e/0x71
       [<ffffffff810bd687>] lockdep_rcu_suspicious+0xe7/0x120
       [<ffffffffa037d055>] gfn_to_memslot+0xd5/0xe0 [kvm]
       [<ffffffffa03807d3>] __gfn_to_pfn+0x33/0x60 [kvm]
       [<ffffffffa0380885>] gfn_to_page+0x25/0x90 [kvm]
       [<ffffffffa038aeec>] kvm_vcpu_reload_apic_access_page+0x3c/0x80 [kvm]
       [<ffffffffa08f0a9c>] vmx_vcpu_reset+0x20c/0x460 [kvm_intel]
       [<ffffffffa039ab8e>] kvm_vcpu_reset+0x15e/0x1b0 [kvm]
       [<ffffffffa039ac0c>] kvm_arch_vcpu_setup+0x2c/0x50 [kvm]
       [<ffffffffa037f7e0>] kvm_vm_ioctl+0x1d0/0x780 [kvm]
       [<ffffffff810bc664>] ? __lock_is_held+0x54/0x80
       [<ffffffff812231f0>] do_vfs_ioctl+0x300/0x520
       [<ffffffff8122ee45>] ? __fget+0x5/0x250
       [<ffffffff8122f0fa>] ? __fget_light+0x2a/0xe0
       [<ffffffff81223491>] SyS_ioctl+0x81/0xa0
       [<ffffffff816fed6d>] system_call_fastpath+0x16/0x1b
      Reported-by: default avatarTakashi Iwai <tiwai@suse.de>
      Reported-by: default avatarAlexei Starovoitov <alexei.starovoitov@gmail.com>
      Reviewed-by: default avatarWanpeng Li <wanpeng.li@linux.intel.com>
      Tested-by: default avatarWanpeng Li <wanpeng.li@linux.intel.com>
      Fixes: 38b99173Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      a73896cb
    • Jan Kiszka's avatar
      KVM: nVMX: Disable preemption while reading from shadow VMCS · 282da870
      Jan Kiszka authored
      In order to access the shadow VMCS, we need to load it. At this point,
      vmx->loaded_vmcs->vmcs and the actually loaded one start to differ. If
      we now get preempted by Linux, vmx_vcpu_put and, on return, the
      vmx_vcpu_load will work against the wrong vmcs. That can cause
      copy_shadow_to_vmcs12 to corrupt the vmcs12 state.
      
      Fix the issue by disabling preemption during the copy operation.
      copy_vmcs12_to_shadow is safe from this issue as it is executed by
      vmx_vcpu_run when preemption is already disabled before vmentry.
      
      This bug is exposed by running Jailhouse within KVM on CPUs with
      shadow VMCS support.  Jailhouse never expects an interrupt pending
      vmexit, but the bug can cause it if, after copy_shadow_to_vmcs12
      is preempted, the active VMCS happens to have the virtual interrupt
      pending flag set in the CPU-based execution controls.
      Signed-off-by: default avatarJan Kiszka <jan.kiszka@siemens.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      282da870
    • Nadav Amit's avatar
      KVM: x86: Fix far-jump to non-canonical check · 7e46dddd
      Nadav Amit authored
      Commit d1442d85 ("KVM: x86: Handle errors when RIP is set during far
      jumps") introduced a bug that caused the fix to be incomplete.  Due to
      incorrect evaluation, far jump to segment with L bit cleared (i.e., 32-bit
      segment) and RIP with any of the high bits set (i.e, RIP[63:32] != 0) set may
      not trigger #GP.  As we know, this imposes a security problem.
      
      In addition, the condition for two warnings was incorrect.
      
      Fixes: d1442d85Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarNadav Amit <namit@cs.technion.ac.il>
      [Add #ifdef CONFIG_X86_64 to avoid complaints of undefined behavior. - Paolo]
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      7e46dddd