1. 02 Mar, 2014 9 commits
  2. 01 Mar, 2014 2 commits
  3. 28 Feb, 2014 19 commits
    • Russell King's avatar
      MAINTAINERS: add maintainer entry for Armada DRM driver · 8427defd
      Russell King authored
      Add a maintainers entry for the Armada DRM driver.
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8427defd
    • Linus Torvalds's avatar
      Merge tag 'dm-3.14-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm · ebb7c197
      Linus Torvalds authored
      Pull device mapper fixes from Mike Snitzer:
       "A few dm-cache fixes, an invalid ioctl handling fix for dm multipath,
        a couple immutable biovec fixups for dm mirror, and a few dm-thin
        fixes.
      
        There will likely be additional dm-thin metadata and data resize fixes
        to include in 3.14-rc6 next week.
      
        Note to stable-minded folks: Immutable biovecs were introduced in
        3.14, so the related fixups for dm mirror are not needed in stable@
        kernels"
      
      * tag 'dm-3.14-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm cache: fix truncation bug when mapping I/O to >2TB fast device
        dm thin: allow metadata space larger than supported to go unused
        dm mpath: fix stalls when handling invalid ioctls
        dm thin: fix the error path for the thin device constructor
        dm raid1: fix immutable biovec related BUG when retrying read bio
        dm io: fix I/O to multiple destinations
        dm thin: avoid metadata commit if a pool's thin devices haven't changed
        dm cache: do not add migration to completed list before unhooking bio
        dm cache: move hook_info into common portion of per_bio_data structure
      ebb7c197
    • Linus Torvalds's avatar
      Merge tag 'sound-3.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 7aa48355
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "It's a bad habit to get a higher volume of fixes often lately, but
        things happen again.
      
        All commits found here are real bug fixes, and are mostly trivial.
        Most of changes in ASoC are the fixes for enum items due to the wrong
        API usages, in addition to a few DAPM mutex deadlock and other fixes.
        In HD-audio, only fixups for HP laptops.  Although diffstat shows
        much, the changes are simple: there are just so many different device
        entries there"
      
      * tag 'sound-3.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ASoC: sta32x: Fix wrong enum for limiter2 release rate
        ASoC: da732x: Mark DC offset control registers volatile
        ALSA: hda/realtek - Add more entry for enable HP mute led
        ALSA: hda - Add a fixup for HP Folio 13 mute LED
        ASoC: wm8958-dsp: Fix firmware block loading
        ASoC: sta32x: Fix cache sync
        ALSA: hda/realtek - Add more entry for enable HP mute led
        ASoC: dapm: Add locking to snd_soc_dapm_xxxx_pin functions
        Input - arizona-haptics: Fix double lock of dapm_mutex
        ASoC: wm8400: Fix the wrong number of enum items
        ASoC: isabelle: Fix the wrong number of items in enum ctls
        ASoC: ad1980: Fix wrong number of items for capture source
        ASoC: wm8994: Fix the wrong number of enum items
        ASoC: wm8900: Fix the wrong number of enum items
        ASoC: wm8770: Fix wrong number of enum items
        ASoC: sta32x: Fix array access overflow
        ASoC: dapm: Correct regulator bypass error messages
      7aa48355
    • Linus Torvalds's avatar
      Merge tag 'edac_fixes_for_3.14' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp · 04b52252
      Linus Torvalds authored
      Pull EDAC fixes from Borislav Petkov:
       "Two fixes below for PCI devices disappearing when a reference count
        underflow happens after a couple of insmod/rmmod cycles in succession"
      
      * tag 'edac_fixes_for_3.14' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp:
        i7300_edac: Fix device reference count
        i7core_edac: Fix PCI device reference count
      04b52252
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · d8efcf38
      Linus Torvalds authored
      Pull KVM fixes from Paolo Bonzini:
       "Three x86 fixes and one for ARM/ARM64.
      
        In particular, nested virtualization on Intel is broken in 3.13 and
        fixed by this pull request"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvm, vmx: Really fix lazy FPU on nested guest
        kvm: x86: fix emulator buffer overflow (CVE-2014-0049)
        arm/arm64: KVM: detect CPU reset on CPU_PM_EXIT
        KVM: MMU: drop read-only large sptes when creating lower level sptes
      d8efcf38
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 78d9e934
      Linus Torvalds authored
      Pull ARM64 fixes from Catalin Marinas:
       - !CONFIG_SMP build fix
       - pte bit testing macros conversion fix (int truncates top bits of
         long)
       - stack unwinding PC calculation fix
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: Fix !CONFIG_SMP kernel build
        arm64: mm: Add double logical invert to pte accessors
        ARM64: unwind: Fix PC calculation
      78d9e934
    • Linus Torvalds's avatar
      Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc · f94def76
      Linus Torvalds authored
      Pull powerpc fixes from Ben Herrenschmidt:
       "Here are a few more powerpc fixes for 3.14.
      
        Most of these are also CC'ed to stable and fix bugs in new
        functionality introduced in the last 2 or 3 versions"
      
      * 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
        powerpc/powernv: Fix indirect XSCOM unmangling
        powerpc/powernv: Fix opal_xscom_{read,write} prototype
        powerpc/powernv: Refactor PHB diag-data dump
        powerpc/powernv: Dump PHB diag-data immediately
        powerpc: Increase stack redzone for 64-bit userspace to 512 bytes
        powerpc/ftrace: bugfix for test_24bit_addr
        powerpc/crashdump : Fix page frame number check in copy_oldmem_page
        powerpc/le: Ensure that the 'stop-self' RTAS token is handled correctly
      f94def76
    • Catalin Marinas's avatar
      arm64: Fix !CONFIG_SMP kernel build · b57fc9e8
      Catalin Marinas authored
      Commit fb4a9602 (arm64: kernel: fix per-cpu offset restore on
      resume) uses per_cpu_offset() unconditionally during CPU wakeup,
      however, this is only defined for the SMP case.
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      Reported-by: default avatarDave P Martin <Dave.Martin@arm.com>
      b57fc9e8
    • Steve Capper's avatar
      arm64: mm: Add double logical invert to pte accessors · 84fe6826
      Steve Capper authored
      Page table entries on ARM64 are 64 bits, and some pte functions such as
      pte_dirty return a bitwise-and of a flag with the pte value. If the
      flag to be tested resides in the upper 32 bits of the pte, then we run
      into the danger of the result being dropped if downcast.
      
      For example:
      	gather_stats(page, md, pte_dirty(*pte), 1);
      where pte_dirty(*pte) is downcast to an int.
      
      This patch adds a double logical invert to all the pte_ accessors to
      ensure predictable downcasting.
      Signed-off-by: default avatarSteve Capper <steve.capper@linaro.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      84fe6826
    • Heinz Mauelshagen's avatar
      dm cache: fix truncation bug when mapping I/O to >2TB fast device · e0d849fa
      Heinz Mauelshagen authored
      When remapping a block to the cache's fast device that is larger than
      2TB we must not truncate the destination sector to 32bits.  The 32bit
      temporary result of from_cblock() was being overflowed in
      remap_to_cache() due to the logical left shift.
      
      Use an intermediate 64bit type to store the 32bit from_cblock() result
      to fix the overflow.
      Signed-off-by: default avatarHeinz Mauelshagen <heinzm@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      Cc: stable@vger.kernel.org
      e0d849fa
    • Jiri Olsa's avatar
      perf tools: Fix strict alias issue for find_first_bit · b39c2a57
      Jiri Olsa authored
      When compiling perf tool code with gcc 4.4.7 I'm getting
      following error:
      
          CC       util/session.o
        cc1: warnings being treated as errors
        util/session.c: In function ‘perf_session_deliver_event’:
        tools/perf/util/include/linux/bitops.h:109: error: dereferencing pointer ‘p’ does break strict-aliasing rules
        tools/perf/util/include/linux/bitops.h:101: error: dereferencing pointer ‘p’ does break strict-aliasing rules
        util/session.c:697: note: initialized from here
        tools/perf/util/include/linux/bitops.h:101: note: initialized from here
        make[1]: *** [util/session.o] Error 1
        make: *** [util/session.o] Error 2
      
      The aliased types here are u64 and unsigned long pointers, which is safe
      for the find_first_bit processing.
      
      This error shows up for me only for gcc 4.4 on 32bit x86, even for
      -Wstrict-aliasing=3, while newer gcc are quiet and scream here for
      -Wstrict-aliasing={2,1}. Looks like newer gcc changed the rules for
      strict alias warnings.
      
      The gcc documentation offers workaround for valid aliasing by using
      __may_alias__ attribute:
      
        http://gcc.gnu.org/onlinedocs/gcc-4.4.0/gcc/Type-Attributes.html
      
      Using this workaround for the find_first_bit function.
      Signed-off-by: default avatarJiri Olsa <jolsa@redhat.com>
      Cc: Corey Ashford <cjashfor@linux.vnet.ibm.com>
      Cc: David Ahern <dsahern@gmail.com>
      Cc: Frederic Weisbecker <fweisbec@gmail.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Link: http://lkml.kernel.org/r/1393434867-20271-1-git-send-email-jolsa@redhat.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      b39c2a57
    • Benjamin Herrenschmidt's avatar
      powerpc/powernv: Fix indirect XSCOM unmangling · e0cf9576
      Benjamin Herrenschmidt authored
      We need to unmangle the full address, not just the register
      number, and we also need to support the real indirect bit
      being set for in-kernel uses.
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      CC: <stable@vger.kernel.org> [v3.13]
      e0cf9576
    • Benjamin Herrenschmidt's avatar
      powerpc/powernv: Fix opal_xscom_{read,write} prototype · 2f3f38e4
      Benjamin Herrenschmidt authored
      The OPAL firmware functions opal_xscom_read and opal_xscom_write
      take a 64-bit argument for the XSCOM (PCB) address in order to
      support the indirect mode on P8.
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      CC: <stable@vger.kernel.org> [v3.13]
      2f3f38e4
    • Gavin Shan's avatar
      powerpc/powernv: Refactor PHB diag-data dump · af87d2fe
      Gavin Shan authored
      As Ben suggested, the patch prints PHB diag-data with multiple
      fields in one line and omits the line if the fields of that
      line are all zero.
      
      With the patch applied, the PHB3 diag-data dump looks like:
      
      PHB3 PHB#3 Diag-data (Version: 1)
      
        brdgCtl:     00000002
        RootSts:     0000000f 00400000 b0830008 00100147 00002000
        nFir:        0000000000000000 0030006e00000000 0000000000000000
        PhbSts:      0000001c00000000 0000000000000000
        Lem:         0000000000100000 42498e327f502eae 0000000000000000
        InAErr:      8000000000000000 8000000000000000 0402030000000000 0000000000000000
        PE[  8] A/B: 8480002b00000000 8000000000000000
      
      [ The current diag data is so big that it overflows the printk
        buffer pretty quickly in cases when we get a handful of errors
        at once which can happen. --BenH
      ]
      Signed-off-by: default avatarGavin Shan <shangw@linux.vnet.ibm.com>
      CC: <stable@vger.kernel.org>
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      af87d2fe
    • Gavin Shan's avatar
      powerpc/powernv: Dump PHB diag-data immediately · 94716604
      Gavin Shan authored
      The PHB diag-data is important to help locating the root cause for
      EEH errors such as frozen PE or fenced PHB. However, the EEH core
      enables IO path by clearing part of HW registers before collecting
      this data causing it to be corrupted.
      
      This patch fixes this by dumping the PHB diag-data immediately when
      frozen/fenced state on PE or PHB is detected for the first time in
      eeh_ops::get_state() or next_error() backend.
      Signed-off-by: default avatarGavin Shan <shangw@linux.vnet.ibm.com>
      CC: <stable@vger.kernel.org>
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      94716604
    • Paul Mackerras's avatar
      powerpc: Increase stack redzone for 64-bit userspace to 512 bytes · 573ebfa6
      Paul Mackerras authored
      The new ELFv2 little-endian ABI increases the stack redzone -- the
      area below the stack pointer that can be used for storing data --
      from 288 bytes to 512 bytes.  This means that we need to allow more
      space on the user stack when delivering a signal to a 64-bit process.
      
      To make the code a bit clearer, we define new USER_REDZONE_SIZE and
      KERNEL_REDZONE_SIZE symbols in ptrace.h.  For now, we leave the
      kernel redzone size at 288 bytes, since increasing it to 512 bytes
      would increase the size of interrupt stack frames correspondingly.
      
      Gcc currently only makes use of 288 bytes of redzone even when
      compiling for the new little-endian ABI, and the kernel cannot
      currently be compiled with the new ABI anyway.
      
      In the future, hopefully gcc will provide an option to control the
      amount of redzone used, and then we could reduce it even more.
      
      This also changes the code in arch_compat_alloc_user_space() to
      preserve the expanded redzone.  It is not clear why this function would
      ever be used on a 64-bit process, though.
      Signed-off-by: default avatarPaul Mackerras <paulus@samba.org>
      CC: <stable@vger.kernel.org> [v3.13]
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      573ebfa6
    • Liu Ping Fan's avatar
      powerpc/ftrace: bugfix for test_24bit_addr · a95fc585
      Liu Ping Fan authored
      The branch target should be the func addr, not the addr of func_descr_t.
      So using ppc_function_entry() to generate the right target addr.
      Signed-off-by: default avatarLiu Ping Fan <pingfank@linux.vnet.ibm.com>
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      a95fc585
    • Laurent Dufour's avatar
      powerpc/crashdump : Fix page frame number check in copy_oldmem_page · f5295bd8
      Laurent Dufour authored
      In copy_oldmem_page, the current check using max_pfn and min_low_pfn to
      decide if the page is backed or not, is not valid when the memory layout is
      not continuous.
      
      This happens when running as a QEMU/KVM guest, where RTAS is mapped higher
      in the memory. In that case max_pfn points to the end of RTAS, and a hole
      between the end of the kdump kernel and RTAS is not backed by PTEs. As a
      consequence, the kdump kernel is crashing in copy_oldmem_page when accessing
      in a direct way the pages in that hole.
      
      This fix relies on the memblock's service memblock_is_region_memory to
      check if the read page is part or not of the directly accessible memory.
      Signed-off-by: default avatarLaurent Dufour <ldufour@linux.vnet.ibm.com>
      Tested-by: default avatarMahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
      CC: <stable@vger.kernel.org>
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      f5295bd8
    • Tony Breeds's avatar
      powerpc/le: Ensure that the 'stop-self' RTAS token is handled correctly · 41dd03a9
      Tony Breeds authored
      Currently we're storing a host endian RTAS token in
      rtas_stop_self_args.token.  We then pass that directly to rtas.  This is
      fine on big endian however on little endian the token is not what we
      expect.
      
      This will typically result in hitting:
      	panic("Alas, I survived.\n");
      
      To fix this we always use the stop-self token in host order and always
      convert it to be32 before passing this to rtas.
      Signed-off-by: default avatarTony Breeds <tony@bakeyournoodle.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      41dd03a9
  4. 27 Feb, 2014 10 commits
    • Rafael J. Wysocki's avatar
      Merge branches 'pm-cpufreq', 'pm-hibernate' and 'acpi-processor' · 6c09ea49
      Rafael J. Wysocki authored
      * pm-cpufreq:
        intel_pstate: Change busy calculation to use fixed point math.
      
      * pm-hibernate:
        PM / hibernate: Fix restore hang in freeze_processes()
      
      * acpi-processor:
        ACPI / processor: Rework processor throttling with work_on_cpu()
      6c09ea49
    • Paolo Bonzini's avatar
      kvm, vmx: Really fix lazy FPU on nested guest · 1b385cbd
      Paolo Bonzini authored
      Commit e504c909 (kvm, vmx: Fix lazy FPU on nested guest, 2013-11-13)
      highlighted a real problem, but the fix was subtly wrong.
      
      nested_read_cr0 is the CR0 as read by L2, but here we want to look at
      the CR0 value reflecting L1's setup.  In other words, L2 might think
      that TS=0 (so nested_read_cr0 has the bit clear); but if L1 is actually
      running it with TS=1, we should inject the fault into L1.
      
      The effective value of CR0 in L2 is contained in vmcs12->guest_cr0, use
      it.
      
      Fixes: e504c909Reported-by: default avatarKashyap Chamarty <kchamart@redhat.com>
      Reported-by: default avatarStefan Bader <stefan.bader@canonical.com>
      Tested-by: default avatarKashyap Chamarty <kchamart@redhat.com>
      Tested-by: default avatarAnthoine Bourgeois <bourgeois@bertin.fr>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      1b385cbd
    • Andi Kleen's avatar
      perf tools: fix BFD detection on opensuse · 280e7c48
      Andi Kleen authored
      opensuse libbfd requires -lz -liberty to build. Add those to the BFD
      feature detection.
      Signed-off-by: default avatarAndi Kleen <ak@linux.intel.com>
      Acked-by: default avatarDavid Ahern <dsahern@gmail.com>
      Acked-by: default avatarJiri Olsa <jolsa@redhat.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: David Ahern <dsahern@gmail.com>
      Cc: Frederic Weisbecker <fweisbec@gmail.com>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Link: http://lkml.kernel.org/r/1389469379-13340-2-git-send-email-andi@firstfloor.orgSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      280e7c48
    • Linus Torvalds's avatar
      Merge tag 'metag-fixes-v3.14' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/metag · 86c7654f
      Linus Torvalds authored
      Pull Metag arch and asm-generic fixes from James Hogan:
      
       - Add the new sched_setattr/sched_getattr syscalls to the asm-generic
         syscall list, which is used by arc, arm64, c6x, hexagon, metag,
        openrisc, score, tile, and unicore32.
      
       - An IRQ affinity bug fix for metag to prevent interrupts being
         vectored to offline CPUs when their affinity is changed via
         /proc/irq/ (thanks tglx).
      
      * tag 'metag-fixes-v3.14' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/metag:
        irq-metag*: stop set_affinity vectoring to offline cpus
        asm-generic: add sched_setattr/sched_getattr syscalls
      86c7654f
    • Linus Torvalds's avatar
      Merge tag 'pwm/for-3.14-rc5' of... · 3ebd3da6
      Linus Torvalds authored
      Merge tag 'pwm/for-3.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm
      
      Pull pwm fix from Thierry Reding:
       "Just a single trivial patch to plug a memory leak in an error path"
      
      * tag 'pwm/for-3.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm:
        pwm: lp3943: Fix potential memory leak during request
      3ebd3da6
    • Linus Torvalds's avatar
      Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs · 8d753182
      Linus Torvalds authored
      Pull filesystem fixes from Jan Kara:
       "Notification, writeback, udf, quota fixes
      
        The notification patches are (with one exception) a fallout of my
        fsnotify rework which went into -rc1 (I've extented LTP to cover these
        cornercases to avoid similar breakage in future).
      
        The UDF patch is a nasty data corruption Al has recently reported,
        the revert of the writeback patch is due to possibility of violating
        sync(2) guarantees, and a quota bug can lead to corruption of quota
        files in ocfs2"
      
      * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
        fsnotify: Allocate overflow events with proper type
        fanotify: Handle overflow in case of permission events
        fsnotify: Fix detection whether overflow event is queued
        Revert "writeback: do not sync data dirtied after sync start"
        quota: Fix race between dqput() and dquot_scan_active()
        udf: Fix data corruption on file type conversion
        inotify: Fix reporting of cookies for inotify events
      8d753182
    • Linus Torvalds's avatar
      Merge tag 'upstream-3.14-rc5' of git://git.infradead.org/linux-ubifs · bb7d43b1
      Linus Torvalds authored
      Pull ubifs fix from Artem Bityutskiy:
       "Just a single fix for the UBI module unload path which makes sure we
        do not touch freed memory"
      
      * tag 'upstream-3.14-rc5' of git://git.infradead.org/linux-ubifs:
        UBI: fix some use after free bugs
      bb7d43b1
    • Andrew Honig's avatar
      kvm: x86: fix emulator buffer overflow (CVE-2014-0049) · a08d3b3b
      Andrew Honig authored
      The problem occurs when the guest performs a pusha with the stack
      address pointing to an mmio address (or an invalid guest physical
      address) to start with, but then extending into an ordinary guest
      physical address.  When doing repeated emulated pushes
      emulator_read_write sets mmio_needed to 1 on the first one.  On a
      later push when the stack points to regular memory,
      mmio_nr_fragments is set to 0, but mmio_is_needed is not set to 0.
      
      As a result, KVM exits to userspace, and then returns to
      complete_emulated_mmio.  In complete_emulated_mmio
      vcpu->mmio_cur_fragment is incremented.  The termination condition of
      vcpu->mmio_cur_fragment == vcpu->mmio_nr_fragments is never achieved.
      The code bounces back and fourth to userspace incrementing
      mmio_cur_fragment past it's buffer.  If the guest does nothing else it
      eventually leads to a a crash on a memcpy from invalid memory address.
      
      However if a guest code can cause the vm to be destroyed in another
      vcpu with excellent timing, then kvm_clear_async_pf_completion_queue
      can be used by the guest to control the data that's pointed to by the
      call to cancel_work_item, which can be used to gain execution.
      
      Fixes: f78146b0Signed-off-by: default avatarAndrew Honig <ahonig@google.com>
      Cc: stable@vger.kernel.org (3.5+)
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      a08d3b3b
    • Marc Zyngier's avatar
      arm/arm64: KVM: detect CPU reset on CPU_PM_EXIT · b20c9f29
      Marc Zyngier authored
      Commit 1fcf7ce0 (arm: kvm: implement CPU PM notifier) added
      support for CPU power-management, using a cpu_notifier to re-init
      KVM on a CPU that entered CPU idle.
      
      The code assumed that a CPU entering idle would actually be powered
      off, loosing its state entierely, and would then need to be
      reinitialized. It turns out that this is not always the case, and
      some HW performs CPU PM without actually killing the core. In this
      case, we try to reinitialize KVM while it is still live. It ends up
      badly, as reported by Andre Przywara (using a Calxeda Midway):
      
      [    3.663897] Kernel panic - not syncing: unexpected prefetch abort in Hyp mode at: 0x685760
      [    3.663897] unexpected data abort in Hyp mode at: 0xc067d150
      [    3.663897] unexpected HVC/SVC trap in Hyp mode at: 0xc0901dd0
      
      The trick here is to detect if we've been through a full re-init or
      not by looking at HVBAR (VBAR_EL2 on arm64). This involves
      implementing the backend for __hyp_get_vectors in the main KVM HYP
      code (rather small), and checking the return value against the
      default one when the CPU notifier is called on CPU_PM_EXIT.
      Reported-by: default avatarAndre Przywara <osp@andrep.de>
      Tested-by: default avatarAndre Przywara <osp@andrep.de>
      Cc: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
      Cc: Rob Herring <rob.herring@linaro.org>
      Acked-by: default avatarChristoffer Dall <christoffer.dall@linaro.org>
      Signed-off-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      b20c9f29
    • Mike Snitzer's avatar
      dm thin: allow metadata space larger than supported to go unused · 7d48935e
      Mike Snitzer authored
      It was always intended that a user could provide a thin metadata device
      that is larger than the max supported by the on-disk format.  The extra
      space would just go unused.
      
      Unfortunately that never worked.  If the user attempted to use a larger
      metadata device on creation they would get an error like the following:
      
       device-mapper: space map common: space map too large
       device-mapper: transaction manager: couldn't create metadata space map
       device-mapper: thin metadata: tm_create_with_sm failed
       device-mapper: table: 252:17: thin-pool: Error creating metadata object
       device-mapper: ioctl: error adding target to table
      
      Fix this by allowing the initial metadata space map creation to cap its
      size at the max number of blocks supported (DM_SM_METADATA_MAX_BLOCKS).
      get_metadata_dev_size() must also impose DM_SM_METADATA_MAX_BLOCKS (via
      THIN_METADATA_MAX_SECTORS), otherwise extending metadata would cap at
      THIN_METADATA_MAX_SECTORS_WARNING (which is larger than supported).
      
      Also, the calculation for THIN_METADATA_MAX_SECTORS didn't account for
      the sizeof the disk_bitmap_header.  So the supported maximum metadata
      size is a bit smaller (reduced from 33423360 to 33292800 sectors).
      
      Lastly, remove the "excess space will not be used" warning message from
      get_metadata_dev_size(); it resulted in printing the warning multiple
      times.  Factor out warn_if_metadata_device_too_big(), call it from
      pool_ctr() and maybe_resize_metadata_dev().
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      Acked-by: default avatarJoe Thornber <ejt@redhat.com>
      7d48935e