Commit Graph

723811 Commits

Author SHA1 Message Date
Paolo Bonzini
bd89525a82 KVM: x86: emulate #UD while in guest mode
This reverts commits ae1f576707
and ac9b305caa.

If the hardware doesn't support MOVBE, but L0 sets CPUID.01H:ECX.MOVBE
in L1's emulated CPUID information, then L1 is likely to pass that
CPUID bit through to L2. L2 will expect MOVBE to work, but if L1
doesn't intercept #UD, then any MOVBE instruction executed in L2 will
raise #UD, and the exception will be delivered in L2.

Commit ac9b305caa is a better and more
complete version of ae1f576707 ("KVM: nVMX: Do not emulate #UD while
in guest mode"); however, neither considers the above case.

Suggested-by: Jim Mattson <jmattson@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-01-11 16:55:24 +01:00
Arnd Bergmann
ab271bd4df x86: kvm: propagate register_shrinker return code
Patch "mm,vmscan: mark register_shrinker() as __must_check" is
queued for 4.16 in linux-mm and adds a warning about the unchecked
call to register_shrinker:

arch/x86/kvm/mmu.c:5485:2: warning: ignoring return value of 'register_shrinker', declared with attribute warn_unused_result [-Wunused-result]

This changes the kvm_mmu_module_init() function to fail itself
when the call to register_shrinker fails.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-01-11 16:53:13 +01:00
Paolo Bonzini
0217690f88 PPC KVM fixes for 4.15
Four commits here, including two that were tagged but never merged.
 Three of them are for the HPT resizing code; two of those fix a
 user-triggerable use-after-free in the host, and one that fixes
 stale TLB entries in the guest.  The remaining commit fixes a bug
 causing PR KVM guests under PowerVM to fail to start.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJaVfPgAAoJEJ2a6ncsY3GfA10IANZMkwtIpqxGlsAeXKr5bWdl
 iXYD9ymb2/FOHBbg6v8Eh6Gb1ycjzXpXqn74/Y9TE4Ort7mdiH+W6kXYEsMqL8yg
 7Uwnj8DuWFuFxX0x0V4SJQzgdCnOefVcfoo/RnLUzmLsW0Vqtr3A1djM5iHlxFvv
 ntkNtGYPOoaHl6rjtfHTDfLWN/DzEJbaIU/0O1LIkBxPG4STzSXErAucLL46Pa/X
 NuPO2HfpxQiacHVG62iy89eJeAcraEAXnH5e6eVPRQQqh3DSIERMU6n6jXyZeMU5
 NWX8Qme3VGBpiJOiCGMvMrnJmQmMTSWTtkGljyaFy+vZWMqGZ6xJ3wIP+5t9d+Q=
 =dw6K
 -----END PGP SIGNATURE-----

Merge tag 'kvm-ppc-fixes-4.15-3' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc into kvm-master

PPC KVM fixes for 4.15

Four commits here, including two that were tagged but never merged.
Three of them are for the HPT resizing code; two of those fix a
user-triggerable use-after-free in the host, and one that fixes
stale TLB entries in the guest.  The remaining commit fixes a bug
causing PR KVM guests under PowerVM to fail to start.
2018-01-11 14:07:27 +01:00
Haozhong Zhang
2a266f2355 KVM MMU: check pending exception before injecting APF
For example, when two APF's for page ready happen after one exit and
the first one becomes pending, the second one will result in #DF.
Instead, just handle the second page fault synchronously.

Reported-by: Ross Zwisler <zwisler@gmail.com>
Message-ID: <CAOxpaSUBf8QoOZQ1p4KfUp0jq76OKfGY4Uxs-Gg8ngReD99xww@mail.gmail.com>
Reported-by: Alec Blayne <ab@tevsa.net>
Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-01-11 14:05:19 +01:00
David Gibson
ecba8297aa KVM: PPC: Book3S HV: Always flush TLB in kvmppc_alloc_reset_hpt()
The KVM_PPC_ALLOCATE_HTAB ioctl(), implemented by kvmppc_alloc_reset_hpt()
is supposed to completely clear and reset a guest's Hashed Page Table (HPT)
allocating or re-allocating it if necessary.

In the case where an HPT of the right size already exists and it just
zeroes it, it forces a TLB flush on all guest CPUs, to remove any stale TLB
entries loaded from the old HPT.

However, that situation can arise when the HPT is resizing as well - or
even when switching from an RPT to HPT - so those cases need a TLB flush as
well.

So, move the TLB flush to trigger in all cases except for errors.

Cc: stable@vger.kernel.org # v4.10+
Fixes: f98a8bf9ee ("KVM: PPC: Book3S HV: Allow KVM_PPC_ALLOCATE_HTAB ioctl() to change HPT size")
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2018-01-10 20:45:41 +11:00
Alexey Kardashevskiy
6c7d47c33e KVM: PPC: Book3S PR: Fix WIMG handling under pHyp
Commit 96df226 ("KVM: PPC: Book3S PR: Preserve storage control bits")
added code to preserve WIMG bits but it missed 2 special cases:
- a magic page in kvmppc_mmu_book3s_64_xlate() and
- guest real mode in kvmppc_handle_pagefault().

For these ptes, WIMG was 0 and pHyp failed on these causing a guest to
stop in the very beginning at NIP=0x100 (due to bd9166ffe "KVM: PPC:
Book3S PR: Exit KVM on failed mapping").

According to LoPAPR v1.1 14.5.4.1.2 H_ENTER:

 The hypervisor checks that the WIMG bits within the PTE are appropriate
 for the physical page number else H_Parameter return. (For System Memory
 pages WIMG=0010, or, 1110 if the SAO option is enabled, and for IO pages
 WIMG=01**.)

This hence initializes WIMG to non-zero value HPTE_R_M (0x10), as expected
by pHyp.

[paulus@ozlabs.org - fix compile for 32-bit]

Cc: stable@vger.kernel.org # v4.11+
Fixes: 96df226 "KVM: PPC: Book3S PR: Preserve storage control bits"
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Tested-by: Ruediger Oertel <ro@suse.de>
Reviewed-by: Greg Kurz <groug@kaod.org>
Tested-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2018-01-10 20:45:00 +11:00
Linus Torvalds
b2cd1df660 Linux 4.15-rc7 2018-01-07 14:22:41 -08:00
Linus Torvalds
b84449dc14 Merge branch 'parisc-4.15-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
Pull parisc fixes from Helge Deller:

 - Many small fixes to show the real physical addresses of devices
   instead of hashed addresses.

 - One important fix to unbreak 32-bit SMP support: We forgot to 16-byte
   align the spinlocks in the assembler code.

 - Qemu support: The host will get a chance to sleep when the parisc
   guest is idle. We use the same mechanism as the power architecture by
   overlaying the "or %r10,%r10,%r10" instruction which is simply a nop
   on real hardware.

* 'parisc-4.15-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
  parisc: qemu idle sleep support
  parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel
  parisc: Show unhashed EISA EEPROM address
  parisc: Show unhashed HPA of Dino chip
  parisc: Show initial kernel memory layout unhashed
  parisc: Show unhashed hardware inventory
2018-01-07 11:42:57 -08:00
Linus Torvalds
9cfd403a7c - fix regression in mount mediation when feature set is pinned
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCgAGBQJaUiTsAAoJEAUvNnAY1cPYA1MP/37LQRImjRGq0wGp9RE1BrCI
 VobxrcnzmfMSTlGYGHJOXt81dy6Xr+qcri9Qfr+x4fb79R49NOS+2usQZ3gHu05+
 WZOgTOut87uGDzNSWawn9HrsCs89obi+G8jVBt1gCcG4oazp00EHiFQEy6Lkt9D0
 5JB4Sx53aTPcqkS/uDrEIDtClnBn/c5EYInKMh4aTaDOAaOAva67n6QELRWyUHoz
 y1uf7YQWOoUkuQIgGFhsH/mcvSu71W4ZbIO1CuvsTBcUdXi0q7Hdp23EWdLuYgPe
 dPTs1ibhE7gEg0xJ5f2lqF8uL8XYAsZGSWhgPDtcbWq+kpRIGa8TuHhuca84tRMU
 6hf3xZwqYFItG9fzLxD6ZJdEmYdHFxlY6KHQ+azTxUdkomJJB72wsRdhB679+Xsa
 GMGJ4W4xxUHX+2u5I7p/5FifzmHf2g6YK+v4kkz1U8d9Vgh68b20V+ioC7RgR6k6
 qDuVxs0K3g5ikP8WQKzHwKfEp1Z62uHV8HnsmRmuYzoPzbPy3szmgM8tGk+/02Qw
 JHEf/umPauG1QjHLMU8HkiB6OP8wFs0Y/mma+Iqy2WrFFPo0oa3A4AW3HKRC5imS
 lUryPugYAoioAcu4raYZYKw/fv16YKP0wwbcLKKH2jA6TlUqseJaCW6K1asgMqbh
 72UyDLCIjrAmlhpSdLhg
 =b5fz
 -----END PGP SIGNATURE-----

Merge tag 'apparmor-pr-2018-01-07' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor

Pull apparmor fix from John Johansen:
 "This fixes a regression when the kernel feature set is reported as
  supporting mount and policy is pinned to a feature set that does not
  support mount mediation"

* tag 'apparmor-pr-2018-01-07' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
  apparmor: fix regression in mount mediation when feature set is pinned
2018-01-07 11:33:12 -08:00
Linus Torvalds
9d61ec5baa LED fix for 4.15-rc7
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJaUhWqAAoJEL1qUBy3i3wmDysP/1mi2O3hzvTW06a3c4HMZpi/
 Wp4HHuJkJQhq3UUT/s9OLzimWVJhH8lNorHm0zPOYCj3C7L9NBgomV1JCdSSevQM
 b1L2u5oXWnZrutLE7Echmf5CC6b9ntZBlfQIzULS7N7e0wFwpBPOF06nhfx/nkvT
 9quci3Ha9NTIEUovuj3Lqs4Nh76qkvFhZ0LK39KWT5Gx60niCPTWmyCMEtp5qvWl
 Y+RXvyRD7XYTSdkL8WJ3j/fDFVdj1zyRziir1BJ8K365TeyxH1Jb0EO/QY6ZnEX0
 EMMi85GklPlMa911Hu3fCdok7dYoIVnC1BYnd3n8Em9EkvFUpvdCRAUrTHK/y1iy
 1HhunswN+UTXp/04tjGDxlmXJt9DlfbcCi95hNKaeMBTO6/rj2AOug7xDqJOqTSg
 /TZYEuOnvAKa0bv4JdtdX9Aw1Tl5vIEL/rYPhW/BPQk6yz7+1LFIB4WUC11lmb/T
 4da6/Oxxn/94LD5mq9FriQPL+ibNPVWDe747x8yh84lC6/UT7TnxuWZGE70QvBa7
 1bZHb9T2yK+/d05QjejdgQqdhKUAtAnSWv3/bTow9JdGa5HeJpiLaWa/KvLvYuua
 y3A7QrpPVvdsyTWKzhgbAzV9OvQSsvnxigEQUPTLamCEWv20PZFaP775ubWOZqIx
 05ZFOYSPLF/wyHqcttMM
 =9XZT
 -----END PGP SIGNATURE-----

Merge tag 'led_fixes_for_4.15-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds

Pull LED fix from Jacek Anaszewski:
 "The commit 2b83ff96f5 for 4.15-rc6, which was fixing LED brightness
  setting after clearing delay_off broke the behavior on any alteration
  of delay_on{off} properties, due to use of a LED core helper that does
  too much for this particular case"

* tag 'led_fixes_for_4.15-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds:
  leds: core: Fix regression caused by commit 2b83ff96f5
2018-01-07 11:01:59 -08:00
Linus Torvalds
c11a5fe66f This pull request contains a single fix for the pxa3xx NAND driver.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJaUeWKAAoJEGb5WYXrGLvBt1wQAKUTS9sd3/mmmAbqTmMEJhRC
 XRpDR0qLKF8ACQns4XVcyL4xyoXSe1HUwaJDih8Urgf98v8vnno27NVYS4cJkBcM
 e3AnxzOGnAizN1nPZmVko8wnKBY076qB/S9frxk2mbNw1kaI6iBI0reDNZfZgl4H
 QzTHgReTIabiUH/rVdBGY6z8jUOJ5HGYY2kSrQivtZ1LRr3oFUjJRnKIBmWRO/iK
 w+VKOxMeRna9DFciueFV3XZ68aAb89iHeGx1qjKCUjxkKBKKZhmAwd+VXyZl9H5r
 rTr9c1NgHkAlGPUIKcZ5lOte6GIHi+Xdmi3wjWwadx4u/ARZsNTQfS7lQrynj2O3
 +dNcdftyzqA7GCkawXIjxKm/RFQNfwjf2NcPGLhBQs11yO/ZUMM7bB94KlCRgwbK
 2Y4C/xKMn4X1OtT2aeX/SzhxUxXmS7kPgh6QcpOajIkb/QUc9Q07TEz7mPN3Asj4
 lhGRCxzPY1bG38txCvwIHCZ2/PyWEinzmO9ijZzMGzv9SHqPjD1lXi8AWKt9tZM+
 nZL0vHuwfb09P4BfYzz48Twxg8f7ICpWuCuWCqwD/+0h0oB5z24OuwpOVSaQGnyi
 NMVP1elsHq0EFNBj4br01bB7GUg8y5hSYtTg716t193pjkoRrUyGjG2/LT1LPL3G
 a9eGwcK5llnOtfjp0l0k
 =k5RK
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-20180107' of git://git.infradead.org/linux-mtd

Pull MTD bugfix from Richard Weinberger:
 "A single fix for the pxa3xx NAND driver"

* tag 'for-linus-20180107' of git://git.infradead.org/linux-mtd:
  mtd: nand: pxa3xx: Fix READOOB implementation
2018-01-07 11:00:06 -08:00
Jacek Anaszewski
7b6af2c531 leds: core: Fix regression caused by commit 2b83ff96f5
Commit 2b83ff96f5 ("led: core: Fix brightness setting when setting delay_off=0")
replaced del_timer_sync(&led_cdev->blink_timer) with led_stop_software_blink()
in led_blink_set(), which additionally clears LED_BLINK_SW flag as well as
zeroes blink_delay_on and blink_delay_off properties of the struct led_classdev.

Cleansing of the latter ones wasn't required to fix the original issue but
wasn't considered harmful. It nonetheless turned out to be so in case when
pointer to one or both props is passed to led_blink_set() like in the
ledtrig-timer.c. In such cases zeroes are passed later in delay_on and/or
delay_off arguments to led_blink_setup(), which results either in stopping
the software blinking or setting blinking frequency always to 1Hz.

Avoid using led_stop_software_blink() and add a single call required
to clear LED_BLINK_SW flag, which was the only needed modification to
fix the original issue.

Fixes 2b83ff96f5 ("led: core: Fix brightness setting when setting delay_off=0")
Signed-off-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
2018-01-07 13:27:07 +01:00
Linus Torvalds
75d4276e83 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs fixes from Al Viro:

 - untangle sys_close() abuses in xt_bpf

 - deal with register_shrinker() failures in sget()

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  fix "netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'"
  sget(): handle failures of register_shrinker()
  mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
2018-01-06 17:13:21 -08:00
Linus Torvalds
5b6c02f383 KVM fixes for v4.15-rc7
s390:
 * Two fixes for potential bitmap overruns in the cmma migration code
 
 x86:
 * Clear guest provided GPRs to defeat the Project Zero PoC for CVE
   2017-5715
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJaUTJ4AAoJEED/6hsPKofohk0IAJAFlMG66u5MxC0kSM61U4Zf
 1vkzRwAkBbcN82LpGQKbqabVyTq0F3aLipyOn6WO5SN0K5m+OI2OV/aAroPyX8bI
 F7nWIqTXLhJ9X6KXINFvyavHMprvWl8PA72tR/B/7GhhfShrZ2wGgqhl0vv/kCUK
 /8q+5e693yJqw8ceemin9a6kPJrLpmjeH+Oy24KIlGbvJWV4UrIE86pRHnAnBtg8
 L7Vbxn5+ezKmakvBh+zF8NKcD1zHDcmQZHoYFPsQT0vX5GPoYqT2bcO6gsh1Grmp
 8ti6KkrnP+j2A/OEna4LBWfwKI/1xHXneB22BYrAxvNjHt+R4JrjaPpx82SEB4Y=
 =URMR
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Radim Krčmář:
 "s390:
   - Two fixes for potential bitmap overruns in the cmma migration code

  x86:
   - Clear guest provided GPRs to defeat the Project Zero PoC for CVE
     2017-5715"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  kvm: vmx: Scrub hardware GPRs at VM-exit
  KVM: s390: prevent buffer overrun on memory hotplug during migration
  KVM: s390: fix cmma migration for multiple memory slots
2018-01-06 17:05:05 -08:00
Boris Brezillon
fee4380f36 mtd: nand: pxa3xx: Fix READOOB implementation
In the current driver, OOB bytes are accessed in raw mode, and when a
page access is done with NDCR_SPARE_EN set and NDCR_ECC_EN cleared, the
driver must read the whole spare area (64 bytes in case of a 2k page,
16 bytes for a 512 page). The driver was only reading the free OOB
bytes, which was leaving some unread data in the FIFO and was somehow
leading to a timeout.

We could patch the driver to read ->spare_size + ->ecc_size instead of
just ->spare_size when READOOB is requested, but we'd better make
in-band and OOB accesses consistent.
Since the driver is always accessing in-band data in non-raw mode (with
the ECC engine enabled), we should also access OOB data in this mode.
That's particularly useful when using the BCH engine because in this
mode the free OOB bytes are also ECC protected.

Fixes: 43bcfd2bb2 ("mtd: nand: pxa3xx: Add driver-specific ECC BCH support")
Cc: stable@vger.kernel.org
Reported-by: Sean Nyekjær <sean.nyekjaer@prevas.dk>
Tested-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Acked-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Tested-by: Sean Nyekjaer <sean.nyekjaer@prevas.dk>
Acked-by: Robert Jarzmik <robert.jarzmik@free.fr>
Signed-off-by: Richard Weinberger <richard@nod.at>
2018-01-06 23:06:58 +01:00
Linus Torvalds
3219e264b9 powerpc fixes for 4.15 #6
Just one fix to correctly return SEGV_ACCERR when we take a SEGV on a mapped
 region. The bug was introduced in the refactoring of the page fault handler we
 did in the previous release.
 
 Thanks to:
   John Sperbeck.
 -----BEGIN PGP SIGNATURE-----
 
 iQIwBAABCAAaBQJaULvEExxtcGVAZWxsZXJtYW4uaWQuYXUACgkQUevqPMjhpYBN
 hw//W6NeKl1iS7Xf5tcFX97I/TBakl0rS7gHGBMheQT4IGengQ3dJqfCMdq6nfyx
 Sss72UG1sVfeYNG5djJjoZ3hmnt1CjcMkRlQotUhFYACufHYiI8DwYlUTNYpQR6f
 z6uaItK2S5JWSzuk8wOe/VUmBqyIfe+LIWplh8uGy1vn93avbyHrJAAtPFeSyiBm
 TA6EMubY4n1NpNWyGIWBILO7e1yI0xT4jctwNy/ZAGC0lgutFb4sWY/ZxgYlQyKo
 fxb0Al8REpY73IjbZbSzcZ1GfdzDztda1fCNyUeKShRInSJTp31zasn4YCXzYOU8
 8yLw5DcnlA9Fyy7BV0IuFtAfV4wUHS9NDe8ebX6xKXarurTCwugoSbmHCQ8E7jIC
 4FFVhArQdraY+tumOwouJA7g4nGUtGV6rpZAUnd++7xVvFspJiAbFpbU2vUNnnJ4
 VoU2lvWjox9r6wxT001Ct/4M+XoR8+nnEKs8bll1771CyV+AQ4fGqoDga3dOB2cC
 M1ejwLFZ80ZnXDUY6wc4Wzor3G1knVRzuRLEcsoAe4vJunGsS1i9tYce9bOJ9la+
 okcmoPm0roPJSiT1bmiptIAsJRjZZq2cxr2+lBBQ9zlNuZyEIY/CwrBM/0ZP6RJI
 ljbjOCj0xvJBkmIBSenOVO/tIBi/Ww+wL2MDzsYv+K1pp24=
 =VAzk
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-4.15-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fix from Michael Ellerman:
 "Just one fix to correctly return SEGV_ACCERR when we take a SEGV on a
  mapped region. The bug was introduced in the refactoring of the page
  fault handler we did in the previous release.

  Thanks to John Sperbeck"

* tag 'powerpc-4.15-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/mm: Fix SEGV on mapped region to return SEGV_ACCERR
2018-01-06 09:48:27 -08:00
Radim Krčmář
bb4945e60d KVM: s390: fixes for cmma migration
Two fixes for potential bitmap overruns in the cmma migration
 code.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJaPRe7AAoJEBF7vIC1phx8ENMQAIfuqVSU0zK535O+6sEMSReG
 phfs/EG008n5/r7dURovjjAotlpBhiltcS+aePtMfZOhnZZ0/Sb5Meqc0R+U3KIu
 b4EH9Gdg8oM9dGNaYtvlAwCZCisDnhfugY187UIHn7wDURWA8PDvx4aBrsLTO2JW
 nuhY2he93S3qpB6lXVTIx6yCUB3Q7iBfb+PLzPEfiUlQ+ZFIciddpq0JwCDsEQtx
 wQqYfKDcBClTLvjpk4DNhXW21ssPkN1VUyn0Vqb+Fvz/LFs7O0DhOKngoTqZj65q
 4yJxQXNRDDF5gYqC6akjFloshd/HKdf28VcJ8QLIbV7ozT12KbMhDoVNkvC/WeqV
 URYDmyjimjaa+PlDDEUtgz6Bi9/VJcEtNFGa1sLjIzGuq8J4sLgDTCEDZ7SFQWje
 KKtQzc8cP34apSgSUhNBuPpQrb+1aVtEOBfC7KSy3c2YMuV0Ugdo32AkeZ7ErXv/
 922CvIPYSnNVtasumm84NgukJBwFVJqLAdXMvXKyopFOl/ah8uw+/934nZ35GK6l
 RzHkhzFt+MHuKr0fMAYwI6G/UC8eI98RcMHQiN7tnu0MsYGyL/JtVcjVPd80JdgQ
 wV6yOFHEsaH3rYlC4Z24h+IaGFhVxw9Y7xXTdLUU1XMR20nwyeH1KpVfhKd6hteW
 3JcmtScObUzKUe4YkUGs
 =7RKy
 -----END PGP SIGNATURE-----

Merge tag 'kvm-s390-master-4.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux

KVM: s390: fixes for cmma migration

Two fixes for potential bitmap overruns in the cmma migration
code.
2018-01-06 17:26:37 +01:00
Helge Deller
310d82784f parisc: qemu idle sleep support
Add qemu idle sleep support when running under qemu with SeaBIOS PDC
firmware.

Like the power architecture we use the "or" assembler instructions,
which translate to nops on real hardware, to indicate that qemu shall
idle sleep.

Signed-off-by: Helge Deller <deller@gmx.de>
Cc: Richard Henderson <rth@twiddle.net>
CC: stable@vger.kernel.org # v4.9+
2018-01-06 12:28:04 +01:00
Linus Torvalds
65c64d1845 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Pull input fixes from Dmitry Torokhov:
 "Just a few driver fixups, nothing exciting"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: xen-kbdfront - do not advertise multi-touch pressure support
  Input: hideep - fix compile error due to missing include file
  Input: elants_i2c - do not clobber interrupt trigger on x86
  Input: joystick/analog - riscv has get_cycles()
  Input: elantech - add new icbody type 15
  Input: ims-pcu - fix typo in the error message
2018-01-05 16:45:06 -08:00
Linus Torvalds
313243aa1a IOMMU fixes for Linux v4.15-rc7
* Fix duplicate Stream ID handling in arm-smmu-v3
 
  * Fix arm-smmu-v3 page table ops double free
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJaT652AAoJECObm247sIsi3WsP/0CrTtKvaS5c4S0wc+drsl0R
 aqKwKzTTWI9Lo/ky8Pqd82QcN8ZKZrObg7JGKXql0YEboxYFm7Jm33Lkn6jFGWwd
 jJB6AIjZRKd6MAO9LvduyTFO/DoMnJxzUZmGg+YYfqiQGyQ2lAYcPHJsdtjvn+yy
 1osWd2xxpEccqXOeh8dhzfDVipt1KRLrahxzr0Wdas7DUp0nI9n8FR9M5wh+xacW
 2rEiScFZ+NzGCRmGeFRpy9znwpM1YKGaB9E2mvTRsql3CbzGAoQUDfu2F5oz6B6B
 QPEvvCGIG4tuCo53W7Fr49jfi2WAAdgxNfINbKo/QXFSapG0M1EKq8ivEvP09/s4
 c38OrBU4Snxm1EpWwkIlavuj4N3eo91S9FvzXmkfQQ4y6TAdr8fXOqwSbplRHhCO
 NhyK4gtFK3nf6qcSwEys5cVCBMCSd8Fr/5EGDro4lz77hajU86EWFUv0A0ZJpQ1H
 g3boKM/5WBkDWgEtxk1cwup0K3Pixs0RiA7fMyEZGo1DkgObzql+T9P702Z6uke+
 0KBtmaFeJ3Rj1pOD0NUx0CGMMuqhQ4uCu8wPe8tOk2MxJdc5IhATGI5i9b0UvLXs
 Zeut4J1Pz8ua977zmTM9GUbHTzm1zc0c9iUTGM1RG2agZ9sl8F/tjiCr0T8STW6E
 zqZGtdBEVW/gSQeeYPXn
 =ta8U
 -----END PGP SIGNATURE-----

Merge tag 'iommu-v4.15-rc7' of git://github.com/awilliam/linux-vfio

Pull IOMMU fixes from Alex Williamson:
 "Fixes via Will Deacon for arm-smmu-v3.

   - Fix duplicate Stream ID handling in arm-smmu-v3

   - Fix arm-smmu-v3 page table ops double free"

* tag 'iommu-v4.15-rc7' of git://github.com/awilliam/linux-vfio:
  iommu/arm-smmu-v3: Cope with duplicated Stream IDs
  iommu/arm-smmu-v3: Don't free page table ops twice
2018-01-05 16:17:16 -08:00
Linus Torvalds
f84d595a5b ARC fixes for 4.15-rc7
- platform updates for setting up clock correctly
 
  - Fixes to accomodate newer gcc (__builtin_trap, removed inline asm modifier)
 
  - Other fixes
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJaT8sNAAoJEGnX8d3iisJeuCMP/3vezmOLkJqAmHRTQ7r5xR4I
 PAP95qzrkDSAfTdv2tpLNySqV660+qu6F/Sy1jcJK8wfW3BWUyPFpzkIBrSPxPF9
 OJnlZBjlOsp2TyLq4VN3jyyYfNLQFbtYDKIG3VT7nRAEeEhx8RdXtf7UYUH8M63i
 hzsweOBlPHrj7VSLhKCw14nTGShqq3O3bNF4KkgktEHLaoecvQmwZO/UV/VK1svM
 ImNNGu382slHus8KJm2NdxAXObzfMzXhDAFuS6nqUNgV0SKBCCSerBFCTfPARfXj
 YzLI8S5M1mygwc9cl+HyPqrXVsXlqTH/RQhKoY0MMTwRlu0KUaRqH2lvDr1EDgl8
 ca12uKSPaP/UdYgYCIDdbvLosO5/ZOkj03gqrZMfoSv0JQ2Jzn0eV4/KXm6muEGm
 JfGihhvYoMi+1IOxX5fVOUzkX2DI/sVAWlHLQKmhS8AD2aoimYj30uGqItqk0UI6
 w0TZk8i0/+N/AYPtoanAgUrj2mNAXgLFst5SEz8jtJL3SBKvKu3ihH6tSDNO34xW
 ooYVrofzpcSnkVMsGq30lf2yZmLciV3s4Cz/FyBHyOngHdDE0BUhm0Luj5MYtx7C
 HgwfjhIuyFL9CNgH+SgMyAqID6Xn9KsQp776PJ+kf1i6OuMUu0zYCgAp42CODySu
 gEs5wBBdT+HZ5M7pff8Y
 =lS2L
 -----END PGP SIGNATURE-----

Merge tag 'arc-4.15-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc

Pull ARC fixes from Vineet Gupta:

 - platform updates for setting up clock correctly

 - fixes to accomodate newer gcc (__builtin_trap, removed inline asm
   modifier)

 - other fixes

* tag 'arc-4.15-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
  ARC: handle gcc generated __builtin_trap for older compiler
  ARC: handle gcc generated __builtin_trap()
  ARC: uaccess: dont use "l" gcc inline asm constraint modifier
  ARC: [plat-axs103] refactor the quad core DT quirk code
  ARC: [plat-axs103]: Set initial core pll output frequency
  ARC: [plat-hsdk]: Get rid of core pll frequency set in platform code
  ARC: [plat-hsdk]: Set initial core pll output frequency
  ARC: [plat-hsdk] Switch DisplayLink driver from fbdev to DRM
  arc: do not use __print_symbol()
  ARC: Fix detection of dual-issue enabled
2018-01-05 16:06:35 -08:00
John Johansen
5b9f57cf47 apparmor: fix regression in mount mediation when feature set is pinned
When the mount code was refactored for Labels it was not correctly
updated to check whether policy supported mediation of the mount
class.  This causes a regression when the kernel feature set is
reported as supporting mount and policy is pinned to a feature set
that does not support mount mediation.

BugLink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882697#41
Fixes: 2ea3ffb778 ("apparmor: add mount mediation")
Reported-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Cc: Stable <stable@vger.kernel.org>
Signed-off-by: John Johansen <john.johansen@canonical.com>
2018-01-05 15:07:42 -08:00
Linus Torvalds
89876f275e for-4.15-rc7-tag
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAlpPux0ACgkQxWXV+ddt
 WDs/ORAAgRtjm+OWBb80eV1xJIHGRPRaL6E4OZc6SA7DEA+oCpkkVzOHQz3PV2a2
 cAsIUvp9azZd41gzBMw8mIe4AQKLZpud+vEM7QYRlbZFtp3EWmZ1Jht4bJRxC+w7
 NjBIEx4MX2KiUeRizmo3iWBVW+RoaRVW1xvFo/k5QchhO8U74SNYzxTGVxd8S/C0
 ZanuTowdm71uCJJHkoNWArAsou40QCJOYK19WilRkrf6SGsUqc1zKArRKe2KF4GH
 Wyf4Qyp2fm8RRKLOlc9NcsVbVqVg4kBmUXbJPCvltCs+JiyfhX9hahweoHHH8kmH
 u/jR3CItVqX+Ft1WAtSpgRzxO0uGu6aVkIql0VHV6wIbGnFoJd9XQ6RPnT/awlOw
 1jx8RLOZtVehF6pjyoSngLppqCw/sYpV8QhF32dEFGentO3Wd7CVKTcMOH498dbN
 paNzcNEfnTFLbUmViOTXl8AS8VX+3PU2Mgn8W8UxcFYksoIpV9P/LBDS3iIGYMtL
 pFFC9fYeipBDOPg2NV4QfCE9ZSqm35c2kAV/hb1nmPtPz4W+Ya5v2y9RSjAU80f4
 Y8ZyePg6pjwWOp1dW+TZF0NE8ExzSvgnXAQOdZkiy4Ztc6OwTVhlwRfW1xFy2Py+
 riR87A7/mDbiR9IXHgzFZi6WjjVMHDifBKeEpu91cF9JrwJqMBc=
 =WIOv
 -----END PGP SIGNATURE-----

Merge tag 'for-4.15-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux

Pull btrfs fixes from David Sterba:
 "We have two more fixes for 4.15, both aimed for stable.

  The leak fix is obvious, the second patch fixes a bug revealed by the
  refcount API, when it behaves differently than previous atomic_t and
  reports refs going from 0 to 1 in one case"

* tag 'for-4.15-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  btrfs: fix refcount_t usage when deleting btrfs_delayed_nodes
  btrfs: Fix flush bio leak
2018-01-05 13:02:46 -08:00
Linus Torvalds
12e971b652 Changes since last update:
- Fix resource cleanup of failed quota initialization
 - Fix integer overflow problems wrt s_maxbytes
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCgAGBQJaS8yUAAoJEPh/dxk0SrTrrNMP+gLCitWenObhf6uA0Aysb3Vr
 EnhNFaqZA7RRLbQRwLESblvhExp9WTrtFmWOAFh1Q0ETBEIazIGkXfKDeOChxaCY
 LMPb83vQarZoV++HoiBeFbShf39dFw2ufGHyveZwvxk4kgYgQRFzIVZbRTg7CA/C
 nMLPZ9IBDBhEwnCVpH+gKJMcU6j5I9IIePwaEIKnB0o99fsEgZfnM0B4Wl0DRrzn
 nE6DOvkGZiNF4on1J2KgL2rB0r+VEyyMtBTCRs519rEaa8ACFUQDqEqoUIC92SnS
 pD/n9S2JwVH1dLX7cRoiMQcX/r4do83LlK0IvMswApMuNqYRQU6332lwosdgo7KQ
 8+antAlVKuqMAGNvhVWMy1DuaRO5gCqRwL1wpzebNHsw4eRsDD2MNkeLXbM2P2oL
 5OflIrPLMlLORlPtwbJclm8CcnQzQGMAa5yEDJcU1PIWH/urdRd+KqWQ+N0Zfj6m
 J3L4tXDY61hqwZ8BISe+/9iFDooGV/6Ri4mbez4UWiN6UfaKKokaFZzbo2n3VTb9
 Htx5KsrzslfGWAnoeIT9GnyFhT4te9IHT69jl2AorvxpmdXdfOI8TgrzS8TzuKGD
 N6TadC4IZGLLpww+rND6Bywdc8/garmFbck+/nVdMRwNAsZUE+m08OrNFMCqmYms
 p9jIA2tRh94Hu4Awi8hG
 =2rs/
 -----END PGP SIGNATURE-----

Merge tag 'xfs-4.15-fixes-10' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux

Pull XFS fixes from Darrick Wong:
 "I have just a few fixes for bugs and resource cleanup problems this
  week:

   - Fix resource cleanup of failed quota initialization

   - Fix integer overflow problems wrt s_maxbytes"

* tag 'xfs-4.15-fixes-10' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
  xfs: fix s_maxbytes overflow problems
  xfs: quota: check result of register_shrinker()
  xfs: quota: fix missed destroy of qi_tree_lock
2018-01-05 12:59:32 -08:00
Linus Torvalds
f842839cd8 - Late bugfix to plug a leak in rtsx_pcr
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJaT3XWAAoJEFGvii+H/HdhZvYP/2O/UwaELEL1rkCziXg7vcFm
 Rou32IFfdjufqPHXkINtklxMcnZUHo0IZuV/cNf8MVF/SoO+/q5G+7FkZ+qIWep5
 X5XNHlmuqdHg66+kU+f9R1Jz8XyB5yp7DZZflC/Xs9tXpKnoRr0nN937afI0NsC7
 8FJUOpa7IF4RrMBVOdeChSP8Qgw8YpfRiTwzYbiSnbzZBIfCE8GW0iuEBNceo/sb
 3liwRuVQsCmMhQxVnlmoh4j3DahNem8JMI6GbzXnyw/CdpaCu/65vIhfj/GR2BeL
 x8QoB5j+Pz51yaZk2CM9yPQEt9x9ldzapLmDNUp4DmGzENBJMlZ24DK/KZilM1Pv
 QOsvKbvc9XHOXWRDxp2jy0vcq6KC6lPVJahBozWYrELYdyUbOTd7L/oi5mwxkW4K
 yP21FxuxOF+ArfvtDQse8v8EpU7RwtL3EHt7ulIQLANJ74yTJ7PFJA516aDigFQV
 eGF1Y6zBwe5AxBgaZwiY8sij0oSkA1OEsEOBzykQVwonfp1/iNIRR8WBAopanrih
 CYpTJmzEaeDliwmIkj0Fcs1aLQ+7iP1Io4cPTmsQGygAoZv31ez09oPj/z93dXzz
 a5Vo4HjFF/L7HPhoZSPHxhWYTaxgU0VpePwkTXOnmUzvnGD4Wv4Gx20fOd6GzvNo
 HF7zJ8eFRhooFszHhgU9
 =8CZD
 -----END PGP SIGNATURE-----

Merge tag 'mfd-fixes-4.15-1' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd

Pull MFD fix from Lee Jones:
 "Late bugfix to plug a leak in rtsx_pcr"

* tag 'mfd-fixes-4.15-1' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd:
  mfd: rtsx: Release IRQ during shutdown
2018-01-05 12:56:20 -08:00
Linus Torvalds
abb7099dbc Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull  more x86 pti fixes from Thomas Gleixner:
 "Another small stash of fixes for fallout from the PTI work:

   - Fix the modules vs. KASAN breakage which was caused by making
     MODULES_END depend of the fixmap size. That was done when the cpu
     entry area moved into the fixmap, but now that we have a separate
     map space for that this is causing more issues than it solves.

   - Use the proper cache flush methods for the debugstore buffers as
     they are mapped/unmapped during runtime and not statically mapped
     at boot time like the rest of the cpu entry area.

   - Make the map layout of the cpu_entry_area consistent for 4 and 5
     level paging and fix the KASLR vaddr_end wreckage.

   - Use PER_CPU_EXPORT for per cpu variable and while at it unbreak
     nvidia gfx drivers by dropping the GPL export. The subject line of
     the commit tells it the other way around, but I noticed that too
     late.

   - Fix the ASM alternative macros so they can be used in the middle of
     an inline asm block.

   - Rename the BUG_CPU_INSECURE flag to BUG_CPU_MELTDOWN so the attack
     vector is properly identified. The Spectre mitigations will come
     with their own bug bits later"

* 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
  x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
  x86/tlb: Drop the _GPL from the cpu_tlbstate export
  x86/events/intel/ds: Use the proper cache flush method for mapping ds buffers
  x86/kaslr: Fix the vaddr_end mess
  x86/mm: Map cpu_entry_area at the same place on 4/5 level
  x86/mm: Set MODULES_END to 0xffffffffff000000
2018-01-05 12:23:57 -08:00
Linus Torvalds
b03acc4cc2 Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull EFI updates from Thomas Gleixner:

 - A fix for a add_efi_memmap parameter regression which ensures that
   the parameter is parsed before it is used.

 - Reinstate the virtual capsule mapping as the cached copy turned out
   to break Quark and other things

 - Remove Matt Fleming as EFI co-maintainer. He stepped back a few days
   ago. Thanks Matt for all your great work!

* 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  MAINTAINERS: Remove Matt Fleming as EFI co-maintainer
  efi/capsule-loader: Reinstate virtual capsule mapping
  x86/efi: Fix kernel param add_efi_memmap regression
2018-01-05 12:20:35 -08:00
Linus Torvalds
3eac690383 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 fixes from Martin Schwidefsky:
 "Four bug fixes"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/dasd: fix wrongly assigned configuration data
  s390: fix preemption race in disable_sacf_uaccess
  s390/sclp: disable FORTIFY_SOURCE for early sclp code
  s390/pci: handle insufficient resources during dma tlb flush
2018-01-05 12:17:33 -08:00
Linus Torvalds
925cbd7ed4 xen: fix for 4.15-rc7
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABAgAGBQJaTzbbAAoJELDendYovxMvKNEIAIOiWxWILvr1fiHsXfYhUA+C
 8DO9B1Kolp7lD068/nIcyyYeg3S0/OT5EBu7yKoV+ta6pbVKLTQ3Xc7hyJBJqq3q
 niF1M8A+8KeO6xjrPNWs4FeE52wSFkbB7Up4+QA3802WEXu7AIpxIaqwEWRYsGkG
 1L2gFZtVjXFrNROnwZplReygf97xyY1EUtLlE6shtO0M8jdWWX1vJxgHs2O+iv3u
 Lmc38vEwvG+wMum6h1zuxZbzRNWq0it3xkCY3PA4HSvJuDKL8gD7ytyOIJVG3WqB
 Le3LgA065juiatCm+KkmTkOpbETNAiFteOg3yCbera+OizkvBrYcNfgDi+zvJPk=
 =MXsy
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-4.15-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

Pull xen fix from Juergen Gross:
 "One minor fix adjusting the kmalloc flags in the new pvcalls driver
  added in rc1"

* tag 'for-linus-4.15-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  xen/pvcalls: use GFP_ATOMIC under spin lock
2018-01-05 12:15:12 -08:00
Linus Torvalds
64648a5fca Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fixes from Herbert Xu:
 "This fixes the following issues:

   - racy use of ctx->rcvused in af_alg

   - algif_aead crash in chacha20poly1305

   - freeing bogus pointer in pcrypt

   - build error on MIPS in mpi

   - memory leak in inside-secure

   - memory overwrite in inside-secure

   - NULL pointer dereference in inside-secure

   - state corruption in inside-secure

   - build error without CRYPTO_GF128MUL in chelsio

   - use after free in n2"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: inside-secure - do not use areq->result for partial results
  crypto: inside-secure - fix request allocations in invalidation path
  crypto: inside-secure - free requests even if their handling failed
  crypto: inside-secure - per request invalidation
  lib/mpi: Fix umul_ppmm() for MIPS64r6
  crypto: pcrypt - fix freeing pcrypt instances
  crypto: n2 - cure use after free
  crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t
  crypto: chacha20poly1305 - validate the digest size
  crypto: chelsio - select CRYPTO_GF128MUL
2018-01-05 12:10:06 -08:00
Linus Torvalds
d8887f1c72 Merge branch 'akpm' (patches from Andrew)
Merge misc fixes from Andrew Morton:
 "9 fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  mailmap: update Mark Yao's email address
  userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails
  mm/sparse.c: wrong allocation for mem_section
  mm/zsmalloc.c: include fs.h
  mm/debug.c: provide useful debugging information for VM_BUG
  kernel/exit.c: export abort() to modules
  mm/mprotect: add a cond_resched() inside change_pmd_range()
  kernel/acct.c: fix the acct->needcheck check in check_free_space()
  mm: check pfn_valid first in zero_resv_unavail
2018-01-05 11:26:09 -08:00
Al Viro
040ee69226 fix "netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'"
Descriptor table is a shared object; it's not a place where you can
stick temporary references to files, especially when we don't need
an opened file at all.

Cc: stable@vger.kernel.org # v4.14
Fixes: 98589a0998 ("netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'")
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2018-01-05 11:43:39 -05:00
Jim Mattson
0cb5b30698 kvm: vmx: Scrub hardware GPRs at VM-exit
Guest GPR values are live in the hardware GPRs at VM-exit.  Do not
leave any guest values in hardware GPRs after the guest GPR values are
saved to the vcpu_vmx structure.

This is a partial mitigation for CVE 2017-5715 and CVE 2017-5753.
Specifically, it defeats the Project Zero PoC for CVE 2017-5715.

Suggested-by: Eric Northup <digitaleric@google.com>
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Eric Northup <digitaleric@google.com>
Reviewed-by: Benjamin Serebrin <serebrin@google.com>
Reviewed-by: Andrew Honig <ahonig@google.com>
[Paolo: Add AMD bits, Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-01-05 16:48:40 +01:00
Thomas Gleixner
de791821c2 x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
Use the name associated with the particular attack which needs page table
isolation for mitigation.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: David Woodhouse <dwmw@amazon.co.uk>
Cc: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
Cc: Jiri Koshina <jikos@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Andi Lutomirski  <luto@amacapital.net>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Paul Turner <pjt@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Greg KH <gregkh@linux-foundation.org>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Kees Cook <keescook@google.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/alpine.DEB.2.20.1801051525300.1724@nanos
2018-01-05 15:34:43 +01:00
David Woodhouse
b9e705ef7c x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
Where an ALTERNATIVE is used in the middle of an inline asm block, this
would otherwise lead to the following instruction being appended directly
to the trailing ".popsection", and a failed compile.

Fixes: 9cebed423c ("x86, alternative: Use .pushsection/.popsection")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: gnomes@lxorguk.ukuu.org.uk
Cc: Rik van Riel <riel@redhat.com>
Cc: ak@linux.intel.com
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Paul Turner <pjt@google.com>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Kees Cook <keescook@google.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20180104143710.8961-8-dwmw@amazon.co.uk
2018-01-05 14:01:15 +01:00
Sinan Kaya
107b7d9fa9 mfd: rtsx: Release IRQ during shutdown
'Commit cc27b735ad ("PCI/portdrv: Turn off PCIe services during
shutdown")' revealed a resource leak in rtsx_pci driver during shutdown.

Issue shows up as a warning during shutdown as follows:

remove_proc_entry: removing non-empty directory 'irq/17', leaking at least
'rtsx_pci'
WARNING: CPU: 0 PID: 1578 at fs/proc/generic.c:572
remove_proc_entry+0x11d/0x130
Modules linked in <long list but none that are out-of-tree>
...
Call Trace:
unregister_irq_proc
free_desc
irq_free_descs
mp_unmap_irq
acpi_unregister_gsi_apic
acpi_pci_irq_disable
do_pci_disable_device
pci_disable_device
device_shutdown
kernel_restart
Sys_reboot

Even though rtsx_pci driver implements a shutdown callback, it is not
releasing the interrupt that it registered during probe. This is causing
the ACPI layer to complain that the shared IRQ is in use while freeing
IRQ.

This code releases the IRQ to prevent resource leak and eliminate the
warning.

Fixes: cc27b735ad ("PCI/portdrv: Turn off PCIe services during shutdown")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=198141
Reported-by: Chris Clayton <chris2553@googlemail.com>
Signed-off-by: Sinan Kaya <okaya@codeaurora.org>
Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
2018-01-05 11:14:57 +00:00
Linus Torvalds
5866bec2f4 drm fixes for i915, amd, armada, omapdrm
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJaTtVXAAoJEAx081l5xIa+UeAP/0Axg8a+dZCxx6Si9udJ9LdU
 wDX4A7dZcHhSGxxnenl9ytqUr1eSVn1RSdU6I5065rHxWj2s+ywXvnwaF9SMsBXo
 dnF1CoMMqY2/RG6EohnFSZfksMcsyBEE3eUO3JAuNmdevO+T/98+ygpwK/C2Japw
 hPofJ8TttE1NbDYL78xxRxAnPYLYoAKDAA0sLrmu9QbFRSF4EFA9lrxDsKgcx8Ok
 uW77MklGR6PLkC/wqBjHNrG/qwnrDsTqOIkMZgtJUSL69r8mcdhC1bXKvmeJoPuT
 lOb55jJlJQEE2xihMBwJ1WUS5oC32oAwPXBfqnuSdUSwyDoBOOOQ/bp3ZkWEJP72
 w/HNMKDSFgLJ4VCYu6ir3n2ok1Q86mc75o2MFAisw+5/WxWd3w9ZnnRZ6P6NgX1s
 PMy0dwvvtG8nWJboxw7+7wp3sAdEq3H7P9rrDd+eeR6CJVj+yztVOUZQ6BaMo12G
 i4nKyAuoX3dqGg/JqyG9JSsQB15+A+RROHu3kvYgQB6HMaFChhbUXJQWCfJuesq8
 2UbvdnZ7OZtkQSh8Hr6rd+rq9V5kOAFyi1sYrntGMHpLHnkxEEQaiXOj44u3tY87
 N1u857jSA9psTlVHxm45ncUvk3Dsj4G7CorToNRSd+H1ijajR7ntzrYQHBasfDXe
 n/kJvg8ueakKWUrVOKg8
 =oJeP
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-for-v4.15-rc7' of git://people.freedesktop.org/~airlied/linux

Pull drm fixes from Dave Airlie:
 "Just collecting some fixes to finish my hoildays :-).

  A few fixes for i915 (one documentation build fix), one ttm fix, one
  AMD display fix, one omapdrm fix, and a set of armada fixes from
  Russell.

  All seem pretty small, you can now return to your latest security news
  site"

* tag 'drm-fixes-for-v4.15-rc7' of git://people.freedesktop.org/~airlied/linux:
  drm/i915: Apply Display WA #1183 on skl, kbl, and cfl
  drm/ttm: check the return value of kzalloc
  drm/amd/display: call set csc_default if enable adjustment is false
  docs: fix, intel_guc_loader.c has been moved to intel_guc_fw.c
  omapdrm/dss/hdmi4_cec: fix interrupt handling
  documentation/gpu/i915: fix docs build error after file rename
  drm/i915: Put all non-blocking modesets onto an ordered wq
  drm/i915: Disable DC states around GMBUS on GLK
  drm/i915/psr: Fix register name mess up.
  drm/armada: fix YUV planar format framebuffer offsets
  drm/armada: improve efficiency of armada_drm_plane_calc_addrs()
  drm/armada: fix UV swap code
  drm/armada: fix SRAM powerdown
  drm/armada: fix leak of crtc structure
2018-01-04 18:02:55 -08:00
Jeffy Chen
9a0e712010 mailmap: update Mark Yao's email address
Change the previous employers email addresses to the current email
address.

Link: http://lkml.kernel.org/r/20171229121726.31589-1-jeffy.chen@rock-chips.com
Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
Acked-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-01-04 16:45:09 -08:00
Andrea Arcangeli
0cbb4b4f4c userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails
The previous fix in commit 384632e67e ("userfaultfd: non-cooperative:
fix fork use after free") corrected the refcounting in case of
UFFD_EVENT_FORK failure for the fork userfault paths.

That still didn't clear the vma->vm_userfaultfd_ctx of the vmas that
were set to point to the aborted new uffd ctx earlier in
dup_userfaultfd.

Link: http://lkml.kernel.org/r/20171223002505.593-2-aarcange@redhat.com
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Reviewed-by: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: Eric Biggers <ebiggers3@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-01-04 16:45:09 -08:00
Baoquan He
d09cfbbfa0 mm/sparse.c: wrong allocation for mem_section
In commit 83e3c48729 ("mm/sparsemem: Allocate mem_section at runtime
for CONFIG_SPARSEMEM_EXTREME=y") mem_section is allocated at runtime to
save memory.

It allocates the first dimension of array with sizeof(struct mem_section).

It costs extra memory, should be sizeof(struct mem_section *).

Fix it.

Link: http://lkml.kernel.org/r/1513932498-20350-1-git-send-email-bhe@redhat.com
Fixes: 83e3c48729 ("mm/sparsemem: Allocate mem_section at runtime for CONFIG_SPARSEMEM_EXTREME=y")
Signed-off-by: Baoquan He <bhe@redhat.com>
Tested-by: Dave Young <dyoung@redhat.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Atsushi Kumagai <ats-kumagai@wm.jp.nec.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-01-04 16:45:09 -08:00
Sergey Senozhatsky
cdc346b36e mm/zsmalloc.c: include fs.h
`struct file_system_type' and alloc_anon_inode() function are defined in
fs.h, include it directly.

Link: http://lkml.kernel.org/r/20171219104219.3017-1-sergey.senozhatsky@gmail.com
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Minchan Kim <minchan@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-01-04 16:45:09 -08:00
Matthew Wilcox
152a2d199e mm/debug.c: provide useful debugging information for VM_BUG
With the recent addition of hashed kernel pointers, places which need to
produce useful debug output have to specify %px, not %p.  This patch
fixes all the VM debug to use %px.  This is appropriate because it's
debug output that the user should never be able to trigger, and kernel
developers need to see the actual pointers.

Link: http://lkml.kernel.org/r/20171219133236.GE13680@bombadil.infradead.org
Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: "Tobin C. Harding" <me@tobin.cc>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-01-04 16:45:09 -08:00
Andrew Morton
dc8635b78c kernel/exit.c: export abort() to modules
gcc -fisolate-erroneous-paths-dereference can generate calls to abort()
from modular code too.

[arnd@arndb.de: drop duplicate exports of abort()]
  Link: http://lkml.kernel.org/r/20180102103311.706364-1-arnd@arndb.de
Reported-by: Vineet Gupta <Vineet.Gupta1@synopsys.com>
Cc: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Cc: Russell King <rmk+kernel@armlinux.org.uk>
Cc: Jose Abreu <Jose.Abreu@synopsys.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-01-04 16:45:09 -08:00
Anshuman Khandual
4991c09c7c mm/mprotect: add a cond_resched() inside change_pmd_range()
While testing on a large CPU system, detected the following RCU stall
many times over the span of the workload.  This problem is solved by
adding a cond_resched() in the change_pmd_range() function.

  INFO: rcu_sched detected stalls on CPUs/tasks:
   154-....: (670 ticks this GP) idle=022/140000000000000/0 softirq=2825/2825 fqs=612
   (detected by 955, t=6002 jiffies, g=4486, c=4485, q=90864)
  Sending NMI from CPU 955 to CPUs 154:
  NMI backtrace for cpu 154
  CPU: 154 PID: 147071 Comm: workload Not tainted 4.15.0-rc3+ #3
  NIP:  c0000000000b3f64 LR: c0000000000b33d4 CTR: 000000000000aa18
  REGS: 00000000a4b0fb44 TRAP: 0501   Not tainted  (4.15.0-rc3+)
  MSR:  8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 22422082  XER: 00000000
  CFAR: 00000000006cf8f0 SOFTE: 1
  GPR00: 0010000000000000 c00003ef9b1cb8c0 c0000000010cc600 0000000000000000
  GPR04: 8e0000018c32b200 40017b3858fd6e00 8e0000018c32b208 40017b3858fd6e00
  GPR08: 8e0000018c32b210 40017b3858fd6e00 8e0000018c32b218 40017b3858fd6e00
  GPR12: ffffffffffffffff c00000000fb25100
  NIP [c0000000000b3f64] plpar_hcall9+0x44/0x7c
  LR [c0000000000b33d4] pSeries_lpar_flush_hash_range+0x384/0x420
  Call Trace:
    flush_hash_range+0x48/0x100
    __flush_tlb_pending+0x44/0xd0
    hpte_need_flush+0x408/0x470
    change_protection_range+0xaac/0xf10
    change_prot_numa+0x30/0xb0
    task_numa_work+0x2d0/0x3e0
    task_work_run+0x130/0x190
    do_notify_resume+0x118/0x120
    ret_from_except_lite+0x70/0x74
  Instruction dump:
  60000000 f8810028 7ca42b78 7cc53378 7ce63b78 7d074378 7d284b78 7d495378
  e9410060 e9610068 e9810070 44000022 <7d806378> e9810028 f88c0000 f8ac0008

Link: http://lkml.kernel.org/r/20171214140551.5794-1-khandual@linux.vnet.ibm.com
Signed-off-by: Anshuman Khandual <khandual@linux.vnet.ibm.com>
Suggested-by: Nicholas Piggin <npiggin@gmail.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-01-04 16:45:09 -08:00
Oleg Nesterov
4d9570158b kernel/acct.c: fix the acct->needcheck check in check_free_space()
As Tsukada explains, the time_is_before_jiffies(acct->needcheck) check
is very wrong, we need time_is_after_jiffies() to make sys_acct() work.

Ignoring the overflows, the code should "goto out" if needcheck >
jiffies, while currently it checks "needcheck < jiffies" and thus in the
likely case check_free_space() does nothing until jiffies overflow.

In particular this means that sys_acct() is simply broken, acct_on()
sets acct->needcheck = jiffies and expects that check_free_space()
should set acct->active = 1 after the free-space check, but this won't
happen if jiffies increments in between.

This was broken by commit 32dc730860 ("get rid of timer in
kern/acct.c") in 2011, then another (correct) commit 795a2f22a8
("acct() should honour the limits from the very beginning") made the
problem more visible.

Link: http://lkml.kernel.org/r/20171213133940.GA6554@redhat.com
Fixes: 32dc730860 ("get rid of timer in kern/acct.c")
Reported-by: TSUKADA Koutaro <tsukada@ascade.co.jp>
Suggested-by: TSUKADA Koutaro <tsukada@ascade.co.jp>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-01-04 16:45:09 -08:00
Dave Young
e8c24773d6 mm: check pfn_valid first in zero_resv_unavail
With latest kernel I get below bug while testing kdump:

  BUG: unable to handle kernel paging request at ffffea00034b1040
  IP: zero_resv_unavail+0xbd/0x126
  PGD 37b98067 P4D 37b98067 PUD 37b97067 PMD 0
  Oops: 0002 [#1] SMP
  Modules linked in:
  CPU: 0 PID: 0 Comm: swapper Not tainted 4.15.0-rc1+ #316
  Hardware name: LENOVO 20ARS1BJ02/20ARS1BJ02, BIOS GJET92WW (2.42 ) 03/03/2017
  task: ffffffff81a0e4c0 task.stack: ffffffff81a00000
  RIP: 0010:zero_resv_unavail+0xbd/0x126
  RSP: 0000:ffffffff81a03d88 EFLAGS: 00010006
  RAX: 0000000000000000 RBX: ffffea00034b1040 RCX: 0000000000000010
  RDX: 0000000000000000 RSI: 0000000000000092 RDI: ffffea00034b1040
  RBP: 00000000000d2c41 R08: 00000000000000c0 R09: 0000000000000a0d
  R10: 0000000000000002 R11: 0000000000007f01 R12: ffffffff81a03d90
  R13: ffffea0000000000 R14: 0000000000000063 R15: 0000000000000062
  FS:  0000000000000000(0000) GS:ffffffff81c73000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: ffffea00034b1040 CR3: 0000000037609000 CR4: 00000000000606b0
  Call Trace:
   ? free_area_init_nodes+0x640/0x664
   ? zone_sizes_init+0x58/0x72
   ? setup_arch+0xb50/0xc6c
   ? start_kernel+0x64/0x43d
   ? secondary_startup_64+0xa5/0xb0
  Code: c1 e8 0c 48 39 d8 76 27 48 89 de 48 c1 e3 06 48 c7 c7 7a 87 79 81 e8 b0 c0 3e ff 4c 01 eb b9 10 00 00 00 31 c0 48 89 df 49 ff c6 <f3> ab eb bc 6a 00 49 c7 c0 f0 93 d1 81 31 d2 83 ce ff 41 54 49
  RIP: zero_resv_unavail+0xbd/0x126 RSP: ffffffff81a03d88
  CR2: ffffea00034b1040
  ---[ end trace f5ba9e8f73c7ee26 ]---

This is introduced by commit a4a3ede213 ("mm: zero reserved and
unavailable struct pages").

The reason is some efi reserved boot ranges is not reported in E820 ram.
In my case it is a bgrt buffer:

  efi: mem00: [Boot Data          |RUN|  |  |  |  |  |  |   |WB|WT|WC|UC] range=[0x00000000d2c41000-0x00000000d2c85fff] (0MB)

Use "add_efi_memmap" can workaround the problem with another fix:

  http://lkml.kernel.org/r/20171130052327.GA3500@dhcp-128-65.nay.redhat.com

In zero_resv_unavail it would be better to check pfn_valid first before
zero the page struct.  This fixes the problem and potential other
similar problems.  Also as Pavel Tatashin suggested checks pfn_valid at
the beginning of the section.

The range is backed by real memory.  The memory range is efi "Boot
Service Data", that means after ExitBootServices() these ranges can be
used as system ram.  But some of them need to be reserved, for example
the bgrt image address in an acpi table, if the image memory is freed
then kexec reboot will fail because kexec inherit same acpi table to
initialize the driver.

Link: http://lkml.kernel.org/r/20171201095048.GA3084@dhcp-128-65.nay.redhat.com
Fixes: a4a3ede213 ("mm: zero reserved and unavailable struct pages")
Signed-off-by: Dave Young <dyoung@redhat.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Pavel Tatashin <pasha.tatashin@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-01-04 16:45:09 -08:00
Thomas Gleixner
1e5476815f x86/tlb: Drop the _GPL from the cpu_tlbstate export
The recent changes for PTI touch cpu_tlbstate from various tlb_flush
inlines. cpu_tlbstate is exported as GPL symbol, so this causes a
regression when building out of tree drivers for certain graphics cards.

Aside of that the export was wrong since it was introduced as it should
have been EXPORT_PER_CPU_SYMBOL_GPL().

Use the correct PER_CPU export and drop the _GPL to restore the previous
state which allows users to utilize the cards they payed for.

As always I'm really thrilled to make this kind of change to support the
#friends (or however the hot hashtag of today is spelled) from that closet
sauce graphics corp.

Fixes: 1e02ce4ccc ("x86: Store a per-cpu shadow copy of CR4")
Fixes: 6fd166aae7 ("x86/mm: Use/Fix PCID to optimize user/kernel switches")
Reported-by: Kees Cook <keescook@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: stable@vger.kernel.org
2018-01-05 00:39:58 +01:00
Peter Zijlstra
42f3bdc5dd x86/events/intel/ds: Use the proper cache flush method for mapping ds buffers
Thomas reported the following warning:

 BUG: using smp_processor_id() in preemptible [00000000] code: ovsdb-server/4498
 caller is native_flush_tlb_single+0x57/0xc0
 native_flush_tlb_single+0x57/0xc0
 __set_pte_vaddr+0x2d/0x40
 set_pte_vaddr+0x2f/0x40
 cea_set_pte+0x30/0x40
 ds_update_cea.constprop.4+0x4d/0x70
 reserve_ds_buffers+0x159/0x410
 x86_reserve_hardware+0x150/0x160
 x86_pmu_event_init+0x3e/0x1f0
 perf_try_init_event+0x69/0x80
 perf_event_alloc+0x652/0x740
 SyS_perf_event_open+0x3f6/0xd60
 do_syscall_64+0x5c/0x190

set_pte_vaddr is used to map the ds buffers into the cpu entry area, but
there are two problems with that:

 1) The resulting flush is not supposed to be called in preemptible context

 2) The cpu entry area is supposed to be per CPU, but the debug store
    buffers are mapped for all CPUs so these mappings need to be flushed
    globally.

Add the necessary preemption protection across the mapping code and flush
TLBs globally.

Fixes: c1961a4631 ("x86/events/intel/ds: Map debug buffers in cpu_entry_area")
Reported-by: Thomas Zeitlhofer <thomas.zeitlhofer+lkml@ze-it.at>
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Thomas Zeitlhofer <thomas.zeitlhofer+lkml@ze-it.at>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20180104170712.GB3040@hirez.programming.kicks-ass.net
2018-01-05 00:39:58 +01:00
Thomas Gleixner
1dddd25125 x86/kaslr: Fix the vaddr_end mess
vaddr_end for KASLR is only documented in the KASLR code itself and is
adjusted depending on config options. So it's not surprising that a change
of the memory layout causes KASLR to have the wrong vaddr_end. This can map
arbitrary stuff into other areas causing hard to understand problems.

Remove the whole ifdef magic and define the start of the cpu_entry_area to
be the end of the KASLR vaddr range.

Add documentation to that effect.

Fixes: 92a0f81d89 ("x86/cpu_entry_area: Move it out of the fixmap")
Reported-by: Benjamin Gilbert <benjamin.gilbert@coreos.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Benjamin Gilbert <benjamin.gilbert@coreos.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable <stable@vger.kernel.org>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Garnier <thgarnie@google.com>,
Cc: Alexander Kuleshov <kuleshovmail@gmail.com>
Link: https://lkml.kernel.org/r/alpine.DEB.2.20.1801041320360.1771@nanos
2018-01-05 00:39:57 +01:00
Dave Airlie
bc6fe53327 drm/i915 fixes for v4.15-rc7
- couple of documentation build fixes
 - serialize non-blocking modesets
 - prevent DMC from messing up GMBUS transfers
 - PSR regression fix
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEFWWmW3ewYy4RJOWc05gHnSar7m8FAlpOUrQACgkQ05gHnSar
 7m97TA/+P0/map4KzFzAPhktQDEMcl6A7AyySGJSkHjfGYJRk/okNBdNoc2qSuCS
 Yt6uemo5xFt9zDh5POtq2xS5jWJnfyV0M8rbDkwdxolLwZcTGkx40+zFNjdenB8V
 4JHpgS2DBcKBQO9//Rk+0sxHCp1Dg+lNV7fEAgLydJikZCqcoK1ko8F2ToZ+MFw4
 01xGH5Ue3U7NqJXr0LbuJTWuiu7ZcL3WjOWQqwRa3d3jSRmyNm+HF6qO14wsel15
 J82Q8xMt5SakPQ6SokLYKxA9S4Bob4ujtReFl2bB2BdYgEqhUhJIBDscYrzpL+Nm
 xRRkl9+k2wqo7isgLuHONBF3d3Fc+O/uZ6lsQ6MnpNJ1fBBbqM+gVGmVWASgpR1M
 x+u+VbB0sBne1/0C+nzMiMgyV7RdKQ98kv8JVuNRHjiqyLPiTcGgIdY1MhgQtcIe
 hK6SgTgp4XOpaSlcdVtjoxMJ3dH4iSYAYR9MTttD0HtEt4h23j1n/pjMFgCqhvaS
 1V1zGcUy5Bmxy9C7lulCNSSJU8nUQTeaxsoR5Hun4RvS7ms6lo6yuWHEUH27XaNx
 GvxCZfnp+unOkYLN2paoc4P2hT2TjhzJed9ZZUFaERT2h6XsJOvg7REkVOeV9dQL
 rkomGG4evVfcMo2apNAOSOIi8DhZR3oxZG9Ken0WS4tqkO7Oat0=
 =ZIko
 -----END PGP SIGNATURE-----

Merge tag 'drm-intel-fixes-2018-01-04' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes

drm/i915 fixes for v4.15-rc7
- couple of documentation build fixes
- serialize non-blocking modesets
- prevent DMC from messing up GMBUS transfers
- PSR regression fix

* tag 'drm-intel-fixes-2018-01-04' of git://anongit.freedesktop.org/drm/drm-intel:
  drm/i915: Apply Display WA #1183 on skl, kbl, and cfl
  docs: fix, intel_guc_loader.c has been moved to intel_guc_fw.c
  documentation/gpu/i915: fix docs build error after file rename
  drm/i915: Put all non-blocking modesets onto an ordered wq
  drm/i915: Disable DC states around GMBUS on GLK
  drm/i915/psr: Fix register name mess up.
2018-01-05 09:25:01 +10:00