These were reported when running Jailhouse on AMD processors.
Initialize ctxt->exception.vector with an invalid exception number,
and warn if it remained invalid even though the emulator got
an X86EMUL_PROPAGATE_FAULT return code.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Always get it through emulate_exception or emulate_ts. This
ensures that the ctxt->exception fields have been populated.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
kvm_pmu_cpuid_update makes a lot of bit manuiplation operations, when in fact
there are already unions that can be used instead. Changing the bit
manipulation to the union for clarity. This patch does not change the
functionality.
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
EPT misconfig handler in kvm will check which reason lead to EPT
misconfiguration after vmexit. One of the reasons is that an EPT
paging-structure entry is configured with settings reserved for
future functionality. However, the handler can't identify if
paging-structure entry of reserved bits for 1-GByte page are
configured, since PDPTE which point to 1-GByte page will reserve
bits 29:12 instead of bits 7:3 which are reserved for PDPTE that
references an EPT Page Directory. This patch fix it by reserve
bits 29:12 for 1-GByte page.
Signed-off-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Currently, recalculate_apic_map ignores vcpus whose lapic is software disabled
through the spurious interrupt vector. However, once it is re-enabled, the map
is not recalculated. Therefore, if the guest OS configured DFR while lapic is
software-disabled, the map may be incorrect. This patch recalculates apic map
after software enabling the lapic.
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Intel SDM 10.5.4.1 says "When the timer generates an interrupt, it disarms
itself and clears the IA32_TSC_DEADLINE MSR".
This patch clears the MSR upon timer interrupt delivery which delivered on
deadline mode. Since the MSR may be reconfigured while an interrupt is
pending, causing the new value to be overriden, pending timer interrupts are
checked before setting a new deadline.
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Section 11.11.2.3 of the SDM mentions "All other bits in the IA32_MTRR_PHYSBASEn
and IA32_MTRR_PHYSMASKn registers are reserved; the processor generates a
general-protection exception(#GP) if software attempts to write to them". This
patch do it in kvm.
Signed-off-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The first entry in each pair(IA32_MTRR_PHYSBASEn) defines the base
address and memory type for the range; the second entry(IA32_MTRR_PHYSMASKn)
contains a mask used to determine the address range. The legal values
for the type field of IA32_MTRR_PHYSBASEn are 0,1,4,5, and 6. However,
IA32_MTRR_PHYSMASKn don't have type field. This patch avoid check if
the type field is legal for IA32_MTRR_PHYSMASKn.
Signed-off-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Here rcu_assign_pointer() is ensuring that the
initialization of a structure is carried out before storing a pointer
to that structure.
So, rcu_assign_pointer(p, NULL) can always safely be converted to
RCU_INIT_POINTER(p, NULL).
Signed-off-by: Monam Agarwal <monamagarwal123@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The only user of the fpu_activate hook was dropped in commit
2d04a05bd7 (KVM: x86 emulator: emulate CLTS internally, 2011-04-20).
vmx_fpu_activate and svm_fpu_activate are still called on #NM (and for
Intel CLTS), but never from common code; hence, there's no need for
a hook.
Reviewed-by: Yang Zhang <yang.z.zhang@intel.com>
Signed-off-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Current KVM only supports RDMSR for K7_EVNTSEL0 and K7_PERFCTR0
MSRs. Reading the rest MSRs will trigger KVM to inject #GP into
guest VM. This causes a warning message "Failed to access perfctr
msr (MSR c0010001 is ffffffffffffffff)" on AMD host. This patch
adds RDMSR support for all K7_EVNTSELn and K7_PERFCTRn registers
and thus supresses the warning message.
Signed-off-by: Wei Huang <wehuang@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
As a generic function, deassign_guest_irq() assumes it can be called
even if assign_guest_irq() is not be called successfully (which can be
triggered by ioctl from user mode, indirectly).
So for assign_guest_irq() failure process, need set 'dev->irq_source_id'
to -1 after free 'dev->irq_source_id', or deassign_guest_irq() may free
it again.
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This reverts commit 682367c494,
which causes 32-bit SMP Windows 7 guests to panic.
SeaBIOS has a limit on the number of MTRRs that it can handle,
and this patch exceeded the limit. Better revert it.
Thanks to Nadav Amit for debugging the cause.
Cc: stable@nongnu.org
Reported-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This reverts the check added by commit 5045b46803 (KVM: x86: check CS.DPL
against RPL during task switch, 2014-05-15). Although the CS.DPL=CS.RPL
check is mentioned in table 7-1 of the SDM as causing a #TSS exception,
it is not mentioned in table 6-6 that lists "invalid TSS conditions"
which cause #TSS exceptions. In fact it causes some tests to fail, which
pass on bare-metal.
Keep the rest of the commit, since we will find new uses for it in 3.18.
Reported-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit d40a6898e5 mistakenly caused instructions which are not marked as
EmulateOnUD to be emulated upon #UD exception. The commit caused the check of
whether the instruction flags include EmulateOnUD to never be evaluated. As a
result instructions whose emulation is broken may be emulated. This fix moves
the evaluation of EmulateOnUD so it would be evaluated.
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
[Tweak operand order in &&, remove EmulateOnUD where it's now superfluous.
- Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
fc95ca7284 claims that there is no
functional change but this is not true as it calls get_order() (which
takes bytes) where it should have called order_base_2() and the kernel
stops on VM_BUG_ON().
This replaces get_order() with order_base_2() (round-up version of ilog2).
Suggested-by: Paul Mackerras <paulus@samba.org>
Cc: Alexander Graf <agraf@suse.de>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The third parameter of kvm_iommu_put_pages is wrong,
It should be 'gfn - slot->base_gfn'.
By making gfn very large, malicious guest or userspace can cause kvm to
go to this error path, and subsequently to pass a huge value as size.
Alternatively if gfn is small, then pages would be pinned but never
unpinned, causing host memory leak and local DOS.
Passing a reasonable but large value could be the most dangerous case,
because it would unpin a page that should have stayed pinned, and thus
allow the device to DMA into arbitrary memory. However, this cannot
happen because of the condition that can trigger the error:
- out of memory (where you can't allocate even a single page)
should not be possible for the attacker to trigger
- when exceeding the iommu's address space, guest pages after gfn
will also exceed the iommu's address space, and inside
kvm_iommu_put_pages() the iommu_iova_to_phys() will fail. The
page thus would not be unpinned at all.
Reported-by: Jack Morgenstein <jackm@mellanox.com>
Cc: stable@vger.kernel.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Pull x86 platform driver updates from Matthew Garrett:
"A moderate number of changes, but nothing awfully significant.
A lot of const cleanups, some reworking and additions to the rfkill
quirks in the asus driver, a new driver for generating falling laptop
events on Toshibas and some misc fixes.
Maybe vendors have stopped inventing things"
* 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86: (41 commits)
platform/x86: Enable build support for toshiba_haps
Documentation: Add file about toshiba_haps module
platform/x86: Toshiba HDD Active Protection Sensor
asus-nb-wmi: Add wapf4 quirk for the U32U
alienware-wmi: make hdmi_mux enabled on case-by-case basis
ideapad-laptop: Constify DMI table and other r/o variables
asus-nb-wmi.c: Rename x401u quirk to wapf4
compal-laptop: correct invalid hwmon name
toshiba_acpi: Add Qosmio X75-A to the alt keymap dmi list
toshiba_acpi: Add extra check to backlight code
Fix log message about future removal of interface
ideapad-laptop: Disable touchpad interface on Yoga models
asus-nb-wmi: Add wapf4 quirk for the X550CC
intel_ips: Make ips_mcp_limits variables static
thinkpad_acpi: Mark volume_alsa_control_{vol,mute} as __initdata
fujitsu-laptop: Mark fujitsu_dmi_table[] DMI table as __initconst
hp-wmi: Add missing __init annotations to initialization code
hp_accel: Constify ACPI and DMI tables
fujitsu-tablet: Mark DMI callbacks as __init code
dell-laptop: Mark dell_quirks[] DMI table as __initconst
...
Pull idle update from Len Brown:
"Two Intel-platform-specific updates to intel_idle, and a cosmetic
tweak to the turbostat utility"
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux:
tools/power turbostat: tweak whitespace in output format
intel_idle: Broadwell support
intel_idle: Disable Baytrail Core and Module C6 auto-demotion
value (we don't fail unknown module params any more, just warn).
Cheers,
Rusty.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJT7lz6AAoJENkgDmzRrbjxUEwP/R6k0l8MJYw4QTRY4vpsE0cT
awtJOhefNDV+WI3PcyJFEyLWbyIKHRyBF0O04E+k60jibNkIi5kV9Q9hcWPzouaf
skcuWDsGidEHGBpxYMFh8wSCnhiSUhvphnCjlib63QfD2hkcNTa2CU7NM1bst0DI
kMzYswmgKhcUd+MmGc533XvYkJceLS8BkiRtepxYh/t6f26iUA4dWwtq2zejPO9t
bSPqZEtaTZC1KXCvQVo6+5ISbIJg6T5j2vR8VwQoalDhMku0Dt+ijU2Yz526r/fu
0lGxKLgFmXxsj3aZPsuEH75l6r0695S3im5xUyJzY+g0WJOsn85PEnQ7uDQt5KaB
g+5pOF9c5A5VvnLGEOa8olX2CujlkTHTyr2JDys6oBfi6GwmpBS0zbqWjqNo7qQy
CmMgKS+XlP71siTntbVFvkhubfAH/d29mgbISFh4LdqLG++Aq/eV7U3BRiS/dpm1
oh/jqyULaGlNRmt2F0uZa3yC7WH3YQybfkDFiNpMJAOzfws2guo8iH5VF4Xh/1Ta
3jnMkDUMD9K/KdndwOOmu82ZvBwm0VB0U0tAVXiG/f68q3NPcKzyWAlMCT4QCVxH
DD3SmemLJmcC2iIyBrLo9ZzlMp3Xe0H46hGPzkwt8GxYXtyn3PJGUANvSEniiOkJ
SrV86paM7sNbYfBGk30q
=zr2L
-----END PGP SIGNATURE-----
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux
Pull module fix from Rusty Russell:
"Nasty potential bug if someone uses a known module param with an
invalid value (we don't fail unknown module params any more, just
warn)"
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux:
module: Clean up ro/nx after early module load failures
Pull virtio-rng update from Amit Shah:
"Add derating factor for use by hwrng core
Sending directly to you with the commit log changes Ted Ts'o pointed
out. Not sure if Rusty's back after his travel, but this already has
his s-o-b"
* 'rng-queue' of git://git.kernel.org/pub/scm/linux/kernel/git/amit/virtio:
virtio: rng: add derating factor for use by hwrng core
Pull btrfs updates from Chris Mason:
"These are all fixes I'd like to get out to a broader audience.
The biggest of the bunch is Mark's quota fix, which is also in the
SUSE kernel, and makes our subvolume quotas dramatically more
accurate.
I've been running xfstests with these against your current git
overnight, but I'm queueing up longer tests as well"
* 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
btrfs: disable strict file flushes for renames and truncates
Btrfs: fix csum tree corruption, duplicate and outdated checksums
Btrfs: Fix memory corruption by ulist_add_merge() on 32bit arch
Btrfs: fix compressed write corruption on enospc
btrfs: correctly handle return from ulist_add
btrfs: qgroup: account shared subtrees during snapshot delete
Btrfs: read lock extent buffer while walking backrefs
Btrfs: __btrfs_mod_ref should always use no_quota
btrfs: adjust statfs calculations according to raid profiles
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJT7ey6AAoJEAAOaEEZVoIVgdkQAJfToVhgddVMOweeGo4wqPqM
lmS35dYVEy+gPfYhCU2Zytgk9yLlmNJeDT7Y+XGe4l15Ax/PDNuWLiRnUKRy1FrU
l7cbKRAn1L6TqBO2ang5t68Bw7ojUpRoKWKnDyjVAj80mZYRZPWvQOurLeTtra2o
XLnHbK54F36s07OXwSTZgbh/ffVQ1RMUBU8fy+0Ws3mTAbzO1KuB5Ws4pdt2ysjI
14pBHO553X0VXAJxGkH66xxblt1o+Q9aBZp7RL0VNtR4bGU4FMvXy+0D5G6h8AGt
rhl2PWTNKGg8HFgUK+7nCheH4j/0maXo541D3q+sJhbknRhD3n3x7IBvjkm9tdjB
OgTkAp1mwL21mJP21MOrAil8uwGoSr7qTCngZY6nNWH4L3EkVl27+LlGDtkgBp/n
BJyhcPbFSh+K4TTD3dg2rEx7wF/npQ6yPOljjvWXKJEm5lx3ZPkK1l1xS3QnVTMe
pLq+wTZ9v1cU7+9JFWICQwclv4unjIgqxLo7/op5P5KvTWOHFW4cjdwCBPVE1g3a
WC2c5jdB0Up6Z59aXAN3p5dk8MCy6NA41lkMfJN4AUAIzb6NvNeDBhrcFaHwXowm
jgCtEPqFN/HqsEwJmhJ7fcIEKYrOCuzeaR5tGuwJ11re/oULGXTgMkrFwgm/YWwu
esRBAc53/hZg6oo3ipUH
=09BX
-----END PGP SIGNATURE-----
Merge tag 'locks-v3.17-2' of git://git.samba.org/jlayton/linux
Pull file locking bugfixes from Jeff Layton:
"Most of these patches are to fix a long-standing regression that crept
in when the BKL was removed from the file-locking code. The code was
converted to use a conventional spinlock, but some fl_release_private
ops can block and you can end up sleeping inside the lock.
There's also a patch to make /proc/locks show delegations as 'DELEG'"
* tag 'locks-v3.17-2' of git://git.samba.org/jlayton/linux:
locks: update Locking documentation to clarify fl_release_private behavior
locks: move locks_free_lock calls in do_fcntl_add_lease outside spinlock
locks: defer freeing locks in locks_delete_lock until after i_lock has been dropped
locks: don't reuse file_lock in __posix_lock_file
locks: don't call locks_release_private from locks_copy_lock
locks: show delegations as "DELEG" in /proc/locks
Pull aio updates from Ben LaHaise.
* git://git.kvack.org/~bcrl/aio-next:
aio: use iovec array rather than the single one
aio: fix some comments
aio: use the macro rather than the inline magic number
aio: remove the needless registration of ring file's private_data
aio: remove no longer needed preempt_disable()
aio: kill the misleading rcu read locks in ioctx_add_table() and kill_ioctx()
aio: change exit_aio() to load mm->ioctx_table once and avoid rcu_read_lock()
Makefile and Kconfig build support patch for the newly introduced
kernel module toshiba_haps.
Signed-off-by: Azael Avalos <coproscefalo@gmail.com>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
This patch provides information about the Toshiba HDD
Active Protection Sensor driver module toshiba_haps.
Signed-off-by: Azael Avalos <coproscefalo@gmail.com>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
This driver adds support for the built-in accelereometer found
on recent Toshiba laptops with HID TOS620A.
This driver receives ACPI notify events 0x80 when the sensor
detects a sudden move or a harsh vibration, as well as an
ACPI notify event 0x81 whenever the movement or vibration has
been stabilized.
Also provides sysfs entries to get/set the desired protection
level and reseting the HDD protection interface.
Signed-off-by: Azael Avalos <coproscefalo@gmail.com>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Not all HW supporting WMAX method will support the HDMI mux feature.
Explicitly quirk the HW that does support it.
Signed-off-by: Mario Limonciello <mario_limonciello@dell.com>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Constify the rfkill_blacklist[] DMI table, the ideapad_rfk_data[] table
and the ideapad_attribute_group attribute group. There's no need to have
them writeable during runtime.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Ike Panhc <ike.pan@canonical.com>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
The actual x401u does not use the so named x401u quirk but the x55u quirk.
All that the x401u quirk does it setting wapf to 4, so rename it to wapf4 to
stop the confusion.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Change the name of the hwmon interface from "compal-laptop" to "compal".
A dash is an invalid character for a hwmon name and caused the call to
hwmon_device_register_with_groups() to fail.
Signed-off-by: Roald Frederickx <roald.frederickx@gmail.com>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
The Toshiba Qosmio X75-A series models also come with
the new keymap layout.
This patch adds this model to the alt_keymap_dmi list,
along with an extra key found on these models.
Signed-off-by: Azael Avalos <coproscefalo@gmail.com>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Some Toshiba models (most notably Qosmios) come with an
incomplete backlight method where the AML code doesn't
check for write or read commands and always returns
HCI_SUCCESS and the actual brightness (and in some
cases the max brightness), thus allowing the backlight
interface to be registered without write support.
This patch changes the set_lcd_brightness function,
checking the returned values for values greater than
zero to avoid registering a broken backlight interface.
Signed-off-by: Azael Avalos <coproscefalo@gmail.com>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
If this is going away, it won't be in 2012.
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Yoga models don't offer touchpad ctrl through the ideapad interface, causing
ideapad_sync_touchpad_state to send wrong touchpad enable/disable events.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
These variables don't need to be visible outside of this compilation
unit, make them static.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Mark volume_alsa_control_vol and volume_alsa_control_mute as __initdata,
as snd_ctl_new1() will copy the relevant parts, so there is no need to
keep the master copies around after initialization.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Henrique de Moraes Holschuh <ibm-acpi@hmh.eng.br>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
The DMI table is only ever used during initialization. Mark it as
__initconst so its memory can be released afterwards -- roughly 1.5 kB.
In turn, the callback functions can be marked with __init, too.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Jonathan Woithe <jwoithe@just42.net>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
These functions are only called from other initialization routines, so
can be marked __init, too.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Constify the lis3lv02d_device_ids[] ACPI and the lis3lv02d_dmi_ids[] DMI
tables. There's no need to have them writeable during runtime.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Eric Piel <eric.piel@tremplin-utc.net>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
The DMI table is already marked as __initconst, so can be the callback
functions as they're only used in that context.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Robert Gerlach <khnz@gmx.de>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
The dell_quirks[] DMI table is only ever used during initialization.
Mark it as __initconst so its memory can be released afterwards --
roughly 5.7 kB. In turn, the callback function can be marked with
__init, too.
Also the touchpad_led_init() function can be marked __init as it's only
referenced from dell_init() -- an __init function.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Constify the asus_quirks[] DMI table. There's no need to have it
writeable during runtime.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Corentin Chary <corentin.chary@gmail.com>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Quite a lot of code and data of acer-wmi.c is only ever used during
initialization. Mark those accordingly -- and constify, where
appropriate -- so the memory can be released afterwards.
All in all those changes move ~10 kB of code and data to the .init
sections, marking them for release after initialization has finished.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: "Lee, Chun-Yi" <jlee@suse.com>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Constify the asus_quirks[] DMI table. There's no need to have it
writeable during runtime.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Corentin Chary <corentin.chary@gmail.com>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
The DMI table is only ever used during initialization. Mark it as
__initconst so its memory can be released appropriately. In turn, the
callback function can be marked with __init, too.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
