Commit Graph

633553 Commits

Author SHA1 Message Date
Wanpeng Li
7d7f7da2f1 KVM: LAPIC: extract start_sw_period() to handle periodic/oneshot mode
Extract start_sw_period() to handle periodic/oneshot mode, it will be
used by later patch.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Yunhong Jiang <yunhong.jiang@intel.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-11-02 21:32:17 +01:00
Suraj Jitindar Singh
ce35ef27d4 kvm/stats: Update kvm stats to clear on write to their debugfs entry
Various kvm vm and vcpu stats are provided via debugfs entries.
Currently there is no way to reset these stats back to zero.

Add the ability to clear (reset back to zero) these stats on a per stat
basis by writing to the debugfs files. Only a write value of 0 is accepted.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-11-02 21:32:17 +01:00
Longpeng(Mike)
868a32f327 kvm: x86: remove the misleading comment in vmx_handle_external_intr
Since Paolo has removed irq-enable-operation in vmx_handle_external_intr
(KVM: x86: use guest_exit_irqoff), the original comment about the IF bit
in rflags is incorrect and stale now, so remove it.

Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-11-02 21:32:17 +01:00
Xiaoguang Chen
b5f5fdca65 KVM: x86: add track_flush_slot page track notifier
When a memory slot is being moved or removed users of page track
can be notified. So users can drop write-protection for the pages
in that memory slot.

This notifier type is needed by KVMGT to sync up its shadow page
table when memory slot is being moved or removed.

Register the notifier type track_flush_slot to receive memslot move
and remove event.

Reviewed-by: Xiao Guangrong <guangrong.xiao@intel.com>
Signed-off-by: Chen Xiaoguang <xiaoguang.chen@intel.com>
[Squashed commits to avoid bisection breakage and reworded the subject.]
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-11-02 21:32:17 +01:00
Radim Krčmář
2361133293 KVM: VMX: refactor setup of global page-sized bitmaps
We've had 10 page-sized bitmaps that were being allocated and freed one
by one when we could just use a cycle.

Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-11-02 21:32:17 +01:00
Radim Krčmář
2e69f86561 KVM: VMX: join functions that disable x2apic msr intercepts
vmx_disable_intercept_msr_read_x2apic() and
vmx_disable_intercept_msr_write_x2apic() differed only in the type.
Pass the type to a new function.

[Ordered and commented TPR intercept according to Paolo's suggestion.]
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-11-02 21:32:17 +01:00
Radim Krčmář
40d8338d09 KVM: VMX: remove functions that enable msr intercepts
All intercepts are enabled at the beginning, so they can only be used if
we disabled an intercept that we wanted to have enabled.
This was done for TMCCT to simplify a loop that disables all x2APIC MSR
intercepts, but just keeping TMCCT enabled yields better results.

Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-11-02 21:32:17 +01:00
Jim Mattson
83bafef1a1 kvm: nVMX: Update MSR load counts on a VMCS switch
When L0 establishes (or removes) an MSR entry in the VM-entry or VM-exit
MSR load lists, the change should affect the dormant VMCS as well as the
current VMCS. Moreover, the vmcs02 MSR-load addresses should be
initialized.

Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-11-02 21:32:17 +01:00
Jim Mattson
cf3215d939 kvm: nVMX: Fetch VM_INSTRUCTION_ERROR from vmcs02 on vmx->fail
When forwarding a hardware VM-entry failure to L1, fetch the
VM_INSTRUCTION_ERROR field from vmcs02 before loading vmcs01.

(Note that there is an implicit assumption that the VM-entry failure was
on the first VM-entry to vmcs02 after nested_vmx_run; otherwise, L1 is
going to be very confused.)

Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Peter Feiner <pfeiner@google.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-11-02 21:32:17 +01:00
Peter Feiner
66d73e12f2 KVM: X86: MMU: no mmu_notifier_seq++ in kvm_age_hva
The MMU notifier sequence number keeps GPA->HPA mappings in sync when
GPA->HPA lookups are done outside of the MMU lock (e.g., in
tdp_page_fault). Since kvm_age_hva doesn't change GPA->HPA, it's
unnecessary to increment the sequence number.

Signed-off-by: Peter Feiner <pfeiner@google.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-11-02 21:32:17 +01:00
Wanpeng Li
c63e45635b KVM: VMX: Better name x2apic msr bitmaps
Renames x2apic_apicv_inactive msr_bitmaps to x2apic and original
x2apic bitmaps to x2apic_apicv.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-11-02 21:32:17 +01:00
Owen Hofmann
d9092f52d7 kvm: x86: Check memopp before dereference (CVE-2016-8630)
Commit 41061cdb98 ("KVM: emulate: do not initialize memopp") removes a
check for non-NULL under incorrect assumptions. An undefined instruction
with a ModR/M byte with Mod=0 and R/M-5 (e.g. 0xc7 0x15) will attempt
to dereference a null pointer here.

Fixes: 41061cdb98
Message-Id: <1477592752-126650-2-git-send-email-osh@google.com>
Signed-off-by: Owen Hofmann <osh@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-11-02 21:31:53 +01:00
Jim Mattson
355f4fb140 kvm: nVMX: VMCLEAR an active shadow VMCS after last use
After a successful VM-entry with the "VMCS shadowing" VM-execution
control set, the shadow VMCS referenced by the VMCS link pointer field
in the current VMCS becomes active on the logical processor.

A VMCS that is made active on more than one logical processor may become
corrupted. Therefore, before an active VMCS can be migrated to another
logical processor, the first logical processor must execute a VMCLEAR
for the active VMCS. VMCLEAR both ensures that all VMCS data are written
to memory and makes the VMCS inactive.

Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-By: David Matlack <dmatlack@google.com>
Message-Id: <1477668579-22555-1-git-send-email-jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-11-02 20:03:17 +01:00
Paolo Bonzini
ea26e4ec08 KVM: x86: drop TSC offsetting kvm_x86_ops to fix KVM_GET/SET_CLOCK
Since commit a545ab6a00 ("kvm: x86: add tsc_offset field to struct
kvm_vcpu_arch", 2016-09-07) the offset between host and L1 TSC is
cached and need not be fished out of the VMCS or VMCB.  This means
that we can implement adjust_tsc_offset_guest and read_l1_tsc
entirely in generic code.  The simplification is particularly
significant for VMX code, where vmx->nested.vmcs01_tsc_offset
was duplicating what is now in vcpu->arch.tsc_offset.  Therefore
the vmcs01_tsc_offset can be dropped completely.

More importantly, this fixes KVM_GET_CLOCK/KVM_SET_CLOCK
which, after commit 108b249c45 ("KVM: x86: introduce get_kvmclock_ns",
2016-09-01) called read_l1_tsc while the VMCS was not loaded.
It thus returned bogus values on Intel CPUs.

Fixes: 108b249c45
Reported-by: Roman Kagan <rkagan@virtuozzo.com>
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-11-02 20:03:07 +01:00
Ido Yariv
bd768e1466 KVM: x86: fix wbinvd_dirty_mask use-after-free
vcpu->arch.wbinvd_dirty_mask may still be used after freeing it,
corrupting memory. For example, the following call trace may set a bit
in an already freed cpu mask:
    kvm_arch_vcpu_load
    vcpu_load
    vmx_free_vcpu_nested
    vmx_free_vcpu
    kvm_arch_vcpu_free

Fix this by deferring freeing of wbinvd_dirty_mask.

Cc: stable@vger.kernel.org
Signed-off-by: Ido Yariv <ido@wizery.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-10-28 11:35:21 +02:00
Borislav Petkov
796f4687bd kvm/x86: Show WRMSR data is in hex
Add the "0x" prefix to the error messages format to make it unambiguous
about what kind of value we're talking about.

Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Message-Id: <20161027181445.25319-1-bp@alien8.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-27 20:31:25 +02:00
Paolo Bonzini
b5149a5fd1 KVM: s390: Fix wrong memory allocation
With commit d86bd1bece ("mm/slub: support left redzone") or
 with slab debugging the allocation of our diag224 buffer is not
 aligned properly. Let's fix this.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJYELGIAAoJEBF7vIC1phx8eY0P/jGHsq8vvtvJFQxwMLx0MPkS
 HOd/kw9nupyNeJMrvLGgcpyxfLTbCJsdA5P+ZpgZEUygwAkjs/EFbzGfgWL6kY4t
 pT9l4uo0LfdGdNITNVWNgUvpFC4VIIlyQAeTdMG2+hUlaIF0I1zpdQDYa9umacKN
 lGuKRObTH7kVX6yj02kTTallBKDdtl45fSAPCoMSFImi+Hlyn8BBVTlbNPujoOk0
 i50vWzjn711Fm/qnc0p/8XpLTcZLdYPm8vToxD6WR6C8mjepb3+JyHgTx4u9WRVY
 cvVVTrqDvrUaqOss4KTssbgzSKZ74aPPlQm27n2l8scpAcHbr+1ZY59PnkEdoF2Y
 jA5JHeOfqijneOf0F7vwGAG2c4MU5rIVq7bFbxVGVglb3S5TBTRnd63Q0kUsJc1g
 amrdFOjXtkyqpusEJMIsLMkhw2ICjQ7D2oXIRq8GBqxnEoMh99KUYdFu3Bd21/Bv
 uP5vBvvuKx0jtD7WBkIOL9Df0YEhKYwqmonubPyUwr/8ok04g/dKTPgelXzCVFts
 e2uXkQ0uSxT2l04E2iSiq7qMM4CMNVqhkJHHHyBAxisHpM3Wdbyq2y0evOqATwzN
 F26a4JAEhOxRbytnaoRH/XaGgGLfKFegSHZoJ/dtrxuBIBV2t4aOHHhR0N0FTyK0
 bPCH857jWJV2yB1ym4OY
 =YoA+
 -----END PGP SIGNATURE-----

Merge tag 'kvm-s390-master-4.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into HEAD

KVM: s390: Fix wrong memory allocation

With commit d86bd1bece ("mm/slub: support left redzone") or
with slab debugging the allocation of our diag224 buffer is not
aligned properly. Let's fix this.
2016-10-27 13:22:54 +02:00
Jim Mattson
85c856b39b kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
Bitwise shifts by amounts greater than or equal to the width of the left
operand are undefined. A malicious guest can exploit this to crash a
32-bit host, due to the BUG_ON(1)'s in handle_{invept,invvpid}.

Signed-off-by: Jim Mattson <jmattson@google.com>
Message-Id: <1477496318-17681-1-git-send-email-jmattson@google.com>
[Change 1UL to 1, to match the range check on the shift count. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-27 12:15:27 +02:00
Paolo Bonzini
58e3948a87 KVM: document lock orders
This is long overdue, and not really hard.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1476357057-17899-1-git-send-email-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-27 11:35:47 +02:00
Paolo Bonzini
36343f6ea7 KVM: fix OOPS on flush_work
The conversion done by commit 3706feacd0 ("KVM: Remove deprecated
create_singlethread_workqueue") is broken.  It flushes a single work
item &irqfd->shutdown instead of all of them, and even worse if there
is no irqfd on the list then you get a NULL pointer dereference.
Revert the virt/kvm/eventfd.c part of that patch; to avoid the
deprecated function, just allocate our own workqueue---it does
not even have to be unbound---with alloc_workqueue.

Fixes: 3706feacd0
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-26 14:06:51 +02:00
Janosch Frank
45c7ee43a5 KVM: s390: Fix STHYI buffer alignment for diag224
Diag224 requires a page-aligned 4k buffer to store the name table
into. kmalloc does not guarantee page alignment, hence we replace it
with __get_free_page for the buffer allocation.

Cc: stable@vger.kernel.org # v4.8+
Reported-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Janosch Frank <frankja@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2016-10-26 13:46:44 +02:00
James Hogan
e1e575f6b0 KVM: MIPS: Precalculate MMIO load resume PC
The advancing of the PC when completing an MMIO load is done before
re-entering the guest, i.e. before restoring the guest ASID. However if
the load is in a branch delay slot it may need to access guest code to
read the prior branch instruction. This isn't safe in TLB mapped code at
the moment, nor in the future when we'll access unmapped guest segments
using direct user accessors too, as it could read the branch from host
user memory instead.

Therefore calculate the resume PC in advance while we're still in the
right context and save it in the new vcpu->arch.io_pc (replacing the no
longer needed vcpu->arch.pending_load_cause), and restore it on MMIO
completion.

Fixes: e685c689f3 ("KVM/MIPS32: Privileged instruction/target branch emulation.")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář <rkrcmar@redhat.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Cc: <stable@vger.kernel.org> # 3.10.x-
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-26 13:43:55 +02:00
James Hogan
ede5f3e7b5 KVM: MIPS: Make ERET handle ERL before EXL
The ERET instruction to return from exception is used for returning from
exception level (Status.EXL) and error level (Status.ERL). If both bits
are set however we should be returning from ERL first, as ERL can
interrupt EXL, for example when an NMI is taken. KVM however checks EXL
first.

Fix the order of the checks to match the pseudocode in the instruction
set manual.

Fixes: e685c689f3 ("KVM/MIPS32: Privileged instruction/target branch emulation.")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář <rkrcmar@redhat.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Cc: <stable@vger.kernel.org> # 3.10.x-
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-26 13:43:48 +02:00
James Hogan
9078210ef4 KVM: MIPS: Fix lazy user ASID regenerate for SMP
kvm_mips_check_asids() runs before entering the guest and performs lazy
regeneration of host ASID for guest usermode, using last_user_gasid to
track the last guest ASID in the VCPU that was used by guest usermode on
any host CPU.

last_user_gasid is reset after performing the lazy ASID regeneration on
the current CPU, and by kvm_arch_vcpu_load() if the host ASID for guest
usermode is regenerated due to staleness (to cancel outstanding lazy
ASID regenerations). Unfortunately neither case handles SMP hosts
correctly:

 - When the lazy ASID regeneration is performed it should apply to all
   CPUs (as last_user_gasid does), so reset the ASID on other CPUs to
   zero to trigger regeneration when the VCPU is next loaded on those
   CPUs.

 - When the ASID is found to be stale on the current CPU, we should not
   cancel lazy ASID regenerations globally, so drop the reset of
   last_user_gasid altogether here.

Both cases would require a guest ASID change and two host CPU migrations
(and in the latter case one of the CPUs to start a new ASID cycle)
before guest usermode could potentially access stale user pages from a
previously running ASID in the same VCPU.

Fixes: 25b08c7fb0 ("KVM: MIPS: Invalidate TLB by regenerating ASIDs")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář <rkrcmar@redhat.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-26 13:43:41 +02:00
Linus Torvalds
07d9a38068 Linux 4.9-rc2 2016-10-23 17:10:14 -07:00
Linus Torvalds
5ff93abc7a This pull requests contains fixes for issues in both UBI and UBIFS:
- Fallout from the merge window, refactoring UBI code introduced some issues.
 - Fixes for an UBIFS readdir bug which can cause getdents() to busy loop
   for ever and a bug in the UBIFS xattr code.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJYDMa5AAoJEEtJtSqsAOnWxKgP+wT4lCM9gP3/1FywhrJRxA4Z
 vH9YYWP6vjdYhZP8tt3RVIrJ/BxPMDx8+7IkZBzxVRQcnvaoaGibgEsfkGmTngyW
 2rFVqDuwFIDIWLvNrKW26ep4p1Ek8yZhIIcW4upHKtnaJpZwvn6BmwxRep1JeLuc
 yZjGIJtejRbvuuaVwEBu+Et3Rlflg5/D6oPWOJfYqwjJjxihkb4hfAgzJkLeBK3Q
 Qw65S8FxKDPa7vAj2+jor3Cq0ETg3b2cQR4+UnGmDat9RVMquS3dDTBzBn6TNZx+
 xw2aiOPi0JPMeEnJP+Z61/moeQhlLddZsEVdRQ5Ud6LcOeq6Rg7v5J+POkQ0hhIy
 DUfxHjnsmB4P9XqtaGGr74d8trjIm15cL6yAVKG/jMnb11oCWVDVyr0FmsXSmO7I
 O+b6P9hM7C3o+eAETdCLhd8Jg5isOm27WWQ2Bqq2FOjY9EmvTIFl+Imp+++3YHA6
 R6jlFfMbju0gCfyPZdDPmTc91CPtWdTze43bpIdl2N3L2/efG2I0xFjjlr+WWEkL
 htYQr+b3vjO+moTl8KvT7pmvVNPUtNljOZsHHJjrsBLvuMDb0+7X1Wy860klTOPp
 B7NntTqwBUF6HtPpeebHvEfBiTruyspGZfokvkud6rqPuO1DbsJrVNY7Lwh9XA8M
 iGn9LwwlNjQYiyZNx0GT
 =Gjo0
 -----END PGP SIGNATURE-----

Merge tag 'upstream-4.9-rc2' of git://git.infradead.org/linux-ubifs

Pull UBI[FS] fixes from Richard Weinberger:
 "This contains fixes for issues in both UBI and UBIFS:

   - Fallout from the merge window, refactoring UBI code introduced some
     issues.

   - Fixes for an UBIFS readdir bug which can cause getdents() to busy
     loop for ever and a bug in the UBIFS xattr code"

* tag 'upstream-4.9-rc2' of git://git.infradead.org/linux-ubifs:
  ubifs: Abort readdir upon error
  UBI: Fix crash in try_recover_peb()
  ubi: fix swapped arguments to call to ubi_alloc_aeb
  ubifs: Fix xattr_names length in exit paths
  ubifs: Rename ubifs_rename2
2016-10-23 16:58:55 -07:00
Linus Torvalds
c761923cb8 A few bug fixes and add some missing KERN_CONT annotations
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJYDK6KAAoJEPL5WVaVDYGjhZ0H/2aLu4BQOmIPJZBBS+I2FurE
 7FFdnQ8r1gBPWktvfUTn6MzTE4VKe0b1js5EiRCiCJhJq9UadBu53dUWTgfZ5Egi
 Sc6p0NGqDRgixLXbFRt8wP7iPtVg0tlysE0EJ6ae4VA1wUpf5aoHaPqgO9V0hirW
 9pUJq8kzBGs628CROcYtQ5IL5AfouM1q/fzazw4Voz48LTgvhnDGCkqQmNsKkRo+
 bN5tkjSTQUdW3OrRVsNwNND/iDYpTa6PcX1XXQiFFhQ4SbZoNS/dzowz09QreGxA
 Uz/rt2hMnv552Zd52d5q6N/jPWg+O+x0b4PcYtn7NDjPn/1KZUyX0pQK/EoevXQ=
 =2Kri
 -----END PGP SIGNATURE-----

Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4

Pull ext4 fixes from Ted Ts'o:
 "A few bug fixes and add some missing KERN_CONT annotations"

* tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  ext4: add missing KERN_CONT to a few more debugging uses
  fscrypto: lock inode while setting encryption policy
  ext4: correct endianness conversion in __xattr_check_inode()
  fscrypto: make XTS tweak initialization endian-independent
  ext4: do not advertise encryption support when disabled
  jbd2: fix incorrect unlock on j_list_lock
  ext4: super.c: Update logging style using KERN_CONT
2016-10-23 16:52:19 -07:00
Linus Torvalds
a55da8a0dd Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
Pull SCSI target fixes from Nicholas Bellinger:
 "Here are the outstanding target-pending fixes for v4.9-rc2.

  This includes:

   - Fix v4.1.y+ reference leak regression with concurrent TMR
     ABORT_TASK + session shutdown. (Vaibhav Tandon)

   - Enable tcm_fc w/ SCF_USE_CPUID to avoid host exchange timeouts
     (Hannes)

   - target/user error sense handling fixes. (Andy + MNC + HCH)

   - Fix iscsi-target NOP_OUT error path iscsi_cmd descriptor leak
     (Varun)

   - Two EXTENDED_COPY SCSI status fixes for ESX VAAI (Dinesh Israni +
     Nixon Vincent)

   - Revert a v4.8 residual overflow change, that breaks sg_inq with
     small allocation lengths.

  There are a number of folks stress testing the v4.1.y regression fix
  in their environments, and more folks doing iser-target I/O stress
  testing atop recent v4.x.y code.

  There is also one v4.2.y+ RCU conversion regression related to
  explicit NodeACL configfs changes, that is still being tracked down"

* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
  target/tcm_fc: use CPU affinity for responses
  target/tcm_fc: Update debugging statements to match libfc usage
  target/tcm_fc: return detailed error in ft_sess_create()
  target/tcm_fc: print command pointer in debug message
  target: fix potential race window in target_sess_cmd_list_waiting()
  Revert "target: Fix residual overflow handling in target_complete_cmd_with_length"
  target: Don't override EXTENDED_COPY xcopy_pt_cmd SCSI status code
  target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE
  target: Re-add missing SCF_ACK_KREF assignment in v4.1.y
  iscsi-target: fix iscsi cmd leak
  iscsi-target: fix spelling mistake "Unsolicitied" -> "Unsolicited"
  target/user: Fix comments to not refer to data ring
  target/user: Return an error if cmd data size is too large
  target/user: Use sense_reason_t in tcmu_queue_cmd_ring
2016-10-23 16:37:58 -07:00
Linus Torvalds
e6995f22d3 Couple of hwmon fixes
Fix a potential ERR_PTR dereference in max31790 driver,
 and handle handle temperature readings below 0 in adm9240
 driver.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJYC3RdAAoJEMsfJm/On5mB5OEQAIySEJO6fTb9pVfNTpez413F
 he5aPNIywDojpMx2ksFyrN2GMMbLFPq1ajLPYA6sf9yPmSLhkUiQpCy9nwtLW5Dd
 eNR7tvE1amqNJ+m8EITzl+P4p2+BqWJ0KlNc/SfrdEQTmnjR2lPd75pcR0IpMF12
 yM59BrwtPGsHr3/lJbSYH1Uh+9tUyyfx0GfXmIMjk7xbC4bDFVgAnF2vnVRhLWcN
 WlRBUWye80vHz8uJAlCHMnrDrgUfPIZwVFblYoMu2ED8tt7+jgcQK91h7OBXj6VE
 T7YsMz1OCeGL42CYvgNsvCYVgeajssbdZX0za5+uQRNJA+ElTt7HtyEp6PL4wjOr
 5MD444KgF6OBV7l6f18bOm+Q8OaS22RddrpaRIfO2VkvjXkffSIpkKUMawYaIP2S
 cPGbO0q/V3Gw0qw2CD4FtkNs9f0RsEl4a8uiif8ndRhSK6aQs2EC/ul2Z9wVfXx1
 EYTHmtdl9Mrs4X9roP6YZKUBaUseQnPCv/Lkyd6vZs2fByiOH7DqIw5ciAP551oU
 AYvFsab6oK3FZfX4qlESiCkZlAN/sr3Xqu6Ytk2rkFitjeYvRzJecpdU7hqliXZX
 Rviiy7d/1d/GpC7mPxDiccrfebyYqtObOrYMBW0XY2kbWsc0ek37n4zxX1afsU5Y
 2AnjoZHpuitI55FeuGgG
 =N52z
 -----END PGP SIGNATURE-----

Merge tag 'hwmon-for-linus-v4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging

Pull hwmon fixes from Guenter Roeck:
 "Couple of hwmon fixes:

  Fix a potential ERR_PTR dereference in max31790 driver, and handle
  temperature readings below 0 in adm9240 driver"

* tag 'hwmon-for-linus-v4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
  hwmon: (max31790) potential ERR_PTR dereference
  hwmon: (adm9240) handle temperature readings below 0
2016-10-23 16:21:28 -07:00
Linus Torvalds
5766e9d25f A small bug fix and a new driver for acting as an IPMI device.
I was on vacation during the merge window (a long vacation)
 but this is a bug fix that should go in and a new driver that shouldn't
 hurt anything.
 
 This has been in linux-next for a month or so.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iEYEABECAAYFAlgKVpoACgkQIXnXXONXERdGBACeONBS0wOf4Rv+bxSOdeJcTwLJ
 rmoAoJ2R0BpWE1imvcC+AqXOoqg2c48k
 =P4Dz
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-4.9-2' of git://git.code.sf.net/p/openipmi/linux-ipmi

Pull IPMI updates from Corey Minyard:
 "A small bug fix and a new driver for acting as an IPMI device.

  I was on vacation during the merge window (a long vacation) but this
  is a bug fix that should go in and a new driver that shouldn't hurt
  anything.

  This has been in linux-next for a month or so"

* tag 'for-linus-4.9-2' of git://git.code.sf.net/p/openipmi/linux-ipmi:
  ipmi: fix crash on reading version from proc after unregisted bmc
  ipmi/bt-bmc: remove redundant return value check of platform_get_resource()
  ipmi/bt-bmc: add a dependency on ARCH_ASPEED
  ipmi: Fix ioremap error handling in bt-bmc
  ipmi: add an Aspeed BT IPMI BMC driver
2016-10-23 15:56:23 -07:00
Linus Torvalds
0c2b6dc4fd Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull timer updates from Thomas Gleixner:
 "This updates contains:

   - A revert which addresses a boot failure on ARM Sun5i platforms

   - A new clocksource driver, which has been delayed beyond rc1 due to
     an interrupt driver issue which was unearthed by this driver. The
     debugging of that issue and the discussion about the proper
     solution made this driver miss the merge window. There is no point
     in delaying it for a full cycle as it completes the basic mainline
     support for the new JCore platform and does not create any risk
     outside of that platform"

* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  Revert "clocksource/drivers/timer_sun5i: Replace code by clocksource_mmio_init"
  clocksource: Add J-Core timer/clocksource driver
  of: Add J-Core timer bindings
2016-10-22 10:23:15 -07:00
Linus Torvalds
3e9679a365 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar:
 "Three fixes, a hw-enablement and a cross-arch fix/enablement change:

   - SGI/UV fix for older platforms

   - x32 signal handling fix

   - older x86 platform bootup APIC fix

   - AVX512-4VNNIW (Neural Network Instructions) and AVX512-4FMAPS
     (Multiply Accumulation Single precision instructions) enablement.

   - move thread_info back into x86 specific code, to make life easier
     for other architectures trying to make use of
     CONFIG_THREAD_INFO_IN_TASK_STRUCT=y"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/boot/smp: Don't try to poke disabled/non-existent APIC
  sched/core, x86: Make struct thread_info arch specific again
  x86/signal: Remove bogus user_64bit_mode() check from sigaction_compat_abi()
  x86/platform/UV: Fix support for EFI_OLD_MEMMAP after BIOS callback updates
  x86/cpufeature: Add AVX512_4VNNIW and AVX512_4FMAPS features
  x86/vmware: Skip timer_irq_works() check on VMware
2016-10-22 09:58:49 -07:00
Linus Torvalds
86c5bf7101 Merge branch 'mm-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull vmap stack fixes from Ingo Molnar:
 "This is fallout from CONFIG_HAVE_ARCH_VMAP_STACK=y on x86: stack
  accesses that used to be just somewhat questionable are now totally
  buggy.

  These changes try to do it without breaking the ABI: the fields are
  left there, they are just reporting zero, or reporting narrower
  information (the maps file change)"

* 'mm-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  mm: Change vm_is_stack_for_task() to vm_is_stack_for_current()
  fs/proc: Stop trying to report thread stacks
  fs/proc: Stop reporting eip and esp in /proc/PID/stat
  mm/numa: Remove duplicated include from mprotect.c
2016-10-22 09:39:10 -07:00
Linus Torvalds
bfb7bfef6f Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull irq fixes from Ingo Molnar:
 "Mostly irqchip driver fixes, plus a symbol export"

* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  kernel/irq: Export irq_set_parent()
  irqchip/gic: Add missing \n to CPU IF adjustment message
  irqchip/jcore: Don't show Kconfig menu item for driver
  irqchip/eznps: Drop pointless static qualifier in nps400_of_init()
  irqchip/gic-v3-its: Fix entry size mask for GITS_BASER
  irqchip/gic-v3-its: Fix 64bit GIC{R,ITS}_TYPER accesses
2016-10-22 09:33:51 -07:00
Linus Torvalds
90e01058bc Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull EFI fixes from Ingo Molnar:
 "Add Ard Biesheuvel as EFI co-maintainer, plus fix an ARM build bug
  with older toolchains"

* 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  efi/arm: Fix absolute relocation detection for older toolchains
  MAINTAINERS: Add myself as EFI maintainer
2016-10-22 09:32:10 -07:00
Ville Syrjälä
ff8560512b x86/boot/smp: Don't try to poke disabled/non-existent APIC
Apparently trying to poke a disabled or non-existent APIC
leads to a box that doesn't even boot. Let's not do that.

No real clue if this is the right fix, but at least my
P3 machine boots again.

Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Borislav Petkov <bp@suse.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Len Brown <len.brown@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Prarit Bhargava <prarit@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: dyoung@redhat.com
Cc: kexec@lists.infradead.org
Cc: stable@vger.kernel.org
Fixes: 2a51fe083e ("arch/x86: Handle non enumerated CPU after physical hotplug")
Link: http://lkml.kernel.org/r/1477102684-5092-1-git-send-email-ville.syrjala@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-10-22 10:47:54 +02:00
Linus Torvalds
dcd4693cf4 powerpc fixes for 4.9 #3
Fixes marked for stable:
  - Prevent unlikely crash in copro_calculate_slb() (Frederic Barrat)
  - cxl: Prevent adapter reset if an active context exists (Vaibhav Jain)
 
 Fixes for code merged this cycle:
  - Fix boot on systems with uncompressed kernel image (Heiner Kallweit)
  - Drop dump_numa_memory_topology() (Michael Ellerman)
  - Fix numa topology console print (Aneesh Kumar K.V)
  - Ignore the pkey system calls for now (Stephen Rothwell)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJYCpJqAAoJEFHr6jzI4aWABS8QAJXuCjXrfNdQoiNmSHTOOUuj
 Z1KFIU/WjLa42VD2KIvW/OiTjzmrA9yl/PkNYD185yXu5DAE1h+lH0gBCA3KlSUc
 LwNneqn+3aGqmAX7jTm1HaWFCQt6mF0z3hwDPvEXhC4hcNjhe3mp3Q9/Q8idVfAJ
 f48vBa8qgJ5gpD5zVva5ujh1F2RUA+RQmhaR+LS19B+OH6xPzRp7VGUdsKRp75pI
 ILVCsjxA+DoaMOUK9quE5/9n9IK+N10QLfCqJu6HxJJ47nBxkiDPtdcndv0WTA9m
 kYTdqcv5o7A4+SrdXOkNBBHjj09UhdHBmhIrEt6286wyJ3thvDIhjMrX6OwJSCyb
 oB8PhXwjyUQrws19h4RNDToPG2Hr9A8BXVTofyPV4ku6gvucI03WFcVbHMWhAiLh
 lwR3Ppg4mHHAndL4oRlRhpvEVmBGwMuKEbisTa82T5RK4iPVWRcGqN6bltj9g6QX
 VXc8KQzKM+qEKQmDzdjExr0ZFq+USea96JmCJs6l9+M1nwe5CRCJAZyjp5LhVYRf
 ky9DSmp+nwIUxAQ73rv/NrjvRNZXCaUn4G+vpcSix7jrq6DqJoLSTEqpfw3Lfejj
 oJ1YxqD9SrNYhXChj071zLoDznZIviCxitLbQYVLt1Y72iLUXgt+s/y3JZWuxGrt
 EAmIXJq8fJHhHEd0TEW9
 =39+z
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-4.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:
 "Fixes marked for stable:
   - Prevent unlikely crash in copro_calculate_slb() (Frederic Barrat)
   - cxl: Prevent adapter reset if an active context exists (Vaibhav Jain)

  Fixes for code merged this cycle:
   - Fix boot on systems with uncompressed kernel image (Heiner Kallweit)
   - Drop dump_numa_memory_topology() (Michael Ellerman)
   - Fix numa topology console print (Aneesh Kumar K.V)
   - Ignore the pkey system calls for now (Stephen Rothwell)"

* tag 'powerpc-4.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc: Ignore the pkey system calls for now
  powerpc: Fix numa topology console print
  powerpc/mm: Drop dump_numa_memory_topology()
  cxl: Prevent adapter reset if an active context exists
  powerpc/boot: Fix boot on systems with uncompressed kernel image
  powerpc/mm: Prevent unlikely crash in copro_calculate_slb()
2016-10-21 19:13:00 -07:00
Linus Torvalds
a23b27ae12 KVM fixes for v4.9-rc2
ARM:
  - avoid livelock when walking guest page tables
  - fix HYP mode static keys without CC_HAVE_ASM_GOTO
 
 MIPS:
  - fix a build error without TRACEPOINTS_ENABLED
 
 s390:
  - reject a malformed userspace configuration
 
 x86:
  - suppress a warning without CONFIG_CPU_FREQ
  - initialize whole irq_eoi array
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJYCl1iAAoJEED/6hsPKofo7pUH/R/sL417YLTkY6UVhtrCXQq1
 cUPWLLp96/Ijkmb+PoByLn5msKxhUa9A06QfphKCbmvpInubXPTxaWDCpoXxHmCO
 ywHmwuNk7Zgc8MnvcqBKte1jo8/JxQTM1NYZEys7va+J/fC4Nqb9gjZnECSTfUK5
 JE8bPs+yxVSavsh0KOZcTdTHtuZQ6SQijgDkE4pSDBYhCKxIpYAXaKVUOC+VSTDH
 ACUMLvUrFlFbAev0z4oF4CSKotAq6VEkJQhequghKPUHSeWabZB4wAHTkfUbJ+Bb
 Ar57zrz5YCGbojywuHi1954eHWv6AfWyD8bnYSCtD4gsIRws+dH/MIiPgEMjLOQ=
 =9U78
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Radim Krčmář:
 "ARM:
   - avoid livelock when walking guest page tables
   - fix HYP mode static keys without CC_HAVE_ASM_GOTO

  MIPS:
   - fix a build error without TRACEPOINTS_ENABLED

  s390:
   - reject a malformed userspace configuration

  x86:
   - suppress a warning without CONFIG_CPU_FREQ
   - initialize whole irq_eoi array"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  arm/arm64: KVM: Map the BSS at HYP
  arm64: KVM: Take S1 walks into account when determining S2 write faults
  KVM: s390: reject invalid modes for runtime instrumentation
  kvm: x86: memset whole irq_eoi
  kvm/x86: Fix unused variable warning in kvm_timer_init()
  KVM: MIPS: Add missing uaccess.h include
2016-10-21 19:09:29 -07:00
Linus Torvalds
02593ac680 NFS client bugfixes for Linux 4.9
Stable bugfix:
 - Fix last_write_offset incorrectly set to page boundary
 
 Other bugfix:
 - Fix missing-braces warning
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJYCnklAAoJENfLVL+wpUDrv5MQALGRrZyyvQVCGwHt8BhiZDMp
 5OAB1B7mFF0yf/L7j5rLUEvXs6+YyGVHTRrqWlAm1Mq7aqqGjW3YcE260KOJwse3
 sk0eZ8mj92Bbm19ktRRGJCWeeCi16BsywIJEIbFFLs0ssKltSJMMnhE/8gyZ3Oj1
 /TQ0jFCsAGxErr9GVny9FiVa4mlgkauOEfY/QJsgMHH7FBYftBU7mo7rH43RaxQ7
 XLLv9XTe/WFCedxAa0uY/SikmAplLCpShOHCnCvveOF4WhKdx1gjaCnp6nZSMMP8
 Hyd49AZHfxlQWK3B6amhHtI5iU2/tyNl8aFN49PXUdbN1VqJoSFnMCZgc/BWKIsQ
 NGpUuQSTqz2qnMtHC3sErWfi2/c9kNDn9R3DPkTJPtZKoE0+FHnnxlhTWl9YSvju
 iW4hisaDbldmP2davoMeKKDIrP9g+z0+8akcZx4lSoVEhswVtsDzpFpGETL8bM6Y
 0002b8UU0qj4QVLUoW1HNCad5/H0G3ir0utXr+//OduQb2SMAilQmscltOcFXzfe
 TzR6YD7RP2RZs/t5fqnxlvBB2kYkSa8vWC/dJdVC5MC0nq6L1yO1n6L0p+E7Keck
 9S2fWi89WnGN4guKxtIOo58vbr6wAcA+g6zM35WwLDgxtklQHZCKOTPJEsPbnlSr
 DpeZFTwLeG7/SENBFZhI
 =VadI
 -----END PGP SIGNATURE-----

Merge tag 'nfs-for-4.9-2' of git://git.linux-nfs.org/projects/anna/linux-nfs

Pull NFS client bugfixes from Anna Schumaker:
 "Just two bugfixes this time:

  Stable bugfix:
   - Fix last_write_offset incorrectly set to page boundary

  Other bugfix:
   - Fix missing-braces warning"

* tag 'nfs-for-4.9-2' of git://git.linux-nfs.org/projects/anna/linux-nfs:
  nfs4: fix missing-braces warning
  pnfs/blocklayout: fix last_write_offset incorrectly set to page boundary
2016-10-21 19:06:59 -07:00
Linus Torvalds
43ef55daa7 ACPI fixes for v4.9-rc2
Specifics:
 
  - Update the ACPI WDAT-based watchdog driver to ping the hardware
    during system resume to prevent a reset from occurring after the
    resume is complete (Mika Westerberg).
 
  - Fix the return value of the pcc_mbox_request_channel() stub for
    CONFIG_PCC unset (Hoan Tran).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCAAGBQJYCn8AAAoJEILEb/54YlRxo7YQAIeJ0Sx6wdHrgpFVKuajhTtv
 eJ2j21ttMZODk6iWX0Xfr1pT5GYteKoBXQvc2qHdtGnN9H9RbBJ/Ai0qL4XrnSGP
 TuaTBuePapogt02eK8mVb3mrFQrjOJvsWhE4hQSfHvCylAAM0w682APIQshjY8xY
 RtYWCoDHupFm5CGp4bN0X+AzPorB+BX+cg8bGqFDnk/b1pCVwCuW3VTq0Ni6SIJZ
 k+eDCT8K+r04pcBo+dMHx2RKRR9ZaGavm++u+5tnWoxRy7rhfj2txZyRnmd2znlq
 brKm4Tv1cnnCo8FLCuRNuqJ9OcYMpUPVtWN2ESzE/k6WPjzs2jEWEoSdmW/JB6dM
 4a8LsjRQLjMw3IS6sonAS6wo1DO8Tb+RcZH1MeDWMm3K6rqnYIcPknldoWDaoHYz
 9uNDMWeHsaYKtvAXZXHkaOd3cl1ESY1E9jGO0xR/CBikaRKBAAHzCIHPIUvJzIRm
 3KLWpMIiT++AcSrUQxVLgEHjkERh+Ph9LpnEdVOqcB+r7O/p3zr7aFO4iZCgZ9kH
 LZXfVI53YbX7vnCzMHgUToutZPkHsqzxathAsJnVS83GgxTsciX+O5/k7lHgCb7G
 gl9ReeweWpVKqrT/o4wStbTB56UYjOWzZcAsA0pWeKUiqUycTSVfiad1tr7lM+cs
 lJb5i8Pl6bJu6+nWm4lN
 =kG+5
 -----END PGP SIGNATURE-----

Merge tag 'acpi-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull ACPI fixes from Rafael Wysocki:
 "These fix an issue related to system resume in the new WDAT-based
  watchdog driver and a return value of a stub function in the ACPI CPPC
  framework.

  Specifics:

   - Update the ACPI WDAT-based watchdog driver to ping the hardware
     during system resume to prevent a reset from occurring after the
     resume is complete (Mika Westerberg).

   - Fix the return value of the pcc_mbox_request_channel() stub for
     CONFIG_PCC unset (Hoan Tran)"

* tag 'acpi-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  watchdog: wdat_wdt: Ping the watchdog on resume
  mailbox: PCC: Fix return value of pcc_mbox_request_channel()
2016-10-21 15:54:45 -07:00
Rafael J. Wysocki
956c8974da Merge branches 'acpi-wdat' and 'acpi-cppc'
* acpi-wdat:
  watchdog: wdat_wdt: Ping the watchdog on resume

* acpi-cppc:
  mailbox: PCC: Fix return value of pcc_mbox_request_channel()
2016-10-21 22:24:23 +02:00
Thomas Gleixner
a442950d4a GIC updates for Linux 4.9-rc2
- Fix for 32bit accesses that should be 64bit on 64bit machines
 - Fix for a field decoding macro
 - Beautify a warning message
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJYCkl/AAoJECPQ0LrRPXpDpJwQAMOOccZo7T2Ekt41R2kup1lg
 l1OWvJ5N22uTxnS6+fNp+JhHdwzVk2TJeYFkoxYfbSPUtEVJYEKm4ZPdlIG58bhE
 N/Yh5QIzOcHUWRr000PaTgap9G0HUNSm0RJfLlH/zbscpiDWuJQLZ/OK2uWtRn1+
 hIQd8Poz85jfCZIb/AnSdA4YKJfww7JwviA3UuQjatqpkoIlfz/3CvJbx4DXPcrT
 EBC3vEeCYiALYQGImwY/P6VzYriS/fU+QWHkE1er5PPq+PRak1cmPAS15FBvQwVy
 wCI3zo3aSD+Y7tbKa1AvcOK6xIZq4UJaVX+sWd2pb0oz5T17dYjyXbzm+VRblT+b
 CNTrRZvFOxJH4ImHM4FT9ioRUme65XiUOQ9g3LrMTJGI4nfKmRaF4tOzlTsfHJxT
 HiBXWV6s98maK3ltfqKdEY4qhsNMdi3bZNnu8fTVhZEUugMu4ywLXyNqfISdJ+MG
 gvbDojXkvMtFGPZHg1vuHuEqdBHH+5Wbh5TCbWykMkhGbYEkLT23YZgLRo5TbN1E
 OMLVhx+dblmaMn+Npyo2BtST9E2Akzym9R+hx4rqNrRH5NQvGrAlPAIFA/1ommYI
 qdC5vJNYGH+B+uPRSKUUx9kwl+NUTPDLSzYSrIAHzTyYnenJ+QvBE2Zd3z6NplCn
 NtctzCoOEjN2Q6WsSGVI
 =DL0w
 -----END PGP SIGNATURE-----

Merge tag 'gic-fixes-for-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/urgent

Pull GIC updates from Marc Zyngier:

 - Fix for 32bit accesses that should be 64bit on 64bit machines
 - Fix for a field decoding macro
 - Beautify a warning message
2016-10-21 21:40:29 +02:00
Linus Torvalds
6edc51a8d4 SCSI fixes on 20161021
Five small fixes.  Some of these, like the nested spinlock overwriting saved
 flags and the Kasan use after free look serious, but they seem not to have
 been picked up in testing or seen in the field.  The biggest user visible
 issue is probably the wrong device handler for Clariion, which means that alua
 doesn't bind to the array like it should.
 
 Signed-off-by: James Bottomley <jejb@linux.vnet.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJYCkR8AAoJEAVr7HOZEZN44WYQALPU6JSf/NAEv6wNAoD4eUBu
 uwIfLHn+gUDKZFX5n+XZs4UsBtSQqRtIzooem7Xp5WmC8H/aZgFJTn+F7xkZ9YKY
 hCm0E5Frz2K1euXeASdlbRmGm+sXec4YVu0mzdy8LON15uJNkqJAPq/RxVvhqQzo
 8KwZ8dp1Gbed8DB8Ka/WkIciEY3xR/9Man+bFTOV/XJ7tiZYxsTtclFVWZ2KrDwn
 1J9ZLGr4x1+YsusQc0zA9ykGO3XVUxdG8HHRLtAQo6IKK+SDOO0+6p3B94Ay0YSb
 XPdeA8XVqC5kmOX6HBAGYa0uzcoFFVYU3ADw4cFmbvfOvaaeeM4vuhG4vm++ieVI
 NjX/+9epyc25lJ6S2frCaR1rRHjODLbuo2xgEcs+2wuQu4cYrQxIZUUVeeLB11HO
 WFzaSS8CFmDRokxR1sqFNq1o+JQ3jcnbQwc2awrYDfzV4RPRcHUx0HNIEo0JVsjJ
 oMKCSiEJG6RslRNC1hTJGtdxPk9A4MtQBhfzhdqHBJvKQZjO7g3ivOcbHn0iMk1g
 9U+fWvhaXRDXUEiiGFip3rLNnmN0lQCWWtq4jvYBY6VBT39V2FauGJ8707HeCujN
 GKFRM60qzIc7Xus24HfgUp6/BMMwTrL7T3TLUxukRKS1G+N/qKHpev3i96NB0gAY
 Rn39EUX/YIEuTONNnv50
 =nB7G
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "Five small fixes.

  Some of these, like the nested spinlock overwriting saved flags and
  the Kasan use after free look serious, but they seem not to have been
  picked up in testing or seen in the field.

  The biggest user visible issue is probably the wrong device handler
  for Clariion, which means that alua doesn't bind to the array like it
  should"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: ipr: Fix async error WARN_ON
  scsi: zfcp: spin_lock_irqsave() is not nestable
  scsi: Remove one useless stack variable
  scsi: Fix use-after-free
  scsi: Replace wrong device handler name for CLARiiON arrays
2016-10-21 10:57:09 -07:00
Linus Torvalds
ecd06f2883 Merge branch 'for-linus' of git://git.kernel.dk/linux-block
Pull block fixes from Jens Axboe:
 "A set of fixes that missed the merge window, mostly due to me being
  away around that time.

  Nothing major here, a mix of nvme cleanups and fixes, and one fix for
  the badblocks handling"

* 'for-linus' of git://git.kernel.dk/linux-block:
  nvmet: use symbolic constants for CNS values
  nvme: use symbolic constants for CNS values
  nvme.h: add an enum for cns values
  nvme.h: don't use uuid_be
  nvme.h: resync with nvme-cli
  nvme: Add tertiary number to NVME_VS
  nvme : Add sysfs entry for NVMe CMBs when appropriate
  nvme: don't schedule multiple resets
  nvme: Delete created IO queues on reset
  nvme: Stop probing a removed device
  badblocks: fix overlapping check for clearing
2016-10-21 10:54:01 -07:00
Linus Torvalds
e59f30b417 pci-v4.9-fixes-1
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJYCjA7AAoJEFmIoMA60/r8uUQP/1rNPSFgW1JeBKBKI0qRKyR+
 uTZHSb4Udy3MKHf7zzEtMuX/xI4kCctgGPv47dqBW4L93kmagA9WxmDSmVtJg+5Z
 usDBXpm3/Wvuj4YiDL6HmKjwWrL0vC+8q2psBtbj6wWRgSooj+NiTmGSiyhtkIba
 OsKy5g73k04owW64i9BJNavbMP8/tGZv47C/3tM3413aYk1ydvVPdYKdyxrCUrVG
 KGfCXn9Seg11/C2dWf6S5nGW3TlqicMzniOIrCsJIj+Ky2teWYeCPiDht5vUHPZa
 T+BsZ/YEjwvK7h1y7/jGAP1utkoNxX4I4wOZ7ts0IExYggrFs9+n+S//PdiqOVdH
 HE0gmt8qM1lHzB82+B8bIfsp76+PHetxbApq7GrWuoroVWAzTThntXWRYCneZjqv
 yNDOjQxAZiKWS1JRCWPyw0x/VpqqUbL2mGeTR521HtP/6l5on1cn9WocTz+VuXe2
 vM3+Hdomijr88zXqNFv58Hws1WnZBJjE4ScakCl0eKb85GYrzaL5qkjM0FMCRUdS
 32+23FrCToVow1B0MA/c6kub6gJmKK8EDlQGkoqsCizWZFUhgAUFLp1Tt2oWQoTC
 P/vOQWh8zvkw4mWlTAnl8XvVWcUHfq14eV+nCT8BzFRB5BEt6Xvag5IUeFggzITu
 r/xpKfEqnfVYgMl0370r
 =pwKi
 -----END PGP SIGNATURE-----

Merge tag 'pci-v4.9-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci

Pull PCI fixes from Bjorn Helgaas:
 "This includes:

   - Fix for a Layerscape driver issue that causes a use-before-set
     crash

   - Maintainer update for the Synopsis prototyping device driver"

* tag 'pci-v4.9-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  PCI: designware-plat: Update author email address
  PCI: layerscape: Fix drvdata usage before assignment
  PCI: designware-plat: Change maintainer to Jose Abreu
2016-10-21 10:48:58 -07:00
Radim Krčmář
658f7c4bb7 KVM/ARM updates for 4.9-rc2
- Handle faults generated by the page table walker as being writes
 - Map the BSS at EL2
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJYCkKcAAoJECPQ0LrRPXpDXoIQAJiPTg9dXMVem3Px0y5nTRUN
 fEoYP0BzV6KzA9MqvE/ZzCI/Xfuv93oHlEkBKP5lMeAbqVG3sNdkxbZu6RM49jgl
 AQ9OOCbkcMvxy4cgyY5KY2ip/l6j663eIkE0GKGLsYCg/GA2ln4TRoIk/dfjyADE
 9j38CFOKD1tl0XRvI3ftVV+9OGiszcNSnK27uwsYyC78rc4PrnKA+3LxaQJjD6En
 +x3LW+kM5PeQLQxYhCxunx88WVZn6nmeZBQAjy5XZu0I1r8PbIQUdPfT+IMpavQO
 5f0qGqRqWWWaEtoYIspJzolf5xmSUeQNfgW+cORIzShcJ8rtZkRsOoPO75wx6jlw
 /T96CX1xIRdfT0HvbONTN+n+mTQ74GmiV1qPlXG77wRAD8pg1BzrUbr/Tw8A9IV4
 m3t+a0SEkyZvAicCLcK9mlsImMruuA8SOo4QNlYNFRacAKteuEDiJgkcwUOV4VC9
 D1l2MUAZ5eZqB14iUQrayVkc0gu0CEdF2qBvl0XsWbO9Sa574zZq+HpQmOmLUOcd
 E5LPSN3x3FsNa2xONyc0stLdIainC46KQBe1uD/Yjou/l5Ao6jQecSzrcWIozlxg
 TtsjsFgOak/952aTlFoC+t6O9fQNFoh/f7QdvuI6l+fvt6dXCqxMgSPSLt3w8Rnw
 UL48xkxL14Y6nlRikuae
 =DVps
 -----END PGP SIGNATURE-----

Merge tag 'kvm-arm-for-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm

KVM/ARM updates for 4.9-rc2

- Handle faults generated by the page table walker as being writes
- Map the BSS at EL2
2016-10-21 18:49:53 +02:00
Marc Zyngier
c8ea0395ff arm/arm64: KVM: Map the BSS at HYP
When used with a compiler that doesn't implement "asm goto"
(such as the AArch64 port of GCC 4.8), jump labels generate a
memory access to find out about the value of the key (instead
of just patching the code). The key itself is likely to be
stored in the BSS.

This is perfectly fine, except that we don't map the BSS at HYP,
leading to an exploding kernel at the first access. The obvious
fix is simply to map the BSS there (which should have been done
a long while ago, but hey...).

Reported-by: Eric Auger <eric.auger@redhat.com>
Tested-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
2016-10-21 17:26:24 +01:00
Will Deacon
60e21a0ef5 arm64: KVM: Take S1 walks into account when determining S2 write faults
The WnR bit in the HSR/ESR_EL2 indicates whether a data abort was
generated by a read or a write instruction. For stage 2 data aborts
generated by a stage 1 translation table walk (i.e. the actual page
table access faults at EL2), the WnR bit therefore reports whether the
instruction generating the walk was a load or a store, *not* whether the
page table walker was reading or writing the entry.

For page tables marked as read-only at stage 2 (e.g. due to KSM merging
them with the tables from another guest), this could result in livelock,
where a page table walk generated by a load instruction attempts to
set the access flag in the stage 1 descriptor, but fails to trigger
CoW in the host since only a read fault is reported.

This patch modifies the arm64 kvm_vcpu_dabt_iswrite function to
take into account stage 2 faults in stage 1 walks. Since DBM cannot be
disabled at EL2 for CPUs that implement it, we assume that these faults
are always causes by writes, avoiding the livelock situation at the
expense of occasional, spurious CoWs.

We could, in theory, do a bit better by checking the guest TCR
configuration and inspecting the page table to see why the PTE faulted.
However, I doubt this is measurable in practice, and the threat of
livelock is real.

Cc: <stable@vger.kernel.org>
Cc: Julien Grall <julien.grall@arm.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2016-10-21 17:25:47 +01:00
Linus Torvalds
ec366cd195 drm fixes for 4.9 rc2 - vmware, fsl-dcu, armada and etnaviv
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJYCY2mAAoJEAx081l5xIa+IlsP/RkAGNaQ2++hLXdH49Oo2tEu
 P4nHSUzUuIVJhKt5nz/WU3heD7JT1AA5BSiXSh18t/pbtpPBrufaDooyjKE9aj5l
 wZ0CXjTSVbg2ETgRyFlNcichln7g0bO3IrEGebFPA5bXYYAXkjtCw2W5cHtSJKCU
 fC2Vfa81C3sCwMweBMuXDUOsG/ztANkxAyZ9kXT07aRKaXergWcLvZJQyZE7ZbuH
 Nr90XMNoPmbQ/wP+O+QdKMOTV1jDVaIBCID+MM0iel0otVO4zH+F8zOeJZMqs+YG
 n4V17V9gXV8b9muOEPssuN10Pw83mH/vWQZYIxzhbE7SAo9q9fdZ1GKBDN6DeR5e
 qLCr6k8qmXVaGodWIz4STrh7o4EVrmylX/bbzeRlAkp3dCPoSB4R2QPJx4runzDG
 TSdnctqp2kEYXt1V2JZfXGJ2krfU9Qdy4jU7zDIc1p0nLc8OXkttLQ59Ozr5YMjc
 OjZhNFk6TJzMcYnsc7gjI/EnVkeoKcL2KUHYuU/wneScgNo65fJhqqUqVEXH1ftI
 M24UoSEyPfGBF669rgux1uNv027BKDpDgHNLuyRbBfirfT2Ag9uG8hB9AYPiK4nD
 JfWfENXZx47F7JRV3oz5CgmyTqv65hucrdkkxHrR/8GRnakSyRBJayw0mdGlehPq
 X/xn0luswrt5jcCAj9lr
 =Jsu/
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-for-v4.9-rc2-part2' of git://people.freedesktop.org/~airlied/linux

Pull more drm fixes from Dave Airlie:
 "Mainly some vmwgfx fixes, but also some fixes for armada, etnaviv and
  fsl-dcu"

* tag 'drm-fixes-for-v4.9-rc2-part2' of git://people.freedesktop.org/~airlied/linux:
  drm/fsl-dcu: enable pixel clock when enabling CRTC
  drm/fsl-dcu: do not transfer registers in mode_set_nofb
  drm/fsl-dcu: do not transfer registers on plane init
  drm/fsl-dcu: enable TCON bypass mode by default
  drm/vmwgfx: Adjust checks for null pointers in 13 functions
  drm/vmwgfx: Use memdup_user() rather than duplicating its implementation
  drm/vmwgfx: Use kmalloc_array() in vmw_surface_define_ioctl()
  drm/vmwgfx: Avoid validating views on view destruction
  drm/vmwgfx: Limit the user-space command buffer size
  drm/vmwgfx: Remove a leftover debug printout
  drm/vmwgfx: Allow resource relocations on byte boundaries
  drm/vmwgfx: Enable SVGA_3D_CMD_DX_TRANSFER_FROM_BUFFER command
  drm/vmwgfx: Remove call to reservation_object_test_signaled_rcu before wait
  drm/vmwgfx: Replace numeric parameter like 0444 with macro
  drm/etnaviv: block 64K of address space behind each cmdstream
  drm/etnaviv: ensure write caches are flushed at end of user cmdstream
  drm/armada: fix clock counts
2016-10-21 09:14:35 -07:00
Joao Pinto
02a1b8f416 PCI: designware-plat: Update author email address
Although I am leaving Synopsys, I would like to keep working with the linux
kernel community and help in what you might find useful.  For that I am
sending this patch to change my contact e-mail.

Signed-off-by: Joao Pinto <jpinto@synopsys.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
2016-10-21 09:54:46 -05:00