Add KVM fixes requested and queued for 3.2.19

svn path=/dists/sid/linux-2.6/; revision=19016

debian/changelog

@@ -20,6 +20,11 @@ linux-2.6 (3.2.18-1) UNRELEASED; urgency=low
   * rt2800usb: Re-enable powersaving by default, as it should work better
     than in 2.6.38
   * [sparc,sparc64] Build virtio-modules-udeb for use in qemu (Closes: #673320)
+  * KVM: mmu_notifier: Flush TLBs before releasing mmu_lock
+  * [x86] KVM: nVMX: Fix erroneous exception bitmap check
+  * [x86] KVM: VMX: vmx_set_cr0 expects kvm->srcu locked
+  * [s390] KVM: do store status after handling STOP_ON_STOP bit
+  * [s390] KVM: Sanitize fpc registers for KVM_SET_FPU
 
  -- Ben Hutchings <ben@decadent.org.uk>  Wed, 16 May 2012 02:19:30 +0100
 

debian/patches/bugfix/all/kvm-mmu_notifier-flush-tlbs-before-releasing-mmu_lock.patch

@@ -0,0 +1,85 @@
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Fri, 18 May 2012 17:58:45 -0300
+Subject: KVM: mmu_notifier: Flush TLBs before releasing mmu_lock
+
+From: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
+
+(cherry picked from commit 565f3be2174611f364405bbea2d86e153c2e7e78
+
+Other threads may process the same page in that small window and skip
+TLB flush and then return before these functions do flush.
+
+Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ virt/kvm/kvm_main.c |   19 ++++++++++---------
+ 1 files changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
+index e401c1b..9ffac2e 100644
+--- a/virt/kvm/kvm_main.c
++++ b/virt/kvm/kvm_main.c
+@@ -289,15 +289,15 @@ static void kvm_mmu_notifier_invalidate_page(struct mmu_notifier *mn,
+ 	 */
+ 	idx = srcu_read_lock(&kvm->srcu);
+ 	spin_lock(&kvm->mmu_lock);
++
+ 	kvm->mmu_notifier_seq++;
+ 	need_tlb_flush = kvm_unmap_hva(kvm, address) | kvm->tlbs_dirty;
+-	spin_unlock(&kvm->mmu_lock);
+-	srcu_read_unlock(&kvm->srcu, idx);
+-
+ 	/* we've to flush the tlb before the pages can be freed */
+ 	if (need_tlb_flush)
+ 		kvm_flush_remote_tlbs(kvm);
+ 
++	spin_unlock(&kvm->mmu_lock);
++	srcu_read_unlock(&kvm->srcu, idx);
+ }
+ 
+ static void kvm_mmu_notifier_change_pte(struct mmu_notifier *mn,
+@@ -335,12 +335,12 @@ static void kvm_mmu_notifier_invalidate_range_start(struct mmu_notifier *mn,
+ 	for (; start < end; start += PAGE_SIZE)
+ 		need_tlb_flush |= kvm_unmap_hva(kvm, start);
+ 	need_tlb_flush |= kvm->tlbs_dirty;
+-	spin_unlock(&kvm->mmu_lock);
+-	srcu_read_unlock(&kvm->srcu, idx);
+-
+ 	/* we've to flush the tlb before the pages can be freed */
+ 	if (need_tlb_flush)
+ 		kvm_flush_remote_tlbs(kvm);
++
++	spin_unlock(&kvm->mmu_lock);
++	srcu_read_unlock(&kvm->srcu, idx);
+ }
+ 
+ static void kvm_mmu_notifier_invalidate_range_end(struct mmu_notifier *mn,
+@@ -378,13 +378,14 @@ static int kvm_mmu_notifier_clear_flush_young(struct mmu_notifier *mn,
+ 
+ 	idx = srcu_read_lock(&kvm->srcu);
+ 	spin_lock(&kvm->mmu_lock);
+-	young = kvm_age_hva(kvm, address);
+-	spin_unlock(&kvm->mmu_lock);
+-	srcu_read_unlock(&kvm->srcu, idx);
+ 
++	young = kvm_age_hva(kvm, address);
+ 	if (young)
+ 		kvm_flush_remote_tlbs(kvm);
+ 
++	spin_unlock(&kvm->mmu_lock);
++	srcu_read_unlock(&kvm->srcu, idx);
++
+ 	return young;
+ }
+ 
+-- 
+1.7.6.4
+
+--
+To unsubscribe from this list: send the line "unsubscribe stable" in
+the body of a message to majordomo@vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html
+
+

debian/patches/bugfix/s390/kvm-s390-do-store-status-after-handling-stop_on_stop-bit.patch

@@ -0,0 +1,71 @@
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Fri, 18 May 2012 17:58:50 -0300
+Subject: KVM: s390: do store status after handling STOP_ON_STOP bit
+
+From: Jens Freimann <jfrei@linux.vnet.ibm.com>
+
+(cherry picked from commit 9e0d5473e2f0ba2d2fe9dab9408edef3060b710e)
+
+In handle_stop() handle the stop bit before doing the store status as
+described for "Stop and Store Status" in the Principles of Operation.
+We have to give up the local_int.lock before calling kvm store status
+since it calls gmap_fault() which might sleep. Since local_int.lock
+only protects local_int.* and not guest memory we can give up the lock.
+
+Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ arch/s390/kvm/intercept.c |   20 ++++++++++++--------
+ 1 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/arch/s390/kvm/intercept.c b/arch/s390/kvm/intercept.c
+index 0243454..a5f6eff 100644
+--- a/arch/s390/kvm/intercept.c
++++ b/arch/s390/kvm/intercept.c
+@@ -133,13 +133,6 @@ static int handle_stop(struct kvm_vcpu *vcpu)
+ 
+ 	vcpu->stat.exit_stop_request++;
+ 	spin_lock_bh(&vcpu->arch.local_int.lock);
+-	if (vcpu->arch.local_int.action_bits & ACTION_STORE_ON_STOP) {
+-		vcpu->arch.local_int.action_bits &= ~ACTION_STORE_ON_STOP;
+-		rc = kvm_s390_vcpu_store_status(vcpu,
+-						  KVM_S390_STORE_STATUS_NOADDR);
+-		if (rc >= 0)
+-			rc = -EOPNOTSUPP;
+-	}
+ 
+ 	if (vcpu->arch.local_int.action_bits & ACTION_RELOADVCPU_ON_STOP) {
+ 		vcpu->arch.local_int.action_bits &= ~ACTION_RELOADVCPU_ON_STOP;
+@@ -155,7 +148,18 @@ static int handle_stop(struct kvm_vcpu *vcpu)
+ 		rc = -EOPNOTSUPP;
+ 	}
+ 
+-	spin_unlock_bh(&vcpu->arch.local_int.lock);
++	if (vcpu->arch.local_int.action_bits & ACTION_STORE_ON_STOP) {
++		vcpu->arch.local_int.action_bits &= ~ACTION_STORE_ON_STOP;
++		/* store status must be called unlocked. Since local_int.lock
++		 * only protects local_int.* and not guest memory we can give
++		 * up the lock here */
++		spin_unlock_bh(&vcpu->arch.local_int.lock);
++		rc = kvm_s390_vcpu_store_status(vcpu,
++						KVM_S390_STORE_STATUS_NOADDR);
++		if (rc >= 0)
++			rc = -EOPNOTSUPP;
++	} else
++		spin_unlock_bh(&vcpu->arch.local_int.lock);
+ 	return rc;
+ }
+ 
+-- 
+1.7.6.4
+
+--
+To unsubscribe from this list: send the line "unsubscribe stable" in
+the body of a message to majordomo@vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html
+
+

debian/patches/bugfix/s390/kvm-s390-sanitize-fpc-registers-for-kvm_set_fpu.patch

@@ -0,0 +1,43 @@
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Fri, 18 May 2012 17:58:51 -0300
+Subject: KVM: s390: Sanitize fpc registers for KVM_SET_FPU
+
+From: Christian Borntraeger <borntraeger@de.ibm.com>
+
+(cherry picked from commit 851755871c1f3184f4124c466e85881f17fa3226)
+
+commit 7eef87dc99e419b1cc051e4417c37e4744d7b661 (KVM: s390: fix
+register setting) added a load of the floating point control register
+to the KVM_SET_FPU path. Lets make sure that the fpc is valid.
+
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ arch/s390/kvm/kvm-s390.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
+index d1c44573..d3cb86c 100644
+--- a/arch/s390/kvm/kvm-s390.c
++++ b/arch/s390/kvm/kvm-s390.c
+@@ -418,7 +418,7 @@ int kvm_arch_vcpu_ioctl_get_sregs(struct kvm_vcpu *vcpu,
+ int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
+ {
+ 	memcpy(&vcpu->arch.guest_fpregs.fprs, &fpu->fprs, sizeof(fpu->fprs));
+-	vcpu->arch.guest_fpregs.fpc = fpu->fpc;
++	vcpu->arch.guest_fpregs.fpc = fpu->fpc & FPC_VALID_MASK;
+ 	restore_fp_regs(&vcpu->arch.guest_fpregs);
+ 	return 0;
+ }
+-- 
+1.7.6.4
+
+--
+To unsubscribe from this list: send the line "unsubscribe stable" in
+the body of a message to majordomo@vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html
+
+

debian/patches/bugfix/x86/kvm-nvmx-fix-erroneous-exception-bitmap-check.patch

@@ -0,0 +1,43 @@
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Fri, 18 May 2012 17:58:48 -0300
+Subject: KVM: nVMX: Fix erroneous exception bitmap check
+
+From: Nadav Har'El <nyh@math.technion.ac.il>
+
+(cherry picked from commit 9587190107d0c0cbaccbf7bf6b0245d29095a9ae)
+
+The code which checks whether to inject a pagefault to L1 or L2 (in
+nested VMX) was wrong, incorrect in how it checked the PF_VECTOR bit.
+Thanks to Dan Carpenter for spotting this.
+
+Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
+Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ arch/x86/kvm/vmx.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
+index 4ea7678..7ac5993 100644
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -1677,7 +1677,7 @@ static int nested_pf_handled(struct kvm_vcpu *vcpu)
+ 	struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
+ 
+ 	/* TODO: also check PFEC_MATCH/MASK, not just EB.PF. */
+-	if (!(vmcs12->exception_bitmap & PF_VECTOR))
++	if (!(vmcs12->exception_bitmap & (1u << PF_VECTOR)))
+ 		return 0;
+ 
+ 	nested_vmx_vmexit(vcpu);
+-- 
+1.7.6.4
+
+--
+To unsubscribe from this list: send the line "unsubscribe stable" in
+the body of a message to majordomo@vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html
+
+

debian/patches/bugfix/x86/kvm-vmx-vmx_set_cr0-expects-kvm-srcu-locked.patch

@@ -0,0 +1,40 @@
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Fri, 18 May 2012 17:58:49 -0300
+Subject: KVM: VMX: vmx_set_cr0 expects kvm->srcu locked
+
+(cherry picked from commit 7a4f5ad051e02139a9f1c0f7f4b1acb88915852b)
+
+vmx_set_cr0 is called from vcpu run context, therefore it expects
+kvm->srcu to be held (for setting up the real-mode TSS).
+
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ arch/x86/kvm/vmx.c |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
+index 7ac5993..7315488 100644
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -3915,7 +3915,9 @@ static int vmx_vcpu_reset(struct kvm_vcpu *vcpu)
+ 		vmcs_write16(VIRTUAL_PROCESSOR_ID, vmx->vpid);
+ 
+ 	vmx->vcpu.arch.cr0 = X86_CR0_NW | X86_CR0_CD | X86_CR0_ET;
++	vcpu->srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
+ 	vmx_set_cr0(&vmx->vcpu, kvm_read_cr0(vcpu)); /* enter rmode */
++	srcu_read_unlock(&vcpu->kvm->srcu, vcpu->srcu_idx);
+ 	vmx_set_cr4(&vmx->vcpu, 0);
+ 	vmx_set_efer(&vmx->vcpu, 0);
+ 	vmx_fpu_activate(&vmx->vcpu);
+-- 
+1.7.6.4
+
+--
+To unsubscribe from this list: send the line "unsubscribe stable" in
+the body of a message to majordomo@vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html
+
+

debian/patches/series/base

@@ -188,8 +188,15 @@
 + debian/usb-hcd-avoid-ABI-change-in-3.2.17.patch
 
 + bugfix/all/ext4-Report-max_batch_time-option-correctly.patch
+
+# KVM fixes queued for 3.2.19
++ bugfix/all/kvm-mmu_notifier-flush-tlbs-before-releasing-mmu_lock.patch
 + bugfix/all/kvm-ensure-all-vcpus-are-consistent-with-in-kernel-irqchip.patch
 + bugfix/all/kvm-lock-slots_lock-around-device-assignment.patch
++ bugfix/x86/kvm-nvmx-fix-erroneous-exception-bitmap-check.patch
++ bugfix/x86/kvm-vmx-vmx_set_cr0-expects-kvm-srcu-locked.patch
++ bugfix/s390/kvm-s390-do-store-status-after-handling-stop_on_stop-bit.patch
++ bugfix/s390/kvm-s390-sanitize-fpc-registers-for-kvm_set_fpu.patch
 
 # Update wacom driver to 3.5ish
 + features/all/wacom/0001-Input-wacom-cleanup-feature-report-for-bamboos.patch