From 44aa667c129f33fbbcf925d3dce4a8f78c24616a Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Mon, 21 May 2012 01:12:54 +0000 Subject: [PATCH] Add KVM fixes requested and queued for 3.2.19 svn path=/dists/sid/linux-2.6/; revision=19016 --- debian/changelog | 5 ++ ...flush-tlbs-before-releasing-mmu_lock.patch | 85 +++++++++++++++++++ ...atus-after-handling-stop_on_stop-bit.patch | 71 ++++++++++++++++ ...nitize-fpc-registers-for-kvm_set_fpu.patch | 43 ++++++++++ ...fix-erroneous-exception-bitmap-check.patch | 43 ++++++++++ ...-vmx_set_cr0-expects-kvm-srcu-locked.patch | 40 +++++++++ debian/patches/series/base | 7 ++ 7 files changed, 294 insertions(+) create mode 100644 debian/patches/bugfix/all/kvm-mmu_notifier-flush-tlbs-before-releasing-mmu_lock.patch create mode 100644 debian/patches/bugfix/s390/kvm-s390-do-store-status-after-handling-stop_on_stop-bit.patch create mode 100644 debian/patches/bugfix/s390/kvm-s390-sanitize-fpc-registers-for-kvm_set_fpu.patch create mode 100644 debian/patches/bugfix/x86/kvm-nvmx-fix-erroneous-exception-bitmap-check.patch create mode 100644 debian/patches/bugfix/x86/kvm-vmx-vmx_set_cr0-expects-kvm-srcu-locked.patch diff --git a/debian/changelog b/debian/changelog index efaf9b7dc..c391df448 100644 --- a/debian/changelog +++ b/debian/changelog @@ -20,6 +20,11 @@ linux-2.6 (3.2.18-1) UNRELEASED; urgency=low * rt2800usb: Re-enable powersaving by default, as it should work better than in 2.6.38 * [sparc,sparc64] Build virtio-modules-udeb for use in qemu (Closes: #673320) + * KVM: mmu_notifier: Flush TLBs before releasing mmu_lock + * [x86] KVM: nVMX: Fix erroneous exception bitmap check + * [x86] KVM: VMX: vmx_set_cr0 expects kvm->srcu locked + * [s390] KVM: do store status after handling STOP_ON_STOP bit + * [s390] KVM: Sanitize fpc registers for KVM_SET_FPU -- Ben Hutchings Wed, 16 May 2012 02:19:30 +0100 diff --git a/debian/patches/bugfix/all/kvm-mmu_notifier-flush-tlbs-before-releasing-mmu_lock.patch b/debian/patches/bugfix/all/kvm-mmu_notifier-flush-tlbs-before-releasing-mmu_lock.patch new file mode 100644 index 000000000..00c6c7b65 --- /dev/null +++ b/debian/patches/bugfix/all/kvm-mmu_notifier-flush-tlbs-before-releasing-mmu_lock.patch @@ -0,0 +1,85 @@ +From: Marcelo Tosatti +Date: Fri, 18 May 2012 17:58:45 -0300 +Subject: KVM: mmu_notifier: Flush TLBs before releasing mmu_lock + +From: Takuya Yoshikawa + +(cherry picked from commit 565f3be2174611f364405bbea2d86e153c2e7e78 + +Other threads may process the same page in that small window and skip +TLB flush and then return before these functions do flush. + +Signed-off-by: Takuya Yoshikawa +Signed-off-by: Marcelo Tosatti +Signed-off-by: Avi Kivity +Signed-off-by: Ben Hutchings +--- + virt/kvm/kvm_main.c | 19 ++++++++++--------- + 1 files changed, 10 insertions(+), 9 deletions(-) + +diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c +index e401c1b..9ffac2e 100644 +--- a/virt/kvm/kvm_main.c ++++ b/virt/kvm/kvm_main.c +@@ -289,15 +289,15 @@ static void kvm_mmu_notifier_invalidate_page(struct mmu_notifier *mn, + */ + idx = srcu_read_lock(&kvm->srcu); + spin_lock(&kvm->mmu_lock); ++ + kvm->mmu_notifier_seq++; + need_tlb_flush = kvm_unmap_hva(kvm, address) | kvm->tlbs_dirty; +- spin_unlock(&kvm->mmu_lock); +- srcu_read_unlock(&kvm->srcu, idx); +- + /* we've to flush the tlb before the pages can be freed */ + if (need_tlb_flush) + kvm_flush_remote_tlbs(kvm); + ++ spin_unlock(&kvm->mmu_lock); ++ srcu_read_unlock(&kvm->srcu, idx); + } + + static void kvm_mmu_notifier_change_pte(struct mmu_notifier *mn, +@@ -335,12 +335,12 @@ static void kvm_mmu_notifier_invalidate_range_start(struct mmu_notifier *mn, + for (; start < end; start += PAGE_SIZE) + need_tlb_flush |= kvm_unmap_hva(kvm, start); + need_tlb_flush |= kvm->tlbs_dirty; +- spin_unlock(&kvm->mmu_lock); +- srcu_read_unlock(&kvm->srcu, idx); +- + /* we've to flush the tlb before the pages can be freed */ + if (need_tlb_flush) + kvm_flush_remote_tlbs(kvm); ++ ++ spin_unlock(&kvm->mmu_lock); ++ srcu_read_unlock(&kvm->srcu, idx); + } + + static void kvm_mmu_notifier_invalidate_range_end(struct mmu_notifier *mn, +@@ -378,13 +378,14 @@ static int kvm_mmu_notifier_clear_flush_young(struct mmu_notifier *mn, + + idx = srcu_read_lock(&kvm->srcu); + spin_lock(&kvm->mmu_lock); +- young = kvm_age_hva(kvm, address); +- spin_unlock(&kvm->mmu_lock); +- srcu_read_unlock(&kvm->srcu, idx); + ++ young = kvm_age_hva(kvm, address); + if (young) + kvm_flush_remote_tlbs(kvm); + ++ spin_unlock(&kvm->mmu_lock); ++ srcu_read_unlock(&kvm->srcu, idx); ++ + return young; + } + +-- +1.7.6.4 + +-- +To unsubscribe from this list: send the line "unsubscribe stable" in +the body of a message to majordomo@vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html + + diff --git a/debian/patches/bugfix/s390/kvm-s390-do-store-status-after-handling-stop_on_stop-bit.patch b/debian/patches/bugfix/s390/kvm-s390-do-store-status-after-handling-stop_on_stop-bit.patch new file mode 100644 index 000000000..82c8a6bb2 --- /dev/null +++ b/debian/patches/bugfix/s390/kvm-s390-do-store-status-after-handling-stop_on_stop-bit.patch @@ -0,0 +1,71 @@ +From: Marcelo Tosatti +Date: Fri, 18 May 2012 17:58:50 -0300 +Subject: KVM: s390: do store status after handling STOP_ON_STOP bit + +From: Jens Freimann + +(cherry picked from commit 9e0d5473e2f0ba2d2fe9dab9408edef3060b710e) + +In handle_stop() handle the stop bit before doing the store status as +described for "Stop and Store Status" in the Principles of Operation. +We have to give up the local_int.lock before calling kvm store status +since it calls gmap_fault() which might sleep. Since local_int.lock +only protects local_int.* and not guest memory we can give up the lock. + +Signed-off-by: Jens Freimann +Signed-off-by: Christian Borntraeger +Signed-off-by: Marcelo Tosatti +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Ben Hutchings +--- + arch/s390/kvm/intercept.c | 20 ++++++++++++-------- + 1 files changed, 12 insertions(+), 8 deletions(-) + +diff --git a/arch/s390/kvm/intercept.c b/arch/s390/kvm/intercept.c +index 0243454..a5f6eff 100644 +--- a/arch/s390/kvm/intercept.c ++++ b/arch/s390/kvm/intercept.c +@@ -133,13 +133,6 @@ static int handle_stop(struct kvm_vcpu *vcpu) + + vcpu->stat.exit_stop_request++; + spin_lock_bh(&vcpu->arch.local_int.lock); +- if (vcpu->arch.local_int.action_bits & ACTION_STORE_ON_STOP) { +- vcpu->arch.local_int.action_bits &= ~ACTION_STORE_ON_STOP; +- rc = kvm_s390_vcpu_store_status(vcpu, +- KVM_S390_STORE_STATUS_NOADDR); +- if (rc >= 0) +- rc = -EOPNOTSUPP; +- } + + if (vcpu->arch.local_int.action_bits & ACTION_RELOADVCPU_ON_STOP) { + vcpu->arch.local_int.action_bits &= ~ACTION_RELOADVCPU_ON_STOP; +@@ -155,7 +148,18 @@ static int handle_stop(struct kvm_vcpu *vcpu) + rc = -EOPNOTSUPP; + } + +- spin_unlock_bh(&vcpu->arch.local_int.lock); ++ if (vcpu->arch.local_int.action_bits & ACTION_STORE_ON_STOP) { ++ vcpu->arch.local_int.action_bits &= ~ACTION_STORE_ON_STOP; ++ /* store status must be called unlocked. Since local_int.lock ++ * only protects local_int.* and not guest memory we can give ++ * up the lock here */ ++ spin_unlock_bh(&vcpu->arch.local_int.lock); ++ rc = kvm_s390_vcpu_store_status(vcpu, ++ KVM_S390_STORE_STATUS_NOADDR); ++ if (rc >= 0) ++ rc = -EOPNOTSUPP; ++ } else ++ spin_unlock_bh(&vcpu->arch.local_int.lock); + return rc; + } + +-- +1.7.6.4 + +-- +To unsubscribe from this list: send the line "unsubscribe stable" in +the body of a message to majordomo@vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html + + diff --git a/debian/patches/bugfix/s390/kvm-s390-sanitize-fpc-registers-for-kvm_set_fpu.patch b/debian/patches/bugfix/s390/kvm-s390-sanitize-fpc-registers-for-kvm_set_fpu.patch new file mode 100644 index 000000000..9cab1c80e --- /dev/null +++ b/debian/patches/bugfix/s390/kvm-s390-sanitize-fpc-registers-for-kvm_set_fpu.patch @@ -0,0 +1,43 @@ +From: Marcelo Tosatti +Date: Fri, 18 May 2012 17:58:51 -0300 +Subject: KVM: s390: Sanitize fpc registers for KVM_SET_FPU + +From: Christian Borntraeger + +(cherry picked from commit 851755871c1f3184f4124c466e85881f17fa3226) + +commit 7eef87dc99e419b1cc051e4417c37e4744d7b661 (KVM: s390: fix +register setting) added a load of the floating point control register +to the KVM_SET_FPU path. Lets make sure that the fpc is valid. + +Signed-off-by: Christian Borntraeger +Signed-off-by: Marcelo Tosatti +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Ben Hutchings +--- + arch/s390/kvm/kvm-s390.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c +index d1c44573..d3cb86c 100644 +--- a/arch/s390/kvm/kvm-s390.c ++++ b/arch/s390/kvm/kvm-s390.c +@@ -418,7 +418,7 @@ int kvm_arch_vcpu_ioctl_get_sregs(struct kvm_vcpu *vcpu, + int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu) + { + memcpy(&vcpu->arch.guest_fpregs.fprs, &fpu->fprs, sizeof(fpu->fprs)); +- vcpu->arch.guest_fpregs.fpc = fpu->fpc; ++ vcpu->arch.guest_fpregs.fpc = fpu->fpc & FPC_VALID_MASK; + restore_fp_regs(&vcpu->arch.guest_fpregs); + return 0; + } +-- +1.7.6.4 + +-- +To unsubscribe from this list: send the line "unsubscribe stable" in +the body of a message to majordomo@vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html + + diff --git a/debian/patches/bugfix/x86/kvm-nvmx-fix-erroneous-exception-bitmap-check.patch b/debian/patches/bugfix/x86/kvm-nvmx-fix-erroneous-exception-bitmap-check.patch new file mode 100644 index 000000000..fd839a0d6 --- /dev/null +++ b/debian/patches/bugfix/x86/kvm-nvmx-fix-erroneous-exception-bitmap-check.patch @@ -0,0 +1,43 @@ +From: Marcelo Tosatti +Date: Fri, 18 May 2012 17:58:48 -0300 +Subject: KVM: nVMX: Fix erroneous exception bitmap check + +From: Nadav Har'El + +(cherry picked from commit 9587190107d0c0cbaccbf7bf6b0245d29095a9ae) + +The code which checks whether to inject a pagefault to L1 or L2 (in +nested VMX) was wrong, incorrect in how it checked the PF_VECTOR bit. +Thanks to Dan Carpenter for spotting this. + +Signed-off-by: Nadav Har'El +Reported-by: Dan Carpenter +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Ben Hutchings +--- + arch/x86/kvm/vmx.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c +index 4ea7678..7ac5993 100644 +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -1677,7 +1677,7 @@ static int nested_pf_handled(struct kvm_vcpu *vcpu) + struct vmcs12 *vmcs12 = get_vmcs12(vcpu); + + /* TODO: also check PFEC_MATCH/MASK, not just EB.PF. */ +- if (!(vmcs12->exception_bitmap & PF_VECTOR)) ++ if (!(vmcs12->exception_bitmap & (1u << PF_VECTOR))) + return 0; + + nested_vmx_vmexit(vcpu); +-- +1.7.6.4 + +-- +To unsubscribe from this list: send the line "unsubscribe stable" in +the body of a message to majordomo@vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html + + diff --git a/debian/patches/bugfix/x86/kvm-vmx-vmx_set_cr0-expects-kvm-srcu-locked.patch b/debian/patches/bugfix/x86/kvm-vmx-vmx_set_cr0-expects-kvm-srcu-locked.patch new file mode 100644 index 000000000..e68e23368 --- /dev/null +++ b/debian/patches/bugfix/x86/kvm-vmx-vmx_set_cr0-expects-kvm-srcu-locked.patch @@ -0,0 +1,40 @@ +From: Marcelo Tosatti +Date: Fri, 18 May 2012 17:58:49 -0300 +Subject: KVM: VMX: vmx_set_cr0 expects kvm->srcu locked + +(cherry picked from commit 7a4f5ad051e02139a9f1c0f7f4b1acb88915852b) + +vmx_set_cr0 is called from vcpu run context, therefore it expects +kvm->srcu to be held (for setting up the real-mode TSS). + +Signed-off-by: Marcelo Tosatti +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Ben Hutchings +--- + arch/x86/kvm/vmx.c | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c +index 7ac5993..7315488 100644 +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -3915,7 +3915,9 @@ static int vmx_vcpu_reset(struct kvm_vcpu *vcpu) + vmcs_write16(VIRTUAL_PROCESSOR_ID, vmx->vpid); + + vmx->vcpu.arch.cr0 = X86_CR0_NW | X86_CR0_CD | X86_CR0_ET; ++ vcpu->srcu_idx = srcu_read_lock(&vcpu->kvm->srcu); + vmx_set_cr0(&vmx->vcpu, kvm_read_cr0(vcpu)); /* enter rmode */ ++ srcu_read_unlock(&vcpu->kvm->srcu, vcpu->srcu_idx); + vmx_set_cr4(&vmx->vcpu, 0); + vmx_set_efer(&vmx->vcpu, 0); + vmx_fpu_activate(&vmx->vcpu); +-- +1.7.6.4 + +-- +To unsubscribe from this list: send the line "unsubscribe stable" in +the body of a message to majordomo@vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html + + diff --git a/debian/patches/series/base b/debian/patches/series/base index 0002c7917..db1a98567 100644 --- a/debian/patches/series/base +++ b/debian/patches/series/base @@ -188,8 +188,15 @@ + debian/usb-hcd-avoid-ABI-change-in-3.2.17.patch + bugfix/all/ext4-Report-max_batch_time-option-correctly.patch + +# KVM fixes queued for 3.2.19 ++ bugfix/all/kvm-mmu_notifier-flush-tlbs-before-releasing-mmu_lock.patch + bugfix/all/kvm-ensure-all-vcpus-are-consistent-with-in-kernel-irqchip.patch + bugfix/all/kvm-lock-slots_lock-around-device-assignment.patch ++ bugfix/x86/kvm-nvmx-fix-erroneous-exception-bitmap-check.patch ++ bugfix/x86/kvm-vmx-vmx_set_cr0-expects-kvm-srcu-locked.patch ++ bugfix/s390/kvm-s390-do-store-status-after-handling-stop_on_stop-bit.patch ++ bugfix/s390/kvm-s390-sanitize-fpc-registers-for-kvm_set_fpu.patch # Update wacom driver to 3.5ish + features/all/wacom/0001-Input-wacom-cleanup-feature-report-for-bamboos.patch