1. 13 Dec, 2014 3 commits
  2. 26 Nov, 2014 1 commit
  3. 25 Nov, 2014 8 commits
  4. 29 Oct, 2014 5 commits
    • Paolo Bonzini's avatar
      Merge tag 'kvm-s390-next-20141028' of... · f62c95fd
      Paolo Bonzini authored
      Merge tag 'kvm-s390-next-20141028' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into HEAD
      
      KVM: s390: Fixes and cleanups
      
      1. A small fix regarding program check handling (cc stable as it
         overwrites the wrong guest memory)
      2. Improve the ipte interlock scalability for older hardware
      3. current->mm to mm cleanup (currently a no-op)
      4. several SIGP rework patches (more to come)
      f62c95fd
    • Jan Kiszka's avatar
      KVM: nVMX: Disable preemption while reading from shadow VMCS · 41e7ed64
      Jan Kiszka authored
      In order to access the shadow VMCS, we need to load it. At this point,
      vmx->loaded_vmcs->vmcs and the actually loaded one start to differ. If
      we now get preempted by Linux, vmx_vcpu_put and, on return, the
      vmx_vcpu_load will work against the wrong vmcs. That can cause
      copy_shadow_to_vmcs12 to corrupt the vmcs12 state.
      
      Fix the issue by disabling preemption during the copy operation.
      copy_vmcs12_to_shadow is safe from this issue as it is executed by
      vmx_vcpu_run when preemption is already disabled before vmentry.
      
      This bug is exposed by running Jailhouse within KVM on CPUs with
      shadow VMCS support.  Jailhouse never expects an interrupt pending
      vmexit, but the bug can cause it if, after copy_shadow_to_vmcs12
      is preempted, the active VMCS happens to have the virtual interrupt
      pending flag set in the CPU-based execution controls.
      Signed-off-by: default avatarJan Kiszka <jan.kiszka@siemens.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      41e7ed64
    • Nadav Amit's avatar
      KVM: x86: Fix far-jump to non-canonical check · cd9b8e2c
      Nadav Amit authored
      Commit d1442d85 ("KVM: x86: Handle errors when RIP is set during far
      jumps") introduced a bug that caused the fix to be incomplete.  Due to
      incorrect evaluation, far jump to segment with L bit cleared (i.e., 32-bit
      segment) and RIP with any of the high bits set (i.e, RIP[63:32] != 0) set may
      not trigger #GP.  As we know, this imposes a security problem.
      
      In addition, the condition for two warnings was incorrect.
      Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarNadav Amit <namit@cs.technion.ac.il>
      [Add #ifdef CONFIG_X86_64 to avoid complaints of undefined behavior. - Paolo]
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      cd9b8e2c
    • Paolo Bonzini's avatar
      KVM: emulator: fix execution close to the segment limit · fd56e154
      Paolo Bonzini authored
      Emulation of code that is 14 bytes to the segment limit or closer
      (e.g. RIP = 0xFFFFFFF2 after reset) is broken because we try to read as
      many as 15 bytes from the beginning of the instruction, and __linearize
      fails when the passed (address, size) pair reaches out of the segment.
      
      To fix this, let __linearize return the maximum accessible size (clamped
      to 2^32-1) for usage in __do_insn_fetch_bytes, and avoid the limit check
      by passing zero for the desired size.
      
      For expand-down segments, __linearize is performing a redundant check.
      (u32)(addr.ea + size - 1) <= lim can only happen if addr.ea is close
      to 4GB; in this case, addr.ea + size - 1 will also fail the check against
      the upper bound of the segment (which is provided by the D/B bit).
      After eliminating the redundant check, it is simple to compute
      the *max_size for expand-down segments too.
      
      Now that the limit check is done in __do_insn_fetch_bytes, we want
      to inject a general protection fault there if size < op_size (like
      __linearize would have done), instead of just aborting.
      
      This fixes booting Tiano Core from emulated flash with EPT disabled.
      
      Cc: stable@vger.kernel.org
      Fixes: 719d5a9bReported-by: default avatarBorislav Petkov <bp@suse.de>
      Tested-by: default avatarBorislav Petkov <bp@suse.de>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      fd56e154
    • Paolo Bonzini's avatar
      KVM: emulator: fix error code for __linearize · 3606189f
      Paolo Bonzini authored
      The error code for #GP and #SS is zero when the segment is used to
      access an operand or an instruction.  It is only non-zero when
      a segment register is being loaded; for limit checks this means
      cases such as:
      
      * for #GP, when RIP is beyond the limit on a far call (before the first
      instruction is executed).  We do not implement this check, but it
      would be in em_jmp_far/em_call_far.
      
      * for #SS, if the new stack overflows during an inter-privilege-level
      call to a non-conforming code segment.  We do not implement stack
      switching at all.
      
      So use an error code of zero.
      Reviewed-by: default avatarNadav Amit <namit@cs.technion.ac.il>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      3606189f
  5. 28 Oct, 2014 9 commits
  6. 26 Oct, 2014 4 commits
    • Linus Torvalds's avatar
      Linux 3.18-rc2 · cac7f242
      Linus Torvalds authored
      cac7f242
    • Linus Torvalds's avatar
      Merge tag 'armsoc-for-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 88e23761
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "Another week, another small batch of fixes.
      
        Most of these make zynq, socfpga and sunxi platforms work a bit
        better:
      
         - due to new requirements for regulators, DWMMC on socfpga broke past
           v3.17
         - SMP spinup fix for socfpga
         - a few DT fixes for zynq
         - another option (FIXED_REGULATOR) for sunxi is needed that used to
           be selected by other options but no longer is.
         - a couple of small DT fixes for at91
         - ...and a couple for i.MX"
      
      * tag 'armsoc-for-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        ARM: dts: imx28-evk: Let i2c0 run at 100kHz
        ARM: i.MX6: Fix "emi" clock name typo
        ARM: multi_v7_defconfig: enable CONFIG_MMC_DW_ROCKCHIP
        ARM: sunxi_defconfig: enable CONFIG_REGULATOR_FIXED_VOLTAGE
        ARM: dts: socfpga: Add a 3.3V fixed regulator node
        ARM: dts: socfpga: Fix SD card detect
        ARM: dts: socfpga: rename gpio nodes
        ARM: at91/dt: sam9263: fix PLLB frequencies
        power: reset: at91-reset: fix power down register
        MAINTAINERS: add atmel ssc driver maintainer entry
        arm: socfpga: fix fetching cpu1start_addr for SMP
        ARM: zynq: DT: trivial: Fix mc node
        ARM: zynq: DT: Add cadence watchdog node
        ARM: zynq: DT: Add missing reference for memory-controller
        ARM: zynq: DT: Add missing reference for ADC
        ARM: zynq: DT: Add missing address for L2 pl310
        ARM: zynq: DT: Remove 222 MHz OPP
        ARM: zynq: DT: Fix GEM register area size
      88e23761
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · d1e14f1d
      Linus Torvalds authored
      Pull vfs updates from Al Viro:
       "overlayfs merge + leak fix for d_splice_alias() failure exits"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        overlayfs: embed middle into overlay_readdir_data
        overlayfs: embed root into overlay_readdir_data
        overlayfs: make ovl_cache_entry->name an array instead of pointer
        overlayfs: don't hold ->i_mutex over opening the real directory
        fix inode leaks on d_splice_alias() failure exits
        fs: limit filesystem stacking depth
        overlay: overlay filesystem documentation
        overlayfs: implement show_options
        overlayfs: add statfs support
        overlay filesystem
        shmem: support RENAME_WHITEOUT
        ext4: support RENAME_WHITEOUT
        vfs: add RENAME_WHITEOUT
        vfs: add whiteout support
        vfs: export check_sticky()
        vfs: introduce clone_private_mount()
        vfs: export __inode_permission() to modules
        vfs: export do_splice_direct() to modules
        vfs: add i_op->dentry_open()
      d1e14f1d
    • Olof Johansson's avatar
      Merge tag 'imx-fixes-3.18' of... · efc176a8
      Olof Johansson authored
      Merge tag 'imx-fixes-3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes
      
      Merge "ARM: imx: fixes for 3.18" from Shawn Guo:
      
      The i.MX fixes for 3.18:
       - Revert one patch which increases I2C bus frequency on imx28-evk
       - Fix a typo on imx6q EIM clock name
      
      * tag 'imx-fixes-3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
        ARM: dts: imx28-evk: Let i2c0 run at 100kHz
        ARM: i.MX6: Fix "emi" clock name typo
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      efc176a8
  7. 25 Oct, 2014 6 commits
  8. 24 Oct, 2014 4 commits
    • Linus Torvalds's avatar
      Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus · 2cc91884
      Linus Torvalds authored
      Pull MIPS fixes from Ralf Baechle:
       "This is the first round of fixes and tying up loose ends for MIPS.
      
         - plenty of fixes for build errors in specific obscure configurations
         - remove redundant code on the Lantiq platform
         - removal of a useless SEAD I2C driver that was causing a build issue
         - fix an earlier TLB exeption handler fix to also work on Octeon.
         - fix ISA level dependencies in FPU emulator's instruction decoding.
         - don't hardcode kernel command line in Octeon software emulator.
         - fix an earlier fix for the Loondson 2 clock setting"
      
      * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
        MIPS: SEAD3: Fix I2C device registration.
        MIPS: SEAD3: Nuke PIC32 I2C driver.
        MIPS: ftrace: Fix a microMIPS build problem
        MIPS: MSP71xx: Fix build error
        MIPS: Malta: Do not build the malta-amon.c file if CMP is not enabled
        MIPS: Prevent compiler warning from cop2_{save,restore}
        MIPS: Kconfig: Add missing MIPS_CPS dependencies to PM and cpuidle
        MIPS: idle: Remove leftover __pastwait symbol and its references
        MIPS: Sibyte: Include the swarm subdir to the sb1250 LittleSur builds
        MIPS: ptrace.h: Add a missing include
        MIPS: ath79: Fix compilation error when CONFIG_PCI is disabled
        MIPS: MSP71xx: Remove compilation error when CONFIG_MIPS_MT is present
        MIPS: Octeon: Remove special case for simulator command line.
        MIPS: tlbex: Properly fix HUGE TLB Refill exception handler
        MIPS: loongson2_cpufreq: Fix CPU clock rate setting mismerge
        pci: pci-lantiq: remove duplicate check on resource
        MIPS: Lasat: Add missing CONFIG_PROC_FS dependency to PICVUE_PROC
        MIPS: cp1emu: Fix ISA restrictions for cop1x_op instructions
      2cc91884
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · cdc63a05
      Linus Torvalds authored
      Pull arm64 fixes from Catalin Marinas:
      
       - enable 48-bit VA space now that KVM has been fixed, together with a
         couple of fixes for pgd allocation alignment and initial memblock
         current_limit.  There is still a dependency on !ARM_SMMU which needs
         to be updated as it uses the page table manipulation macros of the
         host kernel
       - eBPF fixes following changes/conflicts during the merging window
       - Compat types affecting compat_elf_prpsinfo
       - Compilation error on UP builds
       - ASLR fix when /proc/sys/kernel/randomize_va_space == 0
       - DT definitions for CLCD support on ARMv8 model platform
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: Fix memblock current_limit with 64K pages and 48-bit VA
        arm64: ASLR: Don't randomise text when randomise_va_space == 0
        arm64: vexpress: Add CLCD support to the ARMv8 model platform
        arm64: Fix compilation error on UP builds
        Documentation/arm64/memory.txt: fix typo
        net: bpf: arm64: minor fix of type in jited
        arm64: bpf: add 'load 64-bit immediate' instruction
        arm64: bpf: add 'shift by register' instructions
        net: bpf: arm64: address randomize and write protect JIT code
        arm64: mm: Correct fixmap pagetable types
        arm64: compat: fix compat types affecting struct compat_elf_prpsinfo
        arm64: Align less than PAGE_SIZE pgds naturally
        arm64: Allow 48-bits VA space without ARM_SMMU
      cdc63a05
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc · 83da00fb
      Linus Torvalds authored
      Pull two sparc fixes from David Miller:
      
       1) Fix boots with gcc-4.9 compiled sparc64 kernels.
      
       2) Add missing __get_user_pages_fast() on sparc64 to fix hangs on
          futexes used in transparent hugepage areas.
      
          It's really idiotic to have a weak symbolled fallback that just
          returns zero, and causes this kind of bug.  There should be no
          backup implementation and the link should fail if the architecture
          fails to provide __get_user_pages_fast() and supports transparent
          hugepages.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
        sparc64: Implement __get_user_pages_fast().
        sparc64: Fix register corruption in top-most kernel stack frame during boot.
      83da00fb
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 96971e9a
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "This is a pretty large update.  I think it is roughly as big as what I
        usually had for the _whole_ rc period.
      
        There are a few bad bugs where the guest can OOPS or crash the host.
        We have also started looking at attack models for nested
        virtualization; bugs that usually result in the guest ring 0 crashing
        itself become more worrisome if you have nested virtualization,
        because the nested guest might bring down the non-nested guest as
        well.  For current uses of nested virtualization these do not really
        have a security impact, but you never know and bugs are bugs
        nevertheless.
      
        A lot of these bugs are in 3.17 too, resulting in a large number of
        stable@ Ccs.  I checked that all the patches apply there with no
        conflicts"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvm: vfio: fix unregister kvm_device_ops of vfio
        KVM: x86: Wrong assertion on paging_tmpl.h
        kvm: fix excessive pages un-pinning in kvm_iommu_map error path.
        KVM: x86: PREFETCH and HINT_NOP should have SrcMem flag
        KVM: x86: Emulator does not decode clflush well
        KVM: emulate: avoid accessing NULL ctxt->memopp
        KVM: x86: Decoding guest instructions which cross page boundary may fail
        kvm: x86: don't kill guest on unknown exit reason
        kvm: vmx: handle invvpid vm exit gracefully
        KVM: x86: Handle errors when RIP is set during far jumps
        KVM: x86: Emulator fixes for eip canonical checks on near branches
        KVM: x86: Fix wrong masking on relative jump/call
        KVM: x86: Improve thread safety in pit
        KVM: x86: Prevent host from panicking on shared MSR writes.
        KVM: x86: Check non-canonical addresses upon WRMSR
      96971e9a