summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-04-07kvm: fix MMIO/PIO collision misdetectionMichael S. Tsirkin1-2/+6
PIO and MMIO are separate address spaces, but ioeventfd registration code mistakenly detected two eventfds as duplicate if they use the same address, even if one is PIO and another one MMIO. Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-04-07KVM: nVMX: Check exit control for VM_EXIT_SAVE_IA32_PAT, not entry controlsJan Kiszka1-1/+1
Obviously a copy&paste mistake: prepare_vmcs12 has to check L1's exit controls for VM_EXIT_SAVE_IA32_PAT. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-04-07KVM: Call kvm_apic_match_dest() to check destination vcpuYang Zhang3-57/+3
For a given vcpu, kvm_apic_match_dest() will tell you whether the vcpu in the destination list quickly. Drop kvm_calculate_eoi_exitmap() and use kvm_apic_match_dest() instead. Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-04-07KVM: s390: virtio_ccw: reset errors for new I/O.Cornelia Huck1-1/+4
ccw_io_helper neglected to reset vcdev->err after a new channel program had been successfully started, resulting in stale errors delivered after one I/O failed. Reset the error after a new channel program has been successfully started with no old I/O pending. Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-04-07Revert "KVM: MMU: Move kvm_mmu_free_some_pages() into kvm_mmu_alloc_page()"Takuya Yoshikawa2-4/+8
With the following commit, shadow pages can be zapped at random during a shadow page talbe walk: KVM: MMU: Move kvm_mmu_free_some_pages() into kvm_mmu_alloc_page() 7ddca7e43c8f28f9419da81a0e7730b66aa60fe9 This patch reverts it and fixes __direct_map() and FNAME(fetch)(). Signed-off-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp> Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-04-02pmu: prepare for migration supportPaolo Bonzini3-6/+14
In order to migrate the PMU state correctly, we need to restore the values of MSR_CORE_PERF_GLOBAL_STATUS (a read-only register) and MSR_CORE_PERF_GLOBAL_OVF_CTRL (which has side effects when written). We also need to write the full 40-bit value of the performance counter, which would only be possible with a v3 architectural PMU's full-width counter MSRs. To distinguish host-initiated writes from the guest's, pass the full struct msr_data to kvm_pmu_set_msr. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-04-02KVM: s390: Enable KVM_CAP_NR_MEMSLOTS on s390Nick Wang1-0/+3
Return KVM_USER_MEM_SLOTS in kvm_dev_ioctl_check_extension(). Signed-off-by: Nick Wang <jfwang@us.ibm.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-04-02KVM: s390: Remove the sanity checks for kvm memory slotNick Wang1-12/+4
To model the standby memory with memory_region_add_subregion and friends, the guest would have one or more regions of ram. Remove the check allowing only one memory slot and the check requiring the real address of memory slot starts at zero. Signed-off-by: Nick Wang <jfwang@us.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-04-02KVM: s390: Change the virtual memory mapping location for virtio devicesNick Wang1-5/+6
The current location for mapping virtio devices does not take into consideration the standby memory. This causes the failure of mapping standby memory since the location for the mapping is already taken by the virtio devices. To fix the problem, we move the location to beyond the end of standby memory. Signed-off-by: Nick Wang <jfwang@us.ibm.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-04-02KVM: s390: fix compile with !CONFIG_COMPATHeiko Carstens1-0/+1
arch/s390/kvm/priv.c should include both linux/compat.h and asm/compat.h. Fixes this one: In file included from arch/s390/kvm/priv.c:23:0: arch/s390/include/asm/compat.h: In function ‘arch_compat_alloc_user_space’: arch/s390/include/asm/compat.h:258:2: error: implicit declaration of function ‘is_compat_task’ Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-04-02KVM: s390: fix stsi exception handlingHeiko Carstens1-10/+10
In case of an exception the guest psw condition code should be left alone. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Acked-By: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-04-02KVM: s390: fix and enforce return code handling for irq injectionsHeiko Carstens4-73/+37
kvm_s390_inject_program_int() and friends may fail if no memory is available. This must be reported to the calling functions, so that this gets passed down to user space which should fix the situation. Alternatively we end up with guest state corruption. So fix this and enforce return value checking by adding a __must_check annotation to all of these function prototypes. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-04-02KVM: s390: make if statements in lpsw/lpswe handlers readableHeiko Carstens1-34/+24
Being unable to parse the 5- and 8-line if statements I had to split them to be able to make any sense of them and verify that they match the architecture. So change the code since I guess that other people will also have a hard time parsing such long conditional statements with line breaks. Introduce a common is_valid_psw() function which does all the checks needed. In case of lpsw (64 bit psw -> 128 bit psw conversion) it will do some not needed additional checks, since a couple of bits can't be set anyway, but that doesn't hurt. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-04-02KVM: s390: fix return code handling in lpsw/lpswe handlersHeiko Carstens1-30/+14
kvm_s390_inject_program_int() may return with a non-zero return value, in case of an error (out of memory). Report that to the calling functions instead of ignoring the error case. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-04-02KVM: s390: fix psw conversion in lpsw handlerHeiko Carstens1-1/+2
When converting a 64 bit psw to a 128 bit psw the addressing mode bit of the "addr" part of the 64 bit psw must be moved to the basic addressing mode bit of the "mask" part of the 128 bit psw. In addition the addressing mode bit must be cleared when moved to the "addr" part of the 128 bit psw. Otherwise an invalid psw would be generated if the orginal psw was in the 31 bit addressing mode. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-04-02KVM: s390: fix 24 bit psw handling in lpsw/lpswe handlerHeiko Carstens1-1/+1
When checking for validity the lpsw/lpswe handler check that only the lower 20 bits instead of 24 bits have a non-zero value. There handling valid psws as invalid ones. Fix the 24 bit psw mask. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-04-02KVM: s390: Dont do a gmap update on minor memslot changesChristian Borntraeger1-0/+10
Some memslot updates dont affect the gmap implementation, e.g. setting/unsetting dirty tracking. Since a gmap update will cause tlb flushes and segment table invalidations we want to avoid that. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-03-24Merge 'git://github.com/agraf/linux-2.6.git kvm-ppc-next' into queueGleb Natapov11-93/+133
2013-03-22KVM: PPC: Remove unused argument to kvmppc_core_dequeue_externalPaul Mackerras4-7/+4
Currently kvmppc_core_dequeue_external() takes a struct kvm_interrupt * argument and does nothing with it, in any of its implementations. This removes it in order to make things easier for forthcoming in-kernel interrupt controller emulation code. Signed-off-by: Paul Mackerras <paulus@samba.org> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22kvm/ppc/e500: eliminate tlb_refsScott Wood2-69/+30
Commit 523f0e5421c12610527c620b983b443f329e3a32 ("KVM: PPC: E500: Explicitly mark shadow maps invalid") began using E500_TLB_VALID for guest TLB1 entries, and skipping invalidations if it's not set. However, when E500_TLB_VALID was set for such entries, it was on a fake local ref, and so the invalidations never happen. gtlb_privs is documented as being only for guest TLB0, though we already violate that with E500_TLB_BITMAP. Now that we have MMU notifiers, and thus don't need to actually retain a reference to the mapped pages, get rid of tlb_refs, and use gtlb_privs for E500_TLB_VALID in TLB1. Since we can have more than one host TLB entry for a given tlbe_ref, be careful not to clear existing flags that are relevant to other host TLB entries when preparing a new host TLB entry. Signed-off-by: Scott Wood <scottwood@freescale.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22kvm/ppc/e500: g2h_tlb1_map: clear old bit before setting new bitScott Wood1-3/+4
It's possible that we're using the same host TLB1 slot to map (a presumably different portion of) the same guest TLB1 entry. Clear the bit in the map before setting it, so that if the esels are the same the bit will remain set. Signed-off-by: Scott Wood <scottwood@freescale.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22kvm/ppc/e500: h2g_tlb1_rmap: esel 0 is validScott Wood1-2/+2
Add one to esel values in h2g_tlb1_rmap, so that "no mapping" can be distinguished from "esel 0". Note that we're not saved by the fact that host esel 0 is reserved for non-KVM use, because KVM host esel numbering is not the raw host numbering (see to_htlb1_esel). Signed-off-by: Scott Wood <scottwood@freescale.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22KVM: PPC: booke: Added debug handlerBharat Bhushan3-3/+41
Installed debug handler will be used for guest debug support and debug facility emulation features (patches for these features will follow this patch). Signed-off-by: Liu Yu <yu.liu@freescale.com> [bharat.bhushan@freescale.com: Substantial changes] Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22KVM: PPC: Added one_reg interface for timer registersBharat Bhushan3-0/+39
If userspace wants to change some specific bits of TSR (timer status register) then it uses GET/SET_SREGS ioctl interface. So the steps will be: i) user-space will make get ioctl, ii) change TSR in userspace iii) then make set ioctl. It can happen that TSR gets changed by kernel after step i) and before step iii). To avoid this we have added below one_reg ioctls for oring and clearing specific bits in TSR. This patch adds one registerface for: 1) setting specific bit in TSR (timer status register) 2) clearing specific bit in TSR (timer status register) 3) setting/getting the TCR register. There are cases where we want to only change TCR and not TSR. Although we can uses SREGS without KVM_SREGS_E_UPDATE_TSR flag but I think one reg is better. I am open if someone feels we should use SREGS only here. 4) getting/setting TSR register Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22KVM: PPC: move tsr update in a separate functionBharat Bhushan1-10/+14
This is done so that same function can be called from SREGS and ONE_REG interface (follow up patch). Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22KVM: MMU: Rename kvm_mmu_free_some_pages() to make_mmu_pages_available()Takuya Yoshikawa2-8/+7
The current name "kvm_mmu_free_some_pages" should be used for something that actually frees some shadow pages, as we expect from the name, but what the function is doing is to make some, KVM_MIN_FREE_MMU_PAGES, shadow pages available: it does nothing when there are enough. This patch changes the name to reflect this meaning better; while doing this renaming, the code in the wrapper function is inlined into the main body since the whole function will be inlined into the only caller now. Signed-off-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2013-03-22KVM: MMU: Move kvm_mmu_free_some_pages() into kvm_mmu_alloc_page()Takuya Yoshikawa2-7/+3
What this function is doing is to ensure that the number of shadow pages does not exceed the maximum limit stored in n_max_mmu_pages: so this is placed at every code path that can reach kvm_mmu_alloc_page(). Although it might have some sense to spread this function in each such code path when it could be called before taking mmu_lock, the rule was changed not to do so. Taking this background into account, this patch moves it into kvm_mmu_alloc_page() and simplifies the code. Note: the unlikely hint in kvm_mmu_free_some_pages() guarantees that the overhead of this function is almost zero except when we actually need to allocate some shadow pages, so we do not need to care about calling it multiple times in one path by doing kvm_mmu_get_page() a few times. Signed-off-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2013-03-21Merge remote-tracking branch 'upstream/master' into queueMarcelo Tosatti756-3629/+7743
Merge reason: From: Alexander Graf <agraf@suse.de> "Just recently this really important patch got pulled into Linus' tree for 3.9: commit 1674400aaee5b466c595a8fc310488263ce888c7 Author: Anton Blanchard <anton <at> samba.org> Date: Tue Mar 12 01:51:51 2013 +0000 Without that commit, I can not boot my G5, thus I can't run automated tests on it against my queue. Could you please merge kvm/next against linus/master, so that I can base my trees against that?" * upstream/master: (653 commits) PCI: Use ROM images from firmware only if no other ROM source available sparc: remove unused "config BITS" sparc: delete "if !ULTRA_HAS_POPULATION_COUNT" KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) arm64: Kconfig.debug: Remove unused CONFIG_DEBUG_ERRORS arm64: Do not select GENERIC_HARDIRQS_NO_DEPRECATED inet: limit length of fragment queue hash table bucket lists qeth: Fix scatter-gather regression qeth: Fix invalid router settings handling qeth: delay feature trace sgy-cts1000: Remove __dev* attributes KVM: x86: fix deadlock in clock-in-progress request handling KVM: allow host header to be included even for !CONFIG_KVM hwmon: (lm75) Fix tcn75 prefix hwmon: (lm75.h) Update header inclusion MAINTAINERS: Remove Mark M. Hoffman xfs: ensure we capture IO errors correctly xfs: fix xfs_iomap_eof_prealloc_initial_size type ... Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2013-03-21KVM: x86: correctly initialize the CS base on resetPaolo Bonzini2-7/+2
The CS base was initialized to 0 on VMX (wrong, but usually overridden by userspace before starting) or 0xf0000 on SVM. The correct value is 0xffff0000, and VMX is able to emulate it now, so use it. Reviewed-by: Gleb Natapov <gleb@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2013-03-20Merge tag 'vfio-v3.9-rc4' of git://github.com/awilliam/linux-vfioLinus Torvalds2-0/+2
Pull vfio fix from Alex Williamson. * tag 'vfio-v3.9-rc4' of git://github.com/awilliam/linux-vfio: vfio: include <linux/slab.h> for kmalloc
2013-03-20Merge git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds4-38/+44
Pull kvm fixes from Marcelo Tosatti. * git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) KVM: x86: fix deadlock in clock-in-progress request handling KVM: allow host header to be included even for !CONFIG_KVM
2013-03-20Merge tag 'for-linus-v3.9-rc4' of git://oss.sgi.com/xfs/xfsLinus Torvalds2-2/+8
Pull XFS fixes from Ben Myers: - Fix for a potential infinite loop which was introduced in commit 4d559a3bcb73 ("xfs: limit speculative prealloc near ENOSPC thresholds") - Fix for the return type of xfs_iomap_eof_prealloc_initial_size from commit a1e16c26660b ("xfs: limit speculative prealloc size on sparse files") - Fix for a failed buffer readahead causing subsequent callers to fail incorrectly * tag 'for-linus-v3.9-rc4' of git://oss.sgi.com/xfs/xfs: xfs: ensure we capture IO errors correctly xfs: fix xfs_iomap_eof_prealloc_initial_size type xfs: fix potential infinite loop in xfs_iomap_prealloc_size()
2013-03-20PCI: Use ROM images from firmware only if no other ROM source availableMatthew Garrett1-20/+35
Mantas Mikulėnas reported that his graphics hardware failed to initialise after commit f9a37be0f02a ("x86: Use PCI setup data"). The aim of this commit was to ensure that ROM images were available on some Apple systems that don't expose the GPU ROM via any other source. In this case, UEFI appears to have provided a broken ROM image that we were using even though there was a perfectly valid ROM available via other sources. The simplest way to handle this seems to be to just re-order pci_map_rom() and leave any firmare-supplied ROM to last. Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> Tested-by: Mantas Mikulėnas <grawity@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-03-20Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparcLinus Torvalds6-36/+66
Pull sparc fixes from David Miller: "Just some minor fixups, a sunsu console setup panic cure, and recognition of a Fujitsu sun4v cpu." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc: remove unused "config BITS" sparc: delete "if !ULTRA_HAS_POPULATION_COUNT" sparc64: correctly recognize SPARC64-X chips sparc,leon: fix GRPCI2 device0 PCI config space access sunsu: Fix panic in case of nonexistent port at "console=ttySY" cmdline option
2013-03-20Merge tag 'arm64-fixes' of ↵Linus Torvalds6-15/+3
git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64 Pull arm64 fixes from Catalin Marinas: - Fix !SMP build error. - Fix padding computation in struct ucontext (no ABI change). - Minor clean-up after the signal patches (unused var). - Two old Kconfig options clean-up. * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64: arm64: Kconfig.debug: Remove unused CONFIG_DEBUG_ERRORS arm64: Do not select GENERIC_HARDIRQS_NO_DEPRECATED arm64: fix padding computation in struct ucontext arm64: Fix build error with !SMP arm64: Removed unused variable in compat_setup_rt_frame()
2013-03-20sparc: remove unused "config BITS"Paul Bolle1-6/+0
sparc's asm/module.h got removed in commit 786d35d45cc40b2a51a18f73e14e135d47fdced7 ("Make most arch asm/module.h files use asm-generic/module.h"). That removed the only two uses of this Kconfig symbol. So we can remove its entry too. > >From arch/sparc/Makefile: > ifeq ($(CONFIG_SPARC32),y) > [...] > > [...] > export BITS := 32 > [...] > > else > [...] > > [...] > export BITS := 64 > [...] > > So $(BITS) is set depending on whether CONFIG_SPARC32 is set or not. > Using $(BITS) in sparc's Makefiles is not using CONFIG_BITS. That > doesn't count as usage of "config BITS". Signed-off-by: Paul Bolle <pebolle@tiscali.nl> Acked-by: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-20Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds58-244/+387
Pull networking fixes from David Miller: 1) Fix ARM BPF JIT handling of negative 'k' values, from Chen Gang. 2) Insufficient space reserved for bridge netlink values, fix from Stephen Hemminger. 3) Some dst_neigh_lookup*() callers don't interpret error pointer correctly, fix from Zhouyi Zhou. 4) Fix transport match in SCTP active_path loops, from Xugeng Zhang. 5) Fix qeth driver handling of multi-order SKB frags, from Frank Blaschka. 6) fec driver is missing napi_disable() call, resulting in crashes on unload, from Georg Hofmann. 7) Don't try to handle PMTU events on a listening socket, fix from Eric Dumazet. 8) Fix timestamp location calculations in IP option processing, from David Ward. 9) FIB_TABLE_HASHSZ setting is not controlled by the correct kconfig tests, from Denis V Lunev. 10) Fix TX descriptor push handling in SFC driver, from Ben Hutchings. 11) Fix isdn/hisax and tulip/de4x5 kconfig dependencies, from Arnd Bergmann. 12) bnx2x statistics don't handle 4GB rollover correctly, fix from Maciej Żenczykowski. 13) Openvswitch bug fixes for vport del/new error reporting, missing genlmsg_end() call in netlink processing, and mis-parsing of LLC/SNAP ethernet types. From Rich Lane. 14) SKB pfmemalloc state should only be propagated from the head page of a compound page, fix from Pavel Emelyanov. 15) Fix link handling in tg3 driver for 5715 chips when autonegotation is disabled. From Nithin Sujir. 16) Fix inverted test of cpdma_check_free_tx_desc return value in davinci_emac driver, from Mugunthan V N. 17) vlan_depth is incorrectly calculated in skb_network_protocol(), from Li RongQing. 18) Fix probing of Gobi 1K devices in qmi_wwan driver, and fix NCM device mode backwards compat in cdc_ncm driver. From Bjørn Mork. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (52 commits) inet: limit length of fragment queue hash table bucket lists qeth: Fix scatter-gather regression qeth: Fix invalid router settings handling qeth: delay feature trace tcp: dont handle MTU reduction on LISTEN socket bnx2x: fix occasional statistics off-by-4GB error vhost/net: fix heads usage of ubuf_info bridge: Add support for setting BR_ROOT_BLOCK flag. bnx2x: add missing napi deletion in error path drivers: net: ethernet: ti: davinci_emac: fix usage of cpdma_check_free_tx_desc() ethernet/tulip: DE4x5 needs VIRT_TO_BUS isdn: hisax: netjet requires VIRT_TO_BUS net: cdc_ncm, cdc_mbim: allow user to prefer NCM for backwards compatibility rtnetlink: Mask the rta_type when range checking Revert "ip_gre: make ipgre_tunnel_xmit() not parse network header as IP unconditionally" Fix dst_neigh_lookup/dst_neigh_lookup_skb return value handling bug smsc75xx: configuration help incorrectly mentions smsc95xx net: fec: fix missing napi_disable call net: fec: restart the FEC when PHY speed changes skb: Propagate pfmemalloc on skb from head page only ...
2013-03-20sparc: delete "if !ULTRA_HAS_POPULATION_COUNT"Paul Bolle1-1/+1
Commit 2d78d4beb64eb07d50665432867971c481192ebf ("[PATCH] bitops: sparc64: use generic bitops") made the default of GENERIC_HWEIGHT depend on !ULTRA_HAS_POPULATION_COUNT. But since there's no Kconfig symbol with that name, this always evaluates to true. Delete this dependency. Signed-off-by: Paul Bolle <pebolle@tiscali.nl> Acked-by: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-19KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798)Andy Honig1-2/+5
If the guest specifies a IOAPIC_REG_SELECT with an invalid value and follows that with a read of the IOAPIC_REG_WINDOW KVM does not properly validate that request. ioapic_read_indirect contains an ASSERT(redir_index < IOAPIC_NUM_PINS), but the ASSERT has no effect in non-debug builds. In recent kernels this allows a guest to cause a kernel oops by reading invalid memory. In older kernels (pre-3.3) this allows a guest to read from large ranges of host memory. Tested: tested against apic unit tests. Signed-off-by: Andrew Honig <ahonig@google.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2013-03-19KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions ↵Andy Honig2-29/+22
(CVE-2013-1797) There is a potential use after free issue with the handling of MSR_KVM_SYSTEM_TIME. If the guest specifies a GPA in a movable or removable memory such as frame buffers then KVM might continue to write to that address even after it's removed via KVM_SET_USER_MEMORY_REGION. KVM pins the page in memory so it's unlikely to cause an issue, but if the user space component re-purposes the memory previously used for the guest, then the guest will be able to corrupt that memory. Tested: Tested against kvmclock unit test Signed-off-by: Andrew Honig <ahonig@google.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2013-03-19KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME ↵Andy Honig1-0/+5
(CVE-2013-1796) If the guest sets the GPA of the time_page so that the request to update the time straddles a page then KVM will write onto an incorrect page. The write is done byusing kmap atomic to get a pointer to the page for the time structure and then performing a memcpy to that page starting at an offset that the guest controls. Well behaved guests always provide a 32-byte aligned address, however a malicious guest could use this to corrupt host kernel memory. Tested: Tested against kvmclock unit test. Signed-off-by: Andrew Honig <ahonig@google.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2013-03-19arm64: Kconfig.debug: Remove unused CONFIG_DEBUG_ERRORSPaul Bolle2-12/+0
The Kconfig entry for DEBUG_ERRORS is a verbatim copy of the former arm entry for that symbol. It got removed in v2.6.39 because it wasn't actually used anywhere. There are still no users of DEBUG_ERRORS so remove this entry too. Signed-off-by: Paul Bolle <pebolle@tiscali.nl> [catalin.marinas@arm.com: removed option from defconfig] Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2013-03-19arm64: Do not select GENERIC_HARDIRQS_NO_DEPRECATEDPaul Bolle1-1/+0
Config option GENERIC_HARDIRQS_NO_DEPRECATED was removed in commit 78c89825649a9a5ed526c507603196f467d781a5 ("genirq: Remove the now obsolete config options and select statements"), but the select was accidentally reintroduced in commit 8c2c3df31e3b87cb5348e48776c366ebd1dc5a7a ("arm64: Build infrastructure"). Signed-off-by: Paul Bolle <pebolle@tiscali.nl> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2013-03-19inet: limit length of fragment queue hash table bucket listsHannes Frederic Sowa5-16/+44
This patch introduces a constant limit of the fragment queue hash table bucket list lengths. Currently the limit 128 is choosen somewhat arbitrary and just ensures that we can fill up the fragment cache with empty packets up to the default ip_frag_high_thresh limits. It should just protect from list iteration eating considerable amounts of cpu. If we reach the maximum length in one hash bucket a warning is printed. This is implemented on the caller side of inet_frag_find to distinguish between the different users of inet_fragment.c. I dropped the out of memory warning in the ipv4 fragment lookup path, because we already get a warning by the slab allocator. Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: Jesper Dangaard Brouer <jbrouer@redhat.com> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-19qeth: Fix scatter-gather regressionFrank Blaschka3-8/+42
This patch fixes a scatter-gather regression introduced with commit 5640f768 net: use a per task frag allocator Now the qeth driver can cope with bigger framents and split a fragment in sub framents if required. Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-19qeth: Fix invalid router settings handlingStefan Raspl2-6/+13
Give a bad return code when specifying a router setting that is either invalid or not support on the respective device type. In addition, fall back the previous setting instead of silently switching back to 'no routing'. Signed-off-by: Stefan Raspl <raspl@linux.vnet.ibm.com> Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-19qeth: delay feature traceStefan Raspl1-1/+1
Delay tracing of the card features until the optional commands have been enabled. Signed-off-by: Stefan Raspl <raspl@linux.vnet.ibm.com> Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-19Merge branch 'hwmon-for-linus' of ↵Linus Torvalds4-17/+12
git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging Pull hwmon fixes from Jean Delvare. * 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging: hwmon: (lm75) Fix tcn75 prefix hwmon: (lm75.h) Update header inclusion MAINTAINERS: Remove Mark M. Hoffman
2013-03-19sgy-cts1000: Remove __dev* attributesBen Collins1-3/+3
Somehow the driver snuck in with these still in it. Signed-off-by: Ben Collins <ben.c@servergy.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-03-19Merge branch 'for-3.9-fixes' of ↵Linus Torvalds1-19/+25
git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq Pull workqueue fix from Tejun Heo: "Lai's patch to fix highly unlikely but still possible workqueue stall during CPU hotunplug." * 'for-3.9-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: workqueue: fix possible pool stall bug in wq_unbind_fn()