debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

Release linux (4.5.5-1). 

-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIVAwUAV0te3Oe/yOyVhhEJAQodqBAAjpkEuBm2kSlQD1y8qeb/+1+CxJPcqIH1
 DHTyMpFHQvX5VT+vCX83WhiWncMz85z7f0wcElpNaZ/3ExOQzbmrIwsucgXRXVUS
 txKxHaQQv8uU1m8dgxqjOWP80+IT71H9rBcitfrRqyzLiEhC1mPOfvxjtGTOJWw+
 Lohie5WPMMsfrahQGw4srPMcpVRwVKuX5N+azgk6rg8VA7rxyxQaMZRg3rr+N7Aw
 btwVC5vyL8K5Be0LnveR/PdOosaUU6XzyT7kNT0fLSO9H4bWenielHaduSDI5iU4
 WcPRhymrHv0dBDvbyw8vkJMDd+/1x9gWk4/DHFQNw1miaUx87N+vKyC4rZ7Lqc2d
 4n/hpq3HjPBZqC07Q0mddeTy7OoN4obYSXTipIu9rWBsTJtcxxwSUVg86+xo03Zg
 bb0VoEudp9JZGBMLS8PjBJ66d+/p7Q47YnKV7ZwNKyLwRq4AMo65L7PeUJflNHvj
 UmJrOG/6AJ6bi+eXrWDbwAA8mrwdPPKu+QzBSQ9c6hm4CFmgkgWTH/oA2iPsp7AX
 iqcPgKp6XA8YLXpiDeCqvMV5cSkGD67cpIcgTB0CrH7KILXD61cP8QEl7eaWiBMW
 MW9IPDeEBEmEN3ST2tg1H7udEzzpEZXHg4NZ5gOZ7lMZphbILrapJYuUf3PDdZKL
 Ccz9YH5eSuE=
 =gSlx
 -----END PGP SIGNATURE-----

Merge tag 'debian/4.5.5-1'
This commit is contained in:
Ben Hutchings 2016-05-29 22:33:26 +01:00
parent 2d3c4236d2 f122b3358b
commit 6976b08b12
10 changed files with 468 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
debian/changelog vendored
View File

@ -91,6 +91,121 @@ linux (4.6~rc3-1~exp1) experimental; urgency=medium
-- Ben Hutchings <ben@decadent.org.uk> Thu, 14 Apr 2016 23:55:15 +0100
linux (4.5.5-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
- decnet: Do not build routes to devices without decnet private data.
- route: do not cache fib route info on local routes with oif
- packet: fix heap info leak in PACKET_DIAG_MCLIST sock_diag interface
- net: sched: do not requeue a NULL skb
- bpf/verifier: reject invalid LD_ABS | BPF_DW instruction
- cdc_mbim: apply "NDP to end" quirk to all Huawei devices
- soreuseport: fix ordering for mixed v4/v6 sockets
- net: use skb_postpush_rcsum instead of own implementations
- vlan: pull on __vlan_insert_tag error path and fix csum correction
- openvswitch: Orphan skbs before IPv6 defrag
- openvswitch: use flow protocol when recalculating ipv6 checksums
- net/mlx5_core: Fix soft lockup in steering error flow
- net/mlx5e: Device's mtu field is u16 and not int
- net/mlx5e: Fix minimum MTU
- net/mlx5e: Use vport MTU rather than physical port MTU
- ipv4/fib: don't warn when primary address is missing if in_dev is dead
- net/mlx4_en: fix spurious timestamping callbacks
- net: Implement net_dbg_ratelimited() for CONFIG_DYNAMIC_DEBUG case
- gre: do not pull header in ICMP error processing
- net_sched: introduce qdisc_replace() helper
- net_sched: update hierarchical backlog too
- sch_htb: update backlog as well
- sch_dsmark: update backlog as well
- netem: Segment GSO packets on enqueue
- ipv6/ila: fix nlsize calculation for lwtunnel
- net/mlx4_en: Fix endianness bug in IPV6 csum calculation
- [x86] VSOCK: do not disconnect socket when peer has shutdown SEND only
- net: bridge: fix old ioctl unlocked net device walk
- bridge: fix igmp / mld query parsing
- net: fix a kernel infoleak in x25 module (CVE-2016-4580)
- net: thunderx: avoid exposing kernel stack
- tcp: refresh skb timestamp at retransmit time
- net/route: enforce hoplimit max value
- ocfs2: revert using ocfs2_acl_chmod to avoid inode cluster lock hang
- ocfs2: fix posix_acl_create deadlock
- zsmalloc: fix zs_can_compact() integer overflow
- mm: thp: calculate the mapcount correctly for THP pages during WP faults
- [x86] crypto: qat - fix invalid pf2vf_resp_wq logic
- crypto: testmgr - Use kmalloc memory for RSA input
- ALSA: usb-audio: Quirk for yet another Phoenix Audio devices (v2)
- ALSA: usb-audio: Yet another Phoneix Audio device quirk
- ALSA: hda - Fix subwoofer pin on ASUS N751 and N551
- ALSA: hda - Fix white noise on Asus UX501VW headset
- ALSA: hda - Fix broken reconfig
- [armhf] spi: spi-ti-qspi: Fix FLEN and WLEN settings if bits_per_word is
overridden
- [armhf] spi: spi-ti-qspi: Handle truncated frames properly
- perf diff: Fix duplicated output column
- perf/core: Disable the event on a truncated AUX record
- vfs: rename: check backing inode being equal
- workqueue: fix rebind bound workers warning
- [armhf] regulator: s2mps11: Fix invalid selector mask and voltages
for buck9
- [armhf] regulator: axp20x: Fix axp22x ldo_io voltage ranges
- atomic_open(): fix the handling of create_error
- qla1280: Don't allocate 512kb of host tags
- tools lib traceevent: Do not reassign parg after collapse_tree()
- [x86] drm/i915: Update CDCLK_FREQ register on BDW after changing cdclk
frequency
- drm/radeon: fix PLL sharing on DCE6.1 (v2)
- [x86] drm/i915: Bail out of pipe config compute loop on LPT
- [x86] Revert "drm/i915: start adding dp mst audio"
- [x86] drm/i915/bdw: Add missing delay during L3 SQC credit programming
- drm/radeon: fix DP link training issue with second 4K monitor
- drm/radeon: fix DP mode validation
- [x86] drm/amdgpu: fix DP mode validation
- btrfs: reada: Fix in-segment calculation for reada
- Btrfs: fix truncate_space_check
- btrfs: remove error message from search ioctl for nonexistent tree
- btrfs: change max_inline default to 2048
- Btrfs: fix unreplayable log after snapshot delete + parent dir fsync
- Btrfs: fix file loss on log replay after renaming a file and fsync
- Btrfs: fix extent_same allowing destination offset beyond i_size
- Btrfs: fix deadlock between direct IO reads and buffered writes
- Btrfs: fix race when checking if we can skip fsync'ing an inode
- Btrfs: do not collect ordered extents when logging that inode exists
- btrfs: csum_tree_block: return proper errno value
- btrfs: do not write corrupted metadata blocks to disk
- Btrfs: fix invalid reference in replace_path
- btrfs: handle non-fatal errors in btrfs_qgroup_inherit()
- btrfs: fallback to vmalloc in btrfs_compare_tree
- Btrfs: don't use src fd for printk
- btrfs: Reset IO error counters before start of device replacing
[ Salvatore Bonaccorso ]
* tipc: check nl sock before parsing nested attributes (CVE-2016-4951)
[ Ben Hutchings ]
* aufs: Update support patches to aufs4.5-20160523
- mmap: Fix use-after-free in remap_file_pages(2)
* Revert "stmmac: Fix 'eth0: No PHY found' regression" (Closes: #823493)
* [x86] kvm:vmx: more complete state update on APICv on/off (CVE-2016-4440)
* USB: usbfs: fix potential infoleak in devio (CVE-2016-4482)
* ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (CVE-2016-4569)
* ALSA: timer: Fix leak in events via snd_timer_user_ccallback or
snd_timer_user_tinterrupt (CVE-2016-4578)
* dwc3-exynos: Fix deferred probing storm (Closes: #823552; thanks to
Steinar H. Gunderson)
* Re-apply "[media] videobuf2-v4l2: Verify planes array in buffer dequeueing",
reverted upstream in 4.5.5
[ Roger Shimizu ]
* [armhf] Enable SENSORS_PWM_FAN / PWM_SAMSUNG as module, as recommended by
Steinar H. Gunderson. (Closes: #824941)
* [armhf] For Odroid-U3 (Exynos4) support, enable ARCH_EXYNOS4 / MFD_MAX77686
/ RTC_DRV_MAX77686 as built-in, and COMMON_CLK_MAX77686
/ REGULATOR_MAX77686 / MMC_SDHCI_S3C as module. Thanks to
Vagrant Cascadian. (Closes: #825139)
-- Ben Hutchings <ben@decadent.org.uk> Sun, 29 May 2016 22:21:11 +0100
linux (4.5.4-1) unstable; urgency=medium
* New upstream stable update:

9
debian/config/armhf/config vendored
View File

@ -47,7 +47,7 @@ CONFIG_ARCH_BCM2835=y
##
CONFIG_ARCH_EXYNOS=y
# CONFIG_ARCH_EXYNOS3 is not set
# CONFIG_ARCH_EXYNOS4 is not set
CONFIG_ARCH_EXYNOS4=y
CONFIG_ARCH_EXYNOS5=y
CONFIG_EXYNOS5420_MCPM=y
@ -176,6 +176,7 @@ CONFIG_HW_RANDOM_OMAP=m
##
## file: drivers/clk/Kconfig
##
CONFIG_COMMON_CLK_MAX77686=m
CONFIG_COMMON_CLK_S2MPS11=m
CONFIG_CLK_TWL6040=m
@ -362,6 +363,7 @@ CONFIG_OMAP_SSI=m
##
CONFIG_SENSORS_G762=m
CONFIG_SENSORS_GPIO_FAN=m
CONFIG_SENSORS_PWM_FAN=m
##
## file: drivers/hwspinlock/Kconfig
@ -532,6 +534,7 @@ CONFIG_MFD_AS3722=y
CONFIG_MFD_AXP20X_I2C=y
CONFIG_MFD_DA9052_SPI=y
CONFIG_MFD_DA9052_I2C=y
CONFIG_MFD_MAX77686=y
CONFIG_MFD_MC13XXX_SPI=m
CONFIG_MFD_MC13XXX_I2C=m
CONFIG_MFD_SEC_CORE=y
@ -565,6 +568,7 @@ CONFIG_MMC_SDHCI_ESDHC_IMX=m
CONFIG_MMC_SDHCI_TEGRA=m
CONFIG_MMC_SDHCI_PXAV3=m
CONFIG_MMC_SDHCI_BCM2835=m
CONFIG_MMC_SDHCI_S3C=m
CONFIG_MMC_OMAP=m
CONFIG_MMC_OMAP_HS=m
CONFIG_MMC_MVSDIO=m
@ -854,6 +858,7 @@ CONFIG_PWM=y
CONFIG_PWM_BCM2835=m
CONFIG_PWM_IMX=m
CONFIG_PWM_ROCKCHIP=m
CONFIG_PWM_SAMSUNG=m
CONFIG_PWM_SUN4I=m
CONFIG_PWM_TEGRA=m
CONFIG_PWM_TIECAP=m
@ -873,6 +878,7 @@ CONFIG_REGULATOR_AXP20X=m
CONFIG_REGULATOR_DA9052=m
CONFIG_REGULATOR_FAN53555=m
CONFIG_REGULATOR_GPIO=m
CONFIG_REGULATOR_MAX77686=m
CONFIG_REGULATOR_MC13783=m
CONFIG_REGULATOR_MC13892=m
CONFIG_REGULATOR_PALMAS=y
@ -901,6 +907,7 @@ CONFIG_RTC_DRV_DA9052=y
CONFIG_RTC_DRV_EFI=y
CONFIG_RTC_DRV_IMXDI=y
CONFIG_RTC_DRV_OMAP=y
CONFIG_RTC_DRV_MAX77686=y
CONFIG_RTC_DRV_PL030=y
CONFIG_RTC_DRV_PL031=y
CONFIG_RTC_DRV_VT8500=y

28
debian/patches/bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_cca.patch vendored Normal file
View File

@ -0,0 +1,28 @@
From: Kangjie Lu <kangjielu@gmail.com>
Date: Tue, 3 May 2016 16:44:20 -0400
Subject: [1/2] ALSA: timer: Fix leak in events via snd_timer_user_ccallback
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Origin: https://git.kernel.org/linus/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
The stack object “r1” has a total size of 32 bytes. Its field
“event” and “val” both contain 4 bytes padding. These 8 bytes
padding bytes are sent to user without being initialized.
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
sound/core/timer.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -1247,6 +1247,7 @@ static void snd_timer_user_ccallback(str
tu->tstamp = *tstamp;
if ((tu->filter & (1 << event)) == 0 || !tu->tread)
return;
+ memset(&r1, 0, sizeof(r1));
r1.event = event;
r1.tstamp = *tstamp;
r1.val = resolution;

28
debian/patches/bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_tin.patch vendored Normal file
View File

@ -0,0 +1,28 @@
From: Kangjie Lu <kangjielu@gmail.com>
Date: Tue, 3 May 2016 16:44:32 -0400
Subject: [2/2] ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Origin: https://git.kernel.org/linus/e4ec8cc8039a7063e24204299b462bd1383184a5
The stack object “r1” has a total size of 32 bytes. Its field
“event” and “val” both contain 4 bytes padding. These 8 bytes
padding bytes are sent to user without being initialized.
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
sound/core/timer.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -1290,6 +1290,7 @@ static void snd_timer_user_tinterrupt(st
}
if ((tu->filter & (1 << SNDRV_TIMER_EVENT_RESOLUTION)) &&
tu->last_resolution != resolution) {
+ memset(&r1, 0, sizeof(r1));
r1.event = SNDRV_TIMER_EVENT_RESOLUTION;
r1.tstamp = tstamp;
r1.val = resolution;

28
debian/patches/bugfix/all/alsa-timer-fix-leak-in-sndrv_timer_ioctl_params.patch vendored Normal file
View File

@ -0,0 +1,28 @@
From: Kangjie Lu <kangjielu@gmail.com>
Date: Tue, 3 May 2016 16:44:07 -0400
Subject: ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Origin: https://git.kernel.org/linus/cec8f96e49d9be372fdb0c3836dcf31ec71e457e
The stack object “tread” has a total size of 32 bytes. Its field
“event” and “val” both contain 4 bytes padding. These 8 bytes
padding bytes are sent to user without being initialized.
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
sound/core/timer.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -1755,6 +1755,7 @@ static int snd_timer_user_params(struct
if (tu->timeri->flags & SNDRV_TIMER_IFLG_EARLY_EVENT) {
if (tu->tread) {
struct snd_timer_tread tread;
+ memset(&tread, 0, sizeof(tread));
tread.event = SNDRV_TIMER_EVENT_EARLY;
tread.tstamp.tv_sec = 0;
tread.tstamp.tv_nsec = 0;

36
debian/patches/bugfix/all/tipc-check-nl-sock-before-parsing-nested-attributes.patch vendored Normal file
View File

@ -0,0 +1,36 @@
From: Richard Alpe <richard.alpe@ericsson.com>
Date: Mon, 16 May 2016 11:14:54 +0200
Subject: tipc: check nl sock before parsing nested attributes
Origin: https://git.kernel.org/linus/45e093ae2830cd1264677d47ff9a95a71f5d9f9c
Make sure the socket for which the user is listing publication exists
before parsing the socket netlink attributes.
Prior to this patch a call without any socket caused a NULL pointer
dereference in tipc_nl_publ_dump().
Tested-and-reported-by: Baozeng Ding <sploving1@gmail.com>
Signed-off-by: Richard Alpe <richard.alpe@ericsson.com>
Acked-by: Jon Maloy <jon.maloy@ericsson.cm>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/tipc/socket.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 1262889..3b7a799 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -2853,6 +2853,9 @@ int tipc_nl_publ_dump(struct sk_buff *skb, struct netlink_callback *cb)
if (err)
return err;
+ if (!attrs[TIPC_NLA_SOCK])
+ return -EINVAL;
+
err = nla_parse_nested(sock, TIPC_NLA_SOCK_MAX,
attrs[TIPC_NLA_SOCK],
tipc_nl_sock_policy);
--
2.8.1

36
debian/patches/bugfix/all/usb-usbfs-fix-potential-infoleak-in-devio.patch vendored Normal file
View File

@ -0,0 +1,36 @@
From: Kangjie Lu <kangjielu@gmail.com>
Date: Tue, 3 May 2016 16:32:16 -0400
Subject: USB: usbfs: fix potential infoleak in devio
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Origin: https://git.kernel.org/linus/681fef8380eb818c0b845fca5d2ab1dcbab114ee
The stack object “ci” has a total size of 8 bytes. Its last 3 bytes
are padding bytes which are not initialized and leaked to userland
via “copy_to_user”.
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/devio.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -1186,10 +1186,11 @@ static int proc_getdriver(struct usb_dev
static int proc_connectinfo(struct usb_dev_state *ps, void __user *arg)
{
- struct usbdevfs_connectinfo ci = {
- .devnum = ps->dev->devnum,
- .slow = ps->dev->speed == USB_SPEED_LOW
- };
+ struct usbdevfs_connectinfo ci;
+
+ memset(&ci, 0, sizeof(ci));
+ ci.devnum = ps->dev->devnum;
+ ci.slow = ps->dev->speed == USB_SPEED_LOW;
if (copy_to_user(arg, &ci, sizeof(ci)))
return -EFAULT;

81
debian/patches/bugfix/arm/dwc3-exynos-fix-deferred-probing-storm.patch vendored Normal file
View File

@ -0,0 +1,81 @@
From: "Steinar H. Gunderson" <sesse@google.com>
Date: Tue, 24 May 2016 20:13:15 +0200
Forwarded: http://mid.gmane.org/E1b6Hj3-0001MI-AS@pannekake.samfundet.no
Subject: dwc3-exynos: Fix deferred probing storm.
Bug-Debian: https://bugs.debian.org/823552
dwc3-exynos has two problems during init if the regulators are slow
to come up (for instance if the I2C bus driver is not on the initramfs)
and return probe deferral. First, every time this happens, the driver
leaks the USB phys created; they need to be deallocated on error.
Second, since the phy devices are created before the regulators fail,
this means that there's a new device to re-trigger deferred probing,
which causes it to essentially go into a busy loop of re-probing the
device until the regulators come up.
Move the phy creation to after the regulators have succeeded, and also
fix cleanup on failure. On my ODROID XU4 system (with Debian's initramfs
which doesn't contain the I2C driver), this reduces the number of probe
attempts (for each of the two controllers) from more than 2000 to eight.
Signed-off-by: Steinar H. Gunderson <sesse@google.com>
Reviewed-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Reviewed-by: Vivek Gautam <gautam.vivek@samsung.com>
Fixes: d720f057fda4 ("usb: dwc3: exynos: add nop transceiver support")
Cc: <stable@vger.kernel.org>
---
drivers/usb/dwc3/dwc3-exynos.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/drivers/usb/dwc3/dwc3-exynos.c b/drivers/usb/dwc3/dwc3-exynos.c
index dd5cb55..2f1fb7e 100644
--- a/drivers/usb/dwc3/dwc3-exynos.c
+++ b/drivers/usb/dwc3/dwc3-exynos.c
@@ -128,12 +128,6 @@ static int dwc3_exynos_probe(struct platform_device *pdev)
platform_set_drvdata(pdev, exynos);
- ret = dwc3_exynos_register_phys(exynos);
- if (ret) {
- dev_err(dev, "couldn't register PHYs\n");
- return ret;
- }
-
exynos->dev = dev;
exynos->clk = devm_clk_get(dev, "usbdrd30");
@@ -183,20 +177,29 @@ static int dwc3_exynos_probe(struct platform_device *pdev)
goto err3;
}
+ ret = dwc3_exynos_register_phys(exynos);
+ if (ret) {
+ dev_err(dev, "couldn't register PHYs\n");
+ goto err4;
+ }
+
if (node) {
ret = of_platform_populate(node, NULL, NULL, dev);
if (ret) {
dev_err(dev, "failed to add dwc3 core\n");
- goto err4;
+ goto err5;
}
} else {
dev_err(dev, "no device node, failed to add dwc3 core\n");
ret = -ENODEV;
- goto err4;
+ goto err5;
}
return 0;
+err5:
+ platform_device_unregister(exynos->usb2_phy);
+ platform_device_unregister(exynos->usb3_phy);
err4:
regulator_disable(exynos->vdd10);
err3:

101
debian/patches/bugfix/x86/kvm-vmx-more-complete-state-update-on-apicv-on-off.patch vendored Normal file
View File

@ -0,0 +1,101 @@
From: Roman Kagan <rkagan@virtuozzo.com>
Subject: kvm:vmx: more complete state update on APICv on/off
Date: Wed, 18 May 2016 17:48:20 +0300
Origin: http://article.gmane.org/gmane.comp.emulators.kvm.devel/152191
The function to update APICv on/off state (in particular, to deactivate
it when enabling Hyper-V SynIC), used to be incomplete: it didn't adjust
APICv-related fields among secondary processor-based VM-execution
controls.
As a result, Windows 2012 guests would get stuck when SynIC-based
auto-EOI interrupt intersected with e.g. an IPI in the guest.
In addition, the MSR intercept bitmap wasn't updated to correspond to
whether "virtualize x2APIC mode" was enabled. This path used not to be
triggered, since Windows didn't use x2APIC but rather their own
synthetic APIC access MSRs; however it represented a security risk
because the guest running in a SynIC-enabled VM could switch to x2APIC
and thus obtain direct access to host APIC MSRs (thanks to Yang Zhang
<yang.zhang.wz@gmail.com> for spotting this).
The patch fixes those omissions.
Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Cc: Steve Rutherford <srutherford@google.com>
Cc: Yang Zhang <yang.zhang.wz@gmail.com>
---
arch/x86/kvm/vmx.c | 48 ++++++++++++++++++++++++++++++------------------
1 file changed, 30 insertions(+), 18 deletions(-)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -2397,7 +2397,9 @@ static void vmx_set_msr_bitmap(struct kv
if (is_guest_mode(vcpu))
msr_bitmap = vmx_msr_bitmap_nested;
- else if (vcpu->arch.apic_base & X2APIC_ENABLE) {
+ else if (cpu_has_secondary_exec_ctrls() &&
+ (vmcs_read32(SECONDARY_VM_EXEC_CONTROL) &
+ SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE)) {
if (is_long_mode(vcpu))
msr_bitmap = vmx_msr_bitmap_longmode_x2apic;
else
@@ -4758,6 +4760,19 @@ static void vmx_refresh_apicv_exec_ctrl(
struct vcpu_vmx *vmx = to_vmx(vcpu);
vmcs_write32(PIN_BASED_VM_EXEC_CONTROL, vmx_pin_based_exec_ctrl(vmx));
+ if (cpu_has_secondary_exec_ctrls()) {
+ if (kvm_vcpu_apicv_active(vcpu))
+ vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL,
+ SECONDARY_EXEC_APIC_REGISTER_VIRT |
+ SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);
+ else
+ vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL,
+ SECONDARY_EXEC_APIC_REGISTER_VIRT |
+ SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);
+ }
+
+ if (cpu_has_vmx_msr_bitmap())
+ vmx_set_msr_bitmap(vcpu);
}
static u32 vmx_exec_control(struct vcpu_vmx *vmx)
@@ -6313,23 +6328,20 @@ static __init int hardware_setup(void)
set_bit(0, vmx_vpid_bitmap); /* 0 is reserved for host */
- if (enable_apicv) {
- for (msr = 0x800; msr <= 0x8ff; msr++)
- vmx_disable_intercept_msr_read_x2apic(msr);
-
- /* According SDM, in x2apic mode, the whole id reg is used.
- * But in KVM, it only use the highest eight bits. Need to
- * intercept it */
- vmx_enable_intercept_msr_read_x2apic(0x802);
- /* TMCCT */
- vmx_enable_intercept_msr_read_x2apic(0x839);
- /* TPR */
- vmx_disable_intercept_msr_write_x2apic(0x808);
- /* EOI */
- vmx_disable_intercept_msr_write_x2apic(0x80b);
- /* SELF-IPI */
- vmx_disable_intercept_msr_write_x2apic(0x83f);
- }
+ for (msr = 0x800; msr <= 0x8ff; msr++)
+ vmx_disable_intercept_msr_read_x2apic(msr);
+
+ /* According SDM, in x2apic mode, the whole id reg is used. But in
+ * KVM, it only use the highest eight bits. Need to intercept it */
+ vmx_enable_intercept_msr_read_x2apic(0x802);
+ /* TMCCT */
+ vmx_enable_intercept_msr_read_x2apic(0x839);
+ /* TPR */
+ vmx_disable_intercept_msr_write_x2apic(0x808);
+ /* EOI */
+ vmx_disable_intercept_msr_write_x2apic(0x80b);
+ /* SELF-IPI */
+ vmx_disable_intercept_msr_write_x2apic(0x83f);
if (enable_ept) {
kvm_mmu_set_mask_ptes(0ull,

7
debian/patches/series vendored
View File

@ -49,6 +49,7 @@ bugfix/mips/MIPS-Disable-preemption-during-prctl-PR_SET_FP_MODE.patch
bugfix/mips/MIPS-Force-CPUs-to-lose-FP-context-during-mode-switc.patch
bugfix/x86/revert-sp5100_tco-fix-the-device-check-for-SB800-and.patch
bugfix/powerpc/powerpc-fix-sstep-compile-on-powerpcspe.patch
bugfix/arm/dwc3-exynos-fix-deferred-probing-storm.patch
# Arch features
features/mips/MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch
@ -103,6 +104,12 @@ bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/all/KVM-MTRR-remove-MSR-0x2f8.patch
bugfix/all/media-videobuf2-v4l2-verify-planes-array-in-buffer-d.patch
bugfix/all/tipc-check-nl-sock-before-parsing-nested-attributes.patch
bugfix/x86/kvm-vmx-more-complete-state-update-on-apicv-on-off.patch
bugfix/all/usb-usbfs-fix-potential-infoleak-in-devio.patch
bugfix/all/alsa-timer-fix-leak-in-sndrv_timer_ioctl_params.patch
bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_cca.patch
bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_tin.patch
# Tools bug fixes
bugfix/all/usbip-document-tcp-wrappers.patch