| Age | Commit message (Collapse) | Author |
|---|
|
Amongst its other duties, msm_gem_new_impl adds the newly created
GEM object to the shared inactive list which may also be actively
modifiying the list during submission. All the paths to modify
the list are protected by the mutex except for the one through
msm_gem_import which can end up causing list corruption.
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
[add extra WARN_ON(!mutex_is_locked(&dev->struct_mutex))]
Signed-off-by: Rob Clark <robdclark@gmail.com>
|
|
context before waiting
Use the dma_fence_match_context helper to check if all backing fences
are from our own context, in which case we don't have to wait.
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Cc: Rob Clark <robdclark@gmail.com>
Cc: Gustavo Padovan <gustavo.padovan@collabora.com>
[rebased on code-motion]
Signed-off-by: Rob Clark <robdclark@gmail.com>
|
|
struct irq_domain_ops is not modified, so it can be made const.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Rob Clark <robdclark@gmail.com>
|
|
Otherwise, if userspace doesn't re-use a given plane, it's hwpipe(s)
could stay permanently assigned.
Signed-off-by: Rob Clark <robdclark@gmail.com>
|
|
If we follow the typical pattern of the base class being the first
member, we can use the default dma_fence_free function.
Signed-off-by: Eric Anholt <eric@anholt.net>
Cc: Rob Clark <robdclark@gmail.com>
Cc: linux-arm-msm@vger.kernel.org
Cc: freedreno@lists.freedesktop.org
Reviewed-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: Rob Clark <robdclark@gmail.com>
|
|
Without this, polling on the dma-buf (and presumably other devices
synchronizing against our rendering) would return immediately, even
while the BO was busy.
Signed-off-by: Eric Anholt <eric@anholt.net>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: stable@vger.kernel.org
Cc: Rob Clark <robdclark@gmail.com>
Cc: linux-arm-msm@vger.kernel.org
Cc: freedreno@lists.freedesktop.org
Reviewed-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: Rob Clark <robdclark@gmail.com>
|
|
Otherwise if someone was using old bindings with "core_clk" instead of
"core" as the clock name, we'd never find it and gpu would be stuck at
27MHz (or whatever it's slowest rate is).
Fixes: 98db803 ("msm/drm: gpu: Dynamically locate the clocks from the device tree")
Signed-off-by: Rob Clark <robdclark@gmail.com>
|
|
Somehow the helper was never retrofitted for mdp5. Which meant when
plane_state->fence was added, it could get copied into new state in
mdp5_plane_duplicate_state().
If an update to disable the plane (for example on rmfb) managed to sneak
in after an nonblock update had swapped state, but before it was
committed, we'd get a splat:
WARNING: CPU: 1 PID: 69 at ../drivers/gpu/drm/drm_atomic_helper.c:1061 drm_atomic_helper_wait_for_fences+0xe0/0xf8
Modules linked in:
CPU: 1 PID: 69 Comm: kworker/1:1 Tainted: G W 4.11.0-rc8+ #1187
Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
Workqueue: events drm_mode_rmfb_work_fn
task: ffffffc036560d00 task.stack: ffffffc036550000
PC is at drm_atomic_helper_wait_for_fences+0xe0/0xf8
LR is at complete_commit.isra.1+0x44/0x1c0
pc : [<ffffff80084f6040>] lr : [<ffffff800854176c>] pstate: 20000145
sp : ffffffc036553b60
x29: ffffffc036553b60 x28: ffffffc0264e6a00
x27: ffffffc035659000 x26: 0000000000000000
x25: ffffffc0240e8000 x24: 0000000000000038
x23: 0000000000000000 x22: ffffff800858f200
x21: ffffffc0240e8000 x20: ffffffc02f56a800
x19: 0000000000000000 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000
x15: 0000000000000000 x14: ffffffc00a192700
x13: 0000000000000004 x12: 0000000000000000
x11: ffffff80089a1690 x10: 00000000000008f0
x9 : ffffffc036553b20 x8 : ffffffc036561650
x7 : ffffffc03fe6cb40 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000002
x3 : ffffffc035659000 x2 : ffffffc0240e8c80
x1 : 0000000000000000 x0 : ffffffc02adbe588
---[ end trace 13aeec77c3fb55e2 ]---
Call trace:
Exception stack(0xffffffc036553990 to 0xffffffc036553ac0)
3980: 0000000000000000 0000008000000000
39a0: ffffffc036553b60 ffffff80084f6040 0000000000004ff0 0000000000000038
39c0: ffffffc0365539d0 ffffff800857e098 ffffffc036553a00 ffffff800857e1b0
39e0: ffffffc036553a10 ffffff800857c554 ffffffc0365e8400 ffffffc0365e8400
3a00: ffffffc036553a20 ffffff8008103358 000000000001aad7 ffffff800851b72c
3a20: ffffffc036553a50 ffffff80080e9228 ffffffc02adbe588 0000000000000000
3a40: ffffffc0240e8c80 ffffffc035659000 0000000000000002 0000000000000001
3a60: 0000000000000000 ffffffc03fe6cb40 ffffffc036561650 ffffffc036553b20
3a80: 00000000000008f0 ffffff80089a1690 0000000000000000 0000000000000004
3aa0: ffffffc00a192700 0000000000000000 0000000000000000 0000000000000000
[<ffffff80084f6040>] drm_atomic_helper_wait_for_fences+0xe0/0xf8
[<ffffff800854176c>] complete_commit.isra.1+0x44/0x1c0
[<ffffff8008541c64>] msm_atomic_commit+0x32c/0x350
[<ffffff8008516230>] drm_atomic_commit+0x50/0x60
[<ffffff8008517548>] drm_atomic_remove_fb+0x158/0x250
[<ffffff80085186d0>] drm_framebuffer_remove+0x50/0x158
[<ffffff8008518818>] drm_mode_rmfb_work_fn+0x40/0x58
[<ffffff80080d5668>] process_one_work+0x1d0/0x378
[<ffffff80080d5a54>] worker_thread+0x244/0x488
[<ffffff80080db7fc>] kthread+0xfc/0x128
[<ffffff8008082ec0>] ret_from_fork+0x10/0x50
Fixes: 9626014 ("drm/fence: add in-fences support")
Cc: stable@vger.kernel.org
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Reported-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
Signed-off-by: Rob Clark <robdclark@gmail.com>
|
|
Otherwise, if nothing else enabled selects it, dev_pm_opp_of_add_table()
will return -ENOTSUPP.
Fixes: e2af8b6 ("drm/msm: gpu: Use OPP tables if we can")
Signed-off-by: Rob Clark <robdclark@gmail.com>
|
|
into drm-fixes
A bunch of bug fixes:
- Fix display flickering on some chips at high refresh rates
- suspend/resume fix
- hotplug fix
- a couple of segfault fixes for certain cases
* 'drm-fixes-4.12' of git://people.freedesktop.org/~agd5f/linux:
drm/amdgpu: fix null point error when rmmod amdgpu.
drm/amd/powerplay: fix a signedness bugs
drm/amdgpu: fix NULL pointer panic of emit_gds_switch
drm/radeon: Unbreak HPD handling for r600+
drm/amd/powerplay/smu7: disable mclk switching for high refresh rates
drm/amd/powerplay/smu7: add vblank check for mclk switching (v2)
drm/radeon/ci: disable mclk switching for high refresh rates (v2)
drm/amdgpu/ci: disable mclk switching for high refresh rates (v2)
drm/amdgpu: fix fundamental suspend/resume issue
|
|
git://anongit.freedesktop.org/git/drm-misc into drm-fixes
Core Changes:
- Don't drop vblank reference more than once in cases of ww retry (Daniel)
Driver Changes:
- radeon: Fix oops during radeon probe trying to reference wrong device (Lukas)
- qxl: Avoid sleeping while in atomic context on cursor update (Gabriel)
- gma500: Use VBT mode instead of pre-programmed mode for LVDS (Patrik)
Cc: Lukas Wunner <lukas@wunner.de>
Cc: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>
* tag 'drm-misc-fixes-2017-05-25' of git://anongit.freedesktop.org/git/drm-misc:
drm/gma500/psb: Actually use VBT mode when it is found
drm: Fix deadlock retry loop in page_flip_ioctl
drm: qxl: Delay entering atomic context during cursor update
drm/radeon: Fix oops upon driver load on PowerXpress laptops
|
|
this bug happened when amdgpu load failed.
[ 75.740951] BUG: unable to handle kernel paging request at 00000000000031c0
[ 75.748167] IP: [<ffffffffa064a0e0>] amdgpu_fbdev_restore_mode+0x20/0x60 [amdgpu]
[ 75.755774] PGD 0
[ 75.759185] Oops: 0000 [#1] SMP
[ 75.762408] Modules linked in: amdgpu(OE-) ttm(OE) drm_kms_helper(OE) drm(OE) i2c_algo_bit(E) fb_sys_fops(E) syscopyarea(E) sysfillrect(E) sysimgblt(E) rpcsec_gss_krb5(E) nfsv4(E) nfs(E) fscache(E) eeepc_wmi(E) asus_wmi(E) sparse_keymap(E) intel_rapl(E) snd_hda_codec_hdmi(E) snd_hda_codec_realtek(E) snd_hda_codec_generic(E) snd_hda_intel(E) snd_hda_codec(E) snd_hda_core(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) snd_hwdep(E) snd_pcm(E) snd_seq_midi(E) coretemp(E) kvm_intel(E) snd_seq_midi_event(E) snd_rawmidi(E) kvm(E) snd_seq(E) joydev(E) snd_seq_device(E) snd_timer(E) irqbypass(E) crct10dif_pclmul(E) crc32_pclmul(E) mei_me(E) ghash_clmulni_intel(E) snd(E) aesni_intel(E) mei(E) soundcore(E) aes_x86_64(E) shpchp(E) serio_raw(E) lrw(E) acpi_pad(E) gf128mul(E) glue_helper(E) ablk_helper(E) mac_hid(E)
[ 75.835574] cryptd(E) parport_pc(E) ppdev(E) lp(E) nfsd(E) parport(E) auth_rpcgss(E) nfs_acl(E) lockd(E) grace(E) sunrpc(E) autofs4(E) hid_generic(E) usbhid(E) mxm_wmi(E) psmouse(E) e1000e(E) ptp(E) pps_core(E) ahci(E) libahci(E) wmi(E) video(E) i2c_hid(E) hid(E)
[ 75.858489] CPU: 5 PID: 1603 Comm: rmmod Tainted: G OE 4.9.0-custom #2
[ 75.866183] Hardware name: System manufacturer System Product Name/Z170-A, BIOS 0901 08/31/2015
[ 75.875050] task: ffff88045d1bbb80 task.stack: ffffc90002de4000
[ 75.881094] RIP: 0010:[<ffffffffa064a0e0>] [<ffffffffa064a0e0>] amdgpu_fbdev_restore_mode+0x20/0x60 [amdgpu]
[ 75.891238] RSP: 0018:ffffc90002de7d48 EFLAGS: 00010286
[ 75.896648] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 75.903933] RDX: 0000000000000000 RSI: ffff88045d1bbb80 RDI: 0000000000000286
[ 75.911183] RBP: ffffc90002de7d50 R08: 0000000000000502 R09: 0000000000000004
[ 75.918449] R10: 0000000000000000 R11: 0000000000000001 R12: ffff880464bf0000
[ 75.925675] R13: ffffffffa0853000 R14: 0000000000000000 R15: 0000564e44f88210
[ 75.932980] FS: 00007f13d5400700(0000) GS:ffff880476540000(0000) knlGS:0000000000000000
[ 75.941238] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 75.947088] CR2: 00000000000031c0 CR3: 000000045fd0b000 CR4: 00000000003406e0
[ 75.954332] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 75.961566] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 75.968834] Stack:
[ 75.970881] ffff880464bf0000 ffffc90002de7d60 ffffffffa0636592 ffffc90002de7d80
[ 75.978454] ffffffffa059015f ffff880464bf0000 ffff880464bf0000 ffffc90002de7da8
[ 75.986076] ffffffffa0595216 ffff880464bf0000 ffff880460f4d000 ffffffffa0853000
[ 75.993692] Call Trace:
[ 75.996177] [<ffffffffa0636592>] amdgpu_driver_lastclose_kms+0x12/0x20 [amdgpu]
[ 76.003700] [<ffffffffa059015f>] drm_lastclose+0x2f/0xd0 [drm]
[ 76.009777] [<ffffffffa0595216>] drm_dev_unregister+0x16/0xd0 [drm]
[ 76.016255] [<ffffffffa0595944>] drm_put_dev+0x34/0x70 [drm]
[ 76.022139] [<ffffffffa062f365>] amdgpu_pci_remove+0x15/0x20 [amdgpu]
[ 76.028800] [<ffffffff81416499>] pci_device_remove+0x39/0xc0
[ 76.034661] [<ffffffff81531caa>] __device_release_driver+0x9a/0x140
[ 76.041121] [<ffffffff81531e58>] driver_detach+0xb8/0xc0
[ 76.046575] [<ffffffff81530c95>] bus_remove_driver+0x55/0xd0
[ 76.052401] [<ffffffff815325fc>] driver_unregister+0x2c/0x50
[ 76.058244] [<ffffffff81416289>] pci_unregister_driver+0x29/0x90
[ 76.064466] [<ffffffffa0596c5e>] drm_pci_exit+0x9e/0xb0 [drm]
[ 76.070507] [<ffffffffa0796d71>] amdgpu_exit+0x1c/0x32 [amdgpu]
[ 76.076609] [<ffffffff81104810>] SyS_delete_module+0x1a0/0x200
[ 76.082627] [<ffffffff810e2b1a>] ? rcu_eqs_enter.isra.36+0x4a/0x50
[ 76.089001] [<ffffffff8100392e>] do_syscall_64+0x6e/0x180
[ 76.094583] [<ffffffff817e1d2f>] entry_SYSCALL64_slow_path+0x25/0x25
[ 76.101114] Code: 94 c0 c3 31 c0 5d c3 0f 1f 40 00 0f 1f 44 00 00 55 31 c0 48 89 e5 53 48 89 fb 48 c7 c7 1d 21 84 a0 e8 ab 77 b3 e0 e8 fc 8b d7 e0 <48> 8b bb c0 31 00 00 48 85 ff 74 09 e8 ff eb fc ff 85 c0 75 03
[ 76.121432] RIP [<ffffffffa064a0e0>] amdgpu_fbdev_restore_mode+0x20/0x60 [amdgpu]
Signed-off-by: Rex Zhu <Rex.Zhu@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
Smatch complains about a signedness bug here:
vega10_hwmgr.c:4202 vega10_force_clock_level()
warn: always true condition '(i >= 0) => (0-u32max >= 0)'
Fixes: 7b52db39a4c2 ("drm/amd/powerplay: fix bug sclk/mclk
level can't be set on vega10.")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Eric Huang <JinHuiEric.Huang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
[ 338.384770] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 338.384817] IP: [< (null)>] (null)
[ 338.385505] RIP: 0010:[<0000000000000000>] [< (null)>] (null)
[ 338.385950] Call Trace:
[ 338.385993] [<ffffffffa05d2313>] ? amdgpu_vm_flush+0x283/0x400 [amdgpu]
[ 338.386025] [<ffffffff811818d3>] ? printk+0x4d/0x4f
[ 338.386074] [<ffffffffa05d4906>] amdgpu_ib_schedule+0x4a6/0x4d0 [amdgpu]
[ 338.386140] [<ffffffffa0673e54>] amdgpu_job_run+0x64/0x180 [amdgpu]
[ 338.386203] [<ffffffffa0672e09>] amd_sched_main+0x2e9/0x4a0 [amdgpu]
[ 338.386232] [<ffffffff810bfce0>] ? prepare_to_wait_event+0x110/0x110
[ 338.386295] [<ffffffffa0672b20>] ? amd_sched_select_entity+0xe0/0xe0 [amdgpu]
[ 338.386327] [<ffffffff8109b423>] kthread+0xd3/0xf0
[ 338.386349] [<ffffffff8109b350>] ? kthread_park+0x60/0x60
[ 338.386376] [<ffffffff817e1ee5>] ret_from_fork+0x25/0x30
[ 338.386401] Code: Bad RIP value.
[ 338.386420] RIP [< (null)>] (null)
[ 338.386443] RSP <ffffc90001bd7d40>
[ 338.386458] CR2: 0000000000000000
[ 338.398508] ---[ end trace 4c66fcdc74b9a0a2 ]---
Signed-off-by: Chunming Zhou <David1.Zhou@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
We end up reading the interrupt register for HPD5, and then writing it
to HPD6 which on systems without anything using HPD5 results in
permanently disabling hotplug on one of the display outputs after the
first time we acknowledge a hotplug interrupt from the GPU.
This code is really bad. But for now, let's just fix this. I will
hopefully have a large patch series to refactor all of this soon.
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Lyude <lyude@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
Even if the vblank period would allow it, it still seems to
be problematic on some cards.
bug: https://bugs.freedesktop.org/show_bug.cgi?id=96868
Cc: stable@vger.kernel.org
Acked-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
Check to make sure the vblank period is long enough to support
mclk switching.
v2: drop needless initial assignment (Nils)
bug: https://bugs.freedesktop.org/show_bug.cgi?id=96868
Cc: stable@vger.kernel.org
Acked-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Rex Zhu <Rex.Zhu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
Even if the vblank period would allow it, it still seems to
be problematic on some cards.
v2: fix logic inversion (Nils)
bug: https://bugs.freedesktop.org/show_bug.cgi?id=96868
Cc: stable@vger.kernel.org
Acked-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
Even if the vblank period would allow it, it still seems to
be problematic on some cards.
v2: fix logic inversion (Nils)
bug: https://bugs.freedesktop.org/show_bug.cgi?id=96868
Cc: stable@vger.kernel.org
Acked-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
Reinitializing the VM manager during suspend/resume is a very very bad
idea since all the VMs are still active and kicking.
This can lead to random VM faults after resume when new processes
become the same client ID assigned.
Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
|
|
With LVDS we were incorrectly picking the pre-programmed mode instead of
the prefered mode provided by VBT. Make sure we pick the VBT mode if
one is provided. It is likely that the mode read-out code is still wrong
but this patch fixes the immediate problem on most machines.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=78562
Cc: <stable@vger.kernel.org>
Signed-off-by: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20170418114332.12183-1-patrik.r.jakobsson@gmail.com
|
|
I failed to properly onion-wrap the unwind code: We acquire the vblank
reference before we start with the wait-wound locking dance, hence we
must make sure we retry before we drop the reference. Oops.
v2: The vblank_put must be after the frambuffer_put (Michel). I suck at
unwrapping code that doesn't use separate labels for each stage, but
checks each pointer first ... While re-reading everything I also
realized that we must clean up the fb refcounts, and specifically
plane->old_fb before we drop the locks, either in the final unlocking,
or in the w/w retry path. Hence the correct fix is to drop the
vblank_put to the very bottom.
Fixes: 29dc0d1de182 ("drm: Roll out acquire context for the page_flip ioctl")
Cc: Harry Wentland <harry.wentland@amd.com>
Cc: Daniel Vetter <daniel.vetter@intel.com>
Cc: Jani Nikula <jani.nikula@linux.intel.com>
Cc: Sean Paul <seanpaul@chromium.org>
Cc: David Airlie <airlied@linux.ie>
Cc: dri-devel@lists.freedesktop.org
Reported-by: Tommi Rantala <tt.rantala@gmail.com>
Cc: Tommi Rantala <tt.rantala@gmail.com>
Cc: Michel Dänzer <michel@daenzer.net>
Tested-by: Tommi Rantala <tt.rantala@gmail.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20170522135945.28831-1-daniel.vetter@ffwll.ch
|
|
qxl_release_map will enter an atomic context, but since we still need to
alloc memory for BOs, we better delay that until we have everything we
need, in case we need to sleep inside the allocation. This avoids the
Sleep in atomic state below, which was reported by Mike.
[ 43.910362] BUG: sleeping function called from invalid context at mm/slab.h:432
[ 43.910955] in_atomic(): 1, irqs_disabled(): 0, pid: 2077, name: Xorg
[ 43.911472] Preemption disabled at:
[ 43.911478] [<ffffffffa02b1c45>] qxl_bo_kmap_atomic_page+0xa5/0x100 [qxl]
[ 43.912103] CPU: 0 PID: 2077 Comm: Xorg Tainted: G E 4.12.0-master #38
[ 43.912550] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.8.1-0-g4adadbd-20161202_174313-build11a 04/01/2014
[ 43.913202] Call Trace:
[ 43.913371] dump_stack+0x65/0x89
[ 43.913581] ? qxl_bo_kmap_atomic_page+0xa5/0x100 [qxl]
[ 43.913876] ___might_sleep+0x11a/0x190
[ 43.914095] __might_sleep+0x4a/0x80
[ 43.914319] ? qxl_bo_create+0x50/0x190 [qxl]
[ 43.914565] kmem_cache_alloc_trace+0x46/0x180
[ 43.914836] qxl_bo_create+0x50/0x190 [qxl]
[ 43.915082] ? refcount_dec_and_test+0x11/0x20
[ 43.915332] ? ttm_mem_io_reserve+0x41/0xe0 [ttm]
[ 43.915595] qxl_alloc_bo_reserved+0x37/0xb0 [qxl]
[ 43.915884] qxl_cursor_atomic_update+0x8f/0x260 [qxl]
[ 43.916172] ? drm_atomic_helper_update_legacy_modeset_state+0x1d6/0x210 [drm_kms_helper]
[ 43.916623] drm_atomic_helper_commit_planes+0xec/0x230 [drm_kms_helper]
[ 43.916995] drm_atomic_helper_commit_tail+0x2b/0x60 [drm_kms_helper]
[ 43.917398] commit_tail+0x65/0x70 [drm_kms_helper]
[ 43.917693] drm_atomic_helper_commit+0xa9/0x100 [drm_kms_helper]
[ 43.918039] drm_atomic_commit+0x4b/0x50 [drm]
[ 43.918334] drm_atomic_helper_update_plane+0xf1/0x110 [drm_kms_helper]
[ 43.918902] __setplane_internal+0x19f/0x280 [drm]
[ 43.919240] drm_mode_cursor_universal+0x101/0x1c0 [drm]
[ 43.919541] drm_mode_cursor_common+0x15b/0x1d0 [drm]
[ 43.919858] drm_mode_cursor2_ioctl+0xe/0x10 [drm]
[ 43.920157] drm_ioctl+0x211/0x460 [drm]
[ 43.920383] ? drm_mode_cursor_ioctl+0x50/0x50 [drm]
[ 43.920664] ? handle_mm_fault+0x93/0x160
[ 43.920893] do_vfs_ioctl+0x96/0x6e0
[ 43.921117] ? __fget+0x73/0xa0
[ 43.921322] SyS_ioctl+0x41/0x70
[ 43.921545] entry_SYSCALL_64_fastpath+0x1a/0xa5
[ 43.922188] RIP: 0033:0x7f1145804bc7
[ 43.922526] RSP: 002b:00007ffcd3e50508 EFLAGS: 00003246 ORIG_RAX: 0000000000000010
[ 43.923367] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 00007f1145804bc7
[ 43.923852] RDX: 00007ffcd3e50540 RSI: 00000000c02464bb RDI: 000000000000000b
[ 43.924299] RBP: 0000000000000040 R08: 0000000000000040 R09: 000000000000000c
[ 43.924694] R10: 00007ffcd3e50340 R11: 0000000000003246 R12: 0000000000000018
[ 43.925128] R13: 00000000022bc390 R14: 0000000000000040 R15: 00007ffcd3e5062c
Reported-by: Mike Galbraith <efault@gmx.de>
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Link: http://patchwork.freedesktop.org/patch/msgid/20170519175819.15682-1-krisman@collabora.co.uk
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Nicolai Stange reports the following oops which is caused by
dereferencing rdev->pdev before it's subsequently set by
radeon_device_init(). Fix it.
BUG: unable to handle kernel NULL pointer dereference at 00000000000007cb
IP: radeon_driver_load_kms+0xeb/0x230 [radeon]
...
Call Trace:
drm_dev_register+0x146/0x1d0 [drm]
drm_get_pci_dev+0x9a/0x180 [drm]
radeon_pci_probe+0xb8/0xe0 [radeon]
local_pci_probe+0x45/0xa0
pci_device_probe+0x14f/0x1a0
driver_probe_device+0x29c/0x450
__driver_attach+0xdf/0xf0
? driver_probe_device+0x450/0x450
bus_for_each_dev+0x6c/0xc0
driver_attach+0x1e/0x20
bus_add_driver+0x170/0x270
driver_register+0x60/0xe0
? 0xffffffffc0508000
__pci_register_driver+0x4c/0x50
drm_pci_init+0xeb/0x100 [drm]
? vga_switcheroo_register_handler+0x6a/0x90
? 0xffffffffc0508000
radeon_init+0x98/0xb6 [radeon]
do_one_initcall+0x52/0x1a0
? __vunmap+0x81/0xb0
? kmem_cache_alloc_trace+0x159/0x1b0
? do_init_module+0x27/0x1f8
do_init_module+0x5f/0x1f8
load_module+0x27ce/0x2be0
SYSC_finit_module+0xdf/0x110
? SYSC_finit_module+0xdf/0x110
SyS_finit_module+0xe/0x10
do_syscall_64+0x67/0x150
entry_SYSCALL64_slow_path+0x25/0x25
Fixes: 7ffb0ce31cf9 ("drm/radeon: Don't register Thunderbolt eGPU with vga_switcheroo")
Reported-and-tested-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Link: http://patchwork.freedesktop.org/patch/msgid/cfb91ba052af06117137eec0637543a2626a7979.1495135190.git.lukas@wunner.de
|
|
|
|
The code to fetch a 64-bit value from user space was entirely buggered,
and has been since the code was merged in early 2016 in commit
b2f680380ddf ("x86/mm/32: Add support for 64-bit __get_user() on 32-bit
kernels").
Happily the buggered routine is almost certainly entirely unused, since
the normal way to access user space memory is just with the non-inlined
"get_user()", and the inlined version didn't even historically exist.
The normal "get_user()" case is handled by external hand-written asm in
arch/x86/lib/getuser.S that doesn't have either of these issues.
There were two independent bugs in __get_user_asm_u64():
- it still did the STAC/CLAC user space access marking, even though
that is now done by the wrapper macros, see commit 11f1a4b9755f
("x86: reorganize SMAP handling in user space accesses").
This didn't result in a semantic error, it just means that the
inlined optimized version was hugely less efficient than the
allegedly slower standard version, since the CLAC/STAC overhead is
quite high on modern Intel CPU's.
- the double register %eax/%edx was marked as an output, but the %eax
part of it was touched early in the asm, and could thus clobber other
inputs to the asm that gcc didn't expect it to touch.
In particular, that meant that the generated code could look like
this:
mov (%eax),%eax
mov 0x4(%eax),%edx
where the load of %edx obviously was _supposed_ to be from the 32-bit
word that followed the source of %eax, but because %eax was
overwritten by the first instruction, the source of %edx was
basically random garbage.
The fixes are trivial: remove the extraneous STAC/CLAC entries, and mark
the 64-bit output as early-clobber to let gcc know that no inputs should
alias with the output register.
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Benjamin LaHaise <bcrl@kvack.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: stable@kernel.org # v4.8+
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Al noticed that unsafe_put_user() had type problems, and fixed them in
commit a7cc722fff0b ("fix unsafe_put_user()"), which made me look more
at those functions.
It turns out that unsafe_get_user() had a type issue too: it limited the
largest size of the type it could handle to "unsigned long". Which is
fine with the current users, but doesn't match our existing normal
get_user() semantics, which can also handle "u64" even when that does
not fit in a long.
While at it, also clean up the type cast in unsafe_put_user(). We
actually want to just make it an assignment to the expected type of the
pointer, because we actually do want warnings from types that don't
convert silently. And it makes the code more readable by not having
that one very long and complex line.
[ This patch might become stable material if we ever end up back-porting
any new users of the unsafe uaccess code, but as things stand now this
doesn't matter for any current existing uses. ]
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull misc uaccess fixes from Al Viro:
"Fix for unsafe_put_user() (no callers currently in mainline, but
anyone starting to use it will step into that) + alpha osf_wait4()
infoleak fix"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
osf_wait4(): fix infoleak
fix unsafe_put_user()
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler fix from Thomas Gleixner:
"A single scheduler fix:
Prevent idle task from ever being preempted. That makes sure that
synchronize_rcu_tasks() which is ignoring idle task does not pretend
that no task is stuck in preempted state. If that happens and idle was
preempted on a ftrace trampoline the machine crashes due to
inconsistent state"
* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched/core: Call __schedule() from do_idle() without enabling preemption
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull irq fixes from Thomas Gleixner:
"A set of small fixes for the irq subsystem:
- Cure a data ordering problem with chained interrupts
- Three small fixlets for the mbigen irq chip"
* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
genirq: Fix chained interrupt data ordering
irqchip/mbigen: Fix the clear register offset calculation
irqchip/mbigen: Fix potential NULL dereferencing
irqchip/mbigen: Fix memory mapping code
|
|
failing sys_wait4() won't fill struct rusage...
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
|
__put_user_size() relies upon its first argument having the same type as what
the second one points to; the only other user makes sure of that and
unsafe_put_user() should do the same.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing fixes from Steven Rostedt:
- Fix a bug caused by not cleaning up the new instance unique triggers
when deleting an instance. It also creates a selftest that triggers
that bug.
- Fix the delayed optimization happening after kprobes boot up self
tests being removed by freeing of init memory.
- Comment kprobes on why the delay optimization is not a problem for
removal of modules, to keep other developers from searching that
riddle.
- Fix another case of rcu not watching in stack trace tracing.
* tag 'trace-v4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracing: Make sure RCU is watching before calling a stack trace
kprobes: Document how optimized kprobes are removed from module unload
selftests/ftrace: Add test to remove instance with active event triggers
selftests/ftrace: Fix bashisms
ftrace: Remove #ifdef from code and add clear_ftrace_function_probes() stub
ftrace/instances: Clear function triggers when removing instances
ftrace: Simplify glob handling in unregister_ftrace_function_probe_func()
tracing/kprobes: Enforce kprobes teardown after testing
tracing: Move postpone selftests to core from early_initcall
|
|
Pull block fixes from Jens Axboe:
"A small collection of fixes that should go into this cycle.
- a pull request from Christoph for NVMe, which ended up being
manually applied to avoid pulling in newer bits in master. Mostly
fibre channel fixes from James, but also a few fixes from Jon and
Vijay
- a pull request from Konrad, with just a single fix for xen-blkback
from Gustavo.
- a fuseblk bdi fix from Jan, fixing a regression in this series with
the dynamic backing devices.
- a blktrace fix from Shaohua, replacing sscanf() with kstrtoull().
- a request leak fix for drbd from Lars, fixing a regression in the
last series with the kref changes. This will go to stable as well"
* 'for-linus' of git://git.kernel.dk/linux-block:
nvmet: release the sq ref on rdma read errors
nvmet-fc: remove target cpu scheduling flag
nvme-fc: stop queues on error detection
nvme-fc: require target or discovery role for fc-nvme targets
nvme-fc: correct port role bits
nvme: unmap CMB and remove sysfs file in reset path
blktrace: fix integer parse
fuseblk: Fix warning in super_setup_bdi_name()
block: xen-blkback: add null check to avoid null pointer dereference
drbd: fix request leak introduced by locking/atomic, kref: Kill kref_sub()
|
|
On rdma read errors, release the sq ref that was taken
when the req was initialized. This avoids a hang in
nvmet_sq_destroy() when the queue is being freed.
Signed-off-by: Vijay Immanuel <vijayi@attalasystems.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
|
|
Remove NVMET_FCTGTFEAT_NEEDS_CMD_CPUSCHED. It's unnecessary.
Signed-off-by: James Smart <james.smart@broadcom.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
|
|
Per the recommendation by Sagi on:
http://lists.infradead.org/pipermail/linux-nvme/2017-April/009261.html
Rather than waiting for reset work thread to stop queues and abort the ios,
immediately stop the queues on error detection. Reset thread will restop
the queues (as it's called on other paths), but it does not appear to have
a side effect.
Signed-off-by: James Smart <james.smart@broadcom.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
|
|
In order to create an association, the remoteport must be
serving either a target role or a discovery role.
Signed-off-by: James Smart <james.smart@broadcom.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
|
|
FC Port roles is a bit mask, not individual values.
Correct nvme definitions to unique bits.
Signed-off-by: James Smart <james.smart@broadcom.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
|
|
CMB doesn't get unmapped until removal while getting remapped on every
reset. Add the unmapping and sysfs file removal to the reset path in
nvme_pci_disable to match the mapping path in nvme_pci_enable.
Fixes: 202021c1a ("nvme : Add sysfs entry for NVMe CMBs when appropriate")
Signed-off-by: Jon Derrick <jonathan.derrick@intel.com>
Acked-by: Keith Busch <keith.busch@intel.com>
Reviewed-By: Stephen Bates <sbates@raithlin.com>
Cc: <stable@vger.kernel.org> # 4.9+
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
Pull staging driver fixes from Greg KH:
"Here are a number of staging driver fixes for 4.12-rc2
Most of them are typec driver fixes found by reviewers and users of
the code. There are also some removals of files no longer needed in
the tree due to the ion driver rewrite in 4.12-rc1, as well as some
wifi driver fixes. And to round it out, a MAINTAINERS file update.
All have been in linux-next with no reported issues"
* tag 'staging-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (22 commits)
MAINTAINERS: greybus-dev list is members-only
staging: fsl-dpaa2/eth: add ETHERNET dependency
staging: typec: fusb302: refactor resume retry mechanism
staging: typec: fusb302: reset i2c_busy state in error
staging: rtl8723bs: remove re-positioned call to kfree in os_dep/ioctl_cfg80211.c
staging: rtl8192e: GetTs Fix invalid TID 7 warning.
staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of EPROM_CMD.
staging: rtl8192e: fix 2 byte alignment of register BSSIDR.
staging: rtl8192e: rtl92e_fill_tx_desc fix write to mapped out memory.
staging: vc04_services: Fix bulk cache maintenance
staging: ccree: remove extraneous spin_unlock_bh() in error handler
staging: typec: Fix sparse warnings about incorrect types
staging: typec: fusb302: do not free gpio from managed resource
staging: typec: tcpm: Fix Port Power Role field in PS_RDY messages
staging: typec: tcpm: Respond to Discover Identity commands
staging: typec: tcpm: Set correct flags in PD request messages
staging: typec: tcpm: Drop duplicate PD messages
staging: typec: fusb302: Fix chip->vbus_present init value
staging: typec: fusb302: Fix module autoload
staging: typec: tcpci: declare private structure as static
...
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB fixes from Greg KH:
"Here are a number of small USB fixes for 4.12-rc2
Most of them come from Johan, in his valiant quest to fix up all
drivers that could be affected by "malicious" USB devices. There's
also some fixes for more "obscure" drivers to handle some of the
vmalloc stack fallout (which for USB drivers, was always the case, but
very few people actually ran those systems...)
Other than that, the normal set of xhci and gadget and musb driver
fixes as well.
All have been in linux-next with no reported issues"
* tag 'usb-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (42 commits)
usb: musb: tusb6010_omap: Do not reset the other direction's packet size
usb: musb: Fix trying to suspend while active for OTG configurations
usb: host: xhci-plat: propagate return value of platform_get_irq()
xhci: Fix command ring stop regression in 4.11
xhci: remove GFP_DMA flag from allocation
USB: xhci: fix lock-inversion problem
usb: host: xhci-ring: don't need to clear interrupt pending for MSI enabled hcd
usb: host: xhci-mem: allocate zeroed Scratchpad Buffer
xhci: apply PME_STUCK_QUIRK and MISSING_CAS quirk for Denverton
usb: xhci: trace URB before giving it back instead of after
USB: serial: qcserial: add more Lenovo EM74xx device IDs
USB: host: xhci: use max-port define
USB: hub: fix SS max number of ports
USB: hub: fix non-SS hub-descriptor handling
USB: hub: fix SS hub-descriptor handling
USB: usbip: fix nonconforming hub descriptor
USB: gadget: dummy_hcd: fix hub-descriptor removable fields
doc-rst: fixed kernel-doc directives in usb/typec.rst
USB: core: of: document reference taken by companion helper
USB: ehci-platform: fix companion-device leak
...
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc driver fixes from Greg KH:
"Here are five small bugfixes for reported issues with 4.12-rc1 and
earlier kernels. Nothing huge here, just a lp, mem, vpd, and uio
driver fix, along with a Kconfig fixup for one of the misc drivers.
All of these have been in linux-next with no reported issues"
* tag 'char-misc-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
firmware: Google VPD: Fix memory allocation error handling
drivers: char: mem: Check for address space wraparound with mmap()
uio: fix incorrect memory leak cleanup
misc: pci_endpoint_test: select CRC32
char: lp: fix possible integer overflow in lp_setup()
|
|
Pull watchdog fixes from Wim Van Sebroeck:
- orion_wdt compile-test dependencies
- sama5d4_wdt: WDDIS handling and a race confition
- pcwd_usb: fix NULL-deref at probe
- cadence_wdt: fix timeout setting
- wdt_pci: fix build error if SOFTWARE_REBOOT is defined
- iTCO_wdt: all versions count down twice
- zx2967: remove redundant dev_err call in zx2967_wdt_probe()
- bcm281xx: Fix use of uninitialized spinlock
* git://www.linux-watchdog.org/linux-watchdog:
watchdog: bcm281xx: Fix use of uninitialized spinlock.
watchdog: zx2967: remove redundant dev_err call in zx2967_wdt_probe()
iTCO_wdt: all versions count down twice
watchdog: wdt_pci: fix build error if define SOFTWARE_REBOOT
watchdog: cadence_wdt: fix timeout setting
watchdog: pcwd_usb: fix NULL-deref at probe
watchdog: sama5d4: fix race condition
watchdog: sama5d4: fix WDDIS handling
watchdog: orion: fix compile-test dependencies
|
|
git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"Mostly nouveau and i915, fairly quiet as usual for rc2"
* tag 'drm-fixes-for-v4.12-rc2' of git://people.freedesktop.org/~airlied/linux:
drm/atmel-hlcdc: Fix output initialization
gpu: host1x: select IOMMU_IOVA
drm/nouveau/fifo/gk104-: Silence a locking warning
drm/nouveau/secboot: plug memory leak in ls_ucode_img_load_gr() error path
drm/nouveau: Fix drm poll_helper handling
drm/i915: don't do allocate_va_range again on PIN_UPDATE
drm/i915: Fix rawclk readout for g4x
drm/i915: Fix runtime PM for LPE audio
drm/i915/glk: Fix DSI "*ERROR* ULPS is still active" messages
drm/i915/gvt: avoid unnecessary vgpu switch
drm/i915/gvt: not to restore in-context mmio
drm/etnaviv: don't put fence in case of submit failure
drm/i915/gvt: fix typo: "supporte" -> "support"
drm: hdlcd: Fix the calculation of the scanout start address
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"This is the first sweep of mostly minor fixes. There's one security
one: the read past the end of a buffer in qedf, and a panic fix for
lpfc SLI-3 adapters, but the rest are a set of include and build
dependency tidy ups and assorted other small fixes and updates"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: pmcraid: remove redundant check to see if request_size is less than zero
scsi: lpfc: ensure els_wq is being checked before destroying it
scsi: cxlflash: Select IRQ_POLL
scsi: qedf: Avoid reading past end of buffer
scsi: qedf: Cleanup the type of io_log->op
scsi: lpfc: double lock typo in lpfc_ns_rsp()
scsi: qedf: properly update arguments position in function call
scsi: scsi_lib: Add #include <scsi/scsi_transport.h>
scsi: MAINTAINERS: update OSD entries
scsi: Skip deleted devices in __scsi_device_lookup
scsi: lpfc: Fix panic on BFS configuration
scsi: libfc: do not flood console with messages 'libfc: queue full ...'
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
Pull libnvdimm fixes from Dan Williams:
"A couple of compile fixes.
With the removal of the ->direct_access() method from
block_device_operations in favor of a new dax_device + dax_operations
we broke two configurations.
The CONFIG_BLOCK=n case is fixed by compiling out the block+dax
helpers in the dax core. Configurations with FS_DAX=n EXT4=y / XFS=y
and DAX=m fail due to the helpers the builtin filesystem needs being
in a module, so we stub out the helpers in the FS_DAX=n case."
* 'libnvdimm-for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
dax, xfs, ext4: compile out iomap-dax paths in the FS_DAX=n case
dax: fix false CONFIG_BLOCK dependency
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c fix from Wolfram Sang:
"A regression fix for I2C that would be great to have in rc2"
* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: designware: don't infer timings described by ACPI from clock rate
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
Pull IOMMU fixes from Joerg Roedel:
- another compile-fix as a fallout of the recent header-file cleanup
- add a missing IO/TLB flush to the Intel VT-d kdump code path
- a fix for ARM64 dma code to only access initialized iova_domain
members
* tag 'iommu-fixes-v4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu/mediatek: Include linux/dma-mapping.h
iommu/vt-d: Flush the IOTLB to get rid of the initial kdump mappings
iommu/dma: Don't touch invalid iova_domain members
|
|
Pull KVM fixes from Radim Krčmář:
"ARM:
- a fix for a build failure introduced in -rc1 when tracepoints are
enabled on 32-bit ARM.
- disable use of stack pointer protection in the hyp code which can
cause panics.
- a handful of VGIC fixes.
- a fix to the init of the redistributors on GICv3 systems that
prevented boot with kvmtool on GICv3 systems introduced in -rc1.
- a number of race conditions fixed in our MMU handling code.
- a fix for the guest being able to program the debug extensions for
the host on the 32-bit side.
PPC:
- fixes for build failures with PR KVM configurations.
- a fix for a host crash that can occur on POWER9 with radix guests.
x86:
- fixes for nested PML and nested EPT.
- a fix for crashes caused by reserved bits in SSE MXCSR that could
have been set by userspace.
- an optimization of halt polling that fixes high CPU overhead.
- fixes for four reports from Dan Carpenter's static checker.
- a protection around code that shouldn't have been preemptible.
- a fix for port IO emulation"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (27 commits)
KVM: x86: prevent uninitialized variable warning in check_svme()
KVM: x86/vPMU: fix undefined shift in intel_pmu_refresh()
KVM: x86: zero base3 of unusable segments
KVM: X86: Fix read out-of-bounds vulnerability in kvm pio emulation
KVM: x86: Fix potential preemption when get the current kvmclock timestamp
KVM: Silence underflow warning in avic_get_physical_id_entry()
KVM: arm/arm64: Hold slots_lock when unregistering kvm io bus devices
KVM: arm/arm64: Fix bug when registering redist iodevs
KVM: x86: lower default for halt_poll_ns
kvm: arm/arm64: Fix use after free of stage2 page table
kvm: arm/arm64: Force reading uncached stage2 PGD
KVM: nVMX: fix EPT permissions as reported in exit qualification
KVM: VMX: Don't enable EPT A/D feature if EPT feature is disabled
KVM: x86: Fix load damaged SSEx MXCSR register
kvm: nVMX: off by one in vmx_write_pml_buffer()
KVM: arm: rename pm_fake handler to trap_raz_wi
KVM: arm: plug potential guest hardware debug leakage
kvm: arm/arm64: Fix race in resetting stage2 PGD
KVM: arm/arm64: vgic-v3: Use PREbits to infer the number of ICH_APxRn_EL2 registers
KVM: arm/arm64: vgic-v3: Do not use Active+Pending state for a HW interrupt
...
|
