Hello_User/linux-vfio
1
0
Fork 0
forked from AUR/linux-vfio
Code Issues Pull Requests Projects Releases Wiki Activity

Update to 4.9.8-1

Browse Source
This commit is contained in:
Mark Weiman 2017-02-10 11:08:50 -05:00
parent a3822e9181
commit a69e31c391
9 changed files with 511 additions and 632 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
.SRCINFO
View File

@ -1,7 +1,7 @@
# Generated by mksrcinfo v8
# Sat Dec 10 05:34:33 UTC 2016
# Fri Feb 10 16:08:45 UTC 2017
pkgbase = linux-vfio
pkgver = 4.8.13
pkgver = 4.9.8
pkgrel = 1
url = http://www.kernel.org/
arch = i686
@ -14,32 +14,30 @@ pkgbase = linux-vfio
makedepends = bc
makedepends = libelf
options = !strip
source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.8.tar.xz
source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.8.tar.sign
source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.8.13.xz
source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.8.13.sign
source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.9.tar.xz
source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.9.tar.sign
source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.9.8.xz
source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.9.8.sign
source = config
source = config.x86_64
source = 99-linux.hook
source = linux.preset
source = change-default-console-loglevel.patch
source = 0001-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch
source = 0001-i915-Add-module-option-to-support-VGA-arbiter-on-HD-.patch
source = fix_race_condition_in_packet_set_ring.diff
source = net_handle_no_dst_on_skb_in_icmp6_send.patch
sha256sums = 3e9150065f193d3d94bcf46a1fe9f033c7ef7122ab71d75a7fb5a2f0c9a7e11a
source = add-acs-overrides.patch
source = i915-vga-arbiter.patch
source = 0001-x86-fpu-Fix-invalid-FPU-ptrace-state-after-execve.patch
sha256sums = 029098dcffab74875e086ae970e3828456838da6e0ba22ce3f64ef764f3d7f1a
sha256sums = SKIP
sha256sums = f0e2f7f738e1a639956e01ba7ef8d3df40ecb5c7586eb366bcd4af70049a7a3c
sha256sums = d53bb9fb309193cbbf88faa28f4cecfc312dbddaa4c2cbf089f2a7ecd56889c0
sha256sums = SKIP
sha256sums = 01dd9e64e4d5c2188fcbb5a48375c987b16f28f383fb42559a34e1a2c5a8ef2a
sha256sums = 4111ac3a567c2fccd56368c36dad29753c0df4eae721b4a475bae20dae76855a
sha256sums = b5c2a685667a884477904c9fb337d944667b6144720ac2a67d1116f711e70768
sha256sums = ab6c0fab5b147fab9ccef90c62b963510e92fbd068a6a33b9619537243fedca4
sha256sums = 8f407ad5ff6eff106562ba001c36a281134ac9aa468a596aea660a4fe1fd60b5
sha256sums = 99d0102c8065793096b8ea2ccc01c41fa3dcb96855f9f6f2c583b2372208c6f9
sha256sums = 1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99
sha256sums = d36c589e3866535a9ac92911be64795967a05a6d300cc8b70abb79ea24b7b393
sha256sums = 97c6eaff4dfd2059835351afa9466b43569f3eb45f6c57094f57a3f3fad7ec85
sha256sums = 68067f9be72c0b7d0fe78f00514ad12cab597bfd63083ff4d9d2745c8bd3b616
sha256sums = 144bb67184d7e1fda1a254b5364f72465e3070179713071c72c18618e7b6218a
sha256sums = a8337dc3d4ae977be091d2cfe9edb5769b9548c78ed67ebd6ab03029059c9e49
sha256sums = 3e955e0f1aae96bb6c1507236adc952640c9bd0a134b9995ab92106a33dc02d9
pkgname = linux-vfio
pkgdesc = The Linux kernel and modules with patches to enable GPU passthrough with KVM

65
0001-x86-fpu-Fix-invalid-FPU-ptrace-state-after-execve.patch Normal file
View File

@ -0,0 +1,65 @@
From 885bad1e5f32bbf30787ead9578f8174047e6904 Mon Sep 17 00:00:00 2001
From: Yu-cheng Yu <yu-cheng.yu@intel.com>
Date: Thu, 17 Nov 2016 09:11:35 -0800
Subject: [PATCH] x86/fpu: Fix invalid FPU ptrace state after execve()
commit b22cbe404a9cc3c7949e380fa1861e31934c8978 upstream.
Robert O'Callahan reported that after an execve PTRACE_GETREGSET
NT_X86_XSTATE continues to return the pre-exec register values
until the exec'ed task modifies FPU state.
The test code is at:
https://bugzilla.redhat.com/attachment.cgi?id=1164286.
What is happening is fpu__clear() does not properly clear fpstate.
Fix it by doing just that.
Reported-by: Robert O'Callahan <robert@ocallahan.org>
Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: David Hansen <dave.hansen@linux.intel.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/1479402695-6553-1-git-send-email-yu-cheng.yu@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/fpu/core.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
index 3fc03a09a93b1710..c289e2f4a6e5b464 100644
--- a/arch/x86/kernel/fpu/core.c
+++ b/arch/x86/kernel/fpu/core.c
@@ -517,14 +517,14 @@ void fpu__clear(struct fpu *fpu)
{
WARN_ON_FPU(fpu != &current->thread.fpu); /* Almost certainly an anomaly */
- if (!use_eager_fpu() || !static_cpu_has(X86_FEATURE_FPU)) {
- /* FPU state will be reallocated lazily at the first use. */
- fpu__drop(fpu);
- } else {
- if (!fpu->fpstate_active) {
- fpu__activate_curr(fpu);
- user_fpu_begin();
- }
+ fpu__drop(fpu);
+
+ /*
+ * Make sure fpstate is cleared and initialized.
+ */
+ if (static_cpu_has(X86_FEATURE_FPU)) {
+ fpu__activate_curr(fpu);
+ user_fpu_begin();
copy_init_fpstate_to_fpregs();
}
}
--
2.10.2

38
PKGBUILD
View File

@ -2,8 +2,8 @@
# Contributor: Dan Ziemba <zman0900@gmail.com>
pkgbase=linux-vfio
_srcname=linux-4.8
pkgver=4.8.13
_srcname=linux-4.9
pkgver=4.9.8
pkgrel=1
arch=('i686' 'x86_64')
url="http://www.kernel.org/"
@ -21,24 +21,22 @@ source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz"
# standard config files for mkinitcpio ramdisk
'linux.preset'
'change-default-console-loglevel.patch'
'0001-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch'
'0001-i915-Add-module-option-to-support-VGA-arbiter-on-HD-.patch'
'fix_race_condition_in_packet_set_ring.diff'
'net_handle_no_dst_on_skb_in_icmp6_send.patch'
'add-acs-overrides.patch'
'i915-vga-arbiter.patch'
'0001-x86-fpu-Fix-invalid-FPU-ptrace-state-after-execve.patch'
)
sha256sums=('3e9150065f193d3d94bcf46a1fe9f033c7ef7122ab71d75a7fb5a2f0c9a7e11a'
sha256sums=('029098dcffab74875e086ae970e3828456838da6e0ba22ce3f64ef764f3d7f1a'
'SKIP'
'f0e2f7f738e1a639956e01ba7ef8d3df40ecb5c7586eb366bcd4af70049a7a3c'
'd53bb9fb309193cbbf88faa28f4cecfc312dbddaa4c2cbf089f2a7ecd56889c0'
'SKIP'
'01dd9e64e4d5c2188fcbb5a48375c987b16f28f383fb42559a34e1a2c5a8ef2a'
'4111ac3a567c2fccd56368c36dad29753c0df4eae721b4a475bae20dae76855a'
'b5c2a685667a884477904c9fb337d944667b6144720ac2a67d1116f711e70768'
'ab6c0fab5b147fab9ccef90c62b963510e92fbd068a6a33b9619537243fedca4'
'8f407ad5ff6eff106562ba001c36a281134ac9aa468a596aea660a4fe1fd60b5'
'99d0102c8065793096b8ea2ccc01c41fa3dcb96855f9f6f2c583b2372208c6f9'
'1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99'
'd36c589e3866535a9ac92911be64795967a05a6d300cc8b70abb79ea24b7b393'
'97c6eaff4dfd2059835351afa9466b43569f3eb45f6c57094f57a3f3fad7ec85'
'68067f9be72c0b7d0fe78f00514ad12cab597bfd63083ff4d9d2745c8bd3b616'
'144bb67184d7e1fda1a254b5364f72465e3070179713071c72c18618e7b6218a')
'a8337dc3d4ae977be091d2cfe9edb5769b9548c78ed67ebd6ab03029059c9e49'
'3e955e0f1aae96bb6c1507236adc952640c9bd0a134b9995ab92106a33dc02d9')
validpgpkeys=(
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
'647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
@ -52,12 +50,10 @@ prepare() {
# add upstream patch
patch -p1 -i "${srcdir}/patch-${pkgver}"
# fix a race condition that allows to gain root
# https://marc.info/?l=linux-netdev&m=148054660230570&w=2
patch -p1 -i "${srcdir}/fix_race_condition_in_packet_set_ring.diff"
# https://bugzilla.kernel.org/show_bug.cgi?id=189851
patch -p1 -i "${srcdir}/net_handle_no_dst_on_skb_in_icmp6_send.patch"
# Revert a commit that causes memory corruption in i686 chroots on our
# build server ("valgrind bash" immediately crashes)
# https://bugzilla.kernel.org/show_bug.cgi?id=190061
patch -Rp1 -i "${srcdir}/0001-x86-fpu-Fix-invalid-FPU-ptrace-state-after-execve.patch"
# add latest fixes from stable queue, if needed
# http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
@ -75,11 +71,11 @@ prepare() {
# patches for vga arbiter fix in intel systems
echo '==> Applying i915 VGA arbitration patch'
patch -p1 -i "${srcdir}/0001-i915-Add-module-option-to-support-VGA-arbiter-on-HD-.patch"
patch -p1 -i "${srcdir}/i915-vga-arbiter.patch"
# Overrides for missing acs capabilities
echo '==> Applying ACS override patch'
patch -p1 -i "${srcdir}/0001-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch"
patch -p1 -i "${srcdir}/add-acs-overrides.patch"
if [ "${_kernelname}" != "" ]; then
sed -i "s|CONFIG_LOCALVERSION=.*|CONFIG_LOCALVERSION=\"${_kernelname}\"|g" ./.config

0
0001-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch → add-acs-overrides.patch
View File

401
config
View File

File diff suppressed because it is too large Load Diff

369
config.x86_64
View File

File diff suppressed because it is too large Load Diff

85
fix_race_condition_in_packet_set_ring.diff
View File

@ -1,85 +0,0 @@
From: Philip Pettersson <philip.pettersson@gmail.com>
When packet_set_ring creates a ring buffer it will initialize a
struct timer_list if the packet version is TPACKET_V3. This value
can then be raced by a different thread calling setsockopt to
set the version to TPACKET_V1 before packet_set_ring has finished.
This leads to a use-after-free on a function pointer in the
struct timer_list when the socket is closed as the previously
initialized timer will not be deleted.
The bug is fixed by taking lock_sock(sk) in packet_setsockopt when
changing the packet version while also taking the lock at the start
of packet_set_ring.
Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.")
Signed-off-by: Philip Pettersson <philip.pettersson@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
---
net/packet/af_packet.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index d2238b204691b8e4f2e3acb9bc167b553ba32d50..dd2332390c45bbff7c3fc5d259453f2e1ca352bf 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -3648,19 +3648,25 @@ packet_setsockopt(struct socket *sock, int level, int optname, char __user *optv
if (optlen != sizeof(val))
return -EINVAL;
- if (po->rx_ring.pg_vec || po->tx_ring.pg_vec)
- return -EBUSY;
if (copy_from_user(&val, optval, sizeof(val)))
return -EFAULT;
switch (val) {
case TPACKET_V1:
case TPACKET_V2:
case TPACKET_V3:
- po->tp_version = val;
- return 0;
+ break;
default:
return -EINVAL;
}
+ lock_sock(sk);
+ if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) {
+ ret = -EBUSY;
+ } else {
+ po->tp_version = val;
+ ret = 0;
+ }
+ release_sock(sk);
+ return ret;
}
case PACKET_RESERVE:
{
@@ -4164,6 +4170,7 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
/* Added to avoid minimal code churn */
struct tpacket_req *req = &req_u->req;
+ lock_sock(sk);
/* Opening a Tx-ring is NOT supported in TPACKET_V3 */
if (!closing && tx_ring && (po->tp_version > TPACKET_V2)) {
net_warn_ratelimited("Tx-ring is not supported.\n");
@@ -4245,7 +4252,6 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
goto out;
}
- lock_sock(sk);
/* Detach socket from network */
spin_lock(&po->bind_lock);
@@ -4294,11 +4300,11 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
if (!tx_ring)
prb_shutdown_retire_blk_timer(po, rb_queue);
}
- release_sock(sk);
if (pg_vec)
free_pg_vec(pg_vec, order, req->tp_block_nr);
out:
+ release_sock(sk);
return err;
}

80
0001-i915-Add-module-option-to-support-VGA-arbiter-on-HD-.patch → i915-vga-arbiter.patch
View File

@ -1,40 +1,8 @@
From 84ad02d3d21bac087e37513f82324020bee917f2 Mon Sep 17 00:00:00 2001
From bd149c5c439683f2b2bb011e6aa08c304ea4fe77 Mon Sep 17 00:00:00 2001
From: Mark Weiman <mark.weiman@markzz.com>
Date: Sun, 23 Oct 2016 11:15:31 -0400
Date: Fri, 10 Feb 2017 10:57:22 -0500
Subject: [PATCH] i915: Add module option to support VGA arbiter on HD devices
(4.8+)
This is an updated version of Alex Williamson's patch from:
https://lkml.org/lkml/2014/5/9/517
Original commit message follows:
---
Commit 81b5c7bc found that the current VGA arbiter support in i915
only works for ancient GMCH-based IGD devices and attempted to update
support for newer HD devices. Unfortunately newer devices cannot
completely opt-out of VGA arbitration like the old devices could.
The VGA I/O space cannot be disabled internally. The only way to
route VGA I/O elsewhere is by disabling I/O at the device PCI command
register. This means that with commit 81b5c7bc and multiple VGA
adapters, the VGA arbiter will report that multiple VGA devices are
participating in arbitration, Xorg will notice this and disable DRI.
Therefore, 81b5c7bc was reverted because DRI is more important than
being correct.
There is however an actual need for i915 to correctly participate in
VGA arbitration; VGA device assignment. If we want to use VFIO to
assign a VGA device to a virtual machine, we need to be able to
access the VGA resources of that device. By adding an i915 module
option we can allow i915 to continue with its charade by default, but
also allow an easy path for users who require working VGA arbitration.
Hopefully Xorg can someday be taught to behave better with multiple
VGA devices.
This also rolls in reverted commit 6e1b4fda, which corrected an
ordering issue with 81b5c7bc by delaying the disabling of VGA memory
until after vgacon->fbcon handoff.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
---
drivers/gpu/drm/i915/i915_drv.c | 22 +++++++++++++++++++---
drivers/gpu/drm/i915/i915_params.c | 5 +++++
@ -44,22 +12,22 @@ Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
5 files changed, 56 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c
index 5de36d8..4f40704 100644
index 670beebc32f6..4250d27d0709 100644
--- a/drivers/gpu/drm/i915/i915_drv.c
+++ b/drivers/gpu/drm/i915/i915_drv.c
@@ -621,10 +621,20 @@ static int i915_load_modeset_init(struct drm_device *dev)
@@ -585,10 +585,20 @@ static int i915_load_modeset_init(struct drm_device *dev)
* If we are a secondary display controller (!PCI_DISPLAY_CLASS_VGA),
* then we do not take part in VGA arbitration and the
* vga_client_register() fails with -ENODEV.
+ *
+ * NB. The set_decode callback here actually only works on GMCH
+ * NB. The set_decode callback here actually works on GMCH
+ * devices, on newer HD devices we can only disable VGA MMIO space.
+ * Disabling VGA I/O space requires disabling I/O in the PCI command
+ * register. Nonetheless, we like to pretend that we participate in
+ * VGA arbitration and can dynamically disable VGA I/O space because
+ * this makes X happy, even though it's a complete lie.
*/
- ret = vga_client_register(dev->pdev, dev, NULL, i915_vga_set_decode);
- ret = vga_client_register(pdev, dev, NULL, i915_vga_set_decode);
- if (ret && ret != -ENODEV)
- goto out;
+ if (!i915.enable_hd_vgaarb || !HAS_PCH_SPLIT(dev)) {
@ -71,7 +39,7 @@ index 5de36d8..4f40704 100644
intel_register_dsm_handler();
@@ -664,6 +674,12 @@ static int i915_load_modeset_init(struct drm_device *dev)
@@ -628,6 +638,12 @@ static int i915_load_modeset_init(struct drm_device *dev)
if (ret)
goto cleanup_gem;
@ -85,10 +53,10 @@ index 5de36d8..4f40704 100644
intel_hpd_init(dev_priv);
diff --git a/drivers/gpu/drm/i915/i915_params.c b/drivers/gpu/drm/i915/i915_params.c
index b6e404c..d0badce 100644
index 768ad89d9cd4..adb3a0188ae6 100644
--- a/drivers/gpu/drm/i915/i915_params.c
+++ b/drivers/gpu/drm/i915/i915_params.c
@@ -49,6 +49,7 @@ struct i915_params i915 __read_mostly = {
@@ -50,6 +50,7 @@ struct i915_params i915 __read_mostly = {
.invert_brightness = 0,
.disable_display = 0,
.enable_cmd_parser = 1,
@ -96,7 +64,7 @@ index b6e404c..d0badce 100644
.use_mmio_flip = 0,
.mmio_debug = 0,
.verbose_state_checks = 1,
@@ -176,6 +177,10 @@ module_param_named_unsafe(enable_cmd_parser, i915.enable_cmd_parser, int, 0600);
@@ -182,6 +183,10 @@ module_param_named_unsafe(enable_cmd_parser, i915.enable_cmd_parser, int, 0600);
MODULE_PARM_DESC(enable_cmd_parser,
"Enable command parsing (1=enabled [default], 0=disabled)");
@ -108,11 +76,11 @@ index b6e404c..d0badce 100644
MODULE_PARM_DESC(use_mmio_flip,
"use MMIO flips (-1=never, 0=driver discretion [default], 1=always)");
diff --git a/drivers/gpu/drm/i915/i915_params.h b/drivers/gpu/drm/i915/i915_params.h
index 0ad020b..10bc5ab 100644
index 3a0dd78ddb38..0a3af055b22f 100644
--- a/drivers/gpu/drm/i915/i915_params.h
+++ b/drivers/gpu/drm/i915/i915_params.h
@@ -59,6 +59,7 @@ struct i915_params {
bool load_detect_test;
@@ -60,6 +60,7 @@ struct i915_params {
bool force_reset_modeset_test;
bool reset;
bool disable_display;
+ bool enable_hd_vgaarb;
@ -120,10 +88,10 @@ index 0ad020b..10bc5ab 100644
bool nuclear_pageflip;
bool enable_dp_mst;
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index 175595f..8e3a2ce 100644
index 8079e5b380cb..d2593978c114 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -15563,6 +15563,33 @@ static void i915_disable_vga(struct drm_device *dev)
@@ -16266,6 +16266,33 @@ static void i915_disable_vga(struct drm_device *dev)
POSTING_READ(vga_reg);
}
@ -157,7 +125,7 @@ index 175595f..8e3a2ce 100644
void intel_modeset_init_hw(struct drm_device *dev)
{
struct drm_i915_private *dev_priv = to_i915(dev);
@@ -15984,6 +16011,7 @@ void i915_redisable_vga_power_on(struct drm_device *dev)
@@ -16703,6 +16730,7 @@ void i915_redisable_vga_power_on(struct drm_device *dev)
if (!(I915_READ(vga_reg) & VGA_DISP_DISABLE)) {
DRM_DEBUG_KMS("Something enabled VGA plane, disabling it\n");
i915_disable_vga(dev);
@ -165,7 +133,7 @@ index 175595f..8e3a2ce 100644
}
}
@@ -16343,6 +16371,8 @@ void intel_modeset_cleanup(struct drm_device *dev)
@@ -17063,6 +17091,8 @@ void intel_modeset_cleanup(struct drm_device *dev)
{
struct drm_i915_private *dev_priv = to_i915(dev);
@ -175,17 +143,17 @@ index 175595f..8e3a2ce 100644
/*
diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h
index ff399b9..41c3f20 100644
index a19ec06f9e42..f02005f8b9a9 100644
--- a/drivers/gpu/drm/i915/intel_drv.h
+++ b/drivers/gpu/drm/i915/intel_drv.h
@@ -1165,6 +1165,7 @@ void intel_update_rawclk(struct drm_i915_private *dev_priv);
int vlv_get_cck_clock(struct drm_i915_private *dev_priv,
const char *name, u32 reg, int ref_freq);
@@ -1189,6 +1189,7 @@ int vlv_get_cck_clock(struct drm_i915_private *dev_priv,
void lpt_disable_pch_transcoder(struct drm_i915_private *dev_priv);
void lpt_disable_iclkip(struct drm_i915_private *dev_priv);
extern const struct drm_plane_funcs intel_plane_funcs;
+extern void i915_disable_vga_mem(struct drm_device *dev);
void intel_init_display_hooks(struct drm_i915_private *dev_priv);
unsigned int intel_rotation_info_size(const struct intel_rotation_info *rot_info);
bool intel_has_pending_fb_unpin(struct drm_device *dev);
unsigned int intel_fb_xy_to_linear(int x, int y,
const struct intel_plane_state *state,
--
2.10.1
2.11.1

69
net_handle_no_dst_on_skb_in_icmp6_send.patch
View File

@ -1,69 +0,0 @@
From 79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 Mon Sep 17 00:00:00 2001
From: David Ahern <dsa@cumulusnetworks.com>
Date: Sun, 27 Nov 2016 18:52:53 -0800
Subject: [PATCH] net: handle no dst on skb in icmp6_send
Andrey reported the following while fuzzing the kernel with syzkaller:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Modules linked in:
CPU: 0 PID: 3859 Comm: a.out Not tainted 4.9.0-rc6+ #429
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff8800666d4200 task.stack: ffff880067348000
RIP: 0010:[<ffffffff833617ec>] [<ffffffff833617ec>]
icmp6_send+0x5fc/0x1e30 net/ipv6/icmp.c:451
RSP: 0018:ffff88006734f2c0 EFLAGS: 00010206
RAX: ffff8800666d4200 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000018
RBP: ffff88006734f630 R08: ffff880064138418 R09: 0000000000000003
R10: dffffc0000000000 R11: 0000000000000005 R12: 0000000000000000
R13: ffffffff84e7e200 R14: ffff880064138484 R15: ffff8800641383c0
FS: 00007fb3887a07c0(0000) GS:ffff88006cc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000000 CR3: 000000006b040000 CR4: 00000000000006f0
Stack:
ffff8800666d4200 ffff8800666d49f8 ffff8800666d4200 ffffffff84c02460
ffff8800666d4a1a 1ffff1000ccdaa2f ffff88006734f498 0000000000000046
ffff88006734f440 ffffffff832f4269 ffff880064ba7456 0000000000000000
Call Trace:
[<ffffffff83364ddc>] icmpv6_param_prob+0x2c/0x40 net/ipv6/icmp.c:557
[< inline >] ip6_tlvopt_unknown net/ipv6/exthdrs.c:88
[<ffffffff83394405>] ip6_parse_tlv+0x555/0x670 net/ipv6/exthdrs.c:157
[<ffffffff8339a759>] ipv6_parse_hopopts+0x199/0x460 net/ipv6/exthdrs.c:663
[<ffffffff832ee773>] ipv6_rcv+0xfa3/0x1dc0 net/ipv6/ip6_input.c:191
...
icmp6_send / icmpv6_send is invoked for both rx and tx paths. In both
cases the dst->dev should be preferred for determining the L3 domain
if the dst has been set on the skb. Fallback to the skb->dev if it has
not. This covers the case reported here where icmp6_send is invoked on
Rx before the route lookup.
Fixes: 5d41ce29e ("net: icmp6_send should use dst dev to determine L3 domain")
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/ipv6/icmp.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 7370ad2..2772004 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -447,8 +447,10 @@ static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
if (__ipv6_addr_needs_scope_id(addr_type))
iif = skb->dev->ifindex;
- else
- iif = l3mdev_master_ifindex(skb_dst(skb)->dev);
+ else {
+ dst = skb_dst(skb);
+ iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev);
+ }
/*
* Must not send error if the source does not uniquely