Hello_User/linux-vfio
1
0
Fork 0
forked from AUR/linux-vfio
Code Issues Pull Requests Projects Releases Wiki Activity

Update to 4.15.1-1

Browse Source
This commit is contained in:
Mark Weiman 2018-02-07 22:41:21 -05:00
parent 3e2b5d9372
commit b23427dec7
13 changed files with 1973 additions and 1373 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
.SRCINFO
View File

@ -1,5 +1,5 @@
pkgbase = linux-vfio
pkgver = 4.14.11
pkgver = 4.15.1
pkgrel = 1
url = http://www.kernel.org/
arch = x86_64
@ -11,10 +11,10 @@ pkgbase = linux-vfio
makedepends = bc
makedepends = libelf
options = !strip
source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz
source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.sign
source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.11.xz
source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.11.sign
source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.15.tar.xz
source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.15.tar.sign
source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.15.1.xz
source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.15.1.sign
source = config
source = 60-linux.hook
source = 90-linux.hook
@ -22,31 +22,21 @@ pkgbase = linux-vfio
source = add-acs-overrides.patch
source = i915-vga-arbiter.patch
source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
source = 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
source = 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
source = 0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
source = 0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
source = 0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
source = 0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
source = 0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
sha256sums = f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7
sha256sums = 5a26478906d5005f4f809402e981518d2b8844949199f60c4b6e1f986ca2a769
sha256sums = SKIP
sha256sums = f588b62d7ee1d2ebdc24afa0e256ff2f8812d5cab3bf572bf02e7c4525922bf9
sha256sums = 202a0a34f221ae335de096c292927d7a7d4bcdbc2dd46d43b8a5f6420f95a0cf
sha256sums = SKIP
sha256sums = 24b8cf6829dafcb2b5c76cffaae6438ad2d432f13d6551fa1c8f25e66b751ed4
sha256sums = 57400ed3b21281ad84d72756ce98815c8f6073b8c53b3bc6d73120c47902a263
sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21
sha256sums = 8f407ad5ff6eff106562ba001c36a281134ac9aa468a596aea660a4fe1fd60b5
sha256sums = 99d0102c8065793096b8ea2ccc01c41fa3dcb96855f9f6f2c583b2372208c6f9
sha256sums = c238969a3c3a44b41c868a883880d8c4dc475e457427e91c649e9f24170b2c7d
sha256sums = eaf70cd805cdb43cf6227d354a6d54f67645b6df99e06136a8055d7494d7439c
sha256sums = 06bc1d8b1cd153c3146a4376d833f5769b980e5ef5eae99ddaaeb48bf514dae2
sha256sums = b90bef87574f30ec66c0f10d089bea56a9e974b6d052fee3071b1ff21360724b
sha256sums = f38531dee9fd8a59202ce96ac5b40446f1f035b89788ea9ecb2fb3909f703a25
sha256sums = 705d5fbfce00ccc20490bdfb5853d67d86ac00c845de6ecb13e414214b48daeb
sha256sums = 0a249248534a17f14fab7e14994811ae81fe324668a82ff41f3bcabeeae1460f
sha256sums = 8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711
sha256sums = 914a0a019545ad7d14ed8d5c58d417eb0a8ec12a756beec79a545aabda343b31
sha256sums = 1a4a992199d4d70f7f35735f63a634bb605c2b594b7352ad5fd54512737d2784
sha256sums = 7cb4a5da6bf551dbb2db2e0b4e4d0774ee98cc30d9e617e030b27e6cba3e6293
sha256sums = 7b7363b53c68f52b119df994c9c08d4f29271b408f021366ab23f862518bd9bc
sha256sums = ac996455cddccc312d93e63845d92b2d8ab8fb53208a221948d28c76c678d215
pkgname = linux-vfio
pkgdesc = The Linux-vfio kernel and modules

24
0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
View File

@ -1,8 +1,8 @@
From fb89d912d5f7289d3a922c77b671e36e1c740f5e Mon Sep 17 00:00:00 2001
Message-Id: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
From 4aefcc4253233dce6ac5938e01371074958b8f1c Mon Sep 17 00:00:00 2001
Message-Id: <4aefcc4253233dce6ac5938e01371074958b8f1c.1517188106.git.jan.steffens@gmail.com>
From: Serge Hallyn <serge.hallyn@canonical.com>
Date: Fri, 31 May 2013 19:12:12 +0100
Subject: [PATCH 1/7] add sysctl to disallow unprivileged CLONE_NEWUSER by
Subject: [PATCH 1/2] add sysctl to disallow unprivileged CLONE_NEWUSER by
default
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
@ -15,7 +15,7 @@ Signed-off-by: Daniel Micay <danielmicay@gmail.com>
3 files changed, 30 insertions(+)
diff --git a/kernel/fork.c b/kernel/fork.c
index 500ce64517d93e68..35f5860958b40e9b 100644
index 2295fc69717f..6f320a216e7d 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -102,6 +102,11 @@
@ -30,7 +30,7 @@ index 500ce64517d93e68..35f5860958b40e9b 100644
/*
* Minimum number of threads to boot the kernel
@@ -1554,6 +1559,10 @@ static __latent_entropy struct task_struct *copy_process(
@@ -1550,6 +1555,10 @@ static __latent_entropy struct task_struct *copy_process(
if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
return ERR_PTR(-EINVAL);
@ -41,7 +41,7 @@ index 500ce64517d93e68..35f5860958b40e9b 100644
/*
* Thread groups must share signals as well, and detached threads
* can only be started up within the thread group.
@@ -2347,6 +2356,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
@@ -2343,6 +2352,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
if (unshare_flags & CLONE_NEWNS)
unshare_flags |= CLONE_FS;
@ -55,7 +55,7 @@ index 500ce64517d93e68..35f5860958b40e9b 100644
if (err)
goto bad_unshare_out;
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 56aca862c4f584f5..e8402ba393c1915d 100644
index 557d46728577..c19d7a828913 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -105,6 +105,9 @@ extern int core_uses_pid;
@ -85,12 +85,12 @@ index 56aca862c4f584f5..e8402ba393c1915d 100644
{
.procname = "tainted",
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index c490f1e4313b998a..dd03bd39d7bf194d 100644
index 246d4d4ce5c7..f64432b45cec 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -24,6 +24,9 @@
#include <linux/projid.h>
#include <linux/fs_struct.h>
@@ -26,6 +26,9 @@
#include <linux/bsearch.h>
#include <linux/sort.h>
+/* sysctl */
+int unprivileged_userns_clone;
@ -99,5 +99,5 @@ index c490f1e4313b998a..dd03bd39d7bf194d 100644
static DEFINE_MUTEX(userns_state_mutex);
--
2.15.1
2.16.1

42
0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch Normal file
View File

@ -0,0 +1,42 @@
From 3383f4060f7fe25afd5f863fe169fd2f286ab237 Mon Sep 17 00:00:00 2001
Message-Id: <3383f4060f7fe25afd5f863fe169fd2f286ab237.1517188106.git.jan.steffens@gmail.com>
In-Reply-To: <4aefcc4253233dce6ac5938e01371074958b8f1c.1517188106.git.jan.steffens@gmail.com>
References: <4aefcc4253233dce6ac5938e01371074958b8f1c.1517188106.git.jan.steffens@gmail.com>
From: Jim Bride <jim.bride@linux.intel.com>
Date: Mon, 6 Nov 2017 13:38:57 -0800
Subject: [PATCH 2/2] drm/i915/edp: Only use the alternate fixed mode if it's
asked for
In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for
eDP if available."), the patch allows for the use of an alternate fixed
mode if it is available, but the patch was not ensuring that the only
time the alternate mode is used is when it is specifically requested.
This patch adds an additional comparison to intel_edp_compare_alt_mode
to ensure that we only use the alternate mode if it is directly
requested.
Fixes: dc911f5bd8aac ("Allow alternate fixed mode for eDP if available.")
Cc: David Weinehall <david.weinehall@linux.intel.com>
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Jim Bride <jim.bride@linux.intel.com>
---
drivers/gpu/drm/i915/intel_dp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c
index 158438bb0389..69b16df868ea 100644
--- a/drivers/gpu/drm/i915/intel_dp.c
+++ b/drivers/gpu/drm/i915/intel_dp.c
@@ -1616,7 +1616,8 @@ static bool intel_edp_compare_alt_mode(struct drm_display_mode *m1,
m1->vdisplay == m2->vdisplay &&
m1->vsync_start == m2->vsync_start &&
m1->vsync_end == m2->vsync_end &&
- m1->vtotal == m2->vtotal);
+ m1->vtotal == m2->vtotal &&
+ m1->vrefresh == m2->vrefresh);
return bres;
}
--
2.16.1

75
0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
View File

@ -1,75 +0,0 @@
From 8c6956686606b9c3661e74a410c8cb2fc276c5ee Mon Sep 17 00:00:00 2001
Message-Id: <8c6956686606b9c3661e74a410c8cb2fc276c5ee.1514959852.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
From: Benjamin Poirier <bpoirier@suse.com>
Date: Mon, 11 Dec 2017 16:26:40 +0900
Subject: [PATCH 2/7] e1000e: Fix e1000_check_for_copper_link_ich8lan return
value.
e1000e_check_for_copper_link() and e1000_check_for_copper_link_ich8lan()
are the two functions that may be assigned to mac.ops.check_for_link when
phy.media_type == e1000_media_type_copper. Commit 19110cfbb34d ("e1000e:
Separate signaling for link check/link up") changed the meaning of the
return value of check_for_link for copper media but only adjusted the first
function. This patch adjusts the second function likewise.
Reported-by: Christian Hesse <list@eworm.de>
Reported-by: Gabriel C <nix.or.die@gmail.com>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=198047
Fixes: 19110cfbb34d ("e1000e: Separate signaling for link check/link up")
Tested-by: Christian Hesse <list@eworm.de>
Signed-off-by: Benjamin Poirier <bpoirier@suse.com>
---
drivers/net/ethernet/intel/e1000e/ich8lan.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c
index d6d4ed7acf031172..31277d3bb7dc1241 100644
--- a/drivers/net/ethernet/intel/e1000e/ich8lan.c
+++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c
@@ -1367,22 +1367,25 @@ static s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool force)
* Checks to see of the link status of the hardware has changed. If a
* change in link status has been detected, then we read the PHY registers
* to get the current speed/duplex if link exists.
+ *
+ * Returns a negative error code (-E1000_ERR_*) or 0 (link down) or 1 (link
+ * up).
**/
static s32 e1000_check_for_copper_link_ich8lan(struct e1000_hw *hw)
{
struct e1000_mac_info *mac = &hw->mac;
s32 ret_val, tipg_reg = 0;
u16 emi_addr, emi_val = 0;
bool link;
u16 phy_reg;
/* We only want to go out to the PHY registers to see if Auto-Neg
* has completed and/or if our link status has changed. The
* get_link_status flag is set upon receiving a Link Status
* Change or Rx Sequence Error interrupt.
*/
if (!mac->get_link_status)
- return 0;
+ return 1;
/* First we want to see if the MII Status Register reports
* link. If so, then we want to get the current speed/duplex
@@ -1613,10 +1616,12 @@ static s32 e1000_check_for_copper_link_ich8lan(struct e1000_hw *hw)
* different link partner.
*/
ret_val = e1000e_config_fc_after_link_up(hw);
- if (ret_val)
+ if (ret_val) {
e_dbg("Error configuring flow control\n");
+ return ret_val;
+ }
- return ret_val;
+ return 1;
}
static s32 e1000_get_variants_ich8lan(struct e1000_adapter *adapter)
--
2.15.1

57
0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
View File

@ -1,57 +0,0 @@
From b81e273fb227373a2951c7256ab11a87d5333a9d Mon Sep 17 00:00:00 2001
Message-Id: <b81e273fb227373a2951c7256ab11a87d5333a9d.1514959852.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
From: Mohamed Ghannam <simo.ghannam@gmail.com>
Date: Tue, 5 Dec 2017 20:58:35 +0000
Subject: [PATCH 3/7] dccp: CVE-2017-8824: use-after-free in DCCP code
Whenever the sock object is in DCCP_CLOSED state,
dccp_disconnect() must free dccps_hc_tx_ccid and
dccps_hc_rx_ccid and set to NULL.
Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/dccp/proto.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index b68168fcc06aa198..9d43c1f4027408f3 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -259,25 +259,30 @@ int dccp_disconnect(struct sock *sk, int flags)
{
struct inet_connection_sock *icsk = inet_csk(sk);
struct inet_sock *inet = inet_sk(sk);
+ struct dccp_sock *dp = dccp_sk(sk);
int err = 0;
const int old_state = sk->sk_state;
if (old_state != DCCP_CLOSED)
dccp_set_state(sk, DCCP_CLOSED);
/*
* This corresponds to the ABORT function of RFC793, sec. 3.8
* TCP uses a RST segment, DCCP a Reset packet with Code 2, "Aborted".
*/
if (old_state == DCCP_LISTEN) {
inet_csk_listen_stop(sk);
} else if (dccp_need_reset(old_state)) {
dccp_send_reset(sk, DCCP_RESET_CODE_ABORTED);
sk->sk_err = ECONNRESET;
} else if (old_state == DCCP_REQUESTING)
sk->sk_err = ECONNRESET;
dccp_clear_xmit_timers(sk);
+ ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk);
+ ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk);
+ dp->dccps_hc_rx_ccid = NULL;
+ dp->dccps_hc_tx_ccid = NULL;
__skb_queue_purge(&sk->sk_receive_queue);
__skb_queue_purge(&sk->sk_write_queue);
--
2.15.1

74
0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
View File

@ -1,74 +0,0 @@
From d03c0ef520f40c6de691c37e0f168c87b3423015 Mon Sep 17 00:00:00 2001
Message-Id: <d03c0ef520f40c6de691c37e0f168c87b3423015.1514959852.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Wed, 15 Nov 2017 06:40:57 +0100
Subject: [PATCH 4/7] Revert "xfrm: Fix stack-out-of-bounds read in
xfrm_state_find."
This reverts commit c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e.
This commit breaks transport mode when the policy template
has widlcard addresses configured, so revert it.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/xfrm/xfrm_policy.c | 29 ++++++++++++++++++-----------
1 file changed, 18 insertions(+), 11 deletions(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 2a6093840e7e856e..6bc16bb61b5533ef 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1362,29 +1362,36 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl,
struct net *net = xp_net(policy);
int nx;
int i, error;
+ xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family);
+ xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family);
xfrm_address_t tmp;
for (nx = 0, i = 0; i < policy->xfrm_nr; i++) {
struct xfrm_state *x;
- xfrm_address_t *local;
- xfrm_address_t *remote;
+ xfrm_address_t *remote = daddr;
+ xfrm_address_t *local = saddr;
struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i];
- remote = &tmpl->id.daddr;
- local = &tmpl->saddr;
- if (xfrm_addr_any(local, tmpl->encap_family)) {
- error = xfrm_get_saddr(net, fl->flowi_oif,
- &tmp, remote,
- tmpl->encap_family, 0);
- if (error)
- goto fail;
- local = &tmp;
+ if (tmpl->mode == XFRM_MODE_TUNNEL ||
+ tmpl->mode == XFRM_MODE_BEET) {
+ remote = &tmpl->id.daddr;
+ local = &tmpl->saddr;
+ if (xfrm_addr_any(local, tmpl->encap_family)) {
+ error = xfrm_get_saddr(net, fl->flowi_oif,
+ &tmp, remote,
+ tmpl->encap_family, 0);
+ if (error)
+ goto fail;
+ local = &tmp;
+ }
}
x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family);
if (x && x->km.state == XFRM_STATE_VALID) {
xfrm[nx++] = x;
+ daddr = remote;
+ saddr = local;
continue;
}
if (x) {
--
2.15.1

49
0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
View File

@ -1,49 +0,0 @@
From 3721d64246982f91a5bf863fc17ac60ff722e0c4 Mon Sep 17 00:00:00 2001
Message-Id: <3721d64246982f91a5bf863fc17ac60ff722e0c4.1514959852.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Fri, 22 Dec 2017 10:44:57 +0100
Subject: [PATCH 5/7] xfrm: Fix stack-out-of-bounds read on socket policy
lookup.
When we do tunnel or beet mode, we pass saddr and daddr from the
template to xfrm_state_find(), this is ok. On transport mode,
we pass the addresses from the flowi, assuming that the IP
addresses (and address family) don't change during transformation.
This assumption is wrong in the IPv4 mapped IPv6 case, packet
is IPv4 and template is IPv6.
Fix this by catching address family missmatches of the policy
and the flow already before we do the lookup.
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/xfrm/xfrm_policy.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 6bc16bb61b5533ef..50c5f46b5cca942e 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1169,9 +1169,15 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,
again:
pol = rcu_dereference(sk->sk_policy[dir]);
if (pol != NULL) {
- bool match = xfrm_selector_match(&pol->selector, fl, family);
+ bool match;
int err = 0;
+ if (pol->family != family) {
+ pol = NULL;
+ goto out;
+ }
+
+ match = xfrm_selector_match(&pol->selector, fl, family);
if (match) {
if ((sk->sk_mark & pol->mark.m) != pol->mark.v) {
pol = NULL;
--
2.15.1

114
0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
View File

@ -1,114 +0,0 @@
From a79cb4d4e540c72a601ca0494e914565c16e2893 Mon Sep 17 00:00:00 2001
Message-Id: <a79cb4d4e540c72a601ca0494e914565c16e2893.1514959852.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
From: Tejun Heo <tj@kernel.org>
Date: Wed, 20 Dec 2017 07:09:19 -0800
Subject: [PATCH 6/7] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC
While teaching css_task_iter to handle skipping over tasks which
aren't group leaders, bc2fb7ed089f ("cgroup: add @flags to
css_task_iter_start() and implement CSS_TASK_ITER_PROCS") introduced a
silly bug.
CSS_TASK_ITER_PROCS is implemented by repeating
css_task_iter_advance() while the advanced cursor is pointing to a
non-leader thread. However, the cursor variable, @l, wasn't updated
when the iteration has to advance to the next css_set and the
following repetition would operate on the terminal @l from the
previous iteration which isn't pointing to a valid task leading to
oopses like the following or infinite looping.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000254
IP: __task_pid_nr_ns+0xc7/0xf0
PGD 0 P4D 0
Oops: 0000 [#1] SMP
...
CPU: 2 PID: 1 Comm: systemd Not tainted 4.14.4-200.fc26.x86_64 #1
Hardware name: System manufacturer System Product Name/PRIME B350M-A, BIOS 3203 11/09/2017
task: ffff88c4baee8000 task.stack: ffff96d5c3158000
RIP: 0010:__task_pid_nr_ns+0xc7/0xf0
RSP: 0018:ffff96d5c315bd50 EFLAGS: 00010206
RAX: 0000000000000000 RBX: ffff88c4b68c6000 RCX: 0000000000000250
RDX: ffffffffa5e47960 RSI: 0000000000000000 RDI: ffff88c490f6ab00
RBP: ffff96d5c315bd50 R08: 0000000000001000 R09: 0000000000000005
R10: ffff88c4be006b80 R11: ffff88c42f1b8004 R12: ffff96d5c315bf18
R13: ffff88c42d7dd200 R14: ffff88c490f6a510 R15: ffff88c4b68c6000
FS: 00007f9446f8ea00(0000) GS:ffff88c4be680000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000254 CR3: 00000007f956f000 CR4: 00000000003406e0
Call Trace:
cgroup_procs_show+0x19/0x30
cgroup_seqfile_show+0x4c/0xb0
kernfs_seq_show+0x21/0x30
seq_read+0x2ec/0x3f0
kernfs_fop_read+0x134/0x180
__vfs_read+0x37/0x160
? security_file_permission+0x9b/0xc0
vfs_read+0x8e/0x130
SyS_read+0x55/0xc0
entry_SYSCALL_64_fastpath+0x1a/0xa5
RIP: 0033:0x7f94455f942d
RSP: 002b:00007ffe81ba2d00 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00005574e2233f00 RCX: 00007f94455f942d
RDX: 0000000000001000 RSI: 00005574e2321a90 RDI: 000000000000002b
RBP: 0000000000000000 R08: 00005574e2321a90 R09: 00005574e231de60
R10: 00007f94458c8b38 R11: 0000000000000293 R12: 00007f94458c8ae0
R13: 00007ffe81ba3800 R14: 0000000000000000 R15: 00005574e2116560
Code: 04 74 0e 89 f6 48 8d 04 76 48 8d 04 c5 f0 05 00 00 48 8b bf b8 05 00 00 48 01 c7 31 c0 48 8b 0f 48 85 c9 74 18 8b b2 30 08 00 00 <3b> 71 04 77 0d 48 c1 e6 05 48 01 f1 48 3b 51 38 74 09 5d c3 8b
RIP: __task_pid_nr_ns+0xc7/0xf0 RSP: ffff96d5c315bd50
Fix it by moving the initialization of the cursor below the repeat
label. While at it, rename it to @next for readability.
Signed-off-by: Tejun Heo <tj@kernel.org>
Fixes: bc2fb7ed089f ("cgroup: add @flags to css_task_iter_start() and implement CSS_TASK_ITER_PROCS")
Cc: stable@vger.kernel.org # v4.14+
Reported-by: Laura Abbott <labbott@redhat.com>
Reported-by: Bronek Kozicki <brok@incorrekt.com>
Reported-by: George Amanakis <gamanakis@gmail.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
---
kernel/cgroup/cgroup.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 44857278eb8aa6a2..030e4286f14c715e 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -4059,26 +4059,24 @@ static void css_task_iter_advance_css_set(struct css_task_iter *it)
static void css_task_iter_advance(struct css_task_iter *it)
{
- struct list_head *l = it->task_pos;
+ struct list_head *next;
lockdep_assert_held(&css_set_lock);
- WARN_ON_ONCE(!l);
-
repeat:
/*
* Advance iterator to find next entry. cset->tasks is consumed
* first and then ->mg_tasks. After ->mg_tasks, we move onto the
* next cset.
*/
- l = l->next;
+ next = it->task_pos->next;
- if (l == it->tasks_head)
- l = it->mg_tasks_head->next;
+ if (next == it->tasks_head)
+ next = it->mg_tasks_head->next;
- if (l == it->mg_tasks_head)
+ if (next == it->mg_tasks_head)
css_task_iter_advance_css_set(it);
else
- it->task_pos = l;
+ it->task_pos = next;
/* if PROCS, skip over tasks which aren't group leaders */
if ((it->flags & CSS_TASK_ITER_PROCS) && it->task_pos &&
--
2.15.1

42
0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
View File

@ -1,42 +0,0 @@
From 51786b65797aed683ca72293a3cb86a2cab987c0 Mon Sep 17 00:00:00 2001
Message-Id: <51786b65797aed683ca72293a3cb86a2cab987c0.1514959852.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Tue, 26 Dec 2017 23:43:54 -0600
Subject: [PATCH 7/7] x86/cpu, x86/pti: Do not enable PTI on AMD processors
AMD processors are not subject to the types of attacks that the kernel
page table isolation feature protects against. The AMD microarchitecture
does not allow memory references, including speculative references, that
access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.
Disable page table isolation by default on AMD processors by not setting
the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
is set.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Borislav Petkov <bp@suse.de>
---
arch/x86/kernel/cpu/common.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index f2a94dfb434e9a7c..b1be494ab4e8badf 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -899,8 +899,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
setup_force_cpu_cap(X86_FEATURE_ALWAYS);
- /* Assume for now that ALL x86 CPUs are insecure */
- setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
+ if (c->x86_vendor != X86_VENDOR_AMD)
+ setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
fpu__init_system(c);
--
2.15.1

47
PKGBUILD
View File

@ -2,8 +2,8 @@
# Maintainer: Mark Weiman <markzz@archlinux.net>
pkgbase=linux-vfio
_srcname=linux-4.14
pkgver=4.14.11
_srcname=linux-4.15
pkgver=4.15.1
pkgrel=1
arch=('x86_64')
url="http://www.kernel.org/"
@ -26,30 +26,20 @@ source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz"
'add-acs-overrides.patch'
'i915-vga-arbiter.patch'
0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
)
sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
sha256sums=('5a26478906d5005f4f809402e981518d2b8844949199f60c4b6e1f986ca2a769'
'SKIP'
'f588b62d7ee1d2ebdc24afa0e256ff2f8812d5cab3bf572bf02e7c4525922bf9'
'202a0a34f221ae335de096c292927d7a7d4bcdbc2dd46d43b8a5f6420f95a0cf'
'SKIP'
'24b8cf6829dafcb2b5c76cffaae6438ad2d432f13d6551fa1c8f25e66b751ed4'
'57400ed3b21281ad84d72756ce98815c8f6073b8c53b3bc6d73120c47902a263'
'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
'8f407ad5ff6eff106562ba001c36a281134ac9aa468a596aea660a4fe1fd60b5'
'99d0102c8065793096b8ea2ccc01c41fa3dcb96855f9f6f2c583b2372208c6f9'
'c238969a3c3a44b41c868a883880d8c4dc475e457427e91c649e9f24170b2c7d'
'eaf70cd805cdb43cf6227d354a6d54f67645b6df99e06136a8055d7494d7439c'
'06bc1d8b1cd153c3146a4376d833f5769b980e5ef5eae99ddaaeb48bf514dae2'
'b90bef87574f30ec66c0f10d089bea56a9e974b6d052fee3071b1ff21360724b'
'f38531dee9fd8a59202ce96ac5b40446f1f035b89788ea9ecb2fb3909f703a25'
'705d5fbfce00ccc20490bdfb5853d67d86ac00c845de6ecb13e414214b48daeb'
'0a249248534a17f14fab7e14994811ae81fe324668a82ff41f3bcabeeae1460f'
'8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711'
'914a0a019545ad7d14ed8d5c58d417eb0a8ec12a756beec79a545aabda343b31')
'1a4a992199d4d70f7f35735f63a634bb605c2b594b7352ad5fd54512737d2784'
'7cb4a5da6bf551dbb2db2e0b4e4d0774ee98cc30d9e617e030b27e6cba3e6293'
'7b7363b53c68f52b119df994c9c08d4f29271b408f021366ab23f862518bd9bc'
'ac996455cddccc312d93e63845d92b2d8ab8fb53208a221948d28c76c678d215')
validpgpkeys=(
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
'647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
@ -72,21 +62,8 @@ prepare() {
# disable USER_NS for non-root users by default
patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
# https://bugs.archlinux.org/task/56575
patch -Np1 -i ../0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
# https://nvd.nist.gov/vuln/detail/CVE-2017-8824
patch -Np1 -i ../0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
# https://bugs.archlinux.org/task/56605
patch -Np1 -i ../0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
patch -Np1 -i ../0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
# https://bugs.archlinux.org/task/56846
patch -Np1 -i ../0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
# For AMD processors, keep PTI off by default
patch -Np1 -i ../0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
# https://bugs.archlinux.org/task/56711
patch -Np1 -i ../0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
# patches for vga arbiter fix in intel systems
patch -p1 -i "${srcdir}/i915-vga-arbiter.patch"

22
add-acs-overrides.patch
View File

@ -1,7 +1,7 @@
From 77026d26e851bbdc1bf5d5f1b6f21be7bbac86f1 Mon Sep 17 00:00:00 2001
From 0457fc4aaca4bc954154347b209d1da78ba7f2d7 Mon Sep 17 00:00:00 2001
From: Mark Weiman <mark.weiman@markzz.com>
Date: Wed, 13 Dec 2017 15:30:35 -0500
Subject: [PATCH] pci: Enable overrides for missing ACS capabilities (4.14)
Date: Wed, 7 Feb 2018 16:04:03 -0500
Subject: [PATCH] pci: Enable overrides for missing ACS capabilities (4.15)
This an updated version of Alex Williamson's patch from:
https://lkml.org/lkml/2013/5/30/513
@ -44,16 +44,18 @@ Note to hardware vendors, we have facilities to permanently quirk
specific devices which enforce isolation but not provide an ACS
capability. Please contact me to have your devices added and save
your customers the hassle of this boot option.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
---
Documentation/admin-guide/kernel-parameters.txt | 9 +++
drivers/pci/quirks.c | 101 ++++++++++++++++++++++++
2 files changed, 110 insertions(+)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 05496622b4ef..d4c793024f7c 100644
index 46b26bfee27b..9018767828b0 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2937,6 +2937,15 @@
@@ -2966,6 +2966,15 @@
nomsi [MSI] If the PCI_MSI kernel config parameter is
enabled, this kernel boot option can be used to
disable the use of MSI interrupts system-wide.
@ -70,10 +72,10 @@ index 05496622b4ef..d4c793024f7c 100644
Safety option to keep boot IRQs enabled. This
should never be necessary.
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index f66f9375177c..7c1867f29b7f 100644
index 10684b17d0bd..091c8a0aca1e 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -3673,6 +3673,106 @@ static int __init pci_apply_final_quirks(void)
@@ -3680,6 +3680,106 @@ static int __init pci_apply_final_quirks(void)
fs_initcall_sync(pci_apply_final_quirks);
@ -180,14 +182,14 @@ index f66f9375177c..7c1867f29b7f 100644
/*
* Following are device-specific reset methods which can be used to
* reset a single function if other methods (e.g. FLR, PM D0->D3) are
@@ -4505,6 +4605,7 @@ static const struct pci_dev_acs_enabled {
@@ -4512,6 +4612,7 @@ static const struct pci_dev_acs_enabled {
{ PCI_VENDOR_ID_CAVIUM, PCI_ANY_ID, pci_quirk_cavium_acs },
/* APM X-Gene */
{ PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs },
+ { PCI_ANY_ID, PCI_ANY_ID, pcie_acs_overrides },
+ { PCI_ANY_ID, PCI_ANY_ID, pcie_acs_overrides },
{ 0 }
};
--
2.15.1
2.16.1

2672
config
View File

File diff suppressed because it is too large Load Diff

92
i915-vga-arbiter.patch
View File

@ -1,8 +1,8 @@
From ad546a3996bf0725bb89545b4bf4656b4105221e Mon Sep 17 00:00:00 2001
From 7209b38ae2b81e6d79aecb77263580f8840e459a Mon Sep 17 00:00:00 2001
From: Mark Weiman <mark.weiman@markzz.com>
Date: Wed, 13 Dec 2017 15:38:53 -0500
Date: Wed, 7 Feb 2018 19:50:27 -0500
Subject: [PATCH] i915: Add module option to support VGA arbiter on HD devices
(4.14)
(4.15)
This is an updated version of Alex Williamson's patch from:
https://lkml.org/lkml/2014/5/9/517
@ -34,23 +34,25 @@ VGA devices.
This also rolls in reverted commit 6e1b4fda, which corrected an
ordering issue with 81b5c7bc by delaying the disabling of VGA memory
until after vgacon->fbcon handoff.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
---
drivers/gpu/drm/i915/i915_drv.c | 22 +++++++++++++++++++---
drivers/gpu/drm/i915/i915_params.c | 5 +++++
drivers/gpu/drm/i915/i915_params.c | 3 +++
drivers/gpu/drm/i915/i915_params.h | 1 +
drivers/gpu/drm/i915/intel_display.c | 34 ++++++++++++++++++++++++++++++++++
drivers/gpu/drm/i915/intel_display.c | 33 +++++++++++++++++++++++++++++++++
drivers/gpu/drm/i915/intel_drv.h | 1 +
5 files changed, 60 insertions(+), 3 deletions(-)
5 files changed, 57 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c
index 82498f8232eb..13795e7cdb5f 100644
index 2cf10d17acfb..794590a2dcf3 100644
--- a/drivers/gpu/drm/i915/i915_drv.c
+++ b/drivers/gpu/drm/i915/i915_drv.c
@@ -629,10 +629,20 @@ static int i915_load_modeset_init(struct drm_device *dev)
@@ -641,10 +641,20 @@ static int i915_load_modeset_init(struct drm_device *dev)
* If we are a secondary display controller (!PCI_DISPLAY_CLASS_VGA),
* then we do not take part in VGA arbitration and the
* vga_client_register() fails with -ENODEV.
+ *
+ *
+ * NB. The set_decode callback here actually works on GMCH
+ * devices, on newer HD devices we can only disable VGA MMIO space.
+ * Disabling VGA I/O space requires disabling I/O in the PCI command
@ -61,7 +63,7 @@ index 82498f8232eb..13795e7cdb5f 100644
- ret = vga_client_register(pdev, dev_priv, NULL, i915_vga_set_decode);
- if (ret && ret != -ENODEV)
- goto out;
+ if (!i915.enable_hd_vgaarb || !HAS_PCH_SPLIT(dev_priv)) {
+ if (!i915_modparams.enable_hd_vgaarb || !HAS_PCH_SPLIT(dev_priv)) {
+ ret = vga_client_register(pdev, dev, NULL,
+ i915_vga_set_decode);
+ if (ret && ret != -ENODEV)
@ -70,7 +72,7 @@ index 82498f8232eb..13795e7cdb5f 100644
intel_register_dsm_handler();
@@ -674,6 +684,12 @@ static int i915_load_modeset_init(struct drm_device *dev)
@@ -686,6 +696,12 @@ static int i915_load_modeset_init(struct drm_device *dev)
if (ret)
goto cleanup_gem;
@ -84,45 +86,36 @@ index 82498f8232eb..13795e7cdb5f 100644
intel_hpd_init(dev_priv);
diff --git a/drivers/gpu/drm/i915/i915_params.c b/drivers/gpu/drm/i915/i915_params.c
index 8ab003dca113..c1e5c6c2e24e 100644
index b4faeb6aa2bd..fdf2ce69b34d 100644
--- a/drivers/gpu/drm/i915/i915_params.c
+++ b/drivers/gpu/drm/i915/i915_params.c
@@ -51,6 +51,7 @@ struct i915_params i915 __read_mostly = {
.invert_brightness = 0,
.disable_display = 0,
.enable_cmd_parser = true,
+ .enable_hd_vgaarb = false,
.use_mmio_flip = 0,
.mmio_debug = 0,
.verbose_state_checks = 1,
@@ -198,6 +199,10 @@ module_param_named_unsafe(enable_cmd_parser, i915.enable_cmd_parser, bool, 0400)
MODULE_PARM_DESC(enable_cmd_parser,
"Enable command parsing (true=enabled [default], false=disabled)");
@@ -146,6 +146,9 @@ i915_param_named(disable_display, bool, 0400,
i915_param_named_unsafe(enable_cmd_parser, bool, 0400,
"Enable command parsing (true=enabled [default], false=disabled)");
+module_param_named(enable_hd_vgaarb, i915.enable_hd_vgaarb, bool, 0444);
+MODULE_PARM_DESC(enable_hd_vgaarb,
+i915_param_named(enable_hd_vgaarb, bool, 0444,
+ "Enable support for VGA arbitration on Intel HD IGD. (default: false)");
+
module_param_named_unsafe(use_mmio_flip, i915.use_mmio_flip, int, 0600);
MODULE_PARM_DESC(use_mmio_flip,
"use MMIO flips (-1=never, 0=driver discretion [default], 1=always)");
i915_param_named(mmio_debug, int, 0600,
"Enable the MMIO debug code for the first N failures (default: off). "
"This may negatively affect performance.");
diff --git a/drivers/gpu/drm/i915/i915_params.h b/drivers/gpu/drm/i915/i915_params.h
index ac844709c97e..edb6633e417d 100644
index c7292268ed43..75577d34b0c8 100644
--- a/drivers/gpu/drm/i915/i915_params.h
+++ b/drivers/gpu/drm/i915/i915_params.h
@@ -64,6 +64,7 @@
func(bool, force_reset_modeset_test); \
func(bool, error_capture); \
func(bool, disable_display); \
+ func(bool, enable_hd_vgaarb); \
func(bool, verbose_state_checks); \
func(bool, nuclear_pageflip); \
func(bool, enable_dp_mst); \
@@ -56,6 +56,7 @@
/* leave bools at the end to not create holes */ \
param(bool, alpha_support, IS_ENABLED(CONFIG_DRM_I915_ALPHA_SUPPORT)) \
param(bool, enable_cmd_parser, true) \
+ param(bool, enable_hd_vgaarb, false) \
param(bool, enable_hangcheck, true) \
param(bool, fastboot, false) \
param(bool, prefault_disable, false) \
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index 5ebdb63330dd..f686661d4ac4 100644
index 50f8443641b8..06aebb05f23c 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -14382,6 +14382,37 @@ static void i915_disable_vga(struct drm_i915_private *dev_priv)
@@ -14379,6 +14379,36 @@ static void i915_disable_vga(struct drm_i915_private *dev_priv)
POSTING_READ(vga_reg);
}
@ -131,13 +124,13 @@ index 5ebdb63330dd..f686661d4ac4 100644
+ struct pci_dev *pdev = dev_priv->drm.pdev;
+
+ /* Enable VGA memory on Intel HD */
+ if (i915.enable_hd_vgaarb && HAS_PCH_SPLIT(dev_priv)) {
+ if (i915_modparams.enable_hd_vgaarb && HAS_PCH_SPLIT(dev_priv)) {
+ vga_get_uninterruptible(pdev, VGA_RSRC_LEGACY_IO);
+ outb(inb(VGA_MSR_READ) | VGA_MSR_MEM_EN, VGA_MSR_WRITE);
+ vga_set_legacy_decoding(pdev, VGA_RSRC_LEGACY_IO |
+ VGA_RSRC_LEGACY_MEM |
+ VGA_RSRC_NORMAL_IO |
+ VGA_RSRC_NORMAL_MEM);
+ VGA_RSRC_LEGACY_MEM |
+ VGA_RSRC_NORMAL_IO |
+ VGA_RSRC_NORMAL_MEM);
+ vga_put(pdev, VGA_RSRC_LEGACY_IO);
+ }
+}
@ -145,9 +138,8 @@ index 5ebdb63330dd..f686661d4ac4 100644
+void i915_disable_vga_mem(struct drm_i915_private *dev_priv)
+{
+ struct pci_dev *pdev = dev_priv->drm.pdev;
+
+ /* Disable VGA memory on Intel HD */
+ if (i915.enable_hd_vgaarb && HAS_PCH_SPLIT(dev_priv)) {
+ if (i915_modparams.enable_hd_vgaarb && HAS_PCH_SPLIT(dev_priv)) {
+ vga_get_uninterruptible(pdev, VGA_RSRC_LEGACY_IO);
+ outb(inb(VGA_MSR_READ) & ~VGA_MSR_MEM_EN, VGA_MSR_WRITE);
+ vga_set_legacy_decoding(pdev, VGA_RSRC_LEGACY_IO |
@ -160,7 +152,7 @@ index 5ebdb63330dd..f686661d4ac4 100644
void intel_modeset_init_hw(struct drm_device *dev)
{
struct drm_i915_private *dev_priv = to_i915(dev);
@@ -14880,6 +14911,7 @@ void i915_redisable_vga_power_on(struct drm_i915_private *dev_priv)
@@ -14877,6 +14907,7 @@ void i915_redisable_vga_power_on(struct drm_i915_private *dev_priv)
if (!(I915_READ(vga_reg) & VGA_DISP_DISABLE)) {
DRM_DEBUG_KMS("Something enabled VGA plane, disabling it\n");
i915_disable_vga(dev_priv);
@ -168,7 +160,7 @@ index 5ebdb63330dd..f686661d4ac4 100644
}
}
@@ -15248,6 +15280,8 @@ void intel_modeset_cleanup(struct drm_device *dev)
@@ -15252,6 +15283,8 @@ void intel_modeset_cleanup(struct drm_device *dev)
{
struct drm_i915_private *dev_priv = to_i915(dev);
@ -178,10 +170,10 @@ index 5ebdb63330dd..f686661d4ac4 100644
WARN_ON(!llist_empty(&dev_priv->atomic_helper.free_list));
diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h
index 79fbaf78f604..c0083032a053 100644
index 5d77f75a9f9c..982fff761e9d 100644
--- a/drivers/gpu/drm/i915/intel_drv.h
+++ b/drivers/gpu/drm/i915/intel_drv.h
@@ -1316,6 +1316,7 @@ int vlv_get_cck_clock_hpll(struct drm_i915_private *dev_priv,
@@ -1340,6 +1340,7 @@ int vlv_get_cck_clock_hpll(struct drm_i915_private *dev_priv,
const char *name, u32 reg);
void lpt_disable_pch_transcoder(struct drm_i915_private *dev_priv);
void lpt_disable_iclkip(struct drm_i915_private *dev_priv);
@ -190,5 +182,5 @@ index 79fbaf78f604..c0083032a053 100644
unsigned int intel_fb_xy_to_linear(int x, int y,
const struct intel_plane_state *state,
--
2.15.1
2.16.1