Linux v4.7-11470-gd52bd54

2016-08-03 02:50:12 -07:00 · 2016-08-03 02:50:12 -07:00 · 86429d3fcb
commit 86429d3fcb
parent 927eaa238f
11 changed files with 49 additions and 1868 deletions
--- a/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
+++ b/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
@ -1,8 +1,7 @@
-From 655fbf360e1481db4f06001f893d388c15ac307f Mon Sep 17 00:00:00 2001
+From 6f756b32a45b022428e33ce20181e874c73ca82e Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:10:38 -0500
-Subject: [PATCH 02/20] PCI: Lock down BAR access when module security is
- enabled
+Subject: [PATCH] PCI: Lock down BAR access when module security is enabled

 Any hardware that can potentially generate DMA has to be locked down from
 userspace in order to avoid it being possible for an attacker to modify
@ -18,7 +17,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
 3 files changed, 19 insertions(+), 2 deletions(-)

 diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
-index 312f23a8429c..93e6ac103dd0 100644
+index bcd10c7..a950301 100644
 --- a/drivers/pci/pci-sysfs.c
 +++ b/drivers/pci/pci-sysfs.c
@@ -30,6 +30,7 @@
@ -29,7 +28,7 @@ index 312f23a8429c..93e6ac103dd0 100644
 #include "pci.h"
 
 static int sysfs_initialized;	/* = 0 */
-@@ -710,6 +711,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
+@@ -716,6 +717,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
 	loff_t init_off = off;
 	u8 *data = (u8 *) buf;
 
@ -39,7 +38,7 @@ index 312f23a8429c..93e6ac103dd0 100644
 	if (off > dev->cfg_size)
 		return 0;
 	if (off + count > dev->cfg_size) {
-@@ -1004,6 +1008,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
+@@ -1007,6 +1011,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
 	resource_size_t start, end;
 	int i;
 
@ -49,7 +48,7 @@ index 312f23a8429c..93e6ac103dd0 100644
 	for (i = 0; i < PCI_ROM_RESOURCE; i++)
 		if (res == &pdev->resource[i])
 			break;
-@@ -1105,6 +1112,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
+@@ -1106,6 +1113,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
 				     struct bin_attribute *attr, char *buf,
 				     loff_t off, size_t count)
 {
@ -60,7 +59,7 @@ index 312f23a8429c..93e6ac103dd0 100644
 }
 
 diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
-index 3f155e78513f..4265ea07e3b0 100644
+index 2408abe..59f321c 100644
 --- a/drivers/pci/proc.c
 +++ b/drivers/pci/proc.c
@@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
@ -85,7 +84,7 @@ index 3f155e78513f..4265ea07e3b0 100644
 		ret = pci_domain_nr(dev->bus);
@@ -233,7 +239,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma)
 	struct pci_filp_private *fpriv = file->private_data;
- 	int i, ret;
+ 	int i, ret, write_combine;
 
 -	if (!capable(CAP_SYS_RAWIO))
 +	if (!capable(CAP_SYS_RAWIO) || secure_modules())
@ -93,7 +92,7 @@ index 3f155e78513f..4265ea07e3b0 100644
 
 	/* Make sure the caller is mapping a real resource for this device */
 diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
-index b91c4da68365..98f5637304d1 100644
+index b91c4da..98f5637 100644
 --- a/drivers/pci/syscall.c
 +++ b/drivers/pci/syscall.c
@@ -10,6 +10,7 @@
@ -114,5 +113,5 @@ index b91c4da68365..98f5637304d1 100644
 
 	dev = pci_get_bus_and_slot(bus, dfn);
 -- 
-2.4.3
+2.9.2

--- a/arm64-pcie-acpi.patch
+++ b/arm64-pcie-acpi.patch
--- a/arm64-pcie-quirks-xgene.patch
+++ b/arm64-pcie-quirks-xgene.patch
@ -1,13 +1,13 @@
-From 767b70aa55d013f0c7589955f410d488fed5776a Mon Sep 17 00:00:00 2001
+From 965e95a91066290f6555546f066a6e2aaba1199e Mon Sep 17 00:00:00 2001
 From: Peter Robinson <pbrobinson@gmail.com>
 Date: Tue, 5 Jul 2016 23:49:39 +0100
-Subject: [PATCH 1/4] Some platforms may not be fully compliant with generic
- set of PCI config accessors. For these cases we implement the way to
- overwrite accessors set. Algorithm traverses available quirk list, matches
- against <oem_id, oem_table_id, domain, bus number> tuple and returns
- corresponding PCI config ops. oem_id and oem_table_id come from MCFG table
- standard header. All quirks can be defined using DECLARE_ACPI_MCFG_FIXUP()
- macro and kept self contained. Example:
+Subject: [PATCH] Some platforms may not be fully compliant with generic set of
+ PCI config accessors. For these cases we implement the way to overwrite
+ accessors set. Algorithm traverses available quirk list, matches against
+ <oem_id, oem_table_id, domain, bus number> tuple and returns corresponding
+ PCI config ops. oem_id and oem_table_id come from MCFG table standard header.
+ All quirks can be defined using DECLARE_ACPI_MCFG_FIXUP() macro and kept self
+ contained. Example:

 /* Custom PCI config ops */
 static struct pci_generic_ecam_ops foo_pci_ops = {
@ -30,7 +30,7 @@ Signed-off-by: Dongdong Liu <liudongdong3@huawei.com>
 3 files changed, 65 insertions(+), 3 deletions(-)

 diff --git a/drivers/acpi/pci_mcfg.c b/drivers/acpi/pci_mcfg.c
-index d3c3e85..deb0077 100644
+index b5b376e..a5c9067 100644
 --- a/drivers/acpi/pci_mcfg.c
 +++ b/drivers/acpi/pci_mcfg.c
@@ -22,6 +22,10 @@
@ -45,7 +45,7 @@ index d3c3e85..deb0077 100644
 /* Structure to hold entries from the MCFG table */
 struct mcfg_entry {
@@ -35,6 +39,38 @@ struct mcfg_entry {
- /* List to save mcfg entries */
+ /* List to save MCFG entries */
 static LIST_HEAD(pci_mcfg_list);
 
 +extern struct pci_cfg_fixup __start_acpi_mcfg_fixups[];
@ -103,10 +103,10 @@ index d3c3e85..deb0077 100644
 	arr = kcalloc(n, sizeof(*arr), GFP_KERNEL);
 	if (!arr)
 diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
-index 6a67ab9..43604fc 100644
+index 2456397..c49bd36 100644
 --- a/include/asm-generic/vmlinux.lds.h
 +++ b/include/asm-generic/vmlinux.lds.h
-@@ -300,6 +300,13 @@
+@@ -308,6 +308,13 @@
 		VMLINUX_SYMBOL(__end_pci_fixups_suspend_late) = .;	\
 	}								\
 									\
@ -159,12 +159,12 @@ index 7d63a66..c8a6559 100644
 extern struct pci_bus *acpi_pci_root_create(struct acpi_pci_root *root,
 					    struct acpi_pci_root_ops *ops,
 -- 
-2.7.4
+2.9.2

-From 4f86a9b006b25dd7336043dab26058ed6fb2802d Mon Sep 17 00:00:00 2001
+From 817d09d7650319a827f00bd3b4c9b407d3977ba0 Mon Sep 17 00:00:00 2001
 From: Peter Robinson <pbrobinson@gmail.com>
 Date: Tue, 5 Jul 2016 23:52:46 +0100
-Subject: [PATCH 2/4] pci_generic_ecam_ops is used by default. Since there are
+Subject: [PATCH] pci_generic_ecam_ops is used by default. Since there are
 platforms which have non-compliant ECAM space we need to overwrite these
 accessors prior to PCI buses enumeration. In order to do that we call
 pci_mcfg_get_ops to retrieve pci_ecam_ops structure so that we can use proper
@ -178,10 +178,10 @@ Signed-off-by: Tomasz Nowicki <tn@semihalf.com>
 1 file changed, 4 insertions(+), 3 deletions(-)

 diff --git a/arch/arm64/kernel/pci.c b/arch/arm64/kernel/pci.c
-index 94cd43c..a891bda 100644
+index acf3872..ec513f1 100644
 --- a/arch/arm64/kernel/pci.c
 +++ b/arch/arm64/kernel/pci.c
-@@ -139,6 +139,7 @@ pci_acpi_setup_ecam_mapping(struct acpi_pci_root *root)
+@@ -126,6 +126,7 @@ pci_acpi_setup_ecam_mapping(struct acpi_pci_root *root)
 	struct pci_config_window *cfg;
 	struct resource cfgres;
 	unsigned int bsz;
@ -189,7 +189,7 @@ index 94cd43c..a891bda 100644
 
 	/* Use address from _CBA if present, otherwise lookup MCFG */
 	if (!root->mcfg_addr)
-@@ -150,12 +151,12 @@ pci_acpi_setup_ecam_mapping(struct acpi_pci_root *root)
+@@ -137,12 +138,12 @@ pci_acpi_setup_ecam_mapping(struct acpi_pci_root *root)
 		return NULL;
 	}
 
@ -206,12 +206,12 @@ index 94cd43c..a891bda 100644
 		dev_err(&root->device->dev, "%04x:%pR error %ld mapping ECAM\n",
 			seg, bus_res, PTR_ERR(cfg));
 -- 
-2.7.4
+2.9.2

-From cbdbd697bd6d716eb9d1705ee55445432e73eabb Mon Sep 17 00:00:00 2001
+From ac5cff2e2304a1969e39e967567aa41cade1839f Mon Sep 17 00:00:00 2001
 From: Peter Robinson <pbrobinson@gmail.com>
 Date: Tue, 5 Jul 2016 23:53:59 +0100
-Subject: [PATCH 3/4] The ECAM quirk matching criteria per the discussion on
+Subject: [PATCH] The ECAM quirk matching criteria per the discussion on
 https://lkml.org/lkml/2016/6/13/944 includes: OEM ID, OEM Table ID and OEM
 Revision. So this patch adds OEM Table ID into the check to match platform
 specific ECAM quirks as well.
@ -227,7 +227,7 @@ Signed-off-by: Duc Dang <dhdang@apm.com>
 2 files changed, 9 insertions(+), 5 deletions(-)

 diff --git a/drivers/acpi/pci_mcfg.c b/drivers/acpi/pci_mcfg.c
-index deb0077..307ca9a 100644
+index a5c9067..5137d16 100644
 --- a/drivers/acpi/pci_mcfg.c
 +++ b/drivers/acpi/pci_mcfg.c
@@ -62,9 +62,12 @@ struct pci_ecam_ops *pci_mcfg_get_ops(struct acpi_pci_root *root)
@ -274,12 +274,12 @@ index c8a6559..5148c8d 100644
 extern int acpi_pci_probe_root_resources(struct acpi_pci_root_info *info);
 extern struct pci_bus *acpi_pci_root_create(struct acpi_pci_root *root,
 -- 
-2.7.4
+2.9.2

-From 78766cf255bc6aafac2f57372a0446f78322da19 Mon Sep 17 00:00:00 2001
+From b9c1592c6b615da0c26168c5c3e0f8fc256a23ca Mon Sep 17 00:00:00 2001
 From: Peter Robinson <pbrobinson@gmail.com>
 Date: Tue, 5 Jul 2016 23:55:11 +0100
-Subject: [PATCH 4/4] X-Gene PCIe controller does not fully support ECAM. This
+Subject: [PATCH] X-Gene PCIe controller does not fully support ECAM. This
 patch adds required ECAM fixup to allow X-Gene PCIe controller to be
 functional in ACPI boot mode.

@ -291,10 +291,10 @@ Signed-off-by: Duc Dang <dhdang@apm.com>
 create mode 100644 drivers/pci/host/pci-xgene-ecam.c

 diff --git a/drivers/pci/host/Makefile b/drivers/pci/host/Makefile
-index 9c8698e..3480696 100644
+index 8843410..af4f505 100644
 --- a/drivers/pci/host/Makefile
 +++ b/drivers/pci/host/Makefile
-@@ -14,7 +14,7 @@ obj-$(CONFIG_PCIE_SPEAR13XX) += pcie-spear13xx.o
+@@ -15,7 +15,7 @@ obj-$(CONFIG_PCIE_SPEAR13XX) += pcie-spear13xx.o
 obj-$(CONFIG_PCI_KEYSTONE) += pci-keystone-dw.o pci-keystone.o
 obj-$(CONFIG_PCIE_XILINX) += pcie-xilinx.o
 obj-$(CONFIG_PCIE_XILINX_NWL) += pcie-xilinx-nwl.o
@ -504,5 +504,5 @@ index 0000000..1bea63f
 +                       PCI_MCFG_DOMAIN_ANY, PCI_MCFG_BUS_ANY);
 +#endif
 -- 
-2.7.4
+2.9.2

--- a/1
+++ b/1
@ -145,6 +145,7 @@ CONFIG_PHY_MVEBU_SATA=y
 CONFIG_AHCI_MVEBU=m
 # CONFIG_CACHE_FEROCEON_L2 is not set
 # CONFIG_CACHE_FEROCEON_L2_WRITETHROUGH is not set
+# CONFIG_PCI_AARDVARK is not set

 # Rockchips
 CONFIG_ARCH_ROCKCHIP=y
--- a/2
+++ b/2
@ -540,6 +540,7 @@ CONFIG_MTD_NAND_PXA3xx=m
 CONFIG_MTD_NAND_RICOH=m
 CONFIG_MTD_NAND_TMIO=m
 # CONFIG_MTD_NAND_BRCMNAND is not set
+# CONFIG_MTD_NAND_MTK is not set
 # CONFIG_MTD_MT81xx_NOR is not set
 CONFIG_MTD_SPI_NOR=m
 # CONFIG_MTD_SPI_NOR_USE_4K_SECTORS is not set
@ -759,6 +760,7 @@ CONFIG_R8188EU=m
 # CONFIG_DM9000 is not set
 # CONFIG_MTD_AFS_PARTS is not set
 # CONFIG_SPI_PXA2XX is not set
+# CONFIG_SPI_CADENCE_QUADSPI is not set
 # CONFIG_DEPRECATED_PARAM_STRUCT is not set
 # CONFIG_LATTICE_ECP3_CONFIG is not set
 # CONFIG_SERIAL_8250_EM is not set
--- a/3
+++ b/3
@ -9,6 +9,7 @@ CONFIG_HOTPLUG_CPU=y
 CONFIG_LOCALVERSION=""
 CONFIG_CROSS_COMPILE=""
 CONFIG_DEFAULT_HOSTNAME="(none)"
+# CONFIG_GCC_PLUGINS is not set

 #
 # Code maturity level options
@ -113,7 +114,7 @@ CONFIG_HOTPLUG_PCI=y
 # CONFIG_HOTPLUG_PCI_SHPC is not set
 CONFIG_HOTPLUG_PCI_PCIE=y
 # CONFIG_PCIE_DW_PLAT is not set
-CONFIG_PCIE_DPC=m
+CONFIG_PCIE_DPC=y

 # CONFIG_SGI_IOC4 is not set

--- a/2
+++ b/2
@ -1 +1 @@
-731c7d3a205ba89b475b2aa71b5f13dd6ae3de56
+d52bd54db8be8999df6df5a776f38c4f8b5e9cea
--- a/kernel.spec
+++ b/kernel.spec
@ -69,7 +69,7 @@ Summary: The Linux kernel
 # The rc snapshot level
 %define rcrev 0
 # The git snapshot level
-%define gitrev 4
+%define gitrev 5
 # Set rpm version accordingly
 %define rpmversion 4.%{upstream_sublevel}.0
 %endif
@ -506,7 +506,6 @@ Patch422: geekbox-v4-device-tree-support.patch
 # This has major conflicts and needs to be rebased
 # Patch423: Initial-AllWinner-A64-and-PINE64-support.patch

-Patch424: arm64-pcie-acpi.patch
 Patch425: arm64-pcie-quirks-xgene.patch

 # http://www.spinics.net/lists/linux-tegra/msg26029.html
@ -605,10 +604,6 @@ Patch835: 0001-Work-around-for-addition-of-metag-def-but-not-reloca.patch
 # https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org/message/A4YCP7OGMX6JLFT5V44H57GOMAQLC3M4/
 Patch839: drm-i915-Acquire-audio-powerwell-for-HD-Audio-regist.patch

-#CVE-2016-5412 rhbz 1349916 1361040
-Patch842: kvm-ppc-Book3S-HV-Pull-out-TM-state-save.patch
-Patch843: kvm-ppc-Book3S-HV-Save-restore-TM-state.patch
-
 # END OF PATCH DEFINITIONS

 %endif
@ -2143,6 +2138,9 @@ fi
 #
 # 
 %changelog
+* Wed Aug 03 2016 Laura Abbott <labbott@redhat.com> - 4.8.0-0.rc0.git5.1
+- Linux v4.7-11470-gd52bd54
+
 * Tue Aug  2 2016 Hans de Goede <jwrdegoede@fedoraproject.org>
 - Sync skylake hdaudio __unclaimed_reg WARN_ON fix with latest upstream version
 - Drop drm-i915-skl-Add-support-for-the-SAGV-fix-underrun-hangs.patch for now
--- a/kvm-ppc-Book3S-HV-Pull-out-TM-state-save.patch
+++ b/kvm-ppc-Book3S-HV-Pull-out-TM-state-save.patch
@ -1,506 +0,0 @@
-Subject:    [PATCH 1/2] KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures
-From:       Paul Mackerras <paulus@ozlabs.org>
-Date:       2016-07-28 6:11:18
-
-This moves the transactional memory state save and restore sequences
-out of the guest entry/exit paths into separate procedures.  This is
-so that these sequences can be used in going into and out of nap
-in a subsequent patch.
-
-The only code changes here are (a) saving and restore LR on the
-stack, since these new procedures get called with a bl instruction,
-(b) explicitly saving r1 into the PACA instead of assuming that
-HSTATE_HOST_R1(r13) is already set, and (c) removing an unnecessary
-and redundant setting of MSR[TM] that should have been removed by
-commit 9d4d0bdd9e0a ("KVM: PPC: Book3S HV: Add transactional memory
-support", 2013-09-24) but wasn't.
-
-Cc: stable@vger.kernel.org # v3.15+
-Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
---
- arch/powerpc/kvm/book3s_hv_rmhandlers.S | 449 +++++++++++++++++---------------
- 1 file changed, 237 insertions(+), 212 deletions(-)
-
-diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
-index 0d246fc..cfa4031 100644
--- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
-+++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
-@@ -689,112 +689,8 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
- 
- #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
- BEGIN_FTR_SECTION
-	b	skip_tm
-END_FTR_SECTION_IFCLR(CPU_FTR_TM)
-
-	/* Turn on TM/FP/VSX/VMX so we can restore them. */
-	mfmsr	r5
-	li	r6, MSR_TM >> 32
-	sldi	r6, r6, 32
-	or	r5, r5, r6
-	ori	r5, r5, MSR_FP
-	oris	r5, r5, (MSR_VEC | MSR_VSX)@h
-	mtmsrd	r5
-
-	/*
-	 * The user may change these outside of a transaction, so they must
-	 * always be context switched.
-	 */
-	ld	r5, VCPU_TFHAR(r4)
-	ld	r6, VCPU_TFIAR(r4)
-	ld	r7, VCPU_TEXASR(r4)
-	mtspr	SPRN_TFHAR, r5
-	mtspr	SPRN_TFIAR, r6
-	mtspr	SPRN_TEXASR, r7
-
-	ld	r5, VCPU_MSR(r4)
-	rldicl. r5, r5, 64 - MSR_TS_S_LG, 62
-	beq	skip_tm	/* TM not active in guest */
-
-	/* Make sure the failure summary is set, otherwise we'll program check
-	 * when we trechkpt.  It's possible that this might have been not set
-	 * on a kvmppc_set_one_reg() call but we shouldn't let this crash the
-	 * host.
-	 */
-	oris	r7, r7, (TEXASR_FS)@h
-	mtspr	SPRN_TEXASR, r7
-
-	/*
-	 * We need to load up the checkpointed state for the guest.
-	 * We need to do this early as it will blow away any GPRs, VSRs and
-	 * some SPRs.
-	 */
-
-	mr	r31, r4
-	addi	r3, r31, VCPU_FPRS_TM
-	bl	load_fp_state
-	addi	r3, r31, VCPU_VRS_TM
-	bl	load_vr_state
-	mr	r4, r31
-	lwz	r7, VCPU_VRSAVE_TM(r4)
-	mtspr	SPRN_VRSAVE, r7
-
-	ld	r5, VCPU_LR_TM(r4)
-	lwz	r6, VCPU_CR_TM(r4)
-	ld	r7, VCPU_CTR_TM(r4)
-	ld	r8, VCPU_AMR_TM(r4)
-	ld	r9, VCPU_TAR_TM(r4)
-	mtlr	r5
-	mtcr	r6
-	mtctr	r7
-	mtspr	SPRN_AMR, r8
-	mtspr	SPRN_TAR, r9
-
-	/*
-	 * Load up PPR and DSCR values but don't put them in the actual SPRs
-	 * till the last moment to avoid running with userspace PPR and DSCR for
-	 * too long.
-	 */
-	ld	r29, VCPU_DSCR_TM(r4)
-	ld	r30, VCPU_PPR_TM(r4)
-
-	std	r2, PACATMSCRATCH(r13) /* Save TOC */
-
-	/* Clear the MSR RI since r1, r13 are all going to be foobar. */
-	li	r5, 0
-	mtmsrd	r5, 1
-
-	/* Load GPRs r0-r28 */
-	reg = 0
-	.rept	29
-	ld	reg, VCPU_GPRS_TM(reg)(r31)
-	reg = reg + 1
-	.endr
-
-	mtspr	SPRN_DSCR, r29
-	mtspr	SPRN_PPR, r30
-
-	/* Load final GPRs */
-	ld	29, VCPU_GPRS_TM(29)(r31)
-	ld	30, VCPU_GPRS_TM(30)(r31)
-	ld	31, VCPU_GPRS_TM(31)(r31)
-
-	/* TM checkpointed state is now setup.  All GPRs are now volatile. */
-	TRECHKPT
-
-	/* Now let's get back the state we need. */
-	HMT_MEDIUM
-	GET_PACA(r13)
-	ld	r29, HSTATE_DSCR(r13)
-	mtspr	SPRN_DSCR, r29
-	ld	r4, HSTATE_KVM_VCPU(r13)
-	ld	r1, HSTATE_HOST_R1(r13)
-	ld	r2, PACATMSCRATCH(r13)
-
-	/* Set the MSR RI since we have our registers back. */
-	li	r5, MSR_RI
-	mtmsrd	r5, 1
-skip_tm:
-+	bl	kvmppc_restore_tm
-+END_FTR_SECTION_IFSET(CPU_FTR_TM)
- #endif
- 
- 	/* Load guest PMU registers */
-@@ -875,12 +771,6 @@ BEGIN_FTR_SECTION
- 	/* Skip next section on POWER7 */
- 	b	8f
- END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
-	/* Turn on TM so we can access TFHAR/TFIAR/TEXASR */
-	mfmsr	r8
-	li	r0, 1
-	rldimi	r8, r0, MSR_TM_LG, 63-MSR_TM_LG
-	mtmsrd	r8
-
- 	/* Load up POWER8-specific registers */
- 	ld	r5, VCPU_IAMR(r4)
- 	lwz	r6, VCPU_PSPB(r4)
-@@ -1470,106 +1360,8 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
- 
- #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
- BEGIN_FTR_SECTION
-	b	2f
-END_FTR_SECTION_IFCLR(CPU_FTR_TM)
-	/* Turn on TM. */
-	mfmsr	r8
-	li	r0, 1
-	rldimi	r8, r0, MSR_TM_LG, 63-MSR_TM_LG
-	mtmsrd	r8
-
-	ld	r5, VCPU_MSR(r9)
-	rldicl. r5, r5, 64 - MSR_TS_S_LG, 62
-	beq	1f	/* TM not active in guest. */
-
-	li	r3, TM_CAUSE_KVM_RESCHED
-
-	/* Clear the MSR RI since r1, r13 are all going to be foobar. */
-	li	r5, 0
-	mtmsrd	r5, 1
-
-	/* All GPRs are volatile at this point. */
-	TRECLAIM(R3)
-
-	/* Temporarily store r13 and r9 so we have some regs to play with */
-	SET_SCRATCH0(r13)
-	GET_PACA(r13)
-	std	r9, PACATMSCRATCH(r13)
-	ld	r9, HSTATE_KVM_VCPU(r13)
-
-	/* Get a few more GPRs free. */
-	std	r29, VCPU_GPRS_TM(29)(r9)
-	std	r30, VCPU_GPRS_TM(30)(r9)
-	std	r31, VCPU_GPRS_TM(31)(r9)
-
-	/* Save away PPR and DSCR soon so don't run with user values. */
-	mfspr	r31, SPRN_PPR
-	HMT_MEDIUM
-	mfspr	r30, SPRN_DSCR
-	ld	r29, HSTATE_DSCR(r13)
-	mtspr	SPRN_DSCR, r29
-
-	/* Save all but r9, r13 & r29-r31 */
-	reg = 0
-	.rept	29
-	.if (reg != 9) && (reg != 13)
-	std	reg, VCPU_GPRS_TM(reg)(r9)
-	.endif
-	reg = reg + 1
-	.endr
-	/* ... now save r13 */
-	GET_SCRATCH0(r4)
-	std	r4, VCPU_GPRS_TM(13)(r9)
-	/* ... and save r9 */
-	ld	r4, PACATMSCRATCH(r13)
-	std	r4, VCPU_GPRS_TM(9)(r9)
-
-	/* Reload stack pointer and TOC. */
-	ld	r1, HSTATE_HOST_R1(r13)
-	ld	r2, PACATOC(r13)
-
-	/* Set MSR RI now we have r1 and r13 back. */
-	li	r5, MSR_RI
-	mtmsrd	r5, 1
-
-	/* Save away checkpinted SPRs. */
-	std	r31, VCPU_PPR_TM(r9)
-	std	r30, VCPU_DSCR_TM(r9)
-	mflr	r5
-	mfcr	r6
-	mfctr	r7
-	mfspr	r8, SPRN_AMR
-	mfspr	r10, SPRN_TAR
-	std	r5, VCPU_LR_TM(r9)
-	stw	r6, VCPU_CR_TM(r9)
-	std	r7, VCPU_CTR_TM(r9)
-	std	r8, VCPU_AMR_TM(r9)
-	std	r10, VCPU_TAR_TM(r9)
-
-	/* Restore r12 as trap number. */
-	lwz	r12, VCPU_TRAP(r9)
-
-	/* Save FP/VSX. */
-	addi	r3, r9, VCPU_FPRS_TM
-	bl	store_fp_state
-	addi	r3, r9, VCPU_VRS_TM
-	bl	store_vr_state
-	mfspr	r6, SPRN_VRSAVE
-	stw	r6, VCPU_VRSAVE_TM(r9)
-1:
-	/*
-	 * We need to save these SPRs after the treclaim so that the software
-	 * error code is recorded correctly in the TEXASR.  Also the user may
-	 * change these outside of a transaction, so they must always be
-	 * context switched.
-	 */
-	mfspr	r5, SPRN_TFHAR
-	mfspr	r6, SPRN_TFIAR
-	mfspr	r7, SPRN_TEXASR
-	std	r5, VCPU_TFHAR(r9)
-	std	r6, VCPU_TFIAR(r9)
-	std	r7, VCPU_TEXASR(r9)
-2:
-+	bl	kvmppc_save_tm
-+END_FTR_SECTION_IFSET(CPU_FTR_TM)
- #endif
- 
- 	/* Increment yield count if they have a VPA */
-@@ -2694,6 +2486,239 @@ END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
- 	mr	r4,r31
- 	blr
- 
-+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
-+/*
-+ * Save transactional state and TM-related registers.
-+ * Called with r9 pointing to the vcpu struct.
-+ * This can modify all checkpointed registers, but
-+ * restores r1, r2 and r9 (vcpu pointer) before exit.
-+ */
-+kvmppc_save_tm:
-+	mflr	r0
-+	std	r0, PPC_LR_STKOFF(r1)
-+
-+	/* Turn on TM. */
-+	mfmsr	r8
-+	li	r0, 1
-+	rldimi	r8, r0, MSR_TM_LG, 63-MSR_TM_LG
-+	mtmsrd	r8
-+
-+	ld	r5, VCPU_MSR(r9)
-+	rldicl. r5, r5, 64 - MSR_TS_S_LG, 62
-+	beq	1f	/* TM not active in guest. */
-+
-+	std	r1, HSTATE_HOST_R1(r13)
-+	li	r3, TM_CAUSE_KVM_RESCHED
-+
-+	/* Clear the MSR RI since r1, r13 are all going to be foobar. */
-+	li	r5, 0
-+	mtmsrd	r5, 1
-+
-+	/* All GPRs are volatile at this point. */
-+	TRECLAIM(R3)
-+
-+	/* Temporarily store r13 and r9 so we have some regs to play with */
-+	SET_SCRATCH0(r13)
-+	GET_PACA(r13)
-+	std	r9, PACATMSCRATCH(r13)
-+	ld	r9, HSTATE_KVM_VCPU(r13)
-+
-+	/* Get a few more GPRs free. */
-+	std	r29, VCPU_GPRS_TM(29)(r9)
-+	std	r30, VCPU_GPRS_TM(30)(r9)
-+	std	r31, VCPU_GPRS_TM(31)(r9)
-+
-+	/* Save away PPR and DSCR soon so don't run with user values. */
-+	mfspr	r31, SPRN_PPR
-+	HMT_MEDIUM
-+	mfspr	r30, SPRN_DSCR
-+	ld	r29, HSTATE_DSCR(r13)
-+	mtspr	SPRN_DSCR, r29
-+
-+	/* Save all but r9, r13 & r29-r31 */
-+	reg = 0
-+	.rept	29
-+	.if (reg != 9) && (reg != 13)
-+	std	reg, VCPU_GPRS_TM(reg)(r9)
-+	.endif
-+	reg = reg + 1
-+	.endr
-+	/* ... now save r13 */
-+	GET_SCRATCH0(r4)
-+	std	r4, VCPU_GPRS_TM(13)(r9)
-+	/* ... and save r9 */
-+	ld	r4, PACATMSCRATCH(r13)
-+	std	r4, VCPU_GPRS_TM(9)(r9)
-+
-+	/* Reload stack pointer and TOC. */
-+	ld	r1, HSTATE_HOST_R1(r13)
-+	ld	r2, PACATOC(r13)
-+
-+	/* Set MSR RI now we have r1 and r13 back. */
-+	li	r5, MSR_RI
-+	mtmsrd	r5, 1
-+
-+	/* Save away checkpinted SPRs. */
-+	std	r31, VCPU_PPR_TM(r9)
-+	std	r30, VCPU_DSCR_TM(r9)
-+	mflr	r5
-+	mfcr	r6
-+	mfctr	r7
-+	mfspr	r8, SPRN_AMR
-+	mfspr	r10, SPRN_TAR
-+	std	r5, VCPU_LR_TM(r9)
-+	stw	r6, VCPU_CR_TM(r9)
-+	std	r7, VCPU_CTR_TM(r9)
-+	std	r8, VCPU_AMR_TM(r9)
-+	std	r10, VCPU_TAR_TM(r9)
-+
-+	/* Restore r12 as trap number. */
-+	lwz	r12, VCPU_TRAP(r9)
-+
-+	/* Save FP/VSX. */
-+	addi	r3, r9, VCPU_FPRS_TM
-+	bl	store_fp_state
-+	addi	r3, r9, VCPU_VRS_TM
-+	bl	store_vr_state
-+	mfspr	r6, SPRN_VRSAVE
-+	stw	r6, VCPU_VRSAVE_TM(r9)
-+1:
-+	/*
-+	 * We need to save these SPRs after the treclaim so that the software
-+	 * error code is recorded correctly in the TEXASR.  Also the user may
-+	 * change these outside of a transaction, so they must always be
-+	 * context switched.
-+	 */
-+	mfspr	r5, SPRN_TFHAR
-+	mfspr	r6, SPRN_TFIAR
-+	mfspr	r7, SPRN_TEXASR
-+	std	r5, VCPU_TFHAR(r9)
-+	std	r6, VCPU_TFIAR(r9)
-+	std	r7, VCPU_TEXASR(r9)
-+
-+	ld	r0, PPC_LR_STKOFF(r1)
-+	mtlr	r0
-+	blr
-+
-+/*
-+ * Restore transactional state and TM-related registers.
-+ * Called with r4 pointing to the vcpu struct.
-+ * This potentially modifies all checkpointed registers.
-+ * It restores r1, r2, r4 from the PACA.
-+ */
-+kvmppc_restore_tm:
-+	mflr	r0
-+	std	r0, PPC_LR_STKOFF(r1)
-+
-+	/* Turn on TM/FP/VSX/VMX so we can restore them. */
-+	mfmsr	r5
-+	li	r6, MSR_TM >> 32
-+	sldi	r6, r6, 32
-+	or	r5, r5, r6
-+	ori	r5, r5, MSR_FP
-+	oris	r5, r5, (MSR_VEC | MSR_VSX)@h
-+	mtmsrd	r5
-+
-+	/*
-+	 * The user may change these outside of a transaction, so they must
-+	 * always be context switched.
-+	 */
-+	ld	r5, VCPU_TFHAR(r4)
-+	ld	r6, VCPU_TFIAR(r4)
-+	ld	r7, VCPU_TEXASR(r4)
-+	mtspr	SPRN_TFHAR, r5
-+	mtspr	SPRN_TFIAR, r6
-+	mtspr	SPRN_TEXASR, r7
-+
-+	ld	r5, VCPU_MSR(r4)
-+	rldicl. r5, r5, 64 - MSR_TS_S_LG, 62
-+	beqlr		/* TM not active in guest */
-+	std	r1, HSTATE_HOST_R1(r13)
-+
-+	/* Make sure the failure summary is set, otherwise we'll program check
-+	 * when we trechkpt.  It's possible that this might have been not set
-+	 * on a kvmppc_set_one_reg() call but we shouldn't let this crash the
-+	 * host.
-+	 */
-+	oris	r7, r7, (TEXASR_FS)@h
-+	mtspr	SPRN_TEXASR, r7
-+
-+	/*
-+	 * We need to load up the checkpointed state for the guest.
-+	 * We need to do this early as it will blow away any GPRs, VSRs and
-+	 * some SPRs.
-+	 */
-+
-+	mr	r31, r4
-+	addi	r3, r31, VCPU_FPRS_TM
-+	bl	load_fp_state
-+	addi	r3, r31, VCPU_VRS_TM
-+	bl	load_vr_state
-+	mr	r4, r31
-+	lwz	r7, VCPU_VRSAVE_TM(r4)
-+	mtspr	SPRN_VRSAVE, r7
-+
-+	ld	r5, VCPU_LR_TM(r4)
-+	lwz	r6, VCPU_CR_TM(r4)
-+	ld	r7, VCPU_CTR_TM(r4)
-+	ld	r8, VCPU_AMR_TM(r4)
-+	ld	r9, VCPU_TAR_TM(r4)
-+	mtlr	r5
-+	mtcr	r6
-+	mtctr	r7
-+	mtspr	SPRN_AMR, r8
-+	mtspr	SPRN_TAR, r9
-+
-+	/*
-+	 * Load up PPR and DSCR values but don't put them in the actual SPRs
-+	 * till the last moment to avoid running with userspace PPR and DSCR for
-+	 * too long.
-+	 */
-+	ld	r29, VCPU_DSCR_TM(r4)
-+	ld	r30, VCPU_PPR_TM(r4)
-+
-+	std	r2, PACATMSCRATCH(r13) /* Save TOC */
-+
-+	/* Clear the MSR RI since r1, r13 are all going to be foobar. */
-+	li	r5, 0
-+	mtmsrd	r5, 1
-+
-+	/* Load GPRs r0-r28 */
-+	reg = 0
-+	.rept	29
-+	ld	reg, VCPU_GPRS_TM(reg)(r31)
-+	reg = reg + 1
-+	.endr
-+
-+	mtspr	SPRN_DSCR, r29
-+	mtspr	SPRN_PPR, r30
-+
-+	/* Load final GPRs */
-+	ld	29, VCPU_GPRS_TM(29)(r31)
-+	ld	30, VCPU_GPRS_TM(30)(r31)
-+	ld	31, VCPU_GPRS_TM(31)(r31)
-+
-+	/* TM checkpointed state is now setup.  All GPRs are now volatile. */
-+	TRECHKPT
-+
-+	/* Now let's get back the state we need. */
-+	HMT_MEDIUM
-+	GET_PACA(r13)
-+	ld	r29, HSTATE_DSCR(r13)
-+	mtspr	SPRN_DSCR, r29
-+	ld	r4, HSTATE_KVM_VCPU(r13)
-+	ld	r1, HSTATE_HOST_R1(r13)
-+	ld	r2, PACATMSCRATCH(r13)
-+
-+	/* Set the MSR RI since we have our registers back. */
-+	li	r5, MSR_RI
-+	mtmsrd	r5, 1
-+
-+	ld	r0, PPC_LR_STKOFF(r1)
-+	mtlr	r0
-+	blr
-+#endif
-+
- /*
-  * We come here if we get any exception or interrupt while we are
-  * executing host real mode code while in guest MMU context.
-- 
-2.8.0.rc3
--- a/kvm-ppc-Book3S-HV-Save-restore-TM-state.patch
+++ b/kvm-ppc-Book3S-HV-Save-restore-TM-state.patch
@ -1,67 +0,0 @@
-Subject:    [PATCH 2/2] KVM: PPC: Book3S HV: Save/restore TM state in H_CEDE
-From:       Paul Mackerras <paulus@ozlabs.org>
-Date:       2016-07-28 6:11:19
-
-It turns out that if the guest does a H_CEDE while the CPU is in
-a transactional state, and the H_CEDE does a nap, and the nap
-loses the architected state of the CPU (which is is allowed to do),
-then we lose the checkpointed state of the virtual CPU.  In addition,
-the transactional-memory state recorded in the MSR gets reset back
-to non-transactional, and when we try to return to the guest, we take
-a TM bad thing type of program interrupt because we are trying to
-transition from non-transactional to transactional with a hrfid
-instruction, which is not permitted.
-
-The result of the program interrupt occurring at that point is that
-the host CPU will hang in an infinite loop with interrupts disabled.
-Thus this is a denial of service vulnerability in the host which can
-be triggered by any guest (and depending on the guest kernel, it can
-potentially triggered by unprivileged userspace in the guest).
-
-This vulnerability has been assigned the ID CVE-2016-5412.
-
-To fix this, we save the TM state before napping and restore it
-on exit from the nap, when handling a H_CEDE in real mode.  The
-case where H_CEDE exits to host virtual mode is already OK (as are
-other hcalls which exit to host virtual mode) because the exit
-path saves the TM state.
-
-Cc: stable@vger.kernel.org # v3.15+
-Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
---
- arch/powerpc/kvm/book3s_hv_rmhandlers.S | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
-index cfa4031..543124f 100644
--- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
-+++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
-@@ -2093,6 +2093,13 @@ _GLOBAL(kvmppc_h_cede)		/* r3 = vcpu pointer, r11 = msr, r13 = paca */
- 	/* save FP state */
- 	bl	kvmppc_save_fp
- 
-+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
-+BEGIN_FTR_SECTION
-+	ld	r9, HSTATE_KVM_VCPU(r13)
-+	bl	kvmppc_save_tm
-+END_FTR_SECTION_IFSET(CPU_FTR_TM)
-+#endif
-+
- 	/*
- 	 * Set DEC to the smaller of DEC and HDEC, so that we wake
- 	 * no later than the end of our timeslice (HDEC interrupts
-@@ -2169,6 +2176,12 @@ kvm_end_cede:
- 	bl	kvmhv_accumulate_time
- #endif
- 
-+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
-+BEGIN_FTR_SECTION
-+	bl	kvmppc_restore_tm
-+END_FTR_SECTION_IFSET(CPU_FTR_TM)
-+#endif
-+
- 	/* load up FP state */
- 	bl	kvmppc_load_fp
- 
-- 
-2.8.0.rc3
--- a/2
+++ b/2
@ -1,3 +1,3 @@
 5276563eb1f39a048e4a8a887408c031  linux-4.7.tar.xz
 fe259c02c75eec61d1aa4b1211f3c853  perf-man-4.7.tar.gz
-6661b4dfc07bb1f534b89ad8a862543d  patch-4.7-git3.xz
+0578e1a487d8580174a3c5542687f8ca  patch-4.7-git5.xz