Merge branch 'master' into for-linus

author: Rafael J. Wysocki <rjw@sisk.pl> 2009-08-10 17:40:50 -0400
committer: Rafael J. Wysocki <rjw@sisk.pl> 2009-08-10 17:40:50 -0400
commit: dcbf77cac640af0ab944d5cbb07934bf6708b4d9 (patch)
tree: e2f4d1b3a1089ee10436cb19740a9cb99f2dc527 /arch/x86
parent: c00aafcd4977769e8728292302ddbbb8b1082fab (diff)
parent: 85dfd81dc57e8183a277ddd7a56aa65c96f3f487 (diff)
11 files changed, 128 insertions, 38 deletions
diff --git a/arch/x86/kernel/apic/x2apic_cluster.c b/arch/x86/kernel/apic/x2apic_cluster.c
index 2ed4e2bb3b32..a5371ec36776 100644
--- a/arch/x86/kernel/apic/x2apic_cluster.c
+++ b/arch/x86/kernel/apic/x2apic_cluster.c
@@ -17,11 +17,13 @@ static int x2apic_acpi_madt_oem_check(char *oem_id, char *oem_table_id)
        return x2apic_enabled();
 }
-/* Start with all IRQs pointing to boot CPU.  IRQ balancing will shift them. */
+/*
+ * need to use more than cpu 0, because we need more vectors when
+ * MSI-X are used.
+ */
 static const struct cpumask *x2apic_target_cpus(void)
 {
-        return cpumask_of(0);
+        return cpu_online_mask;
 }
 /*
diff --git a/arch/x86/kernel/apic/x2apic_phys.c b/arch/x86/kernel/apic/x2apic_phys.c
index 0b631c6a2e00..a8989aadc99a 100644
--- a/arch/x86/kernel/apic/x2apic_phys.c
+++ b/arch/x86/kernel/apic/x2apic_phys.c
@@ -27,11 +27,13 @@ static int x2apic_acpi_madt_oem_check(char *oem_id, char *oem_table_id)
                return 0;
 }
-/* Start with all IRQs pointing to boot CPU.  IRQ balancing will shift them. */
+/*
+ * need to use more than cpu 0, because we need more vectors when
+ * MSI-X are used.
+ */
 static const struct cpumask *x2apic_target_cpus(void)
 {
-        return cpumask_of(0);
+        return cpu_online_mask;
 }
 static void x2apic_vector_allocation_domain(int cpu, struct cpumask *retmask)
diff --git a/arch/x86/kernel/efi.c b/arch/x86/kernel/efi.c
index 19ccf6d0dccf..fe26ba3e3451 100644
--- a/arch/x86/kernel/efi.c
+++ b/arch/x86/kernel/efi.c
@@ -354,7 +354,7 @@ void __init efi_init(void)
         */
        c16 = tmp = early_ioremap(efi.systab->fw_vendor, 2);
        if (c16) {
-                for (i = 0; i < sizeof(vendor) && *c16; ++i)
+                for (i = 0; i < sizeof(vendor) - 1 && *c16; ++i)
                        vendor[i] = *c16++;
                vendor[i] = '\0';
        } else
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
index 834c9da8bf9d..9eb897603705 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -405,7 +405,7 @@ EXPORT_SYMBOL(machine_real_restart);
 #endif /* CONFIG_X86_32 */
 /*
- * Apple MacBook5,2 (2009 MacBook) needs reboot=p
+ * Some Apple MacBook and MacBookPro's needs reboot=p to be able to reboot
 */
 static int __init set_pci_reboot(const struct dmi_system_id *d)
 {
@@ -426,6 +426,14 @@ static struct dmi_system_id __initdata pci_reboot_dmi_table[] = {
                        DMI_MATCH(DMI_PRODUCT_NAME, "MacBook5,2"),
                },
        },
+        {       /* Handle problems with rebooting on Apple MacBookPro5,1 */
+                .callback = set_pci_reboot,
+                .ident = "Apple MacBookPro5,1",
+                .matches = {
+                        DMI_MATCH(DMI_SYS_VENDOR, "Apple Inc."),
+                        DMI_MATCH(DMI_PRODUCT_NAME, "MacBookPro5,1"),
+                },
+        },
        { }
 };
diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
index 6e1a368d21d4..71f4368b357e 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -275,15 +275,20 @@ static unsigned long pit_calibrate_tsc(u32 latch, unsigned long ms, int loopmin)
 * use the TSC value at the transitions to calculate a pretty
 * good value for the TSC frequencty.
 */
+static inline int pit_verify_msb(unsigned char val)
+{
+        /* Ignore LSB */
+        inb(0x42);
+        return inb(0x42) == val;
+}
 static inline int pit_expect_msb(unsigned char val, u64 *tscp, unsigned long *deltap)
 {
        int count;
        u64 tsc = 0;
        for (count = 0; count < 50000; count++) {
-                /* Ignore LSB */
+                if (!pit_verify_msb(val))
-                inb(0x42);
-                if (inb(0x42) != val)
                        break;
                tsc = get_cycles();
        }
@@ -336,8 +341,7 @@ static unsigned long quick_pit_calibrate(void)
         * to do that is to just read back the 16-bit counter
         * once from the PIT.
         */
-        inb(0x42);
+        pit_verify_msb(0);
-        inb(0x42);
        if (pit_expect_msb(0xff, &tsc, &d1)) {
                for (i = 1; i <= MAX_QUICK_PIT_ITERATIONS; i++) {
@@ -348,8 +352,19 @@ static unsigned long quick_pit_calibrate(void)
                         * Iterate until the error is less than 500 ppm
                         */
                        delta -= tsc;
-                        if (d1+d2 < delta >> 11)
+                        if (d1+d2 >= delta >> 11)
-                                goto success;
+                                continue;
+                        /*
+                         * Check the PIT one more time to verify that
+                         * all TSC reads were stable wrt the PIT.
+                         *
+                         * This also guarantees serialization of the
+                         * last cycle read ('d2') in pit_expect_msb.
+                         */
+                        if (!pit_verify_msb(0xfe - i))
+                                break;
+                        goto success;
                }
        }
        printk("Fast TSC calibration failed\n");
diff --git a/arch/x86/kernel/vmi_32.c b/arch/x86/kernel/vmi_32.c
index b263423fbe2a..95a7289e4b0c 100644
--- a/arch/x86/kernel/vmi_32.c
+++ b/arch/x86/kernel/vmi_32.c
@@ -441,7 +441,7 @@ vmi_startup_ipi_hook(int phys_apicid, unsigned long start_eip,
        ap.ds = __USER_DS;
        ap.es = __USER_DS;
        ap.fs = __KERNEL_PERCPU;
-        ap.gs = 0;
+        ap.gs = __KERNEL_STACK_CANARY;
        ap.eflags = 0;
diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
index 4d6f0d293ee2..21f68e00524f 100644
--- a/arch/x86/kvm/i8254.c
+++ b/arch/x86/kvm/i8254.c
@@ -104,6 +104,9 @@ static s64 __kpit_elapsed(struct kvm *kvm)
        ktime_t remaining;
        struct kvm_kpit_state *ps = &kvm->arch.vpit->pit_state;
+        if (!ps->pit_timer.period)
+                return 0;
        /*
         * The Counter does not stop when it reaches zero. In
         * Modes 0, 1, 4, and 5 the Counter ``wraps around'' to
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 7030b5f911bf..0ef5bb2b4043 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -489,16 +489,20 @@ static unsigned long *gfn_to_rmap(struct kvm *kvm, gfn_t gfn, int lpage)
 *
 * If rmapp bit zero is one, (then rmap & ~1) points to a struct kvm_rmap_desc
 * containing more mappings.
+ *
+ * Returns the number of rmap entries before the spte was added or zero if
+ * the spte was not added.
+ *
 */
-static void rmap_add(struct kvm_vcpu *vcpu, u64 *spte, gfn_t gfn, int lpage)
+static int rmap_add(struct kvm_vcpu *vcpu, u64 *spte, gfn_t gfn, int lpage)
 {
        struct kvm_mmu_page *sp;
        struct kvm_rmap_desc *desc;
        unsigned long *rmapp;
-        int i;
+        int i, count = 0;
        if (!is_rmap_pte(*spte))
-                return;
+                return count;
        gfn = unalias_gfn(vcpu->kvm, gfn);
        sp = page_header(__pa(spte));
        sp->gfns[spte - sp->spt] = gfn;
@@ -515,8 +519,10 @@ static void rmap_add(struct kvm_vcpu *vcpu, u64 *spte, gfn_t gfn, int lpage)
        } else {
                rmap_printk("rmap_add: %p %llx many->many\n", spte, *spte);
                desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
-                while (desc->shadow_ptes[RMAP_EXT-1] && desc->more)
+                while (desc->shadow_ptes[RMAP_EXT-1] && desc->more) {
                        desc = desc->more;
+                        count += RMAP_EXT;
+                }
                if (desc->shadow_ptes[RMAP_EXT-1]) {
                        desc->more = mmu_alloc_rmap_desc(vcpu);
                        desc = desc->more;
@@ -525,6 +531,7 @@ static void rmap_add(struct kvm_vcpu *vcpu, u64 *spte, gfn_t gfn, int lpage)
                        ;
                desc->shadow_ptes[i] = spte;
        }
+        return count;
 }
 static void rmap_desc_remove_entry(unsigned long *rmapp,
@@ -754,6 +761,19 @@ static int kvm_age_rmapp(struct kvm *kvm, unsigned long *rmapp)
        return young;
 }
+#define RMAP_RECYCLE_THRESHOLD 1000
+static void rmap_recycle(struct kvm_vcpu *vcpu, gfn_t gfn, int lpage)
+{
+        unsigned long *rmapp;
+        gfn = unalias_gfn(vcpu->kvm, gfn);
+        rmapp = gfn_to_rmap(vcpu->kvm, gfn, lpage);
+        kvm_unmap_rmapp(vcpu->kvm, rmapp);
+        kvm_flush_remote_tlbs(vcpu->kvm);
+}
 int kvm_age_hva(struct kvm *kvm, unsigned long hva)
 {
        return kvm_handle_hva(kvm, hva, kvm_age_rmapp);
@@ -1407,24 +1427,25 @@ static int kvm_mmu_zap_page(struct kvm *kvm, struct kvm_mmu_page *sp)
 */
 void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages)
 {
+        int used_pages;
+        used_pages = kvm->arch.n_alloc_mmu_pages - kvm->arch.n_free_mmu_pages;
+        used_pages = max(0, used_pages);
        /*
         * If we set the number of mmu pages to be smaller be than the
         * number of actived pages , we must to free some mmu pages before we
         * change the value
         */
-        if ((kvm->arch.n_alloc_mmu_pages - kvm->arch.n_free_mmu_pages) >
+        if (used_pages > kvm_nr_mmu_pages) {
-            kvm_nr_mmu_pages) {
+                while (used_pages > kvm_nr_mmu_pages) {
-                int n_used_mmu_pages = kvm->arch.n_alloc_mmu_pages
-                                       - kvm->arch.n_free_mmu_pages;
-                while (n_used_mmu_pages > kvm_nr_mmu_pages) {
                        struct kvm_mmu_page *page;
                        page = container_of(kvm->arch.active_mmu_pages.prev,
                                            struct kvm_mmu_page, link);
                        kvm_mmu_zap_page(kvm, page);
-                        n_used_mmu_pages--;
+                        used_pages--;
                }
                kvm->arch.n_free_mmu_pages = 0;
        }
@@ -1740,6 +1761,7 @@ static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
 {
        int was_rmapped = 0;
        int was_writeble = is_writeble_pte(*shadow_pte);
+        int rmap_count;
        pgprintk("%s: spte %llx access %x write_fault %d"
                 " user_fault %d gfn %lx\n",
@@ -1781,9 +1803,11 @@ static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
        page_header_update_slot(vcpu->kvm, shadow_pte, gfn);
        if (!was_rmapped) {
-                rmap_add(vcpu, shadow_pte, gfn, largepage);
+                rmap_count = rmap_add(vcpu, shadow_pte, gfn, largepage);
                if (!is_rmap_pte(*shadow_pte))
                        kvm_release_pfn_clean(pfn);
+                if (rmap_count > RMAP_RECYCLE_THRESHOLD)
+                        rmap_recycle(vcpu, gfn, largepage);
        } else {
                if (was_writeble)
                        kvm_release_pfn_dirty(pfn);
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 71510e07e69e..b1f658ad2f06 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -711,6 +711,7 @@ static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
                svm->vmcb->control.tsc_offset += delta;
                vcpu->cpu = cpu;
                kvm_migrate_timers(vcpu);
+                svm->asid_generation = 0;
        }
        for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++)
@@ -1031,7 +1032,6 @@ static void new_asid(struct vcpu_svm *svm, struct svm_cpu_data *svm_data)
                svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ALL_ASID;
        }
-        svm->vcpu.cpu = svm_data->cpu;
        svm->asid_generation = svm_data->asid_generation;
        svm->vmcb->control.asid = svm_data->next_asid++;
 }
@@ -2300,8 +2300,8 @@ static void pre_svm_run(struct vcpu_svm *svm)
        struct svm_cpu_data *svm_data = per_cpu(svm_data, cpu);
        svm->vmcb->control.tlb_ctl = TLB_CONTROL_DO_NOTHING;
-        if (svm->vcpu.cpu != cpu ||
+        /* FIXME: handle wraparound of asid_generation */
-            svm->asid_generation != svm_data->asid_generation)
+        if (svm->asid_generation != svm_data->asid_generation)
                new_asid(svm, svm_data);
 }
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 356a0ce85c68..29f912927a58 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -3157,8 +3157,8 @@ static void handle_invalid_guest_state(struct kvm_vcpu *vcpu,
        struct vcpu_vmx *vmx = to_vmx(vcpu);
        enum emulation_result err = EMULATE_DONE;
-        preempt_enable();
        local_irq_enable();
+        preempt_enable();
        while (!guest_state_valid(vcpu)) {
                err = emulate_instruction(vcpu, kvm_run, 0, 0, 0);
@@ -3168,7 +3168,7 @@ static void handle_invalid_guest_state(struct kvm_vcpu *vcpu,
                if (err != EMULATE_DONE) {
                        kvm_report_emulation_failure(vcpu, "emulation failure");
-                        return;
+                        break;
                }
                if (signal_pending(current))
@@ -3177,8 +3177,8 @@ static void handle_invalid_guest_state(struct kvm_vcpu *vcpu,
                        schedule();
        }
-        local_irq_disable();
        preempt_disable();
+        local_irq_disable();
        vmx->invalid_state_emulation_result = err;
 }
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index fe5474aec41a..3d4529011828 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -704,11 +704,48 @@ static bool msr_mtrr_valid(unsigned msr)
        return false;
 }
+static bool valid_pat_type(unsigned t)
+{
+        return t < 8 && (1 << t) & 0xf3; /* 0, 1, 4, 5, 6, 7 */
+}
+static bool valid_mtrr_type(unsigned t)
+{
+        return t < 8 && (1 << t) & 0x73; /* 0, 1, 4, 5, 6 */
+}
+static bool mtrr_valid(struct kvm_vcpu *vcpu, u32 msr, u64 data)
+{
+        int i;
+        if (!msr_mtrr_valid(msr))
+                return false;
+        if (msr == MSR_IA32_CR_PAT) {
+                for (i = 0; i < 8; i++)
+                        if (!valid_pat_type((data >> (i * 8)) & 0xff))
+                                return false;
+                return true;
+        } else if (msr == MSR_MTRRdefType) {
+                if (data & ~0xcff)
+                        return false;
+                return valid_mtrr_type(data & 0xff);
+        } else if (msr >= MSR_MTRRfix64K_00000 && msr <= MSR_MTRRfix4K_F8000) {
+                for (i = 0; i < 8 ; i++)
+                        if (!valid_mtrr_type((data >> (i * 8)) & 0xff))
+                                return false;
+                return true;
+        }
+        /* variable MTRRs */
+        return valid_mtrr_type(data & 0xff);
+}
 static int set_msr_mtrr(struct kvm_vcpu *vcpu, u32 msr, u64 data)
 {
        u64 *p = (u64 *)&vcpu->arch.mtrr_state.fixed_ranges;
-        if (!msr_mtrr_valid(msr))
+        if (!mtrr_valid(vcpu, msr, data))
                return 1;
        if (msr == MSR_MTRRdefType) {
@@ -1079,14 +1116,13 @@ long kvm_arch_dev_ioctl(struct file *filp,
                if (copy_to_user(user_msr_list, &msr_list, sizeof msr_list))
                        goto out;
                r = -E2BIG;
-                if (n < num_msrs_to_save)
+                if (n < msr_list.nmsrs)
                        goto out;
                r = -EFAULT;
                if (copy_to_user(user_msr_list->indices, &msrs_to_save,
                                 num_msrs_to_save * sizeof(u32)))
                        goto out;
-                if (copy_to_user(user_msr_list->indices
+                if (copy_to_user(user_msr_list->indices + num_msrs_to_save,
-                                 + num_msrs_to_save * sizeof(u32),
                                 &emulated_msrs,
                                 ARRAY_SIZE(emulated_msrs) * sizeof(u32)))
                        goto out;
author	Rafael J. Wysocki <rjw@sisk.pl>	2009-08-10 17:40:50 -0400
committer	Rafael J. Wysocki <rjw@sisk.pl>	2009-08-10 17:40:50 -0400
commit	dcbf77cac640af0ab944d5cbb07934bf6708b4d9 (patch)
tree	e2f4d1b3a1089ee10436cb19740a9cb99f2dc527 /arch/x86
parent	c00aafcd4977769e8728292302ddbbb8b1082fab (diff)
parent	85dfd81dc57e8183a277ddd7a56aa65c96f3f487 (diff)

diff --git a/arch/x86/kernel/apic/x2apic_cluster.c b/arch/x86/kernel/apic/x2apic_cluster.c index 2ed4e2bb3b32..a5371ec36776 100644 --- a/arch/x86/kernel/apic/x2apic_cluster.c +++ b/arch/x86/kernel/apic/x2apic_cluster.c
@@ -17,11 +17,13 @@ static int x2apic_acpi_madt_oem_check(char oem_id, char oem_table_id)
17	return x2apic_enabled();	17	return x2apic_enabled();
18	}	18	}
19		19
20	/* Start with all IRQs pointing to boot CPU. IRQ balancing will shift them. */	20	/*
21		21	* need to use more than cpu 0, because we need more vectors when
		22	* MSI-X are used.
		23	*/
22	static const struct cpumask *x2apic_target_cpus(void)	24	static const struct cpumask *x2apic_target_cpus(void)
23	{	25	{
24	return cpumask_of(0);	26	return cpu_online_mask;
25	}	27	}
26		28
27	/*	29	/*


diff --git a/arch/x86/kernel/apic/x2apic_phys.c b/arch/x86/kernel/apic/x2apic_phys.c index 0b631c6a2e00..a8989aadc99a 100644 --- a/arch/x86/kernel/apic/x2apic_phys.c +++ b/arch/x86/kernel/apic/x2apic_phys.c
@@ -27,11 +27,13 @@ static int x2apic_acpi_madt_oem_check(char oem_id, char oem_table_id)
27	return 0;	27	return 0;
28	}	28	}
29		29
30	/* Start with all IRQs pointing to boot CPU. IRQ balancing will shift them. */	30	/*
31		31	* need to use more than cpu 0, because we need more vectors when
		32	* MSI-X are used.
		33	*/
32	static const struct cpumask *x2apic_target_cpus(void)	34	static const struct cpumask *x2apic_target_cpus(void)
33	{	35	{
34	return cpumask_of(0);	36	return cpu_online_mask;
35	}	37	}
36		38
37	static void x2apic_vector_allocation_domain(int cpu, struct cpumask *retmask)	39	static void x2apic_vector_allocation_domain(int cpu, struct cpumask *retmask)


diff --git a/arch/x86/kernel/efi.c b/arch/x86/kernel/efi.c index 19ccf6d0dccf..fe26ba3e3451 100644 --- a/arch/x86/kernel/efi.c +++ b/arch/x86/kernel/efi.c
@@ -354,7 +354,7 @@ void __init efi_init(void)
354	*/	354	*/
355	c16 = tmp = early_ioremap(efi.systab->fw_vendor, 2);	355	c16 = tmp = early_ioremap(efi.systab->fw_vendor, 2);
356	if (c16) {	356	if (c16) {
357	for (i = 0; i < sizeof(vendor) && *c16; ++i)	357	for (i = 0; i < sizeof(vendor) - 1 && *c16; ++i)
358	vendor[i] = *c16++;	358	vendor[i] = *c16++;
359	vendor[i] = '\0';	359	vendor[i] = '\0';
360	} else	360	} else


diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c index 834c9da8bf9d..9eb897603705 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c
@@ -405,7 +405,7 @@ EXPORT_SYMBOL(machine_real_restart);
405	#endif /* CONFIG_X86_32 */	405	#endif /* CONFIG_X86_32 */
406		406
407	/*	407	/*
408	* Apple MacBook5,2 (2009 MacBook) needs reboot=p	408	* Some Apple MacBook and MacBookPro's needs reboot=p to be able to reboot
409	*/	409	*/
410	static int __init set_pci_reboot(const struct dmi_system_id *d)	410	static int __init set_pci_reboot(const struct dmi_system_id *d)
411	{	411	{
@@ -426,6 +426,14 @@ static struct dmi_system_id __initdata pci_reboot_dmi_table[] = {
426	DMI_MATCH(DMI_PRODUCT_NAME, "MacBook5,2"),	426	DMI_MATCH(DMI_PRODUCT_NAME, "MacBook5,2"),
427	},	427	},
428	},	428	},
		429	{ /* Handle problems with rebooting on Apple MacBookPro5,1 */
		430	.callback = set_pci_reboot,
		431	.ident = "Apple MacBookPro5,1",
		432	.matches = {
		433	DMI_MATCH(DMI_SYS_VENDOR, "Apple Inc."),
		434	DMI_MATCH(DMI_PRODUCT_NAME, "MacBookPro5,1"),
		435	},
		436	},
429	{ }	437	{ }
430	};	438	};
431		439


diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c index 6e1a368d21d4..71f4368b357e 100644 --- a/arch/x86/kernel/tsc.c +++ b/arch/x86/kernel/tsc.c
@@ -275,15 +275,20 @@ static unsigned long pit_calibrate_tsc(u32 latch, unsigned long ms, int loopmin)
275	* use the TSC value at the transitions to calculate a pretty	275	* use the TSC value at the transitions to calculate a pretty
276	* good value for the TSC frequencty.	276	* good value for the TSC frequencty.
277	*/	277	*/
		278	static inline int pit_verify_msb(unsigned char val)
		279	{
		280	/* Ignore LSB */
		281	inb(0x42);
		282	return inb(0x42) == val;
		283	}
		284
278	static inline int pit_expect_msb(unsigned char val, u64 tscp, unsigned long deltap)	285	static inline int pit_expect_msb(unsigned char val, u64 tscp, unsigned long deltap)
279	{	286	{
280	int count;	287	int count;
281	u64 tsc = 0;	288	u64 tsc = 0;
282		289
283	for (count = 0; count < 50000; count++) {	290	for (count = 0; count < 50000; count++) {
284	/* Ignore LSB */	291	if (!pit_verify_msb(val))
285	inb(0x42);
286	if (inb(0x42) != val)
287	break;	292	break;
288	tsc = get_cycles();	293	tsc = get_cycles();
289	}	294	}
@@ -336,8 +341,7 @@ static unsigned long quick_pit_calibrate(void)
336	* to do that is to just read back the 16-bit counter	341	* to do that is to just read back the 16-bit counter
337	* once from the PIT.	342	* once from the PIT.
338	*/	343	*/
339	inb(0x42);	344	pit_verify_msb(0);
340	inb(0x42);
341		345
342	if (pit_expect_msb(0xff, &tsc, &d1)) {	346	if (pit_expect_msb(0xff, &tsc, &d1)) {
343	for (i = 1; i <= MAX_QUICK_PIT_ITERATIONS; i++) {	347	for (i = 1; i <= MAX_QUICK_PIT_ITERATIONS; i++) {
@@ -348,8 +352,19 @@ static unsigned long quick_pit_calibrate(void)
348	* Iterate until the error is less than 500 ppm	352	* Iterate until the error is less than 500 ppm
349	*/	353	*/
350	delta -= tsc;	354	delta -= tsc;
351	if (d1+d2 < delta >> 11)	355	if (d1+d2 >= delta >> 11)
352	goto success;	356	continue;
		357
		358	/*
		359	* Check the PIT one more time to verify that
		360	* all TSC reads were stable wrt the PIT.
		361	*
		362	* This also guarantees serialization of the
		363	* last cycle read ('d2') in pit_expect_msb.
		364	*/
		365	if (!pit_verify_msb(0xfe - i))
		366	break;
		367	goto success;
353	}	368	}
354	}	369	}
355	printk("Fast TSC calibration failed\n");	370	printk("Fast TSC calibration failed\n");


diff --git a/arch/x86/kernel/vmi_32.c b/arch/x86/kernel/vmi_32.c index b263423fbe2a..95a7289e4b0c 100644 --- a/arch/x86/kernel/vmi_32.c +++ b/arch/x86/kernel/vmi_32.c
@@ -441,7 +441,7 @@ vmi_startup_ipi_hook(int phys_apicid, unsigned long start_eip,
441	ap.ds = __USER_DS;	441	ap.ds = __USER_DS;
442	ap.es = __USER_DS;	442	ap.es = __USER_DS;
443	ap.fs = __KERNEL_PERCPU;	443	ap.fs = __KERNEL_PERCPU;
444	ap.gs = 0;	444	ap.gs = __KERNEL_STACK_CANARY;
445		445
446	ap.eflags = 0;	446	ap.eflags = 0;
447		447


diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c index 4d6f0d293ee2..21f68e00524f 100644 --- a/arch/x86/kvm/i8254.c +++ b/arch/x86/kvm/i8254.c
@@ -104,6 +104,9 @@ static s64 __kpit_elapsed(struct kvm *kvm)
104	ktime_t remaining;	104	ktime_t remaining;
105	struct kvm_kpit_state *ps = &kvm->arch.vpit->pit_state;	105	struct kvm_kpit_state *ps = &kvm->arch.vpit->pit_state;
106		106
		107	if (!ps->pit_timer.period)
		108	return 0;
		109
107	/*	110	/*
108	* The Counter does not stop when it reaches zero. In	111	* The Counter does not stop when it reaches zero. In
109	* Modes 0, 1, 4, and 5 the Counter ``wraps around'' to	112	* Modes 0, 1, 4, and 5 the Counter ``wraps around'' to


diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index 7030b5f911bf..0ef5bb2b4043 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c
@@ -489,16 +489,20 @@ static unsigned long gfn_to_rmap(struct kvm kvm, gfn_t gfn, int lpage)
489	*	489	*
490	* If rmapp bit zero is one, (then rmap & ~1) points to a struct kvm_rmap_desc	490	* If rmapp bit zero is one, (then rmap & ~1) points to a struct kvm_rmap_desc
491	* containing more mappings.	491	* containing more mappings.
		492	*
		493	* Returns the number of rmap entries before the spte was added or zero if
		494	* the spte was not added.
		495	*
492	*/	496	*/
493	static void rmap_add(struct kvm_vcpu vcpu, u64 spte, gfn_t gfn, int lpage)	497	static int rmap_add(struct kvm_vcpu vcpu, u64 spte, gfn_t gfn, int lpage)
494	{	498	{
495	struct kvm_mmu_page *sp;	499	struct kvm_mmu_page *sp;
496	struct kvm_rmap_desc *desc;	500	struct kvm_rmap_desc *desc;
497	unsigned long *rmapp;	501	unsigned long *rmapp;
498	int i;	502	int i, count = 0;
499		503
500	if (!is_rmap_pte(*spte))	504	if (!is_rmap_pte(*spte))
501	return;	505	return count;
502	gfn = unalias_gfn(vcpu->kvm, gfn);	506	gfn = unalias_gfn(vcpu->kvm, gfn);
503	sp = page_header(__pa(spte));	507	sp = page_header(__pa(spte));
504	sp->gfns[spte - sp->spt] = gfn;	508	sp->gfns[spte - sp->spt] = gfn;
@@ -515,8 +519,10 @@ static void rmap_add(struct kvm_vcpu vcpu, u64 spte, gfn_t gfn, int lpage)
515	} else {	519	} else {
516	rmap_printk("rmap_add: %p %llx many->many\n", spte, *spte);	520	rmap_printk("rmap_add: %p %llx many->many\n", spte, *spte);
517	desc = (struct kvm_rmap_desc )(rmapp & ~1ul);	521	desc = (struct kvm_rmap_desc )(rmapp & ~1ul);
518	while (desc->shadow_ptes[RMAP_EXT-1] && desc->more)	522	while (desc->shadow_ptes[RMAP_EXT-1] && desc->more) {
519	desc = desc->more;	523	desc = desc->more;
		524	count += RMAP_EXT;
		525	}
520	if (desc->shadow_ptes[RMAP_EXT-1]) {	526	if (desc->shadow_ptes[RMAP_EXT-1]) {
521	desc->more = mmu_alloc_rmap_desc(vcpu);	527	desc->more = mmu_alloc_rmap_desc(vcpu);
522	desc = desc->more;	528	desc = desc->more;
@@ -525,6 +531,7 @@ static void rmap_add(struct kvm_vcpu vcpu, u64 spte, gfn_t gfn, int lpage)
525	;	531	;
526	desc->shadow_ptes[i] = spte;	532	desc->shadow_ptes[i] = spte;
527	}	533	}
		534	return count;
528	}	535	}
529		536
530	static void rmap_desc_remove_entry(unsigned long *rmapp,	537	static void rmap_desc_remove_entry(unsigned long *rmapp,
@@ -754,6 +761,19 @@ static int kvm_age_rmapp(struct kvm kvm, unsigned long rmapp)
754	return young;	761	return young;
755	}	762	}
756		763
		764	#define RMAP_RECYCLE_THRESHOLD 1000
		765
		766	static void rmap_recycle(struct kvm_vcpu *vcpu, gfn_t gfn, int lpage)
		767	{
		768	unsigned long *rmapp;
		769
		770	gfn = unalias_gfn(vcpu->kvm, gfn);
		771	rmapp = gfn_to_rmap(vcpu->kvm, gfn, lpage);
		772
		773	kvm_unmap_rmapp(vcpu->kvm, rmapp);
		774	kvm_flush_remote_tlbs(vcpu->kvm);
		775	}
		776
757	int kvm_age_hva(struct kvm *kvm, unsigned long hva)	777	int kvm_age_hva(struct kvm *kvm, unsigned long hva)
758	{	778	{
759	return kvm_handle_hva(kvm, hva, kvm_age_rmapp);	779	return kvm_handle_hva(kvm, hva, kvm_age_rmapp);
@@ -1407,24 +1427,25 @@ static int kvm_mmu_zap_page(struct kvm kvm, struct kvm_mmu_page sp)
1407	*/	1427	*/
1408	void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages)	1428	void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages)
1409	{	1429	{
		1430	int used_pages;
		1431
		1432	used_pages = kvm->arch.n_alloc_mmu_pages - kvm->arch.n_free_mmu_pages;
		1433	used_pages = max(0, used_pages);
		1434
1410	/*	1435	/*
1411	* If we set the number of mmu pages to be smaller be than the	1436	* If we set the number of mmu pages to be smaller be than the
1412	* number of actived pages , we must to free some mmu pages before we	1437	* number of actived pages , we must to free some mmu pages before we
1413	* change the value	1438	* change the value
1414	*/	1439	*/
1415		1440
1416	if ((kvm->arch.n_alloc_mmu_pages - kvm->arch.n_free_mmu_pages) >	1441	if (used_pages > kvm_nr_mmu_pages) {
1417	kvm_nr_mmu_pages) {	1442	while (used_pages > kvm_nr_mmu_pages) {
1418	int n_used_mmu_pages = kvm->arch.n_alloc_mmu_pages
1419	- kvm->arch.n_free_mmu_pages;
1420
1421	while (n_used_mmu_pages > kvm_nr_mmu_pages) {
1422	struct kvm_mmu_page *page;	1443	struct kvm_mmu_page *page;
1423		1444
1424	page = container_of(kvm->arch.active_mmu_pages.prev,	1445	page = container_of(kvm->arch.active_mmu_pages.prev,
1425	struct kvm_mmu_page, link);	1446	struct kvm_mmu_page, link);
1426	kvm_mmu_zap_page(kvm, page);	1447	kvm_mmu_zap_page(kvm, page);
1427	n_used_mmu_pages--;	1448	used_pages--;
1428	}	1449	}
1429	kvm->arch.n_free_mmu_pages = 0;	1450	kvm->arch.n_free_mmu_pages = 0;
1430	}	1451	}
@@ -1740,6 +1761,7 @@ static void mmu_set_spte(struct kvm_vcpu vcpu, u64 shadow_pte,
1740	{	1761	{
1741	int was_rmapped = 0;	1762	int was_rmapped = 0;
1742	int was_writeble = is_writeble_pte(*shadow_pte);	1763	int was_writeble = is_writeble_pte(*shadow_pte);
		1764	int rmap_count;
1743		1765
1744	pgprintk("%s: spte %llx access %x write_fault %d"	1766	pgprintk("%s: spte %llx access %x write_fault %d"
1745	" user_fault %d gfn %lx\n",	1767	" user_fault %d gfn %lx\n",
@@ -1781,9 +1803,11 @@ static void mmu_set_spte(struct kvm_vcpu vcpu, u64 shadow_pte,
1781		1803
1782	page_header_update_slot(vcpu->kvm, shadow_pte, gfn);	1804	page_header_update_slot(vcpu->kvm, shadow_pte, gfn);
1783	if (!was_rmapped) {	1805	if (!was_rmapped) {
1784	rmap_add(vcpu, shadow_pte, gfn, largepage);	1806	rmap_count = rmap_add(vcpu, shadow_pte, gfn, largepage);
1785	if (!is_rmap_pte(*shadow_pte))	1807	if (!is_rmap_pte(*shadow_pte))
1786	kvm_release_pfn_clean(pfn);	1808	kvm_release_pfn_clean(pfn);
		1809	if (rmap_count > RMAP_RECYCLE_THRESHOLD)
		1810	rmap_recycle(vcpu, gfn, largepage);
1787	} else {	1811	} else {
1788	if (was_writeble)	1812	if (was_writeble)
1789	kvm_release_pfn_dirty(pfn);	1813	kvm_release_pfn_dirty(pfn);


diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 71510e07e69e..b1f658ad2f06 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c
@@ -711,6 +711,7 @@ static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
711	svm->vmcb->control.tsc_offset += delta;	711	svm->vmcb->control.tsc_offset += delta;
712	vcpu->cpu = cpu;	712	vcpu->cpu = cpu;
713	kvm_migrate_timers(vcpu);	713	kvm_migrate_timers(vcpu);
		714	svm->asid_generation = 0;
714	}	715	}
715		716
716	for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++)	717	for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++)
@@ -1031,7 +1032,6 @@ static void new_asid(struct vcpu_svm svm, struct svm_cpu_data svm_data)
1031	svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ALL_ASID;	1032	svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ALL_ASID;
1032	}	1033	}
1033		1034
1034	svm->vcpu.cpu = svm_data->cpu;
1035	svm->asid_generation = svm_data->asid_generation;	1035	svm->asid_generation = svm_data->asid_generation;
1036	svm->vmcb->control.asid = svm_data->next_asid++;	1036	svm->vmcb->control.asid = svm_data->next_asid++;
1037	}	1037	}
@@ -2300,8 +2300,8 @@ static void pre_svm_run(struct vcpu_svm *svm)
2300	struct svm_cpu_data *svm_data = per_cpu(svm_data, cpu);	2300	struct svm_cpu_data *svm_data = per_cpu(svm_data, cpu);
2301		2301
2302	svm->vmcb->control.tlb_ctl = TLB_CONTROL_DO_NOTHING;	2302	svm->vmcb->control.tlb_ctl = TLB_CONTROL_DO_NOTHING;
2303	if (svm->vcpu.cpu != cpu \|\|	2303	/* FIXME: handle wraparound of asid_generation */
2304	svm->asid_generation != svm_data->asid_generation)	2304	if (svm->asid_generation != svm_data->asid_generation)
2305	new_asid(svm, svm_data);	2305	new_asid(svm, svm_data);
2306	}	2306	}
2307		2307


diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 356a0ce85c68..29f912927a58 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c
@@ -3157,8 +3157,8 @@ static void handle_invalid_guest_state(struct kvm_vcpu *vcpu,
3157	struct vcpu_vmx *vmx = to_vmx(vcpu);	3157	struct vcpu_vmx *vmx = to_vmx(vcpu);
3158	enum emulation_result err = EMULATE_DONE;	3158	enum emulation_result err = EMULATE_DONE;
3159		3159
3160	preempt_enable();
3161	local_irq_enable();	3160	local_irq_enable();
		3161	preempt_enable();
3162		3162
3163	while (!guest_state_valid(vcpu)) {	3163	while (!guest_state_valid(vcpu)) {
3164	err = emulate_instruction(vcpu, kvm_run, 0, 0, 0);	3164	err = emulate_instruction(vcpu, kvm_run, 0, 0, 0);
@@ -3168,7 +3168,7 @@ static void handle_invalid_guest_state(struct kvm_vcpu *vcpu,
3168		3168
3169	if (err != EMULATE_DONE) {	3169	if (err != EMULATE_DONE) {
3170	kvm_report_emulation_failure(vcpu, "emulation failure");	3170	kvm_report_emulation_failure(vcpu, "emulation failure");
3171	return;	3171	break;
3172	}	3172	}
3173		3173
3174	if (signal_pending(current))	3174	if (signal_pending(current))
@@ -3177,8 +3177,8 @@ static void handle_invalid_guest_state(struct kvm_vcpu *vcpu,
3177	schedule();	3177	schedule();
3178	}	3178	}
3179		3179
3180	local_irq_disable();
3181	preempt_disable();	3180	preempt_disable();
		3181	local_irq_disable();
3182		3182
3183	vmx->invalid_state_emulation_result = err;	3183	vmx->invalid_state_emulation_result = err;
3184	}	3184	}


diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index fe5474aec41a..3d4529011828 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c
@@ -704,11 +704,48 @@ static bool msr_mtrr_valid(unsigned msr)
704	return false;	704	return false;
705	}	705	}
706		706
		707	static bool valid_pat_type(unsigned t)
		708	{
		709	return t < 8 && (1 << t) & 0xf3; /* 0, 1, 4, 5, 6, 7 */
		710	}
		711
		712	static bool valid_mtrr_type(unsigned t)
		713	{
		714	return t < 8 && (1 << t) & 0x73; /* 0, 1, 4, 5, 6 */
		715	}
		716
		717	static bool mtrr_valid(struct kvm_vcpu *vcpu, u32 msr, u64 data)
		718	{
		719	int i;
		720
		721	if (!msr_mtrr_valid(msr))
		722	return false;
		723
		724	if (msr == MSR_IA32_CR_PAT) {
		725	for (i = 0; i < 8; i++)
		726	if (!valid_pat_type((data >> (i * 8)) & 0xff))
		727	return false;
		728	return true;
		729	} else if (msr == MSR_MTRRdefType) {
		730	if (data & ~0xcff)
		731	return false;
		732	return valid_mtrr_type(data & 0xff);
		733	} else if (msr >= MSR_MTRRfix64K_00000 && msr <= MSR_MTRRfix4K_F8000) {
		734	for (i = 0; i < 8 ; i++)
		735	if (!valid_mtrr_type((data >> (i * 8)) & 0xff))
		736	return false;
		737	return true;
		738	}
		739
		740	/* variable MTRRs */
		741	return valid_mtrr_type(data & 0xff);
		742	}
		743
707	static int set_msr_mtrr(struct kvm_vcpu *vcpu, u32 msr, u64 data)	744	static int set_msr_mtrr(struct kvm_vcpu *vcpu, u32 msr, u64 data)
708	{	745	{
709	u64 p = (u64 )&vcpu->arch.mtrr_state.fixed_ranges;	746	u64 p = (u64 )&vcpu->arch.mtrr_state.fixed_ranges;
710		747
711	if (!msr_mtrr_valid(msr))	748	if (!mtrr_valid(vcpu, msr, data))
712	return 1;	749	return 1;
713		750
714	if (msr == MSR_MTRRdefType) {	751	if (msr == MSR_MTRRdefType) {
@@ -1079,14 +1116,13 @@ long kvm_arch_dev_ioctl(struct file *filp,
1079	if (copy_to_user(user_msr_list, &msr_list, sizeof msr_list))	1116	if (copy_to_user(user_msr_list, &msr_list, sizeof msr_list))
1080	goto out;	1117	goto out;
1081	r = -E2BIG;	1118	r = -E2BIG;
1082	if (n < num_msrs_to_save)	1119	if (n < msr_list.nmsrs)
1083	goto out;	1120	goto out;
1084	r = -EFAULT;	1121	r = -EFAULT;
1085	if (copy_to_user(user_msr_list->indices, &msrs_to_save,	1122	if (copy_to_user(user_msr_list->indices, &msrs_to_save,
1086	num_msrs_to_save * sizeof(u32)))	1123	num_msrs_to_save * sizeof(u32)))
1087	goto out;	1124	goto out;
1088	if (copy_to_user(user_msr_list->indices	1125	if (copy_to_user(user_msr_list->indices + num_msrs_to_save,
1089	+ num_msrs_to_save * sizeof(u32),
1090	&emulated_msrs,	1126	&emulated_msrs,
1091	ARRAY_SIZE(emulated_msrs) * sizeof(u32)))	1127	ARRAY_SIZE(emulated_msrs) * sizeof(u32)))
1092	goto out;	1128	goto out;