~vicamo/+git/ubuntu-kernel:bug-1853219/add-intel_thermal_pch-driver-for-CML-H/unstable

Last commit made on 2020-02-10
Get this branch:
git clone -b bug-1853219/add-intel_thermal_pch-driver-for-CML-H/unstable https://git.launchpad.net/~vicamo/+git/ubuntu-kernel
Only You-Sheng Yang can upload to this branch. If you are You-Sheng Yang please log in for upload directions.

Branch merges

Branch information

Name:
bug-1853219/add-intel_thermal_pch-driver-for-CML-H/unstable
Repository:
lp:~vicamo/+git/ubuntu-kernel

Recent commits

36fa2ea... by You-Sheng Yang

Bug 1853219: Add intel_thermal_pch driver support Comet Lake -H

a234642... by Gayatri Kammela <email address hidden>

thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support

Add Comet Lake to the list of the platforms to support intel_pch_thermal
driver.

Cc: Zhang rui <email address hidden>
Cc: Srinivas Pandruvada <email address hidden>
Signed-off-by: Gayatri Kammela <email address hidden>
Acked-by: Zhang Rui <email address hidden>
Signed-off-by: Daniel Lezcano <email address hidden>
Link: https://<email address hidden>
(cherry picked from commit 35709c4ee772afc3818cd6d42d123d608feeaa33)
Signed-off-by: You-Sheng Yang <email address hidden>

05a2114... by Boris Ostrovsky

UBUNTU: SAUCE: x86/KVM: Clean up host's steal time structure

CVE-2019-3016

Now that we are mapping kvm_steal_time from the guest directly we
don't need keep a copy of it in kvm_vcpu_arch.st. The same is true
for the stime field.

This is part of CVE-2019-3016.

Signed-off-by: Boris Ostrovsky <email address hidden>
Reviewed-by: Joao Martins <email address hidden>
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Signed-off-by: Seth Forshee <email address hidden>

d79daea... by Boris Ostrovsky

UBUNTU: SAUCE: x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed

CVE-2019-3016

There is a potential race in record_steal_time() between setting
host-local vcpu->arch.st.steal.preempted to zero (i.e. clearing
KVM_VCPU_PREEMPTED) and propagating this value to the guest with
kvm_write_guest_cached(). Between those two events the guest may
still see KVM_VCPU_PREEMPTED in its copy of kvm_steal_time, set
KVM_VCPU_FLUSH_TLB and assume that hypervisor will do the right
thing. Which it won't.

Instad of copying, we should map kvm_steal_time and that will
guarantee atomicity of accesses to @preempted.

This is part of CVE-2019-3016.

Signed-off-by: Boris Ostrovsky <email address hidden>
Reviewed-by: Joao Martins <email address hidden>
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Signed-off-by: Seth Forshee <email address hidden>

16f7ec8... by Boris Ostrovsky

UBUNTU: SAUCE: x86/kvm: Cache gfn to pfn translation

CVE-2019-3016

__kvm_map_gfn()'s call to gfn_to_pfn_memslot() is
* relatively expensive
* in certain cases (such as when done from atomic context) cannot be called

Stashing gfn-to-pfn mapping should help with both cases.

This is part of CVE-2019-3016.

Signed-off-by: Boris Ostrovsky <email address hidden>
Reviewed-by: Joao Martins <email address hidden>
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Signed-off-by: Seth Forshee <email address hidden>

40af4ea... by Boris Ostrovsky

UBUNTU: SAUCE: x86/kvm: Introduce kvm_(un)map_gfn()

CVE-2019-3016

kvm_vcpu_(un)map operates on gfns from any current address space.
In certain cases we want to make sure we are not mapping SMRAM
and for that we can use kvm_(un)map_gfn() that we are introducing
in this patch.

This is part of CVE-2019-3016.

Signed-off-by: Paolo Bonzini <email address hidden>
Signed-off-by: Boris Ostrovsky <email address hidden>
Reviewed-by: Joao Martins <email address hidden>
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Signed-off-by: Seth Forshee <email address hidden>

d1d884a... by Boris Ostrovsky

UBUNTU: SAUCE: x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit

CVE-2019-3016

kvm_steal_time_set_preempted() may accidentally clear KVM_VCPU_FLUSH_TLB
bit if it is called more than once while VCPU is preempted.

This is part of CVE-2019-3016.

(This bug was also independently discovered by Jim Mattson
<email address hidden>)

Signed-off-by: Boris Ostrovsky <email address hidden>
Reviewed-by: Joao Martins <email address hidden>
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Signed-off-by: Seth Forshee <email address hidden>

fa00ac5... by Marcelo Cerri

UBUNTU: [Packaging] Add systemd service to load intel_sgx

BugLink: https://bugs.launchpad.net/bugs/1844245

Include a systemd service to simplify the process of loading intel_sgx
during the boot if the user decides to do so.

Since intel_sgx will only be available in linux-azure, restrict the
new service with ConditionVirtualization=microsoft.

Signed-off-by: Marcelo Henrique Cerri <email address hidden>
Acked-by: Connor Kuehl <email address hidden>
Acked-by: Andy Whitcroft <email address hidden>
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Seth Forshee <email address hidden>

91d74a2... by Paolo Pisati

UBUNTU: [Config] CRYPTO_DEV_QAT_C3XXX=m, CRYPTO_DEV_QAT_C62X=m and CRYPTO_DEV_QAT_DH895xCC=m

BugLink: https://bugs.launchpad.net/bugs/1845959

Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Seth Forshee <email address hidden>

6945e70... by Stefan Bader

UBUNTU: SAUCE: blk/core: Gracefully handle unset make_request_fn

BugLink: https://bugs.launchpad.net/bugs/1860231

When device-mapper adapted for multi-queue functionality, they
also re-organized the way the make-request function was set.
Before, this happened when the device-mapper logical device was
created. Now it is done once the mapping table gets loaded the
first time (this also decides whether the block device is request
or bio based).

However in generic_make_request(), the request function gets used
without further checks and this happens if one tries to mount such
a partially set up device.

This can easily be reproduced with the following steps:
 - dmsetup create -n test
 - mount /dev/dm-<#> /mnt

This maybe is something which also should be fixed up in device-
mapper. But given there is already a check for an unset queue
pointer and potentially there could be other drivers which do or
might do the same, it sounds like a good move to add another check
to generic_make_request_checks() and to bail out if the request
function has not been set, yet.

Fixes: ff36ab34583a ("dm: remove request-based logic from make_request_fn wrapper")
Signed-off-by: Stefan Bader <email address hidden>
Acked-by: Andrea Righi <email address hidden>
Acked-by: Colin Ian King <email address hidden>
Signed-off-by: Seth Forshee <email address hidden>