/*
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to
 * deal in the Software without restriction, including without limitation the
 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
 * sell copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 * DEALINGS IN THE SOFTWARE.
 */

#ifndef __XEN_PUBLIC_HVM_PARAMS_H__
#define __XEN_PUBLIC_HVM_PARAMS_H__

#include <xen/interface/hvm/hvm_op.h>

/*
 * Parameter space for HVMOP_{set,get}_param.
 */

#define HVM_PARAM_CALLBACK_IRQ 0
/*
 * How should CPU0 event-channel notifications be delivered?
 *
 * If val == 0 then CPU0 event-channel notifications are not delivered.
 * If val != 0, val[63:56] encodes the type, as follows:
 */

#define HVM_PARAM_CALLBACK_TYPE_GSI      0
/*
 * val[55:0] is a delivery GSI.  GSI 0 cannot be used, as it aliases val == 0,
 * and disables all notifications.
 */

#define HVM_PARAM_CALLBACK_TYPE_PCI_INTX 1
/*
 * val[55:0] is a delivery PCI INTx line:
 * Domain = val[47:32], Bus = val[31:16] DevFn = val[15:8], IntX = val[1:0]
 */

#if defined(__i386__) || defined(__x86_64__)
#define HVM_PARAM_CALLBACK_TYPE_VECTOR   2
/*
 * val[7:0] is a vector number.  Check for XENFEAT_hvm_callback_vector to know
 * if this delivery method is available.
 */
#elif defined(__arm__) || defined(__aarch64__)
#define HVM_PARAM_CALLBACK_TYPE_PPI      2
/*
 * val[55:16] needs to be zero.
 * val[15:8] is interrupt flag of the PPI used by event-channel:
 *  bit 8: the PPI is edge(1) or level(0) triggered
 *  bit 9: the PPI is active low(1) or high(0)
 * val[7:0] is a PPI number used by event-channel.
 * This is only used by ARM/ARM64 and masking/eoi the interrupt associated to
 * the notification is handled by the interrupt controller.
 */
#endif

#define HVM_PARAM_STORE_PFN    1
#define HVM_PARAM_STORE_EVTCHN 2

#define HVM_PARAM_PAE_ENABLED  4

#define HVM_PARAM_IOREQ_PFN    5

#define HVM_PARAM_BUFIOREQ_PFN 6

/*
 * Set mode for virtual timers (currently x86 only):
 *  delay_for_missed_ticks (default):
 *   Do not advance a vcpu's time beyond the correct delivery time for
 *   interrupts that have been missed due to preemption. Deliver missed
 *   interrupts when the vcpu is rescheduled and advance the vcpu's virtual
 *   time stepwise for each one.
 *  no_delay_for_missed_ticks:
 *   As above, missed interrupts are delivered, but guest time always tracks
 *   wallclock (i.e., real) time while doing so.
 *  no_missed_ticks_pending:
 *   No missed interrupts are held pending. Instead, to ensure ticks are
 *   delivered at some non-zero rate, if we detect missed ticks then the
 *   internal tick alarm is not disabled if the VCPU is preempted during the
 *   next tick period.
 *  one_missed_tick_pending:
 *   Missed interrupts are collapsed together and delivered as one 'late tick'.
 *   Guest time always tracks wallclock (i.e., real) time.
 */
#define HVM_PARAM_TIMER_MODE   10
#define HVMPTM_delay_for_missed_ticks    0
#define HVMPTM_no_delay_for_missed_ticks 1
#define HVMPTM_no_missed_ticks_pending   2
#define HVMPTM_one_missed_tick_pending   3

/* Boolean: Enable virtual HPET (high-precision event timer)? (x86-only) */
#define HVM_PARAM_HPET_ENABLED 11

/* Identity-map page directory used by Intel EPT when CR0.PG=0. */
#define HVM_PARAM_IDENT_PT     12

/* Device Model domain, defaults to 0. */
#define HVM_PARAM_DM_DOMAIN    13

/* ACPI S state: currently support S0 and S3 on x86. */
#define HVM_PARAM_ACPI_S_STATE 14

/* TSS used on Intel when CR0.PE=0. */
#define HVM_PARAM_VM86_TSS     15

/* Boolean: Enable aligning all periodic vpts to reduce interrupts */
#define HVM_PARAM_VPT_ALIGN    16

/* Console debug shared memory ring and event channel */
#define HVM_PARAM_CONSOLE_PFN    17
#define HVM_PARAM_CONSOLE_EVTCHN 18

#define HVM_NR_PARAMS          19

#endif /* __XEN_PUBLIC_HVM_PARAMS_H__ */
2017-01-26 16:39:55 +0100</td></tr>
<tr><th>committer</th><td>Ingo Molnar &lt;mingo@kernel.org&gt;</td><td class='right'>2017-01-30 11:41:25 +0100</td></tr>
<tr><th>commit</th><td colspan='2' class='oid'><a href='/cgit.cgi/linux/net-next.git/commit/include/scsi/viosrp.h?id=a76a82a3e38c8d3fb6499e3dfaeb0949241ab588'>a76a82a3e38c8d3fb6499e3dfaeb0949241ab588</a> (<a href='/cgit.cgi/linux/net-next.git/patch/include/scsi/viosrp.h?id=a76a82a3e38c8d3fb6499e3dfaeb0949241ab588'>patch</a>)</td></tr>
<tr><th>tree</th><td colspan='2' class='oid'><a href='/cgit.cgi/linux/net-next.git/tree/?id=a76a82a3e38c8d3fb6499e3dfaeb0949241ab588'>b5bc906278fe1ac66d75de984d26bf59b43b3ed8</a> /<a href='/cgit.cgi/linux/net-next.git/tree/include/scsi/viosrp.h?id=a76a82a3e38c8d3fb6499e3dfaeb0949241ab588'>include/scsi/viosrp.h</a></td></tr>
<tr><th>parent</th><td colspan='2' class='oid'><a href='/cgit.cgi/linux/net-next.git/commit/include/scsi/viosrp.h?id=566cf877a1fcb6d6dc0126b076aad062054c2637'>566cf877a1fcb6d6dc0126b076aad062054c2637</a> (<a href='/cgit.cgi/linux/net-next.git/diff/include/scsi/viosrp.h?id=a76a82a3e38c8d3fb6499e3dfaeb0949241ab588&amp;id2=566cf877a1fcb6d6dc0126b076aad062054c2637'>diff</a>)</td></tr></table>
<div class='commit-subject'>perf/core: Fix use-after-free bug</div><div class='commit-msg'>Dmitry reported a KASAN use-after-free on event-&gt;group_leader.

It turns out there's a hole in perf_remove_from_context() due to
event_function_call() not calling its function when the task
associated with the event is already dead.

In this case the event will have been detached from the task, but the
grouping will have been retained, such that group operations might
still work properly while there are live child events etc.

This does however mean that we can miss a perf_group_detach() call
when the group decomposes, this in turn can then lead to
use-after-free.

Fix it by explicitly doing the group detach if its still required.

Reported-by: Dmitry Vyukov &lt;dvyukov@google.com&gt;
Tested-by: Dmitry Vyukov &lt;dvyukov@google.com&gt;
Signed-off-by: Peter Zijlstra (Intel) &lt;peterz@infradead.org&gt;
Cc: Alexander Shishkin &lt;alexander.shishkin@linux.intel.com&gt;
Cc: Arnaldo Carvalho de Melo &lt;acme@kernel.org&gt;
Cc: Arnaldo Carvalho de Melo &lt;acme@redhat.com&gt;
Cc: Jiri Olsa &lt;jolsa@redhat.com&gt;
Cc: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Cc: Mathieu Desnoyers &lt;mathieu.desnoyers@efficios.com&gt;
Cc: Peter Zijlstra &lt;peterz@infradead.org&gt;
Cc: Thomas Gleixner &lt;tglx@linutronix.de&gt;
Cc: stable@vger.kernel.org # v4.5+
Cc: syzkaller &lt;syzkaller@googlegroups.com&gt;
Fixes: 63b6da39bb38 ("perf: Fix perf_event_exit_task() race")
Link: http://lkml.kernel.org/r/20170126153955.GD6515@twins.programming.kicks-ass.net
Signed-off-by: Ingo Molnar &lt;mingo@kernel.org&gt;
</div><div class='diffstat-header'><a href='/cgit.cgi/linux/net-next.git/diff/?id=a76a82a3e38c8d3fb6499e3dfaeb0949241ab588'>Diffstat</a> (limited to 'include/scsi/viosrp.h')</div><table summary='diffstat' class='diffstat'>