--- /dev/null
+From 31b239ad1ba7225435e13f5afc47e48eb674c0cc Mon Sep 17 00:00:00 2001
+From: Tejun Heo <tj@kernel.org>
+Date: Thu, 17 Sep 2009 00:34:39 +0900
+Subject: ahci: restore pci_intx() handling
+
+From: Tejun Heo <tj@kernel.org>
+
+commit 31b239ad1ba7225435e13f5afc47e48eb674c0cc upstream.
+
+Commit a5bfc4714b3f01365aef89a92673f2ceb1ccf246 dropped explicit
+pci_intx() manipulation from ahci because it seemed unnecessary and
+ahci doesn't seem to be the right place to be tweaking it if it were.
+This was largely okay but there are exceptions. There was one on an
+embedded platform which was fixed via firmware and now bko#14124
+reports it on a HP DL320.
+
+ http://bugzilla.kernel.org/show_bug.cgi?id=14124
+
+I still think this isn't something libata drivers should be caring
+about (the only ones which are calling pci_intx() explicitly are
+libata ones and one other driver) but for now reverting the change
+seems to be the right thing to do.
+
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Reported-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
+Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/ata/ahci.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/ata/ahci.c
++++ b/drivers/ata/ahci.c
+@@ -2744,8 +2744,8 @@ static int ahci_init_one(struct pci_dev
+ if (board_id == board_ahci_sb700 && pdev->revision >= 0x40)
+ hpriv->flags &= ~AHCI_HFLAG_IGN_SERR_INTERNAL;
+
+- if (!(hpriv->flags & AHCI_HFLAG_NO_MSI))
+- pci_enable_msi(pdev);
++ if ((hpriv->flags & AHCI_HFLAG_NO_MSI) || pci_enable_msi(pdev))
++ pci_intx(pdev, 1);
+
+ /* save initial config */
+ ahci_save_initial_config(pdev, hpriv);
--- /dev/null
+From mtosatti@redhat.com Wed Sep 30 16:23:18 2009
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Fri, 18 Sep 2009 20:08:07 -0300
+Subject: KVM: fix cpuid E2BIG handling for extended request types
+To: stable@kernel.org
+Cc: Mark McLoughlin <markmc@redhat.com>, avi@redhat.com
+Message-ID: <1253315287-12229-10-git-send-email-mtosatti@redhat.com>
+
+
+From: Mark McLoughlin <markmc@redhat.com>
+
+(cherry picked from commit cb007648de83cf226d69ec76e1c01848b4e8e49f)
+
+If we run out of cpuid entries for extended request types
+we should return -E2BIG, just like we do for the standard
+request types.
+
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ arch/x86/kvm/x86.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -1438,6 +1438,10 @@ static int kvm_dev_ioctl_get_supported_c
+ for (func = 0x80000001; func <= limit && nent < cpuid->nent; ++func)
+ do_cpuid_ent(&cpuid_entries[nent], func, 0,
+ &nent, cpuid->nent);
++ r = -E2BIG;
++ if (nent >= cpuid->nent)
++ goto out_free;
++
+ r = -EFAULT;
+ if (copy_to_user(entries, cpuid_entries,
+ nent * sizeof(struct kvm_cpuid_entry2)))
--- /dev/null
+From mtosatti@redhat.com Wed Sep 30 16:22:59 2009
+From: Glauber Costa <glommer@redhat.com>
+Date: Fri, 18 Sep 2009 20:08:06 -0300
+Subject: KVM guest: fix bogus wallclock physical address calculation
+To: stable@kernel.org
+Cc: Glauber Costa <glommer@redhat.com>, avi@redhat.com
+Message-ID: <1253315287-12229-9-git-send-email-mtosatti@redhat.com>
+
+
+From: Glauber Costa <glommer@redhat.com>
+
+(cherry picked from commit a20316d2aa41a8f4fd171648bad8f044f6060826)
+
+The use of __pa() to calculate the address of a C-visible symbol
+is wrong, and can lead to unpredictable results. See arch/x86/include/asm/page.h
+for details.
+
+It should be replaced with __pa_symbol(), that does the correct math here,
+by taking relocations into account. This ensures the correct wallclock data
+structure physical address is passed to the hypervisor.
+
+Signed-off-by: Glauber Costa <glommer@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ arch/x86/kernel/kvmclock.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kernel/kvmclock.c
++++ b/arch/x86/kernel/kvmclock.c
+@@ -50,8 +50,8 @@ static unsigned long kvm_get_wallclock(v
+ struct timespec ts;
+ int low, high;
+
+- low = (int)__pa(&wall_clock);
+- high = ((u64)__pa(&wall_clock) >> 32);
++ low = (int)__pa_symbol(&wall_clock);
++ high = ((u64)__pa_symbol(&wall_clock) >> 32);
+ native_write_msr(MSR_KVM_WALL_CLOCK, low, high);
+
+ vcpu_time = &get_cpu_var(hv_clock);
--- /dev/null
+From mtosatti@redhat.com Wed Sep 30 16:22:41 2009
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Fri, 18 Sep 2009 20:08:05 -0300
+Subject: KVM: limit lapic periodic timer frequency
+To: stable@kernel.org
+Cc: Marcelo Tosatti <mtosatti@redhat.com>, avi@redhat.com
+Message-ID: <1253315287-12229-8-git-send-email-mtosatti@redhat.com>
+
+From: Marcelo Tosatti <mtosatti@redhat.com>
+
+(cherry picked from commit 1444885a045fe3b1905a14ea1b52540bf556578b)
+
+Otherwise its possible to starve the host by programming lapic timer
+with a very high frequency.
+
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/lapic.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/arch/x86/kvm/lapic.c
++++ b/arch/x86/kvm/lapic.c
+@@ -635,6 +635,15 @@ static void start_apic_timer(struct kvm_
+
+ if (!apic->timer.period)
+ return;
++ /*
++ * Do not allow the guest to program periodic timers with small
++ * interval, since the hrtimers are not throttled by the host
++ * scheduler.
++ */
++ if (apic_lvtt_period(apic)) {
++ if (apic->timer.period < NSEC_PER_MSEC/2)
++ apic->timer.period = NSEC_PER_MSEC/2;
++ }
+
+ hrtimer_start(&apic->timer.dev,
+ ktime_add_ns(now, apic->timer.period),
--- /dev/null
+From mtosatti@redhat.com Wed Sep 30 16:22:20 2009
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Fri, 18 Sep 2009 20:08:04 -0300
+Subject: KVM: MMU: fix bogus alloc_mmu_pages assignment
+To: stable@kernel.org
+Cc: Marcelo Tosatti <mtosatti@redhat.com>, avi@redhat.com
+Message-ID: <1253315287-12229-7-git-send-email-mtosatti@redhat.com>
+
+From: Marcelo Tosatti <mtosatti@redhat.com>
+
+(cherry picked from commit b90c062c65cc8839edfac39778a37a55ca9bda36)
+
+Remove the bogus n_free_mmu_pages assignment from alloc_mmu_pages.
+
+It breaks accounting of mmu pages, since n_free_mmu_pages is modified
+but the real number of pages remains the same.
+
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/mmu.c | 8 --------
+ 1 file changed, 8 deletions(-)
+
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -2692,14 +2692,6 @@ static int alloc_mmu_pages(struct kvm_vc
+
+ ASSERT(vcpu);
+
+- spin_lock(&vcpu->kvm->mmu_lock);
+- if (vcpu->kvm->arch.n_requested_mmu_pages)
+- vcpu->kvm->arch.n_free_mmu_pages =
+- vcpu->kvm->arch.n_requested_mmu_pages;
+- else
+- vcpu->kvm->arch.n_free_mmu_pages =
+- vcpu->kvm->arch.n_alloc_mmu_pages;
+- spin_unlock(&vcpu->kvm->mmu_lock);
+ /*
+ * When emulating 32-bit mode, cr3 is only 32 bits even on x86_64.
+ * Therefore we need to allocate shadow page tables in the first
--- /dev/null
+From mtosatti@redhat.com Wed Sep 30 16:22:02 2009
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Fri, 18 Sep 2009 20:08:03 -0300
+Subject: KVM: MMU: fix missing locking in alloc_mmu_pages
+To: stable@kernel.org
+Cc: Marcelo Tosatti <mtosatti@redhat.com>, avi@redhat.com
+Message-ID: <1253315287-12229-6-git-send-email-mtosatti@redhat.com>
+
+From: Marcelo Tosatti <mtosatti@redhat.com>
+
+(cherry picked from commit 6a1ac77110ee3e8d8dfdef8442f3b30b3d83e6a2)
+
+n_requested_mmu_pages/n_free_mmu_pages are used by
+kvm_mmu_change_mmu_pages to calculate the number of pages to zap.
+
+alloc_mmu_pages, called from the vcpu initialization path, modifies this
+variables without proper locking, which can result in a negative value
+in kvm_mmu_change_mmu_pages (say, with cpu hotplug).
+
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ arch/x86/kvm/mmu.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -2692,12 +2692,14 @@ static int alloc_mmu_pages(struct kvm_vc
+
+ ASSERT(vcpu);
+
++ spin_lock(&vcpu->kvm->mmu_lock);
+ if (vcpu->kvm->arch.n_requested_mmu_pages)
+ vcpu->kvm->arch.n_free_mmu_pages =
+ vcpu->kvm->arch.n_requested_mmu_pages;
+ else
+ vcpu->kvm->arch.n_free_mmu_pages =
+ vcpu->kvm->arch.n_alloc_mmu_pages;
++ spin_unlock(&vcpu->kvm->mmu_lock);
+ /*
+ * When emulating 32-bit mode, cr3 is only 32 bits even on x86_64.
+ * Therefore we need to allocate shadow page tables in the first
--- /dev/null
+From mtosatti@redhat.com Wed Sep 30 16:21:30 2009
+From: Izik Eidus <ieidus@redhat.com>
+Date: Fri, 18 Sep 2009 20:08:01 -0300
+Subject: KVM: MMU: make __kvm_mmu_free_some_pages handle empty list
+To: stable@kernel.org
+Cc: Izik Eidus <ieidus@redhat.com>, avi@redhat.com, Marcelo Tosatti <mtosatti@redhat.com>
+Message-ID: <1253315287-12229-4-git-send-email-mtosatti@redhat.com>
+
+
+From: Izik Eidus <ieidus@redhat.com>
+
+(cherry picked from commit 3b80fffe2b31fb716d3ebe729c54464ee7856723)
+
+First check if the list is empty before attempting to look at list
+entries.
+
+Signed-off-by: Izik Eidus <ieidus@redhat.com>
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ arch/x86/kvm/mmu.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -2612,7 +2612,8 @@ EXPORT_SYMBOL_GPL(kvm_mmu_unprotect_page
+
+ void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu)
+ {
+- while (vcpu->kvm->arch.n_free_mmu_pages < KVM_REFILL_PAGES) {
++ while (vcpu->kvm->arch.n_free_mmu_pages < KVM_REFILL_PAGES &&
++ !list_empty(&vcpu->kvm->arch.active_mmu_pages)) {
+ struct kvm_mmu_page *sp;
+
+ sp = container_of(vcpu->kvm->arch.active_mmu_pages.prev,
--- /dev/null
+From mtosatti@redhat.com Wed Sep 30 16:20:39 2009
+From: Avi Kivity <avi@redhat.com>
+Date: Fri, 18 Sep 2009 20:07:59 -0300
+Subject: KVM: VMX: Check cpl before emulating debug register access
+To: stable@kernel.org
+Cc: Marcelo Tosatti <mtosatti@redhat.com>, Avi Kivity <avi@redhat.com>
+Message-ID: <1253315287-12229-2-git-send-email-mtosatti@redhat.com>
+
+
+From: Avi Kivity <avi@redhat.com>
+
+(cherry picked from commit 0a79b009525b160081d75cef5dbf45817956acf2)
+
+Debug registers may only be accessed from cpl 0. Unfortunately, vmx will
+code to emulate the instruction even though it was issued from guest
+userspace, possibly leading to an unexpected trap later.
+
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ arch/x86/include/asm/kvm_host.h | 1 +
+ arch/x86/kvm/vmx.c | 2 ++
+ arch/x86/kvm/x86.c | 13 +++++++++++++
+ 3 files changed, 16 insertions(+)
+
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -620,6 +620,7 @@ void kvm_queue_exception(struct kvm_vcpu
+ void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code);
+ void kvm_inject_page_fault(struct kvm_vcpu *vcpu, unsigned long cr2,
+ u32 error_code);
++bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl);
+
+ int kvm_pic_set_irq(void *opaque, int irq, int level);
+
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -2865,6 +2865,8 @@ static int handle_dr(struct kvm_vcpu *vc
+ unsigned long val;
+ int dr, reg;
+
++ if (!kvm_require_cpl(vcpu, 0))
++ return 1;
+ dr = vmcs_readl(GUEST_DR7);
+ if (dr & DR7_GD) {
+ /*
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -217,6 +217,19 @@ static void __queue_exception(struct kvm
+ }
+
+ /*
++ * Checks if cpl <= required_cpl; if true, return true. Otherwise queue
++ * a #GP and return false.
++ */
++bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl)
++{
++ if (kvm_x86_ops->get_cpl(vcpu) <= required_cpl)
++ return true;
++ kvm_queue_exception_e(vcpu, GP_VECTOR, 0);
++ return false;
++}
++EXPORT_SYMBOL_GPL(kvm_require_cpl);
++
++/*
+ * Load the pae pdptrs. Return true is they are all valid.
+ */
+ int load_pdptrs(struct kvm_vcpu *vcpu, unsigned long cr3)
--- /dev/null
+From mtosatti@redhat.com Wed Sep 30 16:21:01 2009
+From: Gleb Natapov <gleb@redhat.com>
+Date: Fri, 18 Sep 2009 20:08:00 -0300
+Subject: KVM: VMX: Fix cr8 exiting control clobbering by EPT
+To: stable@kernel.org
+Cc: avi@redhat.com, Gleb Natapov <gleb@redhat.com>
+Message-ID: <1253315287-12229-3-git-send-email-mtosatti@redhat.com>
+
+
+From: Gleb Natapov <gleb@redhat.com>
+
+(cherry picked from commit 5fff7d270bd6a4759b6d663741b729cdee370257)
+Don't call adjust_vmx_controls() two times for the same control.
+It restores options that were dropped earlier. This loses us the cr8
+exit control, which causes a massive performance regression Windows x64.
+
+Signed-off-by: Gleb Natapov <gleb@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ arch/x86/kvm/vmx.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -1206,12 +1206,9 @@ static __init int setup_vmcs_config(stru
+ if (_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_EPT) {
+ /* CR3 accesses and invlpg don't need to cause VM Exits when EPT
+ enabled */
+- min &= ~(CPU_BASED_CR3_LOAD_EXITING |
+- CPU_BASED_CR3_STORE_EXITING |
+- CPU_BASED_INVLPG_EXITING);
+- if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_PROCBASED_CTLS,
+- &_cpu_based_exec_control) < 0)
+- return -EIO;
++ _cpu_based_exec_control &= ~(CPU_BASED_CR3_LOAD_EXITING |
++ CPU_BASED_CR3_STORE_EXITING |
++ CPU_BASED_INVLPG_EXITING);
+ rdmsr(MSR_IA32_VMX_EPT_VPID_CAP,
+ vmx_capability.ept, vmx_capability.vpid);
+ }
--- /dev/null
+From mtosatti@redhat.com Wed Sep 30 16:21:46 2009
+From: Jan Kiszka <jan.kiszka@siemens.com>
+Date: Fri, 18 Sep 2009 20:08:02 -0300
+Subject: KVM: x86: Disallow hypercalls for guest callers in rings > 0
+To: stable@kernel.org
+Cc: Jan Kiszka <jan.kiszka@siemens.com>, avi@redhat.com
+Message-ID: <1253315287-12229-5-git-send-email-mtosatti@redhat.com>
+
+
+From: Jan Kiszka <jan.kiszka@siemens.com>
+
+(cherry picked from commit 07708c4af1346ab1521b26a202f438366b7bcffd)
+
+So far unprivileged guest callers running in ring 3 can issue, e.g., MMU
+hypercalls. Normally, such callers cannot provide any hand-crafted MMU
+command structure as it has to be passed by its physical address, but
+they can still crash the guest kernel by passing random addresses.
+
+To close the hole, this patch considers hypercalls valid only if issued
+from guest ring 0. This may still be relaxed on a per-hypercall base in
+the future once required.
+
+Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ arch/x86/kvm/x86.c | 6 ++++++
+ include/linux/kvm_para.h | 1 +
+ 2 files changed, 7 insertions(+)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -2898,6 +2898,11 @@ int kvm_emulate_hypercall(struct kvm_vcp
+ a3 &= 0xFFFFFFFF;
+ }
+
++ if (kvm_x86_ops->get_cpl(vcpu) != 0) {
++ ret = -KVM_EPERM;
++ goto out;
++ }
++
+ switch (nr) {
+ case KVM_HC_VAPIC_POLL_IRQ:
+ ret = 0;
+@@ -2909,6 +2914,7 @@ int kvm_emulate_hypercall(struct kvm_vcp
+ ret = -KVM_ENOSYS;
+ break;
+ }
++out:
+ kvm_register_write(vcpu, VCPU_REGS_RAX, ret);
+ ++vcpu->stat.hypercalls;
+ return r;
+--- a/include/linux/kvm_para.h
++++ b/include/linux/kvm_para.h
+@@ -13,6 +13,7 @@
+ #define KVM_ENOSYS 1000
+ #define KVM_EFAULT EFAULT
+ #define KVM_E2BIG E2BIG
++#define KVM_EPERM EPERM
+
+ #define KVM_HC_VAPIC_POLL_IRQ 1
+ #define KVM_HC_MMU_OP 2
--- /dev/null
+From mtosatti@redhat.com Wed Sep 30 16:23:51 2009
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Mon, 28 Sep 2009 15:05:53 -0300
+Subject: Revert "KVM: x86: check for cr3 validity in ioctl_set_sregs"
+To: stable@kernel.org, avi@redhat.com
+Cc: Juan Quintela <quintela@redhat.com>
+Message-ID: <20090928180553.GA9603@amt.cnet>
+Content-Disposition: inline
+
+From: Marcelo Tosatti <mtosatti@redhat.com>
+
+(cherry picked from commit dc7e795e3dd2a763e5ceaa1615f307e808cf3932)
+
+This reverts commit 6c20e1442bb1c62914bb85b7f4a38973d2a423ba.
+
+To my understanding, it became obsolete with the advent of the more
+robust check in mmu_alloc_roots (89da4ff17f). Moreover, it prevents
+the conceptually safe pattern
+
+ 1. set sregs
+ 2. register mem-slots
+ 3. run vcpu
+
+by setting a sticky triple fault during step 1.
+
+Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/x86.c | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -4012,13 +4012,7 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct
+
+ vcpu->arch.cr2 = sregs->cr2;
+ mmu_reset_needed |= vcpu->arch.cr3 != sregs->cr3;
+-
+- down_read(&vcpu->kvm->slots_lock);
+- if (gfn_to_memslot(vcpu->kvm, sregs->cr3 >> PAGE_SHIFT))
+- vcpu->arch.cr3 = sregs->cr3;
+- else
+- set_bit(KVM_REQ_TRIPLE_FAULT, &vcpu->requests);
+- up_read(&vcpu->kvm->slots_lock);
++ vcpu->arch.cr3 = sregs->cr3;
+
+ kvm_set_cr8(vcpu, sregs->cr8);
+
nilfs2-fix-missing-zero-fill-initialization-of-btree-node-cache.patch
p54usb-add-zcomax-xg-705a-usbid.patch
re-enable-lanman-security.patch
+kvm-vmx-check-cpl-before-emulating-debug-register-access.patch
+kvm-vmx-fix-cr8-exiting-control-clobbering-by-ept.patch
+kvm-mmu-make-__kvm_mmu_free_some_pages-handle-empty-list.patch
+kvm-x86-disallow-hypercalls-for-guest-callers-in-rings-0.patch
+kvm-mmu-fix-missing-locking-in-alloc_mmu_pages.patch
+kvm-mmu-fix-bogus-alloc_mmu_pages-assignment.patch
+kvm-limit-lapic-periodic-timer-frequency.patch
+kvm-guest-fix-bogus-wallclock-physical-address-calculation.patch
+kvm-fix-cpuid-e2big-handling-for-extended-request-types.patch
+revert-kvm-x86-check-for-cr3-validity-in-ioctl_set_sregs.patch
+ahci-restore-pci_intx-handling.patch