--- /dev/null
+From 2702b1526c7278c4d65d78de209a465d4de2885e Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Fri, 19 Oct 2012 13:56:51 -0700
+Subject: kernel/sys.c: fix stack memory content leak via UNAME26
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 2702b1526c7278c4d65d78de209a465d4de2885e upstream.
+
+Calling uname() with the UNAME26 personality set allows a leak of kernel
+stack contents. This fixes it by defensively calculating the length of
+copy_to_user() call, making the len argument unsigned, and initializing
+the stack buffer to zero (now technically unneeded, but hey, overkill).
+
+CVE-2012-0957
+
+Reported-by: PaX Team <pageexec@freemail.hu>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Cc: Andi Kleen <ak@linux.intel.com>
+Cc: PaX Team <pageexec@freemail.hu>
+Cc: Brad Spengler <spender@grsecurity.net>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/sys.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+--- a/kernel/sys.c
++++ b/kernel/sys.c
+@@ -1265,15 +1265,16 @@ DECLARE_RWSEM(uts_sem);
+ * Work around broken programs that cannot handle "Linux 3.0".
+ * Instead we map 3.x to 2.6.40+x, so e.g. 3.0 would be 2.6.40
+ */
+-static int override_release(char __user *release, int len)
++static int override_release(char __user *release, size_t len)
+ {
+ int ret = 0;
+- char buf[65];
+
+ if (current->personality & UNAME26) {
+- char *rest = UTS_RELEASE;
++ const char *rest = UTS_RELEASE;
++ char buf[65] = { 0 };
+ int ndots = 0;
+ unsigned v;
++ size_t copy;
+
+ while (*rest) {
+ if (*rest == '.' && ++ndots >= 3)
+@@ -1283,8 +1284,9 @@ static int override_release(char __user
+ rest++;
+ }
+ v = ((LINUX_VERSION_CODE >> 8) & 0xff) + 40;
+- snprintf(buf, len, "2.6.%u%s", v, rest);
+- ret = copy_to_user(release, buf, len);
++ copy = min(sizeof(buf), max_t(size_t, 1, len));
++ copy = scnprintf(buf, copy, "2.6.%u%s", v, rest);
++ ret = copy_to_user(release, buf, copy + 1);
+ }
+ return ret;
+ }
--- /dev/null
+From cd0b16c1c3cda12dbed1f8de8f1a9b0591990724 Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Sat, 13 Oct 2012 00:30:28 -0400
+Subject: NLM: nlm_lookup_file() may return NLMv4-specific error codes
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+commit cd0b16c1c3cda12dbed1f8de8f1a9b0591990724 upstream.
+
+If the filehandle is stale, or open access is denied for some reason,
+nlm_fopen() may return one of the NLMv4-specific error codes nlm4_stale_fh
+or nlm4_failed. These get passed right through nlm_lookup_file(),
+and so when nlmsvc_retrieve_args() calls the latter, it needs to filter
+the result through the cast_status() machinery.
+
+Failure to do so, will trigger the BUG_ON() in encode_nlm_stat...
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Reported-by: Larry McVoy <lm@bitmover.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/lockd/clntxdr.c | 2 +-
+ fs/lockd/svcproc.c | 3 ++-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+--- a/fs/lockd/clntxdr.c
++++ b/fs/lockd/clntxdr.c
+@@ -223,7 +223,7 @@ static void encode_nlm_stat(struct xdr_s
+ {
+ __be32 *p;
+
+- BUG_ON(be32_to_cpu(stat) > NLM_LCK_DENIED_GRACE_PERIOD);
++ WARN_ON_ONCE(be32_to_cpu(stat) > NLM_LCK_DENIED_GRACE_PERIOD);
+ p = xdr_reserve_space(xdr, 4);
+ *p = stat;
+ }
+--- a/fs/lockd/svcproc.c
++++ b/fs/lockd/svcproc.c
+@@ -68,7 +68,8 @@ nlmsvc_retrieve_args(struct svc_rqst *rq
+
+ /* Obtain file pointer. Not used by FREE_ALL call. */
+ if (filp != NULL) {
+- if ((error = nlm_lookup_file(rqstp, &file, &lock->fh)) != 0)
++ error = cast_status(nlm_lookup_file(rqstp, &file, &lock->fh));
++ if (error != 0)
+ goto no_locks;
+ *filp = file;
+
--- /dev/null
+From 44009105081b51417f311f4c3be0061870b6b8ed Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Wed, 10 Oct 2012 10:18:35 +0300
+Subject: oprofile, x86: Fix wrapping bug in op_x86_get_ctrl()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 44009105081b51417f311f4c3be0061870b6b8ed upstream.
+
+The "event" variable is a u16 so the shift will always wrap to zero
+making the line a no-op.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Robert Richter <robert.richter@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/oprofile/nmi_int.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/oprofile/nmi_int.c
++++ b/arch/x86/oprofile/nmi_int.c
+@@ -55,7 +55,7 @@ u64 op_x86_get_ctrl(struct op_x86_model_
+ val |= counter_config->extra;
+ event &= model->event_mask ? model->event_mask : 0xFF;
+ val |= event & 0xFF;
+- val |= (event & 0x0F00) << 24;
++ val |= (u64)(event & 0x0F00) << 24;
+
+ return val;
+ }
--- /dev/null
+From fdc858a466b738d35d3492bc7cf77b1dac98bf7c Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Mon, 30 Apr 2012 13:50:56 +0000
+Subject: pcmcia: sharpsl: don't discard sharpsl_pcmcia_ops
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit fdc858a466b738d35d3492bc7cf77b1dac98bf7c upstream.
+
+The sharpsl_pcmcia_ops structure gets passed into
+sa11xx_drv_pcmcia_probe, where it gets accessed at run-time,
+unlike all other pcmcia drivers that pass their structures
+into platform_device_add_data, which makes a copy.
+
+This means the gcc warning is valid and the structure
+must not be marked as __initdata.
+
+Without this patch, building collie_defconfig results in:
+
+drivers/pcmcia/pxa2xx_sharpsl.c:22:31: fatal error: mach-pxa/hardware.h: No such file or directory
+compilation terminated.
+make[3]: *** [drivers/pcmcia/pxa2xx_sharpsl.o] Error 1
+make[2]: *** [drivers/pcmcia] Error 2
+make[1]: *** [drivers] Error 2
+make: *** [sub-make] Error 2
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Cc: Dominik Brodowski <linux@dominikbrodowski.net>
+Cc: Russell King <rmk+kernel@arm.linux.org.uk>
+Cc: Pavel Machek <pavel@suse.cz>
+Cc: linux-pcmcia@lists.infradead.org
+Cc: Jochen Friedrich <jochen@scram.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pcmcia/pxa2xx_sharpsl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/pcmcia/pxa2xx_sharpsl.c
++++ b/drivers/pcmcia/pxa2xx_sharpsl.c
+@@ -194,7 +194,7 @@ static void sharpsl_pcmcia_socket_suspen
+ sharpsl_pcmcia_init_reset(skt);
+ }
+
+-static struct pcmcia_low_level sharpsl_pcmcia_ops __initdata = {
++static struct pcmcia_low_level sharpsl_pcmcia_ops = {
+ .owner = THIS_MODULE,
+ .hw_init = sharpsl_pcmcia_hw_init,
+ .socket_state = sharpsl_pcmcia_socket_state,
--- /dev/null
+From 8e49f418c9632790bf456634742d34d97120a784 Mon Sep 17 00:00:00 2001
+From: Vaibhav Nagarnaik <vnagarnaik@google.com>
+Date: Wed, 10 Oct 2012 16:40:27 -0700
+Subject: ring-buffer: Check for uninitialized cpu buffer before resizing
+
+From: Vaibhav Nagarnaik <vnagarnaik@google.com>
+
+commit 8e49f418c9632790bf456634742d34d97120a784 upstream.
+
+With a system where, num_present_cpus < num_possible_cpus, even if all
+CPUs are online, non-present CPUs don't have per_cpu buffers allocated.
+If per_cpu/<cpu>/buffer_size_kb is modified for such a CPU, it can cause
+a panic due to NULL dereference in ring_buffer_resize().
+
+To fix this, resize operation is allowed only if the per-cpu buffer has
+been initialized.
+
+Link: http://lkml.kernel.org/r/1349912427-6486-1-git-send-email-vnagarnaik@google.com
+
+Signed-off-by: Vaibhav Nagarnaik <vnagarnaik@google.com>
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/trace/ring_buffer.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/kernel/trace/ring_buffer.c
++++ b/kernel/trace/ring_buffer.c
+@@ -1567,6 +1567,10 @@ int ring_buffer_resize(struct ring_buffe
+
+ put_online_cpus();
+ } else {
++ /* Make sure this CPU has been intitialized */
++ if (!cpumask_test_cpu(cpu_id, buffer->cpumask))
++ goto out;
++
+ cpu_buffer = buffer->buffers[cpu_id];
+
+ if (nr_pages == cpu_buffer->nr_pages)
--- /dev/null
+From c985cb37f1b39c2c8035af741a2a0b79f1fbaca7 Mon Sep 17 00:00:00 2001
+From: Heiko Carstens <heiko.carstens@de.ibm.com>
+Date: Thu, 18 Oct 2012 11:11:01 +0200
+Subject: s390: fix linker script for 31 bit builds
+
+From: Heiko Carstens <heiko.carstens@de.ibm.com>
+
+commit c985cb37f1b39c2c8035af741a2a0b79f1fbaca7 upstream.
+
+Because of a change in the s390 arch backend of binutils (commit 23ecd77
+"Pick the default arch depending on the target size" in binutils repo)
+31 bit builds will fail since the linker would now try to create 64 bit
+binary output.
+Fix this by setting OUTPUT_ARCH to s390:31-bit instead of s390.
+Thanks to Andreas Krebbel for figuring out the issue.
+
+Fixes this build error:
+
+ LD init/built-in.o
+s390x-4.7.2-ld: s390:31-bit architecture of input file
+ `arch/s390/kernel/head.o' is incompatible with s390:64-bit output
+
+Cc: Andreas Krebbel <Andreas.Krebbel@de.ibm.com>
+Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/boot/compressed/vmlinux.lds.S | 2 +-
+ arch/s390/kernel/vmlinux.lds.S | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/s390/boot/compressed/vmlinux.lds.S
++++ b/arch/s390/boot/compressed/vmlinux.lds.S
+@@ -5,7 +5,7 @@ OUTPUT_FORMAT("elf64-s390", "elf64-s390"
+ OUTPUT_ARCH(s390:64-bit)
+ #else
+ OUTPUT_FORMAT("elf32-s390", "elf32-s390", "elf32-s390")
+-OUTPUT_ARCH(s390)
++OUTPUT_ARCH(s390:31-bit)
+ #endif
+
+ ENTRY(startup)
+--- a/arch/s390/kernel/vmlinux.lds.S
++++ b/arch/s390/kernel/vmlinux.lds.S
+@@ -8,7 +8,7 @@
+
+ #ifndef CONFIG_64BIT
+ OUTPUT_FORMAT("elf32-s390", "elf32-s390", "elf32-s390")
+-OUTPUT_ARCH(s390)
++OUTPUT_ARCH(s390:31-bit)
+ ENTRY(startup)
+ jiffies = jiffies_64 + 4;
+ #else
hwmon-coretemp-add-support-for-atom-ce4110-4150-4170.patch
nohz-fix-idle-ticks-in-cpu-summary-line-of-proc-stat.patch
arch-tile-avoid-generating-.eh_frame-information-in-modules.patch
+nlm-nlm_lookup_file-may-return-nlmv4-specific-error-codes.patch
+oprofile-x86-fix-wrapping-bug-in-op_x86_get_ctrl.patch
+s390-fix-linker-script-for-31-bit-builds.patch
+sunrpc-prevent-kernel-stack-corruption-on-long-values-of-flush.patch
+sunrpc-set-alloc_slot-for-backchannel-tcp-ops.patch
+ring-buffer-check-for-uninitialized-cpu-buffer-before-resizing.patch
+pcmcia-sharpsl-don-t-discard-sharpsl_pcmcia_ops.patch
+kernel-sys.c-fix-stack-memory-content-leak-via-uname26.patch
+use-clamp_t-in-uname26-fix.patch
+x86-amd-mce-avoid-null-pointer-reference-on-cpu-northbridge-lookup.patch
+x86-exclude-e820_reserved-regions-and-memory-holes-above-4-gb-from-direct-mapping.patch
--- /dev/null
+From 212ba90696ab4884e2025b0b13726d67aadc2cd4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <levinsasha928@gmail.com>
+Date: Tue, 17 Jul 2012 00:01:26 +0200
+Subject: SUNRPC: Prevent kernel stack corruption on long values of flush
+
+From: Sasha Levin <levinsasha928@gmail.com>
+
+commit 212ba90696ab4884e2025b0b13726d67aadc2cd4 upstream.
+
+The buffer size in read_flush() is too small for the longest possible values
+for it. This can lead to a kernel stack corruption:
+
+[ 43.047329] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff833e64b4
+[ 43.047329]
+[ 43.049030] Pid: 6015, comm: trinity-child18 Tainted: G W 3.5.0-rc7-next-20120716-sasha #221
+[ 43.050038] Call Trace:
+[ 43.050435] [<ffffffff836c60c2>] panic+0xcd/0x1f4
+[ 43.050931] [<ffffffff833e64b4>] ? read_flush.isra.7+0xe4/0x100
+[ 43.051602] [<ffffffff810e94e6>] __stack_chk_fail+0x16/0x20
+[ 43.052206] [<ffffffff833e64b4>] read_flush.isra.7+0xe4/0x100
+[ 43.052951] [<ffffffff833e6500>] ? read_flush_pipefs+0x30/0x30
+[ 43.053594] [<ffffffff833e652c>] read_flush_procfs+0x2c/0x30
+[ 43.053596] [<ffffffff812b9a8c>] proc_reg_read+0x9c/0xd0
+[ 43.053596] [<ffffffff812b99f0>] ? proc_reg_write+0xd0/0xd0
+[ 43.053596] [<ffffffff81250d5b>] do_loop_readv_writev+0x4b/0x90
+[ 43.053596] [<ffffffff81250fd6>] do_readv_writev+0xf6/0x1d0
+[ 43.053596] [<ffffffff812510ee>] vfs_readv+0x3e/0x60
+[ 43.053596] [<ffffffff812511b8>] sys_readv+0x48/0xb0
+[ 43.053596] [<ffffffff8378167d>] system_call_fastpath+0x1a/0x1f
+
+Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/sunrpc/cache.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/sunrpc/cache.c
++++ b/net/sunrpc/cache.c
+@@ -1409,11 +1409,11 @@ static ssize_t read_flush(struct file *f
+ size_t count, loff_t *ppos,
+ struct cache_detail *cd)
+ {
+- char tbuf[20];
++ char tbuf[22];
+ unsigned long p = *ppos;
+ size_t len;
+
+- sprintf(tbuf, "%lu\n", convert_to_wallclock(cd->flush_time));
++ snprintf(tbuf, sizeof(tbuf), "%lu\n", convert_to_wallclock(cd->flush_time));
+ len = strlen(tbuf);
+ if (p >= len)
+ return 0;
--- /dev/null
+From Trond.Myklebust@netapp.com Wed Oct 24 08:40:27 2012
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Mon, 22 Oct 2012 12:35:40 -0400
+Subject: SUNRPC: Set alloc_slot for backchannel tcp ops
+To: stable@vger.kernel.org
+
+From: Bryan Schumaker <bjschuma@netapp.com>
+
+commit 84e28a307e376f271505af65a7b7e212dd6f61f4 upstream.
+
+f39c1bfb5a03e2d255451bff05be0d7255298fa4 (SUNRPC: Fix a UDP transport
+regression) introduced the "alloc_slot" function for xprt operations,
+but never created one for the backchannel operations. This patch fixes
+a null pointer dereference when mounting NFS over v4.1.
+
+Call Trace:
+ [<ffffffffa0207957>] ? xprt_reserve+0x47/0x50 [sunrpc]
+ [<ffffffffa02023a4>] call_reserve+0x34/0x60 [sunrpc]
+ [<ffffffffa020e280>] __rpc_execute+0x90/0x400 [sunrpc]
+ [<ffffffffa020e61a>] rpc_async_schedule+0x2a/0x40 [sunrpc]
+ [<ffffffff81073589>] process_one_work+0x139/0x500
+ [<ffffffff81070e70>] ? alloc_worker+0x70/0x70
+ [<ffffffffa020e5f0>] ? __rpc_execute+0x400/0x400 [sunrpc]
+ [<ffffffff81073d1e>] worker_thread+0x15e/0x460
+ [<ffffffff8145c839>] ? preempt_schedule+0x49/0x70
+ [<ffffffff81073bc0>] ? rescuer_thread+0x230/0x230
+ [<ffffffff81079603>] kthread+0x93/0xa0
+ [<ffffffff81465d04>] kernel_thread_helper+0x4/0x10
+ [<ffffffff81079570>] ? kthread_freezable_should_stop+0x70/0x70
+ [<ffffffff81465d00>] ? gs_change+0x13/0x13
+
+Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/sunrpc/xprtsock.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/sunrpc/xprtsock.c
++++ b/net/sunrpc/xprtsock.c
+@@ -2539,6 +2539,7 @@ static struct rpc_xprt_ops xs_tcp_ops =
+ static struct rpc_xprt_ops bc_tcp_ops = {
+ .reserve_xprt = xprt_reserve_xprt,
+ .release_xprt = xprt_release_xprt,
++ .alloc_slot = xprt_alloc_slot,
+ .rpcbind = xs_local_rpcbind,
+ .buf_alloc = bc_malloc,
+ .buf_free = bc_free,
--- /dev/null
+From 31fd84b95eb211d5db460a1dda85e004800a7b52 Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Fri, 19 Oct 2012 18:45:53 -0700
+Subject: use clamp_t in UNAME26 fix
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 31fd84b95eb211d5db460a1dda85e004800a7b52 upstream.
+
+The min/max call needed to have explicit types on some architectures
+(e.g. mn10300). Use clamp_t instead to avoid the warning:
+
+ kernel/sys.c: In function 'override_release':
+ kernel/sys.c:1287:10: warning: comparison of distinct pointer types lacks a cast [enabled by default]
+
+Reported-by: Fengguang Wu <fengguang.wu@intel.com>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/sys.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/sys.c
++++ b/kernel/sys.c
+@@ -1284,7 +1284,7 @@ static int override_release(char __user
+ rest++;
+ }
+ v = ((LINUX_VERSION_CODE >> 8) & 0xff) + 40;
+- copy = min(sizeof(buf), max_t(size_t, 1, len));
++ copy = clamp_t(size_t, len, 1, sizeof(buf));
+ copy = scnprintf(buf, copy, "2.6.%u%s", v, rest);
+ ret = copy_to_user(release, buf, copy + 1);
+ }
--- /dev/null
+From 21c5e50e15b1abd797e62f18fd7f90b9cc004cbd Mon Sep 17 00:00:00 2001
+From: Daniel J Blueman <daniel@numascale-asia.com>
+Date: Mon, 1 Oct 2012 14:42:05 +0800
+Subject: x86, amd, mce: Avoid NULL pointer reference on CPU northbridge lookup
+
+From: Daniel J Blueman <daniel@numascale-asia.com>
+
+commit 21c5e50e15b1abd797e62f18fd7f90b9cc004cbd upstream.
+
+When booting on a federated multi-server system (NumaScale), the
+processor Northbridge lookup returns NULL; add guards to prevent this
+causing an oops.
+
+On those systems, the northbridge is accessed through MMIO and the
+"normal" northbridge enumeration in amd_nb.c doesn't work since we're
+generating the northbridge ID from the initial APIC ID and the last
+is not unique on those systems. Long story short, we end up without
+northbridge descriptors.
+
+Signed-off-by: Daniel J Blueman <daniel@numascale-asia.com>
+Link: http://lkml.kernel.org/r/1349073725-14093-1-git-send-email-daniel@numascale-asia.com
+[ Boris: beef up commit message ]
+Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
+Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/mcheck/mce_amd.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/arch/x86/kernel/cpu/mcheck/mce_amd.c
++++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c
+@@ -576,12 +576,10 @@ static __cpuinit int threshold_create_ba
+ int err = 0;
+
+ if (shared_bank[bank]) {
+-
+ nb = node_to_amd_nb(amd_get_nb_id(cpu));
+- WARN_ON(!nb);
+
+ /* threshold descriptor already initialized on this node? */
+- if (nb->bank4) {
++ if (nb && nb->bank4) {
+ /* yes, use it */
+ b = nb->bank4;
+ err = kobject_add(b->kobj, &dev->kobj, name);
+@@ -615,8 +613,10 @@ static __cpuinit int threshold_create_ba
+ atomic_set(&b->cpus, 1);
+
+ /* nb is already initialized, see above */
+- WARN_ON(nb->bank4);
+- nb->bank4 = b;
++ if (nb) {
++ WARN_ON(nb->bank4);
++ nb->bank4 = b;
++ }
+ }
+
+ err = allocate_threshold_blocks(cpu, bank, 0,
--- /dev/null
+From 1bbbbe779aabe1f0768c2bf8f8c0a5583679b54a Mon Sep 17 00:00:00 2001
+From: Jacob Shin <jacob.shin@amd.com>
+Date: Thu, 20 Oct 2011 16:15:26 -0500
+Subject: x86: Exclude E820_RESERVED regions and memory holes above 4 GB from direct mapping.
+
+From: Jacob Shin <jacob.shin@amd.com>
+
+commit 1bbbbe779aabe1f0768c2bf8f8c0a5583679b54a upstream.
+
+On systems with very large memory (1 TB in our case), BIOS may report a
+reserved region or a hole in the E820 map, even above the 4 GB range. Exclude
+these from the direct mapping.
+
+[ hpa: this should be done not just for > 4 GB but for everything above the legacy
+ region (1 MB), at the very least. That, however, turns out to require significant
+ restructuring. That work is well underway, but is not suitable for rc/stable. ]
+
+Signed-off-by: Jacob Shin <jacob.shin@amd.com>
+Link: http://lkml.kernel.org/r/1319145326-13902-1-git-send-email-jacob.shin@amd.com
+Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/setup.c | 17 +++++++++++++++--
+ 1 file changed, 15 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kernel/setup.c
++++ b/arch/x86/kernel/setup.c
+@@ -919,8 +919,21 @@ void __init setup_arch(char **cmdline_p)
+
+ #ifdef CONFIG_X86_64
+ if (max_pfn > max_low_pfn) {
+- max_pfn_mapped = init_memory_mapping(1UL<<32,
+- max_pfn<<PAGE_SHIFT);
++ int i;
++ for (i = 0; i < e820.nr_map; i++) {
++ struct e820entry *ei = &e820.map[i];
++
++ if (ei->addr + ei->size <= 1UL << 32)
++ continue;
++
++ if (ei->type == E820_RESERVED)
++ continue;
++
++ max_pfn_mapped = init_memory_mapping(
++ ei->addr < 1UL << 32 ? 1UL << 32 : ei->addr,
++ ei->addr + ei->size);
++ }
++
+ /* can we preseve max_low_pfn ?*/
+ max_low_pfn = max_pfn;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
