--- /dev/null
+From 6148b130eb84edc76e4fa88da1877b27be6c2f06 Mon Sep 17 00:00:00 2001
+From: Sophie Hamilton <kernel@theblob.org>
+Date: Tue, 8 Sep 2009 10:58:42 +0200
+Subject: ALSA: cs46xx - Fix minimum period size
+
+From: Sophie Hamilton <kernel@theblob.org>
+
+commit 6148b130eb84edc76e4fa88da1877b27be6c2f06 upstream.
+
+Fix minimum period size for cs46xx cards. This fixes a problem in the
+case where neither a period size nor a buffer size is passed to ALSA;
+this is the case in Audacious, OpenAL, and others.
+
+Signed-off-by: Sophie Hamilton <kernel@theblob.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ sound/pci/cs46xx/cs46xx_lib.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/pci/cs46xx/cs46xx_lib.h
++++ b/sound/pci/cs46xx/cs46xx_lib.h
+@@ -35,7 +35,7 @@
+
+
+ #ifdef CONFIG_SND_CS46XX_NEW_DSP
+-#define CS46XX_MIN_PERIOD_SIZE 1
++#define CS46XX_MIN_PERIOD_SIZE 64
+ #define CS46XX_MAX_PERIOD_SIZE 1024*1024
+ #else
+ #define CS46XX_MIN_PERIOD_SIZE 2048
--- /dev/null
+From 7929eb9cf643ae416e5081b2a6fa558d37b9854c Mon Sep 17 00:00:00 2001
+From: Nicolas Pitre <nico@cam.org>
+Date: Thu, 3 Sep 2009 21:45:59 +0100
+Subject: ARM: 5691/1: fix cache aliasing issues between kmap() and kmap_atomic() with highmem
+
+From: Nicolas Pitre <nico@cam.org>
+
+commit 7929eb9cf643ae416e5081b2a6fa558d37b9854c upstream.
+
+Let's suppose a highmem page is kmap'd with kmap(). A pkmap entry is
+used, the page mapped to it, and the virtual cache is dirtied. Then
+kunmap() is used which does virtually nothing except for decrementing a
+usage count.
+
+Then, let's suppose the _same_ page gets mapped using kmap_atomic().
+It is therefore mapped onto a fixmap entry instead, which has a
+different virtual address unaware of the dirty cache data for that page
+sitting in the pkmap mapping.
+
+Fortunately it is easy to know if a pkmap mapping still exists for that
+page and use it directly with kmap_atomic(), thanks to kmap_high_get().
+
+And actual testing with a printk in the added code path shows that this
+condition is actually met *extremely* frequently. Seems that we've been
+quite lucky that things have worked so well with highmem so far.
+
+Signed-off-by: Nicolas Pitre <nico@marvell.com>
+Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+--- a/arch/arm/mm/highmem.c
++++ b/arch/arm/mm/highmem.c
+@@ -40,11 +40,16 @@ void *kmap_atomic(struct page *page, enum km_type type)
+ {
+ unsigned int idx;
+ unsigned long vaddr;
++ void *kmap;
+
+ pagefault_disable();
+ if (!PageHighMem(page))
+ return page_address(page);
+
++ kmap = kmap_high_get(page);
++ if (kmap)
++ return kmap;
++
+ idx = type + KM_TYPE_NR * smp_processor_id();
+ vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx);
+ #ifdef CONFIG_DEBUG_HIGHMEM
+@@ -80,6 +85,9 @@ void kunmap_atomic(void *kvaddr, enum km_type type)
+ #else
+ (void) idx; /* to kill a warning */
+ #endif
++ } else if (vaddr >= PKMAP_ADDR(0) && vaddr < PKMAP_ADDR(LAST_PKMAP)) {
++ /* this address was obtained through kmap_high_get() */
++ kunmap_high(pte_page(pkmap_page_table[PKMAP_NR(vaddr)]));
+ }
+ pagefault_enable();
+ }
--- /dev/null
+From 87831cb660954356d68cebdb1406f3be09e784e9 Mon Sep 17 00:00:00 2001
+From: Mark Brown <broonie@opensource.wolfsonmicro.com>
+Date: Mon, 7 Sep 2009 18:09:58 +0100
+Subject: ASoC: Fix WM835x Out4 capture enumeration
+
+From: Mark Brown <broonie@opensource.wolfsonmicro.com>
+
+commit 87831cb660954356d68cebdb1406f3be09e784e9 upstream.
+
+It's the 8th enum of a zero indexed array. This is why I don't let
+new drivers use these arrays of enums...
+
+Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ sound/soc/codecs/wm8350.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/soc/codecs/wm8350.c
++++ b/sound/soc/codecs/wm8350.c
+@@ -613,7 +613,7 @@ SOC_DAPM_SINGLE("Switch", WM8350_BEEP_VO
+
+ /* Out4 Capture Mux */
+ static const struct snd_kcontrol_new wm8350_out4_capture_controls =
+-SOC_DAPM_ENUM("Route", wm8350_enum[8]);
++SOC_DAPM_ENUM("Route", wm8350_enum[7]);
+
+ static const struct snd_soc_dapm_widget wm8350_dapm_widgets[] = {
+
--- /dev/null
+From 65a82211636f156a276cac3f8665605ae18f371f Mon Sep 17 00:00:00 2001
+From: Gleb Natapov <gleb@redhat.com>
+Date: Thu, 3 Sep 2009 12:10:34 +0300
+Subject: KVM: Fix coalesced interrupt reporting in IOAPIC
+
+From: Gleb Natapov <gleb@redhat.com>
+
+commit 65a82211636f156a276cac3f8665605ae18f371f upstream.
+
+This bug was introduced by b4a2f5e723e4f7df467.
+
+Signed-off-by: Gleb Natapov <gleb@redhat.com>
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ virt/kvm/ioapic.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/virt/kvm/ioapic.c
++++ b/virt/kvm/ioapic.c
+@@ -188,6 +188,8 @@ int kvm_ioapic_set_irq(struct kvm_ioapic
+ if ((edge && old_irr != ioapic->irr) ||
+ (!edge && !entry.fields.remote_irr))
+ ret = ioapic_service(ioapic, irq);
++ else
++ ret = 0; /* report coalesced interrupt */
+ }
+ }
+ return ret;
--- /dev/null
+From 6ba661787594868512a71c129062ebd57d0c01e7 Mon Sep 17 00:00:00 2001
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Tue, 25 Aug 2009 01:13:10 -0300
+Subject: KVM guest: do not batch pte updates from interrupt context
+
+From: Marcelo Tosatti <mtosatti@redhat.com>
+
+commit 6ba661787594868512a71c129062ebd57d0c01e7 upstream.
+
+Commit b8bcfe997e4 made paravirt pte updates synchronous in interrupt
+context.
+
+Unfortunately the KVM pv mmu code caches the lazy/nonlazy mode
+internally, so a pte update from interrupt context during a lazy mmu
+operation can be batched while it should be performed synchronously.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=518022
+
+Drop the internal mode variable and use paravirt_get_lazy_mode(), which
+returns the correct state.
+
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kernel/kvm.c | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+--- a/arch/x86/kernel/kvm.c
++++ b/arch/x86/kernel/kvm.c
+@@ -34,7 +34,6 @@
+ struct kvm_para_state {
+ u8 mmu_queue[MMU_QUEUE_SIZE];
+ int mmu_queue_len;
+- enum paravirt_lazy_mode mode;
+ };
+
+ static DEFINE_PER_CPU(struct kvm_para_state, para_state);
+@@ -77,7 +76,7 @@ static void kvm_deferred_mmu_op(void *bu
+ {
+ struct kvm_para_state *state = kvm_para_state();
+
+- if (state->mode != PARAVIRT_LAZY_MMU) {
++ if (paravirt_get_lazy_mode() != PARAVIRT_LAZY_MMU) {
+ kvm_mmu_op(buffer, len);
+ return;
+ }
+@@ -185,10 +184,7 @@ static void kvm_release_pt(unsigned long
+
+ static void kvm_enter_lazy_mmu(void)
+ {
+- struct kvm_para_state *state = kvm_para_state();
+-
+ paravirt_enter_lazy_mmu();
+- state->mode = paravirt_get_lazy_mode();
+ }
+
+ static void kvm_leave_lazy_mmu(void)
+@@ -197,7 +193,6 @@ static void kvm_leave_lazy_mmu(void)
+
+ mmu_queue_flush(state);
+ paravirt_leave_lazy_mmu();
+- state->mode = paravirt_get_lazy_mode();
+ }
+
+ static void __init paravirt_ops_setup(void)
--- /dev/null
+From a20316d2aa41a8f4fd171648bad8f044f6060826 Mon Sep 17 00:00:00 2001
+From: Glauber Costa <glommer@redhat.com>
+Date: Mon, 31 Aug 2009 03:04:31 -0400
+Subject: KVM guest: fix bogus wallclock physical address calculation
+
+From: Glauber Costa <glommer@redhat.com>
+
+commit a20316d2aa41a8f4fd171648bad8f044f6060826 upstream.
+
+The use of __pa() to calculate the address of a C-visible symbol
+is wrong, and can lead to unpredictable results. See arch/x86/include/asm/page.h
+for details.
+
+It should be replaced with __pa_symbol(), that does the correct math here,
+by taking relocations into account. This ensures the correct wallclock data
+structure physical address is passed to the hypervisor.
+
+Signed-off-by: Glauber Costa <glommer@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kernel/kvmclock.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kernel/kvmclock.c
++++ b/arch/x86/kernel/kvmclock.c
+@@ -50,8 +50,8 @@ static unsigned long kvm_get_wallclock(v
+ struct timespec ts;
+ int low, high;
+
+- low = (int)__pa(&wall_clock);
+- high = ((u64)__pa(&wall_clock) >> 32);
++ low = (int)__pa_symbol(&wall_clock);
++ high = ((u64)__pa_symbol(&wall_clock) >> 32);
+ native_write_msr(MSR_KVM_WALL_CLOCK, low, high);
+
+ vcpu_time = &get_cpu_var(hv_clock);
--- /dev/null
+From 1444885a045fe3b1905a14ea1b52540bf556578b Mon Sep 17 00:00:00 2001
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Mon, 27 Jul 2009 23:41:01 -0300
+Subject: KVM: limit lapic periodic timer frequency
+
+From: Marcelo Tosatti <mtosatti@redhat.com>
+
+commit 1444885a045fe3b1905a14ea1b52540bf556578b upstream.
+
+Otherwise its possible to starve the host by programming lapic timer
+with a very high frequency.
+
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/lapic.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/arch/x86/kvm/lapic.c
++++ b/arch/x86/kvm/lapic.c
+@@ -573,6 +573,15 @@ static void start_apic_timer(struct kvm_
+
+ if (!apic->lapic_timer.period)
+ return;
++ /*
++ * Do not allow the guest to program periodic timers with small
++ * interval, since the hrtimers are not throttled by the host
++ * scheduler.
++ */
++ if (apic_lvtt_period(apic)) {
++ if (apic->lapic_timer.period < NSEC_PER_MSEC/2)
++ apic->lapic_timer.period = NSEC_PER_MSEC/2;
++ }
+
+ hrtimer_start(&apic->lapic_timer.timer,
+ ktime_add_ns(now, apic->lapic_timer.period),
--- /dev/null
+From 3b80fffe2b31fb716d3ebe729c54464ee7856723 Mon Sep 17 00:00:00 2001
+From: Izik Eidus <ieidus@redhat.com>
+Date: Tue, 28 Jul 2009 15:26:58 -0300
+Subject: KVM: MMU: make __kvm_mmu_free_some_pages handle empty list
+
+From: Izik Eidus <ieidus@redhat.com>
+
+commit 3b80fffe2b31fb716d3ebe729c54464ee7856723 upstream.
+
+First check if the list is empty before attempting to look at list
+entries.
+
+Signed-off-by: Izik Eidus <ieidus@redhat.com>
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/mmu.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -2633,7 +2633,8 @@ EXPORT_SYMBOL_GPL(kvm_mmu_unprotect_page
+
+ void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu)
+ {
+- while (vcpu->kvm->arch.n_free_mmu_pages < KVM_REFILL_PAGES) {
++ while (vcpu->kvm->arch.n_free_mmu_pages < KVM_REFILL_PAGES &&
++ !list_empty(&vcpu->kvm->arch.active_mmu_pages)) {
+ struct kvm_mmu_page *sp;
+
+ sp = container_of(vcpu->kvm->arch.active_mmu_pages.prev,
--- /dev/null
+From 0a79b009525b160081d75cef5dbf45817956acf2 Mon Sep 17 00:00:00 2001
+From: Avi Kivity <avi@redhat.com>
+Date: Tue, 1 Sep 2009 12:03:25 +0300
+Subject: KVM: VMX: Check cpl before emulating debug register access
+
+From: Avi Kivity <avi@redhat.com>
+
+commit 0a79b009525b160081d75cef5dbf45817956acf2 upstream.
+
+Debug registers may only be accessed from cpl 0. Unfortunately, vmx will
+code to emulate the instruction even though it was issued from guest
+userspace, possibly leading to an unexpected trap later.
+
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/include/asm/kvm_host.h | 1 +
+ arch/x86/kvm/vmx.c | 2 ++
+ arch/x86/kvm/x86.c | 13 +++++++++++++
+ 3 files changed, 16 insertions(+)
+
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -618,6 +618,7 @@ void kvm_queue_exception(struct kvm_vcpu
+ void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code);
+ void kvm_inject_page_fault(struct kvm_vcpu *vcpu, unsigned long cr2,
+ u32 error_code);
++bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl);
+
+ int kvm_pic_set_irq(void *opaque, int irq, int level);
+
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -2841,6 +2841,8 @@ static int handle_dr(struct kvm_vcpu *vc
+ unsigned long val;
+ int dr, reg;
+
++ if (!kvm_require_cpl(vcpu, 0))
++ return 1;
+ dr = vmcs_readl(GUEST_DR7);
+ if (dr & DR7_GD) {
+ /*
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -215,6 +215,19 @@ static void __queue_exception(struct kvm
+ }
+
+ /*
++ * Checks if cpl <= required_cpl; if true, return true. Otherwise queue
++ * a #GP and return false.
++ */
++bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl)
++{
++ if (kvm_x86_ops->get_cpl(vcpu) <= required_cpl)
++ return true;
++ kvm_queue_exception_e(vcpu, GP_VECTOR, 0);
++ return false;
++}
++EXPORT_SYMBOL_GPL(kvm_require_cpl);
++
++/*
+ * Load the pae pdptrs. Return true is they are all valid.
+ */
+ int load_pdptrs(struct kvm_vcpu *vcpu, unsigned long cr3)
--- /dev/null
+From 5fff7d270bd6a4759b6d663741b729cdee370257 Mon Sep 17 00:00:00 2001
+From: Gleb Natapov <gleb@redhat.com>
+Date: Thu, 27 Aug 2009 18:41:30 +0300
+Subject: KVM: VMX: Fix cr8 exiting control clobbering by EPT
+
+From: Gleb Natapov <gleb@redhat.com>
+
+commit 5fff7d270bd6a4759b6d663741b729cdee370257 upstream.
+
+Don't call adjust_vmx_controls() two times for the same control.
+It restores options that were dropped earlier. This loses us the cr8
+exit control, which causes a massive performance regression Windows x64.
+
+Signed-off-by: Gleb Natapov <gleb@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/vmx.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -1217,12 +1217,9 @@ static __init int setup_vmcs_config(stru
+ if (_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_EPT) {
+ /* CR3 accesses and invlpg don't need to cause VM Exits when EPT
+ enabled */
+- min &= ~(CPU_BASED_CR3_LOAD_EXITING |
+- CPU_BASED_CR3_STORE_EXITING |
+- CPU_BASED_INVLPG_EXITING);
+- if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_PROCBASED_CTLS,
+- &_cpu_based_exec_control) < 0)
+- return -EIO;
++ _cpu_based_exec_control &= ~(CPU_BASED_CR3_LOAD_EXITING |
++ CPU_BASED_CR3_STORE_EXITING |
++ CPU_BASED_INVLPG_EXITING);
+ rdmsr(MSR_IA32_VMX_EPT_VPID_CAP,
+ vmx_capability.ept, vmx_capability.vpid);
+ }
--- /dev/null
+From 07708c4af1346ab1521b26a202f438366b7bcffd Mon Sep 17 00:00:00 2001
+From: Jan Kiszka <jan.kiszka@siemens.com>
+Date: Mon, 3 Aug 2009 18:43:28 +0200
+Subject: KVM: x86: Disallow hypercalls for guest callers in rings > 0
+
+From: Jan Kiszka <jan.kiszka@siemens.com>
+
+commit 07708c4af1346ab1521b26a202f438366b7bcffd upstream.
+
+So far unprivileged guest callers running in ring 3 can issue, e.g., MMU
+hypercalls. Normally, such callers cannot provide any hand-crafted MMU
+command structure as it has to be passed by its physical address, but
+they can still crash the guest kernel by passing random addresses.
+
+To close the hole, this patch considers hypercalls valid only if issued
+from guest ring 0. This may still be relaxed on a per-hypercall base in
+the future once required.
+
+Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/x86.c | 6 ++++++
+ include/linux/kvm_para.h | 1 +
+ 2 files changed, 7 insertions(+)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -2911,6 +2911,11 @@ int kvm_emulate_hypercall(struct kvm_vcp
+ a3 &= 0xFFFFFFFF;
+ }
+
++ if (kvm_x86_ops->get_cpl(vcpu) != 0) {
++ ret = -KVM_EPERM;
++ goto out;
++ }
++
+ switch (nr) {
+ case KVM_HC_VAPIC_POLL_IRQ:
+ ret = 0;
+@@ -2922,6 +2927,7 @@ int kvm_emulate_hypercall(struct kvm_vcp
+ ret = -KVM_ENOSYS;
+ break;
+ }
++out:
+ kvm_register_write(vcpu, VCPU_REGS_RAX, ret);
+ ++vcpu->stat.hypercalls;
+ return r;
+--- a/include/linux/kvm_para.h
++++ b/include/linux/kvm_para.h
+@@ -13,6 +13,7 @@
+ #define KVM_ENOSYS 1000
+ #define KVM_EFAULT EFAULT
+ #define KVM_E2BIG E2BIG
++#define KVM_EPERM EPERM
+
+ #define KVM_HC_VAPIC_POLL_IRQ 1
+ #define KVM_HC_MMU_OP 2
--- /dev/null
+From ee3d29e8bee8d7c321279a9bd9bd25d4cfbf79b7 Mon Sep 17 00:00:00 2001
+From: Avi Kivity <avi@redhat.com>
+Date: Mon, 18 May 2009 16:15:20 +0300
+Subject: KVM: x86 emulator: fix jmp far decoding (opcode 0xea)
+
+From: Avi Kivity <avi@redhat.com>
+
+commit ee3d29e8bee8d7c321279a9bd9bd25d4cfbf79b7 upstream.
+
+The jump target should not be sign extened; use an unsigned decode flag.
+
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/x86_emulate.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/x86_emulate.c
++++ b/arch/x86/kvm/x86_emulate.c
+@@ -196,7 +196,7 @@ static u32 opcode_table[256] = {
+ ByteOp | SrcImmUByte, SrcImmUByte,
+ /* 0xE8 - 0xEF */
+ SrcImm | Stack, SrcImm | ImplicitOps,
+- SrcImm | Src2Imm16, SrcImmByte | ImplicitOps,
++ SrcImmU | Src2Imm16, SrcImmByte | ImplicitOps,
+ SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
+ SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
+ /* 0xF0 - 0xF7 */
--- /dev/null
+From c9eaf20f268c7051bfde2ba212c5ea76a6cbc7a1 Mon Sep 17 00:00:00 2001
+From: Avi Kivity <avi@redhat.com>
+Date: Mon, 18 May 2009 16:13:45 +0300
+Subject: KVM: x86 emulator: Implement zero-extended immediate decoding
+
+From: Avi Kivity <avi@redhat.com>
+
+commit c9eaf20f268c7051bfde2ba212c5ea76a6cbc7a1 upstream.
+
+Absolute jumps use zero extended immediate operands.
+
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/x86_emulate.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+--- a/arch/x86/kvm/x86_emulate.c
++++ b/arch/x86/kvm/x86_emulate.c
+@@ -60,6 +60,7 @@
+ #define SrcImmByte (6<<4) /* 8-bit sign-extended immediate operand. */
+ #define SrcOne (7<<4) /* Implied '1' */
+ #define SrcImmUByte (8<<4) /* 8-bit unsigned immediate operand. */
++#define SrcImmU (9<<4) /* Immediate operand, unsigned */
+ #define SrcMask (0xf<<4)
+ /* Generic ModRM decode. */
+ #define ModRM (1<<8)
+@@ -1027,6 +1028,7 @@ done_prefixes:
+ c->src.type = OP_MEM;
+ break;
+ case SrcImm:
++ case SrcImmU:
+ c->src.type = OP_IMM;
+ c->src.ptr = (unsigned long *)c->eip;
+ c->src.bytes = (c->d & ByteOp) ? 1 : c->op_bytes;
+@@ -1044,6 +1046,19 @@ done_prefixes:
+ c->src.val = insn_fetch(s32, 4, c->eip);
+ break;
+ }
++ if ((c->d & SrcMask) == SrcImmU) {
++ switch (c->src.bytes) {
++ case 1:
++ c->src.val &= 0xff;
++ break;
++ case 2:
++ c->src.val &= 0xffff;
++ break;
++ case 4:
++ c->src.val &= 0xffffffff;
++ break;
++ }
++ }
+ break;
+ case SrcImmByte:
+ case SrcImmUByte:
--- /dev/null
+From fa0681d2129732027355d6b7083dd8932b9b799d Mon Sep 17 00:00:00 2001
+From: Roland Dreier <rolandd@cisco.com>
+Date: Sat, 5 Sep 2009 20:24:49 -0700
+Subject: mlx4_core: Allocate and map sufficient ICM memory for EQ context
+
+From: Roland Dreier <rolandd@cisco.com>
+
+commit fa0681d2129732027355d6b7083dd8932b9b799d upstream.
+
+The current implementation allocates a single host page for EQ context
+memory, which was OK when we only allocated a few EQs. However, since
+we now allocate an EQ for each CPU core, this patch removes the
+hard-coded limit (which we exceed with 4 KB pages and 128 byte EQ
+context entries with 32 CPUs) and uses the same ICM table code as all
+other context tables, which ends up simplifying the code quite a bit
+while fixing the problem.
+
+This problem was actually hit in practice on a dual-socket Nehalem box
+with 16 real hardware threads and sufficiently odd ACPI tables that it
+shows on boot
+
+ SMP: Allowing 32 CPUs, 16 hotplug CPUs
+
+so num_possible_cpus() ends up 32, and mlx4 ends up creating 33 MSI-X
+interrupts and 33 EQs. This mlx4 bug means that mlx4 can't even
+initialize at all on this quite mainstream system.
+
+Reported-by: Eli Cohen <eli@mellanox.co.il>
+Tested-by: Christoph Lameter <cl@linux-foundation.org>
+Signed-off-by: Roland Dreier <rolandd@cisco.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/mlx4/eq.c | 42 ------------------------------------------
+ drivers/net/mlx4/main.c | 9 ++++++---
+ drivers/net/mlx4/mlx4.h | 7 +------
+ 3 files changed, 7 insertions(+), 51 deletions(-)
+
+--- a/drivers/net/mlx4/eq.c
++++ b/drivers/net/mlx4/eq.c
+@@ -526,48 +526,6 @@ static void mlx4_unmap_clr_int(struct ml
+ iounmap(priv->clr_base);
+ }
+
+-int mlx4_map_eq_icm(struct mlx4_dev *dev, u64 icm_virt)
+-{
+- struct mlx4_priv *priv = mlx4_priv(dev);
+- int ret;
+-
+- /*
+- * We assume that mapping one page is enough for the whole EQ
+- * context table. This is fine with all current HCAs, because
+- * we only use 32 EQs and each EQ uses 64 bytes of context
+- * memory, or 1 KB total.
+- */
+- priv->eq_table.icm_virt = icm_virt;
+- priv->eq_table.icm_page = alloc_page(GFP_HIGHUSER);
+- if (!priv->eq_table.icm_page)
+- return -ENOMEM;
+- priv->eq_table.icm_dma = pci_map_page(dev->pdev, priv->eq_table.icm_page, 0,
+- PAGE_SIZE, PCI_DMA_BIDIRECTIONAL);
+- if (pci_dma_mapping_error(dev->pdev, priv->eq_table.icm_dma)) {
+- __free_page(priv->eq_table.icm_page);
+- return -ENOMEM;
+- }
+-
+- ret = mlx4_MAP_ICM_page(dev, priv->eq_table.icm_dma, icm_virt);
+- if (ret) {
+- pci_unmap_page(dev->pdev, priv->eq_table.icm_dma, PAGE_SIZE,
+- PCI_DMA_BIDIRECTIONAL);
+- __free_page(priv->eq_table.icm_page);
+- }
+-
+- return ret;
+-}
+-
+-void mlx4_unmap_eq_icm(struct mlx4_dev *dev)
+-{
+- struct mlx4_priv *priv = mlx4_priv(dev);
+-
+- mlx4_UNMAP_ICM(dev, priv->eq_table.icm_virt, 1);
+- pci_unmap_page(dev->pdev, priv->eq_table.icm_dma, PAGE_SIZE,
+- PCI_DMA_BIDIRECTIONAL);
+- __free_page(priv->eq_table.icm_page);
+-}
+-
+ int mlx4_alloc_eq_table(struct mlx4_dev *dev)
+ {
+ struct mlx4_priv *priv = mlx4_priv(dev);
+--- a/drivers/net/mlx4/main.c
++++ b/drivers/net/mlx4/main.c
+@@ -525,7 +525,10 @@ static int mlx4_init_icm(struct mlx4_dev
+ goto err_unmap_aux;
+ }
+
+- err = mlx4_map_eq_icm(dev, init_hca->eqc_base);
++ err = mlx4_init_icm_table(dev, &priv->eq_table.table,
++ init_hca->eqc_base, dev_cap->eqc_entry_sz,
++ dev->caps.num_eqs, dev->caps.num_eqs,
++ 0, 0);
+ if (err) {
+ mlx4_err(dev, "Failed to map EQ context memory, aborting.\n");
+ goto err_unmap_cmpt;
+@@ -668,7 +671,7 @@ err_unmap_mtt:
+ mlx4_cleanup_icm_table(dev, &priv->mr_table.mtt_table);
+
+ err_unmap_eq:
+- mlx4_unmap_eq_icm(dev);
++ mlx4_cleanup_icm_table(dev, &priv->eq_table.table);
+
+ err_unmap_cmpt:
+ mlx4_cleanup_icm_table(dev, &priv->eq_table.cmpt_table);
+@@ -698,11 +701,11 @@ static void mlx4_free_icms(struct mlx4_d
+ mlx4_cleanup_icm_table(dev, &priv->qp_table.qp_table);
+ mlx4_cleanup_icm_table(dev, &priv->mr_table.dmpt_table);
+ mlx4_cleanup_icm_table(dev, &priv->mr_table.mtt_table);
++ mlx4_cleanup_icm_table(dev, &priv->eq_table.table);
+ mlx4_cleanup_icm_table(dev, &priv->eq_table.cmpt_table);
+ mlx4_cleanup_icm_table(dev, &priv->cq_table.cmpt_table);
+ mlx4_cleanup_icm_table(dev, &priv->srq_table.cmpt_table);
+ mlx4_cleanup_icm_table(dev, &priv->qp_table.cmpt_table);
+- mlx4_unmap_eq_icm(dev);
+
+ mlx4_UNMAP_ICM_AUX(dev);
+ mlx4_free_icm(dev, priv->fw.aux_icm, 0);
+--- a/drivers/net/mlx4/mlx4.h
++++ b/drivers/net/mlx4/mlx4.h
+@@ -205,9 +205,7 @@ struct mlx4_eq_table {
+ void __iomem **uar_map;
+ u32 clr_mask;
+ struct mlx4_eq *eq;
+- u64 icm_virt;
+- struct page *icm_page;
+- dma_addr_t icm_dma;
++ struct mlx4_icm_table table;
+ struct mlx4_icm_table cmpt_table;
+ int have_irq;
+ u8 inta_pin;
+@@ -373,9 +371,6 @@ u64 mlx4_make_profile(struct mlx4_dev *d
+ struct mlx4_dev_cap *dev_cap,
+ struct mlx4_init_hca_param *init_hca);
+
+-int mlx4_map_eq_icm(struct mlx4_dev *dev, u64 icm_virt);
+-void mlx4_unmap_eq_icm(struct mlx4_dev *dev);
+-
+ int mlx4_cmd_init(struct mlx4_dev *dev);
+ void mlx4_cmd_cleanup(struct mlx4_dev *dev);
+ void mlx4_cmd_event(struct mlx4_dev *dev, u16 token, u8 status, u64 out_param);
--- /dev/null
+From 6dab62ee5a3bf4f71b8320c09db2e6022a19f40e Mon Sep 17 00:00:00 2001
+From: Tejun Heo <tj@kernel.org>
+Date: Tue, 21 Jul 2009 16:08:43 -0700
+Subject: PCI: apply nv_msi_ht_cap_quirk on resume too
+
+From: Tejun Heo <tj@kernel.org>
+
+commit 6dab62ee5a3bf4f71b8320c09db2e6022a19f40e upstream.
+
+http://bugzilla.kernel.org/show_bug.cgi?id=12542 reports that with the
+quirk not applied on resume, msi stops working after resuming and mcp78s
+ahci fails due to IRQ mis-delivery. Apply it on resume too.
+
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Cc: Peer Chen <pchen@nvidia.com>
+Cc: Tj <linux@tjworld.net>
+Reported-by: Nicolas Derive <kalon33@ubuntu.com>
+Cc: Greg KH <greg@kroah.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+--- a/drivers/pci/quirks.c
++++ b/drivers/pci/quirks.c
+@@ -2383,8 +2383,10 @@ static void __devinit nv_msi_ht_cap_quirk_leaf(struct pci_dev *dev)
+ }
+
+ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID, nv_msi_ht_cap_quirk_leaf);
++DECLARE_PCI_FIXUP_RESUME_EARLY(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID, nv_msi_ht_cap_quirk_leaf);
+
+ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_AL, PCI_ANY_ID, nv_msi_ht_cap_quirk_all);
++DECLARE_PCI_FIXUP_RESUME_EARLY(PCI_VENDOR_ID_AL, PCI_ANY_ID, nv_msi_ht_cap_quirk_all);
+
+ static void __devinit quirk_msi_intx_disable_bug(struct pci_dev *dev)
+ {
--- /dev/null
+From 506d4bc8d5dab20d84624aa07cdc6dcd77915d52 Mon Sep 17 00:00:00 2001
+From: Peter Zijlstra <a.p.zijlstra@chello.nl>
+Date: Fri, 4 Sep 2009 15:36:12 +0200
+Subject: perf stat: Change noise calculation to use stddev
+
+From: Peter Zijlstra <a.p.zijlstra@chello.nl>
+
+commit 506d4bc8d5dab20d84624aa07cdc6dcd77915d52 upstream.
+
+The current noise computation does:
+
+ \Sum abs(n_i - avg(n)) * N^-1.5
+
+Which is (afaik) not a regular noise function, and needs the
+complete sample set available to post-process.
+
+Change this to use a regular stddev computation which can be
+done by keeping a two sums:
+
+ stddev = sqrt( 1/N (\Sum n_i^2) - avg(n)^2 )
+
+For which we only need to keep \Sum n_i and \Sum n_i^2.
+
+Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
+Cc: <stable@kernel.org>
+LKML-Reference: <new-submission>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ tools/perf/builtin-stat.c | 170 ++++++++++++++++++----------------------------
+ 1 file changed, 69 insertions(+), 101 deletions(-)
+
+--- a/tools/perf/builtin-stat.c
++++ b/tools/perf/builtin-stat.c
+@@ -82,19 +82,32 @@ static u64 runtime_cycles[MAX_RUN];
+ static u64 event_res[MAX_RUN][MAX_COUNTERS][3];
+ static u64 event_scaled[MAX_RUN][MAX_COUNTERS];
+
+-static u64 event_res_avg[MAX_COUNTERS][3];
+-static u64 event_res_noise[MAX_COUNTERS][3];
++struct stats
++{
++ double sum;
++ double sum_sq;
++};
+
+-static u64 event_scaled_avg[MAX_COUNTERS];
++static double avg_stats(struct stats *stats)
++{
++ return stats->sum / run_count;
++}
+
+-static u64 runtime_nsecs_avg;
+-static u64 runtime_nsecs_noise;
++/*
++ * stddev = sqrt(1/N (\Sum n_i^2) - avg(n)^2)
++ */
++static double stddev_stats(struct stats *stats)
++{
++ double avg = stats->sum / run_count;
+
+-static u64 walltime_nsecs_avg;
+-static u64 walltime_nsecs_noise;
++ return sqrt(stats->sum_sq/run_count - avg*avg);
++}
+
+-static u64 runtime_cycles_avg;
+-static u64 runtime_cycles_noise;
++struct stats event_res_stats[MAX_COUNTERS][3];
++struct stats event_scaled_stats[MAX_COUNTERS];
++struct stats runtime_nsecs_stats;
++struct stats walltime_nsecs_stats;
++struct stats runtime_cycles_stats;
+
+ #define MATCH_EVENT(t, c, counter) \
+ (attrs[counter].type == PERF_TYPE_##t && \
+@@ -278,42 +291,37 @@ static int run_perf_stat(int argc __used
+ return WEXITSTATUS(status);
+ }
+
+-static void print_noise(u64 *count, u64 *noise)
++static void print_noise(double avg, double stddev)
+ {
+ if (run_count > 1)
+- fprintf(stderr, " ( +- %7.3f%% )",
+- (double)noise[0]/(count[0]+1)*100.0);
++ fprintf(stderr, " ( +- %7.3f%% )", 100*stddev / avg);
+ }
+
+-static void nsec_printout(int counter, u64 *count, u64 *noise)
++static void nsec_printout(int counter, double avg, double stddev)
+ {
+- double msecs = (double)count[0] / 1000000;
++ double msecs = avg / 1e6;
+
+ fprintf(stderr, " %14.6f %-24s", msecs, event_name(counter));
+
+ if (MATCH_EVENT(SOFTWARE, SW_TASK_CLOCK, counter)) {
+- if (walltime_nsecs_avg)
+- fprintf(stderr, " # %10.3f CPUs ",
+- (double)count[0] / (double)walltime_nsecs_avg);
++ fprintf(stderr, " # %10.3f CPUs ",
++ avg / avg_stats(&walltime_nsecs_stats));
+ }
+- print_noise(count, noise);
++ print_noise(avg, stddev);
+ }
+
+-static void abs_printout(int counter, u64 *count, u64 *noise)
++static void abs_printout(int counter, double avg, double stddev)
+ {
+- fprintf(stderr, " %14Ld %-24s", count[0], event_name(counter));
++ fprintf(stderr, " %14.0f %-24s", avg, event_name(counter));
+
+- if (runtime_cycles_avg &&
+- MATCH_EVENT(HARDWARE, HW_INSTRUCTIONS, counter)) {
++ if (MATCH_EVENT(HARDWARE, HW_INSTRUCTIONS, counter)) {
+ fprintf(stderr, " # %10.3f IPC ",
+- (double)count[0] / (double)runtime_cycles_avg);
++ avg / avg_stats(&runtime_cycles_stats));
+ } else {
+- if (runtime_nsecs_avg) {
+- fprintf(stderr, " # %10.3f M/sec",
+- (double)count[0]/runtime_nsecs_avg*1000.0);
+- }
++ fprintf(stderr, " # %10.3f M/sec",
++ 1000.0 * avg / avg_stats(&runtime_nsecs_stats));
+ }
+- print_noise(count, noise);
++ print_noise(avg, stddev);
+ }
+
+ /*
+@@ -321,12 +329,12 @@ static void abs_printout(int counter, u6
+ */
+ static void print_counter(int counter)
+ {
+- u64 *count, *noise;
++ double avg, stddev;
+ int scaled;
+
+- count = event_res_avg[counter];
+- noise = event_res_noise[counter];
+- scaled = event_scaled_avg[counter];
++ avg = avg_stats(&event_res_stats[counter][0]);
++ stddev = stddev_stats(&event_res_stats[counter][0]);
++ scaled = avg_stats(&event_scaled_stats[counter]);
+
+ if (scaled == -1) {
+ fprintf(stderr, " %14s %-24s\n",
+@@ -335,36 +343,34 @@ static void print_counter(int counter)
+ }
+
+ if (nsec_counter(counter))
+- nsec_printout(counter, count, noise);
++ nsec_printout(counter, avg, stddev);
+ else
+- abs_printout(counter, count, noise);
++ abs_printout(counter, avg, stddev);
++
++ if (scaled) {
++ double avg_enabled, avg_running;
++
++ avg_enabled = avg_stats(&event_res_stats[counter][1]);
++ avg_running = avg_stats(&event_res_stats[counter][2]);
+
+- if (scaled)
+ fprintf(stderr, " (scaled from %.2f%%)",
+- (double) count[2] / count[1] * 100);
++ 100 * avg_running / avg_enabled);
++ }
+
+ fprintf(stderr, "\n");
+ }
+
+-/*
+- * normalize_noise noise values down to stddev:
+- */
+-static void normalize_noise(u64 *val)
++static void update_stats(const char *name, int idx, struct stats *stats, u64 *val)
+ {
+- double res;
++ double sq = *val;
+
+- res = (double)*val / (run_count * sqrt((double)run_count));
+-
+- *val = (u64)res;
+-}
+-
+-static void update_avg(const char *name, int idx, u64 *avg, u64 *val)
+-{
+- *avg += *val;
++ stats->sum += *val;
++ stats->sum_sq += sq * sq;
+
+ if (verbose > 1)
+ fprintf(stderr, "debug: %20s[%d]: %Ld\n", name, idx, *val);
+ }
++
+ /*
+ * Calculate the averages and noises:
+ */
+@@ -376,61 +382,22 @@ static void calc_avg(void)
+ fprintf(stderr, "\n");
+
+ for (i = 0; i < run_count; i++) {
+- update_avg("runtime", 0, &runtime_nsecs_avg, runtime_nsecs + i);
+- update_avg("walltime", 0, &walltime_nsecs_avg, walltime_nsecs + i);
+- update_avg("runtime_cycles", 0, &runtime_cycles_avg, runtime_cycles + i);
++ update_stats("runtime", 0, &runtime_nsecs_stats, runtime_nsecs + i);
++ update_stats("walltime", 0, &walltime_nsecs_stats, walltime_nsecs + i);
++ update_stats("runtime_cycles", 0, &runtime_cycles_stats, runtime_cycles + i);
+
+ for (j = 0; j < nr_counters; j++) {
+- update_avg("counter/0", j,
+- event_res_avg[j]+0, event_res[i][j]+0);
+- update_avg("counter/1", j,
+- event_res_avg[j]+1, event_res[i][j]+1);
+- update_avg("counter/2", j,
+- event_res_avg[j]+2, event_res[i][j]+2);
++ update_stats("counter/0", j,
++ event_res_stats[j]+0, event_res[i][j]+0);
++ update_stats("counter/1", j,
++ event_res_stats[j]+1, event_res[i][j]+1);
++ update_stats("counter/2", j,
++ event_res_stats[j]+2, event_res[i][j]+2);
+ if (event_scaled[i][j] != (u64)-1)
+- update_avg("scaled", j,
+- event_scaled_avg + j, event_scaled[i]+j);
+- else
+- event_scaled_avg[j] = -1;
+- }
+- }
+- runtime_nsecs_avg /= run_count;
+- walltime_nsecs_avg /= run_count;
+- runtime_cycles_avg /= run_count;
+-
+- for (j = 0; j < nr_counters; j++) {
+- event_res_avg[j][0] /= run_count;
+- event_res_avg[j][1] /= run_count;
+- event_res_avg[j][2] /= run_count;
+- }
+-
+- for (i = 0; i < run_count; i++) {
+- runtime_nsecs_noise +=
+- abs((s64)(runtime_nsecs[i] - runtime_nsecs_avg));
+- walltime_nsecs_noise +=
+- abs((s64)(walltime_nsecs[i] - walltime_nsecs_avg));
+- runtime_cycles_noise +=
+- abs((s64)(runtime_cycles[i] - runtime_cycles_avg));
+-
+- for (j = 0; j < nr_counters; j++) {
+- event_res_noise[j][0] +=
+- abs((s64)(event_res[i][j][0] - event_res_avg[j][0]));
+- event_res_noise[j][1] +=
+- abs((s64)(event_res[i][j][1] - event_res_avg[j][1]));
+- event_res_noise[j][2] +=
+- abs((s64)(event_res[i][j][2] - event_res_avg[j][2]));
++ update_stats("scaled", j,
++ event_scaled_stats + j, event_scaled[i]+j);
+ }
+ }
+-
+- normalize_noise(&runtime_nsecs_noise);
+- normalize_noise(&walltime_nsecs_noise);
+- normalize_noise(&runtime_cycles_noise);
+-
+- for (j = 0; j < nr_counters; j++) {
+- normalize_noise(&event_res_noise[j][0]);
+- normalize_noise(&event_res_noise[j][1]);
+- normalize_noise(&event_res_noise[j][2]);
+- }
+ }
+
+ static void print_stat(int argc, const char **argv)
+@@ -457,10 +424,11 @@ static void print_stat(int argc, const c
+
+ fprintf(stderr, "\n");
+ fprintf(stderr, " %14.9f seconds time elapsed",
+- (double)walltime_nsecs_avg/1e9);
++ avg_stats(&walltime_nsecs_stats)/1e9);
+ if (run_count > 1) {
+ fprintf(stderr, " ( +- %7.3f%% )",
+- 100.0*(double)walltime_nsecs_noise/(double)walltime_nsecs_avg);
++ 100*stddev_stats(&walltime_nsecs_stats) /
++ avg_stats(&walltime_nsecs_stats));
+ }
+ fprintf(stderr, "\n\n");
+ }
powerpc-ps3-workaround-for-flash-memory-i-o-error.patch
block-don-t-assume-device-has-a-request-list-backing-in-nr_requests-store.patch
agp-intel-remove-restore-in-resume.patch
+alsa-cs46xx-fix-minimum-period-size.patch
+asoc-fix-wm835x-out4-capture-enumeration.patch
+sound-oxygen-work-around-mce-when-changing-volume.patch
+mlx4_core-allocate-and-map-sufficient-icm-memory-for-eq-context.patch
+perf-stat-change-noise-calculation-to-use-stddev.patch
+x86-fix-x86_model-test-in-es7000_apic_is_cluster.patch
+x86-i386-make-sure-stack-protector-segment-base-is-cache-aligned.patch
+pci-apply-nv_msi_ht_cap_quirk-on-resume-too.patch
+x86-pat-fix-cacheflush-address-in-change_page_attr_set_clr.patch
+arm-5691-1-fix-cache-aliasing-issues-between-kmap-and-kmap_atomic-with-highmem.patch
+kvm-guest-do-not-batch-pte-updates-from-interrupt-context.patch
+kvm-fix-coalesced-interrupt-reporting-in-ioapic.patch
+kvm-vmx-check-cpl-before-emulating-debug-register-access.patch
+kvm-guest-fix-bogus-wallclock-physical-address-calculation.patch
+kvm-x86-disallow-hypercalls-for-guest-callers-in-rings-0.patch
+kvm-vmx-fix-cr8-exiting-control-clobbering-by-ept.patch
+kvm-x86-emulator-implement-zero-extended-immediate-decoding.patch
+kvm-mmu-make-__kvm_mmu_free_some_pages-handle-empty-list.patch
+kvm-x86-emulator-fix-jmp-far-decoding.patch
+kvm-limit-lapic-periodic-timer-frequency.patch
--- /dev/null
+From f1bc07af9a9edc5c1d4bdd971f7099316ed2e405 Mon Sep 17 00:00:00 2001
+From: Clemens Ladisch <clemens@ladisch.de>
+Date: Mon, 7 Sep 2009 10:18:54 +0200
+Subject: sound: oxygen: work around MCE when changing volume
+
+From: Clemens Ladisch <clemens@ladisch.de>
+
+commit f1bc07af9a9edc5c1d4bdd971f7099316ed2e405 upstream.
+
+When the volume is changed continuously (e.g., when the user drags a
+volume slider with the mouse), the driver does lots of I2C writes.
+Apparently, the sound chip can get confused when we poll the I2C status
+register too much, and fails to complete a read from it. On the PCI-E
+models, the PCI-E/PCI bridge gets upset by this and generates a machine
+check exception.
+
+To avoid this, this patch replaces the polling with an unconditional
+wait that is guaranteed to be long enough.
+
+Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
+Tested-by: Johann Messner <johann.messner at jku.at>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ sound/pci/oxygen/oxygen_io.c | 11 +----------
+ 1 file changed, 1 insertion(+), 10 deletions(-)
+
+--- a/sound/pci/oxygen/oxygen_io.c
++++ b/sound/pci/oxygen/oxygen_io.c
+@@ -215,17 +215,8 @@ EXPORT_SYMBOL(oxygen_write_spi);
+
+ void oxygen_write_i2c(struct oxygen *chip, u8 device, u8 map, u8 data)
+ {
+- unsigned long timeout;
+-
+ /* should not need more than about 300 us */
+- timeout = jiffies + msecs_to_jiffies(1);
+- do {
+- if (!(oxygen_read16(chip, OXYGEN_2WIRE_BUS_STATUS)
+- & OXYGEN_2WIRE_BUSY))
+- break;
+- udelay(1);
+- cond_resched();
+- } while (time_after_eq(timeout, jiffies));
++ msleep(1);
+
+ oxygen_write8(chip, OXYGEN_2WIRE_MAP, map);
+ oxygen_write8(chip, OXYGEN_2WIRE_DATA, data);
--- /dev/null
+From 005155b1f626d2b2d7932e4afdf4fead168c6888 Mon Sep 17 00:00:00 2001
+From: Roel Kluin <roel.kluin@gmail.com>
+Date: Tue, 25 Aug 2009 15:35:12 +0200
+Subject: x86: Fix x86_model test in es7000_apic_is_cluster()
+
+From: Roel Kluin <roel.kluin@gmail.com>
+
+commit 005155b1f626d2b2d7932e4afdf4fead168c6888 upstream.
+
+For the x86_model to be greater than 6 or less than 12 is
+logically always true.
+
+Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kernel/apic/es7000_32.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/apic/es7000_32.c
++++ b/arch/x86/kernel/apic/es7000_32.c
+@@ -167,7 +167,7 @@ static int es7000_apic_is_cluster(void)
+ {
+ /* MPENTIUMIII */
+ if (boot_cpu_data.x86 == 6 &&
+- (boot_cpu_data.x86_model >= 7 || boot_cpu_data.x86_model <= 11))
++ (boot_cpu_data.x86_model >= 7 && boot_cpu_data.x86_model <= 11))
+ return 1;
+
+ return 0;
--- /dev/null
+From 1ea0d14e480c245683927eecc03a70faf06e80c8 Mon Sep 17 00:00:00 2001
+From: Jeremy Fitzhardinge <jeremy@goop.org>
+Date: Thu, 3 Sep 2009 12:27:15 -0700
+Subject: x86/i386: Make sure stack-protector segment base is cache aligned
+
+From: Jeremy Fitzhardinge <jeremy@goop.org>
+
+commit 1ea0d14e480c245683927eecc03a70faf06e80c8 upstream.
+
+The Intel Optimization Reference Guide says:
+
+ In Intel Atom microarchitecture, the address generation unit
+ assumes that the segment base will be 0 by default. Non-zero
+ segment base will cause load and store operations to experience
+ a delay.
+ - If the segment base isn't aligned to a cache line
+ boundary, the max throughput of memory operations is
+ reduced to one [e]very 9 cycles.
+ [...]
+ Assembly/Compiler Coding Rule 15. (H impact, ML generality)
+ For Intel Atom processors, use segments with base set to 0
+ whenever possible; avoid non-zero segment base address that is
+ not aligned to cache line boundary at all cost.
+
+We can't avoid having a non-zero base for the stack-protector
+segment, but we can make it cache-aligned.
+
+Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
+LKML-Reference: <4AA01893.6000507@goop.org>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/include/asm/processor.h | 12 +++++++++++-
+ arch/x86/include/asm/stackprotector.h | 4 ++--
+ arch/x86/include/asm/system.h | 2 +-
+ arch/x86/kernel/cpu/common.c | 2 +-
+ arch/x86/kernel/head_32.S | 1 -
+ 5 files changed, 15 insertions(+), 6 deletions(-)
+
+--- a/arch/x86/include/asm/processor.h
++++ b/arch/x86/include/asm/processor.h
+@@ -403,7 +403,17 @@ extern unsigned long kernel_eflags;
+ extern asmlinkage void ignore_sysret(void);
+ #else /* X86_64 */
+ #ifdef CONFIG_CC_STACKPROTECTOR
+-DECLARE_PER_CPU(unsigned long, stack_canary);
++/*
++ * Make sure stack canary segment base is cached-aligned:
++ * "For Intel Atom processors, avoid non zero segment base address
++ * that is not aligned to cache line boundary at all cost."
++ * (Optim Ref Manual Assembly/Compiler Coding Rule 15.)
++ */
++struct stack_canary {
++ char __pad[20]; /* canary at %gs:20 */
++ unsigned long canary;
++};
++DECLARE_PER_CPU(struct stack_canary, stack_canary) ____cacheline_aligned;
+ #endif
+ #endif /* X86_64 */
+
+--- a/arch/x86/include/asm/stackprotector.h
++++ b/arch/x86/include/asm/stackprotector.h
+@@ -78,14 +78,14 @@ static __always_inline void boot_init_st
+ #ifdef CONFIG_X86_64
+ percpu_write(irq_stack_union.stack_canary, canary);
+ #else
+- percpu_write(stack_canary, canary);
++ percpu_write(stack_canary.canary, canary);
+ #endif
+ }
+
+ static inline void setup_stack_canary_segment(int cpu)
+ {
+ #ifdef CONFIG_X86_32
+- unsigned long canary = (unsigned long)&per_cpu(stack_canary, cpu) - 20;
++ unsigned long canary = (unsigned long)&per_cpu(stack_canary, cpu);
+ struct desc_struct *gdt_table = get_cpu_gdt_table(cpu);
+ struct desc_struct desc;
+
+--- a/arch/x86/include/asm/system.h
++++ b/arch/x86/include/asm/system.h
+@@ -31,7 +31,7 @@ void __switch_to_xtra(struct task_struct
+ "movl %P[task_canary](%[next]), %%ebx\n\t" \
+ "movl %%ebx, "__percpu_arg([stack_canary])"\n\t"
+ #define __switch_canary_oparam \
+- , [stack_canary] "=m" (per_cpu_var(stack_canary))
++ , [stack_canary] "=m" (per_cpu_var(stack_canary.canary))
+ #define __switch_canary_iparam \
+ , [task_canary] "i" (offsetof(struct task_struct, stack_canary))
+ #else /* CC_STACKPROTECTOR */
+--- a/arch/x86/kernel/cpu/common.c
++++ b/arch/x86/kernel/cpu/common.c
+@@ -1043,7 +1043,7 @@ DEFINE_PER_CPU(struct orig_ist, orig_ist
+ #else /* CONFIG_X86_64 */
+
+ #ifdef CONFIG_CC_STACKPROTECTOR
+-DEFINE_PER_CPU(unsigned long, stack_canary);
++DEFINE_PER_CPU(struct stack_canary, stack_canary) ____cacheline_aligned;
+ #endif
+
+ /* Make sure %fs and %gs are initialized properly in idle threads */
+--- a/arch/x86/kernel/head_32.S
++++ b/arch/x86/kernel/head_32.S
+@@ -439,7 +439,6 @@ is386: movl $2,%ecx # set MP
+ jne 1f
+ movl $per_cpu__gdt_page,%eax
+ movl $per_cpu__stack_canary,%ecx
+- subl $20, %ecx
+ movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax)
+ shrl $16, %ecx
+ movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax)
--- /dev/null
+From fa526d0d641b5365676a1fb821ce359e217c9b85 Mon Sep 17 00:00:00 2001
+From: Jack Steiner <steiner@sgi.com>
+Date: Thu, 3 Sep 2009 12:56:02 -0500
+Subject: x86, pat: Fix cacheflush address in change_page_attr_set_clr()
+
+From: Jack Steiner <steiner@sgi.com>
+
+commit fa526d0d641b5365676a1fb821ce359e217c9b85 upstream.
+
+Fix address passed to cpa_flush_range() when changing page
+attributes from WB to UC. The address (*addr) is
+modified by __change_page_attr_set_clr(). The result is that
+the pages being flushed start at the _end_ of the changed range
+instead of the beginning.
+
+This should be considered for 2.6.30-stable and 2.6.31-stable.
+
+Signed-off-by: Jack Steiner <steiner@sgi.com>
+Acked-by: Suresh Siddha <suresh.b.siddha@intel.com>
+Signed-off-by: H. Peter Anvin <hpa@zytor.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/mm/pageattr.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/mm/pageattr.c
++++ b/arch/x86/mm/pageattr.c
+@@ -822,6 +822,7 @@ static int change_page_attr_set_clr(unsi
+ {
+ struct cpa_data cpa;
+ int ret, cache, checkalias;
++ unsigned long baddr = 0;
+
+ /*
+ * Check, if we are requested to change a not supported
+@@ -853,6 +854,11 @@ static int change_page_attr_set_clr(unsi
+ */
+ WARN_ON_ONCE(1);
+ }
++ /*
++ * Save address for cache flush. *addr is modified in the call
++ * to __change_page_attr_set_clr() below.
++ */
++ baddr = *addr;
+ }
+
+ /* Must avoid aliasing mappings in the highmem code */
+@@ -900,7 +906,7 @@ static int change_page_attr_set_clr(unsi
+ cpa_flush_array(addr, numpages, cache,
+ cpa.flags, pages);
+ } else
+- cpa_flush_range(*addr, numpages, cache);
++ cpa_flush_range(baddr, numpages, cache);
+ } else
+ cpa_flush_all(cache);
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
