--- /dev/null
+From f0665be3dabf9fbef0c6e98f75d65f4ab1c43203 Mon Sep 17 00:00:00 2001
+From: Neil Horman <nhorman@tuxdriver.com>
+Date: Tue, 9 Sep 2008 13:51:35 -0700
+Subject: ipv6: Fix OOPS in ip6_dst_lookup_tail().
+
+From: Neil Horman <nhorman@tuxdriver.com>
+
+[ Upstream commit e550dfb0c2c31b6363aa463a035fc9f8dcaa3c9b ]
+
+This fixes kernel bugzilla 11469: "TUN with 1024 neighbours:
+ip6_dst_lookup_tail NULL crash"
+
+dst->neighbour is not necessarily hooked up at this point
+in the processing path, so blindly dereferencing it is
+the wrong thing to do. This NULL check exists in other
+similar paths and this case was just an oversight.
+
+Also fix the completely wrong and confusing indentation
+here while we're at it.
+
+Based upon a patch by Evgeniy Polyakov.
+
+Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv6/ip6_output.c | 64 +++++++++++++++++++++++++-------------------------
+ 1 file changed, 32 insertions(+), 32 deletions(-)
+
+--- a/net/ipv6/ip6_output.c
++++ b/net/ipv6/ip6_output.c
+@@ -930,39 +930,39 @@ static int ip6_dst_lookup_tail(struct so
+ }
+
+ #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
+- /*
+- * Here if the dst entry we've looked up
+- * has a neighbour entry that is in the INCOMPLETE
+- * state and the src address from the flow is
+- * marked as OPTIMISTIC, we release the found
+- * dst entry and replace it instead with the
+- * dst entry of the nexthop router
+- */
+- if (!((*dst)->neighbour->nud_state & NUD_VALID)) {
+- struct inet6_ifaddr *ifp;
+- struct flowi fl_gw;
+- int redirect;
+-
+- ifp = ipv6_get_ifaddr(&init_net, &fl->fl6_src,
+- (*dst)->dev, 1);
+-
+- redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
+- if (ifp)
+- in6_ifa_put(ifp);
+-
+- if (redirect) {
+- /*
+- * We need to get the dst entry for the
+- * default router instead
+- */
+- dst_release(*dst);
+- memcpy(&fl_gw, fl, sizeof(struct flowi));
+- memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr));
+- *dst = ip6_route_output(sk, &fl_gw);
+- if ((err = (*dst)->error))
+- goto out_err_release;
+- }
++ /*
++ * Here if the dst entry we've looked up
++ * has a neighbour entry that is in the INCOMPLETE
++ * state and the src address from the flow is
++ * marked as OPTIMISTIC, we release the found
++ * dst entry and replace it instead with the
++ * dst entry of the nexthop router
++ */
++ if ((*dst)->neighbour && !((*dst)->neighbour->nud_state & NUD_VALID)) {
++ struct inet6_ifaddr *ifp;
++ struct flowi fl_gw;
++ int redirect;
++
++ ifp = ipv6_get_ifaddr(&init_net, &fl->fl6_src,
++ (*dst)->dev, 1);
++
++ redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
++ if (ifp)
++ in6_ifa_put(ifp);
++
++ if (redirect) {
++ /*
++ * We need to get the dst entry for the
++ * default router instead
++ */
++ dst_release(*dst);
++ memcpy(&fl_gw, fl, sizeof(struct flowi));
++ memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr));
++ *dst = ip6_route_output(sk, &fl_gw);
++ if ((err = (*dst)->error))
++ goto out_err_release;
+ }
++ }
+ #endif
+
+ return 0;
--- /dev/null
+From 21345a4f0d5320c7ff6ab7021d685c59d8e99d0f Mon Sep 17 00:00:00 2001
+From: Santwona Behera <santwona.behera@sun.com>
+Date: Fri, 12 Sep 2008 16:04:26 -0700
+Subject: niu: panic on reset
+
+From: Santwona Behera <santwona.behera@sun.com>
+
+[ Upstream commit cff502a38394fd33693f6233e03fca363dfa956d ]
+
+The reset_task function in the niu driver does not reset the tx and rx
+buffers properly. This leads to panic on reset. This patch is a
+modified implementation of the previously posted fix.
+
+Signed-off-by: Santwona Behera <santwona.behera@sun.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/niu.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 56 insertions(+)
+
+--- a/drivers/net/niu.c
++++ b/drivers/net/niu.c
+@@ -5230,6 +5230,56 @@ static void niu_netif_start(struct niu *
+ niu_enable_interrupts(np, 1);
+ }
+
++static void niu_reset_buffers(struct niu *np)
++{
++ int i, j, k, err;
++
++ if (np->rx_rings) {
++ for (i = 0; i < np->num_rx_rings; i++) {
++ struct rx_ring_info *rp = &np->rx_rings[i];
++
++ for (j = 0, k = 0; j < MAX_RBR_RING_SIZE; j++) {
++ struct page *page;
++
++ page = rp->rxhash[j];
++ while (page) {
++ struct page *next =
++ (struct page *) page->mapping;
++ u64 base = page->index;
++ base = base >> RBR_DESCR_ADDR_SHIFT;
++ rp->rbr[k++] = cpu_to_le32(base);
++ page = next;
++ }
++ }
++ for (; k < MAX_RBR_RING_SIZE; k++) {
++ err = niu_rbr_add_page(np, rp, GFP_ATOMIC, k);
++ if (unlikely(err))
++ break;
++ }
++
++ rp->rbr_index = rp->rbr_table_size - 1;
++ rp->rcr_index = 0;
++ rp->rbr_pending = 0;
++ rp->rbr_refill_pending = 0;
++ }
++ }
++ if (np->tx_rings) {
++ for (i = 0; i < np->num_tx_rings; i++) {
++ struct tx_ring_info *rp = &np->tx_rings[i];
++
++ for (j = 0; j < MAX_TX_RING_SIZE; j++) {
++ if (rp->tx_buffs[j].skb)
++ (void) release_tx_packet(np, rp, j);
++ }
++
++ rp->pending = MAX_TX_RING_SIZE;
++ rp->prod = 0;
++ rp->cons = 0;
++ rp->wrap_bit = 0;
++ }
++ }
++}
++
+ static void niu_reset_task(struct work_struct *work)
+ {
+ struct niu *np = container_of(work, struct niu, reset_task);
+@@ -5252,6 +5302,12 @@ static void niu_reset_task(struct work_s
+
+ niu_stop_hw(np);
+
++ spin_unlock_irqrestore(&np->lock, flags);
++
++ niu_reset_buffers(np);
++
++ spin_lock_irqsave(&np->lock, flags);
++
+ err = niu_init_hw(np);
+ if (!err) {
+ np->timer.expires = jiffies + HZ;
--- /dev/null
+From 65898a634f41378e9e9dd8a8773c6a7d8b5925eb Mon Sep 17 00:00:00 2001
+From: Vegard Nossum <vegard.nossum@gmail.com>
+Date: Thu, 11 Sep 2008 19:05:29 -0700
+Subject: netlink: fix overrun in attribute iteration
+
+From: Vegard Nossum <vegard.nossum@gmail.com>
+
+[ Upstream commit 1045b03e07d85f3545118510a587035536030c1c ]
+
+kmemcheck reported this:
+
+ kmemcheck: Caught 16-bit read from uninitialized memory (f6c1ba30)
+ 0500110001508abf050010000500000002017300140000006f72672e66726565
+ i i i i i i i i i i i i i u u u u u u u u u u u u u u u u u u u
+ ^
+
+ Pid: 3462, comm: wpa_supplicant Not tainted (2.6.27-rc3-00054-g6397ab9-dirty #13)
+ EIP: 0060:[<c05de64a>] EFLAGS: 00010296 CPU: 0
+ EIP is at nla_parse+0x5a/0xf0
+ EAX: 00000008 EBX: fffffffd ECX: c06f16c0 EDX: 00000005
+ ESI: 00000010 EDI: f6c1ba30 EBP: f6367c6c ESP: c0a11e88
+ DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
+ CR0: 8005003b CR2: f781cc84 CR3: 3632f000 CR4: 000006d0
+ DR0: c0ead9bc DR1: 00000000 DR2: 00000000 DR3: 00000000
+ DR6: ffff4ff0 DR7: 00000400
+ [<c05d4b23>] rtnl_setlink+0x63/0x130
+ [<c05d5f75>] rtnetlink_rcv_msg+0x165/0x200
+ [<c05ddf66>] netlink_rcv_skb+0x76/0xa0
+ [<c05d5dfe>] rtnetlink_rcv+0x1e/0x30
+ [<c05dda21>] netlink_unicast+0x281/0x290
+ [<c05ddbe9>] netlink_sendmsg+0x1b9/0x2b0
+ [<c05beef2>] sock_sendmsg+0xd2/0x100
+ [<c05bf945>] sys_sendto+0xa5/0xd0
+ [<c05bf9a6>] sys_send+0x36/0x40
+ [<c05c03d6>] sys_socketcall+0x1e6/0x2c0
+ [<c020353b>] sysenter_do_call+0x12/0x3f
+ [<ffffffff>] 0xffffffff
+
+This is the line in nla_ok():
+
+ /**
+ * nla_ok - check if the netlink attribute fits into the remaining bytes
+ * @nla: netlink attribute
+ * @remaining: number of bytes remaining in attribute stream
+ */
+ static inline int nla_ok(const struct nlattr *nla, int remaining)
+ {
+ return remaining >= sizeof(*nla) &&
+ nla->nla_len >= sizeof(*nla) &&
+ nla->nla_len <= remaining;
+ }
+
+It turns out that remaining can become negative due to alignment in
+nla_next(). But GCC promotes "remaining" to unsigned in the test
+against sizeof(*nla) above. Therefore the test succeeds, and the
+nla_for_each_attr() may access memory outside the received buffer.
+
+A short example illustrating this point is here:
+
+ #include <stdio.h>
+
+ main(void)
+ {
+ printf("%d\n", -1 >= sizeof(int));
+ }
+
+...which prints "1".
+
+This patch adds a cast in front of the sizeof so that GCC will make
+a signed comparison and fix the illegal memory dereference. With the
+patch applied, there is no kmemcheck report.
+
+Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
+Acked-by: Thomas Graf <tgraf@suug.ch>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/net/netlink.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/net/netlink.h
++++ b/include/net/netlink.h
+@@ -704,7 +704,7 @@ static inline int nla_len(const struct n
+ */
+ static inline int nla_ok(const struct nlattr *nla, int remaining)
+ {
+- return remaining >= sizeof(*nla) &&
++ return remaining >= (int) sizeof(*nla) &&
+ nla->nla_len >= sizeof(*nla) &&
+ nla->nla_len <= remaining;
+ }
--- /dev/null
+From 70bb892a4633ffbb9a1791cf0bd8119f89900d51 Mon Sep 17 00:00:00 2001
+From: Vlad Yasevich <vladislav.yasevich@hp.com>
+Date: Thu, 18 Sep 2008 16:27:38 -0700
+Subject: sctp: do not enable peer features if we can't do them.
+
+From: Vlad Yasevich <vladislav.yasevich@hp.com>
+
+[ Upstream commit 0ef46e285c062cbe35d60c0adbff96f530d31c86 ]
+
+Do not enable peer features like addip and auth, if they
+are administratively disabled localy. If the peer resports
+that he supports something that we don't, neither end can
+use it so enabling it is pointless. This solves a problem
+when talking to a peer that has auth and addip enabled while
+we do not. Found by Andrei Pelinescu-Onciul <andrei@iptel.org>.
+
+Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/sctp/sm_make_chunk.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/net/sctp/sm_make_chunk.c
++++ b/net/sctp/sm_make_chunk.c
+@@ -1886,11 +1886,13 @@ static void sctp_process_ext_param(struc
+ /* if the peer reports AUTH, assume that he
+ * supports AUTH.
+ */
+- asoc->peer.auth_capable = 1;
++ if (sctp_auth_enable)
++ asoc->peer.auth_capable = 1;
+ break;
+ case SCTP_CID_ASCONF:
+ case SCTP_CID_ASCONF_ACK:
+- asoc->peer.asconf_capable = 1;
++ if (sctp_addip_enable)
++ asoc->peer.asconf_capable = 1;
+ break;
+ default:
+ break;
+@@ -2454,6 +2456,9 @@ static int sctp_process_param(struct sct
+ break;
+
+ case SCTP_PARAM_SET_PRIMARY:
++ if (!sctp_addip_enable)
++ goto fall_through;
++
+ addr_param = param.v + sizeof(sctp_addip_param_t);
+
+ af = sctp_get_af_specific(param_type2af(param.p->type));
--- /dev/null
+From 4b7cf22ee00f24bcf6a86bae3e347ae33d5302d0 Mon Sep 17 00:00:00 2001
+From: Vlad Yasevich <vladislav.yasevich@hp.com>
+Date: Thu, 18 Sep 2008 16:28:27 -0700
+Subject: sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH
+
+From: Vlad Yasevich <vladislav.yasevich@hp.com>
+
+[ Upstream commit add52379dde2e5300e2d574b172e62c6cf43b3d3 ]
+
+If INIT-ACK is received with SupportedExtensions parameter which
+indicates that the peer does not support AUTH, the packet will be
+silently ignore, and sctp_process_init() do cleanup all of the
+transports in the association.
+When T1-Init timer is expires, OOPS happen while we try to choose
+a different init transport.
+
+The solution is to only clean up the non-active transports, i.e
+the ones that the peer added. However, that introduces a problem
+with sctp_connectx(), because we don't mark the proper state for
+the transports provided by the user. So, we'll simply mark
+user-provided transports as ACTIVE. That will allow INIT
+retransmissions to work properly in the sctp_connectx() context
+and prevent the crash.
+
+Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/sctp/associola.c | 9 +++++----
+ net/sctp/sm_make_chunk.c | 6 ++----
+ 2 files changed, 7 insertions(+), 8 deletions(-)
+
+--- a/net/sctp/associola.c
++++ b/net/sctp/associola.c
+@@ -588,11 +588,12 @@ struct sctp_transport *sctp_assoc_add_pe
+ /* Check to see if this is a duplicate. */
+ peer = sctp_assoc_lookup_paddr(asoc, addr);
+ if (peer) {
++ /* An UNKNOWN state is only set on transports added by
++ * user in sctp_connectx() call. Such transports should be
++ * considered CONFIRMED per RFC 4960, Section 5.4.
++ */
+ if (peer->state == SCTP_UNKNOWN) {
+- if (peer_state == SCTP_ACTIVE)
+- peer->state = SCTP_ACTIVE;
+- if (peer_state == SCTP_UNCONFIRMED)
+- peer->state = SCTP_UNCONFIRMED;
++ peer->state = SCTP_ACTIVE;
+ }
+ return peer;
+ }
+--- a/net/sctp/sm_make_chunk.c
++++ b/net/sctp/sm_make_chunk.c
+@@ -2321,12 +2321,10 @@ clean_up:
+ /* Release the transport structures. */
+ list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
+ transport = list_entry(pos, struct sctp_transport, transports);
+- list_del_init(pos);
+- sctp_transport_free(transport);
++ if (transport->state != SCTP_ACTIVE)
++ sctp_assoc_rm_peer(asoc, transport);
+ }
+
+- asoc->peer.transport_count = 0;
+-
+ nomem:
+ return 0;
+ }
--- /dev/null
+From 2e4aeed1fb3d80b8a606b19e8670dad5d6db4e9c Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Mon, 15 Sep 2008 11:48:46 -0700
+Subject: udp: Fix rcv socket locking
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+[ Upstream commits d97106ea52aa57e63ff40d04479016836bbb5a4e and
+ 93821778def10ec1e69aa3ac10adee975dad4ff3 ]
+
+The previous patch in response to the recursive locking on IPsec
+reception is broken as it tries to drop the BH socket lock while in
+user context.
+
+This patch fixes it by shrinking the section protected by the
+socket lock to sock_queue_rcv_skb only. The only reason we added
+the lock is for the accounting which happens in that function.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv4/udp.c | 57 +++++++++++++++++++++++++++++++++------------------------
+ net/ipv6/udp.c | 6 +++---
+ 2 files changed, 36 insertions(+), 27 deletions(-)
+
+--- a/net/ipv4/udp.c
++++ b/net/ipv4/udp.c
+@@ -956,6 +956,27 @@ int udp_disconnect(struct sock *sk, int
+ return 0;
+ }
+
++static int __udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
++{
++ int is_udplite = IS_UDPLITE(sk);
++ int rc;
++
++ if ((rc = sock_queue_rcv_skb(sk, skb)) < 0) {
++ /* Note that an ENOMEM error is charged twice */
++ if (rc == -ENOMEM)
++ UDP_INC_STATS_BH(UDP_MIB_RCVBUFERRORS,
++ is_udplite);
++ goto drop;
++ }
++
++ return 0;
++
++drop:
++ UDP_INC_STATS_BH(UDP_MIB_INERRORS, is_udplite);
++ kfree_skb(skb);
++ return -1;
++}
++
+ /* returns:
+ * -1: error
+ * 0: success
+@@ -1046,14 +1067,16 @@ int udp_queue_rcv_skb(struct sock * sk,
+ goto drop;
+ }
+
+- if ((rc = sock_queue_rcv_skb(sk,skb)) < 0) {
+- /* Note that an ENOMEM error is charged twice */
+- if (rc == -ENOMEM)
+- UDP_INC_STATS_BH(UDP_MIB_RCVBUFERRORS, is_udplite);
+- goto drop;
+- }
++ rc = 0;
+
+- return 0;
++ bh_lock_sock(sk);
++ if (!sock_owned_by_user(sk))
++ rc = __udp_queue_rcv_skb(sk, skb);
++ else
++ sk_add_backlog(sk, skb);
++ bh_unlock_sock(sk);
++
++ return rc;
+
+ drop:
+ UDP_INC_STATS_BH(UDP_MIB_INERRORS, is_udplite);
+@@ -1091,15 +1114,7 @@ static int __udp4_lib_mcast_deliver(stru
+ skb1 = skb_clone(skb, GFP_ATOMIC);
+
+ if (skb1) {
+- int ret = 0;
+-
+- bh_lock_sock_nested(sk);
+- if (!sock_owned_by_user(sk))
+- ret = udp_queue_rcv_skb(sk, skb1);
+- else
+- sk_add_backlog(sk, skb1);
+- bh_unlock_sock(sk);
+-
++ int ret = udp_queue_rcv_skb(sk, skb1);
+ if (ret > 0)
+ /* we should probably re-process instead
+ * of dropping packets here. */
+@@ -1192,13 +1207,7 @@ int __udp4_lib_rcv(struct sk_buff *skb,
+ uh->dest, inet_iif(skb), udptable);
+
+ if (sk != NULL) {
+- int ret = 0;
+- bh_lock_sock_nested(sk);
+- if (!sock_owned_by_user(sk))
+- ret = udp_queue_rcv_skb(sk, skb);
+- else
+- sk_add_backlog(sk, skb);
+- bh_unlock_sock(sk);
++ int ret = udp_queue_rcv_skb(sk, skb);
+ sock_put(sk);
+
+ /* a return value > 0 means to resubmit the input, but
+@@ -1493,7 +1502,7 @@ struct proto udp_prot = {
+ .sendmsg = udp_sendmsg,
+ .recvmsg = udp_recvmsg,
+ .sendpage = udp_sendpage,
+- .backlog_rcv = udp_queue_rcv_skb,
++ .backlog_rcv = __udp_queue_rcv_skb,
+ .hash = udp_lib_hash,
+ .unhash = udp_lib_unhash,
+ .get_port = udp_v4_get_port,
+--- a/net/ipv6/udp.c
++++ b/net/ipv6/udp.c
+@@ -373,7 +373,7 @@ static int __udp6_lib_mcast_deliver(stru
+ uh->source, saddr, dif))) {
+ struct sk_buff *buff = skb_clone(skb, GFP_ATOMIC);
+ if (buff) {
+- bh_lock_sock_nested(sk2);
++ bh_lock_sock(sk2);
+ if (!sock_owned_by_user(sk2))
+ udpv6_queue_rcv_skb(sk2, buff);
+ else
+@@ -381,7 +381,7 @@ static int __udp6_lib_mcast_deliver(stru
+ bh_unlock_sock(sk2);
+ }
+ }
+- bh_lock_sock_nested(sk);
++ bh_lock_sock(sk);
+ if (!sock_owned_by_user(sk))
+ udpv6_queue_rcv_skb(sk, skb);
+ else
+@@ -499,7 +499,7 @@ int __udp6_lib_rcv(struct sk_buff *skb,
+
+ /* deliver */
+
+- bh_lock_sock_nested(sk);
++ bh_lock_sock(sk);
+ if (!sock_owned_by_user(sk))
+ udpv6_queue_rcv_skb(sk, skb);
+ else
timer-fix-09.patch
timer-fix-10.patch
timer-fix-11.patch
+x86-fix-broken-ldt-access-in-vmi.patch
+0001-ipv6-Fix-OOPS-in-ip6_dst_lookup_tail.patch
+0002-niu-panic-on-reset.patch
+0003-netlink-fix-overrun-in-attribute-iteration.patch
+0004-sctp-do-not-enable-peer-features-if-we-can-t-do-the.patch
+0005-sctp-Fix-oops-when-INIT-ACK-indicates-that-peer-doe.patch
+0006-udp-Fix-rcv-socket-locking.patch
--- /dev/null
+From jejb@kernel.org Wed Oct 1 16:03:54 2008
+From: Zachary Amsden <zach@vmware.com>
+Date: Wed, 1 Oct 2008 16:45:04 GMT
+Subject: x86: Fix broken LDT access in VMI
+To: jejb@kernel.org, stable@kernel.org
+Message-ID: <200810011645.m91Gj4ou017971@hera.kernel.org>
+
+From: Zachary Amsden <zach@vmware.com>
+
+commit de59985e3a623d4d5d6207f1777398ca0606ab1c upstream
+
+After investigating a JRE failure, I found this bug was introduced a
+long time ago, and had already managed to survive another bugfix which
+occurred on the same line. The result is a total failure of the JRE due
+to LDT selectors not working properly.
+
+This one took a long time to rear up because LDT usage is not very
+common, but the bug is quite serious. It got introduced along with
+another bug, already fixed, by 75b8bb3e56ca09a467fbbe5229bc68627f7445be
+
+Signed-off-by: Zachary Amsden <zach@vmware.com>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Glauber de Oliveira Costa <gcosta@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kernel/vmi_32.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/vmi_32.c
++++ b/arch/x86/kernel/vmi_32.c
+@@ -234,7 +234,7 @@ static void vmi_write_ldt_entry(struct d
+ const void *desc)
+ {
+ u32 *ldt_entry = (u32 *)desc;
+- vmi_ops.write_idt_entry(dt, entry, ldt_entry[0], ldt_entry[1]);
++ vmi_ops.write_ldt_entry(dt, entry, ldt_entry[0], ldt_entry[1]);
+ }
+
+ static void vmi_load_sp0(struct tss_struct *tss,
projects / thirdparty / kernel / stable-queue.git / commitdiff
