more .27 patches

diff --git a/queue-2.6.27/kvm-x86-emulator-limit-insns-to-15-bytes.patch b/queue-2.6.27/kvm-x86-emulator-limit-insns-to-15-bytes.patch
new file mode 100644 (file)
index 0000000..e6af575
--- /dev/null
+++ b/queue-2.6.27/kvm-x86-emulator-limit-insns-to-15-bytes.patch
@@ -0,0 +1,52 @@
+From: Avi Kivity <avi@redhat.com>
+Date: Tue, 24 Nov 2009 13:20:15 +0000 (+0200)
+Subject: KVM: x86 emulator: limit instructions to 15 bytes
+
+commit eb3c79e64a70fb8f7473e30fa07e89c1ecc2c9bb upstream
+
+[ <cebbert@redhat.com>: backport to 2.6.27 ]
+
+While we are never normally passed an instruction that exceeds 15 bytes,
+smp games can cause us to attempt to interpret one, which will cause
+large latencies in non-preempt hosts.
+
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/x86_emulate.c        |    5 ++++-
+ include/asm-x86/kvm_x86_emulate.h |    2 +-
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/x86_emulate.c
++++ b/arch/x86/kvm/x86_emulate.c
+@@ -581,6 +581,9 @@ static int do_insn_fetch(struct x86_emul
+ {
+       int rc = 0;
+ 
++      /* x86 instructions are limited to 15 bytes. */
++      if (eip + size - ctxt->decode.eip_orig > 15)
++              return X86EMUL_UNHANDLEABLE;
+       eip += ctxt->cs_base;
+       while (size--) {
+               rc = do_fetch_insn_byte(ctxt, ops, eip++, dest++);
+@@ -839,7 +842,7 @@ x86_decode_insn(struct x86_emulate_ctxt
+       /* Shadow copy of register state. Committed on successful emulation. */
+ 
+       memset(c, 0, sizeof(struct decode_cache));
+-      c->eip = ctxt->vcpu->arch.rip;
++      c->eip = c->eip_orig = ctxt->vcpu->arch.rip;
+       ctxt->cs_base = seg_base(ctxt, VCPU_SREG_CS);
+       memcpy(c->regs, ctxt->vcpu->arch.regs, sizeof c->regs);
+ 
+--- a/include/asm-x86/kvm_x86_emulate.h
++++ b/include/asm-x86/kvm_x86_emulate.h
+@@ -128,7 +128,7 @@ struct decode_cache {
+       u8 seg_override;
+       unsigned int d;
+       unsigned long regs[NR_VCPU_REGS];
+-      unsigned long eip;
++      unsigned long eip, eip_orig;
+       /* modrm */
+       u8 modrm;
+       u8 modrm_mod;

diff --git a/queue-2.6.27/series b/queue-2.6.27/series
index aaed9b5851c198d2853d6e55af1f454e53b90e07..6f84bf4c67794e672513c4282e59acad5ea87e28 100644 (file)
--- a/queue-2.6.27/series
+++ b/queue-2.6.27/series
@@ -22,3 +22,5 @@ i2c-do-not-use-device-name-after-device_unregister.patch
 serial-8250-add-serial-transmitter-fully-empty-test.patch
 usb-usbfs-only-copy-the-actual-data-received.patch
 usb-usbfs-properly-clean-up-the-as-structure-on-error-paths.patch
+usb-ehci-fix-counting-of-transaction-error-retries.patch
+kvm-x86-emulator-limit-insns-to-15-bytes.patch

diff --git a/queue-2.6.27/usb-ehci-fix-counting-of-transaction-error-retries.patch b/queue-2.6.27/usb-ehci-fix-counting-of-transaction-error-retries.patch
new file mode 100644 (file)
index 0000000..a06a07c
--- /dev/null
+++ b/queue-2.6.27/usb-ehci-fix-counting-of-transaction-error-retries.patch
@@ -0,0 +1,72 @@
+From ef4638f955f2c4a667c8af20769d03f5ed3781ca Mon Sep 17 00:00:00 2001
+From: Alan Stern <stern@rowland.harvard.edu>
+Date: Fri, 31 Jul 2009 10:41:40 -0400
+Subject: USB: EHCI: fix counting of transaction error retries
+
+From: Alan Stern <stern@rowland.harvard.edu>
+
+commit ef4638f955f2c4a667c8af20769d03f5ed3781ca upstream.
+
+This patch (as1274) simplifies the counting of transaction-error
+retries.  Now we will count up from 0 to QH_XACTERR_MAX instead of
+down from QH_XACTERR_MAX to 0.
+
+The patch also fixes a small bug: qh->xacterr was not getting
+initialized for interrupt endpoints.
+
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+Tested-by: Matthijs Kooijman <matthijs@stdin.nl>
+Cc: Reinoud Koornstra <koornstra@hp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/host/ehci-q.c     |   11 +++++------
+ drivers/usb/host/ehci-sched.c |    1 +
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+--- a/drivers/usb/host/ehci-q.c
++++ b/drivers/usb/host/ehci-q.c
+@@ -346,12 +346,11 @@ qh_completions (struct ehci_hcd *ehci, s
+                                */
+                               if ((token & QTD_STS_XACT) &&
+                                               QTD_CERR(token) == 0 &&
+-                                              --qh->xacterrs > 0 &&
++                                              ++qh->xacterrs < QH_XACTERR_MAX &&
+                                               !urb->unlinked) {
+                                       ehci_dbg(ehci,
+-      "detected XactErr len %d/%d retry %d\n",
+-      qtd->length - QTD_LENGTH(token), qtd->length,
+-      QH_XACTERR_MAX - qh->xacterrs);
++      "detected XactErr len %zu/%zu retry %d\n",
++      qtd->length - QTD_LENGTH(token), qtd->length, qh->xacterrs);
+ 
+                                       /* reset the token in the qtd and the
+                                        * qh overlay (which still contains
+@@ -451,7 +450,7 @@ halt:
+               last = qtd;
+ 
+               /* reinit the xacterr counter for the next qtd */
+-              qh->xacterrs = QH_XACTERR_MAX;
++              qh->xacterrs = 0;
+       }
+ 
+       /* last urb's completion might still need calling */
+@@ -898,7 +897,7 @@ static void qh_link_async (struct ehci_h
+       head->qh_next.qh = qh;
+       head->hw_next = dma;
+ 
+-      qh->xacterrs = QH_XACTERR_MAX;
++      qh->xacterrs = 0;
+       qh->qh_state = QH_STATE_LINKED;
+       /* qtd completions reported later by interrupt */
+ }
+--- a/drivers/usb/host/ehci-sched.c
++++ b/drivers/usb/host/ehci-sched.c
+@@ -542,6 +542,7 @@ static int qh_link_periodic (struct ehci
+               }
+       }
+       qh->qh_state = QH_STATE_LINKED;
++      qh->xacterrs = 0;
+       qh_get (qh);
+ 
+       /* update per-qh bandwidth for usbfs */