--- /dev/null
+From stable-bounces@linux.kernel.org Mon Jul 21 11:30:20 2008
+From: Herton Ronaldo Krzesinski <herton@mandriva.com.br>
+Date: Mon, 21 Jul 2008 18:30:12 GMT
+Subject: Fix typos from signal_32/64.h merge
+To: jejb@kernel.org, stable@kernel.org
+Message-ID: <200807211830.m6LIUC2A017018@hera.kernel.org>
+
+From: Herton Ronaldo Krzesinski <herton@mandriva.com.br>
+
+commit 723edb5060855ef36ddeca51a070784b0e0d16df upstream
+
+Fallout from commit 33185c504f8e521b398536b5a8d415779a24593c ("x86:
+merge signal_32/64.h")
+
+Thanks to Dick Streefland who provided an useful testcase on
+http://lkml.org/lkml/2008/3/17/205 (only applicable to 2.6.24.x), that
+helped a lot as a deterministic way to bisect an issue that leaded to
+this fix.
+
+Signed-off-by: Herton Ronaldo Krzesinski <herton@mandriva.com.br>
+Signed-off-by: Luiz Fernando N. Capitulino <lcapitulino@mandriva.com.br>
+Cc: Roland McGrath <roland@redhat.com>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/asm-x86/signal.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/include/asm-x86/signal.h
++++ b/include/asm-x86/signal.h
+@@ -181,12 +181,12 @@ typedef struct sigaltstack {
+ #ifdef __KERNEL__
+ #include <asm/sigcontext.h>
+
+-#ifdef __386__
++#ifdef __i386__
+
+ #define __HAVE_ARCH_SIG_BITOPS
+
+ #define sigaddset(set,sig) \
+- (__builtin_constantp(sig) \
++ (__builtin_constant_p(sig) \
+ ? __const_sigaddset((set), (sig)) \
+ : __gen_sigaddset((set), (sig)))
+
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Jul 25 11:15:18 2008
+From: James Bottomley <jejb@kernel.org>
+Date: Fri, 25 Jul 2008 18:15:11 GMT
+Subject: isofs: fix minor filesystem corruption
+To: jejb@kernel.org, stable@kernel.org
+Message-ID: <200807251815.m6PIFBwR029783@hera.kernel.org>
+
+From: Adam Greenblatt <adam.greenblatt@gmail.com>
+
+commit c0a1633b6201ef79e31b7da464d44fdf5953054d upstream
+
+Some iso9660 images contain files with rockridge data that is either
+incorrect or incompletely parsed. Prior to commit
+f2966632a134e865db3c819346a1dc7d96e05309 ("[PATCH] rock: handle directory
+overflows") (included with kernel 2.6.13) the kernel ignored the rockridge
+data for these files, while still allowing the files to be accessed under
+their non-rockridge names. That commit inadvertently changed things so
+that files with invalid rockridge data could not be accessed at all. (I
+ran across the problem when comparing some old CDs with hard disk copies I
+had made long ago under kernel 2.4: a few of the files on the hard disk
+copies were no longer visible on the CDs.)
+
+This change reverts to the pre-2.6.13 behavior.
+
+Signed-off-by: Adam Greenblatt <adam.greenblatt@gmail.com>
+Reviewed-by: Pekka Enberg <penberg@cs.helsinki.fi>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/isofs/rock.c | 22 ++++++++++++++++++++--
+ 1 file changed, 20 insertions(+), 2 deletions(-)
+
+--- a/fs/isofs/rock.c
++++ b/fs/isofs/rock.c
+@@ -209,6 +209,11 @@ repeat:
+
+ while (rs.len > 2) { /* There may be one byte for padding somewhere */
+ rr = (struct rock_ridge *)rs.chr;
++ /*
++ * Ignore rock ridge info if rr->len is out of range, but
++ * don't return -EIO because that would make the file
++ * invisible.
++ */
+ if (rr->len < 3)
+ goto out; /* Something got screwed up here */
+ sig = isonum_721(rs.chr);
+@@ -216,8 +221,12 @@ repeat:
+ goto eio;
+ rs.chr += rr->len;
+ rs.len -= rr->len;
++ /*
++ * As above, just ignore the rock ridge info if rr->len
++ * is bogus.
++ */
+ if (rs.len < 0)
+- goto eio; /* corrupted isofs */
++ goto out; /* Something got screwed up here */
+
+ switch (sig) {
+ case SIG('R', 'R'):
+@@ -307,6 +316,11 @@ parse_rock_ridge_inode_internal(struct i
+ repeat:
+ while (rs.len > 2) { /* There may be one byte for padding somewhere */
+ rr = (struct rock_ridge *)rs.chr;
++ /*
++ * Ignore rock ridge info if rr->len is out of range, but
++ * don't return -EIO because that would make the file
++ * invisible.
++ */
+ if (rr->len < 3)
+ goto out; /* Something got screwed up here */
+ sig = isonum_721(rs.chr);
+@@ -314,8 +328,12 @@ repeat:
+ goto eio;
+ rs.chr += rr->len;
+ rs.len -= rr->len;
++ /*
++ * As above, just ignore the rock ridge info if rr->len
++ * is bogus.
++ */
+ if (rs.len < 0)
+- goto eio; /* corrupted isofs */
++ goto out; /* Something got screwed up here */
+
+ switch (sig) {
+ #ifndef CONFIG_ZISOFS /* No flag for SF or ZF */
--- /dev/null
+From stable-bounces@linux.kernel.org Wed Jul 23 02:21:59 2008
+From: Avi Kivity <avi@qumranet.com>
+Date: Wed, 23 Jul 2008 11:43:43 +0300
+Subject: KVM: MMU: Fix potential race setting upper shadow ptes on nonpae hosts
+To: stable@kernel.org
+Message-ID: <1216802623-31090-8-git-send-email-avi@qumranet.com>
+
+From: Avi Kivity <avi@qumranet.com>
+
+Original-Commit-Hash: c23a6fe17abf8562e675465f8d55ba1a551d314d
+
+The direct mapped shadow code (used for real mode and two dimensional paging)
+sets upper-level ptes using direct assignment rather than calling
+set_shadow_pte(). A nonpae host will split this into two writes, which opens
+up a race if another vcpu accesses the same memory area.
+
+Fix by calling set_shadow_pte() instead of assigning directly.
+
+Noticed by Izik Eidus.
+
+Signed-off-by: Avi Kivity <avi@qumranet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ arch/x86/kvm/mmu.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -1171,9 +1171,10 @@ static int __direct_map(struct kvm_vcpu
+ return -ENOMEM;
+ }
+
+- table[index] = __pa(new_table->spt)
+- | PT_PRESENT_MASK | PT_WRITABLE_MASK
+- | shadow_user_mask | shadow_x_mask;
++ set_shadow_pte(&table[index],
++ __pa(new_table->spt)
++ | PT_PRESENT_MASK | PT_WRITABLE_MASK
++ | shadow_user_mask | shadow_x_mask);
+ }
+ table_addr = table[index] & PT64_BASE_ADDR_MASK;
+ }
--- /dev/null
+From stable-bounces@linux.kernel.org Wed Jul 23 02:21:47 2008
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Wed, 23 Jul 2008 11:43:42 +0300
+Subject: KVM: MMU: nuke shadowed pgtable pages and ptes on memslot destruction
+To: stable@kernel.org
+Cc: Marcelo Tosatti <mtosatti@redhat.com>
+Message-ID: <1216802623-31090-7-git-send-email-avi@qumranet.com>
+
+
+From: Marcelo Tosatti <mtosatti@redhat.com>
+
+Original-Commit-Hash: 3cc312f03e06a8fa39ecb4cc0189efc2bd888899
+
+Flush the shadow mmu before removing regions to avoid stale entries.
+
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Avi Kivity <avi@qumranet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/ia64/kvm/kvm-ia64.c | 3 +++
+ arch/powerpc/kvm/powerpc.c | 4 ++++
+ arch/s390/kvm/kvm-s390.c | 4 ++++
+ arch/x86/kvm/x86.c | 5 +++++
+ include/linux/kvm_host.h | 1 +
+ virt/kvm/kvm_main.c | 3 +++
+ 6 files changed, 20 insertions(+)
+
+--- a/arch/ia64/kvm/kvm-ia64.c
++++ b/arch/ia64/kvm/kvm-ia64.c
+@@ -1460,6 +1460,9 @@ int kvm_arch_set_memory_region(struct kv
+ return 0;
+ }
+
++void kvm_arch_flush_shadow(struct kvm *kvm)
++{
++}
+
+ long kvm_arch_dev_ioctl(struct file *filp,
+ unsigned int ioctl, unsigned long arg)
+--- a/arch/powerpc/kvm/powerpc.c
++++ b/arch/powerpc/kvm/powerpc.c
+@@ -167,6 +167,10 @@ int kvm_arch_set_memory_region(struct kv
+ return 0;
+ }
+
++void kvm_arch_flush_shadow(struct kvm *kvm)
++{
++}
++
+ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id)
+ {
+ struct kvm_vcpu *vcpu;
+--- a/arch/s390/kvm/kvm-s390.c
++++ b/arch/s390/kvm/kvm-s390.c
+@@ -672,6 +672,10 @@ int kvm_arch_set_memory_region(struct kv
+ return 0;
+ }
+
++void kvm_arch_flush_shadow(struct kvm *kvm)
++{
++}
++
+ gfn_t unalias_gfn(struct kvm *kvm, gfn_t gfn)
+ {
+ return gfn;
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -4016,6 +4016,11 @@ int kvm_arch_set_memory_region(struct kv
+ return 0;
+ }
+
++void kvm_arch_flush_shadow(struct kvm *kvm)
++{
++ kvm_mmu_zap_all(kvm);
++}
++
+ int kvm_arch_vcpu_runnable(struct kvm_vcpu *vcpu)
+ {
+ return vcpu->arch.mp_state == KVM_MP_STATE_RUNNABLE
+--- a/include/linux/kvm_host.h
++++ b/include/linux/kvm_host.h
+@@ -166,6 +166,7 @@ int kvm_arch_set_memory_region(struct kv
+ struct kvm_userspace_memory_region *mem,
+ struct kvm_memory_slot old,
+ int user_alloc);
++void kvm_arch_flush_shadow(struct kvm *kvm);
+ gfn_t unalias_gfn(struct kvm *kvm, gfn_t gfn);
+ struct page *gfn_to_page(struct kvm *kvm, gfn_t gfn);
+ unsigned long gfn_to_hva(struct kvm *kvm, gfn_t gfn);
+--- a/virt/kvm/kvm_main.c
++++ b/virt/kvm/kvm_main.c
+@@ -377,6 +377,9 @@ int __kvm_set_memory_region(struct kvm *
+ if (mem->slot >= kvm->nmemslots)
+ kvm->nmemslots = mem->slot + 1;
+
++ if (!npages)
++ kvm_arch_flush_shadow(kvm);
++
+ *memslot = new;
+
+ r = kvm_arch_set_memory_region(kvm, mem, old, user_alloc);
--- /dev/null
+From stable-bounces@linux.kernel.org Wed Jul 23 02:21:59 2008
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Wed, 23 Jul 2008 11:43:39 +0300
+Subject: KVM: mmu_shrink: kvm_mmu_zap_page requires slots_lock to be held
+To: stable@kernel.org
+Cc: Marcelo Tosatti <mtosatti@redhat.com>
+Message-ID: <1216802623-31090-4-git-send-email-avi@qumranet.com>
+
+
+From: Marcelo Tosatti <mtosatti@redhat.com>
+
+Original-Commit-Hash: 64f6a0c041bd8fc100a0d655058bdbc31feda03c
+
+kvm_mmu_zap_page() needs slots lock held (rmap_remove->gfn_to_memslot,
+for example).
+
+Since kvm_lock spinlock is held in mmu_shrink(), do a non-blocking
+down_read_trylock().
+
+Untested.
+
+Signed-off-by: Avi Kivity <avi@qumranet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/mmu.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -1968,6 +1968,8 @@ static int mmu_shrink(int nr_to_scan, gf
+ list_for_each_entry(kvm, &vm_list, vm_list) {
+ int npages;
+
++ if (!down_read_trylock(&kvm->slots_lock))
++ continue;
+ spin_lock(&kvm->mmu_lock);
+ npages = kvm->arch.n_alloc_mmu_pages -
+ kvm->arch.n_free_mmu_pages;
+@@ -1980,6 +1982,7 @@ static int mmu_shrink(int nr_to_scan, gf
+ nr_to_scan--;
+
+ spin_unlock(&kvm->mmu_lock);
++ up_read(&kvm->slots_lock);
+ }
+ if (kvm_freed)
+ list_move_tail(&kvm_freed->vm_list, &vm_list);
--- /dev/null
+From stable-bounces@linux.kernel.org Wed Jul 23 02:21:35 2008
+From: Joerg Roedel <joerg.roedel@amd.com>
+Date: Wed, 23 Jul 2008 11:43:38 +0300
+Subject: KVM: SVM: fix suspend/resume support
+To: stable@kernel.org
+Cc: Joerg Roedel <joerg.roedel@amd.com>
+Message-ID: <1216802623-31090-3-git-send-email-avi@qumranet.com>
+
+From: Joerg Roedel <joerg.roedel@amd.com>
+
+Original-Commit-Hash: ab6267b708bec563891294488f2e854be404bdaf
+
+On suspend the svm_hardware_disable function is called which frees all svm_data
+variables. On resume they are not re-allocated. This patch removes the
+deallocation of svm_data from the hardware_disable function to the
+hardware_unsetup function which is not called on suspend.
+
+Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
+Signed-off-by: Avi Kivity <avi@qumranet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ arch/x86/kvm/svm.c | 34 ++++++++++++++++++++++------------
+ 1 file changed, 22 insertions(+), 12 deletions(-)
+
+--- a/arch/x86/kvm/svm.c
++++ b/arch/x86/kvm/svm.c
+@@ -270,19 +270,11 @@ static int has_svm(void)
+
+ static void svm_hardware_disable(void *garbage)
+ {
+- struct svm_cpu_data *svm_data
+- = per_cpu(svm_data, raw_smp_processor_id());
+-
+- if (svm_data) {
+- uint64_t efer;
++ uint64_t efer;
+
+- wrmsrl(MSR_VM_HSAVE_PA, 0);
+- rdmsrl(MSR_EFER, efer);
+- wrmsrl(MSR_EFER, efer & ~MSR_EFER_SVME_MASK);
+- per_cpu(svm_data, raw_smp_processor_id()) = NULL;
+- __free_page(svm_data->save_area);
+- kfree(svm_data);
+- }
++ wrmsrl(MSR_VM_HSAVE_PA, 0);
++ rdmsrl(MSR_EFER, efer);
++ wrmsrl(MSR_EFER, efer & ~MSR_EFER_SVME_MASK);
+ }
+
+ static void svm_hardware_enable(void *garbage)
+@@ -321,6 +313,19 @@ static void svm_hardware_enable(void *ga
+ page_to_pfn(svm_data->save_area) << PAGE_SHIFT);
+ }
+
++static void svm_cpu_uninit(int cpu)
++{
++ struct svm_cpu_data *svm_data
++ = per_cpu(svm_data, raw_smp_processor_id());
++
++ if (!svm_data)
++ return;
++
++ per_cpu(svm_data, raw_smp_processor_id()) = NULL;
++ __free_page(svm_data->save_area);
++ kfree(svm_data);
++}
++
+ static int svm_cpu_init(int cpu)
+ {
+ struct svm_cpu_data *svm_data;
+@@ -458,6 +463,11 @@ err:
+
+ static __exit void svm_hardware_unsetup(void)
+ {
++ int cpu;
++
++ for_each_online_cpu(cpu)
++ svm_cpu_uninit(cpu);
++
+ __free_pages(pfn_to_page(iopm_base >> PAGE_SHIFT), IOPM_ALLOC_ORDER);
+ iopm_base = 0;
+ }
--- /dev/null
+From stable-bounces@linux.kernel.org Wed Jul 23 02:21:51 2008
+From: Sheng Yang <sheng.yang@intel.com>
+Date: Wed, 23 Jul 2008 11:43:40 +0300
+Subject: KVM: VMX: Add ept_sync_context in flush_tlb
+To: stable@kernel.org
+Cc: Sheng Yang <sheng.yang@intel.com>
+Message-ID: <1216802623-31090-5-git-send-email-avi@qumranet.com>
+
+
+From: Sheng Yang <sheng.yang@intel.com>
+
+Original-Commit-Hash: 73f785350b92e1a3af945340f7d10f3978193cba
+
+Fix a potention issue caused by kvm_mmu_slot_remove_write_access(). The
+old behavior don't sync EPT TLB with modified EPT entry, which result
+in inconsistent content of EPT TLB and EPT table.
+
+Signed-off-by: Sheng Yang <sheng.yang@intel.com>
+Signed-off-by: Avi Kivity <avi@qumranet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ arch/x86/kvm/vmx.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -88,6 +88,7 @@ static inline struct vcpu_vmx *to_vmx(st
+ }
+
+ static int init_rmode(struct kvm *kvm);
++static u64 construct_eptp(unsigned long root_hpa);
+
+ static DEFINE_PER_CPU(struct vmcs *, vmxarea);
+ static DEFINE_PER_CPU(struct vmcs *, current_vmcs);
+@@ -1389,6 +1390,8 @@ static void exit_lmode(struct kvm_vcpu *
+ static void vmx_flush_tlb(struct kvm_vcpu *vcpu)
+ {
+ vpid_sync_vcpu_all(to_vmx(vcpu));
++ if (vm_need_ept())
++ ept_sync_context(construct_eptp(vcpu->arch.mmu.root_hpa));
+ }
+
+ static void vmx_decache_cr4_guest_bits(struct kvm_vcpu *vcpu)
--- /dev/null
+From stable-bounces@linux.kernel.org Wed Jul 23 02:21:43 2008
+From: Sheng Yang <sheng.yang@intel.com>
+Date: Wed, 23 Jul 2008 11:43:37 +0300
+Subject: KVM: VMX: Fix a wrong usage of vmcs_config
+To: stable@kernel.org
+Cc: Sheng Yang <sheng.yang@intel.com>
+Message-ID: <1216802623-31090-2-git-send-email-avi@qumranet.com>
+
+From: Sheng Yang <sheng.yang@intel.com>
+
+Original-Commit-Hash: 406046a9638a455876b030853862e576a4378d29
+
+The function ept_update_paging_mode_cr0() write to
+CPU_BASED_VM_EXEC_CONTROL based on vmcs_config.cpu_based_exec_ctrl. That's
+wrong because the variable may not consistent with the content in the
+CPU_BASE_VM_EXEC_CONTROL MSR.
+
+Signed-off-by: Sheng Yang <sheng.yang@intel.com>
+Signed-off-by: Avi Kivity <avi@qumranet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/vmx.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -1420,7 +1420,7 @@ static void ept_update_paging_mode_cr0(u
+ if (!(cr0 & X86_CR0_PG)) {
+ /* From paging/starting to nonpaging */
+ vmcs_write32(CPU_BASED_VM_EXEC_CONTROL,
+- vmcs_config.cpu_based_exec_ctrl |
++ vmcs_read32(CPU_BASED_VM_EXEC_CONTROL) |
+ (CPU_BASED_CR3_LOAD_EXITING |
+ CPU_BASED_CR3_STORE_EXITING));
+ vcpu->arch.cr0 = cr0;
+@@ -1430,7 +1430,7 @@ static void ept_update_paging_mode_cr0(u
+ } else if (!is_paging(vcpu)) {
+ /* From nonpaging to paging */
+ vmcs_write32(CPU_BASED_VM_EXEC_CONTROL,
+- vmcs_config.cpu_based_exec_ctrl &
++ vmcs_read32(CPU_BASED_VM_EXEC_CONTROL) &
+ ~(CPU_BASED_CR3_LOAD_EXITING |
+ CPU_BASED_CR3_STORE_EXITING));
+ vcpu->arch.cr0 = cr0;
--- /dev/null
+From stable-bounces@linux.kernel.org Wed Jul 23 02:21:43 2008
+From: Mohammed Gamal <m.gamal005@gmail.com>
+Date: Wed, 23 Jul 2008 11:43:41 +0300
+Subject: KVM: x86 emulator: Fix HLT instruction
+To: stable@kernel.org
+Cc: Mohammed Gamal <m.gamal005@gmail.com>
+Message-ID: <1216802623-31090-6-git-send-email-avi@qumranet.com>
+
+
+From: Mohammed Gamal <m.gamal005@gmail.com>
+
+Original-Commit-Hash: bcc542267538e9ba933d08b4cd4ebd796e03a3d7
+
+This patch fixes issue encountered with HLT instruction
+under FreeDOS's HIMEM XMS Driver.
+
+The HLT instruction jumped directly to the done label and
+skips updating the EIP value, therefore causing the guest
+to spin endlessly on the same instruction.
+
+The patch changes the instruction so that it writes back
+the updated EIP value.
+
+Signed-off-by: Mohammed Gamal <m.gamal005@gmail.com>
+Signed-off-by: Avi Kivity <avi@qumranet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/x86_emulate.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/x86_emulate.c
++++ b/arch/x86/kvm/x86_emulate.c
+@@ -1666,7 +1666,7 @@ special_insn:
+ break;
+ case 0xf4: /* hlt */
+ ctxt->vcpu->arch.halt_request = 1;
+- goto done;
++ break;
+ case 0xf5: /* cmc */
+ /* complement carry flag from eflags reg */
+ ctxt->eflags ^= EFLG_CF;
--- /dev/null
+From stable-bounces@linux.kernel.org Mon Jul 14 14:05:24 2008
+From: Roland McGrath <roland@redhat.com>
+Date: Mon, 14 Jul 2008 21:05:12 GMT
+Subject: Patch Upstream: x86 ptrace: fix PTRACE_GETFPXREGS error
+To: jejb@kernel.org, stable@kernel.org
+Message-ID: <200807142105.m6EL5BcZ006833@hera.kernel.org>
+
+From: Roland McGrath <roland@redhat.com>
+
+commit 45fdc3a7624a4a48185a04ae0abab5f9793d8952 upstream
+
+ptrace has always returned only -EIO for all failures to access
+registers. The user_regset calls are allowed to return a more
+meaningful variety of errors. The REGSET_XFP calls use -ENODEV
+for !cpu_has_fxsr hardware. Make ptrace return the traditional
+-EIO instead of the error code from the user_regset call.
+
+Signed-off-by: Roland McGrath <roland@redhat.com>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kernel/i387.c | 4 ++--
+ arch/x86/kernel/ptrace.c | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+--- a/arch/x86/kernel/i387.c
++++ b/arch/x86/kernel/i387.c
+@@ -162,7 +162,7 @@ int xfpregs_get(struct task_struct *targ
+ int ret;
+
+ if (!cpu_has_fxsr)
+- return -EIO;
++ return -ENODEV;
+
+ ret = init_fpu(target);
+ if (ret)
+@@ -179,7 +179,7 @@ int xfpregs_set(struct task_struct *targ
+ int ret;
+
+ if (!cpu_has_fxsr)
+- return -EIO;
++ return -ENODEV;
+
+ ret = init_fpu(target);
+ if (ret)
+--- a/arch/x86/kernel/ptrace.c
++++ b/arch/x86/kernel/ptrace.c
+@@ -943,13 +943,13 @@ long arch_ptrace(struct task_struct *chi
+ return copy_regset_to_user(child, &user_x86_32_view,
+ REGSET_XFP,
+ 0, sizeof(struct user_fxsr_struct),
+- datap);
++ datap) ? -EIO : 0;
+
+ case PTRACE_SETFPXREGS: /* Set the child extended FPU state. */
+ return copy_regset_from_user(child, &user_x86_32_view,
+ REGSET_XFP,
+ 0, sizeof(struct user_fxsr_struct),
+- datap);
++ datap) ? -EIO : 0;
+ #endif
+
+ #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Jul 25 11:15:18 2008
+From: James Bottomley <jejb@kernel.org>
+Date: Fri, 25 Jul 2008 18:15:07 GMT
+Subject: quota: fix possible infinite loop in quota code
+To: jejb@kernel.org, stable@kernel.org
+Message-ID: <200807251815.m6PIF7RA029745@hera.kernel.org>
+
+From: Jan Kara <jack@suse.cz>
+
+commit b48d380541f634663b71766005838edbb7261685 upstream
+
+When quota structure is going to be dropped and it is dirty, quota code tries
+to write it. If the write fails for some reason (e. g. transaction cannot
+be started because the journal is aborted), we try writing again and again and
+again... Fix the problem by clearing the dirty bit even if the write failed.
+
+(akpm: for 2.6.27, 2.6.26.x and 2.6.25.x)
+
+Signed-off-by: Jan Kara <jack@suse.cz>
+Reviewed-by: dingdinghua <dingdinghua85@gmail.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/dquot.c | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+--- a/fs/dquot.c
++++ b/fs/dquot.c
+@@ -562,6 +562,8 @@ static struct shrinker dqcache_shrinker
+ */
+ static void dqput(struct dquot *dquot)
+ {
++ int ret;
++
+ if (!dquot)
+ return;
+ #ifdef __DQUOT_PARANOIA
+@@ -594,7 +596,19 @@ we_slept:
+ if (test_bit(DQ_ACTIVE_B, &dquot->dq_flags) && dquot_dirty(dquot)) {
+ spin_unlock(&dq_list_lock);
+ /* Commit dquot before releasing */
+- dquot->dq_sb->dq_op->write_dquot(dquot);
++ ret = dquot->dq_sb->dq_op->write_dquot(dquot);
++ if (ret < 0) {
++ printk(KERN_ERR "VFS: cannot write quota structure on "
++ "device %s (error %d). Quota may get out of "
++ "sync!\n", dquot->dq_sb->s_id, ret);
++ /*
++ * We clear dirty bit anyway, so that we avoid
++ * infinite loop here
++ */
++ spin_lock(&dq_list_lock);
++ clear_dquot_dirty(dquot);
++ spin_unlock(&dq_list_lock);
++ }
+ goto we_slept;
+ }
+ /* Clear flag in case dquot was inactive (something bad happened) */
--- /dev/null
+From stable-bounces@linux.kernel.org Tue Jul 15 14:30:50 2008
+From: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+Date: Tue, 15 Jul 2008 21:30:31 GMT
+Subject: rcu: fix rcu_try_flip_waitack_needed() to prevent grace-period stall
+To: jejb@kernel.org, stable@kernel.org
+Message-ID: <200807152130.m6FLUVng001094@hera.kernel.org>
+
+From: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+
+commit d7c0651390b6a03ad53f99faec0ba88109d7191d upstream
+
+The comment was correct -- need to make the code match the comment.
+Without this patch, if a CPU goes dynticks idle (and stays there forever)
+in just the right phase of preemptible-RCU grace-period processing,
+grace periods stall. The offending sequence of events (courtesy
+of Promela/spin, at least after I got the liveness criterion coded
+correctly...) is as follows:
+
+o CPU 0 is in dynticks-idle mode. Its dynticks_progress_counter
+ is (say) 10.
+
+o CPU 0 takes an interrupt, so rcu_irq_enter() increments CPU 0's
+ dynticks_progress_counter to 11.
+
+o CPU 1 is doing RCU grace-period processing in rcu_try_flip_idle(),
+ sees rcu_pending(), so invokes dyntick_save_progress_counter(),
+ which in turn takes a snapshot of CPU 0's dynticks_progress_counter
+ into CPU 0's rcu_dyntick_snapshot -- now set to 11. CPU 1 then
+ updates the RCU grace-period state to rcu_try_flip_waitack().
+
+o CPU 0 returns from its interrupt, so rcu_irq_exit() increments
+ CPU 0's dynticks_progress_counter to 12.
+
+o CPU 1 later invokes rcu_try_flip_waitack(), which notices that
+ CPU 0 has not yet responded, and hence in turn invokes
+ rcu_try_flip_waitack_needed(). This function examines the
+ state of CPU 0's dynticks_progress_counter and rcu_dyntick_snapshot
+ variables, which it copies to curr (== 12) and snap (== 11),
+ respectively.
+
+ Because curr!=snap, the first condition fails.
+
+ Because curr-snap is only 1 and snap is odd, the second
+ condition fails.
+
+ rcu_try_flip_waitack_needed() therefore incorrectly concludes
+ that it must wait for CPU 0 to explicitly acknowledge the
+ counter flip.
+
+o CPU 0 remains forever in dynticks-idle mode, never taking
+ any more hardware interrupts or any NMIs, and never running
+ any more tasks. (Of course, -something- will usually eventually
+ happen, which might be why we haven't seen this one in the
+ wild. Still should be fixed!)
+
+Therefore the grace period never ends. Fix is to make the code match
+the comment, as shown below. With this fix, the above scenario
+would be satisfied with curr being even, and allow the grace period
+to proceed.
+
+Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
+Cc: Josh Triplett <josh@kernel.org>
+Cc: Dipankar Sarma <dipankar@in.ibm.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/rcupreempt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/rcupreempt.c
++++ b/kernel/rcupreempt.c
+@@ -567,7 +567,7 @@ rcu_try_flip_waitack_needed(int cpu)
+ * that this CPU already acknowledged the counter.
+ */
+
+- if ((curr - snap) > 2 || (snap & 0x1) == 0)
++ if ((curr - snap) > 2 || (curr & 0x1) == 0)
+ return 0;
+
+ /* We need this CPU to explicitly acknowledge the counter flip. */
ipv6-use-timer-pending.patch
ipv6-__kernel__-ifdef-struct-ipv6_devconf.patch
hdlcdrv-fix-crc-calculation.patch
+quota-fix-possible-infinite-loop-in-quota-code.patch
+isofs-fix-minor-filesystem-corruption.patch
+kvm-vmx-fix-a-wrong-usage-of-vmcs_config.patch
+kvm-svm-fix-suspend-resume-support.patch
+kvm-mmu_shrink-kvm_mmu_zap_page-requires-slots_lock-to-be-held.patch
+kvm-vmx-add-ept_sync_context-in-flush_tlb.patch
+kvm-x86-emulator-fix-hlt-instruction.patch
+kvm-mmu-nuke-shadowed-pgtable-pages-and-ptes-on-memslot-destruction.patch
+kvm-mmu-fix-potential-race-setting-upper-shadow-ptes-on-nonpae-hosts.patch
+patch-upstream-x86-ptrace-fix-ptrace_getfpxregs-error.patch
+rcu-fix-rcu_try_flip_waitack_needed-to-prevent-grace-period-stall.patch
+fix-typos-from-signal_32-64.h-merge.patch
+x86-reboot-quirks-add-dell-precision-workstation-t5400.patch
+usb-fix-usb-serial-pm-counter-decrement-for-disconnected-interfaces.patch
--- /dev/null
+From stable-bounces@linux.kernel.org Mon Jul 21 16:05:28 2008
+From: Oliver Neukum <oliver@neukum.org>
+Date: Mon, 21 Jul 2008 23:05:03 GMT
+Subject: USB: fix usb serial pm counter decrement for disconnected interfaces
+To: jejb@kernel.org, stable@kernel.org
+Message-ID: <200807212305.m6LN53QE014210@hera.kernel.org>
+
+From: Oliver Neukum <oliver@neukum.org>
+
+commit 62ad296b6ca78bd123864c138814c0a597873693 upstream
+
+usb serial decrements the pm counter even if an interface has been
+disconnected. If it was a logical disconnect the interface may belong
+already to another driver. This patch introduces a check for disconnected
+interfaces.
+
+Signed-off-by: Oliver Neukum <oneukum@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/serial/usb-serial.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/serial/usb-serial.c
++++ b/drivers/usb/serial/usb-serial.c
+@@ -283,7 +283,10 @@ static void serial_close(struct tty_stru
+ }
+
+ if (port->open_count == 0) {
+- usb_autopm_put_interface(port->serial->interface);
++ mutex_lock(&port->serial->disc_mutex);
++ if (!port->serial->disconnected)
++ usb_autopm_put_interface(port->serial->interface);
++ mutex_unlock(&port->serial->disc_mutex);
+ module_put(port->serial->type->driver.owner);
+ }
+
--- /dev/null
+From stable-bounces@linux.kernel.org Mon Jul 21 11:30:32 2008
+From: Ingo Molnar <mingo@elte.hu>
+Date: Mon, 21 Jul 2008 18:30:15 GMT
+Subject: x86 reboot quirks: add Dell Precision WorkStation T5400
+To: jejb@kernel.org, stable@kernel.org
+Message-ID: <200807211830.m6LIUFeO017101@hera.kernel.org>
+
+From: Ingo Molnar <mingo@elte.hu>
+
+commit fab3b58d3b242b5903f78d60d86803a8aecdf6de upstream
+
+as reported in:
+
+ "reboot=bios is mandatory on Dell T5400 server."
+ http://bugzilla.kernel.org/show_bug.cgi?id=11108
+
+add a DMI reboot quirk.
+
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kernel/reboot.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/arch/x86/kernel/reboot.c
++++ b/arch/x86/kernel/reboot.c
+@@ -177,6 +177,14 @@ static struct dmi_system_id __initdata r
+ DMI_MATCH(DMI_PRODUCT_NAME, "PowerEdge 2400"),
+ },
+ },
++ { /* Handle problems with rebooting on Dell T5400's */
++ .callback = set_bios_reboot,
++ .ident = "Dell Precision T5400",
++ .matches = {
++ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
++ DMI_MATCH(DMI_PRODUCT_NAME, "Precision WorkStation T5400"),
++ },
++ },
+ { /* Handle problems with rebooting on HP laptops */
+ .callback = set_bios_reboot,
+ .ident = "HP Compaq Laptop",
projects / thirdparty / kernel / stable-queue.git / commitdiff
