From: Greg Kroah-Hartman Date: Wed, 30 Sep 2009 23:28:33 +0000 (-0700) Subject: .30 patches X-Git-Tag: v2.6.27.36~25 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=21351989ae79339b08898da4db60f7af0feb7745;p=thirdparty%2Fkernel%2Fstable-queue.git .30 patches --- diff --git a/queue-2.6.30/ahci-restore-pci_intx-handling.patch b/queue-2.6.30/ahci-restore-pci_intx-handling.patch new file mode 100644 index 00000000000..74112b0d332 --- /dev/null +++ b/queue-2.6.30/ahci-restore-pci_intx-handling.patch @@ -0,0 +1,45 @@ +From 31b239ad1ba7225435e13f5afc47e48eb674c0cc Mon Sep 17 00:00:00 2001 +From: Tejun Heo +Date: Thu, 17 Sep 2009 00:34:39 +0900 +Subject: ahci: restore pci_intx() handling + +From: Tejun Heo + +commit 31b239ad1ba7225435e13f5afc47e48eb674c0cc upstream. + +Commit a5bfc4714b3f01365aef89a92673f2ceb1ccf246 dropped explicit +pci_intx() manipulation from ahci because it seemed unnecessary and +ahci doesn't seem to be the right place to be tweaking it if it were. +This was largely okay but there are exceptions. There was one on an +embedded platform which was fixed via firmware and now bko#14124 +reports it on a HP DL320. + + http://bugzilla.kernel.org/show_bug.cgi?id=14124 + +I still think this isn't something libata drivers should be caring +about (the only ones which are calling pci_intx() explicitly are +libata ones and one other driver) but for now reverting the change +seems to be the right thing to do. + +Signed-off-by: Tejun Heo +Reported-by: Thomas Jarosch +Signed-off-by: Jeff Garzik +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ata/ahci.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/ata/ahci.c ++++ b/drivers/ata/ahci.c +@@ -2744,8 +2744,8 @@ static int ahci_init_one(struct pci_dev + if (board_id == board_ahci_sb700 && pdev->revision >= 0x40) + hpriv->flags &= ~AHCI_HFLAG_IGN_SERR_INTERNAL; + +- if (!(hpriv->flags & AHCI_HFLAG_NO_MSI)) +- pci_enable_msi(pdev); ++ if ((hpriv->flags & AHCI_HFLAG_NO_MSI) || pci_enable_msi(pdev)) ++ pci_intx(pdev, 1); + + /* save initial config */ + ahci_save_initial_config(pdev, hpriv); diff --git a/queue-2.6.30/kvm-fix-cpuid-e2big-handling-for-extended-request-types.patch b/queue-2.6.30/kvm-fix-cpuid-e2big-handling-for-extended-request-types.patch new file mode 100644 index 00000000000..78840de370e --- /dev/null +++ b/queue-2.6.30/kvm-fix-cpuid-e2big-handling-for-extended-request-types.patch @@ -0,0 +1,37 @@ +From mtosatti@redhat.com Wed Sep 30 16:23:18 2009 +From: Mark McLoughlin +Date: Fri, 18 Sep 2009 20:08:07 -0300 +Subject: KVM: fix cpuid E2BIG handling for extended request types +To: stable@kernel.org +Cc: Mark McLoughlin , avi@redhat.com +Message-ID: <1253315287-12229-10-git-send-email-mtosatti@redhat.com> + + +From: Mark McLoughlin + +(cherry picked from commit cb007648de83cf226d69ec76e1c01848b4e8e49f) + +If we run out of cpuid entries for extended request types +we should return -E2BIG, just like we do for the standard +request types. + +Signed-off-by: Mark McLoughlin +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/x86.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -1438,6 +1438,10 @@ static int kvm_dev_ioctl_get_supported_c + for (func = 0x80000001; func <= limit && nent < cpuid->nent; ++func) + do_cpuid_ent(&cpuid_entries[nent], func, 0, + &nent, cpuid->nent); ++ r = -E2BIG; ++ if (nent >= cpuid->nent) ++ goto out_free; ++ + r = -EFAULT; + if (copy_to_user(entries, cpuid_entries, + nent * sizeof(struct kvm_cpuid_entry2))) diff --git a/queue-2.6.30/kvm-guest-fix-bogus-wallclock-physical-address-calculation.patch b/queue-2.6.30/kvm-guest-fix-bogus-wallclock-physical-address-calculation.patch new file mode 100644 index 00000000000..fee4adf65df --- /dev/null +++ b/queue-2.6.30/kvm-guest-fix-bogus-wallclock-physical-address-calculation.patch @@ -0,0 +1,41 @@ +From mtosatti@redhat.com Wed Sep 30 16:22:59 2009 +From: Glauber Costa +Date: Fri, 18 Sep 2009 20:08:06 -0300 +Subject: KVM guest: fix bogus wallclock physical address calculation +To: stable@kernel.org +Cc: Glauber Costa , avi@redhat.com +Message-ID: <1253315287-12229-9-git-send-email-mtosatti@redhat.com> + + +From: Glauber Costa + +(cherry picked from commit a20316d2aa41a8f4fd171648bad8f044f6060826) + +The use of __pa() to calculate the address of a C-visible symbol +is wrong, and can lead to unpredictable results. See arch/x86/include/asm/page.h +for details. + +It should be replaced with __pa_symbol(), that does the correct math here, +by taking relocations into account. This ensures the correct wallclock data +structure physical address is passed to the hypervisor. + +Signed-off-by: Glauber Costa +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/kvmclock.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/x86/kernel/kvmclock.c ++++ b/arch/x86/kernel/kvmclock.c +@@ -50,8 +50,8 @@ static unsigned long kvm_get_wallclock(v + struct timespec ts; + int low, high; + +- low = (int)__pa(&wall_clock); +- high = ((u64)__pa(&wall_clock) >> 32); ++ low = (int)__pa_symbol(&wall_clock); ++ high = ((u64)__pa_symbol(&wall_clock) >> 32); + native_write_msr(MSR_KVM_WALL_CLOCK, low, high); + + vcpu_time = &get_cpu_var(hv_clock); diff --git a/queue-2.6.30/kvm-limit-lapic-periodic-timer-frequency.patch b/queue-2.6.30/kvm-limit-lapic-periodic-timer-frequency.patch new file mode 100644 index 00000000000..de2500a2c51 --- /dev/null +++ b/queue-2.6.30/kvm-limit-lapic-periodic-timer-frequency.patch @@ -0,0 +1,41 @@ +From mtosatti@redhat.com Wed Sep 30 16:22:41 2009 +From: Marcelo Tosatti +Date: Fri, 18 Sep 2009 20:08:05 -0300 +Subject: KVM: limit lapic periodic timer frequency +To: stable@kernel.org +Cc: Marcelo Tosatti , avi@redhat.com +Message-ID: <1253315287-12229-8-git-send-email-mtosatti@redhat.com> + +From: Marcelo Tosatti + +(cherry picked from commit 1444885a045fe3b1905a14ea1b52540bf556578b) + +Otherwise its possible to starve the host by programming lapic timer +with a very high frequency. + +Signed-off-by: Marcelo Tosatti +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/lapic.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/arch/x86/kvm/lapic.c ++++ b/arch/x86/kvm/lapic.c +@@ -635,6 +635,15 @@ static void start_apic_timer(struct kvm_ + + if (!apic->timer.period) + return; ++ /* ++ * Do not allow the guest to program periodic timers with small ++ * interval, since the hrtimers are not throttled by the host ++ * scheduler. ++ */ ++ if (apic_lvtt_period(apic)) { ++ if (apic->timer.period < NSEC_PER_MSEC/2) ++ apic->timer.period = NSEC_PER_MSEC/2; ++ } + + hrtimer_start(&apic->timer.dev, + ktime_add_ns(now, apic->timer.period), diff --git a/queue-2.6.30/kvm-mmu-fix-bogus-alloc_mmu_pages-assignment.patch b/queue-2.6.30/kvm-mmu-fix-bogus-alloc_mmu_pages-assignment.patch new file mode 100644 index 00000000000..2f92a6851bc --- /dev/null +++ b/queue-2.6.30/kvm-mmu-fix-bogus-alloc_mmu_pages-assignment.patch @@ -0,0 +1,42 @@ +From mtosatti@redhat.com Wed Sep 30 16:22:20 2009 +From: Marcelo Tosatti +Date: Fri, 18 Sep 2009 20:08:04 -0300 +Subject: KVM: MMU: fix bogus alloc_mmu_pages assignment +To: stable@kernel.org +Cc: Marcelo Tosatti , avi@redhat.com +Message-ID: <1253315287-12229-7-git-send-email-mtosatti@redhat.com> + +From: Marcelo Tosatti + +(cherry picked from commit b90c062c65cc8839edfac39778a37a55ca9bda36) + +Remove the bogus n_free_mmu_pages assignment from alloc_mmu_pages. + +It breaks accounting of mmu pages, since n_free_mmu_pages is modified +but the real number of pages remains the same. + +Signed-off-by: Marcelo Tosatti +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/mmu.c | 8 -------- + 1 file changed, 8 deletions(-) + +--- a/arch/x86/kvm/mmu.c ++++ b/arch/x86/kvm/mmu.c +@@ -2692,14 +2692,6 @@ static int alloc_mmu_pages(struct kvm_vc + + ASSERT(vcpu); + +- spin_lock(&vcpu->kvm->mmu_lock); +- if (vcpu->kvm->arch.n_requested_mmu_pages) +- vcpu->kvm->arch.n_free_mmu_pages = +- vcpu->kvm->arch.n_requested_mmu_pages; +- else +- vcpu->kvm->arch.n_free_mmu_pages = +- vcpu->kvm->arch.n_alloc_mmu_pages; +- spin_unlock(&vcpu->kvm->mmu_lock); + /* + * When emulating 32-bit mode, cr3 is only 32 bits even on x86_64. + * Therefore we need to allocate shadow page tables in the first diff --git a/queue-2.6.30/kvm-mmu-fix-missing-locking-in-alloc_mmu_pages.patch b/queue-2.6.30/kvm-mmu-fix-missing-locking-in-alloc_mmu_pages.patch new file mode 100644 index 00000000000..c540871a0ce --- /dev/null +++ b/queue-2.6.30/kvm-mmu-fix-missing-locking-in-alloc_mmu_pages.patch @@ -0,0 +1,42 @@ +From mtosatti@redhat.com Wed Sep 30 16:22:02 2009 +From: Marcelo Tosatti +Date: Fri, 18 Sep 2009 20:08:03 -0300 +Subject: KVM: MMU: fix missing locking in alloc_mmu_pages +To: stable@kernel.org +Cc: Marcelo Tosatti , avi@redhat.com +Message-ID: <1253315287-12229-6-git-send-email-mtosatti@redhat.com> + +From: Marcelo Tosatti + +(cherry picked from commit 6a1ac77110ee3e8d8dfdef8442f3b30b3d83e6a2) + +n_requested_mmu_pages/n_free_mmu_pages are used by +kvm_mmu_change_mmu_pages to calculate the number of pages to zap. + +alloc_mmu_pages, called from the vcpu initialization path, modifies this +variables without proper locking, which can result in a negative value +in kvm_mmu_change_mmu_pages (say, with cpu hotplug). + +Signed-off-by: Marcelo Tosatti +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/mmu.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/x86/kvm/mmu.c ++++ b/arch/x86/kvm/mmu.c +@@ -2692,12 +2692,14 @@ static int alloc_mmu_pages(struct kvm_vc + + ASSERT(vcpu); + ++ spin_lock(&vcpu->kvm->mmu_lock); + if (vcpu->kvm->arch.n_requested_mmu_pages) + vcpu->kvm->arch.n_free_mmu_pages = + vcpu->kvm->arch.n_requested_mmu_pages; + else + vcpu->kvm->arch.n_free_mmu_pages = + vcpu->kvm->arch.n_alloc_mmu_pages; ++ spin_unlock(&vcpu->kvm->mmu_lock); + /* + * When emulating 32-bit mode, cr3 is only 32 bits even on x86_64. + * Therefore we need to allocate shadow page tables in the first diff --git a/queue-2.6.30/kvm-mmu-make-__kvm_mmu_free_some_pages-handle-empty-list.patch b/queue-2.6.30/kvm-mmu-make-__kvm_mmu_free_some_pages-handle-empty-list.patch new file mode 100644 index 00000000000..b6ee185c548 --- /dev/null +++ b/queue-2.6.30/kvm-mmu-make-__kvm_mmu_free_some_pages-handle-empty-list.patch @@ -0,0 +1,36 @@ +From mtosatti@redhat.com Wed Sep 30 16:21:30 2009 +From: Izik Eidus +Date: Fri, 18 Sep 2009 20:08:01 -0300 +Subject: KVM: MMU: make __kvm_mmu_free_some_pages handle empty list +To: stable@kernel.org +Cc: Izik Eidus , avi@redhat.com, Marcelo Tosatti +Message-ID: <1253315287-12229-4-git-send-email-mtosatti@redhat.com> + + +From: Izik Eidus + +(cherry picked from commit 3b80fffe2b31fb716d3ebe729c54464ee7856723) + +First check if the list is empty before attempting to look at list +entries. + +Signed-off-by: Izik Eidus +Signed-off-by: Marcelo Tosatti +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/mmu.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/x86/kvm/mmu.c ++++ b/arch/x86/kvm/mmu.c +@@ -2612,7 +2612,8 @@ EXPORT_SYMBOL_GPL(kvm_mmu_unprotect_page + + void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu) + { +- while (vcpu->kvm->arch.n_free_mmu_pages < KVM_REFILL_PAGES) { ++ while (vcpu->kvm->arch.n_free_mmu_pages < KVM_REFILL_PAGES && ++ !list_empty(&vcpu->kvm->arch.active_mmu_pages)) { + struct kvm_mmu_page *sp; + + sp = container_of(vcpu->kvm->arch.active_mmu_pages.prev, diff --git a/queue-2.6.30/kvm-vmx-check-cpl-before-emulating-debug-register-access.patch b/queue-2.6.30/kvm-vmx-check-cpl-before-emulating-debug-register-access.patch new file mode 100644 index 00000000000..37f9442508b --- /dev/null +++ b/queue-2.6.30/kvm-vmx-check-cpl-before-emulating-debug-register-access.patch @@ -0,0 +1,69 @@ +From mtosatti@redhat.com Wed Sep 30 16:20:39 2009 +From: Avi Kivity +Date: Fri, 18 Sep 2009 20:07:59 -0300 +Subject: KVM: VMX: Check cpl before emulating debug register access +To: stable@kernel.org +Cc: Marcelo Tosatti , Avi Kivity +Message-ID: <1253315287-12229-2-git-send-email-mtosatti@redhat.com> + + +From: Avi Kivity + +(cherry picked from commit 0a79b009525b160081d75cef5dbf45817956acf2) + +Debug registers may only be accessed from cpl 0. Unfortunately, vmx will +code to emulate the instruction even though it was issued from guest +userspace, possibly leading to an unexpected trap later. + +Signed-off-by: Avi Kivity +Signed-off-by: Marcelo Tosatti +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/include/asm/kvm_host.h | 1 + + arch/x86/kvm/vmx.c | 2 ++ + arch/x86/kvm/x86.c | 13 +++++++++++++ + 3 files changed, 16 insertions(+) + +--- a/arch/x86/include/asm/kvm_host.h ++++ b/arch/x86/include/asm/kvm_host.h +@@ -620,6 +620,7 @@ void kvm_queue_exception(struct kvm_vcpu + void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code); + void kvm_inject_page_fault(struct kvm_vcpu *vcpu, unsigned long cr2, + u32 error_code); ++bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl); + + int kvm_pic_set_irq(void *opaque, int irq, int level); + +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -2865,6 +2865,8 @@ static int handle_dr(struct kvm_vcpu *vc + unsigned long val; + int dr, reg; + ++ if (!kvm_require_cpl(vcpu, 0)) ++ return 1; + dr = vmcs_readl(GUEST_DR7); + if (dr & DR7_GD) { + /* +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -217,6 +217,19 @@ static void __queue_exception(struct kvm + } + + /* ++ * Checks if cpl <= required_cpl; if true, return true. Otherwise queue ++ * a #GP and return false. ++ */ ++bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl) ++{ ++ if (kvm_x86_ops->get_cpl(vcpu) <= required_cpl) ++ return true; ++ kvm_queue_exception_e(vcpu, GP_VECTOR, 0); ++ return false; ++} ++EXPORT_SYMBOL_GPL(kvm_require_cpl); ++ ++/* + * Load the pae pdptrs. Return true is they are all valid. + */ + int load_pdptrs(struct kvm_vcpu *vcpu, unsigned long cr3) diff --git a/queue-2.6.30/kvm-vmx-fix-cr8-exiting-control-clobbering-by-ept.patch b/queue-2.6.30/kvm-vmx-fix-cr8-exiting-control-clobbering-by-ept.patch new file mode 100644 index 00000000000..e416cc8b7bb --- /dev/null +++ b/queue-2.6.30/kvm-vmx-fix-cr8-exiting-control-clobbering-by-ept.patch @@ -0,0 +1,41 @@ +From mtosatti@redhat.com Wed Sep 30 16:21:01 2009 +From: Gleb Natapov +Date: Fri, 18 Sep 2009 20:08:00 -0300 +Subject: KVM: VMX: Fix cr8 exiting control clobbering by EPT +To: stable@kernel.org +Cc: avi@redhat.com, Gleb Natapov +Message-ID: <1253315287-12229-3-git-send-email-mtosatti@redhat.com> + + +From: Gleb Natapov + +(cherry picked from commit 5fff7d270bd6a4759b6d663741b729cdee370257) +Don't call adjust_vmx_controls() two times for the same control. +It restores options that were dropped earlier. This loses us the cr8 +exit control, which causes a massive performance regression Windows x64. + +Signed-off-by: Gleb Natapov +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/vmx.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -1206,12 +1206,9 @@ static __init int setup_vmcs_config(stru + if (_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_EPT) { + /* CR3 accesses and invlpg don't need to cause VM Exits when EPT + enabled */ +- min &= ~(CPU_BASED_CR3_LOAD_EXITING | +- CPU_BASED_CR3_STORE_EXITING | +- CPU_BASED_INVLPG_EXITING); +- if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_PROCBASED_CTLS, +- &_cpu_based_exec_control) < 0) +- return -EIO; ++ _cpu_based_exec_control &= ~(CPU_BASED_CR3_LOAD_EXITING | ++ CPU_BASED_CR3_STORE_EXITING | ++ CPU_BASED_INVLPG_EXITING); + rdmsr(MSR_IA32_VMX_EPT_VPID_CAP, + vmx_capability.ept, vmx_capability.vpid); + } diff --git a/queue-2.6.30/kvm-x86-disallow-hypercalls-for-guest-callers-in-rings-0.patch b/queue-2.6.30/kvm-x86-disallow-hypercalls-for-guest-callers-in-rings-0.patch new file mode 100644 index 00000000000..cb40f3daec0 --- /dev/null +++ b/queue-2.6.30/kvm-x86-disallow-hypercalls-for-guest-callers-in-rings-0.patch @@ -0,0 +1,62 @@ +From mtosatti@redhat.com Wed Sep 30 16:21:46 2009 +From: Jan Kiszka +Date: Fri, 18 Sep 2009 20:08:02 -0300 +Subject: KVM: x86: Disallow hypercalls for guest callers in rings > 0 +To: stable@kernel.org +Cc: Jan Kiszka , avi@redhat.com +Message-ID: <1253315287-12229-5-git-send-email-mtosatti@redhat.com> + + +From: Jan Kiszka + +(cherry picked from commit 07708c4af1346ab1521b26a202f438366b7bcffd) + +So far unprivileged guest callers running in ring 3 can issue, e.g., MMU +hypercalls. Normally, such callers cannot provide any hand-crafted MMU +command structure as it has to be passed by its physical address, but +they can still crash the guest kernel by passing random addresses. + +To close the hole, this patch considers hypercalls valid only if issued +from guest ring 0. This may still be relaxed on a per-hypercall base in +the future once required. + +Signed-off-by: Jan Kiszka +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/x86.c | 6 ++++++ + include/linux/kvm_para.h | 1 + + 2 files changed, 7 insertions(+) + +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -2898,6 +2898,11 @@ int kvm_emulate_hypercall(struct kvm_vcp + a3 &= 0xFFFFFFFF; + } + ++ if (kvm_x86_ops->get_cpl(vcpu) != 0) { ++ ret = -KVM_EPERM; ++ goto out; ++ } ++ + switch (nr) { + case KVM_HC_VAPIC_POLL_IRQ: + ret = 0; +@@ -2909,6 +2914,7 @@ int kvm_emulate_hypercall(struct kvm_vcp + ret = -KVM_ENOSYS; + break; + } ++out: + kvm_register_write(vcpu, VCPU_REGS_RAX, ret); + ++vcpu->stat.hypercalls; + return r; +--- a/include/linux/kvm_para.h ++++ b/include/linux/kvm_para.h +@@ -13,6 +13,7 @@ + #define KVM_ENOSYS 1000 + #define KVM_EFAULT EFAULT + #define KVM_E2BIG E2BIG ++#define KVM_EPERM EPERM + + #define KVM_HC_VAPIC_POLL_IRQ 1 + #define KVM_HC_MMU_OP 2 diff --git a/queue-2.6.30/revert-kvm-x86-check-for-cr3-validity-in-ioctl_set_sregs.patch b/queue-2.6.30/revert-kvm-x86-check-for-cr3-validity-in-ioctl_set_sregs.patch new file mode 100644 index 00000000000..c18a021d968 --- /dev/null +++ b/queue-2.6.30/revert-kvm-x86-check-for-cr3-validity-in-ioctl_set_sregs.patch @@ -0,0 +1,50 @@ +From mtosatti@redhat.com Wed Sep 30 16:23:51 2009 +From: Marcelo Tosatti +Date: Mon, 28 Sep 2009 15:05:53 -0300 +Subject: Revert "KVM: x86: check for cr3 validity in ioctl_set_sregs" +To: stable@kernel.org, avi@redhat.com +Cc: Juan Quintela +Message-ID: <20090928180553.GA9603@amt.cnet> +Content-Disposition: inline + +From: Marcelo Tosatti + +(cherry picked from commit dc7e795e3dd2a763e5ceaa1615f307e808cf3932) + +This reverts commit 6c20e1442bb1c62914bb85b7f4a38973d2a423ba. + +To my understanding, it became obsolete with the advent of the more +robust check in mmu_alloc_roots (89da4ff17f). Moreover, it prevents +the conceptually safe pattern + + 1. set sregs + 2. register mem-slots + 3. run vcpu + +by setting a sticky triple fault during step 1. + +Signed-off-by: Jan Kiszka +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/x86.c | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -4012,13 +4012,7 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct + + vcpu->arch.cr2 = sregs->cr2; + mmu_reset_needed |= vcpu->arch.cr3 != sregs->cr3; +- +- down_read(&vcpu->kvm->slots_lock); +- if (gfn_to_memslot(vcpu->kvm, sregs->cr3 >> PAGE_SHIFT)) +- vcpu->arch.cr3 = sregs->cr3; +- else +- set_bit(KVM_REQ_TRIPLE_FAULT, &vcpu->requests); +- up_read(&vcpu->kvm->slots_lock); ++ vcpu->arch.cr3 = sregs->cr3; + + kvm_set_cr8(vcpu, sregs->cr8); + diff --git a/queue-2.6.30/series b/queue-2.6.30/series index 6e69e3de086..d8485b28374 100644 --- a/queue-2.6.30/series +++ b/queue-2.6.30/series @@ -4,3 +4,14 @@ kallsyms-fix-segfault-in-prefix_underscores_count.patch nilfs2-fix-missing-zero-fill-initialization-of-btree-node-cache.patch p54usb-add-zcomax-xg-705a-usbid.patch re-enable-lanman-security.patch +kvm-vmx-check-cpl-before-emulating-debug-register-access.patch +kvm-vmx-fix-cr8-exiting-control-clobbering-by-ept.patch +kvm-mmu-make-__kvm_mmu_free_some_pages-handle-empty-list.patch +kvm-x86-disallow-hypercalls-for-guest-callers-in-rings-0.patch +kvm-mmu-fix-missing-locking-in-alloc_mmu_pages.patch +kvm-mmu-fix-bogus-alloc_mmu_pages-assignment.patch +kvm-limit-lapic-periodic-timer-frequency.patch +kvm-guest-fix-bogus-wallclock-physical-address-calculation.patch +kvm-fix-cpuid-e2big-handling-for-extended-request-types.patch +revert-kvm-x86-check-for-cr3-validity-in-ioctl_set_sregs.patch +ahci-restore-pci_intx-handling.patch