From: Greg Kroah-Hartman Date: Sun, 26 Sep 2021 12:46:05 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v5.4.150~55 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=abaa98dc6dce495d0d292a916e5b000aa5a003b6;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: cifs-fix-incorrect-check-for-null-pointer-in-header_assemble.patch usb-gadget-r8a66597-fix-a-loop-in-set_feature.patch usb-musb-tusb6010-uninitialized-data-in-tusb_fifo_write_unaligned.patch usb-serial-cp210x-add-id-for-gw-instek-gdm-834x-digital-multimeter.patch usb-serial-mos7840-remove-duplicated-0xac24-device-id.patch usb-serial-option-add-device-id-for-foxconn-t99w265.patch usb-serial-option-add-telit-ln920-compositions.patch usb-serial-option-remove-duplicate-usb-device-id.patch xen-x86-fix-pv-trap-handling-on-secondary-processors.patch --- diff --git a/queue-4.4/cifs-fix-incorrect-check-for-null-pointer-in-header_assemble.patch b/queue-4.4/cifs-fix-incorrect-check-for-null-pointer-in-header_assemble.patch new file mode 100644 index 00000000000..bead9644724 --- /dev/null +++ b/queue-4.4/cifs-fix-incorrect-check-for-null-pointer-in-header_assemble.patch @@ -0,0 +1,45 @@ +From 9ed38fd4a15417cac83967360cf20b853bfab9b6 Mon Sep 17 00:00:00 2001 +From: Steve French +Date: Thu, 23 Sep 2021 19:18:37 -0500 +Subject: cifs: fix incorrect check for null pointer in header_assemble + +From: Steve French + +commit 9ed38fd4a15417cac83967360cf20b853bfab9b6 upstream. + +Although very unlikely that the tlink pointer would be null in this case, +get_next_mid function can in theory return null (but not an error) +so need to check for null (not for IS_ERR, which can not be returned +here). + +Address warning: + + fs/smbfs_client/connect.c:2392 cifs_match_super() + warn: 'tlink' isn't an ERR_PTR + +Pointed out by Dan Carpenter via smatch code analysis tool + +CC: stable@vger.kernel.org +Reported-by: Dan Carpenter +Acked-by: Ronnie Sahlberg +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/cifs/connect.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/fs/cifs/connect.c ++++ b/fs/cifs/connect.c +@@ -2961,9 +2961,10 @@ cifs_match_super(struct super_block *sb, + spin_lock(&cifs_tcp_ses_lock); + cifs_sb = CIFS_SB(sb); + tlink = cifs_get_tlink(cifs_sb_master_tlink(cifs_sb)); +- if (IS_ERR(tlink)) { ++ if (tlink == NULL) { ++ /* can not match superblock if tlink were ever null */ + spin_unlock(&cifs_tcp_ses_lock); +- return rc; ++ return 0; + } + tcon = tlink_tcon(tlink); + ses = tcon->ses; diff --git a/queue-4.4/series b/queue-4.4/series new file mode 100644 index 00000000000..74f626d7ce1 --- /dev/null +++ b/queue-4.4/series @@ -0,0 +1,9 @@ +usb-gadget-r8a66597-fix-a-loop-in-set_feature.patch +usb-musb-tusb6010-uninitialized-data-in-tusb_fifo_write_unaligned.patch +cifs-fix-incorrect-check-for-null-pointer-in-header_assemble.patch +xen-x86-fix-pv-trap-handling-on-secondary-processors.patch +usb-serial-cp210x-add-id-for-gw-instek-gdm-834x-digital-multimeter.patch +usb-serial-mos7840-remove-duplicated-0xac24-device-id.patch +usb-serial-option-add-telit-ln920-compositions.patch +usb-serial-option-remove-duplicate-usb-device-id.patch +usb-serial-option-add-device-id-for-foxconn-t99w265.patch diff --git a/queue-4.4/usb-gadget-r8a66597-fix-a-loop-in-set_feature.patch b/queue-4.4/usb-gadget-r8a66597-fix-a-loop-in-set_feature.patch new file mode 100644 index 00000000000..808749c7f71 --- /dev/null +++ b/queue-4.4/usb-gadget-r8a66597-fix-a-loop-in-set_feature.patch @@ -0,0 +1,39 @@ +From 17956b53ebff6a490baf580a836cbd3eae94892b Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Mon, 6 Sep 2021 12:42:21 +0300 +Subject: usb: gadget: r8a66597: fix a loop in set_feature() + +From: Dan Carpenter + +commit 17956b53ebff6a490baf580a836cbd3eae94892b upstream. + +This loop is supposed to loop until if reads something other than +CS_IDST or until it times out after 30,000 attempts. But because of +the || vs && bug, it will never time out and instead it will loop a +minimum of 30,000 times. + +This bug is quite old but the code is only used in USB_DEVICE_TEST_MODE +so it probably doesn't affect regular usage. + +Fixes: 96fe53ef5498 ("usb: gadget: r8a66597-udc: add support for TEST_MODE") +Cc: stable +Reviewed-by: Yoshihiro Shimoda +Acked-by: Felipe Balbi +Signed-off-by: Dan Carpenter +Link: https://lore.kernel.org/r/20210906094221.GA10957@kili +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/gadget/udc/r8a66597-udc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/usb/gadget/udc/r8a66597-udc.c ++++ b/drivers/usb/gadget/udc/r8a66597-udc.c +@@ -1253,7 +1253,7 @@ static void set_feature(struct r8a66597 + do { + tmp = r8a66597_read(r8a66597, INTSTS0) & CTSQ; + udelay(1); +- } while (tmp != CS_IDST || timeout-- > 0); ++ } while (tmp != CS_IDST && timeout-- > 0); + + if (tmp == CS_IDST) + r8a66597_bset(r8a66597, diff --git a/queue-4.4/usb-musb-tusb6010-uninitialized-data-in-tusb_fifo_write_unaligned.patch b/queue-4.4/usb-musb-tusb6010-uninitialized-data-in-tusb_fifo_write_unaligned.patch new file mode 100644 index 00000000000..355c8e38903 --- /dev/null +++ b/queue-4.4/usb-musb-tusb6010-uninitialized-data-in-tusb_fifo_write_unaligned.patch @@ -0,0 +1,32 @@ +From 517c7bf99bad3d6b9360558414aae634b7472d80 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Thu, 16 Sep 2021 16:57:37 +0300 +Subject: usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() + +From: Dan Carpenter + +commit 517c7bf99bad3d6b9360558414aae634b7472d80 upstream. + +This is writing to the first 1 - 3 bytes of "val" and then writing all +four bytes to musb_writel(). The last byte is always going to be +garbage. Zero out the last bytes instead. + +Fixes: 550a7375fe72 ("USB: Add MUSB and TUSB support") +Signed-off-by: Dan Carpenter +Cc: stable +Link: https://lore.kernel.org/r/20210916135737.GI25094@kili +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/musb/tusb6010.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/usb/musb/tusb6010.c ++++ b/drivers/usb/musb/tusb6010.c +@@ -193,6 +193,7 @@ tusb_fifo_write_unaligned(void __iomem * + } + if (len > 0) { + /* Write the rest 1 - 3 bytes to FIFO */ ++ val = 0; + memcpy(&val, buf, len); + musb_writel(fifo, 0, val); + } diff --git a/queue-4.4/usb-serial-cp210x-add-id-for-gw-instek-gdm-834x-digital-multimeter.patch b/queue-4.4/usb-serial-cp210x-add-id-for-gw-instek-gdm-834x-digital-multimeter.patch new file mode 100644 index 00000000000..722ce159375 --- /dev/null +++ b/queue-4.4/usb-serial-cp210x-add-id-for-gw-instek-gdm-834x-digital-multimeter.patch @@ -0,0 +1,30 @@ +From 3bd18ba7d859eb1fbef3beb1e80c24f6f7d7596c Mon Sep 17 00:00:00 2001 +From: Uwe Brandt +Date: Tue, 21 Sep 2021 19:54:46 +0200 +Subject: USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter + +From: Uwe Brandt + +commit 3bd18ba7d859eb1fbef3beb1e80c24f6f7d7596c upstream. + +Add the USB serial device ID for the GW Instek GDM-834x Digital Multimeter. + +Signed-off-by: Uwe Brandt +Link: https://lore.kernel.org/r/YUxFl3YUCPGJZd8Y@hovoldconsulting.com +Cc: stable@vger.kernel.org +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/serial/cp210x.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/usb/serial/cp210x.c ++++ b/drivers/usb/serial/cp210x.c +@@ -230,6 +230,7 @@ static const struct usb_device_id id_tab + { USB_DEVICE(0x1FB9, 0x0602) }, /* Lake Shore Model 648 Magnet Power Supply */ + { USB_DEVICE(0x1FB9, 0x0700) }, /* Lake Shore Model 737 VSM Controller */ + { USB_DEVICE(0x1FB9, 0x0701) }, /* Lake Shore Model 776 Hall Matrix */ ++ { USB_DEVICE(0x2184, 0x0030) }, /* GW Instek GDM-834x Digital Multimeter */ + { USB_DEVICE(0x2626, 0xEA60) }, /* Aruba Networks 7xxx USB Serial Console */ + { USB_DEVICE(0x3195, 0xF190) }, /* Link Instruments MSO-19 */ + { USB_DEVICE(0x3195, 0xF280) }, /* Link Instruments MSO-28 */ diff --git a/queue-4.4/usb-serial-mos7840-remove-duplicated-0xac24-device-id.patch b/queue-4.4/usb-serial-mos7840-remove-duplicated-0xac24-device-id.patch new file mode 100644 index 00000000000..0429a199b79 --- /dev/null +++ b/queue-4.4/usb-serial-mos7840-remove-duplicated-0xac24-device-id.patch @@ -0,0 +1,39 @@ +From 211f323768a25b30c106fd38f15a0f62c7c2b5f4 Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Fri, 17 Sep 2021 11:18:47 +0200 +Subject: USB: serial: mos7840: remove duplicated 0xac24 device ID + +From: Krzysztof Kozlowski + +commit 211f323768a25b30c106fd38f15a0f62c7c2b5f4 upstream. + +0xac24 device ID is already defined and used via +BANDB_DEVICE_ID_USO9ML2_4. Remove the duplicate from the list. + +Fixes: 27f1281d5f72 ("USB: serial: Extra device/vendor ID for mos7840 driver") +Signed-off-by: Krzysztof Kozlowski +Cc: stable@vger.kernel.org +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/serial/mos7840.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/drivers/usb/serial/mos7840.c ++++ b/drivers/usb/serial/mos7840.c +@@ -126,7 +126,6 @@ + #define BANDB_DEVICE_ID_USOPTL4_2P 0xBC02 + #define BANDB_DEVICE_ID_USOPTL4_4 0xAC44 + #define BANDB_DEVICE_ID_USOPTL4_4P 0xBC03 +-#define BANDB_DEVICE_ID_USOPTL2_4 0xAC24 + + /* This driver also supports + * ATEN UC2324 device using Moschip MCS7840 +@@ -207,7 +206,6 @@ static const struct usb_device_id id_tab + {USB_DEVICE(USB_VENDOR_ID_BANDB, BANDB_DEVICE_ID_USOPTL4_2P)}, + {USB_DEVICE(USB_VENDOR_ID_BANDB, BANDB_DEVICE_ID_USOPTL4_4)}, + {USB_DEVICE(USB_VENDOR_ID_BANDB, BANDB_DEVICE_ID_USOPTL4_4P)}, +- {USB_DEVICE(USB_VENDOR_ID_BANDB, BANDB_DEVICE_ID_USOPTL2_4)}, + {USB_DEVICE(USB_VENDOR_ID_ATENINTL, ATENINTL_DEVICE_ID_UC2324)}, + {USB_DEVICE(USB_VENDOR_ID_ATENINTL, ATENINTL_DEVICE_ID_UC2322)}, + {USB_DEVICE(USB_VENDOR_ID_MOXA, MOXA_DEVICE_ID_2210)}, diff --git a/queue-4.4/usb-serial-option-add-device-id-for-foxconn-t99w265.patch b/queue-4.4/usb-serial-option-add-device-id-for-foxconn-t99w265.patch new file mode 100644 index 00000000000..c8ca882704f --- /dev/null +++ b/queue-4.4/usb-serial-option-add-device-id-for-foxconn-t99w265.patch @@ -0,0 +1,49 @@ +From 9e3eed534f8235a4a596a9dae5b8a6425d81ea1a Mon Sep 17 00:00:00 2001 +From: Slark Xiao +Date: Fri, 17 Sep 2021 19:01:06 +0800 +Subject: USB: serial: option: add device id for Foxconn T99W265 + +From: Slark Xiao + +commit 9e3eed534f8235a4a596a9dae5b8a6425d81ea1a upstream. + +Adding support for Foxconn device T99W265 for enumeration with +PID 0xe0db. + +usb-devices output for 0xe0db +T: Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 19 Spd=5000 MxCh= 0 +D: Ver= 3.20 Cls=ef(misc ) Sub=02 Prot=01 MxPS= 9 #Cfgs= 1 +P: Vendor=0489 ProdID=e0db Rev=05.04 +S: Manufacturer=Microsoft +S: Product=Generic Mobile Broadband Adapter +S: SerialNumber=6c50f452 +C: #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=896mA +I: If#=0x0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim +I: If#=0x1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim +I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option +I: If#=0x3 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) +I: If#=0x4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option + +if0/1: MBIM, if2:Diag, if3:GNSS, if4: Modem + +Signed-off-by: Slark Xiao +Link: https://lore.kernel.org/r/20210917110106.9852-1-slark_xiao@163.com +[ johan: use USB_DEVICE_INTERFACE_CLASS(), amend comment ] +Cc: stable@vger.kernel.org +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/serial/option.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/usb/serial/option.c ++++ b/drivers/usb/serial/option.c +@@ -2059,6 +2059,8 @@ static const struct usb_device_id option + .driver_info = RSVD(0) | RSVD(1) | RSVD(6) }, + { USB_DEVICE(0x0489, 0xe0b5), /* Foxconn T77W968 ESIM */ + .driver_info = RSVD(0) | RSVD(1) | RSVD(6) }, ++ { USB_DEVICE_INTERFACE_CLASS(0x0489, 0xe0db, 0xff), /* Foxconn T99W265 MBIM */ ++ .driver_info = RSVD(3) }, + { USB_DEVICE(0x1508, 0x1001), /* Fibocom NL668 (IOT version) */ + .driver_info = RSVD(4) | RSVD(5) | RSVD(6) }, + { USB_DEVICE(0x2cb7, 0x0104), /* Fibocom NL678 series */ diff --git a/queue-4.4/usb-serial-option-add-telit-ln920-compositions.patch b/queue-4.4/usb-serial-option-add-telit-ln920-compositions.patch new file mode 100644 index 00000000000..a7c660d02bd --- /dev/null +++ b/queue-4.4/usb-serial-option-add-telit-ln920-compositions.patch @@ -0,0 +1,43 @@ +From 7bb057134d609b9c038a00b6876cf0d37d0118ce Mon Sep 17 00:00:00 2001 +From: Carlo Lobrano +Date: Fri, 3 Sep 2021 14:39:13 +0200 +Subject: USB: serial: option: add Telit LN920 compositions + +From: Carlo Lobrano + +commit 7bb057134d609b9c038a00b6876cf0d37d0118ce upstream. + +This patch adds the following Telit LN920 compositions: + +0x1060: tty, adb, rmnet, tty, tty, tty, tty +0x1061: tty, adb, mbim, tty, tty, tty, tty +0x1062: rndis, tty, adb, tty, tty, tty, tty +0x1063: tty, adb, ecm, tty, tty, tty, tty + +Signed-off-by: Carlo Lobrano +Link: https://lore.kernel.org/r/20210903123913.1086513-1-c.lobrano@gmail.com +Reviewed-by: Daniele Palmas +Cc: stable@vger.kernel.org +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/serial/option.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/drivers/usb/serial/option.c ++++ b/drivers/usb/serial/option.c +@@ -1187,6 +1187,14 @@ static const struct usb_device_id option + .driver_info = NCTRL(0) | RSVD(1) }, + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1056, 0xff), /* Telit FD980 */ + .driver_info = NCTRL(2) | RSVD(3) }, ++ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1060, 0xff), /* Telit LN920 (rmnet) */ ++ .driver_info = NCTRL(0) | RSVD(1) | RSVD(2) }, ++ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1061, 0xff), /* Telit LN920 (MBIM) */ ++ .driver_info = NCTRL(0) | RSVD(1) }, ++ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1062, 0xff), /* Telit LN920 (RNDIS) */ ++ .driver_info = NCTRL(2) | RSVD(3) }, ++ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1063, 0xff), /* Telit LN920 (ECM) */ ++ .driver_info = NCTRL(0) | RSVD(1) }, + { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910), + .driver_info = NCTRL(0) | RSVD(1) | RSVD(3) }, + { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910_DUAL_MODEM), diff --git a/queue-4.4/usb-serial-option-remove-duplicate-usb-device-id.patch b/queue-4.4/usb-serial-option-remove-duplicate-usb-device-id.patch new file mode 100644 index 00000000000..fef55328103 --- /dev/null +++ b/queue-4.4/usb-serial-option-remove-duplicate-usb-device-id.patch @@ -0,0 +1,30 @@ +From 1ca200a8c6f079950a04ea3c3380fe8cf78e95a2 Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Fri, 17 Sep 2021 11:18:48 +0200 +Subject: USB: serial: option: remove duplicate USB device ID + +From: Krzysztof Kozlowski + +commit 1ca200a8c6f079950a04ea3c3380fe8cf78e95a2 upstream. + +The device ZTE 0x0094 is already on the list. + +Signed-off-by: Krzysztof Kozlowski +Fixes: b9e44fe5ecda ("USB: option: cleanup zte 3g-dongle's pid in option.c") +Cc: stable@vger.kernel.org +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/serial/option.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/usb/serial/option.c ++++ b/drivers/usb/serial/option.c +@@ -1640,7 +1640,6 @@ static const struct usb_device_id option + { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0060, 0xff, 0xff, 0xff) }, + { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0070, 0xff, 0xff, 0xff) }, + { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0073, 0xff, 0xff, 0xff) }, +- { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0094, 0xff, 0xff, 0xff) }, + { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0130, 0xff, 0xff, 0xff), + .driver_info = RSVD(1) }, + { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0133, 0xff, 0xff, 0xff), diff --git a/queue-4.4/xen-x86-fix-pv-trap-handling-on-secondary-processors.patch b/queue-4.4/xen-x86-fix-pv-trap-handling-on-secondary-processors.patch new file mode 100644 index 00000000000..fbee98afb3b --- /dev/null +++ b/queue-4.4/xen-x86-fix-pv-trap-handling-on-secondary-processors.patch @@ -0,0 +1,98 @@ +From 0594c58161b6e0f3da8efa9c6e3d4ba52b652717 Mon Sep 17 00:00:00 2001 +From: Jan Beulich +Date: Mon, 20 Sep 2021 18:15:11 +0200 +Subject: xen/x86: fix PV trap handling on secondary processors + +From: Jan Beulich + +commit 0594c58161b6e0f3da8efa9c6e3d4ba52b652717 upstream. + +The initial observation was that in PV mode under Xen 32-bit user space +didn't work anymore. Attempts of system calls ended in #GP(0x402). All +of the sudden the vector 0x80 handler was not in place anymore. As it +turns out up to 5.13 redundant initialization did occur: Once from +cpu_initialize_context() (through its VCPUOP_initialise hypercall) and a +2nd time while each CPU was brought fully up. This 2nd initialization is +now gone, uncovering that the 1st one was flawed: Unlike for the +set_trap_table hypercall, a full virtual IDT needs to be specified here; +the "vector" fields of the individual entries are of no interest. With +many (kernel) IDT entries still(?) (i.e. at that point at least) empty, +the syscall vector 0x80 ended up in slot 0x20 of the virtual IDT, thus +becoming the domain's handler for vector 0x20. + +Make xen_convert_trap_info() fit for either purpose, leveraging the fact +that on the xen_copy_trap_info() path the table starts out zero-filled. +This includes moving out the writing of the sentinel, which would also +have lead to a buffer overrun in the xen_copy_trap_info() case if all +(kernel) IDT entries were populated. Convert the writing of the sentinel +to clearing of the entire table entry rather than just the address +field. + +(I didn't bother trying to identify the commit which uncovered the issue +in 5.14; the commit named below is the one which actually introduced the +bad code.) + +Fixes: f87e4cac4f4e ("xen: SMP guest support") +Cc: stable@vger.kernel.org +Signed-off-by: Jan Beulich +Reviewed-by: Boris Ostrovsky +Link: https://lore.kernel.org/r/7a266932-092e-b68f-f2bb-1473b61adc6e@suse.com +Signed-off-by: Juergen Gross +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/xen/enlighten.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +--- a/arch/x86/xen/enlighten.c ++++ b/arch/x86/xen/enlighten.c +@@ -861,8 +861,8 @@ static void xen_write_idt_entry(gate_des + preempt_enable(); + } + +-static void xen_convert_trap_info(const struct desc_ptr *desc, +- struct trap_info *traps) ++static unsigned xen_convert_trap_info(const struct desc_ptr *desc, ++ struct trap_info *traps, bool full) + { + unsigned in, out, count; + +@@ -872,17 +872,18 @@ static void xen_convert_trap_info(const + for (in = out = 0; in < count; in++) { + gate_desc *entry = (gate_desc*)(desc->address) + in; + +- if (cvt_gate_to_trap(in, entry, &traps[out])) ++ if (cvt_gate_to_trap(in, entry, &traps[out]) || full) + out++; + } +- traps[out].address = 0; ++ ++ return out; + } + + void xen_copy_trap_info(struct trap_info *traps) + { + const struct desc_ptr *desc = this_cpu_ptr(&idt_desc); + +- xen_convert_trap_info(desc, traps); ++ xen_convert_trap_info(desc, traps, true); + } + + /* Load a new IDT into Xen. In principle this can be per-CPU, so we +@@ -892,6 +893,7 @@ static void xen_load_idt(const struct de + { + static DEFINE_SPINLOCK(lock); + static struct trap_info traps[257]; ++ unsigned out; + + trace_xen_cpu_load_idt(desc); + +@@ -899,7 +901,8 @@ static void xen_load_idt(const struct de + + memcpy(this_cpu_ptr(&idt_desc), desc, sizeof(idt_desc)); + +- xen_convert_trap_info(desc, traps); ++ out = xen_convert_trap_info(desc, traps, false); ++ memset(&traps[out], 0, sizeof(traps[0])); + + xen_mc_flush(); + if (HYPERVISOR_set_trap_table(traps))