From: Greg Kroah-Hartman Date: Thu, 1 Oct 2009 20:40:24 +0000 (-0700) Subject: .31 patches X-Git-Tag: v2.6.27.36~17 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e6ceac6255483b5fe82a38a413bde3225b045e58;p=thirdparty%2Fkernel%2Fstable-queue.git .31 patches --- diff --git a/queue-2.6.31/ath5k-do-not-release-irq-across-suspend-resume.patch b/queue-2.6.31/ath5k-do-not-release-irq-across-suspend-resume.patch new file mode 100644 index 00000000000..dd29d17c1ce --- /dev/null +++ b/queue-2.6.31/ath5k-do-not-release-irq-across-suspend-resume.patch @@ -0,0 +1,52 @@ +From 0d0cd72fa1e6bfd419c99478ec70b4877ed0ef86 Mon Sep 17 00:00:00 2001 +From: Bob Copeland +Date: Sat, 4 Jul 2009 12:59:54 -0400 +Subject: ath5k: do not release irq across suspend/resume + +From: Bob Copeland + +commit 0d0cd72fa1e6bfd419c99478ec70b4877ed0ef86 upstream. + +Paraphrasing Rafael J. Wysocki: "drivers should not release PCI IRQs +in suspend." Doing so causes a warning during suspend/resume on some +platforms. + +Cc: Rafael J. Wysocki +Reported-by: Alan Jenkins +Signed-off-by: Bob Copeland +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/ath/ath5k/base.c | 11 ----------- + 1 file changed, 11 deletions(-) + +--- a/drivers/net/wireless/ath/ath5k/base.c ++++ b/drivers/net/wireless/ath/ath5k/base.c +@@ -666,7 +666,6 @@ ath5k_pci_suspend(struct pci_dev *pdev, + + ath5k_led_off(sc); + +- free_irq(pdev->irq, sc); + pci_save_state(pdev); + pci_disable_device(pdev); + pci_set_power_state(pdev, PCI_D3hot); +@@ -694,18 +693,8 @@ ath5k_pci_resume(struct pci_dev *pdev) + */ + pci_write_config_byte(pdev, 0x41, 0); + +- err = request_irq(pdev->irq, ath5k_intr, IRQF_SHARED, "ath", sc); +- if (err) { +- ATH5K_ERR(sc, "request_irq failed\n"); +- goto err_no_irq; +- } +- + ath5k_led_enable(sc); + return 0; +- +-err_no_irq: +- pci_disable_device(pdev); +- return err; + } + #endif /* CONFIG_PM */ + diff --git a/queue-2.6.31/ath5k-wakeup-fixes.patch b/queue-2.6.31/ath5k-wakeup-fixes.patch new file mode 100644 index 00000000000..eaf2fa27653 --- /dev/null +++ b/queue-2.6.31/ath5k-wakeup-fixes.patch @@ -0,0 +1,303 @@ +From edd7fc7003f31da48d06e215a93ea966a22c2a03 Mon Sep 17 00:00:00 2001 +From: Nick Kossifidis +Date: Mon, 10 Aug 2009 03:29:02 +0300 +Subject: ath5k: Wakeup fixes + +From: Nick Kossifidis + +commit edd7fc7003f31da48d06e215a93ea966a22c2a03 upstream. + +* Don't put chip to full sleep because there are problems during + wakeup. Instead hold MAC/Baseband on warm reset state via a new + function ath5k_hw_on_hold. + + * Minor cleanups + +Signed-off-by: Nick Kossifidis +Tested-by: Ben Greear +Tested-by: Johannes Stezenbach +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/ath/ath5k/ath5k.h | 1 + drivers/net/wireless/ath/ath5k/attach.c | 2 + drivers/net/wireless/ath/ath5k/base.c | 44 ++++----- + drivers/net/wireless/ath/ath5k/reset.c | 155 +++++++++++++++++++++++--------- + 4 files changed, 140 insertions(+), 62 deletions(-) + +--- a/drivers/net/wireless/ath/ath5k/ath5k.h ++++ b/drivers/net/wireless/ath/ath5k/ath5k.h +@@ -1164,6 +1164,7 @@ extern void ath5k_unregister_leds(struct + + /* Reset Functions */ + extern int ath5k_hw_nic_wakeup(struct ath5k_hw *ah, int flags, bool initial); ++extern int ath5k_hw_on_hold(struct ath5k_hw *ah); + extern int ath5k_hw_reset(struct ath5k_hw *ah, enum nl80211_iftype op_mode, struct ieee80211_channel *channel, bool change_channel); + /* Power management functions */ + extern int ath5k_hw_set_power(struct ath5k_hw *ah, enum ath5k_power_mode mode, bool set_chip, u16 sleep_duration); +--- a/drivers/net/wireless/ath/ath5k/attach.c ++++ b/drivers/net/wireless/ath/ath5k/attach.c +@@ -145,7 +145,7 @@ struct ath5k_hw *ath5k_hw_attach(struct + goto err_free; + + /* Bring device out of sleep and reset it's units */ +- ret = ath5k_hw_nic_wakeup(ah, CHANNEL_B, true); ++ ret = ath5k_hw_nic_wakeup(ah, 0, true); + if (ret) + goto err_free; + +--- a/drivers/net/wireless/ath/ath5k/base.c ++++ b/drivers/net/wireless/ath/ath5k/base.c +@@ -2445,27 +2445,29 @@ ath5k_stop_hw(struct ath5k_softc *sc) + ret = ath5k_stop_locked(sc); + if (ret == 0 && !test_bit(ATH_STAT_INVALID, sc->status)) { + /* +- * Set the chip in full sleep mode. Note that we are +- * careful to do this only when bringing the interface +- * completely to a stop. When the chip is in this state +- * it must be carefully woken up or references to +- * registers in the PCI clock domain may freeze the bus +- * (and system). This varies by chip and is mostly an +- * issue with newer parts that go to sleep more quickly. +- */ +- if (sc->ah->ah_mac_srev >= 0x78) { +- /* +- * XXX +- * don't put newer MAC revisions > 7.8 to sleep because +- * of the above mentioned problems +- */ +- ATH5K_DBG(sc, ATH5K_DEBUG_RESET, "mac version > 7.8, " +- "not putting device to sleep\n"); +- } else { +- ATH5K_DBG(sc, ATH5K_DEBUG_RESET, +- "putting device to full sleep\n"); +- ath5k_hw_set_power(sc->ah, AR5K_PM_FULL_SLEEP, true, 0); +- } ++ * Don't set the card in full sleep mode! ++ * ++ * a) When the device is in this state it must be carefully ++ * woken up or references to registers in the PCI clock ++ * domain may freeze the bus (and system). This varies ++ * by chip and is mostly an issue with newer parts ++ * (madwifi sources mentioned srev >= 0x78) that go to ++ * sleep more quickly. ++ * ++ * b) On older chips full sleep results a weird behaviour ++ * during wakeup. I tested various cards with srev < 0x78 ++ * and they don't wake up after module reload, a second ++ * module reload is needed to bring the card up again. ++ * ++ * Until we figure out what's going on don't enable ++ * full chip reset on any chip (this is what Legacy HAL ++ * and Sam's HAL do anyway). Instead Perform a full reset ++ * on the device (same as initial state after attach) and ++ * leave it idle (keep MAC/BB on warm reset) */ ++ ret = ath5k_hw_on_hold(sc->ah); ++ ++ ATH5K_DBG(sc, ATH5K_DEBUG_RESET, ++ "putting device to sleep\n"); + } + ath5k_txbuf_free(sc, sc->bbuf); + +--- a/drivers/net/wireless/ath/ath5k/reset.c ++++ b/drivers/net/wireless/ath/ath5k/reset.c +@@ -258,29 +258,35 @@ int ath5k_hw_set_power(struct ath5k_hw * + if (!set_chip) + goto commit; + +- /* Preserve sleep duration */ + data = ath5k_hw_reg_read(ah, AR5K_SLEEP_CTL); ++ ++ /* If card is down we 'll get 0xffff... so we ++ * need to clean this up before we write the register ++ */ + if (data & 0xffc00000) + data = 0; + else +- data = data & 0xfffcffff; ++ /* Preserve sleep duration etc */ ++ data = data & ~AR5K_SLEEP_CTL_SLE; + +- ath5k_hw_reg_write(ah, data, AR5K_SLEEP_CTL); ++ ath5k_hw_reg_write(ah, data | AR5K_SLEEP_CTL_SLE_WAKE, ++ AR5K_SLEEP_CTL); + udelay(15); + +- for (i = 50; i > 0; i--) { ++ for (i = 200; i > 0; i--) { + /* Check if the chip did wake up */ + if ((ath5k_hw_reg_read(ah, AR5K_PCICFG) & + AR5K_PCICFG_SPWR_DN) == 0) + break; + + /* Wait a bit and retry */ +- udelay(200); +- ath5k_hw_reg_write(ah, data, AR5K_SLEEP_CTL); ++ udelay(50); ++ ath5k_hw_reg_write(ah, data | AR5K_SLEEP_CTL_SLE_WAKE, ++ AR5K_SLEEP_CTL); + } + + /* Fail if the chip didn't wake up */ +- if (i <= 0) ++ if (i == 0) + return -EIO; + + break; +@@ -297,6 +303,64 @@ commit: + } + + /* ++ * Put device on hold ++ * ++ * Put MAC and Baseband on warm reset and ++ * keep that state (don't clean sleep control ++ * register). After this MAC and Baseband are ++ * disabled and a full reset is needed to come ++ * back. This way we save as much power as possible ++ * without puting the card on full sleep. ++ */ ++int ath5k_hw_on_hold(struct ath5k_hw *ah) ++{ ++ struct pci_dev *pdev = ah->ah_sc->pdev; ++ u32 bus_flags; ++ int ret; ++ ++ /* Make sure device is awake */ ++ ret = ath5k_hw_set_power(ah, AR5K_PM_AWAKE, true, 0); ++ if (ret) { ++ ATH5K_ERR(ah->ah_sc, "failed to wakeup the MAC Chip\n"); ++ return ret; ++ } ++ ++ /* ++ * Put chipset on warm reset... ++ * ++ * Note: puting PCI core on warm reset on PCI-E cards ++ * results card to hang and always return 0xffff... so ++ * we ingore that flag for PCI-E cards. On PCI cards ++ * this flag gets cleared after 64 PCI clocks. ++ */ ++ bus_flags = (pdev->is_pcie) ? 0 : AR5K_RESET_CTL_PCI; ++ ++ if (ah->ah_version == AR5K_AR5210) { ++ ret = ath5k_hw_nic_reset(ah, AR5K_RESET_CTL_PCU | ++ AR5K_RESET_CTL_MAC | AR5K_RESET_CTL_DMA | ++ AR5K_RESET_CTL_PHY | AR5K_RESET_CTL_PCI); ++ mdelay(2); ++ } else { ++ ret = ath5k_hw_nic_reset(ah, AR5K_RESET_CTL_PCU | ++ AR5K_RESET_CTL_BASEBAND | bus_flags); ++ } ++ ++ if (ret) { ++ ATH5K_ERR(ah->ah_sc, "failed to put device on warm reset\n"); ++ return -EIO; ++ } ++ ++ /* ...wakeup again!*/ ++ ret = ath5k_hw_set_power(ah, AR5K_PM_AWAKE, true, 0); ++ if (ret) { ++ ATH5K_ERR(ah->ah_sc, "failed to put device on hold\n"); ++ return ret; ++ } ++ ++ return ret; ++} ++ ++/* + * Bring up MAC + PHY Chips and program PLL + * TODO: Half/Quarter rate support + */ +@@ -319,6 +383,50 @@ int ath5k_hw_nic_wakeup(struct ath5k_hw + return ret; + } + ++ /* ++ * Put chipset on warm reset... ++ * ++ * Note: puting PCI core on warm reset on PCI-E cards ++ * results card to hang and always return 0xffff... so ++ * we ingore that flag for PCI-E cards. On PCI cards ++ * this flag gets cleared after 64 PCI clocks. ++ */ ++ bus_flags = (pdev->is_pcie) ? 0 : AR5K_RESET_CTL_PCI; ++ ++ if (ah->ah_version == AR5K_AR5210) { ++ ret = ath5k_hw_nic_reset(ah, AR5K_RESET_CTL_PCU | ++ AR5K_RESET_CTL_MAC | AR5K_RESET_CTL_DMA | ++ AR5K_RESET_CTL_PHY | AR5K_RESET_CTL_PCI); ++ mdelay(2); ++ } else { ++ ret = ath5k_hw_nic_reset(ah, AR5K_RESET_CTL_PCU | ++ AR5K_RESET_CTL_BASEBAND | bus_flags); ++ } ++ ++ if (ret) { ++ ATH5K_ERR(ah->ah_sc, "failed to reset the MAC Chip\n"); ++ return -EIO; ++ } ++ ++ /* ...wakeup again!...*/ ++ ret = ath5k_hw_set_power(ah, AR5K_PM_AWAKE, true, 0); ++ if (ret) { ++ ATH5K_ERR(ah->ah_sc, "failed to resume the MAC Chip\n"); ++ return ret; ++ } ++ ++ /* ...clear reset control register and pull device out of ++ * warm reset */ ++ if (ath5k_hw_nic_reset(ah, 0)) { ++ ATH5K_ERR(ah->ah_sc, "failed to warm reset the MAC Chip\n"); ++ return -EIO; ++ } ++ ++ /* On initialization skip PLL programming since we don't have ++ * a channel / mode set yet */ ++ if (initial) ++ return 0; ++ + if (ah->ah_version != AR5K_AR5210) { + /* + * Get channel mode flags +@@ -384,39 +492,6 @@ int ath5k_hw_nic_wakeup(struct ath5k_hw + AR5K_PHY_TURBO); + } + +- /* reseting PCI on PCI-E cards results card to hang +- * and always return 0xffff... so we ingore that flag +- * for PCI-E cards */ +- bus_flags = (pdev->is_pcie) ? 0 : AR5K_RESET_CTL_PCI; +- +- /* Reset chipset */ +- if (ah->ah_version == AR5K_AR5210) { +- ret = ath5k_hw_nic_reset(ah, AR5K_RESET_CTL_PCU | +- AR5K_RESET_CTL_MAC | AR5K_RESET_CTL_DMA | +- AR5K_RESET_CTL_PHY | AR5K_RESET_CTL_PCI); +- mdelay(2); +- } else { +- ret = ath5k_hw_nic_reset(ah, AR5K_RESET_CTL_PCU | +- AR5K_RESET_CTL_BASEBAND | bus_flags); +- } +- if (ret) { +- ATH5K_ERR(ah->ah_sc, "failed to reset the MAC Chip\n"); +- return -EIO; +- } +- +- /* ...wakeup again!*/ +- ret = ath5k_hw_set_power(ah, AR5K_PM_AWAKE, true, 0); +- if (ret) { +- ATH5K_ERR(ah->ah_sc, "failed to resume the MAC Chip\n"); +- return ret; +- } +- +- /* ...final warm reset */ +- if (ath5k_hw_nic_reset(ah, 0)) { +- ATH5K_ERR(ah->ah_sc, "failed to warm reset the MAC Chip\n"); +- return -EIO; +- } +- + if (ah->ah_version != AR5K_AR5210) { + + /* ...update PLL if needed */ diff --git a/queue-2.6.31/fix-null-ptr-regression-in-powernow-k8.patch b/queue-2.6.31/fix-null-ptr-regression-in-powernow-k8.patch new file mode 100644 index 00000000000..f0c6d849a3a --- /dev/null +++ b/queue-2.6.31/fix-null-ptr-regression-in-powernow-k8.patch @@ -0,0 +1,77 @@ +From f0adb134d8dc9993a9998dc50845ec4f6ff4fadc Mon Sep 17 00:00:00 2001 +From: Kurt Roeckx +Date: Wed, 16 Sep 2009 11:09:32 -0400 +Subject: [CPUFREQ] Fix NULL ptr regression in powernow-k8 + +From: Kurt Roeckx + +commit f0adb134d8dc9993a9998dc50845ec4f6ff4fadc upstream. + +Fixes bugzilla #13780 + +From: Kurt Roeckx +Signed-off-by: Dave Jones +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/cpufreq/powernow-k8.c | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +--- a/arch/x86/kernel/cpu/cpufreq/powernow-k8.c ++++ b/arch/x86/kernel/cpu/cpufreq/powernow-k8.c +@@ -605,9 +605,10 @@ static int check_pst_table(struct powern + return 0; + } + +-static void invalidate_entry(struct powernow_k8_data *data, unsigned int entry) ++static void invalidate_entry(struct cpufreq_frequency_table *powernow_table, ++ unsigned int entry) + { +- data->powernow_table[entry].frequency = CPUFREQ_ENTRY_INVALID; ++ powernow_table[entry].frequency = CPUFREQ_ENTRY_INVALID; + } + + static void print_basics(struct powernow_k8_data *data) +@@ -914,13 +915,13 @@ static int fill_powernow_table_pstate(st + "bad value %d.\n", i, index); + printk(KERN_ERR PFX "Please report to BIOS " + "manufacturer\n"); +- invalidate_entry(data, i); ++ invalidate_entry(powernow_table, i); + continue; + } + rdmsr(MSR_PSTATE_DEF_BASE + index, lo, hi); + if (!(hi & HW_PSTATE_VALID_MASK)) { + dprintk("invalid pstate %d, ignoring\n", index); +- invalidate_entry(data, i); ++ invalidate_entry(powernow_table, i); + continue; + } + +@@ -970,7 +971,7 @@ static int fill_powernow_table_fidvid(st + /* verify frequency is OK */ + if ((freq > (MAX_FREQ * 1000)) || (freq < (MIN_FREQ * 1000))) { + dprintk("invalid freq %u kHz, ignoring\n", freq); +- invalidate_entry(data, i); ++ invalidate_entry(powernow_table, i); + continue; + } + +@@ -978,7 +979,7 @@ static int fill_powernow_table_fidvid(st + * BIOSs are using "off" to indicate invalid */ + if (vid == VID_OFF) { + dprintk("invalid vid %u, ignoring\n", vid); +- invalidate_entry(data, i); ++ invalidate_entry(powernow_table, i); + continue; + } + +@@ -1009,7 +1010,7 @@ static int fill_powernow_table_fidvid(st + (unsigned int) + (data->acpi_data.states[i].core_frequency + * 1000)); +- invalidate_entry(data, i); ++ invalidate_entry(powernow_table, i); + continue; + } + } diff --git a/queue-2.6.31/kvm-fix-cpuid-e2big-handling-for-extended-request-types.patch b/queue-2.6.31/kvm-fix-cpuid-e2big-handling-for-extended-request-types.patch new file mode 100644 index 00000000000..7ad99bf27b3 --- /dev/null +++ b/queue-2.6.31/kvm-fix-cpuid-e2big-handling-for-extended-request-types.patch @@ -0,0 +1,38 @@ +From mtosatti@redhat.com Thu Oct 1 13:01:54 2009 +From: Marcelo Tosatti +Date: Fri, 18 Sep 2009 17:29:25 -0300 +Subject: KVM: fix cpuid E2BIG handling for extended request types +To: stable@kernel.org +Cc: Mark McLoughlin , avi@redhat.com +Message-ID: <1253305768-30438-2-git-send-email-mtosatti@redhat.com> + + +From: Mark McLoughlin + +(cherry picked from commit cb007648de83cf226d69ec76e1c01848b4e8e49f) + +If we run out of cpuid entries for extended request types +we should return -E2BIG, just like we do for the standard +request types. + +Signed-off-by: Mark McLoughlin +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/x86.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -1448,6 +1448,10 @@ static int kvm_dev_ioctl_get_supported_c + for (func = 0x80000001; func <= limit && nent < cpuid->nent; ++func) + do_cpuid_ent(&cpuid_entries[nent], func, 0, + &nent, cpuid->nent); ++ r = -E2BIG; ++ if (nent >= cpuid->nent) ++ goto out_free; ++ + r = -EFAULT; + if (copy_to_user(entries, cpuid_entries, + nent * sizeof(struct kvm_cpuid_entry2))) diff --git a/queue-2.6.31/kvm-mmu-fix-bogus-alloc_mmu_pages-assignment.patch b/queue-2.6.31/kvm-mmu-fix-bogus-alloc_mmu_pages-assignment.patch new file mode 100644 index 00000000000..e9e04e81a6e --- /dev/null +++ b/queue-2.6.31/kvm-mmu-fix-bogus-alloc_mmu_pages-assignment.patch @@ -0,0 +1,42 @@ +From mtosatti@redhat.com Thu Oct 1 13:03:13 2009 +From: Marcelo Tosatti +Date: Fri, 18 Sep 2009 17:29:27 -0300 +Subject: KVM: MMU: fix bogus alloc_mmu_pages assignment +To: stable@kernel.org +Cc: Marcelo Tosatti , avi@redhat.com +Message-ID: <1253305768-30438-4-git-send-email-mtosatti@redhat.com> + +From: Marcelo Tosatti + +(cherry picked from commit b90c062c65cc8839edfac39778a37a55ca9bda36) + +Remove the bogus n_free_mmu_pages assignment from alloc_mmu_pages. + +It breaks accounting of mmu pages, since n_free_mmu_pages is modified +but the real number of pages remains the same. + +Signed-off-by: Marcelo Tosatti +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/mmu.c | 8 -------- + 1 file changed, 8 deletions(-) + +--- a/arch/x86/kvm/mmu.c ++++ b/arch/x86/kvm/mmu.c +@@ -2713,14 +2713,6 @@ static int alloc_mmu_pages(struct kvm_vc + + ASSERT(vcpu); + +- spin_lock(&vcpu->kvm->mmu_lock); +- if (vcpu->kvm->arch.n_requested_mmu_pages) +- vcpu->kvm->arch.n_free_mmu_pages = +- vcpu->kvm->arch.n_requested_mmu_pages; +- else +- vcpu->kvm->arch.n_free_mmu_pages = +- vcpu->kvm->arch.n_alloc_mmu_pages; +- spin_unlock(&vcpu->kvm->mmu_lock); + /* + * When emulating 32-bit mode, cr3 is only 32 bits even on x86_64. + * Therefore we need to allocate shadow page tables in the first diff --git a/queue-2.6.31/kvm-mmu-fix-missing-locking-in-alloc_mmu_pages.patch b/queue-2.6.31/kvm-mmu-fix-missing-locking-in-alloc_mmu_pages.patch new file mode 100644 index 00000000000..feff79935df --- /dev/null +++ b/queue-2.6.31/kvm-mmu-fix-missing-locking-in-alloc_mmu_pages.patch @@ -0,0 +1,43 @@ +From mtosatti@redhat.com Thu Oct 1 13:02:49 2009 +From: Marcelo Tosatti +Date: Fri, 18 Sep 2009 17:29:26 -0300 +Subject: KVM: MMU: fix missing locking in alloc_mmu_pages +To: stable@kernel.org +Cc: Marcelo Tosatti , avi@redhat.com +Message-ID: <1253305768-30438-3-git-send-email-mtosatti@redhat.com> + +From: Marcelo Tosatti + +(cherry picked from commit 6a1ac77110ee3e8d8dfdef8442f3b30b3d83e6a2) + +n_requested_mmu_pages/n_free_mmu_pages are used by +kvm_mmu_change_mmu_pages to calculate the number of pages to zap. + +alloc_mmu_pages, called from the vcpu initialization path, modifies this +variables without proper locking, which can result in a negative value +in kvm_mmu_change_mmu_pages (say, with cpu hotplug). + +Signed-off-by: Marcelo Tosatti +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/mmu.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/x86/kvm/mmu.c ++++ b/arch/x86/kvm/mmu.c +@@ -2713,12 +2713,14 @@ static int alloc_mmu_pages(struct kvm_vc + + ASSERT(vcpu); + ++ spin_lock(&vcpu->kvm->mmu_lock); + if (vcpu->kvm->arch.n_requested_mmu_pages) + vcpu->kvm->arch.n_free_mmu_pages = + vcpu->kvm->arch.n_requested_mmu_pages; + else + vcpu->kvm->arch.n_free_mmu_pages = + vcpu->kvm->arch.n_alloc_mmu_pages; ++ spin_unlock(&vcpu->kvm->mmu_lock); + /* + * When emulating 32-bit mode, cr3 is only 32 bits even on x86_64. + * Therefore we need to allocate shadow page tables in the first diff --git a/queue-2.6.31/kvm-protect-update_cr8_intercept-when-running-without-an-apic.patch b/queue-2.6.31/kvm-protect-update_cr8_intercept-when-running-without-an-apic.patch new file mode 100644 index 00000000000..d643340da68 --- /dev/null +++ b/queue-2.6.31/kvm-protect-update_cr8_intercept-when-running-without-an-apic.patch @@ -0,0 +1,35 @@ +From mtosatti@redhat.com Thu Oct 1 13:03:34 2009 +From: Marcelo Tosatti +Date: Fri, 18 Sep 2009 17:29:28 -0300 +Subject: KVM: Protect update_cr8_intercept() when running without an apic +To: stable@kernel.org +Cc: Avi Kivity +Message-ID: <1253305768-30438-5-git-send-email-mtosatti@redhat.com> + +From: Avi Kivity + +(cherry picked from commit 88c808fd42b53a7e01a2ac3253ef31fef74cb5af) + +update_cr8_intercept() can be triggered from userspace while there +is no apic present. + +Signed-off-by: Avi Kivity +Cc: Marcelo Tosatti +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/x86.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -3202,6 +3202,9 @@ static void update_cr8_intercept(struct + if (!kvm_x86_ops->update_cr8_intercept) + return; + ++ if (!vcpu->arch.apic) ++ return; ++ + if (!vcpu->arch.apic->vapic_addr) + max_irr = kvm_lapic_find_highest_irr(vcpu); + else diff --git a/queue-2.6.31/kvm-vmx-fix-ept-with-wp-bit-change-during-paging.patch b/queue-2.6.31/kvm-vmx-fix-ept-with-wp-bit-change-during-paging.patch new file mode 100644 index 00000000000..ac7318cfedc --- /dev/null +++ b/queue-2.6.31/kvm-vmx-fix-ept-with-wp-bit-change-during-paging.patch @@ -0,0 +1,45 @@ +From sheng@linux.intel.com Thu Oct 1 12:59:22 2009 +From: Sheng Yang +Date: Thu, 17 Sep 2009 10:42:04 +0800 +Subject: KVM: VMX: Fix EPT with WP bit change during paging +To: Greg KH +Cc: Avi Kivity , Sheng Yang , stable@kernel.org +Message-ID: <1253155324-30842-1-git-send-email-sheng@linux.intel.com> + +From: Sheng Yang + +commit 95eb84a7588d7d7afd3096807efc052adc7479e1 upstream + +QNX update WP bit when paging enabled, which is not covered yet. This one +fix QNX boot with EPT. + +Signed-off-by: Sheng Yang +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman + +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -1572,7 +1572,6 @@ static void ept_update_paging_mode_cr0(unsigned long *hw_cr0, + vcpu->arch.cr0 = cr0; + vmx_set_cr4(vcpu, vcpu->arch.cr4); + *hw_cr0 |= X86_CR0_PE | X86_CR0_PG; +- *hw_cr0 &= ~X86_CR0_WP; + } else if (!is_paging(vcpu)) { + /* From nonpaging to paging */ + vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, +@@ -1581,9 +1580,10 @@ static void ept_update_paging_mode_cr0(unsigned long *hw_cr0, + CPU_BASED_CR3_STORE_EXITING)); + vcpu->arch.cr0 = cr0; + vmx_set_cr4(vcpu, vcpu->arch.cr4); +- if (!(vcpu->arch.cr0 & X86_CR0_WP)) +- *hw_cr0 &= ~X86_CR0_WP; + } ++ ++ if (!(cr0 & X86_CR0_WP)) ++ *hw_cr0 &= ~X86_CR0_WP; + } + + static void ept_update_paging_mode_cr4(unsigned long *hw_cr4, +-- +1.5.4.5 + diff --git a/queue-2.6.31/netfilter-bridge-refcount-fix.patch b/queue-2.6.31/netfilter-bridge-refcount-fix.patch new file mode 100644 index 00000000000..f9734bbddd1 --- /dev/null +++ b/queue-2.6.31/netfilter-bridge-refcount-fix.patch @@ -0,0 +1,42 @@ +From kaber@trash.net Thu Oct 1 13:35:28 2009 +From: Patrick McHardy +Date: Thu, 17 Sep 2009 13:58:29 +0200 (MEST) +Subject: netfilter: bridge: refcount fix +To: stable@kernel.org +Cc: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, Patrick McHardy , davem@davemloft.net +Message-ID: <20090917115827.12728.41214.sendpatchset@x2.localnet> + + +From: Patrick McHardy + +netfilter: bridge: refcount fix + +Upstream commit f3abc9b9: + +commit f216f082b2b37c4943f1e7c393e2786648d48f6f +([NETFILTER]: bridge netfilter: deal with martians correctly) +added a refcount leak on in_dev. + +Instead of using in_dev_get(), we can use __in_dev_get_rcu(), +as netfilter hooks are running under rcu_read_lock(), as pointed +by Patrick. + +Signed-off-by: Eric Dumazet +Signed-off-by: Patrick McHardy +Signed-off-by: Greg Kroah-Hartman + +--- + net/bridge/br_netfilter.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/bridge/br_netfilter.c ++++ b/net/bridge/br_netfilter.c +@@ -359,7 +359,7 @@ static int br_nf_pre_routing_finish(stru + }, + .proto = 0, + }; +- struct in_device *in_dev = in_dev_get(dev); ++ struct in_device *in_dev = __in_dev_get_rcu(dev); + + /* If err equals -EHOSTUNREACH the error is due to a + * martian destination or due to the fact that diff --git a/queue-2.6.31/netfilter-ebt_ulog-fix-checkentry-return-value.patch b/queue-2.6.31/netfilter-ebt_ulog-fix-checkentry-return-value.patch new file mode 100644 index 00000000000..47491476481 --- /dev/null +++ b/queue-2.6.31/netfilter-ebt_ulog-fix-checkentry-return-value.patch @@ -0,0 +1,37 @@ +From kaber@trash.net Thu Oct 1 13:36:34 2009 +From: Patrick McHardy +Date: Thu, 17 Sep 2009 13:58:30 +0200 (MEST) +Subject: netfilter: ebt_ulog: fix checkentry return value +To: stable@kernel.org +Cc: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, Patrick McHardy , davem@davemloft.net +Message-ID: <20090917115828.12728.63548.sendpatchset@x2.localnet> + + +From: Patrick McHardy + +netfilter: ebt_ulog: fix checkentry return value + +Upstream commit 8a56df0a: + +Commit 19eda87 (netfilter: change return types of check functions for +Ebtables extensions) broke the ebtables ulog module by missing a return +value conversion. + +Signed-off-by: Patrick McHardy +Signed-off-by: Greg Kroah-Hartman + +--- + net/bridge/netfilter/ebt_ulog.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/bridge/netfilter/ebt_ulog.c ++++ b/net/bridge/netfilter/ebt_ulog.c +@@ -266,7 +266,7 @@ static bool ebt_ulog_tg_check(const stru + if (uloginfo->qthreshold > EBT_ULOG_MAX_QLEN) + uloginfo->qthreshold = EBT_ULOG_MAX_QLEN; + +- return 0; ++ return true; + } + + static struct xt_target ebt_ulog_tg_reg __read_mostly = { diff --git a/queue-2.6.31/netfilter-nf_conntrack-netns-fix-re-reliable-conntrack-event-delivery.patch b/queue-2.6.31/netfilter-nf_conntrack-netns-fix-re-reliable-conntrack-event-delivery.patch new file mode 100644 index 00000000000..ebd81b7fa84 --- /dev/null +++ b/queue-2.6.31/netfilter-nf_conntrack-netns-fix-re-reliable-conntrack-event-delivery.patch @@ -0,0 +1,54 @@ +From kaber@trash.net Thu Oct 1 13:34:13 2009 +From: Patrick McHardy +Date: Thu, 17 Sep 2009 13:58:28 +0200 (MEST) +Subject: netfilter: nf_conntrack: netns fix re reliable conntrack event delivery +To: stable@kernel.org +Cc: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, Patrick McHardy , davem@davemloft.net +Message-ID: <20090917115825.12728.69202.sendpatchset@x2.localnet> + + +From: Patrick McHardy + +netfilter: nf_conntrack: netns fix re reliable conntrack event delivery + +Upstream commit ee254fa4: + +Conntracks in netns other than init_net dying list were never killed. + +Signed-off-by: Alexey Dobriyan +Acked-by: Pablo Neira Ayuso +Signed-off-by: Patrick McHardy +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nf_conntrack_core.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/net/netfilter/nf_conntrack_core.c ++++ b/net/netfilter/nf_conntrack_core.c +@@ -1089,14 +1089,14 @@ void nf_conntrack_flush_report(struct ne + } + EXPORT_SYMBOL_GPL(nf_conntrack_flush_report); + +-static void nf_ct_release_dying_list(void) ++static void nf_ct_release_dying_list(struct net *net) + { + struct nf_conntrack_tuple_hash *h; + struct nf_conn *ct; + struct hlist_nulls_node *n; + + spin_lock_bh(&nf_conntrack_lock); +- hlist_nulls_for_each_entry(h, n, &init_net.ct.dying, hnnode) { ++ hlist_nulls_for_each_entry(h, n, &net->ct.dying, hnnode) { + ct = nf_ct_tuplehash_to_ctrack(h); + /* never fails to remove them, no listeners at this point */ + nf_ct_kill(ct); +@@ -1115,7 +1115,7 @@ static void nf_conntrack_cleanup_net(str + { + i_see_dead_people: + nf_ct_iterate_cleanup(net, kill_all, NULL); +- nf_ct_release_dying_list(); ++ nf_ct_release_dying_list(net); + if (atomic_read(&net->ct.count) != 0) { + schedule(); + goto i_see_dead_people; diff --git a/queue-2.6.31/netfilter-nf_nat-fix-inverted-logic-for-persistent-nat-mappings.patch b/queue-2.6.31/netfilter-nf_nat-fix-inverted-logic-for-persistent-nat-mappings.patch new file mode 100644 index 00000000000..8dea1d592bb --- /dev/null +++ b/queue-2.6.31/netfilter-nf_nat-fix-inverted-logic-for-persistent-nat-mappings.patch @@ -0,0 +1,46 @@ +From kaber@trash.net Thu Oct 1 13:33:05 2009 +From: Patrick McHardy +Date: Thu, 17 Sep 2009 13:58:26 +0200 (MEST) +Subject: netfilter: nf_nat: fix inverted logic for persistent NAT mappings +To: stable@kernel.org +Cc: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, Patrick McHardy , davem@davemloft.net +Message-ID: <20090917115824.12728.59451.sendpatchset@x2.localnet> + + +From: Patrick McHardy + +netfilter: nf_nat: fix inverted logic for persistent NAT mappings + +Upstream commit cce5a5c3: + +Kernel 2.6.30 introduced a patch [1] for the persistent option in the +netfilter SNAT target. This is exactly what we need here so I had a quick look +at the code and noticed that the patch is wrong. The logic is simply inverted. +The patch below fixes this. + +Also note that because of this the default behavior of the SNAT target has +changed since kernel 2.6.30 as it now ignores the destination IP in choosing +the source IP for nating (which should only be the case if the persistent +option is set). + +[1] http://git.eu.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=98d500d66cb7940747b424b245fc6a51ecfbf005 + +Signed-off-by: Maximilian Engelhardt +Signed-off-by: Patrick McHardy +Signed-off-by: Greg Kroah-Hartman + +--- + net/ipv4/netfilter/nf_nat_core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/ipv4/netfilter/nf_nat_core.c ++++ b/net/ipv4/netfilter/nf_nat_core.c +@@ -212,7 +212,7 @@ find_best_ips_proto(struct nf_conntrack_ + maxip = ntohl(range->max_ip); + j = jhash_2words((__force u32)tuple->src.u3.ip, + range->flags & IP_NAT_RANGE_PERSISTENT ? +- (__force u32)tuple->dst.u3.ip : 0, 0); ++ 0 : (__force u32)tuple->dst.u3.ip, 0); + j = ((u64)j * (maxip - minip + 1)) >> 32; + *var_ipp = htonl(minip + j); + } diff --git a/queue-2.6.31/perf-tools-do-not-complain-if-root-is-owning-perf.data.patch b/queue-2.6.31/perf-tools-do-not-complain-if-root-is-owning-perf.data.patch new file mode 100644 index 00000000000..af54f9ae8c6 --- /dev/null +++ b/queue-2.6.31/perf-tools-do-not-complain-if-root-is-owning-perf.data.patch @@ -0,0 +1,60 @@ +From pierre.habouzit@intersec.com Thu Oct 1 13:30:38 2009 +From: Pierre Habouzit +Date: Thu, 17 Sep 2009 09:47:09 +0200 +Subject: perf tools: do not complain if root is owning perf.data +To: Greg KH +Cc: Ingo Molnar , Paul Mackerras , Peter Zijlstra , stable@kernel.org +Message-ID: <20090917074708.GE22131@laphroaig.corp> +Content-Disposition: inline + +From: Pierre Habouzit + +commit 119e7a22bb70d84849384e5113792cd45afa4f85 upstream. + +This improves patch fa6963b24 so that perf.data stuff that has +been dumped as root can be read (annotate/report) by a user +without the use of the --force. + +Rationale is that root has plenty of ways to screw us (usually) +that do not require twisted schemes involving specially +crafting a perf.data. + +Signed-off-by: Pierre Habouzit +Cc: Paul Mackerras +Cc: Peter Zijlstra +LKML-Reference: <20090827075902.GF19653@laphroaig.corp> +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + + +--- + tools/perf/builtin-annotate.c | 4 ++-- + tools/perf/builtin-report.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +--- a/tools/perf/builtin-annotate.c ++++ b/tools/perf/builtin-annotate.c +@@ -1335,8 +1335,8 @@ static int __cmd_annotate(void) + exit(-1); + } + +- if (!force && (stat.st_uid != geteuid())) { +- fprintf(stderr, "file: %s not owned by current user\n", input_name); ++ if (!force && stat.st_uid && (stat.st_uid != geteuid())) { ++ fprintf(stderr, "file: %s not owned by current user or root\n", input_name); + exit(-1); + } + +--- a/tools/perf/builtin-report.c ++++ b/tools/perf/builtin-report.c +@@ -1857,8 +1857,8 @@ static int __cmd_report(void) + exit(-1); + } + +- if (!force && (stat.st_uid != geteuid())) { +- fprintf(stderr, "file: %s not owned by current user\n", input_name); ++ if (!force && stat.st_uid && (stat.st_uid != geteuid())) { ++ fprintf(stderr, "file: %s not owned by current user or root\n", input_name); + exit(-1); + } + diff --git a/queue-2.6.31/pty_write-don-t-do-a-tty_wakeup-when-the-buffers-are-full.patch b/queue-2.6.31/pty_write-don-t-do-a-tty_wakeup-when-the-buffers-are-full.patch new file mode 100644 index 00000000000..381a93200a4 --- /dev/null +++ b/queue-2.6.31/pty_write-don-t-do-a-tty_wakeup-when-the-buffers-are-full.patch @@ -0,0 +1,51 @@ +From 202c4675c55ddf6b443c7e057d2dff6b42ef71aa Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Fri, 18 Sep 2009 07:05:58 -0700 +Subject: pty_write: don't do a tty_wakeup() when the buffers are full + +From: Linus Torvalds + +commit 202c4675c55ddf6b443c7e057d2dff6b42ef71aa upstream. + +Commit ac89a9174 ("pty: don't limit the writes to 'pty_space()' inside +'pty_write()'") removed the pty_space() checking, in order to let the +regular tty buffer code limit the buffering itself. + +That was all good, but as a subtle side effect it meant that we'd be +doing a tty_wakeup() even in the case where the buffers were all filled +up, and didn't actually make any progress on the write. + +Which sounds innocuous, but it interacts very badly with the ppp_async +code, which has an infinite loop in ppp_async_push() that tries to push +out data to the tty. When we call tty_wakeup(), that loop ends up +thinking that progress was made (see the subtle interactions between +XMIT_WAKEUP and 'tty_stuffed' for details). End result: one unhappy ppp +user. + +Fixed by noticing when tty_insert_flip_string() didn't actually do +anything, and then not doing any more processing (including, very much +not calling tty_wakeup()). + +Bisected-and-tested-by: Peter Volkov +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/pty.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/char/pty.c ++++ b/drivers/char/pty.c +@@ -120,8 +120,10 @@ static int pty_write(struct tty_struct * + /* Stuff the data into the input queue of the other end */ + c = tty_insert_flip_string(to, buf, c); + /* And shovel */ +- tty_flip_buffer_push(to); +- tty_wakeup(tty); ++ if (c) { ++ tty_flip_buffer_push(to); ++ tty_wakeup(tty); ++ } + } + return c; + } diff --git a/queue-2.6.31/revert-kvm-x86-check-for-cr3-validity-in-ioctl_set_sregs.patch b/queue-2.6.31/revert-kvm-x86-check-for-cr3-validity-in-ioctl_set_sregs.patch new file mode 100644 index 00000000000..62844fade38 --- /dev/null +++ b/queue-2.6.31/revert-kvm-x86-check-for-cr3-validity-in-ioctl_set_sregs.patch @@ -0,0 +1,50 @@ +From mtosatti@redhat.com Thu Oct 1 13:04:29 2009 +From: Marcelo Tosatti +Date: Mon, 28 Sep 2009 15:09:55 -0300 +Subject: Revert "KVM: x86: check for cr3 validity in ioctl_set_sregs" +To: stable@kernel.org, avi@redhat.com +Cc: Juan Quintela +Message-ID: <20090928180955.GB9603@amt.cnet> +Content-Disposition: inline + +From: Marcelo Tosatti + +(cherry picked from commit dc7e795e3dd2a763e5ceaa1615f307e808cf3932) + +This reverts commit 6c20e1442bb1c62914bb85b7f4a38973d2a423ba. + +To my understanding, it became obsolete with the advent of the more +robust check in mmu_alloc_roots (89da4ff17f). Moreover, it prevents +the conceptually safe pattern + + 1. set sregs + 2. register mem-slots + 3. run vcpu + +by setting a sticky triple fault during step 1. + +Signed-off-by: Jan Kiszka +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/x86.c | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -4125,13 +4125,7 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct + + vcpu->arch.cr2 = sregs->cr2; + mmu_reset_needed |= vcpu->arch.cr3 != sregs->cr3; +- +- down_read(&vcpu->kvm->slots_lock); +- if (gfn_to_memslot(vcpu->kvm, sregs->cr3 >> PAGE_SHIFT)) +- vcpu->arch.cr3 = sregs->cr3; +- else +- set_bit(KVM_REQ_TRIPLE_FAULT, &vcpu->requests); +- up_read(&vcpu->kvm->slots_lock); ++ vcpu->arch.cr3 = sregs->cr3; + + kvm_set_cr8(vcpu, sregs->cr8); + diff --git a/queue-2.6.31/series b/queue-2.6.31/series index 4e33e214f05..b2eb8de8636 100644 --- a/queue-2.6.31/series +++ b/queue-2.6.31/series @@ -1,3 +1,4 @@ +kvm-vmx-fix-ept-with-wp-bit-change-during-paging.patch pata_amd-do-not-filter-out-valid-modes-in-nv_mode_filter.patch p54usb-add-zcomax-xg-705a-usbid.patch x86-increase-min_gap-to-include-randomized-stack.patch @@ -69,3 +70,17 @@ ahci-restore-pci_intx-handling.patch pxa-sharpsl_pm-zaurus-c3000-aka-spitz-fix-resume.patch net-ax25-fix-signed-comparison-in-the-sockopt-handler.patch net-make-the-copy-length-in-af_packet-sockopt-handler-unsigned.patch +pty_write-don-t-do-a-tty_wakeup-when-the-buffers-are-full.patch +kvm-fix-cpuid-e2big-handling-for-extended-request-types.patch +kvm-mmu-fix-missing-locking-in-alloc_mmu_pages.patch +kvm-mmu-fix-bogus-alloc_mmu_pages-assignment.patch +kvm-protect-update_cr8_intercept-when-running-without-an-apic.patch +revert-kvm-x86-check-for-cr3-validity-in-ioctl_set_sregs.patch +fix-null-ptr-regression-in-powernow-k8.patch +perf-tools-do-not-complain-if-root-is-owning-perf.data.patch +netfilter-nf_nat-fix-inverted-logic-for-persistent-nat-mappings.patch +netfilter-nf_conntrack-netns-fix-re-reliable-conntrack-event-delivery.patch +netfilter-bridge-refcount-fix.patch +netfilter-ebt_ulog-fix-checkentry-return-value.patch +ath5k-wakeup-fixes.patch +ath5k-do-not-release-irq-across-suspend-resume.patch