From aa62277db350cb6dcdb8bfa5edd6d1c6d1a89d52 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 11 Mar 2010 16:47:03 -0800 Subject: [PATCH] .32 patches --- ...ree-dm_io-before-bio_endio-not-after.patch | 69 +++++++++++ ...ator-add-group8-instruction-decoding.patch | 49 ++++++++ ...ator-add-group9-instruction-decoding.patch | 58 +++++++++ ...ring-privilege-instruction-emulation.patch | 112 ++++++++++++++++++ .../kvm-x86-emulator-fix-popf-emulation.patch | 103 ++++++++++++++++ ...-segment-register-by-mov-instruction.patch | 35 ++++++ ...fix-an-allocation-under-spinlock-bug.patch | 60 ++++++++++ ...-coh901331-fix-braces-in-resume-code.patch | 42 +++++++ ...ata-no_wprotect-and-no_detect-with-1.patch | 37 ++++++ ...e-whether-there-is-a-card-detect-pin.patch | 31 +++++ queue-2.6.32/series | 12 ++ ...turns-from-the-tcp-connect-operation.patch | 33 ++++++ ...nrpc-remove-unnecessary-svc_xprt_put.patch | 44 +++++++ 13 files changed, 685 insertions(+) create mode 100644 queue-2.6.32/dm-free-dm_io-before-bio_endio-not-after.patch create mode 100644 queue-2.6.32/kvm-x86-emulator-add-group8-instruction-decoding.patch create mode 100644 queue-2.6.32/kvm-x86-emulator-add-group9-instruction-decoding.patch create mode 100644 queue-2.6.32/kvm-x86-emulator-check-cpl-level-during-privilege-instruction-emulation.patch create mode 100644 queue-2.6.32/kvm-x86-emulator-fix-popf-emulation.patch create mode 100644 queue-2.6.32/kvm-x86-emulator-forbid-modifying-cs-segment-register-by-mov-instruction.patch create mode 100644 queue-2.6.32/nfs-fix-an-allocation-under-spinlock-bug.patch create mode 100644 queue-2.6.32/rtc-coh901331-fix-braces-in-resume-code.patch create mode 100644 queue-2.6.32/s3cmci-initialize-default-platform-data-no_wprotect-and-no_detect-with-1.patch create mode 100644 queue-2.6.32/s3cmci-s3cmci_card_present-use-no_detect-to-decide-whether-there-is-a-card-detect-pin.patch create mode 100644 queue-2.6.32/sunrpc-handle-einval-error-returns-from-the-tcp-connect-operation.patch create mode 100644 queue-2.6.32/sunrpc-remove-unnecessary-svc_xprt_put.patch diff --git a/queue-2.6.32/dm-free-dm_io-before-bio_endio-not-after.patch b/queue-2.6.32/dm-free-dm_io-before-bio_endio-not-after.patch new file mode 100644 index 00000000000..1737489b36c --- /dev/null +++ b/queue-2.6.32/dm-free-dm_io-before-bio_endio-not-after.patch @@ -0,0 +1,69 @@ +From a97f925a32aad2a37971d7bfb657006acf04e42d Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Sat, 6 Mar 2010 02:32:29 +0000 +Subject: dm: free dm_io before bio_endio not after + +From: Mikulas Patocka + +commit a97f925a32aad2a37971d7bfb657006acf04e42d upstream. + +Free the dm_io structure before calling bio_endio() instead of after it, +to ensure that the io_pool containing it is not referenced after it is +freed. + +This partially fixes a problem described here + https://www.redhat.com/archives/dm-devel/2010-February/msg00109.html + +thread 1: +bio_endio(bio, io_error); +/* scheduling happens */ + thread 2: + close the device + remove the device +thread 1: +free_io(md, io); + +Thread 2, when removing the device, sees non-empty md->io_pool (because the +io hasn't been freed by thread 1 yet) and may crash with BUG in mempool_free. +Thread 1 may also crash, when freeing into a nonexisting mempool. + +To fix this we must make sure that bio_endio() is the last call and +the md structure is not accessed afterwards. + +There is another bio_endio in process_barrier, but it is called from the thread +and the thread is destroyed prior to freeing the mempools, so this call is +not affected by the bug. + +A similar bug exists with module unloads - the module may be unloaded +immediately after bio_endio - but that is more difficult to fix. + +Signed-off-by: Mikulas Patocka +Signed-off-by: Alasdair G Kergon +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/md/dm.c ++++ b/drivers/md/dm.c +@@ -614,8 +614,10 @@ static void dec_pending(struct dm_io *io + if (!md->barrier_error && io_error != -EOPNOTSUPP) + md->barrier_error = io_error; + end_io_acct(io); ++ free_io(md, io); + } else { + end_io_acct(io); ++ free_io(md, io); + + if (io_error != DM_ENDIO_REQUEUE) { + trace_block_bio_complete(md->queue, bio); +@@ -623,8 +625,6 @@ static void dec_pending(struct dm_io *io + bio_endio(bio, io_error); + } + } +- +- free_io(md, io); + } + } + diff --git a/queue-2.6.32/kvm-x86-emulator-add-group8-instruction-decoding.patch b/queue-2.6.32/kvm-x86-emulator-add-group8-instruction-decoding.patch new file mode 100644 index 00000000000..b9e835dbc6d --- /dev/null +++ b/queue-2.6.32/kvm-x86-emulator-add-group8-instruction-decoding.patch @@ -0,0 +1,49 @@ +From 2db2c2eb6226e30f8059b82512a1364db98da8e3 Mon Sep 17 00:00:00 2001 +From: Gleb Natapov +Date: Wed, 10 Feb 2010 14:21:29 +0200 +Subject: KVM: x86 emulator: Add group8 instruction decoding + +From: Gleb Natapov + +commit 2db2c2eb6226e30f8059b82512a1364db98da8e3 upstream. + +Use groups mechanism to decode 0F BA instructions. + +Signed-off-by: Gleb Natapov +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/emulate.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -86,6 +86,7 @@ + enum { + Group1_80, Group1_81, Group1_82, Group1_83, + Group1A, Group3_Byte, Group3, Group4, Group5, Group7, ++ Group8, + }; + + static u32 opcode_table[256] = { +@@ -258,7 +259,7 @@ static u32 twobyte_table[256] = { + 0, 0, ByteOp | DstReg | SrcMem | ModRM | Mov, + DstReg | SrcMem16 | ModRM | Mov, + /* 0xB8 - 0xBF */ +- 0, 0, DstMem | SrcImmByte | ModRM, DstMem | SrcReg | ModRM | BitOp, ++ 0, 0, Group | Group8, DstMem | SrcReg | ModRM | BitOp, + 0, 0, ByteOp | DstReg | SrcMem | ModRM | Mov, + DstReg | SrcMem16 | ModRM | Mov, + /* 0xC0 - 0xCF */ +@@ -314,6 +315,10 @@ static u32 group_table[] = { + 0, 0, ModRM | SrcMem, ModRM | SrcMem, + SrcNone | ModRM | DstMem | Mov, 0, + SrcMem16 | ModRM | Mov, SrcMem | ModRM | ByteOp, ++ [Group8*8] = ++ 0, 0, 0, 0, ++ DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM, ++ DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM, + }; + + static u32 group2_table[] = { diff --git a/queue-2.6.32/kvm-x86-emulator-add-group9-instruction-decoding.patch b/queue-2.6.32/kvm-x86-emulator-add-group9-instruction-decoding.patch new file mode 100644 index 00000000000..3876f8c1dce --- /dev/null +++ b/queue-2.6.32/kvm-x86-emulator-add-group9-instruction-decoding.patch @@ -0,0 +1,58 @@ +From 60a29d4ea4e7b6b95d9391ebc8625b0426f3a363 Mon Sep 17 00:00:00 2001 +From: Gleb Natapov +Date: Wed, 10 Feb 2010 14:21:30 +0200 +Subject: KVM: x86 emulator: Add group9 instruction decoding + +From: Gleb Natapov + +commit 60a29d4ea4e7b6b95d9391ebc8625b0426f3a363 upstream. + +Use groups mechanism to decode 0F C7 instructions. + +Signed-off-by: Gleb Natapov +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/emulate.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -86,7 +86,7 @@ + enum { + Group1_80, Group1_81, Group1_82, Group1_83, + Group1A, Group3_Byte, Group3, Group4, Group5, Group7, +- Group8, ++ Group8, Group9, + }; + + static u32 opcode_table[256] = { +@@ -263,7 +263,8 @@ static u32 twobyte_table[256] = { + 0, 0, ByteOp | DstReg | SrcMem | ModRM | Mov, + DstReg | SrcMem16 | ModRM | Mov, + /* 0xC0 - 0xCF */ +- 0, 0, 0, DstMem | SrcReg | ModRM | Mov, 0, 0, 0, ImplicitOps | ModRM, ++ 0, 0, 0, DstMem | SrcReg | ModRM | Mov, ++ 0, 0, 0, Group | GroupDual | Group9, + 0, 0, 0, 0, 0, 0, 0, 0, + /* 0xD0 - 0xDF */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +@@ -319,6 +320,8 @@ static u32 group_table[] = { + 0, 0, 0, 0, + DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM, + DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM, ++ [Group9*8] = ++ 0, ImplicitOps | ModRM, 0, 0, 0, 0, 0, 0, + }; + + static u32 group2_table[] = { +@@ -326,6 +329,8 @@ static u32 group2_table[] = { + SrcNone | ModRM, 0, 0, SrcNone | ModRM, + SrcNone | ModRM | DstMem | Mov, 0, + SrcMem16 | ModRM | Mov, 0, ++ [Group9*8] = ++ 0, 0, 0, 0, 0, 0, 0, 0, + }; + + /* EFLAGS bit definitions. */ diff --git a/queue-2.6.32/kvm-x86-emulator-check-cpl-level-during-privilege-instruction-emulation.patch b/queue-2.6.32/kvm-x86-emulator-check-cpl-level-during-privilege-instruction-emulation.patch new file mode 100644 index 00000000000..336a4533644 --- /dev/null +++ b/queue-2.6.32/kvm-x86-emulator-check-cpl-level-during-privilege-instruction-emulation.patch @@ -0,0 +1,112 @@ +From e92805ac1228626c59c865f2f4e9059b9fb8c97b Mon Sep 17 00:00:00 2001 +From: Gleb Natapov +Date: Wed, 10 Feb 2010 14:21:35 +0200 +Subject: KVM: x86 emulator: Check CPL level during privilege instruction emulation + +From: Gleb Natapov + +commit e92805ac1228626c59c865f2f4e9059b9fb8c97b upstream. + +Add CPL checking in case emulator is tricked into emulating +privilege instruction from userspace. + +Signed-off-by: Gleb Natapov +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/emulate.c | 35 ++++++++++++++++++++--------------- + 1 file changed, 20 insertions(+), 15 deletions(-) + +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -75,6 +75,7 @@ + #define Group (1<<14) /* Bits 3:5 of modrm byte extend opcode */ + #define GroupDual (1<<15) /* Alternate decoding of mod == 3 */ + #define GroupMask 0xff /* Group number stored in bits 0:7 */ ++#define Priv (1<<27) /* instruction generates #GP if current CPL != 0 */ + /* Source 2 operand type */ + #define Src2None (0<<29) + #define Src2CL (1<<29) +@@ -204,7 +205,7 @@ static u32 opcode_table[256] = { + SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps, + /* 0xF0 - 0xF7 */ + 0, 0, 0, 0, +- ImplicitOps, ImplicitOps, Group | Group3_Byte, Group | Group3, ++ ImplicitOps | Priv, ImplicitOps, Group | Group3_Byte, Group | Group3, + /* 0xF8 - 0xFF */ + ImplicitOps, 0, ImplicitOps, ImplicitOps, + ImplicitOps, ImplicitOps, Group | Group4, Group | Group5, +@@ -212,16 +213,20 @@ static u32 opcode_table[256] = { + + static u32 twobyte_table[256] = { + /* 0x00 - 0x0F */ +- 0, Group | GroupDual | Group7, 0, 0, 0, ImplicitOps, ImplicitOps, 0, +- ImplicitOps, ImplicitOps, 0, 0, 0, ImplicitOps | ModRM, 0, 0, ++ 0, Group | GroupDual | Group7, 0, 0, ++ 0, ImplicitOps, ImplicitOps | Priv, 0, ++ ImplicitOps | Priv, ImplicitOps | Priv, 0, 0, ++ 0, ImplicitOps | ModRM, 0, 0, + /* 0x10 - 0x1F */ + 0, 0, 0, 0, 0, 0, 0, 0, ImplicitOps | ModRM, 0, 0, 0, 0, 0, 0, 0, + /* 0x20 - 0x2F */ +- ModRM | ImplicitOps, ModRM, ModRM | ImplicitOps, ModRM, 0, 0, 0, 0, ++ ModRM | ImplicitOps | Priv, ModRM | Priv, ++ ModRM | ImplicitOps | Priv, ModRM | Priv, ++ 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + /* 0x30 - 0x3F */ +- ImplicitOps, 0, ImplicitOps, 0, +- ImplicitOps, ImplicitOps, 0, 0, ++ ImplicitOps | Priv, 0, ImplicitOps | Priv, 0, ++ ImplicitOps, ImplicitOps | Priv, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + /* 0x40 - 0x47 */ + DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov, +@@ -313,9 +318,9 @@ static u32 group_table[] = { + SrcMem | ModRM | Stack, 0, + SrcMem | ModRM | Stack, 0, SrcMem | ModRM | Stack, 0, + [Group7*8] = +- 0, 0, ModRM | SrcMem, ModRM | SrcMem, ++ 0, 0, ModRM | SrcMem | Priv, ModRM | SrcMem | Priv, + SrcNone | ModRM | DstMem | Mov, 0, +- SrcMem16 | ModRM | Mov, SrcMem | ModRM | ByteOp, ++ SrcMem16 | ModRM | Mov | Priv, SrcMem | ModRM | ByteOp | Priv, + [Group8*8] = + 0, 0, 0, 0, + DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM, +@@ -326,7 +331,7 @@ static u32 group_table[] = { + + static u32 group2_table[] = { + [Group7*8] = +- SrcNone | ModRM, 0, 0, SrcNone | ModRM, ++ SrcNone | ModRM | Priv, 0, 0, SrcNone | ModRM, + SrcNone | ModRM | DstMem | Mov, 0, + SrcMem16 | ModRM | Mov, 0, + [Group9*8] = +@@ -1623,12 +1628,6 @@ emulate_sysexit(struct x86_emulate_ctxt + return -1; + } + +- /* sysexit must be called from CPL 0 */ +- if (kvm_x86_ops->get_cpl(ctxt->vcpu) != 0) { +- kvm_inject_gp(ctxt->vcpu, 0); +- return -1; +- } +- + setup_syscalls_segments(ctxt, &cs, &ss); + + if ((c->rex_prefix & 0x8) != 0x0) +@@ -1692,6 +1691,12 @@ x86_emulate_insn(struct x86_emulate_ctxt + memcpy(c->regs, ctxt->vcpu->arch.regs, sizeof c->regs); + saved_eip = c->eip; + ++ /* Privileged instruction can be executed only in CPL=0 */ ++ if ((c->d & Priv) && kvm_x86_ops->get_cpl(ctxt->vcpu)) { ++ kvm_inject_gp(ctxt->vcpu, 0); ++ goto done; ++ } ++ + if (((c->d & ModRM) && (c->modrm_mod != 3)) || (c->d & MemAbs)) + memop = c->modrm_ea; + diff --git a/queue-2.6.32/kvm-x86-emulator-fix-popf-emulation.patch b/queue-2.6.32/kvm-x86-emulator-fix-popf-emulation.patch new file mode 100644 index 00000000000..4ec8b55b359 --- /dev/null +++ b/queue-2.6.32/kvm-x86-emulator-fix-popf-emulation.patch @@ -0,0 +1,103 @@ +From d4c6a1549c056f1d817e8f6f2f97d8b44933472f Mon Sep 17 00:00:00 2001 +From: Gleb Natapov +Date: Wed, 10 Feb 2010 14:21:34 +0200 +Subject: KVM: x86 emulator: Fix popf emulation + +From: Gleb Natapov + +commit d4c6a1549c056f1d817e8f6f2f97d8b44933472f upstream. + +POPF behaves differently depending on current CPU mode. Emulate correct +logic to prevent guest from changing flags that it can't change otherwise. + +Signed-off-by: Gleb Natapov +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/emulate.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 54 insertions(+), 1 deletion(-) + +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -334,11 +334,18 @@ static u32 group2_table[] = { + }; + + /* EFLAGS bit definitions. */ ++#define EFLG_ID (1<<21) ++#define EFLG_VIP (1<<20) ++#define EFLG_VIF (1<<19) ++#define EFLG_AC (1<<18) + #define EFLG_VM (1<<17) + #define EFLG_RF (1<<16) ++#define EFLG_IOPL (3<<12) ++#define EFLG_NT (1<<14) + #define EFLG_OF (1<<11) + #define EFLG_DF (1<<10) + #define EFLG_IF (1<<9) ++#define EFLG_TF (1<<8) + #define EFLG_SF (1<<7) + #define EFLG_ZF (1<<6) + #define EFLG_AF (1<<4) +@@ -1199,6 +1206,49 @@ static int emulate_pop(struct x86_emulat + return rc; + } + ++static int emulate_popf(struct x86_emulate_ctxt *ctxt, ++ struct x86_emulate_ops *ops, ++ void *dest, int len) ++{ ++ int rc; ++ unsigned long val, change_mask; ++ int iopl = (ctxt->eflags & X86_EFLAGS_IOPL) >> IOPL_SHIFT; ++ int cpl = kvm_x86_ops->get_cpl(ctxt->vcpu); ++ ++ rc = emulate_pop(ctxt, ops, &val, len); ++ if (rc != X86EMUL_CONTINUE) ++ return rc; ++ ++ change_mask = EFLG_CF | EFLG_PF | EFLG_AF | EFLG_ZF | EFLG_SF | EFLG_OF ++ | EFLG_TF | EFLG_DF | EFLG_NT | EFLG_RF | EFLG_AC | EFLG_ID; ++ ++ switch(ctxt->mode) { ++ case X86EMUL_MODE_PROT64: ++ case X86EMUL_MODE_PROT32: ++ case X86EMUL_MODE_PROT16: ++ if (cpl == 0) ++ change_mask |= EFLG_IOPL; ++ if (cpl <= iopl) ++ change_mask |= EFLG_IF; ++ break; ++ case X86EMUL_MODE_VM86: ++ if (iopl < 3) { ++ kvm_inject_gp(ctxt->vcpu, 0); ++ return X86EMUL_PROPAGATE_FAULT; ++ } ++ change_mask |= EFLG_IF; ++ break; ++ default: /* real mode */ ++ change_mask |= (EFLG_IOPL | EFLG_IF); ++ break; ++ } ++ ++ *(unsigned long *)dest = ++ (ctxt->eflags & ~change_mask) | (val & change_mask); ++ ++ return rc; ++} ++ + static inline int emulate_grp1a(struct x86_emulate_ctxt *ctxt, + struct x86_emulate_ops *ops) + { +@@ -1929,7 +1979,10 @@ special_insn: + c->dst.type = OP_REG; + c->dst.ptr = (unsigned long *) &ctxt->eflags; + c->dst.bytes = c->op_bytes; +- goto pop_instruction; ++ rc = emulate_popf(ctxt, ops, &c->dst.val, c->op_bytes); ++ if (rc != X86EMUL_CONTINUE) ++ goto done; ++ break; + case 0xa0 ... 0xa1: /* mov */ + c->dst.ptr = (unsigned long *)&c->regs[VCPU_REGS_RAX]; + c->dst.val = c->src.val; diff --git a/queue-2.6.32/kvm-x86-emulator-forbid-modifying-cs-segment-register-by-mov-instruction.patch b/queue-2.6.32/kvm-x86-emulator-forbid-modifying-cs-segment-register-by-mov-instruction.patch new file mode 100644 index 00000000000..439867da9ec --- /dev/null +++ b/queue-2.6.32/kvm-x86-emulator-forbid-modifying-cs-segment-register-by-mov-instruction.patch @@ -0,0 +1,35 @@ +From 8b9f44140bc4afd2698413cd9960c3912168ee91 Mon Sep 17 00:00:00 2001 +From: Gleb Natapov +Date: Thu, 18 Feb 2010 12:14:59 +0200 +Subject: KVM: x86 emulator: Forbid modifying CS segment register by mov instruction + +From: Gleb Natapov + +commit 8b9f44140bc4afd2698413cd9960c3912168ee91 upstream. + +Inject #UD if guest attempts to do so. This is in accordance to Intel +SDM. + +Signed-off-by: Gleb Natapov +Signed-off-by: Avi Kivity +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/emulate.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -1875,6 +1875,12 @@ special_insn: + int err; + + sel = c->src.val; ++ ++ if (c->modrm_reg == VCPU_SREG_CS) { ++ kvm_queue_exception(ctxt->vcpu, UD_VECTOR); ++ goto done; ++ } ++ + if (c->modrm_reg == VCPU_SREG_SS) + toggle_interruptibility(ctxt, X86_SHADOW_INT_MOV_SS); + diff --git a/queue-2.6.32/nfs-fix-an-allocation-under-spinlock-bug.patch b/queue-2.6.32/nfs-fix-an-allocation-under-spinlock-bug.patch new file mode 100644 index 00000000000..c40b2666e07 --- /dev/null +++ b/queue-2.6.32/nfs-fix-an-allocation-under-spinlock-bug.patch @@ -0,0 +1,60 @@ +From ebed9203b68a4f333ce5d17e874b26c3afcfeff1 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Tue, 2 Mar 2010 13:06:22 -0500 +Subject: NFS: Fix an allocation-under-spinlock bug + +From: Trond Myklebust + +commit ebed9203b68a4f333ce5d17e874b26c3afcfeff1 upstream. + +sunrpc_cache_update() will always call detail->update() from inside the +detail->hash_lock, so it cannot allocate memory. + +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/dns_resolve.c | 18 +++++++++++++++--- + 1 file changed, 15 insertions(+), 3 deletions(-) + +--- a/fs/nfs/dns_resolve.c ++++ b/fs/nfs/dns_resolve.c +@@ -36,6 +36,19 @@ struct nfs_dns_ent { + }; + + ++static void nfs_dns_ent_update(struct cache_head *cnew, ++ struct cache_head *ckey) ++{ ++ struct nfs_dns_ent *new; ++ struct nfs_dns_ent *key; ++ ++ new = container_of(cnew, struct nfs_dns_ent, h); ++ key = container_of(ckey, struct nfs_dns_ent, h); ++ ++ memcpy(&new->addr, &key->addr, key->addrlen); ++ new->addrlen = key->addrlen; ++} ++ + static void nfs_dns_ent_init(struct cache_head *cnew, + struct cache_head *ckey) + { +@@ -49,8 +62,7 @@ static void nfs_dns_ent_init(struct cach + new->hostname = kstrndup(key->hostname, key->namelen, GFP_KERNEL); + if (new->hostname) { + new->namelen = key->namelen; +- memcpy(&new->addr, &key->addr, key->addrlen); +- new->addrlen = key->addrlen; ++ nfs_dns_ent_update(cnew, ckey); + } else { + new->namelen = 0; + new->addrlen = 0; +@@ -234,7 +246,7 @@ static struct cache_detail nfs_dns_resol + .cache_show = nfs_dns_show, + .match = nfs_dns_match, + .init = nfs_dns_ent_init, +- .update = nfs_dns_ent_init, ++ .update = nfs_dns_ent_update, + .alloc = nfs_dns_ent_alloc, + }; + diff --git a/queue-2.6.32/rtc-coh901331-fix-braces-in-resume-code.patch b/queue-2.6.32/rtc-coh901331-fix-braces-in-resume-code.patch new file mode 100644 index 00000000000..a2678405b37 --- /dev/null +++ b/queue-2.6.32/rtc-coh901331-fix-braces-in-resume-code.patch @@ -0,0 +1,42 @@ +From 5a98c04d78c896d52baef20ffc11f6d1ba6eb786 Mon Sep 17 00:00:00 2001 +From: James Hogan +Date: Fri, 5 Mar 2010 13:44:31 -0800 +Subject: rtc-coh901331: fix braces in resume code + +From: James Hogan + +commit 5a98c04d78c896d52baef20ffc11f6d1ba6eb786 upstream. + +The else part of the if statement is indented but does not have braces +around it. It clearly should since it uses clk_enable and clk_disable +which are supposed to balance. + +Signed-off-by: James Hogan +Acked-by: Linus Walleij +Acked-by: Alessandro Zummo +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/rtc/rtc-coh901331.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/rtc/rtc-coh901331.c ++++ b/drivers/rtc/rtc-coh901331.c +@@ -271,12 +271,13 @@ static int coh901331_resume(struct platf + { + struct coh901331_port *rtap = dev_get_drvdata(&pdev->dev); + +- if (device_may_wakeup(&pdev->dev)) ++ if (device_may_wakeup(&pdev->dev)) { + disable_irq_wake(rtap->irq); +- else ++ } else { + clk_enable(rtap->clk); + writel(rtap->irqmaskstore, rtap->virtbase + COH901331_IRQ_MASK); + clk_disable(rtap->clk); ++ } + return 0; + } + #else diff --git a/queue-2.6.32/s3cmci-initialize-default-platform-data-no_wprotect-and-no_detect-with-1.patch b/queue-2.6.32/s3cmci-initialize-default-platform-data-no_wprotect-and-no_detect-with-1.patch new file mode 100644 index 00000000000..ccd2746d374 --- /dev/null +++ b/queue-2.6.32/s3cmci-initialize-default-platform-data-no_wprotect-and-no_detect-with-1.patch @@ -0,0 +1,37 @@ +From c212808a1ba6bfba489006399b8152a047305acf Mon Sep 17 00:00:00 2001 +From: Lars-Peter Clausen +Date: Fri, 5 Mar 2010 13:43:35 -0800 +Subject: s3cmci: initialize default platform data no_wprotect and no_detect with 1 + +From: Lars-Peter Clausen + +commit c212808a1ba6bfba489006399b8152a047305acf upstream. + +If no platform_data was givin to the device it's going to use it's default +platform data struct which has all fields initialized to zero. As a +result the driver is going to try to request gpio0 both as write protect +and card detect pin. Which of course will fail and makes the driver +unusable + +Previously to the introduction of no_wprotect and no_detect the behavior +was to assume that if no platform data was given there is no write protect +or card detect pin. This patch restores that behavior. + +Signed-off-by: Lars-Peter Clausen +Cc: Ben Dooks +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- a/drivers/mmc/host/s3cmci.c ++++ b/drivers/mmc/host/s3cmci.c +@@ -1360,6 +1360,8 @@ static struct mmc_host_ops s3cmci_ops = { + static struct s3c24xx_mci_pdata s3cmci_def_pdata = { + /* This is currently here to avoid a number of if (host->pdata) + * checks. Any zero fields to ensure reasonable defaults are picked. */ ++ .no_wprotect = 1, ++ .no_detect = 1, + }; + + #ifdef CONFIG_CPU_FREQ diff --git a/queue-2.6.32/s3cmci-s3cmci_card_present-use-no_detect-to-decide-whether-there-is-a-card-detect-pin.patch b/queue-2.6.32/s3cmci-s3cmci_card_present-use-no_detect-to-decide-whether-there-is-a-card-detect-pin.patch new file mode 100644 index 00000000000..3198b55b097 --- /dev/null +++ b/queue-2.6.32/s3cmci-s3cmci_card_present-use-no_detect-to-decide-whether-there-is-a-card-detect-pin.patch @@ -0,0 +1,31 @@ +From dc2ed552804f3a2ae41c0ffe4bc09879ec8f7396 Mon Sep 17 00:00:00 2001 +From: Lars-Peter Clausen +Date: Fri, 5 Mar 2010 13:43:37 -0800 +Subject: s3cmci: s3cmci_card_present: Use no_detect to decide whether there is a card detect pin + +From: Lars-Peter Clausen + +commit dc2ed552804f3a2ae41c0ffe4bc09879ec8f7396 upstream. + +Signed-off-by: Lars-Peter Clausen +Cc: Ben Dooks +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/host/s3cmci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/mmc/host/s3cmci.c ++++ b/drivers/mmc/host/s3cmci.c +@@ -1178,7 +1178,7 @@ static int s3cmci_card_present(struct mm + struct s3c24xx_mci_pdata *pdata = host->pdata; + int ret; + +- if (pdata->gpio_detect == 0) ++ if (pdata->no_detect) + return -ENOSYS; + + ret = gpio_get_value(pdata->gpio_detect) ? 0 : 1; diff --git a/queue-2.6.32/series b/queue-2.6.32/series index 62be4a83352..beca8e04e87 100644 --- a/queue-2.6.32/series +++ b/queue-2.6.32/series @@ -129,6 +129,18 @@ usb-cp210x-add-81e8-zephyr-bioharness.patch usb-unusual_devs-add-support-for-multiple-option-3g-sticks.patch drm-i915-use-a-dmi-quirk-to-skip-a-broken-sdvo-tv-output.patch drm-ttm-handle-oom-in-ttm_tt_swapout.patch +sunrpc-remove-unnecessary-svc_xprt_put.patch +sunrpc-handle-einval-error-returns-from-the-tcp-connect-operation.patch +s3cmci-s3cmci_card_present-use-no_detect-to-decide-whether-there-is-a-card-detect-pin.patch +rtc-coh901331-fix-braces-in-resume-code.patch +nfs-fix-an-allocation-under-spinlock-bug.patch +dm-free-dm_io-before-bio_endio-not-after.patch +kvm-x86-emulator-add-group8-instruction-decoding.patch +kvm-x86-emulator-forbid-modifying-cs-segment-register-by-mov-instruction.patch +kvm-x86-emulator-add-group9-instruction-decoding.patch +kvm-x86-emulator-fix-popf-emulation.patch +kvm-x86-emulator-check-cpl-level-during-privilege-instruction-emulation.patch +s3cmci-initialize-default-platform-data-no_wprotect-and-no_detect-with-1.patch sched-fix-sched_mv_power_savings-for-smt.patch sched-fix-smt-scheduler-regression-in-find_busiest_queue.patch sched-don-t-use-possibly-stale-sched_class.patch diff --git a/queue-2.6.32/sunrpc-handle-einval-error-returns-from-the-tcp-connect-operation.patch b/queue-2.6.32/sunrpc-handle-einval-error-returns-from-the-tcp-connect-operation.patch new file mode 100644 index 00000000000..441f2772e08 --- /dev/null +++ b/queue-2.6.32/sunrpc-handle-einval-error-returns-from-the-tcp-connect-operation.patch @@ -0,0 +1,33 @@ +From 9fcfe0c83c3b04a759cde6b8c5f961237f17808b Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Tue, 2 Mar 2010 13:06:21 -0500 +Subject: SUNRPC: Handle EINVAL error returns from the TCP connect operation + +From: Trond Myklebust + +commit 9fcfe0c83c3b04a759cde6b8c5f961237f17808b upstream. + +This can, for instance, happen if the user specifies a link local IPv6 +address. + +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + net/sunrpc/xprtsock.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/net/sunrpc/xprtsock.c ++++ b/net/sunrpc/xprtsock.c +@@ -1926,6 +1926,11 @@ static void xs_tcp_setup_socket(struct r + case -EALREADY: + xprt_clear_connecting(xprt); + return; ++ case -EINVAL: ++ /* Happens, for instance, if the user specified a link ++ * local IPv6 address without a scope-id. ++ */ ++ goto out; + } + out_eagain: + status = -EAGAIN; diff --git a/queue-2.6.32/sunrpc-remove-unnecessary-svc_xprt_put.patch b/queue-2.6.32/sunrpc-remove-unnecessary-svc_xprt_put.patch new file mode 100644 index 00000000000..69471abb150 --- /dev/null +++ b/queue-2.6.32/sunrpc-remove-unnecessary-svc_xprt_put.patch @@ -0,0 +1,44 @@ +From ab1b18f70a007ea6caeb007d269abb75b131a410 Mon Sep 17 00:00:00 2001 +From: Neil Brown +Date: Sat, 27 Feb 2010 09:33:40 +1100 +Subject: sunrpc: remove unnecessary svc_xprt_put + +From: Neil Brown + +commit ab1b18f70a007ea6caeb007d269abb75b131a410 upstream. + +The 'struct svc_deferred_req's on the xpt_deferred queue do not +own a reference to the owning xprt. This is seen in svc_revisit +which is where things are added to this queue. dr->xprt is set to +NULL and the reference to the xprt it put. + +So when this list is cleaned up in svc_delete_xprt, we mustn't +put the reference. + +Also, replace the 'for' with a 'while' which is arguably +simpler and more likely to compile efficiently. + +Cc: Tom Tucker +Signed-off-by: NeilBrown +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + net/sunrpc/svc_xprt.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +--- a/net/sunrpc/svc_xprt.c ++++ b/net/sunrpc/svc_xprt.c +@@ -901,11 +901,8 @@ void svc_delete_xprt(struct svc_xprt *xp + if (test_bit(XPT_TEMP, &xprt->xpt_flags)) + serv->sv_tmpcnt--; + +- for (dr = svc_deferred_dequeue(xprt); dr; +- dr = svc_deferred_dequeue(xprt)) { +- svc_xprt_put(xprt); ++ while ((dr = svc_deferred_dequeue(xprt)) != NULL) + kfree(dr); +- } + + svc_xprt_put(xprt); + spin_unlock_bh(&serv->sv_lock); -- 2.47.3