--- /dev/null
+From 5419369ed6bd4cf711fdda5e52a5999b940413f5 Mon Sep 17 00:00:00 2001
+From: Alex Williamson <alex.williamson@redhat.com>
+Date: Thu, 29 Nov 2012 14:07:59 -0700
+Subject: KVM: Fix user memslot overlap check
+
+From: Alex Williamson <alex.williamson@redhat.com>
+
+commit 5419369ed6bd4cf711fdda5e52a5999b940413f5 upstream.
+
+Prior to memory slot sorting this loop compared all of the user memory
+slots for overlap with new entries. With memory slot sorting, we're
+just checking some number of entries in the array that may or may not
+be user slots. Instead, walk all the slots with kvm_for_each_memslot,
+which has the added benefit of terminating early when we hit the first
+empty slot, and skip comparison to private slots.
+
+Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ virt/kvm/kvm_main.c | 13 +++++--------
+ 1 file changed, 5 insertions(+), 8 deletions(-)
+
+--- a/virt/kvm/kvm_main.c
++++ b/virt/kvm/kvm_main.c
+@@ -638,8 +638,7 @@ int __kvm_set_memory_region(struct kvm *
+ int r;
+ gfn_t base_gfn;
+ unsigned long npages;
+- unsigned long i;
+- struct kvm_memory_slot *memslot;
++ struct kvm_memory_slot *memslot, *slot;
+ struct kvm_memory_slot old, new;
+ struct kvm_memslots *slots, *old_memslots;
+
+@@ -686,13 +685,11 @@ int __kvm_set_memory_region(struct kvm *
+
+ /* Check for overlaps */
+ r = -EEXIST;
+- for (i = 0; i < KVM_MEMORY_SLOTS; ++i) {
+- struct kvm_memory_slot *s = &kvm->memslots->memslots[i];
+-
+- if (s == memslot || !s->npages)
++ kvm_for_each_memslot(slot, kvm->memslots) {
++ if (slot->id >= KVM_MEMORY_SLOTS || slot == memslot)
+ continue;
+- if (!((base_gfn + npages <= s->base_gfn) ||
+- (base_gfn >= s->base_gfn + s->npages)))
++ if (!((base_gfn + npages <= slot->base_gfn) ||
++ (base_gfn >= slot->base_gfn + slot->npages)))
+ goto out_free;
+ }
+
--- /dev/null
+From 11ee7e99f35ecb15f59b21da6a82d96d2cd3fcc8 Mon Sep 17 00:00:00 2001
+From: Anton Blanchard <anton@samba.org>
+Date: Sun, 11 Nov 2012 19:01:05 +0000
+Subject: powerpc: Fix CONFIG_RELOCATABLE=y CONFIG_CRASH_DUMP=n build
+
+From: Anton Blanchard <anton@samba.org>
+
+commit 11ee7e99f35ecb15f59b21da6a82d96d2cd3fcc8 upstream.
+
+If we build a kernel with CONFIG_RELOCATABLE=y CONFIG_CRASH_DUMP=n,
+the kernel fails when we run at a non zero offset. It turns out
+we were incorrectly wrapping some of the relocatable kernel code
+with CONFIG_CRASH_DUMP.
+
+Signed-off-by: Anton Blanchard <anton@samba.org>
+Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kernel/head_64.S | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/powerpc/kernel/head_64.S
++++ b/arch/powerpc/kernel/head_64.S
+@@ -425,7 +425,7 @@ _STATIC(__after_prom_start)
+ tovirt(r6,r6) /* on booke, we already run at PAGE_OFFSET */
+ #endif
+
+-#ifdef CONFIG_CRASH_DUMP
++#ifdef CONFIG_RELOCATABLE
+ /*
+ * Check if the kernel has to be running as relocatable kernel based on the
+ * variable __run_at_load, if it is set the kernel is treated as relocatable
--- /dev/null
+From ce73ec6db47af84d1466402781ae0872a9e7873c Mon Sep 17 00:00:00 2001
+From: Shan Hai <shan.hai@windriver.com>
+Date: Thu, 8 Nov 2012 15:57:49 +0000
+Subject: powerpc/vdso: Remove redundant locking in update_vsyscall_tz()
+
+From: Shan Hai <shan.hai@windriver.com>
+
+commit ce73ec6db47af84d1466402781ae0872a9e7873c upstream.
+
+The locking in update_vsyscall_tz() is not only unnecessary because the vdso
+code copies the data unproteced in __kernel_gettimeofday() but also
+introduces a hard to reproduce race condition between update_vsyscall()
+and update_vsyscall_tz(), which causes user space process to loop
+forever in vdso code.
+
+The following patch removes the locking from update_vsyscall_tz().
+
+Locking is not only unnecessary because the vdso code copies the data
+unprotected in __kernel_gettimeofday() but also erroneous because updating
+the tb_update_count is not atomic and introduces a hard to reproduce race
+condition between update_vsyscall() and update_vsyscall_tz(), which further
+causes user space process to loop forever in vdso code.
+
+The below scenario describes the race condition,
+x==0 Boot CPU other CPU
+ proc_P: x==0
+ timer interrupt
+ update_vsyscall
+x==1 x++;sync settimeofday
+ update_vsyscall_tz
+x==2 x++;sync
+x==3 sync;x++
+ sync;x++
+ proc_P: x==3 (loops until x becomes even)
+
+Because the ++ operator would be implemented as three instructions and not
+atomic on powerpc.
+
+A similar change was made for x86 in commit 6c260d58634
+("x86: vdso: Remove bogus locking in update_vsyscall_tz")
+
+Signed-off-by: Shan Hai <shan.hai@windriver.com>
+Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kernel/time.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+--- a/arch/powerpc/kernel/time.c
++++ b/arch/powerpc/kernel/time.c
+@@ -859,13 +859,8 @@ void update_vsyscall(struct timespec *wa
+
+ void update_vsyscall_tz(void)
+ {
+- /* Make userspace gettimeofday spin until we're done. */
+- ++vdso_data->tb_update_count;
+- smp_mb();
+ vdso_data->tz_minuteswest = sys_tz.tz_minuteswest;
+ vdso_data->tz_dsttime = sys_tz.tz_dsttime;
+- smp_mb();
+- ++vdso_data->tb_update_count;
+ }
+
+ static void __init clocksource_init(void)
--- /dev/null
+From d99e79ec5574fc556c988f613ed6175f6de66f4a Mon Sep 17 00:00:00 2001
+From: Sebastian Ott <sebott@linux.vnet.ibm.com>
+Date: Fri, 30 Nov 2012 16:48:59 +0100
+Subject: s390/cio: fix pgid reserved check
+
+From: Sebastian Ott <sebott@linux.vnet.ibm.com>
+
+commit d99e79ec5574fc556c988f613ed6175f6de66f4a upstream.
+
+The check to whom a device is reserved is done by checking the path
+state of the affected channel paths. If it turns out that one path is
+flagged as reserved by someone else the whole device is marked as such.
+
+However the meaning of the RESVD_ELSE bit is that the addressed device
+is reserved to a different pathgroup (and not reserved to a different
+LPAR). If we do this test on a path which is currently not a member of
+the pathgroup we could erroneously mark the device as reserved to
+someone else.
+
+To fix this collect the reserved state for all potential members of the
+pathgroup and only mark the device as reserved if all of those potential
+members have the RESVD_ELSE bit set.
+
+Acked-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
+Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/s390/cio/device_pgid.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/drivers/s390/cio/device_pgid.c
++++ b/drivers/s390/cio/device_pgid.c
+@@ -234,7 +234,7 @@ static int pgid_cmp(struct pgid *p1, str
+ * Determine pathgroup state from PGID data.
+ */
+ static void pgid_analyze(struct ccw_device *cdev, struct pgid **p,
+- int *mismatch, int *reserved, u8 *reset)
++ int *mismatch, u8 *reserved, u8 *reset)
+ {
+ struct pgid *pgid = &cdev->private->pgid[0];
+ struct pgid *first = NULL;
+@@ -248,7 +248,7 @@ static void pgid_analyze(struct ccw_devi
+ if ((cdev->private->pgid_valid_mask & lpm) == 0)
+ continue;
+ if (pgid->inf.ps.state2 == SNID_STATE2_RESVD_ELSE)
+- *reserved = 1;
++ *reserved |= lpm;
+ if (pgid_is_reset(pgid)) {
+ *reset |= lpm;
+ continue;
+@@ -316,14 +316,14 @@ static void snid_done(struct ccw_device
+ struct subchannel *sch = to_subchannel(cdev->dev.parent);
+ struct pgid *pgid;
+ int mismatch = 0;
+- int reserved = 0;
++ u8 reserved = 0;
+ u8 reset = 0;
+ u8 donepm;
+
+ if (rc)
+ goto out;
+ pgid_analyze(cdev, &pgid, &mismatch, &reserved, &reset);
+- if (reserved)
++ if (reserved == cdev->private->pgid_valid_mask)
+ rc = -EUSERS;
+ else if (mismatch)
+ rc = -EOPNOTSUPP;
+@@ -336,7 +336,7 @@ static void snid_done(struct ccw_device
+ }
+ out:
+ CIO_MSG_EVENT(2, "snid: device 0.%x.%04x: rc=%d pvm=%02x vpm=%02x "
+- "todo=%02x mism=%d rsvd=%d reset=%02x\n", id->ssid,
++ "todo=%02x mism=%d rsvd=%02x reset=%02x\n", id->ssid,
+ id->devno, rc, cdev->private->pgid_valid_mask, sch->vpm,
+ cdev->private->pgid_todo_mask, mismatch, reserved, reset);
+ switch (rc) {
--- /dev/null
+powerpc-fix-config_relocatable-y-config_crash_dump-n-build.patch
+powerpc-vdso-remove-redundant-locking-in-update_vsyscall_tz.patch
+kvm-fix-user-memslot-overlap-check.patch
+s390-cio-fix-pgid-reserved-check.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
