From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 15 Jan 2013 13:41:14 +0000 (-0800)
Subject: 3.0-stable patches
X-Git-Tag: v3.7.3~24
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b2bbf8fca5526c3bf19ff43e1e4aa7ffc781737a;p=thirdparty%2Fkernel%2Fstable-queue.git

3.0-stable patches

added patches:
	intel-iommu-free-old-page-tables-before-creating-superpage.patch
	kvm-ppc-44x-fix-dcr-read-write.patch
---

diff --git a/queue-3.0/intel-iommu-free-old-page-tables-before-creating-superpage.patch b/queue-3.0/intel-iommu-free-old-page-tables-before-creating-superpage.patch
new file mode 100644
index 00000000000..f8d4152d2ef
--- /dev/null
+++ b/queue-3.0/intel-iommu-free-old-page-tables-before-creating-superpage.patch
@@ -0,0 +1,59 @@
+From 6491d4d02893d9787ba67279595990217177b351 Mon Sep 17 00:00:00 2001
+From: "Woodhouse, David" <david.woodhouse@intel.com>
+Date: Wed, 19 Dec 2012 13:25:35 +0000
+Subject: intel-iommu: Free old page tables before creating superpage
+
+From: "Woodhouse, David" <david.woodhouse@intel.com>
+
+commit 6491d4d02893d9787ba67279595990217177b351 upstream.
+
+The dma_pte_free_pagetable() function will only free a page table page
+if it is asked to free the *entire* 2MiB range that it covers. So if a
+page table page was used for one or more small mappings, it's likely to
+end up still present in the page tables... but with no valid PTEs.
+
+This was fine when we'd only be repopulating it with 4KiB PTEs anyway
+but the same virtual address range can end up being reused for a
+*large-page* mapping. And in that case were were trying to insert the
+large page into the second-level page table, and getting a complaint
+from the sanity check in __domain_mapping() because there was already a
+corresponding entry. This was *relatively* harmless; it led to a memory
+leak of the old page table page, but no other ill-effects.
+
+Fix it by calling dma_pte_clear_range (hopefully redundant) and
+dma_pte_free_pagetable() before setting up the new large page.
+
+Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
+Tested-by: Ravi Murty <Ravi.Murty@intel.com>
+Tested-by: Sudeep Dutt <sudeep.dutt@intel.com>
+Cc: stable@kernel.org [3.0+]
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: CAI Qian <caiqian@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/intel-iommu.c |   11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+--- a/drivers/pci/intel-iommu.c
++++ b/drivers/pci/intel-iommu.c
+@@ -1793,10 +1793,17 @@ static int __domain_mapping(struct dmar_
+ 			if (!pte)
+ 				return -ENOMEM;
+ 			/* It is large page*/
+-			if (largepage_lvl > 1)
++			if (largepage_lvl > 1) {
+ 				pteval |= DMA_PTE_LARGE_PAGE;
+-			else
++				/* Ensure that old small page tables are removed to make room
++				   for superpage, if they exist. */
++				dma_pte_clear_range(domain, iov_pfn,
++						    iov_pfn + lvl_to_nr_pages(largepage_lvl) - 1);
++				dma_pte_free_pagetable(domain, iov_pfn,
++						       iov_pfn + lvl_to_nr_pages(largepage_lvl) - 1);
++			} else {
+ 				pteval &= ~(uint64_t)DMA_PTE_LARGE_PAGE;
++			}
+ 
+ 		}
+ 		/* We don't need lock here, nobody else
diff --git a/queue-3.0/kvm-ppc-44x-fix-dcr-read-write.patch b/queue-3.0/kvm-ppc-44x-fix-dcr-read-write.patch
new file mode 100644
index 00000000000..683f17a0238
--- /dev/null
+++ b/queue-3.0/kvm-ppc-44x-fix-dcr-read-write.patch
@@ -0,0 +1,39 @@
+From e43a028752fed049e4bd94ef895542f96d79fa74 Mon Sep 17 00:00:00 2001
+From: Alexander Graf <agraf@suse.de>
+Date: Sat, 6 Oct 2012 03:56:35 +0200
+Subject: KVM: PPC: 44x: fix DCR read/write
+
+From: Alexander Graf <agraf@suse.de>
+
+commit e43a028752fed049e4bd94ef895542f96d79fa74 upstream.
+
+When remembering the direction of a DCR transaction, we should write
+to the same variable that we interpret on later when doing vcpu_run
+again.
+
+Signed-off-by: Alexander Graf <agraf@suse.de>
+Signed-off-by: CAI Qian <caiqian@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kvm/44x_emulate.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/powerpc/kvm/44x_emulate.c
++++ b/arch/powerpc/kvm/44x_emulate.c
+@@ -79,6 +79,7 @@ int kvmppc_core_emulate_op(struct kvm_ru
+ 				run->dcr.dcrn = dcrn;
+ 				run->dcr.data =  0;
+ 				run->dcr.is_write = 0;
++				vcpu->arch.dcr_is_write = 0;
+ 				vcpu->arch.io_gpr = rt;
+ 				vcpu->arch.dcr_needed = 1;
+ 				kvmppc_account_exit(vcpu, DCR_EXITS);
+@@ -100,6 +101,7 @@ int kvmppc_core_emulate_op(struct kvm_ru
+ 				run->dcr.dcrn = dcrn;
+ 				run->dcr.data = kvmppc_get_gpr(vcpu, rs);
+ 				run->dcr.is_write = 1;
++				vcpu->arch.dcr_is_write = 1;
+ 				vcpu->arch.dcr_needed = 1;
+ 				kvmppc_account_exit(vcpu, DCR_EXITS);
+ 				emulated = EMULATE_DO_DCR;
diff --git a/queue-3.0/series b/queue-3.0/series
index 74c70475760..8165cf14f83 100644
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -64,3 +64,5 @@ usb-increase-reset-timeout.patch
 usb-hub-handle-claim-of-enabled-remote-wakeup-after-reset.patch
 xhci-handle-hs-bulk-ctrl-endpoints-that-don-t-nak.patch
 gfs2-test-bufdata-with-buffer-locked-and-gfs2_log_lock-held.patch
+intel-iommu-free-old-page-tables-before-creating-superpage.patch
+kvm-ppc-44x-fix-dcr-read-write.patch