From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 9 May 2012 16:03:08 +0000 (-0700)
Subject: 3.0-stable patches
X-Git-Tag: v3.3.6~13
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e07d04b12180ad1726c334c5ccad31dbab52e4d2;p=thirdparty%2Fkernel%2Fstable-queue.git

3.0-stable patches

added patches:
	xen-pci-don-t-use-pci-bios-service-for-configuration-space-accesses.patch
	xen-pte-fix-crashes-when-trying-to-see-non-existent-pgd-pmd-pud-ptes.patch
---

diff --git a/queue-3.0/series b/queue-3.0/series
index 78cc92f8f9e..6c0dc5a1406 100644
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -1 +1,3 @@
 smsc95xx-mark-link-down-on-startup-and-let-phy-interrupt.patch
+xen-pte-fix-crashes-when-trying-to-see-non-existent-pgd-pmd-pud-ptes.patch
+xen-pci-don-t-use-pci-bios-service-for-configuration-space-accesses.patch
diff --git a/queue-3.0/xen-pci-don-t-use-pci-bios-service-for-configuration-space-accesses.patch b/queue-3.0/xen-pci-don-t-use-pci-bios-service-for-configuration-space-accesses.patch
new file mode 100644
index 00000000000..e93b2a5cb35
--- /dev/null
+++ b/queue-3.0/xen-pci-don-t-use-pci-bios-service-for-configuration-space-accesses.patch
@@ -0,0 +1,49 @@
+From 76a8df7b49168509df02461f83fab117a4a86e08 Mon Sep 17 00:00:00 2001
+From: David Vrabel <david.vrabel@citrix.com>
+Date: Fri, 4 May 2012 14:29:46 +0100
+Subject: xen/pci: don't use PCI BIOS service for configuration space accesses
+
+From: David Vrabel <david.vrabel@citrix.com>
+
+commit 76a8df7b49168509df02461f83fab117a4a86e08 upstream.
+
+The accessing PCI configuration space with the PCI BIOS32 service does
+not work in PV guests.
+
+On systems without MMCONFIG or where the BIOS hasn't marked the
+MMCONFIG region as reserved in the e820 map, the BIOS service is
+probed (even though direct access is preferred) and this hangs.
+
+Acked-by: Jan Beulich <jbeulich@suse.com>
+Signed-off-by: David Vrabel <david.vrabel@citrix.com>
+[v1: Fixed compile error when CONFIG_PCI is not set]
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/xen/enlighten.c |    7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/xen/enlighten.c
++++ b/arch/x86/xen/enlighten.c
+@@ -62,6 +62,7 @@
+ #include <asm/reboot.h>
+ #include <asm/stackprotector.h>
+ #include <asm/hypervisor.h>
++#include <asm/pci_x86.h>
+ 
+ #include "xen-ops.h"
+ #include "mmu.h"
+@@ -1259,8 +1260,10 @@ asmlinkage void __init xen_start_kernel(
+ 		/* Make sure ACS will be enabled */
+ 		pci_request_acs();
+ 	}
+-		
+-
++#ifdef CONFIG_PCI
++	/* PCI BIOS service won't work from a PV guest. */
++	pci_probe &= ~PCI_PROBE_BIOS;
++#endif
+ 	xen_raw_console_write("about to get started...\n");
+ 
+ 	xen_setup_runstate_info(0);
diff --git a/queue-3.0/xen-pte-fix-crashes-when-trying-to-see-non-existent-pgd-pmd-pud-ptes.patch b/queue-3.0/xen-pte-fix-crashes-when-trying-to-see-non-existent-pgd-pmd-pud-ptes.patch
new file mode 100644
index 00000000000..63fd07948af
--- /dev/null
+++ b/queue-3.0/xen-pte-fix-crashes-when-trying-to-see-non-existent-pgd-pmd-pud-ptes.patch
@@ -0,0 +1,60 @@
+From b7e5ffe5d83fa40d702976d77452004abbe35791 Mon Sep 17 00:00:00 2001
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Date: Thu, 3 May 2012 16:14:14 -0400
+Subject: xen/pte: Fix crashes when trying to see non-existent PGD/PMD/PUD/PTEs
+
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+
+commit b7e5ffe5d83fa40d702976d77452004abbe35791 upstream.
+
+If I try to do "cat /sys/kernel/debug/kernel_page_tables"
+I end up with:
+
+BUG: unable to handle kernel paging request at ffffc7fffffff000
+IP: [<ffffffff8106aa51>] ptdump_show+0x221/0x480
+PGD 0
+Oops: 0000 [#1] SMP
+CPU 0
+.. snip..
+RAX: 0000000000000000 RBX: ffffc00000000fff RCX: 0000000000000000
+RDX: 0000800000000000 RSI: 0000000000000000 RDI: ffffc7fffffff000
+
+which is due to the fact we are trying to access a PFN that is not
+accessible to us. The reason (at least in this case) was that
+PGD[256] is set to __HYPERVISOR_VIRT_START which was setup (by the
+hypervisor) to point to a read-only linear map of the MFN->PFN array.
+During our parsing we would get the MFN (a valid one), try to look
+it up in the MFN->PFN tree and find it invalid and return ~0 as PFN.
+Then pte_mfn_to_pfn would happilly feed that in, attach the flags
+and return it back to the caller. 'ptdump_show' bitshifts it and
+gets and invalid value that it tries to dereference.
+
+Instead of doing all of that, we detect the ~0 case and just
+return !_PAGE_PRESENT.
+
+This bug has been in existence .. at least until 2.6.37 (yikes!)
+
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/xen/mmu.c |    7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/xen/mmu.c
++++ b/arch/x86/xen/mmu.c
+@@ -320,8 +320,13 @@ static pteval_t pte_mfn_to_pfn(pteval_t
+ {
+ 	if (val & _PAGE_PRESENT) {
+ 		unsigned long mfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
++		unsigned long pfn = mfn_to_pfn(mfn);
++
+ 		pteval_t flags = val & PTE_FLAGS_MASK;
+-		val = ((pteval_t)mfn_to_pfn(mfn) << PAGE_SHIFT) | flags;
++		if (unlikely(pfn == ~0))
++			val = flags & ~_PAGE_PRESENT;
++		else
++			val = ((pteval_t)pfn << PAGE_SHIFT) | flags;
+ 	}
+ 
+ 	return val;