Permalink
Commits on Sep 24, 2009
  1. @gregkh

    Linux 2.6.31.1

    gregkh committed Sep 24, 2009
  2. @bjking1 @gregkh

    powerpc/pseries: Fix to handle slb resize across migration

    commit 46db2f8 upstream.
    
    The SLB can change sizes across a live migration, which was not
    being handled, resulting in possible machine crashes during
    migration if migrating to a machine which has a smaller max SLB
    size than the source machine. Fix this by first reducing the
    SLB size to the minimum possible value, which is 32, prior to
    migration. Then during the device tree update which occurs after
    migration, we make the call to ensure the SLB gets updated. Also
    add the slb_size to the lparcfg output so that the migration
    tools can check to make sure the kernel has this capability
    before allowing migration in scenarios where the SLB size will change.
    
    BenH: Fixed #include <asm/mmu-hash64.h> -> <asm/mmu.h> to avoid
          breaking ppc32 build
    
    Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
    Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    bjking1 committed with gregkh Aug 28, 2009
  3. @gregkh

    PCI: Unhide the SMBus on the Compaq Evo D510 USDT

    commit 6b5096e upstream.
    
    One more form factor for Compaq Evo D510, which needs the same quirk
    as the other form factors. Apparently there's no hardware monitoring
    chip on that one, but SPD EEPROMs, so it's still worth unhiding the
    SMBus.
    
    Signed-off-by: Jean Delvare <khali@linux-fr.org>
    Tested-by: Nuzhna Pomoshch <nuzhna_pomoshch@yahoo.com>
    Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Jean Delvare committed with gregkh Jul 28, 2009
  4. @gregkh

    PCI quirk: update 82576 device ids in SR-IOV quirks list

    commit 6f1186b upstream.
    
    This patch adds the most recent additions to the list of 82576 device IDs
    to the list of devices needing the SR-IOV quirk.
    
    Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
    Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
    Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Alexander Duyck committed with gregkh Aug 13, 2009
  5. @htejun @gregkh

    libata: fix off-by-one error in ata_tf_read_block()

    commit ac8672e upstream.
    
    ata_tf_read_block() has off-by-one error when converting CHS address
    to LBA.  The bug isn't very visible because ata_tf_read_block() is
    used only when generating sense data for a failed RW command and CHS
    addressing isn't used too often these days.
    
    This problem was spotted by Atsushi Nemoto.
    
    Signed-off-by: Tejun Heo <tj@kernel.org>
    Reported-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
    Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    htejun committed with gregkh Aug 16, 2009
  6. @gregkh

    KVM: limit lapic periodic timer frequency

    commit 1444885 upstream.
    
    Otherwise its possible to starve the host by programming lapic timer
    with a very high frequency.
    
    Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
    Signed-off-by: Avi Kivity <avi@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Marcelo Tosatti committed with gregkh Jul 28, 2009
  7. @gregkh

    KVM: x86 emulator: fix jmp far decoding (opcode 0xea)

    commit ee3d29e upstream.
    
    The jump target should not be sign extened; use an unsigned decode flag.
    
    Signed-off-by: Avi Kivity <avi@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Avi Kivity committed with gregkh May 18, 2009
  8. @gregkh

    KVM: MMU: make __kvm_mmu_free_some_pages handle empty list

    commit 3b80fff upstream.
    
    First check if the list is empty before attempting to look at list
    entries.
    
    Signed-off-by: Izik Eidus <ieidus@redhat.com>
    Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
    Signed-off-by: Avi Kivity <avi@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Izik Eidus committed with gregkh Jul 28, 2009
  9. @gregkh

    KVM: x86 emulator: Implement zero-extended immediate decoding

    commit c9eaf20 upstream.
    
    Absolute jumps use zero extended immediate operands.
    
    Signed-off-by: Avi Kivity <avi@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Avi Kivity committed with gregkh May 18, 2009
  10. @gregkh

    KVM: VMX: Fix cr8 exiting control clobbering by EPT

    commit 5fff7d2 upstream.
    
    Don't call adjust_vmx_controls() two times for the same control.
    It restores options that were dropped earlier.  This loses us the cr8
    exit control, which causes a massive performance regression Windows x64.
    
    Signed-off-by: Gleb Natapov <gleb@redhat.com>
    Signed-off-by: Avi Kivity <avi@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Gleb Natapov committed with gregkh Aug 27, 2009
  11. @jan-kiszka @gregkh

    KVM: x86: Disallow hypercalls for guest callers in rings > 0

    commit 07708c4 upstream.
    
    So far unprivileged guest callers running in ring 3 can issue, e.g., MMU
    hypercalls. Normally, such callers cannot provide any hand-crafted MMU
    command structure as it has to be passed by its physical address, but
    they can still crash the guest kernel by passing random addresses.
    
    To close the hole, this patch considers hypercalls valid only if issued
    from guest ring 0. This may still be relaxed on a per-hypercall base in
    the future once required.
    
    Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
    Signed-off-by: Avi Kivity <avi@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    jan-kiszka committed with gregkh Aug 3, 2009
  12. @gregkh

    KVM guest: fix bogus wallclock physical address calculation

    commit a20316d upstream.
    
    The use of __pa() to calculate the address of a C-visible symbol
    is wrong, and can lead to unpredictable results. See arch/x86/include/asm/page.h
    for details.
    
    It should be replaced with __pa_symbol(), that does the correct math here,
    by taking relocations into account.  This ensures the correct wallclock data
    structure physical address is passed to the hypervisor.
    
    Signed-off-by: Glauber Costa <glommer@redhat.com>
    Signed-off-by: Avi Kivity <avi@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Glauber Costa committed with gregkh Aug 31, 2009
  13. @gregkh

    KVM: VMX: Check cpl before emulating debug register access

    commit 0a79b00 upstream.
    
    Debug registers may only be accessed from cpl 0.  Unfortunately, vmx will
    code to emulate the instruction even though it was issued from guest
    userspace, possibly leading to an unexpected trap later.
    
    Signed-off-by: Avi Kivity <avi@redhat.com>
    Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Avi Kivity committed with gregkh Sep 1, 2009
  14. @gregkh

    KVM: Fix coalesced interrupt reporting in IOAPIC

    commit 65a8221 upstream.
    
    This bug was introduced by b4a2f5e.
    
    Signed-off-by: Gleb Natapov <gleb@redhat.com>
    Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
    Signed-off-by: Avi Kivity <avi@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Gleb Natapov committed with gregkh Sep 3, 2009
  15. @gregkh

    KVM guest: do not batch pte updates from interrupt context

    commit 6ba6617 upstream.
    
    Commit b8bcfe9 made paravirt pte updates synchronous in interrupt
    context.
    
    Unfortunately the KVM pv mmu code caches the lazy/nonlazy mode
    internally, so a pte update from interrupt context during a lazy mmu
    operation can be batched while it should be performed synchronously.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=518022
    
    Drop the internal mode variable and use paravirt_get_lazy_mode(), which
    returns the correct state.
    
    Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
    Signed-off-by: Avi Kivity <avi@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Marcelo Tosatti committed with gregkh Aug 25, 2009
  16. @gregkh

    ARM: 5691/1: fix cache aliasing issues between kmap() and kmap_atomic…

    …() with highmem
    
    commit 7929eb9 upstream.
    
    Let's suppose a highmem page is kmap'd with kmap().  A pkmap entry is
    used, the page mapped to it, and the virtual cache is dirtied.  Then
    kunmap() is used which does virtually nothing except for decrementing a
    usage count.
    
    Then, let's suppose the _same_ page gets mapped using kmap_atomic().
    It is therefore mapped onto a fixmap entry instead, which has a
    different virtual address unaware of the dirty cache data for that page
    sitting in the pkmap mapping.
    
    Fortunately it is easy to know if a pkmap mapping still exists for that
    page and use it directly with kmap_atomic(), thanks to kmap_high_get().
    
    And actual testing with a printk in the added code path shows that this
    condition is actually met *extremely* frequently.  Seems that we've been
    quite lucky that things have worked so well with highmem so far.
    
    Signed-off-by: Nicolas Pitre <nico@marvell.com>
    Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Nicolas Pitre committed with gregkh Sep 3, 2009
  17. @gregkh

    x86, pat: Fix cacheflush address in change_page_attr_set_clr()

    commit fa526d0 upstream.
    
    Fix address passed to cpa_flush_range() when changing page
    attributes from WB to UC. The address (*addr) is
    modified by __change_page_attr_set_clr(). The result is that
    the pages being flushed start at the _end_ of the changed range
    instead of the beginning.
    
    This should be considered for 2.6.30-stable and 2.6.31-stable.
    
    Signed-off-by: Jack Steiner <steiner@sgi.com>
    Acked-by: Suresh Siddha <suresh.b.siddha@intel.com>
    Signed-off-by: H. Peter Anvin <hpa@zytor.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Jack Steiner committed with gregkh Sep 3, 2009
  18. @htejun @gregkh

    PCI: apply nv_msi_ht_cap_quirk on resume too

    commit 6dab62e upstream.
    
    http://bugzilla.kernel.org/show_bug.cgi?id=12542 reports that with the
    quirk not applied on resume, msi stops working after resuming and mcp78s
    ahci fails due to IRQ mis-delivery.  Apply it on resume too.
    
    Signed-off-by: Tejun Heo <tj@kernel.org>
    Cc: Peer Chen <pchen@nvidia.com>
    Cc: Tj <linux@tjworld.net>
    Reported-by: Nicolas Derive <kalon33@ubuntu.com>
    Cc: Greg KH <greg@kroah.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    htejun committed with gregkh Jul 21, 2009
  19. @jsgf @gregkh

    x86/i386: Make sure stack-protector segment base is cache aligned

    commit 1ea0d14 upstream.
    
    The Intel Optimization Reference Guide says:
    
    	In Intel Atom microarchitecture, the address generation unit
    	assumes that the segment base will be 0 by default. Non-zero
    	segment base will cause load and store operations to experience
    	a delay.
    		- If the segment base isn't aligned to a cache line
    		  boundary, the max throughput of memory operations is
    		  reduced to one [e]very 9 cycles.
    	[...]
    	Assembly/Compiler Coding Rule 15. (H impact, ML generality)
    	For Intel Atom processors, use segments with base set to 0
    	whenever possible; avoid non-zero segment base address that is
    	not aligned to cache line boundary at all cost.
    
    We can't avoid having a non-zero base for the stack-protector
    segment, but we can make it cache-aligned.
    
    Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
    LKML-Reference: <4AA01893.6000507@goop.org>
    Signed-off-by: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    jsgf committed with gregkh Sep 3, 2009
  20. @RoelKluin @gregkh

    x86: Fix x86_model test in es7000_apic_is_cluster()

    commit 005155b upstream.
    
    For the x86_model to be greater than 6 or less than 12 is
    logically always true.
    
    Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    RoelKluin committed with gregkh Aug 25, 2009
  21. @gregkh

    perf stat: Change noise calculation to use stddev

    commit 506d4bc upstream.
    
    The current noise computation does:
    
     \Sum abs(n_i - avg(n)) * N^-1.5
    
    Which is (afaik) not a regular noise function, and needs the
    complete sample set available to post-process.
    
    Change this to use a regular stddev computation which can be
    done by keeping a two sums:
    
     stddev = sqrt( 1/N (\Sum n_i^2) - avg(n)^2 )
    
    For which we only need to keep \Sum n_i and \Sum n_i^2.
    
    Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
    Cc: <stable@kernel.org>
    LKML-Reference: <new-submission>
    Signed-off-by: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Peter Zijlstra committed with gregkh Sep 4, 2009
  22. @gregkh

    mlx4_core: Allocate and map sufficient ICM memory for EQ context

    commit fa0681d upstream.
    
    The current implementation allocates a single host page for EQ context
    memory, which was OK when we only allocated a few EQs.  However, since
    we now allocate an EQ for each CPU core, this patch removes the
    hard-coded limit (which we exceed with 4 KB pages and 128 byte EQ
    context entries with 32 CPUs) and uses the same ICM table code as all
    other context tables, which ends up simplifying the code quite a bit
    while fixing the problem.
    
    This problem was actually hit in practice on a dual-socket Nehalem box
    with 16 real hardware threads and sufficiently odd ACPI tables that it
    shows on boot
    
        SMP: Allowing 32 CPUs, 16 hotplug CPUs
    
    so num_possible_cpus() ends up 32, and mlx4 ends up creating 33 MSI-X
    interrupts and 33 EQs.  This mlx4 bug means that mlx4 can't even
    initialize at all on this quite mainstream system.
    
    Reported-by: Eli Cohen <eli@mellanox.co.il>
    Tested-by: Christoph Lameter <cl@linux-foundation.org>
    Signed-off-by: Roland Dreier <rolandd@cisco.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Roland Dreier committed with gregkh Sep 6, 2009
  23. @cladisch @gregkh

    sound: oxygen: work around MCE when changing volume

    commit f1bc07a upstream.
    
    When the volume is changed continuously (e.g., when the user drags a
    volume slider with the mouse), the driver does lots of I2C writes.
    Apparently, the sound chip can get confused when we poll the I2C status
    register too much, and fails to complete a read from it.  On the PCI-E
    models, the PCI-E/PCI bridge gets upset by this and generates a machine
    check exception.
    
    To avoid this, this patch replaces the polling with an unconditional
    wait that is guaranteed to be long enough.
    
    Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
    Tested-by: Johann Messner <johann.messner at jku.at>
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    cladisch committed with gregkh Sep 7, 2009
  24. @broonie @gregkh

    ASoC: Fix WM835x Out4 capture enumeration

    commit 87831cb upstream.
    
    It's the 8th enum of a zero indexed array. This is why I don't let
    new drivers use these arrays of enums...
    
    Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    broonie committed with gregkh Sep 7, 2009
  25. @gregkh

    ALSA: cs46xx - Fix minimum period size

    commit 6148b13 upstream.
    
    Fix minimum period size for cs46xx cards. This fixes a problem in the
    case where neither a period size nor a buffer size is passed to ALSA;
    this is the case in Audacious, OpenAL, and others.
    
    Signed-off-by: Sophie Hamilton <kernel@theblob.org>
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Sophie Hamilton committed with gregkh Sep 8, 2009
  26. @gregkh

    agp/intel: remove restore in resume

    commit 1212648 upstream.
    
    As early pci resume has already restored config for host
    bridge and graphics device, don't need to restore it again,
    This removes an original order hack for graphics device restore.
    
    This fixed the resume hang issue found by Alan Stern on 845G,
    caused by extra config restore on graphics device.
    
    Cc: Alan Stern <stern@rowland.harvard.edu>
    Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
    Signed-off-by: Dave Airlie <airlied@linux.ie>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Zhenyu Wang committed with gregkh Sep 14, 2009
  27. @gregkh

    block: don't assume device has a request list backing in nr_requests …

    …store
    
    commit b8a9ae7 upstream.
    
    Stacked devices do not. For now, just error out with -EINVAL. Later
    we could make the limit apply on stacked devices too, for throttling
    reasons.
    
    This fixes
    
    5a54cd13353bb3b88887604e2c980aa01e314309
    
    and should go into 2.6.31 stable as well.
    
    Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Jens Axboe committed with gregkh Sep 11, 2009
  28. @gregkh

    powerpc/ps3: Workaround for flash memory I/O error

    commit bc00351 upstream.
    
    A workaround for flash memory I/O errors when the PS3 internal
    hard disk has not been formatted for OtherOS use.
    
    This error condition mainly effects 'Live CD' users who have not
    formatted the PS3's internal hard disk for OtherOS.
    
    Fixes errors similar to these when using the ps3-flash-util
    or ps3-boot-game-os programs:
    
      ps3flash read failed 0x2050000
      os_area_header_read: read error: os_area_header: Input/output error
      main:627: os_area_read_hp error.
      ERROR: can't change boot flag
    
    Signed-off-by: Geoff Levand <geoffrey.levand@am.sony.com>
    Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Geoff Levand committed with gregkh Sep 9, 2009
  29. @paulusmack @gregkh

    powerpc: Fix bug where perf_counters breaks oprofile

    commit a6dbf93 upstream.
    
    Currently there is a bug where if you use oprofile on a pSeries
    machine, then use perf_counters, then use oprofile again, oprofile
    will not work correctly; it will lose the PMU configuration the next
    time the hypervisor does a partition context switch, and thereafter
    won't count anything.
    
    Maynard Johnson identified the sequence causing the problem:
    - oprofile setup calls ppc_enable_pmcs(), which calls
      pseries_lpar_enable_pmcs, which tells the hypervisor that we want
      to use the PMU, and sets the "PMU in use" flag in the lppaca.
      This flag tells the hypervisor whether it needs to save and restore
      the PMU config.
    - The perf_counter code sets and clears the "PMU in use" flag directly
      as it context-switches the PMU between tasks, and leaves it clear
      when it finishes.
    - oprofile setup, called for a new oprofile run, calls ppc_enable_pmcs,
      which does nothing because it has already been called.  In particular
      it doesn't set the "PMU in use" flag.
    
    This fixes the problem by arranging for ppc_enable_pmcs to always set
    the "PMU in use" flag.  It makes the perf_counter code call
    ppc_enable_pmcs also rather than calling the lower-level function
    directly, and removes the setting of the "PMU in use" flag from
    pseries_lpar_enable_pmcs, since that is now done in its caller.
    
    This also removes the declaration of pasemi_enable_pmcs because it
    isn't defined anywhere.
    
    Reported-by: Maynard Johnson <mpjohn@us.ibm.com>
    Signed-off-by: Paul Mackerras <paulus@samba.org>
    Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    paulusmack committed with gregkh Sep 9, 2009
  30. @paulusmack @gregkh

    powerpc/perf_counters: Reduce stack usage of power_check_constraints

    commit e51ee31 upstream.
    
    Michael Ellerman reported stack-frame size warnings being produced
    for power_check_constraints(), which uses an 8*8 array of u64 and
    two 8*8 arrays of unsigned long, which are currently allocated on the
    stack, along with some other smaller variables.  These arrays come
    to 1.5kB on 64-bit or 1kB on 32-bit, which is a bit too much for the
    stack.
    
    This fixes the problem by putting these arrays in the existing
    per-cpu cpu_hw_counters struct.  This is OK because two of the call
    sites have interrupts disabled already; for the third call site we
    use get_cpu_var, which disables preemption, so we know we won't
    get a context switch while we're in power_check_constraints().
    Note that power_check_constraints() can be called during context
    switch but is not called from interrupts.
    
    Reported-by: Michael Ellerman <michael@ellerman.id.au>
    Signed-off-by: Paul Mackerras <paulus@samba.org>
    Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    paulusmack committed with gregkh Sep 9, 2009
  31. @paulusmack @gregkh

    perf_counter: Start counting time enabled when group leader gets enabled

    commit fa289be upstream.
    
    Currently, if a group is created where the group leader is
    initially disabled but a non-leader member is initially
    enabled, and then the leader is subsequently enabled some time
    later, the time_enabled for the non-leader member will reflect
    the whole time since it was created, not just the time since
    the leader was enabled.
    
    This is incorrect, because all of the members are effectively
    disabled while the leader is disabled, since none of the
    members can go on the PMU if the leader can't.
    
    Thus we have to update the ->tstamp_enabled for all the enabled
    group members when a group leader is enabled, so that the
    time_enabled computation only counts the time since the leader
    was enabled.
    
    Similarly, when disabling a group leader we have to update the
    time_enabled and time_running for all of the group members.
    
    Also, in update_counter_times, we have to treat a counter whose
    group leader is disabled as being disabled.
    
    Reported-by: Stephane Eranian <eranian@googlemail.com>
    Signed-off-by: Paul Mackerras <paulus@samba.org>
    Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
    LKML-Reference: <19091.29664.342227.445006@drongo.ozlabs.ibm.com>
    Signed-off-by: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    paulusmack committed with gregkh Aug 25, 2009
  32. @gregkh

    perf_counter: Fix buffer overflow in perf_copy_attr()

    commit b3e62e3 upstream.
    
    If we pass a big size data over perf_counter_open() syscall,
    the kernel will copy this data to a small buffer, it will
    cause kernel crash.
    
    This bug makes the kernel unsafe and non-root local user can
    trigger it.
    
    Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
    Acked-by: Peter Zijlstra <peterz@infradead.org>
    Acked-by: Paul Mackerras <paulus@samba.org>
    LKML-Reference: <4AAF37D4.5010706@cn.fujitsu.com>
    Signed-off-by: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Xiao Guangrong committed with gregkh Sep 15, 2009
  33. @gregkh

    fix undefined reference to user_shm_unlock

    commit 2195d28 upstream.
    
    My 353d5c3 "mm: fix hugetlb bug due to
    user_shm_unlock call" broke the CONFIG_SYSVIPC !CONFIG_MMU build of both
    2.6.31 and 2.6.30.6: "undefined reference to `user_shm_unlock'".
    
    gcc didn't understand my comment! so couldn't figure out to optimize
    away user_shm_unlock() from the error path in the hugetlb-less case, as
    it does elsewhere.  Help it to do so, in a language it understands.
    
    Reported-by: Mike Frysinger <vapier@gentoo.org>
    Signed-off-by: Hugh Dickins <hugh.dickins@tiscali.co.uk>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Hugh Dickins committed with gregkh Sep 12, 2009
  34. @gregkh

    x86/amd-iommu: fix broken check in amd_iommu_flush_all_devices

    commit e0faf54 upstream.
    
    The amd_iommu_pd_table is indexed by protection domain
    number and not by device id. So this check is broken and
    must be removed.
    
    Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Joerg Roedel committed with gregkh Sep 3, 2009
  35. @geertu @gregkh

    md: Fix "strchr" [drivers/md/dm-log-userspace.ko] undefined!

    commit 0d03d59 upstream.
    
    Commit b8313b6 ("dm log: remove incorrect
    field from userspace table output") added a call to strstr() with a
    single-character "needle" string parameter.
    
    Unfortunately some versions of gcc replace such calls to strstr() by calls
    to strchr() behind our back.  This causes linking errors if strchr() is
    defined as an inline function in <asm/string.h> (e.g. on m68k):
    
    | WARNING: "strchr" [drivers/md/dm-log-userspace.ko] undefined!
    
    Avoid this by explicitly calling strchr() instead.
    
    Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    geertu committed with gregkh Sep 10, 2009