Permalink
Commits on Sep 27, 2010
  1. Merge branch 'configs-2.6.35'

    Oleksandr Natalenko committed Sep 27, 2010
  2. configs-2.6.35: update config for Dell Inspiron 1525 laptop

    This commit disables:
    -BFS due to soft lock-up bug in v350;
    -BFQ due to noop+NCQ working;
    -LinuxIMQ due to useless;
    -MTD due to useless.
    
    Nevertheless, these features are still available and may be enabled at
    any time.
    Oleksandr Natalenko committed Sep 27, 2010
  3. Merge branch 'configs-2.6.35'

    Oleksandr Natalenko committed Sep 27, 2010
  4. configs-2.6.35: update comments to match current version

    Oleksandr Natalenko committed Sep 27, 2010
  5. Merge branch 'version-2.6.35'

    Oleksandr Natalenko committed Sep 27, 2010
  6. version-2.6.35: bump version to v2.6.35-pf10

    Oleksandr Natalenko committed Sep 27, 2010
  7. Merge remote branch 'tuxonice-2.6.35/combined'

    Oleksandr Natalenko committed Sep 27, 2010
  8. fix merge conflict

    Oleksandr Natalenko committed Sep 27, 2010
  9. Linux 2.6.35.6

    gregkh committed Sep 27, 2010
  10. alpha: Fix printk format errors

    commit 3e07336 upstream.
    
    When compiling alpha generic build get errors such as:
    arch/alpha/kernel/err_marvel.c: In function ‘marvel_print_err_cyc’:
    arch/alpha/kernel/err_marvel.c:119: error: format ‘%ld’ expects type ‘long int’, but argument 6 has type ‘u64’
    
    Replaced a number of %ld format specifiers with %lld since u64
    is unsigned long long.
    
    Signed-off-by: Michael Cree <mcree@orcon.net.nz>
    Signed-off-by: Matt Turner <mattst88@gmail.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Michael Cree committed with gregkh Sep 1, 2010
  11. drm/i915: Ensure that the crtcinfo is populated during mode_fixup()

    commit 8974935 upstream.
    
    This should fix the mysterious mode setting failures reported during
    boot up and after resume, generally for i8xx class machines.
    
    Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=16478
    Reported-and-tested-by: Xavier Chantry <chantry.xavier@gmail.com>
    Buzilla: https://bugs.freedesktop.org/show_bug.cgi?id=29413
    Tested-by: Daniel Vetter <daniel@ffwll.ch>
    Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    ickle committed with gregkh Sep 12, 2010
  12. sctp: Do not reset the packet during sctp_packet_config().

    commit 4bdab43 upstream.
    
    sctp_packet_config() is called when getting the packet ready
    for appending of chunks.  The function should not touch the
    current state, since it's possible to ping-pong between two
    transports when sending, and that can result packet corruption
    followed by skb overlfow crash.
    
    Reported-by: Thomas Dreibholz <dreibh@iem.uni-due.de>
    Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Vlad Yasevich committed with gregkh Sep 15, 2010
  13. Fix unprotected access to task credentials in waitid()

    commit f362b73 upstream.
    
    Using a program like the following:
    
    	#include <stdlib.h>
    	#include <unistd.h>
    	#include <sys/types.h>
    	#include <sys/wait.h>
    
    	int main() {
    		id_t id;
    		siginfo_t infop;
    		pid_t res;
    
    		id = fork();
    		if (id == 0) { sleep(1); exit(0); }
    		kill(id, SIGSTOP);
    		alarm(1);
    		waitid(P_PID, id, &infop, WCONTINUED);
    		return 0;
    	}
    
    to call waitid() on a stopped process results in access to the child task's
    credentials without the RCU read lock being held - which may be replaced in the
    meantime - eliciting the following warning:
    
    	===================================================
    	[ INFO: suspicious rcu_dereference_check() usage. ]
    	---------------------------------------------------
    	kernel/exit.c:1460 invoked rcu_dereference_check() without protection!
    
    	other info that might help us debug this:
    
    	rcu_scheduler_active = 1, debug_locks = 1
    	2 locks held by waitid02/22252:
    	 #0:  (tasklist_lock){.?.?..}, at: [<ffffffff81061ce5>] do_wait+0xc5/0x310
    	 #1:  (&(&sighand->siglock)->rlock){-.-...}, at: [<ffffffff810611da>]
    	wait_consider_task+0x19a/0xbe0
    
    	stack backtrace:
    	Pid: 22252, comm: waitid02 Not tainted 2.6.35-323cd+ #3
    	Call Trace:
    	 [<ffffffff81095da4>] lockdep_rcu_dereference+0xa4/0xc0
    	 [<ffffffff81061b31>] wait_consider_task+0xaf1/0xbe0
    	 [<ffffffff81061d15>] do_wait+0xf5/0x310
    	 [<ffffffff810620b6>] sys_waitid+0x86/0x1f0
    	 [<ffffffff8105fce0>] ? child_wait_callback+0x0/0x70
    	 [<ffffffff81003282>] system_call_fastpath+0x16/0x1b
    
    This is fixed by holding the RCU read lock in wait_task_continued() to ensure
    that the task's current credentials aren't destroyed between us reading the
    cred pointer and us reading the UID from those credentials.
    
    Furthermore, protect wait_task_stopped() in the same way.
    
    We don't need to keep holding the RCU read lock once we've read the UID from
    the credentials as holding the RCU read lock doesn't stop the target task from
    changing its creds under us - so the credentials may be outdated immediately
    after we've read the pointer, lock or no lock.
    
    Signed-off-by: Daniel J Blueman <daniel.blueman@gmail.com>
    Signed-off-by: David Howells <dhowells@redhat.com>
    Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
    Acked-by: Oleg Nesterov <oleg@redhat.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Daniel J Blueman committed with gregkh Aug 17, 2010
  14. guard page for stacks that grow upwards

    commit 8ca3eb0 upstream.
    
    pa-risc and ia64 have stacks that grow upwards. Check that
    they do not run into other mappings. By making VM_GROWSUP
    0x0 on architectures that do not ever use it, we can avoid
    some unpleasant #ifdefs in check_stack_guard_page().
    
    Signed-off-by: Tony Luck <tony.luck@intel.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: dann frazier <dannf@debian.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Luck, Tony committed with gregkh Aug 24, 2010
  15. mm: page allocator: update free page counters after pages are placed …

    …on the free list
    
    commit 72853e2 upstream.
    
    When allocating a page, the system uses NR_FREE_PAGES counters to
    determine if watermarks would remain intact after the allocation was made.
    This check is made without interrupts disabled or the zone lock held and
    so is race-prone by nature.  Unfortunately, when pages are being freed in
    batch, the counters are updated before the pages are added on the list.
    During this window, the counters are misleading as the pages do not exist
    yet.  When under significant pressure on systems with large numbers of
    CPUs, it's possible for processes to make progress even though they should
    have been stalled.  This is particularly problematic if a number of the
    processes are using GFP_ATOMIC as the min watermark can be accidentally
    breached and in extreme cases, the system can livelock.
    
    This patch updates the counters after the pages have been added to the
    list.  This makes the allocator more cautious with respect to preserving
    the watermarks and mitigates livelock possibilities.
    
    [akpm@linux-foundation.org: avoid modifying incoming args]
    Signed-off-by: Mel Gorman <mel@csn.ul.ie>
    Reviewed-by: Rik van Riel <riel@redhat.com>
    Reviewed-by: Minchan Kim <minchan.kim@gmail.com>
    Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
    Reviewed-by: Christoph Lameter <cl@linux.com>
    Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
    Acked-by: Johannes Weiner <hannes@cmpxchg.org>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    gormanm committed with gregkh Sep 9, 2010
  16. mm: page allocator: calculate a better estimate of NR_FREE_PAGES when…

    … memory is low and kswapd is awake
    
    commit aa45484 upstream.
    
    Ordinarily watermark checks are based on the vmstat NR_FREE_PAGES as it is
    cheaper than scanning a number of lists.  To avoid synchronization
    overhead, counter deltas are maintained on a per-cpu basis and drained
    both periodically and when the delta is above a threshold.  On large CPU
    systems, the difference between the estimated and real value of
    NR_FREE_PAGES can be very high.  If NR_FREE_PAGES is much higher than
    number of real free page in buddy, the VM can allocate pages below min
    watermark, at worst reducing the real number of pages to zero.  Even if
    the OOM killer kills some victim for freeing memory, it may not free
    memory if the exit path requires a new page resulting in livelock.
    
    This patch introduces a zone_page_state_snapshot() function (courtesy of
    Christoph) that takes a slightly more accurate view of an arbitrary vmstat
    counter.  It is used to read NR_FREE_PAGES while kswapd is awake to avoid
    the watermark being accidentally broken.  The estimate is not perfect and
    may result in cache line bounces but is expected to be lighter than the
    IPI calls necessary to continually drain the per-cpu counters while kswapd
    is awake.
    
    Signed-off-by: Christoph Lameter <cl@linux.com>
    Signed-off-by: Mel Gorman <mel@csn.ul.ie>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Christoph Lameter committed with gregkh Sep 9, 2010
  17. mm: page allocator: drain per-cpu lists after direct reclaim allocati…

    …on fails
    
    commit 9ee493c upstream.
    
    When under significant memory pressure, a process enters direct reclaim
    and immediately afterwards tries to allocate a page.  If it fails and no
    further progress is made, it's possible the system will go OOM.  However,
    on systems with large amounts of memory, it's possible that a significant
    number of pages are on per-cpu lists and inaccessible to the calling
    process.  This leads to a process entering direct reclaim more often than
    it should increasing the pressure on the system and compounding the
    problem.
    
    This patch notes that if direct reclaim is making progress but allocations
    are still failing that the system is already under heavy pressure.  In
    this case, it drains the per-cpu lists and tries the allocation a second
    time before continuing.
    
    Signed-off-by: Mel Gorman <mel@csn.ul.ie>
    Reviewed-by: Minchan Kim <minchan.kim@gmail.com>
    Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
    Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
    Reviewed-by: Christoph Lameter <cl@linux.com>
    Cc: Dave Chinner <david@fromorbit.com>
    Cc: Wu Fengguang <fengguang.wu@intel.com>
    Cc: David Rientjes <rientjes@google.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    gormanm committed with gregkh Sep 9, 2010
  18. dell-wmi: Add support for eject key on Dell Studio 1555

    commit d5164db upstream.
    
    Fixes pressing the eject key on Dell Studio 1555 does not work and produces
    message :
    
    dell-wmi: Unknown key 0 pressed
    
    Signed-off-by: Islam Amer <pharon@gmail.com>
    Cc: Kyle McMartin <kyle@mcmartin.ca>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    iamer committed with gregkh Jun 24, 2010
  19. Fix call to replaced SuperIO functions

    commit 59b25ed upstream.
    
    This patch fixes the failure to compile Alpha Generic because of
    previously overlooked calls to ns87312_enable_ide(). The function has
    been replaced by newer SuperIO code.
    
    Tested-by: Michael Cree <mcree@orcon.net.nz>
    Signed-off-by: Morten H. Larsen <m-larsen@post6.tele.dk>
    Signed-off-by: Matt Turner <mattst88@gmail.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Morten H. Larsen committed with gregkh Sep 1, 2010
  20. ALSA: hda - Fix beep frequency on IDT 92HD73xx and 92HD71Bxx codecs

    commit 1b0e372 upstream.
    
    Fix HDA beep frequency on IDT 92HD73xx and 92HD71Bxx codecs.
    These codecs use the standard beep frequency calculation although the
    datasheet says it's linear frequency.
    
    Other IDT/STAC codecs might have the same problem.  They should be
    fixed individually later.
    
    Signed-off-by: Daniel J Blueman <daniel.blueman@gmail.com>
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Cc: أحمد المحمودي <aelmahmoudy@sabily.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Daniel J Blueman committed with gregkh Aug 3, 2010
  21. x86, asm: Use a lower case name for the end macro in atomic64_386_32.S

    commit 417484d upstream.
    
    Use a lowercase name for the end macro, which somehow fixes a binutils 2.16
    problem.
    
    Signed-off-by: Luca Barbieri <luca@luca-barbieri.com>
    LKML-Reference: <tip-30246557a06bb20618bed906a06d1e1e0faa8bb4@git.kernel.org>
    Signed-off-by: H. Peter Anvin <hpa@zytor.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Luca Barbieri committed with gregkh Aug 12, 2010
  22. PM / Hibernate: Avoid hitting OOM during preallocation of memory

    commit 6715045 upstream.
    
    There is a problem in hibernate_preallocate_memory() that it calls
    preallocate_image_memory() with an argument that may be greater than
    the total number of available non-highmem memory pages.  If that's
    the case, the OOM condition is guaranteed to trigger, which in turn
    can cause significant slowdown to occur during hibernation.
    
    To avoid that, make preallocate_image_memory() adjust its argument
    before calling preallocate_image_pages(), so that the total number of
    saveable non-highem pages left is not less than the minimum size of
    a hibernation image.  Change hibernate_preallocate_memory() to try to
    allocate from highmem if the number of pages allocated by
    preallocate_image_memory() is too low.
    
    Modify free_unnecessary_pages() to take all possible memory
    allocation patterns into account.
    
    Reported-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
    Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
    Tested-by: M. Vefa Bicakci <bicave@superonline.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    rjwysocki committed with gregkh Sep 11, 2010
  23. PM: Prevent waiting forever on asynchronous resume after failing suspend

    commit 152e1d5 upstream.
    
    During suspend, the power.completion is expected to be set when a
    device has not yet started suspending.  Set it on init to fix a
    corner case where a device is resumed when its parent has never
    suspended.
    
    Consider three drivers, A, B, and C.  The parent of A is C, and C
    has async_suspend set.  On boot, C->power.completion is initialized
    to 0.
    
    During the first suspend:
    suspend_devices_and_enter(...)
     dpm_resume(...)
      device_suspend(A)
      device_suspend(B) returns error, aborts suspend
     dpm_resume_end(...)
       dpm_resume(...)
        device_resume(A)
         dpm_wait(A->parent == C)
          wait_for_completion(C->power.completion)
    
    The wait_for_completion will never complete, because
    complete_all(C->power.completion) will only be called from
    device_suspend(C) or device_resume(C), neither of which is called
    if suspend is aborted before C.
    
    After a successful suspend->resume cycle, where B doesn't abort
    suspend, C->power.completion is left in the completed state by the
    call to device_resume(C), and the same call path will work if B
    aborts suspend.
    
    Signed-off-by: Colin Cross <ccross@android.com>
    Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    colincross committed with gregkh Sep 2, 2010
  24. AT91: change dma resource index

    commit 8d2602e upstream.
    
    Reported-by: Dan Liang <dan.liang@atmel.com>
    Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    noglitch committed with gregkh Aug 20, 2010
  25. drivers/video/via/ioctl.c: prevent reading uninitialized stack memory

    commit b4aaa78 upstream.
    
    The VIAFB_GET_INFO device ioctl allows unprivileged users to read 246
    bytes of uninitialized stack memory, because the "reserved" member of
    the viafb_ioctl_info struct declared on the stack is not altered or
    zeroed before being copied back to the user.  This patch takes care of
    it.
    
    Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
    Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Dan Rosenberg committed with gregkh Sep 15, 2010
  26. xfs: prevent reading uninitialized stack memory

    commit a122eb2 upstream.
    
    The XFS_IOC_FSGETXATTR ioctl allows unprivileged users to read 12
    bytes of uninitialized stack memory, because the fsxattr struct
    declared on the stack in xfs_ioc_fsgetxattr() does not alter (or zero)
    the 12-byte fsx_pad member before copying it back to the user.  This
    patch takes care of it.
    
    Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
    Reviewed-by: Eric Sandeen <sandeen@redhat.com>
    Signed-off-by: Alex Elder <aelder@sgi.com>
    Cc: dann frazier <dannf@debian.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    djrbliss committed with gregkh Sep 6, 2010
  27. KEYS: Fix bug in keyctl_session_to_parent() if parent has no session …

    …keyring
    
    commit 3d96406 upstream.
    
    Fix a bug in keyctl_session_to_parent() whereby it tries to check the ownership
    of the parent process's session keyring whether or not the parent has a session
    keyring [CVE-2010-2960].
    
    This results in the following oops:
    
      BUG: unable to handle kernel NULL pointer dereference at 00000000000000a0
      IP: [<ffffffff811ae4dd>] keyctl_session_to_parent+0x251/0x443
      ...
      Call Trace:
       [<ffffffff811ae2f3>] ? keyctl_session_to_parent+0x67/0x443
       [<ffffffff8109d286>] ? __do_fault+0x24b/0x3d0
       [<ffffffff811af98c>] sys_keyctl+0xb4/0xb8
       [<ffffffff81001eab>] system_call_fastpath+0x16/0x1b
    
    if the parent process has no session keyring.
    
    If the system is using pam_keyinit then it mostly protected against this as all
    processes derived from a login will have inherited the session keyring created
    by pam_keyinit during the log in procedure.
    
    To test this, pam_keyinit calls need to be commented out in /etc/pam.d/.
    
    Reported-by: Tavis Ormandy <taviso@cmpxchg8b.com>
    Signed-off-by: David Howells <dhowells@redhat.com>
    Acked-by: Tavis Ormandy <taviso@cmpxchg8b.com>
    Cc: dann frazier <dannf@debian.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    dhowells committed with gregkh Sep 10, 2010
  28. KEYS: Fix RCU no-lock warning in keyctl_session_to_parent()

    commit 9d1ac65 upstream.
    
    There's an protected access to the parent process's credentials in the middle
    of keyctl_session_to_parent().  This results in the following RCU warning:
    
      ===================================================
      [ INFO: suspicious rcu_dereference_check() usage. ]
      ---------------------------------------------------
      security/keys/keyctl.c:1291 invoked rcu_dereference_check() without protection!
    
      other info that might help us debug this:
    
      rcu_scheduler_active = 1, debug_locks = 0
      1 lock held by keyctl-session-/2137:
       #0:  (tasklist_lock){.+.+..}, at: [<ffffffff811ae2ec>] keyctl_session_to_parent+0x60/0x236
    
      stack backtrace:
      Pid: 2137, comm: keyctl-session- Not tainted 2.6.36-rc2-cachefs+ #1
      Call Trace:
       [<ffffffff8105606a>] lockdep_rcu_dereference+0xaa/0xb3
       [<ffffffff811ae379>] keyctl_session_to_parent+0xed/0x236
       [<ffffffff811af77e>] sys_keyctl+0xb4/0xb6
       [<ffffffff81001eab>] system_call_fastpath+0x16/0x1b
    
    The code should take the RCU read lock to make sure the parents credentials
    don't go away, even though it's holding a spinlock and has IRQ disabled.
    
    Signed-off-by: David Howells <dhowells@redhat.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: dann frazier <dannf@debian.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    dhowells committed with gregkh Sep 10, 2010
  29. IA64: Optimize ticket spinlocks in fsys_rt_sigprocmask

    commit 2d2b690 upstream.
    
    Tony's fix (f574c84) has a small bug,
    it incorrectly uses "r3" as a scratch register in the first of the two
    unlock paths ... it is also inefficient.  Optimize the fast path again.
    
    Signed-off-by: Petr Tesarik <ptesarik@suse.cz>
    Signed-off-by: Tony Luck <tony.luck@intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    ptesarik committed with gregkh Sep 15, 2010
  30. IA64: fix siglock

    commit f574c84 upstream.
    
    When ia64 converted to using ticket locks, an inline implementation
    of trylock/unlock in fsys.S was missed.  This was not noticed because
    in most circumstances it simply resulted in using the slow path because
    the siglock was apparently not available (under old spinlock rules).
    
    Problems occur when the ticket spinlock has value 0x0 (when first
    initialised, or when it wraps around). At this point the fsys.S
    code acquires the lock (changing the 0x0 to 0x1. If another process
    attempts to get the lock at this point, it will change the value from
    0x1 to 0x2 (using new ticket lock rules). Then the fsys.S code will
    free the lock using old spinlock rules by writing 0x0 to it. From
    here a variety of bad things can happen.
    
    Signed-off-by: Tony Luck <tony.luck@intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Tony Luck committed with gregkh Sep 9, 2010
  31. KVM: VMX: Fix host GDT.LIMIT corruption

    commit 3444d7d upstream.
    
    vmx does not restore GDT.LIMIT to the host value, instead it sets it to 64KB.
    This means host userspace can learn a few bits of host memory.
    
    Fix by reloading GDTR when we load other host state.
    
    Signed-off-by: Avi Kivity <avi@redhat.com>
    Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Avi Kivity committed with gregkh Sep 17, 2010
  32. KVM: MMU: fix mmu notifier invalidate handler for huge spte

    commit 6e3e243 upstream.
    
    The index wasn't calculated correctly (off by one) for huge spte so KVM guest
    was unstable with transparent hugepages.
    
    Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
    Reviewed-by: Reviewed-by: Rik van Riel <riel@redhat.com>
    Signed-off-by: Avi Kivity <avi@redhat.com>
    Cc: Marcelo Tosatti <mtosatti@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Andrea Arcangeli committed with gregkh Sep 17, 2010
  33. KVM: x86: emulator: inc/dec can have lock prefix

    commit c0e0608 upstream.
    
    Mark inc (0xfe/0 0xff/0) and dec (0xfe/1 0xff/1) as lock prefix capable.
    
    Signed-off-by: Gleb Natapov <gleb@redhat.com>
    Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Gleb Natapov committed with gregkh Sep 17, 2010
  34. KVM: MMU: fix direct sp's access corrupted

    commit 9e7b0e7 upstream.
    
    If the mapping is writable but the dirty flag is not set, we will find
    the read-only direct sp and setup the mapping, then if the write #PF
    occur, we will mark this mapping writable in the read-only direct sp,
    now, other real read-only mapping will happily write it without #PF.
    
    It may hurt guest's COW
    
    Fixed by re-install the mapping when write #PF occur.
    
    Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
    Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Xiao Guangrong committed with gregkh Sep 17, 2010