commit 2dae6a640c0c23d06b32b9b6293b9226203bda89 Author: Greg Kroah-Hartman Date: Mon Oct 5 08:38:08 2009 -0700 Linux 2.6.30.9 commit 9823868305a23da688ac12ff94e3496238d91e44 Author: Lee Schermerhorn Date: Mon Sep 21 17:03:40 2009 -0700 mmap: avoid unnecessary anon_vma lock acquisition in vma_adjust() commit 252c5f94d944487e9f50ece7942b0fbf659c5c31 upstream. We noticed very erratic behavior [throughput] with the AIM7 shared workload running on recent distro [SLES11] and mainline kernels on an 8-socket, 32-core, 256GB x86_64 platform. On the SLES11 kernel [2.6.27.19+] with Barcelona processors, as we increased the load [10s of thousands of tasks], the throughput would vary between two "plateaus"--one at ~65K jobs per minute and one at ~130K jpm. The simple patch below causes the results to smooth out at the ~130k plateau. But wait, there's more: We do not see this behavior on smaller platforms--e.g., 4 socket/8 core. This could be the result of the larger number of cpus on the larger platform--a scalability issue--or it could be the result of the larger number of interconnect "hops" between some nodes in this platform and how the tasks for a given load end up distributed over the nodes' cpus and memories--a stochastic NUMA effect. The variability in the results are less pronounced [on the same platform] with Shanghai processors and with mainline kernels. With 31-rc6 on Shanghai processors and 288 file systems on 288 fibre attached storage volumes, the curves [jpm vs load] are both quite flat with the patched kernel consistently producing ~3.9% better throughput [~80K jpm vs ~77K jpm] than the unpatched kernel. Profiling indicated that the "slow" runs were incurring high[er] contention on an anon_vma lock in vma_adjust(), apparently called from the sbrk() system call. The patch: A comment in mm/mmap.c:vma_adjust() suggests that we don't really need the anon_vma lock when we're only adjusting the end of a vma, as is the case for brk(). The comment questions whether it's worth while to optimize for this case. Apparently, on the newer, larger x86_64 platforms, with interesting NUMA topologies, it is worth while--especially considering that the patch [if correct!] is quite simple. We can detect this condition--no overlap with next vma--by noting a NULL "importer". The anon_vma pointer will also be NULL in this case, so simply avoid loading vma->anon_vma to avoid the lock. However, we DO need to take the anon_vma lock when we're inserting a vma ['insert' non-NULL] even when we have no overlap [NULL "importer"], so we need to check for 'insert', as well. And Hugh points out that we should also take it when adjusting vm_start (so that rmap.c can rely upon vma_address() while it holds the anon_vma lock). akpm: Zhang Yanmin reprts a 150% throughput improvement with aim7, so it might be -stable material even though thiss isn't a regression: "this issue is not clear on dual socket Nehalem machine (2*4*2 cpu), but is severe on large machine (4*8*2 cpu)" [hugh.dickins@tiscali.co.uk: test vma start too] Signed-off-by: Lee Schermerhorn Signed-off-by: Hugh Dickins Cc: Nick Piggin Cc: Eric Whitney Tested-by: "Zhang, Yanmin" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 5d6ac1a7861f806ee68810a08a7064fec15477ed Author: Hugh Dickins Date: Mon Sep 21 17:03:29 2009 -0700 mm: fix anonymous dirtying commit 1ac0cb5d0e22d5e483f56b2bc12172dec1cf7536 upstream. do_anonymous_page() has been wrong to dirty the pte regardless. If it's not going to mark the pte writable, then it won't help to mark it dirty here, and clogs up memory with pages which will need swap instead of being thrown away. Especially wrong if no overcommit is chosen, and this vma is not yet VM_ACCOUNTed - we could exceed the limit and OOM despite no overcommit. Signed-off-by: Hugh Dickins Acked-by: Rik van Riel Cc: KAMEZAWA Hiroyuki Cc: KOSAKI Motohiro Cc: Nick Piggin Cc: Mel Gorman Cc: Minchan Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 30f5582a68a013f742657c3f2b8737f0c5ad6c79 Author: Henrique de Moraes Holschuh Date: Fri Sep 25 21:57:33 2009 -0300 thinkpad-acpi: fix incorrect use of TPACPI_BRGHT_MODE_ECNVRAM HBRV-based default selection of backlight control strategy didn't work well, at least the X41 defines it but doesn't use it and I don't think it will stop there. Switch to a blacklist, and make sure only Radeon- based models get ECNVRAM. Symptoms of incorrect backlight mode selection are: 1. Non-working backlight control through sysfs; 2. Backlight gets reset to the lowest level at every shutdown, reboot and when thinkpad-acpi gets unloaded; This fixes a regression in 2.6.30, bugzilla #13826. This fix is already present on 2.6.31. This is a minimal patch for 2.6.30-stable, based on mainline commits: 050df107c408a3df048524b3783a5fc6d4dccfdb, 7d95a3d564901e88ed42810f054e579874151999, 59fe4fe34d7afdf63208124f313be9056feaa2f4, 6da25bf51689a5cc60370d30275dbb9e6852e0cb Signed-off-by: Henrique de Moraes Holschuh Reported-by: Tobias Diedrich Reported-by: Robert de Rooy Signed-off-by: Greg Kroah-Hartman commit 51acd2e6291fe7527bfd3106f5535e68993de0f9 Author: Rafael J. Wysocki Date: Tue Sep 29 00:11:03 2009 +0200 PM / yenta: Fix cardbus suspend/resume regression commit 0c570cdeb8fdfcb354a3e9cd81bfc6a09c19de0c upstream. Since 2.6.29 the PCI PM core have been restoring the standard configuration registers of PCI devices in the early phase of resume. In particular, PCI devices without drivers have been handled this way since commit 355a72d75b3b4f4877db4c9070c798238028ecb5 (PCI: Rework default handling of suspend and resume). Unfortunately, this leads to post-resume problems with CardBus devices which cannot be accessed in the early phase of resume, because the sockets they are on have not been woken up yet at that point. To solve this problem, move the yenta socket resume to the early phase of resume and, analogously, move the suspend of it to the late phase of suspend. Additionally, remove some unnecessary PCI code from the yenta socket's resume routine. Fixes http://bugzilla.kernel.org/show_bug.cgi?id=13092, which is a post-2.6.28 regression. Signed-off-by: Rafael J. Wysocki Reported-by: Florian Signed-off-by: Greg Kroah-Hartman commit 130abc03e8b7aeaefcdda3cb9c6915e91c0a78f5 Author: Rafael J. Wysocki Date: Tue Sep 29 00:10:41 2009 +0200 PM / PCMCIA: Drop second argument of pcmcia_socket_dev_suspend() commit 827b4649d4626bf97b203b4bcd69476bb9b4e760 upstream. pcmcia_socket_dev_suspend() doesn't use its second argument, so it may be dropped safely. This change is necessary for the subsequent yenta suspend/resume fix. Signed-off-by: Rafael J. Wysocki Signed-off-by: Greg Kroah-Hartman commit 13cfd8565eeba3c3935b2f23d3cd29af72f96d1c Author: KAMEZAWA Hiroyuki Date: Mon Sep 21 17:01:02 2009 -0700 /proc/kcore: work around a BUG() Not upstream due to other fixes in .32 Works around a BUG() which is triggered when the kernel accesses holes in vmalloc regions. BUG: unable to handle kernel paging request at fa54c000 IP: [] read_kcore+0x260/0x31a *pde = 3540b067 *pte = 00000000 Oops: 0000 [#1] SMP last sysfs file: /sys/devices/pci0000:00/0000:00:1c.2/0000:03:00.0/ieee80211/phy0/rfkill0/state Modules linked in: fuse sco bridge stp llc bnep l2cap bluetooth sunrpc nf_conntrack_ftp ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand acpi_cpufreq dm_multipath uinput usb_storage arc4 ecb snd_hda_codec_realtek snd_hda_intel ath5k snd_hda_codec snd_hwdep iTCO_wdt snd_pcm iTCO_vendor_support pcspkr i2c_i801 mac80211 joydev snd_timer serio_raw r8169 snd soundcore mii snd_page_alloc ath cfg80211 ata_generic i915 drm i2c_algo_bit i2c_core video output [last unloaded: scsi_wait_scan] Sep 4 12:45:16 tuxedu kernel: Pid: 2266, comm: cat Not tainted (2.6.31-rc8 #2) Joybook Lite U101 EIP: 0060:[] EFLAGS: 00010286 CPU: 0 EIP is at read_kcore+0x260/0x31a EAX: f5e5ea00 EBX: fa54d000 ECX: 00000400 EDX: 00001000 ESI: fa54c000 EDI: f44ad000 EBP: e4533f4c ESP: e4533f24 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process cat (pid: 2266, ti=e4532000 task=f09d19a0 task.ti=e4532000) Stack: 00005000 00000000 f44ad000 09d9c000 00003000 fa54c000 00001000 f6d16f60 e4520b80 fffffffb e4533f70 c04ef8eb e4533f98 00008000 09d97000 c04f661a e4520b80 09d97000 c04ef88c e4533f8c c04ba531 e4533f98 c04c0930 e4520b80 Call Trace: [] ? proc_reg_read+0x5f/0x73 [] ? read_kcore+0x0/0x31a [] ? proc_reg_read+0x0/0x73 [] ? vfs_read+0x82/0xe1 [] ? path_put+0x1a/0x1d [] ? sys_read+0x40/0x62 [] ? sysenter_do_call+0x12/0x2d Code: 39 f3 89 ca 0f 43 f3 89 fb 29 f2 29 f3 39 cf 0f 46 d3 29 55 dc 8d 1c 32 f6 40 0c 01 75 18 89 d1 89 f7 c1 e9 02 2b 7d ec 03 7d e0 a5 89 d1 83 e1 03 74 02 f3 a4 8b 00 83 7d dc 00 74 04 85 c0 EIP: [] read_kcore+0x260/0x31a SS:ESP 0068:e4533f24 CR2: 00000000fa54c000 To access vmalloc area which may have memory holes, copy_from_user is useful. So this: # cat /proc/kcore > /dev/null will not panic. This is a minimal fix, suitable for 2.6.30.x and 2.6.31. More extensive /proc/kcore changes are planned for 2.6.32. Signed-off-by: KAMEZAWA Hiroyuki Tested-by: Nick Craig-Wood Cc: Pekka Enberg Reported-by: Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 9eab65aba2fd0c94fa702a9e5dfd843de07f6dc4 Author: Weirich, Bernhard Date: Thu Sep 24 17:16:53 2009 +1000 powerpc: Fix incorrect setting of __HAVE_ARCH_PTE_SPECIAL [I'm going to fix upstream differently, by having all CPU types actually support _PAGE_SPECIAL, but I prefer the simple and obvious fix for -stable. -- Ben] The test that decides whether to define __HAVE_ARCH_PTE_SPECIAL on powerpc is bogus and will end up always defining it, even when _PAGE_SPECIAL is not supported (in which case it's 0) such as on 8xx or 40x processors. Signed-off-by: Bernhard Weirich Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Greg Kroah-Hartman commit 8bca1d4bb3d6ff6cd35bcb26aa32ceb111e06349 Author: Rex Feany Date: Thu Sep 24 17:16:54 2009 +1000 powerpc/8xx: Fix regression introduced by cache coherency rewrite commit e0908085fc2391c85b85fb814ae1df377c8e0dcb upstream. After upgrading to the latest kernel on my mpc875 userspace started running incredibly slow (hours to get to a shell, even!). I tracked it down to commit 8d30c14cab30d405a05f2aaceda1e9ad57800f36, that patch removed a work-around for the 8xx. Adding it back makes my problem go away. Signed-off-by: Rex Feany Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Greg Kroah-Hartman commit c7be4a49273fc339f6eb3cf785ef454b723b3d00 Author: Lee Schermerhorn Date: Mon Sep 21 17:01:04 2009 -0700 hugetlb: restore interleaving of bootmem huge pages (2.6.31) Not upstream as it is fixed differently in .32 I noticed that alloc_bootmem_huge_page() will only advance to the next node on failure to allocate a huge page. I asked about this on linux-mm and linux-numa, cc'ing the usual huge page suspects. Mel Gorman responded: I strongly suspect that the same node being used until allocation failure instead of round-robin is an oversight and not deliberate at all. It appears to be a side-effect of a fix made way back in commit 63b4613c3f0d4b724ba259dc6c201bb68b884e1a ["hugetlb: fix hugepage allocation with memoryless nodes"]. Prior to that patch it looked like allocations would always round-robin even when allocation was successful. Andy Whitcroft countered that the existing behavior looked like Andi Kleen's original implementation and suggested that we ask him. We did and Andy replied that his intention was to interleave the allocations. So, ... This patch moves the advance of the hstate next node from which to allocate up before the test for success of the attempted allocation. This will unconditionally advance the next node from which to alloc, interleaving successful allocations over the nodes with sufficient contiguous memory, and skipping over nodes that fail the huge page allocation attempt. Note that alloc_bootmem_huge_page() will only be called for huge pages of order > MAX_ORDER. Signed-off-by: Lee Schermerhorn Reviewed-by: Andi Kleen Cc: Mel Gorman Cc: David Rientjes Cc: Adam Litke Cc: Andy Whitcroft Cc: Eric Whitney Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit ec49bc1bdc7c6e92873373ff61206c366d63a50a Author: Michael Abbott Date: Thu Sep 24 10:15:19 2009 +0200 Fix idle time field in /proc/uptime commit 96830a57de1197519b62af6a4c9ceea556c18c3d upstream. Git commit 79741dd changes idle cputime accounting, but unfortunately the /proc/uptime file hasn't caught up. Here the idle time calculation from /proc/stat is copied over. Signed-off-by: Michael Abbott Signed-off-by: Martin Schwidefsky Signed-off-by: Greg Kroah-Hartman commit 1590abee1d64ba508d6c3dab7953b4c2fe71c50d Author: Patrick McHardy Date: Thu Sep 17 13:58:26 2009 +0200 netfilter: nf_nat: fix inverted logic for persistent NAT mappings netfilter: nf_nat: fix inverted logic for persistent NAT mappings Upstream commit cce5a5c3: Kernel 2.6.30 introduced a patch [1] for the persistent option in the netfilter SNAT target. This is exactly what we need here so I had a quick look at the code and noticed that the patch is wrong. The logic is simply inverted. The patch below fixes this. Also note that because of this the default behavior of the SNAT target has changed since kernel 2.6.30 as it now ignores the destination IP in choosing the source IP for nating (which should only be the case if the persistent option is set). [1] http://git.eu.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=98d500d66cb7940747b424b245fc6a51ecfbf005 Signed-off-by: Maximilian Engelhardt Signed-off-by: Patrick McHardy Signed-off-by: Greg Kroah-Hartman commit 18a7b9d594cee02968fa0ecc597cca7604408780 Author: Patrick McHardy Date: Thu Sep 17 13:58:30 2009 +0200 netfilter: ebt_ulog: fix checkentry return value netfilter: ebt_ulog: fix checkentry return value Upstream commit 8a56df0a: Commit 19eda87 (netfilter: change return types of check functions for Ebtables extensions) broke the ebtables ulog module by missing a return value conversion. Signed-off-by: Patrick McHardy Signed-off-by: Greg Kroah-Hartman commit 5ce09d6356a53318161a0f9c8a5ff5dbc312a06d Author: Patrick McHardy Date: Thu Sep 17 13:58:29 2009 +0200 netfilter: bridge: refcount fix netfilter: bridge: refcount fix Upstream commit f3abc9b9: commit f216f082b2b37c4943f1e7c393e2786648d48f6f ([NETFILTER]: bridge netfilter: deal with martians correctly) added a refcount leak on in_dev. Instead of using in_dev_get(), we can use __in_dev_get_rcu(), as netfilter hooks are running under rcu_read_lock(), as pointed by Patrick. Signed-off-by: Eric Dumazet Signed-off-by: Patrick McHardy Signed-off-by: Greg Kroah-Hartman commit 6b677374c1ce57d1c49e101d1f3da7ab81de1094 Author: Kurt Roeckx Date: Wed Sep 16 11:09:32 2009 -0400 Fix NULL ptr regression in powernow-k8 commit f0adb134d8dc9993a9998dc50845ec4f6ff4fadc upstream. Fixes bugzilla #13780 From: Kurt Roeckx Signed-off-by: Dave Jones Signed-off-by: Greg Kroah-Hartman commit 80a761c59bfe01de1deeb5fc66f5b7fbb3e1bfcf Author: Arjan van de Ven Date: Wed Sep 30 13:54:47 2009 +0200 net: Make the copy length in af_packet sockopt handler unsigned fixed upstream in commit b7058842c940ad2c08dd829b21e5c92ebe3b8758 in a different way The length of the to-copy data structure is currently stored in a signed integer. However many comparisons are done with sizeof(..) which is unsigned. It's more suitable for this variable to be unsigned to make these comparisons more naturally right. Signed-off-by: Arjan van de Ven Cc: David S. Miller Cc: Ingo Molnar Cc: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 1a3e625b499e0567956996c55876ea5cafad150b Author: Arjan van de Ven Date: Wed Sep 30 13:51:11 2009 +0200 net ax25: Fix signed comparison in the sockopt handler fixed upstream in commit b7058842c940ad2c08dd829b21e5c92ebe3b8758 in a different way The ax25 code tried to use if (optlen < sizeof(int)) return -EINVAL; as a security check against optlen being negative (or zero) in the set socket option. Unfortunately, "sizeof(int)" is an unsigned property, with the result that the whole comparison is done in unsigned, letting negative values slip through. This patch changes this to if (optlen < (int)sizeof(int)) return -EINVAL; so that the comparison is done as signed, and negative values get properly caught. Signed-off-by: Arjan van de Ven Cc: David S. Miller Cc: Ingo Molnar Cc: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 2eca1dfad3e38655eb434d7706b98f7092c9d009 Author: Tejun Heo Date: Thu Sep 17 00:34:39 2009 +0900 ahci: restore pci_intx() handling commit 31b239ad1ba7225435e13f5afc47e48eb674c0cc upstream. Commit a5bfc4714b3f01365aef89a92673f2ceb1ccf246 dropped explicit pci_intx() manipulation from ahci because it seemed unnecessary and ahci doesn't seem to be the right place to be tweaking it if it were. This was largely okay but there are exceptions. There was one on an embedded platform which was fixed via firmware and now bko#14124 reports it on a HP DL320. http://bugzilla.kernel.org/show_bug.cgi?id=14124 I still think this isn't something libata drivers should be caring about (the only ones which are calling pci_intx() explicitly are libata ones and one other driver) but for now reverting the change seems to be the right thing to do. Signed-off-by: Tejun Heo Reported-by: Thomas Jarosch Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman commit bae0a76b07447df091f5906fd7c6678cbed9f7d9 Author: Marcelo Tosatti Date: Mon Sep 28 15:05:53 2009 -0300 Revert "KVM: x86: check for cr3 validity in ioctl_set_sregs" (cherry picked from commit dc7e795e3dd2a763e5ceaa1615f307e808cf3932) This reverts commit 6c20e1442bb1c62914bb85b7f4a38973d2a423ba. To my understanding, it became obsolete with the advent of the more robust check in mmu_alloc_roots (89da4ff17f). Moreover, it prevents the conceptually safe pattern 1. set sregs 2. register mem-slots 3. run vcpu by setting a sticky triple fault during step 1. Signed-off-by: Jan Kiszka Signed-off-by: Avi Kivity Signed-off-by: Greg Kroah-Hartman commit ae0661773f59370f84fb3d40897c2fc399d66442 Author: Mark McLoughlin Date: Fri Sep 18 20:08:07 2009 -0300 KVM: fix cpuid E2BIG handling for extended request types (cherry picked from commit cb007648de83cf226d69ec76e1c01848b4e8e49f) If we run out of cpuid entries for extended request types we should return -E2BIG, just like we do for the standard request types. Signed-off-by: Mark McLoughlin Signed-off-by: Avi Kivity Signed-off-by: Greg Kroah-Hartman commit cc335935bf2b6084f411e244ca5323b57f864855 Author: Glauber Costa Date: Fri Sep 18 20:08:06 2009 -0300 KVM guest: fix bogus wallclock physical address calculation (cherry picked from commit a20316d2aa41a8f4fd171648bad8f044f6060826) The use of __pa() to calculate the address of a C-visible symbol is wrong, and can lead to unpredictable results. See arch/x86/include/asm/page.h for details. It should be replaced with __pa_symbol(), that does the correct math here, by taking relocations into account. This ensures the correct wallclock data structure physical address is passed to the hypervisor. Signed-off-by: Glauber Costa Signed-off-by: Avi Kivity Signed-off-by: Greg Kroah-Hartman commit d1dbc751eb2a4aaf628cc9dac6954e1bd1afc531 Author: Marcelo Tosatti Date: Fri Sep 18 20:08:05 2009 -0300 KVM: limit lapic periodic timer frequency (cherry picked from commit 1444885a045fe3b1905a14ea1b52540bf556578b) Otherwise its possible to starve the host by programming lapic timer with a very high frequency. Signed-off-by: Marcelo Tosatti Signed-off-by: Avi Kivity Signed-off-by: Greg Kroah-Hartman commit 322622336aace4c8fbf9e97a96f9cfa91d3cefac Author: Marcelo Tosatti Date: Fri Sep 18 20:08:04 2009 -0300 KVM: MMU: fix bogus alloc_mmu_pages assignment (cherry picked from commit b90c062c65cc8839edfac39778a37a55ca9bda36) Remove the bogus n_free_mmu_pages assignment from alloc_mmu_pages. It breaks accounting of mmu pages, since n_free_mmu_pages is modified but the real number of pages remains the same. Signed-off-by: Marcelo Tosatti Signed-off-by: Avi Kivity Signed-off-by: Greg Kroah-Hartman commit 005270f475352a33f852cbfb9f49945d7953ea61 Author: Marcelo Tosatti Date: Fri Sep 18 20:08:03 2009 -0300 KVM: MMU: fix missing locking in alloc_mmu_pages (cherry picked from commit 6a1ac77110ee3e8d8dfdef8442f3b30b3d83e6a2) n_requested_mmu_pages/n_free_mmu_pages are used by kvm_mmu_change_mmu_pages to calculate the number of pages to zap. alloc_mmu_pages, called from the vcpu initialization path, modifies this variables without proper locking, which can result in a negative value in kvm_mmu_change_mmu_pages (say, with cpu hotplug). Signed-off-by: Marcelo Tosatti Signed-off-by: Greg Kroah-Hartman commit 3f1538a4dd00709b1c7f6a4fda31cf5daf4b3e46 Author: Jan Kiszka Date: Fri Sep 18 20:08:02 2009 -0300 KVM: x86: Disallow hypercalls for guest callers in rings > 0 (cherry picked from commit 07708c4af1346ab1521b26a202f438366b7bcffd) So far unprivileged guest callers running in ring 3 can issue, e.g., MMU hypercalls. Normally, such callers cannot provide any hand-crafted MMU command structure as it has to be passed by its physical address, but they can still crash the guest kernel by passing random addresses. To close the hole, this patch considers hypercalls valid only if issued from guest ring 0. This may still be relaxed on a per-hypercall base in the future once required. Signed-off-by: Jan Kiszka Signed-off-by: Avi Kivity Signed-off-by: Greg Kroah-Hartman commit 0af8b3ad950ea4687cfee0cc5e7af9d941fd02ff Author: Izik Eidus Date: Fri Sep 18 20:08:01 2009 -0300 KVM: MMU: make __kvm_mmu_free_some_pages handle empty list (cherry picked from commit 3b80fffe2b31fb716d3ebe729c54464ee7856723) First check if the list is empty before attempting to look at list entries. Signed-off-by: Izik Eidus Signed-off-by: Marcelo Tosatti Signed-off-by: Avi Kivity Signed-off-by: Greg Kroah-Hartman commit e38c35b0881a7706b3cbedd7cfe5165fb0371442 Author: Gleb Natapov Date: Fri Sep 18 20:08:00 2009 -0300 KVM: VMX: Fix cr8 exiting control clobbering by EPT (cherry picked from commit 5fff7d270bd6a4759b6d663741b729cdee370257) Don't call adjust_vmx_controls() two times for the same control. It restores options that were dropped earlier. This loses us the cr8 exit control, which causes a massive performance regression Windows x64. Signed-off-by: Gleb Natapov Signed-off-by: Avi Kivity Signed-off-by: Greg Kroah-Hartman commit 0373fc0c209db541ec115700fbdb50e85b774a02 Author: Avi Kivity Date: Fri Sep 18 20:07:59 2009 -0300 KVM: VMX: Check cpl before emulating debug register access (cherry picked from commit 0a79b009525b160081d75cef5dbf45817956acf2) Debug registers may only be accessed from cpl 0. Unfortunately, vmx will code to emulate the instruction even though it was issued from guest userspace, possibly leading to an unexpected trap later. Signed-off-by: Avi Kivity Signed-off-by: Marcelo Tosatti Signed-off-by: Greg Kroah-Hartman commit cb2a1b63162335f8a693fcbd6317e23b675a1970 Author: Chuck Ebbert Date: Tue Sep 15 01:53:21 2009 -0400 Re-enable Lanman security commit 20d1752f3d6bd32beb90949559e0d14a0b234445 upstream. commit ac68392460ffefed13020967bae04edc4d3add06 ("[CIFS] Allow raw ntlmssp code to be enabled with sec=ntlmssp") added a new bit to the allowed security flags mask but seems to have inadvertently removed Lanman security from the allowed flags. Add it back. Signed-off-by: Chuck Ebbert Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 1c3a00c887a2942679b96676dc3294685e5860c9 Author: Christian Lamparter Date: Mon Sep 14 23:08:43 2009 +0200 p54usb: add Zcomax XG-705A usbid commit f7f71173ea69d4dabf166533beffa9294090b7ef upstream. This patch adds a new usbid for Zcomax XG-705A to the device table. Reported-by: Jari Jaakola Signed-off-by: Christian Lamparter Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit b268e3922e96d65d69934636442d89cf553d36c2 Author: Ryusuke Konishi Date: Mon Sep 28 01:46:11 2009 +0900 nilfs2: fix missing zero-fill initialization of btree node cache commit 1f28fcd925b2b3157411bbd08f0024b55b70d8dd upstream. This will fix file system corruption which infrequently happens after mount. The problem was reported from users with the title "[NILFS users] Fail to mount NILFS." (Message-ID: <200908211918.34720.yuri@itinteg.net>), and so forth. I've also experienced the corruption multiple times on kernel 2.6.30 and 2.6.31. The problem turned out to be caused due to discordance between mapping->nrpages of a btree node cache and the actual number of pages hung on the cache; if the mapping->nrpages becomes zero even as it has pages, truncate_inode_pages() returns without doing anything. Usually this is harmless except it may cause page leak, but garbage collection fairly infrequently sees a stale page remained in the btree node cache of DAT (i.e. disk address translation file of nilfs), and induces the corruption. I identified a missing initialization in btree node caches was the root cause. This corrects the bug. I've tested this for kernel 2.6.30 and 2.6.31. Reported-by: Yuri Chislov Signed-off-by: Ryusuke Konishi Signed-off-by: Greg Kroah-Hartman commit 439933709a0ef6f9ab8cf66a99c0967883e0c4b4 Author: Paul Mundt Date: Tue Sep 22 16:44:12 2009 -0700 kallsyms: fix segfault in prefix_underscores_count() commit a9ece53c4089ef23d4002d34c4c7148d94622a40 upstream. Commit b478b782e110fdb4135caa3062b6d687e989d994 "kallsyms, tracing: output more proper symbol name" introduces a "bugfix" that introduces a segfault in kallsyms in my configurations. The cause is the introduction of prefix_underscores_count() which attempts to count underscores, even in symbols that do not have them. As a result, it just uselessly runs past the end of the buffer until it crashes: CC init/version.o LD init/built-in.o LD .tmp_vmlinux1 KSYM .tmp_kallsyms1.S /bin/sh: line 1: 16934 Done sh-linux-gnu-nm -n .tmp_vmlinux1 16935 Segmentation fault | scripts/kallsyms > .tmp_kallsyms1.S make: *** [.tmp_kallsyms1.S] Error 139 This simplifies the logic and just does a straightforward count. Signed-off-by: Paul Mundt Reviewed-by: Li Zefan Cc: Lai Jiangshan Cc: Sam Ravnborg Cc: Paulo Marques Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 599312c925523beda5d1c4df834a1d94c57e15ba Author: Jan Kara Date: Mon Sep 21 17:01:06 2009 -0700 fs: make sure data stored into inode is properly seen before unlocking new inode commit 580be0837a7a59b207c3d5c661d044d8dd0a6a30 upstream. In theory it could happen that on one CPU we initialize a new inode but clearing of I_NEW | I_LOCK gets reordered before some of the initialization. Thus on another CPU we return not fully uptodate inode from iget_locked(). This seems to fix a corruption issue on ext3 mounted over NFS. [akpm@linux-foundation.org: add some commentary] Signed-off-by: Jan Kara Cc: Christoph Hellwig Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 562702289faac232f54b2d2d50ba31646c3d51a5 Author: Alex Chiang Date: Tue Aug 4 14:44:17 2009 -0600 ACPI: pci_slot.ko wants a 64-bit _SUN commit 7e24bc1ce669b2876ffa475ea1147f2bb9ffdc52 upstream. Similar to commit b6adc195 (PCI hotplug: acpiphp wants a 64-bit _SUN), pci_slot.ko reads and creates sysfs directories based on the _SUN method. Certain HP platforms return 64 bits in _SUN. This change to pci_slot.ko allows us to see the correct sysfs directories. Reported-by: Chad Smith Signed-off-by: Alex Chiang Signed-off-by: Len Brown Signed-off-by: Greg Kroah-Hartman