Linux 3.3.4
This commit is contained in:
parent
918c474fc0
commit
a8f58bb89c
|
@ -1,92 +0,0 @@
|
|||
commit 32f6daad4651a748a58a3ab6da0611862175722f
|
||||
Author: Alex Williamson <alex.williamson@redhat.com>
|
||||
Date: Wed Apr 11 09:51:49 2012 -0600
|
||||
|
||||
KVM: unmap pages from the iommu when slots are removed
|
||||
|
||||
We've been adding new mappings, but not destroying old mappings.
|
||||
This can lead to a page leak as pages are pinned using
|
||||
get_user_pages, but only unpinned with put_page if they still
|
||||
exist in the memslots list on vm shutdown. A memslot that is
|
||||
destroyed while an iommu domain is enabled for the guest will
|
||||
therefore result in an elevated page reference count that is
|
||||
never cleared.
|
||||
|
||||
Additionally, without this fix, the iommu is only programmed
|
||||
with the first translation for a gpa. This can result in
|
||||
peer-to-peer errors if a mapping is destroyed and replaced by a
|
||||
new mapping at the same gpa as the iommu will still be pointing
|
||||
to the original, pinned memory address.
|
||||
|
||||
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
|
||||
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
||||
|
||||
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
|
||||
index 665a260..72cbf08 100644
|
||||
--- a/include/linux/kvm_host.h
|
||||
+++ b/include/linux/kvm_host.h
|
||||
@@ -596,6 +596,7 @@ void kvm_free_irq_source_id(struct kvm *kvm, int irq_source_id);
|
||||
|
||||
#ifdef CONFIG_IOMMU_API
|
||||
int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot);
|
||||
+void kvm_iommu_unmap_pages(struct kvm *kvm, struct kvm_memory_slot *slot);
|
||||
int kvm_iommu_map_guest(struct kvm *kvm);
|
||||
int kvm_iommu_unmap_guest(struct kvm *kvm);
|
||||
int kvm_assign_device(struct kvm *kvm,
|
||||
@@ -609,6 +610,11 @@ static inline int kvm_iommu_map_pages(struct kvm *kvm,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static inline void kvm_iommu_unmap_pages(struct kvm *kvm,
|
||||
+ struct kvm_memory_slot *slot)
|
||||
+{
|
||||
+}
|
||||
+
|
||||
static inline int kvm_iommu_map_guest(struct kvm *kvm)
|
||||
{
|
||||
return -ENODEV;
|
||||
diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
|
||||
index a457d21..fec1723 100644
|
||||
--- a/virt/kvm/iommu.c
|
||||
+++ b/virt/kvm/iommu.c
|
||||
@@ -310,6 +310,11 @@ static void kvm_iommu_put_pages(struct kvm *kvm,
|
||||
}
|
||||
}
|
||||
|
||||
+void kvm_iommu_unmap_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
|
||||
+{
|
||||
+ kvm_iommu_put_pages(kvm, slot->base_gfn, slot->npages);
|
||||
+}
|
||||
+
|
||||
static int kvm_iommu_unmap_memslots(struct kvm *kvm)
|
||||
{
|
||||
int idx;
|
||||
@@ -320,7 +325,7 @@ static int kvm_iommu_unmap_memslots(struct kvm *kvm)
|
||||
slots = kvm_memslots(kvm);
|
||||
|
||||
kvm_for_each_memslot(memslot, slots)
|
||||
- kvm_iommu_put_pages(kvm, memslot->base_gfn, memslot->npages);
|
||||
+ kvm_iommu_unmap_pages(kvm, memslot);
|
||||
|
||||
srcu_read_unlock(&kvm->srcu, idx);
|
||||
|
||||
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
|
||||
index 42b7393..9739b53 100644
|
||||
--- a/virt/kvm/kvm_main.c
|
||||
+++ b/virt/kvm/kvm_main.c
|
||||
@@ -808,12 +808,13 @@ int __kvm_set_memory_region(struct kvm *kvm,
|
||||
if (r)
|
||||
goto out_free;
|
||||
|
||||
- /* map the pages in iommu page table */
|
||||
+ /* map/unmap the pages in iommu page table */
|
||||
if (npages) {
|
||||
r = kvm_iommu_map_pages(kvm, &new);
|
||||
if (r)
|
||||
goto out_free;
|
||||
- }
|
||||
+ } else
|
||||
+ kvm_iommu_unmap_pages(kvm, &old);
|
||||
|
||||
r = -ENOMEM;
|
||||
slots = kmemdup(kvm->memslots, sizeof(struct kvm_memslots),
|
29
kernel.spec
29
kernel.spec
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
# For non-released -rc kernels, this will be appended after the rcX and
|
||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||
#
|
||||
%global baserelease 3
|
||||
%global baserelease 1
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
|
@ -66,7 +66,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 3
|
||||
%define stable_update 4
|
||||
# Is it a -stable RC?
|
||||
%define stable_rc 0
|
||||
# Set rpm version accordingly
|
||||
|
@ -769,9 +769,6 @@ Patch21353: xen-x86-Implement-x86_apic_ops.patch
|
|||
#rhbz 770476
|
||||
Patch21371: iwlwifi-do-not-nulify-ctx-vif-on-reset.patch
|
||||
|
||||
#rhbz 808603
|
||||
Patch21380: wimax-i2400m-prevent-a-possible-kernel-bug-due-to-mi.patch
|
||||
|
||||
#rhbz 807632
|
||||
Patch21385: libata-forbid-port-runtime-pm-by-default.patch
|
||||
|
||||
|
@ -796,22 +793,14 @@ Patch22000: weird-root-dentry-name-debug.patch
|
|||
#selinux ptrace child permissions
|
||||
Patch22001: selinux-apply-different-permission-to-ptrace-child.patch
|
||||
|
||||
#rhbz 814149 814155 CVE-2012-2121
|
||||
Patch22006: KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch
|
||||
|
||||
#rhbz 814278 814289 CVE-2012-2119
|
||||
Patch22007: macvtap-zerocopy-validate-vector-length.patch
|
||||
|
||||
#rhbz 811225
|
||||
Patch22010: memblock-memblock-should-be-able-to-handle-zero-leng.patch
|
||||
|
||||
Patch22011: input-synaptics-fix-regression-with-image-sensor-trackpads.patch
|
||||
|
||||
#rhbz 802106
|
||||
Patch22012: ipw2200-Fix-race-condition-in-the-command-completion-acknowledge.patch
|
||||
|
||||
Patch22013: perf-fix-build-breakage.patch
|
||||
|
||||
Patch22014: efifb-skip-DMI-checks-if-bootloader-knows.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
@ -1543,9 +1532,6 @@ ApplyPatch highbank-export-clock-functions.patch
|
|||
#rhbz 808207 CVE-2012-1601
|
||||
ApplyPatch KVM-Ensure-all-vcpus-are-consistent-with-in-kernel-i.patch
|
||||
|
||||
#rhbz 808603
|
||||
ApplyPatch wimax-i2400m-prevent-a-possible-kernel-bug-due-to-mi.patch
|
||||
|
||||
#rhbz 807632
|
||||
ApplyPatch libata-forbid-port-runtime-pm-by-default.patch
|
||||
|
||||
|
@ -1563,22 +1549,14 @@ ApplyPatch vgaarb-vga_default_device.patch
|
|||
ApplyPatch x86-microcode-Fix-sysfs-warning-during-module-unload-on-unsupported-CPUs.patch
|
||||
ApplyPatch x86-microcode-Ensure-that-module-is-only-loaded-for-supported-AMD-CPUs.patch
|
||||
|
||||
#rhbz 814149 814155 CVE-2012-2121
|
||||
ApplyPatch KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch
|
||||
|
||||
#rhbz 814278 814289 CVE-2012-2119
|
||||
ApplyPatch macvtap-zerocopy-validate-vector-length.patch
|
||||
|
||||
#rhbz 811225
|
||||
ApplyPatch memblock-memblock-should-be-able-to-handle-zero-leng.patch
|
||||
|
||||
ApplyPatch input-synaptics-fix-regression-with-image-sensor-trackpads.patch
|
||||
|
||||
#rhbz 802106
|
||||
ApplyPatch ipw2200-Fix-race-condition-in-the-command-completion-acknowledge.patch
|
||||
|
||||
ApplyPatch perf-fix-build-breakage.patch
|
||||
|
||||
ApplyPatch efifb-skip-DMI-checks-if-bootloader-knows.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
@ -2435,6 +2413,9 @@ fi
|
|||
# '-' | |
|
||||
# '-'
|
||||
%changelog
|
||||
* Fri Apr 27 2012 Justin M. Forbes <jforbes@redhat.com> 3.3.4-1
|
||||
- Linux 3.3.4
|
||||
|
||||
* Fri Apr 27 2012 Justin M. Forbes <jforbes@redhat.com> 3.3.3-3
|
||||
- Skip DMI checks if the bootloader knows what it's doing
|
||||
|
||||
|
|
|
@ -1,63 +0,0 @@
|
|||
From b3dc627cabb33fc95f93da78457770c1b2a364d2 Mon Sep 17 00:00:00 2001
|
||||
From: Tejun Heo <tj@kernel.org>
|
||||
Date: Fri, 20 Apr 2012 08:31:34 -0700
|
||||
Subject: [PATCH] memblock: memblock should be able to handle zero length
|
||||
operations
|
||||
|
||||
Commit 24aa07882b ("memblock, x86: Replace memblock_x86_reserve/
|
||||
free_range() with generic ones") replaced x86 specific memblock
|
||||
operations with the generic ones; unfortunately, it lost zero length
|
||||
operation handling in the process making the kernel panic if somebody
|
||||
tries to reserve zero length area.
|
||||
|
||||
There isn't much to be gained by being cranky to zero length operations
|
||||
and panicking is almost the worst response. Drop the BUG_ON() in
|
||||
memblock_reserve() and update memblock_add_region/isolate_range() so
|
||||
that all zero length operations are handled as noops.
|
||||
|
||||
Signed-off-by: Tejun Heo <tj@kernel.org>
|
||||
Cc: stable@vger.kernel.org
|
||||
Reported-by: Valere Monseur <valere.monseur@ymail.com>
|
||||
Bisected-by: Joseph Freeman <jfree143dev@gmail.com>
|
||||
Tested-by: Joseph Freeman <jfree143dev@gmail.com>
|
||||
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=43098
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
---
|
||||
mm/memblock.c | 7 ++++++-
|
||||
1 files changed, 6 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/mm/memblock.c b/mm/memblock.c
|
||||
index 99f2855..a44eab3 100644
|
||||
--- a/mm/memblock.c
|
||||
+++ b/mm/memblock.c
|
||||
@@ -330,6 +330,9 @@ static int __init_memblock memblock_add_region(struct memblock_type *type,
|
||||
phys_addr_t end = base + memblock_cap_size(base, &size);
|
||||
int i, nr_new;
|
||||
|
||||
+ if (!size)
|
||||
+ return 0;
|
||||
+
|
||||
/* special case for empty array */
|
||||
if (type->regions[0].size == 0) {
|
||||
WARN_ON(type->cnt != 1 || type->total_size);
|
||||
@@ -430,6 +433,9 @@ static int __init_memblock memblock_isolate_range(struct memblock_type *type,
|
||||
|
||||
*start_rgn = *end_rgn = 0;
|
||||
|
||||
+ if (!size)
|
||||
+ return 0;
|
||||
+
|
||||
/* we'll create at most two more regions */
|
||||
while (type->cnt + 2 > type->max)
|
||||
if (memblock_double_array(type) < 0)
|
||||
@@ -514,7 +520,6 @@ int __init_memblock memblock_reserve(phys_addr_t base, phys_addr_t size)
|
||||
(unsigned long long)base,
|
||||
(unsigned long long)base + size,
|
||||
(void *)_RET_IP_);
|
||||
- BUG_ON(0 == size);
|
||||
|
||||
return memblock_add_region(_rgn, base, size, MAX_NUMNODES);
|
||||
}
|
||||
--
|
||||
1.7.7.6
|
||||
|
|
@ -1,54 +0,0 @@
|
|||
From zeev.tarantov@gmail.com Sun Apr 22 23:38:36 2012
|
||||
From: Zeev Tarantov <zeev.tarantov@gmail.com>
|
||||
Date: Mon, 23 Apr 2012 09:37:04 +0300
|
||||
Subject: Perf: fix build breakage
|
||||
To: "David S. Miller" <davem@davemloft.net>, Arnaldo Carvalho de Melo <acme@redhat.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
|
||||
Message-ID: <20120423063704.GA3465@myhost>
|
||||
Content-Disposition: inline
|
||||
|
||||
|
||||
From: Zeev Tarantov <zeev.tarantov@gmail.com>
|
||||
|
||||
[Patch not needed upstream as this is a backport build bugfix - gregkh
|
||||
|
||||
gcc correctly complains:
|
||||
|
||||
util/hist.c: In function ‘__hists__add_entry’:
|
||||
util/hist.c:240:27: error: invalid type argument of ‘->’ (have ‘struct hist_entry’)
|
||||
util/hist.c:241:23: error: invalid type argument of ‘->’ (have ‘struct hist_entry’)
|
||||
|
||||
for this new code:
|
||||
|
||||
+ if (he->ms.map != entry->ms.map) {
|
||||
+ he->ms.map = entry->ms.map;
|
||||
+ if (he->ms.map)
|
||||
+ he->ms.map->referenced = true;
|
||||
+ }
|
||||
|
||||
because "entry" is a "struct hist_entry", not a pointer to a struct.
|
||||
|
||||
In mainline, "entry" is a pointer to struct passed as argument to the function.
|
||||
So this is broken during backporting. But obviously not compile tested.
|
||||
|
||||
Signed-off-by: Zeev Tarantov <zeev.tarantov@gmail.com>
|
||||
Cc: Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
|
||||
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||
|
||||
---
|
||||
tools/perf/util/hist.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/tools/perf/util/hist.c
|
||||
+++ b/tools/perf/util/hist.c
|
||||
@@ -237,8 +237,8 @@ struct hist_entry *__hists__add_entry(st
|
||||
* mis-adjust symbol addresses when computing
|
||||
* the history counter to increment.
|
||||
*/
|
||||
- if (he->ms.map != entry->ms.map) {
|
||||
- he->ms.map = entry->ms.map;
|
||||
+ if (he->ms.map != entry.ms.map) {
|
||||
+ he->ms.map = entry.ms.map;
|
||||
if (he->ms.map)
|
||||
he->ms.map->referenced = true;
|
||||
}
|
2
sources
2
sources
|
@ -1,2 +1,2 @@
|
|||
7133f5a2086a7d7ef97abac610c094f5 linux-3.3.tar.xz
|
||||
634a088d3789870885dc6ee1eb9627d4 patch-3.3.3.xz
|
||||
9c4cc16f10b645fbb90f6c05ad388883 patch-3.3.4.xz
|
||||
|
|
|
@ -1,34 +0,0 @@
|
|||
From 4eee6a3a04e8bb53fbe7de0f64d0524d3fbe3f80 Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <phil.sutter@viprinet.com>
|
||||
Date: Mon, 26 Mar 2012 09:01:30 +0000
|
||||
Subject: [PATCH] wimax: i2400m - prevent a possible kernel bug due to missing
|
||||
fw_name string
|
||||
|
||||
This happened on a machine with a custom hotplug script calling nameif,
|
||||
probably due to slow firmware loading. At the time nameif uses ethtool
|
||||
to gather interface information, i2400m->fw_name is zero and so a null
|
||||
pointer dereference occurs from within i2400m_get_drvinfo().
|
||||
|
||||
Signed-off-by: Phil Sutter <phil.sutter@viprinet.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
drivers/net/wimax/i2400m/netdev.c | 3 ++-
|
||||
1 files changed, 2 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/drivers/net/wimax/i2400m/netdev.c b/drivers/net/wimax/i2400m/netdev.c
|
||||
index 63e4b70..1d76ae8 100644
|
||||
--- a/drivers/net/wimax/i2400m/netdev.c
|
||||
+++ b/drivers/net/wimax/i2400m/netdev.c
|
||||
@@ -597,7 +597,8 @@ static void i2400m_get_drvinfo(struct net_device *net_dev,
|
||||
struct i2400m *i2400m = net_dev_to_i2400m(net_dev);
|
||||
|
||||
strncpy(info->driver, KBUILD_MODNAME, sizeof(info->driver) - 1);
|
||||
- strncpy(info->fw_version, i2400m->fw_name, sizeof(info->fw_version) - 1);
|
||||
+ strncpy(info->fw_version,
|
||||
+ i2400m->fw_name ? : "", sizeof(info->fw_version) - 1);
|
||||
if (net_dev->dev.parent)
|
||||
strncpy(info->bus_info, dev_name(net_dev->dev.parent),
|
||||
sizeof(info->bus_info) - 1);
|
||||
--
|
||||
1.7.7.6
|
||||
|
Loading…
Reference in New Issue