linux/virt, branch v2.6.32.32 Linux kernel source tree https://git.amat.us/linux/atom/virt?h=v2.6.32.32 2010-04-26T14:41:37Z KVM: fix the handling of dirty bitmaps to avoid overflows 2010-04-26T14:41:37Z Takuya Yoshikawa yoshikawa.takuya@oss.ntt.co.jp 2010-04-12T10:35:35Z urn:sha1:7bb44401c583e795561400230b58d87e9093ac0b (Cherry-picked from commit 87bf6e7de1134f48681fd2ce4b7c1ec45458cb6d) Int is not long enough to store the size of a dirty bitmap. This patch fixes this problem with the introduction of a wrapper function to calculate the sizes of dirty bitmaps. Note: in mark_page_dirty(), we have to consider the fact that __set_bit() takes the offset as int, not long. Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> KVM: only clear irq_source_id if irqchip is present 2010-01-28T23:02:50Z Marcelo Tosatti mtosatti@redhat.com 2009-10-29T15:44:17Z urn:sha1:454f8b167c06886ab7d469c889d9cca613398431 commit e50212bb51356f0df48d6cce0aae5acf41df336d upstream. Otherwise kvm might attempt to dereference a NULL pointer. Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> KVM: fix lock imbalance in kvm_*_irq_source_id() 2010-01-28T23:02:49Z Jiri Slaby jirislaby@gmail.com 2009-09-25T07:33:38Z urn:sha1:eaccd490b0128d11ce2ea4d9d89e092661ae90b5 commit 0c6ddcebd8303ada6faefa6f72ac18b6230320c4 upstream. Stanse found 2 lock imbalances in kvm_request_irq_source_id and kvm_free_irq_source_id. They omit to unlock kvm->irq_lock on fail paths. Fix that by adding unlock labels at the end of the functions and jump there from the fail paths. Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Cc: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> KVM: only allow one gsi per fd 2010-01-28T23:02:43Z Michael S. Tsirkin mst@redhat.com 2010-01-13T16:58:09Z urn:sha1:f0d13b89d4b12f331a0dd1d646a69060e49b1951 commit f1d1c309f35e9b0fb961cffd70fbd04f450ec47c upstream. Looks like repeatedly binding same fd to multiple gsi's with irqfd can use up a ton of kernel memory for irqfd structures. A simple fix is to allow each fd to only trigger one gsi: triggering a storm of interrupts in guest is likely useless anyway, and we can do it by binding a single gsi to many interrupts if we really want to. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Acked-by: Gregory Haskins <ghaskins@novell.com> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> KVM: fix irq_source_id size verification 2009-12-18T22:03:36Z Marcelo Tosatti mtosatti@redhat.com 2009-10-18T01:47:23Z urn:sha1:310c1a04807321c666445292db4b9147f1174c08 commit cd5a2685de4a642fd0bd763e8c19711ef08dbe27 upstream. find_first_zero_bit works with bit numbers, not bytes. Fixes https://sourceforge.net/tracker/?func=detail&aid=2847560&group_id=180599&atid=893831 Reported-by: "Xu, Jiajun" <jiajun.xu@intel.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> KVM: Prevent kvm_init from corrupting debugfs structures 2009-10-16T15:30:26Z Darrick J. Wong djwong@us.ibm.com 2009-10-14T23:21:00Z urn:sha1:0ea4ed8e948c30f88c824c973ee4b9529015fe65 I'm seeing an oops condition when kvm-intel and kvm-amd are modprobe'd during boot (say on an Intel system) and then rmmod'd: # modprobe kvm-intel kvm_init() kvm_init_debug() kvm_arch_init() <-- stores debugfs dentries internally (success, etc) # modprobe kvm-amd kvm_init() kvm_init_debug() <-- second initialization clobbers kvm's internal pointers to dentries kvm_arch_init() kvm_exit_debug() <-- and frees them # rmmod kvm-intel kvm_exit() kvm_exit_debug() <-- double free of debugfs files! *BOOM* If execution gets to the end of kvm_init(), then the calling module has been established as the kvm provider. Move the debugfs initialization to the end of the function, and remove the now-unnecessary call to kvm_exit_debug() from the error path. That way we avoid trampling on the debugfs entries and freeing them twice. Cc: stable@kernel.org Signed-off-by: Darrick J. Wong <djwong@us.ibm.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> KVM: add support for change_pte mmu notifiers 2009-10-04T15:04:53Z Izik Eidus ieidus@redhat.com 2009-09-23T18:47:18Z urn:sha1:3da0dd433dc399a8c0124d0614d82a09b6a49bce this is needed for kvm if it want ksm to directly map pages into its shadow page tables. [marcelo: cast pfn assignment to u64] Signed-off-by: Izik Eidus <ieidus@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> const: constify remaining file_operations 2009-10-01T23:11:11Z Alexey Dobriyan adobriyan@gmail.com 2009-10-01T22:43:56Z urn:sha1:828c09509b9695271bcbdc53e9fc9a6a737148d2 [akpm@linux-foundation.org: fix KVM] Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Acked-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> const: mark struct vm_struct_operations 2009-09-27T18:39:25Z Alexey Dobriyan adobriyan@gmail.com 2009-09-27T18:29:37Z urn:sha1:f0f37e2f77731b3473fa6bd5ee53255d9a9cdb40 * mark struct vm_area_struct::vm_ops as const * mark vm_ops in AGP code But leave TTM code alone, something is fishy there with global vm_ops being used. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> cpumask: use zalloc_cpumask_var() where possible 2009-09-24T00:04:24Z Li Zefan lizf@cn.fujitsu.com 2009-06-15T06:58:26Z urn:sha1:79f5599772ac2f138d7a75b8f3f06a93f09c75f7 Remove open-coded zalloc_cpumask_var() and zalloc_cpumask_var_node(). Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>