.33 patches

5 files changed, 147 insertions, 0 deletions

diff --git a/queue-2.6.33/drm-ttm-fix-ttm_bo_add_ttm-user-failure-path.patch b/queue-2.6.33/drm-ttm-fix-ttm_bo_add_ttm-user-failure-path.patch
new file mode 100644
index 0000000..2159813
--- /dev/null
+++ b/queue-2.6.33/drm-ttm-fix-ttm_bo_add_ttm-user-failure-path.patch
@@ -0,0 +1,35 @@
+From 7c4c3960dff109bc5db4c35da481c212dadb5eb5 Mon Sep 17 00:00:00 2001
+From: Marcin Slusarz <marcin.slusarz@gmail.com>
+Date: Mon, 22 Aug 2011 21:17:57 +0000
+Subject: drm/ttm: fix ttm_bo_add_ttm(user) failure path
+
+From: Marcin Slusarz <marcin.slusarz@gmail.com>
+
+commit 7c4c3960dff109bc5db4c35da481c212dadb5eb5 upstream.
+
+ttm_tt_destroy kfrees passed object, so we need to nullify
+a reference to it.
+
+Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com>
+Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com>
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/gpu/drm/ttm/ttm_bo.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/ttm/ttm_bo.c
++++ b/drivers/gpu/drm/ttm/ttm_bo.c
+@@ -343,8 +343,10 @@ static int ttm_bo_add_ttm(struct ttm_buf
+ 
+ 		ret = ttm_tt_set_user(bo->ttm, current,
+ 				      bo->buffer_start, bo->num_pages);
+-		if (unlikely(ret != 0))
++		if (unlikely(ret != 0)) {
+ 			ttm_tt_destroy(bo->ttm);
++			bo->ttm = NULL;
++		}
+ 		break;
+ 	default:
+ 		printk(KERN_ERR TTM_PFX "Illegal buffer object type\n");
diff --git a/queue-2.6.33/fuse-check-size-of-fuse_notify_inval_entry-message.patch b/queue-2.6.33/fuse-check-size-of-fuse_notify_inval_entry-message.patch
new file mode 100644
index 0000000..89b209e
--- /dev/null
+++ b/queue-2.6.33/fuse-check-size-of-fuse_notify_inval_entry-message.patch
@@ -0,0 +1,34 @@
+From c2183d1e9b3f313dd8ba2b1b0197c8d9fb86a7ae Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@suse.cz>
+Date: Wed, 24 Aug 2011 10:20:17 +0200
+Subject: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message
+
+From: Miklos Szeredi <mszeredi@suse.cz>
+
+commit c2183d1e9b3f313dd8ba2b1b0197c8d9fb86a7ae upstream.
+
+FUSE_NOTIFY_INVAL_ENTRY didn't check the length of the write so the
+message processing could overrun and result in a "kernel BUG at
+fs/fuse/dev.c:629!"
+
+Reported-by: Han-Wen Nienhuys <hanwenn@gmail.com>
+Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/fuse/dev.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/fs/fuse/dev.c
++++ b/fs/fuse/dev.c
+@@ -899,6 +899,10 @@ static int fuse_notify_inval_entry(struc
+ 	if (outarg.namelen > FUSE_NAME_MAX)
+ 		goto err;
+ 
++	err = -EINVAL;
++	if (size != sizeof(outarg) + outarg.namelen + 1)
++		goto err;
++
+ 	name.name = buf;
+ 	name.len = outarg.namelen;
+ 	err = fuse_copy_one(cs, buf, outarg.namelen + 1);
diff --git a/queue-2.6.33/series b/queue-2.6.33/series
index 56efb4c..66042da 100644
--- a/queue-2.6.33/series
+++ b/queue-2.6.33/series
@@ -13,3 +13,7 @@ befs-validate-length-of-long-symbolic-links.patch
 alsa-snd_usb_caiaq-track-submitted-output-urbs.patch
 alsa-ac97-add-hp-compaq-dc5100-sff-pt003aw-to-headphone-jack-sense-whitelist.patch
 futex-fix-regression-with-read-only-mappings.patch
+x86-32-vdso-on-system-call-restart-after-sysenter-use-int.patch
+x86-uv-remove-uv-delay-in-starting-slave-cpus.patch
+drm-ttm-fix-ttm_bo_add_ttm-user-failure-path.patch
+fuse-check-size-of-fuse_notify_inval_entry-message.patch
diff --git a/queue-2.6.33/x86-32-vdso-on-system-call-restart-after-sysenter-use-int.patch b/queue-2.6.33/x86-32-vdso-on-system-call-restart-after-sysenter-use-int.patch
new file mode 100644
index 0000000..6620d68
--- /dev/null
+++ b/queue-2.6.33/x86-32-vdso-on-system-call-restart-after-sysenter-use-int.patch
@@ -0,0 +1,40 @@
+From 7ca0758cdb7c241cb4e0490a8d95f0eb5b861daf Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin" <hpa@linux.intel.com>
+Date: Mon, 22 Aug 2011 13:27:06 -0700
+Subject: x86-32, vdso: On system call restart after SYSENTER, use int
+ $0x80
+
+From: "H. Peter Anvin" <hpa@linux.intel.com>
+
+commit 7ca0758cdb7c241cb4e0490a8d95f0eb5b861daf upstream.
+
+When we enter a 32-bit system call via SYSENTER or SYSCALL, we shuffle
+the arguments to match the int $0x80 calling convention.  This was
+probably a design mistake, but it's what it is now.  This causes
+errors if the system call as to be restarted.
+
+For SYSENTER, we have to invoke the instruction from the vdso as the
+return address is hardcoded.  Accordingly, we can simply replace the
+jump in the vdso with an int $0x80 instruction and use the slower
+entry point for a post-restart.
+
+Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
+Link: http://lkml.kernel.org/r/CA%2B55aFztZ=r5wa0x26KJQxvZOaQq8s2v3u50wCyJcA-Sc4g8gQ@mail.gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/vdso/vdso32/sysenter.S |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/vdso/vdso32/sysenter.S
++++ b/arch/x86/vdso/vdso32/sysenter.S
+@@ -43,7 +43,7 @@ __kernel_vsyscall:
+ 	.space 7,0x90
+ 
+ 	/* 14: System call restart point is here! (SYSENTER_RETURN-2) */
+-	jmp .Lenter_kernel
++	int $0x80
+ 	/* 16: System call normal return point is here! */
+ VDSO32_SYSENTER_RETURN:	/* Symbol used by sysenter.c via vdso32-syms.h */
+ 	pop %ebp
diff --git a/queue-2.6.33/x86-uv-remove-uv-delay-in-starting-slave-cpus.patch b/queue-2.6.33/x86-uv-remove-uv-delay-in-starting-slave-cpus.patch
new file mode 100644
index 0000000..932ed56
--- /dev/null
+++ b/queue-2.6.33/x86-uv-remove-uv-delay-in-starting-slave-cpus.patch
@@ -0,0 +1,34 @@
+From 05e33fc20ea5e493a2a1e7f1d04f43cdf89f83ed Mon Sep 17 00:00:00 2001
+From: Jack Steiner <steiner@sgi.com>
+Date: Fri, 5 Aug 2011 09:09:00 -0500
+Subject: x86, UV: Remove UV delay in starting slave cpus
+
+From: Jack Steiner <steiner@sgi.com>
+
+commit 05e33fc20ea5e493a2a1e7f1d04f43cdf89f83ed upstream.
+
+Delete the 10 msec delay between the INIT and SIPI when starting
+slave cpus. I can find no requirement for this delay. BIOS also
+has similar code sequences without the delay.
+
+Removing the delay reduces boot time by 40 sec. Every bit helps.
+
+Signed-off-by: Jack Steiner <steiner@sgi.com>
+Link: http://lkml.kernel.org/r/20110805140900.GA6774@sgi.com
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kernel/apic/x2apic_uv_x.c |    1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/arch/x86/kernel/apic/x2apic_uv_x.c
++++ b/arch/x86/kernel/apic/x2apic_uv_x.c
+@@ -139,7 +139,6 @@ static int __cpuinit uv_wakeup_secondary
+ 	    ((start_rip << UVH_IPI_INT_VECTOR_SHFT) >> 12) |
+ 	    APIC_DM_INIT;
+ 	uv_write_global_mmr64(pnode, UVH_IPI_INT, val);
+-	mdelay(10);
+ 
+ 	val = (1UL << UVH_IPI_INT_SEND_SHFT) |
+ 	    (phys_apicid << UVH_IPI_INT_APIC_ID_SHFT) |