diff options
author | Greg Kroah-Hartman <gregkh@suse.de> | 2011-03-23 16:47:36 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2011-03-23 16:47:36 -0700 |
commit | a8b45126b1b777eeca719f4dfa88fb00d64a72b8 (patch) | |
tree | 268739cdbdd3212ab799f01a4f0877f0dce51ab0 | |
parent | ab9f20e7a844fc5fd761d4e6d143e93aafa72251 (diff) | |
download | longterm-queue-2.6.33-a8b45126b1b777eeca719f4dfa88fb00d64a72b8.tar.gz |
.33 patches
7 files changed, 287 insertions, 207 deletions
diff --git a/queue-2.6.33/ethtool-compat-handling-for-struct-ethtool_rxnfc.patch b/queue-2.6.33/ethtool-compat-handling-for-struct-ethtool_rxnfc.patch deleted file mode 100644 index 6c5c7d9..0000000 --- a/queue-2.6.33/ethtool-compat-handling-for-struct-ethtool_rxnfc.patch +++ /dev/null @@ -1,206 +0,0 @@ -From 3a7da39d165e0c363c294feec119db1427032afd Mon Sep 17 00:00:00 2001 -From: Ben Hutchings <bhutchings@solarflare.com> -Date: Thu, 17 Mar 2011 07:34:32 +0000 -Subject: ethtool: Compat handling for struct ethtool_rxnfc - -From: Ben Hutchings <bhutchings@solarflare.com> - -commit 3a7da39d165e0c363c294feec119db1427032afd upstream. - -This structure was accidentally defined such that its layout can -differ between 32-bit and 64-bit processes. Add compat structure -definitions and an ioctl wrapper function. - -Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> -Acked-by: Alexander Duyck <alexander.h.duyck@intel.com> -Signed-off-by: David S. Miller <davem@davemloft.net> -Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> - ---- - include/linux/ethtool.h | 34 ++++++++++++++ - net/socket.c | 114 +++++++++++++++++++++++++++++++++++++++++++++--- - 2 files changed, 141 insertions(+), 7 deletions(-) - ---- a/include/linux/ethtool.h -+++ b/include/linux/ethtool.h -@@ -13,6 +13,9 @@ - #ifndef _LINUX_ETHTOOL_H - #define _LINUX_ETHTOOL_H - -+#ifdef __KERNEL__ -+#include <linux/compat.h> -+#endif - #include <linux/types.h> - - /* This should work for both 32 and 64 bit userland. */ -@@ -397,6 +400,37 @@ int ethtool_op_set_ufo(struct net_device - u32 ethtool_op_get_flags(struct net_device *dev); - int ethtool_op_set_flags(struct net_device *dev, u32 data); - -+#ifdef __KERNEL__ -+#ifdef CONFIG_COMPAT -+ -+struct compat_ethtool_rx_flow_spec { -+ u32 flow_type; -+ union { -+ struct ethtool_tcpip4_spec tcp_ip4_spec; -+ struct ethtool_tcpip4_spec udp_ip4_spec; -+ struct ethtool_tcpip4_spec sctp_ip4_spec; -+ struct ethtool_ah_espip4_spec ah_ip4_spec; -+ struct ethtool_ah_espip4_spec esp_ip4_spec; -+ struct ethtool_usrip4_spec usr_ip4_spec; -+ struct ethhdr ether_spec; -+ u8 hdata[72]; -+ } h_u, m_u; -+ compat_u64 ring_cookie; -+ u32 location; -+}; -+ -+struct compat_ethtool_rxnfc { -+ u32 cmd; -+ u32 flow_type; -+ compat_u64 data; -+ struct compat_ethtool_rx_flow_spec fs; -+ u32 rule_cnt; -+ u32 rule_locs[0]; -+}; -+ -+#endif /* CONFIG_COMPAT */ -+#endif /* __KERNEL__ */ -+ - /** - * ðtool_ops - Alter and report network device settings - * get_settings: Get device-specific settings ---- a/net/socket.c -+++ b/net/socket.c -@@ -2561,23 +2561,123 @@ static int dev_ifconf(struct net *net, s - - static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) - { -+ struct compat_ethtool_rxnfc __user *compat_rxnfc; -+ bool convert_in = false, convert_out = false; -+ size_t buf_size = ALIGN(sizeof(struct ifreq), 8); -+ struct ethtool_rxnfc __user *rxnfc; - struct ifreq __user *ifr; -+ u32 rule_cnt = 0, actual_rule_cnt; -+ u32 ethcmd; - u32 data; -- void __user *datap; -+ int ret; - -- ifr = compat_alloc_user_space(sizeof(*ifr)); -+ if (get_user(data, &ifr32->ifr_ifru.ifru_data)) -+ return -EFAULT; - -- if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ)) -+ compat_rxnfc = compat_ptr(data); -+ -+ if (get_user(ethcmd, &compat_rxnfc->cmd)) - return -EFAULT; - -- if (get_user(data, &ifr32->ifr_ifru.ifru_data)) -+ /* Most ethtool structures are defined without padding. -+ * Unfortunately struct ethtool_rxnfc is an exception. -+ */ -+ switch (ethcmd) { -+ default: -+ break; -+ case ETHTOOL_GRXCLSRLALL: -+ /* Buffer size is variable */ -+ if (get_user(rule_cnt, &compat_rxnfc->rule_cnt)) -+ return -EFAULT; -+ if (rule_cnt > KMALLOC_MAX_SIZE / sizeof(u32)) -+ return -ENOMEM; -+ buf_size += rule_cnt * sizeof(u32); -+ /* fall through */ -+ case ETHTOOL_GRXRINGS: -+ case ETHTOOL_GRXCLSRLCNT: -+ case ETHTOOL_GRXCLSRULE: -+ convert_out = true; -+ /* fall through */ -+ case ETHTOOL_SRXCLSRLDEL: -+ case ETHTOOL_SRXCLSRLINS: -+ buf_size += sizeof(struct ethtool_rxnfc); -+ convert_in = true; -+ break; -+ } -+ -+ ifr = compat_alloc_user_space(buf_size); -+ rxnfc = (void *)ifr + ALIGN(sizeof(struct ifreq), 8); -+ -+ if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ)) - return -EFAULT; - -- datap = compat_ptr(data); -- if (put_user(datap, &ifr->ifr_ifru.ifru_data)) -+ if (put_user(convert_in ? rxnfc : compat_ptr(data), -+ &ifr->ifr_ifru.ifru_data)) - return -EFAULT; - -- return dev_ioctl(net, SIOCETHTOOL, ifr); -+ if (convert_in) { -+ /* We expect there to be holes between fs.m_u and -+ * fs.ring_cookie and at the end of fs, but nowhere else. -+ */ -+ BUILD_BUG_ON(offsetof(struct compat_ethtool_rxnfc, fs.m_u) + -+ sizeof(compat_rxnfc->fs.m_u) != -+ offsetof(struct ethtool_rxnfc, fs.m_u) + -+ sizeof(rxnfc->fs.m_u)); -+ BUILD_BUG_ON( -+ offsetof(struct compat_ethtool_rxnfc, fs.location) - -+ offsetof(struct compat_ethtool_rxnfc, fs.ring_cookie) != -+ offsetof(struct ethtool_rxnfc, fs.location) - -+ offsetof(struct ethtool_rxnfc, fs.ring_cookie)); -+ -+ if (copy_in_user(rxnfc, compat_rxnfc, -+ (void *)(&rxnfc->fs.m_u + 1) - -+ (void *)rxnfc) || -+ copy_in_user(&rxnfc->fs.ring_cookie, -+ &compat_rxnfc->fs.ring_cookie, -+ (void *)(&rxnfc->fs.location + 1) - -+ (void *)&rxnfc->fs.ring_cookie) || -+ copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt, -+ sizeof(rxnfc->rule_cnt))) -+ return -EFAULT; -+ } -+ -+ ret = dev_ioctl(net, SIOCETHTOOL, ifr); -+ if (ret) -+ return ret; -+ -+ if (convert_out) { -+ if (copy_in_user(compat_rxnfc, rxnfc, -+ (const void *)(&rxnfc->fs.m_u + 1) - -+ (const void *)rxnfc) || -+ copy_in_user(&compat_rxnfc->fs.ring_cookie, -+ &rxnfc->fs.ring_cookie, -+ (const void *)(&rxnfc->fs.location + 1) - -+ (const void *)&rxnfc->fs.ring_cookie) || -+ copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt, -+ sizeof(rxnfc->rule_cnt))) -+ return -EFAULT; -+ -+ if (ethcmd == ETHTOOL_GRXCLSRLALL) { -+ /* As an optimisation, we only copy the actual -+ * number of rules that the underlying -+ * function returned. Since Mallory might -+ * change the rule count in user memory, we -+ * check that it is less than the rule count -+ * originally given (as the user buffer size), -+ * which has been range-checked. -+ */ -+ if (get_user(actual_rule_cnt, &rxnfc->rule_cnt)) -+ return -EFAULT; -+ if (actual_rule_cnt < rule_cnt) -+ rule_cnt = actual_rule_cnt; -+ if (copy_in_user(&compat_rxnfc->rule_locs[0], -+ &rxnfc->rule_locs[0], -+ rule_cnt * sizeof(u32))) -+ return -EFAULT; -+ } -+ } -+ -+ return 0; - } - - static int compat_siocwandev(struct net *net, struct compat_ifreq __user *uifr32) diff --git a/queue-2.6.33/pci-hotplug-acpiphp-set-current_state-to-d0-in-register_slot.patch b/queue-2.6.33/pci-hotplug-acpiphp-set-current_state-to-d0-in-register_slot.patch new file mode 100644 index 0000000..fa0f95c --- /dev/null +++ b/queue-2.6.33/pci-hotplug-acpiphp-set-current_state-to-d0-in-register_slot.patch @@ -0,0 +1,65 @@ +From 47e9037ac16637cd7f12b8790ea7ce6680e42168 Mon Sep 17 00:00:00 2001 +From: Stefano Stabellini <stefano.stabellini@eu.citrix.com> +Date: Mon, 28 Feb 2011 16:20:11 +0000 +Subject: PCI hotplug: acpiphp: set current_state to D0 in register_slot + +From: Stefano Stabellini <stefano.stabellini@eu.citrix.com> + +commit 47e9037ac16637cd7f12b8790ea7ce6680e42168 upstream. + +If a device doesn't support power management (pm_cap == 0) but it is +acpi_pci_power_manageable() because there is a _PS0 method declared for +it and _EJ0 is also declared for the slot then nobody is going to set +current_state = PCI_D0 for this device. This is what I think it is +happening: + +pci_enable_device + | +__pci_enable_device_flags +/* here we do not set current_state because !pm_cap */ + | +do_pci_enable_device + | +pci_set_power_state + | +__pci_start_power_transition + | +pci_platform_power_transition +/* platform_pci_power_manageable() calls acpi_pci_power_manageable that + * returns true */ + | +platform_pci_set_power_state +/* acpi_pci_set_power_state gets called and does nothing because the + * acpi device has _EJ0, see the comment "If the ACPI device has _EJ0, + * ignore the device" */ + +at this point if we refer to the commit message that introduced the +comment above (10b3dcae0f275e2546e55303d64ddbb58cec7599), it is up to +the hotplug driver to set the state to D0. +However AFAICT the pci hotplug driver never does, in fact +drivers/pci/hotplug/acpiphp_glue.c:register_slot sets the slot flags to +(SLOT_ENABLED | SLOT_POWEREDON) but it does not set the pci device +current state to PCI_D0. + +So my proposed fix is also to set current_state = PCI_D0 in +register_slot. +Comments are very welcome. + +Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> +Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + drivers/pci/hotplug/acpiphp_glue.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/pci/hotplug/acpiphp_glue.c ++++ b/drivers/pci/hotplug/acpiphp_glue.c +@@ -211,6 +211,7 @@ register_slot(acpi_handle handle, u32 lv + + pdev = pci_get_slot(pbus, PCI_DEVFN(device, function)); + if (pdev) { ++ pdev->current_state = PCI_D0; + slot->flags |= (SLOT_ENABLED | SLOT_POWEREDON); + pci_dev_put(pdev); + } diff --git a/queue-2.6.33/pci-return-correct-value-when-writing-to-the-reset-attribute.patch b/queue-2.6.33/pci-return-correct-value-when-writing-to-the-reset-attribute.patch new file mode 100644 index 0000000..09aec5c --- /dev/null +++ b/queue-2.6.33/pci-return-correct-value-when-writing-to-the-reset-attribute.patch @@ -0,0 +1,39 @@ +From 447c5dd7338638f526e9bcf7dcf69b4da5835c7d Mon Sep 17 00:00:00 2001 +From: Michal Schmidt <mschmidt@redhat.com> +Date: Tue, 11 May 2010 11:44:54 +0200 +Subject: PCI: return correct value when writing to the "reset" attribute + +From: Michal Schmidt <mschmidt@redhat.com> + +commit 447c5dd7338638f526e9bcf7dcf69b4da5835c7d upstream. + +A successful write() to the "reset" sysfs attribute should return the +number of bytes written, not 0. Otherwise userspace (bash) retries the +write over and over again. + +Acked-by: Michael S. Tsirkin <mst@redhat.com> +Acked-by: Greg Kroah-Hartman <gregkh@suse.de> +Signed-off-by: Michal Schmidt <mschmidt@redhat.com> +Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + drivers/pci/pci-sysfs.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/drivers/pci/pci-sysfs.c ++++ b/drivers/pci/pci-sysfs.c +@@ -966,7 +966,12 @@ static ssize_t reset_store(struct device + + if (val != 1) + return -EINVAL; +- return pci_reset_function(pdev); ++ ++ result = pci_reset_function(pdev); ++ if (result < 0) ++ return result; ++ ++ return count; + } + + static struct device_attribute reset_attr = __ATTR(reset, 0200, NULL, reset_store); diff --git a/queue-2.6.33/prevent-rt_sigqueueinfo-and-rt_tgsigqueueinfo-from-spoofing-the-signal-code.patch b/queue-2.6.33/prevent-rt_sigqueueinfo-and-rt_tgsigqueueinfo-from-spoofing-the-signal-code.patch new file mode 100644 index 0000000..fb1068e --- /dev/null +++ b/queue-2.6.33/prevent-rt_sigqueueinfo-and-rt_tgsigqueueinfo-from-spoofing-the-signal-code.patch @@ -0,0 +1,68 @@ +From da48524eb20662618854bb3df2db01fc65f3070c Mon Sep 17 00:00:00 2001 +From: Julien Tinnes <jln@google.com> +Date: Fri, 18 Mar 2011 15:05:21 -0700 +Subject: Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code + +From: Julien Tinnes <jln@google.com> + +commit da48524eb20662618854bb3df2db01fc65f3070c upstream. + +Userland should be able to trust the pid and uid of the sender of a +signal if the si_code is SI_TKILL. + +Unfortunately, the kernel has historically allowed sigqueueinfo() to +send any si_code at all (as long as it was negative - to distinguish it +from kernel-generated signals like SIGILL etc), so it could spoof a +SI_TKILL with incorrect siginfo values. + +Happily, it looks like glibc has always set si_code to the appropriate +SI_QUEUE, so there are probably no actual user code that ever uses +anything but the appropriate SI_QUEUE flag. + +So just tighten the check for si_code (we used to allow any negative +value), and add a (one-time) warning in case there are binaries out +there that might depend on using other si_code values. + +Signed-off-by: Julien Tinnes <jln@google.com> +Acked-by: Oleg Nesterov <oleg@redhat.com> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + kernel/signal.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -2406,9 +2406,13 @@ SYSCALL_DEFINE3(rt_sigqueueinfo, pid_t, + return -EFAULT; + + /* Not even root can pretend to send signals from the kernel. +- Nor can they impersonate a kill(), which adds source info. */ +- if (info.si_code >= 0) ++ * Nor can they impersonate a kill()/tgkill(), which adds source info. ++ */ ++ if (info.si_code != SI_QUEUE) { ++ /* We used to allow any < 0 si_code */ ++ WARN_ON_ONCE(info.si_code < 0); + return -EPERM; ++ } + info.si_signo = sig; + + /* POSIX.1b doesn't mention process groups. */ +@@ -2422,9 +2426,13 @@ long do_rt_tgsigqueueinfo(pid_t tgid, pi + return -EINVAL; + + /* Not even root can pretend to send signals from the kernel. +- Nor can they impersonate a kill(), which adds source info. */ +- if (info->si_code >= 0) ++ * Nor can they impersonate a kill()/tgkill(), which adds source info. ++ */ ++ if (info->si_code != SI_QUEUE) { ++ /* We used to allow any < 0 si_code */ ++ WARN_ON_ONCE(info->si_code < 0); + return -EPERM; ++ } + info->si_signo = sig; + + return do_send_specific(tgid, pid, sig, info); diff --git a/queue-2.6.33/revert-intel_idle-pci-quirk-to-prevent-lenovo-ideapad-s10-3-boot-hang.patch b/queue-2.6.33/revert-intel_idle-pci-quirk-to-prevent-lenovo-ideapad-s10-3-boot-hang.patch new file mode 100644 index 0000000..c33765a --- /dev/null +++ b/queue-2.6.33/revert-intel_idle-pci-quirk-to-prevent-lenovo-ideapad-s10-3-boot-hang.patch @@ -0,0 +1,48 @@ +From 925e5ea1ea2627538fb9444307cc5c23990d670f Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@suse.de> +Date: Wed, 23 Mar 2011 15:50:39 -0700 +Subject: [PATCH] Revert "intel_idle: PCI quirk to prevent Lenovo Ideapad s10-3 boot hang" + +This reverts commit 05f7676dc3559c2b9061fda4e44c085a8d32fb05. + +To quote Len Brown: + intel_idle was deemed a "feature", and thus not included in + 2.6.33.stable, and thus 2.6.33.stable does not need this patch. +so I'm removing it. + +Cc: Len Brown <len.brown@intel.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + drivers/pci/quirks.c | 20 -------------------- + 1 file changed, 20 deletions(-) + +--- a/drivers/pci/quirks.c ++++ b/drivers/pci/quirks.c +@@ -155,26 +155,6 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_NE + DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_NEC, PCI_DEVICE_ID_NEC_CBUS_3, quirk_isa_dma_hangs); + + /* +- * Intel NM10 "TigerPoint" LPC PM1a_STS.BM_STS must be clear +- * for some HT machines to use C4 w/o hanging. +- */ +-static void __devinit quirk_tigerpoint_bm_sts(struct pci_dev *dev) +-{ +- u32 pmbase; +- u16 pm1a; +- +- pci_read_config_dword(dev, 0x40, &pmbase); +- pmbase = pmbase & 0xff80; +- pm1a = inw(pmbase); +- +- if (pm1a & 0x10) { +- dev_info(&dev->dev, FW_BUG "TigerPoint LPC.BM_STS cleared\n"); +- outw(0x10, pmbase); +- } +-} +-DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_TGP_LPC, quirk_tigerpoint_bm_sts); +- +-/* + * Chipsets where PCI->PCI transfers vanish or hang + */ + static void __devinit quirk_nopcipci(struct pci_dev *dev) diff --git a/queue-2.6.33/series b/queue-2.6.33/series index 38e0a89..e46d842 100644 --- a/queue-2.6.33/series +++ b/queue-2.6.33/series @@ -8,6 +8,10 @@ x86-binutils-xen-fix-another-wrong-size-directive.patch hwmon-sht15-fix-integer-overflow-in-humidity-calculation.patch alsa-hda-via-fix-stereo-mixer-recording-no-sound-issue.patch alsa-hda-via-add-missing-support-for-vt1718s-in-a-a-path.patch -ethtool-compat-handling-for-struct-ethtool_rxnfc.patch aio-wake-all-waiters-when-destroying-ctx.patch shmem-let-shared-anonymous-be-nonlinear-again.patch +pci-hotplug-acpiphp-set-current_state-to-d0-in-register_slot.patch +xen-set-max_pfn_mapped-to-the-last-pfn-mapped.patch +pci-return-correct-value-when-writing-to-the-reset-attribute.patch +revert-intel_idle-pci-quirk-to-prevent-lenovo-ideapad-s10-3-boot-hang.patch +prevent-rt_sigqueueinfo-and-rt_tgsigqueueinfo-from-spoofing-the-signal-code.patch diff --git a/queue-2.6.33/xen-set-max_pfn_mapped-to-the-last-pfn-mapped.patch b/queue-2.6.33/xen-set-max_pfn_mapped-to-the-last-pfn-mapped.patch new file mode 100644 index 0000000..c5c69a8 --- /dev/null +++ b/queue-2.6.33/xen-set-max_pfn_mapped-to-the-last-pfn-mapped.patch @@ -0,0 +1,62 @@ +From 14988a4d350ce3b41ecad4f63c4f44c56f5ae34d Mon Sep 17 00:00:00 2001 +From: Stefano Stabellini <stefano.stabellini@eu.citrix.com> +Date: Fri, 18 Feb 2011 11:32:40 +0000 +Subject: xen: set max_pfn_mapped to the last pfn mapped + +From: Stefano Stabellini <stefano.stabellini@eu.citrix.com> + +commit 14988a4d350ce3b41ecad4f63c4f44c56f5ae34d upstream. + +Do not set max_pfn_mapped to the end of the initial memory mappings, +that also contain pages that don't belong in pfn space (like the mfn +list). + +Set max_pfn_mapped to the last real pfn mapped in the initial memory +mappings that is the pfn backing _end. + +Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> +Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> +LKML-Reference: <alpine.DEB.2.00.1103171739050.3382@kaball-desktop> +Signed-off-by: H. Peter Anvin <hpa@zytor.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + arch/x86/xen/mmu.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +--- a/arch/x86/xen/mmu.c ++++ b/arch/x86/xen/mmu.c +@@ -1658,9 +1658,6 @@ static __init void xen_map_identity_earl + for (pteidx = 0; pteidx < PTRS_PER_PTE; pteidx++, pfn++) { + pte_t pte; + +- if (pfn > max_pfn_mapped) +- max_pfn_mapped = pfn; +- + if (!pte_none(pte_page[pteidx])) + continue; + +@@ -1704,6 +1701,12 @@ __init pgd_t *xen_setup_kernel_pagetable + pud_t *l3; + pmd_t *l2; + ++ /* max_pfn_mapped is the last pfn mapped in the initial memory ++ * mappings. Considering that on Xen after the kernel mappings we ++ * have the mappings of some pages that don't exist in pfn space, we ++ * set max_pfn_mapped to the last real pfn mapped. */ ++ max_pfn_mapped = PFN_DOWN(__pa(xen_start_info->mfn_list)); ++ + /* Zap identity mapping */ + init_level4_pgt[0] = __pgd(0); + +@@ -1767,9 +1770,7 @@ __init pgd_t *xen_setup_kernel_pagetable + { + pmd_t *kernel_pmd; + +- max_pfn_mapped = PFN_DOWN(__pa(xen_start_info->pt_base) + +- xen_start_info->nr_pt_frames * PAGE_SIZE + +- 512*1024); ++ max_pfn_mapped = PFN_DOWN(__pa(xen_start_info->mfn_list)); + + kernel_pmd = m2v(pgd[KERNEL_PGD_BOUNDARY].pgd); + memcpy(level2_kernel_pgt, kernel_pmd, sizeof(pmd_t) * PTRS_PER_PMD); |