diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-01-18 15:02:52 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-01-18 15:02:52 -0500 |
commit | 5c69bed266adadf9fd334e68a7ac586b625e9547 (patch) | |
tree | 54cb73524cf5ed886cd176665cf30a320014d8ac /arch | |
parent | b814469ad515c70d9269d5268607bd6fbfb32533 (diff) | |
parent | 9174adbee4a9a49d0139f5d71969852b36720809 (diff) |
Merge tag 'stable/for-linus-3.8-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen
Pull Xen fixes from Konrad Rzeszutek Wilk:
- CVE-2013-0190/XSA-40 (or stack corruption for 32-bit PV kernels)
- Fix racy vma access spotted by Al Viro
- Fix mmap batch ioctl potentially resulting in large O(n) page allcations.
- Fix vcpu online/offline BUG:scheduling while atomic..
- Fix unbound buffer scanning for more than 32 vCPUs.
- Fix grant table being incorrectly initialized
- Fix incorrect check in pciback
- Allow privcmd in backend domains.
Fix up whitespace conflict due to ugly merge resolution in Xen tree in
arch/arm/xen/enlighten.c
* tag 'stable/for-linus-3.8-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
Revert "xen/smp: Fix CPU online/offline bug triggering a BUG: scheduling while atomic."
xen/gntdev: remove erronous use of copy_to_user
xen/gntdev: correctly unmap unlinked maps in mmu notifier
xen/gntdev: fix unsafe vma access
xen/privcmd: Fix mmap batch ioctl.
Xen: properly bound buffer access when parsing cpu/*/availability
xen/grant-table: correctly initialize grant table version 1
x86/xen : Fix the wrong check in pciback
xen/privcmd: Relax access control in privcmd_ioctl_mmap
Diffstat (limited to 'arch')
-rw-r--r-- | arch/x86/kernel/entry_32.S | 1 | ||||
-rw-r--r-- | arch/x86/xen/smp.c | 7 |
2 files changed, 0 insertions, 8 deletions
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S index ff84d5469d77..6ed91d9980e2 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S | |||
@@ -1065,7 +1065,6 @@ ENTRY(xen_failsafe_callback) | |||
1065 | lea 16(%esp),%esp | 1065 | lea 16(%esp),%esp |
1066 | CFI_ADJUST_CFA_OFFSET -16 | 1066 | CFI_ADJUST_CFA_OFFSET -16 |
1067 | jz 5f | 1067 | jz 5f |
1068 | addl $16,%esp | ||
1069 | jmp iret_exc | 1068 | jmp iret_exc |
1070 | 5: pushl_cfi $-1 /* orig_ax = -1 => not a system call */ | 1069 | 5: pushl_cfi $-1 /* orig_ax = -1 => not a system call */ |
1071 | SAVE_ALL | 1070 | SAVE_ALL |
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c index 4f7d2599b484..34bc4cee8887 100644 --- a/arch/x86/xen/smp.c +++ b/arch/x86/xen/smp.c | |||
@@ -432,13 +432,6 @@ static void __cpuinit xen_play_dead(void) /* used only with HOTPLUG_CPU */ | |||
432 | play_dead_common(); | 432 | play_dead_common(); |
433 | HYPERVISOR_vcpu_op(VCPUOP_down, smp_processor_id(), NULL); | 433 | HYPERVISOR_vcpu_op(VCPUOP_down, smp_processor_id(), NULL); |
434 | cpu_bringup(); | 434 | cpu_bringup(); |
435 | /* | ||
436 | * Balance out the preempt calls - as we are running in cpu_idle | ||
437 | * loop which has been called at bootup from cpu_bringup_and_idle. | ||
438 | * The cpucpu_bringup_and_idle called cpu_bringup which made a | ||
439 | * preempt_disable() So this preempt_enable will balance it out. | ||
440 | */ | ||
441 | preempt_enable(); | ||
442 | } | 435 | } |
443 | 436 | ||
444 | #else /* !CONFIG_HOTPLUG_CPU */ | 437 | #else /* !CONFIG_HOTPLUG_CPU */ |