3 files changed, 18 insertions, 14 deletions

diff --git a/arch/i386/mm/fault.c b/arch/i386/mm/fault.c
index 7f0fcf219a26..bd6fe96cc16d 100644
--- a/arch/i386/mm/fault.c
+++ b/arch/i386/mm/fault.c
@@ -77,12 +77,15 @@ static inline unsigned long get_segment_eip(struct pt_regs *regs,
         unsigned seg = regs->xcs & 0xffff;
         u32 seg_ar, seg_limit, base, *desc;
 
+        /* Unlikely, but must come before segment checks. */
+        if (unlikely(regs->eflags & VM_MASK)) {
+                base = seg << 4;
+                *eip_limit = base + 0xffff;
+                return base + (eip & 0xffff);
+        }
+
         /* The standard kernel/user address space limit. */
         *eip_limit = (seg & 3) ? USER_DS.seg : KERNEL_DS.seg;
-
-        /* Unlikely, but must come before segment checks. */
-        if (unlikely((regs->eflags & VM_MASK) != 0))
-                return eip + (seg << 4);
         
         /* By far the most common cases. */
         if (likely(seg == __USER_CS || seg == __KERNEL_CS))
@@ -380,12 +383,12 @@ fastcall void __kprobes do_page_fault(struct pt_regs *regs,
                 goto bad_area;
         if (error_code & 4) {
                 /*
-                 * accessing the stack below %esp is always a bug.
-                 * The "+ 32" is there due to some instructions (like
-                 * pusha) doing post-decrement on the stack and that
-                 * doesn't show up until later..
+                 * Accessing the stack below %esp is always a bug.
+                 * The large cushion allows instructions like enter
+                 * and pusha to work.  ("enter $65535,$31" pushes
+                 * 32 pointers and then decrements %esp by 65535.)
                  */
-                if (address + 32 < regs->esp)
+                if (address + 65536 + 32 * sizeof(unsigned long) < regs->esp)
                         goto bad_area;
         }
         if (expand_stack(vma, address))
diff --git a/arch/i386/mm/init.c b/arch/i386/mm/init.c
index 3df1371d4520..bf19513f0cea 100644
--- a/arch/i386/mm/init.c
+++ b/arch/i386/mm/init.c
@@ -29,6 +29,7 @@
 #include <linux/efi.h>
 #include <linux/memory_hotplug.h>
 #include <linux/initrd.h>
+#include <linux/cpumask.h>
 
 #include <asm/processor.h>
 #include <asm/system.h>
@@ -384,7 +385,7 @@ static void __init pagetable_init (void)
 #endif
 }
 
-#ifdef CONFIG_SOFTWARE_SUSPEND
+#if defined(CONFIG_SOFTWARE_SUSPEND) || defined(CONFIG_ACPI_SLEEP)
 /*
  * Swap suspend & friends need this for resume because things like the intel-agp
  * driver might have split up a kernel 4MB mapping.
diff --git a/arch/i386/mm/pageattr.c b/arch/i386/mm/pageattr.c
index 92c3d9f0e731..0887b34bc59b 100644
--- a/arch/i386/mm/pageattr.c
+++ b/arch/i386/mm/pageattr.c
@@ -209,19 +209,19 @@ int change_page_attr(struct page *page, int numpages, pgprot_t prot)
 }
 
 void global_flush_tlb(void)
-{ 
-        LIST_HEAD(l);
+{
+        struct list_head l;
         struct page *pg, *next;
 
         BUG_ON(irqs_disabled());
 
         spin_lock_irq(&cpa_lock);
-        list_splice_init(&df_list, &l);
+        list_replace_init(&df_list, &l);
         spin_unlock_irq(&cpa_lock);
         flush_map();
         list_for_each_entry_safe(pg, next, &l, lru)
                 __free_page(pg);
-} 
+}
 
 #ifdef CONFIG_DEBUG_PAGEALLOC
 void kernel_map_pages(struct page *page, int numpages, int enable)