Linux v3.4-rc3-89-gc6f5c93

3 files changed, 5 insertions, 100 deletions

diff --git a/KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch b/KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch
deleted file mode 100644
index b98e392f7..000000000
--- a/KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-commit 32f6daad4651a748a58a3ab6da0611862175722f
-Author: Alex Williamson <alex.williamson@redhat.com>
-Date:   Wed Apr 11 09:51:49 2012 -0600
-
-    KVM: unmap pages from the iommu when slots are removed
-    
-    We've been adding new mappings, but not destroying old mappings.
-    This can lead to a page leak as pages are pinned using
-    get_user_pages, but only unpinned with put_page if they still
-    exist in the memslots list on vm shutdown.  A memslot that is
-    destroyed while an iommu domain is enabled for the guest will
-    therefore result in an elevated page reference count that is
-    never cleared.
-    
-    Additionally, without this fix, the iommu is only programmed
-    with the first translation for a gpa.  This can result in
-    peer-to-peer errors if a mapping is destroyed and replaced by a
-    new mapping at the same gpa as the iommu will still be pointing
-    to the original, pinned memory address.
-    
-    Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
-    Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
-
-diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
-index 665a260..72cbf08 100644
---- a/include/linux/kvm_host.h
-+++ b/include/linux/kvm_host.h
-@@ -596,6 +596,7 @@ void kvm_free_irq_source_id(struct kvm *kvm, int irq_source_id);
-
- #ifdef CONFIG_IOMMU_API
- int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot);
-+void kvm_iommu_unmap_pages(struct kvm *kvm, struct kvm_memory_slot *slot);
- int kvm_iommu_map_guest(struct kvm *kvm);
- int kvm_iommu_unmap_guest(struct kvm *kvm);
- int kvm_assign_device(struct kvm *kvm,
-@@ -609,6 +610,11 @@ static inline int kvm_iommu_map_pages(struct kvm *kvm,
- 	return 0;
- }
-
-+static inline void kvm_iommu_unmap_pages(struct kvm *kvm,
-+					 struct kvm_memory_slot *slot)
-+{
-+}
-+
- static inline int kvm_iommu_map_guest(struct kvm *kvm)
- {
- 	return -ENODEV;
-diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
-index a457d21..fec1723 100644
---- a/virt/kvm/iommu.c
-+++ b/virt/kvm/iommu.c
-@@ -310,6 +310,11 @@ static void kvm_iommu_put_pages(struct kvm *kvm,
- 	}
- }
-
-+void kvm_iommu_unmap_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
-+{
-+	kvm_iommu_put_pages(kvm, slot->base_gfn, slot->npages);
-+}
-+
- static int kvm_iommu_unmap_memslots(struct kvm *kvm)
- {
- 	int idx;
-@@ -320,7 +325,7 @@ static int kvm_iommu_unmap_memslots(struct kvm *kvm)
- 	slots = kvm_memslots(kvm);
-
- 	kvm_for_each_memslot(memslot, slots)
--		kvm_iommu_put_pages(kvm, memslot->base_gfn, memslot->npages);
-+		kvm_iommu_unmap_pages(kvm, memslot);
-
- 	srcu_read_unlock(&kvm->srcu, idx);
-
-diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 42b7393..9739b53 100644
---- a/virt/kvm/kvm_main.c
-+++ b/virt/kvm/kvm_main.c
-@@ -808,12 +808,13 @@ int __kvm_set_memory_region(struct kvm *kvm,
- 	if (r)
- 		goto out_free;
-
--	/* map the pages in iommu page table */
-+	/* map/unmap the pages in iommu page table */
- 	if (npages) {
- 		r = kvm_iommu_map_pages(kvm, &new);
- 		if (r)
- 			goto out_free;
--	}
-+	} else
-+		kvm_iommu_unmap_pages(kvm, &old);
-
- 	r = -ENOMEM;
- 	slots = kmemdup(kvm->memslots, sizeof(struct kvm_memslots),
diff --git a/kernel.spec b/kernel.spec
index 3fb13c567..7a37cb862 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -95,7 +95,7 @@ Summary: The Linux kernel
 # The rc snapshot level
 %define rcrev 3
 # The git snapshot level
-%define gitrev 3
+%define gitrev 4
 # Set rpm version accordingly
 %define rpmversion 3.%{upstream_sublevel}.0
 %endif
@@ -749,9 +749,6 @@ Patch22000: weird-root-dentry-name-debug.patch
 #selinux ptrace child permissions
 Patch22001: selinux-apply-different-permission-to-ptrace-child.patch
 
-#rhbz 814149 814155 CVE-2012-2121
-Patch22006: KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch
-
 #rhbz 814278 814289 CVE-2012-2119
 Patch22007: macvtap-zerocopy-validate-vector-length.patch
 
@@ -1453,9 +1450,6 @@ ApplyPatch vgaarb-vga_default_device.patch
 ApplyPatch x86-microcode-Fix-sysfs-warning-during-module-unload-on-unsupported-CPUs.patch
 ApplyPatch x86-microcode-Ensure-that-module-is-only-loaded-for-supported-AMD-CPUs.patch
 
-#rhbz 814149 814155 CVE-2012-2121
-ApplyPatch KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch
-
 #rhbz 814278 814289 CVE-2012-2119
 ApplyPatch macvtap-zerocopy-validate-vector-length.patch
 
@@ -2319,6 +2313,9 @@ fi
 #                 ||----w |
 #                 ||     ||
 %changelog
+* Fri Apr 20 2012 Justin M. Forbes <jforbes@redhat.com> - 3.4.0-0.rc3.git4.1
+- Linux v3.4-rc3-89-gc6f5c93
+
 * Thu Apr 19 2012 Justin M. Forbes <jforbes@redhat.com> - 3.4.0-0.rc3.git3.1
 - Linux v3.4-rc3-65-g9b7f43a
 
diff --git a/sources b/sources
index 8f32eb395..8b3b84b55 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
 7133f5a2086a7d7ef97abac610c094f5  linux-3.3.tar.xz
 2dfdc406169c0fcec64d5f939a44aff0  patch-3.4-rc3.xz
-92d57dac7a77f41fb939df4eb3024aea  patch-3.4-rc3-git3.xz
+3625feae37f8e7dbd1f3cd2243a37bed  patch-3.4-rc3-git4.xz