- 18 8月, 2009 2 次提交
-
-
由 John W. Linville 提交于
If key is 4 that is an array out of bounds. Reported-by: NDan Carpenter <error27@gmail.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
The key todo lock can be taken from different locks that require it to be _bh to avoid lock inversion due to (soft)irqs. This should fix the two problems reported by Bob and Gabor: http://mid.gmane.org/20090619113049.GB18956@hash.localnet http://mid.gmane.org/4A3FA376.8020307@openwrt.orgSigned-off-by: NJohannes Berg <johannes@sipsolutions.net> Cc: Bob Copeland <me@bobcopeland.com> Cc: Gabor Juhos <juhosg@openwrt.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 15 8月, 2009 5 次提交
-
-
由 Tom Goff 提交于
The GRE header length should be subtracted when the tunnel MTU is calculated. This just corrects for the associativity change introduced by commit 42aa9162 ("gre: Move MTU setting out of ipgre_tunnel_bind_dev"). Signed-off-by: NTom Goff <thomas.goff@boeing.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Petko Manolov 提交于
Add new definition to 'pegasus.h' for support Japanese IO DATA "ETX-US2" USB Ethernet Adapter. PEGASUS_DEV( $B!H(BIO DATA USB ETX-US2$B!I(B, VENDOR_IODATA, 0x092a, DEFAULT_GPIO_RESET | PEGASUS_II ) Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Dongdong Deng 提交于
The NETPOLL API requires that interrupts remain disabled in netpoll_send_skb(). The use of spin_lock_irq() and spin_unlock_irq() in the NETPOLL API callbacks causes the interrupts to get enabled and can lead to kernel instability. The solution is to use spin_lock_irqsave() and spin_unlock_restore() to prevent the irqs from getting enabled while in netpoll_send_skb(). Call trace: netpoll_send_skb() { -> local_irq_save(flags) ---> dev->ndo_start_xmit(skb, dev) ---> spin_lock_irq() ---> spin_unlock_irq() *******here would enable the interrupt. ... -> local_irq_restore(flags) } Signed-off-by: NDongdong Deng <dongdong.deng@windriver.com> Signed-off-by: NJason Wessel <jason.wessel@windriver.com> Acked-by: NBruce Ashfield <bruce.ashfield@windriver.com> Acked-by: NMatt Mackall <mpm@selenic.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 roel kluin 提交于
Test whether VELOCITY_DUPLEX_FULL bit is set in mii_status. Signed-off-by: NRoel Kluin <roel.kluin@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 14 8月, 2009 8 次提交
-
-
由 Pavel Roskin 提交于
Change rt2x00_rf_read() and rt2x00_rf_write() to subtract 1 from the rf register number. This is needed because the rf registers are enumerated starting with one. The size of the rf register cache is just enough to hold all registers, so writing to the highest register was corrupting memory. Add a check to make sure that the rf register number is valid. Signed-off-by: NPavel Roskin <proski@gnu.org> Cc: stable@kernel.org Acked-by: NIvo van Doorn <IvDoorn@gmail.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Lucy Liu 提交于
Traffic received with a priority tag (VID = 0) and non-zero priority value was incorrectly handled by the VLAN packet code path due to a check on zero for the whole VLAN tag instead of just the VID. This patch masked out the priority field when checking the vlan tag for received VLAN packets. Signed-off-by: NLucy Liu <lucy.liu@intel.com> Acked-by: NPeter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Yi Zou 提交于
We return the ddp->len in ixgbe_fcoe_ddp() to indicate the length of data that have been DDPed. However, it is possible that the length is 0, e.g., for SCSI READ, the FCP_RSP may come back w/ SCSI status 0x28 as Task Set Full with no FCP data for DDP. In ixgbe_fcoe_ddp(), we return 0 to indicate not passing DDPed packets to upper layer. Therefore in the case of ddp->len being 0 upon FCP_RSP, we do not want to return the 0 ddp->len as we want FCP_RSP to be always delivered to the upper layer. This patch fixes this bug by setting rc only if ddp->len is non-zero. Signed-off-by: NYi Zou <yi.zou@intel.com> Acked-by: NPeter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Dhananjay Phadke 提交于
o Defer napi resouce allocation to device attach. o Free napi resources and delete napi during detach. This ensures right behavior across firmware reset. Signed-off-by: NDhananjay Phadke <dhananjay@netxen.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Amit Kumar Salecha 提交于
o Remove private workqueue in the driver, move all scheduled tasks to keventd workqueues. This makes ports (interfaces) of same / different NIC boards independent, in terms of their link watchdog and reset tasks. o Move quick checks for link status and temperature in timer callback, schedule watchdog task only if link status changed or temperature reached critical threshold. This also fixes deadlock when thermal panic occurs, watchdog work was flushing workqueue that it was sitting on. Signed-off-by: NAmit Kumar Salecha <amit@qlogic.com> Signed-off-by: NDhananjay Phadke <dhananjay@netxen.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Don Skidmore 提交于
Currently setting rx-usecs when the interface is in legacy interrupt mode it is not immediate. We were only setting EITR for each MSIx vector and since this count would be zero for legacy mode it wasn't set until after a reset. This patch corrects that by checking what mode we are in and then setting EITR accordingly. Signed-off-by: NDon Skidmore <donald.skidmore@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Oliver Hartkopp 提交于
For 'real' hardware CAN devices the netlink interface is used to set CAN specific communication parameters. Real CAN hardware can not be created with the ip tool ... The invocation of 'ip link add type can' lead to an oops as the standard rtnl newlink function was called: http://bugzilla.kernel.org/show_bug.cgi?id=13954 This patch adds a private newlink function for the CAN device driver interface that unconditionally returns -EOPNOTSUPP. Signed-off-by: NOliver Hartkopp <oliver@hartkopp.net> Reported-by: NDmitry Eremin-Solenikov <dbaryshkov@gmail.com> CC: Patrick McHardy <kaber@trash.net> CC: Wolfgang Grandegger <wg@grandegger.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Luis R. Rodriguez 提交于
We splice skbs from the pending queue for a TID onto the local pending queue when tearing down a block ack request. This is not necessary unless we actually have received a request to start a block ack request (rate control, for example). If we never received that request we should not be splicing the tid pending queue as it would be null, causing a panic. Not sure yet how exactly we allowed through a call when the tid state does not have at least HT_ADDBA_REQUESTED_MSK set, that will require some further review as it is not quite obvious. For more information see the bug report: http://bugzilla.kernel.org/show_bug.cgi?id=13922 This fixes this oops: BUG: unable to handle kernel NULL pointer dereference at 00000030 IP: [<f8806c70>] ieee80211_agg_splice_packets+0x40/0xc0 [mac80211] *pdpt = 0000000002d1e001 *pde = 0000000000000000 Thread overran stack, or stack corrupted Oops: 0000 [#1] SMP last sysfs file: /sys/module/aes_generic/initstate Modules linked in: <bleh> Pid: 0, comm: swapper Not tainted (2.6.31-rc5-wl #2) Dell DV051 EIP: 0060:[<f8806c70>] EFLAGS: 00010292 CPU: 0 EIP is at ieee80211_agg_splice_packets+0x40/0xc0 [mac80211] EAX: 00000030 EBX: 0000004c ECX: 00000003 EDX: 00000000 ESI: c1c98000 EDI: f745a1c0 EBP: c076be58 ESP: c076be38 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 Process swapper (pid: 0, ti=c076a000 task=c0709160 task.ti=c076a000) Stack: <bleh2> Call Trace: [<f8806edb>] ? ieee80211_stop_tx_ba_cb+0xab/0x150 [mac80211] [<f8802f1e>] ? ieee80211_tasklet_handler+0xce/0x110 [mac80211] [<c04862ff>] ? net_rx_action+0xef/0x1d0 [<c0149378>] ? tasklet_action+0x58/0xc0 [<c014a0f2>] ? __do_softirq+0xc2/0x190 [<c018eb48>] ? handle_IRQ_event+0x58/0x140 [<c01205fe>] ? ack_apic_level+0x7e/0x270 [<c014a1fd>] ? do_softirq+0x3d/0x40 [<c014a345>] ? irq_exit+0x65/0x90 [<c010a6af>] ? do_IRQ+0x4f/0xc0 [<c014a35d>] ? irq_exit+0x7d/0x90 [<c011d547>] ? smp_apic_timer_interrupt+0x57/0x90 [<c01094a9>] ? common_interrupt+0x29/0x30 [<c010fd9e>] ? mwait_idle+0xbe/0x100 [<c0107e42>] ? cpu_idle+0x52/0x90 [<c054b1a5>] ? rest_init+0x55/0x60 [<c077492d>] ? start_kernel+0x315/0x37d [<c07743ce>] ? unknown_bootoption+0x0/0x1f9 [<c0774099>] ? i386_start_kernel+0x79/0x81 Code: <bleh3> EIP: [<f8806c70>] ieee80211_agg_splice_packets+0x40/0xc0 [mac80211] SS:ESP 0068:c076be38 CR2: 0000000000000030 Cc: stable@kernel.org Testedy-by: NJack Lau <jackelectronics@hotmail.com> Signed-off-by: NLuis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 13 8月, 2009 2 次提交
-
-
由 Francois Romieu 提交于
The driver always: 1. allocate cp->rx_buf_sz + NET_IP_ALIGN 2. map cp->rx_buf_sz Signed-off-by: NFrancois Romieu <romieu@fr.zoreil.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
This reverts commit 57921c31. On request from John Linville: It has been shown to create a new problem. There is work towards a solution to that one, but it isn't a simple clean-up. Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 11 8月, 2009 2 次提交
-
-
由 Dan Carpenter 提交于
queue == __AR9170_NUM_TXQ would cause a bug on the next line. found by Smatch ( http://repo.or.cz/w/smatch.git ). Cc: stable@kernel.org Reported-by: NDan Carpenter <error27@gmail.com> Signed-off-by: NDan Carpenter <error27@gmail.com> Signed-off-by: NChristian Lamparter <chunkeey@web.de> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Christian Lamparter 提交于
When ar9170-2.fw was missing, the driver erroneously complained about missing the initialization values file ar9170-1.fw... Signed-off-by: NChristian Lamparter <chunkeey@web.de> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 10 8月, 2009 21 次提交
-
-
由 roel kluin 提交于
If the length is less or equal to frag_prefix_size in the first iteration we write skb_frags_rx[-1] and read from priv->frag_info[-1] Signed-off-by: NRoel Kluin <roel.kluin@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 roel kluin 提交于
Prevent read from cards[-1] when no card was found. Signed-off-by: NRoel Kluin <roel.kluin@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 roel kluin 提交于
An `options[cards_found]' that equals `sizeof(options_mapping)' is already beyond the array. Signed-off-by: NRoel Kluin <roel.kluin@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Rafael Laufer 提交于
Commit 1748376b, net: Use a percpu_counter for sockets_allocated added percpu_counter function calls to sctp_proc_init code path, but forgot to add them to sctp_proc_exit(). This resulted in a following Ooops when performing this test # modprobe sctp # rmmod -f sctp # modprobe sctp [ 573.862512] BUG: unable to handle kernel paging request at f8214a24 [ 573.862518] IP: [<c0308b8f>] __percpu_counter_init+0x3f/0x70 [ 573.862530] *pde = 37010067 *pte = 00000000 [ 573.862534] Oops: 0002 [#1] SMP [ 573.862537] last sysfs file: /sys/module/libcrc32c/initstate [ 573.862540] Modules linked in: sctp(+) crc32c libcrc32c binfmt_misc bridge stp bnep lp snd_hda_codec_analog snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss arc4 joydev snd_pcm ecb pcmcia snd_seq_dummy snd_seq_oss iwlagn iwlcore snd_seq_midi snd_rawmidi snd_seq_midi_event yenta_socket rsrc_nonstatic thinkpad_acpi snd_seq snd_timer snd_seq_device mac80211 psmouse sdhci_pci sdhci nvidia(P) ppdev video snd soundcore serio_raw pcspkr iTCO_wdt iTCO_vendor_support led_class ricoh_mmc pcmcia_core intel_agp nvram agpgart usbhid parport_pc parport output snd_page_alloc cfg80211 btusb ohci1394 ieee1394 e1000e [last unloaded: sctp] [ 573.862589] [ 573.862593] Pid: 5373, comm: modprobe Tainted: P R (2.6.31-rc3 #6) 7663B15 [ 573.862596] EIP: 0060:[<c0308b8f>] EFLAGS: 00010286 CPU: 1 [ 573.862599] EIP is at __percpu_counter_init+0x3f/0x70 [ 573.862602] EAX: f8214a20 EBX: f80faa14 ECX: c48c0000 EDX: f80faa20 [ 573.862604] ESI: f80a7000 EDI: 00000000 EBP: f69d5ef0 ESP: f69d5eec [ 573.862606] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 [ 573.862610] Process modprobe (pid: 5373, ti=f69d4000 task=c2130c70 task.ti=f69d4000) [ 573.862612] Stack: [ 573.862613] 00000000 f69d5f18 f80a70a8 f80fa9fc 00000000 fffffffc f69d5f30 c018e2d4 [ 573.862619] <0> 00000000 f80a7000 00000000 f69d5f88 c010112b 00000000 c07029c0 fffffffb [ 573.862626] <0> 00000000 f69d5f38 c018f83f f69d5f54 c0557cad f80fa860 00000001 c07010c0 [ 573.862634] Call Trace: [ 573.862644] [<f80a70a8>] ? sctp_init+0xa8/0x7d4 [sctp] [ 573.862650] [<c018e2d4>] ? marker_update_probe_range+0x184/0x260 [ 573.862659] [<f80a7000>] ? sctp_init+0x0/0x7d4 [sctp] [ 573.862662] [<c010112b>] ? do_one_initcall+0x2b/0x160 [ 573.862666] [<c018f83f>] ? tracepoint_module_notify+0x2f/0x40 [ 573.862671] [<c0557cad>] ? notifier_call_chain+0x2d/0x70 [ 573.862678] [<c01588fd>] ? __blocking_notifier_call_chain+0x4d/0x60 [ 573.862682] [<c016b2f1>] ? sys_init_module+0xb1/0x1f0 [ 573.862686] [<c0102ffc>] ? sysenter_do_call+0x12/0x28 [ 573.862688] Code: 89 48 08 b8 04 00 00 00 e8 df aa ec ff ba f4 ff ff ff 85 c0 89 43 14 74 31 b8 b0 18 71 c0 e8 19 b9 24 00 a1 c4 18 71 c0 8d 53 0c <89> 50 04 89 43 0c b8 b0 18 71 c0 c7 43 10 c4 18 71 c0 89 15 c4 [ 573.862725] EIP: [<c0308b8f>] __percpu_counter_init+0x3f/0x70 SS:ESP 0068:f69d5eec [ 573.862730] CR2: 00000000f8214a24 [ 573.862734] ---[ end trace 39c4e0b55e7cf54d ]--- Signed-off-by: NRafael Laufer <rlaufer@cisco.com> Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Joe Perches 提交于
Signed-off-by: NJoe Perches <joe@perches.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Yong Zhang 提交于
If vlan has been enabled. ifdown followed by ifup will lost hardware related state. Also remove duplicated operation in gfar_vlan_rx_register(). Signed-off-by: NYong Zhang <yong.zhang0@gmail.com> Acked-by: NDai Haruki <dai.haruki@freescale.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Bruce Allan 提交于
The bank offset was being incorrectly calculated on ICH9 parts with a bank size of 8K (instead of the more common 4K bank) which would cause any NVM writes to be done on the wrong address after switching from bank 1 to bank 0. Additionally, assume we are meant to use bank 0 if a valid bank is not detected, and remove the unnecessary acquisition of the SW/FW/HW semaphore when writing to the shadow ram version of the NVM image. Signed-off-by: NBruce Allan <bruce.w.allan@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Bruce Allan 提交于
For ICHx parts, write the EXTCNF_CTRL.SWFLAG bit once when trying to acquire the SW/FW/HW semaphore instead of multiple times to prevent the hardware from having problems (especially for systems with manageability enabled), and extend the timeout for the hardware to set the SWFLAG bit. Signed-off-by: NBruce Allan <bruce.w.allan@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Yi Zou 提交于
For 82599, packet split has to be disabled for FCoE direct data placement. However, this is only required on received queues allocated for FCoE. This patch adds a per ring flags to indicate if packet split is disabled on a per queue basis, particularly for FCoE, as packet split must be disabled for large receive using direct data placement (DDP). Signed-off-by: NYi Zou <yi.zou@intel.com> Acked-by: NPeter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Yi Zou 提交于
Instead of passing the register index of the corresponding rx_ring and find the way back to get to corresponding rx_ring in ixgbe_configure_srrctl(), simplify the function ixgbe_configure_srrctl() by passing the rx_ring into it. Then the register index for that rx_ring is already available from rx_ring->reg_idx. Signed-off-by: NYi Zou <yi.zou@intel.com> Acked-by: NPeter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Herbert Xu 提交于
As it is, parts of the ioctl runs under the RTNL and parts of it do not. The unlocked section is still protected by the BKL, but there can be subtle races. For example, Eric Biederman and Paul Moore observed that if two threads tried to create two tun devices on the same file descriptor, then unexpected results may occur. As there isn't anything in the ioctl that is expected to sleep indefinitely, we can prevent this from occurring by extending the RTNL lock coverage. This also allows to get rid of the BKL. Finally, I changed tun_get_iff to take a tun device in order to avoid calling tun_put which would dead-lock as it also tries to take the RTNL lock. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Greg Ungerer 提交于
Commit f0b3fbea ("FEC Buffer rework") breaks transmission of packets where the skb data buffer is not memory aligned according to FEC_ALIGNMENT. It incorrectly passes to dma_sync_single() the buffer address directly from the skb, instead of the address calculated for use (which may be the skb address or one of the bounce buffers). It seems there is no use converting the cpu address of the buffer to a physical either, since dma_map_single() expects the cpu address and will return the dma address to use in the descriptor. So remove the use of __pa() on the buffer address as well. This patch is against 2.6.30-rc5. This breakage is a regression over 2.6.30, which does not have this problem. Signed-off-by: NGreg Ungerer <gerg@uclinux.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
raw_getname() can leak 10 bytes of kernel memory to user (two bytes hole between can_family and can_ifindex, 8 bytes at the end of sockaddr_can structure) Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Acked-by: NOliver Hartkopp <oliver@hartkopp.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jussi Mäki 提交于
This patch fixes hash collisions in cases where number of entries have incrementing IP source and destination addresses from single respective subnets (i.e. 192.168.0.1-172.16.0.1, 192.168.0.2-172.16.0.2, and so on.). Signed-off-by: NJussi Maki <joamaki@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Roel Kluin 提交于
strlcpy() will always null terminate the string. Signed-off-by: NRoel Kluin <roel.kluin@gmail.com> Cc: Jay Cliburn <jcliburn@gmail.com> Cc: Chris Snook <csnook@redhat.com> Cc: Jie Yang <jie.yang@atheros.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Roel Kluin 提交于
io[i] is read before the bounds check on i, order should be reversed. Signed-off-by: NRoel Kluin <roel.kluin@gmail.com> Cc: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Chris Snook 提交于
Update MAINTAINERS to reflect my current (non-)affiliation. Anyone hiring? Signed-off-by: NChris Snook <chris.snook@gmail.com> Cc: Jay Cliburn <jcliburn@gmail.com> Cc: Jie Yang <jie.yang@atheros.com> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
-
git://git.infradead.org/ubi-2.6由 Linus Torvalds 提交于
* 'for-linus' of git://git.infradead.org/ubi-2.6: UBI: compatible fallback in absense of sequence numbers UBI: fix double free on error path
-
git://git.kernel.org/pub/scm/virt/kvm/kvm由 Linus Torvalds 提交于
* 'kvm-updates/2.6.31' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: Avoid redelivery of edge interrupt before next edge KVM: MMU: limit rmap chain length KVM: ia64: fix build failures due to ia64/unsigned long mismatches KVM: Make KVM_HPAGES_PER_HPAGE unsigned long to avoid build error on powerpc KVM: fix ack not being delivered when msi present KVM: s390: fix wait_queue handling KVM: VMX: Fix locking imbalance on emulation failure KVM: VMX: Fix locking order in handle_invalid_guest_state KVM: MMU: handle n_free_mmu_pages > n_alloc_mmu_pages in kvm_mmu_change_mmu_pages KVM: SVM: force new asid on vcpu migration KVM: x86: verify MTRR/PAT validity KVM: PIT: fix kpit_elapsed division by zero KVM: Fix KVM_GET_MSR_INDEX_LIST
-