| blob | 3427e8ec22830cad86b79b69100915cefba183de |
1 diff --git a/Documentation/dvb/get_dvb_firmware b/Documentation/dvb/get_dvb_firmware
2 index 4820366..6cb3080 100644
3 --- a/Documentation/dvb/get_dvb_firmware
4 +++ b/Documentation/dvb/get_dvb_firmware
5 @@ -56,7 +56,7 @@ syntax();
7 sub sp8870 {
8 my $sourcefile = "tt_Premium_217g.zip";
9 - my $url = "http://www.technotrend.de/new/217g/$sourcefile";
10 + my $url = "http://www.softwarepatch.pl/9999ccd06a4813cb827dbb0005071c71/$sourcefile";
11 my $hash = "53970ec17a538945a6d8cb608a7b3899";
12 my $outfile = "dvb-fe-sp8870.fw";
13 my $tmpdir = tempdir(DIR => "/tmp", CLEANUP => 1);
14 @@ -110,21 +110,21 @@ sub tda10045 {
15 }
17 sub tda10046 {
18 - my $sourcefile = "tt_budget_217g.zip";
19 - my $url = "http://www.technotrend.de/new/217g/$sourcefile";
20 - my $hash = "6a7e1e2f2644b162ff0502367553c72d";
21 - my $outfile = "dvb-fe-tda10046.fw";
22 - my $tmpdir = tempdir(DIR => "/tmp", CLEANUP => 1);
23 + my $sourcefile = "TT_PCI_2.19h_28_11_2006.zip";
24 + my $url = "http://technotrend-online.com/download/software/219/$sourcefile";
25 + my $hash = "6a7e1e2f2644b162ff0502367553c72d";
26 + my $outfile = "dvb-fe-tda10046.fw";
27 + my $tmpdir = tempdir(DIR => "/tmp", CLEANUP => 1);
29 - checkstandard();
30 + checkstandard();
32 - wgetfile($sourcefile, $url);
33 - unzip($sourcefile, $tmpdir);
34 - extract("$tmpdir/software/OEM/PCI/App/ttlcdacc.dll", 0x3f731, 24478, "$tmpdir/fwtmp");
35 - verify("$tmpdir/fwtmp", $hash);
36 - copy("$tmpdir/fwtmp", $outfile);
37 + wgetfile($sourcefile, $url);
38 + unzip($sourcefile, $tmpdir);
39 + extract("$tmpdir/TT_PCI_2.19h_28_11_2006/software/OEM/PCI/App/ttlcdacc.dll", 0x65389, 24478, "$tmpdir/fwtmp");
40 + verify("$tmpdir/fwtmp", $hash);
41 + copy("$tmpdir/fwtmp", $outfile);
43 - $outfile;
44 + $outfile;
45 }
47 sub tda10046lifeview {
48 diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
49 index af50f9b..026e4e5 100644
50 --- a/Documentation/kernel-parameters.txt
51 +++ b/Documentation/kernel-parameters.txt
52 @@ -850,11 +850,6 @@ and is between 256 and 4096 characters. It is defined in the file
53 lasi= [HW,SCSI] PARISC LASI driver for the 53c700 chip
54 Format: addr:<io>,irq:<irq>
56 - legacy_serial.force [HW,IA-32,X86-64]
57 - Probe for COM ports at legacy addresses even
58 - if PNPBIOS or ACPI should describe them. This
59 - is for working around firmware defects.
60 -
61 llsc*= [IA64] See function print_params() in
62 arch/ia64/sn/kernel/llsc4.c.
64 diff --git a/Makefile b/Makefile
65 index de4f8f7..7200160 100644
66 --- a/Makefile
67 +++ b/Makefile
68 @@ -1,7 +1,7 @@
69 VERSION = 2
70 PATCHLEVEL = 6
71 SUBLEVEL = 22
72 -EXTRAVERSION =
73 +EXTRAVERSION = .22-op1
74 NAME = Holy Dancing Manatees, Batman!
76 # *DOCUMENTATION*
77 diff --git a/arch/i386/Makefile b/arch/i386/Makefile
78 index bd28f9f..541b3ae 100644
79 --- a/arch/i386/Makefile
80 +++ b/arch/i386/Makefile
81 @@ -51,8 +51,8 @@ cflags-y += -maccumulate-outgoing-args
82 CFLAGS += $(shell if [ $(call cc-version) -lt 0400 ] ; then echo $(call cc-option,-fno-unit-at-a-time); fi ;)
84 # do binutils support CFI?
85 -cflags-y += $(call as-instr,.cfi_startproc\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
86 -AFLAGS += $(call as-instr,.cfi_startproc\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
87 +cflags-y += $(call as-instr,.cfi_startproc\n.cfi_rel_offset esp${comma}0\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
88 +AFLAGS += $(call as-instr,.cfi_startproc\n.cfi_rel_offset esp${comma}0\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
90 # is .cfi_signal_frame supported too?
91 cflags-y += $(call as-instr,.cfi_startproc\n.cfi_signal_frame\n.cfi_endproc,-DCONFIG_AS_CFI_SIGNAL_FRAME=1,)
92 diff --git a/arch/i386/kernel/Makefile b/arch/i386/kernel/Makefile
93 index 06da59f..e9297cb 100644
94 --- a/arch/i386/kernel/Makefile
95 +++ b/arch/i386/kernel/Makefile
96 @@ -35,7 +35,6 @@ obj-y += sysenter.o vsyscall.o
97 obj-$(CONFIG_ACPI_SRAT) += srat.o
98 obj-$(CONFIG_EFI) += efi.o efi_stub.o
99 obj-$(CONFIG_DOUBLEFAULT) += doublefault.o
100 -obj-$(CONFIG_SERIAL_8250) += legacy_serial.o
101 obj-$(CONFIG_VM86) += vm86.o
102 obj-$(CONFIG_EARLY_PRINTK) += early_printk.o
103 obj-$(CONFIG_HPET_TIMER) += hpet.o
104 diff --git a/arch/i386/kernel/apic.c b/arch/i386/kernel/apic.c
105 index 67824f3..a8ceb7a 100644
106 --- a/arch/i386/kernel/apic.c
107 +++ b/arch/i386/kernel/apic.c
108 @@ -61,8 +61,9 @@ static int enable_local_apic __initdata = 0;
110 /* Local APIC timer verification ok */
111 static int local_apic_timer_verify_ok;
112 -/* Disable local APIC timer from the kernel commandline or via dmi quirk */
113 -static int local_apic_timer_disabled;
114 +/* Disable local APIC timer from the kernel commandline or via dmi quirk
115 + or using CPU MSR check */
116 +int local_apic_timer_disabled;
117 /* Local APIC timer works in C2 */
118 int local_apic_timer_c2_ok;
119 EXPORT_SYMBOL_GPL(local_apic_timer_c2_ok);
120 @@ -367,12 +368,9 @@ void __init setup_boot_APIC_clock(void)
121 long delta, deltapm;
122 int pm_referenced = 0;
124 - if (boot_cpu_has(X86_FEATURE_LAPIC_TIMER_BROKEN))
125 - local_apic_timer_disabled = 1;
126 -
127 /*
128 * The local apic timer can be disabled via the kernel
129 - * commandline or from the test above. Register the lapic
130 + * commandline or from the CPU detection code. Register the lapic
131 * timer as a dummy clock event source on SMP systems, so the
132 * broadcast mechanism is used. On UP systems simply ignore it.
133 */
134 diff --git a/arch/i386/kernel/cpu/amd.c b/arch/i386/kernel/cpu/amd.c
135 index 6f47eee..9d23390 100644
136 --- a/arch/i386/kernel/cpu/amd.c
137 +++ b/arch/i386/kernel/cpu/amd.c
138 @@ -3,6 +3,7 @@
139 #include <linux/mm.h>
140 #include <asm/io.h>
141 #include <asm/processor.h>
142 +#include <asm/apic.h>
144 #include "cpu.h"
146 @@ -22,6 +23,7 @@
147 extern void vide(void);
148 __asm__(".align 4\nvide: ret");
150 +#ifdef CONFIG_X86_LOCAL_APIC
151 #define ENABLE_C1E_MASK 0x18000000
152 #define CPUID_PROCESSOR_SIGNATURE 1
153 #define CPUID_XFAM 0x0ff00000
154 @@ -52,6 +54,7 @@ static __cpuinit int amd_apic_timer_broken(void)
155 }
156 return 0;
157 }
158 +#endif
160 int force_mwait __cpuinitdata;
162 @@ -275,8 +278,10 @@ static void __cpuinit init_amd(struct cpuinfo_x86 *c)
163 if (cpuid_eax(0x80000000) >= 0x80000006)
164 num_cache_leaves = 3;
166 +#ifdef CONFIG_X86_LOCAL_APIC
167 if (amd_apic_timer_broken())
168 - set_bit(X86_FEATURE_LAPIC_TIMER_BROKEN, c->x86_capability);
169 + local_apic_timer_disabled = 1;
170 +#endif
172 if (c->x86 == 0x10 && !force_mwait)
173 clear_bit(X86_FEATURE_MWAIT, c->x86_capability);
174 diff --git a/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c b/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c
175 index 10baa35..18c8b67 100644
176 --- a/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c
177 +++ b/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c
178 @@ -167,11 +167,13 @@ static void do_drv_read(struct drv_cmd *cmd)
180 static void do_drv_write(struct drv_cmd *cmd)
181 {
182 - u32 h = 0;
183 + u32 lo, hi;
185 switch (cmd->type) {
186 case SYSTEM_INTEL_MSR_CAPABLE:
187 - wrmsr(cmd->addr.msr.reg, cmd->val, h);
188 + rdmsr(cmd->addr.msr.reg, lo, hi);
189 + lo = (lo & ~INTEL_MSR_RANGE) | (cmd->val & INTEL_MSR_RANGE);
190 + wrmsr(cmd->addr.msr.reg, lo, hi);
191 break;
192 case SYSTEM_IO_CAPABLE:
193 acpi_os_write_port((acpi_io_address)cmd->addr.io.port,
194 @@ -372,7 +374,6 @@ static int acpi_cpufreq_target(struct cpufreq_policy *policy,
195 struct cpufreq_freqs freqs;
196 cpumask_t online_policy_cpus;
197 struct drv_cmd cmd;
198 - unsigned int msr;
199 unsigned int next_state = 0; /* Index into freq_table */
200 unsigned int next_perf_state = 0; /* Index into perf table */
201 unsigned int i;
202 @@ -417,11 +418,7 @@ static int acpi_cpufreq_target(struct cpufreq_policy *policy,
203 case SYSTEM_INTEL_MSR_CAPABLE:
204 cmd.type = SYSTEM_INTEL_MSR_CAPABLE;
205 cmd.addr.msr.reg = MSR_IA32_PERF_CTL;
206 - msr =
207 - (u32) perf->states[next_perf_state].
208 - control & INTEL_MSR_RANGE;
209 - cmd.val = get_cur_val(online_policy_cpus);
210 - cmd.val = (cmd.val & ~INTEL_MSR_RANGE) | msr;
211 + cmd.val = (u32) perf->states[next_perf_state].control;
212 break;
213 case SYSTEM_IO_CAPABLE:
214 cmd.type = SYSTEM_IO_CAPABLE;
215 diff --git a/arch/i386/kernel/cpu/perfctr-watchdog.c b/arch/i386/kernel/cpu/perfctr-watchdog.c
216 index 4d26d51..996f6f8 100644
217 --- a/arch/i386/kernel/cpu/perfctr-watchdog.c
218 +++ b/arch/i386/kernel/cpu/perfctr-watchdog.c
219 @@ -346,7 +346,9 @@ static int setup_p6_watchdog(unsigned nmi_hz)
220 perfctr_msr = MSR_P6_PERFCTR0;
221 evntsel_msr = MSR_P6_EVNTSEL0;
223 - wrmsrl(perfctr_msr, 0UL);
224 + /* KVM doesn't implement this MSR */
225 + if (wrmsr_safe(perfctr_msr, 0, 0) < 0)
226 + return 0;
228 evntsel = P6_EVNTSEL_INT
229 | P6_EVNTSEL_OS
230 diff --git a/arch/i386/kernel/doublefault.c b/arch/i386/kernel/doublefault.c
231 index 265c559..40978af 100644
232 --- a/arch/i386/kernel/doublefault.c
233 +++ b/arch/i386/kernel/doublefault.c
234 @@ -13,7 +13,7 @@
235 static unsigned long doublefault_stack[DOUBLEFAULT_STACKSIZE];
236 #define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE)
238 -#define ptr_ok(x) ((x) > PAGE_OFFSET && (x) < PAGE_OFFSET + 0x1000000)
239 +#define ptr_ok(x) ((x) > PAGE_OFFSET && (x) < PAGE_OFFSET + MAXMEM)
241 static void doublefault_fn(void)
242 {
243 @@ -23,23 +23,23 @@ static void doublefault_fn(void)
244 store_gdt(&gdt_desc);
245 gdt = gdt_desc.address;
247 - printk("double fault, gdt at %08lx [%d bytes]\n", gdt, gdt_desc.size);
248 + printk(KERN_EMERG "PANIC: double fault, gdt at %08lx [%d bytes]\n", gdt, gdt_desc.size);
250 if (ptr_ok(gdt)) {
251 gdt += GDT_ENTRY_TSS << 3;
252 tss = *(u16 *)(gdt+2);
253 tss += *(u8 *)(gdt+4) << 16;
254 tss += *(u8 *)(gdt+7) << 24;
255 - printk("double fault, tss at %08lx\n", tss);
256 + printk(KERN_EMERG "double fault, tss at %08lx\n", tss);
258 if (ptr_ok(tss)) {
259 struct i386_hw_tss *t = (struct i386_hw_tss *)tss;
261 - printk("eip = %08lx, esp = %08lx\n", t->eip, t->esp);
262 + printk(KERN_EMERG "eip = %08lx, esp = %08lx\n", t->eip, t->esp);
264 - printk("eax = %08lx, ebx = %08lx, ecx = %08lx, edx = %08lx\n",
265 + printk(KERN_EMERG "eax = %08lx, ebx = %08lx, ecx = %08lx, edx = %08lx\n",
266 t->eax, t->ebx, t->ecx, t->edx);
267 - printk("esi = %08lx, edi = %08lx\n",
268 + printk(KERN_EMERG "esi = %08lx, edi = %08lx\n",
269 t->esi, t->edi);
270 }
271 }
272 @@ -63,6 +63,7 @@ struct tss_struct doublefault_tss __cacheline_aligned = {
273 .cs = __KERNEL_CS,
274 .ss = __KERNEL_DS,
275 .ds = __USER_DS,
276 + .fs = __KERNEL_PERCPU,
278 .__cr3 = __pa(swapper_pg_dir)
279 }
280 diff --git a/arch/i386/kernel/entry.S b/arch/i386/kernel/entry.S
281 index 3c3c220..b7be5cf 100644
282 --- a/arch/i386/kernel/entry.S
283 +++ b/arch/i386/kernel/entry.S
284 @@ -409,8 +409,6 @@ restore_nocheck_notrace:
285 1: INTERRUPT_RETURN
286 .section .fixup,"ax"
287 iret_exc:
288 - TRACE_IRQS_ON
289 - ENABLE_INTERRUPTS(CLBR_NONE)
290 pushl $0 # no error code
291 pushl $do_iret_error
292 jmp error_code
293 diff --git a/arch/i386/kernel/hpet.c b/arch/i386/kernel/hpet.c
294 index 17d7345..cbb4751 100644
295 --- a/arch/i386/kernel/hpet.c
296 +++ b/arch/i386/kernel/hpet.c
297 @@ -226,7 +226,8 @@ int __init hpet_enable(void)
298 {
299 unsigned long id;
300 uint64_t hpet_freq;
301 - u64 tmp;
302 + u64 tmp, start, now;
303 + cycle_t t1;
305 if (!is_hpet_capable())
306 return 0;
307 @@ -273,6 +274,27 @@ int __init hpet_enable(void)
308 /* Start the counter */
309 hpet_start_counter();
311 + /* Verify whether hpet counter works */
312 + t1 = read_hpet();
313 + rdtscll(start);
314 +
315 + /*
316 + * We don't know the TSC frequency yet, but waiting for
317 + * 200000 TSC cycles is safe:
318 + * 4 GHz == 50us
319 + * 1 GHz == 200us
320 + */
321 + do {
322 + rep_nop();
323 + rdtscll(now);
324 + } while ((now - start) < 200000UL);
325 +
326 + if (t1 == read_hpet()) {
327 + printk(KERN_WARNING
328 + "HPET counter not counting. HPET disabled\n");
329 + goto out_nohpet;
330 + }
331 +
332 /* Initialize and register HPET clocksource
333 *
334 * hpet period is in femto seconds per cycle
335 diff --git a/arch/i386/kernel/io_apic.c b/arch/i386/kernel/io_apic.c
336 index 7f8b7af..97ba305 100644
337 --- a/arch/i386/kernel/io_apic.c
338 +++ b/arch/i386/kernel/io_apic.c
339 @@ -1275,12 +1275,15 @@ static struct irq_chip ioapic_chip;
340 static void ioapic_register_intr(int irq, int vector, unsigned long trigger)
341 {
342 if ((trigger == IOAPIC_AUTO && IO_APIC_irq_trigger(irq)) ||
343 - trigger == IOAPIC_LEVEL)
344 + trigger == IOAPIC_LEVEL) {
345 + irq_desc[irq].status |= IRQ_LEVEL;
346 set_irq_chip_and_handler_name(irq, &ioapic_chip,
347 handle_fasteoi_irq, "fasteoi");
348 - else
349 + } else {
350 + irq_desc[irq].status &= ~IRQ_LEVEL;
351 set_irq_chip_and_handler_name(irq, &ioapic_chip,
352 handle_edge_irq, "edge");
353 + }
354 set_intr_gate(vector, interrupt[irq]);
355 }
357 diff --git a/arch/i386/kernel/legacy_serial.c b/arch/i386/kernel/legacy_serial.c
358 deleted file mode 100644
359 index 2151011..0000000
360 --- a/arch/i386/kernel/legacy_serial.c
361 +++ /dev/null
362 @@ -1,67 +0,0 @@
363 -/*
364 - * Legacy COM port devices for x86 platforms without PNPBIOS or ACPI.
365 - * Data taken from include/asm-i386/serial.h.
366 - *
367 - * (c) Copyright 2007 Hewlett-Packard Development Company, L.P.
368 - * Bjorn Helgaas <bjorn.helgaas@hp.com>
369 - *
370 - * This program is free software; you can redistribute it and/or modify
371 - * it under the terms of the GNU General Public License version 2 as
372 - * published by the Free Software Foundation.
373 - */
374 -#include <linux/module.h>
375 -#include <linux/init.h>
376 -#include <linux/pnp.h>
377 -#include <linux/serial_8250.h>
378 -
379 -/* Standard COM flags (except for COM4, because of the 8514 problem) */
380 -#ifdef CONFIG_SERIAL_DETECT_IRQ
381 -#define COM_FLAGS (UPF_BOOT_AUTOCONF | UPF_SKIP_TEST | UPF_AUTO_IRQ)
382 -#define COM4_FLAGS (UPF_BOOT_AUTOCONF | UPF_AUTO_IRQ)
383 -#else
384 -#define COM_FLAGS (UPF_BOOT_AUTOCONF | UPF_SKIP_TEST)
385 -#define COM4_FLAGS UPF_BOOT_AUTOCONF
386 -#endif
387 -
388 -#define PORT(_base,_irq,_flags) \
389 - { \
390 - .iobase = _base, \
391 - .irq = _irq, \
392 - .uartclk = 1843200, \
393 - .iotype = UPIO_PORT, \
394 - .flags = _flags, \
395 - }
396 -
397 -static struct plat_serial8250_port x86_com_data[] = {
398 - PORT(0x3F8, 4, COM_FLAGS),
399 - PORT(0x2F8, 3, COM_FLAGS),
400 - PORT(0x3E8, 4, COM_FLAGS),
401 - PORT(0x2E8, 3, COM4_FLAGS),
402 - { },
403 -};
404 -
405 -static struct platform_device x86_com_device = {
406 - .name = "serial8250",
407 - .id = PLAT8250_DEV_PLATFORM,
408 - .dev = {
409 - .platform_data = x86_com_data,
410 - },
411 -};
412 -
413 -static int force_legacy_probe;
414 -module_param_named(force, force_legacy_probe, bool, 0);
415 -MODULE_PARM_DESC(force, "Force legacy serial port probe");
416 -
417 -static int __init serial8250_x86_com_init(void)
418 -{
419 - if (pnp_platform_devices && !force_legacy_probe)
420 - return -ENODEV;
421 -
422 - return platform_device_register(&x86_com_device);
423 -}
424 -
425 -module_init(serial8250_x86_com_init);
426 -
427 -MODULE_AUTHOR("Bjorn Helgaas");
428 -MODULE_LICENSE("GPL");
429 -MODULE_DESCRIPTION("Generic 8250/16x50 legacy probe module");
430 diff --git a/arch/i386/kernel/ptrace.c b/arch/i386/kernel/ptrace.c
431 index 0c0ceec..120a63b 100644
432 --- a/arch/i386/kernel/ptrace.c
433 +++ b/arch/i386/kernel/ptrace.c
434 @@ -164,14 +164,22 @@ static unsigned long convert_eip_to_linear(struct task_struct *child, struct pt_
435 u32 *desc;
436 unsigned long base;
438 - down(&child->mm->context.sem);
439 - desc = child->mm->context.ldt + (seg & ~7);
440 - base = (desc[0] >> 16) | ((desc[1] & 0xff) << 16) | (desc[1] & 0xff000000);
441 + seg &= ~7UL;
443 - /* 16-bit code segment? */
444 - if (!((desc[1] >> 22) & 1))
445 - addr &= 0xffff;
446 - addr += base;
447 + down(&child->mm->context.sem);
448 + if (unlikely((seg >> 3) >= child->mm->context.size))
449 + addr = -1L; /* bogus selector, access would fault */
450 + else {
451 + desc = child->mm->context.ldt + seg;
452 + base = ((desc[0] >> 16) |
453 + ((desc[1] & 0xff) << 16) |
454 + (desc[1] & 0xff000000));
455 +
456 + /* 16-bit code segment? */
457 + if (!((desc[1] >> 22) & 1))
458 + addr &= 0xffff;
459 + addr += base;
460 + }
461 up(&child->mm->context.sem);
462 }
463 return addr;
464 diff --git a/arch/i386/kernel/sysenter.c b/arch/i386/kernel/sysenter.c
465 index ff4ee6f..6deb159 100644
466 --- a/arch/i386/kernel/sysenter.c
467 +++ b/arch/i386/kernel/sysenter.c
468 @@ -336,7 +336,9 @@ struct vm_area_struct *get_gate_vma(struct task_struct *tsk)
470 int in_gate_area(struct task_struct *task, unsigned long addr)
471 {
472 - return 0;
473 + const struct vm_area_struct *vma = get_gate_vma(task);
474 +
475 + return vma && addr >= vma->vm_start && addr < vma->vm_end;
476 }
478 int in_gate_area_no_task(unsigned long addr)
479 diff --git a/arch/i386/kernel/traps.c b/arch/i386/kernel/traps.c
480 index 90da057..4995b92 100644
481 --- a/arch/i386/kernel/traps.c
482 +++ b/arch/i386/kernel/traps.c
483 @@ -517,10 +517,12 @@ fastcall void do_##name(struct pt_regs * regs, long error_code) \
484 do_trap(trapnr, signr, str, 0, regs, error_code, NULL); \
485 }
487 -#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr) \
488 +#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr, irq) \
489 fastcall void do_##name(struct pt_regs * regs, long error_code) \
490 { \
491 siginfo_t info; \
492 + if (irq) \
493 + local_irq_enable(); \
494 info.si_signo = signr; \
495 info.si_errno = 0; \
496 info.si_code = sicode; \
497 @@ -560,13 +562,13 @@ DO_VM86_ERROR( 3, SIGTRAP, "int3", int3)
498 #endif
499 DO_VM86_ERROR( 4, SIGSEGV, "overflow", overflow)
500 DO_VM86_ERROR( 5, SIGSEGV, "bounds", bounds)
501 -DO_ERROR_INFO( 6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->eip)
502 +DO_ERROR_INFO( 6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->eip, 0)
503 DO_ERROR( 9, SIGFPE, "coprocessor segment overrun", coprocessor_segment_overrun)
504 DO_ERROR(10, SIGSEGV, "invalid TSS", invalid_TSS)
505 DO_ERROR(11, SIGBUS, "segment not present", segment_not_present)
506 DO_ERROR(12, SIGBUS, "stack segment", stack_segment)
507 -DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0)
508 -DO_ERROR_INFO(32, SIGSEGV, "iret exception", iret_error, ILL_BADSTK, 0)
509 +DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0, 0)
510 +DO_ERROR_INFO(32, SIGSEGV, "iret exception", iret_error, ILL_BADSTK, 0, 1)
512 fastcall void __kprobes do_general_protection(struct pt_regs * regs,
513 long error_code)
514 diff --git a/arch/i386/kernel/tsc.c b/arch/i386/kernel/tsc.c
515 index f64b81f..8e02ed6 100644
516 --- a/arch/i386/kernel/tsc.c
517 +++ b/arch/i386/kernel/tsc.c
518 @@ -122,7 +122,7 @@ unsigned long native_calculate_cpu_khz(void)
519 {
520 unsigned long long start, end;
521 unsigned long count;
522 - u64 delta64;
523 + u64 delta64 = (u64)ULLONG_MAX;
524 int i;
525 unsigned long flags;
527 @@ -134,6 +134,7 @@ unsigned long native_calculate_cpu_khz(void)
528 rdtscll(start);
529 mach_countup(&count);
530 rdtscll(end);
531 + delta64 = min(delta64, (end - start));
532 }
533 /*
534 * Error: ECTCNEVERSET
535 @@ -144,8 +145,6 @@ unsigned long native_calculate_cpu_khz(void)
536 if (count <= 1)
537 goto err;
539 - delta64 = end - start;
540 -
541 /* cpu freq too fast: */
542 if (delta64 > (1ULL<<32))
543 goto err;
544 diff --git a/arch/i386/mm/fault.c b/arch/i386/mm/fault.c
545 index 1ecb3e4..27ba2fd 100644
546 --- a/arch/i386/mm/fault.c
547 +++ b/arch/i386/mm/fault.c
548 @@ -249,9 +249,10 @@ static inline pmd_t *vmalloc_sync_one(pgd_t *pgd, unsigned long address)
549 pmd_k = pmd_offset(pud_k, address);
550 if (!pmd_present(*pmd_k))
551 return NULL;
552 - if (!pmd_present(*pmd))
553 + if (!pmd_present(*pmd)) {
554 set_pmd(pmd, *pmd_k);
555 - else
556 + arch_flush_lazy_mmu_mode();
557 + } else
558 BUG_ON(pmd_page(*pmd) != pmd_page(*pmd_k));
559 return pmd_k;
560 }
561 diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
562 index 6e2f035..87c474d 100644
563 --- a/arch/powerpc/kernel/process.c
564 +++ b/arch/powerpc/kernel/process.c
565 @@ -83,7 +83,7 @@ void flush_fp_to_thread(struct task_struct *tsk)
566 */
567 BUG_ON(tsk != current);
568 #endif
569 - giveup_fpu(current);
570 + giveup_fpu(tsk);
571 }
572 preempt_enable();
573 }
574 @@ -143,7 +143,7 @@ void flush_altivec_to_thread(struct task_struct *tsk)
575 #ifdef CONFIG_SMP
576 BUG_ON(tsk != current);
577 #endif
578 - giveup_altivec(current);
579 + giveup_altivec(tsk);
580 }
581 preempt_enable();
582 }
583 @@ -182,7 +182,7 @@ void flush_spe_to_thread(struct task_struct *tsk)
584 #ifdef CONFIG_SMP
585 BUG_ON(tsk != current);
586 #endif
587 - giveup_spe(current);
588 + giveup_spe(tsk);
589 }
590 preempt_enable();
591 }
592 diff --git a/arch/powerpc/kernel/prom_parse.c b/arch/powerpc/kernel/prom_parse.c
593 index 3786dcc..b5c96af 100644
594 --- a/arch/powerpc/kernel/prom_parse.c
595 +++ b/arch/powerpc/kernel/prom_parse.c
596 @@ -24,7 +24,7 @@
597 /* Max address size we deal with */
598 #define OF_MAX_ADDR_CELLS 4
599 #define OF_CHECK_COUNTS(na, ns) ((na) > 0 && (na) <= OF_MAX_ADDR_CELLS && \
600 - (ns) >= 0)
601 + (ns) > 0)
603 static struct of_bus *of_match_bus(struct device_node *np);
604 static int __of_address_to_resource(struct device_node *dev,
605 diff --git a/arch/powerpc/math-emu/math.c b/arch/powerpc/math-emu/math.c
606 index 69058b2..381306b 100644
607 --- a/arch/powerpc/math-emu/math.c
608 +++ b/arch/powerpc/math-emu/math.c
609 @@ -407,11 +407,16 @@ do_mathemu(struct pt_regs *regs)
611 case XE:
612 idx = (insn >> 16) & 0x1f;
613 - if (!idx)
614 - goto illegal;
615 -
616 op0 = (void *)¤t->thread.fpr[(insn >> 21) & 0x1f];
617 - op1 = (void *)(regs->gpr[idx] + regs->gpr[(insn >> 11) & 0x1f]);
618 + if (!idx) {
619 + if (((insn >> 1) & 0x3ff) == STFIWX)
620 + op1 = (void *)(regs->gpr[(insn >> 11) & 0x1f]);
621 + else
622 + goto illegal;
623 + } else {
624 + op1 = (void *)(regs->gpr[idx] + regs->gpr[(insn >> 11) & 0x1f]);
625 + }
626 +
627 break;
629 case XEU:
630 diff --git a/arch/powerpc/mm/hash_utils_64.c b/arch/powerpc/mm/hash_utils_64.c
631 index 4f2f453..c84b7cc 100644
632 --- a/arch/powerpc/mm/hash_utils_64.c
633 +++ b/arch/powerpc/mm/hash_utils_64.c
634 @@ -795,7 +795,7 @@ void hash_preload(struct mm_struct *mm, unsigned long ea,
636 #ifdef CONFIG_PPC_MM_SLICES
637 /* We only prefault standard pages for now */
638 - if (unlikely(get_slice_psize(mm, ea) != mm->context.user_psize));
639 + if (unlikely(get_slice_psize(mm, ea) != mm->context.user_psize))
640 return;
641 #endif
643 diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c
644 index f833dba..d5fd390 100644
645 --- a/arch/powerpc/mm/slice.c
646 +++ b/arch/powerpc/mm/slice.c
647 @@ -405,6 +405,8 @@ unsigned long slice_get_unmapped_area(unsigned long addr, unsigned long len,
649 if (len > mm->task_size)
650 return -ENOMEM;
651 + if (len & ((1ul << pshift) - 1))
652 + return -EINVAL;
653 if (fixed && (addr & ((1ul << pshift) - 1)))
654 return -EINVAL;
655 if (fixed && addr > (mm->task_size - len))
656 diff --git a/arch/powerpc/platforms/83xx/mpc832x_mds.c b/arch/powerpc/platforms/83xx/mpc832x_mds.c
657 index 94843ed..fff09f5 100644
658 --- a/arch/powerpc/platforms/83xx/mpc832x_mds.c
659 +++ b/arch/powerpc/platforms/83xx/mpc832x_mds.c
660 @@ -111,7 +111,6 @@ static struct of_device_id mpc832x_ids[] = {
661 { .type = "soc", },
662 { .compatible = "soc", },
663 { .type = "qe", },
664 - { .type = "mdio", },
665 {},
666 };
668 diff --git a/arch/powerpc/platforms/83xx/mpc832x_rdb.c b/arch/powerpc/platforms/83xx/mpc832x_rdb.c
669 index 3db68b7..44a7661 100644
670 --- a/arch/powerpc/platforms/83xx/mpc832x_rdb.c
671 +++ b/arch/powerpc/platforms/83xx/mpc832x_rdb.c
672 @@ -75,7 +75,6 @@ static struct of_device_id mpc832x_ids[] = {
673 { .type = "soc", },
674 { .compatible = "soc", },
675 { .type = "qe", },
676 - { .type = "mdio", },
677 {},
678 };
680 diff --git a/arch/powerpc/platforms/83xx/mpc836x_mds.c b/arch/powerpc/platforms/83xx/mpc836x_mds.c
681 index bceeff8..526ed09 100644
682 --- a/arch/powerpc/platforms/83xx/mpc836x_mds.c
683 +++ b/arch/powerpc/platforms/83xx/mpc836x_mds.c
684 @@ -118,7 +118,6 @@ static struct of_device_id mpc836x_ids[] = {
685 { .type = "soc", },
686 { .compatible = "soc", },
687 { .type = "qe", },
688 - { .type = "mdio", },
689 {},
690 };
692 diff --git a/arch/powerpc/platforms/85xx/mpc85xx_mds.c b/arch/powerpc/platforms/85xx/mpc85xx_mds.c
693 index e3dddbf..54db416 100644
694 --- a/arch/powerpc/platforms/85xx/mpc85xx_mds.c
695 +++ b/arch/powerpc/platforms/85xx/mpc85xx_mds.c
696 @@ -147,7 +147,6 @@ static struct of_device_id mpc85xx_ids[] = {
697 { .type = "soc", },
698 { .compatible = "soc", },
699 { .type = "qe", },
700 - { .type = "mdio", },
701 {},
702 };
704 diff --git a/arch/sparc/kernel/entry.S b/arch/sparc/kernel/entry.S
705 index 831f540..eac3838 100644
706 --- a/arch/sparc/kernel/entry.S
707 +++ b/arch/sparc/kernel/entry.S
708 @@ -1749,8 +1749,8 @@ fpload:
709 __ndelay:
710 save %sp, -STACKFRAME_SZ, %sp
711 mov %i0, %o0
712 - call .umul
713 - mov 0x1ad, %o1 ! 2**32 / (1 000 000 000 / HZ)
714 + call .umul ! round multiplier up so large ns ok
715 + mov 0x1ae, %o1 ! 2**32 / (1 000 000 000 / HZ)
716 call .umul
717 mov %i1, %o1 ! udelay_val
718 ba delay_continue
719 @@ -1760,11 +1760,17 @@ __ndelay:
720 __udelay:
721 save %sp, -STACKFRAME_SZ, %sp
722 mov %i0, %o0
723 - sethi %hi(0x10c6), %o1
724 + sethi %hi(0x10c7), %o1 ! round multiplier up so large us ok
725 call .umul
726 - or %o1, %lo(0x10c6), %o1 ! 2**32 / 1 000 000
727 + or %o1, %lo(0x10c7), %o1 ! 2**32 / 1 000 000
728 call .umul
729 mov %i1, %o1 ! udelay_val
730 + sethi %hi(0x028f4b62), %l0 ! Add in rounding constant * 2**32,
731 + or %g0, %lo(0x028f4b62), %l0
732 + addcc %o0, %l0, %o0 ! 2**32 * 0.009 999
733 + bcs,a 3f
734 + add %o1, 0x01, %o1
735 +3:
736 call .umul
737 mov HZ, %o0 ! >>32 earlier for wider range
739 diff --git a/arch/sparc/lib/memset.S b/arch/sparc/lib/memset.S
740 index a65eba4..1c37ea8 100644
741 --- a/arch/sparc/lib/memset.S
742 +++ b/arch/sparc/lib/memset.S
743 @@ -162,7 +162,7 @@ __bzero:
744 8:
745 add %o0, 1, %o0
746 subcc %o1, 1, %o1
747 - bne,a 8b
748 + bne 8b
749 EX(stb %g3, [%o0 - 1], add %o1, 1)
750 0:
751 retl
752 diff --git a/arch/sparc64/kernel/chmc.c b/arch/sparc64/kernel/chmc.c
753 index 777d345..6d4f02e 100644
754 --- a/arch/sparc64/kernel/chmc.c
755 +++ b/arch/sparc64/kernel/chmc.c
756 @@ -1,7 +1,6 @@
757 -/* $Id: chmc.c,v 1.4 2002/01/08 16:00:14 davem Exp $
758 - * memctrlr.c: Driver for UltraSPARC-III memory controller.
759 +/* memctrlr.c: Driver for UltraSPARC-III memory controller.
760 *
761 - * Copyright (C) 2001 David S. Miller (davem@redhat.com)
762 + * Copyright (C) 2001, 2007 David S. Miller (davem@davemloft.net)
763 */
765 #include <linux/module.h>
766 @@ -16,6 +15,7 @@
767 #include <linux/init.h>
768 #include <asm/spitfire.h>
769 #include <asm/chmctrl.h>
770 +#include <asm/cpudata.h>
771 #include <asm/oplib.h>
772 #include <asm/prom.h>
773 #include <asm/io.h>
774 @@ -242,8 +242,11 @@ int chmc_getunumber(int syndrome_code,
775 */
776 static u64 read_mcreg(struct mctrl_info *mp, unsigned long offset)
777 {
778 - unsigned long ret;
779 - int this_cpu = get_cpu();
780 + unsigned long ret, this_cpu;
781 +
782 + preempt_disable();
783 +
784 + this_cpu = real_hard_smp_processor_id();
786 if (mp->portid == this_cpu) {
787 __asm__ __volatile__("ldxa [%1] %2, %0"
788 @@ -255,7 +258,8 @@ static u64 read_mcreg(struct mctrl_info *mp, unsigned long offset)
789 : "r" (mp->regs + offset),
790 "i" (ASI_PHYS_BYPASS_EC_E));
791 }
792 - put_cpu();
793 +
794 + preempt_enable();
796 return ret;
797 }
798 diff --git a/arch/sparc64/kernel/entry.S b/arch/sparc64/kernel/entry.S
799 index 8059531..193791c 100644
800 --- a/arch/sparc64/kernel/entry.S
801 +++ b/arch/sparc64/kernel/entry.S
802 @@ -2593,3 +2593,15 @@ sun4v_mmustat_info:
803 retl
804 nop
805 .size sun4v_mmustat_info, .-sun4v_mmustat_info
806 +
807 + .globl sun4v_mmu_demap_all
808 + .type sun4v_mmu_demap_all,#function
809 +sun4v_mmu_demap_all:
810 + clr %o0
811 + clr %o1
812 + mov HV_MMU_ALL, %o2
813 + mov HV_FAST_MMU_DEMAP_ALL, %o5
814 + ta HV_FAST_TRAP
815 + retl
816 + nop
817 + .size sun4v_mmu_demap_all, .-sun4v_mmu_demap_all
818 diff --git a/arch/sparc64/kernel/head.S b/arch/sparc64/kernel/head.S
819 index 7725952..35feacb 100644
820 --- a/arch/sparc64/kernel/head.S
821 +++ b/arch/sparc64/kernel/head.S
822 @@ -458,7 +458,6 @@ tlb_fixup_done:
823 or %g6, %lo(init_thread_union), %g6
824 ldx [%g6 + TI_TASK], %g4
825 mov %sp, %l6
826 - mov %o4, %l7
828 wr %g0, ASI_P, %asi
829 mov 1, %g1
830 diff --git a/arch/sparc64/kernel/pci.c b/arch/sparc64/kernel/pci.c
831 index 81f4a5e..154f10e 100644
832 --- a/arch/sparc64/kernel/pci.c
833 +++ b/arch/sparc64/kernel/pci.c
834 @@ -422,10 +422,15 @@ struct pci_dev *of_create_pci_dev(struct pci_pbm_info *pbm,
835 dev->multifunction = 0; /* maybe a lie? */
837 if (host_controller) {
838 - dev->vendor = 0x108e;
839 - dev->device = 0x8000;
840 - dev->subsystem_vendor = 0x0000;
841 - dev->subsystem_device = 0x0000;
842 + if (tlb_type != hypervisor) {
843 + pci_read_config_word(dev, PCI_VENDOR_ID,
844 + &dev->vendor);
845 + pci_read_config_word(dev, PCI_DEVICE_ID,
846 + &dev->device);
847 + } else {
848 + dev->vendor = PCI_VENDOR_ID_SUN;
849 + dev->device = 0x80f0;
850 + }
851 dev->cfg_size = 256;
852 dev->class = PCI_CLASS_BRIDGE_HOST << 8;
853 sprintf(pci_name(dev), "%04x:%02x:%02x.%d", pci_domain_nr(bus),
854 @@ -746,7 +751,7 @@ static void __devinit pci_of_scan_bus(struct pci_pbm_info *pbm,
855 {
856 struct device_node *child;
857 const u32 *reg;
858 - int reglen, devfn;
859 + int reglen, devfn, prev_devfn;
860 struct pci_dev *dev;
862 if (ofpci_verbose)
863 @@ -754,14 +759,25 @@ static void __devinit pci_of_scan_bus(struct pci_pbm_info *pbm,
864 node->full_name, bus->number);
866 child = NULL;
867 + prev_devfn = -1;
868 while ((child = of_get_next_child(node, child)) != NULL) {
869 if (ofpci_verbose)
870 printk(" * %s\n", child->full_name);
871 reg = of_get_property(child, "reg", ®len);
872 if (reg == NULL || reglen < 20)
873 continue;
874 +
875 devfn = (reg[0] >> 8) & 0xff;
877 + /* This is a workaround for some device trees
878 + * which list PCI devices twice. On the V100
879 + * for example, device number 3 is listed twice.
880 + * Once as "pm" and once again as "lomp".
881 + */
882 + if (devfn == prev_devfn)
883 + continue;
884 + prev_devfn = devfn;
885 +
886 /* create a new pci_dev for this device */
887 dev = of_create_pci_dev(pbm, child, bus, devfn, 0);
888 if (!dev)
889 @@ -817,7 +833,7 @@ int pci_host_bridge_read_pci_cfg(struct pci_bus *bus_dev,
890 {
891 static u8 fake_pci_config[] = {
892 0x8e, 0x10, /* Vendor: 0x108e (Sun) */
893 - 0x00, 0x80, /* Device: 0x8000 (PBM) */
894 + 0xf0, 0x80, /* Device: 0x80f0 (Fire) */
895 0x46, 0x01, /* Command: 0x0146 (SERR, PARITY, MASTER, MEM) */
896 0xa0, 0x22, /* Status: 0x02a0 (DEVSEL_MED, FB2B, 66MHZ) */
897 0x00, 0x00, 0x00, 0x06, /* Class: 0x06000000 host bridge */
898 diff --git a/arch/sparc64/kernel/pci_common.c b/arch/sparc64/kernel/pci_common.c
899 index 4249214..2f61c4b 100644
900 --- a/arch/sparc64/kernel/pci_common.c
901 +++ b/arch/sparc64/kernel/pci_common.c
902 @@ -44,6 +44,67 @@ static void *sun4u_config_mkaddr(struct pci_pbm_info *pbm,
903 return (void *) (pbm->config_space | bus | devfn | reg);
904 }
906 +/* At least on Sabre, it is necessary to access all PCI host controller
907 + * registers at their natural size, otherwise zeros are returned.
908 + * Strange but true, and I see no language in the UltraSPARC-IIi
909 + * programmer's manual that mentions this even indirectly.
910 + */
911 +static int sun4u_read_pci_cfg_host(struct pci_pbm_info *pbm,
912 + unsigned char bus, unsigned int devfn,
913 + int where, int size, u32 *value)
914 +{
915 + u32 tmp32, *addr;
916 + u16 tmp16;
917 + u8 tmp8;
918 +
919 + addr = sun4u_config_mkaddr(pbm, bus, devfn, where);
920 + if (!addr)
921 + return PCIBIOS_SUCCESSFUL;
922 +
923 + switch (size) {
924 + case 1:
925 + if (where < 8) {
926 + unsigned long align = (unsigned long) addr;
927 +
928 + align &= ~1;
929 + pci_config_read16((u16 *)align, &tmp16);
930 + if (where & 1)
931 + *value = tmp16 >> 8;
932 + else
933 + *value = tmp16 & 0xff;
934 + } else {
935 + pci_config_read8((u8 *)addr, &tmp8);
936 + *value = (u32) tmp8;
937 + }
938 + break;
939 +
940 + case 2:
941 + if (where < 8) {
942 + pci_config_read16((u16 *)addr, &tmp16);
943 + *value = (u32) tmp16;
944 + } else {
945 + pci_config_read8((u8 *)addr, &tmp8);
946 + *value = (u32) tmp8;
947 + pci_config_read8(((u8 *)addr) + 1, &tmp8);
948 + *value |= ((u32) tmp8) << 8;
949 + }
950 + break;
951 +
952 + case 4:
953 + tmp32 = 0xffffffff;
954 + sun4u_read_pci_cfg_host(pbm, bus, devfn,
955 + where, 2, &tmp32);
956 + *value = tmp32;
957 +
958 + tmp32 = 0xffffffff;
959 + sun4u_read_pci_cfg_host(pbm, bus, devfn,
960 + where + 2, 2, &tmp32);
961 + *value |= tmp32 << 16;
962 + break;
963 + }
964 + return PCIBIOS_SUCCESSFUL;
965 +}
966 +
967 static int sun4u_read_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
968 int where, int size, u32 *value)
969 {
970 @@ -53,10 +114,6 @@ static int sun4u_read_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
971 u16 tmp16;
972 u8 tmp8;
974 - if (bus_dev == pbm->pci_bus && devfn == 0x00)
975 - return pci_host_bridge_read_pci_cfg(bus_dev, devfn, where,
976 - size, value);
977 -
978 switch (size) {
979 case 1:
980 *value = 0xff;
981 @@ -69,6 +126,10 @@ static int sun4u_read_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
982 break;
983 }
985 + if (!bus_dev->number && !PCI_SLOT(devfn))
986 + return sun4u_read_pci_cfg_host(pbm, bus, devfn, where,
987 + size, value);
988 +
989 addr = sun4u_config_mkaddr(pbm, bus, devfn, where);
990 if (!addr)
991 return PCIBIOS_SUCCESSFUL;
992 @@ -101,6 +162,53 @@ static int sun4u_read_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
993 return PCIBIOS_SUCCESSFUL;
994 }
996 +static int sun4u_write_pci_cfg_host(struct pci_pbm_info *pbm,
997 + unsigned char bus, unsigned int devfn,
998 + int where, int size, u32 value)
999 +{
1000 + u32 *addr;
1001 +
1002 + addr = sun4u_config_mkaddr(pbm, bus, devfn, where);
1003 + if (!addr)
1004 + return PCIBIOS_SUCCESSFUL;
1005 +
1006 + switch (size) {
1007 + case 1:
1008 + if (where < 8) {
1009 + unsigned long align = (unsigned long) addr;
1010 + u16 tmp16;
1011 +
1012 + align &= ~1;
1013 + pci_config_read16((u16 *)align, &tmp16);
1014 + if (where & 1) {
1015 + tmp16 &= 0x00ff;
1016 + tmp16 |= value << 8;
1017 + } else {
1018 + tmp16 &= 0xff00;
1019 + tmp16 |= value;
1020 + }
1021 + pci_config_write16((u16 *)align, tmp16);
1022 + } else
1023 + pci_config_write8((u8 *)addr, value);
1024 + break;
1025 + case 2:
1026 + if (where < 8) {
1027 + pci_config_write16((u16 *)addr, value);
1028 + } else {
1029 + pci_config_write8((u8 *)addr, value & 0xff);
1030 + pci_config_write8(((u8 *)addr) + 1, value >> 8);
1031 + }
1032 + break;
1033 + case 4:
1034 + sun4u_write_pci_cfg_host(pbm, bus, devfn,
1035 + where, 2, value & 0xffff);
1036 + sun4u_write_pci_cfg_host(pbm, bus, devfn,
1037 + where + 2, 2, value >> 16);
1038 + break;
1039 + }
1040 + return PCIBIOS_SUCCESSFUL;
1041 +}
1042 +
1043 static int sun4u_write_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
1044 int where, int size, u32 value)
1045 {
1046 @@ -108,9 +216,10 @@ static int sun4u_write_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
1047 unsigned char bus = bus_dev->number;
1048 u32 *addr;
1050 - if (bus_dev == pbm->pci_bus && devfn == 0x00)
1051 - return pci_host_bridge_write_pci_cfg(bus_dev, devfn, where,
1052 - size, value);
1053 + if (!bus_dev->number && !PCI_SLOT(devfn))
1054 + return sun4u_write_pci_cfg_host(pbm, bus, devfn, where,
1055 + size, value);
1056 +
1057 addr = sun4u_config_mkaddr(pbm, bus, devfn, where);
1058 if (!addr)
1059 return PCIBIOS_SUCCESSFUL;
1060 diff --git a/arch/sparc64/kernel/smp.c b/arch/sparc64/kernel/smp.c
1061 index 4dcd7d0..3ddd99c 100644
1062 --- a/arch/sparc64/kernel/smp.c
1063 +++ b/arch/sparc64/kernel/smp.c
1064 @@ -403,7 +403,7 @@ static __inline__ void spitfire_xcall_deliver(u64 data0, u64 data1, u64 data2, c
1065 */
1066 static void cheetah_xcall_deliver(u64 data0, u64 data1, u64 data2, cpumask_t mask)
1067 {
1068 - u64 pstate, ver;
1069 + u64 pstate, ver, busy_mask;
1070 int nack_busy_id, is_jbus, need_more;
1072 if (cpus_empty(mask))
1073 @@ -435,14 +435,20 @@ retry:
1074 "i" (ASI_INTR_W));
1076 nack_busy_id = 0;
1077 + busy_mask = 0;
1078 {
1079 int i;
1081 for_each_cpu_mask(i, mask) {
1082 u64 target = (i << 14) | 0x70;
1084 - if (!is_jbus)
1085 + if (is_jbus) {
1086 + busy_mask |= (0x1UL << (i * 2));
1087 + } else {
1088 target |= (nack_busy_id << 24);
1089 + busy_mask |= (0x1UL <<
1090 + (nack_busy_id * 2));
1091 + }
1092 __asm__ __volatile__(
1093 "stxa %%g0, [%0] %1\n\t"
1094 "membar #Sync\n\t"
1095 @@ -458,15 +464,16 @@ retry:
1097 /* Now, poll for completion. */
1098 {
1099 - u64 dispatch_stat;
1100 + u64 dispatch_stat, nack_mask;
1101 long stuck;
1103 stuck = 100000 * nack_busy_id;
1104 + nack_mask = busy_mask << 1;
1105 do {
1106 __asm__ __volatile__("ldxa [%%g0] %1, %0"
1107 : "=r" (dispatch_stat)
1108 : "i" (ASI_INTR_DISPATCH_STAT));
1109 - if (dispatch_stat == 0UL) {
1110 + if (!(dispatch_stat & (busy_mask | nack_mask))) {
1111 __asm__ __volatile__("wrpr %0, 0x0, %%pstate"
1112 : : "r" (pstate));
1113 if (unlikely(need_more)) {
1114 @@ -483,12 +490,12 @@ retry:
1115 }
1116 if (!--stuck)
1117 break;
1118 - } while (dispatch_stat & 0x5555555555555555UL);
1119 + } while (dispatch_stat & busy_mask);
1121 __asm__ __volatile__("wrpr %0, 0x0, %%pstate"
1122 : : "r" (pstate));
1124 - if ((dispatch_stat & ~(0x5555555555555555UL)) == 0) {
1125 + if (dispatch_stat & busy_mask) {
1126 /* Busy bits will not clear, continue instead
1127 * of freezing up on this cpu.
1128 */
1129 diff --git a/arch/sparc64/kernel/sys_sparc.c b/arch/sparc64/kernel/sys_sparc.c
1130 index d108eeb..0d5c502 100644
1131 --- a/arch/sparc64/kernel/sys_sparc.c
1132 +++ b/arch/sparc64/kernel/sys_sparc.c
1133 @@ -436,7 +436,7 @@ out:
1134 asmlinkage long sys_ipc(unsigned int call, int first, unsigned long second,
1135 unsigned long third, void __user *ptr, long fifth)
1136 {
1137 - int err;
1138 + long err;
1140 /* No need for backward compatibility. We can start fresh... */
1141 if (call <= SEMCTL) {
1142 @@ -453,16 +453,9 @@ asmlinkage long sys_ipc(unsigned int call, int first, unsigned long second,
1143 err = sys_semget(first, (int)second, (int)third);
1144 goto out;
1145 case SEMCTL: {
1146 - union semun fourth;
1147 - err = -EINVAL;
1148 - if (!ptr)
1149 - goto out;
1150 - err = -EFAULT;
1151 - if (get_user(fourth.__pad,
1152 - (void __user * __user *) ptr))
1153 - goto out;
1154 - err = sys_semctl(first, (int)second | IPC_64,
1155 - (int)third, fourth);
1156 + err = sys_semctl(first, third,
1157 + (int)second | IPC_64,
1158 + (union semun) ptr);
1159 goto out;
1160 }
1161 default:
1162 diff --git a/arch/sparc64/kernel/traps.c b/arch/sparc64/kernel/traps.c
1163 index 00a9e32..a05b37f 100644
1164 --- a/arch/sparc64/kernel/traps.c
1165 +++ b/arch/sparc64/kernel/traps.c
1166 @@ -2134,12 +2134,20 @@ static void user_instruction_dump (unsigned int __user *pc)
1167 void show_stack(struct task_struct *tsk, unsigned long *_ksp)
1168 {
1169 unsigned long pc, fp, thread_base, ksp;
1170 - void *tp = task_stack_page(tsk);
1171 + struct thread_info *tp;
1172 struct reg_window *rw;
1173 int count = 0;
1175 ksp = (unsigned long) _ksp;
1176 -
1177 + if (!tsk)
1178 + tsk = current;
1179 + tp = task_thread_info(tsk);
1180 + if (ksp == 0UL) {
1181 + if (tsk == current)
1182 + asm("mov %%fp, %0" : "=r" (ksp));
1183 + else
1184 + ksp = tp->ksp;
1185 + }
1186 if (tp == current_thread_info())
1187 flushw_all();
1189 @@ -2168,11 +2176,7 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp)
1191 void dump_stack(void)
1192 {
1193 - unsigned long *ksp;
1194 -
1195 - __asm__ __volatile__("mov %%fp, %0"
1196 - : "=r" (ksp));
1197 - show_stack(current, ksp);
1198 + show_stack(current, NULL);
1199 }
1201 EXPORT_SYMBOL(dump_stack);
1202 diff --git a/arch/sparc64/mm/fault.c b/arch/sparc64/mm/fault.c
1203 index b582024..e2cb991 100644
1204 --- a/arch/sparc64/mm/fault.c
1205 +++ b/arch/sparc64/mm/fault.c
1206 @@ -112,15 +112,12 @@ static void __kprobes unhandled_fault(unsigned long address,
1208 static void bad_kernel_pc(struct pt_regs *regs, unsigned long vaddr)
1209 {
1210 - unsigned long *ksp;
1211 -
1212 printk(KERN_CRIT "OOPS: Bogus kernel PC [%016lx] in fault handler\n",
1213 regs->tpc);
1214 printk(KERN_CRIT "OOPS: RPC [%016lx]\n", regs->u_regs[15]);
1215 print_symbol("RPC: <%s>\n", regs->u_regs[15]);
1216 printk(KERN_CRIT "OOPS: Fault was to vaddr[%lx]\n", vaddr);
1217 - __asm__("mov %%sp, %0" : "=r" (ksp));
1218 - show_stack(current, ksp);
1219 + dump_stack();
1220 unhandled_fault(regs->tpc, current, regs);
1221 }
1223 diff --git a/arch/sparc64/mm/init.c b/arch/sparc64/mm/init.c
1224 index 3010227..ed2484d 100644
1225 --- a/arch/sparc64/mm/init.c
1226 +++ b/arch/sparc64/mm/init.c
1227 @@ -1135,14 +1135,9 @@ static void __init mark_kpte_bitmap(unsigned long start, unsigned long end)
1228 }
1229 }
1231 -static void __init kernel_physical_mapping_init(void)
1232 +static void __init init_kpte_bitmap(void)
1233 {
1234 unsigned long i;
1235 -#ifdef CONFIG_DEBUG_PAGEALLOC
1236 - unsigned long mem_alloced = 0UL;
1237 -#endif
1238 -
1239 - read_obp_memory("reg", &pall[0], &pall_ents);
1241 for (i = 0; i < pall_ents; i++) {
1242 unsigned long phys_start, phys_end;
1243 @@ -1151,14 +1146,24 @@ static void __init kernel_physical_mapping_init(void)
1244 phys_end = phys_start + pall[i].reg_size;
1246 mark_kpte_bitmap(phys_start, phys_end);
1247 + }
1248 +}
1250 +static void __init kernel_physical_mapping_init(void)
1251 +{
1252 #ifdef CONFIG_DEBUG_PAGEALLOC
1253 + unsigned long i, mem_alloced = 0UL;
1254 +
1255 + for (i = 0; i < pall_ents; i++) {
1256 + unsigned long phys_start, phys_end;
1257 +
1258 + phys_start = pall[i].phys_addr;
1259 + phys_end = phys_start + pall[i].reg_size;
1260 +
1261 mem_alloced += kernel_map_range(phys_start, phys_end,
1262 PAGE_KERNEL);
1263 -#endif
1264 }
1266 -#ifdef CONFIG_DEBUG_PAGEALLOC
1267 printk("Allocated %ld bytes for kernel page tables.\n",
1268 mem_alloced);
1270 @@ -1400,6 +1405,10 @@ void __init paging_init(void)
1272 inherit_prom_mappings();
1274 + read_obp_memory("reg", &pall[0], &pall_ents);
1275 +
1276 + init_kpte_bitmap();
1277 +
1278 /* Ok, we can use our TLB miss and window trap handlers safely. */
1279 setup_tba();
1281 @@ -1854,7 +1863,9 @@ void __flush_tlb_all(void)
1282 "wrpr %0, %1, %%pstate"
1283 : "=r" (pstate)
1284 : "i" (PSTATE_IE));
1285 - if (tlb_type == spitfire) {
1286 + if (tlb_type == hypervisor) {
1287 + sun4v_mmu_demap_all();
1288 + } else if (tlb_type == spitfire) {
1289 for (i = 0; i < 64; i++) {
1290 /* Spitfire Errata #32 workaround */
1291 /* NOTE: Always runs on spitfire, so no
1292 diff --git a/arch/um/drivers/ubd_kern.c b/arch/um/drivers/ubd_kern.c
1293 index 2e09f16..2c491a5 100644
1294 --- a/arch/um/drivers/ubd_kern.c
1295 +++ b/arch/um/drivers/ubd_kern.c
1296 @@ -612,6 +612,8 @@ static int ubd_open_dev(struct ubd *ubd_dev)
1297 ubd_dev->fd = fd;
1299 if(ubd_dev->cow.file != NULL){
1300 + blk_queue_max_sectors(ubd_dev->queue, 8 * sizeof(long));
1301 +
1302 err = -ENOMEM;
1303 ubd_dev->cow.bitmap = (void *) vmalloc(ubd_dev->cow.bitmap_len);
1304 if(ubd_dev->cow.bitmap == NULL){
1305 diff --git a/arch/um/os-Linux/user_syms.c b/arch/um/os-Linux/user_syms.c
1306 index 3f33165..419b2d5 100644
1307 --- a/arch/um/os-Linux/user_syms.c
1308 +++ b/arch/um/os-Linux/user_syms.c
1309 @@ -5,7 +5,8 @@
1310 * so I *must* declare good prototypes for them and then EXPORT them.
1311 * The kernel code uses the macro defined by include/linux/string.h,
1312 * so I undef macros; the userspace code does not include that and I
1313 - * add an EXPORT for the glibc one.*/
1314 + * add an EXPORT for the glibc one.
1315 + */
1317 #undef strlen
1318 #undef strstr
1319 @@ -61,12 +62,18 @@ EXPORT_SYMBOL_PROTO(dup2);
1320 EXPORT_SYMBOL_PROTO(__xstat);
1321 EXPORT_SYMBOL_PROTO(__lxstat);
1322 EXPORT_SYMBOL_PROTO(__lxstat64);
1323 +EXPORT_SYMBOL_PROTO(__fxstat64);
1324 EXPORT_SYMBOL_PROTO(lseek);
1325 EXPORT_SYMBOL_PROTO(lseek64);
1326 EXPORT_SYMBOL_PROTO(chown);
1327 +EXPORT_SYMBOL_PROTO(fchown);
1328 EXPORT_SYMBOL_PROTO(truncate);
1329 +EXPORT_SYMBOL_PROTO(ftruncate64);
1330 EXPORT_SYMBOL_PROTO(utime);
1331 +EXPORT_SYMBOL_PROTO(utimes);
1332 +EXPORT_SYMBOL_PROTO(futimes);
1333 EXPORT_SYMBOL_PROTO(chmod);
1334 +EXPORT_SYMBOL_PROTO(fchmod);
1335 EXPORT_SYMBOL_PROTO(rename);
1336 EXPORT_SYMBOL_PROTO(__xmknod);
1338 @@ -102,14 +109,3 @@ EXPORT_SYMBOL(__stack_smash_handler);
1340 extern long __guard __attribute__((weak));
1341 EXPORT_SYMBOL(__guard);
1342 -
1343 -/*
1344 - * Overrides for Emacs so that we follow Linus's tabbing style.
1345 - * Emacs will notice this stuff at the end of the file and automatically
1346 - * adjust the settings for this buffer only. This must remain at the end
1347 - * of the file.
1348 - * ---------------------------------------------------------------------------
1349 - * Local variables:
1350 - * c-file-style: "linux"
1351 - * End:
1352 - */
1353 diff --git a/arch/x86_64/Makefile b/arch/x86_64/Makefile
1354 index 29617ae..fdab077 100644
1355 --- a/arch/x86_64/Makefile
1356 +++ b/arch/x86_64/Makefile
1357 @@ -57,8 +57,8 @@ cflags-y += $(call cc-option,-mno-sse -mno-mmx -mno-sse2 -mno-3dnow,)
1358 cflags-y += -maccumulate-outgoing-args
1360 # do binutils support CFI?
1361 -cflags-y += $(call as-instr,.cfi_startproc\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
1362 -AFLAGS += $(call as-instr,.cfi_startproc\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
1363 +cflags-y += $(call as-instr,.cfi_startproc\n.cfi_rel_offset rsp${comma}0\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
1364 +AFLAGS += $(call as-instr,.cfi_startproc\n.cfi_rel_offset rsp${comma}0\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
1366 # is .cfi_signal_frame supported too?
1367 cflags-y += $(call as-instr,.cfi_startproc\n.cfi_signal_frame\n.cfi_endproc,-DCONFIG_AS_CFI_SIGNAL_FRAME=1,)
1368 diff --git a/arch/x86_64/ia32/ia32entry.S b/arch/x86_64/ia32/ia32entry.S
1369 index 47565c3..0bc623a 100644
1370 --- a/arch/x86_64/ia32/ia32entry.S
1371 +++ b/arch/x86_64/ia32/ia32entry.S
1372 @@ -38,6 +38,18 @@
1373 movq %rax,R8(%rsp)
1374 .endm
1376 + .macro LOAD_ARGS32 offset
1377 + movl \offset(%rsp),%r11d
1378 + movl \offset+8(%rsp),%r10d
1379 + movl \offset+16(%rsp),%r9d
1380 + movl \offset+24(%rsp),%r8d
1381 + movl \offset+40(%rsp),%ecx
1382 + movl \offset+48(%rsp),%edx
1383 + movl \offset+56(%rsp),%esi
1384 + movl \offset+64(%rsp),%edi
1385 + movl \offset+72(%rsp),%eax
1386 + .endm
1387 +
1388 .macro CFI_STARTPROC32 simple
1389 CFI_STARTPROC \simple
1390 CFI_UNDEFINED r8
1391 @@ -152,7 +164,7 @@ sysenter_tracesys:
1392 movq $-ENOSYS,RAX(%rsp) /* really needed? */
1393 movq %rsp,%rdi /* &pt_regs -> arg1 */
1394 call syscall_trace_enter
1395 - LOAD_ARGS ARGOFFSET /* reload args from stack in case ptrace changed it */
1396 + LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
1397 RESTORE_REST
1398 movl %ebp, %ebp
1399 /* no need to do an access_ok check here because rbp has been
1400 @@ -255,7 +267,7 @@ cstar_tracesys:
1401 movq $-ENOSYS,RAX(%rsp) /* really needed? */
1402 movq %rsp,%rdi /* &pt_regs -> arg1 */
1403 call syscall_trace_enter
1404 - LOAD_ARGS ARGOFFSET /* reload args from stack in case ptrace changed it */
1405 + LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
1406 RESTORE_REST
1407 movl RSP-ARGOFFSET(%rsp), %r8d
1408 /* no need to do an access_ok check here because r8 has been
1409 @@ -333,7 +345,7 @@ ia32_tracesys:
1410 movq $-ENOSYS,RAX(%rsp) /* really needed? */
1411 movq %rsp,%rdi /* &pt_regs -> arg1 */
1412 call syscall_trace_enter
1413 - LOAD_ARGS ARGOFFSET /* reload args from stack in case ptrace changed it */
1414 + LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
1415 RESTORE_REST
1416 jmp ia32_do_syscall
1417 END(ia32_syscall)
1418 diff --git a/arch/x86_64/kernel/Makefile b/arch/x86_64/kernel/Makefile
1419 index de1de8a..4d94c51 100644
1420 --- a/arch/x86_64/kernel/Makefile
1421 +++ b/arch/x86_64/kernel/Makefile
1422 @@ -32,7 +32,6 @@ obj-$(CONFIG_EARLY_PRINTK) += early_printk.o
1423 obj-$(CONFIG_IOMMU) += pci-gart.o aperture.o
1424 obj-$(CONFIG_CALGARY_IOMMU) += pci-calgary.o tce.o
1425 obj-$(CONFIG_SWIOTLB) += pci-swiotlb.o
1426 -obj-$(CONFIG_SERIAL_8250) += legacy_serial.o
1427 obj-$(CONFIG_KPROBES) += kprobes.o
1428 obj-$(CONFIG_X86_PM_TIMER) += pmtimer.o
1429 obj-$(CONFIG_X86_VSMP) += vsmp.o
1430 @@ -50,7 +49,6 @@ CFLAGS_vsyscall.o := $(PROFILING) -g0
1432 therm_throt-y += ../../i386/kernel/cpu/mcheck/therm_throt.o
1433 bootflag-y += ../../i386/kernel/bootflag.o
1434 -legacy_serial-y += ../../i386/kernel/legacy_serial.o
1435 cpuid-$(subst m,y,$(CONFIG_X86_CPUID)) += ../../i386/kernel/cpuid.o
1436 topology-y += ../../i386/kernel/topology.o
1437 microcode-$(subst m,y,$(CONFIG_MICROCODE)) += ../../i386/kernel/microcode.o
1438 diff --git a/arch/x86_64/kernel/head.S b/arch/x86_64/kernel/head.S
1439 index 1fab487..c63fc64 100644
1440 --- a/arch/x86_64/kernel/head.S
1441 +++ b/arch/x86_64/kernel/head.S
1442 @@ -326,8 +326,7 @@ NEXT_PAGE(level2_kernel_pgt)
1443 /* 40MB kernel mapping. The kernel code cannot be bigger than that.
1444 When you change this change KERNEL_TEXT_SIZE in page.h too. */
1445 /* (2^48-(2*1024*1024*1024)-((2^39)*511)-((2^30)*510)) = 0 */
1446 - PMDS(0x0000000000000000, __PAGE_KERNEL_LARGE_EXEC|_PAGE_GLOBAL,
1447 - KERNEL_TEXT_SIZE/PMD_SIZE)
1448 + PMDS(0x0000000000000000, __PAGE_KERNEL_LARGE_EXEC|_PAGE_GLOBAL, KERNEL_TEXT_SIZE/PMD_SIZE)
1449 /* Module mapping starts here */
1450 .fill (PTRS_PER_PMD - (KERNEL_TEXT_SIZE/PMD_SIZE)),8,0
1452 diff --git a/arch/x86_64/kernel/io_apic.c b/arch/x86_64/kernel/io_apic.c
1453 index 1c6c6f7..34d7cde 100644
1454 --- a/arch/x86_64/kernel/io_apic.c
1455 +++ b/arch/x86_64/kernel/io_apic.c
1456 @@ -774,12 +774,15 @@ static struct irq_chip ioapic_chip;
1458 static void ioapic_register_intr(int irq, unsigned long trigger)
1459 {
1460 - if (trigger)
1461 + if (trigger) {
1462 + irq_desc[irq].status |= IRQ_LEVEL;
1463 set_irq_chip_and_handler_name(irq, &ioapic_chip,
1464 handle_fasteoi_irq, "fasteoi");
1465 - else
1466 + } else {
1467 + irq_desc[irq].status &= ~IRQ_LEVEL;
1468 set_irq_chip_and_handler_name(irq, &ioapic_chip,
1469 handle_edge_irq, "edge");
1470 + }
1471 }
1473 static void setup_IO_APIC_irq(int apic, int pin, unsigned int irq,
1474 diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c
1475 index 9409117..7fc0e73 100644
1476 --- a/arch/x86_64/kernel/ptrace.c
1477 +++ b/arch/x86_64/kernel/ptrace.c
1478 @@ -102,16 +102,25 @@ unsigned long convert_rip_to_linear(struct task_struct *child, struct pt_regs *r
1479 u32 *desc;
1480 unsigned long base;
1482 - down(&child->mm->context.sem);
1483 - desc = child->mm->context.ldt + (seg & ~7);
1484 - base = (desc[0] >> 16) | ((desc[1] & 0xff) << 16) | (desc[1] & 0xff000000);
1485 + seg &= ~7UL;
1487 - /* 16-bit code segment? */
1488 - if (!((desc[1] >> 22) & 1))
1489 - addr &= 0xffff;
1490 - addr += base;
1491 + down(&child->mm->context.sem);
1492 + if (unlikely((seg >> 3) >= child->mm->context.size))
1493 + addr = -1L; /* bogus selector, access would fault */
1494 + else {
1495 + desc = child->mm->context.ldt + seg;
1496 + base = ((desc[0] >> 16) |
1497 + ((desc[1] & 0xff) << 16) |
1498 + (desc[1] & 0xff000000));
1499 +
1500 + /* 16-bit code segment? */
1501 + if (!((desc[1] >> 22) & 1))
1502 + addr &= 0xffff;
1503 + addr += base;
1504 + }
1505 up(&child->mm->context.sem);
1506 }
1507 +
1508 return addr;
1509 }
1511 @@ -223,10 +232,6 @@ static int putreg(struct task_struct *child,
1512 {
1513 unsigned long tmp;
1515 - /* Some code in the 64bit emulation may not be 64bit clean.
1516 - Don't take any chances. */
1517 - if (test_tsk_thread_flag(child, TIF_IA32))
1518 - value &= 0xffffffff;
1519 switch (regno) {
1520 case offsetof(struct user_regs_struct,fs):
1521 if (value && (value & 3) != 3)
1522 diff --git a/arch/x86_64/mm/init.c b/arch/x86_64/mm/init.c
1523 index 9a0e98a..b7e514e 100644
1524 --- a/arch/x86_64/mm/init.c
1525 +++ b/arch/x86_64/mm/init.c
1526 @@ -769,8 +769,3 @@ int in_gate_area_no_task(unsigned long addr)
1527 return (addr >= VSYSCALL_START) && (addr < VSYSCALL_END);
1528 }
1530 -void *alloc_bootmem_high_node(pg_data_t *pgdat, unsigned long size)
1531 -{
1532 - return __alloc_bootmem_core(pgdat->bdata, size,
1533 - SMP_CACHE_BYTES, (4UL*1024*1024*1024), 0);
1534 -}
1535 diff --git a/arch/x86_64/mm/pageattr.c b/arch/x86_64/mm/pageattr.c
1536 index 9148f4a..d6cd5c4 100644
1537 --- a/arch/x86_64/mm/pageattr.c
1538 +++ b/arch/x86_64/mm/pageattr.c
1539 @@ -204,7 +204,7 @@ int change_page_attr_addr(unsigned long address, int numpages, pgprot_t prot)
1540 if (__pa(address) < KERNEL_TEXT_SIZE) {
1541 unsigned long addr2;
1542 pgprot_t prot2;
1543 - addr2 = __START_KERNEL_map + __pa(address);
1544 + addr2 = __START_KERNEL_map + __pa(address) - phys_base;
1545 /* Make sure the kernel mappings stay executable */
1546 prot2 = pte_pgprot(pte_mkexec(pfn_pte(0, prot)));
1547 err = __change_page_attr(addr2, pfn, prot2,
1548 @@ -227,9 +227,14 @@ void global_flush_tlb(void)
1549 struct page *pg, *next;
1550 struct list_head l;
1552 - down_read(&init_mm.mmap_sem);
1553 + /*
1554 + * Write-protect the semaphore, to exclude two contexts
1555 + * doing a list_replace_init() call in parallel and to
1556 + * exclude new additions to the deferred_pages list:
1557 + */
1558 + down_write(&init_mm.mmap_sem);
1559 list_replace_init(&deferred_pages, &l);
1560 - up_read(&init_mm.mmap_sem);
1561 + up_write(&init_mm.mmap_sem);
1563 flush_map(&l);
1565 diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
1566 index baef5fc..a131d41 100644
1567 --- a/block/cfq-iosched.c
1568 +++ b/block/cfq-iosched.c
1569 @@ -92,6 +92,8 @@ struct cfq_data {
1570 struct cfq_queue *active_queue;
1571 struct cfq_io_context *active_cic;
1573 + struct cfq_queue *async_cfqq[IOPRIO_BE_NR];
1574 +
1575 struct timer_list idle_class_timer;
1577 sector_t last_position;
1578 @@ -1351,8 +1353,8 @@ static void cfq_ioc_set_ioprio(struct io_context *ioc)
1579 }
1581 static struct cfq_queue *
1582 -cfq_get_queue(struct cfq_data *cfqd, int is_sync, struct task_struct *tsk,
1583 - gfp_t gfp_mask)
1584 +cfq_find_alloc_queue(struct cfq_data *cfqd, int is_sync,
1585 + struct task_struct *tsk, gfp_t gfp_mask)
1586 {
1587 struct cfq_queue *cfqq, *new_cfqq = NULL;
1588 struct cfq_io_context *cic;
1589 @@ -1405,12 +1407,35 @@ retry:
1590 if (new_cfqq)
1591 kmem_cache_free(cfq_pool, new_cfqq);
1593 - atomic_inc(&cfqq->ref);
1594 out:
1595 WARN_ON((gfp_mask & __GFP_WAIT) && !cfqq);
1596 return cfqq;
1597 }
1599 +static struct cfq_queue *
1600 +cfq_get_queue(struct cfq_data *cfqd, int is_sync, struct task_struct *tsk,
1601 + gfp_t gfp_mask)
1602 +{
1603 + const int ioprio = task_ioprio(tsk);
1604 + struct cfq_queue *cfqq = NULL;
1605 +
1606 + if (!is_sync)
1607 + cfqq = cfqd->async_cfqq[ioprio];
1608 + if (!cfqq)
1609 + cfqq = cfq_find_alloc_queue(cfqd, is_sync, tsk, gfp_mask);
1610 +
1611 + /*
1612 + * pin the queue now that it's allocated, scheduler exit will prune it
1613 + */
1614 + if (!is_sync && !cfqd->async_cfqq[ioprio]) {
1615 + atomic_inc(&cfqq->ref);
1616 + cfqd->async_cfqq[ioprio] = cfqq;
1617 + }
1618 +
1619 + atomic_inc(&cfqq->ref);
1620 + return cfqq;
1621 +}
1622 +
1623 /*
1624 * We drop cfq io contexts lazily, so we may find a dead one.
1625 */
1626 @@ -2019,6 +2044,7 @@ static void cfq_exit_queue(elevator_t *e)
1627 {
1628 struct cfq_data *cfqd = e->elevator_data;
1629 request_queue_t *q = cfqd->queue;
1630 + int i;
1632 cfq_shutdown_timer_wq(cfqd);
1634 @@ -2035,6 +2061,13 @@ static void cfq_exit_queue(elevator_t *e)
1635 __cfq_exit_single_io_context(cfqd, cic);
1636 }
1638 + /*
1639 + * Put the async queues
1640 + */
1641 + for (i = 0; i < IOPRIO_BE_NR; i++)
1642 + if (cfqd->async_cfqq[i])
1643 + cfq_put_queue(cfqd->async_cfqq[i]);
1644 +
1645 spin_unlock_irq(q->queue_lock);
1647 cfq_shutdown_timer_wq(cfqd);
1648 diff --git a/block/ll_rw_blk.c b/block/ll_rw_blk.c
1649 index c99b463..4369ff2 100644
1650 --- a/block/ll_rw_blk.c
1651 +++ b/block/ll_rw_blk.c
1652 @@ -1081,12 +1081,6 @@ void blk_queue_end_tag(request_queue_t *q, struct request *rq)
1653 */
1654 return;
1656 - if (unlikely(!__test_and_clear_bit(tag, bqt->tag_map))) {
1657 - printk(KERN_ERR "%s: attempt to clear non-busy tag (%d)\n",
1658 - __FUNCTION__, tag);
1659 - return;
1660 - }
1661 -
1662 list_del_init(&rq->queuelist);
1663 rq->cmd_flags &= ~REQ_QUEUED;
1664 rq->tag = -1;
1665 @@ -1096,6 +1090,13 @@ void blk_queue_end_tag(request_queue_t *q, struct request *rq)
1666 __FUNCTION__, tag);
1668 bqt->tag_index[tag] = NULL;
1669 +
1670 + if (unlikely(!test_and_clear_bit(tag, bqt->tag_map))) {
1671 + printk(KERN_ERR "%s: attempt to clear non-busy tag (%d)\n",
1672 + __FUNCTION__, tag);
1673 + return;
1674 + }
1675 +
1676 bqt->busy--;
1677 }
1679 diff --git a/crypto/algapi.c b/crypto/algapi.c
1680 index f137a43..ec286a2 100644
1681 --- a/crypto/algapi.c
1682 +++ b/crypto/algapi.c
1683 @@ -98,6 +98,9 @@ static void crypto_remove_spawn(struct crypto_spawn *spawn,
1684 return;
1686 inst->alg.cra_flags |= CRYPTO_ALG_DEAD;
1687 + if (hlist_unhashed(&inst->list))
1688 + return;
1689 +
1690 if (!tmpl || !crypto_tmpl_get(tmpl))
1691 return;
1693 @@ -333,9 +336,6 @@ int crypto_register_instance(struct crypto_template *tmpl,
1694 LIST_HEAD(list);
1695 int err = -EINVAL;
1697 - if (inst->alg.cra_destroy)
1698 - goto err;
1699 -
1700 err = crypto_check_alg(&inst->alg);
1701 if (err)
1702 goto err;
1703 diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
1704 index 8edf40c..cce9236 100644
1705 --- a/crypto/blkcipher.c
1706 +++ b/crypto/blkcipher.c
1707 @@ -59,11 +59,13 @@ static inline void blkcipher_unmap_dst(struct blkcipher_walk *walk)
1708 scatterwalk_unmap(walk->dst.virt.addr, 1);
1709 }
1711 +/* Get a spot of the specified length that does not straddle a page.
1712 + * The caller needs to ensure that there is enough space for this operation.
1713 + */
1714 static inline u8 *blkcipher_get_spot(u8 *start, unsigned int len)
1715 {
1716 - if (offset_in_page(start + len) < len)
1717 - return (u8 *)((unsigned long)(start + len) & PAGE_MASK);
1718 - return start;
1719 + u8 *end_page = (u8 *)(((unsigned long)(start + len - 1)) & PAGE_MASK);
1720 + return start > end_page ? start : end_page;
1721 }
1723 static inline unsigned int blkcipher_done_slow(struct crypto_blkcipher *tfm,
1724 @@ -155,7 +157,8 @@ static inline int blkcipher_next_slow(struct blkcipher_desc *desc,
1725 if (walk->buffer)
1726 goto ok;
1728 - n = bsize * 2 + (alignmask & ~(crypto_tfm_ctx_alignment() - 1));
1729 + n = bsize * 3 - (alignmask + 1) +
1730 + (alignmask & ~(crypto_tfm_ctx_alignment() - 1));
1731 walk->buffer = kmalloc(n, GFP_ATOMIC);
1732 if (!walk->buffer)
1733 return blkcipher_walk_done(desc, walk, -ENOMEM);
1734 diff --git a/drivers/acpi/dispatcher/dsobject.c b/drivers/acpi/dispatcher/dsobject.c
1735 index a474ca2..954ac8c 100644
1736 --- a/drivers/acpi/dispatcher/dsobject.c
1737 +++ b/drivers/acpi/dispatcher/dsobject.c
1738 @@ -137,6 +137,71 @@ acpi_ds_build_internal_object(struct acpi_walk_state *walk_state,
1739 return_ACPI_STATUS(status);
1740 }
1741 }
1742 +
1743 + /* Special object resolution for elements of a package */
1744 +
1745 + if ((op->common.parent->common.aml_opcode == AML_PACKAGE_OP) ||
1746 + (op->common.parent->common.aml_opcode ==
1747 + AML_VAR_PACKAGE_OP)) {
1748 + /*
1749 + * Attempt to resolve the node to a value before we insert it into
1750 + * the package. If this is a reference to a common data type,
1751 + * resolve it immediately. According to the ACPI spec, package
1752 + * elements can only be "data objects" or method references.
1753 + * Attempt to resolve to an Integer, Buffer, String or Package.
1754 + * If cannot, return the named reference (for things like Devices,
1755 + * Methods, etc.) Buffer Fields and Fields will resolve to simple
1756 + * objects (int/buf/str/pkg).
1757 + *
1758 + * NOTE: References to things like Devices, Methods, Mutexes, etc.
1759 + * will remain as named references. This behavior is not described
1760 + * in the ACPI spec, but it appears to be an oversight.
1761 + */
1762 + obj_desc = (union acpi_operand_object *)op->common.node;
1763 +
1764 + status =
1765 + acpi_ex_resolve_node_to_value(ACPI_CAST_INDIRECT_PTR
1766 + (struct
1767 + acpi_namespace_node,
1768 + &obj_desc),
1769 + walk_state);
1770 + if (ACPI_FAILURE(status)) {
1771 + return_ACPI_STATUS(status);
1772 + }
1773 +
1774 + switch (op->common.node->type) {
1775 + /*
1776 + * For these types, we need the actual node, not the subobject.
1777 + * However, the subobject got an extra reference count above.
1778 + */
1779 + case ACPI_TYPE_MUTEX:
1780 + case ACPI_TYPE_METHOD:
1781 + case ACPI_TYPE_POWER:
1782 + case ACPI_TYPE_PROCESSOR:
1783 + case ACPI_TYPE_EVENT:
1784 + case ACPI_TYPE_REGION:
1785 + case ACPI_TYPE_DEVICE:
1786 + case ACPI_TYPE_THERMAL:
1787 +
1788 + obj_desc =
1789 + (union acpi_operand_object *)op->common.
1790 + node;
1791 + break;
1792 +
1793 + default:
1794 + break;
1795 + }
1796 +
1797 + /*
1798 + * If above resolved to an operand object, we are done. Otherwise,
1799 + * we have a NS node, we must create the package entry as a named
1800 + * reference.
1801 + */
1802 + if (ACPI_GET_DESCRIPTOR_TYPE(obj_desc) !=
1803 + ACPI_DESC_TYPE_NAMED) {
1804 + goto exit;
1805 + }
1806 + }
1807 }
1809 /* Create and init a new internal ACPI object */
1810 @@ -156,6 +221,7 @@ acpi_ds_build_internal_object(struct acpi_walk_state *walk_state,
1811 return_ACPI_STATUS(status);
1812 }
1814 + exit:
1815 *obj_desc_ptr = obj_desc;
1816 return_ACPI_STATUS(AE_OK);
1817 }
1818 @@ -356,12 +422,25 @@ acpi_ds_build_internal_package_obj(struct acpi_walk_state *walk_state,
1819 arg = arg->common.next;
1820 for (i = 0; arg && (i < element_count); i++) {
1821 if (arg->common.aml_opcode == AML_INT_RETURN_VALUE_OP) {
1822 -
1823 - /* This package element is already built, just get it */
1824 -
1825 - obj_desc->package.elements[i] =
1826 - ACPI_CAST_PTR(union acpi_operand_object,
1827 - arg->common.node);
1828 + if (arg->common.node->type == ACPI_TYPE_METHOD) {
1829 + /*
1830 + * A method reference "looks" to the parser to be a method
1831 + * invocation, so we special case it here
1832 + */
1833 + arg->common.aml_opcode = AML_INT_NAMEPATH_OP;
1834 + status =
1835 + acpi_ds_build_internal_object(walk_state,
1836 + arg,
1837 + &obj_desc->
1838 + package.
1839 + elements[i]);
1840 + } else {
1841 + /* This package element is already built, just get it */
1842 +
1843 + obj_desc->package.elements[i] =
1844 + ACPI_CAST_PTR(union acpi_operand_object,
1845 + arg->common.node);
1846 + }
1847 } else {
1848 status = acpi_ds_build_internal_object(walk_state, arg,
1849 &obj_desc->
1850 diff --git a/drivers/acpi/dock.c b/drivers/acpi/dock.c
1851 index 4546bf8..9bc340b 100644
1852 --- a/drivers/acpi/dock.c
1853 +++ b/drivers/acpi/dock.c
1854 @@ -716,6 +716,7 @@ static int dock_add(acpi_handle handle)
1855 if (ret) {
1856 printk(KERN_ERR PREFIX "Error %d registering dock device\n", ret);
1857 kfree(dock_station);
1858 + dock_station = NULL;
1859 return ret;
1860 }
1861 ret = device_create_file(&dock_device.dev, &dev_attr_docked);
1862 @@ -723,6 +724,7 @@ static int dock_add(acpi_handle handle)
1863 printk("Error %d adding sysfs file\n", ret);
1864 platform_device_unregister(&dock_device);
1865 kfree(dock_station);
1866 + dock_station = NULL;
1867 return ret;
1868 }
1869 ret = device_create_file(&dock_device.dev, &dev_attr_undock);
1870 @@ -731,6 +733,7 @@ static int dock_add(acpi_handle handle)
1871 device_remove_file(&dock_device.dev, &dev_attr_docked);
1872 platform_device_unregister(&dock_device);
1873 kfree(dock_station);
1874 + dock_station = NULL;
1875 return ret;
1876 }
1877 ret = device_create_file(&dock_device.dev, &dev_attr_uid);
1878 @@ -738,6 +741,7 @@ static int dock_add(acpi_handle handle)
1879 printk("Error %d adding sysfs file\n", ret);
1880 platform_device_unregister(&dock_device);
1881 kfree(dock_station);
1882 + dock_station = NULL;
1883 return ret;
1884 }
1886 @@ -750,6 +754,7 @@ static int dock_add(acpi_handle handle)
1887 dd = alloc_dock_dependent_device(handle);
1888 if (!dd) {
1889 kfree(dock_station);
1890 + dock_station = NULL;
1891 ret = -ENOMEM;
1892 goto dock_add_err_unregister;
1893 }
1894 @@ -777,6 +782,7 @@ dock_add_err_unregister:
1895 device_remove_file(&dock_device.dev, &dev_attr_undock);
1896 platform_device_unregister(&dock_device);
1897 kfree(dock_station);
1898 + dock_station = NULL;
1899 return ret;
1900 }
1902 @@ -810,6 +816,7 @@ static int dock_remove(void)
1904 /* free dock station memory */
1905 kfree(dock_station);
1906 + dock_station = NULL;
1907 return 0;
1908 }
1910 diff --git a/drivers/acpi/events/evgpeblk.c b/drivers/acpi/events/evgpeblk.c
1911 index 902c287..361ebe6 100644
1912 --- a/drivers/acpi/events/evgpeblk.c
1913 +++ b/drivers/acpi/events/evgpeblk.c
1914 @@ -586,6 +586,10 @@ acpi_ev_delete_gpe_xrupt(struct acpi_gpe_xrupt_info *gpe_xrupt)
1915 flags = acpi_os_acquire_lock(acpi_gbl_gpe_lock);
1916 if (gpe_xrupt->previous) {
1917 gpe_xrupt->previous->next = gpe_xrupt->next;
1918 + } else {
1919 + /* No previous, update list head */
1920 +
1921 + acpi_gbl_gpe_xrupt_list_head = gpe_xrupt->next;
1922 }
1924 if (gpe_xrupt->next) {
1925 diff --git a/drivers/acpi/processor_core.c b/drivers/acpi/processor_core.c
1926 index f7de02a..e529f4c 100644
1927 --- a/drivers/acpi/processor_core.c
1928 +++ b/drivers/acpi/processor_core.c
1929 @@ -93,6 +93,8 @@ static struct acpi_driver acpi_processor_driver = {
1930 .add = acpi_processor_add,
1931 .remove = acpi_processor_remove,
1932 .start = acpi_processor_start,
1933 + .suspend = acpi_processor_suspend,
1934 + .resume = acpi_processor_resume,
1935 },
1936 };
1938 diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c
1939 index 80ffc78..13915e8 100644
1940 --- a/drivers/acpi/processor_idle.c
1941 +++ b/drivers/acpi/processor_idle.c
1942 @@ -324,6 +324,23 @@ static void acpi_state_timer_broadcast(struct acpi_processor *pr,
1944 #endif
1946 +/*
1947 + * Suspend / resume control
1948 + */
1949 +static int acpi_idle_suspend;
1950 +
1951 +int acpi_processor_suspend(struct acpi_device * device, pm_message_t state)
1952 +{
1953 + acpi_idle_suspend = 1;
1954 + return 0;
1955 +}
1956 +
1957 +int acpi_processor_resume(struct acpi_device * device)
1958 +{
1959 + acpi_idle_suspend = 0;
1960 + return 0;
1961 +}
1962 +
1963 static void acpi_processor_idle(void)
1964 {
1965 struct acpi_processor *pr = NULL;
1966 @@ -354,7 +371,7 @@ static void acpi_processor_idle(void)
1967 }
1969 cx = pr->power.state;
1970 - if (!cx) {
1971 + if (!cx || acpi_idle_suspend) {
1972 if (pm_idle_save)
1973 pm_idle_save();
1974 else
1975 diff --git a/drivers/acpi/tables/tbfadt.c b/drivers/acpi/tables/tbfadt.c
1976 index 1285e91..002bb33 100644
1977 --- a/drivers/acpi/tables/tbfadt.c
1978 +++ b/drivers/acpi/tables/tbfadt.c
1979 @@ -211,14 +211,17 @@ void acpi_tb_parse_fadt(acpi_native_uint table_index, u8 flags)
1980 * DESCRIPTION: Get a local copy of the FADT and convert it to a common format.
1981 * Performs validation on some important FADT fields.
1982 *
1983 + * NOTE: We create a local copy of the FADT regardless of the version.
1984 + *
1985 ******************************************************************************/
1987 void acpi_tb_create_local_fadt(struct acpi_table_header *table, u32 length)
1988 {
1990 /*
1991 - * Check if the FADT is larger than what we know about (ACPI 2.0 version).
1992 - * Truncate the table, but make some noise.
1993 + * Check if the FADT is larger than the largest table that we expect
1994 + * (the ACPI 2.0/3.0 version). If so, truncate the table, and issue
1995 + * a warning.
1996 */
1997 if (length > sizeof(struct acpi_table_fadt)) {
1998 ACPI_WARNING((AE_INFO,
1999 @@ -227,10 +230,12 @@ void acpi_tb_create_local_fadt(struct acpi_table_header *table, u32 length)
2000 sizeof(struct acpi_table_fadt)));
2001 }
2003 - /* Copy the entire FADT locally. Zero first for tb_convert_fadt */
2004 + /* Clear the entire local FADT */
2006 ACPI_MEMSET(&acpi_gbl_FADT, 0, sizeof(struct acpi_table_fadt));
2008 + /* Copy the original FADT, up to sizeof (struct acpi_table_fadt) */
2009 +
2010 ACPI_MEMCPY(&acpi_gbl_FADT, table,
2011 ACPI_MIN(length, sizeof(struct acpi_table_fadt)));
2013 @@ -251,7 +256,7 @@ void acpi_tb_create_local_fadt(struct acpi_table_header *table, u32 length)
2014 * RETURN: None
2015 *
2016 * DESCRIPTION: Converts all versions of the FADT to a common internal format.
2017 - * -> Expand all 32-bit addresses to 64-bit.
2018 + * Expand all 32-bit addresses to 64-bit.
2019 *
2020 * NOTE: acpi_gbl_FADT must be of size (struct acpi_table_fadt),
2021 * and must contain a copy of the actual FADT.
2022 @@ -292,8 +297,23 @@ static void acpi_tb_convert_fadt(void)
2023 }
2025 /*
2026 - * Expand the 32-bit V1.0 addresses to the 64-bit "X" generic address
2027 - * structures as necessary.
2028 + * For ACPI 1.0 FADTs (revision 1 or 2), ensure that reserved fields which
2029 + * should be zero are indeed zero. This will workaround BIOSs that
2030 + * inadvertently place values in these fields.
2031 + *
2032 + * The ACPI 1.0 reserved fields that will be zeroed are the bytes located at
2033 + * offset 45, 55, 95, and the word located at offset 109, 110.
2034 + */
2035 + if (acpi_gbl_FADT.header.revision < 3) {
2036 + acpi_gbl_FADT.preferred_profile = 0;
2037 + acpi_gbl_FADT.pstate_control = 0;
2038 + acpi_gbl_FADT.cst_control = 0;
2039 + acpi_gbl_FADT.boot_flags = 0;
2040 + }
2041 +
2042 + /*
2043 + * Expand the ACPI 1.0 32-bit V1.0 addresses to the ACPI 2.0 64-bit "X"
2044 + * generic address structures as necessary.
2045 */
2046 for (i = 0; i < ACPI_FADT_INFO_ENTRIES; i++) {
2047 target =
2048 @@ -349,18 +369,6 @@ static void acpi_tb_convert_fadt(void)
2049 acpi_gbl_FADT.xpm1a_event_block.space_id;
2051 }
2052 -
2053 - /*
2054 - * For ACPI 1.0 FADTs, ensure that reserved fields (which should be zero)
2055 - * are indeed zero. This will workaround BIOSs that inadvertently placed
2056 - * values in these fields.
2057 - */
2058 - if (acpi_gbl_FADT.header.revision < 3) {
2059 - acpi_gbl_FADT.preferred_profile = 0;
2060 - acpi_gbl_FADT.pstate_control = 0;
2061 - acpi_gbl_FADT.cst_control = 0;
2062 - acpi_gbl_FADT.boot_flags = 0;
2063 - }
2064 }
2066 /******************************************************************************
2067 diff --git a/drivers/acpi/tables/tbutils.c b/drivers/acpi/tables/tbutils.c
2068 index 1da64b4..8cc9492 100644
2069 --- a/drivers/acpi/tables/tbutils.c
2070 +++ b/drivers/acpi/tables/tbutils.c
2071 @@ -51,6 +51,65 @@ ACPI_MODULE_NAME("tbutils")
2072 static acpi_physical_address
2073 acpi_tb_get_root_table_entry(u8 * table_entry,
2074 acpi_native_uint table_entry_size);
2075 +/*******************************************************************************
2076 + *
2077 + * FUNCTION: acpi_tb_check_xsdt
2078 + *
2079 + * PARAMETERS: address - Pointer to the XSDT
2080 + *
2081 + * RETURN: status
2082 + * AE_OK - XSDT is okay
2083 + * AE_NO_MEMORY - can't map XSDT
2084 + * AE_INVALID_TABLE_LENGTH - invalid table length
2085 + * AE_NULL_ENTRY - XSDT has NULL entry
2086 + *
2087 + * DESCRIPTION: validate XSDT
2088 +******************************************************************************/
2089 +
2090 +static acpi_status
2091 +acpi_tb_check_xsdt(acpi_physical_address address)
2092 +{
2093 + struct acpi_table_header *table;
2094 + u32 length;
2095 + u64 xsdt_entry_address;
2096 + u8 *table_entry;
2097 + u32 table_count;
2098 + int i;
2099 +
2100 + table = acpi_os_map_memory(address, sizeof(struct acpi_table_header));
2101 + if (!table)
2102 + return AE_NO_MEMORY;
2103 +
2104 + length = table->length;
2105 + acpi_os_unmap_memory(table, sizeof(struct acpi_table_header));
2106 + if (length < sizeof(struct acpi_table_header))
2107 + return AE_INVALID_TABLE_LENGTH;
2108 +
2109 + table = acpi_os_map_memory(address, length);
2110 + if (!table)
2111 + return AE_NO_MEMORY;
2112 +
2113 + /* Calculate the number of tables described in XSDT */
2114 + table_count =
2115 + (u32) ((table->length -
2116 + sizeof(struct acpi_table_header)) / sizeof(u64));
2117 + table_entry =
2118 + ACPI_CAST_PTR(u8, table) + sizeof(struct acpi_table_header);
2119 + for (i = 0; i < table_count; i++) {
2120 + ACPI_MOVE_64_TO_64(&xsdt_entry_address, table_entry);
2121 + if (!xsdt_entry_address) {
2122 + /* XSDT has NULL entry */
2123 + break;
2124 + }
2125 + table_entry += sizeof(u64);
2126 + }
2127 + acpi_os_unmap_memory(table, length);
2128 +
2129 + if (i < table_count)
2130 + return AE_NULL_ENTRY;
2131 + else
2132 + return AE_OK;
2133 +}
2135 /*******************************************************************************
2136 *
2137 @@ -341,6 +400,7 @@ acpi_tb_parse_root_table(acpi_physical_address rsdp_address, u8 flags)
2138 u32 table_count;
2139 struct acpi_table_header *table;
2140 acpi_physical_address address;
2141 + acpi_physical_address rsdt_address;
2142 u32 length;
2143 u8 *table_entry;
2144 acpi_status status;
2145 @@ -369,6 +429,8 @@ acpi_tb_parse_root_table(acpi_physical_address rsdp_address, u8 flags)
2146 */
2147 address = (acpi_physical_address) rsdp->xsdt_physical_address;
2148 table_entry_size = sizeof(u64);
2149 + rsdt_address = (acpi_physical_address)
2150 + rsdp->rsdt_physical_address;
2151 } else {
2152 /* Root table is an RSDT (32-bit physical addresses) */
2154 @@ -382,6 +444,15 @@ acpi_tb_parse_root_table(acpi_physical_address rsdp_address, u8 flags)
2155 */
2156 acpi_os_unmap_memory(rsdp, sizeof(struct acpi_table_rsdp));
2158 + if (table_entry_size == sizeof(u64)) {
2159 + if (acpi_tb_check_xsdt(address) == AE_NULL_ENTRY) {
2160 + /* XSDT has NULL entry, RSDT is used */
2161 + address = rsdt_address;
2162 + table_entry_size = sizeof(u32);
2163 + ACPI_WARNING((AE_INFO, "BIOS XSDT has NULL entry,"
2164 + "using RSDT"));
2165 + }
2166 + }
2167 /* Map the RSDT/XSDT table header to get the full table length */
2169 table = acpi_os_map_memory(address, sizeof(struct acpi_table_header));
2170 diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
2171 index ca5229d..e722f83 100644
2172 --- a/drivers/ata/ahci.c
2173 +++ b/drivers/ata/ahci.c
2174 @@ -399,7 +399,10 @@ static const struct pci_device_id ahci_pci_tbl[] = {
2176 /* ATI */
2177 { PCI_VDEVICE(ATI, 0x4380), board_ahci_sb600 }, /* ATI SB600 */
2178 - { PCI_VDEVICE(ATI, 0x4390), board_ahci_sb600 }, /* ATI SB700 */
2179 + { PCI_VDEVICE(ATI, 0x4390), board_ahci_sb600 }, /* ATI SB700 IDE */
2180 + { PCI_VDEVICE(ATI, 0x4391), board_ahci_sb600 }, /* ATI SB700 AHCI */
2181 + { PCI_VDEVICE(ATI, 0x4392), board_ahci_sb600 }, /* ATI SB700 nraid5 */
2182 + { PCI_VDEVICE(ATI, 0x4393), board_ahci_sb600 }, /* ATI SB700 raid5 */
2184 /* VIA */
2185 { PCI_VDEVICE(VIA, 0x3349), board_ahci_vt8251 }, /* VIA VT8251 */
2186 @@ -1238,7 +1241,7 @@ static void ahci_host_intr(struct ata_port *ap)
2187 struct ata_eh_info *ehi = &ap->eh_info;
2188 struct ahci_port_priv *pp = ap->private_data;
2189 u32 status, qc_active;
2190 - int rc, known_irq = 0;
2191 + int rc;
2193 status = readl(port_mmio + PORT_IRQ_STAT);
2194 writel(status, port_mmio + PORT_IRQ_STAT);
2195 @@ -1254,74 +1257,11 @@ static void ahci_host_intr(struct ata_port *ap)
2196 qc_active = readl(port_mmio + PORT_CMD_ISSUE);
2198 rc = ata_qc_complete_multiple(ap, qc_active, NULL);
2199 - if (rc > 0)
2200 - return;
2201 if (rc < 0) {
2202 ehi->err_mask |= AC_ERR_HSM;
2203 ehi->action |= ATA_EH_SOFTRESET;
2204 ata_port_freeze(ap);
2205 - return;
2206 - }
2207 -
2208 - /* hmmm... a spurious interupt */
2209 -
2210 - /* if !NCQ, ignore. No modern ATA device has broken HSM
2211 - * implementation for non-NCQ commands.
2212 - */
2213 - if (!ap->sactive)
2214 - return;
2215 -
2216 - if (status & PORT_IRQ_D2H_REG_FIS) {
2217 - if (!pp->ncq_saw_d2h)
2218 - ata_port_printk(ap, KERN_INFO,
2219 - "D2H reg with I during NCQ, "
2220 - "this message won't be printed again\n");
2221 - pp->ncq_saw_d2h = 1;
2222 - known_irq = 1;
2223 - }
2224 -
2225 - if (status & PORT_IRQ_DMAS_FIS) {
2226 - if (!pp->ncq_saw_dmas)
2227 - ata_port_printk(ap, KERN_INFO,
2228 - "DMAS FIS during NCQ, "
2229 - "this message won't be printed again\n");
2230 - pp->ncq_saw_dmas = 1;
2231 - known_irq = 1;
2232 - }
2233 -
2234 - if (status & PORT_IRQ_SDB_FIS) {
2235 - const __le32 *f = pp->rx_fis + RX_FIS_SDB;
2236 -
2237 - if (le32_to_cpu(f[1])) {
2238 - /* SDB FIS containing spurious completions
2239 - * might be dangerous, whine and fail commands
2240 - * with HSM violation. EH will turn off NCQ
2241 - * after several such failures.
2242 - */
2243 - ata_ehi_push_desc(ehi,
2244 - "spurious completions during NCQ "
2245 - "issue=0x%x SAct=0x%x FIS=%08x:%08x",
2246 - readl(port_mmio + PORT_CMD_ISSUE),
2247 - readl(port_mmio + PORT_SCR_ACT),
2248 - le32_to_cpu(f[0]), le32_to_cpu(f[1]));
2249 - ehi->err_mask |= AC_ERR_HSM;
2250 - ehi->action |= ATA_EH_SOFTRESET;
2251 - ata_port_freeze(ap);
2252 - } else {
2253 - if (!pp->ncq_saw_sdb)
2254 - ata_port_printk(ap, KERN_INFO,
2255 - "spurious SDB FIS %08x:%08x during NCQ, "
2256 - "this message won't be printed again\n",
2257 - le32_to_cpu(f[0]), le32_to_cpu(f[1]));
2258 - pp->ncq_saw_sdb = 1;
2259 - }
2260 - known_irq = 1;
2261 }
2262 -
2263 - if (!known_irq)
2264 - ata_port_printk(ap, KERN_INFO, "spurious interrupt "
2265 - "(irq_stat 0x%x active_tag 0x%x sactive 0x%x)\n",
2266 - status, ap->active_tag, ap->sactive);
2267 }
2269 static void ahci_irq_clear(struct ata_port *ap)
2270 diff --git a/drivers/ata/ata_piix.c b/drivers/ata/ata_piix.c
2271 index 9c07b88..5a148bd 100644
2272 --- a/drivers/ata/ata_piix.c
2273 +++ b/drivers/ata/ata_piix.c
2274 @@ -200,6 +200,8 @@ static const struct pci_device_id piix_pci_tbl[] = {
2275 /* ICH7/7-R (i945, i975) UDMA 100*/
2276 { 0x8086, 0x27DF, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich_pata_133 },
2277 { 0x8086, 0x269E, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich_pata_100 },
2278 + /* ICH8 Mobile PATA Controller */
2279 + { 0x8086, 0x2850, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich_pata_100 },
2281 /* NOTE: The following PCI ids must be kept in sync with the
2282 * list in drivers/pci/quirks.c.
2283 @@ -426,7 +428,7 @@ static const struct piix_map_db ich8_map_db = {
2284 /* PM PS SM SS MAP */
2285 { P0, P2, P1, P3 }, /* 00b (hardwired when in AHCI) */
2286 { RV, RV, RV, RV },
2287 - { IDE, IDE, NA, NA }, /* 10b (IDE mode) */
2288 + { P0, P2, IDE, IDE }, /* 10b (IDE mode) */
2289 { RV, RV, RV, RV },
2290 },
2291 };
2292 diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
2293 index 981b397..22b6368 100644
2294 --- a/drivers/ata/libata-core.c
2295 +++ b/drivers/ata/libata-core.c
2296 @@ -3774,6 +3774,8 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = {
2297 { "SAMSUNG CD-ROM SN-124","N001", ATA_HORKAGE_NODMA },
2298 { "Seagate STT20000A", NULL, ATA_HORKAGE_NODMA },
2299 { "IOMEGA ZIP 250 ATAPI", NULL, ATA_HORKAGE_NODMA }, /* temporary fix */
2300 + { "IOMEGA ZIP 250 ATAPI Floppy",
2301 + NULL, ATA_HORKAGE_NODMA },
2303 /* Weird ATAPI devices */
2304 { "TORiSAN DVD-ROM DRD-N216", NULL, ATA_HORKAGE_MAX_SEC_128 },
2305 @@ -3783,11 +3785,18 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = {
2306 /* Devices where NCQ should be avoided */
2307 /* NCQ is slow */
2308 { "WDC WD740ADFD-00", NULL, ATA_HORKAGE_NONCQ },
2309 + { "WDC WD740ADFD-00NLR1", NULL, ATA_HORKAGE_NONCQ, },
2310 /* http://thread.gmane.org/gmane.linux.ide/14907 */
2311 { "FUJITSU MHT2060BH", NULL, ATA_HORKAGE_NONCQ },
2312 /* NCQ is broken */
2313 { "Maxtor 6L250S0", "BANC1G10", ATA_HORKAGE_NONCQ },
2314 + { "Maxtor 6B200M0", "BANC1BM0", ATA_HORKAGE_NONCQ },
2315 { "Maxtor 6B200M0", "BANC1B10", ATA_HORKAGE_NONCQ },
2316 + { "Maxtor 7B250S0", "BANC1B70", ATA_HORKAGE_NONCQ, },
2317 + { "Maxtor 7B300S0", "BANC1B70", ATA_HORKAGE_NONCQ },
2318 + { "Maxtor 7V300F0", "VA111630", ATA_HORKAGE_NONCQ },
2319 + { "HITACHI HDS7250SASUN500G 0621KTAWSD", "K2AOAJ0AHITACHI",
2320 + ATA_HORKAGE_NONCQ },
2321 /* NCQ hard hangs device under heavier load, needs hard power cycle */
2322 { "Maxtor 6B250S0", "BANC1B70", ATA_HORKAGE_NONCQ },
2323 /* Blacklist entries taken from Silicon Image 3124/3132
2324 @@ -3795,13 +3804,6 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = {
2325 { "HTS541060G9SA00", "MB3OC60D", ATA_HORKAGE_NONCQ, },
2326 { "HTS541080G9SA00", "MB4OC60D", ATA_HORKAGE_NONCQ, },
2327 { "HTS541010G9SA00", "MBZOC60D", ATA_HORKAGE_NONCQ, },
2328 - /* Drives which do spurious command completion */
2329 - { "HTS541680J9SA00", "SB2IC7EP", ATA_HORKAGE_NONCQ, },
2330 - { "HTS541612J9SA00", "SBDIC7JP", ATA_HORKAGE_NONCQ, },
2331 - { "Hitachi HTS541616J9SA00", "SB4OC70P", ATA_HORKAGE_NONCQ, },
2332 - { "WDC WD740ADFD-00NLR1", NULL, ATA_HORKAGE_NONCQ, },
2333 -
2334 - /* Devices with NCQ limits */
2336 /* End Marker */
2337 { }
2338 diff --git a/drivers/ata/libata-sff.c b/drivers/ata/libata-sff.c
2339 index fa1c22c..13c1486 100644
2340 --- a/drivers/ata/libata-sff.c
2341 +++ b/drivers/ata/libata-sff.c
2342 @@ -211,6 +211,8 @@ void ata_tf_read(struct ata_port *ap, struct ata_taskfile *tf)
2343 tf->hob_lbal = ioread8(ioaddr->lbal_addr);
2344 tf->hob_lbam = ioread8(ioaddr->lbam_addr);
2345 tf->hob_lbah = ioread8(ioaddr->lbah_addr);
2346 + iowrite8(tf->ctl, ioaddr->ctl_addr);
2347 + ap->last_ctl = tf->ctl;
2348 }
2349 }
2351 diff --git a/drivers/ata/pata_atiixp.c b/drivers/ata/pata_atiixp.c
2352 index 8449146..eceea6c 100644
2353 --- a/drivers/ata/pata_atiixp.c
2354 +++ b/drivers/ata/pata_atiixp.c
2355 @@ -285,6 +285,7 @@ static const struct pci_device_id atiixp[] = {
2356 { PCI_VDEVICE(ATI, PCI_DEVICE_ID_ATI_IXP300_IDE), },
2357 { PCI_VDEVICE(ATI, PCI_DEVICE_ID_ATI_IXP400_IDE), },
2358 { PCI_VDEVICE(ATI, PCI_DEVICE_ID_ATI_IXP600_IDE), },
2359 + { PCI_VDEVICE(ATI, PCI_DEVICE_ID_ATI_IXP700_IDE), },
2361 { },
2362 };
2363 diff --git a/drivers/ata/pata_scc.c b/drivers/ata/pata_scc.c
2364 index 61502bc..63f6e2c 100644
2365 --- a/drivers/ata/pata_scc.c
2366 +++ b/drivers/ata/pata_scc.c
2367 @@ -352,6 +352,8 @@ static void scc_tf_read (struct ata_port *ap, struct ata_taskfile *tf)
2368 tf->hob_lbal = in_be32(ioaddr->lbal_addr);
2369 tf->hob_lbam = in_be32(ioaddr->lbam_addr);
2370 tf->hob_lbah = in_be32(ioaddr->lbah_addr);
2371 + out_be32(ioaddr->ctl_addr, tf->ctl);
2372 + ap->last_ctl = tf->ctl;
2373 }
2374 }
2376 diff --git a/drivers/ata/sata_promise.c b/drivers/ata/sata_promise.c
2377 index 6dc0b01..681b76a 100644
2378 --- a/drivers/ata/sata_promise.c
2379 +++ b/drivers/ata/sata_promise.c
2380 @@ -51,6 +51,7 @@
2381 enum {
2382 PDC_MAX_PORTS = 4,
2383 PDC_MMIO_BAR = 3,
2384 + PDC_MAX_PRD = LIBATA_MAX_PRD - 1, /* -1 for ASIC PRD bug workaround */
2386 /* register offsets */
2387 PDC_FEATURE = 0x04, /* Feature/Error reg (per port) */
2388 @@ -157,7 +158,7 @@ static struct scsi_host_template pdc_ata_sht = {
2389 .queuecommand = ata_scsi_queuecmd,
2390 .can_queue = ATA_DEF_QUEUE,
2391 .this_id = ATA_SHT_THIS_ID,
2392 - .sg_tablesize = LIBATA_MAX_PRD,
2393 + .sg_tablesize = PDC_MAX_PRD,
2394 .cmd_per_lun = ATA_SHT_CMD_PER_LUN,
2395 .emulated = ATA_SHT_EMULATED,
2396 .use_clustering = ATA_SHT_USE_CLUSTERING,
2397 @@ -330,8 +331,8 @@ static const struct pci_device_id pdc_ata_pci_tbl[] = {
2399 { PCI_VDEVICE(PROMISE, 0x3318), board_20319 },
2400 { PCI_VDEVICE(PROMISE, 0x3319), board_20319 },
2401 - { PCI_VDEVICE(PROMISE, 0x3515), board_20319 },
2402 - { PCI_VDEVICE(PROMISE, 0x3519), board_20319 },
2403 + { PCI_VDEVICE(PROMISE, 0x3515), board_40518 },
2404 + { PCI_VDEVICE(PROMISE, 0x3519), board_40518 },
2405 { PCI_VDEVICE(PROMISE, 0x3d17), board_40518 },
2406 { PCI_VDEVICE(PROMISE, 0x3d18), board_40518 },
2408 @@ -531,6 +532,84 @@ static void pdc_atapi_pkt(struct ata_queued_cmd *qc)
2409 memcpy(buf+31, cdb, cdb_len);
2410 }
2412 +/**
2413 + * pdc_fill_sg - Fill PCI IDE PRD table
2414 + * @qc: Metadata associated with taskfile to be transferred
2415 + *
2416 + * Fill PCI IDE PRD (scatter-gather) table with segments
2417 + * associated with the current disk command.
2418 + * Make sure hardware does not choke on it.
2419 + *
2420 + * LOCKING:
2421 + * spin_lock_irqsave(host lock)
2422 + *
2423 + */
2424 +static void pdc_fill_sg(struct ata_queued_cmd *qc)
2425 +{
2426 + struct ata_port *ap = qc->ap;
2427 + struct scatterlist *sg;
2428 + unsigned int idx;
2429 + const u32 SG_COUNT_ASIC_BUG = 41*4;
2430 +
2431 + if (!(qc->flags & ATA_QCFLAG_DMAMAP))
2432 + return;
2433 +
2434 + WARN_ON(qc->__sg == NULL);
2435 + WARN_ON(qc->n_elem == 0 && qc->pad_len == 0);
2436 +
2437 + idx = 0;
2438 + ata_for_each_sg(sg, qc) {
2439 + u32 addr, offset;
2440 + u32 sg_len, len;
2441 +
2442 + /* determine if physical DMA addr spans 64K boundary.
2443 + * Note h/w doesn't support 64-bit, so we unconditionally
2444 + * truncate dma_addr_t to u32.
2445 + */
2446 + addr = (u32) sg_dma_address(sg);
2447 + sg_len = sg_dma_len(sg);
2448 +
2449 + while (sg_len) {
2450 + offset = addr & 0xffff;
2451 + len = sg_len;
2452 + if ((offset + sg_len) > 0x10000)
2453 + len = 0x10000 - offset;
2454 +
2455 + ap->prd[idx].addr = cpu_to_le32(addr);
2456 + ap->prd[idx].flags_len = cpu_to_le32(len & 0xffff);
2457 + VPRINTK("PRD[%u] = (0x%X, 0x%X)\n", idx, addr, len);
2458 +
2459 + idx++;
2460 + sg_len -= len;
2461 + addr += len;
2462 + }
2463 + }
2464 +
2465 + if (idx) {
2466 + u32 len = le32_to_cpu(ap->prd[idx - 1].flags_len);
2467 +
2468 + if (len > SG_COUNT_ASIC_BUG) {
2469 + u32 addr;
2470 +
2471 + VPRINTK("Splitting last PRD.\n");
2472 +
2473 + addr = le32_to_cpu(ap->prd[idx - 1].addr);
2474 + ap->prd[idx - 1].flags_len = cpu_to_le32(len - SG_COUNT_ASIC_BUG);
2475 + VPRINTK("PRD[%u] = (0x%X, 0x%X)\n", idx - 1, addr, SG_COUNT_ASIC_BUG);
2476 +
2477 + addr = addr + len - SG_COUNT_ASIC_BUG;
2478 + len = SG_COUNT_ASIC_BUG;
2479 + ap->prd[idx].addr = cpu_to_le32(addr);
2480 + ap->prd[idx].flags_len = cpu_to_le32(len);
2481 + VPRINTK("PRD[%u] = (0x%X, 0x%X)\n", idx, addr, len);
2482 +
2483 + idx++;
2484 + }
2485 +
2486 + ap->prd[idx - 1].flags_len |= cpu_to_le32(ATA_PRD_EOT);
2487 + }
2488 +}
2489 +
2490 static void pdc_qc_prep(struct ata_queued_cmd *qc)
2491 {
2492 struct pdc_port_priv *pp = qc->ap->private_data;
2493 @@ -540,7 +619,7 @@ static void pdc_qc_prep(struct ata_queued_cmd *qc)
2495 switch (qc->tf.protocol) {
2496 case ATA_PROT_DMA:
2497 - ata_qc_prep(qc);
2498 + pdc_fill_sg(qc);
2499 /* fall through */
2501 case ATA_PROT_NODATA:
2502 @@ -556,11 +635,11 @@ static void pdc_qc_prep(struct ata_queued_cmd *qc)
2503 break;
2505 case ATA_PROT_ATAPI:
2506 - ata_qc_prep(qc);
2507 + pdc_fill_sg(qc);
2508 break;
2510 case ATA_PROT_ATAPI_DMA:
2511 - ata_qc_prep(qc);
2512 + pdc_fill_sg(qc);
2513 /*FALLTHROUGH*/
2514 case ATA_PROT_ATAPI_NODATA:
2515 pdc_atapi_pkt(qc);
2516 diff --git a/drivers/atm/he.c b/drivers/atm/he.c
2517 index d33aba6..3b64a99 100644
2518 --- a/drivers/atm/he.c
2519 +++ b/drivers/atm/he.c
2520 @@ -394,6 +394,11 @@ he_init_one(struct pci_dev *pci_dev, const struct pci_device_id *pci_ent)
2521 he_dev->atm_dev->dev_data = he_dev;
2522 atm_dev->dev_data = he_dev;
2523 he_dev->number = atm_dev->number;
2524 +#ifdef USE_TASKLET
2525 + tasklet_init(&he_dev->tasklet, he_tasklet, (unsigned long) he_dev);
2526 +#endif
2527 + spin_lock_init(&he_dev->global_lock);
2528 +
2529 if (he_start(atm_dev)) {
2530 he_stop(he_dev);
2531 err = -ENODEV;
2532 @@ -1173,11 +1178,6 @@ he_start(struct atm_dev *dev)
2533 if ((err = he_init_irq(he_dev)) != 0)
2534 return err;
2536 -#ifdef USE_TASKLET
2537 - tasklet_init(&he_dev->tasklet, he_tasklet, (unsigned long) he_dev);
2538 -#endif
2539 - spin_lock_init(&he_dev->global_lock);
2540 -
2541 /* 4.11 enable pci bus controller state machines */
2542 host_cntl |= (OUTFF_ENB | CMDFF_ENB |
2543 QUICK_RD_RETRY | QUICK_WR_RETRY | PERR_INT_ENB);
2544 diff --git a/drivers/atm/nicstar.c b/drivers/atm/nicstar.c
2545 index 14ced85..0c205b0 100644
2546 --- a/drivers/atm/nicstar.c
2547 +++ b/drivers/atm/nicstar.c
2548 @@ -625,14 +625,6 @@ static int __devinit ns_init_card(int i, struct pci_dev *pcidev)
2549 if (mac[i] == NULL)
2550 nicstar_init_eprom(card->membase);
2552 - if (request_irq(pcidev->irq, &ns_irq_handler, IRQF_DISABLED | IRQF_SHARED, "nicstar", card) != 0)
2553 - {
2554 - printk("nicstar%d: can't allocate IRQ %d.\n", i, pcidev->irq);
2555 - error = 9;
2556 - ns_init_card_error(card, error);
2557 - return error;
2558 - }
2559 -
2560 /* Set the VPI/VCI MSb mask to zero so we can receive OAM cells */
2561 writel(0x00000000, card->membase + VPM);
2563 @@ -858,8 +850,6 @@ static int __devinit ns_init_card(int i, struct pci_dev *pcidev)
2564 card->iovpool.count++;
2565 }
2567 - card->intcnt = 0;
2568 -
2569 /* Configure NICStAR */
2570 if (card->rct_size == 4096)
2571 ns_cfg_rctsize = NS_CFG_RCTSIZE_4096_ENTRIES;
2572 @@ -868,6 +858,15 @@ static int __devinit ns_init_card(int i, struct pci_dev *pcidev)
2574 card->efbie = 1;
2576 + card->intcnt = 0;
2577 + if (request_irq(pcidev->irq, &ns_irq_handler, IRQF_DISABLED | IRQF_SHARED, "nicstar", card) != 0)
2578 + {
2579 + printk("nicstar%d: can't allocate IRQ %d.\n", i, pcidev->irq);
2580 + error = 9;
2581 + ns_init_card_error(card, error);
2582 + return error;
2583 + }
2584 +
2585 /* Register device */
2586 card->atmdev = atm_dev_register("nicstar", &atm_ops, -1, NULL);
2587 if (card->atmdev == NULL)
2588 diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c
2589 index fe7ef33..4054507 100644
2590 --- a/drivers/base/cpu.c
2591 +++ b/drivers/base/cpu.c
2592 @@ -53,7 +53,7 @@ static ssize_t store_online(struct sys_device *dev, const char *buf,
2593 ret = count;
2594 return ret;
2595 }
2596 -static SYSDEV_ATTR(online, 0600, show_online, store_online);
2597 +static SYSDEV_ATTR(online, 0644, show_online, store_online);
2599 static void __devinit register_cpu_control(struct cpu *cpu)
2600 {
2601 diff --git a/drivers/block/DAC960.c b/drivers/block/DAC960.c
2602 index 92bf868..84d6aa5 100644
2603 --- a/drivers/block/DAC960.c
2604 +++ b/drivers/block/DAC960.c
2605 @@ -17,8 +17,8 @@
2606 */
2609 -#define DAC960_DriverVersion "2.5.48"
2610 -#define DAC960_DriverDate "14 May 2006"
2611 +#define DAC960_DriverVersion "2.5.49"
2612 +#define DAC960_DriverDate "21 Aug 2007"
2615 #include <linux/module.h>
2616 @@ -31,6 +31,7 @@
2617 #include <linux/genhd.h>
2618 #include <linux/hdreg.h>
2619 #include <linux/blkpg.h>
2620 +#include <linux/dma-mapping.h>
2621 #include <linux/interrupt.h>
2622 #include <linux/ioport.h>
2623 #include <linux/mm.h>
2624 @@ -1165,9 +1166,9 @@ static bool DAC960_V1_EnableMemoryMailboxInterface(DAC960_Controller_T
2625 int i;
2628 - if (pci_set_dma_mask(Controller->PCIDevice, DAC690_V1_PciDmaMask))
2629 + if (pci_set_dma_mask(Controller->PCIDevice, DMA_32BIT_MASK))
2630 return DAC960_Failure(Controller, "DMA mask out of range");
2631 - Controller->BounceBufferLimit = DAC690_V1_PciDmaMask;
2632 + Controller->BounceBufferLimit = DMA_32BIT_MASK;
2634 if ((hw_type == DAC960_PD_Controller) || (hw_type == DAC960_P_Controller)) {
2635 CommandMailboxesSize = 0;
2636 @@ -1368,9 +1369,12 @@ static bool DAC960_V2_EnableMemoryMailboxInterface(DAC960_Controller_T
2637 dma_addr_t CommandMailboxDMA;
2638 DAC960_V2_CommandStatus_T CommandStatus;
2640 - if (pci_set_dma_mask(Controller->PCIDevice, DAC690_V2_PciDmaMask))
2641 - return DAC960_Failure(Controller, "DMA mask out of range");
2642 - Controller->BounceBufferLimit = DAC690_V2_PciDmaMask;
2643 + if (!pci_set_dma_mask(Controller->PCIDevice, DMA_64BIT_MASK))
2644 + Controller->BounceBufferLimit = DMA_64BIT_MASK;
2645 + else if (!pci_set_dma_mask(Controller->PCIDevice, DMA_32BIT_MASK))
2646 + Controller->BounceBufferLimit = DMA_32BIT_MASK;
2647 + else
2648 + return DAC960_Failure(Controller, "DMA mask out of range");
2650 /* This is a temporary dma mapping, used only in the scope of this function */
2651 CommandMailbox = pci_alloc_consistent(PCI_Device,
2652 diff --git a/drivers/block/DAC960.h b/drivers/block/DAC960.h
2653 index f5e2436..85fa9bb 100644
2654 --- a/drivers/block/DAC960.h
2655 +++ b/drivers/block/DAC960.h
2656 @@ -61,13 +61,6 @@
2657 #define DAC960_V2_MaxPhysicalDevices 272
2659 /*
2660 - Define the pci dma mask supported by DAC960 V1 and V2 Firmware Controlers
2661 - */
2662 -
2663 -#define DAC690_V1_PciDmaMask 0xffffffff
2664 -#define DAC690_V2_PciDmaMask 0xffffffffffffffffULL
2665 -
2666 -/*
2667 Define a 32/64 bit I/O Address data type.
2668 */
2670 diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
2671 index 5acc6c4..132f76b 100644
2672 --- a/drivers/block/cciss.c
2673 +++ b/drivers/block/cciss.c
2674 @@ -3225,12 +3225,15 @@ static int alloc_cciss_hba(void)
2675 for (i = 0; i < MAX_CTLR; i++) {
2676 if (!hba[i]) {
2677 ctlr_info_t *p;
2678 +
2679 p = kzalloc(sizeof(ctlr_info_t), GFP_KERNEL);
2680 if (!p)
2681 goto Enomem;
2682 p->gendisk[0] = alloc_disk(1 << NWD_SHIFT);
2683 - if (!p->gendisk[0])
2684 + if (!p->gendisk[0]) {
2685 + kfree(p);
2686 goto Enomem;
2687 + }
2688 hba[i] = p;
2689 return i;
2690 }
2691 diff --git a/drivers/block/rd.c b/drivers/block/rd.c
2692 index a1512da..e30bd9e 100644
2693 --- a/drivers/block/rd.c
2694 +++ b/drivers/block/rd.c
2695 @@ -189,6 +189,18 @@ static int ramdisk_set_page_dirty(struct page *page)
2696 return 0;
2697 }
2699 +/*
2700 + * releasepage is called by pagevec_strip/try_to_release_page if
2701 + * buffers_heads_over_limit is true. Without a releasepage function
2702 + * try_to_free_buffers is called instead. That can unset the dirty
2703 + * bit of our ram disk pages, which will be eventually freed, even
2704 + * if the page is still in use.
2705 + */
2706 +static int ramdisk_releasepage(struct page *page, gfp_t dummy)
2707 +{
2708 + return 0;
2709 +}
2710 +
2711 static const struct address_space_operations ramdisk_aops = {
2712 .readpage = ramdisk_readpage,
2713 .prepare_write = ramdisk_prepare_write,
2714 @@ -196,6 +208,7 @@ static const struct address_space_operations ramdisk_aops = {
2715 .writepage = ramdisk_writepage,
2716 .set_page_dirty = ramdisk_set_page_dirty,
2717 .writepages = ramdisk_writepages,
2718 + .releasepage = ramdisk_releasepage,
2719 };
2721 static int rd_blkdev_pagecache_IO(int rw, struct bio_vec *vec, sector_t sector,
2722 diff --git a/drivers/char/agp/intel-agp.c b/drivers/char/agp/intel-agp.c
2723 index a124060..d06b652 100644
2724 --- a/drivers/char/agp/intel-agp.c
2725 +++ b/drivers/char/agp/intel-agp.c
2726 @@ -20,7 +20,9 @@
2727 #define PCI_DEVICE_ID_INTEL_82965G_IG 0x29A2
2728 #define PCI_DEVICE_ID_INTEL_82965GM_HB 0x2A00
2729 #define PCI_DEVICE_ID_INTEL_82965GM_IG 0x2A02
2730 +#define PCI_DEVICE_ID_INTEL_82965GME_HB 0x2A10
2731 #define PCI_DEVICE_ID_INTEL_82965GME_IG 0x2A12
2732 +#define PCI_DEVICE_ID_INTEL_82945GME_HB 0x27AC
2733 #define PCI_DEVICE_ID_INTEL_82945GME_IG 0x27AE
2734 #define PCI_DEVICE_ID_INTEL_G33_HB 0x29C0
2735 #define PCI_DEVICE_ID_INTEL_G33_IG 0x29C2
2736 @@ -33,7 +35,8 @@
2737 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965G_1_HB || \
2738 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965Q_HB || \
2739 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965G_HB || \
2740 - agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965GM_HB)
2741 + agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965GM_HB || \
2742 + agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965GME_HB)
2744 #define IS_G33 (agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_G33_HB || \
2745 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_Q35_HB || \
2746 @@ -527,6 +530,7 @@ static void intel_i830_init_gtt_entries(void)
2747 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82915GM_HB ||
2748 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945G_HB ||
2749 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945GM_HB ||
2750 + agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945GME_HB ||
2751 IS_I965 || IS_G33)
2752 gtt_entries = MB(48) - KB(size);
2753 else
2754 @@ -538,6 +542,7 @@ static void intel_i830_init_gtt_entries(void)
2755 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82915GM_HB ||
2756 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945G_HB ||
2757 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945GM_HB ||
2758 + agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945GME_HB ||
2759 IS_I965 || IS_G33)
2760 gtt_entries = MB(64) - KB(size);
2761 else
2762 @@ -1848,9 +1853,9 @@ static const struct intel_driver_description {
2763 NULL, &intel_915_driver },
2764 { PCI_DEVICE_ID_INTEL_82945G_HB, PCI_DEVICE_ID_INTEL_82945G_IG, 0, "945G",
2765 NULL, &intel_915_driver },
2766 - { PCI_DEVICE_ID_INTEL_82945GM_HB, PCI_DEVICE_ID_INTEL_82945GM_IG, 1, "945GM",
2767 + { PCI_DEVICE_ID_INTEL_82945GM_HB, PCI_DEVICE_ID_INTEL_82945GM_IG, 0, "945GM",
2768 NULL, &intel_915_driver },
2769 - { PCI_DEVICE_ID_INTEL_82945GM_HB, PCI_DEVICE_ID_INTEL_82945GME_IG, 0, "945GME",
2770 + { PCI_DEVICE_ID_INTEL_82945GME_HB, PCI_DEVICE_ID_INTEL_82945GME_IG, 0, "945GME",
2771 NULL, &intel_915_driver },
2772 { PCI_DEVICE_ID_INTEL_82946GZ_HB, PCI_DEVICE_ID_INTEL_82946GZ_IG, 0, "946GZ",
2773 NULL, &intel_i965_driver },
2774 @@ -1860,9 +1865,9 @@ static const struct intel_driver_description {
2775 NULL, &intel_i965_driver },
2776 { PCI_DEVICE_ID_INTEL_82965G_HB, PCI_DEVICE_ID_INTEL_82965G_IG, 0, "965G",
2777 NULL, &intel_i965_driver },
2778 - { PCI_DEVICE_ID_INTEL_82965GM_HB, PCI_DEVICE_ID_INTEL_82965GM_IG, 1, "965GM",
2779 + { PCI_DEVICE_ID_INTEL_82965GM_HB, PCI_DEVICE_ID_INTEL_82965GM_IG, 0, "965GM",
2780 NULL, &intel_i965_driver },
2781 - { PCI_DEVICE_ID_INTEL_82965GM_HB, PCI_DEVICE_ID_INTEL_82965GME_IG, 0, "965GME/GLE",
2782 + { PCI_DEVICE_ID_INTEL_82965GME_HB, PCI_DEVICE_ID_INTEL_82965GME_IG, 0, "965GME/GLE",
2783 NULL, &intel_i965_driver },
2784 { PCI_DEVICE_ID_INTEL_7505_0, 0, 0, "E7505", &intel_7505_driver, NULL },
2785 { PCI_DEVICE_ID_INTEL_7205_0, 0, 0, "E7205", &intel_7505_driver, NULL },
2786 @@ -2051,11 +2056,13 @@ static struct pci_device_id agp_intel_pci_table[] = {
2787 ID(PCI_DEVICE_ID_INTEL_82915GM_HB),
2788 ID(PCI_DEVICE_ID_INTEL_82945G_HB),
2789 ID(PCI_DEVICE_ID_INTEL_82945GM_HB),
2790 + ID(PCI_DEVICE_ID_INTEL_82945GME_HB),
2791 ID(PCI_DEVICE_ID_INTEL_82946GZ_HB),
2792 ID(PCI_DEVICE_ID_INTEL_82965G_1_HB),
2793 ID(PCI_DEVICE_ID_INTEL_82965Q_HB),
2794 ID(PCI_DEVICE_ID_INTEL_82965G_HB),
2795 ID(PCI_DEVICE_ID_INTEL_82965GM_HB),
2796 + ID(PCI_DEVICE_ID_INTEL_82965GME_HB),
2797 ID(PCI_DEVICE_ID_INTEL_G33_HB),
2798 ID(PCI_DEVICE_ID_INTEL_Q35_HB),
2799 ID(PCI_DEVICE_ID_INTEL_Q33_HB),
2800 diff --git a/drivers/char/drm/drm_vm.c b/drivers/char/drm/drm_vm.c
2801 index b5c5b9f..e2d7be9 100644
2802 --- a/drivers/char/drm/drm_vm.c
2803 +++ b/drivers/char/drm/drm_vm.c
2804 @@ -520,6 +520,7 @@ static int drm_mmap_dma(struct file *filp, struct vm_area_struct *vma)
2805 vma->vm_ops = &drm_vm_dma_ops;
2807 vma->vm_flags |= VM_RESERVED; /* Don't swap */
2808 + vma->vm_flags |= VM_DONTEXPAND;
2810 vma->vm_file = filp; /* Needed for drm_vm_open() */
2811 drm_vm_open_locked(vma);
2812 @@ -669,6 +670,7 @@ static int drm_mmap_locked(struct file *filp, struct vm_area_struct *vma)
2813 return -EINVAL; /* This should never happen. */
2814 }
2815 vma->vm_flags |= VM_RESERVED; /* Don't swap */
2816 + vma->vm_flags |= VM_DONTEXPAND;
2818 vma->vm_file = filp; /* Needed for drm_vm_open() */
2819 drm_vm_open_locked(vma);
2820 diff --git a/drivers/char/drm/i915_dma.c b/drivers/char/drm/i915_dma.c
2821 index ea52740..786c0d9 100644
2822 --- a/drivers/char/drm/i915_dma.c
2823 +++ b/drivers/char/drm/i915_dma.c
2824 @@ -184,6 +184,8 @@ static int i915_initialize(drm_device_t * dev,
2825 * private backbuffer/depthbuffer usage.
2826 */
2827 dev_priv->use_mi_batchbuffer_start = 0;
2828 + if (IS_I965G(dev)) /* 965 doesn't support older method */
2829 + dev_priv->use_mi_batchbuffer_start = 1;
2831 /* Allow hardware batchbuffers unless told otherwise.
2832 */
2833 @@ -517,8 +519,13 @@ static int i915_dispatch_batchbuffer(drm_device_t * dev,
2835 if (dev_priv->use_mi_batchbuffer_start) {
2836 BEGIN_LP_RING(2);
2837 - OUT_RING(MI_BATCH_BUFFER_START | (2 << 6));
2838 - OUT_RING(batch->start | MI_BATCH_NON_SECURE);
2839 + if (IS_I965G(dev)) {
2840 + OUT_RING(MI_BATCH_BUFFER_START | (2 << 6) | MI_BATCH_NON_SECURE_I965);
2841 + OUT_RING(batch->start);
2842 + } else {
2843 + OUT_RING(MI_BATCH_BUFFER_START | (2 << 6));
2844 + OUT_RING(batch->start | MI_BATCH_NON_SECURE);
2845 + }
2846 ADVANCE_LP_RING();
2847 } else {
2848 BEGIN_LP_RING(4);
2849 @@ -735,7 +742,8 @@ static int i915_setparam(DRM_IOCTL_ARGS)
2851 switch (param.param) {
2852 case I915_SETPARAM_USE_MI_BATCHBUFFER_START:
2853 - dev_priv->use_mi_batchbuffer_start = param.value;
2854 + if (!IS_I965G(dev))
2855 + dev_priv->use_mi_batchbuffer_start = param.value;
2856 break;
2857 case I915_SETPARAM_TEX_LRU_LOG_GRANULARITY:
2858 dev_priv->tex_lru_log_granularity = param.value;
2859 diff --git a/drivers/char/drm/i915_drv.h b/drivers/char/drm/i915_drv.h
2860 index 85e323a..44a0717 100644
2861 --- a/drivers/char/drm/i915_drv.h
2862 +++ b/drivers/char/drm/i915_drv.h
2863 @@ -282,6 +282,7 @@ extern int i915_wait_ring(drm_device_t * dev, int n, const char *caller);
2864 #define MI_BATCH_BUFFER_START (0x31<<23)
2865 #define MI_BATCH_BUFFER_END (0xA<<23)
2866 #define MI_BATCH_NON_SECURE (1)
2867 +#define MI_BATCH_NON_SECURE_I965 (1<<8)
2869 #define MI_WAIT_FOR_EVENT ((0x3<<23))
2870 #define MI_WAIT_FOR_PLANE_A_FLIP (1<<2)
2871 diff --git a/drivers/char/drm/i915_irq.c b/drivers/char/drm/i915_irq.c
2872 index b92062a..8021ba6 100644
2873 --- a/drivers/char/drm/i915_irq.c
2874 +++ b/drivers/char/drm/i915_irq.c
2875 @@ -541,7 +541,7 @@ int i915_vblank_swap(DRM_IOCTL_ARGS)
2876 return DRM_ERR(EBUSY);
2877 }
2879 - vbl_swap = drm_calloc(1, sizeof(vbl_swap), DRM_MEM_DRIVER);
2880 + vbl_swap = drm_calloc(1, sizeof(*vbl_swap), DRM_MEM_DRIVER);
2882 if (!vbl_swap) {
2883 DRM_ERROR("Failed to allocate memory to queue swap\n");
2884 diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
2885 index 78e1b96..eb894f8 100644
2886 --- a/drivers/char/ipmi/ipmi_si_intf.c
2887 +++ b/drivers/char/ipmi/ipmi_si_intf.c
2888 @@ -2214,7 +2214,8 @@ static int ipmi_pci_resume(struct pci_dev *pdev)
2890 static struct pci_device_id ipmi_pci_devices[] = {
2891 { PCI_DEVICE(PCI_HP_VENDOR_ID, PCI_MMC_DEVICE_ID) },
2892 - { PCI_DEVICE_CLASS(PCI_ERMC_CLASSCODE, PCI_ERMC_CLASSCODE_MASK) }
2893 + { PCI_DEVICE_CLASS(PCI_ERMC_CLASSCODE, PCI_ERMC_CLASSCODE_MASK) },
2894 + { 0, }
2895 };
2896 MODULE_DEVICE_TABLE(pci, ipmi_pci_devices);
2898 diff --git a/drivers/char/mspec.c b/drivers/char/mspec.c
2899 index 7ac3061..5685b7a 100644
2900 --- a/drivers/char/mspec.c
2901 +++ b/drivers/char/mspec.c
2902 @@ -265,7 +265,8 @@ mspec_mmap(struct file *file, struct vm_area_struct *vma, int type)
2903 vdata->refcnt = ATOMIC_INIT(1);
2904 vma->vm_private_data = vdata;
2906 - vma->vm_flags |= (VM_IO | VM_LOCKED | VM_RESERVED | VM_PFNMAP);
2907 + vma->vm_flags |= (VM_IO | VM_LOCKED | VM_RESERVED | VM_PFNMAP |
2908 + VM_DONTEXPAND);
2909 if (vdata->type == MSPEC_FETCHOP || vdata->type == MSPEC_UNCACHED)
2910 vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
2911 vma->vm_ops = &mspec_vm_ops;
2912 diff --git a/drivers/char/random.c b/drivers/char/random.c
2913 index 7f52712..af274e5 100644
2914 --- a/drivers/char/random.c
2915 +++ b/drivers/char/random.c
2916 @@ -693,9 +693,14 @@ static void xfer_secondary_pool(struct entropy_store *r, size_t nbytes)
2918 if (r->pull && r->entropy_count < nbytes * 8 &&
2919 r->entropy_count < r->poolinfo->POOLBITS) {
2920 - int bytes = max_t(int, random_read_wakeup_thresh / 8,
2921 - min_t(int, nbytes, sizeof(tmp)));
2922 + /* If we're limited, always leave two wakeup worth's BITS */
2923 int rsvd = r->limit ? 0 : random_read_wakeup_thresh/4;
2924 + int bytes = nbytes;
2925 +
2926 + /* pull at least as many as BYTES as wakeup BITS */
2927 + bytes = max_t(int, bytes, random_read_wakeup_thresh / 8);
2928 + /* but never more than the buffer size */
2929 + bytes = min_t(int, bytes, sizeof(tmp));
2931 DEBUG_ENT("going to reseed %s with %d bits "
2932 "(%d of %d requested)\n",
2933 @@ -1545,11 +1550,13 @@ __u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr,
2934 * As close as possible to RFC 793, which
2935 * suggests using a 250 kHz clock.
2936 * Further reading shows this assumes 2 Mb/s networks.
2937 - * For 10 Gb/s Ethernet, a 1 GHz clock is appropriate.
2938 - * That's funny, Linux has one built in! Use it!
2939 - * (Networks are faster now - should this be increased?)
2940 + * For 10 Mb/s Ethernet, a 1 MHz clock is appropriate.
2941 + * For 10 Gb/s Ethernet, a 1 GHz clock should be ok, but
2942 + * we also need to limit the resolution so that the u32 seq
2943 + * overlaps less than one time per MSL (2 minutes).
2944 + * Choosing a clock of 64 ns period is OK. (period of 274 s)
2945 */
2946 - seq += ktime_get_real().tv64;
2947 + seq += ktime_get_real().tv64 >> 6;
2948 #if 0
2949 printk("init_seq(%lx, %lx, %d, %d) = %d\n",
2950 saddr, daddr, sport, dport, seq);
2951 diff --git a/drivers/char/sx.c b/drivers/char/sx.c
2952 index 1da92a6..85a2328 100644
2953 --- a/drivers/char/sx.c
2954 +++ b/drivers/char/sx.c
2955 @@ -2721,9 +2721,9 @@ static void __devexit sx_pci_remove(struct pci_dev *pdev)
2956 its because the standard requires it. So check for SUBVENDOR_ID. */
2957 static struct pci_device_id sx_pci_tbl[] = {
2958 { PCI_VENDOR_ID_SPECIALIX, PCI_DEVICE_ID_SPECIALIX_SX_XIO_IO8,
2959 - .subvendor = 0x0200,.subdevice = PCI_ANY_ID },
2960 + .subvendor = PCI_ANY_ID, .subdevice = 0x0200 },
2961 { PCI_VENDOR_ID_SPECIALIX, PCI_DEVICE_ID_SPECIALIX_SX_XIO_IO8,
2962 - .subvendor = 0x0300,.subdevice = PCI_ANY_ID },
2963 + .subvendor = PCI_ANY_ID, .subdevice = 0x0300 },
2964 { 0 }
2965 };
2967 diff --git a/drivers/connector/cn_queue.c b/drivers/connector/cn_queue.c
2968 index 296f510..12ceed5 100644
2969 --- a/drivers/connector/cn_queue.c
2970 +++ b/drivers/connector/cn_queue.c
2971 @@ -99,8 +99,8 @@ int cn_queue_add_callback(struct cn_queue_dev *dev, char *name, struct cb_id *id
2972 spin_unlock_bh(&dev->queue_lock);
2974 if (found) {
2975 - atomic_dec(&dev->refcnt);
2976 cn_queue_free_callback(cbq);
2977 + atomic_dec(&dev->refcnt);
2978 return -EINVAL;
2979 }
2981 diff --git a/drivers/cpufreq/cpufreq_ondemand.c b/drivers/cpufreq/cpufreq_ondemand.c
2982 index 8532bb7..e794527 100644
2983 --- a/drivers/cpufreq/cpufreq_ondemand.c
2984 +++ b/drivers/cpufreq/cpufreq_ondemand.c
2985 @@ -96,15 +96,25 @@ static struct dbs_tuners {
2987 static inline cputime64_t get_cpu_idle_time(unsigned int cpu)
2988 {
2989 - cputime64_t retval;
2990 + cputime64_t idle_time;
2991 + cputime64_t cur_jiffies;
2992 + cputime64_t busy_time;
2994 - retval = cputime64_add(kstat_cpu(cpu).cpustat.idle,
2995 - kstat_cpu(cpu).cpustat.iowait);
2996 + cur_jiffies = jiffies64_to_cputime64(get_jiffies_64());
2997 + busy_time = cputime64_add(kstat_cpu(cpu).cpustat.user,
2998 + kstat_cpu(cpu).cpustat.system);
3000 - if (dbs_tuners_ins.ignore_nice)
3001 - retval = cputime64_add(retval, kstat_cpu(cpu).cpustat.nice);
3002 + busy_time = cputime64_add(busy_time, kstat_cpu(cpu).cpustat.irq);
3003 + busy_time = cputime64_add(busy_time, kstat_cpu(cpu).cpustat.softirq);
3004 + busy_time = cputime64_add(busy_time, kstat_cpu(cpu).cpustat.steal);
3006 - return retval;
3007 + if (!dbs_tuners_ins.ignore_nice) {
3008 + busy_time = cputime64_add(busy_time,
3009 + kstat_cpu(cpu).cpustat.nice);
3010 + }
3011 +
3012 + idle_time = cputime64_sub(cur_jiffies, busy_time);
3013 + return idle_time;
3014 }
3016 /*
3017 @@ -325,7 +335,7 @@ static struct attribute_group dbs_attr_group = {
3018 static void dbs_check_cpu(struct cpu_dbs_info_s *this_dbs_info)
3019 {
3020 unsigned int idle_ticks, total_ticks;
3021 - unsigned int load;
3022 + unsigned int load = 0;
3023 cputime64_t cur_jiffies;
3025 struct cpufreq_policy *policy;
3026 @@ -339,7 +349,8 @@ static void dbs_check_cpu(struct cpu_dbs_info_s *this_dbs_info)
3027 cur_jiffies = jiffies64_to_cputime64(get_jiffies_64());
3028 total_ticks = (unsigned int) cputime64_sub(cur_jiffies,
3029 this_dbs_info->prev_cpu_wall);
3030 - this_dbs_info->prev_cpu_wall = cur_jiffies;
3031 + this_dbs_info->prev_cpu_wall = get_jiffies_64();
3032 +
3033 if (!total_ticks)
3034 return;
3035 /*
3036 @@ -370,7 +381,8 @@ static void dbs_check_cpu(struct cpu_dbs_info_s *this_dbs_info)
3037 if (tmp_idle_ticks < idle_ticks)
3038 idle_ticks = tmp_idle_ticks;
3039 }
3040 - load = (100 * (total_ticks - idle_ticks)) / total_ticks;
3041 + if (likely(total_ticks > idle_ticks))
3042 + load = (100 * (total_ticks - idle_ticks)) / total_ticks;
3044 /* Check for frequency increase */
3045 if (load > dbs_tuners_ins.up_threshold) {
3046 diff --git a/drivers/firewire/fw-card.c b/drivers/firewire/fw-card.c
3047 index 9eb1eda..46d3cf2 100644
3048 --- a/drivers/firewire/fw-card.c
3049 +++ b/drivers/firewire/fw-card.c
3050 @@ -507,9 +507,11 @@ fw_core_remove_card(struct fw_card *card)
3051 /* Set up the dummy driver. */
3052 card->driver = &dummy_driver;
3054 - fw_flush_transactions(card);
3055 -
3056 fw_destroy_nodes(card);
3057 + flush_scheduled_work();
3058 +
3059 + fw_flush_transactions(card);
3060 + del_timer_sync(&card->flush_timer);
3062 fw_card_put(card);
3063 }
3064 diff --git a/drivers/firewire/fw-ohci.c b/drivers/firewire/fw-ohci.c
3065 index 96c8ac5..f1cd9d3 100644
3066 --- a/drivers/firewire/fw-ohci.c
3067 +++ b/drivers/firewire/fw-ohci.c
3068 @@ -586,7 +586,7 @@ static void context_stop(struct context *ctx)
3069 break;
3071 fw_notify("context_stop: still active (0x%08x)\n", reg);
3072 - msleep(1);
3073 + mdelay(1);
3074 }
3075 }
3077 @@ -1934,14 +1934,12 @@ static int pci_suspend(struct pci_dev *pdev, pm_message_t state)
3078 free_irq(pdev->irq, ohci);
3079 err = pci_save_state(pdev);
3080 if (err) {
3081 - fw_error("pci_save_state failed with %d", err);
3082 + fw_error("pci_save_state failed with %d\n", err);
3083 return err;
3084 }
3085 err = pci_set_power_state(pdev, pci_choose_state(pdev, state));
3086 - if (err) {
3087 - fw_error("pci_set_power_state failed with %d", err);
3088 - return err;
3089 - }
3090 + if (err)
3091 + fw_error("pci_set_power_state failed with %d\n", err);
3093 return 0;
3094 }
3095 @@ -1955,7 +1953,7 @@ static int pci_resume(struct pci_dev *pdev)
3096 pci_restore_state(pdev);
3097 err = pci_enable_device(pdev);
3098 if (err) {
3099 - fw_error("pci_enable_device failed with %d", err);
3100 + fw_error("pci_enable_device failed with %d\n", err);
3101 return err;
3102 }
3104 diff --git a/drivers/firewire/fw-sbp2.c b/drivers/firewire/fw-sbp2.c
3105 index a98d391..a68f7de 100644
3106 --- a/drivers/firewire/fw-sbp2.c
3107 +++ b/drivers/firewire/fw-sbp2.c
3108 @@ -985,6 +985,7 @@ static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done)
3109 struct fw_unit *unit = sd->unit;
3110 struct fw_device *device = fw_device(unit->device.parent);
3111 struct sbp2_command_orb *orb;
3112 + unsigned max_payload;
3114 /*
3115 * Bidirectional commands are not yet implemented, and unknown
3116 @@ -1023,8 +1024,10 @@ static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done)
3117 * specifies the max payload size as 2 ^ (max_payload + 2), so
3118 * if we set this to max_speed + 7, we get the right value.
3119 */
3120 + max_payload = device->node->max_speed + 7;
3121 + max_payload = min(max_payload, device->card->max_receive - 1);
3122 orb->request.misc =
3123 - COMMAND_ORB_MAX_PAYLOAD(device->node->max_speed + 7) |
3124 + COMMAND_ORB_MAX_PAYLOAD(max_payload) |
3125 COMMAND_ORB_SPEED(device->node->max_speed) |
3126 COMMAND_ORB_NOTIFY;
3128 diff --git a/drivers/firewire/fw-transaction.c b/drivers/firewire/fw-transaction.c
3129 index 80d0121..a506a1f 100644
3130 --- a/drivers/firewire/fw-transaction.c
3131 +++ b/drivers/firewire/fw-transaction.c
3132 @@ -605,8 +605,10 @@ fw_send_response(struct fw_card *card, struct fw_request *request, int rcode)
3133 * check is sufficient to ensure we don't send response to
3134 * broadcast packets or posted writes.
3135 */
3136 - if (request->ack != ACK_PENDING)
3137 + if (request->ack != ACK_PENDING) {
3138 + kfree(request);
3139 return;
3140 + }
3142 if (rcode == RCODE_COMPLETE)
3143 fw_fill_response(&request->response, request->request_header,
3144 diff --git a/drivers/firewire/fw-transaction.h b/drivers/firewire/fw-transaction.h
3145 index acdc3be..e2b9ca4 100644
3146 --- a/drivers/firewire/fw-transaction.h
3147 +++ b/drivers/firewire/fw-transaction.h
3148 @@ -124,6 +124,10 @@ typedef void (*fw_transaction_callback_t)(struct fw_card *card, int rcode,
3149 size_t length,
3150 void *callback_data);
3152 +/*
3153 + * Important note: The callback must guarantee that either fw_send_response()
3154 + * or kfree() is called on the @request.
3155 + */
3156 typedef void (*fw_address_callback_t)(struct fw_card *card,
3157 struct fw_request *request,
3158 int tcode, int destination, int source,
3159 @@ -228,7 +232,7 @@ struct fw_card {
3160 unsigned long reset_jiffies;
3162 unsigned long long guid;
3163 - int max_receive;
3164 + unsigned max_receive;
3165 int link_speed;
3166 int config_rom_generation;
3168 diff --git a/drivers/hwmon/lm78.c b/drivers/hwmon/lm78.c
3169 index 9fb572f..3507113 100644
3170 --- a/drivers/hwmon/lm78.c
3171 +++ b/drivers/hwmon/lm78.c
3172 @@ -882,7 +882,7 @@ static int __init lm78_isa_device_add(unsigned short address)
3173 {
3174 struct resource res = {
3175 .start = address,
3176 - .end = address + LM78_EXTENT,
3177 + .end = address + LM78_EXTENT - 1,
3178 .name = "lm78",
3179 .flags = IORESOURCE_IO,
3180 };
3181 diff --git a/drivers/hwmon/lm87.c b/drivers/hwmon/lm87.c
3182 index 988ae1c..1128153 100644
3183 --- a/drivers/hwmon/lm87.c
3184 +++ b/drivers/hwmon/lm87.c
3185 @@ -129,7 +129,7 @@ static u8 LM87_REG_TEMP_LOW[3] = { 0x3A, 0x38, 0x2C };
3186 (((val) < 0 ? (val)-500 : (val)+500) / 1000))
3188 #define FAN_FROM_REG(reg,div) ((reg) == 255 || (reg) == 0 ? 0 : \
3189 - 1350000 + (reg)*(div) / 2) / ((reg)*(div))
3190 + (1350000 + (reg)*(div) / 2) / ((reg)*(div)))
3191 #define FAN_TO_REG(val,div) ((val)*(div) * 255 <= 1350000 ? 255 : \
3192 (1350000 + (val)*(div) / 2) / ((val)*(div)))
3194 @@ -145,7 +145,7 @@ static u8 LM87_REG_TEMP_LOW[3] = { 0x3A, 0x38, 0x2C };
3195 #define CHAN_NO_FAN(nr) (1 << (nr))
3196 #define CHAN_TEMP3 (1 << 2)
3197 #define CHAN_VCC_5V (1 << 3)
3198 -#define CHAN_NO_VID (1 << 8)
3199 +#define CHAN_NO_VID (1 << 7)
3201 /*
3202 * Functions declaration
3203 diff --git a/drivers/hwmon/smsc47m1.c b/drivers/hwmon/smsc47m1.c
3204 index 1e21c8c..c3e716e 100644
3205 --- a/drivers/hwmon/smsc47m1.c
3206 +++ b/drivers/hwmon/smsc47m1.c
3207 @@ -585,6 +585,8 @@ static int __devinit smsc47m1_probe(struct platform_device *pdev)
3209 if ((err = device_create_file(dev, &dev_attr_alarms)))
3210 goto error_remove_files;
3211 + if ((err = device_create_file(dev, &dev_attr_name)))
3212 + goto error_remove_files;
3214 data->class_dev = hwmon_device_register(dev);
3215 if (IS_ERR(data->class_dev)) {
3216 diff --git a/drivers/hwmon/w83627hf.c b/drivers/hwmon/w83627hf.c
3217 index 12cb40a..6972fdb 100644
3218 --- a/drivers/hwmon/w83627hf.c
3219 +++ b/drivers/hwmon/w83627hf.c
3220 @@ -335,6 +335,7 @@ static int w83627hf_remove(struct platform_device *pdev);
3222 static int w83627hf_read_value(struct w83627hf_data *data, u16 reg);
3223 static int w83627hf_write_value(struct w83627hf_data *data, u16 reg, u16 value);
3224 +static void w83627hf_update_fan_div(struct w83627hf_data *data);
3225 static struct w83627hf_data *w83627hf_update_device(struct device *dev);
3226 static void w83627hf_init_device(struct platform_device *pdev);
3228 @@ -1127,6 +1128,7 @@ static int __devinit w83627hf_probe(struct platform_device *pdev)
3229 data->fan_min[0] = w83627hf_read_value(data, W83781D_REG_FAN_MIN(1));
3230 data->fan_min[1] = w83627hf_read_value(data, W83781D_REG_FAN_MIN(2));
3231 data->fan_min[2] = w83627hf_read_value(data, W83781D_REG_FAN_MIN(3));
3232 + w83627hf_update_fan_div(data);
3234 /* Register common device attributes */
3235 if ((err = sysfs_create_group(&dev->kobj, &w83627hf_group)))
3236 @@ -1207,6 +1209,24 @@ static int __devexit w83627hf_remove(struct platform_device *pdev)
3237 }
3240 +/* Registers 0x50-0x5f are banked */
3241 +static inline void w83627hf_set_bank(struct w83627hf_data *data, u16 reg)
3242 +{
3243 + if ((reg & 0x00f0) == 0x50) {
3244 + outb_p(W83781D_REG_BANK, data->addr + W83781D_ADDR_REG_OFFSET);
3245 + outb_p(reg >> 8, data->addr + W83781D_DATA_REG_OFFSET);
3246 + }
3247 +}
3248 +
3249 +/* Not strictly necessary, but play it safe for now */
3250 +static inline void w83627hf_reset_bank(struct w83627hf_data *data, u16 reg)
3251 +{
3252 + if (reg & 0xff00) {
3253 + outb_p(W83781D_REG_BANK, data->addr + W83781D_ADDR_REG_OFFSET);
3254 + outb_p(0, data->addr + W83781D_DATA_REG_OFFSET);
3255 + }
3256 +}
3257 +
3258 static int w83627hf_read_value(struct w83627hf_data *data, u16 reg)
3259 {
3260 int res, word_sized;
3261 @@ -1217,12 +1237,7 @@ static int w83627hf_read_value(struct w83627hf_data *data, u16 reg)
3262 && (((reg & 0x00ff) == 0x50)
3263 || ((reg & 0x00ff) == 0x53)
3264 || ((reg & 0x00ff) == 0x55));
3265 - if (reg & 0xff00) {
3266 - outb_p(W83781D_REG_BANK,
3267 - data->addr + W83781D_ADDR_REG_OFFSET);
3268 - outb_p(reg >> 8,
3269 - data->addr + W83781D_DATA_REG_OFFSET);
3270 - }
3271 + w83627hf_set_bank(data, reg);
3272 outb_p(reg & 0xff, data->addr + W83781D_ADDR_REG_OFFSET);
3273 res = inb_p(data->addr + W83781D_DATA_REG_OFFSET);
3274 if (word_sized) {
3275 @@ -1232,11 +1247,7 @@ static int w83627hf_read_value(struct w83627hf_data *data, u16 reg)
3276 (res << 8) + inb_p(data->addr +
3277 W83781D_DATA_REG_OFFSET);
3278 }
3279 - if (reg & 0xff00) {
3280 - outb_p(W83781D_REG_BANK,
3281 - data->addr + W83781D_ADDR_REG_OFFSET);
3282 - outb_p(0, data->addr + W83781D_DATA_REG_OFFSET);
3283 - }
3284 + w83627hf_reset_bank(data, reg);
3285 mutex_unlock(&data->lock);
3286 return res;
3287 }
3288 @@ -1307,12 +1318,7 @@ static int w83627hf_write_value(struct w83627hf_data *data, u16 reg, u16 value)
3289 || ((reg & 0xff00) == 0x200))
3290 && (((reg & 0x00ff) == 0x53)
3291 || ((reg & 0x00ff) == 0x55));
3292 - if (reg & 0xff00) {
3293 - outb_p(W83781D_REG_BANK,
3294 - data->addr + W83781D_ADDR_REG_OFFSET);
3295 - outb_p(reg >> 8,
3296 - data->addr + W83781D_DATA_REG_OFFSET);
3297 - }
3298 + w83627hf_set_bank(data, reg);
3299 outb_p(reg & 0xff, data->addr + W83781D_ADDR_REG_OFFSET);
3300 if (word_sized) {
3301 outb_p(value >> 8,
3302 @@ -1322,11 +1328,7 @@ static int w83627hf_write_value(struct w83627hf_data *data, u16 reg, u16 value)
3303 }
3304 outb_p(value & 0xff,
3305 data->addr + W83781D_DATA_REG_OFFSET);
3306 - if (reg & 0xff00) {
3307 - outb_p(W83781D_REG_BANK,
3308 - data->addr + W83781D_ADDR_REG_OFFSET);
3309 - outb_p(0, data->addr + W83781D_DATA_REG_OFFSET);
3310 - }
3311 + w83627hf_reset_bank(data, reg);
3312 mutex_unlock(&data->lock);
3313 return 0;
3314 }
3315 @@ -1430,6 +1432,24 @@ static void __devinit w83627hf_init_device(struct platform_device *pdev)
3316 | 0x01);
3317 }
3319 +static void w83627hf_update_fan_div(struct w83627hf_data *data)
3320 +{
3321 + int reg;
3322 +
3323 + reg = w83627hf_read_value(data, W83781D_REG_VID_FANDIV);
3324 + data->fan_div[0] = (reg >> 4) & 0x03;
3325 + data->fan_div[1] = (reg >> 6) & 0x03;
3326 + if (data->type != w83697hf) {
3327 + data->fan_div[2] = (w83627hf_read_value(data,
3328 + W83781D_REG_PIN) >> 6) & 0x03;
3329 + }
3330 + reg = w83627hf_read_value(data, W83781D_REG_VBAT);
3331 + data->fan_div[0] |= (reg >> 3) & 0x04;
3332 + data->fan_div[1] |= (reg >> 4) & 0x04;
3333 + if (data->type != w83697hf)
3334 + data->fan_div[2] |= (reg >> 5) & 0x04;
3335 +}
3336 +
3337 static struct w83627hf_data *w83627hf_update_device(struct device *dev)
3338 {
3339 struct w83627hf_data *data = dev_get_drvdata(dev);
3340 @@ -1493,18 +1513,8 @@ static struct w83627hf_data *w83627hf_update_device(struct device *dev)
3341 w83627hf_read_value(data, W83781D_REG_TEMP_HYST(3));
3342 }
3344 - i = w83627hf_read_value(data, W83781D_REG_VID_FANDIV);
3345 - data->fan_div[0] = (i >> 4) & 0x03;
3346 - data->fan_div[1] = (i >> 6) & 0x03;
3347 - if (data->type != w83697hf) {
3348 - data->fan_div[2] = (w83627hf_read_value(data,
3349 - W83781D_REG_PIN) >> 6) & 0x03;
3350 - }
3351 - i = w83627hf_read_value(data, W83781D_REG_VBAT);
3352 - data->fan_div[0] |= (i >> 3) & 0x04;
3353 - data->fan_div[1] |= (i >> 4) & 0x04;
3354 - if (data->type != w83697hf)
3355 - data->fan_div[2] |= (i >> 5) & 0x04;
3356 + w83627hf_update_fan_div(data);
3357 +
3358 data->alarms =
3359 w83627hf_read_value(data, W83781D_REG_ALARM1) |
3360 (w83627hf_read_value(data, W83781D_REG_ALARM2) << 8) |
3361 diff --git a/drivers/hwmon/w83781d.c b/drivers/hwmon/w83781d.c
3362 index f85b48f..dcc941a 100644
3363 --- a/drivers/hwmon/w83781d.c
3364 +++ b/drivers/hwmon/w83781d.c
3365 @@ -740,9 +740,9 @@ store_sensor(struct device *dev, struct device_attribute *da,
3366 static SENSOR_DEVICE_ATTR(temp1_type, S_IRUGO | S_IWUSR,
3367 show_sensor, store_sensor, 0);
3368 static SENSOR_DEVICE_ATTR(temp2_type, S_IRUGO | S_IWUSR,
3369 - show_sensor, store_sensor, 0);
3370 + show_sensor, store_sensor, 1);
3371 static SENSOR_DEVICE_ATTR(temp3_type, S_IRUGO | S_IWUSR,
3372 - show_sensor, store_sensor, 0);
3373 + show_sensor, store_sensor, 2);
3375 /* I2C devices get this name attribute automatically, but for ISA devices
3376 we must create it by ourselves. */
3377 @@ -1746,7 +1746,7 @@ w83781d_isa_device_add(unsigned short address)
3378 {
3379 struct resource res = {
3380 .start = address,
3381 - .end = address + W83781D_EXTENT,
3382 + .end = address + W83781D_EXTENT - 1,
3383 .name = "w83781d",
3384 .flags = IORESOURCE_IO,
3385 };
3386 diff --git a/drivers/i2c/algos/i2c-algo-bit.c b/drivers/i2c/algos/i2c-algo-bit.c
3387 index 8a5f582..7f0a0a6 100644
3388 --- a/drivers/i2c/algos/i2c-algo-bit.c
3389 +++ b/drivers/i2c/algos/i2c-algo-bit.c
3390 @@ -357,13 +357,29 @@ static int sendbytes(struct i2c_adapter *i2c_adap, struct i2c_msg *msg)
3391 return wrcount;
3392 }
3394 +static int acknak(struct i2c_adapter *i2c_adap, int is_ack)
3395 +{
3396 + struct i2c_algo_bit_data *adap = i2c_adap->algo_data;
3397 +
3398 + /* assert: sda is high */
3399 + if (is_ack) /* send ack */
3400 + setsda(adap, 0);
3401 + udelay((adap->udelay + 1) / 2);
3402 + if (sclhi(adap) < 0) { /* timeout */
3403 + dev_err(&i2c_adap->dev, "readbytes: ack/nak timeout\n");
3404 + return -ETIMEDOUT;
3405 + }
3406 + scllo(adap);
3407 + return 0;
3408 +}
3409 +
3410 static int readbytes(struct i2c_adapter *i2c_adap, struct i2c_msg *msg)
3411 {
3412 int inval;
3413 int rdcount=0; /* counts bytes read */
3414 - struct i2c_algo_bit_data *adap = i2c_adap->algo_data;
3415 unsigned char *temp = msg->buf;
3416 int count = msg->len;
3417 + const unsigned flags = msg->flags;
3419 while (count > 0) {
3420 inval = i2c_inb(i2c_adap);
3421 @@ -377,28 +393,12 @@ static int readbytes(struct i2c_adapter *i2c_adap, struct i2c_msg *msg)
3422 temp++;
3423 count--;
3425 - if (msg->flags & I2C_M_NO_RD_ACK) {
3426 - bit_dbg(2, &i2c_adap->dev, "i2c_inb: 0x%02x\n",
3427 - inval);
3428 - continue;
3429 - }
3430 -
3431 - /* assert: sda is high */
3432 - if (count) /* send ack */
3433 - setsda(adap, 0);
3434 - udelay((adap->udelay + 1) / 2);
3435 - bit_dbg(2, &i2c_adap->dev, "i2c_inb: 0x%02x %s\n", inval,
3436 - count ? "A" : "NA");
3437 - if (sclhi(adap)<0) { /* timeout */
3438 - dev_err(&i2c_adap->dev, "readbytes: timeout at ack\n");
3439 - return -ETIMEDOUT;
3440 - };
3441 - scllo(adap);
3442 -
3443 /* Some SMBus transactions require that we receive the
3444 transaction length as the first read byte. */
3445 - if (rdcount == 1 && (msg->flags & I2C_M_RECV_LEN)) {
3446 + if (rdcount == 1 && (flags & I2C_M_RECV_LEN)) {
3447 if (inval <= 0 || inval > I2C_SMBUS_BLOCK_MAX) {
3448 + if (!(flags & I2C_M_NO_RD_ACK))
3449 + acknak(i2c_adap, 0);
3450 dev_err(&i2c_adap->dev, "readbytes: invalid "
3451 "block length (%d)\n", inval);
3452 return -EREMOTEIO;
3453 @@ -409,6 +409,18 @@ static int readbytes(struct i2c_adapter *i2c_adap, struct i2c_msg *msg)
3454 count += inval;
3455 msg->len += inval;
3456 }
3457 +
3458 + bit_dbg(2, &i2c_adap->dev, "readbytes: 0x%02x %s\n",
3459 + inval,
3460 + (flags & I2C_M_NO_RD_ACK)
3461 + ? "(no ack/nak)"
3462 + : (count ? "A" : "NA"));
3463 +
3464 + if (!(flags & I2C_M_NO_RD_ACK)) {
3465 + inval = acknak(i2c_adap, count);
3466 + if (inval < 0)
3467 + return inval;
3468 + }
3469 }
3470 return rdcount;
3471 }
3472 diff --git a/drivers/i2c/busses/i2c-pasemi.c b/drivers/i2c/busses/i2c-pasemi.c
3473 index 58e3271..dcf5dec 100644
3474 --- a/drivers/i2c/busses/i2c-pasemi.c
3475 +++ b/drivers/i2c/busses/i2c-pasemi.c
3476 @@ -51,6 +51,7 @@ struct pasemi_smbus {
3477 #define MRXFIFO_DATA_M 0x000000ff
3479 #define SMSTA_XEN 0x08000000
3480 +#define SMSTA_MTN 0x00200000
3482 #define CTL_MRR 0x00000400
3483 #define CTL_MTR 0x00000200
3484 @@ -98,6 +99,10 @@ static unsigned int pasemi_smb_waitready(struct pasemi_smbus *smbus)
3485 status = reg_read(smbus, REG_SMSTA);
3486 }
3488 + /* Got NACK? */
3489 + if (status & SMSTA_MTN)
3490 + return -ENXIO;
3491 +
3492 if (timeout < 0) {
3493 dev_warn(&smbus->dev->dev, "Timeout, status 0x%08x\n", status);
3494 reg_write(smbus, REG_SMSTA, status);
3495 diff --git a/drivers/i2c/chips/eeprom.c b/drivers/i2c/chips/eeprom.c
3496 index bfce13c..5ad36ab 100644
3497 --- a/drivers/i2c/chips/eeprom.c
3498 +++ b/drivers/i2c/chips/eeprom.c
3499 @@ -125,13 +125,20 @@ static ssize_t eeprom_read(struct kobject *kobj, char *buf, loff_t off, size_t c
3500 for (slice = off >> 5; slice <= (off + count - 1) >> 5; slice++)
3501 eeprom_update_client(client, slice);
3503 - /* Hide Vaio security settings to regular users (16 first bytes) */
3504 - if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) {
3505 - size_t in_row1 = 16 - off;
3506 - in_row1 = min(in_row1, count);
3507 - memset(buf, 0, in_row1);
3508 - if (count - in_row1 > 0)
3509 - memcpy(buf + in_row1, &data->data[16], count - in_row1);
3510 + /* Hide Vaio private settings to regular users:
3511 + - BIOS passwords: bytes 0x00 to 0x0f
3512 + - UUID: bytes 0x10 to 0x1f
3513 + - Serial number: 0xc0 to 0xdf */
3514 + if (data->nature == VAIO && !capable(CAP_SYS_ADMIN)) {
3515 + int i;
3516 +
3517 + for (i = 0; i < count; i++) {
3518 + if ((off + i <= 0x1f) ||
3519 + (off + i >= 0xc0 && off + i <= 0xdf))
3520 + buf[i] = 0;
3521 + else
3522 + buf[i] = data->data[off + i];
3523 + }
3524 } else {
3525 memcpy(buf, &data->data[off], count);
3526 }
3527 @@ -195,14 +202,18 @@ static int eeprom_detect(struct i2c_adapter *adapter, int address, int kind)
3528 goto exit_kfree;
3530 /* Detect the Vaio nature of EEPROMs.
3531 - We use the "PCG-" prefix as the signature. */
3532 + We use the "PCG-" or "VGN-" prefix as the signature. */
3533 if (address == 0x57) {
3534 - if (i2c_smbus_read_byte_data(new_client, 0x80) == 'P'
3535 - && i2c_smbus_read_byte(new_client) == 'C'
3536 - && i2c_smbus_read_byte(new_client) == 'G'
3537 - && i2c_smbus_read_byte(new_client) == '-') {
3538 + char name[4];
3539 +
3540 + name[0] = i2c_smbus_read_byte_data(new_client, 0x80);
3541 + name[1] = i2c_smbus_read_byte(new_client);
3542 + name[2] = i2c_smbus_read_byte(new_client);
3543 + name[3] = i2c_smbus_read_byte(new_client);
3544 +
3545 + if (!memcmp(name, "PCG-", 4) || !memcmp(name, "VGN-", 4)) {
3546 dev_info(&new_client->dev, "Vaio EEPROM detected, "
3547 - "enabling password protection\n");
3548 + "enabling privacy protection\n");
3549 data->nature = VAIO;
3550 }
3551 }
3552 diff --git a/drivers/ide/pci/serverworks.c b/drivers/ide/pci/serverworks.c
3553 index d9c4fd1..096a081 100644
3554 --- a/drivers/ide/pci/serverworks.c
3555 +++ b/drivers/ide/pci/serverworks.c
3556 @@ -101,6 +101,7 @@ static u8 svwks_udma_filter(ide_drive_t *drive)
3557 mode = 2;
3559 switch(mode) {
3560 + case 3: mask = 0x3f; break;
3561 case 2: mask = 0x1f; break;
3562 case 1: mask = 0x07; break;
3563 default: mask = 0x00; break;
3564 diff --git a/drivers/ieee1394/ieee1394_core.c b/drivers/ieee1394/ieee1394_core.c
3565 index 8f71b6a..ac07a05 100644
3566 --- a/drivers/ieee1394/ieee1394_core.c
3567 +++ b/drivers/ieee1394/ieee1394_core.c
3568 @@ -1279,7 +1279,7 @@ static void __exit ieee1394_cleanup(void)
3569 unregister_chrdev_region(IEEE1394_CORE_DEV, 256);
3570 }
3572 -fs_initcall(ieee1394_init); /* same as ohci1394 */
3573 +module_init(ieee1394_init);
3574 module_exit(ieee1394_cleanup);
3576 /* Exported symbols */
3577 diff --git a/drivers/ieee1394/ohci1394.c b/drivers/ieee1394/ohci1394.c
3578 index 5dadfd2..e65760f 100644
3579 --- a/drivers/ieee1394/ohci1394.c
3580 +++ b/drivers/ieee1394/ohci1394.c
3581 @@ -3773,7 +3773,5 @@ static int __init ohci1394_init(void)
3582 return pci_register_driver(&ohci1394_pci_driver);
3583 }
3585 -/* Register before most other device drivers.
3586 - * Useful for remote debugging via physical DMA, e.g. using firescope. */
3587 -fs_initcall(ohci1394_init);
3588 +module_init(ohci1394_init);
3589 module_exit(ohci1394_cleanup);
3590 diff --git a/drivers/ieee1394/sbp2.c b/drivers/ieee1394/sbp2.c
3591 index 3f873cc..c7ff28a 100644
3592 --- a/drivers/ieee1394/sbp2.c
3593 +++ b/drivers/ieee1394/sbp2.c
3594 @@ -774,11 +774,6 @@ static struct sbp2_lu *sbp2_alloc_device(struct unit_directory *ud)
3595 SBP2_ERR("failed to register lower 4GB address range");
3596 goto failed_alloc;
3597 }
3598 -#else
3599 - if (dma_set_mask(hi->host->device.parent, DMA_32BIT_MASK)) {
3600 - SBP2_ERR("failed to set 4GB DMA mask");
3601 - goto failed_alloc;
3602 - }
3603 #endif
3604 }
3606 diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c
3607 index 01d7008..495c803 100644
3608 --- a/drivers/infiniband/core/uverbs_cmd.c
3609 +++ b/drivers/infiniband/core/uverbs_cmd.c
3610 @@ -147,8 +147,12 @@ static struct ib_uobject *__idr_get_uobj(struct idr *idr, int id,
3612 spin_lock(&ib_uverbs_idr_lock);
3613 uobj = idr_find(idr, id);
3614 - if (uobj)
3615 - kref_get(&uobj->ref);
3616 + if (uobj) {
3617 + if (uobj->context == context)
3618 + kref_get(&uobj->ref);
3619 + else
3620 + uobj = NULL;
3621 + }
3622 spin_unlock(&ib_uverbs_idr_lock);
3624 return uobj;
3625 diff --git a/drivers/input/mouse/lifebook.c b/drivers/input/mouse/lifebook.c
3626 index 1740cad..91109b4 100644
3627 --- a/drivers/input/mouse/lifebook.c
3628 +++ b/drivers/input/mouse/lifebook.c
3629 @@ -109,7 +109,7 @@ static psmouse_ret_t lifebook_process_byte(struct psmouse *psmouse)
3630 {
3631 struct lifebook_data *priv = psmouse->private;
3632 struct input_dev *dev1 = psmouse->dev;
3633 - struct input_dev *dev2 = priv->dev2;
3634 + struct input_dev *dev2 = priv ? priv->dev2 : NULL;
3635 unsigned char *packet = psmouse->packet;
3636 int relative_packet = packet[0] & 0x08;
3638 diff --git a/drivers/isdn/hardware/avm/b1.c b/drivers/isdn/hardware/avm/b1.c
3639 index 7a69a18..4484a64 100644
3640 --- a/drivers/isdn/hardware/avm/b1.c
3641 +++ b/drivers/isdn/hardware/avm/b1.c
3642 @@ -321,12 +321,15 @@ void b1_reset_ctr(struct capi_ctr *ctrl)
3643 avmctrl_info *cinfo = (avmctrl_info *)(ctrl->driverdata);
3644 avmcard *card = cinfo->card;
3645 unsigned int port = card->port;
3646 + unsigned long flags;
3648 b1_reset(port);
3649 b1_reset(port);
3651 memset(cinfo->version, 0, sizeof(cinfo->version));
3652 + spin_lock_irqsave(&card->lock, flags);
3653 capilib_release(&cinfo->ncci_head);
3654 + spin_unlock_irqrestore(&card->lock, flags);
3655 capi_ctr_reseted(ctrl);
3656 }
3658 @@ -361,9 +364,8 @@ void b1_release_appl(struct capi_ctr *ctrl, u16 appl)
3659 unsigned int port = card->port;
3660 unsigned long flags;
3662 - capilib_release_appl(&cinfo->ncci_head, appl);
3663 -
3664 spin_lock_irqsave(&card->lock, flags);
3665 + capilib_release_appl(&cinfo->ncci_head, appl);
3666 b1_put_byte(port, SEND_RELEASE);
3667 b1_put_word(port, appl);
3668 spin_unlock_irqrestore(&card->lock, flags);
3669 @@ -380,27 +382,27 @@ u16 b1_send_message(struct capi_ctr *ctrl, struct sk_buff *skb)
3670 u8 subcmd = CAPIMSG_SUBCOMMAND(skb->data);
3671 u16 dlen, retval;
3673 + spin_lock_irqsave(&card->lock, flags);
3674 if (CAPICMD(cmd, subcmd) == CAPI_DATA_B3_REQ) {
3675 retval = capilib_data_b3_req(&cinfo->ncci_head,
3676 CAPIMSG_APPID(skb->data),
3677 CAPIMSG_NCCI(skb->data),
3678 CAPIMSG_MSGID(skb->data));
3679 - if (retval != CAPI_NOERROR)
3680 + if (retval != CAPI_NOERROR) {
3681 + spin_unlock_irqrestore(&card->lock, flags);
3682 return retval;
3683 + }
3685 dlen = CAPIMSG_DATALEN(skb->data);
3687 - spin_lock_irqsave(&card->lock, flags);
3688 b1_put_byte(port, SEND_DATA_B3_REQ);
3689 b1_put_slice(port, skb->data, len);
3690 b1_put_slice(port, skb->data + len, dlen);
3691 - spin_unlock_irqrestore(&card->lock, flags);
3692 } else {
3693 - spin_lock_irqsave(&card->lock, flags);
3694 b1_put_byte(port, SEND_MESSAGE);
3695 b1_put_slice(port, skb->data, len);
3696 - spin_unlock_irqrestore(&card->lock, flags);
3697 }
3698 + spin_unlock_irqrestore(&card->lock, flags);
3700 dev_kfree_skb_any(skb);
3701 return CAPI_NOERROR;
3702 @@ -534,17 +536,17 @@ irqreturn_t b1_interrupt(int interrupt, void *devptr)
3704 ApplId = (unsigned) b1_get_word(card->port);
3705 MsgLen = b1_get_slice(card->port, card->msgbuf);
3706 - spin_unlock_irqrestore(&card->lock, flags);
3707 if (!(skb = alloc_skb(MsgLen, GFP_ATOMIC))) {
3708 printk(KERN_ERR "%s: incoming packet dropped\n",
3709 card->name);
3710 + spin_unlock_irqrestore(&card->lock, flags);
3711 } else {
3712 memcpy(skb_put(skb, MsgLen), card->msgbuf, MsgLen);
3713 if (CAPIMSG_CMD(skb->data) == CAPI_DATA_B3_CONF)
3714 capilib_data_b3_conf(&cinfo->ncci_head, ApplId,
3715 CAPIMSG_NCCI(skb->data),
3716 CAPIMSG_MSGID(skb->data));
3717 -
3718 + spin_unlock_irqrestore(&card->lock, flags);
3719 capi_ctr_handle_message(ctrl, ApplId, skb);
3720 }
3721 break;
3722 @@ -554,21 +556,17 @@ irqreturn_t b1_interrupt(int interrupt, void *devptr)
3723 ApplId = b1_get_word(card->port);
3724 NCCI = b1_get_word(card->port);
3725 WindowSize = b1_get_word(card->port);
3726 - spin_unlock_irqrestore(&card->lock, flags);
3727 -
3728 capilib_new_ncci(&cinfo->ncci_head, ApplId, NCCI, WindowSize);
3729 -
3730 + spin_unlock_irqrestore(&card->lock, flags);
3731 break;
3733 case RECEIVE_FREE_NCCI:
3735 ApplId = b1_get_word(card->port);
3736 NCCI = b1_get_word(card->port);
3737 - spin_unlock_irqrestore(&card->lock, flags);
3738 -
3739 if (NCCI != 0xffffffff)
3740 capilib_free_ncci(&cinfo->ncci_head, ApplId, NCCI);
3741 -
3742 + spin_unlock_irqrestore(&card->lock, flags);
3743 break;
3745 case RECEIVE_START:
3746 diff --git a/drivers/isdn/hardware/avm/c4.c b/drivers/isdn/hardware/avm/c4.c
3747 index d58f927..8710cf6 100644
3748 --- a/drivers/isdn/hardware/avm/c4.c
3749 +++ b/drivers/isdn/hardware/avm/c4.c
3750 @@ -727,6 +727,7 @@ static void c4_send_init(avmcard *card)
3751 {
3752 struct sk_buff *skb;
3753 void *p;
3754 + unsigned long flags;
3756 skb = alloc_skb(15, GFP_ATOMIC);
3757 if (!skb) {
3758 @@ -744,12 +745,15 @@ static void c4_send_init(avmcard *card)
3759 skb_put(skb, (u8 *)p - (u8 *)skb->data);
3761 skb_queue_tail(&card->dma->send_queue, skb);
3762 + spin_lock_irqsave(&card->lock, flags);
3763 c4_dispatch_tx(card);
3764 + spin_unlock_irqrestore(&card->lock, flags);
3765 }
3767 static int queue_sendconfigword(avmcard *card, u32 val)
3768 {
3769 struct sk_buff *skb;
3770 + unsigned long flags;
3771 void *p;
3773 skb = alloc_skb(3+4, GFP_ATOMIC);
3774 @@ -766,7 +770,9 @@ static int queue_sendconfigword(avmcard *card, u32 val)
3775 skb_put(skb, (u8 *)p - (u8 *)skb->data);
3777 skb_queue_tail(&card->dma->send_queue, skb);
3778 + spin_lock_irqsave(&card->lock, flags);
3779 c4_dispatch_tx(card);
3780 + spin_unlock_irqrestore(&card->lock, flags);
3781 return 0;
3782 }
3784 @@ -986,7 +992,9 @@ static void c4_release_appl(struct capi_ctr *ctrl, u16 appl)
3785 struct sk_buff *skb;
3786 void *p;
3788 + spin_lock_irqsave(&card->lock, flags);
3789 capilib_release_appl(&cinfo->ncci_head, appl);
3790 + spin_unlock_irqrestore(&card->lock, flags);
3792 if (ctrl->cnr == card->cardnr) {
3793 skb = alloc_skb(7, GFP_ATOMIC);
3794 @@ -1019,7 +1027,8 @@ static u16 c4_send_message(struct capi_ctr *ctrl, struct sk_buff *skb)
3795 u16 retval = CAPI_NOERROR;
3796 unsigned long flags;
3798 - if (CAPIMSG_CMD(skb->data) == CAPI_DATA_B3_REQ) {
3799 + spin_lock_irqsave(&card->lock, flags);
3800 + if (CAPIMSG_CMD(skb->data) == CAPI_DATA_B3_REQ) {
3801 retval = capilib_data_b3_req(&cinfo->ncci_head,
3802 CAPIMSG_APPID(skb->data),
3803 CAPIMSG_NCCI(skb->data),
3804 @@ -1027,10 +1036,9 @@ static u16 c4_send_message(struct capi_ctr *ctrl, struct sk_buff *skb)
3805 }
3806 if (retval == CAPI_NOERROR) {
3807 skb_queue_tail(&card->dma->send_queue, skb);
3808 - spin_lock_irqsave(&card->lock, flags);
3809 c4_dispatch_tx(card);
3810 - spin_unlock_irqrestore(&card->lock, flags);
3811 }
3812 + spin_unlock_irqrestore(&card->lock, flags);
3813 return retval;
3814 }
3816 diff --git a/drivers/isdn/i4l/isdn_common.c b/drivers/isdn/i4l/isdn_common.c
3817 index c97330b..eb9a247 100644
3818 --- a/drivers/isdn/i4l/isdn_common.c
3819 +++ b/drivers/isdn/i4l/isdn_common.c
3820 @@ -1514,6 +1514,7 @@ isdn_ioctl(struct inode *inode, struct file *file, uint cmd, ulong arg)
3821 if (copy_from_user(&iocts, argp,
3822 sizeof(isdn_ioctl_struct)))
3823 return -EFAULT;
3824 + iocts.drvid[sizeof(iocts.drvid)-1] = 0;
3825 if (strlen(iocts.drvid)) {
3826 if ((p = strchr(iocts.drvid, ',')))
3827 *p = 0;
3828 @@ -1598,6 +1599,7 @@ isdn_ioctl(struct inode *inode, struct file *file, uint cmd, ulong arg)
3829 if (copy_from_user(&iocts, argp,
3830 sizeof(isdn_ioctl_struct)))
3831 return -EFAULT;
3832 + iocts.drvid[sizeof(iocts.drvid)-1] = 0;
3833 if (strlen(iocts.drvid)) {
3834 drvidx = -1;
3835 for (i = 0; i < ISDN_MAX_DRIVERS; i++)
3836 @@ -1642,7 +1644,7 @@ isdn_ioctl(struct inode *inode, struct file *file, uint cmd, ulong arg)
3837 } else {
3838 p = (char __user *) iocts.arg;
3839 for (i = 0; i < 10; i++) {
3840 - sprintf(bname, "%s%s",
3841 + snprintf(bname, sizeof(bname), "%s%s",
3842 strlen(dev->drv[drvidx]->msn2eaz[i]) ?
3843 dev->drv[drvidx]->msn2eaz[i] : "_",
3844 (i < 9) ? "," : "\0");
3845 @@ -1672,6 +1674,7 @@ isdn_ioctl(struct inode *inode, struct file *file, uint cmd, ulong arg)
3846 char *p;
3847 if (copy_from_user(&iocts, argp, sizeof(isdn_ioctl_struct)))
3848 return -EFAULT;
3849 + iocts.drvid[sizeof(iocts.drvid)-1] = 0;
3850 if (strlen(iocts.drvid)) {
3851 if ((p = strchr(iocts.drvid, ',')))
3852 *p = 0;
3853 diff --git a/drivers/isdn/i4l/isdn_net.c b/drivers/isdn/i4l/isdn_net.c
3854 index aa83277..75e1423 100644
3855 --- a/drivers/isdn/i4l/isdn_net.c
3856 +++ b/drivers/isdn/i4l/isdn_net.c
3857 @@ -2126,7 +2126,7 @@ isdn_net_find_icall(int di, int ch, int idx, setup_parm *setup)
3858 u_long flags;
3859 isdn_net_dev *p;
3860 isdn_net_phone *n;
3861 - char nr[32];
3862 + char nr[ISDN_MSNLEN];
3863 char *my_eaz;
3865 /* Search name in netdev-chain */
3866 @@ -2135,7 +2135,7 @@ isdn_net_find_icall(int di, int ch, int idx, setup_parm *setup)
3867 nr[1] = '\0';
3868 printk(KERN_INFO "isdn_net: Incoming call without OAD, assuming '0'\n");
3869 } else
3870 - strcpy(nr, setup->phone);
3871 + strlcpy(nr, setup->phone, ISDN_MSNLEN);
3872 si1 = (int) setup->si1;
3873 si2 = (int) setup->si2;
3874 if (!setup->eazmsn[0]) {
3875 @@ -2802,7 +2802,7 @@ isdn_net_setcfg(isdn_net_ioctl_cfg * cfg)
3876 chidx = -1;
3877 }
3878 }
3879 - strcpy(lp->msn, cfg->eaz);
3880 + strlcpy(lp->msn, cfg->eaz, sizeof(lp->msn));
3881 lp->pre_device = drvidx;
3882 lp->pre_channel = chidx;
3883 lp->onhtime = cfg->onhtime;
3884 @@ -2951,7 +2951,7 @@ isdn_net_addphone(isdn_net_ioctl_phone * phone)
3885 if (p) {
3886 if (!(n = kmalloc(sizeof(isdn_net_phone), GFP_KERNEL)))
3887 return -ENOMEM;
3888 - strcpy(n->num, phone->phone);
3889 + strlcpy(n->num, phone->phone, sizeof(n->num));
3890 n->next = p->local->phone[phone->outgoing & 1];
3891 p->local->phone[phone->outgoing & 1] = n;
3892 return 0;
3893 diff --git a/drivers/kvm/svm.c b/drivers/kvm/svm.c
3894 index fa17d6d..aee952f 100644
3895 --- a/drivers/kvm/svm.c
3896 +++ b/drivers/kvm/svm.c
3897 @@ -1727,6 +1727,12 @@ static void svm_inject_page_fault(struct kvm_vcpu *vcpu,
3899 static int is_disabled(void)
3900 {
3901 + u64 vm_cr;
3902 +
3903 + rdmsrl(MSR_VM_CR, vm_cr);
3904 + if (vm_cr & (1 << SVM_VM_CR_SVM_DISABLE))
3905 + return 1;
3906 +
3907 return 0;
3908 }
3910 diff --git a/drivers/kvm/svm.h b/drivers/kvm/svm.h
3911 index 5e93814..3b1b0f3 100644
3912 --- a/drivers/kvm/svm.h
3913 +++ b/drivers/kvm/svm.h
3914 @@ -175,8 +175,11 @@ struct __attribute__ ((__packed__)) vmcb {
3915 #define SVM_CPUID_FUNC 0x8000000a
3917 #define MSR_EFER_SVME_MASK (1ULL << 12)
3918 +#define MSR_VM_CR 0xc0010114
3919 #define MSR_VM_HSAVE_PA 0xc0010117ULL
3921 +#define SVM_VM_CR_SVM_DISABLE 4
3922 +
3923 #define SVM_SELECTOR_S_SHIFT 4
3924 #define SVM_SELECTOR_DPL_SHIFT 5
3925 #define SVM_SELECTOR_P_SHIFT 7
3926 diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
3927 index 7b0fcfc..45e1c31 100644
3928 --- a/drivers/md/dm-crypt.c
3929 +++ b/drivers/md/dm-crypt.c
3930 @@ -920,6 +920,8 @@ static void crypt_dtr(struct dm_target *ti)
3931 {
3932 struct crypt_config *cc = (struct crypt_config *) ti->private;
3934 + flush_workqueue(_kcryptd_workqueue);
3935 +
3936 bioset_free(cc->bs);
3937 mempool_destroy(cc->page_pool);
3938 mempool_destroy(cc->io_pool);
3939 @@ -941,9 +943,6 @@ static int crypt_map(struct dm_target *ti, struct bio *bio,
3940 struct crypt_config *cc = ti->private;
3941 struct crypt_io *io;
3943 - if (bio_barrier(bio))
3944 - return -EOPNOTSUPP;
3945 -
3946 io = mempool_alloc(cc->io_pool, GFP_NOIO);
3947 io->target = ti;
3948 io->base_bio = bio;
3949 diff --git a/drivers/md/dm-exception-store.c b/drivers/md/dm-exception-store.c
3950 index 07e0a0c..5c7569c 100644
3951 --- a/drivers/md/dm-exception-store.c
3952 +++ b/drivers/md/dm-exception-store.c
3953 @@ -125,6 +125,8 @@ struct pstore {
3954 uint32_t callback_count;
3955 struct commit_callback *callbacks;
3956 struct dm_io_client *io_client;
3957 +
3958 + struct workqueue_struct *metadata_wq;
3959 };
3961 static inline unsigned int sectors_to_pages(unsigned int sectors)
3962 @@ -156,10 +158,24 @@ static void free_area(struct pstore *ps)
3963 ps->area = NULL;
3964 }
3966 +struct mdata_req {
3967 + struct io_region *where;
3968 + struct dm_io_request *io_req;
3969 + struct work_struct work;
3970 + int result;
3971 +};
3972 +
3973 +static void do_metadata(struct work_struct *work)
3974 +{
3975 + struct mdata_req *req = container_of(work, struct mdata_req, work);
3976 +
3977 + req->result = dm_io(req->io_req, 1, req->where, NULL);
3978 +}
3979 +
3980 /*
3981 * Read or write a chunk aligned and sized block of data from a device.
3982 */
3983 -static int chunk_io(struct pstore *ps, uint32_t chunk, int rw)
3984 +static int chunk_io(struct pstore *ps, uint32_t chunk, int rw, int metadata)
3985 {
3986 struct io_region where = {
3987 .bdev = ps->snap->cow->bdev,
3988 @@ -173,8 +189,23 @@ static int chunk_io(struct pstore *ps, uint32_t chunk, int rw)
3989 .client = ps->io_client,
3990 .notify.fn = NULL,
3991 };
3992 + struct mdata_req req;
3993 +
3994 + if (!metadata)
3995 + return dm_io(&io_req, 1, &where, NULL);
3996 +
3997 + req.where = &where;
3998 + req.io_req = &io_req;
4000 - return dm_io(&io_req, 1, &where, NULL);
4001 + /*
4002 + * Issue the synchronous I/O from a different thread
4003 + * to avoid generic_make_request recursion.
4004 + */
4005 + INIT_WORK(&req.work, do_metadata);
4006 + queue_work(ps->metadata_wq, &req.work);
4007 + flush_workqueue(ps->metadata_wq);
4008 +
4009 + return req.result;
4010 }
4012 /*
4013 @@ -189,7 +220,7 @@ static int area_io(struct pstore *ps, uint32_t area, int rw)
4014 /* convert a metadata area index to a chunk index */
4015 chunk = 1 + ((ps->exceptions_per_area + 1) * area);
4017 - r = chunk_io(ps, chunk, rw);
4018 + r = chunk_io(ps, chunk, rw, 0);
4019 if (r)
4020 return r;
4022 @@ -230,7 +261,7 @@ static int read_header(struct pstore *ps, int *new_snapshot)
4023 if (r)
4024 return r;
4026 - r = chunk_io(ps, 0, READ);
4027 + r = chunk_io(ps, 0, READ, 1);
4028 if (r)
4029 goto bad;
4031 @@ -292,7 +323,7 @@ static int write_header(struct pstore *ps)
4032 dh->version = cpu_to_le32(ps->version);
4033 dh->chunk_size = cpu_to_le32(ps->snap->chunk_size);
4035 - return chunk_io(ps, 0, WRITE);
4036 + return chunk_io(ps, 0, WRITE, 1);
4037 }
4039 /*
4040 @@ -409,6 +440,7 @@ static void persistent_destroy(struct exception_store *store)
4041 {
4042 struct pstore *ps = get_info(store);
4044 + destroy_workqueue(ps->metadata_wq);
4045 dm_io_client_destroy(ps->io_client);
4046 vfree(ps->callbacks);
4047 free_area(ps);
4048 @@ -457,11 +489,6 @@ static int persistent_read_metadata(struct exception_store *store)
4049 /*
4050 * Sanity checks.
4051 */
4052 - if (!ps->valid) {
4053 - DMWARN("snapshot is marked invalid");
4054 - return -EINVAL;
4055 - }
4056 -
4057 if (ps->version != SNAPSHOT_DISK_VERSION) {
4058 DMWARN("unable to handle snapshot disk version %d",
4059 ps->version);
4060 @@ -469,6 +496,12 @@ static int persistent_read_metadata(struct exception_store *store)
4061 }
4063 /*
4064 + * Metadata are valid, but snapshot is invalidated
4065 + */
4066 + if (!ps->valid)
4067 + return 1;
4068 +
4069 + /*
4070 * Read the metadata.
4071 */
4072 r = read_exceptions(ps);
4073 @@ -588,6 +621,12 @@ int dm_create_persistent(struct exception_store *store)
4074 atomic_set(&ps->pending_count, 0);
4075 ps->callbacks = NULL;
4077 + ps->metadata_wq = create_singlethread_workqueue("ksnaphd");
4078 + if (!ps->metadata_wq) {
4079 + DMERR("couldn't start header metadata update thread");
4080 + return -ENOMEM;
4081 + }
4082 +
4083 store->destroy = persistent_destroy;
4084 store->read_metadata = persistent_read_metadata;
4085 store->prepare_exception = persistent_prepare;
4086 diff --git a/drivers/md/dm-io.c b/drivers/md/dm-io.c
4087 index 352c6fb..f3a7724 100644
4088 --- a/drivers/md/dm-io.c
4089 +++ b/drivers/md/dm-io.c
4090 @@ -293,7 +293,10 @@ static void do_region(int rw, unsigned int region, struct io_region *where,
4091 * bvec for bio_get/set_region() and decrement bi_max_vecs
4092 * to hide it from bio_add_page().
4093 */
4094 - num_bvecs = (remaining / (PAGE_SIZE >> SECTOR_SHIFT)) + 2;
4095 + num_bvecs = dm_sector_div_up(remaining,
4096 + (PAGE_SIZE >> SECTOR_SHIFT));
4097 + num_bvecs = 1 + min_t(int, bio_get_nr_vecs(where->bdev),
4098 + num_bvecs);
4099 bio = bio_alloc_bioset(GFP_NOIO, num_bvecs, io->client->bios);
4100 bio->bi_sector = where->sector + (where->count - remaining);
4101 bio->bi_bdev = where->bdev;
4102 diff --git a/drivers/md/dm-mpath.c b/drivers/md/dm-mpath.c
4103 index de54b39..bfb2ea3 100644
4104 --- a/drivers/md/dm-mpath.c
4105 +++ b/drivers/md/dm-mpath.c
4106 @@ -798,9 +798,6 @@ static int multipath_map(struct dm_target *ti, struct bio *bio,
4107 struct mpath_io *mpio;
4108 struct multipath *m = (struct multipath *) ti->private;
4110 - if (bio_barrier(bio))
4111 - return -EOPNOTSUPP;
4112 -
4113 mpio = mempool_alloc(m->mpio_pool, GFP_NOIO);
4114 dm_bio_record(&mpio->details, bio);
4116 diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c
4117 index ef124b7..7113af3 100644
4118 --- a/drivers/md/dm-raid1.c
4119 +++ b/drivers/md/dm-raid1.c
4120 @@ -1288,12 +1288,12 @@ static int mirror_status(struct dm_target *ti, status_type_t type,
4121 for (m = 0; m < ms->nr_mirrors; m++)
4122 DMEMIT("%s ", ms->mirror[m].dev->name);
4124 - DMEMIT("%llu/%llu",
4125 + DMEMIT("%llu/%llu 0 ",
4126 (unsigned long long)ms->rh.log->type->
4127 get_sync_count(ms->rh.log),
4128 (unsigned long long)ms->nr_regions);
4130 - sz = ms->rh.log->type->status(ms->rh.log, type, result, maxlen);
4131 + sz += ms->rh.log->type->status(ms->rh.log, type, result+sz, maxlen-sz);
4133 break;
4135 diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c
4136 index 0821a2b..3955621 100644
4137 --- a/drivers/md/dm-snap.c
4138 +++ b/drivers/md/dm-snap.c
4139 @@ -522,9 +522,12 @@ static int snapshot_ctr(struct dm_target *ti, unsigned int argc, char **argv)
4141 /* Metadata must only be loaded into one table at once */
4142 r = s->store.read_metadata(&s->store);
4143 - if (r) {
4144 + if (r < 0) {
4145 ti->error = "Failed to read snapshot metadata";
4146 goto bad6;
4147 + } else if (r > 0) {
4148 + s->valid = 0;
4149 + DMWARN("Snapshot is marked invalid.");
4150 }
4152 bio_list_init(&s->queued_bios);
4153 @@ -884,9 +887,6 @@ static int snapshot_map(struct dm_target *ti, struct bio *bio,
4154 if (!s->valid)
4155 return -EIO;
4157 - if (unlikely(bio_barrier(bio)))
4158 - return -EOPNOTSUPP;
4159 -
4160 /* FIXME: should only take write lock if we need
4161 * to copy an exception */
4162 down_write(&s->lock);
4163 @@ -1157,9 +1157,6 @@ static int origin_map(struct dm_target *ti, struct bio *bio,
4164 struct dm_dev *dev = (struct dm_dev *) ti->private;
4165 bio->bi_bdev = dev->bdev;
4167 - if (unlikely(bio_barrier(bio)))
4168 - return -EOPNOTSUPP;
4169 -
4170 /* Only tell snapshots if this is a write */
4171 return (bio_rw(bio) == WRITE) ? do_origin(dev, bio) : DM_MAPIO_REMAPPED;
4172 }
4173 diff --git a/drivers/md/dm.c b/drivers/md/dm.c
4174 index 2717a35..75bd2fd 100644
4175 --- a/drivers/md/dm.c
4176 +++ b/drivers/md/dm.c
4177 @@ -802,6 +802,15 @@ static int dm_request(request_queue_t *q, struct bio *bio)
4178 int rw = bio_data_dir(bio);
4179 struct mapped_device *md = q->queuedata;
4181 + /*
4182 + * There is no use in forwarding any barrier request since we can't
4183 + * guarantee it is (or can be) handled by the targets correctly.
4184 + */
4185 + if (unlikely(bio_barrier(bio))) {
4186 + bio_endio(bio, bio->bi_size, -EOPNOTSUPP);
4187 + return 0;
4188 + }
4189 +
4190 down_read(&md->io_lock);
4192 disk_stat_inc(dm_disk(md), ios[rw]);
4193 diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
4194 index 9eb66c1..e0029ea 100644
4195 --- a/drivers/md/raid10.c
4196 +++ b/drivers/md/raid10.c
4197 @@ -917,6 +917,13 @@ static int make_request(request_queue_t *q, struct bio * bio)
4198 bio_list_add(&bl, mbio);
4199 }
4201 + if (unlikely(!atomic_read(&r10_bio->remaining))) {
4202 + /* the array is dead */
4203 + md_write_end(mddev);
4204 + raid_end_bio_io(r10_bio);
4205 + return 0;
4206 + }
4207 +
4208 bitmap_startwrite(mddev->bitmap, bio->bi_sector, r10_bio->sectors, 0);
4209 spin_lock_irqsave(&conf->device_lock, flags);
4210 bio_list_merge(&conf->pending_bio_list, &bl);
4211 @@ -1558,7 +1565,6 @@ static void raid10d(mddev_t *mddev)
4212 bio = r10_bio->devs[r10_bio->read_slot].bio;
4213 r10_bio->devs[r10_bio->read_slot].bio =
4214 mddev->ro ? IO_BLOCKED : NULL;
4215 - bio_put(bio);
4216 mirror = read_balance(conf, r10_bio);
4217 if (mirror == -1) {
4218 printk(KERN_ALERT "raid10: %s: unrecoverable I/O"
4219 @@ -1566,8 +1572,10 @@ static void raid10d(mddev_t *mddev)
4220 bdevname(bio->bi_bdev,b),
4221 (unsigned long long)r10_bio->sector);
4222 raid_end_bio_io(r10_bio);
4223 + bio_put(bio);
4224 } else {
4225 const int do_sync = bio_sync(r10_bio->master_bio);
4226 + bio_put(bio);
4227 rdev = conf->mirrors[mirror].rdev;
4228 if (printk_ratelimit())
4229 printk(KERN_ERR "raid10: %s: redirecting sector %llu to"
4230 diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
4231 index 061375e..81ed88f 100644
4232 --- a/drivers/md/raid5.c
4233 +++ b/drivers/md/raid5.c
4234 @@ -2525,7 +2525,8 @@ static void raid5_activate_delayed(raid5_conf_t *conf)
4235 atomic_inc(&conf->preread_active_stripes);
4236 list_add_tail(&sh->lru, &conf->handle_list);
4237 }
4238 - }
4239 + } else
4240 + blk_plug_device(conf->mddev->queue);
4241 }
4243 static void activate_bit_delay(raid5_conf_t *conf)
4244 @@ -2949,7 +2950,8 @@ static int make_request(request_queue_t *q, struct bio * bi)
4245 goto retry;
4246 }
4247 finish_wait(&conf->wait_for_overlap, &w);
4248 - handle_stripe(sh, NULL);
4249 + set_bit(STRIPE_HANDLE, &sh->state);
4250 + clear_bit(STRIPE_DELAYED, &sh->state);
4251 release_stripe(sh);
4252 } else {
4253 /* cannot get stripe for read-ahead, just give-up */
4254 @@ -3267,7 +3269,7 @@ static int retry_aligned_read(raid5_conf_t *conf, struct bio *raid_bio)
4255 * During the scan, completed stripes are saved for us by the interrupt
4256 * handler, so that they will not have to wait for our next wakeup.
4257 */
4258 -static void raid5d (mddev_t *mddev)
4259 +static void raid5d(mddev_t *mddev)
4260 {
4261 struct stripe_head *sh;
4262 raid5_conf_t *conf = mddev_to_conf(mddev);
4263 @@ -3292,12 +3294,6 @@ static void raid5d (mddev_t *mddev)
4264 activate_bit_delay(conf);
4265 }
4267 - if (list_empty(&conf->handle_list) &&
4268 - atomic_read(&conf->preread_active_stripes) < IO_THRESHOLD &&
4269 - !blk_queue_plugged(mddev->queue) &&
4270 - !list_empty(&conf->delayed_list))
4271 - raid5_activate_delayed(conf);
4272 -
4273 while ((bio = remove_bio_from_retry(conf))) {
4274 int ok;
4275 spin_unlock_irq(&conf->device_lock);
4276 diff --git a/drivers/media/dvb/b2c2/flexcop-i2c.c b/drivers/media/dvb/b2c2/flexcop-i2c.c
4277 index 02a0ea6..6bf858a 100644
4278 --- a/drivers/media/dvb/b2c2/flexcop-i2c.c
4279 +++ b/drivers/media/dvb/b2c2/flexcop-i2c.c
4280 @@ -135,6 +135,13 @@ static int flexcop_master_xfer(struct i2c_adapter *i2c_adap, struct i2c_msg msgs
4281 struct flexcop_device *fc = i2c_get_adapdata(i2c_adap);
4282 int i, ret = 0;
4284 + /* Some drivers use 1 byte or 0 byte reads as probes, which this
4285 + * driver doesn't support. These probes will always fail, so this
4286 + * hack makes them always succeed. If one knew how, it would of
4287 + * course be better to actually do the read. */
4288 + if (num == 1 && msgs[0].flags == I2C_M_RD && msgs[0].len <= 1)
4289 + return 1;
4290 +
4291 if (mutex_lock_interruptible(&fc->i2c_mutex))
4292 return -ERESTARTSYS;
4294 diff --git a/drivers/media/video/cx88/cx88-mpeg.c b/drivers/media/video/cx88/cx88-mpeg.c
4295 index 543b05e..c36e2b7 100644
4296 --- a/drivers/media/video/cx88/cx88-mpeg.c
4297 +++ b/drivers/media/video/cx88/cx88-mpeg.c
4298 @@ -580,7 +580,7 @@ struct cx8802_dev * cx8802_get_device(struct inode *inode)
4300 list_for_each(list,&cx8802_devlist) {
4301 h = list_entry(list, struct cx8802_dev, devlist);
4302 - if (h->mpeg_dev->minor == minor)
4303 + if (h->mpeg_dev && h->mpeg_dev->minor == minor)
4304 return h;
4305 }
4307 diff --git a/drivers/media/video/ivtv/ivtv-driver.c b/drivers/media/video/ivtv/ivtv-driver.c
4308 index efc6635..5d9de5d 100644
4309 --- a/drivers/media/video/ivtv/ivtv-driver.c
4310 +++ b/drivers/media/video/ivtv/ivtv-driver.c
4311 @@ -622,6 +622,7 @@ static int __devinit ivtv_init_struct1(struct ivtv *itv)
4312 itv->enc_mbox.max_mbox = 2; /* the encoder has 3 mailboxes (0-2) */
4313 itv->dec_mbox.max_mbox = 1; /* the decoder has 2 mailboxes (0-1) */
4315 + mutex_init(&itv->serialize_lock);
4316 mutex_init(&itv->i2c_bus_lock);
4317 mutex_init(&itv->udma.lock);
4319 diff --git a/drivers/media/video/ivtv/ivtv-driver.h b/drivers/media/video/ivtv/ivtv-driver.h
4320 index e6e56f1..65ebdda 100644
4321 --- a/drivers/media/video/ivtv/ivtv-driver.h
4322 +++ b/drivers/media/video/ivtv/ivtv-driver.h
4323 @@ -650,7 +650,6 @@ struct vbi_info {
4324 /* convenience pointer to sliced struct in vbi_in union */
4325 struct v4l2_sliced_vbi_format *sliced_in;
4326 u32 service_set_in;
4327 - u32 service_set_out;
4328 int insert_mpeg;
4330 /* Buffer for the maximum of 2 * 18 * packet_size sliced VBI lines.
4331 @@ -723,6 +722,7 @@ struct ivtv {
4332 int search_pack_header;
4334 spinlock_t dma_reg_lock; /* lock access to DMA engine registers */
4335 + struct mutex serialize_lock; /* lock used to serialize starting streams */
4337 /* User based DMA for OSD */
4338 struct ivtv_user_dma udma;
4339 diff --git a/drivers/media/video/ivtv/ivtv-fileops.c b/drivers/media/video/ivtv/ivtv-fileops.c
4340 index 555d5e6..8fc7326 100644
4341 --- a/drivers/media/video/ivtv/ivtv-fileops.c
4342 +++ b/drivers/media/video/ivtv/ivtv-fileops.c
4343 @@ -753,6 +753,8 @@ static void ivtv_stop_decoding(struct ivtv_open_id *id, int flags, u64 pts)
4344 }
4345 if (s->type == IVTV_DEC_STREAM_TYPE_YUV && itv->output_mode == OUT_YUV)
4346 itv->output_mode = OUT_NONE;
4347 + else if (s->type == IVTV_DEC_STREAM_TYPE_YUV && itv->output_mode == OUT_UDMA_YUV)
4348 + itv->output_mode = OUT_NONE;
4349 else if (s->type == IVTV_DEC_STREAM_TYPE_MPG && itv->output_mode == OUT_MPG)
4350 itv->output_mode = OUT_NONE;
4352 diff --git a/drivers/media/video/ivtv/ivtv-ioctl.c b/drivers/media/video/ivtv/ivtv-ioctl.c
4353 index 57af176..dcfbaa9 100644
4354 --- a/drivers/media/video/ivtv/ivtv-ioctl.c
4355 +++ b/drivers/media/video/ivtv/ivtv-ioctl.c
4356 @@ -1183,6 +1183,7 @@ int ivtv_v4l2_ioctls(struct ivtv *itv, struct file *filp, unsigned int cmd, void
4357 itv->osd_global_alpha_state = (fb->flags & V4L2_FBUF_FLAG_GLOBAL_ALPHA) != 0;
4358 itv->osd_local_alpha_state = (fb->flags & V4L2_FBUF_FLAG_LOCAL_ALPHA) != 0;
4359 itv->osd_color_key_state = (fb->flags & V4L2_FBUF_FLAG_CHROMAKEY) != 0;
4360 + ivtv_set_osd_alpha(itv);
4361 break;
4362 }
4364 diff --git a/drivers/media/video/ivtv/ivtv-irq.c b/drivers/media/video/ivtv/ivtv-irq.c
4365 index ba98bf0..e83b496 100644
4366 --- a/drivers/media/video/ivtv/ivtv-irq.c
4367 +++ b/drivers/media/video/ivtv/ivtv-irq.c
4368 @@ -403,6 +403,11 @@ static void ivtv_dma_enc_start(struct ivtv_stream *s)
4369 /* Mark last buffer size for Interrupt flag */
4370 s->SGarray[s->SG_length - 1].size |= cpu_to_le32(0x80000000);
4372 + if (s->type == IVTV_ENC_STREAM_TYPE_VBI)
4373 + set_bit(IVTV_F_I_ENC_VBI, &itv->i_flags);
4374 + else
4375 + clear_bit(IVTV_F_I_ENC_VBI, &itv->i_flags);
4376 +
4377 if (ivtv_use_pio(s)) {
4378 for (i = 0; i < s->SG_length; i++) {
4379 s->PIOarray[i].src = le32_to_cpu(s->SGarray[i].src);
4380 @@ -597,7 +602,6 @@ static void ivtv_irq_enc_start_cap(struct ivtv *itv)
4381 data[0], data[1], data[2]);
4382 return;
4383 }
4384 - clear_bit(IVTV_F_I_ENC_VBI, &itv->i_flags);
4385 s = &itv->streams[ivtv_stream_map[data[0]]];
4386 if (!stream_enc_dma_append(s, data)) {
4387 set_bit(ivtv_use_pio(s) ? IVTV_F_S_PIO_PENDING : IVTV_F_S_DMA_PENDING, &s->s_flags);
4388 @@ -634,7 +638,6 @@ static void ivtv_irq_enc_vbi_cap(struct ivtv *itv)
4389 then start a DMA request for just the VBI data. */
4390 if (!stream_enc_dma_append(s, data) &&
4391 !test_bit(IVTV_F_S_STREAMING, &s_mpg->s_flags)) {
4392 - set_bit(IVTV_F_I_ENC_VBI, &itv->i_flags);
4393 set_bit(ivtv_use_pio(s) ? IVTV_F_S_PIO_PENDING : IVTV_F_S_DMA_PENDING, &s->s_flags);
4394 }
4395 }
4396 diff --git a/drivers/media/video/ivtv/ivtv-streams.c b/drivers/media/video/ivtv/ivtv-streams.c
4397 index 6af88ae..d538efa 100644
4398 --- a/drivers/media/video/ivtv/ivtv-streams.c
4399 +++ b/drivers/media/video/ivtv/ivtv-streams.c
4400 @@ -446,6 +446,9 @@ int ivtv_start_v4l2_encode_stream(struct ivtv_stream *s)
4401 if (s->v4l2dev == NULL)
4402 return -EINVAL;
4404 + /* Big serialization lock to ensure no two streams are started
4405 + simultaneously: that can give all sorts of weird results. */
4406 + mutex_lock(&itv->serialize_lock);
4407 IVTV_DEBUG_INFO("Start encoder stream %s\n", s->name);
4409 switch (s->type) {
4410 @@ -487,6 +490,7 @@ int ivtv_start_v4l2_encode_stream(struct ivtv_stream *s)
4411 0, sizeof(itv->vbi.sliced_mpeg_size));
4412 break;
4413 default:
4414 + mutex_unlock(&itv->serialize_lock);
4415 return -EINVAL;
4416 }
4417 s->subtype = subtype;
4418 @@ -568,6 +572,7 @@ int ivtv_start_v4l2_encode_stream(struct ivtv_stream *s)
4419 if (ivtv_vapi(itv, CX2341X_ENC_START_CAPTURE, 2, captype, subtype))
4420 {
4421 IVTV_DEBUG_WARN( "Error starting capture!\n");
4422 + mutex_unlock(&itv->serialize_lock);
4423 return -EINVAL;
4424 }
4426 @@ -583,6 +588,7 @@ int ivtv_start_v4l2_encode_stream(struct ivtv_stream *s)
4428 /* you're live! sit back and await interrupts :) */
4429 atomic_inc(&itv->capturing);
4430 + mutex_unlock(&itv->serialize_lock);
4431 return 0;
4432 }
4434 @@ -762,17 +768,6 @@ int ivtv_stop_v4l2_encode_stream(struct ivtv_stream *s, int gop_end)
4435 /* when: 0 = end of GOP 1 = NOW!, type: 0 = mpeg, subtype: 3 = video+audio */
4436 ivtv_vapi(itv, CX2341X_ENC_STOP_CAPTURE, 3, stopmode, cap_type, s->subtype);
4438 - /* only run these if we're shutting down the last cap */
4439 - if (atomic_read(&itv->capturing) - 1 == 0) {
4440 - /* event notification (off) */
4441 - if (test_and_clear_bit(IVTV_F_I_DIG_RST, &itv->i_flags)) {
4442 - /* type: 0 = refresh */
4443 - /* on/off: 0 = off, intr: 0x10000000, mbox_id: -1: none */
4444 - ivtv_vapi(itv, CX2341X_ENC_SET_EVENT_NOTIFICATION, 4, 0, 0, IVTV_IRQ_ENC_VIM_RST, -1);
4445 - ivtv_set_irq_mask(itv, IVTV_IRQ_ENC_VIM_RST);
4446 - }
4447 - }
4448 -
4449 then = jiffies;
4451 if (!test_bit(IVTV_F_S_PASSTHROUGH, &s->s_flags)) {
4452 @@ -840,17 +835,30 @@ int ivtv_stop_v4l2_encode_stream(struct ivtv_stream *s, int gop_end)
4453 /* Clear capture and no-read bits */
4454 clear_bit(IVTV_F_S_STREAMING, &s->s_flags);
4456 + /* ensure these global cleanup actions are done only once */
4457 + mutex_lock(&itv->serialize_lock);
4458 +
4459 if (s->type == IVTV_ENC_STREAM_TYPE_VBI)
4460 ivtv_set_irq_mask(itv, IVTV_IRQ_ENC_VBI_CAP);
4462 if (atomic_read(&itv->capturing) > 0) {
4463 + mutex_unlock(&itv->serialize_lock);
4464 return 0;
4465 }
4467 /* Set the following Interrupt mask bits for capture */
4468 ivtv_set_irq_mask(itv, IVTV_IRQ_MASK_CAPTURE);
4470 + /* event notification (off) */
4471 + if (test_and_clear_bit(IVTV_F_I_DIG_RST, &itv->i_flags)) {
4472 + /* type: 0 = refresh */
4473 + /* on/off: 0 = off, intr: 0x10000000, mbox_id: -1: none */
4474 + ivtv_vapi(itv, CX2341X_ENC_SET_EVENT_NOTIFICATION, 4, 0, 0, IVTV_IRQ_ENC_VIM_RST, -1);
4475 + ivtv_set_irq_mask(itv, IVTV_IRQ_ENC_VIM_RST);
4476 + }
4477 +
4478 wake_up(&s->waitq);
4479 + mutex_unlock(&itv->serialize_lock);
4481 return 0;
4482 }
4483 diff --git a/drivers/media/video/ivtv/ivtv-vbi.c b/drivers/media/video/ivtv/ivtv-vbi.c
4484 index 3ba46e0..a7282a9 100644
4485 --- a/drivers/media/video/ivtv/ivtv-vbi.c
4486 +++ b/drivers/media/video/ivtv/ivtv-vbi.c
4487 @@ -219,31 +219,23 @@ ssize_t ivtv_write_vbi(struct ivtv *itv, const char __user *ubuf, size_t count)
4488 int found_cc = 0;
4489 int cc_pos = itv->vbi.cc_pos;
4491 - if (itv->vbi.service_set_out == 0)
4492 - return -EPERM;
4493 -
4494 while (count >= sizeof(struct v4l2_sliced_vbi_data)) {
4495 switch (p->id) {
4496 case V4L2_SLICED_CAPTION_525:
4497 - if (p->id == V4L2_SLICED_CAPTION_525 &&
4498 - p->line == 21 &&
4499 - (itv->vbi.service_set_out &
4500 - V4L2_SLICED_CAPTION_525) == 0) {
4501 - break;
4502 - }
4503 - found_cc = 1;
4504 - if (p->field) {
4505 - cc[2] = p->data[0];
4506 - cc[3] = p->data[1];
4507 - } else {
4508 - cc[0] = p->data[0];
4509 - cc[1] = p->data[1];
4510 + if (p->line == 21) {
4511 + found_cc = 1;
4512 + if (p->field) {
4513 + cc[2] = p->data[0];
4514 + cc[3] = p->data[1];
4515 + } else {
4516 + cc[0] = p->data[0];
4517 + cc[1] = p->data[1];
4518 + }
4519 }
4520 break;
4522 case V4L2_SLICED_VPS:
4523 - if (p->line == 16 && p->field == 0 &&
4524 - (itv->vbi.service_set_out & V4L2_SLICED_VPS)) {
4525 + if (p->line == 16 && p->field == 0) {
4526 itv->vbi.vps[0] = p->data[2];
4527 itv->vbi.vps[1] = p->data[8];
4528 itv->vbi.vps[2] = p->data[9];
4529 @@ -255,8 +247,7 @@ ssize_t ivtv_write_vbi(struct ivtv *itv, const char __user *ubuf, size_t count)
4530 break;
4532 case V4L2_SLICED_WSS_625:
4533 - if (p->line == 23 && p->field == 0 &&
4534 - (itv->vbi.service_set_out & V4L2_SLICED_WSS_625)) {
4535 + if (p->line == 23 && p->field == 0) {
4536 /* No lock needed for WSS */
4537 itv->vbi.wss = p->data[0] | (p->data[1] << 8);
4538 itv->vbi.wss_found = 1;
4539 diff --git a/drivers/media/video/pwc/pwc-if.c b/drivers/media/video/pwc/pwc-if.c
4540 index 085332a..5227978 100644
4541 --- a/drivers/media/video/pwc/pwc-if.c
4542 +++ b/drivers/media/video/pwc/pwc-if.c
4543 @@ -1196,12 +1196,19 @@ static int pwc_video_open(struct inode *inode, struct file *file)
4544 return 0;
4545 }
4547 +
4548 +static void pwc_cleanup(struct pwc_device *pdev)
4549 +{
4550 + pwc_remove_sysfs_files(pdev->vdev);
4551 + video_unregister_device(pdev->vdev);
4552 +}
4553 +
4554 /* Note that all cleanup is done in the reverse order as in _open */
4555 static int pwc_video_close(struct inode *inode, struct file *file)
4556 {
4557 struct video_device *vdev = file->private_data;
4558 struct pwc_device *pdev;
4559 - int i;
4560 + int i, hint;
4562 PWC_DEBUG_OPEN(">> video_close called(vdev = 0x%p).\n", vdev);
4564 @@ -1224,8 +1231,9 @@ static int pwc_video_close(struct inode *inode, struct file *file)
4565 pwc_isoc_cleanup(pdev);
4566 pwc_free_buffers(pdev);
4568 + lock_kernel();
4569 /* Turn off LEDS and power down camera, but only when not unplugged */
4570 - if (pdev->error_status != EPIPE) {
4571 + if (!pdev->unplugged) {
4572 /* Turn LEDs off */
4573 if (pwc_set_leds(pdev, 0, 0) < 0)
4574 PWC_DEBUG_MODULE("Failed to set LED on/off time.\n");
4575 @@ -1234,9 +1242,19 @@ static int pwc_video_close(struct inode *inode, struct file *file)
4576 if (i < 0)
4577 PWC_ERROR("Failed to power down camera (%d)\n", i);
4578 }
4579 + pdev->vopen--;
4580 + PWC_DEBUG_OPEN("<< video_close() vopen=%d\n", pdev->vopen);
4581 + } else {
4582 + pwc_cleanup(pdev);
4583 + /* Free memory (don't set pdev to 0 just yet) */
4584 + kfree(pdev);
4585 + /* search device_hint[] table if we occupy a slot, by any chance */
4586 + for (hint = 0; hint < MAX_DEV_HINTS; hint++)
4587 + if (device_hint[hint].pdev == pdev)
4588 + device_hint[hint].pdev = NULL;
4589 }
4590 - pdev->vopen--;
4591 - PWC_DEBUG_OPEN("<< video_close() vopen=%d\n", pdev->vopen);
4592 + unlock_kernel();
4593 +
4594 return 0;
4595 }
4597 @@ -1791,21 +1809,21 @@ static void usb_pwc_disconnect(struct usb_interface *intf)
4598 /* Alert waiting processes */
4599 wake_up_interruptible(&pdev->frameq);
4600 /* Wait until device is closed */
4601 - while (pdev->vopen)
4602 - schedule();
4603 - /* Device is now closed, so we can safely unregister it */
4604 - PWC_DEBUG_PROBE("Unregistering video device in disconnect().\n");
4605 - pwc_remove_sysfs_files(pdev->vdev);
4606 - video_unregister_device(pdev->vdev);
4607 -
4608 - /* Free memory (don't set pdev to 0 just yet) */
4609 - kfree(pdev);
4610 + if(pdev->vopen) {
4611 + pdev->unplugged = 1;
4612 + } else {
4613 + /* Device is closed, so we can safely unregister it */
4614 + PWC_DEBUG_PROBE("Unregistering video device in disconnect().\n");
4615 + pwc_cleanup(pdev);
4616 + /* Free memory (don't set pdev to 0 just yet) */
4617 + kfree(pdev);
4619 disconnect_out:
4620 - /* search device_hint[] table if we occupy a slot, by any chance */
4621 - for (hint = 0; hint < MAX_DEV_HINTS; hint++)
4622 - if (device_hint[hint].pdev == pdev)
4623 - device_hint[hint].pdev = NULL;
4624 + /* search device_hint[] table if we occupy a slot, by any chance */
4625 + for (hint = 0; hint < MAX_DEV_HINTS; hint++)
4626 + if (device_hint[hint].pdev == pdev)
4627 + device_hint[hint].pdev = NULL;
4628 + }
4630 unlock_kernel();
4631 }
4632 diff --git a/drivers/media/video/pwc/pwc.h b/drivers/media/video/pwc/pwc.h
4633 index acbb931..40d3447 100644
4634 --- a/drivers/media/video/pwc/pwc.h
4635 +++ b/drivers/media/video/pwc/pwc.h
4636 @@ -193,6 +193,7 @@ struct pwc_device
4637 char vsnapshot; /* snapshot mode */
4638 char vsync; /* used by isoc handler */
4639 char vmirror; /* for ToUCaM series */
4640 + char unplugged;
4642 int cmd_len;
4643 unsigned char cmd_buf[13];
4644 diff --git a/drivers/media/video/usbvision/usbvision-cards.c b/drivers/media/video/usbvision/usbvision-cards.c
4645 index 51ab265..31db1ed 100644
4646 --- a/drivers/media/video/usbvision/usbvision-cards.c
4647 +++ b/drivers/media/video/usbvision/usbvision-cards.c
4648 @@ -1081,6 +1081,7 @@ struct usb_device_id usbvision_table [] = {
4649 { USB_DEVICE(0x2304, 0x0301), .driver_info=PINNA_LINX_VD_IN_CAB_PAL },
4650 { USB_DEVICE(0x2304, 0x0419), .driver_info=PINNA_PCTV_BUNGEE_PAL_FM },
4651 { USB_DEVICE(0x2400, 0x4200), .driver_info=HPG_WINTV },
4652 + { }, /* terminate list */
4653 };
4655 MODULE_DEVICE_TABLE (usb, usbvision_table);
4656 diff --git a/drivers/media/video/v4l2-common.c b/drivers/media/video/v4l2-common.c
4657 index 13ee550..d2915d3 100644
4658 --- a/drivers/media/video/v4l2-common.c
4659 +++ b/drivers/media/video/v4l2-common.c
4660 @@ -939,16 +939,25 @@ int v4l2_ctrl_query_menu(struct v4l2_querymenu *qmenu, struct v4l2_queryctrl *qc
4661 When no more controls are available 0 is returned. */
4662 u32 v4l2_ctrl_next(const u32 * const * ctrl_classes, u32 id)
4663 {
4664 - u32 ctrl_class;
4665 + u32 ctrl_class = V4L2_CTRL_ID2CLASS(id);
4666 const u32 *pctrl;
4668 - /* if no query is desired, then just return the control ID */
4669 - if ((id & V4L2_CTRL_FLAG_NEXT_CTRL) == 0)
4670 - return id;
4671 if (ctrl_classes == NULL)
4672 return 0;
4673 +
4674 + /* if no query is desired, then check if the ID is part of ctrl_classes */
4675 + if ((id & V4L2_CTRL_FLAG_NEXT_CTRL) == 0) {
4676 + /* find class */
4677 + while (*ctrl_classes && V4L2_CTRL_ID2CLASS(**ctrl_classes) != ctrl_class)
4678 + ctrl_classes++;
4679 + if (*ctrl_classes == NULL)
4680 + return 0;
4681 + pctrl = *ctrl_classes;
4682 + /* find control ID */
4683 + while (*pctrl && *pctrl != id) pctrl++;
4684 + return *pctrl ? id : 0;
4685 + }
4686 id &= V4L2_CTRL_ID_MASK;
4687 - ctrl_class = V4L2_CTRL_ID2CLASS(id);
4688 id++; /* select next control */
4689 /* find first class that matches (or is greater than) the class of
4690 the ID */
4691 diff --git a/drivers/media/video/wm8739.c b/drivers/media/video/wm8739.c
4692 index 8f6741a..1bf4cbe 100644
4693 --- a/drivers/media/video/wm8739.c
4694 +++ b/drivers/media/video/wm8739.c
4695 @@ -321,12 +321,14 @@ static int wm8739_probe(struct i2c_adapter *adapter)
4697 static int wm8739_detach(struct i2c_client *client)
4698 {
4699 + struct wm8739_state *state = i2c_get_clientdata(client);
4700 int err;
4702 err = i2c_detach_client(client);
4703 if (err)
4704 return err;
4706 + kfree(state);
4707 kfree(client);
4708 return 0;
4709 }
4710 diff --git a/drivers/media/video/wm8775.c b/drivers/media/video/wm8775.c
4711 index 4df5d30..9f7e894 100644
4712 --- a/drivers/media/video/wm8775.c
4713 +++ b/drivers/media/video/wm8775.c
4714 @@ -222,12 +222,14 @@ static int wm8775_probe(struct i2c_adapter *adapter)
4716 static int wm8775_detach(struct i2c_client *client)
4717 {
4718 + struct wm8775_state *state = i2c_get_clientdata(client);
4719 int err;
4721 err = i2c_detach_client(client);
4722 if (err) {
4723 return err;
4724 }
4725 + kfree(state);
4726 kfree(client);
4728 return 0;
4729 diff --git a/drivers/misc/sony-laptop.c b/drivers/misc/sony-laptop.c
4730 index 8ee0321..6d2d64f 100644
4731 --- a/drivers/misc/sony-laptop.c
4732 +++ b/drivers/misc/sony-laptop.c
4733 @@ -908,7 +908,9 @@ static struct acpi_driver sony_nc_driver = {
4734 #define SONYPI_DEVICE_TYPE2 0x00000002
4735 #define SONYPI_DEVICE_TYPE3 0x00000004
4737 -#define SONY_PIC_EV_MASK 0xff
4738 +#define SONYPI_TYPE1_OFFSET 0x04
4739 +#define SONYPI_TYPE2_OFFSET 0x12
4740 +#define SONYPI_TYPE3_OFFSET 0x12
4742 struct sony_pic_ioport {
4743 struct acpi_resource_io io;
4744 @@ -922,6 +924,7 @@ struct sony_pic_irq {
4746 struct sony_pic_dev {
4747 int model;
4748 + u16 evport_offset;
4749 u8 camera_power;
4750 u8 bluetooth_power;
4751 u8 wwan_power;
4752 @@ -1998,20 +2001,17 @@ end:
4753 static irqreturn_t sony_pic_irq(int irq, void *dev_id)
4754 {
4755 int i, j;
4756 - u32 port_val = 0;
4757 u8 ev = 0;
4758 u8 data_mask = 0;
4759 u8 device_event = 0;
4761 struct sony_pic_dev *dev = (struct sony_pic_dev *) dev_id;
4763 - acpi_os_read_port(dev->cur_ioport->io.minimum, &port_val,
4764 - dev->cur_ioport->io.address_length);
4765 - ev = port_val & SONY_PIC_EV_MASK;
4766 - data_mask = 0xff & (port_val >> (dev->cur_ioport->io.address_length - 8));
4767 + ev = inb_p(dev->cur_ioport->io.minimum);
4768 + data_mask = inb_p(dev->cur_ioport->io.minimum + dev->evport_offset);
4770 - dprintk("event (0x%.8x [%.2x] [%.2x]) at port 0x%.4x\n",
4771 - port_val, ev, data_mask, dev->cur_ioport->io.minimum);
4772 + dprintk("event ([%.2x] [%.2x]) at port 0x%.4x(+0x%.2x)\n",
4773 + ev, data_mask, dev->cur_ioport->io.minimum, dev->evport_offset);
4775 if (ev == 0x00 || ev == 0xff)
4776 return IRQ_HANDLED;
4777 @@ -2056,8 +2056,6 @@ static int sony_pic_remove(struct acpi_device *device, int type)
4778 struct sony_pic_ioport *io, *tmp_io;
4779 struct sony_pic_irq *irq, *tmp_irq;
4781 - sonypi_compat_exit();
4782 -
4783 if (sony_pic_disable(device)) {
4784 printk(KERN_ERR DRV_PFX "Couldn't disable device.\n");
4785 return -ENXIO;
4786 @@ -2067,6 +2065,8 @@ static int sony_pic_remove(struct acpi_device *device, int type)
4787 release_region(spic_dev.cur_ioport->io.minimum,
4788 spic_dev.cur_ioport->io.address_length);
4790 + sonypi_compat_exit();
4791 +
4792 sony_laptop_remove_input();
4794 /* pf attrs */
4795 @@ -2102,6 +2102,20 @@ static int sony_pic_add(struct acpi_device *device)
4796 spic_dev.model = sony_pic_detect_device_type();
4797 mutex_init(&spic_dev.lock);
4799 + /* model specific characteristics */
4800 + switch(spic_dev.model) {
4801 + case SONYPI_DEVICE_TYPE1:
4802 + spic_dev.evport_offset = SONYPI_TYPE1_OFFSET;
4803 + break;
4804 + case SONYPI_DEVICE_TYPE3:
4805 + spic_dev.evport_offset = SONYPI_TYPE3_OFFSET;
4806 + break;
4807 + case SONYPI_DEVICE_TYPE2:
4808 + default:
4809 + spic_dev.evport_offset = SONYPI_TYPE2_OFFSET;
4810 + break;
4811 + }
4812 +
4813 /* read _PRS resources */
4814 result = sony_pic_possible_resources(device);
4815 if (result) {
4816 @@ -2118,6 +2132,9 @@ static int sony_pic_add(struct acpi_device *device)
4817 goto err_free_resources;
4818 }
4820 + if (sonypi_compat_init())
4821 + goto err_remove_input;
4822 +
4823 /* request io port */
4824 list_for_each_entry(io, &spic_dev.ioports, list) {
4825 if (request_region(io->io.minimum, io->io.address_length,
4826 @@ -2132,7 +2149,7 @@ static int sony_pic_add(struct acpi_device *device)
4827 if (!spic_dev.cur_ioport) {
4828 printk(KERN_ERR DRV_PFX "Failed to request_region.\n");
4829 result = -ENODEV;
4830 - goto err_remove_input;
4831 + goto err_remove_compat;
4832 }
4834 /* request IRQ */
4835 @@ -2172,9 +2189,6 @@ static int sony_pic_add(struct acpi_device *device)
4836 if (result)
4837 goto err_remove_pf;
4839 - if (sonypi_compat_init())
4840 - goto err_remove_pf;
4841 -
4842 return 0;
4844 err_remove_pf:
4845 @@ -2190,6 +2204,9 @@ err_release_region:
4846 release_region(spic_dev.cur_ioport->io.minimum,
4847 spic_dev.cur_ioport->io.address_length);
4849 +err_remove_compat:
4850 + sonypi_compat_exit();
4851 +
4852 err_remove_input:
4853 sony_laptop_remove_input();
4855 diff --git a/drivers/mtd/Makefile b/drivers/mtd/Makefile
4856 index 451adcc..6d958a4 100644
4857 --- a/drivers/mtd/Makefile
4858 +++ b/drivers/mtd/Makefile
4859 @@ -3,9 +3,9 @@
4860 #
4862 # Core functionality.
4863 +obj-$(CONFIG_MTD) += mtd.o
4864 mtd-y := mtdcore.o mtdsuper.o
4865 mtd-$(CONFIG_MTD_PARTITIONS) += mtdpart.o
4866 -obj-$(CONFIG_MTD) += $(mtd-y)
4868 obj-$(CONFIG_MTD_CONCAT) += mtdconcat.o
4869 obj-$(CONFIG_MTD_REDBOOT_PARTS) += redboot.o
4870 diff --git a/drivers/mtd/mtdpart.c b/drivers/mtd/mtdpart.c
4871 index 9c62368..6174a97 100644
4872 --- a/drivers/mtd/mtdpart.c
4873 +++ b/drivers/mtd/mtdpart.c
4874 @@ -560,7 +560,3 @@ int parse_mtd_partitions(struct mtd_info *master, const char **types,
4875 EXPORT_SYMBOL_GPL(parse_mtd_partitions);
4876 EXPORT_SYMBOL_GPL(register_mtd_parser);
4877 EXPORT_SYMBOL_GPL(deregister_mtd_parser);
4878 -
4879 -MODULE_LICENSE("GPL");
4880 -MODULE_AUTHOR("Nicolas Pitre <nico@cam.org>");
4881 -MODULE_DESCRIPTION("Generic support for partitioning of MTD devices");
4882 diff --git a/drivers/mtd/mtdsuper.c b/drivers/mtd/mtdsuper.c
4883 index aca3319..9b430f2 100644
4884 --- a/drivers/mtd/mtdsuper.c
4885 +++ b/drivers/mtd/mtdsuper.c
4886 @@ -70,6 +70,8 @@ static int get_sb_mtd_aux(struct file_system_type *fs_type, int flags,
4887 DEBUG(1, "MTDSB: New superblock for device %d (\"%s\")\n",
4888 mtd->index, mtd->name);
4890 + sb->s_flags = flags;
4891 +
4892 ret = fill_super(sb, data, flags & MS_SILENT ? 1 : 0);
4893 if (ret < 0) {
4894 up_write(&sb->s_umount);
4895 diff --git a/drivers/mtd/nand/cafe_nand.c b/drivers/mtd/nand/cafe_nand.c
4896 index cff969d..6f32a35 100644
4897 --- a/drivers/mtd/nand/cafe_nand.c
4898 +++ b/drivers/mtd/nand/cafe_nand.c
4899 @@ -816,7 +816,8 @@ static void __devexit cafe_nand_remove(struct pci_dev *pdev)
4900 }
4902 static struct pci_device_id cafe_nand_tbl[] = {
4903 - { 0x11ab, 0x4100, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_MEMORY_FLASH << 8, 0xFFFF0 }
4904 + { 0x11ab, 0x4100, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_MEMORY_FLASH << 8, 0xFFFF0 },
4905 + { 0, }
4906 };
4908 MODULE_DEVICE_TABLE(pci, cafe_nand_tbl);
4909 diff --git a/drivers/net/atl1/atl1_main.c b/drivers/net/atl1/atl1_main.c
4910 index 6862c11..1b7a5a8 100644
4911 --- a/drivers/net/atl1/atl1_main.c
4912 +++ b/drivers/net/atl1/atl1_main.c
4913 @@ -2097,21 +2097,26 @@ static int __devinit atl1_probe(struct pci_dev *pdev,
4914 struct net_device *netdev;
4915 struct atl1_adapter *adapter;
4916 static int cards_found = 0;
4917 - bool pci_using_64 = true;
4918 int err;
4920 err = pci_enable_device(pdev);
4921 if (err)
4922 return err;
4924 - err = pci_set_dma_mask(pdev, DMA_64BIT_MASK);
4925 + /*
4926 + * The atl1 chip can DMA to 64-bit addresses, but it uses a single
4927 + * shared register for the high 32 bits, so only a single, aligned,
4928 + * 4 GB physical address range can be used at a time.
4929 + *
4930 + * Supporting 64-bit DMA on this hardware is more trouble than it's
4931 + * worth. It is far easier to limit to 32-bit DMA than update
4932 + * various kernel subsystems to support the mechanics required by a
4933 + * fixed-high-32-bit system.
4934 + */
4935 + err = pci_set_dma_mask(pdev, DMA_32BIT_MASK);
4936 if (err) {
4937 - err = pci_set_dma_mask(pdev, DMA_32BIT_MASK);
4938 - if (err) {
4939 - dev_err(&pdev->dev, "no usable DMA configuration\n");
4940 - goto err_dma;
4941 - }
4942 - pci_using_64 = false;
4943 + dev_err(&pdev->dev, "no usable DMA configuration\n");
4944 + goto err_dma;
4945 }
4946 /* Mark all PCI regions associated with PCI device
4947 * pdev as being reserved by owner atl1_driver_name
4948 @@ -2176,7 +2181,6 @@ static int __devinit atl1_probe(struct pci_dev *pdev,
4950 netdev->ethtool_ops = &atl1_ethtool_ops;
4951 adapter->bd_number = cards_found;
4952 - adapter->pci_using_64 = pci_using_64;
4954 /* setup the private structure */
4955 err = atl1_sw_init(adapter);
4956 @@ -2193,9 +2197,6 @@ static int __devinit atl1_probe(struct pci_dev *pdev,
4957 */
4958 /* netdev->features |= NETIF_F_TSO; */
4960 - if (pci_using_64)
4961 - netdev->features |= NETIF_F_HIGHDMA;
4962 -
4963 netdev->features |= NETIF_F_LLTX;
4965 /*
4966 diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
4967 index 6287ffb..0af7bc8 100644
4968 --- a/drivers/net/bonding/bond_main.c
4969 +++ b/drivers/net/bonding/bond_main.c
4970 @@ -1233,43 +1233,31 @@ int bond_sethwaddr(struct net_device *bond_dev, struct net_device *slave_dev)
4971 return 0;
4972 }
4974 -#define BOND_INTERSECT_FEATURES \
4975 - (NETIF_F_SG | NETIF_F_ALL_CSUM | NETIF_F_TSO | NETIF_F_UFO)
4976 +#define BOND_VLAN_FEATURES \
4977 + (NETIF_F_VLAN_CHALLENGED | NETIF_F_HW_VLAN_RX | NETIF_F_HW_VLAN_TX | \
4978 + NETIF_F_HW_VLAN_FILTER)
4980 /*
4981 * Compute the common dev->feature set available to all slaves. Some
4982 - * feature bits are managed elsewhere, so preserve feature bits set on
4983 - * master device that are not part of the examined set.
4984 + * feature bits are managed elsewhere, so preserve those feature bits
4985 + * on the master device.
4986 */
4987 static int bond_compute_features(struct bonding *bond)
4988 {
4989 - unsigned long features = BOND_INTERSECT_FEATURES;
4990 struct slave *slave;
4991 struct net_device *bond_dev = bond->dev;
4992 + unsigned long features = bond_dev->features & ~BOND_VLAN_FEATURES;
4993 unsigned short max_hard_header_len = ETH_HLEN;
4994 int i;
4996 bond_for_each_slave(bond, slave, i) {
4997 - features &= (slave->dev->features & BOND_INTERSECT_FEATURES);
4998 + features = netdev_compute_features(features,
4999 + slave->dev->features);
5000 if (slave->dev->hard_header_len > max_hard_header_len)
5001 max_hard_header_len = slave->dev->hard_header_len;
5002 }
5004 - if ((features & NETIF_F_SG) &&
5005 - !(features & NETIF_F_ALL_CSUM))
5006 - features &= ~NETIF_F_SG;
5007 -
5008 - /*
5009 - * features will include NETIF_F_TSO (NETIF_F_UFO) iff all
5010 - * slave devices support NETIF_F_TSO (NETIF_F_UFO), which
5011 - * implies that all slaves also support scatter-gather
5012 - * (NETIF_F_SG), which implies that features also includes
5013 - * NETIF_F_SG. So no need to check whether we have an
5014 - * illegal combination of NETIF_F_{TSO,UFO} and
5015 - * !NETIF_F_SG
5016 - */
5017 -
5018 - features |= (bond_dev->features & ~BOND_INTERSECT_FEATURES);
5019 + features |= (bond_dev->features & BOND_VLAN_FEATURES);
5020 bond_dev->features = features;
5021 bond_dev->hard_header_len = max_hard_header_len;
5023 diff --git a/drivers/net/cassini.c b/drivers/net/cassini.c
5024 index 59b9943..ad55baa 100644
5025 --- a/drivers/net/cassini.c
5026 +++ b/drivers/net/cassini.c
5027 @@ -336,30 +336,6 @@ static inline void cas_mask_intr(struct cas *cp)
5028 cas_disable_irq(cp, i);
5029 }
5031 -static inline void cas_buffer_init(cas_page_t *cp)
5032 -{
5033 - struct page *page = cp->buffer;
5034 - atomic_set((atomic_t *)&page->lru.next, 1);
5035 -}
5036 -
5037 -static inline int cas_buffer_count(cas_page_t *cp)
5038 -{
5039 - struct page *page = cp->buffer;
5040 - return atomic_read((atomic_t *)&page->lru.next);
5041 -}
5042 -
5043 -static inline void cas_buffer_inc(cas_page_t *cp)
5044 -{
5045 - struct page *page = cp->buffer;
5046 - atomic_inc((atomic_t *)&page->lru.next);
5047 -}
5048 -
5049 -static inline void cas_buffer_dec(cas_page_t *cp)
5050 -{
5051 - struct page *page = cp->buffer;
5052 - atomic_dec((atomic_t *)&page->lru.next);
5053 -}
5054 -
5055 static void cas_enable_irq(struct cas *cp, const int ring)
5056 {
5057 if (ring == 0) { /* all but TX_DONE */
5058 @@ -497,7 +473,6 @@ static int cas_page_free(struct cas *cp, cas_page_t *page)
5059 {
5060 pci_unmap_page(cp->pdev, page->dma_addr, cp->page_size,
5061 PCI_DMA_FROMDEVICE);
5062 - cas_buffer_dec(page);
5063 __free_pages(page->buffer, cp->page_order);
5064 kfree(page);
5065 return 0;
5066 @@ -527,7 +502,6 @@ static cas_page_t *cas_page_alloc(struct cas *cp, const gfp_t flags)
5067 page->buffer = alloc_pages(flags, cp->page_order);
5068 if (!page->buffer)
5069 goto page_err;
5070 - cas_buffer_init(page);
5071 page->dma_addr = pci_map_page(cp->pdev, page->buffer, 0,
5072 cp->page_size, PCI_DMA_FROMDEVICE);
5073 return page;
5074 @@ -606,7 +580,7 @@ static void cas_spare_recover(struct cas *cp, const gfp_t flags)
5075 list_for_each_safe(elem, tmp, &list) {
5076 cas_page_t *page = list_entry(elem, cas_page_t, list);
5078 - if (cas_buffer_count(page) > 1)
5079 + if (page_count(page->buffer) > 1)
5080 continue;
5082 list_del(elem);
5083 @@ -1374,7 +1348,7 @@ static inline cas_page_t *cas_page_spare(struct cas *cp, const int index)
5084 cas_page_t *page = cp->rx_pages[1][index];
5085 cas_page_t *new;
5087 - if (cas_buffer_count(page) == 1)
5088 + if (page_count(page->buffer) == 1)
5089 return page;
5091 new = cas_page_dequeue(cp);
5092 @@ -1394,7 +1368,7 @@ static cas_page_t *cas_page_swap(struct cas *cp, const int ring,
5093 cas_page_t **page1 = cp->rx_pages[1];
5095 /* swap if buffer is in use */
5096 - if (cas_buffer_count(page0[index]) > 1) {
5097 + if (page_count(page0[index]->buffer) > 1) {
5098 cas_page_t *new = cas_page_spare(cp, index);
5099 if (new) {
5100 page1[index] = page0[index];
5101 @@ -1979,6 +1953,7 @@ static int cas_rx_process_pkt(struct cas *cp, struct cas_rx_comp *rxc,
5102 struct cas_page *page;
5103 struct sk_buff *skb;
5104 void *addr, *crcaddr;
5105 + __sum16 csum;
5106 char *p;
5108 hlen = CAS_VAL(RX_COMP2_HDR_SIZE, words[1]);
5109 @@ -2062,10 +2037,10 @@ static int cas_rx_process_pkt(struct cas *cp, struct cas_rx_comp *rxc,
5111 skb_shinfo(skb)->nr_frags++;
5112 skb->data_len += hlen - swivel;
5113 + skb->truesize += hlen - swivel;
5114 skb->len += hlen - swivel;
5116 get_page(page->buffer);
5117 - cas_buffer_inc(page);
5118 frag->page = page->buffer;
5119 frag->page_offset = off;
5120 frag->size = hlen - swivel;
5121 @@ -2090,7 +2065,6 @@ static int cas_rx_process_pkt(struct cas *cp, struct cas_rx_comp *rxc,
5122 frag++;
5124 get_page(page->buffer);
5125 - cas_buffer_inc(page);
5126 frag->page = page->buffer;
5127 frag->page_offset = 0;
5128 frag->size = hlen;
5129 @@ -2158,14 +2132,15 @@ end_copy_pkt:
5130 skb_put(skb, alloclen);
5131 }
5133 - i = CAS_VAL(RX_COMP4_TCP_CSUM, words[3]);
5134 + csum = (__force __sum16)htons(CAS_VAL(RX_COMP4_TCP_CSUM, words[3]));
5135 if (cp->crc_size) {
5136 /* checksum includes FCS. strip it out. */
5137 - i = csum_fold(csum_partial(crcaddr, cp->crc_size, i));
5138 + csum = csum_fold(csum_partial(crcaddr, cp->crc_size,
5139 + csum_unfold(csum)));
5140 if (addr)
5141 cas_page_unmap(addr);
5142 }
5143 - skb->csum = ntohs(i ^ 0xffff);
5144 + skb->csum = csum_unfold(~csum);
5145 skb->ip_summed = CHECKSUM_COMPLETE;
5146 skb->protocol = eth_type_trans(skb, cp->dev);
5147 return len;
5148 @@ -2253,7 +2228,7 @@ static int cas_post_rxds_ringN(struct cas *cp, int ring, int num)
5149 released = 0;
5150 while (entry != last) {
5151 /* make a new buffer if it's still in use */
5152 - if (cas_buffer_count(page[entry]) > 1) {
5153 + if (page_count(page[entry]->buffer) > 1) {
5154 cas_page_t *new = cas_page_dequeue(cp);
5155 if (!new) {
5156 /* let the timer know that we need to
5157 diff --git a/drivers/net/cassini.h b/drivers/net/cassini.h
5158 index a970804..a201431 100644
5159 --- a/drivers/net/cassini.h
5160 +++ b/drivers/net/cassini.h
5161 @@ -4122,8 +4122,8 @@ cas_saturn_patch_t cas_saturn_patch[] = {
5162 inserted into
5163 outgoing frame. */
5164 struct cas_tx_desc {
5165 - u64 control;
5166 - u64 buffer;
5167 + __le64 control;
5168 + __le64 buffer;
5169 };
5171 /* descriptor ring for free buffers contains page-sized buffers. the index
5172 @@ -4131,8 +4131,8 @@ struct cas_tx_desc {
5173 * the completion ring.
5174 */
5175 struct cas_rx_desc {
5176 - u64 index;
5177 - u64 buffer;
5178 + __le64 index;
5179 + __le64 buffer;
5180 };
5182 /* received packets are put on the completion ring. */
5183 @@ -4210,10 +4210,10 @@ struct cas_rx_desc {
5184 #define RX_INDEX_RELEASE 0x0000000000002000ULL
5186 struct cas_rx_comp {
5187 - u64 word1;
5188 - u64 word2;
5189 - u64 word3;
5190 - u64 word4;
5191 + __le64 word1;
5192 + __le64 word2;
5193 + __le64 word3;
5194 + __le64 word4;
5195 };
5197 enum link_state {
5198 @@ -4252,7 +4252,7 @@ struct cas_init_block {
5199 struct cas_rx_comp rxcs[N_RX_COMP_RINGS][INIT_BLOCK_RX_COMP];
5200 struct cas_rx_desc rxds[N_RX_DESC_RINGS][INIT_BLOCK_RX_DESC];
5201 struct cas_tx_desc txds[N_TX_RINGS][INIT_BLOCK_TX];
5202 - u64 tx_compwb;
5203 + __le64 tx_compwb;
5204 };
5206 /* tiny buffers to deal with target abort issue. we allocate a bit
5207 diff --git a/drivers/net/chelsio/cxgb2.c b/drivers/net/chelsio/cxgb2.c
5208 index 231ce43..a82a1fa 100644
5209 --- a/drivers/net/chelsio/cxgb2.c
5210 +++ b/drivers/net/chelsio/cxgb2.c
5211 @@ -370,6 +370,8 @@ static char stats_strings[][ETH_GSTRING_LEN] = {
5212 "TxInternalMACXmitError",
5213 "TxFramesWithExcessiveDeferral",
5214 "TxFCSErrors",
5215 + "TxJumboFramesOk",
5216 + "TxJumboOctetsOk",
5218 "RxOctetsOK",
5219 "RxOctetsBad",
5220 @@ -388,15 +390,16 @@ static char stats_strings[][ETH_GSTRING_LEN] = {
5221 "RxInRangeLengthErrors",
5222 "RxOutOfRangeLengthField",
5223 "RxFrameTooLongErrors",
5224 + "RxJumboFramesOk",
5225 + "RxJumboOctetsOk",
5227 /* Port stats */
5228 - "RxPackets",
5229 "RxCsumGood",
5230 - "TxPackets",
5231 "TxCsumOffload",
5232 "TxTso",
5233 "RxVlan",
5234 "TxVlan",
5235 + "TxNeedHeadroom",
5237 /* Interrupt stats */
5238 "rx drops",
5239 @@ -454,23 +457,56 @@ static void get_stats(struct net_device *dev, struct ethtool_stats *stats,
5240 const struct cmac_statistics *s;
5241 const struct sge_intr_counts *t;
5242 struct sge_port_stats ss;
5243 - unsigned int len;
5245 s = mac->ops->statistics_update(mac, MAC_STATS_UPDATE_FULL);
5246 -
5247 - len = sizeof(u64)*(&s->TxFCSErrors + 1 - &s->TxOctetsOK);
5248 - memcpy(data, &s->TxOctetsOK, len);
5249 - data += len;
5250 -
5251 - len = sizeof(u64)*(&s->RxFrameTooLongErrors + 1 - &s->RxOctetsOK);
5252 - memcpy(data, &s->RxOctetsOK, len);
5253 - data += len;
5254 -
5255 + t = t1_sge_get_intr_counts(adapter->sge);
5256 t1_sge_get_port_stats(adapter->sge, dev->if_port, &ss);
5257 - memcpy(data, &ss, sizeof(ss));
5258 - data += sizeof(ss);
5260 - t = t1_sge_get_intr_counts(adapter->sge);
5261 + *data++ = s->TxOctetsOK;
5262 + *data++ = s->TxOctetsBad;
5263 + *data++ = s->TxUnicastFramesOK;
5264 + *data++ = s->TxMulticastFramesOK;
5265 + *data++ = s->TxBroadcastFramesOK;
5266 + *data++ = s->TxPauseFrames;
5267 + *data++ = s->TxFramesWithDeferredXmissions;
5268 + *data++ = s->TxLateCollisions;
5269 + *data++ = s->TxTotalCollisions;
5270 + *data++ = s->TxFramesAbortedDueToXSCollisions;
5271 + *data++ = s->TxUnderrun;
5272 + *data++ = s->TxLengthErrors;
5273 + *data++ = s->TxInternalMACXmitError;
5274 + *data++ = s->TxFramesWithExcessiveDeferral;
5275 + *data++ = s->TxFCSErrors;
5276 + *data++ = s->TxJumboFramesOK;
5277 + *data++ = s->TxJumboOctetsOK;
5278 +
5279 + *data++ = s->RxOctetsOK;
5280 + *data++ = s->RxOctetsBad;
5281 + *data++ = s->RxUnicastFramesOK;
5282 + *data++ = s->RxMulticastFramesOK;
5283 + *data++ = s->RxBroadcastFramesOK;
5284 + *data++ = s->RxPauseFrames;
5285 + *data++ = s->RxFCSErrors;
5286 + *data++ = s->RxAlignErrors;
5287 + *data++ = s->RxSymbolErrors;
5288 + *data++ = s->RxDataErrors;
5289 + *data++ = s->RxSequenceErrors;
5290 + *data++ = s->RxRuntErrors;
5291 + *data++ = s->RxJabberErrors;
5292 + *data++ = s->RxInternalMACRcvError;
5293 + *data++ = s->RxInRangeLengthErrors;
5294 + *data++ = s->RxOutOfRangeLengthField;
5295 + *data++ = s->RxFrameTooLongErrors;
5296 + *data++ = s->RxJumboFramesOK;
5297 + *data++ = s->RxJumboOctetsOK;
5298 +
5299 + *data++ = ss.rx_cso_good;
5300 + *data++ = ss.tx_cso;
5301 + *data++ = ss.tx_tso;
5302 + *data++ = ss.vlan_xtract;
5303 + *data++ = ss.vlan_insert;
5304 + *data++ = ss.tx_need_hdrroom;
5305 +
5306 *data++ = t->rx_drops;
5307 *data++ = t->pure_rsps;
5308 *data++ = t->unhandled_irqs;
5309 diff --git a/drivers/net/chelsio/pm3393.c b/drivers/net/chelsio/pm3393.c
5310 index 678778a..2117c4f 100644
5311 --- a/drivers/net/chelsio/pm3393.c
5312 +++ b/drivers/net/chelsio/pm3393.c
5313 @@ -45,7 +45,7 @@
5315 #include <linux/crc32.h>
5317 -#define OFFSET(REG_ADDR) (REG_ADDR << 2)
5318 +#define OFFSET(REG_ADDR) ((REG_ADDR) << 2)
5320 /* Max frame size PM3393 can handle. Includes Ethernet header and CRC. */
5321 #define MAX_FRAME_SIZE 9600
5322 @@ -428,69 +428,26 @@ static int pm3393_set_speed_duplex_fc(struct cmac *cmac, int speed, int duplex,
5323 return 0;
5324 }
5326 -static void pm3393_rmon_update(struct adapter *adapter, u32 offs, u64 *val,
5327 - int over)
5328 -{
5329 - u32 val0, val1, val2;
5330 -
5331 - t1_tpi_read(adapter, offs, &val0);
5332 - t1_tpi_read(adapter, offs + 4, &val1);
5333 - t1_tpi_read(adapter, offs + 8, &val2);
5334 -
5335 - *val &= ~0ull << 40;
5336 - *val |= val0 & 0xffff;
5337 - *val |= (val1 & 0xffff) << 16;
5338 - *val |= (u64)(val2 & 0xff) << 32;
5339 -
5340 - if (over)
5341 - *val += 1ull << 40;
5342 +#define RMON_UPDATE(mac, name, stat_name) \
5343 +{ \
5344 + t1_tpi_read((mac)->adapter, OFFSET(name), &val0); \
5345 + t1_tpi_read((mac)->adapter, OFFSET((name)+1), &val1); \
5346 + t1_tpi_read((mac)->adapter, OFFSET((name)+2), &val2); \
5347 + (mac)->stats.stat_name = (u64)(val0 & 0xffff) | \
5348 + ((u64)(val1 & 0xffff) << 16) | \
5349 + ((u64)(val2 & 0xff) << 32) | \
5350 + ((mac)->stats.stat_name & \
5351 + 0xffffff0000000000ULL); \
5352 + if (ro & \
5353 + (1ULL << ((name - SUNI1x10GEXP_REG_MSTAT_COUNTER_0_LOW) >> 2))) \
5354 + (mac)->stats.stat_name += 1ULL << 40; \
5355 }
5357 static const struct cmac_statistics *pm3393_update_statistics(struct cmac *mac,
5358 int flag)
5359 {
5360 - static struct {
5361 - unsigned int reg;
5362 - unsigned int offset;
5363 - } hw_stats [] = {
5364 -
5365 -#define HW_STAT(name, stat_name) \
5366 - { name, (&((struct cmac_statistics *)NULL)->stat_name) - (u64 *)NULL }
5367 -
5368 - /* Rx stats */
5369 - HW_STAT(RxOctetsReceivedOK, RxOctetsOK),
5370 - HW_STAT(RxUnicastFramesReceivedOK, RxUnicastFramesOK),
5371 - HW_STAT(RxMulticastFramesReceivedOK, RxMulticastFramesOK),
5372 - HW_STAT(RxBroadcastFramesReceivedOK, RxBroadcastFramesOK),
5373 - HW_STAT(RxPAUSEMACCtrlFramesReceived, RxPauseFrames),
5374 - HW_STAT(RxFrameCheckSequenceErrors, RxFCSErrors),
5375 - HW_STAT(RxFramesLostDueToInternalMACErrors,
5376 - RxInternalMACRcvError),
5377 - HW_STAT(RxSymbolErrors, RxSymbolErrors),
5378 - HW_STAT(RxInRangeLengthErrors, RxInRangeLengthErrors),
5379 - HW_STAT(RxFramesTooLongErrors , RxFrameTooLongErrors),
5380 - HW_STAT(RxJabbers, RxJabberErrors),
5381 - HW_STAT(RxFragments, RxRuntErrors),
5382 - HW_STAT(RxUndersizedFrames, RxRuntErrors),
5383 - HW_STAT(RxJumboFramesReceivedOK, RxJumboFramesOK),
5384 - HW_STAT(RxJumboOctetsReceivedOK, RxJumboOctetsOK),
5385 -
5386 - /* Tx stats */
5387 - HW_STAT(TxOctetsTransmittedOK, TxOctetsOK),
5388 - HW_STAT(TxFramesLostDueToInternalMACTransmissionError,
5389 - TxInternalMACXmitError),
5390 - HW_STAT(TxTransmitSystemError, TxFCSErrors),
5391 - HW_STAT(TxUnicastFramesTransmittedOK, TxUnicastFramesOK),
5392 - HW_STAT(TxMulticastFramesTransmittedOK, TxMulticastFramesOK),
5393 - HW_STAT(TxBroadcastFramesTransmittedOK, TxBroadcastFramesOK),
5394 - HW_STAT(TxPAUSEMACCtrlFramesTransmitted, TxPauseFrames),
5395 - HW_STAT(TxJumboFramesReceivedOK, TxJumboFramesOK),
5396 - HW_STAT(TxJumboOctetsReceivedOK, TxJumboOctetsOK)
5397 - }, *p = hw_stats;
5398 - u64 ro;
5399 - u32 val0, val1, val2, val3;
5400 - u64 *stats = (u64 *) &mac->stats;
5401 - unsigned int i;
5402 + u64 ro;
5403 + u32 val0, val1, val2, val3;
5405 /* Snap the counters */
5406 pmwrite(mac, SUNI1x10GEXP_REG_MSTAT_CONTROL,
5407 @@ -504,14 +461,35 @@ static const struct cmac_statistics *pm3393_update_statistics(struct cmac *mac,
5408 ro = ((u64)val0 & 0xffff) | (((u64)val1 & 0xffff) << 16) |
5409 (((u64)val2 & 0xffff) << 32) | (((u64)val3 & 0xffff) << 48);
5411 - for (i = 0; i < ARRAY_SIZE(hw_stats); i++) {
5412 - unsigned reg = p->reg - SUNI1x10GEXP_REG_MSTAT_COUNTER_0_LOW;
5413 -
5414 - pm3393_rmon_update((mac)->adapter, OFFSET(p->reg),
5415 - stats + p->offset, ro & (reg >> 2));
5416 - }
5417 -
5418 -
5419 + /* Rx stats */
5420 + RMON_UPDATE(mac, RxOctetsReceivedOK, RxOctetsOK);
5421 + RMON_UPDATE(mac, RxUnicastFramesReceivedOK, RxUnicastFramesOK);
5422 + RMON_UPDATE(mac, RxMulticastFramesReceivedOK, RxMulticastFramesOK);
5423 + RMON_UPDATE(mac, RxBroadcastFramesReceivedOK, RxBroadcastFramesOK);
5424 + RMON_UPDATE(mac, RxPAUSEMACCtrlFramesReceived, RxPauseFrames);
5425 + RMON_UPDATE(mac, RxFrameCheckSequenceErrors, RxFCSErrors);
5426 + RMON_UPDATE(mac, RxFramesLostDueToInternalMACErrors,
5427 + RxInternalMACRcvError);
5428 + RMON_UPDATE(mac, RxSymbolErrors, RxSymbolErrors);
5429 + RMON_UPDATE(mac, RxInRangeLengthErrors, RxInRangeLengthErrors);
5430 + RMON_UPDATE(mac, RxFramesTooLongErrors , RxFrameTooLongErrors);
5431 + RMON_UPDATE(mac, RxJabbers, RxJabberErrors);
5432 + RMON_UPDATE(mac, RxFragments, RxRuntErrors);
5433 + RMON_UPDATE(mac, RxUndersizedFrames, RxRuntErrors);
5434 + RMON_UPDATE(mac, RxJumboFramesReceivedOK, RxJumboFramesOK);
5435 + RMON_UPDATE(mac, RxJumboOctetsReceivedOK, RxJumboOctetsOK);
5436 +
5437 + /* Tx stats */
5438 + RMON_UPDATE(mac, TxOctetsTransmittedOK, TxOctetsOK);
5439 + RMON_UPDATE(mac, TxFramesLostDueToInternalMACTransmissionError,
5440 + TxInternalMACXmitError);
5441 + RMON_UPDATE(mac, TxTransmitSystemError, TxFCSErrors);
5442 + RMON_UPDATE(mac, TxUnicastFramesTransmittedOK, TxUnicastFramesOK);
5443 + RMON_UPDATE(mac, TxMulticastFramesTransmittedOK, TxMulticastFramesOK);
5444 + RMON_UPDATE(mac, TxBroadcastFramesTransmittedOK, TxBroadcastFramesOK);
5445 + RMON_UPDATE(mac, TxPAUSEMACCtrlFramesTransmitted, TxPauseFrames);
5446 + RMON_UPDATE(mac, TxJumboFramesReceivedOK, TxJumboFramesOK);
5447 + RMON_UPDATE(mac, TxJumboOctetsReceivedOK, TxJumboOctetsOK);
5449 return &mac->stats;
5450 }
5451 diff --git a/drivers/net/chelsio/sge.c b/drivers/net/chelsio/sge.c
5452 index e4f874a..d77f1eb 100644
5453 --- a/drivers/net/chelsio/sge.c
5454 +++ b/drivers/net/chelsio/sge.c
5455 @@ -986,11 +986,10 @@ void t1_sge_get_port_stats(const struct sge *sge, int port,
5456 for_each_possible_cpu(cpu) {
5457 struct sge_port_stats *st = per_cpu_ptr(sge->port_stats[port], cpu);
5459 - ss->rx_packets += st->rx_packets;
5460 ss->rx_cso_good += st->rx_cso_good;
5461 - ss->tx_packets += st->tx_packets;
5462 ss->tx_cso += st->tx_cso;
5463 ss->tx_tso += st->tx_tso;
5464 + ss->tx_need_hdrroom += st->tx_need_hdrroom;
5465 ss->vlan_xtract += st->vlan_xtract;
5466 ss->vlan_insert += st->vlan_insert;
5467 }
5468 @@ -1379,11 +1378,10 @@ static void sge_rx(struct sge *sge, struct freelQ *fl, unsigned int len)
5469 }
5470 __skb_pull(skb, sizeof(*p));
5472 - skb->dev->last_rx = jiffies;
5473 st = per_cpu_ptr(sge->port_stats[p->iff], smp_processor_id());
5474 - st->rx_packets++;
5476 skb->protocol = eth_type_trans(skb, adapter->port[p->iff].dev);
5477 + skb->dev->last_rx = jiffies;
5478 if ((adapter->flags & RX_CSUM_ENABLED) && p->csum == 0xffff &&
5479 skb->protocol == htons(ETH_P_IP) &&
5480 (skb->data[9] == IPPROTO_TCP || skb->data[9] == IPPROTO_UDP)) {
5481 @@ -1851,7 +1849,8 @@ int t1_start_xmit(struct sk_buff *skb, struct net_device *dev)
5482 {
5483 struct adapter *adapter = dev->priv;
5484 struct sge *sge = adapter->sge;
5485 - struct sge_port_stats *st = per_cpu_ptr(sge->port_stats[dev->if_port], smp_processor_id());
5486 + struct sge_port_stats *st = per_cpu_ptr(sge->port_stats[dev->if_port],
5487 + smp_processor_id());
5488 struct cpl_tx_pkt *cpl;
5489 struct sk_buff *orig_skb = skb;
5490 int ret;
5491 @@ -1859,6 +1858,18 @@ int t1_start_xmit(struct sk_buff *skb, struct net_device *dev)
5492 if (skb->protocol == htons(ETH_P_CPL5))
5493 goto send;
5495 + /*
5496 + * We are using a non-standard hard_header_len.
5497 + * Allocate more header room in the rare cases it is not big enough.
5498 + */
5499 + if (unlikely(skb_headroom(skb) < dev->hard_header_len - ETH_HLEN)) {
5500 + skb = skb_realloc_headroom(skb, sizeof(struct cpl_tx_pkt_lso));
5501 + ++st->tx_need_hdrroom;
5502 + dev_kfree_skb_any(orig_skb);
5503 + if (!skb)
5504 + return NETDEV_TX_OK;
5505 + }
5506 +
5507 if (skb_shinfo(skb)->gso_size) {
5508 int eth_type;
5509 struct cpl_tx_pkt_lso *hdr;
5510 @@ -1892,24 +1903,6 @@ int t1_start_xmit(struct sk_buff *skb, struct net_device *dev)
5511 return NETDEV_TX_OK;
5512 }
5514 - /*
5515 - * We are using a non-standard hard_header_len and some kernel
5516 - * components, such as pktgen, do not handle it right.
5517 - * Complain when this happens but try to fix things up.
5518 - */
5519 - if (unlikely(skb_headroom(skb) < dev->hard_header_len - ETH_HLEN)) {
5520 - pr_debug("%s: headroom %d header_len %d\n", dev->name,
5521 - skb_headroom(skb), dev->hard_header_len);
5522 -
5523 - if (net_ratelimit())
5524 - printk(KERN_ERR "%s: inadequate headroom in "
5525 - "Tx packet\n", dev->name);
5526 - skb = skb_realloc_headroom(skb, sizeof(*cpl));
5527 - dev_kfree_skb_any(orig_skb);
5528 - if (!skb)
5529 - return NETDEV_TX_OK;
5530 - }
5531 -
5532 if (!(adapter->flags & UDP_CSUM_CAPABLE) &&
5533 skb->ip_summed == CHECKSUM_PARTIAL &&
5534 ip_hdr(skb)->protocol == IPPROTO_UDP) {
5535 @@ -1955,7 +1948,6 @@ int t1_start_xmit(struct sk_buff *skb, struct net_device *dev)
5536 cpl->vlan_valid = 0;
5538 send:
5539 - st->tx_packets++;
5540 dev->trans_start = jiffies;
5541 ret = t1_sge_tx(skb, adapter, 0, dev);
5543 diff --git a/drivers/net/chelsio/sge.h b/drivers/net/chelsio/sge.h
5544 index d132a0e..80165f9 100644
5545 --- a/drivers/net/chelsio/sge.h
5546 +++ b/drivers/net/chelsio/sge.h
5547 @@ -57,13 +57,12 @@ struct sge_intr_counts {
5548 };
5550 struct sge_port_stats {
5551 - u64 rx_packets; /* # of Ethernet packets received */
5552 u64 rx_cso_good; /* # of successful RX csum offloads */
5553 - u64 tx_packets; /* # of TX packets */
5554 u64 tx_cso; /* # of TX checksum offloads */
5555 u64 tx_tso; /* # of TSO requests */
5556 u64 vlan_xtract; /* # of VLAN tag extractions */
5557 u64 vlan_insert; /* # of VLAN tag insertions */
5558 + u64 tx_need_hdrroom; /* # of TX skbs in need of more header room */
5559 };
5561 struct sk_buff;
5562 diff --git a/drivers/net/forcedeth.c b/drivers/net/forcedeth.c
5563 index 42ba1c0..36b3a66 100644
5564 --- a/drivers/net/forcedeth.c
5565 +++ b/drivers/net/forcedeth.c
5566 @@ -550,6 +550,8 @@ union ring_type {
5567 /* PHY defines */
5568 #define PHY_OUI_MARVELL 0x5043
5569 #define PHY_OUI_CICADA 0x03f1
5570 +#define PHY_OUI_VITESSE 0x01c1
5571 +#define PHY_OUI_REALTEK 0x0732
5572 #define PHYID1_OUI_MASK 0x03ff
5573 #define PHYID1_OUI_SHFT 6
5574 #define PHYID2_OUI_MASK 0xfc00
5575 @@ -557,12 +559,36 @@ union ring_type {
5576 #define PHYID2_MODEL_MASK 0x03f0
5577 #define PHY_MODEL_MARVELL_E3016 0x220
5578 #define PHY_MARVELL_E3016_INITMASK 0x0300
5579 -#define PHY_INIT1 0x0f000
5580 -#define PHY_INIT2 0x0e00
5581 -#define PHY_INIT3 0x01000
5582 -#define PHY_INIT4 0x0200
5583 -#define PHY_INIT5 0x0004
5584 -#define PHY_INIT6 0x02000
5585 +#define PHY_CICADA_INIT1 0x0f000
5586 +#define PHY_CICADA_INIT2 0x0e00
5587 +#define PHY_CICADA_INIT3 0x01000
5588 +#define PHY_CICADA_INIT4 0x0200
5589 +#define PHY_CICADA_INIT5 0x0004
5590 +#define PHY_CICADA_INIT6 0x02000
5591 +#define PHY_VITESSE_INIT_REG1 0x1f
5592 +#define PHY_VITESSE_INIT_REG2 0x10
5593 +#define PHY_VITESSE_INIT_REG3 0x11
5594 +#define PHY_VITESSE_INIT_REG4 0x12
5595 +#define PHY_VITESSE_INIT_MSK1 0xc
5596 +#define PHY_VITESSE_INIT_MSK2 0x0180
5597 +#define PHY_VITESSE_INIT1 0x52b5
5598 +#define PHY_VITESSE_INIT2 0xaf8a
5599 +#define PHY_VITESSE_INIT3 0x8
5600 +#define PHY_VITESSE_INIT4 0x8f8a
5601 +#define PHY_VITESSE_INIT5 0xaf86
5602 +#define PHY_VITESSE_INIT6 0x8f86
5603 +#define PHY_VITESSE_INIT7 0xaf82
5604 +#define PHY_VITESSE_INIT8 0x0100
5605 +#define PHY_VITESSE_INIT9 0x8f82
5606 +#define PHY_VITESSE_INIT10 0x0
5607 +#define PHY_REALTEK_INIT_REG1 0x1f
5608 +#define PHY_REALTEK_INIT_REG2 0x19
5609 +#define PHY_REALTEK_INIT_REG3 0x13
5610 +#define PHY_REALTEK_INIT1 0x0000
5611 +#define PHY_REALTEK_INIT2 0x8e00
5612 +#define PHY_REALTEK_INIT3 0x0001
5613 +#define PHY_REALTEK_INIT4 0xad17
5614 +
5615 #define PHY_GIGABIT 0x0100
5617 #define PHY_TIMEOUT 0x1
5618 @@ -961,7 +987,7 @@ static void nv_enable_irq(struct net_device *dev)
5619 if (np->msi_flags & NV_MSI_X_ENABLED)
5620 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5621 else
5622 - enable_irq(dev->irq);
5623 + enable_irq(np->pci_dev->irq);
5624 } else {
5625 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_RX].vector);
5626 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_TX].vector);
5627 @@ -977,7 +1003,7 @@ static void nv_disable_irq(struct net_device *dev)
5628 if (np->msi_flags & NV_MSI_X_ENABLED)
5629 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5630 else
5631 - disable_irq(dev->irq);
5632 + disable_irq(np->pci_dev->irq);
5633 } else {
5634 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_RX].vector);
5635 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_TX].vector);
5636 @@ -1096,6 +1122,28 @@ static int phy_init(struct net_device *dev)
5637 return PHY_ERROR;
5638 }
5639 }
5640 + if (np->phy_oui == PHY_OUI_REALTEK) {
5641 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT1)) {
5642 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5643 + return PHY_ERROR;
5644 + }
5645 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG2, PHY_REALTEK_INIT2)) {
5646 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5647 + return PHY_ERROR;
5648 + }
5649 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT3)) {
5650 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5651 + return PHY_ERROR;
5652 + }
5653 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG3, PHY_REALTEK_INIT4)) {
5654 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5655 + return PHY_ERROR;
5656 + }
5657 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT1)) {
5658 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5659 + return PHY_ERROR;
5660 + }
5661 + }
5663 /* set advertise register */
5664 reg = mii_rw(dev, np->phyaddr, MII_ADVERTISE, MII_READ);
5665 @@ -1141,14 +1189,14 @@ static int phy_init(struct net_device *dev)
5666 /* phy vendor specific configuration */
5667 if ((np->phy_oui == PHY_OUI_CICADA) && (phyinterface & PHY_RGMII) ) {
5668 phy_reserved = mii_rw(dev, np->phyaddr, MII_RESV1, MII_READ);
5669 - phy_reserved &= ~(PHY_INIT1 | PHY_INIT2);
5670 - phy_reserved |= (PHY_INIT3 | PHY_INIT4);
5671 + phy_reserved &= ~(PHY_CICADA_INIT1 | PHY_CICADA_INIT2);
5672 + phy_reserved |= (PHY_CICADA_INIT3 | PHY_CICADA_INIT4);
5673 if (mii_rw(dev, np->phyaddr, MII_RESV1, phy_reserved)) {
5674 printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5675 return PHY_ERROR;
5676 }
5677 phy_reserved = mii_rw(dev, np->phyaddr, MII_NCONFIG, MII_READ);
5678 - phy_reserved |= PHY_INIT5;
5679 + phy_reserved |= PHY_CICADA_INIT5;
5680 if (mii_rw(dev, np->phyaddr, MII_NCONFIG, phy_reserved)) {
5681 printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5682 return PHY_ERROR;
5683 @@ -1156,12 +1204,106 @@ static int phy_init(struct net_device *dev)
5684 }
5685 if (np->phy_oui == PHY_OUI_CICADA) {
5686 phy_reserved = mii_rw(dev, np->phyaddr, MII_SREVISION, MII_READ);
5687 - phy_reserved |= PHY_INIT6;
5688 + phy_reserved |= PHY_CICADA_INIT6;
5689 if (mii_rw(dev, np->phyaddr, MII_SREVISION, phy_reserved)) {
5690 printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5691 return PHY_ERROR;
5692 }
5693 }
5694 + if (np->phy_oui == PHY_OUI_VITESSE) {
5695 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG1, PHY_VITESSE_INIT1)) {
5696 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5697 + return PHY_ERROR;
5698 + }
5699 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT2)) {
5700 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5701 + return PHY_ERROR;
5702 + }
5703 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, MII_READ);
5704 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, phy_reserved)) {
5705 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5706 + return PHY_ERROR;
5707 + }
5708 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, MII_READ);
5709 + phy_reserved &= ~PHY_VITESSE_INIT_MSK1;
5710 + phy_reserved |= PHY_VITESSE_INIT3;
5711 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, phy_reserved)) {
5712 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5713 + return PHY_ERROR;
5714 + }
5715 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT4)) {
5716 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5717 + return PHY_ERROR;
5718 + }
5719 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT5)) {
5720 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5721 + return PHY_ERROR;
5722 + }
5723 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, MII_READ);
5724 + phy_reserved &= ~PHY_VITESSE_INIT_MSK1;
5725 + phy_reserved |= PHY_VITESSE_INIT3;
5726 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, phy_reserved)) {
5727 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5728 + return PHY_ERROR;
5729 + }
5730 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, MII_READ);
5731 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, phy_reserved)) {
5732 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5733 + return PHY_ERROR;
5734 + }
5735 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT6)) {
5736 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5737 + return PHY_ERROR;
5738 + }
5739 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT7)) {
5740 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5741 + return PHY_ERROR;
5742 + }
5743 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, MII_READ);
5744 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, phy_reserved)) {
5745 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5746 + return PHY_ERROR;
5747 + }
5748 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, MII_READ);
5749 + phy_reserved &= ~PHY_VITESSE_INIT_MSK2;
5750 + phy_reserved |= PHY_VITESSE_INIT8;
5751 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, phy_reserved)) {
5752 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5753 + return PHY_ERROR;
5754 + }
5755 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT9)) {
5756 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5757 + return PHY_ERROR;
5758 + }
5759 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG1, PHY_VITESSE_INIT10)) {
5760 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5761 + return PHY_ERROR;
5762 + }
5763 + }
5764 + if (np->phy_oui == PHY_OUI_REALTEK) {
5765 + /* reset could have cleared these out, set them back */
5766 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT1)) {
5767 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5768 + return PHY_ERROR;
5769 + }
5770 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG2, PHY_REALTEK_INIT2)) {
5771 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5772 + return PHY_ERROR;
5773 + }
5774 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT3)) {
5775 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5776 + return PHY_ERROR;
5777 + }
5778 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG3, PHY_REALTEK_INIT4)) {
5779 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5780 + return PHY_ERROR;
5781 + }
5782 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT1)) {
5783 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5784 + return PHY_ERROR;
5785 + }
5786 + }
5787 +
5788 /* some phys clear out pause advertisment on reset, set it back */
5789 mii_rw(dev, np->phyaddr, MII_ADVERTISE, reg);
5791 @@ -1458,7 +1600,7 @@ static void nv_do_rx_refill(unsigned long data)
5792 if (np->msi_flags & NV_MSI_X_ENABLED)
5793 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5794 else
5795 - disable_irq(dev->irq);
5796 + disable_irq(np->pci_dev->irq);
5797 } else {
5798 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_RX].vector);
5799 }
5800 @@ -1476,7 +1618,7 @@ static void nv_do_rx_refill(unsigned long data)
5801 if (np->msi_flags & NV_MSI_X_ENABLED)
5802 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5803 else
5804 - enable_irq(dev->irq);
5805 + enable_irq(np->pci_dev->irq);
5806 } else {
5807 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_RX].vector);
5808 }
5809 @@ -2925,8 +3067,8 @@ static irqreturn_t nv_nic_irq(int foo, void *data)
5810 np->nic_poll_irq = np->irqmask;
5811 mod_timer(&np->nic_poll, jiffies + POLL_WAIT);
5812 }
5813 - printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq.\n", dev->name, i);
5814 spin_unlock(&np->lock);
5815 + printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq.\n", dev->name, i);
5816 break;
5817 }
5819 @@ -3043,8 +3185,8 @@ static irqreturn_t nv_nic_irq_optimized(int foo, void *data)
5820 np->nic_poll_irq = np->irqmask;
5821 mod_timer(&np->nic_poll, jiffies + POLL_WAIT);
5822 }
5823 - printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq.\n", dev->name, i);
5824 spin_unlock(&np->lock);
5825 + printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq.\n", dev->name, i);
5826 break;
5827 }
5829 @@ -3090,8 +3232,8 @@ static irqreturn_t nv_nic_irq_tx(int foo, void *data)
5830 np->nic_poll_irq |= NVREG_IRQ_TX_ALL;
5831 mod_timer(&np->nic_poll, jiffies + POLL_WAIT);
5832 }
5833 - printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_tx.\n", dev->name, i);
5834 spin_unlock_irqrestore(&np->lock, flags);
5835 + printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_tx.\n", dev->name, i);
5836 break;
5837 }
5839 @@ -3205,8 +3347,8 @@ static irqreturn_t nv_nic_irq_rx(int foo, void *data)
5840 np->nic_poll_irq |= NVREG_IRQ_RX_ALL;
5841 mod_timer(&np->nic_poll, jiffies + POLL_WAIT);
5842 }
5843 - printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_rx.\n", dev->name, i);
5844 spin_unlock_irqrestore(&np->lock, flags);
5845 + printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_rx.\n", dev->name, i);
5846 break;
5847 }
5848 }
5849 @@ -3278,8 +3420,8 @@ static irqreturn_t nv_nic_irq_other(int foo, void *data)
5850 np->nic_poll_irq |= NVREG_IRQ_OTHER;
5851 mod_timer(&np->nic_poll, jiffies + POLL_WAIT);
5852 }
5853 - printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_other.\n", dev->name, i);
5854 spin_unlock_irqrestore(&np->lock, flags);
5855 + printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_other.\n", dev->name, i);
5856 break;
5857 }
5859 @@ -3414,10 +3556,12 @@ static int nv_request_irq(struct net_device *dev, int intr_test)
5860 if (ret != 0 && np->msi_flags & NV_MSI_CAPABLE) {
5861 if ((ret = pci_enable_msi(np->pci_dev)) == 0) {
5862 np->msi_flags |= NV_MSI_ENABLED;
5863 + dev->irq = np->pci_dev->irq;
5864 if (request_irq(np->pci_dev->irq, handler, IRQF_SHARED, dev->name, dev) != 0) {
5865 printk(KERN_INFO "forcedeth: request_irq failed %d\n", ret);
5866 pci_disable_msi(np->pci_dev);
5867 np->msi_flags &= ~NV_MSI_ENABLED;
5868 + dev->irq = np->pci_dev->irq;
5869 goto out_err;
5870 }
5872 @@ -3480,7 +3624,7 @@ static void nv_do_nic_poll(unsigned long data)
5873 if (np->msi_flags & NV_MSI_X_ENABLED)
5874 disable_irq_lockdep(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5875 else
5876 - disable_irq_lockdep(dev->irq);
5877 + disable_irq_lockdep(np->pci_dev->irq);
5878 mask = np->irqmask;
5879 } else {
5880 if (np->nic_poll_irq & NVREG_IRQ_RX_ALL) {
5881 @@ -3498,6 +3642,8 @@ static void nv_do_nic_poll(unsigned long data)
5882 }
5883 np->nic_poll_irq = 0;
5885 + /* disable_irq() contains synchronize_irq, thus no irq handler can run now */
5886 +
5887 if (np->recover_error) {
5888 np->recover_error = 0;
5889 printk(KERN_INFO "forcedeth: MAC in recoverable error state\n");
5890 @@ -3534,7 +3680,6 @@ static void nv_do_nic_poll(unsigned long data)
5891 }
5892 }
5894 - /* FIXME: Do we need synchronize_irq(dev->irq) here? */
5896 writel(mask, base + NvRegIrqMask);
5897 pci_push(base);
5898 @@ -3547,7 +3692,7 @@ static void nv_do_nic_poll(unsigned long data)
5899 if (np->msi_flags & NV_MSI_X_ENABLED)
5900 enable_irq_lockdep(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5901 else
5902 - enable_irq_lockdep(dev->irq);
5903 + enable_irq_lockdep(np->pci_dev->irq);
5904 } else {
5905 if (np->nic_poll_irq & NVREG_IRQ_RX_ALL) {
5906 nv_nic_irq_rx(0, dev);
5907 @@ -4801,7 +4946,7 @@ static int nv_close(struct net_device *dev)
5908 np->in_shutdown = 1;
5909 spin_unlock_irq(&np->lock);
5910 netif_poll_disable(dev);
5911 - synchronize_irq(dev->irq);
5912 + synchronize_irq(np->pci_dev->irq);
5914 del_timer_sync(&np->oom_kick);
5915 del_timer_sync(&np->nic_poll);
5916 @@ -5138,19 +5283,15 @@ static int __devinit nv_probe(struct pci_dev *pci_dev, const struct pci_device_i
5917 if (readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_SYNC_PHY_INIT) {
5918 np->mac_in_use = readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_MGMT_ST;
5919 dprintk(KERN_INFO "%s: mgmt unit is running. mac in use %x.\n", pci_name(pci_dev), np->mac_in_use);
5920 - for (i = 0; i < 5000; i++) {
5921 - msleep(1);
5922 - if (nv_mgmt_acquire_sema(dev)) {
5923 - /* management unit setup the phy already? */
5924 - if ((readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_SYNC_MASK) ==
5925 - NVREG_XMITCTL_SYNC_PHY_INIT) {
5926 - /* phy is inited by mgmt unit */
5927 - phyinitialized = 1;
5928 - dprintk(KERN_INFO "%s: Phy already initialized by mgmt unit.\n", pci_name(pci_dev));
5929 - } else {
5930 - /* we need to init the phy */
5931 - }
5932 - break;
5933 + if (nv_mgmt_acquire_sema(dev)) {
5934 + /* management unit setup the phy already? */
5935 + if ((readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_SYNC_MASK) ==
5936 + NVREG_XMITCTL_SYNC_PHY_INIT) {
5937 + /* phy is inited by mgmt unit */
5938 + phyinitialized = 1;
5939 + dprintk(KERN_INFO "%s: Phy already initialized by mgmt unit.\n", pci_name(pci_dev));
5940 + } else {
5941 + /* we need to init the phy */
5942 }
5943 }
5944 }
5945 @@ -5408,6 +5549,22 @@ static struct pci_device_id pci_tbl[] = {
5946 PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_27),
5947 .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_HIGH_DMA|DEV_HAS_POWER_CNTRL|DEV_HAS_MSI|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
5948 },
5949 + { /* MCP79 Ethernet Controller */
5950 + PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_36),
5951 + .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
5952 + },
5953 + { /* MCP79 Ethernet Controller */
5954 + PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_37),
5955 + .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
5956 + },
5957 + { /* MCP79 Ethernet Controller */
5958 + PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_38),
5959 + .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
5960 + },
5961 + { /* MCP79 Ethernet Controller */
5962 + PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_39),
5963 + .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
5964 + },
5965 {0,},
5966 };
5968 diff --git a/drivers/net/natsemi.c b/drivers/net/natsemi.c
5969 index 460a087..41f68ec 100644
5970 --- a/drivers/net/natsemi.c
5971 +++ b/drivers/net/natsemi.c
5972 @@ -671,7 +671,7 @@ static ssize_t natsemi_show_##_name(struct device *dev, \
5973 #define NATSEMI_CREATE_FILE(_dev, _name) \
5974 device_create_file(&_dev->dev, &dev_attr_##_name)
5975 #define NATSEMI_REMOVE_FILE(_dev, _name) \
5976 - device_create_file(&_dev->dev, &dev_attr_##_name)
5977 + device_remove_file(&_dev->dev, &dev_attr_##_name)
5979 NATSEMI_ATTR(dspcfg_workaround);
5981 diff --git a/drivers/net/ppp_generic.c b/drivers/net/ppp_generic.c
5982 index 3ef0092..9a81fed 100644
5983 --- a/drivers/net/ppp_generic.c
5984 +++ b/drivers/net/ppp_generic.c
5985 @@ -1726,7 +1726,7 @@ ppp_decompress_frame(struct ppp *ppp, struct sk_buff *skb)
5986 }
5987 /* the decompressor still expects the A/C bytes in the hdr */
5988 len = ppp->rcomp->decompress(ppp->rc_state, skb->data - 2,
5989 - skb->len + 2, ns->data, ppp->mru + PPP_HDRLEN);
5990 + skb->len + 2, ns->data, obuff_size);
5991 if (len < 0) {
5992 /* Pass the compressed frame to pppd as an
5993 error indication. */
5994 diff --git a/drivers/net/ppp_mppe.c b/drivers/net/ppp_mppe.c
5995 index d5bdd25..39e0e12 100644
5996 --- a/drivers/net/ppp_mppe.c
5997 +++ b/drivers/net/ppp_mppe.c
5998 @@ -136,7 +136,7 @@ struct ppp_mppe_state {
5999 * Key Derivation, from RFC 3078, RFC 3079.
6000 * Equivalent to Get_Key() for MS-CHAP as described in RFC 3079.
6001 */
6002 -static void get_new_key_from_sha(struct ppp_mppe_state * state, unsigned char *InterimKey)
6003 +static void get_new_key_from_sha(struct ppp_mppe_state * state)
6004 {
6005 struct hash_desc desc;
6006 struct scatterlist sg[4];
6007 @@ -153,8 +153,6 @@ static void get_new_key_from_sha(struct ppp_mppe_state * state, unsigned char *I
6008 desc.flags = 0;
6010 crypto_hash_digest(&desc, sg, nbytes, state->sha1_digest);
6011 -
6012 - memcpy(InterimKey, state->sha1_digest, state->keylen);
6013 }
6015 /*
6016 @@ -163,21 +161,21 @@ static void get_new_key_from_sha(struct ppp_mppe_state * state, unsigned char *I
6017 */
6018 static void mppe_rekey(struct ppp_mppe_state * state, int initial_key)
6019 {
6020 - unsigned char InterimKey[MPPE_MAX_KEY_LEN];
6021 struct scatterlist sg_in[1], sg_out[1];
6022 struct blkcipher_desc desc = { .tfm = state->arc4 };
6024 - get_new_key_from_sha(state, InterimKey);
6025 + get_new_key_from_sha(state);
6026 if (!initial_key) {
6027 - crypto_blkcipher_setkey(state->arc4, InterimKey, state->keylen);
6028 - setup_sg(sg_in, InterimKey, state->keylen);
6029 + crypto_blkcipher_setkey(state->arc4, state->sha1_digest,
6030 + state->keylen);
6031 + setup_sg(sg_in, state->sha1_digest, state->keylen);
6032 setup_sg(sg_out, state->session_key, state->keylen);
6033 if (crypto_blkcipher_encrypt(&desc, sg_out, sg_in,
6034 state->keylen) != 0) {
6035 printk(KERN_WARNING "mppe_rekey: cipher_encrypt failed\n");
6036 }
6037 } else {
6038 - memcpy(state->session_key, InterimKey, state->keylen);
6039 + memcpy(state->session_key, state->sha1_digest, state->keylen);
6040 }
6041 if (state->keylen == 8) {
6042 /* See RFC 3078 */
6043 diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c
6044 index 5ec7752..84958c8 100644
6045 --- a/drivers/net/r8169.c
6046 +++ b/drivers/net/r8169.c
6047 @@ -2649,14 +2649,16 @@ rtl8169_interrupt(int irq, void *dev_instance)
6048 rtl8169_check_link_status(dev, tp, ioaddr);
6050 #ifdef CONFIG_R8169_NAPI
6051 - RTL_W16(IntrMask, rtl8169_intr_mask & ~rtl8169_napi_event);
6052 - tp->intr_mask = ~rtl8169_napi_event;
6053 -
6054 - if (likely(netif_rx_schedule_prep(dev)))
6055 - __netif_rx_schedule(dev);
6056 - else if (netif_msg_intr(tp)) {
6057 - printk(KERN_INFO "%s: interrupt %04x taken in poll\n",
6058 - dev->name, status);
6059 + if (status & rtl8169_napi_event) {
6060 + RTL_W16(IntrMask, rtl8169_intr_mask & ~rtl8169_napi_event);
6061 + tp->intr_mask = ~rtl8169_napi_event;
6062 +
6063 + if (likely(netif_rx_schedule_prep(dev)))
6064 + __netif_rx_schedule(dev);
6065 + else if (netif_msg_intr(tp)) {
6066 + printk(KERN_INFO "%s: interrupt %04x in poll\n",
6067 + dev->name, status);
6068 + }
6069 }
6070 break;
6071 #else
6072 diff --git a/drivers/net/sky2.c b/drivers/net/sky2.c
6073 index fe01b96..607b1a3 100644
6074 --- a/drivers/net/sky2.c
6075 +++ b/drivers/net/sky2.c
6076 @@ -96,10 +96,6 @@ static int disable_msi = 0;
6077 module_param(disable_msi, int, 0);
6078 MODULE_PARM_DESC(disable_msi, "Disable Message Signaled Interrupt (MSI)");
6080 -static int idle_timeout = 0;
6081 -module_param(idle_timeout, int, 0);
6082 -MODULE_PARM_DESC(idle_timeout, "Watchdog timer for lost interrupts (ms)");
6083 -
6084 static const struct pci_device_id sky2_id_table[] = {
6085 { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9000) }, /* SK-9Sxx */
6086 { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9E00) }, /* SK-9Exx */
6087 @@ -657,8 +653,8 @@ static void sky2_mac_init(struct sky2_hw *hw, unsigned port)
6088 int i;
6089 const u8 *addr = hw->dev[port]->dev_addr;
6091 - sky2_write32(hw, SK_REG(port, GPHY_CTRL), GPC_RST_SET);
6092 - sky2_write32(hw, SK_REG(port, GPHY_CTRL), GPC_RST_CLR);
6093 + sky2_write8(hw, SK_REG(port, GPHY_CTRL), GPC_RST_SET);
6094 + sky2_write8(hw, SK_REG(port, GPHY_CTRL), GPC_RST_CLR);
6096 sky2_write8(hw, SK_REG(port, GMAC_CTRL), GMC_RST_CLR);
6098 @@ -835,6 +831,20 @@ static inline struct sky2_tx_le *get_tx_le(struct sky2_port *sky2)
6099 return le;
6100 }
6102 +static void tx_init(struct sky2_port *sky2)
6103 +{
6104 + struct sky2_tx_le *le;
6105 +
6106 + sky2->tx_prod = sky2->tx_cons = 0;
6107 + sky2->tx_tcpsum = 0;
6108 + sky2->tx_last_mss = 0;
6109 +
6110 + le = get_tx_le(sky2);
6111 + le->addr = 0;
6112 + le->opcode = OP_ADDR64 | HW_OWNER;
6113 + sky2->tx_addr64 = 0;
6114 +}
6115 +
6116 static inline struct tx_ring_info *tx_le_re(struct sky2_port *sky2,
6117 struct sky2_tx_le *le)
6118 {
6119 @@ -1234,6 +1244,8 @@ static int sky2_up(struct net_device *dev)
6120 if (netif_msg_ifup(sky2))
6121 printk(KERN_INFO PFX "%s: enabling interface\n", dev->name);
6123 + netif_carrier_off(dev);
6124 +
6125 /* must be power of 2 */
6126 sky2->tx_le = pci_alloc_consistent(hw->pdev,
6127 TX_RING_SIZE *
6128 @@ -1246,7 +1258,8 @@ static int sky2_up(struct net_device *dev)
6129 GFP_KERNEL);
6130 if (!sky2->tx_ring)
6131 goto err_out;
6132 - sky2->tx_prod = sky2->tx_cons = 0;
6133 +
6134 + tx_init(sky2);
6136 sky2->rx_le = pci_alloc_consistent(hw->pdev, RX_LE_BYTES,
6137 &sky2->rx_le_map);
6138 @@ -1573,7 +1586,6 @@ static int sky2_down(struct net_device *dev)
6140 /* Stop more packets from being queued */
6141 netif_stop_queue(dev);
6142 - netif_carrier_off(dev);
6144 /* Disable port IRQ */
6145 imask = sky2_read32(hw, B0_IMSK);
6146 @@ -1625,6 +1637,8 @@ static int sky2_down(struct net_device *dev)
6148 sky2_phy_power(hw, port, 0);
6150 + netif_carrier_off(dev);
6151 +
6152 /* turn off LED's */
6153 sky2_write16(hw, B0_Y2LED, LED_STAT_OFF);
6155 @@ -1689,7 +1703,8 @@ static void sky2_link_up(struct sky2_port *sky2)
6156 gm_phy_write(hw, port, PHY_MARV_INT_MASK, PHY_M_DEF_MSK);
6158 netif_carrier_on(sky2->netdev);
6159 - netif_wake_queue(sky2->netdev);
6160 +
6161 + mod_timer(&hw->watchdog_timer, jiffies + 1);
6163 /* Turn on link LED */
6164 sky2_write8(hw, SK_REG(port, LNK_LED_REG),
6165 @@ -1741,7 +1756,6 @@ static void sky2_link_down(struct sky2_port *sky2)
6166 gma_write16(hw, port, GM_GP_CTRL, reg);
6168 netif_carrier_off(sky2->netdev);
6169 - netif_stop_queue(sky2->netdev);
6171 /* Turn on link LED */
6172 sky2_write8(hw, SK_REG(port, LNK_LED_REG), LINKLED_OFF);
6173 @@ -2050,6 +2064,7 @@ static struct sk_buff *sky2_receive(struct net_device *dev,
6174 struct sky2_port *sky2 = netdev_priv(dev);
6175 struct rx_ring_info *re = sky2->rx_ring + sky2->rx_next;
6176 struct sk_buff *skb = NULL;
6177 + u16 count;
6179 if (unlikely(netif_msg_rx_status(sky2)))
6180 printk(KERN_DEBUG PFX "%s: rx slot %u status 0x%x len %d\n",
6181 @@ -2064,6 +2079,15 @@ static struct sk_buff *sky2_receive(struct net_device *dev,
6182 if (!(status & GMR_FS_RX_OK))
6183 goto resubmit;
6185 + count = (status & GMR_FS_LEN) >> 16;
6186 +#ifdef SKY2_VLAN_TAG_USED
6187 + /* Account for vlan tag */
6188 + if (sky2->vlgrp && (status & GMR_FS_VLAN))
6189 + count -= VLAN_HLEN;
6190 +#endif
6191 + if (count != length)
6192 + goto len_mismatch;
6193 +
6194 if (length < copybreak)
6195 skb = receive_copy(sky2, re, length);
6196 else
6197 @@ -2073,6 +2097,11 @@ resubmit:
6199 return skb;
6201 +len_mismatch:
6202 + /* Truncation of overlength packets
6203 + causes PHY length to not match MAC length */
6204 + ++sky2->net_stats.rx_length_errors;
6205 +
6206 error:
6207 ++sky2->net_stats.rx_errors;
6208 if (status & GMR_FS_RX_FF_OV) {
6209 @@ -2375,25 +2404,25 @@ static void sky2_le_error(struct sky2_hw *hw, unsigned port,
6210 sky2_write32(hw, Q_ADDR(q, Q_CSR), BMU_CLR_IRQ_CHK);
6211 }
6213 -/* If idle then force a fake soft NAPI poll once a second
6214 - * to work around cases where sharing an edge triggered interrupt.
6215 - */
6216 -static inline void sky2_idle_start(struct sky2_hw *hw)
6217 -{
6218 - if (idle_timeout > 0)
6219 - mod_timer(&hw->idle_timer,
6220 - jiffies + msecs_to_jiffies(idle_timeout));
6221 -}
6222 -
6223 -static void sky2_idle(unsigned long arg)
6224 +/* Force a fake soft NAPI poll to handle lost IRQ's */
6225 +static void sky2_watchdog(unsigned long arg)
6226 {
6227 struct sky2_hw *hw = (struct sky2_hw *) arg;
6228 struct net_device *dev = hw->dev[0];
6229 + int i, active = 0;
6231 if (__netif_rx_schedule_prep(dev))
6232 __netif_rx_schedule(dev);
6234 - mod_timer(&hw->idle_timer, jiffies + msecs_to_jiffies(idle_timeout));
6235 + for (i = 0; i < hw->ports; i++) {
6236 + dev = hw->dev[i];
6237 + if (!netif_running(dev))
6238 + continue;
6239 + ++active;
6240 + }
6241 +
6242 + if (active)
6243 + mod_timer(&hw->watchdog_timer, round_jiffies(jiffies + HZ));
6244 }
6246 /* Hardware/software error handling */
6247 @@ -2427,8 +2456,7 @@ static void sky2_err_intr(struct sky2_hw *hw, u32 status)
6248 static int sky2_poll(struct net_device *dev0, int *budget)
6249 {
6250 struct sky2_hw *hw = ((struct sky2_port *) netdev_priv(dev0))->hw;
6251 - int work_limit = min(dev0->quota, *budget);
6252 - int work_done = 0;
6253 + int work_done;
6254 u32 status = sky2_read32(hw, B0_Y2_SP_EISR);
6256 if (unlikely(status & Y2_IS_ERROR))
6257 @@ -2440,18 +2468,25 @@ static int sky2_poll(struct net_device *dev0, int *budget)
6258 if (status & Y2_IS_IRQ_PHY2)
6259 sky2_phy_intr(hw, 1);
6261 - work_done = sky2_status_intr(hw, work_limit);
6262 - if (work_done < work_limit) {
6263 - netif_rx_complete(dev0);
6264 + work_done = sky2_status_intr(hw, min(dev0->quota, *budget));
6265 + *budget -= work_done;
6266 + dev0->quota -= work_done;
6268 - /* end of interrupt, re-enables also acts as I/O synchronization */
6269 - sky2_read32(hw, B0_Y2_SP_LISR);
6270 - return 0;
6271 - } else {
6272 - *budget -= work_done;
6273 - dev0->quota -= work_done;
6274 + /* More work? */
6275 + if (hw->st_idx != sky2_read16(hw, STAT_PUT_IDX))
6276 return 1;
6277 +
6278 + /* Bug/Errata workaround?
6279 + * Need to kick the TX irq moderation timer.
6280 + */
6281 + if (sky2_read8(hw, STAT_TX_TIMER_CTRL) == TIM_START) {
6282 + sky2_write8(hw, STAT_TX_TIMER_CTRL, TIM_STOP);
6283 + sky2_write8(hw, STAT_TX_TIMER_CTRL, TIM_START);
6284 }
6285 + netif_rx_complete(dev0);
6286 +
6287 + sky2_read32(hw, B0_Y2_SP_LISR);
6288 + return 0;
6289 }
6291 static irqreturn_t sky2_intr(int irq, void *dev_id)
6292 @@ -2677,8 +2712,6 @@ static void sky2_restart(struct work_struct *work)
6294 dev_dbg(&hw->pdev->dev, "restarting\n");
6296 - del_timer_sync(&hw->idle_timer);
6297 -
6298 rtnl_lock();
6299 sky2_write32(hw, B0_IMSK, 0);
6300 sky2_read32(hw, B0_IMSK);
6301 @@ -2707,8 +2740,6 @@ static void sky2_restart(struct work_struct *work)
6302 }
6303 }
6305 - sky2_idle_start(hw);
6306 -
6307 rtnl_unlock();
6308 }
6310 @@ -3486,10 +3517,6 @@ static __devinit struct net_device *sky2_init_netdev(struct sky2_hw *hw,
6311 memcpy_fromio(dev->dev_addr, hw->regs + B2_MAC_1 + port * 8, ETH_ALEN);
6312 memcpy(dev->perm_addr, dev->dev_addr, dev->addr_len);
6314 - /* device is off until link detection */
6315 - netif_carrier_off(dev);
6316 - netif_stop_queue(dev);
6317 -
6318 return dev;
6319 }
6321 @@ -3702,11 +3729,9 @@ static int __devinit sky2_probe(struct pci_dev *pdev,
6322 sky2_show_addr(dev1);
6323 }
6325 - setup_timer(&hw->idle_timer, sky2_idle, (unsigned long) hw);
6326 + setup_timer(&hw->watchdog_timer, sky2_watchdog, (unsigned long) hw);
6327 INIT_WORK(&hw->restart_work, sky2_restart);
6329 - sky2_idle_start(hw);
6330 -
6331 pci_set_drvdata(pdev, hw);
6333 return 0;
6334 @@ -3741,7 +3766,7 @@ static void __devexit sky2_remove(struct pci_dev *pdev)
6335 if (!hw)
6336 return;
6338 - del_timer_sync(&hw->idle_timer);
6339 + del_timer_sync(&hw->watchdog_timer);
6341 flush_scheduled_work();
6343 @@ -3785,7 +3810,7 @@ static int sky2_suspend(struct pci_dev *pdev, pm_message_t state)
6344 if (!hw)
6345 return 0;
6347 - del_timer_sync(&hw->idle_timer);
6348 + del_timer_sync(&hw->watchdog_timer);
6349 netif_poll_disable(hw->dev[0]);
6351 for (i = 0; i < hw->ports; i++) {
6352 @@ -3851,7 +3876,7 @@ static int sky2_resume(struct pci_dev *pdev)
6353 }
6355 netif_poll_enable(hw->dev[0]);
6356 - sky2_idle_start(hw);
6357 +
6358 return 0;
6359 out:
6360 dev_err(&pdev->dev, "resume failed (%d)\n", err);
6361 @@ -3868,7 +3893,6 @@ static void sky2_shutdown(struct pci_dev *pdev)
6362 if (!hw)
6363 return;
6365 - del_timer_sync(&hw->idle_timer);
6366 netif_poll_disable(hw->dev[0]);
6368 for (i = 0; i < hw->ports; i++) {
6369 diff --git a/drivers/net/sky2.h b/drivers/net/sky2.h
6370 index b8c4a3b..a059e0a 100644
6371 --- a/drivers/net/sky2.h
6372 +++ b/drivers/net/sky2.h
6373 @@ -1921,7 +1921,7 @@ struct sky2_hw {
6374 u32 st_idx;
6375 dma_addr_t st_dma;
6377 - struct timer_list idle_timer;
6378 + struct timer_list watchdog_timer;
6379 struct work_struct restart_work;
6380 int msi;
6381 wait_queue_head_t msi_wait;
6382 diff --git a/drivers/net/tulip/de2104x.c b/drivers/net/tulip/de2104x.c
6383 index 8617298..e8fcce7 100644
6384 --- a/drivers/net/tulip/de2104x.c
6385 +++ b/drivers/net/tulip/de2104x.c
6386 @@ -843,7 +843,7 @@ static inline int de_is_running (struct de_private *de)
6387 static void de_stop_rxtx (struct de_private *de)
6388 {
6389 u32 macmode;
6390 - unsigned int work = 1000;
6391 + unsigned int i = 1300/100;
6393 macmode = dr32(MacMode);
6394 if (macmode & RxTx) {
6395 @@ -851,10 +851,14 @@ static void de_stop_rxtx (struct de_private *de)
6396 dr32(MacMode);
6397 }
6399 - while (--work > 0) {
6400 + /* wait until in-flight frame completes.
6401 + * Max time @ 10BT: 1500*8b/10Mbps == 1200us (+ 100us margin)
6402 + * Typically expect this loop to end in < 50 us on 100BT.
6403 + */
6404 + while (--i) {
6405 if (!de_is_running(de))
6406 return;
6407 - cpu_relax();
6408 + udelay(100);
6409 }
6411 printk(KERN_WARNING "%s: timeout expired stopping DMA\n", de->dev->name);
6412 diff --git a/drivers/net/tulip/tulip_core.c b/drivers/net/tulip/tulip_core.c
6413 index 041af63..4df0284 100644
6414 --- a/drivers/net/tulip/tulip_core.c
6415 +++ b/drivers/net/tulip/tulip_core.c
6416 @@ -1794,6 +1794,10 @@ static void __devexit tulip_remove_one (struct pci_dev *pdev)
6417 return;
6419 tp = netdev_priv(dev);
6420 +
6421 + /* shoot NIC in the head before deallocating descriptors */
6422 + pci_disable_device(tp->pdev);
6423 +
6424 unregister_netdev(dev);
6425 pci_free_consistent (pdev,
6426 sizeof (struct tulip_rx_desc) * RX_RING_SIZE +
6427 diff --git a/drivers/net/usb/dm9601.c b/drivers/net/usb/dm9601.c
6428 index 16c7a0e..a2de32f 100644
6429 --- a/drivers/net/usb/dm9601.c
6430 +++ b/drivers/net/usb/dm9601.c
6431 @@ -405,7 +405,7 @@ static int dm9601_bind(struct usbnet *dev, struct usb_interface *intf)
6432 dev->net->ethtool_ops = &dm9601_ethtool_ops;
6433 dev->net->hard_header_len += DM_TX_OVERHEAD;
6434 dev->hard_mtu = dev->net->mtu + dev->net->hard_header_len;
6435 - dev->rx_urb_size = dev->net->mtu + DM_RX_OVERHEAD;
6436 + dev->rx_urb_size = dev->net->mtu + ETH_HLEN + DM_RX_OVERHEAD;
6438 dev->mii.dev = dev->net;
6439 dev->mii.mdio_read = dm9601_mdio_read;
6440 diff --git a/drivers/net/usb/kaweth.c b/drivers/net/usb/kaweth.c
6441 index 60d2944..4ebb6ea 100644
6442 --- a/drivers/net/usb/kaweth.c
6443 +++ b/drivers/net/usb/kaweth.c
6444 @@ -70,7 +70,7 @@
6445 #define KAWETH_TX_TIMEOUT (5 * HZ)
6446 #define KAWETH_SCRATCH_SIZE 32
6447 #define KAWETH_FIRMWARE_BUF_SIZE 4096
6448 -#define KAWETH_CONTROL_TIMEOUT (30 * HZ)
6449 +#define KAWETH_CONTROL_TIMEOUT (30000)
6451 #define KAWETH_STATUS_BROKEN 0x0000001
6452 #define KAWETH_STATUS_CLOSING 0x0000002
6453 diff --git a/drivers/net/usb/mcs7830.c b/drivers/net/usb/mcs7830.c
6454 index 6240b97..3bbc5c4 100644
6455 --- a/drivers/net/usb/mcs7830.c
6456 +++ b/drivers/net/usb/mcs7830.c
6457 @@ -94,7 +94,7 @@ static int mcs7830_get_reg(struct usbnet *dev, u16 index, u16 size, void *data)
6459 ret = usb_control_msg(xdev, usb_rcvctrlpipe(xdev, 0), MCS7830_RD_BREQ,
6460 MCS7830_RD_BMREQ, 0x0000, index, data,
6461 - size, msecs_to_jiffies(MCS7830_CTRL_TIMEOUT));
6462 + size, MCS7830_CTRL_TIMEOUT);
6463 return ret;
6464 }
6466 @@ -105,7 +105,7 @@ static int mcs7830_set_reg(struct usbnet *dev, u16 index, u16 size, void *data)
6468 ret = usb_control_msg(xdev, usb_sndctrlpipe(xdev, 0), MCS7830_WR_BREQ,
6469 MCS7830_WR_BMREQ, 0x0000, index, data,
6470 - size, msecs_to_jiffies(MCS7830_CTRL_TIMEOUT));
6471 + size, MCS7830_CTRL_TIMEOUT);
6472 return ret;
6473 }
6475 diff --git a/drivers/net/via-velocity.c b/drivers/net/via-velocity.c
6476 index b670b97..431269e 100644
6477 --- a/drivers/net/via-velocity.c
6478 +++ b/drivers/net/via-velocity.c
6479 @@ -1075,6 +1075,9 @@ static int velocity_init_rd_ring(struct velocity_info *vptr)
6480 int ret = -ENOMEM;
6481 unsigned int rsize = sizeof(struct velocity_rd_info) *
6482 vptr->options.numrx;
6483 + int mtu = vptr->dev->mtu;
6484 +
6485 + vptr->rx_buf_sz = (mtu <= ETH_DATA_LEN) ? PKT_BUF_SZ : mtu + 32;
6487 vptr->rd_info = kmalloc(rsize, GFP_KERNEL);
6488 if(vptr->rd_info == NULL)
6489 @@ -1733,8 +1736,6 @@ static int velocity_open(struct net_device *dev)
6490 struct velocity_info *vptr = netdev_priv(dev);
6491 int ret;
6493 - vptr->rx_buf_sz = (dev->mtu <= 1504 ? PKT_BUF_SZ : dev->mtu + 32);
6494 -
6495 ret = velocity_init_rings(vptr);
6496 if (ret < 0)
6497 goto out;
6498 @@ -1798,6 +1799,11 @@ static int velocity_change_mtu(struct net_device *dev, int new_mtu)
6499 return -EINVAL;
6500 }
6502 + if (!netif_running(dev)) {
6503 + dev->mtu = new_mtu;
6504 + return 0;
6505 + }
6506 +
6507 if (new_mtu != oldmtu) {
6508 spin_lock_irqsave(&vptr->lock, flags);
6510 @@ -1808,12 +1814,6 @@ static int velocity_change_mtu(struct net_device *dev, int new_mtu)
6511 velocity_free_rd_ring(vptr);
6513 dev->mtu = new_mtu;
6514 - if (new_mtu > 8192)
6515 - vptr->rx_buf_sz = 9 * 1024;
6516 - else if (new_mtu > 4096)
6517 - vptr->rx_buf_sz = 8192;
6518 - else
6519 - vptr->rx_buf_sz = 4 * 1024;
6521 ret = velocity_init_rd_ring(vptr);
6522 if (ret < 0)
6523 diff --git a/drivers/net/wireless/bcm43xx/bcm43xx_main.c b/drivers/net/wireless/bcm43xx/bcm43xx_main.c
6524 index ef6b253..dadee85 100644
6525 --- a/drivers/net/wireless/bcm43xx/bcm43xx_main.c
6526 +++ b/drivers/net/wireless/bcm43xx/bcm43xx_main.c
6527 @@ -3183,6 +3183,9 @@ static void bcm43xx_periodic_work_handler(struct work_struct *work)
6528 unsigned long orig_trans_start = 0;
6530 mutex_lock(&bcm->mutex);
6531 + /* keep from doing and rearming periodic work if shutting down */
6532 + if (bcm43xx_status(bcm) == BCM43xx_STAT_UNINIT)
6533 + goto unlock_mutex;
6534 if (unlikely(bcm->periodic_state % 60 == 0)) {
6535 /* Periodic work will take a long time, so we want it to
6536 * be preemtible.
6537 @@ -3228,14 +3231,10 @@ static void bcm43xx_periodic_work_handler(struct work_struct *work)
6538 mmiowb();
6539 bcm->periodic_state++;
6540 spin_unlock_irqrestore(&bcm->irq_lock, flags);
6541 +unlock_mutex:
6542 mutex_unlock(&bcm->mutex);
6543 }
6545 -void bcm43xx_periodic_tasks_delete(struct bcm43xx_private *bcm)
6546 -{
6547 - cancel_rearming_delayed_work(&bcm->periodic_work);
6548 -}
6549 -
6550 void bcm43xx_periodic_tasks_setup(struct bcm43xx_private *bcm)
6551 {
6552 struct delayed_work *work = &bcm->periodic_work;
6553 @@ -3285,6 +3284,14 @@ static int bcm43xx_rng_init(struct bcm43xx_private *bcm)
6554 return err;
6555 }
6557 +void bcm43xx_cancel_work(struct bcm43xx_private *bcm)
6558 +{
6559 + /* The system must be unlocked when this routine is entered.
6560 + * If not, the next 2 steps may deadlock */
6561 + cancel_work_sync(&bcm->restart_work);
6562 + cancel_rearming_delayed_work(&bcm->periodic_work);
6563 +}
6564 +
6565 static int bcm43xx_shutdown_all_wireless_cores(struct bcm43xx_private *bcm)
6566 {
6567 int ret = 0;
6568 @@ -3321,7 +3328,12 @@ static void bcm43xx_free_board(struct bcm43xx_private *bcm)
6569 {
6570 bcm43xx_rng_exit(bcm);
6571 bcm43xx_sysfs_unregister(bcm);
6572 - bcm43xx_periodic_tasks_delete(bcm);
6573 +
6574 + mutex_lock(&(bcm)->mutex);
6575 + bcm43xx_set_status(bcm, BCM43xx_STAT_UNINIT);
6576 + mutex_unlock(&(bcm)->mutex);
6577 +
6578 + bcm43xx_cancel_work(bcm);
6580 mutex_lock(&(bcm)->mutex);
6581 bcm43xx_shutdown_all_wireless_cores(bcm);
6582 @@ -4018,7 +4030,7 @@ static int bcm43xx_net_stop(struct net_device *net_dev)
6583 err = bcm43xx_disable_interrupts_sync(bcm);
6584 assert(!err);
6585 bcm43xx_free_board(bcm);
6586 - flush_scheduled_work();
6587 + bcm43xx_cancel_work(bcm);
6589 return 0;
6590 }
6591 @@ -4150,9 +4162,9 @@ static void bcm43xx_chip_reset(struct work_struct *work)
6592 struct bcm43xx_phyinfo *phy;
6593 int err = -ENODEV;
6595 + bcm43xx_cancel_work(bcm);
6596 mutex_lock(&(bcm)->mutex);
6597 if (bcm43xx_status(bcm) == BCM43xx_STAT_INITIALIZED) {
6598 - bcm43xx_periodic_tasks_delete(bcm);
6599 phy = bcm43xx_current_phy(bcm);
6600 err = bcm43xx_select_wireless_core(bcm, phy->type);
6601 if (!err)
6602 diff --git a/drivers/net/wireless/bcm43xx/bcm43xx_main.h b/drivers/net/wireless/bcm43xx/bcm43xx_main.h
6603 index c8f3c53..14cfbeb 100644
6604 --- a/drivers/net/wireless/bcm43xx/bcm43xx_main.h
6605 +++ b/drivers/net/wireless/bcm43xx/bcm43xx_main.h
6606 @@ -122,7 +122,7 @@ void bcm43xx_wireless_core_reset(struct bcm43xx_private *bcm, int connect_phy);
6607 void bcm43xx_mac_suspend(struct bcm43xx_private *bcm);
6608 void bcm43xx_mac_enable(struct bcm43xx_private *bcm);
6610 -void bcm43xx_periodic_tasks_delete(struct bcm43xx_private *bcm);
6611 +void bcm43xx_cancel_work(struct bcm43xx_private *bcm);
6612 void bcm43xx_periodic_tasks_setup(struct bcm43xx_private *bcm);
6614 void bcm43xx_controller_restart(struct bcm43xx_private *bcm, const char *reason);
6615 diff --git a/drivers/net/wireless/bcm43xx/bcm43xx_sysfs.c b/drivers/net/wireless/bcm43xx/bcm43xx_sysfs.c
6616 index c71b998..8ab5f93 100644
6617 --- a/drivers/net/wireless/bcm43xx/bcm43xx_sysfs.c
6618 +++ b/drivers/net/wireless/bcm43xx/bcm43xx_sysfs.c
6619 @@ -327,7 +327,7 @@ static ssize_t bcm43xx_attr_phymode_store(struct device *dev,
6620 goto out;
6621 }
6623 - bcm43xx_periodic_tasks_delete(bcm);
6624 + bcm43xx_cancel_work(bcm);
6625 mutex_lock(&(bcm)->mutex);
6626 err = bcm43xx_select_wireless_core(bcm, phytype);
6627 if (!err)
6628 diff --git a/drivers/net/wireless/libertas/11d.c b/drivers/net/wireless/libertas/11d.c
6629 index 4cf0ff7..0560270 100644
6630 --- a/drivers/net/wireless/libertas/11d.c
6631 +++ b/drivers/net/wireless/libertas/11d.c
6632 @@ -562,7 +562,7 @@ int libertas_cmd_802_11d_domain_info(wlan_private * priv,
6633 nr_subband * sizeof(struct ieeetypes_subbandset));
6635 cmd->size = cpu_to_le16(sizeof(pdomaininfo->action) +
6636 - domain->header.len +
6637 + le16_to_cpu(domain->header.len) +
6638 sizeof(struct mrvlietypesheader) +
6639 S_DS_GEN);
6640 } else {
6641 diff --git a/drivers/net/wireless/libertas/cmd.c b/drivers/net/wireless/libertas/cmd.c
6642 index 13f6528..549749e 100644
6643 --- a/drivers/net/wireless/libertas/cmd.c
6644 +++ b/drivers/net/wireless/libertas/cmd.c
6645 @@ -185,14 +185,12 @@ static int wlan_cmd_802_11_set_wep(wlan_private * priv,
6647 switch (pkey->len) {
6648 case KEY_LEN_WEP_40:
6649 - wep->keytype[i] =
6650 - cpu_to_le16(cmd_type_wep_40_bit);
6651 + wep->keytype[i] = cmd_type_wep_40_bit;
6652 memmove(&wep->keymaterial[i], pkey->key,
6653 pkey->len);
6654 break;
6655 case KEY_LEN_WEP_104:
6656 - wep->keytype[i] =
6657 - cpu_to_le16(cmd_type_wep_104_bit);
6658 + wep->keytype[i] = cmd_type_wep_104_bit;
6659 memmove(&wep->keymaterial[i], pkey->key,
6660 pkey->len);
6661 break;
6662 diff --git a/drivers/net/wireless/libertas/wext.c b/drivers/net/wireless/libertas/wext.c
6663 index f42b796..1e3ecd0 100644
6664 --- a/drivers/net/wireless/libertas/wext.c
6665 +++ b/drivers/net/wireless/libertas/wext.c
6666 @@ -973,7 +973,7 @@ static struct iw_statistics *wlan_get_wireless_stats(struct net_device *dev)
6667 /* Quality by TX errors */
6668 priv->wstats.discard.retries = priv->stats.tx_errors;
6670 - tx_retries = le16_to_cpu(adapter->logmsg.retry);
6671 + tx_retries = le32_to_cpu(adapter->logmsg.retry);
6673 if (tx_retries > 75)
6674 tx_qual = (90 - tx_retries) * POOR / 15;
6675 @@ -989,10 +989,10 @@ static struct iw_statistics *wlan_get_wireless_stats(struct net_device *dev)
6676 (PERFECT - VERY_GOOD) / 50 + VERY_GOOD;
6677 quality = min(quality, tx_qual);
6679 - priv->wstats.discard.code = le16_to_cpu(adapter->logmsg.wepundecryptable);
6680 - priv->wstats.discard.fragment = le16_to_cpu(adapter->logmsg.rxfrag);
6681 + priv->wstats.discard.code = le32_to_cpu(adapter->logmsg.wepundecryptable);
6682 + priv->wstats.discard.fragment = le32_to_cpu(adapter->logmsg.rxfrag);
6683 priv->wstats.discard.retries = tx_retries;
6684 - priv->wstats.discard.misc = le16_to_cpu(adapter->logmsg.ackfailure);
6685 + priv->wstats.discard.misc = le32_to_cpu(adapter->logmsg.ackfailure);
6687 /* Calculate quality */
6688 priv->wstats.qual.qual = max(quality, (u32)100);
6689 diff --git a/drivers/pci/hotplug/fakephp.c b/drivers/pci/hotplug/fakephp.c
6690 index 027f686..02a09d5 100644
6691 --- a/drivers/pci/hotplug/fakephp.c
6692 +++ b/drivers/pci/hotplug/fakephp.c
6693 @@ -39,6 +39,7 @@
6694 #include <linux/init.h>
6695 #include <linux/string.h>
6696 #include <linux/slab.h>
6697 +#include <linux/workqueue.h>
6698 #include "../pci.h"
6700 #if !defined(MODULE)
6701 @@ -63,10 +64,16 @@ struct dummy_slot {
6702 struct list_head node;
6703 struct hotplug_slot *slot;
6704 struct pci_dev *dev;
6705 + struct work_struct remove_work;
6706 + unsigned long removed;
6707 };
6709 static int debug;
6710 static LIST_HEAD(slot_list);
6711 +static struct workqueue_struct *dummyphp_wq;
6712 +
6713 +static void pci_rescan_worker(struct work_struct *work);
6714 +static DECLARE_WORK(pci_rescan_work, pci_rescan_worker);
6716 static int enable_slot (struct hotplug_slot *slot);
6717 static int disable_slot (struct hotplug_slot *slot);
6718 @@ -109,7 +116,7 @@ static int add_slot(struct pci_dev *dev)
6719 slot->name = &dev->dev.bus_id[0];
6720 dbg("slot->name = %s\n", slot->name);
6722 - dslot = kmalloc(sizeof(struct dummy_slot), GFP_KERNEL);
6723 + dslot = kzalloc(sizeof(struct dummy_slot), GFP_KERNEL);
6724 if (!dslot)
6725 goto error_info;
6727 @@ -164,6 +171,14 @@ static void remove_slot(struct dummy_slot *dslot)
6728 err("Problem unregistering a slot %s\n", dslot->slot->name);
6729 }
6731 +/* called from the single-threaded workqueue handler to remove a slot */
6732 +static void remove_slot_worker(struct work_struct *work)
6733 +{
6734 + struct dummy_slot *dslot =
6735 + container_of(work, struct dummy_slot, remove_work);
6736 + remove_slot(dslot);
6737 +}
6738 +
6739 /**
6740 * Rescan slot.
6741 * Tries hard not to re-enable already existing devices
6742 @@ -267,11 +282,17 @@ static inline void pci_rescan(void) {
6743 pci_rescan_buses(&pci_root_buses);
6744 }
6746 +/* called from the single-threaded workqueue handler to rescan all pci buses */
6747 +static void pci_rescan_worker(struct work_struct *work)
6748 +{
6749 + pci_rescan();
6750 +}
6752 static int enable_slot(struct hotplug_slot *hotplug_slot)
6753 {
6754 /* mis-use enable_slot for rescanning of the pci bus */
6755 - pci_rescan();
6756 + cancel_work_sync(&pci_rescan_work);
6757 + queue_work(dummyphp_wq, &pci_rescan_work);
6758 return -ENODEV;
6759 }
6761 @@ -306,6 +327,10 @@ static int disable_slot(struct hotplug_slot *slot)
6762 err("Can't remove PCI devices with other PCI devices behind it yet.\n");
6763 return -ENODEV;
6764 }
6765 + if (test_and_set_bit(0, &dslot->removed)) {
6766 + dbg("Slot already scheduled for removal\n");
6767 + return -ENODEV;
6768 + }
6769 /* search for subfunctions and disable them first */
6770 if (!(dslot->dev->devfn & 7)) {
6771 for (func = 1; func < 8; func++) {
6772 @@ -328,8 +353,9 @@ static int disable_slot(struct hotplug_slot *slot)
6773 /* remove the device from the pci core */
6774 pci_remove_bus_device(dslot->dev);
6776 - /* blow away this sysfs entry and other parts. */
6777 - remove_slot(dslot);
6778 + /* queue work item to blow away this sysfs entry and other parts. */
6779 + INIT_WORK(&dslot->remove_work, remove_slot_worker);
6780 + queue_work(dummyphp_wq, &dslot->remove_work);
6782 return 0;
6783 }
6784 @@ -340,6 +366,7 @@ static void cleanup_slots (void)
6785 struct list_head *next;
6786 struct dummy_slot *dslot;
6788 + destroy_workqueue(dummyphp_wq);
6789 list_for_each_safe (tmp, next, &slot_list) {
6790 dslot = list_entry (tmp, struct dummy_slot, node);
6791 remove_slot(dslot);
6792 @@ -351,6 +378,10 @@ static int __init dummyphp_init(void)
6793 {
6794 info(DRIVER_DESC "\n");
6796 + dummyphp_wq = create_singlethread_workqueue(MY_NAME);
6797 + if (!dummyphp_wq)
6798 + return -ENOMEM;
6799 +
6800 return pci_scan_buses();
6801 }
6803 diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
6804 index e48fcf0..247135f 100644
6805 --- a/drivers/pci/probe.c
6806 +++ b/drivers/pci/probe.c
6807 @@ -643,20 +643,20 @@ int pci_scan_bridge(struct pci_bus *bus, struct pci_dev * dev, int max, int pass
6809 sprintf(child->name, (is_cardbus ? "PCI CardBus #%02x" : "PCI Bus #%02x"), child->number);
6811 + /* Has only triggered on CardBus, fixup is in yenta_socket */
6812 while (bus->parent) {
6813 if ((child->subordinate > bus->subordinate) ||
6814 (child->number > bus->subordinate) ||
6815 (child->number < bus->number) ||
6816 (child->subordinate < bus->number)) {
6817 - printk(KERN_WARNING "PCI: Bus #%02x (-#%02x) is "
6818 - "hidden behind%s bridge #%02x (-#%02x)%s\n",
6819 - child->number, child->subordinate,
6820 - bus->self->transparent ? " transparent" : " ",
6821 - bus->number, bus->subordinate,
6822 - pcibios_assign_all_busses() ? " " :
6823 - " (try 'pci=assign-busses')");
6824 - printk(KERN_WARNING "Please report the result to "
6825 - "linux-kernel to fix this permanently\n");
6826 + pr_debug("PCI: Bus #%02x (-#%02x) is %s"
6827 + "hidden behind%s bridge #%02x (-#%02x)\n",
6828 + child->number, child->subordinate,
6829 + (bus->number > child->subordinate &&
6830 + bus->subordinate < child->number) ?
6831 + "wholly " : " partially",
6832 + bus->self->transparent ? " transparent" : " ",
6833 + bus->number, bus->subordinate);
6834 }
6835 bus = bus->parent;
6836 }
6837 diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
6838 index 01d8f8a..9f90c10 100644
6839 --- a/drivers/pci/quirks.c
6840 +++ b/drivers/pci/quirks.c
6841 @@ -465,6 +465,12 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH7_31, quirk
6842 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_0, quirk_ich6_lpc_acpi );
6843 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_2, quirk_ich6_lpc_acpi );
6844 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_3, quirk_ich6_lpc_acpi );
6845 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_1, quirk_ich6_lpc_acpi );
6846 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_4, quirk_ich6_lpc_acpi );
6847 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH9_2, quirk_ich6_lpc_acpi );
6848 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH9_4, quirk_ich6_lpc_acpi );
6849 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH9_7, quirk_ich6_lpc_acpi );
6850 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH9_8, quirk_ich6_lpc_acpi );
6852 /*
6853 * VIA ACPI: One IO region pointed to by longword at
6854 @@ -1640,6 +1646,9 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_SERVERWORKS, PCI_DEVICE_ID_SERVERWORKS_GCN
6855 DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_SERVERWORKS, PCI_DEVICE_ID_SERVERWORKS_HT1000_PCIX, quirk_disable_all_msi);
6856 DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_RS400_200, quirk_disable_all_msi);
6857 DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_RS480, quirk_disable_all_msi);
6858 +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_RD580, quirk_disable_all_msi);
6859 +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_RX790, quirk_disable_all_msi);
6860 +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_RS690, quirk_disable_all_msi);
6861 DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_VIA, PCI_DEVICE_ID_VIA_VT3351, quirk_disable_all_msi);
6863 /* Disable MSI on chipsets that are known to not support it */
6864 diff --git a/drivers/pcmcia/cs.c b/drivers/pcmcia/cs.c
6865 index 50cad3a..1e03bbd 100644
6866 --- a/drivers/pcmcia/cs.c
6867 +++ b/drivers/pcmcia/cs.c
6868 @@ -409,6 +409,9 @@ static void socket_shutdown(struct pcmcia_socket *s)
6869 #endif
6870 s->functions = 0;
6872 + /* give socket some time to power down */
6873 + msleep(100);
6874 +
6875 s->ops->get_status(s, &status);
6876 if (status & SS_POWERON) {
6877 printk(KERN_ERR "PCMCIA: socket %p: *** DANGER *** unable to remove socket power\n", s);
6878 diff --git a/drivers/scsi/3w-9xxx.c b/drivers/scsi/3w-9xxx.c
6879 index eb766c3..0d24c39 100644
6880 --- a/drivers/scsi/3w-9xxx.c
6881 +++ b/drivers/scsi/3w-9xxx.c
6882 @@ -4,7 +4,7 @@
6883 Written By: Adam Radford <linuxraid@amcc.com>
6884 Modifications By: Tom Couch <linuxraid@amcc.com>
6886 - Copyright (C) 2004-2006 Applied Micro Circuits Corporation.
6887 + Copyright (C) 2004-2007 Applied Micro Circuits Corporation.
6889 This program is free software; you can redistribute it and/or modify
6890 it under the terms of the GNU General Public License as published by
6891 @@ -69,6 +69,7 @@
6892 2.26.02.008 - Free irq handler in __twa_shutdown().
6893 Serialize reset code.
6894 Add support for 9650SE controllers.
6895 + 2.26.02.009 - Fix dma mask setting to fallback to 32-bit if 64-bit fails.
6896 */
6898 #include <linux/module.h>
6899 @@ -92,7 +93,7 @@
6900 #include "3w-9xxx.h"
6902 /* Globals */
6903 -#define TW_DRIVER_VERSION "2.26.02.008"
6904 +#define TW_DRIVER_VERSION "2.26.02.009"
6905 static TW_Device_Extension *twa_device_extension_list[TW_MAX_SLOT];
6906 static unsigned int twa_device_extension_count;
6907 static int twa_major = -1;
6908 @@ -2063,11 +2064,14 @@ static int __devinit twa_probe(struct pci_dev *pdev, const struct pci_device_id
6910 pci_set_master(pdev);
6912 - retval = pci_set_dma_mask(pdev, sizeof(dma_addr_t) > 4 ? DMA_64BIT_MASK : DMA_32BIT_MASK);
6913 - if (retval) {
6914 - TW_PRINTK(host, TW_DRIVER, 0x23, "Failed to set dma mask");
6915 - goto out_disable_device;
6916 - }
6917 + if (pci_set_dma_mask(pdev, DMA_64BIT_MASK)
6918 + || pci_set_consistent_dma_mask(pdev, DMA_64BIT_MASK))
6919 + if (pci_set_dma_mask(pdev, DMA_32BIT_MASK)
6920 + || pci_set_consistent_dma_mask(pdev, DMA_32BIT_MASK)) {
6921 + TW_PRINTK(host, TW_DRIVER, 0x23, "Failed to set dma mask");
6922 + retval = -ENODEV;
6923 + goto out_disable_device;
6924 + }
6926 host = scsi_host_alloc(&driver_template, sizeof(TW_Device_Extension));
6927 if (!host) {
6928 diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c
6929 index 5c487ff..ac65ee2 100644
6930 --- a/drivers/scsi/aacraid/linit.c
6931 +++ b/drivers/scsi/aacraid/linit.c
6932 @@ -597,6 +597,8 @@ static int aac_cfg_open(struct inode *inode, struct file *file)
6933 static int aac_cfg_ioctl(struct inode *inode, struct file *file,
6934 unsigned int cmd, unsigned long arg)
6935 {
6936 + if (!capable(CAP_SYS_ADMIN))
6937 + return -EPERM;
6938 return aac_do_ioctl(file->private_data, cmd, (void __user *)arg);
6939 }
6941 @@ -650,6 +652,8 @@ static int aac_compat_ioctl(struct scsi_device *sdev, int cmd, void __user *arg)
6943 static long aac_compat_cfg_ioctl(struct file *file, unsigned cmd, unsigned long arg)
6944 {
6945 + if (!capable(CAP_SYS_ADMIN))
6946 + return -EPERM;
6947 return aac_compat_do_ioctl((struct aac_dev *)file->private_data, cmd, arg);
6948 }
6949 #endif
6950 diff --git a/drivers/scsi/esp_scsi.c b/drivers/scsi/esp_scsi.c
6951 index 71caf2d..150beaf 100644
6952 --- a/drivers/scsi/esp_scsi.c
6953 +++ b/drivers/scsi/esp_scsi.c
6954 @@ -2318,6 +2318,7 @@ int __devinit scsi_esp_register(struct esp *esp, struct device *dev)
6955 esp->host->transportt = esp_transport_template;
6956 esp->host->max_lun = ESP_MAX_LUN;
6957 esp->host->cmd_per_lun = 2;
6958 + esp->host->unique_id = instance;
6960 esp_set_clock_params(esp);
6962 @@ -2341,7 +2342,7 @@ int __devinit scsi_esp_register(struct esp *esp, struct device *dev)
6963 if (err)
6964 return err;
6966 - esp->host->unique_id = instance++;
6967 + instance++;
6969 scsi_scan_host(esp->host);
6971 diff --git a/drivers/scsi/hptiop.c b/drivers/scsi/hptiop.c
6972 index bec83cb..7e40105 100644
6973 --- a/drivers/scsi/hptiop.c
6974 +++ b/drivers/scsi/hptiop.c
6975 @@ -377,8 +377,9 @@ static void hptiop_host_request_callback(struct hptiop_hba *hba, u32 tag)
6976 scp->result = SAM_STAT_CHECK_CONDITION;
6977 memset(&scp->sense_buffer,
6978 0, sizeof(scp->sense_buffer));
6979 - memcpy(&scp->sense_buffer,
6980 - &req->sg_list, le32_to_cpu(req->dataxfer_length));
6981 + memcpy(&scp->sense_buffer, &req->sg_list,
6982 + min(sizeof(scp->sense_buffer),
6983 + le32_to_cpu(req->dataxfer_length)));
6984 break;
6986 default:
6987 diff --git a/drivers/scsi/scsi_transport_spi.c b/drivers/scsi/scsi_transport_spi.c
6988 index 6f56f87..4df21c9 100644
6989 --- a/drivers/scsi/scsi_transport_spi.c
6990 +++ b/drivers/scsi/scsi_transport_spi.c
6991 @@ -787,10 +787,12 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
6992 struct scsi_target *starget = sdev->sdev_target;
6993 struct Scsi_Host *shost = sdev->host;
6994 int len = sdev->inquiry_len;
6995 + int min_period = spi_min_period(starget);
6996 + int max_width = spi_max_width(starget);
6997 /* first set us up for narrow async */
6998 DV_SET(offset, 0);
6999 DV_SET(width, 0);
7000 -
7001 +
7002 if (spi_dv_device_compare_inquiry(sdev, buffer, buffer, DV_LOOPS)
7003 != SPI_COMPARE_SUCCESS) {
7004 starget_printk(KERN_ERR, starget, "Domain Validation Initial Inquiry Failed\n");
7005 @@ -798,9 +800,13 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
7006 return;
7007 }
7009 + if (!scsi_device_wide(sdev)) {
7010 + spi_max_width(starget) = 0;
7011 + max_width = 0;
7012 + }
7013 +
7014 /* test width */
7015 - if (i->f->set_width && spi_max_width(starget) &&
7016 - scsi_device_wide(sdev)) {
7017 + if (i->f->set_width && max_width) {
7018 i->f->set_width(starget, 1);
7020 if (spi_dv_device_compare_inquiry(sdev, buffer,
7021 @@ -809,6 +815,11 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
7022 != SPI_COMPARE_SUCCESS) {
7023 starget_printk(KERN_ERR, starget, "Wide Transfers Fail\n");
7024 i->f->set_width(starget, 0);
7025 + /* Make sure we don't force wide back on by asking
7026 + * for a transfer period that requires it */
7027 + max_width = 0;
7028 + if (min_period < 10)
7029 + min_period = 10;
7030 }
7031 }
7033 @@ -828,7 +839,8 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
7035 /* now set up to the maximum */
7036 DV_SET(offset, spi_max_offset(starget));
7037 - DV_SET(period, spi_min_period(starget));
7038 + DV_SET(period, min_period);
7039 +
7040 /* try QAS requests; this should be harmless to set if the
7041 * target supports it */
7042 if (scsi_device_qas(sdev)) {
7043 @@ -837,14 +849,14 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
7044 DV_SET(qas, 0);
7045 }
7047 - if (scsi_device_ius(sdev) && spi_min_period(starget) < 9) {
7048 + if (scsi_device_ius(sdev) && min_period < 9) {
7049 /* This u320 (or u640). Set IU transfers */
7050 DV_SET(iu, 1);
7051 /* Then set the optional parameters */
7052 DV_SET(rd_strm, 1);
7053 DV_SET(wr_flow, 1);
7054 DV_SET(rti, 1);
7055 - if (spi_min_period(starget) == 8)
7056 + if (min_period == 8)
7057 DV_SET(pcomp_en, 1);
7058 } else {
7059 DV_SET(iu, 0);
7060 @@ -862,6 +874,10 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
7061 } else {
7062 DV_SET(dt, 1);
7063 }
7064 + /* set width last because it will pull all the other
7065 + * parameters down to required values */
7066 + DV_SET(width, max_width);
7067 +
7068 /* Do the read only INQUIRY tests */
7069 spi_dv_retrain(sdev, buffer, buffer + sdev->inquiry_len,
7070 spi_dv_device_compare_inquiry);
7071 diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
7072 index 3d8c9cb..d2531dd 100644
7073 --- a/drivers/scsi/sd.c
7074 +++ b/drivers/scsi/sd.c
7075 @@ -895,6 +895,7 @@ static void sd_rw_intr(struct scsi_cmnd * SCpnt)
7076 unsigned int xfer_size = SCpnt->request_bufflen;
7077 unsigned int good_bytes = result ? 0 : xfer_size;
7078 u64 start_lba = SCpnt->request->sector;
7079 + u64 end_lba = SCpnt->request->sector + (xfer_size / 512);
7080 u64 bad_lba;
7081 struct scsi_sense_hdr sshdr;
7082 int sense_valid = 0;
7083 @@ -933,26 +934,23 @@ static void sd_rw_intr(struct scsi_cmnd * SCpnt)
7084 goto out;
7085 if (xfer_size <= SCpnt->device->sector_size)
7086 goto out;
7087 - switch (SCpnt->device->sector_size) {
7088 - case 256:
7089 + if (SCpnt->device->sector_size < 512) {
7090 + /* only legitimate sector_size here is 256 */
7091 start_lba <<= 1;
7092 - break;
7093 - case 512:
7094 - break;
7095 - case 1024:
7096 - start_lba >>= 1;
7097 - break;
7098 - case 2048:
7099 - start_lba >>= 2;
7100 - break;
7101 - case 4096:
7102 - start_lba >>= 3;
7103 - break;
7104 - default:
7105 - /* Print something here with limiting frequency. */
7106 - goto out;
7107 - break;
7108 + end_lba <<= 1;
7109 + } else {
7110 + /* be careful ... don't want any overflows */
7111 + u64 factor = SCpnt->device->sector_size / 512;
7112 + do_div(start_lba, factor);
7113 + do_div(end_lba, factor);
7114 }
7115 +
7116 + if (bad_lba < start_lba || bad_lba >= end_lba)
7117 + /* the bad lba was reported incorrectly, we have
7118 + * no idea where the error is
7119 + */
7120 + goto out;
7121 +
7122 /* This computation should always be done in terms of
7123 * the resolution of the device's medium.
7124 */
7125 diff --git a/drivers/serial/Kconfig b/drivers/serial/Kconfig
7126 index 315ea99..a288de5 100644
7127 --- a/drivers/serial/Kconfig
7128 +++ b/drivers/serial/Kconfig
7129 @@ -74,21 +74,17 @@ config SERIAL_8250_PCI
7130 depends on SERIAL_8250 && PCI
7131 default SERIAL_8250
7132 help
7133 - Say Y here if you have PCI serial ports.
7134 -
7135 - To compile this driver as a module, choose M here: the module
7136 - will be called 8250_pci.
7137 + This builds standard PCI serial support. You may be able to
7138 + disable this feature if you only need legacy serial support.
7139 + Saves about 9K.
7141 config SERIAL_8250_PNP
7142 tristate "8250/16550 PNP device support" if EMBEDDED
7143 depends on SERIAL_8250 && PNP
7144 default SERIAL_8250
7145 help
7146 - Say Y here if you have serial ports described by PNPBIOS or ACPI.
7147 - These are typically ports built into the system board.
7148 -
7149 - To compile this driver as a module, choose M here: the module
7150 - will be called 8250_pnp.
7151 + This builds standard PNP serial support. You may be able to
7152 + disable this feature if you only need legacy serial support.
7154 config SERIAL_8250_HP300
7155 tristate
7156 diff --git a/drivers/serial/sunhv.c b/drivers/serial/sunhv.c
7157 index 96557e6..17bcca5 100644
7158 --- a/drivers/serial/sunhv.c
7159 +++ b/drivers/serial/sunhv.c
7160 @@ -440,8 +440,16 @@ static void sunhv_console_write_paged(struct console *con, const char *s, unsign
7161 {
7162 struct uart_port *port = sunhv_port;
7163 unsigned long flags;
7164 + int locked = 1;
7165 +
7166 + local_irq_save(flags);
7167 + if (port->sysrq) {
7168 + locked = 0;
7169 + } else if (oops_in_progress) {
7170 + locked = spin_trylock(&port->lock);
7171 + } else
7172 + spin_lock(&port->lock);
7174 - spin_lock_irqsave(&port->lock, flags);
7175 while (n > 0) {
7176 unsigned long ra = __pa(con_write_page);
7177 unsigned long page_bytes;
7178 @@ -469,7 +477,10 @@ static void sunhv_console_write_paged(struct console *con, const char *s, unsign
7179 ra += written;
7180 }
7181 }
7182 - spin_unlock_irqrestore(&port->lock, flags);
7183 +
7184 + if (locked)
7185 + spin_unlock(&port->lock);
7186 + local_irq_restore(flags);
7187 }
7189 static inline void sunhv_console_putchar(struct uart_port *port, char c)
7190 @@ -488,7 +499,15 @@ static void sunhv_console_write_bychar(struct console *con, const char *s, unsig
7191 {
7192 struct uart_port *port = sunhv_port;
7193 unsigned long flags;
7194 - int i;
7195 + int i, locked = 1;
7196 +
7197 + local_irq_save(flags);
7198 + if (port->sysrq) {
7199 + locked = 0;
7200 + } else if (oops_in_progress) {
7201 + locked = spin_trylock(&port->lock);
7202 + } else
7203 + spin_lock(&port->lock);
7205 spin_lock_irqsave(&port->lock, flags);
7206 for (i = 0; i < n; i++) {
7207 @@ -496,7 +515,10 @@ static void sunhv_console_write_bychar(struct console *con, const char *s, unsig
7208 sunhv_console_putchar(port, '\r');
7209 sunhv_console_putchar(port, *s++);
7210 }
7211 - spin_unlock_irqrestore(&port->lock, flags);
7212 +
7213 + if (locked)
7214 + spin_unlock(&port->lock);
7215 + local_irq_restore(flags);
7216 }
7218 static struct console sunhv_console = {
7219 diff --git a/drivers/serial/sunsab.c b/drivers/serial/sunsab.c
7220 index deb9ab4..8a0f9e4 100644
7221 --- a/drivers/serial/sunsab.c
7222 +++ b/drivers/serial/sunsab.c
7223 @@ -860,22 +860,31 @@ static int num_channels;
7224 static void sunsab_console_putchar(struct uart_port *port, int c)
7225 {
7226 struct uart_sunsab_port *up = (struct uart_sunsab_port *)port;
7227 - unsigned long flags;
7228 -
7229 - spin_lock_irqsave(&up->port.lock, flags);
7231 sunsab_tec_wait(up);
7232 writeb(c, &up->regs->w.tic);
7233 -
7234 - spin_unlock_irqrestore(&up->port.lock, flags);
7235 }
7237 static void sunsab_console_write(struct console *con, const char *s, unsigned n)
7238 {
7239 struct uart_sunsab_port *up = &sunsab_ports[con->index];
7240 + unsigned long flags;
7241 + int locked = 1;
7242 +
7243 + local_irq_save(flags);
7244 + if (up->port.sysrq) {
7245 + locked = 0;
7246 + } else if (oops_in_progress) {
7247 + locked = spin_trylock(&up->port.lock);
7248 + } else
7249 + spin_lock(&up->port.lock);
7251 uart_console_write(&up->port, s, n, sunsab_console_putchar);
7252 sunsab_tec_wait(up);
7253 +
7254 + if (locked)
7255 + spin_unlock(&up->port.lock);
7256 + local_irq_restore(flags);
7257 }
7259 static int sunsab_console_setup(struct console *con, char *options)
7260 diff --git a/drivers/serial/sunsu.c b/drivers/serial/sunsu.c
7261 index 2a63cdb..26d720b 100644
7262 --- a/drivers/serial/sunsu.c
7263 +++ b/drivers/serial/sunsu.c
7264 @@ -1288,7 +1288,17 @@ static void sunsu_console_write(struct console *co, const char *s,
7265 unsigned int count)
7266 {
7267 struct uart_sunsu_port *up = &sunsu_ports[co->index];
7268 + unsigned long flags;
7269 unsigned int ier;
7270 + int locked = 1;
7271 +
7272 + local_irq_save(flags);
7273 + if (up->port.sysrq) {
7274 + locked = 0;
7275 + } else if (oops_in_progress) {
7276 + locked = spin_trylock(&up->port.lock);
7277 + } else
7278 + spin_lock(&up->port.lock);
7280 /*
7281 * First save the UER then disable the interrupts
7282 @@ -1304,6 +1314,10 @@ static void sunsu_console_write(struct console *co, const char *s,
7283 */
7284 wait_for_xmitr(up);
7285 serial_out(up, UART_IER, ier);
7286 +
7287 + if (locked)
7288 + spin_unlock(&up->port.lock);
7289 + local_irq_restore(flags);
7290 }
7292 /*
7293 diff --git a/drivers/serial/sunzilog.c b/drivers/serial/sunzilog.c
7294 index 15b6e1c..0a3e10a 100644
7295 --- a/drivers/serial/sunzilog.c
7296 +++ b/drivers/serial/sunzilog.c
7297 @@ -9,7 +9,7 @@
7298 * C. Dost, Pete Zaitcev, Ted Ts'o and Alex Buell for their
7299 * work there.
7300 *
7301 - * Copyright (C) 2002, 2006 David S. Miller (davem@davemloft.net)
7302 + * Copyright (C) 2002, 2006, 2007 David S. Miller (davem@davemloft.net)
7303 */
7305 #include <linux/module.h>
7306 @@ -1151,11 +1151,22 @@ sunzilog_console_write(struct console *con, const char *s, unsigned int count)
7307 {
7308 struct uart_sunzilog_port *up = &sunzilog_port_table[con->index];
7309 unsigned long flags;
7310 + int locked = 1;
7311 +
7312 + local_irq_save(flags);
7313 + if (up->port.sysrq) {
7314 + locked = 0;
7315 + } else if (oops_in_progress) {
7316 + locked = spin_trylock(&up->port.lock);
7317 + } else
7318 + spin_lock(&up->port.lock);
7320 - spin_lock_irqsave(&up->port.lock, flags);
7321 uart_console_write(&up->port, s, count, sunzilog_putchar);
7322 udelay(2);
7323 - spin_unlock_irqrestore(&up->port.lock, flags);
7324 +
7325 + if (locked)
7326 + spin_unlock(&up->port.lock);
7327 + local_irq_restore(flags);
7328 }
7330 static int __init sunzilog_console_setup(struct console *con, char *options)
7331 diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
7332 index 0081c1d..407fb8f 100644
7333 --- a/drivers/usb/class/cdc-acm.c
7334 +++ b/drivers/usb/class/cdc-acm.c
7335 @@ -919,6 +919,10 @@ skip_normal_probe:
7336 return -EINVAL;
7337 }
7338 }
7339 +
7340 + /* Accept probe requests only for the control interface */
7341 + if (intf != control_interface)
7342 + return -ENODEV;
7344 if (usb_interface_claimed(data_interface)) { /* valid in this context */
7345 dev_dbg(&intf->dev,"The data interface isn't available");
7346 @@ -1107,10 +1111,12 @@ static void acm_disconnect(struct usb_interface *intf)
7347 return;
7348 }
7349 if (acm->country_codes){
7350 - device_remove_file(&intf->dev, &dev_attr_wCountryCodes);
7351 - device_remove_file(&intf->dev, &dev_attr_iCountryCodeRelDate);
7352 + device_remove_file(&acm->control->dev,
7353 + &dev_attr_wCountryCodes);
7354 + device_remove_file(&acm->control->dev,
7355 + &dev_attr_iCountryCodeRelDate);
7356 }
7357 - device_remove_file(&intf->dev, &dev_attr_bmCapabilities);
7358 + device_remove_file(&acm->control->dev, &dev_attr_bmCapabilities);
7359 acm->dev = NULL;
7360 usb_set_intfdata(acm->control, NULL);
7361 usb_set_intfdata(acm->data, NULL);
7362 diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c
7363 index 2619986..61699f7 100644
7364 --- a/drivers/usb/core/driver.c
7365 +++ b/drivers/usb/core/driver.c
7366 @@ -58,7 +58,7 @@ ssize_t usb_store_new_id(struct usb_dynids *dynids,
7367 dynid->id.match_flags = USB_DEVICE_ID_MATCH_DEVICE;
7369 spin_lock(&dynids->lock);
7370 - list_add_tail(&dynids->list, &dynid->node);
7371 + list_add_tail(&dynid->node, &dynids->list);
7372 spin_unlock(&dynids->lock);
7374 if (get_driver(driver)) {
7375 diff --git a/drivers/usb/core/hcd.h b/drivers/usb/core/hcd.h
7376 index ef50fa4..87f6467 100644
7377 --- a/drivers/usb/core/hcd.h
7378 +++ b/drivers/usb/core/hcd.h
7379 @@ -19,6 +19,8 @@
7381 #ifdef __KERNEL__
7383 +#include <linux/rwsem.h>
7384 +
7385 /* This file contains declarations of usbcore internals that are mostly
7386 * used or exposed by Host Controller Drivers.
7387 */
7388 @@ -464,5 +466,9 @@ static inline void usbmon_urb_complete(struct usb_bus *bus, struct urb *urb) {}
7389 : (in_interrupt () ? "in_interrupt" : "can sleep"))
7392 -#endif /* __KERNEL__ */
7393 +/* This rwsem is for use only by the hub driver and ehci-hcd.
7394 + * Nobody else should touch it.
7395 + */
7396 +extern struct rw_semaphore ehci_cf_port_reset_rwsem;
7398 +#endif /* __KERNEL__ */
7399 diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
7400 index 24f10a1..bc93e06 100644
7401 --- a/drivers/usb/core/hub.c
7402 +++ b/drivers/usb/core/hub.c
7403 @@ -117,6 +117,12 @@ MODULE_PARM_DESC(use_both_schemes,
7404 "try the other device initialization scheme if the "
7405 "first one fails");
7407 +/* Mutual exclusion for EHCI CF initialization. This interferes with
7408 + * port reset on some companion controllers.
7409 + */
7410 +DECLARE_RWSEM(ehci_cf_port_reset_rwsem);
7411 +EXPORT_SYMBOL_GPL(ehci_cf_port_reset_rwsem);
7412 +
7414 static inline char *portspeed(int portstatus)
7415 {
7416 @@ -1388,6 +1394,10 @@ int usb_new_device(struct usb_device *udev)
7417 udev->dev.devt = MKDEV(USB_DEVICE_MAJOR,
7418 (((udev->bus->busnum-1) * 128) + (udev->devnum-1)));
7420 + /* Increment the parent's count of unsuspended children */
7421 + if (udev->parent)
7422 + usb_autoresume_device(udev->parent);
7423 +
7424 /* Register the device. The device driver is responsible
7425 * for adding the device files to sysfs and for configuring
7426 * the device.
7427 @@ -1395,13 +1405,11 @@ int usb_new_device(struct usb_device *udev)
7428 err = device_add(&udev->dev);
7429 if (err) {
7430 dev_err(&udev->dev, "can't device_add, error %d\n", err);
7431 + if (udev->parent)
7432 + usb_autosuspend_device(udev->parent);
7433 goto fail;
7434 }
7436 - /* Increment the parent's count of unsuspended children */
7437 - if (udev->parent)
7438 - usb_autoresume_device(udev->parent);
7439 -
7440 exit:
7441 return err;
7443 @@ -1511,6 +1519,11 @@ static int hub_port_reset(struct usb_hub *hub, int port1,
7444 {
7445 int i, status;
7447 + /* Block EHCI CF initialization during the port reset.
7448 + * Some companion controllers don't like it when they mix.
7449 + */
7450 + down_read(&ehci_cf_port_reset_rwsem);
7451 +
7452 /* Reset the port */
7453 for (i = 0; i < PORT_RESET_TRIES; i++) {
7454 status = set_port_feature(hub->hdev,
7455 @@ -1541,7 +1554,7 @@ static int hub_port_reset(struct usb_hub *hub, int port1,
7456 usb_set_device_state(udev, status
7457 ? USB_STATE_NOTATTACHED
7458 : USB_STATE_DEFAULT);
7459 - return status;
7460 + goto done;
7461 }
7463 dev_dbg (hub->intfdev,
7464 @@ -1554,6 +1567,8 @@ static int hub_port_reset(struct usb_hub *hub, int port1,
7465 "Cannot enable port %i. Maybe the USB cable is bad?\n",
7466 port1);
7468 + done:
7469 + up_read(&ehci_cf_port_reset_rwsem);
7470 return status;
7471 }
7473 diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
7474 index f9fed34..68ce2de 100644
7475 --- a/drivers/usb/core/message.c
7476 +++ b/drivers/usb/core/message.c
7477 @@ -623,12 +623,12 @@ int usb_get_descriptor(struct usb_device *dev, unsigned char type, unsigned char
7478 memset(buf,0,size); // Make sure we parse really received data
7480 for (i = 0; i < 3; ++i) {
7481 - /* retry on length 0 or stall; some devices are flakey */
7482 + /* retry on length 0 or error; some devices are flakey */
7483 result = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0),
7484 USB_REQ_GET_DESCRIPTOR, USB_DIR_IN,
7485 (type << 8) + index, 0, buf, size,
7486 USB_CTRL_GET_TIMEOUT);
7487 - if (result == 0 || result == -EPIPE)
7488 + if (result <= 0 && result != -ETIMEDOUT)
7489 continue;
7490 if (result > 1 && ((u8 *)buf)[1] != type) {
7491 result = -EPROTO;
7492 @@ -1344,6 +1344,30 @@ static int usb_if_uevent(struct device *dev, char **envp, int num_envp,
7493 usb_dev = interface_to_usbdev(intf);
7494 alt = intf->cur_altsetting;
7496 +#ifdef CONFIG_USB_DEVICEFS
7497 + if (add_uevent_var(envp, num_envp, &i,
7498 + buffer, buffer_size, &length,
7499 + "DEVICE=/proc/bus/usb/%03d/%03d",
7500 + usb_dev->bus->busnum, usb_dev->devnum))
7501 + return -ENOMEM;
7502 +#endif
7503 +
7504 + if (add_uevent_var(envp, num_envp, &i,
7505 + buffer, buffer_size, &length,
7506 + "PRODUCT=%x/%x/%x",
7507 + le16_to_cpu(usb_dev->descriptor.idVendor),
7508 + le16_to_cpu(usb_dev->descriptor.idProduct),
7509 + le16_to_cpu(usb_dev->descriptor.bcdDevice)))
7510 + return -ENOMEM;
7511 +
7512 + if (add_uevent_var(envp, num_envp, &i,
7513 + buffer, buffer_size, &length,
7514 + "TYPE=%d/%d/%d",
7515 + usb_dev->descriptor.bDeviceClass,
7516 + usb_dev->descriptor.bDeviceSubClass,
7517 + usb_dev->descriptor.bDeviceProtocol))
7518 + return -ENOMEM;
7519 +
7520 if (add_uevent_var(envp, num_envp, &i,
7521 buffer, buffer_size, &length,
7522 "INTERFACE=%d/%d/%d",
7523 diff --git a/drivers/usb/host/ehci-hcd.c b/drivers/usb/host/ehci-hcd.c
7524 index 099aff6..ba78f8e 100644
7525 --- a/drivers/usb/host/ehci-hcd.c
7526 +++ b/drivers/usb/host/ehci-hcd.c
7527 @@ -566,10 +566,21 @@ static int ehci_run (struct usb_hcd *hcd)
7528 * are explicitly handed to companion controller(s), so no TT is
7529 * involved with the root hub. (Except where one is integrated,
7530 * and there's no companion controller unless maybe for USB OTG.)
7531 + *
7532 + * Turning on the CF flag will transfer ownership of all ports
7533 + * from the companions to the EHCI controller. If any of the
7534 + * companions are in the middle of a port reset at the time, it
7535 + * could cause trouble. Write-locking ehci_cf_port_reset_rwsem
7536 + * guarantees that no resets are in progress. After we set CF,
7537 + * a short delay lets the hardware catch up; new resets shouldn't
7538 + * be started before the port switching actions could complete.
7539 */
7540 + down_write(&ehci_cf_port_reset_rwsem);
7541 hcd->state = HC_STATE_RUNNING;
7542 ehci_writel(ehci, FLAG_CF, &ehci->regs->configured_flag);
7543 ehci_readl(ehci, &ehci->regs->command); /* unblock posted writes */
7544 + msleep(5);
7545 + up_write(&ehci_cf_port_reset_rwsem);
7547 temp = HC_VERSION(ehci_readl(ehci, &ehci->caps->hc_capbase));
7548 ehci_info (ehci,
7549 diff --git a/drivers/usb/image/microtek.c b/drivers/usb/image/microtek.c
7550 index 51bd80d..3acfd1a 100644
7551 --- a/drivers/usb/image/microtek.c
7552 +++ b/drivers/usb/image/microtek.c
7553 @@ -823,7 +823,7 @@ static int mts_usb_probe(struct usb_interface *intf,
7554 goto out_kfree2;
7556 new_desc->host->hostdata[0] = (unsigned long)new_desc;
7557 - if (scsi_add_host(new_desc->host, NULL)) {
7558 + if (scsi_add_host(new_desc->host, &dev->dev)) {
7559 err_retval = -EIO;
7560 goto out_host_put;
7561 }
7562 diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
7563 index da1c6f7..38c4e97 100644
7564 --- a/drivers/usb/serial/ftdi_sio.c
7565 +++ b/drivers/usb/serial/ftdi_sio.c
7566 @@ -271,26 +271,58 @@ static int debug;
7567 static __u16 vendor = FTDI_VID;
7568 static __u16 product;
7570 +struct ftdi_private {
7571 + ftdi_chip_type_t chip_type;
7572 + /* type of the device, either SIO or FT8U232AM */
7573 + int baud_base; /* baud base clock for divisor setting */
7574 + int custom_divisor; /* custom_divisor kludge, this is for baud_base (different from what goes to the chip!) */
7575 + __u16 last_set_data_urb_value ;
7576 + /* the last data state set - needed for doing a break */
7577 + int write_offset; /* This is the offset in the usb data block to write the serial data -
7578 + * it is different between devices
7579 + */
7580 + int flags; /* some ASYNC_xxxx flags are supported */
7581 + unsigned long last_dtr_rts; /* saved modem control outputs */
7582 + wait_queue_head_t delta_msr_wait; /* Used for TIOCMIWAIT */
7583 + char prev_status, diff_status; /* Used for TIOCMIWAIT */
7584 + __u8 rx_flags; /* receive state flags (throttling) */
7585 + spinlock_t rx_lock; /* spinlock for receive state */
7586 + struct delayed_work rx_work;
7587 + struct usb_serial_port *port;
7588 + int rx_processed;
7589 + unsigned long rx_bytes;
7590 +
7591 + __u16 interface; /* FT2232C port interface (0 for FT232/245) */
7592 +
7593 + int force_baud; /* if non-zero, force the baud rate to this value */
7594 + int force_rtscts; /* if non-zero, force RTS-CTS to always be enabled */
7595 +
7596 + spinlock_t tx_lock; /* spinlock for transmit state */
7597 + unsigned long tx_bytes;
7598 + unsigned long tx_outstanding_bytes;
7599 + unsigned long tx_outstanding_urbs;
7600 +};
7601 +
7602 /* struct ftdi_sio_quirk is used by devices requiring special attention. */
7603 struct ftdi_sio_quirk {
7604 int (*probe)(struct usb_serial *);
7605 - void (*setup)(struct usb_serial *); /* Special settings during startup. */
7606 + void (*port_probe)(struct ftdi_private *); /* Special settings for probed ports. */
7607 };
7609 static int ftdi_olimex_probe (struct usb_serial *serial);
7610 -static void ftdi_USB_UIRT_setup (struct usb_serial *serial);
7611 -static void ftdi_HE_TIRA1_setup (struct usb_serial *serial);
7612 +static void ftdi_USB_UIRT_setup (struct ftdi_private *priv);
7613 +static void ftdi_HE_TIRA1_setup (struct ftdi_private *priv);
7615 static struct ftdi_sio_quirk ftdi_olimex_quirk = {
7616 .probe = ftdi_olimex_probe,
7617 };
7619 static struct ftdi_sio_quirk ftdi_USB_UIRT_quirk = {
7620 - .setup = ftdi_USB_UIRT_setup,
7621 + .port_probe = ftdi_USB_UIRT_setup,
7622 };
7624 static struct ftdi_sio_quirk ftdi_HE_TIRA1_quirk = {
7625 - .setup = ftdi_HE_TIRA1_setup,
7626 + .port_probe = ftdi_HE_TIRA1_setup,
7627 };
7629 /*
7630 @@ -567,38 +599,6 @@ static const char *ftdi_chip_name[] = {
7631 #define THROTTLED 0x01
7632 #define ACTUALLY_THROTTLED 0x02
7634 -struct ftdi_private {
7635 - ftdi_chip_type_t chip_type;
7636 - /* type of the device, either SIO or FT8U232AM */
7637 - int baud_base; /* baud base clock for divisor setting */
7638 - int custom_divisor; /* custom_divisor kludge, this is for baud_base (different from what goes to the chip!) */
7639 - __u16 last_set_data_urb_value ;
7640 - /* the last data state set - needed for doing a break */
7641 - int write_offset; /* This is the offset in the usb data block to write the serial data -
7642 - * it is different between devices
7643 - */
7644 - int flags; /* some ASYNC_xxxx flags are supported */
7645 - unsigned long last_dtr_rts; /* saved modem control outputs */
7646 - wait_queue_head_t delta_msr_wait; /* Used for TIOCMIWAIT */
7647 - char prev_status, diff_status; /* Used for TIOCMIWAIT */
7648 - __u8 rx_flags; /* receive state flags (throttling) */
7649 - spinlock_t rx_lock; /* spinlock for receive state */
7650 - struct delayed_work rx_work;
7651 - struct usb_serial_port *port;
7652 - int rx_processed;
7653 - unsigned long rx_bytes;
7654 -
7655 - __u16 interface; /* FT2232C port interface (0 for FT232/245) */
7656 -
7657 - int force_baud; /* if non-zero, force the baud rate to this value */
7658 - int force_rtscts; /* if non-zero, force RTS-CTS to always be enabled */
7659 -
7660 - spinlock_t tx_lock; /* spinlock for transmit state */
7661 - unsigned long tx_bytes;
7662 - unsigned long tx_outstanding_bytes;
7663 - unsigned long tx_outstanding_urbs;
7664 -};
7665 -
7666 /* Used for TIOCMIWAIT */
7667 #define FTDI_STATUS_B0_MASK (FTDI_RS0_CTS | FTDI_RS0_DSR | FTDI_RS0_RI | FTDI_RS0_RLSD)
7668 #define FTDI_STATUS_B1_MASK (FTDI_RS_BI)
7669 @@ -609,7 +609,6 @@ struct ftdi_private {
7671 /* function prototypes for a FTDI serial converter */
7672 static int ftdi_sio_probe (struct usb_serial *serial, const struct usb_device_id *id);
7673 -static int ftdi_sio_attach (struct usb_serial *serial);
7674 static void ftdi_shutdown (struct usb_serial *serial);
7675 static int ftdi_sio_port_probe (struct usb_serial_port *port);
7676 static int ftdi_sio_port_remove (struct usb_serial_port *port);
7677 @@ -663,7 +662,6 @@ static struct usb_serial_driver ftdi_sio_device = {
7678 .ioctl = ftdi_ioctl,
7679 .set_termios = ftdi_set_termios,
7680 .break_ctl = ftdi_break_ctl,
7681 - .attach = ftdi_sio_attach,
7682 .shutdown = ftdi_shutdown,
7683 };
7685 @@ -1198,6 +1196,8 @@ static int ftdi_sio_probe (struct usb_serial *serial, const struct usb_device_id
7686 static int ftdi_sio_port_probe(struct usb_serial_port *port)
7687 {
7688 struct ftdi_private *priv;
7689 + struct ftdi_sio_quirk *quirk = usb_get_serial_data(port->serial);
7690 +
7692 dbg("%s",__FUNCTION__);
7694 @@ -1214,6 +1214,9 @@ static int ftdi_sio_port_probe(struct usb_serial_port *port)
7695 than queue a task to deliver them */
7696 priv->flags = ASYNC_LOW_LATENCY;
7698 + if (quirk && quirk->port_probe)
7699 + quirk->port_probe(priv);
7700 +
7701 /* Increase the size of read buffers */
7702 kfree(port->bulk_in_buffer);
7703 port->bulk_in_buffer = kmalloc (BUFSZ, GFP_KERNEL);
7704 @@ -1244,29 +1247,13 @@ static int ftdi_sio_port_probe(struct usb_serial_port *port)
7705 return 0;
7706 }
7708 -/* attach subroutine */
7709 -static int ftdi_sio_attach (struct usb_serial *serial)
7710 -{
7711 - /* Check for device requiring special set up. */
7712 - struct ftdi_sio_quirk *quirk = usb_get_serial_data(serial);
7713 -
7714 - if (quirk && quirk->setup)
7715 - quirk->setup(serial);
7716 -
7717 - return 0;
7718 -} /* ftdi_sio_attach */
7719 -
7720 -
7721 /* Setup for the USB-UIRT device, which requires hardwired
7722 * baudrate (38400 gets mapped to 312500) */
7723 /* Called from usbserial:serial_probe */
7724 -static void ftdi_USB_UIRT_setup (struct usb_serial *serial)
7725 +static void ftdi_USB_UIRT_setup (struct ftdi_private *priv)
7726 {
7727 - struct ftdi_private *priv;
7728 -
7729 dbg("%s",__FUNCTION__);
7731 - priv = usb_get_serial_port_data(serial->port[0]);
7732 priv->flags |= ASYNC_SPD_CUST;
7733 priv->custom_divisor = 77;
7734 priv->force_baud = B38400;
7735 @@ -1274,13 +1261,10 @@ static void ftdi_USB_UIRT_setup (struct usb_serial *serial)
7737 /* Setup for the HE-TIRA1 device, which requires hardwired
7738 * baudrate (38400 gets mapped to 100000) and RTS-CTS enabled. */
7739 -static void ftdi_HE_TIRA1_setup (struct usb_serial *serial)
7740 +static void ftdi_HE_TIRA1_setup (struct ftdi_private *priv)
7741 {
7742 - struct ftdi_private *priv;
7743 -
7744 dbg("%s",__FUNCTION__);
7746 - priv = usb_get_serial_port_data(serial->port[0]);
7747 priv->flags |= ASYNC_SPD_CUST;
7748 priv->custom_divisor = 240;
7749 priv->force_baud = B38400;
7750 diff --git a/drivers/usb/serial/generic.c b/drivers/usb/serial/generic.c
7751 index 4f8282a..c36eb79 100644
7752 --- a/drivers/usb/serial/generic.c
7753 +++ b/drivers/usb/serial/generic.c
7754 @@ -190,14 +190,15 @@ int usb_serial_generic_write(struct usb_serial_port *port, const unsigned char *
7756 /* only do something if we have a bulk out endpoint */
7757 if (serial->num_bulk_out) {
7758 - spin_lock_bh(&port->lock);
7759 + unsigned long flags;
7760 + spin_lock_irqsave(&port->lock, flags);
7761 if (port->write_urb_busy) {
7762 - spin_unlock_bh(&port->lock);
7763 + spin_unlock_irqrestore(&port->lock, flags);
7764 dbg("%s - already writing", __FUNCTION__);
7765 return 0;
7766 }
7767 port->write_urb_busy = 1;
7768 - spin_unlock_bh(&port->lock);
7769 + spin_unlock_irqrestore(&port->lock, flags);
7771 count = (count > port->bulk_out_size) ? port->bulk_out_size : count;
7773 diff --git a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c
7774 index 056e192..0f99e07 100644
7775 --- a/drivers/usb/serial/io_edgeport.c
7776 +++ b/drivers/usb/serial/io_edgeport.c
7777 @@ -2366,9 +2366,8 @@ static int send_cmd_write_baud_rate (struct edgeport_port *edge_port, int baudRa
7778 int status;
7779 unsigned char number = edge_port->port->number - edge_port->port->serial->minor;
7781 - if ((!edge_serial->is_epic) ||
7782 - ((edge_serial->is_epic) &&
7783 - (!edge_serial->epic_descriptor.Supports.IOSPSetBaudRate))) {
7784 + if (edge_serial->is_epic &&
7785 + !edge_serial->epic_descriptor.Supports.IOSPSetBaudRate) {
7786 dbg("SendCmdWriteBaudRate - NOT Setting baud rate for port = %d, baud = %d",
7787 edge_port->port->number, baudRate);
7788 return 0;
7789 @@ -2461,18 +2460,16 @@ static int send_cmd_write_uart_register (struct edgeport_port *edge_port, __u8 r
7791 dbg("%s - write to %s register 0x%02x", (regNum == MCR) ? "MCR" : "LCR", __FUNCTION__, regValue);
7793 - if ((!edge_serial->is_epic) ||
7794 - ((edge_serial->is_epic) &&
7795 - (!edge_serial->epic_descriptor.Supports.IOSPWriteMCR) &&
7796 - (regNum == MCR))) {
7797 + if (edge_serial->is_epic &&
7798 + !edge_serial->epic_descriptor.Supports.IOSPWriteMCR &&
7799 + regNum == MCR) {
7800 dbg("SendCmdWriteUartReg - Not writing to MCR Register");
7801 return 0;
7802 }
7804 - if ((!edge_serial->is_epic) ||
7805 - ((edge_serial->is_epic) &&
7806 - (!edge_serial->epic_descriptor.Supports.IOSPWriteLCR) &&
7807 - (regNum == LCR))) {
7808 + if (edge_serial->is_epic &&
7809 + !edge_serial->epic_descriptor.Supports.IOSPWriteLCR &&
7810 + regNum == LCR) {
7811 dbg ("SendCmdWriteUartReg - Not writing to LCR Register");
7812 return 0;
7813 }
7814 diff --git a/drivers/usb/serial/kobil_sct.c b/drivers/usb/serial/kobil_sct.c
7815 index 0683b51..6f22419 100644
7816 --- a/drivers/usb/serial/kobil_sct.c
7817 +++ b/drivers/usb/serial/kobil_sct.c
7818 @@ -82,6 +82,7 @@ static int kobil_tiocmset(struct usb_serial_port *port, struct file *file,
7819 unsigned int set, unsigned int clear);
7820 static void kobil_read_int_callback( struct urb *urb );
7821 static void kobil_write_callback( struct urb *purb );
7822 +static void kobil_set_termios(struct usb_serial_port *port, struct ktermios *old);
7825 static struct usb_device_id id_table [] = {
7826 @@ -119,6 +120,7 @@ static struct usb_serial_driver kobil_device = {
7827 .attach = kobil_startup,
7828 .shutdown = kobil_shutdown,
7829 .ioctl = kobil_ioctl,
7830 + .set_termios = kobil_set_termios,
7831 .tiocmget = kobil_tiocmget,
7832 .tiocmset = kobil_tiocmset,
7833 .open = kobil_open,
7834 @@ -137,7 +139,6 @@ struct kobil_private {
7835 int cur_pos; // index of the next char to send in buf
7836 __u16 device_type;
7837 int line_state;
7838 - struct ktermios internal_termios;
7839 };
7842 @@ -216,7 +217,7 @@ static void kobil_shutdown (struct usb_serial *serial)
7844 static int kobil_open (struct usb_serial_port *port, struct file *filp)
7845 {
7846 - int i, result = 0;
7847 + int result = 0;
7848 struct kobil_private *priv;
7849 unsigned char *transfer_buffer;
7850 int transfer_buffer_length = 8;
7851 @@ -242,16 +243,6 @@ static int kobil_open (struct usb_serial_port *port, struct file *filp)
7852 port->tty->termios->c_iflag = IGNBRK | IGNPAR | IXOFF;
7853 port->tty->termios->c_oflag &= ~ONLCR; // do NOT translate CR to CR-NL (0x0A -> 0x0A 0x0D)
7855 - // set up internal termios structure
7856 - priv->internal_termios.c_iflag = port->tty->termios->c_iflag;
7857 - priv->internal_termios.c_oflag = port->tty->termios->c_oflag;
7858 - priv->internal_termios.c_cflag = port->tty->termios->c_cflag;
7859 - priv->internal_termios.c_lflag = port->tty->termios->c_lflag;
7860 -
7861 - for (i=0; i<NCCS; i++) {
7862 - priv->internal_termios.c_cc[i] = port->tty->termios->c_cc[i];
7863 - }
7864 -
7865 // allocate memory for transfer buffer
7866 transfer_buffer = kzalloc(transfer_buffer_length, GFP_KERNEL);
7867 if (! transfer_buffer) {
7868 @@ -358,24 +349,26 @@ static void kobil_close (struct usb_serial_port *port, struct file *filp)
7869 }
7872 -static void kobil_read_int_callback( struct urb *purb)
7873 +static void kobil_read_int_callback(struct urb *urb)
7874 {
7875 int result;
7876 - struct usb_serial_port *port = (struct usb_serial_port *) purb->context;
7877 + struct usb_serial_port *port = urb->context;
7878 struct tty_struct *tty;
7879 - unsigned char *data = purb->transfer_buffer;
7880 + unsigned char *data = urb->transfer_buffer;
7881 + int status = urb->status;
7882 // char *dbg_data;
7884 dbg("%s - port %d", __FUNCTION__, port->number);
7886 - if (purb->status) {
7887 - dbg("%s - port %d Read int status not zero: %d", __FUNCTION__, port->number, purb->status);
7888 + if (status) {
7889 + dbg("%s - port %d Read int status not zero: %d",
7890 + __FUNCTION__, port->number, status);
7891 return;
7892 }
7893 -
7894 - tty = port->tty;
7895 - if (purb->actual_length) {
7896 -
7897 +
7898 + tty = port->tty;
7899 + if (urb->actual_length) {
7900 +
7901 // BEGIN DEBUG
7902 /*
7903 dbg_data = kzalloc((3 * purb->actual_length + 10) * sizeof(char), GFP_KERNEL);
7904 @@ -390,15 +383,15 @@ static void kobil_read_int_callback( struct urb *purb)
7905 */
7906 // END DEBUG
7908 - tty_buffer_request_room(tty, purb->actual_length);
7909 - tty_insert_flip_string(tty, data, purb->actual_length);
7910 + tty_buffer_request_room(tty, urb->actual_length);
7911 + tty_insert_flip_string(tty, data, urb->actual_length);
7912 tty_flip_buffer_push(tty);
7913 }
7915 // someone sets the dev to 0 if the close method has been called
7916 port->interrupt_in_urb->dev = port->serial->dev;
7918 - result = usb_submit_urb( port->interrupt_in_urb, GFP_ATOMIC );
7919 + result = usb_submit_urb(port->interrupt_in_urb, GFP_ATOMIC);
7920 dbg("%s - port %d Send read URB returns: %i", __FUNCTION__, port->number, result);
7921 }
7923 @@ -605,102 +598,79 @@ static int kobil_tiocmset(struct usb_serial_port *port, struct file *file,
7924 return (result < 0) ? result : 0;
7925 }
7927 -
7928 -static int kobil_ioctl(struct usb_serial_port *port, struct file *file,
7929 - unsigned int cmd, unsigned long arg)
7930 +static void kobil_set_termios(struct usb_serial_port *port, struct ktermios *old)
7931 {
7932 struct kobil_private * priv;
7933 int result;
7934 unsigned short urb_val = 0;
7935 - unsigned char *transfer_buffer;
7936 - int transfer_buffer_length = 8;
7937 - char *settings;
7938 - void __user *user_arg = (void __user *)arg;
7939 + int c_cflag = port->tty->termios->c_cflag;
7940 + speed_t speed;
7941 + void * settings;
7943 priv = usb_get_serial_port_data(port);
7944 - if ((priv->device_type == KOBIL_USBTWIN_PRODUCT_ID) || (priv->device_type == KOBIL_KAAN_SIM_PRODUCT_ID)) {
7945 + if (priv->device_type == KOBIL_USBTWIN_PRODUCT_ID || priv->device_type == KOBIL_KAAN_SIM_PRODUCT_ID)
7946 // This device doesn't support ioctl calls
7947 - return 0;
7948 - }
7949 -
7950 - switch (cmd) {
7951 - case TCGETS: // 0x5401
7952 - if (!access_ok(VERIFY_WRITE, user_arg, sizeof(struct ktermios))) {
7953 - dbg("%s - port %d Error in access_ok", __FUNCTION__, port->number);
7954 - return -EFAULT;
7955 - }
7956 - if (kernel_termios_to_user_termios((struct ktermios __user *)arg,
7957 - &priv->internal_termios))
7958 - return -EFAULT;
7959 - return 0;
7960 -
7961 - case TCSETS: // 0x5402
7962 - if (!(port->tty->termios)) {
7963 - dbg("%s - port %d Error: port->tty->termios is NULL", __FUNCTION__, port->number);
7964 - return -ENOTTY;
7965 - }
7966 - if (!access_ok(VERIFY_READ, user_arg, sizeof(struct ktermios))) {
7967 - dbg("%s - port %d Error in access_ok", __FUNCTION__, port->number);
7968 - return -EFAULT;
7969 - }
7970 - if (user_termios_to_kernel_termios(&priv->internal_termios,
7971 - (struct ktermios __user *)arg))
7972 - return -EFAULT;
7973 -
7974 - settings = kzalloc(50, GFP_KERNEL);
7975 - if (! settings) {
7976 - return -ENOBUFS;
7977 - }
7978 + return;
7980 - switch (priv->internal_termios.c_cflag & CBAUD) {
7981 - case B1200:
7982 + switch (speed = tty_get_baud_rate(port->tty)) {
7983 + case 1200:
7984 urb_val = SUSBCR_SBR_1200;
7985 - strcat(settings, "1200 ");
7986 break;
7987 - case B9600:
7988 + case 9600:
7989 default:
7990 urb_val = SUSBCR_SBR_9600;
7991 - strcat(settings, "9600 ");
7992 break;
7993 - }
7994 + }
7995 + urb_val |= (c_cflag & CSTOPB) ? SUSBCR_SPASB_2StopBits : SUSBCR_SPASB_1StopBit;
7997 - urb_val |= (priv->internal_termios.c_cflag & CSTOPB) ? SUSBCR_SPASB_2StopBits : SUSBCR_SPASB_1StopBit;
7998 - strcat(settings, (priv->internal_termios.c_cflag & CSTOPB) ? "2 StopBits " : "1 StopBit ");
7999 + settings = kzalloc(50, GFP_KERNEL);
8000 + if (! settings)
8001 + return;
8003 - if (priv->internal_termios.c_cflag & PARENB) {
8004 - if (priv->internal_termios.c_cflag & PARODD) {
8005 - urb_val |= SUSBCR_SPASB_OddParity;
8006 - strcat(settings, "Odd Parity");
8007 - } else {
8008 - urb_val |= SUSBCR_SPASB_EvenParity;
8009 - strcat(settings, "Even Parity");
8010 - }
8011 + sprintf(settings, "%d ", speed);
8012 +
8013 + if (c_cflag & PARENB) {
8014 + if (c_cflag & PARODD) {
8015 + urb_val |= SUSBCR_SPASB_OddParity;
8016 + strcat(settings, "Odd Parity");
8017 } else {
8018 - urb_val |= SUSBCR_SPASB_NoParity;
8019 - strcat(settings, "No Parity");
8020 + urb_val |= SUSBCR_SPASB_EvenParity;
8021 + strcat(settings, "Even Parity");
8022 }
8023 - dbg("%s - port %d setting port to: %s", __FUNCTION__, port->number, settings );
8024 + } else {
8025 + urb_val |= SUSBCR_SPASB_NoParity;
8026 + strcat(settings, "No Parity");
8027 + }
8029 - result = usb_control_msg( port->serial->dev,
8030 - usb_rcvctrlpipe(port->serial->dev, 0 ),
8031 - SUSBCRequest_SetBaudRateParityAndStopBits,
8032 - USB_TYPE_VENDOR | USB_RECIP_ENDPOINT | USB_DIR_OUT,
8033 - urb_val,
8034 - 0,
8035 - settings,
8036 - 0,
8037 - KOBIL_TIMEOUT
8038 - );
8039 + result = usb_control_msg( port->serial->dev,
8040 + usb_rcvctrlpipe(port->serial->dev, 0 ),
8041 + SUSBCRequest_SetBaudRateParityAndStopBits,
8042 + USB_TYPE_VENDOR | USB_RECIP_ENDPOINT | USB_DIR_OUT,
8043 + urb_val,
8044 + 0,
8045 + settings,
8046 + 0,
8047 + KOBIL_TIMEOUT
8048 + );
8049 + kfree(settings);
8050 +}
8052 - dbg("%s - port %d Send set_baudrate URB returns: %i", __FUNCTION__, port->number, result);
8053 - kfree(settings);
8054 +static int kobil_ioctl(struct usb_serial_port *port, struct file * file, unsigned int cmd, unsigned long arg)
8055 +{
8056 + struct kobil_private * priv = usb_get_serial_port_data(port);
8057 + unsigned char *transfer_buffer;
8058 + int transfer_buffer_length = 8;
8059 + int result;
8060 +
8061 + if (priv->device_type == KOBIL_USBTWIN_PRODUCT_ID || priv->device_type == KOBIL_KAAN_SIM_PRODUCT_ID)
8062 + // This device doesn't support ioctl calls
8063 return 0;
8065 + switch (cmd) {
8066 case TCFLSH: // 0x540B
8067 transfer_buffer = kmalloc(transfer_buffer_length, GFP_KERNEL);
8068 - if (! transfer_buffer) {
8069 + if (! transfer_buffer)
8070 return -ENOBUFS;
8071 - }
8073 result = usb_control_msg( port->serial->dev,
8074 usb_rcvctrlpipe(port->serial->dev, 0 ),
8075 @@ -714,15 +684,13 @@ static int kobil_ioctl(struct usb_serial_port *port, struct file *file,
8076 );
8078 dbg("%s - port %d Send reset_all_queues (FLUSH) URB returns: %i", __FUNCTION__, port->number, result);
8079 -
8080 kfree(transfer_buffer);
8081 - return ((result < 0) ? -EFAULT : 0);
8082 -
8083 + return (result < 0) ? -EFAULT : 0;
8084 + default:
8085 + return -ENOIOCTLCMD;
8086 }
8087 - return -ENOIOCTLCMD;
8088 }
8090 -
8091 static int __init kobil_init (void)
8092 {
8093 int retval;
8094 diff --git a/drivers/video/backlight/cr_bllcd.c b/drivers/video/backlight/cr_bllcd.c
8095 index e9bbc34..1b3f658 100644
8096 --- a/drivers/video/backlight/cr_bllcd.c
8097 +++ b/drivers/video/backlight/cr_bllcd.c
8098 @@ -174,7 +174,7 @@ static int cr_backlight_probe(struct platform_device *pdev)
8099 struct cr_panel *crp;
8100 u8 dev_en;
8102 - crp = kzalloc(sizeof(crp), GFP_KERNEL);
8103 + crp = kzalloc(sizeof(*crp), GFP_KERNEL);
8104 if (crp == NULL)
8105 return -ENOMEM;
8107 diff --git a/drivers/video/fb_ddc.c b/drivers/video/fb_ddc.c
8108 index f836137..a0df632 100644
8109 --- a/drivers/video/fb_ddc.c
8110 +++ b/drivers/video/fb_ddc.c
8111 @@ -56,13 +56,12 @@ unsigned char *fb_ddc_read(struct i2c_adapter *adapter)
8112 int i, j;
8114 algo_data->setscl(algo_data->data, 1);
8115 - algo_data->setscl(algo_data->data, 0);
8117 for (i = 0; i < 3; i++) {
8118 /* For some old monitors we need the
8119 * following process to initialize/stop DDC
8120 */
8121 - algo_data->setsda(algo_data->data, 0);
8122 + algo_data->setsda(algo_data->data, 1);
8123 msleep(13);
8125 algo_data->setscl(algo_data->data, 1);
8126 @@ -97,14 +96,15 @@ unsigned char *fb_ddc_read(struct i2c_adapter *adapter)
8127 algo_data->setsda(algo_data->data, 1);
8128 msleep(15);
8129 algo_data->setscl(algo_data->data, 0);
8130 + algo_data->setsda(algo_data->data, 0);
8131 if (edid)
8132 break;
8133 }
8134 /* Release the DDC lines when done or the Apple Cinema HD display
8135 * will switch off
8136 */
8137 - algo_data->setsda(algo_data->data, 0);
8138 - algo_data->setscl(algo_data->data, 0);
8139 + algo_data->setsda(algo_data->data, 1);
8140 + algo_data->setscl(algo_data->data, 1);
8142 return edid;
8143 }
8144 diff --git a/drivers/video/macmodes.c b/drivers/video/macmodes.c
8145 index ab21495..083f603 100644
8146 --- a/drivers/video/macmodes.c
8147 +++ b/drivers/video/macmodes.c
8148 @@ -369,9 +369,8 @@ EXPORT_SYMBOL(mac_map_monitor_sense);
8149 *
8150 */
8152 -int __devinit mac_find_mode(struct fb_var_screeninfo *var,
8153 - struct fb_info *info, const char *mode_option,
8154 - unsigned int default_bpp)
8155 +int mac_find_mode(struct fb_var_screeninfo *var, struct fb_info *info,
8156 + const char *mode_option, unsigned int default_bpp)
8157 {
8158 const struct fb_videomode *db = NULL;
8159 unsigned int dbsize = 0;
8160 diff --git a/drivers/video/macmodes.h b/drivers/video/macmodes.h
8161 index babeb81..b86ba08 100644
8162 --- a/drivers/video/macmodes.h
8163 +++ b/drivers/video/macmodes.h
8164 @@ -55,10 +55,10 @@ extern int mac_vmode_to_var(int vmode, int cmode,
8165 extern int mac_var_to_vmode(const struct fb_var_screeninfo *var, int *vmode,
8166 int *cmode);
8167 extern int mac_map_monitor_sense(int sense);
8168 -extern int __devinit mac_find_mode(struct fb_var_screeninfo *var,
8169 - struct fb_info *info,
8170 - const char *mode_option,
8171 - unsigned int default_bpp);
8172 +extern int mac_find_mode(struct fb_var_screeninfo *var,
8173 + struct fb_info *info,
8174 + const char *mode_option,
8175 + unsigned int default_bpp);
8178 /*
8179 diff --git a/drivers/video/stifb.c b/drivers/video/stifb.c
8180 index c97709e..e7c8db2 100644
8181 --- a/drivers/video/stifb.c
8182 +++ b/drivers/video/stifb.c
8183 @@ -1100,13 +1100,18 @@ stifb_init_fb(struct sti_struct *sti, int bpp_pref)
8184 /* only supported cards are allowed */
8185 switch (fb->id) {
8186 case CRT_ID_VISUALIZE_EG:
8187 - /* look for a double buffering device like e.g. the
8188 - "INTERNAL_EG_DX1024" in the RDI precisionbook laptop
8189 - which won't work. The same device in non-double
8190 - buffering mode returns "INTERNAL_EG_X1024". */
8191 - if (strstr(sti->outptr.dev_name, "EG_DX")) {
8192 - printk(KERN_WARNING
8193 - "stifb: ignoring '%s'. Disable double buffering in IPL menu.\n",
8194 + /* Visualize cards can run either in "double buffer" or
8195 + "standard" mode. Depending on the mode, the card reports
8196 + a different device name, e.g. "INTERNAL_EG_DX1024" in double
8197 + buffer mode and "INTERNAL_EG_X1024" in standard mode.
8198 + Since this driver only supports standard mode, we check
8199 + if the device name contains the string "DX" and tell the
8200 + user how to reconfigure the card. */
8201 + if (strstr(sti->outptr.dev_name, "DX")) {
8202 + printk(KERN_WARNING "WARNING: stifb framebuffer driver does not "
8203 + "support '%s' in double-buffer mode.\n"
8204 + KERN_WARNING "WARNING: Please disable the double-buffer mode "
8205 + "in IPL menu (the PARISC-BIOS).\n",
8206 sti->outptr.dev_name);
8207 goto out_err0;
8208 }
8209 diff --git a/fs/9p/conv.c b/fs/9p/conv.c
8210 index a3ed571..923d75c 100644
8211 --- a/fs/9p/conv.c
8212 +++ b/fs/9p/conv.c
8213 @@ -742,6 +742,7 @@ struct v9fs_fcall *v9fs_create_twrite(u32 fid, u64 offset, u32 count,
8214 if (err) {
8215 kfree(fc);
8216 fc = ERR_PTR(err);
8217 + goto error;
8218 }
8220 if (buf_check_overflow(bufp)) {
8221 diff --git a/fs/afs/mntpt.c b/fs/afs/mntpt.c
8222 index a3684dc..6f8c96f 100644
8223 --- a/fs/afs/mntpt.c
8224 +++ b/fs/afs/mntpt.c
8225 @@ -235,8 +235,8 @@ static void *afs_mntpt_follow_link(struct dentry *dentry, struct nameidata *nd)
8226 err = do_add_mount(newmnt, nd, MNT_SHRINKABLE, &afs_vfsmounts);
8227 switch (err) {
8228 case 0:
8229 - mntput(nd->mnt);
8230 dput(nd->dentry);
8231 + mntput(nd->mnt);
8232 nd->mnt = newmnt;
8233 nd->dentry = dget(newmnt->mnt_root);
8234 schedule_delayed_work(&afs_mntpt_expiry_timer,
8235 diff --git a/fs/aio.c b/fs/aio.c
8236 index dbe699e..b3419c5 100644
8237 --- a/fs/aio.c
8238 +++ b/fs/aio.c
8239 @@ -303,7 +303,7 @@ static void wait_for_all_aios(struct kioctx *ctx)
8240 set_task_state(tsk, TASK_UNINTERRUPTIBLE);
8241 while (ctx->reqs_active) {
8242 spin_unlock_irq(&ctx->ctx_lock);
8243 - schedule();
8244 + io_schedule();
8245 set_task_state(tsk, TASK_UNINTERRUPTIBLE);
8246 spin_lock_irq(&ctx->ctx_lock);
8247 }
8248 @@ -323,7 +323,7 @@ ssize_t fastcall wait_on_sync_kiocb(struct kiocb *iocb)
8249 set_current_state(TASK_UNINTERRUPTIBLE);
8250 if (!iocb->ki_users)
8251 break;
8252 - schedule();
8253 + io_schedule();
8254 }
8255 __set_current_state(TASK_RUNNING);
8256 return iocb->ki_user_data;
8257 @@ -946,14 +946,6 @@ int fastcall aio_complete(struct kiocb *iocb, long res, long res2)
8258 return 1;
8259 }
8261 - /*
8262 - * Check if the user asked us to deliver the result through an
8263 - * eventfd. The eventfd_signal() function is safe to be called
8264 - * from IRQ context.
8265 - */
8266 - if (!IS_ERR(iocb->ki_eventfd))
8267 - eventfd_signal(iocb->ki_eventfd, 1);
8268 -
8269 info = &ctx->ring_info;
8271 /* add a completion event to the ring buffer.
8272 @@ -1002,6 +994,15 @@ int fastcall aio_complete(struct kiocb *iocb, long res, long res2)
8273 kunmap_atomic(ring, KM_IRQ1);
8275 pr_debug("added to ring %p at [%lu]\n", iocb, tail);
8276 +
8277 + /*
8278 + * Check if the user asked us to deliver the result through an
8279 + * eventfd. The eventfd_signal() function is safe to be called
8280 + * from IRQ context.
8281 + */
8282 + if (!IS_ERR(iocb->ki_eventfd))
8283 + eventfd_signal(iocb->ki_eventfd, 1);
8284 +
8285 put_rq:
8286 /* everything turned out well, dispose of the aiocb. */
8287 ret = __aio_put_req(ctx, iocb);
8288 @@ -1170,7 +1171,7 @@ retry:
8289 ret = 0;
8290 if (to.timed_out) /* Only check after read evt */
8291 break;
8292 - schedule();
8293 + io_schedule();
8294 if (signal_pending(tsk)) {
8295 ret = -EINTR;
8296 break;
8297 diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
8298 index 07838b2..d05c108 100644
8299 --- a/fs/cifs/cifs_debug.c
8300 +++ b/fs/cifs/cifs_debug.c
8301 @@ -901,90 +901,14 @@ security_flags_write(struct file *file, const char __user *buffer,
8302 }
8303 /* flags look ok - update the global security flags for cifs module */
8304 extended_security = flags;
8305 + if (extended_security & CIFSSEC_MUST_SIGN) {
8306 + /* requiring signing implies signing is allowed */
8307 + extended_security |= CIFSSEC_MAY_SIGN;
8308 + cFYI(1, ("packet signing now required"));
8309 + } else if ((extended_security & CIFSSEC_MAY_SIGN) == 0) {
8310 + cFYI(1, ("packet signing disabled"));
8311 + }
8312 + /* BB should we turn on MAY flags for other MUST options? */
8313 return count;
8314 }
8315 -
8316 -/* static int
8317 -ntlmv2_enabled_read(char *page, char **start, off_t off,
8318 - int count, int *eof, void *data)
8319 -{
8320 - int len;
8321 -
8322 - len = sprintf(page, "%d\n", ntlmv2_support);
8323 -
8324 - len -= off;
8325 - *start = page + off;
8326 -
8327 - if (len > count)
8328 - len = count;
8329 - else
8330 - *eof = 1;
8331 -
8332 - if (len < 0)
8333 - len = 0;
8334 -
8335 - return len;
8336 -}
8337 -static int
8338 -ntlmv2_enabled_write(struct file *file, const char __user *buffer,
8339 - unsigned long count, void *data)
8340 -{
8341 - char c;
8342 - int rc;
8343 -
8344 - rc = get_user(c, buffer);
8345 - if (rc)
8346 - return rc;
8347 - if (c == '0' || c == 'n' || c == 'N')
8348 - ntlmv2_support = 0;
8349 - else if (c == '1' || c == 'y' || c == 'Y')
8350 - ntlmv2_support = 1;
8351 - else if (c == '2')
8352 - ntlmv2_support = 2;
8353 -
8354 - return count;
8355 -}
8356 -
8357 -static int
8358 -packet_signing_enabled_read(char *page, char **start, off_t off,
8359 - int count, int *eof, void *data)
8360 -{
8361 - int len;
8362 -
8363 - len = sprintf(page, "%d\n", sign_CIFS_PDUs);
8364 -
8365 - len -= off;
8366 - *start = page + off;
8367 -
8368 - if (len > count)
8369 - len = count;
8370 - else
8371 - *eof = 1;
8372 -
8373 - if (len < 0)
8374 - len = 0;
8375 -
8376 - return len;
8377 -}
8378 -static int
8379 -packet_signing_enabled_write(struct file *file, const char __user *buffer,
8380 - unsigned long count, void *data)
8381 -{
8382 - char c;
8383 - int rc;
8384 -
8385 - rc = get_user(c, buffer);
8386 - if (rc)
8387 - return rc;
8388 - if (c == '0' || c == 'n' || c == 'N')
8389 - sign_CIFS_PDUs = 0;
8390 - else if (c == '1' || c == 'y' || c == 'Y')
8391 - sign_CIFS_PDUs = 1;
8392 - else if (c == '2')
8393 - sign_CIFS_PDUs = 2;
8394 -
8395 - return count;
8396 -} */
8397 -
8398 -
8399 #endif
8400 diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
8401 index 23655de..5d6f120 100644
8402 --- a/fs/cifs/cifsglob.h
8403 +++ b/fs/cifs/cifsglob.h
8404 @@ -442,6 +442,17 @@ struct dir_notify_req {
8405 #define CIFS_LARGE_BUFFER 2
8406 #define CIFS_IOVEC 4 /* array of response buffers */
8408 +/* Type of Request to SendReceive2 */
8409 +#define CIFS_STD_OP 0 /* normal request timeout */
8410 +#define CIFS_LONG_OP 1 /* long op (up to 45 sec, oplock time) */
8411 +#define CIFS_VLONG_OP 2 /* sloow op - can take up to 180 seconds */
8412 +#define CIFS_BLOCKING_OP 4 /* operation can block */
8413 +#define CIFS_ASYNC_OP 8 /* do not wait for response */
8414 +#define CIFS_TIMEOUT_MASK 0x00F /* only one of 5 above set in req */
8415 +#define CIFS_LOG_ERROR 0x010 /* log NT STATUS if non-zero */
8416 +#define CIFS_LARGE_BUF_OP 0x020 /* large request buffer */
8417 +#define CIFS_NO_RESP 0x040 /* no response buffer required */
8418 +
8419 /* Security Flags: indicate type of session setup needed */
8420 #define CIFSSEC_MAY_SIGN 0x00001
8421 #define CIFSSEC_MAY_NTLM 0x00002
8422 diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
8423 index 5d163e2..f324ccc 100644
8424 --- a/fs/cifs/cifsproto.h
8425 +++ b/fs/cifs/cifsproto.h
8426 @@ -48,9 +48,11 @@ extern int SendReceive(const unsigned int /* xid */ , struct cifsSesInfo *,
8427 struct smb_hdr * /* input */ ,
8428 struct smb_hdr * /* out */ ,
8429 int * /* bytes returned */ , const int long_op);
8430 +extern int SendReceiveNoRsp(const unsigned int xid, struct cifsSesInfo *ses,
8431 + struct smb_hdr *in_buf, int flags);
8432 extern int SendReceive2(const unsigned int /* xid */ , struct cifsSesInfo *,
8433 struct kvec *, int /* nvec to send */,
8434 - int * /* type of buf returned */ , const int long_op);
8435 + int * /* type of buf returned */ , const int flags);
8436 extern int SendReceiveBlockingLock(const unsigned int /* xid */ ,
8437 struct cifsTconInfo *,
8438 struct smb_hdr * /* input */ ,
8439 diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
8440 index 57419a1..db8d110 100644
8441 --- a/fs/cifs/cifssmb.c
8442 +++ b/fs/cifs/cifssmb.c
8443 @@ -426,11 +426,11 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
8445 /* if any of auth flags (ie not sign or seal) are overriden use them */
8446 if(ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
8447 - secFlags = ses->overrideSecFlg;
8448 + secFlags = ses->overrideSecFlg; /* BB FIXME fix sign flags? */
8449 else /* if override flags set only sign/seal OR them with global auth */
8450 secFlags = extended_security | ses->overrideSecFlg;
8452 - cFYI(1,("secFlags 0x%x",secFlags));
8453 + cFYI(1, ("secFlags 0x%x", secFlags));
8455 pSMB->hdr.Mid = GetNextMid(server);
8456 pSMB->hdr.Flags2 |= (SMBFLG2_UNICODE | SMBFLG2_ERR_STATUS);
8457 @@ -633,22 +633,32 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
8458 #ifdef CONFIG_CIFS_WEAK_PW_HASH
8459 signing_check:
8460 #endif
8461 - if(sign_CIFS_PDUs == FALSE) {
8462 + if ((secFlags & CIFSSEC_MAY_SIGN) == 0) {
8463 + /* MUST_SIGN already includes the MAY_SIGN FLAG
8464 + so if this is zero it means that signing is disabled */
8465 + cFYI(1, ("Signing disabled"));
8466 if(server->secMode & SECMODE_SIGN_REQUIRED)
8467 - cERROR(1,("Server requires "
8468 - "/proc/fs/cifs/PacketSigningEnabled to be on"));
8469 + cERROR(1, ("Server requires "
8470 + "/proc/fs/cifs/PacketSigningEnabled "
8471 + "to be on"));
8472 server->secMode &=
8473 ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
8474 - } else if(sign_CIFS_PDUs == 1) {
8475 + } else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
8476 + /* signing required */
8477 + cFYI(1, ("Must sign - secFlags 0x%x", secFlags));
8478 + if((server->secMode &
8479 + (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
8480 + cERROR(1,
8481 + ("signing required but server lacks support"));
8482 + } else
8483 + server->secMode |= SECMODE_SIGN_REQUIRED;
8484 + } else {
8485 + /* signing optional ie CIFSSEC_MAY_SIGN */
8486 if((server->secMode & SECMODE_SIGN_REQUIRED) == 0)
8487 - server->secMode &=
8488 + server->secMode &=
8489 ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
8490 - } else if(sign_CIFS_PDUs == 2) {
8491 - if((server->secMode &
8492 - (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
8493 - cERROR(1,("signing required but server lacks support"));
8494 - }
8495 }
8496 +
8497 neg_err_exit:
8498 cifs_buf_release(pSMB);
8500 @@ -660,9 +670,7 @@ int
8501 CIFSSMBTDis(const int xid, struct cifsTconInfo *tcon)
8502 {
8503 struct smb_hdr *smb_buffer;
8504 - struct smb_hdr *smb_buffer_response; /* BB removeme BB */
8505 int rc = 0;
8506 - int length;
8508 cFYI(1, ("In tree disconnect"));
8509 /*
8510 @@ -699,16 +707,12 @@ CIFSSMBTDis(const int xid, struct cifsTconInfo *tcon)
8511 if (rc) {
8512 up(&tcon->tconSem);
8513 return rc;
8514 - } else {
8515 - smb_buffer_response = smb_buffer; /* BB removeme BB */
8516 }
8517 - rc = SendReceive(xid, tcon->ses, smb_buffer, smb_buffer_response,
8518 - &length, 0);
8519 +
8520 + rc = SendReceiveNoRsp(xid, tcon->ses, smb_buffer, 0);
8521 if (rc)
8522 cFYI(1, ("Tree disconnect failed %d", rc));
8524 - if (smb_buffer)
8525 - cifs_small_buf_release(smb_buffer);
8526 up(&tcon->tconSem);
8528 /* No need to return error on this operation if tid invalidated and
8529 @@ -722,10 +726,8 @@ CIFSSMBTDis(const int xid, struct cifsTconInfo *tcon)
8530 int
8531 CIFSSMBLogoff(const int xid, struct cifsSesInfo *ses)
8532 {
8533 - struct smb_hdr *smb_buffer_response;
8534 LOGOFF_ANDX_REQ *pSMB;
8535 int rc = 0;
8536 - int length;
8538 cFYI(1, ("In SMBLogoff for session disconnect"));
8539 if (ses)
8540 @@ -744,8 +746,6 @@ CIFSSMBLogoff(const int xid, struct cifsSesInfo *ses)
8541 return rc;
8542 }
8544 - smb_buffer_response = (struct smb_hdr *)pSMB; /* BB removeme BB */
8545 -
8546 if(ses->server) {
8547 pSMB->hdr.Mid = GetNextMid(ses->server);
8549 @@ -757,8 +757,7 @@ CIFSSMBLogoff(const int xid, struct cifsSesInfo *ses)
8550 pSMB->hdr.Uid = ses->Suid;
8552 pSMB->AndXCommand = 0xFF;
8553 - rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB,
8554 - smb_buffer_response, &length, 0);
8555 + rc = SendReceiveNoRsp(xid, ses, (struct smb_hdr *) pSMB, 0);
8556 if (ses->server) {
8557 atomic_dec(&ses->server->socketUseCount);
8558 if (atomic_read(&ses->server->socketUseCount) == 0) {
8559 @@ -769,7 +768,6 @@ CIFSSMBLogoff(const int xid, struct cifsSesInfo *ses)
8560 }
8561 }
8562 up(&ses->sesSem);
8563 - cifs_small_buf_release(pSMB);
8565 /* if session dead then we do not need to do ulogoff,
8566 since server closed smb session, no sense reporting
8567 @@ -1143,7 +1141,7 @@ OldOpenRetry:
8568 pSMB->ByteCount = cpu_to_le16(count);
8569 /* long_op set to 1 to allow for oplock break timeouts */
8570 rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8571 - (struct smb_hdr *) pSMBr, &bytes_returned, 1);
8572 + (struct smb_hdr *)pSMBr, &bytes_returned, CIFS_LONG_OP);
8573 cifs_stats_inc(&tcon->num_opens);
8574 if (rc) {
8575 cFYI(1, ("Error in Open = %d", rc));
8576 @@ -1257,7 +1255,7 @@ openRetry:
8577 pSMB->ByteCount = cpu_to_le16(count);
8578 /* long_op set to 1 to allow for oplock break timeouts */
8579 rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8580 - (struct smb_hdr *) pSMBr, &bytes_returned, 1);
8581 + (struct smb_hdr *)pSMBr, &bytes_returned, CIFS_LONG_OP);
8582 cifs_stats_inc(&tcon->num_opens);
8583 if (rc) {
8584 cFYI(1, ("Error in Open = %d", rc));
8585 @@ -1337,7 +1335,7 @@ CIFSSMBRead(const int xid, struct cifsTconInfo *tcon,
8586 iov[0].iov_len = pSMB->hdr.smb_buf_length + 4;
8587 rc = SendReceive2(xid, tcon->ses, iov,
8588 1 /* num iovecs */,
8589 - &resp_buf_type, 0);
8590 + &resp_buf_type, CIFS_STD_OP | CIFS_LOG_ERROR);
8591 cifs_stats_inc(&tcon->num_reads);
8592 pSMBr = (READ_RSP *)iov[0].iov_base;
8593 if (rc) {
8594 @@ -1596,7 +1594,7 @@ CIFSSMBLock(const int xid, struct cifsTconInfo *tcon,
8595 int timeout = 0;
8596 __u16 count;
8598 - cFYI(1, ("In CIFSSMBLock - timeout %d numLock %d",waitFlag,numLock));
8599 + cFYI(1, ("CIFSSMBLock timeout %d numLock %d", waitFlag, numLock));
8600 rc = small_smb_init(SMB_COM_LOCKING_ANDX, 8, tcon, (void **) &pSMB);
8602 if (rc)
8603 @@ -1605,10 +1603,10 @@ CIFSSMBLock(const int xid, struct cifsTconInfo *tcon,
8604 pSMBr = (LOCK_RSP *)pSMB; /* BB removeme BB */
8606 if(lockType == LOCKING_ANDX_OPLOCK_RELEASE) {
8607 - timeout = -1; /* no response expected */
8608 + timeout = CIFS_ASYNC_OP; /* no response expected */
8609 pSMB->Timeout = 0;
8610 } else if (waitFlag == TRUE) {
8611 - timeout = 3; /* blocking operation, no timeout */
8612 + timeout = CIFS_BLOCKING_OP; /* blocking operation, no timeout */
8613 pSMB->Timeout = cpu_to_le32(-1);/* blocking - do not time out */
8614 } else {
8615 pSMB->Timeout = 0;
8616 @@ -1638,15 +1636,16 @@ CIFSSMBLock(const int xid, struct cifsTconInfo *tcon,
8617 if (waitFlag) {
8618 rc = SendReceiveBlockingLock(xid, tcon, (struct smb_hdr *) pSMB,
8619 (struct smb_hdr *) pSMBr, &bytes_returned);
8620 + cifs_small_buf_release(pSMB);
8621 } else {
8622 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8623 - (struct smb_hdr *) pSMBr, &bytes_returned, timeout);
8624 + rc = SendReceiveNoRsp(xid, tcon->ses, (struct smb_hdr *)pSMB,
8625 + timeout);
8626 + /* SMB buffer freed by function above */
8627 }
8628 cifs_stats_inc(&tcon->num_locks);
8629 if (rc) {
8630 cFYI(1, ("Send error in Lock = %d", rc));
8631 }
8632 - cifs_small_buf_release(pSMB);
8634 /* Note: On -EAGAIN error only caller can retry on handle based calls
8635 since file handle passed in no longer valid */
8636 @@ -1666,7 +1665,9 @@ CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon,
8637 int rc = 0;
8638 int timeout = 0;
8639 int bytes_returned = 0;
8640 + int resp_buf_type = 0;
8641 __u16 params, param_offset, offset, byte_count, count;
8642 + struct kvec iov[1];
8644 cFYI(1, ("Posix Lock"));
8646 @@ -1710,7 +1711,7 @@ CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon,
8648 parm_data->lock_type = cpu_to_le16(lock_type);
8649 if(waitFlag) {
8650 - timeout = 3; /* blocking operation, no timeout */
8651 + timeout = CIFS_BLOCKING_OP; /* blocking operation, no timeout */
8652 parm_data->lock_flags = cpu_to_le16(1);
8653 pSMB->Timeout = cpu_to_le32(-1);
8654 } else
8655 @@ -1730,8 +1731,13 @@ CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon,
8656 rc = SendReceiveBlockingLock(xid, tcon, (struct smb_hdr *) pSMB,
8657 (struct smb_hdr *) pSMBr, &bytes_returned);
8658 } else {
8659 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8660 - (struct smb_hdr *) pSMBr, &bytes_returned, timeout);
8661 + iov[0].iov_base = (char *)pSMB;
8662 + iov[0].iov_len = pSMB->hdr.smb_buf_length + 4;
8663 + rc = SendReceive2(xid, tcon->ses, iov, 1 /* num iovecs */,
8664 + &resp_buf_type, timeout);
8665 + pSMB = NULL; /* request buf already freed by SendReceive2. Do
8666 + not try to free it twice below on exit */
8667 + pSMBr = (struct smb_com_transaction2_sfi_rsp *)iov[0].iov_base;
8668 }
8670 if (rc) {
8671 @@ -1766,6 +1772,11 @@ plk_err_exit:
8672 if (pSMB)
8673 cifs_small_buf_release(pSMB);
8675 + if (resp_buf_type == CIFS_SMALL_BUFFER)
8676 + cifs_small_buf_release(iov[0].iov_base);
8677 + else if (resp_buf_type == CIFS_LARGE_BUFFER)
8678 + cifs_buf_release(iov[0].iov_base);
8679 +
8680 /* Note: On -EAGAIN error only caller can retry on handle based calls
8681 since file handle passed in no longer valid */
8683 @@ -1778,8 +1789,6 @@ CIFSSMBClose(const int xid, struct cifsTconInfo *tcon, int smb_file_id)
8684 {
8685 int rc = 0;
8686 CLOSE_REQ *pSMB = NULL;
8687 - CLOSE_RSP *pSMBr = NULL;
8688 - int bytes_returned;
8689 cFYI(1, ("In CIFSSMBClose"));
8691 /* do not retry on dead session on close */
8692 @@ -1789,13 +1798,10 @@ CIFSSMBClose(const int xid, struct cifsTconInfo *tcon, int smb_file_id)
8693 if (rc)
8694 return rc;
8696 - pSMBr = (CLOSE_RSP *)pSMB; /* BB removeme BB */
8697 -
8698 pSMB->FileID = (__u16) smb_file_id;
8699 pSMB->LastWriteTime = 0xFFFFFFFF;
8700 pSMB->ByteCount = 0;
8701 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8702 - (struct smb_hdr *) pSMBr, &bytes_returned, 0);
8703 + rc = SendReceiveNoRsp(xid, tcon->ses, (struct smb_hdr *) pSMB, 0);
8704 cifs_stats_inc(&tcon->num_closes);
8705 if (rc) {
8706 if(rc!=-EINTR) {
8707 @@ -1804,8 +1810,6 @@ CIFSSMBClose(const int xid, struct cifsTconInfo *tcon, int smb_file_id)
8708 }
8709 }
8711 - cifs_small_buf_release(pSMB);
8712 -
8713 /* Since session is dead, file will be closed on server already */
8714 if(rc == -EAGAIN)
8715 rc = 0;
8716 @@ -2989,7 +2993,8 @@ CIFSSMBGetCIFSACL(const int xid, struct cifsTconInfo *tcon, __u16 fid,
8717 iov[0].iov_base = (char *)pSMB;
8718 iov[0].iov_len = pSMB->hdr.smb_buf_length + 4;
8720 - rc = SendReceive2(xid, tcon->ses, iov, 1 /* num iovec */, &buf_type, 0);
8721 + rc = SendReceive2(xid, tcon->ses, iov, 1 /* num iovec */, &buf_type,
8722 + CIFS_STD_OP);
8723 cifs_stats_inc(&tcon->num_acl_get);
8724 if (rc) {
8725 cFYI(1, ("Send error in QuerySecDesc = %d", rc));
8726 @@ -3634,8 +3639,6 @@ CIFSFindClose(const int xid, struct cifsTconInfo *tcon, const __u16 searchHandle
8727 {
8728 int rc = 0;
8729 FINDCLOSE_REQ *pSMB = NULL;
8730 - CLOSE_RSP *pSMBr = NULL; /* BB removeme BB */
8731 - int bytes_returned;
8733 cFYI(1, ("In CIFSSMBFindClose"));
8734 rc = small_smb_init(SMB_COM_FIND_CLOSE2, 1, tcon, (void **)&pSMB);
8735 @@ -3647,16 +3650,13 @@ CIFSFindClose(const int xid, struct cifsTconInfo *tcon, const __u16 searchHandle
8736 if (rc)
8737 return rc;
8739 - pSMBr = (CLOSE_RSP *)pSMB; /* BB removeme BB */
8740 pSMB->FileID = searchHandle;
8741 pSMB->ByteCount = 0;
8742 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8743 - (struct smb_hdr *) pSMBr, &bytes_returned, 0);
8744 + rc = SendReceiveNoRsp(xid, tcon->ses, (struct smb_hdr *) pSMB, 0);
8745 if (rc) {
8746 cERROR(1, ("Send error in FindClose = %d", rc));
8747 }
8748 cifs_stats_inc(&tcon->num_fclose);
8749 - cifs_small_buf_release(pSMB);
8751 /* Since session is dead, search handle closed on server already */
8752 if (rc == -EAGAIN)
8753 @@ -4571,11 +4571,9 @@ CIFSSMBSetFileSize(const int xid, struct cifsTconInfo *tcon, __u64 size,
8754 __u16 fid, __u32 pid_of_opener, int SetAllocation)
8755 {
8756 struct smb_com_transaction2_sfi_req *pSMB = NULL;
8757 - struct smb_com_transaction2_sfi_rsp *pSMBr = NULL;
8758 char *data_offset;
8759 struct file_end_of_file_info *parm_data;
8760 int rc = 0;
8761 - int bytes_returned = 0;
8762 __u16 params, param_offset, offset, byte_count, count;
8764 cFYI(1, ("SetFileSize (via SetFileInfo) %lld",
8765 @@ -4585,8 +4583,6 @@ CIFSSMBSetFileSize(const int xid, struct cifsTconInfo *tcon, __u64 size,
8766 if (rc)
8767 return rc;
8769 - pSMBr = (struct smb_com_transaction2_sfi_rsp *)pSMB;
8770 -
8771 pSMB->hdr.Pid = cpu_to_le16((__u16)pid_of_opener);
8772 pSMB->hdr.PidHigh = cpu_to_le16((__u16)(pid_of_opener >> 16));
8774 @@ -4637,17 +4633,13 @@ CIFSSMBSetFileSize(const int xid, struct cifsTconInfo *tcon, __u64 size,
8775 pSMB->Reserved4 = 0;
8776 pSMB->hdr.smb_buf_length += byte_count;
8777 pSMB->ByteCount = cpu_to_le16(byte_count);
8778 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8779 - (struct smb_hdr *) pSMBr, &bytes_returned, 0);
8780 + rc = SendReceiveNoRsp(xid, tcon->ses, (struct smb_hdr *) pSMB, 0);
8781 if (rc) {
8782 cFYI(1,
8783 ("Send error in SetFileInfo (SetFileSize) = %d",
8784 rc));
8785 }
8787 - if (pSMB)
8788 - cifs_small_buf_release(pSMB);
8789 -
8790 /* Note: On -EAGAIN error only caller can retry on handle based calls
8791 since file handle passed in no longer valid */
8793 @@ -4665,10 +4657,8 @@ CIFSSMBSetFileTimes(const int xid, struct cifsTconInfo *tcon, const FILE_BASIC_I
8794 __u16 fid)
8795 {
8796 struct smb_com_transaction2_sfi_req *pSMB = NULL;
8797 - struct smb_com_transaction2_sfi_rsp *pSMBr = NULL;
8798 char *data_offset;
8799 int rc = 0;
8800 - int bytes_returned = 0;
8801 __u16 params, param_offset, offset, byte_count, count;
8803 cFYI(1, ("Set Times (via SetFileInfo)"));
8804 @@ -4677,8 +4667,6 @@ CIFSSMBSetFileTimes(const int xid, struct cifsTconInfo *tcon, const FILE_BASIC_I
8805 if (rc)
8806 return rc;
8808 - pSMBr = (struct smb_com_transaction2_sfi_rsp *)pSMB;
8809 -
8810 /* At this point there is no need to override the current pid
8811 with the pid of the opener, but that could change if we someday
8812 use an existing handle (rather than opening one on the fly) */
8813 @@ -4718,14 +4706,11 @@ CIFSSMBSetFileTimes(const int xid, struct cifsTconInfo *tcon, const FILE_BASIC_I
8814 pSMB->hdr.smb_buf_length += byte_count;
8815 pSMB->ByteCount = cpu_to_le16(byte_count);
8816 memcpy(data_offset,data,sizeof(FILE_BASIC_INFO));
8817 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8818 - (struct smb_hdr *) pSMBr, &bytes_returned, 0);
8819 + rc = SendReceiveNoRsp(xid, tcon->ses, (struct smb_hdr *) pSMB, 0);
8820 if (rc) {
8821 cFYI(1,("Send error in Set Time (SetFileInfo) = %d",rc));
8822 }
8824 - cifs_small_buf_release(pSMB);
8825 -
8826 /* Note: On -EAGAIN error only caller can retry on handle based calls
8827 since file handle passed in no longer valid */
8829 @@ -5016,7 +5001,8 @@ int CIFSSMBNotify(const int xid, struct cifsTconInfo *tcon,
8830 pSMB->ByteCount = 0;
8832 rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8833 - (struct smb_hdr *) pSMBr, &bytes_returned, -1);
8834 + (struct smb_hdr *)pSMBr, &bytes_returned,
8835 + CIFS_ASYNC_OP);
8836 if (rc) {
8837 cFYI(1, ("Error in Notify = %d", rc));
8838 } else {
8839 diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
8840 index f4e9266..8579c9e 100644
8841 --- a/fs/cifs/connect.c
8842 +++ b/fs/cifs/connect.c
8843 @@ -2273,7 +2273,7 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
8844 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
8846 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
8847 - &bytes_returned, 1);
8848 + &bytes_returned, CIFS_LONG_OP);
8849 if (rc) {
8850 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
8851 } else if ((smb_buffer_response->WordCount == 3)
8852 @@ -2559,7 +2559,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
8853 pSMB->req.ByteCount = cpu_to_le16(count);
8855 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
8856 - &bytes_returned, 1);
8857 + &bytes_returned, CIFS_LONG_OP);
8859 if (smb_buffer_response->Status.CifsError ==
8860 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
8861 @@ -2985,7 +2985,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
8862 pSMB->req.ByteCount = cpu_to_le16(count);
8864 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
8865 - &bytes_returned, 1);
8866 + &bytes_returned, CIFS_LONG_OP);
8867 if (rc) {
8868 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
8869 } else if ((smb_buffer_response->WordCount == 3)
8870 @@ -3256,7 +3256,8 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
8871 pSMB->hdr.smb_buf_length += count;
8872 pSMB->ByteCount = cpu_to_le16(count);
8874 - rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
8875 + rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
8876 + CIFS_STD_OP);
8878 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
8879 /* above now done in SendReceive */
8880 diff --git a/fs/cifs/file.c b/fs/cifs/file.c
8881 index 94d5b49..a2c9e7a 100644
8882 --- a/fs/cifs/file.c
8883 +++ b/fs/cifs/file.c
8884 @@ -809,9 +809,9 @@ ssize_t cifs_user_write(struct file *file, const char __user *write_data,
8885 xid = GetXid();
8887 if (*poffset > file->f_path.dentry->d_inode->i_size)
8888 - long_op = 2; /* writes past end of file can take a long time */
8889 + long_op = CIFS_VLONG_OP; /* writes past EOF take long time */
8890 else
8891 - long_op = 1;
8892 + long_op = CIFS_LONG_OP;
8894 for (total_written = 0; write_size > total_written;
8895 total_written += bytes_written) {
8896 @@ -858,7 +858,7 @@ ssize_t cifs_user_write(struct file *file, const char __user *write_data,
8897 }
8898 } else
8899 *poffset += bytes_written;
8900 - long_op = FALSE; /* subsequent writes fast -
8901 + long_op = CIFS_STD_OP; /* subsequent writes fast -
8902 15 seconds is plenty */
8903 }
8905 @@ -908,9 +908,9 @@ static ssize_t cifs_write(struct file *file, const char *write_data,
8906 xid = GetXid();
8908 if (*poffset > file->f_path.dentry->d_inode->i_size)
8909 - long_op = 2; /* writes past end of file can take a long time */
8910 + long_op = CIFS_VLONG_OP; /* writes past EOF can be slow */
8911 else
8912 - long_op = 1;
8913 + long_op = CIFS_LONG_OP;
8915 for (total_written = 0; write_size > total_written;
8916 total_written += bytes_written) {
8917 @@ -976,7 +976,7 @@ static ssize_t cifs_write(struct file *file, const char *write_data,
8918 }
8919 } else
8920 *poffset += bytes_written;
8921 - long_op = FALSE; /* subsequent writes fast -
8922 + long_op = CIFS_STD_OP; /* subsequent writes fast -
8923 15 seconds is plenty */
8924 }
8926 @@ -1276,7 +1276,7 @@ retry:
8927 open_file->netfid,
8928 bytes_to_write, offset,
8929 &bytes_written, iov, n_iov,
8930 - 1);
8931 + CIFS_LONG_OP);
8932 atomic_dec(&open_file->wrtPending);
8933 if (rc || bytes_written < bytes_to_write) {
8934 cERROR(1,("Write2 ret %d, written = %d",
8935 diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
8936 index 7584646..9834895 100644
8937 --- a/fs/cifs/sess.c
8938 +++ b/fs/cifs/sess.c
8939 @@ -489,7 +489,8 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
8941 iov[1].iov_base = str_area;
8942 iov[1].iov_len = count;
8943 - rc = SendReceive2(xid, ses, iov, 2 /* num_iovecs */, &resp_buf_type, 0);
8944 + rc = SendReceive2(xid, ses, iov, 2 /* num_iovecs */, &resp_buf_type,
8945 + CIFS_STD_OP /* not long */ | CIFS_LOG_ERROR);
8946 /* SMB request buf freed in SendReceive2 */
8948 cFYI(1,("ssetup rc from sendrecv2 is %d",rc));
8949 diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c
8950 index 5f46845..473962f 100644
8951 --- a/fs/cifs/transport.c
8952 +++ b/fs/cifs/transport.c
8953 @@ -308,7 +308,7 @@ smb_send2(struct socket *ssocket, struct kvec *iov, int n_vec,
8955 static int wait_for_free_request(struct cifsSesInfo *ses, const int long_op)
8956 {
8957 - if(long_op == -1) {
8958 + if (long_op == CIFS_ASYNC_OP) {
8959 /* oplock breaks must not be held up */
8960 atomic_inc(&ses->server->inFlight);
8961 } else {
8962 @@ -337,7 +337,7 @@ static int wait_for_free_request(struct cifsSesInfo *ses, const int long_op)
8963 they are allowed to block on server */
8965 /* update # of requests on the wire to server */
8966 - if (long_op < 3)
8967 + if (long_op != CIFS_BLOCKING_OP)
8968 atomic_inc(&ses->server->inFlight);
8969 spin_unlock(&GlobalMid_Lock);
8970 break;
8971 @@ -416,17 +416,48 @@ static int wait_for_response(struct cifsSesInfo *ses,
8972 }
8973 }
8975 +
8976 +/*
8977 + *
8978 + * Send an SMB Request. No response info (other than return code)
8979 + * needs to be parsed.
8980 + *
8981 + * flags indicate the type of request buffer and how long to wait
8982 + * and whether to log NT STATUS code (error) before mapping it to POSIX error
8983 + *
8984 + */
8985 +int
8986 +SendReceiveNoRsp(const unsigned int xid, struct cifsSesInfo *ses,
8987 + struct smb_hdr *in_buf, int flags)
8988 +{
8989 + int rc;
8990 + struct kvec iov[1];
8991 + int resp_buf_type;
8992 +
8993 + iov[0].iov_base = (char *)in_buf;
8994 + iov[0].iov_len = in_buf->smb_buf_length + 4;
8995 + flags |= CIFS_NO_RESP;
8996 + rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags);
8997 +#ifdef CONFIG_CIFS_DEBUG2
8998 + cFYI(1, ("SendRcvNoR flags %d rc %d", flags, rc));
8999 +#endif
9000 + return rc;
9001 +}
9002 +
9003 int
9004 SendReceive2(const unsigned int xid, struct cifsSesInfo *ses,
9005 struct kvec *iov, int n_vec, int * pRespBufType /* ret */,
9006 - const int long_op)
9007 + const int flags)
9008 {
9009 int rc = 0;
9010 + int long_op;
9011 unsigned int receive_len;
9012 unsigned long timeout;
9013 struct mid_q_entry *midQ;
9014 struct smb_hdr *in_buf = iov[0].iov_base;
9016 + long_op = flags & CIFS_TIMEOUT_MASK;
9017 +
9018 *pRespBufType = CIFS_NO_BUFFER; /* no response buf yet */
9020 if ((ses == NULL) || (ses->server == NULL)) {
9021 @@ -485,15 +516,22 @@ SendReceive2(const unsigned int xid, struct cifsSesInfo *ses,
9022 if(rc < 0)
9023 goto out;
9025 - if (long_op == -1)
9026 - goto out;
9027 - else if (long_op == 2) /* writes past end of file can take loong time */
9028 + if (long_op == CIFS_STD_OP)
9029 + timeout = 15 * HZ;
9030 + else if (long_op == CIFS_VLONG_OP) /* e.g. slow writes past EOF */
9031 timeout = 180 * HZ;
9032 - else if (long_op == 1)
9033 + else if (long_op == CIFS_LONG_OP)
9034 timeout = 45 * HZ; /* should be greater than
9035 servers oplock break timeout (about 43 seconds) */
9036 - else
9037 - timeout = 15 * HZ;
9038 + else if (long_op == CIFS_ASYNC_OP)
9039 + goto out;
9040 + else if (long_op == CIFS_BLOCKING_OP)
9041 + timeout = 0x7FFFFFFF; /* large, but not so large as to wrap */
9042 + else {
9043 + cERROR(1, ("unknown timeout flag %d", long_op));
9044 + rc = -EIO;
9045 + goto out;
9046 + }
9048 /* wait for 15 seconds or until woken up due to response arriving or
9049 due to last connection to this server being unmounted */
9050 @@ -578,8 +616,10 @@ SendReceive2(const unsigned int xid, struct cifsSesInfo *ses,
9051 (2 * midQ->resp_buf->WordCount) + 2 /* bcc */ )
9052 BCC(midQ->resp_buf) =
9053 le16_to_cpu(BCC_LE(midQ->resp_buf));
9054 - midQ->resp_buf = NULL; /* mark it so will not be freed
9055 - by DeleteMidQEntry */
9056 + if ((flags & CIFS_NO_RESP) == 0)
9057 + midQ->resp_buf = NULL; /* mark it so buf will
9058 + not be freed by
9059 + DeleteMidQEntry */
9060 } else {
9061 rc = -EIO;
9062 cFYI(1,("Bad MID state?"));
9063 @@ -667,17 +707,25 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses,
9064 if(rc < 0)
9065 goto out;
9067 - if (long_op == -1)
9068 + if (long_op == CIFS_STD_OP)
9069 + timeout = 15 * HZ;
9070 + /* wait for 15 seconds or until woken up due to response arriving or
9071 + due to last connection to this server being unmounted */
9072 + else if (long_op == CIFS_ASYNC_OP)
9073 goto out;
9074 - else if (long_op == 2) /* writes past end of file can take loong time */
9075 + else if (long_op == CIFS_VLONG_OP) /* writes past EOF can be slow */
9076 timeout = 180 * HZ;
9077 - else if (long_op == 1)
9078 + else if (long_op == CIFS_LONG_OP)
9079 timeout = 45 * HZ; /* should be greater than
9080 servers oplock break timeout (about 43 seconds) */
9081 - else
9082 - timeout = 15 * HZ;
9083 - /* wait for 15 seconds or until woken up due to response arriving or
9084 - due to last connection to this server being unmounted */
9085 + else if (long_op == CIFS_BLOCKING_OP)
9086 + timeout = 0x7FFFFFFF; /* large but no so large as to wrap */
9087 + else {
9088 + cERROR(1, ("unknown timeout flag %d", long_op));
9089 + rc = -EIO;
9090 + goto out;
9091 + }
9092 +
9093 if (signal_pending(current)) {
9094 /* if signal pending do not hold up user for full smb timeout
9095 but we still give response a chance to complete */
9096 @@ -817,7 +865,7 @@ send_lock_cancel(const unsigned int xid, struct cifsTconInfo *tcon,
9097 pSMB->hdr.Mid = GetNextMid(ses->server);
9099 return SendReceive(xid, ses, in_buf, out_buf,
9100 - &bytes_returned, 0);
9101 + &bytes_returned, CIFS_STD_OP);
9102 }
9104 int
9105 @@ -849,7 +897,7 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon,
9106 to the same server. We may make this configurable later or
9107 use ses->maxReq */
9109 - rc = wait_for_free_request(ses, 3);
9110 + rc = wait_for_free_request(ses, CIFS_BLOCKING_OP);
9111 if (rc)
9112 return rc;
9114 diff --git a/fs/dcache.c b/fs/dcache.c
9115 index 0e73aa0..c54dc50 100644
9116 --- a/fs/dcache.c
9117 +++ b/fs/dcache.c
9118 @@ -1407,9 +1407,6 @@ void d_delete(struct dentry * dentry)
9119 if (atomic_read(&dentry->d_count) == 1) {
9120 dentry_iput(dentry);
9121 fsnotify_nameremove(dentry, isdir);
9122 -
9123 - /* remove this and other inotify debug checks after 2.6.18 */
9124 - dentry->d_flags &= ~DCACHE_INOTIFY_PARENT_WATCHED;
9125 return;
9126 }
9128 diff --git a/fs/direct-io.c b/fs/direct-io.c
9129 index 52bb263..6874785 100644
9130 --- a/fs/direct-io.c
9131 +++ b/fs/direct-io.c
9132 @@ -974,6 +974,7 @@ direct_io_worker(int rw, struct kiocb *iocb, struct inode *inode,
9133 dio->get_block = get_block;
9134 dio->end_io = end_io;
9135 dio->map_bh.b_private = NULL;
9136 + dio->map_bh.b_state = 0;
9137 dio->final_block_in_bio = -1;
9138 dio->next_block_for_io = -1;
9140 diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
9141 index 83e94fe..9c6877c 100644
9142 --- a/fs/ecryptfs/inode.c
9143 +++ b/fs/ecryptfs/inode.c
9144 @@ -902,8 +902,9 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
9145 mutex_lock(&crypt_stat->cs_mutex);
9146 if (S_ISDIR(dentry->d_inode->i_mode))
9147 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
9148 - else if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
9149 - || !(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
9150 + else if (S_ISREG(dentry->d_inode->i_mode)
9151 + && (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
9152 + || !(crypt_stat->flags & ECRYPTFS_KEY_VALID))) {
9153 struct vfsmount *lower_mnt;
9154 struct file *lower_file = NULL;
9155 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
9156 diff --git a/fs/exec.c b/fs/exec.c
9157 index f20561f..224e973 100644
9158 --- a/fs/exec.c
9159 +++ b/fs/exec.c
9160 @@ -586,18 +586,12 @@ static int de_thread(struct task_struct *tsk)
9161 int count;
9163 /*
9164 - * Tell all the sighand listeners that this sighand has
9165 - * been detached. The signalfd_detach() function grabs the
9166 - * sighand lock, if signal listeners are present on the sighand.
9167 - */
9168 - signalfd_detach(tsk);
9169 -
9170 - /*
9171 * If we don't share sighandlers, then we aren't sharing anything
9172 * and we can just re-use it all.
9173 */
9174 if (atomic_read(&oldsighand->count) <= 1) {
9175 BUG_ON(atomic_read(&sig->count) != 1);
9176 + signalfd_detach(tsk);
9177 exit_itimers(sig);
9178 return 0;
9179 }
9180 @@ -736,6 +730,7 @@ static int de_thread(struct task_struct *tsk)
9181 sig->flags = 0;
9183 no_thread_group:
9184 + signalfd_detach(tsk);
9185 exit_itimers(sig);
9186 if (leader)
9187 release_task(leader);
9188 @@ -890,9 +885,12 @@ int flush_old_exec(struct linux_binprm * bprm)
9189 */
9190 current->mm->task_size = TASK_SIZE;
9192 - if (bprm->e_uid != current->euid || bprm->e_gid != current->egid ||
9193 - file_permission(bprm->file, MAY_READ) ||
9194 - (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
9195 + if (bprm->e_uid != current->euid || bprm->e_gid != current->egid) {
9196 + suid_keys(current);
9197 + current->mm->dumpable = suid_dumpable;
9198 + current->pdeath_signal = 0;
9199 + } else if (file_permission(bprm->file, MAY_READ) ||
9200 + (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
9201 suid_keys(current);
9202 current->mm->dumpable = suid_dumpable;
9203 }
9204 @@ -983,8 +981,10 @@ void compute_creds(struct linux_binprm *bprm)
9205 {
9206 int unsafe;
9208 - if (bprm->e_uid != current->uid)
9209 + if (bprm->e_uid != current->uid) {
9210 suid_keys(current);
9211 + current->pdeath_signal = 0;
9212 + }
9213 exec_keys(current);
9215 task_lock(current);
9216 @@ -1561,6 +1561,12 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
9217 but keep the previous behaviour for now. */
9218 if (!ispipe && !S_ISREG(inode->i_mode))
9219 goto close_fail;
9220 + /*
9221 + * Dont allow local users get cute and trick others to coredump
9222 + * into their pre-created files:
9223 + */
9224 + if (inode->i_uid != current->fsuid)
9225 + goto close_fail;
9226 if (!file->f_op)
9227 goto close_fail;
9228 if (!file->f_op->write)
9229 diff --git a/fs/ext3/namei.c b/fs/ext3/namei.c
9230 index 9bb046d..e54eb5f 100644
9231 --- a/fs/ext3/namei.c
9232 +++ b/fs/ext3/namei.c
9233 @@ -140,7 +140,8 @@ struct dx_frame
9234 struct dx_map_entry
9235 {
9236 u32 hash;
9237 - u32 offs;
9238 + u16 offs;
9239 + u16 size;
9240 };
9242 #ifdef CONFIG_EXT3_INDEX
9243 @@ -379,13 +380,28 @@ dx_probe(struct dentry *dentry, struct inode *dir,
9245 entries = (struct dx_entry *) (((char *)&root->info) +
9246 root->info.info_length);
9247 - assert(dx_get_limit(entries) == dx_root_limit(dir,
9248 - root->info.info_length));
9249 +
9250 + if (dx_get_limit(entries) != dx_root_limit(dir,
9251 + root->info.info_length)) {
9252 + ext3_warning(dir->i_sb, __FUNCTION__,
9253 + "dx entry: limit != root limit");
9254 + brelse(bh);
9255 + *err = ERR_BAD_DX_DIR;
9256 + goto fail;
9257 + }
9258 +
9259 dxtrace (printk("Look up %x", hash));
9260 while (1)
9261 {
9262 count = dx_get_count(entries);
9263 - assert (count && count <= dx_get_limit(entries));
9264 + if (!count || count > dx_get_limit(entries)) {
9265 + ext3_warning(dir->i_sb, __FUNCTION__,
9266 + "dx entry: no count or count > limit");
9267 + brelse(bh);
9268 + *err = ERR_BAD_DX_DIR;
9269 + goto fail2;
9270 + }
9271 +
9272 p = entries + 1;
9273 q = entries + count - 1;
9274 while (p <= q)
9275 @@ -423,8 +439,15 @@ dx_probe(struct dentry *dentry, struct inode *dir,
9276 if (!(bh = ext3_bread (NULL,dir, dx_get_block(at), 0, err)))
9277 goto fail2;
9278 at = entries = ((struct dx_node *) bh->b_data)->entries;
9279 - assert (dx_get_limit(entries) == dx_node_limit (dir));
9280 + if (dx_get_limit(entries) != dx_node_limit (dir)) {
9281 + ext3_warning(dir->i_sb, __FUNCTION__,
9282 + "dx entry: limit != node limit");
9283 + brelse(bh);
9284 + *err = ERR_BAD_DX_DIR;
9285 + goto fail2;
9286 + }
9287 frame++;
9288 + frame->bh = NULL;
9289 }
9290 fail2:
9291 while (frame >= frame_in) {
9292 @@ -432,6 +455,10 @@ fail2:
9293 frame--;
9294 }
9295 fail:
9296 + if (*err == ERR_BAD_DX_DIR)
9297 + ext3_warning(dir->i_sb, __FUNCTION__,
9298 + "Corrupt dir inode %ld, running e2fsck is "
9299 + "recommended.", dir->i_ino);
9300 return NULL;
9301 }
9303 @@ -671,6 +698,10 @@ errout:
9304 * Directory block splitting, compacting
9305 */
9307 +/*
9308 + * Create map of hash values, offsets, and sizes, stored at end of block.
9309 + * Returns number of entries mapped.
9310 + */
9311 static int dx_make_map (struct ext3_dir_entry_2 *de, int size,
9312 struct dx_hash_info *hinfo, struct dx_map_entry *map_tail)
9313 {
9314 @@ -684,7 +715,8 @@ static int dx_make_map (struct ext3_dir_entry_2 *de, int size,
9315 ext3fs_dirhash(de->name, de->name_len, &h);
9316 map_tail--;
9317 map_tail->hash = h.hash;
9318 - map_tail->offs = (u32) ((char *) de - base);
9319 + map_tail->offs = (u16) ((char *) de - base);
9320 + map_tail->size = le16_to_cpu(de->rec_len);
9321 count++;
9322 cond_resched();
9323 }
9324 @@ -694,6 +726,7 @@ static int dx_make_map (struct ext3_dir_entry_2 *de, int size,
9325 return count;
9326 }
9328 +/* Sort map by hash value */
9329 static void dx_sort_map (struct dx_map_entry *map, unsigned count)
9330 {
9331 struct dx_map_entry *p, *q, *top = map + count - 1;
9332 @@ -1081,6 +1114,10 @@ static inline void ext3_set_de_type(struct super_block *sb,
9333 }
9335 #ifdef CONFIG_EXT3_INDEX
9336 +/*
9337 + * Move count entries from end of map between two memory locations.
9338 + * Returns pointer to last entry moved.
9339 + */
9340 static struct ext3_dir_entry_2 *
9341 dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count)
9342 {
9343 @@ -1099,6 +1136,10 @@ dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count)
9344 return (struct ext3_dir_entry_2 *) (to - rec_len);
9345 }
9347 +/*
9348 + * Compact each dir entry in the range to the minimal rec_len.
9349 + * Returns pointer to last entry in range.
9350 + */
9351 static struct ext3_dir_entry_2* dx_pack_dirents(char *base, int size)
9352 {
9353 struct ext3_dir_entry_2 *next, *to, *prev, *de = (struct ext3_dir_entry_2 *) base;
9354 @@ -1121,6 +1162,11 @@ static struct ext3_dir_entry_2* dx_pack_dirents(char *base, int size)
9355 return prev;
9356 }
9358 +/*
9359 + * Split a full leaf block to make room for a new dir entry.
9360 + * Allocate a new block, and move entries so that they are approx. equally full.
9361 + * Returns pointer to de in block into which the new entry will be inserted.
9362 + */
9363 static struct ext3_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
9364 struct buffer_head **bh,struct dx_frame *frame,
9365 struct dx_hash_info *hinfo, int *error)
9366 @@ -1132,7 +1178,7 @@ static struct ext3_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
9367 u32 hash2;
9368 struct dx_map_entry *map;
9369 char *data1 = (*bh)->b_data, *data2;
9370 - unsigned split;
9371 + unsigned split, move, size, i;
9372 struct ext3_dir_entry_2 *de = NULL, *de2;
9373 int err = 0;
9375 @@ -1160,8 +1206,19 @@ static struct ext3_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
9376 count = dx_make_map ((struct ext3_dir_entry_2 *) data1,
9377 blocksize, hinfo, map);
9378 map -= count;
9379 - split = count/2; // need to adjust to actual middle
9380 dx_sort_map (map, count);
9381 + /* Split the existing block in the middle, size-wise */
9382 + size = 0;
9383 + move = 0;
9384 + for (i = count-1; i >= 0; i--) {
9385 + /* is more than half of this entry in 2nd half of the block? */
9386 + if (size + map[i].size/2 > blocksize/2)
9387 + break;
9388 + size += map[i].size;
9389 + move++;
9390 + }
9391 + /* map index at which we will split */
9392 + split = count - move;
9393 hash2 = map[split].hash;
9394 continued = hash2 == map[split - 1].hash;
9395 dxtrace(printk("Split block %i at %x, %i/%i\n",
9396 diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
9397 index b9ce241..fd10229 100644
9398 --- a/fs/ext4/extents.c
9399 +++ b/fs/ext4/extents.c
9400 @@ -1445,7 +1445,7 @@ int ext4_ext_walk_space(struct inode *inode, unsigned long block,
9402 static void
9403 ext4_ext_put_in_cache(struct inode *inode, __u32 block,
9404 - __u32 len, __u32 start, int type)
9405 + __u32 len, ext4_fsblk_t start, int type)
9406 {
9407 struct ext4_ext_cache *cex;
9408 BUG_ON(len == 0);
9409 diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
9410 index 2811e57..7bb8d7c 100644
9411 --- a/fs/ext4/namei.c
9412 +++ b/fs/ext4/namei.c
9413 @@ -140,7 +140,8 @@ struct dx_frame
9414 struct dx_map_entry
9415 {
9416 u32 hash;
9417 - u32 offs;
9418 + u16 offs;
9419 + u16 size;
9420 };
9422 #ifdef CONFIG_EXT4_INDEX
9423 @@ -379,13 +380,28 @@ dx_probe(struct dentry *dentry, struct inode *dir,
9425 entries = (struct dx_entry *) (((char *)&root->info) +
9426 root->info.info_length);
9427 - assert(dx_get_limit(entries) == dx_root_limit(dir,
9428 - root->info.info_length));
9429 +
9430 + if (dx_get_limit(entries) != dx_root_limit(dir,
9431 + root->info.info_length)) {
9432 + ext4_warning(dir->i_sb, __FUNCTION__,
9433 + "dx entry: limit != root limit");
9434 + brelse(bh);
9435 + *err = ERR_BAD_DX_DIR;
9436 + goto fail;
9437 + }
9438 +
9439 dxtrace (printk("Look up %x", hash));
9440 while (1)
9441 {
9442 count = dx_get_count(entries);
9443 - assert (count && count <= dx_get_limit(entries));
9444 + if (!count || count > dx_get_limit(entries)) {
9445 + ext4_warning(dir->i_sb, __FUNCTION__,
9446 + "dx entry: no count or count > limit");
9447 + brelse(bh);
9448 + *err = ERR_BAD_DX_DIR;
9449 + goto fail2;
9450 + }
9451 +
9452 p = entries + 1;
9453 q = entries + count - 1;
9454 while (p <= q)
9455 @@ -423,8 +439,15 @@ dx_probe(struct dentry *dentry, struct inode *dir,
9456 if (!(bh = ext4_bread (NULL,dir, dx_get_block(at), 0, err)))
9457 goto fail2;
9458 at = entries = ((struct dx_node *) bh->b_data)->entries;
9459 - assert (dx_get_limit(entries) == dx_node_limit (dir));
9460 + if (dx_get_limit(entries) != dx_node_limit (dir)) {
9461 + ext4_warning(dir->i_sb, __FUNCTION__,
9462 + "dx entry: limit != node limit");
9463 + brelse(bh);
9464 + *err = ERR_BAD_DX_DIR;
9465 + goto fail2;
9466 + }
9467 frame++;
9468 + frame->bh = NULL;
9469 }
9470 fail2:
9471 while (frame >= frame_in) {
9472 @@ -432,6 +455,10 @@ fail2:
9473 frame--;
9474 }
9475 fail:
9476 + if (*err == ERR_BAD_DX_DIR)
9477 + ext4_warning(dir->i_sb, __FUNCTION__,
9478 + "Corrupt dir inode %ld, running e2fsck is "
9479 + "recommended.", dir->i_ino);
9480 return NULL;
9481 }
9483 @@ -671,6 +698,10 @@ errout:
9484 * Directory block splitting, compacting
9485 */
9487 +/*
9488 + * Create map of hash values, offsets, and sizes, stored at end of block.
9489 + * Returns number of entries mapped.
9490 + */
9491 static int dx_make_map (struct ext4_dir_entry_2 *de, int size,
9492 struct dx_hash_info *hinfo, struct dx_map_entry *map_tail)
9493 {
9494 @@ -684,7 +715,8 @@ static int dx_make_map (struct ext4_dir_entry_2 *de, int size,
9495 ext4fs_dirhash(de->name, de->name_len, &h);
9496 map_tail--;
9497 map_tail->hash = h.hash;
9498 - map_tail->offs = (u32) ((char *) de - base);
9499 + map_tail->offs = (u16) ((char *) de - base);
9500 + map_tail->size = le16_to_cpu(de->rec_len);
9501 count++;
9502 cond_resched();
9503 }
9504 @@ -694,6 +726,7 @@ static int dx_make_map (struct ext4_dir_entry_2 *de, int size,
9505 return count;
9506 }
9508 +/* Sort map by hash value */
9509 static void dx_sort_map (struct dx_map_entry *map, unsigned count)
9510 {
9511 struct dx_map_entry *p, *q, *top = map + count - 1;
9512 @@ -1079,6 +1112,10 @@ static inline void ext4_set_de_type(struct super_block *sb,
9513 }
9515 #ifdef CONFIG_EXT4_INDEX
9516 +/*
9517 + * Move count entries from end of map between two memory locations.
9518 + * Returns pointer to last entry moved.
9519 + */
9520 static struct ext4_dir_entry_2 *
9521 dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count)
9522 {
9523 @@ -1097,6 +1134,10 @@ dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count)
9524 return (struct ext4_dir_entry_2 *) (to - rec_len);
9525 }
9527 +/*
9528 + * Compact each dir entry in the range to the minimal rec_len.
9529 + * Returns pointer to last entry in range.
9530 + */
9531 static struct ext4_dir_entry_2* dx_pack_dirents(char *base, int size)
9532 {
9533 struct ext4_dir_entry_2 *next, *to, *prev, *de = (struct ext4_dir_entry_2 *) base;
9534 @@ -1119,6 +1160,11 @@ static struct ext4_dir_entry_2* dx_pack_dirents(char *base, int size)
9535 return prev;
9536 }
9538 +/*
9539 + * Split a full leaf block to make room for a new dir entry.
9540 + * Allocate a new block, and move entries so that they are approx. equally full.
9541 + * Returns pointer to de in block into which the new entry will be inserted.
9542 + */
9543 static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
9544 struct buffer_head **bh,struct dx_frame *frame,
9545 struct dx_hash_info *hinfo, int *error)
9546 @@ -1130,7 +1176,7 @@ static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
9547 u32 hash2;
9548 struct dx_map_entry *map;
9549 char *data1 = (*bh)->b_data, *data2;
9550 - unsigned split;
9551 + unsigned split, move, size, i;
9552 struct ext4_dir_entry_2 *de = NULL, *de2;
9553 int err = 0;
9555 @@ -1158,8 +1204,19 @@ static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
9556 count = dx_make_map ((struct ext4_dir_entry_2 *) data1,
9557 blocksize, hinfo, map);
9558 map -= count;
9559 - split = count/2; // need to adjust to actual middle
9560 dx_sort_map (map, count);
9561 + /* Split the existing block in the middle, size-wise */
9562 + size = 0;
9563 + move = 0;
9564 + for (i = count-1; i >= 0; i--) {
9565 + /* is more than half of this entry in 2nd half of the block? */
9566 + if (size + map[i].size/2 > blocksize/2)
9567 + break;
9568 + size += map[i].size;
9569 + move++;
9570 + }
9571 + /* map index at which we will split */
9572 + split = count - move;
9573 hash2 = map[split].hash;
9574 continued = hash2 == map[split - 1].hash;
9575 dxtrace(printk("Split block %i at %x, %i/%i\n",
9576 diff --git a/fs/inotify.c b/fs/inotify.c
9577 index 7457501..8ee2b43 100644
9578 --- a/fs/inotify.c
9579 +++ b/fs/inotify.c
9580 @@ -168,20 +168,14 @@ static void set_dentry_child_flags(struct inode *inode, int watched)
9581 struct dentry *child;
9583 list_for_each_entry(child, &alias->d_subdirs, d_u.d_child) {
9584 - if (!child->d_inode) {
9585 - WARN_ON(child->d_flags & DCACHE_INOTIFY_PARENT_WATCHED);
9586 + if (!child->d_inode)
9587 continue;
9588 - }
9589 +
9590 spin_lock(&child->d_lock);
9591 - if (watched) {
9592 - WARN_ON(child->d_flags &
9593 - DCACHE_INOTIFY_PARENT_WATCHED);
9594 + if (watched)
9595 child->d_flags |= DCACHE_INOTIFY_PARENT_WATCHED;
9596 - } else {
9597 - WARN_ON(!(child->d_flags &
9598 - DCACHE_INOTIFY_PARENT_WATCHED));
9599 - child->d_flags&=~DCACHE_INOTIFY_PARENT_WATCHED;
9600 - }
9601 + else
9602 + child->d_flags &=~DCACHE_INOTIFY_PARENT_WATCHED;
9603 spin_unlock(&child->d_lock);
9604 }
9605 }
9606 @@ -253,7 +247,6 @@ void inotify_d_instantiate(struct dentry *entry, struct inode *inode)
9607 if (!inode)
9608 return;
9610 - WARN_ON(entry->d_flags & DCACHE_INOTIFY_PARENT_WATCHED);
9611 spin_lock(&entry->d_lock);
9612 parent = entry->d_parent;
9613 if (parent->d_inode && inotify_inode_watched(parent->d_inode))
9614 @@ -627,6 +620,7 @@ s32 inotify_add_watch(struct inotify_handle *ih, struct inotify_watch *watch,
9615 struct inode *inode, u32 mask)
9616 {
9617 int ret = 0;
9618 + int newly_watched;
9620 /* don't allow invalid bits: we don't want flags set */
9621 mask &= IN_ALL_EVENTS | IN_ONESHOT;
9622 @@ -653,12 +647,18 @@ s32 inotify_add_watch(struct inotify_handle *ih, struct inotify_watch *watch,
9623 */
9624 watch->inode = igrab(inode);
9626 - if (!inotify_inode_watched(inode))
9627 - set_dentry_child_flags(inode, 1);
9628 -
9629 /* Add the watch to the handle's and the inode's list */
9630 + newly_watched = !inotify_inode_watched(inode);
9631 list_add(&watch->h_list, &ih->watches);
9632 list_add(&watch->i_list, &inode->inotify_watches);
9633 + /*
9634 + * Set child flags _after_ adding the watch, so there is no race
9635 + * windows where newly instantiated children could miss their parent's
9636 + * watched flag.
9637 + */
9638 + if (newly_watched)
9639 + set_dentry_child_flags(inode, 1);
9640 +
9641 out:
9642 mutex_unlock(&ih->mutex);
9643 mutex_unlock(&inode->inotify_mutex);
9644 diff --git a/fs/jbd/commit.c b/fs/jbd/commit.c
9645 index 1facfaf..a003d50 100644
9646 --- a/fs/jbd/commit.c
9647 +++ b/fs/jbd/commit.c
9648 @@ -887,7 +887,8 @@ restart_loop:
9649 journal->j_committing_transaction = NULL;
9650 spin_unlock(&journal->j_state_lock);
9652 - if (commit_transaction->t_checkpoint_list == NULL) {
9653 + if (commit_transaction->t_checkpoint_list == NULL &&
9654 + commit_transaction->t_checkpoint_io_list == NULL) {
9655 __journal_drop_transaction(journal, commit_transaction);
9656 } else {
9657 if (journal->j_checkpoint_transactions == NULL) {
9658 diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c
9659 index 2856e11..c0f59d1 100644
9660 --- a/fs/jbd2/commit.c
9661 +++ b/fs/jbd2/commit.c
9662 @@ -896,7 +896,8 @@ restart_loop:
9663 journal->j_committing_transaction = NULL;
9664 spin_unlock(&journal->j_state_lock);
9666 - if (commit_transaction->t_checkpoint_list == NULL) {
9667 + if (commit_transaction->t_checkpoint_list == NULL &&
9668 + commit_transaction->t_checkpoint_io_list == NULL) {
9669 __jbd2_journal_drop_transaction(journal, commit_transaction);
9670 } else {
9671 if (journal->j_checkpoint_transactions == NULL) {
9672 diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c
9673 index 1d3b7a9..8bc727b 100644
9674 --- a/fs/jffs2/fs.c
9675 +++ b/fs/jffs2/fs.c
9676 @@ -627,7 +627,7 @@ unsigned char *jffs2_gc_fetch_page(struct jffs2_sb_info *c,
9677 struct inode *inode = OFNI_EDONI_2SFFJ(f);
9678 struct page *pg;
9680 - pg = read_cache_page(inode->i_mapping, offset >> PAGE_CACHE_SHIFT,
9681 + pg = read_cache_page_async(inode->i_mapping, offset >> PAGE_CACHE_SHIFT,
9682 (void *)jffs2_do_readpage_unlock, inode);
9683 if (IS_ERR(pg))
9684 return (void *)pg;
9685 diff --git a/fs/jffs2/write.c b/fs/jffs2/write.c
9686 index c9fe0ab..1b68a52 100644
9687 --- a/fs/jffs2/write.c
9688 +++ b/fs/jffs2/write.c
9689 @@ -553,6 +553,9 @@ int jffs2_do_unlink(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f,
9690 struct jffs2_full_dirent **prev = &dir_f->dents;
9691 uint32_t nhash = full_name_hash(name, namelen);
9693 + /* We don't actually want to reserve any space, but we do
9694 + want to be holding the alloc_sem when we write to flash */
9695 + down(&c->alloc_sem);
9696 down(&dir_f->sem);
9698 while ((*prev) && (*prev)->nhash <= nhash) {
9699 diff --git a/fs/lockd/svclock.c b/fs/lockd/svclock.c
9700 index b3efa45..7b951a2 100644
9701 --- a/fs/lockd/svclock.c
9702 +++ b/fs/lockd/svclock.c
9703 @@ -171,19 +171,14 @@ found:
9704 * GRANTED_RES message by cookie, without having to rely on the client's IP
9705 * address. --okir
9706 */
9707 -static inline struct nlm_block *
9708 -nlmsvc_create_block(struct svc_rqst *rqstp, struct nlm_file *file,
9709 - struct nlm_lock *lock, struct nlm_cookie *cookie)
9710 +static struct nlm_block *
9711 +nlmsvc_create_block(struct svc_rqst *rqstp, struct nlm_host *host,
9712 + struct nlm_file *file, struct nlm_lock *lock,
9713 + struct nlm_cookie *cookie)
9714 {
9715 struct nlm_block *block;
9716 - struct nlm_host *host;
9717 struct nlm_rqst *call = NULL;
9719 - /* Create host handle for callback */
9720 - host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len);
9721 - if (host == NULL)
9722 - return NULL;
9723 -
9724 call = nlm_alloc_call(host);
9725 if (call == NULL)
9726 return NULL;
9727 @@ -366,6 +361,7 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file,
9728 struct nlm_lock *lock, int wait, struct nlm_cookie *cookie)
9729 {
9730 struct nlm_block *block = NULL;
9731 + struct nlm_host *host;
9732 int error;
9733 __be32 ret;
9735 @@ -377,6 +373,10 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file,
9736 (long long)lock->fl.fl_end,
9737 wait);
9739 + /* Create host handle for callback */
9740 + host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len);
9741 + if (host == NULL)
9742 + return nlm_lck_denied_nolocks;
9744 /* Lock file against concurrent access */
9745 mutex_lock(&file->f_mutex);
9746 @@ -385,7 +385,8 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file,
9747 */
9748 block = nlmsvc_lookup_block(file, lock);
9749 if (block == NULL) {
9750 - block = nlmsvc_create_block(rqstp, file, lock, cookie);
9751 + block = nlmsvc_create_block(rqstp, nlm_get_host(host), file,
9752 + lock, cookie);
9753 ret = nlm_lck_denied_nolocks;
9754 if (block == NULL)
9755 goto out;
9756 @@ -449,6 +450,7 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file,
9757 out:
9758 mutex_unlock(&file->f_mutex);
9759 nlmsvc_release_block(block);
9760 + nlm_release_host(host);
9761 dprintk("lockd: nlmsvc_lock returned %u\n", ret);
9762 return ret;
9763 }
9764 @@ -477,10 +479,17 @@ nlmsvc_testlock(struct svc_rqst *rqstp, struct nlm_file *file,
9766 if (block == NULL) {
9767 struct file_lock *conf = kzalloc(sizeof(*conf), GFP_KERNEL);
9768 + struct nlm_host *host;
9770 if (conf == NULL)
9771 return nlm_granted;
9772 - block = nlmsvc_create_block(rqstp, file, lock, cookie);
9773 + /* Create host handle for callback */
9774 + host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len);
9775 + if (host == NULL) {
9776 + kfree(conf);
9777 + return nlm_lck_denied_nolocks;
9778 + }
9779 + block = nlmsvc_create_block(rqstp, host, file, lock, cookie);
9780 if (block == NULL) {
9781 kfree(conf);
9782 return nlm_granted;
9783 diff --git a/fs/locks.c b/fs/locks.c
9784 index 431a8b8..6428605 100644
9785 --- a/fs/locks.c
9786 +++ b/fs/locks.c
9787 @@ -786,7 +786,7 @@ find_conflict:
9788 if (request->fl_flags & FL_ACCESS)
9789 goto out;
9790 locks_copy_lock(new_fl, request);
9791 - locks_insert_lock(&inode->i_flock, new_fl);
9792 + locks_insert_lock(before, new_fl);
9793 new_fl = NULL;
9794 error = 0;
9796 diff --git a/fs/minix/itree_v1.c b/fs/minix/itree_v1.c
9797 index 1a5f3bf..82d6554 100644
9798 --- a/fs/minix/itree_v1.c
9799 +++ b/fs/minix/itree_v1.c
9800 @@ -23,11 +23,16 @@ static inline block_t *i_data(struct inode *inode)
9801 static int block_to_path(struct inode * inode, long block, int offsets[DEPTH])
9802 {
9803 int n = 0;
9804 + char b[BDEVNAME_SIZE];
9806 if (block < 0) {
9807 - printk("minix_bmap: block<0\n");
9808 + printk("MINIX-fs: block_to_path: block %ld < 0 on dev %s\n",
9809 + block, bdevname(inode->i_sb->s_bdev, b));
9810 } else if (block >= (minix_sb(inode->i_sb)->s_max_size/BLOCK_SIZE)) {
9811 - printk("minix_bmap: block>big\n");
9812 + if (printk_ratelimit())
9813 + printk("MINIX-fs: block_to_path: "
9814 + "block %ld too big on dev %s\n",
9815 + block, bdevname(inode->i_sb->s_bdev, b));
9816 } else if (block < 7) {
9817 offsets[n++] = block;
9818 } else if ((block -= 7) < 512) {
9819 diff --git a/fs/minix/itree_v2.c b/fs/minix/itree_v2.c
9820 index ad8f0de..f230109 100644
9821 --- a/fs/minix/itree_v2.c
9822 +++ b/fs/minix/itree_v2.c
9823 @@ -23,12 +23,17 @@ static inline block_t *i_data(struct inode *inode)
9824 static int block_to_path(struct inode * inode, long block, int offsets[DEPTH])
9825 {
9826 int n = 0;
9827 + char b[BDEVNAME_SIZE];
9828 struct super_block *sb = inode->i_sb;
9830 if (block < 0) {
9831 - printk("minix_bmap: block<0\n");
9832 + printk("MINIX-fs: block_to_path: block %ld < 0 on dev %s\n",
9833 + block, bdevname(sb->s_bdev, b));
9834 } else if (block >= (minix_sb(inode->i_sb)->s_max_size/sb->s_blocksize)) {
9835 - printk("minix_bmap: block>big\n");
9836 + if (printk_ratelimit())
9837 + printk("MINIX-fs: block_to_path: "
9838 + "block %ld too big on dev %s\n",
9839 + block, bdevname(sb->s_bdev, b));
9840 } else if (block < 7) {
9841 offsets[n++] = block;
9842 } else if ((block -= 7) < 256) {
9843 diff --git a/fs/namei.c b/fs/namei.c
9844 index 5e2d98d..8e209ce 100644
9845 --- a/fs/namei.c
9846 +++ b/fs/namei.c
9847 @@ -1543,7 +1543,7 @@ int may_open(struct nameidata *nd, int acc_mode, int flag)
9848 if (S_ISLNK(inode->i_mode))
9849 return -ELOOP;
9851 - if (S_ISDIR(inode->i_mode) && (flag & FMODE_WRITE))
9852 + if (S_ISDIR(inode->i_mode) && (acc_mode & MAY_WRITE))
9853 return -EISDIR;
9855 error = vfs_permission(nd, acc_mode);
9856 @@ -1562,7 +1562,7 @@ int may_open(struct nameidata *nd, int acc_mode, int flag)
9857 return -EACCES;
9859 flag &= ~O_TRUNC;
9860 - } else if (IS_RDONLY(inode) && (flag & FMODE_WRITE))
9861 + } else if (IS_RDONLY(inode) && (acc_mode & MAY_WRITE))
9862 return -EROFS;
9863 /*
9864 * An append-only file must be opened in append mode for writing.
9865 diff --git a/fs/ncpfs/mmap.c b/fs/ncpfs/mmap.c
9866 index 70a6911..f87de97 100644
9867 --- a/fs/ncpfs/mmap.c
9868 +++ b/fs/ncpfs/mmap.c
9869 @@ -47,9 +47,6 @@ static struct page* ncp_file_mmap_nopage(struct vm_area_struct *area,
9870 pos = address - area->vm_start + (area->vm_pgoff << PAGE_SHIFT);
9872 count = PAGE_SIZE;
9873 - if (address + PAGE_SIZE > area->vm_end) {
9874 - count = area->vm_end - address;
9875 - }
9876 /* what we can read in one go */
9877 bufsize = NCP_SERVER(inode)->buffer_size;
9879 diff --git a/fs/nfs/client.c b/fs/nfs/client.c
9880 index 881fa49..b6fd8a7 100644
9881 --- a/fs/nfs/client.c
9882 +++ b/fs/nfs/client.c
9883 @@ -433,9 +433,6 @@ static int nfs_create_rpc_client(struct nfs_client *clp, int proto,
9884 */
9885 static void nfs_destroy_server(struct nfs_server *server)
9886 {
9887 - if (!IS_ERR(server->client_acl))
9888 - rpc_shutdown_client(server->client_acl);
9889 -
9890 if (!(server->flags & NFS_MOUNT_NONLM))
9891 lockd_down(); /* release rpc.lockd */
9892 }
9893 @@ -614,16 +611,6 @@ static int nfs_init_server(struct nfs_server *server, const struct nfs_mount_dat
9894 server->namelen = data->namlen;
9895 /* Create a client RPC handle for the NFSv3 ACL management interface */
9896 nfs_init_server_aclclient(server);
9897 - if (clp->cl_nfsversion == 3) {
9898 - if (server->namelen == 0 || server->namelen > NFS3_MAXNAMLEN)
9899 - server->namelen = NFS3_MAXNAMLEN;
9900 - if (!(data->flags & NFS_MOUNT_NORDIRPLUS))
9901 - server->caps |= NFS_CAP_READDIRPLUS;
9902 - } else {
9903 - if (server->namelen == 0 || server->namelen > NFS2_MAXNAMLEN)
9904 - server->namelen = NFS2_MAXNAMLEN;
9905 - }
9906 -
9907 dprintk("<-- nfs_init_server() = 0 [new %p]\n", clp);
9908 return 0;
9910 @@ -781,6 +768,9 @@ void nfs_free_server(struct nfs_server *server)
9912 if (server->destroy != NULL)
9913 server->destroy(server);
9914 +
9915 + if (!IS_ERR(server->client_acl))
9916 + rpc_shutdown_client(server->client_acl);
9917 if (!IS_ERR(server->client))
9918 rpc_shutdown_client(server->client);
9920 @@ -820,6 +810,16 @@ struct nfs_server *nfs_create_server(const struct nfs_mount_data *data,
9921 error = nfs_probe_fsinfo(server, mntfh, &fattr);
9922 if (error < 0)
9923 goto error;
9924 + if (server->nfs_client->rpc_ops->version == 3) {
9925 + if (server->namelen == 0 || server->namelen > NFS3_MAXNAMLEN)
9926 + server->namelen = NFS3_MAXNAMLEN;
9927 + if (!(data->flags & NFS_MOUNT_NORDIRPLUS))
9928 + server->caps |= NFS_CAP_READDIRPLUS;
9929 + } else {
9930 + if (server->namelen == 0 || server->namelen > NFS2_MAXNAMLEN)
9931 + server->namelen = NFS2_MAXNAMLEN;
9932 + }
9933 +
9934 if (!(fattr.valid & NFS_ATTR_FATTR)) {
9935 error = server->nfs_client->rpc_ops->getattr(server, mntfh, &fattr);
9936 if (error < 0) {
9937 @@ -1010,6 +1010,9 @@ struct nfs_server *nfs4_create_server(const struct nfs4_mount_data *data,
9938 if (error < 0)
9939 goto error;
9941 + if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN)
9942 + server->namelen = NFS4_MAXNAMLEN;
9943 +
9944 BUG_ON(!server->nfs_client);
9945 BUG_ON(!server->nfs_client->rpc_ops);
9946 BUG_ON(!server->nfs_client->rpc_ops->file_inode_ops);
9947 @@ -1082,6 +1085,9 @@ struct nfs_server *nfs4_create_referral_server(struct nfs_clone_mount *data,
9948 if (error < 0)
9949 goto error;
9951 + if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN)
9952 + server->namelen = NFS4_MAXNAMLEN;
9953 +
9954 dprintk("Referral FSID: %llx:%llx\n",
9955 (unsigned long long) server->fsid.major,
9956 (unsigned long long) server->fsid.minor);
9957 @@ -1141,6 +1147,9 @@ struct nfs_server *nfs_clone_server(struct nfs_server *source,
9958 if (error < 0)
9959 goto out_free_server;
9961 + if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN)
9962 + server->namelen = NFS4_MAXNAMLEN;
9963 +
9964 dprintk("Cloned FSID: %llx:%llx\n",
9965 (unsigned long long) server->fsid.major,
9966 (unsigned long long) server->fsid.minor);
9967 diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
9968 index c27258b..db1d6b9 100644
9969 --- a/fs/nfs/dir.c
9970 +++ b/fs/nfs/dir.c
9971 @@ -897,14 +897,13 @@ int nfs_is_exclusive_create(struct inode *dir, struct nameidata *nd)
9972 return (nd->intent.open.flags & O_EXCL) != 0;
9973 }
9975 -static inline int nfs_reval_fsid(struct vfsmount *mnt, struct inode *dir,
9976 - struct nfs_fh *fh, struct nfs_fattr *fattr)
9977 +static inline int nfs_reval_fsid(struct inode *dir, const struct nfs_fattr *fattr)
9978 {
9979 struct nfs_server *server = NFS_SERVER(dir);
9981 if (!nfs_fsid_equal(&server->fsid, &fattr->fsid))
9982 - /* Revalidate fsid on root dir */
9983 - return __nfs_revalidate_inode(server, mnt->mnt_root->d_inode);
9984 + /* Revalidate fsid using the parent directory */
9985 + return __nfs_revalidate_inode(server, dir);
9986 return 0;
9987 }
9989 @@ -946,7 +945,7 @@ static struct dentry *nfs_lookup(struct inode *dir, struct dentry * dentry, stru
9990 res = ERR_PTR(error);
9991 goto out_unlock;
9992 }
9993 - error = nfs_reval_fsid(nd->mnt, dir, &fhandle, &fattr);
9994 + error = nfs_reval_fsid(dir, &fattr);
9995 if (error < 0) {
9996 res = ERR_PTR(error);
9997 goto out_unlock;
9998 @@ -1163,6 +1162,8 @@ static struct dentry *nfs_readdir_lookup(nfs_readdir_descriptor_t *desc)
9999 }
10000 if (!desc->plus || !(entry->fattr->valid & NFS_ATTR_FATTR))
10001 return NULL;
10002 + if (name.len > NFS_SERVER(dir)->namelen)
10003 + return NULL;
10004 /* Note: caller is already holding the dir->i_mutex! */
10005 dentry = d_alloc(parent, &name);
10006 if (dentry == NULL)
10007 diff --git a/fs/nfs/getroot.c b/fs/nfs/getroot.c
10008 index d1cbf0a..522e5ad 100644
10009 --- a/fs/nfs/getroot.c
10010 +++ b/fs/nfs/getroot.c
10011 @@ -175,6 +175,9 @@ next_component:
10012 path++;
10013 name.len = path - (const char *) name.name;
10015 + if (name.len > NFS4_MAXNAMLEN)
10016 + return -ENAMETOOLONG;
10017 +
10018 eat_dot_dir:
10019 while (*path == '/')
10020 path++;
10021 diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
10022 index bd9f5a8..2219b6c 100644
10023 --- a/fs/nfs/inode.c
10024 +++ b/fs/nfs/inode.c
10025 @@ -961,8 +961,8 @@ static int nfs_update_inode(struct inode *inode, struct nfs_fattr *fattr)
10026 goto out_changed;
10028 server = NFS_SERVER(inode);
10029 - /* Update the fsid if and only if this is the root directory */
10030 - if (inode == inode->i_sb->s_root->d_inode
10031 + /* Update the fsid? */
10032 + if (S_ISDIR(inode->i_mode)
10033 && !nfs_fsid_equal(&server->fsid, &fattr->fsid))
10034 server->fsid = fattr->fsid;
10036 diff --git a/fs/nfs/super.c b/fs/nfs/super.c
10037 index ca20d3c..6a5bd0d 100644
10038 --- a/fs/nfs/super.c
10039 +++ b/fs/nfs/super.c
10040 @@ -181,8 +181,8 @@ void __exit unregister_nfs_fs(void)
10041 remove_shrinker(acl_shrinker);
10042 #ifdef CONFIG_NFS_V4
10043 unregister_filesystem(&nfs4_fs_type);
10044 - nfs_unregister_sysctl();
10045 #endif
10046 + nfs_unregister_sysctl();
10047 unregister_filesystem(&nfs_fs_type);
10048 }
10050 diff --git a/fs/nfs/write.c b/fs/nfs/write.c
10051 index af344a1..380a7ae 100644
10052 --- a/fs/nfs/write.c
10053 +++ b/fs/nfs/write.c
10054 @@ -710,6 +710,17 @@ int nfs_flush_incompatible(struct file *file, struct page *page)
10055 }
10057 /*
10058 + * If the page cache is marked as unsafe or invalid, then we can't rely on
10059 + * the PageUptodate() flag. In this case, we will need to turn off
10060 + * write optimisations that depend on the page contents being correct.
10061 + */
10062 +static int nfs_write_pageuptodate(struct page *page, struct inode *inode)
10063 +{
10064 + return PageUptodate(page) &&
10065 + !(NFS_I(inode)->cache_validity & (NFS_INO_REVAL_PAGECACHE|NFS_INO_INVALID_DATA));
10066 +}
10067 +
10068 +/*
10069 * Update and possibly write a cached page of an NFS file.
10070 *
10071 * XXX: Keep an eye on generic_file_read to make sure it doesn't do bad
10072 @@ -730,10 +741,13 @@ int nfs_updatepage(struct file *file, struct page *page,
10073 (long long)(page_offset(page) +offset));
10075 /* If we're not using byte range locks, and we know the page
10076 - * is entirely in cache, it may be more efficient to avoid
10077 - * fragmenting write requests.
10078 + * is up to date, it may be more efficient to extend the write
10079 + * to cover the entire page in order to avoid fragmentation
10080 + * inefficiencies.
10081 */
10082 - if (PageUptodate(page) && inode->i_flock == NULL && !(file->f_mode & O_SYNC)) {
10083 + if (nfs_write_pageuptodate(page, inode) &&
10084 + inode->i_flock == NULL &&
10085 + !(file->f_mode & O_SYNC)) {
10086 count = max(count + offset, nfs_page_length(page));
10087 offset = 0;
10088 }
10089 diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c
10090 index b617428..0e5fa11 100644
10091 --- a/fs/nfsd/nfs2acl.c
10092 +++ b/fs/nfsd/nfs2acl.c
10093 @@ -41,7 +41,7 @@ static __be32 nfsacld_proc_getacl(struct svc_rqst * rqstp,
10095 fh = fh_copy(&resp->fh, &argp->fh);
10096 if ((nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP)))
10097 - RETURN_STATUS(nfserr_inval);
10098 + RETURN_STATUS(nfserr);
10100 if (argp->mask & ~(NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT))
10101 RETURN_STATUS(nfserr_inval);
10102 diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c
10103 index 3e3f2de..b647f2f 100644
10104 --- a/fs/nfsd/nfs3acl.c
10105 +++ b/fs/nfsd/nfs3acl.c
10106 @@ -37,7 +37,7 @@ static __be32 nfsd3_proc_getacl(struct svc_rqst * rqstp,
10108 fh = fh_copy(&resp->fh, &argp->fh);
10109 if ((nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP)))
10110 - RETURN_STATUS(nfserr_inval);
10111 + RETURN_STATUS(nfserr);
10113 if (argp->mask & ~(NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT))
10114 RETURN_STATUS(nfserr_inval);
10115 diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
10116 index 15809df..0898aec 100644
10117 --- a/fs/nfsd/nfs4xdr.c
10118 +++ b/fs/nfsd/nfs4xdr.c
10119 @@ -1453,7 +1453,8 @@ nfsd4_encode_fattr(struct svc_fh *fhp, struct svc_export *exp,
10120 err = vfs_getattr(exp->ex_mnt, dentry, &stat);
10121 if (err)
10122 goto out_nfserr;
10123 - if ((bmval0 & (FATTR4_WORD0_FILES_FREE | FATTR4_WORD0_FILES_TOTAL)) ||
10124 + if ((bmval0 & (FATTR4_WORD0_FILES_FREE | FATTR4_WORD0_FILES_TOTAL |
10125 + FATTR4_WORD0_MAXNAME)) ||
10126 (bmval1 & (FATTR4_WORD1_SPACE_AVAIL | FATTR4_WORD1_SPACE_FREE |
10127 FATTR4_WORD1_SPACE_TOTAL))) {
10128 err = vfs_statfs(dentry, &statfs);
10129 @@ -1699,7 +1700,7 @@ out_acl:
10130 if (bmval0 & FATTR4_WORD0_MAXNAME) {
10131 if ((buflen -= 4) < 0)
10132 goto out_resource;
10133 - WRITE32(~(u32) 0);
10134 + WRITE32(statfs.f_namelen);
10135 }
10136 if (bmval0 & FATTR4_WORD0_MAXREAD) {
10137 if ((buflen -= 8) < 0)
10138 diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
10139 index 6ca2d24..f83d235 100644
10140 --- a/fs/nfsd/nfsfh.c
10141 +++ b/fs/nfsd/nfsfh.c
10142 @@ -565,13 +565,23 @@ enum fsid_source fsid_source(struct svc_fh *fhp)
10143 case FSID_DEV:
10144 case FSID_ENCODE_DEV:
10145 case FSID_MAJOR_MINOR:
10146 - return FSIDSOURCE_DEV;
10147 + if (fhp->fh_export->ex_dentry->d_inode->i_sb->s_type->fs_flags
10148 + & FS_REQUIRES_DEV)
10149 + return FSIDSOURCE_DEV;
10150 + break;
10151 case FSID_NUM:
10152 - return FSIDSOURCE_FSID;
10153 - default:
10154 if (fhp->fh_export->ex_flags & NFSEXP_FSID)
10155 return FSIDSOURCE_FSID;
10156 - else
10157 - return FSIDSOURCE_UUID;
10158 + break;
10159 + default:
10160 + break;
10161 }
10162 + /* either a UUID type filehandle, or the filehandle doesn't
10163 + * match the export.
10164 + */
10165 + if (fhp->fh_export->ex_flags & NFSEXP_FSID)
10166 + return FSIDSOURCE_FSID;
10167 + if (fhp->fh_export->ex_uuid)
10168 + return FSIDSOURCE_UUID;
10169 + return FSIDSOURCE_DEV;
10170 }
10171 diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
10172 index 7e6aa24..9a68061 100644
10173 --- a/fs/nfsd/vfs.c
10174 +++ b/fs/nfsd/vfs.c
10175 @@ -1890,7 +1890,7 @@ nfsd_racache_init(int cache_size)
10176 raparm_hash[i].pb_head = NULL;
10177 spin_lock_init(&raparm_hash[i].pb_lock);
10178 }
10179 - nperbucket = cache_size >> RAPARM_HASH_BITS;
10180 + nperbucket = DIV_ROUND_UP(cache_size, RAPARM_HASH_SIZE);
10181 for (i = 0; i < cache_size - 1; i++) {
10182 if (i % nperbucket == 0)
10183 raparm_hash[j++].pb_head = raparml + i;
10184 diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c
10185 index a480b09..3175288 100644
10186 --- a/fs/ocfs2/aops.c
10187 +++ b/fs/ocfs2/aops.c
10188 @@ -661,6 +661,27 @@ static void ocfs2_clear_page_regions(struct page *page,
10189 }
10191 /*
10192 + * Nonsparse file systems fully allocate before we get to the write
10193 + * code. This prevents ocfs2_write() from tagging the write as an
10194 + * allocating one, which means ocfs2_map_page_blocks() might try to
10195 + * read-in the blocks at the tail of our file. Avoid reading them by
10196 + * testing i_size against each block offset.
10197 + */
10198 +static int ocfs2_should_read_blk(struct inode *inode, struct page *page,
10199 + unsigned int block_start)
10200 +{
10201 + u64 offset = page_offset(page) + block_start;
10202 +
10203 + if (ocfs2_sparse_alloc(OCFS2_SB(inode->i_sb)))
10204 + return 1;
10205 +
10206 + if (i_size_read(inode) > offset)
10207 + return 1;
10208 +
10209 + return 0;
10210 +}
10211 +
10212 +/*
10213 * Some of this taken from block_prepare_write(). We already have our
10214 * mapping by now though, and the entire write will be allocating or
10215 * it won't, so not much need to use BH_New.
10216 @@ -711,7 +732,8 @@ int ocfs2_map_page_blocks(struct page *page, u64 *p_blkno,
10217 if (!buffer_uptodate(bh))
10218 set_buffer_uptodate(bh);
10219 } else if (!buffer_uptodate(bh) && !buffer_delay(bh) &&
10220 - (block_start < from || block_end > to)) {
10221 + ocfs2_should_read_blk(inode, page, block_start) &&
10222 + (block_start < from || block_end > to)) {
10223 ll_rw_block(READ, 1, &bh);
10224 *wait_bh++=bh;
10225 }
10226 diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
10227 index ac6c964..e0cd750 100644
10228 --- a/fs/ocfs2/file.c
10229 +++ b/fs/ocfs2/file.c
10230 @@ -1353,7 +1353,7 @@ static struct page * ocfs2_get_write_source(struct ocfs2_buffered_write_priv *bp
10231 else
10232 src_page = ERR_PTR(-EFAULT);
10233 } else {
10234 - bp->b_src_buf = buf;
10235 + bp->b_src_buf = (char *)((unsigned long)buf & PAGE_CACHE_MASK);
10236 }
10238 return src_page;
10239 diff --git a/fs/signalfd.c b/fs/signalfd.c
10240 index 3b07f26..afbe171 100644
10241 --- a/fs/signalfd.c
10242 +++ b/fs/signalfd.c
10243 @@ -56,12 +56,18 @@ static int signalfd_lock(struct signalfd_ctx *ctx, struct signalfd_lockctx *lk)
10244 sighand = lock_task_sighand(lk->tsk, &lk->flags);
10245 rcu_read_unlock();
10247 - if (sighand && !ctx->tsk) {
10248 + if (!sighand)
10249 + return 0;
10250 +
10251 + if (!ctx->tsk) {
10252 unlock_task_sighand(lk->tsk, &lk->flags);
10253 - sighand = NULL;
10254 + return 0;
10255 }
10257 - return sighand != NULL;
10258 + if (lk->tsk->tgid == current->tgid)
10259 + lk->tsk = current;
10260 +
10261 + return 1;
10262 }
10264 static void signalfd_unlock(struct signalfd_lockctx *lk)
10265 @@ -331,7 +337,7 @@ asmlinkage long sys_signalfd(int ufd, sigset_t __user *user_mask, size_t sizemas
10267 init_waitqueue_head(&ctx->wqh);
10268 ctx->sigmask = sigmask;
10269 - ctx->tsk = current;
10270 + ctx->tsk = current->group_leader;
10272 sighand = current->sighand;
10273 /*
10274 diff --git a/fs/splice.c b/fs/splice.c
10275 index e7d7080..3da87fe 100644
10276 --- a/fs/splice.c
10277 +++ b/fs/splice.c
10278 @@ -28,6 +28,7 @@
10279 #include <linux/module.h>
10280 #include <linux/syscalls.h>
10281 #include <linux/uio.h>
10282 +#include <linux/security.h>
10284 struct partial_page {
10285 unsigned int offset;
10286 @@ -331,7 +332,7 @@ __generic_file_splice_read(struct file *in, loff_t *ppos,
10287 break;
10289 error = add_to_page_cache_lru(page, mapping, index,
10290 - GFP_KERNEL);
10291 + mapping_gfp_mask(mapping));
10292 if (unlikely(error)) {
10293 page_cache_release(page);
10294 if (error == -EEXIST)
10295 @@ -601,7 +602,7 @@ find_page:
10296 ret = add_to_page_cache_lru(page, mapping, index,
10297 GFP_KERNEL);
10298 if (unlikely(ret))
10299 - goto out;
10300 + goto out_release;
10301 }
10303 ret = mapping->a_ops->prepare_write(file, page, offset, offset+this_len);
10304 @@ -657,8 +658,9 @@ find_page:
10305 */
10306 mark_page_accessed(page);
10307 out:
10308 - page_cache_release(page);
10309 unlock_page(page);
10310 +out_release:
10311 + page_cache_release(page);
10312 out_ret:
10313 return ret;
10314 }
10315 @@ -931,6 +933,10 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
10316 if (unlikely(ret < 0))
10317 return ret;
10319 + ret = security_file_permission(out, MAY_WRITE);
10320 + if (unlikely(ret < 0))
10321 + return ret;
10322 +
10323 return out->f_op->splice_write(pipe, out, ppos, len, flags);
10324 }
10326 @@ -953,6 +959,10 @@ static long do_splice_to(struct file *in, loff_t *ppos,
10327 if (unlikely(ret < 0))
10328 return ret;
10330 + ret = security_file_permission(in, MAY_READ);
10331 + if (unlikely(ret < 0))
10332 + return ret;
10333 +
10334 return in->f_op->splice_read(in, ppos, pipe, len, flags);
10335 }
10337 @@ -1010,7 +1020,7 @@ long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
10338 max_read_len = min(len, (size_t)(PIPE_BUFFERS*PAGE_SIZE));
10340 ret = do_splice_to(in, ppos, pipe, max_read_len, flags);
10341 - if (unlikely(ret < 0))
10342 + if (unlikely(ret <= 0))
10343 goto out_release;
10345 read_len = ret;
10346 @@ -1022,7 +1032,7 @@ long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
10347 */
10348 ret = do_splice_from(pipe, out, &out_off, read_len,
10349 flags & ~SPLICE_F_NONBLOCK);
10350 - if (unlikely(ret < 0))
10351 + if (unlikely(ret <= 0))
10352 goto out_release;
10354 bytes += ret;
10355 @@ -1181,6 +1191,9 @@ static int get_iovec_page_array(const struct iovec __user *iov,
10356 if (unlikely(!base))
10357 break;
10359 + if (!access_ok(VERIFY_READ, base, len))
10360 + break;
10361 +
10362 /*
10363 * Get this base offset and number of pages, then map
10364 * in the user pages.
10365 @@ -1485,6 +1498,13 @@ static int link_pipe(struct pipe_inode_info *ipipe,
10366 i++;
10367 } while (len);
10369 + /*
10370 + * return EAGAIN if we have the potential of some data in the
10371 + * future, otherwise just return 0
10372 + */
10373 + if (!ret && ipipe->waiting_writers && (flags & SPLICE_F_NONBLOCK))
10374 + ret = -EAGAIN;
10375 +
10376 inode_double_unlock(ipipe->inode, opipe->inode);
10378 /*
10379 @@ -1525,11 +1545,8 @@ static long do_tee(struct file *in, struct file *out, size_t len,
10380 ret = link_ipipe_prep(ipipe, flags);
10381 if (!ret) {
10382 ret = link_opipe_prep(opipe, flags);
10383 - if (!ret) {
10384 + if (!ret)
10385 ret = link_pipe(ipipe, opipe, len, flags);
10386 - if (!ret && (flags & SPLICE_F_NONBLOCK))
10387 - ret = -EAGAIN;
10388 - }
10389 }
10390 }
10392 diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
10393 index b502c71..1f64ce5 100644
10394 --- a/fs/sysfs/file.c
10395 +++ b/fs/sysfs/file.c
10396 @@ -283,6 +283,7 @@ static int sysfs_open_file(struct inode *inode, struct file *file)
10397 mutex_lock(&inode->i_mutex);
10398 if (!(set = inode->i_private)) {
10399 if (!(set = inode->i_private = kmalloc(sizeof(struct sysfs_buffer_collection), GFP_KERNEL))) {
10400 + mutex_unlock(&inode->i_mutex);
10401 error = -ENOMEM;
10402 goto Done;
10403 } else {
10404 diff --git a/fs/timerfd.c b/fs/timerfd.c
10405 index af9eca5..61983f3 100644
10406 --- a/fs/timerfd.c
10407 +++ b/fs/timerfd.c
10408 @@ -95,7 +95,7 @@ static ssize_t timerfd_read(struct file *file, char __user *buf, size_t count,
10409 {
10410 struct timerfd_ctx *ctx = file->private_data;
10411 ssize_t res;
10412 - u32 ticks = 0;
10413 + u64 ticks = 0;
10414 DECLARE_WAITQUEUE(wait, current);
10416 if (count < sizeof(ticks))
10417 @@ -130,7 +130,7 @@ static ssize_t timerfd_read(struct file *file, char __user *buf, size_t count,
10418 * callback to avoid DoS attacks specifying a very
10419 * short timer period.
10420 */
10421 - ticks = (u32)
10422 + ticks = (u64)
10423 hrtimer_forward(&ctx->tmr,
10424 hrtimer_cb_get_time(&ctx->tmr),
10425 ctx->tintv);
10426 @@ -140,7 +140,7 @@ static ssize_t timerfd_read(struct file *file, char __user *buf, size_t count,
10427 }
10428 spin_unlock_irq(&ctx->wqh.lock);
10429 if (ticks)
10430 - res = put_user(ticks, buf) ? -EFAULT: sizeof(ticks);
10431 + res = put_user(ticks, (u64 __user *) buf) ? -EFAULT: sizeof(ticks);
10432 return res;
10433 }
10435 diff --git a/include/acpi/processor.h b/include/acpi/processor.h
10436 index b4b0ffd..0276fc6 100644
10437 --- a/include/acpi/processor.h
10438 +++ b/include/acpi/processor.h
10439 @@ -279,6 +279,8 @@ int acpi_processor_power_init(struct acpi_processor *pr,
10440 int acpi_processor_cst_has_changed(struct acpi_processor *pr);
10441 int acpi_processor_power_exit(struct acpi_processor *pr,
10442 struct acpi_device *device);
10443 +int acpi_processor_suspend(struct acpi_device * device, pm_message_t state);
10444 +int acpi_processor_resume(struct acpi_device * device);
10446 /* in processor_thermal.c */
10447 int acpi_processor_get_limit_info(struct acpi_processor *pr);
10448 diff --git a/include/asm-avr32/atomic.h b/include/asm-avr32/atomic.h
10449 index b9c2548..7ef3862 100644
10450 --- a/include/asm-avr32/atomic.h
10451 +++ b/include/asm-avr32/atomic.h
10452 @@ -101,7 +101,7 @@ static inline int atomic_sub_unless(atomic_t *v, int a, int u)
10453 " mov %1, 1\n"
10454 "1:"
10455 : "=&r"(tmp), "=&r"(result), "=o"(v->counter)
10456 - : "m"(v->counter), "rKs21"(a), "rKs21"(u)
10457 + : "m"(v->counter), "rKs21"(a), "rKs21"(u), "1"(result)
10458 : "cc", "memory");
10460 return result;
10461 @@ -137,7 +137,7 @@ static inline int atomic_add_unless(atomic_t *v, int a, int u)
10462 " mov %1, 1\n"
10463 "1:"
10464 : "=&r"(tmp), "=&r"(result), "=o"(v->counter)
10465 - : "m"(v->counter), "r"(a), "ir"(u)
10466 + : "m"(v->counter), "r"(a), "ir"(u), "1"(result)
10467 : "cc", "memory");
10468 }
10470 diff --git a/include/asm-i386/apic.h b/include/asm-i386/apic.h
10471 index 1e8f6f2..4091b33 100644
10472 --- a/include/asm-i386/apic.h
10473 +++ b/include/asm-i386/apic.h
10474 @@ -116,6 +116,8 @@ extern void enable_NMI_through_LVT0 (void * dummy);
10475 extern int timer_over_8254;
10476 extern int local_apic_timer_c2_ok;
10478 +extern int local_apic_timer_disabled;
10479 +
10480 #else /* !CONFIG_X86_LOCAL_APIC */
10481 static inline void lapic_shutdown(void) { }
10483 diff --git a/include/asm-i386/cpufeature.h b/include/asm-i386/cpufeature.h
10484 index f514e90..ddc2d7c 100644
10485 --- a/include/asm-i386/cpufeature.h
10486 +++ b/include/asm-i386/cpufeature.h
10487 @@ -79,7 +79,7 @@
10488 #define X86_FEATURE_ARCH_PERFMON (3*32+11) /* Intel Architectural PerfMon */
10489 #define X86_FEATURE_PEBS (3*32+12) /* Precise-Event Based Sampling */
10490 #define X86_FEATURE_BTS (3*32+13) /* Branch Trace Store */
10491 -#define X86_FEATURE_LAPIC_TIMER_BROKEN (3*32+ 14) /* lapic timer broken in C1 */
10492 +/* 14 free */
10493 #define X86_FEATURE_SYNC_RDTSC (3*32+15) /* RDTSC synchronizes the CPU */
10495 /* Intel-defined CPU features, CPUID level 0x00000001 (ecx), word 4 */
10496 diff --git a/include/asm-i386/serial.h b/include/asm-i386/serial.h
10497 index 57a4306..bd67480 100644
10498 --- a/include/asm-i386/serial.h
10499 +++ b/include/asm-i386/serial.h
10500 @@ -11,3 +11,19 @@
10501 * megabits/second; but this requires the faster clock.
10502 */
10503 #define BASE_BAUD ( 1843200 / 16 )
10504 +
10505 +/* Standard COM flags (except for COM4, because of the 8514 problem) */
10506 +#ifdef CONFIG_SERIAL_DETECT_IRQ
10507 +#define STD_COM_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_SKIP_TEST | ASYNC_AUTO_IRQ)
10508 +#define STD_COM4_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_AUTO_IRQ)
10509 +#else
10510 +#define STD_COM_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_SKIP_TEST)
10511 +#define STD_COM4_FLAGS ASYNC_BOOT_AUTOCONF
10512 +#endif
10513 +
10514 +#define SERIAL_PORT_DFNS \
10515 + /* UART CLK PORT IRQ FLAGS */ \
10516 + { 0, BASE_BAUD, 0x3F8, 4, STD_COM_FLAGS }, /* ttyS0 */ \
10517 + { 0, BASE_BAUD, 0x2F8, 3, STD_COM_FLAGS }, /* ttyS1 */ \
10518 + { 0, BASE_BAUD, 0x3E8, 4, STD_COM_FLAGS }, /* ttyS2 */ \
10519 + { 0, BASE_BAUD, 0x2E8, 3, STD_COM4_FLAGS }, /* ttyS3 */
10520 diff --git a/include/asm-sparc/sfp-machine.h b/include/asm-sparc/sfp-machine.h
10521 index ecfc86a..266a42b 100644
10522 --- a/include/asm-sparc/sfp-machine.h
10523 +++ b/include/asm-sparc/sfp-machine.h
10524 @@ -203,4 +203,10 @@ extern struct task_struct *last_task_used_math;
10525 #define FP_INHIBIT_RESULTS ((last_task_used_math->thread.fsr >> 23) & _fex)
10526 #endif
10528 +#ifdef CONFIG_SMP
10529 +#define FP_TRAPPING_EXCEPTIONS ((current->thread.fsr >> 23) & 0x1f)
10530 +#else
10531 +#define FP_TRAPPING_EXCEPTIONS ((last_task_used_math->thread.fsr >> 23) & 0x1f)
10532 +#endif
10533 +
10534 #endif
10535 diff --git a/include/asm-sparc64/hypervisor.h b/include/asm-sparc64/hypervisor.h
10536 index db2130a..a63a1f6 100644
10537 --- a/include/asm-sparc64/hypervisor.h
10538 +++ b/include/asm-sparc64/hypervisor.h
10539 @@ -709,6 +709,10 @@ extern unsigned long sun4v_mmu_tsb_ctx0(unsigned long num_descriptions,
10540 */
10541 #define HV_FAST_MMU_DEMAP_ALL 0x24
10543 +#ifndef __ASSEMBLY__
10544 +extern void sun4v_mmu_demap_all(void);
10545 +#endif
10546 +
10547 /* mmu_map_perm_addr()
10548 * TRAP: HV_FAST_TRAP
10549 * FUNCTION: HV_FAST_MMU_MAP_PERM_ADDR
10550 diff --git a/include/asm-sparc64/sfp-machine.h b/include/asm-sparc64/sfp-machine.h
10551 index 89d4243..c9331b0 100644
10552 --- a/include/asm-sparc64/sfp-machine.h
10553 +++ b/include/asm-sparc64/sfp-machine.h
10554 @@ -88,4 +88,6 @@
10556 #define FP_INHIBIT_RESULTS ((current_thread_info()->xfsr[0] >> 23) & _fex)
10558 +#define FP_TRAPPING_EXCEPTIONS ((current_thread_info()->xfsr[0] >> 23) & 0x1f)
10559 +
10560 #endif
10561 diff --git a/include/asm-x86_64/serial.h b/include/asm-x86_64/serial.h
10562 index 8ebd765..b0496e0 100644
10563 --- a/include/asm-x86_64/serial.h
10564 +++ b/include/asm-x86_64/serial.h
10565 @@ -11,3 +11,19 @@
10566 * megabits/second; but this requires the faster clock.
10567 */
10568 #define BASE_BAUD ( 1843200 / 16 )
10569 +
10570 +/* Standard COM flags (except for COM4, because of the 8514 problem) */
10571 +#ifdef CONFIG_SERIAL_DETECT_IRQ
10572 +#define STD_COM_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_SKIP_TEST | ASYNC_AUTO_IRQ)
10573 +#define STD_COM4_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_AUTO_IRQ)
10574 +#else
10575 +#define STD_COM_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_SKIP_TEST)
10576 +#define STD_COM4_FLAGS ASYNC_BOOT_AUTOCONF
10577 +#endif
10578 +
10579 +#define SERIAL_PORT_DFNS \
10580 + /* UART CLK PORT IRQ FLAGS */ \
10581 + { 0, BASE_BAUD, 0x3F8, 4, STD_COM_FLAGS }, /* ttyS0 */ \
10582 + { 0, BASE_BAUD, 0x2F8, 3, STD_COM_FLAGS }, /* ttyS1 */ \
10583 + { 0, BASE_BAUD, 0x3E8, 4, STD_COM_FLAGS }, /* ttyS2 */ \
10584 + { 0, BASE_BAUD, 0x2E8, 3, STD_COM4_FLAGS }, /* ttyS3 */
10585 diff --git a/include/linux/Kbuild b/include/linux/Kbuild
10586 index f317c27..d86711d 100644
10587 --- a/include/linux/Kbuild
10588 +++ b/include/linux/Kbuild
10589 @@ -7,6 +7,7 @@ header-y += raid/
10590 header-y += spi/
10591 header-y += sunrpc/
10592 header-y += tc_act/
10593 +header-y += tc_ematch/
10594 header-y += netfilter/
10595 header-y += netfilter_arp/
10596 header-y += netfilter_bridge/
10597 @@ -137,6 +138,7 @@ header-y += radeonfb.h
10598 header-y += raw.h
10599 header-y += resource.h
10600 header-y += rose.h
10601 +header-y += serial_reg.h
10602 header-y += smbno.h
10603 header-y += snmp.h
10604 header-y += sockios.h
10605 diff --git a/include/linux/bootmem.h b/include/linux/bootmem.h
10606 index c83534e..0365ec9 100644
10607 --- a/include/linux/bootmem.h
10608 +++ b/include/linux/bootmem.h
10609 @@ -59,7 +59,6 @@ extern void *__alloc_bootmem_core(struct bootmem_data *bdata,
10610 unsigned long align,
10611 unsigned long goal,
10612 unsigned long limit);
10613 -extern void *alloc_bootmem_high_node(pg_data_t *pgdat, unsigned long size);
10615 #ifndef CONFIG_HAVE_ARCH_BOOTMEM_NODE
10616 extern void reserve_bootmem(unsigned long addr, unsigned long size);
10617 diff --git a/include/linux/ioprio.h b/include/linux/ioprio.h
10618 index 8e2042b..2eaa142 100644
10619 --- a/include/linux/ioprio.h
10620 +++ b/include/linux/ioprio.h
10621 @@ -47,8 +47,10 @@ enum {
10622 #define IOPRIO_NORM (4)
10623 static inline int task_ioprio(struct task_struct *task)
10624 {
10625 - WARN_ON(!ioprio_valid(task->ioprio));
10626 - return IOPRIO_PRIO_DATA(task->ioprio);
10627 + if (ioprio_valid(task->ioprio))
10628 + return IOPRIO_PRIO_DATA(task->ioprio);
10629 +
10630 + return IOPRIO_NORM;
10631 }
10633 static inline int task_nice_ioprio(struct task_struct *task)
10634 diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
10635 index 3a70f55..ab210be 100644
10636 --- a/include/linux/netdevice.h
10637 +++ b/include/linux/netdevice.h
10638 @@ -1032,6 +1032,8 @@ extern void dev_seq_stop(struct seq_file *seq, void *v);
10640 extern void linkwatch_run_queue(void);
10642 +extern int netdev_compute_features(unsigned long all, unsigned long one);
10643 +
10644 static inline int net_gso_ok(int features, int gso_type)
10645 {
10646 int feature = gso_type << NETIF_F_GSO_SHIFT;
10647 diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
10648 index 43397a4..ab57cb7 100644
10649 --- a/include/linux/netfilter/Kbuild
10650 +++ b/include/linux/netfilter/Kbuild
10651 @@ -28,6 +28,7 @@ header-y += xt_policy.h
10652 header-y += xt_realm.h
10653 header-y += xt_sctp.h
10654 header-y += xt_state.h
10655 +header-y += xt_statistic.h
10656 header-y += xt_string.h
10657 header-y += xt_tcpmss.h
10658 header-y += xt_tcpudp.h
10659 diff --git a/include/linux/netfilter_ipv4/ipt_iprange.h b/include/linux/netfilter_ipv4/ipt_iprange.h
10660 index 34ab0fb..a92fefc 100644
10661 --- a/include/linux/netfilter_ipv4/ipt_iprange.h
10662 +++ b/include/linux/netfilter_ipv4/ipt_iprange.h
10663 @@ -1,6 +1,8 @@
10664 #ifndef _IPT_IPRANGE_H
10665 #define _IPT_IPRANGE_H
10667 +#include <linux/types.h>
10668 +
10669 #define IPRANGE_SRC 0x01 /* Match source IP address */
10670 #define IPRANGE_DST 0x02 /* Match destination IP address */
10671 #define IPRANGE_SRC_INV 0x10 /* Negate the condition */
10672 diff --git a/include/linux/netlink.h b/include/linux/netlink.h
10673 index 2e23353..b2834d8 100644
10674 --- a/include/linux/netlink.h
10675 +++ b/include/linux/netlink.h
10676 @@ -173,7 +173,7 @@ extern int netlink_unregister_notifier(struct notifier_block *nb);
10677 /* finegrained unicast helpers: */
10678 struct sock *netlink_getsockbyfilp(struct file *filp);
10679 int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
10680 - long timeo, struct sock *ssk);
10681 + long *timeo, struct sock *ssk);
10682 void netlink_detachskb(struct sock *sk, struct sk_buff *skb);
10683 int netlink_sendskb(struct sock *sk, struct sk_buff *skb, int protocol);
10685 diff --git a/include/linux/page-flags.h b/include/linux/page-flags.h
10686 index ae2d79f..5b72887 100644
10687 --- a/include/linux/page-flags.h
10688 +++ b/include/linux/page-flags.h
10689 @@ -240,7 +240,7 @@ static inline void SetPageUptodate(struct page *page)
10691 #define PG_head_tail_mask ((1L << PG_compound) | (1L << PG_reclaim))
10693 -#define PageTail(page) ((page->flags & PG_head_tail_mask) \
10694 +#define PageTail(page) (((page)->flags & PG_head_tail_mask) \
10695 == PG_head_tail_mask)
10697 static inline void __SetPageTail(struct page *page)
10698 @@ -253,7 +253,7 @@ static inline void __ClearPageTail(struct page *page)
10699 page->flags &= ~PG_head_tail_mask;
10700 }
10702 -#define PageHead(page) ((page->flags & PG_head_tail_mask) \
10703 +#define PageHead(page) (((page)->flags & PG_head_tail_mask) \
10704 == (1L << PG_compound))
10705 #define __SetPageHead(page) __SetPageCompound(page)
10706 #define __ClearPageHead(page) __ClearPageCompound(page)
10707 diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
10708 index 5b1c999..c6c9d48 100644
10709 --- a/include/linux/pci_ids.h
10710 +++ b/include/linux/pci_ids.h
10711 @@ -357,6 +357,9 @@
10712 #define PCI_DEVICE_ID_ATI_RS400_166 0x5a32
10713 #define PCI_DEVICE_ID_ATI_RS400_200 0x5a33
10714 #define PCI_DEVICE_ID_ATI_RS480 0x5950
10715 +#define PCI_DEVICE_ID_ATI_RD580 0x5952
10716 +#define PCI_DEVICE_ID_ATI_RX790 0x5957
10717 +#define PCI_DEVICE_ID_ATI_RS690 0x7910
10718 /* ATI IXP Chipset */
10719 #define PCI_DEVICE_ID_ATI_IXP200_IDE 0x4349
10720 #define PCI_DEVICE_ID_ATI_IXP200_SMBUS 0x4353
10721 @@ -1236,6 +1239,10 @@
10722 #define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP67_IDE 0x0560
10723 #define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP73_IDE 0x056C
10724 #define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP77_IDE 0x0759
10725 +#define PCI_DEVICE_ID_NVIDIA_NVENET_36 0x0AB0
10726 +#define PCI_DEVICE_ID_NVIDIA_NVENET_37 0x0AB1
10727 +#define PCI_DEVICE_ID_NVIDIA_NVENET_38 0x0AB2
10728 +#define PCI_DEVICE_ID_NVIDIA_NVENET_39 0x0AB3
10730 #define PCI_VENDOR_ID_IMS 0x10e0
10731 #define PCI_DEVICE_ID_IMS_TT128 0x9128
10732 @@ -2278,6 +2285,8 @@
10733 #define PCI_DEVICE_ID_INTEL_ICH9_4 0x2914
10734 #define PCI_DEVICE_ID_INTEL_ICH9_5 0x2919
10735 #define PCI_DEVICE_ID_INTEL_ICH9_6 0x2930
10736 +#define PCI_DEVICE_ID_INTEL_ICH9_7 0x2916
10737 +#define PCI_DEVICE_ID_INTEL_ICH9_8 0x2918
10738 #define PCI_DEVICE_ID_INTEL_82855PM_HB 0x3340
10739 #define PCI_DEVICE_ID_INTEL_82830_HB 0x3575
10740 #define PCI_DEVICE_ID_INTEL_82830_CGC 0x3577
10741 diff --git a/include/linux/quicklist.h b/include/linux/quicklist.h
10742 index 9371c61..39b6671 100644
10743 --- a/include/linux/quicklist.h
10744 +++ b/include/linux/quicklist.h
10745 @@ -56,14 +56,6 @@ static inline void __quicklist_free(int nr, void (*dtor)(void *), void *p,
10746 struct page *page)
10747 {
10748 struct quicklist *q;
10749 - int nid = page_to_nid(page);
10750 -
10751 - if (unlikely(nid != numa_node_id())) {
10752 - if (dtor)
10753 - dtor(p);
10754 - __free_page(page);
10755 - return;
10756 - }
10758 q = &get_cpu_var(quicklist)[nr];
10759 *(void **)p = q->page;
10760 diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
10761 index 1c4eb41..9c4ad75 100644
10762 --- a/include/linux/thread_info.h
10763 +++ b/include/linux/thread_info.h
10764 @@ -7,12 +7,25 @@
10765 #ifndef _LINUX_THREAD_INFO_H
10766 #define _LINUX_THREAD_INFO_H
10768 +#include <linux/types.h>
10769 +
10770 /*
10771 - * System call restart block.
10772 + * System call restart block.
10773 */
10774 struct restart_block {
10775 long (*fn)(struct restart_block *);
10776 - unsigned long arg0, arg1, arg2, arg3;
10777 + union {
10778 + struct {
10779 + unsigned long arg0, arg1, arg2, arg3;
10780 + };
10781 + /* For futex_wait */
10782 + struct {
10783 + u32 *uaddr;
10784 + u32 val;
10785 + u32 flags;
10786 + u64 time;
10787 + } futex;
10788 + };
10789 };
10791 extern long do_no_restart_syscall(struct restart_block *parm);
10792 diff --git a/include/math-emu/op-common.h b/include/math-emu/op-common.h
10793 index 93780ab..bb46e76 100644
10794 --- a/include/math-emu/op-common.h
10795 +++ b/include/math-emu/op-common.h
10796 @@ -145,13 +145,16 @@ do { \
10797 { \
10798 X##_e = 1; \
10799 _FP_FRAC_SET_##wc(X, _FP_ZEROFRAC_##wc); \
10800 + FP_SET_EXCEPTION(FP_EX_INEXACT); \
10801 } \
10802 else \
10803 { \
10804 X##_e = 0; \
10805 _FP_FRAC_SRL_##wc(X, _FP_WORKBITS); \
10806 - FP_SET_EXCEPTION(FP_EX_UNDERFLOW); \
10807 } \
10808 + if ((FP_CUR_EXCEPTIONS & FP_EX_INEXACT) || \
10809 + (FP_TRAPPING_EXCEPTIONS & FP_EX_UNDERFLOW)) \
10810 + FP_SET_EXCEPTION(FP_EX_UNDERFLOW); \
10811 } \
10812 else \
10813 { \
10814 diff --git a/include/math-emu/soft-fp.h b/include/math-emu/soft-fp.h
10815 index d02eb64..a6f873b 100644
10816 --- a/include/math-emu/soft-fp.h
10817 +++ b/include/math-emu/soft-fp.h
10818 @@ -97,12 +97,19 @@
10819 #define FP_INHIBIT_RESULTS 0
10820 #endif
10822 +#ifndef FP_TRAPPING_EXCEPTIONS
10823 +#define FP_TRAPPING_EXCEPTIONS 0
10824 +#endif
10825 +
10826 #define FP_SET_EXCEPTION(ex) \
10827 _fex |= (ex)
10829 #define FP_UNSET_EXCEPTION(ex) \
10830 _fex &= ~(ex)
10832 +#define FP_CUR_EXCEPTIONS \
10833 + (_fex)
10834 +
10835 #define FP_CLEAR_EXCEPTIONS \
10836 _fex = 0
10838 diff --git a/include/net/bluetooth/rfcomm.h b/include/net/bluetooth/rfcomm.h
10839 index 3c563f0..25aa575 100644
10840 --- a/include/net/bluetooth/rfcomm.h
10841 +++ b/include/net/bluetooth/rfcomm.h
10842 @@ -323,6 +323,7 @@ int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc
10843 #define RFCOMM_RELEASE_ONHUP 1
10844 #define RFCOMM_HANGUP_NOW 2
10845 #define RFCOMM_TTY_ATTACHED 3
10846 +#define RFCOMM_TTY_RELEASED 4
10848 struct rfcomm_dev_req {
10849 s16 dev_id;
10850 diff --git a/include/net/rose.h b/include/net/rose.h
10851 index a4047d3..e5bb084 100644
10852 --- a/include/net/rose.h
10853 +++ b/include/net/rose.h
10854 @@ -188,7 +188,7 @@ extern void rose_kick(struct sock *);
10855 extern void rose_enquiry_response(struct sock *);
10857 /* rose_route.c */
10858 -extern struct rose_neigh rose_loopback_neigh;
10859 +extern struct rose_neigh *rose_loopback_neigh;
10860 extern const struct file_operations rose_neigh_fops;
10861 extern const struct file_operations rose_nodes_fops;
10862 extern const struct file_operations rose_routes_fops;
10863 diff --git a/include/net/tcp.h b/include/net/tcp.h
10864 index a8af9ae..c05e018 100644
10865 --- a/include/net/tcp.h
10866 +++ b/include/net/tcp.h
10867 @@ -281,7 +281,7 @@ extern int tcp_v4_remember_stamp(struct sock *sk);
10869 extern int tcp_v4_tw_remember_stamp(struct inet_timewait_sock *tw);
10871 -extern int tcp_sendmsg(struct kiocb *iocb, struct sock *sk,
10872 +extern int tcp_sendmsg(struct kiocb *iocb, struct socket *sock,
10873 struct msghdr *msg, size_t size);
10874 extern ssize_t tcp_sendpage(struct socket *sock, struct page *page, int offset, size_t size, int flags);
10876 @@ -1061,14 +1061,12 @@ struct tcp_md5sig_key {
10877 };
10879 struct tcp4_md5sig_key {
10880 - u8 *key;
10881 - u16 keylen;
10882 + struct tcp_md5sig_key base;
10883 __be32 addr;
10884 };
10886 struct tcp6_md5sig_key {
10887 - u8 *key;
10888 - u16 keylen;
10889 + struct tcp_md5sig_key base;
10890 #if 0
10891 u32 scope_id; /* XXX */
10892 #endif
10893 @@ -1260,6 +1258,9 @@ static inline void tcp_insert_write_queue_before(struct sk_buff *new,
10894 struct sock *sk)
10895 {
10896 __skb_insert(new, skb->prev, skb, &sk->sk_write_queue);
10897 +
10898 + if (sk->sk_send_head == skb)
10899 + sk->sk_send_head = new;
10900 }
10902 static inline void tcp_unlink_write_queue(struct sk_buff *skb, struct sock *sk)
10903 diff --git a/include/net/xfrm.h b/include/net/xfrm.h
10904 index 311f25a..4d56e16 100644
10905 --- a/include/net/xfrm.h
10906 +++ b/include/net/xfrm.h
10907 @@ -577,7 +577,6 @@ static inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ct
10908 struct xfrm_dst
10909 {
10910 union {
10911 - struct xfrm_dst *next;
10912 struct dst_entry dst;
10913 struct rtable rt;
10914 struct rt6_info rt6;
10915 diff --git a/init/Kconfig b/init/Kconfig
10916 index a9e99f8..5f8dba9 100644
10917 --- a/init/Kconfig
10918 +++ b/init/Kconfig
10919 @@ -505,6 +505,7 @@ config SIGNALFD
10920 config TIMERFD
10921 bool "Enable timerfd() system call" if EMBEDDED
10922 depends on ANON_INODES
10923 + depends on BROKEN
10924 default y
10925 help
10926 Enable the timerfd() system call that allows to receive timer
10927 diff --git a/ipc/mqueue.c b/ipc/mqueue.c
10928 index a242c83..1eef14b 100644
10929 --- a/ipc/mqueue.c
10930 +++ b/ipc/mqueue.c
10931 @@ -1014,6 +1014,8 @@ asmlinkage long sys_mq_notify(mqd_t mqdes,
10932 return -EINVAL;
10933 }
10934 if (notification.sigev_notify == SIGEV_THREAD) {
10935 + long timeo;
10936 +
10937 /* create the notify skb */
10938 nc = alloc_skb(NOTIFY_COOKIE_LEN, GFP_KERNEL);
10939 ret = -ENOMEM;
10940 @@ -1042,8 +1044,8 @@ retry:
10941 goto out;
10942 }
10944 - ret = netlink_attachskb(sock, nc, 0,
10945 - MAX_SCHEDULE_TIMEOUT, NULL);
10946 + timeo = MAX_SCHEDULE_TIMEOUT;
10947 + ret = netlink_attachskb(sock, nc, 0, &timeo, NULL);
10948 if (ret == 1)
10949 goto retry;
10950 if (ret) {
10951 diff --git a/ipc/shm.c b/ipc/shm.c
10952 index 0852f20..3bdcb9a 100644
10953 --- a/ipc/shm.c
10954 +++ b/ipc/shm.c
10955 @@ -716,7 +716,7 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
10956 struct user_struct * user = current->user;
10957 if (!is_file_hugepages(shp->shm_file)) {
10958 err = shmem_lock(shp->shm_file, 1, user);
10959 - if (!err) {
10960 + if (!err && !(shp->shm_perm.mode & SHM_LOCKED)){
10961 shp->shm_perm.mode |= SHM_LOCKED;
10962 shp->mlock_user = user;
10963 }
10964 diff --git a/kernel/auditsc.c b/kernel/auditsc.c
10965 index e36481e..ea37edd 100644
10966 --- a/kernel/auditsc.c
10967 +++ b/kernel/auditsc.c
10968 @@ -1998,19 +1998,19 @@ int __audit_signal_info(int sig, struct task_struct *t)
10969 extern uid_t audit_sig_uid;
10970 extern u32 audit_sig_sid;
10972 - if (audit_pid && t->tgid == audit_pid &&
10973 - (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1)) {
10974 - audit_sig_pid = tsk->pid;
10975 - if (ctx)
10976 - audit_sig_uid = ctx->loginuid;
10977 - else
10978 - audit_sig_uid = tsk->uid;
10979 - selinux_get_task_sid(tsk, &audit_sig_sid);
10980 + if (audit_pid && t->tgid == audit_pid) {
10981 + if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1) {
10982 + audit_sig_pid = tsk->pid;
10983 + if (ctx)
10984 + audit_sig_uid = ctx->loginuid;
10985 + else
10986 + audit_sig_uid = tsk->uid;
10987 + selinux_get_task_sid(tsk, &audit_sig_sid);
10988 + }
10989 + if (!audit_signals || audit_dummy_context())
10990 + return 0;
10991 }
10993 - if (!audit_signals) /* audit_context checked in wrapper */
10994 - return 0;
10995 -
10996 /* optimize the common case by putting first signal recipient directly
10997 * in audit_context */
10998 if (!ctx->target_pid) {
10999 diff --git a/kernel/exit.c b/kernel/exit.c
11000 index 5c8ecba..369dae2 100644
11001 --- a/kernel/exit.c
11002 +++ b/kernel/exit.c
11003 @@ -1336,11 +1336,10 @@ static int wait_task_stopped(struct task_struct *p, int delayed_group_leader,
11004 int why = (p->ptrace & PT_PTRACED) ? CLD_TRAPPED : CLD_STOPPED;
11006 exit_code = p->exit_code;
11007 - if (unlikely(!exit_code) ||
11008 - unlikely(p->state & TASK_TRACED))
11009 + if (unlikely(!exit_code) || unlikely(p->exit_state))
11010 goto bail_ref;
11011 return wait_noreap_copyout(p, pid, uid,
11012 - why, (exit_code << 8) | 0x7f,
11013 + why, exit_code,
11014 infop, ru);
11015 }
11017 diff --git a/kernel/futex.c b/kernel/futex.c
11018 index 45490be..592cf07 100644
11019 --- a/kernel/futex.c
11020 +++ b/kernel/futex.c
11021 @@ -1129,9 +1129,9 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
11023 /*
11024 * In case we must use restart_block to restart a futex_wait,
11025 - * we encode in the 'arg3' shared capability
11026 + * we encode in the 'flags' shared capability
11027 */
11028 -#define ARG3_SHARED 1
11029 +#define FLAGS_SHARED 1
11031 static long futex_wait_restart(struct restart_block *restart);
11032 static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
11033 @@ -1272,12 +1272,13 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
11034 struct restart_block *restart;
11035 restart = ¤t_thread_info()->restart_block;
11036 restart->fn = futex_wait_restart;
11037 - restart->arg0 = (unsigned long)uaddr;
11038 - restart->arg1 = (unsigned long)val;
11039 - restart->arg2 = (unsigned long)abs_time;
11040 - restart->arg3 = 0;
11041 + restart->futex.uaddr = (u32 *)uaddr;
11042 + restart->futex.val = val;
11043 + restart->futex.time = abs_time->tv64;
11044 + restart->futex.flags = 0;
11045 +
11046 if (fshared)
11047 - restart->arg3 |= ARG3_SHARED;
11048 + restart->futex.flags |= FLAGS_SHARED;
11049 return -ERESTART_RESTARTBLOCK;
11050 }
11052 @@ -1293,15 +1294,15 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
11054 static long futex_wait_restart(struct restart_block *restart)
11055 {
11056 - u32 __user *uaddr = (u32 __user *)restart->arg0;
11057 - u32 val = (u32)restart->arg1;
11058 - ktime_t *abs_time = (ktime_t *)restart->arg2;
11059 + u32 __user *uaddr = (u32 __user *)restart->futex.uaddr;
11060 struct rw_semaphore *fshared = NULL;
11061 + ktime_t t;
11063 + t.tv64 = restart->futex.time;
11064 restart->fn = do_no_restart_syscall;
11065 - if (restart->arg3 & ARG3_SHARED)
11066 + if (restart->futex.flags & FLAGS_SHARED)
11067 fshared = ¤t->mm->mmap_sem;
11068 - return (long)futex_wait(uaddr, fshared, val, abs_time);
11069 + return (long)futex_wait(uaddr, fshared, restart->futex.val, &t);
11070 }
11073 @@ -2061,8 +2062,10 @@ asmlinkage long sys_futex(u32 __user *uaddr, int op, u32 val,
11074 }
11075 /*
11076 * requeue parameter in 'utime' if cmd == FUTEX_REQUEUE.
11077 + * number of waiters to wake in 'utime' if cmd == FUTEX_WAKE_OP.
11078 */
11079 - if (cmd == FUTEX_REQUEUE || cmd == FUTEX_CMP_REQUEUE)
11080 + if (cmd == FUTEX_REQUEUE || cmd == FUTEX_CMP_REQUEUE ||
11081 + cmd == FUTEX_WAKE_OP)
11082 val2 = (u32) (unsigned long) utime;
11084 return do_futex(uaddr, op, val, tp, uaddr2, val2, val3);
11085 diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
11086 index f792136..589b1e4 100644
11087 --- a/kernel/futex_compat.c
11088 +++ b/kernel/futex_compat.c
11089 @@ -29,6 +29,15 @@ fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry,
11090 return 0;
11091 }
11093 +static void __user *futex_uaddr(struct robust_list *entry,
11094 + compat_long_t futex_offset)
11095 +{
11096 + compat_uptr_t base = ptr_to_compat(entry);
11097 + void __user *uaddr = compat_ptr(base + futex_offset);
11098 +
11099 + return uaddr;
11100 +}
11101 +
11102 /*
11103 * Walk curr->robust_list (very carefully, it's a userspace list!)
11104 * and mark any locks found there dead, and notify any waiters.
11105 @@ -61,18 +70,23 @@ void compat_exit_robust_list(struct task_struct *curr)
11106 if (fetch_robust_entry(&upending, &pending,
11107 &head->list_op_pending, &pip))
11108 return;
11109 - if (upending)
11110 - handle_futex_death((void __user *)pending + futex_offset, curr, pip);
11111 + if (pending) {
11112 + void __user *uaddr = futex_uaddr(pending,
11113 + futex_offset);
11114 + handle_futex_death(uaddr, curr, pip);
11115 + }
11117 - while (compat_ptr(uentry) != &head->list) {
11118 + while (entry != (struct robust_list __user *) &head->list) {
11119 /*
11120 * A pending lock might already be on the list, so
11121 * dont process it twice:
11122 */
11123 - if (entry != pending)
11124 - if (handle_futex_death((void __user *)entry + futex_offset,
11125 - curr, pi))
11126 + if (entry != pending) {
11127 + void __user *uaddr = futex_uaddr(entry,
11128 + futex_offset);
11129 + if (handle_futex_death(uaddr, curr, pi))
11130 return;
11131 + }
11133 /*
11134 * Fetch the next entry in the list:
11135 diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
11136 index 23c03f4..355e867 100644
11137 --- a/kernel/hrtimer.c
11138 +++ b/kernel/hrtimer.c
11139 @@ -825,6 +825,14 @@ hrtimer_start(struct hrtimer *timer, ktime_t tim, const enum hrtimer_mode mode)
11140 #ifdef CONFIG_TIME_LOW_RES
11141 tim = ktime_add(tim, base->resolution);
11142 #endif
11143 + /*
11144 + * Careful here: User space might have asked for a
11145 + * very long sleep, so the add above might result in a
11146 + * negative number, which enqueues the timer in front
11147 + * of the queue.
11148 + */
11149 + if (tim.tv64 < 0)
11150 + tim.tv64 = KTIME_MAX;
11151 }
11152 timer->expires = tim;
11154 diff --git a/kernel/irq/chip.c b/kernel/irq/chip.c
11155 index 615ce97..7279484 100644
11156 --- a/kernel/irq/chip.c
11157 +++ b/kernel/irq/chip.c
11158 @@ -246,6 +246,17 @@ static unsigned int default_startup(unsigned int irq)
11159 }
11161 /*
11162 + * default shutdown function
11163 + */
11164 +static void default_shutdown(unsigned int irq)
11165 +{
11166 + struct irq_desc *desc = irq_desc + irq;
11167 +
11168 + desc->chip->mask(irq);
11169 + desc->status |= IRQ_MASKED;
11170 +}
11171 +
11172 +/*
11173 * Fixup enable/disable function pointers
11174 */
11175 void irq_chip_set_defaults(struct irq_chip *chip)
11176 @@ -256,8 +267,15 @@ void irq_chip_set_defaults(struct irq_chip *chip)
11177 chip->disable = default_disable;
11178 if (!chip->startup)
11179 chip->startup = default_startup;
11180 + /*
11181 + * We use chip->disable, when the user provided its own. When
11182 + * we have default_disable set for chip->disable, then we need
11183 + * to use default_shutdown, otherwise the irq line is not
11184 + * disabled on free_irq():
11185 + */
11186 if (!chip->shutdown)
11187 - chip->shutdown = chip->disable;
11188 + chip->shutdown = chip->disable != default_disable ?
11189 + chip->disable : default_shutdown;
11190 if (!chip->name)
11191 chip->name = chip->typename;
11192 if (!chip->end)
11193 @@ -352,13 +370,10 @@ handle_level_irq(unsigned int irq, struct irq_desc *desc)
11194 * keep it masked and get out of here
11195 */
11196 action = desc->action;
11197 - if (unlikely(!action || (desc->status & IRQ_DISABLED))) {
11198 - desc->status |= IRQ_PENDING;
11199 + if (unlikely(!action || (desc->status & IRQ_DISABLED)))
11200 goto out_unlock;
11201 - }
11203 desc->status |= IRQ_INPROGRESS;
11204 - desc->status &= ~IRQ_PENDING;
11205 spin_unlock(&desc->lock);
11207 action_ret = handle_IRQ_event(irq, action);
11208 diff --git a/kernel/irq/resend.c b/kernel/irq/resend.c
11209 index 5bfeaed..a804679 100644
11210 --- a/kernel/irq/resend.c
11211 +++ b/kernel/irq/resend.c
11212 @@ -62,7 +62,12 @@ void check_irq_resend(struct irq_desc *desc, unsigned int irq)
11213 */
11214 desc->chip->enable(irq);
11216 - if ((status & (IRQ_PENDING | IRQ_REPLAY)) == IRQ_PENDING) {
11217 + /*
11218 + * We do not resend level type interrupts. Level type
11219 + * interrupts are resent by hardware when they are still
11220 + * active.
11221 + */
11222 + if ((status & (IRQ_LEVEL | IRQ_PENDING | IRQ_REPLAY)) == IRQ_PENDING) {
11223 desc->status = (status & ~IRQ_PENDING) | IRQ_REPLAY;
11225 if (!desc->chip || !desc->chip->retrigger ||
11226 diff --git a/kernel/lockdep.c b/kernel/lockdep.c
11227 index 1a5ff22..072cf25 100644
11228 --- a/kernel/lockdep.c
11229 +++ b/kernel/lockdep.c
11230 @@ -2166,7 +2166,6 @@ out_calc_hash:
11231 }
11232 #endif
11233 chain_key = iterate_chain_key(chain_key, id);
11234 - curr->curr_chain_key = chain_key;
11236 /*
11237 * Trylock needs to maintain the stack of held locks, but it
11238 @@ -2215,6 +2214,7 @@ out_calc_hash:
11239 if (unlikely(!debug_locks))
11240 return 0;
11242 + curr->curr_chain_key = chain_key;
11243 curr->lockdep_depth++;
11244 check_chain_key(curr);
11245 #ifdef CONFIG_DEBUG_LOCKDEP
11246 diff --git a/kernel/lockdep_proc.c b/kernel/lockdep_proc.c
11247 index 58f35e5..96f0417 100644
11248 --- a/kernel/lockdep_proc.c
11249 +++ b/kernel/lockdep_proc.c
11250 @@ -339,7 +339,7 @@ static const struct file_operations proc_lockdep_stats_operations = {
11251 .open = lockdep_stats_open,
11252 .read = seq_read,
11253 .llseek = seq_lseek,
11254 - .release = seq_release,
11255 + .release = single_release,
11256 };
11258 static int __init lockdep_proc_init(void)
11259 diff --git a/kernel/params.c b/kernel/params.c
11260 index e61c46c..1f17b58 100644
11261 --- a/kernel/params.c
11262 +++ b/kernel/params.c
11263 @@ -591,13 +591,16 @@ static void __init param_sysfs_builtin(void)
11265 for (i=0; i < __stop___param - __start___param; i++) {
11266 char *dot;
11267 + size_t max_name_len;
11269 kp = &__start___param[i];
11270 + max_name_len =
11271 + min_t(size_t, MAX_KBUILD_MODNAME, strlen(kp->name));
11273 - /* We do not handle args without periods. */
11274 - dot = memchr(kp->name, '.', MAX_KBUILD_MODNAME);
11275 + dot = memchr(kp->name, '.', max_name_len);
11276 if (!dot) {
11277 - DEBUGP("couldn't find period in %s\n", kp->name);
11278 + DEBUGP("couldn't find period in first %d characters "
11279 + "of %s\n", MAX_KBUILD_MODNAME, kp->name);
11280 continue;
11281 }
11282 name_len = dot - kp->name;
11283 diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c
11284 index a3b7854..a686590 100644
11285 --- a/kernel/power/snapshot.c
11286 +++ b/kernel/power/snapshot.c
11287 @@ -709,7 +709,8 @@ static void mark_nosave_pages(struct memory_bitmap *bm)
11288 region->end_pfn << PAGE_SHIFT);
11290 for (pfn = region->start_pfn; pfn < region->end_pfn; pfn++)
11291 - memory_bm_set_bit(bm, pfn);
11292 + if (pfn_valid(pfn))
11293 + memory_bm_set_bit(bm, pfn);
11294 }
11295 }
11297 diff --git a/kernel/relay.c b/kernel/relay.c
11298 index 95db8c7..24db7e8 100644
11299 --- a/kernel/relay.c
11300 +++ b/kernel/relay.c
11301 @@ -91,6 +91,7 @@ int relay_mmap_buf(struct rchan_buf *buf, struct vm_area_struct *vma)
11302 return -EINVAL;
11304 vma->vm_ops = &relay_file_mmap_ops;
11305 + vma->vm_flags |= VM_DONTEXPAND;
11306 vma->vm_private_data = buf;
11307 buf->chan->cb->buf_mapped(buf, filp);
11309 diff --git a/kernel/signal.c b/kernel/signal.c
11310 index f940560..5c48ab2 100644
11311 --- a/kernel/signal.c
11312 +++ b/kernel/signal.c
11313 @@ -368,7 +368,7 @@ int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info)
11314 /* We only dequeue private signals from ourselves, we don't let
11315 * signalfd steal them
11316 */
11317 - if (tsk == current)
11318 + if (likely(tsk == current))
11319 signr = __dequeue_signal(&tsk->pending, mask, info);
11320 if (!signr) {
11321 signr = __dequeue_signal(&tsk->signal->shared_pending,
11322 @@ -415,7 +415,7 @@ int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info)
11323 if (!(tsk->signal->flags & SIGNAL_GROUP_EXIT))
11324 tsk->signal->flags |= SIGNAL_STOP_DEQUEUED;
11325 }
11326 - if ( signr &&
11327 + if (signr && likely(tsk == current) &&
11328 ((info->si_code & __SI_MASK) == __SI_TIMER) &&
11329 info->si_sys_private){
11330 /*
11331 @@ -1259,20 +1259,19 @@ struct sigqueue *sigqueue_alloc(void)
11332 void sigqueue_free(struct sigqueue *q)
11333 {
11334 unsigned long flags;
11335 + spinlock_t *lock = ¤t->sighand->siglock;
11336 +
11337 BUG_ON(!(q->flags & SIGQUEUE_PREALLOC));
11338 /*
11339 * If the signal is still pending remove it from the
11340 - * pending queue.
11341 + * pending queue. We must hold ->siglock while testing
11342 + * q->list to serialize with collect_signal().
11343 */
11344 - if (unlikely(!list_empty(&q->list))) {
11345 - spinlock_t *lock = ¤t->sighand->siglock;
11346 - read_lock(&tasklist_lock);
11347 - spin_lock_irqsave(lock, flags);
11348 - if (!list_empty(&q->list))
11349 - list_del_init(&q->list);
11350 - spin_unlock_irqrestore(lock, flags);
11351 - read_unlock(&tasklist_lock);
11352 - }
11353 + spin_lock_irqsave(lock, flags);
11354 + if (!list_empty(&q->list))
11355 + list_del_init(&q->list);
11356 + spin_unlock_irqrestore(lock, flags);
11357 +
11358 q->flags &= ~SIGQUEUE_PREALLOC;
11359 __sigqueue_free(q);
11360 }
11361 diff --git a/kernel/sys.c b/kernel/sys.c
11362 index 872271c..28e8364 100644
11363 --- a/kernel/sys.c
11364 +++ b/kernel/sys.c
11365 @@ -1428,7 +1428,6 @@ asmlinkage long sys_times(struct tms __user * tbuf)
11366 * Auch. Had to add the 'did_exec' flag to conform completely to POSIX.
11367 * LBT 04.03.94
11368 */
11369 -
11370 asmlinkage long sys_setpgid(pid_t pid, pid_t pgid)
11371 {
11372 struct task_struct *p;
11373 @@ -1456,7 +1455,7 @@ asmlinkage long sys_setpgid(pid_t pid, pid_t pgid)
11374 if (!thread_group_leader(p))
11375 goto out;
11377 - if (p->real_parent == group_leader) {
11378 + if (p->real_parent->tgid == group_leader->tgid) {
11379 err = -EPERM;
11380 if (task_session(p) != task_session(group_leader))
11381 goto out;
11382 diff --git a/kernel/time/timer_list.c b/kernel/time/timer_list.c
11383 index 8bbcfb7..7ea87d9 100644
11384 --- a/kernel/time/timer_list.c
11385 +++ b/kernel/time/timer_list.c
11386 @@ -267,7 +267,7 @@ static struct file_operations timer_list_fops = {
11387 .open = timer_list_open,
11388 .read = seq_read,
11389 .llseek = seq_lseek,
11390 - .release = seq_release,
11391 + .release = single_release,
11392 };
11394 static int __init init_timer_list_procfs(void)
11395 diff --git a/kernel/time/timer_stats.c b/kernel/time/timer_stats.c
11396 index 3216937..5717cfb 100644
11397 --- a/kernel/time/timer_stats.c
11398 +++ b/kernel/time/timer_stats.c
11399 @@ -319,8 +319,9 @@ static int tstats_show(struct seq_file *m, void *v)
11400 ms = 1;
11402 if (events && period.tv_sec)
11403 - seq_printf(m, "%ld total events, %ld.%ld events/sec\n", events,
11404 - events / period.tv_sec, events * 1000 / ms);
11405 + seq_printf(m, "%ld total events, %ld.%03ld events/sec\n",
11406 + events, events * 1000 / ms,
11407 + (events * 1000000 / ms) % 1000);
11408 else
11409 seq_printf(m, "%ld total events\n", events);
11411 @@ -391,7 +392,7 @@ static struct file_operations tstats_fops = {
11412 .read = seq_read,
11413 .write = tstats_write,
11414 .llseek = seq_lseek,
11415 - .release = seq_release,
11416 + .release = single_release,
11417 };
11419 void __init init_timer_stats(void)
11420 diff --git a/kernel/workqueue.c b/kernel/workqueue.c
11421 index 3bebf73..3831f88 100644
11422 --- a/kernel/workqueue.c
11423 +++ b/kernel/workqueue.c
11424 @@ -739,18 +739,17 @@ static void cleanup_workqueue_thread(struct cpu_workqueue_struct *cwq, int cpu)
11425 if (cwq->thread == NULL)
11426 return;
11428 + flush_cpu_workqueue(cwq);
11429 /*
11430 - * If the caller is CPU_DEAD the single flush_cpu_workqueue()
11431 - * is not enough, a concurrent flush_workqueue() can insert a
11432 - * barrier after us.
11433 + * If the caller is CPU_DEAD and cwq->worklist was not empty,
11434 + * a concurrent flush_workqueue() can insert a barrier after us.
11435 + * However, in that case run_workqueue() won't return and check
11436 + * kthread_should_stop() until it flushes all work_struct's.
11437 * When ->worklist becomes empty it is safe to exit because no
11438 * more work_structs can be queued on this cwq: flush_workqueue
11439 * checks list_empty(), and a "normal" queue_work() can't use
11440 * a dead CPU.
11441 */
11442 - while (flush_cpu_workqueue(cwq))
11443 - ;
11444 -
11445 kthread_stop(cwq->thread);
11446 cwq->thread = NULL;
11447 }
11448 diff --git a/lib/libcrc32c.c b/lib/libcrc32c.c
11449 index 60f4680..1f3a52e 100644
11450 --- a/lib/libcrc32c.c
11451 +++ b/lib/libcrc32c.c
11452 @@ -33,7 +33,6 @@
11453 #include <linux/crc32c.h>
11454 #include <linux/compiler.h>
11455 #include <linux/module.h>
11456 -#include <asm/byteorder.h>
11458 MODULE_AUTHOR("Clay Haapala <chaapala@cisco.com>");
11459 MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations");
11460 @@ -161,15 +160,13 @@ static const u32 crc32c_table[256] = {
11461 */
11463 u32 __attribute_pure__
11464 -crc32c_le(u32 seed, unsigned char const *data, size_t length)
11465 +crc32c_le(u32 crc, unsigned char const *data, size_t length)
11466 {
11467 - u32 crc = __cpu_to_le32(seed);
11468 -
11469 while (length--)
11470 crc =
11471 crc32c_table[(crc ^ *data++) & 0xFFL] ^ (crc >> 8);
11473 - return __le32_to_cpu(crc);
11474 + return crc;
11475 }
11477 #endif /* CRC_LE_BITS == 8 */
11478 diff --git a/lib/textsearch.c b/lib/textsearch.c
11479 index 88c98a2..be8bda3 100644
11480 --- a/lib/textsearch.c
11481 +++ b/lib/textsearch.c
11482 @@ -7,7 +7,7 @@
11483 * 2 of the License, or (at your option) any later version.
11484 *
11485 * Authors: Thomas Graf <tgraf@suug.ch>
11486 - * Pablo Neira Ayuso <pablo@eurodev.net>
11487 + * Pablo Neira Ayuso <pablo@netfilter.org>
11488 *
11489 * ==========================================================================
11490 *
11491 @@ -250,7 +250,8 @@ unsigned int textsearch_find_continuous(struct ts_config *conf,
11492 * the various search algorithms.
11493 *
11494 * Returns a new textsearch configuration according to the specified
11495 - * parameters or a ERR_PTR().
11496 + * parameters or a ERR_PTR(). If a zero length pattern is passed, this
11497 + * function returns EINVAL.
11498 */
11499 struct ts_config *textsearch_prepare(const char *algo, const void *pattern,
11500 unsigned int len, gfp_t gfp_mask, int flags)
11501 @@ -259,6 +260,9 @@ struct ts_config *textsearch_prepare(const char *algo, const void *pattern,
11502 struct ts_config *conf;
11503 struct ts_ops *ops;
11505 + if (len == 0)
11506 + return ERR_PTR(-EINVAL);
11507 +
11508 ops = lookup_ts_algo(algo);
11509 #ifdef CONFIG_KMOD
11510 /*
11511 diff --git a/mm/hugetlb.c b/mm/hugetlb.c
11512 index a45d1f0..5fb38f1 100644
11513 --- a/mm/hugetlb.c
11514 +++ b/mm/hugetlb.c
11515 @@ -101,13 +101,20 @@ static void free_huge_page(struct page *page)
11517 static int alloc_fresh_huge_page(void)
11518 {
11519 - static int nid = 0;
11520 + static int prev_nid;
11521 struct page *page;
11522 - page = alloc_pages_node(nid, GFP_HIGHUSER|__GFP_COMP|__GFP_NOWARN,
11523 - HUGETLB_PAGE_ORDER);
11524 - nid = next_node(nid, node_online_map);
11525 + static DEFINE_SPINLOCK(nid_lock);
11526 + int nid;
11527 +
11528 + spin_lock(&nid_lock);
11529 + nid = next_node(prev_nid, node_online_map);
11530 if (nid == MAX_NUMNODES)
11531 nid = first_node(node_online_map);
11532 + prev_nid = nid;
11533 + spin_unlock(&nid_lock);
11534 +
11535 + page = alloc_pages_node(nid, GFP_HIGHUSER|__GFP_COMP|__GFP_NOWARN,
11536 + HUGETLB_PAGE_ORDER);
11537 if (page) {
11538 set_compound_page_dtor(page, free_huge_page);
11539 spin_lock(&hugetlb_lock);
11540 diff --git a/mm/memory.c b/mm/memory.c
11541 index f64cbf9..538f054 100644
11542 --- a/mm/memory.c
11543 +++ b/mm/memory.c
11544 @@ -983,6 +983,8 @@ int get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
11545 int i;
11546 unsigned int vm_flags;
11548 + if (len <= 0)
11549 + return 0;
11550 /*
11551 * Require read or write permissions.
11552 * If 'force' is set, we only require the "MAY" flags.
11553 diff --git a/mm/mlock.c b/mm/mlock.c
11554 index 4d3fea2..7b26560 100644
11555 --- a/mm/mlock.c
11556 +++ b/mm/mlock.c
11557 @@ -244,9 +244,12 @@ int user_shm_lock(size_t size, struct user_struct *user)
11559 locked = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
11560 lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
11561 + if (lock_limit == RLIM_INFINITY)
11562 + allowed = 1;
11563 lock_limit >>= PAGE_SHIFT;
11564 spin_lock(&shmlock_user_lock);
11565 - if (locked + user->locked_shm > lock_limit && !capable(CAP_IPC_LOCK))
11566 + if (!allowed &&
11567 + locked + user->locked_shm > lock_limit && !capable(CAP_IPC_LOCK))
11568 goto out;
11569 get_uid(user);
11570 user->locked_shm += locked;
11571 diff --git a/mm/mmap.c b/mm/mmap.c
11572 index 906ed40..33fb671 100644
11573 --- a/mm/mmap.c
11574 +++ b/mm/mmap.c
11575 @@ -2157,7 +2157,7 @@ int install_special_mapping(struct mm_struct *mm,
11576 vma->vm_start = addr;
11577 vma->vm_end = addr + len;
11579 - vma->vm_flags = vm_flags | mm->def_flags;
11580 + vma->vm_flags = vm_flags | mm->def_flags | VM_DONTEXPAND;
11581 vma->vm_page_prot = protection_map[vma->vm_flags & 7];
11583 vma->vm_ops = &special_mapping_vmops;
11584 diff --git a/mm/page-writeback.c b/mm/page-writeback.c
11585 index eec1481..2d39627 100644
11586 --- a/mm/page-writeback.c
11587 +++ b/mm/page-writeback.c
11588 @@ -674,8 +674,10 @@ retry:
11590 ret = (*writepage)(page, wbc, data);
11592 - if (unlikely(ret == AOP_WRITEPAGE_ACTIVATE))
11593 + if (unlikely(ret == AOP_WRITEPAGE_ACTIVATE)) {
11594 unlock_page(page);
11595 + ret = 0;
11596 + }
11597 if (ret || (--(wbc->nr_to_write) <= 0))
11598 done = 1;
11599 if (wbc->nonblocking && bdi_write_congested(bdi)) {
11600 diff --git a/mm/quicklist.c b/mm/quicklist.c
11601 index ae8189c..3f703f7 100644
11602 --- a/mm/quicklist.c
11603 +++ b/mm/quicklist.c
11604 @@ -26,9 +26,17 @@ DEFINE_PER_CPU(struct quicklist, quicklist)[CONFIG_NR_QUICK];
11605 static unsigned long max_pages(unsigned long min_pages)
11606 {
11607 unsigned long node_free_pages, max;
11608 + struct zone *zones = NODE_DATA(numa_node_id())->node_zones;
11609 +
11610 + node_free_pages =
11611 +#ifdef CONFIG_ZONE_DMA
11612 + zone_page_state(&zones[ZONE_DMA], NR_FREE_PAGES) +
11613 +#endif
11614 +#ifdef CONFIG_ZONE_DMA32
11615 + zone_page_state(&zones[ZONE_DMA32], NR_FREE_PAGES) +
11616 +#endif
11617 + zone_page_state(&zones[ZONE_NORMAL], NR_FREE_PAGES);
11619 - node_free_pages = node_page_state(numa_node_id(),
11620 - NR_FREE_PAGES);
11621 max = node_free_pages / FRACTION_OF_NODE_MEM;
11622 return max(max, min_pages);
11623 }
11624 diff --git a/mm/readahead.c b/mm/readahead.c
11625 index 9861e88..1448e53 100644
11626 --- a/mm/readahead.c
11627 +++ b/mm/readahead.c
11628 @@ -21,8 +21,16 @@ void default_unplug_io_fn(struct backing_dev_info *bdi, struct page *page)
11629 }
11630 EXPORT_SYMBOL(default_unplug_io_fn);
11632 +/*
11633 + * Convienent macros for min/max read-ahead pages.
11634 + * Note that MAX_RA_PAGES is rounded down, while MIN_RA_PAGES is rounded up.
11635 + * The latter is necessary for systems with large page size(i.e. 64k).
11636 + */
11637 +#define MAX_RA_PAGES (VM_MAX_READAHEAD*1024 / PAGE_CACHE_SIZE)
11638 +#define MIN_RA_PAGES DIV_ROUND_UP(VM_MIN_READAHEAD*1024, PAGE_CACHE_SIZE)
11639 +
11640 struct backing_dev_info default_backing_dev_info = {
11641 - .ra_pages = (VM_MAX_READAHEAD * 1024) / PAGE_CACHE_SIZE,
11642 + .ra_pages = MAX_RA_PAGES,
11643 .state = 0,
11644 .capabilities = BDI_CAP_MAP_COPY,
11645 .unplug_io_fn = default_unplug_io_fn,
11646 @@ -51,7 +59,7 @@ static inline unsigned long get_max_readahead(struct file_ra_state *ra)
11648 static inline unsigned long get_min_readahead(struct file_ra_state *ra)
11649 {
11650 - return (VM_MIN_READAHEAD * 1024) / PAGE_CACHE_SIZE;
11651 + return MIN_RA_PAGES;
11652 }
11654 static inline void reset_ahead_window(struct file_ra_state *ra)
11655 diff --git a/mm/shmem.c b/mm/shmem.c
11656 index b6aae2b..d1c65fb 100644
11657 --- a/mm/shmem.c
11658 +++ b/mm/shmem.c
11659 @@ -911,6 +911,21 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc)
11660 struct inode *inode;
11662 BUG_ON(!PageLocked(page));
11663 + /*
11664 + * shmem_backing_dev_info's capabilities prevent regular writeback or
11665 + * sync from ever calling shmem_writepage; but a stacking filesystem
11666 + * may use the ->writepage of its underlying filesystem, in which case
11667 + * we want to do nothing when that underlying filesystem is tmpfs
11668 + * (writing out to swap is useful as a response to memory pressure, but
11669 + * of no use to stabilize the data) - just redirty the page, unlock it
11670 + * and claim success in this case. AOP_WRITEPAGE_ACTIVATE, and the
11671 + * page_mapped check below, must be avoided unless we're in reclaim.
11672 + */
11673 + if (!wbc->for_reclaim) {
11674 + set_page_dirty(page);
11675 + unlock_page(page);
11676 + return 0;
11677 + }
11678 BUG_ON(page_mapped(page));
11680 mapping = page->mapping;
11681 @@ -1051,7 +1066,7 @@ shmem_alloc_page(gfp_t gfp, struct shmem_inode_info *info,
11682 pvma.vm_policy = mpol_shared_policy_lookup(&info->policy, idx);
11683 pvma.vm_pgoff = idx;
11684 pvma.vm_end = PAGE_SIZE;
11685 - page = alloc_page_vma(gfp | __GFP_ZERO, &pvma, 0);
11686 + page = alloc_page_vma(gfp, &pvma, 0);
11687 mpol_free(pvma.vm_policy);
11688 return page;
11689 }
11690 @@ -1071,7 +1086,7 @@ shmem_swapin(struct shmem_inode_info *info,swp_entry_t entry,unsigned long idx)
11691 static inline struct page *
11692 shmem_alloc_page(gfp_t gfp,struct shmem_inode_info *info, unsigned long idx)
11693 {
11694 - return alloc_page(gfp | __GFP_ZERO);
11695 + return alloc_page(gfp);
11696 }
11697 #endif
11699 @@ -1280,6 +1295,7 @@ repeat:
11701 info->alloced++;
11702 spin_unlock(&info->lock);
11703 + clear_highpage(filepage);
11704 flush_dcache_page(filepage);
11705 SetPageUptodate(filepage);
11706 }
11707 diff --git a/mm/slab.c b/mm/slab.c
11708 index b344e67..42bf493 100644
11709 --- a/mm/slab.c
11710 +++ b/mm/slab.c
11711 @@ -2933,11 +2933,10 @@ static void *cache_alloc_refill(struct kmem_cache *cachep, gfp_t flags)
11712 struct array_cache *ac;
11713 int node;
11715 - node = numa_node_id();
11716 -
11717 +retry:
11718 check_irq_off();
11719 + node = numa_node_id();
11720 ac = cpu_cache_get(cachep);
11721 -retry:
11722 batchcount = ac->batchcount;
11723 if (!ac->touched && batchcount > BATCHREFILL_LIMIT) {
11724 /*
11725 diff --git a/mm/slub.c b/mm/slub.c
11726 index e0cf621..648f2c7 100644
11727 --- a/mm/slub.c
11728 +++ b/mm/slub.c
11729 @@ -1431,28 +1431,8 @@ new_slab:
11730 page = new_slab(s, gfpflags, node);
11731 if (page) {
11732 cpu = smp_processor_id();
11733 - if (s->cpu_slab[cpu]) {
11734 - /*
11735 - * Someone else populated the cpu_slab while we
11736 - * enabled interrupts, or we have gotten scheduled
11737 - * on another cpu. The page may not be on the
11738 - * requested node even if __GFP_THISNODE was
11739 - * specified. So we need to recheck.
11740 - */
11741 - if (node == -1 ||
11742 - page_to_nid(s->cpu_slab[cpu]) == node) {
11743 - /*
11744 - * Current cpuslab is acceptable and we
11745 - * want the current one since its cache hot
11746 - */
11747 - discard_slab(s, page);
11748 - page = s->cpu_slab[cpu];
11749 - slab_lock(page);
11750 - goto load_freelist;
11751 - }
11752 - /* New slab does not fit our expectations */
11753 + if (s->cpu_slab[cpu])
11754 flush_slab(s, s->cpu_slab[cpu], cpu);
11755 - }
11756 slab_lock(page);
11757 SetSlabFrozen(page);
11758 s->cpu_slab[cpu] = page;
11759 diff --git a/mm/sparse.c b/mm/sparse.c
11760 index e03b39f..fdc1454 100644
11761 --- a/mm/sparse.c
11762 +++ b/mm/sparse.c
11763 @@ -209,12 +209,6 @@ static int __meminit sparse_init_one_section(struct mem_section *ms,
11764 return 1;
11765 }
11767 -__attribute__((weak))
11768 -void *alloc_bootmem_high_node(pg_data_t *pgdat, unsigned long size)
11769 -{
11770 - return NULL;
11771 -}
11772 -
11773 static struct page __init *sparse_early_mem_map_alloc(unsigned long pnum)
11774 {
11775 struct page *map;
11776 @@ -225,11 +219,6 @@ static struct page __init *sparse_early_mem_map_alloc(unsigned long pnum)
11777 if (map)
11778 return map;
11780 - map = alloc_bootmem_high_node(NODE_DATA(nid),
11781 - sizeof(struct page) * PAGES_PER_SECTION);
11782 - if (map)
11783 - return map;
11784 -
11785 map = alloc_bootmem_node(NODE_DATA(nid),
11786 sizeof(struct page) * PAGES_PER_SECTION);
11787 if (map)
11788 diff --git a/mm/vmscan.c b/mm/vmscan.c
11789 index 1be5a63..a618717 100644
11790 --- a/mm/vmscan.c
11791 +++ b/mm/vmscan.c
11792 @@ -774,6 +774,7 @@ static void shrink_active_list(unsigned long nr_pages, struct zone *zone,
11793 long mapped_ratio;
11794 long distress;
11795 long swap_tendency;
11796 + long imbalance;
11798 if (zone_is_near_oom(zone))
11799 goto force_reclaim_mapped;
11800 @@ -809,6 +810,46 @@ static void shrink_active_list(unsigned long nr_pages, struct zone *zone,
11801 swap_tendency = mapped_ratio / 2 + distress + sc->swappiness;
11803 /*
11804 + * If there's huge imbalance between active and inactive
11805 + * (think active 100 times larger than inactive) we should
11806 + * become more permissive, or the system will take too much
11807 + * cpu before it start swapping during memory pressure.
11808 + * Distress is about avoiding early-oom, this is about
11809 + * making swappiness graceful despite setting it to low
11810 + * values.
11811 + *
11812 + * Avoid div by zero with nr_inactive+1, and max resulting
11813 + * value is vm_total_pages.
11814 + */
11815 + imbalance = zone_page_state(zone, NR_ACTIVE);
11816 + imbalance /= zone_page_state(zone, NR_INACTIVE) + 1;
11817 +
11818 + /*
11819 + * Reduce the effect of imbalance if swappiness is low,
11820 + * this means for a swappiness very low, the imbalance
11821 + * must be much higher than 100 for this logic to make
11822 + * the difference.
11823 + *
11824 + * Max temporary value is vm_total_pages*100.
11825 + */
11826 + imbalance *= (vm_swappiness + 1);
11827 + imbalance /= 100;
11828 +
11829 + /*
11830 + * If not much of the ram is mapped, makes the imbalance
11831 + * less relevant, it's high priority we refill the inactive
11832 + * list with mapped pages only in presence of high ratio of
11833 + * mapped pages.
11834 + *
11835 + * Max temporary value is vm_total_pages*100.
11836 + */
11837 + imbalance *= mapped_ratio;
11838 + imbalance /= 100;
11839 +
11840 + /* apply imbalance feedback to swap_tendency */
11841 + swap_tendency += imbalance;
11842 +
11843 + /*
11844 * Now use this metric to decide whether to start moving mapped
11845 * memory onto the inactive list.
11846 */
11847 diff --git a/net/802/psnap.c b/net/802/psnap.c
11848 index 04ee43e..31128cb 100644
11849 --- a/net/802/psnap.c
11850 +++ b/net/802/psnap.c
11851 @@ -55,6 +55,9 @@ static int snap_rcv(struct sk_buff *skb, struct net_device *dev,
11852 .type = __constant_htons(ETH_P_SNAP),
11853 };
11855 + if (unlikely(!pskb_may_pull(skb, 5)))
11856 + goto drop;
11857 +
11858 rcu_read_lock();
11859 proto = find_snap_client(skb_transport_header(skb));
11860 if (proto) {
11861 @@ -62,14 +65,18 @@ static int snap_rcv(struct sk_buff *skb, struct net_device *dev,
11862 skb->transport_header += 5;
11863 skb_pull_rcsum(skb, 5);
11864 rc = proto->rcvfunc(skb, dev, &snap_packet_type, orig_dev);
11865 - } else {
11866 - skb->sk = NULL;
11867 - kfree_skb(skb);
11868 - rc = 1;
11869 }
11870 -
11871 rcu_read_unlock();
11872 +
11873 + if (unlikely(!proto))
11874 + goto drop;
11875 +
11876 +out:
11877 return rc;
11878 +
11879 +drop:
11880 + kfree_skb(skb);
11881 + goto out;
11882 }
11884 /*
11885 diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
11886 index ec46084..0642694 100644
11887 --- a/net/8021q/vlan_dev.c
11888 +++ b/net/8021q/vlan_dev.c
11889 @@ -116,12 +116,22 @@ int vlan_skb_recv(struct sk_buff *skb, struct net_device *dev,
11890 struct packet_type* ptype, struct net_device *orig_dev)
11891 {
11892 unsigned char *rawp = NULL;
11893 - struct vlan_hdr *vhdr = (struct vlan_hdr *)(skb->data);
11894 + struct vlan_hdr *vhdr;
11895 unsigned short vid;
11896 struct net_device_stats *stats;
11897 unsigned short vlan_TCI;
11898 __be16 proto;
11900 + if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
11901 + return -1;
11902 +
11903 + if (unlikely(!pskb_may_pull(skb, VLAN_HLEN))) {
11904 + kfree_skb(skb);
11905 + return -1;
11906 + }
11907 +
11908 + vhdr = (struct vlan_hdr *)(skb->data);
11909 +
11910 /* vlan_TCI = ntohs(get_unaligned(&vhdr->h_vlan_TCI)); */
11911 vlan_TCI = ntohs(vhdr->h_vlan_TCI);
11913 diff --git a/net/atm/mpc.c b/net/atm/mpc.c
11914 index 7c85aa5..181c1c8 100644
11915 --- a/net/atm/mpc.c
11916 +++ b/net/atm/mpc.c
11917 @@ -542,6 +542,13 @@ static int mpc_send_packet(struct sk_buff *skb, struct net_device *dev)
11918 if (eth->h_proto != htons(ETH_P_IP))
11919 goto non_ip; /* Multi-Protocol Over ATM :-) */
11921 + /* Weed out funny packets (e.g., AF_PACKET or raw). */
11922 + if (skb->len < ETH_HLEN + sizeof(struct iphdr))
11923 + goto non_ip;
11924 + skb_set_network_header(skb, ETH_HLEN);
11925 + if (skb->len < ETH_HLEN + ip_hdr(skb)->ihl * 4 || ip_hdr(skb)->ihl < 5)
11926 + goto non_ip;
11927 +
11928 while (i < mpc->number_of_mps_macs) {
11929 if (!compare_ether_addr(eth->h_dest, (mpc->mps_macs + i*ETH_ALEN)))
11930 if ( send_via_shortcut(skb, mpc) == 0 ) /* try shortcut */
11931 diff --git a/net/ax25/ax25_in.c b/net/ax25/ax25_in.c
11932 index 0ddaff0..8a9f0ac 100644
11933 --- a/net/ax25/ax25_in.c
11934 +++ b/net/ax25/ax25_in.c
11935 @@ -124,7 +124,7 @@ int ax25_rx_iframe(ax25_cb *ax25, struct sk_buff *skb)
11936 }
11938 skb_pull(skb, 1); /* Remove PID */
11939 - skb_reset_mac_header(skb);
11940 + skb->mac_header = skb->network_header;
11941 skb_reset_network_header(skb);
11942 skb->dev = ax25->ax25_dev->dev;
11943 skb->pkt_type = PACKET_HOST;
11944 diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
11945 index b2b1cce..23ba61a 100644
11946 --- a/net/bluetooth/rfcomm/tty.c
11947 +++ b/net/bluetooth/rfcomm/tty.c
11948 @@ -95,6 +95,10 @@ static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
11950 BT_DBG("dev %p dlc %p", dev, dlc);
11952 + write_lock_bh(&rfcomm_dev_lock);
11953 + list_del_init(&dev->list);
11954 + write_unlock_bh(&rfcomm_dev_lock);
11955 +
11956 rfcomm_dlc_lock(dlc);
11957 /* Detach DLC if it's owned by this dev */
11958 if (dlc->owner == dev)
11959 @@ -156,8 +160,13 @@ static inline struct rfcomm_dev *rfcomm_dev_get(int id)
11960 read_lock(&rfcomm_dev_lock);
11962 dev = __rfcomm_dev_get(id);
11963 - if (dev)
11964 - rfcomm_dev_hold(dev);
11965 +
11966 + if (dev) {
11967 + if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
11968 + dev = NULL;
11969 + else
11970 + rfcomm_dev_hold(dev);
11971 + }
11973 read_unlock(&rfcomm_dev_lock);
11975 @@ -265,6 +274,12 @@ out:
11977 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL);
11979 + if (IS_ERR(dev->tty_dev)) {
11980 + list_del(&dev->list);
11981 + kfree(dev);
11982 + return PTR_ERR(dev->tty_dev);
11983 + }
11984 +
11985 return dev->id;
11986 }
11988 @@ -272,10 +287,7 @@ static void rfcomm_dev_del(struct rfcomm_dev *dev)
11989 {
11990 BT_DBG("dev %p", dev);
11992 - write_lock_bh(&rfcomm_dev_lock);
11993 - list_del_init(&dev->list);
11994 - write_unlock_bh(&rfcomm_dev_lock);
11995 -
11996 + set_bit(RFCOMM_TTY_RELEASED, &dev->flags);
11997 rfcomm_dev_put(dev);
11998 }
12000 @@ -329,7 +341,7 @@ static int rfcomm_create_dev(struct sock *sk, void __user *arg)
12001 if (copy_from_user(&req, arg, sizeof(req)))
12002 return -EFAULT;
12004 - BT_DBG("sk %p dev_id %id flags 0x%x", sk, req.dev_id, req.flags);
12005 + BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
12007 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
12008 return -EPERM;
12009 @@ -370,7 +382,7 @@ static int rfcomm_release_dev(void __user *arg)
12010 if (copy_from_user(&req, arg, sizeof(req)))
12011 return -EFAULT;
12013 - BT_DBG("dev_id %id flags 0x%x", req.dev_id, req.flags);
12014 + BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
12016 if (!(dev = rfcomm_dev_get(req.dev_id)))
12017 return -ENODEV;
12018 @@ -383,6 +395,10 @@ static int rfcomm_release_dev(void __user *arg)
12019 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
12020 rfcomm_dlc_close(dev->dlc, 0);
12022 + /* Shut down TTY synchronously before freeing rfcomm_dev */
12023 + if (dev->tty)
12024 + tty_vhangup(dev->tty);
12025 +
12026 rfcomm_dev_del(dev);
12027 rfcomm_dev_put(dev);
12028 return 0;
12029 @@ -415,6 +431,8 @@ static int rfcomm_get_dev_list(void __user *arg)
12031 list_for_each(p, &rfcomm_dev_list) {
12032 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
12033 + if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
12034 + continue;
12035 (di + n)->id = dev->id;
12036 (di + n)->flags = dev->flags;
12037 (di + n)->state = dev->dlc->state;
12038 diff --git a/net/bridge/br.c b/net/bridge/br.c
12039 index 848b8fa..94ae4d2 100644
12040 --- a/net/bridge/br.c
12041 +++ b/net/bridge/br.c
12042 @@ -39,7 +39,7 @@ static int __init br_init(void)
12044 err = br_fdb_init();
12045 if (err)
12046 - goto err_out1;
12047 + goto err_out;
12049 err = br_netfilter_init();
12050 if (err)
12051 @@ -65,6 +65,8 @@ err_out3:
12052 err_out2:
12053 br_netfilter_fini();
12054 err_out1:
12055 + br_fdb_fini();
12056 +err_out:
12057 llc_sap_put(br_stp_sap);
12058 return err;
12059 }
12060 diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
12061 index 5e1892d..c326602 100644
12062 --- a/net/bridge/br_device.c
12063 +++ b/net/bridge/br_device.c
12064 @@ -179,5 +179,6 @@ void br_dev_setup(struct net_device *dev)
12065 dev->priv_flags = IFF_EBRIDGE;
12067 dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | NETIF_F_HIGHDMA |
12068 - NETIF_F_TSO | NETIF_F_NO_CSUM | NETIF_F_GSO_ROBUST;
12069 + NETIF_F_GSO_SOFTWARE | NETIF_F_NO_CSUM |
12070 + NETIF_F_GSO_ROBUST | NETIF_F_LLTX;
12071 }
12072 diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
12073 index 849deaf..fefd7c1 100644
12074 --- a/net/bridge/br_if.c
12075 +++ b/net/bridge/br_if.c
12076 @@ -360,35 +360,15 @@ int br_min_mtu(const struct net_bridge *br)
12077 void br_features_recompute(struct net_bridge *br)
12078 {
12079 struct net_bridge_port *p;
12080 - unsigned long features, checksum;
12081 + unsigned long features;
12083 - checksum = br->feature_mask & NETIF_F_ALL_CSUM ? NETIF_F_NO_CSUM : 0;
12084 - features = br->feature_mask & ~NETIF_F_ALL_CSUM;
12085 + features = br->feature_mask;
12087 list_for_each_entry(p, &br->port_list, list) {
12088 - unsigned long feature = p->dev->features;
12089 -
12090 - if (checksum & NETIF_F_NO_CSUM && !(feature & NETIF_F_NO_CSUM))
12091 - checksum ^= NETIF_F_NO_CSUM | NETIF_F_HW_CSUM;
12092 - if (checksum & NETIF_F_HW_CSUM && !(feature & NETIF_F_HW_CSUM))
12093 - checksum ^= NETIF_F_HW_CSUM | NETIF_F_IP_CSUM;
12094 - if (!(feature & NETIF_F_IP_CSUM))
12095 - checksum = 0;
12096 -
12097 - if (feature & NETIF_F_GSO)
12098 - feature |= NETIF_F_GSO_SOFTWARE;
12099 - feature |= NETIF_F_GSO;
12100 -
12101 - features &= feature;
12102 + features = netdev_compute_features(features, p->dev->features);
12103 }
12105 - if (!(checksum & NETIF_F_ALL_CSUM))
12106 - features &= ~NETIF_F_SG;
12107 - if (!(features & NETIF_F_SG))
12108 - features &= ~NETIF_F_GSO_MASK;
12109 -
12110 - br->dev->features = features | checksum | NETIF_F_LLTX |
12111 - NETIF_F_GSO_ROBUST;
12112 + br->dev->features = features;
12113 }
12115 /* called with RTNL */
12116 diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
12117 index 420bbb9..fb2c7cc 100644
12118 --- a/net/bridge/br_input.c
12119 +++ b/net/bridge/br_input.c
12120 @@ -127,6 +127,7 @@ static inline int is_link_local(const unsigned char *dest)
12121 struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb)
12122 {
12123 const unsigned char *dest = eth_hdr(skb)->h_dest;
12124 + int (*rhook)(struct sk_buff **pskb);
12126 if (!is_valid_ether_addr(eth_hdr(skb)->h_source))
12127 goto drop;
12128 @@ -148,9 +149,9 @@ struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb)
12130 switch (p->state) {
12131 case BR_STATE_FORWARDING:
12132 -
12133 - if (br_should_route_hook) {
12134 - if (br_should_route_hook(&skb))
12135 + rhook = rcu_dereference(br_should_route_hook);
12136 + if (rhook != NULL) {
12137 + if (rhook(&skb))
12138 return skb;
12139 dest = eth_hdr(skb)->h_dest;
12140 }
12141 diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
12142 index fa77987..3ee2022 100644
12143 --- a/net/bridge/br_netfilter.c
12144 +++ b/net/bridge/br_netfilter.c
12145 @@ -509,8 +509,14 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
12146 int (*okfn)(struct sk_buff *))
12147 {
12148 struct iphdr *iph;
12149 - __u32 len;
12150 struct sk_buff *skb = *pskb;
12151 + __u32 len = nf_bridge_encap_header_len(skb);
12152 +
12153 + if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
12154 + return NF_STOLEN;
12155 +
12156 + if (unlikely(!pskb_may_pull(skb, len)))
12157 + goto out;
12159 if (skb->protocol == htons(ETH_P_IPV6) || IS_VLAN_IPV6(skb) ||
12160 IS_PPPOE_IPV6(skb)) {
12161 @@ -518,8 +524,6 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
12162 if (!brnf_call_ip6tables)
12163 return NF_ACCEPT;
12164 #endif
12165 - if ((skb = skb_share_check(*pskb, GFP_ATOMIC)) == NULL)
12166 - goto out;
12167 nf_bridge_pull_encap_header_rcsum(skb);
12168 return br_nf_pre_routing_ipv6(hook, skb, in, out, okfn);
12169 }
12170 @@ -532,8 +536,6 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
12171 !IS_PPPOE_IP(skb))
12172 return NF_ACCEPT;
12174 - if ((skb = skb_share_check(*pskb, GFP_ATOMIC)) == NULL)
12175 - goto out;
12176 nf_bridge_pull_encap_header_rcsum(skb);
12178 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
12179 diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
12180 index 031bfa4..984e9c6 100644
12181 --- a/net/bridge/netfilter/ebt_log.c
12182 +++ b/net/bridge/netfilter/ebt_log.c
12183 @@ -196,10 +196,8 @@ static int __init ebt_log_init(void)
12184 ret = ebt_register_watcher(&log);
12185 if (ret < 0)
12186 return ret;
12187 - ret = nf_log_register(PF_BRIDGE, &ebt_log_logger);
12188 - if (ret < 0 && ret != -EEXIST)
12189 - ebt_unregister_watcher(&log);
12190 - return ret;
12191 + nf_log_register(PF_BRIDGE, &ebt_log_logger);
12192 + return 0;
12193 }
12195 static void __exit ebt_log_fini(void)
12196 diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
12197 index 9411db6..6fec352 100644
12198 --- a/net/bridge/netfilter/ebt_ulog.c
12199 +++ b/net/bridge/netfilter/ebt_ulog.c
12200 @@ -308,12 +308,8 @@ static int __init ebt_ulog_init(void)
12201 else if ((ret = ebt_register_watcher(&ulog)))
12202 sock_release(ebtulognl->sk_socket);
12204 - if (nf_log_register(PF_BRIDGE, &ebt_ulog_logger) < 0) {
12205 - printk(KERN_WARNING "ebt_ulog: not logging via ulog "
12206 - "since somebody else already registered for PF_BRIDGE\n");
12207 - /* we cannot make module load fail here, since otherwise
12208 - * ebtables userspace would abort */
12209 - }
12210 + if (ret == 0)
12211 + nf_log_register(PF_BRIDGE, &ebt_ulog_logger);
12213 return ret;
12214 }
12215 diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c
12216 index d37ce04..bc17cf5 100644
12217 --- a/net/bridge/netfilter/ebtable_broute.c
12218 +++ b/net/bridge/netfilter/ebtable_broute.c
12219 @@ -70,13 +70,13 @@ static int __init ebtable_broute_init(void)
12220 if (ret < 0)
12221 return ret;
12222 /* see br_input.c */
12223 - br_should_route_hook = ebt_broute;
12224 + rcu_assign_pointer(br_should_route_hook, ebt_broute);
12225 return ret;
12226 }
12228 static void __exit ebtable_broute_fini(void)
12229 {
12230 - br_should_route_hook = NULL;
12231 + rcu_assign_pointer(br_should_route_hook, NULL);
12232 synchronize_net();
12233 ebt_unregister_table(&broute_table);
12234 }
12235 diff --git a/net/core/datagram.c b/net/core/datagram.c
12236 index cb056f4..029b93e 100644
12237 --- a/net/core/datagram.c
12238 +++ b/net/core/datagram.c
12239 @@ -450,6 +450,9 @@ int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb,
12240 __wsum csum;
12241 int chunk = skb->len - hlen;
12243 + if (!chunk)
12244 + return 0;
12245 +
12246 /* Skip filled elements.
12247 * Pretty silly, look at memcpy_toiovec, though 8)
12248 */
12249 diff --git a/net/core/dev.c b/net/core/dev.c
12250 index ee051bb..1561f61 100644
12251 --- a/net/core/dev.c
12252 +++ b/net/core/dev.c
12253 @@ -3635,6 +3635,44 @@ static int __init netdev_dma_register(void)
12254 static int __init netdev_dma_register(void) { return -ENODEV; }
12255 #endif /* CONFIG_NET_DMA */
12257 +/**
12258 + * netdev_compute_feature - compute conjunction of two feature sets
12259 + * @all: first feature set
12260 + * @one: second feature set
12261 + *
12262 + * Computes a new feature set after adding a device with feature set
12263 + * @one to the master device with current feature set @all. Returns
12264 + * the new feature set.
12265 + */
12266 +int netdev_compute_features(unsigned long all, unsigned long one)
12267 +{
12268 + /* if device needs checksumming, downgrade to hw checksumming */
12269 + if (all & NETIF_F_NO_CSUM && !(one & NETIF_F_NO_CSUM))
12270 + all ^= NETIF_F_NO_CSUM | NETIF_F_HW_CSUM;
12271 +
12272 + /* if device can't do all checksum, downgrade to ipv4 */
12273 + if (all & NETIF_F_HW_CSUM && !(one & NETIF_F_HW_CSUM))
12274 + all ^= NETIF_F_HW_CSUM | NETIF_F_IP_CSUM;
12275 +
12276 + if (one & NETIF_F_GSO)
12277 + one |= NETIF_F_GSO_SOFTWARE;
12278 + one |= NETIF_F_GSO;
12279 +
12280 + /* If even one device supports robust GSO, enable it for all. */
12281 + if (one & NETIF_F_GSO_ROBUST)
12282 + all |= NETIF_F_GSO_ROBUST;
12283 +
12284 + all &= one | NETIF_F_LLTX;
12285 +
12286 + if (!(all & NETIF_F_ALL_CSUM))
12287 + all &= ~NETIF_F_SG;
12288 + if (!(all & NETIF_F_SG))
12289 + all &= ~NETIF_F_GSO_MASK;
12290 +
12291 + return all;
12292 +}
12293 +EXPORT_SYMBOL(netdev_compute_features);
12294 +
12295 /*
12296 * Initialize the DEV module. At boot time this walks the device list and
12297 * unhooks any devices that fail to initialise (normally hardware not
12298 diff --git a/net/core/gen_estimator.c b/net/core/gen_estimator.c
12299 index 17daf4c..590a767 100644
12300 --- a/net/core/gen_estimator.c
12301 +++ b/net/core/gen_estimator.c
12302 @@ -79,27 +79,27 @@
12304 struct gen_estimator
12305 {
12306 - struct gen_estimator *next;
12307 + struct list_head list;
12308 struct gnet_stats_basic *bstats;
12309 struct gnet_stats_rate_est *rate_est;
12310 spinlock_t *stats_lock;
12311 - unsigned interval;
12312 int ewma_log;
12313 u64 last_bytes;
12314 u32 last_packets;
12315 u32 avpps;
12316 u32 avbps;
12317 + struct rcu_head e_rcu;
12318 };
12320 struct gen_estimator_head
12321 {
12322 struct timer_list timer;
12323 - struct gen_estimator *list;
12324 + struct list_head list;
12325 };
12327 static struct gen_estimator_head elist[EST_MAX_INTERVAL+1];
12329 -/* Estimator array lock */
12330 +/* Protects against NULL dereference */
12331 static DEFINE_RWLOCK(est_lock);
12333 static void est_timer(unsigned long arg)
12334 @@ -107,13 +107,17 @@ static void est_timer(unsigned long arg)
12335 int idx = (int)arg;
12336 struct gen_estimator *e;
12338 - read_lock(&est_lock);
12339 - for (e = elist[idx].list; e; e = e->next) {
12340 + rcu_read_lock();
12341 + list_for_each_entry_rcu(e, &elist[idx].list, list) {
12342 u64 nbytes;
12343 u32 npackets;
12344 u32 rate;
12346 spin_lock(e->stats_lock);
12347 + read_lock(&est_lock);
12348 + if (e->bstats == NULL)
12349 + goto skip;
12350 +
12351 nbytes = e->bstats->bytes;
12352 npackets = e->bstats->packets;
12353 rate = (nbytes - e->last_bytes)<<(7 - idx);
12354 @@ -125,11 +129,14 @@ static void est_timer(unsigned long arg)
12355 e->last_packets = npackets;
12356 e->avpps += ((long)rate - (long)e->avpps) >> e->ewma_log;
12357 e->rate_est->pps = (e->avpps+0x1FF)>>10;
12358 +skip:
12359 + read_unlock(&est_lock);
12360 spin_unlock(e->stats_lock);
12361 }
12363 - mod_timer(&elist[idx].timer, jiffies + ((HZ<<idx)/4));
12364 - read_unlock(&est_lock);
12365 + if (!list_empty(&elist[idx].list))
12366 + mod_timer(&elist[idx].timer, jiffies + ((HZ<<idx)/4));
12367 + rcu_read_unlock();
12368 }
12370 /**
12371 @@ -146,12 +153,17 @@ static void est_timer(unsigned long arg)
12372 * &rate_est with the statistics lock grabed during this period.
12373 *
12374 * Returns 0 on success or a negative error code.
12375 + *
12376 + * NOTE: Called under rtnl_mutex
12377 */
12378 int gen_new_estimator(struct gnet_stats_basic *bstats,
12379 - struct gnet_stats_rate_est *rate_est, spinlock_t *stats_lock, struct rtattr *opt)
12380 + struct gnet_stats_rate_est *rate_est,
12381 + spinlock_t *stats_lock,
12382 + struct rtattr *opt)
12383 {
12384 struct gen_estimator *est;
12385 struct gnet_estimator *parm = RTA_DATA(opt);
12386 + int idx;
12388 if (RTA_PAYLOAD(opt) < sizeof(*parm))
12389 return -EINVAL;
12390 @@ -163,7 +175,7 @@ int gen_new_estimator(struct gnet_stats_basic *bstats,
12391 if (est == NULL)
12392 return -ENOBUFS;
12394 - est->interval = parm->interval + 2;
12395 + idx = parm->interval + 2;
12396 est->bstats = bstats;
12397 est->rate_est = rate_est;
12398 est->stats_lock = stats_lock;
12399 @@ -173,20 +185,25 @@ int gen_new_estimator(struct gnet_stats_basic *bstats,
12400 est->last_packets = bstats->packets;
12401 est->avpps = rate_est->pps<<10;
12403 - est->next = elist[est->interval].list;
12404 - if (est->next == NULL) {
12405 - init_timer(&elist[est->interval].timer);
12406 - elist[est->interval].timer.data = est->interval;
12407 - elist[est->interval].timer.expires = jiffies + ((HZ<<est->interval)/4);
12408 - elist[est->interval].timer.function = est_timer;
12409 - add_timer(&elist[est->interval].timer);
12410 + if (!elist[idx].timer.function) {
12411 + INIT_LIST_HEAD(&elist[idx].list);
12412 + setup_timer(&elist[idx].timer, est_timer, idx);
12413 }
12414 - write_lock_bh(&est_lock);
12415 - elist[est->interval].list = est;
12416 - write_unlock_bh(&est_lock);
12417 +
12418 + if (list_empty(&elist[idx].list))
12419 + mod_timer(&elist[idx].timer, jiffies + ((HZ<<idx)/4));
12420 +
12421 + list_add_rcu(&est->list, &elist[idx].list);
12422 return 0;
12423 }
12425 +static void __gen_kill_estimator(struct rcu_head *head)
12426 +{
12427 + struct gen_estimator *e = container_of(head,
12428 + struct gen_estimator, e_rcu);
12429 + kfree(e);
12430 +}
12431 +
12432 /**
12433 * gen_kill_estimator - remove a rate estimator
12434 * @bstats: basic statistics
12435 @@ -194,31 +211,32 @@ int gen_new_estimator(struct gnet_stats_basic *bstats,
12436 *
12437 * Removes the rate estimator specified by &bstats and &rate_est
12438 * and deletes the timer.
12439 + *
12440 + * NOTE: Called under rtnl_mutex
12441 */
12442 void gen_kill_estimator(struct gnet_stats_basic *bstats,
12443 struct gnet_stats_rate_est *rate_est)
12444 {
12445 int idx;
12446 - struct gen_estimator *est, **pest;
12447 + struct gen_estimator *e, *n;
12449 for (idx=0; idx <= EST_MAX_INTERVAL; idx++) {
12450 - int killed = 0;
12451 - pest = &elist[idx].list;
12452 - while ((est=*pest) != NULL) {
12453 - if (est->rate_est != rate_est || est->bstats != bstats) {
12454 - pest = &est->next;
12455 +
12456 + /* Skip non initialized indexes */
12457 + if (!elist[idx].timer.function)
12458 + continue;
12459 +
12460 + list_for_each_entry_safe(e, n, &elist[idx].list, list) {
12461 + if (e->rate_est != rate_est || e->bstats != bstats)
12462 continue;
12463 - }
12465 write_lock_bh(&est_lock);
12466 - *pest = est->next;
12467 + e->bstats = NULL;
12468 write_unlock_bh(&est_lock);
12470 - kfree(est);
12471 - killed++;
12472 + list_del_rcu(&e->list);
12473 + call_rcu(&e->e_rcu, __gen_kill_estimator);
12474 }
12475 - if (killed && elist[idx].list == NULL)
12476 - del_timer(&elist[idx].timer);
12477 }
12478 }
12480 diff --git a/net/core/netpoll.c b/net/core/netpoll.c
12481 index a0efdd7..5df8cf4 100644
12482 --- a/net/core/netpoll.c
12483 +++ b/net/core/netpoll.c
12484 @@ -781,7 +781,6 @@ void netpoll_cleanup(struct netpoll *np)
12485 spin_unlock_irqrestore(&npinfo->rx_lock, flags);
12486 }
12488 - np->dev->npinfo = NULL;
12489 if (atomic_dec_and_test(&npinfo->refcnt)) {
12490 skb_queue_purge(&npinfo->arp_tx);
12491 skb_queue_purge(&npinfo->txq);
12492 @@ -794,6 +793,7 @@ void netpoll_cleanup(struct netpoll *np)
12493 kfree_skb(skb);
12494 }
12495 kfree(npinfo);
12496 + np->dev->npinfo = NULL;
12497 }
12498 }
12500 diff --git a/net/core/pktgen.c b/net/core/pktgen.c
12501 index 9cd3a1c..33190c3 100644
12502 --- a/net/core/pktgen.c
12503 +++ b/net/core/pktgen.c
12504 @@ -111,6 +111,9 @@
12505 *
12506 * 802.1Q/Q-in-Q support by Francesco Fondelli (FF) <francesco.fondelli@gmail.com>
12507 *
12508 + * Fixed src_mac command to set source mac of packet to value specified in
12509 + * command by Adit Ranadive <adit.262@gmail.com>
12510 + *
12511 */
12512 #include <linux/sys.h>
12513 #include <linux/types.h>
12514 @@ -1415,8 +1418,11 @@ static ssize_t pktgen_if_write(struct file *file,
12515 }
12516 if (!strcmp(name, "src_mac")) {
12517 char *v = valstr;
12518 + unsigned char old_smac[ETH_ALEN];
12519 unsigned char *m = pkt_dev->src_mac;
12521 + memcpy(old_smac, pkt_dev->src_mac, ETH_ALEN);
12522 +
12523 len = strn_len(&user_buffer[i], sizeof(valstr) - 1);
12524 if (len < 0) {
12525 return len;
12526 @@ -1445,6 +1451,10 @@ static ssize_t pktgen_if_write(struct file *file,
12527 }
12528 }
12530 + /* Set up Src MAC */
12531 + if (compare_ether_addr(old_smac, pkt_dev->src_mac))
12532 + memcpy(&(pkt_dev->hh[6]), pkt_dev->src_mac, ETH_ALEN);
12533 +
12534 sprintf(pg_result, "OK: srcmac");
12535 return count;
12536 }
12537 diff --git a/net/dccp/ccids/ccid2.c b/net/dccp/ccids/ccid2.c
12538 index 248d20f..d29b88f 100644
12539 --- a/net/dccp/ccids/ccid2.c
12540 +++ b/net/dccp/ccids/ccid2.c
12541 @@ -298,7 +298,7 @@ static void ccid2_hc_tx_packet_sent(struct sock *sk, int more, unsigned int len)
12542 int rc;
12544 ccid2_pr_debug("allocating more space in history\n");
12545 - rc = ccid2_hc_tx_alloc_seq(hctx, CCID2_SEQBUF_LEN, GFP_KERNEL);
12546 + rc = ccid2_hc_tx_alloc_seq(hctx, CCID2_SEQBUF_LEN, gfp_any());
12547 BUG_ON(rc); /* XXX what do we do? */
12549 next = hctx->ccid2hctx_seqh->ccid2s_next;
12550 diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
12551 index ab41c18..b51ee15 100644
12552 --- a/net/decnet/dn_dev.c
12553 +++ b/net/decnet/dn_dev.c
12554 @@ -651,16 +651,18 @@ static int dn_nl_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
12555 struct dn_dev *dn_db;
12556 struct ifaddrmsg *ifm;
12557 struct dn_ifaddr *ifa, **ifap;
12558 - int err = -EADDRNOTAVAIL;
12559 + int err;
12561 err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, dn_ifa_policy);
12562 if (err < 0)
12563 goto errout;
12565 + err = -ENODEV;
12566 ifm = nlmsg_data(nlh);
12567 if ((dn_db = dn_dev_by_index(ifm->ifa_index)) == NULL)
12568 goto errout;
12570 + err = -EADDRNOTAVAIL;
12571 for (ifap = &dn_db->ifa_list; (ifa = *ifap); ifap = &ifa->ifa_next) {
12572 if (tb[IFA_LOCAL] &&
12573 nla_memcmp(tb[IFA_LOCAL], &ifa->ifa_local, 2))
12574 @@ -815,7 +817,7 @@ static int dn_nl_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
12575 for (ifa = dn_db->ifa_list, dn_idx = 0; ifa;
12576 ifa = ifa->ifa_next, dn_idx++) {
12577 if (dn_idx < skip_naddr)
12578 - goto cont;
12579 + continue;
12581 if (dn_nl_fill_ifaddr(skb, ifa, NETLINK_CB(cb->skb).pid,
12582 cb->nlh->nlmsg_seq, RTM_NEWADDR,
12583 diff --git a/net/ieee80211/ieee80211_rx.c b/net/ieee80211/ieee80211_rx.c
12584 index f2de2e4..6284c99 100644
12585 --- a/net/ieee80211/ieee80211_rx.c
12586 +++ b/net/ieee80211/ieee80211_rx.c
12587 @@ -366,6 +366,12 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
12588 frag = WLAN_GET_SEQ_FRAG(sc);
12589 hdrlen = ieee80211_get_hdrlen(fc);
12591 + if (skb->len < hdrlen) {
12592 + printk(KERN_INFO "%s: invalid SKB length %d\n",
12593 + dev->name, skb->len);
12594 + goto rx_dropped;
12595 + }
12596 +
12597 /* Put this code here so that we avoid duplicating it in all
12598 * Rx paths. - Jean II */
12599 #ifdef CONFIG_WIRELESS_EXT
12600 diff --git a/net/ieee80211/softmac/ieee80211softmac_assoc.c b/net/ieee80211/softmac/ieee80211softmac_assoc.c
12601 index cc8110b..afb6c66 100644
12602 --- a/net/ieee80211/softmac/ieee80211softmac_assoc.c
12603 +++ b/net/ieee80211/softmac/ieee80211softmac_assoc.c
12604 @@ -271,8 +271,11 @@ ieee80211softmac_assoc_work(struct work_struct *work)
12605 */
12606 dprintk(KERN_INFO PFX "Associate: Scanning for networks first.\n");
12607 ieee80211softmac_notify(mac->dev, IEEE80211SOFTMAC_EVENT_SCAN_FINISHED, ieee80211softmac_assoc_notify_scan, NULL);
12608 - if (ieee80211softmac_start_scan(mac))
12609 + if (ieee80211softmac_start_scan(mac)) {
12610 dprintk(KERN_INFO PFX "Associate: failed to initiate scan. Is device up?\n");
12611 + mac->associnfo.associating = 0;
12612 + mac->associnfo.associated = 0;
12613 + }
12614 goto out;
12615 } else {
12616 mac->associnfo.associating = 0;
12617 diff --git a/net/ieee80211/softmac/ieee80211softmac_wx.c b/net/ieee80211/softmac/ieee80211softmac_wx.c
12618 index f13937b..d054e92 100644
12619 --- a/net/ieee80211/softmac/ieee80211softmac_wx.c
12620 +++ b/net/ieee80211/softmac/ieee80211softmac_wx.c
12621 @@ -74,8 +74,8 @@ ieee80211softmac_wx_set_essid(struct net_device *net_dev,
12622 struct ieee80211softmac_auth_queue_item *authptr;
12623 int length = 0;
12625 +check_assoc_again:
12626 mutex_lock(&sm->associnfo.mutex);
12627 -
12628 /* Check if we're already associating to this or another network
12629 * If it's another network, cancel and start over with our new network
12630 * If it's our network, ignore the change, we're already doing it!
12631 @@ -98,13 +98,18 @@ ieee80211softmac_wx_set_essid(struct net_device *net_dev,
12632 cancel_delayed_work(&authptr->work);
12633 sm->associnfo.bssvalid = 0;
12634 sm->associnfo.bssfixed = 0;
12635 - flush_scheduled_work();
12636 sm->associnfo.associating = 0;
12637 sm->associnfo.associated = 0;
12638 + /* We must unlock to avoid deadlocks with the assoc workqueue
12639 + * on the associnfo.mutex */
12640 + mutex_unlock(&sm->associnfo.mutex);
12641 + flush_scheduled_work();
12642 + /* Avoid race! Check assoc status again. Maybe someone started an
12643 + * association while we flushed. */
12644 + goto check_assoc_again;
12645 }
12646 }
12648 -
12649 sm->associnfo.static_essid = 0;
12650 sm->associnfo.assoc_wait = 0;
12652 diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
12653 index 041fba3..90b241c 100644
12654 --- a/net/ipv4/af_inet.c
12655 +++ b/net/ipv4/af_inet.c
12656 @@ -831,7 +831,7 @@ const struct proto_ops inet_stream_ops = {
12657 .shutdown = inet_shutdown,
12658 .setsockopt = sock_common_setsockopt,
12659 .getsockopt = sock_common_getsockopt,
12660 - .sendmsg = inet_sendmsg,
12661 + .sendmsg = tcp_sendmsg,
12662 .recvmsg = sock_common_recvmsg,
12663 .mmap = sock_no_mmap,
12664 .sendpage = tcp_sendpage,
12665 diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
12666 index 6da8ff5..c79a24e 100644
12667 --- a/net/ipv4/ah4.c
12668 +++ b/net/ipv4/ah4.c
12669 @@ -46,7 +46,7 @@ static int ip_clear_mutable_options(struct iphdr *iph, __be32 *daddr)
12670 memcpy(daddr, optptr+optlen-4, 4);
12671 /* Fall through */
12672 default:
12673 - memset(optptr+2, 0, optlen-2);
12674 + memset(optptr, 0, optlen);
12675 }
12676 l -= optlen;
12677 optptr += optlen;
12678 diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
12679 index e00767e..84097ee 100644
12680 --- a/net/ipv4/arp.c
12681 +++ b/net/ipv4/arp.c
12682 @@ -110,12 +110,8 @@
12683 #include <net/tcp.h>
12684 #include <net/sock.h>
12685 #include <net/arp.h>
12686 -#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
12687 #include <net/ax25.h>
12688 -#if defined(CONFIG_NETROM) || defined(CONFIG_NETROM_MODULE)
12689 #include <net/netrom.h>
12690 -#endif
12691 -#endif
12692 #if defined(CONFIG_ATM_CLIP) || defined(CONFIG_ATM_CLIP_MODULE)
12693 #include <net/atmclip.h>
12694 struct neigh_table *clip_tbl_hook;
12695 @@ -729,20 +725,10 @@ static int arp_process(struct sk_buff *skb)
12696 htons(dev_type) != arp->ar_hrd)
12697 goto out;
12698 break;
12699 -#ifdef CONFIG_NET_ETHERNET
12700 case ARPHRD_ETHER:
12701 -#endif
12702 -#ifdef CONFIG_TR
12703 case ARPHRD_IEEE802_TR:
12704 -#endif
12705 -#ifdef CONFIG_FDDI
12706 case ARPHRD_FDDI:
12707 -#endif
12708 -#ifdef CONFIG_NET_FC
12709 case ARPHRD_IEEE802:
12710 -#endif
12711 -#if defined(CONFIG_NET_ETHERNET) || defined(CONFIG_TR) || \
12712 - defined(CONFIG_FDDI) || defined(CONFIG_NET_FC)
12713 /*
12714 * ETHERNET, Token Ring and Fibre Channel (which are IEEE 802
12715 * devices, according to RFC 2625) devices will accept ARP
12716 @@ -757,21 +743,16 @@ static int arp_process(struct sk_buff *skb)
12717 arp->ar_pro != htons(ETH_P_IP))
12718 goto out;
12719 break;
12720 -#endif
12721 -#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
12722 case ARPHRD_AX25:
12723 if (arp->ar_pro != htons(AX25_P_IP) ||
12724 arp->ar_hrd != htons(ARPHRD_AX25))
12725 goto out;
12726 break;
12727 -#if defined(CONFIG_NETROM) || defined(CONFIG_NETROM_MODULE)
12728 case ARPHRD_NETROM:
12729 if (arp->ar_pro != htons(AX25_P_IP) ||
12730 arp->ar_hrd != htons(ARPHRD_NETROM))
12731 goto out;
12732 break;
12733 -#endif
12734 -#endif
12735 }
12737 /* Understand only these message types */
12738 diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
12739 index abf6352..9607d78 100644
12740 --- a/net/ipv4/devinet.c
12741 +++ b/net/ipv4/devinet.c
12742 @@ -1030,7 +1030,7 @@ static void inetdev_changename(struct net_device *dev, struct in_device *in_dev)
12743 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
12744 if (named++ == 0)
12745 continue;
12746 - dot = strchr(ifa->ifa_label, ':');
12747 + dot = strchr(old, ':');
12748 if (dot == NULL) {
12749 sprintf(old, ":%d", named);
12750 dot = old;
12751 @@ -1194,7 +1194,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
12752 for (ifa = in_dev->ifa_list, ip_idx = 0; ifa;
12753 ifa = ifa->ifa_next, ip_idx++) {
12754 if (ip_idx < s_ip_idx)
12755 - goto cont;
12756 + continue;
12757 if (inet_fill_ifaddr(skb, ifa, NETLINK_CB(cb->skb).pid,
12758 cb->nlh->nlmsg_seq,
12759 RTM_NEWADDR, NLM_F_MULTI) <= 0)
12760 diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
12761 index dbeacd8..def007e 100644
12762 --- a/net/ipv4/inet_diag.c
12763 +++ b/net/ipv4/inet_diag.c
12764 @@ -836,12 +836,16 @@ static int inet_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
12765 return inet_diag_get_exact(skb, nlh);
12766 }
12768 +static DEFINE_MUTEX(inet_diag_mutex);
12769 +
12770 static void inet_diag_rcv(struct sock *sk, int len)
12771 {
12772 unsigned int qlen = 0;
12774 do {
12775 + mutex_lock(&inet_diag_mutex);
12776 netlink_run_queue(sk, &qlen, &inet_diag_rcv_msg);
12777 + mutex_unlock(&inet_diag_mutex);
12778 } while (qlen);
12779 }
12781 diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
12782 index 6328293..724b612 100644
12783 --- a/net/ipv4/ip_gre.c
12784 +++ b/net/ipv4/ip_gre.c
12785 @@ -613,7 +613,7 @@ static int ipgre_rcv(struct sk_buff *skb)
12786 offset += 4;
12787 }
12789 - skb_reset_mac_header(skb);
12790 + skb->mac_header = skb->network_header;
12791 __pskb_pull(skb, offset);
12792 skb_reset_network_header(skb);
12793 skb_postpull_rcsum(skb, skb_transport_header(skb), offset);
12794 diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
12795 index ab86137..630ebb7 100644
12796 --- a/net/ipv4/ipcomp.c
12797 +++ b/net/ipv4/ipcomp.c
12798 @@ -17,6 +17,7 @@
12799 #include <asm/scatterlist.h>
12800 #include <asm/semaphore.h>
12801 #include <linux/crypto.h>
12802 +#include <linux/err.h>
12803 #include <linux/pfkeyv2.h>
12804 #include <linux/percpu.h>
12805 #include <linux/smp.h>
12806 @@ -355,7 +356,7 @@ static struct crypto_comp **ipcomp_alloc_tfms(const char *alg_name)
12807 for_each_possible_cpu(cpu) {
12808 struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
12809 CRYPTO_ALG_ASYNC);
12810 - if (!tfm)
12811 + if (IS_ERR(tfm))
12812 goto error;
12813 *per_cpu_ptr(tfms, cpu) = tfm;
12814 }
12815 diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
12816 index a42c5cd..361be2b 100644
12817 --- a/net/ipv4/netfilter/ipt_LOG.c
12818 +++ b/net/ipv4/netfilter/ipt_LOG.c
12819 @@ -477,10 +477,8 @@ static int __init ipt_log_init(void)
12820 ret = xt_register_target(&ipt_log_reg);
12821 if (ret < 0)
12822 return ret;
12823 - ret = nf_log_register(PF_INET, &ipt_log_logger);
12824 - if (ret < 0 && ret != -EEXIST)
12825 - xt_unregister_target(&ipt_log_reg);
12826 - return ret;
12827 + nf_log_register(PF_INET, &ipt_log_logger);
12828 + return 0;
12829 }
12831 static void __exit ipt_log_fini(void)
12832 diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
12833 index f4fc657..474b4ce 100644
12834 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
12835 +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
12836 @@ -189,25 +189,13 @@ icmp_error_message(struct sk_buff *skb,
12838 h = nf_conntrack_find_get(&innertuple, NULL);
12839 if (!h) {
12840 - /* Locally generated ICMPs will match inverted if they
12841 - haven't been SNAT'ed yet */
12842 - /* FIXME: NAT code has to handle half-done double NAT --RR */
12843 - if (hooknum == NF_IP_LOCAL_OUT)
12844 - h = nf_conntrack_find_get(&origtuple, NULL);
12845 -
12846 - if (!h) {
12847 - DEBUGP("icmp_error_message: no match\n");
12848 - return -NF_ACCEPT;
12849 - }
12850 -
12851 - /* Reverse direction from that found */
12852 - if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
12853 - *ctinfo += IP_CT_IS_REPLY;
12854 - } else {
12855 - if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
12856 - *ctinfo += IP_CT_IS_REPLY;
12857 + DEBUGP("icmp_error_message: no match\n");
12858 + return -NF_ACCEPT;
12859 }
12861 + if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
12862 + *ctinfo += IP_CT_IS_REPLY;
12863 +
12864 /* Update skb to refer to this connection */
12865 skb->nfct = &nf_ct_tuplehash_to_ctrack(h)->ct_general;
12866 skb->nfctinfo = *ctinfo;
12867 diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
12868 index ea02f00..3b01a5f 100644
12869 --- a/net/ipv4/netfilter/nf_nat_core.c
12870 +++ b/net/ipv4/netfilter/nf_nat_core.c
12871 @@ -633,7 +633,7 @@ static int clean_nat(struct nf_conn *i, void *data)
12873 if (!nat)
12874 return 0;
12875 - memset(nat, 0, sizeof(nat));
12876 + memset(nat, 0, sizeof(*nat));
12877 i->status &= ~(IPS_NAT_MASK | IPS_NAT_DONE_MASK | IPS_SEQ_ADJUST);
12878 return 0;
12879 }
12880 diff --git a/net/ipv4/route.c b/net/ipv4/route.c
12881 index 29ca63e..8f443ed 100644
12882 --- a/net/ipv4/route.c
12883 +++ b/net/ipv4/route.c
12884 @@ -2885,11 +2885,10 @@ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb)
12885 int idx, s_idx;
12887 s_h = cb->args[0];
12888 + if (s_h < 0)
12889 + s_h = 0;
12890 s_idx = idx = cb->args[1];
12891 - for (h = 0; h <= rt_hash_mask; h++) {
12892 - if (h < s_h) continue;
12893 - if (h > s_h)
12894 - s_idx = 0;
12895 + for (h = s_h; h <= rt_hash_mask; h++) {
12896 rcu_read_lock_bh();
12897 for (rt = rcu_dereference(rt_hash_table[h].chain), idx = 0; rt;
12898 rt = rcu_dereference(rt->u.dst.rt_next), idx++) {
12899 @@ -2906,6 +2905,7 @@ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb)
12900 dst_release(xchg(&skb->dst, NULL));
12901 }
12902 rcu_read_unlock_bh();
12903 + s_idx = 0;
12904 }
12906 done:
12907 @@ -3150,18 +3150,14 @@ static int ip_rt_acct_read(char *buffer, char **start, off_t offset,
12908 offset /= sizeof(u32);
12910 if (length > 0) {
12911 - u32 *src = ((u32 *) IP_RT_ACCT_CPU(0)) + offset;
12912 u32 *dst = (u32 *) buffer;
12914 - /* Copy first cpu. */
12915 *start = buffer;
12916 - memcpy(dst, src, length);
12917 + memset(dst, 0, length);
12919 - /* Add the other cpus in, one int at a time */
12920 for_each_possible_cpu(i) {
12921 unsigned int j;
12922 -
12923 - src = ((u32 *) IP_RT_ACCT_CPU(i)) + offset;
12924 + u32 *src = ((u32 *) IP_RT_ACCT_CPU(i)) + offset;
12926 for (j = 0; j < length/4; j++)
12927 dst[j] += src[j];
12928 diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
12929 index 53ef0f4..6ea1306 100644
12930 --- a/net/ipv4/sysctl_net_ipv4.c
12931 +++ b/net/ipv4/sysctl_net_ipv4.c
12932 @@ -121,7 +121,7 @@ static int sysctl_tcp_congestion_control(ctl_table *table, int __user *name,
12934 tcp_get_default_congestion_control(val);
12935 ret = sysctl_string(&tbl, name, nlen, oldval, oldlenp, newval, newlen);
12936 - if (ret == 0 && newval && newlen)
12937 + if (ret == 1 && newval && newlen)
12938 ret = tcp_set_default_congestion_control(val);
12939 return ret;
12940 }
12941 diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
12942 index 450f44b..11ff182 100644
12943 --- a/net/ipv4/tcp.c
12944 +++ b/net/ipv4/tcp.c
12945 @@ -658,9 +658,10 @@ static inline int select_size(struct sock *sk)
12946 return tmp;
12947 }
12949 -int tcp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
12950 +int tcp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
12951 size_t size)
12952 {
12953 + struct sock *sk = sock->sk;
12954 struct iovec *iov;
12955 struct tcp_sock *tp = tcp_sk(sk);
12956 struct sk_buff *skb;
12957 diff --git a/net/ipv4/tcp_illinois.c b/net/ipv4/tcp_illinois.c
12958 index b2b2256..31dd8c5 100644
12959 --- a/net/ipv4/tcp_illinois.c
12960 +++ b/net/ipv4/tcp_illinois.c
12961 @@ -300,7 +300,7 @@ static u32 tcp_illinois_ssthresh(struct sock *sk)
12962 struct illinois *ca = inet_csk_ca(sk);
12964 /* Multiplicative decrease */
12965 - return max((tp->snd_cwnd * ca->beta) >> BETA_SHIFT, 2U);
12966 + return max(tp->snd_cwnd - ((tp->snd_cwnd * ca->beta) >> BETA_SHIFT), 2U);
12967 }
12970 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
12971 index 69f9f1e..2e1d8e7 100644
12972 --- a/net/ipv4/tcp_input.c
12973 +++ b/net/ipv4/tcp_input.c
12974 @@ -102,11 +102,14 @@ int sysctl_tcp_abc __read_mostly;
12975 #define FLAG_DATA_LOST 0x80 /* SACK detected data lossage. */
12976 #define FLAG_SLOWPATH 0x100 /* Do not skip RFC checks for window update.*/
12977 #define FLAG_ONLY_ORIG_SACKED 0x200 /* SACKs only non-rexmit sent before RTO */
12978 +#define FLAG_SND_UNA_ADVANCED 0x400 /* Snd_una was changed (!= FLAG_DATA_ACKED) */
12979 +#define FLAG_DSACKING_ACK 0x800 /* SACK blocks contained DSACK info */
12981 #define FLAG_ACKED (FLAG_DATA_ACKED|FLAG_SYN_ACKED)
12982 #define FLAG_NOT_DUP (FLAG_DATA|FLAG_WIN_UPDATE|FLAG_ACKED)
12983 #define FLAG_CA_ALERT (FLAG_DATA_SACKED|FLAG_ECE)
12984 #define FLAG_FORWARD_PROGRESS (FLAG_ACKED|FLAG_DATA_SACKED)
12985 +#define FLAG_ANY_PROGRESS (FLAG_FORWARD_PROGRESS|FLAG_SND_UNA_ADVANCED)
12987 #define IsReno(tp) ((tp)->rx_opt.sack_ok == 0)
12988 #define IsFack(tp) ((tp)->rx_opt.sack_ok & 2)
12989 @@ -964,12 +967,14 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
12991 /* Check for D-SACK. */
12992 if (before(ntohl(sp[0].start_seq), TCP_SKB_CB(ack_skb)->ack_seq)) {
12993 + flag |= FLAG_DSACKING_ACK;
12994 found_dup_sack = 1;
12995 tp->rx_opt.sack_ok |= 4;
12996 NET_INC_STATS_BH(LINUX_MIB_TCPDSACKRECV);
12997 } else if (num_sacks > 1 &&
12998 !after(ntohl(sp[0].end_seq), ntohl(sp[1].end_seq)) &&
12999 !before(ntohl(sp[0].start_seq), ntohl(sp[1].start_seq))) {
13000 + flag |= FLAG_DSACKING_ACK;
13001 found_dup_sack = 1;
13002 tp->rx_opt.sack_ok |= 4;
13003 NET_INC_STATS_BH(LINUX_MIB_TCPDSACKOFORECV);
13004 @@ -989,6 +994,9 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
13005 if (before(TCP_SKB_CB(ack_skb)->ack_seq, prior_snd_una - tp->max_window))
13006 return 0;
13008 + if (!tp->packets_out)
13009 + goto out;
13010 +
13011 /* SACK fastpath:
13012 * if the only SACK change is the increase of the end_seq of
13013 * the first block then only apply that SACK block
13014 @@ -1257,6 +1265,8 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
13015 (!tp->frto_highmark || after(tp->snd_una, tp->frto_highmark)))
13016 tcp_update_reordering(sk, ((tp->fackets_out + 1) - reord), 0);
13018 +out:
13019 +
13020 #if FASTRETRANS_DEBUG > 0
13021 BUG_TRAP((int)tp->sacked_out >= 0);
13022 BUG_TRAP((int)tp->lost_out >= 0);
13023 @@ -1398,7 +1408,9 @@ static void tcp_enter_frto_loss(struct sock *sk, int allowed_segments, int flag)
13024 * waiting for the first ACK and did not get it)...
13025 */
13026 if ((tp->frto_counter == 1) && !(flag&FLAG_DATA_ACKED)) {
13027 - tp->retrans_out += tcp_skb_pcount(skb);
13028 + /* For some reason this R-bit might get cleared? */
13029 + if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS)
13030 + tp->retrans_out += tcp_skb_pcount(skb);
13031 /* ...enter this if branch just for the first segment */
13032 flag |= FLAG_DATA_ACKED;
13033 } else {
13034 @@ -1849,19 +1861,22 @@ static inline u32 tcp_cwnd_min(const struct sock *sk)
13035 }
13037 /* Decrease cwnd each second ack. */
13038 -static void tcp_cwnd_down(struct sock *sk)
13039 +static void tcp_cwnd_down(struct sock *sk, int flag)
13040 {
13041 struct tcp_sock *tp = tcp_sk(sk);
13042 int decr = tp->snd_cwnd_cnt + 1;
13044 - tp->snd_cwnd_cnt = decr&1;
13045 - decr >>= 1;
13046 + if ((flag&(FLAG_ANY_PROGRESS|FLAG_DSACKING_ACK)) ||
13047 + (IsReno(tp) && !(flag&FLAG_NOT_DUP))) {
13048 + tp->snd_cwnd_cnt = decr&1;
13049 + decr >>= 1;
13051 - if (decr && tp->snd_cwnd > tcp_cwnd_min(sk))
13052 - tp->snd_cwnd -= decr;
13053 + if (decr && tp->snd_cwnd > tcp_cwnd_min(sk))
13054 + tp->snd_cwnd -= decr;
13056 - tp->snd_cwnd = min(tp->snd_cwnd, tcp_packets_in_flight(tp)+1);
13057 - tp->snd_cwnd_stamp = tcp_time_stamp;
13058 + tp->snd_cwnd = min(tp->snd_cwnd, tcp_packets_in_flight(tp)+1);
13059 + tp->snd_cwnd_stamp = tcp_time_stamp;
13060 + }
13061 }
13063 /* Nothing was retransmitted or returned timestamp is less
13064 @@ -2058,7 +2073,7 @@ static void tcp_try_to_open(struct sock *sk, int flag)
13065 }
13066 tcp_moderate_cwnd(tp);
13067 } else {
13068 - tcp_cwnd_down(sk);
13069 + tcp_cwnd_down(sk, flag);
13070 }
13071 }
13073 @@ -2107,7 +2122,9 @@ tcp_fastretrans_alert(struct sock *sk, u32 prior_snd_una,
13074 {
13075 struct inet_connection_sock *icsk = inet_csk(sk);
13076 struct tcp_sock *tp = tcp_sk(sk);
13077 - int is_dupack = (tp->snd_una == prior_snd_una && !(flag&FLAG_NOT_DUP));
13078 + int is_dupack = !(flag&(FLAG_SND_UNA_ADVANCED|FLAG_NOT_DUP));
13079 + int do_lost = is_dupack || ((flag&FLAG_DATA_SACKED) &&
13080 + (tp->fackets_out > tp->reordering));
13082 /* Some technical things:
13083 * 1. Reno does not count dupacks (sacked_out) automatically. */
13084 @@ -2191,7 +2208,7 @@ tcp_fastretrans_alert(struct sock *sk, u32 prior_snd_una,
13085 int acked = prior_packets - tp->packets_out;
13086 if (IsReno(tp))
13087 tcp_remove_reno_sacks(sk, acked);
13088 - is_dupack = tcp_try_undo_partial(sk, acked);
13089 + do_lost = tcp_try_undo_partial(sk, acked);
13090 }
13091 break;
13092 case TCP_CA_Loss:
13093 @@ -2256,9 +2273,9 @@ tcp_fastretrans_alert(struct sock *sk, u32 prior_snd_una,
13094 tcp_set_ca_state(sk, TCP_CA_Recovery);
13095 }
13097 - if (is_dupack || tcp_head_timedout(sk))
13098 + if (do_lost || tcp_head_timedout(sk))
13099 tcp_update_scoreboard(sk);
13100 - tcp_cwnd_down(sk);
13101 + tcp_cwnd_down(sk, flag);
13102 tcp_xmit_retransmit_queue(sk);
13103 }
13105 @@ -2391,6 +2408,9 @@ static int tcp_tso_acked(struct sock *sk, struct sk_buff *skb,
13106 __u32 dval = min(tp->fackets_out, packets_acked);
13107 tp->fackets_out -= dval;
13108 }
13109 + /* hint's skb might be NULL but we don't need to care */
13110 + tp->fastpath_cnt_hint -= min_t(u32, packets_acked,
13111 + tp->fastpath_cnt_hint);
13112 tp->packets_out -= packets_acked;
13114 BUG_ON(tcp_skb_pcount(skb) == 0);
13115 @@ -2766,6 +2786,9 @@ static int tcp_ack(struct sock *sk, struct sk_buff *skb, int flag)
13116 if (before(ack, prior_snd_una))
13117 goto old_ack;
13119 + if (after(ack, prior_snd_una))
13120 + flag |= FLAG_SND_UNA_ADVANCED;
13121 +
13122 if (sysctl_tcp_abc) {
13123 if (icsk->icsk_ca_state < TCP_CA_CWR)
13124 tp->bytes_acked += ack - prior_snd_una;
13125 diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
13126 index 354721d..11f711b 100644
13127 --- a/net/ipv4/tcp_ipv4.c
13128 +++ b/net/ipv4/tcp_ipv4.c
13129 @@ -833,8 +833,7 @@ static struct tcp_md5sig_key *
13130 return NULL;
13131 for (i = 0; i < tp->md5sig_info->entries4; i++) {
13132 if (tp->md5sig_info->keys4[i].addr == addr)
13133 - return (struct tcp_md5sig_key *)
13134 - &tp->md5sig_info->keys4[i];
13135 + return &tp->md5sig_info->keys4[i].base;
13136 }
13137 return NULL;
13138 }
13139 @@ -865,9 +864,9 @@ int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
13140 key = (struct tcp4_md5sig_key *)tcp_v4_md5_do_lookup(sk, addr);
13141 if (key) {
13142 /* Pre-existing entry - just update that one. */
13143 - kfree(key->key);
13144 - key->key = newkey;
13145 - key->keylen = newkeylen;
13146 + kfree(key->base.key);
13147 + key->base.key = newkey;
13148 + key->base.keylen = newkeylen;
13149 } else {
13150 struct tcp_md5sig_info *md5sig;
13152 @@ -906,9 +905,9 @@ int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
13153 md5sig->alloced4++;
13154 }
13155 md5sig->entries4++;
13156 - md5sig->keys4[md5sig->entries4 - 1].addr = addr;
13157 - md5sig->keys4[md5sig->entries4 - 1].key = newkey;
13158 - md5sig->keys4[md5sig->entries4 - 1].keylen = newkeylen;
13159 + md5sig->keys4[md5sig->entries4 - 1].addr = addr;
13160 + md5sig->keys4[md5sig->entries4 - 1].base.key = newkey;
13161 + md5sig->keys4[md5sig->entries4 - 1].base.keylen = newkeylen;
13162 }
13163 return 0;
13164 }
13165 @@ -930,7 +929,7 @@ int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
13166 for (i = 0; i < tp->md5sig_info->entries4; i++) {
13167 if (tp->md5sig_info->keys4[i].addr == addr) {
13168 /* Free the key */
13169 - kfree(tp->md5sig_info->keys4[i].key);
13170 + kfree(tp->md5sig_info->keys4[i].base.key);
13171 tp->md5sig_info->entries4--;
13173 if (tp->md5sig_info->entries4 == 0) {
13174 @@ -964,7 +963,7 @@ static void tcp_v4_clear_md5_list(struct sock *sk)
13175 if (tp->md5sig_info->entries4) {
13176 int i;
13177 for (i = 0; i < tp->md5sig_info->entries4; i++)
13178 - kfree(tp->md5sig_info->keys4[i].key);
13179 + kfree(tp->md5sig_info->keys4[i].base.key);
13180 tp->md5sig_info->entries4 = 0;
13181 tcp_free_md5sig_pool();
13182 }
13183 @@ -2434,7 +2433,6 @@ struct proto tcp_prot = {
13184 .shutdown = tcp_shutdown,
13185 .setsockopt = tcp_setsockopt,
13186 .getsockopt = tcp_getsockopt,
13187 - .sendmsg = tcp_sendmsg,
13188 .recvmsg = tcp_recvmsg,
13189 .backlog_rcv = tcp_v4_do_rcv,
13190 .hash = tcp_v4_hash,
13191 diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
13192 index 53232dd..de6e5df 100644
13193 --- a/net/ipv4/tcp_output.c
13194 +++ b/net/ipv4/tcp_output.c
13195 @@ -246,7 +246,7 @@ static u16 tcp_select_window(struct sock *sk)
13196 *
13197 * Relax Will Robinson.
13198 */
13199 - new_win = cur_win;
13200 + new_win = ALIGN(cur_win, 1 << tp->rx_opt.rcv_wscale);
13201 }
13202 tp->rcv_wnd = new_win;
13203 tp->rcv_wup = tp->rcv_nxt;
13204 @@ -1279,7 +1279,6 @@ static int tcp_mtu_probe(struct sock *sk)
13206 skb = tcp_send_head(sk);
13207 tcp_insert_write_queue_before(nskb, skb, sk);
13208 - tcp_advance_send_head(sk, skb);
13210 TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(skb)->seq;
13211 TCP_SKB_CB(nskb)->end_seq = TCP_SKB_CB(skb)->seq + probe_size;
13212 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
13213 index f96ed76..6d614c0 100644
13214 --- a/net/ipv6/addrconf.c
13215 +++ b/net/ipv6/addrconf.c
13216 @@ -73,6 +73,7 @@
13217 #include <net/tcp.h>
13218 #include <net/ip.h>
13219 #include <net/netlink.h>
13220 +#include <net/pkt_sched.h>
13221 #include <linux/if_tunnel.h>
13222 #include <linux/rtnetlink.h>
13224 @@ -212,6 +213,12 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
13225 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
13226 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
13228 +/* Check if a valid qdisc is available */
13229 +static inline int addrconf_qdisc_ok(struct net_device *dev)
13230 +{
13231 + return (dev->qdisc != &noop_qdisc);
13232 +}
13233 +
13234 static void addrconf_del_timer(struct inet6_ifaddr *ifp)
13235 {
13236 if (del_timer(&ifp->timer))
13237 @@ -376,7 +383,7 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
13238 }
13239 #endif
13241 - if (netif_running(dev) && netif_carrier_ok(dev))
13242 + if (netif_running(dev) && addrconf_qdisc_ok(dev))
13243 ndev->if_flags |= IF_READY;
13245 ipv6_mc_init_dev(ndev);
13246 @@ -1021,7 +1028,7 @@ int ipv6_dev_get_saddr(struct net_device *daddr_dev,
13247 hiscore.rule++;
13248 }
13249 if (ipv6_saddr_preferred(score.addr_type) ||
13250 - (((ifa_result->flags &
13251 + (((ifa->flags &
13252 (IFA_F_DEPRECATED|IFA_F_OPTIMISTIC)) == 0))) {
13253 score.attrs |= IPV6_SADDR_SCORE_PREFERRED;
13254 if (!(hiscore.attrs & IPV6_SADDR_SCORE_PREFERRED)) {
13255 @@ -2269,7 +2276,7 @@ static int addrconf_notify(struct notifier_block *this, unsigned long event,
13256 case NETDEV_UP:
13257 case NETDEV_CHANGE:
13258 if (event == NETDEV_UP) {
13259 - if (!netif_carrier_ok(dev)) {
13260 + if (!addrconf_qdisc_ok(dev)) {
13261 /* device is not ready yet. */
13262 printk(KERN_INFO
13263 "ADDRCONF(NETDEV_UP): %s: "
13264 @@ -2278,10 +2285,13 @@ static int addrconf_notify(struct notifier_block *this, unsigned long event,
13265 break;
13266 }
13268 + if (!idev && dev->mtu >= IPV6_MIN_MTU)
13269 + idev = ipv6_add_dev(dev);
13270 +
13271 if (idev)
13272 idev->if_flags |= IF_READY;
13273 } else {
13274 - if (!netif_carrier_ok(dev)) {
13275 + if (!addrconf_qdisc_ok(dev)) {
13276 /* device is still not ready. */
13277 break;
13278 }
13279 @@ -2342,12 +2352,18 @@ static int addrconf_notify(struct notifier_block *this, unsigned long event,
13280 break;
13282 case NETDEV_CHANGEMTU:
13283 - if ( idev && dev->mtu >= IPV6_MIN_MTU) {
13284 + if (idev && dev->mtu >= IPV6_MIN_MTU) {
13285 rt6_mtu_change(dev, dev->mtu);
13286 idev->cnf.mtu6 = dev->mtu;
13287 break;
13288 }
13290 + if (!idev && dev->mtu >= IPV6_MIN_MTU) {
13291 + idev = ipv6_add_dev(dev);
13292 + if (idev)
13293 + break;
13294 + }
13295 +
13296 /* MTU falled under IPV6_MIN_MTU. Stop IPv6 on this interface. */
13298 case NETDEV_DOWN:
13299 @@ -2472,6 +2488,7 @@ static int addrconf_ifdown(struct net_device *dev, int how)
13300 write_unlock_bh(&idev->lock);
13302 __ipv6_ifa_notify(RTM_DELADDR, ifa);
13303 + atomic_notifier_call_chain(&inet6addr_chain, NETDEV_DOWN, ifa);
13304 in6_ifa_put(ifa);
13306 write_lock_bh(&idev->lock);
13307 diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
13308 index 6dd3772..b1a7755 100644
13309 --- a/net/ipv6/af_inet6.c
13310 +++ b/net/ipv6/af_inet6.c
13311 @@ -487,7 +487,7 @@ const struct proto_ops inet6_stream_ops = {
13312 .shutdown = inet_shutdown, /* ok */
13313 .setsockopt = sock_common_setsockopt, /* ok */
13314 .getsockopt = sock_common_getsockopt, /* ok */
13315 - .sendmsg = inet_sendmsg, /* ok */
13316 + .sendmsg = tcp_sendmsg, /* ok */
13317 .recvmsg = sock_common_recvmsg, /* ok */
13318 .mmap = sock_no_mmap,
13319 .sendpage = tcp_sendpage,
13320 diff --git a/net/ipv6/anycast.c b/net/ipv6/anycast.c
13321 index 9b81264..2f49578 100644
13322 --- a/net/ipv6/anycast.c
13323 +++ b/net/ipv6/anycast.c
13324 @@ -66,6 +66,7 @@ ip6_onlink(struct in6_addr *addr, struct net_device *dev)
13325 break;
13326 }
13327 read_unlock_bh(&idev->lock);
13328 + in6_dev_put(idev);
13329 }
13330 rcu_read_unlock();
13331 return onlink;
13332 diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
13333 index e9bcce9..c956037 100644
13334 --- a/net/ipv6/icmp.c
13335 +++ b/net/ipv6/icmp.c
13336 @@ -604,7 +604,7 @@ static void icmpv6_notify(struct sk_buff *skb, int type, int code, __be32 info)
13338 read_lock(&raw_v6_lock);
13339 if ((sk = sk_head(&raw_v6_htable[hash])) != NULL) {
13340 - while((sk = __raw_v6_lookup(sk, nexthdr, daddr, saddr,
13341 + while ((sk = __raw_v6_lookup(sk, nexthdr, saddr, daddr,
13342 IP6CB(skb)->iif))) {
13343 rawv6_err(sk, skb, NULL, type, code, inner_offset, info);
13344 sk = sk_next(sk);
13345 diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
13346 index 4704b5f..4233a95 100644
13347 --- a/net/ipv6/ip6_output.c
13348 +++ b/net/ipv6/ip6_output.c
13349 @@ -790,7 +790,7 @@ slow_path:
13350 /*
13351 * Copy a block of the IP datagram.
13352 */
13353 - if (skb_copy_bits(skb, ptr, skb_transport_header(skb), len))
13354 + if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len))
13355 BUG();
13356 left -= len;
13358 @@ -1423,8 +1423,9 @@ void ip6_flush_pending_frames(struct sock *sk)
13359 struct sk_buff *skb;
13361 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) {
13362 - IP6_INC_STATS(ip6_dst_idev(skb->dst),
13363 - IPSTATS_MIB_OUTDISCARDS);
13364 + if (skb->dst)
13365 + IP6_INC_STATS(ip6_dst_idev(skb->dst),
13366 + IPSTATS_MIB_OUTDISCARDS);
13367 kfree_skb(skb);
13368 }
13370 diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
13371 index a0902fb..31f9252 100644
13372 --- a/net/ipv6/ip6_tunnel.c
13373 +++ b/net/ipv6/ip6_tunnel.c
13374 @@ -962,8 +962,8 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
13375 dsfield = ipv4_get_dsfield(iph);
13377 if ((t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS))
13378 - fl.fl6_flowlabel |= ntohl(((__u32)iph->tos << IPV6_TCLASS_SHIFT)
13379 - & IPV6_TCLASS_MASK);
13380 + fl.fl6_flowlabel |= htonl((__u32)iph->tos << IPV6_TCLASS_SHIFT)
13381 + & IPV6_TCLASS_MASK;
13383 err = ip6_tnl_xmit2(skb, dev, dsfield, &fl, encap_limit, &mtu);
13384 if (err != 0) {
13385 diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c
13386 index 1ee50b5..3680f64 100644
13387 --- a/net/ipv6/ipcomp6.c
13388 +++ b/net/ipv6/ipcomp6.c
13389 @@ -37,6 +37,7 @@
13390 #include <asm/scatterlist.h>
13391 #include <asm/semaphore.h>
13392 #include <linux/crypto.h>
13393 +#include <linux/err.h>
13394 #include <linux/pfkeyv2.h>
13395 #include <linux/random.h>
13396 #include <linux/percpu.h>
13397 @@ -366,7 +367,7 @@ static struct crypto_comp **ipcomp6_alloc_tfms(const char *alg_name)
13398 for_each_possible_cpu(cpu) {
13399 struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
13400 CRYPTO_ALG_ASYNC);
13401 - if (!tfm)
13402 + if (IS_ERR(tfm))
13403 goto error;
13404 *per_cpu_ptr(tfms, cpu) = tfm;
13405 }
13406 diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
13407 index aa3d07c..f329029 100644
13408 --- a/net/ipv6/ipv6_sockglue.c
13409 +++ b/net/ipv6/ipv6_sockglue.c
13410 @@ -825,7 +825,7 @@ static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt,
13411 return 0;
13413 len = min_t(unsigned int, len, ipv6_optlen(hdr));
13414 - if (copy_to_user(optval, hdr, len));
13415 + if (copy_to_user(optval, hdr, len))
13416 return -EFAULT;
13417 return ipv6_optlen(hdr);
13418 }
13419 diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
13420 index 0358e60..5b59665 100644
13421 --- a/net/ipv6/ndisc.c
13422 +++ b/net/ipv6/ndisc.c
13423 @@ -736,7 +736,7 @@ static void ndisc_recv_ns(struct sk_buff *skb)
13424 * so fail our DAD process
13425 */
13426 addrconf_dad_failure(ifp);
13427 - goto out;
13428 + return;
13429 } else {
13430 /*
13431 * This is not a dad solicitation.
13432 @@ -1268,9 +1268,10 @@ static void ndisc_redirect_rcv(struct sk_buff *skb)
13434 if (ipv6_addr_equal(dest, target)) {
13435 on_link = 1;
13436 - } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
13437 + } else if (ipv6_addr_type(target) !=
13438 + (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
13439 ND_PRINTK2(KERN_WARNING
13440 - "ICMPv6 Redirect: target address is not link-local.\n");
13441 + "ICMPv6 Redirect: target address is not link-local unicast.\n");
13442 return;
13443 }
13445 @@ -1344,9 +1345,9 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
13446 }
13448 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
13449 - !(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
13450 + ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
13451 ND_PRINTK2(KERN_WARNING
13452 - "ICMPv6 Redirect: target address is not link-local.\n");
13453 + "ICMPv6 Redirect: target address is not link-local unicast.\n");
13454 return;
13455 }
13457 diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
13458 index 5bb9cd3..a7a2517 100644
13459 --- a/net/ipv6/netfilter/ip6t_LOG.c
13460 +++ b/net/ipv6/netfilter/ip6t_LOG.c
13461 @@ -490,10 +490,8 @@ static int __init ip6t_log_init(void)
13462 ret = xt_register_target(&ip6t_log_reg);
13463 if (ret < 0)
13464 return ret;
13465 - ret = nf_log_register(PF_INET6, &ip6t_logger);
13466 - if (ret < 0 && ret != -EEXIST)
13467 - xt_unregister_target(&ip6t_log_reg);
13468 - return ret;
13469 + nf_log_register(PF_INET6, &ip6t_logger);
13470 + return 0;
13471 }
13473 static void __exit ip6t_log_fini(void)
13474 diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
13475 index a58459a..fc5cb83 100644
13476 --- a/net/ipv6/raw.c
13477 +++ b/net/ipv6/raw.c
13478 @@ -858,11 +858,10 @@ back_from_confirm:
13479 ip6_flush_pending_frames(sk);
13480 else if (!(msg->msg_flags & MSG_MORE))
13481 err = rawv6_push_pending_frames(sk, &fl, rp);
13482 + release_sock(sk);
13483 }
13484 done:
13485 dst_release(dst);
13486 - if (!inet->hdrincl)
13487 - release_sock(sk);
13488 out:
13489 fl6_sock_release(flowlabel);
13490 return err<0?err:len;
13491 diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
13492 index 193d9d6..2e8c317 100644
13493 --- a/net/ipv6/tcp_ipv6.c
13494 +++ b/net/ipv6/tcp_ipv6.c
13495 @@ -551,7 +551,7 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
13497 for (i = 0; i < tp->md5sig_info->entries6; i++) {
13498 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, addr) == 0)
13499 - return (struct tcp_md5sig_key *)&tp->md5sig_info->keys6[i];
13500 + return &tp->md5sig_info->keys6[i].base;
13501 }
13502 return NULL;
13503 }
13504 @@ -579,9 +579,9 @@ static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
13505 key = (struct tcp6_md5sig_key*) tcp_v6_md5_do_lookup(sk, peer);
13506 if (key) {
13507 /* modify existing entry - just update that one */
13508 - kfree(key->key);
13509 - key->key = newkey;
13510 - key->keylen = newkeylen;
13511 + kfree(key->base.key);
13512 + key->base.key = newkey;
13513 + key->base.keylen = newkeylen;
13514 } else {
13515 /* reallocate new list if current one is full. */
13516 if (!tp->md5sig_info) {
13517 @@ -615,8 +615,8 @@ static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
13519 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
13520 peer);
13521 - tp->md5sig_info->keys6[tp->md5sig_info->entries6].key = newkey;
13522 - tp->md5sig_info->keys6[tp->md5sig_info->entries6].keylen = newkeylen;
13523 + tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
13524 + tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
13526 tp->md5sig_info->entries6++;
13527 }
13528 @@ -638,12 +638,13 @@ static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
13529 for (i = 0; i < tp->md5sig_info->entries6; i++) {
13530 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, peer) == 0) {
13531 /* Free the key */
13532 - kfree(tp->md5sig_info->keys6[i].key);
13533 + kfree(tp->md5sig_info->keys6[i].base.key);
13534 tp->md5sig_info->entries6--;
13536 if (tp->md5sig_info->entries6 == 0) {
13537 kfree(tp->md5sig_info->keys6);
13538 tp->md5sig_info->keys6 = NULL;
13539 + tp->md5sig_info->alloced6 = 0;
13541 tcp_free_md5sig_pool();
13543 @@ -668,7 +669,7 @@ static void tcp_v6_clear_md5_list (struct sock *sk)
13545 if (tp->md5sig_info->entries6) {
13546 for (i = 0; i < tp->md5sig_info->entries6; i++)
13547 - kfree(tp->md5sig_info->keys6[i].key);
13548 + kfree(tp->md5sig_info->keys6[i].base.key);
13549 tp->md5sig_info->entries6 = 0;
13550 tcp_free_md5sig_pool();
13551 }
13552 @@ -679,7 +680,7 @@ static void tcp_v6_clear_md5_list (struct sock *sk)
13554 if (tp->md5sig_info->entries4) {
13555 for (i = 0; i < tp->md5sig_info->entries4; i++)
13556 - kfree(tp->md5sig_info->keys4[i].key);
13557 + kfree(tp->md5sig_info->keys4[i].base.key);
13558 tp->md5sig_info->entries4 = 0;
13559 tcp_free_md5sig_pool();
13560 }
13561 @@ -2134,7 +2135,6 @@ struct proto tcpv6_prot = {
13562 .shutdown = tcp_shutdown,
13563 .setsockopt = tcp_setsockopt,
13564 .getsockopt = tcp_getsockopt,
13565 - .sendmsg = tcp_sendmsg,
13566 .recvmsg = tcp_recvmsg,
13567 .backlog_rcv = tcp_v6_do_rcv,
13568 .hash = tcp_v6_hash,
13569 diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
13570 index dcd7e32..73708b5 100644
13571 --- a/net/irda/af_irda.c
13572 +++ b/net/irda/af_irda.c
13573 @@ -1115,8 +1115,6 @@ static int irda_create(struct socket *sock, int protocol)
13574 self->max_sdu_size_rx = TTP_SAR_UNBOUND;
13575 break;
13576 default:
13577 - IRDA_ERROR("%s: protocol not supported!\n",
13578 - __FUNCTION__);
13579 return -ESOCKTNOSUPPORT;
13580 }
13581 break;
13582 diff --git a/net/key/af_key.c b/net/key/af_key.c
13583 index 0f8304b..0be3be2 100644
13584 --- a/net/key/af_key.c
13585 +++ b/net/key/af_key.c
13586 @@ -1543,7 +1543,7 @@ static int pfkey_get(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr,
13588 out_hdr = (struct sadb_msg *) out_skb->data;
13589 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
13590 - out_hdr->sadb_msg_type = SADB_DUMP;
13591 + out_hdr->sadb_msg_type = SADB_GET;
13592 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
13593 out_hdr->sadb_msg_errno = 0;
13594 out_hdr->sadb_msg_reserved = 0;
13595 @@ -2777,12 +2777,22 @@ static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp)
13597 static inline int aalg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
13598 {
13599 - return t->aalgos & (1 << d->desc.sadb_alg_id);
13600 + unsigned int id = d->desc.sadb_alg_id;
13601 +
13602 + if (id >= sizeof(t->aalgos) * 8)
13603 + return 0;
13604 +
13605 + return (t->aalgos >> id) & 1;
13606 }
13608 static inline int ealg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
13609 {
13610 - return t->ealgos & (1 << d->desc.sadb_alg_id);
13611 + unsigned int id = d->desc.sadb_alg_id;
13612 +
13613 + if (id >= sizeof(t->ealgos) * 8)
13614 + return 0;
13615 +
13616 + return (t->ealgos >> id) & 1;
13617 }
13619 static int count_ah_combs(struct xfrm_tmpl *t)
13620 diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c
13621 index 4e84f24..b9f2507 100644
13622 --- a/net/mac80211/ieee80211.c
13623 +++ b/net/mac80211/ieee80211.c
13624 @@ -24,6 +24,7 @@
13625 #include <linux/compiler.h>
13626 #include <linux/bitmap.h>
13627 #include <net/cfg80211.h>
13628 +#include <asm/unaligned.h>
13630 #include "ieee80211_common.h"
13631 #include "ieee80211_i.h"
13632 @@ -338,7 +339,7 @@ static int ieee80211_get_radiotap_len(struct sk_buff *skb)
13633 struct ieee80211_radiotap_header *hdr =
13634 (struct ieee80211_radiotap_header *) skb->data;
13636 - return le16_to_cpu(hdr->it_len);
13637 + return le16_to_cpu(get_unaligned(&hdr->it_len));
13638 }
13640 #ifdef CONFIG_MAC80211_LOWTX_FRAME_DUMP
13641 @@ -2615,9 +2616,10 @@ ieee80211_rx_h_data(struct ieee80211_txrx_data *rx)
13642 memcpy(dst, hdr->addr1, ETH_ALEN);
13643 memcpy(src, hdr->addr3, ETH_ALEN);
13645 - if (sdata->type != IEEE80211_IF_TYPE_STA) {
13646 + if (sdata->type != IEEE80211_IF_TYPE_STA ||
13647 + (is_multicast_ether_addr(dst) &&
13648 + !compare_ether_addr(src, dev->dev_addr)))
13649 return TXRX_DROP;
13650 - }
13651 break;
13652 case 0:
13653 /* DA SA BSSID */
13654 diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
13655 index 0d3254b..6e41ba5 100644
13656 --- a/net/netfilter/nf_conntrack_proto_sctp.c
13657 +++ b/net/netfilter/nf_conntrack_proto_sctp.c
13658 @@ -460,7 +460,8 @@ static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb,
13659 SCTP_CONNTRACK_NONE, sch->type);
13661 /* Invalid: delete conntrack */
13662 - if (newconntrack == SCTP_CONNTRACK_MAX) {
13663 + if (newconntrack == SCTP_CONNTRACK_NONE ||
13664 + newconntrack == SCTP_CONNTRACK_MAX) {
13665 DEBUGP("nf_conntrack_sctp: invalid new deleting.\n");
13666 return 0;
13667 }
13668 diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
13669 index ccdd5d2..baff1f4 100644
13670 --- a/net/netfilter/nf_conntrack_proto_tcp.c
13671 +++ b/net/netfilter/nf_conntrack_proto_tcp.c
13672 @@ -143,7 +143,7 @@ enum tcp_bit_set {
13673 * CLOSE_WAIT: ACK seen (after FIN)
13674 * LAST_ACK: FIN seen (after FIN)
13675 * TIME_WAIT: last ACK seen
13676 - * CLOSE: closed connection
13677 + * CLOSE: closed connection (RST)
13678 *
13679 * LISTEN state is not used.
13680 *
13681 @@ -839,19 +839,55 @@ static int tcp_packet(struct nf_conn *conntrack,
13682 new_state = tcp_conntracks[dir][index][old_state];
13684 switch (new_state) {
13685 + case TCP_CONNTRACK_SYN_SENT:
13686 + if (old_state < TCP_CONNTRACK_TIME_WAIT)
13687 + break;
13688 + /* RFC 1122: "When a connection is closed actively,
13689 + * it MUST linger in TIME-WAIT state for a time 2xMSL
13690 + * (Maximum Segment Lifetime). However, it MAY accept
13691 + * a new SYN from the remote TCP to reopen the connection
13692 + * directly from TIME-WAIT state, if..."
13693 + * We ignore the conditions because we are in the
13694 + * TIME-WAIT state anyway.
13695 + *
13696 + * Handle aborted connections: we and the server
13697 + * think there is an existing connection but the client
13698 + * aborts it and starts a new one.
13699 + */
13700 + if (((conntrack->proto.tcp.seen[dir].flags
13701 + | conntrack->proto.tcp.seen[!dir].flags)
13702 + & IP_CT_TCP_FLAG_CLOSE_INIT)
13703 + || (conntrack->proto.tcp.last_dir == dir
13704 + && conntrack->proto.tcp.last_index == TCP_RST_SET)) {
13705 + /* Attempt to reopen a closed/aborted connection.
13706 + * Delete this connection and look up again. */
13707 + write_unlock_bh(&tcp_lock);
13708 + if (del_timer(&conntrack->timeout))
13709 + conntrack->timeout.function((unsigned long)
13710 + conntrack);
13711 + return -NF_REPEAT;
13712 + }
13713 + /* Fall through */
13714 case TCP_CONNTRACK_IGNORE:
13715 /* Ignored packets:
13716 *
13717 + * Our connection entry may be out of sync, so ignore
13718 + * packets which may signal the real connection between
13719 + * the client and the server.
13720 + *
13721 * a) SYN in ORIGINAL
13722 * b) SYN/ACK in REPLY
13723 * c) ACK in reply direction after initial SYN in original.
13724 + *
13725 + * If the ignored packet is invalid, the receiver will send
13726 + * a RST we'll catch below.
13727 */
13728 if (index == TCP_SYNACK_SET
13729 && conntrack->proto.tcp.last_index == TCP_SYN_SET
13730 && conntrack->proto.tcp.last_dir != dir
13731 && ntohl(th->ack_seq) ==
13732 conntrack->proto.tcp.last_end) {
13733 - /* This SYN/ACK acknowledges a SYN that we earlier
13734 + /* b) This SYN/ACK acknowledges a SYN that we earlier
13735 * ignored as invalid. This means that the client and
13736 * the server are both in sync, while the firewall is
13737 * not. We kill this session and block the SYN/ACK so
13738 @@ -876,7 +912,7 @@ static int tcp_packet(struct nf_conn *conntrack,
13739 write_unlock_bh(&tcp_lock);
13740 if (LOG_INVALID(IPPROTO_TCP))
13741 nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
13742 - "nf_ct_tcp: invalid packed ignored ");
13743 + "nf_ct_tcp: invalid packet ignored ");
13744 return NF_ACCEPT;
13745 case TCP_CONNTRACK_MAX:
13746 /* Invalid packet */
13747 @@ -888,27 +924,6 @@ static int tcp_packet(struct nf_conn *conntrack,
13748 nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
13749 "nf_ct_tcp: invalid state ");
13750 return -NF_ACCEPT;
13751 - case TCP_CONNTRACK_SYN_SENT:
13752 - if (old_state < TCP_CONNTRACK_TIME_WAIT)
13753 - break;
13754 - if ((conntrack->proto.tcp.seen[dir].flags &
13755 - IP_CT_TCP_FLAG_CLOSE_INIT)
13756 - || after(ntohl(th->seq),
13757 - conntrack->proto.tcp.seen[dir].td_end)) {
13758 - /* Attempt to reopen a closed connection.
13759 - * Delete this connection and look up again. */
13760 - write_unlock_bh(&tcp_lock);
13761 - if (del_timer(&conntrack->timeout))
13762 - conntrack->timeout.function((unsigned long)
13763 - conntrack);
13764 - return -NF_REPEAT;
13765 - } else {
13766 - write_unlock_bh(&tcp_lock);
13767 - if (LOG_INVALID(IPPROTO_TCP))
13768 - nf_log_packet(pf, 0, skb, NULL, NULL,
13769 - NULL, "nf_ct_tcp: invalid SYN");
13770 - return -NF_ACCEPT;
13771 - }
13772 case TCP_CONNTRACK_CLOSE:
13773 if (index == TCP_RST_SET
13774 && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)
13775 @@ -941,6 +956,7 @@ static int tcp_packet(struct nf_conn *conntrack,
13776 in_window:
13777 /* From now on we have got in-window packets */
13778 conntrack->proto.tcp.last_index = index;
13779 + conntrack->proto.tcp.last_dir = dir;
13781 DEBUGP("tcp_conntracks: src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu "
13782 "syn=%i ack=%i fin=%i rst=%i old=%i new=%i\n",
13783 @@ -952,8 +968,7 @@ static int tcp_packet(struct nf_conn *conntrack,
13785 conntrack->proto.tcp.state = new_state;
13786 if (old_state != new_state
13787 - && (new_state == TCP_CONNTRACK_FIN_WAIT
13788 - || new_state == TCP_CONNTRACK_CLOSE))
13789 + && new_state == TCP_CONNTRACK_FIN_WAIT)
13790 conntrack->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT;
13791 timeout = conntrack->proto.tcp.retrans >= nf_ct_tcp_max_retrans
13792 && *tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans
13793 diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
13794 index 15fe8f6..fe7b3d8 100644
13795 --- a/net/netfilter/xt_TCPMSS.c
13796 +++ b/net/netfilter/xt_TCPMSS.c
13797 @@ -178,10 +178,8 @@ xt_tcpmss_target6(struct sk_buff **pskb,
13799 nexthdr = ipv6h->nexthdr;
13800 tcphoff = ipv6_skip_exthdr(*pskb, sizeof(*ipv6h), &nexthdr);
13801 - if (tcphoff < 0) {
13802 - WARN_ON(1);
13803 + if (tcphoff < 0)
13804 return NF_DROP;
13805 - }
13806 ret = tcpmss_mangle_packet(pskb, targinfo, tcphoff,
13807 sizeof(*ipv6h) + sizeof(struct tcphdr));
13808 if (ret < 0)
13809 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
13810 index 1f15821..6ac83c2 100644
13811 --- a/net/netlink/af_netlink.c
13812 +++ b/net/netlink/af_netlink.c
13813 @@ -732,7 +732,7 @@ struct sock *netlink_getsockbyfilp(struct file *filp)
13814 * 1: repeat lookup - reference dropped while waiting for socket memory.
13815 */
13816 int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
13817 - long timeo, struct sock *ssk)
13818 + long *timeo, struct sock *ssk)
13819 {
13820 struct netlink_sock *nlk;
13822 @@ -741,7 +741,7 @@ int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
13823 if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf ||
13824 test_bit(0, &nlk->state)) {
13825 DECLARE_WAITQUEUE(wait, current);
13826 - if (!timeo) {
13827 + if (!*timeo) {
13828 if (!ssk || nlk_sk(ssk)->pid == 0)
13829 netlink_overrun(sk);
13830 sock_put(sk);
13831 @@ -755,7 +755,7 @@ int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
13832 if ((atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf ||
13833 test_bit(0, &nlk->state)) &&
13834 !sock_flag(sk, SOCK_DEAD))
13835 - timeo = schedule_timeout(timeo);
13836 + *timeo = schedule_timeout(*timeo);
13838 __set_current_state(TASK_RUNNING);
13839 remove_wait_queue(&nlk->wait, &wait);
13840 @@ -763,7 +763,7 @@ int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
13842 if (signal_pending(current)) {
13843 kfree_skb(skb);
13844 - return sock_intr_errno(timeo);
13845 + return sock_intr_errno(*timeo);
13846 }
13847 return 1;
13848 }
13849 @@ -827,7 +827,7 @@ retry:
13850 kfree_skb(skb);
13851 return PTR_ERR(sk);
13852 }
13853 - err = netlink_attachskb(sk, skb, nonblock, timeo, ssk);
13854 + err = netlink_attachskb(sk, skb, nonblock, &timeo, ssk);
13855 if (err == 1)
13856 goto retry;
13857 if (err)
13858 diff --git a/net/netrom/nr_dev.c b/net/netrom/nr_dev.c
13859 index c7b5d93..69e77d5 100644
13860 --- a/net/netrom/nr_dev.c
13861 +++ b/net/netrom/nr_dev.c
13862 @@ -56,7 +56,7 @@ int nr_rx_ip(struct sk_buff *skb, struct net_device *dev)
13864 /* Spoof incoming device */
13865 skb->dev = dev;
13866 - skb_reset_mac_header(skb);
13867 + skb->mac_header = skb->network_header;
13868 skb_reset_network_header(skb);
13869 skb->pkt_type = PACKET_HOST;
13871 diff --git a/net/rfkill/rfkill-input.c b/net/rfkill/rfkill-input.c
13872 index e5c840c..230e35c 100644
13873 --- a/net/rfkill/rfkill-input.c
13874 +++ b/net/rfkill/rfkill-input.c
13875 @@ -55,7 +55,7 @@ static void rfkill_task_handler(struct work_struct *work)
13877 static void rfkill_schedule_toggle(struct rfkill_task *task)
13878 {
13879 - unsigned int flags;
13880 + unsigned long flags;
13882 spin_lock_irqsave(&task->lock, flags);
13884 diff --git a/net/rose/rose_loopback.c b/net/rose/rose_loopback.c
13885 index cd01642..114df6e 100644
13886 --- a/net/rose/rose_loopback.c
13887 +++ b/net/rose/rose_loopback.c
13888 @@ -79,7 +79,7 @@ static void rose_loopback_timer(unsigned long param)
13890 skb_reset_transport_header(skb);
13892 - sk = rose_find_socket(lci_o, &rose_loopback_neigh);
13893 + sk = rose_find_socket(lci_o, rose_loopback_neigh);
13894 if (sk) {
13895 if (rose_process_rx_frame(sk, skb) == 0)
13896 kfree_skb(skb);
13897 @@ -88,7 +88,7 @@ static void rose_loopback_timer(unsigned long param)
13899 if (frametype == ROSE_CALL_REQUEST) {
13900 if ((dev = rose_dev_get(dest)) != NULL) {
13901 - if (rose_rx_call_request(skb, dev, &rose_loopback_neigh, lci_o) == 0)
13902 + if (rose_rx_call_request(skb, dev, rose_loopback_neigh, lci_o) == 0)
13903 kfree_skb(skb);
13904 } else {
13905 kfree_skb(skb);
13906 diff --git a/net/rose/rose_route.c b/net/rose/rose_route.c
13907 index 929a784..163f346 100644
13908 --- a/net/rose/rose_route.c
13909 +++ b/net/rose/rose_route.c
13910 @@ -45,7 +45,7 @@ static DEFINE_SPINLOCK(rose_neigh_list_lock);
13911 static struct rose_route *rose_route_list;
13912 static DEFINE_SPINLOCK(rose_route_list_lock);
13914 -struct rose_neigh rose_loopback_neigh;
13915 +struct rose_neigh *rose_loopback_neigh;
13917 /*
13918 * Add a new route to a node, and in the process add the node and the
13919 @@ -362,7 +362,12 @@ out:
13920 */
13921 void rose_add_loopback_neigh(void)
13922 {
13923 - struct rose_neigh *sn = &rose_loopback_neigh;
13924 + struct rose_neigh *sn;
13925 +
13926 + rose_loopback_neigh = kmalloc(sizeof(struct rose_neigh), GFP_KERNEL);
13927 + if (!rose_loopback_neigh)
13928 + return;
13929 + sn = rose_loopback_neigh;
13931 sn->callsign = null_ax25_address;
13932 sn->digipeat = NULL;
13933 @@ -417,13 +422,13 @@ int rose_add_loopback_node(rose_address *address)
13934 rose_node->mask = 10;
13935 rose_node->count = 1;
13936 rose_node->loopback = 1;
13937 - rose_node->neighbour[0] = &rose_loopback_neigh;
13938 + rose_node->neighbour[0] = rose_loopback_neigh;
13940 /* Insert at the head of list. Address is always mask=10 */
13941 rose_node->next = rose_node_list;
13942 rose_node_list = rose_node;
13944 - rose_loopback_neigh.count++;
13945 + rose_loopback_neigh->count++;
13947 out:
13948 spin_unlock_bh(&rose_node_list_lock);
13949 @@ -454,7 +459,7 @@ void rose_del_loopback_node(rose_address *address)
13951 rose_remove_node(rose_node);
13953 - rose_loopback_neigh.count--;
13954 + rose_loopback_neigh->count--;
13956 out:
13957 spin_unlock_bh(&rose_node_list_lock);
13958 diff --git a/net/rxrpc/Kconfig b/net/rxrpc/Kconfig
13959 index e662f1d..0d3103c 100644
13960 --- a/net/rxrpc/Kconfig
13961 +++ b/net/rxrpc/Kconfig
13962 @@ -5,6 +5,7 @@
13963 config AF_RXRPC
13964 tristate "RxRPC session sockets"
13965 depends on INET && EXPERIMENTAL
13966 + select CRYPTO
13967 select KEYS
13968 help
13969 Say Y or M here to include support for RxRPC session sockets (just
13970 diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
13971 index c7a347b..1d36265 100644
13972 --- a/net/sched/cls_u32.c
13973 +++ b/net/sched/cls_u32.c
13974 @@ -107,7 +107,7 @@ static struct tc_u_common *u32_list;
13976 static __inline__ unsigned u32_hash_fold(u32 key, struct tc_u32_sel *sel, u8 fshift)
13977 {
13978 - unsigned h = (key & sel->hmask)>>fshift;
13979 + unsigned h = ntohl(key & sel->hmask)>>fshift;
13981 return h;
13982 }
13983 @@ -518,7 +518,7 @@ static int u32_set_parms(struct tcf_proto *tp, unsigned long base,
13985 #ifdef CONFIG_NET_CLS_IND
13986 if (tb[TCA_U32_INDEV-1]) {
13987 - int err = tcf_change_indev(tp, n->indev, tb[TCA_U32_INDEV-1]);
13988 + err = tcf_change_indev(tp, n->indev, tb[TCA_U32_INDEV-1]);
13989 if (err < 0)
13990 goto errout;
13991 }
13992 @@ -631,7 +631,7 @@ static int u32_change(struct tcf_proto *tp, unsigned long base, u32 handle,
13993 n->handle = handle;
13994 {
13995 u8 i = 0;
13996 - u32 mask = s->hmask;
13997 + u32 mask = ntohl(s->hmask);
13998 if (mask) {
13999 while (!(mask & 1)) {
14000 i++;
14001 diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
14002 index bec600a..7a6b0b7 100644
14003 --- a/net/sched/sch_api.c
14004 +++ b/net/sched/sch_api.c
14005 @@ -290,11 +290,7 @@ static enum hrtimer_restart qdisc_watchdog(struct hrtimer *timer)
14007 wd->qdisc->flags &= ~TCQ_F_THROTTLED;
14008 smp_wmb();
14009 - if (spin_trylock(&dev->queue_lock)) {
14010 - qdisc_run(dev);
14011 - spin_unlock(&dev->queue_lock);
14012 - } else
14013 - netif_schedule(dev);
14014 + netif_schedule(dev);
14016 return HRTIMER_NORESTART;
14017 }
14018 diff --git a/net/sched/sch_teql.c b/net/sched/sch_teql.c
14019 index f05ad9a..656ccd9 100644
14020 --- a/net/sched/sch_teql.c
14021 +++ b/net/sched/sch_teql.c
14022 @@ -263,6 +263,9 @@ __teql_resolve(struct sk_buff *skb, struct sk_buff *skb_res, struct net_device *
14023 static __inline__ int
14024 teql_resolve(struct sk_buff *skb, struct sk_buff *skb_res, struct net_device *dev)
14025 {
14026 + if (dev->qdisc == &noop_qdisc)
14027 + return -ENODEV;
14028 +
14029 if (dev->hard_header == NULL ||
14030 skb->dst == NULL ||
14031 skb->dst->neighbour == NULL)
14032 diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
14033 index 2c29394..2164b51 100644
14034 --- a/net/sctp/ipv6.c
14035 +++ b/net/sctp/ipv6.c
14036 @@ -875,6 +875,10 @@ static int sctp_inet6_send_verify(struct sctp_sock *opt, union sctp_addr *addr)
14037 dev = dev_get_by_index(addr->v6.sin6_scope_id);
14038 if (!dev)
14039 return 0;
14040 + if (!ipv6_chk_addr(&addr->v6.sin6_addr, dev, 0)) {
14041 + dev_put(dev);
14042 + return 0;
14043 + }
14044 dev_put(dev);
14045 }
14046 af = opt->pf->af;
14047 diff --git a/net/socket.c b/net/socket.c
14048 index f453019..8211578 100644
14049 --- a/net/socket.c
14050 +++ b/net/socket.c
14051 @@ -778,9 +778,6 @@ static ssize_t sock_aio_write(struct kiocb *iocb, const struct iovec *iov,
14052 if (pos != 0)
14053 return -ESPIPE;
14055 - if (iocb->ki_left == 0) /* Match SYS5 behaviour */
14056 - return 0;
14057 -
14058 x = alloc_sock_iocb(iocb, &siocb);
14059 if (!x)
14060 return -ENOMEM;
14061 @@ -1169,7 +1166,7 @@ static int __sock_create(int family, int type, int protocol,
14062 module_put(pf->owner);
14063 err = security_socket_post_create(sock, family, type, protocol, kern);
14064 if (err)
14065 - goto out_release;
14066 + goto out_sock_release;
14067 *res = sock;
14069 return 0;
14070 @@ -1249,11 +1246,14 @@ asmlinkage long sys_socketpair(int family, int type, int protocol,
14071 goto out_release_both;
14073 fd1 = sock_alloc_fd(&newfile1);
14074 - if (unlikely(fd1 < 0))
14075 + if (unlikely(fd1 < 0)) {
14076 + err = fd1;
14077 goto out_release_both;
14078 + }
14080 fd2 = sock_alloc_fd(&newfile2);
14081 if (unlikely(fd2 < 0)) {
14082 + err = fd2;
14083 put_filp(newfile1);
14084 put_unused_fd(fd1);
14085 goto out_release_both;
14086 diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
14087 index 099a983..805e725 100644
14088 --- a/net/sunrpc/auth_gss/svcauth_gss.c
14089 +++ b/net/sunrpc/auth_gss/svcauth_gss.c
14090 @@ -760,11 +760,12 @@ svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
14091 new->h.flavour = &svcauthops_gss;
14092 new->pseudoflavor = pseudoflavor;
14094 + stat = 0;
14095 test = auth_domain_lookup(name, &new->h);
14096 - if (test != &new->h) { /* XXX Duplicate registration? */
14097 - auth_domain_put(&new->h);
14098 - /* dangling ref-count... */
14099 - goto out;
14100 + if (test != &new->h) { /* Duplicate registration */
14101 + auth_domain_put(test);
14102 + kfree(new->h.name);
14103 + goto out_free_dom;
14104 }
14105 return 0;
14107 diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
14108 index 5baf48d..80a0091 100644
14109 --- a/net/sunrpc/svcsock.c
14110 +++ b/net/sunrpc/svcsock.c
14111 @@ -1090,7 +1090,8 @@ svc_tcp_accept(struct svc_sock *svsk)
14112 serv->sv_name);
14113 printk(KERN_NOTICE
14114 "%s: last TCP connect from %s\n",
14115 - serv->sv_name, buf);
14116 + serv->sv_name, __svc_print_addr(sin,
14117 + buf, sizeof(buf)));
14118 }
14119 /*
14120 * Always select the oldest socket. It's not fair,
14121 @@ -1572,7 +1573,8 @@ svc_age_temp_sockets(unsigned long closure)
14123 if (!test_and_set_bit(SK_OLD, &svsk->sk_flags))
14124 continue;
14125 - if (atomic_read(&svsk->sk_inuse) || test_bit(SK_BUSY, &svsk->sk_flags))
14126 + if (atomic_read(&svsk->sk_inuse) > 1
14127 + || test_bit(SK_BUSY, &svsk->sk_flags))
14128 continue;
14129 atomic_inc(&svsk->sk_inuse);
14130 list_move(le, &to_be_aged);
14131 diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
14132 index d70fa30..ae80150 100644
14133 --- a/net/unix/af_unix.c
14134 +++ b/net/unix/af_unix.c
14135 @@ -1608,8 +1608,15 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
14136 mutex_lock(&u->readlock);
14138 skb = skb_recv_datagram(sk, flags, noblock, &err);
14139 - if (!skb)
14140 + if (!skb) {
14141 + unix_state_lock(sk);
14142 + /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
14143 + if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
14144 + (sk->sk_shutdown & RCV_SHUTDOWN))
14145 + err = 0;
14146 + unix_state_unlock(sk);
14147 goto out_unlock;
14148 + }
14150 wake_up_interruptible(&u->peer_wait);
14152 diff --git a/net/x25/x25_forward.c b/net/x25/x25_forward.c
14153 index 8738ec7..3447803 100644
14154 --- a/net/x25/x25_forward.c
14155 +++ b/net/x25/x25_forward.c
14156 @@ -118,13 +118,14 @@ int x25_forward_data(int lci, struct x25_neigh *from, struct sk_buff *skb) {
14157 goto out;
14159 if ( (skbn = pskb_copy(skb, GFP_ATOMIC)) == NULL){
14160 - goto out;
14161 + goto output;
14163 }
14164 x25_transmit_link(skbn, nb);
14166 - x25_neigh_put(nb);
14167 rc = 1;
14168 +output:
14169 + x25_neigh_put(nb);
14170 out:
14171 return rc;
14172 }
14173 diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
14174 index 157bfbd..1c86a23 100644
14175 --- a/net/xfrm/xfrm_policy.c
14176 +++ b/net/xfrm/xfrm_policy.c
14177 @@ -1479,8 +1479,9 @@ restart:
14179 if (sk && sk->sk_policy[1]) {
14180 policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl);
14181 + err = PTR_ERR(policy);
14182 if (IS_ERR(policy))
14183 - return PTR_ERR(policy);
14184 + goto dropdst;
14185 }
14187 if (!policy) {
14188 @@ -1491,8 +1492,9 @@ restart:
14190 policy = flow_cache_lookup(fl, dst_orig->ops->family,
14191 dir, xfrm_policy_lookup);
14192 + err = PTR_ERR(policy);
14193 if (IS_ERR(policy))
14194 - return PTR_ERR(policy);
14195 + goto dropdst;
14196 }
14198 if (!policy)
14199 @@ -1661,8 +1663,9 @@ restart:
14200 return 0;
14202 error:
14203 - dst_release(dst_orig);
14204 xfrm_pols_put(pols, npols);
14205 +dropdst:
14206 + dst_release(dst_orig);
14207 *dst_p = NULL;
14208 return err;
14209 }
14210 @@ -2141,7 +2144,7 @@ int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first,
14211 if (last == first)
14212 break;
14214 - last = last->u.next;
14215 + last = (struct xfrm_dst *)last->u.dst.next;
14216 last->child_mtu_cached = mtu;
14217 }
14219 diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
14220 index dfacb9c..7775488 100644
14221 --- a/net/xfrm/xfrm_state.c
14222 +++ b/net/xfrm/xfrm_state.c
14223 @@ -371,7 +371,7 @@ int __xfrm_state_delete(struct xfrm_state *x)
14224 * The xfrm_state_alloc call gives a reference, and that
14225 * is what we are dropping here.
14226 */
14227 - __xfrm_state_put(x);
14228 + xfrm_state_put(x);
14229 err = 0;
14230 }
14232 diff --git a/scripts/kconfig/conf.c b/scripts/kconfig/conf.c
14233 index 1199baf..45550d2 100644
14234 --- a/scripts/kconfig/conf.c
14235 +++ b/scripts/kconfig/conf.c
14236 @@ -64,7 +64,7 @@ static void check_stdin(void)
14237 }
14238 }
14240 -static void conf_askvalue(struct symbol *sym, const char *def)
14241 +static int conf_askvalue(struct symbol *sym, const char *def)
14242 {
14243 enum symbol_type type = sym_get_type(sym);
14244 tristate val;
14245 @@ -79,7 +79,7 @@ static void conf_askvalue(struct symbol *sym, const char *def)
14246 printf("%s\n", def);
14247 line[0] = '\n';
14248 line[1] = 0;
14249 - return;
14250 + return 0;
14251 }
14253 switch (input_mode) {
14254 @@ -89,23 +89,23 @@ static void conf_askvalue(struct symbol *sym, const char *def)
14255 case set_random:
14256 if (sym_has_value(sym)) {
14257 printf("%s\n", def);
14258 - return;
14259 + return 0;
14260 }
14261 break;
14262 case ask_new:
14263 case ask_silent:
14264 if (sym_has_value(sym)) {
14265 printf("%s\n", def);
14266 - return;
14267 + return 0;
14268 }
14269 check_stdin();
14270 case ask_all:
14271 fflush(stdout);
14272 fgets(line, 128, stdin);
14273 - return;
14274 + return 1;
14275 case set_default:
14276 printf("%s\n", def);
14277 - return;
14278 + return 1;
14279 default:
14280 break;
14281 }
14282 @@ -115,7 +115,7 @@ static void conf_askvalue(struct symbol *sym, const char *def)
14283 case S_HEX:
14284 case S_STRING:
14285 printf("%s\n", def);
14286 - return;
14287 + return 1;
14288 default:
14289 ;
14290 }
14291 @@ -166,6 +166,7 @@ static void conf_askvalue(struct symbol *sym, const char *def)
14292 break;
14293 }
14294 printf("%s", line);
14295 + return 1;
14296 }
14298 int conf_string(struct menu *menu)
14299 @@ -179,7 +180,8 @@ int conf_string(struct menu *menu)
14300 def = sym_get_string_value(sym);
14301 if (sym_get_string_value(sym))
14302 printf("[%s] ", def);
14303 - conf_askvalue(sym, def);
14304 + if (!conf_askvalue(sym, def))
14305 + return 0;
14306 switch (line[0]) {
14307 case '\n':
14308 break;
14309 @@ -236,7 +238,8 @@ static int conf_sym(struct menu *menu)
14310 if (sym->help)
14311 printf("/?");
14312 printf("] ");
14313 - conf_askvalue(sym, sym_get_string_value(sym));
14314 + if (!conf_askvalue(sym, sym_get_string_value(sym)))
14315 + return 0;
14316 strip(line);
14318 switch (line[0]) {
14319 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
14320 index ad8dd4e..1ee7ca9 100644
14321 --- a/security/selinux/hooks.c
14322 +++ b/security/selinux/hooks.c
14323 @@ -1906,6 +1906,9 @@ static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
14324 spin_unlock_irq(¤t->sighand->siglock);
14325 }
14327 + /* Always clear parent death signal on SID transitions. */
14328 + current->pdeath_signal = 0;
14329 +
14330 /* Check whether the new SID can inherit resource limits
14331 from the old SID. If not, reset all soft limits to
14332 the lower of the current task's hard limit and the init
14333 diff --git a/sound/core/memalloc.c b/sound/core/memalloc.c
14334 index f057430..9b5656d 100644
14335 --- a/sound/core/memalloc.c
14336 +++ b/sound/core/memalloc.c
14337 @@ -27,6 +27,7 @@
14338 #include <linux/pci.h>
14339 #include <linux/slab.h>
14340 #include <linux/mm.h>
14341 +#include <linux/seq_file.h>
14342 #include <asm/uaccess.h>
14343 #include <linux/dma-mapping.h>
14344 #include <linux/moduleparam.h>
14345 @@ -481,53 +482,54 @@ static void free_all_reserved_pages(void)
14346 #define SND_MEM_PROC_FILE "driver/snd-page-alloc"
14347 static struct proc_dir_entry *snd_mem_proc;
14349 -static int snd_mem_proc_read(char *page, char **start, off_t off,
14350 - int count, int *eof, void *data)
14351 +static int snd_mem_proc_read(struct seq_file *seq, void *offset)
14352 {
14353 - int len = 0;
14354 long pages = snd_allocated_pages >> (PAGE_SHIFT-12);
14355 struct snd_mem_list *mem;
14356 int devno;
14357 static char *types[] = { "UNKNOWN", "CONT", "DEV", "DEV-SG", "SBUS" };
14359 mutex_lock(&list_mutex);
14360 - len += snprintf(page + len, count - len,
14361 - "pages : %li bytes (%li pages per %likB)\n",
14362 - pages * PAGE_SIZE, pages, PAGE_SIZE / 1024);
14363 + seq_printf(seq, "pages : %li bytes (%li pages per %likB)\n",
14364 + pages * PAGE_SIZE, pages, PAGE_SIZE / 1024);
14365 devno = 0;
14366 list_for_each_entry(mem, &mem_list_head, list) {
14367 devno++;
14368 - len += snprintf(page + len, count - len,
14369 - "buffer %d : ID %08x : type %s\n",
14370 - devno, mem->id, types[mem->buffer.dev.type]);
14371 - len += snprintf(page + len, count - len,
14372 - " addr = 0x%lx, size = %d bytes\n",
14373 - (unsigned long)mem->buffer.addr, (int)mem->buffer.bytes);
14374 + seq_printf(seq, "buffer %d : ID %08x : type %s\n",
14375 + devno, mem->id, types[mem->buffer.dev.type]);
14376 + seq_printf(seq, " addr = 0x%lx, size = %d bytes\n",
14377 + (unsigned long)mem->buffer.addr,
14378 + (int)mem->buffer.bytes);
14379 }
14380 mutex_unlock(&list_mutex);
14381 - return len;
14382 + return 0;
14383 +}
14384 +
14385 +static int snd_mem_proc_open(struct inode *inode, struct file *file)
14386 +{
14387 + return single_open(file, snd_mem_proc_read, NULL);
14388 }
14390 /* FIXME: for pci only - other bus? */
14391 #ifdef CONFIG_PCI
14392 #define gettoken(bufp) strsep(bufp, " \t\n")
14394 -static int snd_mem_proc_write(struct file *file, const char __user *buffer,
14395 - unsigned long count, void *data)
14396 +static ssize_t snd_mem_proc_write(struct file *file, const char __user * buffer,
14397 + size_t count, loff_t * ppos)
14398 {
14399 char buf[128];
14400 char *token, *p;
14402 - if (count > ARRAY_SIZE(buf) - 1)
14403 - count = ARRAY_SIZE(buf) - 1;
14404 + if (count > sizeof(buf) - 1)
14405 + return -EINVAL;
14406 if (copy_from_user(buf, buffer, count))
14407 return -EFAULT;
14408 - buf[ARRAY_SIZE(buf) - 1] = '\0';
14409 + buf[count] = '\0';
14411 p = buf;
14412 token = gettoken(&p);
14413 if (! token || *token == '#')
14414 - return (int)count;
14415 + return count;
14416 if (strcmp(token, "add") == 0) {
14417 char *endp;
14418 int vendor, device, size, buffers;
14419 @@ -548,7 +550,7 @@ static int snd_mem_proc_write(struct file *file, const char __user *buffer,
14420 (buffers = simple_strtol(token, NULL, 0)) <= 0 ||
14421 buffers > 4) {
14422 printk(KERN_ERR "snd-page-alloc: invalid proc write format\n");
14423 - return (int)count;
14424 + return count;
14425 }
14426 vendor &= 0xffff;
14427 device &= 0xffff;
14428 @@ -560,7 +562,7 @@ static int snd_mem_proc_write(struct file *file, const char __user *buffer,
14429 if (pci_set_dma_mask(pci, mask) < 0 ||
14430 pci_set_consistent_dma_mask(pci, mask) < 0) {
14431 printk(KERN_ERR "snd-page-alloc: cannot set DMA mask %lx for pci %04x:%04x\n", mask, vendor, device);
14432 - return (int)count;
14433 + return count;
14434 }
14435 }
14436 for (i = 0; i < buffers; i++) {
14437 @@ -570,7 +572,7 @@ static int snd_mem_proc_write(struct file *file, const char __user *buffer,
14438 size, &dmab) < 0) {
14439 printk(KERN_ERR "snd-page-alloc: cannot allocate buffer pages (size = %d)\n", size);
14440 pci_dev_put(pci);
14441 - return (int)count;
14442 + return count;
14443 }
14444 snd_dma_reserve_buf(&dmab, snd_dma_pci_buf_id(pci));
14445 }
14446 @@ -596,9 +598,21 @@ static int snd_mem_proc_write(struct file *file, const char __user *buffer,
14447 free_all_reserved_pages();
14448 else
14449 printk(KERN_ERR "snd-page-alloc: invalid proc cmd\n");
14450 - return (int)count;
14451 + return count;
14452 }
14453 #endif /* CONFIG_PCI */
14454 +
14455 +static const struct file_operations snd_mem_proc_fops = {
14456 + .owner = THIS_MODULE,
14457 + .open = snd_mem_proc_open,
14458 + .read = seq_read,
14459 +#ifdef CONFIG_PCI
14460 + .write = snd_mem_proc_write,
14461 +#endif
14462 + .llseek = seq_lseek,
14463 + .release = single_release,
14464 +};
14465 +
14466 #endif /* CONFIG_PROC_FS */
14468 /*
14469 @@ -609,12 +623,8 @@ static int __init snd_mem_init(void)
14470 {
14471 #ifdef CONFIG_PROC_FS
14472 snd_mem_proc = create_proc_entry(SND_MEM_PROC_FILE, 0644, NULL);
14473 - if (snd_mem_proc) {
14474 - snd_mem_proc->read_proc = snd_mem_proc_read;
14475 -#ifdef CONFIG_PCI
14476 - snd_mem_proc->write_proc = snd_mem_proc_write;
14477 -#endif
14478 - }
14479 + if (snd_mem_proc)
14480 + snd_mem_proc->proc_fops = &snd_mem_proc_fops;
14481 #endif
14482 return 0;
14483 }
14484 diff --git a/sound/oss/via82cxxx_audio.c b/sound/oss/via82cxxx_audio.c
14485 index 5d3c037..f95aa09 100644
14486 --- a/sound/oss/via82cxxx_audio.c
14487 +++ b/sound/oss/via82cxxx_audio.c
14488 @@ -2104,6 +2104,7 @@ static struct page * via_mm_nopage (struct vm_area_struct * vma,
14489 {
14490 struct via_info *card = vma->vm_private_data;
14491 struct via_channel *chan = &card->ch_out;
14492 + unsigned long max_bufs;
14493 struct page *dmapage;
14494 unsigned long pgoff;
14495 int rd, wr;
14496 @@ -2127,14 +2128,11 @@ static struct page * via_mm_nopage (struct vm_area_struct * vma,
14497 rd = card->ch_in.is_mapped;
14498 wr = card->ch_out.is_mapped;
14500 -#ifndef VIA_NDEBUG
14501 - {
14502 - unsigned long max_bufs = chan->frag_number;
14503 - if (rd && wr) max_bufs *= 2;
14504 - /* via_dsp_mmap() should ensure this */
14505 - assert (pgoff < max_bufs);
14506 - }
14507 -#endif
14508 + max_bufs = chan->frag_number;
14509 + if (rd && wr)
14510 + max_bufs *= 2;
14511 + if (pgoff >= max_bufs)
14512 + return NOPAGE_SIGBUS;
14514 /* if full-duplex (read+write) and we have two sets of bufs,
14515 * then the playback buffers come first, sez soundcard.c */
14516 diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
14517 index e3964fc..d5b2f53 100644
14518 --- a/sound/pci/hda/patch_sigmatel.c
14519 +++ b/sound/pci/hda/patch_sigmatel.c
14520 @@ -153,8 +153,9 @@ static hda_nid_t stac925x_dac_nids[1] = {
14521 0x02,
14522 };
14524 -static hda_nid_t stac925x_dmic_nids[1] = {
14525 - 0x15,
14526 +#define STAC925X_NUM_DMICS 1
14527 +static hda_nid_t stac925x_dmic_nids[STAC925X_NUM_DMICS + 1] = {
14528 + 0x15, 0
14529 };
14531 static hda_nid_t stac922x_adc_nids[2] = {
14532 @@ -181,8 +182,9 @@ static hda_nid_t stac9205_mux_nids[2] = {
14533 0x19, 0x1a
14534 };
14536 -static hda_nid_t stac9205_dmic_nids[2] = {
14537 - 0x17, 0x18,
14538 +#define STAC9205_NUM_DMICS 2
14539 +static hda_nid_t stac9205_dmic_nids[STAC9205_NUM_DMICS + 1] = {
14540 + 0x17, 0x18, 0
14541 };
14543 static hda_nid_t stac9200_pin_nids[8] = {
14544 @@ -1972,7 +1974,7 @@ static int patch_stac925x(struct hda_codec *codec)
14545 case 0x83847633: /* STAC9202D */
14546 case 0x83847636: /* STAC9251 */
14547 case 0x83847637: /* STAC9251D */
14548 - spec->num_dmics = 1;
14549 + spec->num_dmics = STAC925X_NUM_DMICS;
14550 spec->dmic_nids = stac925x_dmic_nids;
14551 break;
14552 default:
14553 @@ -2202,7 +2204,7 @@ static int patch_stac9205(struct hda_codec *codec)
14554 spec->mux_nids = stac9205_mux_nids;
14555 spec->num_muxes = ARRAY_SIZE(stac9205_mux_nids);
14556 spec->dmic_nids = stac9205_dmic_nids;
14557 - spec->num_dmics = ARRAY_SIZE(stac9205_dmic_nids);
14558 + spec->num_dmics = STAC9205_NUM_DMICS;
14559 spec->dmux_nid = 0x1d;
14561 spec->init = stac9205_core_init;
14562 diff --git a/sound/pci/rme9652/hdsp.c b/sound/pci/rme9652/hdsp.c
14563 index 3b3ef65..75dcb9a 100644
14564 --- a/sound/pci/rme9652/hdsp.c
14565 +++ b/sound/pci/rme9652/hdsp.c
14566 @@ -3108,6 +3108,9 @@ static int hdsp_dds_offset(struct hdsp *hdsp)
14567 unsigned int dds_value = hdsp->dds_value;
14568 int system_sample_rate = hdsp->system_sample_rate;
14570 + if (!dds_value)
14571 + return 0;
14572 +
14573 n = DDS_NUMERATOR;
14574 /*
14575 * dds_value = n / rate
14576 diff --git a/sound/usb/usx2y/usX2Yhwdep.c b/sound/usb/usx2y/usX2Yhwdep.c
14577 index b76b3dd..e617d7e 100644
14578 --- a/sound/usb/usx2y/usX2Yhwdep.c
14579 +++ b/sound/usb/usx2y/usX2Yhwdep.c
14580 @@ -88,7 +88,7 @@ static int snd_us428ctls_mmap(struct snd_hwdep * hw, struct file *filp, struct v
14581 us428->us428ctls_sharedmem->CtlSnapShotLast = -2;
14582 }
14583 area->vm_ops = &us428ctls_vm_ops;
14584 - area->vm_flags |= VM_RESERVED;
14585 + area->vm_flags |= VM_RESERVED | VM_DONTEXPAND;
14586 area->vm_private_data = hw->private_data;
14587 return 0;
14588 }
14589 diff --git a/sound/usb/usx2y/usx2yhwdeppcm.c b/sound/usb/usx2y/usx2yhwdeppcm.c
14590 index a5e7bcd..6e70520 100644
14591 --- a/sound/usb/usx2y/usx2yhwdeppcm.c
14592 +++ b/sound/usb/usx2y/usx2yhwdeppcm.c
14593 @@ -728,7 +728,7 @@ static int snd_usX2Y_hwdep_pcm_mmap(struct snd_hwdep * hw, struct file *filp, st
14594 return -ENODEV;
14595 }
14596 area->vm_ops = &snd_usX2Y_hwdep_pcm_vm_ops;
14597 - area->vm_flags |= VM_RESERVED;
14598 + area->vm_flags |= VM_RESERVED | VM_DONTEXPAND;
14599 area->vm_private_data = hw->private_data;
14600 return 0;
14601 }