| blob | efd62d2044415c247882ea27990d6e6c6ef0fce1 |
1 diff --git a/Documentation/dvb/get_dvb_firmware b/Documentation/dvb/get_dvb_firmware
2 index 4820366..6cb3080 100644
3 --- a/Documentation/dvb/get_dvb_firmware
4 +++ b/Documentation/dvb/get_dvb_firmware
5 @@ -56,7 +56,7 @@ syntax();
7 sub sp8870 {
8 my $sourcefile = "tt_Premium_217g.zip";
9 - my $url = "http://www.technotrend.de/new/217g/$sourcefile";
10 + my $url = "http://www.softwarepatch.pl/9999ccd06a4813cb827dbb0005071c71/$sourcefile";
11 my $hash = "53970ec17a538945a6d8cb608a7b3899";
12 my $outfile = "dvb-fe-sp8870.fw";
13 my $tmpdir = tempdir(DIR => "/tmp", CLEANUP => 1);
14 @@ -110,21 +110,21 @@ sub tda10045 {
15 }
17 sub tda10046 {
18 - my $sourcefile = "tt_budget_217g.zip";
19 - my $url = "http://www.technotrend.de/new/217g/$sourcefile";
20 - my $hash = "6a7e1e2f2644b162ff0502367553c72d";
21 - my $outfile = "dvb-fe-tda10046.fw";
22 - my $tmpdir = tempdir(DIR => "/tmp", CLEANUP => 1);
23 + my $sourcefile = "TT_PCI_2.19h_28_11_2006.zip";
24 + my $url = "http://technotrend-online.com/download/software/219/$sourcefile";
25 + my $hash = "6a7e1e2f2644b162ff0502367553c72d";
26 + my $outfile = "dvb-fe-tda10046.fw";
27 + my $tmpdir = tempdir(DIR => "/tmp", CLEANUP => 1);
29 - checkstandard();
30 + checkstandard();
32 - wgetfile($sourcefile, $url);
33 - unzip($sourcefile, $tmpdir);
34 - extract("$tmpdir/software/OEM/PCI/App/ttlcdacc.dll", 0x3f731, 24478, "$tmpdir/fwtmp");
35 - verify("$tmpdir/fwtmp", $hash);
36 - copy("$tmpdir/fwtmp", $outfile);
37 + wgetfile($sourcefile, $url);
38 + unzip($sourcefile, $tmpdir);
39 + extract("$tmpdir/TT_PCI_2.19h_28_11_2006/software/OEM/PCI/App/ttlcdacc.dll", 0x65389, 24478, "$tmpdir/fwtmp");
40 + verify("$tmpdir/fwtmp", $hash);
41 + copy("$tmpdir/fwtmp", $outfile);
43 - $outfile;
44 + $outfile;
45 }
47 sub tda10046lifeview {
48 diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
49 index af50f9b..026e4e5 100644
50 --- a/Documentation/kernel-parameters.txt
51 +++ b/Documentation/kernel-parameters.txt
52 @@ -850,11 +850,6 @@ and is between 256 and 4096 characters. It is defined in the file
53 lasi= [HW,SCSI] PARISC LASI driver for the 53c700 chip
54 Format: addr:<io>,irq:<irq>
56 - legacy_serial.force [HW,IA-32,X86-64]
57 - Probe for COM ports at legacy addresses even
58 - if PNPBIOS or ACPI should describe them. This
59 - is for working around firmware defects.
60 -
61 llsc*= [IA64] See function print_params() in
62 arch/ia64/sn/kernel/llsc4.c.
64 diff --git a/Makefile b/Makefile
65 index de4f8f7..b5f32ce 100644
66 --- a/Makefile
67 +++ b/Makefile
68 @@ -1,7 +1,7 @@
69 VERSION = 2
70 PATCHLEVEL = 6
71 SUBLEVEL = 22
72 -EXTRAVERSION =
73 +EXTRAVERSION = .21-op1
74 NAME = Holy Dancing Manatees, Batman!
76 # *DOCUMENTATION*
77 diff --git a/arch/i386/Makefile b/arch/i386/Makefile
78 index bd28f9f..541b3ae 100644
79 --- a/arch/i386/Makefile
80 +++ b/arch/i386/Makefile
81 @@ -51,8 +51,8 @@ cflags-y += -maccumulate-outgoing-args
82 CFLAGS += $(shell if [ $(call cc-version) -lt 0400 ] ; then echo $(call cc-option,-fno-unit-at-a-time); fi ;)
84 # do binutils support CFI?
85 -cflags-y += $(call as-instr,.cfi_startproc\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
86 -AFLAGS += $(call as-instr,.cfi_startproc\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
87 +cflags-y += $(call as-instr,.cfi_startproc\n.cfi_rel_offset esp${comma}0\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
88 +AFLAGS += $(call as-instr,.cfi_startproc\n.cfi_rel_offset esp${comma}0\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
90 # is .cfi_signal_frame supported too?
91 cflags-y += $(call as-instr,.cfi_startproc\n.cfi_signal_frame\n.cfi_endproc,-DCONFIG_AS_CFI_SIGNAL_FRAME=1,)
92 diff --git a/arch/i386/kernel/Makefile b/arch/i386/kernel/Makefile
93 index 06da59f..e9297cb 100644
94 --- a/arch/i386/kernel/Makefile
95 +++ b/arch/i386/kernel/Makefile
96 @@ -35,7 +35,6 @@ obj-y += sysenter.o vsyscall.o
97 obj-$(CONFIG_ACPI_SRAT) += srat.o
98 obj-$(CONFIG_EFI) += efi.o efi_stub.o
99 obj-$(CONFIG_DOUBLEFAULT) += doublefault.o
100 -obj-$(CONFIG_SERIAL_8250) += legacy_serial.o
101 obj-$(CONFIG_VM86) += vm86.o
102 obj-$(CONFIG_EARLY_PRINTK) += early_printk.o
103 obj-$(CONFIG_HPET_TIMER) += hpet.o
104 diff --git a/arch/i386/kernel/apic.c b/arch/i386/kernel/apic.c
105 index 67824f3..a8ceb7a 100644
106 --- a/arch/i386/kernel/apic.c
107 +++ b/arch/i386/kernel/apic.c
108 @@ -61,8 +61,9 @@ static int enable_local_apic __initdata = 0;
110 /* Local APIC timer verification ok */
111 static int local_apic_timer_verify_ok;
112 -/* Disable local APIC timer from the kernel commandline or via dmi quirk */
113 -static int local_apic_timer_disabled;
114 +/* Disable local APIC timer from the kernel commandline or via dmi quirk
115 + or using CPU MSR check */
116 +int local_apic_timer_disabled;
117 /* Local APIC timer works in C2 */
118 int local_apic_timer_c2_ok;
119 EXPORT_SYMBOL_GPL(local_apic_timer_c2_ok);
120 @@ -367,12 +368,9 @@ void __init setup_boot_APIC_clock(void)
121 long delta, deltapm;
122 int pm_referenced = 0;
124 - if (boot_cpu_has(X86_FEATURE_LAPIC_TIMER_BROKEN))
125 - local_apic_timer_disabled = 1;
126 -
127 /*
128 * The local apic timer can be disabled via the kernel
129 - * commandline or from the test above. Register the lapic
130 + * commandline or from the CPU detection code. Register the lapic
131 * timer as a dummy clock event source on SMP systems, so the
132 * broadcast mechanism is used. On UP systems simply ignore it.
133 */
134 diff --git a/arch/i386/kernel/cpu/amd.c b/arch/i386/kernel/cpu/amd.c
135 index 6f47eee..9d23390 100644
136 --- a/arch/i386/kernel/cpu/amd.c
137 +++ b/arch/i386/kernel/cpu/amd.c
138 @@ -3,6 +3,7 @@
139 #include <linux/mm.h>
140 #include <asm/io.h>
141 #include <asm/processor.h>
142 +#include <asm/apic.h>
144 #include "cpu.h"
146 @@ -22,6 +23,7 @@
147 extern void vide(void);
148 __asm__(".align 4\nvide: ret");
150 +#ifdef CONFIG_X86_LOCAL_APIC
151 #define ENABLE_C1E_MASK 0x18000000
152 #define CPUID_PROCESSOR_SIGNATURE 1
153 #define CPUID_XFAM 0x0ff00000
154 @@ -52,6 +54,7 @@ static __cpuinit int amd_apic_timer_broken(void)
155 }
156 return 0;
157 }
158 +#endif
160 int force_mwait __cpuinitdata;
162 @@ -275,8 +278,10 @@ static void __cpuinit init_amd(struct cpuinfo_x86 *c)
163 if (cpuid_eax(0x80000000) >= 0x80000006)
164 num_cache_leaves = 3;
166 +#ifdef CONFIG_X86_LOCAL_APIC
167 if (amd_apic_timer_broken())
168 - set_bit(X86_FEATURE_LAPIC_TIMER_BROKEN, c->x86_capability);
169 + local_apic_timer_disabled = 1;
170 +#endif
172 if (c->x86 == 0x10 && !force_mwait)
173 clear_bit(X86_FEATURE_MWAIT, c->x86_capability);
174 diff --git a/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c b/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c
175 index 10baa35..18c8b67 100644
176 --- a/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c
177 +++ b/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c
178 @@ -167,11 +167,13 @@ static void do_drv_read(struct drv_cmd *cmd)
180 static void do_drv_write(struct drv_cmd *cmd)
181 {
182 - u32 h = 0;
183 + u32 lo, hi;
185 switch (cmd->type) {
186 case SYSTEM_INTEL_MSR_CAPABLE:
187 - wrmsr(cmd->addr.msr.reg, cmd->val, h);
188 + rdmsr(cmd->addr.msr.reg, lo, hi);
189 + lo = (lo & ~INTEL_MSR_RANGE) | (cmd->val & INTEL_MSR_RANGE);
190 + wrmsr(cmd->addr.msr.reg, lo, hi);
191 break;
192 case SYSTEM_IO_CAPABLE:
193 acpi_os_write_port((acpi_io_address)cmd->addr.io.port,
194 @@ -372,7 +374,6 @@ static int acpi_cpufreq_target(struct cpufreq_policy *policy,
195 struct cpufreq_freqs freqs;
196 cpumask_t online_policy_cpus;
197 struct drv_cmd cmd;
198 - unsigned int msr;
199 unsigned int next_state = 0; /* Index into freq_table */
200 unsigned int next_perf_state = 0; /* Index into perf table */
201 unsigned int i;
202 @@ -417,11 +418,7 @@ static int acpi_cpufreq_target(struct cpufreq_policy *policy,
203 case SYSTEM_INTEL_MSR_CAPABLE:
204 cmd.type = SYSTEM_INTEL_MSR_CAPABLE;
205 cmd.addr.msr.reg = MSR_IA32_PERF_CTL;
206 - msr =
207 - (u32) perf->states[next_perf_state].
208 - control & INTEL_MSR_RANGE;
209 - cmd.val = get_cur_val(online_policy_cpus);
210 - cmd.val = (cmd.val & ~INTEL_MSR_RANGE) | msr;
211 + cmd.val = (u32) perf->states[next_perf_state].control;
212 break;
213 case SYSTEM_IO_CAPABLE:
214 cmd.type = SYSTEM_IO_CAPABLE;
215 diff --git a/arch/i386/kernel/cpu/perfctr-watchdog.c b/arch/i386/kernel/cpu/perfctr-watchdog.c
216 index 4d26d51..996f6f8 100644
217 --- a/arch/i386/kernel/cpu/perfctr-watchdog.c
218 +++ b/arch/i386/kernel/cpu/perfctr-watchdog.c
219 @@ -346,7 +346,9 @@ static int setup_p6_watchdog(unsigned nmi_hz)
220 perfctr_msr = MSR_P6_PERFCTR0;
221 evntsel_msr = MSR_P6_EVNTSEL0;
223 - wrmsrl(perfctr_msr, 0UL);
224 + /* KVM doesn't implement this MSR */
225 + if (wrmsr_safe(perfctr_msr, 0, 0) < 0)
226 + return 0;
228 evntsel = P6_EVNTSEL_INT
229 | P6_EVNTSEL_OS
230 diff --git a/arch/i386/kernel/doublefault.c b/arch/i386/kernel/doublefault.c
231 index 265c559..40978af 100644
232 --- a/arch/i386/kernel/doublefault.c
233 +++ b/arch/i386/kernel/doublefault.c
234 @@ -13,7 +13,7 @@
235 static unsigned long doublefault_stack[DOUBLEFAULT_STACKSIZE];
236 #define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE)
238 -#define ptr_ok(x) ((x) > PAGE_OFFSET && (x) < PAGE_OFFSET + 0x1000000)
239 +#define ptr_ok(x) ((x) > PAGE_OFFSET && (x) < PAGE_OFFSET + MAXMEM)
241 static void doublefault_fn(void)
242 {
243 @@ -23,23 +23,23 @@ static void doublefault_fn(void)
244 store_gdt(&gdt_desc);
245 gdt = gdt_desc.address;
247 - printk("double fault, gdt at %08lx [%d bytes]\n", gdt, gdt_desc.size);
248 + printk(KERN_EMERG "PANIC: double fault, gdt at %08lx [%d bytes]\n", gdt, gdt_desc.size);
250 if (ptr_ok(gdt)) {
251 gdt += GDT_ENTRY_TSS << 3;
252 tss = *(u16 *)(gdt+2);
253 tss += *(u8 *)(gdt+4) << 16;
254 tss += *(u8 *)(gdt+7) << 24;
255 - printk("double fault, tss at %08lx\n", tss);
256 + printk(KERN_EMERG "double fault, tss at %08lx\n", tss);
258 if (ptr_ok(tss)) {
259 struct i386_hw_tss *t = (struct i386_hw_tss *)tss;
261 - printk("eip = %08lx, esp = %08lx\n", t->eip, t->esp);
262 + printk(KERN_EMERG "eip = %08lx, esp = %08lx\n", t->eip, t->esp);
264 - printk("eax = %08lx, ebx = %08lx, ecx = %08lx, edx = %08lx\n",
265 + printk(KERN_EMERG "eax = %08lx, ebx = %08lx, ecx = %08lx, edx = %08lx\n",
266 t->eax, t->ebx, t->ecx, t->edx);
267 - printk("esi = %08lx, edi = %08lx\n",
268 + printk(KERN_EMERG "esi = %08lx, edi = %08lx\n",
269 t->esi, t->edi);
270 }
271 }
272 @@ -63,6 +63,7 @@ struct tss_struct doublefault_tss __cacheline_aligned = {
273 .cs = __KERNEL_CS,
274 .ss = __KERNEL_DS,
275 .ds = __USER_DS,
276 + .fs = __KERNEL_PERCPU,
278 .__cr3 = __pa(swapper_pg_dir)
279 }
280 diff --git a/arch/i386/kernel/entry.S b/arch/i386/kernel/entry.S
281 index 3c3c220..b7be5cf 100644
282 --- a/arch/i386/kernel/entry.S
283 +++ b/arch/i386/kernel/entry.S
284 @@ -409,8 +409,6 @@ restore_nocheck_notrace:
285 1: INTERRUPT_RETURN
286 .section .fixup,"ax"
287 iret_exc:
288 - TRACE_IRQS_ON
289 - ENABLE_INTERRUPTS(CLBR_NONE)
290 pushl $0 # no error code
291 pushl $do_iret_error
292 jmp error_code
293 diff --git a/arch/i386/kernel/hpet.c b/arch/i386/kernel/hpet.c
294 index 17d7345..cbb4751 100644
295 --- a/arch/i386/kernel/hpet.c
296 +++ b/arch/i386/kernel/hpet.c
297 @@ -226,7 +226,8 @@ int __init hpet_enable(void)
298 {
299 unsigned long id;
300 uint64_t hpet_freq;
301 - u64 tmp;
302 + u64 tmp, start, now;
303 + cycle_t t1;
305 if (!is_hpet_capable())
306 return 0;
307 @@ -273,6 +274,27 @@ int __init hpet_enable(void)
308 /* Start the counter */
309 hpet_start_counter();
311 + /* Verify whether hpet counter works */
312 + t1 = read_hpet();
313 + rdtscll(start);
314 +
315 + /*
316 + * We don't know the TSC frequency yet, but waiting for
317 + * 200000 TSC cycles is safe:
318 + * 4 GHz == 50us
319 + * 1 GHz == 200us
320 + */
321 + do {
322 + rep_nop();
323 + rdtscll(now);
324 + } while ((now - start) < 200000UL);
325 +
326 + if (t1 == read_hpet()) {
327 + printk(KERN_WARNING
328 + "HPET counter not counting. HPET disabled\n");
329 + goto out_nohpet;
330 + }
331 +
332 /* Initialize and register HPET clocksource
333 *
334 * hpet period is in femto seconds per cycle
335 diff --git a/arch/i386/kernel/io_apic.c b/arch/i386/kernel/io_apic.c
336 index 7f8b7af..97ba305 100644
337 --- a/arch/i386/kernel/io_apic.c
338 +++ b/arch/i386/kernel/io_apic.c
339 @@ -1275,12 +1275,15 @@ static struct irq_chip ioapic_chip;
340 static void ioapic_register_intr(int irq, int vector, unsigned long trigger)
341 {
342 if ((trigger == IOAPIC_AUTO && IO_APIC_irq_trigger(irq)) ||
343 - trigger == IOAPIC_LEVEL)
344 + trigger == IOAPIC_LEVEL) {
345 + irq_desc[irq].status |= IRQ_LEVEL;
346 set_irq_chip_and_handler_name(irq, &ioapic_chip,
347 handle_fasteoi_irq, "fasteoi");
348 - else
349 + } else {
350 + irq_desc[irq].status &= ~IRQ_LEVEL;
351 set_irq_chip_and_handler_name(irq, &ioapic_chip,
352 handle_edge_irq, "edge");
353 + }
354 set_intr_gate(vector, interrupt[irq]);
355 }
357 diff --git a/arch/i386/kernel/legacy_serial.c b/arch/i386/kernel/legacy_serial.c
358 deleted file mode 100644
359 index 2151011..0000000
360 --- a/arch/i386/kernel/legacy_serial.c
361 +++ /dev/null
362 @@ -1,67 +0,0 @@
363 -/*
364 - * Legacy COM port devices for x86 platforms without PNPBIOS or ACPI.
365 - * Data taken from include/asm-i386/serial.h.
366 - *
367 - * (c) Copyright 2007 Hewlett-Packard Development Company, L.P.
368 - * Bjorn Helgaas <bjorn.helgaas@hp.com>
369 - *
370 - * This program is free software; you can redistribute it and/or modify
371 - * it under the terms of the GNU General Public License version 2 as
372 - * published by the Free Software Foundation.
373 - */
374 -#include <linux/module.h>
375 -#include <linux/init.h>
376 -#include <linux/pnp.h>
377 -#include <linux/serial_8250.h>
378 -
379 -/* Standard COM flags (except for COM4, because of the 8514 problem) */
380 -#ifdef CONFIG_SERIAL_DETECT_IRQ
381 -#define COM_FLAGS (UPF_BOOT_AUTOCONF | UPF_SKIP_TEST | UPF_AUTO_IRQ)
382 -#define COM4_FLAGS (UPF_BOOT_AUTOCONF | UPF_AUTO_IRQ)
383 -#else
384 -#define COM_FLAGS (UPF_BOOT_AUTOCONF | UPF_SKIP_TEST)
385 -#define COM4_FLAGS UPF_BOOT_AUTOCONF
386 -#endif
387 -
388 -#define PORT(_base,_irq,_flags) \
389 - { \
390 - .iobase = _base, \
391 - .irq = _irq, \
392 - .uartclk = 1843200, \
393 - .iotype = UPIO_PORT, \
394 - .flags = _flags, \
395 - }
396 -
397 -static struct plat_serial8250_port x86_com_data[] = {
398 - PORT(0x3F8, 4, COM_FLAGS),
399 - PORT(0x2F8, 3, COM_FLAGS),
400 - PORT(0x3E8, 4, COM_FLAGS),
401 - PORT(0x2E8, 3, COM4_FLAGS),
402 - { },
403 -};
404 -
405 -static struct platform_device x86_com_device = {
406 - .name = "serial8250",
407 - .id = PLAT8250_DEV_PLATFORM,
408 - .dev = {
409 - .platform_data = x86_com_data,
410 - },
411 -};
412 -
413 -static int force_legacy_probe;
414 -module_param_named(force, force_legacy_probe, bool, 0);
415 -MODULE_PARM_DESC(force, "Force legacy serial port probe");
416 -
417 -static int __init serial8250_x86_com_init(void)
418 -{
419 - if (pnp_platform_devices && !force_legacy_probe)
420 - return -ENODEV;
421 -
422 - return platform_device_register(&x86_com_device);
423 -}
424 -
425 -module_init(serial8250_x86_com_init);
426 -
427 -MODULE_AUTHOR("Bjorn Helgaas");
428 -MODULE_LICENSE("GPL");
429 -MODULE_DESCRIPTION("Generic 8250/16x50 legacy probe module");
430 diff --git a/arch/i386/kernel/ptrace.c b/arch/i386/kernel/ptrace.c
431 index 0c0ceec..120a63b 100644
432 --- a/arch/i386/kernel/ptrace.c
433 +++ b/arch/i386/kernel/ptrace.c
434 @@ -164,14 +164,22 @@ static unsigned long convert_eip_to_linear(struct task_struct *child, struct pt_
435 u32 *desc;
436 unsigned long base;
438 - down(&child->mm->context.sem);
439 - desc = child->mm->context.ldt + (seg & ~7);
440 - base = (desc[0] >> 16) | ((desc[1] & 0xff) << 16) | (desc[1] & 0xff000000);
441 + seg &= ~7UL;
443 - /* 16-bit code segment? */
444 - if (!((desc[1] >> 22) & 1))
445 - addr &= 0xffff;
446 - addr += base;
447 + down(&child->mm->context.sem);
448 + if (unlikely((seg >> 3) >= child->mm->context.size))
449 + addr = -1L; /* bogus selector, access would fault */
450 + else {
451 + desc = child->mm->context.ldt + seg;
452 + base = ((desc[0] >> 16) |
453 + ((desc[1] & 0xff) << 16) |
454 + (desc[1] & 0xff000000));
455 +
456 + /* 16-bit code segment? */
457 + if (!((desc[1] >> 22) & 1))
458 + addr &= 0xffff;
459 + addr += base;
460 + }
461 up(&child->mm->context.sem);
462 }
463 return addr;
464 diff --git a/arch/i386/kernel/sysenter.c b/arch/i386/kernel/sysenter.c
465 index ff4ee6f..6deb159 100644
466 --- a/arch/i386/kernel/sysenter.c
467 +++ b/arch/i386/kernel/sysenter.c
468 @@ -336,7 +336,9 @@ struct vm_area_struct *get_gate_vma(struct task_struct *tsk)
470 int in_gate_area(struct task_struct *task, unsigned long addr)
471 {
472 - return 0;
473 + const struct vm_area_struct *vma = get_gate_vma(task);
474 +
475 + return vma && addr >= vma->vm_start && addr < vma->vm_end;
476 }
478 int in_gate_area_no_task(unsigned long addr)
479 diff --git a/arch/i386/kernel/traps.c b/arch/i386/kernel/traps.c
480 index 90da057..4995b92 100644
481 --- a/arch/i386/kernel/traps.c
482 +++ b/arch/i386/kernel/traps.c
483 @@ -517,10 +517,12 @@ fastcall void do_##name(struct pt_regs * regs, long error_code) \
484 do_trap(trapnr, signr, str, 0, regs, error_code, NULL); \
485 }
487 -#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr) \
488 +#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr, irq) \
489 fastcall void do_##name(struct pt_regs * regs, long error_code) \
490 { \
491 siginfo_t info; \
492 + if (irq) \
493 + local_irq_enable(); \
494 info.si_signo = signr; \
495 info.si_errno = 0; \
496 info.si_code = sicode; \
497 @@ -560,13 +562,13 @@ DO_VM86_ERROR( 3, SIGTRAP, "int3", int3)
498 #endif
499 DO_VM86_ERROR( 4, SIGSEGV, "overflow", overflow)
500 DO_VM86_ERROR( 5, SIGSEGV, "bounds", bounds)
501 -DO_ERROR_INFO( 6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->eip)
502 +DO_ERROR_INFO( 6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->eip, 0)
503 DO_ERROR( 9, SIGFPE, "coprocessor segment overrun", coprocessor_segment_overrun)
504 DO_ERROR(10, SIGSEGV, "invalid TSS", invalid_TSS)
505 DO_ERROR(11, SIGBUS, "segment not present", segment_not_present)
506 DO_ERROR(12, SIGBUS, "stack segment", stack_segment)
507 -DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0)
508 -DO_ERROR_INFO(32, SIGSEGV, "iret exception", iret_error, ILL_BADSTK, 0)
509 +DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0, 0)
510 +DO_ERROR_INFO(32, SIGSEGV, "iret exception", iret_error, ILL_BADSTK, 0, 1)
512 fastcall void __kprobes do_general_protection(struct pt_regs * regs,
513 long error_code)
514 diff --git a/arch/i386/kernel/tsc.c b/arch/i386/kernel/tsc.c
515 index f64b81f..8e02ed6 100644
516 --- a/arch/i386/kernel/tsc.c
517 +++ b/arch/i386/kernel/tsc.c
518 @@ -122,7 +122,7 @@ unsigned long native_calculate_cpu_khz(void)
519 {
520 unsigned long long start, end;
521 unsigned long count;
522 - u64 delta64;
523 + u64 delta64 = (u64)ULLONG_MAX;
524 int i;
525 unsigned long flags;
527 @@ -134,6 +134,7 @@ unsigned long native_calculate_cpu_khz(void)
528 rdtscll(start);
529 mach_countup(&count);
530 rdtscll(end);
531 + delta64 = min(delta64, (end - start));
532 }
533 /*
534 * Error: ECTCNEVERSET
535 @@ -144,8 +145,6 @@ unsigned long native_calculate_cpu_khz(void)
536 if (count <= 1)
537 goto err;
539 - delta64 = end - start;
540 -
541 /* cpu freq too fast: */
542 if (delta64 > (1ULL<<32))
543 goto err;
544 diff --git a/arch/i386/mm/fault.c b/arch/i386/mm/fault.c
545 index 1ecb3e4..27ba2fd 100644
546 --- a/arch/i386/mm/fault.c
547 +++ b/arch/i386/mm/fault.c
548 @@ -249,9 +249,10 @@ static inline pmd_t *vmalloc_sync_one(pgd_t *pgd, unsigned long address)
549 pmd_k = pmd_offset(pud_k, address);
550 if (!pmd_present(*pmd_k))
551 return NULL;
552 - if (!pmd_present(*pmd))
553 + if (!pmd_present(*pmd)) {
554 set_pmd(pmd, *pmd_k);
555 - else
556 + arch_flush_lazy_mmu_mode();
557 + } else
558 BUG_ON(pmd_page(*pmd) != pmd_page(*pmd_k));
559 return pmd_k;
560 }
561 diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
562 index 6e2f035..87c474d 100644
563 --- a/arch/powerpc/kernel/process.c
564 +++ b/arch/powerpc/kernel/process.c
565 @@ -83,7 +83,7 @@ void flush_fp_to_thread(struct task_struct *tsk)
566 */
567 BUG_ON(tsk != current);
568 #endif
569 - giveup_fpu(current);
570 + giveup_fpu(tsk);
571 }
572 preempt_enable();
573 }
574 @@ -143,7 +143,7 @@ void flush_altivec_to_thread(struct task_struct *tsk)
575 #ifdef CONFIG_SMP
576 BUG_ON(tsk != current);
577 #endif
578 - giveup_altivec(current);
579 + giveup_altivec(tsk);
580 }
581 preempt_enable();
582 }
583 @@ -182,7 +182,7 @@ void flush_spe_to_thread(struct task_struct *tsk)
584 #ifdef CONFIG_SMP
585 BUG_ON(tsk != current);
586 #endif
587 - giveup_spe(current);
588 + giveup_spe(tsk);
589 }
590 preempt_enable();
591 }
592 diff --git a/arch/powerpc/kernel/prom_parse.c b/arch/powerpc/kernel/prom_parse.c
593 index 3786dcc..b5c96af 100644
594 --- a/arch/powerpc/kernel/prom_parse.c
595 +++ b/arch/powerpc/kernel/prom_parse.c
596 @@ -24,7 +24,7 @@
597 /* Max address size we deal with */
598 #define OF_MAX_ADDR_CELLS 4
599 #define OF_CHECK_COUNTS(na, ns) ((na) > 0 && (na) <= OF_MAX_ADDR_CELLS && \
600 - (ns) >= 0)
601 + (ns) > 0)
603 static struct of_bus *of_match_bus(struct device_node *np);
604 static int __of_address_to_resource(struct device_node *dev,
605 diff --git a/arch/powerpc/math-emu/math.c b/arch/powerpc/math-emu/math.c
606 index 69058b2..381306b 100644
607 --- a/arch/powerpc/math-emu/math.c
608 +++ b/arch/powerpc/math-emu/math.c
609 @@ -407,11 +407,16 @@ do_mathemu(struct pt_regs *regs)
611 case XE:
612 idx = (insn >> 16) & 0x1f;
613 - if (!idx)
614 - goto illegal;
615 -
616 op0 = (void *)¤t->thread.fpr[(insn >> 21) & 0x1f];
617 - op1 = (void *)(regs->gpr[idx] + regs->gpr[(insn >> 11) & 0x1f]);
618 + if (!idx) {
619 + if (((insn >> 1) & 0x3ff) == STFIWX)
620 + op1 = (void *)(regs->gpr[(insn >> 11) & 0x1f]);
621 + else
622 + goto illegal;
623 + } else {
624 + op1 = (void *)(regs->gpr[idx] + regs->gpr[(insn >> 11) & 0x1f]);
625 + }
626 +
627 break;
629 case XEU:
630 diff --git a/arch/powerpc/mm/hash_utils_64.c b/arch/powerpc/mm/hash_utils_64.c
631 index 4f2f453..c84b7cc 100644
632 --- a/arch/powerpc/mm/hash_utils_64.c
633 +++ b/arch/powerpc/mm/hash_utils_64.c
634 @@ -795,7 +795,7 @@ void hash_preload(struct mm_struct *mm, unsigned long ea,
636 #ifdef CONFIG_PPC_MM_SLICES
637 /* We only prefault standard pages for now */
638 - if (unlikely(get_slice_psize(mm, ea) != mm->context.user_psize));
639 + if (unlikely(get_slice_psize(mm, ea) != mm->context.user_psize))
640 return;
641 #endif
643 diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c
644 index f833dba..d5fd390 100644
645 --- a/arch/powerpc/mm/slice.c
646 +++ b/arch/powerpc/mm/slice.c
647 @@ -405,6 +405,8 @@ unsigned long slice_get_unmapped_area(unsigned long addr, unsigned long len,
649 if (len > mm->task_size)
650 return -ENOMEM;
651 + if (len & ((1ul << pshift) - 1))
652 + return -EINVAL;
653 if (fixed && (addr & ((1ul << pshift) - 1)))
654 return -EINVAL;
655 if (fixed && addr > (mm->task_size - len))
656 diff --git a/arch/powerpc/platforms/83xx/mpc832x_mds.c b/arch/powerpc/platforms/83xx/mpc832x_mds.c
657 index 94843ed..fff09f5 100644
658 --- a/arch/powerpc/platforms/83xx/mpc832x_mds.c
659 +++ b/arch/powerpc/platforms/83xx/mpc832x_mds.c
660 @@ -111,7 +111,6 @@ static struct of_device_id mpc832x_ids[] = {
661 { .type = "soc", },
662 { .compatible = "soc", },
663 { .type = "qe", },
664 - { .type = "mdio", },
665 {},
666 };
668 diff --git a/arch/powerpc/platforms/83xx/mpc832x_rdb.c b/arch/powerpc/platforms/83xx/mpc832x_rdb.c
669 index 3db68b7..44a7661 100644
670 --- a/arch/powerpc/platforms/83xx/mpc832x_rdb.c
671 +++ b/arch/powerpc/platforms/83xx/mpc832x_rdb.c
672 @@ -75,7 +75,6 @@ static struct of_device_id mpc832x_ids[] = {
673 { .type = "soc", },
674 { .compatible = "soc", },
675 { .type = "qe", },
676 - { .type = "mdio", },
677 {},
678 };
680 diff --git a/arch/powerpc/platforms/83xx/mpc836x_mds.c b/arch/powerpc/platforms/83xx/mpc836x_mds.c
681 index bceeff8..526ed09 100644
682 --- a/arch/powerpc/platforms/83xx/mpc836x_mds.c
683 +++ b/arch/powerpc/platforms/83xx/mpc836x_mds.c
684 @@ -118,7 +118,6 @@ static struct of_device_id mpc836x_ids[] = {
685 { .type = "soc", },
686 { .compatible = "soc", },
687 { .type = "qe", },
688 - { .type = "mdio", },
689 {},
690 };
692 diff --git a/arch/powerpc/platforms/85xx/mpc85xx_mds.c b/arch/powerpc/platforms/85xx/mpc85xx_mds.c
693 index e3dddbf..54db416 100644
694 --- a/arch/powerpc/platforms/85xx/mpc85xx_mds.c
695 +++ b/arch/powerpc/platforms/85xx/mpc85xx_mds.c
696 @@ -147,7 +147,6 @@ static struct of_device_id mpc85xx_ids[] = {
697 { .type = "soc", },
698 { .compatible = "soc", },
699 { .type = "qe", },
700 - { .type = "mdio", },
701 {},
702 };
704 diff --git a/arch/sparc/kernel/entry.S b/arch/sparc/kernel/entry.S
705 index 831f540..eac3838 100644
706 --- a/arch/sparc/kernel/entry.S
707 +++ b/arch/sparc/kernel/entry.S
708 @@ -1749,8 +1749,8 @@ fpload:
709 __ndelay:
710 save %sp, -STACKFRAME_SZ, %sp
711 mov %i0, %o0
712 - call .umul
713 - mov 0x1ad, %o1 ! 2**32 / (1 000 000 000 / HZ)
714 + call .umul ! round multiplier up so large ns ok
715 + mov 0x1ae, %o1 ! 2**32 / (1 000 000 000 / HZ)
716 call .umul
717 mov %i1, %o1 ! udelay_val
718 ba delay_continue
719 @@ -1760,11 +1760,17 @@ __ndelay:
720 __udelay:
721 save %sp, -STACKFRAME_SZ, %sp
722 mov %i0, %o0
723 - sethi %hi(0x10c6), %o1
724 + sethi %hi(0x10c7), %o1 ! round multiplier up so large us ok
725 call .umul
726 - or %o1, %lo(0x10c6), %o1 ! 2**32 / 1 000 000
727 + or %o1, %lo(0x10c7), %o1 ! 2**32 / 1 000 000
728 call .umul
729 mov %i1, %o1 ! udelay_val
730 + sethi %hi(0x028f4b62), %l0 ! Add in rounding constant * 2**32,
731 + or %g0, %lo(0x028f4b62), %l0
732 + addcc %o0, %l0, %o0 ! 2**32 * 0.009 999
733 + bcs,a 3f
734 + add %o1, 0x01, %o1
735 +3:
736 call .umul
737 mov HZ, %o0 ! >>32 earlier for wider range
739 diff --git a/arch/sparc/lib/memset.S b/arch/sparc/lib/memset.S
740 index a65eba4..1c37ea8 100644
741 --- a/arch/sparc/lib/memset.S
742 +++ b/arch/sparc/lib/memset.S
743 @@ -162,7 +162,7 @@ __bzero:
744 8:
745 add %o0, 1, %o0
746 subcc %o1, 1, %o1
747 - bne,a 8b
748 + bne 8b
749 EX(stb %g3, [%o0 - 1], add %o1, 1)
750 0:
751 retl
752 diff --git a/arch/sparc64/kernel/chmc.c b/arch/sparc64/kernel/chmc.c
753 index 777d345..6d4f02e 100644
754 --- a/arch/sparc64/kernel/chmc.c
755 +++ b/arch/sparc64/kernel/chmc.c
756 @@ -1,7 +1,6 @@
757 -/* $Id: chmc.c,v 1.4 2002/01/08 16:00:14 davem Exp $
758 - * memctrlr.c: Driver for UltraSPARC-III memory controller.
759 +/* memctrlr.c: Driver for UltraSPARC-III memory controller.
760 *
761 - * Copyright (C) 2001 David S. Miller (davem@redhat.com)
762 + * Copyright (C) 2001, 2007 David S. Miller (davem@davemloft.net)
763 */
765 #include <linux/module.h>
766 @@ -16,6 +15,7 @@
767 #include <linux/init.h>
768 #include <asm/spitfire.h>
769 #include <asm/chmctrl.h>
770 +#include <asm/cpudata.h>
771 #include <asm/oplib.h>
772 #include <asm/prom.h>
773 #include <asm/io.h>
774 @@ -242,8 +242,11 @@ int chmc_getunumber(int syndrome_code,
775 */
776 static u64 read_mcreg(struct mctrl_info *mp, unsigned long offset)
777 {
778 - unsigned long ret;
779 - int this_cpu = get_cpu();
780 + unsigned long ret, this_cpu;
781 +
782 + preempt_disable();
783 +
784 + this_cpu = real_hard_smp_processor_id();
786 if (mp->portid == this_cpu) {
787 __asm__ __volatile__("ldxa [%1] %2, %0"
788 @@ -255,7 +258,8 @@ static u64 read_mcreg(struct mctrl_info *mp, unsigned long offset)
789 : "r" (mp->regs + offset),
790 "i" (ASI_PHYS_BYPASS_EC_E));
791 }
792 - put_cpu();
793 +
794 + preempt_enable();
796 return ret;
797 }
798 diff --git a/arch/sparc64/kernel/entry.S b/arch/sparc64/kernel/entry.S
799 index 8059531..193791c 100644
800 --- a/arch/sparc64/kernel/entry.S
801 +++ b/arch/sparc64/kernel/entry.S
802 @@ -2593,3 +2593,15 @@ sun4v_mmustat_info:
803 retl
804 nop
805 .size sun4v_mmustat_info, .-sun4v_mmustat_info
806 +
807 + .globl sun4v_mmu_demap_all
808 + .type sun4v_mmu_demap_all,#function
809 +sun4v_mmu_demap_all:
810 + clr %o0
811 + clr %o1
812 + mov HV_MMU_ALL, %o2
813 + mov HV_FAST_MMU_DEMAP_ALL, %o5
814 + ta HV_FAST_TRAP
815 + retl
816 + nop
817 + .size sun4v_mmu_demap_all, .-sun4v_mmu_demap_all
818 diff --git a/arch/sparc64/kernel/head.S b/arch/sparc64/kernel/head.S
819 index 7725952..35feacb 100644
820 --- a/arch/sparc64/kernel/head.S
821 +++ b/arch/sparc64/kernel/head.S
822 @@ -458,7 +458,6 @@ tlb_fixup_done:
823 or %g6, %lo(init_thread_union), %g6
824 ldx [%g6 + TI_TASK], %g4
825 mov %sp, %l6
826 - mov %o4, %l7
828 wr %g0, ASI_P, %asi
829 mov 1, %g1
830 diff --git a/arch/sparc64/kernel/pci.c b/arch/sparc64/kernel/pci.c
831 index 81f4a5e..154f10e 100644
832 --- a/arch/sparc64/kernel/pci.c
833 +++ b/arch/sparc64/kernel/pci.c
834 @@ -422,10 +422,15 @@ struct pci_dev *of_create_pci_dev(struct pci_pbm_info *pbm,
835 dev->multifunction = 0; /* maybe a lie? */
837 if (host_controller) {
838 - dev->vendor = 0x108e;
839 - dev->device = 0x8000;
840 - dev->subsystem_vendor = 0x0000;
841 - dev->subsystem_device = 0x0000;
842 + if (tlb_type != hypervisor) {
843 + pci_read_config_word(dev, PCI_VENDOR_ID,
844 + &dev->vendor);
845 + pci_read_config_word(dev, PCI_DEVICE_ID,
846 + &dev->device);
847 + } else {
848 + dev->vendor = PCI_VENDOR_ID_SUN;
849 + dev->device = 0x80f0;
850 + }
851 dev->cfg_size = 256;
852 dev->class = PCI_CLASS_BRIDGE_HOST << 8;
853 sprintf(pci_name(dev), "%04x:%02x:%02x.%d", pci_domain_nr(bus),
854 @@ -746,7 +751,7 @@ static void __devinit pci_of_scan_bus(struct pci_pbm_info *pbm,
855 {
856 struct device_node *child;
857 const u32 *reg;
858 - int reglen, devfn;
859 + int reglen, devfn, prev_devfn;
860 struct pci_dev *dev;
862 if (ofpci_verbose)
863 @@ -754,14 +759,25 @@ static void __devinit pci_of_scan_bus(struct pci_pbm_info *pbm,
864 node->full_name, bus->number);
866 child = NULL;
867 + prev_devfn = -1;
868 while ((child = of_get_next_child(node, child)) != NULL) {
869 if (ofpci_verbose)
870 printk(" * %s\n", child->full_name);
871 reg = of_get_property(child, "reg", ®len);
872 if (reg == NULL || reglen < 20)
873 continue;
874 +
875 devfn = (reg[0] >> 8) & 0xff;
877 + /* This is a workaround for some device trees
878 + * which list PCI devices twice. On the V100
879 + * for example, device number 3 is listed twice.
880 + * Once as "pm" and once again as "lomp".
881 + */
882 + if (devfn == prev_devfn)
883 + continue;
884 + prev_devfn = devfn;
885 +
886 /* create a new pci_dev for this device */
887 dev = of_create_pci_dev(pbm, child, bus, devfn, 0);
888 if (!dev)
889 @@ -817,7 +833,7 @@ int pci_host_bridge_read_pci_cfg(struct pci_bus *bus_dev,
890 {
891 static u8 fake_pci_config[] = {
892 0x8e, 0x10, /* Vendor: 0x108e (Sun) */
893 - 0x00, 0x80, /* Device: 0x8000 (PBM) */
894 + 0xf0, 0x80, /* Device: 0x80f0 (Fire) */
895 0x46, 0x01, /* Command: 0x0146 (SERR, PARITY, MASTER, MEM) */
896 0xa0, 0x22, /* Status: 0x02a0 (DEVSEL_MED, FB2B, 66MHZ) */
897 0x00, 0x00, 0x00, 0x06, /* Class: 0x06000000 host bridge */
898 diff --git a/arch/sparc64/kernel/pci_common.c b/arch/sparc64/kernel/pci_common.c
899 index 4249214..2f61c4b 100644
900 --- a/arch/sparc64/kernel/pci_common.c
901 +++ b/arch/sparc64/kernel/pci_common.c
902 @@ -44,6 +44,67 @@ static void *sun4u_config_mkaddr(struct pci_pbm_info *pbm,
903 return (void *) (pbm->config_space | bus | devfn | reg);
904 }
906 +/* At least on Sabre, it is necessary to access all PCI host controller
907 + * registers at their natural size, otherwise zeros are returned.
908 + * Strange but true, and I see no language in the UltraSPARC-IIi
909 + * programmer's manual that mentions this even indirectly.
910 + */
911 +static int sun4u_read_pci_cfg_host(struct pci_pbm_info *pbm,
912 + unsigned char bus, unsigned int devfn,
913 + int where, int size, u32 *value)
914 +{
915 + u32 tmp32, *addr;
916 + u16 tmp16;
917 + u8 tmp8;
918 +
919 + addr = sun4u_config_mkaddr(pbm, bus, devfn, where);
920 + if (!addr)
921 + return PCIBIOS_SUCCESSFUL;
922 +
923 + switch (size) {
924 + case 1:
925 + if (where < 8) {
926 + unsigned long align = (unsigned long) addr;
927 +
928 + align &= ~1;
929 + pci_config_read16((u16 *)align, &tmp16);
930 + if (where & 1)
931 + *value = tmp16 >> 8;
932 + else
933 + *value = tmp16 & 0xff;
934 + } else {
935 + pci_config_read8((u8 *)addr, &tmp8);
936 + *value = (u32) tmp8;
937 + }
938 + break;
939 +
940 + case 2:
941 + if (where < 8) {
942 + pci_config_read16((u16 *)addr, &tmp16);
943 + *value = (u32) tmp16;
944 + } else {
945 + pci_config_read8((u8 *)addr, &tmp8);
946 + *value = (u32) tmp8;
947 + pci_config_read8(((u8 *)addr) + 1, &tmp8);
948 + *value |= ((u32) tmp8) << 8;
949 + }
950 + break;
951 +
952 + case 4:
953 + tmp32 = 0xffffffff;
954 + sun4u_read_pci_cfg_host(pbm, bus, devfn,
955 + where, 2, &tmp32);
956 + *value = tmp32;
957 +
958 + tmp32 = 0xffffffff;
959 + sun4u_read_pci_cfg_host(pbm, bus, devfn,
960 + where + 2, 2, &tmp32);
961 + *value |= tmp32 << 16;
962 + break;
963 + }
964 + return PCIBIOS_SUCCESSFUL;
965 +}
966 +
967 static int sun4u_read_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
968 int where, int size, u32 *value)
969 {
970 @@ -53,10 +114,6 @@ static int sun4u_read_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
971 u16 tmp16;
972 u8 tmp8;
974 - if (bus_dev == pbm->pci_bus && devfn == 0x00)
975 - return pci_host_bridge_read_pci_cfg(bus_dev, devfn, where,
976 - size, value);
977 -
978 switch (size) {
979 case 1:
980 *value = 0xff;
981 @@ -69,6 +126,10 @@ static int sun4u_read_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
982 break;
983 }
985 + if (!bus_dev->number && !PCI_SLOT(devfn))
986 + return sun4u_read_pci_cfg_host(pbm, bus, devfn, where,
987 + size, value);
988 +
989 addr = sun4u_config_mkaddr(pbm, bus, devfn, where);
990 if (!addr)
991 return PCIBIOS_SUCCESSFUL;
992 @@ -101,6 +162,53 @@ static int sun4u_read_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
993 return PCIBIOS_SUCCESSFUL;
994 }
996 +static int sun4u_write_pci_cfg_host(struct pci_pbm_info *pbm,
997 + unsigned char bus, unsigned int devfn,
998 + int where, int size, u32 value)
999 +{
1000 + u32 *addr;
1001 +
1002 + addr = sun4u_config_mkaddr(pbm, bus, devfn, where);
1003 + if (!addr)
1004 + return PCIBIOS_SUCCESSFUL;
1005 +
1006 + switch (size) {
1007 + case 1:
1008 + if (where < 8) {
1009 + unsigned long align = (unsigned long) addr;
1010 + u16 tmp16;
1011 +
1012 + align &= ~1;
1013 + pci_config_read16((u16 *)align, &tmp16);
1014 + if (where & 1) {
1015 + tmp16 &= 0x00ff;
1016 + tmp16 |= value << 8;
1017 + } else {
1018 + tmp16 &= 0xff00;
1019 + tmp16 |= value;
1020 + }
1021 + pci_config_write16((u16 *)align, tmp16);
1022 + } else
1023 + pci_config_write8((u8 *)addr, value);
1024 + break;
1025 + case 2:
1026 + if (where < 8) {
1027 + pci_config_write16((u16 *)addr, value);
1028 + } else {
1029 + pci_config_write8((u8 *)addr, value & 0xff);
1030 + pci_config_write8(((u8 *)addr) + 1, value >> 8);
1031 + }
1032 + break;
1033 + case 4:
1034 + sun4u_write_pci_cfg_host(pbm, bus, devfn,
1035 + where, 2, value & 0xffff);
1036 + sun4u_write_pci_cfg_host(pbm, bus, devfn,
1037 + where + 2, 2, value >> 16);
1038 + break;
1039 + }
1040 + return PCIBIOS_SUCCESSFUL;
1041 +}
1042 +
1043 static int sun4u_write_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
1044 int where, int size, u32 value)
1045 {
1046 @@ -108,9 +216,10 @@ static int sun4u_write_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
1047 unsigned char bus = bus_dev->number;
1048 u32 *addr;
1050 - if (bus_dev == pbm->pci_bus && devfn == 0x00)
1051 - return pci_host_bridge_write_pci_cfg(bus_dev, devfn, where,
1052 - size, value);
1053 + if (!bus_dev->number && !PCI_SLOT(devfn))
1054 + return sun4u_write_pci_cfg_host(pbm, bus, devfn, where,
1055 + size, value);
1056 +
1057 addr = sun4u_config_mkaddr(pbm, bus, devfn, where);
1058 if (!addr)
1059 return PCIBIOS_SUCCESSFUL;
1060 diff --git a/arch/sparc64/kernel/smp.c b/arch/sparc64/kernel/smp.c
1061 index 4dcd7d0..3ddd99c 100644
1062 --- a/arch/sparc64/kernel/smp.c
1063 +++ b/arch/sparc64/kernel/smp.c
1064 @@ -403,7 +403,7 @@ static __inline__ void spitfire_xcall_deliver(u64 data0, u64 data1, u64 data2, c
1065 */
1066 static void cheetah_xcall_deliver(u64 data0, u64 data1, u64 data2, cpumask_t mask)
1067 {
1068 - u64 pstate, ver;
1069 + u64 pstate, ver, busy_mask;
1070 int nack_busy_id, is_jbus, need_more;
1072 if (cpus_empty(mask))
1073 @@ -435,14 +435,20 @@ retry:
1074 "i" (ASI_INTR_W));
1076 nack_busy_id = 0;
1077 + busy_mask = 0;
1078 {
1079 int i;
1081 for_each_cpu_mask(i, mask) {
1082 u64 target = (i << 14) | 0x70;
1084 - if (!is_jbus)
1085 + if (is_jbus) {
1086 + busy_mask |= (0x1UL << (i * 2));
1087 + } else {
1088 target |= (nack_busy_id << 24);
1089 + busy_mask |= (0x1UL <<
1090 + (nack_busy_id * 2));
1091 + }
1092 __asm__ __volatile__(
1093 "stxa %%g0, [%0] %1\n\t"
1094 "membar #Sync\n\t"
1095 @@ -458,15 +464,16 @@ retry:
1097 /* Now, poll for completion. */
1098 {
1099 - u64 dispatch_stat;
1100 + u64 dispatch_stat, nack_mask;
1101 long stuck;
1103 stuck = 100000 * nack_busy_id;
1104 + nack_mask = busy_mask << 1;
1105 do {
1106 __asm__ __volatile__("ldxa [%%g0] %1, %0"
1107 : "=r" (dispatch_stat)
1108 : "i" (ASI_INTR_DISPATCH_STAT));
1109 - if (dispatch_stat == 0UL) {
1110 + if (!(dispatch_stat & (busy_mask | nack_mask))) {
1111 __asm__ __volatile__("wrpr %0, 0x0, %%pstate"
1112 : : "r" (pstate));
1113 if (unlikely(need_more)) {
1114 @@ -483,12 +490,12 @@ retry:
1115 }
1116 if (!--stuck)
1117 break;
1118 - } while (dispatch_stat & 0x5555555555555555UL);
1119 + } while (dispatch_stat & busy_mask);
1121 __asm__ __volatile__("wrpr %0, 0x0, %%pstate"
1122 : : "r" (pstate));
1124 - if ((dispatch_stat & ~(0x5555555555555555UL)) == 0) {
1125 + if (dispatch_stat & busy_mask) {
1126 /* Busy bits will not clear, continue instead
1127 * of freezing up on this cpu.
1128 */
1129 diff --git a/arch/sparc64/kernel/sys_sparc.c b/arch/sparc64/kernel/sys_sparc.c
1130 index d108eeb..0d5c502 100644
1131 --- a/arch/sparc64/kernel/sys_sparc.c
1132 +++ b/arch/sparc64/kernel/sys_sparc.c
1133 @@ -436,7 +436,7 @@ out:
1134 asmlinkage long sys_ipc(unsigned int call, int first, unsigned long second,
1135 unsigned long third, void __user *ptr, long fifth)
1136 {
1137 - int err;
1138 + long err;
1140 /* No need for backward compatibility. We can start fresh... */
1141 if (call <= SEMCTL) {
1142 @@ -453,16 +453,9 @@ asmlinkage long sys_ipc(unsigned int call, int first, unsigned long second,
1143 err = sys_semget(first, (int)second, (int)third);
1144 goto out;
1145 case SEMCTL: {
1146 - union semun fourth;
1147 - err = -EINVAL;
1148 - if (!ptr)
1149 - goto out;
1150 - err = -EFAULT;
1151 - if (get_user(fourth.__pad,
1152 - (void __user * __user *) ptr))
1153 - goto out;
1154 - err = sys_semctl(first, (int)second | IPC_64,
1155 - (int)third, fourth);
1156 + err = sys_semctl(first, third,
1157 + (int)second | IPC_64,
1158 + (union semun) ptr);
1159 goto out;
1160 }
1161 default:
1162 diff --git a/arch/sparc64/kernel/traps.c b/arch/sparc64/kernel/traps.c
1163 index 00a9e32..a05b37f 100644
1164 --- a/arch/sparc64/kernel/traps.c
1165 +++ b/arch/sparc64/kernel/traps.c
1166 @@ -2134,12 +2134,20 @@ static void user_instruction_dump (unsigned int __user *pc)
1167 void show_stack(struct task_struct *tsk, unsigned long *_ksp)
1168 {
1169 unsigned long pc, fp, thread_base, ksp;
1170 - void *tp = task_stack_page(tsk);
1171 + struct thread_info *tp;
1172 struct reg_window *rw;
1173 int count = 0;
1175 ksp = (unsigned long) _ksp;
1176 -
1177 + if (!tsk)
1178 + tsk = current;
1179 + tp = task_thread_info(tsk);
1180 + if (ksp == 0UL) {
1181 + if (tsk == current)
1182 + asm("mov %%fp, %0" : "=r" (ksp));
1183 + else
1184 + ksp = tp->ksp;
1185 + }
1186 if (tp == current_thread_info())
1187 flushw_all();
1189 @@ -2168,11 +2176,7 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp)
1191 void dump_stack(void)
1192 {
1193 - unsigned long *ksp;
1194 -
1195 - __asm__ __volatile__("mov %%fp, %0"
1196 - : "=r" (ksp));
1197 - show_stack(current, ksp);
1198 + show_stack(current, NULL);
1199 }
1201 EXPORT_SYMBOL(dump_stack);
1202 diff --git a/arch/sparc64/mm/fault.c b/arch/sparc64/mm/fault.c
1203 index b582024..e2cb991 100644
1204 --- a/arch/sparc64/mm/fault.c
1205 +++ b/arch/sparc64/mm/fault.c
1206 @@ -112,15 +112,12 @@ static void __kprobes unhandled_fault(unsigned long address,
1208 static void bad_kernel_pc(struct pt_regs *regs, unsigned long vaddr)
1209 {
1210 - unsigned long *ksp;
1211 -
1212 printk(KERN_CRIT "OOPS: Bogus kernel PC [%016lx] in fault handler\n",
1213 regs->tpc);
1214 printk(KERN_CRIT "OOPS: RPC [%016lx]\n", regs->u_regs[15]);
1215 print_symbol("RPC: <%s>\n", regs->u_regs[15]);
1216 printk(KERN_CRIT "OOPS: Fault was to vaddr[%lx]\n", vaddr);
1217 - __asm__("mov %%sp, %0" : "=r" (ksp));
1218 - show_stack(current, ksp);
1219 + dump_stack();
1220 unhandled_fault(regs->tpc, current, regs);
1221 }
1223 diff --git a/arch/sparc64/mm/init.c b/arch/sparc64/mm/init.c
1224 index 3010227..ed2484d 100644
1225 --- a/arch/sparc64/mm/init.c
1226 +++ b/arch/sparc64/mm/init.c
1227 @@ -1135,14 +1135,9 @@ static void __init mark_kpte_bitmap(unsigned long start, unsigned long end)
1228 }
1229 }
1231 -static void __init kernel_physical_mapping_init(void)
1232 +static void __init init_kpte_bitmap(void)
1233 {
1234 unsigned long i;
1235 -#ifdef CONFIG_DEBUG_PAGEALLOC
1236 - unsigned long mem_alloced = 0UL;
1237 -#endif
1238 -
1239 - read_obp_memory("reg", &pall[0], &pall_ents);
1241 for (i = 0; i < pall_ents; i++) {
1242 unsigned long phys_start, phys_end;
1243 @@ -1151,14 +1146,24 @@ static void __init kernel_physical_mapping_init(void)
1244 phys_end = phys_start + pall[i].reg_size;
1246 mark_kpte_bitmap(phys_start, phys_end);
1247 + }
1248 +}
1250 +static void __init kernel_physical_mapping_init(void)
1251 +{
1252 #ifdef CONFIG_DEBUG_PAGEALLOC
1253 + unsigned long i, mem_alloced = 0UL;
1254 +
1255 + for (i = 0; i < pall_ents; i++) {
1256 + unsigned long phys_start, phys_end;
1257 +
1258 + phys_start = pall[i].phys_addr;
1259 + phys_end = phys_start + pall[i].reg_size;
1260 +
1261 mem_alloced += kernel_map_range(phys_start, phys_end,
1262 PAGE_KERNEL);
1263 -#endif
1264 }
1266 -#ifdef CONFIG_DEBUG_PAGEALLOC
1267 printk("Allocated %ld bytes for kernel page tables.\n",
1268 mem_alloced);
1270 @@ -1400,6 +1405,10 @@ void __init paging_init(void)
1272 inherit_prom_mappings();
1274 + read_obp_memory("reg", &pall[0], &pall_ents);
1275 +
1276 + init_kpte_bitmap();
1277 +
1278 /* Ok, we can use our TLB miss and window trap handlers safely. */
1279 setup_tba();
1281 @@ -1854,7 +1863,9 @@ void __flush_tlb_all(void)
1282 "wrpr %0, %1, %%pstate"
1283 : "=r" (pstate)
1284 : "i" (PSTATE_IE));
1285 - if (tlb_type == spitfire) {
1286 + if (tlb_type == hypervisor) {
1287 + sun4v_mmu_demap_all();
1288 + } else if (tlb_type == spitfire) {
1289 for (i = 0; i < 64; i++) {
1290 /* Spitfire Errata #32 workaround */
1291 /* NOTE: Always runs on spitfire, so no
1292 diff --git a/arch/um/drivers/ubd_kern.c b/arch/um/drivers/ubd_kern.c
1293 index 2e09f16..2c491a5 100644
1294 --- a/arch/um/drivers/ubd_kern.c
1295 +++ b/arch/um/drivers/ubd_kern.c
1296 @@ -612,6 +612,8 @@ static int ubd_open_dev(struct ubd *ubd_dev)
1297 ubd_dev->fd = fd;
1299 if(ubd_dev->cow.file != NULL){
1300 + blk_queue_max_sectors(ubd_dev->queue, 8 * sizeof(long));
1301 +
1302 err = -ENOMEM;
1303 ubd_dev->cow.bitmap = (void *) vmalloc(ubd_dev->cow.bitmap_len);
1304 if(ubd_dev->cow.bitmap == NULL){
1305 diff --git a/arch/um/os-Linux/user_syms.c b/arch/um/os-Linux/user_syms.c
1306 index 3f33165..419b2d5 100644
1307 --- a/arch/um/os-Linux/user_syms.c
1308 +++ b/arch/um/os-Linux/user_syms.c
1309 @@ -5,7 +5,8 @@
1310 * so I *must* declare good prototypes for them and then EXPORT them.
1311 * The kernel code uses the macro defined by include/linux/string.h,
1312 * so I undef macros; the userspace code does not include that and I
1313 - * add an EXPORT for the glibc one.*/
1314 + * add an EXPORT for the glibc one.
1315 + */
1317 #undef strlen
1318 #undef strstr
1319 @@ -61,12 +62,18 @@ EXPORT_SYMBOL_PROTO(dup2);
1320 EXPORT_SYMBOL_PROTO(__xstat);
1321 EXPORT_SYMBOL_PROTO(__lxstat);
1322 EXPORT_SYMBOL_PROTO(__lxstat64);
1323 +EXPORT_SYMBOL_PROTO(__fxstat64);
1324 EXPORT_SYMBOL_PROTO(lseek);
1325 EXPORT_SYMBOL_PROTO(lseek64);
1326 EXPORT_SYMBOL_PROTO(chown);
1327 +EXPORT_SYMBOL_PROTO(fchown);
1328 EXPORT_SYMBOL_PROTO(truncate);
1329 +EXPORT_SYMBOL_PROTO(ftruncate64);
1330 EXPORT_SYMBOL_PROTO(utime);
1331 +EXPORT_SYMBOL_PROTO(utimes);
1332 +EXPORT_SYMBOL_PROTO(futimes);
1333 EXPORT_SYMBOL_PROTO(chmod);
1334 +EXPORT_SYMBOL_PROTO(fchmod);
1335 EXPORT_SYMBOL_PROTO(rename);
1336 EXPORT_SYMBOL_PROTO(__xmknod);
1338 @@ -102,14 +109,3 @@ EXPORT_SYMBOL(__stack_smash_handler);
1340 extern long __guard __attribute__((weak));
1341 EXPORT_SYMBOL(__guard);
1342 -
1343 -/*
1344 - * Overrides for Emacs so that we follow Linus's tabbing style.
1345 - * Emacs will notice this stuff at the end of the file and automatically
1346 - * adjust the settings for this buffer only. This must remain at the end
1347 - * of the file.
1348 - * ---------------------------------------------------------------------------
1349 - * Local variables:
1350 - * c-file-style: "linux"
1351 - * End:
1352 - */
1353 diff --git a/arch/x86_64/Makefile b/arch/x86_64/Makefile
1354 index 29617ae..fdab077 100644
1355 --- a/arch/x86_64/Makefile
1356 +++ b/arch/x86_64/Makefile
1357 @@ -57,8 +57,8 @@ cflags-y += $(call cc-option,-mno-sse -mno-mmx -mno-sse2 -mno-3dnow,)
1358 cflags-y += -maccumulate-outgoing-args
1360 # do binutils support CFI?
1361 -cflags-y += $(call as-instr,.cfi_startproc\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
1362 -AFLAGS += $(call as-instr,.cfi_startproc\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
1363 +cflags-y += $(call as-instr,.cfi_startproc\n.cfi_rel_offset rsp${comma}0\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
1364 +AFLAGS += $(call as-instr,.cfi_startproc\n.cfi_rel_offset rsp${comma}0\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
1366 # is .cfi_signal_frame supported too?
1367 cflags-y += $(call as-instr,.cfi_startproc\n.cfi_signal_frame\n.cfi_endproc,-DCONFIG_AS_CFI_SIGNAL_FRAME=1,)
1368 diff --git a/arch/x86_64/ia32/ia32entry.S b/arch/x86_64/ia32/ia32entry.S
1369 index 47565c3..0bc623a 100644
1370 --- a/arch/x86_64/ia32/ia32entry.S
1371 +++ b/arch/x86_64/ia32/ia32entry.S
1372 @@ -38,6 +38,18 @@
1373 movq %rax,R8(%rsp)
1374 .endm
1376 + .macro LOAD_ARGS32 offset
1377 + movl \offset(%rsp),%r11d
1378 + movl \offset+8(%rsp),%r10d
1379 + movl \offset+16(%rsp),%r9d
1380 + movl \offset+24(%rsp),%r8d
1381 + movl \offset+40(%rsp),%ecx
1382 + movl \offset+48(%rsp),%edx
1383 + movl \offset+56(%rsp),%esi
1384 + movl \offset+64(%rsp),%edi
1385 + movl \offset+72(%rsp),%eax
1386 + .endm
1387 +
1388 .macro CFI_STARTPROC32 simple
1389 CFI_STARTPROC \simple
1390 CFI_UNDEFINED r8
1391 @@ -152,7 +164,7 @@ sysenter_tracesys:
1392 movq $-ENOSYS,RAX(%rsp) /* really needed? */
1393 movq %rsp,%rdi /* &pt_regs -> arg1 */
1394 call syscall_trace_enter
1395 - LOAD_ARGS ARGOFFSET /* reload args from stack in case ptrace changed it */
1396 + LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
1397 RESTORE_REST
1398 movl %ebp, %ebp
1399 /* no need to do an access_ok check here because rbp has been
1400 @@ -255,7 +267,7 @@ cstar_tracesys:
1401 movq $-ENOSYS,RAX(%rsp) /* really needed? */
1402 movq %rsp,%rdi /* &pt_regs -> arg1 */
1403 call syscall_trace_enter
1404 - LOAD_ARGS ARGOFFSET /* reload args from stack in case ptrace changed it */
1405 + LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
1406 RESTORE_REST
1407 movl RSP-ARGOFFSET(%rsp), %r8d
1408 /* no need to do an access_ok check here because r8 has been
1409 @@ -333,7 +345,7 @@ ia32_tracesys:
1410 movq $-ENOSYS,RAX(%rsp) /* really needed? */
1411 movq %rsp,%rdi /* &pt_regs -> arg1 */
1412 call syscall_trace_enter
1413 - LOAD_ARGS ARGOFFSET /* reload args from stack in case ptrace changed it */
1414 + LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
1415 RESTORE_REST
1416 jmp ia32_do_syscall
1417 END(ia32_syscall)
1418 diff --git a/arch/x86_64/kernel/Makefile b/arch/x86_64/kernel/Makefile
1419 index de1de8a..4d94c51 100644
1420 --- a/arch/x86_64/kernel/Makefile
1421 +++ b/arch/x86_64/kernel/Makefile
1422 @@ -32,7 +32,6 @@ obj-$(CONFIG_EARLY_PRINTK) += early_printk.o
1423 obj-$(CONFIG_IOMMU) += pci-gart.o aperture.o
1424 obj-$(CONFIG_CALGARY_IOMMU) += pci-calgary.o tce.o
1425 obj-$(CONFIG_SWIOTLB) += pci-swiotlb.o
1426 -obj-$(CONFIG_SERIAL_8250) += legacy_serial.o
1427 obj-$(CONFIG_KPROBES) += kprobes.o
1428 obj-$(CONFIG_X86_PM_TIMER) += pmtimer.o
1429 obj-$(CONFIG_X86_VSMP) += vsmp.o
1430 @@ -50,7 +49,6 @@ CFLAGS_vsyscall.o := $(PROFILING) -g0
1432 therm_throt-y += ../../i386/kernel/cpu/mcheck/therm_throt.o
1433 bootflag-y += ../../i386/kernel/bootflag.o
1434 -legacy_serial-y += ../../i386/kernel/legacy_serial.o
1435 cpuid-$(subst m,y,$(CONFIG_X86_CPUID)) += ../../i386/kernel/cpuid.o
1436 topology-y += ../../i386/kernel/topology.o
1437 microcode-$(subst m,y,$(CONFIG_MICROCODE)) += ../../i386/kernel/microcode.o
1438 diff --git a/arch/x86_64/kernel/head.S b/arch/x86_64/kernel/head.S
1439 index 1fab487..c63fc64 100644
1440 --- a/arch/x86_64/kernel/head.S
1441 +++ b/arch/x86_64/kernel/head.S
1442 @@ -326,8 +326,7 @@ NEXT_PAGE(level2_kernel_pgt)
1443 /* 40MB kernel mapping. The kernel code cannot be bigger than that.
1444 When you change this change KERNEL_TEXT_SIZE in page.h too. */
1445 /* (2^48-(2*1024*1024*1024)-((2^39)*511)-((2^30)*510)) = 0 */
1446 - PMDS(0x0000000000000000, __PAGE_KERNEL_LARGE_EXEC|_PAGE_GLOBAL,
1447 - KERNEL_TEXT_SIZE/PMD_SIZE)
1448 + PMDS(0x0000000000000000, __PAGE_KERNEL_LARGE_EXEC|_PAGE_GLOBAL, KERNEL_TEXT_SIZE/PMD_SIZE)
1449 /* Module mapping starts here */
1450 .fill (PTRS_PER_PMD - (KERNEL_TEXT_SIZE/PMD_SIZE)),8,0
1452 diff --git a/arch/x86_64/kernel/io_apic.c b/arch/x86_64/kernel/io_apic.c
1453 index 1c6c6f7..34d7cde 100644
1454 --- a/arch/x86_64/kernel/io_apic.c
1455 +++ b/arch/x86_64/kernel/io_apic.c
1456 @@ -774,12 +774,15 @@ static struct irq_chip ioapic_chip;
1458 static void ioapic_register_intr(int irq, unsigned long trigger)
1459 {
1460 - if (trigger)
1461 + if (trigger) {
1462 + irq_desc[irq].status |= IRQ_LEVEL;
1463 set_irq_chip_and_handler_name(irq, &ioapic_chip,
1464 handle_fasteoi_irq, "fasteoi");
1465 - else
1466 + } else {
1467 + irq_desc[irq].status &= ~IRQ_LEVEL;
1468 set_irq_chip_and_handler_name(irq, &ioapic_chip,
1469 handle_edge_irq, "edge");
1470 + }
1471 }
1473 static void setup_IO_APIC_irq(int apic, int pin, unsigned int irq,
1474 diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c
1475 index 9409117..7fc0e73 100644
1476 --- a/arch/x86_64/kernel/ptrace.c
1477 +++ b/arch/x86_64/kernel/ptrace.c
1478 @@ -102,16 +102,25 @@ unsigned long convert_rip_to_linear(struct task_struct *child, struct pt_regs *r
1479 u32 *desc;
1480 unsigned long base;
1482 - down(&child->mm->context.sem);
1483 - desc = child->mm->context.ldt + (seg & ~7);
1484 - base = (desc[0] >> 16) | ((desc[1] & 0xff) << 16) | (desc[1] & 0xff000000);
1485 + seg &= ~7UL;
1487 - /* 16-bit code segment? */
1488 - if (!((desc[1] >> 22) & 1))
1489 - addr &= 0xffff;
1490 - addr += base;
1491 + down(&child->mm->context.sem);
1492 + if (unlikely((seg >> 3) >= child->mm->context.size))
1493 + addr = -1L; /* bogus selector, access would fault */
1494 + else {
1495 + desc = child->mm->context.ldt + seg;
1496 + base = ((desc[0] >> 16) |
1497 + ((desc[1] & 0xff) << 16) |
1498 + (desc[1] & 0xff000000));
1499 +
1500 + /* 16-bit code segment? */
1501 + if (!((desc[1] >> 22) & 1))
1502 + addr &= 0xffff;
1503 + addr += base;
1504 + }
1505 up(&child->mm->context.sem);
1506 }
1507 +
1508 return addr;
1509 }
1511 @@ -223,10 +232,6 @@ static int putreg(struct task_struct *child,
1512 {
1513 unsigned long tmp;
1515 - /* Some code in the 64bit emulation may not be 64bit clean.
1516 - Don't take any chances. */
1517 - if (test_tsk_thread_flag(child, TIF_IA32))
1518 - value &= 0xffffffff;
1519 switch (regno) {
1520 case offsetof(struct user_regs_struct,fs):
1521 if (value && (value & 3) != 3)
1522 diff --git a/arch/x86_64/mm/init.c b/arch/x86_64/mm/init.c
1523 index 9a0e98a..b7e514e 100644
1524 --- a/arch/x86_64/mm/init.c
1525 +++ b/arch/x86_64/mm/init.c
1526 @@ -769,8 +769,3 @@ int in_gate_area_no_task(unsigned long addr)
1527 return (addr >= VSYSCALL_START) && (addr < VSYSCALL_END);
1528 }
1530 -void *alloc_bootmem_high_node(pg_data_t *pgdat, unsigned long size)
1531 -{
1532 - return __alloc_bootmem_core(pgdat->bdata, size,
1533 - SMP_CACHE_BYTES, (4UL*1024*1024*1024), 0);
1534 -}
1535 diff --git a/arch/x86_64/mm/pageattr.c b/arch/x86_64/mm/pageattr.c
1536 index 9148f4a..d6cd5c4 100644
1537 --- a/arch/x86_64/mm/pageattr.c
1538 +++ b/arch/x86_64/mm/pageattr.c
1539 @@ -204,7 +204,7 @@ int change_page_attr_addr(unsigned long address, int numpages, pgprot_t prot)
1540 if (__pa(address) < KERNEL_TEXT_SIZE) {
1541 unsigned long addr2;
1542 pgprot_t prot2;
1543 - addr2 = __START_KERNEL_map + __pa(address);
1544 + addr2 = __START_KERNEL_map + __pa(address) - phys_base;
1545 /* Make sure the kernel mappings stay executable */
1546 prot2 = pte_pgprot(pte_mkexec(pfn_pte(0, prot)));
1547 err = __change_page_attr(addr2, pfn, prot2,
1548 @@ -227,9 +227,14 @@ void global_flush_tlb(void)
1549 struct page *pg, *next;
1550 struct list_head l;
1552 - down_read(&init_mm.mmap_sem);
1553 + /*
1554 + * Write-protect the semaphore, to exclude two contexts
1555 + * doing a list_replace_init() call in parallel and to
1556 + * exclude new additions to the deferred_pages list:
1557 + */
1558 + down_write(&init_mm.mmap_sem);
1559 list_replace_init(&deferred_pages, &l);
1560 - up_read(&init_mm.mmap_sem);
1561 + up_write(&init_mm.mmap_sem);
1563 flush_map(&l);
1565 diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
1566 index baef5fc..a131d41 100644
1567 --- a/block/cfq-iosched.c
1568 +++ b/block/cfq-iosched.c
1569 @@ -92,6 +92,8 @@ struct cfq_data {
1570 struct cfq_queue *active_queue;
1571 struct cfq_io_context *active_cic;
1573 + struct cfq_queue *async_cfqq[IOPRIO_BE_NR];
1574 +
1575 struct timer_list idle_class_timer;
1577 sector_t last_position;
1578 @@ -1351,8 +1353,8 @@ static void cfq_ioc_set_ioprio(struct io_context *ioc)
1579 }
1581 static struct cfq_queue *
1582 -cfq_get_queue(struct cfq_data *cfqd, int is_sync, struct task_struct *tsk,
1583 - gfp_t gfp_mask)
1584 +cfq_find_alloc_queue(struct cfq_data *cfqd, int is_sync,
1585 + struct task_struct *tsk, gfp_t gfp_mask)
1586 {
1587 struct cfq_queue *cfqq, *new_cfqq = NULL;
1588 struct cfq_io_context *cic;
1589 @@ -1405,12 +1407,35 @@ retry:
1590 if (new_cfqq)
1591 kmem_cache_free(cfq_pool, new_cfqq);
1593 - atomic_inc(&cfqq->ref);
1594 out:
1595 WARN_ON((gfp_mask & __GFP_WAIT) && !cfqq);
1596 return cfqq;
1597 }
1599 +static struct cfq_queue *
1600 +cfq_get_queue(struct cfq_data *cfqd, int is_sync, struct task_struct *tsk,
1601 + gfp_t gfp_mask)
1602 +{
1603 + const int ioprio = task_ioprio(tsk);
1604 + struct cfq_queue *cfqq = NULL;
1605 +
1606 + if (!is_sync)
1607 + cfqq = cfqd->async_cfqq[ioprio];
1608 + if (!cfqq)
1609 + cfqq = cfq_find_alloc_queue(cfqd, is_sync, tsk, gfp_mask);
1610 +
1611 + /*
1612 + * pin the queue now that it's allocated, scheduler exit will prune it
1613 + */
1614 + if (!is_sync && !cfqd->async_cfqq[ioprio]) {
1615 + atomic_inc(&cfqq->ref);
1616 + cfqd->async_cfqq[ioprio] = cfqq;
1617 + }
1618 +
1619 + atomic_inc(&cfqq->ref);
1620 + return cfqq;
1621 +}
1622 +
1623 /*
1624 * We drop cfq io contexts lazily, so we may find a dead one.
1625 */
1626 @@ -2019,6 +2044,7 @@ static void cfq_exit_queue(elevator_t *e)
1627 {
1628 struct cfq_data *cfqd = e->elevator_data;
1629 request_queue_t *q = cfqd->queue;
1630 + int i;
1632 cfq_shutdown_timer_wq(cfqd);
1634 @@ -2035,6 +2061,13 @@ static void cfq_exit_queue(elevator_t *e)
1635 __cfq_exit_single_io_context(cfqd, cic);
1636 }
1638 + /*
1639 + * Put the async queues
1640 + */
1641 + for (i = 0; i < IOPRIO_BE_NR; i++)
1642 + if (cfqd->async_cfqq[i])
1643 + cfq_put_queue(cfqd->async_cfqq[i]);
1644 +
1645 spin_unlock_irq(q->queue_lock);
1647 cfq_shutdown_timer_wq(cfqd);
1648 diff --git a/block/ll_rw_blk.c b/block/ll_rw_blk.c
1649 index c99b463..4369ff2 100644
1650 --- a/block/ll_rw_blk.c
1651 +++ b/block/ll_rw_blk.c
1652 @@ -1081,12 +1081,6 @@ void blk_queue_end_tag(request_queue_t *q, struct request *rq)
1653 */
1654 return;
1656 - if (unlikely(!__test_and_clear_bit(tag, bqt->tag_map))) {
1657 - printk(KERN_ERR "%s: attempt to clear non-busy tag (%d)\n",
1658 - __FUNCTION__, tag);
1659 - return;
1660 - }
1661 -
1662 list_del_init(&rq->queuelist);
1663 rq->cmd_flags &= ~REQ_QUEUED;
1664 rq->tag = -1;
1665 @@ -1096,6 +1090,13 @@ void blk_queue_end_tag(request_queue_t *q, struct request *rq)
1666 __FUNCTION__, tag);
1668 bqt->tag_index[tag] = NULL;
1669 +
1670 + if (unlikely(!test_and_clear_bit(tag, bqt->tag_map))) {
1671 + printk(KERN_ERR "%s: attempt to clear non-busy tag (%d)\n",
1672 + __FUNCTION__, tag);
1673 + return;
1674 + }
1675 +
1676 bqt->busy--;
1677 }
1679 diff --git a/crypto/algapi.c b/crypto/algapi.c
1680 index f137a43..ec286a2 100644
1681 --- a/crypto/algapi.c
1682 +++ b/crypto/algapi.c
1683 @@ -98,6 +98,9 @@ static void crypto_remove_spawn(struct crypto_spawn *spawn,
1684 return;
1686 inst->alg.cra_flags |= CRYPTO_ALG_DEAD;
1687 + if (hlist_unhashed(&inst->list))
1688 + return;
1689 +
1690 if (!tmpl || !crypto_tmpl_get(tmpl))
1691 return;
1693 @@ -333,9 +336,6 @@ int crypto_register_instance(struct crypto_template *tmpl,
1694 LIST_HEAD(list);
1695 int err = -EINVAL;
1697 - if (inst->alg.cra_destroy)
1698 - goto err;
1699 -
1700 err = crypto_check_alg(&inst->alg);
1701 if (err)
1702 goto err;
1703 diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
1704 index 8edf40c..cce9236 100644
1705 --- a/crypto/blkcipher.c
1706 +++ b/crypto/blkcipher.c
1707 @@ -59,11 +59,13 @@ static inline void blkcipher_unmap_dst(struct blkcipher_walk *walk)
1708 scatterwalk_unmap(walk->dst.virt.addr, 1);
1709 }
1711 +/* Get a spot of the specified length that does not straddle a page.
1712 + * The caller needs to ensure that there is enough space for this operation.
1713 + */
1714 static inline u8 *blkcipher_get_spot(u8 *start, unsigned int len)
1715 {
1716 - if (offset_in_page(start + len) < len)
1717 - return (u8 *)((unsigned long)(start + len) & PAGE_MASK);
1718 - return start;
1719 + u8 *end_page = (u8 *)(((unsigned long)(start + len - 1)) & PAGE_MASK);
1720 + return start > end_page ? start : end_page;
1721 }
1723 static inline unsigned int blkcipher_done_slow(struct crypto_blkcipher *tfm,
1724 @@ -155,7 +157,8 @@ static inline int blkcipher_next_slow(struct blkcipher_desc *desc,
1725 if (walk->buffer)
1726 goto ok;
1728 - n = bsize * 2 + (alignmask & ~(crypto_tfm_ctx_alignment() - 1));
1729 + n = bsize * 3 - (alignmask + 1) +
1730 + (alignmask & ~(crypto_tfm_ctx_alignment() - 1));
1731 walk->buffer = kmalloc(n, GFP_ATOMIC);
1732 if (!walk->buffer)
1733 return blkcipher_walk_done(desc, walk, -ENOMEM);
1734 diff --git a/drivers/acpi/dispatcher/dsobject.c b/drivers/acpi/dispatcher/dsobject.c
1735 index a474ca2..954ac8c 100644
1736 --- a/drivers/acpi/dispatcher/dsobject.c
1737 +++ b/drivers/acpi/dispatcher/dsobject.c
1738 @@ -137,6 +137,71 @@ acpi_ds_build_internal_object(struct acpi_walk_state *walk_state,
1739 return_ACPI_STATUS(status);
1740 }
1741 }
1742 +
1743 + /* Special object resolution for elements of a package */
1744 +
1745 + if ((op->common.parent->common.aml_opcode == AML_PACKAGE_OP) ||
1746 + (op->common.parent->common.aml_opcode ==
1747 + AML_VAR_PACKAGE_OP)) {
1748 + /*
1749 + * Attempt to resolve the node to a value before we insert it into
1750 + * the package. If this is a reference to a common data type,
1751 + * resolve it immediately. According to the ACPI spec, package
1752 + * elements can only be "data objects" or method references.
1753 + * Attempt to resolve to an Integer, Buffer, String or Package.
1754 + * If cannot, return the named reference (for things like Devices,
1755 + * Methods, etc.) Buffer Fields and Fields will resolve to simple
1756 + * objects (int/buf/str/pkg).
1757 + *
1758 + * NOTE: References to things like Devices, Methods, Mutexes, etc.
1759 + * will remain as named references. This behavior is not described
1760 + * in the ACPI spec, but it appears to be an oversight.
1761 + */
1762 + obj_desc = (union acpi_operand_object *)op->common.node;
1763 +
1764 + status =
1765 + acpi_ex_resolve_node_to_value(ACPI_CAST_INDIRECT_PTR
1766 + (struct
1767 + acpi_namespace_node,
1768 + &obj_desc),
1769 + walk_state);
1770 + if (ACPI_FAILURE(status)) {
1771 + return_ACPI_STATUS(status);
1772 + }
1773 +
1774 + switch (op->common.node->type) {
1775 + /*
1776 + * For these types, we need the actual node, not the subobject.
1777 + * However, the subobject got an extra reference count above.
1778 + */
1779 + case ACPI_TYPE_MUTEX:
1780 + case ACPI_TYPE_METHOD:
1781 + case ACPI_TYPE_POWER:
1782 + case ACPI_TYPE_PROCESSOR:
1783 + case ACPI_TYPE_EVENT:
1784 + case ACPI_TYPE_REGION:
1785 + case ACPI_TYPE_DEVICE:
1786 + case ACPI_TYPE_THERMAL:
1787 +
1788 + obj_desc =
1789 + (union acpi_operand_object *)op->common.
1790 + node;
1791 + break;
1792 +
1793 + default:
1794 + break;
1795 + }
1796 +
1797 + /*
1798 + * If above resolved to an operand object, we are done. Otherwise,
1799 + * we have a NS node, we must create the package entry as a named
1800 + * reference.
1801 + */
1802 + if (ACPI_GET_DESCRIPTOR_TYPE(obj_desc) !=
1803 + ACPI_DESC_TYPE_NAMED) {
1804 + goto exit;
1805 + }
1806 + }
1807 }
1809 /* Create and init a new internal ACPI object */
1810 @@ -156,6 +221,7 @@ acpi_ds_build_internal_object(struct acpi_walk_state *walk_state,
1811 return_ACPI_STATUS(status);
1812 }
1814 + exit:
1815 *obj_desc_ptr = obj_desc;
1816 return_ACPI_STATUS(AE_OK);
1817 }
1818 @@ -356,12 +422,25 @@ acpi_ds_build_internal_package_obj(struct acpi_walk_state *walk_state,
1819 arg = arg->common.next;
1820 for (i = 0; arg && (i < element_count); i++) {
1821 if (arg->common.aml_opcode == AML_INT_RETURN_VALUE_OP) {
1822 -
1823 - /* This package element is already built, just get it */
1824 -
1825 - obj_desc->package.elements[i] =
1826 - ACPI_CAST_PTR(union acpi_operand_object,
1827 - arg->common.node);
1828 + if (arg->common.node->type == ACPI_TYPE_METHOD) {
1829 + /*
1830 + * A method reference "looks" to the parser to be a method
1831 + * invocation, so we special case it here
1832 + */
1833 + arg->common.aml_opcode = AML_INT_NAMEPATH_OP;
1834 + status =
1835 + acpi_ds_build_internal_object(walk_state,
1836 + arg,
1837 + &obj_desc->
1838 + package.
1839 + elements[i]);
1840 + } else {
1841 + /* This package element is already built, just get it */
1842 +
1843 + obj_desc->package.elements[i] =
1844 + ACPI_CAST_PTR(union acpi_operand_object,
1845 + arg->common.node);
1846 + }
1847 } else {
1848 status = acpi_ds_build_internal_object(walk_state, arg,
1849 &obj_desc->
1850 diff --git a/drivers/acpi/dock.c b/drivers/acpi/dock.c
1851 index 4546bf8..9bc340b 100644
1852 --- a/drivers/acpi/dock.c
1853 +++ b/drivers/acpi/dock.c
1854 @@ -716,6 +716,7 @@ static int dock_add(acpi_handle handle)
1855 if (ret) {
1856 printk(KERN_ERR PREFIX "Error %d registering dock device\n", ret);
1857 kfree(dock_station);
1858 + dock_station = NULL;
1859 return ret;
1860 }
1861 ret = device_create_file(&dock_device.dev, &dev_attr_docked);
1862 @@ -723,6 +724,7 @@ static int dock_add(acpi_handle handle)
1863 printk("Error %d adding sysfs file\n", ret);
1864 platform_device_unregister(&dock_device);
1865 kfree(dock_station);
1866 + dock_station = NULL;
1867 return ret;
1868 }
1869 ret = device_create_file(&dock_device.dev, &dev_attr_undock);
1870 @@ -731,6 +733,7 @@ static int dock_add(acpi_handle handle)
1871 device_remove_file(&dock_device.dev, &dev_attr_docked);
1872 platform_device_unregister(&dock_device);
1873 kfree(dock_station);
1874 + dock_station = NULL;
1875 return ret;
1876 }
1877 ret = device_create_file(&dock_device.dev, &dev_attr_uid);
1878 @@ -738,6 +741,7 @@ static int dock_add(acpi_handle handle)
1879 printk("Error %d adding sysfs file\n", ret);
1880 platform_device_unregister(&dock_device);
1881 kfree(dock_station);
1882 + dock_station = NULL;
1883 return ret;
1884 }
1886 @@ -750,6 +754,7 @@ static int dock_add(acpi_handle handle)
1887 dd = alloc_dock_dependent_device(handle);
1888 if (!dd) {
1889 kfree(dock_station);
1890 + dock_station = NULL;
1891 ret = -ENOMEM;
1892 goto dock_add_err_unregister;
1893 }
1894 @@ -777,6 +782,7 @@ dock_add_err_unregister:
1895 device_remove_file(&dock_device.dev, &dev_attr_undock);
1896 platform_device_unregister(&dock_device);
1897 kfree(dock_station);
1898 + dock_station = NULL;
1899 return ret;
1900 }
1902 @@ -810,6 +816,7 @@ static int dock_remove(void)
1904 /* free dock station memory */
1905 kfree(dock_station);
1906 + dock_station = NULL;
1907 return 0;
1908 }
1910 diff --git a/drivers/acpi/events/evgpeblk.c b/drivers/acpi/events/evgpeblk.c
1911 index 902c287..361ebe6 100644
1912 --- a/drivers/acpi/events/evgpeblk.c
1913 +++ b/drivers/acpi/events/evgpeblk.c
1914 @@ -586,6 +586,10 @@ acpi_ev_delete_gpe_xrupt(struct acpi_gpe_xrupt_info *gpe_xrupt)
1915 flags = acpi_os_acquire_lock(acpi_gbl_gpe_lock);
1916 if (gpe_xrupt->previous) {
1917 gpe_xrupt->previous->next = gpe_xrupt->next;
1918 + } else {
1919 + /* No previous, update list head */
1920 +
1921 + acpi_gbl_gpe_xrupt_list_head = gpe_xrupt->next;
1922 }
1924 if (gpe_xrupt->next) {
1925 diff --git a/drivers/acpi/processor_core.c b/drivers/acpi/processor_core.c
1926 index f7de02a..e529f4c 100644
1927 --- a/drivers/acpi/processor_core.c
1928 +++ b/drivers/acpi/processor_core.c
1929 @@ -93,6 +93,8 @@ static struct acpi_driver acpi_processor_driver = {
1930 .add = acpi_processor_add,
1931 .remove = acpi_processor_remove,
1932 .start = acpi_processor_start,
1933 + .suspend = acpi_processor_suspend,
1934 + .resume = acpi_processor_resume,
1935 },
1936 };
1938 diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c
1939 index 80ffc78..13915e8 100644
1940 --- a/drivers/acpi/processor_idle.c
1941 +++ b/drivers/acpi/processor_idle.c
1942 @@ -324,6 +324,23 @@ static void acpi_state_timer_broadcast(struct acpi_processor *pr,
1944 #endif
1946 +/*
1947 + * Suspend / resume control
1948 + */
1949 +static int acpi_idle_suspend;
1950 +
1951 +int acpi_processor_suspend(struct acpi_device * device, pm_message_t state)
1952 +{
1953 + acpi_idle_suspend = 1;
1954 + return 0;
1955 +}
1956 +
1957 +int acpi_processor_resume(struct acpi_device * device)
1958 +{
1959 + acpi_idle_suspend = 0;
1960 + return 0;
1961 +}
1962 +
1963 static void acpi_processor_idle(void)
1964 {
1965 struct acpi_processor *pr = NULL;
1966 @@ -354,7 +371,7 @@ static void acpi_processor_idle(void)
1967 }
1969 cx = pr->power.state;
1970 - if (!cx) {
1971 + if (!cx || acpi_idle_suspend) {
1972 if (pm_idle_save)
1973 pm_idle_save();
1974 else
1975 diff --git a/drivers/acpi/tables/tbfadt.c b/drivers/acpi/tables/tbfadt.c
1976 index 1285e91..002bb33 100644
1977 --- a/drivers/acpi/tables/tbfadt.c
1978 +++ b/drivers/acpi/tables/tbfadt.c
1979 @@ -211,14 +211,17 @@ void acpi_tb_parse_fadt(acpi_native_uint table_index, u8 flags)
1980 * DESCRIPTION: Get a local copy of the FADT and convert it to a common format.
1981 * Performs validation on some important FADT fields.
1982 *
1983 + * NOTE: We create a local copy of the FADT regardless of the version.
1984 + *
1985 ******************************************************************************/
1987 void acpi_tb_create_local_fadt(struct acpi_table_header *table, u32 length)
1988 {
1990 /*
1991 - * Check if the FADT is larger than what we know about (ACPI 2.0 version).
1992 - * Truncate the table, but make some noise.
1993 + * Check if the FADT is larger than the largest table that we expect
1994 + * (the ACPI 2.0/3.0 version). If so, truncate the table, and issue
1995 + * a warning.
1996 */
1997 if (length > sizeof(struct acpi_table_fadt)) {
1998 ACPI_WARNING((AE_INFO,
1999 @@ -227,10 +230,12 @@ void acpi_tb_create_local_fadt(struct acpi_table_header *table, u32 length)
2000 sizeof(struct acpi_table_fadt)));
2001 }
2003 - /* Copy the entire FADT locally. Zero first for tb_convert_fadt */
2004 + /* Clear the entire local FADT */
2006 ACPI_MEMSET(&acpi_gbl_FADT, 0, sizeof(struct acpi_table_fadt));
2008 + /* Copy the original FADT, up to sizeof (struct acpi_table_fadt) */
2009 +
2010 ACPI_MEMCPY(&acpi_gbl_FADT, table,
2011 ACPI_MIN(length, sizeof(struct acpi_table_fadt)));
2013 @@ -251,7 +256,7 @@ void acpi_tb_create_local_fadt(struct acpi_table_header *table, u32 length)
2014 * RETURN: None
2015 *
2016 * DESCRIPTION: Converts all versions of the FADT to a common internal format.
2017 - * -> Expand all 32-bit addresses to 64-bit.
2018 + * Expand all 32-bit addresses to 64-bit.
2019 *
2020 * NOTE: acpi_gbl_FADT must be of size (struct acpi_table_fadt),
2021 * and must contain a copy of the actual FADT.
2022 @@ -292,8 +297,23 @@ static void acpi_tb_convert_fadt(void)
2023 }
2025 /*
2026 - * Expand the 32-bit V1.0 addresses to the 64-bit "X" generic address
2027 - * structures as necessary.
2028 + * For ACPI 1.0 FADTs (revision 1 or 2), ensure that reserved fields which
2029 + * should be zero are indeed zero. This will workaround BIOSs that
2030 + * inadvertently place values in these fields.
2031 + *
2032 + * The ACPI 1.0 reserved fields that will be zeroed are the bytes located at
2033 + * offset 45, 55, 95, and the word located at offset 109, 110.
2034 + */
2035 + if (acpi_gbl_FADT.header.revision < 3) {
2036 + acpi_gbl_FADT.preferred_profile = 0;
2037 + acpi_gbl_FADT.pstate_control = 0;
2038 + acpi_gbl_FADT.cst_control = 0;
2039 + acpi_gbl_FADT.boot_flags = 0;
2040 + }
2041 +
2042 + /*
2043 + * Expand the ACPI 1.0 32-bit V1.0 addresses to the ACPI 2.0 64-bit "X"
2044 + * generic address structures as necessary.
2045 */
2046 for (i = 0; i < ACPI_FADT_INFO_ENTRIES; i++) {
2047 target =
2048 @@ -349,18 +369,6 @@ static void acpi_tb_convert_fadt(void)
2049 acpi_gbl_FADT.xpm1a_event_block.space_id;
2051 }
2052 -
2053 - /*
2054 - * For ACPI 1.0 FADTs, ensure that reserved fields (which should be zero)
2055 - * are indeed zero. This will workaround BIOSs that inadvertently placed
2056 - * values in these fields.
2057 - */
2058 - if (acpi_gbl_FADT.header.revision < 3) {
2059 - acpi_gbl_FADT.preferred_profile = 0;
2060 - acpi_gbl_FADT.pstate_control = 0;
2061 - acpi_gbl_FADT.cst_control = 0;
2062 - acpi_gbl_FADT.boot_flags = 0;
2063 - }
2064 }
2066 /******************************************************************************
2067 diff --git a/drivers/acpi/tables/tbutils.c b/drivers/acpi/tables/tbutils.c
2068 index 1da64b4..8cc9492 100644
2069 --- a/drivers/acpi/tables/tbutils.c
2070 +++ b/drivers/acpi/tables/tbutils.c
2071 @@ -51,6 +51,65 @@ ACPI_MODULE_NAME("tbutils")
2072 static acpi_physical_address
2073 acpi_tb_get_root_table_entry(u8 * table_entry,
2074 acpi_native_uint table_entry_size);
2075 +/*******************************************************************************
2076 + *
2077 + * FUNCTION: acpi_tb_check_xsdt
2078 + *
2079 + * PARAMETERS: address - Pointer to the XSDT
2080 + *
2081 + * RETURN: status
2082 + * AE_OK - XSDT is okay
2083 + * AE_NO_MEMORY - can't map XSDT
2084 + * AE_INVALID_TABLE_LENGTH - invalid table length
2085 + * AE_NULL_ENTRY - XSDT has NULL entry
2086 + *
2087 + * DESCRIPTION: validate XSDT
2088 +******************************************************************************/
2089 +
2090 +static acpi_status
2091 +acpi_tb_check_xsdt(acpi_physical_address address)
2092 +{
2093 + struct acpi_table_header *table;
2094 + u32 length;
2095 + u64 xsdt_entry_address;
2096 + u8 *table_entry;
2097 + u32 table_count;
2098 + int i;
2099 +
2100 + table = acpi_os_map_memory(address, sizeof(struct acpi_table_header));
2101 + if (!table)
2102 + return AE_NO_MEMORY;
2103 +
2104 + length = table->length;
2105 + acpi_os_unmap_memory(table, sizeof(struct acpi_table_header));
2106 + if (length < sizeof(struct acpi_table_header))
2107 + return AE_INVALID_TABLE_LENGTH;
2108 +
2109 + table = acpi_os_map_memory(address, length);
2110 + if (!table)
2111 + return AE_NO_MEMORY;
2112 +
2113 + /* Calculate the number of tables described in XSDT */
2114 + table_count =
2115 + (u32) ((table->length -
2116 + sizeof(struct acpi_table_header)) / sizeof(u64));
2117 + table_entry =
2118 + ACPI_CAST_PTR(u8, table) + sizeof(struct acpi_table_header);
2119 + for (i = 0; i < table_count; i++) {
2120 + ACPI_MOVE_64_TO_64(&xsdt_entry_address, table_entry);
2121 + if (!xsdt_entry_address) {
2122 + /* XSDT has NULL entry */
2123 + break;
2124 + }
2125 + table_entry += sizeof(u64);
2126 + }
2127 + acpi_os_unmap_memory(table, length);
2128 +
2129 + if (i < table_count)
2130 + return AE_NULL_ENTRY;
2131 + else
2132 + return AE_OK;
2133 +}
2135 /*******************************************************************************
2136 *
2137 @@ -341,6 +400,7 @@ acpi_tb_parse_root_table(acpi_physical_address rsdp_address, u8 flags)
2138 u32 table_count;
2139 struct acpi_table_header *table;
2140 acpi_physical_address address;
2141 + acpi_physical_address rsdt_address;
2142 u32 length;
2143 u8 *table_entry;
2144 acpi_status status;
2145 @@ -369,6 +429,8 @@ acpi_tb_parse_root_table(acpi_physical_address rsdp_address, u8 flags)
2146 */
2147 address = (acpi_physical_address) rsdp->xsdt_physical_address;
2148 table_entry_size = sizeof(u64);
2149 + rsdt_address = (acpi_physical_address)
2150 + rsdp->rsdt_physical_address;
2151 } else {
2152 /* Root table is an RSDT (32-bit physical addresses) */
2154 @@ -382,6 +444,15 @@ acpi_tb_parse_root_table(acpi_physical_address rsdp_address, u8 flags)
2155 */
2156 acpi_os_unmap_memory(rsdp, sizeof(struct acpi_table_rsdp));
2158 + if (table_entry_size == sizeof(u64)) {
2159 + if (acpi_tb_check_xsdt(address) == AE_NULL_ENTRY) {
2160 + /* XSDT has NULL entry, RSDT is used */
2161 + address = rsdt_address;
2162 + table_entry_size = sizeof(u32);
2163 + ACPI_WARNING((AE_INFO, "BIOS XSDT has NULL entry,"
2164 + "using RSDT"));
2165 + }
2166 + }
2167 /* Map the RSDT/XSDT table header to get the full table length */
2169 table = acpi_os_map_memory(address, sizeof(struct acpi_table_header));
2170 diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
2171 index ca5229d..e722f83 100644
2172 --- a/drivers/ata/ahci.c
2173 +++ b/drivers/ata/ahci.c
2174 @@ -399,7 +399,10 @@ static const struct pci_device_id ahci_pci_tbl[] = {
2176 /* ATI */
2177 { PCI_VDEVICE(ATI, 0x4380), board_ahci_sb600 }, /* ATI SB600 */
2178 - { PCI_VDEVICE(ATI, 0x4390), board_ahci_sb600 }, /* ATI SB700 */
2179 + { PCI_VDEVICE(ATI, 0x4390), board_ahci_sb600 }, /* ATI SB700 IDE */
2180 + { PCI_VDEVICE(ATI, 0x4391), board_ahci_sb600 }, /* ATI SB700 AHCI */
2181 + { PCI_VDEVICE(ATI, 0x4392), board_ahci_sb600 }, /* ATI SB700 nraid5 */
2182 + { PCI_VDEVICE(ATI, 0x4393), board_ahci_sb600 }, /* ATI SB700 raid5 */
2184 /* VIA */
2185 { PCI_VDEVICE(VIA, 0x3349), board_ahci_vt8251 }, /* VIA VT8251 */
2186 @@ -1238,7 +1241,7 @@ static void ahci_host_intr(struct ata_port *ap)
2187 struct ata_eh_info *ehi = &ap->eh_info;
2188 struct ahci_port_priv *pp = ap->private_data;
2189 u32 status, qc_active;
2190 - int rc, known_irq = 0;
2191 + int rc;
2193 status = readl(port_mmio + PORT_IRQ_STAT);
2194 writel(status, port_mmio + PORT_IRQ_STAT);
2195 @@ -1254,74 +1257,11 @@ static void ahci_host_intr(struct ata_port *ap)
2196 qc_active = readl(port_mmio + PORT_CMD_ISSUE);
2198 rc = ata_qc_complete_multiple(ap, qc_active, NULL);
2199 - if (rc > 0)
2200 - return;
2201 if (rc < 0) {
2202 ehi->err_mask |= AC_ERR_HSM;
2203 ehi->action |= ATA_EH_SOFTRESET;
2204 ata_port_freeze(ap);
2205 - return;
2206 - }
2207 -
2208 - /* hmmm... a spurious interupt */
2209 -
2210 - /* if !NCQ, ignore. No modern ATA device has broken HSM
2211 - * implementation for non-NCQ commands.
2212 - */
2213 - if (!ap->sactive)
2214 - return;
2215 -
2216 - if (status & PORT_IRQ_D2H_REG_FIS) {
2217 - if (!pp->ncq_saw_d2h)
2218 - ata_port_printk(ap, KERN_INFO,
2219 - "D2H reg with I during NCQ, "
2220 - "this message won't be printed again\n");
2221 - pp->ncq_saw_d2h = 1;
2222 - known_irq = 1;
2223 - }
2224 -
2225 - if (status & PORT_IRQ_DMAS_FIS) {
2226 - if (!pp->ncq_saw_dmas)
2227 - ata_port_printk(ap, KERN_INFO,
2228 - "DMAS FIS during NCQ, "
2229 - "this message won't be printed again\n");
2230 - pp->ncq_saw_dmas = 1;
2231 - known_irq = 1;
2232 - }
2233 -
2234 - if (status & PORT_IRQ_SDB_FIS) {
2235 - const __le32 *f = pp->rx_fis + RX_FIS_SDB;
2236 -
2237 - if (le32_to_cpu(f[1])) {
2238 - /* SDB FIS containing spurious completions
2239 - * might be dangerous, whine and fail commands
2240 - * with HSM violation. EH will turn off NCQ
2241 - * after several such failures.
2242 - */
2243 - ata_ehi_push_desc(ehi,
2244 - "spurious completions during NCQ "
2245 - "issue=0x%x SAct=0x%x FIS=%08x:%08x",
2246 - readl(port_mmio + PORT_CMD_ISSUE),
2247 - readl(port_mmio + PORT_SCR_ACT),
2248 - le32_to_cpu(f[0]), le32_to_cpu(f[1]));
2249 - ehi->err_mask |= AC_ERR_HSM;
2250 - ehi->action |= ATA_EH_SOFTRESET;
2251 - ata_port_freeze(ap);
2252 - } else {
2253 - if (!pp->ncq_saw_sdb)
2254 - ata_port_printk(ap, KERN_INFO,
2255 - "spurious SDB FIS %08x:%08x during NCQ, "
2256 - "this message won't be printed again\n",
2257 - le32_to_cpu(f[0]), le32_to_cpu(f[1]));
2258 - pp->ncq_saw_sdb = 1;
2259 - }
2260 - known_irq = 1;
2261 }
2262 -
2263 - if (!known_irq)
2264 - ata_port_printk(ap, KERN_INFO, "spurious interrupt "
2265 - "(irq_stat 0x%x active_tag 0x%x sactive 0x%x)\n",
2266 - status, ap->active_tag, ap->sactive);
2267 }
2269 static void ahci_irq_clear(struct ata_port *ap)
2270 diff --git a/drivers/ata/ata_piix.c b/drivers/ata/ata_piix.c
2271 index 9c07b88..5a148bd 100644
2272 --- a/drivers/ata/ata_piix.c
2273 +++ b/drivers/ata/ata_piix.c
2274 @@ -200,6 +200,8 @@ static const struct pci_device_id piix_pci_tbl[] = {
2275 /* ICH7/7-R (i945, i975) UDMA 100*/
2276 { 0x8086, 0x27DF, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich_pata_133 },
2277 { 0x8086, 0x269E, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich_pata_100 },
2278 + /* ICH8 Mobile PATA Controller */
2279 + { 0x8086, 0x2850, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich_pata_100 },
2281 /* NOTE: The following PCI ids must be kept in sync with the
2282 * list in drivers/pci/quirks.c.
2283 @@ -426,7 +428,7 @@ static const struct piix_map_db ich8_map_db = {
2284 /* PM PS SM SS MAP */
2285 { P0, P2, P1, P3 }, /* 00b (hardwired when in AHCI) */
2286 { RV, RV, RV, RV },
2287 - { IDE, IDE, NA, NA }, /* 10b (IDE mode) */
2288 + { P0, P2, IDE, IDE }, /* 10b (IDE mode) */
2289 { RV, RV, RV, RV },
2290 },
2291 };
2292 diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
2293 index 981b397..22b6368 100644
2294 --- a/drivers/ata/libata-core.c
2295 +++ b/drivers/ata/libata-core.c
2296 @@ -3774,6 +3774,8 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = {
2297 { "SAMSUNG CD-ROM SN-124","N001", ATA_HORKAGE_NODMA },
2298 { "Seagate STT20000A", NULL, ATA_HORKAGE_NODMA },
2299 { "IOMEGA ZIP 250 ATAPI", NULL, ATA_HORKAGE_NODMA }, /* temporary fix */
2300 + { "IOMEGA ZIP 250 ATAPI Floppy",
2301 + NULL, ATA_HORKAGE_NODMA },
2303 /* Weird ATAPI devices */
2304 { "TORiSAN DVD-ROM DRD-N216", NULL, ATA_HORKAGE_MAX_SEC_128 },
2305 @@ -3783,11 +3785,18 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = {
2306 /* Devices where NCQ should be avoided */
2307 /* NCQ is slow */
2308 { "WDC WD740ADFD-00", NULL, ATA_HORKAGE_NONCQ },
2309 + { "WDC WD740ADFD-00NLR1", NULL, ATA_HORKAGE_NONCQ, },
2310 /* http://thread.gmane.org/gmane.linux.ide/14907 */
2311 { "FUJITSU MHT2060BH", NULL, ATA_HORKAGE_NONCQ },
2312 /* NCQ is broken */
2313 { "Maxtor 6L250S0", "BANC1G10", ATA_HORKAGE_NONCQ },
2314 + { "Maxtor 6B200M0", "BANC1BM0", ATA_HORKAGE_NONCQ },
2315 { "Maxtor 6B200M0", "BANC1B10", ATA_HORKAGE_NONCQ },
2316 + { "Maxtor 7B250S0", "BANC1B70", ATA_HORKAGE_NONCQ, },
2317 + { "Maxtor 7B300S0", "BANC1B70", ATA_HORKAGE_NONCQ },
2318 + { "Maxtor 7V300F0", "VA111630", ATA_HORKAGE_NONCQ },
2319 + { "HITACHI HDS7250SASUN500G 0621KTAWSD", "K2AOAJ0AHITACHI",
2320 + ATA_HORKAGE_NONCQ },
2321 /* NCQ hard hangs device under heavier load, needs hard power cycle */
2322 { "Maxtor 6B250S0", "BANC1B70", ATA_HORKAGE_NONCQ },
2323 /* Blacklist entries taken from Silicon Image 3124/3132
2324 @@ -3795,13 +3804,6 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = {
2325 { "HTS541060G9SA00", "MB3OC60D", ATA_HORKAGE_NONCQ, },
2326 { "HTS541080G9SA00", "MB4OC60D", ATA_HORKAGE_NONCQ, },
2327 { "HTS541010G9SA00", "MBZOC60D", ATA_HORKAGE_NONCQ, },
2328 - /* Drives which do spurious command completion */
2329 - { "HTS541680J9SA00", "SB2IC7EP", ATA_HORKAGE_NONCQ, },
2330 - { "HTS541612J9SA00", "SBDIC7JP", ATA_HORKAGE_NONCQ, },
2331 - { "Hitachi HTS541616J9SA00", "SB4OC70P", ATA_HORKAGE_NONCQ, },
2332 - { "WDC WD740ADFD-00NLR1", NULL, ATA_HORKAGE_NONCQ, },
2333 -
2334 - /* Devices with NCQ limits */
2336 /* End Marker */
2337 { }
2338 diff --git a/drivers/ata/libata-sff.c b/drivers/ata/libata-sff.c
2339 index fa1c22c..13c1486 100644
2340 --- a/drivers/ata/libata-sff.c
2341 +++ b/drivers/ata/libata-sff.c
2342 @@ -211,6 +211,8 @@ void ata_tf_read(struct ata_port *ap, struct ata_taskfile *tf)
2343 tf->hob_lbal = ioread8(ioaddr->lbal_addr);
2344 tf->hob_lbam = ioread8(ioaddr->lbam_addr);
2345 tf->hob_lbah = ioread8(ioaddr->lbah_addr);
2346 + iowrite8(tf->ctl, ioaddr->ctl_addr);
2347 + ap->last_ctl = tf->ctl;
2348 }
2349 }
2351 diff --git a/drivers/ata/pata_atiixp.c b/drivers/ata/pata_atiixp.c
2352 index 8449146..eceea6c 100644
2353 --- a/drivers/ata/pata_atiixp.c
2354 +++ b/drivers/ata/pata_atiixp.c
2355 @@ -285,6 +285,7 @@ static const struct pci_device_id atiixp[] = {
2356 { PCI_VDEVICE(ATI, PCI_DEVICE_ID_ATI_IXP300_IDE), },
2357 { PCI_VDEVICE(ATI, PCI_DEVICE_ID_ATI_IXP400_IDE), },
2358 { PCI_VDEVICE(ATI, PCI_DEVICE_ID_ATI_IXP600_IDE), },
2359 + { PCI_VDEVICE(ATI, PCI_DEVICE_ID_ATI_IXP700_IDE), },
2361 { },
2362 };
2363 diff --git a/drivers/ata/pata_scc.c b/drivers/ata/pata_scc.c
2364 index 61502bc..63f6e2c 100644
2365 --- a/drivers/ata/pata_scc.c
2366 +++ b/drivers/ata/pata_scc.c
2367 @@ -352,6 +352,8 @@ static void scc_tf_read (struct ata_port *ap, struct ata_taskfile *tf)
2368 tf->hob_lbal = in_be32(ioaddr->lbal_addr);
2369 tf->hob_lbam = in_be32(ioaddr->lbam_addr);
2370 tf->hob_lbah = in_be32(ioaddr->lbah_addr);
2371 + out_be32(ioaddr->ctl_addr, tf->ctl);
2372 + ap->last_ctl = tf->ctl;
2373 }
2374 }
2376 diff --git a/drivers/ata/sata_promise.c b/drivers/ata/sata_promise.c
2377 index 6dc0b01..681b76a 100644
2378 --- a/drivers/ata/sata_promise.c
2379 +++ b/drivers/ata/sata_promise.c
2380 @@ -51,6 +51,7 @@
2381 enum {
2382 PDC_MAX_PORTS = 4,
2383 PDC_MMIO_BAR = 3,
2384 + PDC_MAX_PRD = LIBATA_MAX_PRD - 1, /* -1 for ASIC PRD bug workaround */
2386 /* register offsets */
2387 PDC_FEATURE = 0x04, /* Feature/Error reg (per port) */
2388 @@ -157,7 +158,7 @@ static struct scsi_host_template pdc_ata_sht = {
2389 .queuecommand = ata_scsi_queuecmd,
2390 .can_queue = ATA_DEF_QUEUE,
2391 .this_id = ATA_SHT_THIS_ID,
2392 - .sg_tablesize = LIBATA_MAX_PRD,
2393 + .sg_tablesize = PDC_MAX_PRD,
2394 .cmd_per_lun = ATA_SHT_CMD_PER_LUN,
2395 .emulated = ATA_SHT_EMULATED,
2396 .use_clustering = ATA_SHT_USE_CLUSTERING,
2397 @@ -330,8 +331,8 @@ static const struct pci_device_id pdc_ata_pci_tbl[] = {
2399 { PCI_VDEVICE(PROMISE, 0x3318), board_20319 },
2400 { PCI_VDEVICE(PROMISE, 0x3319), board_20319 },
2401 - { PCI_VDEVICE(PROMISE, 0x3515), board_20319 },
2402 - { PCI_VDEVICE(PROMISE, 0x3519), board_20319 },
2403 + { PCI_VDEVICE(PROMISE, 0x3515), board_40518 },
2404 + { PCI_VDEVICE(PROMISE, 0x3519), board_40518 },
2405 { PCI_VDEVICE(PROMISE, 0x3d17), board_40518 },
2406 { PCI_VDEVICE(PROMISE, 0x3d18), board_40518 },
2408 @@ -531,6 +532,84 @@ static void pdc_atapi_pkt(struct ata_queued_cmd *qc)
2409 memcpy(buf+31, cdb, cdb_len);
2410 }
2412 +/**
2413 + * pdc_fill_sg - Fill PCI IDE PRD table
2414 + * @qc: Metadata associated with taskfile to be transferred
2415 + *
2416 + * Fill PCI IDE PRD (scatter-gather) table with segments
2417 + * associated with the current disk command.
2418 + * Make sure hardware does not choke on it.
2419 + *
2420 + * LOCKING:
2421 + * spin_lock_irqsave(host lock)
2422 + *
2423 + */
2424 +static void pdc_fill_sg(struct ata_queued_cmd *qc)
2425 +{
2426 + struct ata_port *ap = qc->ap;
2427 + struct scatterlist *sg;
2428 + unsigned int idx;
2429 + const u32 SG_COUNT_ASIC_BUG = 41*4;
2430 +
2431 + if (!(qc->flags & ATA_QCFLAG_DMAMAP))
2432 + return;
2433 +
2434 + WARN_ON(qc->__sg == NULL);
2435 + WARN_ON(qc->n_elem == 0 && qc->pad_len == 0);
2436 +
2437 + idx = 0;
2438 + ata_for_each_sg(sg, qc) {
2439 + u32 addr, offset;
2440 + u32 sg_len, len;
2441 +
2442 + /* determine if physical DMA addr spans 64K boundary.
2443 + * Note h/w doesn't support 64-bit, so we unconditionally
2444 + * truncate dma_addr_t to u32.
2445 + */
2446 + addr = (u32) sg_dma_address(sg);
2447 + sg_len = sg_dma_len(sg);
2448 +
2449 + while (sg_len) {
2450 + offset = addr & 0xffff;
2451 + len = sg_len;
2452 + if ((offset + sg_len) > 0x10000)
2453 + len = 0x10000 - offset;
2454 +
2455 + ap->prd[idx].addr = cpu_to_le32(addr);
2456 + ap->prd[idx].flags_len = cpu_to_le32(len & 0xffff);
2457 + VPRINTK("PRD[%u] = (0x%X, 0x%X)\n", idx, addr, len);
2458 +
2459 + idx++;
2460 + sg_len -= len;
2461 + addr += len;
2462 + }
2463 + }
2464 +
2465 + if (idx) {
2466 + u32 len = le32_to_cpu(ap->prd[idx - 1].flags_len);
2467 +
2468 + if (len > SG_COUNT_ASIC_BUG) {
2469 + u32 addr;
2470 +
2471 + VPRINTK("Splitting last PRD.\n");
2472 +
2473 + addr = le32_to_cpu(ap->prd[idx - 1].addr);
2474 + ap->prd[idx - 1].flags_len = cpu_to_le32(len - SG_COUNT_ASIC_BUG);
2475 + VPRINTK("PRD[%u] = (0x%X, 0x%X)\n", idx - 1, addr, SG_COUNT_ASIC_BUG);
2476 +
2477 + addr = addr + len - SG_COUNT_ASIC_BUG;
2478 + len = SG_COUNT_ASIC_BUG;
2479 + ap->prd[idx].addr = cpu_to_le32(addr);
2480 + ap->prd[idx].flags_len = cpu_to_le32(len);
2481 + VPRINTK("PRD[%u] = (0x%X, 0x%X)\n", idx, addr, len);
2482 +
2483 + idx++;
2484 + }
2485 +
2486 + ap->prd[idx - 1].flags_len |= cpu_to_le32(ATA_PRD_EOT);
2487 + }
2488 +}
2489 +
2490 static void pdc_qc_prep(struct ata_queued_cmd *qc)
2491 {
2492 struct pdc_port_priv *pp = qc->ap->private_data;
2493 @@ -540,7 +619,7 @@ static void pdc_qc_prep(struct ata_queued_cmd *qc)
2495 switch (qc->tf.protocol) {
2496 case ATA_PROT_DMA:
2497 - ata_qc_prep(qc);
2498 + pdc_fill_sg(qc);
2499 /* fall through */
2501 case ATA_PROT_NODATA:
2502 @@ -556,11 +635,11 @@ static void pdc_qc_prep(struct ata_queued_cmd *qc)
2503 break;
2505 case ATA_PROT_ATAPI:
2506 - ata_qc_prep(qc);
2507 + pdc_fill_sg(qc);
2508 break;
2510 case ATA_PROT_ATAPI_DMA:
2511 - ata_qc_prep(qc);
2512 + pdc_fill_sg(qc);
2513 /*FALLTHROUGH*/
2514 case ATA_PROT_ATAPI_NODATA:
2515 pdc_atapi_pkt(qc);
2516 diff --git a/drivers/atm/he.c b/drivers/atm/he.c
2517 index d33aba6..3b64a99 100644
2518 --- a/drivers/atm/he.c
2519 +++ b/drivers/atm/he.c
2520 @@ -394,6 +394,11 @@ he_init_one(struct pci_dev *pci_dev, const struct pci_device_id *pci_ent)
2521 he_dev->atm_dev->dev_data = he_dev;
2522 atm_dev->dev_data = he_dev;
2523 he_dev->number = atm_dev->number;
2524 +#ifdef USE_TASKLET
2525 + tasklet_init(&he_dev->tasklet, he_tasklet, (unsigned long) he_dev);
2526 +#endif
2527 + spin_lock_init(&he_dev->global_lock);
2528 +
2529 if (he_start(atm_dev)) {
2530 he_stop(he_dev);
2531 err = -ENODEV;
2532 @@ -1173,11 +1178,6 @@ he_start(struct atm_dev *dev)
2533 if ((err = he_init_irq(he_dev)) != 0)
2534 return err;
2536 -#ifdef USE_TASKLET
2537 - tasklet_init(&he_dev->tasklet, he_tasklet, (unsigned long) he_dev);
2538 -#endif
2539 - spin_lock_init(&he_dev->global_lock);
2540 -
2541 /* 4.11 enable pci bus controller state machines */
2542 host_cntl |= (OUTFF_ENB | CMDFF_ENB |
2543 QUICK_RD_RETRY | QUICK_WR_RETRY | PERR_INT_ENB);
2544 diff --git a/drivers/atm/nicstar.c b/drivers/atm/nicstar.c
2545 index 14ced85..0c205b0 100644
2546 --- a/drivers/atm/nicstar.c
2547 +++ b/drivers/atm/nicstar.c
2548 @@ -625,14 +625,6 @@ static int __devinit ns_init_card(int i, struct pci_dev *pcidev)
2549 if (mac[i] == NULL)
2550 nicstar_init_eprom(card->membase);
2552 - if (request_irq(pcidev->irq, &ns_irq_handler, IRQF_DISABLED | IRQF_SHARED, "nicstar", card) != 0)
2553 - {
2554 - printk("nicstar%d: can't allocate IRQ %d.\n", i, pcidev->irq);
2555 - error = 9;
2556 - ns_init_card_error(card, error);
2557 - return error;
2558 - }
2559 -
2560 /* Set the VPI/VCI MSb mask to zero so we can receive OAM cells */
2561 writel(0x00000000, card->membase + VPM);
2563 @@ -858,8 +850,6 @@ static int __devinit ns_init_card(int i, struct pci_dev *pcidev)
2564 card->iovpool.count++;
2565 }
2567 - card->intcnt = 0;
2568 -
2569 /* Configure NICStAR */
2570 if (card->rct_size == 4096)
2571 ns_cfg_rctsize = NS_CFG_RCTSIZE_4096_ENTRIES;
2572 @@ -868,6 +858,15 @@ static int __devinit ns_init_card(int i, struct pci_dev *pcidev)
2574 card->efbie = 1;
2576 + card->intcnt = 0;
2577 + if (request_irq(pcidev->irq, &ns_irq_handler, IRQF_DISABLED | IRQF_SHARED, "nicstar", card) != 0)
2578 + {
2579 + printk("nicstar%d: can't allocate IRQ %d.\n", i, pcidev->irq);
2580 + error = 9;
2581 + ns_init_card_error(card, error);
2582 + return error;
2583 + }
2584 +
2585 /* Register device */
2586 card->atmdev = atm_dev_register("nicstar", &atm_ops, -1, NULL);
2587 if (card->atmdev == NULL)
2588 diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c
2589 index fe7ef33..4054507 100644
2590 --- a/drivers/base/cpu.c
2591 +++ b/drivers/base/cpu.c
2592 @@ -53,7 +53,7 @@ static ssize_t store_online(struct sys_device *dev, const char *buf,
2593 ret = count;
2594 return ret;
2595 }
2596 -static SYSDEV_ATTR(online, 0600, show_online, store_online);
2597 +static SYSDEV_ATTR(online, 0644, show_online, store_online);
2599 static void __devinit register_cpu_control(struct cpu *cpu)
2600 {
2601 diff --git a/drivers/block/DAC960.c b/drivers/block/DAC960.c
2602 index 92bf868..84d6aa5 100644
2603 --- a/drivers/block/DAC960.c
2604 +++ b/drivers/block/DAC960.c
2605 @@ -17,8 +17,8 @@
2606 */
2609 -#define DAC960_DriverVersion "2.5.48"
2610 -#define DAC960_DriverDate "14 May 2006"
2611 +#define DAC960_DriverVersion "2.5.49"
2612 +#define DAC960_DriverDate "21 Aug 2007"
2615 #include <linux/module.h>
2616 @@ -31,6 +31,7 @@
2617 #include <linux/genhd.h>
2618 #include <linux/hdreg.h>
2619 #include <linux/blkpg.h>
2620 +#include <linux/dma-mapping.h>
2621 #include <linux/interrupt.h>
2622 #include <linux/ioport.h>
2623 #include <linux/mm.h>
2624 @@ -1165,9 +1166,9 @@ static bool DAC960_V1_EnableMemoryMailboxInterface(DAC960_Controller_T
2625 int i;
2628 - if (pci_set_dma_mask(Controller->PCIDevice, DAC690_V1_PciDmaMask))
2629 + if (pci_set_dma_mask(Controller->PCIDevice, DMA_32BIT_MASK))
2630 return DAC960_Failure(Controller, "DMA mask out of range");
2631 - Controller->BounceBufferLimit = DAC690_V1_PciDmaMask;
2632 + Controller->BounceBufferLimit = DMA_32BIT_MASK;
2634 if ((hw_type == DAC960_PD_Controller) || (hw_type == DAC960_P_Controller)) {
2635 CommandMailboxesSize = 0;
2636 @@ -1368,9 +1369,12 @@ static bool DAC960_V2_EnableMemoryMailboxInterface(DAC960_Controller_T
2637 dma_addr_t CommandMailboxDMA;
2638 DAC960_V2_CommandStatus_T CommandStatus;
2640 - if (pci_set_dma_mask(Controller->PCIDevice, DAC690_V2_PciDmaMask))
2641 - return DAC960_Failure(Controller, "DMA mask out of range");
2642 - Controller->BounceBufferLimit = DAC690_V2_PciDmaMask;
2643 + if (!pci_set_dma_mask(Controller->PCIDevice, DMA_64BIT_MASK))
2644 + Controller->BounceBufferLimit = DMA_64BIT_MASK;
2645 + else if (!pci_set_dma_mask(Controller->PCIDevice, DMA_32BIT_MASK))
2646 + Controller->BounceBufferLimit = DMA_32BIT_MASK;
2647 + else
2648 + return DAC960_Failure(Controller, "DMA mask out of range");
2650 /* This is a temporary dma mapping, used only in the scope of this function */
2651 CommandMailbox = pci_alloc_consistent(PCI_Device,
2652 diff --git a/drivers/block/DAC960.h b/drivers/block/DAC960.h
2653 index f5e2436..85fa9bb 100644
2654 --- a/drivers/block/DAC960.h
2655 +++ b/drivers/block/DAC960.h
2656 @@ -61,13 +61,6 @@
2657 #define DAC960_V2_MaxPhysicalDevices 272
2659 /*
2660 - Define the pci dma mask supported by DAC960 V1 and V2 Firmware Controlers
2661 - */
2662 -
2663 -#define DAC690_V1_PciDmaMask 0xffffffff
2664 -#define DAC690_V2_PciDmaMask 0xffffffffffffffffULL
2665 -
2666 -/*
2667 Define a 32/64 bit I/O Address data type.
2668 */
2670 diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
2671 index 5acc6c4..132f76b 100644
2672 --- a/drivers/block/cciss.c
2673 +++ b/drivers/block/cciss.c
2674 @@ -3225,12 +3225,15 @@ static int alloc_cciss_hba(void)
2675 for (i = 0; i < MAX_CTLR; i++) {
2676 if (!hba[i]) {
2677 ctlr_info_t *p;
2678 +
2679 p = kzalloc(sizeof(ctlr_info_t), GFP_KERNEL);
2680 if (!p)
2681 goto Enomem;
2682 p->gendisk[0] = alloc_disk(1 << NWD_SHIFT);
2683 - if (!p->gendisk[0])
2684 + if (!p->gendisk[0]) {
2685 + kfree(p);
2686 goto Enomem;
2687 + }
2688 hba[i] = p;
2689 return i;
2690 }
2691 diff --git a/drivers/block/rd.c b/drivers/block/rd.c
2692 index a1512da..e30bd9e 100644
2693 --- a/drivers/block/rd.c
2694 +++ b/drivers/block/rd.c
2695 @@ -189,6 +189,18 @@ static int ramdisk_set_page_dirty(struct page *page)
2696 return 0;
2697 }
2699 +/*
2700 + * releasepage is called by pagevec_strip/try_to_release_page if
2701 + * buffers_heads_over_limit is true. Without a releasepage function
2702 + * try_to_free_buffers is called instead. That can unset the dirty
2703 + * bit of our ram disk pages, which will be eventually freed, even
2704 + * if the page is still in use.
2705 + */
2706 +static int ramdisk_releasepage(struct page *page, gfp_t dummy)
2707 +{
2708 + return 0;
2709 +}
2710 +
2711 static const struct address_space_operations ramdisk_aops = {
2712 .readpage = ramdisk_readpage,
2713 .prepare_write = ramdisk_prepare_write,
2714 @@ -196,6 +208,7 @@ static const struct address_space_operations ramdisk_aops = {
2715 .writepage = ramdisk_writepage,
2716 .set_page_dirty = ramdisk_set_page_dirty,
2717 .writepages = ramdisk_writepages,
2718 + .releasepage = ramdisk_releasepage,
2719 };
2721 static int rd_blkdev_pagecache_IO(int rw, struct bio_vec *vec, sector_t sector,
2722 diff --git a/drivers/char/agp/intel-agp.c b/drivers/char/agp/intel-agp.c
2723 index a124060..d06b652 100644
2724 --- a/drivers/char/agp/intel-agp.c
2725 +++ b/drivers/char/agp/intel-agp.c
2726 @@ -20,7 +20,9 @@
2727 #define PCI_DEVICE_ID_INTEL_82965G_IG 0x29A2
2728 #define PCI_DEVICE_ID_INTEL_82965GM_HB 0x2A00
2729 #define PCI_DEVICE_ID_INTEL_82965GM_IG 0x2A02
2730 +#define PCI_DEVICE_ID_INTEL_82965GME_HB 0x2A10
2731 #define PCI_DEVICE_ID_INTEL_82965GME_IG 0x2A12
2732 +#define PCI_DEVICE_ID_INTEL_82945GME_HB 0x27AC
2733 #define PCI_DEVICE_ID_INTEL_82945GME_IG 0x27AE
2734 #define PCI_DEVICE_ID_INTEL_G33_HB 0x29C0
2735 #define PCI_DEVICE_ID_INTEL_G33_IG 0x29C2
2736 @@ -33,7 +35,8 @@
2737 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965G_1_HB || \
2738 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965Q_HB || \
2739 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965G_HB || \
2740 - agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965GM_HB)
2741 + agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965GM_HB || \
2742 + agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965GME_HB)
2744 #define IS_G33 (agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_G33_HB || \
2745 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_Q35_HB || \
2746 @@ -527,6 +530,7 @@ static void intel_i830_init_gtt_entries(void)
2747 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82915GM_HB ||
2748 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945G_HB ||
2749 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945GM_HB ||
2750 + agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945GME_HB ||
2751 IS_I965 || IS_G33)
2752 gtt_entries = MB(48) - KB(size);
2753 else
2754 @@ -538,6 +542,7 @@ static void intel_i830_init_gtt_entries(void)
2755 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82915GM_HB ||
2756 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945G_HB ||
2757 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945GM_HB ||
2758 + agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945GME_HB ||
2759 IS_I965 || IS_G33)
2760 gtt_entries = MB(64) - KB(size);
2761 else
2762 @@ -1848,9 +1853,9 @@ static const struct intel_driver_description {
2763 NULL, &intel_915_driver },
2764 { PCI_DEVICE_ID_INTEL_82945G_HB, PCI_DEVICE_ID_INTEL_82945G_IG, 0, "945G",
2765 NULL, &intel_915_driver },
2766 - { PCI_DEVICE_ID_INTEL_82945GM_HB, PCI_DEVICE_ID_INTEL_82945GM_IG, 1, "945GM",
2767 + { PCI_DEVICE_ID_INTEL_82945GM_HB, PCI_DEVICE_ID_INTEL_82945GM_IG, 0, "945GM",
2768 NULL, &intel_915_driver },
2769 - { PCI_DEVICE_ID_INTEL_82945GM_HB, PCI_DEVICE_ID_INTEL_82945GME_IG, 0, "945GME",
2770 + { PCI_DEVICE_ID_INTEL_82945GME_HB, PCI_DEVICE_ID_INTEL_82945GME_IG, 0, "945GME",
2771 NULL, &intel_915_driver },
2772 { PCI_DEVICE_ID_INTEL_82946GZ_HB, PCI_DEVICE_ID_INTEL_82946GZ_IG, 0, "946GZ",
2773 NULL, &intel_i965_driver },
2774 @@ -1860,9 +1865,9 @@ static const struct intel_driver_description {
2775 NULL, &intel_i965_driver },
2776 { PCI_DEVICE_ID_INTEL_82965G_HB, PCI_DEVICE_ID_INTEL_82965G_IG, 0, "965G",
2777 NULL, &intel_i965_driver },
2778 - { PCI_DEVICE_ID_INTEL_82965GM_HB, PCI_DEVICE_ID_INTEL_82965GM_IG, 1, "965GM",
2779 + { PCI_DEVICE_ID_INTEL_82965GM_HB, PCI_DEVICE_ID_INTEL_82965GM_IG, 0, "965GM",
2780 NULL, &intel_i965_driver },
2781 - { PCI_DEVICE_ID_INTEL_82965GM_HB, PCI_DEVICE_ID_INTEL_82965GME_IG, 0, "965GME/GLE",
2782 + { PCI_DEVICE_ID_INTEL_82965GME_HB, PCI_DEVICE_ID_INTEL_82965GME_IG, 0, "965GME/GLE",
2783 NULL, &intel_i965_driver },
2784 { PCI_DEVICE_ID_INTEL_7505_0, 0, 0, "E7505", &intel_7505_driver, NULL },
2785 { PCI_DEVICE_ID_INTEL_7205_0, 0, 0, "E7205", &intel_7505_driver, NULL },
2786 @@ -2051,11 +2056,13 @@ static struct pci_device_id agp_intel_pci_table[] = {
2787 ID(PCI_DEVICE_ID_INTEL_82915GM_HB),
2788 ID(PCI_DEVICE_ID_INTEL_82945G_HB),
2789 ID(PCI_DEVICE_ID_INTEL_82945GM_HB),
2790 + ID(PCI_DEVICE_ID_INTEL_82945GME_HB),
2791 ID(PCI_DEVICE_ID_INTEL_82946GZ_HB),
2792 ID(PCI_DEVICE_ID_INTEL_82965G_1_HB),
2793 ID(PCI_DEVICE_ID_INTEL_82965Q_HB),
2794 ID(PCI_DEVICE_ID_INTEL_82965G_HB),
2795 ID(PCI_DEVICE_ID_INTEL_82965GM_HB),
2796 + ID(PCI_DEVICE_ID_INTEL_82965GME_HB),
2797 ID(PCI_DEVICE_ID_INTEL_G33_HB),
2798 ID(PCI_DEVICE_ID_INTEL_Q35_HB),
2799 ID(PCI_DEVICE_ID_INTEL_Q33_HB),
2800 diff --git a/drivers/char/drm/drm_vm.c b/drivers/char/drm/drm_vm.c
2801 index b5c5b9f..e2d7be9 100644
2802 --- a/drivers/char/drm/drm_vm.c
2803 +++ b/drivers/char/drm/drm_vm.c
2804 @@ -520,6 +520,7 @@ static int drm_mmap_dma(struct file *filp, struct vm_area_struct *vma)
2805 vma->vm_ops = &drm_vm_dma_ops;
2807 vma->vm_flags |= VM_RESERVED; /* Don't swap */
2808 + vma->vm_flags |= VM_DONTEXPAND;
2810 vma->vm_file = filp; /* Needed for drm_vm_open() */
2811 drm_vm_open_locked(vma);
2812 @@ -669,6 +670,7 @@ static int drm_mmap_locked(struct file *filp, struct vm_area_struct *vma)
2813 return -EINVAL; /* This should never happen. */
2814 }
2815 vma->vm_flags |= VM_RESERVED; /* Don't swap */
2816 + vma->vm_flags |= VM_DONTEXPAND;
2818 vma->vm_file = filp; /* Needed for drm_vm_open() */
2819 drm_vm_open_locked(vma);
2820 diff --git a/drivers/char/drm/i915_dma.c b/drivers/char/drm/i915_dma.c
2821 index ea52740..786c0d9 100644
2822 --- a/drivers/char/drm/i915_dma.c
2823 +++ b/drivers/char/drm/i915_dma.c
2824 @@ -184,6 +184,8 @@ static int i915_initialize(drm_device_t * dev,
2825 * private backbuffer/depthbuffer usage.
2826 */
2827 dev_priv->use_mi_batchbuffer_start = 0;
2828 + if (IS_I965G(dev)) /* 965 doesn't support older method */
2829 + dev_priv->use_mi_batchbuffer_start = 1;
2831 /* Allow hardware batchbuffers unless told otherwise.
2832 */
2833 @@ -517,8 +519,13 @@ static int i915_dispatch_batchbuffer(drm_device_t * dev,
2835 if (dev_priv->use_mi_batchbuffer_start) {
2836 BEGIN_LP_RING(2);
2837 - OUT_RING(MI_BATCH_BUFFER_START | (2 << 6));
2838 - OUT_RING(batch->start | MI_BATCH_NON_SECURE);
2839 + if (IS_I965G(dev)) {
2840 + OUT_RING(MI_BATCH_BUFFER_START | (2 << 6) | MI_BATCH_NON_SECURE_I965);
2841 + OUT_RING(batch->start);
2842 + } else {
2843 + OUT_RING(MI_BATCH_BUFFER_START | (2 << 6));
2844 + OUT_RING(batch->start | MI_BATCH_NON_SECURE);
2845 + }
2846 ADVANCE_LP_RING();
2847 } else {
2848 BEGIN_LP_RING(4);
2849 @@ -735,7 +742,8 @@ static int i915_setparam(DRM_IOCTL_ARGS)
2851 switch (param.param) {
2852 case I915_SETPARAM_USE_MI_BATCHBUFFER_START:
2853 - dev_priv->use_mi_batchbuffer_start = param.value;
2854 + if (!IS_I965G(dev))
2855 + dev_priv->use_mi_batchbuffer_start = param.value;
2856 break;
2857 case I915_SETPARAM_TEX_LRU_LOG_GRANULARITY:
2858 dev_priv->tex_lru_log_granularity = param.value;
2859 diff --git a/drivers/char/drm/i915_drv.h b/drivers/char/drm/i915_drv.h
2860 index 85e323a..44a0717 100644
2861 --- a/drivers/char/drm/i915_drv.h
2862 +++ b/drivers/char/drm/i915_drv.h
2863 @@ -282,6 +282,7 @@ extern int i915_wait_ring(drm_device_t * dev, int n, const char *caller);
2864 #define MI_BATCH_BUFFER_START (0x31<<23)
2865 #define MI_BATCH_BUFFER_END (0xA<<23)
2866 #define MI_BATCH_NON_SECURE (1)
2867 +#define MI_BATCH_NON_SECURE_I965 (1<<8)
2869 #define MI_WAIT_FOR_EVENT ((0x3<<23))
2870 #define MI_WAIT_FOR_PLANE_A_FLIP (1<<2)
2871 diff --git a/drivers/char/drm/i915_irq.c b/drivers/char/drm/i915_irq.c
2872 index b92062a..8021ba6 100644
2873 --- a/drivers/char/drm/i915_irq.c
2874 +++ b/drivers/char/drm/i915_irq.c
2875 @@ -541,7 +541,7 @@ int i915_vblank_swap(DRM_IOCTL_ARGS)
2876 return DRM_ERR(EBUSY);
2877 }
2879 - vbl_swap = drm_calloc(1, sizeof(vbl_swap), DRM_MEM_DRIVER);
2880 + vbl_swap = drm_calloc(1, sizeof(*vbl_swap), DRM_MEM_DRIVER);
2882 if (!vbl_swap) {
2883 DRM_ERROR("Failed to allocate memory to queue swap\n");
2884 diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
2885 index 78e1b96..eb894f8 100644
2886 --- a/drivers/char/ipmi/ipmi_si_intf.c
2887 +++ b/drivers/char/ipmi/ipmi_si_intf.c
2888 @@ -2214,7 +2214,8 @@ static int ipmi_pci_resume(struct pci_dev *pdev)
2890 static struct pci_device_id ipmi_pci_devices[] = {
2891 { PCI_DEVICE(PCI_HP_VENDOR_ID, PCI_MMC_DEVICE_ID) },
2892 - { PCI_DEVICE_CLASS(PCI_ERMC_CLASSCODE, PCI_ERMC_CLASSCODE_MASK) }
2893 + { PCI_DEVICE_CLASS(PCI_ERMC_CLASSCODE, PCI_ERMC_CLASSCODE_MASK) },
2894 + { 0, }
2895 };
2896 MODULE_DEVICE_TABLE(pci, ipmi_pci_devices);
2898 diff --git a/drivers/char/mspec.c b/drivers/char/mspec.c
2899 index 7ac3061..5685b7a 100644
2900 --- a/drivers/char/mspec.c
2901 +++ b/drivers/char/mspec.c
2902 @@ -265,7 +265,8 @@ mspec_mmap(struct file *file, struct vm_area_struct *vma, int type)
2903 vdata->refcnt = ATOMIC_INIT(1);
2904 vma->vm_private_data = vdata;
2906 - vma->vm_flags |= (VM_IO | VM_LOCKED | VM_RESERVED | VM_PFNMAP);
2907 + vma->vm_flags |= (VM_IO | VM_LOCKED | VM_RESERVED | VM_PFNMAP |
2908 + VM_DONTEXPAND);
2909 if (vdata->type == MSPEC_FETCHOP || vdata->type == MSPEC_UNCACHED)
2910 vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
2911 vma->vm_ops = &mspec_vm_ops;
2912 diff --git a/drivers/char/random.c b/drivers/char/random.c
2913 index 7f52712..af274e5 100644
2914 --- a/drivers/char/random.c
2915 +++ b/drivers/char/random.c
2916 @@ -693,9 +693,14 @@ static void xfer_secondary_pool(struct entropy_store *r, size_t nbytes)
2918 if (r->pull && r->entropy_count < nbytes * 8 &&
2919 r->entropy_count < r->poolinfo->POOLBITS) {
2920 - int bytes = max_t(int, random_read_wakeup_thresh / 8,
2921 - min_t(int, nbytes, sizeof(tmp)));
2922 + /* If we're limited, always leave two wakeup worth's BITS */
2923 int rsvd = r->limit ? 0 : random_read_wakeup_thresh/4;
2924 + int bytes = nbytes;
2925 +
2926 + /* pull at least as many as BYTES as wakeup BITS */
2927 + bytes = max_t(int, bytes, random_read_wakeup_thresh / 8);
2928 + /* but never more than the buffer size */
2929 + bytes = min_t(int, bytes, sizeof(tmp));
2931 DEBUG_ENT("going to reseed %s with %d bits "
2932 "(%d of %d requested)\n",
2933 @@ -1545,11 +1550,13 @@ __u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr,
2934 * As close as possible to RFC 793, which
2935 * suggests using a 250 kHz clock.
2936 * Further reading shows this assumes 2 Mb/s networks.
2937 - * For 10 Gb/s Ethernet, a 1 GHz clock is appropriate.
2938 - * That's funny, Linux has one built in! Use it!
2939 - * (Networks are faster now - should this be increased?)
2940 + * For 10 Mb/s Ethernet, a 1 MHz clock is appropriate.
2941 + * For 10 Gb/s Ethernet, a 1 GHz clock should be ok, but
2942 + * we also need to limit the resolution so that the u32 seq
2943 + * overlaps less than one time per MSL (2 minutes).
2944 + * Choosing a clock of 64 ns period is OK. (period of 274 s)
2945 */
2946 - seq += ktime_get_real().tv64;
2947 + seq += ktime_get_real().tv64 >> 6;
2948 #if 0
2949 printk("init_seq(%lx, %lx, %d, %d) = %d\n",
2950 saddr, daddr, sport, dport, seq);
2951 diff --git a/drivers/char/sx.c b/drivers/char/sx.c
2952 index 1da92a6..85a2328 100644
2953 --- a/drivers/char/sx.c
2954 +++ b/drivers/char/sx.c
2955 @@ -2721,9 +2721,9 @@ static void __devexit sx_pci_remove(struct pci_dev *pdev)
2956 its because the standard requires it. So check for SUBVENDOR_ID. */
2957 static struct pci_device_id sx_pci_tbl[] = {
2958 { PCI_VENDOR_ID_SPECIALIX, PCI_DEVICE_ID_SPECIALIX_SX_XIO_IO8,
2959 - .subvendor = 0x0200,.subdevice = PCI_ANY_ID },
2960 + .subvendor = PCI_ANY_ID, .subdevice = 0x0200 },
2961 { PCI_VENDOR_ID_SPECIALIX, PCI_DEVICE_ID_SPECIALIX_SX_XIO_IO8,
2962 - .subvendor = 0x0300,.subdevice = PCI_ANY_ID },
2963 + .subvendor = PCI_ANY_ID, .subdevice = 0x0300 },
2964 { 0 }
2965 };
2967 diff --git a/drivers/connector/cn_queue.c b/drivers/connector/cn_queue.c
2968 index 296f510..12ceed5 100644
2969 --- a/drivers/connector/cn_queue.c
2970 +++ b/drivers/connector/cn_queue.c
2971 @@ -99,8 +99,8 @@ int cn_queue_add_callback(struct cn_queue_dev *dev, char *name, struct cb_id *id
2972 spin_unlock_bh(&dev->queue_lock);
2974 if (found) {
2975 - atomic_dec(&dev->refcnt);
2976 cn_queue_free_callback(cbq);
2977 + atomic_dec(&dev->refcnt);
2978 return -EINVAL;
2979 }
2981 diff --git a/drivers/cpufreq/cpufreq_ondemand.c b/drivers/cpufreq/cpufreq_ondemand.c
2982 index 8532bb7..e794527 100644
2983 --- a/drivers/cpufreq/cpufreq_ondemand.c
2984 +++ b/drivers/cpufreq/cpufreq_ondemand.c
2985 @@ -96,15 +96,25 @@ static struct dbs_tuners {
2987 static inline cputime64_t get_cpu_idle_time(unsigned int cpu)
2988 {
2989 - cputime64_t retval;
2990 + cputime64_t idle_time;
2991 + cputime64_t cur_jiffies;
2992 + cputime64_t busy_time;
2994 - retval = cputime64_add(kstat_cpu(cpu).cpustat.idle,
2995 - kstat_cpu(cpu).cpustat.iowait);
2996 + cur_jiffies = jiffies64_to_cputime64(get_jiffies_64());
2997 + busy_time = cputime64_add(kstat_cpu(cpu).cpustat.user,
2998 + kstat_cpu(cpu).cpustat.system);
3000 - if (dbs_tuners_ins.ignore_nice)
3001 - retval = cputime64_add(retval, kstat_cpu(cpu).cpustat.nice);
3002 + busy_time = cputime64_add(busy_time, kstat_cpu(cpu).cpustat.irq);
3003 + busy_time = cputime64_add(busy_time, kstat_cpu(cpu).cpustat.softirq);
3004 + busy_time = cputime64_add(busy_time, kstat_cpu(cpu).cpustat.steal);
3006 - return retval;
3007 + if (!dbs_tuners_ins.ignore_nice) {
3008 + busy_time = cputime64_add(busy_time,
3009 + kstat_cpu(cpu).cpustat.nice);
3010 + }
3011 +
3012 + idle_time = cputime64_sub(cur_jiffies, busy_time);
3013 + return idle_time;
3014 }
3016 /*
3017 @@ -325,7 +335,7 @@ static struct attribute_group dbs_attr_group = {
3018 static void dbs_check_cpu(struct cpu_dbs_info_s *this_dbs_info)
3019 {
3020 unsigned int idle_ticks, total_ticks;
3021 - unsigned int load;
3022 + unsigned int load = 0;
3023 cputime64_t cur_jiffies;
3025 struct cpufreq_policy *policy;
3026 @@ -339,7 +349,8 @@ static void dbs_check_cpu(struct cpu_dbs_info_s *this_dbs_info)
3027 cur_jiffies = jiffies64_to_cputime64(get_jiffies_64());
3028 total_ticks = (unsigned int) cputime64_sub(cur_jiffies,
3029 this_dbs_info->prev_cpu_wall);
3030 - this_dbs_info->prev_cpu_wall = cur_jiffies;
3031 + this_dbs_info->prev_cpu_wall = get_jiffies_64();
3032 +
3033 if (!total_ticks)
3034 return;
3035 /*
3036 @@ -370,7 +381,8 @@ static void dbs_check_cpu(struct cpu_dbs_info_s *this_dbs_info)
3037 if (tmp_idle_ticks < idle_ticks)
3038 idle_ticks = tmp_idle_ticks;
3039 }
3040 - load = (100 * (total_ticks - idle_ticks)) / total_ticks;
3041 + if (likely(total_ticks > idle_ticks))
3042 + load = (100 * (total_ticks - idle_ticks)) / total_ticks;
3044 /* Check for frequency increase */
3045 if (load > dbs_tuners_ins.up_threshold) {
3046 diff --git a/drivers/firewire/fw-card.c b/drivers/firewire/fw-card.c
3047 index 9eb1eda..46d3cf2 100644
3048 --- a/drivers/firewire/fw-card.c
3049 +++ b/drivers/firewire/fw-card.c
3050 @@ -507,9 +507,11 @@ fw_core_remove_card(struct fw_card *card)
3051 /* Set up the dummy driver. */
3052 card->driver = &dummy_driver;
3054 - fw_flush_transactions(card);
3055 -
3056 fw_destroy_nodes(card);
3057 + flush_scheduled_work();
3058 +
3059 + fw_flush_transactions(card);
3060 + del_timer_sync(&card->flush_timer);
3062 fw_card_put(card);
3063 }
3064 diff --git a/drivers/firewire/fw-ohci.c b/drivers/firewire/fw-ohci.c
3065 index 96c8ac5..f1cd9d3 100644
3066 --- a/drivers/firewire/fw-ohci.c
3067 +++ b/drivers/firewire/fw-ohci.c
3068 @@ -586,7 +586,7 @@ static void context_stop(struct context *ctx)
3069 break;
3071 fw_notify("context_stop: still active (0x%08x)\n", reg);
3072 - msleep(1);
3073 + mdelay(1);
3074 }
3075 }
3077 @@ -1934,14 +1934,12 @@ static int pci_suspend(struct pci_dev *pdev, pm_message_t state)
3078 free_irq(pdev->irq, ohci);
3079 err = pci_save_state(pdev);
3080 if (err) {
3081 - fw_error("pci_save_state failed with %d", err);
3082 + fw_error("pci_save_state failed with %d\n", err);
3083 return err;
3084 }
3085 err = pci_set_power_state(pdev, pci_choose_state(pdev, state));
3086 - if (err) {
3087 - fw_error("pci_set_power_state failed with %d", err);
3088 - return err;
3089 - }
3090 + if (err)
3091 + fw_error("pci_set_power_state failed with %d\n", err);
3093 return 0;
3094 }
3095 @@ -1955,7 +1953,7 @@ static int pci_resume(struct pci_dev *pdev)
3096 pci_restore_state(pdev);
3097 err = pci_enable_device(pdev);
3098 if (err) {
3099 - fw_error("pci_enable_device failed with %d", err);
3100 + fw_error("pci_enable_device failed with %d\n", err);
3101 return err;
3102 }
3104 diff --git a/drivers/firewire/fw-sbp2.c b/drivers/firewire/fw-sbp2.c
3105 index a98d391..a68f7de 100644
3106 --- a/drivers/firewire/fw-sbp2.c
3107 +++ b/drivers/firewire/fw-sbp2.c
3108 @@ -985,6 +985,7 @@ static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done)
3109 struct fw_unit *unit = sd->unit;
3110 struct fw_device *device = fw_device(unit->device.parent);
3111 struct sbp2_command_orb *orb;
3112 + unsigned max_payload;
3114 /*
3115 * Bidirectional commands are not yet implemented, and unknown
3116 @@ -1023,8 +1024,10 @@ static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done)
3117 * specifies the max payload size as 2 ^ (max_payload + 2), so
3118 * if we set this to max_speed + 7, we get the right value.
3119 */
3120 + max_payload = device->node->max_speed + 7;
3121 + max_payload = min(max_payload, device->card->max_receive - 1);
3122 orb->request.misc =
3123 - COMMAND_ORB_MAX_PAYLOAD(device->node->max_speed + 7) |
3124 + COMMAND_ORB_MAX_PAYLOAD(max_payload) |
3125 COMMAND_ORB_SPEED(device->node->max_speed) |
3126 COMMAND_ORB_NOTIFY;
3128 diff --git a/drivers/firewire/fw-transaction.c b/drivers/firewire/fw-transaction.c
3129 index 80d0121..a506a1f 100644
3130 --- a/drivers/firewire/fw-transaction.c
3131 +++ b/drivers/firewire/fw-transaction.c
3132 @@ -605,8 +605,10 @@ fw_send_response(struct fw_card *card, struct fw_request *request, int rcode)
3133 * check is sufficient to ensure we don't send response to
3134 * broadcast packets or posted writes.
3135 */
3136 - if (request->ack != ACK_PENDING)
3137 + if (request->ack != ACK_PENDING) {
3138 + kfree(request);
3139 return;
3140 + }
3142 if (rcode == RCODE_COMPLETE)
3143 fw_fill_response(&request->response, request->request_header,
3144 diff --git a/drivers/firewire/fw-transaction.h b/drivers/firewire/fw-transaction.h
3145 index acdc3be..e2b9ca4 100644
3146 --- a/drivers/firewire/fw-transaction.h
3147 +++ b/drivers/firewire/fw-transaction.h
3148 @@ -124,6 +124,10 @@ typedef void (*fw_transaction_callback_t)(struct fw_card *card, int rcode,
3149 size_t length,
3150 void *callback_data);
3152 +/*
3153 + * Important note: The callback must guarantee that either fw_send_response()
3154 + * or kfree() is called on the @request.
3155 + */
3156 typedef void (*fw_address_callback_t)(struct fw_card *card,
3157 struct fw_request *request,
3158 int tcode, int destination, int source,
3159 @@ -228,7 +232,7 @@ struct fw_card {
3160 unsigned long reset_jiffies;
3162 unsigned long long guid;
3163 - int max_receive;
3164 + unsigned max_receive;
3165 int link_speed;
3166 int config_rom_generation;
3168 diff --git a/drivers/hwmon/lm78.c b/drivers/hwmon/lm78.c
3169 index 9fb572f..3507113 100644
3170 --- a/drivers/hwmon/lm78.c
3171 +++ b/drivers/hwmon/lm78.c
3172 @@ -882,7 +882,7 @@ static int __init lm78_isa_device_add(unsigned short address)
3173 {
3174 struct resource res = {
3175 .start = address,
3176 - .end = address + LM78_EXTENT,
3177 + .end = address + LM78_EXTENT - 1,
3178 .name = "lm78",
3179 .flags = IORESOURCE_IO,
3180 };
3181 diff --git a/drivers/hwmon/lm87.c b/drivers/hwmon/lm87.c
3182 index 988ae1c..1128153 100644
3183 --- a/drivers/hwmon/lm87.c
3184 +++ b/drivers/hwmon/lm87.c
3185 @@ -129,7 +129,7 @@ static u8 LM87_REG_TEMP_LOW[3] = { 0x3A, 0x38, 0x2C };
3186 (((val) < 0 ? (val)-500 : (val)+500) / 1000))
3188 #define FAN_FROM_REG(reg,div) ((reg) == 255 || (reg) == 0 ? 0 : \
3189 - 1350000 + (reg)*(div) / 2) / ((reg)*(div))
3190 + (1350000 + (reg)*(div) / 2) / ((reg)*(div)))
3191 #define FAN_TO_REG(val,div) ((val)*(div) * 255 <= 1350000 ? 255 : \
3192 (1350000 + (val)*(div) / 2) / ((val)*(div)))
3194 @@ -145,7 +145,7 @@ static u8 LM87_REG_TEMP_LOW[3] = { 0x3A, 0x38, 0x2C };
3195 #define CHAN_NO_FAN(nr) (1 << (nr))
3196 #define CHAN_TEMP3 (1 << 2)
3197 #define CHAN_VCC_5V (1 << 3)
3198 -#define CHAN_NO_VID (1 << 8)
3199 +#define CHAN_NO_VID (1 << 7)
3201 /*
3202 * Functions declaration
3203 diff --git a/drivers/hwmon/smsc47m1.c b/drivers/hwmon/smsc47m1.c
3204 index 1e21c8c..c3e716e 100644
3205 --- a/drivers/hwmon/smsc47m1.c
3206 +++ b/drivers/hwmon/smsc47m1.c
3207 @@ -585,6 +585,8 @@ static int __devinit smsc47m1_probe(struct platform_device *pdev)
3209 if ((err = device_create_file(dev, &dev_attr_alarms)))
3210 goto error_remove_files;
3211 + if ((err = device_create_file(dev, &dev_attr_name)))
3212 + goto error_remove_files;
3214 data->class_dev = hwmon_device_register(dev);
3215 if (IS_ERR(data->class_dev)) {
3216 diff --git a/drivers/hwmon/w83627hf.c b/drivers/hwmon/w83627hf.c
3217 index 12cb40a..6972fdb 100644
3218 --- a/drivers/hwmon/w83627hf.c
3219 +++ b/drivers/hwmon/w83627hf.c
3220 @@ -335,6 +335,7 @@ static int w83627hf_remove(struct platform_device *pdev);
3222 static int w83627hf_read_value(struct w83627hf_data *data, u16 reg);
3223 static int w83627hf_write_value(struct w83627hf_data *data, u16 reg, u16 value);
3224 +static void w83627hf_update_fan_div(struct w83627hf_data *data);
3225 static struct w83627hf_data *w83627hf_update_device(struct device *dev);
3226 static void w83627hf_init_device(struct platform_device *pdev);
3228 @@ -1127,6 +1128,7 @@ static int __devinit w83627hf_probe(struct platform_device *pdev)
3229 data->fan_min[0] = w83627hf_read_value(data, W83781D_REG_FAN_MIN(1));
3230 data->fan_min[1] = w83627hf_read_value(data, W83781D_REG_FAN_MIN(2));
3231 data->fan_min[2] = w83627hf_read_value(data, W83781D_REG_FAN_MIN(3));
3232 + w83627hf_update_fan_div(data);
3234 /* Register common device attributes */
3235 if ((err = sysfs_create_group(&dev->kobj, &w83627hf_group)))
3236 @@ -1207,6 +1209,24 @@ static int __devexit w83627hf_remove(struct platform_device *pdev)
3237 }
3240 +/* Registers 0x50-0x5f are banked */
3241 +static inline void w83627hf_set_bank(struct w83627hf_data *data, u16 reg)
3242 +{
3243 + if ((reg & 0x00f0) == 0x50) {
3244 + outb_p(W83781D_REG_BANK, data->addr + W83781D_ADDR_REG_OFFSET);
3245 + outb_p(reg >> 8, data->addr + W83781D_DATA_REG_OFFSET);
3246 + }
3247 +}
3248 +
3249 +/* Not strictly necessary, but play it safe for now */
3250 +static inline void w83627hf_reset_bank(struct w83627hf_data *data, u16 reg)
3251 +{
3252 + if (reg & 0xff00) {
3253 + outb_p(W83781D_REG_BANK, data->addr + W83781D_ADDR_REG_OFFSET);
3254 + outb_p(0, data->addr + W83781D_DATA_REG_OFFSET);
3255 + }
3256 +}
3257 +
3258 static int w83627hf_read_value(struct w83627hf_data *data, u16 reg)
3259 {
3260 int res, word_sized;
3261 @@ -1217,12 +1237,7 @@ static int w83627hf_read_value(struct w83627hf_data *data, u16 reg)
3262 && (((reg & 0x00ff) == 0x50)
3263 || ((reg & 0x00ff) == 0x53)
3264 || ((reg & 0x00ff) == 0x55));
3265 - if (reg & 0xff00) {
3266 - outb_p(W83781D_REG_BANK,
3267 - data->addr + W83781D_ADDR_REG_OFFSET);
3268 - outb_p(reg >> 8,
3269 - data->addr + W83781D_DATA_REG_OFFSET);
3270 - }
3271 + w83627hf_set_bank(data, reg);
3272 outb_p(reg & 0xff, data->addr + W83781D_ADDR_REG_OFFSET);
3273 res = inb_p(data->addr + W83781D_DATA_REG_OFFSET);
3274 if (word_sized) {
3275 @@ -1232,11 +1247,7 @@ static int w83627hf_read_value(struct w83627hf_data *data, u16 reg)
3276 (res << 8) + inb_p(data->addr +
3277 W83781D_DATA_REG_OFFSET);
3278 }
3279 - if (reg & 0xff00) {
3280 - outb_p(W83781D_REG_BANK,
3281 - data->addr + W83781D_ADDR_REG_OFFSET);
3282 - outb_p(0, data->addr + W83781D_DATA_REG_OFFSET);
3283 - }
3284 + w83627hf_reset_bank(data, reg);
3285 mutex_unlock(&data->lock);
3286 return res;
3287 }
3288 @@ -1307,12 +1318,7 @@ static int w83627hf_write_value(struct w83627hf_data *data, u16 reg, u16 value)
3289 || ((reg & 0xff00) == 0x200))
3290 && (((reg & 0x00ff) == 0x53)
3291 || ((reg & 0x00ff) == 0x55));
3292 - if (reg & 0xff00) {
3293 - outb_p(W83781D_REG_BANK,
3294 - data->addr + W83781D_ADDR_REG_OFFSET);
3295 - outb_p(reg >> 8,
3296 - data->addr + W83781D_DATA_REG_OFFSET);
3297 - }
3298 + w83627hf_set_bank(data, reg);
3299 outb_p(reg & 0xff, data->addr + W83781D_ADDR_REG_OFFSET);
3300 if (word_sized) {
3301 outb_p(value >> 8,
3302 @@ -1322,11 +1328,7 @@ static int w83627hf_write_value(struct w83627hf_data *data, u16 reg, u16 value)
3303 }
3304 outb_p(value & 0xff,
3305 data->addr + W83781D_DATA_REG_OFFSET);
3306 - if (reg & 0xff00) {
3307 - outb_p(W83781D_REG_BANK,
3308 - data->addr + W83781D_ADDR_REG_OFFSET);
3309 - outb_p(0, data->addr + W83781D_DATA_REG_OFFSET);
3310 - }
3311 + w83627hf_reset_bank(data, reg);
3312 mutex_unlock(&data->lock);
3313 return 0;
3314 }
3315 @@ -1430,6 +1432,24 @@ static void __devinit w83627hf_init_device(struct platform_device *pdev)
3316 | 0x01);
3317 }
3319 +static void w83627hf_update_fan_div(struct w83627hf_data *data)
3320 +{
3321 + int reg;
3322 +
3323 + reg = w83627hf_read_value(data, W83781D_REG_VID_FANDIV);
3324 + data->fan_div[0] = (reg >> 4) & 0x03;
3325 + data->fan_div[1] = (reg >> 6) & 0x03;
3326 + if (data->type != w83697hf) {
3327 + data->fan_div[2] = (w83627hf_read_value(data,
3328 + W83781D_REG_PIN) >> 6) & 0x03;
3329 + }
3330 + reg = w83627hf_read_value(data, W83781D_REG_VBAT);
3331 + data->fan_div[0] |= (reg >> 3) & 0x04;
3332 + data->fan_div[1] |= (reg >> 4) & 0x04;
3333 + if (data->type != w83697hf)
3334 + data->fan_div[2] |= (reg >> 5) & 0x04;
3335 +}
3336 +
3337 static struct w83627hf_data *w83627hf_update_device(struct device *dev)
3338 {
3339 struct w83627hf_data *data = dev_get_drvdata(dev);
3340 @@ -1493,18 +1513,8 @@ static struct w83627hf_data *w83627hf_update_device(struct device *dev)
3341 w83627hf_read_value(data, W83781D_REG_TEMP_HYST(3));
3342 }
3344 - i = w83627hf_read_value(data, W83781D_REG_VID_FANDIV);
3345 - data->fan_div[0] = (i >> 4) & 0x03;
3346 - data->fan_div[1] = (i >> 6) & 0x03;
3347 - if (data->type != w83697hf) {
3348 - data->fan_div[2] = (w83627hf_read_value(data,
3349 - W83781D_REG_PIN) >> 6) & 0x03;
3350 - }
3351 - i = w83627hf_read_value(data, W83781D_REG_VBAT);
3352 - data->fan_div[0] |= (i >> 3) & 0x04;
3353 - data->fan_div[1] |= (i >> 4) & 0x04;
3354 - if (data->type != w83697hf)
3355 - data->fan_div[2] |= (i >> 5) & 0x04;
3356 + w83627hf_update_fan_div(data);
3357 +
3358 data->alarms =
3359 w83627hf_read_value(data, W83781D_REG_ALARM1) |
3360 (w83627hf_read_value(data, W83781D_REG_ALARM2) << 8) |
3361 diff --git a/drivers/hwmon/w83781d.c b/drivers/hwmon/w83781d.c
3362 index f85b48f..dcc941a 100644
3363 --- a/drivers/hwmon/w83781d.c
3364 +++ b/drivers/hwmon/w83781d.c
3365 @@ -740,9 +740,9 @@ store_sensor(struct device *dev, struct device_attribute *da,
3366 static SENSOR_DEVICE_ATTR(temp1_type, S_IRUGO | S_IWUSR,
3367 show_sensor, store_sensor, 0);
3368 static SENSOR_DEVICE_ATTR(temp2_type, S_IRUGO | S_IWUSR,
3369 - show_sensor, store_sensor, 0);
3370 + show_sensor, store_sensor, 1);
3371 static SENSOR_DEVICE_ATTR(temp3_type, S_IRUGO | S_IWUSR,
3372 - show_sensor, store_sensor, 0);
3373 + show_sensor, store_sensor, 2);
3375 /* I2C devices get this name attribute automatically, but for ISA devices
3376 we must create it by ourselves. */
3377 @@ -1746,7 +1746,7 @@ w83781d_isa_device_add(unsigned short address)
3378 {
3379 struct resource res = {
3380 .start = address,
3381 - .end = address + W83781D_EXTENT,
3382 + .end = address + W83781D_EXTENT - 1,
3383 .name = "w83781d",
3384 .flags = IORESOURCE_IO,
3385 };
3386 diff --git a/drivers/i2c/algos/i2c-algo-bit.c b/drivers/i2c/algos/i2c-algo-bit.c
3387 index 8a5f582..7f0a0a6 100644
3388 --- a/drivers/i2c/algos/i2c-algo-bit.c
3389 +++ b/drivers/i2c/algos/i2c-algo-bit.c
3390 @@ -357,13 +357,29 @@ static int sendbytes(struct i2c_adapter *i2c_adap, struct i2c_msg *msg)
3391 return wrcount;
3392 }
3394 +static int acknak(struct i2c_adapter *i2c_adap, int is_ack)
3395 +{
3396 + struct i2c_algo_bit_data *adap = i2c_adap->algo_data;
3397 +
3398 + /* assert: sda is high */
3399 + if (is_ack) /* send ack */
3400 + setsda(adap, 0);
3401 + udelay((adap->udelay + 1) / 2);
3402 + if (sclhi(adap) < 0) { /* timeout */
3403 + dev_err(&i2c_adap->dev, "readbytes: ack/nak timeout\n");
3404 + return -ETIMEDOUT;
3405 + }
3406 + scllo(adap);
3407 + return 0;
3408 +}
3409 +
3410 static int readbytes(struct i2c_adapter *i2c_adap, struct i2c_msg *msg)
3411 {
3412 int inval;
3413 int rdcount=0; /* counts bytes read */
3414 - struct i2c_algo_bit_data *adap = i2c_adap->algo_data;
3415 unsigned char *temp = msg->buf;
3416 int count = msg->len;
3417 + const unsigned flags = msg->flags;
3419 while (count > 0) {
3420 inval = i2c_inb(i2c_adap);
3421 @@ -377,28 +393,12 @@ static int readbytes(struct i2c_adapter *i2c_adap, struct i2c_msg *msg)
3422 temp++;
3423 count--;
3425 - if (msg->flags & I2C_M_NO_RD_ACK) {
3426 - bit_dbg(2, &i2c_adap->dev, "i2c_inb: 0x%02x\n",
3427 - inval);
3428 - continue;
3429 - }
3430 -
3431 - /* assert: sda is high */
3432 - if (count) /* send ack */
3433 - setsda(adap, 0);
3434 - udelay((adap->udelay + 1) / 2);
3435 - bit_dbg(2, &i2c_adap->dev, "i2c_inb: 0x%02x %s\n", inval,
3436 - count ? "A" : "NA");
3437 - if (sclhi(adap)<0) { /* timeout */
3438 - dev_err(&i2c_adap->dev, "readbytes: timeout at ack\n");
3439 - return -ETIMEDOUT;
3440 - };
3441 - scllo(adap);
3442 -
3443 /* Some SMBus transactions require that we receive the
3444 transaction length as the first read byte. */
3445 - if (rdcount == 1 && (msg->flags & I2C_M_RECV_LEN)) {
3446 + if (rdcount == 1 && (flags & I2C_M_RECV_LEN)) {
3447 if (inval <= 0 || inval > I2C_SMBUS_BLOCK_MAX) {
3448 + if (!(flags & I2C_M_NO_RD_ACK))
3449 + acknak(i2c_adap, 0);
3450 dev_err(&i2c_adap->dev, "readbytes: invalid "
3451 "block length (%d)\n", inval);
3452 return -EREMOTEIO;
3453 @@ -409,6 +409,18 @@ static int readbytes(struct i2c_adapter *i2c_adap, struct i2c_msg *msg)
3454 count += inval;
3455 msg->len += inval;
3456 }
3457 +
3458 + bit_dbg(2, &i2c_adap->dev, "readbytes: 0x%02x %s\n",
3459 + inval,
3460 + (flags & I2C_M_NO_RD_ACK)
3461 + ? "(no ack/nak)"
3462 + : (count ? "A" : "NA"));
3463 +
3464 + if (!(flags & I2C_M_NO_RD_ACK)) {
3465 + inval = acknak(i2c_adap, count);
3466 + if (inval < 0)
3467 + return inval;
3468 + }
3469 }
3470 return rdcount;
3471 }
3472 diff --git a/drivers/i2c/busses/i2c-pasemi.c b/drivers/i2c/busses/i2c-pasemi.c
3473 index 58e3271..dcf5dec 100644
3474 --- a/drivers/i2c/busses/i2c-pasemi.c
3475 +++ b/drivers/i2c/busses/i2c-pasemi.c
3476 @@ -51,6 +51,7 @@ struct pasemi_smbus {
3477 #define MRXFIFO_DATA_M 0x000000ff
3479 #define SMSTA_XEN 0x08000000
3480 +#define SMSTA_MTN 0x00200000
3482 #define CTL_MRR 0x00000400
3483 #define CTL_MTR 0x00000200
3484 @@ -98,6 +99,10 @@ static unsigned int pasemi_smb_waitready(struct pasemi_smbus *smbus)
3485 status = reg_read(smbus, REG_SMSTA);
3486 }
3488 + /* Got NACK? */
3489 + if (status & SMSTA_MTN)
3490 + return -ENXIO;
3491 +
3492 if (timeout < 0) {
3493 dev_warn(&smbus->dev->dev, "Timeout, status 0x%08x\n", status);
3494 reg_write(smbus, REG_SMSTA, status);
3495 diff --git a/drivers/i2c/chips/eeprom.c b/drivers/i2c/chips/eeprom.c
3496 index bfce13c..5ad36ab 100644
3497 --- a/drivers/i2c/chips/eeprom.c
3498 +++ b/drivers/i2c/chips/eeprom.c
3499 @@ -125,13 +125,20 @@ static ssize_t eeprom_read(struct kobject *kobj, char *buf, loff_t off, size_t c
3500 for (slice = off >> 5; slice <= (off + count - 1) >> 5; slice++)
3501 eeprom_update_client(client, slice);
3503 - /* Hide Vaio security settings to regular users (16 first bytes) */
3504 - if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) {
3505 - size_t in_row1 = 16 - off;
3506 - in_row1 = min(in_row1, count);
3507 - memset(buf, 0, in_row1);
3508 - if (count - in_row1 > 0)
3509 - memcpy(buf + in_row1, &data->data[16], count - in_row1);
3510 + /* Hide Vaio private settings to regular users:
3511 + - BIOS passwords: bytes 0x00 to 0x0f
3512 + - UUID: bytes 0x10 to 0x1f
3513 + - Serial number: 0xc0 to 0xdf */
3514 + if (data->nature == VAIO && !capable(CAP_SYS_ADMIN)) {
3515 + int i;
3516 +
3517 + for (i = 0; i < count; i++) {
3518 + if ((off + i <= 0x1f) ||
3519 + (off + i >= 0xc0 && off + i <= 0xdf))
3520 + buf[i] = 0;
3521 + else
3522 + buf[i] = data->data[off + i];
3523 + }
3524 } else {
3525 memcpy(buf, &data->data[off], count);
3526 }
3527 @@ -195,14 +202,18 @@ static int eeprom_detect(struct i2c_adapter *adapter, int address, int kind)
3528 goto exit_kfree;
3530 /* Detect the Vaio nature of EEPROMs.
3531 - We use the "PCG-" prefix as the signature. */
3532 + We use the "PCG-" or "VGN-" prefix as the signature. */
3533 if (address == 0x57) {
3534 - if (i2c_smbus_read_byte_data(new_client, 0x80) == 'P'
3535 - && i2c_smbus_read_byte(new_client) == 'C'
3536 - && i2c_smbus_read_byte(new_client) == 'G'
3537 - && i2c_smbus_read_byte(new_client) == '-') {
3538 + char name[4];
3539 +
3540 + name[0] = i2c_smbus_read_byte_data(new_client, 0x80);
3541 + name[1] = i2c_smbus_read_byte(new_client);
3542 + name[2] = i2c_smbus_read_byte(new_client);
3543 + name[3] = i2c_smbus_read_byte(new_client);
3544 +
3545 + if (!memcmp(name, "PCG-", 4) || !memcmp(name, "VGN-", 4)) {
3546 dev_info(&new_client->dev, "Vaio EEPROM detected, "
3547 - "enabling password protection\n");
3548 + "enabling privacy protection\n");
3549 data->nature = VAIO;
3550 }
3551 }
3552 diff --git a/drivers/ide/pci/serverworks.c b/drivers/ide/pci/serverworks.c
3553 index d9c4fd1..096a081 100644
3554 --- a/drivers/ide/pci/serverworks.c
3555 +++ b/drivers/ide/pci/serverworks.c
3556 @@ -101,6 +101,7 @@ static u8 svwks_udma_filter(ide_drive_t *drive)
3557 mode = 2;
3559 switch(mode) {
3560 + case 3: mask = 0x3f; break;
3561 case 2: mask = 0x1f; break;
3562 case 1: mask = 0x07; break;
3563 default: mask = 0x00; break;
3564 diff --git a/drivers/ieee1394/ieee1394_core.c b/drivers/ieee1394/ieee1394_core.c
3565 index 8f71b6a..ac07a05 100644
3566 --- a/drivers/ieee1394/ieee1394_core.c
3567 +++ b/drivers/ieee1394/ieee1394_core.c
3568 @@ -1279,7 +1279,7 @@ static void __exit ieee1394_cleanup(void)
3569 unregister_chrdev_region(IEEE1394_CORE_DEV, 256);
3570 }
3572 -fs_initcall(ieee1394_init); /* same as ohci1394 */
3573 +module_init(ieee1394_init);
3574 module_exit(ieee1394_cleanup);
3576 /* Exported symbols */
3577 diff --git a/drivers/ieee1394/ohci1394.c b/drivers/ieee1394/ohci1394.c
3578 index 5dadfd2..e65760f 100644
3579 --- a/drivers/ieee1394/ohci1394.c
3580 +++ b/drivers/ieee1394/ohci1394.c
3581 @@ -3773,7 +3773,5 @@ static int __init ohci1394_init(void)
3582 return pci_register_driver(&ohci1394_pci_driver);
3583 }
3585 -/* Register before most other device drivers.
3586 - * Useful for remote debugging via physical DMA, e.g. using firescope. */
3587 -fs_initcall(ohci1394_init);
3588 +module_init(ohci1394_init);
3589 module_exit(ohci1394_cleanup);
3590 diff --git a/drivers/ieee1394/sbp2.c b/drivers/ieee1394/sbp2.c
3591 index 3f873cc..c7ff28a 100644
3592 --- a/drivers/ieee1394/sbp2.c
3593 +++ b/drivers/ieee1394/sbp2.c
3594 @@ -774,11 +774,6 @@ static struct sbp2_lu *sbp2_alloc_device(struct unit_directory *ud)
3595 SBP2_ERR("failed to register lower 4GB address range");
3596 goto failed_alloc;
3597 }
3598 -#else
3599 - if (dma_set_mask(hi->host->device.parent, DMA_32BIT_MASK)) {
3600 - SBP2_ERR("failed to set 4GB DMA mask");
3601 - goto failed_alloc;
3602 - }
3603 #endif
3604 }
3606 diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c
3607 index 01d7008..495c803 100644
3608 --- a/drivers/infiniband/core/uverbs_cmd.c
3609 +++ b/drivers/infiniband/core/uverbs_cmd.c
3610 @@ -147,8 +147,12 @@ static struct ib_uobject *__idr_get_uobj(struct idr *idr, int id,
3612 spin_lock(&ib_uverbs_idr_lock);
3613 uobj = idr_find(idr, id);
3614 - if (uobj)
3615 - kref_get(&uobj->ref);
3616 + if (uobj) {
3617 + if (uobj->context == context)
3618 + kref_get(&uobj->ref);
3619 + else
3620 + uobj = NULL;
3621 + }
3622 spin_unlock(&ib_uverbs_idr_lock);
3624 return uobj;
3625 diff --git a/drivers/input/mouse/lifebook.c b/drivers/input/mouse/lifebook.c
3626 index 1740cad..91109b4 100644
3627 --- a/drivers/input/mouse/lifebook.c
3628 +++ b/drivers/input/mouse/lifebook.c
3629 @@ -109,7 +109,7 @@ static psmouse_ret_t lifebook_process_byte(struct psmouse *psmouse)
3630 {
3631 struct lifebook_data *priv = psmouse->private;
3632 struct input_dev *dev1 = psmouse->dev;
3633 - struct input_dev *dev2 = priv->dev2;
3634 + struct input_dev *dev2 = priv ? priv->dev2 : NULL;
3635 unsigned char *packet = psmouse->packet;
3636 int relative_packet = packet[0] & 0x08;
3638 diff --git a/drivers/isdn/hardware/avm/b1.c b/drivers/isdn/hardware/avm/b1.c
3639 index 7a69a18..4484a64 100644
3640 --- a/drivers/isdn/hardware/avm/b1.c
3641 +++ b/drivers/isdn/hardware/avm/b1.c
3642 @@ -321,12 +321,15 @@ void b1_reset_ctr(struct capi_ctr *ctrl)
3643 avmctrl_info *cinfo = (avmctrl_info *)(ctrl->driverdata);
3644 avmcard *card = cinfo->card;
3645 unsigned int port = card->port;
3646 + unsigned long flags;
3648 b1_reset(port);
3649 b1_reset(port);
3651 memset(cinfo->version, 0, sizeof(cinfo->version));
3652 + spin_lock_irqsave(&card->lock, flags);
3653 capilib_release(&cinfo->ncci_head);
3654 + spin_unlock_irqrestore(&card->lock, flags);
3655 capi_ctr_reseted(ctrl);
3656 }
3658 @@ -361,9 +364,8 @@ void b1_release_appl(struct capi_ctr *ctrl, u16 appl)
3659 unsigned int port = card->port;
3660 unsigned long flags;
3662 - capilib_release_appl(&cinfo->ncci_head, appl);
3663 -
3664 spin_lock_irqsave(&card->lock, flags);
3665 + capilib_release_appl(&cinfo->ncci_head, appl);
3666 b1_put_byte(port, SEND_RELEASE);
3667 b1_put_word(port, appl);
3668 spin_unlock_irqrestore(&card->lock, flags);
3669 @@ -380,27 +382,27 @@ u16 b1_send_message(struct capi_ctr *ctrl, struct sk_buff *skb)
3670 u8 subcmd = CAPIMSG_SUBCOMMAND(skb->data);
3671 u16 dlen, retval;
3673 + spin_lock_irqsave(&card->lock, flags);
3674 if (CAPICMD(cmd, subcmd) == CAPI_DATA_B3_REQ) {
3675 retval = capilib_data_b3_req(&cinfo->ncci_head,
3676 CAPIMSG_APPID(skb->data),
3677 CAPIMSG_NCCI(skb->data),
3678 CAPIMSG_MSGID(skb->data));
3679 - if (retval != CAPI_NOERROR)
3680 + if (retval != CAPI_NOERROR) {
3681 + spin_unlock_irqrestore(&card->lock, flags);
3682 return retval;
3683 + }
3685 dlen = CAPIMSG_DATALEN(skb->data);
3687 - spin_lock_irqsave(&card->lock, flags);
3688 b1_put_byte(port, SEND_DATA_B3_REQ);
3689 b1_put_slice(port, skb->data, len);
3690 b1_put_slice(port, skb->data + len, dlen);
3691 - spin_unlock_irqrestore(&card->lock, flags);
3692 } else {
3693 - spin_lock_irqsave(&card->lock, flags);
3694 b1_put_byte(port, SEND_MESSAGE);
3695 b1_put_slice(port, skb->data, len);
3696 - spin_unlock_irqrestore(&card->lock, flags);
3697 }
3698 + spin_unlock_irqrestore(&card->lock, flags);
3700 dev_kfree_skb_any(skb);
3701 return CAPI_NOERROR;
3702 @@ -534,17 +536,17 @@ irqreturn_t b1_interrupt(int interrupt, void *devptr)
3704 ApplId = (unsigned) b1_get_word(card->port);
3705 MsgLen = b1_get_slice(card->port, card->msgbuf);
3706 - spin_unlock_irqrestore(&card->lock, flags);
3707 if (!(skb = alloc_skb(MsgLen, GFP_ATOMIC))) {
3708 printk(KERN_ERR "%s: incoming packet dropped\n",
3709 card->name);
3710 + spin_unlock_irqrestore(&card->lock, flags);
3711 } else {
3712 memcpy(skb_put(skb, MsgLen), card->msgbuf, MsgLen);
3713 if (CAPIMSG_CMD(skb->data) == CAPI_DATA_B3_CONF)
3714 capilib_data_b3_conf(&cinfo->ncci_head, ApplId,
3715 CAPIMSG_NCCI(skb->data),
3716 CAPIMSG_MSGID(skb->data));
3717 -
3718 + spin_unlock_irqrestore(&card->lock, flags);
3719 capi_ctr_handle_message(ctrl, ApplId, skb);
3720 }
3721 break;
3722 @@ -554,21 +556,17 @@ irqreturn_t b1_interrupt(int interrupt, void *devptr)
3723 ApplId = b1_get_word(card->port);
3724 NCCI = b1_get_word(card->port);
3725 WindowSize = b1_get_word(card->port);
3726 - spin_unlock_irqrestore(&card->lock, flags);
3727 -
3728 capilib_new_ncci(&cinfo->ncci_head, ApplId, NCCI, WindowSize);
3729 -
3730 + spin_unlock_irqrestore(&card->lock, flags);
3731 break;
3733 case RECEIVE_FREE_NCCI:
3735 ApplId = b1_get_word(card->port);
3736 NCCI = b1_get_word(card->port);
3737 - spin_unlock_irqrestore(&card->lock, flags);
3738 -
3739 if (NCCI != 0xffffffff)
3740 capilib_free_ncci(&cinfo->ncci_head, ApplId, NCCI);
3741 -
3742 + spin_unlock_irqrestore(&card->lock, flags);
3743 break;
3745 case RECEIVE_START:
3746 diff --git a/drivers/isdn/hardware/avm/c4.c b/drivers/isdn/hardware/avm/c4.c
3747 index d58f927..8710cf6 100644
3748 --- a/drivers/isdn/hardware/avm/c4.c
3749 +++ b/drivers/isdn/hardware/avm/c4.c
3750 @@ -727,6 +727,7 @@ static void c4_send_init(avmcard *card)
3751 {
3752 struct sk_buff *skb;
3753 void *p;
3754 + unsigned long flags;
3756 skb = alloc_skb(15, GFP_ATOMIC);
3757 if (!skb) {
3758 @@ -744,12 +745,15 @@ static void c4_send_init(avmcard *card)
3759 skb_put(skb, (u8 *)p - (u8 *)skb->data);
3761 skb_queue_tail(&card->dma->send_queue, skb);
3762 + spin_lock_irqsave(&card->lock, flags);
3763 c4_dispatch_tx(card);
3764 + spin_unlock_irqrestore(&card->lock, flags);
3765 }
3767 static int queue_sendconfigword(avmcard *card, u32 val)
3768 {
3769 struct sk_buff *skb;
3770 + unsigned long flags;
3771 void *p;
3773 skb = alloc_skb(3+4, GFP_ATOMIC);
3774 @@ -766,7 +770,9 @@ static int queue_sendconfigword(avmcard *card, u32 val)
3775 skb_put(skb, (u8 *)p - (u8 *)skb->data);
3777 skb_queue_tail(&card->dma->send_queue, skb);
3778 + spin_lock_irqsave(&card->lock, flags);
3779 c4_dispatch_tx(card);
3780 + spin_unlock_irqrestore(&card->lock, flags);
3781 return 0;
3782 }
3784 @@ -986,7 +992,9 @@ static void c4_release_appl(struct capi_ctr *ctrl, u16 appl)
3785 struct sk_buff *skb;
3786 void *p;
3788 + spin_lock_irqsave(&card->lock, flags);
3789 capilib_release_appl(&cinfo->ncci_head, appl);
3790 + spin_unlock_irqrestore(&card->lock, flags);
3792 if (ctrl->cnr == card->cardnr) {
3793 skb = alloc_skb(7, GFP_ATOMIC);
3794 @@ -1019,7 +1027,8 @@ static u16 c4_send_message(struct capi_ctr *ctrl, struct sk_buff *skb)
3795 u16 retval = CAPI_NOERROR;
3796 unsigned long flags;
3798 - if (CAPIMSG_CMD(skb->data) == CAPI_DATA_B3_REQ) {
3799 + spin_lock_irqsave(&card->lock, flags);
3800 + if (CAPIMSG_CMD(skb->data) == CAPI_DATA_B3_REQ) {
3801 retval = capilib_data_b3_req(&cinfo->ncci_head,
3802 CAPIMSG_APPID(skb->data),
3803 CAPIMSG_NCCI(skb->data),
3804 @@ -1027,10 +1036,9 @@ static u16 c4_send_message(struct capi_ctr *ctrl, struct sk_buff *skb)
3805 }
3806 if (retval == CAPI_NOERROR) {
3807 skb_queue_tail(&card->dma->send_queue, skb);
3808 - spin_lock_irqsave(&card->lock, flags);
3809 c4_dispatch_tx(card);
3810 - spin_unlock_irqrestore(&card->lock, flags);
3811 }
3812 + spin_unlock_irqrestore(&card->lock, flags);
3813 return retval;
3814 }
3816 diff --git a/drivers/isdn/i4l/isdn_common.c b/drivers/isdn/i4l/isdn_common.c
3817 index c97330b..eb9a247 100644
3818 --- a/drivers/isdn/i4l/isdn_common.c
3819 +++ b/drivers/isdn/i4l/isdn_common.c
3820 @@ -1514,6 +1514,7 @@ isdn_ioctl(struct inode *inode, struct file *file, uint cmd, ulong arg)
3821 if (copy_from_user(&iocts, argp,
3822 sizeof(isdn_ioctl_struct)))
3823 return -EFAULT;
3824 + iocts.drvid[sizeof(iocts.drvid)-1] = 0;
3825 if (strlen(iocts.drvid)) {
3826 if ((p = strchr(iocts.drvid, ',')))
3827 *p = 0;
3828 @@ -1598,6 +1599,7 @@ isdn_ioctl(struct inode *inode, struct file *file, uint cmd, ulong arg)
3829 if (copy_from_user(&iocts, argp,
3830 sizeof(isdn_ioctl_struct)))
3831 return -EFAULT;
3832 + iocts.drvid[sizeof(iocts.drvid)-1] = 0;
3833 if (strlen(iocts.drvid)) {
3834 drvidx = -1;
3835 for (i = 0; i < ISDN_MAX_DRIVERS; i++)
3836 @@ -1642,7 +1644,7 @@ isdn_ioctl(struct inode *inode, struct file *file, uint cmd, ulong arg)
3837 } else {
3838 p = (char __user *) iocts.arg;
3839 for (i = 0; i < 10; i++) {
3840 - sprintf(bname, "%s%s",
3841 + snprintf(bname, sizeof(bname), "%s%s",
3842 strlen(dev->drv[drvidx]->msn2eaz[i]) ?
3843 dev->drv[drvidx]->msn2eaz[i] : "_",
3844 (i < 9) ? "," : "\0");
3845 @@ -1672,6 +1674,7 @@ isdn_ioctl(struct inode *inode, struct file *file, uint cmd, ulong arg)
3846 char *p;
3847 if (copy_from_user(&iocts, argp, sizeof(isdn_ioctl_struct)))
3848 return -EFAULT;
3849 + iocts.drvid[sizeof(iocts.drvid)-1] = 0;
3850 if (strlen(iocts.drvid)) {
3851 if ((p = strchr(iocts.drvid, ',')))
3852 *p = 0;
3853 diff --git a/drivers/isdn/i4l/isdn_net.c b/drivers/isdn/i4l/isdn_net.c
3854 index aa83277..75e1423 100644
3855 --- a/drivers/isdn/i4l/isdn_net.c
3856 +++ b/drivers/isdn/i4l/isdn_net.c
3857 @@ -2126,7 +2126,7 @@ isdn_net_find_icall(int di, int ch, int idx, setup_parm *setup)
3858 u_long flags;
3859 isdn_net_dev *p;
3860 isdn_net_phone *n;
3861 - char nr[32];
3862 + char nr[ISDN_MSNLEN];
3863 char *my_eaz;
3865 /* Search name in netdev-chain */
3866 @@ -2135,7 +2135,7 @@ isdn_net_find_icall(int di, int ch, int idx, setup_parm *setup)
3867 nr[1] = '\0';
3868 printk(KERN_INFO "isdn_net: Incoming call without OAD, assuming '0'\n");
3869 } else
3870 - strcpy(nr, setup->phone);
3871 + strlcpy(nr, setup->phone, ISDN_MSNLEN);
3872 si1 = (int) setup->si1;
3873 si2 = (int) setup->si2;
3874 if (!setup->eazmsn[0]) {
3875 @@ -2802,7 +2802,7 @@ isdn_net_setcfg(isdn_net_ioctl_cfg * cfg)
3876 chidx = -1;
3877 }
3878 }
3879 - strcpy(lp->msn, cfg->eaz);
3880 + strlcpy(lp->msn, cfg->eaz, sizeof(lp->msn));
3881 lp->pre_device = drvidx;
3882 lp->pre_channel = chidx;
3883 lp->onhtime = cfg->onhtime;
3884 @@ -2951,7 +2951,7 @@ isdn_net_addphone(isdn_net_ioctl_phone * phone)
3885 if (p) {
3886 if (!(n = kmalloc(sizeof(isdn_net_phone), GFP_KERNEL)))
3887 return -ENOMEM;
3888 - strcpy(n->num, phone->phone);
3889 + strlcpy(n->num, phone->phone, sizeof(n->num));
3890 n->next = p->local->phone[phone->outgoing & 1];
3891 p->local->phone[phone->outgoing & 1] = n;
3892 return 0;
3893 diff --git a/drivers/kvm/svm.c b/drivers/kvm/svm.c
3894 index fa17d6d..aee952f 100644
3895 --- a/drivers/kvm/svm.c
3896 +++ b/drivers/kvm/svm.c
3897 @@ -1727,6 +1727,12 @@ static void svm_inject_page_fault(struct kvm_vcpu *vcpu,
3899 static int is_disabled(void)
3900 {
3901 + u64 vm_cr;
3902 +
3903 + rdmsrl(MSR_VM_CR, vm_cr);
3904 + if (vm_cr & (1 << SVM_VM_CR_SVM_DISABLE))
3905 + return 1;
3906 +
3907 return 0;
3908 }
3910 diff --git a/drivers/kvm/svm.h b/drivers/kvm/svm.h
3911 index 5e93814..3b1b0f3 100644
3912 --- a/drivers/kvm/svm.h
3913 +++ b/drivers/kvm/svm.h
3914 @@ -175,8 +175,11 @@ struct __attribute__ ((__packed__)) vmcb {
3915 #define SVM_CPUID_FUNC 0x8000000a
3917 #define MSR_EFER_SVME_MASK (1ULL << 12)
3918 +#define MSR_VM_CR 0xc0010114
3919 #define MSR_VM_HSAVE_PA 0xc0010117ULL
3921 +#define SVM_VM_CR_SVM_DISABLE 4
3922 +
3923 #define SVM_SELECTOR_S_SHIFT 4
3924 #define SVM_SELECTOR_DPL_SHIFT 5
3925 #define SVM_SELECTOR_P_SHIFT 7
3926 diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
3927 index 7b0fcfc..45e1c31 100644
3928 --- a/drivers/md/dm-crypt.c
3929 +++ b/drivers/md/dm-crypt.c
3930 @@ -920,6 +920,8 @@ static void crypt_dtr(struct dm_target *ti)
3931 {
3932 struct crypt_config *cc = (struct crypt_config *) ti->private;
3934 + flush_workqueue(_kcryptd_workqueue);
3935 +
3936 bioset_free(cc->bs);
3937 mempool_destroy(cc->page_pool);
3938 mempool_destroy(cc->io_pool);
3939 @@ -941,9 +943,6 @@ static int crypt_map(struct dm_target *ti, struct bio *bio,
3940 struct crypt_config *cc = ti->private;
3941 struct crypt_io *io;
3943 - if (bio_barrier(bio))
3944 - return -EOPNOTSUPP;
3945 -
3946 io = mempool_alloc(cc->io_pool, GFP_NOIO);
3947 io->target = ti;
3948 io->base_bio = bio;
3949 diff --git a/drivers/md/dm-exception-store.c b/drivers/md/dm-exception-store.c
3950 index 07e0a0c..5c7569c 100644
3951 --- a/drivers/md/dm-exception-store.c
3952 +++ b/drivers/md/dm-exception-store.c
3953 @@ -125,6 +125,8 @@ struct pstore {
3954 uint32_t callback_count;
3955 struct commit_callback *callbacks;
3956 struct dm_io_client *io_client;
3957 +
3958 + struct workqueue_struct *metadata_wq;
3959 };
3961 static inline unsigned int sectors_to_pages(unsigned int sectors)
3962 @@ -156,10 +158,24 @@ static void free_area(struct pstore *ps)
3963 ps->area = NULL;
3964 }
3966 +struct mdata_req {
3967 + struct io_region *where;
3968 + struct dm_io_request *io_req;
3969 + struct work_struct work;
3970 + int result;
3971 +};
3972 +
3973 +static void do_metadata(struct work_struct *work)
3974 +{
3975 + struct mdata_req *req = container_of(work, struct mdata_req, work);
3976 +
3977 + req->result = dm_io(req->io_req, 1, req->where, NULL);
3978 +}
3979 +
3980 /*
3981 * Read or write a chunk aligned and sized block of data from a device.
3982 */
3983 -static int chunk_io(struct pstore *ps, uint32_t chunk, int rw)
3984 +static int chunk_io(struct pstore *ps, uint32_t chunk, int rw, int metadata)
3985 {
3986 struct io_region where = {
3987 .bdev = ps->snap->cow->bdev,
3988 @@ -173,8 +189,23 @@ static int chunk_io(struct pstore *ps, uint32_t chunk, int rw)
3989 .client = ps->io_client,
3990 .notify.fn = NULL,
3991 };
3992 + struct mdata_req req;
3993 +
3994 + if (!metadata)
3995 + return dm_io(&io_req, 1, &where, NULL);
3996 +
3997 + req.where = &where;
3998 + req.io_req = &io_req;
4000 - return dm_io(&io_req, 1, &where, NULL);
4001 + /*
4002 + * Issue the synchronous I/O from a different thread
4003 + * to avoid generic_make_request recursion.
4004 + */
4005 + INIT_WORK(&req.work, do_metadata);
4006 + queue_work(ps->metadata_wq, &req.work);
4007 + flush_workqueue(ps->metadata_wq);
4008 +
4009 + return req.result;
4010 }
4012 /*
4013 @@ -189,7 +220,7 @@ static int area_io(struct pstore *ps, uint32_t area, int rw)
4014 /* convert a metadata area index to a chunk index */
4015 chunk = 1 + ((ps->exceptions_per_area + 1) * area);
4017 - r = chunk_io(ps, chunk, rw);
4018 + r = chunk_io(ps, chunk, rw, 0);
4019 if (r)
4020 return r;
4022 @@ -230,7 +261,7 @@ static int read_header(struct pstore *ps, int *new_snapshot)
4023 if (r)
4024 return r;
4026 - r = chunk_io(ps, 0, READ);
4027 + r = chunk_io(ps, 0, READ, 1);
4028 if (r)
4029 goto bad;
4031 @@ -292,7 +323,7 @@ static int write_header(struct pstore *ps)
4032 dh->version = cpu_to_le32(ps->version);
4033 dh->chunk_size = cpu_to_le32(ps->snap->chunk_size);
4035 - return chunk_io(ps, 0, WRITE);
4036 + return chunk_io(ps, 0, WRITE, 1);
4037 }
4039 /*
4040 @@ -409,6 +440,7 @@ static void persistent_destroy(struct exception_store *store)
4041 {
4042 struct pstore *ps = get_info(store);
4044 + destroy_workqueue(ps->metadata_wq);
4045 dm_io_client_destroy(ps->io_client);
4046 vfree(ps->callbacks);
4047 free_area(ps);
4048 @@ -457,11 +489,6 @@ static int persistent_read_metadata(struct exception_store *store)
4049 /*
4050 * Sanity checks.
4051 */
4052 - if (!ps->valid) {
4053 - DMWARN("snapshot is marked invalid");
4054 - return -EINVAL;
4055 - }
4056 -
4057 if (ps->version != SNAPSHOT_DISK_VERSION) {
4058 DMWARN("unable to handle snapshot disk version %d",
4059 ps->version);
4060 @@ -469,6 +496,12 @@ static int persistent_read_metadata(struct exception_store *store)
4061 }
4063 /*
4064 + * Metadata are valid, but snapshot is invalidated
4065 + */
4066 + if (!ps->valid)
4067 + return 1;
4068 +
4069 + /*
4070 * Read the metadata.
4071 */
4072 r = read_exceptions(ps);
4073 @@ -588,6 +621,12 @@ int dm_create_persistent(struct exception_store *store)
4074 atomic_set(&ps->pending_count, 0);
4075 ps->callbacks = NULL;
4077 + ps->metadata_wq = create_singlethread_workqueue("ksnaphd");
4078 + if (!ps->metadata_wq) {
4079 + DMERR("couldn't start header metadata update thread");
4080 + return -ENOMEM;
4081 + }
4082 +
4083 store->destroy = persistent_destroy;
4084 store->read_metadata = persistent_read_metadata;
4085 store->prepare_exception = persistent_prepare;
4086 diff --git a/drivers/md/dm-io.c b/drivers/md/dm-io.c
4087 index 352c6fb..f3a7724 100644
4088 --- a/drivers/md/dm-io.c
4089 +++ b/drivers/md/dm-io.c
4090 @@ -293,7 +293,10 @@ static void do_region(int rw, unsigned int region, struct io_region *where,
4091 * bvec for bio_get/set_region() and decrement bi_max_vecs
4092 * to hide it from bio_add_page().
4093 */
4094 - num_bvecs = (remaining / (PAGE_SIZE >> SECTOR_SHIFT)) + 2;
4095 + num_bvecs = dm_sector_div_up(remaining,
4096 + (PAGE_SIZE >> SECTOR_SHIFT));
4097 + num_bvecs = 1 + min_t(int, bio_get_nr_vecs(where->bdev),
4098 + num_bvecs);
4099 bio = bio_alloc_bioset(GFP_NOIO, num_bvecs, io->client->bios);
4100 bio->bi_sector = where->sector + (where->count - remaining);
4101 bio->bi_bdev = where->bdev;
4102 diff --git a/drivers/md/dm-mpath.c b/drivers/md/dm-mpath.c
4103 index de54b39..bfb2ea3 100644
4104 --- a/drivers/md/dm-mpath.c
4105 +++ b/drivers/md/dm-mpath.c
4106 @@ -798,9 +798,6 @@ static int multipath_map(struct dm_target *ti, struct bio *bio,
4107 struct mpath_io *mpio;
4108 struct multipath *m = (struct multipath *) ti->private;
4110 - if (bio_barrier(bio))
4111 - return -EOPNOTSUPP;
4112 -
4113 mpio = mempool_alloc(m->mpio_pool, GFP_NOIO);
4114 dm_bio_record(&mpio->details, bio);
4116 diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c
4117 index ef124b7..7113af3 100644
4118 --- a/drivers/md/dm-raid1.c
4119 +++ b/drivers/md/dm-raid1.c
4120 @@ -1288,12 +1288,12 @@ static int mirror_status(struct dm_target *ti, status_type_t type,
4121 for (m = 0; m < ms->nr_mirrors; m++)
4122 DMEMIT("%s ", ms->mirror[m].dev->name);
4124 - DMEMIT("%llu/%llu",
4125 + DMEMIT("%llu/%llu 0 ",
4126 (unsigned long long)ms->rh.log->type->
4127 get_sync_count(ms->rh.log),
4128 (unsigned long long)ms->nr_regions);
4130 - sz = ms->rh.log->type->status(ms->rh.log, type, result, maxlen);
4131 + sz += ms->rh.log->type->status(ms->rh.log, type, result+sz, maxlen-sz);
4133 break;
4135 diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c
4136 index 0821a2b..3955621 100644
4137 --- a/drivers/md/dm-snap.c
4138 +++ b/drivers/md/dm-snap.c
4139 @@ -522,9 +522,12 @@ static int snapshot_ctr(struct dm_target *ti, unsigned int argc, char **argv)
4141 /* Metadata must only be loaded into one table at once */
4142 r = s->store.read_metadata(&s->store);
4143 - if (r) {
4144 + if (r < 0) {
4145 ti->error = "Failed to read snapshot metadata";
4146 goto bad6;
4147 + } else if (r > 0) {
4148 + s->valid = 0;
4149 + DMWARN("Snapshot is marked invalid.");
4150 }
4152 bio_list_init(&s->queued_bios);
4153 @@ -884,9 +887,6 @@ static int snapshot_map(struct dm_target *ti, struct bio *bio,
4154 if (!s->valid)
4155 return -EIO;
4157 - if (unlikely(bio_barrier(bio)))
4158 - return -EOPNOTSUPP;
4159 -
4160 /* FIXME: should only take write lock if we need
4161 * to copy an exception */
4162 down_write(&s->lock);
4163 @@ -1157,9 +1157,6 @@ static int origin_map(struct dm_target *ti, struct bio *bio,
4164 struct dm_dev *dev = (struct dm_dev *) ti->private;
4165 bio->bi_bdev = dev->bdev;
4167 - if (unlikely(bio_barrier(bio)))
4168 - return -EOPNOTSUPP;
4169 -
4170 /* Only tell snapshots if this is a write */
4171 return (bio_rw(bio) == WRITE) ? do_origin(dev, bio) : DM_MAPIO_REMAPPED;
4172 }
4173 diff --git a/drivers/md/dm.c b/drivers/md/dm.c
4174 index 2717a35..75bd2fd 100644
4175 --- a/drivers/md/dm.c
4176 +++ b/drivers/md/dm.c
4177 @@ -802,6 +802,15 @@ static int dm_request(request_queue_t *q, struct bio *bio)
4178 int rw = bio_data_dir(bio);
4179 struct mapped_device *md = q->queuedata;
4181 + /*
4182 + * There is no use in forwarding any barrier request since we can't
4183 + * guarantee it is (or can be) handled by the targets correctly.
4184 + */
4185 + if (unlikely(bio_barrier(bio))) {
4186 + bio_endio(bio, bio->bi_size, -EOPNOTSUPP);
4187 + return 0;
4188 + }
4189 +
4190 down_read(&md->io_lock);
4192 disk_stat_inc(dm_disk(md), ios[rw]);
4193 diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
4194 index 9eb66c1..e0029ea 100644
4195 --- a/drivers/md/raid10.c
4196 +++ b/drivers/md/raid10.c
4197 @@ -917,6 +917,13 @@ static int make_request(request_queue_t *q, struct bio * bio)
4198 bio_list_add(&bl, mbio);
4199 }
4201 + if (unlikely(!atomic_read(&r10_bio->remaining))) {
4202 + /* the array is dead */
4203 + md_write_end(mddev);
4204 + raid_end_bio_io(r10_bio);
4205 + return 0;
4206 + }
4207 +
4208 bitmap_startwrite(mddev->bitmap, bio->bi_sector, r10_bio->sectors, 0);
4209 spin_lock_irqsave(&conf->device_lock, flags);
4210 bio_list_merge(&conf->pending_bio_list, &bl);
4211 @@ -1558,7 +1565,6 @@ static void raid10d(mddev_t *mddev)
4212 bio = r10_bio->devs[r10_bio->read_slot].bio;
4213 r10_bio->devs[r10_bio->read_slot].bio =
4214 mddev->ro ? IO_BLOCKED : NULL;
4215 - bio_put(bio);
4216 mirror = read_balance(conf, r10_bio);
4217 if (mirror == -1) {
4218 printk(KERN_ALERT "raid10: %s: unrecoverable I/O"
4219 @@ -1566,8 +1572,10 @@ static void raid10d(mddev_t *mddev)
4220 bdevname(bio->bi_bdev,b),
4221 (unsigned long long)r10_bio->sector);
4222 raid_end_bio_io(r10_bio);
4223 + bio_put(bio);
4224 } else {
4225 const int do_sync = bio_sync(r10_bio->master_bio);
4226 + bio_put(bio);
4227 rdev = conf->mirrors[mirror].rdev;
4228 if (printk_ratelimit())
4229 printk(KERN_ERR "raid10: %s: redirecting sector %llu to"
4230 diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
4231 index 061375e..81ed88f 100644
4232 --- a/drivers/md/raid5.c
4233 +++ b/drivers/md/raid5.c
4234 @@ -2525,7 +2525,8 @@ static void raid5_activate_delayed(raid5_conf_t *conf)
4235 atomic_inc(&conf->preread_active_stripes);
4236 list_add_tail(&sh->lru, &conf->handle_list);
4237 }
4238 - }
4239 + } else
4240 + blk_plug_device(conf->mddev->queue);
4241 }
4243 static void activate_bit_delay(raid5_conf_t *conf)
4244 @@ -2949,7 +2950,8 @@ static int make_request(request_queue_t *q, struct bio * bi)
4245 goto retry;
4246 }
4247 finish_wait(&conf->wait_for_overlap, &w);
4248 - handle_stripe(sh, NULL);
4249 + set_bit(STRIPE_HANDLE, &sh->state);
4250 + clear_bit(STRIPE_DELAYED, &sh->state);
4251 release_stripe(sh);
4252 } else {
4253 /* cannot get stripe for read-ahead, just give-up */
4254 @@ -3267,7 +3269,7 @@ static int retry_aligned_read(raid5_conf_t *conf, struct bio *raid_bio)
4255 * During the scan, completed stripes are saved for us by the interrupt
4256 * handler, so that they will not have to wait for our next wakeup.
4257 */
4258 -static void raid5d (mddev_t *mddev)
4259 +static void raid5d(mddev_t *mddev)
4260 {
4261 struct stripe_head *sh;
4262 raid5_conf_t *conf = mddev_to_conf(mddev);
4263 @@ -3292,12 +3294,6 @@ static void raid5d (mddev_t *mddev)
4264 activate_bit_delay(conf);
4265 }
4267 - if (list_empty(&conf->handle_list) &&
4268 - atomic_read(&conf->preread_active_stripes) < IO_THRESHOLD &&
4269 - !blk_queue_plugged(mddev->queue) &&
4270 - !list_empty(&conf->delayed_list))
4271 - raid5_activate_delayed(conf);
4272 -
4273 while ((bio = remove_bio_from_retry(conf))) {
4274 int ok;
4275 spin_unlock_irq(&conf->device_lock);
4276 diff --git a/drivers/media/dvb/b2c2/flexcop-i2c.c b/drivers/media/dvb/b2c2/flexcop-i2c.c
4277 index 02a0ea6..6bf858a 100644
4278 --- a/drivers/media/dvb/b2c2/flexcop-i2c.c
4279 +++ b/drivers/media/dvb/b2c2/flexcop-i2c.c
4280 @@ -135,6 +135,13 @@ static int flexcop_master_xfer(struct i2c_adapter *i2c_adap, struct i2c_msg msgs
4281 struct flexcop_device *fc = i2c_get_adapdata(i2c_adap);
4282 int i, ret = 0;
4284 + /* Some drivers use 1 byte or 0 byte reads as probes, which this
4285 + * driver doesn't support. These probes will always fail, so this
4286 + * hack makes them always succeed. If one knew how, it would of
4287 + * course be better to actually do the read. */
4288 + if (num == 1 && msgs[0].flags == I2C_M_RD && msgs[0].len <= 1)
4289 + return 1;
4290 +
4291 if (mutex_lock_interruptible(&fc->i2c_mutex))
4292 return -ERESTARTSYS;
4294 diff --git a/drivers/media/video/cx88/cx88-mpeg.c b/drivers/media/video/cx88/cx88-mpeg.c
4295 index 543b05e..c36e2b7 100644
4296 --- a/drivers/media/video/cx88/cx88-mpeg.c
4297 +++ b/drivers/media/video/cx88/cx88-mpeg.c
4298 @@ -580,7 +580,7 @@ struct cx8802_dev * cx8802_get_device(struct inode *inode)
4300 list_for_each(list,&cx8802_devlist) {
4301 h = list_entry(list, struct cx8802_dev, devlist);
4302 - if (h->mpeg_dev->minor == minor)
4303 + if (h->mpeg_dev && h->mpeg_dev->minor == minor)
4304 return h;
4305 }
4307 diff --git a/drivers/media/video/ivtv/ivtv-driver.c b/drivers/media/video/ivtv/ivtv-driver.c
4308 index efc6635..5d9de5d 100644
4309 --- a/drivers/media/video/ivtv/ivtv-driver.c
4310 +++ b/drivers/media/video/ivtv/ivtv-driver.c
4311 @@ -622,6 +622,7 @@ static int __devinit ivtv_init_struct1(struct ivtv *itv)
4312 itv->enc_mbox.max_mbox = 2; /* the encoder has 3 mailboxes (0-2) */
4313 itv->dec_mbox.max_mbox = 1; /* the decoder has 2 mailboxes (0-1) */
4315 + mutex_init(&itv->serialize_lock);
4316 mutex_init(&itv->i2c_bus_lock);
4317 mutex_init(&itv->udma.lock);
4319 diff --git a/drivers/media/video/ivtv/ivtv-driver.h b/drivers/media/video/ivtv/ivtv-driver.h
4320 index e6e56f1..65ebdda 100644
4321 --- a/drivers/media/video/ivtv/ivtv-driver.h
4322 +++ b/drivers/media/video/ivtv/ivtv-driver.h
4323 @@ -650,7 +650,6 @@ struct vbi_info {
4324 /* convenience pointer to sliced struct in vbi_in union */
4325 struct v4l2_sliced_vbi_format *sliced_in;
4326 u32 service_set_in;
4327 - u32 service_set_out;
4328 int insert_mpeg;
4330 /* Buffer for the maximum of 2 * 18 * packet_size sliced VBI lines.
4331 @@ -723,6 +722,7 @@ struct ivtv {
4332 int search_pack_header;
4334 spinlock_t dma_reg_lock; /* lock access to DMA engine registers */
4335 + struct mutex serialize_lock; /* lock used to serialize starting streams */
4337 /* User based DMA for OSD */
4338 struct ivtv_user_dma udma;
4339 diff --git a/drivers/media/video/ivtv/ivtv-fileops.c b/drivers/media/video/ivtv/ivtv-fileops.c
4340 index 555d5e6..8fc7326 100644
4341 --- a/drivers/media/video/ivtv/ivtv-fileops.c
4342 +++ b/drivers/media/video/ivtv/ivtv-fileops.c
4343 @@ -753,6 +753,8 @@ static void ivtv_stop_decoding(struct ivtv_open_id *id, int flags, u64 pts)
4344 }
4345 if (s->type == IVTV_DEC_STREAM_TYPE_YUV && itv->output_mode == OUT_YUV)
4346 itv->output_mode = OUT_NONE;
4347 + else if (s->type == IVTV_DEC_STREAM_TYPE_YUV && itv->output_mode == OUT_UDMA_YUV)
4348 + itv->output_mode = OUT_NONE;
4349 else if (s->type == IVTV_DEC_STREAM_TYPE_MPG && itv->output_mode == OUT_MPG)
4350 itv->output_mode = OUT_NONE;
4352 diff --git a/drivers/media/video/ivtv/ivtv-ioctl.c b/drivers/media/video/ivtv/ivtv-ioctl.c
4353 index 57af176..dcfbaa9 100644
4354 --- a/drivers/media/video/ivtv/ivtv-ioctl.c
4355 +++ b/drivers/media/video/ivtv/ivtv-ioctl.c
4356 @@ -1183,6 +1183,7 @@ int ivtv_v4l2_ioctls(struct ivtv *itv, struct file *filp, unsigned int cmd, void
4357 itv->osd_global_alpha_state = (fb->flags & V4L2_FBUF_FLAG_GLOBAL_ALPHA) != 0;
4358 itv->osd_local_alpha_state = (fb->flags & V4L2_FBUF_FLAG_LOCAL_ALPHA) != 0;
4359 itv->osd_color_key_state = (fb->flags & V4L2_FBUF_FLAG_CHROMAKEY) != 0;
4360 + ivtv_set_osd_alpha(itv);
4361 break;
4362 }
4364 diff --git a/drivers/media/video/ivtv/ivtv-irq.c b/drivers/media/video/ivtv/ivtv-irq.c
4365 index ba98bf0..e83b496 100644
4366 --- a/drivers/media/video/ivtv/ivtv-irq.c
4367 +++ b/drivers/media/video/ivtv/ivtv-irq.c
4368 @@ -403,6 +403,11 @@ static void ivtv_dma_enc_start(struct ivtv_stream *s)
4369 /* Mark last buffer size for Interrupt flag */
4370 s->SGarray[s->SG_length - 1].size |= cpu_to_le32(0x80000000);
4372 + if (s->type == IVTV_ENC_STREAM_TYPE_VBI)
4373 + set_bit(IVTV_F_I_ENC_VBI, &itv->i_flags);
4374 + else
4375 + clear_bit(IVTV_F_I_ENC_VBI, &itv->i_flags);
4376 +
4377 if (ivtv_use_pio(s)) {
4378 for (i = 0; i < s->SG_length; i++) {
4379 s->PIOarray[i].src = le32_to_cpu(s->SGarray[i].src);
4380 @@ -597,7 +602,6 @@ static void ivtv_irq_enc_start_cap(struct ivtv *itv)
4381 data[0], data[1], data[2]);
4382 return;
4383 }
4384 - clear_bit(IVTV_F_I_ENC_VBI, &itv->i_flags);
4385 s = &itv->streams[ivtv_stream_map[data[0]]];
4386 if (!stream_enc_dma_append(s, data)) {
4387 set_bit(ivtv_use_pio(s) ? IVTV_F_S_PIO_PENDING : IVTV_F_S_DMA_PENDING, &s->s_flags);
4388 @@ -634,7 +638,6 @@ static void ivtv_irq_enc_vbi_cap(struct ivtv *itv)
4389 then start a DMA request for just the VBI data. */
4390 if (!stream_enc_dma_append(s, data) &&
4391 !test_bit(IVTV_F_S_STREAMING, &s_mpg->s_flags)) {
4392 - set_bit(IVTV_F_I_ENC_VBI, &itv->i_flags);
4393 set_bit(ivtv_use_pio(s) ? IVTV_F_S_PIO_PENDING : IVTV_F_S_DMA_PENDING, &s->s_flags);
4394 }
4395 }
4396 diff --git a/drivers/media/video/ivtv/ivtv-streams.c b/drivers/media/video/ivtv/ivtv-streams.c
4397 index 6af88ae..d538efa 100644
4398 --- a/drivers/media/video/ivtv/ivtv-streams.c
4399 +++ b/drivers/media/video/ivtv/ivtv-streams.c
4400 @@ -446,6 +446,9 @@ int ivtv_start_v4l2_encode_stream(struct ivtv_stream *s)
4401 if (s->v4l2dev == NULL)
4402 return -EINVAL;
4404 + /* Big serialization lock to ensure no two streams are started
4405 + simultaneously: that can give all sorts of weird results. */
4406 + mutex_lock(&itv->serialize_lock);
4407 IVTV_DEBUG_INFO("Start encoder stream %s\n", s->name);
4409 switch (s->type) {
4410 @@ -487,6 +490,7 @@ int ivtv_start_v4l2_encode_stream(struct ivtv_stream *s)
4411 0, sizeof(itv->vbi.sliced_mpeg_size));
4412 break;
4413 default:
4414 + mutex_unlock(&itv->serialize_lock);
4415 return -EINVAL;
4416 }
4417 s->subtype = subtype;
4418 @@ -568,6 +572,7 @@ int ivtv_start_v4l2_encode_stream(struct ivtv_stream *s)
4419 if (ivtv_vapi(itv, CX2341X_ENC_START_CAPTURE, 2, captype, subtype))
4420 {
4421 IVTV_DEBUG_WARN( "Error starting capture!\n");
4422 + mutex_unlock(&itv->serialize_lock);
4423 return -EINVAL;
4424 }
4426 @@ -583,6 +588,7 @@ int ivtv_start_v4l2_encode_stream(struct ivtv_stream *s)
4428 /* you're live! sit back and await interrupts :) */
4429 atomic_inc(&itv->capturing);
4430 + mutex_unlock(&itv->serialize_lock);
4431 return 0;
4432 }
4434 @@ -762,17 +768,6 @@ int ivtv_stop_v4l2_encode_stream(struct ivtv_stream *s, int gop_end)
4435 /* when: 0 = end of GOP 1 = NOW!, type: 0 = mpeg, subtype: 3 = video+audio */
4436 ivtv_vapi(itv, CX2341X_ENC_STOP_CAPTURE, 3, stopmode, cap_type, s->subtype);
4438 - /* only run these if we're shutting down the last cap */
4439 - if (atomic_read(&itv->capturing) - 1 == 0) {
4440 - /* event notification (off) */
4441 - if (test_and_clear_bit(IVTV_F_I_DIG_RST, &itv->i_flags)) {
4442 - /* type: 0 = refresh */
4443 - /* on/off: 0 = off, intr: 0x10000000, mbox_id: -1: none */
4444 - ivtv_vapi(itv, CX2341X_ENC_SET_EVENT_NOTIFICATION, 4, 0, 0, IVTV_IRQ_ENC_VIM_RST, -1);
4445 - ivtv_set_irq_mask(itv, IVTV_IRQ_ENC_VIM_RST);
4446 - }
4447 - }
4448 -
4449 then = jiffies;
4451 if (!test_bit(IVTV_F_S_PASSTHROUGH, &s->s_flags)) {
4452 @@ -840,17 +835,30 @@ int ivtv_stop_v4l2_encode_stream(struct ivtv_stream *s, int gop_end)
4453 /* Clear capture and no-read bits */
4454 clear_bit(IVTV_F_S_STREAMING, &s->s_flags);
4456 + /* ensure these global cleanup actions are done only once */
4457 + mutex_lock(&itv->serialize_lock);
4458 +
4459 if (s->type == IVTV_ENC_STREAM_TYPE_VBI)
4460 ivtv_set_irq_mask(itv, IVTV_IRQ_ENC_VBI_CAP);
4462 if (atomic_read(&itv->capturing) > 0) {
4463 + mutex_unlock(&itv->serialize_lock);
4464 return 0;
4465 }
4467 /* Set the following Interrupt mask bits for capture */
4468 ivtv_set_irq_mask(itv, IVTV_IRQ_MASK_CAPTURE);
4470 + /* event notification (off) */
4471 + if (test_and_clear_bit(IVTV_F_I_DIG_RST, &itv->i_flags)) {
4472 + /* type: 0 = refresh */
4473 + /* on/off: 0 = off, intr: 0x10000000, mbox_id: -1: none */
4474 + ivtv_vapi(itv, CX2341X_ENC_SET_EVENT_NOTIFICATION, 4, 0, 0, IVTV_IRQ_ENC_VIM_RST, -1);
4475 + ivtv_set_irq_mask(itv, IVTV_IRQ_ENC_VIM_RST);
4476 + }
4477 +
4478 wake_up(&s->waitq);
4479 + mutex_unlock(&itv->serialize_lock);
4481 return 0;
4482 }
4483 diff --git a/drivers/media/video/ivtv/ivtv-vbi.c b/drivers/media/video/ivtv/ivtv-vbi.c
4484 index 3ba46e0..a7282a9 100644
4485 --- a/drivers/media/video/ivtv/ivtv-vbi.c
4486 +++ b/drivers/media/video/ivtv/ivtv-vbi.c
4487 @@ -219,31 +219,23 @@ ssize_t ivtv_write_vbi(struct ivtv *itv, const char __user *ubuf, size_t count)
4488 int found_cc = 0;
4489 int cc_pos = itv->vbi.cc_pos;
4491 - if (itv->vbi.service_set_out == 0)
4492 - return -EPERM;
4493 -
4494 while (count >= sizeof(struct v4l2_sliced_vbi_data)) {
4495 switch (p->id) {
4496 case V4L2_SLICED_CAPTION_525:
4497 - if (p->id == V4L2_SLICED_CAPTION_525 &&
4498 - p->line == 21 &&
4499 - (itv->vbi.service_set_out &
4500 - V4L2_SLICED_CAPTION_525) == 0) {
4501 - break;
4502 - }
4503 - found_cc = 1;
4504 - if (p->field) {
4505 - cc[2] = p->data[0];
4506 - cc[3] = p->data[1];
4507 - } else {
4508 - cc[0] = p->data[0];
4509 - cc[1] = p->data[1];
4510 + if (p->line == 21) {
4511 + found_cc = 1;
4512 + if (p->field) {
4513 + cc[2] = p->data[0];
4514 + cc[3] = p->data[1];
4515 + } else {
4516 + cc[0] = p->data[0];
4517 + cc[1] = p->data[1];
4518 + }
4519 }
4520 break;
4522 case V4L2_SLICED_VPS:
4523 - if (p->line == 16 && p->field == 0 &&
4524 - (itv->vbi.service_set_out & V4L2_SLICED_VPS)) {
4525 + if (p->line == 16 && p->field == 0) {
4526 itv->vbi.vps[0] = p->data[2];
4527 itv->vbi.vps[1] = p->data[8];
4528 itv->vbi.vps[2] = p->data[9];
4529 @@ -255,8 +247,7 @@ ssize_t ivtv_write_vbi(struct ivtv *itv, const char __user *ubuf, size_t count)
4530 break;
4532 case V4L2_SLICED_WSS_625:
4533 - if (p->line == 23 && p->field == 0 &&
4534 - (itv->vbi.service_set_out & V4L2_SLICED_WSS_625)) {
4535 + if (p->line == 23 && p->field == 0) {
4536 /* No lock needed for WSS */
4537 itv->vbi.wss = p->data[0] | (p->data[1] << 8);
4538 itv->vbi.wss_found = 1;
4539 diff --git a/drivers/media/video/pwc/pwc-if.c b/drivers/media/video/pwc/pwc-if.c
4540 index 085332a..5227978 100644
4541 --- a/drivers/media/video/pwc/pwc-if.c
4542 +++ b/drivers/media/video/pwc/pwc-if.c
4543 @@ -1196,12 +1196,19 @@ static int pwc_video_open(struct inode *inode, struct file *file)
4544 return 0;
4545 }
4547 +
4548 +static void pwc_cleanup(struct pwc_device *pdev)
4549 +{
4550 + pwc_remove_sysfs_files(pdev->vdev);
4551 + video_unregister_device(pdev->vdev);
4552 +}
4553 +
4554 /* Note that all cleanup is done in the reverse order as in _open */
4555 static int pwc_video_close(struct inode *inode, struct file *file)
4556 {
4557 struct video_device *vdev = file->private_data;
4558 struct pwc_device *pdev;
4559 - int i;
4560 + int i, hint;
4562 PWC_DEBUG_OPEN(">> video_close called(vdev = 0x%p).\n", vdev);
4564 @@ -1224,8 +1231,9 @@ static int pwc_video_close(struct inode *inode, struct file *file)
4565 pwc_isoc_cleanup(pdev);
4566 pwc_free_buffers(pdev);
4568 + lock_kernel();
4569 /* Turn off LEDS and power down camera, but only when not unplugged */
4570 - if (pdev->error_status != EPIPE) {
4571 + if (!pdev->unplugged) {
4572 /* Turn LEDs off */
4573 if (pwc_set_leds(pdev, 0, 0) < 0)
4574 PWC_DEBUG_MODULE("Failed to set LED on/off time.\n");
4575 @@ -1234,9 +1242,19 @@ static int pwc_video_close(struct inode *inode, struct file *file)
4576 if (i < 0)
4577 PWC_ERROR("Failed to power down camera (%d)\n", i);
4578 }
4579 + pdev->vopen--;
4580 + PWC_DEBUG_OPEN("<< video_close() vopen=%d\n", pdev->vopen);
4581 + } else {
4582 + pwc_cleanup(pdev);
4583 + /* Free memory (don't set pdev to 0 just yet) */
4584 + kfree(pdev);
4585 + /* search device_hint[] table if we occupy a slot, by any chance */
4586 + for (hint = 0; hint < MAX_DEV_HINTS; hint++)
4587 + if (device_hint[hint].pdev == pdev)
4588 + device_hint[hint].pdev = NULL;
4589 }
4590 - pdev->vopen--;
4591 - PWC_DEBUG_OPEN("<< video_close() vopen=%d\n", pdev->vopen);
4592 + unlock_kernel();
4593 +
4594 return 0;
4595 }
4597 @@ -1791,21 +1809,21 @@ static void usb_pwc_disconnect(struct usb_interface *intf)
4598 /* Alert waiting processes */
4599 wake_up_interruptible(&pdev->frameq);
4600 /* Wait until device is closed */
4601 - while (pdev->vopen)
4602 - schedule();
4603 - /* Device is now closed, so we can safely unregister it */
4604 - PWC_DEBUG_PROBE("Unregistering video device in disconnect().\n");
4605 - pwc_remove_sysfs_files(pdev->vdev);
4606 - video_unregister_device(pdev->vdev);
4607 -
4608 - /* Free memory (don't set pdev to 0 just yet) */
4609 - kfree(pdev);
4610 + if(pdev->vopen) {
4611 + pdev->unplugged = 1;
4612 + } else {
4613 + /* Device is closed, so we can safely unregister it */
4614 + PWC_DEBUG_PROBE("Unregistering video device in disconnect().\n");
4615 + pwc_cleanup(pdev);
4616 + /* Free memory (don't set pdev to 0 just yet) */
4617 + kfree(pdev);
4619 disconnect_out:
4620 - /* search device_hint[] table if we occupy a slot, by any chance */
4621 - for (hint = 0; hint < MAX_DEV_HINTS; hint++)
4622 - if (device_hint[hint].pdev == pdev)
4623 - device_hint[hint].pdev = NULL;
4624 + /* search device_hint[] table if we occupy a slot, by any chance */
4625 + for (hint = 0; hint < MAX_DEV_HINTS; hint++)
4626 + if (device_hint[hint].pdev == pdev)
4627 + device_hint[hint].pdev = NULL;
4628 + }
4630 unlock_kernel();
4631 }
4632 diff --git a/drivers/media/video/pwc/pwc.h b/drivers/media/video/pwc/pwc.h
4633 index acbb931..40d3447 100644
4634 --- a/drivers/media/video/pwc/pwc.h
4635 +++ b/drivers/media/video/pwc/pwc.h
4636 @@ -193,6 +193,7 @@ struct pwc_device
4637 char vsnapshot; /* snapshot mode */
4638 char vsync; /* used by isoc handler */
4639 char vmirror; /* for ToUCaM series */
4640 + char unplugged;
4642 int cmd_len;
4643 unsigned char cmd_buf[13];
4644 diff --git a/drivers/media/video/usbvision/usbvision-cards.c b/drivers/media/video/usbvision/usbvision-cards.c
4645 index 51ab265..31db1ed 100644
4646 --- a/drivers/media/video/usbvision/usbvision-cards.c
4647 +++ b/drivers/media/video/usbvision/usbvision-cards.c
4648 @@ -1081,6 +1081,7 @@ struct usb_device_id usbvision_table [] = {
4649 { USB_DEVICE(0x2304, 0x0301), .driver_info=PINNA_LINX_VD_IN_CAB_PAL },
4650 { USB_DEVICE(0x2304, 0x0419), .driver_info=PINNA_PCTV_BUNGEE_PAL_FM },
4651 { USB_DEVICE(0x2400, 0x4200), .driver_info=HPG_WINTV },
4652 + { }, /* terminate list */
4653 };
4655 MODULE_DEVICE_TABLE (usb, usbvision_table);
4656 diff --git a/drivers/media/video/v4l2-common.c b/drivers/media/video/v4l2-common.c
4657 index 13ee550..d2915d3 100644
4658 --- a/drivers/media/video/v4l2-common.c
4659 +++ b/drivers/media/video/v4l2-common.c
4660 @@ -939,16 +939,25 @@ int v4l2_ctrl_query_menu(struct v4l2_querymenu *qmenu, struct v4l2_queryctrl *qc
4661 When no more controls are available 0 is returned. */
4662 u32 v4l2_ctrl_next(const u32 * const * ctrl_classes, u32 id)
4663 {
4664 - u32 ctrl_class;
4665 + u32 ctrl_class = V4L2_CTRL_ID2CLASS(id);
4666 const u32 *pctrl;
4668 - /* if no query is desired, then just return the control ID */
4669 - if ((id & V4L2_CTRL_FLAG_NEXT_CTRL) == 0)
4670 - return id;
4671 if (ctrl_classes == NULL)
4672 return 0;
4673 +
4674 + /* if no query is desired, then check if the ID is part of ctrl_classes */
4675 + if ((id & V4L2_CTRL_FLAG_NEXT_CTRL) == 0) {
4676 + /* find class */
4677 + while (*ctrl_classes && V4L2_CTRL_ID2CLASS(**ctrl_classes) != ctrl_class)
4678 + ctrl_classes++;
4679 + if (*ctrl_classes == NULL)
4680 + return 0;
4681 + pctrl = *ctrl_classes;
4682 + /* find control ID */
4683 + while (*pctrl && *pctrl != id) pctrl++;
4684 + return *pctrl ? id : 0;
4685 + }
4686 id &= V4L2_CTRL_ID_MASK;
4687 - ctrl_class = V4L2_CTRL_ID2CLASS(id);
4688 id++; /* select next control */
4689 /* find first class that matches (or is greater than) the class of
4690 the ID */
4691 diff --git a/drivers/media/video/wm8739.c b/drivers/media/video/wm8739.c
4692 index 8f6741a..1bf4cbe 100644
4693 --- a/drivers/media/video/wm8739.c
4694 +++ b/drivers/media/video/wm8739.c
4695 @@ -321,12 +321,14 @@ static int wm8739_probe(struct i2c_adapter *adapter)
4697 static int wm8739_detach(struct i2c_client *client)
4698 {
4699 + struct wm8739_state *state = i2c_get_clientdata(client);
4700 int err;
4702 err = i2c_detach_client(client);
4703 if (err)
4704 return err;
4706 + kfree(state);
4707 kfree(client);
4708 return 0;
4709 }
4710 diff --git a/drivers/media/video/wm8775.c b/drivers/media/video/wm8775.c
4711 index 4df5d30..9f7e894 100644
4712 --- a/drivers/media/video/wm8775.c
4713 +++ b/drivers/media/video/wm8775.c
4714 @@ -222,12 +222,14 @@ static int wm8775_probe(struct i2c_adapter *adapter)
4716 static int wm8775_detach(struct i2c_client *client)
4717 {
4718 + struct wm8775_state *state = i2c_get_clientdata(client);
4719 int err;
4721 err = i2c_detach_client(client);
4722 if (err) {
4723 return err;
4724 }
4725 + kfree(state);
4726 kfree(client);
4728 return 0;
4729 diff --git a/drivers/misc/sony-laptop.c b/drivers/misc/sony-laptop.c
4730 index 8ee0321..6d2d64f 100644
4731 --- a/drivers/misc/sony-laptop.c
4732 +++ b/drivers/misc/sony-laptop.c
4733 @@ -908,7 +908,9 @@ static struct acpi_driver sony_nc_driver = {
4734 #define SONYPI_DEVICE_TYPE2 0x00000002
4735 #define SONYPI_DEVICE_TYPE3 0x00000004
4737 -#define SONY_PIC_EV_MASK 0xff
4738 +#define SONYPI_TYPE1_OFFSET 0x04
4739 +#define SONYPI_TYPE2_OFFSET 0x12
4740 +#define SONYPI_TYPE3_OFFSET 0x12
4742 struct sony_pic_ioport {
4743 struct acpi_resource_io io;
4744 @@ -922,6 +924,7 @@ struct sony_pic_irq {
4746 struct sony_pic_dev {
4747 int model;
4748 + u16 evport_offset;
4749 u8 camera_power;
4750 u8 bluetooth_power;
4751 u8 wwan_power;
4752 @@ -1998,20 +2001,17 @@ end:
4753 static irqreturn_t sony_pic_irq(int irq, void *dev_id)
4754 {
4755 int i, j;
4756 - u32 port_val = 0;
4757 u8 ev = 0;
4758 u8 data_mask = 0;
4759 u8 device_event = 0;
4761 struct sony_pic_dev *dev = (struct sony_pic_dev *) dev_id;
4763 - acpi_os_read_port(dev->cur_ioport->io.minimum, &port_val,
4764 - dev->cur_ioport->io.address_length);
4765 - ev = port_val & SONY_PIC_EV_MASK;
4766 - data_mask = 0xff & (port_val >> (dev->cur_ioport->io.address_length - 8));
4767 + ev = inb_p(dev->cur_ioport->io.minimum);
4768 + data_mask = inb_p(dev->cur_ioport->io.minimum + dev->evport_offset);
4770 - dprintk("event (0x%.8x [%.2x] [%.2x]) at port 0x%.4x\n",
4771 - port_val, ev, data_mask, dev->cur_ioport->io.minimum);
4772 + dprintk("event ([%.2x] [%.2x]) at port 0x%.4x(+0x%.2x)\n",
4773 + ev, data_mask, dev->cur_ioport->io.minimum, dev->evport_offset);
4775 if (ev == 0x00 || ev == 0xff)
4776 return IRQ_HANDLED;
4777 @@ -2056,8 +2056,6 @@ static int sony_pic_remove(struct acpi_device *device, int type)
4778 struct sony_pic_ioport *io, *tmp_io;
4779 struct sony_pic_irq *irq, *tmp_irq;
4781 - sonypi_compat_exit();
4782 -
4783 if (sony_pic_disable(device)) {
4784 printk(KERN_ERR DRV_PFX "Couldn't disable device.\n");
4785 return -ENXIO;
4786 @@ -2067,6 +2065,8 @@ static int sony_pic_remove(struct acpi_device *device, int type)
4787 release_region(spic_dev.cur_ioport->io.minimum,
4788 spic_dev.cur_ioport->io.address_length);
4790 + sonypi_compat_exit();
4791 +
4792 sony_laptop_remove_input();
4794 /* pf attrs */
4795 @@ -2102,6 +2102,20 @@ static int sony_pic_add(struct acpi_device *device)
4796 spic_dev.model = sony_pic_detect_device_type();
4797 mutex_init(&spic_dev.lock);
4799 + /* model specific characteristics */
4800 + switch(spic_dev.model) {
4801 + case SONYPI_DEVICE_TYPE1:
4802 + spic_dev.evport_offset = SONYPI_TYPE1_OFFSET;
4803 + break;
4804 + case SONYPI_DEVICE_TYPE3:
4805 + spic_dev.evport_offset = SONYPI_TYPE3_OFFSET;
4806 + break;
4807 + case SONYPI_DEVICE_TYPE2:
4808 + default:
4809 + spic_dev.evport_offset = SONYPI_TYPE2_OFFSET;
4810 + break;
4811 + }
4812 +
4813 /* read _PRS resources */
4814 result = sony_pic_possible_resources(device);
4815 if (result) {
4816 @@ -2118,6 +2132,9 @@ static int sony_pic_add(struct acpi_device *device)
4817 goto err_free_resources;
4818 }
4820 + if (sonypi_compat_init())
4821 + goto err_remove_input;
4822 +
4823 /* request io port */
4824 list_for_each_entry(io, &spic_dev.ioports, list) {
4825 if (request_region(io->io.minimum, io->io.address_length,
4826 @@ -2132,7 +2149,7 @@ static int sony_pic_add(struct acpi_device *device)
4827 if (!spic_dev.cur_ioport) {
4828 printk(KERN_ERR DRV_PFX "Failed to request_region.\n");
4829 result = -ENODEV;
4830 - goto err_remove_input;
4831 + goto err_remove_compat;
4832 }
4834 /* request IRQ */
4835 @@ -2172,9 +2189,6 @@ static int sony_pic_add(struct acpi_device *device)
4836 if (result)
4837 goto err_remove_pf;
4839 - if (sonypi_compat_init())
4840 - goto err_remove_pf;
4841 -
4842 return 0;
4844 err_remove_pf:
4845 @@ -2190,6 +2204,9 @@ err_release_region:
4846 release_region(spic_dev.cur_ioport->io.minimum,
4847 spic_dev.cur_ioport->io.address_length);
4849 +err_remove_compat:
4850 + sonypi_compat_exit();
4851 +
4852 err_remove_input:
4853 sony_laptop_remove_input();
4855 diff --git a/drivers/mtd/Makefile b/drivers/mtd/Makefile
4856 index 451adcc..6d958a4 100644
4857 --- a/drivers/mtd/Makefile
4858 +++ b/drivers/mtd/Makefile
4859 @@ -3,9 +3,9 @@
4860 #
4862 # Core functionality.
4863 +obj-$(CONFIG_MTD) += mtd.o
4864 mtd-y := mtdcore.o mtdsuper.o
4865 mtd-$(CONFIG_MTD_PARTITIONS) += mtdpart.o
4866 -obj-$(CONFIG_MTD) += $(mtd-y)
4868 obj-$(CONFIG_MTD_CONCAT) += mtdconcat.o
4869 obj-$(CONFIG_MTD_REDBOOT_PARTS) += redboot.o
4870 diff --git a/drivers/mtd/mtdpart.c b/drivers/mtd/mtdpart.c
4871 index 9c62368..6174a97 100644
4872 --- a/drivers/mtd/mtdpart.c
4873 +++ b/drivers/mtd/mtdpart.c
4874 @@ -560,7 +560,3 @@ int parse_mtd_partitions(struct mtd_info *master, const char **types,
4875 EXPORT_SYMBOL_GPL(parse_mtd_partitions);
4876 EXPORT_SYMBOL_GPL(register_mtd_parser);
4877 EXPORT_SYMBOL_GPL(deregister_mtd_parser);
4878 -
4879 -MODULE_LICENSE("GPL");
4880 -MODULE_AUTHOR("Nicolas Pitre <nico@cam.org>");
4881 -MODULE_DESCRIPTION("Generic support for partitioning of MTD devices");
4882 diff --git a/drivers/mtd/mtdsuper.c b/drivers/mtd/mtdsuper.c
4883 index aca3319..9b430f2 100644
4884 --- a/drivers/mtd/mtdsuper.c
4885 +++ b/drivers/mtd/mtdsuper.c
4886 @@ -70,6 +70,8 @@ static int get_sb_mtd_aux(struct file_system_type *fs_type, int flags,
4887 DEBUG(1, "MTDSB: New superblock for device %d (\"%s\")\n",
4888 mtd->index, mtd->name);
4890 + sb->s_flags = flags;
4891 +
4892 ret = fill_super(sb, data, flags & MS_SILENT ? 1 : 0);
4893 if (ret < 0) {
4894 up_write(&sb->s_umount);
4895 diff --git a/drivers/mtd/nand/cafe_nand.c b/drivers/mtd/nand/cafe_nand.c
4896 index cff969d..6f32a35 100644
4897 --- a/drivers/mtd/nand/cafe_nand.c
4898 +++ b/drivers/mtd/nand/cafe_nand.c
4899 @@ -816,7 +816,8 @@ static void __devexit cafe_nand_remove(struct pci_dev *pdev)
4900 }
4902 static struct pci_device_id cafe_nand_tbl[] = {
4903 - { 0x11ab, 0x4100, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_MEMORY_FLASH << 8, 0xFFFF0 }
4904 + { 0x11ab, 0x4100, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_MEMORY_FLASH << 8, 0xFFFF0 },
4905 + { 0, }
4906 };
4908 MODULE_DEVICE_TABLE(pci, cafe_nand_tbl);
4909 diff --git a/drivers/net/atl1/atl1_main.c b/drivers/net/atl1/atl1_main.c
4910 index 6862c11..1b7a5a8 100644
4911 --- a/drivers/net/atl1/atl1_main.c
4912 +++ b/drivers/net/atl1/atl1_main.c
4913 @@ -2097,21 +2097,26 @@ static int __devinit atl1_probe(struct pci_dev *pdev,
4914 struct net_device *netdev;
4915 struct atl1_adapter *adapter;
4916 static int cards_found = 0;
4917 - bool pci_using_64 = true;
4918 int err;
4920 err = pci_enable_device(pdev);
4921 if (err)
4922 return err;
4924 - err = pci_set_dma_mask(pdev, DMA_64BIT_MASK);
4925 + /*
4926 + * The atl1 chip can DMA to 64-bit addresses, but it uses a single
4927 + * shared register for the high 32 bits, so only a single, aligned,
4928 + * 4 GB physical address range can be used at a time.
4929 + *
4930 + * Supporting 64-bit DMA on this hardware is more trouble than it's
4931 + * worth. It is far easier to limit to 32-bit DMA than update
4932 + * various kernel subsystems to support the mechanics required by a
4933 + * fixed-high-32-bit system.
4934 + */
4935 + err = pci_set_dma_mask(pdev, DMA_32BIT_MASK);
4936 if (err) {
4937 - err = pci_set_dma_mask(pdev, DMA_32BIT_MASK);
4938 - if (err) {
4939 - dev_err(&pdev->dev, "no usable DMA configuration\n");
4940 - goto err_dma;
4941 - }
4942 - pci_using_64 = false;
4943 + dev_err(&pdev->dev, "no usable DMA configuration\n");
4944 + goto err_dma;
4945 }
4946 /* Mark all PCI regions associated with PCI device
4947 * pdev as being reserved by owner atl1_driver_name
4948 @@ -2176,7 +2181,6 @@ static int __devinit atl1_probe(struct pci_dev *pdev,
4950 netdev->ethtool_ops = &atl1_ethtool_ops;
4951 adapter->bd_number = cards_found;
4952 - adapter->pci_using_64 = pci_using_64;
4954 /* setup the private structure */
4955 err = atl1_sw_init(adapter);
4956 @@ -2193,9 +2197,6 @@ static int __devinit atl1_probe(struct pci_dev *pdev,
4957 */
4958 /* netdev->features |= NETIF_F_TSO; */
4960 - if (pci_using_64)
4961 - netdev->features |= NETIF_F_HIGHDMA;
4962 -
4963 netdev->features |= NETIF_F_LLTX;
4965 /*
4966 diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
4967 index 6287ffb..0af7bc8 100644
4968 --- a/drivers/net/bonding/bond_main.c
4969 +++ b/drivers/net/bonding/bond_main.c
4970 @@ -1233,43 +1233,31 @@ int bond_sethwaddr(struct net_device *bond_dev, struct net_device *slave_dev)
4971 return 0;
4972 }
4974 -#define BOND_INTERSECT_FEATURES \
4975 - (NETIF_F_SG | NETIF_F_ALL_CSUM | NETIF_F_TSO | NETIF_F_UFO)
4976 +#define BOND_VLAN_FEATURES \
4977 + (NETIF_F_VLAN_CHALLENGED | NETIF_F_HW_VLAN_RX | NETIF_F_HW_VLAN_TX | \
4978 + NETIF_F_HW_VLAN_FILTER)
4980 /*
4981 * Compute the common dev->feature set available to all slaves. Some
4982 - * feature bits are managed elsewhere, so preserve feature bits set on
4983 - * master device that are not part of the examined set.
4984 + * feature bits are managed elsewhere, so preserve those feature bits
4985 + * on the master device.
4986 */
4987 static int bond_compute_features(struct bonding *bond)
4988 {
4989 - unsigned long features = BOND_INTERSECT_FEATURES;
4990 struct slave *slave;
4991 struct net_device *bond_dev = bond->dev;
4992 + unsigned long features = bond_dev->features & ~BOND_VLAN_FEATURES;
4993 unsigned short max_hard_header_len = ETH_HLEN;
4994 int i;
4996 bond_for_each_slave(bond, slave, i) {
4997 - features &= (slave->dev->features & BOND_INTERSECT_FEATURES);
4998 + features = netdev_compute_features(features,
4999 + slave->dev->features);
5000 if (slave->dev->hard_header_len > max_hard_header_len)
5001 max_hard_header_len = slave->dev->hard_header_len;
5002 }
5004 - if ((features & NETIF_F_SG) &&
5005 - !(features & NETIF_F_ALL_CSUM))
5006 - features &= ~NETIF_F_SG;
5007 -
5008 - /*
5009 - * features will include NETIF_F_TSO (NETIF_F_UFO) iff all
5010 - * slave devices support NETIF_F_TSO (NETIF_F_UFO), which
5011 - * implies that all slaves also support scatter-gather
5012 - * (NETIF_F_SG), which implies that features also includes
5013 - * NETIF_F_SG. So no need to check whether we have an
5014 - * illegal combination of NETIF_F_{TSO,UFO} and
5015 - * !NETIF_F_SG
5016 - */
5017 -
5018 - features |= (bond_dev->features & ~BOND_INTERSECT_FEATURES);
5019 + features |= (bond_dev->features & BOND_VLAN_FEATURES);
5020 bond_dev->features = features;
5021 bond_dev->hard_header_len = max_hard_header_len;
5023 diff --git a/drivers/net/cassini.c b/drivers/net/cassini.c
5024 index 59b9943..ad55baa 100644
5025 --- a/drivers/net/cassini.c
5026 +++ b/drivers/net/cassini.c
5027 @@ -336,30 +336,6 @@ static inline void cas_mask_intr(struct cas *cp)
5028 cas_disable_irq(cp, i);
5029 }
5031 -static inline void cas_buffer_init(cas_page_t *cp)
5032 -{
5033 - struct page *page = cp->buffer;
5034 - atomic_set((atomic_t *)&page->lru.next, 1);
5035 -}
5036 -
5037 -static inline int cas_buffer_count(cas_page_t *cp)
5038 -{
5039 - struct page *page = cp->buffer;
5040 - return atomic_read((atomic_t *)&page->lru.next);
5041 -}
5042 -
5043 -static inline void cas_buffer_inc(cas_page_t *cp)
5044 -{
5045 - struct page *page = cp->buffer;
5046 - atomic_inc((atomic_t *)&page->lru.next);
5047 -}
5048 -
5049 -static inline void cas_buffer_dec(cas_page_t *cp)
5050 -{
5051 - struct page *page = cp->buffer;
5052 - atomic_dec((atomic_t *)&page->lru.next);
5053 -}
5054 -
5055 static void cas_enable_irq(struct cas *cp, const int ring)
5056 {
5057 if (ring == 0) { /* all but TX_DONE */
5058 @@ -497,7 +473,6 @@ static int cas_page_free(struct cas *cp, cas_page_t *page)
5059 {
5060 pci_unmap_page(cp->pdev, page->dma_addr, cp->page_size,
5061 PCI_DMA_FROMDEVICE);
5062 - cas_buffer_dec(page);
5063 __free_pages(page->buffer, cp->page_order);
5064 kfree(page);
5065 return 0;
5066 @@ -527,7 +502,6 @@ static cas_page_t *cas_page_alloc(struct cas *cp, const gfp_t flags)
5067 page->buffer = alloc_pages(flags, cp->page_order);
5068 if (!page->buffer)
5069 goto page_err;
5070 - cas_buffer_init(page);
5071 page->dma_addr = pci_map_page(cp->pdev, page->buffer, 0,
5072 cp->page_size, PCI_DMA_FROMDEVICE);
5073 return page;
5074 @@ -606,7 +580,7 @@ static void cas_spare_recover(struct cas *cp, const gfp_t flags)
5075 list_for_each_safe(elem, tmp, &list) {
5076 cas_page_t *page = list_entry(elem, cas_page_t, list);
5078 - if (cas_buffer_count(page) > 1)
5079 + if (page_count(page->buffer) > 1)
5080 continue;
5082 list_del(elem);
5083 @@ -1374,7 +1348,7 @@ static inline cas_page_t *cas_page_spare(struct cas *cp, const int index)
5084 cas_page_t *page = cp->rx_pages[1][index];
5085 cas_page_t *new;
5087 - if (cas_buffer_count(page) == 1)
5088 + if (page_count(page->buffer) == 1)
5089 return page;
5091 new = cas_page_dequeue(cp);
5092 @@ -1394,7 +1368,7 @@ static cas_page_t *cas_page_swap(struct cas *cp, const int ring,
5093 cas_page_t **page1 = cp->rx_pages[1];
5095 /* swap if buffer is in use */
5096 - if (cas_buffer_count(page0[index]) > 1) {
5097 + if (page_count(page0[index]->buffer) > 1) {
5098 cas_page_t *new = cas_page_spare(cp, index);
5099 if (new) {
5100 page1[index] = page0[index];
5101 @@ -1979,6 +1953,7 @@ static int cas_rx_process_pkt(struct cas *cp, struct cas_rx_comp *rxc,
5102 struct cas_page *page;
5103 struct sk_buff *skb;
5104 void *addr, *crcaddr;
5105 + __sum16 csum;
5106 char *p;
5108 hlen = CAS_VAL(RX_COMP2_HDR_SIZE, words[1]);
5109 @@ -2062,10 +2037,10 @@ static int cas_rx_process_pkt(struct cas *cp, struct cas_rx_comp *rxc,
5111 skb_shinfo(skb)->nr_frags++;
5112 skb->data_len += hlen - swivel;
5113 + skb->truesize += hlen - swivel;
5114 skb->len += hlen - swivel;
5116 get_page(page->buffer);
5117 - cas_buffer_inc(page);
5118 frag->page = page->buffer;
5119 frag->page_offset = off;
5120 frag->size = hlen - swivel;
5121 @@ -2090,7 +2065,6 @@ static int cas_rx_process_pkt(struct cas *cp, struct cas_rx_comp *rxc,
5122 frag++;
5124 get_page(page->buffer);
5125 - cas_buffer_inc(page);
5126 frag->page = page->buffer;
5127 frag->page_offset = 0;
5128 frag->size = hlen;
5129 @@ -2158,14 +2132,15 @@ end_copy_pkt:
5130 skb_put(skb, alloclen);
5131 }
5133 - i = CAS_VAL(RX_COMP4_TCP_CSUM, words[3]);
5134 + csum = (__force __sum16)htons(CAS_VAL(RX_COMP4_TCP_CSUM, words[3]));
5135 if (cp->crc_size) {
5136 /* checksum includes FCS. strip it out. */
5137 - i = csum_fold(csum_partial(crcaddr, cp->crc_size, i));
5138 + csum = csum_fold(csum_partial(crcaddr, cp->crc_size,
5139 + csum_unfold(csum)));
5140 if (addr)
5141 cas_page_unmap(addr);
5142 }
5143 - skb->csum = ntohs(i ^ 0xffff);
5144 + skb->csum = csum_unfold(~csum);
5145 skb->ip_summed = CHECKSUM_COMPLETE;
5146 skb->protocol = eth_type_trans(skb, cp->dev);
5147 return len;
5148 @@ -2253,7 +2228,7 @@ static int cas_post_rxds_ringN(struct cas *cp, int ring, int num)
5149 released = 0;
5150 while (entry != last) {
5151 /* make a new buffer if it's still in use */
5152 - if (cas_buffer_count(page[entry]) > 1) {
5153 + if (page_count(page[entry]->buffer) > 1) {
5154 cas_page_t *new = cas_page_dequeue(cp);
5155 if (!new) {
5156 /* let the timer know that we need to
5157 diff --git a/drivers/net/cassini.h b/drivers/net/cassini.h
5158 index a970804..a201431 100644
5159 --- a/drivers/net/cassini.h
5160 +++ b/drivers/net/cassini.h
5161 @@ -4122,8 +4122,8 @@ cas_saturn_patch_t cas_saturn_patch[] = {
5162 inserted into
5163 outgoing frame. */
5164 struct cas_tx_desc {
5165 - u64 control;
5166 - u64 buffer;
5167 + __le64 control;
5168 + __le64 buffer;
5169 };
5171 /* descriptor ring for free buffers contains page-sized buffers. the index
5172 @@ -4131,8 +4131,8 @@ struct cas_tx_desc {
5173 * the completion ring.
5174 */
5175 struct cas_rx_desc {
5176 - u64 index;
5177 - u64 buffer;
5178 + __le64 index;
5179 + __le64 buffer;
5180 };
5182 /* received packets are put on the completion ring. */
5183 @@ -4210,10 +4210,10 @@ struct cas_rx_desc {
5184 #define RX_INDEX_RELEASE 0x0000000000002000ULL
5186 struct cas_rx_comp {
5187 - u64 word1;
5188 - u64 word2;
5189 - u64 word3;
5190 - u64 word4;
5191 + __le64 word1;
5192 + __le64 word2;
5193 + __le64 word3;
5194 + __le64 word4;
5195 };
5197 enum link_state {
5198 @@ -4252,7 +4252,7 @@ struct cas_init_block {
5199 struct cas_rx_comp rxcs[N_RX_COMP_RINGS][INIT_BLOCK_RX_COMP];
5200 struct cas_rx_desc rxds[N_RX_DESC_RINGS][INIT_BLOCK_RX_DESC];
5201 struct cas_tx_desc txds[N_TX_RINGS][INIT_BLOCK_TX];
5202 - u64 tx_compwb;
5203 + __le64 tx_compwb;
5204 };
5206 /* tiny buffers to deal with target abort issue. we allocate a bit
5207 diff --git a/drivers/net/chelsio/cxgb2.c b/drivers/net/chelsio/cxgb2.c
5208 index 231ce43..a82a1fa 100644
5209 --- a/drivers/net/chelsio/cxgb2.c
5210 +++ b/drivers/net/chelsio/cxgb2.c
5211 @@ -370,6 +370,8 @@ static char stats_strings[][ETH_GSTRING_LEN] = {
5212 "TxInternalMACXmitError",
5213 "TxFramesWithExcessiveDeferral",
5214 "TxFCSErrors",
5215 + "TxJumboFramesOk",
5216 + "TxJumboOctetsOk",
5218 "RxOctetsOK",
5219 "RxOctetsBad",
5220 @@ -388,15 +390,16 @@ static char stats_strings[][ETH_GSTRING_LEN] = {
5221 "RxInRangeLengthErrors",
5222 "RxOutOfRangeLengthField",
5223 "RxFrameTooLongErrors",
5224 + "RxJumboFramesOk",
5225 + "RxJumboOctetsOk",
5227 /* Port stats */
5228 - "RxPackets",
5229 "RxCsumGood",
5230 - "TxPackets",
5231 "TxCsumOffload",
5232 "TxTso",
5233 "RxVlan",
5234 "TxVlan",
5235 + "TxNeedHeadroom",
5237 /* Interrupt stats */
5238 "rx drops",
5239 @@ -454,23 +457,56 @@ static void get_stats(struct net_device *dev, struct ethtool_stats *stats,
5240 const struct cmac_statistics *s;
5241 const struct sge_intr_counts *t;
5242 struct sge_port_stats ss;
5243 - unsigned int len;
5245 s = mac->ops->statistics_update(mac, MAC_STATS_UPDATE_FULL);
5246 -
5247 - len = sizeof(u64)*(&s->TxFCSErrors + 1 - &s->TxOctetsOK);
5248 - memcpy(data, &s->TxOctetsOK, len);
5249 - data += len;
5250 -
5251 - len = sizeof(u64)*(&s->RxFrameTooLongErrors + 1 - &s->RxOctetsOK);
5252 - memcpy(data, &s->RxOctetsOK, len);
5253 - data += len;
5254 -
5255 + t = t1_sge_get_intr_counts(adapter->sge);
5256 t1_sge_get_port_stats(adapter->sge, dev->if_port, &ss);
5257 - memcpy(data, &ss, sizeof(ss));
5258 - data += sizeof(ss);
5260 - t = t1_sge_get_intr_counts(adapter->sge);
5261 + *data++ = s->TxOctetsOK;
5262 + *data++ = s->TxOctetsBad;
5263 + *data++ = s->TxUnicastFramesOK;
5264 + *data++ = s->TxMulticastFramesOK;
5265 + *data++ = s->TxBroadcastFramesOK;
5266 + *data++ = s->TxPauseFrames;
5267 + *data++ = s->TxFramesWithDeferredXmissions;
5268 + *data++ = s->TxLateCollisions;
5269 + *data++ = s->TxTotalCollisions;
5270 + *data++ = s->TxFramesAbortedDueToXSCollisions;
5271 + *data++ = s->TxUnderrun;
5272 + *data++ = s->TxLengthErrors;
5273 + *data++ = s->TxInternalMACXmitError;
5274 + *data++ = s->TxFramesWithExcessiveDeferral;
5275 + *data++ = s->TxFCSErrors;
5276 + *data++ = s->TxJumboFramesOK;
5277 + *data++ = s->TxJumboOctetsOK;
5278 +
5279 + *data++ = s->RxOctetsOK;
5280 + *data++ = s->RxOctetsBad;
5281 + *data++ = s->RxUnicastFramesOK;
5282 + *data++ = s->RxMulticastFramesOK;
5283 + *data++ = s->RxBroadcastFramesOK;
5284 + *data++ = s->RxPauseFrames;
5285 + *data++ = s->RxFCSErrors;
5286 + *data++ = s->RxAlignErrors;
5287 + *data++ = s->RxSymbolErrors;
5288 + *data++ = s->RxDataErrors;
5289 + *data++ = s->RxSequenceErrors;
5290 + *data++ = s->RxRuntErrors;
5291 + *data++ = s->RxJabberErrors;
5292 + *data++ = s->RxInternalMACRcvError;
5293 + *data++ = s->RxInRangeLengthErrors;
5294 + *data++ = s->RxOutOfRangeLengthField;
5295 + *data++ = s->RxFrameTooLongErrors;
5296 + *data++ = s->RxJumboFramesOK;
5297 + *data++ = s->RxJumboOctetsOK;
5298 +
5299 + *data++ = ss.rx_cso_good;
5300 + *data++ = ss.tx_cso;
5301 + *data++ = ss.tx_tso;
5302 + *data++ = ss.vlan_xtract;
5303 + *data++ = ss.vlan_insert;
5304 + *data++ = ss.tx_need_hdrroom;
5305 +
5306 *data++ = t->rx_drops;
5307 *data++ = t->pure_rsps;
5308 *data++ = t->unhandled_irqs;
5309 diff --git a/drivers/net/chelsio/pm3393.c b/drivers/net/chelsio/pm3393.c
5310 index 678778a..2117c4f 100644
5311 --- a/drivers/net/chelsio/pm3393.c
5312 +++ b/drivers/net/chelsio/pm3393.c
5313 @@ -45,7 +45,7 @@
5315 #include <linux/crc32.h>
5317 -#define OFFSET(REG_ADDR) (REG_ADDR << 2)
5318 +#define OFFSET(REG_ADDR) ((REG_ADDR) << 2)
5320 /* Max frame size PM3393 can handle. Includes Ethernet header and CRC. */
5321 #define MAX_FRAME_SIZE 9600
5322 @@ -428,69 +428,26 @@ static int pm3393_set_speed_duplex_fc(struct cmac *cmac, int speed, int duplex,
5323 return 0;
5324 }
5326 -static void pm3393_rmon_update(struct adapter *adapter, u32 offs, u64 *val,
5327 - int over)
5328 -{
5329 - u32 val0, val1, val2;
5330 -
5331 - t1_tpi_read(adapter, offs, &val0);
5332 - t1_tpi_read(adapter, offs + 4, &val1);
5333 - t1_tpi_read(adapter, offs + 8, &val2);
5334 -
5335 - *val &= ~0ull << 40;
5336 - *val |= val0 & 0xffff;
5337 - *val |= (val1 & 0xffff) << 16;
5338 - *val |= (u64)(val2 & 0xff) << 32;
5339 -
5340 - if (over)
5341 - *val += 1ull << 40;
5342 +#define RMON_UPDATE(mac, name, stat_name) \
5343 +{ \
5344 + t1_tpi_read((mac)->adapter, OFFSET(name), &val0); \
5345 + t1_tpi_read((mac)->adapter, OFFSET((name)+1), &val1); \
5346 + t1_tpi_read((mac)->adapter, OFFSET((name)+2), &val2); \
5347 + (mac)->stats.stat_name = (u64)(val0 & 0xffff) | \
5348 + ((u64)(val1 & 0xffff) << 16) | \
5349 + ((u64)(val2 & 0xff) << 32) | \
5350 + ((mac)->stats.stat_name & \
5351 + 0xffffff0000000000ULL); \
5352 + if (ro & \
5353 + (1ULL << ((name - SUNI1x10GEXP_REG_MSTAT_COUNTER_0_LOW) >> 2))) \
5354 + (mac)->stats.stat_name += 1ULL << 40; \
5355 }
5357 static const struct cmac_statistics *pm3393_update_statistics(struct cmac *mac,
5358 int flag)
5359 {
5360 - static struct {
5361 - unsigned int reg;
5362 - unsigned int offset;
5363 - } hw_stats [] = {
5364 -
5365 -#define HW_STAT(name, stat_name) \
5366 - { name, (&((struct cmac_statistics *)NULL)->stat_name) - (u64 *)NULL }
5367 -
5368 - /* Rx stats */
5369 - HW_STAT(RxOctetsReceivedOK, RxOctetsOK),
5370 - HW_STAT(RxUnicastFramesReceivedOK, RxUnicastFramesOK),
5371 - HW_STAT(RxMulticastFramesReceivedOK, RxMulticastFramesOK),
5372 - HW_STAT(RxBroadcastFramesReceivedOK, RxBroadcastFramesOK),
5373 - HW_STAT(RxPAUSEMACCtrlFramesReceived, RxPauseFrames),
5374 - HW_STAT(RxFrameCheckSequenceErrors, RxFCSErrors),
5375 - HW_STAT(RxFramesLostDueToInternalMACErrors,
5376 - RxInternalMACRcvError),
5377 - HW_STAT(RxSymbolErrors, RxSymbolErrors),
5378 - HW_STAT(RxInRangeLengthErrors, RxInRangeLengthErrors),
5379 - HW_STAT(RxFramesTooLongErrors , RxFrameTooLongErrors),
5380 - HW_STAT(RxJabbers, RxJabberErrors),
5381 - HW_STAT(RxFragments, RxRuntErrors),
5382 - HW_STAT(RxUndersizedFrames, RxRuntErrors),
5383 - HW_STAT(RxJumboFramesReceivedOK, RxJumboFramesOK),
5384 - HW_STAT(RxJumboOctetsReceivedOK, RxJumboOctetsOK),
5385 -
5386 - /* Tx stats */
5387 - HW_STAT(TxOctetsTransmittedOK, TxOctetsOK),
5388 - HW_STAT(TxFramesLostDueToInternalMACTransmissionError,
5389 - TxInternalMACXmitError),
5390 - HW_STAT(TxTransmitSystemError, TxFCSErrors),
5391 - HW_STAT(TxUnicastFramesTransmittedOK, TxUnicastFramesOK),
5392 - HW_STAT(TxMulticastFramesTransmittedOK, TxMulticastFramesOK),
5393 - HW_STAT(TxBroadcastFramesTransmittedOK, TxBroadcastFramesOK),
5394 - HW_STAT(TxPAUSEMACCtrlFramesTransmitted, TxPauseFrames),
5395 - HW_STAT(TxJumboFramesReceivedOK, TxJumboFramesOK),
5396 - HW_STAT(TxJumboOctetsReceivedOK, TxJumboOctetsOK)
5397 - }, *p = hw_stats;
5398 - u64 ro;
5399 - u32 val0, val1, val2, val3;
5400 - u64 *stats = (u64 *) &mac->stats;
5401 - unsigned int i;
5402 + u64 ro;
5403 + u32 val0, val1, val2, val3;
5405 /* Snap the counters */
5406 pmwrite(mac, SUNI1x10GEXP_REG_MSTAT_CONTROL,
5407 @@ -504,14 +461,35 @@ static const struct cmac_statistics *pm3393_update_statistics(struct cmac *mac,
5408 ro = ((u64)val0 & 0xffff) | (((u64)val1 & 0xffff) << 16) |
5409 (((u64)val2 & 0xffff) << 32) | (((u64)val3 & 0xffff) << 48);
5411 - for (i = 0; i < ARRAY_SIZE(hw_stats); i++) {
5412 - unsigned reg = p->reg - SUNI1x10GEXP_REG_MSTAT_COUNTER_0_LOW;
5413 -
5414 - pm3393_rmon_update((mac)->adapter, OFFSET(p->reg),
5415 - stats + p->offset, ro & (reg >> 2));
5416 - }
5417 -
5418 -
5419 + /* Rx stats */
5420 + RMON_UPDATE(mac, RxOctetsReceivedOK, RxOctetsOK);
5421 + RMON_UPDATE(mac, RxUnicastFramesReceivedOK, RxUnicastFramesOK);
5422 + RMON_UPDATE(mac, RxMulticastFramesReceivedOK, RxMulticastFramesOK);
5423 + RMON_UPDATE(mac, RxBroadcastFramesReceivedOK, RxBroadcastFramesOK);
5424 + RMON_UPDATE(mac, RxPAUSEMACCtrlFramesReceived, RxPauseFrames);
5425 + RMON_UPDATE(mac, RxFrameCheckSequenceErrors, RxFCSErrors);
5426 + RMON_UPDATE(mac, RxFramesLostDueToInternalMACErrors,
5427 + RxInternalMACRcvError);
5428 + RMON_UPDATE(mac, RxSymbolErrors, RxSymbolErrors);
5429 + RMON_UPDATE(mac, RxInRangeLengthErrors, RxInRangeLengthErrors);
5430 + RMON_UPDATE(mac, RxFramesTooLongErrors , RxFrameTooLongErrors);
5431 + RMON_UPDATE(mac, RxJabbers, RxJabberErrors);
5432 + RMON_UPDATE(mac, RxFragments, RxRuntErrors);
5433 + RMON_UPDATE(mac, RxUndersizedFrames, RxRuntErrors);
5434 + RMON_UPDATE(mac, RxJumboFramesReceivedOK, RxJumboFramesOK);
5435 + RMON_UPDATE(mac, RxJumboOctetsReceivedOK, RxJumboOctetsOK);
5436 +
5437 + /* Tx stats */
5438 + RMON_UPDATE(mac, TxOctetsTransmittedOK, TxOctetsOK);
5439 + RMON_UPDATE(mac, TxFramesLostDueToInternalMACTransmissionError,
5440 + TxInternalMACXmitError);
5441 + RMON_UPDATE(mac, TxTransmitSystemError, TxFCSErrors);
5442 + RMON_UPDATE(mac, TxUnicastFramesTransmittedOK, TxUnicastFramesOK);
5443 + RMON_UPDATE(mac, TxMulticastFramesTransmittedOK, TxMulticastFramesOK);
5444 + RMON_UPDATE(mac, TxBroadcastFramesTransmittedOK, TxBroadcastFramesOK);
5445 + RMON_UPDATE(mac, TxPAUSEMACCtrlFramesTransmitted, TxPauseFrames);
5446 + RMON_UPDATE(mac, TxJumboFramesReceivedOK, TxJumboFramesOK);
5447 + RMON_UPDATE(mac, TxJumboOctetsReceivedOK, TxJumboOctetsOK);
5449 return &mac->stats;
5450 }
5451 diff --git a/drivers/net/chelsio/sge.c b/drivers/net/chelsio/sge.c
5452 index e4f874a..d77f1eb 100644
5453 --- a/drivers/net/chelsio/sge.c
5454 +++ b/drivers/net/chelsio/sge.c
5455 @@ -986,11 +986,10 @@ void t1_sge_get_port_stats(const struct sge *sge, int port,
5456 for_each_possible_cpu(cpu) {
5457 struct sge_port_stats *st = per_cpu_ptr(sge->port_stats[port], cpu);
5459 - ss->rx_packets += st->rx_packets;
5460 ss->rx_cso_good += st->rx_cso_good;
5461 - ss->tx_packets += st->tx_packets;
5462 ss->tx_cso += st->tx_cso;
5463 ss->tx_tso += st->tx_tso;
5464 + ss->tx_need_hdrroom += st->tx_need_hdrroom;
5465 ss->vlan_xtract += st->vlan_xtract;
5466 ss->vlan_insert += st->vlan_insert;
5467 }
5468 @@ -1379,11 +1378,10 @@ static void sge_rx(struct sge *sge, struct freelQ *fl, unsigned int len)
5469 }
5470 __skb_pull(skb, sizeof(*p));
5472 - skb->dev->last_rx = jiffies;
5473 st = per_cpu_ptr(sge->port_stats[p->iff], smp_processor_id());
5474 - st->rx_packets++;
5476 skb->protocol = eth_type_trans(skb, adapter->port[p->iff].dev);
5477 + skb->dev->last_rx = jiffies;
5478 if ((adapter->flags & RX_CSUM_ENABLED) && p->csum == 0xffff &&
5479 skb->protocol == htons(ETH_P_IP) &&
5480 (skb->data[9] == IPPROTO_TCP || skb->data[9] == IPPROTO_UDP)) {
5481 @@ -1851,7 +1849,8 @@ int t1_start_xmit(struct sk_buff *skb, struct net_device *dev)
5482 {
5483 struct adapter *adapter = dev->priv;
5484 struct sge *sge = adapter->sge;
5485 - struct sge_port_stats *st = per_cpu_ptr(sge->port_stats[dev->if_port], smp_processor_id());
5486 + struct sge_port_stats *st = per_cpu_ptr(sge->port_stats[dev->if_port],
5487 + smp_processor_id());
5488 struct cpl_tx_pkt *cpl;
5489 struct sk_buff *orig_skb = skb;
5490 int ret;
5491 @@ -1859,6 +1858,18 @@ int t1_start_xmit(struct sk_buff *skb, struct net_device *dev)
5492 if (skb->protocol == htons(ETH_P_CPL5))
5493 goto send;
5495 + /*
5496 + * We are using a non-standard hard_header_len.
5497 + * Allocate more header room in the rare cases it is not big enough.
5498 + */
5499 + if (unlikely(skb_headroom(skb) < dev->hard_header_len - ETH_HLEN)) {
5500 + skb = skb_realloc_headroom(skb, sizeof(struct cpl_tx_pkt_lso));
5501 + ++st->tx_need_hdrroom;
5502 + dev_kfree_skb_any(orig_skb);
5503 + if (!skb)
5504 + return NETDEV_TX_OK;
5505 + }
5506 +
5507 if (skb_shinfo(skb)->gso_size) {
5508 int eth_type;
5509 struct cpl_tx_pkt_lso *hdr;
5510 @@ -1892,24 +1903,6 @@ int t1_start_xmit(struct sk_buff *skb, struct net_device *dev)
5511 return NETDEV_TX_OK;
5512 }
5514 - /*
5515 - * We are using a non-standard hard_header_len and some kernel
5516 - * components, such as pktgen, do not handle it right.
5517 - * Complain when this happens but try to fix things up.
5518 - */
5519 - if (unlikely(skb_headroom(skb) < dev->hard_header_len - ETH_HLEN)) {
5520 - pr_debug("%s: headroom %d header_len %d\n", dev->name,
5521 - skb_headroom(skb), dev->hard_header_len);
5522 -
5523 - if (net_ratelimit())
5524 - printk(KERN_ERR "%s: inadequate headroom in "
5525 - "Tx packet\n", dev->name);
5526 - skb = skb_realloc_headroom(skb, sizeof(*cpl));
5527 - dev_kfree_skb_any(orig_skb);
5528 - if (!skb)
5529 - return NETDEV_TX_OK;
5530 - }
5531 -
5532 if (!(adapter->flags & UDP_CSUM_CAPABLE) &&
5533 skb->ip_summed == CHECKSUM_PARTIAL &&
5534 ip_hdr(skb)->protocol == IPPROTO_UDP) {
5535 @@ -1955,7 +1948,6 @@ int t1_start_xmit(struct sk_buff *skb, struct net_device *dev)
5536 cpl->vlan_valid = 0;
5538 send:
5539 - st->tx_packets++;
5540 dev->trans_start = jiffies;
5541 ret = t1_sge_tx(skb, adapter, 0, dev);
5543 diff --git a/drivers/net/chelsio/sge.h b/drivers/net/chelsio/sge.h
5544 index d132a0e..80165f9 100644
5545 --- a/drivers/net/chelsio/sge.h
5546 +++ b/drivers/net/chelsio/sge.h
5547 @@ -57,13 +57,12 @@ struct sge_intr_counts {
5548 };
5550 struct sge_port_stats {
5551 - u64 rx_packets; /* # of Ethernet packets received */
5552 u64 rx_cso_good; /* # of successful RX csum offloads */
5553 - u64 tx_packets; /* # of TX packets */
5554 u64 tx_cso; /* # of TX checksum offloads */
5555 u64 tx_tso; /* # of TSO requests */
5556 u64 vlan_xtract; /* # of VLAN tag extractions */
5557 u64 vlan_insert; /* # of VLAN tag insertions */
5558 + u64 tx_need_hdrroom; /* # of TX skbs in need of more header room */
5559 };
5561 struct sk_buff;
5562 diff --git a/drivers/net/forcedeth.c b/drivers/net/forcedeth.c
5563 index 42ba1c0..36b3a66 100644
5564 --- a/drivers/net/forcedeth.c
5565 +++ b/drivers/net/forcedeth.c
5566 @@ -550,6 +550,8 @@ union ring_type {
5567 /* PHY defines */
5568 #define PHY_OUI_MARVELL 0x5043
5569 #define PHY_OUI_CICADA 0x03f1
5570 +#define PHY_OUI_VITESSE 0x01c1
5571 +#define PHY_OUI_REALTEK 0x0732
5572 #define PHYID1_OUI_MASK 0x03ff
5573 #define PHYID1_OUI_SHFT 6
5574 #define PHYID2_OUI_MASK 0xfc00
5575 @@ -557,12 +559,36 @@ union ring_type {
5576 #define PHYID2_MODEL_MASK 0x03f0
5577 #define PHY_MODEL_MARVELL_E3016 0x220
5578 #define PHY_MARVELL_E3016_INITMASK 0x0300
5579 -#define PHY_INIT1 0x0f000
5580 -#define PHY_INIT2 0x0e00
5581 -#define PHY_INIT3 0x01000
5582 -#define PHY_INIT4 0x0200
5583 -#define PHY_INIT5 0x0004
5584 -#define PHY_INIT6 0x02000
5585 +#define PHY_CICADA_INIT1 0x0f000
5586 +#define PHY_CICADA_INIT2 0x0e00
5587 +#define PHY_CICADA_INIT3 0x01000
5588 +#define PHY_CICADA_INIT4 0x0200
5589 +#define PHY_CICADA_INIT5 0x0004
5590 +#define PHY_CICADA_INIT6 0x02000
5591 +#define PHY_VITESSE_INIT_REG1 0x1f
5592 +#define PHY_VITESSE_INIT_REG2 0x10
5593 +#define PHY_VITESSE_INIT_REG3 0x11
5594 +#define PHY_VITESSE_INIT_REG4 0x12
5595 +#define PHY_VITESSE_INIT_MSK1 0xc
5596 +#define PHY_VITESSE_INIT_MSK2 0x0180
5597 +#define PHY_VITESSE_INIT1 0x52b5
5598 +#define PHY_VITESSE_INIT2 0xaf8a
5599 +#define PHY_VITESSE_INIT3 0x8
5600 +#define PHY_VITESSE_INIT4 0x8f8a
5601 +#define PHY_VITESSE_INIT5 0xaf86
5602 +#define PHY_VITESSE_INIT6 0x8f86
5603 +#define PHY_VITESSE_INIT7 0xaf82
5604 +#define PHY_VITESSE_INIT8 0x0100
5605 +#define PHY_VITESSE_INIT9 0x8f82
5606 +#define PHY_VITESSE_INIT10 0x0
5607 +#define PHY_REALTEK_INIT_REG1 0x1f
5608 +#define PHY_REALTEK_INIT_REG2 0x19
5609 +#define PHY_REALTEK_INIT_REG3 0x13
5610 +#define PHY_REALTEK_INIT1 0x0000
5611 +#define PHY_REALTEK_INIT2 0x8e00
5612 +#define PHY_REALTEK_INIT3 0x0001
5613 +#define PHY_REALTEK_INIT4 0xad17
5614 +
5615 #define PHY_GIGABIT 0x0100
5617 #define PHY_TIMEOUT 0x1
5618 @@ -961,7 +987,7 @@ static void nv_enable_irq(struct net_device *dev)
5619 if (np->msi_flags & NV_MSI_X_ENABLED)
5620 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5621 else
5622 - enable_irq(dev->irq);
5623 + enable_irq(np->pci_dev->irq);
5624 } else {
5625 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_RX].vector);
5626 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_TX].vector);
5627 @@ -977,7 +1003,7 @@ static void nv_disable_irq(struct net_device *dev)
5628 if (np->msi_flags & NV_MSI_X_ENABLED)
5629 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5630 else
5631 - disable_irq(dev->irq);
5632 + disable_irq(np->pci_dev->irq);
5633 } else {
5634 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_RX].vector);
5635 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_TX].vector);
5636 @@ -1096,6 +1122,28 @@ static int phy_init(struct net_device *dev)
5637 return PHY_ERROR;
5638 }
5639 }
5640 + if (np->phy_oui == PHY_OUI_REALTEK) {
5641 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT1)) {
5642 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5643 + return PHY_ERROR;
5644 + }
5645 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG2, PHY_REALTEK_INIT2)) {
5646 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5647 + return PHY_ERROR;
5648 + }
5649 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT3)) {
5650 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5651 + return PHY_ERROR;
5652 + }
5653 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG3, PHY_REALTEK_INIT4)) {
5654 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5655 + return PHY_ERROR;
5656 + }
5657 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT1)) {
5658 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5659 + return PHY_ERROR;
5660 + }
5661 + }
5663 /* set advertise register */
5664 reg = mii_rw(dev, np->phyaddr, MII_ADVERTISE, MII_READ);
5665 @@ -1141,14 +1189,14 @@ static int phy_init(struct net_device *dev)
5666 /* phy vendor specific configuration */
5667 if ((np->phy_oui == PHY_OUI_CICADA) && (phyinterface & PHY_RGMII) ) {
5668 phy_reserved = mii_rw(dev, np->phyaddr, MII_RESV1, MII_READ);
5669 - phy_reserved &= ~(PHY_INIT1 | PHY_INIT2);
5670 - phy_reserved |= (PHY_INIT3 | PHY_INIT4);
5671 + phy_reserved &= ~(PHY_CICADA_INIT1 | PHY_CICADA_INIT2);
5672 + phy_reserved |= (PHY_CICADA_INIT3 | PHY_CICADA_INIT4);
5673 if (mii_rw(dev, np->phyaddr, MII_RESV1, phy_reserved)) {
5674 printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5675 return PHY_ERROR;
5676 }
5677 phy_reserved = mii_rw(dev, np->phyaddr, MII_NCONFIG, MII_READ);
5678 - phy_reserved |= PHY_INIT5;
5679 + phy_reserved |= PHY_CICADA_INIT5;
5680 if (mii_rw(dev, np->phyaddr, MII_NCONFIG, phy_reserved)) {
5681 printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5682 return PHY_ERROR;
5683 @@ -1156,12 +1204,106 @@ static int phy_init(struct net_device *dev)
5684 }
5685 if (np->phy_oui == PHY_OUI_CICADA) {
5686 phy_reserved = mii_rw(dev, np->phyaddr, MII_SREVISION, MII_READ);
5687 - phy_reserved |= PHY_INIT6;
5688 + phy_reserved |= PHY_CICADA_INIT6;
5689 if (mii_rw(dev, np->phyaddr, MII_SREVISION, phy_reserved)) {
5690 printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5691 return PHY_ERROR;
5692 }
5693 }
5694 + if (np->phy_oui == PHY_OUI_VITESSE) {
5695 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG1, PHY_VITESSE_INIT1)) {
5696 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5697 + return PHY_ERROR;
5698 + }
5699 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT2)) {
5700 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5701 + return PHY_ERROR;
5702 + }
5703 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, MII_READ);
5704 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, phy_reserved)) {
5705 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5706 + return PHY_ERROR;
5707 + }
5708 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, MII_READ);
5709 + phy_reserved &= ~PHY_VITESSE_INIT_MSK1;
5710 + phy_reserved |= PHY_VITESSE_INIT3;
5711 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, phy_reserved)) {
5712 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5713 + return PHY_ERROR;
5714 + }
5715 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT4)) {
5716 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5717 + return PHY_ERROR;
5718 + }
5719 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT5)) {
5720 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5721 + return PHY_ERROR;
5722 + }
5723 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, MII_READ);
5724 + phy_reserved &= ~PHY_VITESSE_INIT_MSK1;
5725 + phy_reserved |= PHY_VITESSE_INIT3;
5726 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, phy_reserved)) {
5727 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5728 + return PHY_ERROR;
5729 + }
5730 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, MII_READ);
5731 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, phy_reserved)) {
5732 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5733 + return PHY_ERROR;
5734 + }
5735 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT6)) {
5736 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5737 + return PHY_ERROR;
5738 + }
5739 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT7)) {
5740 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5741 + return PHY_ERROR;
5742 + }
5743 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, MII_READ);
5744 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, phy_reserved)) {
5745 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5746 + return PHY_ERROR;
5747 + }
5748 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, MII_READ);
5749 + phy_reserved &= ~PHY_VITESSE_INIT_MSK2;
5750 + phy_reserved |= PHY_VITESSE_INIT8;
5751 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, phy_reserved)) {
5752 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5753 + return PHY_ERROR;
5754 + }
5755 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT9)) {
5756 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5757 + return PHY_ERROR;
5758 + }
5759 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG1, PHY_VITESSE_INIT10)) {
5760 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5761 + return PHY_ERROR;
5762 + }
5763 + }
5764 + if (np->phy_oui == PHY_OUI_REALTEK) {
5765 + /* reset could have cleared these out, set them back */
5766 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT1)) {
5767 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5768 + return PHY_ERROR;
5769 + }
5770 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG2, PHY_REALTEK_INIT2)) {
5771 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5772 + return PHY_ERROR;
5773 + }
5774 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT3)) {
5775 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5776 + return PHY_ERROR;
5777 + }
5778 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG3, PHY_REALTEK_INIT4)) {
5779 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5780 + return PHY_ERROR;
5781 + }
5782 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT1)) {
5783 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5784 + return PHY_ERROR;
5785 + }
5786 + }
5787 +
5788 /* some phys clear out pause advertisment on reset, set it back */
5789 mii_rw(dev, np->phyaddr, MII_ADVERTISE, reg);
5791 @@ -1458,7 +1600,7 @@ static void nv_do_rx_refill(unsigned long data)
5792 if (np->msi_flags & NV_MSI_X_ENABLED)
5793 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5794 else
5795 - disable_irq(dev->irq);
5796 + disable_irq(np->pci_dev->irq);
5797 } else {
5798 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_RX].vector);
5799 }
5800 @@ -1476,7 +1618,7 @@ static void nv_do_rx_refill(unsigned long data)
5801 if (np->msi_flags & NV_MSI_X_ENABLED)
5802 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5803 else
5804 - enable_irq(dev->irq);
5805 + enable_irq(np->pci_dev->irq);
5806 } else {
5807 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_RX].vector);
5808 }
5809 @@ -2925,8 +3067,8 @@ static irqreturn_t nv_nic_irq(int foo, void *data)
5810 np->nic_poll_irq = np->irqmask;
5811 mod_timer(&np->nic_poll, jiffies + POLL_WAIT);
5812 }
5813 - printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq.\n", dev->name, i);
5814 spin_unlock(&np->lock);
5815 + printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq.\n", dev->name, i);
5816 break;
5817 }
5819 @@ -3043,8 +3185,8 @@ static irqreturn_t nv_nic_irq_optimized(int foo, void *data)
5820 np->nic_poll_irq = np->irqmask;
5821 mod_timer(&np->nic_poll, jiffies + POLL_WAIT);
5822 }
5823 - printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq.\n", dev->name, i);
5824 spin_unlock(&np->lock);
5825 + printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq.\n", dev->name, i);
5826 break;
5827 }
5829 @@ -3090,8 +3232,8 @@ static irqreturn_t nv_nic_irq_tx(int foo, void *data)
5830 np->nic_poll_irq |= NVREG_IRQ_TX_ALL;
5831 mod_timer(&np->nic_poll, jiffies + POLL_WAIT);
5832 }
5833 - printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_tx.\n", dev->name, i);
5834 spin_unlock_irqrestore(&np->lock, flags);
5835 + printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_tx.\n", dev->name, i);
5836 break;
5837 }
5839 @@ -3205,8 +3347,8 @@ static irqreturn_t nv_nic_irq_rx(int foo, void *data)
5840 np->nic_poll_irq |= NVREG_IRQ_RX_ALL;
5841 mod_timer(&np->nic_poll, jiffies + POLL_WAIT);
5842 }
5843 - printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_rx.\n", dev->name, i);
5844 spin_unlock_irqrestore(&np->lock, flags);
5845 + printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_rx.\n", dev->name, i);
5846 break;
5847 }
5848 }
5849 @@ -3278,8 +3420,8 @@ static irqreturn_t nv_nic_irq_other(int foo, void *data)
5850 np->nic_poll_irq |= NVREG_IRQ_OTHER;
5851 mod_timer(&np->nic_poll, jiffies + POLL_WAIT);
5852 }
5853 - printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_other.\n", dev->name, i);
5854 spin_unlock_irqrestore(&np->lock, flags);
5855 + printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_other.\n", dev->name, i);
5856 break;
5857 }
5859 @@ -3414,10 +3556,12 @@ static int nv_request_irq(struct net_device *dev, int intr_test)
5860 if (ret != 0 && np->msi_flags & NV_MSI_CAPABLE) {
5861 if ((ret = pci_enable_msi(np->pci_dev)) == 0) {
5862 np->msi_flags |= NV_MSI_ENABLED;
5863 + dev->irq = np->pci_dev->irq;
5864 if (request_irq(np->pci_dev->irq, handler, IRQF_SHARED, dev->name, dev) != 0) {
5865 printk(KERN_INFO "forcedeth: request_irq failed %d\n", ret);
5866 pci_disable_msi(np->pci_dev);
5867 np->msi_flags &= ~NV_MSI_ENABLED;
5868 + dev->irq = np->pci_dev->irq;
5869 goto out_err;
5870 }
5872 @@ -3480,7 +3624,7 @@ static void nv_do_nic_poll(unsigned long data)
5873 if (np->msi_flags & NV_MSI_X_ENABLED)
5874 disable_irq_lockdep(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5875 else
5876 - disable_irq_lockdep(dev->irq);
5877 + disable_irq_lockdep(np->pci_dev->irq);
5878 mask = np->irqmask;
5879 } else {
5880 if (np->nic_poll_irq & NVREG_IRQ_RX_ALL) {
5881 @@ -3498,6 +3642,8 @@ static void nv_do_nic_poll(unsigned long data)
5882 }
5883 np->nic_poll_irq = 0;
5885 + /* disable_irq() contains synchronize_irq, thus no irq handler can run now */
5886 +
5887 if (np->recover_error) {
5888 np->recover_error = 0;
5889 printk(KERN_INFO "forcedeth: MAC in recoverable error state\n");
5890 @@ -3534,7 +3680,6 @@ static void nv_do_nic_poll(unsigned long data)
5891 }
5892 }
5894 - /* FIXME: Do we need synchronize_irq(dev->irq) here? */
5896 writel(mask, base + NvRegIrqMask);
5897 pci_push(base);
5898 @@ -3547,7 +3692,7 @@ static void nv_do_nic_poll(unsigned long data)
5899 if (np->msi_flags & NV_MSI_X_ENABLED)
5900 enable_irq_lockdep(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5901 else
5902 - enable_irq_lockdep(dev->irq);
5903 + enable_irq_lockdep(np->pci_dev->irq);
5904 } else {
5905 if (np->nic_poll_irq & NVREG_IRQ_RX_ALL) {
5906 nv_nic_irq_rx(0, dev);
5907 @@ -4801,7 +4946,7 @@ static int nv_close(struct net_device *dev)
5908 np->in_shutdown = 1;
5909 spin_unlock_irq(&np->lock);
5910 netif_poll_disable(dev);
5911 - synchronize_irq(dev->irq);
5912 + synchronize_irq(np->pci_dev->irq);
5914 del_timer_sync(&np->oom_kick);
5915 del_timer_sync(&np->nic_poll);
5916 @@ -5138,19 +5283,15 @@ static int __devinit nv_probe(struct pci_dev *pci_dev, const struct pci_device_i
5917 if (readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_SYNC_PHY_INIT) {
5918 np->mac_in_use = readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_MGMT_ST;
5919 dprintk(KERN_INFO "%s: mgmt unit is running. mac in use %x.\n", pci_name(pci_dev), np->mac_in_use);
5920 - for (i = 0; i < 5000; i++) {
5921 - msleep(1);
5922 - if (nv_mgmt_acquire_sema(dev)) {
5923 - /* management unit setup the phy already? */
5924 - if ((readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_SYNC_MASK) ==
5925 - NVREG_XMITCTL_SYNC_PHY_INIT) {
5926 - /* phy is inited by mgmt unit */
5927 - phyinitialized = 1;
5928 - dprintk(KERN_INFO "%s: Phy already initialized by mgmt unit.\n", pci_name(pci_dev));
5929 - } else {
5930 - /* we need to init the phy */
5931 - }
5932 - break;
5933 + if (nv_mgmt_acquire_sema(dev)) {
5934 + /* management unit setup the phy already? */
5935 + if ((readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_SYNC_MASK) ==
5936 + NVREG_XMITCTL_SYNC_PHY_INIT) {
5937 + /* phy is inited by mgmt unit */
5938 + phyinitialized = 1;
5939 + dprintk(KERN_INFO "%s: Phy already initialized by mgmt unit.\n", pci_name(pci_dev));
5940 + } else {
5941 + /* we need to init the phy */
5942 }
5943 }
5944 }
5945 @@ -5408,6 +5549,22 @@ static struct pci_device_id pci_tbl[] = {
5946 PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_27),
5947 .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_HIGH_DMA|DEV_HAS_POWER_CNTRL|DEV_HAS_MSI|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
5948 },
5949 + { /* MCP79 Ethernet Controller */
5950 + PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_36),
5951 + .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
5952 + },
5953 + { /* MCP79 Ethernet Controller */
5954 + PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_37),
5955 + .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
5956 + },
5957 + { /* MCP79 Ethernet Controller */
5958 + PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_38),
5959 + .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
5960 + },
5961 + { /* MCP79 Ethernet Controller */
5962 + PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_39),
5963 + .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
5964 + },
5965 {0,},
5966 };
5968 diff --git a/drivers/net/natsemi.c b/drivers/net/natsemi.c
5969 index 460a087..41f68ec 100644
5970 --- a/drivers/net/natsemi.c
5971 +++ b/drivers/net/natsemi.c
5972 @@ -671,7 +671,7 @@ static ssize_t natsemi_show_##_name(struct device *dev, \
5973 #define NATSEMI_CREATE_FILE(_dev, _name) \
5974 device_create_file(&_dev->dev, &dev_attr_##_name)
5975 #define NATSEMI_REMOVE_FILE(_dev, _name) \
5976 - device_create_file(&_dev->dev, &dev_attr_##_name)
5977 + device_remove_file(&_dev->dev, &dev_attr_##_name)
5979 NATSEMI_ATTR(dspcfg_workaround);
5981 diff --git a/drivers/net/ppp_generic.c b/drivers/net/ppp_generic.c
5982 index 3ef0092..9a81fed 100644
5983 --- a/drivers/net/ppp_generic.c
5984 +++ b/drivers/net/ppp_generic.c
5985 @@ -1726,7 +1726,7 @@ ppp_decompress_frame(struct ppp *ppp, struct sk_buff *skb)
5986 }
5987 /* the decompressor still expects the A/C bytes in the hdr */
5988 len = ppp->rcomp->decompress(ppp->rc_state, skb->data - 2,
5989 - skb->len + 2, ns->data, ppp->mru + PPP_HDRLEN);
5990 + skb->len + 2, ns->data, obuff_size);
5991 if (len < 0) {
5992 /* Pass the compressed frame to pppd as an
5993 error indication. */
5994 diff --git a/drivers/net/ppp_mppe.c b/drivers/net/ppp_mppe.c
5995 index d5bdd25..39e0e12 100644
5996 --- a/drivers/net/ppp_mppe.c
5997 +++ b/drivers/net/ppp_mppe.c
5998 @@ -136,7 +136,7 @@ struct ppp_mppe_state {
5999 * Key Derivation, from RFC 3078, RFC 3079.
6000 * Equivalent to Get_Key() for MS-CHAP as described in RFC 3079.
6001 */
6002 -static void get_new_key_from_sha(struct ppp_mppe_state * state, unsigned char *InterimKey)
6003 +static void get_new_key_from_sha(struct ppp_mppe_state * state)
6004 {
6005 struct hash_desc desc;
6006 struct scatterlist sg[4];
6007 @@ -153,8 +153,6 @@ static void get_new_key_from_sha(struct ppp_mppe_state * state, unsigned char *I
6008 desc.flags = 0;
6010 crypto_hash_digest(&desc, sg, nbytes, state->sha1_digest);
6011 -
6012 - memcpy(InterimKey, state->sha1_digest, state->keylen);
6013 }
6015 /*
6016 @@ -163,21 +161,21 @@ static void get_new_key_from_sha(struct ppp_mppe_state * state, unsigned char *I
6017 */
6018 static void mppe_rekey(struct ppp_mppe_state * state, int initial_key)
6019 {
6020 - unsigned char InterimKey[MPPE_MAX_KEY_LEN];
6021 struct scatterlist sg_in[1], sg_out[1];
6022 struct blkcipher_desc desc = { .tfm = state->arc4 };
6024 - get_new_key_from_sha(state, InterimKey);
6025 + get_new_key_from_sha(state);
6026 if (!initial_key) {
6027 - crypto_blkcipher_setkey(state->arc4, InterimKey, state->keylen);
6028 - setup_sg(sg_in, InterimKey, state->keylen);
6029 + crypto_blkcipher_setkey(state->arc4, state->sha1_digest,
6030 + state->keylen);
6031 + setup_sg(sg_in, state->sha1_digest, state->keylen);
6032 setup_sg(sg_out, state->session_key, state->keylen);
6033 if (crypto_blkcipher_encrypt(&desc, sg_out, sg_in,
6034 state->keylen) != 0) {
6035 printk(KERN_WARNING "mppe_rekey: cipher_encrypt failed\n");
6036 }
6037 } else {
6038 - memcpy(state->session_key, InterimKey, state->keylen);
6039 + memcpy(state->session_key, state->sha1_digest, state->keylen);
6040 }
6041 if (state->keylen == 8) {
6042 /* See RFC 3078 */
6043 diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c
6044 index 5ec7752..84958c8 100644
6045 --- a/drivers/net/r8169.c
6046 +++ b/drivers/net/r8169.c
6047 @@ -2649,14 +2649,16 @@ rtl8169_interrupt(int irq, void *dev_instance)
6048 rtl8169_check_link_status(dev, tp, ioaddr);
6050 #ifdef CONFIG_R8169_NAPI
6051 - RTL_W16(IntrMask, rtl8169_intr_mask & ~rtl8169_napi_event);
6052 - tp->intr_mask = ~rtl8169_napi_event;
6053 -
6054 - if (likely(netif_rx_schedule_prep(dev)))
6055 - __netif_rx_schedule(dev);
6056 - else if (netif_msg_intr(tp)) {
6057 - printk(KERN_INFO "%s: interrupt %04x taken in poll\n",
6058 - dev->name, status);
6059 + if (status & rtl8169_napi_event) {
6060 + RTL_W16(IntrMask, rtl8169_intr_mask & ~rtl8169_napi_event);
6061 + tp->intr_mask = ~rtl8169_napi_event;
6062 +
6063 + if (likely(netif_rx_schedule_prep(dev)))
6064 + __netif_rx_schedule(dev);
6065 + else if (netif_msg_intr(tp)) {
6066 + printk(KERN_INFO "%s: interrupt %04x in poll\n",
6067 + dev->name, status);
6068 + }
6069 }
6070 break;
6071 #else
6072 diff --git a/drivers/net/sky2.c b/drivers/net/sky2.c
6073 index fe01b96..607b1a3 100644
6074 --- a/drivers/net/sky2.c
6075 +++ b/drivers/net/sky2.c
6076 @@ -96,10 +96,6 @@ static int disable_msi = 0;
6077 module_param(disable_msi, int, 0);
6078 MODULE_PARM_DESC(disable_msi, "Disable Message Signaled Interrupt (MSI)");
6080 -static int idle_timeout = 0;
6081 -module_param(idle_timeout, int, 0);
6082 -MODULE_PARM_DESC(idle_timeout, "Watchdog timer for lost interrupts (ms)");
6083 -
6084 static const struct pci_device_id sky2_id_table[] = {
6085 { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9000) }, /* SK-9Sxx */
6086 { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9E00) }, /* SK-9Exx */
6087 @@ -657,8 +653,8 @@ static void sky2_mac_init(struct sky2_hw *hw, unsigned port)
6088 int i;
6089 const u8 *addr = hw->dev[port]->dev_addr;
6091 - sky2_write32(hw, SK_REG(port, GPHY_CTRL), GPC_RST_SET);
6092 - sky2_write32(hw, SK_REG(port, GPHY_CTRL), GPC_RST_CLR);
6093 + sky2_write8(hw, SK_REG(port, GPHY_CTRL), GPC_RST_SET);
6094 + sky2_write8(hw, SK_REG(port, GPHY_CTRL), GPC_RST_CLR);
6096 sky2_write8(hw, SK_REG(port, GMAC_CTRL), GMC_RST_CLR);
6098 @@ -835,6 +831,20 @@ static inline struct sky2_tx_le *get_tx_le(struct sky2_port *sky2)
6099 return le;
6100 }
6102 +static void tx_init(struct sky2_port *sky2)
6103 +{
6104 + struct sky2_tx_le *le;
6105 +
6106 + sky2->tx_prod = sky2->tx_cons = 0;
6107 + sky2->tx_tcpsum = 0;
6108 + sky2->tx_last_mss = 0;
6109 +
6110 + le = get_tx_le(sky2);
6111 + le->addr = 0;
6112 + le->opcode = OP_ADDR64 | HW_OWNER;
6113 + sky2->tx_addr64 = 0;
6114 +}
6115 +
6116 static inline struct tx_ring_info *tx_le_re(struct sky2_port *sky2,
6117 struct sky2_tx_le *le)
6118 {
6119 @@ -1234,6 +1244,8 @@ static int sky2_up(struct net_device *dev)
6120 if (netif_msg_ifup(sky2))
6121 printk(KERN_INFO PFX "%s: enabling interface\n", dev->name);
6123 + netif_carrier_off(dev);
6124 +
6125 /* must be power of 2 */
6126 sky2->tx_le = pci_alloc_consistent(hw->pdev,
6127 TX_RING_SIZE *
6128 @@ -1246,7 +1258,8 @@ static int sky2_up(struct net_device *dev)
6129 GFP_KERNEL);
6130 if (!sky2->tx_ring)
6131 goto err_out;
6132 - sky2->tx_prod = sky2->tx_cons = 0;
6133 +
6134 + tx_init(sky2);
6136 sky2->rx_le = pci_alloc_consistent(hw->pdev, RX_LE_BYTES,
6137 &sky2->rx_le_map);
6138 @@ -1573,7 +1586,6 @@ static int sky2_down(struct net_device *dev)
6140 /* Stop more packets from being queued */
6141 netif_stop_queue(dev);
6142 - netif_carrier_off(dev);
6144 /* Disable port IRQ */
6145 imask = sky2_read32(hw, B0_IMSK);
6146 @@ -1625,6 +1637,8 @@ static int sky2_down(struct net_device *dev)
6148 sky2_phy_power(hw, port, 0);
6150 + netif_carrier_off(dev);
6151 +
6152 /* turn off LED's */
6153 sky2_write16(hw, B0_Y2LED, LED_STAT_OFF);
6155 @@ -1689,7 +1703,8 @@ static void sky2_link_up(struct sky2_port *sky2)
6156 gm_phy_write(hw, port, PHY_MARV_INT_MASK, PHY_M_DEF_MSK);
6158 netif_carrier_on(sky2->netdev);
6159 - netif_wake_queue(sky2->netdev);
6160 +
6161 + mod_timer(&hw->watchdog_timer, jiffies + 1);
6163 /* Turn on link LED */
6164 sky2_write8(hw, SK_REG(port, LNK_LED_REG),
6165 @@ -1741,7 +1756,6 @@ static void sky2_link_down(struct sky2_port *sky2)
6166 gma_write16(hw, port, GM_GP_CTRL, reg);
6168 netif_carrier_off(sky2->netdev);
6169 - netif_stop_queue(sky2->netdev);
6171 /* Turn on link LED */
6172 sky2_write8(hw, SK_REG(port, LNK_LED_REG), LINKLED_OFF);
6173 @@ -2050,6 +2064,7 @@ static struct sk_buff *sky2_receive(struct net_device *dev,
6174 struct sky2_port *sky2 = netdev_priv(dev);
6175 struct rx_ring_info *re = sky2->rx_ring + sky2->rx_next;
6176 struct sk_buff *skb = NULL;
6177 + u16 count;
6179 if (unlikely(netif_msg_rx_status(sky2)))
6180 printk(KERN_DEBUG PFX "%s: rx slot %u status 0x%x len %d\n",
6181 @@ -2064,6 +2079,15 @@ static struct sk_buff *sky2_receive(struct net_device *dev,
6182 if (!(status & GMR_FS_RX_OK))
6183 goto resubmit;
6185 + count = (status & GMR_FS_LEN) >> 16;
6186 +#ifdef SKY2_VLAN_TAG_USED
6187 + /* Account for vlan tag */
6188 + if (sky2->vlgrp && (status & GMR_FS_VLAN))
6189 + count -= VLAN_HLEN;
6190 +#endif
6191 + if (count != length)
6192 + goto len_mismatch;
6193 +
6194 if (length < copybreak)
6195 skb = receive_copy(sky2, re, length);
6196 else
6197 @@ -2073,6 +2097,11 @@ resubmit:
6199 return skb;
6201 +len_mismatch:
6202 + /* Truncation of overlength packets
6203 + causes PHY length to not match MAC length */
6204 + ++sky2->net_stats.rx_length_errors;
6205 +
6206 error:
6207 ++sky2->net_stats.rx_errors;
6208 if (status & GMR_FS_RX_FF_OV) {
6209 @@ -2375,25 +2404,25 @@ static void sky2_le_error(struct sky2_hw *hw, unsigned port,
6210 sky2_write32(hw, Q_ADDR(q, Q_CSR), BMU_CLR_IRQ_CHK);
6211 }
6213 -/* If idle then force a fake soft NAPI poll once a second
6214 - * to work around cases where sharing an edge triggered interrupt.
6215 - */
6216 -static inline void sky2_idle_start(struct sky2_hw *hw)
6217 -{
6218 - if (idle_timeout > 0)
6219 - mod_timer(&hw->idle_timer,
6220 - jiffies + msecs_to_jiffies(idle_timeout));
6221 -}
6222 -
6223 -static void sky2_idle(unsigned long arg)
6224 +/* Force a fake soft NAPI poll to handle lost IRQ's */
6225 +static void sky2_watchdog(unsigned long arg)
6226 {
6227 struct sky2_hw *hw = (struct sky2_hw *) arg;
6228 struct net_device *dev = hw->dev[0];
6229 + int i, active = 0;
6231 if (__netif_rx_schedule_prep(dev))
6232 __netif_rx_schedule(dev);
6234 - mod_timer(&hw->idle_timer, jiffies + msecs_to_jiffies(idle_timeout));
6235 + for (i = 0; i < hw->ports; i++) {
6236 + dev = hw->dev[i];
6237 + if (!netif_running(dev))
6238 + continue;
6239 + ++active;
6240 + }
6241 +
6242 + if (active)
6243 + mod_timer(&hw->watchdog_timer, round_jiffies(jiffies + HZ));
6244 }
6246 /* Hardware/software error handling */
6247 @@ -2427,8 +2456,7 @@ static void sky2_err_intr(struct sky2_hw *hw, u32 status)
6248 static int sky2_poll(struct net_device *dev0, int *budget)
6249 {
6250 struct sky2_hw *hw = ((struct sky2_port *) netdev_priv(dev0))->hw;
6251 - int work_limit = min(dev0->quota, *budget);
6252 - int work_done = 0;
6253 + int work_done;
6254 u32 status = sky2_read32(hw, B0_Y2_SP_EISR);
6256 if (unlikely(status & Y2_IS_ERROR))
6257 @@ -2440,18 +2468,25 @@ static int sky2_poll(struct net_device *dev0, int *budget)
6258 if (status & Y2_IS_IRQ_PHY2)
6259 sky2_phy_intr(hw, 1);
6261 - work_done = sky2_status_intr(hw, work_limit);
6262 - if (work_done < work_limit) {
6263 - netif_rx_complete(dev0);
6264 + work_done = sky2_status_intr(hw, min(dev0->quota, *budget));
6265 + *budget -= work_done;
6266 + dev0->quota -= work_done;
6268 - /* end of interrupt, re-enables also acts as I/O synchronization */
6269 - sky2_read32(hw, B0_Y2_SP_LISR);
6270 - return 0;
6271 - } else {
6272 - *budget -= work_done;
6273 - dev0->quota -= work_done;
6274 + /* More work? */
6275 + if (hw->st_idx != sky2_read16(hw, STAT_PUT_IDX))
6276 return 1;
6277 +
6278 + /* Bug/Errata workaround?
6279 + * Need to kick the TX irq moderation timer.
6280 + */
6281 + if (sky2_read8(hw, STAT_TX_TIMER_CTRL) == TIM_START) {
6282 + sky2_write8(hw, STAT_TX_TIMER_CTRL, TIM_STOP);
6283 + sky2_write8(hw, STAT_TX_TIMER_CTRL, TIM_START);
6284 }
6285 + netif_rx_complete(dev0);
6286 +
6287 + sky2_read32(hw, B0_Y2_SP_LISR);
6288 + return 0;
6289 }
6291 static irqreturn_t sky2_intr(int irq, void *dev_id)
6292 @@ -2677,8 +2712,6 @@ static void sky2_restart(struct work_struct *work)
6294 dev_dbg(&hw->pdev->dev, "restarting\n");
6296 - del_timer_sync(&hw->idle_timer);
6297 -
6298 rtnl_lock();
6299 sky2_write32(hw, B0_IMSK, 0);
6300 sky2_read32(hw, B0_IMSK);
6301 @@ -2707,8 +2740,6 @@ static void sky2_restart(struct work_struct *work)
6302 }
6303 }
6305 - sky2_idle_start(hw);
6306 -
6307 rtnl_unlock();
6308 }
6310 @@ -3486,10 +3517,6 @@ static __devinit struct net_device *sky2_init_netdev(struct sky2_hw *hw,
6311 memcpy_fromio(dev->dev_addr, hw->regs + B2_MAC_1 + port * 8, ETH_ALEN);
6312 memcpy(dev->perm_addr, dev->dev_addr, dev->addr_len);
6314 - /* device is off until link detection */
6315 - netif_carrier_off(dev);
6316 - netif_stop_queue(dev);
6317 -
6318 return dev;
6319 }
6321 @@ -3702,11 +3729,9 @@ static int __devinit sky2_probe(struct pci_dev *pdev,
6322 sky2_show_addr(dev1);
6323 }
6325 - setup_timer(&hw->idle_timer, sky2_idle, (unsigned long) hw);
6326 + setup_timer(&hw->watchdog_timer, sky2_watchdog, (unsigned long) hw);
6327 INIT_WORK(&hw->restart_work, sky2_restart);
6329 - sky2_idle_start(hw);
6330 -
6331 pci_set_drvdata(pdev, hw);
6333 return 0;
6334 @@ -3741,7 +3766,7 @@ static void __devexit sky2_remove(struct pci_dev *pdev)
6335 if (!hw)
6336 return;
6338 - del_timer_sync(&hw->idle_timer);
6339 + del_timer_sync(&hw->watchdog_timer);
6341 flush_scheduled_work();
6343 @@ -3785,7 +3810,7 @@ static int sky2_suspend(struct pci_dev *pdev, pm_message_t state)
6344 if (!hw)
6345 return 0;
6347 - del_timer_sync(&hw->idle_timer);
6348 + del_timer_sync(&hw->watchdog_timer);
6349 netif_poll_disable(hw->dev[0]);
6351 for (i = 0; i < hw->ports; i++) {
6352 @@ -3851,7 +3876,7 @@ static int sky2_resume(struct pci_dev *pdev)
6353 }
6355 netif_poll_enable(hw->dev[0]);
6356 - sky2_idle_start(hw);
6357 +
6358 return 0;
6359 out:
6360 dev_err(&pdev->dev, "resume failed (%d)\n", err);
6361 @@ -3868,7 +3893,6 @@ static void sky2_shutdown(struct pci_dev *pdev)
6362 if (!hw)
6363 return;
6365 - del_timer_sync(&hw->idle_timer);
6366 netif_poll_disable(hw->dev[0]);
6368 for (i = 0; i < hw->ports; i++) {
6369 diff --git a/drivers/net/sky2.h b/drivers/net/sky2.h
6370 index b8c4a3b..a059e0a 100644
6371 --- a/drivers/net/sky2.h
6372 +++ b/drivers/net/sky2.h
6373 @@ -1921,7 +1921,7 @@ struct sky2_hw {
6374 u32 st_idx;
6375 dma_addr_t st_dma;
6377 - struct timer_list idle_timer;
6378 + struct timer_list watchdog_timer;
6379 struct work_struct restart_work;
6380 int msi;
6381 wait_queue_head_t msi_wait;
6382 diff --git a/drivers/net/tulip/tulip_core.c b/drivers/net/tulip/tulip_core.c
6383 index 041af63..4df0284 100644
6384 --- a/drivers/net/tulip/tulip_core.c
6385 +++ b/drivers/net/tulip/tulip_core.c
6386 @@ -1794,6 +1794,10 @@ static void __devexit tulip_remove_one (struct pci_dev *pdev)
6387 return;
6389 tp = netdev_priv(dev);
6390 +
6391 + /* shoot NIC in the head before deallocating descriptors */
6392 + pci_disable_device(tp->pdev);
6393 +
6394 unregister_netdev(dev);
6395 pci_free_consistent (pdev,
6396 sizeof (struct tulip_rx_desc) * RX_RING_SIZE +
6397 diff --git a/drivers/net/usb/dm9601.c b/drivers/net/usb/dm9601.c
6398 index 16c7a0e..a2de32f 100644
6399 --- a/drivers/net/usb/dm9601.c
6400 +++ b/drivers/net/usb/dm9601.c
6401 @@ -405,7 +405,7 @@ static int dm9601_bind(struct usbnet *dev, struct usb_interface *intf)
6402 dev->net->ethtool_ops = &dm9601_ethtool_ops;
6403 dev->net->hard_header_len += DM_TX_OVERHEAD;
6404 dev->hard_mtu = dev->net->mtu + dev->net->hard_header_len;
6405 - dev->rx_urb_size = dev->net->mtu + DM_RX_OVERHEAD;
6406 + dev->rx_urb_size = dev->net->mtu + ETH_HLEN + DM_RX_OVERHEAD;
6408 dev->mii.dev = dev->net;
6409 dev->mii.mdio_read = dm9601_mdio_read;
6410 diff --git a/drivers/net/usb/kaweth.c b/drivers/net/usb/kaweth.c
6411 index 60d2944..4ebb6ea 100644
6412 --- a/drivers/net/usb/kaweth.c
6413 +++ b/drivers/net/usb/kaweth.c
6414 @@ -70,7 +70,7 @@
6415 #define KAWETH_TX_TIMEOUT (5 * HZ)
6416 #define KAWETH_SCRATCH_SIZE 32
6417 #define KAWETH_FIRMWARE_BUF_SIZE 4096
6418 -#define KAWETH_CONTROL_TIMEOUT (30 * HZ)
6419 +#define KAWETH_CONTROL_TIMEOUT (30000)
6421 #define KAWETH_STATUS_BROKEN 0x0000001
6422 #define KAWETH_STATUS_CLOSING 0x0000002
6423 diff --git a/drivers/net/usb/mcs7830.c b/drivers/net/usb/mcs7830.c
6424 index 6240b97..3bbc5c4 100644
6425 --- a/drivers/net/usb/mcs7830.c
6426 +++ b/drivers/net/usb/mcs7830.c
6427 @@ -94,7 +94,7 @@ static int mcs7830_get_reg(struct usbnet *dev, u16 index, u16 size, void *data)
6429 ret = usb_control_msg(xdev, usb_rcvctrlpipe(xdev, 0), MCS7830_RD_BREQ,
6430 MCS7830_RD_BMREQ, 0x0000, index, data,
6431 - size, msecs_to_jiffies(MCS7830_CTRL_TIMEOUT));
6432 + size, MCS7830_CTRL_TIMEOUT);
6433 return ret;
6434 }
6436 @@ -105,7 +105,7 @@ static int mcs7830_set_reg(struct usbnet *dev, u16 index, u16 size, void *data)
6438 ret = usb_control_msg(xdev, usb_sndctrlpipe(xdev, 0), MCS7830_WR_BREQ,
6439 MCS7830_WR_BMREQ, 0x0000, index, data,
6440 - size, msecs_to_jiffies(MCS7830_CTRL_TIMEOUT));
6441 + size, MCS7830_CTRL_TIMEOUT);
6442 return ret;
6443 }
6445 diff --git a/drivers/net/via-velocity.c b/drivers/net/via-velocity.c
6446 index b670b97..431269e 100644
6447 --- a/drivers/net/via-velocity.c
6448 +++ b/drivers/net/via-velocity.c
6449 @@ -1075,6 +1075,9 @@ static int velocity_init_rd_ring(struct velocity_info *vptr)
6450 int ret = -ENOMEM;
6451 unsigned int rsize = sizeof(struct velocity_rd_info) *
6452 vptr->options.numrx;
6453 + int mtu = vptr->dev->mtu;
6454 +
6455 + vptr->rx_buf_sz = (mtu <= ETH_DATA_LEN) ? PKT_BUF_SZ : mtu + 32;
6457 vptr->rd_info = kmalloc(rsize, GFP_KERNEL);
6458 if(vptr->rd_info == NULL)
6459 @@ -1733,8 +1736,6 @@ static int velocity_open(struct net_device *dev)
6460 struct velocity_info *vptr = netdev_priv(dev);
6461 int ret;
6463 - vptr->rx_buf_sz = (dev->mtu <= 1504 ? PKT_BUF_SZ : dev->mtu + 32);
6464 -
6465 ret = velocity_init_rings(vptr);
6466 if (ret < 0)
6467 goto out;
6468 @@ -1798,6 +1799,11 @@ static int velocity_change_mtu(struct net_device *dev, int new_mtu)
6469 return -EINVAL;
6470 }
6472 + if (!netif_running(dev)) {
6473 + dev->mtu = new_mtu;
6474 + return 0;
6475 + }
6476 +
6477 if (new_mtu != oldmtu) {
6478 spin_lock_irqsave(&vptr->lock, flags);
6480 @@ -1808,12 +1814,6 @@ static int velocity_change_mtu(struct net_device *dev, int new_mtu)
6481 velocity_free_rd_ring(vptr);
6483 dev->mtu = new_mtu;
6484 - if (new_mtu > 8192)
6485 - vptr->rx_buf_sz = 9 * 1024;
6486 - else if (new_mtu > 4096)
6487 - vptr->rx_buf_sz = 8192;
6488 - else
6489 - vptr->rx_buf_sz = 4 * 1024;
6491 ret = velocity_init_rd_ring(vptr);
6492 if (ret < 0)
6493 diff --git a/drivers/net/wireless/bcm43xx/bcm43xx_main.c b/drivers/net/wireless/bcm43xx/bcm43xx_main.c
6494 index ef6b253..dadee85 100644
6495 --- a/drivers/net/wireless/bcm43xx/bcm43xx_main.c
6496 +++ b/drivers/net/wireless/bcm43xx/bcm43xx_main.c
6497 @@ -3183,6 +3183,9 @@ static void bcm43xx_periodic_work_handler(struct work_struct *work)
6498 unsigned long orig_trans_start = 0;
6500 mutex_lock(&bcm->mutex);
6501 + /* keep from doing and rearming periodic work if shutting down */
6502 + if (bcm43xx_status(bcm) == BCM43xx_STAT_UNINIT)
6503 + goto unlock_mutex;
6504 if (unlikely(bcm->periodic_state % 60 == 0)) {
6505 /* Periodic work will take a long time, so we want it to
6506 * be preemtible.
6507 @@ -3228,14 +3231,10 @@ static void bcm43xx_periodic_work_handler(struct work_struct *work)
6508 mmiowb();
6509 bcm->periodic_state++;
6510 spin_unlock_irqrestore(&bcm->irq_lock, flags);
6511 +unlock_mutex:
6512 mutex_unlock(&bcm->mutex);
6513 }
6515 -void bcm43xx_periodic_tasks_delete(struct bcm43xx_private *bcm)
6516 -{
6517 - cancel_rearming_delayed_work(&bcm->periodic_work);
6518 -}
6519 -
6520 void bcm43xx_periodic_tasks_setup(struct bcm43xx_private *bcm)
6521 {
6522 struct delayed_work *work = &bcm->periodic_work;
6523 @@ -3285,6 +3284,14 @@ static int bcm43xx_rng_init(struct bcm43xx_private *bcm)
6524 return err;
6525 }
6527 +void bcm43xx_cancel_work(struct bcm43xx_private *bcm)
6528 +{
6529 + /* The system must be unlocked when this routine is entered.
6530 + * If not, the next 2 steps may deadlock */
6531 + cancel_work_sync(&bcm->restart_work);
6532 + cancel_rearming_delayed_work(&bcm->periodic_work);
6533 +}
6534 +
6535 static int bcm43xx_shutdown_all_wireless_cores(struct bcm43xx_private *bcm)
6536 {
6537 int ret = 0;
6538 @@ -3321,7 +3328,12 @@ static void bcm43xx_free_board(struct bcm43xx_private *bcm)
6539 {
6540 bcm43xx_rng_exit(bcm);
6541 bcm43xx_sysfs_unregister(bcm);
6542 - bcm43xx_periodic_tasks_delete(bcm);
6543 +
6544 + mutex_lock(&(bcm)->mutex);
6545 + bcm43xx_set_status(bcm, BCM43xx_STAT_UNINIT);
6546 + mutex_unlock(&(bcm)->mutex);
6547 +
6548 + bcm43xx_cancel_work(bcm);
6550 mutex_lock(&(bcm)->mutex);
6551 bcm43xx_shutdown_all_wireless_cores(bcm);
6552 @@ -4018,7 +4030,7 @@ static int bcm43xx_net_stop(struct net_device *net_dev)
6553 err = bcm43xx_disable_interrupts_sync(bcm);
6554 assert(!err);
6555 bcm43xx_free_board(bcm);
6556 - flush_scheduled_work();
6557 + bcm43xx_cancel_work(bcm);
6559 return 0;
6560 }
6561 @@ -4150,9 +4162,9 @@ static void bcm43xx_chip_reset(struct work_struct *work)
6562 struct bcm43xx_phyinfo *phy;
6563 int err = -ENODEV;
6565 + bcm43xx_cancel_work(bcm);
6566 mutex_lock(&(bcm)->mutex);
6567 if (bcm43xx_status(bcm) == BCM43xx_STAT_INITIALIZED) {
6568 - bcm43xx_periodic_tasks_delete(bcm);
6569 phy = bcm43xx_current_phy(bcm);
6570 err = bcm43xx_select_wireless_core(bcm, phy->type);
6571 if (!err)
6572 diff --git a/drivers/net/wireless/bcm43xx/bcm43xx_main.h b/drivers/net/wireless/bcm43xx/bcm43xx_main.h
6573 index c8f3c53..14cfbeb 100644
6574 --- a/drivers/net/wireless/bcm43xx/bcm43xx_main.h
6575 +++ b/drivers/net/wireless/bcm43xx/bcm43xx_main.h
6576 @@ -122,7 +122,7 @@ void bcm43xx_wireless_core_reset(struct bcm43xx_private *bcm, int connect_phy);
6577 void bcm43xx_mac_suspend(struct bcm43xx_private *bcm);
6578 void bcm43xx_mac_enable(struct bcm43xx_private *bcm);
6580 -void bcm43xx_periodic_tasks_delete(struct bcm43xx_private *bcm);
6581 +void bcm43xx_cancel_work(struct bcm43xx_private *bcm);
6582 void bcm43xx_periodic_tasks_setup(struct bcm43xx_private *bcm);
6584 void bcm43xx_controller_restart(struct bcm43xx_private *bcm, const char *reason);
6585 diff --git a/drivers/net/wireless/bcm43xx/bcm43xx_sysfs.c b/drivers/net/wireless/bcm43xx/bcm43xx_sysfs.c
6586 index c71b998..8ab5f93 100644
6587 --- a/drivers/net/wireless/bcm43xx/bcm43xx_sysfs.c
6588 +++ b/drivers/net/wireless/bcm43xx/bcm43xx_sysfs.c
6589 @@ -327,7 +327,7 @@ static ssize_t bcm43xx_attr_phymode_store(struct device *dev,
6590 goto out;
6591 }
6593 - bcm43xx_periodic_tasks_delete(bcm);
6594 + bcm43xx_cancel_work(bcm);
6595 mutex_lock(&(bcm)->mutex);
6596 err = bcm43xx_select_wireless_core(bcm, phytype);
6597 if (!err)
6598 diff --git a/drivers/net/wireless/libertas/11d.c b/drivers/net/wireless/libertas/11d.c
6599 index 4cf0ff7..0560270 100644
6600 --- a/drivers/net/wireless/libertas/11d.c
6601 +++ b/drivers/net/wireless/libertas/11d.c
6602 @@ -562,7 +562,7 @@ int libertas_cmd_802_11d_domain_info(wlan_private * priv,
6603 nr_subband * sizeof(struct ieeetypes_subbandset));
6605 cmd->size = cpu_to_le16(sizeof(pdomaininfo->action) +
6606 - domain->header.len +
6607 + le16_to_cpu(domain->header.len) +
6608 sizeof(struct mrvlietypesheader) +
6609 S_DS_GEN);
6610 } else {
6611 diff --git a/drivers/net/wireless/libertas/cmd.c b/drivers/net/wireless/libertas/cmd.c
6612 index 13f6528..549749e 100644
6613 --- a/drivers/net/wireless/libertas/cmd.c
6614 +++ b/drivers/net/wireless/libertas/cmd.c
6615 @@ -185,14 +185,12 @@ static int wlan_cmd_802_11_set_wep(wlan_private * priv,
6617 switch (pkey->len) {
6618 case KEY_LEN_WEP_40:
6619 - wep->keytype[i] =
6620 - cpu_to_le16(cmd_type_wep_40_bit);
6621 + wep->keytype[i] = cmd_type_wep_40_bit;
6622 memmove(&wep->keymaterial[i], pkey->key,
6623 pkey->len);
6624 break;
6625 case KEY_LEN_WEP_104:
6626 - wep->keytype[i] =
6627 - cpu_to_le16(cmd_type_wep_104_bit);
6628 + wep->keytype[i] = cmd_type_wep_104_bit;
6629 memmove(&wep->keymaterial[i], pkey->key,
6630 pkey->len);
6631 break;
6632 diff --git a/drivers/net/wireless/libertas/wext.c b/drivers/net/wireless/libertas/wext.c
6633 index f42b796..1e3ecd0 100644
6634 --- a/drivers/net/wireless/libertas/wext.c
6635 +++ b/drivers/net/wireless/libertas/wext.c
6636 @@ -973,7 +973,7 @@ static struct iw_statistics *wlan_get_wireless_stats(struct net_device *dev)
6637 /* Quality by TX errors */
6638 priv->wstats.discard.retries = priv->stats.tx_errors;
6640 - tx_retries = le16_to_cpu(adapter->logmsg.retry);
6641 + tx_retries = le32_to_cpu(adapter->logmsg.retry);
6643 if (tx_retries > 75)
6644 tx_qual = (90 - tx_retries) * POOR / 15;
6645 @@ -989,10 +989,10 @@ static struct iw_statistics *wlan_get_wireless_stats(struct net_device *dev)
6646 (PERFECT - VERY_GOOD) / 50 + VERY_GOOD;
6647 quality = min(quality, tx_qual);
6649 - priv->wstats.discard.code = le16_to_cpu(adapter->logmsg.wepundecryptable);
6650 - priv->wstats.discard.fragment = le16_to_cpu(adapter->logmsg.rxfrag);
6651 + priv->wstats.discard.code = le32_to_cpu(adapter->logmsg.wepundecryptable);
6652 + priv->wstats.discard.fragment = le32_to_cpu(adapter->logmsg.rxfrag);
6653 priv->wstats.discard.retries = tx_retries;
6654 - priv->wstats.discard.misc = le16_to_cpu(adapter->logmsg.ackfailure);
6655 + priv->wstats.discard.misc = le32_to_cpu(adapter->logmsg.ackfailure);
6657 /* Calculate quality */
6658 priv->wstats.qual.qual = max(quality, (u32)100);
6659 diff --git a/drivers/pci/hotplug/fakephp.c b/drivers/pci/hotplug/fakephp.c
6660 index 027f686..02a09d5 100644
6661 --- a/drivers/pci/hotplug/fakephp.c
6662 +++ b/drivers/pci/hotplug/fakephp.c
6663 @@ -39,6 +39,7 @@
6664 #include <linux/init.h>
6665 #include <linux/string.h>
6666 #include <linux/slab.h>
6667 +#include <linux/workqueue.h>
6668 #include "../pci.h"
6670 #if !defined(MODULE)
6671 @@ -63,10 +64,16 @@ struct dummy_slot {
6672 struct list_head node;
6673 struct hotplug_slot *slot;
6674 struct pci_dev *dev;
6675 + struct work_struct remove_work;
6676 + unsigned long removed;
6677 };
6679 static int debug;
6680 static LIST_HEAD(slot_list);
6681 +static struct workqueue_struct *dummyphp_wq;
6682 +
6683 +static void pci_rescan_worker(struct work_struct *work);
6684 +static DECLARE_WORK(pci_rescan_work, pci_rescan_worker);
6686 static int enable_slot (struct hotplug_slot *slot);
6687 static int disable_slot (struct hotplug_slot *slot);
6688 @@ -109,7 +116,7 @@ static int add_slot(struct pci_dev *dev)
6689 slot->name = &dev->dev.bus_id[0];
6690 dbg("slot->name = %s\n", slot->name);
6692 - dslot = kmalloc(sizeof(struct dummy_slot), GFP_KERNEL);
6693 + dslot = kzalloc(sizeof(struct dummy_slot), GFP_KERNEL);
6694 if (!dslot)
6695 goto error_info;
6697 @@ -164,6 +171,14 @@ static void remove_slot(struct dummy_slot *dslot)
6698 err("Problem unregistering a slot %s\n", dslot->slot->name);
6699 }
6701 +/* called from the single-threaded workqueue handler to remove a slot */
6702 +static void remove_slot_worker(struct work_struct *work)
6703 +{
6704 + struct dummy_slot *dslot =
6705 + container_of(work, struct dummy_slot, remove_work);
6706 + remove_slot(dslot);
6707 +}
6708 +
6709 /**
6710 * Rescan slot.
6711 * Tries hard not to re-enable already existing devices
6712 @@ -267,11 +282,17 @@ static inline void pci_rescan(void) {
6713 pci_rescan_buses(&pci_root_buses);
6714 }
6716 +/* called from the single-threaded workqueue handler to rescan all pci buses */
6717 +static void pci_rescan_worker(struct work_struct *work)
6718 +{
6719 + pci_rescan();
6720 +}
6722 static int enable_slot(struct hotplug_slot *hotplug_slot)
6723 {
6724 /* mis-use enable_slot for rescanning of the pci bus */
6725 - pci_rescan();
6726 + cancel_work_sync(&pci_rescan_work);
6727 + queue_work(dummyphp_wq, &pci_rescan_work);
6728 return -ENODEV;
6729 }
6731 @@ -306,6 +327,10 @@ static int disable_slot(struct hotplug_slot *slot)
6732 err("Can't remove PCI devices with other PCI devices behind it yet.\n");
6733 return -ENODEV;
6734 }
6735 + if (test_and_set_bit(0, &dslot->removed)) {
6736 + dbg("Slot already scheduled for removal\n");
6737 + return -ENODEV;
6738 + }
6739 /* search for subfunctions and disable them first */
6740 if (!(dslot->dev->devfn & 7)) {
6741 for (func = 1; func < 8; func++) {
6742 @@ -328,8 +353,9 @@ static int disable_slot(struct hotplug_slot *slot)
6743 /* remove the device from the pci core */
6744 pci_remove_bus_device(dslot->dev);
6746 - /* blow away this sysfs entry and other parts. */
6747 - remove_slot(dslot);
6748 + /* queue work item to blow away this sysfs entry and other parts. */
6749 + INIT_WORK(&dslot->remove_work, remove_slot_worker);
6750 + queue_work(dummyphp_wq, &dslot->remove_work);
6752 return 0;
6753 }
6754 @@ -340,6 +366,7 @@ static void cleanup_slots (void)
6755 struct list_head *next;
6756 struct dummy_slot *dslot;
6758 + destroy_workqueue(dummyphp_wq);
6759 list_for_each_safe (tmp, next, &slot_list) {
6760 dslot = list_entry (tmp, struct dummy_slot, node);
6761 remove_slot(dslot);
6762 @@ -351,6 +378,10 @@ static int __init dummyphp_init(void)
6763 {
6764 info(DRIVER_DESC "\n");
6766 + dummyphp_wq = create_singlethread_workqueue(MY_NAME);
6767 + if (!dummyphp_wq)
6768 + return -ENOMEM;
6769 +
6770 return pci_scan_buses();
6771 }
6773 diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
6774 index e48fcf0..247135f 100644
6775 --- a/drivers/pci/probe.c
6776 +++ b/drivers/pci/probe.c
6777 @@ -643,20 +643,20 @@ int pci_scan_bridge(struct pci_bus *bus, struct pci_dev * dev, int max, int pass
6779 sprintf(child->name, (is_cardbus ? "PCI CardBus #%02x" : "PCI Bus #%02x"), child->number);
6781 + /* Has only triggered on CardBus, fixup is in yenta_socket */
6782 while (bus->parent) {
6783 if ((child->subordinate > bus->subordinate) ||
6784 (child->number > bus->subordinate) ||
6785 (child->number < bus->number) ||
6786 (child->subordinate < bus->number)) {
6787 - printk(KERN_WARNING "PCI: Bus #%02x (-#%02x) is "
6788 - "hidden behind%s bridge #%02x (-#%02x)%s\n",
6789 - child->number, child->subordinate,
6790 - bus->self->transparent ? " transparent" : " ",
6791 - bus->number, bus->subordinate,
6792 - pcibios_assign_all_busses() ? " " :
6793 - " (try 'pci=assign-busses')");
6794 - printk(KERN_WARNING "Please report the result to "
6795 - "linux-kernel to fix this permanently\n");
6796 + pr_debug("PCI: Bus #%02x (-#%02x) is %s"
6797 + "hidden behind%s bridge #%02x (-#%02x)\n",
6798 + child->number, child->subordinate,
6799 + (bus->number > child->subordinate &&
6800 + bus->subordinate < child->number) ?
6801 + "wholly " : " partially",
6802 + bus->self->transparent ? " transparent" : " ",
6803 + bus->number, bus->subordinate);
6804 }
6805 bus = bus->parent;
6806 }
6807 diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
6808 index 01d8f8a..9f90c10 100644
6809 --- a/drivers/pci/quirks.c
6810 +++ b/drivers/pci/quirks.c
6811 @@ -465,6 +465,12 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH7_31, quirk
6812 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_0, quirk_ich6_lpc_acpi );
6813 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_2, quirk_ich6_lpc_acpi );
6814 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_3, quirk_ich6_lpc_acpi );
6815 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_1, quirk_ich6_lpc_acpi );
6816 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_4, quirk_ich6_lpc_acpi );
6817 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH9_2, quirk_ich6_lpc_acpi );
6818 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH9_4, quirk_ich6_lpc_acpi );
6819 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH9_7, quirk_ich6_lpc_acpi );
6820 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH9_8, quirk_ich6_lpc_acpi );
6822 /*
6823 * VIA ACPI: One IO region pointed to by longword at
6824 @@ -1640,6 +1646,9 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_SERVERWORKS, PCI_DEVICE_ID_SERVERWORKS_GCN
6825 DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_SERVERWORKS, PCI_DEVICE_ID_SERVERWORKS_HT1000_PCIX, quirk_disable_all_msi);
6826 DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_RS400_200, quirk_disable_all_msi);
6827 DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_RS480, quirk_disable_all_msi);
6828 +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_RD580, quirk_disable_all_msi);
6829 +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_RX790, quirk_disable_all_msi);
6830 +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_RS690, quirk_disable_all_msi);
6831 DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_VIA, PCI_DEVICE_ID_VIA_VT3351, quirk_disable_all_msi);
6833 /* Disable MSI on chipsets that are known to not support it */
6834 diff --git a/drivers/pcmcia/cs.c b/drivers/pcmcia/cs.c
6835 index 50cad3a..1e03bbd 100644
6836 --- a/drivers/pcmcia/cs.c
6837 +++ b/drivers/pcmcia/cs.c
6838 @@ -409,6 +409,9 @@ static void socket_shutdown(struct pcmcia_socket *s)
6839 #endif
6840 s->functions = 0;
6842 + /* give socket some time to power down */
6843 + msleep(100);
6844 +
6845 s->ops->get_status(s, &status);
6846 if (status & SS_POWERON) {
6847 printk(KERN_ERR "PCMCIA: socket %p: *** DANGER *** unable to remove socket power\n", s);
6848 diff --git a/drivers/scsi/3w-9xxx.c b/drivers/scsi/3w-9xxx.c
6849 index eb766c3..0d24c39 100644
6850 --- a/drivers/scsi/3w-9xxx.c
6851 +++ b/drivers/scsi/3w-9xxx.c
6852 @@ -4,7 +4,7 @@
6853 Written By: Adam Radford <linuxraid@amcc.com>
6854 Modifications By: Tom Couch <linuxraid@amcc.com>
6856 - Copyright (C) 2004-2006 Applied Micro Circuits Corporation.
6857 + Copyright (C) 2004-2007 Applied Micro Circuits Corporation.
6859 This program is free software; you can redistribute it and/or modify
6860 it under the terms of the GNU General Public License as published by
6861 @@ -69,6 +69,7 @@
6862 2.26.02.008 - Free irq handler in __twa_shutdown().
6863 Serialize reset code.
6864 Add support for 9650SE controllers.
6865 + 2.26.02.009 - Fix dma mask setting to fallback to 32-bit if 64-bit fails.
6866 */
6868 #include <linux/module.h>
6869 @@ -92,7 +93,7 @@
6870 #include "3w-9xxx.h"
6872 /* Globals */
6873 -#define TW_DRIVER_VERSION "2.26.02.008"
6874 +#define TW_DRIVER_VERSION "2.26.02.009"
6875 static TW_Device_Extension *twa_device_extension_list[TW_MAX_SLOT];
6876 static unsigned int twa_device_extension_count;
6877 static int twa_major = -1;
6878 @@ -2063,11 +2064,14 @@ static int __devinit twa_probe(struct pci_dev *pdev, const struct pci_device_id
6880 pci_set_master(pdev);
6882 - retval = pci_set_dma_mask(pdev, sizeof(dma_addr_t) > 4 ? DMA_64BIT_MASK : DMA_32BIT_MASK);
6883 - if (retval) {
6884 - TW_PRINTK(host, TW_DRIVER, 0x23, "Failed to set dma mask");
6885 - goto out_disable_device;
6886 - }
6887 + if (pci_set_dma_mask(pdev, DMA_64BIT_MASK)
6888 + || pci_set_consistent_dma_mask(pdev, DMA_64BIT_MASK))
6889 + if (pci_set_dma_mask(pdev, DMA_32BIT_MASK)
6890 + || pci_set_consistent_dma_mask(pdev, DMA_32BIT_MASK)) {
6891 + TW_PRINTK(host, TW_DRIVER, 0x23, "Failed to set dma mask");
6892 + retval = -ENODEV;
6893 + goto out_disable_device;
6894 + }
6896 host = scsi_host_alloc(&driver_template, sizeof(TW_Device_Extension));
6897 if (!host) {
6898 diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c
6899 index 5c487ff..ac65ee2 100644
6900 --- a/drivers/scsi/aacraid/linit.c
6901 +++ b/drivers/scsi/aacraid/linit.c
6902 @@ -597,6 +597,8 @@ static int aac_cfg_open(struct inode *inode, struct file *file)
6903 static int aac_cfg_ioctl(struct inode *inode, struct file *file,
6904 unsigned int cmd, unsigned long arg)
6905 {
6906 + if (!capable(CAP_SYS_ADMIN))
6907 + return -EPERM;
6908 return aac_do_ioctl(file->private_data, cmd, (void __user *)arg);
6909 }
6911 @@ -650,6 +652,8 @@ static int aac_compat_ioctl(struct scsi_device *sdev, int cmd, void __user *arg)
6913 static long aac_compat_cfg_ioctl(struct file *file, unsigned cmd, unsigned long arg)
6914 {
6915 + if (!capable(CAP_SYS_ADMIN))
6916 + return -EPERM;
6917 return aac_compat_do_ioctl((struct aac_dev *)file->private_data, cmd, arg);
6918 }
6919 #endif
6920 diff --git a/drivers/scsi/esp_scsi.c b/drivers/scsi/esp_scsi.c
6921 index 71caf2d..150beaf 100644
6922 --- a/drivers/scsi/esp_scsi.c
6923 +++ b/drivers/scsi/esp_scsi.c
6924 @@ -2318,6 +2318,7 @@ int __devinit scsi_esp_register(struct esp *esp, struct device *dev)
6925 esp->host->transportt = esp_transport_template;
6926 esp->host->max_lun = ESP_MAX_LUN;
6927 esp->host->cmd_per_lun = 2;
6928 + esp->host->unique_id = instance;
6930 esp_set_clock_params(esp);
6932 @@ -2341,7 +2342,7 @@ int __devinit scsi_esp_register(struct esp *esp, struct device *dev)
6933 if (err)
6934 return err;
6936 - esp->host->unique_id = instance++;
6937 + instance++;
6939 scsi_scan_host(esp->host);
6941 diff --git a/drivers/scsi/hptiop.c b/drivers/scsi/hptiop.c
6942 index bec83cb..7e40105 100644
6943 --- a/drivers/scsi/hptiop.c
6944 +++ b/drivers/scsi/hptiop.c
6945 @@ -377,8 +377,9 @@ static void hptiop_host_request_callback(struct hptiop_hba *hba, u32 tag)
6946 scp->result = SAM_STAT_CHECK_CONDITION;
6947 memset(&scp->sense_buffer,
6948 0, sizeof(scp->sense_buffer));
6949 - memcpy(&scp->sense_buffer,
6950 - &req->sg_list, le32_to_cpu(req->dataxfer_length));
6951 + memcpy(&scp->sense_buffer, &req->sg_list,
6952 + min(sizeof(scp->sense_buffer),
6953 + le32_to_cpu(req->dataxfer_length)));
6954 break;
6956 default:
6957 diff --git a/drivers/scsi/scsi_transport_spi.c b/drivers/scsi/scsi_transport_spi.c
6958 index 6f56f87..4df21c9 100644
6959 --- a/drivers/scsi/scsi_transport_spi.c
6960 +++ b/drivers/scsi/scsi_transport_spi.c
6961 @@ -787,10 +787,12 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
6962 struct scsi_target *starget = sdev->sdev_target;
6963 struct Scsi_Host *shost = sdev->host;
6964 int len = sdev->inquiry_len;
6965 + int min_period = spi_min_period(starget);
6966 + int max_width = spi_max_width(starget);
6967 /* first set us up for narrow async */
6968 DV_SET(offset, 0);
6969 DV_SET(width, 0);
6970 -
6971 +
6972 if (spi_dv_device_compare_inquiry(sdev, buffer, buffer, DV_LOOPS)
6973 != SPI_COMPARE_SUCCESS) {
6974 starget_printk(KERN_ERR, starget, "Domain Validation Initial Inquiry Failed\n");
6975 @@ -798,9 +800,13 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
6976 return;
6977 }
6979 + if (!scsi_device_wide(sdev)) {
6980 + spi_max_width(starget) = 0;
6981 + max_width = 0;
6982 + }
6983 +
6984 /* test width */
6985 - if (i->f->set_width && spi_max_width(starget) &&
6986 - scsi_device_wide(sdev)) {
6987 + if (i->f->set_width && max_width) {
6988 i->f->set_width(starget, 1);
6990 if (spi_dv_device_compare_inquiry(sdev, buffer,
6991 @@ -809,6 +815,11 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
6992 != SPI_COMPARE_SUCCESS) {
6993 starget_printk(KERN_ERR, starget, "Wide Transfers Fail\n");
6994 i->f->set_width(starget, 0);
6995 + /* Make sure we don't force wide back on by asking
6996 + * for a transfer period that requires it */
6997 + max_width = 0;
6998 + if (min_period < 10)
6999 + min_period = 10;
7000 }
7001 }
7003 @@ -828,7 +839,8 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
7005 /* now set up to the maximum */
7006 DV_SET(offset, spi_max_offset(starget));
7007 - DV_SET(period, spi_min_period(starget));
7008 + DV_SET(period, min_period);
7009 +
7010 /* try QAS requests; this should be harmless to set if the
7011 * target supports it */
7012 if (scsi_device_qas(sdev)) {
7013 @@ -837,14 +849,14 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
7014 DV_SET(qas, 0);
7015 }
7017 - if (scsi_device_ius(sdev) && spi_min_period(starget) < 9) {
7018 + if (scsi_device_ius(sdev) && min_period < 9) {
7019 /* This u320 (or u640). Set IU transfers */
7020 DV_SET(iu, 1);
7021 /* Then set the optional parameters */
7022 DV_SET(rd_strm, 1);
7023 DV_SET(wr_flow, 1);
7024 DV_SET(rti, 1);
7025 - if (spi_min_period(starget) == 8)
7026 + if (min_period == 8)
7027 DV_SET(pcomp_en, 1);
7028 } else {
7029 DV_SET(iu, 0);
7030 @@ -862,6 +874,10 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
7031 } else {
7032 DV_SET(dt, 1);
7033 }
7034 + /* set width last because it will pull all the other
7035 + * parameters down to required values */
7036 + DV_SET(width, max_width);
7037 +
7038 /* Do the read only INQUIRY tests */
7039 spi_dv_retrain(sdev, buffer, buffer + sdev->inquiry_len,
7040 spi_dv_device_compare_inquiry);
7041 diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
7042 index 3d8c9cb..d2531dd 100644
7043 --- a/drivers/scsi/sd.c
7044 +++ b/drivers/scsi/sd.c
7045 @@ -895,6 +895,7 @@ static void sd_rw_intr(struct scsi_cmnd * SCpnt)
7046 unsigned int xfer_size = SCpnt->request_bufflen;
7047 unsigned int good_bytes = result ? 0 : xfer_size;
7048 u64 start_lba = SCpnt->request->sector;
7049 + u64 end_lba = SCpnt->request->sector + (xfer_size / 512);
7050 u64 bad_lba;
7051 struct scsi_sense_hdr sshdr;
7052 int sense_valid = 0;
7053 @@ -933,26 +934,23 @@ static void sd_rw_intr(struct scsi_cmnd * SCpnt)
7054 goto out;
7055 if (xfer_size <= SCpnt->device->sector_size)
7056 goto out;
7057 - switch (SCpnt->device->sector_size) {
7058 - case 256:
7059 + if (SCpnt->device->sector_size < 512) {
7060 + /* only legitimate sector_size here is 256 */
7061 start_lba <<= 1;
7062 - break;
7063 - case 512:
7064 - break;
7065 - case 1024:
7066 - start_lba >>= 1;
7067 - break;
7068 - case 2048:
7069 - start_lba >>= 2;
7070 - break;
7071 - case 4096:
7072 - start_lba >>= 3;
7073 - break;
7074 - default:
7075 - /* Print something here with limiting frequency. */
7076 - goto out;
7077 - break;
7078 + end_lba <<= 1;
7079 + } else {
7080 + /* be careful ... don't want any overflows */
7081 + u64 factor = SCpnt->device->sector_size / 512;
7082 + do_div(start_lba, factor);
7083 + do_div(end_lba, factor);
7084 }
7085 +
7086 + if (bad_lba < start_lba || bad_lba >= end_lba)
7087 + /* the bad lba was reported incorrectly, we have
7088 + * no idea where the error is
7089 + */
7090 + goto out;
7091 +
7092 /* This computation should always be done in terms of
7093 * the resolution of the device's medium.
7094 */
7095 diff --git a/drivers/serial/Kconfig b/drivers/serial/Kconfig
7096 index 315ea99..a288de5 100644
7097 --- a/drivers/serial/Kconfig
7098 +++ b/drivers/serial/Kconfig
7099 @@ -74,21 +74,17 @@ config SERIAL_8250_PCI
7100 depends on SERIAL_8250 && PCI
7101 default SERIAL_8250
7102 help
7103 - Say Y here if you have PCI serial ports.
7104 -
7105 - To compile this driver as a module, choose M here: the module
7106 - will be called 8250_pci.
7107 + This builds standard PCI serial support. You may be able to
7108 + disable this feature if you only need legacy serial support.
7109 + Saves about 9K.
7111 config SERIAL_8250_PNP
7112 tristate "8250/16550 PNP device support" if EMBEDDED
7113 depends on SERIAL_8250 && PNP
7114 default SERIAL_8250
7115 help
7116 - Say Y here if you have serial ports described by PNPBIOS or ACPI.
7117 - These are typically ports built into the system board.
7118 -
7119 - To compile this driver as a module, choose M here: the module
7120 - will be called 8250_pnp.
7121 + This builds standard PNP serial support. You may be able to
7122 + disable this feature if you only need legacy serial support.
7124 config SERIAL_8250_HP300
7125 tristate
7126 diff --git a/drivers/serial/sunhv.c b/drivers/serial/sunhv.c
7127 index 96557e6..17bcca5 100644
7128 --- a/drivers/serial/sunhv.c
7129 +++ b/drivers/serial/sunhv.c
7130 @@ -440,8 +440,16 @@ static void sunhv_console_write_paged(struct console *con, const char *s, unsign
7131 {
7132 struct uart_port *port = sunhv_port;
7133 unsigned long flags;
7134 + int locked = 1;
7135 +
7136 + local_irq_save(flags);
7137 + if (port->sysrq) {
7138 + locked = 0;
7139 + } else if (oops_in_progress) {
7140 + locked = spin_trylock(&port->lock);
7141 + } else
7142 + spin_lock(&port->lock);
7144 - spin_lock_irqsave(&port->lock, flags);
7145 while (n > 0) {
7146 unsigned long ra = __pa(con_write_page);
7147 unsigned long page_bytes;
7148 @@ -469,7 +477,10 @@ static void sunhv_console_write_paged(struct console *con, const char *s, unsign
7149 ra += written;
7150 }
7151 }
7152 - spin_unlock_irqrestore(&port->lock, flags);
7153 +
7154 + if (locked)
7155 + spin_unlock(&port->lock);
7156 + local_irq_restore(flags);
7157 }
7159 static inline void sunhv_console_putchar(struct uart_port *port, char c)
7160 @@ -488,7 +499,15 @@ static void sunhv_console_write_bychar(struct console *con, const char *s, unsig
7161 {
7162 struct uart_port *port = sunhv_port;
7163 unsigned long flags;
7164 - int i;
7165 + int i, locked = 1;
7166 +
7167 + local_irq_save(flags);
7168 + if (port->sysrq) {
7169 + locked = 0;
7170 + } else if (oops_in_progress) {
7171 + locked = spin_trylock(&port->lock);
7172 + } else
7173 + spin_lock(&port->lock);
7175 spin_lock_irqsave(&port->lock, flags);
7176 for (i = 0; i < n; i++) {
7177 @@ -496,7 +515,10 @@ static void sunhv_console_write_bychar(struct console *con, const char *s, unsig
7178 sunhv_console_putchar(port, '\r');
7179 sunhv_console_putchar(port, *s++);
7180 }
7181 - spin_unlock_irqrestore(&port->lock, flags);
7182 +
7183 + if (locked)
7184 + spin_unlock(&port->lock);
7185 + local_irq_restore(flags);
7186 }
7188 static struct console sunhv_console = {
7189 diff --git a/drivers/serial/sunsab.c b/drivers/serial/sunsab.c
7190 index deb9ab4..8a0f9e4 100644
7191 --- a/drivers/serial/sunsab.c
7192 +++ b/drivers/serial/sunsab.c
7193 @@ -860,22 +860,31 @@ static int num_channels;
7194 static void sunsab_console_putchar(struct uart_port *port, int c)
7195 {
7196 struct uart_sunsab_port *up = (struct uart_sunsab_port *)port;
7197 - unsigned long flags;
7198 -
7199 - spin_lock_irqsave(&up->port.lock, flags);
7201 sunsab_tec_wait(up);
7202 writeb(c, &up->regs->w.tic);
7203 -
7204 - spin_unlock_irqrestore(&up->port.lock, flags);
7205 }
7207 static void sunsab_console_write(struct console *con, const char *s, unsigned n)
7208 {
7209 struct uart_sunsab_port *up = &sunsab_ports[con->index];
7210 + unsigned long flags;
7211 + int locked = 1;
7212 +
7213 + local_irq_save(flags);
7214 + if (up->port.sysrq) {
7215 + locked = 0;
7216 + } else if (oops_in_progress) {
7217 + locked = spin_trylock(&up->port.lock);
7218 + } else
7219 + spin_lock(&up->port.lock);
7221 uart_console_write(&up->port, s, n, sunsab_console_putchar);
7222 sunsab_tec_wait(up);
7223 +
7224 + if (locked)
7225 + spin_unlock(&up->port.lock);
7226 + local_irq_restore(flags);
7227 }
7229 static int sunsab_console_setup(struct console *con, char *options)
7230 diff --git a/drivers/serial/sunsu.c b/drivers/serial/sunsu.c
7231 index 2a63cdb..26d720b 100644
7232 --- a/drivers/serial/sunsu.c
7233 +++ b/drivers/serial/sunsu.c
7234 @@ -1288,7 +1288,17 @@ static void sunsu_console_write(struct console *co, const char *s,
7235 unsigned int count)
7236 {
7237 struct uart_sunsu_port *up = &sunsu_ports[co->index];
7238 + unsigned long flags;
7239 unsigned int ier;
7240 + int locked = 1;
7241 +
7242 + local_irq_save(flags);
7243 + if (up->port.sysrq) {
7244 + locked = 0;
7245 + } else if (oops_in_progress) {
7246 + locked = spin_trylock(&up->port.lock);
7247 + } else
7248 + spin_lock(&up->port.lock);
7250 /*
7251 * First save the UER then disable the interrupts
7252 @@ -1304,6 +1314,10 @@ static void sunsu_console_write(struct console *co, const char *s,
7253 */
7254 wait_for_xmitr(up);
7255 serial_out(up, UART_IER, ier);
7256 +
7257 + if (locked)
7258 + spin_unlock(&up->port.lock);
7259 + local_irq_restore(flags);
7260 }
7262 /*
7263 diff --git a/drivers/serial/sunzilog.c b/drivers/serial/sunzilog.c
7264 index 15b6e1c..0a3e10a 100644
7265 --- a/drivers/serial/sunzilog.c
7266 +++ b/drivers/serial/sunzilog.c
7267 @@ -9,7 +9,7 @@
7268 * C. Dost, Pete Zaitcev, Ted Ts'o and Alex Buell for their
7269 * work there.
7270 *
7271 - * Copyright (C) 2002, 2006 David S. Miller (davem@davemloft.net)
7272 + * Copyright (C) 2002, 2006, 2007 David S. Miller (davem@davemloft.net)
7273 */
7275 #include <linux/module.h>
7276 @@ -1151,11 +1151,22 @@ sunzilog_console_write(struct console *con, const char *s, unsigned int count)
7277 {
7278 struct uart_sunzilog_port *up = &sunzilog_port_table[con->index];
7279 unsigned long flags;
7280 + int locked = 1;
7281 +
7282 + local_irq_save(flags);
7283 + if (up->port.sysrq) {
7284 + locked = 0;
7285 + } else if (oops_in_progress) {
7286 + locked = spin_trylock(&up->port.lock);
7287 + } else
7288 + spin_lock(&up->port.lock);
7290 - spin_lock_irqsave(&up->port.lock, flags);
7291 uart_console_write(&up->port, s, count, sunzilog_putchar);
7292 udelay(2);
7293 - spin_unlock_irqrestore(&up->port.lock, flags);
7294 +
7295 + if (locked)
7296 + spin_unlock(&up->port.lock);
7297 + local_irq_restore(flags);
7298 }
7300 static int __init sunzilog_console_setup(struct console *con, char *options)
7301 diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
7302 index 0081c1d..407fb8f 100644
7303 --- a/drivers/usb/class/cdc-acm.c
7304 +++ b/drivers/usb/class/cdc-acm.c
7305 @@ -919,6 +919,10 @@ skip_normal_probe:
7306 return -EINVAL;
7307 }
7308 }
7309 +
7310 + /* Accept probe requests only for the control interface */
7311 + if (intf != control_interface)
7312 + return -ENODEV;
7314 if (usb_interface_claimed(data_interface)) { /* valid in this context */
7315 dev_dbg(&intf->dev,"The data interface isn't available");
7316 @@ -1107,10 +1111,12 @@ static void acm_disconnect(struct usb_interface *intf)
7317 return;
7318 }
7319 if (acm->country_codes){
7320 - device_remove_file(&intf->dev, &dev_attr_wCountryCodes);
7321 - device_remove_file(&intf->dev, &dev_attr_iCountryCodeRelDate);
7322 + device_remove_file(&acm->control->dev,
7323 + &dev_attr_wCountryCodes);
7324 + device_remove_file(&acm->control->dev,
7325 + &dev_attr_iCountryCodeRelDate);
7326 }
7327 - device_remove_file(&intf->dev, &dev_attr_bmCapabilities);
7328 + device_remove_file(&acm->control->dev, &dev_attr_bmCapabilities);
7329 acm->dev = NULL;
7330 usb_set_intfdata(acm->control, NULL);
7331 usb_set_intfdata(acm->data, NULL);
7332 diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c
7333 index 2619986..61699f7 100644
7334 --- a/drivers/usb/core/driver.c
7335 +++ b/drivers/usb/core/driver.c
7336 @@ -58,7 +58,7 @@ ssize_t usb_store_new_id(struct usb_dynids *dynids,
7337 dynid->id.match_flags = USB_DEVICE_ID_MATCH_DEVICE;
7339 spin_lock(&dynids->lock);
7340 - list_add_tail(&dynids->list, &dynid->node);
7341 + list_add_tail(&dynid->node, &dynids->list);
7342 spin_unlock(&dynids->lock);
7344 if (get_driver(driver)) {
7345 diff --git a/drivers/usb/core/hcd.h b/drivers/usb/core/hcd.h
7346 index ef50fa4..87f6467 100644
7347 --- a/drivers/usb/core/hcd.h
7348 +++ b/drivers/usb/core/hcd.h
7349 @@ -19,6 +19,8 @@
7351 #ifdef __KERNEL__
7353 +#include <linux/rwsem.h>
7354 +
7355 /* This file contains declarations of usbcore internals that are mostly
7356 * used or exposed by Host Controller Drivers.
7357 */
7358 @@ -464,5 +466,9 @@ static inline void usbmon_urb_complete(struct usb_bus *bus, struct urb *urb) {}
7359 : (in_interrupt () ? "in_interrupt" : "can sleep"))
7362 -#endif /* __KERNEL__ */
7363 +/* This rwsem is for use only by the hub driver and ehci-hcd.
7364 + * Nobody else should touch it.
7365 + */
7366 +extern struct rw_semaphore ehci_cf_port_reset_rwsem;
7368 +#endif /* __KERNEL__ */
7369 diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
7370 index 24f10a1..bc93e06 100644
7371 --- a/drivers/usb/core/hub.c
7372 +++ b/drivers/usb/core/hub.c
7373 @@ -117,6 +117,12 @@ MODULE_PARM_DESC(use_both_schemes,
7374 "try the other device initialization scheme if the "
7375 "first one fails");
7377 +/* Mutual exclusion for EHCI CF initialization. This interferes with
7378 + * port reset on some companion controllers.
7379 + */
7380 +DECLARE_RWSEM(ehci_cf_port_reset_rwsem);
7381 +EXPORT_SYMBOL_GPL(ehci_cf_port_reset_rwsem);
7382 +
7384 static inline char *portspeed(int portstatus)
7385 {
7386 @@ -1388,6 +1394,10 @@ int usb_new_device(struct usb_device *udev)
7387 udev->dev.devt = MKDEV(USB_DEVICE_MAJOR,
7388 (((udev->bus->busnum-1) * 128) + (udev->devnum-1)));
7390 + /* Increment the parent's count of unsuspended children */
7391 + if (udev->parent)
7392 + usb_autoresume_device(udev->parent);
7393 +
7394 /* Register the device. The device driver is responsible
7395 * for adding the device files to sysfs and for configuring
7396 * the device.
7397 @@ -1395,13 +1405,11 @@ int usb_new_device(struct usb_device *udev)
7398 err = device_add(&udev->dev);
7399 if (err) {
7400 dev_err(&udev->dev, "can't device_add, error %d\n", err);
7401 + if (udev->parent)
7402 + usb_autosuspend_device(udev->parent);
7403 goto fail;
7404 }
7406 - /* Increment the parent's count of unsuspended children */
7407 - if (udev->parent)
7408 - usb_autoresume_device(udev->parent);
7409 -
7410 exit:
7411 return err;
7413 @@ -1511,6 +1519,11 @@ static int hub_port_reset(struct usb_hub *hub, int port1,
7414 {
7415 int i, status;
7417 + /* Block EHCI CF initialization during the port reset.
7418 + * Some companion controllers don't like it when they mix.
7419 + */
7420 + down_read(&ehci_cf_port_reset_rwsem);
7421 +
7422 /* Reset the port */
7423 for (i = 0; i < PORT_RESET_TRIES; i++) {
7424 status = set_port_feature(hub->hdev,
7425 @@ -1541,7 +1554,7 @@ static int hub_port_reset(struct usb_hub *hub, int port1,
7426 usb_set_device_state(udev, status
7427 ? USB_STATE_NOTATTACHED
7428 : USB_STATE_DEFAULT);
7429 - return status;
7430 + goto done;
7431 }
7433 dev_dbg (hub->intfdev,
7434 @@ -1554,6 +1567,8 @@ static int hub_port_reset(struct usb_hub *hub, int port1,
7435 "Cannot enable port %i. Maybe the USB cable is bad?\n",
7436 port1);
7438 + done:
7439 + up_read(&ehci_cf_port_reset_rwsem);
7440 return status;
7441 }
7443 diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
7444 index f9fed34..68ce2de 100644
7445 --- a/drivers/usb/core/message.c
7446 +++ b/drivers/usb/core/message.c
7447 @@ -623,12 +623,12 @@ int usb_get_descriptor(struct usb_device *dev, unsigned char type, unsigned char
7448 memset(buf,0,size); // Make sure we parse really received data
7450 for (i = 0; i < 3; ++i) {
7451 - /* retry on length 0 or stall; some devices are flakey */
7452 + /* retry on length 0 or error; some devices are flakey */
7453 result = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0),
7454 USB_REQ_GET_DESCRIPTOR, USB_DIR_IN,
7455 (type << 8) + index, 0, buf, size,
7456 USB_CTRL_GET_TIMEOUT);
7457 - if (result == 0 || result == -EPIPE)
7458 + if (result <= 0 && result != -ETIMEDOUT)
7459 continue;
7460 if (result > 1 && ((u8 *)buf)[1] != type) {
7461 result = -EPROTO;
7462 @@ -1344,6 +1344,30 @@ static int usb_if_uevent(struct device *dev, char **envp, int num_envp,
7463 usb_dev = interface_to_usbdev(intf);
7464 alt = intf->cur_altsetting;
7466 +#ifdef CONFIG_USB_DEVICEFS
7467 + if (add_uevent_var(envp, num_envp, &i,
7468 + buffer, buffer_size, &length,
7469 + "DEVICE=/proc/bus/usb/%03d/%03d",
7470 + usb_dev->bus->busnum, usb_dev->devnum))
7471 + return -ENOMEM;
7472 +#endif
7473 +
7474 + if (add_uevent_var(envp, num_envp, &i,
7475 + buffer, buffer_size, &length,
7476 + "PRODUCT=%x/%x/%x",
7477 + le16_to_cpu(usb_dev->descriptor.idVendor),
7478 + le16_to_cpu(usb_dev->descriptor.idProduct),
7479 + le16_to_cpu(usb_dev->descriptor.bcdDevice)))
7480 + return -ENOMEM;
7481 +
7482 + if (add_uevent_var(envp, num_envp, &i,
7483 + buffer, buffer_size, &length,
7484 + "TYPE=%d/%d/%d",
7485 + usb_dev->descriptor.bDeviceClass,
7486 + usb_dev->descriptor.bDeviceSubClass,
7487 + usb_dev->descriptor.bDeviceProtocol))
7488 + return -ENOMEM;
7489 +
7490 if (add_uevent_var(envp, num_envp, &i,
7491 buffer, buffer_size, &length,
7492 "INTERFACE=%d/%d/%d",
7493 diff --git a/drivers/usb/host/ehci-hcd.c b/drivers/usb/host/ehci-hcd.c
7494 index 099aff6..ba78f8e 100644
7495 --- a/drivers/usb/host/ehci-hcd.c
7496 +++ b/drivers/usb/host/ehci-hcd.c
7497 @@ -566,10 +566,21 @@ static int ehci_run (struct usb_hcd *hcd)
7498 * are explicitly handed to companion controller(s), so no TT is
7499 * involved with the root hub. (Except where one is integrated,
7500 * and there's no companion controller unless maybe for USB OTG.)
7501 + *
7502 + * Turning on the CF flag will transfer ownership of all ports
7503 + * from the companions to the EHCI controller. If any of the
7504 + * companions are in the middle of a port reset at the time, it
7505 + * could cause trouble. Write-locking ehci_cf_port_reset_rwsem
7506 + * guarantees that no resets are in progress. After we set CF,
7507 + * a short delay lets the hardware catch up; new resets shouldn't
7508 + * be started before the port switching actions could complete.
7509 */
7510 + down_write(&ehci_cf_port_reset_rwsem);
7511 hcd->state = HC_STATE_RUNNING;
7512 ehci_writel(ehci, FLAG_CF, &ehci->regs->configured_flag);
7513 ehci_readl(ehci, &ehci->regs->command); /* unblock posted writes */
7514 + msleep(5);
7515 + up_write(&ehci_cf_port_reset_rwsem);
7517 temp = HC_VERSION(ehci_readl(ehci, &ehci->caps->hc_capbase));
7518 ehci_info (ehci,
7519 diff --git a/drivers/usb/image/microtek.c b/drivers/usb/image/microtek.c
7520 index 51bd80d..3acfd1a 100644
7521 --- a/drivers/usb/image/microtek.c
7522 +++ b/drivers/usb/image/microtek.c
7523 @@ -823,7 +823,7 @@ static int mts_usb_probe(struct usb_interface *intf,
7524 goto out_kfree2;
7526 new_desc->host->hostdata[0] = (unsigned long)new_desc;
7527 - if (scsi_add_host(new_desc->host, NULL)) {
7528 + if (scsi_add_host(new_desc->host, &dev->dev)) {
7529 err_retval = -EIO;
7530 goto out_host_put;
7531 }
7532 diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
7533 index da1c6f7..38c4e97 100644
7534 --- a/drivers/usb/serial/ftdi_sio.c
7535 +++ b/drivers/usb/serial/ftdi_sio.c
7536 @@ -271,26 +271,58 @@ static int debug;
7537 static __u16 vendor = FTDI_VID;
7538 static __u16 product;
7540 +struct ftdi_private {
7541 + ftdi_chip_type_t chip_type;
7542 + /* type of the device, either SIO or FT8U232AM */
7543 + int baud_base; /* baud base clock for divisor setting */
7544 + int custom_divisor; /* custom_divisor kludge, this is for baud_base (different from what goes to the chip!) */
7545 + __u16 last_set_data_urb_value ;
7546 + /* the last data state set - needed for doing a break */
7547 + int write_offset; /* This is the offset in the usb data block to write the serial data -
7548 + * it is different between devices
7549 + */
7550 + int flags; /* some ASYNC_xxxx flags are supported */
7551 + unsigned long last_dtr_rts; /* saved modem control outputs */
7552 + wait_queue_head_t delta_msr_wait; /* Used for TIOCMIWAIT */
7553 + char prev_status, diff_status; /* Used for TIOCMIWAIT */
7554 + __u8 rx_flags; /* receive state flags (throttling) */
7555 + spinlock_t rx_lock; /* spinlock for receive state */
7556 + struct delayed_work rx_work;
7557 + struct usb_serial_port *port;
7558 + int rx_processed;
7559 + unsigned long rx_bytes;
7560 +
7561 + __u16 interface; /* FT2232C port interface (0 for FT232/245) */
7562 +
7563 + int force_baud; /* if non-zero, force the baud rate to this value */
7564 + int force_rtscts; /* if non-zero, force RTS-CTS to always be enabled */
7565 +
7566 + spinlock_t tx_lock; /* spinlock for transmit state */
7567 + unsigned long tx_bytes;
7568 + unsigned long tx_outstanding_bytes;
7569 + unsigned long tx_outstanding_urbs;
7570 +};
7571 +
7572 /* struct ftdi_sio_quirk is used by devices requiring special attention. */
7573 struct ftdi_sio_quirk {
7574 int (*probe)(struct usb_serial *);
7575 - void (*setup)(struct usb_serial *); /* Special settings during startup. */
7576 + void (*port_probe)(struct ftdi_private *); /* Special settings for probed ports. */
7577 };
7579 static int ftdi_olimex_probe (struct usb_serial *serial);
7580 -static void ftdi_USB_UIRT_setup (struct usb_serial *serial);
7581 -static void ftdi_HE_TIRA1_setup (struct usb_serial *serial);
7582 +static void ftdi_USB_UIRT_setup (struct ftdi_private *priv);
7583 +static void ftdi_HE_TIRA1_setup (struct ftdi_private *priv);
7585 static struct ftdi_sio_quirk ftdi_olimex_quirk = {
7586 .probe = ftdi_olimex_probe,
7587 };
7589 static struct ftdi_sio_quirk ftdi_USB_UIRT_quirk = {
7590 - .setup = ftdi_USB_UIRT_setup,
7591 + .port_probe = ftdi_USB_UIRT_setup,
7592 };
7594 static struct ftdi_sio_quirk ftdi_HE_TIRA1_quirk = {
7595 - .setup = ftdi_HE_TIRA1_setup,
7596 + .port_probe = ftdi_HE_TIRA1_setup,
7597 };
7599 /*
7600 @@ -567,38 +599,6 @@ static const char *ftdi_chip_name[] = {
7601 #define THROTTLED 0x01
7602 #define ACTUALLY_THROTTLED 0x02
7604 -struct ftdi_private {
7605 - ftdi_chip_type_t chip_type;
7606 - /* type of the device, either SIO or FT8U232AM */
7607 - int baud_base; /* baud base clock for divisor setting */
7608 - int custom_divisor; /* custom_divisor kludge, this is for baud_base (different from what goes to the chip!) */
7609 - __u16 last_set_data_urb_value ;
7610 - /* the last data state set - needed for doing a break */
7611 - int write_offset; /* This is the offset in the usb data block to write the serial data -
7612 - * it is different between devices
7613 - */
7614 - int flags; /* some ASYNC_xxxx flags are supported */
7615 - unsigned long last_dtr_rts; /* saved modem control outputs */
7616 - wait_queue_head_t delta_msr_wait; /* Used for TIOCMIWAIT */
7617 - char prev_status, diff_status; /* Used for TIOCMIWAIT */
7618 - __u8 rx_flags; /* receive state flags (throttling) */
7619 - spinlock_t rx_lock; /* spinlock for receive state */
7620 - struct delayed_work rx_work;
7621 - struct usb_serial_port *port;
7622 - int rx_processed;
7623 - unsigned long rx_bytes;
7624 -
7625 - __u16 interface; /* FT2232C port interface (0 for FT232/245) */
7626 -
7627 - int force_baud; /* if non-zero, force the baud rate to this value */
7628 - int force_rtscts; /* if non-zero, force RTS-CTS to always be enabled */
7629 -
7630 - spinlock_t tx_lock; /* spinlock for transmit state */
7631 - unsigned long tx_bytes;
7632 - unsigned long tx_outstanding_bytes;
7633 - unsigned long tx_outstanding_urbs;
7634 -};
7635 -
7636 /* Used for TIOCMIWAIT */
7637 #define FTDI_STATUS_B0_MASK (FTDI_RS0_CTS | FTDI_RS0_DSR | FTDI_RS0_RI | FTDI_RS0_RLSD)
7638 #define FTDI_STATUS_B1_MASK (FTDI_RS_BI)
7639 @@ -609,7 +609,6 @@ struct ftdi_private {
7641 /* function prototypes for a FTDI serial converter */
7642 static int ftdi_sio_probe (struct usb_serial *serial, const struct usb_device_id *id);
7643 -static int ftdi_sio_attach (struct usb_serial *serial);
7644 static void ftdi_shutdown (struct usb_serial *serial);
7645 static int ftdi_sio_port_probe (struct usb_serial_port *port);
7646 static int ftdi_sio_port_remove (struct usb_serial_port *port);
7647 @@ -663,7 +662,6 @@ static struct usb_serial_driver ftdi_sio_device = {
7648 .ioctl = ftdi_ioctl,
7649 .set_termios = ftdi_set_termios,
7650 .break_ctl = ftdi_break_ctl,
7651 - .attach = ftdi_sio_attach,
7652 .shutdown = ftdi_shutdown,
7653 };
7655 @@ -1198,6 +1196,8 @@ static int ftdi_sio_probe (struct usb_serial *serial, const struct usb_device_id
7656 static int ftdi_sio_port_probe(struct usb_serial_port *port)
7657 {
7658 struct ftdi_private *priv;
7659 + struct ftdi_sio_quirk *quirk = usb_get_serial_data(port->serial);
7660 +
7662 dbg("%s",__FUNCTION__);
7664 @@ -1214,6 +1214,9 @@ static int ftdi_sio_port_probe(struct usb_serial_port *port)
7665 than queue a task to deliver them */
7666 priv->flags = ASYNC_LOW_LATENCY;
7668 + if (quirk && quirk->port_probe)
7669 + quirk->port_probe(priv);
7670 +
7671 /* Increase the size of read buffers */
7672 kfree(port->bulk_in_buffer);
7673 port->bulk_in_buffer = kmalloc (BUFSZ, GFP_KERNEL);
7674 @@ -1244,29 +1247,13 @@ static int ftdi_sio_port_probe(struct usb_serial_port *port)
7675 return 0;
7676 }
7678 -/* attach subroutine */
7679 -static int ftdi_sio_attach (struct usb_serial *serial)
7680 -{
7681 - /* Check for device requiring special set up. */
7682 - struct ftdi_sio_quirk *quirk = usb_get_serial_data(serial);
7683 -
7684 - if (quirk && quirk->setup)
7685 - quirk->setup(serial);
7686 -
7687 - return 0;
7688 -} /* ftdi_sio_attach */
7689 -
7690 -
7691 /* Setup for the USB-UIRT device, which requires hardwired
7692 * baudrate (38400 gets mapped to 312500) */
7693 /* Called from usbserial:serial_probe */
7694 -static void ftdi_USB_UIRT_setup (struct usb_serial *serial)
7695 +static void ftdi_USB_UIRT_setup (struct ftdi_private *priv)
7696 {
7697 - struct ftdi_private *priv;
7698 -
7699 dbg("%s",__FUNCTION__);
7701 - priv = usb_get_serial_port_data(serial->port[0]);
7702 priv->flags |= ASYNC_SPD_CUST;
7703 priv->custom_divisor = 77;
7704 priv->force_baud = B38400;
7705 @@ -1274,13 +1261,10 @@ static void ftdi_USB_UIRT_setup (struct usb_serial *serial)
7707 /* Setup for the HE-TIRA1 device, which requires hardwired
7708 * baudrate (38400 gets mapped to 100000) and RTS-CTS enabled. */
7709 -static void ftdi_HE_TIRA1_setup (struct usb_serial *serial)
7710 +static void ftdi_HE_TIRA1_setup (struct ftdi_private *priv)
7711 {
7712 - struct ftdi_private *priv;
7713 -
7714 dbg("%s",__FUNCTION__);
7716 - priv = usb_get_serial_port_data(serial->port[0]);
7717 priv->flags |= ASYNC_SPD_CUST;
7718 priv->custom_divisor = 240;
7719 priv->force_baud = B38400;
7720 diff --git a/drivers/usb/serial/generic.c b/drivers/usb/serial/generic.c
7721 index 4f8282a..c36eb79 100644
7722 --- a/drivers/usb/serial/generic.c
7723 +++ b/drivers/usb/serial/generic.c
7724 @@ -190,14 +190,15 @@ int usb_serial_generic_write(struct usb_serial_port *port, const unsigned char *
7726 /* only do something if we have a bulk out endpoint */
7727 if (serial->num_bulk_out) {
7728 - spin_lock_bh(&port->lock);
7729 + unsigned long flags;
7730 + spin_lock_irqsave(&port->lock, flags);
7731 if (port->write_urb_busy) {
7732 - spin_unlock_bh(&port->lock);
7733 + spin_unlock_irqrestore(&port->lock, flags);
7734 dbg("%s - already writing", __FUNCTION__);
7735 return 0;
7736 }
7737 port->write_urb_busy = 1;
7738 - spin_unlock_bh(&port->lock);
7739 + spin_unlock_irqrestore(&port->lock, flags);
7741 count = (count > port->bulk_out_size) ? port->bulk_out_size : count;
7743 diff --git a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c
7744 index 056e192..0f99e07 100644
7745 --- a/drivers/usb/serial/io_edgeport.c
7746 +++ b/drivers/usb/serial/io_edgeport.c
7747 @@ -2366,9 +2366,8 @@ static int send_cmd_write_baud_rate (struct edgeport_port *edge_port, int baudRa
7748 int status;
7749 unsigned char number = edge_port->port->number - edge_port->port->serial->minor;
7751 - if ((!edge_serial->is_epic) ||
7752 - ((edge_serial->is_epic) &&
7753 - (!edge_serial->epic_descriptor.Supports.IOSPSetBaudRate))) {
7754 + if (edge_serial->is_epic &&
7755 + !edge_serial->epic_descriptor.Supports.IOSPSetBaudRate) {
7756 dbg("SendCmdWriteBaudRate - NOT Setting baud rate for port = %d, baud = %d",
7757 edge_port->port->number, baudRate);
7758 return 0;
7759 @@ -2461,18 +2460,16 @@ static int send_cmd_write_uart_register (struct edgeport_port *edge_port, __u8 r
7761 dbg("%s - write to %s register 0x%02x", (regNum == MCR) ? "MCR" : "LCR", __FUNCTION__, regValue);
7763 - if ((!edge_serial->is_epic) ||
7764 - ((edge_serial->is_epic) &&
7765 - (!edge_serial->epic_descriptor.Supports.IOSPWriteMCR) &&
7766 - (regNum == MCR))) {
7767 + if (edge_serial->is_epic &&
7768 + !edge_serial->epic_descriptor.Supports.IOSPWriteMCR &&
7769 + regNum == MCR) {
7770 dbg("SendCmdWriteUartReg - Not writing to MCR Register");
7771 return 0;
7772 }
7774 - if ((!edge_serial->is_epic) ||
7775 - ((edge_serial->is_epic) &&
7776 - (!edge_serial->epic_descriptor.Supports.IOSPWriteLCR) &&
7777 - (regNum == LCR))) {
7778 + if (edge_serial->is_epic &&
7779 + !edge_serial->epic_descriptor.Supports.IOSPWriteLCR &&
7780 + regNum == LCR) {
7781 dbg ("SendCmdWriteUartReg - Not writing to LCR Register");
7782 return 0;
7783 }
7784 diff --git a/drivers/usb/serial/kobil_sct.c b/drivers/usb/serial/kobil_sct.c
7785 index 0683b51..6f22419 100644
7786 --- a/drivers/usb/serial/kobil_sct.c
7787 +++ b/drivers/usb/serial/kobil_sct.c
7788 @@ -82,6 +82,7 @@ static int kobil_tiocmset(struct usb_serial_port *port, struct file *file,
7789 unsigned int set, unsigned int clear);
7790 static void kobil_read_int_callback( struct urb *urb );
7791 static void kobil_write_callback( struct urb *purb );
7792 +static void kobil_set_termios(struct usb_serial_port *port, struct ktermios *old);
7795 static struct usb_device_id id_table [] = {
7796 @@ -119,6 +120,7 @@ static struct usb_serial_driver kobil_device = {
7797 .attach = kobil_startup,
7798 .shutdown = kobil_shutdown,
7799 .ioctl = kobil_ioctl,
7800 + .set_termios = kobil_set_termios,
7801 .tiocmget = kobil_tiocmget,
7802 .tiocmset = kobil_tiocmset,
7803 .open = kobil_open,
7804 @@ -137,7 +139,6 @@ struct kobil_private {
7805 int cur_pos; // index of the next char to send in buf
7806 __u16 device_type;
7807 int line_state;
7808 - struct ktermios internal_termios;
7809 };
7812 @@ -216,7 +217,7 @@ static void kobil_shutdown (struct usb_serial *serial)
7814 static int kobil_open (struct usb_serial_port *port, struct file *filp)
7815 {
7816 - int i, result = 0;
7817 + int result = 0;
7818 struct kobil_private *priv;
7819 unsigned char *transfer_buffer;
7820 int transfer_buffer_length = 8;
7821 @@ -242,16 +243,6 @@ static int kobil_open (struct usb_serial_port *port, struct file *filp)
7822 port->tty->termios->c_iflag = IGNBRK | IGNPAR | IXOFF;
7823 port->tty->termios->c_oflag &= ~ONLCR; // do NOT translate CR to CR-NL (0x0A -> 0x0A 0x0D)
7825 - // set up internal termios structure
7826 - priv->internal_termios.c_iflag = port->tty->termios->c_iflag;
7827 - priv->internal_termios.c_oflag = port->tty->termios->c_oflag;
7828 - priv->internal_termios.c_cflag = port->tty->termios->c_cflag;
7829 - priv->internal_termios.c_lflag = port->tty->termios->c_lflag;
7830 -
7831 - for (i=0; i<NCCS; i++) {
7832 - priv->internal_termios.c_cc[i] = port->tty->termios->c_cc[i];
7833 - }
7834 -
7835 // allocate memory for transfer buffer
7836 transfer_buffer = kzalloc(transfer_buffer_length, GFP_KERNEL);
7837 if (! transfer_buffer) {
7838 @@ -358,24 +349,26 @@ static void kobil_close (struct usb_serial_port *port, struct file *filp)
7839 }
7842 -static void kobil_read_int_callback( struct urb *purb)
7843 +static void kobil_read_int_callback(struct urb *urb)
7844 {
7845 int result;
7846 - struct usb_serial_port *port = (struct usb_serial_port *) purb->context;
7847 + struct usb_serial_port *port = urb->context;
7848 struct tty_struct *tty;
7849 - unsigned char *data = purb->transfer_buffer;
7850 + unsigned char *data = urb->transfer_buffer;
7851 + int status = urb->status;
7852 // char *dbg_data;
7854 dbg("%s - port %d", __FUNCTION__, port->number);
7856 - if (purb->status) {
7857 - dbg("%s - port %d Read int status not zero: %d", __FUNCTION__, port->number, purb->status);
7858 + if (status) {
7859 + dbg("%s - port %d Read int status not zero: %d",
7860 + __FUNCTION__, port->number, status);
7861 return;
7862 }
7863 -
7864 - tty = port->tty;
7865 - if (purb->actual_length) {
7866 -
7867 +
7868 + tty = port->tty;
7869 + if (urb->actual_length) {
7870 +
7871 // BEGIN DEBUG
7872 /*
7873 dbg_data = kzalloc((3 * purb->actual_length + 10) * sizeof(char), GFP_KERNEL);
7874 @@ -390,15 +383,15 @@ static void kobil_read_int_callback( struct urb *purb)
7875 */
7876 // END DEBUG
7878 - tty_buffer_request_room(tty, purb->actual_length);
7879 - tty_insert_flip_string(tty, data, purb->actual_length);
7880 + tty_buffer_request_room(tty, urb->actual_length);
7881 + tty_insert_flip_string(tty, data, urb->actual_length);
7882 tty_flip_buffer_push(tty);
7883 }
7885 // someone sets the dev to 0 if the close method has been called
7886 port->interrupt_in_urb->dev = port->serial->dev;
7888 - result = usb_submit_urb( port->interrupt_in_urb, GFP_ATOMIC );
7889 + result = usb_submit_urb(port->interrupt_in_urb, GFP_ATOMIC);
7890 dbg("%s - port %d Send read URB returns: %i", __FUNCTION__, port->number, result);
7891 }
7893 @@ -605,102 +598,79 @@ static int kobil_tiocmset(struct usb_serial_port *port, struct file *file,
7894 return (result < 0) ? result : 0;
7895 }
7897 -
7898 -static int kobil_ioctl(struct usb_serial_port *port, struct file *file,
7899 - unsigned int cmd, unsigned long arg)
7900 +static void kobil_set_termios(struct usb_serial_port *port, struct ktermios *old)
7901 {
7902 struct kobil_private * priv;
7903 int result;
7904 unsigned short urb_val = 0;
7905 - unsigned char *transfer_buffer;
7906 - int transfer_buffer_length = 8;
7907 - char *settings;
7908 - void __user *user_arg = (void __user *)arg;
7909 + int c_cflag = port->tty->termios->c_cflag;
7910 + speed_t speed;
7911 + void * settings;
7913 priv = usb_get_serial_port_data(port);
7914 - if ((priv->device_type == KOBIL_USBTWIN_PRODUCT_ID) || (priv->device_type == KOBIL_KAAN_SIM_PRODUCT_ID)) {
7915 + if (priv->device_type == KOBIL_USBTWIN_PRODUCT_ID || priv->device_type == KOBIL_KAAN_SIM_PRODUCT_ID)
7916 // This device doesn't support ioctl calls
7917 - return 0;
7918 - }
7919 -
7920 - switch (cmd) {
7921 - case TCGETS: // 0x5401
7922 - if (!access_ok(VERIFY_WRITE, user_arg, sizeof(struct ktermios))) {
7923 - dbg("%s - port %d Error in access_ok", __FUNCTION__, port->number);
7924 - return -EFAULT;
7925 - }
7926 - if (kernel_termios_to_user_termios((struct ktermios __user *)arg,
7927 - &priv->internal_termios))
7928 - return -EFAULT;
7929 - return 0;
7930 -
7931 - case TCSETS: // 0x5402
7932 - if (!(port->tty->termios)) {
7933 - dbg("%s - port %d Error: port->tty->termios is NULL", __FUNCTION__, port->number);
7934 - return -ENOTTY;
7935 - }
7936 - if (!access_ok(VERIFY_READ, user_arg, sizeof(struct ktermios))) {
7937 - dbg("%s - port %d Error in access_ok", __FUNCTION__, port->number);
7938 - return -EFAULT;
7939 - }
7940 - if (user_termios_to_kernel_termios(&priv->internal_termios,
7941 - (struct ktermios __user *)arg))
7942 - return -EFAULT;
7943 -
7944 - settings = kzalloc(50, GFP_KERNEL);
7945 - if (! settings) {
7946 - return -ENOBUFS;
7947 - }
7948 + return;
7950 - switch (priv->internal_termios.c_cflag & CBAUD) {
7951 - case B1200:
7952 + switch (speed = tty_get_baud_rate(port->tty)) {
7953 + case 1200:
7954 urb_val = SUSBCR_SBR_1200;
7955 - strcat(settings, "1200 ");
7956 break;
7957 - case B9600:
7958 + case 9600:
7959 default:
7960 urb_val = SUSBCR_SBR_9600;
7961 - strcat(settings, "9600 ");
7962 break;
7963 - }
7964 + }
7965 + urb_val |= (c_cflag & CSTOPB) ? SUSBCR_SPASB_2StopBits : SUSBCR_SPASB_1StopBit;
7967 - urb_val |= (priv->internal_termios.c_cflag & CSTOPB) ? SUSBCR_SPASB_2StopBits : SUSBCR_SPASB_1StopBit;
7968 - strcat(settings, (priv->internal_termios.c_cflag & CSTOPB) ? "2 StopBits " : "1 StopBit ");
7969 + settings = kzalloc(50, GFP_KERNEL);
7970 + if (! settings)
7971 + return;
7973 - if (priv->internal_termios.c_cflag & PARENB) {
7974 - if (priv->internal_termios.c_cflag & PARODD) {
7975 - urb_val |= SUSBCR_SPASB_OddParity;
7976 - strcat(settings, "Odd Parity");
7977 - } else {
7978 - urb_val |= SUSBCR_SPASB_EvenParity;
7979 - strcat(settings, "Even Parity");
7980 - }
7981 + sprintf(settings, "%d ", speed);
7982 +
7983 + if (c_cflag & PARENB) {
7984 + if (c_cflag & PARODD) {
7985 + urb_val |= SUSBCR_SPASB_OddParity;
7986 + strcat(settings, "Odd Parity");
7987 } else {
7988 - urb_val |= SUSBCR_SPASB_NoParity;
7989 - strcat(settings, "No Parity");
7990 + urb_val |= SUSBCR_SPASB_EvenParity;
7991 + strcat(settings, "Even Parity");
7992 }
7993 - dbg("%s - port %d setting port to: %s", __FUNCTION__, port->number, settings );
7994 + } else {
7995 + urb_val |= SUSBCR_SPASB_NoParity;
7996 + strcat(settings, "No Parity");
7997 + }
7999 - result = usb_control_msg( port->serial->dev,
8000 - usb_rcvctrlpipe(port->serial->dev, 0 ),
8001 - SUSBCRequest_SetBaudRateParityAndStopBits,
8002 - USB_TYPE_VENDOR | USB_RECIP_ENDPOINT | USB_DIR_OUT,
8003 - urb_val,
8004 - 0,
8005 - settings,
8006 - 0,
8007 - KOBIL_TIMEOUT
8008 - );
8009 + result = usb_control_msg( port->serial->dev,
8010 + usb_rcvctrlpipe(port->serial->dev, 0 ),
8011 + SUSBCRequest_SetBaudRateParityAndStopBits,
8012 + USB_TYPE_VENDOR | USB_RECIP_ENDPOINT | USB_DIR_OUT,
8013 + urb_val,
8014 + 0,
8015 + settings,
8016 + 0,
8017 + KOBIL_TIMEOUT
8018 + );
8019 + kfree(settings);
8020 +}
8022 - dbg("%s - port %d Send set_baudrate URB returns: %i", __FUNCTION__, port->number, result);
8023 - kfree(settings);
8024 +static int kobil_ioctl(struct usb_serial_port *port, struct file * file, unsigned int cmd, unsigned long arg)
8025 +{
8026 + struct kobil_private * priv = usb_get_serial_port_data(port);
8027 + unsigned char *transfer_buffer;
8028 + int transfer_buffer_length = 8;
8029 + int result;
8030 +
8031 + if (priv->device_type == KOBIL_USBTWIN_PRODUCT_ID || priv->device_type == KOBIL_KAAN_SIM_PRODUCT_ID)
8032 + // This device doesn't support ioctl calls
8033 return 0;
8035 + switch (cmd) {
8036 case TCFLSH: // 0x540B
8037 transfer_buffer = kmalloc(transfer_buffer_length, GFP_KERNEL);
8038 - if (! transfer_buffer) {
8039 + if (! transfer_buffer)
8040 return -ENOBUFS;
8041 - }
8043 result = usb_control_msg( port->serial->dev,
8044 usb_rcvctrlpipe(port->serial->dev, 0 ),
8045 @@ -714,15 +684,13 @@ static int kobil_ioctl(struct usb_serial_port *port, struct file *file,
8046 );
8048 dbg("%s - port %d Send reset_all_queues (FLUSH) URB returns: %i", __FUNCTION__, port->number, result);
8049 -
8050 kfree(transfer_buffer);
8051 - return ((result < 0) ? -EFAULT : 0);
8052 -
8053 + return (result < 0) ? -EFAULT : 0;
8054 + default:
8055 + return -ENOIOCTLCMD;
8056 }
8057 - return -ENOIOCTLCMD;
8058 }
8060 -
8061 static int __init kobil_init (void)
8062 {
8063 int retval;
8064 diff --git a/drivers/video/backlight/cr_bllcd.c b/drivers/video/backlight/cr_bllcd.c
8065 index e9bbc34..1b3f658 100644
8066 --- a/drivers/video/backlight/cr_bllcd.c
8067 +++ b/drivers/video/backlight/cr_bllcd.c
8068 @@ -174,7 +174,7 @@ static int cr_backlight_probe(struct platform_device *pdev)
8069 struct cr_panel *crp;
8070 u8 dev_en;
8072 - crp = kzalloc(sizeof(crp), GFP_KERNEL);
8073 + crp = kzalloc(sizeof(*crp), GFP_KERNEL);
8074 if (crp == NULL)
8075 return -ENOMEM;
8077 diff --git a/drivers/video/fb_ddc.c b/drivers/video/fb_ddc.c
8078 index f836137..a0df632 100644
8079 --- a/drivers/video/fb_ddc.c
8080 +++ b/drivers/video/fb_ddc.c
8081 @@ -56,13 +56,12 @@ unsigned char *fb_ddc_read(struct i2c_adapter *adapter)
8082 int i, j;
8084 algo_data->setscl(algo_data->data, 1);
8085 - algo_data->setscl(algo_data->data, 0);
8087 for (i = 0; i < 3; i++) {
8088 /* For some old monitors we need the
8089 * following process to initialize/stop DDC
8090 */
8091 - algo_data->setsda(algo_data->data, 0);
8092 + algo_data->setsda(algo_data->data, 1);
8093 msleep(13);
8095 algo_data->setscl(algo_data->data, 1);
8096 @@ -97,14 +96,15 @@ unsigned char *fb_ddc_read(struct i2c_adapter *adapter)
8097 algo_data->setsda(algo_data->data, 1);
8098 msleep(15);
8099 algo_data->setscl(algo_data->data, 0);
8100 + algo_data->setsda(algo_data->data, 0);
8101 if (edid)
8102 break;
8103 }
8104 /* Release the DDC lines when done or the Apple Cinema HD display
8105 * will switch off
8106 */
8107 - algo_data->setsda(algo_data->data, 0);
8108 - algo_data->setscl(algo_data->data, 0);
8109 + algo_data->setsda(algo_data->data, 1);
8110 + algo_data->setscl(algo_data->data, 1);
8112 return edid;
8113 }
8114 diff --git a/drivers/video/macmodes.c b/drivers/video/macmodes.c
8115 index ab21495..083f603 100644
8116 --- a/drivers/video/macmodes.c
8117 +++ b/drivers/video/macmodes.c
8118 @@ -369,9 +369,8 @@ EXPORT_SYMBOL(mac_map_monitor_sense);
8119 *
8120 */
8122 -int __devinit mac_find_mode(struct fb_var_screeninfo *var,
8123 - struct fb_info *info, const char *mode_option,
8124 - unsigned int default_bpp)
8125 +int mac_find_mode(struct fb_var_screeninfo *var, struct fb_info *info,
8126 + const char *mode_option, unsigned int default_bpp)
8127 {
8128 const struct fb_videomode *db = NULL;
8129 unsigned int dbsize = 0;
8130 diff --git a/drivers/video/macmodes.h b/drivers/video/macmodes.h
8131 index babeb81..b86ba08 100644
8132 --- a/drivers/video/macmodes.h
8133 +++ b/drivers/video/macmodes.h
8134 @@ -55,10 +55,10 @@ extern int mac_vmode_to_var(int vmode, int cmode,
8135 extern int mac_var_to_vmode(const struct fb_var_screeninfo *var, int *vmode,
8136 int *cmode);
8137 extern int mac_map_monitor_sense(int sense);
8138 -extern int __devinit mac_find_mode(struct fb_var_screeninfo *var,
8139 - struct fb_info *info,
8140 - const char *mode_option,
8141 - unsigned int default_bpp);
8142 +extern int mac_find_mode(struct fb_var_screeninfo *var,
8143 + struct fb_info *info,
8144 + const char *mode_option,
8145 + unsigned int default_bpp);
8148 /*
8149 diff --git a/drivers/video/stifb.c b/drivers/video/stifb.c
8150 index c97709e..e7c8db2 100644
8151 --- a/drivers/video/stifb.c
8152 +++ b/drivers/video/stifb.c
8153 @@ -1100,13 +1100,18 @@ stifb_init_fb(struct sti_struct *sti, int bpp_pref)
8154 /* only supported cards are allowed */
8155 switch (fb->id) {
8156 case CRT_ID_VISUALIZE_EG:
8157 - /* look for a double buffering device like e.g. the
8158 - "INTERNAL_EG_DX1024" in the RDI precisionbook laptop
8159 - which won't work. The same device in non-double
8160 - buffering mode returns "INTERNAL_EG_X1024". */
8161 - if (strstr(sti->outptr.dev_name, "EG_DX")) {
8162 - printk(KERN_WARNING
8163 - "stifb: ignoring '%s'. Disable double buffering in IPL menu.\n",
8164 + /* Visualize cards can run either in "double buffer" or
8165 + "standard" mode. Depending on the mode, the card reports
8166 + a different device name, e.g. "INTERNAL_EG_DX1024" in double
8167 + buffer mode and "INTERNAL_EG_X1024" in standard mode.
8168 + Since this driver only supports standard mode, we check
8169 + if the device name contains the string "DX" and tell the
8170 + user how to reconfigure the card. */
8171 + if (strstr(sti->outptr.dev_name, "DX")) {
8172 + printk(KERN_WARNING "WARNING: stifb framebuffer driver does not "
8173 + "support '%s' in double-buffer mode.\n"
8174 + KERN_WARNING "WARNING: Please disable the double-buffer mode "
8175 + "in IPL menu (the PARISC-BIOS).\n",
8176 sti->outptr.dev_name);
8177 goto out_err0;
8178 }
8179 diff --git a/fs/9p/conv.c b/fs/9p/conv.c
8180 index a3ed571..923d75c 100644
8181 --- a/fs/9p/conv.c
8182 +++ b/fs/9p/conv.c
8183 @@ -742,6 +742,7 @@ struct v9fs_fcall *v9fs_create_twrite(u32 fid, u64 offset, u32 count,
8184 if (err) {
8185 kfree(fc);
8186 fc = ERR_PTR(err);
8187 + goto error;
8188 }
8190 if (buf_check_overflow(bufp)) {
8191 diff --git a/fs/afs/mntpt.c b/fs/afs/mntpt.c
8192 index a3684dc..6f8c96f 100644
8193 --- a/fs/afs/mntpt.c
8194 +++ b/fs/afs/mntpt.c
8195 @@ -235,8 +235,8 @@ static void *afs_mntpt_follow_link(struct dentry *dentry, struct nameidata *nd)
8196 err = do_add_mount(newmnt, nd, MNT_SHRINKABLE, &afs_vfsmounts);
8197 switch (err) {
8198 case 0:
8199 - mntput(nd->mnt);
8200 dput(nd->dentry);
8201 + mntput(nd->mnt);
8202 nd->mnt = newmnt;
8203 nd->dentry = dget(newmnt->mnt_root);
8204 schedule_delayed_work(&afs_mntpt_expiry_timer,
8205 diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
8206 index 07838b2..d05c108 100644
8207 --- a/fs/cifs/cifs_debug.c
8208 +++ b/fs/cifs/cifs_debug.c
8209 @@ -901,90 +901,14 @@ security_flags_write(struct file *file, const char __user *buffer,
8210 }
8211 /* flags look ok - update the global security flags for cifs module */
8212 extended_security = flags;
8213 + if (extended_security & CIFSSEC_MUST_SIGN) {
8214 + /* requiring signing implies signing is allowed */
8215 + extended_security |= CIFSSEC_MAY_SIGN;
8216 + cFYI(1, ("packet signing now required"));
8217 + } else if ((extended_security & CIFSSEC_MAY_SIGN) == 0) {
8218 + cFYI(1, ("packet signing disabled"));
8219 + }
8220 + /* BB should we turn on MAY flags for other MUST options? */
8221 return count;
8222 }
8223 -
8224 -/* static int
8225 -ntlmv2_enabled_read(char *page, char **start, off_t off,
8226 - int count, int *eof, void *data)
8227 -{
8228 - int len;
8229 -
8230 - len = sprintf(page, "%d\n", ntlmv2_support);
8231 -
8232 - len -= off;
8233 - *start = page + off;
8234 -
8235 - if (len > count)
8236 - len = count;
8237 - else
8238 - *eof = 1;
8239 -
8240 - if (len < 0)
8241 - len = 0;
8242 -
8243 - return len;
8244 -}
8245 -static int
8246 -ntlmv2_enabled_write(struct file *file, const char __user *buffer,
8247 - unsigned long count, void *data)
8248 -{
8249 - char c;
8250 - int rc;
8251 -
8252 - rc = get_user(c, buffer);
8253 - if (rc)
8254 - return rc;
8255 - if (c == '0' || c == 'n' || c == 'N')
8256 - ntlmv2_support = 0;
8257 - else if (c == '1' || c == 'y' || c == 'Y')
8258 - ntlmv2_support = 1;
8259 - else if (c == '2')
8260 - ntlmv2_support = 2;
8261 -
8262 - return count;
8263 -}
8264 -
8265 -static int
8266 -packet_signing_enabled_read(char *page, char **start, off_t off,
8267 - int count, int *eof, void *data)
8268 -{
8269 - int len;
8270 -
8271 - len = sprintf(page, "%d\n", sign_CIFS_PDUs);
8272 -
8273 - len -= off;
8274 - *start = page + off;
8275 -
8276 - if (len > count)
8277 - len = count;
8278 - else
8279 - *eof = 1;
8280 -
8281 - if (len < 0)
8282 - len = 0;
8283 -
8284 - return len;
8285 -}
8286 -static int
8287 -packet_signing_enabled_write(struct file *file, const char __user *buffer,
8288 - unsigned long count, void *data)
8289 -{
8290 - char c;
8291 - int rc;
8292 -
8293 - rc = get_user(c, buffer);
8294 - if (rc)
8295 - return rc;
8296 - if (c == '0' || c == 'n' || c == 'N')
8297 - sign_CIFS_PDUs = 0;
8298 - else if (c == '1' || c == 'y' || c == 'Y')
8299 - sign_CIFS_PDUs = 1;
8300 - else if (c == '2')
8301 - sign_CIFS_PDUs = 2;
8302 -
8303 - return count;
8304 -} */
8305 -
8306 -
8307 #endif
8308 diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
8309 index 23655de..5d6f120 100644
8310 --- a/fs/cifs/cifsglob.h
8311 +++ b/fs/cifs/cifsglob.h
8312 @@ -442,6 +442,17 @@ struct dir_notify_req {
8313 #define CIFS_LARGE_BUFFER 2
8314 #define CIFS_IOVEC 4 /* array of response buffers */
8316 +/* Type of Request to SendReceive2 */
8317 +#define CIFS_STD_OP 0 /* normal request timeout */
8318 +#define CIFS_LONG_OP 1 /* long op (up to 45 sec, oplock time) */
8319 +#define CIFS_VLONG_OP 2 /* sloow op - can take up to 180 seconds */
8320 +#define CIFS_BLOCKING_OP 4 /* operation can block */
8321 +#define CIFS_ASYNC_OP 8 /* do not wait for response */
8322 +#define CIFS_TIMEOUT_MASK 0x00F /* only one of 5 above set in req */
8323 +#define CIFS_LOG_ERROR 0x010 /* log NT STATUS if non-zero */
8324 +#define CIFS_LARGE_BUF_OP 0x020 /* large request buffer */
8325 +#define CIFS_NO_RESP 0x040 /* no response buffer required */
8326 +
8327 /* Security Flags: indicate type of session setup needed */
8328 #define CIFSSEC_MAY_SIGN 0x00001
8329 #define CIFSSEC_MAY_NTLM 0x00002
8330 diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
8331 index 5d163e2..f324ccc 100644
8332 --- a/fs/cifs/cifsproto.h
8333 +++ b/fs/cifs/cifsproto.h
8334 @@ -48,9 +48,11 @@ extern int SendReceive(const unsigned int /* xid */ , struct cifsSesInfo *,
8335 struct smb_hdr * /* input */ ,
8336 struct smb_hdr * /* out */ ,
8337 int * /* bytes returned */ , const int long_op);
8338 +extern int SendReceiveNoRsp(const unsigned int xid, struct cifsSesInfo *ses,
8339 + struct smb_hdr *in_buf, int flags);
8340 extern int SendReceive2(const unsigned int /* xid */ , struct cifsSesInfo *,
8341 struct kvec *, int /* nvec to send */,
8342 - int * /* type of buf returned */ , const int long_op);
8343 + int * /* type of buf returned */ , const int flags);
8344 extern int SendReceiveBlockingLock(const unsigned int /* xid */ ,
8345 struct cifsTconInfo *,
8346 struct smb_hdr * /* input */ ,
8347 diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
8348 index 57419a1..db8d110 100644
8349 --- a/fs/cifs/cifssmb.c
8350 +++ b/fs/cifs/cifssmb.c
8351 @@ -426,11 +426,11 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
8353 /* if any of auth flags (ie not sign or seal) are overriden use them */
8354 if(ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
8355 - secFlags = ses->overrideSecFlg;
8356 + secFlags = ses->overrideSecFlg; /* BB FIXME fix sign flags? */
8357 else /* if override flags set only sign/seal OR them with global auth */
8358 secFlags = extended_security | ses->overrideSecFlg;
8360 - cFYI(1,("secFlags 0x%x",secFlags));
8361 + cFYI(1, ("secFlags 0x%x", secFlags));
8363 pSMB->hdr.Mid = GetNextMid(server);
8364 pSMB->hdr.Flags2 |= (SMBFLG2_UNICODE | SMBFLG2_ERR_STATUS);
8365 @@ -633,22 +633,32 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
8366 #ifdef CONFIG_CIFS_WEAK_PW_HASH
8367 signing_check:
8368 #endif
8369 - if(sign_CIFS_PDUs == FALSE) {
8370 + if ((secFlags & CIFSSEC_MAY_SIGN) == 0) {
8371 + /* MUST_SIGN already includes the MAY_SIGN FLAG
8372 + so if this is zero it means that signing is disabled */
8373 + cFYI(1, ("Signing disabled"));
8374 if(server->secMode & SECMODE_SIGN_REQUIRED)
8375 - cERROR(1,("Server requires "
8376 - "/proc/fs/cifs/PacketSigningEnabled to be on"));
8377 + cERROR(1, ("Server requires "
8378 + "/proc/fs/cifs/PacketSigningEnabled "
8379 + "to be on"));
8380 server->secMode &=
8381 ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
8382 - } else if(sign_CIFS_PDUs == 1) {
8383 + } else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
8384 + /* signing required */
8385 + cFYI(1, ("Must sign - secFlags 0x%x", secFlags));
8386 + if((server->secMode &
8387 + (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
8388 + cERROR(1,
8389 + ("signing required but server lacks support"));
8390 + } else
8391 + server->secMode |= SECMODE_SIGN_REQUIRED;
8392 + } else {
8393 + /* signing optional ie CIFSSEC_MAY_SIGN */
8394 if((server->secMode & SECMODE_SIGN_REQUIRED) == 0)
8395 - server->secMode &=
8396 + server->secMode &=
8397 ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
8398 - } else if(sign_CIFS_PDUs == 2) {
8399 - if((server->secMode &
8400 - (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
8401 - cERROR(1,("signing required but server lacks support"));
8402 - }
8403 }
8404 +
8405 neg_err_exit:
8406 cifs_buf_release(pSMB);
8408 @@ -660,9 +670,7 @@ int
8409 CIFSSMBTDis(const int xid, struct cifsTconInfo *tcon)
8410 {
8411 struct smb_hdr *smb_buffer;
8412 - struct smb_hdr *smb_buffer_response; /* BB removeme BB */
8413 int rc = 0;
8414 - int length;
8416 cFYI(1, ("In tree disconnect"));
8417 /*
8418 @@ -699,16 +707,12 @@ CIFSSMBTDis(const int xid, struct cifsTconInfo *tcon)
8419 if (rc) {
8420 up(&tcon->tconSem);
8421 return rc;
8422 - } else {
8423 - smb_buffer_response = smb_buffer; /* BB removeme BB */
8424 }
8425 - rc = SendReceive(xid, tcon->ses, smb_buffer, smb_buffer_response,
8426 - &length, 0);
8427 +
8428 + rc = SendReceiveNoRsp(xid, tcon->ses, smb_buffer, 0);
8429 if (rc)
8430 cFYI(1, ("Tree disconnect failed %d", rc));
8432 - if (smb_buffer)
8433 - cifs_small_buf_release(smb_buffer);
8434 up(&tcon->tconSem);
8436 /* No need to return error on this operation if tid invalidated and
8437 @@ -722,10 +726,8 @@ CIFSSMBTDis(const int xid, struct cifsTconInfo *tcon)
8438 int
8439 CIFSSMBLogoff(const int xid, struct cifsSesInfo *ses)
8440 {
8441 - struct smb_hdr *smb_buffer_response;
8442 LOGOFF_ANDX_REQ *pSMB;
8443 int rc = 0;
8444 - int length;
8446 cFYI(1, ("In SMBLogoff for session disconnect"));
8447 if (ses)
8448 @@ -744,8 +746,6 @@ CIFSSMBLogoff(const int xid, struct cifsSesInfo *ses)
8449 return rc;
8450 }
8452 - smb_buffer_response = (struct smb_hdr *)pSMB; /* BB removeme BB */
8453 -
8454 if(ses->server) {
8455 pSMB->hdr.Mid = GetNextMid(ses->server);
8457 @@ -757,8 +757,7 @@ CIFSSMBLogoff(const int xid, struct cifsSesInfo *ses)
8458 pSMB->hdr.Uid = ses->Suid;
8460 pSMB->AndXCommand = 0xFF;
8461 - rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB,
8462 - smb_buffer_response, &length, 0);
8463 + rc = SendReceiveNoRsp(xid, ses, (struct smb_hdr *) pSMB, 0);
8464 if (ses->server) {
8465 atomic_dec(&ses->server->socketUseCount);
8466 if (atomic_read(&ses->server->socketUseCount) == 0) {
8467 @@ -769,7 +768,6 @@ CIFSSMBLogoff(const int xid, struct cifsSesInfo *ses)
8468 }
8469 }
8470 up(&ses->sesSem);
8471 - cifs_small_buf_release(pSMB);
8473 /* if session dead then we do not need to do ulogoff,
8474 since server closed smb session, no sense reporting
8475 @@ -1143,7 +1141,7 @@ OldOpenRetry:
8476 pSMB->ByteCount = cpu_to_le16(count);
8477 /* long_op set to 1 to allow for oplock break timeouts */
8478 rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8479 - (struct smb_hdr *) pSMBr, &bytes_returned, 1);
8480 + (struct smb_hdr *)pSMBr, &bytes_returned, CIFS_LONG_OP);
8481 cifs_stats_inc(&tcon->num_opens);
8482 if (rc) {
8483 cFYI(1, ("Error in Open = %d", rc));
8484 @@ -1257,7 +1255,7 @@ openRetry:
8485 pSMB->ByteCount = cpu_to_le16(count);
8486 /* long_op set to 1 to allow for oplock break timeouts */
8487 rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8488 - (struct smb_hdr *) pSMBr, &bytes_returned, 1);
8489 + (struct smb_hdr *)pSMBr, &bytes_returned, CIFS_LONG_OP);
8490 cifs_stats_inc(&tcon->num_opens);
8491 if (rc) {
8492 cFYI(1, ("Error in Open = %d", rc));
8493 @@ -1337,7 +1335,7 @@ CIFSSMBRead(const int xid, struct cifsTconInfo *tcon,
8494 iov[0].iov_len = pSMB->hdr.smb_buf_length + 4;
8495 rc = SendReceive2(xid, tcon->ses, iov,
8496 1 /* num iovecs */,
8497 - &resp_buf_type, 0);
8498 + &resp_buf_type, CIFS_STD_OP | CIFS_LOG_ERROR);
8499 cifs_stats_inc(&tcon->num_reads);
8500 pSMBr = (READ_RSP *)iov[0].iov_base;
8501 if (rc) {
8502 @@ -1596,7 +1594,7 @@ CIFSSMBLock(const int xid, struct cifsTconInfo *tcon,
8503 int timeout = 0;
8504 __u16 count;
8506 - cFYI(1, ("In CIFSSMBLock - timeout %d numLock %d",waitFlag,numLock));
8507 + cFYI(1, ("CIFSSMBLock timeout %d numLock %d", waitFlag, numLock));
8508 rc = small_smb_init(SMB_COM_LOCKING_ANDX, 8, tcon, (void **) &pSMB);
8510 if (rc)
8511 @@ -1605,10 +1603,10 @@ CIFSSMBLock(const int xid, struct cifsTconInfo *tcon,
8512 pSMBr = (LOCK_RSP *)pSMB; /* BB removeme BB */
8514 if(lockType == LOCKING_ANDX_OPLOCK_RELEASE) {
8515 - timeout = -1; /* no response expected */
8516 + timeout = CIFS_ASYNC_OP; /* no response expected */
8517 pSMB->Timeout = 0;
8518 } else if (waitFlag == TRUE) {
8519 - timeout = 3; /* blocking operation, no timeout */
8520 + timeout = CIFS_BLOCKING_OP; /* blocking operation, no timeout */
8521 pSMB->Timeout = cpu_to_le32(-1);/* blocking - do not time out */
8522 } else {
8523 pSMB->Timeout = 0;
8524 @@ -1638,15 +1636,16 @@ CIFSSMBLock(const int xid, struct cifsTconInfo *tcon,
8525 if (waitFlag) {
8526 rc = SendReceiveBlockingLock(xid, tcon, (struct smb_hdr *) pSMB,
8527 (struct smb_hdr *) pSMBr, &bytes_returned);
8528 + cifs_small_buf_release(pSMB);
8529 } else {
8530 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8531 - (struct smb_hdr *) pSMBr, &bytes_returned, timeout);
8532 + rc = SendReceiveNoRsp(xid, tcon->ses, (struct smb_hdr *)pSMB,
8533 + timeout);
8534 + /* SMB buffer freed by function above */
8535 }
8536 cifs_stats_inc(&tcon->num_locks);
8537 if (rc) {
8538 cFYI(1, ("Send error in Lock = %d", rc));
8539 }
8540 - cifs_small_buf_release(pSMB);
8542 /* Note: On -EAGAIN error only caller can retry on handle based calls
8543 since file handle passed in no longer valid */
8544 @@ -1666,7 +1665,9 @@ CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon,
8545 int rc = 0;
8546 int timeout = 0;
8547 int bytes_returned = 0;
8548 + int resp_buf_type = 0;
8549 __u16 params, param_offset, offset, byte_count, count;
8550 + struct kvec iov[1];
8552 cFYI(1, ("Posix Lock"));
8554 @@ -1710,7 +1711,7 @@ CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon,
8556 parm_data->lock_type = cpu_to_le16(lock_type);
8557 if(waitFlag) {
8558 - timeout = 3; /* blocking operation, no timeout */
8559 + timeout = CIFS_BLOCKING_OP; /* blocking operation, no timeout */
8560 parm_data->lock_flags = cpu_to_le16(1);
8561 pSMB->Timeout = cpu_to_le32(-1);
8562 } else
8563 @@ -1730,8 +1731,13 @@ CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon,
8564 rc = SendReceiveBlockingLock(xid, tcon, (struct smb_hdr *) pSMB,
8565 (struct smb_hdr *) pSMBr, &bytes_returned);
8566 } else {
8567 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8568 - (struct smb_hdr *) pSMBr, &bytes_returned, timeout);
8569 + iov[0].iov_base = (char *)pSMB;
8570 + iov[0].iov_len = pSMB->hdr.smb_buf_length + 4;
8571 + rc = SendReceive2(xid, tcon->ses, iov, 1 /* num iovecs */,
8572 + &resp_buf_type, timeout);
8573 + pSMB = NULL; /* request buf already freed by SendReceive2. Do
8574 + not try to free it twice below on exit */
8575 + pSMBr = (struct smb_com_transaction2_sfi_rsp *)iov[0].iov_base;
8576 }
8578 if (rc) {
8579 @@ -1766,6 +1772,11 @@ plk_err_exit:
8580 if (pSMB)
8581 cifs_small_buf_release(pSMB);
8583 + if (resp_buf_type == CIFS_SMALL_BUFFER)
8584 + cifs_small_buf_release(iov[0].iov_base);
8585 + else if (resp_buf_type == CIFS_LARGE_BUFFER)
8586 + cifs_buf_release(iov[0].iov_base);
8587 +
8588 /* Note: On -EAGAIN error only caller can retry on handle based calls
8589 since file handle passed in no longer valid */
8591 @@ -1778,8 +1789,6 @@ CIFSSMBClose(const int xid, struct cifsTconInfo *tcon, int smb_file_id)
8592 {
8593 int rc = 0;
8594 CLOSE_REQ *pSMB = NULL;
8595 - CLOSE_RSP *pSMBr = NULL;
8596 - int bytes_returned;
8597 cFYI(1, ("In CIFSSMBClose"));
8599 /* do not retry on dead session on close */
8600 @@ -1789,13 +1798,10 @@ CIFSSMBClose(const int xid, struct cifsTconInfo *tcon, int smb_file_id)
8601 if (rc)
8602 return rc;
8604 - pSMBr = (CLOSE_RSP *)pSMB; /* BB removeme BB */
8605 -
8606 pSMB->FileID = (__u16) smb_file_id;
8607 pSMB->LastWriteTime = 0xFFFFFFFF;
8608 pSMB->ByteCount = 0;
8609 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8610 - (struct smb_hdr *) pSMBr, &bytes_returned, 0);
8611 + rc = SendReceiveNoRsp(xid, tcon->ses, (struct smb_hdr *) pSMB, 0);
8612 cifs_stats_inc(&tcon->num_closes);
8613 if (rc) {
8614 if(rc!=-EINTR) {
8615 @@ -1804,8 +1810,6 @@ CIFSSMBClose(const int xid, struct cifsTconInfo *tcon, int smb_file_id)
8616 }
8617 }
8619 - cifs_small_buf_release(pSMB);
8620 -
8621 /* Since session is dead, file will be closed on server already */
8622 if(rc == -EAGAIN)
8623 rc = 0;
8624 @@ -2989,7 +2993,8 @@ CIFSSMBGetCIFSACL(const int xid, struct cifsTconInfo *tcon, __u16 fid,
8625 iov[0].iov_base = (char *)pSMB;
8626 iov[0].iov_len = pSMB->hdr.smb_buf_length + 4;
8628 - rc = SendReceive2(xid, tcon->ses, iov, 1 /* num iovec */, &buf_type, 0);
8629 + rc = SendReceive2(xid, tcon->ses, iov, 1 /* num iovec */, &buf_type,
8630 + CIFS_STD_OP);
8631 cifs_stats_inc(&tcon->num_acl_get);
8632 if (rc) {
8633 cFYI(1, ("Send error in QuerySecDesc = %d", rc));
8634 @@ -3634,8 +3639,6 @@ CIFSFindClose(const int xid, struct cifsTconInfo *tcon, const __u16 searchHandle
8635 {
8636 int rc = 0;
8637 FINDCLOSE_REQ *pSMB = NULL;
8638 - CLOSE_RSP *pSMBr = NULL; /* BB removeme BB */
8639 - int bytes_returned;
8641 cFYI(1, ("In CIFSSMBFindClose"));
8642 rc = small_smb_init(SMB_COM_FIND_CLOSE2, 1, tcon, (void **)&pSMB);
8643 @@ -3647,16 +3650,13 @@ CIFSFindClose(const int xid, struct cifsTconInfo *tcon, const __u16 searchHandle
8644 if (rc)
8645 return rc;
8647 - pSMBr = (CLOSE_RSP *)pSMB; /* BB removeme BB */
8648 pSMB->FileID = searchHandle;
8649 pSMB->ByteCount = 0;
8650 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8651 - (struct smb_hdr *) pSMBr, &bytes_returned, 0);
8652 + rc = SendReceiveNoRsp(xid, tcon->ses, (struct smb_hdr *) pSMB, 0);
8653 if (rc) {
8654 cERROR(1, ("Send error in FindClose = %d", rc));
8655 }
8656 cifs_stats_inc(&tcon->num_fclose);
8657 - cifs_small_buf_release(pSMB);
8659 /* Since session is dead, search handle closed on server already */
8660 if (rc == -EAGAIN)
8661 @@ -4571,11 +4571,9 @@ CIFSSMBSetFileSize(const int xid, struct cifsTconInfo *tcon, __u64 size,
8662 __u16 fid, __u32 pid_of_opener, int SetAllocation)
8663 {
8664 struct smb_com_transaction2_sfi_req *pSMB = NULL;
8665 - struct smb_com_transaction2_sfi_rsp *pSMBr = NULL;
8666 char *data_offset;
8667 struct file_end_of_file_info *parm_data;
8668 int rc = 0;
8669 - int bytes_returned = 0;
8670 __u16 params, param_offset, offset, byte_count, count;
8672 cFYI(1, ("SetFileSize (via SetFileInfo) %lld",
8673 @@ -4585,8 +4583,6 @@ CIFSSMBSetFileSize(const int xid, struct cifsTconInfo *tcon, __u64 size,
8674 if (rc)
8675 return rc;
8677 - pSMBr = (struct smb_com_transaction2_sfi_rsp *)pSMB;
8678 -
8679 pSMB->hdr.Pid = cpu_to_le16((__u16)pid_of_opener);
8680 pSMB->hdr.PidHigh = cpu_to_le16((__u16)(pid_of_opener >> 16));
8682 @@ -4637,17 +4633,13 @@ CIFSSMBSetFileSize(const int xid, struct cifsTconInfo *tcon, __u64 size,
8683 pSMB->Reserved4 = 0;
8684 pSMB->hdr.smb_buf_length += byte_count;
8685 pSMB->ByteCount = cpu_to_le16(byte_count);
8686 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8687 - (struct smb_hdr *) pSMBr, &bytes_returned, 0);
8688 + rc = SendReceiveNoRsp(xid, tcon->ses, (struct smb_hdr *) pSMB, 0);
8689 if (rc) {
8690 cFYI(1,
8691 ("Send error in SetFileInfo (SetFileSize) = %d",
8692 rc));
8693 }
8695 - if (pSMB)
8696 - cifs_small_buf_release(pSMB);
8697 -
8698 /* Note: On -EAGAIN error only caller can retry on handle based calls
8699 since file handle passed in no longer valid */
8701 @@ -4665,10 +4657,8 @@ CIFSSMBSetFileTimes(const int xid, struct cifsTconInfo *tcon, const FILE_BASIC_I
8702 __u16 fid)
8703 {
8704 struct smb_com_transaction2_sfi_req *pSMB = NULL;
8705 - struct smb_com_transaction2_sfi_rsp *pSMBr = NULL;
8706 char *data_offset;
8707 int rc = 0;
8708 - int bytes_returned = 0;
8709 __u16 params, param_offset, offset, byte_count, count;
8711 cFYI(1, ("Set Times (via SetFileInfo)"));
8712 @@ -4677,8 +4667,6 @@ CIFSSMBSetFileTimes(const int xid, struct cifsTconInfo *tcon, const FILE_BASIC_I
8713 if (rc)
8714 return rc;
8716 - pSMBr = (struct smb_com_transaction2_sfi_rsp *)pSMB;
8717 -
8718 /* At this point there is no need to override the current pid
8719 with the pid of the opener, but that could change if we someday
8720 use an existing handle (rather than opening one on the fly) */
8721 @@ -4718,14 +4706,11 @@ CIFSSMBSetFileTimes(const int xid, struct cifsTconInfo *tcon, const FILE_BASIC_I
8722 pSMB->hdr.smb_buf_length += byte_count;
8723 pSMB->ByteCount = cpu_to_le16(byte_count);
8724 memcpy(data_offset,data,sizeof(FILE_BASIC_INFO));
8725 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8726 - (struct smb_hdr *) pSMBr, &bytes_returned, 0);
8727 + rc = SendReceiveNoRsp(xid, tcon->ses, (struct smb_hdr *) pSMB, 0);
8728 if (rc) {
8729 cFYI(1,("Send error in Set Time (SetFileInfo) = %d",rc));
8730 }
8732 - cifs_small_buf_release(pSMB);
8733 -
8734 /* Note: On -EAGAIN error only caller can retry on handle based calls
8735 since file handle passed in no longer valid */
8737 @@ -5016,7 +5001,8 @@ int CIFSSMBNotify(const int xid, struct cifsTconInfo *tcon,
8738 pSMB->ByteCount = 0;
8740 rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
8741 - (struct smb_hdr *) pSMBr, &bytes_returned, -1);
8742 + (struct smb_hdr *)pSMBr, &bytes_returned,
8743 + CIFS_ASYNC_OP);
8744 if (rc) {
8745 cFYI(1, ("Error in Notify = %d", rc));
8746 } else {
8747 diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
8748 index f4e9266..8579c9e 100644
8749 --- a/fs/cifs/connect.c
8750 +++ b/fs/cifs/connect.c
8751 @@ -2273,7 +2273,7 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
8752 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
8754 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
8755 - &bytes_returned, 1);
8756 + &bytes_returned, CIFS_LONG_OP);
8757 if (rc) {
8758 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
8759 } else if ((smb_buffer_response->WordCount == 3)
8760 @@ -2559,7 +2559,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
8761 pSMB->req.ByteCount = cpu_to_le16(count);
8763 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
8764 - &bytes_returned, 1);
8765 + &bytes_returned, CIFS_LONG_OP);
8767 if (smb_buffer_response->Status.CifsError ==
8768 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
8769 @@ -2985,7 +2985,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
8770 pSMB->req.ByteCount = cpu_to_le16(count);
8772 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
8773 - &bytes_returned, 1);
8774 + &bytes_returned, CIFS_LONG_OP);
8775 if (rc) {
8776 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
8777 } else if ((smb_buffer_response->WordCount == 3)
8778 @@ -3256,7 +3256,8 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
8779 pSMB->hdr.smb_buf_length += count;
8780 pSMB->ByteCount = cpu_to_le16(count);
8782 - rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
8783 + rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
8784 + CIFS_STD_OP);
8786 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
8787 /* above now done in SendReceive */
8788 diff --git a/fs/cifs/file.c b/fs/cifs/file.c
8789 index 94d5b49..a2c9e7a 100644
8790 --- a/fs/cifs/file.c
8791 +++ b/fs/cifs/file.c
8792 @@ -809,9 +809,9 @@ ssize_t cifs_user_write(struct file *file, const char __user *write_data,
8793 xid = GetXid();
8795 if (*poffset > file->f_path.dentry->d_inode->i_size)
8796 - long_op = 2; /* writes past end of file can take a long time */
8797 + long_op = CIFS_VLONG_OP; /* writes past EOF take long time */
8798 else
8799 - long_op = 1;
8800 + long_op = CIFS_LONG_OP;
8802 for (total_written = 0; write_size > total_written;
8803 total_written += bytes_written) {
8804 @@ -858,7 +858,7 @@ ssize_t cifs_user_write(struct file *file, const char __user *write_data,
8805 }
8806 } else
8807 *poffset += bytes_written;
8808 - long_op = FALSE; /* subsequent writes fast -
8809 + long_op = CIFS_STD_OP; /* subsequent writes fast -
8810 15 seconds is plenty */
8811 }
8813 @@ -908,9 +908,9 @@ static ssize_t cifs_write(struct file *file, const char *write_data,
8814 xid = GetXid();
8816 if (*poffset > file->f_path.dentry->d_inode->i_size)
8817 - long_op = 2; /* writes past end of file can take a long time */
8818 + long_op = CIFS_VLONG_OP; /* writes past EOF can be slow */
8819 else
8820 - long_op = 1;
8821 + long_op = CIFS_LONG_OP;
8823 for (total_written = 0; write_size > total_written;
8824 total_written += bytes_written) {
8825 @@ -976,7 +976,7 @@ static ssize_t cifs_write(struct file *file, const char *write_data,
8826 }
8827 } else
8828 *poffset += bytes_written;
8829 - long_op = FALSE; /* subsequent writes fast -
8830 + long_op = CIFS_STD_OP; /* subsequent writes fast -
8831 15 seconds is plenty */
8832 }
8834 @@ -1276,7 +1276,7 @@ retry:
8835 open_file->netfid,
8836 bytes_to_write, offset,
8837 &bytes_written, iov, n_iov,
8838 - 1);
8839 + CIFS_LONG_OP);
8840 atomic_dec(&open_file->wrtPending);
8841 if (rc || bytes_written < bytes_to_write) {
8842 cERROR(1,("Write2 ret %d, written = %d",
8843 diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
8844 index 7584646..9834895 100644
8845 --- a/fs/cifs/sess.c
8846 +++ b/fs/cifs/sess.c
8847 @@ -489,7 +489,8 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
8849 iov[1].iov_base = str_area;
8850 iov[1].iov_len = count;
8851 - rc = SendReceive2(xid, ses, iov, 2 /* num_iovecs */, &resp_buf_type, 0);
8852 + rc = SendReceive2(xid, ses, iov, 2 /* num_iovecs */, &resp_buf_type,
8853 + CIFS_STD_OP /* not long */ | CIFS_LOG_ERROR);
8854 /* SMB request buf freed in SendReceive2 */
8856 cFYI(1,("ssetup rc from sendrecv2 is %d",rc));
8857 diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c
8858 index 5f46845..473962f 100644
8859 --- a/fs/cifs/transport.c
8860 +++ b/fs/cifs/transport.c
8861 @@ -308,7 +308,7 @@ smb_send2(struct socket *ssocket, struct kvec *iov, int n_vec,
8863 static int wait_for_free_request(struct cifsSesInfo *ses, const int long_op)
8864 {
8865 - if(long_op == -1) {
8866 + if (long_op == CIFS_ASYNC_OP) {
8867 /* oplock breaks must not be held up */
8868 atomic_inc(&ses->server->inFlight);
8869 } else {
8870 @@ -337,7 +337,7 @@ static int wait_for_free_request(struct cifsSesInfo *ses, const int long_op)
8871 they are allowed to block on server */
8873 /* update # of requests on the wire to server */
8874 - if (long_op < 3)
8875 + if (long_op != CIFS_BLOCKING_OP)
8876 atomic_inc(&ses->server->inFlight);
8877 spin_unlock(&GlobalMid_Lock);
8878 break;
8879 @@ -416,17 +416,48 @@ static int wait_for_response(struct cifsSesInfo *ses,
8880 }
8881 }
8883 +
8884 +/*
8885 + *
8886 + * Send an SMB Request. No response info (other than return code)
8887 + * needs to be parsed.
8888 + *
8889 + * flags indicate the type of request buffer and how long to wait
8890 + * and whether to log NT STATUS code (error) before mapping it to POSIX error
8891 + *
8892 + */
8893 +int
8894 +SendReceiveNoRsp(const unsigned int xid, struct cifsSesInfo *ses,
8895 + struct smb_hdr *in_buf, int flags)
8896 +{
8897 + int rc;
8898 + struct kvec iov[1];
8899 + int resp_buf_type;
8900 +
8901 + iov[0].iov_base = (char *)in_buf;
8902 + iov[0].iov_len = in_buf->smb_buf_length + 4;
8903 + flags |= CIFS_NO_RESP;
8904 + rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags);
8905 +#ifdef CONFIG_CIFS_DEBUG2
8906 + cFYI(1, ("SendRcvNoR flags %d rc %d", flags, rc));
8907 +#endif
8908 + return rc;
8909 +}
8910 +
8911 int
8912 SendReceive2(const unsigned int xid, struct cifsSesInfo *ses,
8913 struct kvec *iov, int n_vec, int * pRespBufType /* ret */,
8914 - const int long_op)
8915 + const int flags)
8916 {
8917 int rc = 0;
8918 + int long_op;
8919 unsigned int receive_len;
8920 unsigned long timeout;
8921 struct mid_q_entry *midQ;
8922 struct smb_hdr *in_buf = iov[0].iov_base;
8924 + long_op = flags & CIFS_TIMEOUT_MASK;
8925 +
8926 *pRespBufType = CIFS_NO_BUFFER; /* no response buf yet */
8928 if ((ses == NULL) || (ses->server == NULL)) {
8929 @@ -485,15 +516,22 @@ SendReceive2(const unsigned int xid, struct cifsSesInfo *ses,
8930 if(rc < 0)
8931 goto out;
8933 - if (long_op == -1)
8934 - goto out;
8935 - else if (long_op == 2) /* writes past end of file can take loong time */
8936 + if (long_op == CIFS_STD_OP)
8937 + timeout = 15 * HZ;
8938 + else if (long_op == CIFS_VLONG_OP) /* e.g. slow writes past EOF */
8939 timeout = 180 * HZ;
8940 - else if (long_op == 1)
8941 + else if (long_op == CIFS_LONG_OP)
8942 timeout = 45 * HZ; /* should be greater than
8943 servers oplock break timeout (about 43 seconds) */
8944 - else
8945 - timeout = 15 * HZ;
8946 + else if (long_op == CIFS_ASYNC_OP)
8947 + goto out;
8948 + else if (long_op == CIFS_BLOCKING_OP)
8949 + timeout = 0x7FFFFFFF; /* large, but not so large as to wrap */
8950 + else {
8951 + cERROR(1, ("unknown timeout flag %d", long_op));
8952 + rc = -EIO;
8953 + goto out;
8954 + }
8956 /* wait for 15 seconds or until woken up due to response arriving or
8957 due to last connection to this server being unmounted */
8958 @@ -578,8 +616,10 @@ SendReceive2(const unsigned int xid, struct cifsSesInfo *ses,
8959 (2 * midQ->resp_buf->WordCount) + 2 /* bcc */ )
8960 BCC(midQ->resp_buf) =
8961 le16_to_cpu(BCC_LE(midQ->resp_buf));
8962 - midQ->resp_buf = NULL; /* mark it so will not be freed
8963 - by DeleteMidQEntry */
8964 + if ((flags & CIFS_NO_RESP) == 0)
8965 + midQ->resp_buf = NULL; /* mark it so buf will
8966 + not be freed by
8967 + DeleteMidQEntry */
8968 } else {
8969 rc = -EIO;
8970 cFYI(1,("Bad MID state?"));
8971 @@ -667,17 +707,25 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses,
8972 if(rc < 0)
8973 goto out;
8975 - if (long_op == -1)
8976 + if (long_op == CIFS_STD_OP)
8977 + timeout = 15 * HZ;
8978 + /* wait for 15 seconds or until woken up due to response arriving or
8979 + due to last connection to this server being unmounted */
8980 + else if (long_op == CIFS_ASYNC_OP)
8981 goto out;
8982 - else if (long_op == 2) /* writes past end of file can take loong time */
8983 + else if (long_op == CIFS_VLONG_OP) /* writes past EOF can be slow */
8984 timeout = 180 * HZ;
8985 - else if (long_op == 1)
8986 + else if (long_op == CIFS_LONG_OP)
8987 timeout = 45 * HZ; /* should be greater than
8988 servers oplock break timeout (about 43 seconds) */
8989 - else
8990 - timeout = 15 * HZ;
8991 - /* wait for 15 seconds or until woken up due to response arriving or
8992 - due to last connection to this server being unmounted */
8993 + else if (long_op == CIFS_BLOCKING_OP)
8994 + timeout = 0x7FFFFFFF; /* large but no so large as to wrap */
8995 + else {
8996 + cERROR(1, ("unknown timeout flag %d", long_op));
8997 + rc = -EIO;
8998 + goto out;
8999 + }
9000 +
9001 if (signal_pending(current)) {
9002 /* if signal pending do not hold up user for full smb timeout
9003 but we still give response a chance to complete */
9004 @@ -817,7 +865,7 @@ send_lock_cancel(const unsigned int xid, struct cifsTconInfo *tcon,
9005 pSMB->hdr.Mid = GetNextMid(ses->server);
9007 return SendReceive(xid, ses, in_buf, out_buf,
9008 - &bytes_returned, 0);
9009 + &bytes_returned, CIFS_STD_OP);
9010 }
9012 int
9013 @@ -849,7 +897,7 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon,
9014 to the same server. We may make this configurable later or
9015 use ses->maxReq */
9017 - rc = wait_for_free_request(ses, 3);
9018 + rc = wait_for_free_request(ses, CIFS_BLOCKING_OP);
9019 if (rc)
9020 return rc;
9022 diff --git a/fs/direct-io.c b/fs/direct-io.c
9023 index 52bb263..6874785 100644
9024 --- a/fs/direct-io.c
9025 +++ b/fs/direct-io.c
9026 @@ -974,6 +974,7 @@ direct_io_worker(int rw, struct kiocb *iocb, struct inode *inode,
9027 dio->get_block = get_block;
9028 dio->end_io = end_io;
9029 dio->map_bh.b_private = NULL;
9030 + dio->map_bh.b_state = 0;
9031 dio->final_block_in_bio = -1;
9032 dio->next_block_for_io = -1;
9034 diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
9035 index 83e94fe..9c6877c 100644
9036 --- a/fs/ecryptfs/inode.c
9037 +++ b/fs/ecryptfs/inode.c
9038 @@ -902,8 +902,9 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
9039 mutex_lock(&crypt_stat->cs_mutex);
9040 if (S_ISDIR(dentry->d_inode->i_mode))
9041 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
9042 - else if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
9043 - || !(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
9044 + else if (S_ISREG(dentry->d_inode->i_mode)
9045 + && (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
9046 + || !(crypt_stat->flags & ECRYPTFS_KEY_VALID))) {
9047 struct vfsmount *lower_mnt;
9048 struct file *lower_file = NULL;
9049 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
9050 diff --git a/fs/exec.c b/fs/exec.c
9051 index f20561f..224e973 100644
9052 --- a/fs/exec.c
9053 +++ b/fs/exec.c
9054 @@ -586,18 +586,12 @@ static int de_thread(struct task_struct *tsk)
9055 int count;
9057 /*
9058 - * Tell all the sighand listeners that this sighand has
9059 - * been detached. The signalfd_detach() function grabs the
9060 - * sighand lock, if signal listeners are present on the sighand.
9061 - */
9062 - signalfd_detach(tsk);
9063 -
9064 - /*
9065 * If we don't share sighandlers, then we aren't sharing anything
9066 * and we can just re-use it all.
9067 */
9068 if (atomic_read(&oldsighand->count) <= 1) {
9069 BUG_ON(atomic_read(&sig->count) != 1);
9070 + signalfd_detach(tsk);
9071 exit_itimers(sig);
9072 return 0;
9073 }
9074 @@ -736,6 +730,7 @@ static int de_thread(struct task_struct *tsk)
9075 sig->flags = 0;
9077 no_thread_group:
9078 + signalfd_detach(tsk);
9079 exit_itimers(sig);
9080 if (leader)
9081 release_task(leader);
9082 @@ -890,9 +885,12 @@ int flush_old_exec(struct linux_binprm * bprm)
9083 */
9084 current->mm->task_size = TASK_SIZE;
9086 - if (bprm->e_uid != current->euid || bprm->e_gid != current->egid ||
9087 - file_permission(bprm->file, MAY_READ) ||
9088 - (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
9089 + if (bprm->e_uid != current->euid || bprm->e_gid != current->egid) {
9090 + suid_keys(current);
9091 + current->mm->dumpable = suid_dumpable;
9092 + current->pdeath_signal = 0;
9093 + } else if (file_permission(bprm->file, MAY_READ) ||
9094 + (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
9095 suid_keys(current);
9096 current->mm->dumpable = suid_dumpable;
9097 }
9098 @@ -983,8 +981,10 @@ void compute_creds(struct linux_binprm *bprm)
9099 {
9100 int unsafe;
9102 - if (bprm->e_uid != current->uid)
9103 + if (bprm->e_uid != current->uid) {
9104 suid_keys(current);
9105 + current->pdeath_signal = 0;
9106 + }
9107 exec_keys(current);
9109 task_lock(current);
9110 @@ -1561,6 +1561,12 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
9111 but keep the previous behaviour for now. */
9112 if (!ispipe && !S_ISREG(inode->i_mode))
9113 goto close_fail;
9114 + /*
9115 + * Dont allow local users get cute and trick others to coredump
9116 + * into their pre-created files:
9117 + */
9118 + if (inode->i_uid != current->fsuid)
9119 + goto close_fail;
9120 if (!file->f_op)
9121 goto close_fail;
9122 if (!file->f_op->write)
9123 diff --git a/fs/ext3/namei.c b/fs/ext3/namei.c
9124 index 9bb046d..e54eb5f 100644
9125 --- a/fs/ext3/namei.c
9126 +++ b/fs/ext3/namei.c
9127 @@ -140,7 +140,8 @@ struct dx_frame
9128 struct dx_map_entry
9129 {
9130 u32 hash;
9131 - u32 offs;
9132 + u16 offs;
9133 + u16 size;
9134 };
9136 #ifdef CONFIG_EXT3_INDEX
9137 @@ -379,13 +380,28 @@ dx_probe(struct dentry *dentry, struct inode *dir,
9139 entries = (struct dx_entry *) (((char *)&root->info) +
9140 root->info.info_length);
9141 - assert(dx_get_limit(entries) == dx_root_limit(dir,
9142 - root->info.info_length));
9143 +
9144 + if (dx_get_limit(entries) != dx_root_limit(dir,
9145 + root->info.info_length)) {
9146 + ext3_warning(dir->i_sb, __FUNCTION__,
9147 + "dx entry: limit != root limit");
9148 + brelse(bh);
9149 + *err = ERR_BAD_DX_DIR;
9150 + goto fail;
9151 + }
9152 +
9153 dxtrace (printk("Look up %x", hash));
9154 while (1)
9155 {
9156 count = dx_get_count(entries);
9157 - assert (count && count <= dx_get_limit(entries));
9158 + if (!count || count > dx_get_limit(entries)) {
9159 + ext3_warning(dir->i_sb, __FUNCTION__,
9160 + "dx entry: no count or count > limit");
9161 + brelse(bh);
9162 + *err = ERR_BAD_DX_DIR;
9163 + goto fail2;
9164 + }
9165 +
9166 p = entries + 1;
9167 q = entries + count - 1;
9168 while (p <= q)
9169 @@ -423,8 +439,15 @@ dx_probe(struct dentry *dentry, struct inode *dir,
9170 if (!(bh = ext3_bread (NULL,dir, dx_get_block(at), 0, err)))
9171 goto fail2;
9172 at = entries = ((struct dx_node *) bh->b_data)->entries;
9173 - assert (dx_get_limit(entries) == dx_node_limit (dir));
9174 + if (dx_get_limit(entries) != dx_node_limit (dir)) {
9175 + ext3_warning(dir->i_sb, __FUNCTION__,
9176 + "dx entry: limit != node limit");
9177 + brelse(bh);
9178 + *err = ERR_BAD_DX_DIR;
9179 + goto fail2;
9180 + }
9181 frame++;
9182 + frame->bh = NULL;
9183 }
9184 fail2:
9185 while (frame >= frame_in) {
9186 @@ -432,6 +455,10 @@ fail2:
9187 frame--;
9188 }
9189 fail:
9190 + if (*err == ERR_BAD_DX_DIR)
9191 + ext3_warning(dir->i_sb, __FUNCTION__,
9192 + "Corrupt dir inode %ld, running e2fsck is "
9193 + "recommended.", dir->i_ino);
9194 return NULL;
9195 }
9197 @@ -671,6 +698,10 @@ errout:
9198 * Directory block splitting, compacting
9199 */
9201 +/*
9202 + * Create map of hash values, offsets, and sizes, stored at end of block.
9203 + * Returns number of entries mapped.
9204 + */
9205 static int dx_make_map (struct ext3_dir_entry_2 *de, int size,
9206 struct dx_hash_info *hinfo, struct dx_map_entry *map_tail)
9207 {
9208 @@ -684,7 +715,8 @@ static int dx_make_map (struct ext3_dir_entry_2 *de, int size,
9209 ext3fs_dirhash(de->name, de->name_len, &h);
9210 map_tail--;
9211 map_tail->hash = h.hash;
9212 - map_tail->offs = (u32) ((char *) de - base);
9213 + map_tail->offs = (u16) ((char *) de - base);
9214 + map_tail->size = le16_to_cpu(de->rec_len);
9215 count++;
9216 cond_resched();
9217 }
9218 @@ -694,6 +726,7 @@ static int dx_make_map (struct ext3_dir_entry_2 *de, int size,
9219 return count;
9220 }
9222 +/* Sort map by hash value */
9223 static void dx_sort_map (struct dx_map_entry *map, unsigned count)
9224 {
9225 struct dx_map_entry *p, *q, *top = map + count - 1;
9226 @@ -1081,6 +1114,10 @@ static inline void ext3_set_de_type(struct super_block *sb,
9227 }
9229 #ifdef CONFIG_EXT3_INDEX
9230 +/*
9231 + * Move count entries from end of map between two memory locations.
9232 + * Returns pointer to last entry moved.
9233 + */
9234 static struct ext3_dir_entry_2 *
9235 dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count)
9236 {
9237 @@ -1099,6 +1136,10 @@ dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count)
9238 return (struct ext3_dir_entry_2 *) (to - rec_len);
9239 }
9241 +/*
9242 + * Compact each dir entry in the range to the minimal rec_len.
9243 + * Returns pointer to last entry in range.
9244 + */
9245 static struct ext3_dir_entry_2* dx_pack_dirents(char *base, int size)
9246 {
9247 struct ext3_dir_entry_2 *next, *to, *prev, *de = (struct ext3_dir_entry_2 *) base;
9248 @@ -1121,6 +1162,11 @@ static struct ext3_dir_entry_2* dx_pack_dirents(char *base, int size)
9249 return prev;
9250 }
9252 +/*
9253 + * Split a full leaf block to make room for a new dir entry.
9254 + * Allocate a new block, and move entries so that they are approx. equally full.
9255 + * Returns pointer to de in block into which the new entry will be inserted.
9256 + */
9257 static struct ext3_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
9258 struct buffer_head **bh,struct dx_frame *frame,
9259 struct dx_hash_info *hinfo, int *error)
9260 @@ -1132,7 +1178,7 @@ static struct ext3_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
9261 u32 hash2;
9262 struct dx_map_entry *map;
9263 char *data1 = (*bh)->b_data, *data2;
9264 - unsigned split;
9265 + unsigned split, move, size, i;
9266 struct ext3_dir_entry_2 *de = NULL, *de2;
9267 int err = 0;
9269 @@ -1160,8 +1206,19 @@ static struct ext3_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
9270 count = dx_make_map ((struct ext3_dir_entry_2 *) data1,
9271 blocksize, hinfo, map);
9272 map -= count;
9273 - split = count/2; // need to adjust to actual middle
9274 dx_sort_map (map, count);
9275 + /* Split the existing block in the middle, size-wise */
9276 + size = 0;
9277 + move = 0;
9278 + for (i = count-1; i >= 0; i--) {
9279 + /* is more than half of this entry in 2nd half of the block? */
9280 + if (size + map[i].size/2 > blocksize/2)
9281 + break;
9282 + size += map[i].size;
9283 + move++;
9284 + }
9285 + /* map index at which we will split */
9286 + split = count - move;
9287 hash2 = map[split].hash;
9288 continued = hash2 == map[split - 1].hash;
9289 dxtrace(printk("Split block %i at %x, %i/%i\n",
9290 diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
9291 index b9ce241..fd10229 100644
9292 --- a/fs/ext4/extents.c
9293 +++ b/fs/ext4/extents.c
9294 @@ -1445,7 +1445,7 @@ int ext4_ext_walk_space(struct inode *inode, unsigned long block,
9296 static void
9297 ext4_ext_put_in_cache(struct inode *inode, __u32 block,
9298 - __u32 len, __u32 start, int type)
9299 + __u32 len, ext4_fsblk_t start, int type)
9300 {
9301 struct ext4_ext_cache *cex;
9302 BUG_ON(len == 0);
9303 diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
9304 index 2811e57..7bb8d7c 100644
9305 --- a/fs/ext4/namei.c
9306 +++ b/fs/ext4/namei.c
9307 @@ -140,7 +140,8 @@ struct dx_frame
9308 struct dx_map_entry
9309 {
9310 u32 hash;
9311 - u32 offs;
9312 + u16 offs;
9313 + u16 size;
9314 };
9316 #ifdef CONFIG_EXT4_INDEX
9317 @@ -379,13 +380,28 @@ dx_probe(struct dentry *dentry, struct inode *dir,
9319 entries = (struct dx_entry *) (((char *)&root->info) +
9320 root->info.info_length);
9321 - assert(dx_get_limit(entries) == dx_root_limit(dir,
9322 - root->info.info_length));
9323 +
9324 + if (dx_get_limit(entries) != dx_root_limit(dir,
9325 + root->info.info_length)) {
9326 + ext4_warning(dir->i_sb, __FUNCTION__,
9327 + "dx entry: limit != root limit");
9328 + brelse(bh);
9329 + *err = ERR_BAD_DX_DIR;
9330 + goto fail;
9331 + }
9332 +
9333 dxtrace (printk("Look up %x", hash));
9334 while (1)
9335 {
9336 count = dx_get_count(entries);
9337 - assert (count && count <= dx_get_limit(entries));
9338 + if (!count || count > dx_get_limit(entries)) {
9339 + ext4_warning(dir->i_sb, __FUNCTION__,
9340 + "dx entry: no count or count > limit");
9341 + brelse(bh);
9342 + *err = ERR_BAD_DX_DIR;
9343 + goto fail2;
9344 + }
9345 +
9346 p = entries + 1;
9347 q = entries + count - 1;
9348 while (p <= q)
9349 @@ -423,8 +439,15 @@ dx_probe(struct dentry *dentry, struct inode *dir,
9350 if (!(bh = ext4_bread (NULL,dir, dx_get_block(at), 0, err)))
9351 goto fail2;
9352 at = entries = ((struct dx_node *) bh->b_data)->entries;
9353 - assert (dx_get_limit(entries) == dx_node_limit (dir));
9354 + if (dx_get_limit(entries) != dx_node_limit (dir)) {
9355 + ext4_warning(dir->i_sb, __FUNCTION__,
9356 + "dx entry: limit != node limit");
9357 + brelse(bh);
9358 + *err = ERR_BAD_DX_DIR;
9359 + goto fail2;
9360 + }
9361 frame++;
9362 + frame->bh = NULL;
9363 }
9364 fail2:
9365 while (frame >= frame_in) {
9366 @@ -432,6 +455,10 @@ fail2:
9367 frame--;
9368 }
9369 fail:
9370 + if (*err == ERR_BAD_DX_DIR)
9371 + ext4_warning(dir->i_sb, __FUNCTION__,
9372 + "Corrupt dir inode %ld, running e2fsck is "
9373 + "recommended.", dir->i_ino);
9374 return NULL;
9375 }
9377 @@ -671,6 +698,10 @@ errout:
9378 * Directory block splitting, compacting
9379 */
9381 +/*
9382 + * Create map of hash values, offsets, and sizes, stored at end of block.
9383 + * Returns number of entries mapped.
9384 + */
9385 static int dx_make_map (struct ext4_dir_entry_2 *de, int size,
9386 struct dx_hash_info *hinfo, struct dx_map_entry *map_tail)
9387 {
9388 @@ -684,7 +715,8 @@ static int dx_make_map (struct ext4_dir_entry_2 *de, int size,
9389 ext4fs_dirhash(de->name, de->name_len, &h);
9390 map_tail--;
9391 map_tail->hash = h.hash;
9392 - map_tail->offs = (u32) ((char *) de - base);
9393 + map_tail->offs = (u16) ((char *) de - base);
9394 + map_tail->size = le16_to_cpu(de->rec_len);
9395 count++;
9396 cond_resched();
9397 }
9398 @@ -694,6 +726,7 @@ static int dx_make_map (struct ext4_dir_entry_2 *de, int size,
9399 return count;
9400 }
9402 +/* Sort map by hash value */
9403 static void dx_sort_map (struct dx_map_entry *map, unsigned count)
9404 {
9405 struct dx_map_entry *p, *q, *top = map + count - 1;
9406 @@ -1079,6 +1112,10 @@ static inline void ext4_set_de_type(struct super_block *sb,
9407 }
9409 #ifdef CONFIG_EXT4_INDEX
9410 +/*
9411 + * Move count entries from end of map between two memory locations.
9412 + * Returns pointer to last entry moved.
9413 + */
9414 static struct ext4_dir_entry_2 *
9415 dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count)
9416 {
9417 @@ -1097,6 +1134,10 @@ dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count)
9418 return (struct ext4_dir_entry_2 *) (to - rec_len);
9419 }
9421 +/*
9422 + * Compact each dir entry in the range to the minimal rec_len.
9423 + * Returns pointer to last entry in range.
9424 + */
9425 static struct ext4_dir_entry_2* dx_pack_dirents(char *base, int size)
9426 {
9427 struct ext4_dir_entry_2 *next, *to, *prev, *de = (struct ext4_dir_entry_2 *) base;
9428 @@ -1119,6 +1160,11 @@ static struct ext4_dir_entry_2* dx_pack_dirents(char *base, int size)
9429 return prev;
9430 }
9432 +/*
9433 + * Split a full leaf block to make room for a new dir entry.
9434 + * Allocate a new block, and move entries so that they are approx. equally full.
9435 + * Returns pointer to de in block into which the new entry will be inserted.
9436 + */
9437 static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
9438 struct buffer_head **bh,struct dx_frame *frame,
9439 struct dx_hash_info *hinfo, int *error)
9440 @@ -1130,7 +1176,7 @@ static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
9441 u32 hash2;
9442 struct dx_map_entry *map;
9443 char *data1 = (*bh)->b_data, *data2;
9444 - unsigned split;
9445 + unsigned split, move, size, i;
9446 struct ext4_dir_entry_2 *de = NULL, *de2;
9447 int err = 0;
9449 @@ -1158,8 +1204,19 @@ static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
9450 count = dx_make_map ((struct ext4_dir_entry_2 *) data1,
9451 blocksize, hinfo, map);
9452 map -= count;
9453 - split = count/2; // need to adjust to actual middle
9454 dx_sort_map (map, count);
9455 + /* Split the existing block in the middle, size-wise */
9456 + size = 0;
9457 + move = 0;
9458 + for (i = count-1; i >= 0; i--) {
9459 + /* is more than half of this entry in 2nd half of the block? */
9460 + if (size + map[i].size/2 > blocksize/2)
9461 + break;
9462 + size += map[i].size;
9463 + move++;
9464 + }
9465 + /* map index at which we will split */
9466 + split = count - move;
9467 hash2 = map[split].hash;
9468 continued = hash2 == map[split - 1].hash;
9469 dxtrace(printk("Split block %i at %x, %i/%i\n",
9470 diff --git a/fs/jbd/commit.c b/fs/jbd/commit.c
9471 index 1facfaf..a003d50 100644
9472 --- a/fs/jbd/commit.c
9473 +++ b/fs/jbd/commit.c
9474 @@ -887,7 +887,8 @@ restart_loop:
9475 journal->j_committing_transaction = NULL;
9476 spin_unlock(&journal->j_state_lock);
9478 - if (commit_transaction->t_checkpoint_list == NULL) {
9479 + if (commit_transaction->t_checkpoint_list == NULL &&
9480 + commit_transaction->t_checkpoint_io_list == NULL) {
9481 __journal_drop_transaction(journal, commit_transaction);
9482 } else {
9483 if (journal->j_checkpoint_transactions == NULL) {
9484 diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c
9485 index 2856e11..c0f59d1 100644
9486 --- a/fs/jbd2/commit.c
9487 +++ b/fs/jbd2/commit.c
9488 @@ -896,7 +896,8 @@ restart_loop:
9489 journal->j_committing_transaction = NULL;
9490 spin_unlock(&journal->j_state_lock);
9492 - if (commit_transaction->t_checkpoint_list == NULL) {
9493 + if (commit_transaction->t_checkpoint_list == NULL &&
9494 + commit_transaction->t_checkpoint_io_list == NULL) {
9495 __jbd2_journal_drop_transaction(journal, commit_transaction);
9496 } else {
9497 if (journal->j_checkpoint_transactions == NULL) {
9498 diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c
9499 index 1d3b7a9..8bc727b 100644
9500 --- a/fs/jffs2/fs.c
9501 +++ b/fs/jffs2/fs.c
9502 @@ -627,7 +627,7 @@ unsigned char *jffs2_gc_fetch_page(struct jffs2_sb_info *c,
9503 struct inode *inode = OFNI_EDONI_2SFFJ(f);
9504 struct page *pg;
9506 - pg = read_cache_page(inode->i_mapping, offset >> PAGE_CACHE_SHIFT,
9507 + pg = read_cache_page_async(inode->i_mapping, offset >> PAGE_CACHE_SHIFT,
9508 (void *)jffs2_do_readpage_unlock, inode);
9509 if (IS_ERR(pg))
9510 return (void *)pg;
9511 diff --git a/fs/jffs2/write.c b/fs/jffs2/write.c
9512 index c9fe0ab..1b68a52 100644
9513 --- a/fs/jffs2/write.c
9514 +++ b/fs/jffs2/write.c
9515 @@ -553,6 +553,9 @@ int jffs2_do_unlink(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f,
9516 struct jffs2_full_dirent **prev = &dir_f->dents;
9517 uint32_t nhash = full_name_hash(name, namelen);
9519 + /* We don't actually want to reserve any space, but we do
9520 + want to be holding the alloc_sem when we write to flash */
9521 + down(&c->alloc_sem);
9522 down(&dir_f->sem);
9524 while ((*prev) && (*prev)->nhash <= nhash) {
9525 diff --git a/fs/lockd/svclock.c b/fs/lockd/svclock.c
9526 index b3efa45..7b951a2 100644
9527 --- a/fs/lockd/svclock.c
9528 +++ b/fs/lockd/svclock.c
9529 @@ -171,19 +171,14 @@ found:
9530 * GRANTED_RES message by cookie, without having to rely on the client's IP
9531 * address. --okir
9532 */
9533 -static inline struct nlm_block *
9534 -nlmsvc_create_block(struct svc_rqst *rqstp, struct nlm_file *file,
9535 - struct nlm_lock *lock, struct nlm_cookie *cookie)
9536 +static struct nlm_block *
9537 +nlmsvc_create_block(struct svc_rqst *rqstp, struct nlm_host *host,
9538 + struct nlm_file *file, struct nlm_lock *lock,
9539 + struct nlm_cookie *cookie)
9540 {
9541 struct nlm_block *block;
9542 - struct nlm_host *host;
9543 struct nlm_rqst *call = NULL;
9545 - /* Create host handle for callback */
9546 - host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len);
9547 - if (host == NULL)
9548 - return NULL;
9549 -
9550 call = nlm_alloc_call(host);
9551 if (call == NULL)
9552 return NULL;
9553 @@ -366,6 +361,7 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file,
9554 struct nlm_lock *lock, int wait, struct nlm_cookie *cookie)
9555 {
9556 struct nlm_block *block = NULL;
9557 + struct nlm_host *host;
9558 int error;
9559 __be32 ret;
9561 @@ -377,6 +373,10 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file,
9562 (long long)lock->fl.fl_end,
9563 wait);
9565 + /* Create host handle for callback */
9566 + host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len);
9567 + if (host == NULL)
9568 + return nlm_lck_denied_nolocks;
9570 /* Lock file against concurrent access */
9571 mutex_lock(&file->f_mutex);
9572 @@ -385,7 +385,8 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file,
9573 */
9574 block = nlmsvc_lookup_block(file, lock);
9575 if (block == NULL) {
9576 - block = nlmsvc_create_block(rqstp, file, lock, cookie);
9577 + block = nlmsvc_create_block(rqstp, nlm_get_host(host), file,
9578 + lock, cookie);
9579 ret = nlm_lck_denied_nolocks;
9580 if (block == NULL)
9581 goto out;
9582 @@ -449,6 +450,7 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file,
9583 out:
9584 mutex_unlock(&file->f_mutex);
9585 nlmsvc_release_block(block);
9586 + nlm_release_host(host);
9587 dprintk("lockd: nlmsvc_lock returned %u\n", ret);
9588 return ret;
9589 }
9590 @@ -477,10 +479,17 @@ nlmsvc_testlock(struct svc_rqst *rqstp, struct nlm_file *file,
9592 if (block == NULL) {
9593 struct file_lock *conf = kzalloc(sizeof(*conf), GFP_KERNEL);
9594 + struct nlm_host *host;
9596 if (conf == NULL)
9597 return nlm_granted;
9598 - block = nlmsvc_create_block(rqstp, file, lock, cookie);
9599 + /* Create host handle for callback */
9600 + host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len);
9601 + if (host == NULL) {
9602 + kfree(conf);
9603 + return nlm_lck_denied_nolocks;
9604 + }
9605 + block = nlmsvc_create_block(rqstp, host, file, lock, cookie);
9606 if (block == NULL) {
9607 kfree(conf);
9608 return nlm_granted;
9609 diff --git a/fs/locks.c b/fs/locks.c
9610 index 431a8b8..6428605 100644
9611 --- a/fs/locks.c
9612 +++ b/fs/locks.c
9613 @@ -786,7 +786,7 @@ find_conflict:
9614 if (request->fl_flags & FL_ACCESS)
9615 goto out;
9616 locks_copy_lock(new_fl, request);
9617 - locks_insert_lock(&inode->i_flock, new_fl);
9618 + locks_insert_lock(before, new_fl);
9619 new_fl = NULL;
9620 error = 0;
9622 diff --git a/fs/minix/itree_v1.c b/fs/minix/itree_v1.c
9623 index 1a5f3bf..82d6554 100644
9624 --- a/fs/minix/itree_v1.c
9625 +++ b/fs/minix/itree_v1.c
9626 @@ -23,11 +23,16 @@ static inline block_t *i_data(struct inode *inode)
9627 static int block_to_path(struct inode * inode, long block, int offsets[DEPTH])
9628 {
9629 int n = 0;
9630 + char b[BDEVNAME_SIZE];
9632 if (block < 0) {
9633 - printk("minix_bmap: block<0\n");
9634 + printk("MINIX-fs: block_to_path: block %ld < 0 on dev %s\n",
9635 + block, bdevname(inode->i_sb->s_bdev, b));
9636 } else if (block >= (minix_sb(inode->i_sb)->s_max_size/BLOCK_SIZE)) {
9637 - printk("minix_bmap: block>big\n");
9638 + if (printk_ratelimit())
9639 + printk("MINIX-fs: block_to_path: "
9640 + "block %ld too big on dev %s\n",
9641 + block, bdevname(inode->i_sb->s_bdev, b));
9642 } else if (block < 7) {
9643 offsets[n++] = block;
9644 } else if ((block -= 7) < 512) {
9645 diff --git a/fs/minix/itree_v2.c b/fs/minix/itree_v2.c
9646 index ad8f0de..f230109 100644
9647 --- a/fs/minix/itree_v2.c
9648 +++ b/fs/minix/itree_v2.c
9649 @@ -23,12 +23,17 @@ static inline block_t *i_data(struct inode *inode)
9650 static int block_to_path(struct inode * inode, long block, int offsets[DEPTH])
9651 {
9652 int n = 0;
9653 + char b[BDEVNAME_SIZE];
9654 struct super_block *sb = inode->i_sb;
9656 if (block < 0) {
9657 - printk("minix_bmap: block<0\n");
9658 + printk("MINIX-fs: block_to_path: block %ld < 0 on dev %s\n",
9659 + block, bdevname(sb->s_bdev, b));
9660 } else if (block >= (minix_sb(inode->i_sb)->s_max_size/sb->s_blocksize)) {
9661 - printk("minix_bmap: block>big\n");
9662 + if (printk_ratelimit())
9663 + printk("MINIX-fs: block_to_path: "
9664 + "block %ld too big on dev %s\n",
9665 + block, bdevname(sb->s_bdev, b));
9666 } else if (block < 7) {
9667 offsets[n++] = block;
9668 } else if ((block -= 7) < 256) {
9669 diff --git a/fs/namei.c b/fs/namei.c
9670 index 5e2d98d..8e209ce 100644
9671 --- a/fs/namei.c
9672 +++ b/fs/namei.c
9673 @@ -1543,7 +1543,7 @@ int may_open(struct nameidata *nd, int acc_mode, int flag)
9674 if (S_ISLNK(inode->i_mode))
9675 return -ELOOP;
9677 - if (S_ISDIR(inode->i_mode) && (flag & FMODE_WRITE))
9678 + if (S_ISDIR(inode->i_mode) && (acc_mode & MAY_WRITE))
9679 return -EISDIR;
9681 error = vfs_permission(nd, acc_mode);
9682 @@ -1562,7 +1562,7 @@ int may_open(struct nameidata *nd, int acc_mode, int flag)
9683 return -EACCES;
9685 flag &= ~O_TRUNC;
9686 - } else if (IS_RDONLY(inode) && (flag & FMODE_WRITE))
9687 + } else if (IS_RDONLY(inode) && (acc_mode & MAY_WRITE))
9688 return -EROFS;
9689 /*
9690 * An append-only file must be opened in append mode for writing.
9691 diff --git a/fs/ncpfs/mmap.c b/fs/ncpfs/mmap.c
9692 index 70a6911..f87de97 100644
9693 --- a/fs/ncpfs/mmap.c
9694 +++ b/fs/ncpfs/mmap.c
9695 @@ -47,9 +47,6 @@ static struct page* ncp_file_mmap_nopage(struct vm_area_struct *area,
9696 pos = address - area->vm_start + (area->vm_pgoff << PAGE_SHIFT);
9698 count = PAGE_SIZE;
9699 - if (address + PAGE_SIZE > area->vm_end) {
9700 - count = area->vm_end - address;
9701 - }
9702 /* what we can read in one go */
9703 bufsize = NCP_SERVER(inode)->buffer_size;
9705 diff --git a/fs/nfs/client.c b/fs/nfs/client.c
9706 index 881fa49..b6fd8a7 100644
9707 --- a/fs/nfs/client.c
9708 +++ b/fs/nfs/client.c
9709 @@ -433,9 +433,6 @@ static int nfs_create_rpc_client(struct nfs_client *clp, int proto,
9710 */
9711 static void nfs_destroy_server(struct nfs_server *server)
9712 {
9713 - if (!IS_ERR(server->client_acl))
9714 - rpc_shutdown_client(server->client_acl);
9715 -
9716 if (!(server->flags & NFS_MOUNT_NONLM))
9717 lockd_down(); /* release rpc.lockd */
9718 }
9719 @@ -614,16 +611,6 @@ static int nfs_init_server(struct nfs_server *server, const struct nfs_mount_dat
9720 server->namelen = data->namlen;
9721 /* Create a client RPC handle for the NFSv3 ACL management interface */
9722 nfs_init_server_aclclient(server);
9723 - if (clp->cl_nfsversion == 3) {
9724 - if (server->namelen == 0 || server->namelen > NFS3_MAXNAMLEN)
9725 - server->namelen = NFS3_MAXNAMLEN;
9726 - if (!(data->flags & NFS_MOUNT_NORDIRPLUS))
9727 - server->caps |= NFS_CAP_READDIRPLUS;
9728 - } else {
9729 - if (server->namelen == 0 || server->namelen > NFS2_MAXNAMLEN)
9730 - server->namelen = NFS2_MAXNAMLEN;
9731 - }
9732 -
9733 dprintk("<-- nfs_init_server() = 0 [new %p]\n", clp);
9734 return 0;
9736 @@ -781,6 +768,9 @@ void nfs_free_server(struct nfs_server *server)
9738 if (server->destroy != NULL)
9739 server->destroy(server);
9740 +
9741 + if (!IS_ERR(server->client_acl))
9742 + rpc_shutdown_client(server->client_acl);
9743 if (!IS_ERR(server->client))
9744 rpc_shutdown_client(server->client);
9746 @@ -820,6 +810,16 @@ struct nfs_server *nfs_create_server(const struct nfs_mount_data *data,
9747 error = nfs_probe_fsinfo(server, mntfh, &fattr);
9748 if (error < 0)
9749 goto error;
9750 + if (server->nfs_client->rpc_ops->version == 3) {
9751 + if (server->namelen == 0 || server->namelen > NFS3_MAXNAMLEN)
9752 + server->namelen = NFS3_MAXNAMLEN;
9753 + if (!(data->flags & NFS_MOUNT_NORDIRPLUS))
9754 + server->caps |= NFS_CAP_READDIRPLUS;
9755 + } else {
9756 + if (server->namelen == 0 || server->namelen > NFS2_MAXNAMLEN)
9757 + server->namelen = NFS2_MAXNAMLEN;
9758 + }
9759 +
9760 if (!(fattr.valid & NFS_ATTR_FATTR)) {
9761 error = server->nfs_client->rpc_ops->getattr(server, mntfh, &fattr);
9762 if (error < 0) {
9763 @@ -1010,6 +1010,9 @@ struct nfs_server *nfs4_create_server(const struct nfs4_mount_data *data,
9764 if (error < 0)
9765 goto error;
9767 + if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN)
9768 + server->namelen = NFS4_MAXNAMLEN;
9769 +
9770 BUG_ON(!server->nfs_client);
9771 BUG_ON(!server->nfs_client->rpc_ops);
9772 BUG_ON(!server->nfs_client->rpc_ops->file_inode_ops);
9773 @@ -1082,6 +1085,9 @@ struct nfs_server *nfs4_create_referral_server(struct nfs_clone_mount *data,
9774 if (error < 0)
9775 goto error;
9777 + if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN)
9778 + server->namelen = NFS4_MAXNAMLEN;
9779 +
9780 dprintk("Referral FSID: %llx:%llx\n",
9781 (unsigned long long) server->fsid.major,
9782 (unsigned long long) server->fsid.minor);
9783 @@ -1141,6 +1147,9 @@ struct nfs_server *nfs_clone_server(struct nfs_server *source,
9784 if (error < 0)
9785 goto out_free_server;
9787 + if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN)
9788 + server->namelen = NFS4_MAXNAMLEN;
9789 +
9790 dprintk("Cloned FSID: %llx:%llx\n",
9791 (unsigned long long) server->fsid.major,
9792 (unsigned long long) server->fsid.minor);
9793 diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
9794 index c27258b..db1d6b9 100644
9795 --- a/fs/nfs/dir.c
9796 +++ b/fs/nfs/dir.c
9797 @@ -897,14 +897,13 @@ int nfs_is_exclusive_create(struct inode *dir, struct nameidata *nd)
9798 return (nd->intent.open.flags & O_EXCL) != 0;
9799 }
9801 -static inline int nfs_reval_fsid(struct vfsmount *mnt, struct inode *dir,
9802 - struct nfs_fh *fh, struct nfs_fattr *fattr)
9803 +static inline int nfs_reval_fsid(struct inode *dir, const struct nfs_fattr *fattr)
9804 {
9805 struct nfs_server *server = NFS_SERVER(dir);
9807 if (!nfs_fsid_equal(&server->fsid, &fattr->fsid))
9808 - /* Revalidate fsid on root dir */
9809 - return __nfs_revalidate_inode(server, mnt->mnt_root->d_inode);
9810 + /* Revalidate fsid using the parent directory */
9811 + return __nfs_revalidate_inode(server, dir);
9812 return 0;
9813 }
9815 @@ -946,7 +945,7 @@ static struct dentry *nfs_lookup(struct inode *dir, struct dentry * dentry, stru
9816 res = ERR_PTR(error);
9817 goto out_unlock;
9818 }
9819 - error = nfs_reval_fsid(nd->mnt, dir, &fhandle, &fattr);
9820 + error = nfs_reval_fsid(dir, &fattr);
9821 if (error < 0) {
9822 res = ERR_PTR(error);
9823 goto out_unlock;
9824 @@ -1163,6 +1162,8 @@ static struct dentry *nfs_readdir_lookup(nfs_readdir_descriptor_t *desc)
9825 }
9826 if (!desc->plus || !(entry->fattr->valid & NFS_ATTR_FATTR))
9827 return NULL;
9828 + if (name.len > NFS_SERVER(dir)->namelen)
9829 + return NULL;
9830 /* Note: caller is already holding the dir->i_mutex! */
9831 dentry = d_alloc(parent, &name);
9832 if (dentry == NULL)
9833 diff --git a/fs/nfs/getroot.c b/fs/nfs/getroot.c
9834 index d1cbf0a..522e5ad 100644
9835 --- a/fs/nfs/getroot.c
9836 +++ b/fs/nfs/getroot.c
9837 @@ -175,6 +175,9 @@ next_component:
9838 path++;
9839 name.len = path - (const char *) name.name;
9841 + if (name.len > NFS4_MAXNAMLEN)
9842 + return -ENAMETOOLONG;
9843 +
9844 eat_dot_dir:
9845 while (*path == '/')
9846 path++;
9847 diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
9848 index bd9f5a8..2219b6c 100644
9849 --- a/fs/nfs/inode.c
9850 +++ b/fs/nfs/inode.c
9851 @@ -961,8 +961,8 @@ static int nfs_update_inode(struct inode *inode, struct nfs_fattr *fattr)
9852 goto out_changed;
9854 server = NFS_SERVER(inode);
9855 - /* Update the fsid if and only if this is the root directory */
9856 - if (inode == inode->i_sb->s_root->d_inode
9857 + /* Update the fsid? */
9858 + if (S_ISDIR(inode->i_mode)
9859 && !nfs_fsid_equal(&server->fsid, &fattr->fsid))
9860 server->fsid = fattr->fsid;
9862 diff --git a/fs/nfs/super.c b/fs/nfs/super.c
9863 index ca20d3c..6a5bd0d 100644
9864 --- a/fs/nfs/super.c
9865 +++ b/fs/nfs/super.c
9866 @@ -181,8 +181,8 @@ void __exit unregister_nfs_fs(void)
9867 remove_shrinker(acl_shrinker);
9868 #ifdef CONFIG_NFS_V4
9869 unregister_filesystem(&nfs4_fs_type);
9870 - nfs_unregister_sysctl();
9871 #endif
9872 + nfs_unregister_sysctl();
9873 unregister_filesystem(&nfs_fs_type);
9874 }
9876 diff --git a/fs/nfs/write.c b/fs/nfs/write.c
9877 index af344a1..380a7ae 100644
9878 --- a/fs/nfs/write.c
9879 +++ b/fs/nfs/write.c
9880 @@ -710,6 +710,17 @@ int nfs_flush_incompatible(struct file *file, struct page *page)
9881 }
9883 /*
9884 + * If the page cache is marked as unsafe or invalid, then we can't rely on
9885 + * the PageUptodate() flag. In this case, we will need to turn off
9886 + * write optimisations that depend on the page contents being correct.
9887 + */
9888 +static int nfs_write_pageuptodate(struct page *page, struct inode *inode)
9889 +{
9890 + return PageUptodate(page) &&
9891 + !(NFS_I(inode)->cache_validity & (NFS_INO_REVAL_PAGECACHE|NFS_INO_INVALID_DATA));
9892 +}
9893 +
9894 +/*
9895 * Update and possibly write a cached page of an NFS file.
9896 *
9897 * XXX: Keep an eye on generic_file_read to make sure it doesn't do bad
9898 @@ -730,10 +741,13 @@ int nfs_updatepage(struct file *file, struct page *page,
9899 (long long)(page_offset(page) +offset));
9901 /* If we're not using byte range locks, and we know the page
9902 - * is entirely in cache, it may be more efficient to avoid
9903 - * fragmenting write requests.
9904 + * is up to date, it may be more efficient to extend the write
9905 + * to cover the entire page in order to avoid fragmentation
9906 + * inefficiencies.
9907 */
9908 - if (PageUptodate(page) && inode->i_flock == NULL && !(file->f_mode & O_SYNC)) {
9909 + if (nfs_write_pageuptodate(page, inode) &&
9910 + inode->i_flock == NULL &&
9911 + !(file->f_mode & O_SYNC)) {
9912 count = max(count + offset, nfs_page_length(page));
9913 offset = 0;
9914 }
9915 diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c
9916 index b617428..0e5fa11 100644
9917 --- a/fs/nfsd/nfs2acl.c
9918 +++ b/fs/nfsd/nfs2acl.c
9919 @@ -41,7 +41,7 @@ static __be32 nfsacld_proc_getacl(struct svc_rqst * rqstp,
9921 fh = fh_copy(&resp->fh, &argp->fh);
9922 if ((nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP)))
9923 - RETURN_STATUS(nfserr_inval);
9924 + RETURN_STATUS(nfserr);
9926 if (argp->mask & ~(NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT))
9927 RETURN_STATUS(nfserr_inval);
9928 diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c
9929 index 3e3f2de..b647f2f 100644
9930 --- a/fs/nfsd/nfs3acl.c
9931 +++ b/fs/nfsd/nfs3acl.c
9932 @@ -37,7 +37,7 @@ static __be32 nfsd3_proc_getacl(struct svc_rqst * rqstp,
9934 fh = fh_copy(&resp->fh, &argp->fh);
9935 if ((nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP)))
9936 - RETURN_STATUS(nfserr_inval);
9937 + RETURN_STATUS(nfserr);
9939 if (argp->mask & ~(NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT))
9940 RETURN_STATUS(nfserr_inval);
9941 diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
9942 index 15809df..0898aec 100644
9943 --- a/fs/nfsd/nfs4xdr.c
9944 +++ b/fs/nfsd/nfs4xdr.c
9945 @@ -1453,7 +1453,8 @@ nfsd4_encode_fattr(struct svc_fh *fhp, struct svc_export *exp,
9946 err = vfs_getattr(exp->ex_mnt, dentry, &stat);
9947 if (err)
9948 goto out_nfserr;
9949 - if ((bmval0 & (FATTR4_WORD0_FILES_FREE | FATTR4_WORD0_FILES_TOTAL)) ||
9950 + if ((bmval0 & (FATTR4_WORD0_FILES_FREE | FATTR4_WORD0_FILES_TOTAL |
9951 + FATTR4_WORD0_MAXNAME)) ||
9952 (bmval1 & (FATTR4_WORD1_SPACE_AVAIL | FATTR4_WORD1_SPACE_FREE |
9953 FATTR4_WORD1_SPACE_TOTAL))) {
9954 err = vfs_statfs(dentry, &statfs);
9955 @@ -1699,7 +1700,7 @@ out_acl:
9956 if (bmval0 & FATTR4_WORD0_MAXNAME) {
9957 if ((buflen -= 4) < 0)
9958 goto out_resource;
9959 - WRITE32(~(u32) 0);
9960 + WRITE32(statfs.f_namelen);
9961 }
9962 if (bmval0 & FATTR4_WORD0_MAXREAD) {
9963 if ((buflen -= 8) < 0)
9964 diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
9965 index 6ca2d24..f83d235 100644
9966 --- a/fs/nfsd/nfsfh.c
9967 +++ b/fs/nfsd/nfsfh.c
9968 @@ -565,13 +565,23 @@ enum fsid_source fsid_source(struct svc_fh *fhp)
9969 case FSID_DEV:
9970 case FSID_ENCODE_DEV:
9971 case FSID_MAJOR_MINOR:
9972 - return FSIDSOURCE_DEV;
9973 + if (fhp->fh_export->ex_dentry->d_inode->i_sb->s_type->fs_flags
9974 + & FS_REQUIRES_DEV)
9975 + return FSIDSOURCE_DEV;
9976 + break;
9977 case FSID_NUM:
9978 - return FSIDSOURCE_FSID;
9979 - default:
9980 if (fhp->fh_export->ex_flags & NFSEXP_FSID)
9981 return FSIDSOURCE_FSID;
9982 - else
9983 - return FSIDSOURCE_UUID;
9984 + break;
9985 + default:
9986 + break;
9987 }
9988 + /* either a UUID type filehandle, or the filehandle doesn't
9989 + * match the export.
9990 + */
9991 + if (fhp->fh_export->ex_flags & NFSEXP_FSID)
9992 + return FSIDSOURCE_FSID;
9993 + if (fhp->fh_export->ex_uuid)
9994 + return FSIDSOURCE_UUID;
9995 + return FSIDSOURCE_DEV;
9996 }
9997 diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
9998 index 7e6aa24..9a68061 100644
9999 --- a/fs/nfsd/vfs.c
10000 +++ b/fs/nfsd/vfs.c
10001 @@ -1890,7 +1890,7 @@ nfsd_racache_init(int cache_size)
10002 raparm_hash[i].pb_head = NULL;
10003 spin_lock_init(&raparm_hash[i].pb_lock);
10004 }
10005 - nperbucket = cache_size >> RAPARM_HASH_BITS;
10006 + nperbucket = DIV_ROUND_UP(cache_size, RAPARM_HASH_SIZE);
10007 for (i = 0; i < cache_size - 1; i++) {
10008 if (i % nperbucket == 0)
10009 raparm_hash[j++].pb_head = raparml + i;
10010 diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c
10011 index a480b09..3175288 100644
10012 --- a/fs/ocfs2/aops.c
10013 +++ b/fs/ocfs2/aops.c
10014 @@ -661,6 +661,27 @@ static void ocfs2_clear_page_regions(struct page *page,
10015 }
10017 /*
10018 + * Nonsparse file systems fully allocate before we get to the write
10019 + * code. This prevents ocfs2_write() from tagging the write as an
10020 + * allocating one, which means ocfs2_map_page_blocks() might try to
10021 + * read-in the blocks at the tail of our file. Avoid reading them by
10022 + * testing i_size against each block offset.
10023 + */
10024 +static int ocfs2_should_read_blk(struct inode *inode, struct page *page,
10025 + unsigned int block_start)
10026 +{
10027 + u64 offset = page_offset(page) + block_start;
10028 +
10029 + if (ocfs2_sparse_alloc(OCFS2_SB(inode->i_sb)))
10030 + return 1;
10031 +
10032 + if (i_size_read(inode) > offset)
10033 + return 1;
10034 +
10035 + return 0;
10036 +}
10037 +
10038 +/*
10039 * Some of this taken from block_prepare_write(). We already have our
10040 * mapping by now though, and the entire write will be allocating or
10041 * it won't, so not much need to use BH_New.
10042 @@ -711,7 +732,8 @@ int ocfs2_map_page_blocks(struct page *page, u64 *p_blkno,
10043 if (!buffer_uptodate(bh))
10044 set_buffer_uptodate(bh);
10045 } else if (!buffer_uptodate(bh) && !buffer_delay(bh) &&
10046 - (block_start < from || block_end > to)) {
10047 + ocfs2_should_read_blk(inode, page, block_start) &&
10048 + (block_start < from || block_end > to)) {
10049 ll_rw_block(READ, 1, &bh);
10050 *wait_bh++=bh;
10051 }
10052 diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
10053 index ac6c964..e0cd750 100644
10054 --- a/fs/ocfs2/file.c
10055 +++ b/fs/ocfs2/file.c
10056 @@ -1353,7 +1353,7 @@ static struct page * ocfs2_get_write_source(struct ocfs2_buffered_write_priv *bp
10057 else
10058 src_page = ERR_PTR(-EFAULT);
10059 } else {
10060 - bp->b_src_buf = buf;
10061 + bp->b_src_buf = (char *)((unsigned long)buf & PAGE_CACHE_MASK);
10062 }
10064 return src_page;
10065 diff --git a/fs/signalfd.c b/fs/signalfd.c
10066 index 3b07f26..afbe171 100644
10067 --- a/fs/signalfd.c
10068 +++ b/fs/signalfd.c
10069 @@ -56,12 +56,18 @@ static int signalfd_lock(struct signalfd_ctx *ctx, struct signalfd_lockctx *lk)
10070 sighand = lock_task_sighand(lk->tsk, &lk->flags);
10071 rcu_read_unlock();
10073 - if (sighand && !ctx->tsk) {
10074 + if (!sighand)
10075 + return 0;
10076 +
10077 + if (!ctx->tsk) {
10078 unlock_task_sighand(lk->tsk, &lk->flags);
10079 - sighand = NULL;
10080 + return 0;
10081 }
10083 - return sighand != NULL;
10084 + if (lk->tsk->tgid == current->tgid)
10085 + lk->tsk = current;
10086 +
10087 + return 1;
10088 }
10090 static void signalfd_unlock(struct signalfd_lockctx *lk)
10091 @@ -331,7 +337,7 @@ asmlinkage long sys_signalfd(int ufd, sigset_t __user *user_mask, size_t sizemas
10093 init_waitqueue_head(&ctx->wqh);
10094 ctx->sigmask = sigmask;
10095 - ctx->tsk = current;
10096 + ctx->tsk = current->group_leader;
10098 sighand = current->sighand;
10099 /*
10100 diff --git a/fs/splice.c b/fs/splice.c
10101 index e7d7080..dbbe267 100644
10102 --- a/fs/splice.c
10103 +++ b/fs/splice.c
10104 @@ -601,7 +601,7 @@ find_page:
10105 ret = add_to_page_cache_lru(page, mapping, index,
10106 GFP_KERNEL);
10107 if (unlikely(ret))
10108 - goto out;
10109 + goto out_release;
10110 }
10112 ret = mapping->a_ops->prepare_write(file, page, offset, offset+this_len);
10113 @@ -657,8 +657,9 @@ find_page:
10114 */
10115 mark_page_accessed(page);
10116 out:
10117 - page_cache_release(page);
10118 unlock_page(page);
10119 +out_release:
10120 + page_cache_release(page);
10121 out_ret:
10122 return ret;
10123 }
10124 @@ -1010,7 +1011,7 @@ long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
10125 max_read_len = min(len, (size_t)(PIPE_BUFFERS*PAGE_SIZE));
10127 ret = do_splice_to(in, ppos, pipe, max_read_len, flags);
10128 - if (unlikely(ret < 0))
10129 + if (unlikely(ret <= 0))
10130 goto out_release;
10132 read_len = ret;
10133 @@ -1022,7 +1023,7 @@ long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
10134 */
10135 ret = do_splice_from(pipe, out, &out_off, read_len,
10136 flags & ~SPLICE_F_NONBLOCK);
10137 - if (unlikely(ret < 0))
10138 + if (unlikely(ret <= 0))
10139 goto out_release;
10141 bytes += ret;
10142 @@ -1181,6 +1182,9 @@ static int get_iovec_page_array(const struct iovec __user *iov,
10143 if (unlikely(!base))
10144 break;
10146 + if (!access_ok(VERIFY_READ, base, len))
10147 + break;
10148 +
10149 /*
10150 * Get this base offset and number of pages, then map
10151 * in the user pages.
10152 diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
10153 index b502c71..1f64ce5 100644
10154 --- a/fs/sysfs/file.c
10155 +++ b/fs/sysfs/file.c
10156 @@ -283,6 +283,7 @@ static int sysfs_open_file(struct inode *inode, struct file *file)
10157 mutex_lock(&inode->i_mutex);
10158 if (!(set = inode->i_private)) {
10159 if (!(set = inode->i_private = kmalloc(sizeof(struct sysfs_buffer_collection), GFP_KERNEL))) {
10160 + mutex_unlock(&inode->i_mutex);
10161 error = -ENOMEM;
10162 goto Done;
10163 } else {
10164 diff --git a/fs/timerfd.c b/fs/timerfd.c
10165 index af9eca5..61983f3 100644
10166 --- a/fs/timerfd.c
10167 +++ b/fs/timerfd.c
10168 @@ -95,7 +95,7 @@ static ssize_t timerfd_read(struct file *file, char __user *buf, size_t count,
10169 {
10170 struct timerfd_ctx *ctx = file->private_data;
10171 ssize_t res;
10172 - u32 ticks = 0;
10173 + u64 ticks = 0;
10174 DECLARE_WAITQUEUE(wait, current);
10176 if (count < sizeof(ticks))
10177 @@ -130,7 +130,7 @@ static ssize_t timerfd_read(struct file *file, char __user *buf, size_t count,
10178 * callback to avoid DoS attacks specifying a very
10179 * short timer period.
10180 */
10181 - ticks = (u32)
10182 + ticks = (u64)
10183 hrtimer_forward(&ctx->tmr,
10184 hrtimer_cb_get_time(&ctx->tmr),
10185 ctx->tintv);
10186 @@ -140,7 +140,7 @@ static ssize_t timerfd_read(struct file *file, char __user *buf, size_t count,
10187 }
10188 spin_unlock_irq(&ctx->wqh.lock);
10189 if (ticks)
10190 - res = put_user(ticks, buf) ? -EFAULT: sizeof(ticks);
10191 + res = put_user(ticks, (u64 __user *) buf) ? -EFAULT: sizeof(ticks);
10192 return res;
10193 }
10195 diff --git a/include/acpi/processor.h b/include/acpi/processor.h
10196 index b4b0ffd..0276fc6 100644
10197 --- a/include/acpi/processor.h
10198 +++ b/include/acpi/processor.h
10199 @@ -279,6 +279,8 @@ int acpi_processor_power_init(struct acpi_processor *pr,
10200 int acpi_processor_cst_has_changed(struct acpi_processor *pr);
10201 int acpi_processor_power_exit(struct acpi_processor *pr,
10202 struct acpi_device *device);
10203 +int acpi_processor_suspend(struct acpi_device * device, pm_message_t state);
10204 +int acpi_processor_resume(struct acpi_device * device);
10206 /* in processor_thermal.c */
10207 int acpi_processor_get_limit_info(struct acpi_processor *pr);
10208 diff --git a/include/asm-avr32/atomic.h b/include/asm-avr32/atomic.h
10209 index b9c2548..7ef3862 100644
10210 --- a/include/asm-avr32/atomic.h
10211 +++ b/include/asm-avr32/atomic.h
10212 @@ -101,7 +101,7 @@ static inline int atomic_sub_unless(atomic_t *v, int a, int u)
10213 " mov %1, 1\n"
10214 "1:"
10215 : "=&r"(tmp), "=&r"(result), "=o"(v->counter)
10216 - : "m"(v->counter), "rKs21"(a), "rKs21"(u)
10217 + : "m"(v->counter), "rKs21"(a), "rKs21"(u), "1"(result)
10218 : "cc", "memory");
10220 return result;
10221 @@ -137,7 +137,7 @@ static inline int atomic_add_unless(atomic_t *v, int a, int u)
10222 " mov %1, 1\n"
10223 "1:"
10224 : "=&r"(tmp), "=&r"(result), "=o"(v->counter)
10225 - : "m"(v->counter), "r"(a), "ir"(u)
10226 + : "m"(v->counter), "r"(a), "ir"(u), "1"(result)
10227 : "cc", "memory");
10228 }
10230 diff --git a/include/asm-i386/apic.h b/include/asm-i386/apic.h
10231 index 1e8f6f2..4091b33 100644
10232 --- a/include/asm-i386/apic.h
10233 +++ b/include/asm-i386/apic.h
10234 @@ -116,6 +116,8 @@ extern void enable_NMI_through_LVT0 (void * dummy);
10235 extern int timer_over_8254;
10236 extern int local_apic_timer_c2_ok;
10238 +extern int local_apic_timer_disabled;
10239 +
10240 #else /* !CONFIG_X86_LOCAL_APIC */
10241 static inline void lapic_shutdown(void) { }
10243 diff --git a/include/asm-i386/cpufeature.h b/include/asm-i386/cpufeature.h
10244 index f514e90..ddc2d7c 100644
10245 --- a/include/asm-i386/cpufeature.h
10246 +++ b/include/asm-i386/cpufeature.h
10247 @@ -79,7 +79,7 @@
10248 #define X86_FEATURE_ARCH_PERFMON (3*32+11) /* Intel Architectural PerfMon */
10249 #define X86_FEATURE_PEBS (3*32+12) /* Precise-Event Based Sampling */
10250 #define X86_FEATURE_BTS (3*32+13) /* Branch Trace Store */
10251 -#define X86_FEATURE_LAPIC_TIMER_BROKEN (3*32+ 14) /* lapic timer broken in C1 */
10252 +/* 14 free */
10253 #define X86_FEATURE_SYNC_RDTSC (3*32+15) /* RDTSC synchronizes the CPU */
10255 /* Intel-defined CPU features, CPUID level 0x00000001 (ecx), word 4 */
10256 diff --git a/include/asm-i386/serial.h b/include/asm-i386/serial.h
10257 index 57a4306..bd67480 100644
10258 --- a/include/asm-i386/serial.h
10259 +++ b/include/asm-i386/serial.h
10260 @@ -11,3 +11,19 @@
10261 * megabits/second; but this requires the faster clock.
10262 */
10263 #define BASE_BAUD ( 1843200 / 16 )
10264 +
10265 +/* Standard COM flags (except for COM4, because of the 8514 problem) */
10266 +#ifdef CONFIG_SERIAL_DETECT_IRQ
10267 +#define STD_COM_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_SKIP_TEST | ASYNC_AUTO_IRQ)
10268 +#define STD_COM4_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_AUTO_IRQ)
10269 +#else
10270 +#define STD_COM_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_SKIP_TEST)
10271 +#define STD_COM4_FLAGS ASYNC_BOOT_AUTOCONF
10272 +#endif
10273 +
10274 +#define SERIAL_PORT_DFNS \
10275 + /* UART CLK PORT IRQ FLAGS */ \
10276 + { 0, BASE_BAUD, 0x3F8, 4, STD_COM_FLAGS }, /* ttyS0 */ \
10277 + { 0, BASE_BAUD, 0x2F8, 3, STD_COM_FLAGS }, /* ttyS1 */ \
10278 + { 0, BASE_BAUD, 0x3E8, 4, STD_COM_FLAGS }, /* ttyS2 */ \
10279 + { 0, BASE_BAUD, 0x2E8, 3, STD_COM4_FLAGS }, /* ttyS3 */
10280 diff --git a/include/asm-sparc/sfp-machine.h b/include/asm-sparc/sfp-machine.h
10281 index ecfc86a..266a42b 100644
10282 --- a/include/asm-sparc/sfp-machine.h
10283 +++ b/include/asm-sparc/sfp-machine.h
10284 @@ -203,4 +203,10 @@ extern struct task_struct *last_task_used_math;
10285 #define FP_INHIBIT_RESULTS ((last_task_used_math->thread.fsr >> 23) & _fex)
10286 #endif
10288 +#ifdef CONFIG_SMP
10289 +#define FP_TRAPPING_EXCEPTIONS ((current->thread.fsr >> 23) & 0x1f)
10290 +#else
10291 +#define FP_TRAPPING_EXCEPTIONS ((last_task_used_math->thread.fsr >> 23) & 0x1f)
10292 +#endif
10293 +
10294 #endif
10295 diff --git a/include/asm-sparc64/hypervisor.h b/include/asm-sparc64/hypervisor.h
10296 index db2130a..a63a1f6 100644
10297 --- a/include/asm-sparc64/hypervisor.h
10298 +++ b/include/asm-sparc64/hypervisor.h
10299 @@ -709,6 +709,10 @@ extern unsigned long sun4v_mmu_tsb_ctx0(unsigned long num_descriptions,
10300 */
10301 #define HV_FAST_MMU_DEMAP_ALL 0x24
10303 +#ifndef __ASSEMBLY__
10304 +extern void sun4v_mmu_demap_all(void);
10305 +#endif
10306 +
10307 /* mmu_map_perm_addr()
10308 * TRAP: HV_FAST_TRAP
10309 * FUNCTION: HV_FAST_MMU_MAP_PERM_ADDR
10310 diff --git a/include/asm-sparc64/sfp-machine.h b/include/asm-sparc64/sfp-machine.h
10311 index 89d4243..c9331b0 100644
10312 --- a/include/asm-sparc64/sfp-machine.h
10313 +++ b/include/asm-sparc64/sfp-machine.h
10314 @@ -88,4 +88,6 @@
10316 #define FP_INHIBIT_RESULTS ((current_thread_info()->xfsr[0] >> 23) & _fex)
10318 +#define FP_TRAPPING_EXCEPTIONS ((current_thread_info()->xfsr[0] >> 23) & 0x1f)
10319 +
10320 #endif
10321 diff --git a/include/asm-x86_64/serial.h b/include/asm-x86_64/serial.h
10322 index 8ebd765..b0496e0 100644
10323 --- a/include/asm-x86_64/serial.h
10324 +++ b/include/asm-x86_64/serial.h
10325 @@ -11,3 +11,19 @@
10326 * megabits/second; but this requires the faster clock.
10327 */
10328 #define BASE_BAUD ( 1843200 / 16 )
10329 +
10330 +/* Standard COM flags (except for COM4, because of the 8514 problem) */
10331 +#ifdef CONFIG_SERIAL_DETECT_IRQ
10332 +#define STD_COM_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_SKIP_TEST | ASYNC_AUTO_IRQ)
10333 +#define STD_COM4_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_AUTO_IRQ)
10334 +#else
10335 +#define STD_COM_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_SKIP_TEST)
10336 +#define STD_COM4_FLAGS ASYNC_BOOT_AUTOCONF
10337 +#endif
10338 +
10339 +#define SERIAL_PORT_DFNS \
10340 + /* UART CLK PORT IRQ FLAGS */ \
10341 + { 0, BASE_BAUD, 0x3F8, 4, STD_COM_FLAGS }, /* ttyS0 */ \
10342 + { 0, BASE_BAUD, 0x2F8, 3, STD_COM_FLAGS }, /* ttyS1 */ \
10343 + { 0, BASE_BAUD, 0x3E8, 4, STD_COM_FLAGS }, /* ttyS2 */ \
10344 + { 0, BASE_BAUD, 0x2E8, 3, STD_COM4_FLAGS }, /* ttyS3 */
10345 diff --git a/include/linux/Kbuild b/include/linux/Kbuild
10346 index f317c27..d86711d 100644
10347 --- a/include/linux/Kbuild
10348 +++ b/include/linux/Kbuild
10349 @@ -7,6 +7,7 @@ header-y += raid/
10350 header-y += spi/
10351 header-y += sunrpc/
10352 header-y += tc_act/
10353 +header-y += tc_ematch/
10354 header-y += netfilter/
10355 header-y += netfilter_arp/
10356 header-y += netfilter_bridge/
10357 @@ -137,6 +138,7 @@ header-y += radeonfb.h
10358 header-y += raw.h
10359 header-y += resource.h
10360 header-y += rose.h
10361 +header-y += serial_reg.h
10362 header-y += smbno.h
10363 header-y += snmp.h
10364 header-y += sockios.h
10365 diff --git a/include/linux/bootmem.h b/include/linux/bootmem.h
10366 index c83534e..0365ec9 100644
10367 --- a/include/linux/bootmem.h
10368 +++ b/include/linux/bootmem.h
10369 @@ -59,7 +59,6 @@ extern void *__alloc_bootmem_core(struct bootmem_data *bdata,
10370 unsigned long align,
10371 unsigned long goal,
10372 unsigned long limit);
10373 -extern void *alloc_bootmem_high_node(pg_data_t *pgdat, unsigned long size);
10375 #ifndef CONFIG_HAVE_ARCH_BOOTMEM_NODE
10376 extern void reserve_bootmem(unsigned long addr, unsigned long size);
10377 diff --git a/include/linux/ioprio.h b/include/linux/ioprio.h
10378 index 8e2042b..2eaa142 100644
10379 --- a/include/linux/ioprio.h
10380 +++ b/include/linux/ioprio.h
10381 @@ -47,8 +47,10 @@ enum {
10382 #define IOPRIO_NORM (4)
10383 static inline int task_ioprio(struct task_struct *task)
10384 {
10385 - WARN_ON(!ioprio_valid(task->ioprio));
10386 - return IOPRIO_PRIO_DATA(task->ioprio);
10387 + if (ioprio_valid(task->ioprio))
10388 + return IOPRIO_PRIO_DATA(task->ioprio);
10389 +
10390 + return IOPRIO_NORM;
10391 }
10393 static inline int task_nice_ioprio(struct task_struct *task)
10394 diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
10395 index 3a70f55..ab210be 100644
10396 --- a/include/linux/netdevice.h
10397 +++ b/include/linux/netdevice.h
10398 @@ -1032,6 +1032,8 @@ extern void dev_seq_stop(struct seq_file *seq, void *v);
10400 extern void linkwatch_run_queue(void);
10402 +extern int netdev_compute_features(unsigned long all, unsigned long one);
10403 +
10404 static inline int net_gso_ok(int features, int gso_type)
10405 {
10406 int feature = gso_type << NETIF_F_GSO_SHIFT;
10407 diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
10408 index 43397a4..ab57cb7 100644
10409 --- a/include/linux/netfilter/Kbuild
10410 +++ b/include/linux/netfilter/Kbuild
10411 @@ -28,6 +28,7 @@ header-y += xt_policy.h
10412 header-y += xt_realm.h
10413 header-y += xt_sctp.h
10414 header-y += xt_state.h
10415 +header-y += xt_statistic.h
10416 header-y += xt_string.h
10417 header-y += xt_tcpmss.h
10418 header-y += xt_tcpudp.h
10419 diff --git a/include/linux/netfilter_ipv4/ipt_iprange.h b/include/linux/netfilter_ipv4/ipt_iprange.h
10420 index 34ab0fb..a92fefc 100644
10421 --- a/include/linux/netfilter_ipv4/ipt_iprange.h
10422 +++ b/include/linux/netfilter_ipv4/ipt_iprange.h
10423 @@ -1,6 +1,8 @@
10424 #ifndef _IPT_IPRANGE_H
10425 #define _IPT_IPRANGE_H
10427 +#include <linux/types.h>
10428 +
10429 #define IPRANGE_SRC 0x01 /* Match source IP address */
10430 #define IPRANGE_DST 0x02 /* Match destination IP address */
10431 #define IPRANGE_SRC_INV 0x10 /* Negate the condition */
10432 diff --git a/include/linux/netlink.h b/include/linux/netlink.h
10433 index 2e23353..b2834d8 100644
10434 --- a/include/linux/netlink.h
10435 +++ b/include/linux/netlink.h
10436 @@ -173,7 +173,7 @@ extern int netlink_unregister_notifier(struct notifier_block *nb);
10437 /* finegrained unicast helpers: */
10438 struct sock *netlink_getsockbyfilp(struct file *filp);
10439 int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
10440 - long timeo, struct sock *ssk);
10441 + long *timeo, struct sock *ssk);
10442 void netlink_detachskb(struct sock *sk, struct sk_buff *skb);
10443 int netlink_sendskb(struct sock *sk, struct sk_buff *skb, int protocol);
10445 diff --git a/include/linux/page-flags.h b/include/linux/page-flags.h
10446 index ae2d79f..5b72887 100644
10447 --- a/include/linux/page-flags.h
10448 +++ b/include/linux/page-flags.h
10449 @@ -240,7 +240,7 @@ static inline void SetPageUptodate(struct page *page)
10451 #define PG_head_tail_mask ((1L << PG_compound) | (1L << PG_reclaim))
10453 -#define PageTail(page) ((page->flags & PG_head_tail_mask) \
10454 +#define PageTail(page) (((page)->flags & PG_head_tail_mask) \
10455 == PG_head_tail_mask)
10457 static inline void __SetPageTail(struct page *page)
10458 @@ -253,7 +253,7 @@ static inline void __ClearPageTail(struct page *page)
10459 page->flags &= ~PG_head_tail_mask;
10460 }
10462 -#define PageHead(page) ((page->flags & PG_head_tail_mask) \
10463 +#define PageHead(page) (((page)->flags & PG_head_tail_mask) \
10464 == (1L << PG_compound))
10465 #define __SetPageHead(page) __SetPageCompound(page)
10466 #define __ClearPageHead(page) __ClearPageCompound(page)
10467 diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
10468 index 5b1c999..c6c9d48 100644
10469 --- a/include/linux/pci_ids.h
10470 +++ b/include/linux/pci_ids.h
10471 @@ -357,6 +357,9 @@
10472 #define PCI_DEVICE_ID_ATI_RS400_166 0x5a32
10473 #define PCI_DEVICE_ID_ATI_RS400_200 0x5a33
10474 #define PCI_DEVICE_ID_ATI_RS480 0x5950
10475 +#define PCI_DEVICE_ID_ATI_RD580 0x5952
10476 +#define PCI_DEVICE_ID_ATI_RX790 0x5957
10477 +#define PCI_DEVICE_ID_ATI_RS690 0x7910
10478 /* ATI IXP Chipset */
10479 #define PCI_DEVICE_ID_ATI_IXP200_IDE 0x4349
10480 #define PCI_DEVICE_ID_ATI_IXP200_SMBUS 0x4353
10481 @@ -1236,6 +1239,10 @@
10482 #define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP67_IDE 0x0560
10483 #define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP73_IDE 0x056C
10484 #define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP77_IDE 0x0759
10485 +#define PCI_DEVICE_ID_NVIDIA_NVENET_36 0x0AB0
10486 +#define PCI_DEVICE_ID_NVIDIA_NVENET_37 0x0AB1
10487 +#define PCI_DEVICE_ID_NVIDIA_NVENET_38 0x0AB2
10488 +#define PCI_DEVICE_ID_NVIDIA_NVENET_39 0x0AB3
10490 #define PCI_VENDOR_ID_IMS 0x10e0
10491 #define PCI_DEVICE_ID_IMS_TT128 0x9128
10492 @@ -2278,6 +2285,8 @@
10493 #define PCI_DEVICE_ID_INTEL_ICH9_4 0x2914
10494 #define PCI_DEVICE_ID_INTEL_ICH9_5 0x2919
10495 #define PCI_DEVICE_ID_INTEL_ICH9_6 0x2930
10496 +#define PCI_DEVICE_ID_INTEL_ICH9_7 0x2916
10497 +#define PCI_DEVICE_ID_INTEL_ICH9_8 0x2918
10498 #define PCI_DEVICE_ID_INTEL_82855PM_HB 0x3340
10499 #define PCI_DEVICE_ID_INTEL_82830_HB 0x3575
10500 #define PCI_DEVICE_ID_INTEL_82830_CGC 0x3577
10501 diff --git a/include/linux/quicklist.h b/include/linux/quicklist.h
10502 index 9371c61..39b6671 100644
10503 --- a/include/linux/quicklist.h
10504 +++ b/include/linux/quicklist.h
10505 @@ -56,14 +56,6 @@ static inline void __quicklist_free(int nr, void (*dtor)(void *), void *p,
10506 struct page *page)
10507 {
10508 struct quicklist *q;
10509 - int nid = page_to_nid(page);
10510 -
10511 - if (unlikely(nid != numa_node_id())) {
10512 - if (dtor)
10513 - dtor(p);
10514 - __free_page(page);
10515 - return;
10516 - }
10518 q = &get_cpu_var(quicklist)[nr];
10519 *(void **)p = q->page;
10520 diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
10521 index 1c4eb41..9c4ad75 100644
10522 --- a/include/linux/thread_info.h
10523 +++ b/include/linux/thread_info.h
10524 @@ -7,12 +7,25 @@
10525 #ifndef _LINUX_THREAD_INFO_H
10526 #define _LINUX_THREAD_INFO_H
10528 +#include <linux/types.h>
10529 +
10530 /*
10531 - * System call restart block.
10532 + * System call restart block.
10533 */
10534 struct restart_block {
10535 long (*fn)(struct restart_block *);
10536 - unsigned long arg0, arg1, arg2, arg3;
10537 + union {
10538 + struct {
10539 + unsigned long arg0, arg1, arg2, arg3;
10540 + };
10541 + /* For futex_wait */
10542 + struct {
10543 + u32 *uaddr;
10544 + u32 val;
10545 + u32 flags;
10546 + u64 time;
10547 + } futex;
10548 + };
10549 };
10551 extern long do_no_restart_syscall(struct restart_block *parm);
10552 diff --git a/include/math-emu/op-common.h b/include/math-emu/op-common.h
10553 index 93780ab..bb46e76 100644
10554 --- a/include/math-emu/op-common.h
10555 +++ b/include/math-emu/op-common.h
10556 @@ -145,13 +145,16 @@ do { \
10557 { \
10558 X##_e = 1; \
10559 _FP_FRAC_SET_##wc(X, _FP_ZEROFRAC_##wc); \
10560 + FP_SET_EXCEPTION(FP_EX_INEXACT); \
10561 } \
10562 else \
10563 { \
10564 X##_e = 0; \
10565 _FP_FRAC_SRL_##wc(X, _FP_WORKBITS); \
10566 - FP_SET_EXCEPTION(FP_EX_UNDERFLOW); \
10567 } \
10568 + if ((FP_CUR_EXCEPTIONS & FP_EX_INEXACT) || \
10569 + (FP_TRAPPING_EXCEPTIONS & FP_EX_UNDERFLOW)) \
10570 + FP_SET_EXCEPTION(FP_EX_UNDERFLOW); \
10571 } \
10572 else \
10573 { \
10574 diff --git a/include/math-emu/soft-fp.h b/include/math-emu/soft-fp.h
10575 index d02eb64..a6f873b 100644
10576 --- a/include/math-emu/soft-fp.h
10577 +++ b/include/math-emu/soft-fp.h
10578 @@ -97,12 +97,19 @@
10579 #define FP_INHIBIT_RESULTS 0
10580 #endif
10582 +#ifndef FP_TRAPPING_EXCEPTIONS
10583 +#define FP_TRAPPING_EXCEPTIONS 0
10584 +#endif
10585 +
10586 #define FP_SET_EXCEPTION(ex) \
10587 _fex |= (ex)
10589 #define FP_UNSET_EXCEPTION(ex) \
10590 _fex &= ~(ex)
10592 +#define FP_CUR_EXCEPTIONS \
10593 + (_fex)
10594 +
10595 #define FP_CLEAR_EXCEPTIONS \
10596 _fex = 0
10598 diff --git a/include/net/bluetooth/rfcomm.h b/include/net/bluetooth/rfcomm.h
10599 index 3c563f0..25aa575 100644
10600 --- a/include/net/bluetooth/rfcomm.h
10601 +++ b/include/net/bluetooth/rfcomm.h
10602 @@ -323,6 +323,7 @@ int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc
10603 #define RFCOMM_RELEASE_ONHUP 1
10604 #define RFCOMM_HANGUP_NOW 2
10605 #define RFCOMM_TTY_ATTACHED 3
10606 +#define RFCOMM_TTY_RELEASED 4
10608 struct rfcomm_dev_req {
10609 s16 dev_id;
10610 diff --git a/include/net/rose.h b/include/net/rose.h
10611 index a4047d3..e5bb084 100644
10612 --- a/include/net/rose.h
10613 +++ b/include/net/rose.h
10614 @@ -188,7 +188,7 @@ extern void rose_kick(struct sock *);
10615 extern void rose_enquiry_response(struct sock *);
10617 /* rose_route.c */
10618 -extern struct rose_neigh rose_loopback_neigh;
10619 +extern struct rose_neigh *rose_loopback_neigh;
10620 extern const struct file_operations rose_neigh_fops;
10621 extern const struct file_operations rose_nodes_fops;
10622 extern const struct file_operations rose_routes_fops;
10623 diff --git a/include/net/tcp.h b/include/net/tcp.h
10624 index a8af9ae..c05e018 100644
10625 --- a/include/net/tcp.h
10626 +++ b/include/net/tcp.h
10627 @@ -281,7 +281,7 @@ extern int tcp_v4_remember_stamp(struct sock *sk);
10629 extern int tcp_v4_tw_remember_stamp(struct inet_timewait_sock *tw);
10631 -extern int tcp_sendmsg(struct kiocb *iocb, struct sock *sk,
10632 +extern int tcp_sendmsg(struct kiocb *iocb, struct socket *sock,
10633 struct msghdr *msg, size_t size);
10634 extern ssize_t tcp_sendpage(struct socket *sock, struct page *page, int offset, size_t size, int flags);
10636 @@ -1061,14 +1061,12 @@ struct tcp_md5sig_key {
10637 };
10639 struct tcp4_md5sig_key {
10640 - u8 *key;
10641 - u16 keylen;
10642 + struct tcp_md5sig_key base;
10643 __be32 addr;
10644 };
10646 struct tcp6_md5sig_key {
10647 - u8 *key;
10648 - u16 keylen;
10649 + struct tcp_md5sig_key base;
10650 #if 0
10651 u32 scope_id; /* XXX */
10652 #endif
10653 @@ -1260,6 +1258,9 @@ static inline void tcp_insert_write_queue_before(struct sk_buff *new,
10654 struct sock *sk)
10655 {
10656 __skb_insert(new, skb->prev, skb, &sk->sk_write_queue);
10657 +
10658 + if (sk->sk_send_head == skb)
10659 + sk->sk_send_head = new;
10660 }
10662 static inline void tcp_unlink_write_queue(struct sk_buff *skb, struct sock *sk)
10663 diff --git a/include/net/xfrm.h b/include/net/xfrm.h
10664 index 311f25a..4d56e16 100644
10665 --- a/include/net/xfrm.h
10666 +++ b/include/net/xfrm.h
10667 @@ -577,7 +577,6 @@ static inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ct
10668 struct xfrm_dst
10669 {
10670 union {
10671 - struct xfrm_dst *next;
10672 struct dst_entry dst;
10673 struct rtable rt;
10674 struct rt6_info rt6;
10675 diff --git a/init/Kconfig b/init/Kconfig
10676 index a9e99f8..5f8dba9 100644
10677 --- a/init/Kconfig
10678 +++ b/init/Kconfig
10679 @@ -505,6 +505,7 @@ config SIGNALFD
10680 config TIMERFD
10681 bool "Enable timerfd() system call" if EMBEDDED
10682 depends on ANON_INODES
10683 + depends on BROKEN
10684 default y
10685 help
10686 Enable the timerfd() system call that allows to receive timer
10687 diff --git a/ipc/mqueue.c b/ipc/mqueue.c
10688 index a242c83..1eef14b 100644
10689 --- a/ipc/mqueue.c
10690 +++ b/ipc/mqueue.c
10691 @@ -1014,6 +1014,8 @@ asmlinkage long sys_mq_notify(mqd_t mqdes,
10692 return -EINVAL;
10693 }
10694 if (notification.sigev_notify == SIGEV_THREAD) {
10695 + long timeo;
10696 +
10697 /* create the notify skb */
10698 nc = alloc_skb(NOTIFY_COOKIE_LEN, GFP_KERNEL);
10699 ret = -ENOMEM;
10700 @@ -1042,8 +1044,8 @@ retry:
10701 goto out;
10702 }
10704 - ret = netlink_attachskb(sock, nc, 0,
10705 - MAX_SCHEDULE_TIMEOUT, NULL);
10706 + timeo = MAX_SCHEDULE_TIMEOUT;
10707 + ret = netlink_attachskb(sock, nc, 0, &timeo, NULL);
10708 if (ret == 1)
10709 goto retry;
10710 if (ret) {
10711 diff --git a/ipc/shm.c b/ipc/shm.c
10712 index 0852f20..3bdcb9a 100644
10713 --- a/ipc/shm.c
10714 +++ b/ipc/shm.c
10715 @@ -716,7 +716,7 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
10716 struct user_struct * user = current->user;
10717 if (!is_file_hugepages(shp->shm_file)) {
10718 err = shmem_lock(shp->shm_file, 1, user);
10719 - if (!err) {
10720 + if (!err && !(shp->shm_perm.mode & SHM_LOCKED)){
10721 shp->shm_perm.mode |= SHM_LOCKED;
10722 shp->mlock_user = user;
10723 }
10724 diff --git a/kernel/auditsc.c b/kernel/auditsc.c
10725 index e36481e..ea37edd 100644
10726 --- a/kernel/auditsc.c
10727 +++ b/kernel/auditsc.c
10728 @@ -1998,19 +1998,19 @@ int __audit_signal_info(int sig, struct task_struct *t)
10729 extern uid_t audit_sig_uid;
10730 extern u32 audit_sig_sid;
10732 - if (audit_pid && t->tgid == audit_pid &&
10733 - (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1)) {
10734 - audit_sig_pid = tsk->pid;
10735 - if (ctx)
10736 - audit_sig_uid = ctx->loginuid;
10737 - else
10738 - audit_sig_uid = tsk->uid;
10739 - selinux_get_task_sid(tsk, &audit_sig_sid);
10740 + if (audit_pid && t->tgid == audit_pid) {
10741 + if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1) {
10742 + audit_sig_pid = tsk->pid;
10743 + if (ctx)
10744 + audit_sig_uid = ctx->loginuid;
10745 + else
10746 + audit_sig_uid = tsk->uid;
10747 + selinux_get_task_sid(tsk, &audit_sig_sid);
10748 + }
10749 + if (!audit_signals || audit_dummy_context())
10750 + return 0;
10751 }
10753 - if (!audit_signals) /* audit_context checked in wrapper */
10754 - return 0;
10755 -
10756 /* optimize the common case by putting first signal recipient directly
10757 * in audit_context */
10758 if (!ctx->target_pid) {
10759 diff --git a/kernel/exit.c b/kernel/exit.c
10760 index 5c8ecba..369dae2 100644
10761 --- a/kernel/exit.c
10762 +++ b/kernel/exit.c
10763 @@ -1336,11 +1336,10 @@ static int wait_task_stopped(struct task_struct *p, int delayed_group_leader,
10764 int why = (p->ptrace & PT_PTRACED) ? CLD_TRAPPED : CLD_STOPPED;
10766 exit_code = p->exit_code;
10767 - if (unlikely(!exit_code) ||
10768 - unlikely(p->state & TASK_TRACED))
10769 + if (unlikely(!exit_code) || unlikely(p->exit_state))
10770 goto bail_ref;
10771 return wait_noreap_copyout(p, pid, uid,
10772 - why, (exit_code << 8) | 0x7f,
10773 + why, exit_code,
10774 infop, ru);
10775 }
10777 diff --git a/kernel/futex.c b/kernel/futex.c
10778 index 45490be..592cf07 100644
10779 --- a/kernel/futex.c
10780 +++ b/kernel/futex.c
10781 @@ -1129,9 +1129,9 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
10783 /*
10784 * In case we must use restart_block to restart a futex_wait,
10785 - * we encode in the 'arg3' shared capability
10786 + * we encode in the 'flags' shared capability
10787 */
10788 -#define ARG3_SHARED 1
10789 +#define FLAGS_SHARED 1
10791 static long futex_wait_restart(struct restart_block *restart);
10792 static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
10793 @@ -1272,12 +1272,13 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
10794 struct restart_block *restart;
10795 restart = ¤t_thread_info()->restart_block;
10796 restart->fn = futex_wait_restart;
10797 - restart->arg0 = (unsigned long)uaddr;
10798 - restart->arg1 = (unsigned long)val;
10799 - restart->arg2 = (unsigned long)abs_time;
10800 - restart->arg3 = 0;
10801 + restart->futex.uaddr = (u32 *)uaddr;
10802 + restart->futex.val = val;
10803 + restart->futex.time = abs_time->tv64;
10804 + restart->futex.flags = 0;
10805 +
10806 if (fshared)
10807 - restart->arg3 |= ARG3_SHARED;
10808 + restart->futex.flags |= FLAGS_SHARED;
10809 return -ERESTART_RESTARTBLOCK;
10810 }
10812 @@ -1293,15 +1294,15 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
10814 static long futex_wait_restart(struct restart_block *restart)
10815 {
10816 - u32 __user *uaddr = (u32 __user *)restart->arg0;
10817 - u32 val = (u32)restart->arg1;
10818 - ktime_t *abs_time = (ktime_t *)restart->arg2;
10819 + u32 __user *uaddr = (u32 __user *)restart->futex.uaddr;
10820 struct rw_semaphore *fshared = NULL;
10821 + ktime_t t;
10823 + t.tv64 = restart->futex.time;
10824 restart->fn = do_no_restart_syscall;
10825 - if (restart->arg3 & ARG3_SHARED)
10826 + if (restart->futex.flags & FLAGS_SHARED)
10827 fshared = ¤t->mm->mmap_sem;
10828 - return (long)futex_wait(uaddr, fshared, val, abs_time);
10829 + return (long)futex_wait(uaddr, fshared, restart->futex.val, &t);
10830 }
10833 @@ -2061,8 +2062,10 @@ asmlinkage long sys_futex(u32 __user *uaddr, int op, u32 val,
10834 }
10835 /*
10836 * requeue parameter in 'utime' if cmd == FUTEX_REQUEUE.
10837 + * number of waiters to wake in 'utime' if cmd == FUTEX_WAKE_OP.
10838 */
10839 - if (cmd == FUTEX_REQUEUE || cmd == FUTEX_CMP_REQUEUE)
10840 + if (cmd == FUTEX_REQUEUE || cmd == FUTEX_CMP_REQUEUE ||
10841 + cmd == FUTEX_WAKE_OP)
10842 val2 = (u32) (unsigned long) utime;
10844 return do_futex(uaddr, op, val, tp, uaddr2, val2, val3);
10845 diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
10846 index f792136..589b1e4 100644
10847 --- a/kernel/futex_compat.c
10848 +++ b/kernel/futex_compat.c
10849 @@ -29,6 +29,15 @@ fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry,
10850 return 0;
10851 }
10853 +static void __user *futex_uaddr(struct robust_list *entry,
10854 + compat_long_t futex_offset)
10855 +{
10856 + compat_uptr_t base = ptr_to_compat(entry);
10857 + void __user *uaddr = compat_ptr(base + futex_offset);
10858 +
10859 + return uaddr;
10860 +}
10861 +
10862 /*
10863 * Walk curr->robust_list (very carefully, it's a userspace list!)
10864 * and mark any locks found there dead, and notify any waiters.
10865 @@ -61,18 +70,23 @@ void compat_exit_robust_list(struct task_struct *curr)
10866 if (fetch_robust_entry(&upending, &pending,
10867 &head->list_op_pending, &pip))
10868 return;
10869 - if (upending)
10870 - handle_futex_death((void __user *)pending + futex_offset, curr, pip);
10871 + if (pending) {
10872 + void __user *uaddr = futex_uaddr(pending,
10873 + futex_offset);
10874 + handle_futex_death(uaddr, curr, pip);
10875 + }
10877 - while (compat_ptr(uentry) != &head->list) {
10878 + while (entry != (struct robust_list __user *) &head->list) {
10879 /*
10880 * A pending lock might already be on the list, so
10881 * dont process it twice:
10882 */
10883 - if (entry != pending)
10884 - if (handle_futex_death((void __user *)entry + futex_offset,
10885 - curr, pi))
10886 + if (entry != pending) {
10887 + void __user *uaddr = futex_uaddr(entry,
10888 + futex_offset);
10889 + if (handle_futex_death(uaddr, curr, pi))
10890 return;
10891 + }
10893 /*
10894 * Fetch the next entry in the list:
10895 diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
10896 index 23c03f4..355e867 100644
10897 --- a/kernel/hrtimer.c
10898 +++ b/kernel/hrtimer.c
10899 @@ -825,6 +825,14 @@ hrtimer_start(struct hrtimer *timer, ktime_t tim, const enum hrtimer_mode mode)
10900 #ifdef CONFIG_TIME_LOW_RES
10901 tim = ktime_add(tim, base->resolution);
10902 #endif
10903 + /*
10904 + * Careful here: User space might have asked for a
10905 + * very long sleep, so the add above might result in a
10906 + * negative number, which enqueues the timer in front
10907 + * of the queue.
10908 + */
10909 + if (tim.tv64 < 0)
10910 + tim.tv64 = KTIME_MAX;
10911 }
10912 timer->expires = tim;
10914 diff --git a/kernel/irq/chip.c b/kernel/irq/chip.c
10915 index 615ce97..7279484 100644
10916 --- a/kernel/irq/chip.c
10917 +++ b/kernel/irq/chip.c
10918 @@ -246,6 +246,17 @@ static unsigned int default_startup(unsigned int irq)
10919 }
10921 /*
10922 + * default shutdown function
10923 + */
10924 +static void default_shutdown(unsigned int irq)
10925 +{
10926 + struct irq_desc *desc = irq_desc + irq;
10927 +
10928 + desc->chip->mask(irq);
10929 + desc->status |= IRQ_MASKED;
10930 +}
10931 +
10932 +/*
10933 * Fixup enable/disable function pointers
10934 */
10935 void irq_chip_set_defaults(struct irq_chip *chip)
10936 @@ -256,8 +267,15 @@ void irq_chip_set_defaults(struct irq_chip *chip)
10937 chip->disable = default_disable;
10938 if (!chip->startup)
10939 chip->startup = default_startup;
10940 + /*
10941 + * We use chip->disable, when the user provided its own. When
10942 + * we have default_disable set for chip->disable, then we need
10943 + * to use default_shutdown, otherwise the irq line is not
10944 + * disabled on free_irq():
10945 + */
10946 if (!chip->shutdown)
10947 - chip->shutdown = chip->disable;
10948 + chip->shutdown = chip->disable != default_disable ?
10949 + chip->disable : default_shutdown;
10950 if (!chip->name)
10951 chip->name = chip->typename;
10952 if (!chip->end)
10953 @@ -352,13 +370,10 @@ handle_level_irq(unsigned int irq, struct irq_desc *desc)
10954 * keep it masked and get out of here
10955 */
10956 action = desc->action;
10957 - if (unlikely(!action || (desc->status & IRQ_DISABLED))) {
10958 - desc->status |= IRQ_PENDING;
10959 + if (unlikely(!action || (desc->status & IRQ_DISABLED)))
10960 goto out_unlock;
10961 - }
10963 desc->status |= IRQ_INPROGRESS;
10964 - desc->status &= ~IRQ_PENDING;
10965 spin_unlock(&desc->lock);
10967 action_ret = handle_IRQ_event(irq, action);
10968 diff --git a/kernel/irq/resend.c b/kernel/irq/resend.c
10969 index 5bfeaed..a804679 100644
10970 --- a/kernel/irq/resend.c
10971 +++ b/kernel/irq/resend.c
10972 @@ -62,7 +62,12 @@ void check_irq_resend(struct irq_desc *desc, unsigned int irq)
10973 */
10974 desc->chip->enable(irq);
10976 - if ((status & (IRQ_PENDING | IRQ_REPLAY)) == IRQ_PENDING) {
10977 + /*
10978 + * We do not resend level type interrupts. Level type
10979 + * interrupts are resent by hardware when they are still
10980 + * active.
10981 + */
10982 + if ((status & (IRQ_LEVEL | IRQ_PENDING | IRQ_REPLAY)) == IRQ_PENDING) {
10983 desc->status = (status & ~IRQ_PENDING) | IRQ_REPLAY;
10985 if (!desc->chip || !desc->chip->retrigger ||
10986 diff --git a/kernel/lockdep.c b/kernel/lockdep.c
10987 index 1a5ff22..072cf25 100644
10988 --- a/kernel/lockdep.c
10989 +++ b/kernel/lockdep.c
10990 @@ -2166,7 +2166,6 @@ out_calc_hash:
10991 }
10992 #endif
10993 chain_key = iterate_chain_key(chain_key, id);
10994 - curr->curr_chain_key = chain_key;
10996 /*
10997 * Trylock needs to maintain the stack of held locks, but it
10998 @@ -2215,6 +2214,7 @@ out_calc_hash:
10999 if (unlikely(!debug_locks))
11000 return 0;
11002 + curr->curr_chain_key = chain_key;
11003 curr->lockdep_depth++;
11004 check_chain_key(curr);
11005 #ifdef CONFIG_DEBUG_LOCKDEP
11006 diff --git a/kernel/lockdep_proc.c b/kernel/lockdep_proc.c
11007 index 58f35e5..96f0417 100644
11008 --- a/kernel/lockdep_proc.c
11009 +++ b/kernel/lockdep_proc.c
11010 @@ -339,7 +339,7 @@ static const struct file_operations proc_lockdep_stats_operations = {
11011 .open = lockdep_stats_open,
11012 .read = seq_read,
11013 .llseek = seq_lseek,
11014 - .release = seq_release,
11015 + .release = single_release,
11016 };
11018 static int __init lockdep_proc_init(void)
11019 diff --git a/kernel/params.c b/kernel/params.c
11020 index e61c46c..1f17b58 100644
11021 --- a/kernel/params.c
11022 +++ b/kernel/params.c
11023 @@ -591,13 +591,16 @@ static void __init param_sysfs_builtin(void)
11025 for (i=0; i < __stop___param - __start___param; i++) {
11026 char *dot;
11027 + size_t max_name_len;
11029 kp = &__start___param[i];
11030 + max_name_len =
11031 + min_t(size_t, MAX_KBUILD_MODNAME, strlen(kp->name));
11033 - /* We do not handle args without periods. */
11034 - dot = memchr(kp->name, '.', MAX_KBUILD_MODNAME);
11035 + dot = memchr(kp->name, '.', max_name_len);
11036 if (!dot) {
11037 - DEBUGP("couldn't find period in %s\n", kp->name);
11038 + DEBUGP("couldn't find period in first %d characters "
11039 + "of %s\n", MAX_KBUILD_MODNAME, kp->name);
11040 continue;
11041 }
11042 name_len = dot - kp->name;
11043 diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c
11044 index a3b7854..a686590 100644
11045 --- a/kernel/power/snapshot.c
11046 +++ b/kernel/power/snapshot.c
11047 @@ -709,7 +709,8 @@ static void mark_nosave_pages(struct memory_bitmap *bm)
11048 region->end_pfn << PAGE_SHIFT);
11050 for (pfn = region->start_pfn; pfn < region->end_pfn; pfn++)
11051 - memory_bm_set_bit(bm, pfn);
11052 + if (pfn_valid(pfn))
11053 + memory_bm_set_bit(bm, pfn);
11054 }
11055 }
11057 diff --git a/kernel/relay.c b/kernel/relay.c
11058 index 95db8c7..24db7e8 100644
11059 --- a/kernel/relay.c
11060 +++ b/kernel/relay.c
11061 @@ -91,6 +91,7 @@ int relay_mmap_buf(struct rchan_buf *buf, struct vm_area_struct *vma)
11062 return -EINVAL;
11064 vma->vm_ops = &relay_file_mmap_ops;
11065 + vma->vm_flags |= VM_DONTEXPAND;
11066 vma->vm_private_data = buf;
11067 buf->chan->cb->buf_mapped(buf, filp);
11069 diff --git a/kernel/signal.c b/kernel/signal.c
11070 index f940560..5c48ab2 100644
11071 --- a/kernel/signal.c
11072 +++ b/kernel/signal.c
11073 @@ -368,7 +368,7 @@ int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info)
11074 /* We only dequeue private signals from ourselves, we don't let
11075 * signalfd steal them
11076 */
11077 - if (tsk == current)
11078 + if (likely(tsk == current))
11079 signr = __dequeue_signal(&tsk->pending, mask, info);
11080 if (!signr) {
11081 signr = __dequeue_signal(&tsk->signal->shared_pending,
11082 @@ -415,7 +415,7 @@ int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info)
11083 if (!(tsk->signal->flags & SIGNAL_GROUP_EXIT))
11084 tsk->signal->flags |= SIGNAL_STOP_DEQUEUED;
11085 }
11086 - if ( signr &&
11087 + if (signr && likely(tsk == current) &&
11088 ((info->si_code & __SI_MASK) == __SI_TIMER) &&
11089 info->si_sys_private){
11090 /*
11091 @@ -1259,20 +1259,19 @@ struct sigqueue *sigqueue_alloc(void)
11092 void sigqueue_free(struct sigqueue *q)
11093 {
11094 unsigned long flags;
11095 + spinlock_t *lock = ¤t->sighand->siglock;
11096 +
11097 BUG_ON(!(q->flags & SIGQUEUE_PREALLOC));
11098 /*
11099 * If the signal is still pending remove it from the
11100 - * pending queue.
11101 + * pending queue. We must hold ->siglock while testing
11102 + * q->list to serialize with collect_signal().
11103 */
11104 - if (unlikely(!list_empty(&q->list))) {
11105 - spinlock_t *lock = ¤t->sighand->siglock;
11106 - read_lock(&tasklist_lock);
11107 - spin_lock_irqsave(lock, flags);
11108 - if (!list_empty(&q->list))
11109 - list_del_init(&q->list);
11110 - spin_unlock_irqrestore(lock, flags);
11111 - read_unlock(&tasklist_lock);
11112 - }
11113 + spin_lock_irqsave(lock, flags);
11114 + if (!list_empty(&q->list))
11115 + list_del_init(&q->list);
11116 + spin_unlock_irqrestore(lock, flags);
11117 +
11118 q->flags &= ~SIGQUEUE_PREALLOC;
11119 __sigqueue_free(q);
11120 }
11121 diff --git a/kernel/sys.c b/kernel/sys.c
11122 index 872271c..28e8364 100644
11123 --- a/kernel/sys.c
11124 +++ b/kernel/sys.c
11125 @@ -1428,7 +1428,6 @@ asmlinkage long sys_times(struct tms __user * tbuf)
11126 * Auch. Had to add the 'did_exec' flag to conform completely to POSIX.
11127 * LBT 04.03.94
11128 */
11129 -
11130 asmlinkage long sys_setpgid(pid_t pid, pid_t pgid)
11131 {
11132 struct task_struct *p;
11133 @@ -1456,7 +1455,7 @@ asmlinkage long sys_setpgid(pid_t pid, pid_t pgid)
11134 if (!thread_group_leader(p))
11135 goto out;
11137 - if (p->real_parent == group_leader) {
11138 + if (p->real_parent->tgid == group_leader->tgid) {
11139 err = -EPERM;
11140 if (task_session(p) != task_session(group_leader))
11141 goto out;
11142 diff --git a/kernel/time/timer_list.c b/kernel/time/timer_list.c
11143 index 8bbcfb7..7ea87d9 100644
11144 --- a/kernel/time/timer_list.c
11145 +++ b/kernel/time/timer_list.c
11146 @@ -267,7 +267,7 @@ static struct file_operations timer_list_fops = {
11147 .open = timer_list_open,
11148 .read = seq_read,
11149 .llseek = seq_lseek,
11150 - .release = seq_release,
11151 + .release = single_release,
11152 };
11154 static int __init init_timer_list_procfs(void)
11155 diff --git a/kernel/time/timer_stats.c b/kernel/time/timer_stats.c
11156 index 3216937..5717cfb 100644
11157 --- a/kernel/time/timer_stats.c
11158 +++ b/kernel/time/timer_stats.c
11159 @@ -319,8 +319,9 @@ static int tstats_show(struct seq_file *m, void *v)
11160 ms = 1;
11162 if (events && period.tv_sec)
11163 - seq_printf(m, "%ld total events, %ld.%ld events/sec\n", events,
11164 - events / period.tv_sec, events * 1000 / ms);
11165 + seq_printf(m, "%ld total events, %ld.%03ld events/sec\n",
11166 + events, events * 1000 / ms,
11167 + (events * 1000000 / ms) % 1000);
11168 else
11169 seq_printf(m, "%ld total events\n", events);
11171 @@ -391,7 +392,7 @@ static struct file_operations tstats_fops = {
11172 .read = seq_read,
11173 .write = tstats_write,
11174 .llseek = seq_lseek,
11175 - .release = seq_release,
11176 + .release = single_release,
11177 };
11179 void __init init_timer_stats(void)
11180 diff --git a/kernel/workqueue.c b/kernel/workqueue.c
11181 index 3bebf73..3831f88 100644
11182 --- a/kernel/workqueue.c
11183 +++ b/kernel/workqueue.c
11184 @@ -739,18 +739,17 @@ static void cleanup_workqueue_thread(struct cpu_workqueue_struct *cwq, int cpu)
11185 if (cwq->thread == NULL)
11186 return;
11188 + flush_cpu_workqueue(cwq);
11189 /*
11190 - * If the caller is CPU_DEAD the single flush_cpu_workqueue()
11191 - * is not enough, a concurrent flush_workqueue() can insert a
11192 - * barrier after us.
11193 + * If the caller is CPU_DEAD and cwq->worklist was not empty,
11194 + * a concurrent flush_workqueue() can insert a barrier after us.
11195 + * However, in that case run_workqueue() won't return and check
11196 + * kthread_should_stop() until it flushes all work_struct's.
11197 * When ->worklist becomes empty it is safe to exit because no
11198 * more work_structs can be queued on this cwq: flush_workqueue
11199 * checks list_empty(), and a "normal" queue_work() can't use
11200 * a dead CPU.
11201 */
11202 - while (flush_cpu_workqueue(cwq))
11203 - ;
11204 -
11205 kthread_stop(cwq->thread);
11206 cwq->thread = NULL;
11207 }
11208 diff --git a/lib/libcrc32c.c b/lib/libcrc32c.c
11209 index 60f4680..1f3a52e 100644
11210 --- a/lib/libcrc32c.c
11211 +++ b/lib/libcrc32c.c
11212 @@ -33,7 +33,6 @@
11213 #include <linux/crc32c.h>
11214 #include <linux/compiler.h>
11215 #include <linux/module.h>
11216 -#include <asm/byteorder.h>
11218 MODULE_AUTHOR("Clay Haapala <chaapala@cisco.com>");
11219 MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations");
11220 @@ -161,15 +160,13 @@ static const u32 crc32c_table[256] = {
11221 */
11223 u32 __attribute_pure__
11224 -crc32c_le(u32 seed, unsigned char const *data, size_t length)
11225 +crc32c_le(u32 crc, unsigned char const *data, size_t length)
11226 {
11227 - u32 crc = __cpu_to_le32(seed);
11228 -
11229 while (length--)
11230 crc =
11231 crc32c_table[(crc ^ *data++) & 0xFFL] ^ (crc >> 8);
11233 - return __le32_to_cpu(crc);
11234 + return crc;
11235 }
11237 #endif /* CRC_LE_BITS == 8 */
11238 diff --git a/lib/textsearch.c b/lib/textsearch.c
11239 index 88c98a2..be8bda3 100644
11240 --- a/lib/textsearch.c
11241 +++ b/lib/textsearch.c
11242 @@ -7,7 +7,7 @@
11243 * 2 of the License, or (at your option) any later version.
11244 *
11245 * Authors: Thomas Graf <tgraf@suug.ch>
11246 - * Pablo Neira Ayuso <pablo@eurodev.net>
11247 + * Pablo Neira Ayuso <pablo@netfilter.org>
11248 *
11249 * ==========================================================================
11250 *
11251 @@ -250,7 +250,8 @@ unsigned int textsearch_find_continuous(struct ts_config *conf,
11252 * the various search algorithms.
11253 *
11254 * Returns a new textsearch configuration according to the specified
11255 - * parameters or a ERR_PTR().
11256 + * parameters or a ERR_PTR(). If a zero length pattern is passed, this
11257 + * function returns EINVAL.
11258 */
11259 struct ts_config *textsearch_prepare(const char *algo, const void *pattern,
11260 unsigned int len, gfp_t gfp_mask, int flags)
11261 @@ -259,6 +260,9 @@ struct ts_config *textsearch_prepare(const char *algo, const void *pattern,
11262 struct ts_config *conf;
11263 struct ts_ops *ops;
11265 + if (len == 0)
11266 + return ERR_PTR(-EINVAL);
11267 +
11268 ops = lookup_ts_algo(algo);
11269 #ifdef CONFIG_KMOD
11270 /*
11271 diff --git a/mm/hugetlb.c b/mm/hugetlb.c
11272 index a45d1f0..5fb38f1 100644
11273 --- a/mm/hugetlb.c
11274 +++ b/mm/hugetlb.c
11275 @@ -101,13 +101,20 @@ static void free_huge_page(struct page *page)
11277 static int alloc_fresh_huge_page(void)
11278 {
11279 - static int nid = 0;
11280 + static int prev_nid;
11281 struct page *page;
11282 - page = alloc_pages_node(nid, GFP_HIGHUSER|__GFP_COMP|__GFP_NOWARN,
11283 - HUGETLB_PAGE_ORDER);
11284 - nid = next_node(nid, node_online_map);
11285 + static DEFINE_SPINLOCK(nid_lock);
11286 + int nid;
11287 +
11288 + spin_lock(&nid_lock);
11289 + nid = next_node(prev_nid, node_online_map);
11290 if (nid == MAX_NUMNODES)
11291 nid = first_node(node_online_map);
11292 + prev_nid = nid;
11293 + spin_unlock(&nid_lock);
11294 +
11295 + page = alloc_pages_node(nid, GFP_HIGHUSER|__GFP_COMP|__GFP_NOWARN,
11296 + HUGETLB_PAGE_ORDER);
11297 if (page) {
11298 set_compound_page_dtor(page, free_huge_page);
11299 spin_lock(&hugetlb_lock);
11300 diff --git a/mm/memory.c b/mm/memory.c
11301 index f64cbf9..538f054 100644
11302 --- a/mm/memory.c
11303 +++ b/mm/memory.c
11304 @@ -983,6 +983,8 @@ int get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
11305 int i;
11306 unsigned int vm_flags;
11308 + if (len <= 0)
11309 + return 0;
11310 /*
11311 * Require read or write permissions.
11312 * If 'force' is set, we only require the "MAY" flags.
11313 diff --git a/mm/mlock.c b/mm/mlock.c
11314 index 4d3fea2..7b26560 100644
11315 --- a/mm/mlock.c
11316 +++ b/mm/mlock.c
11317 @@ -244,9 +244,12 @@ int user_shm_lock(size_t size, struct user_struct *user)
11319 locked = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
11320 lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
11321 + if (lock_limit == RLIM_INFINITY)
11322 + allowed = 1;
11323 lock_limit >>= PAGE_SHIFT;
11324 spin_lock(&shmlock_user_lock);
11325 - if (locked + user->locked_shm > lock_limit && !capable(CAP_IPC_LOCK))
11326 + if (!allowed &&
11327 + locked + user->locked_shm > lock_limit && !capable(CAP_IPC_LOCK))
11328 goto out;
11329 get_uid(user);
11330 user->locked_shm += locked;
11331 diff --git a/mm/mmap.c b/mm/mmap.c
11332 index 906ed40..33fb671 100644
11333 --- a/mm/mmap.c
11334 +++ b/mm/mmap.c
11335 @@ -2157,7 +2157,7 @@ int install_special_mapping(struct mm_struct *mm,
11336 vma->vm_start = addr;
11337 vma->vm_end = addr + len;
11339 - vma->vm_flags = vm_flags | mm->def_flags;
11340 + vma->vm_flags = vm_flags | mm->def_flags | VM_DONTEXPAND;
11341 vma->vm_page_prot = protection_map[vma->vm_flags & 7];
11343 vma->vm_ops = &special_mapping_vmops;
11344 diff --git a/mm/page-writeback.c b/mm/page-writeback.c
11345 index eec1481..2d39627 100644
11346 --- a/mm/page-writeback.c
11347 +++ b/mm/page-writeback.c
11348 @@ -674,8 +674,10 @@ retry:
11350 ret = (*writepage)(page, wbc, data);
11352 - if (unlikely(ret == AOP_WRITEPAGE_ACTIVATE))
11353 + if (unlikely(ret == AOP_WRITEPAGE_ACTIVATE)) {
11354 unlock_page(page);
11355 + ret = 0;
11356 + }
11357 if (ret || (--(wbc->nr_to_write) <= 0))
11358 done = 1;
11359 if (wbc->nonblocking && bdi_write_congested(bdi)) {
11360 diff --git a/mm/quicklist.c b/mm/quicklist.c
11361 index ae8189c..3f703f7 100644
11362 --- a/mm/quicklist.c
11363 +++ b/mm/quicklist.c
11364 @@ -26,9 +26,17 @@ DEFINE_PER_CPU(struct quicklist, quicklist)[CONFIG_NR_QUICK];
11365 static unsigned long max_pages(unsigned long min_pages)
11366 {
11367 unsigned long node_free_pages, max;
11368 + struct zone *zones = NODE_DATA(numa_node_id())->node_zones;
11369 +
11370 + node_free_pages =
11371 +#ifdef CONFIG_ZONE_DMA
11372 + zone_page_state(&zones[ZONE_DMA], NR_FREE_PAGES) +
11373 +#endif
11374 +#ifdef CONFIG_ZONE_DMA32
11375 + zone_page_state(&zones[ZONE_DMA32], NR_FREE_PAGES) +
11376 +#endif
11377 + zone_page_state(&zones[ZONE_NORMAL], NR_FREE_PAGES);
11379 - node_free_pages = node_page_state(numa_node_id(),
11380 - NR_FREE_PAGES);
11381 max = node_free_pages / FRACTION_OF_NODE_MEM;
11382 return max(max, min_pages);
11383 }
11384 diff --git a/mm/readahead.c b/mm/readahead.c
11385 index 9861e88..1448e53 100644
11386 --- a/mm/readahead.c
11387 +++ b/mm/readahead.c
11388 @@ -21,8 +21,16 @@ void default_unplug_io_fn(struct backing_dev_info *bdi, struct page *page)
11389 }
11390 EXPORT_SYMBOL(default_unplug_io_fn);
11392 +/*
11393 + * Convienent macros for min/max read-ahead pages.
11394 + * Note that MAX_RA_PAGES is rounded down, while MIN_RA_PAGES is rounded up.
11395 + * The latter is necessary for systems with large page size(i.e. 64k).
11396 + */
11397 +#define MAX_RA_PAGES (VM_MAX_READAHEAD*1024 / PAGE_CACHE_SIZE)
11398 +#define MIN_RA_PAGES DIV_ROUND_UP(VM_MIN_READAHEAD*1024, PAGE_CACHE_SIZE)
11399 +
11400 struct backing_dev_info default_backing_dev_info = {
11401 - .ra_pages = (VM_MAX_READAHEAD * 1024) / PAGE_CACHE_SIZE,
11402 + .ra_pages = MAX_RA_PAGES,
11403 .state = 0,
11404 .capabilities = BDI_CAP_MAP_COPY,
11405 .unplug_io_fn = default_unplug_io_fn,
11406 @@ -51,7 +59,7 @@ static inline unsigned long get_max_readahead(struct file_ra_state *ra)
11408 static inline unsigned long get_min_readahead(struct file_ra_state *ra)
11409 {
11410 - return (VM_MIN_READAHEAD * 1024) / PAGE_CACHE_SIZE;
11411 + return MIN_RA_PAGES;
11412 }
11414 static inline void reset_ahead_window(struct file_ra_state *ra)
11415 diff --git a/mm/shmem.c b/mm/shmem.c
11416 index b6aae2b..d1c65fb 100644
11417 --- a/mm/shmem.c
11418 +++ b/mm/shmem.c
11419 @@ -911,6 +911,21 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc)
11420 struct inode *inode;
11422 BUG_ON(!PageLocked(page));
11423 + /*
11424 + * shmem_backing_dev_info's capabilities prevent regular writeback or
11425 + * sync from ever calling shmem_writepage; but a stacking filesystem
11426 + * may use the ->writepage of its underlying filesystem, in which case
11427 + * we want to do nothing when that underlying filesystem is tmpfs
11428 + * (writing out to swap is useful as a response to memory pressure, but
11429 + * of no use to stabilize the data) - just redirty the page, unlock it
11430 + * and claim success in this case. AOP_WRITEPAGE_ACTIVATE, and the
11431 + * page_mapped check below, must be avoided unless we're in reclaim.
11432 + */
11433 + if (!wbc->for_reclaim) {
11434 + set_page_dirty(page);
11435 + unlock_page(page);
11436 + return 0;
11437 + }
11438 BUG_ON(page_mapped(page));
11440 mapping = page->mapping;
11441 @@ -1051,7 +1066,7 @@ shmem_alloc_page(gfp_t gfp, struct shmem_inode_info *info,
11442 pvma.vm_policy = mpol_shared_policy_lookup(&info->policy, idx);
11443 pvma.vm_pgoff = idx;
11444 pvma.vm_end = PAGE_SIZE;
11445 - page = alloc_page_vma(gfp | __GFP_ZERO, &pvma, 0);
11446 + page = alloc_page_vma(gfp, &pvma, 0);
11447 mpol_free(pvma.vm_policy);
11448 return page;
11449 }
11450 @@ -1071,7 +1086,7 @@ shmem_swapin(struct shmem_inode_info *info,swp_entry_t entry,unsigned long idx)
11451 static inline struct page *
11452 shmem_alloc_page(gfp_t gfp,struct shmem_inode_info *info, unsigned long idx)
11453 {
11454 - return alloc_page(gfp | __GFP_ZERO);
11455 + return alloc_page(gfp);
11456 }
11457 #endif
11459 @@ -1280,6 +1295,7 @@ repeat:
11461 info->alloced++;
11462 spin_unlock(&info->lock);
11463 + clear_highpage(filepage);
11464 flush_dcache_page(filepage);
11465 SetPageUptodate(filepage);
11466 }
11467 diff --git a/mm/slab.c b/mm/slab.c
11468 index b344e67..42bf493 100644
11469 --- a/mm/slab.c
11470 +++ b/mm/slab.c
11471 @@ -2933,11 +2933,10 @@ static void *cache_alloc_refill(struct kmem_cache *cachep, gfp_t flags)
11472 struct array_cache *ac;
11473 int node;
11475 - node = numa_node_id();
11476 -
11477 +retry:
11478 check_irq_off();
11479 + node = numa_node_id();
11480 ac = cpu_cache_get(cachep);
11481 -retry:
11482 batchcount = ac->batchcount;
11483 if (!ac->touched && batchcount > BATCHREFILL_LIMIT) {
11484 /*
11485 diff --git a/mm/slub.c b/mm/slub.c
11486 index e0cf621..648f2c7 100644
11487 --- a/mm/slub.c
11488 +++ b/mm/slub.c
11489 @@ -1431,28 +1431,8 @@ new_slab:
11490 page = new_slab(s, gfpflags, node);
11491 if (page) {
11492 cpu = smp_processor_id();
11493 - if (s->cpu_slab[cpu]) {
11494 - /*
11495 - * Someone else populated the cpu_slab while we
11496 - * enabled interrupts, or we have gotten scheduled
11497 - * on another cpu. The page may not be on the
11498 - * requested node even if __GFP_THISNODE was
11499 - * specified. So we need to recheck.
11500 - */
11501 - if (node == -1 ||
11502 - page_to_nid(s->cpu_slab[cpu]) == node) {
11503 - /*
11504 - * Current cpuslab is acceptable and we
11505 - * want the current one since its cache hot
11506 - */
11507 - discard_slab(s, page);
11508 - page = s->cpu_slab[cpu];
11509 - slab_lock(page);
11510 - goto load_freelist;
11511 - }
11512 - /* New slab does not fit our expectations */
11513 + if (s->cpu_slab[cpu])
11514 flush_slab(s, s->cpu_slab[cpu], cpu);
11515 - }
11516 slab_lock(page);
11517 SetSlabFrozen(page);
11518 s->cpu_slab[cpu] = page;
11519 diff --git a/mm/sparse.c b/mm/sparse.c
11520 index e03b39f..fdc1454 100644
11521 --- a/mm/sparse.c
11522 +++ b/mm/sparse.c
11523 @@ -209,12 +209,6 @@ static int __meminit sparse_init_one_section(struct mem_section *ms,
11524 return 1;
11525 }
11527 -__attribute__((weak))
11528 -void *alloc_bootmem_high_node(pg_data_t *pgdat, unsigned long size)
11529 -{
11530 - return NULL;
11531 -}
11532 -
11533 static struct page __init *sparse_early_mem_map_alloc(unsigned long pnum)
11534 {
11535 struct page *map;
11536 @@ -225,11 +219,6 @@ static struct page __init *sparse_early_mem_map_alloc(unsigned long pnum)
11537 if (map)
11538 return map;
11540 - map = alloc_bootmem_high_node(NODE_DATA(nid),
11541 - sizeof(struct page) * PAGES_PER_SECTION);
11542 - if (map)
11543 - return map;
11544 -
11545 map = alloc_bootmem_node(NODE_DATA(nid),
11546 sizeof(struct page) * PAGES_PER_SECTION);
11547 if (map)
11548 diff --git a/mm/vmscan.c b/mm/vmscan.c
11549 index 1be5a63..a618717 100644
11550 --- a/mm/vmscan.c
11551 +++ b/mm/vmscan.c
11552 @@ -774,6 +774,7 @@ static void shrink_active_list(unsigned long nr_pages, struct zone *zone,
11553 long mapped_ratio;
11554 long distress;
11555 long swap_tendency;
11556 + long imbalance;
11558 if (zone_is_near_oom(zone))
11559 goto force_reclaim_mapped;
11560 @@ -809,6 +810,46 @@ static void shrink_active_list(unsigned long nr_pages, struct zone *zone,
11561 swap_tendency = mapped_ratio / 2 + distress + sc->swappiness;
11563 /*
11564 + * If there's huge imbalance between active and inactive
11565 + * (think active 100 times larger than inactive) we should
11566 + * become more permissive, or the system will take too much
11567 + * cpu before it start swapping during memory pressure.
11568 + * Distress is about avoiding early-oom, this is about
11569 + * making swappiness graceful despite setting it to low
11570 + * values.
11571 + *
11572 + * Avoid div by zero with nr_inactive+1, and max resulting
11573 + * value is vm_total_pages.
11574 + */
11575 + imbalance = zone_page_state(zone, NR_ACTIVE);
11576 + imbalance /= zone_page_state(zone, NR_INACTIVE) + 1;
11577 +
11578 + /*
11579 + * Reduce the effect of imbalance if swappiness is low,
11580 + * this means for a swappiness very low, the imbalance
11581 + * must be much higher than 100 for this logic to make
11582 + * the difference.
11583 + *
11584 + * Max temporary value is vm_total_pages*100.
11585 + */
11586 + imbalance *= (vm_swappiness + 1);
11587 + imbalance /= 100;
11588 +
11589 + /*
11590 + * If not much of the ram is mapped, makes the imbalance
11591 + * less relevant, it's high priority we refill the inactive
11592 + * list with mapped pages only in presence of high ratio of
11593 + * mapped pages.
11594 + *
11595 + * Max temporary value is vm_total_pages*100.
11596 + */
11597 + imbalance *= mapped_ratio;
11598 + imbalance /= 100;
11599 +
11600 + /* apply imbalance feedback to swap_tendency */
11601 + swap_tendency += imbalance;
11602 +
11603 + /*
11604 * Now use this metric to decide whether to start moving mapped
11605 * memory onto the inactive list.
11606 */
11607 diff --git a/net/802/psnap.c b/net/802/psnap.c
11608 index 04ee43e..31128cb 100644
11609 --- a/net/802/psnap.c
11610 +++ b/net/802/psnap.c
11611 @@ -55,6 +55,9 @@ static int snap_rcv(struct sk_buff *skb, struct net_device *dev,
11612 .type = __constant_htons(ETH_P_SNAP),
11613 };
11615 + if (unlikely(!pskb_may_pull(skb, 5)))
11616 + goto drop;
11617 +
11618 rcu_read_lock();
11619 proto = find_snap_client(skb_transport_header(skb));
11620 if (proto) {
11621 @@ -62,14 +65,18 @@ static int snap_rcv(struct sk_buff *skb, struct net_device *dev,
11622 skb->transport_header += 5;
11623 skb_pull_rcsum(skb, 5);
11624 rc = proto->rcvfunc(skb, dev, &snap_packet_type, orig_dev);
11625 - } else {
11626 - skb->sk = NULL;
11627 - kfree_skb(skb);
11628 - rc = 1;
11629 }
11630 -
11631 rcu_read_unlock();
11632 +
11633 + if (unlikely(!proto))
11634 + goto drop;
11635 +
11636 +out:
11637 return rc;
11638 +
11639 +drop:
11640 + kfree_skb(skb);
11641 + goto out;
11642 }
11644 /*
11645 diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
11646 index ec46084..0642694 100644
11647 --- a/net/8021q/vlan_dev.c
11648 +++ b/net/8021q/vlan_dev.c
11649 @@ -116,12 +116,22 @@ int vlan_skb_recv(struct sk_buff *skb, struct net_device *dev,
11650 struct packet_type* ptype, struct net_device *orig_dev)
11651 {
11652 unsigned char *rawp = NULL;
11653 - struct vlan_hdr *vhdr = (struct vlan_hdr *)(skb->data);
11654 + struct vlan_hdr *vhdr;
11655 unsigned short vid;
11656 struct net_device_stats *stats;
11657 unsigned short vlan_TCI;
11658 __be16 proto;
11660 + if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
11661 + return -1;
11662 +
11663 + if (unlikely(!pskb_may_pull(skb, VLAN_HLEN))) {
11664 + kfree_skb(skb);
11665 + return -1;
11666 + }
11667 +
11668 + vhdr = (struct vlan_hdr *)(skb->data);
11669 +
11670 /* vlan_TCI = ntohs(get_unaligned(&vhdr->h_vlan_TCI)); */
11671 vlan_TCI = ntohs(vhdr->h_vlan_TCI);
11673 diff --git a/net/atm/mpc.c b/net/atm/mpc.c
11674 index 7c85aa5..181c1c8 100644
11675 --- a/net/atm/mpc.c
11676 +++ b/net/atm/mpc.c
11677 @@ -542,6 +542,13 @@ static int mpc_send_packet(struct sk_buff *skb, struct net_device *dev)
11678 if (eth->h_proto != htons(ETH_P_IP))
11679 goto non_ip; /* Multi-Protocol Over ATM :-) */
11681 + /* Weed out funny packets (e.g., AF_PACKET or raw). */
11682 + if (skb->len < ETH_HLEN + sizeof(struct iphdr))
11683 + goto non_ip;
11684 + skb_set_network_header(skb, ETH_HLEN);
11685 + if (skb->len < ETH_HLEN + ip_hdr(skb)->ihl * 4 || ip_hdr(skb)->ihl < 5)
11686 + goto non_ip;
11687 +
11688 while (i < mpc->number_of_mps_macs) {
11689 if (!compare_ether_addr(eth->h_dest, (mpc->mps_macs + i*ETH_ALEN)))
11690 if ( send_via_shortcut(skb, mpc) == 0 ) /* try shortcut */
11691 diff --git a/net/ax25/ax25_in.c b/net/ax25/ax25_in.c
11692 index 0ddaff0..8a9f0ac 100644
11693 --- a/net/ax25/ax25_in.c
11694 +++ b/net/ax25/ax25_in.c
11695 @@ -124,7 +124,7 @@ int ax25_rx_iframe(ax25_cb *ax25, struct sk_buff *skb)
11696 }
11698 skb_pull(skb, 1); /* Remove PID */
11699 - skb_reset_mac_header(skb);
11700 + skb->mac_header = skb->network_header;
11701 skb_reset_network_header(skb);
11702 skb->dev = ax25->ax25_dev->dev;
11703 skb->pkt_type = PACKET_HOST;
11704 diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
11705 index b2b1cce..23ba61a 100644
11706 --- a/net/bluetooth/rfcomm/tty.c
11707 +++ b/net/bluetooth/rfcomm/tty.c
11708 @@ -95,6 +95,10 @@ static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
11710 BT_DBG("dev %p dlc %p", dev, dlc);
11712 + write_lock_bh(&rfcomm_dev_lock);
11713 + list_del_init(&dev->list);
11714 + write_unlock_bh(&rfcomm_dev_lock);
11715 +
11716 rfcomm_dlc_lock(dlc);
11717 /* Detach DLC if it's owned by this dev */
11718 if (dlc->owner == dev)
11719 @@ -156,8 +160,13 @@ static inline struct rfcomm_dev *rfcomm_dev_get(int id)
11720 read_lock(&rfcomm_dev_lock);
11722 dev = __rfcomm_dev_get(id);
11723 - if (dev)
11724 - rfcomm_dev_hold(dev);
11725 +
11726 + if (dev) {
11727 + if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
11728 + dev = NULL;
11729 + else
11730 + rfcomm_dev_hold(dev);
11731 + }
11733 read_unlock(&rfcomm_dev_lock);
11735 @@ -265,6 +274,12 @@ out:
11737 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL);
11739 + if (IS_ERR(dev->tty_dev)) {
11740 + list_del(&dev->list);
11741 + kfree(dev);
11742 + return PTR_ERR(dev->tty_dev);
11743 + }
11744 +
11745 return dev->id;
11746 }
11748 @@ -272,10 +287,7 @@ static void rfcomm_dev_del(struct rfcomm_dev *dev)
11749 {
11750 BT_DBG("dev %p", dev);
11752 - write_lock_bh(&rfcomm_dev_lock);
11753 - list_del_init(&dev->list);
11754 - write_unlock_bh(&rfcomm_dev_lock);
11755 -
11756 + set_bit(RFCOMM_TTY_RELEASED, &dev->flags);
11757 rfcomm_dev_put(dev);
11758 }
11760 @@ -329,7 +341,7 @@ static int rfcomm_create_dev(struct sock *sk, void __user *arg)
11761 if (copy_from_user(&req, arg, sizeof(req)))
11762 return -EFAULT;
11764 - BT_DBG("sk %p dev_id %id flags 0x%x", sk, req.dev_id, req.flags);
11765 + BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
11767 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
11768 return -EPERM;
11769 @@ -370,7 +382,7 @@ static int rfcomm_release_dev(void __user *arg)
11770 if (copy_from_user(&req, arg, sizeof(req)))
11771 return -EFAULT;
11773 - BT_DBG("dev_id %id flags 0x%x", req.dev_id, req.flags);
11774 + BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
11776 if (!(dev = rfcomm_dev_get(req.dev_id)))
11777 return -ENODEV;
11778 @@ -383,6 +395,10 @@ static int rfcomm_release_dev(void __user *arg)
11779 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
11780 rfcomm_dlc_close(dev->dlc, 0);
11782 + /* Shut down TTY synchronously before freeing rfcomm_dev */
11783 + if (dev->tty)
11784 + tty_vhangup(dev->tty);
11785 +
11786 rfcomm_dev_del(dev);
11787 rfcomm_dev_put(dev);
11788 return 0;
11789 @@ -415,6 +431,8 @@ static int rfcomm_get_dev_list(void __user *arg)
11791 list_for_each(p, &rfcomm_dev_list) {
11792 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
11793 + if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
11794 + continue;
11795 (di + n)->id = dev->id;
11796 (di + n)->flags = dev->flags;
11797 (di + n)->state = dev->dlc->state;
11798 diff --git a/net/bridge/br.c b/net/bridge/br.c
11799 index 848b8fa..94ae4d2 100644
11800 --- a/net/bridge/br.c
11801 +++ b/net/bridge/br.c
11802 @@ -39,7 +39,7 @@ static int __init br_init(void)
11804 err = br_fdb_init();
11805 if (err)
11806 - goto err_out1;
11807 + goto err_out;
11809 err = br_netfilter_init();
11810 if (err)
11811 @@ -65,6 +65,8 @@ err_out3:
11812 err_out2:
11813 br_netfilter_fini();
11814 err_out1:
11815 + br_fdb_fini();
11816 +err_out:
11817 llc_sap_put(br_stp_sap);
11818 return err;
11819 }
11820 diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
11821 index 5e1892d..c326602 100644
11822 --- a/net/bridge/br_device.c
11823 +++ b/net/bridge/br_device.c
11824 @@ -179,5 +179,6 @@ void br_dev_setup(struct net_device *dev)
11825 dev->priv_flags = IFF_EBRIDGE;
11827 dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | NETIF_F_HIGHDMA |
11828 - NETIF_F_TSO | NETIF_F_NO_CSUM | NETIF_F_GSO_ROBUST;
11829 + NETIF_F_GSO_SOFTWARE | NETIF_F_NO_CSUM |
11830 + NETIF_F_GSO_ROBUST | NETIF_F_LLTX;
11831 }
11832 diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
11833 index 849deaf..fefd7c1 100644
11834 --- a/net/bridge/br_if.c
11835 +++ b/net/bridge/br_if.c
11836 @@ -360,35 +360,15 @@ int br_min_mtu(const struct net_bridge *br)
11837 void br_features_recompute(struct net_bridge *br)
11838 {
11839 struct net_bridge_port *p;
11840 - unsigned long features, checksum;
11841 + unsigned long features;
11843 - checksum = br->feature_mask & NETIF_F_ALL_CSUM ? NETIF_F_NO_CSUM : 0;
11844 - features = br->feature_mask & ~NETIF_F_ALL_CSUM;
11845 + features = br->feature_mask;
11847 list_for_each_entry(p, &br->port_list, list) {
11848 - unsigned long feature = p->dev->features;
11849 -
11850 - if (checksum & NETIF_F_NO_CSUM && !(feature & NETIF_F_NO_CSUM))
11851 - checksum ^= NETIF_F_NO_CSUM | NETIF_F_HW_CSUM;
11852 - if (checksum & NETIF_F_HW_CSUM && !(feature & NETIF_F_HW_CSUM))
11853 - checksum ^= NETIF_F_HW_CSUM | NETIF_F_IP_CSUM;
11854 - if (!(feature & NETIF_F_IP_CSUM))
11855 - checksum = 0;
11856 -
11857 - if (feature & NETIF_F_GSO)
11858 - feature |= NETIF_F_GSO_SOFTWARE;
11859 - feature |= NETIF_F_GSO;
11860 -
11861 - features &= feature;
11862 + features = netdev_compute_features(features, p->dev->features);
11863 }
11865 - if (!(checksum & NETIF_F_ALL_CSUM))
11866 - features &= ~NETIF_F_SG;
11867 - if (!(features & NETIF_F_SG))
11868 - features &= ~NETIF_F_GSO_MASK;
11869 -
11870 - br->dev->features = features | checksum | NETIF_F_LLTX |
11871 - NETIF_F_GSO_ROBUST;
11872 + br->dev->features = features;
11873 }
11875 /* called with RTNL */
11876 diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
11877 index 420bbb9..fb2c7cc 100644
11878 --- a/net/bridge/br_input.c
11879 +++ b/net/bridge/br_input.c
11880 @@ -127,6 +127,7 @@ static inline int is_link_local(const unsigned char *dest)
11881 struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb)
11882 {
11883 const unsigned char *dest = eth_hdr(skb)->h_dest;
11884 + int (*rhook)(struct sk_buff **pskb);
11886 if (!is_valid_ether_addr(eth_hdr(skb)->h_source))
11887 goto drop;
11888 @@ -148,9 +149,9 @@ struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb)
11890 switch (p->state) {
11891 case BR_STATE_FORWARDING:
11892 -
11893 - if (br_should_route_hook) {
11894 - if (br_should_route_hook(&skb))
11895 + rhook = rcu_dereference(br_should_route_hook);
11896 + if (rhook != NULL) {
11897 + if (rhook(&skb))
11898 return skb;
11899 dest = eth_hdr(skb)->h_dest;
11900 }
11901 diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
11902 index fa77987..3ee2022 100644
11903 --- a/net/bridge/br_netfilter.c
11904 +++ b/net/bridge/br_netfilter.c
11905 @@ -509,8 +509,14 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
11906 int (*okfn)(struct sk_buff *))
11907 {
11908 struct iphdr *iph;
11909 - __u32 len;
11910 struct sk_buff *skb = *pskb;
11911 + __u32 len = nf_bridge_encap_header_len(skb);
11912 +
11913 + if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
11914 + return NF_STOLEN;
11915 +
11916 + if (unlikely(!pskb_may_pull(skb, len)))
11917 + goto out;
11919 if (skb->protocol == htons(ETH_P_IPV6) || IS_VLAN_IPV6(skb) ||
11920 IS_PPPOE_IPV6(skb)) {
11921 @@ -518,8 +524,6 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
11922 if (!brnf_call_ip6tables)
11923 return NF_ACCEPT;
11924 #endif
11925 - if ((skb = skb_share_check(*pskb, GFP_ATOMIC)) == NULL)
11926 - goto out;
11927 nf_bridge_pull_encap_header_rcsum(skb);
11928 return br_nf_pre_routing_ipv6(hook, skb, in, out, okfn);
11929 }
11930 @@ -532,8 +536,6 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
11931 !IS_PPPOE_IP(skb))
11932 return NF_ACCEPT;
11934 - if ((skb = skb_share_check(*pskb, GFP_ATOMIC)) == NULL)
11935 - goto out;
11936 nf_bridge_pull_encap_header_rcsum(skb);
11938 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
11939 diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
11940 index 031bfa4..984e9c6 100644
11941 --- a/net/bridge/netfilter/ebt_log.c
11942 +++ b/net/bridge/netfilter/ebt_log.c
11943 @@ -196,10 +196,8 @@ static int __init ebt_log_init(void)
11944 ret = ebt_register_watcher(&log);
11945 if (ret < 0)
11946 return ret;
11947 - ret = nf_log_register(PF_BRIDGE, &ebt_log_logger);
11948 - if (ret < 0 && ret != -EEXIST)
11949 - ebt_unregister_watcher(&log);
11950 - return ret;
11951 + nf_log_register(PF_BRIDGE, &ebt_log_logger);
11952 + return 0;
11953 }
11955 static void __exit ebt_log_fini(void)
11956 diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
11957 index 9411db6..6fec352 100644
11958 --- a/net/bridge/netfilter/ebt_ulog.c
11959 +++ b/net/bridge/netfilter/ebt_ulog.c
11960 @@ -308,12 +308,8 @@ static int __init ebt_ulog_init(void)
11961 else if ((ret = ebt_register_watcher(&ulog)))
11962 sock_release(ebtulognl->sk_socket);
11964 - if (nf_log_register(PF_BRIDGE, &ebt_ulog_logger) < 0) {
11965 - printk(KERN_WARNING "ebt_ulog: not logging via ulog "
11966 - "since somebody else already registered for PF_BRIDGE\n");
11967 - /* we cannot make module load fail here, since otherwise
11968 - * ebtables userspace would abort */
11969 - }
11970 + if (ret == 0)
11971 + nf_log_register(PF_BRIDGE, &ebt_ulog_logger);
11973 return ret;
11974 }
11975 diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c
11976 index d37ce04..bc17cf5 100644
11977 --- a/net/bridge/netfilter/ebtable_broute.c
11978 +++ b/net/bridge/netfilter/ebtable_broute.c
11979 @@ -70,13 +70,13 @@ static int __init ebtable_broute_init(void)
11980 if (ret < 0)
11981 return ret;
11982 /* see br_input.c */
11983 - br_should_route_hook = ebt_broute;
11984 + rcu_assign_pointer(br_should_route_hook, ebt_broute);
11985 return ret;
11986 }
11988 static void __exit ebtable_broute_fini(void)
11989 {
11990 - br_should_route_hook = NULL;
11991 + rcu_assign_pointer(br_should_route_hook, NULL);
11992 synchronize_net();
11993 ebt_unregister_table(&broute_table);
11994 }
11995 diff --git a/net/core/datagram.c b/net/core/datagram.c
11996 index cb056f4..029b93e 100644
11997 --- a/net/core/datagram.c
11998 +++ b/net/core/datagram.c
11999 @@ -450,6 +450,9 @@ int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb,
12000 __wsum csum;
12001 int chunk = skb->len - hlen;
12003 + if (!chunk)
12004 + return 0;
12005 +
12006 /* Skip filled elements.
12007 * Pretty silly, look at memcpy_toiovec, though 8)
12008 */
12009 diff --git a/net/core/dev.c b/net/core/dev.c
12010 index ee051bb..1561f61 100644
12011 --- a/net/core/dev.c
12012 +++ b/net/core/dev.c
12013 @@ -3635,6 +3635,44 @@ static int __init netdev_dma_register(void)
12014 static int __init netdev_dma_register(void) { return -ENODEV; }
12015 #endif /* CONFIG_NET_DMA */
12017 +/**
12018 + * netdev_compute_feature - compute conjunction of two feature sets
12019 + * @all: first feature set
12020 + * @one: second feature set
12021 + *
12022 + * Computes a new feature set after adding a device with feature set
12023 + * @one to the master device with current feature set @all. Returns
12024 + * the new feature set.
12025 + */
12026 +int netdev_compute_features(unsigned long all, unsigned long one)
12027 +{
12028 + /* if device needs checksumming, downgrade to hw checksumming */
12029 + if (all & NETIF_F_NO_CSUM && !(one & NETIF_F_NO_CSUM))
12030 + all ^= NETIF_F_NO_CSUM | NETIF_F_HW_CSUM;
12031 +
12032 + /* if device can't do all checksum, downgrade to ipv4 */
12033 + if (all & NETIF_F_HW_CSUM && !(one & NETIF_F_HW_CSUM))
12034 + all ^= NETIF_F_HW_CSUM | NETIF_F_IP_CSUM;
12035 +
12036 + if (one & NETIF_F_GSO)
12037 + one |= NETIF_F_GSO_SOFTWARE;
12038 + one |= NETIF_F_GSO;
12039 +
12040 + /* If even one device supports robust GSO, enable it for all. */
12041 + if (one & NETIF_F_GSO_ROBUST)
12042 + all |= NETIF_F_GSO_ROBUST;
12043 +
12044 + all &= one | NETIF_F_LLTX;
12045 +
12046 + if (!(all & NETIF_F_ALL_CSUM))
12047 + all &= ~NETIF_F_SG;
12048 + if (!(all & NETIF_F_SG))
12049 + all &= ~NETIF_F_GSO_MASK;
12050 +
12051 + return all;
12052 +}
12053 +EXPORT_SYMBOL(netdev_compute_features);
12054 +
12055 /*
12056 * Initialize the DEV module. At boot time this walks the device list and
12057 * unhooks any devices that fail to initialise (normally hardware not
12058 diff --git a/net/core/gen_estimator.c b/net/core/gen_estimator.c
12059 index 17daf4c..590a767 100644
12060 --- a/net/core/gen_estimator.c
12061 +++ b/net/core/gen_estimator.c
12062 @@ -79,27 +79,27 @@
12064 struct gen_estimator
12065 {
12066 - struct gen_estimator *next;
12067 + struct list_head list;
12068 struct gnet_stats_basic *bstats;
12069 struct gnet_stats_rate_est *rate_est;
12070 spinlock_t *stats_lock;
12071 - unsigned interval;
12072 int ewma_log;
12073 u64 last_bytes;
12074 u32 last_packets;
12075 u32 avpps;
12076 u32 avbps;
12077 + struct rcu_head e_rcu;
12078 };
12080 struct gen_estimator_head
12081 {
12082 struct timer_list timer;
12083 - struct gen_estimator *list;
12084 + struct list_head list;
12085 };
12087 static struct gen_estimator_head elist[EST_MAX_INTERVAL+1];
12089 -/* Estimator array lock */
12090 +/* Protects against NULL dereference */
12091 static DEFINE_RWLOCK(est_lock);
12093 static void est_timer(unsigned long arg)
12094 @@ -107,13 +107,17 @@ static void est_timer(unsigned long arg)
12095 int idx = (int)arg;
12096 struct gen_estimator *e;
12098 - read_lock(&est_lock);
12099 - for (e = elist[idx].list; e; e = e->next) {
12100 + rcu_read_lock();
12101 + list_for_each_entry_rcu(e, &elist[idx].list, list) {
12102 u64 nbytes;
12103 u32 npackets;
12104 u32 rate;
12106 spin_lock(e->stats_lock);
12107 + read_lock(&est_lock);
12108 + if (e->bstats == NULL)
12109 + goto skip;
12110 +
12111 nbytes = e->bstats->bytes;
12112 npackets = e->bstats->packets;
12113 rate = (nbytes - e->last_bytes)<<(7 - idx);
12114 @@ -125,11 +129,14 @@ static void est_timer(unsigned long arg)
12115 e->last_packets = npackets;
12116 e->avpps += ((long)rate - (long)e->avpps) >> e->ewma_log;
12117 e->rate_est->pps = (e->avpps+0x1FF)>>10;
12118 +skip:
12119 + read_unlock(&est_lock);
12120 spin_unlock(e->stats_lock);
12121 }
12123 - mod_timer(&elist[idx].timer, jiffies + ((HZ<<idx)/4));
12124 - read_unlock(&est_lock);
12125 + if (!list_empty(&elist[idx].list))
12126 + mod_timer(&elist[idx].timer, jiffies + ((HZ<<idx)/4));
12127 + rcu_read_unlock();
12128 }
12130 /**
12131 @@ -146,12 +153,17 @@ static void est_timer(unsigned long arg)
12132 * &rate_est with the statistics lock grabed during this period.
12133 *
12134 * Returns 0 on success or a negative error code.
12135 + *
12136 + * NOTE: Called under rtnl_mutex
12137 */
12138 int gen_new_estimator(struct gnet_stats_basic *bstats,
12139 - struct gnet_stats_rate_est *rate_est, spinlock_t *stats_lock, struct rtattr *opt)
12140 + struct gnet_stats_rate_est *rate_est,
12141 + spinlock_t *stats_lock,
12142 + struct rtattr *opt)
12143 {
12144 struct gen_estimator *est;
12145 struct gnet_estimator *parm = RTA_DATA(opt);
12146 + int idx;
12148 if (RTA_PAYLOAD(opt) < sizeof(*parm))
12149 return -EINVAL;
12150 @@ -163,7 +175,7 @@ int gen_new_estimator(struct gnet_stats_basic *bstats,
12151 if (est == NULL)
12152 return -ENOBUFS;
12154 - est->interval = parm->interval + 2;
12155 + idx = parm->interval + 2;
12156 est->bstats = bstats;
12157 est->rate_est = rate_est;
12158 est->stats_lock = stats_lock;
12159 @@ -173,20 +185,25 @@ int gen_new_estimator(struct gnet_stats_basic *bstats,
12160 est->last_packets = bstats->packets;
12161 est->avpps = rate_est->pps<<10;
12163 - est->next = elist[est->interval].list;
12164 - if (est->next == NULL) {
12165 - init_timer(&elist[est->interval].timer);
12166 - elist[est->interval].timer.data = est->interval;
12167 - elist[est->interval].timer.expires = jiffies + ((HZ<<est->interval)/4);
12168 - elist[est->interval].timer.function = est_timer;
12169 - add_timer(&elist[est->interval].timer);
12170 + if (!elist[idx].timer.function) {
12171 + INIT_LIST_HEAD(&elist[idx].list);
12172 + setup_timer(&elist[idx].timer, est_timer, idx);
12173 }
12174 - write_lock_bh(&est_lock);
12175 - elist[est->interval].list = est;
12176 - write_unlock_bh(&est_lock);
12177 +
12178 + if (list_empty(&elist[idx].list))
12179 + mod_timer(&elist[idx].timer, jiffies + ((HZ<<idx)/4));
12180 +
12181 + list_add_rcu(&est->list, &elist[idx].list);
12182 return 0;
12183 }
12185 +static void __gen_kill_estimator(struct rcu_head *head)
12186 +{
12187 + struct gen_estimator *e = container_of(head,
12188 + struct gen_estimator, e_rcu);
12189 + kfree(e);
12190 +}
12191 +
12192 /**
12193 * gen_kill_estimator - remove a rate estimator
12194 * @bstats: basic statistics
12195 @@ -194,31 +211,32 @@ int gen_new_estimator(struct gnet_stats_basic *bstats,
12196 *
12197 * Removes the rate estimator specified by &bstats and &rate_est
12198 * and deletes the timer.
12199 + *
12200 + * NOTE: Called under rtnl_mutex
12201 */
12202 void gen_kill_estimator(struct gnet_stats_basic *bstats,
12203 struct gnet_stats_rate_est *rate_est)
12204 {
12205 int idx;
12206 - struct gen_estimator *est, **pest;
12207 + struct gen_estimator *e, *n;
12209 for (idx=0; idx <= EST_MAX_INTERVAL; idx++) {
12210 - int killed = 0;
12211 - pest = &elist[idx].list;
12212 - while ((est=*pest) != NULL) {
12213 - if (est->rate_est != rate_est || est->bstats != bstats) {
12214 - pest = &est->next;
12215 +
12216 + /* Skip non initialized indexes */
12217 + if (!elist[idx].timer.function)
12218 + continue;
12219 +
12220 + list_for_each_entry_safe(e, n, &elist[idx].list, list) {
12221 + if (e->rate_est != rate_est || e->bstats != bstats)
12222 continue;
12223 - }
12225 write_lock_bh(&est_lock);
12226 - *pest = est->next;
12227 + e->bstats = NULL;
12228 write_unlock_bh(&est_lock);
12230 - kfree(est);
12231 - killed++;
12232 + list_del_rcu(&e->list);
12233 + call_rcu(&e->e_rcu, __gen_kill_estimator);
12234 }
12235 - if (killed && elist[idx].list == NULL)
12236 - del_timer(&elist[idx].timer);
12237 }
12238 }
12240 diff --git a/net/core/netpoll.c b/net/core/netpoll.c
12241 index a0efdd7..5df8cf4 100644
12242 --- a/net/core/netpoll.c
12243 +++ b/net/core/netpoll.c
12244 @@ -781,7 +781,6 @@ void netpoll_cleanup(struct netpoll *np)
12245 spin_unlock_irqrestore(&npinfo->rx_lock, flags);
12246 }
12248 - np->dev->npinfo = NULL;
12249 if (atomic_dec_and_test(&npinfo->refcnt)) {
12250 skb_queue_purge(&npinfo->arp_tx);
12251 skb_queue_purge(&npinfo->txq);
12252 @@ -794,6 +793,7 @@ void netpoll_cleanup(struct netpoll *np)
12253 kfree_skb(skb);
12254 }
12255 kfree(npinfo);
12256 + np->dev->npinfo = NULL;
12257 }
12258 }
12260 diff --git a/net/core/pktgen.c b/net/core/pktgen.c
12261 index 9cd3a1c..33190c3 100644
12262 --- a/net/core/pktgen.c
12263 +++ b/net/core/pktgen.c
12264 @@ -111,6 +111,9 @@
12265 *
12266 * 802.1Q/Q-in-Q support by Francesco Fondelli (FF) <francesco.fondelli@gmail.com>
12267 *
12268 + * Fixed src_mac command to set source mac of packet to value specified in
12269 + * command by Adit Ranadive <adit.262@gmail.com>
12270 + *
12271 */
12272 #include <linux/sys.h>
12273 #include <linux/types.h>
12274 @@ -1415,8 +1418,11 @@ static ssize_t pktgen_if_write(struct file *file,
12275 }
12276 if (!strcmp(name, "src_mac")) {
12277 char *v = valstr;
12278 + unsigned char old_smac[ETH_ALEN];
12279 unsigned char *m = pkt_dev->src_mac;
12281 + memcpy(old_smac, pkt_dev->src_mac, ETH_ALEN);
12282 +
12283 len = strn_len(&user_buffer[i], sizeof(valstr) - 1);
12284 if (len < 0) {
12285 return len;
12286 @@ -1445,6 +1451,10 @@ static ssize_t pktgen_if_write(struct file *file,
12287 }
12288 }
12290 + /* Set up Src MAC */
12291 + if (compare_ether_addr(old_smac, pkt_dev->src_mac))
12292 + memcpy(&(pkt_dev->hh[6]), pkt_dev->src_mac, ETH_ALEN);
12293 +
12294 sprintf(pg_result, "OK: srcmac");
12295 return count;
12296 }
12297 diff --git a/net/dccp/ccids/ccid2.c b/net/dccp/ccids/ccid2.c
12298 index 248d20f..d29b88f 100644
12299 --- a/net/dccp/ccids/ccid2.c
12300 +++ b/net/dccp/ccids/ccid2.c
12301 @@ -298,7 +298,7 @@ static void ccid2_hc_tx_packet_sent(struct sock *sk, int more, unsigned int len)
12302 int rc;
12304 ccid2_pr_debug("allocating more space in history\n");
12305 - rc = ccid2_hc_tx_alloc_seq(hctx, CCID2_SEQBUF_LEN, GFP_KERNEL);
12306 + rc = ccid2_hc_tx_alloc_seq(hctx, CCID2_SEQBUF_LEN, gfp_any());
12307 BUG_ON(rc); /* XXX what do we do? */
12309 next = hctx->ccid2hctx_seqh->ccid2s_next;
12310 diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
12311 index ab41c18..b51ee15 100644
12312 --- a/net/decnet/dn_dev.c
12313 +++ b/net/decnet/dn_dev.c
12314 @@ -651,16 +651,18 @@ static int dn_nl_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
12315 struct dn_dev *dn_db;
12316 struct ifaddrmsg *ifm;
12317 struct dn_ifaddr *ifa, **ifap;
12318 - int err = -EADDRNOTAVAIL;
12319 + int err;
12321 err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, dn_ifa_policy);
12322 if (err < 0)
12323 goto errout;
12325 + err = -ENODEV;
12326 ifm = nlmsg_data(nlh);
12327 if ((dn_db = dn_dev_by_index(ifm->ifa_index)) == NULL)
12328 goto errout;
12330 + err = -EADDRNOTAVAIL;
12331 for (ifap = &dn_db->ifa_list; (ifa = *ifap); ifap = &ifa->ifa_next) {
12332 if (tb[IFA_LOCAL] &&
12333 nla_memcmp(tb[IFA_LOCAL], &ifa->ifa_local, 2))
12334 @@ -815,7 +817,7 @@ static int dn_nl_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
12335 for (ifa = dn_db->ifa_list, dn_idx = 0; ifa;
12336 ifa = ifa->ifa_next, dn_idx++) {
12337 if (dn_idx < skip_naddr)
12338 - goto cont;
12339 + continue;
12341 if (dn_nl_fill_ifaddr(skb, ifa, NETLINK_CB(cb->skb).pid,
12342 cb->nlh->nlmsg_seq, RTM_NEWADDR,
12343 diff --git a/net/ieee80211/ieee80211_rx.c b/net/ieee80211/ieee80211_rx.c
12344 index f2de2e4..6284c99 100644
12345 --- a/net/ieee80211/ieee80211_rx.c
12346 +++ b/net/ieee80211/ieee80211_rx.c
12347 @@ -366,6 +366,12 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
12348 frag = WLAN_GET_SEQ_FRAG(sc);
12349 hdrlen = ieee80211_get_hdrlen(fc);
12351 + if (skb->len < hdrlen) {
12352 + printk(KERN_INFO "%s: invalid SKB length %d\n",
12353 + dev->name, skb->len);
12354 + goto rx_dropped;
12355 + }
12356 +
12357 /* Put this code here so that we avoid duplicating it in all
12358 * Rx paths. - Jean II */
12359 #ifdef CONFIG_WIRELESS_EXT
12360 diff --git a/net/ieee80211/softmac/ieee80211softmac_assoc.c b/net/ieee80211/softmac/ieee80211softmac_assoc.c
12361 index cc8110b..afb6c66 100644
12362 --- a/net/ieee80211/softmac/ieee80211softmac_assoc.c
12363 +++ b/net/ieee80211/softmac/ieee80211softmac_assoc.c
12364 @@ -271,8 +271,11 @@ ieee80211softmac_assoc_work(struct work_struct *work)
12365 */
12366 dprintk(KERN_INFO PFX "Associate: Scanning for networks first.\n");
12367 ieee80211softmac_notify(mac->dev, IEEE80211SOFTMAC_EVENT_SCAN_FINISHED, ieee80211softmac_assoc_notify_scan, NULL);
12368 - if (ieee80211softmac_start_scan(mac))
12369 + if (ieee80211softmac_start_scan(mac)) {
12370 dprintk(KERN_INFO PFX "Associate: failed to initiate scan. Is device up?\n");
12371 + mac->associnfo.associating = 0;
12372 + mac->associnfo.associated = 0;
12373 + }
12374 goto out;
12375 } else {
12376 mac->associnfo.associating = 0;
12377 diff --git a/net/ieee80211/softmac/ieee80211softmac_wx.c b/net/ieee80211/softmac/ieee80211softmac_wx.c
12378 index f13937b..d054e92 100644
12379 --- a/net/ieee80211/softmac/ieee80211softmac_wx.c
12380 +++ b/net/ieee80211/softmac/ieee80211softmac_wx.c
12381 @@ -74,8 +74,8 @@ ieee80211softmac_wx_set_essid(struct net_device *net_dev,
12382 struct ieee80211softmac_auth_queue_item *authptr;
12383 int length = 0;
12385 +check_assoc_again:
12386 mutex_lock(&sm->associnfo.mutex);
12387 -
12388 /* Check if we're already associating to this or another network
12389 * If it's another network, cancel and start over with our new network
12390 * If it's our network, ignore the change, we're already doing it!
12391 @@ -98,13 +98,18 @@ ieee80211softmac_wx_set_essid(struct net_device *net_dev,
12392 cancel_delayed_work(&authptr->work);
12393 sm->associnfo.bssvalid = 0;
12394 sm->associnfo.bssfixed = 0;
12395 - flush_scheduled_work();
12396 sm->associnfo.associating = 0;
12397 sm->associnfo.associated = 0;
12398 + /* We must unlock to avoid deadlocks with the assoc workqueue
12399 + * on the associnfo.mutex */
12400 + mutex_unlock(&sm->associnfo.mutex);
12401 + flush_scheduled_work();
12402 + /* Avoid race! Check assoc status again. Maybe someone started an
12403 + * association while we flushed. */
12404 + goto check_assoc_again;
12405 }
12406 }
12408 -
12409 sm->associnfo.static_essid = 0;
12410 sm->associnfo.assoc_wait = 0;
12412 diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
12413 index 041fba3..90b241c 100644
12414 --- a/net/ipv4/af_inet.c
12415 +++ b/net/ipv4/af_inet.c
12416 @@ -831,7 +831,7 @@ const struct proto_ops inet_stream_ops = {
12417 .shutdown = inet_shutdown,
12418 .setsockopt = sock_common_setsockopt,
12419 .getsockopt = sock_common_getsockopt,
12420 - .sendmsg = inet_sendmsg,
12421 + .sendmsg = tcp_sendmsg,
12422 .recvmsg = sock_common_recvmsg,
12423 .mmap = sock_no_mmap,
12424 .sendpage = tcp_sendpage,
12425 diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
12426 index 6da8ff5..c79a24e 100644
12427 --- a/net/ipv4/ah4.c
12428 +++ b/net/ipv4/ah4.c
12429 @@ -46,7 +46,7 @@ static int ip_clear_mutable_options(struct iphdr *iph, __be32 *daddr)
12430 memcpy(daddr, optptr+optlen-4, 4);
12431 /* Fall through */
12432 default:
12433 - memset(optptr+2, 0, optlen-2);
12434 + memset(optptr, 0, optlen);
12435 }
12436 l -= optlen;
12437 optptr += optlen;
12438 diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
12439 index e00767e..84097ee 100644
12440 --- a/net/ipv4/arp.c
12441 +++ b/net/ipv4/arp.c
12442 @@ -110,12 +110,8 @@
12443 #include <net/tcp.h>
12444 #include <net/sock.h>
12445 #include <net/arp.h>
12446 -#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
12447 #include <net/ax25.h>
12448 -#if defined(CONFIG_NETROM) || defined(CONFIG_NETROM_MODULE)
12449 #include <net/netrom.h>
12450 -#endif
12451 -#endif
12452 #if defined(CONFIG_ATM_CLIP) || defined(CONFIG_ATM_CLIP_MODULE)
12453 #include <net/atmclip.h>
12454 struct neigh_table *clip_tbl_hook;
12455 @@ -729,20 +725,10 @@ static int arp_process(struct sk_buff *skb)
12456 htons(dev_type) != arp->ar_hrd)
12457 goto out;
12458 break;
12459 -#ifdef CONFIG_NET_ETHERNET
12460 case ARPHRD_ETHER:
12461 -#endif
12462 -#ifdef CONFIG_TR
12463 case ARPHRD_IEEE802_TR:
12464 -#endif
12465 -#ifdef CONFIG_FDDI
12466 case ARPHRD_FDDI:
12467 -#endif
12468 -#ifdef CONFIG_NET_FC
12469 case ARPHRD_IEEE802:
12470 -#endif
12471 -#if defined(CONFIG_NET_ETHERNET) || defined(CONFIG_TR) || \
12472 - defined(CONFIG_FDDI) || defined(CONFIG_NET_FC)
12473 /*
12474 * ETHERNET, Token Ring and Fibre Channel (which are IEEE 802
12475 * devices, according to RFC 2625) devices will accept ARP
12476 @@ -757,21 +743,16 @@ static int arp_process(struct sk_buff *skb)
12477 arp->ar_pro != htons(ETH_P_IP))
12478 goto out;
12479 break;
12480 -#endif
12481 -#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
12482 case ARPHRD_AX25:
12483 if (arp->ar_pro != htons(AX25_P_IP) ||
12484 arp->ar_hrd != htons(ARPHRD_AX25))
12485 goto out;
12486 break;
12487 -#if defined(CONFIG_NETROM) || defined(CONFIG_NETROM_MODULE)
12488 case ARPHRD_NETROM:
12489 if (arp->ar_pro != htons(AX25_P_IP) ||
12490 arp->ar_hrd != htons(ARPHRD_NETROM))
12491 goto out;
12492 break;
12493 -#endif
12494 -#endif
12495 }
12497 /* Understand only these message types */
12498 diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
12499 index abf6352..9607d78 100644
12500 --- a/net/ipv4/devinet.c
12501 +++ b/net/ipv4/devinet.c
12502 @@ -1030,7 +1030,7 @@ static void inetdev_changename(struct net_device *dev, struct in_device *in_dev)
12503 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
12504 if (named++ == 0)
12505 continue;
12506 - dot = strchr(ifa->ifa_label, ':');
12507 + dot = strchr(old, ':');
12508 if (dot == NULL) {
12509 sprintf(old, ":%d", named);
12510 dot = old;
12511 @@ -1194,7 +1194,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
12512 for (ifa = in_dev->ifa_list, ip_idx = 0; ifa;
12513 ifa = ifa->ifa_next, ip_idx++) {
12514 if (ip_idx < s_ip_idx)
12515 - goto cont;
12516 + continue;
12517 if (inet_fill_ifaddr(skb, ifa, NETLINK_CB(cb->skb).pid,
12518 cb->nlh->nlmsg_seq,
12519 RTM_NEWADDR, NLM_F_MULTI) <= 0)
12520 diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
12521 index dbeacd8..def007e 100644
12522 --- a/net/ipv4/inet_diag.c
12523 +++ b/net/ipv4/inet_diag.c
12524 @@ -836,12 +836,16 @@ static int inet_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
12525 return inet_diag_get_exact(skb, nlh);
12526 }
12528 +static DEFINE_MUTEX(inet_diag_mutex);
12529 +
12530 static void inet_diag_rcv(struct sock *sk, int len)
12531 {
12532 unsigned int qlen = 0;
12534 do {
12535 + mutex_lock(&inet_diag_mutex);
12536 netlink_run_queue(sk, &qlen, &inet_diag_rcv_msg);
12537 + mutex_unlock(&inet_diag_mutex);
12538 } while (qlen);
12539 }
12541 diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
12542 index 6328293..724b612 100644
12543 --- a/net/ipv4/ip_gre.c
12544 +++ b/net/ipv4/ip_gre.c
12545 @@ -613,7 +613,7 @@ static int ipgre_rcv(struct sk_buff *skb)
12546 offset += 4;
12547 }
12549 - skb_reset_mac_header(skb);
12550 + skb->mac_header = skb->network_header;
12551 __pskb_pull(skb, offset);
12552 skb_reset_network_header(skb);
12553 skb_postpull_rcsum(skb, skb_transport_header(skb), offset);
12554 diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
12555 index ab86137..630ebb7 100644
12556 --- a/net/ipv4/ipcomp.c
12557 +++ b/net/ipv4/ipcomp.c
12558 @@ -17,6 +17,7 @@
12559 #include <asm/scatterlist.h>
12560 #include <asm/semaphore.h>
12561 #include <linux/crypto.h>
12562 +#include <linux/err.h>
12563 #include <linux/pfkeyv2.h>
12564 #include <linux/percpu.h>
12565 #include <linux/smp.h>
12566 @@ -355,7 +356,7 @@ static struct crypto_comp **ipcomp_alloc_tfms(const char *alg_name)
12567 for_each_possible_cpu(cpu) {
12568 struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
12569 CRYPTO_ALG_ASYNC);
12570 - if (!tfm)
12571 + if (IS_ERR(tfm))
12572 goto error;
12573 *per_cpu_ptr(tfms, cpu) = tfm;
12574 }
12575 diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
12576 index a42c5cd..361be2b 100644
12577 --- a/net/ipv4/netfilter/ipt_LOG.c
12578 +++ b/net/ipv4/netfilter/ipt_LOG.c
12579 @@ -477,10 +477,8 @@ static int __init ipt_log_init(void)
12580 ret = xt_register_target(&ipt_log_reg);
12581 if (ret < 0)
12582 return ret;
12583 - ret = nf_log_register(PF_INET, &ipt_log_logger);
12584 - if (ret < 0 && ret != -EEXIST)
12585 - xt_unregister_target(&ipt_log_reg);
12586 - return ret;
12587 + nf_log_register(PF_INET, &ipt_log_logger);
12588 + return 0;
12589 }
12591 static void __exit ipt_log_fini(void)
12592 diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
12593 index f4fc657..474b4ce 100644
12594 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
12595 +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
12596 @@ -189,25 +189,13 @@ icmp_error_message(struct sk_buff *skb,
12598 h = nf_conntrack_find_get(&innertuple, NULL);
12599 if (!h) {
12600 - /* Locally generated ICMPs will match inverted if they
12601 - haven't been SNAT'ed yet */
12602 - /* FIXME: NAT code has to handle half-done double NAT --RR */
12603 - if (hooknum == NF_IP_LOCAL_OUT)
12604 - h = nf_conntrack_find_get(&origtuple, NULL);
12605 -
12606 - if (!h) {
12607 - DEBUGP("icmp_error_message: no match\n");
12608 - return -NF_ACCEPT;
12609 - }
12610 -
12611 - /* Reverse direction from that found */
12612 - if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
12613 - *ctinfo += IP_CT_IS_REPLY;
12614 - } else {
12615 - if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
12616 - *ctinfo += IP_CT_IS_REPLY;
12617 + DEBUGP("icmp_error_message: no match\n");
12618 + return -NF_ACCEPT;
12619 }
12621 + if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
12622 + *ctinfo += IP_CT_IS_REPLY;
12623 +
12624 /* Update skb to refer to this connection */
12625 skb->nfct = &nf_ct_tuplehash_to_ctrack(h)->ct_general;
12626 skb->nfctinfo = *ctinfo;
12627 diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
12628 index ea02f00..3b01a5f 100644
12629 --- a/net/ipv4/netfilter/nf_nat_core.c
12630 +++ b/net/ipv4/netfilter/nf_nat_core.c
12631 @@ -633,7 +633,7 @@ static int clean_nat(struct nf_conn *i, void *data)
12633 if (!nat)
12634 return 0;
12635 - memset(nat, 0, sizeof(nat));
12636 + memset(nat, 0, sizeof(*nat));
12637 i->status &= ~(IPS_NAT_MASK | IPS_NAT_DONE_MASK | IPS_SEQ_ADJUST);
12638 return 0;
12639 }
12640 diff --git a/net/ipv4/route.c b/net/ipv4/route.c
12641 index 29ca63e..8f443ed 100644
12642 --- a/net/ipv4/route.c
12643 +++ b/net/ipv4/route.c
12644 @@ -2885,11 +2885,10 @@ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb)
12645 int idx, s_idx;
12647 s_h = cb->args[0];
12648 + if (s_h < 0)
12649 + s_h = 0;
12650 s_idx = idx = cb->args[1];
12651 - for (h = 0; h <= rt_hash_mask; h++) {
12652 - if (h < s_h) continue;
12653 - if (h > s_h)
12654 - s_idx = 0;
12655 + for (h = s_h; h <= rt_hash_mask; h++) {
12656 rcu_read_lock_bh();
12657 for (rt = rcu_dereference(rt_hash_table[h].chain), idx = 0; rt;
12658 rt = rcu_dereference(rt->u.dst.rt_next), idx++) {
12659 @@ -2906,6 +2905,7 @@ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb)
12660 dst_release(xchg(&skb->dst, NULL));
12661 }
12662 rcu_read_unlock_bh();
12663 + s_idx = 0;
12664 }
12666 done:
12667 @@ -3150,18 +3150,14 @@ static int ip_rt_acct_read(char *buffer, char **start, off_t offset,
12668 offset /= sizeof(u32);
12670 if (length > 0) {
12671 - u32 *src = ((u32 *) IP_RT_ACCT_CPU(0)) + offset;
12672 u32 *dst = (u32 *) buffer;
12674 - /* Copy first cpu. */
12675 *start = buffer;
12676 - memcpy(dst, src, length);
12677 + memset(dst, 0, length);
12679 - /* Add the other cpus in, one int at a time */
12680 for_each_possible_cpu(i) {
12681 unsigned int j;
12682 -
12683 - src = ((u32 *) IP_RT_ACCT_CPU(i)) + offset;
12684 + u32 *src = ((u32 *) IP_RT_ACCT_CPU(i)) + offset;
12686 for (j = 0; j < length/4; j++)
12687 dst[j] += src[j];
12688 diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
12689 index 53ef0f4..6ea1306 100644
12690 --- a/net/ipv4/sysctl_net_ipv4.c
12691 +++ b/net/ipv4/sysctl_net_ipv4.c
12692 @@ -121,7 +121,7 @@ static int sysctl_tcp_congestion_control(ctl_table *table, int __user *name,
12694 tcp_get_default_congestion_control(val);
12695 ret = sysctl_string(&tbl, name, nlen, oldval, oldlenp, newval, newlen);
12696 - if (ret == 0 && newval && newlen)
12697 + if (ret == 1 && newval && newlen)
12698 ret = tcp_set_default_congestion_control(val);
12699 return ret;
12700 }
12701 diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
12702 index 450f44b..11ff182 100644
12703 --- a/net/ipv4/tcp.c
12704 +++ b/net/ipv4/tcp.c
12705 @@ -658,9 +658,10 @@ static inline int select_size(struct sock *sk)
12706 return tmp;
12707 }
12709 -int tcp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
12710 +int tcp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
12711 size_t size)
12712 {
12713 + struct sock *sk = sock->sk;
12714 struct iovec *iov;
12715 struct tcp_sock *tp = tcp_sk(sk);
12716 struct sk_buff *skb;
12717 diff --git a/net/ipv4/tcp_illinois.c b/net/ipv4/tcp_illinois.c
12718 index b2b2256..31dd8c5 100644
12719 --- a/net/ipv4/tcp_illinois.c
12720 +++ b/net/ipv4/tcp_illinois.c
12721 @@ -300,7 +300,7 @@ static u32 tcp_illinois_ssthresh(struct sock *sk)
12722 struct illinois *ca = inet_csk_ca(sk);
12724 /* Multiplicative decrease */
12725 - return max((tp->snd_cwnd * ca->beta) >> BETA_SHIFT, 2U);
12726 + return max(tp->snd_cwnd - ((tp->snd_cwnd * ca->beta) >> BETA_SHIFT), 2U);
12727 }
12730 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
12731 index 69f9f1e..2e1d8e7 100644
12732 --- a/net/ipv4/tcp_input.c
12733 +++ b/net/ipv4/tcp_input.c
12734 @@ -102,11 +102,14 @@ int sysctl_tcp_abc __read_mostly;
12735 #define FLAG_DATA_LOST 0x80 /* SACK detected data lossage. */
12736 #define FLAG_SLOWPATH 0x100 /* Do not skip RFC checks for window update.*/
12737 #define FLAG_ONLY_ORIG_SACKED 0x200 /* SACKs only non-rexmit sent before RTO */
12738 +#define FLAG_SND_UNA_ADVANCED 0x400 /* Snd_una was changed (!= FLAG_DATA_ACKED) */
12739 +#define FLAG_DSACKING_ACK 0x800 /* SACK blocks contained DSACK info */
12741 #define FLAG_ACKED (FLAG_DATA_ACKED|FLAG_SYN_ACKED)
12742 #define FLAG_NOT_DUP (FLAG_DATA|FLAG_WIN_UPDATE|FLAG_ACKED)
12743 #define FLAG_CA_ALERT (FLAG_DATA_SACKED|FLAG_ECE)
12744 #define FLAG_FORWARD_PROGRESS (FLAG_ACKED|FLAG_DATA_SACKED)
12745 +#define FLAG_ANY_PROGRESS (FLAG_FORWARD_PROGRESS|FLAG_SND_UNA_ADVANCED)
12747 #define IsReno(tp) ((tp)->rx_opt.sack_ok == 0)
12748 #define IsFack(tp) ((tp)->rx_opt.sack_ok & 2)
12749 @@ -964,12 +967,14 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
12751 /* Check for D-SACK. */
12752 if (before(ntohl(sp[0].start_seq), TCP_SKB_CB(ack_skb)->ack_seq)) {
12753 + flag |= FLAG_DSACKING_ACK;
12754 found_dup_sack = 1;
12755 tp->rx_opt.sack_ok |= 4;
12756 NET_INC_STATS_BH(LINUX_MIB_TCPDSACKRECV);
12757 } else if (num_sacks > 1 &&
12758 !after(ntohl(sp[0].end_seq), ntohl(sp[1].end_seq)) &&
12759 !before(ntohl(sp[0].start_seq), ntohl(sp[1].start_seq))) {
12760 + flag |= FLAG_DSACKING_ACK;
12761 found_dup_sack = 1;
12762 tp->rx_opt.sack_ok |= 4;
12763 NET_INC_STATS_BH(LINUX_MIB_TCPDSACKOFORECV);
12764 @@ -989,6 +994,9 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
12765 if (before(TCP_SKB_CB(ack_skb)->ack_seq, prior_snd_una - tp->max_window))
12766 return 0;
12768 + if (!tp->packets_out)
12769 + goto out;
12770 +
12771 /* SACK fastpath:
12772 * if the only SACK change is the increase of the end_seq of
12773 * the first block then only apply that SACK block
12774 @@ -1257,6 +1265,8 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
12775 (!tp->frto_highmark || after(tp->snd_una, tp->frto_highmark)))
12776 tcp_update_reordering(sk, ((tp->fackets_out + 1) - reord), 0);
12778 +out:
12779 +
12780 #if FASTRETRANS_DEBUG > 0
12781 BUG_TRAP((int)tp->sacked_out >= 0);
12782 BUG_TRAP((int)tp->lost_out >= 0);
12783 @@ -1398,7 +1408,9 @@ static void tcp_enter_frto_loss(struct sock *sk, int allowed_segments, int flag)
12784 * waiting for the first ACK and did not get it)...
12785 */
12786 if ((tp->frto_counter == 1) && !(flag&FLAG_DATA_ACKED)) {
12787 - tp->retrans_out += tcp_skb_pcount(skb);
12788 + /* For some reason this R-bit might get cleared? */
12789 + if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS)
12790 + tp->retrans_out += tcp_skb_pcount(skb);
12791 /* ...enter this if branch just for the first segment */
12792 flag |= FLAG_DATA_ACKED;
12793 } else {
12794 @@ -1849,19 +1861,22 @@ static inline u32 tcp_cwnd_min(const struct sock *sk)
12795 }
12797 /* Decrease cwnd each second ack. */
12798 -static void tcp_cwnd_down(struct sock *sk)
12799 +static void tcp_cwnd_down(struct sock *sk, int flag)
12800 {
12801 struct tcp_sock *tp = tcp_sk(sk);
12802 int decr = tp->snd_cwnd_cnt + 1;
12804 - tp->snd_cwnd_cnt = decr&1;
12805 - decr >>= 1;
12806 + if ((flag&(FLAG_ANY_PROGRESS|FLAG_DSACKING_ACK)) ||
12807 + (IsReno(tp) && !(flag&FLAG_NOT_DUP))) {
12808 + tp->snd_cwnd_cnt = decr&1;
12809 + decr >>= 1;
12811 - if (decr && tp->snd_cwnd > tcp_cwnd_min(sk))
12812 - tp->snd_cwnd -= decr;
12813 + if (decr && tp->snd_cwnd > tcp_cwnd_min(sk))
12814 + tp->snd_cwnd -= decr;
12816 - tp->snd_cwnd = min(tp->snd_cwnd, tcp_packets_in_flight(tp)+1);
12817 - tp->snd_cwnd_stamp = tcp_time_stamp;
12818 + tp->snd_cwnd = min(tp->snd_cwnd, tcp_packets_in_flight(tp)+1);
12819 + tp->snd_cwnd_stamp = tcp_time_stamp;
12820 + }
12821 }
12823 /* Nothing was retransmitted or returned timestamp is less
12824 @@ -2058,7 +2073,7 @@ static void tcp_try_to_open(struct sock *sk, int flag)
12825 }
12826 tcp_moderate_cwnd(tp);
12827 } else {
12828 - tcp_cwnd_down(sk);
12829 + tcp_cwnd_down(sk, flag);
12830 }
12831 }
12833 @@ -2107,7 +2122,9 @@ tcp_fastretrans_alert(struct sock *sk, u32 prior_snd_una,
12834 {
12835 struct inet_connection_sock *icsk = inet_csk(sk);
12836 struct tcp_sock *tp = tcp_sk(sk);
12837 - int is_dupack = (tp->snd_una == prior_snd_una && !(flag&FLAG_NOT_DUP));
12838 + int is_dupack = !(flag&(FLAG_SND_UNA_ADVANCED|FLAG_NOT_DUP));
12839 + int do_lost = is_dupack || ((flag&FLAG_DATA_SACKED) &&
12840 + (tp->fackets_out > tp->reordering));
12842 /* Some technical things:
12843 * 1. Reno does not count dupacks (sacked_out) automatically. */
12844 @@ -2191,7 +2208,7 @@ tcp_fastretrans_alert(struct sock *sk, u32 prior_snd_una,
12845 int acked = prior_packets - tp->packets_out;
12846 if (IsReno(tp))
12847 tcp_remove_reno_sacks(sk, acked);
12848 - is_dupack = tcp_try_undo_partial(sk, acked);
12849 + do_lost = tcp_try_undo_partial(sk, acked);
12850 }
12851 break;
12852 case TCP_CA_Loss:
12853 @@ -2256,9 +2273,9 @@ tcp_fastretrans_alert(struct sock *sk, u32 prior_snd_una,
12854 tcp_set_ca_state(sk, TCP_CA_Recovery);
12855 }
12857 - if (is_dupack || tcp_head_timedout(sk))
12858 + if (do_lost || tcp_head_timedout(sk))
12859 tcp_update_scoreboard(sk);
12860 - tcp_cwnd_down(sk);
12861 + tcp_cwnd_down(sk, flag);
12862 tcp_xmit_retransmit_queue(sk);
12863 }
12865 @@ -2391,6 +2408,9 @@ static int tcp_tso_acked(struct sock *sk, struct sk_buff *skb,
12866 __u32 dval = min(tp->fackets_out, packets_acked);
12867 tp->fackets_out -= dval;
12868 }
12869 + /* hint's skb might be NULL but we don't need to care */
12870 + tp->fastpath_cnt_hint -= min_t(u32, packets_acked,
12871 + tp->fastpath_cnt_hint);
12872 tp->packets_out -= packets_acked;
12874 BUG_ON(tcp_skb_pcount(skb) == 0);
12875 @@ -2766,6 +2786,9 @@ static int tcp_ack(struct sock *sk, struct sk_buff *skb, int flag)
12876 if (before(ack, prior_snd_una))
12877 goto old_ack;
12879 + if (after(ack, prior_snd_una))
12880 + flag |= FLAG_SND_UNA_ADVANCED;
12881 +
12882 if (sysctl_tcp_abc) {
12883 if (icsk->icsk_ca_state < TCP_CA_CWR)
12884 tp->bytes_acked += ack - prior_snd_una;
12885 diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
12886 index 354721d..11f711b 100644
12887 --- a/net/ipv4/tcp_ipv4.c
12888 +++ b/net/ipv4/tcp_ipv4.c
12889 @@ -833,8 +833,7 @@ static struct tcp_md5sig_key *
12890 return NULL;
12891 for (i = 0; i < tp->md5sig_info->entries4; i++) {
12892 if (tp->md5sig_info->keys4[i].addr == addr)
12893 - return (struct tcp_md5sig_key *)
12894 - &tp->md5sig_info->keys4[i];
12895 + return &tp->md5sig_info->keys4[i].base;
12896 }
12897 return NULL;
12898 }
12899 @@ -865,9 +864,9 @@ int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
12900 key = (struct tcp4_md5sig_key *)tcp_v4_md5_do_lookup(sk, addr);
12901 if (key) {
12902 /* Pre-existing entry - just update that one. */
12903 - kfree(key->key);
12904 - key->key = newkey;
12905 - key->keylen = newkeylen;
12906 + kfree(key->base.key);
12907 + key->base.key = newkey;
12908 + key->base.keylen = newkeylen;
12909 } else {
12910 struct tcp_md5sig_info *md5sig;
12912 @@ -906,9 +905,9 @@ int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
12913 md5sig->alloced4++;
12914 }
12915 md5sig->entries4++;
12916 - md5sig->keys4[md5sig->entries4 - 1].addr = addr;
12917 - md5sig->keys4[md5sig->entries4 - 1].key = newkey;
12918 - md5sig->keys4[md5sig->entries4 - 1].keylen = newkeylen;
12919 + md5sig->keys4[md5sig->entries4 - 1].addr = addr;
12920 + md5sig->keys4[md5sig->entries4 - 1].base.key = newkey;
12921 + md5sig->keys4[md5sig->entries4 - 1].base.keylen = newkeylen;
12922 }
12923 return 0;
12924 }
12925 @@ -930,7 +929,7 @@ int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
12926 for (i = 0; i < tp->md5sig_info->entries4; i++) {
12927 if (tp->md5sig_info->keys4[i].addr == addr) {
12928 /* Free the key */
12929 - kfree(tp->md5sig_info->keys4[i].key);
12930 + kfree(tp->md5sig_info->keys4[i].base.key);
12931 tp->md5sig_info->entries4--;
12933 if (tp->md5sig_info->entries4 == 0) {
12934 @@ -964,7 +963,7 @@ static void tcp_v4_clear_md5_list(struct sock *sk)
12935 if (tp->md5sig_info->entries4) {
12936 int i;
12937 for (i = 0; i < tp->md5sig_info->entries4; i++)
12938 - kfree(tp->md5sig_info->keys4[i].key);
12939 + kfree(tp->md5sig_info->keys4[i].base.key);
12940 tp->md5sig_info->entries4 = 0;
12941 tcp_free_md5sig_pool();
12942 }
12943 @@ -2434,7 +2433,6 @@ struct proto tcp_prot = {
12944 .shutdown = tcp_shutdown,
12945 .setsockopt = tcp_setsockopt,
12946 .getsockopt = tcp_getsockopt,
12947 - .sendmsg = tcp_sendmsg,
12948 .recvmsg = tcp_recvmsg,
12949 .backlog_rcv = tcp_v4_do_rcv,
12950 .hash = tcp_v4_hash,
12951 diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
12952 index 53232dd..eee57e6 100644
12953 --- a/net/ipv4/tcp_output.c
12954 +++ b/net/ipv4/tcp_output.c
12955 @@ -1279,7 +1279,6 @@ static int tcp_mtu_probe(struct sock *sk)
12957 skb = tcp_send_head(sk);
12958 tcp_insert_write_queue_before(nskb, skb, sk);
12959 - tcp_advance_send_head(sk, skb);
12961 TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(skb)->seq;
12962 TCP_SKB_CB(nskb)->end_seq = TCP_SKB_CB(skb)->seq + probe_size;
12963 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
12964 index f96ed76..6d614c0 100644
12965 --- a/net/ipv6/addrconf.c
12966 +++ b/net/ipv6/addrconf.c
12967 @@ -73,6 +73,7 @@
12968 #include <net/tcp.h>
12969 #include <net/ip.h>
12970 #include <net/netlink.h>
12971 +#include <net/pkt_sched.h>
12972 #include <linux/if_tunnel.h>
12973 #include <linux/rtnetlink.h>
12975 @@ -212,6 +213,12 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
12976 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
12977 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
12979 +/* Check if a valid qdisc is available */
12980 +static inline int addrconf_qdisc_ok(struct net_device *dev)
12981 +{
12982 + return (dev->qdisc != &noop_qdisc);
12983 +}
12984 +
12985 static void addrconf_del_timer(struct inet6_ifaddr *ifp)
12986 {
12987 if (del_timer(&ifp->timer))
12988 @@ -376,7 +383,7 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
12989 }
12990 #endif
12992 - if (netif_running(dev) && netif_carrier_ok(dev))
12993 + if (netif_running(dev) && addrconf_qdisc_ok(dev))
12994 ndev->if_flags |= IF_READY;
12996 ipv6_mc_init_dev(ndev);
12997 @@ -1021,7 +1028,7 @@ int ipv6_dev_get_saddr(struct net_device *daddr_dev,
12998 hiscore.rule++;
12999 }
13000 if (ipv6_saddr_preferred(score.addr_type) ||
13001 - (((ifa_result->flags &
13002 + (((ifa->flags &
13003 (IFA_F_DEPRECATED|IFA_F_OPTIMISTIC)) == 0))) {
13004 score.attrs |= IPV6_SADDR_SCORE_PREFERRED;
13005 if (!(hiscore.attrs & IPV6_SADDR_SCORE_PREFERRED)) {
13006 @@ -2269,7 +2276,7 @@ static int addrconf_notify(struct notifier_block *this, unsigned long event,
13007 case NETDEV_UP:
13008 case NETDEV_CHANGE:
13009 if (event == NETDEV_UP) {
13010 - if (!netif_carrier_ok(dev)) {
13011 + if (!addrconf_qdisc_ok(dev)) {
13012 /* device is not ready yet. */
13013 printk(KERN_INFO
13014 "ADDRCONF(NETDEV_UP): %s: "
13015 @@ -2278,10 +2285,13 @@ static int addrconf_notify(struct notifier_block *this, unsigned long event,
13016 break;
13017 }
13019 + if (!idev && dev->mtu >= IPV6_MIN_MTU)
13020 + idev = ipv6_add_dev(dev);
13021 +
13022 if (idev)
13023 idev->if_flags |= IF_READY;
13024 } else {
13025 - if (!netif_carrier_ok(dev)) {
13026 + if (!addrconf_qdisc_ok(dev)) {
13027 /* device is still not ready. */
13028 break;
13029 }
13030 @@ -2342,12 +2352,18 @@ static int addrconf_notify(struct notifier_block *this, unsigned long event,
13031 break;
13033 case NETDEV_CHANGEMTU:
13034 - if ( idev && dev->mtu >= IPV6_MIN_MTU) {
13035 + if (idev && dev->mtu >= IPV6_MIN_MTU) {
13036 rt6_mtu_change(dev, dev->mtu);
13037 idev->cnf.mtu6 = dev->mtu;
13038 break;
13039 }
13041 + if (!idev && dev->mtu >= IPV6_MIN_MTU) {
13042 + idev = ipv6_add_dev(dev);
13043 + if (idev)
13044 + break;
13045 + }
13046 +
13047 /* MTU falled under IPV6_MIN_MTU. Stop IPv6 on this interface. */
13049 case NETDEV_DOWN:
13050 @@ -2472,6 +2488,7 @@ static int addrconf_ifdown(struct net_device *dev, int how)
13051 write_unlock_bh(&idev->lock);
13053 __ipv6_ifa_notify(RTM_DELADDR, ifa);
13054 + atomic_notifier_call_chain(&inet6addr_chain, NETDEV_DOWN, ifa);
13055 in6_ifa_put(ifa);
13057 write_lock_bh(&idev->lock);
13058 diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
13059 index 6dd3772..b1a7755 100644
13060 --- a/net/ipv6/af_inet6.c
13061 +++ b/net/ipv6/af_inet6.c
13062 @@ -487,7 +487,7 @@ const struct proto_ops inet6_stream_ops = {
13063 .shutdown = inet_shutdown, /* ok */
13064 .setsockopt = sock_common_setsockopt, /* ok */
13065 .getsockopt = sock_common_getsockopt, /* ok */
13066 - .sendmsg = inet_sendmsg, /* ok */
13067 + .sendmsg = tcp_sendmsg, /* ok */
13068 .recvmsg = sock_common_recvmsg, /* ok */
13069 .mmap = sock_no_mmap,
13070 .sendpage = tcp_sendpage,
13071 diff --git a/net/ipv6/anycast.c b/net/ipv6/anycast.c
13072 index 9b81264..2f49578 100644
13073 --- a/net/ipv6/anycast.c
13074 +++ b/net/ipv6/anycast.c
13075 @@ -66,6 +66,7 @@ ip6_onlink(struct in6_addr *addr, struct net_device *dev)
13076 break;
13077 }
13078 read_unlock_bh(&idev->lock);
13079 + in6_dev_put(idev);
13080 }
13081 rcu_read_unlock();
13082 return onlink;
13083 diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
13084 index e9bcce9..c956037 100644
13085 --- a/net/ipv6/icmp.c
13086 +++ b/net/ipv6/icmp.c
13087 @@ -604,7 +604,7 @@ static void icmpv6_notify(struct sk_buff *skb, int type, int code, __be32 info)
13089 read_lock(&raw_v6_lock);
13090 if ((sk = sk_head(&raw_v6_htable[hash])) != NULL) {
13091 - while((sk = __raw_v6_lookup(sk, nexthdr, daddr, saddr,
13092 + while ((sk = __raw_v6_lookup(sk, nexthdr, saddr, daddr,
13093 IP6CB(skb)->iif))) {
13094 rawv6_err(sk, skb, NULL, type, code, inner_offset, info);
13095 sk = sk_next(sk);
13096 diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
13097 index 4704b5f..4233a95 100644
13098 --- a/net/ipv6/ip6_output.c
13099 +++ b/net/ipv6/ip6_output.c
13100 @@ -790,7 +790,7 @@ slow_path:
13101 /*
13102 * Copy a block of the IP datagram.
13103 */
13104 - if (skb_copy_bits(skb, ptr, skb_transport_header(skb), len))
13105 + if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len))
13106 BUG();
13107 left -= len;
13109 @@ -1423,8 +1423,9 @@ void ip6_flush_pending_frames(struct sock *sk)
13110 struct sk_buff *skb;
13112 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) {
13113 - IP6_INC_STATS(ip6_dst_idev(skb->dst),
13114 - IPSTATS_MIB_OUTDISCARDS);
13115 + if (skb->dst)
13116 + IP6_INC_STATS(ip6_dst_idev(skb->dst),
13117 + IPSTATS_MIB_OUTDISCARDS);
13118 kfree_skb(skb);
13119 }
13121 diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
13122 index a0902fb..31f9252 100644
13123 --- a/net/ipv6/ip6_tunnel.c
13124 +++ b/net/ipv6/ip6_tunnel.c
13125 @@ -962,8 +962,8 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
13126 dsfield = ipv4_get_dsfield(iph);
13128 if ((t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS))
13129 - fl.fl6_flowlabel |= ntohl(((__u32)iph->tos << IPV6_TCLASS_SHIFT)
13130 - & IPV6_TCLASS_MASK);
13131 + fl.fl6_flowlabel |= htonl((__u32)iph->tos << IPV6_TCLASS_SHIFT)
13132 + & IPV6_TCLASS_MASK;
13134 err = ip6_tnl_xmit2(skb, dev, dsfield, &fl, encap_limit, &mtu);
13135 if (err != 0) {
13136 diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c
13137 index 1ee50b5..3680f64 100644
13138 --- a/net/ipv6/ipcomp6.c
13139 +++ b/net/ipv6/ipcomp6.c
13140 @@ -37,6 +37,7 @@
13141 #include <asm/scatterlist.h>
13142 #include <asm/semaphore.h>
13143 #include <linux/crypto.h>
13144 +#include <linux/err.h>
13145 #include <linux/pfkeyv2.h>
13146 #include <linux/random.h>
13147 #include <linux/percpu.h>
13148 @@ -366,7 +367,7 @@ static struct crypto_comp **ipcomp6_alloc_tfms(const char *alg_name)
13149 for_each_possible_cpu(cpu) {
13150 struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
13151 CRYPTO_ALG_ASYNC);
13152 - if (!tfm)
13153 + if (IS_ERR(tfm))
13154 goto error;
13155 *per_cpu_ptr(tfms, cpu) = tfm;
13156 }
13157 diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
13158 index aa3d07c..f329029 100644
13159 --- a/net/ipv6/ipv6_sockglue.c
13160 +++ b/net/ipv6/ipv6_sockglue.c
13161 @@ -825,7 +825,7 @@ static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt,
13162 return 0;
13164 len = min_t(unsigned int, len, ipv6_optlen(hdr));
13165 - if (copy_to_user(optval, hdr, len));
13166 + if (copy_to_user(optval, hdr, len))
13167 return -EFAULT;
13168 return ipv6_optlen(hdr);
13169 }
13170 diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
13171 index 0358e60..5b59665 100644
13172 --- a/net/ipv6/ndisc.c
13173 +++ b/net/ipv6/ndisc.c
13174 @@ -736,7 +736,7 @@ static void ndisc_recv_ns(struct sk_buff *skb)
13175 * so fail our DAD process
13176 */
13177 addrconf_dad_failure(ifp);
13178 - goto out;
13179 + return;
13180 } else {
13181 /*
13182 * This is not a dad solicitation.
13183 @@ -1268,9 +1268,10 @@ static void ndisc_redirect_rcv(struct sk_buff *skb)
13185 if (ipv6_addr_equal(dest, target)) {
13186 on_link = 1;
13187 - } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
13188 + } else if (ipv6_addr_type(target) !=
13189 + (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
13190 ND_PRINTK2(KERN_WARNING
13191 - "ICMPv6 Redirect: target address is not link-local.\n");
13192 + "ICMPv6 Redirect: target address is not link-local unicast.\n");
13193 return;
13194 }
13196 @@ -1344,9 +1345,9 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
13197 }
13199 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
13200 - !(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
13201 + ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
13202 ND_PRINTK2(KERN_WARNING
13203 - "ICMPv6 Redirect: target address is not link-local.\n");
13204 + "ICMPv6 Redirect: target address is not link-local unicast.\n");
13205 return;
13206 }
13208 diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
13209 index 5bb9cd3..a7a2517 100644
13210 --- a/net/ipv6/netfilter/ip6t_LOG.c
13211 +++ b/net/ipv6/netfilter/ip6t_LOG.c
13212 @@ -490,10 +490,8 @@ static int __init ip6t_log_init(void)
13213 ret = xt_register_target(&ip6t_log_reg);
13214 if (ret < 0)
13215 return ret;
13216 - ret = nf_log_register(PF_INET6, &ip6t_logger);
13217 - if (ret < 0 && ret != -EEXIST)
13218 - xt_unregister_target(&ip6t_log_reg);
13219 - return ret;
13220 + nf_log_register(PF_INET6, &ip6t_logger);
13221 + return 0;
13222 }
13224 static void __exit ip6t_log_fini(void)
13225 diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
13226 index a58459a..fc5cb83 100644
13227 --- a/net/ipv6/raw.c
13228 +++ b/net/ipv6/raw.c
13229 @@ -858,11 +858,10 @@ back_from_confirm:
13230 ip6_flush_pending_frames(sk);
13231 else if (!(msg->msg_flags & MSG_MORE))
13232 err = rawv6_push_pending_frames(sk, &fl, rp);
13233 + release_sock(sk);
13234 }
13235 done:
13236 dst_release(dst);
13237 - if (!inet->hdrincl)
13238 - release_sock(sk);
13239 out:
13240 fl6_sock_release(flowlabel);
13241 return err<0?err:len;
13242 diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
13243 index 193d9d6..2e8c317 100644
13244 --- a/net/ipv6/tcp_ipv6.c
13245 +++ b/net/ipv6/tcp_ipv6.c
13246 @@ -551,7 +551,7 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
13248 for (i = 0; i < tp->md5sig_info->entries6; i++) {
13249 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, addr) == 0)
13250 - return (struct tcp_md5sig_key *)&tp->md5sig_info->keys6[i];
13251 + return &tp->md5sig_info->keys6[i].base;
13252 }
13253 return NULL;
13254 }
13255 @@ -579,9 +579,9 @@ static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
13256 key = (struct tcp6_md5sig_key*) tcp_v6_md5_do_lookup(sk, peer);
13257 if (key) {
13258 /* modify existing entry - just update that one */
13259 - kfree(key->key);
13260 - key->key = newkey;
13261 - key->keylen = newkeylen;
13262 + kfree(key->base.key);
13263 + key->base.key = newkey;
13264 + key->base.keylen = newkeylen;
13265 } else {
13266 /* reallocate new list if current one is full. */
13267 if (!tp->md5sig_info) {
13268 @@ -615,8 +615,8 @@ static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
13270 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
13271 peer);
13272 - tp->md5sig_info->keys6[tp->md5sig_info->entries6].key = newkey;
13273 - tp->md5sig_info->keys6[tp->md5sig_info->entries6].keylen = newkeylen;
13274 + tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
13275 + tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
13277 tp->md5sig_info->entries6++;
13278 }
13279 @@ -638,12 +638,13 @@ static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
13280 for (i = 0; i < tp->md5sig_info->entries6; i++) {
13281 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, peer) == 0) {
13282 /* Free the key */
13283 - kfree(tp->md5sig_info->keys6[i].key);
13284 + kfree(tp->md5sig_info->keys6[i].base.key);
13285 tp->md5sig_info->entries6--;
13287 if (tp->md5sig_info->entries6 == 0) {
13288 kfree(tp->md5sig_info->keys6);
13289 tp->md5sig_info->keys6 = NULL;
13290 + tp->md5sig_info->alloced6 = 0;
13292 tcp_free_md5sig_pool();
13294 @@ -668,7 +669,7 @@ static void tcp_v6_clear_md5_list (struct sock *sk)
13296 if (tp->md5sig_info->entries6) {
13297 for (i = 0; i < tp->md5sig_info->entries6; i++)
13298 - kfree(tp->md5sig_info->keys6[i].key);
13299 + kfree(tp->md5sig_info->keys6[i].base.key);
13300 tp->md5sig_info->entries6 = 0;
13301 tcp_free_md5sig_pool();
13302 }
13303 @@ -679,7 +680,7 @@ static void tcp_v6_clear_md5_list (struct sock *sk)
13305 if (tp->md5sig_info->entries4) {
13306 for (i = 0; i < tp->md5sig_info->entries4; i++)
13307 - kfree(tp->md5sig_info->keys4[i].key);
13308 + kfree(tp->md5sig_info->keys4[i].base.key);
13309 tp->md5sig_info->entries4 = 0;
13310 tcp_free_md5sig_pool();
13311 }
13312 @@ -2134,7 +2135,6 @@ struct proto tcpv6_prot = {
13313 .shutdown = tcp_shutdown,
13314 .setsockopt = tcp_setsockopt,
13315 .getsockopt = tcp_getsockopt,
13316 - .sendmsg = tcp_sendmsg,
13317 .recvmsg = tcp_recvmsg,
13318 .backlog_rcv = tcp_v6_do_rcv,
13319 .hash = tcp_v6_hash,
13320 diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
13321 index dcd7e32..73708b5 100644
13322 --- a/net/irda/af_irda.c
13323 +++ b/net/irda/af_irda.c
13324 @@ -1115,8 +1115,6 @@ static int irda_create(struct socket *sock, int protocol)
13325 self->max_sdu_size_rx = TTP_SAR_UNBOUND;
13326 break;
13327 default:
13328 - IRDA_ERROR("%s: protocol not supported!\n",
13329 - __FUNCTION__);
13330 return -ESOCKTNOSUPPORT;
13331 }
13332 break;
13333 diff --git a/net/key/af_key.c b/net/key/af_key.c
13334 index 0f8304b..0be3be2 100644
13335 --- a/net/key/af_key.c
13336 +++ b/net/key/af_key.c
13337 @@ -1543,7 +1543,7 @@ static int pfkey_get(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr,
13339 out_hdr = (struct sadb_msg *) out_skb->data;
13340 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
13341 - out_hdr->sadb_msg_type = SADB_DUMP;
13342 + out_hdr->sadb_msg_type = SADB_GET;
13343 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
13344 out_hdr->sadb_msg_errno = 0;
13345 out_hdr->sadb_msg_reserved = 0;
13346 @@ -2777,12 +2777,22 @@ static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp)
13348 static inline int aalg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
13349 {
13350 - return t->aalgos & (1 << d->desc.sadb_alg_id);
13351 + unsigned int id = d->desc.sadb_alg_id;
13352 +
13353 + if (id >= sizeof(t->aalgos) * 8)
13354 + return 0;
13355 +
13356 + return (t->aalgos >> id) & 1;
13357 }
13359 static inline int ealg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
13360 {
13361 - return t->ealgos & (1 << d->desc.sadb_alg_id);
13362 + unsigned int id = d->desc.sadb_alg_id;
13363 +
13364 + if (id >= sizeof(t->ealgos) * 8)
13365 + return 0;
13366 +
13367 + return (t->ealgos >> id) & 1;
13368 }
13370 static int count_ah_combs(struct xfrm_tmpl *t)
13371 diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c
13372 index 4e84f24..b9f2507 100644
13373 --- a/net/mac80211/ieee80211.c
13374 +++ b/net/mac80211/ieee80211.c
13375 @@ -24,6 +24,7 @@
13376 #include <linux/compiler.h>
13377 #include <linux/bitmap.h>
13378 #include <net/cfg80211.h>
13379 +#include <asm/unaligned.h>
13381 #include "ieee80211_common.h"
13382 #include "ieee80211_i.h"
13383 @@ -338,7 +339,7 @@ static int ieee80211_get_radiotap_len(struct sk_buff *skb)
13384 struct ieee80211_radiotap_header *hdr =
13385 (struct ieee80211_radiotap_header *) skb->data;
13387 - return le16_to_cpu(hdr->it_len);
13388 + return le16_to_cpu(get_unaligned(&hdr->it_len));
13389 }
13391 #ifdef CONFIG_MAC80211_LOWTX_FRAME_DUMP
13392 @@ -2615,9 +2616,10 @@ ieee80211_rx_h_data(struct ieee80211_txrx_data *rx)
13393 memcpy(dst, hdr->addr1, ETH_ALEN);
13394 memcpy(src, hdr->addr3, ETH_ALEN);
13396 - if (sdata->type != IEEE80211_IF_TYPE_STA) {
13397 + if (sdata->type != IEEE80211_IF_TYPE_STA ||
13398 + (is_multicast_ether_addr(dst) &&
13399 + !compare_ether_addr(src, dev->dev_addr)))
13400 return TXRX_DROP;
13401 - }
13402 break;
13403 case 0:
13404 /* DA SA BSSID */
13405 diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
13406 index 0d3254b..6e41ba5 100644
13407 --- a/net/netfilter/nf_conntrack_proto_sctp.c
13408 +++ b/net/netfilter/nf_conntrack_proto_sctp.c
13409 @@ -460,7 +460,8 @@ static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb,
13410 SCTP_CONNTRACK_NONE, sch->type);
13412 /* Invalid: delete conntrack */
13413 - if (newconntrack == SCTP_CONNTRACK_MAX) {
13414 + if (newconntrack == SCTP_CONNTRACK_NONE ||
13415 + newconntrack == SCTP_CONNTRACK_MAX) {
13416 DEBUGP("nf_conntrack_sctp: invalid new deleting.\n");
13417 return 0;
13418 }
13419 diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
13420 index ccdd5d2..baff1f4 100644
13421 --- a/net/netfilter/nf_conntrack_proto_tcp.c
13422 +++ b/net/netfilter/nf_conntrack_proto_tcp.c
13423 @@ -143,7 +143,7 @@ enum tcp_bit_set {
13424 * CLOSE_WAIT: ACK seen (after FIN)
13425 * LAST_ACK: FIN seen (after FIN)
13426 * TIME_WAIT: last ACK seen
13427 - * CLOSE: closed connection
13428 + * CLOSE: closed connection (RST)
13429 *
13430 * LISTEN state is not used.
13431 *
13432 @@ -839,19 +839,55 @@ static int tcp_packet(struct nf_conn *conntrack,
13433 new_state = tcp_conntracks[dir][index][old_state];
13435 switch (new_state) {
13436 + case TCP_CONNTRACK_SYN_SENT:
13437 + if (old_state < TCP_CONNTRACK_TIME_WAIT)
13438 + break;
13439 + /* RFC 1122: "When a connection is closed actively,
13440 + * it MUST linger in TIME-WAIT state for a time 2xMSL
13441 + * (Maximum Segment Lifetime). However, it MAY accept
13442 + * a new SYN from the remote TCP to reopen the connection
13443 + * directly from TIME-WAIT state, if..."
13444 + * We ignore the conditions because we are in the
13445 + * TIME-WAIT state anyway.
13446 + *
13447 + * Handle aborted connections: we and the server
13448 + * think there is an existing connection but the client
13449 + * aborts it and starts a new one.
13450 + */
13451 + if (((conntrack->proto.tcp.seen[dir].flags
13452 + | conntrack->proto.tcp.seen[!dir].flags)
13453 + & IP_CT_TCP_FLAG_CLOSE_INIT)
13454 + || (conntrack->proto.tcp.last_dir == dir
13455 + && conntrack->proto.tcp.last_index == TCP_RST_SET)) {
13456 + /* Attempt to reopen a closed/aborted connection.
13457 + * Delete this connection and look up again. */
13458 + write_unlock_bh(&tcp_lock);
13459 + if (del_timer(&conntrack->timeout))
13460 + conntrack->timeout.function((unsigned long)
13461 + conntrack);
13462 + return -NF_REPEAT;
13463 + }
13464 + /* Fall through */
13465 case TCP_CONNTRACK_IGNORE:
13466 /* Ignored packets:
13467 *
13468 + * Our connection entry may be out of sync, so ignore
13469 + * packets which may signal the real connection between
13470 + * the client and the server.
13471 + *
13472 * a) SYN in ORIGINAL
13473 * b) SYN/ACK in REPLY
13474 * c) ACK in reply direction after initial SYN in original.
13475 + *
13476 + * If the ignored packet is invalid, the receiver will send
13477 + * a RST we'll catch below.
13478 */
13479 if (index == TCP_SYNACK_SET
13480 && conntrack->proto.tcp.last_index == TCP_SYN_SET
13481 && conntrack->proto.tcp.last_dir != dir
13482 && ntohl(th->ack_seq) ==
13483 conntrack->proto.tcp.last_end) {
13484 - /* This SYN/ACK acknowledges a SYN that we earlier
13485 + /* b) This SYN/ACK acknowledges a SYN that we earlier
13486 * ignored as invalid. This means that the client and
13487 * the server are both in sync, while the firewall is
13488 * not. We kill this session and block the SYN/ACK so
13489 @@ -876,7 +912,7 @@ static int tcp_packet(struct nf_conn *conntrack,
13490 write_unlock_bh(&tcp_lock);
13491 if (LOG_INVALID(IPPROTO_TCP))
13492 nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
13493 - "nf_ct_tcp: invalid packed ignored ");
13494 + "nf_ct_tcp: invalid packet ignored ");
13495 return NF_ACCEPT;
13496 case TCP_CONNTRACK_MAX:
13497 /* Invalid packet */
13498 @@ -888,27 +924,6 @@ static int tcp_packet(struct nf_conn *conntrack,
13499 nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
13500 "nf_ct_tcp: invalid state ");
13501 return -NF_ACCEPT;
13502 - case TCP_CONNTRACK_SYN_SENT:
13503 - if (old_state < TCP_CONNTRACK_TIME_WAIT)
13504 - break;
13505 - if ((conntrack->proto.tcp.seen[dir].flags &
13506 - IP_CT_TCP_FLAG_CLOSE_INIT)
13507 - || after(ntohl(th->seq),
13508 - conntrack->proto.tcp.seen[dir].td_end)) {
13509 - /* Attempt to reopen a closed connection.
13510 - * Delete this connection and look up again. */
13511 - write_unlock_bh(&tcp_lock);
13512 - if (del_timer(&conntrack->timeout))
13513 - conntrack->timeout.function((unsigned long)
13514 - conntrack);
13515 - return -NF_REPEAT;
13516 - } else {
13517 - write_unlock_bh(&tcp_lock);
13518 - if (LOG_INVALID(IPPROTO_TCP))
13519 - nf_log_packet(pf, 0, skb, NULL, NULL,
13520 - NULL, "nf_ct_tcp: invalid SYN");
13521 - return -NF_ACCEPT;
13522 - }
13523 case TCP_CONNTRACK_CLOSE:
13524 if (index == TCP_RST_SET
13525 && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)
13526 @@ -941,6 +956,7 @@ static int tcp_packet(struct nf_conn *conntrack,
13527 in_window:
13528 /* From now on we have got in-window packets */
13529 conntrack->proto.tcp.last_index = index;
13530 + conntrack->proto.tcp.last_dir = dir;
13532 DEBUGP("tcp_conntracks: src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu "
13533 "syn=%i ack=%i fin=%i rst=%i old=%i new=%i\n",
13534 @@ -952,8 +968,7 @@ static int tcp_packet(struct nf_conn *conntrack,
13536 conntrack->proto.tcp.state = new_state;
13537 if (old_state != new_state
13538 - && (new_state == TCP_CONNTRACK_FIN_WAIT
13539 - || new_state == TCP_CONNTRACK_CLOSE))
13540 + && new_state == TCP_CONNTRACK_FIN_WAIT)
13541 conntrack->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT;
13542 timeout = conntrack->proto.tcp.retrans >= nf_ct_tcp_max_retrans
13543 && *tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans
13544 diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
13545 index 15fe8f6..fe7b3d8 100644
13546 --- a/net/netfilter/xt_TCPMSS.c
13547 +++ b/net/netfilter/xt_TCPMSS.c
13548 @@ -178,10 +178,8 @@ xt_tcpmss_target6(struct sk_buff **pskb,
13550 nexthdr = ipv6h->nexthdr;
13551 tcphoff = ipv6_skip_exthdr(*pskb, sizeof(*ipv6h), &nexthdr);
13552 - if (tcphoff < 0) {
13553 - WARN_ON(1);
13554 + if (tcphoff < 0)
13555 return NF_DROP;
13556 - }
13557 ret = tcpmss_mangle_packet(pskb, targinfo, tcphoff,
13558 sizeof(*ipv6h) + sizeof(struct tcphdr));
13559 if (ret < 0)
13560 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
13561 index 1f15821..6ac83c2 100644
13562 --- a/net/netlink/af_netlink.c
13563 +++ b/net/netlink/af_netlink.c
13564 @@ -732,7 +732,7 @@ struct sock *netlink_getsockbyfilp(struct file *filp)
13565 * 1: repeat lookup - reference dropped while waiting for socket memory.
13566 */
13567 int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
13568 - long timeo, struct sock *ssk)
13569 + long *timeo, struct sock *ssk)
13570 {
13571 struct netlink_sock *nlk;
13573 @@ -741,7 +741,7 @@ int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
13574 if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf ||
13575 test_bit(0, &nlk->state)) {
13576 DECLARE_WAITQUEUE(wait, current);
13577 - if (!timeo) {
13578 + if (!*timeo) {
13579 if (!ssk || nlk_sk(ssk)->pid == 0)
13580 netlink_overrun(sk);
13581 sock_put(sk);
13582 @@ -755,7 +755,7 @@ int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
13583 if ((atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf ||
13584 test_bit(0, &nlk->state)) &&
13585 !sock_flag(sk, SOCK_DEAD))
13586 - timeo = schedule_timeout(timeo);
13587 + *timeo = schedule_timeout(*timeo);
13589 __set_current_state(TASK_RUNNING);
13590 remove_wait_queue(&nlk->wait, &wait);
13591 @@ -763,7 +763,7 @@ int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
13593 if (signal_pending(current)) {
13594 kfree_skb(skb);
13595 - return sock_intr_errno(timeo);
13596 + return sock_intr_errno(*timeo);
13597 }
13598 return 1;
13599 }
13600 @@ -827,7 +827,7 @@ retry:
13601 kfree_skb(skb);
13602 return PTR_ERR(sk);
13603 }
13604 - err = netlink_attachskb(sk, skb, nonblock, timeo, ssk);
13605 + err = netlink_attachskb(sk, skb, nonblock, &timeo, ssk);
13606 if (err == 1)
13607 goto retry;
13608 if (err)
13609 diff --git a/net/netrom/nr_dev.c b/net/netrom/nr_dev.c
13610 index c7b5d93..69e77d5 100644
13611 --- a/net/netrom/nr_dev.c
13612 +++ b/net/netrom/nr_dev.c
13613 @@ -56,7 +56,7 @@ int nr_rx_ip(struct sk_buff *skb, struct net_device *dev)
13615 /* Spoof incoming device */
13616 skb->dev = dev;
13617 - skb_reset_mac_header(skb);
13618 + skb->mac_header = skb->network_header;
13619 skb_reset_network_header(skb);
13620 skb->pkt_type = PACKET_HOST;
13622 diff --git a/net/rfkill/rfkill-input.c b/net/rfkill/rfkill-input.c
13623 index e5c840c..230e35c 100644
13624 --- a/net/rfkill/rfkill-input.c
13625 +++ b/net/rfkill/rfkill-input.c
13626 @@ -55,7 +55,7 @@ static void rfkill_task_handler(struct work_struct *work)
13628 static void rfkill_schedule_toggle(struct rfkill_task *task)
13629 {
13630 - unsigned int flags;
13631 + unsigned long flags;
13633 spin_lock_irqsave(&task->lock, flags);
13635 diff --git a/net/rose/rose_loopback.c b/net/rose/rose_loopback.c
13636 index cd01642..114df6e 100644
13637 --- a/net/rose/rose_loopback.c
13638 +++ b/net/rose/rose_loopback.c
13639 @@ -79,7 +79,7 @@ static void rose_loopback_timer(unsigned long param)
13641 skb_reset_transport_header(skb);
13643 - sk = rose_find_socket(lci_o, &rose_loopback_neigh);
13644 + sk = rose_find_socket(lci_o, rose_loopback_neigh);
13645 if (sk) {
13646 if (rose_process_rx_frame(sk, skb) == 0)
13647 kfree_skb(skb);
13648 @@ -88,7 +88,7 @@ static void rose_loopback_timer(unsigned long param)
13650 if (frametype == ROSE_CALL_REQUEST) {
13651 if ((dev = rose_dev_get(dest)) != NULL) {
13652 - if (rose_rx_call_request(skb, dev, &rose_loopback_neigh, lci_o) == 0)
13653 + if (rose_rx_call_request(skb, dev, rose_loopback_neigh, lci_o) == 0)
13654 kfree_skb(skb);
13655 } else {
13656 kfree_skb(skb);
13657 diff --git a/net/rose/rose_route.c b/net/rose/rose_route.c
13658 index 929a784..163f346 100644
13659 --- a/net/rose/rose_route.c
13660 +++ b/net/rose/rose_route.c
13661 @@ -45,7 +45,7 @@ static DEFINE_SPINLOCK(rose_neigh_list_lock);
13662 static struct rose_route *rose_route_list;
13663 static DEFINE_SPINLOCK(rose_route_list_lock);
13665 -struct rose_neigh rose_loopback_neigh;
13666 +struct rose_neigh *rose_loopback_neigh;
13668 /*
13669 * Add a new route to a node, and in the process add the node and the
13670 @@ -362,7 +362,12 @@ out:
13671 */
13672 void rose_add_loopback_neigh(void)
13673 {
13674 - struct rose_neigh *sn = &rose_loopback_neigh;
13675 + struct rose_neigh *sn;
13676 +
13677 + rose_loopback_neigh = kmalloc(sizeof(struct rose_neigh), GFP_KERNEL);
13678 + if (!rose_loopback_neigh)
13679 + return;
13680 + sn = rose_loopback_neigh;
13682 sn->callsign = null_ax25_address;
13683 sn->digipeat = NULL;
13684 @@ -417,13 +422,13 @@ int rose_add_loopback_node(rose_address *address)
13685 rose_node->mask = 10;
13686 rose_node->count = 1;
13687 rose_node->loopback = 1;
13688 - rose_node->neighbour[0] = &rose_loopback_neigh;
13689 + rose_node->neighbour[0] = rose_loopback_neigh;
13691 /* Insert at the head of list. Address is always mask=10 */
13692 rose_node->next = rose_node_list;
13693 rose_node_list = rose_node;
13695 - rose_loopback_neigh.count++;
13696 + rose_loopback_neigh->count++;
13698 out:
13699 spin_unlock_bh(&rose_node_list_lock);
13700 @@ -454,7 +459,7 @@ void rose_del_loopback_node(rose_address *address)
13702 rose_remove_node(rose_node);
13704 - rose_loopback_neigh.count--;
13705 + rose_loopback_neigh->count--;
13707 out:
13708 spin_unlock_bh(&rose_node_list_lock);
13709 diff --git a/net/rxrpc/Kconfig b/net/rxrpc/Kconfig
13710 index e662f1d..0d3103c 100644
13711 --- a/net/rxrpc/Kconfig
13712 +++ b/net/rxrpc/Kconfig
13713 @@ -5,6 +5,7 @@
13714 config AF_RXRPC
13715 tristate "RxRPC session sockets"
13716 depends on INET && EXPERIMENTAL
13717 + select CRYPTO
13718 select KEYS
13719 help
13720 Say Y or M here to include support for RxRPC session sockets (just
13721 diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
13722 index c7a347b..1d36265 100644
13723 --- a/net/sched/cls_u32.c
13724 +++ b/net/sched/cls_u32.c
13725 @@ -107,7 +107,7 @@ static struct tc_u_common *u32_list;
13727 static __inline__ unsigned u32_hash_fold(u32 key, struct tc_u32_sel *sel, u8 fshift)
13728 {
13729 - unsigned h = (key & sel->hmask)>>fshift;
13730 + unsigned h = ntohl(key & sel->hmask)>>fshift;
13732 return h;
13733 }
13734 @@ -518,7 +518,7 @@ static int u32_set_parms(struct tcf_proto *tp, unsigned long base,
13736 #ifdef CONFIG_NET_CLS_IND
13737 if (tb[TCA_U32_INDEV-1]) {
13738 - int err = tcf_change_indev(tp, n->indev, tb[TCA_U32_INDEV-1]);
13739 + err = tcf_change_indev(tp, n->indev, tb[TCA_U32_INDEV-1]);
13740 if (err < 0)
13741 goto errout;
13742 }
13743 @@ -631,7 +631,7 @@ static int u32_change(struct tcf_proto *tp, unsigned long base, u32 handle,
13744 n->handle = handle;
13745 {
13746 u8 i = 0;
13747 - u32 mask = s->hmask;
13748 + u32 mask = ntohl(s->hmask);
13749 if (mask) {
13750 while (!(mask & 1)) {
13751 i++;
13752 diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
13753 index bec600a..7a6b0b7 100644
13754 --- a/net/sched/sch_api.c
13755 +++ b/net/sched/sch_api.c
13756 @@ -290,11 +290,7 @@ static enum hrtimer_restart qdisc_watchdog(struct hrtimer *timer)
13758 wd->qdisc->flags &= ~TCQ_F_THROTTLED;
13759 smp_wmb();
13760 - if (spin_trylock(&dev->queue_lock)) {
13761 - qdisc_run(dev);
13762 - spin_unlock(&dev->queue_lock);
13763 - } else
13764 - netif_schedule(dev);
13765 + netif_schedule(dev);
13767 return HRTIMER_NORESTART;
13768 }
13769 diff --git a/net/sched/sch_teql.c b/net/sched/sch_teql.c
13770 index f05ad9a..656ccd9 100644
13771 --- a/net/sched/sch_teql.c
13772 +++ b/net/sched/sch_teql.c
13773 @@ -263,6 +263,9 @@ __teql_resolve(struct sk_buff *skb, struct sk_buff *skb_res, struct net_device *
13774 static __inline__ int
13775 teql_resolve(struct sk_buff *skb, struct sk_buff *skb_res, struct net_device *dev)
13776 {
13777 + if (dev->qdisc == &noop_qdisc)
13778 + return -ENODEV;
13779 +
13780 if (dev->hard_header == NULL ||
13781 skb->dst == NULL ||
13782 skb->dst->neighbour == NULL)
13783 diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
13784 index 2c29394..2164b51 100644
13785 --- a/net/sctp/ipv6.c
13786 +++ b/net/sctp/ipv6.c
13787 @@ -875,6 +875,10 @@ static int sctp_inet6_send_verify(struct sctp_sock *opt, union sctp_addr *addr)
13788 dev = dev_get_by_index(addr->v6.sin6_scope_id);
13789 if (!dev)
13790 return 0;
13791 + if (!ipv6_chk_addr(&addr->v6.sin6_addr, dev, 0)) {
13792 + dev_put(dev);
13793 + return 0;
13794 + }
13795 dev_put(dev);
13796 }
13797 af = opt->pf->af;
13798 diff --git a/net/socket.c b/net/socket.c
13799 index f453019..8211578 100644
13800 --- a/net/socket.c
13801 +++ b/net/socket.c
13802 @@ -778,9 +778,6 @@ static ssize_t sock_aio_write(struct kiocb *iocb, const struct iovec *iov,
13803 if (pos != 0)
13804 return -ESPIPE;
13806 - if (iocb->ki_left == 0) /* Match SYS5 behaviour */
13807 - return 0;
13808 -
13809 x = alloc_sock_iocb(iocb, &siocb);
13810 if (!x)
13811 return -ENOMEM;
13812 @@ -1169,7 +1166,7 @@ static int __sock_create(int family, int type, int protocol,
13813 module_put(pf->owner);
13814 err = security_socket_post_create(sock, family, type, protocol, kern);
13815 if (err)
13816 - goto out_release;
13817 + goto out_sock_release;
13818 *res = sock;
13820 return 0;
13821 @@ -1249,11 +1246,14 @@ asmlinkage long sys_socketpair(int family, int type, int protocol,
13822 goto out_release_both;
13824 fd1 = sock_alloc_fd(&newfile1);
13825 - if (unlikely(fd1 < 0))
13826 + if (unlikely(fd1 < 0)) {
13827 + err = fd1;
13828 goto out_release_both;
13829 + }
13831 fd2 = sock_alloc_fd(&newfile2);
13832 if (unlikely(fd2 < 0)) {
13833 + err = fd2;
13834 put_filp(newfile1);
13835 put_unused_fd(fd1);
13836 goto out_release_both;
13837 diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
13838 index 099a983..805e725 100644
13839 --- a/net/sunrpc/auth_gss/svcauth_gss.c
13840 +++ b/net/sunrpc/auth_gss/svcauth_gss.c
13841 @@ -760,11 +760,12 @@ svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
13842 new->h.flavour = &svcauthops_gss;
13843 new->pseudoflavor = pseudoflavor;
13845 + stat = 0;
13846 test = auth_domain_lookup(name, &new->h);
13847 - if (test != &new->h) { /* XXX Duplicate registration? */
13848 - auth_domain_put(&new->h);
13849 - /* dangling ref-count... */
13850 - goto out;
13851 + if (test != &new->h) { /* Duplicate registration */
13852 + auth_domain_put(test);
13853 + kfree(new->h.name);
13854 + goto out_free_dom;
13855 }
13856 return 0;
13858 diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
13859 index 5baf48d..80a0091 100644
13860 --- a/net/sunrpc/svcsock.c
13861 +++ b/net/sunrpc/svcsock.c
13862 @@ -1090,7 +1090,8 @@ svc_tcp_accept(struct svc_sock *svsk)
13863 serv->sv_name);
13864 printk(KERN_NOTICE
13865 "%s: last TCP connect from %s\n",
13866 - serv->sv_name, buf);
13867 + serv->sv_name, __svc_print_addr(sin,
13868 + buf, sizeof(buf)));
13869 }
13870 /*
13871 * Always select the oldest socket. It's not fair,
13872 @@ -1572,7 +1573,8 @@ svc_age_temp_sockets(unsigned long closure)
13874 if (!test_and_set_bit(SK_OLD, &svsk->sk_flags))
13875 continue;
13876 - if (atomic_read(&svsk->sk_inuse) || test_bit(SK_BUSY, &svsk->sk_flags))
13877 + if (atomic_read(&svsk->sk_inuse) > 1
13878 + || test_bit(SK_BUSY, &svsk->sk_flags))
13879 continue;
13880 atomic_inc(&svsk->sk_inuse);
13881 list_move(le, &to_be_aged);
13882 diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
13883 index d70fa30..ae80150 100644
13884 --- a/net/unix/af_unix.c
13885 +++ b/net/unix/af_unix.c
13886 @@ -1608,8 +1608,15 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
13887 mutex_lock(&u->readlock);
13889 skb = skb_recv_datagram(sk, flags, noblock, &err);
13890 - if (!skb)
13891 + if (!skb) {
13892 + unix_state_lock(sk);
13893 + /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
13894 + if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
13895 + (sk->sk_shutdown & RCV_SHUTDOWN))
13896 + err = 0;
13897 + unix_state_unlock(sk);
13898 goto out_unlock;
13899 + }
13901 wake_up_interruptible(&u->peer_wait);
13903 diff --git a/net/x25/x25_forward.c b/net/x25/x25_forward.c
13904 index 8738ec7..3447803 100644
13905 --- a/net/x25/x25_forward.c
13906 +++ b/net/x25/x25_forward.c
13907 @@ -118,13 +118,14 @@ int x25_forward_data(int lci, struct x25_neigh *from, struct sk_buff *skb) {
13908 goto out;
13910 if ( (skbn = pskb_copy(skb, GFP_ATOMIC)) == NULL){
13911 - goto out;
13912 + goto output;
13914 }
13915 x25_transmit_link(skbn, nb);
13917 - x25_neigh_put(nb);
13918 rc = 1;
13919 +output:
13920 + x25_neigh_put(nb);
13921 out:
13922 return rc;
13923 }
13924 diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
13925 index 157bfbd..1c86a23 100644
13926 --- a/net/xfrm/xfrm_policy.c
13927 +++ b/net/xfrm/xfrm_policy.c
13928 @@ -1479,8 +1479,9 @@ restart:
13930 if (sk && sk->sk_policy[1]) {
13931 policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl);
13932 + err = PTR_ERR(policy);
13933 if (IS_ERR(policy))
13934 - return PTR_ERR(policy);
13935 + goto dropdst;
13936 }
13938 if (!policy) {
13939 @@ -1491,8 +1492,9 @@ restart:
13941 policy = flow_cache_lookup(fl, dst_orig->ops->family,
13942 dir, xfrm_policy_lookup);
13943 + err = PTR_ERR(policy);
13944 if (IS_ERR(policy))
13945 - return PTR_ERR(policy);
13946 + goto dropdst;
13947 }
13949 if (!policy)
13950 @@ -1661,8 +1663,9 @@ restart:
13951 return 0;
13953 error:
13954 - dst_release(dst_orig);
13955 xfrm_pols_put(pols, npols);
13956 +dropdst:
13957 + dst_release(dst_orig);
13958 *dst_p = NULL;
13959 return err;
13960 }
13961 @@ -2141,7 +2144,7 @@ int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first,
13962 if (last == first)
13963 break;
13965 - last = last->u.next;
13966 + last = (struct xfrm_dst *)last->u.dst.next;
13967 last->child_mtu_cached = mtu;
13968 }
13970 diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
13971 index dfacb9c..7775488 100644
13972 --- a/net/xfrm/xfrm_state.c
13973 +++ b/net/xfrm/xfrm_state.c
13974 @@ -371,7 +371,7 @@ int __xfrm_state_delete(struct xfrm_state *x)
13975 * The xfrm_state_alloc call gives a reference, and that
13976 * is what we are dropping here.
13977 */
13978 - __xfrm_state_put(x);
13979 + xfrm_state_put(x);
13980 err = 0;
13981 }
13983 diff --git a/scripts/kconfig/conf.c b/scripts/kconfig/conf.c
13984 index 1199baf..45550d2 100644
13985 --- a/scripts/kconfig/conf.c
13986 +++ b/scripts/kconfig/conf.c
13987 @@ -64,7 +64,7 @@ static void check_stdin(void)
13988 }
13989 }
13991 -static void conf_askvalue(struct symbol *sym, const char *def)
13992 +static int conf_askvalue(struct symbol *sym, const char *def)
13993 {
13994 enum symbol_type type = sym_get_type(sym);
13995 tristate val;
13996 @@ -79,7 +79,7 @@ static void conf_askvalue(struct symbol *sym, const char *def)
13997 printf("%s\n", def);
13998 line[0] = '\n';
13999 line[1] = 0;
14000 - return;
14001 + return 0;
14002 }
14004 switch (input_mode) {
14005 @@ -89,23 +89,23 @@ static void conf_askvalue(struct symbol *sym, const char *def)
14006 case set_random:
14007 if (sym_has_value(sym)) {
14008 printf("%s\n", def);
14009 - return;
14010 + return 0;
14011 }
14012 break;
14013 case ask_new:
14014 case ask_silent:
14015 if (sym_has_value(sym)) {
14016 printf("%s\n", def);
14017 - return;
14018 + return 0;
14019 }
14020 check_stdin();
14021 case ask_all:
14022 fflush(stdout);
14023 fgets(line, 128, stdin);
14024 - return;
14025 + return 1;
14026 case set_default:
14027 printf("%s\n", def);
14028 - return;
14029 + return 1;
14030 default:
14031 break;
14032 }
14033 @@ -115,7 +115,7 @@ static void conf_askvalue(struct symbol *sym, const char *def)
14034 case S_HEX:
14035 case S_STRING:
14036 printf("%s\n", def);
14037 - return;
14038 + return 1;
14039 default:
14040 ;
14041 }
14042 @@ -166,6 +166,7 @@ static void conf_askvalue(struct symbol *sym, const char *def)
14043 break;
14044 }
14045 printf("%s", line);
14046 + return 1;
14047 }
14049 int conf_string(struct menu *menu)
14050 @@ -179,7 +180,8 @@ int conf_string(struct menu *menu)
14051 def = sym_get_string_value(sym);
14052 if (sym_get_string_value(sym))
14053 printf("[%s] ", def);
14054 - conf_askvalue(sym, def);
14055 + if (!conf_askvalue(sym, def))
14056 + return 0;
14057 switch (line[0]) {
14058 case '\n':
14059 break;
14060 @@ -236,7 +238,8 @@ static int conf_sym(struct menu *menu)
14061 if (sym->help)
14062 printf("/?");
14063 printf("] ");
14064 - conf_askvalue(sym, sym_get_string_value(sym));
14065 + if (!conf_askvalue(sym, sym_get_string_value(sym)))
14066 + return 0;
14067 strip(line);
14069 switch (line[0]) {
14070 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
14071 index ad8dd4e..1ee7ca9 100644
14072 --- a/security/selinux/hooks.c
14073 +++ b/security/selinux/hooks.c
14074 @@ -1906,6 +1906,9 @@ static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
14075 spin_unlock_irq(¤t->sighand->siglock);
14076 }
14078 + /* Always clear parent death signal on SID transitions. */
14079 + current->pdeath_signal = 0;
14080 +
14081 /* Check whether the new SID can inherit resource limits
14082 from the old SID. If not, reset all soft limits to
14083 the lower of the current task's hard limit and the init
14084 diff --git a/sound/core/memalloc.c b/sound/core/memalloc.c
14085 index f057430..9b5656d 100644
14086 --- a/sound/core/memalloc.c
14087 +++ b/sound/core/memalloc.c
14088 @@ -27,6 +27,7 @@
14089 #include <linux/pci.h>
14090 #include <linux/slab.h>
14091 #include <linux/mm.h>
14092 +#include <linux/seq_file.h>
14093 #include <asm/uaccess.h>
14094 #include <linux/dma-mapping.h>
14095 #include <linux/moduleparam.h>
14096 @@ -481,53 +482,54 @@ static void free_all_reserved_pages(void)
14097 #define SND_MEM_PROC_FILE "driver/snd-page-alloc"
14098 static struct proc_dir_entry *snd_mem_proc;
14100 -static int snd_mem_proc_read(char *page, char **start, off_t off,
14101 - int count, int *eof, void *data)
14102 +static int snd_mem_proc_read(struct seq_file *seq, void *offset)
14103 {
14104 - int len = 0;
14105 long pages = snd_allocated_pages >> (PAGE_SHIFT-12);
14106 struct snd_mem_list *mem;
14107 int devno;
14108 static char *types[] = { "UNKNOWN", "CONT", "DEV", "DEV-SG", "SBUS" };
14110 mutex_lock(&list_mutex);
14111 - len += snprintf(page + len, count - len,
14112 - "pages : %li bytes (%li pages per %likB)\n",
14113 - pages * PAGE_SIZE, pages, PAGE_SIZE / 1024);
14114 + seq_printf(seq, "pages : %li bytes (%li pages per %likB)\n",
14115 + pages * PAGE_SIZE, pages, PAGE_SIZE / 1024);
14116 devno = 0;
14117 list_for_each_entry(mem, &mem_list_head, list) {
14118 devno++;
14119 - len += snprintf(page + len, count - len,
14120 - "buffer %d : ID %08x : type %s\n",
14121 - devno, mem->id, types[mem->buffer.dev.type]);
14122 - len += snprintf(page + len, count - len,
14123 - " addr = 0x%lx, size = %d bytes\n",
14124 - (unsigned long)mem->buffer.addr, (int)mem->buffer.bytes);
14125 + seq_printf(seq, "buffer %d : ID %08x : type %s\n",
14126 + devno, mem->id, types[mem->buffer.dev.type]);
14127 + seq_printf(seq, " addr = 0x%lx, size = %d bytes\n",
14128 + (unsigned long)mem->buffer.addr,
14129 + (int)mem->buffer.bytes);
14130 }
14131 mutex_unlock(&list_mutex);
14132 - return len;
14133 + return 0;
14134 +}
14135 +
14136 +static int snd_mem_proc_open(struct inode *inode, struct file *file)
14137 +{
14138 + return single_open(file, snd_mem_proc_read, NULL);
14139 }
14141 /* FIXME: for pci only - other bus? */
14142 #ifdef CONFIG_PCI
14143 #define gettoken(bufp) strsep(bufp, " \t\n")
14145 -static int snd_mem_proc_write(struct file *file, const char __user *buffer,
14146 - unsigned long count, void *data)
14147 +static ssize_t snd_mem_proc_write(struct file *file, const char __user * buffer,
14148 + size_t count, loff_t * ppos)
14149 {
14150 char buf[128];
14151 char *token, *p;
14153 - if (count > ARRAY_SIZE(buf) - 1)
14154 - count = ARRAY_SIZE(buf) - 1;
14155 + if (count > sizeof(buf) - 1)
14156 + return -EINVAL;
14157 if (copy_from_user(buf, buffer, count))
14158 return -EFAULT;
14159 - buf[ARRAY_SIZE(buf) - 1] = '\0';
14160 + buf[count] = '\0';
14162 p = buf;
14163 token = gettoken(&p);
14164 if (! token || *token == '#')
14165 - return (int)count;
14166 + return count;
14167 if (strcmp(token, "add") == 0) {
14168 char *endp;
14169 int vendor, device, size, buffers;
14170 @@ -548,7 +550,7 @@ static int snd_mem_proc_write(struct file *file, const char __user *buffer,
14171 (buffers = simple_strtol(token, NULL, 0)) <= 0 ||
14172 buffers > 4) {
14173 printk(KERN_ERR "snd-page-alloc: invalid proc write format\n");
14174 - return (int)count;
14175 + return count;
14176 }
14177 vendor &= 0xffff;
14178 device &= 0xffff;
14179 @@ -560,7 +562,7 @@ static int snd_mem_proc_write(struct file *file, const char __user *buffer,
14180 if (pci_set_dma_mask(pci, mask) < 0 ||
14181 pci_set_consistent_dma_mask(pci, mask) < 0) {
14182 printk(KERN_ERR "snd-page-alloc: cannot set DMA mask %lx for pci %04x:%04x\n", mask, vendor, device);
14183 - return (int)count;
14184 + return count;
14185 }
14186 }
14187 for (i = 0; i < buffers; i++) {
14188 @@ -570,7 +572,7 @@ static int snd_mem_proc_write(struct file *file, const char __user *buffer,
14189 size, &dmab) < 0) {
14190 printk(KERN_ERR "snd-page-alloc: cannot allocate buffer pages (size = %d)\n", size);
14191 pci_dev_put(pci);
14192 - return (int)count;
14193 + return count;
14194 }
14195 snd_dma_reserve_buf(&dmab, snd_dma_pci_buf_id(pci));
14196 }
14197 @@ -596,9 +598,21 @@ static int snd_mem_proc_write(struct file *file, const char __user *buffer,
14198 free_all_reserved_pages();
14199 else
14200 printk(KERN_ERR "snd-page-alloc: invalid proc cmd\n");
14201 - return (int)count;
14202 + return count;
14203 }
14204 #endif /* CONFIG_PCI */
14205 +
14206 +static const struct file_operations snd_mem_proc_fops = {
14207 + .owner = THIS_MODULE,
14208 + .open = snd_mem_proc_open,
14209 + .read = seq_read,
14210 +#ifdef CONFIG_PCI
14211 + .write = snd_mem_proc_write,
14212 +#endif
14213 + .llseek = seq_lseek,
14214 + .release = single_release,
14215 +};
14216 +
14217 #endif /* CONFIG_PROC_FS */
14219 /*
14220 @@ -609,12 +623,8 @@ static int __init snd_mem_init(void)
14221 {
14222 #ifdef CONFIG_PROC_FS
14223 snd_mem_proc = create_proc_entry(SND_MEM_PROC_FILE, 0644, NULL);
14224 - if (snd_mem_proc) {
14225 - snd_mem_proc->read_proc = snd_mem_proc_read;
14226 -#ifdef CONFIG_PCI
14227 - snd_mem_proc->write_proc = snd_mem_proc_write;
14228 -#endif
14229 - }
14230 + if (snd_mem_proc)
14231 + snd_mem_proc->proc_fops = &snd_mem_proc_fops;
14232 #endif
14233 return 0;
14234 }
14235 diff --git a/sound/oss/via82cxxx_audio.c b/sound/oss/via82cxxx_audio.c
14236 index 5d3c037..f95aa09 100644
14237 --- a/sound/oss/via82cxxx_audio.c
14238 +++ b/sound/oss/via82cxxx_audio.c
14239 @@ -2104,6 +2104,7 @@ static struct page * via_mm_nopage (struct vm_area_struct * vma,
14240 {
14241 struct via_info *card = vma->vm_private_data;
14242 struct via_channel *chan = &card->ch_out;
14243 + unsigned long max_bufs;
14244 struct page *dmapage;
14245 unsigned long pgoff;
14246 int rd, wr;
14247 @@ -2127,14 +2128,11 @@ static struct page * via_mm_nopage (struct vm_area_struct * vma,
14248 rd = card->ch_in.is_mapped;
14249 wr = card->ch_out.is_mapped;
14251 -#ifndef VIA_NDEBUG
14252 - {
14253 - unsigned long max_bufs = chan->frag_number;
14254 - if (rd && wr) max_bufs *= 2;
14255 - /* via_dsp_mmap() should ensure this */
14256 - assert (pgoff < max_bufs);
14257 - }
14258 -#endif
14259 + max_bufs = chan->frag_number;
14260 + if (rd && wr)
14261 + max_bufs *= 2;
14262 + if (pgoff >= max_bufs)
14263 + return NOPAGE_SIGBUS;
14265 /* if full-duplex (read+write) and we have two sets of bufs,
14266 * then the playback buffers come first, sez soundcard.c */
14267 diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
14268 index e3964fc..d5b2f53 100644
14269 --- a/sound/pci/hda/patch_sigmatel.c
14270 +++ b/sound/pci/hda/patch_sigmatel.c
14271 @@ -153,8 +153,9 @@ static hda_nid_t stac925x_dac_nids[1] = {
14272 0x02,
14273 };
14275 -static hda_nid_t stac925x_dmic_nids[1] = {
14276 - 0x15,
14277 +#define STAC925X_NUM_DMICS 1
14278 +static hda_nid_t stac925x_dmic_nids[STAC925X_NUM_DMICS + 1] = {
14279 + 0x15, 0
14280 };
14282 static hda_nid_t stac922x_adc_nids[2] = {
14283 @@ -181,8 +182,9 @@ static hda_nid_t stac9205_mux_nids[2] = {
14284 0x19, 0x1a
14285 };
14287 -static hda_nid_t stac9205_dmic_nids[2] = {
14288 - 0x17, 0x18,
14289 +#define STAC9205_NUM_DMICS 2
14290 +static hda_nid_t stac9205_dmic_nids[STAC9205_NUM_DMICS + 1] = {
14291 + 0x17, 0x18, 0
14292 };
14294 static hda_nid_t stac9200_pin_nids[8] = {
14295 @@ -1972,7 +1974,7 @@ static int patch_stac925x(struct hda_codec *codec)
14296 case 0x83847633: /* STAC9202D */
14297 case 0x83847636: /* STAC9251 */
14298 case 0x83847637: /* STAC9251D */
14299 - spec->num_dmics = 1;
14300 + spec->num_dmics = STAC925X_NUM_DMICS;
14301 spec->dmic_nids = stac925x_dmic_nids;
14302 break;
14303 default:
14304 @@ -2202,7 +2204,7 @@ static int patch_stac9205(struct hda_codec *codec)
14305 spec->mux_nids = stac9205_mux_nids;
14306 spec->num_muxes = ARRAY_SIZE(stac9205_mux_nids);
14307 spec->dmic_nids = stac9205_dmic_nids;
14308 - spec->num_dmics = ARRAY_SIZE(stac9205_dmic_nids);
14309 + spec->num_dmics = STAC9205_NUM_DMICS;
14310 spec->dmux_nid = 0x1d;
14312 spec->init = stac9205_core_init;
14313 diff --git a/sound/pci/rme9652/hdsp.c b/sound/pci/rme9652/hdsp.c
14314 index 3b3ef65..75dcb9a 100644
14315 --- a/sound/pci/rme9652/hdsp.c
14316 +++ b/sound/pci/rme9652/hdsp.c
14317 @@ -3108,6 +3108,9 @@ static int hdsp_dds_offset(struct hdsp *hdsp)
14318 unsigned int dds_value = hdsp->dds_value;
14319 int system_sample_rate = hdsp->system_sample_rate;
14321 + if (!dds_value)
14322 + return 0;
14323 +
14324 n = DDS_NUMERATOR;
14325 /*
14326 * dds_value = n / rate
14327 diff --git a/sound/usb/usx2y/usX2Yhwdep.c b/sound/usb/usx2y/usX2Yhwdep.c
14328 index b76b3dd..e617d7e 100644
14329 --- a/sound/usb/usx2y/usX2Yhwdep.c
14330 +++ b/sound/usb/usx2y/usX2Yhwdep.c
14331 @@ -88,7 +88,7 @@ static int snd_us428ctls_mmap(struct snd_hwdep * hw, struct file *filp, struct v
14332 us428->us428ctls_sharedmem->CtlSnapShotLast = -2;
14333 }
14334 area->vm_ops = &us428ctls_vm_ops;
14335 - area->vm_flags |= VM_RESERVED;
14336 + area->vm_flags |= VM_RESERVED | VM_DONTEXPAND;
14337 area->vm_private_data = hw->private_data;
14338 return 0;
14339 }
14340 diff --git a/sound/usb/usx2y/usx2yhwdeppcm.c b/sound/usb/usx2y/usx2yhwdeppcm.c
14341 index a5e7bcd..6e70520 100644
14342 --- a/sound/usb/usx2y/usx2yhwdeppcm.c
14343 +++ b/sound/usb/usx2y/usx2yhwdeppcm.c
14344 @@ -728,7 +728,7 @@ static int snd_usX2Y_hwdep_pcm_mmap(struct snd_hwdep * hw, struct file *filp, st
14345 return -ENODEV;
14346 }
14347 area->vm_ops = &snd_usX2Y_hwdep_pcm_vm_ops;
14348 - area->vm_flags |= VM_RESERVED;
14349 + area->vm_flags |= VM_RESERVED | VM_DONTEXPAND;
14350 area->vm_private_data = hw->private_data;
14351 return 0;
14352 }