| blob | 6d5b11624602175f9ee8150945b480e9f7f9c08d |
1 diff --git a/Documentation/dvb/get_dvb_firmware b/Documentation/dvb/get_dvb_firmware
2 index 4820366..6cb3080 100644
3 --- a/Documentation/dvb/get_dvb_firmware
4 +++ b/Documentation/dvb/get_dvb_firmware
5 @@ -56,7 +56,7 @@ syntax();
7 sub sp8870 {
8 my $sourcefile = "tt_Premium_217g.zip";
9 - my $url = "http://www.technotrend.de/new/217g/$sourcefile";
10 + my $url = "http://www.softwarepatch.pl/9999ccd06a4813cb827dbb0005071c71/$sourcefile";
11 my $hash = "53970ec17a538945a6d8cb608a7b3899";
12 my $outfile = "dvb-fe-sp8870.fw";
13 my $tmpdir = tempdir(DIR => "/tmp", CLEANUP => 1);
14 @@ -110,21 +110,21 @@ sub tda10045 {
15 }
17 sub tda10046 {
18 - my $sourcefile = "tt_budget_217g.zip";
19 - my $url = "http://www.technotrend.de/new/217g/$sourcefile";
20 - my $hash = "6a7e1e2f2644b162ff0502367553c72d";
21 - my $outfile = "dvb-fe-tda10046.fw";
22 - my $tmpdir = tempdir(DIR => "/tmp", CLEANUP => 1);
23 + my $sourcefile = "TT_PCI_2.19h_28_11_2006.zip";
24 + my $url = "http://technotrend-online.com/download/software/219/$sourcefile";
25 + my $hash = "6a7e1e2f2644b162ff0502367553c72d";
26 + my $outfile = "dvb-fe-tda10046.fw";
27 + my $tmpdir = tempdir(DIR => "/tmp", CLEANUP => 1);
29 - checkstandard();
30 + checkstandard();
32 - wgetfile($sourcefile, $url);
33 - unzip($sourcefile, $tmpdir);
34 - extract("$tmpdir/software/OEM/PCI/App/ttlcdacc.dll", 0x3f731, 24478, "$tmpdir/fwtmp");
35 - verify("$tmpdir/fwtmp", $hash);
36 - copy("$tmpdir/fwtmp", $outfile);
37 + wgetfile($sourcefile, $url);
38 + unzip($sourcefile, $tmpdir);
39 + extract("$tmpdir/TT_PCI_2.19h_28_11_2006/software/OEM/PCI/App/ttlcdacc.dll", 0x65389, 24478, "$tmpdir/fwtmp");
40 + verify("$tmpdir/fwtmp", $hash);
41 + copy("$tmpdir/fwtmp", $outfile);
43 - $outfile;
44 + $outfile;
45 }
47 sub tda10046lifeview {
48 diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
49 index af50f9b..026e4e5 100644
50 --- a/Documentation/kernel-parameters.txt
51 +++ b/Documentation/kernel-parameters.txt
52 @@ -850,11 +850,6 @@ and is between 256 and 4096 characters. It is defined in the file
53 lasi= [HW,SCSI] PARISC LASI driver for the 53c700 chip
54 Format: addr:<io>,irq:<irq>
56 - legacy_serial.force [HW,IA-32,X86-64]
57 - Probe for COM ports at legacy addresses even
58 - if PNPBIOS or ACPI should describe them. This
59 - is for working around firmware defects.
60 -
61 llsc*= [IA64] See function print_params() in
62 arch/ia64/sn/kernel/llsc4.c.
64 diff --git a/Makefile b/Makefile
65 index de4f8f7..4fdef51 100644
66 --- a/Makefile
67 +++ b/Makefile
68 @@ -1,7 +1,7 @@
69 VERSION = 2
70 PATCHLEVEL = 6
71 SUBLEVEL = 22
72 -EXTRAVERSION =
73 +EXTRAVERSION = .20-op1
74 NAME = Holy Dancing Manatees, Batman!
76 # *DOCUMENTATION*
77 diff --git a/arch/i386/Makefile b/arch/i386/Makefile
78 index bd28f9f..541b3ae 100644
79 --- a/arch/i386/Makefile
80 +++ b/arch/i386/Makefile
81 @@ -51,8 +51,8 @@ cflags-y += -maccumulate-outgoing-args
82 CFLAGS += $(shell if [ $(call cc-version) -lt 0400 ] ; then echo $(call cc-option,-fno-unit-at-a-time); fi ;)
84 # do binutils support CFI?
85 -cflags-y += $(call as-instr,.cfi_startproc\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
86 -AFLAGS += $(call as-instr,.cfi_startproc\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
87 +cflags-y += $(call as-instr,.cfi_startproc\n.cfi_rel_offset esp${comma}0\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
88 +AFLAGS += $(call as-instr,.cfi_startproc\n.cfi_rel_offset esp${comma}0\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
90 # is .cfi_signal_frame supported too?
91 cflags-y += $(call as-instr,.cfi_startproc\n.cfi_signal_frame\n.cfi_endproc,-DCONFIG_AS_CFI_SIGNAL_FRAME=1,)
92 diff --git a/arch/i386/kernel/Makefile b/arch/i386/kernel/Makefile
93 index 06da59f..e9297cb 100644
94 --- a/arch/i386/kernel/Makefile
95 +++ b/arch/i386/kernel/Makefile
96 @@ -35,7 +35,6 @@ obj-y += sysenter.o vsyscall.o
97 obj-$(CONFIG_ACPI_SRAT) += srat.o
98 obj-$(CONFIG_EFI) += efi.o efi_stub.o
99 obj-$(CONFIG_DOUBLEFAULT) += doublefault.o
100 -obj-$(CONFIG_SERIAL_8250) += legacy_serial.o
101 obj-$(CONFIG_VM86) += vm86.o
102 obj-$(CONFIG_EARLY_PRINTK) += early_printk.o
103 obj-$(CONFIG_HPET_TIMER) += hpet.o
104 diff --git a/arch/i386/kernel/apic.c b/arch/i386/kernel/apic.c
105 index 67824f3..a8ceb7a 100644
106 --- a/arch/i386/kernel/apic.c
107 +++ b/arch/i386/kernel/apic.c
108 @@ -61,8 +61,9 @@ static int enable_local_apic __initdata = 0;
110 /* Local APIC timer verification ok */
111 static int local_apic_timer_verify_ok;
112 -/* Disable local APIC timer from the kernel commandline or via dmi quirk */
113 -static int local_apic_timer_disabled;
114 +/* Disable local APIC timer from the kernel commandline or via dmi quirk
115 + or using CPU MSR check */
116 +int local_apic_timer_disabled;
117 /* Local APIC timer works in C2 */
118 int local_apic_timer_c2_ok;
119 EXPORT_SYMBOL_GPL(local_apic_timer_c2_ok);
120 @@ -367,12 +368,9 @@ void __init setup_boot_APIC_clock(void)
121 long delta, deltapm;
122 int pm_referenced = 0;
124 - if (boot_cpu_has(X86_FEATURE_LAPIC_TIMER_BROKEN))
125 - local_apic_timer_disabled = 1;
126 -
127 /*
128 * The local apic timer can be disabled via the kernel
129 - * commandline or from the test above. Register the lapic
130 + * commandline or from the CPU detection code. Register the lapic
131 * timer as a dummy clock event source on SMP systems, so the
132 * broadcast mechanism is used. On UP systems simply ignore it.
133 */
134 diff --git a/arch/i386/kernel/cpu/amd.c b/arch/i386/kernel/cpu/amd.c
135 index 6f47eee..9d23390 100644
136 --- a/arch/i386/kernel/cpu/amd.c
137 +++ b/arch/i386/kernel/cpu/amd.c
138 @@ -3,6 +3,7 @@
139 #include <linux/mm.h>
140 #include <asm/io.h>
141 #include <asm/processor.h>
142 +#include <asm/apic.h>
144 #include "cpu.h"
146 @@ -22,6 +23,7 @@
147 extern void vide(void);
148 __asm__(".align 4\nvide: ret");
150 +#ifdef CONFIG_X86_LOCAL_APIC
151 #define ENABLE_C1E_MASK 0x18000000
152 #define CPUID_PROCESSOR_SIGNATURE 1
153 #define CPUID_XFAM 0x0ff00000
154 @@ -52,6 +54,7 @@ static __cpuinit int amd_apic_timer_broken(void)
155 }
156 return 0;
157 }
158 +#endif
160 int force_mwait __cpuinitdata;
162 @@ -275,8 +278,10 @@ static void __cpuinit init_amd(struct cpuinfo_x86 *c)
163 if (cpuid_eax(0x80000000) >= 0x80000006)
164 num_cache_leaves = 3;
166 +#ifdef CONFIG_X86_LOCAL_APIC
167 if (amd_apic_timer_broken())
168 - set_bit(X86_FEATURE_LAPIC_TIMER_BROKEN, c->x86_capability);
169 + local_apic_timer_disabled = 1;
170 +#endif
172 if (c->x86 == 0x10 && !force_mwait)
173 clear_bit(X86_FEATURE_MWAIT, c->x86_capability);
174 diff --git a/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c b/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c
175 index 10baa35..18c8b67 100644
176 --- a/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c
177 +++ b/arch/i386/kernel/cpu/cpufreq/acpi-cpufreq.c
178 @@ -167,11 +167,13 @@ static void do_drv_read(struct drv_cmd *cmd)
180 static void do_drv_write(struct drv_cmd *cmd)
181 {
182 - u32 h = 0;
183 + u32 lo, hi;
185 switch (cmd->type) {
186 case SYSTEM_INTEL_MSR_CAPABLE:
187 - wrmsr(cmd->addr.msr.reg, cmd->val, h);
188 + rdmsr(cmd->addr.msr.reg, lo, hi);
189 + lo = (lo & ~INTEL_MSR_RANGE) | (cmd->val & INTEL_MSR_RANGE);
190 + wrmsr(cmd->addr.msr.reg, lo, hi);
191 break;
192 case SYSTEM_IO_CAPABLE:
193 acpi_os_write_port((acpi_io_address)cmd->addr.io.port,
194 @@ -372,7 +374,6 @@ static int acpi_cpufreq_target(struct cpufreq_policy *policy,
195 struct cpufreq_freqs freqs;
196 cpumask_t online_policy_cpus;
197 struct drv_cmd cmd;
198 - unsigned int msr;
199 unsigned int next_state = 0; /* Index into freq_table */
200 unsigned int next_perf_state = 0; /* Index into perf table */
201 unsigned int i;
202 @@ -417,11 +418,7 @@ static int acpi_cpufreq_target(struct cpufreq_policy *policy,
203 case SYSTEM_INTEL_MSR_CAPABLE:
204 cmd.type = SYSTEM_INTEL_MSR_CAPABLE;
205 cmd.addr.msr.reg = MSR_IA32_PERF_CTL;
206 - msr =
207 - (u32) perf->states[next_perf_state].
208 - control & INTEL_MSR_RANGE;
209 - cmd.val = get_cur_val(online_policy_cpus);
210 - cmd.val = (cmd.val & ~INTEL_MSR_RANGE) | msr;
211 + cmd.val = (u32) perf->states[next_perf_state].control;
212 break;
213 case SYSTEM_IO_CAPABLE:
214 cmd.type = SYSTEM_IO_CAPABLE;
215 diff --git a/arch/i386/kernel/cpu/perfctr-watchdog.c b/arch/i386/kernel/cpu/perfctr-watchdog.c
216 index 4d26d51..996f6f8 100644
217 --- a/arch/i386/kernel/cpu/perfctr-watchdog.c
218 +++ b/arch/i386/kernel/cpu/perfctr-watchdog.c
219 @@ -346,7 +346,9 @@ static int setup_p6_watchdog(unsigned nmi_hz)
220 perfctr_msr = MSR_P6_PERFCTR0;
221 evntsel_msr = MSR_P6_EVNTSEL0;
223 - wrmsrl(perfctr_msr, 0UL);
224 + /* KVM doesn't implement this MSR */
225 + if (wrmsr_safe(perfctr_msr, 0, 0) < 0)
226 + return 0;
228 evntsel = P6_EVNTSEL_INT
229 | P6_EVNTSEL_OS
230 diff --git a/arch/i386/kernel/doublefault.c b/arch/i386/kernel/doublefault.c
231 index 265c559..40978af 100644
232 --- a/arch/i386/kernel/doublefault.c
233 +++ b/arch/i386/kernel/doublefault.c
234 @@ -13,7 +13,7 @@
235 static unsigned long doublefault_stack[DOUBLEFAULT_STACKSIZE];
236 #define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE)
238 -#define ptr_ok(x) ((x) > PAGE_OFFSET && (x) < PAGE_OFFSET + 0x1000000)
239 +#define ptr_ok(x) ((x) > PAGE_OFFSET && (x) < PAGE_OFFSET + MAXMEM)
241 static void doublefault_fn(void)
242 {
243 @@ -23,23 +23,23 @@ static void doublefault_fn(void)
244 store_gdt(&gdt_desc);
245 gdt = gdt_desc.address;
247 - printk("double fault, gdt at %08lx [%d bytes]\n", gdt, gdt_desc.size);
248 + printk(KERN_EMERG "PANIC: double fault, gdt at %08lx [%d bytes]\n", gdt, gdt_desc.size);
250 if (ptr_ok(gdt)) {
251 gdt += GDT_ENTRY_TSS << 3;
252 tss = *(u16 *)(gdt+2);
253 tss += *(u8 *)(gdt+4) << 16;
254 tss += *(u8 *)(gdt+7) << 24;
255 - printk("double fault, tss at %08lx\n", tss);
256 + printk(KERN_EMERG "double fault, tss at %08lx\n", tss);
258 if (ptr_ok(tss)) {
259 struct i386_hw_tss *t = (struct i386_hw_tss *)tss;
261 - printk("eip = %08lx, esp = %08lx\n", t->eip, t->esp);
262 + printk(KERN_EMERG "eip = %08lx, esp = %08lx\n", t->eip, t->esp);
264 - printk("eax = %08lx, ebx = %08lx, ecx = %08lx, edx = %08lx\n",
265 + printk(KERN_EMERG "eax = %08lx, ebx = %08lx, ecx = %08lx, edx = %08lx\n",
266 t->eax, t->ebx, t->ecx, t->edx);
267 - printk("esi = %08lx, edi = %08lx\n",
268 + printk(KERN_EMERG "esi = %08lx, edi = %08lx\n",
269 t->esi, t->edi);
270 }
271 }
272 @@ -63,6 +63,7 @@ struct tss_struct doublefault_tss __cacheline_aligned = {
273 .cs = __KERNEL_CS,
274 .ss = __KERNEL_DS,
275 .ds = __USER_DS,
276 + .fs = __KERNEL_PERCPU,
278 .__cr3 = __pa(swapper_pg_dir)
279 }
280 diff --git a/arch/i386/kernel/entry.S b/arch/i386/kernel/entry.S
281 index 3c3c220..b7be5cf 100644
282 --- a/arch/i386/kernel/entry.S
283 +++ b/arch/i386/kernel/entry.S
284 @@ -409,8 +409,6 @@ restore_nocheck_notrace:
285 1: INTERRUPT_RETURN
286 .section .fixup,"ax"
287 iret_exc:
288 - TRACE_IRQS_ON
289 - ENABLE_INTERRUPTS(CLBR_NONE)
290 pushl $0 # no error code
291 pushl $do_iret_error
292 jmp error_code
293 diff --git a/arch/i386/kernel/hpet.c b/arch/i386/kernel/hpet.c
294 index 17d7345..cbb4751 100644
295 --- a/arch/i386/kernel/hpet.c
296 +++ b/arch/i386/kernel/hpet.c
297 @@ -226,7 +226,8 @@ int __init hpet_enable(void)
298 {
299 unsigned long id;
300 uint64_t hpet_freq;
301 - u64 tmp;
302 + u64 tmp, start, now;
303 + cycle_t t1;
305 if (!is_hpet_capable())
306 return 0;
307 @@ -273,6 +274,27 @@ int __init hpet_enable(void)
308 /* Start the counter */
309 hpet_start_counter();
311 + /* Verify whether hpet counter works */
312 + t1 = read_hpet();
313 + rdtscll(start);
314 +
315 + /*
316 + * We don't know the TSC frequency yet, but waiting for
317 + * 200000 TSC cycles is safe:
318 + * 4 GHz == 50us
319 + * 1 GHz == 200us
320 + */
321 + do {
322 + rep_nop();
323 + rdtscll(now);
324 + } while ((now - start) < 200000UL);
325 +
326 + if (t1 == read_hpet()) {
327 + printk(KERN_WARNING
328 + "HPET counter not counting. HPET disabled\n");
329 + goto out_nohpet;
330 + }
331 +
332 /* Initialize and register HPET clocksource
333 *
334 * hpet period is in femto seconds per cycle
335 diff --git a/arch/i386/kernel/io_apic.c b/arch/i386/kernel/io_apic.c
336 index 7f8b7af..97ba305 100644
337 --- a/arch/i386/kernel/io_apic.c
338 +++ b/arch/i386/kernel/io_apic.c
339 @@ -1275,12 +1275,15 @@ static struct irq_chip ioapic_chip;
340 static void ioapic_register_intr(int irq, int vector, unsigned long trigger)
341 {
342 if ((trigger == IOAPIC_AUTO && IO_APIC_irq_trigger(irq)) ||
343 - trigger == IOAPIC_LEVEL)
344 + trigger == IOAPIC_LEVEL) {
345 + irq_desc[irq].status |= IRQ_LEVEL;
346 set_irq_chip_and_handler_name(irq, &ioapic_chip,
347 handle_fasteoi_irq, "fasteoi");
348 - else
349 + } else {
350 + irq_desc[irq].status &= ~IRQ_LEVEL;
351 set_irq_chip_and_handler_name(irq, &ioapic_chip,
352 handle_edge_irq, "edge");
353 + }
354 set_intr_gate(vector, interrupt[irq]);
355 }
357 diff --git a/arch/i386/kernel/legacy_serial.c b/arch/i386/kernel/legacy_serial.c
358 deleted file mode 100644
359 index 2151011..0000000
360 --- a/arch/i386/kernel/legacy_serial.c
361 +++ /dev/null
362 @@ -1,67 +0,0 @@
363 -/*
364 - * Legacy COM port devices for x86 platforms without PNPBIOS or ACPI.
365 - * Data taken from include/asm-i386/serial.h.
366 - *
367 - * (c) Copyright 2007 Hewlett-Packard Development Company, L.P.
368 - * Bjorn Helgaas <bjorn.helgaas@hp.com>
369 - *
370 - * This program is free software; you can redistribute it and/or modify
371 - * it under the terms of the GNU General Public License version 2 as
372 - * published by the Free Software Foundation.
373 - */
374 -#include <linux/module.h>
375 -#include <linux/init.h>
376 -#include <linux/pnp.h>
377 -#include <linux/serial_8250.h>
378 -
379 -/* Standard COM flags (except for COM4, because of the 8514 problem) */
380 -#ifdef CONFIG_SERIAL_DETECT_IRQ
381 -#define COM_FLAGS (UPF_BOOT_AUTOCONF | UPF_SKIP_TEST | UPF_AUTO_IRQ)
382 -#define COM4_FLAGS (UPF_BOOT_AUTOCONF | UPF_AUTO_IRQ)
383 -#else
384 -#define COM_FLAGS (UPF_BOOT_AUTOCONF | UPF_SKIP_TEST)
385 -#define COM4_FLAGS UPF_BOOT_AUTOCONF
386 -#endif
387 -
388 -#define PORT(_base,_irq,_flags) \
389 - { \
390 - .iobase = _base, \
391 - .irq = _irq, \
392 - .uartclk = 1843200, \
393 - .iotype = UPIO_PORT, \
394 - .flags = _flags, \
395 - }
396 -
397 -static struct plat_serial8250_port x86_com_data[] = {
398 - PORT(0x3F8, 4, COM_FLAGS),
399 - PORT(0x2F8, 3, COM_FLAGS),
400 - PORT(0x3E8, 4, COM_FLAGS),
401 - PORT(0x2E8, 3, COM4_FLAGS),
402 - { },
403 -};
404 -
405 -static struct platform_device x86_com_device = {
406 - .name = "serial8250",
407 - .id = PLAT8250_DEV_PLATFORM,
408 - .dev = {
409 - .platform_data = x86_com_data,
410 - },
411 -};
412 -
413 -static int force_legacy_probe;
414 -module_param_named(force, force_legacy_probe, bool, 0);
415 -MODULE_PARM_DESC(force, "Force legacy serial port probe");
416 -
417 -static int __init serial8250_x86_com_init(void)
418 -{
419 - if (pnp_platform_devices && !force_legacy_probe)
420 - return -ENODEV;
421 -
422 - return platform_device_register(&x86_com_device);
423 -}
424 -
425 -module_init(serial8250_x86_com_init);
426 -
427 -MODULE_AUTHOR("Bjorn Helgaas");
428 -MODULE_LICENSE("GPL");
429 -MODULE_DESCRIPTION("Generic 8250/16x50 legacy probe module");
430 diff --git a/arch/i386/kernel/ptrace.c b/arch/i386/kernel/ptrace.c
431 index 0c0ceec..120a63b 100644
432 --- a/arch/i386/kernel/ptrace.c
433 +++ b/arch/i386/kernel/ptrace.c
434 @@ -164,14 +164,22 @@ static unsigned long convert_eip_to_linear(struct task_struct *child, struct pt_
435 u32 *desc;
436 unsigned long base;
438 - down(&child->mm->context.sem);
439 - desc = child->mm->context.ldt + (seg & ~7);
440 - base = (desc[0] >> 16) | ((desc[1] & 0xff) << 16) | (desc[1] & 0xff000000);
441 + seg &= ~7UL;
443 - /* 16-bit code segment? */
444 - if (!((desc[1] >> 22) & 1))
445 - addr &= 0xffff;
446 - addr += base;
447 + down(&child->mm->context.sem);
448 + if (unlikely((seg >> 3) >= child->mm->context.size))
449 + addr = -1L; /* bogus selector, access would fault */
450 + else {
451 + desc = child->mm->context.ldt + seg;
452 + base = ((desc[0] >> 16) |
453 + ((desc[1] & 0xff) << 16) |
454 + (desc[1] & 0xff000000));
455 +
456 + /* 16-bit code segment? */
457 + if (!((desc[1] >> 22) & 1))
458 + addr &= 0xffff;
459 + addr += base;
460 + }
461 up(&child->mm->context.sem);
462 }
463 return addr;
464 diff --git a/arch/i386/kernel/sysenter.c b/arch/i386/kernel/sysenter.c
465 index ff4ee6f..6deb159 100644
466 --- a/arch/i386/kernel/sysenter.c
467 +++ b/arch/i386/kernel/sysenter.c
468 @@ -336,7 +336,9 @@ struct vm_area_struct *get_gate_vma(struct task_struct *tsk)
470 int in_gate_area(struct task_struct *task, unsigned long addr)
471 {
472 - return 0;
473 + const struct vm_area_struct *vma = get_gate_vma(task);
474 +
475 + return vma && addr >= vma->vm_start && addr < vma->vm_end;
476 }
478 int in_gate_area_no_task(unsigned long addr)
479 diff --git a/arch/i386/kernel/traps.c b/arch/i386/kernel/traps.c
480 index 90da057..4995b92 100644
481 --- a/arch/i386/kernel/traps.c
482 +++ b/arch/i386/kernel/traps.c
483 @@ -517,10 +517,12 @@ fastcall void do_##name(struct pt_regs * regs, long error_code) \
484 do_trap(trapnr, signr, str, 0, regs, error_code, NULL); \
485 }
487 -#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr) \
488 +#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr, irq) \
489 fastcall void do_##name(struct pt_regs * regs, long error_code) \
490 { \
491 siginfo_t info; \
492 + if (irq) \
493 + local_irq_enable(); \
494 info.si_signo = signr; \
495 info.si_errno = 0; \
496 info.si_code = sicode; \
497 @@ -560,13 +562,13 @@ DO_VM86_ERROR( 3, SIGTRAP, "int3", int3)
498 #endif
499 DO_VM86_ERROR( 4, SIGSEGV, "overflow", overflow)
500 DO_VM86_ERROR( 5, SIGSEGV, "bounds", bounds)
501 -DO_ERROR_INFO( 6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->eip)
502 +DO_ERROR_INFO( 6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->eip, 0)
503 DO_ERROR( 9, SIGFPE, "coprocessor segment overrun", coprocessor_segment_overrun)
504 DO_ERROR(10, SIGSEGV, "invalid TSS", invalid_TSS)
505 DO_ERROR(11, SIGBUS, "segment not present", segment_not_present)
506 DO_ERROR(12, SIGBUS, "stack segment", stack_segment)
507 -DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0)
508 -DO_ERROR_INFO(32, SIGSEGV, "iret exception", iret_error, ILL_BADSTK, 0)
509 +DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0, 0)
510 +DO_ERROR_INFO(32, SIGSEGV, "iret exception", iret_error, ILL_BADSTK, 0, 1)
512 fastcall void __kprobes do_general_protection(struct pt_regs * regs,
513 long error_code)
514 diff --git a/arch/i386/kernel/tsc.c b/arch/i386/kernel/tsc.c
515 index f64b81f..8e02ed6 100644
516 --- a/arch/i386/kernel/tsc.c
517 +++ b/arch/i386/kernel/tsc.c
518 @@ -122,7 +122,7 @@ unsigned long native_calculate_cpu_khz(void)
519 {
520 unsigned long long start, end;
521 unsigned long count;
522 - u64 delta64;
523 + u64 delta64 = (u64)ULLONG_MAX;
524 int i;
525 unsigned long flags;
527 @@ -134,6 +134,7 @@ unsigned long native_calculate_cpu_khz(void)
528 rdtscll(start);
529 mach_countup(&count);
530 rdtscll(end);
531 + delta64 = min(delta64, (end - start));
532 }
533 /*
534 * Error: ECTCNEVERSET
535 @@ -144,8 +145,6 @@ unsigned long native_calculate_cpu_khz(void)
536 if (count <= 1)
537 goto err;
539 - delta64 = end - start;
540 -
541 /* cpu freq too fast: */
542 if (delta64 > (1ULL<<32))
543 goto err;
544 diff --git a/arch/i386/mm/fault.c b/arch/i386/mm/fault.c
545 index 1ecb3e4..27ba2fd 100644
546 --- a/arch/i386/mm/fault.c
547 +++ b/arch/i386/mm/fault.c
548 @@ -249,9 +249,10 @@ static inline pmd_t *vmalloc_sync_one(pgd_t *pgd, unsigned long address)
549 pmd_k = pmd_offset(pud_k, address);
550 if (!pmd_present(*pmd_k))
551 return NULL;
552 - if (!pmd_present(*pmd))
553 + if (!pmd_present(*pmd)) {
554 set_pmd(pmd, *pmd_k);
555 - else
556 + arch_flush_lazy_mmu_mode();
557 + } else
558 BUG_ON(pmd_page(*pmd) != pmd_page(*pmd_k));
559 return pmd_k;
560 }
561 diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
562 index 6e2f035..87c474d 100644
563 --- a/arch/powerpc/kernel/process.c
564 +++ b/arch/powerpc/kernel/process.c
565 @@ -83,7 +83,7 @@ void flush_fp_to_thread(struct task_struct *tsk)
566 */
567 BUG_ON(tsk != current);
568 #endif
569 - giveup_fpu(current);
570 + giveup_fpu(tsk);
571 }
572 preempt_enable();
573 }
574 @@ -143,7 +143,7 @@ void flush_altivec_to_thread(struct task_struct *tsk)
575 #ifdef CONFIG_SMP
576 BUG_ON(tsk != current);
577 #endif
578 - giveup_altivec(current);
579 + giveup_altivec(tsk);
580 }
581 preempt_enable();
582 }
583 @@ -182,7 +182,7 @@ void flush_spe_to_thread(struct task_struct *tsk)
584 #ifdef CONFIG_SMP
585 BUG_ON(tsk != current);
586 #endif
587 - giveup_spe(current);
588 + giveup_spe(tsk);
589 }
590 preempt_enable();
591 }
592 diff --git a/arch/powerpc/kernel/prom_parse.c b/arch/powerpc/kernel/prom_parse.c
593 index 3786dcc..b5c96af 100644
594 --- a/arch/powerpc/kernel/prom_parse.c
595 +++ b/arch/powerpc/kernel/prom_parse.c
596 @@ -24,7 +24,7 @@
597 /* Max address size we deal with */
598 #define OF_MAX_ADDR_CELLS 4
599 #define OF_CHECK_COUNTS(na, ns) ((na) > 0 && (na) <= OF_MAX_ADDR_CELLS && \
600 - (ns) >= 0)
601 + (ns) > 0)
603 static struct of_bus *of_match_bus(struct device_node *np);
604 static int __of_address_to_resource(struct device_node *dev,
605 diff --git a/arch/powerpc/math-emu/math.c b/arch/powerpc/math-emu/math.c
606 index 69058b2..381306b 100644
607 --- a/arch/powerpc/math-emu/math.c
608 +++ b/arch/powerpc/math-emu/math.c
609 @@ -407,11 +407,16 @@ do_mathemu(struct pt_regs *regs)
611 case XE:
612 idx = (insn >> 16) & 0x1f;
613 - if (!idx)
614 - goto illegal;
615 -
616 op0 = (void *)¤t->thread.fpr[(insn >> 21) & 0x1f];
617 - op1 = (void *)(regs->gpr[idx] + regs->gpr[(insn >> 11) & 0x1f]);
618 + if (!idx) {
619 + if (((insn >> 1) & 0x3ff) == STFIWX)
620 + op1 = (void *)(regs->gpr[(insn >> 11) & 0x1f]);
621 + else
622 + goto illegal;
623 + } else {
624 + op1 = (void *)(regs->gpr[idx] + regs->gpr[(insn >> 11) & 0x1f]);
625 + }
626 +
627 break;
629 case XEU:
630 diff --git a/arch/powerpc/mm/hash_utils_64.c b/arch/powerpc/mm/hash_utils_64.c
631 index 4f2f453..c84b7cc 100644
632 --- a/arch/powerpc/mm/hash_utils_64.c
633 +++ b/arch/powerpc/mm/hash_utils_64.c
634 @@ -795,7 +795,7 @@ void hash_preload(struct mm_struct *mm, unsigned long ea,
636 #ifdef CONFIG_PPC_MM_SLICES
637 /* We only prefault standard pages for now */
638 - if (unlikely(get_slice_psize(mm, ea) != mm->context.user_psize));
639 + if (unlikely(get_slice_psize(mm, ea) != mm->context.user_psize))
640 return;
641 #endif
643 diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c
644 index f833dba..d5fd390 100644
645 --- a/arch/powerpc/mm/slice.c
646 +++ b/arch/powerpc/mm/slice.c
647 @@ -405,6 +405,8 @@ unsigned long slice_get_unmapped_area(unsigned long addr, unsigned long len,
649 if (len > mm->task_size)
650 return -ENOMEM;
651 + if (len & ((1ul << pshift) - 1))
652 + return -EINVAL;
653 if (fixed && (addr & ((1ul << pshift) - 1)))
654 return -EINVAL;
655 if (fixed && addr > (mm->task_size - len))
656 diff --git a/arch/powerpc/platforms/83xx/mpc832x_mds.c b/arch/powerpc/platforms/83xx/mpc832x_mds.c
657 index 94843ed..fff09f5 100644
658 --- a/arch/powerpc/platforms/83xx/mpc832x_mds.c
659 +++ b/arch/powerpc/platforms/83xx/mpc832x_mds.c
660 @@ -111,7 +111,6 @@ static struct of_device_id mpc832x_ids[] = {
661 { .type = "soc", },
662 { .compatible = "soc", },
663 { .type = "qe", },
664 - { .type = "mdio", },
665 {},
666 };
668 diff --git a/arch/powerpc/platforms/83xx/mpc832x_rdb.c b/arch/powerpc/platforms/83xx/mpc832x_rdb.c
669 index 3db68b7..44a7661 100644
670 --- a/arch/powerpc/platforms/83xx/mpc832x_rdb.c
671 +++ b/arch/powerpc/platforms/83xx/mpc832x_rdb.c
672 @@ -75,7 +75,6 @@ static struct of_device_id mpc832x_ids[] = {
673 { .type = "soc", },
674 { .compatible = "soc", },
675 { .type = "qe", },
676 - { .type = "mdio", },
677 {},
678 };
680 diff --git a/arch/powerpc/platforms/83xx/mpc836x_mds.c b/arch/powerpc/platforms/83xx/mpc836x_mds.c
681 index bceeff8..526ed09 100644
682 --- a/arch/powerpc/platforms/83xx/mpc836x_mds.c
683 +++ b/arch/powerpc/platforms/83xx/mpc836x_mds.c
684 @@ -118,7 +118,6 @@ static struct of_device_id mpc836x_ids[] = {
685 { .type = "soc", },
686 { .compatible = "soc", },
687 { .type = "qe", },
688 - { .type = "mdio", },
689 {},
690 };
692 diff --git a/arch/powerpc/platforms/85xx/mpc85xx_mds.c b/arch/powerpc/platforms/85xx/mpc85xx_mds.c
693 index e3dddbf..54db416 100644
694 --- a/arch/powerpc/platforms/85xx/mpc85xx_mds.c
695 +++ b/arch/powerpc/platforms/85xx/mpc85xx_mds.c
696 @@ -147,7 +147,6 @@ static struct of_device_id mpc85xx_ids[] = {
697 { .type = "soc", },
698 { .compatible = "soc", },
699 { .type = "qe", },
700 - { .type = "mdio", },
701 {},
702 };
704 diff --git a/arch/sparc/kernel/entry.S b/arch/sparc/kernel/entry.S
705 index 831f540..eac3838 100644
706 --- a/arch/sparc/kernel/entry.S
707 +++ b/arch/sparc/kernel/entry.S
708 @@ -1749,8 +1749,8 @@ fpload:
709 __ndelay:
710 save %sp, -STACKFRAME_SZ, %sp
711 mov %i0, %o0
712 - call .umul
713 - mov 0x1ad, %o1 ! 2**32 / (1 000 000 000 / HZ)
714 + call .umul ! round multiplier up so large ns ok
715 + mov 0x1ae, %o1 ! 2**32 / (1 000 000 000 / HZ)
716 call .umul
717 mov %i1, %o1 ! udelay_val
718 ba delay_continue
719 @@ -1760,11 +1760,17 @@ __ndelay:
720 __udelay:
721 save %sp, -STACKFRAME_SZ, %sp
722 mov %i0, %o0
723 - sethi %hi(0x10c6), %o1
724 + sethi %hi(0x10c7), %o1 ! round multiplier up so large us ok
725 call .umul
726 - or %o1, %lo(0x10c6), %o1 ! 2**32 / 1 000 000
727 + or %o1, %lo(0x10c7), %o1 ! 2**32 / 1 000 000
728 call .umul
729 mov %i1, %o1 ! udelay_val
730 + sethi %hi(0x028f4b62), %l0 ! Add in rounding constant * 2**32,
731 + or %g0, %lo(0x028f4b62), %l0
732 + addcc %o0, %l0, %o0 ! 2**32 * 0.009 999
733 + bcs,a 3f
734 + add %o1, 0x01, %o1
735 +3:
736 call .umul
737 mov HZ, %o0 ! >>32 earlier for wider range
739 diff --git a/arch/sparc/lib/memset.S b/arch/sparc/lib/memset.S
740 index a65eba4..1c37ea8 100644
741 --- a/arch/sparc/lib/memset.S
742 +++ b/arch/sparc/lib/memset.S
743 @@ -162,7 +162,7 @@ __bzero:
744 8:
745 add %o0, 1, %o0
746 subcc %o1, 1, %o1
747 - bne,a 8b
748 + bne 8b
749 EX(stb %g3, [%o0 - 1], add %o1, 1)
750 0:
751 retl
752 diff --git a/arch/sparc64/kernel/chmc.c b/arch/sparc64/kernel/chmc.c
753 index 777d345..6d4f02e 100644
754 --- a/arch/sparc64/kernel/chmc.c
755 +++ b/arch/sparc64/kernel/chmc.c
756 @@ -1,7 +1,6 @@
757 -/* $Id: chmc.c,v 1.4 2002/01/08 16:00:14 davem Exp $
758 - * memctrlr.c: Driver for UltraSPARC-III memory controller.
759 +/* memctrlr.c: Driver for UltraSPARC-III memory controller.
760 *
761 - * Copyright (C) 2001 David S. Miller (davem@redhat.com)
762 + * Copyright (C) 2001, 2007 David S. Miller (davem@davemloft.net)
763 */
765 #include <linux/module.h>
766 @@ -16,6 +15,7 @@
767 #include <linux/init.h>
768 #include <asm/spitfire.h>
769 #include <asm/chmctrl.h>
770 +#include <asm/cpudata.h>
771 #include <asm/oplib.h>
772 #include <asm/prom.h>
773 #include <asm/io.h>
774 @@ -242,8 +242,11 @@ int chmc_getunumber(int syndrome_code,
775 */
776 static u64 read_mcreg(struct mctrl_info *mp, unsigned long offset)
777 {
778 - unsigned long ret;
779 - int this_cpu = get_cpu();
780 + unsigned long ret, this_cpu;
781 +
782 + preempt_disable();
783 +
784 + this_cpu = real_hard_smp_processor_id();
786 if (mp->portid == this_cpu) {
787 __asm__ __volatile__("ldxa [%1] %2, %0"
788 @@ -255,7 +258,8 @@ static u64 read_mcreg(struct mctrl_info *mp, unsigned long offset)
789 : "r" (mp->regs + offset),
790 "i" (ASI_PHYS_BYPASS_EC_E));
791 }
792 - put_cpu();
793 +
794 + preempt_enable();
796 return ret;
797 }
798 diff --git a/arch/sparc64/kernel/entry.S b/arch/sparc64/kernel/entry.S
799 index 8059531..193791c 100644
800 --- a/arch/sparc64/kernel/entry.S
801 +++ b/arch/sparc64/kernel/entry.S
802 @@ -2593,3 +2593,15 @@ sun4v_mmustat_info:
803 retl
804 nop
805 .size sun4v_mmustat_info, .-sun4v_mmustat_info
806 +
807 + .globl sun4v_mmu_demap_all
808 + .type sun4v_mmu_demap_all,#function
809 +sun4v_mmu_demap_all:
810 + clr %o0
811 + clr %o1
812 + mov HV_MMU_ALL, %o2
813 + mov HV_FAST_MMU_DEMAP_ALL, %o5
814 + ta HV_FAST_TRAP
815 + retl
816 + nop
817 + .size sun4v_mmu_demap_all, .-sun4v_mmu_demap_all
818 diff --git a/arch/sparc64/kernel/head.S b/arch/sparc64/kernel/head.S
819 index 7725952..35feacb 100644
820 --- a/arch/sparc64/kernel/head.S
821 +++ b/arch/sparc64/kernel/head.S
822 @@ -458,7 +458,6 @@ tlb_fixup_done:
823 or %g6, %lo(init_thread_union), %g6
824 ldx [%g6 + TI_TASK], %g4
825 mov %sp, %l6
826 - mov %o4, %l7
828 wr %g0, ASI_P, %asi
829 mov 1, %g1
830 diff --git a/arch/sparc64/kernel/pci.c b/arch/sparc64/kernel/pci.c
831 index 81f4a5e..154f10e 100644
832 --- a/arch/sparc64/kernel/pci.c
833 +++ b/arch/sparc64/kernel/pci.c
834 @@ -422,10 +422,15 @@ struct pci_dev *of_create_pci_dev(struct pci_pbm_info *pbm,
835 dev->multifunction = 0; /* maybe a lie? */
837 if (host_controller) {
838 - dev->vendor = 0x108e;
839 - dev->device = 0x8000;
840 - dev->subsystem_vendor = 0x0000;
841 - dev->subsystem_device = 0x0000;
842 + if (tlb_type != hypervisor) {
843 + pci_read_config_word(dev, PCI_VENDOR_ID,
844 + &dev->vendor);
845 + pci_read_config_word(dev, PCI_DEVICE_ID,
846 + &dev->device);
847 + } else {
848 + dev->vendor = PCI_VENDOR_ID_SUN;
849 + dev->device = 0x80f0;
850 + }
851 dev->cfg_size = 256;
852 dev->class = PCI_CLASS_BRIDGE_HOST << 8;
853 sprintf(pci_name(dev), "%04x:%02x:%02x.%d", pci_domain_nr(bus),
854 @@ -746,7 +751,7 @@ static void __devinit pci_of_scan_bus(struct pci_pbm_info *pbm,
855 {
856 struct device_node *child;
857 const u32 *reg;
858 - int reglen, devfn;
859 + int reglen, devfn, prev_devfn;
860 struct pci_dev *dev;
862 if (ofpci_verbose)
863 @@ -754,14 +759,25 @@ static void __devinit pci_of_scan_bus(struct pci_pbm_info *pbm,
864 node->full_name, bus->number);
866 child = NULL;
867 + prev_devfn = -1;
868 while ((child = of_get_next_child(node, child)) != NULL) {
869 if (ofpci_verbose)
870 printk(" * %s\n", child->full_name);
871 reg = of_get_property(child, "reg", ®len);
872 if (reg == NULL || reglen < 20)
873 continue;
874 +
875 devfn = (reg[0] >> 8) & 0xff;
877 + /* This is a workaround for some device trees
878 + * which list PCI devices twice. On the V100
879 + * for example, device number 3 is listed twice.
880 + * Once as "pm" and once again as "lomp".
881 + */
882 + if (devfn == prev_devfn)
883 + continue;
884 + prev_devfn = devfn;
885 +
886 /* create a new pci_dev for this device */
887 dev = of_create_pci_dev(pbm, child, bus, devfn, 0);
888 if (!dev)
889 @@ -817,7 +833,7 @@ int pci_host_bridge_read_pci_cfg(struct pci_bus *bus_dev,
890 {
891 static u8 fake_pci_config[] = {
892 0x8e, 0x10, /* Vendor: 0x108e (Sun) */
893 - 0x00, 0x80, /* Device: 0x8000 (PBM) */
894 + 0xf0, 0x80, /* Device: 0x80f0 (Fire) */
895 0x46, 0x01, /* Command: 0x0146 (SERR, PARITY, MASTER, MEM) */
896 0xa0, 0x22, /* Status: 0x02a0 (DEVSEL_MED, FB2B, 66MHZ) */
897 0x00, 0x00, 0x00, 0x06, /* Class: 0x06000000 host bridge */
898 diff --git a/arch/sparc64/kernel/pci_common.c b/arch/sparc64/kernel/pci_common.c
899 index 4249214..2f61c4b 100644
900 --- a/arch/sparc64/kernel/pci_common.c
901 +++ b/arch/sparc64/kernel/pci_common.c
902 @@ -44,6 +44,67 @@ static void *sun4u_config_mkaddr(struct pci_pbm_info *pbm,
903 return (void *) (pbm->config_space | bus | devfn | reg);
904 }
906 +/* At least on Sabre, it is necessary to access all PCI host controller
907 + * registers at their natural size, otherwise zeros are returned.
908 + * Strange but true, and I see no language in the UltraSPARC-IIi
909 + * programmer's manual that mentions this even indirectly.
910 + */
911 +static int sun4u_read_pci_cfg_host(struct pci_pbm_info *pbm,
912 + unsigned char bus, unsigned int devfn,
913 + int where, int size, u32 *value)
914 +{
915 + u32 tmp32, *addr;
916 + u16 tmp16;
917 + u8 tmp8;
918 +
919 + addr = sun4u_config_mkaddr(pbm, bus, devfn, where);
920 + if (!addr)
921 + return PCIBIOS_SUCCESSFUL;
922 +
923 + switch (size) {
924 + case 1:
925 + if (where < 8) {
926 + unsigned long align = (unsigned long) addr;
927 +
928 + align &= ~1;
929 + pci_config_read16((u16 *)align, &tmp16);
930 + if (where & 1)
931 + *value = tmp16 >> 8;
932 + else
933 + *value = tmp16 & 0xff;
934 + } else {
935 + pci_config_read8((u8 *)addr, &tmp8);
936 + *value = (u32) tmp8;
937 + }
938 + break;
939 +
940 + case 2:
941 + if (where < 8) {
942 + pci_config_read16((u16 *)addr, &tmp16);
943 + *value = (u32) tmp16;
944 + } else {
945 + pci_config_read8((u8 *)addr, &tmp8);
946 + *value = (u32) tmp8;
947 + pci_config_read8(((u8 *)addr) + 1, &tmp8);
948 + *value |= ((u32) tmp8) << 8;
949 + }
950 + break;
951 +
952 + case 4:
953 + tmp32 = 0xffffffff;
954 + sun4u_read_pci_cfg_host(pbm, bus, devfn,
955 + where, 2, &tmp32);
956 + *value = tmp32;
957 +
958 + tmp32 = 0xffffffff;
959 + sun4u_read_pci_cfg_host(pbm, bus, devfn,
960 + where + 2, 2, &tmp32);
961 + *value |= tmp32 << 16;
962 + break;
963 + }
964 + return PCIBIOS_SUCCESSFUL;
965 +}
966 +
967 static int sun4u_read_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
968 int where, int size, u32 *value)
969 {
970 @@ -53,10 +114,6 @@ static int sun4u_read_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
971 u16 tmp16;
972 u8 tmp8;
974 - if (bus_dev == pbm->pci_bus && devfn == 0x00)
975 - return pci_host_bridge_read_pci_cfg(bus_dev, devfn, where,
976 - size, value);
977 -
978 switch (size) {
979 case 1:
980 *value = 0xff;
981 @@ -69,6 +126,10 @@ static int sun4u_read_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
982 break;
983 }
985 + if (!bus_dev->number && !PCI_SLOT(devfn))
986 + return sun4u_read_pci_cfg_host(pbm, bus, devfn, where,
987 + size, value);
988 +
989 addr = sun4u_config_mkaddr(pbm, bus, devfn, where);
990 if (!addr)
991 return PCIBIOS_SUCCESSFUL;
992 @@ -101,6 +162,53 @@ static int sun4u_read_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
993 return PCIBIOS_SUCCESSFUL;
994 }
996 +static int sun4u_write_pci_cfg_host(struct pci_pbm_info *pbm,
997 + unsigned char bus, unsigned int devfn,
998 + int where, int size, u32 value)
999 +{
1000 + u32 *addr;
1001 +
1002 + addr = sun4u_config_mkaddr(pbm, bus, devfn, where);
1003 + if (!addr)
1004 + return PCIBIOS_SUCCESSFUL;
1005 +
1006 + switch (size) {
1007 + case 1:
1008 + if (where < 8) {
1009 + unsigned long align = (unsigned long) addr;
1010 + u16 tmp16;
1011 +
1012 + align &= ~1;
1013 + pci_config_read16((u16 *)align, &tmp16);
1014 + if (where & 1) {
1015 + tmp16 &= 0x00ff;
1016 + tmp16 |= value << 8;
1017 + } else {
1018 + tmp16 &= 0xff00;
1019 + tmp16 |= value;
1020 + }
1021 + pci_config_write16((u16 *)align, tmp16);
1022 + } else
1023 + pci_config_write8((u8 *)addr, value);
1024 + break;
1025 + case 2:
1026 + if (where < 8) {
1027 + pci_config_write16((u16 *)addr, value);
1028 + } else {
1029 + pci_config_write8((u8 *)addr, value & 0xff);
1030 + pci_config_write8(((u8 *)addr) + 1, value >> 8);
1031 + }
1032 + break;
1033 + case 4:
1034 + sun4u_write_pci_cfg_host(pbm, bus, devfn,
1035 + where, 2, value & 0xffff);
1036 + sun4u_write_pci_cfg_host(pbm, bus, devfn,
1037 + where + 2, 2, value >> 16);
1038 + break;
1039 + }
1040 + return PCIBIOS_SUCCESSFUL;
1041 +}
1042 +
1043 static int sun4u_write_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
1044 int where, int size, u32 value)
1045 {
1046 @@ -108,9 +216,10 @@ static int sun4u_write_pci_cfg(struct pci_bus *bus_dev, unsigned int devfn,
1047 unsigned char bus = bus_dev->number;
1048 u32 *addr;
1050 - if (bus_dev == pbm->pci_bus && devfn == 0x00)
1051 - return pci_host_bridge_write_pci_cfg(bus_dev, devfn, where,
1052 - size, value);
1053 + if (!bus_dev->number && !PCI_SLOT(devfn))
1054 + return sun4u_write_pci_cfg_host(pbm, bus, devfn, where,
1055 + size, value);
1056 +
1057 addr = sun4u_config_mkaddr(pbm, bus, devfn, where);
1058 if (!addr)
1059 return PCIBIOS_SUCCESSFUL;
1060 diff --git a/arch/sparc64/kernel/smp.c b/arch/sparc64/kernel/smp.c
1061 index 4dcd7d0..3ddd99c 100644
1062 --- a/arch/sparc64/kernel/smp.c
1063 +++ b/arch/sparc64/kernel/smp.c
1064 @@ -403,7 +403,7 @@ static __inline__ void spitfire_xcall_deliver(u64 data0, u64 data1, u64 data2, c
1065 */
1066 static void cheetah_xcall_deliver(u64 data0, u64 data1, u64 data2, cpumask_t mask)
1067 {
1068 - u64 pstate, ver;
1069 + u64 pstate, ver, busy_mask;
1070 int nack_busy_id, is_jbus, need_more;
1072 if (cpus_empty(mask))
1073 @@ -435,14 +435,20 @@ retry:
1074 "i" (ASI_INTR_W));
1076 nack_busy_id = 0;
1077 + busy_mask = 0;
1078 {
1079 int i;
1081 for_each_cpu_mask(i, mask) {
1082 u64 target = (i << 14) | 0x70;
1084 - if (!is_jbus)
1085 + if (is_jbus) {
1086 + busy_mask |= (0x1UL << (i * 2));
1087 + } else {
1088 target |= (nack_busy_id << 24);
1089 + busy_mask |= (0x1UL <<
1090 + (nack_busy_id * 2));
1091 + }
1092 __asm__ __volatile__(
1093 "stxa %%g0, [%0] %1\n\t"
1094 "membar #Sync\n\t"
1095 @@ -458,15 +464,16 @@ retry:
1097 /* Now, poll for completion. */
1098 {
1099 - u64 dispatch_stat;
1100 + u64 dispatch_stat, nack_mask;
1101 long stuck;
1103 stuck = 100000 * nack_busy_id;
1104 + nack_mask = busy_mask << 1;
1105 do {
1106 __asm__ __volatile__("ldxa [%%g0] %1, %0"
1107 : "=r" (dispatch_stat)
1108 : "i" (ASI_INTR_DISPATCH_STAT));
1109 - if (dispatch_stat == 0UL) {
1110 + if (!(dispatch_stat & (busy_mask | nack_mask))) {
1111 __asm__ __volatile__("wrpr %0, 0x0, %%pstate"
1112 : : "r" (pstate));
1113 if (unlikely(need_more)) {
1114 @@ -483,12 +490,12 @@ retry:
1115 }
1116 if (!--stuck)
1117 break;
1118 - } while (dispatch_stat & 0x5555555555555555UL);
1119 + } while (dispatch_stat & busy_mask);
1121 __asm__ __volatile__("wrpr %0, 0x0, %%pstate"
1122 : : "r" (pstate));
1124 - if ((dispatch_stat & ~(0x5555555555555555UL)) == 0) {
1125 + if (dispatch_stat & busy_mask) {
1126 /* Busy bits will not clear, continue instead
1127 * of freezing up on this cpu.
1128 */
1129 diff --git a/arch/sparc64/kernel/sys_sparc.c b/arch/sparc64/kernel/sys_sparc.c
1130 index d108eeb..0d5c502 100644
1131 --- a/arch/sparc64/kernel/sys_sparc.c
1132 +++ b/arch/sparc64/kernel/sys_sparc.c
1133 @@ -436,7 +436,7 @@ out:
1134 asmlinkage long sys_ipc(unsigned int call, int first, unsigned long second,
1135 unsigned long third, void __user *ptr, long fifth)
1136 {
1137 - int err;
1138 + long err;
1140 /* No need for backward compatibility. We can start fresh... */
1141 if (call <= SEMCTL) {
1142 @@ -453,16 +453,9 @@ asmlinkage long sys_ipc(unsigned int call, int first, unsigned long second,
1143 err = sys_semget(first, (int)second, (int)third);
1144 goto out;
1145 case SEMCTL: {
1146 - union semun fourth;
1147 - err = -EINVAL;
1148 - if (!ptr)
1149 - goto out;
1150 - err = -EFAULT;
1151 - if (get_user(fourth.__pad,
1152 - (void __user * __user *) ptr))
1153 - goto out;
1154 - err = sys_semctl(first, (int)second | IPC_64,
1155 - (int)third, fourth);
1156 + err = sys_semctl(first, third,
1157 + (int)second | IPC_64,
1158 + (union semun) ptr);
1159 goto out;
1160 }
1161 default:
1162 diff --git a/arch/sparc64/kernel/traps.c b/arch/sparc64/kernel/traps.c
1163 index 00a9e32..a05b37f 100644
1164 --- a/arch/sparc64/kernel/traps.c
1165 +++ b/arch/sparc64/kernel/traps.c
1166 @@ -2134,12 +2134,20 @@ static void user_instruction_dump (unsigned int __user *pc)
1167 void show_stack(struct task_struct *tsk, unsigned long *_ksp)
1168 {
1169 unsigned long pc, fp, thread_base, ksp;
1170 - void *tp = task_stack_page(tsk);
1171 + struct thread_info *tp;
1172 struct reg_window *rw;
1173 int count = 0;
1175 ksp = (unsigned long) _ksp;
1176 -
1177 + if (!tsk)
1178 + tsk = current;
1179 + tp = task_thread_info(tsk);
1180 + if (ksp == 0UL) {
1181 + if (tsk == current)
1182 + asm("mov %%fp, %0" : "=r" (ksp));
1183 + else
1184 + ksp = tp->ksp;
1185 + }
1186 if (tp == current_thread_info())
1187 flushw_all();
1189 @@ -2168,11 +2176,7 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp)
1191 void dump_stack(void)
1192 {
1193 - unsigned long *ksp;
1194 -
1195 - __asm__ __volatile__("mov %%fp, %0"
1196 - : "=r" (ksp));
1197 - show_stack(current, ksp);
1198 + show_stack(current, NULL);
1199 }
1201 EXPORT_SYMBOL(dump_stack);
1202 diff --git a/arch/sparc64/mm/fault.c b/arch/sparc64/mm/fault.c
1203 index b582024..e2cb991 100644
1204 --- a/arch/sparc64/mm/fault.c
1205 +++ b/arch/sparc64/mm/fault.c
1206 @@ -112,15 +112,12 @@ static void __kprobes unhandled_fault(unsigned long address,
1208 static void bad_kernel_pc(struct pt_regs *regs, unsigned long vaddr)
1209 {
1210 - unsigned long *ksp;
1211 -
1212 printk(KERN_CRIT "OOPS: Bogus kernel PC [%016lx] in fault handler\n",
1213 regs->tpc);
1214 printk(KERN_CRIT "OOPS: RPC [%016lx]\n", regs->u_regs[15]);
1215 print_symbol("RPC: <%s>\n", regs->u_regs[15]);
1216 printk(KERN_CRIT "OOPS: Fault was to vaddr[%lx]\n", vaddr);
1217 - __asm__("mov %%sp, %0" : "=r" (ksp));
1218 - show_stack(current, ksp);
1219 + dump_stack();
1220 unhandled_fault(regs->tpc, current, regs);
1221 }
1223 diff --git a/arch/sparc64/mm/init.c b/arch/sparc64/mm/init.c
1224 index 3010227..ed2484d 100644
1225 --- a/arch/sparc64/mm/init.c
1226 +++ b/arch/sparc64/mm/init.c
1227 @@ -1135,14 +1135,9 @@ static void __init mark_kpte_bitmap(unsigned long start, unsigned long end)
1228 }
1229 }
1231 -static void __init kernel_physical_mapping_init(void)
1232 +static void __init init_kpte_bitmap(void)
1233 {
1234 unsigned long i;
1235 -#ifdef CONFIG_DEBUG_PAGEALLOC
1236 - unsigned long mem_alloced = 0UL;
1237 -#endif
1238 -
1239 - read_obp_memory("reg", &pall[0], &pall_ents);
1241 for (i = 0; i < pall_ents; i++) {
1242 unsigned long phys_start, phys_end;
1243 @@ -1151,14 +1146,24 @@ static void __init kernel_physical_mapping_init(void)
1244 phys_end = phys_start + pall[i].reg_size;
1246 mark_kpte_bitmap(phys_start, phys_end);
1247 + }
1248 +}
1250 +static void __init kernel_physical_mapping_init(void)
1251 +{
1252 #ifdef CONFIG_DEBUG_PAGEALLOC
1253 + unsigned long i, mem_alloced = 0UL;
1254 +
1255 + for (i = 0; i < pall_ents; i++) {
1256 + unsigned long phys_start, phys_end;
1257 +
1258 + phys_start = pall[i].phys_addr;
1259 + phys_end = phys_start + pall[i].reg_size;
1260 +
1261 mem_alloced += kernel_map_range(phys_start, phys_end,
1262 PAGE_KERNEL);
1263 -#endif
1264 }
1266 -#ifdef CONFIG_DEBUG_PAGEALLOC
1267 printk("Allocated %ld bytes for kernel page tables.\n",
1268 mem_alloced);
1270 @@ -1400,6 +1405,10 @@ void __init paging_init(void)
1272 inherit_prom_mappings();
1274 + read_obp_memory("reg", &pall[0], &pall_ents);
1275 +
1276 + init_kpte_bitmap();
1277 +
1278 /* Ok, we can use our TLB miss and window trap handlers safely. */
1279 setup_tba();
1281 @@ -1854,7 +1863,9 @@ void __flush_tlb_all(void)
1282 "wrpr %0, %1, %%pstate"
1283 : "=r" (pstate)
1284 : "i" (PSTATE_IE));
1285 - if (tlb_type == spitfire) {
1286 + if (tlb_type == hypervisor) {
1287 + sun4v_mmu_demap_all();
1288 + } else if (tlb_type == spitfire) {
1289 for (i = 0; i < 64; i++) {
1290 /* Spitfire Errata #32 workaround */
1291 /* NOTE: Always runs on spitfire, so no
1292 diff --git a/arch/um/drivers/ubd_kern.c b/arch/um/drivers/ubd_kern.c
1293 index 2e09f16..2c491a5 100644
1294 --- a/arch/um/drivers/ubd_kern.c
1295 +++ b/arch/um/drivers/ubd_kern.c
1296 @@ -612,6 +612,8 @@ static int ubd_open_dev(struct ubd *ubd_dev)
1297 ubd_dev->fd = fd;
1299 if(ubd_dev->cow.file != NULL){
1300 + blk_queue_max_sectors(ubd_dev->queue, 8 * sizeof(long));
1301 +
1302 err = -ENOMEM;
1303 ubd_dev->cow.bitmap = (void *) vmalloc(ubd_dev->cow.bitmap_len);
1304 if(ubd_dev->cow.bitmap == NULL){
1305 diff --git a/arch/um/os-Linux/user_syms.c b/arch/um/os-Linux/user_syms.c
1306 index 3f33165..419b2d5 100644
1307 --- a/arch/um/os-Linux/user_syms.c
1308 +++ b/arch/um/os-Linux/user_syms.c
1309 @@ -5,7 +5,8 @@
1310 * so I *must* declare good prototypes for them and then EXPORT them.
1311 * The kernel code uses the macro defined by include/linux/string.h,
1312 * so I undef macros; the userspace code does not include that and I
1313 - * add an EXPORT for the glibc one.*/
1314 + * add an EXPORT for the glibc one.
1315 + */
1317 #undef strlen
1318 #undef strstr
1319 @@ -61,12 +62,18 @@ EXPORT_SYMBOL_PROTO(dup2);
1320 EXPORT_SYMBOL_PROTO(__xstat);
1321 EXPORT_SYMBOL_PROTO(__lxstat);
1322 EXPORT_SYMBOL_PROTO(__lxstat64);
1323 +EXPORT_SYMBOL_PROTO(__fxstat64);
1324 EXPORT_SYMBOL_PROTO(lseek);
1325 EXPORT_SYMBOL_PROTO(lseek64);
1326 EXPORT_SYMBOL_PROTO(chown);
1327 +EXPORT_SYMBOL_PROTO(fchown);
1328 EXPORT_SYMBOL_PROTO(truncate);
1329 +EXPORT_SYMBOL_PROTO(ftruncate64);
1330 EXPORT_SYMBOL_PROTO(utime);
1331 +EXPORT_SYMBOL_PROTO(utimes);
1332 +EXPORT_SYMBOL_PROTO(futimes);
1333 EXPORT_SYMBOL_PROTO(chmod);
1334 +EXPORT_SYMBOL_PROTO(fchmod);
1335 EXPORT_SYMBOL_PROTO(rename);
1336 EXPORT_SYMBOL_PROTO(__xmknod);
1338 @@ -102,14 +109,3 @@ EXPORT_SYMBOL(__stack_smash_handler);
1340 extern long __guard __attribute__((weak));
1341 EXPORT_SYMBOL(__guard);
1342 -
1343 -/*
1344 - * Overrides for Emacs so that we follow Linus's tabbing style.
1345 - * Emacs will notice this stuff at the end of the file and automatically
1346 - * adjust the settings for this buffer only. This must remain at the end
1347 - * of the file.
1348 - * ---------------------------------------------------------------------------
1349 - * Local variables:
1350 - * c-file-style: "linux"
1351 - * End:
1352 - */
1353 diff --git a/arch/x86_64/Makefile b/arch/x86_64/Makefile
1354 index 29617ae..fdab077 100644
1355 --- a/arch/x86_64/Makefile
1356 +++ b/arch/x86_64/Makefile
1357 @@ -57,8 +57,8 @@ cflags-y += $(call cc-option,-mno-sse -mno-mmx -mno-sse2 -mno-3dnow,)
1358 cflags-y += -maccumulate-outgoing-args
1360 # do binutils support CFI?
1361 -cflags-y += $(call as-instr,.cfi_startproc\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
1362 -AFLAGS += $(call as-instr,.cfi_startproc\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
1363 +cflags-y += $(call as-instr,.cfi_startproc\n.cfi_rel_offset rsp${comma}0\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
1364 +AFLAGS += $(call as-instr,.cfi_startproc\n.cfi_rel_offset rsp${comma}0\n.cfi_endproc,-DCONFIG_AS_CFI=1,)
1366 # is .cfi_signal_frame supported too?
1367 cflags-y += $(call as-instr,.cfi_startproc\n.cfi_signal_frame\n.cfi_endproc,-DCONFIG_AS_CFI_SIGNAL_FRAME=1,)
1368 diff --git a/arch/x86_64/ia32/ia32entry.S b/arch/x86_64/ia32/ia32entry.S
1369 index 47565c3..0bc623a 100644
1370 --- a/arch/x86_64/ia32/ia32entry.S
1371 +++ b/arch/x86_64/ia32/ia32entry.S
1372 @@ -38,6 +38,18 @@
1373 movq %rax,R8(%rsp)
1374 .endm
1376 + .macro LOAD_ARGS32 offset
1377 + movl \offset(%rsp),%r11d
1378 + movl \offset+8(%rsp),%r10d
1379 + movl \offset+16(%rsp),%r9d
1380 + movl \offset+24(%rsp),%r8d
1381 + movl \offset+40(%rsp),%ecx
1382 + movl \offset+48(%rsp),%edx
1383 + movl \offset+56(%rsp),%esi
1384 + movl \offset+64(%rsp),%edi
1385 + movl \offset+72(%rsp),%eax
1386 + .endm
1387 +
1388 .macro CFI_STARTPROC32 simple
1389 CFI_STARTPROC \simple
1390 CFI_UNDEFINED r8
1391 @@ -152,7 +164,7 @@ sysenter_tracesys:
1392 movq $-ENOSYS,RAX(%rsp) /* really needed? */
1393 movq %rsp,%rdi /* &pt_regs -> arg1 */
1394 call syscall_trace_enter
1395 - LOAD_ARGS ARGOFFSET /* reload args from stack in case ptrace changed it */
1396 + LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
1397 RESTORE_REST
1398 movl %ebp, %ebp
1399 /* no need to do an access_ok check here because rbp has been
1400 @@ -255,7 +267,7 @@ cstar_tracesys:
1401 movq $-ENOSYS,RAX(%rsp) /* really needed? */
1402 movq %rsp,%rdi /* &pt_regs -> arg1 */
1403 call syscall_trace_enter
1404 - LOAD_ARGS ARGOFFSET /* reload args from stack in case ptrace changed it */
1405 + LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
1406 RESTORE_REST
1407 movl RSP-ARGOFFSET(%rsp), %r8d
1408 /* no need to do an access_ok check here because r8 has been
1409 @@ -333,7 +345,7 @@ ia32_tracesys:
1410 movq $-ENOSYS,RAX(%rsp) /* really needed? */
1411 movq %rsp,%rdi /* &pt_regs -> arg1 */
1412 call syscall_trace_enter
1413 - LOAD_ARGS ARGOFFSET /* reload args from stack in case ptrace changed it */
1414 + LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
1415 RESTORE_REST
1416 jmp ia32_do_syscall
1417 END(ia32_syscall)
1418 diff --git a/arch/x86_64/kernel/Makefile b/arch/x86_64/kernel/Makefile
1419 index de1de8a..4d94c51 100644
1420 --- a/arch/x86_64/kernel/Makefile
1421 +++ b/arch/x86_64/kernel/Makefile
1422 @@ -32,7 +32,6 @@ obj-$(CONFIG_EARLY_PRINTK) += early_printk.o
1423 obj-$(CONFIG_IOMMU) += pci-gart.o aperture.o
1424 obj-$(CONFIG_CALGARY_IOMMU) += pci-calgary.o tce.o
1425 obj-$(CONFIG_SWIOTLB) += pci-swiotlb.o
1426 -obj-$(CONFIG_SERIAL_8250) += legacy_serial.o
1427 obj-$(CONFIG_KPROBES) += kprobes.o
1428 obj-$(CONFIG_X86_PM_TIMER) += pmtimer.o
1429 obj-$(CONFIG_X86_VSMP) += vsmp.o
1430 @@ -50,7 +49,6 @@ CFLAGS_vsyscall.o := $(PROFILING) -g0
1432 therm_throt-y += ../../i386/kernel/cpu/mcheck/therm_throt.o
1433 bootflag-y += ../../i386/kernel/bootflag.o
1434 -legacy_serial-y += ../../i386/kernel/legacy_serial.o
1435 cpuid-$(subst m,y,$(CONFIG_X86_CPUID)) += ../../i386/kernel/cpuid.o
1436 topology-y += ../../i386/kernel/topology.o
1437 microcode-$(subst m,y,$(CONFIG_MICROCODE)) += ../../i386/kernel/microcode.o
1438 diff --git a/arch/x86_64/kernel/head.S b/arch/x86_64/kernel/head.S
1439 index 1fab487..c63fc64 100644
1440 --- a/arch/x86_64/kernel/head.S
1441 +++ b/arch/x86_64/kernel/head.S
1442 @@ -326,8 +326,7 @@ NEXT_PAGE(level2_kernel_pgt)
1443 /* 40MB kernel mapping. The kernel code cannot be bigger than that.
1444 When you change this change KERNEL_TEXT_SIZE in page.h too. */
1445 /* (2^48-(2*1024*1024*1024)-((2^39)*511)-((2^30)*510)) = 0 */
1446 - PMDS(0x0000000000000000, __PAGE_KERNEL_LARGE_EXEC|_PAGE_GLOBAL,
1447 - KERNEL_TEXT_SIZE/PMD_SIZE)
1448 + PMDS(0x0000000000000000, __PAGE_KERNEL_LARGE_EXEC|_PAGE_GLOBAL, KERNEL_TEXT_SIZE/PMD_SIZE)
1449 /* Module mapping starts here */
1450 .fill (PTRS_PER_PMD - (KERNEL_TEXT_SIZE/PMD_SIZE)),8,0
1452 diff --git a/arch/x86_64/kernel/io_apic.c b/arch/x86_64/kernel/io_apic.c
1453 index 1c6c6f7..34d7cde 100644
1454 --- a/arch/x86_64/kernel/io_apic.c
1455 +++ b/arch/x86_64/kernel/io_apic.c
1456 @@ -774,12 +774,15 @@ static struct irq_chip ioapic_chip;
1458 static void ioapic_register_intr(int irq, unsigned long trigger)
1459 {
1460 - if (trigger)
1461 + if (trigger) {
1462 + irq_desc[irq].status |= IRQ_LEVEL;
1463 set_irq_chip_and_handler_name(irq, &ioapic_chip,
1464 handle_fasteoi_irq, "fasteoi");
1465 - else
1466 + } else {
1467 + irq_desc[irq].status &= ~IRQ_LEVEL;
1468 set_irq_chip_and_handler_name(irq, &ioapic_chip,
1469 handle_edge_irq, "edge");
1470 + }
1471 }
1473 static void setup_IO_APIC_irq(int apic, int pin, unsigned int irq,
1474 diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c
1475 index 9409117..7fc0e73 100644
1476 --- a/arch/x86_64/kernel/ptrace.c
1477 +++ b/arch/x86_64/kernel/ptrace.c
1478 @@ -102,16 +102,25 @@ unsigned long convert_rip_to_linear(struct task_struct *child, struct pt_regs *r
1479 u32 *desc;
1480 unsigned long base;
1482 - down(&child->mm->context.sem);
1483 - desc = child->mm->context.ldt + (seg & ~7);
1484 - base = (desc[0] >> 16) | ((desc[1] & 0xff) << 16) | (desc[1] & 0xff000000);
1485 + seg &= ~7UL;
1487 - /* 16-bit code segment? */
1488 - if (!((desc[1] >> 22) & 1))
1489 - addr &= 0xffff;
1490 - addr += base;
1491 + down(&child->mm->context.sem);
1492 + if (unlikely((seg >> 3) >= child->mm->context.size))
1493 + addr = -1L; /* bogus selector, access would fault */
1494 + else {
1495 + desc = child->mm->context.ldt + seg;
1496 + base = ((desc[0] >> 16) |
1497 + ((desc[1] & 0xff) << 16) |
1498 + (desc[1] & 0xff000000));
1499 +
1500 + /* 16-bit code segment? */
1501 + if (!((desc[1] >> 22) & 1))
1502 + addr &= 0xffff;
1503 + addr += base;
1504 + }
1505 up(&child->mm->context.sem);
1506 }
1507 +
1508 return addr;
1509 }
1511 @@ -223,10 +232,6 @@ static int putreg(struct task_struct *child,
1512 {
1513 unsigned long tmp;
1515 - /* Some code in the 64bit emulation may not be 64bit clean.
1516 - Don't take any chances. */
1517 - if (test_tsk_thread_flag(child, TIF_IA32))
1518 - value &= 0xffffffff;
1519 switch (regno) {
1520 case offsetof(struct user_regs_struct,fs):
1521 if (value && (value & 3) != 3)
1522 diff --git a/arch/x86_64/mm/init.c b/arch/x86_64/mm/init.c
1523 index 9a0e98a..b7e514e 100644
1524 --- a/arch/x86_64/mm/init.c
1525 +++ b/arch/x86_64/mm/init.c
1526 @@ -769,8 +769,3 @@ int in_gate_area_no_task(unsigned long addr)
1527 return (addr >= VSYSCALL_START) && (addr < VSYSCALL_END);
1528 }
1530 -void *alloc_bootmem_high_node(pg_data_t *pgdat, unsigned long size)
1531 -{
1532 - return __alloc_bootmem_core(pgdat->bdata, size,
1533 - SMP_CACHE_BYTES, (4UL*1024*1024*1024), 0);
1534 -}
1535 diff --git a/arch/x86_64/mm/pageattr.c b/arch/x86_64/mm/pageattr.c
1536 index 9148f4a..d6cd5c4 100644
1537 --- a/arch/x86_64/mm/pageattr.c
1538 +++ b/arch/x86_64/mm/pageattr.c
1539 @@ -204,7 +204,7 @@ int change_page_attr_addr(unsigned long address, int numpages, pgprot_t prot)
1540 if (__pa(address) < KERNEL_TEXT_SIZE) {
1541 unsigned long addr2;
1542 pgprot_t prot2;
1543 - addr2 = __START_KERNEL_map + __pa(address);
1544 + addr2 = __START_KERNEL_map + __pa(address) - phys_base;
1545 /* Make sure the kernel mappings stay executable */
1546 prot2 = pte_pgprot(pte_mkexec(pfn_pte(0, prot)));
1547 err = __change_page_attr(addr2, pfn, prot2,
1548 @@ -227,9 +227,14 @@ void global_flush_tlb(void)
1549 struct page *pg, *next;
1550 struct list_head l;
1552 - down_read(&init_mm.mmap_sem);
1553 + /*
1554 + * Write-protect the semaphore, to exclude two contexts
1555 + * doing a list_replace_init() call in parallel and to
1556 + * exclude new additions to the deferred_pages list:
1557 + */
1558 + down_write(&init_mm.mmap_sem);
1559 list_replace_init(&deferred_pages, &l);
1560 - up_read(&init_mm.mmap_sem);
1561 + up_write(&init_mm.mmap_sem);
1563 flush_map(&l);
1565 diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
1566 index baef5fc..a131d41 100644
1567 --- a/block/cfq-iosched.c
1568 +++ b/block/cfq-iosched.c
1569 @@ -92,6 +92,8 @@ struct cfq_data {
1570 struct cfq_queue *active_queue;
1571 struct cfq_io_context *active_cic;
1573 + struct cfq_queue *async_cfqq[IOPRIO_BE_NR];
1574 +
1575 struct timer_list idle_class_timer;
1577 sector_t last_position;
1578 @@ -1351,8 +1353,8 @@ static void cfq_ioc_set_ioprio(struct io_context *ioc)
1579 }
1581 static struct cfq_queue *
1582 -cfq_get_queue(struct cfq_data *cfqd, int is_sync, struct task_struct *tsk,
1583 - gfp_t gfp_mask)
1584 +cfq_find_alloc_queue(struct cfq_data *cfqd, int is_sync,
1585 + struct task_struct *tsk, gfp_t gfp_mask)
1586 {
1587 struct cfq_queue *cfqq, *new_cfqq = NULL;
1588 struct cfq_io_context *cic;
1589 @@ -1405,12 +1407,35 @@ retry:
1590 if (new_cfqq)
1591 kmem_cache_free(cfq_pool, new_cfqq);
1593 - atomic_inc(&cfqq->ref);
1594 out:
1595 WARN_ON((gfp_mask & __GFP_WAIT) && !cfqq);
1596 return cfqq;
1597 }
1599 +static struct cfq_queue *
1600 +cfq_get_queue(struct cfq_data *cfqd, int is_sync, struct task_struct *tsk,
1601 + gfp_t gfp_mask)
1602 +{
1603 + const int ioprio = task_ioprio(tsk);
1604 + struct cfq_queue *cfqq = NULL;
1605 +
1606 + if (!is_sync)
1607 + cfqq = cfqd->async_cfqq[ioprio];
1608 + if (!cfqq)
1609 + cfqq = cfq_find_alloc_queue(cfqd, is_sync, tsk, gfp_mask);
1610 +
1611 + /*
1612 + * pin the queue now that it's allocated, scheduler exit will prune it
1613 + */
1614 + if (!is_sync && !cfqd->async_cfqq[ioprio]) {
1615 + atomic_inc(&cfqq->ref);
1616 + cfqd->async_cfqq[ioprio] = cfqq;
1617 + }
1618 +
1619 + atomic_inc(&cfqq->ref);
1620 + return cfqq;
1621 +}
1622 +
1623 /*
1624 * We drop cfq io contexts lazily, so we may find a dead one.
1625 */
1626 @@ -2019,6 +2044,7 @@ static void cfq_exit_queue(elevator_t *e)
1627 {
1628 struct cfq_data *cfqd = e->elevator_data;
1629 request_queue_t *q = cfqd->queue;
1630 + int i;
1632 cfq_shutdown_timer_wq(cfqd);
1634 @@ -2035,6 +2061,13 @@ static void cfq_exit_queue(elevator_t *e)
1635 __cfq_exit_single_io_context(cfqd, cic);
1636 }
1638 + /*
1639 + * Put the async queues
1640 + */
1641 + for (i = 0; i < IOPRIO_BE_NR; i++)
1642 + if (cfqd->async_cfqq[i])
1643 + cfq_put_queue(cfqd->async_cfqq[i]);
1644 +
1645 spin_unlock_irq(q->queue_lock);
1647 cfq_shutdown_timer_wq(cfqd);
1648 diff --git a/block/ll_rw_blk.c b/block/ll_rw_blk.c
1649 index c99b463..4369ff2 100644
1650 --- a/block/ll_rw_blk.c
1651 +++ b/block/ll_rw_blk.c
1652 @@ -1081,12 +1081,6 @@ void blk_queue_end_tag(request_queue_t *q, struct request *rq)
1653 */
1654 return;
1656 - if (unlikely(!__test_and_clear_bit(tag, bqt->tag_map))) {
1657 - printk(KERN_ERR "%s: attempt to clear non-busy tag (%d)\n",
1658 - __FUNCTION__, tag);
1659 - return;
1660 - }
1661 -
1662 list_del_init(&rq->queuelist);
1663 rq->cmd_flags &= ~REQ_QUEUED;
1664 rq->tag = -1;
1665 @@ -1096,6 +1090,13 @@ void blk_queue_end_tag(request_queue_t *q, struct request *rq)
1666 __FUNCTION__, tag);
1668 bqt->tag_index[tag] = NULL;
1669 +
1670 + if (unlikely(!test_and_clear_bit(tag, bqt->tag_map))) {
1671 + printk(KERN_ERR "%s: attempt to clear non-busy tag (%d)\n",
1672 + __FUNCTION__, tag);
1673 + return;
1674 + }
1675 +
1676 bqt->busy--;
1677 }
1679 diff --git a/crypto/algapi.c b/crypto/algapi.c
1680 index f137a43..ec286a2 100644
1681 --- a/crypto/algapi.c
1682 +++ b/crypto/algapi.c
1683 @@ -98,6 +98,9 @@ static void crypto_remove_spawn(struct crypto_spawn *spawn,
1684 return;
1686 inst->alg.cra_flags |= CRYPTO_ALG_DEAD;
1687 + if (hlist_unhashed(&inst->list))
1688 + return;
1689 +
1690 if (!tmpl || !crypto_tmpl_get(tmpl))
1691 return;
1693 @@ -333,9 +336,6 @@ int crypto_register_instance(struct crypto_template *tmpl,
1694 LIST_HEAD(list);
1695 int err = -EINVAL;
1697 - if (inst->alg.cra_destroy)
1698 - goto err;
1699 -
1700 err = crypto_check_alg(&inst->alg);
1701 if (err)
1702 goto err;
1703 diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
1704 index 8edf40c..cce9236 100644
1705 --- a/crypto/blkcipher.c
1706 +++ b/crypto/blkcipher.c
1707 @@ -59,11 +59,13 @@ static inline void blkcipher_unmap_dst(struct blkcipher_walk *walk)
1708 scatterwalk_unmap(walk->dst.virt.addr, 1);
1709 }
1711 +/* Get a spot of the specified length that does not straddle a page.
1712 + * The caller needs to ensure that there is enough space for this operation.
1713 + */
1714 static inline u8 *blkcipher_get_spot(u8 *start, unsigned int len)
1715 {
1716 - if (offset_in_page(start + len) < len)
1717 - return (u8 *)((unsigned long)(start + len) & PAGE_MASK);
1718 - return start;
1719 + u8 *end_page = (u8 *)(((unsigned long)(start + len - 1)) & PAGE_MASK);
1720 + return start > end_page ? start : end_page;
1721 }
1723 static inline unsigned int blkcipher_done_slow(struct crypto_blkcipher *tfm,
1724 @@ -155,7 +157,8 @@ static inline int blkcipher_next_slow(struct blkcipher_desc *desc,
1725 if (walk->buffer)
1726 goto ok;
1728 - n = bsize * 2 + (alignmask & ~(crypto_tfm_ctx_alignment() - 1));
1729 + n = bsize * 3 - (alignmask + 1) +
1730 + (alignmask & ~(crypto_tfm_ctx_alignment() - 1));
1731 walk->buffer = kmalloc(n, GFP_ATOMIC);
1732 if (!walk->buffer)
1733 return blkcipher_walk_done(desc, walk, -ENOMEM);
1734 diff --git a/drivers/acpi/dispatcher/dsobject.c b/drivers/acpi/dispatcher/dsobject.c
1735 index a474ca2..954ac8c 100644
1736 --- a/drivers/acpi/dispatcher/dsobject.c
1737 +++ b/drivers/acpi/dispatcher/dsobject.c
1738 @@ -137,6 +137,71 @@ acpi_ds_build_internal_object(struct acpi_walk_state *walk_state,
1739 return_ACPI_STATUS(status);
1740 }
1741 }
1742 +
1743 + /* Special object resolution for elements of a package */
1744 +
1745 + if ((op->common.parent->common.aml_opcode == AML_PACKAGE_OP) ||
1746 + (op->common.parent->common.aml_opcode ==
1747 + AML_VAR_PACKAGE_OP)) {
1748 + /*
1749 + * Attempt to resolve the node to a value before we insert it into
1750 + * the package. If this is a reference to a common data type,
1751 + * resolve it immediately. According to the ACPI spec, package
1752 + * elements can only be "data objects" or method references.
1753 + * Attempt to resolve to an Integer, Buffer, String or Package.
1754 + * If cannot, return the named reference (for things like Devices,
1755 + * Methods, etc.) Buffer Fields and Fields will resolve to simple
1756 + * objects (int/buf/str/pkg).
1757 + *
1758 + * NOTE: References to things like Devices, Methods, Mutexes, etc.
1759 + * will remain as named references. This behavior is not described
1760 + * in the ACPI spec, but it appears to be an oversight.
1761 + */
1762 + obj_desc = (union acpi_operand_object *)op->common.node;
1763 +
1764 + status =
1765 + acpi_ex_resolve_node_to_value(ACPI_CAST_INDIRECT_PTR
1766 + (struct
1767 + acpi_namespace_node,
1768 + &obj_desc),
1769 + walk_state);
1770 + if (ACPI_FAILURE(status)) {
1771 + return_ACPI_STATUS(status);
1772 + }
1773 +
1774 + switch (op->common.node->type) {
1775 + /*
1776 + * For these types, we need the actual node, not the subobject.
1777 + * However, the subobject got an extra reference count above.
1778 + */
1779 + case ACPI_TYPE_MUTEX:
1780 + case ACPI_TYPE_METHOD:
1781 + case ACPI_TYPE_POWER:
1782 + case ACPI_TYPE_PROCESSOR:
1783 + case ACPI_TYPE_EVENT:
1784 + case ACPI_TYPE_REGION:
1785 + case ACPI_TYPE_DEVICE:
1786 + case ACPI_TYPE_THERMAL:
1787 +
1788 + obj_desc =
1789 + (union acpi_operand_object *)op->common.
1790 + node;
1791 + break;
1792 +
1793 + default:
1794 + break;
1795 + }
1796 +
1797 + /*
1798 + * If above resolved to an operand object, we are done. Otherwise,
1799 + * we have a NS node, we must create the package entry as a named
1800 + * reference.
1801 + */
1802 + if (ACPI_GET_DESCRIPTOR_TYPE(obj_desc) !=
1803 + ACPI_DESC_TYPE_NAMED) {
1804 + goto exit;
1805 + }
1806 + }
1807 }
1809 /* Create and init a new internal ACPI object */
1810 @@ -156,6 +221,7 @@ acpi_ds_build_internal_object(struct acpi_walk_state *walk_state,
1811 return_ACPI_STATUS(status);
1812 }
1814 + exit:
1815 *obj_desc_ptr = obj_desc;
1816 return_ACPI_STATUS(AE_OK);
1817 }
1818 @@ -356,12 +422,25 @@ acpi_ds_build_internal_package_obj(struct acpi_walk_state *walk_state,
1819 arg = arg->common.next;
1820 for (i = 0; arg && (i < element_count); i++) {
1821 if (arg->common.aml_opcode == AML_INT_RETURN_VALUE_OP) {
1822 -
1823 - /* This package element is already built, just get it */
1824 -
1825 - obj_desc->package.elements[i] =
1826 - ACPI_CAST_PTR(union acpi_operand_object,
1827 - arg->common.node);
1828 + if (arg->common.node->type == ACPI_TYPE_METHOD) {
1829 + /*
1830 + * A method reference "looks" to the parser to be a method
1831 + * invocation, so we special case it here
1832 + */
1833 + arg->common.aml_opcode = AML_INT_NAMEPATH_OP;
1834 + status =
1835 + acpi_ds_build_internal_object(walk_state,
1836 + arg,
1837 + &obj_desc->
1838 + package.
1839 + elements[i]);
1840 + } else {
1841 + /* This package element is already built, just get it */
1842 +
1843 + obj_desc->package.elements[i] =
1844 + ACPI_CAST_PTR(union acpi_operand_object,
1845 + arg->common.node);
1846 + }
1847 } else {
1848 status = acpi_ds_build_internal_object(walk_state, arg,
1849 &obj_desc->
1850 diff --git a/drivers/acpi/dock.c b/drivers/acpi/dock.c
1851 index 4546bf8..9bc340b 100644
1852 --- a/drivers/acpi/dock.c
1853 +++ b/drivers/acpi/dock.c
1854 @@ -716,6 +716,7 @@ static int dock_add(acpi_handle handle)
1855 if (ret) {
1856 printk(KERN_ERR PREFIX "Error %d registering dock device\n", ret);
1857 kfree(dock_station);
1858 + dock_station = NULL;
1859 return ret;
1860 }
1861 ret = device_create_file(&dock_device.dev, &dev_attr_docked);
1862 @@ -723,6 +724,7 @@ static int dock_add(acpi_handle handle)
1863 printk("Error %d adding sysfs file\n", ret);
1864 platform_device_unregister(&dock_device);
1865 kfree(dock_station);
1866 + dock_station = NULL;
1867 return ret;
1868 }
1869 ret = device_create_file(&dock_device.dev, &dev_attr_undock);
1870 @@ -731,6 +733,7 @@ static int dock_add(acpi_handle handle)
1871 device_remove_file(&dock_device.dev, &dev_attr_docked);
1872 platform_device_unregister(&dock_device);
1873 kfree(dock_station);
1874 + dock_station = NULL;
1875 return ret;
1876 }
1877 ret = device_create_file(&dock_device.dev, &dev_attr_uid);
1878 @@ -738,6 +741,7 @@ static int dock_add(acpi_handle handle)
1879 printk("Error %d adding sysfs file\n", ret);
1880 platform_device_unregister(&dock_device);
1881 kfree(dock_station);
1882 + dock_station = NULL;
1883 return ret;
1884 }
1886 @@ -750,6 +754,7 @@ static int dock_add(acpi_handle handle)
1887 dd = alloc_dock_dependent_device(handle);
1888 if (!dd) {
1889 kfree(dock_station);
1890 + dock_station = NULL;
1891 ret = -ENOMEM;
1892 goto dock_add_err_unregister;
1893 }
1894 @@ -777,6 +782,7 @@ dock_add_err_unregister:
1895 device_remove_file(&dock_device.dev, &dev_attr_undock);
1896 platform_device_unregister(&dock_device);
1897 kfree(dock_station);
1898 + dock_station = NULL;
1899 return ret;
1900 }
1902 @@ -810,6 +816,7 @@ static int dock_remove(void)
1904 /* free dock station memory */
1905 kfree(dock_station);
1906 + dock_station = NULL;
1907 return 0;
1908 }
1910 diff --git a/drivers/acpi/events/evgpeblk.c b/drivers/acpi/events/evgpeblk.c
1911 index 902c287..361ebe6 100644
1912 --- a/drivers/acpi/events/evgpeblk.c
1913 +++ b/drivers/acpi/events/evgpeblk.c
1914 @@ -586,6 +586,10 @@ acpi_ev_delete_gpe_xrupt(struct acpi_gpe_xrupt_info *gpe_xrupt)
1915 flags = acpi_os_acquire_lock(acpi_gbl_gpe_lock);
1916 if (gpe_xrupt->previous) {
1917 gpe_xrupt->previous->next = gpe_xrupt->next;
1918 + } else {
1919 + /* No previous, update list head */
1920 +
1921 + acpi_gbl_gpe_xrupt_list_head = gpe_xrupt->next;
1922 }
1924 if (gpe_xrupt->next) {
1925 diff --git a/drivers/acpi/processor_core.c b/drivers/acpi/processor_core.c
1926 index f7de02a..e529f4c 100644
1927 --- a/drivers/acpi/processor_core.c
1928 +++ b/drivers/acpi/processor_core.c
1929 @@ -93,6 +93,8 @@ static struct acpi_driver acpi_processor_driver = {
1930 .add = acpi_processor_add,
1931 .remove = acpi_processor_remove,
1932 .start = acpi_processor_start,
1933 + .suspend = acpi_processor_suspend,
1934 + .resume = acpi_processor_resume,
1935 },
1936 };
1938 diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c
1939 index 80ffc78..13915e8 100644
1940 --- a/drivers/acpi/processor_idle.c
1941 +++ b/drivers/acpi/processor_idle.c
1942 @@ -324,6 +324,23 @@ static void acpi_state_timer_broadcast(struct acpi_processor *pr,
1944 #endif
1946 +/*
1947 + * Suspend / resume control
1948 + */
1949 +static int acpi_idle_suspend;
1950 +
1951 +int acpi_processor_suspend(struct acpi_device * device, pm_message_t state)
1952 +{
1953 + acpi_idle_suspend = 1;
1954 + return 0;
1955 +}
1956 +
1957 +int acpi_processor_resume(struct acpi_device * device)
1958 +{
1959 + acpi_idle_suspend = 0;
1960 + return 0;
1961 +}
1962 +
1963 static void acpi_processor_idle(void)
1964 {
1965 struct acpi_processor *pr = NULL;
1966 @@ -354,7 +371,7 @@ static void acpi_processor_idle(void)
1967 }
1969 cx = pr->power.state;
1970 - if (!cx) {
1971 + if (!cx || acpi_idle_suspend) {
1972 if (pm_idle_save)
1973 pm_idle_save();
1974 else
1975 diff --git a/drivers/acpi/tables/tbfadt.c b/drivers/acpi/tables/tbfadt.c
1976 index 1285e91..002bb33 100644
1977 --- a/drivers/acpi/tables/tbfadt.c
1978 +++ b/drivers/acpi/tables/tbfadt.c
1979 @@ -211,14 +211,17 @@ void acpi_tb_parse_fadt(acpi_native_uint table_index, u8 flags)
1980 * DESCRIPTION: Get a local copy of the FADT and convert it to a common format.
1981 * Performs validation on some important FADT fields.
1982 *
1983 + * NOTE: We create a local copy of the FADT regardless of the version.
1984 + *
1985 ******************************************************************************/
1987 void acpi_tb_create_local_fadt(struct acpi_table_header *table, u32 length)
1988 {
1990 /*
1991 - * Check if the FADT is larger than what we know about (ACPI 2.0 version).
1992 - * Truncate the table, but make some noise.
1993 + * Check if the FADT is larger than the largest table that we expect
1994 + * (the ACPI 2.0/3.0 version). If so, truncate the table, and issue
1995 + * a warning.
1996 */
1997 if (length > sizeof(struct acpi_table_fadt)) {
1998 ACPI_WARNING((AE_INFO,
1999 @@ -227,10 +230,12 @@ void acpi_tb_create_local_fadt(struct acpi_table_header *table, u32 length)
2000 sizeof(struct acpi_table_fadt)));
2001 }
2003 - /* Copy the entire FADT locally. Zero first for tb_convert_fadt */
2004 + /* Clear the entire local FADT */
2006 ACPI_MEMSET(&acpi_gbl_FADT, 0, sizeof(struct acpi_table_fadt));
2008 + /* Copy the original FADT, up to sizeof (struct acpi_table_fadt) */
2009 +
2010 ACPI_MEMCPY(&acpi_gbl_FADT, table,
2011 ACPI_MIN(length, sizeof(struct acpi_table_fadt)));
2013 @@ -251,7 +256,7 @@ void acpi_tb_create_local_fadt(struct acpi_table_header *table, u32 length)
2014 * RETURN: None
2015 *
2016 * DESCRIPTION: Converts all versions of the FADT to a common internal format.
2017 - * -> Expand all 32-bit addresses to 64-bit.
2018 + * Expand all 32-bit addresses to 64-bit.
2019 *
2020 * NOTE: acpi_gbl_FADT must be of size (struct acpi_table_fadt),
2021 * and must contain a copy of the actual FADT.
2022 @@ -292,8 +297,23 @@ static void acpi_tb_convert_fadt(void)
2023 }
2025 /*
2026 - * Expand the 32-bit V1.0 addresses to the 64-bit "X" generic address
2027 - * structures as necessary.
2028 + * For ACPI 1.0 FADTs (revision 1 or 2), ensure that reserved fields which
2029 + * should be zero are indeed zero. This will workaround BIOSs that
2030 + * inadvertently place values in these fields.
2031 + *
2032 + * The ACPI 1.0 reserved fields that will be zeroed are the bytes located at
2033 + * offset 45, 55, 95, and the word located at offset 109, 110.
2034 + */
2035 + if (acpi_gbl_FADT.header.revision < 3) {
2036 + acpi_gbl_FADT.preferred_profile = 0;
2037 + acpi_gbl_FADT.pstate_control = 0;
2038 + acpi_gbl_FADT.cst_control = 0;
2039 + acpi_gbl_FADT.boot_flags = 0;
2040 + }
2041 +
2042 + /*
2043 + * Expand the ACPI 1.0 32-bit V1.0 addresses to the ACPI 2.0 64-bit "X"
2044 + * generic address structures as necessary.
2045 */
2046 for (i = 0; i < ACPI_FADT_INFO_ENTRIES; i++) {
2047 target =
2048 @@ -349,18 +369,6 @@ static void acpi_tb_convert_fadt(void)
2049 acpi_gbl_FADT.xpm1a_event_block.space_id;
2051 }
2052 -
2053 - /*
2054 - * For ACPI 1.0 FADTs, ensure that reserved fields (which should be zero)
2055 - * are indeed zero. This will workaround BIOSs that inadvertently placed
2056 - * values in these fields.
2057 - */
2058 - if (acpi_gbl_FADT.header.revision < 3) {
2059 - acpi_gbl_FADT.preferred_profile = 0;
2060 - acpi_gbl_FADT.pstate_control = 0;
2061 - acpi_gbl_FADT.cst_control = 0;
2062 - acpi_gbl_FADT.boot_flags = 0;
2063 - }
2064 }
2066 /******************************************************************************
2067 diff --git a/drivers/acpi/tables/tbutils.c b/drivers/acpi/tables/tbutils.c
2068 index 1da64b4..8cc9492 100644
2069 --- a/drivers/acpi/tables/tbutils.c
2070 +++ b/drivers/acpi/tables/tbutils.c
2071 @@ -51,6 +51,65 @@ ACPI_MODULE_NAME("tbutils")
2072 static acpi_physical_address
2073 acpi_tb_get_root_table_entry(u8 * table_entry,
2074 acpi_native_uint table_entry_size);
2075 +/*******************************************************************************
2076 + *
2077 + * FUNCTION: acpi_tb_check_xsdt
2078 + *
2079 + * PARAMETERS: address - Pointer to the XSDT
2080 + *
2081 + * RETURN: status
2082 + * AE_OK - XSDT is okay
2083 + * AE_NO_MEMORY - can't map XSDT
2084 + * AE_INVALID_TABLE_LENGTH - invalid table length
2085 + * AE_NULL_ENTRY - XSDT has NULL entry
2086 + *
2087 + * DESCRIPTION: validate XSDT
2088 +******************************************************************************/
2089 +
2090 +static acpi_status
2091 +acpi_tb_check_xsdt(acpi_physical_address address)
2092 +{
2093 + struct acpi_table_header *table;
2094 + u32 length;
2095 + u64 xsdt_entry_address;
2096 + u8 *table_entry;
2097 + u32 table_count;
2098 + int i;
2099 +
2100 + table = acpi_os_map_memory(address, sizeof(struct acpi_table_header));
2101 + if (!table)
2102 + return AE_NO_MEMORY;
2103 +
2104 + length = table->length;
2105 + acpi_os_unmap_memory(table, sizeof(struct acpi_table_header));
2106 + if (length < sizeof(struct acpi_table_header))
2107 + return AE_INVALID_TABLE_LENGTH;
2108 +
2109 + table = acpi_os_map_memory(address, length);
2110 + if (!table)
2111 + return AE_NO_MEMORY;
2112 +
2113 + /* Calculate the number of tables described in XSDT */
2114 + table_count =
2115 + (u32) ((table->length -
2116 + sizeof(struct acpi_table_header)) / sizeof(u64));
2117 + table_entry =
2118 + ACPI_CAST_PTR(u8, table) + sizeof(struct acpi_table_header);
2119 + for (i = 0; i < table_count; i++) {
2120 + ACPI_MOVE_64_TO_64(&xsdt_entry_address, table_entry);
2121 + if (!xsdt_entry_address) {
2122 + /* XSDT has NULL entry */
2123 + break;
2124 + }
2125 + table_entry += sizeof(u64);
2126 + }
2127 + acpi_os_unmap_memory(table, length);
2128 +
2129 + if (i < table_count)
2130 + return AE_NULL_ENTRY;
2131 + else
2132 + return AE_OK;
2133 +}
2135 /*******************************************************************************
2136 *
2137 @@ -341,6 +400,7 @@ acpi_tb_parse_root_table(acpi_physical_address rsdp_address, u8 flags)
2138 u32 table_count;
2139 struct acpi_table_header *table;
2140 acpi_physical_address address;
2141 + acpi_physical_address rsdt_address;
2142 u32 length;
2143 u8 *table_entry;
2144 acpi_status status;
2145 @@ -369,6 +429,8 @@ acpi_tb_parse_root_table(acpi_physical_address rsdp_address, u8 flags)
2146 */
2147 address = (acpi_physical_address) rsdp->xsdt_physical_address;
2148 table_entry_size = sizeof(u64);
2149 + rsdt_address = (acpi_physical_address)
2150 + rsdp->rsdt_physical_address;
2151 } else {
2152 /* Root table is an RSDT (32-bit physical addresses) */
2154 @@ -382,6 +444,15 @@ acpi_tb_parse_root_table(acpi_physical_address rsdp_address, u8 flags)
2155 */
2156 acpi_os_unmap_memory(rsdp, sizeof(struct acpi_table_rsdp));
2158 + if (table_entry_size == sizeof(u64)) {
2159 + if (acpi_tb_check_xsdt(address) == AE_NULL_ENTRY) {
2160 + /* XSDT has NULL entry, RSDT is used */
2161 + address = rsdt_address;
2162 + table_entry_size = sizeof(u32);
2163 + ACPI_WARNING((AE_INFO, "BIOS XSDT has NULL entry,"
2164 + "using RSDT"));
2165 + }
2166 + }
2167 /* Map the RSDT/XSDT table header to get the full table length */
2169 table = acpi_os_map_memory(address, sizeof(struct acpi_table_header));
2170 diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
2171 index ca5229d..e722f83 100644
2172 --- a/drivers/ata/ahci.c
2173 +++ b/drivers/ata/ahci.c
2174 @@ -399,7 +399,10 @@ static const struct pci_device_id ahci_pci_tbl[] = {
2176 /* ATI */
2177 { PCI_VDEVICE(ATI, 0x4380), board_ahci_sb600 }, /* ATI SB600 */
2178 - { PCI_VDEVICE(ATI, 0x4390), board_ahci_sb600 }, /* ATI SB700 */
2179 + { PCI_VDEVICE(ATI, 0x4390), board_ahci_sb600 }, /* ATI SB700 IDE */
2180 + { PCI_VDEVICE(ATI, 0x4391), board_ahci_sb600 }, /* ATI SB700 AHCI */
2181 + { PCI_VDEVICE(ATI, 0x4392), board_ahci_sb600 }, /* ATI SB700 nraid5 */
2182 + { PCI_VDEVICE(ATI, 0x4393), board_ahci_sb600 }, /* ATI SB700 raid5 */
2184 /* VIA */
2185 { PCI_VDEVICE(VIA, 0x3349), board_ahci_vt8251 }, /* VIA VT8251 */
2186 @@ -1238,7 +1241,7 @@ static void ahci_host_intr(struct ata_port *ap)
2187 struct ata_eh_info *ehi = &ap->eh_info;
2188 struct ahci_port_priv *pp = ap->private_data;
2189 u32 status, qc_active;
2190 - int rc, known_irq = 0;
2191 + int rc;
2193 status = readl(port_mmio + PORT_IRQ_STAT);
2194 writel(status, port_mmio + PORT_IRQ_STAT);
2195 @@ -1254,74 +1257,11 @@ static void ahci_host_intr(struct ata_port *ap)
2196 qc_active = readl(port_mmio + PORT_CMD_ISSUE);
2198 rc = ata_qc_complete_multiple(ap, qc_active, NULL);
2199 - if (rc > 0)
2200 - return;
2201 if (rc < 0) {
2202 ehi->err_mask |= AC_ERR_HSM;
2203 ehi->action |= ATA_EH_SOFTRESET;
2204 ata_port_freeze(ap);
2205 - return;
2206 - }
2207 -
2208 - /* hmmm... a spurious interupt */
2209 -
2210 - /* if !NCQ, ignore. No modern ATA device has broken HSM
2211 - * implementation for non-NCQ commands.
2212 - */
2213 - if (!ap->sactive)
2214 - return;
2215 -
2216 - if (status & PORT_IRQ_D2H_REG_FIS) {
2217 - if (!pp->ncq_saw_d2h)
2218 - ata_port_printk(ap, KERN_INFO,
2219 - "D2H reg with I during NCQ, "
2220 - "this message won't be printed again\n");
2221 - pp->ncq_saw_d2h = 1;
2222 - known_irq = 1;
2223 - }
2224 -
2225 - if (status & PORT_IRQ_DMAS_FIS) {
2226 - if (!pp->ncq_saw_dmas)
2227 - ata_port_printk(ap, KERN_INFO,
2228 - "DMAS FIS during NCQ, "
2229 - "this message won't be printed again\n");
2230 - pp->ncq_saw_dmas = 1;
2231 - known_irq = 1;
2232 - }
2233 -
2234 - if (status & PORT_IRQ_SDB_FIS) {
2235 - const __le32 *f = pp->rx_fis + RX_FIS_SDB;
2236 -
2237 - if (le32_to_cpu(f[1])) {
2238 - /* SDB FIS containing spurious completions
2239 - * might be dangerous, whine and fail commands
2240 - * with HSM violation. EH will turn off NCQ
2241 - * after several such failures.
2242 - */
2243 - ata_ehi_push_desc(ehi,
2244 - "spurious completions during NCQ "
2245 - "issue=0x%x SAct=0x%x FIS=%08x:%08x",
2246 - readl(port_mmio + PORT_CMD_ISSUE),
2247 - readl(port_mmio + PORT_SCR_ACT),
2248 - le32_to_cpu(f[0]), le32_to_cpu(f[1]));
2249 - ehi->err_mask |= AC_ERR_HSM;
2250 - ehi->action |= ATA_EH_SOFTRESET;
2251 - ata_port_freeze(ap);
2252 - } else {
2253 - if (!pp->ncq_saw_sdb)
2254 - ata_port_printk(ap, KERN_INFO,
2255 - "spurious SDB FIS %08x:%08x during NCQ, "
2256 - "this message won't be printed again\n",
2257 - le32_to_cpu(f[0]), le32_to_cpu(f[1]));
2258 - pp->ncq_saw_sdb = 1;
2259 - }
2260 - known_irq = 1;
2261 }
2262 -
2263 - if (!known_irq)
2264 - ata_port_printk(ap, KERN_INFO, "spurious interrupt "
2265 - "(irq_stat 0x%x active_tag 0x%x sactive 0x%x)\n",
2266 - status, ap->active_tag, ap->sactive);
2267 }
2269 static void ahci_irq_clear(struct ata_port *ap)
2270 diff --git a/drivers/ata/ata_piix.c b/drivers/ata/ata_piix.c
2271 index 9c07b88..5a148bd 100644
2272 --- a/drivers/ata/ata_piix.c
2273 +++ b/drivers/ata/ata_piix.c
2274 @@ -200,6 +200,8 @@ static const struct pci_device_id piix_pci_tbl[] = {
2275 /* ICH7/7-R (i945, i975) UDMA 100*/
2276 { 0x8086, 0x27DF, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich_pata_133 },
2277 { 0x8086, 0x269E, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich_pata_100 },
2278 + /* ICH8 Mobile PATA Controller */
2279 + { 0x8086, 0x2850, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich_pata_100 },
2281 /* NOTE: The following PCI ids must be kept in sync with the
2282 * list in drivers/pci/quirks.c.
2283 @@ -426,7 +428,7 @@ static const struct piix_map_db ich8_map_db = {
2284 /* PM PS SM SS MAP */
2285 { P0, P2, P1, P3 }, /* 00b (hardwired when in AHCI) */
2286 { RV, RV, RV, RV },
2287 - { IDE, IDE, NA, NA }, /* 10b (IDE mode) */
2288 + { P0, P2, IDE, IDE }, /* 10b (IDE mode) */
2289 { RV, RV, RV, RV },
2290 },
2291 };
2292 diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
2293 index 981b397..22b6368 100644
2294 --- a/drivers/ata/libata-core.c
2295 +++ b/drivers/ata/libata-core.c
2296 @@ -3774,6 +3774,8 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = {
2297 { "SAMSUNG CD-ROM SN-124","N001", ATA_HORKAGE_NODMA },
2298 { "Seagate STT20000A", NULL, ATA_HORKAGE_NODMA },
2299 { "IOMEGA ZIP 250 ATAPI", NULL, ATA_HORKAGE_NODMA }, /* temporary fix */
2300 + { "IOMEGA ZIP 250 ATAPI Floppy",
2301 + NULL, ATA_HORKAGE_NODMA },
2303 /* Weird ATAPI devices */
2304 { "TORiSAN DVD-ROM DRD-N216", NULL, ATA_HORKAGE_MAX_SEC_128 },
2305 @@ -3783,11 +3785,18 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = {
2306 /* Devices where NCQ should be avoided */
2307 /* NCQ is slow */
2308 { "WDC WD740ADFD-00", NULL, ATA_HORKAGE_NONCQ },
2309 + { "WDC WD740ADFD-00NLR1", NULL, ATA_HORKAGE_NONCQ, },
2310 /* http://thread.gmane.org/gmane.linux.ide/14907 */
2311 { "FUJITSU MHT2060BH", NULL, ATA_HORKAGE_NONCQ },
2312 /* NCQ is broken */
2313 { "Maxtor 6L250S0", "BANC1G10", ATA_HORKAGE_NONCQ },
2314 + { "Maxtor 6B200M0", "BANC1BM0", ATA_HORKAGE_NONCQ },
2315 { "Maxtor 6B200M0", "BANC1B10", ATA_HORKAGE_NONCQ },
2316 + { "Maxtor 7B250S0", "BANC1B70", ATA_HORKAGE_NONCQ, },
2317 + { "Maxtor 7B300S0", "BANC1B70", ATA_HORKAGE_NONCQ },
2318 + { "Maxtor 7V300F0", "VA111630", ATA_HORKAGE_NONCQ },
2319 + { "HITACHI HDS7250SASUN500G 0621KTAWSD", "K2AOAJ0AHITACHI",
2320 + ATA_HORKAGE_NONCQ },
2321 /* NCQ hard hangs device under heavier load, needs hard power cycle */
2322 { "Maxtor 6B250S0", "BANC1B70", ATA_HORKAGE_NONCQ },
2323 /* Blacklist entries taken from Silicon Image 3124/3132
2324 @@ -3795,13 +3804,6 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = {
2325 { "HTS541060G9SA00", "MB3OC60D", ATA_HORKAGE_NONCQ, },
2326 { "HTS541080G9SA00", "MB4OC60D", ATA_HORKAGE_NONCQ, },
2327 { "HTS541010G9SA00", "MBZOC60D", ATA_HORKAGE_NONCQ, },
2328 - /* Drives which do spurious command completion */
2329 - { "HTS541680J9SA00", "SB2IC7EP", ATA_HORKAGE_NONCQ, },
2330 - { "HTS541612J9SA00", "SBDIC7JP", ATA_HORKAGE_NONCQ, },
2331 - { "Hitachi HTS541616J9SA00", "SB4OC70P", ATA_HORKAGE_NONCQ, },
2332 - { "WDC WD740ADFD-00NLR1", NULL, ATA_HORKAGE_NONCQ, },
2333 -
2334 - /* Devices with NCQ limits */
2336 /* End Marker */
2337 { }
2338 diff --git a/drivers/ata/libata-sff.c b/drivers/ata/libata-sff.c
2339 index fa1c22c..13c1486 100644
2340 --- a/drivers/ata/libata-sff.c
2341 +++ b/drivers/ata/libata-sff.c
2342 @@ -211,6 +211,8 @@ void ata_tf_read(struct ata_port *ap, struct ata_taskfile *tf)
2343 tf->hob_lbal = ioread8(ioaddr->lbal_addr);
2344 tf->hob_lbam = ioread8(ioaddr->lbam_addr);
2345 tf->hob_lbah = ioread8(ioaddr->lbah_addr);
2346 + iowrite8(tf->ctl, ioaddr->ctl_addr);
2347 + ap->last_ctl = tf->ctl;
2348 }
2349 }
2351 diff --git a/drivers/ata/pata_atiixp.c b/drivers/ata/pata_atiixp.c
2352 index 8449146..eceea6c 100644
2353 --- a/drivers/ata/pata_atiixp.c
2354 +++ b/drivers/ata/pata_atiixp.c
2355 @@ -285,6 +285,7 @@ static const struct pci_device_id atiixp[] = {
2356 { PCI_VDEVICE(ATI, PCI_DEVICE_ID_ATI_IXP300_IDE), },
2357 { PCI_VDEVICE(ATI, PCI_DEVICE_ID_ATI_IXP400_IDE), },
2358 { PCI_VDEVICE(ATI, PCI_DEVICE_ID_ATI_IXP600_IDE), },
2359 + { PCI_VDEVICE(ATI, PCI_DEVICE_ID_ATI_IXP700_IDE), },
2361 { },
2362 };
2363 diff --git a/drivers/ata/pata_scc.c b/drivers/ata/pata_scc.c
2364 index 61502bc..63f6e2c 100644
2365 --- a/drivers/ata/pata_scc.c
2366 +++ b/drivers/ata/pata_scc.c
2367 @@ -352,6 +352,8 @@ static void scc_tf_read (struct ata_port *ap, struct ata_taskfile *tf)
2368 tf->hob_lbal = in_be32(ioaddr->lbal_addr);
2369 tf->hob_lbam = in_be32(ioaddr->lbam_addr);
2370 tf->hob_lbah = in_be32(ioaddr->lbah_addr);
2371 + out_be32(ioaddr->ctl_addr, tf->ctl);
2372 + ap->last_ctl = tf->ctl;
2373 }
2374 }
2376 diff --git a/drivers/ata/sata_promise.c b/drivers/ata/sata_promise.c
2377 index 6dc0b01..681b76a 100644
2378 --- a/drivers/ata/sata_promise.c
2379 +++ b/drivers/ata/sata_promise.c
2380 @@ -51,6 +51,7 @@
2381 enum {
2382 PDC_MAX_PORTS = 4,
2383 PDC_MMIO_BAR = 3,
2384 + PDC_MAX_PRD = LIBATA_MAX_PRD - 1, /* -1 for ASIC PRD bug workaround */
2386 /* register offsets */
2387 PDC_FEATURE = 0x04, /* Feature/Error reg (per port) */
2388 @@ -157,7 +158,7 @@ static struct scsi_host_template pdc_ata_sht = {
2389 .queuecommand = ata_scsi_queuecmd,
2390 .can_queue = ATA_DEF_QUEUE,
2391 .this_id = ATA_SHT_THIS_ID,
2392 - .sg_tablesize = LIBATA_MAX_PRD,
2393 + .sg_tablesize = PDC_MAX_PRD,
2394 .cmd_per_lun = ATA_SHT_CMD_PER_LUN,
2395 .emulated = ATA_SHT_EMULATED,
2396 .use_clustering = ATA_SHT_USE_CLUSTERING,
2397 @@ -330,8 +331,8 @@ static const struct pci_device_id pdc_ata_pci_tbl[] = {
2399 { PCI_VDEVICE(PROMISE, 0x3318), board_20319 },
2400 { PCI_VDEVICE(PROMISE, 0x3319), board_20319 },
2401 - { PCI_VDEVICE(PROMISE, 0x3515), board_20319 },
2402 - { PCI_VDEVICE(PROMISE, 0x3519), board_20319 },
2403 + { PCI_VDEVICE(PROMISE, 0x3515), board_40518 },
2404 + { PCI_VDEVICE(PROMISE, 0x3519), board_40518 },
2405 { PCI_VDEVICE(PROMISE, 0x3d17), board_40518 },
2406 { PCI_VDEVICE(PROMISE, 0x3d18), board_40518 },
2408 @@ -531,6 +532,84 @@ static void pdc_atapi_pkt(struct ata_queued_cmd *qc)
2409 memcpy(buf+31, cdb, cdb_len);
2410 }
2412 +/**
2413 + * pdc_fill_sg - Fill PCI IDE PRD table
2414 + * @qc: Metadata associated with taskfile to be transferred
2415 + *
2416 + * Fill PCI IDE PRD (scatter-gather) table with segments
2417 + * associated with the current disk command.
2418 + * Make sure hardware does not choke on it.
2419 + *
2420 + * LOCKING:
2421 + * spin_lock_irqsave(host lock)
2422 + *
2423 + */
2424 +static void pdc_fill_sg(struct ata_queued_cmd *qc)
2425 +{
2426 + struct ata_port *ap = qc->ap;
2427 + struct scatterlist *sg;
2428 + unsigned int idx;
2429 + const u32 SG_COUNT_ASIC_BUG = 41*4;
2430 +
2431 + if (!(qc->flags & ATA_QCFLAG_DMAMAP))
2432 + return;
2433 +
2434 + WARN_ON(qc->__sg == NULL);
2435 + WARN_ON(qc->n_elem == 0 && qc->pad_len == 0);
2436 +
2437 + idx = 0;
2438 + ata_for_each_sg(sg, qc) {
2439 + u32 addr, offset;
2440 + u32 sg_len, len;
2441 +
2442 + /* determine if physical DMA addr spans 64K boundary.
2443 + * Note h/w doesn't support 64-bit, so we unconditionally
2444 + * truncate dma_addr_t to u32.
2445 + */
2446 + addr = (u32) sg_dma_address(sg);
2447 + sg_len = sg_dma_len(sg);
2448 +
2449 + while (sg_len) {
2450 + offset = addr & 0xffff;
2451 + len = sg_len;
2452 + if ((offset + sg_len) > 0x10000)
2453 + len = 0x10000 - offset;
2454 +
2455 + ap->prd[idx].addr = cpu_to_le32(addr);
2456 + ap->prd[idx].flags_len = cpu_to_le32(len & 0xffff);
2457 + VPRINTK("PRD[%u] = (0x%X, 0x%X)\n", idx, addr, len);
2458 +
2459 + idx++;
2460 + sg_len -= len;
2461 + addr += len;
2462 + }
2463 + }
2464 +
2465 + if (idx) {
2466 + u32 len = le32_to_cpu(ap->prd[idx - 1].flags_len);
2467 +
2468 + if (len > SG_COUNT_ASIC_BUG) {
2469 + u32 addr;
2470 +
2471 + VPRINTK("Splitting last PRD.\n");
2472 +
2473 + addr = le32_to_cpu(ap->prd[idx - 1].addr);
2474 + ap->prd[idx - 1].flags_len = cpu_to_le32(len - SG_COUNT_ASIC_BUG);
2475 + VPRINTK("PRD[%u] = (0x%X, 0x%X)\n", idx - 1, addr, SG_COUNT_ASIC_BUG);
2476 +
2477 + addr = addr + len - SG_COUNT_ASIC_BUG;
2478 + len = SG_COUNT_ASIC_BUG;
2479 + ap->prd[idx].addr = cpu_to_le32(addr);
2480 + ap->prd[idx].flags_len = cpu_to_le32(len);
2481 + VPRINTK("PRD[%u] = (0x%X, 0x%X)\n", idx, addr, len);
2482 +
2483 + idx++;
2484 + }
2485 +
2486 + ap->prd[idx - 1].flags_len |= cpu_to_le32(ATA_PRD_EOT);
2487 + }
2488 +}
2489 +
2490 static void pdc_qc_prep(struct ata_queued_cmd *qc)
2491 {
2492 struct pdc_port_priv *pp = qc->ap->private_data;
2493 @@ -540,7 +619,7 @@ static void pdc_qc_prep(struct ata_queued_cmd *qc)
2495 switch (qc->tf.protocol) {
2496 case ATA_PROT_DMA:
2497 - ata_qc_prep(qc);
2498 + pdc_fill_sg(qc);
2499 /* fall through */
2501 case ATA_PROT_NODATA:
2502 @@ -556,11 +635,11 @@ static void pdc_qc_prep(struct ata_queued_cmd *qc)
2503 break;
2505 case ATA_PROT_ATAPI:
2506 - ata_qc_prep(qc);
2507 + pdc_fill_sg(qc);
2508 break;
2510 case ATA_PROT_ATAPI_DMA:
2511 - ata_qc_prep(qc);
2512 + pdc_fill_sg(qc);
2513 /*FALLTHROUGH*/
2514 case ATA_PROT_ATAPI_NODATA:
2515 pdc_atapi_pkt(qc);
2516 diff --git a/drivers/atm/he.c b/drivers/atm/he.c
2517 index d33aba6..3b64a99 100644
2518 --- a/drivers/atm/he.c
2519 +++ b/drivers/atm/he.c
2520 @@ -394,6 +394,11 @@ he_init_one(struct pci_dev *pci_dev, const struct pci_device_id *pci_ent)
2521 he_dev->atm_dev->dev_data = he_dev;
2522 atm_dev->dev_data = he_dev;
2523 he_dev->number = atm_dev->number;
2524 +#ifdef USE_TASKLET
2525 + tasklet_init(&he_dev->tasklet, he_tasklet, (unsigned long) he_dev);
2526 +#endif
2527 + spin_lock_init(&he_dev->global_lock);
2528 +
2529 if (he_start(atm_dev)) {
2530 he_stop(he_dev);
2531 err = -ENODEV;
2532 @@ -1173,11 +1178,6 @@ he_start(struct atm_dev *dev)
2533 if ((err = he_init_irq(he_dev)) != 0)
2534 return err;
2536 -#ifdef USE_TASKLET
2537 - tasklet_init(&he_dev->tasklet, he_tasklet, (unsigned long) he_dev);
2538 -#endif
2539 - spin_lock_init(&he_dev->global_lock);
2540 -
2541 /* 4.11 enable pci bus controller state machines */
2542 host_cntl |= (OUTFF_ENB | CMDFF_ENB |
2543 QUICK_RD_RETRY | QUICK_WR_RETRY | PERR_INT_ENB);
2544 diff --git a/drivers/atm/nicstar.c b/drivers/atm/nicstar.c
2545 index 14ced85..0c205b0 100644
2546 --- a/drivers/atm/nicstar.c
2547 +++ b/drivers/atm/nicstar.c
2548 @@ -625,14 +625,6 @@ static int __devinit ns_init_card(int i, struct pci_dev *pcidev)
2549 if (mac[i] == NULL)
2550 nicstar_init_eprom(card->membase);
2552 - if (request_irq(pcidev->irq, &ns_irq_handler, IRQF_DISABLED | IRQF_SHARED, "nicstar", card) != 0)
2553 - {
2554 - printk("nicstar%d: can't allocate IRQ %d.\n", i, pcidev->irq);
2555 - error = 9;
2556 - ns_init_card_error(card, error);
2557 - return error;
2558 - }
2559 -
2560 /* Set the VPI/VCI MSb mask to zero so we can receive OAM cells */
2561 writel(0x00000000, card->membase + VPM);
2563 @@ -858,8 +850,6 @@ static int __devinit ns_init_card(int i, struct pci_dev *pcidev)
2564 card->iovpool.count++;
2565 }
2567 - card->intcnt = 0;
2568 -
2569 /* Configure NICStAR */
2570 if (card->rct_size == 4096)
2571 ns_cfg_rctsize = NS_CFG_RCTSIZE_4096_ENTRIES;
2572 @@ -868,6 +858,15 @@ static int __devinit ns_init_card(int i, struct pci_dev *pcidev)
2574 card->efbie = 1;
2576 + card->intcnt = 0;
2577 + if (request_irq(pcidev->irq, &ns_irq_handler, IRQF_DISABLED | IRQF_SHARED, "nicstar", card) != 0)
2578 + {
2579 + printk("nicstar%d: can't allocate IRQ %d.\n", i, pcidev->irq);
2580 + error = 9;
2581 + ns_init_card_error(card, error);
2582 + return error;
2583 + }
2584 +
2585 /* Register device */
2586 card->atmdev = atm_dev_register("nicstar", &atm_ops, -1, NULL);
2587 if (card->atmdev == NULL)
2588 diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c
2589 index fe7ef33..4054507 100644
2590 --- a/drivers/base/cpu.c
2591 +++ b/drivers/base/cpu.c
2592 @@ -53,7 +53,7 @@ static ssize_t store_online(struct sys_device *dev, const char *buf,
2593 ret = count;
2594 return ret;
2595 }
2596 -static SYSDEV_ATTR(online, 0600, show_online, store_online);
2597 +static SYSDEV_ATTR(online, 0644, show_online, store_online);
2599 static void __devinit register_cpu_control(struct cpu *cpu)
2600 {
2601 diff --git a/drivers/block/DAC960.c b/drivers/block/DAC960.c
2602 index 92bf868..84d6aa5 100644
2603 --- a/drivers/block/DAC960.c
2604 +++ b/drivers/block/DAC960.c
2605 @@ -17,8 +17,8 @@
2606 */
2609 -#define DAC960_DriverVersion "2.5.48"
2610 -#define DAC960_DriverDate "14 May 2006"
2611 +#define DAC960_DriverVersion "2.5.49"
2612 +#define DAC960_DriverDate "21 Aug 2007"
2615 #include <linux/module.h>
2616 @@ -31,6 +31,7 @@
2617 #include <linux/genhd.h>
2618 #include <linux/hdreg.h>
2619 #include <linux/blkpg.h>
2620 +#include <linux/dma-mapping.h>
2621 #include <linux/interrupt.h>
2622 #include <linux/ioport.h>
2623 #include <linux/mm.h>
2624 @@ -1165,9 +1166,9 @@ static bool DAC960_V1_EnableMemoryMailboxInterface(DAC960_Controller_T
2625 int i;
2628 - if (pci_set_dma_mask(Controller->PCIDevice, DAC690_V1_PciDmaMask))
2629 + if (pci_set_dma_mask(Controller->PCIDevice, DMA_32BIT_MASK))
2630 return DAC960_Failure(Controller, "DMA mask out of range");
2631 - Controller->BounceBufferLimit = DAC690_V1_PciDmaMask;
2632 + Controller->BounceBufferLimit = DMA_32BIT_MASK;
2634 if ((hw_type == DAC960_PD_Controller) || (hw_type == DAC960_P_Controller)) {
2635 CommandMailboxesSize = 0;
2636 @@ -1368,9 +1369,12 @@ static bool DAC960_V2_EnableMemoryMailboxInterface(DAC960_Controller_T
2637 dma_addr_t CommandMailboxDMA;
2638 DAC960_V2_CommandStatus_T CommandStatus;
2640 - if (pci_set_dma_mask(Controller->PCIDevice, DAC690_V2_PciDmaMask))
2641 - return DAC960_Failure(Controller, "DMA mask out of range");
2642 - Controller->BounceBufferLimit = DAC690_V2_PciDmaMask;
2643 + if (!pci_set_dma_mask(Controller->PCIDevice, DMA_64BIT_MASK))
2644 + Controller->BounceBufferLimit = DMA_64BIT_MASK;
2645 + else if (!pci_set_dma_mask(Controller->PCIDevice, DMA_32BIT_MASK))
2646 + Controller->BounceBufferLimit = DMA_32BIT_MASK;
2647 + else
2648 + return DAC960_Failure(Controller, "DMA mask out of range");
2650 /* This is a temporary dma mapping, used only in the scope of this function */
2651 CommandMailbox = pci_alloc_consistent(PCI_Device,
2652 diff --git a/drivers/block/DAC960.h b/drivers/block/DAC960.h
2653 index f5e2436..85fa9bb 100644
2654 --- a/drivers/block/DAC960.h
2655 +++ b/drivers/block/DAC960.h
2656 @@ -61,13 +61,6 @@
2657 #define DAC960_V2_MaxPhysicalDevices 272
2659 /*
2660 - Define the pci dma mask supported by DAC960 V1 and V2 Firmware Controlers
2661 - */
2662 -
2663 -#define DAC690_V1_PciDmaMask 0xffffffff
2664 -#define DAC690_V2_PciDmaMask 0xffffffffffffffffULL
2665 -
2666 -/*
2667 Define a 32/64 bit I/O Address data type.
2668 */
2670 diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
2671 index 5acc6c4..132f76b 100644
2672 --- a/drivers/block/cciss.c
2673 +++ b/drivers/block/cciss.c
2674 @@ -3225,12 +3225,15 @@ static int alloc_cciss_hba(void)
2675 for (i = 0; i < MAX_CTLR; i++) {
2676 if (!hba[i]) {
2677 ctlr_info_t *p;
2678 +
2679 p = kzalloc(sizeof(ctlr_info_t), GFP_KERNEL);
2680 if (!p)
2681 goto Enomem;
2682 p->gendisk[0] = alloc_disk(1 << NWD_SHIFT);
2683 - if (!p->gendisk[0])
2684 + if (!p->gendisk[0]) {
2685 + kfree(p);
2686 goto Enomem;
2687 + }
2688 hba[i] = p;
2689 return i;
2690 }
2691 diff --git a/drivers/block/rd.c b/drivers/block/rd.c
2692 index a1512da..e30bd9e 100644
2693 --- a/drivers/block/rd.c
2694 +++ b/drivers/block/rd.c
2695 @@ -189,6 +189,18 @@ static int ramdisk_set_page_dirty(struct page *page)
2696 return 0;
2697 }
2699 +/*
2700 + * releasepage is called by pagevec_strip/try_to_release_page if
2701 + * buffers_heads_over_limit is true. Without a releasepage function
2702 + * try_to_free_buffers is called instead. That can unset the dirty
2703 + * bit of our ram disk pages, which will be eventually freed, even
2704 + * if the page is still in use.
2705 + */
2706 +static int ramdisk_releasepage(struct page *page, gfp_t dummy)
2707 +{
2708 + return 0;
2709 +}
2710 +
2711 static const struct address_space_operations ramdisk_aops = {
2712 .readpage = ramdisk_readpage,
2713 .prepare_write = ramdisk_prepare_write,
2714 @@ -196,6 +208,7 @@ static const struct address_space_operations ramdisk_aops = {
2715 .writepage = ramdisk_writepage,
2716 .set_page_dirty = ramdisk_set_page_dirty,
2717 .writepages = ramdisk_writepages,
2718 + .releasepage = ramdisk_releasepage,
2719 };
2721 static int rd_blkdev_pagecache_IO(int rw, struct bio_vec *vec, sector_t sector,
2722 diff --git a/drivers/char/agp/intel-agp.c b/drivers/char/agp/intel-agp.c
2723 index a124060..d06b652 100644
2724 --- a/drivers/char/agp/intel-agp.c
2725 +++ b/drivers/char/agp/intel-agp.c
2726 @@ -20,7 +20,9 @@
2727 #define PCI_DEVICE_ID_INTEL_82965G_IG 0x29A2
2728 #define PCI_DEVICE_ID_INTEL_82965GM_HB 0x2A00
2729 #define PCI_DEVICE_ID_INTEL_82965GM_IG 0x2A02
2730 +#define PCI_DEVICE_ID_INTEL_82965GME_HB 0x2A10
2731 #define PCI_DEVICE_ID_INTEL_82965GME_IG 0x2A12
2732 +#define PCI_DEVICE_ID_INTEL_82945GME_HB 0x27AC
2733 #define PCI_DEVICE_ID_INTEL_82945GME_IG 0x27AE
2734 #define PCI_DEVICE_ID_INTEL_G33_HB 0x29C0
2735 #define PCI_DEVICE_ID_INTEL_G33_IG 0x29C2
2736 @@ -33,7 +35,8 @@
2737 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965G_1_HB || \
2738 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965Q_HB || \
2739 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965G_HB || \
2740 - agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965GM_HB)
2741 + agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965GM_HB || \
2742 + agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965GME_HB)
2744 #define IS_G33 (agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_G33_HB || \
2745 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_Q35_HB || \
2746 @@ -527,6 +530,7 @@ static void intel_i830_init_gtt_entries(void)
2747 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82915GM_HB ||
2748 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945G_HB ||
2749 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945GM_HB ||
2750 + agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945GME_HB ||
2751 IS_I965 || IS_G33)
2752 gtt_entries = MB(48) - KB(size);
2753 else
2754 @@ -538,6 +542,7 @@ static void intel_i830_init_gtt_entries(void)
2755 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82915GM_HB ||
2756 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945G_HB ||
2757 agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945GM_HB ||
2758 + agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82945GME_HB ||
2759 IS_I965 || IS_G33)
2760 gtt_entries = MB(64) - KB(size);
2761 else
2762 @@ -1848,9 +1853,9 @@ static const struct intel_driver_description {
2763 NULL, &intel_915_driver },
2764 { PCI_DEVICE_ID_INTEL_82945G_HB, PCI_DEVICE_ID_INTEL_82945G_IG, 0, "945G",
2765 NULL, &intel_915_driver },
2766 - { PCI_DEVICE_ID_INTEL_82945GM_HB, PCI_DEVICE_ID_INTEL_82945GM_IG, 1, "945GM",
2767 + { PCI_DEVICE_ID_INTEL_82945GM_HB, PCI_DEVICE_ID_INTEL_82945GM_IG, 0, "945GM",
2768 NULL, &intel_915_driver },
2769 - { PCI_DEVICE_ID_INTEL_82945GM_HB, PCI_DEVICE_ID_INTEL_82945GME_IG, 0, "945GME",
2770 + { PCI_DEVICE_ID_INTEL_82945GME_HB, PCI_DEVICE_ID_INTEL_82945GME_IG, 0, "945GME",
2771 NULL, &intel_915_driver },
2772 { PCI_DEVICE_ID_INTEL_82946GZ_HB, PCI_DEVICE_ID_INTEL_82946GZ_IG, 0, "946GZ",
2773 NULL, &intel_i965_driver },
2774 @@ -1860,9 +1865,9 @@ static const struct intel_driver_description {
2775 NULL, &intel_i965_driver },
2776 { PCI_DEVICE_ID_INTEL_82965G_HB, PCI_DEVICE_ID_INTEL_82965G_IG, 0, "965G",
2777 NULL, &intel_i965_driver },
2778 - { PCI_DEVICE_ID_INTEL_82965GM_HB, PCI_DEVICE_ID_INTEL_82965GM_IG, 1, "965GM",
2779 + { PCI_DEVICE_ID_INTEL_82965GM_HB, PCI_DEVICE_ID_INTEL_82965GM_IG, 0, "965GM",
2780 NULL, &intel_i965_driver },
2781 - { PCI_DEVICE_ID_INTEL_82965GM_HB, PCI_DEVICE_ID_INTEL_82965GME_IG, 0, "965GME/GLE",
2782 + { PCI_DEVICE_ID_INTEL_82965GME_HB, PCI_DEVICE_ID_INTEL_82965GME_IG, 0, "965GME/GLE",
2783 NULL, &intel_i965_driver },
2784 { PCI_DEVICE_ID_INTEL_7505_0, 0, 0, "E7505", &intel_7505_driver, NULL },
2785 { PCI_DEVICE_ID_INTEL_7205_0, 0, 0, "E7205", &intel_7505_driver, NULL },
2786 @@ -2051,11 +2056,13 @@ static struct pci_device_id agp_intel_pci_table[] = {
2787 ID(PCI_DEVICE_ID_INTEL_82915GM_HB),
2788 ID(PCI_DEVICE_ID_INTEL_82945G_HB),
2789 ID(PCI_DEVICE_ID_INTEL_82945GM_HB),
2790 + ID(PCI_DEVICE_ID_INTEL_82945GME_HB),
2791 ID(PCI_DEVICE_ID_INTEL_82946GZ_HB),
2792 ID(PCI_DEVICE_ID_INTEL_82965G_1_HB),
2793 ID(PCI_DEVICE_ID_INTEL_82965Q_HB),
2794 ID(PCI_DEVICE_ID_INTEL_82965G_HB),
2795 ID(PCI_DEVICE_ID_INTEL_82965GM_HB),
2796 + ID(PCI_DEVICE_ID_INTEL_82965GME_HB),
2797 ID(PCI_DEVICE_ID_INTEL_G33_HB),
2798 ID(PCI_DEVICE_ID_INTEL_Q35_HB),
2799 ID(PCI_DEVICE_ID_INTEL_Q33_HB),
2800 diff --git a/drivers/char/drm/drm_vm.c b/drivers/char/drm/drm_vm.c
2801 index b5c5b9f..e2d7be9 100644
2802 --- a/drivers/char/drm/drm_vm.c
2803 +++ b/drivers/char/drm/drm_vm.c
2804 @@ -520,6 +520,7 @@ static int drm_mmap_dma(struct file *filp, struct vm_area_struct *vma)
2805 vma->vm_ops = &drm_vm_dma_ops;
2807 vma->vm_flags |= VM_RESERVED; /* Don't swap */
2808 + vma->vm_flags |= VM_DONTEXPAND;
2810 vma->vm_file = filp; /* Needed for drm_vm_open() */
2811 drm_vm_open_locked(vma);
2812 @@ -669,6 +670,7 @@ static int drm_mmap_locked(struct file *filp, struct vm_area_struct *vma)
2813 return -EINVAL; /* This should never happen. */
2814 }
2815 vma->vm_flags |= VM_RESERVED; /* Don't swap */
2816 + vma->vm_flags |= VM_DONTEXPAND;
2818 vma->vm_file = filp; /* Needed for drm_vm_open() */
2819 drm_vm_open_locked(vma);
2820 diff --git a/drivers/char/drm/i915_dma.c b/drivers/char/drm/i915_dma.c
2821 index ea52740..786c0d9 100644
2822 --- a/drivers/char/drm/i915_dma.c
2823 +++ b/drivers/char/drm/i915_dma.c
2824 @@ -184,6 +184,8 @@ static int i915_initialize(drm_device_t * dev,
2825 * private backbuffer/depthbuffer usage.
2826 */
2827 dev_priv->use_mi_batchbuffer_start = 0;
2828 + if (IS_I965G(dev)) /* 965 doesn't support older method */
2829 + dev_priv->use_mi_batchbuffer_start = 1;
2831 /* Allow hardware batchbuffers unless told otherwise.
2832 */
2833 @@ -517,8 +519,13 @@ static int i915_dispatch_batchbuffer(drm_device_t * dev,
2835 if (dev_priv->use_mi_batchbuffer_start) {
2836 BEGIN_LP_RING(2);
2837 - OUT_RING(MI_BATCH_BUFFER_START | (2 << 6));
2838 - OUT_RING(batch->start | MI_BATCH_NON_SECURE);
2839 + if (IS_I965G(dev)) {
2840 + OUT_RING(MI_BATCH_BUFFER_START | (2 << 6) | MI_BATCH_NON_SECURE_I965);
2841 + OUT_RING(batch->start);
2842 + } else {
2843 + OUT_RING(MI_BATCH_BUFFER_START | (2 << 6));
2844 + OUT_RING(batch->start | MI_BATCH_NON_SECURE);
2845 + }
2846 ADVANCE_LP_RING();
2847 } else {
2848 BEGIN_LP_RING(4);
2849 @@ -735,7 +742,8 @@ static int i915_setparam(DRM_IOCTL_ARGS)
2851 switch (param.param) {
2852 case I915_SETPARAM_USE_MI_BATCHBUFFER_START:
2853 - dev_priv->use_mi_batchbuffer_start = param.value;
2854 + if (!IS_I965G(dev))
2855 + dev_priv->use_mi_batchbuffer_start = param.value;
2856 break;
2857 case I915_SETPARAM_TEX_LRU_LOG_GRANULARITY:
2858 dev_priv->tex_lru_log_granularity = param.value;
2859 diff --git a/drivers/char/drm/i915_drv.h b/drivers/char/drm/i915_drv.h
2860 index 85e323a..44a0717 100644
2861 --- a/drivers/char/drm/i915_drv.h
2862 +++ b/drivers/char/drm/i915_drv.h
2863 @@ -282,6 +282,7 @@ extern int i915_wait_ring(drm_device_t * dev, int n, const char *caller);
2864 #define MI_BATCH_BUFFER_START (0x31<<23)
2865 #define MI_BATCH_BUFFER_END (0xA<<23)
2866 #define MI_BATCH_NON_SECURE (1)
2867 +#define MI_BATCH_NON_SECURE_I965 (1<<8)
2869 #define MI_WAIT_FOR_EVENT ((0x3<<23))
2870 #define MI_WAIT_FOR_PLANE_A_FLIP (1<<2)
2871 diff --git a/drivers/char/drm/i915_irq.c b/drivers/char/drm/i915_irq.c
2872 index b92062a..8021ba6 100644
2873 --- a/drivers/char/drm/i915_irq.c
2874 +++ b/drivers/char/drm/i915_irq.c
2875 @@ -541,7 +541,7 @@ int i915_vblank_swap(DRM_IOCTL_ARGS)
2876 return DRM_ERR(EBUSY);
2877 }
2879 - vbl_swap = drm_calloc(1, sizeof(vbl_swap), DRM_MEM_DRIVER);
2880 + vbl_swap = drm_calloc(1, sizeof(*vbl_swap), DRM_MEM_DRIVER);
2882 if (!vbl_swap) {
2883 DRM_ERROR("Failed to allocate memory to queue swap\n");
2884 diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
2885 index 78e1b96..eb894f8 100644
2886 --- a/drivers/char/ipmi/ipmi_si_intf.c
2887 +++ b/drivers/char/ipmi/ipmi_si_intf.c
2888 @@ -2214,7 +2214,8 @@ static int ipmi_pci_resume(struct pci_dev *pdev)
2890 static struct pci_device_id ipmi_pci_devices[] = {
2891 { PCI_DEVICE(PCI_HP_VENDOR_ID, PCI_MMC_DEVICE_ID) },
2892 - { PCI_DEVICE_CLASS(PCI_ERMC_CLASSCODE, PCI_ERMC_CLASSCODE_MASK) }
2893 + { PCI_DEVICE_CLASS(PCI_ERMC_CLASSCODE, PCI_ERMC_CLASSCODE_MASK) },
2894 + { 0, }
2895 };
2896 MODULE_DEVICE_TABLE(pci, ipmi_pci_devices);
2898 diff --git a/drivers/char/mspec.c b/drivers/char/mspec.c
2899 index 7ac3061..5685b7a 100644
2900 --- a/drivers/char/mspec.c
2901 +++ b/drivers/char/mspec.c
2902 @@ -265,7 +265,8 @@ mspec_mmap(struct file *file, struct vm_area_struct *vma, int type)
2903 vdata->refcnt = ATOMIC_INIT(1);
2904 vma->vm_private_data = vdata;
2906 - vma->vm_flags |= (VM_IO | VM_LOCKED | VM_RESERVED | VM_PFNMAP);
2907 + vma->vm_flags |= (VM_IO | VM_LOCKED | VM_RESERVED | VM_PFNMAP |
2908 + VM_DONTEXPAND);
2909 if (vdata->type == MSPEC_FETCHOP || vdata->type == MSPEC_UNCACHED)
2910 vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
2911 vma->vm_ops = &mspec_vm_ops;
2912 diff --git a/drivers/char/random.c b/drivers/char/random.c
2913 index 7f52712..af274e5 100644
2914 --- a/drivers/char/random.c
2915 +++ b/drivers/char/random.c
2916 @@ -693,9 +693,14 @@ static void xfer_secondary_pool(struct entropy_store *r, size_t nbytes)
2918 if (r->pull && r->entropy_count < nbytes * 8 &&
2919 r->entropy_count < r->poolinfo->POOLBITS) {
2920 - int bytes = max_t(int, random_read_wakeup_thresh / 8,
2921 - min_t(int, nbytes, sizeof(tmp)));
2922 + /* If we're limited, always leave two wakeup worth's BITS */
2923 int rsvd = r->limit ? 0 : random_read_wakeup_thresh/4;
2924 + int bytes = nbytes;
2925 +
2926 + /* pull at least as many as BYTES as wakeup BITS */
2927 + bytes = max_t(int, bytes, random_read_wakeup_thresh / 8);
2928 + /* but never more than the buffer size */
2929 + bytes = min_t(int, bytes, sizeof(tmp));
2931 DEBUG_ENT("going to reseed %s with %d bits "
2932 "(%d of %d requested)\n",
2933 @@ -1545,11 +1550,13 @@ __u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr,
2934 * As close as possible to RFC 793, which
2935 * suggests using a 250 kHz clock.
2936 * Further reading shows this assumes 2 Mb/s networks.
2937 - * For 10 Gb/s Ethernet, a 1 GHz clock is appropriate.
2938 - * That's funny, Linux has one built in! Use it!
2939 - * (Networks are faster now - should this be increased?)
2940 + * For 10 Mb/s Ethernet, a 1 MHz clock is appropriate.
2941 + * For 10 Gb/s Ethernet, a 1 GHz clock should be ok, but
2942 + * we also need to limit the resolution so that the u32 seq
2943 + * overlaps less than one time per MSL (2 minutes).
2944 + * Choosing a clock of 64 ns period is OK. (period of 274 s)
2945 */
2946 - seq += ktime_get_real().tv64;
2947 + seq += ktime_get_real().tv64 >> 6;
2948 #if 0
2949 printk("init_seq(%lx, %lx, %d, %d) = %d\n",
2950 saddr, daddr, sport, dport, seq);
2951 diff --git a/drivers/char/sx.c b/drivers/char/sx.c
2952 index 1da92a6..85a2328 100644
2953 --- a/drivers/char/sx.c
2954 +++ b/drivers/char/sx.c
2955 @@ -2721,9 +2721,9 @@ static void __devexit sx_pci_remove(struct pci_dev *pdev)
2956 its because the standard requires it. So check for SUBVENDOR_ID. */
2957 static struct pci_device_id sx_pci_tbl[] = {
2958 { PCI_VENDOR_ID_SPECIALIX, PCI_DEVICE_ID_SPECIALIX_SX_XIO_IO8,
2959 - .subvendor = 0x0200,.subdevice = PCI_ANY_ID },
2960 + .subvendor = PCI_ANY_ID, .subdevice = 0x0200 },
2961 { PCI_VENDOR_ID_SPECIALIX, PCI_DEVICE_ID_SPECIALIX_SX_XIO_IO8,
2962 - .subvendor = 0x0300,.subdevice = PCI_ANY_ID },
2963 + .subvendor = PCI_ANY_ID, .subdevice = 0x0300 },
2964 { 0 }
2965 };
2967 diff --git a/drivers/connector/cn_queue.c b/drivers/connector/cn_queue.c
2968 index 296f510..12ceed5 100644
2969 --- a/drivers/connector/cn_queue.c
2970 +++ b/drivers/connector/cn_queue.c
2971 @@ -99,8 +99,8 @@ int cn_queue_add_callback(struct cn_queue_dev *dev, char *name, struct cb_id *id
2972 spin_unlock_bh(&dev->queue_lock);
2974 if (found) {
2975 - atomic_dec(&dev->refcnt);
2976 cn_queue_free_callback(cbq);
2977 + atomic_dec(&dev->refcnt);
2978 return -EINVAL;
2979 }
2981 diff --git a/drivers/cpufreq/cpufreq_ondemand.c b/drivers/cpufreq/cpufreq_ondemand.c
2982 index 8532bb7..e794527 100644
2983 --- a/drivers/cpufreq/cpufreq_ondemand.c
2984 +++ b/drivers/cpufreq/cpufreq_ondemand.c
2985 @@ -96,15 +96,25 @@ static struct dbs_tuners {
2987 static inline cputime64_t get_cpu_idle_time(unsigned int cpu)
2988 {
2989 - cputime64_t retval;
2990 + cputime64_t idle_time;
2991 + cputime64_t cur_jiffies;
2992 + cputime64_t busy_time;
2994 - retval = cputime64_add(kstat_cpu(cpu).cpustat.idle,
2995 - kstat_cpu(cpu).cpustat.iowait);
2996 + cur_jiffies = jiffies64_to_cputime64(get_jiffies_64());
2997 + busy_time = cputime64_add(kstat_cpu(cpu).cpustat.user,
2998 + kstat_cpu(cpu).cpustat.system);
3000 - if (dbs_tuners_ins.ignore_nice)
3001 - retval = cputime64_add(retval, kstat_cpu(cpu).cpustat.nice);
3002 + busy_time = cputime64_add(busy_time, kstat_cpu(cpu).cpustat.irq);
3003 + busy_time = cputime64_add(busy_time, kstat_cpu(cpu).cpustat.softirq);
3004 + busy_time = cputime64_add(busy_time, kstat_cpu(cpu).cpustat.steal);
3006 - return retval;
3007 + if (!dbs_tuners_ins.ignore_nice) {
3008 + busy_time = cputime64_add(busy_time,
3009 + kstat_cpu(cpu).cpustat.nice);
3010 + }
3011 +
3012 + idle_time = cputime64_sub(cur_jiffies, busy_time);
3013 + return idle_time;
3014 }
3016 /*
3017 @@ -325,7 +335,7 @@ static struct attribute_group dbs_attr_group = {
3018 static void dbs_check_cpu(struct cpu_dbs_info_s *this_dbs_info)
3019 {
3020 unsigned int idle_ticks, total_ticks;
3021 - unsigned int load;
3022 + unsigned int load = 0;
3023 cputime64_t cur_jiffies;
3025 struct cpufreq_policy *policy;
3026 @@ -339,7 +349,8 @@ static void dbs_check_cpu(struct cpu_dbs_info_s *this_dbs_info)
3027 cur_jiffies = jiffies64_to_cputime64(get_jiffies_64());
3028 total_ticks = (unsigned int) cputime64_sub(cur_jiffies,
3029 this_dbs_info->prev_cpu_wall);
3030 - this_dbs_info->prev_cpu_wall = cur_jiffies;
3031 + this_dbs_info->prev_cpu_wall = get_jiffies_64();
3032 +
3033 if (!total_ticks)
3034 return;
3035 /*
3036 @@ -370,7 +381,8 @@ static void dbs_check_cpu(struct cpu_dbs_info_s *this_dbs_info)
3037 if (tmp_idle_ticks < idle_ticks)
3038 idle_ticks = tmp_idle_ticks;
3039 }
3040 - load = (100 * (total_ticks - idle_ticks)) / total_ticks;
3041 + if (likely(total_ticks > idle_ticks))
3042 + load = (100 * (total_ticks - idle_ticks)) / total_ticks;
3044 /* Check for frequency increase */
3045 if (load > dbs_tuners_ins.up_threshold) {
3046 diff --git a/drivers/firewire/fw-card.c b/drivers/firewire/fw-card.c
3047 index 9eb1eda..46d3cf2 100644
3048 --- a/drivers/firewire/fw-card.c
3049 +++ b/drivers/firewire/fw-card.c
3050 @@ -507,9 +507,11 @@ fw_core_remove_card(struct fw_card *card)
3051 /* Set up the dummy driver. */
3052 card->driver = &dummy_driver;
3054 - fw_flush_transactions(card);
3055 -
3056 fw_destroy_nodes(card);
3057 + flush_scheduled_work();
3058 +
3059 + fw_flush_transactions(card);
3060 + del_timer_sync(&card->flush_timer);
3062 fw_card_put(card);
3063 }
3064 diff --git a/drivers/firewire/fw-ohci.c b/drivers/firewire/fw-ohci.c
3065 index 96c8ac5..f1cd9d3 100644
3066 --- a/drivers/firewire/fw-ohci.c
3067 +++ b/drivers/firewire/fw-ohci.c
3068 @@ -586,7 +586,7 @@ static void context_stop(struct context *ctx)
3069 break;
3071 fw_notify("context_stop: still active (0x%08x)\n", reg);
3072 - msleep(1);
3073 + mdelay(1);
3074 }
3075 }
3077 @@ -1934,14 +1934,12 @@ static int pci_suspend(struct pci_dev *pdev, pm_message_t state)
3078 free_irq(pdev->irq, ohci);
3079 err = pci_save_state(pdev);
3080 if (err) {
3081 - fw_error("pci_save_state failed with %d", err);
3082 + fw_error("pci_save_state failed with %d\n", err);
3083 return err;
3084 }
3085 err = pci_set_power_state(pdev, pci_choose_state(pdev, state));
3086 - if (err) {
3087 - fw_error("pci_set_power_state failed with %d", err);
3088 - return err;
3089 - }
3090 + if (err)
3091 + fw_error("pci_set_power_state failed with %d\n", err);
3093 return 0;
3094 }
3095 @@ -1955,7 +1953,7 @@ static int pci_resume(struct pci_dev *pdev)
3096 pci_restore_state(pdev);
3097 err = pci_enable_device(pdev);
3098 if (err) {
3099 - fw_error("pci_enable_device failed with %d", err);
3100 + fw_error("pci_enable_device failed with %d\n", err);
3101 return err;
3102 }
3104 diff --git a/drivers/firewire/fw-sbp2.c b/drivers/firewire/fw-sbp2.c
3105 index a98d391..a68f7de 100644
3106 --- a/drivers/firewire/fw-sbp2.c
3107 +++ b/drivers/firewire/fw-sbp2.c
3108 @@ -985,6 +985,7 @@ static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done)
3109 struct fw_unit *unit = sd->unit;
3110 struct fw_device *device = fw_device(unit->device.parent);
3111 struct sbp2_command_orb *orb;
3112 + unsigned max_payload;
3114 /*
3115 * Bidirectional commands are not yet implemented, and unknown
3116 @@ -1023,8 +1024,10 @@ static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done)
3117 * specifies the max payload size as 2 ^ (max_payload + 2), so
3118 * if we set this to max_speed + 7, we get the right value.
3119 */
3120 + max_payload = device->node->max_speed + 7;
3121 + max_payload = min(max_payload, device->card->max_receive - 1);
3122 orb->request.misc =
3123 - COMMAND_ORB_MAX_PAYLOAD(device->node->max_speed + 7) |
3124 + COMMAND_ORB_MAX_PAYLOAD(max_payload) |
3125 COMMAND_ORB_SPEED(device->node->max_speed) |
3126 COMMAND_ORB_NOTIFY;
3128 diff --git a/drivers/firewire/fw-transaction.c b/drivers/firewire/fw-transaction.c
3129 index 80d0121..a506a1f 100644
3130 --- a/drivers/firewire/fw-transaction.c
3131 +++ b/drivers/firewire/fw-transaction.c
3132 @@ -605,8 +605,10 @@ fw_send_response(struct fw_card *card, struct fw_request *request, int rcode)
3133 * check is sufficient to ensure we don't send response to
3134 * broadcast packets or posted writes.
3135 */
3136 - if (request->ack != ACK_PENDING)
3137 + if (request->ack != ACK_PENDING) {
3138 + kfree(request);
3139 return;
3140 + }
3142 if (rcode == RCODE_COMPLETE)
3143 fw_fill_response(&request->response, request->request_header,
3144 diff --git a/drivers/firewire/fw-transaction.h b/drivers/firewire/fw-transaction.h
3145 index acdc3be..e2b9ca4 100644
3146 --- a/drivers/firewire/fw-transaction.h
3147 +++ b/drivers/firewire/fw-transaction.h
3148 @@ -124,6 +124,10 @@ typedef void (*fw_transaction_callback_t)(struct fw_card *card, int rcode,
3149 size_t length,
3150 void *callback_data);
3152 +/*
3153 + * Important note: The callback must guarantee that either fw_send_response()
3154 + * or kfree() is called on the @request.
3155 + */
3156 typedef void (*fw_address_callback_t)(struct fw_card *card,
3157 struct fw_request *request,
3158 int tcode, int destination, int source,
3159 @@ -228,7 +232,7 @@ struct fw_card {
3160 unsigned long reset_jiffies;
3162 unsigned long long guid;
3163 - int max_receive;
3164 + unsigned max_receive;
3165 int link_speed;
3166 int config_rom_generation;
3168 diff --git a/drivers/hwmon/lm78.c b/drivers/hwmon/lm78.c
3169 index 9fb572f..3507113 100644
3170 --- a/drivers/hwmon/lm78.c
3171 +++ b/drivers/hwmon/lm78.c
3172 @@ -882,7 +882,7 @@ static int __init lm78_isa_device_add(unsigned short address)
3173 {
3174 struct resource res = {
3175 .start = address,
3176 - .end = address + LM78_EXTENT,
3177 + .end = address + LM78_EXTENT - 1,
3178 .name = "lm78",
3179 .flags = IORESOURCE_IO,
3180 };
3181 diff --git a/drivers/hwmon/lm87.c b/drivers/hwmon/lm87.c
3182 index 988ae1c..1128153 100644
3183 --- a/drivers/hwmon/lm87.c
3184 +++ b/drivers/hwmon/lm87.c
3185 @@ -129,7 +129,7 @@ static u8 LM87_REG_TEMP_LOW[3] = { 0x3A, 0x38, 0x2C };
3186 (((val) < 0 ? (val)-500 : (val)+500) / 1000))
3188 #define FAN_FROM_REG(reg,div) ((reg) == 255 || (reg) == 0 ? 0 : \
3189 - 1350000 + (reg)*(div) / 2) / ((reg)*(div))
3190 + (1350000 + (reg)*(div) / 2) / ((reg)*(div)))
3191 #define FAN_TO_REG(val,div) ((val)*(div) * 255 <= 1350000 ? 255 : \
3192 (1350000 + (val)*(div) / 2) / ((val)*(div)))
3194 @@ -145,7 +145,7 @@ static u8 LM87_REG_TEMP_LOW[3] = { 0x3A, 0x38, 0x2C };
3195 #define CHAN_NO_FAN(nr) (1 << (nr))
3196 #define CHAN_TEMP3 (1 << 2)
3197 #define CHAN_VCC_5V (1 << 3)
3198 -#define CHAN_NO_VID (1 << 8)
3199 +#define CHAN_NO_VID (1 << 7)
3201 /*
3202 * Functions declaration
3203 diff --git a/drivers/hwmon/smsc47m1.c b/drivers/hwmon/smsc47m1.c
3204 index 1e21c8c..c3e716e 100644
3205 --- a/drivers/hwmon/smsc47m1.c
3206 +++ b/drivers/hwmon/smsc47m1.c
3207 @@ -585,6 +585,8 @@ static int __devinit smsc47m1_probe(struct platform_device *pdev)
3209 if ((err = device_create_file(dev, &dev_attr_alarms)))
3210 goto error_remove_files;
3211 + if ((err = device_create_file(dev, &dev_attr_name)))
3212 + goto error_remove_files;
3214 data->class_dev = hwmon_device_register(dev);
3215 if (IS_ERR(data->class_dev)) {
3216 diff --git a/drivers/hwmon/w83627hf.c b/drivers/hwmon/w83627hf.c
3217 index 12cb40a..6972fdb 100644
3218 --- a/drivers/hwmon/w83627hf.c
3219 +++ b/drivers/hwmon/w83627hf.c
3220 @@ -335,6 +335,7 @@ static int w83627hf_remove(struct platform_device *pdev);
3222 static int w83627hf_read_value(struct w83627hf_data *data, u16 reg);
3223 static int w83627hf_write_value(struct w83627hf_data *data, u16 reg, u16 value);
3224 +static void w83627hf_update_fan_div(struct w83627hf_data *data);
3225 static struct w83627hf_data *w83627hf_update_device(struct device *dev);
3226 static void w83627hf_init_device(struct platform_device *pdev);
3228 @@ -1127,6 +1128,7 @@ static int __devinit w83627hf_probe(struct platform_device *pdev)
3229 data->fan_min[0] = w83627hf_read_value(data, W83781D_REG_FAN_MIN(1));
3230 data->fan_min[1] = w83627hf_read_value(data, W83781D_REG_FAN_MIN(2));
3231 data->fan_min[2] = w83627hf_read_value(data, W83781D_REG_FAN_MIN(3));
3232 + w83627hf_update_fan_div(data);
3234 /* Register common device attributes */
3235 if ((err = sysfs_create_group(&dev->kobj, &w83627hf_group)))
3236 @@ -1207,6 +1209,24 @@ static int __devexit w83627hf_remove(struct platform_device *pdev)
3237 }
3240 +/* Registers 0x50-0x5f are banked */
3241 +static inline void w83627hf_set_bank(struct w83627hf_data *data, u16 reg)
3242 +{
3243 + if ((reg & 0x00f0) == 0x50) {
3244 + outb_p(W83781D_REG_BANK, data->addr + W83781D_ADDR_REG_OFFSET);
3245 + outb_p(reg >> 8, data->addr + W83781D_DATA_REG_OFFSET);
3246 + }
3247 +}
3248 +
3249 +/* Not strictly necessary, but play it safe for now */
3250 +static inline void w83627hf_reset_bank(struct w83627hf_data *data, u16 reg)
3251 +{
3252 + if (reg & 0xff00) {
3253 + outb_p(W83781D_REG_BANK, data->addr + W83781D_ADDR_REG_OFFSET);
3254 + outb_p(0, data->addr + W83781D_DATA_REG_OFFSET);
3255 + }
3256 +}
3257 +
3258 static int w83627hf_read_value(struct w83627hf_data *data, u16 reg)
3259 {
3260 int res, word_sized;
3261 @@ -1217,12 +1237,7 @@ static int w83627hf_read_value(struct w83627hf_data *data, u16 reg)
3262 && (((reg & 0x00ff) == 0x50)
3263 || ((reg & 0x00ff) == 0x53)
3264 || ((reg & 0x00ff) == 0x55));
3265 - if (reg & 0xff00) {
3266 - outb_p(W83781D_REG_BANK,
3267 - data->addr + W83781D_ADDR_REG_OFFSET);
3268 - outb_p(reg >> 8,
3269 - data->addr + W83781D_DATA_REG_OFFSET);
3270 - }
3271 + w83627hf_set_bank(data, reg);
3272 outb_p(reg & 0xff, data->addr + W83781D_ADDR_REG_OFFSET);
3273 res = inb_p(data->addr + W83781D_DATA_REG_OFFSET);
3274 if (word_sized) {
3275 @@ -1232,11 +1247,7 @@ static int w83627hf_read_value(struct w83627hf_data *data, u16 reg)
3276 (res << 8) + inb_p(data->addr +
3277 W83781D_DATA_REG_OFFSET);
3278 }
3279 - if (reg & 0xff00) {
3280 - outb_p(W83781D_REG_BANK,
3281 - data->addr + W83781D_ADDR_REG_OFFSET);
3282 - outb_p(0, data->addr + W83781D_DATA_REG_OFFSET);
3283 - }
3284 + w83627hf_reset_bank(data, reg);
3285 mutex_unlock(&data->lock);
3286 return res;
3287 }
3288 @@ -1307,12 +1318,7 @@ static int w83627hf_write_value(struct w83627hf_data *data, u16 reg, u16 value)
3289 || ((reg & 0xff00) == 0x200))
3290 && (((reg & 0x00ff) == 0x53)
3291 || ((reg & 0x00ff) == 0x55));
3292 - if (reg & 0xff00) {
3293 - outb_p(W83781D_REG_BANK,
3294 - data->addr + W83781D_ADDR_REG_OFFSET);
3295 - outb_p(reg >> 8,
3296 - data->addr + W83781D_DATA_REG_OFFSET);
3297 - }
3298 + w83627hf_set_bank(data, reg);
3299 outb_p(reg & 0xff, data->addr + W83781D_ADDR_REG_OFFSET);
3300 if (word_sized) {
3301 outb_p(value >> 8,
3302 @@ -1322,11 +1328,7 @@ static int w83627hf_write_value(struct w83627hf_data *data, u16 reg, u16 value)
3303 }
3304 outb_p(value & 0xff,
3305 data->addr + W83781D_DATA_REG_OFFSET);
3306 - if (reg & 0xff00) {
3307 - outb_p(W83781D_REG_BANK,
3308 - data->addr + W83781D_ADDR_REG_OFFSET);
3309 - outb_p(0, data->addr + W83781D_DATA_REG_OFFSET);
3310 - }
3311 + w83627hf_reset_bank(data, reg);
3312 mutex_unlock(&data->lock);
3313 return 0;
3314 }
3315 @@ -1430,6 +1432,24 @@ static void __devinit w83627hf_init_device(struct platform_device *pdev)
3316 | 0x01);
3317 }
3319 +static void w83627hf_update_fan_div(struct w83627hf_data *data)
3320 +{
3321 + int reg;
3322 +
3323 + reg = w83627hf_read_value(data, W83781D_REG_VID_FANDIV);
3324 + data->fan_div[0] = (reg >> 4) & 0x03;
3325 + data->fan_div[1] = (reg >> 6) & 0x03;
3326 + if (data->type != w83697hf) {
3327 + data->fan_div[2] = (w83627hf_read_value(data,
3328 + W83781D_REG_PIN) >> 6) & 0x03;
3329 + }
3330 + reg = w83627hf_read_value(data, W83781D_REG_VBAT);
3331 + data->fan_div[0] |= (reg >> 3) & 0x04;
3332 + data->fan_div[1] |= (reg >> 4) & 0x04;
3333 + if (data->type != w83697hf)
3334 + data->fan_div[2] |= (reg >> 5) & 0x04;
3335 +}
3336 +
3337 static struct w83627hf_data *w83627hf_update_device(struct device *dev)
3338 {
3339 struct w83627hf_data *data = dev_get_drvdata(dev);
3340 @@ -1493,18 +1513,8 @@ static struct w83627hf_data *w83627hf_update_device(struct device *dev)
3341 w83627hf_read_value(data, W83781D_REG_TEMP_HYST(3));
3342 }
3344 - i = w83627hf_read_value(data, W83781D_REG_VID_FANDIV);
3345 - data->fan_div[0] = (i >> 4) & 0x03;
3346 - data->fan_div[1] = (i >> 6) & 0x03;
3347 - if (data->type != w83697hf) {
3348 - data->fan_div[2] = (w83627hf_read_value(data,
3349 - W83781D_REG_PIN) >> 6) & 0x03;
3350 - }
3351 - i = w83627hf_read_value(data, W83781D_REG_VBAT);
3352 - data->fan_div[0] |= (i >> 3) & 0x04;
3353 - data->fan_div[1] |= (i >> 4) & 0x04;
3354 - if (data->type != w83697hf)
3355 - data->fan_div[2] |= (i >> 5) & 0x04;
3356 + w83627hf_update_fan_div(data);
3357 +
3358 data->alarms =
3359 w83627hf_read_value(data, W83781D_REG_ALARM1) |
3360 (w83627hf_read_value(data, W83781D_REG_ALARM2) << 8) |
3361 diff --git a/drivers/hwmon/w83781d.c b/drivers/hwmon/w83781d.c
3362 index f85b48f..dcc941a 100644
3363 --- a/drivers/hwmon/w83781d.c
3364 +++ b/drivers/hwmon/w83781d.c
3365 @@ -740,9 +740,9 @@ store_sensor(struct device *dev, struct device_attribute *da,
3366 static SENSOR_DEVICE_ATTR(temp1_type, S_IRUGO | S_IWUSR,
3367 show_sensor, store_sensor, 0);
3368 static SENSOR_DEVICE_ATTR(temp2_type, S_IRUGO | S_IWUSR,
3369 - show_sensor, store_sensor, 0);
3370 + show_sensor, store_sensor, 1);
3371 static SENSOR_DEVICE_ATTR(temp3_type, S_IRUGO | S_IWUSR,
3372 - show_sensor, store_sensor, 0);
3373 + show_sensor, store_sensor, 2);
3375 /* I2C devices get this name attribute automatically, but for ISA devices
3376 we must create it by ourselves. */
3377 @@ -1746,7 +1746,7 @@ w83781d_isa_device_add(unsigned short address)
3378 {
3379 struct resource res = {
3380 .start = address,
3381 - .end = address + W83781D_EXTENT,
3382 + .end = address + W83781D_EXTENT - 1,
3383 .name = "w83781d",
3384 .flags = IORESOURCE_IO,
3385 };
3386 diff --git a/drivers/i2c/algos/i2c-algo-bit.c b/drivers/i2c/algos/i2c-algo-bit.c
3387 index 8a5f582..7f0a0a6 100644
3388 --- a/drivers/i2c/algos/i2c-algo-bit.c
3389 +++ b/drivers/i2c/algos/i2c-algo-bit.c
3390 @@ -357,13 +357,29 @@ static int sendbytes(struct i2c_adapter *i2c_adap, struct i2c_msg *msg)
3391 return wrcount;
3392 }
3394 +static int acknak(struct i2c_adapter *i2c_adap, int is_ack)
3395 +{
3396 + struct i2c_algo_bit_data *adap = i2c_adap->algo_data;
3397 +
3398 + /* assert: sda is high */
3399 + if (is_ack) /* send ack */
3400 + setsda(adap, 0);
3401 + udelay((adap->udelay + 1) / 2);
3402 + if (sclhi(adap) < 0) { /* timeout */
3403 + dev_err(&i2c_adap->dev, "readbytes: ack/nak timeout\n");
3404 + return -ETIMEDOUT;
3405 + }
3406 + scllo(adap);
3407 + return 0;
3408 +}
3409 +
3410 static int readbytes(struct i2c_adapter *i2c_adap, struct i2c_msg *msg)
3411 {
3412 int inval;
3413 int rdcount=0; /* counts bytes read */
3414 - struct i2c_algo_bit_data *adap = i2c_adap->algo_data;
3415 unsigned char *temp = msg->buf;
3416 int count = msg->len;
3417 + const unsigned flags = msg->flags;
3419 while (count > 0) {
3420 inval = i2c_inb(i2c_adap);
3421 @@ -377,28 +393,12 @@ static int readbytes(struct i2c_adapter *i2c_adap, struct i2c_msg *msg)
3422 temp++;
3423 count--;
3425 - if (msg->flags & I2C_M_NO_RD_ACK) {
3426 - bit_dbg(2, &i2c_adap->dev, "i2c_inb: 0x%02x\n",
3427 - inval);
3428 - continue;
3429 - }
3430 -
3431 - /* assert: sda is high */
3432 - if (count) /* send ack */
3433 - setsda(adap, 0);
3434 - udelay((adap->udelay + 1) / 2);
3435 - bit_dbg(2, &i2c_adap->dev, "i2c_inb: 0x%02x %s\n", inval,
3436 - count ? "A" : "NA");
3437 - if (sclhi(adap)<0) { /* timeout */
3438 - dev_err(&i2c_adap->dev, "readbytes: timeout at ack\n");
3439 - return -ETIMEDOUT;
3440 - };
3441 - scllo(adap);
3442 -
3443 /* Some SMBus transactions require that we receive the
3444 transaction length as the first read byte. */
3445 - if (rdcount == 1 && (msg->flags & I2C_M_RECV_LEN)) {
3446 + if (rdcount == 1 && (flags & I2C_M_RECV_LEN)) {
3447 if (inval <= 0 || inval > I2C_SMBUS_BLOCK_MAX) {
3448 + if (!(flags & I2C_M_NO_RD_ACK))
3449 + acknak(i2c_adap, 0);
3450 dev_err(&i2c_adap->dev, "readbytes: invalid "
3451 "block length (%d)\n", inval);
3452 return -EREMOTEIO;
3453 @@ -409,6 +409,18 @@ static int readbytes(struct i2c_adapter *i2c_adap, struct i2c_msg *msg)
3454 count += inval;
3455 msg->len += inval;
3456 }
3457 +
3458 + bit_dbg(2, &i2c_adap->dev, "readbytes: 0x%02x %s\n",
3459 + inval,
3460 + (flags & I2C_M_NO_RD_ACK)
3461 + ? "(no ack/nak)"
3462 + : (count ? "A" : "NA"));
3463 +
3464 + if (!(flags & I2C_M_NO_RD_ACK)) {
3465 + inval = acknak(i2c_adap, count);
3466 + if (inval < 0)
3467 + return inval;
3468 + }
3469 }
3470 return rdcount;
3471 }
3472 diff --git a/drivers/i2c/busses/i2c-pasemi.c b/drivers/i2c/busses/i2c-pasemi.c
3473 index 58e3271..dcf5dec 100644
3474 --- a/drivers/i2c/busses/i2c-pasemi.c
3475 +++ b/drivers/i2c/busses/i2c-pasemi.c
3476 @@ -51,6 +51,7 @@ struct pasemi_smbus {
3477 #define MRXFIFO_DATA_M 0x000000ff
3479 #define SMSTA_XEN 0x08000000
3480 +#define SMSTA_MTN 0x00200000
3482 #define CTL_MRR 0x00000400
3483 #define CTL_MTR 0x00000200
3484 @@ -98,6 +99,10 @@ static unsigned int pasemi_smb_waitready(struct pasemi_smbus *smbus)
3485 status = reg_read(smbus, REG_SMSTA);
3486 }
3488 + /* Got NACK? */
3489 + if (status & SMSTA_MTN)
3490 + return -ENXIO;
3491 +
3492 if (timeout < 0) {
3493 dev_warn(&smbus->dev->dev, "Timeout, status 0x%08x\n", status);
3494 reg_write(smbus, REG_SMSTA, status);
3495 diff --git a/drivers/i2c/chips/eeprom.c b/drivers/i2c/chips/eeprom.c
3496 index bfce13c..5ad36ab 100644
3497 --- a/drivers/i2c/chips/eeprom.c
3498 +++ b/drivers/i2c/chips/eeprom.c
3499 @@ -125,13 +125,20 @@ static ssize_t eeprom_read(struct kobject *kobj, char *buf, loff_t off, size_t c
3500 for (slice = off >> 5; slice <= (off + count - 1) >> 5; slice++)
3501 eeprom_update_client(client, slice);
3503 - /* Hide Vaio security settings to regular users (16 first bytes) */
3504 - if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) {
3505 - size_t in_row1 = 16 - off;
3506 - in_row1 = min(in_row1, count);
3507 - memset(buf, 0, in_row1);
3508 - if (count - in_row1 > 0)
3509 - memcpy(buf + in_row1, &data->data[16], count - in_row1);
3510 + /* Hide Vaio private settings to regular users:
3511 + - BIOS passwords: bytes 0x00 to 0x0f
3512 + - UUID: bytes 0x10 to 0x1f
3513 + - Serial number: 0xc0 to 0xdf */
3514 + if (data->nature == VAIO && !capable(CAP_SYS_ADMIN)) {
3515 + int i;
3516 +
3517 + for (i = 0; i < count; i++) {
3518 + if ((off + i <= 0x1f) ||
3519 + (off + i >= 0xc0 && off + i <= 0xdf))
3520 + buf[i] = 0;
3521 + else
3522 + buf[i] = data->data[off + i];
3523 + }
3524 } else {
3525 memcpy(buf, &data->data[off], count);
3526 }
3527 @@ -195,14 +202,18 @@ static int eeprom_detect(struct i2c_adapter *adapter, int address, int kind)
3528 goto exit_kfree;
3530 /* Detect the Vaio nature of EEPROMs.
3531 - We use the "PCG-" prefix as the signature. */
3532 + We use the "PCG-" or "VGN-" prefix as the signature. */
3533 if (address == 0x57) {
3534 - if (i2c_smbus_read_byte_data(new_client, 0x80) == 'P'
3535 - && i2c_smbus_read_byte(new_client) == 'C'
3536 - && i2c_smbus_read_byte(new_client) == 'G'
3537 - && i2c_smbus_read_byte(new_client) == '-') {
3538 + char name[4];
3539 +
3540 + name[0] = i2c_smbus_read_byte_data(new_client, 0x80);
3541 + name[1] = i2c_smbus_read_byte(new_client);
3542 + name[2] = i2c_smbus_read_byte(new_client);
3543 + name[3] = i2c_smbus_read_byte(new_client);
3544 +
3545 + if (!memcmp(name, "PCG-", 4) || !memcmp(name, "VGN-", 4)) {
3546 dev_info(&new_client->dev, "Vaio EEPROM detected, "
3547 - "enabling password protection\n");
3548 + "enabling privacy protection\n");
3549 data->nature = VAIO;
3550 }
3551 }
3552 diff --git a/drivers/ide/pci/serverworks.c b/drivers/ide/pci/serverworks.c
3553 index d9c4fd1..096a081 100644
3554 --- a/drivers/ide/pci/serverworks.c
3555 +++ b/drivers/ide/pci/serverworks.c
3556 @@ -101,6 +101,7 @@ static u8 svwks_udma_filter(ide_drive_t *drive)
3557 mode = 2;
3559 switch(mode) {
3560 + case 3: mask = 0x3f; break;
3561 case 2: mask = 0x1f; break;
3562 case 1: mask = 0x07; break;
3563 default: mask = 0x00; break;
3564 diff --git a/drivers/ieee1394/ieee1394_core.c b/drivers/ieee1394/ieee1394_core.c
3565 index 8f71b6a..ac07a05 100644
3566 --- a/drivers/ieee1394/ieee1394_core.c
3567 +++ b/drivers/ieee1394/ieee1394_core.c
3568 @@ -1279,7 +1279,7 @@ static void __exit ieee1394_cleanup(void)
3569 unregister_chrdev_region(IEEE1394_CORE_DEV, 256);
3570 }
3572 -fs_initcall(ieee1394_init); /* same as ohci1394 */
3573 +module_init(ieee1394_init);
3574 module_exit(ieee1394_cleanup);
3576 /* Exported symbols */
3577 diff --git a/drivers/ieee1394/ohci1394.c b/drivers/ieee1394/ohci1394.c
3578 index 5dadfd2..e65760f 100644
3579 --- a/drivers/ieee1394/ohci1394.c
3580 +++ b/drivers/ieee1394/ohci1394.c
3581 @@ -3773,7 +3773,5 @@ static int __init ohci1394_init(void)
3582 return pci_register_driver(&ohci1394_pci_driver);
3583 }
3585 -/* Register before most other device drivers.
3586 - * Useful for remote debugging via physical DMA, e.g. using firescope. */
3587 -fs_initcall(ohci1394_init);
3588 +module_init(ohci1394_init);
3589 module_exit(ohci1394_cleanup);
3590 diff --git a/drivers/ieee1394/sbp2.c b/drivers/ieee1394/sbp2.c
3591 index 3f873cc..c7ff28a 100644
3592 --- a/drivers/ieee1394/sbp2.c
3593 +++ b/drivers/ieee1394/sbp2.c
3594 @@ -774,11 +774,6 @@ static struct sbp2_lu *sbp2_alloc_device(struct unit_directory *ud)
3595 SBP2_ERR("failed to register lower 4GB address range");
3596 goto failed_alloc;
3597 }
3598 -#else
3599 - if (dma_set_mask(hi->host->device.parent, DMA_32BIT_MASK)) {
3600 - SBP2_ERR("failed to set 4GB DMA mask");
3601 - goto failed_alloc;
3602 - }
3603 #endif
3604 }
3606 diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c
3607 index 01d7008..495c803 100644
3608 --- a/drivers/infiniband/core/uverbs_cmd.c
3609 +++ b/drivers/infiniband/core/uverbs_cmd.c
3610 @@ -147,8 +147,12 @@ static struct ib_uobject *__idr_get_uobj(struct idr *idr, int id,
3612 spin_lock(&ib_uverbs_idr_lock);
3613 uobj = idr_find(idr, id);
3614 - if (uobj)
3615 - kref_get(&uobj->ref);
3616 + if (uobj) {
3617 + if (uobj->context == context)
3618 + kref_get(&uobj->ref);
3619 + else
3620 + uobj = NULL;
3621 + }
3622 spin_unlock(&ib_uverbs_idr_lock);
3624 return uobj;
3625 diff --git a/drivers/input/mouse/lifebook.c b/drivers/input/mouse/lifebook.c
3626 index 1740cad..91109b4 100644
3627 --- a/drivers/input/mouse/lifebook.c
3628 +++ b/drivers/input/mouse/lifebook.c
3629 @@ -109,7 +109,7 @@ static psmouse_ret_t lifebook_process_byte(struct psmouse *psmouse)
3630 {
3631 struct lifebook_data *priv = psmouse->private;
3632 struct input_dev *dev1 = psmouse->dev;
3633 - struct input_dev *dev2 = priv->dev2;
3634 + struct input_dev *dev2 = priv ? priv->dev2 : NULL;
3635 unsigned char *packet = psmouse->packet;
3636 int relative_packet = packet[0] & 0x08;
3638 diff --git a/drivers/isdn/hardware/avm/b1.c b/drivers/isdn/hardware/avm/b1.c
3639 index 7a69a18..4484a64 100644
3640 --- a/drivers/isdn/hardware/avm/b1.c
3641 +++ b/drivers/isdn/hardware/avm/b1.c
3642 @@ -321,12 +321,15 @@ void b1_reset_ctr(struct capi_ctr *ctrl)
3643 avmctrl_info *cinfo = (avmctrl_info *)(ctrl->driverdata);
3644 avmcard *card = cinfo->card;
3645 unsigned int port = card->port;
3646 + unsigned long flags;
3648 b1_reset(port);
3649 b1_reset(port);
3651 memset(cinfo->version, 0, sizeof(cinfo->version));
3652 + spin_lock_irqsave(&card->lock, flags);
3653 capilib_release(&cinfo->ncci_head);
3654 + spin_unlock_irqrestore(&card->lock, flags);
3655 capi_ctr_reseted(ctrl);
3656 }
3658 @@ -361,9 +364,8 @@ void b1_release_appl(struct capi_ctr *ctrl, u16 appl)
3659 unsigned int port = card->port;
3660 unsigned long flags;
3662 - capilib_release_appl(&cinfo->ncci_head, appl);
3663 -
3664 spin_lock_irqsave(&card->lock, flags);
3665 + capilib_release_appl(&cinfo->ncci_head, appl);
3666 b1_put_byte(port, SEND_RELEASE);
3667 b1_put_word(port, appl);
3668 spin_unlock_irqrestore(&card->lock, flags);
3669 @@ -380,27 +382,27 @@ u16 b1_send_message(struct capi_ctr *ctrl, struct sk_buff *skb)
3670 u8 subcmd = CAPIMSG_SUBCOMMAND(skb->data);
3671 u16 dlen, retval;
3673 + spin_lock_irqsave(&card->lock, flags);
3674 if (CAPICMD(cmd, subcmd) == CAPI_DATA_B3_REQ) {
3675 retval = capilib_data_b3_req(&cinfo->ncci_head,
3676 CAPIMSG_APPID(skb->data),
3677 CAPIMSG_NCCI(skb->data),
3678 CAPIMSG_MSGID(skb->data));
3679 - if (retval != CAPI_NOERROR)
3680 + if (retval != CAPI_NOERROR) {
3681 + spin_unlock_irqrestore(&card->lock, flags);
3682 return retval;
3683 + }
3685 dlen = CAPIMSG_DATALEN(skb->data);
3687 - spin_lock_irqsave(&card->lock, flags);
3688 b1_put_byte(port, SEND_DATA_B3_REQ);
3689 b1_put_slice(port, skb->data, len);
3690 b1_put_slice(port, skb->data + len, dlen);
3691 - spin_unlock_irqrestore(&card->lock, flags);
3692 } else {
3693 - spin_lock_irqsave(&card->lock, flags);
3694 b1_put_byte(port, SEND_MESSAGE);
3695 b1_put_slice(port, skb->data, len);
3696 - spin_unlock_irqrestore(&card->lock, flags);
3697 }
3698 + spin_unlock_irqrestore(&card->lock, flags);
3700 dev_kfree_skb_any(skb);
3701 return CAPI_NOERROR;
3702 @@ -534,17 +536,17 @@ irqreturn_t b1_interrupt(int interrupt, void *devptr)
3704 ApplId = (unsigned) b1_get_word(card->port);
3705 MsgLen = b1_get_slice(card->port, card->msgbuf);
3706 - spin_unlock_irqrestore(&card->lock, flags);
3707 if (!(skb = alloc_skb(MsgLen, GFP_ATOMIC))) {
3708 printk(KERN_ERR "%s: incoming packet dropped\n",
3709 card->name);
3710 + spin_unlock_irqrestore(&card->lock, flags);
3711 } else {
3712 memcpy(skb_put(skb, MsgLen), card->msgbuf, MsgLen);
3713 if (CAPIMSG_CMD(skb->data) == CAPI_DATA_B3_CONF)
3714 capilib_data_b3_conf(&cinfo->ncci_head, ApplId,
3715 CAPIMSG_NCCI(skb->data),
3716 CAPIMSG_MSGID(skb->data));
3717 -
3718 + spin_unlock_irqrestore(&card->lock, flags);
3719 capi_ctr_handle_message(ctrl, ApplId, skb);
3720 }
3721 break;
3722 @@ -554,21 +556,17 @@ irqreturn_t b1_interrupt(int interrupt, void *devptr)
3723 ApplId = b1_get_word(card->port);
3724 NCCI = b1_get_word(card->port);
3725 WindowSize = b1_get_word(card->port);
3726 - spin_unlock_irqrestore(&card->lock, flags);
3727 -
3728 capilib_new_ncci(&cinfo->ncci_head, ApplId, NCCI, WindowSize);
3729 -
3730 + spin_unlock_irqrestore(&card->lock, flags);
3731 break;
3733 case RECEIVE_FREE_NCCI:
3735 ApplId = b1_get_word(card->port);
3736 NCCI = b1_get_word(card->port);
3737 - spin_unlock_irqrestore(&card->lock, flags);
3738 -
3739 if (NCCI != 0xffffffff)
3740 capilib_free_ncci(&cinfo->ncci_head, ApplId, NCCI);
3741 -
3742 + spin_unlock_irqrestore(&card->lock, flags);
3743 break;
3745 case RECEIVE_START:
3746 diff --git a/drivers/isdn/hardware/avm/c4.c b/drivers/isdn/hardware/avm/c4.c
3747 index d58f927..8710cf6 100644
3748 --- a/drivers/isdn/hardware/avm/c4.c
3749 +++ b/drivers/isdn/hardware/avm/c4.c
3750 @@ -727,6 +727,7 @@ static void c4_send_init(avmcard *card)
3751 {
3752 struct sk_buff *skb;
3753 void *p;
3754 + unsigned long flags;
3756 skb = alloc_skb(15, GFP_ATOMIC);
3757 if (!skb) {
3758 @@ -744,12 +745,15 @@ static void c4_send_init(avmcard *card)
3759 skb_put(skb, (u8 *)p - (u8 *)skb->data);
3761 skb_queue_tail(&card->dma->send_queue, skb);
3762 + spin_lock_irqsave(&card->lock, flags);
3763 c4_dispatch_tx(card);
3764 + spin_unlock_irqrestore(&card->lock, flags);
3765 }
3767 static int queue_sendconfigword(avmcard *card, u32 val)
3768 {
3769 struct sk_buff *skb;
3770 + unsigned long flags;
3771 void *p;
3773 skb = alloc_skb(3+4, GFP_ATOMIC);
3774 @@ -766,7 +770,9 @@ static int queue_sendconfigword(avmcard *card, u32 val)
3775 skb_put(skb, (u8 *)p - (u8 *)skb->data);
3777 skb_queue_tail(&card->dma->send_queue, skb);
3778 + spin_lock_irqsave(&card->lock, flags);
3779 c4_dispatch_tx(card);
3780 + spin_unlock_irqrestore(&card->lock, flags);
3781 return 0;
3782 }
3784 @@ -986,7 +992,9 @@ static void c4_release_appl(struct capi_ctr *ctrl, u16 appl)
3785 struct sk_buff *skb;
3786 void *p;
3788 + spin_lock_irqsave(&card->lock, flags);
3789 capilib_release_appl(&cinfo->ncci_head, appl);
3790 + spin_unlock_irqrestore(&card->lock, flags);
3792 if (ctrl->cnr == card->cardnr) {
3793 skb = alloc_skb(7, GFP_ATOMIC);
3794 @@ -1019,7 +1027,8 @@ static u16 c4_send_message(struct capi_ctr *ctrl, struct sk_buff *skb)
3795 u16 retval = CAPI_NOERROR;
3796 unsigned long flags;
3798 - if (CAPIMSG_CMD(skb->data) == CAPI_DATA_B3_REQ) {
3799 + spin_lock_irqsave(&card->lock, flags);
3800 + if (CAPIMSG_CMD(skb->data) == CAPI_DATA_B3_REQ) {
3801 retval = capilib_data_b3_req(&cinfo->ncci_head,
3802 CAPIMSG_APPID(skb->data),
3803 CAPIMSG_NCCI(skb->data),
3804 @@ -1027,10 +1036,9 @@ static u16 c4_send_message(struct capi_ctr *ctrl, struct sk_buff *skb)
3805 }
3806 if (retval == CAPI_NOERROR) {
3807 skb_queue_tail(&card->dma->send_queue, skb);
3808 - spin_lock_irqsave(&card->lock, flags);
3809 c4_dispatch_tx(card);
3810 - spin_unlock_irqrestore(&card->lock, flags);
3811 }
3812 + spin_unlock_irqrestore(&card->lock, flags);
3813 return retval;
3814 }
3816 diff --git a/drivers/isdn/i4l/isdn_common.c b/drivers/isdn/i4l/isdn_common.c
3817 index c97330b..eb9a247 100644
3818 --- a/drivers/isdn/i4l/isdn_common.c
3819 +++ b/drivers/isdn/i4l/isdn_common.c
3820 @@ -1514,6 +1514,7 @@ isdn_ioctl(struct inode *inode, struct file *file, uint cmd, ulong arg)
3821 if (copy_from_user(&iocts, argp,
3822 sizeof(isdn_ioctl_struct)))
3823 return -EFAULT;
3824 + iocts.drvid[sizeof(iocts.drvid)-1] = 0;
3825 if (strlen(iocts.drvid)) {
3826 if ((p = strchr(iocts.drvid, ',')))
3827 *p = 0;
3828 @@ -1598,6 +1599,7 @@ isdn_ioctl(struct inode *inode, struct file *file, uint cmd, ulong arg)
3829 if (copy_from_user(&iocts, argp,
3830 sizeof(isdn_ioctl_struct)))
3831 return -EFAULT;
3832 + iocts.drvid[sizeof(iocts.drvid)-1] = 0;
3833 if (strlen(iocts.drvid)) {
3834 drvidx = -1;
3835 for (i = 0; i < ISDN_MAX_DRIVERS; i++)
3836 @@ -1642,7 +1644,7 @@ isdn_ioctl(struct inode *inode, struct file *file, uint cmd, ulong arg)
3837 } else {
3838 p = (char __user *) iocts.arg;
3839 for (i = 0; i < 10; i++) {
3840 - sprintf(bname, "%s%s",
3841 + snprintf(bname, sizeof(bname), "%s%s",
3842 strlen(dev->drv[drvidx]->msn2eaz[i]) ?
3843 dev->drv[drvidx]->msn2eaz[i] : "_",
3844 (i < 9) ? "," : "\0");
3845 @@ -1672,6 +1674,7 @@ isdn_ioctl(struct inode *inode, struct file *file, uint cmd, ulong arg)
3846 char *p;
3847 if (copy_from_user(&iocts, argp, sizeof(isdn_ioctl_struct)))
3848 return -EFAULT;
3849 + iocts.drvid[sizeof(iocts.drvid)-1] = 0;
3850 if (strlen(iocts.drvid)) {
3851 if ((p = strchr(iocts.drvid, ',')))
3852 *p = 0;
3853 diff --git a/drivers/isdn/i4l/isdn_net.c b/drivers/isdn/i4l/isdn_net.c
3854 index aa83277..75e1423 100644
3855 --- a/drivers/isdn/i4l/isdn_net.c
3856 +++ b/drivers/isdn/i4l/isdn_net.c
3857 @@ -2126,7 +2126,7 @@ isdn_net_find_icall(int di, int ch, int idx, setup_parm *setup)
3858 u_long flags;
3859 isdn_net_dev *p;
3860 isdn_net_phone *n;
3861 - char nr[32];
3862 + char nr[ISDN_MSNLEN];
3863 char *my_eaz;
3865 /* Search name in netdev-chain */
3866 @@ -2135,7 +2135,7 @@ isdn_net_find_icall(int di, int ch, int idx, setup_parm *setup)
3867 nr[1] = '\0';
3868 printk(KERN_INFO "isdn_net: Incoming call without OAD, assuming '0'\n");
3869 } else
3870 - strcpy(nr, setup->phone);
3871 + strlcpy(nr, setup->phone, ISDN_MSNLEN);
3872 si1 = (int) setup->si1;
3873 si2 = (int) setup->si2;
3874 if (!setup->eazmsn[0]) {
3875 @@ -2802,7 +2802,7 @@ isdn_net_setcfg(isdn_net_ioctl_cfg * cfg)
3876 chidx = -1;
3877 }
3878 }
3879 - strcpy(lp->msn, cfg->eaz);
3880 + strlcpy(lp->msn, cfg->eaz, sizeof(lp->msn));
3881 lp->pre_device = drvidx;
3882 lp->pre_channel = chidx;
3883 lp->onhtime = cfg->onhtime;
3884 @@ -2951,7 +2951,7 @@ isdn_net_addphone(isdn_net_ioctl_phone * phone)
3885 if (p) {
3886 if (!(n = kmalloc(sizeof(isdn_net_phone), GFP_KERNEL)))
3887 return -ENOMEM;
3888 - strcpy(n->num, phone->phone);
3889 + strlcpy(n->num, phone->phone, sizeof(n->num));
3890 n->next = p->local->phone[phone->outgoing & 1];
3891 p->local->phone[phone->outgoing & 1] = n;
3892 return 0;
3893 diff --git a/drivers/kvm/svm.c b/drivers/kvm/svm.c
3894 index fa17d6d..aee952f 100644
3895 --- a/drivers/kvm/svm.c
3896 +++ b/drivers/kvm/svm.c
3897 @@ -1727,6 +1727,12 @@ static void svm_inject_page_fault(struct kvm_vcpu *vcpu,
3899 static int is_disabled(void)
3900 {
3901 + u64 vm_cr;
3902 +
3903 + rdmsrl(MSR_VM_CR, vm_cr);
3904 + if (vm_cr & (1 << SVM_VM_CR_SVM_DISABLE))
3905 + return 1;
3906 +
3907 return 0;
3908 }
3910 diff --git a/drivers/kvm/svm.h b/drivers/kvm/svm.h
3911 index 5e93814..3b1b0f3 100644
3912 --- a/drivers/kvm/svm.h
3913 +++ b/drivers/kvm/svm.h
3914 @@ -175,8 +175,11 @@ struct __attribute__ ((__packed__)) vmcb {
3915 #define SVM_CPUID_FUNC 0x8000000a
3917 #define MSR_EFER_SVME_MASK (1ULL << 12)
3918 +#define MSR_VM_CR 0xc0010114
3919 #define MSR_VM_HSAVE_PA 0xc0010117ULL
3921 +#define SVM_VM_CR_SVM_DISABLE 4
3922 +
3923 #define SVM_SELECTOR_S_SHIFT 4
3924 #define SVM_SELECTOR_DPL_SHIFT 5
3925 #define SVM_SELECTOR_P_SHIFT 7
3926 diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
3927 index 7b0fcfc..45e1c31 100644
3928 --- a/drivers/md/dm-crypt.c
3929 +++ b/drivers/md/dm-crypt.c
3930 @@ -920,6 +920,8 @@ static void crypt_dtr(struct dm_target *ti)
3931 {
3932 struct crypt_config *cc = (struct crypt_config *) ti->private;
3934 + flush_workqueue(_kcryptd_workqueue);
3935 +
3936 bioset_free(cc->bs);
3937 mempool_destroy(cc->page_pool);
3938 mempool_destroy(cc->io_pool);
3939 @@ -941,9 +943,6 @@ static int crypt_map(struct dm_target *ti, struct bio *bio,
3940 struct crypt_config *cc = ti->private;
3941 struct crypt_io *io;
3943 - if (bio_barrier(bio))
3944 - return -EOPNOTSUPP;
3945 -
3946 io = mempool_alloc(cc->io_pool, GFP_NOIO);
3947 io->target = ti;
3948 io->base_bio = bio;
3949 diff --git a/drivers/md/dm-exception-store.c b/drivers/md/dm-exception-store.c
3950 index 07e0a0c..5c7569c 100644
3951 --- a/drivers/md/dm-exception-store.c
3952 +++ b/drivers/md/dm-exception-store.c
3953 @@ -125,6 +125,8 @@ struct pstore {
3954 uint32_t callback_count;
3955 struct commit_callback *callbacks;
3956 struct dm_io_client *io_client;
3957 +
3958 + struct workqueue_struct *metadata_wq;
3959 };
3961 static inline unsigned int sectors_to_pages(unsigned int sectors)
3962 @@ -156,10 +158,24 @@ static void free_area(struct pstore *ps)
3963 ps->area = NULL;
3964 }
3966 +struct mdata_req {
3967 + struct io_region *where;
3968 + struct dm_io_request *io_req;
3969 + struct work_struct work;
3970 + int result;
3971 +};
3972 +
3973 +static void do_metadata(struct work_struct *work)
3974 +{
3975 + struct mdata_req *req = container_of(work, struct mdata_req, work);
3976 +
3977 + req->result = dm_io(req->io_req, 1, req->where, NULL);
3978 +}
3979 +
3980 /*
3981 * Read or write a chunk aligned and sized block of data from a device.
3982 */
3983 -static int chunk_io(struct pstore *ps, uint32_t chunk, int rw)
3984 +static int chunk_io(struct pstore *ps, uint32_t chunk, int rw, int metadata)
3985 {
3986 struct io_region where = {
3987 .bdev = ps->snap->cow->bdev,
3988 @@ -173,8 +189,23 @@ static int chunk_io(struct pstore *ps, uint32_t chunk, int rw)
3989 .client = ps->io_client,
3990 .notify.fn = NULL,
3991 };
3992 + struct mdata_req req;
3993 +
3994 + if (!metadata)
3995 + return dm_io(&io_req, 1, &where, NULL);
3996 +
3997 + req.where = &where;
3998 + req.io_req = &io_req;
4000 - return dm_io(&io_req, 1, &where, NULL);
4001 + /*
4002 + * Issue the synchronous I/O from a different thread
4003 + * to avoid generic_make_request recursion.
4004 + */
4005 + INIT_WORK(&req.work, do_metadata);
4006 + queue_work(ps->metadata_wq, &req.work);
4007 + flush_workqueue(ps->metadata_wq);
4008 +
4009 + return req.result;
4010 }
4012 /*
4013 @@ -189,7 +220,7 @@ static int area_io(struct pstore *ps, uint32_t area, int rw)
4014 /* convert a metadata area index to a chunk index */
4015 chunk = 1 + ((ps->exceptions_per_area + 1) * area);
4017 - r = chunk_io(ps, chunk, rw);
4018 + r = chunk_io(ps, chunk, rw, 0);
4019 if (r)
4020 return r;
4022 @@ -230,7 +261,7 @@ static int read_header(struct pstore *ps, int *new_snapshot)
4023 if (r)
4024 return r;
4026 - r = chunk_io(ps, 0, READ);
4027 + r = chunk_io(ps, 0, READ, 1);
4028 if (r)
4029 goto bad;
4031 @@ -292,7 +323,7 @@ static int write_header(struct pstore *ps)
4032 dh->version = cpu_to_le32(ps->version);
4033 dh->chunk_size = cpu_to_le32(ps->snap->chunk_size);
4035 - return chunk_io(ps, 0, WRITE);
4036 + return chunk_io(ps, 0, WRITE, 1);
4037 }
4039 /*
4040 @@ -409,6 +440,7 @@ static void persistent_destroy(struct exception_store *store)
4041 {
4042 struct pstore *ps = get_info(store);
4044 + destroy_workqueue(ps->metadata_wq);
4045 dm_io_client_destroy(ps->io_client);
4046 vfree(ps->callbacks);
4047 free_area(ps);
4048 @@ -457,11 +489,6 @@ static int persistent_read_metadata(struct exception_store *store)
4049 /*
4050 * Sanity checks.
4051 */
4052 - if (!ps->valid) {
4053 - DMWARN("snapshot is marked invalid");
4054 - return -EINVAL;
4055 - }
4056 -
4057 if (ps->version != SNAPSHOT_DISK_VERSION) {
4058 DMWARN("unable to handle snapshot disk version %d",
4059 ps->version);
4060 @@ -469,6 +496,12 @@ static int persistent_read_metadata(struct exception_store *store)
4061 }
4063 /*
4064 + * Metadata are valid, but snapshot is invalidated
4065 + */
4066 + if (!ps->valid)
4067 + return 1;
4068 +
4069 + /*
4070 * Read the metadata.
4071 */
4072 r = read_exceptions(ps);
4073 @@ -588,6 +621,12 @@ int dm_create_persistent(struct exception_store *store)
4074 atomic_set(&ps->pending_count, 0);
4075 ps->callbacks = NULL;
4077 + ps->metadata_wq = create_singlethread_workqueue("ksnaphd");
4078 + if (!ps->metadata_wq) {
4079 + DMERR("couldn't start header metadata update thread");
4080 + return -ENOMEM;
4081 + }
4082 +
4083 store->destroy = persistent_destroy;
4084 store->read_metadata = persistent_read_metadata;
4085 store->prepare_exception = persistent_prepare;
4086 diff --git a/drivers/md/dm-io.c b/drivers/md/dm-io.c
4087 index 352c6fb..f3a7724 100644
4088 --- a/drivers/md/dm-io.c
4089 +++ b/drivers/md/dm-io.c
4090 @@ -293,7 +293,10 @@ static void do_region(int rw, unsigned int region, struct io_region *where,
4091 * bvec for bio_get/set_region() and decrement bi_max_vecs
4092 * to hide it from bio_add_page().
4093 */
4094 - num_bvecs = (remaining / (PAGE_SIZE >> SECTOR_SHIFT)) + 2;
4095 + num_bvecs = dm_sector_div_up(remaining,
4096 + (PAGE_SIZE >> SECTOR_SHIFT));
4097 + num_bvecs = 1 + min_t(int, bio_get_nr_vecs(where->bdev),
4098 + num_bvecs);
4099 bio = bio_alloc_bioset(GFP_NOIO, num_bvecs, io->client->bios);
4100 bio->bi_sector = where->sector + (where->count - remaining);
4101 bio->bi_bdev = where->bdev;
4102 diff --git a/drivers/md/dm-mpath.c b/drivers/md/dm-mpath.c
4103 index de54b39..bfb2ea3 100644
4104 --- a/drivers/md/dm-mpath.c
4105 +++ b/drivers/md/dm-mpath.c
4106 @@ -798,9 +798,6 @@ static int multipath_map(struct dm_target *ti, struct bio *bio,
4107 struct mpath_io *mpio;
4108 struct multipath *m = (struct multipath *) ti->private;
4110 - if (bio_barrier(bio))
4111 - return -EOPNOTSUPP;
4112 -
4113 mpio = mempool_alloc(m->mpio_pool, GFP_NOIO);
4114 dm_bio_record(&mpio->details, bio);
4116 diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c
4117 index ef124b7..7113af3 100644
4118 --- a/drivers/md/dm-raid1.c
4119 +++ b/drivers/md/dm-raid1.c
4120 @@ -1288,12 +1288,12 @@ static int mirror_status(struct dm_target *ti, status_type_t type,
4121 for (m = 0; m < ms->nr_mirrors; m++)
4122 DMEMIT("%s ", ms->mirror[m].dev->name);
4124 - DMEMIT("%llu/%llu",
4125 + DMEMIT("%llu/%llu 0 ",
4126 (unsigned long long)ms->rh.log->type->
4127 get_sync_count(ms->rh.log),
4128 (unsigned long long)ms->nr_regions);
4130 - sz = ms->rh.log->type->status(ms->rh.log, type, result, maxlen);
4131 + sz += ms->rh.log->type->status(ms->rh.log, type, result+sz, maxlen-sz);
4133 break;
4135 diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c
4136 index 0821a2b..3955621 100644
4137 --- a/drivers/md/dm-snap.c
4138 +++ b/drivers/md/dm-snap.c
4139 @@ -522,9 +522,12 @@ static int snapshot_ctr(struct dm_target *ti, unsigned int argc, char **argv)
4141 /* Metadata must only be loaded into one table at once */
4142 r = s->store.read_metadata(&s->store);
4143 - if (r) {
4144 + if (r < 0) {
4145 ti->error = "Failed to read snapshot metadata";
4146 goto bad6;
4147 + } else if (r > 0) {
4148 + s->valid = 0;
4149 + DMWARN("Snapshot is marked invalid.");
4150 }
4152 bio_list_init(&s->queued_bios);
4153 @@ -884,9 +887,6 @@ static int snapshot_map(struct dm_target *ti, struct bio *bio,
4154 if (!s->valid)
4155 return -EIO;
4157 - if (unlikely(bio_barrier(bio)))
4158 - return -EOPNOTSUPP;
4159 -
4160 /* FIXME: should only take write lock if we need
4161 * to copy an exception */
4162 down_write(&s->lock);
4163 @@ -1157,9 +1157,6 @@ static int origin_map(struct dm_target *ti, struct bio *bio,
4164 struct dm_dev *dev = (struct dm_dev *) ti->private;
4165 bio->bi_bdev = dev->bdev;
4167 - if (unlikely(bio_barrier(bio)))
4168 - return -EOPNOTSUPP;
4169 -
4170 /* Only tell snapshots if this is a write */
4171 return (bio_rw(bio) == WRITE) ? do_origin(dev, bio) : DM_MAPIO_REMAPPED;
4172 }
4173 diff --git a/drivers/md/dm.c b/drivers/md/dm.c
4174 index 2717a35..75bd2fd 100644
4175 --- a/drivers/md/dm.c
4176 +++ b/drivers/md/dm.c
4177 @@ -802,6 +802,15 @@ static int dm_request(request_queue_t *q, struct bio *bio)
4178 int rw = bio_data_dir(bio);
4179 struct mapped_device *md = q->queuedata;
4181 + /*
4182 + * There is no use in forwarding any barrier request since we can't
4183 + * guarantee it is (or can be) handled by the targets correctly.
4184 + */
4185 + if (unlikely(bio_barrier(bio))) {
4186 + bio_endio(bio, bio->bi_size, -EOPNOTSUPP);
4187 + return 0;
4188 + }
4189 +
4190 down_read(&md->io_lock);
4192 disk_stat_inc(dm_disk(md), ios[rw]);
4193 diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
4194 index 9eb66c1..e0029ea 100644
4195 --- a/drivers/md/raid10.c
4196 +++ b/drivers/md/raid10.c
4197 @@ -917,6 +917,13 @@ static int make_request(request_queue_t *q, struct bio * bio)
4198 bio_list_add(&bl, mbio);
4199 }
4201 + if (unlikely(!atomic_read(&r10_bio->remaining))) {
4202 + /* the array is dead */
4203 + md_write_end(mddev);
4204 + raid_end_bio_io(r10_bio);
4205 + return 0;
4206 + }
4207 +
4208 bitmap_startwrite(mddev->bitmap, bio->bi_sector, r10_bio->sectors, 0);
4209 spin_lock_irqsave(&conf->device_lock, flags);
4210 bio_list_merge(&conf->pending_bio_list, &bl);
4211 @@ -1558,7 +1565,6 @@ static void raid10d(mddev_t *mddev)
4212 bio = r10_bio->devs[r10_bio->read_slot].bio;
4213 r10_bio->devs[r10_bio->read_slot].bio =
4214 mddev->ro ? IO_BLOCKED : NULL;
4215 - bio_put(bio);
4216 mirror = read_balance(conf, r10_bio);
4217 if (mirror == -1) {
4218 printk(KERN_ALERT "raid10: %s: unrecoverable I/O"
4219 @@ -1566,8 +1572,10 @@ static void raid10d(mddev_t *mddev)
4220 bdevname(bio->bi_bdev,b),
4221 (unsigned long long)r10_bio->sector);
4222 raid_end_bio_io(r10_bio);
4223 + bio_put(bio);
4224 } else {
4225 const int do_sync = bio_sync(r10_bio->master_bio);
4226 + bio_put(bio);
4227 rdev = conf->mirrors[mirror].rdev;
4228 if (printk_ratelimit())
4229 printk(KERN_ERR "raid10: %s: redirecting sector %llu to"
4230 diff --git a/drivers/media/dvb/b2c2/flexcop-i2c.c b/drivers/media/dvb/b2c2/flexcop-i2c.c
4231 index 02a0ea6..6bf858a 100644
4232 --- a/drivers/media/dvb/b2c2/flexcop-i2c.c
4233 +++ b/drivers/media/dvb/b2c2/flexcop-i2c.c
4234 @@ -135,6 +135,13 @@ static int flexcop_master_xfer(struct i2c_adapter *i2c_adap, struct i2c_msg msgs
4235 struct flexcop_device *fc = i2c_get_adapdata(i2c_adap);
4236 int i, ret = 0;
4238 + /* Some drivers use 1 byte or 0 byte reads as probes, which this
4239 + * driver doesn't support. These probes will always fail, so this
4240 + * hack makes them always succeed. If one knew how, it would of
4241 + * course be better to actually do the read. */
4242 + if (num == 1 && msgs[0].flags == I2C_M_RD && msgs[0].len <= 1)
4243 + return 1;
4244 +
4245 if (mutex_lock_interruptible(&fc->i2c_mutex))
4246 return -ERESTARTSYS;
4248 diff --git a/drivers/media/video/cx88/cx88-mpeg.c b/drivers/media/video/cx88/cx88-mpeg.c
4249 index 543b05e..c36e2b7 100644
4250 --- a/drivers/media/video/cx88/cx88-mpeg.c
4251 +++ b/drivers/media/video/cx88/cx88-mpeg.c
4252 @@ -580,7 +580,7 @@ struct cx8802_dev * cx8802_get_device(struct inode *inode)
4254 list_for_each(list,&cx8802_devlist) {
4255 h = list_entry(list, struct cx8802_dev, devlist);
4256 - if (h->mpeg_dev->minor == minor)
4257 + if (h->mpeg_dev && h->mpeg_dev->minor == minor)
4258 return h;
4259 }
4261 diff --git a/drivers/media/video/ivtv/ivtv-driver.c b/drivers/media/video/ivtv/ivtv-driver.c
4262 index efc6635..5d9de5d 100644
4263 --- a/drivers/media/video/ivtv/ivtv-driver.c
4264 +++ b/drivers/media/video/ivtv/ivtv-driver.c
4265 @@ -622,6 +622,7 @@ static int __devinit ivtv_init_struct1(struct ivtv *itv)
4266 itv->enc_mbox.max_mbox = 2; /* the encoder has 3 mailboxes (0-2) */
4267 itv->dec_mbox.max_mbox = 1; /* the decoder has 2 mailboxes (0-1) */
4269 + mutex_init(&itv->serialize_lock);
4270 mutex_init(&itv->i2c_bus_lock);
4271 mutex_init(&itv->udma.lock);
4273 diff --git a/drivers/media/video/ivtv/ivtv-driver.h b/drivers/media/video/ivtv/ivtv-driver.h
4274 index e6e56f1..65ebdda 100644
4275 --- a/drivers/media/video/ivtv/ivtv-driver.h
4276 +++ b/drivers/media/video/ivtv/ivtv-driver.h
4277 @@ -650,7 +650,6 @@ struct vbi_info {
4278 /* convenience pointer to sliced struct in vbi_in union */
4279 struct v4l2_sliced_vbi_format *sliced_in;
4280 u32 service_set_in;
4281 - u32 service_set_out;
4282 int insert_mpeg;
4284 /* Buffer for the maximum of 2 * 18 * packet_size sliced VBI lines.
4285 @@ -723,6 +722,7 @@ struct ivtv {
4286 int search_pack_header;
4288 spinlock_t dma_reg_lock; /* lock access to DMA engine registers */
4289 + struct mutex serialize_lock; /* lock used to serialize starting streams */
4291 /* User based DMA for OSD */
4292 struct ivtv_user_dma udma;
4293 diff --git a/drivers/media/video/ivtv/ivtv-fileops.c b/drivers/media/video/ivtv/ivtv-fileops.c
4294 index 555d5e6..8fc7326 100644
4295 --- a/drivers/media/video/ivtv/ivtv-fileops.c
4296 +++ b/drivers/media/video/ivtv/ivtv-fileops.c
4297 @@ -753,6 +753,8 @@ static void ivtv_stop_decoding(struct ivtv_open_id *id, int flags, u64 pts)
4298 }
4299 if (s->type == IVTV_DEC_STREAM_TYPE_YUV && itv->output_mode == OUT_YUV)
4300 itv->output_mode = OUT_NONE;
4301 + else if (s->type == IVTV_DEC_STREAM_TYPE_YUV && itv->output_mode == OUT_UDMA_YUV)
4302 + itv->output_mode = OUT_NONE;
4303 else if (s->type == IVTV_DEC_STREAM_TYPE_MPG && itv->output_mode == OUT_MPG)
4304 itv->output_mode = OUT_NONE;
4306 diff --git a/drivers/media/video/ivtv/ivtv-ioctl.c b/drivers/media/video/ivtv/ivtv-ioctl.c
4307 index 57af176..dcfbaa9 100644
4308 --- a/drivers/media/video/ivtv/ivtv-ioctl.c
4309 +++ b/drivers/media/video/ivtv/ivtv-ioctl.c
4310 @@ -1183,6 +1183,7 @@ int ivtv_v4l2_ioctls(struct ivtv *itv, struct file *filp, unsigned int cmd, void
4311 itv->osd_global_alpha_state = (fb->flags & V4L2_FBUF_FLAG_GLOBAL_ALPHA) != 0;
4312 itv->osd_local_alpha_state = (fb->flags & V4L2_FBUF_FLAG_LOCAL_ALPHA) != 0;
4313 itv->osd_color_key_state = (fb->flags & V4L2_FBUF_FLAG_CHROMAKEY) != 0;
4314 + ivtv_set_osd_alpha(itv);
4315 break;
4316 }
4318 diff --git a/drivers/media/video/ivtv/ivtv-irq.c b/drivers/media/video/ivtv/ivtv-irq.c
4319 index ba98bf0..e83b496 100644
4320 --- a/drivers/media/video/ivtv/ivtv-irq.c
4321 +++ b/drivers/media/video/ivtv/ivtv-irq.c
4322 @@ -403,6 +403,11 @@ static void ivtv_dma_enc_start(struct ivtv_stream *s)
4323 /* Mark last buffer size for Interrupt flag */
4324 s->SGarray[s->SG_length - 1].size |= cpu_to_le32(0x80000000);
4326 + if (s->type == IVTV_ENC_STREAM_TYPE_VBI)
4327 + set_bit(IVTV_F_I_ENC_VBI, &itv->i_flags);
4328 + else
4329 + clear_bit(IVTV_F_I_ENC_VBI, &itv->i_flags);
4330 +
4331 if (ivtv_use_pio(s)) {
4332 for (i = 0; i < s->SG_length; i++) {
4333 s->PIOarray[i].src = le32_to_cpu(s->SGarray[i].src);
4334 @@ -597,7 +602,6 @@ static void ivtv_irq_enc_start_cap(struct ivtv *itv)
4335 data[0], data[1], data[2]);
4336 return;
4337 }
4338 - clear_bit(IVTV_F_I_ENC_VBI, &itv->i_flags);
4339 s = &itv->streams[ivtv_stream_map[data[0]]];
4340 if (!stream_enc_dma_append(s, data)) {
4341 set_bit(ivtv_use_pio(s) ? IVTV_F_S_PIO_PENDING : IVTV_F_S_DMA_PENDING, &s->s_flags);
4342 @@ -634,7 +638,6 @@ static void ivtv_irq_enc_vbi_cap(struct ivtv *itv)
4343 then start a DMA request for just the VBI data. */
4344 if (!stream_enc_dma_append(s, data) &&
4345 !test_bit(IVTV_F_S_STREAMING, &s_mpg->s_flags)) {
4346 - set_bit(IVTV_F_I_ENC_VBI, &itv->i_flags);
4347 set_bit(ivtv_use_pio(s) ? IVTV_F_S_PIO_PENDING : IVTV_F_S_DMA_PENDING, &s->s_flags);
4348 }
4349 }
4350 diff --git a/drivers/media/video/ivtv/ivtv-streams.c b/drivers/media/video/ivtv/ivtv-streams.c
4351 index 6af88ae..d538efa 100644
4352 --- a/drivers/media/video/ivtv/ivtv-streams.c
4353 +++ b/drivers/media/video/ivtv/ivtv-streams.c
4354 @@ -446,6 +446,9 @@ int ivtv_start_v4l2_encode_stream(struct ivtv_stream *s)
4355 if (s->v4l2dev == NULL)
4356 return -EINVAL;
4358 + /* Big serialization lock to ensure no two streams are started
4359 + simultaneously: that can give all sorts of weird results. */
4360 + mutex_lock(&itv->serialize_lock);
4361 IVTV_DEBUG_INFO("Start encoder stream %s\n", s->name);
4363 switch (s->type) {
4364 @@ -487,6 +490,7 @@ int ivtv_start_v4l2_encode_stream(struct ivtv_stream *s)
4365 0, sizeof(itv->vbi.sliced_mpeg_size));
4366 break;
4367 default:
4368 + mutex_unlock(&itv->serialize_lock);
4369 return -EINVAL;
4370 }
4371 s->subtype = subtype;
4372 @@ -568,6 +572,7 @@ int ivtv_start_v4l2_encode_stream(struct ivtv_stream *s)
4373 if (ivtv_vapi(itv, CX2341X_ENC_START_CAPTURE, 2, captype, subtype))
4374 {
4375 IVTV_DEBUG_WARN( "Error starting capture!\n");
4376 + mutex_unlock(&itv->serialize_lock);
4377 return -EINVAL;
4378 }
4380 @@ -583,6 +588,7 @@ int ivtv_start_v4l2_encode_stream(struct ivtv_stream *s)
4382 /* you're live! sit back and await interrupts :) */
4383 atomic_inc(&itv->capturing);
4384 + mutex_unlock(&itv->serialize_lock);
4385 return 0;
4386 }
4388 @@ -762,17 +768,6 @@ int ivtv_stop_v4l2_encode_stream(struct ivtv_stream *s, int gop_end)
4389 /* when: 0 = end of GOP 1 = NOW!, type: 0 = mpeg, subtype: 3 = video+audio */
4390 ivtv_vapi(itv, CX2341X_ENC_STOP_CAPTURE, 3, stopmode, cap_type, s->subtype);
4392 - /* only run these if we're shutting down the last cap */
4393 - if (atomic_read(&itv->capturing) - 1 == 0) {
4394 - /* event notification (off) */
4395 - if (test_and_clear_bit(IVTV_F_I_DIG_RST, &itv->i_flags)) {
4396 - /* type: 0 = refresh */
4397 - /* on/off: 0 = off, intr: 0x10000000, mbox_id: -1: none */
4398 - ivtv_vapi(itv, CX2341X_ENC_SET_EVENT_NOTIFICATION, 4, 0, 0, IVTV_IRQ_ENC_VIM_RST, -1);
4399 - ivtv_set_irq_mask(itv, IVTV_IRQ_ENC_VIM_RST);
4400 - }
4401 - }
4402 -
4403 then = jiffies;
4405 if (!test_bit(IVTV_F_S_PASSTHROUGH, &s->s_flags)) {
4406 @@ -840,17 +835,30 @@ int ivtv_stop_v4l2_encode_stream(struct ivtv_stream *s, int gop_end)
4407 /* Clear capture and no-read bits */
4408 clear_bit(IVTV_F_S_STREAMING, &s->s_flags);
4410 + /* ensure these global cleanup actions are done only once */
4411 + mutex_lock(&itv->serialize_lock);
4412 +
4413 if (s->type == IVTV_ENC_STREAM_TYPE_VBI)
4414 ivtv_set_irq_mask(itv, IVTV_IRQ_ENC_VBI_CAP);
4416 if (atomic_read(&itv->capturing) > 0) {
4417 + mutex_unlock(&itv->serialize_lock);
4418 return 0;
4419 }
4421 /* Set the following Interrupt mask bits for capture */
4422 ivtv_set_irq_mask(itv, IVTV_IRQ_MASK_CAPTURE);
4424 + /* event notification (off) */
4425 + if (test_and_clear_bit(IVTV_F_I_DIG_RST, &itv->i_flags)) {
4426 + /* type: 0 = refresh */
4427 + /* on/off: 0 = off, intr: 0x10000000, mbox_id: -1: none */
4428 + ivtv_vapi(itv, CX2341X_ENC_SET_EVENT_NOTIFICATION, 4, 0, 0, IVTV_IRQ_ENC_VIM_RST, -1);
4429 + ivtv_set_irq_mask(itv, IVTV_IRQ_ENC_VIM_RST);
4430 + }
4431 +
4432 wake_up(&s->waitq);
4433 + mutex_unlock(&itv->serialize_lock);
4435 return 0;
4436 }
4437 diff --git a/drivers/media/video/ivtv/ivtv-vbi.c b/drivers/media/video/ivtv/ivtv-vbi.c
4438 index 3ba46e0..a7282a9 100644
4439 --- a/drivers/media/video/ivtv/ivtv-vbi.c
4440 +++ b/drivers/media/video/ivtv/ivtv-vbi.c
4441 @@ -219,31 +219,23 @@ ssize_t ivtv_write_vbi(struct ivtv *itv, const char __user *ubuf, size_t count)
4442 int found_cc = 0;
4443 int cc_pos = itv->vbi.cc_pos;
4445 - if (itv->vbi.service_set_out == 0)
4446 - return -EPERM;
4447 -
4448 while (count >= sizeof(struct v4l2_sliced_vbi_data)) {
4449 switch (p->id) {
4450 case V4L2_SLICED_CAPTION_525:
4451 - if (p->id == V4L2_SLICED_CAPTION_525 &&
4452 - p->line == 21 &&
4453 - (itv->vbi.service_set_out &
4454 - V4L2_SLICED_CAPTION_525) == 0) {
4455 - break;
4456 - }
4457 - found_cc = 1;
4458 - if (p->field) {
4459 - cc[2] = p->data[0];
4460 - cc[3] = p->data[1];
4461 - } else {
4462 - cc[0] = p->data[0];
4463 - cc[1] = p->data[1];
4464 + if (p->line == 21) {
4465 + found_cc = 1;
4466 + if (p->field) {
4467 + cc[2] = p->data[0];
4468 + cc[3] = p->data[1];
4469 + } else {
4470 + cc[0] = p->data[0];
4471 + cc[1] = p->data[1];
4472 + }
4473 }
4474 break;
4476 case V4L2_SLICED_VPS:
4477 - if (p->line == 16 && p->field == 0 &&
4478 - (itv->vbi.service_set_out & V4L2_SLICED_VPS)) {
4479 + if (p->line == 16 && p->field == 0) {
4480 itv->vbi.vps[0] = p->data[2];
4481 itv->vbi.vps[1] = p->data[8];
4482 itv->vbi.vps[2] = p->data[9];
4483 @@ -255,8 +247,7 @@ ssize_t ivtv_write_vbi(struct ivtv *itv, const char __user *ubuf, size_t count)
4484 break;
4486 case V4L2_SLICED_WSS_625:
4487 - if (p->line == 23 && p->field == 0 &&
4488 - (itv->vbi.service_set_out & V4L2_SLICED_WSS_625)) {
4489 + if (p->line == 23 && p->field == 0) {
4490 /* No lock needed for WSS */
4491 itv->vbi.wss = p->data[0] | (p->data[1] << 8);
4492 itv->vbi.wss_found = 1;
4493 diff --git a/drivers/media/video/pwc/pwc-if.c b/drivers/media/video/pwc/pwc-if.c
4494 index 085332a..5227978 100644
4495 --- a/drivers/media/video/pwc/pwc-if.c
4496 +++ b/drivers/media/video/pwc/pwc-if.c
4497 @@ -1196,12 +1196,19 @@ static int pwc_video_open(struct inode *inode, struct file *file)
4498 return 0;
4499 }
4501 +
4502 +static void pwc_cleanup(struct pwc_device *pdev)
4503 +{
4504 + pwc_remove_sysfs_files(pdev->vdev);
4505 + video_unregister_device(pdev->vdev);
4506 +}
4507 +
4508 /* Note that all cleanup is done in the reverse order as in _open */
4509 static int pwc_video_close(struct inode *inode, struct file *file)
4510 {
4511 struct video_device *vdev = file->private_data;
4512 struct pwc_device *pdev;
4513 - int i;
4514 + int i, hint;
4516 PWC_DEBUG_OPEN(">> video_close called(vdev = 0x%p).\n", vdev);
4518 @@ -1224,8 +1231,9 @@ static int pwc_video_close(struct inode *inode, struct file *file)
4519 pwc_isoc_cleanup(pdev);
4520 pwc_free_buffers(pdev);
4522 + lock_kernel();
4523 /* Turn off LEDS and power down camera, but only when not unplugged */
4524 - if (pdev->error_status != EPIPE) {
4525 + if (!pdev->unplugged) {
4526 /* Turn LEDs off */
4527 if (pwc_set_leds(pdev, 0, 0) < 0)
4528 PWC_DEBUG_MODULE("Failed to set LED on/off time.\n");
4529 @@ -1234,9 +1242,19 @@ static int pwc_video_close(struct inode *inode, struct file *file)
4530 if (i < 0)
4531 PWC_ERROR("Failed to power down camera (%d)\n", i);
4532 }
4533 + pdev->vopen--;
4534 + PWC_DEBUG_OPEN("<< video_close() vopen=%d\n", pdev->vopen);
4535 + } else {
4536 + pwc_cleanup(pdev);
4537 + /* Free memory (don't set pdev to 0 just yet) */
4538 + kfree(pdev);
4539 + /* search device_hint[] table if we occupy a slot, by any chance */
4540 + for (hint = 0; hint < MAX_DEV_HINTS; hint++)
4541 + if (device_hint[hint].pdev == pdev)
4542 + device_hint[hint].pdev = NULL;
4543 }
4544 - pdev->vopen--;
4545 - PWC_DEBUG_OPEN("<< video_close() vopen=%d\n", pdev->vopen);
4546 + unlock_kernel();
4547 +
4548 return 0;
4549 }
4551 @@ -1791,21 +1809,21 @@ static void usb_pwc_disconnect(struct usb_interface *intf)
4552 /* Alert waiting processes */
4553 wake_up_interruptible(&pdev->frameq);
4554 /* Wait until device is closed */
4555 - while (pdev->vopen)
4556 - schedule();
4557 - /* Device is now closed, so we can safely unregister it */
4558 - PWC_DEBUG_PROBE("Unregistering video device in disconnect().\n");
4559 - pwc_remove_sysfs_files(pdev->vdev);
4560 - video_unregister_device(pdev->vdev);
4561 -
4562 - /* Free memory (don't set pdev to 0 just yet) */
4563 - kfree(pdev);
4564 + if(pdev->vopen) {
4565 + pdev->unplugged = 1;
4566 + } else {
4567 + /* Device is closed, so we can safely unregister it */
4568 + PWC_DEBUG_PROBE("Unregistering video device in disconnect().\n");
4569 + pwc_cleanup(pdev);
4570 + /* Free memory (don't set pdev to 0 just yet) */
4571 + kfree(pdev);
4573 disconnect_out:
4574 - /* search device_hint[] table if we occupy a slot, by any chance */
4575 - for (hint = 0; hint < MAX_DEV_HINTS; hint++)
4576 - if (device_hint[hint].pdev == pdev)
4577 - device_hint[hint].pdev = NULL;
4578 + /* search device_hint[] table if we occupy a slot, by any chance */
4579 + for (hint = 0; hint < MAX_DEV_HINTS; hint++)
4580 + if (device_hint[hint].pdev == pdev)
4581 + device_hint[hint].pdev = NULL;
4582 + }
4584 unlock_kernel();
4585 }
4586 diff --git a/drivers/media/video/pwc/pwc.h b/drivers/media/video/pwc/pwc.h
4587 index acbb931..40d3447 100644
4588 --- a/drivers/media/video/pwc/pwc.h
4589 +++ b/drivers/media/video/pwc/pwc.h
4590 @@ -193,6 +193,7 @@ struct pwc_device
4591 char vsnapshot; /* snapshot mode */
4592 char vsync; /* used by isoc handler */
4593 char vmirror; /* for ToUCaM series */
4594 + char unplugged;
4596 int cmd_len;
4597 unsigned char cmd_buf[13];
4598 diff --git a/drivers/media/video/usbvision/usbvision-cards.c b/drivers/media/video/usbvision/usbvision-cards.c
4599 index 51ab265..31db1ed 100644
4600 --- a/drivers/media/video/usbvision/usbvision-cards.c
4601 +++ b/drivers/media/video/usbvision/usbvision-cards.c
4602 @@ -1081,6 +1081,7 @@ struct usb_device_id usbvision_table [] = {
4603 { USB_DEVICE(0x2304, 0x0301), .driver_info=PINNA_LINX_VD_IN_CAB_PAL },
4604 { USB_DEVICE(0x2304, 0x0419), .driver_info=PINNA_PCTV_BUNGEE_PAL_FM },
4605 { USB_DEVICE(0x2400, 0x4200), .driver_info=HPG_WINTV },
4606 + { }, /* terminate list */
4607 };
4609 MODULE_DEVICE_TABLE (usb, usbvision_table);
4610 diff --git a/drivers/media/video/v4l2-common.c b/drivers/media/video/v4l2-common.c
4611 index 13ee550..d2915d3 100644
4612 --- a/drivers/media/video/v4l2-common.c
4613 +++ b/drivers/media/video/v4l2-common.c
4614 @@ -939,16 +939,25 @@ int v4l2_ctrl_query_menu(struct v4l2_querymenu *qmenu, struct v4l2_queryctrl *qc
4615 When no more controls are available 0 is returned. */
4616 u32 v4l2_ctrl_next(const u32 * const * ctrl_classes, u32 id)
4617 {
4618 - u32 ctrl_class;
4619 + u32 ctrl_class = V4L2_CTRL_ID2CLASS(id);
4620 const u32 *pctrl;
4622 - /* if no query is desired, then just return the control ID */
4623 - if ((id & V4L2_CTRL_FLAG_NEXT_CTRL) == 0)
4624 - return id;
4625 if (ctrl_classes == NULL)
4626 return 0;
4627 +
4628 + /* if no query is desired, then check if the ID is part of ctrl_classes */
4629 + if ((id & V4L2_CTRL_FLAG_NEXT_CTRL) == 0) {
4630 + /* find class */
4631 + while (*ctrl_classes && V4L2_CTRL_ID2CLASS(**ctrl_classes) != ctrl_class)
4632 + ctrl_classes++;
4633 + if (*ctrl_classes == NULL)
4634 + return 0;
4635 + pctrl = *ctrl_classes;
4636 + /* find control ID */
4637 + while (*pctrl && *pctrl != id) pctrl++;
4638 + return *pctrl ? id : 0;
4639 + }
4640 id &= V4L2_CTRL_ID_MASK;
4641 - ctrl_class = V4L2_CTRL_ID2CLASS(id);
4642 id++; /* select next control */
4643 /* find first class that matches (or is greater than) the class of
4644 the ID */
4645 diff --git a/drivers/media/video/wm8739.c b/drivers/media/video/wm8739.c
4646 index 8f6741a..1bf4cbe 100644
4647 --- a/drivers/media/video/wm8739.c
4648 +++ b/drivers/media/video/wm8739.c
4649 @@ -321,12 +321,14 @@ static int wm8739_probe(struct i2c_adapter *adapter)
4651 static int wm8739_detach(struct i2c_client *client)
4652 {
4653 + struct wm8739_state *state = i2c_get_clientdata(client);
4654 int err;
4656 err = i2c_detach_client(client);
4657 if (err)
4658 return err;
4660 + kfree(state);
4661 kfree(client);
4662 return 0;
4663 }
4664 diff --git a/drivers/media/video/wm8775.c b/drivers/media/video/wm8775.c
4665 index 4df5d30..9f7e894 100644
4666 --- a/drivers/media/video/wm8775.c
4667 +++ b/drivers/media/video/wm8775.c
4668 @@ -222,12 +222,14 @@ static int wm8775_probe(struct i2c_adapter *adapter)
4670 static int wm8775_detach(struct i2c_client *client)
4671 {
4672 + struct wm8775_state *state = i2c_get_clientdata(client);
4673 int err;
4675 err = i2c_detach_client(client);
4676 if (err) {
4677 return err;
4678 }
4679 + kfree(state);
4680 kfree(client);
4682 return 0;
4683 diff --git a/drivers/misc/sony-laptop.c b/drivers/misc/sony-laptop.c
4684 index 8ee0321..6d2d64f 100644
4685 --- a/drivers/misc/sony-laptop.c
4686 +++ b/drivers/misc/sony-laptop.c
4687 @@ -908,7 +908,9 @@ static struct acpi_driver sony_nc_driver = {
4688 #define SONYPI_DEVICE_TYPE2 0x00000002
4689 #define SONYPI_DEVICE_TYPE3 0x00000004
4691 -#define SONY_PIC_EV_MASK 0xff
4692 +#define SONYPI_TYPE1_OFFSET 0x04
4693 +#define SONYPI_TYPE2_OFFSET 0x12
4694 +#define SONYPI_TYPE3_OFFSET 0x12
4696 struct sony_pic_ioport {
4697 struct acpi_resource_io io;
4698 @@ -922,6 +924,7 @@ struct sony_pic_irq {
4700 struct sony_pic_dev {
4701 int model;
4702 + u16 evport_offset;
4703 u8 camera_power;
4704 u8 bluetooth_power;
4705 u8 wwan_power;
4706 @@ -1998,20 +2001,17 @@ end:
4707 static irqreturn_t sony_pic_irq(int irq, void *dev_id)
4708 {
4709 int i, j;
4710 - u32 port_val = 0;
4711 u8 ev = 0;
4712 u8 data_mask = 0;
4713 u8 device_event = 0;
4715 struct sony_pic_dev *dev = (struct sony_pic_dev *) dev_id;
4717 - acpi_os_read_port(dev->cur_ioport->io.minimum, &port_val,
4718 - dev->cur_ioport->io.address_length);
4719 - ev = port_val & SONY_PIC_EV_MASK;
4720 - data_mask = 0xff & (port_val >> (dev->cur_ioport->io.address_length - 8));
4721 + ev = inb_p(dev->cur_ioport->io.minimum);
4722 + data_mask = inb_p(dev->cur_ioport->io.minimum + dev->evport_offset);
4724 - dprintk("event (0x%.8x [%.2x] [%.2x]) at port 0x%.4x\n",
4725 - port_val, ev, data_mask, dev->cur_ioport->io.minimum);
4726 + dprintk("event ([%.2x] [%.2x]) at port 0x%.4x(+0x%.2x)\n",
4727 + ev, data_mask, dev->cur_ioport->io.minimum, dev->evport_offset);
4729 if (ev == 0x00 || ev == 0xff)
4730 return IRQ_HANDLED;
4731 @@ -2056,8 +2056,6 @@ static int sony_pic_remove(struct acpi_device *device, int type)
4732 struct sony_pic_ioport *io, *tmp_io;
4733 struct sony_pic_irq *irq, *tmp_irq;
4735 - sonypi_compat_exit();
4736 -
4737 if (sony_pic_disable(device)) {
4738 printk(KERN_ERR DRV_PFX "Couldn't disable device.\n");
4739 return -ENXIO;
4740 @@ -2067,6 +2065,8 @@ static int sony_pic_remove(struct acpi_device *device, int type)
4741 release_region(spic_dev.cur_ioport->io.minimum,
4742 spic_dev.cur_ioport->io.address_length);
4744 + sonypi_compat_exit();
4745 +
4746 sony_laptop_remove_input();
4748 /* pf attrs */
4749 @@ -2102,6 +2102,20 @@ static int sony_pic_add(struct acpi_device *device)
4750 spic_dev.model = sony_pic_detect_device_type();
4751 mutex_init(&spic_dev.lock);
4753 + /* model specific characteristics */
4754 + switch(spic_dev.model) {
4755 + case SONYPI_DEVICE_TYPE1:
4756 + spic_dev.evport_offset = SONYPI_TYPE1_OFFSET;
4757 + break;
4758 + case SONYPI_DEVICE_TYPE3:
4759 + spic_dev.evport_offset = SONYPI_TYPE3_OFFSET;
4760 + break;
4761 + case SONYPI_DEVICE_TYPE2:
4762 + default:
4763 + spic_dev.evport_offset = SONYPI_TYPE2_OFFSET;
4764 + break;
4765 + }
4766 +
4767 /* read _PRS resources */
4768 result = sony_pic_possible_resources(device);
4769 if (result) {
4770 @@ -2118,6 +2132,9 @@ static int sony_pic_add(struct acpi_device *device)
4771 goto err_free_resources;
4772 }
4774 + if (sonypi_compat_init())
4775 + goto err_remove_input;
4776 +
4777 /* request io port */
4778 list_for_each_entry(io, &spic_dev.ioports, list) {
4779 if (request_region(io->io.minimum, io->io.address_length,
4780 @@ -2132,7 +2149,7 @@ static int sony_pic_add(struct acpi_device *device)
4781 if (!spic_dev.cur_ioport) {
4782 printk(KERN_ERR DRV_PFX "Failed to request_region.\n");
4783 result = -ENODEV;
4784 - goto err_remove_input;
4785 + goto err_remove_compat;
4786 }
4788 /* request IRQ */
4789 @@ -2172,9 +2189,6 @@ static int sony_pic_add(struct acpi_device *device)
4790 if (result)
4791 goto err_remove_pf;
4793 - if (sonypi_compat_init())
4794 - goto err_remove_pf;
4795 -
4796 return 0;
4798 err_remove_pf:
4799 @@ -2190,6 +2204,9 @@ err_release_region:
4800 release_region(spic_dev.cur_ioport->io.minimum,
4801 spic_dev.cur_ioport->io.address_length);
4803 +err_remove_compat:
4804 + sonypi_compat_exit();
4805 +
4806 err_remove_input:
4807 sony_laptop_remove_input();
4809 diff --git a/drivers/mtd/Makefile b/drivers/mtd/Makefile
4810 index 451adcc..6d958a4 100644
4811 --- a/drivers/mtd/Makefile
4812 +++ b/drivers/mtd/Makefile
4813 @@ -3,9 +3,9 @@
4814 #
4816 # Core functionality.
4817 +obj-$(CONFIG_MTD) += mtd.o
4818 mtd-y := mtdcore.o mtdsuper.o
4819 mtd-$(CONFIG_MTD_PARTITIONS) += mtdpart.o
4820 -obj-$(CONFIG_MTD) += $(mtd-y)
4822 obj-$(CONFIG_MTD_CONCAT) += mtdconcat.o
4823 obj-$(CONFIG_MTD_REDBOOT_PARTS) += redboot.o
4824 diff --git a/drivers/mtd/mtdpart.c b/drivers/mtd/mtdpart.c
4825 index 9c62368..6174a97 100644
4826 --- a/drivers/mtd/mtdpart.c
4827 +++ b/drivers/mtd/mtdpart.c
4828 @@ -560,7 +560,3 @@ int parse_mtd_partitions(struct mtd_info *master, const char **types,
4829 EXPORT_SYMBOL_GPL(parse_mtd_partitions);
4830 EXPORT_SYMBOL_GPL(register_mtd_parser);
4831 EXPORT_SYMBOL_GPL(deregister_mtd_parser);
4832 -
4833 -MODULE_LICENSE("GPL");
4834 -MODULE_AUTHOR("Nicolas Pitre <nico@cam.org>");
4835 -MODULE_DESCRIPTION("Generic support for partitioning of MTD devices");
4836 diff --git a/drivers/mtd/mtdsuper.c b/drivers/mtd/mtdsuper.c
4837 index aca3319..9b430f2 100644
4838 --- a/drivers/mtd/mtdsuper.c
4839 +++ b/drivers/mtd/mtdsuper.c
4840 @@ -70,6 +70,8 @@ static int get_sb_mtd_aux(struct file_system_type *fs_type, int flags,
4841 DEBUG(1, "MTDSB: New superblock for device %d (\"%s\")\n",
4842 mtd->index, mtd->name);
4844 + sb->s_flags = flags;
4845 +
4846 ret = fill_super(sb, data, flags & MS_SILENT ? 1 : 0);
4847 if (ret < 0) {
4848 up_write(&sb->s_umount);
4849 diff --git a/drivers/mtd/nand/cafe_nand.c b/drivers/mtd/nand/cafe_nand.c
4850 index cff969d..6f32a35 100644
4851 --- a/drivers/mtd/nand/cafe_nand.c
4852 +++ b/drivers/mtd/nand/cafe_nand.c
4853 @@ -816,7 +816,8 @@ static void __devexit cafe_nand_remove(struct pci_dev *pdev)
4854 }
4856 static struct pci_device_id cafe_nand_tbl[] = {
4857 - { 0x11ab, 0x4100, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_MEMORY_FLASH << 8, 0xFFFF0 }
4858 + { 0x11ab, 0x4100, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_MEMORY_FLASH << 8, 0xFFFF0 },
4859 + { 0, }
4860 };
4862 MODULE_DEVICE_TABLE(pci, cafe_nand_tbl);
4863 diff --git a/drivers/net/atl1/atl1_main.c b/drivers/net/atl1/atl1_main.c
4864 index 6862c11..1b7a5a8 100644
4865 --- a/drivers/net/atl1/atl1_main.c
4866 +++ b/drivers/net/atl1/atl1_main.c
4867 @@ -2097,21 +2097,26 @@ static int __devinit atl1_probe(struct pci_dev *pdev,
4868 struct net_device *netdev;
4869 struct atl1_adapter *adapter;
4870 static int cards_found = 0;
4871 - bool pci_using_64 = true;
4872 int err;
4874 err = pci_enable_device(pdev);
4875 if (err)
4876 return err;
4878 - err = pci_set_dma_mask(pdev, DMA_64BIT_MASK);
4879 + /*
4880 + * The atl1 chip can DMA to 64-bit addresses, but it uses a single
4881 + * shared register for the high 32 bits, so only a single, aligned,
4882 + * 4 GB physical address range can be used at a time.
4883 + *
4884 + * Supporting 64-bit DMA on this hardware is more trouble than it's
4885 + * worth. It is far easier to limit to 32-bit DMA than update
4886 + * various kernel subsystems to support the mechanics required by a
4887 + * fixed-high-32-bit system.
4888 + */
4889 + err = pci_set_dma_mask(pdev, DMA_32BIT_MASK);
4890 if (err) {
4891 - err = pci_set_dma_mask(pdev, DMA_32BIT_MASK);
4892 - if (err) {
4893 - dev_err(&pdev->dev, "no usable DMA configuration\n");
4894 - goto err_dma;
4895 - }
4896 - pci_using_64 = false;
4897 + dev_err(&pdev->dev, "no usable DMA configuration\n");
4898 + goto err_dma;
4899 }
4900 /* Mark all PCI regions associated with PCI device
4901 * pdev as being reserved by owner atl1_driver_name
4902 @@ -2176,7 +2181,6 @@ static int __devinit atl1_probe(struct pci_dev *pdev,
4904 netdev->ethtool_ops = &atl1_ethtool_ops;
4905 adapter->bd_number = cards_found;
4906 - adapter->pci_using_64 = pci_using_64;
4908 /* setup the private structure */
4909 err = atl1_sw_init(adapter);
4910 @@ -2193,9 +2197,6 @@ static int __devinit atl1_probe(struct pci_dev *pdev,
4911 */
4912 /* netdev->features |= NETIF_F_TSO; */
4914 - if (pci_using_64)
4915 - netdev->features |= NETIF_F_HIGHDMA;
4916 -
4917 netdev->features |= NETIF_F_LLTX;
4919 /*
4920 diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
4921 index 6287ffb..0af7bc8 100644
4922 --- a/drivers/net/bonding/bond_main.c
4923 +++ b/drivers/net/bonding/bond_main.c
4924 @@ -1233,43 +1233,31 @@ int bond_sethwaddr(struct net_device *bond_dev, struct net_device *slave_dev)
4925 return 0;
4926 }
4928 -#define BOND_INTERSECT_FEATURES \
4929 - (NETIF_F_SG | NETIF_F_ALL_CSUM | NETIF_F_TSO | NETIF_F_UFO)
4930 +#define BOND_VLAN_FEATURES \
4931 + (NETIF_F_VLAN_CHALLENGED | NETIF_F_HW_VLAN_RX | NETIF_F_HW_VLAN_TX | \
4932 + NETIF_F_HW_VLAN_FILTER)
4934 /*
4935 * Compute the common dev->feature set available to all slaves. Some
4936 - * feature bits are managed elsewhere, so preserve feature bits set on
4937 - * master device that are not part of the examined set.
4938 + * feature bits are managed elsewhere, so preserve those feature bits
4939 + * on the master device.
4940 */
4941 static int bond_compute_features(struct bonding *bond)
4942 {
4943 - unsigned long features = BOND_INTERSECT_FEATURES;
4944 struct slave *slave;
4945 struct net_device *bond_dev = bond->dev;
4946 + unsigned long features = bond_dev->features & ~BOND_VLAN_FEATURES;
4947 unsigned short max_hard_header_len = ETH_HLEN;
4948 int i;
4950 bond_for_each_slave(bond, slave, i) {
4951 - features &= (slave->dev->features & BOND_INTERSECT_FEATURES);
4952 + features = netdev_compute_features(features,
4953 + slave->dev->features);
4954 if (slave->dev->hard_header_len > max_hard_header_len)
4955 max_hard_header_len = slave->dev->hard_header_len;
4956 }
4958 - if ((features & NETIF_F_SG) &&
4959 - !(features & NETIF_F_ALL_CSUM))
4960 - features &= ~NETIF_F_SG;
4961 -
4962 - /*
4963 - * features will include NETIF_F_TSO (NETIF_F_UFO) iff all
4964 - * slave devices support NETIF_F_TSO (NETIF_F_UFO), which
4965 - * implies that all slaves also support scatter-gather
4966 - * (NETIF_F_SG), which implies that features also includes
4967 - * NETIF_F_SG. So no need to check whether we have an
4968 - * illegal combination of NETIF_F_{TSO,UFO} and
4969 - * !NETIF_F_SG
4970 - */
4971 -
4972 - features |= (bond_dev->features & ~BOND_INTERSECT_FEATURES);
4973 + features |= (bond_dev->features & BOND_VLAN_FEATURES);
4974 bond_dev->features = features;
4975 bond_dev->hard_header_len = max_hard_header_len;
4977 diff --git a/drivers/net/cassini.c b/drivers/net/cassini.c
4978 index 59b9943..ad55baa 100644
4979 --- a/drivers/net/cassini.c
4980 +++ b/drivers/net/cassini.c
4981 @@ -336,30 +336,6 @@ static inline void cas_mask_intr(struct cas *cp)
4982 cas_disable_irq(cp, i);
4983 }
4985 -static inline void cas_buffer_init(cas_page_t *cp)
4986 -{
4987 - struct page *page = cp->buffer;
4988 - atomic_set((atomic_t *)&page->lru.next, 1);
4989 -}
4990 -
4991 -static inline int cas_buffer_count(cas_page_t *cp)
4992 -{
4993 - struct page *page = cp->buffer;
4994 - return atomic_read((atomic_t *)&page->lru.next);
4995 -}
4996 -
4997 -static inline void cas_buffer_inc(cas_page_t *cp)
4998 -{
4999 - struct page *page = cp->buffer;
5000 - atomic_inc((atomic_t *)&page->lru.next);
5001 -}
5002 -
5003 -static inline void cas_buffer_dec(cas_page_t *cp)
5004 -{
5005 - struct page *page = cp->buffer;
5006 - atomic_dec((atomic_t *)&page->lru.next);
5007 -}
5008 -
5009 static void cas_enable_irq(struct cas *cp, const int ring)
5010 {
5011 if (ring == 0) { /* all but TX_DONE */
5012 @@ -497,7 +473,6 @@ static int cas_page_free(struct cas *cp, cas_page_t *page)
5013 {
5014 pci_unmap_page(cp->pdev, page->dma_addr, cp->page_size,
5015 PCI_DMA_FROMDEVICE);
5016 - cas_buffer_dec(page);
5017 __free_pages(page->buffer, cp->page_order);
5018 kfree(page);
5019 return 0;
5020 @@ -527,7 +502,6 @@ static cas_page_t *cas_page_alloc(struct cas *cp, const gfp_t flags)
5021 page->buffer = alloc_pages(flags, cp->page_order);
5022 if (!page->buffer)
5023 goto page_err;
5024 - cas_buffer_init(page);
5025 page->dma_addr = pci_map_page(cp->pdev, page->buffer, 0,
5026 cp->page_size, PCI_DMA_FROMDEVICE);
5027 return page;
5028 @@ -606,7 +580,7 @@ static void cas_spare_recover(struct cas *cp, const gfp_t flags)
5029 list_for_each_safe(elem, tmp, &list) {
5030 cas_page_t *page = list_entry(elem, cas_page_t, list);
5032 - if (cas_buffer_count(page) > 1)
5033 + if (page_count(page->buffer) > 1)
5034 continue;
5036 list_del(elem);
5037 @@ -1374,7 +1348,7 @@ static inline cas_page_t *cas_page_spare(struct cas *cp, const int index)
5038 cas_page_t *page = cp->rx_pages[1][index];
5039 cas_page_t *new;
5041 - if (cas_buffer_count(page) == 1)
5042 + if (page_count(page->buffer) == 1)
5043 return page;
5045 new = cas_page_dequeue(cp);
5046 @@ -1394,7 +1368,7 @@ static cas_page_t *cas_page_swap(struct cas *cp, const int ring,
5047 cas_page_t **page1 = cp->rx_pages[1];
5049 /* swap if buffer is in use */
5050 - if (cas_buffer_count(page0[index]) > 1) {
5051 + if (page_count(page0[index]->buffer) > 1) {
5052 cas_page_t *new = cas_page_spare(cp, index);
5053 if (new) {
5054 page1[index] = page0[index];
5055 @@ -1979,6 +1953,7 @@ static int cas_rx_process_pkt(struct cas *cp, struct cas_rx_comp *rxc,
5056 struct cas_page *page;
5057 struct sk_buff *skb;
5058 void *addr, *crcaddr;
5059 + __sum16 csum;
5060 char *p;
5062 hlen = CAS_VAL(RX_COMP2_HDR_SIZE, words[1]);
5063 @@ -2062,10 +2037,10 @@ static int cas_rx_process_pkt(struct cas *cp, struct cas_rx_comp *rxc,
5065 skb_shinfo(skb)->nr_frags++;
5066 skb->data_len += hlen - swivel;
5067 + skb->truesize += hlen - swivel;
5068 skb->len += hlen - swivel;
5070 get_page(page->buffer);
5071 - cas_buffer_inc(page);
5072 frag->page = page->buffer;
5073 frag->page_offset = off;
5074 frag->size = hlen - swivel;
5075 @@ -2090,7 +2065,6 @@ static int cas_rx_process_pkt(struct cas *cp, struct cas_rx_comp *rxc,
5076 frag++;
5078 get_page(page->buffer);
5079 - cas_buffer_inc(page);
5080 frag->page = page->buffer;
5081 frag->page_offset = 0;
5082 frag->size = hlen;
5083 @@ -2158,14 +2132,15 @@ end_copy_pkt:
5084 skb_put(skb, alloclen);
5085 }
5087 - i = CAS_VAL(RX_COMP4_TCP_CSUM, words[3]);
5088 + csum = (__force __sum16)htons(CAS_VAL(RX_COMP4_TCP_CSUM, words[3]));
5089 if (cp->crc_size) {
5090 /* checksum includes FCS. strip it out. */
5091 - i = csum_fold(csum_partial(crcaddr, cp->crc_size, i));
5092 + csum = csum_fold(csum_partial(crcaddr, cp->crc_size,
5093 + csum_unfold(csum)));
5094 if (addr)
5095 cas_page_unmap(addr);
5096 }
5097 - skb->csum = ntohs(i ^ 0xffff);
5098 + skb->csum = csum_unfold(~csum);
5099 skb->ip_summed = CHECKSUM_COMPLETE;
5100 skb->protocol = eth_type_trans(skb, cp->dev);
5101 return len;
5102 @@ -2253,7 +2228,7 @@ static int cas_post_rxds_ringN(struct cas *cp, int ring, int num)
5103 released = 0;
5104 while (entry != last) {
5105 /* make a new buffer if it's still in use */
5106 - if (cas_buffer_count(page[entry]) > 1) {
5107 + if (page_count(page[entry]->buffer) > 1) {
5108 cas_page_t *new = cas_page_dequeue(cp);
5109 if (!new) {
5110 /* let the timer know that we need to
5111 diff --git a/drivers/net/cassini.h b/drivers/net/cassini.h
5112 index a970804..a201431 100644
5113 --- a/drivers/net/cassini.h
5114 +++ b/drivers/net/cassini.h
5115 @@ -4122,8 +4122,8 @@ cas_saturn_patch_t cas_saturn_patch[] = {
5116 inserted into
5117 outgoing frame. */
5118 struct cas_tx_desc {
5119 - u64 control;
5120 - u64 buffer;
5121 + __le64 control;
5122 + __le64 buffer;
5123 };
5125 /* descriptor ring for free buffers contains page-sized buffers. the index
5126 @@ -4131,8 +4131,8 @@ struct cas_tx_desc {
5127 * the completion ring.
5128 */
5129 struct cas_rx_desc {
5130 - u64 index;
5131 - u64 buffer;
5132 + __le64 index;
5133 + __le64 buffer;
5134 };
5136 /* received packets are put on the completion ring. */
5137 @@ -4210,10 +4210,10 @@ struct cas_rx_desc {
5138 #define RX_INDEX_RELEASE 0x0000000000002000ULL
5140 struct cas_rx_comp {
5141 - u64 word1;
5142 - u64 word2;
5143 - u64 word3;
5144 - u64 word4;
5145 + __le64 word1;
5146 + __le64 word2;
5147 + __le64 word3;
5148 + __le64 word4;
5149 };
5151 enum link_state {
5152 @@ -4252,7 +4252,7 @@ struct cas_init_block {
5153 struct cas_rx_comp rxcs[N_RX_COMP_RINGS][INIT_BLOCK_RX_COMP];
5154 struct cas_rx_desc rxds[N_RX_DESC_RINGS][INIT_BLOCK_RX_DESC];
5155 struct cas_tx_desc txds[N_TX_RINGS][INIT_BLOCK_TX];
5156 - u64 tx_compwb;
5157 + __le64 tx_compwb;
5158 };
5160 /* tiny buffers to deal with target abort issue. we allocate a bit
5161 diff --git a/drivers/net/chelsio/cxgb2.c b/drivers/net/chelsio/cxgb2.c
5162 index 231ce43..a82a1fa 100644
5163 --- a/drivers/net/chelsio/cxgb2.c
5164 +++ b/drivers/net/chelsio/cxgb2.c
5165 @@ -370,6 +370,8 @@ static char stats_strings[][ETH_GSTRING_LEN] = {
5166 "TxInternalMACXmitError",
5167 "TxFramesWithExcessiveDeferral",
5168 "TxFCSErrors",
5169 + "TxJumboFramesOk",
5170 + "TxJumboOctetsOk",
5172 "RxOctetsOK",
5173 "RxOctetsBad",
5174 @@ -388,15 +390,16 @@ static char stats_strings[][ETH_GSTRING_LEN] = {
5175 "RxInRangeLengthErrors",
5176 "RxOutOfRangeLengthField",
5177 "RxFrameTooLongErrors",
5178 + "RxJumboFramesOk",
5179 + "RxJumboOctetsOk",
5181 /* Port stats */
5182 - "RxPackets",
5183 "RxCsumGood",
5184 - "TxPackets",
5185 "TxCsumOffload",
5186 "TxTso",
5187 "RxVlan",
5188 "TxVlan",
5189 + "TxNeedHeadroom",
5191 /* Interrupt stats */
5192 "rx drops",
5193 @@ -454,23 +457,56 @@ static void get_stats(struct net_device *dev, struct ethtool_stats *stats,
5194 const struct cmac_statistics *s;
5195 const struct sge_intr_counts *t;
5196 struct sge_port_stats ss;
5197 - unsigned int len;
5199 s = mac->ops->statistics_update(mac, MAC_STATS_UPDATE_FULL);
5200 -
5201 - len = sizeof(u64)*(&s->TxFCSErrors + 1 - &s->TxOctetsOK);
5202 - memcpy(data, &s->TxOctetsOK, len);
5203 - data += len;
5204 -
5205 - len = sizeof(u64)*(&s->RxFrameTooLongErrors + 1 - &s->RxOctetsOK);
5206 - memcpy(data, &s->RxOctetsOK, len);
5207 - data += len;
5208 -
5209 + t = t1_sge_get_intr_counts(adapter->sge);
5210 t1_sge_get_port_stats(adapter->sge, dev->if_port, &ss);
5211 - memcpy(data, &ss, sizeof(ss));
5212 - data += sizeof(ss);
5214 - t = t1_sge_get_intr_counts(adapter->sge);
5215 + *data++ = s->TxOctetsOK;
5216 + *data++ = s->TxOctetsBad;
5217 + *data++ = s->TxUnicastFramesOK;
5218 + *data++ = s->TxMulticastFramesOK;
5219 + *data++ = s->TxBroadcastFramesOK;
5220 + *data++ = s->TxPauseFrames;
5221 + *data++ = s->TxFramesWithDeferredXmissions;
5222 + *data++ = s->TxLateCollisions;
5223 + *data++ = s->TxTotalCollisions;
5224 + *data++ = s->TxFramesAbortedDueToXSCollisions;
5225 + *data++ = s->TxUnderrun;
5226 + *data++ = s->TxLengthErrors;
5227 + *data++ = s->TxInternalMACXmitError;
5228 + *data++ = s->TxFramesWithExcessiveDeferral;
5229 + *data++ = s->TxFCSErrors;
5230 + *data++ = s->TxJumboFramesOK;
5231 + *data++ = s->TxJumboOctetsOK;
5232 +
5233 + *data++ = s->RxOctetsOK;
5234 + *data++ = s->RxOctetsBad;
5235 + *data++ = s->RxUnicastFramesOK;
5236 + *data++ = s->RxMulticastFramesOK;
5237 + *data++ = s->RxBroadcastFramesOK;
5238 + *data++ = s->RxPauseFrames;
5239 + *data++ = s->RxFCSErrors;
5240 + *data++ = s->RxAlignErrors;
5241 + *data++ = s->RxSymbolErrors;
5242 + *data++ = s->RxDataErrors;
5243 + *data++ = s->RxSequenceErrors;
5244 + *data++ = s->RxRuntErrors;
5245 + *data++ = s->RxJabberErrors;
5246 + *data++ = s->RxInternalMACRcvError;
5247 + *data++ = s->RxInRangeLengthErrors;
5248 + *data++ = s->RxOutOfRangeLengthField;
5249 + *data++ = s->RxFrameTooLongErrors;
5250 + *data++ = s->RxJumboFramesOK;
5251 + *data++ = s->RxJumboOctetsOK;
5252 +
5253 + *data++ = ss.rx_cso_good;
5254 + *data++ = ss.tx_cso;
5255 + *data++ = ss.tx_tso;
5256 + *data++ = ss.vlan_xtract;
5257 + *data++ = ss.vlan_insert;
5258 + *data++ = ss.tx_need_hdrroom;
5259 +
5260 *data++ = t->rx_drops;
5261 *data++ = t->pure_rsps;
5262 *data++ = t->unhandled_irqs;
5263 diff --git a/drivers/net/chelsio/pm3393.c b/drivers/net/chelsio/pm3393.c
5264 index 678778a..2117c4f 100644
5265 --- a/drivers/net/chelsio/pm3393.c
5266 +++ b/drivers/net/chelsio/pm3393.c
5267 @@ -45,7 +45,7 @@
5269 #include <linux/crc32.h>
5271 -#define OFFSET(REG_ADDR) (REG_ADDR << 2)
5272 +#define OFFSET(REG_ADDR) ((REG_ADDR) << 2)
5274 /* Max frame size PM3393 can handle. Includes Ethernet header and CRC. */
5275 #define MAX_FRAME_SIZE 9600
5276 @@ -428,69 +428,26 @@ static int pm3393_set_speed_duplex_fc(struct cmac *cmac, int speed, int duplex,
5277 return 0;
5278 }
5280 -static void pm3393_rmon_update(struct adapter *adapter, u32 offs, u64 *val,
5281 - int over)
5282 -{
5283 - u32 val0, val1, val2;
5284 -
5285 - t1_tpi_read(adapter, offs, &val0);
5286 - t1_tpi_read(adapter, offs + 4, &val1);
5287 - t1_tpi_read(adapter, offs + 8, &val2);
5288 -
5289 - *val &= ~0ull << 40;
5290 - *val |= val0 & 0xffff;
5291 - *val |= (val1 & 0xffff) << 16;
5292 - *val |= (u64)(val2 & 0xff) << 32;
5293 -
5294 - if (over)
5295 - *val += 1ull << 40;
5296 +#define RMON_UPDATE(mac, name, stat_name) \
5297 +{ \
5298 + t1_tpi_read((mac)->adapter, OFFSET(name), &val0); \
5299 + t1_tpi_read((mac)->adapter, OFFSET((name)+1), &val1); \
5300 + t1_tpi_read((mac)->adapter, OFFSET((name)+2), &val2); \
5301 + (mac)->stats.stat_name = (u64)(val0 & 0xffff) | \
5302 + ((u64)(val1 & 0xffff) << 16) | \
5303 + ((u64)(val2 & 0xff) << 32) | \
5304 + ((mac)->stats.stat_name & \
5305 + 0xffffff0000000000ULL); \
5306 + if (ro & \
5307 + (1ULL << ((name - SUNI1x10GEXP_REG_MSTAT_COUNTER_0_LOW) >> 2))) \
5308 + (mac)->stats.stat_name += 1ULL << 40; \
5309 }
5311 static const struct cmac_statistics *pm3393_update_statistics(struct cmac *mac,
5312 int flag)
5313 {
5314 - static struct {
5315 - unsigned int reg;
5316 - unsigned int offset;
5317 - } hw_stats [] = {
5318 -
5319 -#define HW_STAT(name, stat_name) \
5320 - { name, (&((struct cmac_statistics *)NULL)->stat_name) - (u64 *)NULL }
5321 -
5322 - /* Rx stats */
5323 - HW_STAT(RxOctetsReceivedOK, RxOctetsOK),
5324 - HW_STAT(RxUnicastFramesReceivedOK, RxUnicastFramesOK),
5325 - HW_STAT(RxMulticastFramesReceivedOK, RxMulticastFramesOK),
5326 - HW_STAT(RxBroadcastFramesReceivedOK, RxBroadcastFramesOK),
5327 - HW_STAT(RxPAUSEMACCtrlFramesReceived, RxPauseFrames),
5328 - HW_STAT(RxFrameCheckSequenceErrors, RxFCSErrors),
5329 - HW_STAT(RxFramesLostDueToInternalMACErrors,
5330 - RxInternalMACRcvError),
5331 - HW_STAT(RxSymbolErrors, RxSymbolErrors),
5332 - HW_STAT(RxInRangeLengthErrors, RxInRangeLengthErrors),
5333 - HW_STAT(RxFramesTooLongErrors , RxFrameTooLongErrors),
5334 - HW_STAT(RxJabbers, RxJabberErrors),
5335 - HW_STAT(RxFragments, RxRuntErrors),
5336 - HW_STAT(RxUndersizedFrames, RxRuntErrors),
5337 - HW_STAT(RxJumboFramesReceivedOK, RxJumboFramesOK),
5338 - HW_STAT(RxJumboOctetsReceivedOK, RxJumboOctetsOK),
5339 -
5340 - /* Tx stats */
5341 - HW_STAT(TxOctetsTransmittedOK, TxOctetsOK),
5342 - HW_STAT(TxFramesLostDueToInternalMACTransmissionError,
5343 - TxInternalMACXmitError),
5344 - HW_STAT(TxTransmitSystemError, TxFCSErrors),
5345 - HW_STAT(TxUnicastFramesTransmittedOK, TxUnicastFramesOK),
5346 - HW_STAT(TxMulticastFramesTransmittedOK, TxMulticastFramesOK),
5347 - HW_STAT(TxBroadcastFramesTransmittedOK, TxBroadcastFramesOK),
5348 - HW_STAT(TxPAUSEMACCtrlFramesTransmitted, TxPauseFrames),
5349 - HW_STAT(TxJumboFramesReceivedOK, TxJumboFramesOK),
5350 - HW_STAT(TxJumboOctetsReceivedOK, TxJumboOctetsOK)
5351 - }, *p = hw_stats;
5352 - u64 ro;
5353 - u32 val0, val1, val2, val3;
5354 - u64 *stats = (u64 *) &mac->stats;
5355 - unsigned int i;
5356 + u64 ro;
5357 + u32 val0, val1, val2, val3;
5359 /* Snap the counters */
5360 pmwrite(mac, SUNI1x10GEXP_REG_MSTAT_CONTROL,
5361 @@ -504,14 +461,35 @@ static const struct cmac_statistics *pm3393_update_statistics(struct cmac *mac,
5362 ro = ((u64)val0 & 0xffff) | (((u64)val1 & 0xffff) << 16) |
5363 (((u64)val2 & 0xffff) << 32) | (((u64)val3 & 0xffff) << 48);
5365 - for (i = 0; i < ARRAY_SIZE(hw_stats); i++) {
5366 - unsigned reg = p->reg - SUNI1x10GEXP_REG_MSTAT_COUNTER_0_LOW;
5367 -
5368 - pm3393_rmon_update((mac)->adapter, OFFSET(p->reg),
5369 - stats + p->offset, ro & (reg >> 2));
5370 - }
5371 -
5372 -
5373 + /* Rx stats */
5374 + RMON_UPDATE(mac, RxOctetsReceivedOK, RxOctetsOK);
5375 + RMON_UPDATE(mac, RxUnicastFramesReceivedOK, RxUnicastFramesOK);
5376 + RMON_UPDATE(mac, RxMulticastFramesReceivedOK, RxMulticastFramesOK);
5377 + RMON_UPDATE(mac, RxBroadcastFramesReceivedOK, RxBroadcastFramesOK);
5378 + RMON_UPDATE(mac, RxPAUSEMACCtrlFramesReceived, RxPauseFrames);
5379 + RMON_UPDATE(mac, RxFrameCheckSequenceErrors, RxFCSErrors);
5380 + RMON_UPDATE(mac, RxFramesLostDueToInternalMACErrors,
5381 + RxInternalMACRcvError);
5382 + RMON_UPDATE(mac, RxSymbolErrors, RxSymbolErrors);
5383 + RMON_UPDATE(mac, RxInRangeLengthErrors, RxInRangeLengthErrors);
5384 + RMON_UPDATE(mac, RxFramesTooLongErrors , RxFrameTooLongErrors);
5385 + RMON_UPDATE(mac, RxJabbers, RxJabberErrors);
5386 + RMON_UPDATE(mac, RxFragments, RxRuntErrors);
5387 + RMON_UPDATE(mac, RxUndersizedFrames, RxRuntErrors);
5388 + RMON_UPDATE(mac, RxJumboFramesReceivedOK, RxJumboFramesOK);
5389 + RMON_UPDATE(mac, RxJumboOctetsReceivedOK, RxJumboOctetsOK);
5390 +
5391 + /* Tx stats */
5392 + RMON_UPDATE(mac, TxOctetsTransmittedOK, TxOctetsOK);
5393 + RMON_UPDATE(mac, TxFramesLostDueToInternalMACTransmissionError,
5394 + TxInternalMACXmitError);
5395 + RMON_UPDATE(mac, TxTransmitSystemError, TxFCSErrors);
5396 + RMON_UPDATE(mac, TxUnicastFramesTransmittedOK, TxUnicastFramesOK);
5397 + RMON_UPDATE(mac, TxMulticastFramesTransmittedOK, TxMulticastFramesOK);
5398 + RMON_UPDATE(mac, TxBroadcastFramesTransmittedOK, TxBroadcastFramesOK);
5399 + RMON_UPDATE(mac, TxPAUSEMACCtrlFramesTransmitted, TxPauseFrames);
5400 + RMON_UPDATE(mac, TxJumboFramesReceivedOK, TxJumboFramesOK);
5401 + RMON_UPDATE(mac, TxJumboOctetsReceivedOK, TxJumboOctetsOK);
5403 return &mac->stats;
5404 }
5405 diff --git a/drivers/net/chelsio/sge.c b/drivers/net/chelsio/sge.c
5406 index e4f874a..d77f1eb 100644
5407 --- a/drivers/net/chelsio/sge.c
5408 +++ b/drivers/net/chelsio/sge.c
5409 @@ -986,11 +986,10 @@ void t1_sge_get_port_stats(const struct sge *sge, int port,
5410 for_each_possible_cpu(cpu) {
5411 struct sge_port_stats *st = per_cpu_ptr(sge->port_stats[port], cpu);
5413 - ss->rx_packets += st->rx_packets;
5414 ss->rx_cso_good += st->rx_cso_good;
5415 - ss->tx_packets += st->tx_packets;
5416 ss->tx_cso += st->tx_cso;
5417 ss->tx_tso += st->tx_tso;
5418 + ss->tx_need_hdrroom += st->tx_need_hdrroom;
5419 ss->vlan_xtract += st->vlan_xtract;
5420 ss->vlan_insert += st->vlan_insert;
5421 }
5422 @@ -1379,11 +1378,10 @@ static void sge_rx(struct sge *sge, struct freelQ *fl, unsigned int len)
5423 }
5424 __skb_pull(skb, sizeof(*p));
5426 - skb->dev->last_rx = jiffies;
5427 st = per_cpu_ptr(sge->port_stats[p->iff], smp_processor_id());
5428 - st->rx_packets++;
5430 skb->protocol = eth_type_trans(skb, adapter->port[p->iff].dev);
5431 + skb->dev->last_rx = jiffies;
5432 if ((adapter->flags & RX_CSUM_ENABLED) && p->csum == 0xffff &&
5433 skb->protocol == htons(ETH_P_IP) &&
5434 (skb->data[9] == IPPROTO_TCP || skb->data[9] == IPPROTO_UDP)) {
5435 @@ -1851,7 +1849,8 @@ int t1_start_xmit(struct sk_buff *skb, struct net_device *dev)
5436 {
5437 struct adapter *adapter = dev->priv;
5438 struct sge *sge = adapter->sge;
5439 - struct sge_port_stats *st = per_cpu_ptr(sge->port_stats[dev->if_port], smp_processor_id());
5440 + struct sge_port_stats *st = per_cpu_ptr(sge->port_stats[dev->if_port],
5441 + smp_processor_id());
5442 struct cpl_tx_pkt *cpl;
5443 struct sk_buff *orig_skb = skb;
5444 int ret;
5445 @@ -1859,6 +1858,18 @@ int t1_start_xmit(struct sk_buff *skb, struct net_device *dev)
5446 if (skb->protocol == htons(ETH_P_CPL5))
5447 goto send;
5449 + /*
5450 + * We are using a non-standard hard_header_len.
5451 + * Allocate more header room in the rare cases it is not big enough.
5452 + */
5453 + if (unlikely(skb_headroom(skb) < dev->hard_header_len - ETH_HLEN)) {
5454 + skb = skb_realloc_headroom(skb, sizeof(struct cpl_tx_pkt_lso));
5455 + ++st->tx_need_hdrroom;
5456 + dev_kfree_skb_any(orig_skb);
5457 + if (!skb)
5458 + return NETDEV_TX_OK;
5459 + }
5460 +
5461 if (skb_shinfo(skb)->gso_size) {
5462 int eth_type;
5463 struct cpl_tx_pkt_lso *hdr;
5464 @@ -1892,24 +1903,6 @@ int t1_start_xmit(struct sk_buff *skb, struct net_device *dev)
5465 return NETDEV_TX_OK;
5466 }
5468 - /*
5469 - * We are using a non-standard hard_header_len and some kernel
5470 - * components, such as pktgen, do not handle it right.
5471 - * Complain when this happens but try to fix things up.
5472 - */
5473 - if (unlikely(skb_headroom(skb) < dev->hard_header_len - ETH_HLEN)) {
5474 - pr_debug("%s: headroom %d header_len %d\n", dev->name,
5475 - skb_headroom(skb), dev->hard_header_len);
5476 -
5477 - if (net_ratelimit())
5478 - printk(KERN_ERR "%s: inadequate headroom in "
5479 - "Tx packet\n", dev->name);
5480 - skb = skb_realloc_headroom(skb, sizeof(*cpl));
5481 - dev_kfree_skb_any(orig_skb);
5482 - if (!skb)
5483 - return NETDEV_TX_OK;
5484 - }
5485 -
5486 if (!(adapter->flags & UDP_CSUM_CAPABLE) &&
5487 skb->ip_summed == CHECKSUM_PARTIAL &&
5488 ip_hdr(skb)->protocol == IPPROTO_UDP) {
5489 @@ -1955,7 +1948,6 @@ int t1_start_xmit(struct sk_buff *skb, struct net_device *dev)
5490 cpl->vlan_valid = 0;
5492 send:
5493 - st->tx_packets++;
5494 dev->trans_start = jiffies;
5495 ret = t1_sge_tx(skb, adapter, 0, dev);
5497 diff --git a/drivers/net/chelsio/sge.h b/drivers/net/chelsio/sge.h
5498 index d132a0e..80165f9 100644
5499 --- a/drivers/net/chelsio/sge.h
5500 +++ b/drivers/net/chelsio/sge.h
5501 @@ -57,13 +57,12 @@ struct sge_intr_counts {
5502 };
5504 struct sge_port_stats {
5505 - u64 rx_packets; /* # of Ethernet packets received */
5506 u64 rx_cso_good; /* # of successful RX csum offloads */
5507 - u64 tx_packets; /* # of TX packets */
5508 u64 tx_cso; /* # of TX checksum offloads */
5509 u64 tx_tso; /* # of TSO requests */
5510 u64 vlan_xtract; /* # of VLAN tag extractions */
5511 u64 vlan_insert; /* # of VLAN tag insertions */
5512 + u64 tx_need_hdrroom; /* # of TX skbs in need of more header room */
5513 };
5515 struct sk_buff;
5516 diff --git a/drivers/net/forcedeth.c b/drivers/net/forcedeth.c
5517 index 42ba1c0..36b3a66 100644
5518 --- a/drivers/net/forcedeth.c
5519 +++ b/drivers/net/forcedeth.c
5520 @@ -550,6 +550,8 @@ union ring_type {
5521 /* PHY defines */
5522 #define PHY_OUI_MARVELL 0x5043
5523 #define PHY_OUI_CICADA 0x03f1
5524 +#define PHY_OUI_VITESSE 0x01c1
5525 +#define PHY_OUI_REALTEK 0x0732
5526 #define PHYID1_OUI_MASK 0x03ff
5527 #define PHYID1_OUI_SHFT 6
5528 #define PHYID2_OUI_MASK 0xfc00
5529 @@ -557,12 +559,36 @@ union ring_type {
5530 #define PHYID2_MODEL_MASK 0x03f0
5531 #define PHY_MODEL_MARVELL_E3016 0x220
5532 #define PHY_MARVELL_E3016_INITMASK 0x0300
5533 -#define PHY_INIT1 0x0f000
5534 -#define PHY_INIT2 0x0e00
5535 -#define PHY_INIT3 0x01000
5536 -#define PHY_INIT4 0x0200
5537 -#define PHY_INIT5 0x0004
5538 -#define PHY_INIT6 0x02000
5539 +#define PHY_CICADA_INIT1 0x0f000
5540 +#define PHY_CICADA_INIT2 0x0e00
5541 +#define PHY_CICADA_INIT3 0x01000
5542 +#define PHY_CICADA_INIT4 0x0200
5543 +#define PHY_CICADA_INIT5 0x0004
5544 +#define PHY_CICADA_INIT6 0x02000
5545 +#define PHY_VITESSE_INIT_REG1 0x1f
5546 +#define PHY_VITESSE_INIT_REG2 0x10
5547 +#define PHY_VITESSE_INIT_REG3 0x11
5548 +#define PHY_VITESSE_INIT_REG4 0x12
5549 +#define PHY_VITESSE_INIT_MSK1 0xc
5550 +#define PHY_VITESSE_INIT_MSK2 0x0180
5551 +#define PHY_VITESSE_INIT1 0x52b5
5552 +#define PHY_VITESSE_INIT2 0xaf8a
5553 +#define PHY_VITESSE_INIT3 0x8
5554 +#define PHY_VITESSE_INIT4 0x8f8a
5555 +#define PHY_VITESSE_INIT5 0xaf86
5556 +#define PHY_VITESSE_INIT6 0x8f86
5557 +#define PHY_VITESSE_INIT7 0xaf82
5558 +#define PHY_VITESSE_INIT8 0x0100
5559 +#define PHY_VITESSE_INIT9 0x8f82
5560 +#define PHY_VITESSE_INIT10 0x0
5561 +#define PHY_REALTEK_INIT_REG1 0x1f
5562 +#define PHY_REALTEK_INIT_REG2 0x19
5563 +#define PHY_REALTEK_INIT_REG3 0x13
5564 +#define PHY_REALTEK_INIT1 0x0000
5565 +#define PHY_REALTEK_INIT2 0x8e00
5566 +#define PHY_REALTEK_INIT3 0x0001
5567 +#define PHY_REALTEK_INIT4 0xad17
5568 +
5569 #define PHY_GIGABIT 0x0100
5571 #define PHY_TIMEOUT 0x1
5572 @@ -961,7 +987,7 @@ static void nv_enable_irq(struct net_device *dev)
5573 if (np->msi_flags & NV_MSI_X_ENABLED)
5574 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5575 else
5576 - enable_irq(dev->irq);
5577 + enable_irq(np->pci_dev->irq);
5578 } else {
5579 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_RX].vector);
5580 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_TX].vector);
5581 @@ -977,7 +1003,7 @@ static void nv_disable_irq(struct net_device *dev)
5582 if (np->msi_flags & NV_MSI_X_ENABLED)
5583 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5584 else
5585 - disable_irq(dev->irq);
5586 + disable_irq(np->pci_dev->irq);
5587 } else {
5588 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_RX].vector);
5589 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_TX].vector);
5590 @@ -1096,6 +1122,28 @@ static int phy_init(struct net_device *dev)
5591 return PHY_ERROR;
5592 }
5593 }
5594 + if (np->phy_oui == PHY_OUI_REALTEK) {
5595 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT1)) {
5596 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5597 + return PHY_ERROR;
5598 + }
5599 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG2, PHY_REALTEK_INIT2)) {
5600 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5601 + return PHY_ERROR;
5602 + }
5603 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT3)) {
5604 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5605 + return PHY_ERROR;
5606 + }
5607 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG3, PHY_REALTEK_INIT4)) {
5608 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5609 + return PHY_ERROR;
5610 + }
5611 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT1)) {
5612 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5613 + return PHY_ERROR;
5614 + }
5615 + }
5617 /* set advertise register */
5618 reg = mii_rw(dev, np->phyaddr, MII_ADVERTISE, MII_READ);
5619 @@ -1141,14 +1189,14 @@ static int phy_init(struct net_device *dev)
5620 /* phy vendor specific configuration */
5621 if ((np->phy_oui == PHY_OUI_CICADA) && (phyinterface & PHY_RGMII) ) {
5622 phy_reserved = mii_rw(dev, np->phyaddr, MII_RESV1, MII_READ);
5623 - phy_reserved &= ~(PHY_INIT1 | PHY_INIT2);
5624 - phy_reserved |= (PHY_INIT3 | PHY_INIT4);
5625 + phy_reserved &= ~(PHY_CICADA_INIT1 | PHY_CICADA_INIT2);
5626 + phy_reserved |= (PHY_CICADA_INIT3 | PHY_CICADA_INIT4);
5627 if (mii_rw(dev, np->phyaddr, MII_RESV1, phy_reserved)) {
5628 printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5629 return PHY_ERROR;
5630 }
5631 phy_reserved = mii_rw(dev, np->phyaddr, MII_NCONFIG, MII_READ);
5632 - phy_reserved |= PHY_INIT5;
5633 + phy_reserved |= PHY_CICADA_INIT5;
5634 if (mii_rw(dev, np->phyaddr, MII_NCONFIG, phy_reserved)) {
5635 printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5636 return PHY_ERROR;
5637 @@ -1156,12 +1204,106 @@ static int phy_init(struct net_device *dev)
5638 }
5639 if (np->phy_oui == PHY_OUI_CICADA) {
5640 phy_reserved = mii_rw(dev, np->phyaddr, MII_SREVISION, MII_READ);
5641 - phy_reserved |= PHY_INIT6;
5642 + phy_reserved |= PHY_CICADA_INIT6;
5643 if (mii_rw(dev, np->phyaddr, MII_SREVISION, phy_reserved)) {
5644 printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5645 return PHY_ERROR;
5646 }
5647 }
5648 + if (np->phy_oui == PHY_OUI_VITESSE) {
5649 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG1, PHY_VITESSE_INIT1)) {
5650 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5651 + return PHY_ERROR;
5652 + }
5653 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT2)) {
5654 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5655 + return PHY_ERROR;
5656 + }
5657 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, MII_READ);
5658 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, phy_reserved)) {
5659 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5660 + return PHY_ERROR;
5661 + }
5662 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, MII_READ);
5663 + phy_reserved &= ~PHY_VITESSE_INIT_MSK1;
5664 + phy_reserved |= PHY_VITESSE_INIT3;
5665 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, phy_reserved)) {
5666 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5667 + return PHY_ERROR;
5668 + }
5669 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT4)) {
5670 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5671 + return PHY_ERROR;
5672 + }
5673 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT5)) {
5674 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5675 + return PHY_ERROR;
5676 + }
5677 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, MII_READ);
5678 + phy_reserved &= ~PHY_VITESSE_INIT_MSK1;
5679 + phy_reserved |= PHY_VITESSE_INIT3;
5680 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, phy_reserved)) {
5681 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5682 + return PHY_ERROR;
5683 + }
5684 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, MII_READ);
5685 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, phy_reserved)) {
5686 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5687 + return PHY_ERROR;
5688 + }
5689 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT6)) {
5690 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5691 + return PHY_ERROR;
5692 + }
5693 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT7)) {
5694 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5695 + return PHY_ERROR;
5696 + }
5697 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, MII_READ);
5698 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG4, phy_reserved)) {
5699 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5700 + return PHY_ERROR;
5701 + }
5702 + phy_reserved = mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, MII_READ);
5703 + phy_reserved &= ~PHY_VITESSE_INIT_MSK2;
5704 + phy_reserved |= PHY_VITESSE_INIT8;
5705 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG3, phy_reserved)) {
5706 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5707 + return PHY_ERROR;
5708 + }
5709 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG2, PHY_VITESSE_INIT9)) {
5710 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5711 + return PHY_ERROR;
5712 + }
5713 + if (mii_rw(dev, np->phyaddr, PHY_VITESSE_INIT_REG1, PHY_VITESSE_INIT10)) {
5714 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5715 + return PHY_ERROR;
5716 + }
5717 + }
5718 + if (np->phy_oui == PHY_OUI_REALTEK) {
5719 + /* reset could have cleared these out, set them back */
5720 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT1)) {
5721 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5722 + return PHY_ERROR;
5723 + }
5724 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG2, PHY_REALTEK_INIT2)) {
5725 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5726 + return PHY_ERROR;
5727 + }
5728 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT3)) {
5729 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5730 + return PHY_ERROR;
5731 + }
5732 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG3, PHY_REALTEK_INIT4)) {
5733 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5734 + return PHY_ERROR;
5735 + }
5736 + if (mii_rw(dev, np->phyaddr, PHY_REALTEK_INIT_REG1, PHY_REALTEK_INIT1)) {
5737 + printk(KERN_INFO "%s: phy init failed.\n", pci_name(np->pci_dev));
5738 + return PHY_ERROR;
5739 + }
5740 + }
5741 +
5742 /* some phys clear out pause advertisment on reset, set it back */
5743 mii_rw(dev, np->phyaddr, MII_ADVERTISE, reg);
5745 @@ -1458,7 +1600,7 @@ static void nv_do_rx_refill(unsigned long data)
5746 if (np->msi_flags & NV_MSI_X_ENABLED)
5747 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5748 else
5749 - disable_irq(dev->irq);
5750 + disable_irq(np->pci_dev->irq);
5751 } else {
5752 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_RX].vector);
5753 }
5754 @@ -1476,7 +1618,7 @@ static void nv_do_rx_refill(unsigned long data)
5755 if (np->msi_flags & NV_MSI_X_ENABLED)
5756 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5757 else
5758 - enable_irq(dev->irq);
5759 + enable_irq(np->pci_dev->irq);
5760 } else {
5761 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_RX].vector);
5762 }
5763 @@ -2925,8 +3067,8 @@ static irqreturn_t nv_nic_irq(int foo, void *data)
5764 np->nic_poll_irq = np->irqmask;
5765 mod_timer(&np->nic_poll, jiffies + POLL_WAIT);
5766 }
5767 - printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq.\n", dev->name, i);
5768 spin_unlock(&np->lock);
5769 + printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq.\n", dev->name, i);
5770 break;
5771 }
5773 @@ -3043,8 +3185,8 @@ static irqreturn_t nv_nic_irq_optimized(int foo, void *data)
5774 np->nic_poll_irq = np->irqmask;
5775 mod_timer(&np->nic_poll, jiffies + POLL_WAIT);
5776 }
5777 - printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq.\n", dev->name, i);
5778 spin_unlock(&np->lock);
5779 + printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq.\n", dev->name, i);
5780 break;
5781 }
5783 @@ -3090,8 +3232,8 @@ static irqreturn_t nv_nic_irq_tx(int foo, void *data)
5784 np->nic_poll_irq |= NVREG_IRQ_TX_ALL;
5785 mod_timer(&np->nic_poll, jiffies + POLL_WAIT);
5786 }
5787 - printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_tx.\n", dev->name, i);
5788 spin_unlock_irqrestore(&np->lock, flags);
5789 + printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_tx.\n", dev->name, i);
5790 break;
5791 }
5793 @@ -3205,8 +3347,8 @@ static irqreturn_t nv_nic_irq_rx(int foo, void *data)
5794 np->nic_poll_irq |= NVREG_IRQ_RX_ALL;
5795 mod_timer(&np->nic_poll, jiffies + POLL_WAIT);
5796 }
5797 - printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_rx.\n", dev->name, i);
5798 spin_unlock_irqrestore(&np->lock, flags);
5799 + printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_rx.\n", dev->name, i);
5800 break;
5801 }
5802 }
5803 @@ -3278,8 +3420,8 @@ static irqreturn_t nv_nic_irq_other(int foo, void *data)
5804 np->nic_poll_irq |= NVREG_IRQ_OTHER;
5805 mod_timer(&np->nic_poll, jiffies + POLL_WAIT);
5806 }
5807 - printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_other.\n", dev->name, i);
5808 spin_unlock_irqrestore(&np->lock, flags);
5809 + printk(KERN_DEBUG "%s: too many iterations (%d) in nv_nic_irq_other.\n", dev->name, i);
5810 break;
5811 }
5813 @@ -3414,10 +3556,12 @@ static int nv_request_irq(struct net_device *dev, int intr_test)
5814 if (ret != 0 && np->msi_flags & NV_MSI_CAPABLE) {
5815 if ((ret = pci_enable_msi(np->pci_dev)) == 0) {
5816 np->msi_flags |= NV_MSI_ENABLED;
5817 + dev->irq = np->pci_dev->irq;
5818 if (request_irq(np->pci_dev->irq, handler, IRQF_SHARED, dev->name, dev) != 0) {
5819 printk(KERN_INFO "forcedeth: request_irq failed %d\n", ret);
5820 pci_disable_msi(np->pci_dev);
5821 np->msi_flags &= ~NV_MSI_ENABLED;
5822 + dev->irq = np->pci_dev->irq;
5823 goto out_err;
5824 }
5826 @@ -3480,7 +3624,7 @@ static void nv_do_nic_poll(unsigned long data)
5827 if (np->msi_flags & NV_MSI_X_ENABLED)
5828 disable_irq_lockdep(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5829 else
5830 - disable_irq_lockdep(dev->irq);
5831 + disable_irq_lockdep(np->pci_dev->irq);
5832 mask = np->irqmask;
5833 } else {
5834 if (np->nic_poll_irq & NVREG_IRQ_RX_ALL) {
5835 @@ -3498,6 +3642,8 @@ static void nv_do_nic_poll(unsigned long data)
5836 }
5837 np->nic_poll_irq = 0;
5839 + /* disable_irq() contains synchronize_irq, thus no irq handler can run now */
5840 +
5841 if (np->recover_error) {
5842 np->recover_error = 0;
5843 printk(KERN_INFO "forcedeth: MAC in recoverable error state\n");
5844 @@ -3534,7 +3680,6 @@ static void nv_do_nic_poll(unsigned long data)
5845 }
5846 }
5848 - /* FIXME: Do we need synchronize_irq(dev->irq) here? */
5850 writel(mask, base + NvRegIrqMask);
5851 pci_push(base);
5852 @@ -3547,7 +3692,7 @@ static void nv_do_nic_poll(unsigned long data)
5853 if (np->msi_flags & NV_MSI_X_ENABLED)
5854 enable_irq_lockdep(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
5855 else
5856 - enable_irq_lockdep(dev->irq);
5857 + enable_irq_lockdep(np->pci_dev->irq);
5858 } else {
5859 if (np->nic_poll_irq & NVREG_IRQ_RX_ALL) {
5860 nv_nic_irq_rx(0, dev);
5861 @@ -4801,7 +4946,7 @@ static int nv_close(struct net_device *dev)
5862 np->in_shutdown = 1;
5863 spin_unlock_irq(&np->lock);
5864 netif_poll_disable(dev);
5865 - synchronize_irq(dev->irq);
5866 + synchronize_irq(np->pci_dev->irq);
5868 del_timer_sync(&np->oom_kick);
5869 del_timer_sync(&np->nic_poll);
5870 @@ -5138,19 +5283,15 @@ static int __devinit nv_probe(struct pci_dev *pci_dev, const struct pci_device_i
5871 if (readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_SYNC_PHY_INIT) {
5872 np->mac_in_use = readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_MGMT_ST;
5873 dprintk(KERN_INFO "%s: mgmt unit is running. mac in use %x.\n", pci_name(pci_dev), np->mac_in_use);
5874 - for (i = 0; i < 5000; i++) {
5875 - msleep(1);
5876 - if (nv_mgmt_acquire_sema(dev)) {
5877 - /* management unit setup the phy already? */
5878 - if ((readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_SYNC_MASK) ==
5879 - NVREG_XMITCTL_SYNC_PHY_INIT) {
5880 - /* phy is inited by mgmt unit */
5881 - phyinitialized = 1;
5882 - dprintk(KERN_INFO "%s: Phy already initialized by mgmt unit.\n", pci_name(pci_dev));
5883 - } else {
5884 - /* we need to init the phy */
5885 - }
5886 - break;
5887 + if (nv_mgmt_acquire_sema(dev)) {
5888 + /* management unit setup the phy already? */
5889 + if ((readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_SYNC_MASK) ==
5890 + NVREG_XMITCTL_SYNC_PHY_INIT) {
5891 + /* phy is inited by mgmt unit */
5892 + phyinitialized = 1;
5893 + dprintk(KERN_INFO "%s: Phy already initialized by mgmt unit.\n", pci_name(pci_dev));
5894 + } else {
5895 + /* we need to init the phy */
5896 }
5897 }
5898 }
5899 @@ -5408,6 +5549,22 @@ static struct pci_device_id pci_tbl[] = {
5900 PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_27),
5901 .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_HIGH_DMA|DEV_HAS_POWER_CNTRL|DEV_HAS_MSI|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
5902 },
5903 + { /* MCP79 Ethernet Controller */
5904 + PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_36),
5905 + .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
5906 + },
5907 + { /* MCP79 Ethernet Controller */
5908 + PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_37),
5909 + .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
5910 + },
5911 + { /* MCP79 Ethernet Controller */
5912 + PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_38),
5913 + .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
5914 + },
5915 + { /* MCP79 Ethernet Controller */
5916 + PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_39),
5917 + .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
5918 + },
5919 {0,},
5920 };
5922 diff --git a/drivers/net/natsemi.c b/drivers/net/natsemi.c
5923 index 460a087..41f68ec 100644
5924 --- a/drivers/net/natsemi.c
5925 +++ b/drivers/net/natsemi.c
5926 @@ -671,7 +671,7 @@ static ssize_t natsemi_show_##_name(struct device *dev, \
5927 #define NATSEMI_CREATE_FILE(_dev, _name) \
5928 device_create_file(&_dev->dev, &dev_attr_##_name)
5929 #define NATSEMI_REMOVE_FILE(_dev, _name) \
5930 - device_create_file(&_dev->dev, &dev_attr_##_name)
5931 + device_remove_file(&_dev->dev, &dev_attr_##_name)
5933 NATSEMI_ATTR(dspcfg_workaround);
5935 diff --git a/drivers/net/ppp_generic.c b/drivers/net/ppp_generic.c
5936 index 3ef0092..9a81fed 100644
5937 --- a/drivers/net/ppp_generic.c
5938 +++ b/drivers/net/ppp_generic.c
5939 @@ -1726,7 +1726,7 @@ ppp_decompress_frame(struct ppp *ppp, struct sk_buff *skb)
5940 }
5941 /* the decompressor still expects the A/C bytes in the hdr */
5942 len = ppp->rcomp->decompress(ppp->rc_state, skb->data - 2,
5943 - skb->len + 2, ns->data, ppp->mru + PPP_HDRLEN);
5944 + skb->len + 2, ns->data, obuff_size);
5945 if (len < 0) {
5946 /* Pass the compressed frame to pppd as an
5947 error indication. */
5948 diff --git a/drivers/net/ppp_mppe.c b/drivers/net/ppp_mppe.c
5949 index d5bdd25..39e0e12 100644
5950 --- a/drivers/net/ppp_mppe.c
5951 +++ b/drivers/net/ppp_mppe.c
5952 @@ -136,7 +136,7 @@ struct ppp_mppe_state {
5953 * Key Derivation, from RFC 3078, RFC 3079.
5954 * Equivalent to Get_Key() for MS-CHAP as described in RFC 3079.
5955 */
5956 -static void get_new_key_from_sha(struct ppp_mppe_state * state, unsigned char *InterimKey)
5957 +static void get_new_key_from_sha(struct ppp_mppe_state * state)
5958 {
5959 struct hash_desc desc;
5960 struct scatterlist sg[4];
5961 @@ -153,8 +153,6 @@ static void get_new_key_from_sha(struct ppp_mppe_state * state, unsigned char *I
5962 desc.flags = 0;
5964 crypto_hash_digest(&desc, sg, nbytes, state->sha1_digest);
5965 -
5966 - memcpy(InterimKey, state->sha1_digest, state->keylen);
5967 }
5969 /*
5970 @@ -163,21 +161,21 @@ static void get_new_key_from_sha(struct ppp_mppe_state * state, unsigned char *I
5971 */
5972 static void mppe_rekey(struct ppp_mppe_state * state, int initial_key)
5973 {
5974 - unsigned char InterimKey[MPPE_MAX_KEY_LEN];
5975 struct scatterlist sg_in[1], sg_out[1];
5976 struct blkcipher_desc desc = { .tfm = state->arc4 };
5978 - get_new_key_from_sha(state, InterimKey);
5979 + get_new_key_from_sha(state);
5980 if (!initial_key) {
5981 - crypto_blkcipher_setkey(state->arc4, InterimKey, state->keylen);
5982 - setup_sg(sg_in, InterimKey, state->keylen);
5983 + crypto_blkcipher_setkey(state->arc4, state->sha1_digest,
5984 + state->keylen);
5985 + setup_sg(sg_in, state->sha1_digest, state->keylen);
5986 setup_sg(sg_out, state->session_key, state->keylen);
5987 if (crypto_blkcipher_encrypt(&desc, sg_out, sg_in,
5988 state->keylen) != 0) {
5989 printk(KERN_WARNING "mppe_rekey: cipher_encrypt failed\n");
5990 }
5991 } else {
5992 - memcpy(state->session_key, InterimKey, state->keylen);
5993 + memcpy(state->session_key, state->sha1_digest, state->keylen);
5994 }
5995 if (state->keylen == 8) {
5996 /* See RFC 3078 */
5997 diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c
5998 index 5ec7752..84958c8 100644
5999 --- a/drivers/net/r8169.c
6000 +++ b/drivers/net/r8169.c
6001 @@ -2649,14 +2649,16 @@ rtl8169_interrupt(int irq, void *dev_instance)
6002 rtl8169_check_link_status(dev, tp, ioaddr);
6004 #ifdef CONFIG_R8169_NAPI
6005 - RTL_W16(IntrMask, rtl8169_intr_mask & ~rtl8169_napi_event);
6006 - tp->intr_mask = ~rtl8169_napi_event;
6007 -
6008 - if (likely(netif_rx_schedule_prep(dev)))
6009 - __netif_rx_schedule(dev);
6010 - else if (netif_msg_intr(tp)) {
6011 - printk(KERN_INFO "%s: interrupt %04x taken in poll\n",
6012 - dev->name, status);
6013 + if (status & rtl8169_napi_event) {
6014 + RTL_W16(IntrMask, rtl8169_intr_mask & ~rtl8169_napi_event);
6015 + tp->intr_mask = ~rtl8169_napi_event;
6016 +
6017 + if (likely(netif_rx_schedule_prep(dev)))
6018 + __netif_rx_schedule(dev);
6019 + else if (netif_msg_intr(tp)) {
6020 + printk(KERN_INFO "%s: interrupt %04x in poll\n",
6021 + dev->name, status);
6022 + }
6023 }
6024 break;
6025 #else
6026 diff --git a/drivers/net/sky2.c b/drivers/net/sky2.c
6027 index fe01b96..607b1a3 100644
6028 --- a/drivers/net/sky2.c
6029 +++ b/drivers/net/sky2.c
6030 @@ -96,10 +96,6 @@ static int disable_msi = 0;
6031 module_param(disable_msi, int, 0);
6032 MODULE_PARM_DESC(disable_msi, "Disable Message Signaled Interrupt (MSI)");
6034 -static int idle_timeout = 0;
6035 -module_param(idle_timeout, int, 0);
6036 -MODULE_PARM_DESC(idle_timeout, "Watchdog timer for lost interrupts (ms)");
6037 -
6038 static const struct pci_device_id sky2_id_table[] = {
6039 { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9000) }, /* SK-9Sxx */
6040 { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9E00) }, /* SK-9Exx */
6041 @@ -657,8 +653,8 @@ static void sky2_mac_init(struct sky2_hw *hw, unsigned port)
6042 int i;
6043 const u8 *addr = hw->dev[port]->dev_addr;
6045 - sky2_write32(hw, SK_REG(port, GPHY_CTRL), GPC_RST_SET);
6046 - sky2_write32(hw, SK_REG(port, GPHY_CTRL), GPC_RST_CLR);
6047 + sky2_write8(hw, SK_REG(port, GPHY_CTRL), GPC_RST_SET);
6048 + sky2_write8(hw, SK_REG(port, GPHY_CTRL), GPC_RST_CLR);
6050 sky2_write8(hw, SK_REG(port, GMAC_CTRL), GMC_RST_CLR);
6052 @@ -835,6 +831,20 @@ static inline struct sky2_tx_le *get_tx_le(struct sky2_port *sky2)
6053 return le;
6054 }
6056 +static void tx_init(struct sky2_port *sky2)
6057 +{
6058 + struct sky2_tx_le *le;
6059 +
6060 + sky2->tx_prod = sky2->tx_cons = 0;
6061 + sky2->tx_tcpsum = 0;
6062 + sky2->tx_last_mss = 0;
6063 +
6064 + le = get_tx_le(sky2);
6065 + le->addr = 0;
6066 + le->opcode = OP_ADDR64 | HW_OWNER;
6067 + sky2->tx_addr64 = 0;
6068 +}
6069 +
6070 static inline struct tx_ring_info *tx_le_re(struct sky2_port *sky2,
6071 struct sky2_tx_le *le)
6072 {
6073 @@ -1234,6 +1244,8 @@ static int sky2_up(struct net_device *dev)
6074 if (netif_msg_ifup(sky2))
6075 printk(KERN_INFO PFX "%s: enabling interface\n", dev->name);
6077 + netif_carrier_off(dev);
6078 +
6079 /* must be power of 2 */
6080 sky2->tx_le = pci_alloc_consistent(hw->pdev,
6081 TX_RING_SIZE *
6082 @@ -1246,7 +1258,8 @@ static int sky2_up(struct net_device *dev)
6083 GFP_KERNEL);
6084 if (!sky2->tx_ring)
6085 goto err_out;
6086 - sky2->tx_prod = sky2->tx_cons = 0;
6087 +
6088 + tx_init(sky2);
6090 sky2->rx_le = pci_alloc_consistent(hw->pdev, RX_LE_BYTES,
6091 &sky2->rx_le_map);
6092 @@ -1573,7 +1586,6 @@ static int sky2_down(struct net_device *dev)
6094 /* Stop more packets from being queued */
6095 netif_stop_queue(dev);
6096 - netif_carrier_off(dev);
6098 /* Disable port IRQ */
6099 imask = sky2_read32(hw, B0_IMSK);
6100 @@ -1625,6 +1637,8 @@ static int sky2_down(struct net_device *dev)
6102 sky2_phy_power(hw, port, 0);
6104 + netif_carrier_off(dev);
6105 +
6106 /* turn off LED's */
6107 sky2_write16(hw, B0_Y2LED, LED_STAT_OFF);
6109 @@ -1689,7 +1703,8 @@ static void sky2_link_up(struct sky2_port *sky2)
6110 gm_phy_write(hw, port, PHY_MARV_INT_MASK, PHY_M_DEF_MSK);
6112 netif_carrier_on(sky2->netdev);
6113 - netif_wake_queue(sky2->netdev);
6114 +
6115 + mod_timer(&hw->watchdog_timer, jiffies + 1);
6117 /* Turn on link LED */
6118 sky2_write8(hw, SK_REG(port, LNK_LED_REG),
6119 @@ -1741,7 +1756,6 @@ static void sky2_link_down(struct sky2_port *sky2)
6120 gma_write16(hw, port, GM_GP_CTRL, reg);
6122 netif_carrier_off(sky2->netdev);
6123 - netif_stop_queue(sky2->netdev);
6125 /* Turn on link LED */
6126 sky2_write8(hw, SK_REG(port, LNK_LED_REG), LINKLED_OFF);
6127 @@ -2050,6 +2064,7 @@ static struct sk_buff *sky2_receive(struct net_device *dev,
6128 struct sky2_port *sky2 = netdev_priv(dev);
6129 struct rx_ring_info *re = sky2->rx_ring + sky2->rx_next;
6130 struct sk_buff *skb = NULL;
6131 + u16 count;
6133 if (unlikely(netif_msg_rx_status(sky2)))
6134 printk(KERN_DEBUG PFX "%s: rx slot %u status 0x%x len %d\n",
6135 @@ -2064,6 +2079,15 @@ static struct sk_buff *sky2_receive(struct net_device *dev,
6136 if (!(status & GMR_FS_RX_OK))
6137 goto resubmit;
6139 + count = (status & GMR_FS_LEN) >> 16;
6140 +#ifdef SKY2_VLAN_TAG_USED
6141 + /* Account for vlan tag */
6142 + if (sky2->vlgrp && (status & GMR_FS_VLAN))
6143 + count -= VLAN_HLEN;
6144 +#endif
6145 + if (count != length)
6146 + goto len_mismatch;
6147 +
6148 if (length < copybreak)
6149 skb = receive_copy(sky2, re, length);
6150 else
6151 @@ -2073,6 +2097,11 @@ resubmit:
6153 return skb;
6155 +len_mismatch:
6156 + /* Truncation of overlength packets
6157 + causes PHY length to not match MAC length */
6158 + ++sky2->net_stats.rx_length_errors;
6159 +
6160 error:
6161 ++sky2->net_stats.rx_errors;
6162 if (status & GMR_FS_RX_FF_OV) {
6163 @@ -2375,25 +2404,25 @@ static void sky2_le_error(struct sky2_hw *hw, unsigned port,
6164 sky2_write32(hw, Q_ADDR(q, Q_CSR), BMU_CLR_IRQ_CHK);
6165 }
6167 -/* If idle then force a fake soft NAPI poll once a second
6168 - * to work around cases where sharing an edge triggered interrupt.
6169 - */
6170 -static inline void sky2_idle_start(struct sky2_hw *hw)
6171 -{
6172 - if (idle_timeout > 0)
6173 - mod_timer(&hw->idle_timer,
6174 - jiffies + msecs_to_jiffies(idle_timeout));
6175 -}
6176 -
6177 -static void sky2_idle(unsigned long arg)
6178 +/* Force a fake soft NAPI poll to handle lost IRQ's */
6179 +static void sky2_watchdog(unsigned long arg)
6180 {
6181 struct sky2_hw *hw = (struct sky2_hw *) arg;
6182 struct net_device *dev = hw->dev[0];
6183 + int i, active = 0;
6185 if (__netif_rx_schedule_prep(dev))
6186 __netif_rx_schedule(dev);
6188 - mod_timer(&hw->idle_timer, jiffies + msecs_to_jiffies(idle_timeout));
6189 + for (i = 0; i < hw->ports; i++) {
6190 + dev = hw->dev[i];
6191 + if (!netif_running(dev))
6192 + continue;
6193 + ++active;
6194 + }
6195 +
6196 + if (active)
6197 + mod_timer(&hw->watchdog_timer, round_jiffies(jiffies + HZ));
6198 }
6200 /* Hardware/software error handling */
6201 @@ -2427,8 +2456,7 @@ static void sky2_err_intr(struct sky2_hw *hw, u32 status)
6202 static int sky2_poll(struct net_device *dev0, int *budget)
6203 {
6204 struct sky2_hw *hw = ((struct sky2_port *) netdev_priv(dev0))->hw;
6205 - int work_limit = min(dev0->quota, *budget);
6206 - int work_done = 0;
6207 + int work_done;
6208 u32 status = sky2_read32(hw, B0_Y2_SP_EISR);
6210 if (unlikely(status & Y2_IS_ERROR))
6211 @@ -2440,18 +2468,25 @@ static int sky2_poll(struct net_device *dev0, int *budget)
6212 if (status & Y2_IS_IRQ_PHY2)
6213 sky2_phy_intr(hw, 1);
6215 - work_done = sky2_status_intr(hw, work_limit);
6216 - if (work_done < work_limit) {
6217 - netif_rx_complete(dev0);
6218 + work_done = sky2_status_intr(hw, min(dev0->quota, *budget));
6219 + *budget -= work_done;
6220 + dev0->quota -= work_done;
6222 - /* end of interrupt, re-enables also acts as I/O synchronization */
6223 - sky2_read32(hw, B0_Y2_SP_LISR);
6224 - return 0;
6225 - } else {
6226 - *budget -= work_done;
6227 - dev0->quota -= work_done;
6228 + /* More work? */
6229 + if (hw->st_idx != sky2_read16(hw, STAT_PUT_IDX))
6230 return 1;
6231 +
6232 + /* Bug/Errata workaround?
6233 + * Need to kick the TX irq moderation timer.
6234 + */
6235 + if (sky2_read8(hw, STAT_TX_TIMER_CTRL) == TIM_START) {
6236 + sky2_write8(hw, STAT_TX_TIMER_CTRL, TIM_STOP);
6237 + sky2_write8(hw, STAT_TX_TIMER_CTRL, TIM_START);
6238 }
6239 + netif_rx_complete(dev0);
6240 +
6241 + sky2_read32(hw, B0_Y2_SP_LISR);
6242 + return 0;
6243 }
6245 static irqreturn_t sky2_intr(int irq, void *dev_id)
6246 @@ -2677,8 +2712,6 @@ static void sky2_restart(struct work_struct *work)
6248 dev_dbg(&hw->pdev->dev, "restarting\n");
6250 - del_timer_sync(&hw->idle_timer);
6251 -
6252 rtnl_lock();
6253 sky2_write32(hw, B0_IMSK, 0);
6254 sky2_read32(hw, B0_IMSK);
6255 @@ -2707,8 +2740,6 @@ static void sky2_restart(struct work_struct *work)
6256 }
6257 }
6259 - sky2_idle_start(hw);
6260 -
6261 rtnl_unlock();
6262 }
6264 @@ -3486,10 +3517,6 @@ static __devinit struct net_device *sky2_init_netdev(struct sky2_hw *hw,
6265 memcpy_fromio(dev->dev_addr, hw->regs + B2_MAC_1 + port * 8, ETH_ALEN);
6266 memcpy(dev->perm_addr, dev->dev_addr, dev->addr_len);
6268 - /* device is off until link detection */
6269 - netif_carrier_off(dev);
6270 - netif_stop_queue(dev);
6271 -
6272 return dev;
6273 }
6275 @@ -3702,11 +3729,9 @@ static int __devinit sky2_probe(struct pci_dev *pdev,
6276 sky2_show_addr(dev1);
6277 }
6279 - setup_timer(&hw->idle_timer, sky2_idle, (unsigned long) hw);
6280 + setup_timer(&hw->watchdog_timer, sky2_watchdog, (unsigned long) hw);
6281 INIT_WORK(&hw->restart_work, sky2_restart);
6283 - sky2_idle_start(hw);
6284 -
6285 pci_set_drvdata(pdev, hw);
6287 return 0;
6288 @@ -3741,7 +3766,7 @@ static void __devexit sky2_remove(struct pci_dev *pdev)
6289 if (!hw)
6290 return;
6292 - del_timer_sync(&hw->idle_timer);
6293 + del_timer_sync(&hw->watchdog_timer);
6295 flush_scheduled_work();
6297 @@ -3785,7 +3810,7 @@ static int sky2_suspend(struct pci_dev *pdev, pm_message_t state)
6298 if (!hw)
6299 return 0;
6301 - del_timer_sync(&hw->idle_timer);
6302 + del_timer_sync(&hw->watchdog_timer);
6303 netif_poll_disable(hw->dev[0]);
6305 for (i = 0; i < hw->ports; i++) {
6306 @@ -3851,7 +3876,7 @@ static int sky2_resume(struct pci_dev *pdev)
6307 }
6309 netif_poll_enable(hw->dev[0]);
6310 - sky2_idle_start(hw);
6311 +
6312 return 0;
6313 out:
6314 dev_err(&pdev->dev, "resume failed (%d)\n", err);
6315 @@ -3868,7 +3893,6 @@ static void sky2_shutdown(struct pci_dev *pdev)
6316 if (!hw)
6317 return;
6319 - del_timer_sync(&hw->idle_timer);
6320 netif_poll_disable(hw->dev[0]);
6322 for (i = 0; i < hw->ports; i++) {
6323 diff --git a/drivers/net/sky2.h b/drivers/net/sky2.h
6324 index b8c4a3b..a059e0a 100644
6325 --- a/drivers/net/sky2.h
6326 +++ b/drivers/net/sky2.h
6327 @@ -1921,7 +1921,7 @@ struct sky2_hw {
6328 u32 st_idx;
6329 dma_addr_t st_dma;
6331 - struct timer_list idle_timer;
6332 + struct timer_list watchdog_timer;
6333 struct work_struct restart_work;
6334 int msi;
6335 wait_queue_head_t msi_wait;
6336 diff --git a/drivers/net/usb/dm9601.c b/drivers/net/usb/dm9601.c
6337 index 16c7a0e..a2de32f 100644
6338 --- a/drivers/net/usb/dm9601.c
6339 +++ b/drivers/net/usb/dm9601.c
6340 @@ -405,7 +405,7 @@ static int dm9601_bind(struct usbnet *dev, struct usb_interface *intf)
6341 dev->net->ethtool_ops = &dm9601_ethtool_ops;
6342 dev->net->hard_header_len += DM_TX_OVERHEAD;
6343 dev->hard_mtu = dev->net->mtu + dev->net->hard_header_len;
6344 - dev->rx_urb_size = dev->net->mtu + DM_RX_OVERHEAD;
6345 + dev->rx_urb_size = dev->net->mtu + ETH_HLEN + DM_RX_OVERHEAD;
6347 dev->mii.dev = dev->net;
6348 dev->mii.mdio_read = dm9601_mdio_read;
6349 diff --git a/drivers/net/usb/kaweth.c b/drivers/net/usb/kaweth.c
6350 index 60d2944..4ebb6ea 100644
6351 --- a/drivers/net/usb/kaweth.c
6352 +++ b/drivers/net/usb/kaweth.c
6353 @@ -70,7 +70,7 @@
6354 #define KAWETH_TX_TIMEOUT (5 * HZ)
6355 #define KAWETH_SCRATCH_SIZE 32
6356 #define KAWETH_FIRMWARE_BUF_SIZE 4096
6357 -#define KAWETH_CONTROL_TIMEOUT (30 * HZ)
6358 +#define KAWETH_CONTROL_TIMEOUT (30000)
6360 #define KAWETH_STATUS_BROKEN 0x0000001
6361 #define KAWETH_STATUS_CLOSING 0x0000002
6362 diff --git a/drivers/net/usb/mcs7830.c b/drivers/net/usb/mcs7830.c
6363 index 6240b97..3bbc5c4 100644
6364 --- a/drivers/net/usb/mcs7830.c
6365 +++ b/drivers/net/usb/mcs7830.c
6366 @@ -94,7 +94,7 @@ static int mcs7830_get_reg(struct usbnet *dev, u16 index, u16 size, void *data)
6368 ret = usb_control_msg(xdev, usb_rcvctrlpipe(xdev, 0), MCS7830_RD_BREQ,
6369 MCS7830_RD_BMREQ, 0x0000, index, data,
6370 - size, msecs_to_jiffies(MCS7830_CTRL_TIMEOUT));
6371 + size, MCS7830_CTRL_TIMEOUT);
6372 return ret;
6373 }
6375 @@ -105,7 +105,7 @@ static int mcs7830_set_reg(struct usbnet *dev, u16 index, u16 size, void *data)
6377 ret = usb_control_msg(xdev, usb_sndctrlpipe(xdev, 0), MCS7830_WR_BREQ,
6378 MCS7830_WR_BMREQ, 0x0000, index, data,
6379 - size, msecs_to_jiffies(MCS7830_CTRL_TIMEOUT));
6380 + size, MCS7830_CTRL_TIMEOUT);
6381 return ret;
6382 }
6384 diff --git a/drivers/net/via-velocity.c b/drivers/net/via-velocity.c
6385 index b670b97..431269e 100644
6386 --- a/drivers/net/via-velocity.c
6387 +++ b/drivers/net/via-velocity.c
6388 @@ -1075,6 +1075,9 @@ static int velocity_init_rd_ring(struct velocity_info *vptr)
6389 int ret = -ENOMEM;
6390 unsigned int rsize = sizeof(struct velocity_rd_info) *
6391 vptr->options.numrx;
6392 + int mtu = vptr->dev->mtu;
6393 +
6394 + vptr->rx_buf_sz = (mtu <= ETH_DATA_LEN) ? PKT_BUF_SZ : mtu + 32;
6396 vptr->rd_info = kmalloc(rsize, GFP_KERNEL);
6397 if(vptr->rd_info == NULL)
6398 @@ -1733,8 +1736,6 @@ static int velocity_open(struct net_device *dev)
6399 struct velocity_info *vptr = netdev_priv(dev);
6400 int ret;
6402 - vptr->rx_buf_sz = (dev->mtu <= 1504 ? PKT_BUF_SZ : dev->mtu + 32);
6403 -
6404 ret = velocity_init_rings(vptr);
6405 if (ret < 0)
6406 goto out;
6407 @@ -1798,6 +1799,11 @@ static int velocity_change_mtu(struct net_device *dev, int new_mtu)
6408 return -EINVAL;
6409 }
6411 + if (!netif_running(dev)) {
6412 + dev->mtu = new_mtu;
6413 + return 0;
6414 + }
6415 +
6416 if (new_mtu != oldmtu) {
6417 spin_lock_irqsave(&vptr->lock, flags);
6419 @@ -1808,12 +1814,6 @@ static int velocity_change_mtu(struct net_device *dev, int new_mtu)
6420 velocity_free_rd_ring(vptr);
6422 dev->mtu = new_mtu;
6423 - if (new_mtu > 8192)
6424 - vptr->rx_buf_sz = 9 * 1024;
6425 - else if (new_mtu > 4096)
6426 - vptr->rx_buf_sz = 8192;
6427 - else
6428 - vptr->rx_buf_sz = 4 * 1024;
6430 ret = velocity_init_rd_ring(vptr);
6431 if (ret < 0)
6432 diff --git a/drivers/net/wireless/bcm43xx/bcm43xx_main.c b/drivers/net/wireless/bcm43xx/bcm43xx_main.c
6433 index ef6b253..dadee85 100644
6434 --- a/drivers/net/wireless/bcm43xx/bcm43xx_main.c
6435 +++ b/drivers/net/wireless/bcm43xx/bcm43xx_main.c
6436 @@ -3183,6 +3183,9 @@ static void bcm43xx_periodic_work_handler(struct work_struct *work)
6437 unsigned long orig_trans_start = 0;
6439 mutex_lock(&bcm->mutex);
6440 + /* keep from doing and rearming periodic work if shutting down */
6441 + if (bcm43xx_status(bcm) == BCM43xx_STAT_UNINIT)
6442 + goto unlock_mutex;
6443 if (unlikely(bcm->periodic_state % 60 == 0)) {
6444 /* Periodic work will take a long time, so we want it to
6445 * be preemtible.
6446 @@ -3228,14 +3231,10 @@ static void bcm43xx_periodic_work_handler(struct work_struct *work)
6447 mmiowb();
6448 bcm->periodic_state++;
6449 spin_unlock_irqrestore(&bcm->irq_lock, flags);
6450 +unlock_mutex:
6451 mutex_unlock(&bcm->mutex);
6452 }
6454 -void bcm43xx_periodic_tasks_delete(struct bcm43xx_private *bcm)
6455 -{
6456 - cancel_rearming_delayed_work(&bcm->periodic_work);
6457 -}
6458 -
6459 void bcm43xx_periodic_tasks_setup(struct bcm43xx_private *bcm)
6460 {
6461 struct delayed_work *work = &bcm->periodic_work;
6462 @@ -3285,6 +3284,14 @@ static int bcm43xx_rng_init(struct bcm43xx_private *bcm)
6463 return err;
6464 }
6466 +void bcm43xx_cancel_work(struct bcm43xx_private *bcm)
6467 +{
6468 + /* The system must be unlocked when this routine is entered.
6469 + * If not, the next 2 steps may deadlock */
6470 + cancel_work_sync(&bcm->restart_work);
6471 + cancel_rearming_delayed_work(&bcm->periodic_work);
6472 +}
6473 +
6474 static int bcm43xx_shutdown_all_wireless_cores(struct bcm43xx_private *bcm)
6475 {
6476 int ret = 0;
6477 @@ -3321,7 +3328,12 @@ static void bcm43xx_free_board(struct bcm43xx_private *bcm)
6478 {
6479 bcm43xx_rng_exit(bcm);
6480 bcm43xx_sysfs_unregister(bcm);
6481 - bcm43xx_periodic_tasks_delete(bcm);
6482 +
6483 + mutex_lock(&(bcm)->mutex);
6484 + bcm43xx_set_status(bcm, BCM43xx_STAT_UNINIT);
6485 + mutex_unlock(&(bcm)->mutex);
6486 +
6487 + bcm43xx_cancel_work(bcm);
6489 mutex_lock(&(bcm)->mutex);
6490 bcm43xx_shutdown_all_wireless_cores(bcm);
6491 @@ -4018,7 +4030,7 @@ static int bcm43xx_net_stop(struct net_device *net_dev)
6492 err = bcm43xx_disable_interrupts_sync(bcm);
6493 assert(!err);
6494 bcm43xx_free_board(bcm);
6495 - flush_scheduled_work();
6496 + bcm43xx_cancel_work(bcm);
6498 return 0;
6499 }
6500 @@ -4150,9 +4162,9 @@ static void bcm43xx_chip_reset(struct work_struct *work)
6501 struct bcm43xx_phyinfo *phy;
6502 int err = -ENODEV;
6504 + bcm43xx_cancel_work(bcm);
6505 mutex_lock(&(bcm)->mutex);
6506 if (bcm43xx_status(bcm) == BCM43xx_STAT_INITIALIZED) {
6507 - bcm43xx_periodic_tasks_delete(bcm);
6508 phy = bcm43xx_current_phy(bcm);
6509 err = bcm43xx_select_wireless_core(bcm, phy->type);
6510 if (!err)
6511 diff --git a/drivers/net/wireless/bcm43xx/bcm43xx_main.h b/drivers/net/wireless/bcm43xx/bcm43xx_main.h
6512 index c8f3c53..14cfbeb 100644
6513 --- a/drivers/net/wireless/bcm43xx/bcm43xx_main.h
6514 +++ b/drivers/net/wireless/bcm43xx/bcm43xx_main.h
6515 @@ -122,7 +122,7 @@ void bcm43xx_wireless_core_reset(struct bcm43xx_private *bcm, int connect_phy);
6516 void bcm43xx_mac_suspend(struct bcm43xx_private *bcm);
6517 void bcm43xx_mac_enable(struct bcm43xx_private *bcm);
6519 -void bcm43xx_periodic_tasks_delete(struct bcm43xx_private *bcm);
6520 +void bcm43xx_cancel_work(struct bcm43xx_private *bcm);
6521 void bcm43xx_periodic_tasks_setup(struct bcm43xx_private *bcm);
6523 void bcm43xx_controller_restart(struct bcm43xx_private *bcm, const char *reason);
6524 diff --git a/drivers/net/wireless/bcm43xx/bcm43xx_sysfs.c b/drivers/net/wireless/bcm43xx/bcm43xx_sysfs.c
6525 index c71b998..8ab5f93 100644
6526 --- a/drivers/net/wireless/bcm43xx/bcm43xx_sysfs.c
6527 +++ b/drivers/net/wireless/bcm43xx/bcm43xx_sysfs.c
6528 @@ -327,7 +327,7 @@ static ssize_t bcm43xx_attr_phymode_store(struct device *dev,
6529 goto out;
6530 }
6532 - bcm43xx_periodic_tasks_delete(bcm);
6533 + bcm43xx_cancel_work(bcm);
6534 mutex_lock(&(bcm)->mutex);
6535 err = bcm43xx_select_wireless_core(bcm, phytype);
6536 if (!err)
6537 diff --git a/drivers/net/wireless/libertas/11d.c b/drivers/net/wireless/libertas/11d.c
6538 index 4cf0ff7..0560270 100644
6539 --- a/drivers/net/wireless/libertas/11d.c
6540 +++ b/drivers/net/wireless/libertas/11d.c
6541 @@ -562,7 +562,7 @@ int libertas_cmd_802_11d_domain_info(wlan_private * priv,
6542 nr_subband * sizeof(struct ieeetypes_subbandset));
6544 cmd->size = cpu_to_le16(sizeof(pdomaininfo->action) +
6545 - domain->header.len +
6546 + le16_to_cpu(domain->header.len) +
6547 sizeof(struct mrvlietypesheader) +
6548 S_DS_GEN);
6549 } else {
6550 diff --git a/drivers/net/wireless/libertas/cmd.c b/drivers/net/wireless/libertas/cmd.c
6551 index 13f6528..549749e 100644
6552 --- a/drivers/net/wireless/libertas/cmd.c
6553 +++ b/drivers/net/wireless/libertas/cmd.c
6554 @@ -185,14 +185,12 @@ static int wlan_cmd_802_11_set_wep(wlan_private * priv,
6556 switch (pkey->len) {
6557 case KEY_LEN_WEP_40:
6558 - wep->keytype[i] =
6559 - cpu_to_le16(cmd_type_wep_40_bit);
6560 + wep->keytype[i] = cmd_type_wep_40_bit;
6561 memmove(&wep->keymaterial[i], pkey->key,
6562 pkey->len);
6563 break;
6564 case KEY_LEN_WEP_104:
6565 - wep->keytype[i] =
6566 - cpu_to_le16(cmd_type_wep_104_bit);
6567 + wep->keytype[i] = cmd_type_wep_104_bit;
6568 memmove(&wep->keymaterial[i], pkey->key,
6569 pkey->len);
6570 break;
6571 diff --git a/drivers/net/wireless/libertas/wext.c b/drivers/net/wireless/libertas/wext.c
6572 index f42b796..1e3ecd0 100644
6573 --- a/drivers/net/wireless/libertas/wext.c
6574 +++ b/drivers/net/wireless/libertas/wext.c
6575 @@ -973,7 +973,7 @@ static struct iw_statistics *wlan_get_wireless_stats(struct net_device *dev)
6576 /* Quality by TX errors */
6577 priv->wstats.discard.retries = priv->stats.tx_errors;
6579 - tx_retries = le16_to_cpu(adapter->logmsg.retry);
6580 + tx_retries = le32_to_cpu(adapter->logmsg.retry);
6582 if (tx_retries > 75)
6583 tx_qual = (90 - tx_retries) * POOR / 15;
6584 @@ -989,10 +989,10 @@ static struct iw_statistics *wlan_get_wireless_stats(struct net_device *dev)
6585 (PERFECT - VERY_GOOD) / 50 + VERY_GOOD;
6586 quality = min(quality, tx_qual);
6588 - priv->wstats.discard.code = le16_to_cpu(adapter->logmsg.wepundecryptable);
6589 - priv->wstats.discard.fragment = le16_to_cpu(adapter->logmsg.rxfrag);
6590 + priv->wstats.discard.code = le32_to_cpu(adapter->logmsg.wepundecryptable);
6591 + priv->wstats.discard.fragment = le32_to_cpu(adapter->logmsg.rxfrag);
6592 priv->wstats.discard.retries = tx_retries;
6593 - priv->wstats.discard.misc = le16_to_cpu(adapter->logmsg.ackfailure);
6594 + priv->wstats.discard.misc = le32_to_cpu(adapter->logmsg.ackfailure);
6596 /* Calculate quality */
6597 priv->wstats.qual.qual = max(quality, (u32)100);
6598 diff --git a/drivers/pci/hotplug/fakephp.c b/drivers/pci/hotplug/fakephp.c
6599 index 027f686..02a09d5 100644
6600 --- a/drivers/pci/hotplug/fakephp.c
6601 +++ b/drivers/pci/hotplug/fakephp.c
6602 @@ -39,6 +39,7 @@
6603 #include <linux/init.h>
6604 #include <linux/string.h>
6605 #include <linux/slab.h>
6606 +#include <linux/workqueue.h>
6607 #include "../pci.h"
6609 #if !defined(MODULE)
6610 @@ -63,10 +64,16 @@ struct dummy_slot {
6611 struct list_head node;
6612 struct hotplug_slot *slot;
6613 struct pci_dev *dev;
6614 + struct work_struct remove_work;
6615 + unsigned long removed;
6616 };
6618 static int debug;
6619 static LIST_HEAD(slot_list);
6620 +static struct workqueue_struct *dummyphp_wq;
6621 +
6622 +static void pci_rescan_worker(struct work_struct *work);
6623 +static DECLARE_WORK(pci_rescan_work, pci_rescan_worker);
6625 static int enable_slot (struct hotplug_slot *slot);
6626 static int disable_slot (struct hotplug_slot *slot);
6627 @@ -109,7 +116,7 @@ static int add_slot(struct pci_dev *dev)
6628 slot->name = &dev->dev.bus_id[0];
6629 dbg("slot->name = %s\n", slot->name);
6631 - dslot = kmalloc(sizeof(struct dummy_slot), GFP_KERNEL);
6632 + dslot = kzalloc(sizeof(struct dummy_slot), GFP_KERNEL);
6633 if (!dslot)
6634 goto error_info;
6636 @@ -164,6 +171,14 @@ static void remove_slot(struct dummy_slot *dslot)
6637 err("Problem unregistering a slot %s\n", dslot->slot->name);
6638 }
6640 +/* called from the single-threaded workqueue handler to remove a slot */
6641 +static void remove_slot_worker(struct work_struct *work)
6642 +{
6643 + struct dummy_slot *dslot =
6644 + container_of(work, struct dummy_slot, remove_work);
6645 + remove_slot(dslot);
6646 +}
6647 +
6648 /**
6649 * Rescan slot.
6650 * Tries hard not to re-enable already existing devices
6651 @@ -267,11 +282,17 @@ static inline void pci_rescan(void) {
6652 pci_rescan_buses(&pci_root_buses);
6653 }
6655 +/* called from the single-threaded workqueue handler to rescan all pci buses */
6656 +static void pci_rescan_worker(struct work_struct *work)
6657 +{
6658 + pci_rescan();
6659 +}
6661 static int enable_slot(struct hotplug_slot *hotplug_slot)
6662 {
6663 /* mis-use enable_slot for rescanning of the pci bus */
6664 - pci_rescan();
6665 + cancel_work_sync(&pci_rescan_work);
6666 + queue_work(dummyphp_wq, &pci_rescan_work);
6667 return -ENODEV;
6668 }
6670 @@ -306,6 +327,10 @@ static int disable_slot(struct hotplug_slot *slot)
6671 err("Can't remove PCI devices with other PCI devices behind it yet.\n");
6672 return -ENODEV;
6673 }
6674 + if (test_and_set_bit(0, &dslot->removed)) {
6675 + dbg("Slot already scheduled for removal\n");
6676 + return -ENODEV;
6677 + }
6678 /* search for subfunctions and disable them first */
6679 if (!(dslot->dev->devfn & 7)) {
6680 for (func = 1; func < 8; func++) {
6681 @@ -328,8 +353,9 @@ static int disable_slot(struct hotplug_slot *slot)
6682 /* remove the device from the pci core */
6683 pci_remove_bus_device(dslot->dev);
6685 - /* blow away this sysfs entry and other parts. */
6686 - remove_slot(dslot);
6687 + /* queue work item to blow away this sysfs entry and other parts. */
6688 + INIT_WORK(&dslot->remove_work, remove_slot_worker);
6689 + queue_work(dummyphp_wq, &dslot->remove_work);
6691 return 0;
6692 }
6693 @@ -340,6 +366,7 @@ static void cleanup_slots (void)
6694 struct list_head *next;
6695 struct dummy_slot *dslot;
6697 + destroy_workqueue(dummyphp_wq);
6698 list_for_each_safe (tmp, next, &slot_list) {
6699 dslot = list_entry (tmp, struct dummy_slot, node);
6700 remove_slot(dslot);
6701 @@ -351,6 +378,10 @@ static int __init dummyphp_init(void)
6702 {
6703 info(DRIVER_DESC "\n");
6705 + dummyphp_wq = create_singlethread_workqueue(MY_NAME);
6706 + if (!dummyphp_wq)
6707 + return -ENOMEM;
6708 +
6709 return pci_scan_buses();
6710 }
6712 diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
6713 index e48fcf0..247135f 100644
6714 --- a/drivers/pci/probe.c
6715 +++ b/drivers/pci/probe.c
6716 @@ -643,20 +643,20 @@ int pci_scan_bridge(struct pci_bus *bus, struct pci_dev * dev, int max, int pass
6718 sprintf(child->name, (is_cardbus ? "PCI CardBus #%02x" : "PCI Bus #%02x"), child->number);
6720 + /* Has only triggered on CardBus, fixup is in yenta_socket */
6721 while (bus->parent) {
6722 if ((child->subordinate > bus->subordinate) ||
6723 (child->number > bus->subordinate) ||
6724 (child->number < bus->number) ||
6725 (child->subordinate < bus->number)) {
6726 - printk(KERN_WARNING "PCI: Bus #%02x (-#%02x) is "
6727 - "hidden behind%s bridge #%02x (-#%02x)%s\n",
6728 - child->number, child->subordinate,
6729 - bus->self->transparent ? " transparent" : " ",
6730 - bus->number, bus->subordinate,
6731 - pcibios_assign_all_busses() ? " " :
6732 - " (try 'pci=assign-busses')");
6733 - printk(KERN_WARNING "Please report the result to "
6734 - "linux-kernel to fix this permanently\n");
6735 + pr_debug("PCI: Bus #%02x (-#%02x) is %s"
6736 + "hidden behind%s bridge #%02x (-#%02x)\n",
6737 + child->number, child->subordinate,
6738 + (bus->number > child->subordinate &&
6739 + bus->subordinate < child->number) ?
6740 + "wholly " : " partially",
6741 + bus->self->transparent ? " transparent" : " ",
6742 + bus->number, bus->subordinate);
6743 }
6744 bus = bus->parent;
6745 }
6746 diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
6747 index 01d8f8a..9f90c10 100644
6748 --- a/drivers/pci/quirks.c
6749 +++ b/drivers/pci/quirks.c
6750 @@ -465,6 +465,12 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH7_31, quirk
6751 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_0, quirk_ich6_lpc_acpi );
6752 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_2, quirk_ich6_lpc_acpi );
6753 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_3, quirk_ich6_lpc_acpi );
6754 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_1, quirk_ich6_lpc_acpi );
6755 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH8_4, quirk_ich6_lpc_acpi );
6756 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH9_2, quirk_ich6_lpc_acpi );
6757 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH9_4, quirk_ich6_lpc_acpi );
6758 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH9_7, quirk_ich6_lpc_acpi );
6759 +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH9_8, quirk_ich6_lpc_acpi );
6761 /*
6762 * VIA ACPI: One IO region pointed to by longword at
6763 @@ -1640,6 +1646,9 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_SERVERWORKS, PCI_DEVICE_ID_SERVERWORKS_GCN
6764 DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_SERVERWORKS, PCI_DEVICE_ID_SERVERWORKS_HT1000_PCIX, quirk_disable_all_msi);
6765 DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_RS400_200, quirk_disable_all_msi);
6766 DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_RS480, quirk_disable_all_msi);
6767 +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_RD580, quirk_disable_all_msi);
6768 +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_RX790, quirk_disable_all_msi);
6769 +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_RS690, quirk_disable_all_msi);
6770 DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_VIA, PCI_DEVICE_ID_VIA_VT3351, quirk_disable_all_msi);
6772 /* Disable MSI on chipsets that are known to not support it */
6773 diff --git a/drivers/pcmcia/cs.c b/drivers/pcmcia/cs.c
6774 index 50cad3a..1e03bbd 100644
6775 --- a/drivers/pcmcia/cs.c
6776 +++ b/drivers/pcmcia/cs.c
6777 @@ -409,6 +409,9 @@ static void socket_shutdown(struct pcmcia_socket *s)
6778 #endif
6779 s->functions = 0;
6781 + /* give socket some time to power down */
6782 + msleep(100);
6783 +
6784 s->ops->get_status(s, &status);
6785 if (status & SS_POWERON) {
6786 printk(KERN_ERR "PCMCIA: socket %p: *** DANGER *** unable to remove socket power\n", s);
6787 diff --git a/drivers/scsi/3w-9xxx.c b/drivers/scsi/3w-9xxx.c
6788 index eb766c3..0d24c39 100644
6789 --- a/drivers/scsi/3w-9xxx.c
6790 +++ b/drivers/scsi/3w-9xxx.c
6791 @@ -4,7 +4,7 @@
6792 Written By: Adam Radford <linuxraid@amcc.com>
6793 Modifications By: Tom Couch <linuxraid@amcc.com>
6795 - Copyright (C) 2004-2006 Applied Micro Circuits Corporation.
6796 + Copyright (C) 2004-2007 Applied Micro Circuits Corporation.
6798 This program is free software; you can redistribute it and/or modify
6799 it under the terms of the GNU General Public License as published by
6800 @@ -69,6 +69,7 @@
6801 2.26.02.008 - Free irq handler in __twa_shutdown().
6802 Serialize reset code.
6803 Add support for 9650SE controllers.
6804 + 2.26.02.009 - Fix dma mask setting to fallback to 32-bit if 64-bit fails.
6805 */
6807 #include <linux/module.h>
6808 @@ -92,7 +93,7 @@
6809 #include "3w-9xxx.h"
6811 /* Globals */
6812 -#define TW_DRIVER_VERSION "2.26.02.008"
6813 +#define TW_DRIVER_VERSION "2.26.02.009"
6814 static TW_Device_Extension *twa_device_extension_list[TW_MAX_SLOT];
6815 static unsigned int twa_device_extension_count;
6816 static int twa_major = -1;
6817 @@ -2063,11 +2064,14 @@ static int __devinit twa_probe(struct pci_dev *pdev, const struct pci_device_id
6819 pci_set_master(pdev);
6821 - retval = pci_set_dma_mask(pdev, sizeof(dma_addr_t) > 4 ? DMA_64BIT_MASK : DMA_32BIT_MASK);
6822 - if (retval) {
6823 - TW_PRINTK(host, TW_DRIVER, 0x23, "Failed to set dma mask");
6824 - goto out_disable_device;
6825 - }
6826 + if (pci_set_dma_mask(pdev, DMA_64BIT_MASK)
6827 + || pci_set_consistent_dma_mask(pdev, DMA_64BIT_MASK))
6828 + if (pci_set_dma_mask(pdev, DMA_32BIT_MASK)
6829 + || pci_set_consistent_dma_mask(pdev, DMA_32BIT_MASK)) {
6830 + TW_PRINTK(host, TW_DRIVER, 0x23, "Failed to set dma mask");
6831 + retval = -ENODEV;
6832 + goto out_disable_device;
6833 + }
6835 host = scsi_host_alloc(&driver_template, sizeof(TW_Device_Extension));
6836 if (!host) {
6837 diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c
6838 index 5c487ff..ac65ee2 100644
6839 --- a/drivers/scsi/aacraid/linit.c
6840 +++ b/drivers/scsi/aacraid/linit.c
6841 @@ -597,6 +597,8 @@ static int aac_cfg_open(struct inode *inode, struct file *file)
6842 static int aac_cfg_ioctl(struct inode *inode, struct file *file,
6843 unsigned int cmd, unsigned long arg)
6844 {
6845 + if (!capable(CAP_SYS_ADMIN))
6846 + return -EPERM;
6847 return aac_do_ioctl(file->private_data, cmd, (void __user *)arg);
6848 }
6850 @@ -650,6 +652,8 @@ static int aac_compat_ioctl(struct scsi_device *sdev, int cmd, void __user *arg)
6852 static long aac_compat_cfg_ioctl(struct file *file, unsigned cmd, unsigned long arg)
6853 {
6854 + if (!capable(CAP_SYS_ADMIN))
6855 + return -EPERM;
6856 return aac_compat_do_ioctl((struct aac_dev *)file->private_data, cmd, arg);
6857 }
6858 #endif
6859 diff --git a/drivers/scsi/esp_scsi.c b/drivers/scsi/esp_scsi.c
6860 index 71caf2d..150beaf 100644
6861 --- a/drivers/scsi/esp_scsi.c
6862 +++ b/drivers/scsi/esp_scsi.c
6863 @@ -2318,6 +2318,7 @@ int __devinit scsi_esp_register(struct esp *esp, struct device *dev)
6864 esp->host->transportt = esp_transport_template;
6865 esp->host->max_lun = ESP_MAX_LUN;
6866 esp->host->cmd_per_lun = 2;
6867 + esp->host->unique_id = instance;
6869 esp_set_clock_params(esp);
6871 @@ -2341,7 +2342,7 @@ int __devinit scsi_esp_register(struct esp *esp, struct device *dev)
6872 if (err)
6873 return err;
6875 - esp->host->unique_id = instance++;
6876 + instance++;
6878 scsi_scan_host(esp->host);
6880 diff --git a/drivers/scsi/hptiop.c b/drivers/scsi/hptiop.c
6881 index bec83cb..7e40105 100644
6882 --- a/drivers/scsi/hptiop.c
6883 +++ b/drivers/scsi/hptiop.c
6884 @@ -377,8 +377,9 @@ static void hptiop_host_request_callback(struct hptiop_hba *hba, u32 tag)
6885 scp->result = SAM_STAT_CHECK_CONDITION;
6886 memset(&scp->sense_buffer,
6887 0, sizeof(scp->sense_buffer));
6888 - memcpy(&scp->sense_buffer,
6889 - &req->sg_list, le32_to_cpu(req->dataxfer_length));
6890 + memcpy(&scp->sense_buffer, &req->sg_list,
6891 + min(sizeof(scp->sense_buffer),
6892 + le32_to_cpu(req->dataxfer_length)));
6893 break;
6895 default:
6896 diff --git a/drivers/scsi/scsi_transport_spi.c b/drivers/scsi/scsi_transport_spi.c
6897 index 6f56f87..4df21c9 100644
6898 --- a/drivers/scsi/scsi_transport_spi.c
6899 +++ b/drivers/scsi/scsi_transport_spi.c
6900 @@ -787,10 +787,12 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
6901 struct scsi_target *starget = sdev->sdev_target;
6902 struct Scsi_Host *shost = sdev->host;
6903 int len = sdev->inquiry_len;
6904 + int min_period = spi_min_period(starget);
6905 + int max_width = spi_max_width(starget);
6906 /* first set us up for narrow async */
6907 DV_SET(offset, 0);
6908 DV_SET(width, 0);
6909 -
6910 +
6911 if (spi_dv_device_compare_inquiry(sdev, buffer, buffer, DV_LOOPS)
6912 != SPI_COMPARE_SUCCESS) {
6913 starget_printk(KERN_ERR, starget, "Domain Validation Initial Inquiry Failed\n");
6914 @@ -798,9 +800,13 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
6915 return;
6916 }
6918 + if (!scsi_device_wide(sdev)) {
6919 + spi_max_width(starget) = 0;
6920 + max_width = 0;
6921 + }
6922 +
6923 /* test width */
6924 - if (i->f->set_width && spi_max_width(starget) &&
6925 - scsi_device_wide(sdev)) {
6926 + if (i->f->set_width && max_width) {
6927 i->f->set_width(starget, 1);
6929 if (spi_dv_device_compare_inquiry(sdev, buffer,
6930 @@ -809,6 +815,11 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
6931 != SPI_COMPARE_SUCCESS) {
6932 starget_printk(KERN_ERR, starget, "Wide Transfers Fail\n");
6933 i->f->set_width(starget, 0);
6934 + /* Make sure we don't force wide back on by asking
6935 + * for a transfer period that requires it */
6936 + max_width = 0;
6937 + if (min_period < 10)
6938 + min_period = 10;
6939 }
6940 }
6942 @@ -828,7 +839,8 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
6944 /* now set up to the maximum */
6945 DV_SET(offset, spi_max_offset(starget));
6946 - DV_SET(period, spi_min_period(starget));
6947 + DV_SET(period, min_period);
6948 +
6949 /* try QAS requests; this should be harmless to set if the
6950 * target supports it */
6951 if (scsi_device_qas(sdev)) {
6952 @@ -837,14 +849,14 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
6953 DV_SET(qas, 0);
6954 }
6956 - if (scsi_device_ius(sdev) && spi_min_period(starget) < 9) {
6957 + if (scsi_device_ius(sdev) && min_period < 9) {
6958 /* This u320 (or u640). Set IU transfers */
6959 DV_SET(iu, 1);
6960 /* Then set the optional parameters */
6961 DV_SET(rd_strm, 1);
6962 DV_SET(wr_flow, 1);
6963 DV_SET(rti, 1);
6964 - if (spi_min_period(starget) == 8)
6965 + if (min_period == 8)
6966 DV_SET(pcomp_en, 1);
6967 } else {
6968 DV_SET(iu, 0);
6969 @@ -862,6 +874,10 @@ spi_dv_device_internal(struct scsi_device *sdev, u8 *buffer)
6970 } else {
6971 DV_SET(dt, 1);
6972 }
6973 + /* set width last because it will pull all the other
6974 + * parameters down to required values */
6975 + DV_SET(width, max_width);
6976 +
6977 /* Do the read only INQUIRY tests */
6978 spi_dv_retrain(sdev, buffer, buffer + sdev->inquiry_len,
6979 spi_dv_device_compare_inquiry);
6980 diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
6981 index 3d8c9cb..d2531dd 100644
6982 --- a/drivers/scsi/sd.c
6983 +++ b/drivers/scsi/sd.c
6984 @@ -895,6 +895,7 @@ static void sd_rw_intr(struct scsi_cmnd * SCpnt)
6985 unsigned int xfer_size = SCpnt->request_bufflen;
6986 unsigned int good_bytes = result ? 0 : xfer_size;
6987 u64 start_lba = SCpnt->request->sector;
6988 + u64 end_lba = SCpnt->request->sector + (xfer_size / 512);
6989 u64 bad_lba;
6990 struct scsi_sense_hdr sshdr;
6991 int sense_valid = 0;
6992 @@ -933,26 +934,23 @@ static void sd_rw_intr(struct scsi_cmnd * SCpnt)
6993 goto out;
6994 if (xfer_size <= SCpnt->device->sector_size)
6995 goto out;
6996 - switch (SCpnt->device->sector_size) {
6997 - case 256:
6998 + if (SCpnt->device->sector_size < 512) {
6999 + /* only legitimate sector_size here is 256 */
7000 start_lba <<= 1;
7001 - break;
7002 - case 512:
7003 - break;
7004 - case 1024:
7005 - start_lba >>= 1;
7006 - break;
7007 - case 2048:
7008 - start_lba >>= 2;
7009 - break;
7010 - case 4096:
7011 - start_lba >>= 3;
7012 - break;
7013 - default:
7014 - /* Print something here with limiting frequency. */
7015 - goto out;
7016 - break;
7017 + end_lba <<= 1;
7018 + } else {
7019 + /* be careful ... don't want any overflows */
7020 + u64 factor = SCpnt->device->sector_size / 512;
7021 + do_div(start_lba, factor);
7022 + do_div(end_lba, factor);
7023 }
7024 +
7025 + if (bad_lba < start_lba || bad_lba >= end_lba)
7026 + /* the bad lba was reported incorrectly, we have
7027 + * no idea where the error is
7028 + */
7029 + goto out;
7030 +
7031 /* This computation should always be done in terms of
7032 * the resolution of the device's medium.
7033 */
7034 diff --git a/drivers/serial/Kconfig b/drivers/serial/Kconfig
7035 index 315ea99..a288de5 100644
7036 --- a/drivers/serial/Kconfig
7037 +++ b/drivers/serial/Kconfig
7038 @@ -74,21 +74,17 @@ config SERIAL_8250_PCI
7039 depends on SERIAL_8250 && PCI
7040 default SERIAL_8250
7041 help
7042 - Say Y here if you have PCI serial ports.
7043 -
7044 - To compile this driver as a module, choose M here: the module
7045 - will be called 8250_pci.
7046 + This builds standard PCI serial support. You may be able to
7047 + disable this feature if you only need legacy serial support.
7048 + Saves about 9K.
7050 config SERIAL_8250_PNP
7051 tristate "8250/16550 PNP device support" if EMBEDDED
7052 depends on SERIAL_8250 && PNP
7053 default SERIAL_8250
7054 help
7055 - Say Y here if you have serial ports described by PNPBIOS or ACPI.
7056 - These are typically ports built into the system board.
7057 -
7058 - To compile this driver as a module, choose M here: the module
7059 - will be called 8250_pnp.
7060 + This builds standard PNP serial support. You may be able to
7061 + disable this feature if you only need legacy serial support.
7063 config SERIAL_8250_HP300
7064 tristate
7065 diff --git a/drivers/serial/sunhv.c b/drivers/serial/sunhv.c
7066 index 96557e6..17bcca5 100644
7067 --- a/drivers/serial/sunhv.c
7068 +++ b/drivers/serial/sunhv.c
7069 @@ -440,8 +440,16 @@ static void sunhv_console_write_paged(struct console *con, const char *s, unsign
7070 {
7071 struct uart_port *port = sunhv_port;
7072 unsigned long flags;
7073 + int locked = 1;
7074 +
7075 + local_irq_save(flags);
7076 + if (port->sysrq) {
7077 + locked = 0;
7078 + } else if (oops_in_progress) {
7079 + locked = spin_trylock(&port->lock);
7080 + } else
7081 + spin_lock(&port->lock);
7083 - spin_lock_irqsave(&port->lock, flags);
7084 while (n > 0) {
7085 unsigned long ra = __pa(con_write_page);
7086 unsigned long page_bytes;
7087 @@ -469,7 +477,10 @@ static void sunhv_console_write_paged(struct console *con, const char *s, unsign
7088 ra += written;
7089 }
7090 }
7091 - spin_unlock_irqrestore(&port->lock, flags);
7092 +
7093 + if (locked)
7094 + spin_unlock(&port->lock);
7095 + local_irq_restore(flags);
7096 }
7098 static inline void sunhv_console_putchar(struct uart_port *port, char c)
7099 @@ -488,7 +499,15 @@ static void sunhv_console_write_bychar(struct console *con, const char *s, unsig
7100 {
7101 struct uart_port *port = sunhv_port;
7102 unsigned long flags;
7103 - int i;
7104 + int i, locked = 1;
7105 +
7106 + local_irq_save(flags);
7107 + if (port->sysrq) {
7108 + locked = 0;
7109 + } else if (oops_in_progress) {
7110 + locked = spin_trylock(&port->lock);
7111 + } else
7112 + spin_lock(&port->lock);
7114 spin_lock_irqsave(&port->lock, flags);
7115 for (i = 0; i < n; i++) {
7116 @@ -496,7 +515,10 @@ static void sunhv_console_write_bychar(struct console *con, const char *s, unsig
7117 sunhv_console_putchar(port, '\r');
7118 sunhv_console_putchar(port, *s++);
7119 }
7120 - spin_unlock_irqrestore(&port->lock, flags);
7121 +
7122 + if (locked)
7123 + spin_unlock(&port->lock);
7124 + local_irq_restore(flags);
7125 }
7127 static struct console sunhv_console = {
7128 diff --git a/drivers/serial/sunsab.c b/drivers/serial/sunsab.c
7129 index deb9ab4..8a0f9e4 100644
7130 --- a/drivers/serial/sunsab.c
7131 +++ b/drivers/serial/sunsab.c
7132 @@ -860,22 +860,31 @@ static int num_channels;
7133 static void sunsab_console_putchar(struct uart_port *port, int c)
7134 {
7135 struct uart_sunsab_port *up = (struct uart_sunsab_port *)port;
7136 - unsigned long flags;
7137 -
7138 - spin_lock_irqsave(&up->port.lock, flags);
7140 sunsab_tec_wait(up);
7141 writeb(c, &up->regs->w.tic);
7142 -
7143 - spin_unlock_irqrestore(&up->port.lock, flags);
7144 }
7146 static void sunsab_console_write(struct console *con, const char *s, unsigned n)
7147 {
7148 struct uart_sunsab_port *up = &sunsab_ports[con->index];
7149 + unsigned long flags;
7150 + int locked = 1;
7151 +
7152 + local_irq_save(flags);
7153 + if (up->port.sysrq) {
7154 + locked = 0;
7155 + } else if (oops_in_progress) {
7156 + locked = spin_trylock(&up->port.lock);
7157 + } else
7158 + spin_lock(&up->port.lock);
7160 uart_console_write(&up->port, s, n, sunsab_console_putchar);
7161 sunsab_tec_wait(up);
7162 +
7163 + if (locked)
7164 + spin_unlock(&up->port.lock);
7165 + local_irq_restore(flags);
7166 }
7168 static int sunsab_console_setup(struct console *con, char *options)
7169 diff --git a/drivers/serial/sunsu.c b/drivers/serial/sunsu.c
7170 index 2a63cdb..26d720b 100644
7171 --- a/drivers/serial/sunsu.c
7172 +++ b/drivers/serial/sunsu.c
7173 @@ -1288,7 +1288,17 @@ static void sunsu_console_write(struct console *co, const char *s,
7174 unsigned int count)
7175 {
7176 struct uart_sunsu_port *up = &sunsu_ports[co->index];
7177 + unsigned long flags;
7178 unsigned int ier;
7179 + int locked = 1;
7180 +
7181 + local_irq_save(flags);
7182 + if (up->port.sysrq) {
7183 + locked = 0;
7184 + } else if (oops_in_progress) {
7185 + locked = spin_trylock(&up->port.lock);
7186 + } else
7187 + spin_lock(&up->port.lock);
7189 /*
7190 * First save the UER then disable the interrupts
7191 @@ -1304,6 +1314,10 @@ static void sunsu_console_write(struct console *co, const char *s,
7192 */
7193 wait_for_xmitr(up);
7194 serial_out(up, UART_IER, ier);
7195 +
7196 + if (locked)
7197 + spin_unlock(&up->port.lock);
7198 + local_irq_restore(flags);
7199 }
7201 /*
7202 diff --git a/drivers/serial/sunzilog.c b/drivers/serial/sunzilog.c
7203 index 15b6e1c..0a3e10a 100644
7204 --- a/drivers/serial/sunzilog.c
7205 +++ b/drivers/serial/sunzilog.c
7206 @@ -9,7 +9,7 @@
7207 * C. Dost, Pete Zaitcev, Ted Ts'o and Alex Buell for their
7208 * work there.
7209 *
7210 - * Copyright (C) 2002, 2006 David S. Miller (davem@davemloft.net)
7211 + * Copyright (C) 2002, 2006, 2007 David S. Miller (davem@davemloft.net)
7212 */
7214 #include <linux/module.h>
7215 @@ -1151,11 +1151,22 @@ sunzilog_console_write(struct console *con, const char *s, unsigned int count)
7216 {
7217 struct uart_sunzilog_port *up = &sunzilog_port_table[con->index];
7218 unsigned long flags;
7219 + int locked = 1;
7220 +
7221 + local_irq_save(flags);
7222 + if (up->port.sysrq) {
7223 + locked = 0;
7224 + } else if (oops_in_progress) {
7225 + locked = spin_trylock(&up->port.lock);
7226 + } else
7227 + spin_lock(&up->port.lock);
7229 - spin_lock_irqsave(&up->port.lock, flags);
7230 uart_console_write(&up->port, s, count, sunzilog_putchar);
7231 udelay(2);
7232 - spin_unlock_irqrestore(&up->port.lock, flags);
7233 +
7234 + if (locked)
7235 + spin_unlock(&up->port.lock);
7236 + local_irq_restore(flags);
7237 }
7239 static int __init sunzilog_console_setup(struct console *con, char *options)
7240 diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
7241 index 0081c1d..407fb8f 100644
7242 --- a/drivers/usb/class/cdc-acm.c
7243 +++ b/drivers/usb/class/cdc-acm.c
7244 @@ -919,6 +919,10 @@ skip_normal_probe:
7245 return -EINVAL;
7246 }
7247 }
7248 +
7249 + /* Accept probe requests only for the control interface */
7250 + if (intf != control_interface)
7251 + return -ENODEV;
7253 if (usb_interface_claimed(data_interface)) { /* valid in this context */
7254 dev_dbg(&intf->dev,"The data interface isn't available");
7255 @@ -1107,10 +1111,12 @@ static void acm_disconnect(struct usb_interface *intf)
7256 return;
7257 }
7258 if (acm->country_codes){
7259 - device_remove_file(&intf->dev, &dev_attr_wCountryCodes);
7260 - device_remove_file(&intf->dev, &dev_attr_iCountryCodeRelDate);
7261 + device_remove_file(&acm->control->dev,
7262 + &dev_attr_wCountryCodes);
7263 + device_remove_file(&acm->control->dev,
7264 + &dev_attr_iCountryCodeRelDate);
7265 }
7266 - device_remove_file(&intf->dev, &dev_attr_bmCapabilities);
7267 + device_remove_file(&acm->control->dev, &dev_attr_bmCapabilities);
7268 acm->dev = NULL;
7269 usb_set_intfdata(acm->control, NULL);
7270 usb_set_intfdata(acm->data, NULL);
7271 diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c
7272 index 2619986..61699f7 100644
7273 --- a/drivers/usb/core/driver.c
7274 +++ b/drivers/usb/core/driver.c
7275 @@ -58,7 +58,7 @@ ssize_t usb_store_new_id(struct usb_dynids *dynids,
7276 dynid->id.match_flags = USB_DEVICE_ID_MATCH_DEVICE;
7278 spin_lock(&dynids->lock);
7279 - list_add_tail(&dynids->list, &dynid->node);
7280 + list_add_tail(&dynid->node, &dynids->list);
7281 spin_unlock(&dynids->lock);
7283 if (get_driver(driver)) {
7284 diff --git a/drivers/usb/core/hcd.h b/drivers/usb/core/hcd.h
7285 index ef50fa4..87f6467 100644
7286 --- a/drivers/usb/core/hcd.h
7287 +++ b/drivers/usb/core/hcd.h
7288 @@ -19,6 +19,8 @@
7290 #ifdef __KERNEL__
7292 +#include <linux/rwsem.h>
7293 +
7294 /* This file contains declarations of usbcore internals that are mostly
7295 * used or exposed by Host Controller Drivers.
7296 */
7297 @@ -464,5 +466,9 @@ static inline void usbmon_urb_complete(struct usb_bus *bus, struct urb *urb) {}
7298 : (in_interrupt () ? "in_interrupt" : "can sleep"))
7301 -#endif /* __KERNEL__ */
7302 +/* This rwsem is for use only by the hub driver and ehci-hcd.
7303 + * Nobody else should touch it.
7304 + */
7305 +extern struct rw_semaphore ehci_cf_port_reset_rwsem;
7307 +#endif /* __KERNEL__ */
7308 diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
7309 index 24f10a1..bc93e06 100644
7310 --- a/drivers/usb/core/hub.c
7311 +++ b/drivers/usb/core/hub.c
7312 @@ -117,6 +117,12 @@ MODULE_PARM_DESC(use_both_schemes,
7313 "try the other device initialization scheme if the "
7314 "first one fails");
7316 +/* Mutual exclusion for EHCI CF initialization. This interferes with
7317 + * port reset on some companion controllers.
7318 + */
7319 +DECLARE_RWSEM(ehci_cf_port_reset_rwsem);
7320 +EXPORT_SYMBOL_GPL(ehci_cf_port_reset_rwsem);
7321 +
7323 static inline char *portspeed(int portstatus)
7324 {
7325 @@ -1388,6 +1394,10 @@ int usb_new_device(struct usb_device *udev)
7326 udev->dev.devt = MKDEV(USB_DEVICE_MAJOR,
7327 (((udev->bus->busnum-1) * 128) + (udev->devnum-1)));
7329 + /* Increment the parent's count of unsuspended children */
7330 + if (udev->parent)
7331 + usb_autoresume_device(udev->parent);
7332 +
7333 /* Register the device. The device driver is responsible
7334 * for adding the device files to sysfs and for configuring
7335 * the device.
7336 @@ -1395,13 +1405,11 @@ int usb_new_device(struct usb_device *udev)
7337 err = device_add(&udev->dev);
7338 if (err) {
7339 dev_err(&udev->dev, "can't device_add, error %d\n", err);
7340 + if (udev->parent)
7341 + usb_autosuspend_device(udev->parent);
7342 goto fail;
7343 }
7345 - /* Increment the parent's count of unsuspended children */
7346 - if (udev->parent)
7347 - usb_autoresume_device(udev->parent);
7348 -
7349 exit:
7350 return err;
7352 @@ -1511,6 +1519,11 @@ static int hub_port_reset(struct usb_hub *hub, int port1,
7353 {
7354 int i, status;
7356 + /* Block EHCI CF initialization during the port reset.
7357 + * Some companion controllers don't like it when they mix.
7358 + */
7359 + down_read(&ehci_cf_port_reset_rwsem);
7360 +
7361 /* Reset the port */
7362 for (i = 0; i < PORT_RESET_TRIES; i++) {
7363 status = set_port_feature(hub->hdev,
7364 @@ -1541,7 +1554,7 @@ static int hub_port_reset(struct usb_hub *hub, int port1,
7365 usb_set_device_state(udev, status
7366 ? USB_STATE_NOTATTACHED
7367 : USB_STATE_DEFAULT);
7368 - return status;
7369 + goto done;
7370 }
7372 dev_dbg (hub->intfdev,
7373 @@ -1554,6 +1567,8 @@ static int hub_port_reset(struct usb_hub *hub, int port1,
7374 "Cannot enable port %i. Maybe the USB cable is bad?\n",
7375 port1);
7377 + done:
7378 + up_read(&ehci_cf_port_reset_rwsem);
7379 return status;
7380 }
7382 diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
7383 index f9fed34..68ce2de 100644
7384 --- a/drivers/usb/core/message.c
7385 +++ b/drivers/usb/core/message.c
7386 @@ -623,12 +623,12 @@ int usb_get_descriptor(struct usb_device *dev, unsigned char type, unsigned char
7387 memset(buf,0,size); // Make sure we parse really received data
7389 for (i = 0; i < 3; ++i) {
7390 - /* retry on length 0 or stall; some devices are flakey */
7391 + /* retry on length 0 or error; some devices are flakey */
7392 result = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0),
7393 USB_REQ_GET_DESCRIPTOR, USB_DIR_IN,
7394 (type << 8) + index, 0, buf, size,
7395 USB_CTRL_GET_TIMEOUT);
7396 - if (result == 0 || result == -EPIPE)
7397 + if (result <= 0 && result != -ETIMEDOUT)
7398 continue;
7399 if (result > 1 && ((u8 *)buf)[1] != type) {
7400 result = -EPROTO;
7401 @@ -1344,6 +1344,30 @@ static int usb_if_uevent(struct device *dev, char **envp, int num_envp,
7402 usb_dev = interface_to_usbdev(intf);
7403 alt = intf->cur_altsetting;
7405 +#ifdef CONFIG_USB_DEVICEFS
7406 + if (add_uevent_var(envp, num_envp, &i,
7407 + buffer, buffer_size, &length,
7408 + "DEVICE=/proc/bus/usb/%03d/%03d",
7409 + usb_dev->bus->busnum, usb_dev->devnum))
7410 + return -ENOMEM;
7411 +#endif
7412 +
7413 + if (add_uevent_var(envp, num_envp, &i,
7414 + buffer, buffer_size, &length,
7415 + "PRODUCT=%x/%x/%x",
7416 + le16_to_cpu(usb_dev->descriptor.idVendor),
7417 + le16_to_cpu(usb_dev->descriptor.idProduct),
7418 + le16_to_cpu(usb_dev->descriptor.bcdDevice)))
7419 + return -ENOMEM;
7420 +
7421 + if (add_uevent_var(envp, num_envp, &i,
7422 + buffer, buffer_size, &length,
7423 + "TYPE=%d/%d/%d",
7424 + usb_dev->descriptor.bDeviceClass,
7425 + usb_dev->descriptor.bDeviceSubClass,
7426 + usb_dev->descriptor.bDeviceProtocol))
7427 + return -ENOMEM;
7428 +
7429 if (add_uevent_var(envp, num_envp, &i,
7430 buffer, buffer_size, &length,
7431 "INTERFACE=%d/%d/%d",
7432 diff --git a/drivers/usb/host/ehci-hcd.c b/drivers/usb/host/ehci-hcd.c
7433 index 099aff6..ba78f8e 100644
7434 --- a/drivers/usb/host/ehci-hcd.c
7435 +++ b/drivers/usb/host/ehci-hcd.c
7436 @@ -566,10 +566,21 @@ static int ehci_run (struct usb_hcd *hcd)
7437 * are explicitly handed to companion controller(s), so no TT is
7438 * involved with the root hub. (Except where one is integrated,
7439 * and there's no companion controller unless maybe for USB OTG.)
7440 + *
7441 + * Turning on the CF flag will transfer ownership of all ports
7442 + * from the companions to the EHCI controller. If any of the
7443 + * companions are in the middle of a port reset at the time, it
7444 + * could cause trouble. Write-locking ehci_cf_port_reset_rwsem
7445 + * guarantees that no resets are in progress. After we set CF,
7446 + * a short delay lets the hardware catch up; new resets shouldn't
7447 + * be started before the port switching actions could complete.
7448 */
7449 + down_write(&ehci_cf_port_reset_rwsem);
7450 hcd->state = HC_STATE_RUNNING;
7451 ehci_writel(ehci, FLAG_CF, &ehci->regs->configured_flag);
7452 ehci_readl(ehci, &ehci->regs->command); /* unblock posted writes */
7453 + msleep(5);
7454 + up_write(&ehci_cf_port_reset_rwsem);
7456 temp = HC_VERSION(ehci_readl(ehci, &ehci->caps->hc_capbase));
7457 ehci_info (ehci,
7458 diff --git a/drivers/usb/image/microtek.c b/drivers/usb/image/microtek.c
7459 index 51bd80d..3acfd1a 100644
7460 --- a/drivers/usb/image/microtek.c
7461 +++ b/drivers/usb/image/microtek.c
7462 @@ -823,7 +823,7 @@ static int mts_usb_probe(struct usb_interface *intf,
7463 goto out_kfree2;
7465 new_desc->host->hostdata[0] = (unsigned long)new_desc;
7466 - if (scsi_add_host(new_desc->host, NULL)) {
7467 + if (scsi_add_host(new_desc->host, &dev->dev)) {
7468 err_retval = -EIO;
7469 goto out_host_put;
7470 }
7471 diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
7472 index da1c6f7..38c4e97 100644
7473 --- a/drivers/usb/serial/ftdi_sio.c
7474 +++ b/drivers/usb/serial/ftdi_sio.c
7475 @@ -271,26 +271,58 @@ static int debug;
7476 static __u16 vendor = FTDI_VID;
7477 static __u16 product;
7479 +struct ftdi_private {
7480 + ftdi_chip_type_t chip_type;
7481 + /* type of the device, either SIO or FT8U232AM */
7482 + int baud_base; /* baud base clock for divisor setting */
7483 + int custom_divisor; /* custom_divisor kludge, this is for baud_base (different from what goes to the chip!) */
7484 + __u16 last_set_data_urb_value ;
7485 + /* the last data state set - needed for doing a break */
7486 + int write_offset; /* This is the offset in the usb data block to write the serial data -
7487 + * it is different between devices
7488 + */
7489 + int flags; /* some ASYNC_xxxx flags are supported */
7490 + unsigned long last_dtr_rts; /* saved modem control outputs */
7491 + wait_queue_head_t delta_msr_wait; /* Used for TIOCMIWAIT */
7492 + char prev_status, diff_status; /* Used for TIOCMIWAIT */
7493 + __u8 rx_flags; /* receive state flags (throttling) */
7494 + spinlock_t rx_lock; /* spinlock for receive state */
7495 + struct delayed_work rx_work;
7496 + struct usb_serial_port *port;
7497 + int rx_processed;
7498 + unsigned long rx_bytes;
7499 +
7500 + __u16 interface; /* FT2232C port interface (0 for FT232/245) */
7501 +
7502 + int force_baud; /* if non-zero, force the baud rate to this value */
7503 + int force_rtscts; /* if non-zero, force RTS-CTS to always be enabled */
7504 +
7505 + spinlock_t tx_lock; /* spinlock for transmit state */
7506 + unsigned long tx_bytes;
7507 + unsigned long tx_outstanding_bytes;
7508 + unsigned long tx_outstanding_urbs;
7509 +};
7510 +
7511 /* struct ftdi_sio_quirk is used by devices requiring special attention. */
7512 struct ftdi_sio_quirk {
7513 int (*probe)(struct usb_serial *);
7514 - void (*setup)(struct usb_serial *); /* Special settings during startup. */
7515 + void (*port_probe)(struct ftdi_private *); /* Special settings for probed ports. */
7516 };
7518 static int ftdi_olimex_probe (struct usb_serial *serial);
7519 -static void ftdi_USB_UIRT_setup (struct usb_serial *serial);
7520 -static void ftdi_HE_TIRA1_setup (struct usb_serial *serial);
7521 +static void ftdi_USB_UIRT_setup (struct ftdi_private *priv);
7522 +static void ftdi_HE_TIRA1_setup (struct ftdi_private *priv);
7524 static struct ftdi_sio_quirk ftdi_olimex_quirk = {
7525 .probe = ftdi_olimex_probe,
7526 };
7528 static struct ftdi_sio_quirk ftdi_USB_UIRT_quirk = {
7529 - .setup = ftdi_USB_UIRT_setup,
7530 + .port_probe = ftdi_USB_UIRT_setup,
7531 };
7533 static struct ftdi_sio_quirk ftdi_HE_TIRA1_quirk = {
7534 - .setup = ftdi_HE_TIRA1_setup,
7535 + .port_probe = ftdi_HE_TIRA1_setup,
7536 };
7538 /*
7539 @@ -567,38 +599,6 @@ static const char *ftdi_chip_name[] = {
7540 #define THROTTLED 0x01
7541 #define ACTUALLY_THROTTLED 0x02
7543 -struct ftdi_private {
7544 - ftdi_chip_type_t chip_type;
7545 - /* type of the device, either SIO or FT8U232AM */
7546 - int baud_base; /* baud base clock for divisor setting */
7547 - int custom_divisor; /* custom_divisor kludge, this is for baud_base (different from what goes to the chip!) */
7548 - __u16 last_set_data_urb_value ;
7549 - /* the last data state set - needed for doing a break */
7550 - int write_offset; /* This is the offset in the usb data block to write the serial data -
7551 - * it is different between devices
7552 - */
7553 - int flags; /* some ASYNC_xxxx flags are supported */
7554 - unsigned long last_dtr_rts; /* saved modem control outputs */
7555 - wait_queue_head_t delta_msr_wait; /* Used for TIOCMIWAIT */
7556 - char prev_status, diff_status; /* Used for TIOCMIWAIT */
7557 - __u8 rx_flags; /* receive state flags (throttling) */
7558 - spinlock_t rx_lock; /* spinlock for receive state */
7559 - struct delayed_work rx_work;
7560 - struct usb_serial_port *port;
7561 - int rx_processed;
7562 - unsigned long rx_bytes;
7563 -
7564 - __u16 interface; /* FT2232C port interface (0 for FT232/245) */
7565 -
7566 - int force_baud; /* if non-zero, force the baud rate to this value */
7567 - int force_rtscts; /* if non-zero, force RTS-CTS to always be enabled */
7568 -
7569 - spinlock_t tx_lock; /* spinlock for transmit state */
7570 - unsigned long tx_bytes;
7571 - unsigned long tx_outstanding_bytes;
7572 - unsigned long tx_outstanding_urbs;
7573 -};
7574 -
7575 /* Used for TIOCMIWAIT */
7576 #define FTDI_STATUS_B0_MASK (FTDI_RS0_CTS | FTDI_RS0_DSR | FTDI_RS0_RI | FTDI_RS0_RLSD)
7577 #define FTDI_STATUS_B1_MASK (FTDI_RS_BI)
7578 @@ -609,7 +609,6 @@ struct ftdi_private {
7580 /* function prototypes for a FTDI serial converter */
7581 static int ftdi_sio_probe (struct usb_serial *serial, const struct usb_device_id *id);
7582 -static int ftdi_sio_attach (struct usb_serial *serial);
7583 static void ftdi_shutdown (struct usb_serial *serial);
7584 static int ftdi_sio_port_probe (struct usb_serial_port *port);
7585 static int ftdi_sio_port_remove (struct usb_serial_port *port);
7586 @@ -663,7 +662,6 @@ static struct usb_serial_driver ftdi_sio_device = {
7587 .ioctl = ftdi_ioctl,
7588 .set_termios = ftdi_set_termios,
7589 .break_ctl = ftdi_break_ctl,
7590 - .attach = ftdi_sio_attach,
7591 .shutdown = ftdi_shutdown,
7592 };
7594 @@ -1198,6 +1196,8 @@ static int ftdi_sio_probe (struct usb_serial *serial, const struct usb_device_id
7595 static int ftdi_sio_port_probe(struct usb_serial_port *port)
7596 {
7597 struct ftdi_private *priv;
7598 + struct ftdi_sio_quirk *quirk = usb_get_serial_data(port->serial);
7599 +
7601 dbg("%s",__FUNCTION__);
7603 @@ -1214,6 +1214,9 @@ static int ftdi_sio_port_probe(struct usb_serial_port *port)
7604 than queue a task to deliver them */
7605 priv->flags = ASYNC_LOW_LATENCY;
7607 + if (quirk && quirk->port_probe)
7608 + quirk->port_probe(priv);
7609 +
7610 /* Increase the size of read buffers */
7611 kfree(port->bulk_in_buffer);
7612 port->bulk_in_buffer = kmalloc (BUFSZ, GFP_KERNEL);
7613 @@ -1244,29 +1247,13 @@ static int ftdi_sio_port_probe(struct usb_serial_port *port)
7614 return 0;
7615 }
7617 -/* attach subroutine */
7618 -static int ftdi_sio_attach (struct usb_serial *serial)
7619 -{
7620 - /* Check for device requiring special set up. */
7621 - struct ftdi_sio_quirk *quirk = usb_get_serial_data(serial);
7622 -
7623 - if (quirk && quirk->setup)
7624 - quirk->setup(serial);
7625 -
7626 - return 0;
7627 -} /* ftdi_sio_attach */
7628 -
7629 -
7630 /* Setup for the USB-UIRT device, which requires hardwired
7631 * baudrate (38400 gets mapped to 312500) */
7632 /* Called from usbserial:serial_probe */
7633 -static void ftdi_USB_UIRT_setup (struct usb_serial *serial)
7634 +static void ftdi_USB_UIRT_setup (struct ftdi_private *priv)
7635 {
7636 - struct ftdi_private *priv;
7637 -
7638 dbg("%s",__FUNCTION__);
7640 - priv = usb_get_serial_port_data(serial->port[0]);
7641 priv->flags |= ASYNC_SPD_CUST;
7642 priv->custom_divisor = 77;
7643 priv->force_baud = B38400;
7644 @@ -1274,13 +1261,10 @@ static void ftdi_USB_UIRT_setup (struct usb_serial *serial)
7646 /* Setup for the HE-TIRA1 device, which requires hardwired
7647 * baudrate (38400 gets mapped to 100000) and RTS-CTS enabled. */
7648 -static void ftdi_HE_TIRA1_setup (struct usb_serial *serial)
7649 +static void ftdi_HE_TIRA1_setup (struct ftdi_private *priv)
7650 {
7651 - struct ftdi_private *priv;
7652 -
7653 dbg("%s",__FUNCTION__);
7655 - priv = usb_get_serial_port_data(serial->port[0]);
7656 priv->flags |= ASYNC_SPD_CUST;
7657 priv->custom_divisor = 240;
7658 priv->force_baud = B38400;
7659 diff --git a/drivers/usb/serial/generic.c b/drivers/usb/serial/generic.c
7660 index 4f8282a..c36eb79 100644
7661 --- a/drivers/usb/serial/generic.c
7662 +++ b/drivers/usb/serial/generic.c
7663 @@ -190,14 +190,15 @@ int usb_serial_generic_write(struct usb_serial_port *port, const unsigned char *
7665 /* only do something if we have a bulk out endpoint */
7666 if (serial->num_bulk_out) {
7667 - spin_lock_bh(&port->lock);
7668 + unsigned long flags;
7669 + spin_lock_irqsave(&port->lock, flags);
7670 if (port->write_urb_busy) {
7671 - spin_unlock_bh(&port->lock);
7672 + spin_unlock_irqrestore(&port->lock, flags);
7673 dbg("%s - already writing", __FUNCTION__);
7674 return 0;
7675 }
7676 port->write_urb_busy = 1;
7677 - spin_unlock_bh(&port->lock);
7678 + spin_unlock_irqrestore(&port->lock, flags);
7680 count = (count > port->bulk_out_size) ? port->bulk_out_size : count;
7682 diff --git a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c
7683 index 056e192..0f99e07 100644
7684 --- a/drivers/usb/serial/io_edgeport.c
7685 +++ b/drivers/usb/serial/io_edgeport.c
7686 @@ -2366,9 +2366,8 @@ static int send_cmd_write_baud_rate (struct edgeport_port *edge_port, int baudRa
7687 int status;
7688 unsigned char number = edge_port->port->number - edge_port->port->serial->minor;
7690 - if ((!edge_serial->is_epic) ||
7691 - ((edge_serial->is_epic) &&
7692 - (!edge_serial->epic_descriptor.Supports.IOSPSetBaudRate))) {
7693 + if (edge_serial->is_epic &&
7694 + !edge_serial->epic_descriptor.Supports.IOSPSetBaudRate) {
7695 dbg("SendCmdWriteBaudRate - NOT Setting baud rate for port = %d, baud = %d",
7696 edge_port->port->number, baudRate);
7697 return 0;
7698 @@ -2461,18 +2460,16 @@ static int send_cmd_write_uart_register (struct edgeport_port *edge_port, __u8 r
7700 dbg("%s - write to %s register 0x%02x", (regNum == MCR) ? "MCR" : "LCR", __FUNCTION__, regValue);
7702 - if ((!edge_serial->is_epic) ||
7703 - ((edge_serial->is_epic) &&
7704 - (!edge_serial->epic_descriptor.Supports.IOSPWriteMCR) &&
7705 - (regNum == MCR))) {
7706 + if (edge_serial->is_epic &&
7707 + !edge_serial->epic_descriptor.Supports.IOSPWriteMCR &&
7708 + regNum == MCR) {
7709 dbg("SendCmdWriteUartReg - Not writing to MCR Register");
7710 return 0;
7711 }
7713 - if ((!edge_serial->is_epic) ||
7714 - ((edge_serial->is_epic) &&
7715 - (!edge_serial->epic_descriptor.Supports.IOSPWriteLCR) &&
7716 - (regNum == LCR))) {
7717 + if (edge_serial->is_epic &&
7718 + !edge_serial->epic_descriptor.Supports.IOSPWriteLCR &&
7719 + regNum == LCR) {
7720 dbg ("SendCmdWriteUartReg - Not writing to LCR Register");
7721 return 0;
7722 }
7723 diff --git a/drivers/usb/serial/kobil_sct.c b/drivers/usb/serial/kobil_sct.c
7724 index 0683b51..6f22419 100644
7725 --- a/drivers/usb/serial/kobil_sct.c
7726 +++ b/drivers/usb/serial/kobil_sct.c
7727 @@ -82,6 +82,7 @@ static int kobil_tiocmset(struct usb_serial_port *port, struct file *file,
7728 unsigned int set, unsigned int clear);
7729 static void kobil_read_int_callback( struct urb *urb );
7730 static void kobil_write_callback( struct urb *purb );
7731 +static void kobil_set_termios(struct usb_serial_port *port, struct ktermios *old);
7734 static struct usb_device_id id_table [] = {
7735 @@ -119,6 +120,7 @@ static struct usb_serial_driver kobil_device = {
7736 .attach = kobil_startup,
7737 .shutdown = kobil_shutdown,
7738 .ioctl = kobil_ioctl,
7739 + .set_termios = kobil_set_termios,
7740 .tiocmget = kobil_tiocmget,
7741 .tiocmset = kobil_tiocmset,
7742 .open = kobil_open,
7743 @@ -137,7 +139,6 @@ struct kobil_private {
7744 int cur_pos; // index of the next char to send in buf
7745 __u16 device_type;
7746 int line_state;
7747 - struct ktermios internal_termios;
7748 };
7751 @@ -216,7 +217,7 @@ static void kobil_shutdown (struct usb_serial *serial)
7753 static int kobil_open (struct usb_serial_port *port, struct file *filp)
7754 {
7755 - int i, result = 0;
7756 + int result = 0;
7757 struct kobil_private *priv;
7758 unsigned char *transfer_buffer;
7759 int transfer_buffer_length = 8;
7760 @@ -242,16 +243,6 @@ static int kobil_open (struct usb_serial_port *port, struct file *filp)
7761 port->tty->termios->c_iflag = IGNBRK | IGNPAR | IXOFF;
7762 port->tty->termios->c_oflag &= ~ONLCR; // do NOT translate CR to CR-NL (0x0A -> 0x0A 0x0D)
7764 - // set up internal termios structure
7765 - priv->internal_termios.c_iflag = port->tty->termios->c_iflag;
7766 - priv->internal_termios.c_oflag = port->tty->termios->c_oflag;
7767 - priv->internal_termios.c_cflag = port->tty->termios->c_cflag;
7768 - priv->internal_termios.c_lflag = port->tty->termios->c_lflag;
7769 -
7770 - for (i=0; i<NCCS; i++) {
7771 - priv->internal_termios.c_cc[i] = port->tty->termios->c_cc[i];
7772 - }
7773 -
7774 // allocate memory for transfer buffer
7775 transfer_buffer = kzalloc(transfer_buffer_length, GFP_KERNEL);
7776 if (! transfer_buffer) {
7777 @@ -358,24 +349,26 @@ static void kobil_close (struct usb_serial_port *port, struct file *filp)
7778 }
7781 -static void kobil_read_int_callback( struct urb *purb)
7782 +static void kobil_read_int_callback(struct urb *urb)
7783 {
7784 int result;
7785 - struct usb_serial_port *port = (struct usb_serial_port *) purb->context;
7786 + struct usb_serial_port *port = urb->context;
7787 struct tty_struct *tty;
7788 - unsigned char *data = purb->transfer_buffer;
7789 + unsigned char *data = urb->transfer_buffer;
7790 + int status = urb->status;
7791 // char *dbg_data;
7793 dbg("%s - port %d", __FUNCTION__, port->number);
7795 - if (purb->status) {
7796 - dbg("%s - port %d Read int status not zero: %d", __FUNCTION__, port->number, purb->status);
7797 + if (status) {
7798 + dbg("%s - port %d Read int status not zero: %d",
7799 + __FUNCTION__, port->number, status);
7800 return;
7801 }
7802 -
7803 - tty = port->tty;
7804 - if (purb->actual_length) {
7805 -
7806 +
7807 + tty = port->tty;
7808 + if (urb->actual_length) {
7809 +
7810 // BEGIN DEBUG
7811 /*
7812 dbg_data = kzalloc((3 * purb->actual_length + 10) * sizeof(char), GFP_KERNEL);
7813 @@ -390,15 +383,15 @@ static void kobil_read_int_callback( struct urb *purb)
7814 */
7815 // END DEBUG
7817 - tty_buffer_request_room(tty, purb->actual_length);
7818 - tty_insert_flip_string(tty, data, purb->actual_length);
7819 + tty_buffer_request_room(tty, urb->actual_length);
7820 + tty_insert_flip_string(tty, data, urb->actual_length);
7821 tty_flip_buffer_push(tty);
7822 }
7824 // someone sets the dev to 0 if the close method has been called
7825 port->interrupt_in_urb->dev = port->serial->dev;
7827 - result = usb_submit_urb( port->interrupt_in_urb, GFP_ATOMIC );
7828 + result = usb_submit_urb(port->interrupt_in_urb, GFP_ATOMIC);
7829 dbg("%s - port %d Send read URB returns: %i", __FUNCTION__, port->number, result);
7830 }
7832 @@ -605,102 +598,79 @@ static int kobil_tiocmset(struct usb_serial_port *port, struct file *file,
7833 return (result < 0) ? result : 0;
7834 }
7836 -
7837 -static int kobil_ioctl(struct usb_serial_port *port, struct file *file,
7838 - unsigned int cmd, unsigned long arg)
7839 +static void kobil_set_termios(struct usb_serial_port *port, struct ktermios *old)
7840 {
7841 struct kobil_private * priv;
7842 int result;
7843 unsigned short urb_val = 0;
7844 - unsigned char *transfer_buffer;
7845 - int transfer_buffer_length = 8;
7846 - char *settings;
7847 - void __user *user_arg = (void __user *)arg;
7848 + int c_cflag = port->tty->termios->c_cflag;
7849 + speed_t speed;
7850 + void * settings;
7852 priv = usb_get_serial_port_data(port);
7853 - if ((priv->device_type == KOBIL_USBTWIN_PRODUCT_ID) || (priv->device_type == KOBIL_KAAN_SIM_PRODUCT_ID)) {
7854 + if (priv->device_type == KOBIL_USBTWIN_PRODUCT_ID || priv->device_type == KOBIL_KAAN_SIM_PRODUCT_ID)
7855 // This device doesn't support ioctl calls
7856 - return 0;
7857 - }
7858 -
7859 - switch (cmd) {
7860 - case TCGETS: // 0x5401
7861 - if (!access_ok(VERIFY_WRITE, user_arg, sizeof(struct ktermios))) {
7862 - dbg("%s - port %d Error in access_ok", __FUNCTION__, port->number);
7863 - return -EFAULT;
7864 - }
7865 - if (kernel_termios_to_user_termios((struct ktermios __user *)arg,
7866 - &priv->internal_termios))
7867 - return -EFAULT;
7868 - return 0;
7869 -
7870 - case TCSETS: // 0x5402
7871 - if (!(port->tty->termios)) {
7872 - dbg("%s - port %d Error: port->tty->termios is NULL", __FUNCTION__, port->number);
7873 - return -ENOTTY;
7874 - }
7875 - if (!access_ok(VERIFY_READ, user_arg, sizeof(struct ktermios))) {
7876 - dbg("%s - port %d Error in access_ok", __FUNCTION__, port->number);
7877 - return -EFAULT;
7878 - }
7879 - if (user_termios_to_kernel_termios(&priv->internal_termios,
7880 - (struct ktermios __user *)arg))
7881 - return -EFAULT;
7882 -
7883 - settings = kzalloc(50, GFP_KERNEL);
7884 - if (! settings) {
7885 - return -ENOBUFS;
7886 - }
7887 + return;
7889 - switch (priv->internal_termios.c_cflag & CBAUD) {
7890 - case B1200:
7891 + switch (speed = tty_get_baud_rate(port->tty)) {
7892 + case 1200:
7893 urb_val = SUSBCR_SBR_1200;
7894 - strcat(settings, "1200 ");
7895 break;
7896 - case B9600:
7897 + case 9600:
7898 default:
7899 urb_val = SUSBCR_SBR_9600;
7900 - strcat(settings, "9600 ");
7901 break;
7902 - }
7903 + }
7904 + urb_val |= (c_cflag & CSTOPB) ? SUSBCR_SPASB_2StopBits : SUSBCR_SPASB_1StopBit;
7906 - urb_val |= (priv->internal_termios.c_cflag & CSTOPB) ? SUSBCR_SPASB_2StopBits : SUSBCR_SPASB_1StopBit;
7907 - strcat(settings, (priv->internal_termios.c_cflag & CSTOPB) ? "2 StopBits " : "1 StopBit ");
7908 + settings = kzalloc(50, GFP_KERNEL);
7909 + if (! settings)
7910 + return;
7912 - if (priv->internal_termios.c_cflag & PARENB) {
7913 - if (priv->internal_termios.c_cflag & PARODD) {
7914 - urb_val |= SUSBCR_SPASB_OddParity;
7915 - strcat(settings, "Odd Parity");
7916 - } else {
7917 - urb_val |= SUSBCR_SPASB_EvenParity;
7918 - strcat(settings, "Even Parity");
7919 - }
7920 + sprintf(settings, "%d ", speed);
7921 +
7922 + if (c_cflag & PARENB) {
7923 + if (c_cflag & PARODD) {
7924 + urb_val |= SUSBCR_SPASB_OddParity;
7925 + strcat(settings, "Odd Parity");
7926 } else {
7927 - urb_val |= SUSBCR_SPASB_NoParity;
7928 - strcat(settings, "No Parity");
7929 + urb_val |= SUSBCR_SPASB_EvenParity;
7930 + strcat(settings, "Even Parity");
7931 }
7932 - dbg("%s - port %d setting port to: %s", __FUNCTION__, port->number, settings );
7933 + } else {
7934 + urb_val |= SUSBCR_SPASB_NoParity;
7935 + strcat(settings, "No Parity");
7936 + }
7938 - result = usb_control_msg( port->serial->dev,
7939 - usb_rcvctrlpipe(port->serial->dev, 0 ),
7940 - SUSBCRequest_SetBaudRateParityAndStopBits,
7941 - USB_TYPE_VENDOR | USB_RECIP_ENDPOINT | USB_DIR_OUT,
7942 - urb_val,
7943 - 0,
7944 - settings,
7945 - 0,
7946 - KOBIL_TIMEOUT
7947 - );
7948 + result = usb_control_msg( port->serial->dev,
7949 + usb_rcvctrlpipe(port->serial->dev, 0 ),
7950 + SUSBCRequest_SetBaudRateParityAndStopBits,
7951 + USB_TYPE_VENDOR | USB_RECIP_ENDPOINT | USB_DIR_OUT,
7952 + urb_val,
7953 + 0,
7954 + settings,
7955 + 0,
7956 + KOBIL_TIMEOUT
7957 + );
7958 + kfree(settings);
7959 +}
7961 - dbg("%s - port %d Send set_baudrate URB returns: %i", __FUNCTION__, port->number, result);
7962 - kfree(settings);
7963 +static int kobil_ioctl(struct usb_serial_port *port, struct file * file, unsigned int cmd, unsigned long arg)
7964 +{
7965 + struct kobil_private * priv = usb_get_serial_port_data(port);
7966 + unsigned char *transfer_buffer;
7967 + int transfer_buffer_length = 8;
7968 + int result;
7969 +
7970 + if (priv->device_type == KOBIL_USBTWIN_PRODUCT_ID || priv->device_type == KOBIL_KAAN_SIM_PRODUCT_ID)
7971 + // This device doesn't support ioctl calls
7972 return 0;
7974 + switch (cmd) {
7975 case TCFLSH: // 0x540B
7976 transfer_buffer = kmalloc(transfer_buffer_length, GFP_KERNEL);
7977 - if (! transfer_buffer) {
7978 + if (! transfer_buffer)
7979 return -ENOBUFS;
7980 - }
7982 result = usb_control_msg( port->serial->dev,
7983 usb_rcvctrlpipe(port->serial->dev, 0 ),
7984 @@ -714,15 +684,13 @@ static int kobil_ioctl(struct usb_serial_port *port, struct file *file,
7985 );
7987 dbg("%s - port %d Send reset_all_queues (FLUSH) URB returns: %i", __FUNCTION__, port->number, result);
7988 -
7989 kfree(transfer_buffer);
7990 - return ((result < 0) ? -EFAULT : 0);
7991 -
7992 + return (result < 0) ? -EFAULT : 0;
7993 + default:
7994 + return -ENOIOCTLCMD;
7995 }
7996 - return -ENOIOCTLCMD;
7997 }
7999 -
8000 static int __init kobil_init (void)
8001 {
8002 int retval;
8003 diff --git a/drivers/video/backlight/cr_bllcd.c b/drivers/video/backlight/cr_bllcd.c
8004 index e9bbc34..1b3f658 100644
8005 --- a/drivers/video/backlight/cr_bllcd.c
8006 +++ b/drivers/video/backlight/cr_bllcd.c
8007 @@ -174,7 +174,7 @@ static int cr_backlight_probe(struct platform_device *pdev)
8008 struct cr_panel *crp;
8009 u8 dev_en;
8011 - crp = kzalloc(sizeof(crp), GFP_KERNEL);
8012 + crp = kzalloc(sizeof(*crp), GFP_KERNEL);
8013 if (crp == NULL)
8014 return -ENOMEM;
8016 diff --git a/drivers/video/fb_ddc.c b/drivers/video/fb_ddc.c
8017 index f836137..a0df632 100644
8018 --- a/drivers/video/fb_ddc.c
8019 +++ b/drivers/video/fb_ddc.c
8020 @@ -56,13 +56,12 @@ unsigned char *fb_ddc_read(struct i2c_adapter *adapter)
8021 int i, j;
8023 algo_data->setscl(algo_data->data, 1);
8024 - algo_data->setscl(algo_data->data, 0);
8026 for (i = 0; i < 3; i++) {
8027 /* For some old monitors we need the
8028 * following process to initialize/stop DDC
8029 */
8030 - algo_data->setsda(algo_data->data, 0);
8031 + algo_data->setsda(algo_data->data, 1);
8032 msleep(13);
8034 algo_data->setscl(algo_data->data, 1);
8035 @@ -97,14 +96,15 @@ unsigned char *fb_ddc_read(struct i2c_adapter *adapter)
8036 algo_data->setsda(algo_data->data, 1);
8037 msleep(15);
8038 algo_data->setscl(algo_data->data, 0);
8039 + algo_data->setsda(algo_data->data, 0);
8040 if (edid)
8041 break;
8042 }
8043 /* Release the DDC lines when done or the Apple Cinema HD display
8044 * will switch off
8045 */
8046 - algo_data->setsda(algo_data->data, 0);
8047 - algo_data->setscl(algo_data->data, 0);
8048 + algo_data->setsda(algo_data->data, 1);
8049 + algo_data->setscl(algo_data->data, 1);
8051 return edid;
8052 }
8053 diff --git a/drivers/video/macmodes.c b/drivers/video/macmodes.c
8054 index ab21495..083f603 100644
8055 --- a/drivers/video/macmodes.c
8056 +++ b/drivers/video/macmodes.c
8057 @@ -369,9 +369,8 @@ EXPORT_SYMBOL(mac_map_monitor_sense);
8058 *
8059 */
8061 -int __devinit mac_find_mode(struct fb_var_screeninfo *var,
8062 - struct fb_info *info, const char *mode_option,
8063 - unsigned int default_bpp)
8064 +int mac_find_mode(struct fb_var_screeninfo *var, struct fb_info *info,
8065 + const char *mode_option, unsigned int default_bpp)
8066 {
8067 const struct fb_videomode *db = NULL;
8068 unsigned int dbsize = 0;
8069 diff --git a/drivers/video/macmodes.h b/drivers/video/macmodes.h
8070 index babeb81..b86ba08 100644
8071 --- a/drivers/video/macmodes.h
8072 +++ b/drivers/video/macmodes.h
8073 @@ -55,10 +55,10 @@ extern int mac_vmode_to_var(int vmode, int cmode,
8074 extern int mac_var_to_vmode(const struct fb_var_screeninfo *var, int *vmode,
8075 int *cmode);
8076 extern int mac_map_monitor_sense(int sense);
8077 -extern int __devinit mac_find_mode(struct fb_var_screeninfo *var,
8078 - struct fb_info *info,
8079 - const char *mode_option,
8080 - unsigned int default_bpp);
8081 +extern int mac_find_mode(struct fb_var_screeninfo *var,
8082 + struct fb_info *info,
8083 + const char *mode_option,
8084 + unsigned int default_bpp);
8087 /*
8088 diff --git a/drivers/video/stifb.c b/drivers/video/stifb.c
8089 index c97709e..e7c8db2 100644
8090 --- a/drivers/video/stifb.c
8091 +++ b/drivers/video/stifb.c
8092 @@ -1100,13 +1100,18 @@ stifb_init_fb(struct sti_struct *sti, int bpp_pref)
8093 /* only supported cards are allowed */
8094 switch (fb->id) {
8095 case CRT_ID_VISUALIZE_EG:
8096 - /* look for a double buffering device like e.g. the
8097 - "INTERNAL_EG_DX1024" in the RDI precisionbook laptop
8098 - which won't work. The same device in non-double
8099 - buffering mode returns "INTERNAL_EG_X1024". */
8100 - if (strstr(sti->outptr.dev_name, "EG_DX")) {
8101 - printk(KERN_WARNING
8102 - "stifb: ignoring '%s'. Disable double buffering in IPL menu.\n",
8103 + /* Visualize cards can run either in "double buffer" or
8104 + "standard" mode. Depending on the mode, the card reports
8105 + a different device name, e.g. "INTERNAL_EG_DX1024" in double
8106 + buffer mode and "INTERNAL_EG_X1024" in standard mode.
8107 + Since this driver only supports standard mode, we check
8108 + if the device name contains the string "DX" and tell the
8109 + user how to reconfigure the card. */
8110 + if (strstr(sti->outptr.dev_name, "DX")) {
8111 + printk(KERN_WARNING "WARNING: stifb framebuffer driver does not "
8112 + "support '%s' in double-buffer mode.\n"
8113 + KERN_WARNING "WARNING: Please disable the double-buffer mode "
8114 + "in IPL menu (the PARISC-BIOS).\n",
8115 sti->outptr.dev_name);
8116 goto out_err0;
8117 }
8118 diff --git a/fs/9p/conv.c b/fs/9p/conv.c
8119 index a3ed571..923d75c 100644
8120 --- a/fs/9p/conv.c
8121 +++ b/fs/9p/conv.c
8122 @@ -742,6 +742,7 @@ struct v9fs_fcall *v9fs_create_twrite(u32 fid, u64 offset, u32 count,
8123 if (err) {
8124 kfree(fc);
8125 fc = ERR_PTR(err);
8126 + goto error;
8127 }
8129 if (buf_check_overflow(bufp)) {
8130 diff --git a/fs/afs/mntpt.c b/fs/afs/mntpt.c
8131 index a3684dc..6f8c96f 100644
8132 --- a/fs/afs/mntpt.c
8133 +++ b/fs/afs/mntpt.c
8134 @@ -235,8 +235,8 @@ static void *afs_mntpt_follow_link(struct dentry *dentry, struct nameidata *nd)
8135 err = do_add_mount(newmnt, nd, MNT_SHRINKABLE, &afs_vfsmounts);
8136 switch (err) {
8137 case 0:
8138 - mntput(nd->mnt);
8139 dput(nd->dentry);
8140 + mntput(nd->mnt);
8141 nd->mnt = newmnt;
8142 nd->dentry = dget(newmnt->mnt_root);
8143 schedule_delayed_work(&afs_mntpt_expiry_timer,
8144 diff --git a/fs/direct-io.c b/fs/direct-io.c
8145 index 52bb263..6874785 100644
8146 --- a/fs/direct-io.c
8147 +++ b/fs/direct-io.c
8148 @@ -974,6 +974,7 @@ direct_io_worker(int rw, struct kiocb *iocb, struct inode *inode,
8149 dio->get_block = get_block;
8150 dio->end_io = end_io;
8151 dio->map_bh.b_private = NULL;
8152 + dio->map_bh.b_state = 0;
8153 dio->final_block_in_bio = -1;
8154 dio->next_block_for_io = -1;
8156 diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
8157 index 83e94fe..9c6877c 100644
8158 --- a/fs/ecryptfs/inode.c
8159 +++ b/fs/ecryptfs/inode.c
8160 @@ -902,8 +902,9 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
8161 mutex_lock(&crypt_stat->cs_mutex);
8162 if (S_ISDIR(dentry->d_inode->i_mode))
8163 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
8164 - else if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
8165 - || !(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
8166 + else if (S_ISREG(dentry->d_inode->i_mode)
8167 + && (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
8168 + || !(crypt_stat->flags & ECRYPTFS_KEY_VALID))) {
8169 struct vfsmount *lower_mnt;
8170 struct file *lower_file = NULL;
8171 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
8172 diff --git a/fs/exec.c b/fs/exec.c
8173 index f20561f..224e973 100644
8174 --- a/fs/exec.c
8175 +++ b/fs/exec.c
8176 @@ -586,18 +586,12 @@ static int de_thread(struct task_struct *tsk)
8177 int count;
8179 /*
8180 - * Tell all the sighand listeners that this sighand has
8181 - * been detached. The signalfd_detach() function grabs the
8182 - * sighand lock, if signal listeners are present on the sighand.
8183 - */
8184 - signalfd_detach(tsk);
8185 -
8186 - /*
8187 * If we don't share sighandlers, then we aren't sharing anything
8188 * and we can just re-use it all.
8189 */
8190 if (atomic_read(&oldsighand->count) <= 1) {
8191 BUG_ON(atomic_read(&sig->count) != 1);
8192 + signalfd_detach(tsk);
8193 exit_itimers(sig);
8194 return 0;
8195 }
8196 @@ -736,6 +730,7 @@ static int de_thread(struct task_struct *tsk)
8197 sig->flags = 0;
8199 no_thread_group:
8200 + signalfd_detach(tsk);
8201 exit_itimers(sig);
8202 if (leader)
8203 release_task(leader);
8204 @@ -890,9 +885,12 @@ int flush_old_exec(struct linux_binprm * bprm)
8205 */
8206 current->mm->task_size = TASK_SIZE;
8208 - if (bprm->e_uid != current->euid || bprm->e_gid != current->egid ||
8209 - file_permission(bprm->file, MAY_READ) ||
8210 - (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
8211 + if (bprm->e_uid != current->euid || bprm->e_gid != current->egid) {
8212 + suid_keys(current);
8213 + current->mm->dumpable = suid_dumpable;
8214 + current->pdeath_signal = 0;
8215 + } else if (file_permission(bprm->file, MAY_READ) ||
8216 + (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
8217 suid_keys(current);
8218 current->mm->dumpable = suid_dumpable;
8219 }
8220 @@ -983,8 +981,10 @@ void compute_creds(struct linux_binprm *bprm)
8221 {
8222 int unsafe;
8224 - if (bprm->e_uid != current->uid)
8225 + if (bprm->e_uid != current->uid) {
8226 suid_keys(current);
8227 + current->pdeath_signal = 0;
8228 + }
8229 exec_keys(current);
8231 task_lock(current);
8232 @@ -1561,6 +1561,12 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
8233 but keep the previous behaviour for now. */
8234 if (!ispipe && !S_ISREG(inode->i_mode))
8235 goto close_fail;
8236 + /*
8237 + * Dont allow local users get cute and trick others to coredump
8238 + * into their pre-created files:
8239 + */
8240 + if (inode->i_uid != current->fsuid)
8241 + goto close_fail;
8242 if (!file->f_op)
8243 goto close_fail;
8244 if (!file->f_op->write)
8245 diff --git a/fs/ext3/namei.c b/fs/ext3/namei.c
8246 index 9bb046d..e54eb5f 100644
8247 --- a/fs/ext3/namei.c
8248 +++ b/fs/ext3/namei.c
8249 @@ -140,7 +140,8 @@ struct dx_frame
8250 struct dx_map_entry
8251 {
8252 u32 hash;
8253 - u32 offs;
8254 + u16 offs;
8255 + u16 size;
8256 };
8258 #ifdef CONFIG_EXT3_INDEX
8259 @@ -379,13 +380,28 @@ dx_probe(struct dentry *dentry, struct inode *dir,
8261 entries = (struct dx_entry *) (((char *)&root->info) +
8262 root->info.info_length);
8263 - assert(dx_get_limit(entries) == dx_root_limit(dir,
8264 - root->info.info_length));
8265 +
8266 + if (dx_get_limit(entries) != dx_root_limit(dir,
8267 + root->info.info_length)) {
8268 + ext3_warning(dir->i_sb, __FUNCTION__,
8269 + "dx entry: limit != root limit");
8270 + brelse(bh);
8271 + *err = ERR_BAD_DX_DIR;
8272 + goto fail;
8273 + }
8274 +
8275 dxtrace (printk("Look up %x", hash));
8276 while (1)
8277 {
8278 count = dx_get_count(entries);
8279 - assert (count && count <= dx_get_limit(entries));
8280 + if (!count || count > dx_get_limit(entries)) {
8281 + ext3_warning(dir->i_sb, __FUNCTION__,
8282 + "dx entry: no count or count > limit");
8283 + brelse(bh);
8284 + *err = ERR_BAD_DX_DIR;
8285 + goto fail2;
8286 + }
8287 +
8288 p = entries + 1;
8289 q = entries + count - 1;
8290 while (p <= q)
8291 @@ -423,8 +439,15 @@ dx_probe(struct dentry *dentry, struct inode *dir,
8292 if (!(bh = ext3_bread (NULL,dir, dx_get_block(at), 0, err)))
8293 goto fail2;
8294 at = entries = ((struct dx_node *) bh->b_data)->entries;
8295 - assert (dx_get_limit(entries) == dx_node_limit (dir));
8296 + if (dx_get_limit(entries) != dx_node_limit (dir)) {
8297 + ext3_warning(dir->i_sb, __FUNCTION__,
8298 + "dx entry: limit != node limit");
8299 + brelse(bh);
8300 + *err = ERR_BAD_DX_DIR;
8301 + goto fail2;
8302 + }
8303 frame++;
8304 + frame->bh = NULL;
8305 }
8306 fail2:
8307 while (frame >= frame_in) {
8308 @@ -432,6 +455,10 @@ fail2:
8309 frame--;
8310 }
8311 fail:
8312 + if (*err == ERR_BAD_DX_DIR)
8313 + ext3_warning(dir->i_sb, __FUNCTION__,
8314 + "Corrupt dir inode %ld, running e2fsck is "
8315 + "recommended.", dir->i_ino);
8316 return NULL;
8317 }
8319 @@ -671,6 +698,10 @@ errout:
8320 * Directory block splitting, compacting
8321 */
8323 +/*
8324 + * Create map of hash values, offsets, and sizes, stored at end of block.
8325 + * Returns number of entries mapped.
8326 + */
8327 static int dx_make_map (struct ext3_dir_entry_2 *de, int size,
8328 struct dx_hash_info *hinfo, struct dx_map_entry *map_tail)
8329 {
8330 @@ -684,7 +715,8 @@ static int dx_make_map (struct ext3_dir_entry_2 *de, int size,
8331 ext3fs_dirhash(de->name, de->name_len, &h);
8332 map_tail--;
8333 map_tail->hash = h.hash;
8334 - map_tail->offs = (u32) ((char *) de - base);
8335 + map_tail->offs = (u16) ((char *) de - base);
8336 + map_tail->size = le16_to_cpu(de->rec_len);
8337 count++;
8338 cond_resched();
8339 }
8340 @@ -694,6 +726,7 @@ static int dx_make_map (struct ext3_dir_entry_2 *de, int size,
8341 return count;
8342 }
8344 +/* Sort map by hash value */
8345 static void dx_sort_map (struct dx_map_entry *map, unsigned count)
8346 {
8347 struct dx_map_entry *p, *q, *top = map + count - 1;
8348 @@ -1081,6 +1114,10 @@ static inline void ext3_set_de_type(struct super_block *sb,
8349 }
8351 #ifdef CONFIG_EXT3_INDEX
8352 +/*
8353 + * Move count entries from end of map between two memory locations.
8354 + * Returns pointer to last entry moved.
8355 + */
8356 static struct ext3_dir_entry_2 *
8357 dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count)
8358 {
8359 @@ -1099,6 +1136,10 @@ dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count)
8360 return (struct ext3_dir_entry_2 *) (to - rec_len);
8361 }
8363 +/*
8364 + * Compact each dir entry in the range to the minimal rec_len.
8365 + * Returns pointer to last entry in range.
8366 + */
8367 static struct ext3_dir_entry_2* dx_pack_dirents(char *base, int size)
8368 {
8369 struct ext3_dir_entry_2 *next, *to, *prev, *de = (struct ext3_dir_entry_2 *) base;
8370 @@ -1121,6 +1162,11 @@ static struct ext3_dir_entry_2* dx_pack_dirents(char *base, int size)
8371 return prev;
8372 }
8374 +/*
8375 + * Split a full leaf block to make room for a new dir entry.
8376 + * Allocate a new block, and move entries so that they are approx. equally full.
8377 + * Returns pointer to de in block into which the new entry will be inserted.
8378 + */
8379 static struct ext3_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
8380 struct buffer_head **bh,struct dx_frame *frame,
8381 struct dx_hash_info *hinfo, int *error)
8382 @@ -1132,7 +1178,7 @@ static struct ext3_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
8383 u32 hash2;
8384 struct dx_map_entry *map;
8385 char *data1 = (*bh)->b_data, *data2;
8386 - unsigned split;
8387 + unsigned split, move, size, i;
8388 struct ext3_dir_entry_2 *de = NULL, *de2;
8389 int err = 0;
8391 @@ -1160,8 +1206,19 @@ static struct ext3_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
8392 count = dx_make_map ((struct ext3_dir_entry_2 *) data1,
8393 blocksize, hinfo, map);
8394 map -= count;
8395 - split = count/2; // need to adjust to actual middle
8396 dx_sort_map (map, count);
8397 + /* Split the existing block in the middle, size-wise */
8398 + size = 0;
8399 + move = 0;
8400 + for (i = count-1; i >= 0; i--) {
8401 + /* is more than half of this entry in 2nd half of the block? */
8402 + if (size + map[i].size/2 > blocksize/2)
8403 + break;
8404 + size += map[i].size;
8405 + move++;
8406 + }
8407 + /* map index at which we will split */
8408 + split = count - move;
8409 hash2 = map[split].hash;
8410 continued = hash2 == map[split - 1].hash;
8411 dxtrace(printk("Split block %i at %x, %i/%i\n",
8412 diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
8413 index b9ce241..fd10229 100644
8414 --- a/fs/ext4/extents.c
8415 +++ b/fs/ext4/extents.c
8416 @@ -1445,7 +1445,7 @@ int ext4_ext_walk_space(struct inode *inode, unsigned long block,
8418 static void
8419 ext4_ext_put_in_cache(struct inode *inode, __u32 block,
8420 - __u32 len, __u32 start, int type)
8421 + __u32 len, ext4_fsblk_t start, int type)
8422 {
8423 struct ext4_ext_cache *cex;
8424 BUG_ON(len == 0);
8425 diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
8426 index 2811e57..7bb8d7c 100644
8427 --- a/fs/ext4/namei.c
8428 +++ b/fs/ext4/namei.c
8429 @@ -140,7 +140,8 @@ struct dx_frame
8430 struct dx_map_entry
8431 {
8432 u32 hash;
8433 - u32 offs;
8434 + u16 offs;
8435 + u16 size;
8436 };
8438 #ifdef CONFIG_EXT4_INDEX
8439 @@ -379,13 +380,28 @@ dx_probe(struct dentry *dentry, struct inode *dir,
8441 entries = (struct dx_entry *) (((char *)&root->info) +
8442 root->info.info_length);
8443 - assert(dx_get_limit(entries) == dx_root_limit(dir,
8444 - root->info.info_length));
8445 +
8446 + if (dx_get_limit(entries) != dx_root_limit(dir,
8447 + root->info.info_length)) {
8448 + ext4_warning(dir->i_sb, __FUNCTION__,
8449 + "dx entry: limit != root limit");
8450 + brelse(bh);
8451 + *err = ERR_BAD_DX_DIR;
8452 + goto fail;
8453 + }
8454 +
8455 dxtrace (printk("Look up %x", hash));
8456 while (1)
8457 {
8458 count = dx_get_count(entries);
8459 - assert (count && count <= dx_get_limit(entries));
8460 + if (!count || count > dx_get_limit(entries)) {
8461 + ext4_warning(dir->i_sb, __FUNCTION__,
8462 + "dx entry: no count or count > limit");
8463 + brelse(bh);
8464 + *err = ERR_BAD_DX_DIR;
8465 + goto fail2;
8466 + }
8467 +
8468 p = entries + 1;
8469 q = entries + count - 1;
8470 while (p <= q)
8471 @@ -423,8 +439,15 @@ dx_probe(struct dentry *dentry, struct inode *dir,
8472 if (!(bh = ext4_bread (NULL,dir, dx_get_block(at), 0, err)))
8473 goto fail2;
8474 at = entries = ((struct dx_node *) bh->b_data)->entries;
8475 - assert (dx_get_limit(entries) == dx_node_limit (dir));
8476 + if (dx_get_limit(entries) != dx_node_limit (dir)) {
8477 + ext4_warning(dir->i_sb, __FUNCTION__,
8478 + "dx entry: limit != node limit");
8479 + brelse(bh);
8480 + *err = ERR_BAD_DX_DIR;
8481 + goto fail2;
8482 + }
8483 frame++;
8484 + frame->bh = NULL;
8485 }
8486 fail2:
8487 while (frame >= frame_in) {
8488 @@ -432,6 +455,10 @@ fail2:
8489 frame--;
8490 }
8491 fail:
8492 + if (*err == ERR_BAD_DX_DIR)
8493 + ext4_warning(dir->i_sb, __FUNCTION__,
8494 + "Corrupt dir inode %ld, running e2fsck is "
8495 + "recommended.", dir->i_ino);
8496 return NULL;
8497 }
8499 @@ -671,6 +698,10 @@ errout:
8500 * Directory block splitting, compacting
8501 */
8503 +/*
8504 + * Create map of hash values, offsets, and sizes, stored at end of block.
8505 + * Returns number of entries mapped.
8506 + */
8507 static int dx_make_map (struct ext4_dir_entry_2 *de, int size,
8508 struct dx_hash_info *hinfo, struct dx_map_entry *map_tail)
8509 {
8510 @@ -684,7 +715,8 @@ static int dx_make_map (struct ext4_dir_entry_2 *de, int size,
8511 ext4fs_dirhash(de->name, de->name_len, &h);
8512 map_tail--;
8513 map_tail->hash = h.hash;
8514 - map_tail->offs = (u32) ((char *) de - base);
8515 + map_tail->offs = (u16) ((char *) de - base);
8516 + map_tail->size = le16_to_cpu(de->rec_len);
8517 count++;
8518 cond_resched();
8519 }
8520 @@ -694,6 +726,7 @@ static int dx_make_map (struct ext4_dir_entry_2 *de, int size,
8521 return count;
8522 }
8524 +/* Sort map by hash value */
8525 static void dx_sort_map (struct dx_map_entry *map, unsigned count)
8526 {
8527 struct dx_map_entry *p, *q, *top = map + count - 1;
8528 @@ -1079,6 +1112,10 @@ static inline void ext4_set_de_type(struct super_block *sb,
8529 }
8531 #ifdef CONFIG_EXT4_INDEX
8532 +/*
8533 + * Move count entries from end of map between two memory locations.
8534 + * Returns pointer to last entry moved.
8535 + */
8536 static struct ext4_dir_entry_2 *
8537 dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count)
8538 {
8539 @@ -1097,6 +1134,10 @@ dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count)
8540 return (struct ext4_dir_entry_2 *) (to - rec_len);
8541 }
8543 +/*
8544 + * Compact each dir entry in the range to the minimal rec_len.
8545 + * Returns pointer to last entry in range.
8546 + */
8547 static struct ext4_dir_entry_2* dx_pack_dirents(char *base, int size)
8548 {
8549 struct ext4_dir_entry_2 *next, *to, *prev, *de = (struct ext4_dir_entry_2 *) base;
8550 @@ -1119,6 +1160,11 @@ static struct ext4_dir_entry_2* dx_pack_dirents(char *base, int size)
8551 return prev;
8552 }
8554 +/*
8555 + * Split a full leaf block to make room for a new dir entry.
8556 + * Allocate a new block, and move entries so that they are approx. equally full.
8557 + * Returns pointer to de in block into which the new entry will be inserted.
8558 + */
8559 static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
8560 struct buffer_head **bh,struct dx_frame *frame,
8561 struct dx_hash_info *hinfo, int *error)
8562 @@ -1130,7 +1176,7 @@ static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
8563 u32 hash2;
8564 struct dx_map_entry *map;
8565 char *data1 = (*bh)->b_data, *data2;
8566 - unsigned split;
8567 + unsigned split, move, size, i;
8568 struct ext4_dir_entry_2 *de = NULL, *de2;
8569 int err = 0;
8571 @@ -1158,8 +1204,19 @@ static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
8572 count = dx_make_map ((struct ext4_dir_entry_2 *) data1,
8573 blocksize, hinfo, map);
8574 map -= count;
8575 - split = count/2; // need to adjust to actual middle
8576 dx_sort_map (map, count);
8577 + /* Split the existing block in the middle, size-wise */
8578 + size = 0;
8579 + move = 0;
8580 + for (i = count-1; i >= 0; i--) {
8581 + /* is more than half of this entry in 2nd half of the block? */
8582 + if (size + map[i].size/2 > blocksize/2)
8583 + break;
8584 + size += map[i].size;
8585 + move++;
8586 + }
8587 + /* map index at which we will split */
8588 + split = count - move;
8589 hash2 = map[split].hash;
8590 continued = hash2 == map[split - 1].hash;
8591 dxtrace(printk("Split block %i at %x, %i/%i\n",
8592 diff --git a/fs/jbd/commit.c b/fs/jbd/commit.c
8593 index 1facfaf..a003d50 100644
8594 --- a/fs/jbd/commit.c
8595 +++ b/fs/jbd/commit.c
8596 @@ -887,7 +887,8 @@ restart_loop:
8597 journal->j_committing_transaction = NULL;
8598 spin_unlock(&journal->j_state_lock);
8600 - if (commit_transaction->t_checkpoint_list == NULL) {
8601 + if (commit_transaction->t_checkpoint_list == NULL &&
8602 + commit_transaction->t_checkpoint_io_list == NULL) {
8603 __journal_drop_transaction(journal, commit_transaction);
8604 } else {
8605 if (journal->j_checkpoint_transactions == NULL) {
8606 diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c
8607 index 2856e11..c0f59d1 100644
8608 --- a/fs/jbd2/commit.c
8609 +++ b/fs/jbd2/commit.c
8610 @@ -896,7 +896,8 @@ restart_loop:
8611 journal->j_committing_transaction = NULL;
8612 spin_unlock(&journal->j_state_lock);
8614 - if (commit_transaction->t_checkpoint_list == NULL) {
8615 + if (commit_transaction->t_checkpoint_list == NULL &&
8616 + commit_transaction->t_checkpoint_io_list == NULL) {
8617 __jbd2_journal_drop_transaction(journal, commit_transaction);
8618 } else {
8619 if (journal->j_checkpoint_transactions == NULL) {
8620 diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c
8621 index 1d3b7a9..8bc727b 100644
8622 --- a/fs/jffs2/fs.c
8623 +++ b/fs/jffs2/fs.c
8624 @@ -627,7 +627,7 @@ unsigned char *jffs2_gc_fetch_page(struct jffs2_sb_info *c,
8625 struct inode *inode = OFNI_EDONI_2SFFJ(f);
8626 struct page *pg;
8628 - pg = read_cache_page(inode->i_mapping, offset >> PAGE_CACHE_SHIFT,
8629 + pg = read_cache_page_async(inode->i_mapping, offset >> PAGE_CACHE_SHIFT,
8630 (void *)jffs2_do_readpage_unlock, inode);
8631 if (IS_ERR(pg))
8632 return (void *)pg;
8633 diff --git a/fs/jffs2/write.c b/fs/jffs2/write.c
8634 index c9fe0ab..1b68a52 100644
8635 --- a/fs/jffs2/write.c
8636 +++ b/fs/jffs2/write.c
8637 @@ -553,6 +553,9 @@ int jffs2_do_unlink(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f,
8638 struct jffs2_full_dirent **prev = &dir_f->dents;
8639 uint32_t nhash = full_name_hash(name, namelen);
8641 + /* We don't actually want to reserve any space, but we do
8642 + want to be holding the alloc_sem when we write to flash */
8643 + down(&c->alloc_sem);
8644 down(&dir_f->sem);
8646 while ((*prev) && (*prev)->nhash <= nhash) {
8647 diff --git a/fs/lockd/svclock.c b/fs/lockd/svclock.c
8648 index b3efa45..7b951a2 100644
8649 --- a/fs/lockd/svclock.c
8650 +++ b/fs/lockd/svclock.c
8651 @@ -171,19 +171,14 @@ found:
8652 * GRANTED_RES message by cookie, without having to rely on the client's IP
8653 * address. --okir
8654 */
8655 -static inline struct nlm_block *
8656 -nlmsvc_create_block(struct svc_rqst *rqstp, struct nlm_file *file,
8657 - struct nlm_lock *lock, struct nlm_cookie *cookie)
8658 +static struct nlm_block *
8659 +nlmsvc_create_block(struct svc_rqst *rqstp, struct nlm_host *host,
8660 + struct nlm_file *file, struct nlm_lock *lock,
8661 + struct nlm_cookie *cookie)
8662 {
8663 struct nlm_block *block;
8664 - struct nlm_host *host;
8665 struct nlm_rqst *call = NULL;
8667 - /* Create host handle for callback */
8668 - host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len);
8669 - if (host == NULL)
8670 - return NULL;
8671 -
8672 call = nlm_alloc_call(host);
8673 if (call == NULL)
8674 return NULL;
8675 @@ -366,6 +361,7 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file,
8676 struct nlm_lock *lock, int wait, struct nlm_cookie *cookie)
8677 {
8678 struct nlm_block *block = NULL;
8679 + struct nlm_host *host;
8680 int error;
8681 __be32 ret;
8683 @@ -377,6 +373,10 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file,
8684 (long long)lock->fl.fl_end,
8685 wait);
8687 + /* Create host handle for callback */
8688 + host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len);
8689 + if (host == NULL)
8690 + return nlm_lck_denied_nolocks;
8692 /* Lock file against concurrent access */
8693 mutex_lock(&file->f_mutex);
8694 @@ -385,7 +385,8 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file,
8695 */
8696 block = nlmsvc_lookup_block(file, lock);
8697 if (block == NULL) {
8698 - block = nlmsvc_create_block(rqstp, file, lock, cookie);
8699 + block = nlmsvc_create_block(rqstp, nlm_get_host(host), file,
8700 + lock, cookie);
8701 ret = nlm_lck_denied_nolocks;
8702 if (block == NULL)
8703 goto out;
8704 @@ -449,6 +450,7 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file,
8705 out:
8706 mutex_unlock(&file->f_mutex);
8707 nlmsvc_release_block(block);
8708 + nlm_release_host(host);
8709 dprintk("lockd: nlmsvc_lock returned %u\n", ret);
8710 return ret;
8711 }
8712 @@ -477,10 +479,17 @@ nlmsvc_testlock(struct svc_rqst *rqstp, struct nlm_file *file,
8714 if (block == NULL) {
8715 struct file_lock *conf = kzalloc(sizeof(*conf), GFP_KERNEL);
8716 + struct nlm_host *host;
8718 if (conf == NULL)
8719 return nlm_granted;
8720 - block = nlmsvc_create_block(rqstp, file, lock, cookie);
8721 + /* Create host handle for callback */
8722 + host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len);
8723 + if (host == NULL) {
8724 + kfree(conf);
8725 + return nlm_lck_denied_nolocks;
8726 + }
8727 + block = nlmsvc_create_block(rqstp, host, file, lock, cookie);
8728 if (block == NULL) {
8729 kfree(conf);
8730 return nlm_granted;
8731 diff --git a/fs/locks.c b/fs/locks.c
8732 index 431a8b8..6428605 100644
8733 --- a/fs/locks.c
8734 +++ b/fs/locks.c
8735 @@ -786,7 +786,7 @@ find_conflict:
8736 if (request->fl_flags & FL_ACCESS)
8737 goto out;
8738 locks_copy_lock(new_fl, request);
8739 - locks_insert_lock(&inode->i_flock, new_fl);
8740 + locks_insert_lock(before, new_fl);
8741 new_fl = NULL;
8742 error = 0;
8744 diff --git a/fs/minix/itree_v1.c b/fs/minix/itree_v1.c
8745 index 1a5f3bf..82d6554 100644
8746 --- a/fs/minix/itree_v1.c
8747 +++ b/fs/minix/itree_v1.c
8748 @@ -23,11 +23,16 @@ static inline block_t *i_data(struct inode *inode)
8749 static int block_to_path(struct inode * inode, long block, int offsets[DEPTH])
8750 {
8751 int n = 0;
8752 + char b[BDEVNAME_SIZE];
8754 if (block < 0) {
8755 - printk("minix_bmap: block<0\n");
8756 + printk("MINIX-fs: block_to_path: block %ld < 0 on dev %s\n",
8757 + block, bdevname(inode->i_sb->s_bdev, b));
8758 } else if (block >= (minix_sb(inode->i_sb)->s_max_size/BLOCK_SIZE)) {
8759 - printk("minix_bmap: block>big\n");
8760 + if (printk_ratelimit())
8761 + printk("MINIX-fs: block_to_path: "
8762 + "block %ld too big on dev %s\n",
8763 + block, bdevname(inode->i_sb->s_bdev, b));
8764 } else if (block < 7) {
8765 offsets[n++] = block;
8766 } else if ((block -= 7) < 512) {
8767 diff --git a/fs/minix/itree_v2.c b/fs/minix/itree_v2.c
8768 index ad8f0de..f230109 100644
8769 --- a/fs/minix/itree_v2.c
8770 +++ b/fs/minix/itree_v2.c
8771 @@ -23,12 +23,17 @@ static inline block_t *i_data(struct inode *inode)
8772 static int block_to_path(struct inode * inode, long block, int offsets[DEPTH])
8773 {
8774 int n = 0;
8775 + char b[BDEVNAME_SIZE];
8776 struct super_block *sb = inode->i_sb;
8778 if (block < 0) {
8779 - printk("minix_bmap: block<0\n");
8780 + printk("MINIX-fs: block_to_path: block %ld < 0 on dev %s\n",
8781 + block, bdevname(sb->s_bdev, b));
8782 } else if (block >= (minix_sb(inode->i_sb)->s_max_size/sb->s_blocksize)) {
8783 - printk("minix_bmap: block>big\n");
8784 + if (printk_ratelimit())
8785 + printk("MINIX-fs: block_to_path: "
8786 + "block %ld too big on dev %s\n",
8787 + block, bdevname(sb->s_bdev, b));
8788 } else if (block < 7) {
8789 offsets[n++] = block;
8790 } else if ((block -= 7) < 256) {
8791 diff --git a/fs/namei.c b/fs/namei.c
8792 index 5e2d98d..8e209ce 100644
8793 --- a/fs/namei.c
8794 +++ b/fs/namei.c
8795 @@ -1543,7 +1543,7 @@ int may_open(struct nameidata *nd, int acc_mode, int flag)
8796 if (S_ISLNK(inode->i_mode))
8797 return -ELOOP;
8799 - if (S_ISDIR(inode->i_mode) && (flag & FMODE_WRITE))
8800 + if (S_ISDIR(inode->i_mode) && (acc_mode & MAY_WRITE))
8801 return -EISDIR;
8803 error = vfs_permission(nd, acc_mode);
8804 @@ -1562,7 +1562,7 @@ int may_open(struct nameidata *nd, int acc_mode, int flag)
8805 return -EACCES;
8807 flag &= ~O_TRUNC;
8808 - } else if (IS_RDONLY(inode) && (flag & FMODE_WRITE))
8809 + } else if (IS_RDONLY(inode) && (acc_mode & MAY_WRITE))
8810 return -EROFS;
8811 /*
8812 * An append-only file must be opened in append mode for writing.
8813 diff --git a/fs/ncpfs/mmap.c b/fs/ncpfs/mmap.c
8814 index 70a6911..f87de97 100644
8815 --- a/fs/ncpfs/mmap.c
8816 +++ b/fs/ncpfs/mmap.c
8817 @@ -47,9 +47,6 @@ static struct page* ncp_file_mmap_nopage(struct vm_area_struct *area,
8818 pos = address - area->vm_start + (area->vm_pgoff << PAGE_SHIFT);
8820 count = PAGE_SIZE;
8821 - if (address + PAGE_SIZE > area->vm_end) {
8822 - count = area->vm_end - address;
8823 - }
8824 /* what we can read in one go */
8825 bufsize = NCP_SERVER(inode)->buffer_size;
8827 diff --git a/fs/nfs/client.c b/fs/nfs/client.c
8828 index 881fa49..b6fd8a7 100644
8829 --- a/fs/nfs/client.c
8830 +++ b/fs/nfs/client.c
8831 @@ -433,9 +433,6 @@ static int nfs_create_rpc_client(struct nfs_client *clp, int proto,
8832 */
8833 static void nfs_destroy_server(struct nfs_server *server)
8834 {
8835 - if (!IS_ERR(server->client_acl))
8836 - rpc_shutdown_client(server->client_acl);
8837 -
8838 if (!(server->flags & NFS_MOUNT_NONLM))
8839 lockd_down(); /* release rpc.lockd */
8840 }
8841 @@ -614,16 +611,6 @@ static int nfs_init_server(struct nfs_server *server, const struct nfs_mount_dat
8842 server->namelen = data->namlen;
8843 /* Create a client RPC handle for the NFSv3 ACL management interface */
8844 nfs_init_server_aclclient(server);
8845 - if (clp->cl_nfsversion == 3) {
8846 - if (server->namelen == 0 || server->namelen > NFS3_MAXNAMLEN)
8847 - server->namelen = NFS3_MAXNAMLEN;
8848 - if (!(data->flags & NFS_MOUNT_NORDIRPLUS))
8849 - server->caps |= NFS_CAP_READDIRPLUS;
8850 - } else {
8851 - if (server->namelen == 0 || server->namelen > NFS2_MAXNAMLEN)
8852 - server->namelen = NFS2_MAXNAMLEN;
8853 - }
8854 -
8855 dprintk("<-- nfs_init_server() = 0 [new %p]\n", clp);
8856 return 0;
8858 @@ -781,6 +768,9 @@ void nfs_free_server(struct nfs_server *server)
8860 if (server->destroy != NULL)
8861 server->destroy(server);
8862 +
8863 + if (!IS_ERR(server->client_acl))
8864 + rpc_shutdown_client(server->client_acl);
8865 if (!IS_ERR(server->client))
8866 rpc_shutdown_client(server->client);
8868 @@ -820,6 +810,16 @@ struct nfs_server *nfs_create_server(const struct nfs_mount_data *data,
8869 error = nfs_probe_fsinfo(server, mntfh, &fattr);
8870 if (error < 0)
8871 goto error;
8872 + if (server->nfs_client->rpc_ops->version == 3) {
8873 + if (server->namelen == 0 || server->namelen > NFS3_MAXNAMLEN)
8874 + server->namelen = NFS3_MAXNAMLEN;
8875 + if (!(data->flags & NFS_MOUNT_NORDIRPLUS))
8876 + server->caps |= NFS_CAP_READDIRPLUS;
8877 + } else {
8878 + if (server->namelen == 0 || server->namelen > NFS2_MAXNAMLEN)
8879 + server->namelen = NFS2_MAXNAMLEN;
8880 + }
8881 +
8882 if (!(fattr.valid & NFS_ATTR_FATTR)) {
8883 error = server->nfs_client->rpc_ops->getattr(server, mntfh, &fattr);
8884 if (error < 0) {
8885 @@ -1010,6 +1010,9 @@ struct nfs_server *nfs4_create_server(const struct nfs4_mount_data *data,
8886 if (error < 0)
8887 goto error;
8889 + if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN)
8890 + server->namelen = NFS4_MAXNAMLEN;
8891 +
8892 BUG_ON(!server->nfs_client);
8893 BUG_ON(!server->nfs_client->rpc_ops);
8894 BUG_ON(!server->nfs_client->rpc_ops->file_inode_ops);
8895 @@ -1082,6 +1085,9 @@ struct nfs_server *nfs4_create_referral_server(struct nfs_clone_mount *data,
8896 if (error < 0)
8897 goto error;
8899 + if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN)
8900 + server->namelen = NFS4_MAXNAMLEN;
8901 +
8902 dprintk("Referral FSID: %llx:%llx\n",
8903 (unsigned long long) server->fsid.major,
8904 (unsigned long long) server->fsid.minor);
8905 @@ -1141,6 +1147,9 @@ struct nfs_server *nfs_clone_server(struct nfs_server *source,
8906 if (error < 0)
8907 goto out_free_server;
8909 + if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN)
8910 + server->namelen = NFS4_MAXNAMLEN;
8911 +
8912 dprintk("Cloned FSID: %llx:%llx\n",
8913 (unsigned long long) server->fsid.major,
8914 (unsigned long long) server->fsid.minor);
8915 diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
8916 index c27258b..db1d6b9 100644
8917 --- a/fs/nfs/dir.c
8918 +++ b/fs/nfs/dir.c
8919 @@ -897,14 +897,13 @@ int nfs_is_exclusive_create(struct inode *dir, struct nameidata *nd)
8920 return (nd->intent.open.flags & O_EXCL) != 0;
8921 }
8923 -static inline int nfs_reval_fsid(struct vfsmount *mnt, struct inode *dir,
8924 - struct nfs_fh *fh, struct nfs_fattr *fattr)
8925 +static inline int nfs_reval_fsid(struct inode *dir, const struct nfs_fattr *fattr)
8926 {
8927 struct nfs_server *server = NFS_SERVER(dir);
8929 if (!nfs_fsid_equal(&server->fsid, &fattr->fsid))
8930 - /* Revalidate fsid on root dir */
8931 - return __nfs_revalidate_inode(server, mnt->mnt_root->d_inode);
8932 + /* Revalidate fsid using the parent directory */
8933 + return __nfs_revalidate_inode(server, dir);
8934 return 0;
8935 }
8937 @@ -946,7 +945,7 @@ static struct dentry *nfs_lookup(struct inode *dir, struct dentry * dentry, stru
8938 res = ERR_PTR(error);
8939 goto out_unlock;
8940 }
8941 - error = nfs_reval_fsid(nd->mnt, dir, &fhandle, &fattr);
8942 + error = nfs_reval_fsid(dir, &fattr);
8943 if (error < 0) {
8944 res = ERR_PTR(error);
8945 goto out_unlock;
8946 @@ -1163,6 +1162,8 @@ static struct dentry *nfs_readdir_lookup(nfs_readdir_descriptor_t *desc)
8947 }
8948 if (!desc->plus || !(entry->fattr->valid & NFS_ATTR_FATTR))
8949 return NULL;
8950 + if (name.len > NFS_SERVER(dir)->namelen)
8951 + return NULL;
8952 /* Note: caller is already holding the dir->i_mutex! */
8953 dentry = d_alloc(parent, &name);
8954 if (dentry == NULL)
8955 diff --git a/fs/nfs/getroot.c b/fs/nfs/getroot.c
8956 index d1cbf0a..522e5ad 100644
8957 --- a/fs/nfs/getroot.c
8958 +++ b/fs/nfs/getroot.c
8959 @@ -175,6 +175,9 @@ next_component:
8960 path++;
8961 name.len = path - (const char *) name.name;
8963 + if (name.len > NFS4_MAXNAMLEN)
8964 + return -ENAMETOOLONG;
8965 +
8966 eat_dot_dir:
8967 while (*path == '/')
8968 path++;
8969 diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
8970 index bd9f5a8..2219b6c 100644
8971 --- a/fs/nfs/inode.c
8972 +++ b/fs/nfs/inode.c
8973 @@ -961,8 +961,8 @@ static int nfs_update_inode(struct inode *inode, struct nfs_fattr *fattr)
8974 goto out_changed;
8976 server = NFS_SERVER(inode);
8977 - /* Update the fsid if and only if this is the root directory */
8978 - if (inode == inode->i_sb->s_root->d_inode
8979 + /* Update the fsid? */
8980 + if (S_ISDIR(inode->i_mode)
8981 && !nfs_fsid_equal(&server->fsid, &fattr->fsid))
8982 server->fsid = fattr->fsid;
8984 diff --git a/fs/nfs/super.c b/fs/nfs/super.c
8985 index ca20d3c..6a5bd0d 100644
8986 --- a/fs/nfs/super.c
8987 +++ b/fs/nfs/super.c
8988 @@ -181,8 +181,8 @@ void __exit unregister_nfs_fs(void)
8989 remove_shrinker(acl_shrinker);
8990 #ifdef CONFIG_NFS_V4
8991 unregister_filesystem(&nfs4_fs_type);
8992 - nfs_unregister_sysctl();
8993 #endif
8994 + nfs_unregister_sysctl();
8995 unregister_filesystem(&nfs_fs_type);
8996 }
8998 diff --git a/fs/nfs/write.c b/fs/nfs/write.c
8999 index af344a1..380a7ae 100644
9000 --- a/fs/nfs/write.c
9001 +++ b/fs/nfs/write.c
9002 @@ -710,6 +710,17 @@ int nfs_flush_incompatible(struct file *file, struct page *page)
9003 }
9005 /*
9006 + * If the page cache is marked as unsafe or invalid, then we can't rely on
9007 + * the PageUptodate() flag. In this case, we will need to turn off
9008 + * write optimisations that depend on the page contents being correct.
9009 + */
9010 +static int nfs_write_pageuptodate(struct page *page, struct inode *inode)
9011 +{
9012 + return PageUptodate(page) &&
9013 + !(NFS_I(inode)->cache_validity & (NFS_INO_REVAL_PAGECACHE|NFS_INO_INVALID_DATA));
9014 +}
9015 +
9016 +/*
9017 * Update and possibly write a cached page of an NFS file.
9018 *
9019 * XXX: Keep an eye on generic_file_read to make sure it doesn't do bad
9020 @@ -730,10 +741,13 @@ int nfs_updatepage(struct file *file, struct page *page,
9021 (long long)(page_offset(page) +offset));
9023 /* If we're not using byte range locks, and we know the page
9024 - * is entirely in cache, it may be more efficient to avoid
9025 - * fragmenting write requests.
9026 + * is up to date, it may be more efficient to extend the write
9027 + * to cover the entire page in order to avoid fragmentation
9028 + * inefficiencies.
9029 */
9030 - if (PageUptodate(page) && inode->i_flock == NULL && !(file->f_mode & O_SYNC)) {
9031 + if (nfs_write_pageuptodate(page, inode) &&
9032 + inode->i_flock == NULL &&
9033 + !(file->f_mode & O_SYNC)) {
9034 count = max(count + offset, nfs_page_length(page));
9035 offset = 0;
9036 }
9037 diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c
9038 index b617428..0e5fa11 100644
9039 --- a/fs/nfsd/nfs2acl.c
9040 +++ b/fs/nfsd/nfs2acl.c
9041 @@ -41,7 +41,7 @@ static __be32 nfsacld_proc_getacl(struct svc_rqst * rqstp,
9043 fh = fh_copy(&resp->fh, &argp->fh);
9044 if ((nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP)))
9045 - RETURN_STATUS(nfserr_inval);
9046 + RETURN_STATUS(nfserr);
9048 if (argp->mask & ~(NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT))
9049 RETURN_STATUS(nfserr_inval);
9050 diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c
9051 index 3e3f2de..b647f2f 100644
9052 --- a/fs/nfsd/nfs3acl.c
9053 +++ b/fs/nfsd/nfs3acl.c
9054 @@ -37,7 +37,7 @@ static __be32 nfsd3_proc_getacl(struct svc_rqst * rqstp,
9056 fh = fh_copy(&resp->fh, &argp->fh);
9057 if ((nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP)))
9058 - RETURN_STATUS(nfserr_inval);
9059 + RETURN_STATUS(nfserr);
9061 if (argp->mask & ~(NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT))
9062 RETURN_STATUS(nfserr_inval);
9063 diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
9064 index 15809df..0898aec 100644
9065 --- a/fs/nfsd/nfs4xdr.c
9066 +++ b/fs/nfsd/nfs4xdr.c
9067 @@ -1453,7 +1453,8 @@ nfsd4_encode_fattr(struct svc_fh *fhp, struct svc_export *exp,
9068 err = vfs_getattr(exp->ex_mnt, dentry, &stat);
9069 if (err)
9070 goto out_nfserr;
9071 - if ((bmval0 & (FATTR4_WORD0_FILES_FREE | FATTR4_WORD0_FILES_TOTAL)) ||
9072 + if ((bmval0 & (FATTR4_WORD0_FILES_FREE | FATTR4_WORD0_FILES_TOTAL |
9073 + FATTR4_WORD0_MAXNAME)) ||
9074 (bmval1 & (FATTR4_WORD1_SPACE_AVAIL | FATTR4_WORD1_SPACE_FREE |
9075 FATTR4_WORD1_SPACE_TOTAL))) {
9076 err = vfs_statfs(dentry, &statfs);
9077 @@ -1699,7 +1700,7 @@ out_acl:
9078 if (bmval0 & FATTR4_WORD0_MAXNAME) {
9079 if ((buflen -= 4) < 0)
9080 goto out_resource;
9081 - WRITE32(~(u32) 0);
9082 + WRITE32(statfs.f_namelen);
9083 }
9084 if (bmval0 & FATTR4_WORD0_MAXREAD) {
9085 if ((buflen -= 8) < 0)
9086 diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
9087 index 6ca2d24..f83d235 100644
9088 --- a/fs/nfsd/nfsfh.c
9089 +++ b/fs/nfsd/nfsfh.c
9090 @@ -565,13 +565,23 @@ enum fsid_source fsid_source(struct svc_fh *fhp)
9091 case FSID_DEV:
9092 case FSID_ENCODE_DEV:
9093 case FSID_MAJOR_MINOR:
9094 - return FSIDSOURCE_DEV;
9095 + if (fhp->fh_export->ex_dentry->d_inode->i_sb->s_type->fs_flags
9096 + & FS_REQUIRES_DEV)
9097 + return FSIDSOURCE_DEV;
9098 + break;
9099 case FSID_NUM:
9100 - return FSIDSOURCE_FSID;
9101 - default:
9102 if (fhp->fh_export->ex_flags & NFSEXP_FSID)
9103 return FSIDSOURCE_FSID;
9104 - else
9105 - return FSIDSOURCE_UUID;
9106 + break;
9107 + default:
9108 + break;
9109 }
9110 + /* either a UUID type filehandle, or the filehandle doesn't
9111 + * match the export.
9112 + */
9113 + if (fhp->fh_export->ex_flags & NFSEXP_FSID)
9114 + return FSIDSOURCE_FSID;
9115 + if (fhp->fh_export->ex_uuid)
9116 + return FSIDSOURCE_UUID;
9117 + return FSIDSOURCE_DEV;
9118 }
9119 diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
9120 index 7e6aa24..9a68061 100644
9121 --- a/fs/nfsd/vfs.c
9122 +++ b/fs/nfsd/vfs.c
9123 @@ -1890,7 +1890,7 @@ nfsd_racache_init(int cache_size)
9124 raparm_hash[i].pb_head = NULL;
9125 spin_lock_init(&raparm_hash[i].pb_lock);
9126 }
9127 - nperbucket = cache_size >> RAPARM_HASH_BITS;
9128 + nperbucket = DIV_ROUND_UP(cache_size, RAPARM_HASH_SIZE);
9129 for (i = 0; i < cache_size - 1; i++) {
9130 if (i % nperbucket == 0)
9131 raparm_hash[j++].pb_head = raparml + i;
9132 diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c
9133 index a480b09..3175288 100644
9134 --- a/fs/ocfs2/aops.c
9135 +++ b/fs/ocfs2/aops.c
9136 @@ -661,6 +661,27 @@ static void ocfs2_clear_page_regions(struct page *page,
9137 }
9139 /*
9140 + * Nonsparse file systems fully allocate before we get to the write
9141 + * code. This prevents ocfs2_write() from tagging the write as an
9142 + * allocating one, which means ocfs2_map_page_blocks() might try to
9143 + * read-in the blocks at the tail of our file. Avoid reading them by
9144 + * testing i_size against each block offset.
9145 + */
9146 +static int ocfs2_should_read_blk(struct inode *inode, struct page *page,
9147 + unsigned int block_start)
9148 +{
9149 + u64 offset = page_offset(page) + block_start;
9150 +
9151 + if (ocfs2_sparse_alloc(OCFS2_SB(inode->i_sb)))
9152 + return 1;
9153 +
9154 + if (i_size_read(inode) > offset)
9155 + return 1;
9156 +
9157 + return 0;
9158 +}
9159 +
9160 +/*
9161 * Some of this taken from block_prepare_write(). We already have our
9162 * mapping by now though, and the entire write will be allocating or
9163 * it won't, so not much need to use BH_New.
9164 @@ -711,7 +732,8 @@ int ocfs2_map_page_blocks(struct page *page, u64 *p_blkno,
9165 if (!buffer_uptodate(bh))
9166 set_buffer_uptodate(bh);
9167 } else if (!buffer_uptodate(bh) && !buffer_delay(bh) &&
9168 - (block_start < from || block_end > to)) {
9169 + ocfs2_should_read_blk(inode, page, block_start) &&
9170 + (block_start < from || block_end > to)) {
9171 ll_rw_block(READ, 1, &bh);
9172 *wait_bh++=bh;
9173 }
9174 diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
9175 index ac6c964..e0cd750 100644
9176 --- a/fs/ocfs2/file.c
9177 +++ b/fs/ocfs2/file.c
9178 @@ -1353,7 +1353,7 @@ static struct page * ocfs2_get_write_source(struct ocfs2_buffered_write_priv *bp
9179 else
9180 src_page = ERR_PTR(-EFAULT);
9181 } else {
9182 - bp->b_src_buf = buf;
9183 + bp->b_src_buf = (char *)((unsigned long)buf & PAGE_CACHE_MASK);
9184 }
9186 return src_page;
9187 diff --git a/fs/signalfd.c b/fs/signalfd.c
9188 index 3b07f26..afbe171 100644
9189 --- a/fs/signalfd.c
9190 +++ b/fs/signalfd.c
9191 @@ -56,12 +56,18 @@ static int signalfd_lock(struct signalfd_ctx *ctx, struct signalfd_lockctx *lk)
9192 sighand = lock_task_sighand(lk->tsk, &lk->flags);
9193 rcu_read_unlock();
9195 - if (sighand && !ctx->tsk) {
9196 + if (!sighand)
9197 + return 0;
9198 +
9199 + if (!ctx->tsk) {
9200 unlock_task_sighand(lk->tsk, &lk->flags);
9201 - sighand = NULL;
9202 + return 0;
9203 }
9205 - return sighand != NULL;
9206 + if (lk->tsk->tgid == current->tgid)
9207 + lk->tsk = current;
9208 +
9209 + return 1;
9210 }
9212 static void signalfd_unlock(struct signalfd_lockctx *lk)
9213 @@ -331,7 +337,7 @@ asmlinkage long sys_signalfd(int ufd, sigset_t __user *user_mask, size_t sizemas
9215 init_waitqueue_head(&ctx->wqh);
9216 ctx->sigmask = sigmask;
9217 - ctx->tsk = current;
9218 + ctx->tsk = current->group_leader;
9220 sighand = current->sighand;
9221 /*
9222 diff --git a/fs/splice.c b/fs/splice.c
9223 index e7d7080..dbbe267 100644
9224 --- a/fs/splice.c
9225 +++ b/fs/splice.c
9226 @@ -601,7 +601,7 @@ find_page:
9227 ret = add_to_page_cache_lru(page, mapping, index,
9228 GFP_KERNEL);
9229 if (unlikely(ret))
9230 - goto out;
9231 + goto out_release;
9232 }
9234 ret = mapping->a_ops->prepare_write(file, page, offset, offset+this_len);
9235 @@ -657,8 +657,9 @@ find_page:
9236 */
9237 mark_page_accessed(page);
9238 out:
9239 - page_cache_release(page);
9240 unlock_page(page);
9241 +out_release:
9242 + page_cache_release(page);
9243 out_ret:
9244 return ret;
9245 }
9246 @@ -1010,7 +1011,7 @@ long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
9247 max_read_len = min(len, (size_t)(PIPE_BUFFERS*PAGE_SIZE));
9249 ret = do_splice_to(in, ppos, pipe, max_read_len, flags);
9250 - if (unlikely(ret < 0))
9251 + if (unlikely(ret <= 0))
9252 goto out_release;
9254 read_len = ret;
9255 @@ -1022,7 +1023,7 @@ long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
9256 */
9257 ret = do_splice_from(pipe, out, &out_off, read_len,
9258 flags & ~SPLICE_F_NONBLOCK);
9259 - if (unlikely(ret < 0))
9260 + if (unlikely(ret <= 0))
9261 goto out_release;
9263 bytes += ret;
9264 @@ -1181,6 +1182,9 @@ static int get_iovec_page_array(const struct iovec __user *iov,
9265 if (unlikely(!base))
9266 break;
9268 + if (!access_ok(VERIFY_READ, base, len))
9269 + break;
9270 +
9271 /*
9272 * Get this base offset and number of pages, then map
9273 * in the user pages.
9274 diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
9275 index b502c71..1f64ce5 100644
9276 --- a/fs/sysfs/file.c
9277 +++ b/fs/sysfs/file.c
9278 @@ -283,6 +283,7 @@ static int sysfs_open_file(struct inode *inode, struct file *file)
9279 mutex_lock(&inode->i_mutex);
9280 if (!(set = inode->i_private)) {
9281 if (!(set = inode->i_private = kmalloc(sizeof(struct sysfs_buffer_collection), GFP_KERNEL))) {
9282 + mutex_unlock(&inode->i_mutex);
9283 error = -ENOMEM;
9284 goto Done;
9285 } else {
9286 diff --git a/fs/timerfd.c b/fs/timerfd.c
9287 index af9eca5..61983f3 100644
9288 --- a/fs/timerfd.c
9289 +++ b/fs/timerfd.c
9290 @@ -95,7 +95,7 @@ static ssize_t timerfd_read(struct file *file, char __user *buf, size_t count,
9291 {
9292 struct timerfd_ctx *ctx = file->private_data;
9293 ssize_t res;
9294 - u32 ticks = 0;
9295 + u64 ticks = 0;
9296 DECLARE_WAITQUEUE(wait, current);
9298 if (count < sizeof(ticks))
9299 @@ -130,7 +130,7 @@ static ssize_t timerfd_read(struct file *file, char __user *buf, size_t count,
9300 * callback to avoid DoS attacks specifying a very
9301 * short timer period.
9302 */
9303 - ticks = (u32)
9304 + ticks = (u64)
9305 hrtimer_forward(&ctx->tmr,
9306 hrtimer_cb_get_time(&ctx->tmr),
9307 ctx->tintv);
9308 @@ -140,7 +140,7 @@ static ssize_t timerfd_read(struct file *file, char __user *buf, size_t count,
9309 }
9310 spin_unlock_irq(&ctx->wqh.lock);
9311 if (ticks)
9312 - res = put_user(ticks, buf) ? -EFAULT: sizeof(ticks);
9313 + res = put_user(ticks, (u64 __user *) buf) ? -EFAULT: sizeof(ticks);
9314 return res;
9315 }
9317 diff --git a/include/acpi/processor.h b/include/acpi/processor.h
9318 index b4b0ffd..0276fc6 100644
9319 --- a/include/acpi/processor.h
9320 +++ b/include/acpi/processor.h
9321 @@ -279,6 +279,8 @@ int acpi_processor_power_init(struct acpi_processor *pr,
9322 int acpi_processor_cst_has_changed(struct acpi_processor *pr);
9323 int acpi_processor_power_exit(struct acpi_processor *pr,
9324 struct acpi_device *device);
9325 +int acpi_processor_suspend(struct acpi_device * device, pm_message_t state);
9326 +int acpi_processor_resume(struct acpi_device * device);
9328 /* in processor_thermal.c */
9329 int acpi_processor_get_limit_info(struct acpi_processor *pr);
9330 diff --git a/include/asm-avr32/atomic.h b/include/asm-avr32/atomic.h
9331 index b9c2548..7ef3862 100644
9332 --- a/include/asm-avr32/atomic.h
9333 +++ b/include/asm-avr32/atomic.h
9334 @@ -101,7 +101,7 @@ static inline int atomic_sub_unless(atomic_t *v, int a, int u)
9335 " mov %1, 1\n"
9336 "1:"
9337 : "=&r"(tmp), "=&r"(result), "=o"(v->counter)
9338 - : "m"(v->counter), "rKs21"(a), "rKs21"(u)
9339 + : "m"(v->counter), "rKs21"(a), "rKs21"(u), "1"(result)
9340 : "cc", "memory");
9342 return result;
9343 @@ -137,7 +137,7 @@ static inline int atomic_add_unless(atomic_t *v, int a, int u)
9344 " mov %1, 1\n"
9345 "1:"
9346 : "=&r"(tmp), "=&r"(result), "=o"(v->counter)
9347 - : "m"(v->counter), "r"(a), "ir"(u)
9348 + : "m"(v->counter), "r"(a), "ir"(u), "1"(result)
9349 : "cc", "memory");
9350 }
9352 diff --git a/include/asm-i386/apic.h b/include/asm-i386/apic.h
9353 index 1e8f6f2..4091b33 100644
9354 --- a/include/asm-i386/apic.h
9355 +++ b/include/asm-i386/apic.h
9356 @@ -116,6 +116,8 @@ extern void enable_NMI_through_LVT0 (void * dummy);
9357 extern int timer_over_8254;
9358 extern int local_apic_timer_c2_ok;
9360 +extern int local_apic_timer_disabled;
9361 +
9362 #else /* !CONFIG_X86_LOCAL_APIC */
9363 static inline void lapic_shutdown(void) { }
9365 diff --git a/include/asm-i386/cpufeature.h b/include/asm-i386/cpufeature.h
9366 index f514e90..ddc2d7c 100644
9367 --- a/include/asm-i386/cpufeature.h
9368 +++ b/include/asm-i386/cpufeature.h
9369 @@ -79,7 +79,7 @@
9370 #define X86_FEATURE_ARCH_PERFMON (3*32+11) /* Intel Architectural PerfMon */
9371 #define X86_FEATURE_PEBS (3*32+12) /* Precise-Event Based Sampling */
9372 #define X86_FEATURE_BTS (3*32+13) /* Branch Trace Store */
9373 -#define X86_FEATURE_LAPIC_TIMER_BROKEN (3*32+ 14) /* lapic timer broken in C1 */
9374 +/* 14 free */
9375 #define X86_FEATURE_SYNC_RDTSC (3*32+15) /* RDTSC synchronizes the CPU */
9377 /* Intel-defined CPU features, CPUID level 0x00000001 (ecx), word 4 */
9378 diff --git a/include/asm-i386/serial.h b/include/asm-i386/serial.h
9379 index 57a4306..bd67480 100644
9380 --- a/include/asm-i386/serial.h
9381 +++ b/include/asm-i386/serial.h
9382 @@ -11,3 +11,19 @@
9383 * megabits/second; but this requires the faster clock.
9384 */
9385 #define BASE_BAUD ( 1843200 / 16 )
9386 +
9387 +/* Standard COM flags (except for COM4, because of the 8514 problem) */
9388 +#ifdef CONFIG_SERIAL_DETECT_IRQ
9389 +#define STD_COM_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_SKIP_TEST | ASYNC_AUTO_IRQ)
9390 +#define STD_COM4_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_AUTO_IRQ)
9391 +#else
9392 +#define STD_COM_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_SKIP_TEST)
9393 +#define STD_COM4_FLAGS ASYNC_BOOT_AUTOCONF
9394 +#endif
9395 +
9396 +#define SERIAL_PORT_DFNS \
9397 + /* UART CLK PORT IRQ FLAGS */ \
9398 + { 0, BASE_BAUD, 0x3F8, 4, STD_COM_FLAGS }, /* ttyS0 */ \
9399 + { 0, BASE_BAUD, 0x2F8, 3, STD_COM_FLAGS }, /* ttyS1 */ \
9400 + { 0, BASE_BAUD, 0x3E8, 4, STD_COM_FLAGS }, /* ttyS2 */ \
9401 + { 0, BASE_BAUD, 0x2E8, 3, STD_COM4_FLAGS }, /* ttyS3 */
9402 diff --git a/include/asm-sparc/sfp-machine.h b/include/asm-sparc/sfp-machine.h
9403 index ecfc86a..266a42b 100644
9404 --- a/include/asm-sparc/sfp-machine.h
9405 +++ b/include/asm-sparc/sfp-machine.h
9406 @@ -203,4 +203,10 @@ extern struct task_struct *last_task_used_math;
9407 #define FP_INHIBIT_RESULTS ((last_task_used_math->thread.fsr >> 23) & _fex)
9408 #endif
9410 +#ifdef CONFIG_SMP
9411 +#define FP_TRAPPING_EXCEPTIONS ((current->thread.fsr >> 23) & 0x1f)
9412 +#else
9413 +#define FP_TRAPPING_EXCEPTIONS ((last_task_used_math->thread.fsr >> 23) & 0x1f)
9414 +#endif
9415 +
9416 #endif
9417 diff --git a/include/asm-sparc64/hypervisor.h b/include/asm-sparc64/hypervisor.h
9418 index db2130a..a63a1f6 100644
9419 --- a/include/asm-sparc64/hypervisor.h
9420 +++ b/include/asm-sparc64/hypervisor.h
9421 @@ -709,6 +709,10 @@ extern unsigned long sun4v_mmu_tsb_ctx0(unsigned long num_descriptions,
9422 */
9423 #define HV_FAST_MMU_DEMAP_ALL 0x24
9425 +#ifndef __ASSEMBLY__
9426 +extern void sun4v_mmu_demap_all(void);
9427 +#endif
9428 +
9429 /* mmu_map_perm_addr()
9430 * TRAP: HV_FAST_TRAP
9431 * FUNCTION: HV_FAST_MMU_MAP_PERM_ADDR
9432 diff --git a/include/asm-sparc64/sfp-machine.h b/include/asm-sparc64/sfp-machine.h
9433 index 89d4243..c9331b0 100644
9434 --- a/include/asm-sparc64/sfp-machine.h
9435 +++ b/include/asm-sparc64/sfp-machine.h
9436 @@ -88,4 +88,6 @@
9438 #define FP_INHIBIT_RESULTS ((current_thread_info()->xfsr[0] >> 23) & _fex)
9440 +#define FP_TRAPPING_EXCEPTIONS ((current_thread_info()->xfsr[0] >> 23) & 0x1f)
9441 +
9442 #endif
9443 diff --git a/include/asm-x86_64/serial.h b/include/asm-x86_64/serial.h
9444 index 8ebd765..b0496e0 100644
9445 --- a/include/asm-x86_64/serial.h
9446 +++ b/include/asm-x86_64/serial.h
9447 @@ -11,3 +11,19 @@
9448 * megabits/second; but this requires the faster clock.
9449 */
9450 #define BASE_BAUD ( 1843200 / 16 )
9451 +
9452 +/* Standard COM flags (except for COM4, because of the 8514 problem) */
9453 +#ifdef CONFIG_SERIAL_DETECT_IRQ
9454 +#define STD_COM_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_SKIP_TEST | ASYNC_AUTO_IRQ)
9455 +#define STD_COM4_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_AUTO_IRQ)
9456 +#else
9457 +#define STD_COM_FLAGS (ASYNC_BOOT_AUTOCONF | ASYNC_SKIP_TEST)
9458 +#define STD_COM4_FLAGS ASYNC_BOOT_AUTOCONF
9459 +#endif
9460 +
9461 +#define SERIAL_PORT_DFNS \
9462 + /* UART CLK PORT IRQ FLAGS */ \
9463 + { 0, BASE_BAUD, 0x3F8, 4, STD_COM_FLAGS }, /* ttyS0 */ \
9464 + { 0, BASE_BAUD, 0x2F8, 3, STD_COM_FLAGS }, /* ttyS1 */ \
9465 + { 0, BASE_BAUD, 0x3E8, 4, STD_COM_FLAGS }, /* ttyS2 */ \
9466 + { 0, BASE_BAUD, 0x2E8, 3, STD_COM4_FLAGS }, /* ttyS3 */
9467 diff --git a/include/linux/Kbuild b/include/linux/Kbuild
9468 index f317c27..d86711d 100644
9469 --- a/include/linux/Kbuild
9470 +++ b/include/linux/Kbuild
9471 @@ -7,6 +7,7 @@ header-y += raid/
9472 header-y += spi/
9473 header-y += sunrpc/
9474 header-y += tc_act/
9475 +header-y += tc_ematch/
9476 header-y += netfilter/
9477 header-y += netfilter_arp/
9478 header-y += netfilter_bridge/
9479 @@ -137,6 +138,7 @@ header-y += radeonfb.h
9480 header-y += raw.h
9481 header-y += resource.h
9482 header-y += rose.h
9483 +header-y += serial_reg.h
9484 header-y += smbno.h
9485 header-y += snmp.h
9486 header-y += sockios.h
9487 diff --git a/include/linux/bootmem.h b/include/linux/bootmem.h
9488 index c83534e..0365ec9 100644
9489 --- a/include/linux/bootmem.h
9490 +++ b/include/linux/bootmem.h
9491 @@ -59,7 +59,6 @@ extern void *__alloc_bootmem_core(struct bootmem_data *bdata,
9492 unsigned long align,
9493 unsigned long goal,
9494 unsigned long limit);
9495 -extern void *alloc_bootmem_high_node(pg_data_t *pgdat, unsigned long size);
9497 #ifndef CONFIG_HAVE_ARCH_BOOTMEM_NODE
9498 extern void reserve_bootmem(unsigned long addr, unsigned long size);
9499 diff --git a/include/linux/ioprio.h b/include/linux/ioprio.h
9500 index 8e2042b..2eaa142 100644
9501 --- a/include/linux/ioprio.h
9502 +++ b/include/linux/ioprio.h
9503 @@ -47,8 +47,10 @@ enum {
9504 #define IOPRIO_NORM (4)
9505 static inline int task_ioprio(struct task_struct *task)
9506 {
9507 - WARN_ON(!ioprio_valid(task->ioprio));
9508 - return IOPRIO_PRIO_DATA(task->ioprio);
9509 + if (ioprio_valid(task->ioprio))
9510 + return IOPRIO_PRIO_DATA(task->ioprio);
9511 +
9512 + return IOPRIO_NORM;
9513 }
9515 static inline int task_nice_ioprio(struct task_struct *task)
9516 diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
9517 index 3a70f55..ab210be 100644
9518 --- a/include/linux/netdevice.h
9519 +++ b/include/linux/netdevice.h
9520 @@ -1032,6 +1032,8 @@ extern void dev_seq_stop(struct seq_file *seq, void *v);
9522 extern void linkwatch_run_queue(void);
9524 +extern int netdev_compute_features(unsigned long all, unsigned long one);
9525 +
9526 static inline int net_gso_ok(int features, int gso_type)
9527 {
9528 int feature = gso_type << NETIF_F_GSO_SHIFT;
9529 diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
9530 index 43397a4..ab57cb7 100644
9531 --- a/include/linux/netfilter/Kbuild
9532 +++ b/include/linux/netfilter/Kbuild
9533 @@ -28,6 +28,7 @@ header-y += xt_policy.h
9534 header-y += xt_realm.h
9535 header-y += xt_sctp.h
9536 header-y += xt_state.h
9537 +header-y += xt_statistic.h
9538 header-y += xt_string.h
9539 header-y += xt_tcpmss.h
9540 header-y += xt_tcpudp.h
9541 diff --git a/include/linux/netfilter_ipv4/ipt_iprange.h b/include/linux/netfilter_ipv4/ipt_iprange.h
9542 index 34ab0fb..a92fefc 100644
9543 --- a/include/linux/netfilter_ipv4/ipt_iprange.h
9544 +++ b/include/linux/netfilter_ipv4/ipt_iprange.h
9545 @@ -1,6 +1,8 @@
9546 #ifndef _IPT_IPRANGE_H
9547 #define _IPT_IPRANGE_H
9549 +#include <linux/types.h>
9550 +
9551 #define IPRANGE_SRC 0x01 /* Match source IP address */
9552 #define IPRANGE_DST 0x02 /* Match destination IP address */
9553 #define IPRANGE_SRC_INV 0x10 /* Negate the condition */
9554 diff --git a/include/linux/netlink.h b/include/linux/netlink.h
9555 index 2e23353..b2834d8 100644
9556 --- a/include/linux/netlink.h
9557 +++ b/include/linux/netlink.h
9558 @@ -173,7 +173,7 @@ extern int netlink_unregister_notifier(struct notifier_block *nb);
9559 /* finegrained unicast helpers: */
9560 struct sock *netlink_getsockbyfilp(struct file *filp);
9561 int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
9562 - long timeo, struct sock *ssk);
9563 + long *timeo, struct sock *ssk);
9564 void netlink_detachskb(struct sock *sk, struct sk_buff *skb);
9565 int netlink_sendskb(struct sock *sk, struct sk_buff *skb, int protocol);
9567 diff --git a/include/linux/page-flags.h b/include/linux/page-flags.h
9568 index ae2d79f..5b72887 100644
9569 --- a/include/linux/page-flags.h
9570 +++ b/include/linux/page-flags.h
9571 @@ -240,7 +240,7 @@ static inline void SetPageUptodate(struct page *page)
9573 #define PG_head_tail_mask ((1L << PG_compound) | (1L << PG_reclaim))
9575 -#define PageTail(page) ((page->flags & PG_head_tail_mask) \
9576 +#define PageTail(page) (((page)->flags & PG_head_tail_mask) \
9577 == PG_head_tail_mask)
9579 static inline void __SetPageTail(struct page *page)
9580 @@ -253,7 +253,7 @@ static inline void __ClearPageTail(struct page *page)
9581 page->flags &= ~PG_head_tail_mask;
9582 }
9584 -#define PageHead(page) ((page->flags & PG_head_tail_mask) \
9585 +#define PageHead(page) (((page)->flags & PG_head_tail_mask) \
9586 == (1L << PG_compound))
9587 #define __SetPageHead(page) __SetPageCompound(page)
9588 #define __ClearPageHead(page) __ClearPageCompound(page)
9589 diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
9590 index 5b1c999..c6c9d48 100644
9591 --- a/include/linux/pci_ids.h
9592 +++ b/include/linux/pci_ids.h
9593 @@ -357,6 +357,9 @@
9594 #define PCI_DEVICE_ID_ATI_RS400_166 0x5a32
9595 #define PCI_DEVICE_ID_ATI_RS400_200 0x5a33
9596 #define PCI_DEVICE_ID_ATI_RS480 0x5950
9597 +#define PCI_DEVICE_ID_ATI_RD580 0x5952
9598 +#define PCI_DEVICE_ID_ATI_RX790 0x5957
9599 +#define PCI_DEVICE_ID_ATI_RS690 0x7910
9600 /* ATI IXP Chipset */
9601 #define PCI_DEVICE_ID_ATI_IXP200_IDE 0x4349
9602 #define PCI_DEVICE_ID_ATI_IXP200_SMBUS 0x4353
9603 @@ -1236,6 +1239,10 @@
9604 #define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP67_IDE 0x0560
9605 #define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP73_IDE 0x056C
9606 #define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP77_IDE 0x0759
9607 +#define PCI_DEVICE_ID_NVIDIA_NVENET_36 0x0AB0
9608 +#define PCI_DEVICE_ID_NVIDIA_NVENET_37 0x0AB1
9609 +#define PCI_DEVICE_ID_NVIDIA_NVENET_38 0x0AB2
9610 +#define PCI_DEVICE_ID_NVIDIA_NVENET_39 0x0AB3
9612 #define PCI_VENDOR_ID_IMS 0x10e0
9613 #define PCI_DEVICE_ID_IMS_TT128 0x9128
9614 @@ -2278,6 +2285,8 @@
9615 #define PCI_DEVICE_ID_INTEL_ICH9_4 0x2914
9616 #define PCI_DEVICE_ID_INTEL_ICH9_5 0x2919
9617 #define PCI_DEVICE_ID_INTEL_ICH9_6 0x2930
9618 +#define PCI_DEVICE_ID_INTEL_ICH9_7 0x2916
9619 +#define PCI_DEVICE_ID_INTEL_ICH9_8 0x2918
9620 #define PCI_DEVICE_ID_INTEL_82855PM_HB 0x3340
9621 #define PCI_DEVICE_ID_INTEL_82830_HB 0x3575
9622 #define PCI_DEVICE_ID_INTEL_82830_CGC 0x3577
9623 diff --git a/include/linux/quicklist.h b/include/linux/quicklist.h
9624 index 9371c61..39b6671 100644
9625 --- a/include/linux/quicklist.h
9626 +++ b/include/linux/quicklist.h
9627 @@ -56,14 +56,6 @@ static inline void __quicklist_free(int nr, void (*dtor)(void *), void *p,
9628 struct page *page)
9629 {
9630 struct quicklist *q;
9631 - int nid = page_to_nid(page);
9632 -
9633 - if (unlikely(nid != numa_node_id())) {
9634 - if (dtor)
9635 - dtor(p);
9636 - __free_page(page);
9637 - return;
9638 - }
9640 q = &get_cpu_var(quicklist)[nr];
9641 *(void **)p = q->page;
9642 diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
9643 index 1c4eb41..9c4ad75 100644
9644 --- a/include/linux/thread_info.h
9645 +++ b/include/linux/thread_info.h
9646 @@ -7,12 +7,25 @@
9647 #ifndef _LINUX_THREAD_INFO_H
9648 #define _LINUX_THREAD_INFO_H
9650 +#include <linux/types.h>
9651 +
9652 /*
9653 - * System call restart block.
9654 + * System call restart block.
9655 */
9656 struct restart_block {
9657 long (*fn)(struct restart_block *);
9658 - unsigned long arg0, arg1, arg2, arg3;
9659 + union {
9660 + struct {
9661 + unsigned long arg0, arg1, arg2, arg3;
9662 + };
9663 + /* For futex_wait */
9664 + struct {
9665 + u32 *uaddr;
9666 + u32 val;
9667 + u32 flags;
9668 + u64 time;
9669 + } futex;
9670 + };
9671 };
9673 extern long do_no_restart_syscall(struct restart_block *parm);
9674 diff --git a/include/math-emu/op-common.h b/include/math-emu/op-common.h
9675 index 93780ab..bb46e76 100644
9676 --- a/include/math-emu/op-common.h
9677 +++ b/include/math-emu/op-common.h
9678 @@ -145,13 +145,16 @@ do { \
9679 { \
9680 X##_e = 1; \
9681 _FP_FRAC_SET_##wc(X, _FP_ZEROFRAC_##wc); \
9682 + FP_SET_EXCEPTION(FP_EX_INEXACT); \
9683 } \
9684 else \
9685 { \
9686 X##_e = 0; \
9687 _FP_FRAC_SRL_##wc(X, _FP_WORKBITS); \
9688 - FP_SET_EXCEPTION(FP_EX_UNDERFLOW); \
9689 } \
9690 + if ((FP_CUR_EXCEPTIONS & FP_EX_INEXACT) || \
9691 + (FP_TRAPPING_EXCEPTIONS & FP_EX_UNDERFLOW)) \
9692 + FP_SET_EXCEPTION(FP_EX_UNDERFLOW); \
9693 } \
9694 else \
9695 { \
9696 diff --git a/include/math-emu/soft-fp.h b/include/math-emu/soft-fp.h
9697 index d02eb64..a6f873b 100644
9698 --- a/include/math-emu/soft-fp.h
9699 +++ b/include/math-emu/soft-fp.h
9700 @@ -97,12 +97,19 @@
9701 #define FP_INHIBIT_RESULTS 0
9702 #endif
9704 +#ifndef FP_TRAPPING_EXCEPTIONS
9705 +#define FP_TRAPPING_EXCEPTIONS 0
9706 +#endif
9707 +
9708 #define FP_SET_EXCEPTION(ex) \
9709 _fex |= (ex)
9711 #define FP_UNSET_EXCEPTION(ex) \
9712 _fex &= ~(ex)
9714 +#define FP_CUR_EXCEPTIONS \
9715 + (_fex)
9716 +
9717 #define FP_CLEAR_EXCEPTIONS \
9718 _fex = 0
9720 diff --git a/include/net/bluetooth/rfcomm.h b/include/net/bluetooth/rfcomm.h
9721 index 3c563f0..25aa575 100644
9722 --- a/include/net/bluetooth/rfcomm.h
9723 +++ b/include/net/bluetooth/rfcomm.h
9724 @@ -323,6 +323,7 @@ int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc
9725 #define RFCOMM_RELEASE_ONHUP 1
9726 #define RFCOMM_HANGUP_NOW 2
9727 #define RFCOMM_TTY_ATTACHED 3
9728 +#define RFCOMM_TTY_RELEASED 4
9730 struct rfcomm_dev_req {
9731 s16 dev_id;
9732 diff --git a/include/net/rose.h b/include/net/rose.h
9733 index a4047d3..e5bb084 100644
9734 --- a/include/net/rose.h
9735 +++ b/include/net/rose.h
9736 @@ -188,7 +188,7 @@ extern void rose_kick(struct sock *);
9737 extern void rose_enquiry_response(struct sock *);
9739 /* rose_route.c */
9740 -extern struct rose_neigh rose_loopback_neigh;
9741 +extern struct rose_neigh *rose_loopback_neigh;
9742 extern const struct file_operations rose_neigh_fops;
9743 extern const struct file_operations rose_nodes_fops;
9744 extern const struct file_operations rose_routes_fops;
9745 diff --git a/include/net/tcp.h b/include/net/tcp.h
9746 index a8af9ae..c05e018 100644
9747 --- a/include/net/tcp.h
9748 +++ b/include/net/tcp.h
9749 @@ -281,7 +281,7 @@ extern int tcp_v4_remember_stamp(struct sock *sk);
9751 extern int tcp_v4_tw_remember_stamp(struct inet_timewait_sock *tw);
9753 -extern int tcp_sendmsg(struct kiocb *iocb, struct sock *sk,
9754 +extern int tcp_sendmsg(struct kiocb *iocb, struct socket *sock,
9755 struct msghdr *msg, size_t size);
9756 extern ssize_t tcp_sendpage(struct socket *sock, struct page *page, int offset, size_t size, int flags);
9758 @@ -1061,14 +1061,12 @@ struct tcp_md5sig_key {
9759 };
9761 struct tcp4_md5sig_key {
9762 - u8 *key;
9763 - u16 keylen;
9764 + struct tcp_md5sig_key base;
9765 __be32 addr;
9766 };
9768 struct tcp6_md5sig_key {
9769 - u8 *key;
9770 - u16 keylen;
9771 + struct tcp_md5sig_key base;
9772 #if 0
9773 u32 scope_id; /* XXX */
9774 #endif
9775 @@ -1260,6 +1258,9 @@ static inline void tcp_insert_write_queue_before(struct sk_buff *new,
9776 struct sock *sk)
9777 {
9778 __skb_insert(new, skb->prev, skb, &sk->sk_write_queue);
9779 +
9780 + if (sk->sk_send_head == skb)
9781 + sk->sk_send_head = new;
9782 }
9784 static inline void tcp_unlink_write_queue(struct sk_buff *skb, struct sock *sk)
9785 diff --git a/include/net/xfrm.h b/include/net/xfrm.h
9786 index 311f25a..4d56e16 100644
9787 --- a/include/net/xfrm.h
9788 +++ b/include/net/xfrm.h
9789 @@ -577,7 +577,6 @@ static inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ct
9790 struct xfrm_dst
9791 {
9792 union {
9793 - struct xfrm_dst *next;
9794 struct dst_entry dst;
9795 struct rtable rt;
9796 struct rt6_info rt6;
9797 diff --git a/init/Kconfig b/init/Kconfig
9798 index a9e99f8..5f8dba9 100644
9799 --- a/init/Kconfig
9800 +++ b/init/Kconfig
9801 @@ -505,6 +505,7 @@ config SIGNALFD
9802 config TIMERFD
9803 bool "Enable timerfd() system call" if EMBEDDED
9804 depends on ANON_INODES
9805 + depends on BROKEN
9806 default y
9807 help
9808 Enable the timerfd() system call that allows to receive timer
9809 diff --git a/ipc/mqueue.c b/ipc/mqueue.c
9810 index a242c83..1eef14b 100644
9811 --- a/ipc/mqueue.c
9812 +++ b/ipc/mqueue.c
9813 @@ -1014,6 +1014,8 @@ asmlinkage long sys_mq_notify(mqd_t mqdes,
9814 return -EINVAL;
9815 }
9816 if (notification.sigev_notify == SIGEV_THREAD) {
9817 + long timeo;
9818 +
9819 /* create the notify skb */
9820 nc = alloc_skb(NOTIFY_COOKIE_LEN, GFP_KERNEL);
9821 ret = -ENOMEM;
9822 @@ -1042,8 +1044,8 @@ retry:
9823 goto out;
9824 }
9826 - ret = netlink_attachskb(sock, nc, 0,
9827 - MAX_SCHEDULE_TIMEOUT, NULL);
9828 + timeo = MAX_SCHEDULE_TIMEOUT;
9829 + ret = netlink_attachskb(sock, nc, 0, &timeo, NULL);
9830 if (ret == 1)
9831 goto retry;
9832 if (ret) {
9833 diff --git a/ipc/shm.c b/ipc/shm.c
9834 index 0852f20..3bdcb9a 100644
9835 --- a/ipc/shm.c
9836 +++ b/ipc/shm.c
9837 @@ -716,7 +716,7 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
9838 struct user_struct * user = current->user;
9839 if (!is_file_hugepages(shp->shm_file)) {
9840 err = shmem_lock(shp->shm_file, 1, user);
9841 - if (!err) {
9842 + if (!err && !(shp->shm_perm.mode & SHM_LOCKED)){
9843 shp->shm_perm.mode |= SHM_LOCKED;
9844 shp->mlock_user = user;
9845 }
9846 diff --git a/kernel/auditsc.c b/kernel/auditsc.c
9847 index e36481e..ea37edd 100644
9848 --- a/kernel/auditsc.c
9849 +++ b/kernel/auditsc.c
9850 @@ -1998,19 +1998,19 @@ int __audit_signal_info(int sig, struct task_struct *t)
9851 extern uid_t audit_sig_uid;
9852 extern u32 audit_sig_sid;
9854 - if (audit_pid && t->tgid == audit_pid &&
9855 - (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1)) {
9856 - audit_sig_pid = tsk->pid;
9857 - if (ctx)
9858 - audit_sig_uid = ctx->loginuid;
9859 - else
9860 - audit_sig_uid = tsk->uid;
9861 - selinux_get_task_sid(tsk, &audit_sig_sid);
9862 + if (audit_pid && t->tgid == audit_pid) {
9863 + if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1) {
9864 + audit_sig_pid = tsk->pid;
9865 + if (ctx)
9866 + audit_sig_uid = ctx->loginuid;
9867 + else
9868 + audit_sig_uid = tsk->uid;
9869 + selinux_get_task_sid(tsk, &audit_sig_sid);
9870 + }
9871 + if (!audit_signals || audit_dummy_context())
9872 + return 0;
9873 }
9875 - if (!audit_signals) /* audit_context checked in wrapper */
9876 - return 0;
9877 -
9878 /* optimize the common case by putting first signal recipient directly
9879 * in audit_context */
9880 if (!ctx->target_pid) {
9881 diff --git a/kernel/exit.c b/kernel/exit.c
9882 index 5c8ecba..369dae2 100644
9883 --- a/kernel/exit.c
9884 +++ b/kernel/exit.c
9885 @@ -1336,11 +1336,10 @@ static int wait_task_stopped(struct task_struct *p, int delayed_group_leader,
9886 int why = (p->ptrace & PT_PTRACED) ? CLD_TRAPPED : CLD_STOPPED;
9888 exit_code = p->exit_code;
9889 - if (unlikely(!exit_code) ||
9890 - unlikely(p->state & TASK_TRACED))
9891 + if (unlikely(!exit_code) || unlikely(p->exit_state))
9892 goto bail_ref;
9893 return wait_noreap_copyout(p, pid, uid,
9894 - why, (exit_code << 8) | 0x7f,
9895 + why, exit_code,
9896 infop, ru);
9897 }
9899 diff --git a/kernel/futex.c b/kernel/futex.c
9900 index 45490be..592cf07 100644
9901 --- a/kernel/futex.c
9902 +++ b/kernel/futex.c
9903 @@ -1129,9 +1129,9 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
9905 /*
9906 * In case we must use restart_block to restart a futex_wait,
9907 - * we encode in the 'arg3' shared capability
9908 + * we encode in the 'flags' shared capability
9909 */
9910 -#define ARG3_SHARED 1
9911 +#define FLAGS_SHARED 1
9913 static long futex_wait_restart(struct restart_block *restart);
9914 static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
9915 @@ -1272,12 +1272,13 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
9916 struct restart_block *restart;
9917 restart = ¤t_thread_info()->restart_block;
9918 restart->fn = futex_wait_restart;
9919 - restart->arg0 = (unsigned long)uaddr;
9920 - restart->arg1 = (unsigned long)val;
9921 - restart->arg2 = (unsigned long)abs_time;
9922 - restart->arg3 = 0;
9923 + restart->futex.uaddr = (u32 *)uaddr;
9924 + restart->futex.val = val;
9925 + restart->futex.time = abs_time->tv64;
9926 + restart->futex.flags = 0;
9927 +
9928 if (fshared)
9929 - restart->arg3 |= ARG3_SHARED;
9930 + restart->futex.flags |= FLAGS_SHARED;
9931 return -ERESTART_RESTARTBLOCK;
9932 }
9934 @@ -1293,15 +1294,15 @@ static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
9936 static long futex_wait_restart(struct restart_block *restart)
9937 {
9938 - u32 __user *uaddr = (u32 __user *)restart->arg0;
9939 - u32 val = (u32)restart->arg1;
9940 - ktime_t *abs_time = (ktime_t *)restart->arg2;
9941 + u32 __user *uaddr = (u32 __user *)restart->futex.uaddr;
9942 struct rw_semaphore *fshared = NULL;
9943 + ktime_t t;
9945 + t.tv64 = restart->futex.time;
9946 restart->fn = do_no_restart_syscall;
9947 - if (restart->arg3 & ARG3_SHARED)
9948 + if (restart->futex.flags & FLAGS_SHARED)
9949 fshared = ¤t->mm->mmap_sem;
9950 - return (long)futex_wait(uaddr, fshared, val, abs_time);
9951 + return (long)futex_wait(uaddr, fshared, restart->futex.val, &t);
9952 }
9955 @@ -2061,8 +2062,10 @@ asmlinkage long sys_futex(u32 __user *uaddr, int op, u32 val,
9956 }
9957 /*
9958 * requeue parameter in 'utime' if cmd == FUTEX_REQUEUE.
9959 + * number of waiters to wake in 'utime' if cmd == FUTEX_WAKE_OP.
9960 */
9961 - if (cmd == FUTEX_REQUEUE || cmd == FUTEX_CMP_REQUEUE)
9962 + if (cmd == FUTEX_REQUEUE || cmd == FUTEX_CMP_REQUEUE ||
9963 + cmd == FUTEX_WAKE_OP)
9964 val2 = (u32) (unsigned long) utime;
9966 return do_futex(uaddr, op, val, tp, uaddr2, val2, val3);
9967 diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
9968 index f792136..589b1e4 100644
9969 --- a/kernel/futex_compat.c
9970 +++ b/kernel/futex_compat.c
9971 @@ -29,6 +29,15 @@ fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry,
9972 return 0;
9973 }
9975 +static void __user *futex_uaddr(struct robust_list *entry,
9976 + compat_long_t futex_offset)
9977 +{
9978 + compat_uptr_t base = ptr_to_compat(entry);
9979 + void __user *uaddr = compat_ptr(base + futex_offset);
9980 +
9981 + return uaddr;
9982 +}
9983 +
9984 /*
9985 * Walk curr->robust_list (very carefully, it's a userspace list!)
9986 * and mark any locks found there dead, and notify any waiters.
9987 @@ -61,18 +70,23 @@ void compat_exit_robust_list(struct task_struct *curr)
9988 if (fetch_robust_entry(&upending, &pending,
9989 &head->list_op_pending, &pip))
9990 return;
9991 - if (upending)
9992 - handle_futex_death((void __user *)pending + futex_offset, curr, pip);
9993 + if (pending) {
9994 + void __user *uaddr = futex_uaddr(pending,
9995 + futex_offset);
9996 + handle_futex_death(uaddr, curr, pip);
9997 + }
9999 - while (compat_ptr(uentry) != &head->list) {
10000 + while (entry != (struct robust_list __user *) &head->list) {
10001 /*
10002 * A pending lock might already be on the list, so
10003 * dont process it twice:
10004 */
10005 - if (entry != pending)
10006 - if (handle_futex_death((void __user *)entry + futex_offset,
10007 - curr, pi))
10008 + if (entry != pending) {
10009 + void __user *uaddr = futex_uaddr(entry,
10010 + futex_offset);
10011 + if (handle_futex_death(uaddr, curr, pi))
10012 return;
10013 + }
10015 /*
10016 * Fetch the next entry in the list:
10017 diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
10018 index 23c03f4..355e867 100644
10019 --- a/kernel/hrtimer.c
10020 +++ b/kernel/hrtimer.c
10021 @@ -825,6 +825,14 @@ hrtimer_start(struct hrtimer *timer, ktime_t tim, const enum hrtimer_mode mode)
10022 #ifdef CONFIG_TIME_LOW_RES
10023 tim = ktime_add(tim, base->resolution);
10024 #endif
10025 + /*
10026 + * Careful here: User space might have asked for a
10027 + * very long sleep, so the add above might result in a
10028 + * negative number, which enqueues the timer in front
10029 + * of the queue.
10030 + */
10031 + if (tim.tv64 < 0)
10032 + tim.tv64 = KTIME_MAX;
10033 }
10034 timer->expires = tim;
10036 diff --git a/kernel/irq/chip.c b/kernel/irq/chip.c
10037 index 615ce97..7279484 100644
10038 --- a/kernel/irq/chip.c
10039 +++ b/kernel/irq/chip.c
10040 @@ -246,6 +246,17 @@ static unsigned int default_startup(unsigned int irq)
10041 }
10043 /*
10044 + * default shutdown function
10045 + */
10046 +static void default_shutdown(unsigned int irq)
10047 +{
10048 + struct irq_desc *desc = irq_desc + irq;
10049 +
10050 + desc->chip->mask(irq);
10051 + desc->status |= IRQ_MASKED;
10052 +}
10053 +
10054 +/*
10055 * Fixup enable/disable function pointers
10056 */
10057 void irq_chip_set_defaults(struct irq_chip *chip)
10058 @@ -256,8 +267,15 @@ void irq_chip_set_defaults(struct irq_chip *chip)
10059 chip->disable = default_disable;
10060 if (!chip->startup)
10061 chip->startup = default_startup;
10062 + /*
10063 + * We use chip->disable, when the user provided its own. When
10064 + * we have default_disable set for chip->disable, then we need
10065 + * to use default_shutdown, otherwise the irq line is not
10066 + * disabled on free_irq():
10067 + */
10068 if (!chip->shutdown)
10069 - chip->shutdown = chip->disable;
10070 + chip->shutdown = chip->disable != default_disable ?
10071 + chip->disable : default_shutdown;
10072 if (!chip->name)
10073 chip->name = chip->typename;
10074 if (!chip->end)
10075 @@ -352,13 +370,10 @@ handle_level_irq(unsigned int irq, struct irq_desc *desc)
10076 * keep it masked and get out of here
10077 */
10078 action = desc->action;
10079 - if (unlikely(!action || (desc->status & IRQ_DISABLED))) {
10080 - desc->status |= IRQ_PENDING;
10081 + if (unlikely(!action || (desc->status & IRQ_DISABLED)))
10082 goto out_unlock;
10083 - }
10085 desc->status |= IRQ_INPROGRESS;
10086 - desc->status &= ~IRQ_PENDING;
10087 spin_unlock(&desc->lock);
10089 action_ret = handle_IRQ_event(irq, action);
10090 diff --git a/kernel/irq/resend.c b/kernel/irq/resend.c
10091 index 5bfeaed..a804679 100644
10092 --- a/kernel/irq/resend.c
10093 +++ b/kernel/irq/resend.c
10094 @@ -62,7 +62,12 @@ void check_irq_resend(struct irq_desc *desc, unsigned int irq)
10095 */
10096 desc->chip->enable(irq);
10098 - if ((status & (IRQ_PENDING | IRQ_REPLAY)) == IRQ_PENDING) {
10099 + /*
10100 + * We do not resend level type interrupts. Level type
10101 + * interrupts are resent by hardware when they are still
10102 + * active.
10103 + */
10104 + if ((status & (IRQ_LEVEL | IRQ_PENDING | IRQ_REPLAY)) == IRQ_PENDING) {
10105 desc->status = (status & ~IRQ_PENDING) | IRQ_REPLAY;
10107 if (!desc->chip || !desc->chip->retrigger ||
10108 diff --git a/kernel/lockdep.c b/kernel/lockdep.c
10109 index 1a5ff22..072cf25 100644
10110 --- a/kernel/lockdep.c
10111 +++ b/kernel/lockdep.c
10112 @@ -2166,7 +2166,6 @@ out_calc_hash:
10113 }
10114 #endif
10115 chain_key = iterate_chain_key(chain_key, id);
10116 - curr->curr_chain_key = chain_key;
10118 /*
10119 * Trylock needs to maintain the stack of held locks, but it
10120 @@ -2215,6 +2214,7 @@ out_calc_hash:
10121 if (unlikely(!debug_locks))
10122 return 0;
10124 + curr->curr_chain_key = chain_key;
10125 curr->lockdep_depth++;
10126 check_chain_key(curr);
10127 #ifdef CONFIG_DEBUG_LOCKDEP
10128 diff --git a/kernel/lockdep_proc.c b/kernel/lockdep_proc.c
10129 index 58f35e5..96f0417 100644
10130 --- a/kernel/lockdep_proc.c
10131 +++ b/kernel/lockdep_proc.c
10132 @@ -339,7 +339,7 @@ static const struct file_operations proc_lockdep_stats_operations = {
10133 .open = lockdep_stats_open,
10134 .read = seq_read,
10135 .llseek = seq_lseek,
10136 - .release = seq_release,
10137 + .release = single_release,
10138 };
10140 static int __init lockdep_proc_init(void)
10141 diff --git a/kernel/params.c b/kernel/params.c
10142 index e61c46c..1f17b58 100644
10143 --- a/kernel/params.c
10144 +++ b/kernel/params.c
10145 @@ -591,13 +591,16 @@ static void __init param_sysfs_builtin(void)
10147 for (i=0; i < __stop___param - __start___param; i++) {
10148 char *dot;
10149 + size_t max_name_len;
10151 kp = &__start___param[i];
10152 + max_name_len =
10153 + min_t(size_t, MAX_KBUILD_MODNAME, strlen(kp->name));
10155 - /* We do not handle args without periods. */
10156 - dot = memchr(kp->name, '.', MAX_KBUILD_MODNAME);
10157 + dot = memchr(kp->name, '.', max_name_len);
10158 if (!dot) {
10159 - DEBUGP("couldn't find period in %s\n", kp->name);
10160 + DEBUGP("couldn't find period in first %d characters "
10161 + "of %s\n", MAX_KBUILD_MODNAME, kp->name);
10162 continue;
10163 }
10164 name_len = dot - kp->name;
10165 diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c
10166 index a3b7854..a686590 100644
10167 --- a/kernel/power/snapshot.c
10168 +++ b/kernel/power/snapshot.c
10169 @@ -709,7 +709,8 @@ static void mark_nosave_pages(struct memory_bitmap *bm)
10170 region->end_pfn << PAGE_SHIFT);
10172 for (pfn = region->start_pfn; pfn < region->end_pfn; pfn++)
10173 - memory_bm_set_bit(bm, pfn);
10174 + if (pfn_valid(pfn))
10175 + memory_bm_set_bit(bm, pfn);
10176 }
10177 }
10179 diff --git a/kernel/relay.c b/kernel/relay.c
10180 index 95db8c7..24db7e8 100644
10181 --- a/kernel/relay.c
10182 +++ b/kernel/relay.c
10183 @@ -91,6 +91,7 @@ int relay_mmap_buf(struct rchan_buf *buf, struct vm_area_struct *vma)
10184 return -EINVAL;
10186 vma->vm_ops = &relay_file_mmap_ops;
10187 + vma->vm_flags |= VM_DONTEXPAND;
10188 vma->vm_private_data = buf;
10189 buf->chan->cb->buf_mapped(buf, filp);
10191 diff --git a/kernel/signal.c b/kernel/signal.c
10192 index f940560..5c48ab2 100644
10193 --- a/kernel/signal.c
10194 +++ b/kernel/signal.c
10195 @@ -368,7 +368,7 @@ int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info)
10196 /* We only dequeue private signals from ourselves, we don't let
10197 * signalfd steal them
10198 */
10199 - if (tsk == current)
10200 + if (likely(tsk == current))
10201 signr = __dequeue_signal(&tsk->pending, mask, info);
10202 if (!signr) {
10203 signr = __dequeue_signal(&tsk->signal->shared_pending,
10204 @@ -415,7 +415,7 @@ int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info)
10205 if (!(tsk->signal->flags & SIGNAL_GROUP_EXIT))
10206 tsk->signal->flags |= SIGNAL_STOP_DEQUEUED;
10207 }
10208 - if ( signr &&
10209 + if (signr && likely(tsk == current) &&
10210 ((info->si_code & __SI_MASK) == __SI_TIMER) &&
10211 info->si_sys_private){
10212 /*
10213 @@ -1259,20 +1259,19 @@ struct sigqueue *sigqueue_alloc(void)
10214 void sigqueue_free(struct sigqueue *q)
10215 {
10216 unsigned long flags;
10217 + spinlock_t *lock = ¤t->sighand->siglock;
10218 +
10219 BUG_ON(!(q->flags & SIGQUEUE_PREALLOC));
10220 /*
10221 * If the signal is still pending remove it from the
10222 - * pending queue.
10223 + * pending queue. We must hold ->siglock while testing
10224 + * q->list to serialize with collect_signal().
10225 */
10226 - if (unlikely(!list_empty(&q->list))) {
10227 - spinlock_t *lock = ¤t->sighand->siglock;
10228 - read_lock(&tasklist_lock);
10229 - spin_lock_irqsave(lock, flags);
10230 - if (!list_empty(&q->list))
10231 - list_del_init(&q->list);
10232 - spin_unlock_irqrestore(lock, flags);
10233 - read_unlock(&tasklist_lock);
10234 - }
10235 + spin_lock_irqsave(lock, flags);
10236 + if (!list_empty(&q->list))
10237 + list_del_init(&q->list);
10238 + spin_unlock_irqrestore(lock, flags);
10239 +
10240 q->flags &= ~SIGQUEUE_PREALLOC;
10241 __sigqueue_free(q);
10242 }
10243 diff --git a/kernel/sys.c b/kernel/sys.c
10244 index 872271c..28e8364 100644
10245 --- a/kernel/sys.c
10246 +++ b/kernel/sys.c
10247 @@ -1428,7 +1428,6 @@ asmlinkage long sys_times(struct tms __user * tbuf)
10248 * Auch. Had to add the 'did_exec' flag to conform completely to POSIX.
10249 * LBT 04.03.94
10250 */
10251 -
10252 asmlinkage long sys_setpgid(pid_t pid, pid_t pgid)
10253 {
10254 struct task_struct *p;
10255 @@ -1456,7 +1455,7 @@ asmlinkage long sys_setpgid(pid_t pid, pid_t pgid)
10256 if (!thread_group_leader(p))
10257 goto out;
10259 - if (p->real_parent == group_leader) {
10260 + if (p->real_parent->tgid == group_leader->tgid) {
10261 err = -EPERM;
10262 if (task_session(p) != task_session(group_leader))
10263 goto out;
10264 diff --git a/kernel/time/timer_list.c b/kernel/time/timer_list.c
10265 index 8bbcfb7..7ea87d9 100644
10266 --- a/kernel/time/timer_list.c
10267 +++ b/kernel/time/timer_list.c
10268 @@ -267,7 +267,7 @@ static struct file_operations timer_list_fops = {
10269 .open = timer_list_open,
10270 .read = seq_read,
10271 .llseek = seq_lseek,
10272 - .release = seq_release,
10273 + .release = single_release,
10274 };
10276 static int __init init_timer_list_procfs(void)
10277 diff --git a/kernel/time/timer_stats.c b/kernel/time/timer_stats.c
10278 index 3216937..5717cfb 100644
10279 --- a/kernel/time/timer_stats.c
10280 +++ b/kernel/time/timer_stats.c
10281 @@ -319,8 +319,9 @@ static int tstats_show(struct seq_file *m, void *v)
10282 ms = 1;
10284 if (events && period.tv_sec)
10285 - seq_printf(m, "%ld total events, %ld.%ld events/sec\n", events,
10286 - events / period.tv_sec, events * 1000 / ms);
10287 + seq_printf(m, "%ld total events, %ld.%03ld events/sec\n",
10288 + events, events * 1000 / ms,
10289 + (events * 1000000 / ms) % 1000);
10290 else
10291 seq_printf(m, "%ld total events\n", events);
10293 @@ -391,7 +392,7 @@ static struct file_operations tstats_fops = {
10294 .read = seq_read,
10295 .write = tstats_write,
10296 .llseek = seq_lseek,
10297 - .release = seq_release,
10298 + .release = single_release,
10299 };
10301 void __init init_timer_stats(void)
10302 diff --git a/kernel/workqueue.c b/kernel/workqueue.c
10303 index 3bebf73..3831f88 100644
10304 --- a/kernel/workqueue.c
10305 +++ b/kernel/workqueue.c
10306 @@ -739,18 +739,17 @@ static void cleanup_workqueue_thread(struct cpu_workqueue_struct *cwq, int cpu)
10307 if (cwq->thread == NULL)
10308 return;
10310 + flush_cpu_workqueue(cwq);
10311 /*
10312 - * If the caller is CPU_DEAD the single flush_cpu_workqueue()
10313 - * is not enough, a concurrent flush_workqueue() can insert a
10314 - * barrier after us.
10315 + * If the caller is CPU_DEAD and cwq->worklist was not empty,
10316 + * a concurrent flush_workqueue() can insert a barrier after us.
10317 + * However, in that case run_workqueue() won't return and check
10318 + * kthread_should_stop() until it flushes all work_struct's.
10319 * When ->worklist becomes empty it is safe to exit because no
10320 * more work_structs can be queued on this cwq: flush_workqueue
10321 * checks list_empty(), and a "normal" queue_work() can't use
10322 * a dead CPU.
10323 */
10324 - while (flush_cpu_workqueue(cwq))
10325 - ;
10326 -
10327 kthread_stop(cwq->thread);
10328 cwq->thread = NULL;
10329 }
10330 diff --git a/lib/libcrc32c.c b/lib/libcrc32c.c
10331 index 60f4680..1f3a52e 100644
10332 --- a/lib/libcrc32c.c
10333 +++ b/lib/libcrc32c.c
10334 @@ -33,7 +33,6 @@
10335 #include <linux/crc32c.h>
10336 #include <linux/compiler.h>
10337 #include <linux/module.h>
10338 -#include <asm/byteorder.h>
10340 MODULE_AUTHOR("Clay Haapala <chaapala@cisco.com>");
10341 MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations");
10342 @@ -161,15 +160,13 @@ static const u32 crc32c_table[256] = {
10343 */
10345 u32 __attribute_pure__
10346 -crc32c_le(u32 seed, unsigned char const *data, size_t length)
10347 +crc32c_le(u32 crc, unsigned char const *data, size_t length)
10348 {
10349 - u32 crc = __cpu_to_le32(seed);
10350 -
10351 while (length--)
10352 crc =
10353 crc32c_table[(crc ^ *data++) & 0xFFL] ^ (crc >> 8);
10355 - return __le32_to_cpu(crc);
10356 + return crc;
10357 }
10359 #endif /* CRC_LE_BITS == 8 */
10360 diff --git a/lib/textsearch.c b/lib/textsearch.c
10361 index 88c98a2..be8bda3 100644
10362 --- a/lib/textsearch.c
10363 +++ b/lib/textsearch.c
10364 @@ -7,7 +7,7 @@
10365 * 2 of the License, or (at your option) any later version.
10366 *
10367 * Authors: Thomas Graf <tgraf@suug.ch>
10368 - * Pablo Neira Ayuso <pablo@eurodev.net>
10369 + * Pablo Neira Ayuso <pablo@netfilter.org>
10370 *
10371 * ==========================================================================
10372 *
10373 @@ -250,7 +250,8 @@ unsigned int textsearch_find_continuous(struct ts_config *conf,
10374 * the various search algorithms.
10375 *
10376 * Returns a new textsearch configuration according to the specified
10377 - * parameters or a ERR_PTR().
10378 + * parameters or a ERR_PTR(). If a zero length pattern is passed, this
10379 + * function returns EINVAL.
10380 */
10381 struct ts_config *textsearch_prepare(const char *algo, const void *pattern,
10382 unsigned int len, gfp_t gfp_mask, int flags)
10383 @@ -259,6 +260,9 @@ struct ts_config *textsearch_prepare(const char *algo, const void *pattern,
10384 struct ts_config *conf;
10385 struct ts_ops *ops;
10387 + if (len == 0)
10388 + return ERR_PTR(-EINVAL);
10389 +
10390 ops = lookup_ts_algo(algo);
10391 #ifdef CONFIG_KMOD
10392 /*
10393 diff --git a/mm/hugetlb.c b/mm/hugetlb.c
10394 index a45d1f0..5fb38f1 100644
10395 --- a/mm/hugetlb.c
10396 +++ b/mm/hugetlb.c
10397 @@ -101,13 +101,20 @@ static void free_huge_page(struct page *page)
10399 static int alloc_fresh_huge_page(void)
10400 {
10401 - static int nid = 0;
10402 + static int prev_nid;
10403 struct page *page;
10404 - page = alloc_pages_node(nid, GFP_HIGHUSER|__GFP_COMP|__GFP_NOWARN,
10405 - HUGETLB_PAGE_ORDER);
10406 - nid = next_node(nid, node_online_map);
10407 + static DEFINE_SPINLOCK(nid_lock);
10408 + int nid;
10409 +
10410 + spin_lock(&nid_lock);
10411 + nid = next_node(prev_nid, node_online_map);
10412 if (nid == MAX_NUMNODES)
10413 nid = first_node(node_online_map);
10414 + prev_nid = nid;
10415 + spin_unlock(&nid_lock);
10416 +
10417 + page = alloc_pages_node(nid, GFP_HIGHUSER|__GFP_COMP|__GFP_NOWARN,
10418 + HUGETLB_PAGE_ORDER);
10419 if (page) {
10420 set_compound_page_dtor(page, free_huge_page);
10421 spin_lock(&hugetlb_lock);
10422 diff --git a/mm/memory.c b/mm/memory.c
10423 index f64cbf9..538f054 100644
10424 --- a/mm/memory.c
10425 +++ b/mm/memory.c
10426 @@ -983,6 +983,8 @@ int get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
10427 int i;
10428 unsigned int vm_flags;
10430 + if (len <= 0)
10431 + return 0;
10432 /*
10433 * Require read or write permissions.
10434 * If 'force' is set, we only require the "MAY" flags.
10435 diff --git a/mm/mlock.c b/mm/mlock.c
10436 index 4d3fea2..7b26560 100644
10437 --- a/mm/mlock.c
10438 +++ b/mm/mlock.c
10439 @@ -244,9 +244,12 @@ int user_shm_lock(size_t size, struct user_struct *user)
10441 locked = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
10442 lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
10443 + if (lock_limit == RLIM_INFINITY)
10444 + allowed = 1;
10445 lock_limit >>= PAGE_SHIFT;
10446 spin_lock(&shmlock_user_lock);
10447 - if (locked + user->locked_shm > lock_limit && !capable(CAP_IPC_LOCK))
10448 + if (!allowed &&
10449 + locked + user->locked_shm > lock_limit && !capable(CAP_IPC_LOCK))
10450 goto out;
10451 get_uid(user);
10452 user->locked_shm += locked;
10453 diff --git a/mm/mmap.c b/mm/mmap.c
10454 index 906ed40..33fb671 100644
10455 --- a/mm/mmap.c
10456 +++ b/mm/mmap.c
10457 @@ -2157,7 +2157,7 @@ int install_special_mapping(struct mm_struct *mm,
10458 vma->vm_start = addr;
10459 vma->vm_end = addr + len;
10461 - vma->vm_flags = vm_flags | mm->def_flags;
10462 + vma->vm_flags = vm_flags | mm->def_flags | VM_DONTEXPAND;
10463 vma->vm_page_prot = protection_map[vma->vm_flags & 7];
10465 vma->vm_ops = &special_mapping_vmops;
10466 diff --git a/mm/page-writeback.c b/mm/page-writeback.c
10467 index eec1481..2d39627 100644
10468 --- a/mm/page-writeback.c
10469 +++ b/mm/page-writeback.c
10470 @@ -674,8 +674,10 @@ retry:
10472 ret = (*writepage)(page, wbc, data);
10474 - if (unlikely(ret == AOP_WRITEPAGE_ACTIVATE))
10475 + if (unlikely(ret == AOP_WRITEPAGE_ACTIVATE)) {
10476 unlock_page(page);
10477 + ret = 0;
10478 + }
10479 if (ret || (--(wbc->nr_to_write) <= 0))
10480 done = 1;
10481 if (wbc->nonblocking && bdi_write_congested(bdi)) {
10482 diff --git a/mm/quicklist.c b/mm/quicklist.c
10483 index ae8189c..3f703f7 100644
10484 --- a/mm/quicklist.c
10485 +++ b/mm/quicklist.c
10486 @@ -26,9 +26,17 @@ DEFINE_PER_CPU(struct quicklist, quicklist)[CONFIG_NR_QUICK];
10487 static unsigned long max_pages(unsigned long min_pages)
10488 {
10489 unsigned long node_free_pages, max;
10490 + struct zone *zones = NODE_DATA(numa_node_id())->node_zones;
10491 +
10492 + node_free_pages =
10493 +#ifdef CONFIG_ZONE_DMA
10494 + zone_page_state(&zones[ZONE_DMA], NR_FREE_PAGES) +
10495 +#endif
10496 +#ifdef CONFIG_ZONE_DMA32
10497 + zone_page_state(&zones[ZONE_DMA32], NR_FREE_PAGES) +
10498 +#endif
10499 + zone_page_state(&zones[ZONE_NORMAL], NR_FREE_PAGES);
10501 - node_free_pages = node_page_state(numa_node_id(),
10502 - NR_FREE_PAGES);
10503 max = node_free_pages / FRACTION_OF_NODE_MEM;
10504 return max(max, min_pages);
10505 }
10506 diff --git a/mm/readahead.c b/mm/readahead.c
10507 index 9861e88..1448e53 100644
10508 --- a/mm/readahead.c
10509 +++ b/mm/readahead.c
10510 @@ -21,8 +21,16 @@ void default_unplug_io_fn(struct backing_dev_info *bdi, struct page *page)
10511 }
10512 EXPORT_SYMBOL(default_unplug_io_fn);
10514 +/*
10515 + * Convienent macros for min/max read-ahead pages.
10516 + * Note that MAX_RA_PAGES is rounded down, while MIN_RA_PAGES is rounded up.
10517 + * The latter is necessary for systems with large page size(i.e. 64k).
10518 + */
10519 +#define MAX_RA_PAGES (VM_MAX_READAHEAD*1024 / PAGE_CACHE_SIZE)
10520 +#define MIN_RA_PAGES DIV_ROUND_UP(VM_MIN_READAHEAD*1024, PAGE_CACHE_SIZE)
10521 +
10522 struct backing_dev_info default_backing_dev_info = {
10523 - .ra_pages = (VM_MAX_READAHEAD * 1024) / PAGE_CACHE_SIZE,
10524 + .ra_pages = MAX_RA_PAGES,
10525 .state = 0,
10526 .capabilities = BDI_CAP_MAP_COPY,
10527 .unplug_io_fn = default_unplug_io_fn,
10528 @@ -51,7 +59,7 @@ static inline unsigned long get_max_readahead(struct file_ra_state *ra)
10530 static inline unsigned long get_min_readahead(struct file_ra_state *ra)
10531 {
10532 - return (VM_MIN_READAHEAD * 1024) / PAGE_CACHE_SIZE;
10533 + return MIN_RA_PAGES;
10534 }
10536 static inline void reset_ahead_window(struct file_ra_state *ra)
10537 diff --git a/mm/shmem.c b/mm/shmem.c
10538 index b6aae2b..d1c65fb 100644
10539 --- a/mm/shmem.c
10540 +++ b/mm/shmem.c
10541 @@ -911,6 +911,21 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc)
10542 struct inode *inode;
10544 BUG_ON(!PageLocked(page));
10545 + /*
10546 + * shmem_backing_dev_info's capabilities prevent regular writeback or
10547 + * sync from ever calling shmem_writepage; but a stacking filesystem
10548 + * may use the ->writepage of its underlying filesystem, in which case
10549 + * we want to do nothing when that underlying filesystem is tmpfs
10550 + * (writing out to swap is useful as a response to memory pressure, but
10551 + * of no use to stabilize the data) - just redirty the page, unlock it
10552 + * and claim success in this case. AOP_WRITEPAGE_ACTIVATE, and the
10553 + * page_mapped check below, must be avoided unless we're in reclaim.
10554 + */
10555 + if (!wbc->for_reclaim) {
10556 + set_page_dirty(page);
10557 + unlock_page(page);
10558 + return 0;
10559 + }
10560 BUG_ON(page_mapped(page));
10562 mapping = page->mapping;
10563 @@ -1051,7 +1066,7 @@ shmem_alloc_page(gfp_t gfp, struct shmem_inode_info *info,
10564 pvma.vm_policy = mpol_shared_policy_lookup(&info->policy, idx);
10565 pvma.vm_pgoff = idx;
10566 pvma.vm_end = PAGE_SIZE;
10567 - page = alloc_page_vma(gfp | __GFP_ZERO, &pvma, 0);
10568 + page = alloc_page_vma(gfp, &pvma, 0);
10569 mpol_free(pvma.vm_policy);
10570 return page;
10571 }
10572 @@ -1071,7 +1086,7 @@ shmem_swapin(struct shmem_inode_info *info,swp_entry_t entry,unsigned long idx)
10573 static inline struct page *
10574 shmem_alloc_page(gfp_t gfp,struct shmem_inode_info *info, unsigned long idx)
10575 {
10576 - return alloc_page(gfp | __GFP_ZERO);
10577 + return alloc_page(gfp);
10578 }
10579 #endif
10581 @@ -1280,6 +1295,7 @@ repeat:
10583 info->alloced++;
10584 spin_unlock(&info->lock);
10585 + clear_highpage(filepage);
10586 flush_dcache_page(filepage);
10587 SetPageUptodate(filepage);
10588 }
10589 diff --git a/mm/slub.c b/mm/slub.c
10590 index e0cf621..648f2c7 100644
10591 --- a/mm/slub.c
10592 +++ b/mm/slub.c
10593 @@ -1431,28 +1431,8 @@ new_slab:
10594 page = new_slab(s, gfpflags, node);
10595 if (page) {
10596 cpu = smp_processor_id();
10597 - if (s->cpu_slab[cpu]) {
10598 - /*
10599 - * Someone else populated the cpu_slab while we
10600 - * enabled interrupts, or we have gotten scheduled
10601 - * on another cpu. The page may not be on the
10602 - * requested node even if __GFP_THISNODE was
10603 - * specified. So we need to recheck.
10604 - */
10605 - if (node == -1 ||
10606 - page_to_nid(s->cpu_slab[cpu]) == node) {
10607 - /*
10608 - * Current cpuslab is acceptable and we
10609 - * want the current one since its cache hot
10610 - */
10611 - discard_slab(s, page);
10612 - page = s->cpu_slab[cpu];
10613 - slab_lock(page);
10614 - goto load_freelist;
10615 - }
10616 - /* New slab does not fit our expectations */
10617 + if (s->cpu_slab[cpu])
10618 flush_slab(s, s->cpu_slab[cpu], cpu);
10619 - }
10620 slab_lock(page);
10621 SetSlabFrozen(page);
10622 s->cpu_slab[cpu] = page;
10623 diff --git a/mm/sparse.c b/mm/sparse.c
10624 index e03b39f..fdc1454 100644
10625 --- a/mm/sparse.c
10626 +++ b/mm/sparse.c
10627 @@ -209,12 +209,6 @@ static int __meminit sparse_init_one_section(struct mem_section *ms,
10628 return 1;
10629 }
10631 -__attribute__((weak))
10632 -void *alloc_bootmem_high_node(pg_data_t *pgdat, unsigned long size)
10633 -{
10634 - return NULL;
10635 -}
10636 -
10637 static struct page __init *sparse_early_mem_map_alloc(unsigned long pnum)
10638 {
10639 struct page *map;
10640 @@ -225,11 +219,6 @@ static struct page __init *sparse_early_mem_map_alloc(unsigned long pnum)
10641 if (map)
10642 return map;
10644 - map = alloc_bootmem_high_node(NODE_DATA(nid),
10645 - sizeof(struct page) * PAGES_PER_SECTION);
10646 - if (map)
10647 - return map;
10648 -
10649 map = alloc_bootmem_node(NODE_DATA(nid),
10650 sizeof(struct page) * PAGES_PER_SECTION);
10651 if (map)
10652 diff --git a/mm/vmscan.c b/mm/vmscan.c
10653 index 1be5a63..a618717 100644
10654 --- a/mm/vmscan.c
10655 +++ b/mm/vmscan.c
10656 @@ -774,6 +774,7 @@ static void shrink_active_list(unsigned long nr_pages, struct zone *zone,
10657 long mapped_ratio;
10658 long distress;
10659 long swap_tendency;
10660 + long imbalance;
10662 if (zone_is_near_oom(zone))
10663 goto force_reclaim_mapped;
10664 @@ -809,6 +810,46 @@ static void shrink_active_list(unsigned long nr_pages, struct zone *zone,
10665 swap_tendency = mapped_ratio / 2 + distress + sc->swappiness;
10667 /*
10668 + * If there's huge imbalance between active and inactive
10669 + * (think active 100 times larger than inactive) we should
10670 + * become more permissive, or the system will take too much
10671 + * cpu before it start swapping during memory pressure.
10672 + * Distress is about avoiding early-oom, this is about
10673 + * making swappiness graceful despite setting it to low
10674 + * values.
10675 + *
10676 + * Avoid div by zero with nr_inactive+1, and max resulting
10677 + * value is vm_total_pages.
10678 + */
10679 + imbalance = zone_page_state(zone, NR_ACTIVE);
10680 + imbalance /= zone_page_state(zone, NR_INACTIVE) + 1;
10681 +
10682 + /*
10683 + * Reduce the effect of imbalance if swappiness is low,
10684 + * this means for a swappiness very low, the imbalance
10685 + * must be much higher than 100 for this logic to make
10686 + * the difference.
10687 + *
10688 + * Max temporary value is vm_total_pages*100.
10689 + */
10690 + imbalance *= (vm_swappiness + 1);
10691 + imbalance /= 100;
10692 +
10693 + /*
10694 + * If not much of the ram is mapped, makes the imbalance
10695 + * less relevant, it's high priority we refill the inactive
10696 + * list with mapped pages only in presence of high ratio of
10697 + * mapped pages.
10698 + *
10699 + * Max temporary value is vm_total_pages*100.
10700 + */
10701 + imbalance *= mapped_ratio;
10702 + imbalance /= 100;
10703 +
10704 + /* apply imbalance feedback to swap_tendency */
10705 + swap_tendency += imbalance;
10706 +
10707 + /*
10708 * Now use this metric to decide whether to start moving mapped
10709 * memory onto the inactive list.
10710 */
10711 diff --git a/net/802/psnap.c b/net/802/psnap.c
10712 index 04ee43e..31128cb 100644
10713 --- a/net/802/psnap.c
10714 +++ b/net/802/psnap.c
10715 @@ -55,6 +55,9 @@ static int snap_rcv(struct sk_buff *skb, struct net_device *dev,
10716 .type = __constant_htons(ETH_P_SNAP),
10717 };
10719 + if (unlikely(!pskb_may_pull(skb, 5)))
10720 + goto drop;
10721 +
10722 rcu_read_lock();
10723 proto = find_snap_client(skb_transport_header(skb));
10724 if (proto) {
10725 @@ -62,14 +65,18 @@ static int snap_rcv(struct sk_buff *skb, struct net_device *dev,
10726 skb->transport_header += 5;
10727 skb_pull_rcsum(skb, 5);
10728 rc = proto->rcvfunc(skb, dev, &snap_packet_type, orig_dev);
10729 - } else {
10730 - skb->sk = NULL;
10731 - kfree_skb(skb);
10732 - rc = 1;
10733 }
10734 -
10735 rcu_read_unlock();
10736 +
10737 + if (unlikely(!proto))
10738 + goto drop;
10739 +
10740 +out:
10741 return rc;
10742 +
10743 +drop:
10744 + kfree_skb(skb);
10745 + goto out;
10746 }
10748 /*
10749 diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
10750 index ec46084..0642694 100644
10751 --- a/net/8021q/vlan_dev.c
10752 +++ b/net/8021q/vlan_dev.c
10753 @@ -116,12 +116,22 @@ int vlan_skb_recv(struct sk_buff *skb, struct net_device *dev,
10754 struct packet_type* ptype, struct net_device *orig_dev)
10755 {
10756 unsigned char *rawp = NULL;
10757 - struct vlan_hdr *vhdr = (struct vlan_hdr *)(skb->data);
10758 + struct vlan_hdr *vhdr;
10759 unsigned short vid;
10760 struct net_device_stats *stats;
10761 unsigned short vlan_TCI;
10762 __be16 proto;
10764 + if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
10765 + return -1;
10766 +
10767 + if (unlikely(!pskb_may_pull(skb, VLAN_HLEN))) {
10768 + kfree_skb(skb);
10769 + return -1;
10770 + }
10771 +
10772 + vhdr = (struct vlan_hdr *)(skb->data);
10773 +
10774 /* vlan_TCI = ntohs(get_unaligned(&vhdr->h_vlan_TCI)); */
10775 vlan_TCI = ntohs(vhdr->h_vlan_TCI);
10777 diff --git a/net/atm/mpc.c b/net/atm/mpc.c
10778 index 7c85aa5..181c1c8 100644
10779 --- a/net/atm/mpc.c
10780 +++ b/net/atm/mpc.c
10781 @@ -542,6 +542,13 @@ static int mpc_send_packet(struct sk_buff *skb, struct net_device *dev)
10782 if (eth->h_proto != htons(ETH_P_IP))
10783 goto non_ip; /* Multi-Protocol Over ATM :-) */
10785 + /* Weed out funny packets (e.g., AF_PACKET or raw). */
10786 + if (skb->len < ETH_HLEN + sizeof(struct iphdr))
10787 + goto non_ip;
10788 + skb_set_network_header(skb, ETH_HLEN);
10789 + if (skb->len < ETH_HLEN + ip_hdr(skb)->ihl * 4 || ip_hdr(skb)->ihl < 5)
10790 + goto non_ip;
10791 +
10792 while (i < mpc->number_of_mps_macs) {
10793 if (!compare_ether_addr(eth->h_dest, (mpc->mps_macs + i*ETH_ALEN)))
10794 if ( send_via_shortcut(skb, mpc) == 0 ) /* try shortcut */
10795 diff --git a/net/ax25/ax25_in.c b/net/ax25/ax25_in.c
10796 index 0ddaff0..8a9f0ac 100644
10797 --- a/net/ax25/ax25_in.c
10798 +++ b/net/ax25/ax25_in.c
10799 @@ -124,7 +124,7 @@ int ax25_rx_iframe(ax25_cb *ax25, struct sk_buff *skb)
10800 }
10802 skb_pull(skb, 1); /* Remove PID */
10803 - skb_reset_mac_header(skb);
10804 + skb->mac_header = skb->network_header;
10805 skb_reset_network_header(skb);
10806 skb->dev = ax25->ax25_dev->dev;
10807 skb->pkt_type = PACKET_HOST;
10808 diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
10809 index b2b1cce..23ba61a 100644
10810 --- a/net/bluetooth/rfcomm/tty.c
10811 +++ b/net/bluetooth/rfcomm/tty.c
10812 @@ -95,6 +95,10 @@ static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
10814 BT_DBG("dev %p dlc %p", dev, dlc);
10816 + write_lock_bh(&rfcomm_dev_lock);
10817 + list_del_init(&dev->list);
10818 + write_unlock_bh(&rfcomm_dev_lock);
10819 +
10820 rfcomm_dlc_lock(dlc);
10821 /* Detach DLC if it's owned by this dev */
10822 if (dlc->owner == dev)
10823 @@ -156,8 +160,13 @@ static inline struct rfcomm_dev *rfcomm_dev_get(int id)
10824 read_lock(&rfcomm_dev_lock);
10826 dev = __rfcomm_dev_get(id);
10827 - if (dev)
10828 - rfcomm_dev_hold(dev);
10829 +
10830 + if (dev) {
10831 + if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
10832 + dev = NULL;
10833 + else
10834 + rfcomm_dev_hold(dev);
10835 + }
10837 read_unlock(&rfcomm_dev_lock);
10839 @@ -265,6 +274,12 @@ out:
10841 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL);
10843 + if (IS_ERR(dev->tty_dev)) {
10844 + list_del(&dev->list);
10845 + kfree(dev);
10846 + return PTR_ERR(dev->tty_dev);
10847 + }
10848 +
10849 return dev->id;
10850 }
10852 @@ -272,10 +287,7 @@ static void rfcomm_dev_del(struct rfcomm_dev *dev)
10853 {
10854 BT_DBG("dev %p", dev);
10856 - write_lock_bh(&rfcomm_dev_lock);
10857 - list_del_init(&dev->list);
10858 - write_unlock_bh(&rfcomm_dev_lock);
10859 -
10860 + set_bit(RFCOMM_TTY_RELEASED, &dev->flags);
10861 rfcomm_dev_put(dev);
10862 }
10864 @@ -329,7 +341,7 @@ static int rfcomm_create_dev(struct sock *sk, void __user *arg)
10865 if (copy_from_user(&req, arg, sizeof(req)))
10866 return -EFAULT;
10868 - BT_DBG("sk %p dev_id %id flags 0x%x", sk, req.dev_id, req.flags);
10869 + BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
10871 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
10872 return -EPERM;
10873 @@ -370,7 +382,7 @@ static int rfcomm_release_dev(void __user *arg)
10874 if (copy_from_user(&req, arg, sizeof(req)))
10875 return -EFAULT;
10877 - BT_DBG("dev_id %id flags 0x%x", req.dev_id, req.flags);
10878 + BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
10880 if (!(dev = rfcomm_dev_get(req.dev_id)))
10881 return -ENODEV;
10882 @@ -383,6 +395,10 @@ static int rfcomm_release_dev(void __user *arg)
10883 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
10884 rfcomm_dlc_close(dev->dlc, 0);
10886 + /* Shut down TTY synchronously before freeing rfcomm_dev */
10887 + if (dev->tty)
10888 + tty_vhangup(dev->tty);
10889 +
10890 rfcomm_dev_del(dev);
10891 rfcomm_dev_put(dev);
10892 return 0;
10893 @@ -415,6 +431,8 @@ static int rfcomm_get_dev_list(void __user *arg)
10895 list_for_each(p, &rfcomm_dev_list) {
10896 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
10897 + if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
10898 + continue;
10899 (di + n)->id = dev->id;
10900 (di + n)->flags = dev->flags;
10901 (di + n)->state = dev->dlc->state;
10902 diff --git a/net/bridge/br.c b/net/bridge/br.c
10903 index 848b8fa..94ae4d2 100644
10904 --- a/net/bridge/br.c
10905 +++ b/net/bridge/br.c
10906 @@ -39,7 +39,7 @@ static int __init br_init(void)
10908 err = br_fdb_init();
10909 if (err)
10910 - goto err_out1;
10911 + goto err_out;
10913 err = br_netfilter_init();
10914 if (err)
10915 @@ -65,6 +65,8 @@ err_out3:
10916 err_out2:
10917 br_netfilter_fini();
10918 err_out1:
10919 + br_fdb_fini();
10920 +err_out:
10921 llc_sap_put(br_stp_sap);
10922 return err;
10923 }
10924 diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
10925 index 5e1892d..c326602 100644
10926 --- a/net/bridge/br_device.c
10927 +++ b/net/bridge/br_device.c
10928 @@ -179,5 +179,6 @@ void br_dev_setup(struct net_device *dev)
10929 dev->priv_flags = IFF_EBRIDGE;
10931 dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | NETIF_F_HIGHDMA |
10932 - NETIF_F_TSO | NETIF_F_NO_CSUM | NETIF_F_GSO_ROBUST;
10933 + NETIF_F_GSO_SOFTWARE | NETIF_F_NO_CSUM |
10934 + NETIF_F_GSO_ROBUST | NETIF_F_LLTX;
10935 }
10936 diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
10937 index 849deaf..fefd7c1 100644
10938 --- a/net/bridge/br_if.c
10939 +++ b/net/bridge/br_if.c
10940 @@ -360,35 +360,15 @@ int br_min_mtu(const struct net_bridge *br)
10941 void br_features_recompute(struct net_bridge *br)
10942 {
10943 struct net_bridge_port *p;
10944 - unsigned long features, checksum;
10945 + unsigned long features;
10947 - checksum = br->feature_mask & NETIF_F_ALL_CSUM ? NETIF_F_NO_CSUM : 0;
10948 - features = br->feature_mask & ~NETIF_F_ALL_CSUM;
10949 + features = br->feature_mask;
10951 list_for_each_entry(p, &br->port_list, list) {
10952 - unsigned long feature = p->dev->features;
10953 -
10954 - if (checksum & NETIF_F_NO_CSUM && !(feature & NETIF_F_NO_CSUM))
10955 - checksum ^= NETIF_F_NO_CSUM | NETIF_F_HW_CSUM;
10956 - if (checksum & NETIF_F_HW_CSUM && !(feature & NETIF_F_HW_CSUM))
10957 - checksum ^= NETIF_F_HW_CSUM | NETIF_F_IP_CSUM;
10958 - if (!(feature & NETIF_F_IP_CSUM))
10959 - checksum = 0;
10960 -
10961 - if (feature & NETIF_F_GSO)
10962 - feature |= NETIF_F_GSO_SOFTWARE;
10963 - feature |= NETIF_F_GSO;
10964 -
10965 - features &= feature;
10966 + features = netdev_compute_features(features, p->dev->features);
10967 }
10969 - if (!(checksum & NETIF_F_ALL_CSUM))
10970 - features &= ~NETIF_F_SG;
10971 - if (!(features & NETIF_F_SG))
10972 - features &= ~NETIF_F_GSO_MASK;
10973 -
10974 - br->dev->features = features | checksum | NETIF_F_LLTX |
10975 - NETIF_F_GSO_ROBUST;
10976 + br->dev->features = features;
10977 }
10979 /* called with RTNL */
10980 diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
10981 index 420bbb9..fb2c7cc 100644
10982 --- a/net/bridge/br_input.c
10983 +++ b/net/bridge/br_input.c
10984 @@ -127,6 +127,7 @@ static inline int is_link_local(const unsigned char *dest)
10985 struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb)
10986 {
10987 const unsigned char *dest = eth_hdr(skb)->h_dest;
10988 + int (*rhook)(struct sk_buff **pskb);
10990 if (!is_valid_ether_addr(eth_hdr(skb)->h_source))
10991 goto drop;
10992 @@ -148,9 +149,9 @@ struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb)
10994 switch (p->state) {
10995 case BR_STATE_FORWARDING:
10996 -
10997 - if (br_should_route_hook) {
10998 - if (br_should_route_hook(&skb))
10999 + rhook = rcu_dereference(br_should_route_hook);
11000 + if (rhook != NULL) {
11001 + if (rhook(&skb))
11002 return skb;
11003 dest = eth_hdr(skb)->h_dest;
11004 }
11005 diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
11006 index fa77987..3ee2022 100644
11007 --- a/net/bridge/br_netfilter.c
11008 +++ b/net/bridge/br_netfilter.c
11009 @@ -509,8 +509,14 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
11010 int (*okfn)(struct sk_buff *))
11011 {
11012 struct iphdr *iph;
11013 - __u32 len;
11014 struct sk_buff *skb = *pskb;
11015 + __u32 len = nf_bridge_encap_header_len(skb);
11016 +
11017 + if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
11018 + return NF_STOLEN;
11019 +
11020 + if (unlikely(!pskb_may_pull(skb, len)))
11021 + goto out;
11023 if (skb->protocol == htons(ETH_P_IPV6) || IS_VLAN_IPV6(skb) ||
11024 IS_PPPOE_IPV6(skb)) {
11025 @@ -518,8 +524,6 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
11026 if (!brnf_call_ip6tables)
11027 return NF_ACCEPT;
11028 #endif
11029 - if ((skb = skb_share_check(*pskb, GFP_ATOMIC)) == NULL)
11030 - goto out;
11031 nf_bridge_pull_encap_header_rcsum(skb);
11032 return br_nf_pre_routing_ipv6(hook, skb, in, out, okfn);
11033 }
11034 @@ -532,8 +536,6 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
11035 !IS_PPPOE_IP(skb))
11036 return NF_ACCEPT;
11038 - if ((skb = skb_share_check(*pskb, GFP_ATOMIC)) == NULL)
11039 - goto out;
11040 nf_bridge_pull_encap_header_rcsum(skb);
11042 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
11043 diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
11044 index 031bfa4..984e9c6 100644
11045 --- a/net/bridge/netfilter/ebt_log.c
11046 +++ b/net/bridge/netfilter/ebt_log.c
11047 @@ -196,10 +196,8 @@ static int __init ebt_log_init(void)
11048 ret = ebt_register_watcher(&log);
11049 if (ret < 0)
11050 return ret;
11051 - ret = nf_log_register(PF_BRIDGE, &ebt_log_logger);
11052 - if (ret < 0 && ret != -EEXIST)
11053 - ebt_unregister_watcher(&log);
11054 - return ret;
11055 + nf_log_register(PF_BRIDGE, &ebt_log_logger);
11056 + return 0;
11057 }
11059 static void __exit ebt_log_fini(void)
11060 diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
11061 index 9411db6..6fec352 100644
11062 --- a/net/bridge/netfilter/ebt_ulog.c
11063 +++ b/net/bridge/netfilter/ebt_ulog.c
11064 @@ -308,12 +308,8 @@ static int __init ebt_ulog_init(void)
11065 else if ((ret = ebt_register_watcher(&ulog)))
11066 sock_release(ebtulognl->sk_socket);
11068 - if (nf_log_register(PF_BRIDGE, &ebt_ulog_logger) < 0) {
11069 - printk(KERN_WARNING "ebt_ulog: not logging via ulog "
11070 - "since somebody else already registered for PF_BRIDGE\n");
11071 - /* we cannot make module load fail here, since otherwise
11072 - * ebtables userspace would abort */
11073 - }
11074 + if (ret == 0)
11075 + nf_log_register(PF_BRIDGE, &ebt_ulog_logger);
11077 return ret;
11078 }
11079 diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c
11080 index d37ce04..bc17cf5 100644
11081 --- a/net/bridge/netfilter/ebtable_broute.c
11082 +++ b/net/bridge/netfilter/ebtable_broute.c
11083 @@ -70,13 +70,13 @@ static int __init ebtable_broute_init(void)
11084 if (ret < 0)
11085 return ret;
11086 /* see br_input.c */
11087 - br_should_route_hook = ebt_broute;
11088 + rcu_assign_pointer(br_should_route_hook, ebt_broute);
11089 return ret;
11090 }
11092 static void __exit ebtable_broute_fini(void)
11093 {
11094 - br_should_route_hook = NULL;
11095 + rcu_assign_pointer(br_should_route_hook, NULL);
11096 synchronize_net();
11097 ebt_unregister_table(&broute_table);
11098 }
11099 diff --git a/net/core/datagram.c b/net/core/datagram.c
11100 index cb056f4..029b93e 100644
11101 --- a/net/core/datagram.c
11102 +++ b/net/core/datagram.c
11103 @@ -450,6 +450,9 @@ int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb,
11104 __wsum csum;
11105 int chunk = skb->len - hlen;
11107 + if (!chunk)
11108 + return 0;
11109 +
11110 /* Skip filled elements.
11111 * Pretty silly, look at memcpy_toiovec, though 8)
11112 */
11113 diff --git a/net/core/dev.c b/net/core/dev.c
11114 index ee051bb..1561f61 100644
11115 --- a/net/core/dev.c
11116 +++ b/net/core/dev.c
11117 @@ -3635,6 +3635,44 @@ static int __init netdev_dma_register(void)
11118 static int __init netdev_dma_register(void) { return -ENODEV; }
11119 #endif /* CONFIG_NET_DMA */
11121 +/**
11122 + * netdev_compute_feature - compute conjunction of two feature sets
11123 + * @all: first feature set
11124 + * @one: second feature set
11125 + *
11126 + * Computes a new feature set after adding a device with feature set
11127 + * @one to the master device with current feature set @all. Returns
11128 + * the new feature set.
11129 + */
11130 +int netdev_compute_features(unsigned long all, unsigned long one)
11131 +{
11132 + /* if device needs checksumming, downgrade to hw checksumming */
11133 + if (all & NETIF_F_NO_CSUM && !(one & NETIF_F_NO_CSUM))
11134 + all ^= NETIF_F_NO_CSUM | NETIF_F_HW_CSUM;
11135 +
11136 + /* if device can't do all checksum, downgrade to ipv4 */
11137 + if (all & NETIF_F_HW_CSUM && !(one & NETIF_F_HW_CSUM))
11138 + all ^= NETIF_F_HW_CSUM | NETIF_F_IP_CSUM;
11139 +
11140 + if (one & NETIF_F_GSO)
11141 + one |= NETIF_F_GSO_SOFTWARE;
11142 + one |= NETIF_F_GSO;
11143 +
11144 + /* If even one device supports robust GSO, enable it for all. */
11145 + if (one & NETIF_F_GSO_ROBUST)
11146 + all |= NETIF_F_GSO_ROBUST;
11147 +
11148 + all &= one | NETIF_F_LLTX;
11149 +
11150 + if (!(all & NETIF_F_ALL_CSUM))
11151 + all &= ~NETIF_F_SG;
11152 + if (!(all & NETIF_F_SG))
11153 + all &= ~NETIF_F_GSO_MASK;
11154 +
11155 + return all;
11156 +}
11157 +EXPORT_SYMBOL(netdev_compute_features);
11158 +
11159 /*
11160 * Initialize the DEV module. At boot time this walks the device list and
11161 * unhooks any devices that fail to initialise (normally hardware not
11162 diff --git a/net/core/gen_estimator.c b/net/core/gen_estimator.c
11163 index 17daf4c..590a767 100644
11164 --- a/net/core/gen_estimator.c
11165 +++ b/net/core/gen_estimator.c
11166 @@ -79,27 +79,27 @@
11168 struct gen_estimator
11169 {
11170 - struct gen_estimator *next;
11171 + struct list_head list;
11172 struct gnet_stats_basic *bstats;
11173 struct gnet_stats_rate_est *rate_est;
11174 spinlock_t *stats_lock;
11175 - unsigned interval;
11176 int ewma_log;
11177 u64 last_bytes;
11178 u32 last_packets;
11179 u32 avpps;
11180 u32 avbps;
11181 + struct rcu_head e_rcu;
11182 };
11184 struct gen_estimator_head
11185 {
11186 struct timer_list timer;
11187 - struct gen_estimator *list;
11188 + struct list_head list;
11189 };
11191 static struct gen_estimator_head elist[EST_MAX_INTERVAL+1];
11193 -/* Estimator array lock */
11194 +/* Protects against NULL dereference */
11195 static DEFINE_RWLOCK(est_lock);
11197 static void est_timer(unsigned long arg)
11198 @@ -107,13 +107,17 @@ static void est_timer(unsigned long arg)
11199 int idx = (int)arg;
11200 struct gen_estimator *e;
11202 - read_lock(&est_lock);
11203 - for (e = elist[idx].list; e; e = e->next) {
11204 + rcu_read_lock();
11205 + list_for_each_entry_rcu(e, &elist[idx].list, list) {
11206 u64 nbytes;
11207 u32 npackets;
11208 u32 rate;
11210 spin_lock(e->stats_lock);
11211 + read_lock(&est_lock);
11212 + if (e->bstats == NULL)
11213 + goto skip;
11214 +
11215 nbytes = e->bstats->bytes;
11216 npackets = e->bstats->packets;
11217 rate = (nbytes - e->last_bytes)<<(7 - idx);
11218 @@ -125,11 +129,14 @@ static void est_timer(unsigned long arg)
11219 e->last_packets = npackets;
11220 e->avpps += ((long)rate - (long)e->avpps) >> e->ewma_log;
11221 e->rate_est->pps = (e->avpps+0x1FF)>>10;
11222 +skip:
11223 + read_unlock(&est_lock);
11224 spin_unlock(e->stats_lock);
11225 }
11227 - mod_timer(&elist[idx].timer, jiffies + ((HZ<<idx)/4));
11228 - read_unlock(&est_lock);
11229 + if (!list_empty(&elist[idx].list))
11230 + mod_timer(&elist[idx].timer, jiffies + ((HZ<<idx)/4));
11231 + rcu_read_unlock();
11232 }
11234 /**
11235 @@ -146,12 +153,17 @@ static void est_timer(unsigned long arg)
11236 * &rate_est with the statistics lock grabed during this period.
11237 *
11238 * Returns 0 on success or a negative error code.
11239 + *
11240 + * NOTE: Called under rtnl_mutex
11241 */
11242 int gen_new_estimator(struct gnet_stats_basic *bstats,
11243 - struct gnet_stats_rate_est *rate_est, spinlock_t *stats_lock, struct rtattr *opt)
11244 + struct gnet_stats_rate_est *rate_est,
11245 + spinlock_t *stats_lock,
11246 + struct rtattr *opt)
11247 {
11248 struct gen_estimator *est;
11249 struct gnet_estimator *parm = RTA_DATA(opt);
11250 + int idx;
11252 if (RTA_PAYLOAD(opt) < sizeof(*parm))
11253 return -EINVAL;
11254 @@ -163,7 +175,7 @@ int gen_new_estimator(struct gnet_stats_basic *bstats,
11255 if (est == NULL)
11256 return -ENOBUFS;
11258 - est->interval = parm->interval + 2;
11259 + idx = parm->interval + 2;
11260 est->bstats = bstats;
11261 est->rate_est = rate_est;
11262 est->stats_lock = stats_lock;
11263 @@ -173,20 +185,25 @@ int gen_new_estimator(struct gnet_stats_basic *bstats,
11264 est->last_packets = bstats->packets;
11265 est->avpps = rate_est->pps<<10;
11267 - est->next = elist[est->interval].list;
11268 - if (est->next == NULL) {
11269 - init_timer(&elist[est->interval].timer);
11270 - elist[est->interval].timer.data = est->interval;
11271 - elist[est->interval].timer.expires = jiffies + ((HZ<<est->interval)/4);
11272 - elist[est->interval].timer.function = est_timer;
11273 - add_timer(&elist[est->interval].timer);
11274 + if (!elist[idx].timer.function) {
11275 + INIT_LIST_HEAD(&elist[idx].list);
11276 + setup_timer(&elist[idx].timer, est_timer, idx);
11277 }
11278 - write_lock_bh(&est_lock);
11279 - elist[est->interval].list = est;
11280 - write_unlock_bh(&est_lock);
11281 +
11282 + if (list_empty(&elist[idx].list))
11283 + mod_timer(&elist[idx].timer, jiffies + ((HZ<<idx)/4));
11284 +
11285 + list_add_rcu(&est->list, &elist[idx].list);
11286 return 0;
11287 }
11289 +static void __gen_kill_estimator(struct rcu_head *head)
11290 +{
11291 + struct gen_estimator *e = container_of(head,
11292 + struct gen_estimator, e_rcu);
11293 + kfree(e);
11294 +}
11295 +
11296 /**
11297 * gen_kill_estimator - remove a rate estimator
11298 * @bstats: basic statistics
11299 @@ -194,31 +211,32 @@ int gen_new_estimator(struct gnet_stats_basic *bstats,
11300 *
11301 * Removes the rate estimator specified by &bstats and &rate_est
11302 * and deletes the timer.
11303 + *
11304 + * NOTE: Called under rtnl_mutex
11305 */
11306 void gen_kill_estimator(struct gnet_stats_basic *bstats,
11307 struct gnet_stats_rate_est *rate_est)
11308 {
11309 int idx;
11310 - struct gen_estimator *est, **pest;
11311 + struct gen_estimator *e, *n;
11313 for (idx=0; idx <= EST_MAX_INTERVAL; idx++) {
11314 - int killed = 0;
11315 - pest = &elist[idx].list;
11316 - while ((est=*pest) != NULL) {
11317 - if (est->rate_est != rate_est || est->bstats != bstats) {
11318 - pest = &est->next;
11319 +
11320 + /* Skip non initialized indexes */
11321 + if (!elist[idx].timer.function)
11322 + continue;
11323 +
11324 + list_for_each_entry_safe(e, n, &elist[idx].list, list) {
11325 + if (e->rate_est != rate_est || e->bstats != bstats)
11326 continue;
11327 - }
11329 write_lock_bh(&est_lock);
11330 - *pest = est->next;
11331 + e->bstats = NULL;
11332 write_unlock_bh(&est_lock);
11334 - kfree(est);
11335 - killed++;
11336 + list_del_rcu(&e->list);
11337 + call_rcu(&e->e_rcu, __gen_kill_estimator);
11338 }
11339 - if (killed && elist[idx].list == NULL)
11340 - del_timer(&elist[idx].timer);
11341 }
11342 }
11344 diff --git a/net/core/netpoll.c b/net/core/netpoll.c
11345 index a0efdd7..5df8cf4 100644
11346 --- a/net/core/netpoll.c
11347 +++ b/net/core/netpoll.c
11348 @@ -781,7 +781,6 @@ void netpoll_cleanup(struct netpoll *np)
11349 spin_unlock_irqrestore(&npinfo->rx_lock, flags);
11350 }
11352 - np->dev->npinfo = NULL;
11353 if (atomic_dec_and_test(&npinfo->refcnt)) {
11354 skb_queue_purge(&npinfo->arp_tx);
11355 skb_queue_purge(&npinfo->txq);
11356 @@ -794,6 +793,7 @@ void netpoll_cleanup(struct netpoll *np)
11357 kfree_skb(skb);
11358 }
11359 kfree(npinfo);
11360 + np->dev->npinfo = NULL;
11361 }
11362 }
11364 diff --git a/net/core/pktgen.c b/net/core/pktgen.c
11365 index 9cd3a1c..33190c3 100644
11366 --- a/net/core/pktgen.c
11367 +++ b/net/core/pktgen.c
11368 @@ -111,6 +111,9 @@
11369 *
11370 * 802.1Q/Q-in-Q support by Francesco Fondelli (FF) <francesco.fondelli@gmail.com>
11371 *
11372 + * Fixed src_mac command to set source mac of packet to value specified in
11373 + * command by Adit Ranadive <adit.262@gmail.com>
11374 + *
11375 */
11376 #include <linux/sys.h>
11377 #include <linux/types.h>
11378 @@ -1415,8 +1418,11 @@ static ssize_t pktgen_if_write(struct file *file,
11379 }
11380 if (!strcmp(name, "src_mac")) {
11381 char *v = valstr;
11382 + unsigned char old_smac[ETH_ALEN];
11383 unsigned char *m = pkt_dev->src_mac;
11385 + memcpy(old_smac, pkt_dev->src_mac, ETH_ALEN);
11386 +
11387 len = strn_len(&user_buffer[i], sizeof(valstr) - 1);
11388 if (len < 0) {
11389 return len;
11390 @@ -1445,6 +1451,10 @@ static ssize_t pktgen_if_write(struct file *file,
11391 }
11392 }
11394 + /* Set up Src MAC */
11395 + if (compare_ether_addr(old_smac, pkt_dev->src_mac))
11396 + memcpy(&(pkt_dev->hh[6]), pkt_dev->src_mac, ETH_ALEN);
11397 +
11398 sprintf(pg_result, "OK: srcmac");
11399 return count;
11400 }
11401 diff --git a/net/dccp/ccids/ccid2.c b/net/dccp/ccids/ccid2.c
11402 index 248d20f..d29b88f 100644
11403 --- a/net/dccp/ccids/ccid2.c
11404 +++ b/net/dccp/ccids/ccid2.c
11405 @@ -298,7 +298,7 @@ static void ccid2_hc_tx_packet_sent(struct sock *sk, int more, unsigned int len)
11406 int rc;
11408 ccid2_pr_debug("allocating more space in history\n");
11409 - rc = ccid2_hc_tx_alloc_seq(hctx, CCID2_SEQBUF_LEN, GFP_KERNEL);
11410 + rc = ccid2_hc_tx_alloc_seq(hctx, CCID2_SEQBUF_LEN, gfp_any());
11411 BUG_ON(rc); /* XXX what do we do? */
11413 next = hctx->ccid2hctx_seqh->ccid2s_next;
11414 diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
11415 index ab41c18..b51ee15 100644
11416 --- a/net/decnet/dn_dev.c
11417 +++ b/net/decnet/dn_dev.c
11418 @@ -651,16 +651,18 @@ static int dn_nl_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
11419 struct dn_dev *dn_db;
11420 struct ifaddrmsg *ifm;
11421 struct dn_ifaddr *ifa, **ifap;
11422 - int err = -EADDRNOTAVAIL;
11423 + int err;
11425 err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, dn_ifa_policy);
11426 if (err < 0)
11427 goto errout;
11429 + err = -ENODEV;
11430 ifm = nlmsg_data(nlh);
11431 if ((dn_db = dn_dev_by_index(ifm->ifa_index)) == NULL)
11432 goto errout;
11434 + err = -EADDRNOTAVAIL;
11435 for (ifap = &dn_db->ifa_list; (ifa = *ifap); ifap = &ifa->ifa_next) {
11436 if (tb[IFA_LOCAL] &&
11437 nla_memcmp(tb[IFA_LOCAL], &ifa->ifa_local, 2))
11438 @@ -815,7 +817,7 @@ static int dn_nl_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
11439 for (ifa = dn_db->ifa_list, dn_idx = 0; ifa;
11440 ifa = ifa->ifa_next, dn_idx++) {
11441 if (dn_idx < skip_naddr)
11442 - goto cont;
11443 + continue;
11445 if (dn_nl_fill_ifaddr(skb, ifa, NETLINK_CB(cb->skb).pid,
11446 cb->nlh->nlmsg_seq, RTM_NEWADDR,
11447 diff --git a/net/ieee80211/ieee80211_rx.c b/net/ieee80211/ieee80211_rx.c
11448 index f2de2e4..6284c99 100644
11449 --- a/net/ieee80211/ieee80211_rx.c
11450 +++ b/net/ieee80211/ieee80211_rx.c
11451 @@ -366,6 +366,12 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
11452 frag = WLAN_GET_SEQ_FRAG(sc);
11453 hdrlen = ieee80211_get_hdrlen(fc);
11455 + if (skb->len < hdrlen) {
11456 + printk(KERN_INFO "%s: invalid SKB length %d\n",
11457 + dev->name, skb->len);
11458 + goto rx_dropped;
11459 + }
11460 +
11461 /* Put this code here so that we avoid duplicating it in all
11462 * Rx paths. - Jean II */
11463 #ifdef CONFIG_WIRELESS_EXT
11464 diff --git a/net/ieee80211/softmac/ieee80211softmac_assoc.c b/net/ieee80211/softmac/ieee80211softmac_assoc.c
11465 index cc8110b..afb6c66 100644
11466 --- a/net/ieee80211/softmac/ieee80211softmac_assoc.c
11467 +++ b/net/ieee80211/softmac/ieee80211softmac_assoc.c
11468 @@ -271,8 +271,11 @@ ieee80211softmac_assoc_work(struct work_struct *work)
11469 */
11470 dprintk(KERN_INFO PFX "Associate: Scanning for networks first.\n");
11471 ieee80211softmac_notify(mac->dev, IEEE80211SOFTMAC_EVENT_SCAN_FINISHED, ieee80211softmac_assoc_notify_scan, NULL);
11472 - if (ieee80211softmac_start_scan(mac))
11473 + if (ieee80211softmac_start_scan(mac)) {
11474 dprintk(KERN_INFO PFX "Associate: failed to initiate scan. Is device up?\n");
11475 + mac->associnfo.associating = 0;
11476 + mac->associnfo.associated = 0;
11477 + }
11478 goto out;
11479 } else {
11480 mac->associnfo.associating = 0;
11481 diff --git a/net/ieee80211/softmac/ieee80211softmac_wx.c b/net/ieee80211/softmac/ieee80211softmac_wx.c
11482 index f13937b..d054e92 100644
11483 --- a/net/ieee80211/softmac/ieee80211softmac_wx.c
11484 +++ b/net/ieee80211/softmac/ieee80211softmac_wx.c
11485 @@ -74,8 +74,8 @@ ieee80211softmac_wx_set_essid(struct net_device *net_dev,
11486 struct ieee80211softmac_auth_queue_item *authptr;
11487 int length = 0;
11489 +check_assoc_again:
11490 mutex_lock(&sm->associnfo.mutex);
11491 -
11492 /* Check if we're already associating to this or another network
11493 * If it's another network, cancel and start over with our new network
11494 * If it's our network, ignore the change, we're already doing it!
11495 @@ -98,13 +98,18 @@ ieee80211softmac_wx_set_essid(struct net_device *net_dev,
11496 cancel_delayed_work(&authptr->work);
11497 sm->associnfo.bssvalid = 0;
11498 sm->associnfo.bssfixed = 0;
11499 - flush_scheduled_work();
11500 sm->associnfo.associating = 0;
11501 sm->associnfo.associated = 0;
11502 + /* We must unlock to avoid deadlocks with the assoc workqueue
11503 + * on the associnfo.mutex */
11504 + mutex_unlock(&sm->associnfo.mutex);
11505 + flush_scheduled_work();
11506 + /* Avoid race! Check assoc status again. Maybe someone started an
11507 + * association while we flushed. */
11508 + goto check_assoc_again;
11509 }
11510 }
11512 -
11513 sm->associnfo.static_essid = 0;
11514 sm->associnfo.assoc_wait = 0;
11516 diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
11517 index 041fba3..90b241c 100644
11518 --- a/net/ipv4/af_inet.c
11519 +++ b/net/ipv4/af_inet.c
11520 @@ -831,7 +831,7 @@ const struct proto_ops inet_stream_ops = {
11521 .shutdown = inet_shutdown,
11522 .setsockopt = sock_common_setsockopt,
11523 .getsockopt = sock_common_getsockopt,
11524 - .sendmsg = inet_sendmsg,
11525 + .sendmsg = tcp_sendmsg,
11526 .recvmsg = sock_common_recvmsg,
11527 .mmap = sock_no_mmap,
11528 .sendpage = tcp_sendpage,
11529 diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
11530 index 6da8ff5..c79a24e 100644
11531 --- a/net/ipv4/ah4.c
11532 +++ b/net/ipv4/ah4.c
11533 @@ -46,7 +46,7 @@ static int ip_clear_mutable_options(struct iphdr *iph, __be32 *daddr)
11534 memcpy(daddr, optptr+optlen-4, 4);
11535 /* Fall through */
11536 default:
11537 - memset(optptr+2, 0, optlen-2);
11538 + memset(optptr, 0, optlen);
11539 }
11540 l -= optlen;
11541 optptr += optlen;
11542 diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
11543 index e00767e..84097ee 100644
11544 --- a/net/ipv4/arp.c
11545 +++ b/net/ipv4/arp.c
11546 @@ -110,12 +110,8 @@
11547 #include <net/tcp.h>
11548 #include <net/sock.h>
11549 #include <net/arp.h>
11550 -#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
11551 #include <net/ax25.h>
11552 -#if defined(CONFIG_NETROM) || defined(CONFIG_NETROM_MODULE)
11553 #include <net/netrom.h>
11554 -#endif
11555 -#endif
11556 #if defined(CONFIG_ATM_CLIP) || defined(CONFIG_ATM_CLIP_MODULE)
11557 #include <net/atmclip.h>
11558 struct neigh_table *clip_tbl_hook;
11559 @@ -729,20 +725,10 @@ static int arp_process(struct sk_buff *skb)
11560 htons(dev_type) != arp->ar_hrd)
11561 goto out;
11562 break;
11563 -#ifdef CONFIG_NET_ETHERNET
11564 case ARPHRD_ETHER:
11565 -#endif
11566 -#ifdef CONFIG_TR
11567 case ARPHRD_IEEE802_TR:
11568 -#endif
11569 -#ifdef CONFIG_FDDI
11570 case ARPHRD_FDDI:
11571 -#endif
11572 -#ifdef CONFIG_NET_FC
11573 case ARPHRD_IEEE802:
11574 -#endif
11575 -#if defined(CONFIG_NET_ETHERNET) || defined(CONFIG_TR) || \
11576 - defined(CONFIG_FDDI) || defined(CONFIG_NET_FC)
11577 /*
11578 * ETHERNET, Token Ring and Fibre Channel (which are IEEE 802
11579 * devices, according to RFC 2625) devices will accept ARP
11580 @@ -757,21 +743,16 @@ static int arp_process(struct sk_buff *skb)
11581 arp->ar_pro != htons(ETH_P_IP))
11582 goto out;
11583 break;
11584 -#endif
11585 -#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
11586 case ARPHRD_AX25:
11587 if (arp->ar_pro != htons(AX25_P_IP) ||
11588 arp->ar_hrd != htons(ARPHRD_AX25))
11589 goto out;
11590 break;
11591 -#if defined(CONFIG_NETROM) || defined(CONFIG_NETROM_MODULE)
11592 case ARPHRD_NETROM:
11593 if (arp->ar_pro != htons(AX25_P_IP) ||
11594 arp->ar_hrd != htons(ARPHRD_NETROM))
11595 goto out;
11596 break;
11597 -#endif
11598 -#endif
11599 }
11601 /* Understand only these message types */
11602 diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
11603 index abf6352..9607d78 100644
11604 --- a/net/ipv4/devinet.c
11605 +++ b/net/ipv4/devinet.c
11606 @@ -1030,7 +1030,7 @@ static void inetdev_changename(struct net_device *dev, struct in_device *in_dev)
11607 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
11608 if (named++ == 0)
11609 continue;
11610 - dot = strchr(ifa->ifa_label, ':');
11611 + dot = strchr(old, ':');
11612 if (dot == NULL) {
11613 sprintf(old, ":%d", named);
11614 dot = old;
11615 @@ -1194,7 +1194,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
11616 for (ifa = in_dev->ifa_list, ip_idx = 0; ifa;
11617 ifa = ifa->ifa_next, ip_idx++) {
11618 if (ip_idx < s_ip_idx)
11619 - goto cont;
11620 + continue;
11621 if (inet_fill_ifaddr(skb, ifa, NETLINK_CB(cb->skb).pid,
11622 cb->nlh->nlmsg_seq,
11623 RTM_NEWADDR, NLM_F_MULTI) <= 0)
11624 diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
11625 index dbeacd8..def007e 100644
11626 --- a/net/ipv4/inet_diag.c
11627 +++ b/net/ipv4/inet_diag.c
11628 @@ -836,12 +836,16 @@ static int inet_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
11629 return inet_diag_get_exact(skb, nlh);
11630 }
11632 +static DEFINE_MUTEX(inet_diag_mutex);
11633 +
11634 static void inet_diag_rcv(struct sock *sk, int len)
11635 {
11636 unsigned int qlen = 0;
11638 do {
11639 + mutex_lock(&inet_diag_mutex);
11640 netlink_run_queue(sk, &qlen, &inet_diag_rcv_msg);
11641 + mutex_unlock(&inet_diag_mutex);
11642 } while (qlen);
11643 }
11645 diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
11646 index 6328293..724b612 100644
11647 --- a/net/ipv4/ip_gre.c
11648 +++ b/net/ipv4/ip_gre.c
11649 @@ -613,7 +613,7 @@ static int ipgre_rcv(struct sk_buff *skb)
11650 offset += 4;
11651 }
11653 - skb_reset_mac_header(skb);
11654 + skb->mac_header = skb->network_header;
11655 __pskb_pull(skb, offset);
11656 skb_reset_network_header(skb);
11657 skb_postpull_rcsum(skb, skb_transport_header(skb), offset);
11658 diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
11659 index ab86137..630ebb7 100644
11660 --- a/net/ipv4/ipcomp.c
11661 +++ b/net/ipv4/ipcomp.c
11662 @@ -17,6 +17,7 @@
11663 #include <asm/scatterlist.h>
11664 #include <asm/semaphore.h>
11665 #include <linux/crypto.h>
11666 +#include <linux/err.h>
11667 #include <linux/pfkeyv2.h>
11668 #include <linux/percpu.h>
11669 #include <linux/smp.h>
11670 @@ -355,7 +356,7 @@ static struct crypto_comp **ipcomp_alloc_tfms(const char *alg_name)
11671 for_each_possible_cpu(cpu) {
11672 struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
11673 CRYPTO_ALG_ASYNC);
11674 - if (!tfm)
11675 + if (IS_ERR(tfm))
11676 goto error;
11677 *per_cpu_ptr(tfms, cpu) = tfm;
11678 }
11679 diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
11680 index a42c5cd..361be2b 100644
11681 --- a/net/ipv4/netfilter/ipt_LOG.c
11682 +++ b/net/ipv4/netfilter/ipt_LOG.c
11683 @@ -477,10 +477,8 @@ static int __init ipt_log_init(void)
11684 ret = xt_register_target(&ipt_log_reg);
11685 if (ret < 0)
11686 return ret;
11687 - ret = nf_log_register(PF_INET, &ipt_log_logger);
11688 - if (ret < 0 && ret != -EEXIST)
11689 - xt_unregister_target(&ipt_log_reg);
11690 - return ret;
11691 + nf_log_register(PF_INET, &ipt_log_logger);
11692 + return 0;
11693 }
11695 static void __exit ipt_log_fini(void)
11696 diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
11697 index f4fc657..474b4ce 100644
11698 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
11699 +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
11700 @@ -189,25 +189,13 @@ icmp_error_message(struct sk_buff *skb,
11702 h = nf_conntrack_find_get(&innertuple, NULL);
11703 if (!h) {
11704 - /* Locally generated ICMPs will match inverted if they
11705 - haven't been SNAT'ed yet */
11706 - /* FIXME: NAT code has to handle half-done double NAT --RR */
11707 - if (hooknum == NF_IP_LOCAL_OUT)
11708 - h = nf_conntrack_find_get(&origtuple, NULL);
11709 -
11710 - if (!h) {
11711 - DEBUGP("icmp_error_message: no match\n");
11712 - return -NF_ACCEPT;
11713 - }
11714 -
11715 - /* Reverse direction from that found */
11716 - if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
11717 - *ctinfo += IP_CT_IS_REPLY;
11718 - } else {
11719 - if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
11720 - *ctinfo += IP_CT_IS_REPLY;
11721 + DEBUGP("icmp_error_message: no match\n");
11722 + return -NF_ACCEPT;
11723 }
11725 + if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
11726 + *ctinfo += IP_CT_IS_REPLY;
11727 +
11728 /* Update skb to refer to this connection */
11729 skb->nfct = &nf_ct_tuplehash_to_ctrack(h)->ct_general;
11730 skb->nfctinfo = *ctinfo;
11731 diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
11732 index ea02f00..3b01a5f 100644
11733 --- a/net/ipv4/netfilter/nf_nat_core.c
11734 +++ b/net/ipv4/netfilter/nf_nat_core.c
11735 @@ -633,7 +633,7 @@ static int clean_nat(struct nf_conn *i, void *data)
11737 if (!nat)
11738 return 0;
11739 - memset(nat, 0, sizeof(nat));
11740 + memset(nat, 0, sizeof(*nat));
11741 i->status &= ~(IPS_NAT_MASK | IPS_NAT_DONE_MASK | IPS_SEQ_ADJUST);
11742 return 0;
11743 }
11744 diff --git a/net/ipv4/route.c b/net/ipv4/route.c
11745 index 29ca63e..8f443ed 100644
11746 --- a/net/ipv4/route.c
11747 +++ b/net/ipv4/route.c
11748 @@ -2885,11 +2885,10 @@ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb)
11749 int idx, s_idx;
11751 s_h = cb->args[0];
11752 + if (s_h < 0)
11753 + s_h = 0;
11754 s_idx = idx = cb->args[1];
11755 - for (h = 0; h <= rt_hash_mask; h++) {
11756 - if (h < s_h) continue;
11757 - if (h > s_h)
11758 - s_idx = 0;
11759 + for (h = s_h; h <= rt_hash_mask; h++) {
11760 rcu_read_lock_bh();
11761 for (rt = rcu_dereference(rt_hash_table[h].chain), idx = 0; rt;
11762 rt = rcu_dereference(rt->u.dst.rt_next), idx++) {
11763 @@ -2906,6 +2905,7 @@ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb)
11764 dst_release(xchg(&skb->dst, NULL));
11765 }
11766 rcu_read_unlock_bh();
11767 + s_idx = 0;
11768 }
11770 done:
11771 @@ -3150,18 +3150,14 @@ static int ip_rt_acct_read(char *buffer, char **start, off_t offset,
11772 offset /= sizeof(u32);
11774 if (length > 0) {
11775 - u32 *src = ((u32 *) IP_RT_ACCT_CPU(0)) + offset;
11776 u32 *dst = (u32 *) buffer;
11778 - /* Copy first cpu. */
11779 *start = buffer;
11780 - memcpy(dst, src, length);
11781 + memset(dst, 0, length);
11783 - /* Add the other cpus in, one int at a time */
11784 for_each_possible_cpu(i) {
11785 unsigned int j;
11786 -
11787 - src = ((u32 *) IP_RT_ACCT_CPU(i)) + offset;
11788 + u32 *src = ((u32 *) IP_RT_ACCT_CPU(i)) + offset;
11790 for (j = 0; j < length/4; j++)
11791 dst[j] += src[j];
11792 diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
11793 index 53ef0f4..6ea1306 100644
11794 --- a/net/ipv4/sysctl_net_ipv4.c
11795 +++ b/net/ipv4/sysctl_net_ipv4.c
11796 @@ -121,7 +121,7 @@ static int sysctl_tcp_congestion_control(ctl_table *table, int __user *name,
11798 tcp_get_default_congestion_control(val);
11799 ret = sysctl_string(&tbl, name, nlen, oldval, oldlenp, newval, newlen);
11800 - if (ret == 0 && newval && newlen)
11801 + if (ret == 1 && newval && newlen)
11802 ret = tcp_set_default_congestion_control(val);
11803 return ret;
11804 }
11805 diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
11806 index 450f44b..11ff182 100644
11807 --- a/net/ipv4/tcp.c
11808 +++ b/net/ipv4/tcp.c
11809 @@ -658,9 +658,10 @@ static inline int select_size(struct sock *sk)
11810 return tmp;
11811 }
11813 -int tcp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
11814 +int tcp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
11815 size_t size)
11816 {
11817 + struct sock *sk = sock->sk;
11818 struct iovec *iov;
11819 struct tcp_sock *tp = tcp_sk(sk);
11820 struct sk_buff *skb;
11821 diff --git a/net/ipv4/tcp_illinois.c b/net/ipv4/tcp_illinois.c
11822 index b2b2256..31dd8c5 100644
11823 --- a/net/ipv4/tcp_illinois.c
11824 +++ b/net/ipv4/tcp_illinois.c
11825 @@ -300,7 +300,7 @@ static u32 tcp_illinois_ssthresh(struct sock *sk)
11826 struct illinois *ca = inet_csk_ca(sk);
11828 /* Multiplicative decrease */
11829 - return max((tp->snd_cwnd * ca->beta) >> BETA_SHIFT, 2U);
11830 + return max(tp->snd_cwnd - ((tp->snd_cwnd * ca->beta) >> BETA_SHIFT), 2U);
11831 }
11834 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
11835 index 69f9f1e..2e1d8e7 100644
11836 --- a/net/ipv4/tcp_input.c
11837 +++ b/net/ipv4/tcp_input.c
11838 @@ -102,11 +102,14 @@ int sysctl_tcp_abc __read_mostly;
11839 #define FLAG_DATA_LOST 0x80 /* SACK detected data lossage. */
11840 #define FLAG_SLOWPATH 0x100 /* Do not skip RFC checks for window update.*/
11841 #define FLAG_ONLY_ORIG_SACKED 0x200 /* SACKs only non-rexmit sent before RTO */
11842 +#define FLAG_SND_UNA_ADVANCED 0x400 /* Snd_una was changed (!= FLAG_DATA_ACKED) */
11843 +#define FLAG_DSACKING_ACK 0x800 /* SACK blocks contained DSACK info */
11845 #define FLAG_ACKED (FLAG_DATA_ACKED|FLAG_SYN_ACKED)
11846 #define FLAG_NOT_DUP (FLAG_DATA|FLAG_WIN_UPDATE|FLAG_ACKED)
11847 #define FLAG_CA_ALERT (FLAG_DATA_SACKED|FLAG_ECE)
11848 #define FLAG_FORWARD_PROGRESS (FLAG_ACKED|FLAG_DATA_SACKED)
11849 +#define FLAG_ANY_PROGRESS (FLAG_FORWARD_PROGRESS|FLAG_SND_UNA_ADVANCED)
11851 #define IsReno(tp) ((tp)->rx_opt.sack_ok == 0)
11852 #define IsFack(tp) ((tp)->rx_opt.sack_ok & 2)
11853 @@ -964,12 +967,14 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
11855 /* Check for D-SACK. */
11856 if (before(ntohl(sp[0].start_seq), TCP_SKB_CB(ack_skb)->ack_seq)) {
11857 + flag |= FLAG_DSACKING_ACK;
11858 found_dup_sack = 1;
11859 tp->rx_opt.sack_ok |= 4;
11860 NET_INC_STATS_BH(LINUX_MIB_TCPDSACKRECV);
11861 } else if (num_sacks > 1 &&
11862 !after(ntohl(sp[0].end_seq), ntohl(sp[1].end_seq)) &&
11863 !before(ntohl(sp[0].start_seq), ntohl(sp[1].start_seq))) {
11864 + flag |= FLAG_DSACKING_ACK;
11865 found_dup_sack = 1;
11866 tp->rx_opt.sack_ok |= 4;
11867 NET_INC_STATS_BH(LINUX_MIB_TCPDSACKOFORECV);
11868 @@ -989,6 +994,9 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
11869 if (before(TCP_SKB_CB(ack_skb)->ack_seq, prior_snd_una - tp->max_window))
11870 return 0;
11872 + if (!tp->packets_out)
11873 + goto out;
11874 +
11875 /* SACK fastpath:
11876 * if the only SACK change is the increase of the end_seq of
11877 * the first block then only apply that SACK block
11878 @@ -1257,6 +1265,8 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
11879 (!tp->frto_highmark || after(tp->snd_una, tp->frto_highmark)))
11880 tcp_update_reordering(sk, ((tp->fackets_out + 1) - reord), 0);
11882 +out:
11883 +
11884 #if FASTRETRANS_DEBUG > 0
11885 BUG_TRAP((int)tp->sacked_out >= 0);
11886 BUG_TRAP((int)tp->lost_out >= 0);
11887 @@ -1398,7 +1408,9 @@ static void tcp_enter_frto_loss(struct sock *sk, int allowed_segments, int flag)
11888 * waiting for the first ACK and did not get it)...
11889 */
11890 if ((tp->frto_counter == 1) && !(flag&FLAG_DATA_ACKED)) {
11891 - tp->retrans_out += tcp_skb_pcount(skb);
11892 + /* For some reason this R-bit might get cleared? */
11893 + if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS)
11894 + tp->retrans_out += tcp_skb_pcount(skb);
11895 /* ...enter this if branch just for the first segment */
11896 flag |= FLAG_DATA_ACKED;
11897 } else {
11898 @@ -1849,19 +1861,22 @@ static inline u32 tcp_cwnd_min(const struct sock *sk)
11899 }
11901 /* Decrease cwnd each second ack. */
11902 -static void tcp_cwnd_down(struct sock *sk)
11903 +static void tcp_cwnd_down(struct sock *sk, int flag)
11904 {
11905 struct tcp_sock *tp = tcp_sk(sk);
11906 int decr = tp->snd_cwnd_cnt + 1;
11908 - tp->snd_cwnd_cnt = decr&1;
11909 - decr >>= 1;
11910 + if ((flag&(FLAG_ANY_PROGRESS|FLAG_DSACKING_ACK)) ||
11911 + (IsReno(tp) && !(flag&FLAG_NOT_DUP))) {
11912 + tp->snd_cwnd_cnt = decr&1;
11913 + decr >>= 1;
11915 - if (decr && tp->snd_cwnd > tcp_cwnd_min(sk))
11916 - tp->snd_cwnd -= decr;
11917 + if (decr && tp->snd_cwnd > tcp_cwnd_min(sk))
11918 + tp->snd_cwnd -= decr;
11920 - tp->snd_cwnd = min(tp->snd_cwnd, tcp_packets_in_flight(tp)+1);
11921 - tp->snd_cwnd_stamp = tcp_time_stamp;
11922 + tp->snd_cwnd = min(tp->snd_cwnd, tcp_packets_in_flight(tp)+1);
11923 + tp->snd_cwnd_stamp = tcp_time_stamp;
11924 + }
11925 }
11927 /* Nothing was retransmitted or returned timestamp is less
11928 @@ -2058,7 +2073,7 @@ static void tcp_try_to_open(struct sock *sk, int flag)
11929 }
11930 tcp_moderate_cwnd(tp);
11931 } else {
11932 - tcp_cwnd_down(sk);
11933 + tcp_cwnd_down(sk, flag);
11934 }
11935 }
11937 @@ -2107,7 +2122,9 @@ tcp_fastretrans_alert(struct sock *sk, u32 prior_snd_una,
11938 {
11939 struct inet_connection_sock *icsk = inet_csk(sk);
11940 struct tcp_sock *tp = tcp_sk(sk);
11941 - int is_dupack = (tp->snd_una == prior_snd_una && !(flag&FLAG_NOT_DUP));
11942 + int is_dupack = !(flag&(FLAG_SND_UNA_ADVANCED|FLAG_NOT_DUP));
11943 + int do_lost = is_dupack || ((flag&FLAG_DATA_SACKED) &&
11944 + (tp->fackets_out > tp->reordering));
11946 /* Some technical things:
11947 * 1. Reno does not count dupacks (sacked_out) automatically. */
11948 @@ -2191,7 +2208,7 @@ tcp_fastretrans_alert(struct sock *sk, u32 prior_snd_una,
11949 int acked = prior_packets - tp->packets_out;
11950 if (IsReno(tp))
11951 tcp_remove_reno_sacks(sk, acked);
11952 - is_dupack = tcp_try_undo_partial(sk, acked);
11953 + do_lost = tcp_try_undo_partial(sk, acked);
11954 }
11955 break;
11956 case TCP_CA_Loss:
11957 @@ -2256,9 +2273,9 @@ tcp_fastretrans_alert(struct sock *sk, u32 prior_snd_una,
11958 tcp_set_ca_state(sk, TCP_CA_Recovery);
11959 }
11961 - if (is_dupack || tcp_head_timedout(sk))
11962 + if (do_lost || tcp_head_timedout(sk))
11963 tcp_update_scoreboard(sk);
11964 - tcp_cwnd_down(sk);
11965 + tcp_cwnd_down(sk, flag);
11966 tcp_xmit_retransmit_queue(sk);
11967 }
11969 @@ -2391,6 +2408,9 @@ static int tcp_tso_acked(struct sock *sk, struct sk_buff *skb,
11970 __u32 dval = min(tp->fackets_out, packets_acked);
11971 tp->fackets_out -= dval;
11972 }
11973 + /* hint's skb might be NULL but we don't need to care */
11974 + tp->fastpath_cnt_hint -= min_t(u32, packets_acked,
11975 + tp->fastpath_cnt_hint);
11976 tp->packets_out -= packets_acked;
11978 BUG_ON(tcp_skb_pcount(skb) == 0);
11979 @@ -2766,6 +2786,9 @@ static int tcp_ack(struct sock *sk, struct sk_buff *skb, int flag)
11980 if (before(ack, prior_snd_una))
11981 goto old_ack;
11983 + if (after(ack, prior_snd_una))
11984 + flag |= FLAG_SND_UNA_ADVANCED;
11985 +
11986 if (sysctl_tcp_abc) {
11987 if (icsk->icsk_ca_state < TCP_CA_CWR)
11988 tp->bytes_acked += ack - prior_snd_una;
11989 diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
11990 index 354721d..11f711b 100644
11991 --- a/net/ipv4/tcp_ipv4.c
11992 +++ b/net/ipv4/tcp_ipv4.c
11993 @@ -833,8 +833,7 @@ static struct tcp_md5sig_key *
11994 return NULL;
11995 for (i = 0; i < tp->md5sig_info->entries4; i++) {
11996 if (tp->md5sig_info->keys4[i].addr == addr)
11997 - return (struct tcp_md5sig_key *)
11998 - &tp->md5sig_info->keys4[i];
11999 + return &tp->md5sig_info->keys4[i].base;
12000 }
12001 return NULL;
12002 }
12003 @@ -865,9 +864,9 @@ int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
12004 key = (struct tcp4_md5sig_key *)tcp_v4_md5_do_lookup(sk, addr);
12005 if (key) {
12006 /* Pre-existing entry - just update that one. */
12007 - kfree(key->key);
12008 - key->key = newkey;
12009 - key->keylen = newkeylen;
12010 + kfree(key->base.key);
12011 + key->base.key = newkey;
12012 + key->base.keylen = newkeylen;
12013 } else {
12014 struct tcp_md5sig_info *md5sig;
12016 @@ -906,9 +905,9 @@ int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
12017 md5sig->alloced4++;
12018 }
12019 md5sig->entries4++;
12020 - md5sig->keys4[md5sig->entries4 - 1].addr = addr;
12021 - md5sig->keys4[md5sig->entries4 - 1].key = newkey;
12022 - md5sig->keys4[md5sig->entries4 - 1].keylen = newkeylen;
12023 + md5sig->keys4[md5sig->entries4 - 1].addr = addr;
12024 + md5sig->keys4[md5sig->entries4 - 1].base.key = newkey;
12025 + md5sig->keys4[md5sig->entries4 - 1].base.keylen = newkeylen;
12026 }
12027 return 0;
12028 }
12029 @@ -930,7 +929,7 @@ int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
12030 for (i = 0; i < tp->md5sig_info->entries4; i++) {
12031 if (tp->md5sig_info->keys4[i].addr == addr) {
12032 /* Free the key */
12033 - kfree(tp->md5sig_info->keys4[i].key);
12034 + kfree(tp->md5sig_info->keys4[i].base.key);
12035 tp->md5sig_info->entries4--;
12037 if (tp->md5sig_info->entries4 == 0) {
12038 @@ -964,7 +963,7 @@ static void tcp_v4_clear_md5_list(struct sock *sk)
12039 if (tp->md5sig_info->entries4) {
12040 int i;
12041 for (i = 0; i < tp->md5sig_info->entries4; i++)
12042 - kfree(tp->md5sig_info->keys4[i].key);
12043 + kfree(tp->md5sig_info->keys4[i].base.key);
12044 tp->md5sig_info->entries4 = 0;
12045 tcp_free_md5sig_pool();
12046 }
12047 @@ -2434,7 +2433,6 @@ struct proto tcp_prot = {
12048 .shutdown = tcp_shutdown,
12049 .setsockopt = tcp_setsockopt,
12050 .getsockopt = tcp_getsockopt,
12051 - .sendmsg = tcp_sendmsg,
12052 .recvmsg = tcp_recvmsg,
12053 .backlog_rcv = tcp_v4_do_rcv,
12054 .hash = tcp_v4_hash,
12055 diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
12056 index 53232dd..eee57e6 100644
12057 --- a/net/ipv4/tcp_output.c
12058 +++ b/net/ipv4/tcp_output.c
12059 @@ -1279,7 +1279,6 @@ static int tcp_mtu_probe(struct sock *sk)
12061 skb = tcp_send_head(sk);
12062 tcp_insert_write_queue_before(nskb, skb, sk);
12063 - tcp_advance_send_head(sk, skb);
12065 TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(skb)->seq;
12066 TCP_SKB_CB(nskb)->end_seq = TCP_SKB_CB(skb)->seq + probe_size;
12067 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
12068 index f96ed76..6d614c0 100644
12069 --- a/net/ipv6/addrconf.c
12070 +++ b/net/ipv6/addrconf.c
12071 @@ -73,6 +73,7 @@
12072 #include <net/tcp.h>
12073 #include <net/ip.h>
12074 #include <net/netlink.h>
12075 +#include <net/pkt_sched.h>
12076 #include <linux/if_tunnel.h>
12077 #include <linux/rtnetlink.h>
12079 @@ -212,6 +213,12 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
12080 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
12081 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
12083 +/* Check if a valid qdisc is available */
12084 +static inline int addrconf_qdisc_ok(struct net_device *dev)
12085 +{
12086 + return (dev->qdisc != &noop_qdisc);
12087 +}
12088 +
12089 static void addrconf_del_timer(struct inet6_ifaddr *ifp)
12090 {
12091 if (del_timer(&ifp->timer))
12092 @@ -376,7 +383,7 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
12093 }
12094 #endif
12096 - if (netif_running(dev) && netif_carrier_ok(dev))
12097 + if (netif_running(dev) && addrconf_qdisc_ok(dev))
12098 ndev->if_flags |= IF_READY;
12100 ipv6_mc_init_dev(ndev);
12101 @@ -1021,7 +1028,7 @@ int ipv6_dev_get_saddr(struct net_device *daddr_dev,
12102 hiscore.rule++;
12103 }
12104 if (ipv6_saddr_preferred(score.addr_type) ||
12105 - (((ifa_result->flags &
12106 + (((ifa->flags &
12107 (IFA_F_DEPRECATED|IFA_F_OPTIMISTIC)) == 0))) {
12108 score.attrs |= IPV6_SADDR_SCORE_PREFERRED;
12109 if (!(hiscore.attrs & IPV6_SADDR_SCORE_PREFERRED)) {
12110 @@ -2269,7 +2276,7 @@ static int addrconf_notify(struct notifier_block *this, unsigned long event,
12111 case NETDEV_UP:
12112 case NETDEV_CHANGE:
12113 if (event == NETDEV_UP) {
12114 - if (!netif_carrier_ok(dev)) {
12115 + if (!addrconf_qdisc_ok(dev)) {
12116 /* device is not ready yet. */
12117 printk(KERN_INFO
12118 "ADDRCONF(NETDEV_UP): %s: "
12119 @@ -2278,10 +2285,13 @@ static int addrconf_notify(struct notifier_block *this, unsigned long event,
12120 break;
12121 }
12123 + if (!idev && dev->mtu >= IPV6_MIN_MTU)
12124 + idev = ipv6_add_dev(dev);
12125 +
12126 if (idev)
12127 idev->if_flags |= IF_READY;
12128 } else {
12129 - if (!netif_carrier_ok(dev)) {
12130 + if (!addrconf_qdisc_ok(dev)) {
12131 /* device is still not ready. */
12132 break;
12133 }
12134 @@ -2342,12 +2352,18 @@ static int addrconf_notify(struct notifier_block *this, unsigned long event,
12135 break;
12137 case NETDEV_CHANGEMTU:
12138 - if ( idev && dev->mtu >= IPV6_MIN_MTU) {
12139 + if (idev && dev->mtu >= IPV6_MIN_MTU) {
12140 rt6_mtu_change(dev, dev->mtu);
12141 idev->cnf.mtu6 = dev->mtu;
12142 break;
12143 }
12145 + if (!idev && dev->mtu >= IPV6_MIN_MTU) {
12146 + idev = ipv6_add_dev(dev);
12147 + if (idev)
12148 + break;
12149 + }
12150 +
12151 /* MTU falled under IPV6_MIN_MTU. Stop IPv6 on this interface. */
12153 case NETDEV_DOWN:
12154 @@ -2472,6 +2488,7 @@ static int addrconf_ifdown(struct net_device *dev, int how)
12155 write_unlock_bh(&idev->lock);
12157 __ipv6_ifa_notify(RTM_DELADDR, ifa);
12158 + atomic_notifier_call_chain(&inet6addr_chain, NETDEV_DOWN, ifa);
12159 in6_ifa_put(ifa);
12161 write_lock_bh(&idev->lock);
12162 diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
12163 index 6dd3772..b1a7755 100644
12164 --- a/net/ipv6/af_inet6.c
12165 +++ b/net/ipv6/af_inet6.c
12166 @@ -487,7 +487,7 @@ const struct proto_ops inet6_stream_ops = {
12167 .shutdown = inet_shutdown, /* ok */
12168 .setsockopt = sock_common_setsockopt, /* ok */
12169 .getsockopt = sock_common_getsockopt, /* ok */
12170 - .sendmsg = inet_sendmsg, /* ok */
12171 + .sendmsg = tcp_sendmsg, /* ok */
12172 .recvmsg = sock_common_recvmsg, /* ok */
12173 .mmap = sock_no_mmap,
12174 .sendpage = tcp_sendpage,
12175 diff --git a/net/ipv6/anycast.c b/net/ipv6/anycast.c
12176 index 9b81264..2f49578 100644
12177 --- a/net/ipv6/anycast.c
12178 +++ b/net/ipv6/anycast.c
12179 @@ -66,6 +66,7 @@ ip6_onlink(struct in6_addr *addr, struct net_device *dev)
12180 break;
12181 }
12182 read_unlock_bh(&idev->lock);
12183 + in6_dev_put(idev);
12184 }
12185 rcu_read_unlock();
12186 return onlink;
12187 diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
12188 index e9bcce9..c956037 100644
12189 --- a/net/ipv6/icmp.c
12190 +++ b/net/ipv6/icmp.c
12191 @@ -604,7 +604,7 @@ static void icmpv6_notify(struct sk_buff *skb, int type, int code, __be32 info)
12193 read_lock(&raw_v6_lock);
12194 if ((sk = sk_head(&raw_v6_htable[hash])) != NULL) {
12195 - while((sk = __raw_v6_lookup(sk, nexthdr, daddr, saddr,
12196 + while ((sk = __raw_v6_lookup(sk, nexthdr, saddr, daddr,
12197 IP6CB(skb)->iif))) {
12198 rawv6_err(sk, skb, NULL, type, code, inner_offset, info);
12199 sk = sk_next(sk);
12200 diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
12201 index 4704b5f..4233a95 100644
12202 --- a/net/ipv6/ip6_output.c
12203 +++ b/net/ipv6/ip6_output.c
12204 @@ -790,7 +790,7 @@ slow_path:
12205 /*
12206 * Copy a block of the IP datagram.
12207 */
12208 - if (skb_copy_bits(skb, ptr, skb_transport_header(skb), len))
12209 + if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len))
12210 BUG();
12211 left -= len;
12213 @@ -1423,8 +1423,9 @@ void ip6_flush_pending_frames(struct sock *sk)
12214 struct sk_buff *skb;
12216 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) {
12217 - IP6_INC_STATS(ip6_dst_idev(skb->dst),
12218 - IPSTATS_MIB_OUTDISCARDS);
12219 + if (skb->dst)
12220 + IP6_INC_STATS(ip6_dst_idev(skb->dst),
12221 + IPSTATS_MIB_OUTDISCARDS);
12222 kfree_skb(skb);
12223 }
12225 diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
12226 index a0902fb..31f9252 100644
12227 --- a/net/ipv6/ip6_tunnel.c
12228 +++ b/net/ipv6/ip6_tunnel.c
12229 @@ -962,8 +962,8 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
12230 dsfield = ipv4_get_dsfield(iph);
12232 if ((t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS))
12233 - fl.fl6_flowlabel |= ntohl(((__u32)iph->tos << IPV6_TCLASS_SHIFT)
12234 - & IPV6_TCLASS_MASK);
12235 + fl.fl6_flowlabel |= htonl((__u32)iph->tos << IPV6_TCLASS_SHIFT)
12236 + & IPV6_TCLASS_MASK;
12238 err = ip6_tnl_xmit2(skb, dev, dsfield, &fl, encap_limit, &mtu);
12239 if (err != 0) {
12240 diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c
12241 index 1ee50b5..3680f64 100644
12242 --- a/net/ipv6/ipcomp6.c
12243 +++ b/net/ipv6/ipcomp6.c
12244 @@ -37,6 +37,7 @@
12245 #include <asm/scatterlist.h>
12246 #include <asm/semaphore.h>
12247 #include <linux/crypto.h>
12248 +#include <linux/err.h>
12249 #include <linux/pfkeyv2.h>
12250 #include <linux/random.h>
12251 #include <linux/percpu.h>
12252 @@ -366,7 +367,7 @@ static struct crypto_comp **ipcomp6_alloc_tfms(const char *alg_name)
12253 for_each_possible_cpu(cpu) {
12254 struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
12255 CRYPTO_ALG_ASYNC);
12256 - if (!tfm)
12257 + if (IS_ERR(tfm))
12258 goto error;
12259 *per_cpu_ptr(tfms, cpu) = tfm;
12260 }
12261 diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
12262 index aa3d07c..f329029 100644
12263 --- a/net/ipv6/ipv6_sockglue.c
12264 +++ b/net/ipv6/ipv6_sockglue.c
12265 @@ -825,7 +825,7 @@ static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt,
12266 return 0;
12268 len = min_t(unsigned int, len, ipv6_optlen(hdr));
12269 - if (copy_to_user(optval, hdr, len));
12270 + if (copy_to_user(optval, hdr, len))
12271 return -EFAULT;
12272 return ipv6_optlen(hdr);
12273 }
12274 diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
12275 index 0358e60..5b59665 100644
12276 --- a/net/ipv6/ndisc.c
12277 +++ b/net/ipv6/ndisc.c
12278 @@ -736,7 +736,7 @@ static void ndisc_recv_ns(struct sk_buff *skb)
12279 * so fail our DAD process
12280 */
12281 addrconf_dad_failure(ifp);
12282 - goto out;
12283 + return;
12284 } else {
12285 /*
12286 * This is not a dad solicitation.
12287 @@ -1268,9 +1268,10 @@ static void ndisc_redirect_rcv(struct sk_buff *skb)
12289 if (ipv6_addr_equal(dest, target)) {
12290 on_link = 1;
12291 - } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
12292 + } else if (ipv6_addr_type(target) !=
12293 + (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
12294 ND_PRINTK2(KERN_WARNING
12295 - "ICMPv6 Redirect: target address is not link-local.\n");
12296 + "ICMPv6 Redirect: target address is not link-local unicast.\n");
12297 return;
12298 }
12300 @@ -1344,9 +1345,9 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
12301 }
12303 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
12304 - !(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
12305 + ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
12306 ND_PRINTK2(KERN_WARNING
12307 - "ICMPv6 Redirect: target address is not link-local.\n");
12308 + "ICMPv6 Redirect: target address is not link-local unicast.\n");
12309 return;
12310 }
12312 diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
12313 index 5bb9cd3..a7a2517 100644
12314 --- a/net/ipv6/netfilter/ip6t_LOG.c
12315 +++ b/net/ipv6/netfilter/ip6t_LOG.c
12316 @@ -490,10 +490,8 @@ static int __init ip6t_log_init(void)
12317 ret = xt_register_target(&ip6t_log_reg);
12318 if (ret < 0)
12319 return ret;
12320 - ret = nf_log_register(PF_INET6, &ip6t_logger);
12321 - if (ret < 0 && ret != -EEXIST)
12322 - xt_unregister_target(&ip6t_log_reg);
12323 - return ret;
12324 + nf_log_register(PF_INET6, &ip6t_logger);
12325 + return 0;
12326 }
12328 static void __exit ip6t_log_fini(void)
12329 diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
12330 index a58459a..fc5cb83 100644
12331 --- a/net/ipv6/raw.c
12332 +++ b/net/ipv6/raw.c
12333 @@ -858,11 +858,10 @@ back_from_confirm:
12334 ip6_flush_pending_frames(sk);
12335 else if (!(msg->msg_flags & MSG_MORE))
12336 err = rawv6_push_pending_frames(sk, &fl, rp);
12337 + release_sock(sk);
12338 }
12339 done:
12340 dst_release(dst);
12341 - if (!inet->hdrincl)
12342 - release_sock(sk);
12343 out:
12344 fl6_sock_release(flowlabel);
12345 return err<0?err:len;
12346 diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
12347 index 193d9d6..2e8c317 100644
12348 --- a/net/ipv6/tcp_ipv6.c
12349 +++ b/net/ipv6/tcp_ipv6.c
12350 @@ -551,7 +551,7 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
12352 for (i = 0; i < tp->md5sig_info->entries6; i++) {
12353 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, addr) == 0)
12354 - return (struct tcp_md5sig_key *)&tp->md5sig_info->keys6[i];
12355 + return &tp->md5sig_info->keys6[i].base;
12356 }
12357 return NULL;
12358 }
12359 @@ -579,9 +579,9 @@ static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
12360 key = (struct tcp6_md5sig_key*) tcp_v6_md5_do_lookup(sk, peer);
12361 if (key) {
12362 /* modify existing entry - just update that one */
12363 - kfree(key->key);
12364 - key->key = newkey;
12365 - key->keylen = newkeylen;
12366 + kfree(key->base.key);
12367 + key->base.key = newkey;
12368 + key->base.keylen = newkeylen;
12369 } else {
12370 /* reallocate new list if current one is full. */
12371 if (!tp->md5sig_info) {
12372 @@ -615,8 +615,8 @@ static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
12374 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
12375 peer);
12376 - tp->md5sig_info->keys6[tp->md5sig_info->entries6].key = newkey;
12377 - tp->md5sig_info->keys6[tp->md5sig_info->entries6].keylen = newkeylen;
12378 + tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
12379 + tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
12381 tp->md5sig_info->entries6++;
12382 }
12383 @@ -638,12 +638,13 @@ static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
12384 for (i = 0; i < tp->md5sig_info->entries6; i++) {
12385 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, peer) == 0) {
12386 /* Free the key */
12387 - kfree(tp->md5sig_info->keys6[i].key);
12388 + kfree(tp->md5sig_info->keys6[i].base.key);
12389 tp->md5sig_info->entries6--;
12391 if (tp->md5sig_info->entries6 == 0) {
12392 kfree(tp->md5sig_info->keys6);
12393 tp->md5sig_info->keys6 = NULL;
12394 + tp->md5sig_info->alloced6 = 0;
12396 tcp_free_md5sig_pool();
12398 @@ -668,7 +669,7 @@ static void tcp_v6_clear_md5_list (struct sock *sk)
12400 if (tp->md5sig_info->entries6) {
12401 for (i = 0; i < tp->md5sig_info->entries6; i++)
12402 - kfree(tp->md5sig_info->keys6[i].key);
12403 + kfree(tp->md5sig_info->keys6[i].base.key);
12404 tp->md5sig_info->entries6 = 0;
12405 tcp_free_md5sig_pool();
12406 }
12407 @@ -679,7 +680,7 @@ static void tcp_v6_clear_md5_list (struct sock *sk)
12409 if (tp->md5sig_info->entries4) {
12410 for (i = 0; i < tp->md5sig_info->entries4; i++)
12411 - kfree(tp->md5sig_info->keys4[i].key);
12412 + kfree(tp->md5sig_info->keys4[i].base.key);
12413 tp->md5sig_info->entries4 = 0;
12414 tcp_free_md5sig_pool();
12415 }
12416 @@ -2134,7 +2135,6 @@ struct proto tcpv6_prot = {
12417 .shutdown = tcp_shutdown,
12418 .setsockopt = tcp_setsockopt,
12419 .getsockopt = tcp_getsockopt,
12420 - .sendmsg = tcp_sendmsg,
12421 .recvmsg = tcp_recvmsg,
12422 .backlog_rcv = tcp_v6_do_rcv,
12423 .hash = tcp_v6_hash,
12424 diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
12425 index dcd7e32..73708b5 100644
12426 --- a/net/irda/af_irda.c
12427 +++ b/net/irda/af_irda.c
12428 @@ -1115,8 +1115,6 @@ static int irda_create(struct socket *sock, int protocol)
12429 self->max_sdu_size_rx = TTP_SAR_UNBOUND;
12430 break;
12431 default:
12432 - IRDA_ERROR("%s: protocol not supported!\n",
12433 - __FUNCTION__);
12434 return -ESOCKTNOSUPPORT;
12435 }
12436 break;
12437 diff --git a/net/key/af_key.c b/net/key/af_key.c
12438 index 0f8304b..0be3be2 100644
12439 --- a/net/key/af_key.c
12440 +++ b/net/key/af_key.c
12441 @@ -1543,7 +1543,7 @@ static int pfkey_get(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr,
12443 out_hdr = (struct sadb_msg *) out_skb->data;
12444 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
12445 - out_hdr->sadb_msg_type = SADB_DUMP;
12446 + out_hdr->sadb_msg_type = SADB_GET;
12447 out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
12448 out_hdr->sadb_msg_errno = 0;
12449 out_hdr->sadb_msg_reserved = 0;
12450 @@ -2777,12 +2777,22 @@ static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp)
12452 static inline int aalg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
12453 {
12454 - return t->aalgos & (1 << d->desc.sadb_alg_id);
12455 + unsigned int id = d->desc.sadb_alg_id;
12456 +
12457 + if (id >= sizeof(t->aalgos) * 8)
12458 + return 0;
12459 +
12460 + return (t->aalgos >> id) & 1;
12461 }
12463 static inline int ealg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
12464 {
12465 - return t->ealgos & (1 << d->desc.sadb_alg_id);
12466 + unsigned int id = d->desc.sadb_alg_id;
12467 +
12468 + if (id >= sizeof(t->ealgos) * 8)
12469 + return 0;
12470 +
12471 + return (t->ealgos >> id) & 1;
12472 }
12474 static int count_ah_combs(struct xfrm_tmpl *t)
12475 diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c
12476 index 4e84f24..b9f2507 100644
12477 --- a/net/mac80211/ieee80211.c
12478 +++ b/net/mac80211/ieee80211.c
12479 @@ -24,6 +24,7 @@
12480 #include <linux/compiler.h>
12481 #include <linux/bitmap.h>
12482 #include <net/cfg80211.h>
12483 +#include <asm/unaligned.h>
12485 #include "ieee80211_common.h"
12486 #include "ieee80211_i.h"
12487 @@ -338,7 +339,7 @@ static int ieee80211_get_radiotap_len(struct sk_buff *skb)
12488 struct ieee80211_radiotap_header *hdr =
12489 (struct ieee80211_radiotap_header *) skb->data;
12491 - return le16_to_cpu(hdr->it_len);
12492 + return le16_to_cpu(get_unaligned(&hdr->it_len));
12493 }
12495 #ifdef CONFIG_MAC80211_LOWTX_FRAME_DUMP
12496 @@ -2615,9 +2616,10 @@ ieee80211_rx_h_data(struct ieee80211_txrx_data *rx)
12497 memcpy(dst, hdr->addr1, ETH_ALEN);
12498 memcpy(src, hdr->addr3, ETH_ALEN);
12500 - if (sdata->type != IEEE80211_IF_TYPE_STA) {
12501 + if (sdata->type != IEEE80211_IF_TYPE_STA ||
12502 + (is_multicast_ether_addr(dst) &&
12503 + !compare_ether_addr(src, dev->dev_addr)))
12504 return TXRX_DROP;
12505 - }
12506 break;
12507 case 0:
12508 /* DA SA BSSID */
12509 diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
12510 index 0d3254b..6e41ba5 100644
12511 --- a/net/netfilter/nf_conntrack_proto_sctp.c
12512 +++ b/net/netfilter/nf_conntrack_proto_sctp.c
12513 @@ -460,7 +460,8 @@ static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb,
12514 SCTP_CONNTRACK_NONE, sch->type);
12516 /* Invalid: delete conntrack */
12517 - if (newconntrack == SCTP_CONNTRACK_MAX) {
12518 + if (newconntrack == SCTP_CONNTRACK_NONE ||
12519 + newconntrack == SCTP_CONNTRACK_MAX) {
12520 DEBUGP("nf_conntrack_sctp: invalid new deleting.\n");
12521 return 0;
12522 }
12523 diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
12524 index ccdd5d2..baff1f4 100644
12525 --- a/net/netfilter/nf_conntrack_proto_tcp.c
12526 +++ b/net/netfilter/nf_conntrack_proto_tcp.c
12527 @@ -143,7 +143,7 @@ enum tcp_bit_set {
12528 * CLOSE_WAIT: ACK seen (after FIN)
12529 * LAST_ACK: FIN seen (after FIN)
12530 * TIME_WAIT: last ACK seen
12531 - * CLOSE: closed connection
12532 + * CLOSE: closed connection (RST)
12533 *
12534 * LISTEN state is not used.
12535 *
12536 @@ -839,19 +839,55 @@ static int tcp_packet(struct nf_conn *conntrack,
12537 new_state = tcp_conntracks[dir][index][old_state];
12539 switch (new_state) {
12540 + case TCP_CONNTRACK_SYN_SENT:
12541 + if (old_state < TCP_CONNTRACK_TIME_WAIT)
12542 + break;
12543 + /* RFC 1122: "When a connection is closed actively,
12544 + * it MUST linger in TIME-WAIT state for a time 2xMSL
12545 + * (Maximum Segment Lifetime). However, it MAY accept
12546 + * a new SYN from the remote TCP to reopen the connection
12547 + * directly from TIME-WAIT state, if..."
12548 + * We ignore the conditions because we are in the
12549 + * TIME-WAIT state anyway.
12550 + *
12551 + * Handle aborted connections: we and the server
12552 + * think there is an existing connection but the client
12553 + * aborts it and starts a new one.
12554 + */
12555 + if (((conntrack->proto.tcp.seen[dir].flags
12556 + | conntrack->proto.tcp.seen[!dir].flags)
12557 + & IP_CT_TCP_FLAG_CLOSE_INIT)
12558 + || (conntrack->proto.tcp.last_dir == dir
12559 + && conntrack->proto.tcp.last_index == TCP_RST_SET)) {
12560 + /* Attempt to reopen a closed/aborted connection.
12561 + * Delete this connection and look up again. */
12562 + write_unlock_bh(&tcp_lock);
12563 + if (del_timer(&conntrack->timeout))
12564 + conntrack->timeout.function((unsigned long)
12565 + conntrack);
12566 + return -NF_REPEAT;
12567 + }
12568 + /* Fall through */
12569 case TCP_CONNTRACK_IGNORE:
12570 /* Ignored packets:
12571 *
12572 + * Our connection entry may be out of sync, so ignore
12573 + * packets which may signal the real connection between
12574 + * the client and the server.
12575 + *
12576 * a) SYN in ORIGINAL
12577 * b) SYN/ACK in REPLY
12578 * c) ACK in reply direction after initial SYN in original.
12579 + *
12580 + * If the ignored packet is invalid, the receiver will send
12581 + * a RST we'll catch below.
12582 */
12583 if (index == TCP_SYNACK_SET
12584 && conntrack->proto.tcp.last_index == TCP_SYN_SET
12585 && conntrack->proto.tcp.last_dir != dir
12586 && ntohl(th->ack_seq) ==
12587 conntrack->proto.tcp.last_end) {
12588 - /* This SYN/ACK acknowledges a SYN that we earlier
12589 + /* b) This SYN/ACK acknowledges a SYN that we earlier
12590 * ignored as invalid. This means that the client and
12591 * the server are both in sync, while the firewall is
12592 * not. We kill this session and block the SYN/ACK so
12593 @@ -876,7 +912,7 @@ static int tcp_packet(struct nf_conn *conntrack,
12594 write_unlock_bh(&tcp_lock);
12595 if (LOG_INVALID(IPPROTO_TCP))
12596 nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
12597 - "nf_ct_tcp: invalid packed ignored ");
12598 + "nf_ct_tcp: invalid packet ignored ");
12599 return NF_ACCEPT;
12600 case TCP_CONNTRACK_MAX:
12601 /* Invalid packet */
12602 @@ -888,27 +924,6 @@ static int tcp_packet(struct nf_conn *conntrack,
12603 nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
12604 "nf_ct_tcp: invalid state ");
12605 return -NF_ACCEPT;
12606 - case TCP_CONNTRACK_SYN_SENT:
12607 - if (old_state < TCP_CONNTRACK_TIME_WAIT)
12608 - break;
12609 - if ((conntrack->proto.tcp.seen[dir].flags &
12610 - IP_CT_TCP_FLAG_CLOSE_INIT)
12611 - || after(ntohl(th->seq),
12612 - conntrack->proto.tcp.seen[dir].td_end)) {
12613 - /* Attempt to reopen a closed connection.
12614 - * Delete this connection and look up again. */
12615 - write_unlock_bh(&tcp_lock);
12616 - if (del_timer(&conntrack->timeout))
12617 - conntrack->timeout.function((unsigned long)
12618 - conntrack);
12619 - return -NF_REPEAT;
12620 - } else {
12621 - write_unlock_bh(&tcp_lock);
12622 - if (LOG_INVALID(IPPROTO_TCP))
12623 - nf_log_packet(pf, 0, skb, NULL, NULL,
12624 - NULL, "nf_ct_tcp: invalid SYN");
12625 - return -NF_ACCEPT;
12626 - }
12627 case TCP_CONNTRACK_CLOSE:
12628 if (index == TCP_RST_SET
12629 && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)
12630 @@ -941,6 +956,7 @@ static int tcp_packet(struct nf_conn *conntrack,
12631 in_window:
12632 /* From now on we have got in-window packets */
12633 conntrack->proto.tcp.last_index = index;
12634 + conntrack->proto.tcp.last_dir = dir;
12636 DEBUGP("tcp_conntracks: src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu "
12637 "syn=%i ack=%i fin=%i rst=%i old=%i new=%i\n",
12638 @@ -952,8 +968,7 @@ static int tcp_packet(struct nf_conn *conntrack,
12640 conntrack->proto.tcp.state = new_state;
12641 if (old_state != new_state
12642 - && (new_state == TCP_CONNTRACK_FIN_WAIT
12643 - || new_state == TCP_CONNTRACK_CLOSE))
12644 + && new_state == TCP_CONNTRACK_FIN_WAIT)
12645 conntrack->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT;
12646 timeout = conntrack->proto.tcp.retrans >= nf_ct_tcp_max_retrans
12647 && *tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans
12648 diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
12649 index 15fe8f6..fe7b3d8 100644
12650 --- a/net/netfilter/xt_TCPMSS.c
12651 +++ b/net/netfilter/xt_TCPMSS.c
12652 @@ -178,10 +178,8 @@ xt_tcpmss_target6(struct sk_buff **pskb,
12654 nexthdr = ipv6h->nexthdr;
12655 tcphoff = ipv6_skip_exthdr(*pskb, sizeof(*ipv6h), &nexthdr);
12656 - if (tcphoff < 0) {
12657 - WARN_ON(1);
12658 + if (tcphoff < 0)
12659 return NF_DROP;
12660 - }
12661 ret = tcpmss_mangle_packet(pskb, targinfo, tcphoff,
12662 sizeof(*ipv6h) + sizeof(struct tcphdr));
12663 if (ret < 0)
12664 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
12665 index 1f15821..6ac83c2 100644
12666 --- a/net/netlink/af_netlink.c
12667 +++ b/net/netlink/af_netlink.c
12668 @@ -732,7 +732,7 @@ struct sock *netlink_getsockbyfilp(struct file *filp)
12669 * 1: repeat lookup - reference dropped while waiting for socket memory.
12670 */
12671 int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
12672 - long timeo, struct sock *ssk)
12673 + long *timeo, struct sock *ssk)
12674 {
12675 struct netlink_sock *nlk;
12677 @@ -741,7 +741,7 @@ int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
12678 if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf ||
12679 test_bit(0, &nlk->state)) {
12680 DECLARE_WAITQUEUE(wait, current);
12681 - if (!timeo) {
12682 + if (!*timeo) {
12683 if (!ssk || nlk_sk(ssk)->pid == 0)
12684 netlink_overrun(sk);
12685 sock_put(sk);
12686 @@ -755,7 +755,7 @@ int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
12687 if ((atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf ||
12688 test_bit(0, &nlk->state)) &&
12689 !sock_flag(sk, SOCK_DEAD))
12690 - timeo = schedule_timeout(timeo);
12691 + *timeo = schedule_timeout(*timeo);
12693 __set_current_state(TASK_RUNNING);
12694 remove_wait_queue(&nlk->wait, &wait);
12695 @@ -763,7 +763,7 @@ int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
12697 if (signal_pending(current)) {
12698 kfree_skb(skb);
12699 - return sock_intr_errno(timeo);
12700 + return sock_intr_errno(*timeo);
12701 }
12702 return 1;
12703 }
12704 @@ -827,7 +827,7 @@ retry:
12705 kfree_skb(skb);
12706 return PTR_ERR(sk);
12707 }
12708 - err = netlink_attachskb(sk, skb, nonblock, timeo, ssk);
12709 + err = netlink_attachskb(sk, skb, nonblock, &timeo, ssk);
12710 if (err == 1)
12711 goto retry;
12712 if (err)
12713 diff --git a/net/netrom/nr_dev.c b/net/netrom/nr_dev.c
12714 index c7b5d93..69e77d5 100644
12715 --- a/net/netrom/nr_dev.c
12716 +++ b/net/netrom/nr_dev.c
12717 @@ -56,7 +56,7 @@ int nr_rx_ip(struct sk_buff *skb, struct net_device *dev)
12719 /* Spoof incoming device */
12720 skb->dev = dev;
12721 - skb_reset_mac_header(skb);
12722 + skb->mac_header = skb->network_header;
12723 skb_reset_network_header(skb);
12724 skb->pkt_type = PACKET_HOST;
12726 diff --git a/net/rfkill/rfkill-input.c b/net/rfkill/rfkill-input.c
12727 index e5c840c..230e35c 100644
12728 --- a/net/rfkill/rfkill-input.c
12729 +++ b/net/rfkill/rfkill-input.c
12730 @@ -55,7 +55,7 @@ static void rfkill_task_handler(struct work_struct *work)
12732 static void rfkill_schedule_toggle(struct rfkill_task *task)
12733 {
12734 - unsigned int flags;
12735 + unsigned long flags;
12737 spin_lock_irqsave(&task->lock, flags);
12739 diff --git a/net/rose/rose_loopback.c b/net/rose/rose_loopback.c
12740 index cd01642..114df6e 100644
12741 --- a/net/rose/rose_loopback.c
12742 +++ b/net/rose/rose_loopback.c
12743 @@ -79,7 +79,7 @@ static void rose_loopback_timer(unsigned long param)
12745 skb_reset_transport_header(skb);
12747 - sk = rose_find_socket(lci_o, &rose_loopback_neigh);
12748 + sk = rose_find_socket(lci_o, rose_loopback_neigh);
12749 if (sk) {
12750 if (rose_process_rx_frame(sk, skb) == 0)
12751 kfree_skb(skb);
12752 @@ -88,7 +88,7 @@ static void rose_loopback_timer(unsigned long param)
12754 if (frametype == ROSE_CALL_REQUEST) {
12755 if ((dev = rose_dev_get(dest)) != NULL) {
12756 - if (rose_rx_call_request(skb, dev, &rose_loopback_neigh, lci_o) == 0)
12757 + if (rose_rx_call_request(skb, dev, rose_loopback_neigh, lci_o) == 0)
12758 kfree_skb(skb);
12759 } else {
12760 kfree_skb(skb);
12761 diff --git a/net/rose/rose_route.c b/net/rose/rose_route.c
12762 index 929a784..163f346 100644
12763 --- a/net/rose/rose_route.c
12764 +++ b/net/rose/rose_route.c
12765 @@ -45,7 +45,7 @@ static DEFINE_SPINLOCK(rose_neigh_list_lock);
12766 static struct rose_route *rose_route_list;
12767 static DEFINE_SPINLOCK(rose_route_list_lock);
12769 -struct rose_neigh rose_loopback_neigh;
12770 +struct rose_neigh *rose_loopback_neigh;
12772 /*
12773 * Add a new route to a node, and in the process add the node and the
12774 @@ -362,7 +362,12 @@ out:
12775 */
12776 void rose_add_loopback_neigh(void)
12777 {
12778 - struct rose_neigh *sn = &rose_loopback_neigh;
12779 + struct rose_neigh *sn;
12780 +
12781 + rose_loopback_neigh = kmalloc(sizeof(struct rose_neigh), GFP_KERNEL);
12782 + if (!rose_loopback_neigh)
12783 + return;
12784 + sn = rose_loopback_neigh;
12786 sn->callsign = null_ax25_address;
12787 sn->digipeat = NULL;
12788 @@ -417,13 +422,13 @@ int rose_add_loopback_node(rose_address *address)
12789 rose_node->mask = 10;
12790 rose_node->count = 1;
12791 rose_node->loopback = 1;
12792 - rose_node->neighbour[0] = &rose_loopback_neigh;
12793 + rose_node->neighbour[0] = rose_loopback_neigh;
12795 /* Insert at the head of list. Address is always mask=10 */
12796 rose_node->next = rose_node_list;
12797 rose_node_list = rose_node;
12799 - rose_loopback_neigh.count++;
12800 + rose_loopback_neigh->count++;
12802 out:
12803 spin_unlock_bh(&rose_node_list_lock);
12804 @@ -454,7 +459,7 @@ void rose_del_loopback_node(rose_address *address)
12806 rose_remove_node(rose_node);
12808 - rose_loopback_neigh.count--;
12809 + rose_loopback_neigh->count--;
12811 out:
12812 spin_unlock_bh(&rose_node_list_lock);
12813 diff --git a/net/rxrpc/Kconfig b/net/rxrpc/Kconfig
12814 index e662f1d..0d3103c 100644
12815 --- a/net/rxrpc/Kconfig
12816 +++ b/net/rxrpc/Kconfig
12817 @@ -5,6 +5,7 @@
12818 config AF_RXRPC
12819 tristate "RxRPC session sockets"
12820 depends on INET && EXPERIMENTAL
12821 + select CRYPTO
12822 select KEYS
12823 help
12824 Say Y or M here to include support for RxRPC session sockets (just
12825 diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
12826 index c7a347b..1d36265 100644
12827 --- a/net/sched/cls_u32.c
12828 +++ b/net/sched/cls_u32.c
12829 @@ -107,7 +107,7 @@ static struct tc_u_common *u32_list;
12831 static __inline__ unsigned u32_hash_fold(u32 key, struct tc_u32_sel *sel, u8 fshift)
12832 {
12833 - unsigned h = (key & sel->hmask)>>fshift;
12834 + unsigned h = ntohl(key & sel->hmask)>>fshift;
12836 return h;
12837 }
12838 @@ -518,7 +518,7 @@ static int u32_set_parms(struct tcf_proto *tp, unsigned long base,
12840 #ifdef CONFIG_NET_CLS_IND
12841 if (tb[TCA_U32_INDEV-1]) {
12842 - int err = tcf_change_indev(tp, n->indev, tb[TCA_U32_INDEV-1]);
12843 + err = tcf_change_indev(tp, n->indev, tb[TCA_U32_INDEV-1]);
12844 if (err < 0)
12845 goto errout;
12846 }
12847 @@ -631,7 +631,7 @@ static int u32_change(struct tcf_proto *tp, unsigned long base, u32 handle,
12848 n->handle = handle;
12849 {
12850 u8 i = 0;
12851 - u32 mask = s->hmask;
12852 + u32 mask = ntohl(s->hmask);
12853 if (mask) {
12854 while (!(mask & 1)) {
12855 i++;
12856 diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
12857 index bec600a..7a6b0b7 100644
12858 --- a/net/sched/sch_api.c
12859 +++ b/net/sched/sch_api.c
12860 @@ -290,11 +290,7 @@ static enum hrtimer_restart qdisc_watchdog(struct hrtimer *timer)
12862 wd->qdisc->flags &= ~TCQ_F_THROTTLED;
12863 smp_wmb();
12864 - if (spin_trylock(&dev->queue_lock)) {
12865 - qdisc_run(dev);
12866 - spin_unlock(&dev->queue_lock);
12867 - } else
12868 - netif_schedule(dev);
12869 + netif_schedule(dev);
12871 return HRTIMER_NORESTART;
12872 }
12873 diff --git a/net/sched/sch_teql.c b/net/sched/sch_teql.c
12874 index f05ad9a..656ccd9 100644
12875 --- a/net/sched/sch_teql.c
12876 +++ b/net/sched/sch_teql.c
12877 @@ -263,6 +263,9 @@ __teql_resolve(struct sk_buff *skb, struct sk_buff *skb_res, struct net_device *
12878 static __inline__ int
12879 teql_resolve(struct sk_buff *skb, struct sk_buff *skb_res, struct net_device *dev)
12880 {
12881 + if (dev->qdisc == &noop_qdisc)
12882 + return -ENODEV;
12883 +
12884 if (dev->hard_header == NULL ||
12885 skb->dst == NULL ||
12886 skb->dst->neighbour == NULL)
12887 diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
12888 index 2c29394..2164b51 100644
12889 --- a/net/sctp/ipv6.c
12890 +++ b/net/sctp/ipv6.c
12891 @@ -875,6 +875,10 @@ static int sctp_inet6_send_verify(struct sctp_sock *opt, union sctp_addr *addr)
12892 dev = dev_get_by_index(addr->v6.sin6_scope_id);
12893 if (!dev)
12894 return 0;
12895 + if (!ipv6_chk_addr(&addr->v6.sin6_addr, dev, 0)) {
12896 + dev_put(dev);
12897 + return 0;
12898 + }
12899 dev_put(dev);
12900 }
12901 af = opt->pf->af;
12902 diff --git a/net/socket.c b/net/socket.c
12903 index f453019..8211578 100644
12904 --- a/net/socket.c
12905 +++ b/net/socket.c
12906 @@ -778,9 +778,6 @@ static ssize_t sock_aio_write(struct kiocb *iocb, const struct iovec *iov,
12907 if (pos != 0)
12908 return -ESPIPE;
12910 - if (iocb->ki_left == 0) /* Match SYS5 behaviour */
12911 - return 0;
12912 -
12913 x = alloc_sock_iocb(iocb, &siocb);
12914 if (!x)
12915 return -ENOMEM;
12916 @@ -1169,7 +1166,7 @@ static int __sock_create(int family, int type, int protocol,
12917 module_put(pf->owner);
12918 err = security_socket_post_create(sock, family, type, protocol, kern);
12919 if (err)
12920 - goto out_release;
12921 + goto out_sock_release;
12922 *res = sock;
12924 return 0;
12925 @@ -1249,11 +1246,14 @@ asmlinkage long sys_socketpair(int family, int type, int protocol,
12926 goto out_release_both;
12928 fd1 = sock_alloc_fd(&newfile1);
12929 - if (unlikely(fd1 < 0))
12930 + if (unlikely(fd1 < 0)) {
12931 + err = fd1;
12932 goto out_release_both;
12933 + }
12935 fd2 = sock_alloc_fd(&newfile2);
12936 if (unlikely(fd2 < 0)) {
12937 + err = fd2;
12938 put_filp(newfile1);
12939 put_unused_fd(fd1);
12940 goto out_release_both;
12941 diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
12942 index 099a983..805e725 100644
12943 --- a/net/sunrpc/auth_gss/svcauth_gss.c
12944 +++ b/net/sunrpc/auth_gss/svcauth_gss.c
12945 @@ -760,11 +760,12 @@ svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
12946 new->h.flavour = &svcauthops_gss;
12947 new->pseudoflavor = pseudoflavor;
12949 + stat = 0;
12950 test = auth_domain_lookup(name, &new->h);
12951 - if (test != &new->h) { /* XXX Duplicate registration? */
12952 - auth_domain_put(&new->h);
12953 - /* dangling ref-count... */
12954 - goto out;
12955 + if (test != &new->h) { /* Duplicate registration */
12956 + auth_domain_put(test);
12957 + kfree(new->h.name);
12958 + goto out_free_dom;
12959 }
12960 return 0;
12962 diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
12963 index 5baf48d..80a0091 100644
12964 --- a/net/sunrpc/svcsock.c
12965 +++ b/net/sunrpc/svcsock.c
12966 @@ -1090,7 +1090,8 @@ svc_tcp_accept(struct svc_sock *svsk)
12967 serv->sv_name);
12968 printk(KERN_NOTICE
12969 "%s: last TCP connect from %s\n",
12970 - serv->sv_name, buf);
12971 + serv->sv_name, __svc_print_addr(sin,
12972 + buf, sizeof(buf)));
12973 }
12974 /*
12975 * Always select the oldest socket. It's not fair,
12976 @@ -1572,7 +1573,8 @@ svc_age_temp_sockets(unsigned long closure)
12978 if (!test_and_set_bit(SK_OLD, &svsk->sk_flags))
12979 continue;
12980 - if (atomic_read(&svsk->sk_inuse) || test_bit(SK_BUSY, &svsk->sk_flags))
12981 + if (atomic_read(&svsk->sk_inuse) > 1
12982 + || test_bit(SK_BUSY, &svsk->sk_flags))
12983 continue;
12984 atomic_inc(&svsk->sk_inuse);
12985 list_move(le, &to_be_aged);
12986 diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
12987 index d70fa30..ae80150 100644
12988 --- a/net/unix/af_unix.c
12989 +++ b/net/unix/af_unix.c
12990 @@ -1608,8 +1608,15 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
12991 mutex_lock(&u->readlock);
12993 skb = skb_recv_datagram(sk, flags, noblock, &err);
12994 - if (!skb)
12995 + if (!skb) {
12996 + unix_state_lock(sk);
12997 + /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
12998 + if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
12999 + (sk->sk_shutdown & RCV_SHUTDOWN))
13000 + err = 0;
13001 + unix_state_unlock(sk);
13002 goto out_unlock;
13003 + }
13005 wake_up_interruptible(&u->peer_wait);
13007 diff --git a/net/x25/x25_forward.c b/net/x25/x25_forward.c
13008 index 8738ec7..3447803 100644
13009 --- a/net/x25/x25_forward.c
13010 +++ b/net/x25/x25_forward.c
13011 @@ -118,13 +118,14 @@ int x25_forward_data(int lci, struct x25_neigh *from, struct sk_buff *skb) {
13012 goto out;
13014 if ( (skbn = pskb_copy(skb, GFP_ATOMIC)) == NULL){
13015 - goto out;
13016 + goto output;
13018 }
13019 x25_transmit_link(skbn, nb);
13021 - x25_neigh_put(nb);
13022 rc = 1;
13023 +output:
13024 + x25_neigh_put(nb);
13025 out:
13026 return rc;
13027 }
13028 diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
13029 index 157bfbd..1c86a23 100644
13030 --- a/net/xfrm/xfrm_policy.c
13031 +++ b/net/xfrm/xfrm_policy.c
13032 @@ -1479,8 +1479,9 @@ restart:
13034 if (sk && sk->sk_policy[1]) {
13035 policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl);
13036 + err = PTR_ERR(policy);
13037 if (IS_ERR(policy))
13038 - return PTR_ERR(policy);
13039 + goto dropdst;
13040 }
13042 if (!policy) {
13043 @@ -1491,8 +1492,9 @@ restart:
13045 policy = flow_cache_lookup(fl, dst_orig->ops->family,
13046 dir, xfrm_policy_lookup);
13047 + err = PTR_ERR(policy);
13048 if (IS_ERR(policy))
13049 - return PTR_ERR(policy);
13050 + goto dropdst;
13051 }
13053 if (!policy)
13054 @@ -1661,8 +1663,9 @@ restart:
13055 return 0;
13057 error:
13058 - dst_release(dst_orig);
13059 xfrm_pols_put(pols, npols);
13060 +dropdst:
13061 + dst_release(dst_orig);
13062 *dst_p = NULL;
13063 return err;
13064 }
13065 @@ -2141,7 +2144,7 @@ int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first,
13066 if (last == first)
13067 break;
13069 - last = last->u.next;
13070 + last = (struct xfrm_dst *)last->u.dst.next;
13071 last->child_mtu_cached = mtu;
13072 }
13074 diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
13075 index dfacb9c..7775488 100644
13076 --- a/net/xfrm/xfrm_state.c
13077 +++ b/net/xfrm/xfrm_state.c
13078 @@ -371,7 +371,7 @@ int __xfrm_state_delete(struct xfrm_state *x)
13079 * The xfrm_state_alloc call gives a reference, and that
13080 * is what we are dropping here.
13081 */
13082 - __xfrm_state_put(x);
13083 + xfrm_state_put(x);
13084 err = 0;
13085 }
13087 diff --git a/scripts/kconfig/conf.c b/scripts/kconfig/conf.c
13088 index 1199baf..45550d2 100644
13089 --- a/scripts/kconfig/conf.c
13090 +++ b/scripts/kconfig/conf.c
13091 @@ -64,7 +64,7 @@ static void check_stdin(void)
13092 }
13093 }
13095 -static void conf_askvalue(struct symbol *sym, const char *def)
13096 +static int conf_askvalue(struct symbol *sym, const char *def)
13097 {
13098 enum symbol_type type = sym_get_type(sym);
13099 tristate val;
13100 @@ -79,7 +79,7 @@ static void conf_askvalue(struct symbol *sym, const char *def)
13101 printf("%s\n", def);
13102 line[0] = '\n';
13103 line[1] = 0;
13104 - return;
13105 + return 0;
13106 }
13108 switch (input_mode) {
13109 @@ -89,23 +89,23 @@ static void conf_askvalue(struct symbol *sym, const char *def)
13110 case set_random:
13111 if (sym_has_value(sym)) {
13112 printf("%s\n", def);
13113 - return;
13114 + return 0;
13115 }
13116 break;
13117 case ask_new:
13118 case ask_silent:
13119 if (sym_has_value(sym)) {
13120 printf("%s\n", def);
13121 - return;
13122 + return 0;
13123 }
13124 check_stdin();
13125 case ask_all:
13126 fflush(stdout);
13127 fgets(line, 128, stdin);
13128 - return;
13129 + return 1;
13130 case set_default:
13131 printf("%s\n", def);
13132 - return;
13133 + return 1;
13134 default:
13135 break;
13136 }
13137 @@ -115,7 +115,7 @@ static void conf_askvalue(struct symbol *sym, const char *def)
13138 case S_HEX:
13139 case S_STRING:
13140 printf("%s\n", def);
13141 - return;
13142 + return 1;
13143 default:
13144 ;
13145 }
13146 @@ -166,6 +166,7 @@ static void conf_askvalue(struct symbol *sym, const char *def)
13147 break;
13148 }
13149 printf("%s", line);
13150 + return 1;
13151 }
13153 int conf_string(struct menu *menu)
13154 @@ -179,7 +180,8 @@ int conf_string(struct menu *menu)
13155 def = sym_get_string_value(sym);
13156 if (sym_get_string_value(sym))
13157 printf("[%s] ", def);
13158 - conf_askvalue(sym, def);
13159 + if (!conf_askvalue(sym, def))
13160 + return 0;
13161 switch (line[0]) {
13162 case '\n':
13163 break;
13164 @@ -236,7 +238,8 @@ static int conf_sym(struct menu *menu)
13165 if (sym->help)
13166 printf("/?");
13167 printf("] ");
13168 - conf_askvalue(sym, sym_get_string_value(sym));
13169 + if (!conf_askvalue(sym, sym_get_string_value(sym)))
13170 + return 0;
13171 strip(line);
13173 switch (line[0]) {
13174 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
13175 index ad8dd4e..1ee7ca9 100644
13176 --- a/security/selinux/hooks.c
13177 +++ b/security/selinux/hooks.c
13178 @@ -1906,6 +1906,9 @@ static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
13179 spin_unlock_irq(¤t->sighand->siglock);
13180 }
13182 + /* Always clear parent death signal on SID transitions. */
13183 + current->pdeath_signal = 0;
13184 +
13185 /* Check whether the new SID can inherit resource limits
13186 from the old SID. If not, reset all soft limits to
13187 the lower of the current task's hard limit and the init
13188 diff --git a/sound/core/memalloc.c b/sound/core/memalloc.c
13189 index f057430..9b5656d 100644
13190 --- a/sound/core/memalloc.c
13191 +++ b/sound/core/memalloc.c
13192 @@ -27,6 +27,7 @@
13193 #include <linux/pci.h>
13194 #include <linux/slab.h>
13195 #include <linux/mm.h>
13196 +#include <linux/seq_file.h>
13197 #include <asm/uaccess.h>
13198 #include <linux/dma-mapping.h>
13199 #include <linux/moduleparam.h>
13200 @@ -481,53 +482,54 @@ static void free_all_reserved_pages(void)
13201 #define SND_MEM_PROC_FILE "driver/snd-page-alloc"
13202 static struct proc_dir_entry *snd_mem_proc;
13204 -static int snd_mem_proc_read(char *page, char **start, off_t off,
13205 - int count, int *eof, void *data)
13206 +static int snd_mem_proc_read(struct seq_file *seq, void *offset)
13207 {
13208 - int len = 0;
13209 long pages = snd_allocated_pages >> (PAGE_SHIFT-12);
13210 struct snd_mem_list *mem;
13211 int devno;
13212 static char *types[] = { "UNKNOWN", "CONT", "DEV", "DEV-SG", "SBUS" };
13214 mutex_lock(&list_mutex);
13215 - len += snprintf(page + len, count - len,
13216 - "pages : %li bytes (%li pages per %likB)\n",
13217 - pages * PAGE_SIZE, pages, PAGE_SIZE / 1024);
13218 + seq_printf(seq, "pages : %li bytes (%li pages per %likB)\n",
13219 + pages * PAGE_SIZE, pages, PAGE_SIZE / 1024);
13220 devno = 0;
13221 list_for_each_entry(mem, &mem_list_head, list) {
13222 devno++;
13223 - len += snprintf(page + len, count - len,
13224 - "buffer %d : ID %08x : type %s\n",
13225 - devno, mem->id, types[mem->buffer.dev.type]);
13226 - len += snprintf(page + len, count - len,
13227 - " addr = 0x%lx, size = %d bytes\n",
13228 - (unsigned long)mem->buffer.addr, (int)mem->buffer.bytes);
13229 + seq_printf(seq, "buffer %d : ID %08x : type %s\n",
13230 + devno, mem->id, types[mem->buffer.dev.type]);
13231 + seq_printf(seq, " addr = 0x%lx, size = %d bytes\n",
13232 + (unsigned long)mem->buffer.addr,
13233 + (int)mem->buffer.bytes);
13234 }
13235 mutex_unlock(&list_mutex);
13236 - return len;
13237 + return 0;
13238 +}
13239 +
13240 +static int snd_mem_proc_open(struct inode *inode, struct file *file)
13241 +{
13242 + return single_open(file, snd_mem_proc_read, NULL);
13243 }
13245 /* FIXME: for pci only - other bus? */
13246 #ifdef CONFIG_PCI
13247 #define gettoken(bufp) strsep(bufp, " \t\n")
13249 -static int snd_mem_proc_write(struct file *file, const char __user *buffer,
13250 - unsigned long count, void *data)
13251 +static ssize_t snd_mem_proc_write(struct file *file, const char __user * buffer,
13252 + size_t count, loff_t * ppos)
13253 {
13254 char buf[128];
13255 char *token, *p;
13257 - if (count > ARRAY_SIZE(buf) - 1)
13258 - count = ARRAY_SIZE(buf) - 1;
13259 + if (count > sizeof(buf) - 1)
13260 + return -EINVAL;
13261 if (copy_from_user(buf, buffer, count))
13262 return -EFAULT;
13263 - buf[ARRAY_SIZE(buf) - 1] = '\0';
13264 + buf[count] = '\0';
13266 p = buf;
13267 token = gettoken(&p);
13268 if (! token || *token == '#')
13269 - return (int)count;
13270 + return count;
13271 if (strcmp(token, "add") == 0) {
13272 char *endp;
13273 int vendor, device, size, buffers;
13274 @@ -548,7 +550,7 @@ static int snd_mem_proc_write(struct file *file, const char __user *buffer,
13275 (buffers = simple_strtol(token, NULL, 0)) <= 0 ||
13276 buffers > 4) {
13277 printk(KERN_ERR "snd-page-alloc: invalid proc write format\n");
13278 - return (int)count;
13279 + return count;
13280 }
13281 vendor &= 0xffff;
13282 device &= 0xffff;
13283 @@ -560,7 +562,7 @@ static int snd_mem_proc_write(struct file *file, const char __user *buffer,
13284 if (pci_set_dma_mask(pci, mask) < 0 ||
13285 pci_set_consistent_dma_mask(pci, mask) < 0) {
13286 printk(KERN_ERR "snd-page-alloc: cannot set DMA mask %lx for pci %04x:%04x\n", mask, vendor, device);
13287 - return (int)count;
13288 + return count;
13289 }
13290 }
13291 for (i = 0; i < buffers; i++) {
13292 @@ -570,7 +572,7 @@ static int snd_mem_proc_write(struct file *file, const char __user *buffer,
13293 size, &dmab) < 0) {
13294 printk(KERN_ERR "snd-page-alloc: cannot allocate buffer pages (size = %d)\n", size);
13295 pci_dev_put(pci);
13296 - return (int)count;
13297 + return count;
13298 }
13299 snd_dma_reserve_buf(&dmab, snd_dma_pci_buf_id(pci));
13300 }
13301 @@ -596,9 +598,21 @@ static int snd_mem_proc_write(struct file *file, const char __user *buffer,
13302 free_all_reserved_pages();
13303 else
13304 printk(KERN_ERR "snd-page-alloc: invalid proc cmd\n");
13305 - return (int)count;
13306 + return count;
13307 }
13308 #endif /* CONFIG_PCI */
13309 +
13310 +static const struct file_operations snd_mem_proc_fops = {
13311 + .owner = THIS_MODULE,
13312 + .open = snd_mem_proc_open,
13313 + .read = seq_read,
13314 +#ifdef CONFIG_PCI
13315 + .write = snd_mem_proc_write,
13316 +#endif
13317 + .llseek = seq_lseek,
13318 + .release = single_release,
13319 +};
13320 +
13321 #endif /* CONFIG_PROC_FS */
13323 /*
13324 @@ -609,12 +623,8 @@ static int __init snd_mem_init(void)
13325 {
13326 #ifdef CONFIG_PROC_FS
13327 snd_mem_proc = create_proc_entry(SND_MEM_PROC_FILE, 0644, NULL);
13328 - if (snd_mem_proc) {
13329 - snd_mem_proc->read_proc = snd_mem_proc_read;
13330 -#ifdef CONFIG_PCI
13331 - snd_mem_proc->write_proc = snd_mem_proc_write;
13332 -#endif
13333 - }
13334 + if (snd_mem_proc)
13335 + snd_mem_proc->proc_fops = &snd_mem_proc_fops;
13336 #endif
13337 return 0;
13338 }
13339 diff --git a/sound/oss/via82cxxx_audio.c b/sound/oss/via82cxxx_audio.c
13340 index 5d3c037..f95aa09 100644
13341 --- a/sound/oss/via82cxxx_audio.c
13342 +++ b/sound/oss/via82cxxx_audio.c
13343 @@ -2104,6 +2104,7 @@ static struct page * via_mm_nopage (struct vm_area_struct * vma,
13344 {
13345 struct via_info *card = vma->vm_private_data;
13346 struct via_channel *chan = &card->ch_out;
13347 + unsigned long max_bufs;
13348 struct page *dmapage;
13349 unsigned long pgoff;
13350 int rd, wr;
13351 @@ -2127,14 +2128,11 @@ static struct page * via_mm_nopage (struct vm_area_struct * vma,
13352 rd = card->ch_in.is_mapped;
13353 wr = card->ch_out.is_mapped;
13355 -#ifndef VIA_NDEBUG
13356 - {
13357 - unsigned long max_bufs = chan->frag_number;
13358 - if (rd && wr) max_bufs *= 2;
13359 - /* via_dsp_mmap() should ensure this */
13360 - assert (pgoff < max_bufs);
13361 - }
13362 -#endif
13363 + max_bufs = chan->frag_number;
13364 + if (rd && wr)
13365 + max_bufs *= 2;
13366 + if (pgoff >= max_bufs)
13367 + return NOPAGE_SIGBUS;
13369 /* if full-duplex (read+write) and we have two sets of bufs,
13370 * then the playback buffers come first, sez soundcard.c */
13371 diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
13372 index e3964fc..d5b2f53 100644
13373 --- a/sound/pci/hda/patch_sigmatel.c
13374 +++ b/sound/pci/hda/patch_sigmatel.c
13375 @@ -153,8 +153,9 @@ static hda_nid_t stac925x_dac_nids[1] = {
13376 0x02,
13377 };
13379 -static hda_nid_t stac925x_dmic_nids[1] = {
13380 - 0x15,
13381 +#define STAC925X_NUM_DMICS 1
13382 +static hda_nid_t stac925x_dmic_nids[STAC925X_NUM_DMICS + 1] = {
13383 + 0x15, 0
13384 };
13386 static hda_nid_t stac922x_adc_nids[2] = {
13387 @@ -181,8 +182,9 @@ static hda_nid_t stac9205_mux_nids[2] = {
13388 0x19, 0x1a
13389 };
13391 -static hda_nid_t stac9205_dmic_nids[2] = {
13392 - 0x17, 0x18,
13393 +#define STAC9205_NUM_DMICS 2
13394 +static hda_nid_t stac9205_dmic_nids[STAC9205_NUM_DMICS + 1] = {
13395 + 0x17, 0x18, 0
13396 };
13398 static hda_nid_t stac9200_pin_nids[8] = {
13399 @@ -1972,7 +1974,7 @@ static int patch_stac925x(struct hda_codec *codec)
13400 case 0x83847633: /* STAC9202D */
13401 case 0x83847636: /* STAC9251 */
13402 case 0x83847637: /* STAC9251D */
13403 - spec->num_dmics = 1;
13404 + spec->num_dmics = STAC925X_NUM_DMICS;
13405 spec->dmic_nids = stac925x_dmic_nids;
13406 break;
13407 default:
13408 @@ -2202,7 +2204,7 @@ static int patch_stac9205(struct hda_codec *codec)
13409 spec->mux_nids = stac9205_mux_nids;
13410 spec->num_muxes = ARRAY_SIZE(stac9205_mux_nids);
13411 spec->dmic_nids = stac9205_dmic_nids;
13412 - spec->num_dmics = ARRAY_SIZE(stac9205_dmic_nids);
13413 + spec->num_dmics = STAC9205_NUM_DMICS;
13414 spec->dmux_nid = 0x1d;
13416 spec->init = stac9205_core_init;
13417 diff --git a/sound/pci/rme9652/hdsp.c b/sound/pci/rme9652/hdsp.c
13418 index 3b3ef65..75dcb9a 100644
13419 --- a/sound/pci/rme9652/hdsp.c
13420 +++ b/sound/pci/rme9652/hdsp.c
13421 @@ -3108,6 +3108,9 @@ static int hdsp_dds_offset(struct hdsp *hdsp)
13422 unsigned int dds_value = hdsp->dds_value;
13423 int system_sample_rate = hdsp->system_sample_rate;
13425 + if (!dds_value)
13426 + return 0;
13427 +
13428 n = DDS_NUMERATOR;
13429 /*
13430 * dds_value = n / rate
13431 diff --git a/sound/usb/usx2y/usX2Yhwdep.c b/sound/usb/usx2y/usX2Yhwdep.c
13432 index b76b3dd..e617d7e 100644
13433 --- a/sound/usb/usx2y/usX2Yhwdep.c
13434 +++ b/sound/usb/usx2y/usX2Yhwdep.c
13435 @@ -88,7 +88,7 @@ static int snd_us428ctls_mmap(struct snd_hwdep * hw, struct file *filp, struct v
13436 us428->us428ctls_sharedmem->CtlSnapShotLast = -2;
13437 }
13438 area->vm_ops = &us428ctls_vm_ops;
13439 - area->vm_flags |= VM_RESERVED;
13440 + area->vm_flags |= VM_RESERVED | VM_DONTEXPAND;
13441 area->vm_private_data = hw->private_data;
13442 return 0;
13443 }
13444 diff --git a/sound/usb/usx2y/usx2yhwdeppcm.c b/sound/usb/usx2y/usx2yhwdeppcm.c
13445 index a5e7bcd..6e70520 100644
13446 --- a/sound/usb/usx2y/usx2yhwdeppcm.c
13447 +++ b/sound/usb/usx2y/usx2yhwdeppcm.c
13448 @@ -728,7 +728,7 @@ static int snd_usX2Y_hwdep_pcm_mmap(struct snd_hwdep * hw, struct file *filp, st
13449 return -ENODEV;
13450 }
13451 area->vm_ops = &snd_usX2Y_hwdep_pcm_vm_ops;
13452 - area->vm_flags |= VM_RESERVED;
13453 + area->vm_flags |= VM_RESERVED | VM_DONTEXPAND;
13454 area->vm_private_data = hw->private_data;
13455 return 0;
13456 }