]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blob - releases/2.6.22.14/patch-2.6.22.14-rc1
projects / thirdparty / kernel / stable-queue.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
4.9-stable patches
[thirdparty/kernel/stable-queue.git] / releases / 2.6.22.14 / patch-2.6.22.14-rc1
1 diff --git a/Makefile b/Makefile
2 index 500f6a8..d600355 100644
3 --- a/Makefile
4 +++ b/Makefile
5 @@ -1,7 +1,7 @@
6 VERSION = 2
7 PATCHLEVEL = 6
8 SUBLEVEL = 22
9 -EXTRAVERSION = .13
10 +EXTRAVERSION = .14-rc1
11 NAME = Holy Dancing Manatees, Batman!
12
13 # *DOCUMENTATION*
14 diff --git a/arch/i386/kernel/tsc.c b/arch/i386/kernel/tsc.c
15 index f64b81f..8e02ed6 100644
16 --- a/arch/i386/kernel/tsc.c
17 +++ b/arch/i386/kernel/tsc.c
18 @@ -122,7 +122,7 @@ unsigned long native_calculate_cpu_khz(void)
19 {
20 unsigned long long start, end;
21 unsigned long count;
22 - u64 delta64;
23 + u64 delta64 = (u64)ULLONG_MAX;
24 int i;
25 unsigned long flags;
26
27 @@ -134,6 +134,7 @@ unsigned long native_calculate_cpu_khz(void)
28 rdtscll(start);
29 mach_countup(&count);
30 rdtscll(end);
31 + delta64 = min(delta64, (end - start));
32 }
33 /*
34 * Error: ECTCNEVERSET
35 @@ -144,8 +145,6 @@ unsigned long native_calculate_cpu_khz(void)
36 if (count <= 1)
37 goto err;
38
39 - delta64 = end - start;
40 -
41 /* cpu freq too fast: */
42 if (delta64 > (1ULL<<32))
43 goto err;
44 diff --git a/drivers/i2c/busses/i2c-pasemi.c b/drivers/i2c/busses/i2c-pasemi.c
45 index 58e3271..dcf5dec 100644
46 --- a/drivers/i2c/busses/i2c-pasemi.c
47 +++ b/drivers/i2c/busses/i2c-pasemi.c
48 @@ -51,6 +51,7 @@ struct pasemi_smbus {
49 #define MRXFIFO_DATA_M 0x000000ff
50
51 #define SMSTA_XEN 0x08000000
52 +#define SMSTA_MTN 0x00200000
53
54 #define CTL_MRR 0x00000400
55 #define CTL_MTR 0x00000200
56 @@ -98,6 +99,10 @@ static unsigned int pasemi_smb_waitready(struct pasemi_smbus *smbus)
57 status = reg_read(smbus, REG_SMSTA);
58 }
59
60 + /* Got NACK? */
61 + if (status & SMSTA_MTN)
62 + return -ENXIO;
63 +
64 if (timeout < 0) {
65 dev_warn(&smbus->dev->dev, "Timeout, status 0x%08x\n", status);
66 reg_write(smbus, REG_SMSTA, status);
67 diff --git a/drivers/i2c/chips/eeprom.c b/drivers/i2c/chips/eeprom.c
68 index bfce13c..5ad36ab 100644
69 --- a/drivers/i2c/chips/eeprom.c
70 +++ b/drivers/i2c/chips/eeprom.c
71 @@ -125,13 +125,20 @@ static ssize_t eeprom_read(struct kobject *kobj, char *buf, loff_t off, size_t c
72 for (slice = off >> 5; slice <= (off + count - 1) >> 5; slice++)
73 eeprom_update_client(client, slice);
74
75 - /* Hide Vaio security settings to regular users (16 first bytes) */
76 - if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) {
77 - size_t in_row1 = 16 - off;
78 - in_row1 = min(in_row1, count);
79 - memset(buf, 0, in_row1);
80 - if (count - in_row1 > 0)
81 - memcpy(buf + in_row1, &data->data[16], count - in_row1);
82 + /* Hide Vaio private settings to regular users:
83 + - BIOS passwords: bytes 0x00 to 0x0f
84 + - UUID: bytes 0x10 to 0x1f
85 + - Serial number: 0xc0 to 0xdf */
86 + if (data->nature == VAIO && !capable(CAP_SYS_ADMIN)) {
87 + int i;
88 +
89 + for (i = 0; i < count; i++) {
90 + if ((off + i <= 0x1f) ||
91 + (off + i >= 0xc0 && off + i <= 0xdf))
92 + buf[i] = 0;
93 + else
94 + buf[i] = data->data[off + i];
95 + }
96 } else {
97 memcpy(buf, &data->data[off], count);
98 }
99 @@ -195,14 +202,18 @@ static int eeprom_detect(struct i2c_adapter *adapter, int address, int kind)
100 goto exit_kfree;
101
102 /* Detect the Vaio nature of EEPROMs.
103 - We use the "PCG-" prefix as the signature. */
104 + We use the "PCG-" or "VGN-" prefix as the signature. */
105 if (address == 0x57) {
106 - if (i2c_smbus_read_byte_data(new_client, 0x80) == 'P'
107 - && i2c_smbus_read_byte(new_client) == 'C'
108 - && i2c_smbus_read_byte(new_client) == 'G'
109 - && i2c_smbus_read_byte(new_client) == '-') {
110 + char name[4];
111 +
112 + name[0] = i2c_smbus_read_byte_data(new_client, 0x80);
113 + name[1] = i2c_smbus_read_byte(new_client);
114 + name[2] = i2c_smbus_read_byte(new_client);
115 + name[3] = i2c_smbus_read_byte(new_client);
116 +
117 + if (!memcmp(name, "PCG-", 4) || !memcmp(name, "VGN-", 4)) {
118 dev_info(&new_client->dev, "Vaio EEPROM detected, "
119 - "enabling password protection\n");
120 + "enabling privacy protection\n");
121 data->nature = VAIO;
122 }
123 }
124 diff --git a/drivers/ide/pci/serverworks.c b/drivers/ide/pci/serverworks.c
125 index d9c4fd1..096a081 100644
126 --- a/drivers/ide/pci/serverworks.c
127 +++ b/drivers/ide/pci/serverworks.c
128 @@ -101,6 +101,7 @@ static u8 svwks_udma_filter(ide_drive_t *drive)
129 mode = 2;
130
131 switch(mode) {
132 + case 3: mask = 0x3f; break;
133 case 2: mask = 0x1f; break;
134 case 1: mask = 0x07; break;
135 default: mask = 0x00; break;
136 diff --git a/drivers/isdn/hardware/avm/b1.c b/drivers/isdn/hardware/avm/b1.c
137 index 7a69a18..4484a64 100644
138 --- a/drivers/isdn/hardware/avm/b1.c
139 +++ b/drivers/isdn/hardware/avm/b1.c
140 @@ -321,12 +321,15 @@ void b1_reset_ctr(struct capi_ctr *ctrl)
141 avmctrl_info *cinfo = (avmctrl_info *)(ctrl->driverdata);
142 avmcard *card = cinfo->card;
143 unsigned int port = card->port;
144 + unsigned long flags;
145
146 b1_reset(port);
147 b1_reset(port);
148
149 memset(cinfo->version, 0, sizeof(cinfo->version));
150 + spin_lock_irqsave(&card->lock, flags);
151 capilib_release(&cinfo->ncci_head);
152 + spin_unlock_irqrestore(&card->lock, flags);
153 capi_ctr_reseted(ctrl);
154 }
155
156 @@ -361,9 +364,8 @@ void b1_release_appl(struct capi_ctr *ctrl, u16 appl)
157 unsigned int port = card->port;
158 unsigned long flags;
159
160 - capilib_release_appl(&cinfo->ncci_head, appl);
161 -
162 spin_lock_irqsave(&card->lock, flags);
163 + capilib_release_appl(&cinfo->ncci_head, appl);
164 b1_put_byte(port, SEND_RELEASE);
165 b1_put_word(port, appl);
166 spin_unlock_irqrestore(&card->lock, flags);
167 @@ -380,27 +382,27 @@ u16 b1_send_message(struct capi_ctr *ctrl, struct sk_buff *skb)
168 u8 subcmd = CAPIMSG_SUBCOMMAND(skb->data);
169 u16 dlen, retval;
170
171 + spin_lock_irqsave(&card->lock, flags);
172 if (CAPICMD(cmd, subcmd) == CAPI_DATA_B3_REQ) {
173 retval = capilib_data_b3_req(&cinfo->ncci_head,
174 CAPIMSG_APPID(skb->data),
175 CAPIMSG_NCCI(skb->data),
176 CAPIMSG_MSGID(skb->data));
177 - if (retval != CAPI_NOERROR)
178 + if (retval != CAPI_NOERROR) {
179 + spin_unlock_irqrestore(&card->lock, flags);
180 return retval;
181 + }
182
183 dlen = CAPIMSG_DATALEN(skb->data);
184
185 - spin_lock_irqsave(&card->lock, flags);
186 b1_put_byte(port, SEND_DATA_B3_REQ);
187 b1_put_slice(port, skb->data, len);
188 b1_put_slice(port, skb->data + len, dlen);
189 - spin_unlock_irqrestore(&card->lock, flags);
190 } else {
191 - spin_lock_irqsave(&card->lock, flags);
192 b1_put_byte(port, SEND_MESSAGE);
193 b1_put_slice(port, skb->data, len);
194 - spin_unlock_irqrestore(&card->lock, flags);
195 }
196 + spin_unlock_irqrestore(&card->lock, flags);
197
198 dev_kfree_skb_any(skb);
199 return CAPI_NOERROR;
200 @@ -534,17 +536,17 @@ irqreturn_t b1_interrupt(int interrupt, void *devptr)
201
202 ApplId = (unsigned) b1_get_word(card->port);
203 MsgLen = b1_get_slice(card->port, card->msgbuf);
204 - spin_unlock_irqrestore(&card->lock, flags);
205 if (!(skb = alloc_skb(MsgLen, GFP_ATOMIC))) {
206 printk(KERN_ERR "%s: incoming packet dropped\n",
207 card->name);
208 + spin_unlock_irqrestore(&card->lock, flags);
209 } else {
210 memcpy(skb_put(skb, MsgLen), card->msgbuf, MsgLen);
211 if (CAPIMSG_CMD(skb->data) == CAPI_DATA_B3_CONF)
212 capilib_data_b3_conf(&cinfo->ncci_head, ApplId,
213 CAPIMSG_NCCI(skb->data),
214 CAPIMSG_MSGID(skb->data));
215 -
216 + spin_unlock_irqrestore(&card->lock, flags);
217 capi_ctr_handle_message(ctrl, ApplId, skb);
218 }
219 break;
220 @@ -554,21 +556,17 @@ irqreturn_t b1_interrupt(int interrupt, void *devptr)
221 ApplId = b1_get_word(card->port);
222 NCCI = b1_get_word(card->port);
223 WindowSize = b1_get_word(card->port);
224 - spin_unlock_irqrestore(&card->lock, flags);
225 -
226 capilib_new_ncci(&cinfo->ncci_head, ApplId, NCCI, WindowSize);
227 -
228 + spin_unlock_irqrestore(&card->lock, flags);
229 break;
230
231 case RECEIVE_FREE_NCCI:
232
233 ApplId = b1_get_word(card->port);
234 NCCI = b1_get_word(card->port);
235 - spin_unlock_irqrestore(&card->lock, flags);
236 -
237 if (NCCI != 0xffffffff)
238 capilib_free_ncci(&cinfo->ncci_head, ApplId, NCCI);
239 -
240 + spin_unlock_irqrestore(&card->lock, flags);
241 break;
242
243 case RECEIVE_START:
244 diff --git a/drivers/isdn/hardware/avm/c4.c b/drivers/isdn/hardware/avm/c4.c
245 index d58f927..8710cf6 100644
246 --- a/drivers/isdn/hardware/avm/c4.c
247 +++ b/drivers/isdn/hardware/avm/c4.c
248 @@ -727,6 +727,7 @@ static void c4_send_init(avmcard *card)
249 {
250 struct sk_buff *skb;
251 void *p;
252 + unsigned long flags;
253
254 skb = alloc_skb(15, GFP_ATOMIC);
255 if (!skb) {
256 @@ -744,12 +745,15 @@ static void c4_send_init(avmcard *card)
257 skb_put(skb, (u8 *)p - (u8 *)skb->data);
258
259 skb_queue_tail(&card->dma->send_queue, skb);
260 + spin_lock_irqsave(&card->lock, flags);
261 c4_dispatch_tx(card);
262 + spin_unlock_irqrestore(&card->lock, flags);
263 }
264
265 static int queue_sendconfigword(avmcard *card, u32 val)
266 {
267 struct sk_buff *skb;
268 + unsigned long flags;
269 void *p;
270
271 skb = alloc_skb(3+4, GFP_ATOMIC);
272 @@ -766,7 +770,9 @@ static int queue_sendconfigword(avmcard *card, u32 val)
273 skb_put(skb, (u8 *)p - (u8 *)skb->data);
274
275 skb_queue_tail(&card->dma->send_queue, skb);
276 + spin_lock_irqsave(&card->lock, flags);
277 c4_dispatch_tx(card);
278 + spin_unlock_irqrestore(&card->lock, flags);
279 return 0;
280 }
281
282 @@ -986,7 +992,9 @@ static void c4_release_appl(struct capi_ctr *ctrl, u16 appl)
283 struct sk_buff *skb;
284 void *p;
285
286 + spin_lock_irqsave(&card->lock, flags);
287 capilib_release_appl(&cinfo->ncci_head, appl);
288 + spin_unlock_irqrestore(&card->lock, flags);
289
290 if (ctrl->cnr == card->cardnr) {
291 skb = alloc_skb(7, GFP_ATOMIC);
292 @@ -1019,7 +1027,8 @@ static u16 c4_send_message(struct capi_ctr *ctrl, struct sk_buff *skb)
293 u16 retval = CAPI_NOERROR;
294 unsigned long flags;
295
296 - if (CAPIMSG_CMD(skb->data) == CAPI_DATA_B3_REQ) {
297 + spin_lock_irqsave(&card->lock, flags);
298 + if (CAPIMSG_CMD(skb->data) == CAPI_DATA_B3_REQ) {
299 retval = capilib_data_b3_req(&cinfo->ncci_head,
300 CAPIMSG_APPID(skb->data),
301 CAPIMSG_NCCI(skb->data),
302 @@ -1027,10 +1036,9 @@ static u16 c4_send_message(struct capi_ctr *ctrl, struct sk_buff *skb)
303 }
304 if (retval == CAPI_NOERROR) {
305 skb_queue_tail(&card->dma->send_queue, skb);
306 - spin_lock_irqsave(&card->lock, flags);
307 c4_dispatch_tx(card);
308 - spin_unlock_irqrestore(&card->lock, flags);
309 }
310 + spin_unlock_irqrestore(&card->lock, flags);
311 return retval;
312 }
313
314 diff --git a/drivers/net/forcedeth.c b/drivers/net/forcedeth.c
315 index 765fb75..06f6ec3 100644
316 --- a/drivers/net/forcedeth.c
317 +++ b/drivers/net/forcedeth.c
318 @@ -987,7 +987,7 @@ static void nv_enable_irq(struct net_device *dev)
319 if (np->msi_flags & NV_MSI_X_ENABLED)
320 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
321 else
322 - enable_irq(dev->irq);
323 + enable_irq(np->pci_dev->irq);
324 } else {
325 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_RX].vector);
326 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_TX].vector);
327 @@ -1003,7 +1003,7 @@ static void nv_disable_irq(struct net_device *dev)
328 if (np->msi_flags & NV_MSI_X_ENABLED)
329 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
330 else
331 - disable_irq(dev->irq);
332 + disable_irq(np->pci_dev->irq);
333 } else {
334 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_RX].vector);
335 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_TX].vector);
336 @@ -1600,7 +1600,7 @@ static void nv_do_rx_refill(unsigned long data)
337 if (np->msi_flags & NV_MSI_X_ENABLED)
338 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
339 else
340 - disable_irq(dev->irq);
341 + disable_irq(np->pci_dev->irq);
342 } else {
343 disable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_RX].vector);
344 }
345 @@ -1618,7 +1618,7 @@ static void nv_do_rx_refill(unsigned long data)
346 if (np->msi_flags & NV_MSI_X_ENABLED)
347 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
348 else
349 - enable_irq(dev->irq);
350 + enable_irq(np->pci_dev->irq);
351 } else {
352 enable_irq(np->msi_x_entry[NV_MSI_X_VECTOR_RX].vector);
353 }
354 @@ -3556,10 +3556,12 @@ static int nv_request_irq(struct net_device *dev, int intr_test)
355 if (ret != 0 && np->msi_flags & NV_MSI_CAPABLE) {
356 if ((ret = pci_enable_msi(np->pci_dev)) == 0) {
357 np->msi_flags |= NV_MSI_ENABLED;
358 + dev->irq = np->pci_dev->irq;
359 if (request_irq(np->pci_dev->irq, handler, IRQF_SHARED, dev->name, dev) != 0) {
360 printk(KERN_INFO "forcedeth: request_irq failed %d\n", ret);
361 pci_disable_msi(np->pci_dev);
362 np->msi_flags &= ~NV_MSI_ENABLED;
363 + dev->irq = np->pci_dev->irq;
364 goto out_err;
365 }
366
367 @@ -3622,7 +3624,7 @@ static void nv_do_nic_poll(unsigned long data)
368 if (np->msi_flags & NV_MSI_X_ENABLED)
369 disable_irq_lockdep(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
370 else
371 - disable_irq_lockdep(dev->irq);
372 + disable_irq_lockdep(np->pci_dev->irq);
373 mask = np->irqmask;
374 } else {
375 if (np->nic_poll_irq & NVREG_IRQ_RX_ALL) {
376 @@ -3640,6 +3642,8 @@ static void nv_do_nic_poll(unsigned long data)
377 }
378 np->nic_poll_irq = 0;
379
380 + /* disable_irq() contains synchronize_irq, thus no irq handler can run now */
381 +
382 if (np->recover_error) {
383 np->recover_error = 0;
384 printk(KERN_INFO "forcedeth: MAC in recoverable error state\n");
385 @@ -3676,7 +3680,6 @@ static void nv_do_nic_poll(unsigned long data)
386 }
387 }
388
389 - /* FIXME: Do we need synchronize_irq(dev->irq) here? */
390
391 writel(mask, base + NvRegIrqMask);
392 pci_push(base);
393 @@ -3689,7 +3692,7 @@ static void nv_do_nic_poll(unsigned long data)
394 if (np->msi_flags & NV_MSI_X_ENABLED)
395 enable_irq_lockdep(np->msi_x_entry[NV_MSI_X_VECTOR_ALL].vector);
396 else
397 - enable_irq_lockdep(dev->irq);
398 + enable_irq_lockdep(np->pci_dev->irq);
399 } else {
400 if (np->nic_poll_irq & NVREG_IRQ_RX_ALL) {
401 nv_nic_irq_rx(0, dev);
402 @@ -4943,7 +4946,7 @@ static int nv_close(struct net_device *dev)
403 np->in_shutdown = 1;
404 spin_unlock_irq(&np->lock);
405 netif_poll_disable(dev);
406 - synchronize_irq(dev->irq);
407 + synchronize_irq(np->pci_dev->irq);
408
409 del_timer_sync(&np->oom_kick);
410 del_timer_sync(&np->nic_poll);
411 diff --git a/drivers/scsi/hptiop.c b/drivers/scsi/hptiop.c
412 index bec83cb..7e40105 100644
413 --- a/drivers/scsi/hptiop.c
414 +++ b/drivers/scsi/hptiop.c
415 @@ -377,8 +377,9 @@ static void hptiop_host_request_callback(struct hptiop_hba *hba, u32 tag)
416 scp->result = SAM_STAT_CHECK_CONDITION;
417 memset(&scp->sense_buffer,
418 0, sizeof(scp->sense_buffer));
419 - memcpy(&scp->sense_buffer,
420 - &req->sg_list, le32_to_cpu(req->dataxfer_length));
421 + memcpy(&scp->sense_buffer, &req->sg_list,
422 + min(sizeof(scp->sense_buffer),
423 + le32_to_cpu(req->dataxfer_length)));
424 break;
425
426 default:
427 diff --git a/drivers/usb/core/hcd.h b/drivers/usb/core/hcd.h
428 index ef50fa4..87f6467 100644
429 --- a/drivers/usb/core/hcd.h
430 +++ b/drivers/usb/core/hcd.h
431 @@ -19,6 +19,8 @@
432
433 #ifdef __KERNEL__
434
435 +#include <linux/rwsem.h>
436 +
437 /* This file contains declarations of usbcore internals that are mostly
438 * used or exposed by Host Controller Drivers.
439 */
440 @@ -464,5 +466,9 @@ static inline void usbmon_urb_complete(struct usb_bus *bus, struct urb *urb) {}
441 : (in_interrupt () ? "in_interrupt" : "can sleep"))
442
443
444 -#endif /* __KERNEL__ */
445 +/* This rwsem is for use only by the hub driver and ehci-hcd.
446 + * Nobody else should touch it.
447 + */
448 +extern struct rw_semaphore ehci_cf_port_reset_rwsem;
449
450 +#endif /* __KERNEL__ */
451 diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
452 index a1c1a11..bc93e06 100644
453 --- a/drivers/usb/core/hub.c
454 +++ b/drivers/usb/core/hub.c
455 @@ -117,6 +117,12 @@ MODULE_PARM_DESC(use_both_schemes,
456 "try the other device initialization scheme if the "
457 "first one fails");
458
459 +/* Mutual exclusion for EHCI CF initialization. This interferes with
460 + * port reset on some companion controllers.
461 + */
462 +DECLARE_RWSEM(ehci_cf_port_reset_rwsem);
463 +EXPORT_SYMBOL_GPL(ehci_cf_port_reset_rwsem);
464 +
465
466 static inline char *portspeed(int portstatus)
467 {
468 @@ -1513,6 +1519,11 @@ static int hub_port_reset(struct usb_hub *hub, int port1,
469 {
470 int i, status;
471
472 + /* Block EHCI CF initialization during the port reset.
473 + * Some companion controllers don't like it when they mix.
474 + */
475 + down_read(&ehci_cf_port_reset_rwsem);
476 +
477 /* Reset the port */
478 for (i = 0; i < PORT_RESET_TRIES; i++) {
479 status = set_port_feature(hub->hdev,
480 @@ -1543,7 +1554,7 @@ static int hub_port_reset(struct usb_hub *hub, int port1,
481 usb_set_device_state(udev, status
482 ? USB_STATE_NOTATTACHED
483 : USB_STATE_DEFAULT);
484 - return status;
485 + goto done;
486 }
487
488 dev_dbg (hub->intfdev,
489 @@ -1556,6 +1567,8 @@ static int hub_port_reset(struct usb_hub *hub, int port1,
490 "Cannot enable port %i. Maybe the USB cable is bad?\n",
491 port1);
492
493 + done:
494 + up_read(&ehci_cf_port_reset_rwsem);
495 return status;
496 }
497
498 diff --git a/drivers/usb/host/ehci-hcd.c b/drivers/usb/host/ehci-hcd.c
499 index 099aff6..5caa8b3 100644
500 --- a/drivers/usb/host/ehci-hcd.c
501 +++ b/drivers/usb/host/ehci-hcd.c
502 @@ -566,10 +566,18 @@ static int ehci_run (struct usb_hcd *hcd)
503 * are explicitly handed to companion controller(s), so no TT is
504 * involved with the root hub. (Except where one is integrated,
505 * and there's no companion controller unless maybe for USB OTG.)
506 + *
507 + * Turning on the CF flag will transfer ownership of all ports
508 + * from the companions to the EHCI controller. If any of the
509 + * companions are in the middle of a port reset at the time, it
510 + * could cause trouble. Write-locking ehci_cf_port_reset_rwsem
511 + * guarantees that no resets are in progress.
512 */
513 + down_write(&ehci_cf_port_reset_rwsem);
514 hcd->state = HC_STATE_RUNNING;
515 ehci_writel(ehci, FLAG_CF, &ehci->regs->configured_flag);
516 ehci_readl(ehci, &ehci->regs->command); /* unblock posted writes */
517 + up_write(&ehci_cf_port_reset_rwsem);
518
519 temp = HC_VERSION(ehci_readl(ehci, &ehci->caps->hc_capbase));
520 ehci_info (ehci,
521 diff --git a/drivers/usb/serial/generic.c b/drivers/usb/serial/generic.c
522 index 4f8282a..c36eb79 100644
523 --- a/drivers/usb/serial/generic.c
524 +++ b/drivers/usb/serial/generic.c
525 @@ -190,14 +190,15 @@ int usb_serial_generic_write(struct usb_serial_port *port, const unsigned char *
526
527 /* only do something if we have a bulk out endpoint */
528 if (serial->num_bulk_out) {
529 - spin_lock_bh(&port->lock);
530 + unsigned long flags;
531 + spin_lock_irqsave(&port->lock, flags);
532 if (port->write_urb_busy) {
533 - spin_unlock_bh(&port->lock);
534 + spin_unlock_irqrestore(&port->lock, flags);
535 dbg("%s - already writing", __FUNCTION__);
536 return 0;
537 }
538 port->write_urb_busy = 1;
539 - spin_unlock_bh(&port->lock);
540 + spin_unlock_irqrestore(&port->lock, flags);
541
542 count = (count > port->bulk_out_size) ? port->bulk_out_size : count;
543
544 diff --git a/drivers/usb/serial/kobil_sct.c b/drivers/usb/serial/kobil_sct.c
545 index 0683b51..6f22419 100644
546 --- a/drivers/usb/serial/kobil_sct.c
547 +++ b/drivers/usb/serial/kobil_sct.c
548 @@ -82,6 +82,7 @@ static int kobil_tiocmset(struct usb_serial_port *port, struct file *file,
549 unsigned int set, unsigned int clear);
550 static void kobil_read_int_callback( struct urb *urb );
551 static void kobil_write_callback( struct urb *purb );
552 +static void kobil_set_termios(struct usb_serial_port *port, struct ktermios *old);
553
554
555 static struct usb_device_id id_table [] = {
556 @@ -119,6 +120,7 @@ static struct usb_serial_driver kobil_device = {
557 .attach = kobil_startup,
558 .shutdown = kobil_shutdown,
559 .ioctl = kobil_ioctl,
560 + .set_termios = kobil_set_termios,
561 .tiocmget = kobil_tiocmget,
562 .tiocmset = kobil_tiocmset,
563 .open = kobil_open,
564 @@ -137,7 +139,6 @@ struct kobil_private {
565 int cur_pos; // index of the next char to send in buf
566 __u16 device_type;
567 int line_state;
568 - struct ktermios internal_termios;
569 };
570
571
572 @@ -216,7 +217,7 @@ static void kobil_shutdown (struct usb_serial *serial)
573
574 static int kobil_open (struct usb_serial_port *port, struct file *filp)
575 {
576 - int i, result = 0;
577 + int result = 0;
578 struct kobil_private *priv;
579 unsigned char *transfer_buffer;
580 int transfer_buffer_length = 8;
581 @@ -242,16 +243,6 @@ static int kobil_open (struct usb_serial_port *port, struct file *filp)
582 port->tty->termios->c_iflag = IGNBRK | IGNPAR | IXOFF;
583 port->tty->termios->c_oflag &= ~ONLCR; // do NOT translate CR to CR-NL (0x0A -> 0x0A 0x0D)
584
585 - // set up internal termios structure
586 - priv->internal_termios.c_iflag = port->tty->termios->c_iflag;
587 - priv->internal_termios.c_oflag = port->tty->termios->c_oflag;
588 - priv->internal_termios.c_cflag = port->tty->termios->c_cflag;
589 - priv->internal_termios.c_lflag = port->tty->termios->c_lflag;
590 -
591 - for (i=0; i<NCCS; i++) {
592 - priv->internal_termios.c_cc[i] = port->tty->termios->c_cc[i];
593 - }
594 -
595 // allocate memory for transfer buffer
596 transfer_buffer = kzalloc(transfer_buffer_length, GFP_KERNEL);
597 if (! transfer_buffer) {
598 @@ -358,24 +349,26 @@ static void kobil_close (struct usb_serial_port *port, struct file *filp)
599 }
600
601
602 -static void kobil_read_int_callback( struct urb *purb)
603 +static void kobil_read_int_callback(struct urb *urb)
604 {
605 int result;
606 - struct usb_serial_port *port = (struct usb_serial_port *) purb->context;
607 + struct usb_serial_port *port = urb->context;
608 struct tty_struct *tty;
609 - unsigned char *data = purb->transfer_buffer;
610 + unsigned char *data = urb->transfer_buffer;
611 + int status = urb->status;
612 // char *dbg_data;
613
614 dbg("%s - port %d", __FUNCTION__, port->number);
615
616 - if (purb->status) {
617 - dbg("%s - port %d Read int status not zero: %d", __FUNCTION__, port->number, purb->status);
618 + if (status) {
619 + dbg("%s - port %d Read int status not zero: %d",
620 + __FUNCTION__, port->number, status);
621 return;
622 }
623 -
624 - tty = port->tty;
625 - if (purb->actual_length) {
626 -
627 +
628 + tty = port->tty;
629 + if (urb->actual_length) {
630 +
631 // BEGIN DEBUG
632 /*
633 dbg_data = kzalloc((3 * purb->actual_length + 10) * sizeof(char), GFP_KERNEL);
634 @@ -390,15 +383,15 @@ static void kobil_read_int_callback( struct urb *purb)
635 */
636 // END DEBUG
637
638 - tty_buffer_request_room(tty, purb->actual_length);
639 - tty_insert_flip_string(tty, data, purb->actual_length);
640 + tty_buffer_request_room(tty, urb->actual_length);
641 + tty_insert_flip_string(tty, data, urb->actual_length);
642 tty_flip_buffer_push(tty);
643 }
644
645 // someone sets the dev to 0 if the close method has been called
646 port->interrupt_in_urb->dev = port->serial->dev;
647
648 - result = usb_submit_urb( port->interrupt_in_urb, GFP_ATOMIC );
649 + result = usb_submit_urb(port->interrupt_in_urb, GFP_ATOMIC);
650 dbg("%s - port %d Send read URB returns: %i", __FUNCTION__, port->number, result);
651 }
652
653 @@ -605,102 +598,79 @@ static int kobil_tiocmset(struct usb_serial_port *port, struct file *file,
654 return (result < 0) ? result : 0;
655 }
656
657 -
658 -static int kobil_ioctl(struct usb_serial_port *port, struct file *file,
659 - unsigned int cmd, unsigned long arg)
660 +static void kobil_set_termios(struct usb_serial_port *port, struct ktermios *old)
661 {
662 struct kobil_private * priv;
663 int result;
664 unsigned short urb_val = 0;
665 - unsigned char *transfer_buffer;
666 - int transfer_buffer_length = 8;
667 - char *settings;
668 - void __user *user_arg = (void __user *)arg;
669 + int c_cflag = port->tty->termios->c_cflag;
670 + speed_t speed;
671 + void * settings;
672
673 priv = usb_get_serial_port_data(port);
674 - if ((priv->device_type == KOBIL_USBTWIN_PRODUCT_ID) || (priv->device_type == KOBIL_KAAN_SIM_PRODUCT_ID)) {
675 + if (priv->device_type == KOBIL_USBTWIN_PRODUCT_ID || priv->device_type == KOBIL_KAAN_SIM_PRODUCT_ID)
676 // This device doesn't support ioctl calls
677 - return 0;
678 - }
679 -
680 - switch (cmd) {
681 - case TCGETS: // 0x5401
682 - if (!access_ok(VERIFY_WRITE, user_arg, sizeof(struct ktermios))) {
683 - dbg("%s - port %d Error in access_ok", __FUNCTION__, port->number);
684 - return -EFAULT;
685 - }
686 - if (kernel_termios_to_user_termios((struct ktermios __user *)arg,
687 - &priv->internal_termios))
688 - return -EFAULT;
689 - return 0;
690 -
691 - case TCSETS: // 0x5402
692 - if (!(port->tty->termios)) {
693 - dbg("%s - port %d Error: port->tty->termios is NULL", __FUNCTION__, port->number);
694 - return -ENOTTY;
695 - }
696 - if (!access_ok(VERIFY_READ, user_arg, sizeof(struct ktermios))) {
697 - dbg("%s - port %d Error in access_ok", __FUNCTION__, port->number);
698 - return -EFAULT;
699 - }
700 - if (user_termios_to_kernel_termios(&priv->internal_termios,
701 - (struct ktermios __user *)arg))
702 - return -EFAULT;
703 -
704 - settings = kzalloc(50, GFP_KERNEL);
705 - if (! settings) {
706 - return -ENOBUFS;
707 - }
708 + return;
709
710 - switch (priv->internal_termios.c_cflag & CBAUD) {
711 - case B1200:
712 + switch (speed = tty_get_baud_rate(port->tty)) {
713 + case 1200:
714 urb_val = SUSBCR_SBR_1200;
715 - strcat(settings, "1200 ");
716 break;
717 - case B9600:
718 + case 9600:
719 default:
720 urb_val = SUSBCR_SBR_9600;
721 - strcat(settings, "9600 ");
722 break;
723 - }
724 + }
725 + urb_val |= (c_cflag & CSTOPB) ? SUSBCR_SPASB_2StopBits : SUSBCR_SPASB_1StopBit;
726
727 - urb_val |= (priv->internal_termios.c_cflag & CSTOPB) ? SUSBCR_SPASB_2StopBits : SUSBCR_SPASB_1StopBit;
728 - strcat(settings, (priv->internal_termios.c_cflag & CSTOPB) ? "2 StopBits " : "1 StopBit ");
729 + settings = kzalloc(50, GFP_KERNEL);
730 + if (! settings)
731 + return;
732
733 - if (priv->internal_termios.c_cflag & PARENB) {
734 - if (priv->internal_termios.c_cflag & PARODD) {
735 - urb_val |= SUSBCR_SPASB_OddParity;
736 - strcat(settings, "Odd Parity");
737 - } else {
738 - urb_val |= SUSBCR_SPASB_EvenParity;
739 - strcat(settings, "Even Parity");
740 - }
741 + sprintf(settings, "%d ", speed);
742 +
743 + if (c_cflag & PARENB) {
744 + if (c_cflag & PARODD) {
745 + urb_val |= SUSBCR_SPASB_OddParity;
746 + strcat(settings, "Odd Parity");
747 } else {
748 - urb_val |= SUSBCR_SPASB_NoParity;
749 - strcat(settings, "No Parity");
750 + urb_val |= SUSBCR_SPASB_EvenParity;
751 + strcat(settings, "Even Parity");
752 }
753 - dbg("%s - port %d setting port to: %s", __FUNCTION__, port->number, settings );
754 + } else {
755 + urb_val |= SUSBCR_SPASB_NoParity;
756 + strcat(settings, "No Parity");
757 + }
758
759 - result = usb_control_msg( port->serial->dev,
760 - usb_rcvctrlpipe(port->serial->dev, 0 ),
761 - SUSBCRequest_SetBaudRateParityAndStopBits,
762 - USB_TYPE_VENDOR | USB_RECIP_ENDPOINT | USB_DIR_OUT,
763 - urb_val,
764 - 0,
765 - settings,
766 - 0,
767 - KOBIL_TIMEOUT
768 - );
769 + result = usb_control_msg( port->serial->dev,
770 + usb_rcvctrlpipe(port->serial->dev, 0 ),
771 + SUSBCRequest_SetBaudRateParityAndStopBits,
772 + USB_TYPE_VENDOR | USB_RECIP_ENDPOINT | USB_DIR_OUT,
773 + urb_val,
774 + 0,
775 + settings,
776 + 0,
777 + KOBIL_TIMEOUT
778 + );
779 + kfree(settings);
780 +}
781
782 - dbg("%s - port %d Send set_baudrate URB returns: %i", __FUNCTION__, port->number, result);
783 - kfree(settings);
784 +static int kobil_ioctl(struct usb_serial_port *port, struct file * file, unsigned int cmd, unsigned long arg)
785 +{
786 + struct kobil_private * priv = usb_get_serial_port_data(port);
787 + unsigned char *transfer_buffer;
788 + int transfer_buffer_length = 8;
789 + int result;
790 +
791 + if (priv->device_type == KOBIL_USBTWIN_PRODUCT_ID || priv->device_type == KOBIL_KAAN_SIM_PRODUCT_ID)
792 + // This device doesn't support ioctl calls
793 return 0;
794
795 + switch (cmd) {
796 case TCFLSH: // 0x540B
797 transfer_buffer = kmalloc(transfer_buffer_length, GFP_KERNEL);
798 - if (! transfer_buffer) {
799 + if (! transfer_buffer)
800 return -ENOBUFS;
801 - }
802
803 result = usb_control_msg( port->serial->dev,
804 usb_rcvctrlpipe(port->serial->dev, 0 ),
805 @@ -714,15 +684,13 @@ static int kobil_ioctl(struct usb_serial_port *port, struct file *file,
806 );
807
808 dbg("%s - port %d Send reset_all_queues (FLUSH) URB returns: %i", __FUNCTION__, port->number, result);
809 -
810 kfree(transfer_buffer);
811 - return ((result < 0) ? -EFAULT : 0);
812 -
813 + return (result < 0) ? -EFAULT : 0;
814 + default:
815 + return -ENOIOCTLCMD;
816 }
817 - return -ENOIOCTLCMD;
818 }
819
820 -
821 static int __init kobil_init (void)
822 {
823 int retval;
824 diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c
825 index a480b09..3175288 100644
826 --- a/fs/ocfs2/aops.c
827 +++ b/fs/ocfs2/aops.c
828 @@ -661,6 +661,27 @@ static void ocfs2_clear_page_regions(struct page *page,
829 }
830
831 /*
832 + * Nonsparse file systems fully allocate before we get to the write
833 + * code. This prevents ocfs2_write() from tagging the write as an
834 + * allocating one, which means ocfs2_map_page_blocks() might try to
835 + * read-in the blocks at the tail of our file. Avoid reading them by
836 + * testing i_size against each block offset.
837 + */
838 +static int ocfs2_should_read_blk(struct inode *inode, struct page *page,
839 + unsigned int block_start)
840 +{
841 + u64 offset = page_offset(page) + block_start;
842 +
843 + if (ocfs2_sparse_alloc(OCFS2_SB(inode->i_sb)))
844 + return 1;
845 +
846 + if (i_size_read(inode) > offset)
847 + return 1;
848 +
849 + return 0;
850 +}
851 +
852 +/*
853 * Some of this taken from block_prepare_write(). We already have our
854 * mapping by now though, and the entire write will be allocating or
855 * it won't, so not much need to use BH_New.
856 @@ -711,7 +732,8 @@ int ocfs2_map_page_blocks(struct page *page, u64 *p_blkno,
857 if (!buffer_uptodate(bh))
858 set_buffer_uptodate(bh);
859 } else if (!buffer_uptodate(bh) && !buffer_delay(bh) &&
860 - (block_start < from || block_end > to)) {
861 + ocfs2_should_read_blk(inode, page, block_start) &&
862 + (block_start < from || block_end > to)) {
863 ll_rw_block(READ, 1, &bh);
864 *wait_bh++=bh;
865 }
866 diff --git a/include/linux/netlink.h b/include/linux/netlink.h
867 index 2e23353..b2834d8 100644
868 --- a/include/linux/netlink.h
869 +++ b/include/linux/netlink.h
870 @@ -173,7 +173,7 @@ extern int netlink_unregister_notifier(struct notifier_block *nb);
871 /* finegrained unicast helpers: */
872 struct sock *netlink_getsockbyfilp(struct file *filp);
873 int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
874 - long timeo, struct sock *ssk);
875 + long *timeo, struct sock *ssk);
876 void netlink_detachskb(struct sock *sk, struct sk_buff *skb);
877 int netlink_sendskb(struct sock *sk, struct sk_buff *skb, int protocol);
878
879 diff --git a/ipc/mqueue.c b/ipc/mqueue.c
880 index a242c83..1eef14b 100644
881 --- a/ipc/mqueue.c
882 +++ b/ipc/mqueue.c
883 @@ -1014,6 +1014,8 @@ asmlinkage long sys_mq_notify(mqd_t mqdes,
884 return -EINVAL;
885 }
886 if (notification.sigev_notify == SIGEV_THREAD) {
887 + long timeo;
888 +
889 /* create the notify skb */
890 nc = alloc_skb(NOTIFY_COOKIE_LEN, GFP_KERNEL);
891 ret = -ENOMEM;
892 @@ -1042,8 +1044,8 @@ retry:
893 goto out;
894 }
895
896 - ret = netlink_attachskb(sock, nc, 0,
897 - MAX_SCHEDULE_TIMEOUT, NULL);
898 + timeo = MAX_SCHEDULE_TIMEOUT;
899 + ret = netlink_attachskb(sock, nc, 0, &timeo, NULL);
900 if (ret == 1)
901 goto retry;
902 if (ret) {
903 diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
904 index 7e52eb0..589b1e4 100644
905 --- a/kernel/futex_compat.c
906 +++ b/kernel/futex_compat.c
907 @@ -29,6 +29,15 @@ fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry,
908 return 0;
909 }
910
911 +static void __user *futex_uaddr(struct robust_list *entry,
912 + compat_long_t futex_offset)
913 +{
914 + compat_uptr_t base = ptr_to_compat(entry);
915 + void __user *uaddr = compat_ptr(base + futex_offset);
916 +
917 + return uaddr;
918 +}
919 +
920 /*
921 * Walk curr->robust_list (very carefully, it's a userspace list!)
922 * and mark any locks found there dead, and notify any waiters.
923 @@ -61,18 +70,23 @@ void compat_exit_robust_list(struct task_struct *curr)
924 if (fetch_robust_entry(&upending, &pending,
925 &head->list_op_pending, &pip))
926 return;
927 - if (pending)
928 - handle_futex_death((void __user *)pending + futex_offset, curr, pip);
929 + if (pending) {
930 + void __user *uaddr = futex_uaddr(pending,
931 + futex_offset);
932 + handle_futex_death(uaddr, curr, pip);
933 + }
934
935 while (entry != (struct robust_list __user *) &head->list) {
936 /*
937 * A pending lock might already be on the list, so
938 * dont process it twice:
939 */
940 - if (entry != pending)
941 - if (handle_futex_death((void __user *)entry + futex_offset,
942 - curr, pi))
943 + if (entry != pending) {
944 + void __user *uaddr = futex_uaddr(entry,
945 + futex_offset);
946 + if (handle_futex_death(uaddr, curr, pi))
947 return;
948 + }
949
950 /*
951 * Fetch the next entry in the list:
952 diff --git a/kernel/params.c b/kernel/params.c
953 index 8e8ca8f..1f17b58 100644
954 --- a/kernel/params.c
955 +++ b/kernel/params.c
956 @@ -591,19 +591,16 @@ static void __init param_sysfs_builtin(void)
957
958 for (i=0; i < __stop___param - __start___param; i++) {
959 char *dot;
960 - size_t kplen;
961 + size_t max_name_len;
962
963 kp = &__start___param[i];
964 - kplen = strlen(kp->name);
965 + max_name_len =
966 + min_t(size_t, MAX_KBUILD_MODNAME, strlen(kp->name));
967
968 - /* We do not handle args without periods. */
969 - if (kplen > MAX_KBUILD_MODNAME) {
970 - DEBUGP("kernel parameter name is too long: %s\n", kp->name);
971 - continue;
972 - }
973 - dot = memchr(kp->name, '.', kplen);
974 + dot = memchr(kp->name, '.', max_name_len);
975 if (!dot) {
976 - DEBUGP("couldn't find period in %s\n", kp->name);
977 + DEBUGP("couldn't find period in first %d characters "
978 + "of %s\n", MAX_KBUILD_MODNAME, kp->name);
979 continue;
980 }
981 name_len = dot - kp->name;
982 diff --git a/kernel/softlockup.c b/kernel/softlockup.c
983 index 0131e29..fd9b3a2 100644
984 --- a/kernel/softlockup.c
985 +++ b/kernel/softlockup.c
986 @@ -79,10 +79,11 @@ void softlockup_tick(void)
987 print_timestamp = per_cpu(print_timestamp, this_cpu);
988
989 /* report at most once a second */
990 - if (print_timestamp < (touch_timestamp + 1) ||
991 - did_panic ||
992 - !per_cpu(watchdog_task, this_cpu))
993 + if ((print_timestamp >= touch_timestamp &&
994 + print_timestamp < (touch_timestamp + 1)) ||
995 + did_panic || !per_cpu(watchdog_task, this_cpu)) {
996 return;
997 + }
998
999 /* do not print during early bootup: */
1000 if (unlikely(system_state != SYSTEM_RUNNING)) {
1001 diff --git a/mm/page-writeback.c b/mm/page-writeback.c
1002 index eec1481..2d39627 100644
1003 --- a/mm/page-writeback.c
1004 +++ b/mm/page-writeback.c
1005 @@ -674,8 +674,10 @@ retry:
1006
1007 ret = (*writepage)(page, wbc, data);
1008
1009 - if (unlikely(ret == AOP_WRITEPAGE_ACTIVATE))
1010 + if (unlikely(ret == AOP_WRITEPAGE_ACTIVATE)) {
1011 unlock_page(page);
1012 + ret = 0;
1013 + }
1014 if (ret || (--(wbc->nr_to_write) <= 0))
1015 done = 1;
1016 if (wbc->nonblocking && bdi_write_congested(bdi)) {
1017 diff --git a/mm/slub.c b/mm/slub.c
1018 index e0cf621..648f2c7 100644
1019 --- a/mm/slub.c
1020 +++ b/mm/slub.c
1021 @@ -1431,28 +1431,8 @@ new_slab:
1022 page = new_slab(s, gfpflags, node);
1023 if (page) {
1024 cpu = smp_processor_id();
1025 - if (s->cpu_slab[cpu]) {
1026 - /*
1027 - * Someone else populated the cpu_slab while we
1028 - * enabled interrupts, or we have gotten scheduled
1029 - * on another cpu. The page may not be on the
1030 - * requested node even if __GFP_THISNODE was
1031 - * specified. So we need to recheck.
1032 - */
1033 - if (node == -1 ||
1034 - page_to_nid(s->cpu_slab[cpu]) == node) {
1035 - /*
1036 - * Current cpuslab is acceptable and we
1037 - * want the current one since its cache hot
1038 - */
1039 - discard_slab(s, page);
1040 - page = s->cpu_slab[cpu];
1041 - slab_lock(page);
1042 - goto load_freelist;
1043 - }
1044 - /* New slab does not fit our expectations */
1045 + if (s->cpu_slab[cpu])
1046 flush_slab(s, s->cpu_slab[cpu], cpu);
1047 - }
1048 slab_lock(page);
1049 SetSlabFrozen(page);
1050 s->cpu_slab[cpu] = page;
1051 diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
1052 index ab86137..630ebb7 100644
1053 --- a/net/ipv4/ipcomp.c
1054 +++ b/net/ipv4/ipcomp.c
1055 @@ -17,6 +17,7 @@
1056 #include <asm/scatterlist.h>
1057 #include <asm/semaphore.h>
1058 #include <linux/crypto.h>
1059 +#include <linux/err.h>
1060 #include <linux/pfkeyv2.h>
1061 #include <linux/percpu.h>
1062 #include <linux/smp.h>
1063 @@ -355,7 +356,7 @@ static struct crypto_comp **ipcomp_alloc_tfms(const char *alg_name)
1064 for_each_possible_cpu(cpu) {
1065 struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
1066 CRYPTO_ALG_ASYNC);
1067 - if (!tfm)
1068 + if (IS_ERR(tfm))
1069 goto error;
1070 *per_cpu_ptr(tfms, cpu) = tfm;
1071 }
1072 diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c
1073 index 1ee50b5..3680f64 100644
1074 --- a/net/ipv6/ipcomp6.c
1075 +++ b/net/ipv6/ipcomp6.c
1076 @@ -37,6 +37,7 @@
1077 #include <asm/scatterlist.h>
1078 #include <asm/semaphore.h>
1079 #include <linux/crypto.h>
1080 +#include <linux/err.h>
1081 #include <linux/pfkeyv2.h>
1082 #include <linux/random.h>
1083 #include <linux/percpu.h>
1084 @@ -366,7 +367,7 @@ static struct crypto_comp **ipcomp6_alloc_tfms(const char *alg_name)
1085 for_each_possible_cpu(cpu) {
1086 struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
1087 CRYPTO_ALG_ASYNC);
1088 - if (!tfm)
1089 + if (IS_ERR(tfm))
1090 goto error;
1091 *per_cpu_ptr(tfms, cpu) = tfm;
1092 }
1093 diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
1094 index ccdd5d2..2721ff4 100644
1095 --- a/net/netfilter/nf_conntrack_proto_tcp.c
1096 +++ b/net/netfilter/nf_conntrack_proto_tcp.c
1097 @@ -839,6 +839,22 @@ static int tcp_packet(struct nf_conn *conntrack,
1098 new_state = tcp_conntracks[dir][index][old_state];
1099
1100 switch (new_state) {
1101 + case TCP_CONNTRACK_SYN_SENT:
1102 + if (old_state < TCP_CONNTRACK_TIME_WAIT)
1103 + break;
1104 + if ((conntrack->proto.tcp.seen[!dir].flags &
1105 + IP_CT_TCP_FLAG_CLOSE_INIT)
1106 + || (conntrack->proto.tcp.last_dir == dir
1107 + && conntrack->proto.tcp.last_index == TCP_RST_SET)) {
1108 + /* Attempt to reopen a closed/aborted connection.
1109 + * Delete this connection and look up again. */
1110 + write_unlock_bh(&tcp_lock);
1111 + if (del_timer(&conntrack->timeout))
1112 + conntrack->timeout.function((unsigned long)
1113 + conntrack);
1114 + return -NF_REPEAT;
1115 + }
1116 + /* Fall through */
1117 case TCP_CONNTRACK_IGNORE:
1118 /* Ignored packets:
1119 *
1120 @@ -888,27 +904,6 @@ static int tcp_packet(struct nf_conn *conntrack,
1121 nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
1122 "nf_ct_tcp: invalid state ");
1123 return -NF_ACCEPT;
1124 - case TCP_CONNTRACK_SYN_SENT:
1125 - if (old_state < TCP_CONNTRACK_TIME_WAIT)
1126 - break;
1127 - if ((conntrack->proto.tcp.seen[dir].flags &
1128 - IP_CT_TCP_FLAG_CLOSE_INIT)
1129 - || after(ntohl(th->seq),
1130 - conntrack->proto.tcp.seen[dir].td_end)) {
1131 - /* Attempt to reopen a closed connection.
1132 - * Delete this connection and look up again. */
1133 - write_unlock_bh(&tcp_lock);
1134 - if (del_timer(&conntrack->timeout))
1135 - conntrack->timeout.function((unsigned long)
1136 - conntrack);
1137 - return -NF_REPEAT;
1138 - } else {
1139 - write_unlock_bh(&tcp_lock);
1140 - if (LOG_INVALID(IPPROTO_TCP))
1141 - nf_log_packet(pf, 0, skb, NULL, NULL,
1142 - NULL, "nf_ct_tcp: invalid SYN");
1143 - return -NF_ACCEPT;
1144 - }
1145 case TCP_CONNTRACK_CLOSE:
1146 if (index == TCP_RST_SET
1147 && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)
1148 @@ -941,6 +936,7 @@ static int tcp_packet(struct nf_conn *conntrack,
1149 in_window:
1150 /* From now on we have got in-window packets */
1151 conntrack->proto.tcp.last_index = index;
1152 + conntrack->proto.tcp.last_dir = dir;
1153
1154 DEBUGP("tcp_conntracks: src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu "
1155 "syn=%i ack=%i fin=%i rst=%i old=%i new=%i\n",
1156 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
1157 index 1f15821..6ac83c2 100644
1158 --- a/net/netlink/af_netlink.c
1159 +++ b/net/netlink/af_netlink.c
1160 @@ -732,7 +732,7 @@ struct sock *netlink_getsockbyfilp(struct file *filp)
1161 * 1: repeat lookup - reference dropped while waiting for socket memory.
1162 */
1163 int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
1164 - long timeo, struct sock *ssk)
1165 + long *timeo, struct sock *ssk)
1166 {
1167 struct netlink_sock *nlk;
1168
1169 @@ -741,7 +741,7 @@ int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
1170 if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf ||
1171 test_bit(0, &nlk->state)) {
1172 DECLARE_WAITQUEUE(wait, current);
1173 - if (!timeo) {
1174 + if (!*timeo) {
1175 if (!ssk || nlk_sk(ssk)->pid == 0)
1176 netlink_overrun(sk);
1177 sock_put(sk);
1178 @@ -755,7 +755,7 @@ int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
1179 if ((atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf ||
1180 test_bit(0, &nlk->state)) &&
1181 !sock_flag(sk, SOCK_DEAD))
1182 - timeo = schedule_timeout(timeo);
1183 + *timeo = schedule_timeout(*timeo);
1184
1185 __set_current_state(TASK_RUNNING);
1186 remove_wait_queue(&nlk->wait, &wait);
1187 @@ -763,7 +763,7 @@ int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
1188
1189 if (signal_pending(current)) {
1190 kfree_skb(skb);
1191 - return sock_intr_errno(timeo);
1192 + return sock_intr_errno(*timeo);
1193 }
1194 return 1;
1195 }
1196 @@ -827,7 +827,7 @@ retry:
1197 kfree_skb(skb);
1198 return PTR_ERR(sk);
1199 }
1200 - err = netlink_attachskb(sk, skb, nonblock, timeo, ssk);
1201 + err = netlink_attachskb(sk, skb, nonblock, &timeo, ssk);
1202 if (err == 1)
1203 goto retry;
1204 if (err)
1205 diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
1206 index f2686ea..1d36265 100644
1207 --- a/net/sched/cls_u32.c
1208 +++ b/net/sched/cls_u32.c
1209 @@ -107,7 +107,7 @@ static struct tc_u_common *u32_list;
1210
1211 static __inline__ unsigned u32_hash_fold(u32 key, struct tc_u32_sel *sel, u8 fshift)
1212 {
1213 - unsigned h = (key & sel->hmask)>>fshift;
1214 + unsigned h = ntohl(key & sel->hmask)>>fshift;
1215
1216 return h;
1217 }
1218 @@ -631,7 +631,7 @@ static int u32_change(struct tcf_proto *tp, unsigned long base, u32 handle,
1219 n->handle = handle;
1220 {
1221 u8 i = 0;
1222 - u32 mask = s->hmask;
1223 + u32 mask = ntohl(s->hmask);
1224 if (mask) {
1225 while (!(mask & 1)) {
1226 i++;
1227 diff --git a/net/sched/sch_teql.c b/net/sched/sch_teql.c
1228 index f05ad9a..656ccd9 100644
1229 --- a/net/sched/sch_teql.c
1230 +++ b/net/sched/sch_teql.c
1231 @@ -263,6 +263,9 @@ __teql_resolve(struct sk_buff *skb, struct sk_buff *skb_res, struct net_device *
1232 static __inline__ int
1233 teql_resolve(struct sk_buff *skb, struct sk_buff *skb_res, struct net_device *dev)
1234 {
1235 + if (dev->qdisc == &noop_qdisc)
1236 + return -ENODEV;
1237 +
1238 if (dev->hard_header == NULL ||
1239 skb->dst == NULL ||
1240 skb->dst->neighbour == NULL)
1241 diff --git a/net/socket.c b/net/socket.c
1242 index 48bd793..8211578 100644
1243 --- a/net/socket.c
1244 +++ b/net/socket.c
1245 @@ -1246,11 +1246,14 @@ asmlinkage long sys_socketpair(int family, int type, int protocol,
1246 goto out_release_both;
1247
1248 fd1 = sock_alloc_fd(&newfile1);
1249 - if (unlikely(fd1 < 0))
1250 + if (unlikely(fd1 < 0)) {
1251 + err = fd1;
1252 goto out_release_both;
1253 + }
1254
1255 fd2 = sock_alloc_fd(&newfile2);
1256 if (unlikely(fd2 < 0)) {
1257 + err = fd2;
1258 put_filp(newfile1);
1259 put_unused_fd(fd1);
1260 goto out_release_both;
1261 diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
1262 index e3964fc..d5b2f53 100644
1263 --- a/sound/pci/hda/patch_sigmatel.c
1264 +++ b/sound/pci/hda/patch_sigmatel.c
1265 @@ -153,8 +153,9 @@ static hda_nid_t stac925x_dac_nids[1] = {
1266 0x02,
1267 };
1268
1269 -static hda_nid_t stac925x_dmic_nids[1] = {
1270 - 0x15,
1271 +#define STAC925X_NUM_DMICS 1
1272 +static hda_nid_t stac925x_dmic_nids[STAC925X_NUM_DMICS + 1] = {
1273 + 0x15, 0
1274 };
1275
1276 static hda_nid_t stac922x_adc_nids[2] = {
1277 @@ -181,8 +182,9 @@ static hda_nid_t stac9205_mux_nids[2] = {
1278 0x19, 0x1a
1279 };
1280
1281 -static hda_nid_t stac9205_dmic_nids[2] = {
1282 - 0x17, 0x18,
1283 +#define STAC9205_NUM_DMICS 2
1284 +static hda_nid_t stac9205_dmic_nids[STAC9205_NUM_DMICS + 1] = {
1285 + 0x17, 0x18, 0
1286 };
1287
1288 static hda_nid_t stac9200_pin_nids[8] = {
1289 @@ -1972,7 +1974,7 @@ static int patch_stac925x(struct hda_codec *codec)
1290 case 0x83847633: /* STAC9202D */
1291 case 0x83847636: /* STAC9251 */
1292 case 0x83847637: /* STAC9251D */
1293 - spec->num_dmics = 1;
1294 + spec->num_dmics = STAC925X_NUM_DMICS;
1295 spec->dmic_nids = stac925x_dmic_nids;
1296 break;
1297 default:
1298 @@ -2202,7 +2204,7 @@ static int patch_stac9205(struct hda_codec *codec)
1299 spec->mux_nids = stac9205_mux_nids;
1300 spec->num_muxes = ARRAY_SIZE(stac9205_mux_nids);
1301 spec->dmic_nids = stac9205_dmic_nids;
1302 - spec->num_dmics = ARRAY_SIZE(stac9205_dmic_nids);
1303 + spec->num_dmics = STAC9205_NUM_DMICS;
1304 spec->dmux_nid = 0x1d;
1305
1306 spec->init = stac9205_core_init;
1307 diff --git a/sound/pci/rme9652/hdsp.c b/sound/pci/rme9652/hdsp.c
1308 index 3b3ef65..75dcb9a 100644
1309 --- a/sound/pci/rme9652/hdsp.c
1310 +++ b/sound/pci/rme9652/hdsp.c
1311 @@ -3108,6 +3108,9 @@ static int hdsp_dds_offset(struct hdsp *hdsp)
1312 unsigned int dds_value = hdsp->dds_value;
1313 int system_sample_rate = hdsp->system_sample_rate;
1314
1315 + if (!dds_value)
1316 + return 0;
1317 +
1318 n = DDS_NUMERATOR;
1319 /*
1320 * dds_value = n / rate
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git