1 From: Greg Kroah-Hartman <gregkh@suse.de>
2 Subject: Linux 2.6.27.22
4 Upstream 2.6.27.22 release from kernel.org
6 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
8 diff --git a/Makefile b/Makefile
9 index 0664c76..d3b7fc8 100644
18 NAME = Trembling Tortoise
21 diff --git a/arch/powerpc/include/asm/futex.h b/arch/powerpc/include/asm/futex.h
22 index 6d406c5..9696cc3 100644
23 --- a/arch/powerpc/include/asm/futex.h
24 +++ b/arch/powerpc/include/asm/futex.h
26 PPC_LONG "1b,4b,2b,4b\n" \
28 : "=&r" (oldval), "=&r" (ret) \
29 - : "b" (uaddr), "i" (-EFAULT), "1" (oparg) \
30 + : "b" (uaddr), "i" (-EFAULT), "r" (oparg) \
33 static inline int futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
34 @@ -47,19 +47,19 @@ static inline int futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
38 - __futex_atomic_op("", ret, oldval, uaddr, oparg);
39 + __futex_atomic_op("mr %1,%4\n", ret, oldval, uaddr, oparg);
42 - __futex_atomic_op("add %1,%0,%1\n", ret, oldval, uaddr, oparg);
43 + __futex_atomic_op("add %1,%0,%4\n", ret, oldval, uaddr, oparg);
46 - __futex_atomic_op("or %1,%0,%1\n", ret, oldval, uaddr, oparg);
47 + __futex_atomic_op("or %1,%0,%4\n", ret, oldval, uaddr, oparg);
50 - __futex_atomic_op("andc %1,%0,%1\n", ret, oldval, uaddr, oparg);
51 + __futex_atomic_op("andc %1,%0,%4\n", ret, oldval, uaddr, oparg);
54 - __futex_atomic_op("xor %1,%0,%1\n", ret, oldval, uaddr, oparg);
55 + __futex_atomic_op("xor %1,%0,%4\n", ret, oldval, uaddr, oparg);
59 diff --git a/arch/powerpc/include/asm/processor.h b/arch/powerpc/include/asm/processor.h
60 index 101ed87..ae1c5b5 100644
61 --- a/arch/powerpc/include/asm/processor.h
62 +++ b/arch/powerpc/include/asm/processor.h
63 @@ -309,6 +309,25 @@ static inline void prefetchw(const void *x)
64 #define HAVE_ARCH_PICK_MMAP_LAYOUT
68 +static inline unsigned long get_clean_sp(struct pt_regs *regs, int is_32)
73 + sp = regs->gpr[1] & 0x0ffffffffUL;
80 +static inline unsigned long get_clean_sp(struct pt_regs *regs, int is_32)
82 + return regs->gpr[1];
86 #endif /* __KERNEL__ */
87 #endif /* __ASSEMBLY__ */
88 #endif /* _ASM_POWERPC_PROCESSOR_H */
89 diff --git a/arch/powerpc/kernel/signal.c b/arch/powerpc/kernel/signal.c
90 index a54405e..00b5078 100644
91 --- a/arch/powerpc/kernel/signal.c
92 +++ b/arch/powerpc/kernel/signal.c
93 @@ -26,12 +26,12 @@ int show_unhandled_signals = 0;
94 * Allocate space for the signal frame
96 void __user * get_sigframe(struct k_sigaction *ka, struct pt_regs *regs,
98 + size_t frame_size, int is_32)
100 unsigned long oldsp, newsp;
102 /* Default to using normal stack */
103 - oldsp = regs->gpr[1];
104 + oldsp = get_clean_sp(regs, is_32);
106 /* Check for alt stack */
107 if ((ka->sa.sa_flags & SA_ONSTACK) &&
108 diff --git a/arch/powerpc/kernel/signal.h b/arch/powerpc/kernel/signal.h
109 index 28f4b9f..f77d502 100644
110 --- a/arch/powerpc/kernel/signal.h
111 +++ b/arch/powerpc/kernel/signal.h
113 #define _BLOCKABLE (~(sigmask(SIGKILL) | sigmask(SIGSTOP)))
115 extern void __user * get_sigframe(struct k_sigaction *ka, struct pt_regs *regs,
116 - size_t frame_size);
117 + size_t frame_size, int is_32);
118 extern void restore_sigmask(sigset_t *set);
120 extern int handle_signal32(unsigned long sig, struct k_sigaction *ka,
121 diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
122 index a6a4310..9084a27 100644
123 --- a/arch/powerpc/kernel/signal_32.c
124 +++ b/arch/powerpc/kernel/signal_32.c
125 @@ -836,7 +836,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka,
127 /* Set up Signal Frame */
128 /* Put a Real Time Context onto stack */
129 - rt_sf = get_sigframe(ka, regs, sizeof(*rt_sf));
130 + rt_sf = get_sigframe(ka, regs, sizeof(*rt_sf), 1);
132 if (unlikely(rt_sf == NULL))
134 @@ -1170,7 +1170,7 @@ int handle_signal32(unsigned long sig, struct k_sigaction *ka,
135 unsigned long newsp = 0;
137 /* Set up Signal Frame */
138 - frame = get_sigframe(ka, regs, sizeof(*frame));
139 + frame = get_sigframe(ka, regs, sizeof(*frame), 1);
140 if (unlikely(frame == NULL))
142 sc = (struct sigcontext __user *) &frame->sctx;
143 diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
144 index e4acdbd..3de15b0 100644
145 --- a/arch/powerpc/kernel/signal_64.c
146 +++ b/arch/powerpc/kernel/signal_64.c
147 @@ -404,7 +404,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info,
148 unsigned long newsp = 0;
151 - frame = get_sigframe(ka, regs, sizeof(*frame));
152 + frame = get_sigframe(ka, regs, sizeof(*frame), 0);
153 if (unlikely(frame == NULL))
156 diff --git a/arch/x86/boot/memory.c b/arch/x86/boot/memory.c
157 index 8c3c25f..a99dbbe 100644
158 --- a/arch/x86/boot/memory.c
159 +++ b/arch/x86/boot/memory.c
160 @@ -27,13 +27,14 @@ static int detect_memory_e820(void)
162 size = sizeof(struct e820entry);
164 - /* Important: %edx is clobbered by some BIOSes,
165 - so it must be either used for the error output
166 + /* Important: %edx and %esi are clobbered by some BIOSes,
167 + so they must be either used for the error output
168 or explicitly marked clobbered. */
169 asm("int $0x15; setc %0"
170 : "=d" (err), "+b" (next), "=a" (id), "+c" (size),
172 - : "D" (desc), "d" (SMAP), "a" (0xe820));
173 + : "D" (desc), "d" (SMAP), "a" (0xe820)
176 /* BIOSes which terminate the chain with CF = 1 as opposed
177 to %ebx = 0 don't always report the SMAP signature on
178 diff --git a/arch/x86/kernel/cpu/mtrr/generic.c b/arch/x86/kernel/cpu/mtrr/generic.c
179 index cb7d3b6..26baabd 100644
180 --- a/arch/x86/kernel/cpu/mtrr/generic.c
181 +++ b/arch/x86/kernel/cpu/mtrr/generic.c
182 @@ -45,6 +45,32 @@ u64 mtrr_tom2;
183 static int mtrr_show;
184 module_param_named(show, mtrr_show, bool, 0);
187 + * BIOS is expected to clear MtrrFixDramModEn bit, see for example
188 + * "BIOS and Kernel Developer's Guide for the AMD Athlon 64 and AMD
189 + * Opteron Processors" (26094 Rev. 3.30 February 2006), section
190 + * "13.2.1.2 SYSCFG Register": "The MtrrFixDramModEn bit should be set
191 + * to 1 during BIOS initalization of the fixed MTRRs, then cleared to
192 + * 0 for operation."
194 +static inline void k8_check_syscfg_dram_mod_en(void)
198 + if (!((boot_cpu_data.x86_vendor == X86_VENDOR_AMD) &&
199 + (boot_cpu_data.x86 >= 0x0f)))
202 + rdmsr(MSR_K8_SYSCFG, lo, hi);
203 + if (lo & K8_MTRRFIXRANGE_DRAM_MODIFY) {
204 + printk(KERN_ERR "MTRR: CPU %u: SYSCFG[MtrrFixDramModEn]"
205 + " not cleared by BIOS, clearing this bit\n",
206 + smp_processor_id());
207 + lo &= ~K8_MTRRFIXRANGE_DRAM_MODIFY;
208 + mtrr_wrmsr(MSR_K8_SYSCFG, lo, hi);
213 * Returns the effective MTRR type for the region
215 @@ -178,6 +204,8 @@ get_fixed_ranges(mtrr_type * frs)
216 unsigned int *p = (unsigned int *) frs;
219 + k8_check_syscfg_dram_mod_en();
221 rdmsr(MTRRfix64K_00000_MSR, p[0], p[1]);
223 for (i = 0; i < 2; i++)
224 @@ -312,27 +340,10 @@ void mtrr_wrmsr(unsigned msr, unsigned a, unsigned b)
228 - * Enable and allow read/write of extended fixed-range MTRR bits on K8 CPUs
229 - * see AMD publication no. 24593, chapter 3.2.1 for more information
231 -static inline void k8_enable_fixed_iorrs(void)
235 - rdmsr(MSR_K8_SYSCFG, lo, hi);
236 - mtrr_wrmsr(MSR_K8_SYSCFG, lo
237 - | K8_MTRRFIXRANGE_DRAM_ENABLE
238 - | K8_MTRRFIXRANGE_DRAM_MODIFY, hi);
242 * set_fixed_range - checks & updates a fixed-range MTRR if it differs from the value it should have
243 * @msr: MSR address of the MTTR which should be checked and updated
244 * @changed: pointer which indicates whether the MTRR needed to be changed
245 * @msrwords: pointer to the MSR values which the MSR should have
247 - * If K8 extentions are wanted, update the K8 SYSCFG MSR also.
248 - * See AMD publication no. 24593, chapter 7.8.1, page 233 for more information.
250 static void set_fixed_range(int msr, bool *changed, unsigned int *msrwords)
252 @@ -341,10 +352,6 @@ static void set_fixed_range(int msr, bool *changed, unsigned int *msrwords)
255 if (lo != msrwords[0] || hi != msrwords[1]) {
256 - if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD &&
257 - (boot_cpu_data.x86 >= 0x0f && boot_cpu_data.x86 <= 0x11) &&
258 - ((msrwords[0] | msrwords[1]) & K8_MTRR_RDMEM_WRMEM_MASK))
259 - k8_enable_fixed_iorrs();
260 mtrr_wrmsr(msr, msrwords[0], msrwords[1]);
263 @@ -428,6 +435,8 @@ static int set_fixed_ranges(mtrr_type * frs)
264 bool changed = false;
267 + k8_check_syscfg_dram_mod_en();
269 while (fixed_range_blocks[++block].ranges)
270 for (range=0; range < fixed_range_blocks[block].ranges; range++)
271 set_fixed_range(fixed_range_blocks[block].base_msr + range,
272 diff --git a/arch/x86/pci/i386.c b/arch/x86/pci/i386.c
273 index 8791fc5..b4b899a 100644
274 --- a/arch/x86/pci/i386.c
275 +++ b/arch/x86/pci/i386.c
276 @@ -326,6 +326,9 @@ int pci_mmap_page_range(struct pci_dev *dev, struct vm_area_struct *vma,
280 + vma->vm_page_prot = __pgprot(
281 + (pgprot_val(vma->vm_page_prot) & ~_PAGE_CACHE_MASK) |
285 if (((vma->vm_pgoff < max_low_pfn_mapped) ||
286 diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
287 index 2694998..e618cbe 100644
288 --- a/drivers/acpi/ec.c
289 +++ b/drivers/acpi/ec.c
290 @@ -968,9 +968,9 @@ static const struct acpi_device_id ec_device_ids[] = {
292 int __init acpi_ec_ecdt_probe(void)
296 struct acpi_table_ecdt *ecdt_ptr;
299 boot_ec = make_acpi_ec();
301 @@ -996,30 +996,31 @@ int __init acpi_ec_ecdt_probe(void)
302 boot_ec->gpe = ecdt_ptr->gpe;
303 boot_ec->handle = ACPI_ROOT_OBJECT;
304 acpi_get_handle(ACPI_ROOT_OBJECT, ecdt_ptr->id, &boot_ec->handle);
306 - /* This workaround is needed only on some broken machines,
307 - * which require early EC, but fail to provide ECDT */
309 - printk(KERN_DEBUG PREFIX "Look up EC in DSDT\n");
310 - status = acpi_get_devices(ec_device_ids[0].id, ec_parse_device,
312 - /* Check that acpi_get_devices actually find something */
313 - if (ACPI_FAILURE(status) || !boot_ec->handle)
315 - /* We really need to limit this workaround, the only ASUS,
316 - * which needs it, has fake EC._INI method, so use it as flag.
317 - * Keep boot_ec struct as it will be needed soon.
319 - if (ACPI_FAILURE(acpi_get_handle(boot_ec->handle, "_INI", &x)))
321 + /* Add some basic check against completely broken table */
322 + if (boot_ec->data_addr != boot_ec->command_addr)
327 - ret = ec_install_handlers(boot_ec);
329 + /* This workaround is needed only on some broken machines,
330 + * which require early EC, but fail to provide ECDT */
331 + printk(KERN_DEBUG PREFIX "Look up EC in DSDT\n");
332 + status = acpi_get_devices(ec_device_ids[0].id, ec_parse_device,
334 + /* Check that acpi_get_devices actually find something */
335 + if (ACPI_FAILURE(status) || !boot_ec->handle)
337 + /* We really need to limit this workaround, the only ASUS,
338 + * which needs it, has fake EC._INI method, so use it as flag.
339 + * Keep boot_ec struct as it will be needed soon.
341 + if (ACPI_FAILURE(acpi_get_handle(boot_ec->handle, "_INI", &dummy)))
344 + if (!ec_install_handlers(boot_ec)) {
353 diff --git a/drivers/ata/pata_hpt37x.c b/drivers/ata/pata_hpt37x.c
354 index 4216399..233a5fd 100644
355 --- a/drivers/ata/pata_hpt37x.c
356 +++ b/drivers/ata/pata_hpt37x.c
358 * Copyright (C) 1999-2003 Andre Hedrick <andre@linux-ide.org>
359 * Portions Copyright (C) 2001 Sun Microsystems, Inc.
360 * Portions Copyright (C) 2003 Red Hat Inc
361 - * Portions Copyright (C) 2005-2007 MontaVista Software, Inc.
362 + * Portions Copyright (C) 2005-2009 MontaVista Software, Inc.
365 * Look into engine reset on timeout errors. Should not be required.
367 #include <linux/libata.h>
369 #define DRV_NAME "pata_hpt37x"
370 -#define DRV_VERSION "0.6.11"
371 +#define DRV_VERSION "0.6.12"
375 @@ -445,23 +445,6 @@ static void hpt370_set_dmamode(struct ata_port *ap, struct ata_device *adev)
379 - * hpt370_bmdma_start - DMA engine begin
382 - * The 370 and 370A want us to reset the DMA engine each time we
383 - * use it. The 372 and later are fine.
386 -static void hpt370_bmdma_start(struct ata_queued_cmd *qc)
388 - struct ata_port *ap = qc->ap;
389 - struct pci_dev *pdev = to_pci_dev(ap->host->dev);
390 - pci_write_config_byte(pdev, 0x50 + 4 * ap->port_no, 0x37);
392 - ata_bmdma_start(qc);
396 * hpt370_bmdma_end - DMA engine stop
399 @@ -598,7 +581,6 @@ static struct scsi_host_template hpt37x_sht = {
400 static struct ata_port_operations hpt370_port_ops = {
401 .inherits = &ata_bmdma_port_ops,
403 - .bmdma_start = hpt370_bmdma_start,
404 .bmdma_stop = hpt370_bmdma_stop,
406 .mode_filter = hpt370_filter,
407 diff --git a/drivers/char/agp/generic.c b/drivers/char/agp/generic.c
408 index 118dbde..8cf3dca 100644
409 --- a/drivers/char/agp/generic.c
410 +++ b/drivers/char/agp/generic.c
411 @@ -1207,7 +1207,7 @@ void *agp_generic_alloc_page(struct agp_bridge_data *bridge)
415 - page = alloc_page(GFP_KERNEL | GFP_DMA32);
416 + page = alloc_page(GFP_KERNEL | GFP_DMA32 | __GFP_ZERO);
420 diff --git a/drivers/char/raw.c b/drivers/char/raw.c
421 index 47b8cf2..92022aa 100644
422 --- a/drivers/char/raw.c
423 +++ b/drivers/char/raw.c
424 @@ -90,6 +90,7 @@ out1:
427 mutex_unlock(&raw_mutex);
432 diff --git a/drivers/crypto/ixp4xx_crypto.c b/drivers/crypto/ixp4xx_crypto.c
433 index 2d637e0..fdcd0ab 100644
434 --- a/drivers/crypto/ixp4xx_crypto.c
435 +++ b/drivers/crypto/ixp4xx_crypto.c
436 @@ -101,6 +101,7 @@ struct buffer_desc {
439 struct buffer_desc *next;
440 + enum dma_data_direction dir;
444 @@ -132,14 +133,10 @@ struct crypt_ctl {
446 struct buffer_desc *src;
447 struct buffer_desc *dst;
448 - unsigned src_nents;
449 - unsigned dst_nents;
453 struct buffer_desc *buffer;
454 - unsigned short assoc_nents;
455 - unsigned short src_nents;
456 struct scatterlist ivlist;
457 /* used when the hmac is not on one sg entry */
459 @@ -312,7 +309,7 @@ static struct crypt_ctl *get_crypt_desc_emerg(void)
463 -static void free_buf_chain(struct buffer_desc *buf, u32 phys)
464 +static void free_buf_chain(struct device *dev, struct buffer_desc *buf,u32 phys)
467 struct buffer_desc *buf1;
468 @@ -320,6 +317,7 @@ static void free_buf_chain(struct buffer_desc *buf, u32 phys)
471 phys1 = buf->phys_next;
472 + dma_unmap_single(dev, buf->phys_next, buf->buf_len, buf->dir);
473 dma_pool_free(buffer_pool, buf, phys);
476 @@ -348,7 +346,6 @@ static void one_packet(dma_addr_t phys)
477 struct crypt_ctl *crypt;
480 - enum dma_data_direction src_direction = DMA_BIDIRECTIONAL;
482 failed = phys & 0x1 ? -EBADMSG : 0;
484 @@ -358,13 +355,8 @@ static void one_packet(dma_addr_t phys)
485 case CTL_FLAG_PERFORM_AEAD: {
486 struct aead_request *req = crypt->data.aead_req;
487 struct aead_ctx *req_ctx = aead_request_ctx(req);
488 - dma_unmap_sg(dev, req->assoc, req_ctx->assoc_nents,
490 - dma_unmap_sg(dev, &req_ctx->ivlist, 1, DMA_BIDIRECTIONAL);
491 - dma_unmap_sg(dev, req->src, req_ctx->src_nents,
492 - DMA_BIDIRECTIONAL);
494 - free_buf_chain(req_ctx->buffer, crypt->src_buf);
495 + free_buf_chain(dev, req_ctx->buffer, crypt->src_buf);
496 if (req_ctx->hmac_virt) {
497 finish_scattered_hmac(crypt);
499 @@ -374,16 +366,11 @@ static void one_packet(dma_addr_t phys)
500 case CTL_FLAG_PERFORM_ABLK: {
501 struct ablkcipher_request *req = crypt->data.ablk_req;
502 struct ablk_ctx *req_ctx = ablkcipher_request_ctx(req);
506 - nents = req_ctx->dst_nents;
507 - dma_unmap_sg(dev, req->dst, nents, DMA_FROM_DEVICE);
508 - free_buf_chain(req_ctx->dst, crypt->dst_buf);
509 - src_direction = DMA_TO_DEVICE;
510 + free_buf_chain(dev, req_ctx->dst, crypt->dst_buf);
512 - nents = req_ctx->src_nents;
513 - dma_unmap_sg(dev, req->src, nents, src_direction);
514 - free_buf_chain(req_ctx->src, crypt->src_buf);
515 + free_buf_chain(dev, req_ctx->src, crypt->src_buf);
516 req->base.complete(&req->base, failed);
519 @@ -748,56 +735,35 @@ static int setup_cipher(struct crypto_tfm *tfm, int encrypt,
523 -static int count_sg(struct scatterlist *sg, int nbytes)
524 +static struct buffer_desc *chainup_buffers(struct device *dev,
525 + struct scatterlist *sg, unsigned nbytes,
526 + struct buffer_desc *buf, gfp_t flags,
527 + enum dma_data_direction dir)
530 - for (i = 0; nbytes > 0; i++, sg = sg_next(sg))
531 - nbytes -= sg->length;
535 -static struct buffer_desc *chainup_buffers(struct scatterlist *sg,
536 - unsigned nbytes, struct buffer_desc *buf, gfp_t flags)
540 - while (nbytes > 0) {
541 + for (;nbytes > 0; sg = scatterwalk_sg_next(sg)) {
542 + unsigned len = min(nbytes, sg->length);
543 struct buffer_desc *next_buf;
545 - unsigned len = min(nbytes, sg_dma_len(sg));
550 - if (!buf->phys_addr) {
551 - buf->phys_addr = sg_dma_address(sg);
552 - buf->buf_len = len;
554 - buf->phys_next = 0;
557 - /* Two consecutive chunks on one page may be handled by the old
558 - * buffer descriptor, increased by the length of the new one
560 - if (sg_dma_address(sg) == buf->phys_addr + buf->buf_len) {
561 - buf->buf_len += len;
564 + ptr = page_address(sg_page(sg)) + sg->offset;
565 next_buf = dma_pool_alloc(buffer_pool, flags, &next_buf_phys);
572 + sg_dma_address(sg) = dma_map_single(dev, ptr, len, dir);
573 buf->next = next_buf;
574 buf->phys_next = next_buf_phys;
578 - buf->phys_next = 0;
580 buf->phys_addr = sg_dma_address(sg);
589 + buf->phys_next = 0;
593 @@ -858,12 +824,12 @@ static int ablk_perform(struct ablkcipher_request *req, int encrypt)
594 struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(req);
595 struct ixp_ctx *ctx = crypto_ablkcipher_ctx(tfm);
596 unsigned ivsize = crypto_ablkcipher_ivsize(tfm);
598 struct ix_sa_dir *dir;
599 struct crypt_ctl *crypt;
600 - unsigned int nbytes = req->nbytes, nents;
601 + unsigned int nbytes = req->nbytes;
602 enum dma_data_direction src_direction = DMA_BIDIRECTIONAL;
603 struct ablk_ctx *req_ctx = ablkcipher_request_ctx(req);
604 + struct buffer_desc src_hook;
605 gfp_t flags = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ?
606 GFP_KERNEL : GFP_ATOMIC;
608 @@ -876,7 +842,7 @@ static int ablk_perform(struct ablkcipher_request *req, int encrypt)
610 crypt = get_crypt_desc();
615 crypt->data.ablk_req = req;
616 crypt->crypto_ctx = dir->npe_ctx_phys;
617 @@ -889,53 +855,41 @@ static int ablk_perform(struct ablkcipher_request *req, int encrypt)
618 BUG_ON(ivsize && !req->info);
619 memcpy(crypt->iv, req->info, ivsize);
620 if (req->src != req->dst) {
621 + struct buffer_desc dst_hook;
622 crypt->mode |= NPE_OP_NOT_IN_PLACE;
623 - nents = count_sg(req->dst, nbytes);
624 /* This was never tested by Intel
625 * for more than one dst buffer, I think. */
626 - BUG_ON(nents != 1);
627 - req_ctx->dst_nents = nents;
628 - dma_map_sg(dev, req->dst, nents, DMA_FROM_DEVICE);
629 - req_ctx->dst = dma_pool_alloc(buffer_pool, flags,&crypt->dst_buf);
631 - goto unmap_sg_dest;
632 - req_ctx->dst->phys_addr = 0;
633 - if (!chainup_buffers(req->dst, nbytes, req_ctx->dst, flags))
634 + BUG_ON(req->dst->length < nbytes);
635 + req_ctx->dst = NULL;
636 + if (!chainup_buffers(dev, req->dst, nbytes, &dst_hook,
637 + flags, DMA_FROM_DEVICE))
639 src_direction = DMA_TO_DEVICE;
640 + req_ctx->dst = dst_hook.next;
641 + crypt->dst_buf = dst_hook.phys_next;
644 - req_ctx->dst_nents = 0;
646 - nents = count_sg(req->src, nbytes);
647 - req_ctx->src_nents = nents;
648 - dma_map_sg(dev, req->src, nents, src_direction);
650 - req_ctx->src = dma_pool_alloc(buffer_pool, flags, &crypt->src_buf);
653 - req_ctx->src->phys_addr = 0;
654 - if (!chainup_buffers(req->src, nbytes, req_ctx->src, flags))
655 + req_ctx->src = NULL;
656 + if (!chainup_buffers(dev, req->src, nbytes, &src_hook,
657 + flags, src_direction))
660 + req_ctx->src = src_hook.next;
661 + crypt->src_buf = src_hook.phys_next;
662 crypt->ctl_flags |= CTL_FLAG_PERFORM_ABLK;
663 qmgr_put_entry(SEND_QID, crypt_virt2phys(crypt));
664 BUG_ON(qmgr_stat_overflow(SEND_QID));
668 - free_buf_chain(req_ctx->src, crypt->src_buf);
670 - dma_unmap_sg(dev, req->src, req_ctx->src_nents, src_direction);
671 + free_buf_chain(dev, req_ctx->src, crypt->src_buf);
673 if (req->src != req->dst) {
674 - free_buf_chain(req_ctx->dst, crypt->dst_buf);
676 - dma_unmap_sg(dev, req->src, req_ctx->dst_nents,
678 + free_buf_chain(dev, req_ctx->dst, crypt->dst_buf);
680 crypt->ctl_flags = CTL_FLAG_UNUSED;
685 static int ablk_encrypt(struct ablkcipher_request *req)
686 @@ -983,7 +937,7 @@ static int hmac_inconsistent(struct scatterlist *sg, unsigned start,
689 offset += sg->length;
691 + sg = scatterwalk_sg_next(sg);
693 return (start + nbytes > offset + sg->length);
695 @@ -995,11 +949,10 @@ static int aead_perform(struct aead_request *req, int encrypt,
696 struct ixp_ctx *ctx = crypto_aead_ctx(tfm);
697 unsigned ivsize = crypto_aead_ivsize(tfm);
698 unsigned authsize = crypto_aead_authsize(tfm);
700 struct ix_sa_dir *dir;
701 struct crypt_ctl *crypt;
702 - unsigned int cryptlen, nents;
703 - struct buffer_desc *buf;
704 + unsigned int cryptlen;
705 + struct buffer_desc *buf, src_hook;
706 struct aead_ctx *req_ctx = aead_request_ctx(req);
707 gfp_t flags = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ?
708 GFP_KERNEL : GFP_ATOMIC;
709 @@ -1020,7 +973,7 @@ static int aead_perform(struct aead_request *req, int encrypt,
711 crypt = get_crypt_desc();
716 crypt->data.aead_req = req;
717 crypt->crypto_ctx = dir->npe_ctx_phys;
718 @@ -1039,31 +992,27 @@ static int aead_perform(struct aead_request *req, int encrypt,
719 BUG(); /* -ENOTSUP because of my lazyness */
722 - req_ctx->buffer = dma_pool_alloc(buffer_pool, flags, &crypt->src_buf);
723 - if (!req_ctx->buffer)
725 - req_ctx->buffer->phys_addr = 0;
727 - nents = count_sg(req->assoc, req->assoclen);
728 - req_ctx->assoc_nents = nents;
729 - dma_map_sg(dev, req->assoc, nents, DMA_TO_DEVICE);
730 - buf = chainup_buffers(req->assoc, req->assoclen, req_ctx->buffer,flags);
731 + buf = chainup_buffers(dev, req->assoc, req->assoclen, &src_hook,
732 + flags, DMA_TO_DEVICE);
733 + req_ctx->buffer = src_hook.next;
734 + crypt->src_buf = src_hook.phys_next;
736 - goto unmap_sg_assoc;
739 sg_init_table(&req_ctx->ivlist, 1);
740 sg_set_buf(&req_ctx->ivlist, iv, ivsize);
741 - dma_map_sg(dev, &req_ctx->ivlist, 1, DMA_BIDIRECTIONAL);
742 - buf = chainup_buffers(&req_ctx->ivlist, ivsize, buf, flags);
743 + buf = chainup_buffers(dev, &req_ctx->ivlist, ivsize, buf, flags,
744 + DMA_BIDIRECTIONAL);
748 if (unlikely(hmac_inconsistent(req->src, cryptlen, authsize))) {
749 /* The 12 hmac bytes are scattered,
750 * we need to copy them into a safe buffer */
751 req_ctx->hmac_virt = dma_pool_alloc(buffer_pool, flags,
752 &crypt->icv_rev_aes);
753 if (unlikely(!req_ctx->hmac_virt))
757 scatterwalk_map_and_copy(req_ctx->hmac_virt,
758 req->src, cryptlen, authsize, 0);
759 @@ -1073,33 +1022,28 @@ static int aead_perform(struct aead_request *req, int encrypt,
760 req_ctx->hmac_virt = NULL;
763 - nents = count_sg(req->src, cryptlen + authsize);
764 - req_ctx->src_nents = nents;
765 - dma_map_sg(dev, req->src, nents, DMA_BIDIRECTIONAL);
766 - buf = chainup_buffers(req->src, cryptlen + authsize, buf, flags);
767 + buf = chainup_buffers(dev, req->src, cryptlen + authsize, buf, flags,
768 + DMA_BIDIRECTIONAL);
771 + goto free_hmac_virt;
772 if (!req_ctx->hmac_virt) {
773 crypt->icv_rev_aes = buf->phys_addr + buf->buf_len - authsize;
776 crypt->ctl_flags |= CTL_FLAG_PERFORM_AEAD;
777 qmgr_put_entry(SEND_QID, crypt_virt2phys(crypt));
778 BUG_ON(qmgr_stat_overflow(SEND_QID));
781 - dma_unmap_sg(dev, req->src, req_ctx->src_nents, DMA_BIDIRECTIONAL);
783 if (req_ctx->hmac_virt) {
784 dma_pool_free(buffer_pool, req_ctx->hmac_virt,
788 - dma_unmap_sg(dev, &req_ctx->ivlist, 1, DMA_BIDIRECTIONAL);
790 - dma_unmap_sg(dev, req->assoc, req_ctx->assoc_nents, DMA_TO_DEVICE);
791 - free_buf_chain(req_ctx->buffer, crypt->src_buf);
793 + free_buf_chain(dev, req_ctx->buffer, crypt->src_buf);
795 crypt->ctl_flags = CTL_FLAG_UNUSED;
800 static int aead_setup(struct crypto_aead *tfm, unsigned int authsize)
801 diff --git a/drivers/ide/pci/hpt366.c b/drivers/ide/pci/hpt366.c
802 index c37ab17..7e443a3 100644
803 --- a/drivers/ide/pci/hpt366.c
804 +++ b/drivers/ide/pci/hpt366.c
806 * the register setting lists into the table indexed by the clock selected
807 * - set the correct hwif->ultra_mask for each individual chip
808 * - add Ultra and MW DMA mode filtering for the HPT37[24] based SATA cards
809 + * - stop resetting HPT370's state machine before each DMA transfer as that has
810 + * caused more harm than good
811 * Sergei Shtylyov, <sshtylyov@ru.mvista.com> or <source@mvista.com>
815 #define DRV_NAME "hpt366"
817 /* various tuning parameters */
818 -#define HPT_RESET_STATE_ENGINE
819 +#undef HPT_RESET_STATE_ENGINE
820 #undef HPT_DELAY_INTERRUPT
821 #define HPT_SERIALIZE_IO 0
823 diff --git a/drivers/isdn/gigaset/bas-gigaset.c b/drivers/isdn/gigaset/bas-gigaset.c
824 index 3f11910..fcec2df 100644
825 --- a/drivers/isdn/gigaset/bas-gigaset.c
826 +++ b/drivers/isdn/gigaset/bas-gigaset.c
827 @@ -46,6 +46,9 @@ MODULE_PARM_DESC(cidmode, "Call-ID mode");
828 /* length limit according to Siemens 3070usb-protokoll.doc ch. 2.1 */
829 #define IF_WRITEBUF 264
831 +/* interrupt pipe message size according to ibid. ch. 2.2 */
832 +#define IP_MSGSIZE 3
834 /* Values for the Gigaset 307x */
835 #define USB_GIGA_VENDOR_ID 0x0681
836 #define USB_3070_PRODUCT_ID 0x0001
837 @@ -110,7 +113,7 @@ struct bas_cardstate {
838 unsigned char *rcvbuf; /* AT reply receive buffer */
840 struct urb *urb_int_in; /* URB for interrupt pipe */
841 - unsigned char int_in_buf[3];
842 + unsigned char *int_in_buf;
844 spinlock_t lock; /* locks all following */
845 int basstate; /* bitmap (BS_*) */
846 @@ -657,7 +660,7 @@ static void read_int_callback(struct urb *urb)
849 /* drop incomplete packets even if the missing bytes wouldn't matter */
850 - if (unlikely(urb->actual_length < 3)) {
851 + if (unlikely(urb->actual_length < IP_MSGSIZE)) {
852 dev_warn(cs->dev, "incomplete interrupt packet (%d bytes)\n",
855 @@ -2127,6 +2130,7 @@ static void gigaset_reinitbcshw(struct bc_state *bcs)
856 static void gigaset_freecshw(struct cardstate *cs)
858 /* timers, URBs and rcvbuf are disposed of in disconnect */
859 + kfree(cs->hw.bas->int_in_buf);
863 @@ -2232,6 +2236,12 @@ static int gigaset_probe(struct usb_interface *interface,
865 hostif = interface->cur_altsetting;
867 + ucs->int_in_buf = kmalloc(IP_MSGSIZE, GFP_KERNEL);
868 + if (!ucs->int_in_buf) {
870 + pr_err("out of memory\n");
874 /* Reject application specific interfaces
876 @@ -2290,7 +2300,7 @@ static int gigaset_probe(struct usb_interface *interface,
877 usb_fill_int_urb(ucs->urb_int_in, udev,
879 (endpoint->bEndpointAddress) & 0x0f),
880 - ucs->int_in_buf, 3, read_int_callback, cs,
881 + ucs->int_in_buf, IP_MSGSIZE, read_int_callback, cs,
882 endpoint->bInterval);
883 if ((rc = usb_submit_urb(ucs->urb_int_in, GFP_KERNEL)) != 0) {
884 dev_err(cs->dev, "could not submit interrupt URB: %s\n",
885 diff --git a/drivers/misc/thinkpad_acpi.c b/drivers/misc/thinkpad_acpi.c
886 index 34bb0e4..1a551a8 100644
887 --- a/drivers/misc/thinkpad_acpi.c
888 +++ b/drivers/misc/thinkpad_acpi.c
889 @@ -282,11 +282,17 @@ static u32 dbg_level;
891 static struct workqueue_struct *tpacpi_wq;
894 + TPACPI_LED_OFF = 0,
899 /* Special LED class that can defer work */
900 struct tpacpi_led_classdev {
901 struct led_classdev led_classdev;
902 struct work_struct work;
903 - enum led_brightness new_brightness;
904 + enum led_status_t new_state;
908 @@ -3478,7 +3484,7 @@ static void light_set_status_worker(struct work_struct *work)
909 container_of(work, struct tpacpi_led_classdev, work);
911 if (likely(tpacpi_lifecycle == TPACPI_LIFE_RUNNING))
912 - light_set_status((data->new_brightness != LED_OFF));
913 + light_set_status((data->new_state != TPACPI_LED_OFF));
916 static void light_sysfs_set(struct led_classdev *led_cdev,
917 @@ -3488,7 +3494,8 @@ static void light_sysfs_set(struct led_classdev *led_cdev,
918 container_of(led_cdev,
919 struct tpacpi_led_classdev,
921 - data->new_brightness = brightness;
922 + data->new_state = (brightness != LED_OFF) ?
923 + TPACPI_LED_ON : TPACPI_LED_OFF;
924 queue_work(tpacpi_wq, &data->work);
927 @@ -3995,12 +4002,6 @@ enum { /* For TPACPI_LED_OLD */
928 TPACPI_LED_EC_HLMS = 0x0e, /* EC reg to select led to command */
932 - TPACPI_LED_OFF = 0,
937 static enum led_access_mode led_supported;
939 TPACPI_HANDLE(led, ec, "SLED", /* 570 */
940 @@ -4094,23 +4095,13 @@ static int led_set_status(const unsigned int led,
944 -static void led_sysfs_set_status(unsigned int led,
945 - enum led_brightness brightness)
947 - led_set_status(led,
948 - (brightness == LED_OFF) ?
950 - (tpacpi_led_state_cache[led] == TPACPI_LED_BLINK) ?
951 - TPACPI_LED_BLINK : TPACPI_LED_ON);
954 static void led_set_status_worker(struct work_struct *work)
956 struct tpacpi_led_classdev *data =
957 container_of(work, struct tpacpi_led_classdev, work);
959 if (likely(tpacpi_lifecycle == TPACPI_LIFE_RUNNING))
960 - led_sysfs_set_status(data->led, data->new_brightness);
961 + led_set_status(data->led, data->new_state);
964 static void led_sysfs_set(struct led_classdev *led_cdev,
965 @@ -4119,7 +4110,13 @@ static void led_sysfs_set(struct led_classdev *led_cdev,
966 struct tpacpi_led_classdev *data = container_of(led_cdev,
967 struct tpacpi_led_classdev, led_classdev);
969 - data->new_brightness = brightness;
970 + if (brightness == LED_OFF)
971 + data->new_state = TPACPI_LED_OFF;
972 + else if (tpacpi_led_state_cache[data->led] != TPACPI_LED_BLINK)
973 + data->new_state = TPACPI_LED_ON;
975 + data->new_state = TPACPI_LED_BLINK;
977 queue_work(tpacpi_wq, &data->work);
980 @@ -4137,7 +4134,7 @@ static int led_sysfs_blink_set(struct led_classdev *led_cdev,
981 } else if ((*delay_on != 500) || (*delay_off != 500))
984 - data->new_brightness = TPACPI_LED_BLINK;
985 + data->new_state = TPACPI_LED_BLINK;
986 queue_work(tpacpi_wq, &data->work);
989 diff --git a/drivers/net/b44.c b/drivers/net/b44.c
990 index c3bda5c..f1521c6 100644
991 --- a/drivers/net/b44.c
992 +++ b/drivers/net/b44.c
993 @@ -750,7 +750,7 @@ static void b44_recycle_rx(struct b44 *bp, int src_idx, u32 dest_idx_unmasked)
994 dest_idx * sizeof(dest_desc),
997 - ssb_dma_sync_single_for_device(bp->sdev, le32_to_cpu(src_desc->addr),
998 + ssb_dma_sync_single_for_device(bp->sdev, dest_map->mapping,
1002 diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
1003 index 1b9c4dc..f9f29c9 100644
1004 --- a/drivers/net/bonding/bond_main.c
1005 +++ b/drivers/net/bonding/bond_main.c
1006 @@ -3516,11 +3516,26 @@ static int bond_slave_netdev_event(unsigned long event, struct net_device *slave
1011 - * TODO: is this what we get if somebody
1012 - * sets up a hierarchical bond, then rmmod's
1013 - * one of the slave bonding devices?
1015 + if (bond->params.mode == BOND_MODE_8023AD || bond_is_lb(bond)) {
1016 + struct slave *slave;
1018 + slave = bond_get_slave_by_dev(bond, slave_dev);
1020 + u16 old_speed = slave->speed;
1021 + u16 old_duplex = slave->duplex;
1023 + bond_update_speed_duplex(slave);
1025 + if (bond_is_lb(bond))
1028 + if (old_speed != slave->speed)
1029 + bond_3ad_adapter_speed_changed(slave);
1030 + if (old_duplex != slave->duplex)
1031 + bond_3ad_adapter_duplex_changed(slave);
1038 diff --git a/drivers/net/bonding/bonding.h b/drivers/net/bonding/bonding.h
1039 index fb730ec..0f6de5f 100644
1040 --- a/drivers/net/bonding/bonding.h
1041 +++ b/drivers/net/bonding/bonding.h
1042 @@ -248,6 +248,12 @@ static inline struct bonding *bond_get_bond_by_slave(struct slave *slave)
1043 return (struct bonding *)slave->dev->master->priv;
1046 +static inline bool bond_is_lb(const struct bonding *bond)
1048 + return bond->params.mode == BOND_MODE_TLB
1049 + || bond->params.mode == BOND_MODE_ALB;
1052 #define BOND_FOM_NONE 0
1053 #define BOND_FOM_ACTIVE 1
1054 #define BOND_FOM_FOLLOW 2
1055 diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c
1056 index 39c17bb..a98d31a 100644
1057 --- a/drivers/net/r8169.c
1058 +++ b/drivers/net/r8169.c
1059 @@ -375,6 +375,22 @@ enum features {
1060 RTL_FEATURE_GMII = (1 << 2),
1063 +struct rtl8169_counters {
1064 + __le64 tx_packets;
1065 + __le64 rx_packets;
1069 + __le16 align_errors;
1070 + __le32 tx_one_collision;
1071 + __le32 tx_multi_collision;
1072 + __le64 rx_unicast;
1073 + __le64 rx_broadcast;
1074 + __le32 rx_multicast;
1075 + __le16 tx_aborted;
1076 + __le16 tx_underun;
1079 struct rtl8169_private {
1080 void __iomem *mmio_addr; /* memory map physical address */
1081 struct pci_dev *pci_dev; /* Index of PCI device */
1082 @@ -416,6 +432,7 @@ struct rtl8169_private {
1085 struct mii_if_info mii;
1086 + struct rtl8169_counters counters;
1089 MODULE_AUTHOR("Realtek and the Linux r8169 crew <netdev@vger.kernel.org>");
1090 @@ -960,22 +977,6 @@ static const char rtl8169_gstrings[][ETH_GSTRING_LEN] = {
1094 -struct rtl8169_counters {
1095 - __le64 tx_packets;
1096 - __le64 rx_packets;
1100 - __le16 align_errors;
1101 - __le32 tx_one_collision;
1102 - __le32 tx_multi_collision;
1103 - __le64 rx_unicast;
1104 - __le64 rx_broadcast;
1105 - __le32 rx_multicast;
1106 - __le16 tx_aborted;
1107 - __le16 tx_underun;
1110 static int rtl8169_get_sset_count(struct net_device *dev, int sset)
1113 @@ -986,16 +987,21 @@ static int rtl8169_get_sset_count(struct net_device *dev, int sset)
1117 -static void rtl8169_get_ethtool_stats(struct net_device *dev,
1118 - struct ethtool_stats *stats, u64 *data)
1119 +static void rtl8169_update_counters(struct net_device *dev)
1121 struct rtl8169_private *tp = netdev_priv(dev);
1122 void __iomem *ioaddr = tp->mmio_addr;
1123 struct rtl8169_counters *counters;
1130 + * Some chips are unable to dump tally counters when the receiver
1133 + if ((RTL_R8(ChipCmd) & CmdRxEnb) == 0)
1136 counters = pci_alloc_consistent(tp->pci_dev, sizeof(*counters), &paddr);
1138 @@ -1006,31 +1012,45 @@ static void rtl8169_get_ethtool_stats(struct net_device *dev,
1139 RTL_W32(CounterAddrLow, cmd);
1140 RTL_W32(CounterAddrLow, cmd | CounterDump);
1142 - while (RTL_R32(CounterAddrLow) & CounterDump) {
1143 - if (msleep_interruptible(1))
1145 + if ((RTL_R32(CounterAddrLow) & CounterDump) == 0) {
1146 + /* copy updated counters */
1147 + memcpy(&tp->counters, counters, sizeof(*counters));
1153 RTL_W32(CounterAddrLow, 0);
1154 RTL_W32(CounterAddrHigh, 0);
1156 - data[0] = le64_to_cpu(counters->tx_packets);
1157 - data[1] = le64_to_cpu(counters->rx_packets);
1158 - data[2] = le64_to_cpu(counters->tx_errors);
1159 - data[3] = le32_to_cpu(counters->rx_errors);
1160 - data[4] = le16_to_cpu(counters->rx_missed);
1161 - data[5] = le16_to_cpu(counters->align_errors);
1162 - data[6] = le32_to_cpu(counters->tx_one_collision);
1163 - data[7] = le32_to_cpu(counters->tx_multi_collision);
1164 - data[8] = le64_to_cpu(counters->rx_unicast);
1165 - data[9] = le64_to_cpu(counters->rx_broadcast);
1166 - data[10] = le32_to_cpu(counters->rx_multicast);
1167 - data[11] = le16_to_cpu(counters->tx_aborted);
1168 - data[12] = le16_to_cpu(counters->tx_underun);
1170 pci_free_consistent(tp->pci_dev, sizeof(*counters), counters, paddr);
1173 +static void rtl8169_get_ethtool_stats(struct net_device *dev,
1174 + struct ethtool_stats *stats, u64 *data)
1176 + struct rtl8169_private *tp = netdev_priv(dev);
1180 + rtl8169_update_counters(dev);
1182 + data[0] = le64_to_cpu(tp->counters.tx_packets);
1183 + data[1] = le64_to_cpu(tp->counters.rx_packets);
1184 + data[2] = le64_to_cpu(tp->counters.tx_errors);
1185 + data[3] = le32_to_cpu(tp->counters.rx_errors);
1186 + data[4] = le16_to_cpu(tp->counters.rx_missed);
1187 + data[5] = le16_to_cpu(tp->counters.align_errors);
1188 + data[6] = le32_to_cpu(tp->counters.tx_one_collision);
1189 + data[7] = le32_to_cpu(tp->counters.tx_multi_collision);
1190 + data[8] = le64_to_cpu(tp->counters.rx_unicast);
1191 + data[9] = le64_to_cpu(tp->counters.rx_broadcast);
1192 + data[10] = le32_to_cpu(tp->counters.rx_multicast);
1193 + data[11] = le16_to_cpu(tp->counters.tx_aborted);
1194 + data[12] = le16_to_cpu(tp->counters.tx_underun);
1197 static void rtl8169_get_strings(struct net_device *dev, u32 stringset, u8 *data)
1200 @@ -1667,8 +1687,7 @@ rtl8169_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
1201 goto err_out_free_res_4;
1204 - /* Unneeded ? Don't mess with Mrs. Murphy. */
1205 - rtl8169_irq_mask_and_ack(ioaddr);
1206 + RTL_W16(IntrMask, 0x0000);
1208 /* Soft reset the chip. */
1209 RTL_W8(ChipCmd, CmdReset);
1210 @@ -1680,6 +1699,8 @@ rtl8169_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
1211 msleep_interruptible(1);
1214 + RTL_W16(IntrStatus, 0xffff);
1216 /* Identify chip attached to board */
1217 rtl8169_get_mac_version(tp, ioaddr);
1219 @@ -2529,13 +2550,6 @@ static int rtl8169_start_xmit(struct sk_buff *skb, struct net_device *dev)
1224 - if (unlikely(len < ETH_ZLEN)) {
1225 - if (skb_padto(skb, ETH_ZLEN))
1226 - goto err_update_stats;
1230 opts1 |= FirstFrag | LastFrag;
1231 tp->tx_skb[entry].skb = skb;
1233 @@ -2573,7 +2587,6 @@ out:
1235 netif_stop_queue(dev);
1236 ret = NETDEV_TX_BUSY;
1238 dev->stats.tx_dropped++;
1241 @@ -2979,6 +2992,9 @@ static int rtl8169_close(struct net_device *dev)
1242 struct rtl8169_private *tp = netdev_priv(dev);
1243 struct pci_dev *pdev = tp->pci_dev;
1245 + /* update counters before going down */
1246 + rtl8169_update_counters(dev);
1250 free_irq(dev->irq, dev);
1251 diff --git a/drivers/net/wireless/ath9k/ath9k.h b/drivers/net/wireless/ath9k/ath9k.h
1252 index d1b0fba..8ccf374 100644
1253 --- a/drivers/net/wireless/ath9k/ath9k.h
1254 +++ b/drivers/net/wireless/ath9k/ath9k.h
1255 @@ -591,8 +591,8 @@ struct ath9k_country_entry {
1259 -#define REG_WRITE(_ah, _reg, _val) iowrite32(_val, _ah->ah_sh + _reg)
1260 -#define REG_READ(_ah, _reg) ioread32(_ah->ah_sh + _reg)
1261 +#define REG_WRITE(_ah, _reg, _val) ath9k_iowrite32((_ah), (_reg), (_val))
1262 +#define REG_READ(_ah, _reg) ath9k_ioread32((_ah), (_reg))
1264 #define SM(_v, _f) (((_v) << _f##_S) & _f)
1265 #define MS(_v, _f) (((_v) & _f) >> _f##_S)
1266 diff --git a/drivers/net/wireless/ath9k/core.c b/drivers/net/wireless/ath9k/core.c
1267 index 87e37bc..e50ba6d 100644
1268 --- a/drivers/net/wireless/ath9k/core.c
1269 +++ b/drivers/net/wireless/ath9k/core.c
1270 @@ -1120,6 +1120,7 @@ int ath_init(u16 devid, struct ath_softc *sc)
1271 sc->sc_cachelsz = csz << 2; /* convert to bytes */
1273 spin_lock_init(&sc->sc_resetlock);
1274 + spin_lock_init(&sc->sc_serial_rw);
1276 ah = ath9k_hw_attach(devid, sc, sc->mem, &status);
1278 diff --git a/drivers/net/wireless/ath9k/core.h b/drivers/net/wireless/ath9k/core.h
1279 index 88f4cc3..51ef315 100644
1280 --- a/drivers/net/wireless/ath9k/core.h
1281 +++ b/drivers/net/wireless/ath9k/core.h
1282 @@ -1022,6 +1022,7 @@ struct ath_softc {
1283 spinlock_t sc_rxbuflock;
1284 spinlock_t sc_txbuflock;
1285 spinlock_t sc_resetlock;
1286 + spinlock_t sc_serial_rw;
1287 spinlock_t node_lock;
1290 @@ -1069,4 +1070,36 @@ void ath_skb_unmap_single(struct ath_softc *sc,
1291 void ath_mcast_merge(struct ath_softc *sc, u32 mfilt[2]);
1292 enum ath9k_ht_macmode ath_cwm_macmode(struct ath_softc *sc);
1295 + * Read and write, they both share the same lock. We do this to serialize
1296 + * reads and writes on Atheros 802.11n PCI devices only. This is required
1297 + * as the FIFO on these devices can only accept sanely 2 requests. After
1298 + * that the device goes bananas. Serializing the reads/writes prevents this
1302 +static inline void ath9k_iowrite32(struct ath_hal *ah, u32 reg_offset, u32 val)
1304 + if (ah->ah_config.serialize_regmode == SER_REG_MODE_ON) {
1305 + unsigned long flags;
1306 + spin_lock_irqsave(&ah->ah_sc->sc_serial_rw, flags);
1307 + iowrite32(val, ah->ah_sc->mem + reg_offset);
1308 + spin_unlock_irqrestore(&ah->ah_sc->sc_serial_rw, flags);
1310 + iowrite32(val, ah->ah_sc->mem + reg_offset);
1313 +static inline unsigned int ath9k_ioread32(struct ath_hal *ah, u32 reg_offset)
1316 + if (ah->ah_config.serialize_regmode == SER_REG_MODE_ON) {
1317 + unsigned long flags;
1318 + spin_lock_irqsave(&ah->ah_sc->sc_serial_rw, flags);
1319 + val = ioread32(ah->ah_sc->mem + reg_offset);
1320 + spin_unlock_irqrestore(&ah->ah_sc->sc_serial_rw, flags);
1322 + val = ioread32(ah->ah_sc->mem + reg_offset);
1327 diff --git a/drivers/net/wireless/ath9k/hw.c b/drivers/net/wireless/ath9k/hw.c
1328 index 69120b5..c40b677 100644
1329 --- a/drivers/net/wireless/ath9k/hw.c
1330 +++ b/drivers/net/wireless/ath9k/hw.c
1331 @@ -369,6 +369,25 @@ static void ath9k_hw_set_defaults(struct ath_hal *ah)
1334 ah->ah_config.intr_mitigation = 0;
1337 + * We need this for PCI devices only (Cardbus, PCI, miniPCI)
1338 + * _and_ if on non-uniprocessor systems (Multiprocessor/HT).
1339 + * This means we use it for all AR5416 devices, and the few
1340 + * minor PCI AR9280 devices out there.
1342 + * Serialization is required because these devices do not handle
1343 + * well the case of two concurrent reads/writes due to the latency
1344 + * involved. During one read/write another read/write can be issued
1345 + * on another CPU while the previous read/write may still be working
1346 + * on our hardware, if we hit this case the hardware poops in a loop.
1347 + * We prevent this by serializing reads and writes.
1349 + * This issue is not present on PCI-Express devices or pre-AR5416
1350 + * devices (legacy, 802.11abg).
1352 + if (num_possible_cpus() > 1)
1353 + ah->ah_config.serialize_regmode = SER_REG_MODE_AUTO;
1356 static inline void ath9k_hw_override_ini(struct ath_hal *ah,
1357 @@ -3294,7 +3313,8 @@ static struct ath_hal *ath9k_hw_do_attach(u16 devid,
1360 if (ah->ah_config.serialize_regmode == SER_REG_MODE_AUTO) {
1361 - if (ah->ah_macVersion == AR_SREV_VERSION_5416_PCI) {
1362 + if (ah->ah_macVersion == AR_SREV_VERSION_5416_PCI ||
1363 + (AR_SREV_9280(ah) && !ah->ah_isPciExpress)) {
1364 ah->ah_config.serialize_regmode =
1367 diff --git a/drivers/net/wireless/b43/xmit.c b/drivers/net/wireless/b43/xmit.c
1368 index 9dda816..4102aaa 100644
1369 --- a/drivers/net/wireless/b43/xmit.c
1370 +++ b/drivers/net/wireless/b43/xmit.c
1371 @@ -51,7 +51,7 @@ static int b43_plcp_get_bitrate_idx_cck(struct b43_plcp_hdr6 *plcp)
1374 /* Extract the bitrate index out of an OFDM PLCP header. */
1375 -static u8 b43_plcp_get_bitrate_idx_ofdm(struct b43_plcp_hdr6 *plcp, bool aphy)
1376 +static int b43_plcp_get_bitrate_idx_ofdm(struct b43_plcp_hdr6 *plcp, bool aphy)
1378 int base = aphy ? 0 : 4;
1380 diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c
1381 index 55ac5c3..cb009f3 100644
1382 --- a/drivers/scsi/libiscsi.c
1383 +++ b/drivers/scsi/libiscsi.c
1384 @@ -1807,12 +1807,14 @@ iscsi_pool_init(struct iscsi_pool *q, int max, void ***items, int item_size)
1386 q->pool = kzalloc(num_arrays * max * sizeof(void*), GFP_KERNEL);
1387 if (q->pool == NULL)
1391 q->queue = kfifo_init((void*)q->pool, max * sizeof(void*),
1393 - if (q->queue == ERR_PTR(-ENOMEM))
1394 + if (IS_ERR(q->queue)) {
1399 for (i = 0; i < max; i++) {
1400 q->pool[i] = kzalloc(item_size, GFP_KERNEL);
1401 @@ -1842,8 +1844,7 @@ void iscsi_pool_free(struct iscsi_pool *q)
1403 for (i = 0; i < q->max; i++)
1410 EXPORT_SYMBOL_GPL(iscsi_pool_free);
1411 diff --git a/drivers/usb/class/cdc-wdm.c b/drivers/usb/class/cdc-wdm.c
1412 index 023a4e9..abbdb31 100644
1413 --- a/drivers/usb/class/cdc-wdm.c
1414 +++ b/drivers/usb/class/cdc-wdm.c
1415 @@ -641,7 +641,7 @@ next_desc:
1417 iface = &intf->altsetting[0];
1418 ep = &iface->endpoint[0].desc;
1419 - if (!usb_endpoint_is_int_in(ep)) {
1420 + if (!ep || !usb_endpoint_is_int_in(ep)) {
1424 diff --git a/drivers/usb/gadget/f_rndis.c b/drivers/usb/gadget/f_rndis.c
1425 index 3a8bb53..fd7b356 100644
1426 --- a/drivers/usb/gadget/f_rndis.c
1427 +++ b/drivers/usb/gadget/f_rndis.c
1428 @@ -437,7 +437,7 @@ invalid:
1429 DBG(cdev, "rndis req%02x.%02x v%04x i%04x l%d\n",
1430 ctrl->bRequestType, ctrl->bRequest,
1431 w_value, w_index, w_length);
1433 + req->zero = (value < w_length);
1434 req->length = value;
1435 value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
1437 diff --git a/drivers/usb/gadget/u_ether.c b/drivers/usb/gadget/u_ether.c
1438 index 38a55af..bb3d7c3 100644
1439 --- a/drivers/usb/gadget/u_ether.c
1440 +++ b/drivers/usb/gadget/u_ether.c
1441 @@ -175,12 +175,6 @@ static void eth_get_drvinfo(struct net_device *net, struct ethtool_drvinfo *p)
1442 strlcpy(p->bus_info, dev_name(&dev->gadget->dev), sizeof p->bus_info);
1445 -static u32 eth_get_link(struct net_device *net)
1447 - struct eth_dev *dev = netdev_priv(net);
1448 - return dev->gadget->speed != USB_SPEED_UNKNOWN;
1451 /* REVISIT can also support:
1452 * - WOL (by tracking suspends and issuing remote wakeup)
1453 * - msglevel (implies updated messaging)
1454 @@ -189,7 +183,7 @@ static u32 eth_get_link(struct net_device *net)
1456 static struct ethtool_ops ops = {
1457 .get_drvinfo = eth_get_drvinfo,
1458 - .get_link = eth_get_link
1459 + .get_link = ethtool_op_get_link,
1462 static void defer_kevent(struct eth_dev *dev, int flag)
1463 diff --git a/drivers/usb/host/ehci-q.c b/drivers/usb/host/ehci-q.c
1464 index ecc9b66..01132ac 100644
1465 --- a/drivers/usb/host/ehci-q.c
1466 +++ b/drivers/usb/host/ehci-q.c
1467 @@ -333,12 +333,40 @@ qh_completions (struct ehci_hcd *ehci, struct ehci_qh *qh)
1468 token = hc32_to_cpu(ehci, qtd->hw_token);
1470 /* always clean up qtds the hc de-activated */
1472 if ((token & QTD_STS_ACTIVE) == 0) {
1474 /* on STALL, error, and short reads this urb must
1475 * complete and all its qtds must be recycled.
1477 if ((token & QTD_STS_HALT) != 0) {
1479 + /* retry transaction errors until we
1480 + * reach the software xacterr limit
1482 + if ((token & QTD_STS_XACT) &&
1483 + QTD_CERR(token) == 0 &&
1484 + --qh->xacterrs > 0 &&
1487 + "detected XactErr len %d/%d retry %d\n",
1488 + qtd->length - QTD_LENGTH(token), qtd->length,
1489 + QH_XACTERR_MAX - qh->xacterrs);
1491 + /* reset the token in the qtd and the
1492 + * qh overlay (which still contains
1493 + * the qtd) so that we pick up from
1494 + * where we left off
1496 + token &= ~QTD_STS_HALT;
1497 + token |= QTD_STS_ACTIVE |
1498 + (EHCI_TUNE_CERR << 10);
1499 + qtd->hw_token = cpu_to_hc32(ehci,
1502 + qh->hw_token = cpu_to_hc32(ehci, token);
1503 + goto retry_xacterr;
1507 /* magic dummy for some short reads; qh won't advance.
1508 @@ -421,6 +449,9 @@ halt:
1509 /* remove qtd; it's recycled after possible urb completion */
1510 list_del (&qtd->qtd_list);
1513 + /* reinit the xacterr counter for the next qtd */
1514 + qh->xacterrs = QH_XACTERR_MAX;
1517 /* last urb's completion might still need calling */
1518 @@ -862,6 +893,7 @@ static void qh_link_async (struct ehci_hcd *ehci, struct ehci_qh *qh)
1519 head->qh_next.qh = qh;
1520 head->hw_next = dma;
1522 + qh->xacterrs = QH_XACTERR_MAX;
1523 qh->qh_state = QH_STATE_LINKED;
1524 /* qtd completions reported later by interrupt */
1526 diff --git a/drivers/usb/host/ehci.h b/drivers/usb/host/ehci.h
1527 index 33459d7..c165fe4 100644
1528 --- a/drivers/usb/host/ehci.h
1529 +++ b/drivers/usb/host/ehci.h
1530 @@ -500,6 +500,9 @@ struct ehci_qh {
1531 #define QH_STATE_UNLINK_WAIT 4 /* LINKED and on reclaim q */
1532 #define QH_STATE_COMPLETING 5 /* don't touch token.HALT */
1534 + u8 xacterrs; /* XactErr retry counter */
1535 +#define QH_XACTERR_MAX 32 /* XactErr retry limit */
1537 /* periodic schedule info */
1538 u8 usecs; /* intr bandwidth */
1539 u8 gap_uf; /* uframes split/csplit gap */
1540 diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
1541 index 2d78712..13b34bc 100644
1542 --- a/drivers/usb/serial/ftdi_sio.c
1543 +++ b/drivers/usb/serial/ftdi_sio.c
1544 @@ -662,6 +662,7 @@ static struct usb_device_id id_table_combined [] = {
1545 { USB_DEVICE(DE_VID, WHT_PID) },
1546 { USB_DEVICE(ADI_VID, ADI_GNICE_PID),
1547 .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
1548 + { USB_DEVICE(JETI_VID, JETI_SPC1201_PID) },
1549 { }, /* Optional parameter entry */
1550 { } /* Terminating entry */
1552 diff --git a/drivers/usb/serial/ftdi_sio.h b/drivers/usb/serial/ftdi_sio.h
1553 index 80fa76e..3425122 100644
1554 --- a/drivers/usb/serial/ftdi_sio.h
1555 +++ b/drivers/usb/serial/ftdi_sio.h
1556 @@ -890,6 +890,13 @@
1557 #define ADI_GNICE_PID 0xF000
1560 + * JETI SPECTROMETER SPECBOS 1201
1561 + * http://www.jeti.com/products/sys/scb/scb1201.php
1563 +#define JETI_VID 0x0c6c
1564 +#define JETI_SPC1201_PID 0x04b2
1567 * BmRequestType: 1100 0000b
1568 * bRequest: FTDI_E2_READ
1570 diff --git a/drivers/usb/storage/cypress_atacb.c b/drivers/usb/storage/cypress_atacb.c
1571 index 898e67d..9466a99 100644
1572 --- a/drivers/usb/storage/cypress_atacb.c
1573 +++ b/drivers/usb/storage/cypress_atacb.c
1574 @@ -133,19 +133,18 @@ void cypress_atacb_passthrough(struct scsi_cmnd *srb, struct us_data *us)
1576 /* build the command for
1577 * reading the ATA registers */
1578 - scsi_eh_prep_cmnd(srb, &ses, NULL, 0, 0);
1579 - srb->sdb.length = sizeof(regs);
1580 - sg_init_one(&ses.sense_sgl, regs, srb->sdb.length);
1581 - srb->sdb.table.sgl = &ses.sense_sgl;
1582 - srb->sc_data_direction = DMA_FROM_DEVICE;
1583 - srb->sdb.table.nents = 1;
1584 + scsi_eh_prep_cmnd(srb, &ses, NULL, 0, sizeof(regs));
1586 /* we use the same command as before, but we set
1587 * the read taskfile bit, for not executing atacb command,
1588 * but reading register selected in srb->cmnd[4]
1590 + srb->cmd_len = 16;
1591 + srb->cmnd = ses.cmnd;
1594 usb_stor_transparent_scsi_command(srb, us);
1595 + memcpy(regs, srb->sense_buffer, sizeof(regs));
1596 tmp_result = srb->result;
1597 scsi_eh_restore_cmnd(srb, &ses);
1598 /* we fail to get registers, report invalid command */
1599 @@ -162,8 +161,8 @@ void cypress_atacb_passthrough(struct scsi_cmnd *srb, struct us_data *us)
1601 /* XXX we should generate sk, asc, ascq from status and error
1603 - * (see 11.1 Error translation  ATA device error to SCSI error map)
1604 - * and ata_to_sense_error from libata.
1605 + * (see 11.1 Error translation ATA device error to SCSI error
1606 + * map, and ata_to_sense_error from libata.)
1609 /* Sense data is current and format is descriptor. */
1610 diff --git a/drivers/usb/storage/scsiglue.c b/drivers/usb/storage/scsiglue.c
1611 index 8daaace..5f484ae 100644
1612 --- a/drivers/usb/storage/scsiglue.c
1613 +++ b/drivers/usb/storage/scsiglue.c
1614 @@ -135,6 +135,12 @@ static int slave_configure(struct scsi_device *sdev)
1615 if (sdev->request_queue->max_sectors > max_sectors)
1616 blk_queue_max_sectors(sdev->request_queue,
1618 + } else if (sdev->type == TYPE_TAPE) {
1619 + /* Tapes need much higher max_sector limits, so just
1620 + * raise it to the maximum possible (4 GB / 512) and
1621 + * let the queue segment size sort out the real limit.
1623 + blk_queue_max_sectors(sdev->request_queue, 0x7FFFFF);
1626 /* We can't put these settings in slave_alloc() because that gets
1627 diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h
1628 index d21995a..4cf1617 100644
1629 --- a/drivers/usb/storage/unusual_devs.h
1630 +++ b/drivers/usb/storage/unusual_devs.h
1631 @@ -1241,12 +1241,14 @@ UNUSUAL_DEV( 0x07c4, 0xa400, 0x0000, 0xffff,
1632 US_SC_DEVICE, US_PR_DEVICE, NULL,
1633 US_FL_FIX_INQUIRY ),
1635 -/* Reported by Rauch Wolke <rauchwolke@gmx.net> */
1636 +/* Reported by Rauch Wolke <rauchwolke@gmx.net>
1637 + * and augmented by binbin <binbinsh@gmail.com> (Bugzilla #12882)
1639 UNUSUAL_DEV( 0x07c4, 0xa4a5, 0x0000, 0xffff,
1640 "Simple Tech/Datafab",
1642 US_SC_DEVICE, US_PR_DEVICE, NULL,
1643 - US_FL_IGNORE_RESIDUE ),
1644 + US_FL_IGNORE_RESIDUE | US_FL_MAX_SECTORS_64 ),
1646 /* Casio QV 2x00/3x00/4000/8000 digital still cameras are not conformant
1647 * to the USB storage specification in two ways:
1648 diff --git a/fs/buffer.c b/fs/buffer.c
1649 index a542f97..a5d806d 100644
1652 @@ -3042,7 +3042,7 @@ int sync_dirty_buffer(struct buffer_head *bh)
1653 if (test_clear_buffer_dirty(bh)) {
1655 bh->b_end_io = end_buffer_write_sync;
1656 - ret = submit_bh(WRITE_SYNC, bh);
1657 + ret = submit_bh(WRITE, bh);
1659 if (buffer_eopnotsupp(bh)) {
1660 clear_buffer_eopnotsupp(bh);
1661 diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
1662 index 088e9ae..455257e 100644
1663 --- a/fs/cifs/CHANGES
1664 +++ b/fs/cifs/CHANGES
1666 Fix oops in cifs_dfs_ref.c when prefixpath is not reachable when using DFS.
1667 +Fix "redzone overwritten" bug in cifs_put_tcon (CIFSTcon may allocate too
1668 +little memory for the "nativeFileSystem" field returned by the server
1673 diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
1674 index 8f0f86d..9231e0a 100644
1675 --- a/fs/cifs/cifssmb.c
1676 +++ b/fs/cifs/cifssmb.c
1677 @@ -2348,8 +2348,10 @@ winCreateHardLinkRetry:
1678 PATH_MAX, nls_codepage, remap);
1679 name_len++; /* trailing null */
1681 - pSMB->OldFileName[name_len] = 0; /* pad */
1682 - pSMB->OldFileName[name_len + 1] = 0x04;
1684 + /* protocol specifies ASCII buffer format (0x04) for unicode */
1685 + pSMB->OldFileName[name_len] = 0x04;
1686 + pSMB->OldFileName[name_len + 1] = 0x00; /* pad */
1688 cifsConvertToUCS((__le16 *)&pSMB->OldFileName[name_len + 2],
1689 toName, PATH_MAX, nls_codepage, remap);
1690 diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
1691 index f254235..21a1abf 100644
1692 --- a/fs/cifs/connect.c
1693 +++ b/fs/cifs/connect.c
1694 @@ -3549,7 +3549,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
1695 BCC(smb_buffer_response)) {
1696 kfree(tcon->nativeFileSystem);
1697 tcon->nativeFileSystem =
1698 - kzalloc(length + 2, GFP_KERNEL);
1699 + kzalloc(2*(length + 1), GFP_KERNEL);
1700 if (tcon->nativeFileSystem)
1702 tcon->nativeFileSystem,
1703 diff --git a/fs/compat.c b/fs/compat.c
1704 index a76455b..a53216d 100644
1707 @@ -1353,12 +1353,17 @@ int compat_do_execve(char * filename,
1709 struct linux_binprm *bprm;
1711 + struct files_struct *displaced;
1714 + retval = unshare_files(&displaced);
1719 bprm = kzalloc(sizeof(*bprm), GFP_KERNEL);
1724 file = open_exec(filename);
1725 retval = PTR_ERR(file);
1726 @@ -1410,6 +1415,8 @@ int compat_do_execve(char * filename,
1727 security_bprm_free(bprm);
1728 acct_update_integrals(current);
1731 + put_files_struct(displaced);
1735 @@ -1430,6 +1437,9 @@ out_file:
1741 + reset_files_struct(displaced);
1745 diff --git a/fs/dquot.c b/fs/dquot.c
1746 index 8ec4d6c..150fc96 100644
1749 @@ -726,7 +726,7 @@ static void add_dquot_ref(struct super_block *sb, int type)
1751 if (!dqinit_needed(inode, type))
1753 - if (inode->i_state & (I_FREEING|I_WILL_FREE))
1754 + if (inode->i_state & (I_FREEING|I_CLEAR|I_WILL_FREE))
1758 diff --git a/fs/drop_caches.c b/fs/drop_caches.c
1759 index 3e5637f..f7e66c0 100644
1760 --- a/fs/drop_caches.c
1761 +++ b/fs/drop_caches.c
1762 @@ -18,7 +18,7 @@ static void drop_pagecache_sb(struct super_block *sb)
1764 spin_lock(&inode_lock);
1765 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) {
1766 - if (inode->i_state & (I_FREEING|I_WILL_FREE))
1767 + if (inode->i_state & (I_FREEING|I_CLEAR|I_WILL_FREE))
1769 if (inode->i_mapping->nrpages == 0)
1771 diff --git a/fs/exec.c b/fs/exec.c
1772 index 5027d01..5ec0f56 100644
1775 @@ -1089,9 +1089,7 @@ static int unsafe_exec(struct task_struct *p)
1777 int unsafe = tracehook_unsafe_exec(p);
1779 - if (atomic_read(&p->fs->count) > 1 ||
1780 - atomic_read(&p->files->count) > 1 ||
1781 - atomic_read(&p->sighand->count) > 1)
1782 + if (atomic_read(&p->fs->count) > 1)
1783 unsafe |= LSM_UNSAFE_SHARE;
1786 diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
1787 index 6caa023..6b60261 100644
1788 --- a/fs/fs-writeback.c
1789 +++ b/fs/fs-writeback.c
1790 @@ -538,7 +538,8 @@ void generic_sync_sb_inodes(struct super_block *sb,
1791 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) {
1792 struct address_space *mapping;
1794 - if (inode->i_state & (I_FREEING|I_WILL_FREE|I_NEW))
1795 + if (inode->i_state &
1796 + (I_FREEING|I_CLEAR|I_WILL_FREE|I_NEW))
1798 mapping = inode->i_mapping;
1799 if (mapping->nrpages == 0)
1800 diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
1801 index 3f58923..a12a6b3 100644
1802 --- a/fs/hugetlbfs/inode.c
1803 +++ b/fs/hugetlbfs/inode.c
1805 #include <linux/pagevec.h>
1806 #include <linux/parser.h>
1807 #include <linux/mman.h>
1808 -#include <linux/quotaops.h>
1809 #include <linux/slab.h>
1810 #include <linux/dnotify.h>
1811 #include <linux/statfs.h>
1812 @@ -838,7 +837,7 @@ hugetlbfs_parse_options(char *options, struct hugetlbfs_config *pconfig)
1814 printk(KERN_ERR "hugetlbfs: Bad value '%s' for mount option '%s'\n",
1821 diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
1822 index ec2ed15..6f7ea0a 100644
1823 --- a/fs/ocfs2/file.c
1824 +++ b/fs/ocfs2/file.c
1825 @@ -2089,7 +2089,7 @@ static ssize_t ocfs2_file_splice_write(struct pipe_inode_info *pipe,
1826 out->f_path.dentry->d_name.len,
1827 out->f_path.dentry->d_name.name);
1829 - inode_double_lock(inode, pipe->inode);
1830 + mutex_lock_nested(&inode->i_mutex, I_MUTEX_PARENT);
1832 ret = ocfs2_rw_lock(inode, 1);
1834 @@ -2104,12 +2104,16 @@ static ssize_t ocfs2_file_splice_write(struct pipe_inode_info *pipe,
1839 + mutex_lock_nested(&pipe->inode->i_mutex, I_MUTEX_CHILD);
1840 ret = generic_file_splice_write_nolock(pipe, out, ppos, len, flags);
1842 + mutex_unlock(&pipe->inode->i_mutex);
1845 ocfs2_rw_unlock(inode, 1);
1847 - inode_double_unlock(inode, pipe->inode);
1848 + mutex_unlock(&inode->i_mutex);
1852 diff --git a/fs/proc/base.c b/fs/proc/base.c
1853 index a28840b..0e910b3 100644
1854 --- a/fs/proc/base.c
1855 +++ b/fs/proc/base.c
1856 @@ -151,15 +151,22 @@ static unsigned int pid_entry_count_dirs(const struct pid_entry *entries,
1858 EXPORT_SYMBOL(maps_protect);
1860 -static struct fs_struct *get_fs_struct(struct task_struct *task)
1861 +static int get_fs_path(struct task_struct *task, struct path *path, bool root)
1863 struct fs_struct *fs;
1864 + int result = -ENOENT;
1869 - atomic_inc(&fs->count);
1871 + read_lock(&fs->lock);
1872 + *path = root ? fs->root : fs->pwd;
1874 + read_unlock(&fs->lock);
1882 static int get_nr_threads(struct task_struct *tsk)
1883 @@ -178,42 +185,24 @@ static int get_nr_threads(struct task_struct *tsk)
1884 static int proc_cwd_link(struct inode *inode, struct path *path)
1886 struct task_struct *task = get_proc_task(inode);
1887 - struct fs_struct *fs = NULL;
1888 int result = -ENOENT;
1891 - fs = get_fs_struct(task);
1892 + result = get_fs_path(task, path, 0);
1893 put_task_struct(task);
1896 - read_lock(&fs->lock);
1898 - path_get(&fs->pwd);
1899 - read_unlock(&fs->lock);
1901 - put_fs_struct(fs);
1906 static int proc_root_link(struct inode *inode, struct path *path)
1908 struct task_struct *task = get_proc_task(inode);
1909 - struct fs_struct *fs = NULL;
1910 int result = -ENOENT;
1913 - fs = get_fs_struct(task);
1914 + result = get_fs_path(task, path, 1);
1915 put_task_struct(task);
1918 - read_lock(&fs->lock);
1920 - path_get(&fs->root);
1921 - read_unlock(&fs->lock);
1923 - put_fs_struct(fs);
1928 @@ -575,7 +564,6 @@ static int mounts_open_common(struct inode *inode, struct file *file,
1929 struct task_struct *task = get_proc_task(inode);
1930 struct nsproxy *nsp;
1931 struct mnt_namespace *ns = NULL;
1932 - struct fs_struct *fs = NULL;
1934 struct proc_mounts *p;
1936 @@ -589,22 +577,16 @@ static int mounts_open_common(struct inode *inode, struct file *file,
1941 - fs = get_fs_struct(task);
1942 + if (ns && get_fs_path(task, &root, 1) == 0)
1944 put_task_struct(task);
1953 - read_lock(&fs->lock);
1956 - read_unlock(&fs->lock);
1957 - put_fs_struct(fs);
1960 p = kmalloc(sizeof(struct proc_mounts), GFP_KERNEL);
1962 diff --git a/fs/splice.c b/fs/splice.c
1963 index 6d310c7..aea1eb4 100644
1966 @@ -735,10 +735,19 @@ ssize_t splice_from_pipe(struct pipe_inode_info *pipe, struct file *out,
1967 * ->commit_write. Most of the time, these expect i_mutex to
1968 * be held. Since this may result in an ABBA deadlock with
1969 * pipe->inode, we have to order lock acquiry here.
1971 + * Outer lock must be inode->i_mutex, as pipe_wait() will
1972 + * release and reacquire pipe->inode->i_mutex, AND inode must
1973 + * never be a pipe.
1975 - inode_double_lock(inode, pipe->inode);
1976 + WARN_ON(S_ISFIFO(inode->i_mode));
1977 + mutex_lock_nested(&inode->i_mutex, I_MUTEX_PARENT);
1979 + mutex_lock_nested(&pipe->inode->i_mutex, I_MUTEX_CHILD);
1980 ret = __splice_from_pipe(pipe, &sd, actor);
1981 - inode_double_unlock(inode, pipe->inode);
1983 + mutex_unlock(&pipe->inode->i_mutex);
1984 + mutex_unlock(&inode->i_mutex);
1988 @@ -829,11 +838,17 @@ generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
1992 - inode_double_lock(inode, pipe->inode);
1993 + WARN_ON(S_ISFIFO(inode->i_mode));
1994 + mutex_lock_nested(&inode->i_mutex, I_MUTEX_PARENT);
1995 ret = file_remove_suid(out);
1997 + if (likely(!ret)) {
1999 + mutex_lock_nested(&pipe->inode->i_mutex, I_MUTEX_CHILD);
2000 ret = __splice_from_pipe(pipe, &sd, pipe_to_file);
2001 - inode_double_unlock(inode, pipe->inode);
2003 + mutex_unlock(&pipe->inode->i_mutex);
2005 + mutex_unlock(&inode->i_mutex);
2007 unsigned long nr_pages;
2009 diff --git a/include/linux/capability.h b/include/linux/capability.h
2010 index 28863f4..dc09ff6 100644
2011 --- a/include/linux/capability.h
2012 +++ b/include/linux/capability.h
2013 @@ -366,7 +366,21 @@ typedef struct kernel_cap_struct {
2014 #define CAP_FOR_EACH_U32(__capi) \
2015 for (__capi = 0; __capi < _KERNEL_CAPABILITY_U32S; ++__capi)
2018 + * CAP_FS_MASK and CAP_NFSD_MASKS:
2020 + * The fs mask is all the privileges that fsuid==0 historically meant.
2021 + * At one time in the past, that included CAP_MKNOD and CAP_LINUX_IMMUTABLE.
2023 + * It has never meant setting security.* and trusted.* xattrs.
2025 + * We could also define fsmask as follows:
2026 + * 1. CAP_FS_MASK is the privilege to bypass all fs-related DAC permissions
2027 + * 2. The security.* and trusted.* xattrs are fs-related MAC permissions
2030 # define CAP_FS_MASK_B0 (CAP_TO_MASK(CAP_CHOWN) \
2031 + | CAP_TO_MASK(CAP_MKNOD) \
2032 | CAP_TO_MASK(CAP_DAC_OVERRIDE) \
2033 | CAP_TO_MASK(CAP_DAC_READ_SEARCH) \
2034 | CAP_TO_MASK(CAP_FOWNER) \
2035 @@ -381,11 +395,12 @@ typedef struct kernel_cap_struct {
2036 # define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }})
2037 # define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }})
2038 # define CAP_INIT_EFF_SET ((kernel_cap_t){{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }})
2039 -# define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } })
2040 +# define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
2041 + | CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \
2042 + CAP_FS_MASK_B1 } })
2043 # define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
2044 - | CAP_TO_MASK(CAP_SYS_RESOURCE) \
2045 - | CAP_TO_MASK(CAP_MKNOD), \
2046 - CAP_FS_MASK_B1 } })
2047 + | CAP_TO_MASK(CAP_SYS_RESOURCE), \
2048 + CAP_FS_MASK_B1 } })
2050 #endif /* _KERNEL_CAPABILITY_U32S != 2 */
2052 diff --git a/include/linux/pci_regs.h b/include/linux/pci_regs.h
2053 index 450684f..f5cd050 100644
2054 --- a/include/linux/pci_regs.h
2055 +++ b/include/linux/pci_regs.h
2057 #define PCI_PM_CAP_PME_SHIFT 11 /* Start of the PME Mask in PMC */
2058 #define PCI_PM_CTRL 4 /* PM control and status register */
2059 #define PCI_PM_CTRL_STATE_MASK 0x0003 /* Current power state (D0 to D3) */
2060 -#define PCI_PM_CTRL_NO_SOFT_RESET 0x0004 /* No reset for D3hot->D0 */
2061 +#define PCI_PM_CTRL_NO_SOFT_RESET 0x0008 /* No reset for D3hot->D0 */
2062 #define PCI_PM_CTRL_PME_ENABLE 0x0100 /* PME pin enable */
2063 #define PCI_PM_CTRL_DATA_SEL_MASK 0x1e00 /* Data select (??) */
2064 #define PCI_PM_CTRL_DATA_SCALE_MASK 0x6000 /* Data scale (??) */
2065 diff --git a/include/linux/sched.h b/include/linux/sched.h
2066 index 03e0902..09c5851 100644
2067 --- a/include/linux/sched.h
2068 +++ b/include/linux/sched.h
2069 @@ -201,7 +201,8 @@ extern unsigned long long time_sync_thresh;
2070 #define task_is_stopped_or_traced(task) \
2071 ((task->state & (__TASK_STOPPED | __TASK_TRACED)) != 0)
2072 #define task_contributes_to_load(task) \
2073 - ((task->state & TASK_UNINTERRUPTIBLE) != 0)
2074 + ((task->state & TASK_UNINTERRUPTIBLE) != 0 && \
2075 + (task->flags & PF_FROZEN) == 0)
2077 #define __set_task_state(tsk, state_value) \
2078 do { (tsk)->state = (state_value); } while (0)
2079 diff --git a/kernel/exit.c b/kernel/exit.c
2080 index 14096a1..8715136 100644
2083 @@ -938,8 +938,7 @@ static void exit_notify(struct task_struct *tsk, int group_dead)
2085 if (tsk->exit_signal != SIGCHLD && !task_detached(tsk) &&
2086 (tsk->parent_exec_id != tsk->real_parent->self_exec_id ||
2087 - tsk->self_exec_id != tsk->parent_exec_id) &&
2088 - !capable(CAP_KILL))
2089 + tsk->self_exec_id != tsk->parent_exec_id))
2090 tsk->exit_signal = SIGCHLD;
2092 signal = tracehook_notify_death(tsk, &cookie, group_dead);
2093 diff --git a/kernel/kprobes.c b/kernel/kprobes.c
2094 index 75bc2cd..0920fa0 100644
2095 --- a/kernel/kprobes.c
2096 +++ b/kernel/kprobes.c
2097 @@ -890,10 +890,8 @@ static int __kprobes pre_handler_kretprobe(struct kprobe *p,
2101 - if (rp->entry_handler && rp->entry_handler(ri, regs)) {
2102 - spin_unlock_irqrestore(&rp->lock, flags);
2103 + if (rp->entry_handler && rp->entry_handler(ri, regs))
2107 arch_prepare_kretprobe(ri, regs);
2109 diff --git a/kernel/signal.c b/kernel/signal.c
2110 index 3d161f0..7d0a222 100644
2111 --- a/kernel/signal.c
2112 +++ b/kernel/signal.c
2113 @@ -1549,7 +1549,15 @@ static void ptrace_stop(int exit_code, int clear_code, siginfo_t *info)
2114 read_lock(&tasklist_lock);
2115 if (may_ptrace_stop()) {
2116 do_notify_parent_cldstop(current, CLD_TRAPPED);
2118 + * Don't want to allow preemption here, because
2119 + * sys_ptrace() needs this task to be inactive.
2121 + * XXX: implement read_unlock_no_resched().
2123 + preempt_disable();
2124 read_unlock(&tasklist_lock);
2125 + preempt_enable_no_resched();
2129 diff --git a/mm/filemap_xip.c b/mm/filemap_xip.c
2130 index b5167df..e8b2b18 100644
2131 --- a/mm/filemap_xip.c
2132 +++ b/mm/filemap_xip.c
2133 @@ -89,8 +89,8 @@ do_xip_mapping_read(struct address_space *mapping,
2139 + if (nr > len - copied)
2140 + nr = len - copied;
2142 error = mapping->a_ops->get_xip_mem(mapping, index, 0,
2143 &xip_mem, &xip_pfn);
2144 diff --git a/mm/mmap.c b/mm/mmap.c
2145 index ca12a93..2ae093e 100644
2148 @@ -2068,6 +2068,9 @@ void exit_mmap(struct mm_struct *mm)
2150 mmu_notifier_release(mm);
2152 + if (!mm->mmap) /* Can happen if dup_mmap() received an OOM */
2157 tlb = tlb_gather_mmu(mm, 1);
2158 diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
2159 index 63c18aa..2043c8e 100644
2160 --- a/net/bridge/br_if.c
2161 +++ b/net/bridge/br_if.c
2162 @@ -419,7 +419,6 @@ err2:
2164 kobject_del(&p->kobj);
2166 - kobject_put(&p->kobj);
2167 dev_set_promiscuity(dev, -1);
2170 diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
2171 index 03e83a6..6671485 100644
2172 --- a/net/ipv4/netfilter/arp_tables.c
2173 +++ b/net/ipv4/netfilter/arp_tables.c
2174 @@ -372,7 +372,9 @@ static int mark_source_chains(struct xt_table_info *newinfo,
2175 && unconditional(&e->arp)) || visited) {
2176 unsigned int oldpos, size;
2178 - if (t->verdict < -NF_MAX_VERDICT - 1) {
2179 + if ((strcmp(t->target.u.user.name,
2180 + ARPT_STANDARD_TARGET) == 0) &&
2181 + t->verdict < -NF_MAX_VERDICT - 1) {
2182 duprintf("mark_source_chains: bad "
2183 "negative verdict (%i)\n",
2185 diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
2186 index 4e7c719..b56a203 100644
2187 --- a/net/ipv4/netfilter/ip_tables.c
2188 +++ b/net/ipv4/netfilter/ip_tables.c
2189 @@ -502,7 +502,9 @@ mark_source_chains(struct xt_table_info *newinfo,
2190 && unconditional(&e->ip)) || visited) {
2191 unsigned int oldpos, size;
2193 - if (t->verdict < -NF_MAX_VERDICT - 1) {
2194 + if ((strcmp(t->target.u.user.name,
2195 + IPT_STANDARD_TARGET) == 0) &&
2196 + t->verdict < -NF_MAX_VERDICT - 1) {
2197 duprintf("mark_source_chains: bad "
2198 "negative verdict (%i)\n",
2200 diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c
2201 index 1646a56..4494cb6 100644
2202 --- a/net/ipv6/inet6_hashtables.c
2203 +++ b/net/ipv6/inet6_hashtables.c
2204 @@ -210,11 +210,11 @@ unique:
2208 - NET_INC_STATS_BH(twsk_net(tw), LINUX_MIB_TIMEWAITRECYCLED);
2209 + NET_INC_STATS_BH(net, LINUX_MIB_TIMEWAITRECYCLED);
2210 } else if (tw != NULL) {
2211 /* Silly. Should hash-dance instead... */
2212 inet_twsk_deschedule(tw, death_row);
2213 - NET_INC_STATS_BH(twsk_net(tw), LINUX_MIB_TIMEWAITRECYCLED);
2214 + NET_INC_STATS_BH(net, LINUX_MIB_TIMEWAITRECYCLED);
2218 diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
2219 index 7e14ccc..e55427d 100644
2220 --- a/net/ipv6/ip6_input.c
2221 +++ b/net/ipv6/ip6_input.c
2222 @@ -74,8 +74,7 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
2223 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL ||
2224 !idev || unlikely(idev->cnf.disable_ipv6)) {
2225 IP6_INC_STATS_BH(idev, IPSTATS_MIB_INDISCARDS);
2226 - rcu_read_unlock();
2231 memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm));
2232 @@ -145,7 +144,6 @@ err:
2240 diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
2241 index 0b4557e..81751c3 100644
2242 --- a/net/ipv6/netfilter/ip6_tables.c
2243 +++ b/net/ipv6/netfilter/ip6_tables.c
2244 @@ -529,7 +529,9 @@ mark_source_chains(struct xt_table_info *newinfo,
2245 && unconditional(&e->ipv6)) || visited) {
2246 unsigned int oldpos, size;
2248 - if (t->verdict < -NF_MAX_VERDICT - 1) {
2249 + if ((strcmp(t->target.u.user.name,
2250 + IP6T_STANDARD_TARGET) == 0) &&
2251 + t->verdict < -NF_MAX_VERDICT - 1) {
2252 duprintf("mark_source_chains: bad "
2253 "negative verdict (%i)\n",
2255 diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
2256 index 6f61261..fcbc6b9 100644
2257 --- a/net/netfilter/nf_conntrack_proto_tcp.c
2258 +++ b/net/netfilter/nf_conntrack_proto_tcp.c
2260 #include <linux/skbuff.h>
2261 #include <linux/ipv6.h>
2262 #include <net/ip6_checksum.h>
2263 +#include <asm/unaligned.h>
2265 #include <net/tcp.h>
2267 @@ -466,7 +467,7 @@ static void tcp_sack(const struct sk_buff *skb, unsigned int dataoff,
2269 i < (opsize - TCPOLEN_SACK_BASE);
2270 i += TCPOLEN_SACK_PERBLOCK) {
2271 - tmp = ntohl(*((__be32 *)(ptr+i)+1));
2272 + tmp = get_unaligned_be32((__be32 *)(ptr+i)+1);
2274 if (after(tmp, *sack))
2276 diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
2277 index 9f1ea4a..db9e263 100644
2278 --- a/net/netrom/af_netrom.c
2279 +++ b/net/netrom/af_netrom.c
2280 @@ -1082,7 +1082,13 @@ static int nr_sendmsg(struct kiocb *iocb, struct socket *sock,
2282 SOCK_DEBUG(sk, "NET/ROM: sendto: Addresses built.\n");
2284 - /* Build a packet */
2285 + /* Build a packet - the conventional user limit is 236 bytes. We can
2286 + do ludicrously large NetROM frames but must not overflow */
2287 + if (len > 65536) {
2292 SOCK_DEBUG(sk, "NET/ROM: sendto: building packet.\n");
2293 size = len + NR_NETWORK_LEN + NR_TRANSPORT_LEN;
2295 diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
2296 index a7f1ce1..c062361 100644
2297 --- a/net/rose/af_rose.c
2298 +++ b/net/rose/af_rose.c
2299 @@ -1120,6 +1120,10 @@ static int rose_sendmsg(struct kiocb *iocb, struct socket *sock,
2301 /* Build a packet */
2302 SOCK_DEBUG(sk, "ROSE: sendto: building packet.\n");
2303 + /* Sanity check the packet size */
2307 size = len + AX25_BPQ_HEADER_LEN + AX25_MAX_HEADER_LEN + ROSE_MIN_LEN;
2309 if ((skb = sock_alloc_send_skb(sk, size, msg->msg_flags & MSG_DONTWAIT, &err)) == NULL)
2310 diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c
2311 index 4c8d9f4..905fda5 100644
2312 --- a/net/sctp/endpointola.c
2313 +++ b/net/sctp/endpointola.c
2314 @@ -111,7 +111,8 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
2315 if (sctp_addip_enable) {
2316 auth_chunks->chunks[0] = SCTP_CID_ASCONF;
2317 auth_chunks->chunks[1] = SCTP_CID_ASCONF_ACK;
2318 - auth_chunks->param_hdr.length += htons(2);
2319 + auth_chunks->param_hdr.length =
2320 + htons(sizeof(sctp_paramhdr_t) + 2);
2324 diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
2325 index 9fc5b02..88d80f5 100644
2326 --- a/net/x25/af_x25.c
2327 +++ b/net/x25/af_x25.c
2328 @@ -1037,6 +1037,12 @@ static int x25_sendmsg(struct kiocb *iocb, struct socket *sock,
2329 sx25.sx25_addr = x25->dest_addr;
2332 + /* Sanity check the packet size */
2333 + if (len > 65535) {
2338 SOCK_DEBUG(sk, "x25_sendmsg: sendto: Addresses built.\n");
2340 /* Build a packet */
2341 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
2342 index 03fc6a8..f028f70 100644
2343 --- a/security/selinux/hooks.c
2344 +++ b/security/selinux/hooks.c
2345 @@ -4467,6 +4467,7 @@ static int selinux_ip_postroute_iptables_compat(struct sock *sk,
2348 err = avc_has_perm(sk_sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
2352 err = sel_netnode_sid(addrp, family, &node_sid);
2353 diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
2354 index 87d7541..b802923 100644
2355 --- a/security/smack/smack_lsm.c
2356 +++ b/security/smack/smack_lsm.c
2357 @@ -604,6 +604,8 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name,
2358 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
2359 if (!capable(CAP_MAC_ADMIN))
2364 rc = cap_inode_setxattr(dentry, name, value, size, flags);
2366 @@ -1360,7 +1362,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
2367 struct socket *sock;
2370 - if (value == NULL || size > SMK_LABELLEN)
2371 + if (value == NULL || size > SMK_LABELLEN || size == 0)
2374 sp = smk_import(value, size);
2375 diff --git a/sound/pci/hda/patch_analog.c b/sound/pci/hda/patch_analog.c
2376 index 8c857d5..026f723 100644
2377 --- a/sound/pci/hda/patch_analog.c
2378 +++ b/sound/pci/hda/patch_analog.c
2379 @@ -3220,7 +3220,7 @@ static const char *ad1884_slave_vols[] = {
2380 "Mic Playback Volume",
2381 "CD Playback Volume",
2382 "Internal Mic Playback Volume",
2383 - "Docking Mic Playback Volume"
2384 + "Docking Mic Playback Volume",
2385 "Beep Playback Volume",
2386 "IEC958 Playback Volume",
projects / people / teissler / ipfire-2.x.git / blob