--- /dev/null
+From gregkh@mini.kroah.org Fri Jan 30 18:36:19 2009
+Message-Id: <20090131023619.586642629@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:12 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Miklos Szeredi <mszeredi@suse.cz>
+Subject: [patch 01/32] fuse: destroy bdi on umount
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=fuse-destroy-bdi-on-umount.patch
+Content-Length: 1657
+Lines: 55
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Miklos Szeredi <mszeredi@suse.cz>
+
+commit 26c3679101dbccc054dcf370143941844ba70531 upstream.
+
+If a fuse filesystem is unmounted but the device file descriptor
+remains open and a new mount reuses the old device number, then the
+mount fails with EEXIST and the following warning is printed in the
+kernel log:
+
+ WARNING: at fs/sysfs/dir.c:462 sysfs_add_one+0x35/0x3d()
+ sysfs: duplicate filename '0:15' can not be created
+
+The cause is that the bdi belonging to the fuse filesystem was
+destoryed only after the device file was released. Fix this by
+calling bdi_destroy() from fuse_put_super() instead.
+
+Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/fuse/dev.c | 3 ++-
+ fs/fuse/inode.c | 2 +-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+--- a/fs/fuse/dev.c
++++ b/fs/fuse/dev.c
+@@ -281,7 +281,8 @@ static void request_end(struct fuse_conn
+ fc->blocked = 0;
+ wake_up_all(&fc->blocked_waitq);
+ }
+- if (fc->num_background == FUSE_CONGESTION_THRESHOLD) {
++ if (fc->num_background == FUSE_CONGESTION_THRESHOLD &&
++ fc->connected) {
+ clear_bdi_congested(&fc->bdi, READ);
+ clear_bdi_congested(&fc->bdi, WRITE);
+ }
+--- a/fs/fuse/inode.c
++++ b/fs/fuse/inode.c
+@@ -292,6 +292,7 @@ static void fuse_put_super(struct super_
+ list_del(&fc->entry);
+ fuse_ctl_remove_conn(fc);
+ mutex_unlock(&fuse_mutex);
++ bdi_destroy(&fc->bdi);
+ fuse_conn_put(fc);
+ }
+
+@@ -531,7 +532,6 @@ void fuse_conn_put(struct fuse_conn *fc)
+ if (fc->destroy_req)
+ fuse_request_free(fc->destroy_req);
+ mutex_destroy(&fc->inst_mutex);
+- bdi_destroy(&fc->bdi);
+ kfree(fc);
+ }
+ }
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:19 2009
+Message-Id: <20090131023619.705940347@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:13 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Miklos Szeredi <mszeredi@suse.cz>
+Subject: [patch 02/32] fuse: fix missing fput on error
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=fuse-fix-missing-fput-on-error.patch
+Content-Length: 776
+Lines: 36
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Miklos Szeredi <mszeredi@suse.cz>
+
+commit 3ddf1e7f57237ac7c5d5bfb7058f1ea4f970b661 upstream.
+
+Fix the leaking file reference if allocation or initialization of
+fuse_conn failed.
+
+Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/fuse/inode.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/fs/fuse/inode.c
++++ b/fs/fuse/inode.c
+@@ -832,12 +832,16 @@ static int fuse_fill_super(struct super_
+ if (!file)
+ return -EINVAL;
+
+- if (file->f_op != &fuse_dev_operations)
++ if (file->f_op != &fuse_dev_operations) {
++ fput(file);
+ return -EINVAL;
++ }
+
+ fc = new_conn(sb);
+- if (!fc)
++ if (!fc) {
++ fput(file);
+ return -ENOMEM;
++ }
+
+ fc->flags = d.flags;
+ fc->user_id = d.user_id;
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:19 2009
+Message-Id: <20090131023619.827230073@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:14 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Dan Carpenter <error27@gmail.com>,
+ Miklos Szeredi <mszeredi@suse.cz>
+Subject: [patch 03/32] fuse: fix NULL deref in fuse_file_alloc()
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=fuse-fix-null-deref-in-fuse_file_alloc.patch
+Content-Length: 704
+Lines: 26
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Dan Carpenter <error27@gmail.com>
+
+commit bb875b38dc5e343bdb696b2eab8233e4d195e208 upstream.
+
+ff is set to NULL and then dereferenced on line 65. Compile tested only.
+
+Signed-off-by: Dan Carpenter <error27@gmail.com>
+Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/fuse/file.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/fuse/file.c
++++ b/fs/fuse/file.c
+@@ -54,7 +54,7 @@ struct fuse_file *fuse_file_alloc(void)
+ ff->reserved_req = fuse_request_alloc();
+ if (!ff->reserved_req) {
+ kfree(ff);
+- ff = NULL;
++ return NULL;
+ } else {
+ INIT_LIST_HEAD(&ff->write_entry);
+ atomic_set(&ff->count, 0);
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:20 2009
+Message-Id: <20090131023619.947422998@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:15 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ John McCutchan <ttb@tentacle.dhs.org>,
+ Robert Love <rlove@google.com>,
+ Vegard Nossum <vegard.nossum@gmail.com>
+Subject: [patch 04/32] inotify: clean up inotify_read and fix locking problems
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=inotify-clean-up-inotify_read-and-fix-locking-problems.patch
+Content-Length: 5426
+Lines: 221
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Vegard Nossum <vegard.nossum@gmail.com>
+
+commit 3632dee2f8b8a9720329f29eeaa4ec4669a3aff8 upstream.
+
+If userspace supplies an invalid pointer to a read() of an inotify
+instance, the inotify device's event list mutex is unlocked twice.
+This causes an unbalance which effectively leaves the data structure
+unprotected, and we can trigger oopses by accessing the inotify
+instance from different tasks concurrently.
+
+The best fix (contributed largely by Linus) is a total rewrite
+of the function in question:
+
+On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
+> The thing to notice is that:
+>
+> - locking is done in just one place, and there is no question about it
+> not having an unlock.
+>
+> - that whole double-while(1)-loop thing is gone.
+>
+> - use multiple functions to make nesting and error handling sane
+>
+> - do error testing after doing the things you always need to do, ie do
+> this:
+>
+> mutex_lock(..)
+> ret = function_call();
+> mutex_unlock(..)
+>
+> .. test ret here ..
+>
+> instead of doing conditional exits with unlocking or freeing.
+>
+> So if the code is written in this way, it may still be buggy, but at least
+> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
+> issues.
+>
+> This _always_ unlocks if it locked, and it always frees if it got a
+> non-error kevent.
+
+Cc: John McCutchan <ttb@tentacle.dhs.org>
+Cc: Robert Love <rlove@google.com>
+Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/inotify_user.c | 135 +++++++++++++++++++++++++++++-------------------------
+ 1 file changed, 74 insertions(+), 61 deletions(-)
+
+--- a/fs/inotify_user.c
++++ b/fs/inotify_user.c
+@@ -427,10 +427,61 @@ static unsigned int inotify_poll(struct
+ return ret;
+ }
+
++/*
++ * Get an inotify_kernel_event if one exists and is small
++ * enough to fit in "count". Return an error pointer if
++ * not large enough.
++ *
++ * Called with the device ev_mutex held.
++ */
++static struct inotify_kernel_event *get_one_event(struct inotify_device *dev,
++ size_t count)
++{
++ size_t event_size = sizeof(struct inotify_event);
++ struct inotify_kernel_event *kevent;
++
++ if (list_empty(&dev->events))
++ return NULL;
++
++ kevent = inotify_dev_get_event(dev);
++ if (kevent->name)
++ event_size += kevent->event.len;
++
++ if (event_size > count)
++ return ERR_PTR(-EINVAL);
++
++ remove_kevent(dev, kevent);
++ return kevent;
++}
++
++/*
++ * Copy an event to user space, returning how much we copied.
++ *
++ * We already checked that the event size is smaller than the
++ * buffer we had in "get_one_event()" above.
++ */
++static ssize_t copy_event_to_user(struct inotify_kernel_event *kevent,
++ char __user *buf)
++{
++ size_t event_size = sizeof(struct inotify_event);
++
++ if (copy_to_user(buf, &kevent->event, event_size))
++ return -EFAULT;
++
++ if (kevent->name) {
++ buf += event_size;
++
++ if (copy_to_user(buf, kevent->name, kevent->event.len))
++ return -EFAULT;
++
++ event_size += kevent->event.len;
++ }
++ return event_size;
++}
++
+ static ssize_t inotify_read(struct file *file, char __user *buf,
+ size_t count, loff_t *pos)
+ {
+- size_t event_size = sizeof (struct inotify_event);
+ struct inotify_device *dev;
+ char __user *start;
+ int ret;
+@@ -440,81 +491,43 @@ static ssize_t inotify_read(struct file
+ dev = file->private_data;
+
+ while (1) {
++ struct inotify_kernel_event *kevent;
+
+ prepare_to_wait(&dev->wq, &wait, TASK_INTERRUPTIBLE);
+
+ mutex_lock(&dev->ev_mutex);
+- if (!list_empty(&dev->events)) {
+- ret = 0;
+- break;
+- }
++ kevent = get_one_event(dev, count);
+ mutex_unlock(&dev->ev_mutex);
+
+- if (file->f_flags & O_NONBLOCK) {
+- ret = -EAGAIN;
+- break;
+- }
+-
+- if (signal_pending(current)) {
+- ret = -EINTR;
+- break;
++ if (kevent) {
++ ret = PTR_ERR(kevent);
++ if (IS_ERR(kevent))
++ break;
++ ret = copy_event_to_user(kevent, buf);
++ free_kevent(kevent);
++ if (ret < 0)
++ break;
++ buf += ret;
++ count -= ret;
++ continue;
+ }
+
+- schedule();
+- }
+-
+- finish_wait(&dev->wq, &wait);
+- if (ret)
+- return ret;
+-
+- while (1) {
+- struct inotify_kernel_event *kevent;
+-
+- ret = buf - start;
+- if (list_empty(&dev->events))
++ ret = -EAGAIN;
++ if (file->f_flags & O_NONBLOCK)
+ break;
+-
+- kevent = inotify_dev_get_event(dev);
+- if (event_size + kevent->event.len > count) {
+- if (ret == 0 && count > 0) {
+- /*
+- * could not get a single event because we
+- * didn't have enough buffer space.
+- */
+- ret = -EINVAL;
+- }
++ ret = -EINTR;
++ if (signal_pending(current))
+ break;
+- }
+- remove_kevent(dev, kevent);
+
+- /*
+- * Must perform the copy_to_user outside the mutex in order
+- * to avoid a lock order reversal with mmap_sem.
+- */
+- mutex_unlock(&dev->ev_mutex);
+-
+- if (copy_to_user(buf, &kevent->event, event_size)) {
+- ret = -EFAULT;
++ if (start != buf)
+ break;
+- }
+- buf += event_size;
+- count -= event_size;
+-
+- if (kevent->name) {
+- if (copy_to_user(buf, kevent->name, kevent->event.len)){
+- ret = -EFAULT;
+- break;
+- }
+- buf += kevent->event.len;
+- count -= kevent->event.len;
+- }
+
+- free_kevent(kevent);
+-
+- mutex_lock(&dev->ev_mutex);
++ schedule();
+ }
+- mutex_unlock(&dev->ev_mutex);
+
++ finish_wait(&dev->wq, &wait);
++ if (start != buf && ret != -EFAULT)
++ ret = buf - start;
+ return ret;
+ }
+
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:20 2009
+Message-Id: <20090131023620.077655966@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:16 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Brian Cavagnolo <brian@cozybit.com>,
+ Andrey Yurovsky <andrey@cozybit.com>,
+ Johannes Berg <johannes@sipsolutions.net>,
+ "John W. Linville" <linville@tuxdriver.com>
+Subject: [patch 05/32] mac80211: decrement ref count to netdev after launching mesh discovery
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=mac80211-decrement-ref-count-to-netdev-after-launching-mesh-discovery.patch
+Content-Length: 1053
+Lines: 32
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Brian Cavagnolo <brian@cozybit.com>
+
+commit 5dc306f3bd1d4cfdf79df39221b3036eab1ddcf3 upstream.
+
+After launching mesh discovery in tx path, reference count was not being
+decremented. This was preventing module unload.
+
+Signed-off-by: Brian Cavagnolo <brian@cozybit.com>
+Signed-off-by: Andrey Yurovsky <andrey@cozybit.com>
+Acked-by: Johannes Berg <johannes@sipsolutions.net>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/mac80211/tx.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -1335,8 +1335,10 @@ int ieee80211_master_start_xmit(struct s
+ if (is_multicast_ether_addr(hdr->addr3))
+ memcpy(hdr->addr1, hdr->addr3, ETH_ALEN);
+ else
+- if (mesh_nexthop_lookup(skb, odev))
++ if (mesh_nexthop_lookup(skb, odev)) {
++ dev_put(odev);
+ return 0;
++ }
+ if (memcmp(odev->dev_addr, hdr->addr4, ETH_ALEN) != 0)
+ IEEE80211_IFSTA_MESH_CTR_INC(&osdata->u.sta,
+ fwded_frames);
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:20 2009
+Message-Id: <20090131023620.203789393@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:17 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk
+Subject: [patch 06/32] sysfs: fix problems with binary files
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=sysfs-fix-problems-with-binary-files.patch
+Content-Length: 941
+Lines: 40
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Greg Kroah-Hartman <gregkh@suse.de>
+
+commit 4503efd0891c40e30928afb4b23dc3f99c62a6b2 upstream.
+
+Some sysfs binary files don't like having 0 passed to them as a size.
+Fix this up at the root by just returning to the vfs if userspace asks
+us for a zero sized buffer.
+
+Thanks to Pavel Roskin for pointing this out.
+
+Reported-by: Pavel Roskin <proski@gnu.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/sysfs/bin.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/fs/sysfs/bin.c
++++ b/fs/sysfs/bin.c
+@@ -62,6 +62,9 @@ read(struct file *file, char __user *use
+ loff_t offs = *off;
+ int count = min_t(size_t, bytes, PAGE_SIZE);
+
++ if (!bytes)
++ return 0;
++
+ if (size) {
+ if (offs > size)
+ return 0;
+@@ -119,6 +122,9 @@ static ssize_t write(struct file *file,
+ loff_t offs = *off;
+ int count = min_t(size_t, bytes, PAGE_SIZE);
+
++ if (!bytes)
++ return 0;
++
+ if (size) {
+ if (offs > size)
+ return 0;
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:20 2009
+Message-Id: <20090131023620.323119857@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:18 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Peter Zijlstra <a.p.zijlsta@chello.nl>,
+ Ingo Molnar <mingo@elte.hu>
+Subject: [patch 07/32] x86, mm: fix pte_free()
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=x86-mm-fix-pte_free.patch
+Content-Length: 2201
+Lines: 70
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Peter Zijlstra <peterz@infradead.org>
+
+commit 42ef73fe134732b2e91c0326df5fd568da17c4b2 upstream.
+
+On -rt we were seeing spurious bad page states like:
+
+Bad page state in process 'firefox'
+page:c1bc2380 flags:0x40000000 mapping:c1bc2390 mapcount:0 count:0
+Trying to fix it up, but a reboot is needed
+Backtrace:
+Pid: 503, comm: firefox Not tainted 2.6.26.8-rt13 #3
+[<c043d0f3>] ? printk+0x14/0x19
+[<c0272d4e>] bad_page+0x4e/0x79
+[<c0273831>] free_hot_cold_page+0x5b/0x1d3
+[<c02739f6>] free_hot_page+0xf/0x11
+[<c0273a18>] __free_pages+0x20/0x2b
+[<c027d170>] __pte_alloc+0x87/0x91
+[<c027d25e>] handle_mm_fault+0xe4/0x733
+[<c043f680>] ? rt_mutex_down_read_trylock+0x57/0x63
+[<c043f680>] ? rt_mutex_down_read_trylock+0x57/0x63
+[<c0218875>] do_page_fault+0x36f/0x88a
+
+This is the case where a concurrent fault already installed the PTE and
+we get to free the newly allocated one.
+
+This is due to pgtable_page_ctor() doing the spin_lock_init(&page->ptl)
+which is overlaid with the {private, mapping} struct.
+
+union {
+ struct {
+ unsigned long private;
+ struct address_space *mapping;
+ };
+ spinlock_t ptl;
+ struct kmem_cache *slab;
+ struct page *first_page;
+};
+
+Normally the spinlock is small enough to not stomp on page->mapping, but
+PREEMPT_RT=y has huge 'spin'locks.
+
+But lockdep kernels should also be able to trigger this splat, as the
+lock tracking code grows the spinlock to cover page->mapping.
+
+The obvious fix is calling pgtable_page_dtor() like the regular pte free
+path __pte_free_tlb() does.
+
+It seems all architectures except x86 and nm10300 already do this, and
+nm10300 doesn't seem to use pgtable_page_ctor(), which suggests it
+doesn't do SMP or simply doesnt do MMU at all or something.
+
+Signed-off-by: Peter Zijlstra <a.p.zijlsta@chello.nl>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/asm-x86/pgalloc.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/include/asm-x86/pgalloc.h
++++ b/include/asm-x86/pgalloc.h
+@@ -42,6 +42,7 @@ static inline void pte_free_kernel(struc
+
+ static inline void pte_free(struct mm_struct *mm, struct page *pte)
+ {
++ pgtable_page_dtor(pte);
+ __free_page(pte);
+ }
+
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:20 2009
+Message-Id: <20090131023620.444433310@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:19 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Ivan Kokshaysky <ink@jurassic.park.msu.ru>,
+ Richard Henderson <rth@twiddle.net>,
+ Tobias Klausmann <klausman@schwarzvogel.de>
+Subject: [patch 08/32] alpha: nautilus - fix compile failure with gcc-4.3
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=alpha-nautilus-fix-compile-failure-with-gcc-4.3.patch
+Content-Length: 1211
+Lines: 38
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
+
+commit 70b66cbfd3316b792a855cb9a2574e85f1a63d0f upstream.
+
+init_srm_irq() deals with irq's #16 and above, but size of irq_desc
+array on nautilus and some other system types is 16. So gcc-4.3
+complains that "array subscript is above array bounds", even though
+this function is never called on those systems.
+
+This adds a check for NR_IRQS <= 16, which effectively optimizes
+init_srm_irq() code away on problematic platforms.
+
+Thanks to Daniel Drake <dsd@gentoo.org> for detailed analysis
+of the problem.
+
+Signed-off-by: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
+Cc: Richard Henderson <rth@twiddle.net>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Tobias Klausmann <klausman@schwarzvogel.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/alpha/kernel/irq_srm.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/alpha/kernel/irq_srm.c
++++ b/arch/alpha/kernel/irq_srm.c
+@@ -63,6 +63,8 @@ init_srm_irqs(long max, unsigned long ig
+ {
+ long i;
+
++ if (NR_IRQS <= 16)
++ return;
+ for (i = 16; i < max; ++i) {
+ if (i < 64 && ((ignore_mask >> i) & 1))
+ continue;
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:20 2009
+Message-Id: <20090131023620.568912473@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:20 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Brandon Philips <bphilips@suse.de>,
+ Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
+Subject: [patch 09/32] it821x: Add ultra_mask quirk for Vortex86SX
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=it821x-add-ultra_mask-quirk-for-vortex86sx.patch
+Content-Length: 2300
+Lines: 81
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Brandon Philips <brandon@ifup.org>
+
+commit b94b898f3107046b5c97c556e23529283ea5eadd upstream.
+
+On Vortex86SX with IDE controller revision 0x11 ultra DMA must be
+disabled. This patch was tested by DMP and seems to work.
+
+It is a cleaned up version of their older Kernel patch:
+ http://www.dmp.com.tw/tech/vortex86sx/patch-2.6.24-DMP.gz
+
+Tested-by: Shawn Lin <shawn@dmp.com.tw>
+Signed-off-by: Brandon Philips <bphilips@suse.de>
+Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
+Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/ide/pci/it821x.c | 12 ++++++++++++
+ include/linux/pci_ids.h | 1 +
+ 2 files changed, 13 insertions(+)
+
+--- a/drivers/ide/pci/it821x.c
++++ b/drivers/ide/pci/it821x.c
+@@ -69,6 +69,8 @@
+
+ #define DRV_NAME "it821x"
+
++#define QUIRK_VORTEX86 1
++
+ struct it821x_dev
+ {
+ unsigned int smart:1, /* Are we in smart raid mode */
+@@ -80,6 +82,7 @@ struct it821x_dev
+ u16 pio[2]; /* Cached PIO values */
+ u16 mwdma[2]; /* Cached MWDMA values */
+ u16 udma[2]; /* Cached UDMA values (per drive) */
++ u16 quirks;
+ };
+
+ #define ATA_66 0
+@@ -586,6 +589,12 @@ static void __devinit init_hwif_it821x(i
+
+ hwif->ultra_mask = ATA_UDMA6;
+ hwif->mwdma_mask = ATA_MWDMA2;
++
++ /* Vortex86SX quirk: prevent Ultra-DMA mode to fix BadCRC issue */
++ if (idev->quirks & QUIRK_VORTEX86) {
++ if (dev->revision == 0x11)
++ hwif->ultra_mask = 0;
++ }
+ }
+
+ static void __devinit it8212_disable_raid(struct pci_dev *dev)
+@@ -658,6 +667,8 @@ static int __devinit it821x_init_one(str
+ return -ENOMEM;
+ }
+
++ itdevs->quirks = id->driver_data;
++
+ rc = ide_pci_init_one(dev, &it821x_chipset, itdevs);
+ if (rc)
+ kfree(itdevs);
+@@ -677,6 +688,7 @@ static void __devexit it821x_remove(stru
+ static const struct pci_device_id it821x_pci_tbl[] = {
+ { PCI_VDEVICE(ITE, PCI_DEVICE_ID_ITE_8211), 0 },
+ { PCI_VDEVICE(ITE, PCI_DEVICE_ID_ITE_8212), 0 },
++ { PCI_VDEVICE(RDC, PCI_DEVICE_ID_RDC_D1010), QUIRK_VORTEX86 },
+ { 0, },
+ };
+
+--- a/include/linux/pci_ids.h
++++ b/include/linux/pci_ids.h
+@@ -2148,6 +2148,7 @@
+ #define PCI_DEVICE_ID_RDC_R6040 0x6040
+ #define PCI_DEVICE_ID_RDC_R6060 0x6060
+ #define PCI_DEVICE_ID_RDC_R6061 0x6061
++#define PCI_DEVICE_ID_RDC_D1010 0x1010
+
+ #define PCI_VENDOR_ID_LENOVO 0x17aa
+
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:20 2009
+Message-Id: <20090131023620.693374946@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:21 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Joseph Chan <josephchan@via.com.tw>,
+ Tejun Heo <tj@kernel.org>,
+ Jeff Garzik <jgarzik@redhat.com>
+Subject: [patch 10/32] libata: pata_via: support VX855, future chips whose IDE controller use 0x0571
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=libata-pata_via-support-vx855-future-chips-whose-ide-controller-use-0x0571.patch
+Content-Length: 4074
+Lines: 118
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: JosephChan@via.com.tw <JosephChan@via.com.tw>
+
+commit e4d866cdea24543ee16ce6d07d80c513e86ba983 upstream.
+
+It supports VX855 and future chips whose IDE controller uses PCI ID 0x0571.
+
+Signed-off-by: Joseph Chan <josephchan@via.com.tw>
+Acked-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/ata/pata_via.c | 22 +++++++++++++++++-----
+ include/linux/pci_ids.h | 4 ++++
+ 2 files changed, 21 insertions(+), 5 deletions(-)
+
+--- a/drivers/ata/pata_via.c
++++ b/drivers/ata/pata_via.c
+@@ -87,6 +87,10 @@ enum {
+ VIA_SATA_PATA = 0x800, /* SATA/PATA combined configuration */
+ };
+
++enum {
++ VIA_IDFLAG_SINGLE = (1 << 0), /* single channel controller) */
++};
++
+ /*
+ * VIA SouthBridge chips.
+ */
+@@ -98,8 +102,12 @@ static const struct via_isa_bridge {
+ u8 rev_max;
+ u16 flags;
+ } via_isa_bridges[] = {
++ { "vx855", PCI_DEVICE_ID_VIA_VX855, 0x00, 0x2f,
++ VIA_UDMA_133 | VIA_BAD_AST | VIA_SATA_PATA },
+ { "vx800", PCI_DEVICE_ID_VIA_VX800, 0x00, 0x2f, VIA_UDMA_133 |
+ VIA_BAD_AST | VIA_SATA_PATA },
++ { "vt8261", PCI_DEVICE_ID_VIA_8261, 0x00, 0x2f,
++ VIA_UDMA_133 | VIA_BAD_AST },
+ { "vt8237s", PCI_DEVICE_ID_VIA_8237S, 0x00, 0x2f, VIA_UDMA_133 | VIA_BAD_AST },
+ { "vt8251", PCI_DEVICE_ID_VIA_8251, 0x00, 0x2f, VIA_UDMA_133 | VIA_BAD_AST },
+ { "cx700", PCI_DEVICE_ID_VIA_CX700, 0x00, 0x2f, VIA_UDMA_133 | VIA_BAD_AST | VIA_SATA_PATA },
+@@ -123,6 +131,8 @@ static const struct via_isa_bridge {
+ { "vt82c586", PCI_DEVICE_ID_VIA_82C586_0, 0x00, 0x0f, VIA_UDMA_NONE | VIA_SET_FIFO },
+ { "vt82c576", PCI_DEVICE_ID_VIA_82C576, 0x00, 0x2f, VIA_UDMA_NONE | VIA_SET_FIFO | VIA_NO_UNMASK },
+ { "vt82c576", PCI_DEVICE_ID_VIA_82C576, 0x00, 0x2f, VIA_UDMA_NONE | VIA_SET_FIFO | VIA_NO_UNMASK | VIA_BAD_ID },
++ { "vtxxxx", PCI_DEVICE_ID_VIA_ANON, 0x00, 0x2f,
++ VIA_UDMA_133 | VIA_BAD_AST },
+ { NULL }
+ };
+
+@@ -461,6 +471,7 @@ static int via_init_one(struct pci_dev *
+ static int printed_version;
+ u8 enable;
+ u32 timing;
++ unsigned long flags = id->driver_data;
+ int rc;
+
+ if (!printed_version++)
+@@ -470,9 +481,13 @@ static int via_init_one(struct pci_dev *
+ if (rc)
+ return rc;
+
++ if (flags & VIA_IDFLAG_SINGLE)
++ ppi[1] = &ata_dummy_port_info;
++
+ /* To find out how the IDE will behave and what features we
+ actually have to look at the bridge not the IDE controller */
+- for (config = via_isa_bridges; config->id; config++)
++ for (config = via_isa_bridges; config->id != PCI_DEVICE_ID_VIA_ANON;
++ config++)
+ if ((isa = pci_get_device(PCI_VENDOR_ID_VIA +
+ !!(config->flags & VIA_BAD_ID),
+ config->id, NULL))) {
+@@ -483,10 +498,6 @@ static int via_init_one(struct pci_dev *
+ pci_dev_put(isa);
+ }
+
+- if (!config->id) {
+- printk(KERN_WARNING "via: Unknown VIA SouthBridge, disabling.\n");
+- return -ENODEV;
+- }
+ pci_dev_put(isa);
+
+ if (!(config->flags & VIA_NO_ENABLES)) {
+@@ -588,6 +599,7 @@ static const struct pci_device_id via[]
+ { PCI_VDEVICE(VIA, 0x1571), },
+ { PCI_VDEVICE(VIA, 0x3164), },
+ { PCI_VDEVICE(VIA, 0x5324), },
++ { PCI_VDEVICE(VIA, 0xC409), VIA_IDFLAG_SINGLE },
+
+ { },
+ };
+--- a/include/linux/pci_ids.h
++++ b/include/linux/pci_ids.h
+@@ -1346,6 +1346,7 @@
+ #define PCI_DEVICE_ID_VIA_8783_0 0x3208
+ #define PCI_DEVICE_ID_VIA_8237 0x3227
+ #define PCI_DEVICE_ID_VIA_8251 0x3287
++#define PCI_DEVICE_ID_VIA_8261 0x3402
+ #define PCI_DEVICE_ID_VIA_8237A 0x3337
+ #define PCI_DEVICE_ID_VIA_8237S 0x3372
+ #define PCI_DEVICE_ID_VIA_SATA_EIDE 0x5324
+@@ -1355,10 +1356,13 @@
+ #define PCI_DEVICE_ID_VIA_CX700 0x8324
+ #define PCI_DEVICE_ID_VIA_CX700_IDE 0x0581
+ #define PCI_DEVICE_ID_VIA_VX800 0x8353
++#define PCI_DEVICE_ID_VIA_VX855 0x8409
+ #define PCI_DEVICE_ID_VIA_8371_1 0x8391
+ #define PCI_DEVICE_ID_VIA_82C598_1 0x8598
+ #define PCI_DEVICE_ID_VIA_838X_1 0xB188
+ #define PCI_DEVICE_ID_VIA_83_87XX_1 0xB198
++#define PCI_DEVICE_ID_VIA_C409_IDE 0XC409
++#define PCI_DEVICE_ID_VIA_ANON 0xFFFF
+
+ #define PCI_VENDOR_ID_SIEMENS 0x110A
+ #define PCI_DEVICE_ID_SIEMENS_DSCC4 0x2102
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:20 2009
+Message-Id: <20090131023620.811307815@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:22 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Larry Finger <Larry.Finger@lwfinger.net>,
+ "John W. Linville" <linville@tuxdriver.com>
+Subject: [patch 11/32] rtl8187: Add termination packet to prevent stall
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=rtl8187-add-termination-packet-to-prevent-stall.patch
+Content-Length: 823
+Lines: 26
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Larry Finger <Larry.Finger@lwfinger.net>
+
+commit 2fcbab044a3faf4d4a6e269148dd1f188303b206 upstream.
+
+The RTL8187 and RTL8187B devices can stall unless an explicit termination
+packet is sent.
+
+Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/rtl8187_dev.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/wireless/rtl8187_dev.c
++++ b/drivers/net/wireless/rtl8187_dev.c
+@@ -263,6 +263,7 @@ static int rtl8187_tx(struct ieee80211_h
+
+ usb_fill_bulk_urb(urb, priv->udev, usb_sndbulkpipe(priv->udev, ep),
+ buf, skb->len, rtl8187_tx_cb, skb);
++ urb->transfer_flags |= URB_ZERO_PACKET;
+ rc = usb_submit_urb(urb, GFP_ATOMIC);
+ if (rc < 0) {
+ usb_free_urb(urb);
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:21 2009
+Message-Id: <20090131023620.929328811@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:23 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Flavio Leitner <fleitner@redhat.com>,
+ Alan Cox <alan@redhat.com>
+Subject: [patch 12/32] serial_8250: support for Sealevel Systems Model 7803 COMM+8
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=serial_8250-support-for-sealevel-systems-model-7803-comm-8.patch
+Content-Length: 1296
+Lines: 39
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Flavio Leitner <fleitner@redhat.com>
+
+commit e65f0f8271b1b0452334e5da37fd35413a000de4 upstream.
+
+Add support for Sealevel Systems Model 7803 COMM+8
+
+Signed-off-by: Flavio Leitner <fleitner@redhat.com>
+Signed-off-by: Alan Cox <alan@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/serial/8250_pci.c | 3 +++
+ include/linux/pci_ids.h | 1 +
+ 2 files changed, 4 insertions(+)
+
+--- a/drivers/serial/8250_pci.c
++++ b/drivers/serial/8250_pci.c
+@@ -2190,6 +2190,9 @@ static struct pci_device_id serial_pci_t
+ { PCI_VENDOR_ID_SEALEVEL, PCI_DEVICE_ID_SEALEVEL_COMM8,
+ PCI_ANY_ID, PCI_ANY_ID, 0, 0,
+ pbn_b2_8_115200 },
++ { PCI_VENDOR_ID_SEALEVEL, PCI_DEVICE_ID_SEALEVEL_7803,
++ PCI_ANY_ID, PCI_ANY_ID, 0, 0,
++ pbn_b2_8_460800 },
+ { PCI_VENDOR_ID_SEALEVEL, PCI_DEVICE_ID_SEALEVEL_UCOMM8,
+ PCI_ANY_ID, PCI_ANY_ID, 0, 0,
+ pbn_b2_8_115200 },
+--- a/include/linux/pci_ids.h
++++ b/include/linux/pci_ids.h
+@@ -1784,6 +1784,7 @@
+ #define PCI_DEVICE_ID_SEALEVEL_UCOMM232 0x7202
+ #define PCI_DEVICE_ID_SEALEVEL_COMM4 0x7401
+ #define PCI_DEVICE_ID_SEALEVEL_COMM8 0x7801
++#define PCI_DEVICE_ID_SEALEVEL_7803 0x7803
+ #define PCI_DEVICE_ID_SEALEVEL_UCOMM8 0x7804
+
+ #define PCI_VENDOR_ID_HYPERCOPE 0x1365
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:21 2009
+Message-Id: <20090131023621.058512481@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:24 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Trond Myklebust <Trond.Myklebust@netapp.com>
+Subject: [patch 13/32] SUNRPC: Fix a memory leak in rpcb_getport_async
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=sunrpc-fix-a-memory-leak-in-rpcb_getport_async.patch
+Content-Length: 908
+Lines: 32
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+commit 96165e2b7c4e2c82a0b60c766d4a2036444c21a0 upstream.
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/sunrpc/rpcb_clnt.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/net/sunrpc/rpcb_clnt.c
++++ b/net/sunrpc/rpcb_clnt.c
+@@ -558,7 +558,7 @@ void rpcb_getport_async(struct rpc_task
+ status = -ENOMEM;
+ dprintk("RPC: %5u %s: no memory available\n",
+ task->tk_pid, __func__);
+- goto bailout_nofree;
++ goto bailout_release_client;
+ }
+ map->r_prog = clnt->cl_prog;
+ map->r_vers = clnt->cl_vers;
+@@ -583,6 +583,8 @@ void rpcb_getport_async(struct rpc_task
+ task->tk_xprt->stat.bind_count++;
+ return;
+
++bailout_release_client:
++ rpc_release_client(rpcb_clnt);
+ bailout_nofree:
+ rpcb_wake_rpcbind_waiters(xprt, status);
+ task->tk_status = status;
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:21 2009
+Message-Id: <20090131023621.181481746@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:25 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Trond Myklebust <Trond.Myklebust@netapp.com>
+Subject: [patch 14/32] SUNRPC: Fix autobind on cloned rpc clients
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=sunrpc-fix-autobind-on-cloned-rpc-clients.patch
+Content-Length: 3014
+Lines: 96
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+commit 9a4bd29fe8f6d3f015fe1c8e5450eb62cfebfcc9 upstream.
+
+Despite the fact that cloned rpc clients won't have the cl_autobind flag
+set, they may still find themselves calling rpcb_getport_async(). For this
+to happen, it suffices for a _parent_ rpc_clnt to use autobinding, in which
+case any clone may find itself triggering the !xprt_bound() case in
+call_bind().
+
+The correct fix for this is to walk back up the tree of cloned rpc clients,
+in order to find the parent that 'owns' the transport, either because it
+has clnt->cl_autobind set, or because it originally created the
+transport...
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/sunrpc/rpcb_clnt.c | 36 +++++++++++++++++++++++++++++-------
+ 1 file changed, 29 insertions(+), 7 deletions(-)
+
+--- a/net/sunrpc/rpcb_clnt.c
++++ b/net/sunrpc/rpcb_clnt.c
+@@ -469,6 +469,28 @@ static struct rpc_task *rpcb_call_async(
+ return rpc_run_task(&task_setup_data);
+ }
+
++/*
++ * In the case where rpc clients have been cloned, we want to make
++ * sure that we use the program number/version etc of the actual
++ * owner of the xprt. To do so, we walk back up the tree of parents
++ * to find whoever created the transport and/or whoever has the
++ * autobind flag set.
++ */
++static struct rpc_clnt *rpcb_find_transport_owner(struct rpc_clnt *clnt)
++{
++ struct rpc_clnt *parent = clnt->cl_parent;
++
++ while (parent != clnt) {
++ if (parent->cl_xprt != clnt->cl_xprt)
++ break;
++ if (clnt->cl_autobind)
++ break;
++ clnt = parent;
++ parent = parent->cl_parent;
++ }
++ return clnt;
++}
++
+ /**
+ * rpcb_getport_async - obtain the port for a given RPC service on a given host
+ * @task: task that is waiting for portmapper request
+@@ -478,10 +500,10 @@ static struct rpc_task *rpcb_call_async(
+ */
+ void rpcb_getport_async(struct rpc_task *task)
+ {
+- struct rpc_clnt *clnt = task->tk_client;
++ struct rpc_clnt *clnt;
+ struct rpc_procinfo *proc;
+ u32 bind_version;
+- struct rpc_xprt *xprt = task->tk_xprt;
++ struct rpc_xprt *xprt;
+ struct rpc_clnt *rpcb_clnt;
+ static struct rpcbind_args *map;
+ struct rpc_task *child;
+@@ -490,13 +512,13 @@ void rpcb_getport_async(struct rpc_task
+ size_t salen;
+ int status;
+
++ clnt = rpcb_find_transport_owner(task->tk_client);
++ xprt = clnt->cl_xprt;
++
+ dprintk("RPC: %5u %s(%s, %u, %u, %d)\n",
+ task->tk_pid, __func__,
+ clnt->cl_server, clnt->cl_prog, clnt->cl_vers, xprt->prot);
+
+- /* Autobind on cloned rpc clients is discouraged */
+- BUG_ON(clnt->cl_parent != clnt);
+-
+ /* Put self on the wait queue to ensure we get notified if
+ * some other task is already attempting to bind the port */
+ rpc_sleep_on(&xprt->binding, task, NULL);
+@@ -578,9 +600,9 @@ void rpcb_getport_async(struct rpc_task
+ task->tk_pid, __func__);
+ return;
+ }
+- rpc_put_task(child);
+
+- task->tk_xprt->stat.bind_count++;
++ xprt->stat.bind_count++;
++ rpc_put_task(child);
+ return;
+
+ bailout_release_client:
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:21 2009
+Message-Id: <20090131023621.304495011@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:26 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Alan Stern <stern@rowland.harvard.edu>
+Subject: [patch 15/32] USB: fix char-device disconnect handling
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=usb-fix-char-device-disconnect-handling.patch
+Content-Length: 3675
+Lines: 120
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Alan Stern <stern@rowland.harvard.edu>
+
+commit 501950d846218ed80a776d2aae5aed9c8b92e778 upstream.
+
+This patch (as1198) fixes a conceptual bug: Somewhere along the line
+we managed to confuse USB class devices with USB char devices. As a
+result, the code to send a disconnect signal to userspace would not be
+built if both CONFIG_USB_DEVICE_CLASS and CONFIG_USB_DEVICEFS were
+disabled.
+
+The usb_fs_classdev_common_remove() routine has been renamed to
+usbdev_remove() and it is now called whenever any USB device is
+removed, not just when a class device is unregistered. The notifier
+registration and unregistration calls are no longer conditionally
+compiled. And since the common removal code will always be called as
+part of the char device interface, there's no need to call it again as
+part of the usbfs interface; thus the invocation of
+usb_fs_classdev_common_remove() has been taken out of
+usbfs_remove_device().
+
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+Reported-by: Alon Bar-Lev <alon.barlev@gmail.com>
+Tested-by: Alon Bar-Lev <alon.barlev@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/core/devio.c | 20 ++++++++++++--------
+ drivers/usb/core/inode.c | 1 -
+ drivers/usb/core/usb.h | 1 -
+ 3 files changed, 12 insertions(+), 10 deletions(-)
+
+--- a/drivers/usb/core/devio.c
++++ b/drivers/usb/core/devio.c
+@@ -1700,7 +1700,7 @@ const struct file_operations usbdev_file
+ .release = usbdev_release,
+ };
+
+-void usb_fs_classdev_common_remove(struct usb_device *udev)
++static void usbdev_remove(struct usb_device *udev)
+ {
+ struct dev_state *ps;
+ struct siginfo sinfo;
+@@ -1742,10 +1742,15 @@ static void usb_classdev_remove(struct u
+ {
+ if (dev->usb_classdev)
+ device_unregister(dev->usb_classdev);
+- usb_fs_classdev_common_remove(dev);
+ }
+
+-static int usb_classdev_notify(struct notifier_block *self,
++#else
++#define usb_classdev_add(dev) 0
++#define usb_classdev_remove(dev) do {} while (0)
++
++#endif
++
++static int usbdev_notify(struct notifier_block *self,
+ unsigned long action, void *dev)
+ {
+ switch (action) {
+@@ -1755,15 +1760,15 @@ static int usb_classdev_notify(struct no
+ break;
+ case USB_DEVICE_REMOVE:
+ usb_classdev_remove(dev);
++ usbdev_remove(dev);
+ break;
+ }
+ return NOTIFY_OK;
+ }
+
+ static struct notifier_block usbdev_nb = {
+- .notifier_call = usb_classdev_notify,
++ .notifier_call = usbdev_notify,
+ };
+-#endif
+
+ static struct cdev usb_device_cdev;
+
+@@ -1797,9 +1802,8 @@ int __init usb_devio_init(void)
+ * to /sys/dev
+ */
+ usb_classdev_class->dev_kobj = NULL;
+-
+- usb_register_notify(&usbdev_nb);
+ #endif
++ usb_register_notify(&usbdev_nb);
+ out:
+ return retval;
+
+@@ -1810,8 +1814,8 @@ error_cdev:
+
+ void usb_devio_cleanup(void)
+ {
+-#ifdef CONFIG_USB_DEVICE_CLASS
+ usb_unregister_notify(&usbdev_nb);
++#ifdef CONFIG_USB_DEVICE_CLASS
+ class_destroy(usb_classdev_class);
+ #endif
+ cdev_del(&usb_device_cdev);
+--- a/drivers/usb/core/inode.c
++++ b/drivers/usb/core/inode.c
+@@ -716,7 +716,6 @@ static void usbfs_remove_device(struct u
+ fs_remove_file (dev->usbfs_dentry);
+ dev->usbfs_dentry = NULL;
+ }
+- usb_fs_classdev_common_remove(dev);
+ }
+
+ static int usbfs_notify(struct notifier_block *self, unsigned long action, void *dev)
+--- a/drivers/usb/core/usb.h
++++ b/drivers/usb/core/usb.h
+@@ -145,7 +145,6 @@ extern struct usb_driver usbfs_driver;
+ extern const struct file_operations usbfs_devices_fops;
+ extern const struct file_operations usbdev_file_operations;
+ extern void usbfs_conn_disc_event(void);
+-extern void usb_fs_classdev_common_remove(struct usb_device *udev);
+
+ extern int usb_devio_init(void);
+ extern void usb_devio_cleanup(void);
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:21 2009
+Message-Id: <20090131023621.423453904@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:27 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Oliver Neukum <oneukum@suse.de>
+Subject: [patch 16/32] USB: storage: add unusual devs entry
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=usb-storage-add-unusual-devs-entry.patch
+Content-Length: 786
+Lines: 29
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Oliver Neukum <oliver@neukum.org>
+
+commit b90de8aea36ae6fe8050a6e91b031369c4f251b2 upstream.
+
+This adds an unusual devs entry for 2116:0320
+
+Signed-off-by: Oliver Neukum <oneukum@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/storage/unusual_devs.h | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/usb/storage/unusual_devs.h
++++ b/drivers/usb/storage/unusual_devs.h
+@@ -2047,6 +2047,12 @@ UNUSUAL_DEV( 0x19d2, 0x2000, 0x0000, 0x
+ US_SC_DEVICE, US_PR_DEVICE, NULL,
+ US_FL_IGNORE_DEVICE),
+
++UNUSUAL_DEV( 0x2116, 0x0320, 0x0001, 0x0001,
++ "ST",
++ "2A",
++ US_SC_DEVICE, US_PR_DEVICE, NULL,
++ US_FL_FIX_CAPACITY),
++
+ /* patch submitted by Davide Perini <perini.davide@dpsoftware.org>
+ * and Renato Perini <rperini@email.it>
+ */
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:21 2009
+Message-Id: <20090131023621.544657017@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:28 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Pete Zaitcev <zaitcev@redhat.com>
+Subject: [patch 17/32] USB: usbmon: Implement compat_ioctl
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=usb-usbmon-implement-compat_ioctl.patch
+Content-Length: 4268
+Lines: 171
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Pete Zaitcev <zaitcev@redhat.com>
+
+commit 7abce6bedc118eb39fe177c2c26be5d008505c14 upstream.
+
+Running a 32-bit usbmon(8) on 2.6.28-rc9 produces the following:
+ioctl32(usbmon:28563): Unknown cmd fd(3) cmd(400c9206){t:ffffff92;sz:12} arg(ffd3f458) on /dev/usbmon0
+
+It happens because the compatibility mode was implemented for 2.6.18
+and not updated for the fsops.compat_ioctl API.
+
+This patch relocates the pieces from under #ifdef CONFIG_COMPAT into
+compat_ioctl with no other changes except one new whitespace.
+
+Signed-off-by: Pete Zaitcev <zaitcev@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/mon/mon_bin.c | 105 ++++++++++++++++++++++++++++------------------
+ 1 file changed, 66 insertions(+), 39 deletions(-)
+
+--- a/drivers/usb/mon/mon_bin.c
++++ b/drivers/usb/mon/mon_bin.c
+@@ -37,6 +37,7 @@
+ #define MON_IOCX_GET _IOW(MON_IOC_MAGIC, 6, struct mon_bin_get)
+ #define MON_IOCX_MFETCH _IOWR(MON_IOC_MAGIC, 7, struct mon_bin_mfetch)
+ #define MON_IOCH_MFLUSH _IO(MON_IOC_MAGIC, 8)
++
+ #ifdef CONFIG_COMPAT
+ #define MON_IOCX_GET32 _IOW(MON_IOC_MAGIC, 6, struct mon_bin_get32)
+ #define MON_IOCX_MFETCH32 _IOWR(MON_IOC_MAGIC, 7, struct mon_bin_mfetch32)
+@@ -921,21 +922,6 @@ static int mon_bin_ioctl(struct inode *i
+ }
+ break;
+
+-#ifdef CONFIG_COMPAT
+- case MON_IOCX_GET32: {
+- struct mon_bin_get32 getb;
+-
+- if (copy_from_user(&getb, (void __user *)arg,
+- sizeof(struct mon_bin_get32)))
+- return -EFAULT;
+-
+- ret = mon_bin_get_event(file, rp,
+- compat_ptr(getb.hdr32), compat_ptr(getb.data32),
+- getb.alloc32);
+- }
+- break;
+-#endif
+-
+ case MON_IOCX_MFETCH:
+ {
+ struct mon_bin_mfetch mfetch;
+@@ -962,7 +948,57 @@ static int mon_bin_ioctl(struct inode *i
+ }
+ break;
+
++ case MON_IOCG_STATS: {
++ struct mon_bin_stats __user *sp;
++ unsigned int nevents;
++ unsigned int ndropped;
++
++ spin_lock_irqsave(&rp->b_lock, flags);
++ ndropped = rp->cnt_lost;
++ rp->cnt_lost = 0;
++ spin_unlock_irqrestore(&rp->b_lock, flags);
++ nevents = mon_bin_queued(rp);
++
++ sp = (struct mon_bin_stats __user *)arg;
++ if (put_user(rp->cnt_lost, &sp->dropped))
++ return -EFAULT;
++ if (put_user(nevents, &sp->queued))
++ return -EFAULT;
++
++ }
++ break;
++
++ default:
++ return -ENOTTY;
++ }
++
++ return ret;
++}
++
+ #ifdef CONFIG_COMPAT
++static long mon_bin_compat_ioctl(struct file *file,
++ unsigned int cmd, unsigned long arg)
++{
++ struct mon_reader_bin *rp = file->private_data;
++ int ret;
++
++ switch (cmd) {
++
++ case MON_IOCX_GET32: {
++ struct mon_bin_get32 getb;
++
++ if (copy_from_user(&getb, (void __user *)arg,
++ sizeof(struct mon_bin_get32)))
++ return -EFAULT;
++
++ ret = mon_bin_get_event(file, rp,
++ compat_ptr(getb.hdr32), compat_ptr(getb.data32),
++ getb.alloc32);
++ if (ret < 0)
++ return ret;
++ }
++ return 0;
++
+ case MON_IOCX_MFETCH32:
+ {
+ struct mon_bin_mfetch32 mfetch;
+@@ -986,37 +1022,25 @@ static int mon_bin_ioctl(struct inode *i
+ return ret;
+ if (put_user(ret, &uptr->nfetch32))
+ return -EFAULT;
+- ret = 0;
+ }
+- break;
+-#endif
+-
+- case MON_IOCG_STATS: {
+- struct mon_bin_stats __user *sp;
+- unsigned int nevents;
+- unsigned int ndropped;
+-
+- spin_lock_irqsave(&rp->b_lock, flags);
+- ndropped = rp->cnt_lost;
+- rp->cnt_lost = 0;
+- spin_unlock_irqrestore(&rp->b_lock, flags);
+- nevents = mon_bin_queued(rp);
++ return 0;
+
+- sp = (struct mon_bin_stats __user *)arg;
+- if (put_user(rp->cnt_lost, &sp->dropped))
+- return -EFAULT;
+- if (put_user(nevents, &sp->queued))
+- return -EFAULT;
++ case MON_IOCG_STATS:
++ return mon_bin_ioctl(NULL, file, cmd,
++ (unsigned long) compat_ptr(arg));
+
+- }
+- break;
++ case MON_IOCQ_URB_LEN:
++ case MON_IOCQ_RING_SIZE:
++ case MON_IOCT_RING_SIZE:
++ case MON_IOCH_MFLUSH:
++ return mon_bin_ioctl(NULL, file, cmd, arg);
+
+ default:
+- return -ENOTTY;
++ ;
+ }
+-
+- return ret;
++ return -ENOTTY;
+ }
++#endif /* CONFIG_COMPAT */
+
+ static unsigned int
+ mon_bin_poll(struct file *file, struct poll_table_struct *wait)
+@@ -1094,6 +1118,9 @@ static const struct file_operations mon_
+ /* .write = mon_text_write, */
+ .poll = mon_bin_poll,
+ .ioctl = mon_bin_ioctl,
++#ifdef CONFIG_COMPAT
++ .compat_ioctl = mon_bin_compat_ioctl,
++#endif
+ .release = mon_bin_release,
+ .mmap = mon_bin_mmap,
+ };
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:21 2009
+Message-Id: <20090131023621.668163501@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:29 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Luke Yelavich <themuso@ubuntu.com>,
+ Takashi Iwai <tiwai@suse.de>
+Subject: [patch 18/32] ALSA: hda - add another MacBook Pro 4, 1 subsystem ID
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=alsa-hda-add-another-macbook-pro-4-1-subsystem-id.patch
+Content-Length: 854
+Lines: 26
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Luke Yelavich <themuso@ubuntu.com>
+
+commit 2a88464ceb1bda2571f88902fd8068a6168e3f7b upstream.
+
+Add another MacBook Pro 4,1 SSID (106b:3800). It seems that latter revisions,
+(at least mine), have different IDs to earlier revisions.
+
+Signed-off-by: Luke Yelavich <themuso@ubuntu.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ sound/pci/hda/patch_realtek.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -6631,6 +6631,7 @@ static int patch_alc882(struct hda_codec
+ case 0x106b00a1: /* Macbook (might be wrong - PCI SSID?) */
+ case 0x106b2c00: /* Macbook Pro rev3 */
+ case 0x106b3600: /* Macbook 3.1 */
++ case 0x106b3800: /* MacbookPro4,1 - latter revision */
+ board_config = ALC885_MBP3;
+ break;
+ default:
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:21 2009
+Message-Id: <20090131023621.791696806@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:30 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Joerg Schirottke <master@kanotix.com>,
+ Takashi Iwai <tiwai@suse.de>
+Subject: [patch 19/32] ALSA: hda - Add quirk for HP DV6700 laptop
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=alsa-hda-add-quirk-for-hp-dv6700-laptop.patch
+Content-Length: 873
+Lines: 25
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Joerg Schirottke <master@kanotix.com>
+
+commit aa9d823bb347fb66cb07f98c686be8bb85cb6a74 upstream.
+
+Added the matching model=laptop for HP DV6700 laptop.
+
+Signed-off-by: Joerg Schirottke <master@kanotix.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ sound/pci/hda/patch_conexant.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_conexant.c
++++ b/sound/pci/hda/patch_conexant.c
+@@ -1470,6 +1470,7 @@ static struct snd_pci_quirk cxt5047_cfg_
+ SND_PCI_QUIRK(0x103c, 0x30a5, "HP DV5200T/DV8000T", CXT5047_LAPTOP_HP),
+ SND_PCI_QUIRK(0x103c, 0x30b2, "HP DV2000T/DV3000T", CXT5047_LAPTOP),
+ SND_PCI_QUIRK(0x103c, 0x30b5, "HP DV2000Z", CXT5047_LAPTOP),
++ SND_PCI_QUIRK(0x103c, 0x30cf, "HP DV6700", CXT5047_LAPTOP),
+ SND_PCI_QUIRK(0x1179, 0xff31, "Toshiba P100", CXT5047_LAPTOP_EAPD),
+ {}
+ };
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:22 2009
+Message-Id: <20090131023621.914485657@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:31 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Takashi Iwai <tiwai@suse.de>
+Subject: [patch 20/32] ALSA: hda - Fix PCM reference NID for STAC/IDT analog outputs
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=alsa-hda-fix-pcm-reference-nid-for-stac-idt-analog-outputs.patch
+Content-Length: 1084
+Lines: 30
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 00a602db1ce9d61319d6f769dee206ec85f19bda upstream.
+
+The reference NID for the analog outputs of STAC/IDT codecs is set
+to a fixed number 0x02. But this isn't always correct and in many
+codecs it points to a non-existing NID.
+
+This patch fixes the initialization of the PCM reference NID taken
+from the actually probed DAC list.
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ sound/pci/hda/patch_sigmatel.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/sound/pci/hda/patch_sigmatel.c
++++ b/sound/pci/hda/patch_sigmatel.c
+@@ -2048,6 +2048,8 @@ static int stac92xx_build_pcms(struct hd
+
+ info->name = "STAC92xx Analog";
+ info->stream[SNDRV_PCM_STREAM_PLAYBACK] = stac92xx_pcm_analog_playback;
++ info->stream[SNDRV_PCM_STREAM_PLAYBACK].nid =
++ spec->multiout.dac_nids[0];
+ info->stream[SNDRV_PCM_STREAM_CAPTURE] = stac92xx_pcm_analog_capture;
+ info->stream[SNDRV_PCM_STREAM_CAPTURE].nid = spec->adc_nids[0];
+ info->stream[SNDRV_PCM_STREAM_CAPTURE].substreams = spec->num_adcs;
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:22 2009
+Message-Id: <20090131023622.047975106@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:32 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Paul Larson <pl@linux.vnet.ibm.com>,
+ Eilon Greenstein <eilong@broadcom.com>,
+ "David S. Miller" <davem@davemloft.net>
+Subject: [patch 21/32] bnx2x: Block nvram access when the device is inactive
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=bnx2x-block-nvram-access-when-the-device-is-inactive.patch
+Content-Length: 908
+Lines: 29
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Eilon Greenstein <eilong@broadcom.com>
+
+commit 2add3acb11a26cc14b54669433ae6ace6406cbf2 upstream.
+
+Don't dump eeprom when bnx2x adapter is down. Running ethtool -e causes an eeh
+without it when the device is down
+
+Signed-off-by: Paul Larson <pl@linux.vnet.ibm.com>
+Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/bnx2x_main.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/net/bnx2x_main.c
++++ b/drivers/net/bnx2x_main.c
+@@ -8078,6 +8078,9 @@ static int bnx2x_get_eeprom(struct net_d
+ struct bnx2x *bp = netdev_priv(dev);
+ int rc;
+
++ if (!netif_running(dev))
++ return -EAGAIN;
++
+ DP(BNX2X_MSG_NVM, "ethtool_eeprom: cmd %d\n"
+ DP_LEVEL " magic 0x%x offset 0x%x (%d) len 0x%x (%d)\n",
+ eeprom->cmd, eeprom->magic, eeprom->offset, eeprom->offset,
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:22 2009
+Message-Id: <20090131023622.171744893@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:33 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 22/32] crypto: authenc - Fix zero-length IV crash
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=crypto-authenc-fix-zero-length-iv-crash.patch
+Content-Length: 2037
+Lines: 65
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit 29b37f42127f7da511560a40ea74f5047da40c13 upstream.
+
+As it is if an algorithm with a zero-length IV is used (e.g.,
+NULL encryption) with authenc, authenc may generate an SG entry
+of length zero, which will trigger a BUG check in the hash layer.
+
+This patch fixes it by skipping the IV SG generation if the IV
+size is zero.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ crypto/authenc.c | 24 +++++++++++++++---------
+ 1 file changed, 15 insertions(+), 9 deletions(-)
+
+--- a/crypto/authenc.c
++++ b/crypto/authenc.c
+@@ -157,16 +157,19 @@ static int crypto_authenc_genicv(struct
+ dstp = sg_page(dst);
+ vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + dst->offset;
+
+- sg_init_table(cipher, 2);
+- sg_set_buf(cipher, iv, ivsize);
+- authenc_chain(cipher, dst, vdst == iv + ivsize);
++ if (ivsize) {
++ sg_init_table(cipher, 2);
++ sg_set_buf(cipher, iv, ivsize);
++ authenc_chain(cipher, dst, vdst == iv + ivsize);
++ dst = cipher;
++ }
+
+ cryptlen = req->cryptlen + ivsize;
+- hash = crypto_authenc_hash(req, flags, cipher, cryptlen);
++ hash = crypto_authenc_hash(req, flags, dst, cryptlen);
+ if (IS_ERR(hash))
+ return PTR_ERR(hash);
+
+- scatterwalk_map_and_copy(hash, cipher, cryptlen,
++ scatterwalk_map_and_copy(hash, dst, cryptlen,
+ crypto_aead_authsize(authenc), 1);
+ return 0;
+ }
+@@ -284,11 +287,14 @@ static int crypto_authenc_iverify(struct
+ srcp = sg_page(src);
+ vsrc = PageHighMem(srcp) ? NULL : page_address(srcp) + src->offset;
+
+- sg_init_table(cipher, 2);
+- sg_set_buf(cipher, iv, ivsize);
+- authenc_chain(cipher, src, vsrc == iv + ivsize);
++ if (ivsize) {
++ sg_init_table(cipher, 2);
++ sg_set_buf(cipher, iv, ivsize);
++ authenc_chain(cipher, src, vsrc == iv + ivsize);
++ src = cipher;
++ }
+
+- return crypto_authenc_verify(req, cipher, cryptlen + ivsize);
++ return crypto_authenc_verify(req, src, cryptlen + ivsize);
+ }
+
+ static int crypto_authenc_decrypt(struct aead_request *req)
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:22 2009
+Message-Id: <20090131023622.296033390@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:34 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Jarod Wilson <jarod@redhat.com>,
+ Neil Horman <nhorman@tuxdriver.com>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 23/32] crypto: ccm - Fix handling of null assoc data
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=crypto-ccm-fix-handling-of-null-assoc-data.patch
+Content-Length: 3824
+Lines: 81
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Jarod Wilson <jarod@redhat.com>
+
+commit 516280e735b034216de97eb7ba080ec6acbfc58f upstream.
+
+Its a valid use case to have null associated data in a ccm vector, but
+this case isn't being handled properly right now.
+
+The following ccm decryption/verification test vector, using the
+rfc4309 implementation regularly triggers a panic, as will any
+other vector with null assoc data:
+
+* key: ab2f8a74b71cd2b1ff802e487d82f8b9
+* iv: c6fb7d800d13abd8a6b2d8
+* Associated Data: [NULL]
+* Tag Length: 8
+* input: d5e8939fc7892e2b
+
+The resulting panic looks like so:
+
+Unable to handle kernel paging request at ffff810064ddaec0 RIP:
+ [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6
+PGD 8063 PUD 0
+Oops: 0002 [1] SMP
+last sysfs file: /module/libata/version
+CPU 0
+Modules linked in: crypto_tester_kmod(U) seqiv krng ansi_cprng chainiv rng ctr aes_generic aes_x86_64 ccm cryptomgr testmgr_cipher testmgr aead crypto_blkcipher crypto_a
+lgapi des ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth nfs lockd fscache nfs_acl sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_
+tcpudp iptable_filter ip_tables x_tables dm_mirror dm_log dm_multipath scsi_dh dm_mod video hwmon backlight sbs i2c_ec button battery asus_acpi acpi_memhotplug ac lp sg
+snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss joydev snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss ide_cd snd_pcm floppy parport_p
+c shpchp e752x_edac snd_timer e1000 i2c_i801 edac_mc snd soundcore snd_page_alloc i2c_core cdrom parport serio_raw pcspkr ata_piix libata sd_mod scsi_mod ext3 jbd uhci_h
+cd ohci_hcd ehci_hcd
+Pid: 12844, comm: crypto-tester Tainted: G 2.6.18-128.el5.fips1 #1
+RIP: 0010:[<ffffffff8864c4d7>] [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6
+RSP: 0018:ffff8100134434e8 EFLAGS: 00010246
+RAX: 0000000000000000 RBX: ffff8100104898b0 RCX: ffffffffab6aea10
+RDX: 0000000000000010 RSI: ffff8100104898c0 RDI: ffff810064ddaec0
+RBP: 0000000000000000 R08: ffff8100104898b0 R09: 0000000000000000
+R10: ffff8100103bac84 R11: ffff8100104898b0 R12: ffff810010489858
+R13: ffff8100104898b0 R14: ffff8100103bac00 R15: 0000000000000000
+FS: 00002ab881adfd30(0000) GS:ffffffff803ac000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
+CR2: ffff810064ddaec0 CR3: 0000000012a88000 CR4: 00000000000006e0
+Process crypto-tester (pid: 12844, threadinfo ffff810013442000, task ffff81003d165860)
+Stack: ffff8100103bac00 ffff8100104898e8 ffff8100134436f8 ffffffff00000000
+ 0000000000000000 ffff8100104898b0 0000000000000000 ffff810010489858
+ 0000000000000000 ffff8100103bac00 ffff8100134436f8 ffffffff8864c634
+Call Trace:
+ [<ffffffff8864c634>] :ccm:crypto_ccm_auth+0x12d/0x140
+ [<ffffffff8864cf73>] :ccm:crypto_ccm_decrypt+0x161/0x23a
+ [<ffffffff88633643>] :crypto_tester_kmod:cavs_test_rfc4309_ccm+0x4a5/0x559
+[...]
+
+The above is from a RHEL5-based kernel, but upstream is susceptible too.
+
+The fix is trivial: in crypto/ccm.c:crypto_ccm_auth(), pctx->ilen contains
+whatever was in memory when pctx was allocated if assoclen is 0. The tested
+fix is to simply add an else clause setting pctx->ilen to 0 for the
+assoclen == 0 case, so that get_data_to_compute() doesn't try doing
+things its not supposed to.
+
+Signed-off-by: Jarod Wilson <jarod@redhat.com>
+Acked-by: Neil Horman <nhorman@tuxdriver.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ crypto/ccm.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/crypto/ccm.c
++++ b/crypto/ccm.c
+@@ -266,6 +266,8 @@ static int crypto_ccm_auth(struct aead_r
+ if (assoclen) {
+ pctx->ilen = format_adata(idata, assoclen);
+ get_data_to_compute(cipher, pctx, req->assoc, req->assoclen);
++ } else {
++ pctx->ilen = 0;
+ }
+
+ /* compute plaintext into mac */
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:22 2009
+Message-Id: <20090131023622.420029866@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:35 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Davide Libenzi <davidel@xmailserver.org>,
+ Michael Kerrisk <mtk.manpages@googlemail.com>,
+ Bron Gondwana <brong@fastmail.fm>
+Subject: [patch 24/32] epoll: drop max_user_instances and rely only on max_user_watches
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=epoll-drop-max_user_instances-and-rely-only-on-max_user_watches.patch
+Content-Length: 3465
+Lines: 111
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Davide Libenzi <davidel@xmailserver.org>
+
+commit 9df04e1f25effde823a600e755b51475d438f56b upstream.
+
+Linus suggested to put limits where the money is, and max_user_watches
+already does that w/out the need of max_user_instances. That has the
+advantage to mitigate the potential DoS while allowing pretty generous
+default behavior.
+
+Allowing top 4% of low memory (per user) to be allocated in epoll watches,
+we have:
+
+LOMEM MAX_WATCHES (per user)
+512MB ~178000
+1GB ~356000
+2GB ~712000
+
+A box with 512MB of lomem, will meet some challenge in hitting 180K
+watches, socket buffers math teaches us. No more max_user_instances
+limits then.
+
+Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
+Cc: Willy Tarreau <w@1wt.eu>
+Cc: Michael Kerrisk <mtk.manpages@googlemail.com>
+Cc: Bron Gondwana <brong@fastmail.fm>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/eventpoll.c | 22 ++++------------------
+ include/linux/sched.h | 1 -
+ 2 files changed, 4 insertions(+), 19 deletions(-)
+
+--- a/fs/eventpoll.c
++++ b/fs/eventpoll.c
+@@ -234,8 +234,6 @@ struct ep_pqueue {
+ /*
+ * Configuration options available inside /proc/sys/fs/epoll/
+ */
+-/* Maximum number of epoll devices, per user */
+-static int max_user_instances __read_mostly;
+ /* Maximum number of epoll watched descriptors, per user */
+ static int max_user_watches __read_mostly;
+
+@@ -261,14 +259,6 @@ static int zero;
+
+ ctl_table epoll_table[] = {
+ {
+- .procname = "max_user_instances",
+- .data = &max_user_instances,
+- .maxlen = sizeof(int),
+- .mode = 0644,
+- .proc_handler = &proc_dointvec_minmax,
+- .extra1 = &zero,
+- },
+- {
+ .procname = "max_user_watches",
+ .data = &max_user_watches,
+ .maxlen = sizeof(int),
+@@ -491,7 +481,6 @@ static void ep_free(struct eventpoll *ep
+
+ mutex_unlock(&epmutex);
+ mutex_destroy(&ep->mtx);
+- atomic_dec(&ep->user->epoll_devs);
+ free_uid(ep->user);
+ kfree(ep);
+ }
+@@ -581,10 +570,6 @@ static int ep_alloc(struct eventpoll **p
+ struct eventpoll *ep;
+
+ user = get_current_user();
+- error = -EMFILE;
+- if (unlikely(atomic_read(&user->epoll_devs) >=
+- max_user_instances))
+- goto free_uid;
+ error = -ENOMEM;
+ ep = kzalloc(sizeof(*ep), GFP_KERNEL);
+ if (unlikely(!ep))
+@@ -1137,7 +1122,6 @@ SYSCALL_DEFINE1(epoll_create1, int, flag
+ flags & O_CLOEXEC);
+ if (fd < 0)
+ ep_free(ep);
+- atomic_inc(&ep->user->epoll_devs);
+
+ error_return:
+ DNPRINTK(3, (KERN_INFO "[%p] eventpoll: sys_epoll_create(%d) = %d\n",
+@@ -1362,8 +1346,10 @@ static int __init eventpoll_init(void)
+ struct sysinfo si;
+
+ si_meminfo(&si);
+- max_user_instances = 128;
+- max_user_watches = (((si.totalram - si.totalhigh) / 32) << PAGE_SHIFT) /
++ /*
++ * Allows top 4% of lomem to be allocated for epoll watches (per user).
++ */
++ max_user_watches = (((si.totalram - si.totalhigh) / 25) << PAGE_SHIFT) /
+ EP_ITEM_COST;
+
+ /* Initialize the structure used to perform safe poll wait head wake ups */
+--- a/include/linux/sched.h
++++ b/include/linux/sched.h
+@@ -588,7 +588,6 @@ struct user_struct {
+ atomic_t inotify_devs; /* How many inotify devs does this user have opened? */
+ #endif
+ #ifdef CONFIG_EPOLL
+- atomic_t epoll_devs; /* The number of epoll descriptors currently open */
+ atomic_t epoll_watches; /* The number of file descriptors currently watched */
+ #endif
+ #ifdef CONFIG_POSIX_MQUEUE
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:22 2009
+Message-Id: <20090131023622.543309429@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:36 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk
+Subject: [patch 25/32] ext3: Add sanity check to make_indexed_dir
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=ext3-add-sanity-check-to-make_indexed_dir.patch
+Content-Length: 2041
+Lines: 64
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Theodore Ts'o <tytso@mit.edu>
+
+commit a21102b55c4f8dfd3adb4a15a34cd62237b46039 upstream.
+
+Make sure the rec_len field in the '..' entry is sane, lest we overrun
+the directory block and cause a kernel oops on a purposefully
+corrupted filesystem.
+
+This fixes a bug related to a bug originally reported by Sami Liedes
+for ext4 at:
+
+http://bugzilla.kernel.org/show_bug.cgi?id=12430
+
+Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/ext3/namei.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+--- a/fs/ext3/namei.c
++++ b/fs/ext3/namei.c
+@@ -1374,7 +1374,7 @@ static int make_indexed_dir(handle_t *ha
+ struct fake_dirent *fde;
+
+ blocksize = dir->i_sb->s_blocksize;
+- dxtrace(printk("Creating index\n"));
++ dxtrace(printk(KERN_DEBUG "Creating index: inode %lu\n", dir->i_ino));
+ retval = ext3_journal_get_write_access(handle, bh);
+ if (retval) {
+ ext3_std_error(dir->i_sb, retval);
+@@ -1383,6 +1383,19 @@ static int make_indexed_dir(handle_t *ha
+ }
+ root = (struct dx_root *) bh->b_data;
+
++ /* The 0th block becomes the root, move the dirents out */
++ fde = &root->dotdot;
++ de = (struct ext3_dir_entry_2 *)((char *)fde +
++ ext3_rec_len_from_disk(fde->rec_len));
++ if ((char *) de >= (((char *) root) + blocksize)) {
++ ext3_error(dir->i_sb, __func__,
++ "invalid rec_len for '..' in inode %lu",
++ dir->i_ino);
++ brelse(bh);
++ return -EIO;
++ }
++ len = ((char *) root) + blocksize - (char *) de;
++
+ bh2 = ext3_append (handle, dir, &block, &retval);
+ if (!(bh2)) {
+ brelse(bh);
+@@ -1391,11 +1404,6 @@ static int make_indexed_dir(handle_t *ha
+ EXT3_I(dir)->i_flags |= EXT3_INDEX_FL;
+ data1 = bh2->b_data;
+
+- /* The 0th block becomes the root, move the dirents out */
+- fde = &root->dotdot;
+- de = (struct ext3_dir_entry_2 *)((char *)fde +
+- ext3_rec_len_from_disk(fde->rec_len));
+- len = ((char *) root) + blocksize - (char *) de;
+ memcpy (data1, de, len);
+ de = (struct ext3_dir_entry_2 *) data1;
+ top = data1 + len;
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:22 2009
+Message-Id: <20090131023622.665951838@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:37 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Boaz Harrosh <bharrosh@panasas.com>,
+ FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>,
+ Jens Axboe <jens.axboe@oracle.com>
+Subject: [patch 26/32] include/linux: Add bsg.h to the Kernel exported headers
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=include-linux-add-bsg.h-to-the-kernel-exported-headers.patch
+Content-Length: 1137
+Lines: 36
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Boaz Harrosh <bharrosh@panasas.com>
+
+commit a229fc61ef0ee3c30fd193beee0eeb87410227f1 upstream.
+
+bsg.h in current form is perfectly suitable for user-mode
+consumption. It is needed together with scsi/sg.h for applications
+that want to interface with the bsg driver.
+
+Currently the few projects that use it would copy it over into
+the projects. But that is not acceptable for projects that need
+to provide source and devel packages for distros.
+
+This should also be submitted to stable 2.6.28 and 2.6.27 since bsg had
+a stable API since these Kernels and distro users will need the header
+for these kernels a swell
+
+Signed-off-by: Boaz Harrosh <bharrosh@panasas.com>
+Acked-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
+Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/linux/Kbuild | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/include/linux/Kbuild
++++ b/include/linux/Kbuild
+@@ -41,6 +41,7 @@ header-y += baycom.h
+ header-y += bfs_fs.h
+ header-y += blkpg.h
+ header-y += bpqether.h
++header-y += bsg.h
+ header-y += can.h
+ header-y += cdk.h
+ header-y += chio.h
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:22 2009
+Message-Id: <20090131023622.786965897@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:38 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Robin Holt <holt@sgi.com>,
+ Dean Nelson <dcn@sgi.com>
+Subject: [patch 27/32] sgi-xpc: ensure flags are updated before bte_copy
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=sgi-xpc-ensure-flags-are-updated-before-bte_copy.patch
+Content-Length: 2547
+Lines: 76
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Robin Holt <holt@sgi.com>
+
+commit 69b3bb65fa97a1e8563518dbbc35cd57beefb2d4 upstream.
+
+The clearing of the msg->flags needs a barrier between it and the notify
+of the channel threads that the messages are cleaned and ready for use.
+
+Signed-off-by: Robin Holt <holt@sgi.com>
+Signed-off-by: Dean Nelson <dcn@sgi.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/misc/sgi-xp/xpc_sn2.c | 9 +++++----
+ drivers/misc/sgi-xp/xpc_uv.c | 2 +-
+ 2 files changed, 6 insertions(+), 5 deletions(-)
+
+--- a/drivers/misc/sgi-xp/xpc_sn2.c
++++ b/drivers/misc/sgi-xp/xpc_sn2.c
+@@ -1841,6 +1841,7 @@ xpc_process_msg_chctl_flags_sn2(struct x
+ */
+ xpc_clear_remote_msgqueue_flags_sn2(ch);
+
++ smp_wmb(); /* ensure flags have been cleared before bte_copy */
+ ch_sn2->w_remote_GP.put = ch_sn2->remote_GP.put;
+
+ dev_dbg(xpc_chan, "w_remote_GP.put changed to %ld, partid=%d, "
+@@ -1939,7 +1940,7 @@ xpc_get_deliverable_payload_sn2(struct x
+ break;
+
+ get = ch_sn2->w_local_GP.get;
+- rmb(); /* guarantee that .get loads before .put */
++ smp_rmb(); /* guarantee that .get loads before .put */
+ if (get == ch_sn2->w_remote_GP.put)
+ break;
+
+@@ -2058,7 +2059,7 @@ xpc_allocate_msg_sn2(struct xpc_channel
+ while (1) {
+
+ put = ch_sn2->w_local_GP.put;
+- rmb(); /* guarantee that .put loads before .get */
++ smp_rmb(); /* guarantee that .put loads before .get */
+ if (put - ch_sn2->w_remote_GP.get < ch->local_nentries) {
+
+ /* There are available message entries. We need to try
+@@ -2191,7 +2192,7 @@ xpc_send_payload_sn2(struct xpc_channel
+ * The preceding store of msg->flags must occur before the following
+ * load of local_GP->put.
+ */
+- mb();
++ smp_mb();
+
+ /* see if the message is next in line to be sent, if so send it */
+
+@@ -2292,7 +2293,7 @@ xpc_received_payload_sn2(struct xpc_chan
+ * The preceding store of msg->flags must occur before the following
+ * load of local_GP->get.
+ */
+- mb();
++ smp_mb();
+
+ /*
+ * See if this message is next in line to be acknowledged as having
+--- a/drivers/misc/sgi-xp/xpc_uv.c
++++ b/drivers/misc/sgi-xp/xpc_uv.c
+@@ -1238,7 +1238,7 @@ xpc_send_payload_uv(struct xpc_channel *
+ atomic_inc(&ch->n_to_notify);
+
+ msg_slot->key = key;
+- wmb(); /* a non-NULL func must hit memory after the key */
++ smp_wmb(); /* a non-NULL func must hit memory after the key */
+ msg_slot->func = func;
+
+ if (ch->flags & XPC_C_DISCONNECTING) {
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:23 2009
+Message-Id: <20090131023622.908155314@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:39 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Robin Holt <holt@sgi.com>,
+ Dean Nelson <dcn@sgi.com>
+Subject: [patch 28/32] sgi-xpc: Remove NULL pointer dereference.
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=sgi-xpc-remove-null-pointer-dereference.patch
+Content-Length: 1157
+Lines: 38
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Robin Holt <holt@sgi.com>
+
+commit 17e2161654da4e6bdfd8d53d4f52e820ee93f423 upstream.
+
+If the bte copy fails, the attempt to retrieve payloads merely returns a
+null pointer deref and not NULL as was expected.
+
+Signed-off-by: Robin Holt <holt@sgi.com>
+Signed-off-by: Dean Nelson <dcn@sgi.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/misc/sgi-xp/xpc_sn2.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+--- a/drivers/misc/sgi-xp/xpc_sn2.c
++++ b/drivers/misc/sgi-xp/xpc_sn2.c
+@@ -1962,11 +1962,13 @@ xpc_get_deliverable_payload_sn2(struct x
+
+ msg = xpc_pull_remote_msg_sn2(ch, get);
+
+- DBUG_ON(msg != NULL && msg->number != get);
+- DBUG_ON(msg != NULL && (msg->flags & XPC_M_SN2_DONE));
+- DBUG_ON(msg != NULL && !(msg->flags & XPC_M_SN2_READY));
++ if (msg != NULL) {
++ DBUG_ON(msg->number != get);
++ DBUG_ON(msg->flags & XPC_M_SN2_DONE);
++ DBUG_ON(!(msg->flags & XPC_M_SN2_READY));
+
+- payload = &msg->payload;
++ payload = &msg->payload;
++ }
+ break;
+ }
+
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:23 2009
+Message-Id: <20090131023623.036553891@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:40 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Clemens Ladisch <clemens@ladisch.de>,
+ Takashi Iwai <tiwai@suse.de>
+Subject: [patch 29/32] sound: virtuoso: do not overwrite EEPROM on Xonar D2/D2X
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=sound-virtuoso-do-not-overwrite-eeprom-on-xonar-d2-d2x.patch
+Content-Length: 3500
+Lines: 93
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Clemens Ladisch <clemens@ladisch.de>
+
+commit 7e86c0e6850504ec9516b953f316a47277825e33 upstream.
+
+On the Asus Xonar D2 and D2X models, the SPI chip select signal for the
+fourth DAC shares its pin with the serial clock for the EEPROM that
+contains the PCI subdevice ID values. It appears that when DAC
+registers are written and some other unknown conditions occur (probably
+noise on the EEPROM's chip select line), the EEPROM gets overwritten
+with garbage, which makes it impossible to properly detect the card
+later.
+
+Therefore, we better avoid DAC register writes and make sure that the
+driver works with the DAC's registers' default values. Consequently,
+the sample format is now I2S instead of left-justified (no user-visible
+change), and the DAC's volume/mute registers cannot be used anymore
+(volume changes are now done by the software volume plugin).
+
+Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ sound/pci/oxygen/virtuoso.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+--- a/sound/pci/oxygen/virtuoso.c
++++ b/sound/pci/oxygen/virtuoso.c
+@@ -26,7 +26,7 @@
+ * SPI 0 -> 1st PCM1796 (front)
+ * SPI 1 -> 2nd PCM1796 (surround)
+ * SPI 2 -> 3rd PCM1796 (center/LFE)
+- * SPI 4 -> 4th PCM1796 (back)
++ * SPI 4 -> 4th PCM1796 (back) and EEPROM self-destruct (do not use!)
+ *
+ * GPIO 2 -> M0 of CS5381
+ * GPIO 3 -> M1 of CS5381
+@@ -142,6 +142,12 @@ struct xonar_data {
+ static void pcm1796_write(struct oxygen *chip, unsigned int codec,
+ u8 reg, u8 value)
+ {
++ /*
++ * We don't want to do writes on SPI 4 because the EEPROM, which shares
++ * the same pin, might get confused and broken. We'd better take care
++ * that the driver works with the default register values ...
++ */
++#if 0
+ /* maps ALSA channel pair number to SPI output */
+ static const u8 codec_map[4] = {
+ 0, 1, 2, 4
+@@ -152,6 +158,7 @@ static void pcm1796_write(struct oxygen
+ (codec_map[codec] << OXYGEN_SPI_CODEC_SHIFT) |
+ OXYGEN_SPI_CEN_LATCH_CLOCK_HI,
+ (reg << 8) | value);
++#endif
+ }
+
+ static void cs4398_write(struct oxygen *chip, u8 reg, u8 value)
+@@ -539,6 +546,9 @@ static const DECLARE_TLV_DB_SCALE(cs4362
+
+ static int xonar_d2_control_filter(struct snd_kcontrol_new *template)
+ {
++ if (!strncmp(template->name, "Master Playback ", 16))
++ /* disable volume/mute because they would require SPI writes */
++ return 1;
+ if (!strncmp(template->name, "CD Capture ", 11))
+ /* CD in is actually connected to the video in pin */
+ template->private_value ^= AC97_CD ^ AC97_VIDEO;
+@@ -588,9 +598,8 @@ static const struct oxygen_model xonar_m
+ .dac_volume_min = 0x0f,
+ .dac_volume_max = 0xff,
+ .misc_flags = OXYGEN_MISC_MIDI,
+- .function_flags = OXYGEN_FUNCTION_SPI |
+- OXYGEN_FUNCTION_ENABLE_SPI_4_5,
+- .dac_i2s_format = OXYGEN_I2S_FORMAT_LJUST,
++ .function_flags = OXYGEN_FUNCTION_SPI,
++ .dac_i2s_format = OXYGEN_I2S_FORMAT_I2S,
+ .adc_i2s_format = OXYGEN_I2S_FORMAT_LJUST,
+ },
+ [MODEL_D2X] = {
+@@ -619,9 +628,8 @@ static const struct oxygen_model xonar_m
+ .dac_volume_min = 0x0f,
+ .dac_volume_max = 0xff,
+ .misc_flags = OXYGEN_MISC_MIDI,
+- .function_flags = OXYGEN_FUNCTION_SPI |
+- OXYGEN_FUNCTION_ENABLE_SPI_4_5,
+- .dac_i2s_format = OXYGEN_I2S_FORMAT_LJUST,
++ .function_flags = OXYGEN_FUNCTION_SPI,
++ .dac_i2s_format = OXYGEN_I2S_FORMAT_I2S,
+ .adc_i2s_format = OXYGEN_I2S_FORMAT_LJUST,
+ },
+ [MODEL_D1] = {
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:23 2009
+Message-Id: <20090131023623.154023784@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:41 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Larry Finger <Larry.Finger@lwfinger.net>,
+ "John W. Linville" <linville@tuxdriver.com>
+Subject: [patch 30/32] rtl8187: Fix error in setting OFDM power settings for RTL8187L
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=rtl8187-fix-error-in-setting-ofdm-power-settings-for-rtl8187l.patch
+Content-Length: 1641
+Lines: 48
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Larry Finger <Larry.Finger@lwfinger.net>
+
+commit eb83bbf57429ab80f49b413e3e44d3b19c3fdc5a upstream.
+
+After reports of poor performance, a review of the latest vendor driver
+(rtl8187_linux_26.1025.0328.2007) for RTL8187L devices was undertaken.
+
+A difference was found in the code used to index the OFDM power tables. When
+the Linux driver was changed, my unit works at a much greater range than
+before. I think this fixes Bugzilla #12380 and has been tested by at least
+two other users.
+
+Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
+Tested-by: MartÃn Ernesto Barreyro <barreyromartin@gmail.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/rtl8187_rtl8225.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/wireless/rtl8187_rtl8225.c
++++ b/drivers/net/wireless/rtl8187_rtl8225.c
+@@ -287,7 +287,10 @@ static void rtl8225_rf_set_tx_power(stru
+ ofdm_power = priv->channels[channel - 1].hw_value >> 4;
+
+ cck_power = min(cck_power, (u8)11);
+- ofdm_power = min(ofdm_power, (u8)35);
++ if (ofdm_power > (u8)15)
++ ofdm_power = 25;
++ else
++ ofdm_power += 10;
+
+ rtl818x_iowrite8(priv, &priv->map->TX_GAIN_CCK,
+ rtl8225_tx_gain_cck_ofdm[cck_power / 6] >> 1);
+@@ -540,7 +543,10 @@ static void rtl8225z2_rf_set_tx_power(st
+ cck_power += priv->txpwr_base & 0xF;
+ cck_power = min(cck_power, (u8)35);
+
+- ofdm_power = min(ofdm_power, (u8)15);
++ if (ofdm_power > (u8)15)
++ ofdm_power = 25;
++ else
++ ofdm_power += 10;
+ ofdm_power += priv->txpwr_base >> 4;
+ ofdm_power = min(ofdm_power, (u8)35);
+
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:23 2009
+Message-Id: <20090131023623.275464715@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:42 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Jiri Slaby <jirislaby@gmail.com>,
+ Jesse Barnes <jbarnes@virtuousgeek.org>
+Subject: [patch 31/32] PCI hotplug: fix lock imbalance in pciehp
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=pci-hotplug-fix-lock-imbalance-in-pciehp.patch
+Content-Length: 1108
+Lines: 34
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Jiri Slaby <jirislaby@gmail.com>
+
+commit c2fdd36b550659f5ac2240d1f5a83ffa1a092289 upstream.
+
+set_lock_status omits mutex_unlock in fail path. Add the omitted
+unlock.
+
+As a result a lockup caused by this can be triggered from userspace
+by writing 1 to /sys/bus/pci/slots/.../lock often enough.
+
+Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
+Reviewed-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
+Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/pci/hotplug/pciehp_core.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/pci/hotplug/pciehp_core.c
++++ b/drivers/pci/hotplug/pciehp_core.c
+@@ -126,8 +126,10 @@ static int set_lock_status(struct hotplu
+ mutex_lock(&slot->ctrl->crit_sect);
+
+ /* has it been >1 sec since our last toggle? */
+- if ((get_seconds() - slot->last_emi_toggle) < 1)
++ if ((get_seconds() - slot->last_emi_toggle) < 1) {
++ mutex_unlock(&slot->ctrl->crit_sect);
+ return -EINVAL;
++ }
+
+ /* see what our current state is */
+ retval = get_lock_status(hotplug_slot, &value);
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:23 2009
+Message-Id: <20090131023623.402414222@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:43 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Jiri Slaby <jirislaby@gmail.com>,
+ Ingo Molnar <mingo@elte.hu>
+Subject: [patch 32/32] relay: fix lock imbalance in relay_late_setup_files
+References: <20090131023411.032399235@mini.kroah.org>
+Content-Disposition: inline; filename=relay-fix-lock-imbalance-in-relay_late_setup_files.patch
+Content-Length: 820
+Lines: 31
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Jiri Slaby <jirislaby@gmail.com>
+
+commit b786c6a98ef6fa81114ba7b9fbfc0d67060775e3 upstream.
+
+One fail path in relay_late_setup_files() omits
+mutex_unlock(&relay_channels_mutex);
+Add it.
+
+Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/relay.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/kernel/relay.c
++++ b/kernel/relay.c
+@@ -664,8 +664,10 @@ int relay_late_setup_files(struct rchan
+
+ mutex_lock(&relay_channels_mutex);
+ /* Is chan already set up? */
+- if (unlikely(chan->has_base_filename))
++ if (unlikely(chan->has_base_filename)) {
++ mutex_unlock(&relay_channels_mutex);
+ return -EEXIST;
++ }
+ chan->has_base_filename = 1;
+ chan->parent = parent;
+ curr_cpu = get_cpu();
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:36:19 2009
+Message-Id: <20090131023411.032399235@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:34:11 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk
+Subject: [patch 00/32] 2.6.27-stable review
+Content-Length: 3204
+Lines: 69
+
+
+This is the start of the stable review cycle for the 2.6.27.14 release.
+There are 32 patches in this series, all will be posted as a response
+to this one. If anyone has any issues with these being applied, please
+let us know. If anyone is a maintainer of the proper subsystem, and
+wants to add a Signed-off-by: line to the patch, please respond with it.
+
+Note, there still are some more .28 patches pending for the -stable
+releases, but I wanted to get this release out now to fix the major
+problems that have recently been found.
+
+If you have sent patches to be included in .28, and you don't see them
+here, please feel free to just drop stable@kernel.org a message with the
+git commit ids to make sure they end up in the next release.
+
+These patches are sent out with a number of different people on the Cc:
+line. If you wish to be a reviewer, please email stable@kernel.org to
+add your name to the list. If you want to be off the reviewer list,
+also email us.
+
+Responses should be made by Monday, February 2, 00:00:00 UTC. Anything
+received after that time might be too late.
+
+The whole patch series can be found in one patch at:
+ kernel.org/pub/linux/kernel/v2.6/stable-review/patch-2.6.27.14-rc1.gz
+and the diffstat can be found below.
+
+thanks,
+
+greg k-h
+
+
+ Makefile | 2 +-
+ arch/alpha/kernel/irq_srm.c | 2 +
+ crypto/authenc.c | 24 ++++--
+ crypto/ccm.c | 2 +
+ drivers/ata/pata_via.c | 22 ++++-
+ drivers/ide/pci/it821x.c | 12 +++
+ drivers/misc/sgi-xp/xpc_sn2.c | 19 +++--
+ drivers/misc/sgi-xp/xpc_uv.c | 2 +-
+ drivers/net/bnx2x_main.c | 3 +
+ drivers/net/wireless/rtl8187_dev.c | 1 +
+ drivers/net/wireless/rtl8187_rtl8225.c | 10 ++-
+ drivers/pci/hotplug/pciehp_core.c | 4 +-
+ drivers/serial/8250_pci.c | 3 +
+ drivers/usb/core/devio.c | 20 +++--
+ drivers/usb/core/inode.c | 1 -
+ drivers/usb/core/usb.h | 1 -
+ drivers/usb/mon/mon_bin.c | 105 ++++++++++++++++---------
+ drivers/usb/storage/unusual_devs.h | 6 ++
+ fs/eventpoll.c | 22 +----
+ fs/ext3/namei.c | 20 ++++--
+ fs/fuse/dev.c | 3 +-
+ fs/fuse/file.c | 2 +-
+ fs/fuse/inode.c | 10 ++-
+ fs/inotify_user.c | 135 +++++++++++++++++--------------
+ fs/sysfs/bin.c | 6 ++
+ include/asm-x86/pgalloc.h | 1 +
+ include/linux/Kbuild | 1 +
+ include/linux/pci_ids.h | 6 ++
+ include/linux/sched.h | 1 -
+ kernel/relay.c | 4 +-
+ net/mac80211/tx.c | 4 +-
+ net/sunrpc/rpcb_clnt.c | 40 ++++++++--
+ sound/pci/hda/patch_conexant.c | 1 +
+ sound/pci/hda/patch_realtek.c | 1 +
+ sound/pci/hda/patch_sigmatel.c | 2 +
+ sound/pci/oxygen/virtuoso.c | 22 ++++--
+ 36 files changed, 336 insertions(+), 184 deletions(-)
+
--- /dev/null
+From gregkh@mini.kroah.org Fri Jan 30 18:29:18 2009
+Message-Id: <20090131022918.483117600@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:25:49 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Andrey Yurovsky <andrey@cozybit.com>,
+ Nick Kossifidis <mickflemm@gmail.com>,
+ "John W. Linville" <linville@tuxdriver.com>,
+ Bob Copeland <me@bobcopeland.com>
+Subject: [patch 01/43] ath5k: fix mesh point operation
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=ath5k-fix-mesh-point-operation.patch
+Content-Length: 2260
+Lines: 61
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Andrey Yurovsky <andrey@cozybit.com>
+
+commit b706e65b40417e03c2451bb3f92488f3736843fa upstream.
+
+This patch fixes mesh point operation (thanks to YanBo for pointing
+out the problem): make mesh point interfaces start beaconing when
+they come up and configure the RX filter in mesh mode so that mesh
+beacons and action frames are received. Add mesh point to the check
+in ath5k_add_interface. Tested with multiple AR5211 cards.
+
+Signed-off-by: Andrey Yurovsky <andrey@cozybit.com>
+Acked-by: Nick Kossifidis <mickflemm@gmail.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Cc: Bob Copeland <me@bobcopeland.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/ath5k/base.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/wireless/ath5k/base.c
++++ b/drivers/net/wireless/ath5k/base.c
+@@ -2157,7 +2157,8 @@ ath5k_beacon_config(struct ath5k_softc *
+
+ if (sc->opmode == NL80211_IFTYPE_STATION) {
+ sc->imask |= AR5K_INT_BMISS;
+- } else if (sc->opmode == NL80211_IFTYPE_ADHOC) {
++ } else if (sc->opmode == NL80211_IFTYPE_ADHOC ||
++ sc->opmode == NL80211_IFTYPE_MESH_POINT) {
+ /*
+ * In IBSS mode we use a self-linked tx descriptor and let the
+ * hardware send the beacons automatically. We have to load it
+@@ -2748,6 +2749,7 @@ static int ath5k_add_interface(struct ie
+ switch (conf->type) {
+ case NL80211_IFTYPE_STATION:
+ case NL80211_IFTYPE_ADHOC:
++ case NL80211_IFTYPE_MESH_POINT:
+ case NL80211_IFTYPE_MONITOR:
+ sc->opmode = conf->type;
+ break;
+@@ -2819,7 +2821,8 @@ ath5k_config_interface(struct ieee80211_
+ }
+
+ if (conf->changed & IEEE80211_IFCC_BEACON &&
+- vif->type == NL80211_IFTYPE_ADHOC) {
++ (vif->type == NL80211_IFTYPE_ADHOC ||
++ vif->type == NL80211_IFTYPE_MESH_POINT)) {
+ struct sk_buff *beacon = ieee80211_beacon_get(hw, vif);
+ if (!beacon) {
+ ret = -ENOMEM;
+@@ -2951,6 +2954,9 @@ static void ath5k_configure_filter(struc
+ sc->opmode == NL80211_IFTYPE_ADHOC) {
+ rfilt |= AR5K_RX_FILTER_BEACON;
+ }
++ if (sc->opmode == NL80211_IFTYPE_MESH_POINT)
++ rfilt |= AR5K_RX_FILTER_CONTROL | AR5K_RX_FILTER_BEACON |
++ AR5K_RX_FILTER_PROBEREQ | AR5K_RX_FILTER_PROM;
+
+ /* Set filters */
+ ath5k_hw_set_rx_filter(ah,rfilt);
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:18 2009
+Message-Id: <20090131022918.609635995@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:25:50 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Brian Cavagnolo <brian@cozybit.com>,
+ Andrey Yurovsky <andrey@cozybit.com>,
+ Johannes Berg <johannes@sipsolutions.net>,
+ "John W. Linville" <linville@tuxdriver.com>
+Subject: [patch 02/43] mac80211: decrement ref count to netdev after launching mesh discovery
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=mac80211-decrement-ref-count-to-netdev-after-launching-mesh-discovery.patch
+Content-Length: 1065
+Lines: 33
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Brian Cavagnolo <brian@cozybit.com>
+
+commit 5dc306f3bd1d4cfdf79df39221b3036eab1ddcf3 upstream.
+
+After launching mesh discovery in tx path, reference count was not being
+decremented. This was preventing module unload.
+
+Signed-off-by: Brian Cavagnolo <brian@cozybit.com>
+Signed-off-by: Andrey Yurovsky <andrey@cozybit.com>
+Acked-by: Johannes Berg <johannes@sipsolutions.net>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/mac80211/tx.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -1299,8 +1299,10 @@ int ieee80211_master_start_xmit(struct s
+ if (is_multicast_ether_addr(hdr->addr3))
+ memcpy(hdr->addr1, hdr->addr3, ETH_ALEN);
+ else
+- if (mesh_nexthop_lookup(skb, osdata))
+- return 0;
++ if (mesh_nexthop_lookup(skb, osdata)) {
++ dev_put(odev);
++ return 0;
++ }
+ if (memcmp(odev->dev_addr, hdr->addr4, ETH_ALEN) != 0)
+ IEEE80211_IFSTA_MESH_CTR_INC(&osdata->u.mesh,
+ fwded_frames);
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:18 2009
+Message-Id: <20090131022918.728813165@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:25:51 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ John McCutchan <ttb@tentacle.dhs.org>,
+ Robert Love <rlove@google.com>,
+ Vegard Nossum <vegard.nossum@gmail.com>
+Subject: [patch 03/43] inotify: clean up inotify_read and fix locking problems
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=inotify-clean-up-inotify_read-and-fix-locking-problems.patch
+Content-Length: 5426
+Lines: 221
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Vegard Nossum <vegard.nossum@gmail.com>
+
+commit 3632dee2f8b8a9720329f29eeaa4ec4669a3aff8 upstream.
+
+If userspace supplies an invalid pointer to a read() of an inotify
+instance, the inotify device's event list mutex is unlocked twice.
+This causes an unbalance which effectively leaves the data structure
+unprotected, and we can trigger oopses by accessing the inotify
+instance from different tasks concurrently.
+
+The best fix (contributed largely by Linus) is a total rewrite
+of the function in question:
+
+On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
+> The thing to notice is that:
+>
+> - locking is done in just one place, and there is no question about it
+> not having an unlock.
+>
+> - that whole double-while(1)-loop thing is gone.
+>
+> - use multiple functions to make nesting and error handling sane
+>
+> - do error testing after doing the things you always need to do, ie do
+> this:
+>
+> mutex_lock(..)
+> ret = function_call();
+> mutex_unlock(..)
+>
+> .. test ret here ..
+>
+> instead of doing conditional exits with unlocking or freeing.
+>
+> So if the code is written in this way, it may still be buggy, but at least
+> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
+> issues.
+>
+> This _always_ unlocks if it locked, and it always frees if it got a
+> non-error kevent.
+
+Cc: John McCutchan <ttb@tentacle.dhs.org>
+Cc: Robert Love <rlove@google.com>
+Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/inotify_user.c | 135 +++++++++++++++++++++++++++++-------------------------
+ 1 file changed, 74 insertions(+), 61 deletions(-)
+
+--- a/fs/inotify_user.c
++++ b/fs/inotify_user.c
+@@ -427,10 +427,61 @@ static unsigned int inotify_poll(struct
+ return ret;
+ }
+
++/*
++ * Get an inotify_kernel_event if one exists and is small
++ * enough to fit in "count". Return an error pointer if
++ * not large enough.
++ *
++ * Called with the device ev_mutex held.
++ */
++static struct inotify_kernel_event *get_one_event(struct inotify_device *dev,
++ size_t count)
++{
++ size_t event_size = sizeof(struct inotify_event);
++ struct inotify_kernel_event *kevent;
++
++ if (list_empty(&dev->events))
++ return NULL;
++
++ kevent = inotify_dev_get_event(dev);
++ if (kevent->name)
++ event_size += kevent->event.len;
++
++ if (event_size > count)
++ return ERR_PTR(-EINVAL);
++
++ remove_kevent(dev, kevent);
++ return kevent;
++}
++
++/*
++ * Copy an event to user space, returning how much we copied.
++ *
++ * We already checked that the event size is smaller than the
++ * buffer we had in "get_one_event()" above.
++ */
++static ssize_t copy_event_to_user(struct inotify_kernel_event *kevent,
++ char __user *buf)
++{
++ size_t event_size = sizeof(struct inotify_event);
++
++ if (copy_to_user(buf, &kevent->event, event_size))
++ return -EFAULT;
++
++ if (kevent->name) {
++ buf += event_size;
++
++ if (copy_to_user(buf, kevent->name, kevent->event.len))
++ return -EFAULT;
++
++ event_size += kevent->event.len;
++ }
++ return event_size;
++}
++
+ static ssize_t inotify_read(struct file *file, char __user *buf,
+ size_t count, loff_t *pos)
+ {
+- size_t event_size = sizeof (struct inotify_event);
+ struct inotify_device *dev;
+ char __user *start;
+ int ret;
+@@ -440,81 +491,43 @@ static ssize_t inotify_read(struct file
+ dev = file->private_data;
+
+ while (1) {
++ struct inotify_kernel_event *kevent;
+
+ prepare_to_wait(&dev->wq, &wait, TASK_INTERRUPTIBLE);
+
+ mutex_lock(&dev->ev_mutex);
+- if (!list_empty(&dev->events)) {
+- ret = 0;
+- break;
+- }
++ kevent = get_one_event(dev, count);
+ mutex_unlock(&dev->ev_mutex);
+
+- if (file->f_flags & O_NONBLOCK) {
+- ret = -EAGAIN;
+- break;
+- }
+-
+- if (signal_pending(current)) {
+- ret = -EINTR;
+- break;
++ if (kevent) {
++ ret = PTR_ERR(kevent);
++ if (IS_ERR(kevent))
++ break;
++ ret = copy_event_to_user(kevent, buf);
++ free_kevent(kevent);
++ if (ret < 0)
++ break;
++ buf += ret;
++ count -= ret;
++ continue;
+ }
+
+- schedule();
+- }
+-
+- finish_wait(&dev->wq, &wait);
+- if (ret)
+- return ret;
+-
+- while (1) {
+- struct inotify_kernel_event *kevent;
+-
+- ret = buf - start;
+- if (list_empty(&dev->events))
++ ret = -EAGAIN;
++ if (file->f_flags & O_NONBLOCK)
+ break;
+-
+- kevent = inotify_dev_get_event(dev);
+- if (event_size + kevent->event.len > count) {
+- if (ret == 0 && count > 0) {
+- /*
+- * could not get a single event because we
+- * didn't have enough buffer space.
+- */
+- ret = -EINVAL;
+- }
++ ret = -EINTR;
++ if (signal_pending(current))
+ break;
+- }
+- remove_kevent(dev, kevent);
+
+- /*
+- * Must perform the copy_to_user outside the mutex in order
+- * to avoid a lock order reversal with mmap_sem.
+- */
+- mutex_unlock(&dev->ev_mutex);
+-
+- if (copy_to_user(buf, &kevent->event, event_size)) {
+- ret = -EFAULT;
++ if (start != buf)
+ break;
+- }
+- buf += event_size;
+- count -= event_size;
+-
+- if (kevent->name) {
+- if (copy_to_user(buf, kevent->name, kevent->event.len)){
+- ret = -EFAULT;
+- break;
+- }
+- buf += kevent->event.len;
+- count -= kevent->event.len;
+- }
+
+- free_kevent(kevent);
+-
+- mutex_lock(&dev->ev_mutex);
++ schedule();
+ }
+- mutex_unlock(&dev->ev_mutex);
+
++ finish_wait(&dev->wq, &wait);
++ if (start != buf && ret != -EFAULT)
++ ret = buf - start;
+ return ret;
+ }
+
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:18 2009
+Message-Id: <20090131022918.848045293@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:25:52 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Miklos Szeredi <mszeredi@suse.cz>
+Subject: [patch 04/43] fuse: destroy bdi on umount
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=fuse-destroy-bdi-on-umount.patch
+Content-Length: 1657
+Lines: 55
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Miklos Szeredi <mszeredi@suse.cz>
+
+commit 26c3679101dbccc054dcf370143941844ba70531 upstream.
+
+If a fuse filesystem is unmounted but the device file descriptor
+remains open and a new mount reuses the old device number, then the
+mount fails with EEXIST and the following warning is printed in the
+kernel log:
+
+ WARNING: at fs/sysfs/dir.c:462 sysfs_add_one+0x35/0x3d()
+ sysfs: duplicate filename '0:15' can not be created
+
+The cause is that the bdi belonging to the fuse filesystem was
+destoryed only after the device file was released. Fix this by
+calling bdi_destroy() from fuse_put_super() instead.
+
+Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/fuse/dev.c | 3 ++-
+ fs/fuse/inode.c | 2 +-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+--- a/fs/fuse/dev.c
++++ b/fs/fuse/dev.c
+@@ -281,7 +281,8 @@ static void request_end(struct fuse_conn
+ fc->blocked = 0;
+ wake_up_all(&fc->blocked_waitq);
+ }
+- if (fc->num_background == FUSE_CONGESTION_THRESHOLD) {
++ if (fc->num_background == FUSE_CONGESTION_THRESHOLD &&
++ fc->connected) {
+ clear_bdi_congested(&fc->bdi, READ);
+ clear_bdi_congested(&fc->bdi, WRITE);
+ }
+--- a/fs/fuse/inode.c
++++ b/fs/fuse/inode.c
+@@ -292,6 +292,7 @@ static void fuse_put_super(struct super_
+ list_del(&fc->entry);
+ fuse_ctl_remove_conn(fc);
+ mutex_unlock(&fuse_mutex);
++ bdi_destroy(&fc->bdi);
+ fuse_conn_put(fc);
+ }
+
+@@ -531,7 +532,6 @@ void fuse_conn_put(struct fuse_conn *fc)
+ if (fc->destroy_req)
+ fuse_request_free(fc->destroy_req);
+ mutex_destroy(&fc->inst_mutex);
+- bdi_destroy(&fc->bdi);
+ kfree(fc);
+ }
+ }
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:19 2009
+Message-Id: <20090131022918.964591105@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:25:53 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Miklos Szeredi <mszeredi@suse.cz>
+Subject: [patch 05/43] fuse: fix missing fput on error
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=fuse-fix-missing-fput-on-error.patch
+Content-Length: 776
+Lines: 36
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Miklos Szeredi <mszeredi@suse.cz>
+
+commit 3ddf1e7f57237ac7c5d5bfb7058f1ea4f970b661 upstream.
+
+Fix the leaking file reference if allocation or initialization of
+fuse_conn failed.
+
+Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/fuse/inode.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/fs/fuse/inode.c
++++ b/fs/fuse/inode.c
+@@ -825,12 +825,16 @@ static int fuse_fill_super(struct super_
+ if (!file)
+ return -EINVAL;
+
+- if (file->f_op != &fuse_dev_operations)
++ if (file->f_op != &fuse_dev_operations) {
++ fput(file);
+ return -EINVAL;
++ }
+
+ fc = new_conn(sb);
+- if (!fc)
++ if (!fc) {
++ fput(file);
+ return -ENOMEM;
++ }
+
+ fc->flags = d.flags;
+ fc->user_id = d.user_id;
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:19 2009
+Message-Id: <20090131022919.088809342@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:25:54 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Dan Carpenter <error27@gmail.com>,
+ Miklos Szeredi <mszeredi@suse.cz>
+Subject: [patch 06/43] fuse: fix NULL deref in fuse_file_alloc()
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=fuse-fix-null-deref-in-fuse_file_alloc.patch
+Content-Length: 704
+Lines: 26
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Dan Carpenter <error27@gmail.com>
+
+commit bb875b38dc5e343bdb696b2eab8233e4d195e208 upstream.
+
+ff is set to NULL and then dereferenced on line 65. Compile tested only.
+
+Signed-off-by: Dan Carpenter <error27@gmail.com>
+Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/fuse/file.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/fuse/file.c
++++ b/fs/fuse/file.c
+@@ -54,7 +54,7 @@ struct fuse_file *fuse_file_alloc(void)
+ ff->reserved_req = fuse_request_alloc();
+ if (!ff->reserved_req) {
+ kfree(ff);
+- ff = NULL;
++ return NULL;
+ } else {
+ INIT_LIST_HEAD(&ff->write_entry);
+ atomic_set(&ff->count, 0);
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:19 2009
+Message-Id: <20090131022919.207456553@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:25:55 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Peter Zijlstra <a.p.zijlsta@chello.nl>,
+ Ingo Molnar <mingo@elte.hu>
+Subject: [patch 07/43] x86, mm: fix pte_free()
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=x86-mm-fix-pte_free.patch
+Content-Length: 2216
+Lines: 70
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Peter Zijlstra <peterz@infradead.org>
+
+commit 42ef73fe134732b2e91c0326df5fd568da17c4b2 upstream.
+
+On -rt we were seeing spurious bad page states like:
+
+Bad page state in process 'firefox'
+page:c1bc2380 flags:0x40000000 mapping:c1bc2390 mapcount:0 count:0
+Trying to fix it up, but a reboot is needed
+Backtrace:
+Pid: 503, comm: firefox Not tainted 2.6.26.8-rt13 #3
+[<c043d0f3>] ? printk+0x14/0x19
+[<c0272d4e>] bad_page+0x4e/0x79
+[<c0273831>] free_hot_cold_page+0x5b/0x1d3
+[<c02739f6>] free_hot_page+0xf/0x11
+[<c0273a18>] __free_pages+0x20/0x2b
+[<c027d170>] __pte_alloc+0x87/0x91
+[<c027d25e>] handle_mm_fault+0xe4/0x733
+[<c043f680>] ? rt_mutex_down_read_trylock+0x57/0x63
+[<c043f680>] ? rt_mutex_down_read_trylock+0x57/0x63
+[<c0218875>] do_page_fault+0x36f/0x88a
+
+This is the case where a concurrent fault already installed the PTE and
+we get to free the newly allocated one.
+
+This is due to pgtable_page_ctor() doing the spin_lock_init(&page->ptl)
+which is overlaid with the {private, mapping} struct.
+
+union {
+ struct {
+ unsigned long private;
+ struct address_space *mapping;
+ };
+ spinlock_t ptl;
+ struct kmem_cache *slab;
+ struct page *first_page;
+};
+
+Normally the spinlock is small enough to not stomp on page->mapping, but
+PREEMPT_RT=y has huge 'spin'locks.
+
+But lockdep kernels should also be able to trigger this splat, as the
+lock tracking code grows the spinlock to cover page->mapping.
+
+The obvious fix is calling pgtable_page_dtor() like the regular pte free
+path __pte_free_tlb() does.
+
+It seems all architectures except x86 and nm10300 already do this, and
+nm10300 doesn't seem to use pgtable_page_ctor(), which suggests it
+doesn't do SMP or simply doesnt do MMU at all or something.
+
+Signed-off-by: Peter Zijlstra <a.p.zijlsta@chello.nl>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/include/asm/pgalloc.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/x86/include/asm/pgalloc.h
++++ b/arch/x86/include/asm/pgalloc.h
+@@ -42,6 +42,7 @@ static inline void pte_free_kernel(struc
+
+ static inline void pte_free(struct mm_struct *mm, struct page *pte)
+ {
++ pgtable_page_dtor(pte);
+ __free_page(pte);
+ }
+
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:19 2009
+Message-Id: <20090131022919.331411555@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:25:56 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Bastien ROUCARIES <roucaries.bastien@gmail.com>,
+ Jesper Nilsson <jesper.nilsson@axis.com>
+Subject: [patch 08/43] klist.c: bit 0 in pointer cant be used as flag
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=klist.c-bit-0-in-pointer-can-t-be-used-as-flag.patch
+Content-Length: 2694
+Lines: 68
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Jesper Nilsson <Jesper.Nilsson@axis.com>
+
+commit c0e69a5bbc6fc74184aa043aadb9a53bc58f953b upstream.
+
+The commit a1ed5b0cffe4b16a93a6a3390e8cee0fbef94f86
+(klist: don't iterate over deleted entries) introduces use of the
+low bit in a pointer to indicate if the knode is dead or not,
+assuming that this bit is always free.
+
+This is not true for all architectures, CRIS for example may align data
+on byte borders.
+
+The result is a bunch of warnings on bootup, devices not being
+added correctly etc, reported by Hinko Kocevar <hinko.kocevar@cetrtapot.si>:
+
+------------[ cut here ]------------
+WARNING: at lib/klist.c:62 ()
+Modules linked in:
+
+Stack from c1fe1cf0:
+ c01cc7f4 c1fe1d11 c000eb4e c000e4de 00000000 00000000 c1f4f78f c1f50c2d
+ c01d008c c1fdd1a0 c1fdd1a0 c1fe1d38 c0192954 c1fe0000 00000000 c1fe1dc0
+ 00000002 7fffffff c1fe1da8 c0192d50 c1fe1dc0 00000002 7fffffff c1ff9fcc
+Call Trace: [<c000eb4e>] [<c000e4de>] [<c0192954>] [<c0192d50>] [<c001d49e>] [<c000b688>] [<c0192a3c>]
+ [<c000b63e>] [<c000b63e>] [<c001a542>] [<c00b55b0>] [<c00411c0>] [<c00b559c>] [<c01918e6>] [<c0191988>]
+ [<c01919d0>] [<c00cd9c8>] [<c00cdd6a>] [<c0034178>] [<c000409a>] [<c0015576>] [<c0029130>] [<c0029078>]
+ [<c0029170>] [<c0012336>] [<c00b4076>] [<c00b4770>] [<c006d6e4>] [<c006d974>] [<c006dca0>] [<c0028d6c>]
+ [<c0028e12>] [<c0006424>] <4>---[ end trace 4eaa2a86a8e2da22 ]---
+------------[ cut here ]------------
+Repeat ad nauseam.
+
+Wed, Jan 14, 2009 at 12:11:32AM +0100, Bastien ROUCARIES wrote:
+> Perhaps using a pointerhackalign trick on this structure where
+> #define pointerhackalign(x) __attribute__ ((aligned (x)))
+> and declare
+> struct klist_node {
+> ...
+> } pointerhackalign(2);
+>
+> Because __attribute__ ((aligned (x))) could only increase alignment
+> it will safe to do that and serve as documentation purpose :)
+
+That works, but we need to do it not for the struct klist_node,
+but for the struct we insert into the void * in klist_node,
+which is struct klist.
+
+Reported-by: Hinko Kocevar <hinko.kocevar@cetrtapot.si
+Cc: Bastien ROUCARIES <roucaries.bastien@gmail.com>
+Signed-off-by: Jesper Nilsson <jesper.nilsson@axis.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/linux/klist.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/linux/klist.h
++++ b/include/linux/klist.h
+@@ -23,7 +23,7 @@ struct klist {
+ struct list_head k_list;
+ void (*get)(struct klist_node *);
+ void (*put)(struct klist_node *);
+-};
++} __attribute__ ((aligned (4)));
+
+ #define KLIST_INIT(_name, _get, _put) \
+ { .k_lock = __SPIN_LOCK_UNLOCKED(_name.k_lock), \
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:19 2009
+Message-Id: <20090131022919.454787841@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:25:57 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk
+Subject: [patch 09/43] sysfs: fix problems with binary files
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=sysfs-fix-problems-with-binary-files.patch
+Content-Length: 925
+Lines: 40
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Greg Kroah-Hartman <gregkh@suse.de>
+
+commit 4503efd0891c40e30928afb4b23dc3f99c62a6b2 upstream.
+
+Some sysfs binary files don't like having 0 passed to them as a size.
+Fix this up at the root by just returning to the vfs if userspace asks
+us for a zero sized buffer.
+
+Thanks to Pavel Roskin for pointing this out.
+
+Reported-by: Pavel Roskin <proski@gnu.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/sysfs/bin.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/fs/sysfs/bin.c
++++ b/fs/sysfs/bin.c
+@@ -63,6 +63,9 @@ read(struct file *file, char __user *use
+ int count = min_t(size_t, bytes, PAGE_SIZE);
+ char *temp;
+
++ if (!bytes)
++ return 0;
++
+ if (size) {
+ if (offs > size)
+ return 0;
+@@ -131,6 +134,9 @@ static ssize_t write(struct file *file,
+ int count = min_t(size_t, bytes, PAGE_SIZE);
+ char *temp;
+
++ if (!bytes)
++ return 0;
++
+ if (size) {
+ if (offs > size)
+ return 0;
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:19 2009
+Message-Id: <20090131022919.575425732@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:25:58 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Suresh Siddha <suresh.b.siddha@intel.com>,
+ Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>,
+ Ingo Molnar <mingo@elte.hu>
+Subject: [patch 10/43] x86: fix page attribute corruption with cpa()
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=x86-fix-page-attribute-corruption-with-cpa.patch
+Content-Length: 4163
+Lines: 127
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Suresh Siddha <suresh.b.siddha@intel.com>
+
+commit a1e46212a410793d575718818e81ddc442a65283 upstream.
+
+Impact: fix sporadic slowdowns and warning messages
+
+This patch fixes a performance issue reported by Linus on his
+Nehalem system. While Linus reverted the PAT patch (commit
+58dab916dfb57328d50deb0aa9b3fc92efa248ff) which exposed the issue,
+existing cpa() code can potentially still cause wrong(page attribute
+corruption) behavior.
+
+This patch also fixes the "WARNING: at arch/x86/mm/pageattr.c:560" that
+various people reported.
+
+In 64bit kernel, kernel identity mapping might have holes depending
+on the available memory and how e820 reports the address range
+covering the RAM, ACPI, PCI reserved regions. If there is a 2MB/1GB hole
+in the address range that is not listed by e820 entries, kernel identity
+mapping will have a corresponding hole in its 1-1 identity mapping.
+
+If cpa() happens on the kernel identity mapping which falls into these holes,
+existing code fails like this:
+
+ __change_page_attr_set_clr()
+ __change_page_attr()
+ returns 0 because of if (!kpte). But doesn't
+ set cpa->numpages and cpa->pfn.
+ cpa_process_alias()
+ uses uninitialized cpa->pfn (random value)
+ which can potentially lead to changing the page
+ attribute of kernel text/data, kernel identity
+ mapping of RAM pages etc. oops!
+
+This bug was easily exposed by another PAT patch which was doing
+cpa() more often on kernel identity mapping holes (physical range between
+max_low_pfn_mapped and 4GB), where in here it was setting the
+cache disable attribute(PCD) for kernel identity mappings aswell.
+
+Fix cpa() to handle the kernel identity mapping holes. Retain
+the WARN() for cpa() calls to other not present address ranges
+(kernel-text/data, ioremap() addresses)
+
+Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
+Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/mm/pageattr.c | 49 ++++++++++++++++++++++++++++++++++---------------
+ 1 file changed, 34 insertions(+), 15 deletions(-)
+
+--- a/arch/x86/mm/pageattr.c
++++ b/arch/x86/mm/pageattr.c
+@@ -534,6 +534,36 @@ out_unlock:
+ return 0;
+ }
+
++static int __cpa_process_fault(struct cpa_data *cpa, unsigned long vaddr,
++ int primary)
++{
++ /*
++ * Ignore all non primary paths.
++ */
++ if (!primary)
++ return 0;
++
++ /*
++ * Ignore the NULL PTE for kernel identity mapping, as it is expected
++ * to have holes.
++ * Also set numpages to '1' indicating that we processed cpa req for
++ * one virtual address page and its pfn. TBD: numpages can be set based
++ * on the initial value and the level returned by lookup_address().
++ */
++ if (within(vaddr, PAGE_OFFSET,
++ PAGE_OFFSET + (max_pfn_mapped << PAGE_SHIFT))) {
++ cpa->numpages = 1;
++ cpa->pfn = __pa(vaddr) >> PAGE_SHIFT;
++ return 0;
++ } else {
++ WARN(1, KERN_WARNING "CPA: called for zero pte. "
++ "vaddr = %lx cpa->vaddr = %lx\n", vaddr,
++ *cpa->vaddr);
++
++ return -EFAULT;
++ }
++}
++
+ static int __change_page_attr(struct cpa_data *cpa, int primary)
+ {
+ unsigned long address;
+@@ -549,17 +579,11 @@ static int __change_page_attr(struct cpa
+ repeat:
+ kpte = lookup_address(address, &level);
+ if (!kpte)
+- return 0;
++ return __cpa_process_fault(cpa, address, primary);
+
+ old_pte = *kpte;
+- if (!pte_val(old_pte)) {
+- if (!primary)
+- return 0;
+- WARN(1, KERN_WARNING "CPA: called for zero pte. "
+- "vaddr = %lx cpa->vaddr = %lx\n", address,
+- *cpa->vaddr);
+- return -EINVAL;
+- }
++ if (!pte_val(old_pte))
++ return __cpa_process_fault(cpa, address, primary);
+
+ if (level == PG_LEVEL_4K) {
+ pte_t new_pte;
+@@ -657,12 +681,7 @@ static int cpa_process_alias(struct cpa_
+ vaddr = *cpa->vaddr;
+
+ if (!(within(vaddr, PAGE_OFFSET,
+- PAGE_OFFSET + (max_low_pfn_mapped << PAGE_SHIFT))
+-#ifdef CONFIG_X86_64
+- || within(vaddr, PAGE_OFFSET + (1UL<<32),
+- PAGE_OFFSET + (max_pfn_mapped << PAGE_SHIFT))
+-#endif
+- )) {
++ PAGE_OFFSET + (max_pfn_mapped << PAGE_SHIFT)))) {
+
+ alias_cpa = *cpa;
+ temp_cpa_vaddr = (unsigned long) __va(cpa->pfn << PAGE_SHIFT);
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:19 2009
+Message-Id: <20090131022919.700083902@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:25:59 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Alan Stern <stern@rowland.harvard.edu>
+Subject: [patch 11/43] USB: fix toggle mismatch in disable_endpoint paths
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=usb-fix-toggle-mismatch-in-disable_endpoint-paths.patch
+Content-Length: 6434
+Lines: 175
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Alan Stern <stern@rowland.harvard.edu>
+
+commit ddeac4e75f2527a340f9dc655bde49bb2429b39b upstream.
+
+This patch (as1200) finishes some fixes that were left incomplete by
+an earlier patch.
+
+Although nobody has addressed this issue in the past, it turns out
+that we need to distinguish between two different modes of disabling
+and enabling endpoints. In one mode only the data structures in
+usbcore are affected, and in the other mode the host controller and
+device hardware states are affected as well.
+
+The earlier patch added an extra argument to the routines in the
+enable_endpoint pathways to reflect this difference. This patch adds
+corresponding arguments to the disable_endpoint pathways. Without
+this change, the endpoint toggle state can get out of sync between
+the host and the device. The exact mechanism depends on the details
+of the host controller (whether or not it stores its own copy of the
+toggle values).
+
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+Reported-by: Dan Streetman <ddstreet@ieee.org>
+Tested-by: Dan Streetman <ddstreet@ieee.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/core/driver.c | 2 +-
+ drivers/usb/core/hub.c | 4 ++--
+ drivers/usb/core/message.c | 40 ++++++++++++++++++++++++----------------
+ drivers/usb/core/usb.h | 5 +++--
+ 4 files changed, 30 insertions(+), 21 deletions(-)
+
+--- a/drivers/usb/core/driver.c
++++ b/drivers/usb/core/driver.c
+@@ -269,7 +269,7 @@ static int usb_unbind_interface(struct d
+ * supports "soft" unbinding.
+ */
+ if (!driver->soft_unbind)
+- usb_disable_interface(udev, intf);
++ usb_disable_interface(udev, intf, false);
+
+ driver->disconnect(intf);
+
+--- a/drivers/usb/core/hub.c
++++ b/drivers/usb/core/hub.c
+@@ -2383,8 +2383,8 @@ static int hub_port_debounce(struct usb_
+
+ void usb_ep0_reinit(struct usb_device *udev)
+ {
+- usb_disable_endpoint(udev, 0 + USB_DIR_IN);
+- usb_disable_endpoint(udev, 0 + USB_DIR_OUT);
++ usb_disable_endpoint(udev, 0 + USB_DIR_IN, true);
++ usb_disable_endpoint(udev, 0 + USB_DIR_OUT, true);
+ usb_enable_endpoint(udev, &udev->ep0, true);
+ }
+ EXPORT_SYMBOL_GPL(usb_ep0_reinit);
+--- a/drivers/usb/core/message.c
++++ b/drivers/usb/core/message.c
+@@ -1009,14 +1009,15 @@ EXPORT_SYMBOL_GPL(usb_clear_halt);
+ * @dev: the device whose endpoint is being disabled
+ * @epaddr: the endpoint's address. Endpoint number for output,
+ * endpoint number + USB_DIR_IN for input
++ * @reset_hardware: flag to erase any endpoint state stored in the
++ * controller hardware
+ *
+- * Deallocates hcd/hardware state for this endpoint ... and nukes all
+- * pending urbs.
+- *
+- * If the HCD hasn't registered a disable() function, this sets the
+- * endpoint's maxpacket size to 0 to prevent further submissions.
++ * Disables the endpoint for URB submission and nukes all pending URBs.
++ * If @reset_hardware is set then also deallocates hcd/hardware state
++ * for the endpoint.
+ */
+-void usb_disable_endpoint(struct usb_device *dev, unsigned int epaddr)
++void usb_disable_endpoint(struct usb_device *dev, unsigned int epaddr,
++ bool reset_hardware)
+ {
+ unsigned int epnum = epaddr & USB_ENDPOINT_NUMBER_MASK;
+ struct usb_host_endpoint *ep;
+@@ -1026,15 +1027,18 @@ void usb_disable_endpoint(struct usb_dev
+
+ if (usb_endpoint_out(epaddr)) {
+ ep = dev->ep_out[epnum];
+- dev->ep_out[epnum] = NULL;
++ if (reset_hardware)
++ dev->ep_out[epnum] = NULL;
+ } else {
+ ep = dev->ep_in[epnum];
+- dev->ep_in[epnum] = NULL;
++ if (reset_hardware)
++ dev->ep_in[epnum] = NULL;
+ }
+ if (ep) {
+ ep->enabled = 0;
+ usb_hcd_flush_endpoint(dev, ep);
+- usb_hcd_disable_endpoint(dev, ep);
++ if (reset_hardware)
++ usb_hcd_disable_endpoint(dev, ep);
+ }
+ }
+
+@@ -1042,17 +1046,21 @@ void usb_disable_endpoint(struct usb_dev
+ * usb_disable_interface -- Disable all endpoints for an interface
+ * @dev: the device whose interface is being disabled
+ * @intf: pointer to the interface descriptor
++ * @reset_hardware: flag to erase any endpoint state stored in the
++ * controller hardware
+ *
+ * Disables all the endpoints for the interface's current altsetting.
+ */
+-void usb_disable_interface(struct usb_device *dev, struct usb_interface *intf)
++void usb_disable_interface(struct usb_device *dev, struct usb_interface *intf,
++ bool reset_hardware)
+ {
+ struct usb_host_interface *alt = intf->cur_altsetting;
+ int i;
+
+ for (i = 0; i < alt->desc.bNumEndpoints; ++i) {
+ usb_disable_endpoint(dev,
+- alt->endpoint[i].desc.bEndpointAddress);
++ alt->endpoint[i].desc.bEndpointAddress,
++ reset_hardware);
+ }
+ }
+
+@@ -1073,8 +1081,8 @@ void usb_disable_device(struct usb_devic
+ dev_dbg(&dev->dev, "%s nuking %s URBs\n", __func__,
+ skip_ep0 ? "non-ep0" : "all");
+ for (i = skip_ep0; i < 16; ++i) {
+- usb_disable_endpoint(dev, i);
+- usb_disable_endpoint(dev, i + USB_DIR_IN);
++ usb_disable_endpoint(dev, i, true);
++ usb_disable_endpoint(dev, i + USB_DIR_IN, true);
+ }
+ dev->toggle[0] = dev->toggle[1] = 0;
+
+@@ -1242,7 +1250,7 @@ int usb_set_interface(struct usb_device
+ /* prevent submissions using previous endpoint settings */
+ if (iface->cur_altsetting != alt)
+ usb_remove_sysfs_intf_files(iface);
+- usb_disable_interface(dev, iface);
++ usb_disable_interface(dev, iface, true);
+
+ iface->cur_altsetting = alt;
+
+@@ -1320,8 +1328,8 @@ int usb_reset_configuration(struct usb_d
+ */
+
+ for (i = 1; i < 16; ++i) {
+- usb_disable_endpoint(dev, i);
+- usb_disable_endpoint(dev, i + USB_DIR_IN);
++ usb_disable_endpoint(dev, i, true);
++ usb_disable_endpoint(dev, i + USB_DIR_IN, true);
+ }
+
+ config = dev->actconfig;
+--- a/drivers/usb/core/usb.h
++++ b/drivers/usb/core/usb.h
+@@ -13,9 +13,10 @@ extern void usb_enable_endpoint(struct u
+ struct usb_host_endpoint *ep, bool reset_toggle);
+ extern void usb_enable_interface(struct usb_device *dev,
+ struct usb_interface *intf, bool reset_toggles);
+-extern void usb_disable_endpoint(struct usb_device *dev, unsigned int epaddr);
++extern void usb_disable_endpoint(struct usb_device *dev, unsigned int epaddr,
++ bool reset_hardware);
+ extern void usb_disable_interface(struct usb_device *dev,
+- struct usb_interface *intf);
++ struct usb_interface *intf, bool reset_hardware);
+ extern void usb_release_interface_cache(struct kref *ref);
+ extern void usb_disable_device(struct usb_device *dev, int skip_ep0);
+ extern int usb_deauthorize_device(struct usb_device *);
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:19 2009
+Message-Id: <20090131022919.827332967@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:00 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Clemens Ladisch <clemens@ladisch.de>,
+ Takashi Iwai <tiwai@suse.de>
+Subject: [patch 12/43] sound: virtuoso: enable UART on Xonar HDAV1.3
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=sound-virtuoso-enable-uart-on-xonar-hdav1.3.patch
+Content-Length: 785
+Lines: 26
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Clemens Ladisch <clemens@ladisch.de>
+
+commit 22c733788bbd4b75c00279119a83da5cd74b987a upstream.
+
+This hardware has a better chance of working correctly if we don't
+forget to enable it.
+
+Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ sound/pci/oxygen/virtuoso.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/oxygen/virtuoso.c
++++ b/sound/pci/oxygen/virtuoso.c
+@@ -908,6 +908,7 @@ static const struct oxygen_model model_x
+ .dac_channels = 8,
+ .dac_volume_min = 0x0f,
+ .dac_volume_max = 0xff,
++ .misc_flags = OXYGEN_MISC_MIDI,
+ .function_flags = OXYGEN_FUNCTION_2WIRE,
+ .dac_i2s_format = OXYGEN_I2S_FORMAT_LJUST,
+ .adc_i2s_format = OXYGEN_I2S_FORMAT_LJUST,
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:20 2009
+Message-Id: <20090131022919.950386375@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:01 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Pete Zaitcev <zaitcev@redhat.com>
+Subject: [patch 13/43] USB: usbmon: Implement compat_ioctl
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=usb-usbmon-implement-compat_ioctl.patch
+Content-Length: 4268
+Lines: 171
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Pete Zaitcev <zaitcev@redhat.com>
+
+commit 7abce6bedc118eb39fe177c2c26be5d008505c14 upstream.
+
+Running a 32-bit usbmon(8) on 2.6.28-rc9 produces the following:
+ioctl32(usbmon:28563): Unknown cmd fd(3) cmd(400c9206){t:ffffff92;sz:12} arg(ffd3f458) on /dev/usbmon0
+
+It happens because the compatibility mode was implemented for 2.6.18
+and not updated for the fsops.compat_ioctl API.
+
+This patch relocates the pieces from under #ifdef CONFIG_COMPAT into
+compat_ioctl with no other changes except one new whitespace.
+
+Signed-off-by: Pete Zaitcev <zaitcev@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/mon/mon_bin.c | 105 ++++++++++++++++++++++++++++------------------
+ 1 file changed, 66 insertions(+), 39 deletions(-)
+
+--- a/drivers/usb/mon/mon_bin.c
++++ b/drivers/usb/mon/mon_bin.c
+@@ -37,6 +37,7 @@
+ #define MON_IOCX_GET _IOW(MON_IOC_MAGIC, 6, struct mon_bin_get)
+ #define MON_IOCX_MFETCH _IOWR(MON_IOC_MAGIC, 7, struct mon_bin_mfetch)
+ #define MON_IOCH_MFLUSH _IO(MON_IOC_MAGIC, 8)
++
+ #ifdef CONFIG_COMPAT
+ #define MON_IOCX_GET32 _IOW(MON_IOC_MAGIC, 6, struct mon_bin_get32)
+ #define MON_IOCX_MFETCH32 _IOWR(MON_IOC_MAGIC, 7, struct mon_bin_mfetch32)
+@@ -921,21 +922,6 @@ static int mon_bin_ioctl(struct inode *i
+ }
+ break;
+
+-#ifdef CONFIG_COMPAT
+- case MON_IOCX_GET32: {
+- struct mon_bin_get32 getb;
+-
+- if (copy_from_user(&getb, (void __user *)arg,
+- sizeof(struct mon_bin_get32)))
+- return -EFAULT;
+-
+- ret = mon_bin_get_event(file, rp,
+- compat_ptr(getb.hdr32), compat_ptr(getb.data32),
+- getb.alloc32);
+- }
+- break;
+-#endif
+-
+ case MON_IOCX_MFETCH:
+ {
+ struct mon_bin_mfetch mfetch;
+@@ -962,7 +948,57 @@ static int mon_bin_ioctl(struct inode *i
+ }
+ break;
+
++ case MON_IOCG_STATS: {
++ struct mon_bin_stats __user *sp;
++ unsigned int nevents;
++ unsigned int ndropped;
++
++ spin_lock_irqsave(&rp->b_lock, flags);
++ ndropped = rp->cnt_lost;
++ rp->cnt_lost = 0;
++ spin_unlock_irqrestore(&rp->b_lock, flags);
++ nevents = mon_bin_queued(rp);
++
++ sp = (struct mon_bin_stats __user *)arg;
++ if (put_user(rp->cnt_lost, &sp->dropped))
++ return -EFAULT;
++ if (put_user(nevents, &sp->queued))
++ return -EFAULT;
++
++ }
++ break;
++
++ default:
++ return -ENOTTY;
++ }
++
++ return ret;
++}
++
+ #ifdef CONFIG_COMPAT
++static long mon_bin_compat_ioctl(struct file *file,
++ unsigned int cmd, unsigned long arg)
++{
++ struct mon_reader_bin *rp = file->private_data;
++ int ret;
++
++ switch (cmd) {
++
++ case MON_IOCX_GET32: {
++ struct mon_bin_get32 getb;
++
++ if (copy_from_user(&getb, (void __user *)arg,
++ sizeof(struct mon_bin_get32)))
++ return -EFAULT;
++
++ ret = mon_bin_get_event(file, rp,
++ compat_ptr(getb.hdr32), compat_ptr(getb.data32),
++ getb.alloc32);
++ if (ret < 0)
++ return ret;
++ }
++ return 0;
++
+ case MON_IOCX_MFETCH32:
+ {
+ struct mon_bin_mfetch32 mfetch;
+@@ -986,37 +1022,25 @@ static int mon_bin_ioctl(struct inode *i
+ return ret;
+ if (put_user(ret, &uptr->nfetch32))
+ return -EFAULT;
+- ret = 0;
+ }
+- break;
+-#endif
+-
+- case MON_IOCG_STATS: {
+- struct mon_bin_stats __user *sp;
+- unsigned int nevents;
+- unsigned int ndropped;
+-
+- spin_lock_irqsave(&rp->b_lock, flags);
+- ndropped = rp->cnt_lost;
+- rp->cnt_lost = 0;
+- spin_unlock_irqrestore(&rp->b_lock, flags);
+- nevents = mon_bin_queued(rp);
++ return 0;
+
+- sp = (struct mon_bin_stats __user *)arg;
+- if (put_user(rp->cnt_lost, &sp->dropped))
+- return -EFAULT;
+- if (put_user(nevents, &sp->queued))
+- return -EFAULT;
++ case MON_IOCG_STATS:
++ return mon_bin_ioctl(NULL, file, cmd,
++ (unsigned long) compat_ptr(arg));
+
+- }
+- break;
++ case MON_IOCQ_URB_LEN:
++ case MON_IOCQ_RING_SIZE:
++ case MON_IOCT_RING_SIZE:
++ case MON_IOCH_MFLUSH:
++ return mon_bin_ioctl(NULL, file, cmd, arg);
+
+ default:
+- return -ENOTTY;
++ ;
+ }
+-
+- return ret;
++ return -ENOTTY;
+ }
++#endif /* CONFIG_COMPAT */
+
+ static unsigned int
+ mon_bin_poll(struct file *file, struct poll_table_struct *wait)
+@@ -1094,6 +1118,9 @@ static const struct file_operations mon_
+ /* .write = mon_text_write, */
+ .poll = mon_bin_poll,
+ .ioctl = mon_bin_ioctl,
++#ifdef CONFIG_COMPAT
++ .compat_ioctl = mon_bin_compat_ioctl,
++#endif
+ .release = mon_bin_release,
+ .mmap = mon_bin_mmap,
+ };
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:20 2009
+Message-Id: <20090131022920.071727077@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:02 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Alan Stern <stern@rowland.harvard.edu>
+Subject: [patch 14/43] USB: fix char-device disconnect handling
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=usb-fix-char-device-disconnect-handling.patch
+Content-Length: 3675
+Lines: 120
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Alan Stern <stern@rowland.harvard.edu>
+
+commit 501950d846218ed80a776d2aae5aed9c8b92e778 upstream.
+
+This patch (as1198) fixes a conceptual bug: Somewhere along the line
+we managed to confuse USB class devices with USB char devices. As a
+result, the code to send a disconnect signal to userspace would not be
+built if both CONFIG_USB_DEVICE_CLASS and CONFIG_USB_DEVICEFS were
+disabled.
+
+The usb_fs_classdev_common_remove() routine has been renamed to
+usbdev_remove() and it is now called whenever any USB device is
+removed, not just when a class device is unregistered. The notifier
+registration and unregistration calls are no longer conditionally
+compiled. And since the common removal code will always be called as
+part of the char device interface, there's no need to call it again as
+part of the usbfs interface; thus the invocation of
+usb_fs_classdev_common_remove() has been taken out of
+usbfs_remove_device().
+
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+Reported-by: Alon Bar-Lev <alon.barlev@gmail.com>
+Tested-by: Alon Bar-Lev <alon.barlev@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/core/devio.c | 20 ++++++++++++--------
+ drivers/usb/core/inode.c | 1 -
+ drivers/usb/core/usb.h | 1 -
+ 3 files changed, 12 insertions(+), 10 deletions(-)
+
+--- a/drivers/usb/core/devio.c
++++ b/drivers/usb/core/devio.c
+@@ -1703,7 +1703,7 @@ const struct file_operations usbdev_file
+ .release = usbdev_release,
+ };
+
+-void usb_fs_classdev_common_remove(struct usb_device *udev)
++static void usbdev_remove(struct usb_device *udev)
+ {
+ struct dev_state *ps;
+ struct siginfo sinfo;
+@@ -1745,10 +1745,15 @@ static void usb_classdev_remove(struct u
+ {
+ if (dev->usb_classdev)
+ device_unregister(dev->usb_classdev);
+- usb_fs_classdev_common_remove(dev);
+ }
+
+-static int usb_classdev_notify(struct notifier_block *self,
++#else
++#define usb_classdev_add(dev) 0
++#define usb_classdev_remove(dev) do {} while (0)
++
++#endif
++
++static int usbdev_notify(struct notifier_block *self,
+ unsigned long action, void *dev)
+ {
+ switch (action) {
+@@ -1758,15 +1763,15 @@ static int usb_classdev_notify(struct no
+ break;
+ case USB_DEVICE_REMOVE:
+ usb_classdev_remove(dev);
++ usbdev_remove(dev);
+ break;
+ }
+ return NOTIFY_OK;
+ }
+
+ static struct notifier_block usbdev_nb = {
+- .notifier_call = usb_classdev_notify,
++ .notifier_call = usbdev_notify,
+ };
+-#endif
+
+ static struct cdev usb_device_cdev;
+
+@@ -1801,9 +1806,8 @@ int __init usb_devio_init(void)
+ * to /sys/dev
+ */
+ usb_classdev_class->dev_kobj = NULL;
+-
+- usb_register_notify(&usbdev_nb);
+ #endif
++ usb_register_notify(&usbdev_nb);
+ out:
+ return retval;
+
+@@ -1814,8 +1818,8 @@ error_cdev:
+
+ void usb_devio_cleanup(void)
+ {
+-#ifdef CONFIG_USB_DEVICE_CLASS
+ usb_unregister_notify(&usbdev_nb);
++#ifdef CONFIG_USB_DEVICE_CLASS
+ class_destroy(usb_classdev_class);
+ #endif
+ cdev_del(&usb_device_cdev);
+--- a/drivers/usb/core/inode.c
++++ b/drivers/usb/core/inode.c
+@@ -718,7 +718,6 @@ static void usbfs_remove_device(struct u
+ fs_remove_file (dev->usbfs_dentry);
+ dev->usbfs_dentry = NULL;
+ }
+- usb_fs_classdev_common_remove(dev);
+ }
+
+ static int usbfs_notify(struct notifier_block *self, unsigned long action, void *dev)
+--- a/drivers/usb/core/usb.h
++++ b/drivers/usb/core/usb.h
+@@ -148,7 +148,6 @@ extern struct usb_driver usbfs_driver;
+ extern const struct file_operations usbfs_devices_fops;
+ extern const struct file_operations usbdev_file_operations;
+ extern void usbfs_conn_disc_event(void);
+-extern void usb_fs_classdev_common_remove(struct usb_device *udev);
+
+ extern int usb_devio_init(void);
+ extern void usb_devio_cleanup(void);
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:20 2009
+Message-Id: <20090131022920.196458229@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:03 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Oliver Neukum <oneukum@suse.de>
+Subject: [patch 15/43] USB: storage: add unusual devs entry
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=usb-storage-add-unusual-devs-entry.patch
+Content-Length: 786
+Lines: 29
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Oliver Neukum <oliver@neukum.org>
+
+commit b90de8aea36ae6fe8050a6e91b031369c4f251b2 upstream.
+
+This adds an unusual devs entry for 2116:0320
+
+Signed-off-by: Oliver Neukum <oneukum@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/storage/unusual_devs.h | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/usb/storage/unusual_devs.h
++++ b/drivers/usb/storage/unusual_devs.h
+@@ -1970,6 +1970,12 @@ UNUSUAL_DEV( 0x19d2, 0x2000, 0x0000, 0x
+ US_SC_DEVICE, US_PR_DEVICE, NULL,
+ US_FL_IGNORE_DEVICE),
+
++UNUSUAL_DEV( 0x2116, 0x0320, 0x0001, 0x0001,
++ "ST",
++ "2A",
++ US_SC_DEVICE, US_PR_DEVICE, NULL,
++ US_FL_FIX_CAPACITY),
++
+ /* patch submitted by Davide Perini <perini.davide@dpsoftware.org>
+ * and Renato Perini <rperini@email.it>
+ */
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:20 2009
+Message-Id: <20090131022920.319948928@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:04 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Ivan Kokshaysky <ink@jurassic.park.msu.ru>,
+ Richard Henderson <rth@twiddle.net>,
+ Tobias Klausmann <klausman@schwarzvogel.de>
+Subject: [patch 16/43] alpha: nautilus - fix compile failure with gcc-4.3
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=alpha-nautilus-fix-compile-failure-with-gcc-4.3.patch
+Content-Length: 1211
+Lines: 38
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
+
+commit 70b66cbfd3316b792a855cb9a2574e85f1a63d0f upstream.
+
+init_srm_irq() deals with irq's #16 and above, but size of irq_desc
+array on nautilus and some other system types is 16. So gcc-4.3
+complains that "array subscript is above array bounds", even though
+this function is never called on those systems.
+
+This adds a check for NR_IRQS <= 16, which effectively optimizes
+init_srm_irq() code away on problematic platforms.
+
+Thanks to Daniel Drake <dsd@gentoo.org> for detailed analysis
+of the problem.
+
+Signed-off-by: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
+Cc: Richard Henderson <rth@twiddle.net>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Tobias Klausmann <klausman@schwarzvogel.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/alpha/kernel/irq_srm.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/alpha/kernel/irq_srm.c
++++ b/arch/alpha/kernel/irq_srm.c
+@@ -63,6 +63,8 @@ init_srm_irqs(long max, unsigned long ig
+ {
+ long i;
+
++ if (NR_IRQS <= 16)
++ return;
+ for (i = 16; i < max; ++i) {
+ if (i < 64 && ((ignore_mask >> i) & 1))
+ continue;
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:20 2009
+Message-Id: <20090131022920.444236711@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:05 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Ivan Kokshaysky <ink@jurassic.park.msu.ru>,
+ Nick Piggin <npiggin@suse.de>,
+ Johannes Weiner <hannes@cmpxchg.org>,
+ Richard Henderson <rth@twiddle.net>
+Subject: [patch 17/43] alpha: fix vmalloc breakage
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=alpha-fix-vmalloc-breakage.patch
+Content-Length: 1922
+Lines: 64
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
+
+commit 822c18f2e38cbc775792ab65ace4f9198678dec9 upstream.
+
+On alpha, we have to map some stuff in the VMALLOC space very early in the
+boot process (to make SRM console callbacks work and so on, see
+arch/alpha/mm/init.c). For old VM allocator, we just manually placed a
+vm_struct onto the global vmlist and this worked for ages.
+
+Unfortunately, the new allocator isn't aware of this, so it constantly
+tries to allocate the VM space which is already in use, making vmalloc on
+alpha defunct.
+
+This patch forces KVA to import vmlist entries on init.
+
+[akpm@linux-foundation.org: remove unneeded check (per Johannes)]
+Signed-off-by: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
+Cc: Nick Piggin <npiggin@suse.de>
+Cc: Johannes Weiner <hannes@cmpxchg.org>
+Cc: Richard Henderson <rth@twiddle.net>
+Cc: Johannes Weiner <hannes@cmpxchg.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ mm/vmalloc.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+--- a/mm/vmalloc.c
++++ b/mm/vmalloc.c
+@@ -23,6 +23,7 @@
+ #include <linux/rbtree.h>
+ #include <linux/radix-tree.h>
+ #include <linux/rcupdate.h>
++#include <linux/bootmem.h>
+
+ #include <asm/atomic.h>
+ #include <asm/uaccess.h>
+@@ -960,6 +961,8 @@ EXPORT_SYMBOL(vm_map_ram);
+
+ void __init vmalloc_init(void)
+ {
++ struct vmap_area *va;
++ struct vm_struct *tmp;
+ int i;
+
+ for_each_possible_cpu(i) {
+@@ -972,6 +975,14 @@ void __init vmalloc_init(void)
+ vbq->nr_dirty = 0;
+ }
+
++ /* Import existing vmlist entries. */
++ for (tmp = vmlist; tmp; tmp = tmp->next) {
++ va = alloc_bootmem(sizeof(struct vmap_area));
++ va->flags = tmp->flags | VM_VM_AREA;
++ va->va_start = (unsigned long)tmp->addr;
++ va->va_end = va->va_start + tmp->size;
++ __insert_vmap_area(va);
++ }
+ vmap_initialized = true;
+ }
+
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:20 2009
+Message-Id: <20090131022920.563768314@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:06 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Arjan van de Ven <arjan@linux.intel.com>,
+ Ingo Molnar <mingo@elte.hu>,
+ Kyle McMartin <kyle@redhat.com>
+Subject: [patch 18/43] resources: skip sanity check of busy resources
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=resources-skip-sanity-check-of-busy-resources.patch
+Content-Length: 1592
+Lines: 45
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Arjan van de Ven <arjan@linux.intel.com>
+
+commit 3ac52669c7a24b93663acfcab606d1065ed1accd upstream.
+
+Impact: reduce false positives in iomem_map_sanity_check()
+
+Some drivers (vesafb) only map/reserve a portion of a resource.
+If then some other driver comes in and maps the whole resource,
+the current code WARN_ON's. This is not the intent of the checks
+in iomem_map_sanity_check(); rather these checks want to
+warn when crossing *hardware* resources only.
+
+This patch skips BUSY resources as suggested by Linus.
+
+Note: having two drivers talk to the same hardware at the same
+time is obviously not optimal behavior, but that's a separate story.
+
+Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Kyle McMartin <kyle@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/resource.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/kernel/resource.c
++++ b/kernel/resource.c
+@@ -853,6 +853,15 @@ int iomem_map_sanity_check(resource_size
+ if (PFN_DOWN(p->start) <= PFN_DOWN(addr) &&
+ PFN_DOWN(p->end) >= PFN_DOWN(addr + size - 1))
+ continue;
++ /*
++ * if a resource is "BUSY", it's not a hardware resource
++ * but a driver mapping of such a resource; we don't want
++ * to warn for those; some drivers legitimately map only
++ * partial hardware resources. (example: vesafb)
++ */
++ if (p->flags & IORESOURCE_BUSY)
++ continue;
++
+ printk(KERN_WARNING "resource map sanity check conflict: "
+ "0x%llx 0x%llx 0x%llx 0x%llx %s\n",
+ (unsigned long long)addr,
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:20 2009
+Message-Id: <20090131022920.686701682@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:07 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Larry Finger <Larry.Finger@lwfinger.net>,
+ "John W. Linville" <linville@tuxdriver.com>
+Subject: [patch 19/43] rtl8187: Add termination packet to prevent stall
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=rtl8187-add-termination-packet-to-prevent-stall.patch
+Content-Length: 823
+Lines: 26
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Larry Finger <Larry.Finger@lwfinger.net>
+
+commit 2fcbab044a3faf4d4a6e269148dd1f188303b206 upstream.
+
+The RTL8187 and RTL8187B devices can stall unless an explicit termination
+packet is sent.
+
+Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/rtl8187_dev.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/wireless/rtl8187_dev.c
++++ b/drivers/net/wireless/rtl8187_dev.c
+@@ -263,6 +263,7 @@ static int rtl8187_tx(struct ieee80211_h
+
+ usb_fill_bulk_urb(urb, priv->udev, usb_sndbulkpipe(priv->udev, ep),
+ buf, skb->len, rtl8187_tx_cb, skb);
++ urb->transfer_flags |= URB_ZERO_PACKET;
+ rc = usb_submit_urb(urb, GFP_ATOMIC);
+ if (rc < 0) {
+ usb_free_urb(urb);
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:20 2009
+Message-Id: <20090131022920.807153866@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:08 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Brandon Philips <bphilips@suse.de>,
+ Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
+Subject: [patch 20/43] it821x: Add ultra_mask quirk for Vortex86SX
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=it821x-add-ultra_mask-quirk-for-vortex86sx.patch
+Content-Length: 2280
+Lines: 81
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Brandon Philips <brandon@ifup.org>
+
+commit b94b898f3107046b5c97c556e23529283ea5eadd upstream.
+
+On Vortex86SX with IDE controller revision 0x11 ultra DMA must be
+disabled. This patch was tested by DMP and seems to work.
+
+It is a cleaned up version of their older Kernel patch:
+ http://www.dmp.com.tw/tech/vortex86sx/patch-2.6.24-DMP.gz
+
+Tested-by: Shawn Lin <shawn@dmp.com.tw>
+Signed-off-by: Brandon Philips <bphilips@suse.de>
+Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
+Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/ide/it821x.c | 12 ++++++++++++
+ include/linux/pci_ids.h | 1 +
+ 2 files changed, 13 insertions(+)
+
+--- a/drivers/ide/it821x.c
++++ b/drivers/ide/it821x.c
+@@ -68,6 +68,8 @@
+
+ #define DRV_NAME "it821x"
+
++#define QUIRK_VORTEX86 1
++
+ struct it821x_dev
+ {
+ unsigned int smart:1, /* Are we in smart raid mode */
+@@ -79,6 +81,7 @@ struct it821x_dev
+ u16 pio[2]; /* Cached PIO values */
+ u16 mwdma[2]; /* Cached MWDMA values */
+ u16 udma[2]; /* Cached UDMA values (per drive) */
++ u16 quirks;
+ };
+
+ #define ATA_66 0
+@@ -580,6 +583,12 @@ static void __devinit init_hwif_it821x(i
+
+ hwif->ultra_mask = ATA_UDMA6;
+ hwif->mwdma_mask = ATA_MWDMA2;
++
++ /* Vortex86SX quirk: prevent Ultra-DMA mode to fix BadCRC issue */
++ if (idev->quirks & QUIRK_VORTEX86) {
++ if (dev->revision == 0x11)
++ hwif->ultra_mask = 0;
++ }
+ }
+
+ static void it8212_disable_raid(struct pci_dev *dev)
+@@ -652,6 +661,8 @@ static int __devinit it821x_init_one(str
+ return -ENOMEM;
+ }
+
++ itdevs->quirks = id->driver_data;
++
+ rc = ide_pci_init_one(dev, &it821x_chipset, itdevs);
+ if (rc)
+ kfree(itdevs);
+@@ -671,6 +682,7 @@ static void __devexit it821x_remove(stru
+ static const struct pci_device_id it821x_pci_tbl[] = {
+ { PCI_VDEVICE(ITE, PCI_DEVICE_ID_ITE_8211), 0 },
+ { PCI_VDEVICE(ITE, PCI_DEVICE_ID_ITE_8212), 0 },
++ { PCI_VDEVICE(RDC, PCI_DEVICE_ID_RDC_D1010), QUIRK_VORTEX86 },
+ { 0, },
+ };
+
+--- a/include/linux/pci_ids.h
++++ b/include/linux/pci_ids.h
+@@ -2171,6 +2171,7 @@
+ #define PCI_DEVICE_ID_RDC_R6040 0x6040
+ #define PCI_DEVICE_ID_RDC_R6060 0x6060
+ #define PCI_DEVICE_ID_RDC_R6061 0x6061
++#define PCI_DEVICE_ID_RDC_D1010 0x1010
+
+ #define PCI_VENDOR_ID_LENOVO 0x17aa
+
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:21 2009
+Message-Id: <20090131022920.925104043@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:09 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Joseph Chan <josephchan@via.com.tw>,
+ Tejun Heo <tj@kernel.org>,
+ Jeff Garzik <jgarzik@redhat.com>
+Subject: [patch 21/43] libata: pata_via: support VX855, future chips whose IDE controller use 0x0571
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=libata-pata_via-support-vx855-future-chips-whose-ide-controller-use-0x0571.patch
+Content-Length: 4074
+Lines: 118
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: JosephChan@via.com.tw <JosephChan@via.com.tw>
+
+commit e4d866cdea24543ee16ce6d07d80c513e86ba983 upstream.
+
+It supports VX855 and future chips whose IDE controller uses PCI ID 0x0571.
+
+Signed-off-by: Joseph Chan <josephchan@via.com.tw>
+Acked-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/ata/pata_via.c | 22 +++++++++++++++++-----
+ include/linux/pci_ids.h | 4 ++++
+ 2 files changed, 21 insertions(+), 5 deletions(-)
+
+--- a/drivers/ata/pata_via.c
++++ b/drivers/ata/pata_via.c
+@@ -86,6 +86,10 @@ enum {
+ VIA_SATA_PATA = 0x800, /* SATA/PATA combined configuration */
+ };
+
++enum {
++ VIA_IDFLAG_SINGLE = (1 << 0), /* single channel controller) */
++};
++
+ /*
+ * VIA SouthBridge chips.
+ */
+@@ -97,8 +101,12 @@ static const struct via_isa_bridge {
+ u8 rev_max;
+ u16 flags;
+ } via_isa_bridges[] = {
++ { "vx855", PCI_DEVICE_ID_VIA_VX855, 0x00, 0x2f,
++ VIA_UDMA_133 | VIA_BAD_AST | VIA_SATA_PATA },
+ { "vx800", PCI_DEVICE_ID_VIA_VX800, 0x00, 0x2f, VIA_UDMA_133 |
+ VIA_BAD_AST | VIA_SATA_PATA },
++ { "vt8261", PCI_DEVICE_ID_VIA_8261, 0x00, 0x2f,
++ VIA_UDMA_133 | VIA_BAD_AST },
+ { "vt8237s", PCI_DEVICE_ID_VIA_8237S, 0x00, 0x2f, VIA_UDMA_133 | VIA_BAD_AST },
+ { "vt8251", PCI_DEVICE_ID_VIA_8251, 0x00, 0x2f, VIA_UDMA_133 | VIA_BAD_AST },
+ { "cx700", PCI_DEVICE_ID_VIA_CX700, 0x00, 0x2f, VIA_UDMA_133 | VIA_BAD_AST | VIA_SATA_PATA },
+@@ -122,6 +130,8 @@ static const struct via_isa_bridge {
+ { "vt82c586", PCI_DEVICE_ID_VIA_82C586_0, 0x00, 0x0f, VIA_UDMA_NONE | VIA_SET_FIFO },
+ { "vt82c576", PCI_DEVICE_ID_VIA_82C576, 0x00, 0x2f, VIA_UDMA_NONE | VIA_SET_FIFO | VIA_NO_UNMASK },
+ { "vt82c576", PCI_DEVICE_ID_VIA_82C576, 0x00, 0x2f, VIA_UDMA_NONE | VIA_SET_FIFO | VIA_NO_UNMASK | VIA_BAD_ID },
++ { "vtxxxx", PCI_DEVICE_ID_VIA_ANON, 0x00, 0x2f,
++ VIA_UDMA_133 | VIA_BAD_AST },
+ { NULL }
+ };
+
+@@ -460,6 +470,7 @@ static int via_init_one(struct pci_dev *
+ static int printed_version;
+ u8 enable;
+ u32 timing;
++ unsigned long flags = id->driver_data;
+ int rc;
+
+ if (!printed_version++)
+@@ -469,9 +480,13 @@ static int via_init_one(struct pci_dev *
+ if (rc)
+ return rc;
+
++ if (flags & VIA_IDFLAG_SINGLE)
++ ppi[1] = &ata_dummy_port_info;
++
+ /* To find out how the IDE will behave and what features we
+ actually have to look at the bridge not the IDE controller */
+- for (config = via_isa_bridges; config->id; config++)
++ for (config = via_isa_bridges; config->id != PCI_DEVICE_ID_VIA_ANON;
++ config++)
+ if ((isa = pci_get_device(PCI_VENDOR_ID_VIA +
+ !!(config->flags & VIA_BAD_ID),
+ config->id, NULL))) {
+@@ -482,10 +497,6 @@ static int via_init_one(struct pci_dev *
+ pci_dev_put(isa);
+ }
+
+- if (!config->id) {
+- printk(KERN_WARNING "via: Unknown VIA SouthBridge, disabling.\n");
+- return -ENODEV;
+- }
+ pci_dev_put(isa);
+
+ if (!(config->flags & VIA_NO_ENABLES)) {
+@@ -587,6 +598,7 @@ static const struct pci_device_id via[]
+ { PCI_VDEVICE(VIA, 0x1571), },
+ { PCI_VDEVICE(VIA, 0x3164), },
+ { PCI_VDEVICE(VIA, 0x5324), },
++ { PCI_VDEVICE(VIA, 0xC409), VIA_IDFLAG_SINGLE },
+
+ { },
+ };
+--- a/include/linux/pci_ids.h
++++ b/include/linux/pci_ids.h
+@@ -1357,6 +1357,7 @@
+ #define PCI_DEVICE_ID_VIA_8783_0 0x3208
+ #define PCI_DEVICE_ID_VIA_8237 0x3227
+ #define PCI_DEVICE_ID_VIA_8251 0x3287
++#define PCI_DEVICE_ID_VIA_8261 0x3402
+ #define PCI_DEVICE_ID_VIA_8237A 0x3337
+ #define PCI_DEVICE_ID_VIA_8237S 0x3372
+ #define PCI_DEVICE_ID_VIA_SATA_EIDE 0x5324
+@@ -1366,10 +1367,13 @@
+ #define PCI_DEVICE_ID_VIA_CX700 0x8324
+ #define PCI_DEVICE_ID_VIA_CX700_IDE 0x0581
+ #define PCI_DEVICE_ID_VIA_VX800 0x8353
++#define PCI_DEVICE_ID_VIA_VX855 0x8409
+ #define PCI_DEVICE_ID_VIA_8371_1 0x8391
+ #define PCI_DEVICE_ID_VIA_82C598_1 0x8598
+ #define PCI_DEVICE_ID_VIA_838X_1 0xB188
+ #define PCI_DEVICE_ID_VIA_83_87XX_1 0xB198
++#define PCI_DEVICE_ID_VIA_C409_IDE 0XC409
++#define PCI_DEVICE_ID_VIA_ANON 0xFFFF
+
+ #define PCI_VENDOR_ID_SIEMENS 0x110A
+ #define PCI_DEVICE_ID_SIEMENS_DSCC4 0x2102
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:21 2009
+Message-Id: <20090131022921.043844551@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:10 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Flavio Leitner <fleitner@redhat.com>,
+ Alan Cox <alan@redhat.com>
+Subject: [patch 22/43] serial_8250: support for Sealevel Systems Model 7803 COMM+8
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=serial_8250-support-for-sealevel-systems-model-7803-comm-8.patch
+Content-Length: 1296
+Lines: 39
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Flavio Leitner <fleitner@redhat.com>
+
+commit e65f0f8271b1b0452334e5da37fd35413a000de4 upstream.
+
+Add support for Sealevel Systems Model 7803 COMM+8
+
+Signed-off-by: Flavio Leitner <fleitner@redhat.com>
+Signed-off-by: Alan Cox <alan@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/serial/8250_pci.c | 3 +++
+ include/linux/pci_ids.h | 1 +
+ 2 files changed, 4 insertions(+)
+
+--- a/drivers/serial/8250_pci.c
++++ b/drivers/serial/8250_pci.c
+@@ -2271,6 +2271,9 @@ static struct pci_device_id serial_pci_t
+ { PCI_VENDOR_ID_SEALEVEL, PCI_DEVICE_ID_SEALEVEL_COMM8,
+ PCI_ANY_ID, PCI_ANY_ID, 0, 0,
+ pbn_b2_8_115200 },
++ { PCI_VENDOR_ID_SEALEVEL, PCI_DEVICE_ID_SEALEVEL_7803,
++ PCI_ANY_ID, PCI_ANY_ID, 0, 0,
++ pbn_b2_8_460800 },
+ { PCI_VENDOR_ID_SEALEVEL, PCI_DEVICE_ID_SEALEVEL_UCOMM8,
+ PCI_ANY_ID, PCI_ANY_ID, 0, 0,
+ pbn_b2_8_115200 },
+--- a/include/linux/pci_ids.h
++++ b/include/linux/pci_ids.h
+@@ -1799,6 +1799,7 @@
+ #define PCI_DEVICE_ID_SEALEVEL_UCOMM232 0x7202
+ #define PCI_DEVICE_ID_SEALEVEL_COMM4 0x7401
+ #define PCI_DEVICE_ID_SEALEVEL_COMM8 0x7801
++#define PCI_DEVICE_ID_SEALEVEL_7803 0x7803
+ #define PCI_DEVICE_ID_SEALEVEL_UCOMM8 0x7804
+
+ #define PCI_VENDOR_ID_HYPERCOPE 0x1365
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:21 2009
+Message-Id: <20090131022921.167790198@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:11 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Eric Anholt <eric@anholt.net>,
+ Dave Airlie <airlied@redhat.com>
+Subject: [patch 23/43] drm: stash AGP include under the do-we-have-AGP ifdef
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=drm-stash-agp-include-under-the-do-we-have-agp-ifdef.patch
+Content-Length: 670
+Lines: 31
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Eric Anholt <eric@anholt.net>
+
+commit 1bb88edb7a3769992026f34fd648bb459b0469aa upstream.
+
+This fixes the MIPS with DRM build.
+
+Signed-off-by: Eric Anholt <eric@anholt.net>
+Tested-by: Martin Michlmayr <tbm@cyrius.com>
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/gpu/drm/drm_agpsupport.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/drm_agpsupport.c
++++ b/drivers/gpu/drm/drm_agpsupport.c
+@@ -33,10 +33,11 @@
+
+ #include "drmP.h"
+ #include <linux/module.h>
+-#include <asm/agp.h>
+
+ #if __OS_HAS_AGP
+
++#include <asm/agp.h>
++
+ /**
+ * Get AGP information.
+ *
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:21 2009
+Message-Id: <20090131022921.291581147@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:12 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ Maksim Yevmenkin <maksim.yevmenkin@gmail.com>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Lee Schermerhorn <Lee.Schermerhorn@hp.com>,
+ Nick Piggin <npiggin@suse.de>,
+ Rik van Riel <riel@redhat.com>,
+ Hugh Dickins <hugh@veritas.com>
+Subject: [patch 24/43] Fix OOPS in mmap_region() when merging adjacent VM_LOCKED file segments
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=fix-oops-in-mmap_region-when-merging-adjacent-vm_locked-file-segments.patch
+Content-Length: 1895
+Lines: 60
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Andrew Morton <akpm@linux-foundation.org>
+
+This patch differs from the upstream commit
+de33c8db5910cda599899dd431cc30d7c1018cbf written by Linus, as it aims to
+only prevent the oops from happening, not attempt to change anything
+else.
+
+
+The problem was introduced by commit
+ba470de43188cdbff795b5da43a1474523c6c2fb
+
+which added new references to *vma after we've potentially freed it.
+
+From: Andrew Morton <akpm@linux-foundation.org>
+Reported-by: Maksim Yevmenkin <maksim.yevmenkin@gmail.com>
+Tested-by: Maksim Yevmenkin <maksim.yevmenkin@gmail.com>
+Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
+Cc: Nick Piggin <npiggin@suse.de>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: Rik van Riel <riel@redhat.com>
+Cc: Hugh Dickins <hugh@veritas.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ mm/mmap.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/mm/mmap.c
++++ b/mm/mmap.c
+@@ -1095,6 +1095,7 @@ unsigned long mmap_region(struct file *f
+ {
+ struct mm_struct *mm = current->mm;
+ struct vm_area_struct *vma, *prev;
++ struct vm_area_struct *merged_vma;
+ int correct_wcount = 0;
+ int error;
+ struct rb_node **rb_link, *rb_parent;
+@@ -1207,13 +1208,17 @@ munmap_back:
+ if (vma_wants_writenotify(vma))
+ vma->vm_page_prot = vm_get_page_prot(vm_flags & ~VM_SHARED);
+
+- if (file && vma_merge(mm, prev, addr, vma->vm_end,
+- vma->vm_flags, NULL, file, pgoff, vma_policy(vma))) {
++ merged_vma = NULL;
++ if (file)
++ merged_vma = vma_merge(mm, prev, addr, vma->vm_end,
++ vma->vm_flags, NULL, file, pgoff, vma_policy(vma));
++ if (merged_vma) {
+ mpol_put(vma_policy(vma));
+ kmem_cache_free(vm_area_cachep, vma);
+ fput(file);
+ if (vm_flags & VM_EXECUTABLE)
+ removed_exe_file_vma(mm);
++ vma = merged_vma;
+ } else {
+ vma_link(mm, vma, prev, rb_link, rb_parent);
+ file = vma->vm_file;
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:21 2009
+Message-Id: <20090131022921.416637744@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:13 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Paul Larson <pl@linux.vnet.ibm.com>,
+ Eilon Greenstein <eilong@broadcom.com>,
+ "David S. Miller" <davem@davemloft.net>
+Subject: [patch 25/43] bnx2x: Block nvram access when the device is inactive
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=bnx2x-block-nvram-access-when-the-device-is-inactive.patch
+Content-Length: 908
+Lines: 29
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Eilon Greenstein <eilong@broadcom.com>
+
+commit 2add3acb11a26cc14b54669433ae6ace6406cbf2 upstream.
+
+Don't dump eeprom when bnx2x adapter is down. Running ethtool -e causes an eeh
+without it when the device is down
+
+Signed-off-by: Paul Larson <pl@linux.vnet.ibm.com>
+Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/bnx2x_main.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/net/bnx2x_main.c
++++ b/drivers/net/bnx2x_main.c
+@@ -8079,6 +8079,9 @@ static int bnx2x_get_eeprom(struct net_d
+ struct bnx2x *bp = netdev_priv(dev);
+ int rc;
+
++ if (!netif_running(dev))
++ return -EAGAIN;
++
+ DP(BNX2X_MSG_NVM, "ethtool_eeprom: cmd %d\n"
+ DP_LEVEL " magic 0x%x offset 0x%x (%d) len 0x%x (%d)\n",
+ eeprom->cmd, eeprom->magic, eeprom->offset, eeprom->offset,
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:21 2009
+Message-Id: <20090131022921.533637388@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:14 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk
+Subject: [patch 26/43] ext3: Add sanity check to make_indexed_dir
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=ext3-add-sanity-check-to-make_indexed_dir.patch
+Content-Length: 2041
+Lines: 64
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Theodore Ts'o <tytso@mit.edu>
+
+commit a21102b55c4f8dfd3adb4a15a34cd62237b46039 upstream.
+
+Make sure the rec_len field in the '..' entry is sane, lest we overrun
+the directory block and cause a kernel oops on a purposefully
+corrupted filesystem.
+
+This fixes a bug related to a bug originally reported by Sami Liedes
+for ext4 at:
+
+http://bugzilla.kernel.org/show_bug.cgi?id=12430
+
+Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/ext3/namei.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+--- a/fs/ext3/namei.c
++++ b/fs/ext3/namei.c
+@@ -1357,7 +1357,7 @@ static int make_indexed_dir(handle_t *ha
+ struct fake_dirent *fde;
+
+ blocksize = dir->i_sb->s_blocksize;
+- dxtrace(printk("Creating index\n"));
++ dxtrace(printk(KERN_DEBUG "Creating index: inode %lu\n", dir->i_ino));
+ retval = ext3_journal_get_write_access(handle, bh);
+ if (retval) {
+ ext3_std_error(dir->i_sb, retval);
+@@ -1366,6 +1366,19 @@ static int make_indexed_dir(handle_t *ha
+ }
+ root = (struct dx_root *) bh->b_data;
+
++ /* The 0th block becomes the root, move the dirents out */
++ fde = &root->dotdot;
++ de = (struct ext3_dir_entry_2 *)((char *)fde +
++ ext3_rec_len_from_disk(fde->rec_len));
++ if ((char *) de >= (((char *) root) + blocksize)) {
++ ext3_error(dir->i_sb, __func__,
++ "invalid rec_len for '..' in inode %lu",
++ dir->i_ino);
++ brelse(bh);
++ return -EIO;
++ }
++ len = ((char *) root) + blocksize - (char *) de;
++
+ bh2 = ext3_append (handle, dir, &block, &retval);
+ if (!(bh2)) {
+ brelse(bh);
+@@ -1374,11 +1387,6 @@ static int make_indexed_dir(handle_t *ha
+ EXT3_I(dir)->i_flags |= EXT3_INDEX_FL;
+ data1 = bh2->b_data;
+
+- /* The 0th block becomes the root, move the dirents out */
+- fde = &root->dotdot;
+- de = (struct ext3_dir_entry_2 *)((char *)fde +
+- ext3_rec_len_from_disk(fde->rec_len));
+- len = ((char *) root) + blocksize - (char *) de;
+ memcpy (data1, de, len);
+ de = (struct ext3_dir_entry_2 *) data1;
+ top = data1 + len;
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:21 2009
+Message-Id: <20090131022921.655540664@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:15 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Larry Finger <Larry.Finger@lwfinger.net>,
+ "John W. Linville" <linville@tuxdriver.com>
+Subject: [patch 27/43] rtl8187: Fix error in setting OFDM power settings for RTL8187L
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=rtl8187-fix-error-in-setting-ofdm-power-settings-for-rtl8187l.patch
+Content-Length: 1641
+Lines: 48
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Larry Finger <Larry.Finger@lwfinger.net>
+
+commit eb83bbf57429ab80f49b413e3e44d3b19c3fdc5a upstream.
+
+After reports of poor performance, a review of the latest vendor driver
+(rtl8187_linux_26.1025.0328.2007) for RTL8187L devices was undertaken.
+
+A difference was found in the code used to index the OFDM power tables. When
+the Linux driver was changed, my unit works at a much greater range than
+before. I think this fixes Bugzilla #12380 and has been tested by at least
+two other users.
+
+Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
+Tested-by: MartÃn Ernesto Barreyro <barreyromartin@gmail.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/rtl8187_rtl8225.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/wireless/rtl8187_rtl8225.c
++++ b/drivers/net/wireless/rtl8187_rtl8225.c
+@@ -287,7 +287,10 @@ static void rtl8225_rf_set_tx_power(stru
+ ofdm_power = priv->channels[channel - 1].hw_value >> 4;
+
+ cck_power = min(cck_power, (u8)11);
+- ofdm_power = min(ofdm_power, (u8)35);
++ if (ofdm_power > (u8)15)
++ ofdm_power = 25;
++ else
++ ofdm_power += 10;
+
+ rtl818x_iowrite8(priv, &priv->map->TX_GAIN_CCK,
+ rtl8225_tx_gain_cck_ofdm[cck_power / 6] >> 1);
+@@ -540,7 +543,10 @@ static void rtl8225z2_rf_set_tx_power(st
+ cck_power += priv->txpwr_base & 0xF;
+ cck_power = min(cck_power, (u8)35);
+
+- ofdm_power = min(ofdm_power, (u8)15);
++ if (ofdm_power > (u8)15)
++ ofdm_power = 25;
++ else
++ ofdm_power += 10;
+ ofdm_power += priv->txpwr_base >> 4;
+ ofdm_power = min(ofdm_power, (u8)35);
+
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:21 2009
+Message-Id: <20090131022921.780118447@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:16 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Davide Libenzi <davidel@xmailserver.org>,
+ Michael Kerrisk <mtk.manpages@googlemail.com>,
+ Bron Gondwana <brong@fastmail.fm>
+Subject: [patch 28/43] epoll: drop max_user_instances and rely only on max_user_watches
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=epoll-drop-max_user_instances-and-rely-only-on-max_user_watches.patch
+Content-Length: 3465
+Lines: 111
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Davide Libenzi <davidel@xmailserver.org>
+
+commit 9df04e1f25effde823a600e755b51475d438f56b upstream.
+
+Linus suggested to put limits where the money is, and max_user_watches
+already does that w/out the need of max_user_instances. That has the
+advantage to mitigate the potential DoS while allowing pretty generous
+default behavior.
+
+Allowing top 4% of low memory (per user) to be allocated in epoll watches,
+we have:
+
+LOMEM MAX_WATCHES (per user)
+512MB ~178000
+1GB ~356000
+2GB ~712000
+
+A box with 512MB of lomem, will meet some challenge in hitting 180K
+watches, socket buffers math teaches us. No more max_user_instances
+limits then.
+
+Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
+Cc: Willy Tarreau <w@1wt.eu>
+Cc: Michael Kerrisk <mtk.manpages@googlemail.com>
+Cc: Bron Gondwana <brong@fastmail.fm>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/eventpoll.c | 22 ++++------------------
+ include/linux/sched.h | 1 -
+ 2 files changed, 4 insertions(+), 19 deletions(-)
+
+--- a/fs/eventpoll.c
++++ b/fs/eventpoll.c
+@@ -234,8 +234,6 @@ struct ep_pqueue {
+ /*
+ * Configuration options available inside /proc/sys/fs/epoll/
+ */
+-/* Maximum number of epoll devices, per user */
+-static int max_user_instances __read_mostly;
+ /* Maximum number of epoll watched descriptors, per user */
+ static int max_user_watches __read_mostly;
+
+@@ -261,14 +259,6 @@ static int zero;
+
+ ctl_table epoll_table[] = {
+ {
+- .procname = "max_user_instances",
+- .data = &max_user_instances,
+- .maxlen = sizeof(int),
+- .mode = 0644,
+- .proc_handler = &proc_dointvec_minmax,
+- .extra1 = &zero,
+- },
+- {
+ .procname = "max_user_watches",
+ .data = &max_user_watches,
+ .maxlen = sizeof(int),
+@@ -491,7 +481,6 @@ static void ep_free(struct eventpoll *ep
+
+ mutex_unlock(&epmutex);
+ mutex_destroy(&ep->mtx);
+- atomic_dec(&ep->user->epoll_devs);
+ free_uid(ep->user);
+ kfree(ep);
+ }
+@@ -581,10 +570,6 @@ static int ep_alloc(struct eventpoll **p
+ struct eventpoll *ep;
+
+ user = get_current_user();
+- error = -EMFILE;
+- if (unlikely(atomic_read(&user->epoll_devs) >=
+- max_user_instances))
+- goto free_uid;
+ error = -ENOMEM;
+ ep = kzalloc(sizeof(*ep), GFP_KERNEL);
+ if (unlikely(!ep))
+@@ -1141,7 +1126,6 @@ SYSCALL_DEFINE1(epoll_create1, int, flag
+ flags & O_CLOEXEC);
+ if (fd < 0)
+ ep_free(ep);
+- atomic_inc(&ep->user->epoll_devs);
+
+ error_return:
+ DNPRINTK(3, (KERN_INFO "[%p] eventpoll: sys_epoll_create(%d) = %d\n",
+@@ -1366,8 +1350,10 @@ static int __init eventpoll_init(void)
+ struct sysinfo si;
+
+ si_meminfo(&si);
+- max_user_instances = 128;
+- max_user_watches = (((si.totalram - si.totalhigh) / 32) << PAGE_SHIFT) /
++ /*
++ * Allows top 4% of lomem to be allocated for epoll watches (per user).
++ */
++ max_user_watches = (((si.totalram - si.totalhigh) / 25) << PAGE_SHIFT) /
+ EP_ITEM_COST;
+
+ /* Initialize the structure used to perform safe poll wait head wake ups */
+--- a/include/linux/sched.h
++++ b/include/linux/sched.h
+@@ -631,7 +631,6 @@ struct user_struct {
+ atomic_t inotify_devs; /* How many inotify devs does this user have opened? */
+ #endif
+ #ifdef CONFIG_EPOLL
+- atomic_t epoll_devs; /* The number of epoll descriptors currently open */
+ atomic_t epoll_watches; /* The number of file descriptors currently watched */
+ #endif
+ #ifdef CONFIG_POSIX_MQUEUE
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009
+Message-Id: <20090131022921.905626989@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:17 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Magnus Damm <damm@igel.co.jp>,
+ David Brownell <dbrownell@users.sourceforge.net>
+Subject: [patch 29/43] gpiolib: fix request related issue
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=gpiolib-fix-request-related-issue.patch
+Content-Length: 722
+Lines: 27
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Magnus Damm <damm@igel.co.jp>
+
+commit 7460db567bbca76bf087d1694d792a1a96bdaa26 upstream.
+
+Fix request-already-requested handling in gpio_request().
+
+Signed-off-by: Magnus Damm <damm@igel.co.jp>
+Acked-by: David Brownell <dbrownell@users.sourceforge.net>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/gpio/gpiolib.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/gpio/gpiolib.c
++++ b/drivers/gpio/gpiolib.c
+@@ -789,6 +789,7 @@ int gpio_request(unsigned gpio, const ch
+ } else {
+ status = -EBUSY;
+ module_put(chip->owner);
++ goto done;
+ }
+
+ if (chip->request) {
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009
+Message-Id: <20090131022922.021522440@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:18 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Robin Holt <holt@sgi.com>,
+ Dean Nelson <dcn@sgi.com>
+Subject: [patch 30/43] sgi-xpc: Remove NULL pointer dereference.
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=sgi-xpc-remove-null-pointer-dereference.patch
+Content-Length: 1157
+Lines: 38
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Robin Holt <holt@sgi.com>
+
+commit 17e2161654da4e6bdfd8d53d4f52e820ee93f423 upstream.
+
+If the bte copy fails, the attempt to retrieve payloads merely returns a
+null pointer deref and not NULL as was expected.
+
+Signed-off-by: Robin Holt <holt@sgi.com>
+Signed-off-by: Dean Nelson <dcn@sgi.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/misc/sgi-xp/xpc_sn2.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+--- a/drivers/misc/sgi-xp/xpc_sn2.c
++++ b/drivers/misc/sgi-xp/xpc_sn2.c
+@@ -1961,11 +1961,13 @@ xpc_get_deliverable_payload_sn2(struct x
+
+ msg = xpc_pull_remote_msg_sn2(ch, get);
+
+- DBUG_ON(msg != NULL && msg->number != get);
+- DBUG_ON(msg != NULL && (msg->flags & XPC_M_SN2_DONE));
+- DBUG_ON(msg != NULL && !(msg->flags & XPC_M_SN2_READY));
++ if (msg != NULL) {
++ DBUG_ON(msg->number != get);
++ DBUG_ON(msg->flags & XPC_M_SN2_DONE);
++ DBUG_ON(!(msg->flags & XPC_M_SN2_READY));
+
+- payload = &msg->payload;
++ payload = &msg->payload;
++ }
+ break;
+ }
+
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009
+Message-Id: <20090131022922.149662682@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:19 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Robin Holt <holt@sgi.com>,
+ Dean Nelson <dcn@sgi.com>
+Subject: [patch 31/43] sgi-xpc: ensure flags are updated before bte_copy
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=sgi-xpc-ensure-flags-are-updated-before-bte_copy.patch
+Content-Length: 2547
+Lines: 76
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Robin Holt <holt@sgi.com>
+
+commit 69b3bb65fa97a1e8563518dbbc35cd57beefb2d4 upstream.
+
+The clearing of the msg->flags needs a barrier between it and the notify
+of the channel threads that the messages are cleaned and ready for use.
+
+Signed-off-by: Robin Holt <holt@sgi.com>
+Signed-off-by: Dean Nelson <dcn@sgi.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/misc/sgi-xp/xpc_sn2.c | 9 +++++----
+ drivers/misc/sgi-xp/xpc_uv.c | 2 +-
+ 2 files changed, 6 insertions(+), 5 deletions(-)
+
+--- a/drivers/misc/sgi-xp/xpc_sn2.c
++++ b/drivers/misc/sgi-xp/xpc_sn2.c
+@@ -1841,6 +1841,7 @@ xpc_process_msg_chctl_flags_sn2(struct x
+ */
+ xpc_clear_remote_msgqueue_flags_sn2(ch);
+
++ smp_wmb(); /* ensure flags have been cleared before bte_copy */
+ ch_sn2->w_remote_GP.put = ch_sn2->remote_GP.put;
+
+ dev_dbg(xpc_chan, "w_remote_GP.put changed to %ld, partid=%d, "
+@@ -1939,7 +1940,7 @@ xpc_get_deliverable_payload_sn2(struct x
+ break;
+
+ get = ch_sn2->w_local_GP.get;
+- rmb(); /* guarantee that .get loads before .put */
++ smp_rmb(); /* guarantee that .get loads before .put */
+ if (get == ch_sn2->w_remote_GP.put)
+ break;
+
+@@ -2060,7 +2061,7 @@ xpc_allocate_msg_sn2(struct xpc_channel
+ while (1) {
+
+ put = ch_sn2->w_local_GP.put;
+- rmb(); /* guarantee that .put loads before .get */
++ smp_rmb(); /* guarantee that .put loads before .get */
+ if (put - ch_sn2->w_remote_GP.get < ch->local_nentries) {
+
+ /* There are available message entries. We need to try
+@@ -2193,7 +2194,7 @@ xpc_send_payload_sn2(struct xpc_channel
+ * The preceding store of msg->flags must occur before the following
+ * load of local_GP->put.
+ */
+- mb();
++ smp_mb();
+
+ /* see if the message is next in line to be sent, if so send it */
+
+@@ -2294,7 +2295,7 @@ xpc_received_payload_sn2(struct xpc_chan
+ * The preceding store of msg->flags must occur before the following
+ * load of local_GP->get.
+ */
+- mb();
++ smp_mb();
+
+ /*
+ * See if this message is next in line to be acknowledged as having
+--- a/drivers/misc/sgi-xp/xpc_uv.c
++++ b/drivers/misc/sgi-xp/xpc_uv.c
+@@ -1238,7 +1238,7 @@ xpc_send_payload_uv(struct xpc_channel *
+ atomic_inc(&ch->n_to_notify);
+
+ msg_slot->key = key;
+- wmb(); /* a non-NULL func must hit memory after the key */
++ smp_wmb(); /* a non-NULL func must hit memory after the key */
+ msg_slot->func = func;
+
+ if (ch->flags & XPC_C_DISCONNECTING) {
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009
+Message-Id: <20090131022922.273133272@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:20 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Boaz Harrosh <bharrosh@panasas.com>,
+ FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>,
+ Jens Axboe <jens.axboe@oracle.com>
+Subject: [patch 32/43] include/linux: Add bsg.h to the Kernel exported headers
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=include-linux-add-bsg.h-to-the-kernel-exported-headers.patch
+Content-Length: 1137
+Lines: 36
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Boaz Harrosh <bharrosh@panasas.com>
+
+commit a229fc61ef0ee3c30fd193beee0eeb87410227f1 upstream.
+
+bsg.h in current form is perfectly suitable for user-mode
+consumption. It is needed together with scsi/sg.h for applications
+that want to interface with the bsg driver.
+
+Currently the few projects that use it would copy it over into
+the projects. But that is not acceptable for projects that need
+to provide source and devel packages for distros.
+
+This should also be submitted to stable 2.6.28 and 2.6.27 since bsg had
+a stable API since these Kernels and distro users will need the header
+for these kernels a swell
+
+Signed-off-by: Boaz Harrosh <bharrosh@panasas.com>
+Acked-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
+Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/linux/Kbuild | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/include/linux/Kbuild
++++ b/include/linux/Kbuild
+@@ -41,6 +41,7 @@ header-y += baycom.h
+ header-y += bfs_fs.h
+ header-y += blkpg.h
+ header-y += bpqether.h
++header-y += bsg.h
+ header-y += can.h
+ header-y += cdk.h
+ header-y += chio.h
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009
+Message-Id: <20090131022922.395903478@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:21 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Takashi Iwai <tiwai@suse.de>
+Subject: [patch 33/43] ALSA: hda - Fix PCM reference NID for STAC/IDT analog outputs
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=alsa-hda-fix-pcm-reference-nid-for-stac-idt-analog-outputs.patch
+Content-Length: 1084
+Lines: 30
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 00a602db1ce9d61319d6f769dee206ec85f19bda upstream.
+
+The reference NID for the analog outputs of STAC/IDT codecs is set
+to a fixed number 0x02. But this isn't always correct and in many
+codecs it points to a non-existing NID.
+
+This patch fixes the initialization of the PCM reference NID taken
+from the actually probed DAC list.
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ sound/pci/hda/patch_sigmatel.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/sound/pci/hda/patch_sigmatel.c
++++ b/sound/pci/hda/patch_sigmatel.c
+@@ -2428,6 +2428,8 @@ static int stac92xx_build_pcms(struct hd
+
+ info->name = "STAC92xx Analog";
+ info->stream[SNDRV_PCM_STREAM_PLAYBACK] = stac92xx_pcm_analog_playback;
++ info->stream[SNDRV_PCM_STREAM_PLAYBACK].nid =
++ spec->multiout.dac_nids[0];
+ info->stream[SNDRV_PCM_STREAM_CAPTURE] = stac92xx_pcm_analog_capture;
+ info->stream[SNDRV_PCM_STREAM_CAPTURE].nid = spec->adc_nids[0];
+ info->stream[SNDRV_PCM_STREAM_CAPTURE].substreams = spec->num_adcs;
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009
+Message-Id: <20090131022922.515758788@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:22 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Luke Yelavich <themuso@ubuntu.com>,
+ Takashi Iwai <tiwai@suse.de>
+Subject: [patch 34/43] ALSA: hda - add another MacBook Pro 4, 1 subsystem ID
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=alsa-hda-add-another-macbook-pro-4-1-subsystem-id.patch
+Content-Length: 831
+Lines: 26
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Luke Yelavich <themuso@ubuntu.com>
+
+commit 2a88464ceb1bda2571f88902fd8068a6168e3f7b upstream.
+
+Add another MacBook Pro 4,1 SSID (106b:3800). It seems that latter revisions,
+(at least mine), have different IDs to earlier revisions.
+
+Signed-off-by: Luke Yelavich <themuso@ubuntu.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ sound/pci/hda/patch_realtek.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -6780,6 +6780,7 @@ static int patch_alc882(struct hda_codec
+ case 0x106b00a4: /* MacbookPro4,1 */
+ case 0x106b2c00: /* Macbook Pro rev3 */
+ case 0x106b3600: /* Macbook 3.1 */
++ case 0x106b3800: /* MacbookPro4,1 - latter revision */
+ board_config = ALC885_MBP3;
+ break;
+ default:
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009
+Message-Id: <20090131022922.639158274@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:23 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Joerg Schirottke <master@kanotix.com>,
+ Takashi Iwai <tiwai@suse.de>
+Subject: [patch 35/43] ALSA: hda - Add quirk for HP DV6700 laptop
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=alsa-hda-add-quirk-for-hp-dv6700-laptop.patch
+Content-Length: 873
+Lines: 25
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Joerg Schirottke <master@kanotix.com>
+
+commit aa9d823bb347fb66cb07f98c686be8bb85cb6a74 upstream.
+
+Added the matching model=laptop for HP DV6700 laptop.
+
+Signed-off-by: Joerg Schirottke <master@kanotix.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ sound/pci/hda/patch_conexant.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_conexant.c
++++ b/sound/pci/hda/patch_conexant.c
+@@ -1470,6 +1470,7 @@ static struct snd_pci_quirk cxt5047_cfg_
+ SND_PCI_QUIRK(0x103c, 0x30a5, "HP DV5200T/DV8000T", CXT5047_LAPTOP_HP),
+ SND_PCI_QUIRK(0x103c, 0x30b2, "HP DV2000T/DV3000T", CXT5047_LAPTOP),
+ SND_PCI_QUIRK(0x103c, 0x30b5, "HP DV2000Z", CXT5047_LAPTOP),
++ SND_PCI_QUIRK(0x103c, 0x30cf, "HP DV6700", CXT5047_LAPTOP),
+ SND_PCI_QUIRK(0x1179, 0xff31, "Toshiba P100", CXT5047_LAPTOP_EAPD),
+ {}
+ };
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009
+Message-Id: <20090131022922.763677251@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:24 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 36/43] crypto: authenc - Fix zero-length IV crash
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=crypto-authenc-fix-zero-length-iv-crash.patch
+Content-Length: 2037
+Lines: 65
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit 29b37f42127f7da511560a40ea74f5047da40c13 upstream.
+
+As it is if an algorithm with a zero-length IV is used (e.g.,
+NULL encryption) with authenc, authenc may generate an SG entry
+of length zero, which will trigger a BUG check in the hash layer.
+
+This patch fixes it by skipping the IV SG generation if the IV
+size is zero.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ crypto/authenc.c | 24 +++++++++++++++---------
+ 1 file changed, 15 insertions(+), 9 deletions(-)
+
+--- a/crypto/authenc.c
++++ b/crypto/authenc.c
+@@ -157,16 +157,19 @@ static int crypto_authenc_genicv(struct
+ dstp = sg_page(dst);
+ vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + dst->offset;
+
+- sg_init_table(cipher, 2);
+- sg_set_buf(cipher, iv, ivsize);
+- authenc_chain(cipher, dst, vdst == iv + ivsize);
++ if (ivsize) {
++ sg_init_table(cipher, 2);
++ sg_set_buf(cipher, iv, ivsize);
++ authenc_chain(cipher, dst, vdst == iv + ivsize);
++ dst = cipher;
++ }
+
+ cryptlen = req->cryptlen + ivsize;
+- hash = crypto_authenc_hash(req, flags, cipher, cryptlen);
++ hash = crypto_authenc_hash(req, flags, dst, cryptlen);
+ if (IS_ERR(hash))
+ return PTR_ERR(hash);
+
+- scatterwalk_map_and_copy(hash, cipher, cryptlen,
++ scatterwalk_map_and_copy(hash, dst, cryptlen,
+ crypto_aead_authsize(authenc), 1);
+ return 0;
+ }
+@@ -284,11 +287,14 @@ static int crypto_authenc_iverify(struct
+ srcp = sg_page(src);
+ vsrc = PageHighMem(srcp) ? NULL : page_address(srcp) + src->offset;
+
+- sg_init_table(cipher, 2);
+- sg_set_buf(cipher, iv, ivsize);
+- authenc_chain(cipher, src, vsrc == iv + ivsize);
++ if (ivsize) {
++ sg_init_table(cipher, 2);
++ sg_set_buf(cipher, iv, ivsize);
++ authenc_chain(cipher, src, vsrc == iv + ivsize);
++ src = cipher;
++ }
+
+- return crypto_authenc_verify(req, cipher, cryptlen + ivsize);
++ return crypto_authenc_verify(req, src, cryptlen + ivsize);
+ }
+
+ static int crypto_authenc_decrypt(struct aead_request *req)
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009
+Message-Id: <20090131022922.915873402@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:25 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Jarod Wilson <jarod@redhat.com>,
+ Neil Horman <nhorman@tuxdriver.com>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 37/43] crypto: ccm - Fix handling of null assoc data
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=crypto-ccm-fix-handling-of-null-assoc-data.patch
+Content-Length: 3824
+Lines: 81
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Jarod Wilson <jarod@redhat.com>
+
+commit 516280e735b034216de97eb7ba080ec6acbfc58f upstream.
+
+Its a valid use case to have null associated data in a ccm vector, but
+this case isn't being handled properly right now.
+
+The following ccm decryption/verification test vector, using the
+rfc4309 implementation regularly triggers a panic, as will any
+other vector with null assoc data:
+
+* key: ab2f8a74b71cd2b1ff802e487d82f8b9
+* iv: c6fb7d800d13abd8a6b2d8
+* Associated Data: [NULL]
+* Tag Length: 8
+* input: d5e8939fc7892e2b
+
+The resulting panic looks like so:
+
+Unable to handle kernel paging request at ffff810064ddaec0 RIP:
+ [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6
+PGD 8063 PUD 0
+Oops: 0002 [1] SMP
+last sysfs file: /module/libata/version
+CPU 0
+Modules linked in: crypto_tester_kmod(U) seqiv krng ansi_cprng chainiv rng ctr aes_generic aes_x86_64 ccm cryptomgr testmgr_cipher testmgr aead crypto_blkcipher crypto_a
+lgapi des ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth nfs lockd fscache nfs_acl sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_
+tcpudp iptable_filter ip_tables x_tables dm_mirror dm_log dm_multipath scsi_dh dm_mod video hwmon backlight sbs i2c_ec button battery asus_acpi acpi_memhotplug ac lp sg
+snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss joydev snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss ide_cd snd_pcm floppy parport_p
+c shpchp e752x_edac snd_timer e1000 i2c_i801 edac_mc snd soundcore snd_page_alloc i2c_core cdrom parport serio_raw pcspkr ata_piix libata sd_mod scsi_mod ext3 jbd uhci_h
+cd ohci_hcd ehci_hcd
+Pid: 12844, comm: crypto-tester Tainted: G 2.6.18-128.el5.fips1 #1
+RIP: 0010:[<ffffffff8864c4d7>] [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6
+RSP: 0018:ffff8100134434e8 EFLAGS: 00010246
+RAX: 0000000000000000 RBX: ffff8100104898b0 RCX: ffffffffab6aea10
+RDX: 0000000000000010 RSI: ffff8100104898c0 RDI: ffff810064ddaec0
+RBP: 0000000000000000 R08: ffff8100104898b0 R09: 0000000000000000
+R10: ffff8100103bac84 R11: ffff8100104898b0 R12: ffff810010489858
+R13: ffff8100104898b0 R14: ffff8100103bac00 R15: 0000000000000000
+FS: 00002ab881adfd30(0000) GS:ffffffff803ac000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
+CR2: ffff810064ddaec0 CR3: 0000000012a88000 CR4: 00000000000006e0
+Process crypto-tester (pid: 12844, threadinfo ffff810013442000, task ffff81003d165860)
+Stack: ffff8100103bac00 ffff8100104898e8 ffff8100134436f8 ffffffff00000000
+ 0000000000000000 ffff8100104898b0 0000000000000000 ffff810010489858
+ 0000000000000000 ffff8100103bac00 ffff8100134436f8 ffffffff8864c634
+Call Trace:
+ [<ffffffff8864c634>] :ccm:crypto_ccm_auth+0x12d/0x140
+ [<ffffffff8864cf73>] :ccm:crypto_ccm_decrypt+0x161/0x23a
+ [<ffffffff88633643>] :crypto_tester_kmod:cavs_test_rfc4309_ccm+0x4a5/0x559
+[...]
+
+The above is from a RHEL5-based kernel, but upstream is susceptible too.
+
+The fix is trivial: in crypto/ccm.c:crypto_ccm_auth(), pctx->ilen contains
+whatever was in memory when pctx was allocated if assoclen is 0. The tested
+fix is to simply add an else clause setting pctx->ilen to 0 for the
+assoclen == 0 case, so that get_data_to_compute() doesn't try doing
+things its not supposed to.
+
+Signed-off-by: Jarod Wilson <jarod@redhat.com>
+Acked-by: Neil Horman <nhorman@tuxdriver.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ crypto/ccm.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/crypto/ccm.c
++++ b/crypto/ccm.c
+@@ -266,6 +266,8 @@ static int crypto_ccm_auth(struct aead_r
+ if (assoclen) {
+ pctx->ilen = format_adata(idata, assoclen);
+ get_data_to_compute(cipher, pctx, req->assoc, req->assoclen);
++ } else {
++ pctx->ilen = 0;
+ }
+
+ /* compute plaintext into mac */
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:23 2009
+Message-Id: <20090131022923.007770551@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:26 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ greg@kroah.com
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Suresh Siddha <suresh.b.siddha@intel.com>,
+ Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>,
+ Ingo Molnar <mingo@elte.hu>,
+ tvignaud@mandriva.com
+Subject: [patch 38/43] x86, pat: fix reserve_memtype() for legacy 1MB range
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=fix_reserve_memtype_1MB.patch
+Content-Length: 2991
+Lines: 85
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Suresh Siddha <suresh.b.siddha@intel.com>
+
+commit 5cca0cf15a94417f49625ce52e23589eed0a1675 upstream
+
+Thierry Vignaud reported:
+> http://bugzilla.kernel.org/show_bug.cgi?id=12372
+>
+> On P4 with an SiS motherboard (video card is a SiS 651)
+> X server fails to start with error:
+> xf86MapVidMem: Could not mmap framebuffer (0x00000000,0x2000) (Invalid
+> argument)
+
+Here X is trying to map first 8KB of memory using /dev/mem. Existing
+code treats first 0-4KB of memory as non-RAM and 4KB-8KB as RAM. Recent
+code changes don't allow to map memory with different attributes
+at the same time.
+
+Fix this by treating the first 1MB legacy region as special and always
+track the attribute requests with in this region using linear linked
+list (and don't bother if the range is RAM or non-RAM or mixed)
+
+Reported-and-tested-by: Thierry Vignaud <tvignaud@mandriva.com>
+Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
+Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/mm/pat.c | 37 +++++++++++++++++++++++++++----------
+ 1 file changed, 27 insertions(+), 10 deletions(-)
+
+--- a/arch/x86/mm/pat.c
++++ b/arch/x86/mm/pat.c
+@@ -333,11 +333,20 @@ int reserve_memtype(u64 start, u64 end,
+ req_type & _PAGE_CACHE_MASK);
+ }
+
+- is_range_ram = pagerange_is_ram(start, end);
+- if (is_range_ram == 1)
+- return reserve_ram_pages_type(start, end, req_type, new_type);
+- else if (is_range_ram < 0)
+- return -EINVAL;
++ /*
++ * For legacy reasons, some parts of the physical address range in the
++ * legacy 1MB region is treated as non-RAM (even when listed as RAM in
++ * the e820 tables). So we will track the memory attributes of this
++ * legacy 1MB region using the linear memtype_list always.
++ */
++ if (end >= ISA_END_ADDRESS) {
++ is_range_ram = pagerange_is_ram(start, end);
++ if (is_range_ram == 1)
++ return reserve_ram_pages_type(start, end, req_type,
++ new_type);
++ else if (is_range_ram < 0)
++ return -EINVAL;
++ }
+
+ new = kmalloc(sizeof(struct memtype), GFP_KERNEL);
+ if (!new)
+@@ -437,11 +446,19 @@ int free_memtype(u64 start, u64 end)
+ if (is_ISA_range(start, end - 1))
+ return 0;
+
+- is_range_ram = pagerange_is_ram(start, end);
+- if (is_range_ram == 1)
+- return free_ram_pages_type(start, end);
+- else if (is_range_ram < 0)
+- return -EINVAL;
++ /*
++ * For legacy reasons, some parts of the physical address range in the
++ * legacy 1MB region is treated as non-RAM (even when listed as RAM in
++ * the e820 tables). So we will track the memory attributes of this
++ * legacy 1MB region using the linear memtype_list always.
++ */
++ if (end >= ISA_END_ADDRESS) {
++ is_range_ram = pagerange_is_ram(start, end);
++ if (is_range_ram == 1)
++ return free_ram_pages_type(start, end);
++ else if (is_range_ram < 0)
++ return -EINVAL;
++ }
+
+ spin_lock(&memtype_lock);
+ list_for_each_entry(entry, &memtype_list, nd) {
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:23 2009
+Message-Id: <20090131022923.125156495@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:27 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ greg@kroah.com
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Suresh Siddha <suresh.b.siddha@intel.com>,
+ Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>,
+ Ingo Molnar <mingo@elte.hu>,
+ Daniel.Beschorner@facton.com,
+ pageexec@freemail.hu
+Subject: [patch 39/43] x86, pat: fix PTE corruption issue while mapping RAM using /dev/mem
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=x86-pat-fix-pte-corruption-issue-while-mapping-ram-using-dev-mem.patch
+Content-Length: 2114
+Lines: 63
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Suresh Siddha <suresh.b.siddha@intel.com>
+
+commit 9597134218300c045cf219be3664615e97cb239c upstream.
+
+Beschorner Daniel reported:
+> hwinfo problem since 2.6.28, showing this in the oops:
+> Corrupted page table at address 7fd04de3ec00
+
+Also, PaX Team reported a regression with this commit:
+
+> commit 9542ada803198e6eba29d3289abb39ea82047b92
+> Author: Suresh Siddha <suresh.b.siddha@intel.com>
+> Date: Wed Sep 24 08:53:33 2008 -0700
+>
+> x86: track memtype for RAM in page struct
+
+This commit breaks mapping any RAM page through /dev/mem, as the
+reserve_memtype() was not initializing the return attribute type and as such
+corrupting the PTE entry that was setup with the return attribute type.
+
+Because of this bug, application mapping this RAM page through /dev/mem
+will die with "Corrupted page table at address xxxx" message in the kernel
+log and also the kernel identity mapping which maps the underlying RAM
+page gets converted to UC.
+
+Fix this by initializing the return attribute type before calling
+reserve_ram_pages_type()
+
+Reported-by: PaX Team <pageexec@freemail.hu>
+Reported-and-tested-by: Beschorner Daniel <Daniel.Beschorner@facton.com>
+Tested-and-Acked-by: PaX Team <pageexec@freemail.hu>
+Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
+Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/mm/pat.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/arch/x86/mm/pat.c
++++ b/arch/x86/mm/pat.c
+@@ -333,6 +333,9 @@ int reserve_memtype(u64 start, u64 end,
+ req_type & _PAGE_CACHE_MASK);
+ }
+
++ if (new_type)
++ *new_type = actual_type
++
+ /*
+ * For legacy reasons, some parts of the physical address range in the
+ * legacy 1MB region is treated as non-RAM (even when listed as RAM in
+@@ -356,9 +359,6 @@ int reserve_memtype(u64 start, u64 end,
+ new->end = end;
+ new->type = actual_type;
+
+- if (new_type)
+- *new_type = actual_type;
+-
+ spin_lock(&memtype_lock);
+
+ if (cached_entry && start >= cached_start)
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:23 2009
+Message-Id: <20090131022923.242308473@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:28 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Jiri Slaby <jirislaby@gmail.com>,
+ Jesse Barnes <jbarnes@virtuousgeek.org>
+Subject: [patch 40/43] PCI hotplug: fix lock imbalance in pciehp
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=pci-hotplug-fix-lock-imbalance-in-pciehp.patch
+Content-Length: 1108
+Lines: 34
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Jiri Slaby <jirislaby@gmail.com>
+
+commit c2fdd36b550659f5ac2240d1f5a83ffa1a092289 upstream.
+
+set_lock_status omits mutex_unlock in fail path. Add the omitted
+unlock.
+
+As a result a lockup caused by this can be triggered from userspace
+by writing 1 to /sys/bus/pci/slots/.../lock often enough.
+
+Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
+Reviewed-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
+Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/pci/hotplug/pciehp_core.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/pci/hotplug/pciehp_core.c
++++ b/drivers/pci/hotplug/pciehp_core.c
+@@ -126,8 +126,10 @@ static int set_lock_status(struct hotplu
+ mutex_lock(&slot->ctrl->crit_sect);
+
+ /* has it been >1 sec since our last toggle? */
+- if ((get_seconds() - slot->last_emi_toggle) < 1)
++ if ((get_seconds() - slot->last_emi_toggle) < 1) {
++ mutex_unlock(&slot->ctrl->crit_sect);
+ return -EINVAL;
++ }
+
+ /* see what our current state is */
+ retval = get_lock_status(hotplug_slot, &value);
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:23 2009
+Message-Id: <20090131022923.362416684@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:29 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ Greg KH <greg@kroah.com>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Dan Williams <dan.j.williams@intel.com>,
+ wd@denx.de,
+ Yuri Tikhonov <yur@emcraft.com>
+Subject: [patch 41/43] dmaengine: fix dependency chaining
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=dmaengine-fix-dependency-chaining.patch
+Content-Length: 1110
+Lines: 35
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Yuri Tikhonov <yur@emcraft.com>
+
+commit dd59b8537f6cb53ab863fafad86a5828f1e889a2 upstream
+
+
+ ASYNC_TX: fix dependency chaining
+
+ In ASYNC_TX we track the dependencies between the descriptors
+using the 'next' pointers of the structures. These pointers are
+set to NULL as soon as the corresponding descriptor has been
+submitted to the channel (in async_tx_run_dependencies()).
+ But, the first 'next' in chain still remains set, regardless
+the fact, that tx->next is already submitted. This may lead to
+multiple submisions of the same descriptor. This patch fixes this.
+
+Signed-off-by: Yuri Tikhonov <yur@emcraft.com>
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ crypto/async_tx/async_tx.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/crypto/async_tx/async_tx.c
++++ b/crypto/async_tx/async_tx.c
+@@ -124,6 +124,8 @@ void async_tx_run_dependencies(struct dm
+ if (!dep)
+ return;
+
++ /* we'll submit tx->next now, so clear the link */
++ tx->next = NULL;
+ chan = dep->chan;
+
+ /* keep submitting up until a channel switch is detected
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:23 2009
+Message-Id: <20090131022923.484456694@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:30 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Jiri Slaby <jirislaby@gmail.com>,
+ "David S. Miller" <davem@davemloft.net>
+Subject: [patch 42/43] NET: net_namespace, fix lock imbalance
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=net-net_namespace-fix-lock-imbalance.patch
+Content-Length: 735
+Lines: 28
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Jiri Slaby <jirislaby@gmail.com>
+
+commit 357f5b0b91054ae23385ea4b0634bb8b43736e83 upstream.
+
+register_pernet_gen_subsys omits mutex_unlock in one fail path.
+Fix it.
+
+Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/core/net_namespace.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/core/net_namespace.c
++++ b/net/core/net_namespace.c
+@@ -342,8 +342,8 @@ again:
+ rv = register_pernet_operations(first_device, ops);
+ if (rv < 0)
+ ida_remove(&net_generic_ids, *id);
+- mutex_unlock(&net_mutex);
+ out:
++ mutex_unlock(&net_mutex);
+ return rv;
+ }
+ EXPORT_SYMBOL_GPL(register_pernet_gen_subsys);
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:23 2009
+Message-Id: <20090131022923.604359437@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:26:31 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Jiri Slaby <jirislaby@gmail.com>,
+ Ingo Molnar <mingo@elte.hu>
+Subject: [patch 43/43] relay: fix lock imbalance in relay_late_setup_files
+References: <20090131022548.656772939@mini.kroah.org>
+Content-Disposition: inline; filename=relay-fix-lock-imbalance-in-relay_late_setup_files.patch
+Content-Length: 745
+Lines: 27
+
+2.6.28-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Jiri Slaby <jirislaby@gmail.com>
+
+commit b786c6a98ef6fa81114ba7b9fbfc0d67060775e3 upstream.
+
+One fail path in relay_late_setup_files() omits
+mutex_unlock(&relay_channels_mutex);
+Add it.
+
+Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+--- a/kernel/relay.c
++++ b/kernel/relay.c
+@@ -663,8 +663,10 @@ int relay_late_setup_files(struct rchan *chan,
+
+ mutex_lock(&relay_channels_mutex);
+ /* Is chan already set up? */
+- if (unlikely(chan->has_base_filename))
++ if (unlikely(chan->has_base_filename)) {
++ mutex_unlock(&relay_channels_mutex);
+ return -EEXIST;
++ }
+ chan->has_base_filename = 1;
+ chan->parent = parent;
+ curr_cpu = get_cpu();
+
+
+From gregkh@mini.kroah.org Fri Jan 30 18:29:18 2009
+Message-Id: <20090131022548.656772939@mini.kroah.org>
+User-Agent: quilt/0.47-1
+Date: Fri, 30 Jan 2009 18:25:48 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ Willy Tarreau <w@1wt.eu>,
+ Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
+ Jake Edge <jake@lwn.net>,
+ Eugene Teo <eteo@redhat.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk
+Subject: [patch 00/43] 2.6.28-stable review
+Status: RO
+Content-Length: 3860
+Lines: 82
+
+
+This is the start of the stable review cycle for the 2.6.28.3 release.
+There are 43 patches in this series, all will be posted as a response
+to this one. If anyone has any issues with these being applied, please
+let us know. If anyone is a maintainer of the proper subsystem, and
+wants to add a Signed-off-by: line to the patch, please respond with it.
+
+Note, there still are some more .28 patches pending for the -stable
+releases, but I wanted to get this release out now to fix the major
+problems that have recently been found.
+
+If you have sent patches to be included in .28, and you don't see them
+here, please feel free to just drop stable@kernel.org a message with the
+git commit ids to make sure they end up in the next release.
+
+These patches are sent out with a number of different people on the Cc:
+line. If you wish to be a reviewer, please email stable@kernel.org to
+add your name to the list. If you want to be off the reviewer list,
+also email us.
+
+Responses should be made by Monday, February 2, 00:00:00 UTC. Anything
+received after that time might be too late.
+
+The whole patch series can be found in one patch at:
+ kernel.org/pub/linux/kernel/v2.6/stable-review/patch-2.6.28.3-rc1.gz
+and the diffstat can be found below.
+
+
+thanks,
+
+greg k-h
+
+ Makefile | 2 +-
+ arch/alpha/kernel/irq_srm.c | 2 +
+ arch/x86/include/asm/pgalloc.h | 1 +
+ arch/x86/mm/pageattr.c | 49 ++++++++----
+ arch/x86/mm/pat.c | 43 +++++++---
+ crypto/async_tx/async_tx.c | 2 +
+ crypto/authenc.c | 24 ++++--
+ crypto/ccm.c | 2 +
+ drivers/ata/pata_via.c | 22 ++++-
+ drivers/gpio/gpiolib.c | 1 +
+ drivers/gpu/drm/drm_agpsupport.c | 3 +-
+ drivers/ide/it821x.c | 12 +++
+ drivers/misc/sgi-xp/xpc_sn2.c | 19 +++--
+ drivers/misc/sgi-xp/xpc_uv.c | 2 +-
+ drivers/net/bnx2x_main.c | 3 +
+ drivers/net/wireless/ath5k/base.c | 10 ++-
+ drivers/net/wireless/rtl8187_dev.c | 1 +
+ drivers/net/wireless/rtl8187_rtl8225.c | 10 ++-
+ drivers/pci/hotplug/pciehp_core.c | 4 +-
+ drivers/serial/8250_pci.c | 3 +
+ drivers/usb/core/devio.c | 20 +++--
+ drivers/usb/core/driver.c | 2 +-
+ drivers/usb/core/hub.c | 4 +-
+ drivers/usb/core/inode.c | 1 -
+ drivers/usb/core/message.c | 40 ++++++----
+ drivers/usb/core/usb.h | 6 +-
+ drivers/usb/mon/mon_bin.c | 105 ++++++++++++++++---------
+ drivers/usb/storage/unusual_devs.h | 6 ++
+ fs/eventpoll.c | 22 +----
+ fs/ext3/namei.c | 20 ++++--
+ fs/fuse/dev.c | 3 +-
+ fs/fuse/file.c | 2 +-
+ fs/fuse/inode.c | 10 ++-
+ fs/inotify_user.c | 135 +++++++++++++++++--------------
+ fs/sysfs/bin.c | 6 ++
+ include/linux/Kbuild | 1 +
+ include/linux/klist.h | 2 +-
+ include/linux/pci_ids.h | 6 ++
+ include/linux/sched.h | 1 -
+ kernel/relay.c | 4 +-
+ kernel/resource.c | 9 ++
+ mm/mmap.c | 9 ++-
+ mm/vmalloc.c | 11 +++
+ net/core/net_namespace.c | 2 +-
+ net/mac80211/tx.c | 6 +-
+ sound/pci/hda/patch_conexant.c | 1 +
+ sound/pci/hda/patch_realtek.c | 1 +
+ sound/pci/hda/patch_sigmatel.c | 2 +
+ sound/pci/oxygen/virtuoso.c | 1 +
+ 49 files changed, 427 insertions(+), 226 deletions(-)
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
