--- /dev/null
+From 39f8c8a3ef3864bb8ed42c5d2159d6a9b0f0b36c Mon Sep 17 00:00:00 2001
+From: Alan Stern <stern@rowland.harvard.edu>
+Date: Thu, 26 Mar 2009 18:25:05 +0000
+Subject: USB: EHCI: add software retry for transaction errors
+
+upstream commit: a2c2706e1043c17139c2dafd171c4a5cf008ef7e
+
+This patch (as1204) adds a software retry mechanism to ehci-hcd. It
+gets invoked when the driver encounters transaction errors on an
+asynchronous endpoint. On many systems, hardware deficiencies cause
+such errors to occur if one device is unplugged while the host is
+communicating with another device. With the patch, the failed
+transactions are retried and generally succeed the second or third
+time through.
+
+This is based on code originally written by Koichiro Saito.
+
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+Tested by: Koichiro Saito <Saito.Koichiro@adniss.jp>
+CC: David Brownell <david-b@pacbell.net>
+Cc: stable <stable@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+ drivers/usb/host/ehci-q.c | 32 ++++++++++++++++++++++++++++++++
+ drivers/usb/host/ehci.h | 3 +++
+ 2 files changed, 35 insertions(+)
+
+--- a/drivers/usb/host/ehci.h
++++ b/drivers/usb/host/ehci.h
+@@ -366,6 +366,9 @@ struct ehci_qh {
+ #define QH_STATE_UNLINK_WAIT 4 /* LINKED and on reclaim q */
+ #define QH_STATE_COMPLETING 5 /* don't touch token.HALT */
+
++ u8 xacterrs; /* XactErr retry counter */
++#define QH_XACTERR_MAX 32 /* XactErr retry limit */
++
+ /* periodic schedule info */
+ u8 usecs; /* intr bandwidth */
+ u8 gap_uf; /* uframes split/csplit gap */
+--- a/drivers/usb/host/ehci-q.c
++++ b/drivers/usb/host/ehci-q.c
+@@ -333,12 +333,40 @@ qh_completions (struct ehci_hcd *ehci, s
+ token = hc32_to_cpu(ehci, qtd->hw_token);
+
+ /* always clean up qtds the hc de-activated */
++ retry_xacterr:
+ if ((token & QTD_STS_ACTIVE) == 0) {
+
+ /* on STALL, error, and short reads this urb must
+ * complete and all its qtds must be recycled.
+ */
+ if ((token & QTD_STS_HALT) != 0) {
++
++ /* retry transaction errors until we
++ * reach the software xacterr limit
++ */
++ if ((token & QTD_STS_XACT) &&
++ QTD_CERR(token) == 0 &&
++ --qh->xacterrs > 0 &&
++ !urb->unlinked) {
++ ehci_dbg(ehci,
++ "detected XactErr len %d/%d retry %d\n",
++ qtd->length - QTD_LENGTH(token), qtd->length,
++ QH_XACTERR_MAX - qh->xacterrs);
++
++ /* reset the token in the qtd and the
++ * qh overlay (which still contains
++ * the qtd) so that we pick up from
++ * where we left off
++ */
++ token &= ~QTD_STS_HALT;
++ token |= QTD_STS_ACTIVE |
++ (EHCI_TUNE_CERR << 10);
++ qtd->hw_token = cpu_to_hc32(ehci,
++ token);
++ wmb();
++ qh->hw_token = cpu_to_hc32(ehci, token);
++ goto retry_xacterr;
++ }
+ stopped = 1;
+
+ /* magic dummy for some short reads; qh won't advance.
+@@ -421,6 +449,9 @@ halt:
+ /* remove qtd; it's recycled after possible urb completion */
+ list_del (&qtd->qtd_list);
+ last = qtd;
++
++ /* reinit the xacterr counter for the next qtd */
++ qh->xacterrs = QH_XACTERR_MAX;
+ }
+
+ /* last urb's completion might still need calling */
+@@ -862,6 +893,7 @@ static void qh_link_async (struct ehci_h
+ head->qh_next.qh = qh;
+ head->hw_next = dma;
+
++ qh->xacterrs = QH_XACTERR_MAX;
+ qh->qh_state = QH_STATE_LINKED;
+ /* qtd completions reported later by interrupt */
+ }
--- /dev/null
+From 760053b6503cd73758f4994a8305d4bc6f97fcfc Mon Sep 17 00:00:00 2001
+From: Boaz Harrosh <bharrosh@panasas.com>
+Date: Thu, 26 Mar 2009 18:25:07 +0000
+Subject: USB: fix USB_STORAGE_CYPRESS_ATACB
+
+upstream commit: 1f4159c1620f74377e26d8a569d10ca5907ef475
+
+commit 64a87b24: [SCSI] Let scsi_cmnd->cmnd use request->cmd buffer
+changed the scsi_eh_prep_cmnd logic by making it clear
+the ->cmnd buffer. But the sat to cypress atacb translation supposed
+the ->cmnd buffer wasn't modified.
+
+This patch makes it set the ->cmnd buffer after scsi_eh_prep_cmnd call.
+The problem and a fix was reported by Matthieu CASTET <castet.matthieu@free.fr>
+
+It also removes all the hackery fiddling of scsi_cmnd and scsi_eh_save by
+requesting from scsi_eh_prep_cmnd to prepare a read into ->sense_buffer,
+which is much more suitable a buffer for HW transfers, then after the command
+execution the regs read is copied into regs buffer before actual preparation
+of sense_buffer.
+
+Also fix an alien comment character to my utf-8 editor.
+
+Signed-off-by: Boaz Harrosh <bharrosh@panasas.com>
+Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr>
+Cc: stable <stable@kernel.org>
+Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
+Cc: Matthew Dharm <mdharm-kernel@one-eyed-alien.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+ drivers/usb/storage/cypress_atacb.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+--- a/drivers/usb/storage/cypress_atacb.c
++++ b/drivers/usb/storage/cypress_atacb.c
+@@ -133,19 +133,18 @@ void cypress_atacb_passthrough(struct sc
+
+ /* build the command for
+ * reading the ATA registers */
+- scsi_eh_prep_cmnd(srb, &ses, NULL, 0, 0);
+- srb->sdb.length = sizeof(regs);
+- sg_init_one(&ses.sense_sgl, regs, srb->sdb.length);
+- srb->sdb.table.sgl = &ses.sense_sgl;
+- srb->sc_data_direction = DMA_FROM_DEVICE;
+- srb->sdb.table.nents = 1;
++ scsi_eh_prep_cmnd(srb, &ses, NULL, 0, sizeof(regs));
++
+ /* we use the same command as before, but we set
+ * the read taskfile bit, for not executing atacb command,
+ * but reading register selected in srb->cmnd[4]
+ */
++ srb->cmd_len = 16;
++ srb->cmnd = ses.cmnd;
+ srb->cmnd[2] = 1;
+
+ usb_stor_transparent_scsi_command(srb, us);
++ memcpy(regs, srb->sense_buffer, sizeof(regs));
+ tmp_result = srb->result;
+ scsi_eh_restore_cmnd(srb, &ses);
+ /* we fail to get registers, report invalid command */
+@@ -162,8 +161,8 @@ void cypress_atacb_passthrough(struct sc
+
+ /* XXX we should generate sk, asc, ascq from status and error
+ * regs
+- * (see 11.1 Error translation ATA device error to SCSI error map)
+- * and ata_to_sense_error from libata.
++ * (see 11.1 Error translation ATA device error to SCSI error
++ * map, and ata_to_sense_error from libata.)
+ */
+
+ /* Sense data is current and format is descriptor. */
--- /dev/null
+From 7127941c0e5fb2e3c15c4507aeab939e5e686dcd Mon Sep 17 00:00:00 2001
+From: Alan Stern <stern@rowland.harvard.edu>
+Date: Thu, 26 Mar 2009 18:25:09 +0000
+Subject: USB: usb-storage: increase max_sectors for tape drives
+
+upstream commit: 5c16034d73da2c1b663aa25dedadbc533b3d811c
+
+This patch (as1203) increases the max_sector limit for USB tape
+drives. By default usb-storage sets max_sectors to 240 (i.e., 120 KB)
+for all devices. But tape drives need a higher limit, since tapes can
+and do have very large block sizes. Without the ability to transfer
+an entire large block in a single command, such tapes can't be used.
+
+This fixes Bugzilla #12207.
+
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+Reported-and-tested-by: Phil Mitchell <philipm@sybase.com>
+Cc: stable <stable@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+ drivers/usb/storage/scsiglue.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/usb/storage/scsiglue.c
++++ b/drivers/usb/storage/scsiglue.c
+@@ -135,6 +135,12 @@ static int slave_configure(struct scsi_d
+ if (sdev->request_queue->max_sectors > max_sectors)
+ blk_queue_max_sectors(sdev->request_queue,
+ max_sectors);
++ } else if (sdev->type == TYPE_TAPE) {
++ /* Tapes need much higher max_sector limits, so just
++ * raise it to the maximum possible (4 GB / 512) and
++ * let the queue segment size sort out the real limit.
++ */
++ blk_queue_max_sectors(sdev->request_queue, 0x7FFFFF);
+ }
+
+ /* We can't put these settings in slave_alloc() because that gets
--- /dev/null
+From e6c7f8a29d45054727c7f9334c4a42729af436cd Mon Sep 17 00:00:00 2001
+From: David Brownell <dbrownell@users.sourceforge.net>
+Date: Thu, 26 Mar 2009 18:25:12 +0000
+Subject: USB: gadget: fix rndis regression
+
+upstream commit: 090b90118207e786d2990310d063fda5d52cce6e
+
+Restore some code that was wrongly dropped from the RNDIS
+driver, and caused interop problems observed with OpenMoko.
+
+The issue is with hardware which needs help conforming to part
+of the USB 2.0 spec (section 8.5.3.2); some can automagically
+send a ZLP in response to an unexpected IN, but not all chips
+will do that. We don't need to check the packet length ourselves
+the way earlier code did, since the UDC must already check it.
+But we do need to tell the UDC when it must force a short packet
+termination of the data stage.
+
+(Based on a patch from Aric D. Blumer <aric at sdgsystems.com>)
+
+Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
+Cc: stable <stable@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+ drivers/usb/gadget/f_rndis.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/usb/gadget/f_rndis.c
++++ b/drivers/usb/gadget/f_rndis.c
+@@ -437,7 +437,7 @@ invalid:
+ DBG(cdev, "rndis req%02x.%02x v%04x i%04x l%d\n",
+ ctrl->bRequestType, ctrl->bRequest,
+ w_value, w_index, w_length);
+- req->zero = 0;
++ req->zero = (value < w_length);
+ req->length = value;
+ value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
+ if (value < 0)
--- /dev/null
+From a9620fdcb8dab4d05f5677110c54b74e7ce1d621 Mon Sep 17 00:00:00 2001
+From: Alan Stern <stern@rowland.harvard.edu>
+Date: Thu, 26 Mar 2009 18:25:19 +0000
+Subject: USB: add quirk to avoid config and interface strings
+
+upstream commit: 1662e3a7f076e51e3073faf9ce77157b529c475b
+
+Apparently the Configuration and Interface strings aren't used as
+often as the Vendor, Product, and Serial strings. In at least one
+device (a Saitek Cyborg Gold 3D joystick), attempts to read the
+Configuration string cause the device to stop responding to Control
+requests.
+
+This patch (as1226) adds a quirks flag, telling the kernel not to
+read a device's Configuration or Interface strings, together with a
+new quirk for the offending joystick.
+
+Reported-by: Melchior FRANZ <melchior.franz@gmail.com>
+Tested-by: Melchior FRANZ <melchior.franz@gmail.com>
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+Cc: stable <stable@kernel.org> [2.6.28 and 2.6.29, nothing earlier]
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+ drivers/usb/core/message.c | 3 ++-
+ drivers/usb/core/quirks.c | 4 ++++
+ drivers/usb/core/sysfs.c | 4 +++-
+ include/linux/usb/quirks.h | 3 +++
+ 4 files changed, 12 insertions(+), 2 deletions(-)
+
+--- a/drivers/usb/core/message.c
++++ b/drivers/usb/core/message.c
+@@ -1637,7 +1637,8 @@ free_interfaces:
+ }
+ kfree(new_interfaces);
+
+- if (cp->string == NULL)
++ if (cp->string == NULL &&
++ !(dev->quirks & USB_QUIRK_CONFIG_INTF_STRINGS))
+ cp->string = usb_cache_string(dev, cp->desc.iConfiguration);
+
+ /* Now that all the interfaces are set up, register them
+--- a/drivers/usb/core/quirks.c
++++ b/drivers/usb/core/quirks.c
+@@ -54,6 +54,10 @@ static const struct usb_device_id usb_qu
+ { USB_DEVICE(0x0638, 0x0a13), .driver_info =
+ USB_QUIRK_STRING_FETCH_255 },
+
++ /* Saitek Cyborg Gold Joystick */
++ { USB_DEVICE(0x06a3, 0x0006), .driver_info =
++ USB_QUIRK_CONFIG_INTF_STRINGS },
++
+ /* M-Systems Flash Disk Pioneers */
+ { USB_DEVICE(0x08ec, 0x1000), .driver_info = USB_QUIRK_RESET_RESUME },
+
+--- a/drivers/usb/core/sysfs.c
++++ b/drivers/usb/core/sysfs.c
+@@ -13,6 +13,7 @@
+ #include <linux/kernel.h>
+ #include <linux/string.h>
+ #include <linux/usb.h>
++#include <linux/usb/quirks.h>
+ #include "usb.h"
+
+ /* Active configuration fields */
+@@ -847,7 +848,8 @@ int usb_create_sysfs_intf_files(struct u
+ * and missing in others. Hence its attribute cannot be created
+ * before the uevent is broadcast.
+ */
+- if (alt->string == NULL)
++ if (alt->string == NULL &&
++ !(udev->quirks & USB_QUIRK_CONFIG_INTF_STRINGS))
+ alt->string = usb_cache_string(udev, alt->desc.iInterface);
+ if (alt->string)
+ retval = device_create_file(&intf->dev, &dev_attr_interface);
+--- a/include/linux/usb/quirks.h
++++ b/include/linux/usb/quirks.h
+@@ -16,4 +16,7 @@
+ /* device can't handle Set-Interface requests */
+ #define USB_QUIRK_NO_SET_INTF 0x00000004
+
++/* device can't handle its Configuration or Interface strings */
++#define USB_QUIRK_CONFIG_INTF_STRINGS 0x00000008
++
+ #endif /* __LINUX_USB_QUIRKS_H */
--- /dev/null
+From 46d2a92135c95066364a8603297b637314a85090 Mon Sep 17 00:00:00 2001
+From: Jeff Layton <jlayton@tupile.poochiereds.net>
+Date: Thu, 26 Mar 2009 23:05:21 +0000
+Subject: cifs: fix buffer format byte on NT Rename/hardlink
+
+upstream commit: fcc7c09d94be7b75c9ea2beb22d0fae191c6b4b9
+
+Discovered at Connnectathon 2009...
+
+The buffer format byte and the pad are transposed in NT_RENAME calls
+(which are used to set hardlinks). Most servers seem to ignore this
+fact, but NetApp filers throw back an error due to this problem. This
+patch fixes it.
+
+CC: Stable <stable@kernel.org>
+Signed-off-by: Jeff Layton <jlayton@redhat.com>
+Signed-off-by: Steve French <sfrench@us.ibm.com>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+ fs/cifs/cifssmb.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/fs/cifs/cifssmb.c
++++ b/fs/cifs/cifssmb.c
+@@ -2350,8 +2350,10 @@ winCreateHardLinkRetry:
+ PATH_MAX, nls_codepage, remap);
+ name_len++; /* trailing null */
+ name_len *= 2;
+- pSMB->OldFileName[name_len] = 0; /* pad */
+- pSMB->OldFileName[name_len + 1] = 0x04;
++
++ /* protocol specifies ASCII buffer format (0x04) for unicode */
++ pSMB->OldFileName[name_len] = 0x04;
++ pSMB->OldFileName[name_len + 1] = 0x00; /* pad */
+ name_len2 =
+ cifsConvertToUCS((__le16 *)&pSMB->OldFileName[name_len + 2],
+ toName, PATH_MAX, nls_codepage, remap);
--- /dev/null
+From bf2d225b466496ff6704288bbd79fe744b399811 Mon Sep 17 00:00:00 2001
+From: Lorenzo Nava <navalorenx@gmail.com>
+Date: Sat, 28 Mar 2009 01:45:06 +0000
+Subject: b43: fix b43_plcp_get_bitrate_idx_ofdm return type
+
+upstream commit: a3c0b87c4f21911fb7185902dd13f0e3cd7f33f7
+
+This patch fixes the return type of b43_plcp_get_bitrate_idx_ofdm. If
+the plcp contains an error, the function return value is 255 instead
+of -1, and the packet was not dropped. This causes a warning in
+__ieee80211_rx function because rate idx is out of range.
+
+Cc: stable@kernel.org
+Signed-off-by: Lorenzo Nava <navalorenx@gmail.com>
+Signed-off-by: Michael Buesch <mb@bu3sch.de>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+ drivers/net/wireless/b43/xmit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/b43/xmit.c
++++ b/drivers/net/wireless/b43/xmit.c
+@@ -51,7 +51,7 @@ static int b43_plcp_get_bitrate_idx_cck(
+ }
+
+ /* Extract the bitrate index out of an OFDM PLCP header. */
+-static u8 b43_plcp_get_bitrate_idx_ofdm(struct b43_plcp_hdr6 *plcp, bool aphy)
++static int b43_plcp_get_bitrate_idx_ofdm(struct b43_plcp_hdr6 *plcp, bool aphy)
+ {
+ int base = aphy ? 0 : 4;
+
--- /dev/null
+From 15bd8021d870d2c4fbf8c16578d72d03cfddd3a7 Mon Sep 17 00:00:00 2001
+From: Steve French <sfrench@us.ibm.com>
+Date: Thu, 26 Mar 2009 23:05:15 +0000
+Subject: CIFS: Fix memory overwrite when saving nativeFileSystem field during mount
+
+upstream commit: b363b3304bcf68c4541683b2eff70b29f0446a5b
+
+CIFS can allocate a few bytes to little for the nativeFileSystem field
+during tree connect response processing during mount. This can result
+in a "Redzone overwritten" message to be logged.
+
+Signed-off-by: Sridhar Vinay <vinaysridhar@in.ibm.com>
+Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com>
+CC: Stable <stable@kernel.org>
+Signed-off-by: Steve French <sfrench@us.ibm.com>
+[chrisw: minor backport to CHANGES file]
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+ fs/cifs/CHANGES | 3 +++
+ fs/cifs/connect.c | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+--- a/fs/cifs/CHANGES
++++ b/fs/cifs/CHANGES
+@@ -1,4 +1,7 @@
+ Fix oops in cifs_dfs_ref.c when prefixpath is not reachable when using DFS.
++Fix "redzone overwritten" bug in cifs_put_tcon (CIFSTcon may allocate too
++little memory for the "nativeFileSystem" field returned by the server
++during mount).
+
+ Version 1.55
+ ------------
+--- a/fs/cifs/connect.c
++++ b/fs/cifs/connect.c
+@@ -3565,7 +3565,7 @@ CIFSTCon(unsigned int xid, struct cifsSe
+ BCC(smb_buffer_response)) {
+ kfree(tcon->nativeFileSystem);
+ tcon->nativeFileSystem =
+- kzalloc(length + 2, GFP_KERNEL);
++ kzalloc(2*(length + 1), GFP_KERNEL);
+ if (tcon->nativeFileSystem)
+ cifs_strfromUCS_le(
+ tcon->nativeFileSystem,
--- /dev/null
+From ce6d13d7f44cb05c007ed804c0c20cfda9d2f94a Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <error27@gmail.com>
+Date: Mon, 30 Mar 2009 18:50:16 +0000
+Subject: Add a missing unlock_kernel() in raw_open()
+
+upstream commit: 996ff68d8b358885c1de82a45517c607999947c7
+
+Cc: stable@kernel.org
+Signed-off-by: Dan Carpenter <error27@gmail.com>
+Signed-off-by: Jonathan Corbet <corbet@lwn.net>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+ drivers/char/raw.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/char/raw.c
++++ b/drivers/char/raw.c
+@@ -90,6 +90,7 @@ out1:
+ blkdev_put(bdev, filp->f_mode);
+ out:
+ mutex_unlock(&raw_mutex);
++ unlock_kernel();
+ return err;
+ }
+
--- /dev/null
+From e1b427acc979431fc7f57a06d0c636c542fdffcc Mon Sep 17 00:00:00 2001
+From: Pallipadi, Venkatesh <venkatesh.pallipadi@intel.com>
+Date: Mon, 30 Mar 2009 18:50:19 +0000
+Subject: x86, PAT, PCI: Change vma prot in pci_mmap to reflect inherited prot
+
+upstream commit: 9cdec049389ce2c324fd1ec508a71528a27d4a07
+
+While looking at the issue in the thread:
+
+ http://marc.info/?l=dri-devel&m=123606627824556&w=2
+
+noticed a bug in pci PAT code and memory type setting.
+
+PCI mmap code did not set the proper protection in vma, when it
+inherited protection in reserve_memtype. This bug only affects
+the case where there exists a WC mapping before X does an mmap
+with /proc or /sys pci interface. This will cause X userlevel
+mmap from /proc or /sysfs to fail on fork.
+
+Reported-by: Kevin Winchester <kjwinchester@gmail.com>
+Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
+Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
+Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
+Cc: Dave Airlie <airlied@redhat.com>
+Cc: <stable@kernel.org>
+LKML-Reference: <20090323190720.GA16831@linux-os.sc.intel.com>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+ arch/x86/pci/i386.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/arch/x86/pci/i386.c
++++ b/arch/x86/pci/i386.c
+@@ -329,6 +329,9 @@ int pci_mmap_page_range(struct pci_dev *
+ return -EINVAL;
+ }
+ flags = new_flags;
++ vma->vm_page_prot = __pgprot(
++ (pgprot_val(vma->vm_page_prot) & ~_PAGE_CACHE_MASK) |
++ flags);
+ }
+
+ if (((vma->vm_pgoff < max_low_pfn_mapped) ||
--- /dev/null
+From 67df6428d5c5a27061d94c6c9d0e844401638be5 Mon Sep 17 00:00:00 2001
+From: Andreas Herrmann <andreas.herrmann3@amd.com>
+Date: Mon, 30 Mar 2009 18:50:32 +0000
+Subject: x86: mtrr: don't modify RdDram/WrDram bits of fixed MTRRs
+
+upstream commit: 3ff42da5048649503e343a32be37b14a6a4e8aaf
+
+Impact: bug fix + BIOS workaround
+
+BIOS is expected to clear the SYSCFG[MtrrFixDramModEn] on AMD CPUs
+after fixed MTRRs are configured.
+
+Some BIOSes do not clear SYSCFG[MtrrFixDramModEn] on BP (and on APs).
+
+This can lead to obfuscation in Linux when this bit is not cleared on
+BP but cleared on APs. A consequence of this is that the saved
+fixed-MTRR state (from BP) differs from the fixed-MTRRs of APs --
+because RdDram/WrDram bits are read as zero when
+SYSCFG[MtrrFixDramModEn] is cleared -- and Linux tries to sync
+fixed-MTRR state from BP to AP. This implies that Linux sets
+SYSCFG[MtrrFixDramEn] and activates those bits.
+
+More important is that (some) systems change these bits in SMM when
+ACPI is enabled. Hence it is racy if Linux modifies RdMem/WrMem bits,
+too.
+
+(1) The patch modifies an old fix from Bernhard Kaindl to get
+ suspend/resume working on some Acer Laptops. Bernhard's patch
+ tried to sync RdMem/WrMem bits of fixed MTRR registers and that
+ helped on those old Laptops. (Don't ask me why -- can't test it
+ myself). But this old problem was not the motivation for the
+ patch. (See http://lkml.org/lkml/2007/4/3/110)
+
+(2) The more important effect is to fix issues on some more current systems.
+
+ On those systems Linux panics or just freezes, see
+
+ http://bugzilla.kernel.org/show_bug.cgi?id=11541
+ (and also duplicates of this bug:
+ http://bugzilla.kernel.org/show_bug.cgi?id=11737
+ http://bugzilla.kernel.org/show_bug.cgi?id=11714)
+
+ The affected systems boot only using acpi=ht, acpi=off or
+ when the kernel is built with CONFIG_MTRR=n.
+
+ The acpi options prevent full enablement of ACPI. Obviously when
+ ACPI is enabled the BIOS/SMM modfies RdMem/WrMem bits. When
+ CONFIG_MTRR=y Linux also accesses and modifies those bits when it
+ needs to sync fixed-MTRRs across cores (Bernhard's fix, see (1)).
+ How do you synchronize that? You can't. As a consequence Linux
+ shouldn't touch those bits at all (Rationale are AMD's BKDGs which
+ recommend to clear the bit that makes RdMem/WrMem accessible).
+ This is the purpose of this patch. And (so far) this suffices to
+ fix (1) and (2).
+
+I suggest not to touch RdDram/WrDram bits of fixed-MTRRs and
+SYSCFG[MtrrFixDramEn] and to clear SYSCFG[MtrrFixDramModEn] as
+suggested by AMD K8, and AMD family 10h/11h BKDGs.
+BIOS is expected to do this anyway. This should avoid that
+Linux and SMM tread on each other's toes ...
+
+Signed-off-by: Andreas Herrmann <andreas.herrmann3@amd.com>
+Cc: trenn@suse.de
+Cc: Yinghai Lu <yinghai@kernel.org>
+LKML-Reference: <20090312163937.GH20716@alberich.amd.com>
+Cc: <stable@kernel.org>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+ arch/x86/kernel/cpu/mtrr/generic.c | 51 +++++++++++++++++++++----------------
+ 1 file changed, 30 insertions(+), 21 deletions(-)
+
+--- a/arch/x86/kernel/cpu/mtrr/generic.c
++++ b/arch/x86/kernel/cpu/mtrr/generic.c
+@@ -45,6 +45,32 @@ u64 mtrr_tom2;
+ static int mtrr_show;
+ module_param_named(show, mtrr_show, bool, 0);
+
++/**
++ * BIOS is expected to clear MtrrFixDramModEn bit, see for example
++ * "BIOS and Kernel Developer's Guide for the AMD Athlon 64 and AMD
++ * Opteron Processors" (26094 Rev. 3.30 February 2006), section
++ * "13.2.1.2 SYSCFG Register": "The MtrrFixDramModEn bit should be set
++ * to 1 during BIOS initalization of the fixed MTRRs, then cleared to
++ * 0 for operation."
++ */
++static inline void k8_check_syscfg_dram_mod_en(void)
++{
++ u32 lo, hi;
++
++ if (!((boot_cpu_data.x86_vendor == X86_VENDOR_AMD) &&
++ (boot_cpu_data.x86 >= 0x0f)))
++ return;
++
++ rdmsr(MSR_K8_SYSCFG, lo, hi);
++ if (lo & K8_MTRRFIXRANGE_DRAM_MODIFY) {
++ printk(KERN_ERR FW_WARN "MTRR: CPU %u: SYSCFG[MtrrFixDramModEn]"
++ " not cleared by BIOS, clearing this bit\n",
++ smp_processor_id());
++ lo &= ~K8_MTRRFIXRANGE_DRAM_MODIFY;
++ mtrr_wrmsr(MSR_K8_SYSCFG, lo, hi);
++ }
++}
++
+ /*
+ * Returns the effective MTRR type for the region
+ * Error returns:
+@@ -178,6 +204,8 @@ get_fixed_ranges(mtrr_type * frs)
+ unsigned int *p = (unsigned int *) frs;
+ int i;
+
++ k8_check_syscfg_dram_mod_en();
++
+ rdmsr(MTRRfix64K_00000_MSR, p[0], p[1]);
+
+ for (i = 0; i < 2; i++)
+@@ -312,27 +340,10 @@ void mtrr_wrmsr(unsigned msr, unsigned a
+ }
+
+ /**
+- * Enable and allow read/write of extended fixed-range MTRR bits on K8 CPUs
+- * see AMD publication no. 24593, chapter 3.2.1 for more information
+- */
+-static inline void k8_enable_fixed_iorrs(void)
+-{
+- unsigned lo, hi;
+-
+- rdmsr(MSR_K8_SYSCFG, lo, hi);
+- mtrr_wrmsr(MSR_K8_SYSCFG, lo
+- | K8_MTRRFIXRANGE_DRAM_ENABLE
+- | K8_MTRRFIXRANGE_DRAM_MODIFY, hi);
+-}
+-
+-/**
+ * set_fixed_range - checks & updates a fixed-range MTRR if it differs from the value it should have
+ * @msr: MSR address of the MTTR which should be checked and updated
+ * @changed: pointer which indicates whether the MTRR needed to be changed
+ * @msrwords: pointer to the MSR values which the MSR should have
+- *
+- * If K8 extentions are wanted, update the K8 SYSCFG MSR also.
+- * See AMD publication no. 24593, chapter 7.8.1, page 233 for more information.
+ */
+ static void set_fixed_range(int msr, bool *changed, unsigned int *msrwords)
+ {
+@@ -341,10 +352,6 @@ static void set_fixed_range(int msr, boo
+ rdmsr(msr, lo, hi);
+
+ if (lo != msrwords[0] || hi != msrwords[1]) {
+- if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD &&
+- (boot_cpu_data.x86 >= 0x0f && boot_cpu_data.x86 <= 0x11) &&
+- ((msrwords[0] | msrwords[1]) & K8_MTRR_RDMEM_WRMEM_MASK))
+- k8_enable_fixed_iorrs();
+ mtrr_wrmsr(msr, msrwords[0], msrwords[1]);
+ *changed = true;
+ }
+@@ -423,6 +430,8 @@ static int set_fixed_ranges(mtrr_type *
+ bool changed = false;
+ int block=-1, range;
+
++ k8_check_syscfg_dram_mod_en();
++
+ while (fixed_range_blocks[++block].ranges)
+ for (range=0; range < fixed_range_blocks[block].ranges; range++)
+ set_fixed_range(fixed_range_blocks[block].base_msr + range,
bridge-bad-error-handling-when-adding-invalid-ether-address.patch
bas_gigaset-correctly-allocate-usb-interrupt-transfer-buffer.patch
tcp-fix-various-bugs-wrt.-packet-counting-during-fragmentation.patch
+0008-USB-EHCI-add-software-retry-for-transaction-errors.patch
+0009-USB-fix-USB_STORAGE_CYPRESS_ATACB.patch
+0010-USB-usb-storage-increase-max_sectors-for-tape-driv.patch
+0011-USB-gadget-fix-rndis-regression.patch
+0012-USB-add-quirk-to-avoid-config-and-interface-strings.patch
+0016-cifs-fix-buffer-format-byte-on-NT-Rename-hardlink.patch
+0019-b43-fix-b43_plcp_get_bitrate_idx_ofdm-return-type.patch
+0022-CIFS-Fix-memory-overwrite-when-saving-nativeFileSys.patch
+0032-Add-a-missing-unlock_kernel-in-raw_open.patch
+0033-x86-PAT-PCI-Change-vma-prot-in-pci_mmap-to-reflec.patch
+0037-x86-mtrr-don-t-modify-RdDram-WrDram-bits-of-fixed.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
