--- /dev/null
+From 3db6c037c6954ed6d98ef199938e4004fea96908 Mon Sep 17 00:00:00 2001
+From: Manoj Iyer <manoj.iyer@canonical.com>
+Date: Tue, 22 Sep 2009 18:33:29 -0500
+Subject: ALSA: hda - Added quirk to enable sound on Toshiba NB200
+
+From: Manoj Iyer <manoj.iyer@canonical.com>
+
+commit 3db6c037c6954ed6d98ef199938e4004fea96908 upstream.
+
+Patch was tested on Toshiba NB200 and is found to enable sound.
+
+Signed-off-by: Manoj Iyer <manoj.iyer@canonical.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ sound/pci/hda/patch_realtek.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -16876,6 +16876,7 @@ static struct snd_pci_quirk alc662_cfg_t
+ SND_PCI_QUIRK(0x105b, 0x0cd6, "Foxconn", ALC662_ECS),
+ SND_PCI_QUIRK(0x105b, 0x0d47, "Foxconn 45CMX/45GMX/45CMX-K",
+ ALC662_3ST_6ch_DIG),
++ SND_PCI_QUIRK(0x1179, 0xff6e, "Toshiba NB200", ALC663_ASUS_MODE4),
+ SND_PCI_QUIRK(0x144d, 0xca00, "Samsung NC10", ALC272_SAMSUNG_NC10),
+ SND_PCI_QUIRK(0x1458, 0xa002, "Gigabyte 945GCM-S2L",
+ ALC662_3ST_6ch_DIG),
--- /dev/null
+From 5b7dde346881b12246669ae97b3a2793c27b32b6 Mon Sep 17 00:00:00 2001
+From: Mark Brown <broonie@opensource.wolfsonmicro.com>
+Date: Mon, 29 Jun 2009 11:17:10 +0100
+Subject: ASoC: WM8350 capture PGA mutes are inverted
+
+From: Mark Brown <broonie@opensource.wolfsonmicro.com>
+
+commit 5b7dde346881b12246669ae97b3a2793c27b32b6 upstream.
+
+Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ sound/soc/codecs/wm8350.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/sound/soc/codecs/wm8350.c
++++ b/sound/soc/codecs/wm8350.c
+@@ -580,7 +580,7 @@ static const struct snd_kcontrol_new wm8
+ SOC_DAPM_SINGLE_TLV("L3 Capture Volume",
+ WM8350_INPUT_MIXER_VOLUME_L, 9, 7, 0, out_mix_tlv),
+ SOC_DAPM_SINGLE("PGA Capture Switch",
+- WM8350_LEFT_INPUT_VOLUME, 14, 1, 0),
++ WM8350_LEFT_INPUT_VOLUME, 14, 1, 1),
+ };
+
+ /* Right Input Mixer */
+@@ -590,7 +590,7 @@ static const struct snd_kcontrol_new wm8
+ SOC_DAPM_SINGLE_TLV("L3 Capture Volume",
+ WM8350_INPUT_MIXER_VOLUME_R, 13, 7, 0, out_mix_tlv),
+ SOC_DAPM_SINGLE("PGA Capture Switch",
+- WM8350_RIGHT_INPUT_VOLUME, 14, 1, 0),
++ WM8350_RIGHT_INPUT_VOLUME, 14, 1, 1),
+ };
+
+ /* Left Mic Mixer */
--- /dev/null
+From 3279ba37db5d65c4ab0dcdee3b211ccb85bb563f Mon Sep 17 00:00:00 2001
+From: Steven Rostedt <srostedt@redhat.com>
+Date: Wed, 7 Oct 2009 16:57:56 -0400
+Subject: ftrace: check for failure for all conversions
+
+From: Steven Rostedt <srostedt@redhat.com>
+
+commit 3279ba37db5d65c4ab0dcdee3b211ccb85bb563f upstream.
+
+Due to legacy code from back when the dynamic tracer used a daemon,
+only core kernel code was checking for failures. This is no longer
+the case. We must check for failures any time we perform text modifications.
+
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/trace/ftrace.c | 11 +++--------
+ 1 file changed, 3 insertions(+), 8 deletions(-)
+
+--- a/kernel/trace/ftrace.c
++++ b/kernel/trace/ftrace.c
+@@ -1110,14 +1110,9 @@ static void ftrace_replace_code(int enab
+ failed = __ftrace_replace_code(rec, enable);
+ if (failed) {
+ rec->flags |= FTRACE_FL_FAILED;
+- if ((system_state == SYSTEM_BOOTING) ||
+- !core_kernel_text(rec->ip)) {
+- ftrace_free_rec(rec);
+- } else {
+- ftrace_bug(failed, rec->ip);
+- /* Stop processing */
+- return;
+- }
++ ftrace_bug(failed, rec->ip);
++ /* Stop processing */
++ return;
+ }
+ } while_for_each_ftrace_rec();
+ }
--- /dev/null
+From eaaea8036d0261d87d7072c5bc88c7ea730c18ac Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Sun, 4 Oct 2009 09:34:17 +0200
+Subject: futex: Fix locking imbalance
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit eaaea8036d0261d87d7072c5bc88c7ea730c18ac upstream.
+
+Rich reported a lock imbalance in the futex code:
+
+ http://bugzilla.kernel.org/show_bug.cgi?id=14288
+
+It's caused by the displacement of the retry_private label in
+futex_wake_op(). The code unlocks the hash bucket locks in the
+error handling path and retries without locking them again which
+makes the next unlock fail.
+
+Move retry_private so we lock the hash bucket locks when we retry.
+
+Reported-by: Rich Ercolany <rercola@acm.jhu.edu>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
+Cc: Darren Hart <dvhltc@us.ibm.com>
+LKML-Reference: <new-submission>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/futex.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -912,8 +912,8 @@ retry:
+ hb1 = hash_futex(&key1);
+ hb2 = hash_futex(&key2);
+
+- double_lock_hb(hb1, hb2);
+ retry_private:
++ double_lock_hb(hb1, hb2);
+ op_ret = futex_atomic_op_inuser(op, uaddr2);
+ if (unlikely(op_ret < 0)) {
+
--- /dev/null
+From da085681014fb43d67d9bf6d14bc068e9254bd49 Mon Sep 17 00:00:00 2001
+From: Darren Hart <dvhltc@us.ibm.com>
+Date: Wed, 7 Oct 2009 11:46:54 -0700
+Subject: futex: fix requeue_pi key imbalance
+
+From: Darren Hart <dvhltc@us.ibm.com>
+
+commit da085681014fb43d67d9bf6d14bc068e9254bd49 upstream.
+
+If futex_wait_requeue_pi() wakes prior to requeue, we drop the
+reference to the source futex_key twice, once in
+handle_early_requeue_pi_wakeup() and once on our way out.
+
+Remove the drop from the handle_early_requeue_pi_wakeup() and keep
+the get/drops together in futex_wait_requeue_pi().
+
+Reported-by: Helge Bahmann <hcb@chaoticmind.net>
+Signed-off-by: Darren Hart <dvhltc@us.ibm.com>
+Cc: Helge Bahmann <hcb@chaoticmind.net>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Eric Dumazet <eric.dumazet@gmail.com>
+Cc: Dinakar Guniguntala <dino@in.ibm.com>
+Cc: John Stultz <johnstul@us.ibm.com>
+LKML-Reference: <4ACCE21E.5030805@us.ibm.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/futex.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -2087,7 +2087,6 @@ int handle_early_requeue_pi_wakeup(struc
+ * Unqueue the futex_q and determine which it was.
+ */
+ plist_del(&q->list, &q->list.plist);
+- drop_futex_key_refs(&q->key);
+
+ if (timeout && !timeout->task)
+ ret = -ETIMEDOUT;
--- /dev/null
+From 322a2c100a8998158445599ea437fb556aa95b11 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Mon, 5 Oct 2009 18:18:03 +0200
+Subject: futex: Move exit_pi_state() call to release_mm()
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit 322a2c100a8998158445599ea437fb556aa95b11 upstream.
+
+exit_pi_state() is called from do_exit() but not from do_execve().
+Move it to release_mm() so it gets called from do_execve() as well.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+LKML-Reference: <new-submission>
+Cc: Anirban Sinha <ani@anirban.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/exit.c | 2 --
+ kernel/fork.c | 2 ++
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/kernel/exit.c
++++ b/kernel/exit.c
+@@ -987,8 +987,6 @@ NORET_TYPE void do_exit(long code)
+ tsk->mempolicy = NULL;
+ #endif
+ #ifdef CONFIG_FUTEX
+- if (unlikely(!list_empty(&tsk->pi_state_list)))
+- exit_pi_state_list(tsk);
+ if (unlikely(current->pi_state_cache))
+ kfree(current->pi_state_cache);
+ #endif
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -550,6 +550,8 @@ void mm_release(struct task_struct *tsk,
+ if (unlikely(tsk->compat_robust_list))
+ compat_exit_robust_list(tsk);
+ #endif
++ if (unlikely(!list_empty(&tsk->pi_state_list)))
++ exit_pi_state_list(tsk);
+ #endif
+
+ /* Get rid of any cached register state */
--- /dev/null
+From fc6b177dee33365ccb29fe6d2092223cf8d679f9 Mon Sep 17 00:00:00 2001
+From: Peter Zijlstra <peterz@infradead.org>
+Date: Mon, 5 Oct 2009 18:17:32 +0200
+Subject: futex: Nullify robust lists after cleanup
+
+From: Peter Zijlstra <peterz@infradead.org>
+
+commit fc6b177dee33365ccb29fe6d2092223cf8d679f9 upstream.
+
+The robust list pointers of user space held futexes are kept intact
+over an exec() call. When the exec'ed task exits exit_robust_list() is
+called with the stale pointer. The risk of corruption is minimal, but
+still it is incorrect to keep the pointers valid. Actually glibc
+should uninstall the robust list before calling exec() but we have to
+deal with it anyway.
+
+Nullify the pointers after [compat_]exit_robust_list() has been
+called.
+
+Reported-by: Anirban Sinha <ani@anirban.org>
+Signed-off-by: Peter Zijlstra <peterz@infradead.org>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/fork.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -544,11 +544,15 @@ void mm_release(struct task_struct *tsk,
+
+ /* Get rid of any futexes when releasing the mm */
+ #ifdef CONFIG_FUTEX
+- if (unlikely(tsk->robust_list))
++ if (unlikely(tsk->robust_list)) {
+ exit_robust_list(tsk);
++ tsk->robust_list = NULL;
++ }
+ #ifdef CONFIG_COMPAT
+- if (unlikely(tsk->compat_robust_list))
++ if (unlikely(tsk->compat_robust_list)) {
+ compat_exit_robust_list(tsk);
++ tsk->compat_robust_list = NULL;
++ }
+ #endif
+ if (unlikely(!list_empty(&tsk->pi_state_list)))
+ exit_pi_state_list(tsk);
--- /dev/null
+From 36520be8e32b49bd85a63b7b8b40cd07c3da59a5 Mon Sep 17 00:00:00 2001
+From: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Date: Mon, 5 Oct 2009 14:25:44 -0400
+Subject: ima: ecryptfs fix imbalance message
+
+From: Mimi Zohar <zohar@linux.vnet.ibm.com>
+
+commit 36520be8e32b49bd85a63b7b8b40cd07c3da59a5 upstream.
+
+The unencrypted files are being measured. Update the counters to get
+rid of the ecryptfs imbalance message. (http://bugzilla.redhat.com/519737)
+
+Reported-by: Sachin Garg
+Cc: Eric Paris <eparis@redhat.com>
+Cc: Dustin Kirkland <kirkland@canonical.com>
+Cc: James Morris <jmorris@namei.org>
+Cc: David Safford <safford@watson.ibm.com>
+Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
+Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/ecryptfs/main.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/fs/ecryptfs/main.c
++++ b/fs/ecryptfs/main.c
+@@ -35,6 +35,7 @@
+ #include <linux/key.h>
+ #include <linux/parser.h>
+ #include <linux/fs_stack.h>
++#include <linux/ima.h>
+ #include "ecryptfs_kernel.h"
+
+ /**
+@@ -118,6 +119,7 @@ int ecryptfs_init_persistent_file(struct
+ const struct cred *cred = current_cred();
+ struct ecryptfs_inode_info *inode_info =
+ ecryptfs_inode_to_private(ecryptfs_dentry->d_inode);
++ int opened_lower_file = 0;
+ int rc = 0;
+
+ mutex_lock(&inode_info->lower_file_mutex);
+@@ -134,9 +136,12 @@ int ecryptfs_init_persistent_file(struct
+ "for lower_dentry [0x%p] and lower_mnt [0x%p]; "
+ "rc = [%d]\n", lower_dentry, lower_mnt, rc);
+ inode_info->lower_file = NULL;
+- }
++ } else
++ opened_lower_file = 1;
+ }
+ mutex_unlock(&inode_info->lower_file_mutex);
++ if (opened_lower_file)
++ ima_counts_get(inode_info->lower_file);
+ return rc;
+ }
+
--- /dev/null
+From 6c1488fd581a447ec87c4b59f0d33f95f0aa441b Mon Sep 17 00:00:00 2001
+From: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Date: Wed, 2 Sep 2009 11:40:32 -0400
+Subject: IMA: open new file for read
+
+From: Mimi Zohar <zohar@linux.vnet.ibm.com>
+
+commit 6c1488fd581a447ec87c4b59f0d33f95f0aa441b upstream.
+
+When creating a new file, ima_path_check() assumed the new file
+was being opened for write. Call ima_path_check() with the
+appropriate acc_mode so that the read/write counters are
+incremented correctly.
+
+Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
+Signed-off-by: James Morris <jmorris@namei.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -1533,9 +1533,11 @@ int may_open(struct path *path, int acc_mode, int flag)
+ if (error)
+ return error;
+
+- error = ima_path_check(path,
+- acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC),
++ error = ima_path_check(path, acc_mode ?
++ acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC) :
++ ACC_MODE(flag) & (MAY_READ | MAY_WRITE),
+ IMA_COUNT_UPDATE);
++
+ if (error)
+ return error;
+ /*
--- /dev/null
+From b2d83cfa3fdefe5c6573d443d099a18dc3a93c5f Mon Sep 17 00:00:00 2001
+From: Aurelien Jarno <aurelien@aurel32.net>
+Date: Fri, 25 Sep 2009 11:09:37 +0200
+Subject: KVM: fix LAPIC timer period overflow
+
+From: Aurelien Jarno <aurelien@aurel32.net>
+
+commit b2d83cfa3fdefe5c6573d443d099a18dc3a93c5f upstream.
+
+Don't overflow when computing the 64-bit period from 32-bit registers.
+
+Fixes sourceforge bug #2826486.
+
+Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/lapic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/lapic.c
++++ b/arch/x86/kvm/lapic.c
+@@ -567,7 +567,7 @@ static void start_apic_timer(struct kvm_
+ {
+ ktime_t now = apic->lapic_timer.timer.base->get_time();
+
+- apic->lapic_timer.period = apic_get_reg(apic, APIC_TMICT) *
++ apic->lapic_timer.period = (u64)apic_get_reg(apic, APIC_TMICT) *
+ APIC_BUS_CYCLE_NS * apic->divide_count;
+ atomic_set(&apic->lapic_timer.pending, 0);
+
--- /dev/null
+From 6a54435560efdab1a08f429a954df4d6c740bddf Mon Sep 17 00:00:00 2001
+From: Avi Kivity <avi@redhat.com>
+Date: Sun, 4 Oct 2009 16:45:13 +0200
+Subject: KVM: Prevent overflow in KVM_GET_SUPPORTED_CPUID
+
+From: Avi Kivity <avi@redhat.com>
+
+commit 6a54435560efdab1a08f429a954df4d6c740bddf upstream.
+
+The number of entries is multiplied by the entry size, which can
+overflow on 32-bit hosts. Bound the entry count instead.
+
+Reported-by: David Wagner <daw@cs.berkeley.edu>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/x86.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -1429,6 +1429,8 @@ static int kvm_dev_ioctl_get_supported_c
+
+ if (cpuid->nent < 1)
+ goto out;
++ if (cpuid->nent > KVM_MAX_CPUID_ENTRIES)
++ cpuid->nent = KVM_MAX_CPUID_ENTRIES;
+ r = -ENOMEM;
+ cpuid_entries = vmalloc(sizeof(struct kvm_cpuid_entry2) * cpuid->nent);
+ if (!cpuid_entries)
--- /dev/null
+From 77b1ab1732feb5e3dcbaf31d2f7547c5229f5f3a Mon Sep 17 00:00:00 2001
+From: Joerg Roedel <joerg.roedel@amd.com>
+Date: Wed, 16 Sep 2009 15:24:17 +0200
+Subject: KVM: SVM: Fix tsc offset adjustment when running nested
+
+From: Joerg Roedel <joerg.roedel@amd.com>
+
+commit 77b1ab1732feb5e3dcbaf31d2f7547c5229f5f3a upstream.
+
+When svm_vcpu_load is called while the vcpu is running in
+guest mode the tsc adjustment made there is lost on the next
+emulated #vmexit. This causes the tsc running backwards in
+the guest. This patch fixes the issue by also adjusting the
+tsc_offset in the emulated hsave area so that it will not
+get lost.
+
+Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/svm.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/x86/kvm/svm.c
++++ b/arch/x86/kvm/svm.c
+@@ -709,6 +709,8 @@ static void svm_vcpu_load(struct kvm_vcp
+ rdtscll(tsc_this);
+ delta = vcpu->arch.host_tsc - tsc_this;
+ svm->vmcb->control.tsc_offset += delta;
++ if (is_nested(svm))
++ svm->nested.hsave->control.tsc_offset += delta;
+ vcpu->cpu = cpu;
+ kvm_migrate_timers(vcpu);
+ svm->asid_generation = 0;
--- /dev/null
+From eb5109e311b5152c0614a28d7d615d087f268f19 Mon Sep 17 00:00:00 2001
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Thu, 1 Oct 2009 19:16:58 -0300
+Subject: KVM: VMX: flush TLB with INVEPT on cpu migration
+
+From: Marcelo Tosatti <mtosatti@redhat.com>
+
+commit eb5109e311b5152c0614a28d7d615d087f268f19 upstream.
+
+It is possible that stale EPTP-tagged mappings are used, if a
+vcpu migrates to a different pcpu.
+
+Set KVM_REQ_TLB_FLUSH in vmx_vcpu_load, when switching pcpus, which
+will invalidate both VPID and EPT mappings on the next vm-entry.
+
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/vmx.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -661,7 +661,7 @@ static void vmx_vcpu_load(struct kvm_vcp
+ if (vcpu->cpu != cpu) {
+ vcpu_clear(vmx);
+ kvm_migrate_timers(vcpu);
+- vpid_sync_vcpu_all(vmx);
++ set_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests);
+ local_irq_disable();
+ list_add(&vmx->local_vcpus_link,
+ &per_cpu(vcpus_on_cpu, cpu));
--- /dev/null
+From 3b761d3d437cffcaf160a5d37eb6b3b186e491d5 Mon Sep 17 00:00:00 2001
+From: Tejun Heo <tj@kernel.org>
+Date: Tue, 6 Oct 2009 17:08:40 +0900
+Subject: libata: fix incorrect link online check during probe
+
+From: Tejun Heo <tj@kernel.org>
+
+commit 3b761d3d437cffcaf160a5d37eb6b3b186e491d5 upstream.
+
+While trying to work around spurious detection retries for
+non-existent devices on slave links, commit
+816ab89782ac139a8b65147cca990822bb7e8675 incorrectly added link
+offline check logic before ata_eh_thaw() was called. This means that
+if an occupied link goes down briefly at the time that offline check
+was performed, device class will be cleared to ATA_DEV_NONE and libata
+wouldn't retry thus failing detection of the device.
+
+The offline check should be done after the port is thawed together
+with online check so that such link glitches can be detected by the
+interrupt handler and handled properly.
+
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Reported-by: Tim Blechmann <tim@klingt.org>
+Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/ata/libata-eh.c | 50 ++++++++++++++++++++++++++++++------------------
+ 1 file changed, 32 insertions(+), 18 deletions(-)
+
+--- a/drivers/ata/libata-eh.c
++++ b/drivers/ata/libata-eh.c
+@@ -2541,14 +2541,14 @@ int ata_eh_reset(struct ata_link *link,
+ dev->pio_mode = XFER_PIO_0;
+ dev->flags &= ~ATA_DFLAG_SLEEPING;
+
+- if (!ata_phys_link_offline(ata_dev_phys_link(dev))) {
+- /* apply class override */
+- if (lflags & ATA_LFLAG_ASSUME_ATA)
+- classes[dev->devno] = ATA_DEV_ATA;
+- else if (lflags & ATA_LFLAG_ASSUME_SEMB)
+- classes[dev->devno] = ATA_DEV_SEMB_UNSUP;
+- } else
+- classes[dev->devno] = ATA_DEV_NONE;
++ if (ata_phys_link_offline(ata_dev_phys_link(dev)))
++ continue;
++
++ /* apply class override */
++ if (lflags & ATA_LFLAG_ASSUME_ATA)
++ classes[dev->devno] = ATA_DEV_ATA;
++ else if (lflags & ATA_LFLAG_ASSUME_SEMB)
++ classes[dev->devno] = ATA_DEV_SEMB_UNSUP;
+ }
+
+ /* record current link speed */
+@@ -2581,34 +2581,48 @@ int ata_eh_reset(struct ata_link *link,
+ slave->eh_info.serror = 0;
+ spin_unlock_irqrestore(link->ap->lock, flags);
+
+- /* Make sure onlineness and classification result correspond.
++ /*
++ * Make sure onlineness and classification result correspond.
+ * Hotplug could have happened during reset and some
+ * controllers fail to wait while a drive is spinning up after
+ * being hotplugged causing misdetection. By cross checking
+- * link onlineness and classification result, those conditions
+- * can be reliably detected and retried.
++ * link on/offlineness and classification result, those
++ * conditions can be reliably detected and retried.
+ */
+ nr_unknown = 0;
+ ata_for_each_dev(dev, link, ALL) {
+- /* convert all ATA_DEV_UNKNOWN to ATA_DEV_NONE */
+- if (classes[dev->devno] == ATA_DEV_UNKNOWN) {
+- classes[dev->devno] = ATA_DEV_NONE;
+- if (ata_phys_link_online(ata_dev_phys_link(dev)))
++ if (ata_phys_link_online(ata_dev_phys_link(dev))) {
++ if (classes[dev->devno] == ATA_DEV_UNKNOWN) {
++ ata_dev_printk(dev, KERN_DEBUG, "link online "
++ "but device misclassifed\n");
++ classes[dev->devno] = ATA_DEV_NONE;
+ nr_unknown++;
++ }
++ } else if (ata_phys_link_offline(ata_dev_phys_link(dev))) {
++ if (ata_class_enabled(classes[dev->devno]))
++ ata_dev_printk(dev, KERN_DEBUG, "link offline, "
++ "clearing class %d to NONE\n",
++ classes[dev->devno]);
++ classes[dev->devno] = ATA_DEV_NONE;
++ } else if (classes[dev->devno] == ATA_DEV_UNKNOWN) {
++ ata_dev_printk(dev, KERN_DEBUG, "link status unknown, "
++ "clearing UNKNOWN to NONE\n");
++ classes[dev->devno] = ATA_DEV_NONE;
+ }
+ }
+
+ if (classify && nr_unknown) {
+ if (try < max_tries) {
+ ata_link_printk(link, KERN_WARNING, "link online but "
+- "device misclassified, retrying\n");
++ "%d devices misclassified, retrying\n",
++ nr_unknown);
+ failed_link = link;
+ rc = -EAGAIN;
+ goto fail;
+ }
+ ata_link_printk(link, KERN_WARNING,
+- "link online but device misclassified, "
+- "device detection might fail\n");
++ "link online but %d devices misclassified, "
++ "device detection might fail\n", nr_unknown);
+ }
+
+ /* reset successful, schedule revalidation */
--- /dev/null
+From 31a5639623a487d6db996c8138c9e53fef2e2d91 Mon Sep 17 00:00:00 2001
+From: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
+Date: Mon, 21 Sep 2009 17:02:50 -0700
+Subject: mm: add_to_swap_cache() must not sleep
+
+From: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
+
+commit 31a5639623a487d6db996c8138c9e53fef2e2d91 upstream.
+
+After commit 355cfa73 ("mm: modify swap_map and add SWAP_HAS_CACHE flag"),
+read_swap_cache_async() will busy-wait while a entry doesn't exist in swap
+cache but it has SWAP_HAS_CACHE flag.
+
+Such entries can exist on add/delete path of swap cache. On add path,
+add_to_swap_cache() is called soon after SWAP_HAS_CACHE flag is set, and
+on delete path, swapcache_free() will be called (SWAP_HAS_CACHE flag is
+cleared) soon after __delete_from_swap_cache() is called. So, the
+busy-wait works well in most cases.
+
+But this mechanism can cause soft lockup if add_to_swap_cache() sleeps and
+read_swap_cache_async() tries to swap-in the same entry on the same cpu.
+
+This patch calls radix_tree_preload() before swapcache_prepare() and
+divides add_to_swap_cache() into two part: radix_tree_preload() part and
+radix_tree_insert() part(define it as __add_to_swap_cache()).
+
+Signed-off-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
+Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
+Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
+Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
+Cc: Johannes Weiner <hannes@cmpxchg.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ mm/swap_state.c | 70 ++++++++++++++++++++++++++++++++++++--------------------
+ 1 file changed, 46 insertions(+), 24 deletions(-)
+
+--- a/mm/swap_state.c
++++ b/mm/swap_state.c
+@@ -66,10 +66,10 @@ void show_swap_cache_info(void)
+ }
+
+ /*
+- * add_to_swap_cache resembles add_to_page_cache_locked on swapper_space,
++ * __add_to_swap_cache resembles add_to_page_cache_locked on swapper_space,
+ * but sets SwapCache flag and private instead of mapping and index.
+ */
+-int add_to_swap_cache(struct page *page, swp_entry_t entry, gfp_t gfp_mask)
++static int __add_to_swap_cache(struct page *page, swp_entry_t entry)
+ {
+ int error;
+
+@@ -77,28 +77,37 @@ int add_to_swap_cache(struct page *page,
+ VM_BUG_ON(PageSwapCache(page));
+ VM_BUG_ON(!PageSwapBacked(page));
+
++ page_cache_get(page);
++ SetPageSwapCache(page);
++ set_page_private(page, entry.val);
++
++ spin_lock_irq(&swapper_space.tree_lock);
++ error = radix_tree_insert(&swapper_space.page_tree, entry.val, page);
++ if (likely(!error)) {
++ total_swapcache_pages++;
++ __inc_zone_page_state(page, NR_FILE_PAGES);
++ INC_CACHE_INFO(add_total);
++ }
++ spin_unlock_irq(&swapper_space.tree_lock);
++
++ if (unlikely(error)) {
++ set_page_private(page, 0UL);
++ ClearPageSwapCache(page);
++ page_cache_release(page);
++ }
++
++ return error;
++}
++
++
++int add_to_swap_cache(struct page *page, swp_entry_t entry, gfp_t gfp_mask)
++{
++ int error;
++
+ error = radix_tree_preload(gfp_mask);
+ if (!error) {
+- page_cache_get(page);
+- SetPageSwapCache(page);
+- set_page_private(page, entry.val);
+-
+- spin_lock_irq(&swapper_space.tree_lock);
+- error = radix_tree_insert(&swapper_space.page_tree,
+- entry.val, page);
+- if (likely(!error)) {
+- total_swapcache_pages++;
+- __inc_zone_page_state(page, NR_FILE_PAGES);
+- INC_CACHE_INFO(add_total);
+- }
+- spin_unlock_irq(&swapper_space.tree_lock);
++ error = __add_to_swap_cache(page, entry);
+ radix_tree_preload_end();
+-
+- if (unlikely(error)) {
+- set_page_private(page, 0UL);
+- ClearPageSwapCache(page);
+- page_cache_release(page);
+- }
+ }
+ return error;
+ }
+@@ -289,13 +298,24 @@ struct page *read_swap_cache_async(swp_e
+ }
+
+ /*
++ * call radix_tree_preload() while we can wait.
++ */
++ err = radix_tree_preload(gfp_mask & GFP_KERNEL);
++ if (err)
++ break;
++
++ /*
+ * Swap entry may have been freed since our caller observed it.
+ */
+ err = swapcache_prepare(entry);
+- if (err == -EEXIST) /* seems racy */
++ if (err == -EEXIST) { /* seems racy */
++ radix_tree_preload_end();
+ continue;
+- if (err) /* swp entry is obsolete ? */
++ }
++ if (err) { /* swp entry is obsolete ? */
++ radix_tree_preload_end();
+ break;
++ }
+
+ /*
+ * Associate the page with swap entry in the swap cache.
+@@ -307,8 +327,9 @@ struct page *read_swap_cache_async(swp_e
+ */
+ __set_page_locked(new_page);
+ SetPageSwapBacked(new_page);
+- err = add_to_swap_cache(new_page, entry, gfp_mask & GFP_KERNEL);
++ err = __add_to_swap_cache(new_page, entry);
+ if (likely(!err)) {
++ radix_tree_preload_end();
+ /*
+ * Initiate read into locked page and return.
+ */
+@@ -316,6 +337,7 @@ struct page *read_swap_cache_async(swp_e
+ swap_readpage(new_page);
+ return new_page;
+ }
++ radix_tree_preload_end();
+ ClearPageSwapBacked(new_page);
+ __clear_page_locked(new_page);
+ swapcache_free(entry, NULL);
--- /dev/null
+From b607bd900051efc3308c4edc65dd98b34b230021 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <khali@linux-fr.org>
+Date: Fri, 2 Oct 2009 09:55:19 -0700
+Subject: net: Fix wrong sizeof
+
+From: Jean Delvare <khali@linux-fr.org>
+
+commit b607bd900051efc3308c4edc65dd98b34b230021 upstream.
+
+Which is why I have always preferred sizeof(struct foo) over
+sizeof(var).
+
+Signed-off-by: Jean Delvare <khali@linux-fr.org>
+Acked-by: Randy Dunlap <rdunlap@xenotime.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ Documentation/networking/timestamping/timestamping.c | 2 +-
+ drivers/net/iseries_veth.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/Documentation/networking/timestamping/timestamping.c
++++ b/Documentation/networking/timestamping/timestamping.c
+@@ -381,7 +381,7 @@ int main(int argc, char **argv)
+ memset(&hwtstamp, 0, sizeof(hwtstamp));
+ strncpy(hwtstamp.ifr_name, interface, sizeof(hwtstamp.ifr_name));
+ hwtstamp.ifr_data = (void *)&hwconfig;
+- memset(&hwconfig, 0, sizeof(&hwconfig));
++ memset(&hwconfig, 0, sizeof(hwconfig));
+ hwconfig.tx_type =
+ (so_timestamping_flags & SOF_TIMESTAMPING_TX_HARDWARE) ?
+ HWTSTAMP_TX_ON : HWTSTAMP_TX_OFF;
+--- a/drivers/net/iseries_veth.c
++++ b/drivers/net/iseries_veth.c
+@@ -495,7 +495,7 @@ static void veth_take_cap_ack(struct vet
+ cnx->remote_lp);
+ } else {
+ memcpy(&cnx->cap_ack_event, event,
+- sizeof(&cnx->cap_ack_event));
++ sizeof(cnx->cap_ack_event));
+ cnx->state |= VETH_STATE_GOTCAPACK;
+ veth_kick_statemachine(cnx);
+ }
--- /dev/null
+From fdc6f192e7e1ae80565af23cc33dc88e3dcdf184 Mon Sep 17 00:00:00 2001
+From: Eero Nurkkala <ext-eero.nurkkala@nokia.com>
+Date: Wed, 7 Oct 2009 11:54:26 +0300
+Subject: NOHZ: update idle state also when NOHZ is inactive
+
+From: Eero Nurkkala <ext-eero.nurkkala@nokia.com>
+
+commit fdc6f192e7e1ae80565af23cc33dc88e3dcdf184 upstream.
+
+Commit f2e21c9610991e95621a81407cdbab881226419b had unfortunate side
+effects with cpufreq governors on some systems.
+
+If the system did not switch into NOHZ mode ts->inidle is not set when
+tick_nohz_stop_sched_tick() is called from the idle routine. Therefor
+all subsequent calls from irq_exit() to tick_nohz_stop_sched_tick()
+fail to call tick_nohz_start_idle(). This results in bogus idle
+accounting information which is passed to cpufreq governors.
+
+Set the inidle flag unconditionally of the NOHZ active state to keep
+the idle time accounting correct in any case.
+
+[ tglx: Added comment and tweaked the changelog ]
+
+Reported-by: Steven Noonan <steven@uplinklabs.net>
+Signed-off-by: Eero Nurkkala <ext-eero.nurkkala@nokia.com>
+Cc: Rik van Riel <riel@redhat.com>
+Cc: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
+Cc: Steven Noonan <steven@uplinklabs.net>
+LKML-Reference: <1254907901.30157.93.camel@eenurkka-desktop>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/time/tick-sched.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/kernel/time/tick-sched.c
++++ b/kernel/time/tick-sched.c
+@@ -231,6 +231,13 @@ void tick_nohz_stop_sched_tick(int inidl
+ if (!inidle && !ts->inidle)
+ goto end;
+
++ /*
++ * Set ts->inidle unconditionally. Even if the system did not
++ * switch to NOHZ mode the cpu frequency governers rely on the
++ * update of the idle time accounting in tick_nohz_start_idle().
++ */
++ ts->inidle = 1;
++
+ now = tick_nohz_start_idle(ts);
+
+ /*
+@@ -248,8 +255,6 @@ void tick_nohz_stop_sched_tick(int inidl
+ if (unlikely(ts->nohz_mode == NOHZ_MODE_INACTIVE))
+ goto end;
+
+- ts->inidle = 1;
+-
+ if (need_resched())
+ goto end;
+
--- /dev/null
+From johnstul@us.ibm.com Fri Oct 9 15:32:22 2009
+From: john stultz <johnstul@us.ibm.com>
+Date: Thu, 08 Oct 2009 13:31:45 -0700
+Subject: PIT fixes to unbreak suspend/resume (bug #14222)
+To: stable@kernel.org, lkml <linux-kernel@vger.kernel.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>, linux@rainbow-software.org
+Message-ID: <1255033906.4846.12.camel@localhost.localdomain>
+
+From: john stultz <johnstul@us.ibm.com>
+
+Resolved differently upstream in commit 8cab02dc3c58a12235c6d463ce684dded9696848
+
+Ondrej Zary reported a suspend/resume hang with 2.6.31 in bug #14222.
+
+http://bugzilla.kernel.org/show_bug.cgi?id=14222
+
+The hang was bisected to c7121843685de2bf7f3afd3ae1d6a146010bf1fc
+however, that was really just the last straw that caused the issue.
+
+The problem was that on suspend, the PIT is removed as a clocksource,
+and was using the mult value essentially as a is_enabled() flag. The
+mult adjustments done in the commit above caused that usage to break,
+causing bad list manipulation and the oops.
+
+Further, on resume, the PIT clocksource is never restored, causing the
+system to run in a degraded mode with jiffies as the clocksource.
+
+This issue has since been resolved in 2.6.32-rc by commit
+8cab02dc3c58a12235c6d463ce684dded9696848 which removes the clocksource
+disabling on suspend. Testing shows no issues there.
+
+So the following patch rectifies the situation for 2.6.31 users of the
+PIT clocksource that use suspend and resume (which is probably not that
+many).
+
+Many thanks to Ondrej for helping narrow down what was happening, what
+caused it, and verifying the fix.
+
+---------------
+
+Avoid using the unprotected clocksource.mult value as an "is_registered"
+flag, instead us an explicit flag variable. This avoids possible list
+corruption if the clocksource is double-unregistered.
+
+Also re-register the PIT clocksource on resume so folks don't have to
+use jiffies after suspend.
+
+
+Signed-off-by: John Stultz <johnstul@us.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kernel/i8253.c | 27 ++++++++++++++++++++-------
+ 1 file changed, 20 insertions(+), 7 deletions(-)
+
+--- a/arch/x86/kernel/i8253.c
++++ b/arch/x86/kernel/i8253.c
+@@ -21,8 +21,10 @@ EXPORT_SYMBOL(i8253_lock);
+
+ #ifdef CONFIG_X86_32
+ static void pit_disable_clocksource(void);
++static void pit_enable_clocksource(void);
+ #else
+ static inline void pit_disable_clocksource(void) { }
++static inline void pit_enable_clocksource(void) { }
+ #endif
+
+ /*
+@@ -67,7 +69,7 @@ static void init_pit_timer(enum clock_ev
+ break;
+
+ case CLOCK_EVT_MODE_RESUME:
+- /* Nothing to do here */
++ pit_enable_clocksource();
+ break;
+ }
+ spin_unlock(&i8253_lock);
+@@ -200,19 +202,27 @@ static struct clocksource pit_cs = {
+ .shift = 20,
+ };
+
++int pit_cs_registered;
+ static void pit_disable_clocksource(void)
+ {
+- /*
+- * Use mult to check whether it is registered or not
+- */
+- if (pit_cs.mult) {
++ if (pit_cs_registered) {
+ clocksource_unregister(&pit_cs);
+- pit_cs.mult = 0;
++ pit_cs_registered = 0;
++ }
++}
++
++static void pit_enable_clocksource(void)
++{
++ if (!pit_cs_registered && !clocksource_register(&pit_cs)) {
++ pit_cs_registered = 1;
+ }
+ }
+
++
++
+ static int __init init_pit_clocksource(void)
+ {
++ int ret;
+ /*
+ * Several reasons not to register PIT as a clocksource:
+ *
+@@ -226,7 +236,10 @@ static int __init init_pit_clocksource(v
+
+ pit_cs.mult = clocksource_hz2mult(CLOCK_TICK_RATE, pit_cs.shift);
+
+- return clocksource_register(&pit_cs);
++ ret = clocksource_register(&pit_cs);
++ if (!ret)
++ pit_cs_registered = 1;
++ return ret;
+ }
+ arch_initcall(init_pit_clocksource);
+
--- /dev/null
+x86-fix-csum_ipv6_magic-asm-memory-clobber.patch
+tty-avoid-dropping-ldisc_mutex-over-hangup-tty-re-initialization.patch
+x86-don-t-leak-64-bit-kernel-register-values-to-32-bit-processes.patch
+alsa-hda-added-quirk-to-enable-sound-on-toshiba-nb200.patch
+tracing-correct-module-boundaries-for-ftrace_release.patch
+ftrace-check-for-failure-for-all-conversions.patch
+futex-fix-requeue_pi-key-imbalance.patch
+futex-move-exit_pi_state-call-to-release_mm.patch
+futex-nullify-robust-lists-after-cleanup.patch
+futex-fix-locking-imbalance.patch
+nohz-update-idle-state-also-when-nohz-is-inactive.patch
+ima-ecryptfs-fix-imbalance-message.patch
+libata-fix-incorrect-link-online-check-during-probe.patch
+sound-via82xx-move-dxs-volume-controls-to-pcm-interface.patch
+asoc-wm8350-capture-pga-mutes-are-inverted.patch
+kvm-prevent-overflow-in-kvm_get_supported_cpuid.patch
+kvm-vmx-flush-tlb-with-invept-on-cpu-migration.patch
+kvm-fix-lapic-timer-period-overflow.patch
+kvm-svm-fix-tsc-offset-adjustment-when-running-nested.patch
+net-fix-wrong-sizeof.patch
+mm-add_to_swap_cache-must-not-sleep.patch
+sis5513-fix-pio-setup-for-atapi-devices.patch
+pit-fixes-to-unbreak-suspend-resume.patch
+ima-open-new-file-for-read.patch
--- /dev/null
+From e13ee546bb06453939014c7b854e77fb643fd6f1 Mon Sep 17 00:00:00 2001
+From: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
+Date: Tue, 6 Oct 2009 14:46:05 +0000
+Subject: sis5513: fix PIO setup for ATAPI devices
+
+From: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
+
+commit e13ee546bb06453939014c7b854e77fb643fd6f1 upstream.
+
+Clear prefetch setting before potentially (re-)enabling it in
+config_drive_art_rwp() so the transition of the device type on
+the port from ATA to ATAPI (i.e. during warm-plug operation)
+is handled correctly.
+
+This is a really old bug (it probably goes back to very early
+days of the driver) but it was only affecting warm-plug operation
+until the recent "ide: try to use PIO Mode 0 during probe if
+possible" change (commit 6029336426a2b43e4bc6f4a84be8789a047d139e).
+
+Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
+Tested-by: David Fries <david@fries.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/ide/sis5513.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+--- a/drivers/ide/sis5513.c
++++ b/drivers/ide/sis5513.c
+@@ -2,7 +2,7 @@
+ * Copyright (C) 1999-2000 Andre Hedrick <andre@linux-ide.org>
+ * Copyright (C) 2002 Lionel Bouton <Lionel.Bouton@inet6.fr>, Maintainer
+ * Copyright (C) 2003 Vojtech Pavlik <vojtech@suse.cz>
+- * Copyright (C) 2007 Bartlomiej Zolnierkiewicz
++ * Copyright (C) 2007-2009 Bartlomiej Zolnierkiewicz
+ *
+ * May be copied or modified under the terms of the GNU General Public License
+ *
+@@ -281,11 +281,13 @@ static void config_drive_art_rwp(ide_dri
+
+ pci_read_config_byte(dev, 0x4b, ®4bh);
+
++ rw_prefetch = reg4bh & ~(0x11 << drive->dn);
++
+ if (drive->media == ide_disk)
+- rw_prefetch = 0x11 << drive->dn;
++ rw_prefetch |= 0x11 << drive->dn;
+
+- if ((reg4bh & (0x11 << drive->dn)) != rw_prefetch)
+- pci_write_config_byte(dev, 0x4b, reg4bh|rw_prefetch);
++ if (reg4bh != rw_prefetch)
++ pci_write_config_byte(dev, 0x4b, rw_prefetch);
+ }
+
+ static void sis_set_pio_mode(ide_drive_t *drive, const u8 pio)
--- /dev/null
+From 2fb930b53f513cbc4c102d415d2923a8a7091337 Mon Sep 17 00:00:00 2001
+From: Clemens Ladisch <clemens@ladisch.de>
+Date: Tue, 6 Oct 2009 08:21:04 +0200
+Subject: sound: via82xx: move DXS volume controls to PCM interface
+
+From: Clemens Ladisch <clemens@ladisch.de>
+
+commit 2fb930b53f513cbc4c102d415d2923a8a7091337 upstream.
+
+The "VIA DXS" controls are actually volume controls that apply to the
+four PCM substreams, so we better indicate this connection by moving the
+controls to the PCM interface.
+
+Commit b452e08e73c0e3dbb0be82130217be4b7084299e in 2.6.30 broke the
+restoring of these volumes by "alsactl restore" that most distributions
+use; the renaming in this patch cures that regression by preventing
+alsactl from applying the old, wrong volume levels to the new controls.
+http://bugzilla.kernel.org/show_bug.cgi?id=14151
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532613
+
+Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ sound/pci/via82xx.c | 27 ++++++++++++++++++---------
+ 1 file changed, 18 insertions(+), 9 deletions(-)
+
+--- a/sound/pci/via82xx.c
++++ b/sound/pci/via82xx.c
+@@ -1626,7 +1626,7 @@ static int snd_via8233_dxs_volume_get(st
+ struct snd_ctl_elem_value *ucontrol)
+ {
+ struct via82xx *chip = snd_kcontrol_chip(kcontrol);
+- unsigned int idx = snd_ctl_get_ioff(kcontrol, &ucontrol->id);
++ unsigned int idx = kcontrol->id.subdevice;
+
+ ucontrol->value.integer.value[0] = VIA_DXS_MAX_VOLUME - chip->playback_volume[idx][0];
+ ucontrol->value.integer.value[1] = VIA_DXS_MAX_VOLUME - chip->playback_volume[idx][1];
+@@ -1646,7 +1646,7 @@ static int snd_via8233_dxs_volume_put(st
+ struct snd_ctl_elem_value *ucontrol)
+ {
+ struct via82xx *chip = snd_kcontrol_chip(kcontrol);
+- unsigned int idx = snd_ctl_get_ioff(kcontrol, &ucontrol->id);
++ unsigned int idx = kcontrol->id.subdevice;
+ unsigned long port = chip->port + 0x10 * idx;
+ unsigned char val;
+ int i, change = 0;
+@@ -1705,11 +1705,12 @@ static struct snd_kcontrol_new snd_via82
+ };
+
+ static struct snd_kcontrol_new snd_via8233_dxs_volume_control __devinitdata = {
+- .name = "VIA DXS Playback Volume",
+- .iface = SNDRV_CTL_ELEM_IFACE_MIXER,
++ .iface = SNDRV_CTL_ELEM_IFACE_PCM,
++ .device = 0,
++ /* .subdevice set later */
++ .name = "PCM Playback Volume",
+ .access = (SNDRV_CTL_ELEM_ACCESS_READWRITE |
+ SNDRV_CTL_ELEM_ACCESS_TLV_READ),
+- .count = 4,
+ .info = snd_via8233_dxs_volume_info,
+ .get = snd_via8233_dxs_volume_get,
+ .put = snd_via8233_dxs_volume_put,
+@@ -1936,10 +1937,18 @@ static int __devinit snd_via8233_init_mi
+ }
+ else /* Using DXS when PCM emulation is enabled is really weird */
+ {
+- /* Standalone DXS controls */
+- err = snd_ctl_add(chip->card, snd_ctl_new1(&snd_via8233_dxs_volume_control, chip));
+- if (err < 0)
+- return err;
++ for (i = 0; i < 4; ++i) {
++ struct snd_kcontrol *kctl;
++
++ kctl = snd_ctl_new1(
++ &snd_via8233_dxs_volume_control, chip);
++ if (!kctl)
++ return -ENOMEM;
++ kctl->id.subdevice = i;
++ err = snd_ctl_add(chip->card, kctl);
++ if (err < 0)
++ return err;
++ }
+ }
+ }
+ /* select spdif data slot 10/11 */
--- /dev/null
+From e7247a15ff3bbdab0a8b402dffa1171e5c05a8e0 Mon Sep 17 00:00:00 2001
+From: jolsa@redhat.com <jolsa@redhat.com>
+Date: Wed, 7 Oct 2009 19:00:35 +0200
+Subject: tracing: correct module boundaries for ftrace_release
+
+From: jolsa@redhat.com <jolsa@redhat.com>
+
+commit e7247a15ff3bbdab0a8b402dffa1171e5c05a8e0 upstream.
+
+When the module is about the unload we release its call records.
+The ftrace_release function was given wrong values representing
+the module core boundaries, thus not releasing its call records.
+
+Plus making ftrace_release function module specific.
+
+Signed-off-by: Jiri Olsa <jolsa@redhat.com>
+LKML-Reference: <1254934835-363-3-git-send-email-jolsa@redhat.com>
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/linux/ftrace.h | 2 +-
+ kernel/trace/ftrace.c | 12 ++++--------
+ 2 files changed, 5 insertions(+), 9 deletions(-)
+
+--- a/include/linux/ftrace.h
++++ b/include/linux/ftrace.h
+@@ -241,7 +241,7 @@ extern void ftrace_enable_daemon(void);
+ # define ftrace_set_filter(buf, len, reset) do { } while (0)
+ # define ftrace_disable_daemon() do { } while (0)
+ # define ftrace_enable_daemon() do { } while (0)
+-static inline void ftrace_release(void *start, unsigned long size) { }
++static inline void ftrace_release_mod(struct module *mod) {}
+ static inline int register_ftrace_command(struct ftrace_func_command *cmd)
+ {
+ return -EINVAL;
+--- a/kernel/trace/ftrace.c
++++ b/kernel/trace/ftrace.c
+@@ -2801,19 +2801,17 @@ static int ftrace_convert_nops(struct mo
+ }
+
+ #ifdef CONFIG_MODULES
+-void ftrace_release(void *start, void *end)
++void ftrace_release_mod(struct module *mod)
+ {
+ struct dyn_ftrace *rec;
+ struct ftrace_page *pg;
+- unsigned long s = (unsigned long)start;
+- unsigned long e = (unsigned long)end;
+
+- if (ftrace_disabled || !start || start == end)
++ if (ftrace_disabled)
+ return;
+
+ mutex_lock(&ftrace_lock);
+ do_for_each_ftrace_rec(pg, rec) {
+- if ((rec->ip >= s) && (rec->ip < e)) {
++ if (within_module_core(rec->ip, mod)) {
+ /*
+ * rec->ip is changed in ftrace_free_rec()
+ * It should not between s and e if record was freed.
+@@ -2845,9 +2843,7 @@ static int ftrace_module_notify(struct n
+ mod->num_ftrace_callsites);
+ break;
+ case MODULE_STATE_GOING:
+- ftrace_release(mod->ftrace_callsites,
+- mod->ftrace_callsites +
+- mod->num_ftrace_callsites);
++ ftrace_release_mod(mod);
+ break;
+ }
+
--- /dev/null
+From 0b5759c654e74c8dc317ea2c6b3a7476160f688a Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Sat, 3 Oct 2009 21:44:21 -0700
+Subject: tty: Avoid dropping ldisc_mutex over hangup tty re-initialization
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit 0b5759c654e74c8dc317ea2c6b3a7476160f688a upstream.
+
+A couple of people have hit the WARN_ON() in drivers/char/tty_io.c,
+tty_open() that is unhappy about seeing the tty line discipline go away
+during the tty hangup. See for example
+
+ http://bugzilla.kernel.org/show_bug.cgi?id=14255
+
+and the reason is that we do the tty_ldisc_halt() outside the
+ldisc_mutex in order to be able to flush the scheduled work without a
+deadlock with vhangup_work.
+
+However, it turns out that we can solve this particular case by
+
+ - using "cancel_delayed_work_sync()" in tty_ldisc_halt(), which waits
+ for just the particular work, rather than synchronizing with any
+ random outstanding pending work.
+
+ This won't deadlock, since the buf.work we synchronize with doesn't
+ care about the ldisc_mutex, it just flushes the tty ldisc buffers.
+
+ - realize that for this particular case, we don't need to wait for any
+ hangup work, because we are inside the hangup codepaths ourselves.
+
+so as a result we can just drop the flush_scheduled_work() entirely, and
+then move the tty_ldisc_halt() call to inside the mutex. That way we
+never expose the partially torn down ldisc state to tty_open(), and hold
+the ldisc_mutex over the whole sequence.
+
+Reported-by: Ingo Molnar <mingo@elte.hu>
+Reported-by: Heinz Diehl <htd@fancy-poultry.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/char/tty_ldisc.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+--- a/drivers/char/tty_ldisc.c
++++ b/drivers/char/tty_ldisc.c
+@@ -516,7 +516,7 @@ static void tty_ldisc_restore(struct tty
+ static int tty_ldisc_halt(struct tty_struct *tty)
+ {
+ clear_bit(TTY_LDISC, &tty->flags);
+- return cancel_delayed_work(&tty->buf.work);
++ return cancel_delayed_work_sync(&tty->buf.work);
+ }
+
+ /**
+@@ -754,12 +754,9 @@ void tty_ldisc_hangup(struct tty_struct
+ * N_TTY.
+ */
+ if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
+- /* Make sure the old ldisc is quiescent */
+- tty_ldisc_halt(tty);
+- flush_scheduled_work();
+-
+ /* Avoid racing set_ldisc or tty_ldisc_release */
+ mutex_lock(&tty->ldisc_mutex);
++ tty_ldisc_halt(tty);
+ if (tty->ldisc) { /* Not yet closed */
+ /* Switch back to N_TTY */
+ tty_ldisc_reinit(tty);
--- /dev/null
+From 24e35800cdc4350fc34e2bed37b608a9e13ab3b6 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <JBeulich@novell.com>
+Date: Wed, 30 Sep 2009 11:22:11 +0100
+Subject: x86: Don't leak 64-bit kernel register values to 32-bit processes
+
+From: Jan Beulich <JBeulich@novell.com>
+
+commit 24e35800cdc4350fc34e2bed37b608a9e13ab3b6 upstream.
+
+While 32-bit processes can't directly access R8...R15, they can
+gain access to these registers by temporarily switching themselves
+into 64-bit mode.
+
+Therefore, registers not preserved anyway by called C functions
+(i.e. R8...R11) must be cleared prior to returning to user mode.
+
+Signed-off-by: Jan Beulich <jbeulich@novell.com>
+LKML-Reference: <4AC34D73020000780001744A@vpn.id2.novell.com>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+--- a/arch/x86/ia32/ia32entry.S
++++ b/arch/x86/ia32/ia32entry.S
+@@ -21,8 +21,8 @@
+ #define __AUDIT_ARCH_LE 0x40000000
+
+ #ifndef CONFIG_AUDITSYSCALL
+-#define sysexit_audit int_ret_from_sys_call
+-#define sysretl_audit int_ret_from_sys_call
++#define sysexit_audit ia32_ret_from_sys_call
++#define sysretl_audit ia32_ret_from_sys_call
+ #endif
+
+ #define IA32_NR_syscalls ((ia32_syscall_end - ia32_sys_call_table)/8)
+@@ -39,12 +39,12 @@
+ .endm
+
+ /* clobbers %eax */
+- .macro CLEAR_RREGS _r9=rax
++ .macro CLEAR_RREGS offset=0, _r9=rax
+ xorl %eax,%eax
+- movq %rax,R11(%rsp)
+- movq %rax,R10(%rsp)
+- movq %\_r9,R9(%rsp)
+- movq %rax,R8(%rsp)
++ movq %rax,\offset+R11(%rsp)
++ movq %rax,\offset+R10(%rsp)
++ movq %\_r9,\offset+R9(%rsp)
++ movq %rax,\offset+R8(%rsp)
+ .endm
+
+ /*
+@@ -172,6 +172,10 @@ sysexit_from_sys_call:
+ movl RIP-R11(%rsp),%edx /* User %eip */
+ CFI_REGISTER rip,rdx
+ RESTORE_ARGS 1,24,1,1,1,1
++ xorq %r8,%r8
++ xorq %r9,%r9
++ xorq %r10,%r10
++ xorq %r11,%r11
+ popfq
+ CFI_ADJUST_CFA_OFFSET -8
+ /*CFI_RESTORE rflags*/
+@@ -202,7 +206,7 @@ sysexit_from_sys_call:
+
+ .macro auditsys_exit exit,ebpsave=RBP
+ testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10)
+- jnz int_ret_from_sys_call
++ jnz ia32_ret_from_sys_call
+ TRACE_IRQS_ON
+ sti
+ movl %eax,%esi /* second arg, syscall return value */
+@@ -218,8 +222,9 @@ sysexit_from_sys_call:
+ cli
+ TRACE_IRQS_OFF
+ testl %edi,TI_flags(%r10)
+- jnz int_with_check
+- jmp \exit
++ jz \exit
++ CLEAR_RREGS -ARGOFFSET
++ jmp int_with_check
+ .endm
+
+ sysenter_auditsys:
+@@ -329,6 +334,9 @@ sysretl_from_sys_call:
+ CFI_REGISTER rip,rcx
+ movl EFLAGS-ARGOFFSET(%rsp),%r11d
+ /*CFI_REGISTER rflags,r11*/
++ xorq %r10,%r10
++ xorq %r9,%r9
++ xorq %r8,%r8
+ TRACE_IRQS_ON
+ movl RSP-ARGOFFSET(%rsp),%esp
+ CFI_RESTORE rsp
+@@ -353,7 +361,7 @@ cstar_tracesys:
+ #endif
+ xchgl %r9d,%ebp
+ SAVE_REST
+- CLEAR_RREGS r9
++ CLEAR_RREGS 0, r9
+ movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
+ movq %rsp,%rdi /* &pt_regs -> arg1 */
+ call syscall_trace_enter
+@@ -425,6 +433,8 @@ ia32_do_call:
+ call *ia32_sys_call_table(,%rax,8) # xxx: rip relative
+ ia32_sysret:
+ movq %rax,RAX-ARGOFFSET(%rsp)
++ia32_ret_from_sys_call:
++ CLEAR_RREGS -ARGOFFSET
+ jmp int_ret_from_sys_call
+
+ ia32_tracesys:
+@@ -442,8 +452,8 @@ END(ia32_syscall)
+
+ ia32_badsys:
+ movq $0,ORIG_RAX-ARGOFFSET(%rsp)
+- movq $-ENOSYS,RAX-ARGOFFSET(%rsp)
+- jmp int_ret_from_sys_call
++ movq $-ENOSYS,%rax
++ jmp ia32_sysret
+
+ quiet_ni_syscall:
+ movq $-ENOSYS,%rax
--- /dev/null
+From 392d814daf460a9564d29b2cebc51e1ea34e0504 Mon Sep 17 00:00:00 2001
+From: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Date: Thu, 1 Oct 2009 15:44:02 -0700
+Subject: x86: fix csum_ipv6_magic asm memory clobber
+
+From: Samuel Thibault <samuel.thibault@ens-lyon.org>
+
+commit 392d814daf460a9564d29b2cebc51e1ea34e0504 upstream.
+
+Just like ip_fast_csum, the assembly snippet in csum_ipv6_magic needs a
+memory clobber, as it is only passed the address of the buffer, not a
+memory reference to the buffer itself.
+
+This caused failures in Hurd's pfinetv4 when we tried to compile it with
+gcc-4.3 (bogus checksums).
+
+Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Cc: Ingo Molnar <mingo@elte.hu>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Acked-by: "David S. Miller" <davem@davemloft.net>
+Cc: Andi Kleen <andi@firstfloor.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/include/asm/checksum_32.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/include/asm/checksum_32.h
++++ b/arch/x86/include/asm/checksum_32.h
+@@ -161,7 +161,8 @@ static inline __sum16 csum_ipv6_magic(co
+ "adcl $0, %0 ;\n"
+ : "=&r" (sum)
+ : "r" (saddr), "r" (daddr),
+- "r" (htonl(len)), "r" (htonl(proto)), "0" (sum));
++ "r" (htonl(len)), "r" (htonl(proto)), "0" (sum)
++ : "memory");
+
+ return csum_fold(sum);
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
