--- /dev/null
+From lenb@kernel.org Thu Dec 11 08:47:13 2008
+From: Len Brown <lenb@kernel.org>
+Date: Mon, 08 Dec 2008 16:03:07 -0500 (EST)
+Subject: ACPI: delete OSI(Linux) DMI dmesg spam
+To: stable@kernel.org
+Message-ID: <alpine.LFD.2.00.0812081556060.4406@localhost.localdomain>
+
+From: Len Brown <lenb@kernel.org>
+
+With the 2.6.28 commit a6e0887f21bbab337ee32d9c0a84d7c0b6e9141b, we now
+have fixed up the ACPI DMI code, so stop asking for people to report the
+issues to the acpi developers, it is no longer needed at all.
+
+Signed-off-by: Len Brown <len.brown@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/acpi/osl.c | 36 ------------------------------------
+ 1 file changed, 36 deletions(-)
+
+--- a/drivers/acpi/osl.c
++++ b/drivers/acpi/osl.c
+@@ -1261,34 +1261,6 @@ acpi_status acpi_os_release_object(acpi_
+ return (AE_OK);
+ }
+
+-/**
+- * acpi_dmi_dump - dump DMI slots needed for blacklist entry
+- *
+- * Returns 0 on success
+- */
+-static int acpi_dmi_dump(void)
+-{
+-
+- if (!dmi_available)
+- return -1;
+-
+- printk(KERN_NOTICE PREFIX "DMI System Vendor: %s\n",
+- dmi_get_system_info(DMI_SYS_VENDOR));
+- printk(KERN_NOTICE PREFIX "DMI Product Name: %s\n",
+- dmi_get_system_info(DMI_PRODUCT_NAME));
+- printk(KERN_NOTICE PREFIX "DMI Product Version: %s\n",
+- dmi_get_system_info(DMI_PRODUCT_VERSION));
+- printk(KERN_NOTICE PREFIX "DMI Board Name: %s\n",
+- dmi_get_system_info(DMI_BOARD_NAME));
+- printk(KERN_NOTICE PREFIX "DMI BIOS Vendor: %s\n",
+- dmi_get_system_info(DMI_BIOS_VENDOR));
+- printk(KERN_NOTICE PREFIX "DMI BIOS Date: %s\n",
+- dmi_get_system_info(DMI_BIOS_DATE));
+-
+- return 0;
+-}
+-
+-
+ /******************************************************************************
+ *
+ * FUNCTION: acpi_os_validate_interface
+@@ -1315,14 +1287,6 @@ acpi_os_validate_interface (char *interf
+ osi_linux.cmdline ? " via cmdline" :
+ osi_linux.dmi ? " via DMI" : "");
+
+- if (!osi_linux.dmi) {
+- if (acpi_dmi_dump())
+- printk(KERN_NOTICE PREFIX
+- "[please extract dmidecode output]\n");
+- printk(KERN_NOTICE PREFIX
+- "Please send DMI info above to "
+- "linux-acpi@vger.kernel.org\n");
+- }
+ if (!osi_linux.known && !osi_linux.cmdline) {
+ printk(KERN_NOTICE PREFIX
+ "If \"acpi_osi=%sLinux\" works better, "
--- /dev/null
+From bf2a9a39639b8b51377905397a5005f444e9a892 Mon Sep 17 00:00:00 2001
+From: Kirill A. Shutemov <kirill@shutemov.name>
+Date: Wed, 15 Oct 2008 22:02:39 -0700
+Subject: Allow recursion in binfmt_script and binfmt_misc
+
+From: Kirill A. Shutemov <kirill@shutemov.name>
+
+commit bf2a9a39639b8b51377905397a5005f444e9a892 upstream.
+
+binfmt_script and binfmt_misc disallow recursion to avoid stack overflow
+using sh_bang and misc_bang. It causes problem in some cases:
+
+$ echo '#!/bin/ls' > /tmp/t0
+$ echo '#!/tmp/t0' > /tmp/t1
+$ echo '#!/tmp/t1' > /tmp/t2
+$ chmod +x /tmp/t*
+$ /tmp/t2
+zsh: exec format error: /tmp/t2
+
+Similar problem with binfmt_misc.
+
+This patch introduces field 'recursion_depth' into struct linux_binprm to
+track recursion level in binfmt_misc and binfmt_script. If recursion
+level more then BINPRM_MAX_RECURSION it generates -ENOEXEC.
+
+[akpm@linux-foundation.org: make linux_binprm.recursion_depth a uint]
+Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
+Cc: Pavel Emelyanov <xemul@openvz.org>
+Cc: Alexander Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/binfmt_em86.c | 2 +-
+ fs/binfmt_misc.c | 4 ++--
+ fs/binfmt_script.c | 5 +++--
+ include/linux/binfmts.h | 2 ++
+ 4 files changed, 8 insertions(+), 5 deletions(-)
+
+--- a/fs/binfmt_em86.c
++++ b/fs/binfmt_em86.c
+@@ -43,7 +43,7 @@ static int load_em86(struct linux_binprm
+ return -ENOEXEC;
+ }
+
+- bprm->sh_bang = 1; /* Well, the bang-shell is implicit... */
++ bprm->recursion_depth++; /* Well, the bang-shell is implicit... */
+ allow_write_access(bprm->file);
+ fput(bprm->file);
+ bprm->file = NULL;
+--- a/fs/binfmt_misc.c
++++ b/fs/binfmt_misc.c
+@@ -117,7 +117,7 @@ static int load_misc_binary(struct linux
+ goto _ret;
+
+ retval = -ENOEXEC;
+- if (bprm->misc_bang)
++ if (bprm->recursion_depth > BINPRM_MAX_RECURSION)
+ goto _ret;
+
+ /* to keep locking time low, we copy the interpreter string */
+@@ -197,7 +197,7 @@ static int load_misc_binary(struct linux
+ if (retval < 0)
+ goto _error;
+
+- bprm->misc_bang = 1;
++ bprm->recursion_depth++;
+
+ retval = search_binary_handler (bprm, regs);
+ if (retval < 0)
+--- a/fs/binfmt_script.c
++++ b/fs/binfmt_script.c
+@@ -22,14 +22,15 @@ static int load_script(struct linux_binp
+ char interp[BINPRM_BUF_SIZE];
+ int retval;
+
+- if ((bprm->buf[0] != '#') || (bprm->buf[1] != '!') || (bprm->sh_bang))
++ if ((bprm->buf[0] != '#') || (bprm->buf[1] != '!') ||
++ (bprm->recursion_depth > BINPRM_MAX_RECURSION))
+ return -ENOEXEC;
+ /*
+ * This section does the #! interpretation.
+ * Sorta complicated, but hopefully it will work. -TYT
+ */
+
+- bprm->sh_bang = 1;
++ bprm->recursion_depth++;
+ allow_write_access(bprm->file);
+ fput(bprm->file);
+ bprm->file = NULL;
+--- a/include/linux/binfmts.h
++++ b/include/linux/binfmts.h
+@@ -36,6 +36,7 @@ struct linux_binprm{
+ unsigned long p; /* current top of mem */
+ unsigned int sh_bang:1,
+ misc_bang:1;
++ unsigned int recursion_depth;
+ struct file * file;
+ int e_uid, e_gid;
+ kernel_cap_t cap_post_exec_permitted;
+@@ -58,6 +59,7 @@ struct linux_binprm{
+ #define BINPRM_FLAGS_EXECFD_BIT 1
+ #define BINPRM_FLAGS_EXECFD (1 << BINPRM_FLAGS_EXECFD_BIT)
+
++#define BINPRM_MAX_RECURSION 4
+
+ /*
+ * This structure defines the functions that are used to load the binary formats that
--- /dev/null
+From jacmet@sunsite.dk Thu Dec 11 08:34:44 2008
+From: Peter Korsgaard <jacmet@sunsite.dk>
+Date: Mon, 6 Oct 2008 10:02:58 +0200
+Subject: atv: hid quirk for appletv IR receiver
+To: Greg KH <gregkh@suse.de>
+Message-ID: <87hc5boh5d.fsf@macbook.be.48ers.dk>
+
+From: Peter Korsgaard <jacmet@sunsite.dk>
+
+(2.6.27 backport of 0f492f2a)
+
+Similar to the existing IRCONTROL4 handling
+
+Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/hid/usbhid/hid-quirks.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/hid/usbhid/hid-quirks.c
++++ b/drivers/hid/usbhid/hid-quirks.c
+@@ -83,6 +83,7 @@
+ #define USB_DEVICE_ID_APPLE_WELLSPRING2_JIS 0x0232
+ #define USB_DEVICE_ID_APPLE_FOUNTAIN_TP_ONLY 0x030a
+ #define USB_DEVICE_ID_APPLE_GEYSER1_TP_ONLY 0x030b
++#define USB_DEVICE_ID_APPLE_ATV_IRCONTROL 0x8241
+ #define USB_DEVICE_ID_APPLE_IRCONTROL4 0x8242
+
+ #define USB_VENDOR_ID_ASUS 0x0b05
+@@ -458,6 +459,7 @@ static const struct hid_blacklist {
+ { USB_VENDOR_ID_AFATECH, USB_DEVICE_ID_AFATECH_AF9016, HID_QUIRK_FULLSPEED_INTERVAL },
+
+ { USB_VENDOR_ID_BELKIN, USB_DEVICE_ID_FLIP_KVM, HID_QUIRK_HIDDEV },
++ { USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_ATV_IRCONTROL, HID_QUIRK_HIDDEV | HID_QUIRK_IGNORE_HIDINPUT },
+ { USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_IRCONTROL4, HID_QUIRK_HIDDEV | HID_QUIRK_IGNORE_HIDINPUT },
+ { USB_VENDOR_ID_SAMSUNG, USB_DEVICE_ID_SAMSUNG_IR_REMOTE, HID_QUIRK_HIDDEV | HID_QUIRK_IGNORE_HIDINPUT },
+ { USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_SIDEWINDER_GV, HID_QUIRK_HIDINPUT },
--- /dev/null
+From jlayton@redhat.com Thu Dec 11 08:49:55 2008
+From: Jeff Layton <jlayton@redhat.com>
+Date: Wed, 10 Dec 2008 06:44:29 -0500
+Subject: cifs: fix a regression in cifs umount codepath
+To: greg@kroah.com, stable@kernel.org
+Cc: smfrench@gmail.com, shirishp@us.ibm.com, sjayaraman@suse.de
+Message-ID: <1228909469-438-1-git-send-email-jlayton@redhat.com>
+
+From: Jeff Layton <jlayton@redhat.com>
+
+backport of 469ee614aaa367d9cde01cbdd2027212f56c6cc6 upstream.
+
+Several cifs patches were added to 2.6.27.8 to fix some races in the
+mount/umount codepath. When this was done, a couple of prerequisite
+patches were missed causing a minor regression.
+
+When the last cifs mount to a server goes away, the kthread that manages
+the socket is supposed to come down. The patches that went into 2.6.27.8
+removed the kthread_stop calls that used to take down these threads, but
+left the thread function expecting them. This made the thread stay up
+even after the last mount was gone.
+
+This patch should fix up this regression and also prevent a possible
+race where a dead task could be signalled.
+
+Signed-off-by: Jeff Layton <jlayton@redhat.com>
+Cc: Suresh Jayaraman <sjayaraman@suse.de>
+Acked-by: Steve French <smfrench@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/cifs/connect.c | 36 +++++++++++++++++++++---------------
+ 1 file changed, 21 insertions(+), 15 deletions(-)
+
+--- a/fs/cifs/connect.c
++++ b/fs/cifs/connect.c
+@@ -128,7 +128,7 @@ cifs_reconnect(struct TCP_Server_Info *s
+ struct mid_q_entry *mid_entry;
+
+ spin_lock(&GlobalMid_Lock);
+- if (kthread_should_stop()) {
++ if (server->tcpStatus == CifsExiting) {
+ /* the demux thread will exit normally
+ next time through the loop */
+ spin_unlock(&GlobalMid_Lock);
+@@ -182,7 +182,8 @@ cifs_reconnect(struct TCP_Server_Info *s
+ spin_unlock(&GlobalMid_Lock);
+ up(&server->tcpSem);
+
+- while ((!kthread_should_stop()) && (server->tcpStatus != CifsGood)) {
++ while ((server->tcpStatus != CifsExiting) &&
++ (server->tcpStatus != CifsGood)) {
+ try_to_freeze();
+ if (server->addr.sockAddr6.sin6_family == AF_INET6) {
+ rc = ipv6_connect(&server->addr.sockAddr6,
+@@ -200,7 +201,7 @@ cifs_reconnect(struct TCP_Server_Info *s
+ } else {
+ atomic_inc(&tcpSesReconnectCount);
+ spin_lock(&GlobalMid_Lock);
+- if (!kthread_should_stop())
++ if (server->tcpStatus != CifsExiting)
+ server->tcpStatus = CifsGood;
+ server->sequence_number = 0;
+ spin_unlock(&GlobalMid_Lock);
+@@ -355,7 +356,7 @@ cifs_demultiplex_thread(struct TCP_Serve
+ GFP_KERNEL);
+
+ set_freezable();
+- while (!kthread_should_stop()) {
++ while (server->tcpStatus != CifsExiting) {
+ if (try_to_freeze())
+ continue;
+ if (bigbuf == NULL) {
+@@ -396,7 +397,7 @@ incomplete_rcv:
+ kernel_recvmsg(csocket, &smb_msg,
+ &iov, 1, pdu_length, 0 /* BB other flags? */);
+
+- if (kthread_should_stop()) {
++ if (server->tcpStatus == CifsExiting) {
+ break;
+ } else if (server->tcpStatus == CifsNeedReconnect) {
+ cFYI(1, ("Reconnect after server stopped responding"));
+@@ -527,7 +528,7 @@ incomplete_rcv:
+ total_read += length) {
+ length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
+ pdu_length - total_read, 0);
+- if (kthread_should_stop() ||
++ if ((server->tcpStatus == CifsExiting) ||
+ (length == -EINTR)) {
+ /* then will exit */
+ reconnect = 2;
+@@ -661,14 +662,6 @@ multi_t2_fnd:
+ spin_unlock(&GlobalMid_Lock);
+ wake_up_all(&server->response_q);
+
+- /* don't exit until kthread_stop is called */
+- set_current_state(TASK_UNINTERRUPTIBLE);
+- while (!kthread_should_stop()) {
+- schedule();
+- set_current_state(TASK_UNINTERRUPTIBLE);
+- }
+- set_current_state(TASK_RUNNING);
+-
+ /* check if we have blocked requests that need to free */
+ /* Note that cifs_max_pending is normally 50, but
+ can be set at module install time to as little as two */
+@@ -764,6 +757,7 @@ multi_t2_fnd:
+ read_unlock(&cifs_tcp_ses_lock);
+
+ kfree(server->hostname);
++ task_to_wake = xchg(&server->tsk, NULL);
+ kfree(server);
+
+ length = atomic_dec_return(&tcpSesAllocCount);
+@@ -771,6 +765,16 @@ multi_t2_fnd:
+ mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
+ GFP_KERNEL);
+
++ /* if server->tsk was NULL then wait for a signal before exiting */
++ if (!task_to_wake) {
++ set_current_state(TASK_INTERRUPTIBLE);
++ while (!signal_pending(current)) {
++ schedule();
++ set_current_state(TASK_INTERRUPTIBLE);
++ }
++ set_current_state(TASK_RUNNING);
++ }
++
+ return 0;
+ }
+
+@@ -2310,7 +2314,7 @@ cifs_mount(struct super_block *sb, struc
+ /* on error free sesinfo and tcon struct if needed */
+ mount_fail_check:
+ if (rc) {
+- /* If find_unc succeeded then rc == 0 so we can not end */
++ /* If find_unc succeeded then rc == 0 so we can not end */
+ /* up accidently freeing someone elses tcon struct */
+ if (tcon)
+ cifs_put_tcon(tcon);
+@@ -3715,8 +3719,10 @@ int cifs_setup_session(unsigned int xid,
+ cERROR(1, ("Send error in SessSetup = %d", rc));
+ } else {
+ cFYI(1, ("CIFS Session Established successfully"));
++ spin_lock(&GlobalMid_Lock);
+ pSesInfo->status = CifsGood;
+ pSesInfo->need_reconnect = false;
++ spin_unlock(&GlobalMid_Lock);
+ }
+
+ ss_err_exit:
--- /dev/null
+From b88ed20594db2c685555b68c52b693b75738b2f5 Mon Sep 17 00:00:00 2001
+From: Hugh Dickins <hugh@veritas.com>
+Date: Wed, 10 Dec 2008 20:48:52 +0000
+Subject: fix mapping_writably_mapped()
+
+From: Hugh Dickins <hugh@veritas.com>
+
+commit b88ed20594db2c685555b68c52b693b75738b2f5 upstream.
+
+Lee Schermerhorn noticed yesterday that I broke the mapping_writably_mapped
+test in 2.6.7! Bad bad bug, good good find.
+
+The i_mmap_writable count must be incremented for VM_SHARED (just as
+i_writecount is for VM_DENYWRITE, but while holding the i_mmap_lock)
+when dup_mmap() copies the vma for fork: it has its own more optimal
+version of __vma_link_file(), and I missed this out. So the count
+was later going down to 0 (dangerous) when one end unmapped, then
+wrapping negative (inefficient) when the other end unmapped.
+
+The only impact on x86 would have been that setting a mandatory lock on
+a file which has at some time been opened O_RDWR and mapped MAP_SHARED
+(but not necessarily PROT_WRITE) across a fork, might fail with -EAGAIN
+when it should succeed, or succeed when it should fail.
+
+But those architectures which rely on flush_dcache_page() to flush
+userspace modifications back into the page before the kernel reads it,
+may in some cases have skipped the flush after such a fork - though any
+repetitive test will soon wrap the count negative, in which case it will
+flush_dcache_page() unnecessarily.
+
+Fix would be a two-liner, but mapping variable added, and comment moved.
+
+Reported-by: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
+Signed-off-by: Hugh Dickins <hugh@veritas.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/fork.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -313,17 +313,20 @@ static int dup_mmap(struct mm_struct *mm
+ file = tmp->vm_file;
+ if (file) {
+ struct inode *inode = file->f_path.dentry->d_inode;
++ struct address_space *mapping = file->f_mapping;
++
+ get_file(file);
+ if (tmp->vm_flags & VM_DENYWRITE)
+ atomic_dec(&inode->i_writecount);
+-
+- /* insert tmp into the share list, just after mpnt */
+- spin_lock(&file->f_mapping->i_mmap_lock);
++ spin_lock(&mapping->i_mmap_lock);
++ if (tmp->vm_flags & VM_SHARED)
++ mapping->i_mmap_writable++;
+ tmp->vm_truncate_count = mpnt->vm_truncate_count;
+- flush_dcache_mmap_lock(file->f_mapping);
++ flush_dcache_mmap_lock(mapping);
++ /* insert tmp into the share list, just after mpnt */
+ vma_prio_tree_add(tmp, mpnt);
+- flush_dcache_mmap_unlock(file->f_mapping);
+- spin_unlock(&file->f_mapping->i_mmap_lock);
++ flush_dcache_mmap_unlock(mapping);
++ spin_unlock(&mapping->i_mmap_lock);
+ }
+
+ /*
--- /dev/null
+From 49c50342c728344b79c8f9e8293637fe80ef5ad5 Mon Sep 17 00:00:00 2001
+From: Matt Mackall <mpm@selenic.com>
+Date: Tue, 9 Dec 2008 13:14:21 -0800
+Subject: pagemap: fix 32-bit pagemap regression
+
+From: Matt Mackall <mpm@selenic.com>
+
+commit 49c50342c728344b79c8f9e8293637fe80ef5ad5 upstream.
+
+The large pages fix from bcf8039ed45 broke 32-bit pagemap by pulling the
+pagemap entry code out into a function with the wrong return type.
+Pagemap entries are 64 bits on all systems and unsigned long is only 32
+bits on 32-bit systems.
+
+Signed-off-by: Matt Mackall <mpm@selenic.com>
+Reported-by: Doug Graham <dgraham@nortel.com>
+Cc: Alexey Dobriyan <adobriyan@gmail.com>
+Cc: Dave Hansen <dave@linux.vnet.ibm.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/proc/task_mmu.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/fs/proc/task_mmu.c
++++ b/fs/proc/task_mmu.c
+@@ -563,9 +563,9 @@ static u64 swap_pte_to_pagemap_entry(pte
+ return swp_type(e) | (swp_offset(e) << MAX_SWAPFILES_SHIFT);
+ }
+
+-static unsigned long pte_to_pagemap_entry(pte_t pte)
++static u64 pte_to_pagemap_entry(pte_t pte)
+ {
+- unsigned long pme = 0;
++ u64 pme = 0;
+ if (is_swap_pte(pte))
+ pme = PM_PFRAME(swap_pte_to_pagemap_entry(pte))
+ | PM_PSHIFT(PAGE_SHIFT) | PM_SWAP;
--- /dev/null
+From 3b5dd45e947ecd21491e1658fba7bb4bc4a54995 Mon Sep 17 00:00:00 2001
+From: Alex Chiang <achiang@hp.com>
+Date: Mon, 1 Dec 2008 18:17:21 -0700
+Subject: PCI: stop leaking 'slot_name' in pci_create_slot
+
+From: Alex Chiang <achiang@hp.com>
+
+commit 3b5dd45e947ecd21491e1658fba7bb4bc4a54995 upstream.
+
+In pci_create_slot(), the local variable 'slot_name' is allocated by
+make_slot_name(), but never freed. We never use it after passing it to
+the kobject core, so we should free it upon function exit.
+
+Signed-off-by: Alex Chiang <achiang@hp.com>
+Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/pci/slot.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/pci/slot.c
++++ b/drivers/pci/slot.c
+@@ -243,6 +243,7 @@ placeholder:
+ __func__, pci_domain_nr(parent), parent->number, slot_nr);
+
+ out:
++ kfree(slot_name);
+ up_write(&pci_bus_sem);
+ return slot;
+ err:
--- /dev/null
+From 2a42d9dba7842422ffb2c02e75288a8bc2fd5065 Mon Sep 17 00:00:00 2001
+From: Thomas Renninger <trenn@suse.de>
+Date: Tue, 9 Dec 2008 13:05:09 +0100
+Subject: PCIe: ASPM: Break out of endless loop waiting for PCI config bits to switch
+
+From: Thomas Renninger <trenn@suse.de>
+
+commit 2a42d9dba7842422ffb2c02e75288a8bc2fd5065 upstream.
+
+Makes a Compaq 6735s boot reliably again. It used to hang in the loop
+on some boots. Give the link one second to train, otherwise break out
+of the loop and reset the previously set clock bits.
+
+Signed-off-by: Thomas Renninger <trenn@suse.de>
+Signed-off-by: Shaohua Li <shaohua.li@intel.com>
+Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
+Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/pci/pcie/aspm.c | 29 ++++++++++++++++++++++++++---
+ 1 file changed, 26 insertions(+), 3 deletions(-)
+
+--- a/drivers/pci/pcie/aspm.c
++++ b/drivers/pci/pcie/aspm.c
+@@ -16,6 +16,7 @@
+ #include <linux/pm.h>
+ #include <linux/init.h>
+ #include <linux/slab.h>
++#include <linux/jiffies.h>
+ #include <linux/pci-aspm.h>
+ #include "../pci.h"
+
+@@ -161,11 +162,12 @@ static void pcie_check_clock_pm(struct p
+ */
+ static void pcie_aspm_configure_common_clock(struct pci_dev *pdev)
+ {
+- int pos, child_pos;
++ int pos, child_pos, i = 0;
+ u16 reg16 = 0;
+ struct pci_dev *child_dev;
+ int same_clock = 1;
+-
++ unsigned long start_jiffies;
++ u16 child_regs[8], parent_reg;
+ /*
+ * all functions of a slot should have the same Slot Clock
+ * Configuration, so just check one function
+@@ -191,16 +193,19 @@ static void pcie_aspm_configure_common_c
+ child_pos = pci_find_capability(child_dev, PCI_CAP_ID_EXP);
+ pci_read_config_word(child_dev, child_pos + PCI_EXP_LNKCTL,
+ ®16);
++ child_regs[i] = reg16;
+ if (same_clock)
+ reg16 |= PCI_EXP_LNKCTL_CCC;
+ else
+ reg16 &= ~PCI_EXP_LNKCTL_CCC;
+ pci_write_config_word(child_dev, child_pos + PCI_EXP_LNKCTL,
+ reg16);
++ i++;
+ }
+
+ /* Configure upstream component */
+ pci_read_config_word(pdev, pos + PCI_EXP_LNKCTL, ®16);
++ parent_reg = reg16;
+ if (same_clock)
+ reg16 |= PCI_EXP_LNKCTL_CCC;
+ else
+@@ -212,12 +217,30 @@ static void pcie_aspm_configure_common_c
+ pci_write_config_word(pdev, pos + PCI_EXP_LNKCTL, reg16);
+
+ /* Wait for link training end */
+- while (1) {
++ /* break out after waiting for 1 second */
++ start_jiffies = jiffies;
++ while ((jiffies - start_jiffies) < HZ) {
+ pci_read_config_word(pdev, pos + PCI_EXP_LNKSTA, ®16);
+ if (!(reg16 & PCI_EXP_LNKSTA_LT))
+ break;
+ cpu_relax();
+ }
++ /* training failed -> recover */
++ if ((jiffies - start_jiffies) >= HZ) {
++ dev_printk (KERN_ERR, &pdev->dev, "ASPM: Could not configure"
++ " common clock\n");
++ i = 0;
++ list_for_each_entry(child_dev, &pdev->subordinate->devices,
++ bus_list) {
++ child_pos = pci_find_capability(child_dev,
++ PCI_CAP_ID_EXP);
++ pci_write_config_word(child_dev,
++ child_pos + PCI_EXP_LNKCTL,
++ child_regs[i]);
++ i++;
++ }
++ pci_write_config_word(pdev, pos + PCI_EXP_LNKCTL, parent_reg);
++ }
+ }
+
+ /*
--- /dev/null
+From b563cf59c4d67da7d671788a9848416bfa4180ab Mon Sep 17 00:00:00 2001
+From: Rene Herman <rene.herman@keyaccess.nl>
+Date: Wed, 15 Oct 2008 22:03:58 -0700
+Subject: pnp: make the resource type an unsigned long
+
+From: Rene Herman <rene.herman@keyaccess.nl>
+
+commit b563cf59c4d67da7d671788a9848416bfa4180ab upstream.
+
+PnP encodes the resource type directly as its struct resource->flags value
+which is an unsigned long. Make it so...
+
+Signed-off-by: Rene Herman <rene.herman@gmail.com>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Acked-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
+Cc: Andi Kleen <andi@firstfloor.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Rafael J. Wysocki <rjw@sisk.pl>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/pnp/base.h | 2 +-
+ drivers/pnp/quirks.c | 2 +-
+ drivers/pnp/resource.c | 4 ++--
+ include/linux/pnp.h | 6 ++++--
+ 4 files changed, 8 insertions(+), 6 deletions(-)
+
+--- a/drivers/pnp/base.h
++++ b/drivers/pnp/base.h
+@@ -147,7 +147,7 @@ char *pnp_resource_type_name(struct reso
+ void dbg_pnp_show_resources(struct pnp_dev *dev, char *desc);
+
+ void pnp_free_resources(struct pnp_dev *dev);
+-int pnp_resource_type(struct resource *res);
++unsigned long pnp_resource_type(struct resource *res);
+
+ struct pnp_resource {
+ struct list_head list;
+--- a/drivers/pnp/quirks.c
++++ b/drivers/pnp/quirks.c
+@@ -245,7 +245,7 @@ static void quirk_system_pci_resources(s
+ */
+ for_each_pci_dev(pdev) {
+ for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
+- unsigned int type;
++ unsigned long type;
+
+ type = pci_resource_flags(pdev, i) &
+ (IORESOURCE_IO | IORESOURCE_MEM);
+--- a/drivers/pnp/resource.c
++++ b/drivers/pnp/resource.c
+@@ -467,14 +467,14 @@ int pnp_check_dma(struct pnp_dev *dev, s
+ #endif
+ }
+
+-int pnp_resource_type(struct resource *res)
++unsigned long pnp_resource_type(struct resource *res)
+ {
+ return res->flags & (IORESOURCE_IO | IORESOURCE_MEM |
+ IORESOURCE_IRQ | IORESOURCE_DMA);
+ }
+
+ struct resource *pnp_get_resource(struct pnp_dev *dev,
+- unsigned int type, unsigned int num)
++ unsigned long type, unsigned int num)
+ {
+ struct pnp_resource *pnp_res;
+ struct resource *res;
+--- a/include/linux/pnp.h
++++ b/include/linux/pnp.h
+@@ -22,9 +22,11 @@ struct pnp_dev;
+ * Resource Management
+ */
+ #ifdef CONFIG_PNP
+-struct resource *pnp_get_resource(struct pnp_dev *, unsigned int, unsigned int);
++struct resource *pnp_get_resource(struct pnp_dev *dev, unsigned long type,
++ unsigned int num);
+ #else
+-static inline struct resource *pnp_get_resource(struct pnp_dev *dev, unsigned int type, unsigned int num)
++static inline struct resource *pnp_get_resource(struct pnp_dev *dev,
++ unsigned long type, unsigned int num)
+ {
+ return NULL;
+ }
--- /dev/null
+From 640d17d60e83401e10e66a0ab6e9e2d6350df656 Mon Sep 17 00:00:00 2001
+From: Grant Likely <grant.likely@secretlab.ca>
+Date: Thu, 4 Dec 2008 05:39:55 +0000
+Subject: powerpc/virtex5: Fix Virtex5 machine check handling
+
+From: Grant Likely <grant.likely@secretlab.ca>
+
+commit 640d17d60e83401e10e66a0ab6e9e2d6350df656 upstream.
+
+The 440x5 core in the Virtex5 uses the 440A type machine check
+(ie, they have MCSRR0/MCSRR1). They thus need to call the
+appropriate fixup function to hook the right variant of the
+exception.
+
+Without this, all machine checks become fatal due to loss
+of context when entering the exception handler.
+
+Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
+Signed-off-by: Josh Boyer <jwboyer@linux.vnet.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/powerpc/kernel/cpu_setup_44x.S | 1 +
+ arch/powerpc/kernel/cputable.c | 3 +++
+ 2 files changed, 4 insertions(+)
+
+--- a/arch/powerpc/kernel/cpu_setup_44x.S
++++ b/arch/powerpc/kernel/cpu_setup_44x.S
+@@ -35,6 +35,7 @@ _GLOBAL(__setup_cpu_440grx)
+ _GLOBAL(__setup_cpu_460ex)
+ _GLOBAL(__setup_cpu_460gt)
+ b __init_fpu_44x
++_GLOBAL(__setup_cpu_440x5)
+ _GLOBAL(__setup_cpu_440gx)
+ _GLOBAL(__setup_cpu_440spe)
+ b __fixup_440A_mcheck
+--- a/arch/powerpc/kernel/cputable.c
++++ b/arch/powerpc/kernel/cputable.c
+@@ -39,6 +39,7 @@ extern void __setup_cpu_440epx(unsigned
+ extern void __setup_cpu_440gx(unsigned long offset, struct cpu_spec* spec);
+ extern void __setup_cpu_440grx(unsigned long offset, struct cpu_spec* spec);
+ extern void __setup_cpu_440spe(unsigned long offset, struct cpu_spec* spec);
++extern void __setup_cpu_440x5(unsigned long offset, struct cpu_spec* spec);
+ extern void __setup_cpu_460ex(unsigned long offset, struct cpu_spec* spec);
+ extern void __setup_cpu_460gt(unsigned long offset, struct cpu_spec* spec);
+ extern void __setup_cpu_603(unsigned long offset, struct cpu_spec* spec);
+@@ -1463,6 +1464,8 @@ static struct cpu_spec __initdata cpu_sp
+ .cpu_user_features = COMMON_USER_BOOKE,
+ .icache_bsize = 32,
+ .dcache_bsize = 32,
++ .cpu_setup = __setup_cpu_440x5,
++ .machine_check = machine_check_440A,
+ .platform = "ppc440",
+ },
+ { /* 460EX */
--- /dev/null
+From 9a2bd244e18ffbb96c8b783210fda4eded7c7e6f Mon Sep 17 00:00:00 2001
+From: Brian King <brking@linux.vnet.ibm.com>
+Date: Tue, 9 Dec 2008 08:47:00 -0600
+Subject: sched: CPU remove deadlock fix
+
+From: Brian King <brking@linux.vnet.ibm.com>
+
+commit 9a2bd244e18ffbb96c8b783210fda4eded7c7e6f upstream.
+
+Impact: fix possible deadlock in CPU hot-remove path
+
+This patch fixes a possible deadlock scenario in the CPU remove path.
+migration_call grabs rq->lock, then wakes up everything on rq->migration_queue
+with the lock held. Then one of the tasks on the migration queue ends up
+calling tg_shares_up which then also tries to acquire the same rq->lock.
+
+[c000000058eab2e0] c000000000502078 ._spin_lock_irqsave+0x98/0xf0
+[c000000058eab370] c00000000008011c .tg_shares_up+0x10c/0x20c
+[c000000058eab430] c00000000007867c .walk_tg_tree+0xc4/0xfc
+[c000000058eab4d0] c0000000000840c8 .try_to_wake_up+0xb0/0x3c4
+[c000000058eab590] c0000000000799a0 .__wake_up_common+0x6c/0xe0
+[c000000058eab640] c00000000007ada4 .complete+0x54/0x80
+[c000000058eab6e0] c000000000509fa8 .migration_call+0x5fc/0x6f8
+[c000000058eab7c0] c000000000504074 .notifier_call_chain+0x68/0xe0
+[c000000058eab860] c000000000506568 ._cpu_down+0x2b0/0x3f4
+[c000000058eaba60] c000000000506750 .cpu_down+0xa4/0x108
+[c000000058eabb10] c000000000507e54 .store_online+0x44/0xa8
+[c000000058eabba0] c000000000396260 .sysdev_store+0x3c/0x50
+[c000000058eabc10] c0000000001a39b8 .sysfs_write_file+0x124/0x18c
+[c000000058eabcd0] c00000000013061c .vfs_write+0xd0/0x1bc
+[c000000058eabd70] c0000000001308a4 .sys_write+0x68/0x114
+[c000000058eabe30] c0000000000086b4 syscall_exit+0x0/0x40
+
+Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
+Acked-by: Peter Zijlstra <peterz@infradead.org>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/sched.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/kernel/sched.c
++++ b/kernel/sched.c
+@@ -6500,7 +6500,9 @@ migration_call(struct notifier_block *nf
+ req = list_entry(rq->migration_queue.next,
+ struct migration_req, list);
+ list_del_init(&req->list);
++ spin_unlock_irq(&rq->lock);
+ complete(&req->done);
++ spin_lock_irq(&rq->lock);
+ }
+ spin_unlock_irq(&rq->lock);
+ break;
x86-hpet-convert-warn_on-to-warn_on_once.patch
x86-memory-hotplug-remove-wrong-1-in-calling-init_memory_mapping.patch
x86-remove-debug-code-from-arch_add_memory.patch
+sched-cpu-remove-deadlock-fix.patch
+pci-stop-leaking-slot_name-in-pci_create_slot.patch
+pcie-aspm-break-out-of-endless-loop-waiting-for-pci-config-bits-to-switch.patch
+uml-boot-broken-due-to-buffer-overrun.patch
+pagemap-fix-32-bit-pagemap-regression.patch
+fix-mapping_writably_mapped.patch
+atv-hid-quirk-for-appletv-ir-receiver.patch
+allow-recursion-in-binfmt_script-and-binfmt_misc.patch
+tracehook-exec-double-reporting-fix.patch
+powerpc-virtex5-fix-virtex5-machine-check-handling.patch
+acpi-delete-osi-dmi-dmesg-spam.patch
+cifs-fix-a-regression-in-cifs-umount-codepath.patch
+pnp-make-the-resource-type-an-unsigned-long.patch
--- /dev/null
+From 85f334666a771680472722eee43ae0fc8730a619 Mon Sep 17 00:00:00 2001
+From: Roland McGrath <roland@redhat.com>
+Date: Tue, 9 Dec 2008 19:36:38 -0800
+Subject: tracehook: exec double-reporting fix
+
+From: Roland McGrath <roland@redhat.com>
+
+commit 85f334666a771680472722eee43ae0fc8730a619 upstream.
+
+The patch 6341c39 "tracehook: exec" introduced a small regression in
+2.6.27 regarding binfmt_misc exec event reporting. Since the reporting
+is now done in the common search_binary_handler() function, an exec
+of a misc binary will result in two (or possibly multiple) exec events
+being reported, instead of just a single one, because the misc handler
+contains a recursive call to search_binary_handler.
+
+To add to the confusion, if PTRACE_O_TRACEEXEC is not active, the multiple
+SIGTRAP signals will in fact cause only a single ptrace intercept, as the
+signals are not queued. However, if PTRACE_O_TRACEEXEC is on, the debugger
+will actually see multiple ptrace intercepts (PTRACE_EVENT_EXEC).
+
+The test program included below demonstrates the problem.
+
+This change fixes the bug by calling tracehook_report_exec() only in the
+outermost search_binary_handler() call (bprm->recursion_depth == 0).
+
+The additional change to restore bprm->recursion_depth after each binfmt
+load_binary call is actually superfluous for this bug, since we test the
+value saved on entry to search_binary_handler(). But it keeps the use of
+of the depth count to its most obvious expected meaning. Depending on what
+binfmt handlers do in certain cases, there could have been false-positive
+tests for recursion limits before this change.
+
+ /* Test program using PTRACE_O_TRACEEXEC.
+ This forks and exec's the first argument with the rest of the arguments,
+ while ptrace'ing. It expects to see one PTRACE_EVENT_EXEC stop and
+ then a successful exit, with no other signals or events in between.
+
+ Test for kernel doing two PTRACE_EVENT_EXEC stops for a binfmt_misc exec:
+
+ $ gcc -g traceexec.c -o traceexec
+ $ sudo sh -c 'echo :test:M::foobar::/bin/cat: > /proc/sys/fs/binfmt_misc/register'
+ $ echo 'foobar test' > ./foobar
+ $ chmod +x ./foobar
+ $ ./traceexec ./foobar; echo $?
+ ==> good <==
+ foobar test
+ 0
+ $
+ ==> bad <==
+ foobar test
+ unexpected status 0x4057f != 0
+ 3
+ $
+
+ */
+
+ #include <stdio.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <sys/ptrace.h>
+ #include <unistd.h>
+ #include <signal.h>
+ #include <stdlib.h>
+
+ static void
+ wait_for (pid_t child, int expect)
+ {
+ int status;
+ pid_t p = wait (&status);
+ if (p != child)
+ {
+ perror ("wait");
+ exit (2);
+ }
+ if (status != expect)
+ {
+ fprintf (stderr, "unexpected status %#x != %#x\n", status, expect);
+ exit (3);
+ }
+ }
+
+ int
+ main (int argc, char **argv)
+ {
+ pid_t child = fork ();
+
+ if (child < 0)
+ {
+ perror ("fork");
+ return 127;
+ }
+ else if (child == 0)
+ {
+ ptrace (PTRACE_TRACEME);
+ raise (SIGUSR1);
+ execv (argv[1], &argv[1]);
+ perror ("execve");
+ _exit (127);
+ }
+
+ wait_for (child, W_STOPCODE (SIGUSR1));
+
+ if (ptrace (PTRACE_SETOPTIONS, child,
+ 0L, (void *) (long) PTRACE_O_TRACEEXEC) != 0)
+ {
+ perror ("PTRACE_SETOPTIONS");
+ return 4;
+ }
+
+ if (ptrace (PTRACE_CONT, child, 0L, 0L) != 0)
+ {
+ perror ("PTRACE_CONT");
+ return 5;
+ }
+
+ wait_for (child, W_STOPCODE (SIGTRAP | (PTRACE_EVENT_EXEC << 8)));
+
+ if (ptrace (PTRACE_CONT, child, 0L, 0L) != 0)
+ {
+ perror ("PTRACE_CONT");
+ return 6;
+ }
+
+ wait_for (child, W_EXITCODE (0, 0));
+
+ return 0;
+ }
+
+Reported-by: Arnd Bergmann <arnd@arndb.de>
+CC: Ulrich Weigand <ulrich.weigand@de.ibm.com>
+Signed-off-by: Roland McGrath <roland@redhat.com>
+Acked-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/exec.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -1164,6 +1164,7 @@ EXPORT_SYMBOL(remove_arg_zero);
+ */
+ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
+ {
++ unsigned int depth = bprm->recursion_depth;
+ int try,retval;
+ struct linux_binfmt *fmt;
+ #ifdef __alpha__
+@@ -1224,8 +1225,15 @@ int search_binary_handler(struct linux_b
+ continue;
+ read_unlock(&binfmt_lock);
+ retval = fn(bprm, regs);
++ /*
++ * Restore the depth counter to its starting value
++ * in this call, so we don't have to rely on every
++ * load_binary function to restore it on return.
++ */
++ bprm->recursion_depth = depth;
+ if (retval >= 0) {
+- tracehook_report_exec(fmt, bprm, regs);
++ if (depth == 0)
++ tracehook_report_exec(fmt, bprm, regs);
+ put_binfmt(fmt);
+ allow_write_access(bprm->file);
+ if (bprm->file)
--- /dev/null
+From 361371201b60ffd686a694c848c1d5ad6061725f Mon Sep 17 00:00:00 2001
+From: Balbir Singh <balbir@linux.vnet.ibm.com>
+Date: Tue, 9 Dec 2008 13:14:07 -0800
+Subject: uml: boot broken due to buffer overrun
+
+From: Balbir Singh <balbir@linux.vnet.ibm.com>
+
+commit 361371201b60ffd686a694c848c1d5ad6061725f upstream.
+
+mconsole_init() passed 256 bytes as length in os_create_unix_socket, while
+the sizeof UNIX_PATH_MAX is 108. This patch fixes that problem and avoids
+a big overrun bug reported on UML bootup.
+
+sockaddr_un.sun_path is UNIX_PATH_MAX long which causes the problem.
+Reported-by: Vikas K Managutte <vikki.km@gmail.com>
+Reported-by: Sarvesh Kumar Lal Das <skldas@gmail.com>
+Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
+Reviewed-by: Pekka Enberg <penberg@cs.helsinki.fi>
+Reviewed-by: WANG Cong <wangcong@zeuux.org>
+Cc: Jeff Dike <jdike@addtoit.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/um/drivers/mconsole_kern.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/arch/um/drivers/mconsole_kern.c
++++ b/arch/um/drivers/mconsole_kern.c
+@@ -16,6 +16,8 @@
+ #include <linux/slab.h>
+ #include <linux/syscalls.h>
+ #include <linux/utsname.h>
++#include <linux/socket.h>
++#include <linux/un.h>
+ #include <linux/workqueue.h>
+ #include <linux/mutex.h>
+ #include <asm/uaccess.h>
+@@ -785,7 +787,7 @@ static int __init mconsole_init(void)
+ /* long to avoid size mismatch warnings from gcc */
+ long sock;
+ int err;
+- char file[256];
++ char file[UNIX_PATH_MAX];
+
+ if (umid_file_name("mconsole", file, sizeof(file)))
+ return -1;
projects / thirdparty / kernel / stable-queue.git / commitdiff
