--- /dev/null
+From stable-bounces@linux.kernel.org Tue Feb 6 09:48:54 2007
+From: Larry Finger <Larry.Finger@lwfinger.net>
+Date: Tue, 06 Feb 2007 11:47:08 -0600
+Subject: bcm43xx: Fix for oops on ampdu status
+To: stable@kernel.org
+Message-ID: <45c8bf1c.IH7oaV4p9jun1avR%Larry.Finger@lwfinger.net>
+
+
+From: Michael Buesch <mb@bu3sch.de>
+
+If bcm43xx were to process an afterburner (ampdu) status response, Linux would oops. The
+ampdu and intermediate status bits are properly named.
+
+Signed-off-by: Michael Buesch <mb@bu3sch.de>
+Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/bcm43xx/bcm43xx_main.c | 8 +++-----
+ drivers/net/wireless/bcm43xx/bcm43xx_xmit.h | 10 ++--------
+ 2 files changed, 5 insertions(+), 13 deletions(-)
+
+--- linux-2.6.20.1.orig/drivers/net/wireless/bcm43xx/bcm43xx_main.c
++++ linux-2.6.20.1/drivers/net/wireless/bcm43xx/bcm43xx_main.c
+@@ -1453,12 +1453,10 @@ static void handle_irq_transmit_status(s
+
+ bcm43xx_debugfs_log_txstat(bcm, &stat);
+
+- if (stat.flags & BCM43xx_TXSTAT_FLAG_IGNORE)
++ if (stat.flags & BCM43xx_TXSTAT_FLAG_AMPDU)
++ continue;
++ if (stat.flags & BCM43xx_TXSTAT_FLAG_INTER)
+ continue;
+- if (!(stat.flags & BCM43xx_TXSTAT_FLAG_ACK)) {
+- //TODO: packet was not acked (was lost)
+- }
+- //TODO: There are more (unknown) flags to test. see bcm43xx_main.h
+
+ if (bcm43xx_using_pio(bcm))
+ bcm43xx_pio_handle_xmitstatus(bcm, &stat);
+--- linux-2.6.20.1.orig/drivers/net/wireless/bcm43xx/bcm43xx_xmit.h
++++ linux-2.6.20.1/drivers/net/wireless/bcm43xx/bcm43xx_xmit.h
+@@ -137,14 +137,8 @@ struct bcm43xx_xmitstatus {
+ u16 unknown; //FIXME
+ };
+
+-#define BCM43xx_TXSTAT_FLAG_ACK 0x01
+-//TODO #define BCM43xx_TXSTAT_FLAG_??? 0x02
+-//TODO #define BCM43xx_TXSTAT_FLAG_??? 0x04
+-//TODO #define BCM43xx_TXSTAT_FLAG_??? 0x08
+-//TODO #define BCM43xx_TXSTAT_FLAG_??? 0x10
+-#define BCM43xx_TXSTAT_FLAG_IGNORE 0x20
+-//TODO #define BCM43xx_TXSTAT_FLAG_??? 0x40
+-//TODO #define BCM43xx_TXSTAT_FLAG_??? 0x80
++#define BCM43xx_TXSTAT_FLAG_AMPDU 0x10
++#define BCM43xx_TXSTAT_FLAG_INTER 0x20
+
+ u8 bcm43xx_plcp_get_ratecode_cck(const u8 bitrate);
+ u8 bcm43xx_plcp_get_ratecode_ofdm(const u8 bitrate);
--- /dev/null
+From stable-bounces@linux.kernel.org Tue Feb 6 09:44:09 2007
+From: Larry Finger <Larry.Finger@lwfinger.net>
+Date: Tue, 06 Feb 2007 11:42:43 -0600
+Subject: bcm43xx: Fix for oops on resume
+To: stable@kernel.org
+Message-ID: <45c8be13.DBM29/YHWCi+ZIW2%Larry.Finger@lwfinger.net>
+
+
+There is a kernel oops on bcm43xx when resuming due to an overly tight timeout loop.
+
+Signed-off-by: Larry Finger<Larry.Finger@lwfinger.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/bcm43xx/bcm43xx.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- linux-2.6.20.1.orig/drivers/net/wireless/bcm43xx/bcm43xx.h
++++ linux-2.6.20.1/drivers/net/wireless/bcm43xx/bcm43xx.h
+@@ -21,7 +21,7 @@
+ #define PFX KBUILD_MODNAME ": "
+
+ #define BCM43xx_SWITCH_CORE_MAX_RETRIES 50
+-#define BCM43xx_IRQWAIT_MAX_RETRIES 50
++#define BCM43xx_IRQWAIT_MAX_RETRIES 100
+
+ #define BCM43xx_IO_SIZE 8192
+
--- /dev/null
+From stable-bounces@linux.kernel.org Mon Feb 5 04:48:48 2007
+From: Tejun Heo <htejun@gmail.com>
+Date: Mon, 5 Feb 2007 21:47:13 +0900
+Subject: ide: fix drive side 80c cable check
+To: Alan <alan@lxorguk.ukuu.org.uk>
+Cc: linux-ide@vger.kernel.org, stable@kernel.org, bzolnier@gmail.com
+Message-ID: <20070205124713.GL1625@htj.dyndns.org>
+Content-Disposition: inline
+
+
+eighty_ninty_three() had word 93 validitity check but not the 80c bit
+test itself (bit 12). This increases the chance of incorrect wire
+detection especially because host side cable detection is often
+unreliable and we sometimes soley depend on drive side cable
+detection. Fix it.
+
+Signed-off-by: Tejun Heo <htejun@gmail.com>
+Acked-by: Alan <alan@lxorguk.ukuu.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/ide/ide-iops.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- linux-2.6.20.1.orig/drivers/ide/ide-iops.c
++++ linux-2.6.20.1/drivers/ide/ide-iops.c
+@@ -607,6 +607,8 @@ u8 eighty_ninty_three (ide_drive_t *driv
+ if(!(drive->id->hw_config & 0x4000))
+ return 0;
+ #endif /* CONFIG_IDEDMA_IVB */
++ if (!(drive->id->hw_config & 0x2000))
++ return 0;
+ return 1;
+ }
+
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Feb 9 06:31:02 2007
+From: Chuck Ebbert <cebbert@redhat.com>
+Date: Fri, 09 Feb 2007 09:30:37 -0500
+Subject: Keys: Fix key serial number collision handling
+To: linux-stable <stable@kernel.org>
+Message-ID: <45CC858D.3090900@redhat.com>
+
+From: David Howells <dhowells@redhat.com>
+
+[PATCH] Keys: Fix key serial number collision handling
+
+Fix the key serial number collision avoidance code in key_alloc_serial().
+
+This didn't use to be so much of a problem as the key serial numbers were
+allocated from a simple incremental counter, and it would have to go through
+two billion keys before it could possibly encounter a collision. However, now
+that random numbers are used instead, collisions are much more likely.
+
+This is fixed by finding a hole in the rbtree where the next unused serial
+number ought to be and using that by going almost back to the top of the
+insertion routine and redoing the insertion with the new serial number rather
+than trying to be clever and attempting to work out the insertion point
+pointer directly.
+
+This fixes kernel BZ #7727.
+
+Signed-off-by: David Howells <dhowells@redhat.com>
+Cc: Chuck Ebbert <cebbert@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ security/keys/key.c | 33 ++++++++++++++-------------------
+ 1 file changed, 14 insertions(+), 19 deletions(-)
+
+--- linux-2.6.20.1.orig/security/keys/key.c
++++ linux-2.6.20.1/security/keys/key.c
+@@ -188,6 +188,7 @@ static inline void key_alloc_serial(stru
+
+ spin_lock(&key_serial_lock);
+
++attempt_insertion:
+ parent = NULL;
+ p = &key_serial_tree.rb_node;
+
+@@ -202,39 +203,33 @@ static inline void key_alloc_serial(stru
+ else
+ goto serial_exists;
+ }
+- goto insert_here;
++
++ /* we've found a suitable hole - arrange for this key to occupy it */
++ rb_link_node(&key->serial_node, parent, p);
++ rb_insert_color(&key->serial_node, &key_serial_tree);
++
++ spin_unlock(&key_serial_lock);
++ return;
+
+ /* we found a key with the proposed serial number - walk the tree from
+ * that point looking for the next unused serial number */
+ serial_exists:
+ for (;;) {
+ key->serial++;
+- if (key->serial < 2)
+- key->serial = 2;
+-
+- if (!rb_parent(parent))
+- p = &key_serial_tree.rb_node;
+- else if (rb_parent(parent)->rb_left == parent)
+- p = &(rb_parent(parent)->rb_left);
+- else
+- p = &(rb_parent(parent)->rb_right);
++ if (key->serial < 3) {
++ key->serial = 3;
++ goto attempt_insertion;
++ }
+
+ parent = rb_next(parent);
+ if (!parent)
+- break;
++ goto attempt_insertion;
+
+ xkey = rb_entry(parent, struct key, serial_node);
+ if (key->serial < xkey->serial)
+- goto insert_here;
++ goto attempt_insertion;
+ }
+
+- /* we've found a suitable hole - arrange for this key to occupy it */
+-insert_here:
+- rb_link_node(&key->serial_node, parent, p);
+- rb_insert_color(&key->serial_node, &key_serial_tree);
+-
+- spin_unlock(&key_serial_lock);
+-
+ } /* end key_alloc_serial() */
+
+ /*****************************************************************************/
--- /dev/null
+From stable-bounces@linux.kernel.org Tue Feb 6 16:12:22 2007
+From: NeilBrown <neilb@suse.de>
+Date: Wed, 7 Feb 2007 11:10:26 +1100
+Subject: knfsd: Fix a race in closing NFSd connections.
+To: Andrew Morton <akpm@osdl.org>
+Cc: nfs@lists.sourceforge.net, stable@kernel.org, linux-kernel@vger.kernel.org
+Message-ID: <1070207001026.9413@suse.de>
+
+If you lose this race, it can iput a socket inode twice and you
+get a BUG in fs/inode.c
+
+When I added the option for user-space to close a socket,
+I added some cruft to svc_delete_socket so that I could call
+that function when closing a socket per user-space request.
+
+This was the wrong thing to do. I should have just set SK_CLOSE
+and let normal mechanisms do the work.
+
+Not only wrong, but buggy. The locking is all wrong and it openned
+up a race where-by a socket could be closed twice.
+
+So this patch:
+ Introduces svc_close_socket which sets SK_CLOSE then either leave
+ the close up to a thread, or calls svc_delete_socket if it can
+ get SK_BUSY.
+
+ Adds a bias to sk_busy which is removed when SK_DEAD is set,
+ This avoid races around shutting down the socket.
+
+ Changes several 'spin_lock' to 'spin_lock_bh' where the _bh
+ was missing.
+
+Bugzilla-url: http://bugzilla.kernel.org/show_bug.cgi?id=7916
+
+Signed-off-by: Neil Brown <neilb@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ include/linux/sunrpc/svcsock.h | 2 -
+ net/sunrpc/svc.c | 4 +--
+ net/sunrpc/svcsock.c | 52 +++++++++++++++++++++++++++++------------
+ 3 files changed, 41 insertions(+), 17 deletions(-)
+
+--- linux-2.6.20.1.orig/include/linux/sunrpc/svcsock.h
++++ linux-2.6.20.1/include/linux/sunrpc/svcsock.h
+@@ -63,7 +63,7 @@ struct svc_sock {
+ * Function prototypes.
+ */
+ int svc_makesock(struct svc_serv *, int, unsigned short);
+-void svc_delete_socket(struct svc_sock *);
++void svc_close_socket(struct svc_sock *);
+ int svc_recv(struct svc_rqst *, long);
+ int svc_send(struct svc_rqst *);
+ void svc_drop(struct svc_rqst *);
+--- linux-2.6.20.1.orig/net/sunrpc/svc.c
++++ linux-2.6.20.1/net/sunrpc/svc.c
+@@ -386,7 +386,7 @@ svc_destroy(struct svc_serv *serv)
+ svsk = list_entry(serv->sv_tempsocks.next,
+ struct svc_sock,
+ sk_list);
+- svc_delete_socket(svsk);
++ svc_close_socket(svsk);
+ }
+ if (serv->sv_shutdown)
+ serv->sv_shutdown(serv);
+@@ -395,7 +395,7 @@ svc_destroy(struct svc_serv *serv)
+ svsk = list_entry(serv->sv_permsocks.next,
+ struct svc_sock,
+ sk_list);
+- svc_delete_socket(svsk);
++ svc_close_socket(svsk);
+ }
+
+ cache_clean_deferred(serv);
+--- linux-2.6.20.1.orig/net/sunrpc/svcsock.c
++++ linux-2.6.20.1/net/sunrpc/svcsock.c
+@@ -62,6 +62,12 @@
+ * after a clear, the socket must be read/accepted
+ * if this succeeds, it must be set again.
+ * SK_CLOSE can set at any time. It is never cleared.
++ * sk_inuse contains a bias of '1' until SK_DEAD is set.
++ * so when sk_inuse hits zero, we know the socket is dead
++ * and no-one is using it.
++ * SK_DEAD can only be set while SK_BUSY is held which ensures
++ * no other thread will be using the socket or will try to
++ * set SK_DEAD.
+ *
+ */
+
+@@ -70,6 +76,7 @@
+
+ static struct svc_sock *svc_setup_socket(struct svc_serv *, struct socket *,
+ int *errp, int pmap_reg);
++static void svc_delete_socket(struct svc_sock *svsk);
+ static void svc_udp_data_ready(struct sock *, int);
+ static int svc_udp_recvfrom(struct svc_rqst *);
+ static int svc_udp_sendto(struct svc_rqst *);
+@@ -329,8 +336,9 @@ void svc_reserve(struct svc_rqst *rqstp,
+ static inline void
+ svc_sock_put(struct svc_sock *svsk)
+ {
+- if (atomic_dec_and_test(&svsk->sk_inuse) &&
+- test_bit(SK_DEAD, &svsk->sk_flags)) {
++ if (atomic_dec_and_test(&svsk->sk_inuse)) {
++ BUG_ON(! test_bit(SK_DEAD, &svsk->sk_flags));
++
+ dprintk("svc: releasing dead socket\n");
+ if (svsk->sk_sock->file)
+ sockfd_put(svsk->sk_sock);
+@@ -520,7 +528,7 @@ svc_sock_names(char *buf, struct svc_ser
+
+ if (!serv)
+ return 0;
+- spin_lock(&serv->sv_lock);
++ spin_lock_bh(&serv->sv_lock);
+ list_for_each_entry(svsk, &serv->sv_permsocks, sk_list) {
+ int onelen = one_sock_name(buf+len, svsk);
+ if (toclose && strcmp(toclose, buf+len) == 0)
+@@ -528,12 +536,12 @@ svc_sock_names(char *buf, struct svc_ser
+ else
+ len += onelen;
+ }
+- spin_unlock(&serv->sv_lock);
++ spin_unlock_bh(&serv->sv_lock);
+ if (closesk)
+ /* Should unregister with portmap, but you cannot
+ * unregister just one protocol...
+ */
+- svc_delete_socket(closesk);
++ svc_close_socket(closesk);
+ else if (toclose)
+ return -ENOENT;
+ return len;
+@@ -683,6 +691,11 @@ svc_udp_recvfrom(struct svc_rqst *rqstp)
+ return svc_deferred_recv(rqstp);
+ }
+
++ if (test_bit(SK_CLOSE, &svsk->sk_flags)) {
++ svc_delete_socket(svsk);
++ return 0;
++ }
++
+ clear_bit(SK_DATA, &svsk->sk_flags);
+ while ((skb = skb_recv_datagram(svsk->sk_sk, 0, 1, &err)) == NULL) {
+ if (err == -EAGAIN) {
+@@ -1176,7 +1189,8 @@ svc_tcp_sendto(struct svc_rqst *rqstp)
+ rqstp->rq_sock->sk_server->sv_name,
+ (sent<0)?"got error":"sent only",
+ sent, xbufp->len);
+- svc_delete_socket(rqstp->rq_sock);
++ set_bit(SK_CLOSE, &rqstp->rq_sock->sk_flags);
++ svc_sock_enqueue(rqstp->rq_sock);
+ sent = -EAGAIN;
+ }
+ return sent;
+@@ -1495,7 +1509,7 @@ svc_setup_socket(struct svc_serv *serv,
+ svsk->sk_odata = inet->sk_data_ready;
+ svsk->sk_owspace = inet->sk_write_space;
+ svsk->sk_server = serv;
+- atomic_set(&svsk->sk_inuse, 0);
++ atomic_set(&svsk->sk_inuse, 1);
+ svsk->sk_lastrecv = get_seconds();
+ spin_lock_init(&svsk->sk_defer_lock);
+ INIT_LIST_HEAD(&svsk->sk_deferred);
+@@ -1618,7 +1632,7 @@ bummer:
+ /*
+ * Remove a dead socket
+ */
+-void
++static void
+ svc_delete_socket(struct svc_sock *svsk)
+ {
+ struct svc_serv *serv;
+@@ -1644,16 +1658,26 @@ svc_delete_socket(struct svc_sock *svsk)
+ * while still attached to a queue, the queue itself
+ * is about to be destroyed (in svc_destroy).
+ */
+- if (!test_and_set_bit(SK_DEAD, &svsk->sk_flags))
++ if (!test_and_set_bit(SK_DEAD, &svsk->sk_flags)) {
++ BUG_ON(atomic_read(&svsk->sk_inuse)<2);
++ atomic_dec(&svsk->sk_inuse);
+ if (test_bit(SK_TEMP, &svsk->sk_flags))
+ serv->sv_tmpcnt--;
++ }
+
+- /* This atomic_inc should be needed - svc_delete_socket
+- * should have the semantic of dropping a reference.
+- * But it doesn't yet....
+- */
+- atomic_inc(&svsk->sk_inuse);
+ spin_unlock_bh(&serv->sv_lock);
++}
++
++void svc_close_socket(struct svc_sock *svsk)
++{
++ set_bit(SK_CLOSE, &svsk->sk_flags);
++ if (test_and_set_bit(SK_BUSY, &svsk->sk_flags))
++ /* someone else will have to effect the close */
++ return;
++
++ atomic_inc(&svsk->sk_inuse);
++ svc_delete_socket(svsk);
++ clear_bit(SK_BUSY, &svsk->sk_flags);
+ svc_sock_put(svsk);
+ }
+
--- /dev/null
+From stable-bounces@linux.kernel.org Mon Feb 5 00:02:58 2007
+From: Tejun Heo <htejun@gmail.com>
+Date: Mon, 5 Feb 2007 17:01:28 +0900
+Subject: pata_amd: fix an obvious bug in cable detection
+To: Jeff Garzik <jeff@garzik.org>, Alan Cox <alan@lxorguk.ukuu.org.uk>, linux-ide@vger.kernel.org
+Cc: stable@kernel.org
+Message-ID: <20070205080128.GH1625@htj.dyndns.org>
+Content-Disposition: inline
+
+
+80c test mask is at bits 18 and 19 of EIDE Controller Configuration
+not 22 and 23. Fix it.
+
+Signed-off-by: Tejun Heo <htejun@gmail.com>
+Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
+
+---
+ drivers/ata/pata_amd.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- linux-2.6.20.1.orig/drivers/ata/pata_amd.c
++++ linux-2.6.20.1/drivers/ata/pata_amd.c
+@@ -128,7 +128,7 @@ static void timing_setup(struct ata_port
+
+ static int amd_pre_reset(struct ata_port *ap)
+ {
+- static const u32 bitmask[2] = {0x03, 0xC0};
++ static const u32 bitmask[2] = {0x03, 0x0C};
+ static const struct pci_bits amd_enable_bits[] = {
+ { 0x40, 1, 0x02, 0x02 },
+ { 0x40, 1, 0x01, 0x01 }
+@@ -247,7 +247,7 @@ static void amd133_set_dmamode(struct at
+ */
+
+ static int nv_pre_reset(struct ata_port *ap) {
+- static const u8 bitmask[2] = {0x03, 0xC0};
++ static const u8 bitmask[2] = {0x03, 0x0C};
+ static const struct pci_bits nv_enable_bits[] = {
+ { 0x50, 1, 0x02, 0x02 },
+ { 0x50, 1, 0x01, 0x01 }
--- /dev/null
+From stable-bounces@linux.kernel.org Tue Feb 13 13:05:56 2007
+From: Dan Williams <dcbw@redhat.com>
+Date: Tue, 13 Feb 2007 16:07:27 -0500
+Subject: prism54: correct assignment of DOT1XENABLE in WE-19 codepaths
+To: stable@kernel.org
+Message-ID: <1171400848.5329.55.camel@localhost.localdomain>
+
+
+Correct assignment of DOT1XENABLE in WE-19 codepaths.
+RX_UNENCRYPTED_EAPOL = 1 really means setting DOT1XENABLE _off_, and
+vice versa. The original WE-19 patch erroneously reversed that. This
+patch fixes association with unencrypted and WEP networks when using
+wpa_supplicant.
+
+It also adds two missing break statements that, left out, could result
+in incorrect card configuration.
+
+Applies to (I think) 2.6.19 and later.
+
+Signed-off-by: Dan Williams <dcbw@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/prism54/isl_ioctl.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- linux-2.6.20.1.orig/drivers/net/wireless/prism54/isl_ioctl.c
++++ linux-2.6.20.1/drivers/net/wireless/prism54/isl_ioctl.c
+@@ -1395,11 +1395,16 @@ static int prism54_set_auth(struct net_d
+ break;
+
+ case IW_AUTH_RX_UNENCRYPTED_EAPOL:
+- dot1x = param->value ? 1 : 0;
++ /* dot1x should be the opposite of RX_UNENCRYPTED_EAPOL;
++ * turn off dot1x when allowing recepit of unencrypted eapol
++ * frames, turn on dot1x when we disallow receipt
++ */
++ dot1x = param->value ? 0x00 : 0x01;
+ break;
+
+ case IW_AUTH_PRIVACY_INVOKED:
+ privinvoked = param->value ? 1 : 0;
++ break;
+
+ case IW_AUTH_DROP_UNENCRYPTED:
+ exunencrypt = param->value ? 1 : 0;
+@@ -1589,6 +1594,7 @@ static int prism54_set_encodeext(struct
+ }
+ key.type = DOT11_PRIV_TKIP;
+ key.length = KEY_SIZE_TKIP;
++ break;
+ default:
+ return -EINVAL;
+ }
--- /dev/null
+From stable-bounces@linux.kernel.org Sat Feb 3 06:18:09 2007
+From: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
+Date: Sat, 03 Feb 2007 23:16:36 +0900 (JST)
+Subject: rtc-pcf8563: detect polarity of century bit automatically
+To: akpm@linux-foundation.org
+Cc: jean-baptiste.maneyrol@teamlog.com, a.zummo@towertech.it, dbrownell@users.sourceforge.net, torvalds@linux-foundation.org, stable@kernel.org
+Message-ID: <20070203.231636.41198366.anemo@mba.ocn.ne.jp>
+
+
+From: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
+
+The usage of the century bit was inverted on 2.6.19 following to PCF8563's
+description, but it was not match to usage suggested by RTC8564's
+datasheet. Anyway what MO_C=1 means can vary on each platform. This patch
+is to detect its polarity in get_datetime routine. The default value of
+c_polarity is 0 (MO_C=1 means 19xx) so that this patch does not change
+current behavior even if get_datetime was not called before set_datetime.
+
+Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
+Cc: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol@teamlog.com>
+Cc: David Brownell <dbrownell@users.sourceforge.net>
+Cc: Alessandro Zummo <a.zummo@towertech.it>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/rtc/rtc-pcf8563.c | 40 ++++++++++++++++++++++++++++++++++------
+ 1 file changed, 34 insertions(+), 6 deletions(-)
+
+--- linux-2.6.20.1.orig/drivers/rtc/rtc-pcf8563.c
++++ linux-2.6.20.1/drivers/rtc/rtc-pcf8563.c
+@@ -53,6 +53,25 @@ I2C_CLIENT_INSMOD;
+ #define PCF8563_SC_LV 0x80 /* low voltage */
+ #define PCF8563_MO_C 0x80 /* century */
+
++struct pcf8563 {
++ struct i2c_client client;
++ /*
++ * The meaning of MO_C bit varies by the chip type.
++ * From PCF8563 datasheet: this bit is toggled when the years
++ * register overflows from 99 to 00
++ * 0 indicates the century is 20xx
++ * 1 indicates the century is 19xx
++ * From RTC8564 datasheet: this bit indicates change of
++ * century. When the year digit data overflows from 99 to 00,
++ * this bit is set. By presetting it to 0 while still in the
++ * 20th century, it will be set in year 2000, ...
++ * There seems no reliable way to know how the system use this
++ * bit. So let's do it heuristically, assuming we are live in
++ * 1970...2069.
++ */
++ int c_polarity; /* 0: MO_C=1 means 19xx, otherwise MO_C=1 means 20xx */
++};
++
+ static int pcf8563_probe(struct i2c_adapter *adapter, int address, int kind);
+ static int pcf8563_detach(struct i2c_client *client);
+
+@@ -62,6 +81,7 @@ static int pcf8563_detach(struct i2c_cli
+ */
+ static int pcf8563_get_datetime(struct i2c_client *client, struct rtc_time *tm)
+ {
++ struct pcf8563 *pcf8563 = container_of(client, struct pcf8563, client);
+ unsigned char buf[13] = { PCF8563_REG_ST1 };
+
+ struct i2c_msg msgs[] = {
+@@ -94,8 +114,12 @@ static int pcf8563_get_datetime(struct i
+ tm->tm_mday = BCD2BIN(buf[PCF8563_REG_DM] & 0x3F);
+ tm->tm_wday = buf[PCF8563_REG_DW] & 0x07;
+ tm->tm_mon = BCD2BIN(buf[PCF8563_REG_MO] & 0x1F) - 1; /* rtc mn 1-12 */
+- tm->tm_year = BCD2BIN(buf[PCF8563_REG_YR])
+- + (buf[PCF8563_REG_MO] & PCF8563_MO_C ? 0 : 100);
++ tm->tm_year = BCD2BIN(buf[PCF8563_REG_YR]);
++ if (tm->tm_year < 70)
++ tm->tm_year += 100; /* assume we are in 1970...2069 */
++ /* detect the polarity heuristically. see note above. */
++ pcf8563->c_polarity = (buf[PCF8563_REG_MO] & PCF8563_MO_C) ?
++ (tm->tm_year >= 100) : (tm->tm_year < 100);
+
+ dev_dbg(&client->dev, "%s: tm is secs=%d, mins=%d, hours=%d, "
+ "mday=%d, mon=%d, year=%d, wday=%d\n",
+@@ -114,6 +138,7 @@ static int pcf8563_get_datetime(struct i
+
+ static int pcf8563_set_datetime(struct i2c_client *client, struct rtc_time *tm)
+ {
++ struct pcf8563 *pcf8563 = container_of(client, struct pcf8563, client);
+ int i, err;
+ unsigned char buf[9];
+
+@@ -135,7 +160,7 @@ static int pcf8563_set_datetime(struct i
+
+ /* year and century */
+ buf[PCF8563_REG_YR] = BIN2BCD(tm->tm_year % 100);
+- if (tm->tm_year < 100)
++ if (pcf8563->c_polarity ? (tm->tm_year >= 100) : (tm->tm_year < 100))
+ buf[PCF8563_REG_MO] |= PCF8563_MO_C;
+
+ buf[PCF8563_REG_DW] = tm->tm_wday & 0x07;
+@@ -248,6 +273,7 @@ static struct i2c_driver pcf8563_driver
+
+ static int pcf8563_probe(struct i2c_adapter *adapter, int address, int kind)
+ {
++ struct pcf8563 *pcf8563;
+ struct i2c_client *client;
+ struct rtc_device *rtc;
+
+@@ -260,11 +286,12 @@ static int pcf8563_probe(struct i2c_adap
+ goto exit;
+ }
+
+- if (!(client = kzalloc(sizeof(struct i2c_client), GFP_KERNEL))) {
++ if (!(pcf8563 = kzalloc(sizeof(struct pcf8563), GFP_KERNEL))) {
+ err = -ENOMEM;
+ goto exit;
+ }
+
++ client = &pcf8563->client;
+ client->addr = address;
+ client->driver = &pcf8563_driver;
+ client->adapter = adapter;
+@@ -301,7 +328,7 @@ exit_detach:
+ i2c_detach_client(client);
+
+ exit_kfree:
+- kfree(client);
++ kfree(pcf8563);
+
+ exit:
+ return err;
+@@ -309,6 +336,7 @@ exit:
+
+ static int pcf8563_detach(struct i2c_client *client)
+ {
++ struct pcf8563 *pcf8563 = container_of(client, struct pcf8563, client);
+ int err;
+ struct rtc_device *rtc = i2c_get_clientdata(client);
+
+@@ -318,7 +346,7 @@ static int pcf8563_detach(struct i2c_cli
+ if ((err = i2c_detach_client(client)))
+ return err;
+
+- kfree(client);
++ kfree(pcf8563);
+
+ return 0;
+ }
ocfs2-ocfs2_link-journal-credits-update.patch
+x86_64-fix-2.6.18-regression-ptrace_oldsetoptions-should-be-accepted.patch
+rtc-pcf8563-detect-polarity-of-century-bit-automatically.patch
+prism54-correct-assignment-of-dot1xenable-in-we-19-codepaths.patch
+pata_amd-fix-an-obvious-bug-in-cable-detection.patch
+knfsd-fix-a-race-in-closing-nfsd-connections.patch
+keys-fix-key-serial-number-collision-handling.patch
+ide-fix-drive-side-80c-cable-check.patch
+bcm43xx-fix-for-oops-on-resume.patch
+bcm43xx-fix-for-oops-on-ampdu-status.patch
--- /dev/null
+From stable-bounces@linux.kernel.org Wed Feb 14 18:42:06 2007
+From: "Paolo 'Blaisorblade' Giarrusso" <blaisorblade@yahoo.it>
+Date: Thu, 15 Feb 2007 03:34:23 +0100
+Subject: x86_64: fix 2.6.18 regression - PTRACE_OLDSETOPTIONS should be accepted
+To: Andrew Morton <akpm@osdl.org>, stable@kernel.org
+Cc: Jeff Dike <jdike@addtoit.com>, Andi Kleen <ak@suse.de>, user-mode-linux-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org
+Message-ID: <11715068631914-git-send-email-blaisorblade@yahoo.it>
+
+
+Also PTRACE_OLDSETOPTIONS should be accepted, as done by kernel/ptrace.c and
+forced by binary compatibility. UML/32bit breaks because of this - since it is wise
+enough to use PTRACE_OLDSETOPTIONS to be binary compatible with 2.4 host
+kernels.
+
+Until 2.6.17 (commit f0f2d6536e3515b5b1b7ae97dc8f176860c8c2ce) we had:
+
+ default:
+ return sys_ptrace(request, pid, addr, data);
+
+Instead here we have:
+ case PTRACE_GET_THREAD_AREA:
+ case ...:
+ return sys_ptrace(request, pid, addr, data);
+
+ default:
+ return -EINVAL;
+
+This change was a style change - when a case is added, it must be explicitly
+tested this way. In this case, not enough testing was done.
+
+Cc: Andi Kleen <ak@suse.de>
+Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86_64/ia32/ptrace32.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- linux-2.6.20.1.orig/arch/x86_64/ia32/ptrace32.c
++++ linux-2.6.20.1/arch/x86_64/ia32/ptrace32.c
+@@ -243,6 +243,7 @@ asmlinkage long sys32_ptrace(long reques
+ case PTRACE_SINGLESTEP:
+ case PTRACE_DETACH:
+ case PTRACE_SYSCALL:
++ case PTRACE_OLDSETOPTIONS:
+ case PTRACE_SETOPTIONS:
+ case PTRACE_SET_THREAD_AREA:
+ case PTRACE_GET_THREAD_AREA:
projects / thirdparty / kernel / stable-queue.git / commitdiff
