--- /dev/null
+From htejun@gmail.com Thu Aug 9 23:08:47 2007
+From: Tejun Heo <htejun@gmail.com>
+Date: Tue, 7 Aug 2007 02:43:27 +0900
+Subject: ata_piix: update map 10b for ich8m
+To: Jeff Garzik <jeff@garzik.org>, linux-ide@vger.kernel.org, kristen.c.accardi@intel.com, stable@kernel.org
+Message-ID: <20070806174327.GP13674@htj.dyndns.org>
+Content-Disposition: inline
+
+From: Tejun Heo <htejun@gmail.com>
+
+Fix map entry 10b for ich8. It's [P0 P2 IDE IDE] like ich6 / ich6m.
+
+Signed-off-by: Tejun Heo <htejun@gmail.com>
+Acked-by: <Kristen Carlson Accardi> kristen.c.accardi@intel.com
+Cc: Jeff Garzik <jeff@garzik.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/ata/ata_piix.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/ata/ata_piix.c
++++ b/drivers/ata/ata_piix.c
+@@ -428,7 +428,7 @@ static const struct piix_map_db ich8_map
+ /* PM PS SM SS MAP */
+ { P0, P2, P1, P3 }, /* 00b (hardwired when in AHCI) */
+ { RV, RV, RV, RV },
+- { IDE, IDE, NA, NA }, /* 10b (IDE mode) */
++ { P0, P2, IDE, IDE }, /* 10b (IDE mode) */
+ { RV, RV, RV, RV },
+ },
+ };
--- /dev/null
+From viro@ftp.linux.org.uk Thu Aug 9 22:58:53 2007
+From: Al Viro <viro@ftp.linux.org.uk>
+Date: Wed, 8 Aug 2007 00:01:46 +0100
+Subject: fix oops in __audit_signal_info()
+To: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: linux-kernel@vger.kernel.org, stable@kernel.org
+Message-ID: <20070807230146.GZ21089@ftp.linux.org.uk>
+Content-Disposition: inline
+
+From: Al Viro <viro@ftp.linux.org.uk>
+
+ Check for audit_signals is misplaced and check for
+audit_dummy_context() is missing; as the result, if we send
+signal to auditd from task with NULL ->audit_context while
+we have audit_signals != 0 we end up with an oops.
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Acked-by: James Morris <jmorris@namei.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/auditsc.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+--- a/kernel/auditsc.c
++++ b/kernel/auditsc.c
+@@ -1998,19 +1998,19 @@ int __audit_signal_info(int sig, struct
+ extern uid_t audit_sig_uid;
+ extern u32 audit_sig_sid;
+
+- if (audit_pid && t->tgid == audit_pid &&
+- (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1)) {
+- audit_sig_pid = tsk->pid;
+- if (ctx)
+- audit_sig_uid = ctx->loginuid;
+- else
+- audit_sig_uid = tsk->uid;
+- selinux_get_task_sid(tsk, &audit_sig_sid);
++ if (audit_pid && t->tgid == audit_pid) {
++ if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1) {
++ audit_sig_pid = tsk->pid;
++ if (ctx)
++ audit_sig_uid = ctx->loginuid;
++ else
++ audit_sig_uid = tsk->uid;
++ selinux_get_task_sid(tsk, &audit_sig_sid);
++ }
++ if (!audit_signals || audit_dummy_context())
++ return 0;
+ }
+
+- if (!audit_signals) /* audit_context checked in wrapper */
+- return 0;
+-
+ /* optimize the common case by putting first signal recipient directly
+ * in audit_context */
+ if (!ctx->target_pid) {
--- /dev/null
+From w@1wt.eu Thu Aug 9 23:04:22 2007
+Date: Sun, 15 Jul 2007 17:10:14 -0700
+From: Chris Wright <chrisw@sous-sol.org>
+Subject: random: fix bound check ordering (CVE-2007-3105)
+To: torvalds@linux-foundation.org
+Cc: security@kernel.org, Theodore Tso <tytso@mit.edu>, Willy Tarreau <w@1wt.eu>, Matt Mackall <mpm@selenic.com>
+
+From: Matt Mackall <mpm@selenic.com>
+
+If root raised the default wakeup threshold over the size of the
+output pool, the pool transfer function could overflow the stack with
+RNG bytes, causing a DoS or potential privilege escalation.
+
+(Bug reported by the PaX Team <pageexec@freemail.hu>)
+
+Cc: Theodore Tso <tytso@mit.edu>
+Cc: Willy Tarreau <w@1wt.eu>
+Signed-off-by: Matt Mackall <mpm@selenic.com>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/char/random.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -693,9 +693,14 @@ static void xfer_secondary_pool(struct e
+
+ if (r->pull && r->entropy_count < nbytes * 8 &&
+ r->entropy_count < r->poolinfo->POOLBITS) {
+- int bytes = max_t(int, random_read_wakeup_thresh / 8,
+- min_t(int, nbytes, sizeof(tmp)));
++ /* If we're limited, always leave two wakeup worth's BITS */
+ int rsvd = r->limit ? 0 : random_read_wakeup_thresh/4;
++ int bytes = nbytes;
++
++ /* pull at least as many as BYTES as wakeup BITS */
++ bytes = max_t(int, bytes, random_read_wakeup_thresh / 8);
++ /* but never more than the buffer size */
++ bytes = min_t(int, bytes, sizeof(tmp));
+
+ DEBUG_ENT("going to reseed %s with %d bits "
+ "(%d of %d requested)\n",
--- /dev/null
+fix-oops-in-__audit_signal_info.patch
+random-fix-bound-check-ordering.patch
+softmac-fix-deadlock-of-wx_set_essid-with-assoc-work.patch
+ata_piix-update-map-10b-for-ich8m.patch
--- /dev/null
+From mb@bu3sch.de Thu Aug 9 23:05:43 2007
+From: Michael Buesch <mb@bu3sch.de>
+Date: Tue, 7 Aug 2007 12:20:40 +0200
+Subject: softmac: Fix deadlock of wx_set_essid with assoc work
+To: Greg KH <greg@kroah.com>
+Cc: linux-wireless@vger.kernel.org, Johannes Berg <johannes@sipsolutions.net>, David Woodhouse <dwmw2@infradead.org>, stable@kernel.org, "John W. Linville" <linville@tuxdriver.com>
+Message-ID: <200708071220.41123.mb@bu3sch.de>
+Content-Disposition: inline
+
+From: Michael Buesch <mb@bu3sch.de>
+
+The essid wireless extension does deadlock against the assoc mutex,
+as we don't unlock the assoc mutex when flushing the workqueue, which
+also holds the lock.
+
+Signed-off-by: Michael Buesch <mb@bu3sch.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ieee80211/softmac/ieee80211softmac_wx.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+--- a/net/ieee80211/softmac/ieee80211softmac_wx.c
++++ b/net/ieee80211/softmac/ieee80211softmac_wx.c
+@@ -74,8 +74,8 @@ ieee80211softmac_wx_set_essid(struct net
+ struct ieee80211softmac_auth_queue_item *authptr;
+ int length = 0;
+
++check_assoc_again:
+ mutex_lock(&sm->associnfo.mutex);
+-
+ /* Check if we're already associating to this or another network
+ * If it's another network, cancel and start over with our new network
+ * If it's our network, ignore the change, we're already doing it!
+@@ -98,13 +98,18 @@ ieee80211softmac_wx_set_essid(struct net
+ cancel_delayed_work(&authptr->work);
+ sm->associnfo.bssvalid = 0;
+ sm->associnfo.bssfixed = 0;
+- flush_scheduled_work();
+ sm->associnfo.associating = 0;
+ sm->associnfo.associated = 0;
++ /* We must unlock to avoid deadlocks with the assoc workqueue
++ * on the associnfo.mutex */
++ mutex_unlock(&sm->associnfo.mutex);
++ flush_scheduled_work();
++ /* Avoid race! Check assoc status again. Maybe someone started an
++ * association while we flushed. */
++ goto check_assoc_again;
+ }
+ }
+
+-
+ sm->associnfo.static_essid = 0;
+ sm->associnfo.assoc_wait = 0;
+