Bah, I messed this up...
--- /dev/null
+From 5c4bfa17f3ec46becec4b23d12323f7605ebd696 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <error27@gmail.com>
+Date: Fri, 9 Jul 2010 23:51:54 +0000
+Subject: 9p: strlen() doesn't count the terminator
+
+From: Dan Carpenter <error27@gmail.com>
+
+commit 5c4bfa17f3ec46becec4b23d12323f7605ebd696 upstream.
+
+This is an off by one bug because strlen() doesn't count the NULL
+terminator. We strcpy() addr into a fixed length array of size
+UNIX_PATH_MAX later on.
+
+The addr variable is the name of the device being mounted.
+
+Signed-off-by: Dan Carpenter <error27@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/9p/trans_fd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/9p/trans_fd.c
++++ b/net/9p/trans_fd.c
+@@ -948,7 +948,7 @@ p9_fd_create_unix(struct p9_client *clie
+
+ csocket = NULL;
+
+- if (strlen(addr) > UNIX_PATH_MAX) {
++ if (strlen(addr) >= UNIX_PATH_MAX) {
+ P9_EPRINTK(KERN_ERR, "p9_trans_unix: address too long: %s\n",
+ addr);
+ err = -ENAMETOOLONG;
--- /dev/null
+From bc57117856cf1e581135810b37d3b75f9d1749f5 Mon Sep 17 00:00:00 2001
+From: Borislav Petkov <borislav.petkov@amd.com>
+Date: Fri, 21 May 2010 21:25:03 +0200
+Subject: amd64_edac: Correct scrub rate setting
+
+From: Borislav Petkov <borislav.petkov@amd.com>
+
+commit bc57117856cf1e581135810b37d3b75f9d1749f5 upstream.
+
+Exit early when setting scrub rate on unknown/unsupported families.
+
+Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
+Acked-by: Doug Thompson <dougthompson@xmission.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/edac/amd64_edac.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/edac/amd64_edac.c
++++ b/drivers/edac/amd64_edac.c
+@@ -156,7 +156,7 @@ static int amd64_set_scrub_rate(struct m
+
+ default:
+ amd64_printk(KERN_ERR, "Unsupported family!\n");
+- break;
++ return -EINVAL;
+ }
+ return amd64_search_set_scrub_rate(pvt->misc_f3_ctl, *bandwidth,
+ min_scrubrate);
--- /dev/null
+From 9975a5f22a4fcc8d08035c65439900a983f891ad Mon Sep 17 00:00:00 2001
+From: Borislav Petkov <borislav.petkov@amd.com>
+Date: Mon, 8 Mar 2010 18:29:35 +0100
+Subject: amd64_edac: Fix DCT base address selector
+
+From: Borislav Petkov <borislav.petkov@amd.com>
+
+commit 9975a5f22a4fcc8d08035c65439900a983f891ad upstream.
+
+The correct check is to verify whether in high range we're below 4GB
+and not to extract the DctSelBaseAddr again. See "2.8.5 Routing DRAM
+Requests" in the F10h BKDG.
+
+Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
+Acked-by: Doug Thompson <dougthompson@xmission.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/edac/amd64_edac.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/edac/amd64_edac.c
++++ b/drivers/edac/amd64_edac.c
+@@ -1491,7 +1491,7 @@ static inline u64 f10_get_base_addr_offs
+ u64 chan_off;
+
+ if (hi_range_sel) {
+- if (!(dct_sel_base_addr & 0xFFFFF800) &&
++ if (!(dct_sel_base_addr & 0xFFFF0000) &&
+ hole_valid && (sys_addr >= 0x100000000ULL))
+ chan_off = hole_off << 16;
+ else
--- /dev/null
+From 4c85ab11ca56da1aa59b58c80cc6a356515cc645 Mon Sep 17 00:00:00 2001
+From: John W. Linville <linville@tuxdriver.com>
+Date: Wed, 28 Jul 2010 10:06:35 -0400
+Subject: ath9k: enable serialize_regmode for non-PCIE AR9160
+
+From: John W. Linville <linville@tuxdriver.com>
+
+commit 4c85ab11ca56da1aa59b58c80cc6a356515cc645 upstream.
+
+https://bugzilla.kernel.org/show_bug.cgi?id=16476
+
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Acked-by: Luis R. Rodriguez <lrodriguez@atheros.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/ath/ath9k/hw.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath9k/hw.c
++++ b/drivers/net/wireless/ath/ath9k/hw.c
+@@ -929,7 +929,8 @@ int ath9k_hw_init(struct ath_hw *ah)
+
+ if (ah->config.serialize_regmode == SER_REG_MODE_AUTO) {
+ if (ah->hw_version.macVersion == AR_SREV_VERSION_5416_PCI ||
+- (AR_SREV_9280(ah) && !ah->is_pciexpress)) {
++ ((AR_SREV_9160(ah) || AR_SREV_9280(ah)) &&
++ !ah->is_pciexpress)) {
+ ah->config.serialize_regmode =
+ SER_REG_MODE_ON;
+ } else {
--- /dev/null
+From f860d526eb2939a1c37128900b5af2b6f3ff7f20 Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@openwrt.org>
+Date: Wed, 30 Jun 2010 02:07:48 +0200
+Subject: ath9k: fix TSF after reset on AR913x
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Felix Fietkau <nbd@openwrt.org>
+
+commit f860d526eb2939a1c37128900b5af2b6f3ff7f20 upstream.
+
+When issuing a reset, the TSF value is lost in the hardware because of
+the 913x specific cold reset. As with some AR9280 cards, the TSF needs
+to be preserved in software here.
+
+Additionally, there's an issue that frequently prevents a successful
+TSF write directly after the chip reset. In this case, repeating the
+TSF write after the initval-writes usually works.
+
+This patch detects failed TSF writes and recovers from them, taking
+into account the delay caused by the initval writes.
+
+Signed-off-by: Felix Fietkau <nbd@openwrt.org>
+Reported-by: Björn Smedman <bjorn.smedman@venatech.se>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/ath/ath9k/hw.c | 16 ++++++++++++++--
+ 1 file changed, 14 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath9k/hw.c
++++ b/drivers/net/wireless/ath/ath9k/hw.c
+@@ -2403,7 +2403,8 @@ int ath9k_hw_reset(struct ath_hw *ah, st
+ macStaId1 = REG_READ(ah, AR_STA_ID1) & AR_STA_ID1_BASE_RATE_11B;
+
+ /* For chips on which RTC reset is done, save TSF before it gets cleared */
+- if (AR_SREV_9280(ah) && ah->eep_ops->get_eeprom(ah, EEP_OL_PWRCTRL))
++ if (AR_SREV_9100(ah) ||
++ (AR_SREV_9280(ah) && ah->eep_ops->get_eeprom(ah, EEP_OL_PWRCTRL)))
+ tsf = ath9k_hw_gettsf64(ah);
+
+ saveLedState = REG_READ(ah, AR_CFG_LED) &
+@@ -2433,7 +2434,7 @@ int ath9k_hw_reset(struct ath_hw *ah, st
+ }
+
+ /* Restore TSF */
+- if (tsf && AR_SREV_9280(ah) && ah->eep_ops->get_eeprom(ah, EEP_OL_PWRCTRL))
++ if (tsf)
+ ath9k_hw_settsf64(ah, tsf);
+
+ if (AR_SREV_9280_10_OR_LATER(ah))
+@@ -2453,6 +2454,17 @@ int ath9k_hw_reset(struct ath_hw *ah, st
+ if (r)
+ return r;
+
++ /*
++ * Some AR91xx SoC devices frequently fail to accept TSF writes
++ * right after the chip reset. When that happens, write a new
++ * value after the initvals have been applied, with an offset
++ * based on measured time difference
++ */
++ if (AR_SREV_9100(ah) && (ath9k_hw_gettsf64(ah) < tsf)) {
++ tsf += 1500;
++ ath9k_hw_settsf64(ah, tsf);
++ }
++
+ /* Setup MFP options for CCMP */
+ if (AR_SREV_9280_20_OR_LATER(ah)) {
+ /* Mask Retry(b11), PwrMgt(b12), MoreData(b13) to 0 in mgmt
--- /dev/null
+From 4cee78614cfa046a26c4fbf313d5bbacb3ad8efc Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@openwrt.org>
+Date: Fri, 23 Jul 2010 03:53:16 +0200
+Subject: ath9k: fix yet another buffer leak in the tx aggregation code
+
+From: Felix Fietkau <nbd@openwrt.org>
+
+commit 4cee78614cfa046a26c4fbf313d5bbacb3ad8efc upstream.
+
+When an aggregation session is being cleaned up, while the tx status
+for some frames is being processed, the TID is flushed and its buffers
+are sent out.
+
+Unfortunately that left the pending un-acked frames unprocessed, thus
+leaking buffers. Fix this by reordering the code so that those frames
+are processed first, before the TID is flushed.
+
+Signed-off-by: Felix Fietkau <nbd@openwrt.org>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/ath/ath9k/xmit.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath9k/xmit.c
++++ b/drivers/net/wireless/ath/ath9k/xmit.c
+@@ -423,6 +423,14 @@ static void ath_tx_complete_aggr(struct
+ bf = bf_next;
+ }
+
++ /* prepend un-acked frames to the beginning of the pending frame queue */
++ if (!list_empty(&bf_pending)) {
++ spin_lock_bh(&txq->axq_lock);
++ list_splice(&bf_pending, &tid->buf_q);
++ ath_tx_queue_tid(txq, tid);
++ spin_unlock_bh(&txq->axq_lock);
++ }
++
+ if (tid->state & AGGR_CLEANUP) {
+ if (tid->baw_head == tid->baw_tail) {
+ tid->state &= ~AGGR_ADDBA_COMPLETE;
+@@ -435,14 +443,6 @@ static void ath_tx_complete_aggr(struct
+ return;
+ }
+
+- /* prepend un-acked frames to the beginning of the pending frame queue */
+- if (!list_empty(&bf_pending)) {
+- spin_lock_bh(&txq->axq_lock);
+- list_splice(&bf_pending, &tid->buf_q);
+- ath_tx_queue_tid(txq, tid);
+- spin_unlock_bh(&txq->axq_lock);
+- }
+-
+ rcu_read_unlock();
+
+ if (needreset)
--- /dev/null
+From 03b4776c408d2f4bf3a5d204e223724d154716d1 Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@openwrt.org>
+Date: Sun, 11 Jul 2010 12:48:41 +0200
+Subject: ath9k_hw: fix an off-by-one error in the PDADC boundaries calculation
+
+From: Felix Fietkau <nbd@openwrt.org>
+
+commit 03b4776c408d2f4bf3a5d204e223724d154716d1 upstream.
+
+PDADC values were only generated for values surrounding the target
+index, however not for the target index itself, leading to a minor
+error in the generated curve.
+
+Signed-off-by: Felix Fietkau <nbd@openwrt.org>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/ath/ath9k/eeprom_def.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath9k/eeprom_def.c
++++ b/drivers/net/wireless/ath/ath9k/eeprom_def.c
+@@ -714,7 +714,7 @@ static void ath9k_hw_get_def_gain_bounda
+ vpdTableI[i][sizeCurrVpdTable - 2]);
+ vpdStep = (int16_t)((vpdStep < 1) ? 1 : vpdStep);
+
+- if (tgtIndex > maxIndex) {
++ if (tgtIndex >= maxIndex) {
+ while ((ss <= tgtIndex) &&
+ (k < (AR5416_NUM_PDADC_VALUES - 1))) {
+ tmpVal = (int16_t)((vpdTableI[i][sizeCurrVpdTable - 1] +
--- /dev/null
+From ccb6c1360f8dd43303c659db718e7e0b24175db5 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Tue, 13 Jul 2010 10:55:38 +0200
+Subject: cfg80211: don't get expired BSSes
+
+From: Johannes Berg <johannes.berg@intel.com>
+
+commit ccb6c1360f8dd43303c659db718e7e0b24175db5 upstream.
+
+When kernel-internal users use cfg80211_get_bss()
+to get a reference to a BSS struct, they may end
+up getting one that would have been removed from
+the list if there had been any userspace access
+to the list. This leads to inconsistencies and
+problems.
+
+Fix it by making cfg80211_get_bss() ignore BSSes
+that cfg80211_bss_expire() would remove.
+
+Fixes http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2180
+
+Reported-by: Jiajia Zheng <jiajia.zheng@intel.com>
+Tested-by: Jiajia Zheng <jiajia.zheng@intel.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/wireless/scan.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/net/wireless/scan.c
++++ b/net/wireless/scan.c
+@@ -270,6 +270,7 @@ struct cfg80211_bss *cfg80211_get_bss(st
+ {
+ struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy);
+ struct cfg80211_internal_bss *bss, *res = NULL;
++ unsigned long now = jiffies;
+
+ spin_lock_bh(&dev->bss_lock);
+
+@@ -278,6 +279,10 @@ struct cfg80211_bss *cfg80211_get_bss(st
+ continue;
+ if (channel && bss->pub.channel != channel)
+ continue;
++ /* Don't get expired BSS structs */
++ if (time_after(now, bss->ts + IEEE80211_SCAN_RESULT_EXPIRE) &&
++ !atomic_read(&bss->hold))
++ continue;
+ if (is_bss(&bss->pub, bssid, ssid, ssid_len)) {
+ res = bss;
+ kref_get(&res->ref);
--- /dev/null
+From 643f82e32f14faf0d0944c804203a6681b6b0a1e Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Mon, 12 Jul 2010 14:46:43 +0200
+Subject: cfg80211: ignore spurious deauth
+
+From: Johannes Berg <johannes.berg@intel.com>
+
+commit 643f82e32f14faf0d0944c804203a6681b6b0a1e upstream.
+
+Ever since mac80211/drivers are no longer
+fully in charge of keeping track of the
+auth status, trying to make them do so will
+fail. Instead of warning and reporting the
+deauthentication to userspace, cfg80211 must
+simply ignore it so that spurious
+deauthentications, e.g. before starting
+authentication, aren't seen by userspace as
+actual deauthentications.
+
+Reported-by: Paul Stewart <pstew@google.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/wireless/mlme.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/net/wireless/mlme.c
++++ b/net/wireless/mlme.c
+@@ -43,10 +43,10 @@ void cfg80211_send_rx_auth(struct net_de
+ }
+ }
+
+- WARN_ON(!done);
+-
+- nl80211_send_rx_auth(rdev, dev, buf, len, GFP_KERNEL);
+- cfg80211_sme_rx_auth(dev, buf, len);
++ if (done) {
++ nl80211_send_rx_auth(rdev, dev, buf, len, GFP_KERNEL);
++ cfg80211_sme_rx_auth(dev, buf, len);
++ }
+
+ wdev_unlock(wdev);
+ }
--- /dev/null
+From ff847ac2d3e90edd94674c28bade25ae1e6a2e49 Mon Sep 17 00:00:00 2001
+From: Bruce Allan <bruce.w.allan@intel.com>
+Date: Tue, 27 Jul 2010 12:28:46 +0000
+Subject: e1000e: 82577/82578 PHY register access issues
+
+From: Bruce Allan <bruce.w.allan@intel.com>
+
+commit ff847ac2d3e90edd94674c28bade25ae1e6a2e49 upstream.
+
+The MAC-PHY interconnect on 82577/82578 uses a power management feature
+(called K1) which must be disabled when in 1Gbps due to a hardware issue on
+these parts. The #define bit setting used to enable/disable K1 is
+incorrect and can cause PHY register accesses to stop working altogether
+until the next device reset. This patch sets the register correctly.
+
+This issue is present in kernels since 2.6.32.
+
+Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
+Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com>
+Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/e1000e/hw.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/e1000e/hw.h
++++ b/drivers/net/e1000e/hw.h
+@@ -304,7 +304,7 @@ enum e1e_registers {
+ #define E1000_KMRNCTRLSTA_DIAG_OFFSET 0x3 /* Kumeran Diagnostic */
+ #define E1000_KMRNCTRLSTA_DIAG_NELPBK 0x1000 /* Nearend Loopback mode */
+ #define E1000_KMRNCTRLSTA_K1_CONFIG 0x7
+-#define E1000_KMRNCTRLSTA_K1_ENABLE 0x140E
++#define E1000_KMRNCTRLSTA_K1_ENABLE 0x0002
+ #define E1000_KMRNCTRLSTA_K1_DISABLE 0x1400
+
+ #define IFE_PHY_EXTENDED_STATUS_CONTROL 0x10
--- /dev/null
+From 36f2407fe52c55566221f8c68c8fb808abffd2f5 Mon Sep 17 00:00:00 2001
+From: Dean Nelson <dnelson@redhat.com>
+Date: Tue, 29 Jun 2010 18:12:05 +0000
+Subject: e1000e: don't inadvertently re-set INTX_DISABLE
+
+From: Dean Nelson <dnelson@redhat.com>
+
+commit 36f2407fe52c55566221f8c68c8fb808abffd2f5 upstream.
+
+Should e1000_test_msi() fail to see an msi interrupt, it attempts to
+fallback to legacy INTx interrupts. But an error in the code may prevent
+this from happening correctly.
+
+Before calling e1000_test_msi_interrupt(), e1000_test_msi() disables SERR
+by clearing the SERR bit from the just read PCI_COMMAND bits as it writes
+them back out.
+
+Upon return from calling e1000_test_msi_interrupt(), it re-enables SERR
+by writing out the version of PCI_COMMAND it had previously read.
+
+The problem with this is that e1000_test_msi_interrupt() calls
+pci_disable_msi(), which eventually ends up in pci_intx(). And because
+pci_intx() was called with enable set to 1, the INTX_DISABLE bit gets
+cleared from PCI_COMMAND, which is what we want. But when we get back to
+e1000_test_msi(), the INTX_DISABLE bit gets inadvertently re-set because
+of the attempt by e1000_test_msi() to re-enable SERR.
+
+The solution is to have e1000_test_msi() re-read the PCI_COMMAND bits as
+part of its attempt to re-enable SERR.
+
+During debugging/testing of this issue I found that not all the systems
+I ran on had the SERR bit set to begin with. And on some of the systems
+the same could be said for the INTX_DISABLE bit. Needless to say these
+latter systems didn't have a problem falling back to legacy INTx
+interrupts with the code as is.
+
+Signed-off-by: Dean Nelson <dnelson@redhat.com>
+Tested-by: Emil Tantilov <emil.s.tantilov@intel.com>
+Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/e1000e/netdev.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/e1000e/netdev.c
++++ b/drivers/net/e1000e/netdev.c
+@@ -3073,13 +3073,18 @@ static int e1000_test_msi(struct e1000_a
+
+ /* disable SERR in case the MSI write causes a master abort */
+ pci_read_config_word(adapter->pdev, PCI_COMMAND, &pci_cmd);
+- pci_write_config_word(adapter->pdev, PCI_COMMAND,
+- pci_cmd & ~PCI_COMMAND_SERR);
++ if (pci_cmd & PCI_COMMAND_SERR)
++ pci_write_config_word(adapter->pdev, PCI_COMMAND,
++ pci_cmd & ~PCI_COMMAND_SERR);
+
+ err = e1000_test_msi_interrupt(adapter);
+
+- /* restore previous setting of command word */
+- pci_write_config_word(adapter->pdev, PCI_COMMAND, pci_cmd);
++ /* re-enable SERR */
++ if (pci_cmd & PCI_COMMAND_SERR) {
++ pci_read_config_word(adapter->pdev, PCI_COMMAND, &pci_cmd);
++ pci_cmd |= PCI_COMMAND_SERR;
++ pci_write_config_word(adapter->pdev, PCI_COMMAND, pci_cmd);
++ }
+
+ /* success ! */
+ if (!err)
--- /dev/null
+From d28232b461b8d54b09e59325dbac8b0913ce2049 Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Thu, 29 Jul 2010 11:37:41 +0200
+Subject: iwlwifi: fix scan abort
+
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+
+commit d28232b461b8d54b09e59325dbac8b0913ce2049 upstream.
+
+Fix possible double priv->mutex lock introduced by commit
+a69b03e941abae00380fc6bc1877fb797a1b31e6
+"iwlwifi: cancel scan watchdog in iwl_bg_abort_scan" .
+We can not call cancel_delayed_work_sync(&priv->scan_check) with
+priv->mutex locked because workqueue function iwl_bg_scan_check()
+take that lock internally.
+
+We do not need to synchronize when canceling priv->scan_check work.
+We can avoid races (sending double abort command or send no
+command at all) using STATUS_SCAN_ABORT bit. Moreover
+current iwl_bg_scan_check() code seems to be broken, as
+we should not send abort commands when currently aborting.
+
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/iwlwifi/iwl-scan.c | 18 ++++++++----------
+ 1 file changed, 8 insertions(+), 10 deletions(-)
+
+--- a/drivers/net/wireless/iwlwifi/iwl-scan.c
++++ b/drivers/net/wireless/iwlwifi/iwl-scan.c
+@@ -497,11 +497,10 @@ void iwl_bg_scan_check(struct work_struc
+ return;
+
+ mutex_lock(&priv->mutex);
+- if (test_bit(STATUS_SCANNING, &priv->status) ||
+- test_bit(STATUS_SCAN_ABORTING, &priv->status)) {
+- IWL_DEBUG_SCAN(priv, "Scan completion watchdog resetting "
+- "adapter (%dms)\n",
+- jiffies_to_msecs(IWL_SCAN_CHECK_WATCHDOG));
++ if (test_bit(STATUS_SCANNING, &priv->status) &&
++ !test_bit(STATUS_SCAN_ABORTING, &priv->status)) {
++ IWL_DEBUG_SCAN(priv, "Scan completion watchdog (%dms)\n",
++ jiffies_to_msecs(IWL_SCAN_CHECK_WATCHDOG));
+
+ if (!test_bit(STATUS_EXIT_PENDING, &priv->status))
+ iwl_send_scan_abort(priv);
+@@ -797,12 +796,11 @@ void iwl_bg_abort_scan(struct work_struc
+ !test_bit(STATUS_GEO_CONFIGURED, &priv->status))
+ return;
+
+- mutex_lock(&priv->mutex);
+-
+- cancel_delayed_work_sync(&priv->scan_check);
+- set_bit(STATUS_SCAN_ABORTING, &priv->status);
+- iwl_send_scan_abort(priv);
++ cancel_delayed_work(&priv->scan_check);
+
++ mutex_lock(&priv->mutex);
++ if (test_bit(STATUS_SCAN_ABORTING, &priv->status))
++ iwl_send_scan_abort(priv);
+ mutex_unlock(&priv->mutex);
+ }
+ EXPORT_SYMBOL(iwl_bg_abort_scan);
--- /dev/null
+From d9b68e5e88248bb24fd4e455588bea1d56108fd6 Mon Sep 17 00:00:00 2001
+From: Kyle McMartin <kyle@mcmartin.ca>
+Date: Tue, 3 Aug 2010 20:38:08 -0400
+Subject: parisc: pass through '\t' to early (iodc) console
+
+From: Kyle McMartin <kyle@mcmartin.ca>
+
+commit d9b68e5e88248bb24fd4e455588bea1d56108fd6 upstream.
+
+The firmware handles '\t' internally, so stop trying to emulate it
+(which, incidentally, had a bug in it.)
+
+Fixes a really weird hang at bootup in rcu_bootup_announce, which,
+as far as I can tell, is the first printk in the core kernel to use
+a tab as the first character.
+
+Signed-off-by: Kyle McMartin <kyle@parisc-linux.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/parisc/kernel/firmware.c | 12 ++----------
+ 1 file changed, 2 insertions(+), 10 deletions(-)
+
+--- a/arch/parisc/kernel/firmware.c
++++ b/arch/parisc/kernel/firmware.c
+@@ -1123,7 +1123,6 @@ static char __attribute__((aligned(64)))
+ */
+ int pdc_iodc_print(const unsigned char *str, unsigned count)
+ {
+- static int posx; /* for simple TAB-Simulation... */
+ unsigned int i;
+ unsigned long flags;
+
+@@ -1133,19 +1132,12 @@ int pdc_iodc_print(const unsigned char *
+ iodc_dbuf[i+0] = '\r';
+ iodc_dbuf[i+1] = '\n';
+ i += 2;
+- posx = 0;
+ goto print;
+- case '\t':
+- while (posx & 7) {
+- iodc_dbuf[i] = ' ';
+- i++, posx++;
+- }
+- break;
+ case '\b': /* BS */
+- posx -= 2;
++ i--; /* overwrite last */
+ default:
+ iodc_dbuf[i] = str[i];
+- i++, posx++;
++ i++;
+ break;
+ }
+ }
--- /dev/null
+From 1817176a86352f65210139d4c794ad2d19fc6b63 Mon Sep 17 00:00:00 2001
+From: Dan Rosenberg <dan.j.rosenberg@gmail.com>
+Date: Thu, 24 Jun 2010 12:07:47 +1000
+Subject: xfs: prevent swapext from operating on write-only files
+
+From: Dan Rosenberg <dan.j.rosenberg@gmail.com>
+
+commit 1817176a86352f65210139d4c794ad2d19fc6b63 upstream.
+
+This patch prevents user "foo" from using the SWAPEXT ioctl to swap
+a write-only file owned by user "bar" into a file owned by "foo" and
+subsequently reading it. It does so by checking that the file
+descriptors passed to the ioctl are also opened for reading.
+
+Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/xfs/xfs_dfrag.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/fs/xfs/xfs_dfrag.c
++++ b/fs/xfs/xfs_dfrag.c
+@@ -62,7 +62,9 @@ xfs_swapext(
+ goto out;
+ }
+
+- if (!(file->f_mode & FMODE_WRITE) || (file->f_flags & O_APPEND)) {
++ if (!(file->f_mode & FMODE_WRITE) ||
++ !(file->f_mode & FMODE_READ) ||
++ (file->f_flags & O_APPEND)) {
+ error = XFS_ERROR(EBADF);
+ goto out_put_file;
+ }
+@@ -74,6 +76,7 @@ xfs_swapext(
+ }
+
+ if (!(target_file->f_mode & FMODE_WRITE) ||
++ !(target_file->f_mode & FMODE_READ) ||
+ (target_file->f_flags & O_APPEND)) {
+ error = XFS_ERROR(EBADF);
+ goto out_put_target_file;
projects / thirdparty / kernel / stable-queue.git / commitdiff
