--- /dev/null
+From gregkh@mini.kroah.org Tue Nov 20 10:19:50 2007
+Message-Id: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:33 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk
+Subject: [patch 00/29] 2.6.23-stable review
+Content-Length: 894
+Lines: 21
+
+This is the start of the stable review cycle for the 2.6.23.9 release.
+There are 29 patches in this series, all will be posted as a response to
+this one. If anyone has any issues with these being applied, please let
+us know. If anyone is a maintainer of the proper subsystem, and wants
+to add a Signed-off-by: line to the patch, please respond with it.
+
+I would especially like people who experienced the softlockup messages
+in their kernel logs on 2.6.23.8 to test this series to make sure that
+everything is now working properly.
+
+These patches are sent out with a number of different people on the Cc:
+line. If you wish to be a reviewer, please email stable@kernel.org to
+add your name to the list. If you want to be off the reviewer list,
+also email us.
+
+Responses should be made by Friday, Nov 23, 00:00:00 UTC. Anything
+received after that time might be too late.
+
+thanks,
+
+greg k-h
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:50 2007
+Message-Id: <20071120181950.063004216@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:34 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Olof Johansson <olof@lixom.net>,
+ Jean Delvare <khali@linux-fr.org>
+Subject: [patch 01/29] i2c-pasemi: Fix NACK detection
+Content-Disposition: inline; filename=i2c-pasemi-fix-nack-detection.patch
+Content-Length: 1248
+Lines: 44
+
+2.6.23-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+From: Jean Delvare <khali@linux-fr.org>
+
+patch be8a1f7cd4501c3b4b32543577a33aee6d2193ac in mainline.
+
+Turns out we don't actually check the status to see if there was a
+device out there to talk to, just if we had a timeout when doing so.
+
+Add the proper check, so we don't falsly think there are devices
+on the bus that are not there, etc.
+
+Signed-off-by: Olof Johansson <olof@lixom.net>
+Signed-off-by: Jean Delvare <khali@linux-fr.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/i2c/busses/i2c-pasemi.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/i2c/busses/i2c-pasemi.c
++++ b/drivers/i2c/busses/i2c-pasemi.c
+@@ -51,6 +51,7 @@ struct pasemi_smbus {
+ #define MRXFIFO_DATA_M 0x000000ff
+
+ #define SMSTA_XEN 0x08000000
++#define SMSTA_MTN 0x00200000
+
+ #define CTL_MRR 0x00000400
+ #define CTL_MTR 0x00000200
+@@ -98,6 +99,10 @@ static unsigned int pasemi_smb_waitready
+ status = reg_read(smbus, REG_SMSTA);
+ }
+
++ /* Got NACK? */
++ if (status & SMSTA_MTN)
++ return -ENXIO;
++
+ if (timeout < 0) {
+ dev_warn(&smbus->dev->dev, "Timeout, status 0x%08x\n", status);
+ reg_write(smbus, REG_SMSTA, status);
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:50 2007
+Message-Id: <20071120181950.224306604@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:35 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Jean Delvare <khali@linux-fr.org>
+Subject: [patch 02/29] i2c/eeprom: Recognize VGN as a valid Sony Vaio name prefix
+Content-Disposition: inline; filename=i2c-eeprom-recognize-vgn-as-a-valid-sony-vaio-name-prefix.patch
+Content-Length: 1720
+Lines: 50
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Jean Delvare <khali@linux-fr.org>
+
+patch 8b925a3dd8a4d7451092cb9aa11da727ba69e0f0 in mainline.
+
+Recent (i.e. 2005 and later) Sony Vaio laptops have names beginning
+with VGN rather than PCG. Update the eeprom driver so that it
+recognizes these.
+
+Why this matters: the eeprom driver hides private data from the
+EEPROMs it recognizes as Vaio EEPROMs (passwords, serial number...) so
+if the driver fails to recognize a Vaio EEPROM as such, the private
+data is exposed to the world.
+
+Signed-off-by: Jean Delvare <khali@linux-fr.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/i2c/chips/eeprom.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+--- a/drivers/i2c/chips/eeprom.c
++++ b/drivers/i2c/chips/eeprom.c
+@@ -197,12 +197,16 @@ static int eeprom_detect(struct i2c_adap
+ goto exit_kfree;
+
+ /* Detect the Vaio nature of EEPROMs.
+- We use the "PCG-" prefix as the signature. */
++ We use the "PCG-" or "VGN-" prefix as the signature. */
+ if (address == 0x57) {
+- if (i2c_smbus_read_byte_data(new_client, 0x80) == 'P'
+- && i2c_smbus_read_byte(new_client) == 'C'
+- && i2c_smbus_read_byte(new_client) == 'G'
+- && i2c_smbus_read_byte(new_client) == '-') {
++ char name[4];
++
++ name[0] = i2c_smbus_read_byte_data(new_client, 0x80);
++ name[1] = i2c_smbus_read_byte(new_client);
++ name[2] = i2c_smbus_read_byte(new_client);
++ name[3] = i2c_smbus_read_byte(new_client);
++
++ if (!memcmp(name, "PCG-", 4) || !memcmp(name, "VGN-", 4)) {
+ dev_info(&new_client->dev, "Vaio EEPROM detected, "
+ "enabling password protection\n");
+ data->nature = VAIO;
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:50 2007
+Message-Id: <20071120181950.380983069@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:36 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Jean Delvare <khali@linux-fr.org>
+Subject: [patch 03/29] i2c/eeprom: Hide Sony Vaio serial numbers
+Content-Disposition: inline; filename=i2c-eeprom-hide-sony-vaio-serial-numbers.patch
+Content-Length: 2071
+Lines: 63
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Jean Delvare <khali@linux-fr.org>
+
+patch 0f2cbd38aa377e30df3b7602abed69464d1970aa in mainline.
+
+The sysfs interface to DMI data takes care to not make the system
+serial number and UUID world-readable, presumably due to privacy
+concerns. For consistency, we should not let the eeprom driver
+export these same strings to the world on Sony Vaio laptops.
+Instead, only make them readable by root, as we already do for BIOS
+passwords.
+
+Signed-off-by: Jean Delvare <khali@linux-fr.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/i2c/chips/eeprom.c | 23 +++++++++++++++--------
+ 1 file changed, 15 insertions(+), 8 deletions(-)
+
+--- a/drivers/i2c/chips/eeprom.c
++++ b/drivers/i2c/chips/eeprom.c
+@@ -128,13 +128,20 @@ static ssize_t eeprom_read(struct kobjec
+ for (slice = off >> 5; slice <= (off + count - 1) >> 5; slice++)
+ eeprom_update_client(client, slice);
+
+- /* Hide Vaio security settings to regular users (16 first bytes) */
+- if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) {
+- size_t in_row1 = 16 - off;
+- in_row1 = min(in_row1, count);
+- memset(buf, 0, in_row1);
+- if (count - in_row1 > 0)
+- memcpy(buf + in_row1, &data->data[16], count - in_row1);
++ /* Hide Vaio private settings to regular users:
++ - BIOS passwords: bytes 0x00 to 0x0f
++ - UUID: bytes 0x10 to 0x1f
++ - Serial number: 0xc0 to 0xdf */
++ if (data->nature == VAIO && !capable(CAP_SYS_ADMIN)) {
++ int i;
++
++ for (i = 0; i < count; i++) {
++ if ((off + i <= 0x1f) ||
++ (off + i >= 0xc0 && off + i <= 0xdf))
++ buf[i] = 0;
++ else
++ buf[i] = data->data[off + i];
++ }
+ } else {
+ memcpy(buf, &data->data[off], count);
+ }
+@@ -208,7 +215,7 @@ static int eeprom_detect(struct i2c_adap
+
+ if (!memcmp(name, "PCG-", 4) || !memcmp(name, "VGN-", 4)) {
+ dev_info(&new_client->dev, "Vaio EEPROM detected, "
+- "enabling password protection\n");
++ "enabling privacy protection\n");
+ data->nature = VAIO;
+ }
+ }
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:50 2007
+Message-Id: <20071120181950.537809912@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:37 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Geert.Uytterhoeven@sonycom.com,
+ lizf@cn.fujitsu.com
+Subject: [patch 04/29] drivers/video/ps3fb: fix memset size error
+Content-Disposition: inline; filename=drivers-video-ps3fb-fix-memset-size-error.patch
+Content-Length: 914
+Lines: 35
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Li Zefan <lizf@cn.fujitsu.com>
+
+patch 3cc2c17700c98b0af778566b0af6292b23b01430 in mainline.
+
+The size passing to memset is wrong.
+
+Signed-off-by Li Zefan <lizf@cn.fujitsu.com>
+Acked-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ drivers/video/ps3fb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/video/ps3fb.c
++++ b/drivers/video/ps3fb.c
+@@ -659,7 +659,7 @@ static int ps3fb_blank(int blank, struct
+
+ static int ps3fb_get_vblank(struct fb_vblank *vblank)
+ {
+- memset(vblank, 0, sizeof(&vblank));
++ memset(vblank, 0, sizeof(*vblank));
+ vblank->flags = FB_VBLANK_HAVE_VSYNC;
+ return 0;
+ }
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:50 2007
+Message-Id: <20071120181950.694036505@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:38 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ phil.el@wanadoo.fr,
+ safari-kernel@safari.iki.fi
+Subject: [patch 05/29] oProfile: oops when profile_pc() returns ~0LU
+Content-Disposition: inline; filename=oprofile-oops-when-profile_pc-returns-0lu.patch
+Content-Length: 2726
+Lines: 85
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Philippe Elie <phil.el@wanadoo.fr>
+
+patch df9d177aa28d50e64bae6fbd6b263833079e3571 in mainline.
+
+Instruction pointer returned by profile_pc() can be a random value. This
+break the assumption than we can safely set struct op_sample.eip field to a
+magic value to signal to the per-cpu buffer reader side special event like
+task switch ending up in a segfault in get_task_mm() when profile_pc()
+return ~0UL. Fixed by sanitizing the sampled eip and reject/log invalid
+eip.
+
+Problem reported by Sami Farin, patch tested by him.
+
+Signed-off-by: Philippe Elie <phil.el@wanadoo.fr>
+Tested-by: Sami Farin <safari-kernel@safari.iki.fi>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/oprofile/cpu_buffer.c | 7 +++++++
+ drivers/oprofile/cpu_buffer.h | 1 +
+ drivers/oprofile/oprofile_stats.c | 4 ++++
+ 3 files changed, 12 insertions(+)
+
+--- a/drivers/oprofile/cpu_buffer.c
++++ b/drivers/oprofile/cpu_buffer.c
+@@ -64,6 +64,8 @@ int alloc_cpu_buffers(void)
+ b->head_pos = 0;
+ b->sample_received = 0;
+ b->sample_lost_overflow = 0;
++ b->backtrace_aborted = 0;
++ b->sample_invalid_eip = 0;
+ b->cpu = i;
+ INIT_DELAYED_WORK(&b->work, wq_sync_buffer);
+ }
+@@ -175,6 +177,11 @@ static int log_sample(struct oprofile_cp
+
+ cpu_buf->sample_received++;
+
++ if (pc == ESCAPE_CODE) {
++ cpu_buf->sample_invalid_eip++;
++ return 0;
++ }
++
+ if (nr_available_slots(cpu_buf) < 3) {
+ cpu_buf->sample_lost_overflow++;
+ return 0;
+--- a/drivers/oprofile/cpu_buffer.h
++++ b/drivers/oprofile/cpu_buffer.h
+@@ -42,6 +42,7 @@ struct oprofile_cpu_buffer {
+ unsigned long sample_received;
+ unsigned long sample_lost_overflow;
+ unsigned long backtrace_aborted;
++ unsigned long sample_invalid_eip;
+ int cpu;
+ struct delayed_work work;
+ } ____cacheline_aligned;
+--- a/drivers/oprofile/oprofile_stats.c
++++ b/drivers/oprofile/oprofile_stats.c
+@@ -26,6 +26,8 @@ void oprofile_reset_stats(void)
+ cpu_buf = &cpu_buffer[i];
+ cpu_buf->sample_received = 0;
+ cpu_buf->sample_lost_overflow = 0;
++ cpu_buf->backtrace_aborted = 0;
++ cpu_buf->sample_invalid_eip = 0;
+ }
+
+ atomic_set(&oprofile_stats.sample_lost_no_mm, 0);
+@@ -61,6 +63,8 @@ void oprofile_create_stats_files(struct
+ &cpu_buf->sample_lost_overflow);
+ oprofilefs_create_ro_ulong(sb, cpudir, "backtrace_aborted",
+ &cpu_buf->backtrace_aborted);
++ oprofilefs_create_ro_ulong(sb, cpudir, "sample_invalid_eip",
++ &cpu_buf->sample_invalid_eip);
+ }
+
+ oprofilefs_create_ro_atomic(sb, dir, "sample_lost_no_mm",
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:50 2007
+Message-Id: <20071120181950.850656256@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:39 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ joel.bertrand@systella.fr,
+ neilb@suse.de,
+ dan.j.williams@intel.com
+Subject: [patch 06/29] raid5: fix unending write sequence
+Content-Disposition: inline; filename=raid5-fix-unending-write-sequence.patch
+Content-Length: 4258
+Lines: 112
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Dan Williams <dan.j.williams@intel.com>
+
+patch 6c55be8b962f1bdc592d579e81fc27b11ea53dfc in mainline.
+
+<debug output from Joel's system>
+handling stripe 7629696, state=0x14 cnt=1, pd_idx=2 ops=0:0:0
+check 5: state 0x6 toread 0000000000000000 read 0000000000000000 write fffff800ffcffcc0 written 0000000000000000
+check 4: state 0x6 toread 0000000000000000 read 0000000000000000 write fffff800fdd4e360 written 0000000000000000
+check 3: state 0x1 toread 0000000000000000 read 0000000000000000 write 0000000000000000 written 0000000000000000
+check 2: state 0x1 toread 0000000000000000 read 0000000000000000 write 0000000000000000 written 0000000000000000
+check 1: state 0x6 toread 0000000000000000 read 0000000000000000 write fffff800ff517e40 written 0000000000000000
+check 0: state 0x6 toread 0000000000000000 read 0000000000000000 write fffff800fd4cae60 written 0000000000000000
+locked=4 uptodate=2 to_read=0 to_write=4 failed=0 failed_num=0
+for sector 7629696, rmw=0 rcw=0
+</debug>
+
+These blocks were prepared to be written out, but were never handled in
+ops_run_biodrain(), so they remain locked forever. The operations flags
+are all clear which means handle_stripe() thinks nothing else needs to be
+done.
+
+This state suggests that the STRIPE_OP_PREXOR bit was sampled 'set' when it
+should not have been. This patch cleans up cases where the code looks at
+sh->ops.pending when it should be looking at the consistent stack-based
+snapshot of the operations flags.
+
+Report from Joel:
+ Resync done. Patch fix this bug.
+
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Tested-by: Joel Bertrand <joel.bertrand@systella.fr>
+Cc: <stable@kernel.org>
+Cc: Neil Brown <neilb@suse.de>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/md/raid5.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+--- a/drivers/md/raid5.c
++++ b/drivers/md/raid5.c
+@@ -689,7 +689,8 @@ ops_run_prexor(struct stripe_head *sh, s
+ }
+
+ static struct dma_async_tx_descriptor *
+-ops_run_biodrain(struct stripe_head *sh, struct dma_async_tx_descriptor *tx)
++ops_run_biodrain(struct stripe_head *sh, struct dma_async_tx_descriptor *tx,
++ unsigned long pending)
+ {
+ int disks = sh->disks;
+ int pd_idx = sh->pd_idx, i;
+@@ -697,7 +698,7 @@ ops_run_biodrain(struct stripe_head *sh,
+ /* check if prexor is active which means only process blocks
+ * that are part of a read-modify-write (Wantprexor)
+ */
+- int prexor = test_bit(STRIPE_OP_PREXOR, &sh->ops.pending);
++ int prexor = test_bit(STRIPE_OP_PREXOR, &pending);
+
+ pr_debug("%s: stripe %llu\n", __FUNCTION__,
+ (unsigned long long)sh->sector);
+@@ -774,7 +775,8 @@ static void ops_complete_write(void *str
+ }
+
+ static void
+-ops_run_postxor(struct stripe_head *sh, struct dma_async_tx_descriptor *tx)
++ops_run_postxor(struct stripe_head *sh, struct dma_async_tx_descriptor *tx,
++ unsigned long pending)
+ {
+ /* kernel stack size limits the total number of disks */
+ int disks = sh->disks;
+@@ -782,7 +784,7 @@ ops_run_postxor(struct stripe_head *sh,
+
+ int count = 0, pd_idx = sh->pd_idx, i;
+ struct page *xor_dest;
+- int prexor = test_bit(STRIPE_OP_PREXOR, &sh->ops.pending);
++ int prexor = test_bit(STRIPE_OP_PREXOR, &pending);
+ unsigned long flags;
+ dma_async_tx_callback callback;
+
+@@ -809,7 +811,7 @@ ops_run_postxor(struct stripe_head *sh,
+ }
+
+ /* check whether this postxor is part of a write */
+- callback = test_bit(STRIPE_OP_BIODRAIN, &sh->ops.pending) ?
++ callback = test_bit(STRIPE_OP_BIODRAIN, &pending) ?
+ ops_complete_write : ops_complete_postxor;
+
+ /* 1/ if we prexor'd then the dest is reused as a source
+@@ -897,12 +899,12 @@ static void raid5_run_ops(struct stripe_
+ tx = ops_run_prexor(sh, tx);
+
+ if (test_bit(STRIPE_OP_BIODRAIN, &pending)) {
+- tx = ops_run_biodrain(sh, tx);
++ tx = ops_run_biodrain(sh, tx, pending);
+ overlap_clear++;
+ }
+
+ if (test_bit(STRIPE_OP_POSTXOR, &pending))
+- ops_run_postxor(sh, tx);
++ ops_run_postxor(sh, tx, pending);
+
+ if (test_bit(STRIPE_OP_CHECK, &pending))
+ ops_run_check(sh);
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:51 2007
+Message-Id: <20071120181951.004886951@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:40 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Roland <devzero@web.de>,
+ Neil Brown <neilb@suse.de>,
+ "J. Bruce Fields" <bfields@citi.umich.edu>,
+ nfs@lists.sourceforge.net,
+ Andreas Gruenbacher <agruen@suse.de>
+Subject: [patch 07/29] knfsd: fix spurious EINVAL errors on first access of new filesystem
+Content-Disposition: inline; filename=knfsd-fix-spurious-einval-errors-on-first-access-of-new-filesystem.patch
+Content-Length: 1730
+Lines: 52
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: J. Bruce Fields <bfields@citi.umich.edu>
+
+patch ac8587dcb58e40dd336d99d60f852041e06cc3dd in mainline.
+
+The v2/v3 acl code in nfsd is translating any return from fh_verify() to
+nfserr_inval. This is particularly unfortunate in the case of an
+nfserr_dropit return, which is an internal error meant to indicate to
+callers that this request has been deferred and should just be dropped
+pending the results of an upcall to mountd.
+
+Thanks to Roland <devzero@web.de> for bug report and data collection.
+
+Cc: Roland <devzero@web.de>
+Acked-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
+Reviewed-By: NeilBrown <neilb@suse.de>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/nfsd/nfs2acl.c | 2 +-
+ fs/nfsd/nfs3acl.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/fs/nfsd/nfs2acl.c
++++ b/fs/nfsd/nfs2acl.c
+@@ -41,7 +41,7 @@ static __be32 nfsacld_proc_getacl(struct
+
+ fh = fh_copy(&resp->fh, &argp->fh);
+ if ((nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP)))
+- RETURN_STATUS(nfserr_inval);
++ RETURN_STATUS(nfserr);
+
+ if (argp->mask & ~(NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT))
+ RETURN_STATUS(nfserr_inval);
+--- a/fs/nfsd/nfs3acl.c
++++ b/fs/nfsd/nfs3acl.c
+@@ -37,7 +37,7 @@ static __be32 nfsd3_proc_getacl(struct s
+
+ fh = fh_copy(&resp->fh, &argp->fh);
+ if ((nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP)))
+- RETURN_STATUS(nfserr_inval);
++ RETURN_STATUS(nfserr);
+
+ if (argp->mask & ~(NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT))
+ RETURN_STATUS(nfserr_inval);
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:51 2007
+Message-Id: <20071120181951.158359614@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:41 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Neil Brown <neilb@suse.de>,
+ "J. Bruce Fields" <bfields@citi.umich.edu>,
+ nfs@lists.sourceforge.net
+Subject: [patch 08/29] nfsd4: recheck for secure ports in fh_verify
+Content-Disposition: inline; filename=nfsd4-recheck-for-secure-ports-in-fh_verify.patch
+Content-Length: 3429
+Lines: 109
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: J. Bruce Fields <bfields@citi.umich.edu>
+
+patch 6fa02839bf9412e18e773d04e96182b4cd0b5d57 in mainline.
+
+As with
+
+ 7fc90ec93a5eb71f4b08... "call nfsd_setuser() on fh_compose()..."
+
+this is a case where we need to redo a security check in fh_verify()
+even though the filehandle already has an associated dentry--if the
+filehandle was created by fh_compose() in an earlier operation of the
+nfsv4 compound, then we may not have done these checks yet.
+
+Without this fix it is possible, for example, to traverse from an export
+without the secure ports requirement to one with it in a single
+compound, and bypass the secure port check on the new export.
+
+While we're here, fix up some minor style problems and change a printk()
+to a dprintk(), to make it harder for random unprivileged users to spam
+the logs.
+
+Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
+Reviewed-By: NeilBrown <neilb@suse.de>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/nfsd/nfsfh.c | 43 ++++++++++++++++++++++++++-----------------
+ 1 file changed, 26 insertions(+), 17 deletions(-)
+
+--- a/fs/nfsd/nfsfh.c
++++ b/fs/nfsd/nfsfh.c
+@@ -95,6 +95,22 @@ nfsd_mode_check(struct svc_rqst *rqstp,
+ return 0;
+ }
+
++static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp,
++ struct svc_export *exp)
++{
++ /* Check if the request originated from a secure port. */
++ if (!rqstp->rq_secure && EX_SECURE(exp)) {
++ char buf[RPC_MAX_ADDRBUFLEN];
++ dprintk(KERN_WARNING
++ "nfsd: request from insecure port %s!\n",
++ svc_print_addr(rqstp, buf, sizeof(buf)));
++ return nfserr_perm;
++ }
++
++ /* Set user creds for this exportpoint */
++ return nfserrno(nfsd_setuser(rqstp, exp));
++}
++
+ /*
+ * Perform sanity checks on the dentry in a client's file handle.
+ *
+@@ -167,18 +183,7 @@ fh_verify(struct svc_rqst *rqstp, struct
+ goto out;
+ }
+
+- /* Check if the request originated from a secure port. */
+- error = nfserr_perm;
+- if (!rqstp->rq_secure && EX_SECURE(exp)) {
+- char buf[RPC_MAX_ADDRBUFLEN];
+- printk(KERN_WARNING
+- "nfsd: request from insecure port %s!\n",
+- svc_print_addr(rqstp, buf, sizeof(buf)));
+- goto out;
+- }
+-
+- /* Set user creds for this exportpoint */
+- error = nfserrno(nfsd_setuser(rqstp, exp));
++ error = nfsd_setuser_and_check_port(rqstp, exp);
+ if (error)
+ goto out;
+
+@@ -227,18 +232,22 @@ fh_verify(struct svc_rqst *rqstp, struct
+ fhp->fh_export = exp;
+ nfsd_nr_verified++;
+ } else {
+- /* just rechecking permissions
+- * (e.g. nfsproc_create calls fh_verify, then nfsd_create does as well)
++ /*
++ * just rechecking permissions
++ * (e.g. nfsproc_create calls fh_verify, then nfsd_create
++ * does as well)
+ */
+ dprintk("nfsd: fh_verify - just checking\n");
+ dentry = fhp->fh_dentry;
+ exp = fhp->fh_export;
+- /* Set user creds for this exportpoint; necessary even
++ /*
++ * Set user creds for this exportpoint; necessary even
+ * in the "just checking" case because this may be a
+ * filehandle that was created by fh_compose, and that
+ * is about to be used in another nfsv4 compound
+- * operation */
+- error = nfserrno(nfsd_setuser(rqstp, exp));
++ * operation.
++ */
++ error = nfsd_setuser_and_check_port(rqstp, exp);
+ if (error)
+ goto out;
+ }
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:51 2007
+Message-Id: <20071120181951.313751277@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:42 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ shannon.nelson@intel.com,
+ dan.j.williams@intel.com,
+ hskinnemoen@atmel.com
+Subject: [patch 09/29] dmaengine: fix broken device refcounting
+Content-Disposition: inline; filename=dmaengine-fix-broken-device-refcounting.patch
+Content-Length: 2452
+Lines: 83
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Haavard Skinnemoen <hskinnemoen@atmel.com>
+
+patch 348badf1e825323c419dd118f65783db0f7d2ec8 in mainline.
+
+When a DMA device is unregistered, its reference count is decremented twice
+for each channel: Once dma_class_dev_release() and once in
+dma_chan_cleanup(). This may result in the DMA device driver's remove()
+function completing before all channels have been cleaned up, causing lots
+of use-after-free fun.
+
+Fix it by incrementing the device's reference count twice for each
+channel during registration.
+
+[dan.j.williams@intel.com: kill unnecessary client refcounting]
+Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Signed-off-by: Shannon Nelson <shannon.nelson@intel.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ drivers/dma/dmaengine.c | 17 ++++++-----------
+ 1 file changed, 6 insertions(+), 11 deletions(-)
+
+--- a/drivers/dma/dmaengine.c
++++ b/drivers/dma/dmaengine.c
+@@ -182,10 +182,9 @@ static void dma_client_chan_alloc(struct
+ /* we are done once this client rejects
+ * an available resource
+ */
+- if (ack == DMA_ACK) {
++ if (ack == DMA_ACK)
+ dma_chan_get(chan);
+- kref_get(&device->refcount);
+- } else if (ack == DMA_NAK)
++ else if (ack == DMA_NAK)
+ return;
+ }
+ }
+@@ -272,11 +271,8 @@ static void dma_clients_notify_removed(s
+ /* client was holding resources for this channel so
+ * free it
+ */
+- if (ack == DMA_ACK) {
++ if (ack == DMA_ACK)
+ dma_chan_put(chan);
+- kref_put(&chan->device->refcount,
+- dma_async_device_cleanup);
+- }
+ }
+
+ mutex_unlock(&dma_list_mutex);
+@@ -316,11 +312,8 @@ void dma_async_client_unregister(struct
+ ack = client->event_callback(client, chan,
+ DMA_RESOURCE_REMOVED);
+
+- if (ack == DMA_ACK) {
++ if (ack == DMA_ACK)
+ dma_chan_put(chan);
+- kref_put(&chan->device->refcount,
+- dma_async_device_cleanup);
+- }
+ }
+
+ list_del(&client->global_node);
+@@ -397,6 +390,8 @@ int dma_async_device_register(struct dma
+ goto err_out;
+ }
+
++ /* One for the channel, one of the class device */
++ kref_get(&device->refcount);
+ kref_get(&device->refcount);
+ kref_init(&chan->refcount);
+ chan->slow_ref = 0;
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:51 2007
+Message-Id: <20071120181951.468602057@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:43 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ mitov@issp.bas.bg,
+ ak@suse.de,
+ tglx@linutronix.de,
+ mingo@elte.hu
+Subject: [patch 10/29] x86: disable preemption in delay_tsc()
+Content-Disposition: inline; filename=x86-disable-preemption-in-delay_tsc.patch
+Content-Length: 1963
+Lines: 86
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Andrew Morton <akpm@linux-foundation.org>
+
+patch 35d5d08a085c56f153458c3f5d8ce24123617faf in mainline.
+
+Marin Mitov points out that delay_tsc() can misbehave if it is preempted and
+rescheduled on a different CPU which has a skewed TSC. Fix it by disabling
+preemption.
+
+(I assume that the worst-case behaviour here is a stall of 2^32 cycles)
+
+Cc: Andi Kleen <ak@suse.de>
+Cc: Marin Mitov <mitov@issp.bas.bg>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/i386/lib/delay.c | 3 +++
+ arch/x86_64/lib/delay.c | 11 +++++++----
+ 2 files changed, 10 insertions(+), 4 deletions(-)
+
+--- a/arch/i386/lib/delay.c
++++ b/arch/i386/lib/delay.c
+@@ -12,6 +12,7 @@
+
+ #include <linux/module.h>
+ #include <linux/sched.h>
++#include <linux/preempt.h>
+ #include <linux/delay.h>
+
+ #include <asm/processor.h>
+@@ -42,11 +43,13 @@ static void delay_tsc(unsigned long loop
+ {
+ unsigned long bclock, now;
+
++ preempt_disable(); /* TSC's are per-cpu */
+ rdtscl(bclock);
+ do {
+ rep_nop();
+ rdtscl(now);
+ } while ((now-bclock) < loops);
++ preempt_enable();
+ }
+
+ /*
+--- a/arch/x86_64/lib/delay.c
++++ b/arch/x86_64/lib/delay.c
+@@ -10,7 +10,9 @@
+
+ #include <linux/module.h>
+ #include <linux/sched.h>
++#include <linux/preempt.h>
+ #include <linux/delay.h>
++
+ #include <asm/delay.h>
+ #include <asm/msr.h>
+
+@@ -27,14 +29,15 @@ int read_current_timer(unsigned long *ti
+ void __delay(unsigned long loops)
+ {
+ unsigned bclock, now;
+-
++
++ preempt_disable(); /* TSC's are pre-cpu */
+ rdtscl(bclock);
+- do
+- {
++ do {
+ rep_nop();
+ rdtscl(now);
+ }
+- while((now-bclock) < loops);
++ while ((now-bclock) < loops);
++ preempt_enable();
+ }
+ EXPORT_SYMBOL(__delay);
+
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:51 2007
+Message-Id: <20071120181951.623098164@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:44 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ maximlevitsky@gmail.com,
+ peterz@infradead.org,
+ jeffm@suse.com,
+ wfg@mail.ustc.edu.cn,
+ chris.mason@oracle.com
+Subject: [patch 11/29] reiserfs: dont drop PG_dirty when releasing sub-page-sized dirty file
+Content-Disposition: inline; filename=reiserfs-don-t-drop-pg_dirty-when-releasing-sub-page-sized-dirty-file.patch
+Content-Length: 3712
+Lines: 112
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Fengguang Wu <wfg@mail.ustc.edu.cn>
+
+patch c06a018fa5362fa9ed0768bd747c0fab26bc8849 in mainline.
+
+This is not a new problem in 2.6.23-git17. 2.6.22/2.6.23 is buggy in the
+same way.
+
+Reiserfs could accumulate dirty sub-page-size files until umount time.
+They cannot be synced to disk by pdflush routines or explicit `sync'
+commands. Only `umount' can do the trick.
+
+The direct cause is: the dirty page's PG_dirty is wrongly _cleared_.
+Call trace:
+ [<ffffffff8027e920>] cancel_dirty_page+0xd0/0xf0
+ [<ffffffff8816d470>] :reiserfs:reiserfs_cut_from_item+0x660/0x710
+ [<ffffffff8816d791>] :reiserfs:reiserfs_do_truncate+0x271/0x530
+ [<ffffffff8815872d>] :reiserfs:reiserfs_truncate_file+0xfd/0x3b0
+ [<ffffffff8815d3d0>] :reiserfs:reiserfs_file_release+0x1e0/0x340
+ [<ffffffff802a187c>] __fput+0xcc/0x1b0
+ [<ffffffff802a1ba6>] fput+0x16/0x20
+ [<ffffffff8029e676>] filp_close+0x56/0x90
+ [<ffffffff8029fe0d>] sys_close+0xad/0x110
+ [<ffffffff8020c41e>] system_call+0x7e/0x83
+
+Fix the bug by removing the cancel_dirty_page() call. Tests show that
+it causes no bad behaviors on various write sizes.
+
+=== for the patient ===
+Here are more detailed demonstrations of the problem.
+
+1) the page has both PG_dirty(D)/PAGECACHE_TAG_DIRTY(d) after being written to;
+ and then only PAGECACHE_TAG_DIRTY(d) remains after the file is closed.
+
+------------------------------ screen 0 ------------------------------
+[T0] root /home/wfg# cat > /test/tiny
+[T1] hi
+[T2] root /home/wfg#
+
+------------------------------ screen 1 ------------------------------
+[T1] root /home/wfg# echo /test/tiny > /proc/filecache
+[T1] root /home/wfg# cat /proc/filecache
+ # file /test/tiny
+ # flags R:referenced A:active M:mmap U:uptodate D:dirty W:writeback O:owner B:buffer d:dirty w:writeback
+ # idx len state refcnt
+ 0 1 ___UD__Bd_ 2
+[T2] root /home/wfg# cat /proc/filecache
+ # file /test/tiny
+ # flags R:referenced A:active M:mmap U:uptodate D:dirty W:writeback O:owner B:buffer d:dirty w:writeback
+ # idx len state refcnt
+ 0 1 ___U___Bd_ 2
+
+2) note the non-zero 'cancelled_write_bytes' after /tmp/hi is copied.
+
+------------------------------ screen 0 ------------------------------
+[T0] root /home/wfg# echo hi > /tmp/hi
+[T1] root /home/wfg# cp /tmp/hi /dev/stdin /test
+[T2] hi
+[T3] root /home/wfg#
+
+------------------------------ screen 1 ------------------------------
+[T1] root /proc/4397# cd /proc/`pidof cp`
+[T1] root /proc/4713# cat io
+ rchar: 8396
+ wchar: 3
+ syscr: 20
+ syscw: 1
+ read_bytes: 0
+ write_bytes: 20480
+ cancelled_write_bytes: 4096
+[T2] root /proc/4713# cat io
+ rchar: 8399
+ wchar: 6
+ syscr: 21
+ syscw: 2
+ read_bytes: 0
+ write_bytes: 24576
+ cancelled_write_bytes: 4096
+
+//Question: the 'write_bytes' is a bit more than expected ;-)
+
+Tested-by: Maxim Levitsky <maximlevitsky@gmail.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Jeff Mahoney <jeffm@suse.com>
+Signed-off-by: Fengguang Wu <wfg@mail.ustc.edu.cn>
+Reviewed-by: Chris Mason <chris.mason@oracle.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/reiserfs/stree.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/fs/reiserfs/stree.c
++++ b/fs/reiserfs/stree.c
+@@ -1458,9 +1458,6 @@ static void unmap_buffers(struct page *p
+ }
+ bh = next;
+ } while (bh != head);
+- if (PAGE_SIZE == bh->b_size) {
+- cancel_dirty_page(page, PAGE_CACHE_SIZE);
+- }
+ }
+ }
+ }
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:51 2007
+Message-Id: <20071120181951.782660426@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:45 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Tejun Heo <htejun@gmail.com>,
+ Jeff Garzik <jeff@garzik.org>,
+ Tobias Powalowski <t.powa@gmx.de>
+Subject: [patch 12/29] sata_sis: fix SCR read breakage
+Content-Disposition: inline; filename=sata_sis-fix-scr-read-breakage.patch
+Content-Length: 2071
+Lines: 69
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Tejun Heo <htejun@gmail.com>
+
+patch aaa092a114696f4425cd57c4d7fa05110007e247 in mainline.
+
+sata_sis: fix SCR read breakage
+
+SCR read for controllers which uses PCI configuration space for SCR
+access got broken while adding @val argument to SCR accessors. Fix
+it.
+
+Signed-off-by: Tejun Heo <htejun@gmail.com>
+Signed-off-by: Jeff Garzik <jeff@garzik.org>
+Cc: Tobias Powalowski <t.powa@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/ata/sata_sis.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+--- a/drivers/ata/sata_sis.c
++++ b/drivers/ata/sata_sis.c
+@@ -168,11 +168,11 @@ static unsigned int get_scr_cfg_addr(str
+ return addr;
+ }
+
+-static u32 sis_scr_cfg_read (struct ata_port *ap, unsigned int sc_reg)
++static u32 sis_scr_cfg_read (struct ata_port *ap, unsigned int sc_reg, u32 *val)
+ {
+ struct pci_dev *pdev = to_pci_dev(ap->host->dev);
+ unsigned int cfg_addr = get_scr_cfg_addr(ap, sc_reg);
+- u32 val, val2 = 0;
++ u32 val2 = 0;
+ u8 pmr;
+
+ if (sc_reg == SCR_ERROR) /* doesn't exist in PCI cfg space */
+@@ -180,13 +180,16 @@ static u32 sis_scr_cfg_read (struct ata_
+
+ pci_read_config_byte(pdev, SIS_PMR, &pmr);
+
+- pci_read_config_dword(pdev, cfg_addr, &val);
++ pci_read_config_dword(pdev, cfg_addr, val);
+
+ if ((pdev->device == 0x0182) || (pdev->device == 0x0183) ||
+ (pdev->device == 0x1182) || (pmr & SIS_PMR_COMBINED))
+ pci_read_config_dword(pdev, cfg_addr+0x10, &val2);
+
+- return (val|val2) & 0xfffffffb; /* avoid problems with powerdowned ports */
++ *val |= val2;
++ *val &= 0xfffffffb; /* avoid problems with powerdowned ports */
++
++ return 0;
+ }
+
+ static void sis_scr_cfg_write (struct ata_port *ap, unsigned int sc_reg, u32 val)
+@@ -216,7 +219,7 @@ static int sis_scr_read(struct ata_port
+ return -EINVAL;
+
+ if (ap->flags & SIS_FLAG_CFGSCR)
+- return sis_scr_cfg_read(ap, sc_reg);
++ return sis_scr_cfg_read(ap, sc_reg, val);
+
+ pci_read_config_byte(pdev, SIS_PMR, &pmr);
+
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:52 2007
+Message-Id: <20071120181951.942643646@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:46 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Jeff Garzik <jgarzik@redhat.com>,
+ Tobias Powalowski <t.powa@gmx.de>
+Subject: [patch 13/29] libata: sata_sis: use correct S/G table size
+Content-Disposition: inline; filename=libata-sata_sis-use-correct-s-g-table-size.patch
+Content-Length: 1065
+Lines: 35
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Jeff Garzik <jeff@garzik.org>
+
+patch 96af154710d44b574515431a0bb014888398a741 in mainline.
+
+[libata] sata_sis: use correct S/G table size
+
+sata_sis has the same restrictions as other SFF controllers, and so must
+use LIBATA_MAX_PRD to denote that SCSI may only fill ATA_MAX_PRD/2
+entries, due to our need to handle IOMMU merging.
+
+Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
+Cc: Tobias Powalowski <t.powa@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/ata/sata_sis.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/ata/sata_sis.c
++++ b/drivers/ata/sata_sis.c
+@@ -92,7 +92,7 @@ static struct scsi_host_template sis_sht
+ .queuecommand = ata_scsi_queuecmd,
+ .can_queue = ATA_DEF_QUEUE,
+ .this_id = ATA_SHT_THIS_ID,
+- .sg_tablesize = ATA_MAX_PRD,
++ .sg_tablesize = LIBATA_MAX_PRD,
+ .cmd_per_lun = ATA_SHT_CMD_PER_LUN,
+ .emulated = ATA_SHT_EMULATED,
+ .use_clustering = ATA_SHT_USE_CLUSTERING,
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:52 2007
+Message-Id: <20071120181952.096217446@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:47 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Alexey Starikovskiy <astarikovskiy@suse.de>,
+ Len Brown <len.brown@intel.com>,
+ Tobias Powalowski <t.powa@gmx.de>
+Subject: [patch 14/29] ACPI: VIDEO: Adjust current level to closest available one.
+Content-Disposition: inline; filename=acpi-video-adjust-current-level-to-closest-available-one.patch
+Content-Length: 1343
+Lines: 46
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Alexey Starikovskiy <astarikovskiy@suse.de>
+
+patch 63f0edfc0b7f8058f9d3f9b572615ec97ae011ba in mainline.
+
+ACPI: VIDEO: Adjust current level to closest available one.
+
+
+Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de>
+Signed-off-by: Len Brown <len.brown@intel.com>
+Cc: Tobias Powalowski <t.powa@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/acpi/video.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+--- a/drivers/acpi/video.c
++++ b/drivers/acpi/video.c
+@@ -1633,9 +1633,20 @@ static int
+ acpi_video_get_next_level(struct acpi_video_device *device,
+ u32 level_current, u32 event)
+ {
+- int min, max, min_above, max_below, i, l;
++ int min, max, min_above, max_below, i, l, delta = 255;
+ max = max_below = 0;
+ min = min_above = 255;
++ /* Find closest level to level_current */
++ for (i = 0; i < device->brightness->count; i++) {
++ l = device->brightness->levels[i];
++ if (abs(l - level_current) < abs(delta)) {
++ delta = l - level_current;
++ if (!delta)
++ break;
++ }
++ }
++ /* Ajust level_current to closest available level */
++ level_current += delta;
+ for (i = 0; i < device->brightness->count; i++) {
+ l = device->brightness->levels[i];
+ if (l < min)
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:52 2007
+Message-Id: <20071120181952.250793595@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:48 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Ingo Molnar <mingo@elte.hu>
+Subject: [patch 15/29] Fix divide-by-zero in the 2.6.23 scheduler code
+Content-Disposition: inline; filename=fix-divide-by-zero-in-the-2.6.23-scheduler-code.patch
+Content-Length: 2549
+Lines: 94
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Chuck Ebbert <cebbert@redhat.com>
+
+No patch in mainline as this logic has been removed from 2.6.24 so it is
+not necessary.
+
+
+https://bugzilla.redhat.com/show_bug.cgi?id=340161
+
+The problem code has been removed in 2.6.24. The below patch disables
+SCHED_FEAT_PRECISE_CPU_LOAD which causes the offending code to be skipped
+but does not prevent the user from enabling it.
+
+The divide-by-zero is here in kernel/sched.c:
+
+static void update_cpu_load(struct rq *this_rq)
+{
+ u64 fair_delta64, exec_delta64, idle_delta64, sample_interval64, tmp64;
+ unsigned long total_load = this_rq->ls.load.weight;
+ unsigned long this_load = total_load;
+ struct load_stat *ls = &this_rq->ls;
+ int i, scale;
+
+ this_rq->nr_load_updates++;
+ if (unlikely(!(sysctl_sched_features & SCHED_FEAT_PRECISE_CPU_LOAD)))
+ goto do_avg;
+
+ /* Update delta_fair/delta_exec fields first */
+ update_curr_load(this_rq);
+
+ fair_delta64 = ls->delta_fair + 1;
+ ls->delta_fair = 0;
+
+ exec_delta64 = ls->delta_exec + 1;
+ ls->delta_exec = 0;
+
+ sample_interval64 = this_rq->clock - ls->load_update_last;
+ ls->load_update_last = this_rq->clock;
+
+ if ((s64)sample_interval64 < (s64)TICK_NSEC)
+ sample_interval64 = TICK_NSEC;
+
+ if (exec_delta64 > sample_interval64)
+ exec_delta64 = sample_interval64;
+
+ idle_delta64 = sample_interval64 - exec_delta64;
+
+======> tmp64 = div64_64(SCHED_LOAD_SCALE * exec_delta64, fair_delta64);
+ tmp64 = div64_64(tmp64 * exec_delta64, sample_interval64);
+
+ this_load = (unsigned long)tmp64;
+
+do_avg:
+
+ /* Update our load: */
+ for (i = 0, scale = 1; i < CPU_LOAD_IDX_MAX; i++, scale += scale) {
+ unsigned long old_load, new_load;
+
+ /* scale is effectively 1 << i now, and >> i divides by scale */
+
+ old_load = this_rq->cpu_load[i];
+ new_load = this_load;
+
+ this_rq->cpu_load[i] = (old_load*(scale-1) + new_load) >> i;
+ }
+}
+
+For stable only; the code has been removed in 2.6.24.
+
+Signed-off-by: Chuck Ebbert <cebbert@redhat.com>
+Acked-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/sched_fair.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/sched_fair.c
++++ b/kernel/sched_fair.c
+@@ -93,7 +93,7 @@ unsigned int sysctl_sched_features __rea
+ SCHED_FEAT_FAIR_SLEEPERS *1 |
+ SCHED_FEAT_SLEEPER_AVG *0 |
+ SCHED_FEAT_SLEEPER_LOAD_AVG *1 |
+- SCHED_FEAT_PRECISE_CPU_LOAD *1 |
++ SCHED_FEAT_PRECISE_CPU_LOAD *0 |
+ SCHED_FEAT_START_DEBIT *1 |
+ SCHED_FEAT_SKIP_INITIAL *0;
+
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:52 2007
+Message-Id: <20071120181952.405280272@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:49 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Sebastian Siewior <sebastian@breakpoint.cc>,
+ Jordan Crouse <jordan.crouse@amd.com>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 16/29] geode: Fix not inplace encryption
+Content-Disposition: inline; filename=geode-fix-not-inplace-encryption.patch
+Content-Length: 1119
+Lines: 36
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Sebastian Siewior <sebastian@breakpoint.cc>
+
+patch 2e21630ddc3fb717dc645356b75771c6a52dc627 in mainline.
+
+Currently the Geode AES module fails to encrypt or decrypt if
+the coherent bits are not set what is currently the case if the
+encryption does not occur inplace. However, the encryption works
+on my Geode machine _only_ if the coherent bits are always set.
+
+Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
+Acked-by: Jordan Crouse <jordan.crouse@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/crypto/geode-aes.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/crypto/geode-aes.c
++++ b/drivers/crypto/geode-aes.c
+@@ -110,8 +110,7 @@ geode_aes_crypt(struct geode_aes_op *op)
+ * we don't need to worry
+ */
+
+- if (op->src == op->dst)
+- flags |= (AES_CTRL_DCA | AES_CTRL_SCA);
++ flags |= (AES_CTRL_DCA | AES_CTRL_SCA);
+
+ if (op->dir == AES_DIR_ENCRYPT)
+ flags |= AES_CTRL_ENCRYPT;
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:52 2007
+Message-Id: <20071120181952.559917815@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:50 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ Greg KH <greg@kroah.com>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Benny Halevy <bhalevy@fs1.bhalevy.com>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 17/29] libcrc32c: keep intermediate crc state in cpu order
+Content-Disposition: inline; filename=libcrc32c-keep-intermediate-crc-state-in-cpu-order.patch
+Content-Length: 1482
+Lines: 54
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+It's upstream changeset ef19454bd437b2ba14c9cda1de85debd9f383484.
+
+[LIB] crc32c: Keep intermediate crc state in cpu order
+
+crypto/crc32.c:chksum_final() is computing the digest as
+*(__le32 *)out = ~cpu_to_le32(mctx->crc);
+so the low-level crc32c_le routines should just keep
+the crc in cpu order, otherwise it is getting swabbed
+one too many times on big-endian machines.
+
+Signed-off-by: Benny Halevy <bhalevy@fs1.bhalevy.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ lib/libcrc32c.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+--- a/lib/libcrc32c.c
++++ b/lib/libcrc32c.c
+@@ -33,7 +33,6 @@
+ #include <linux/crc32c.h>
+ #include <linux/compiler.h>
+ #include <linux/module.h>
+-#include <asm/byteorder.h>
+
+ MODULE_AUTHOR("Clay Haapala <chaapala@cisco.com>");
+ MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations");
+@@ -161,15 +160,13 @@ static const u32 crc32c_table[256] = {
+ */
+
+ u32 __attribute_pure__
+-crc32c_le(u32 seed, unsigned char const *data, size_t length)
++crc32c_le(u32 crc, unsigned char const *data, size_t length)
+ {
+- u32 crc = __cpu_to_le32(seed);
+-
+ while (length--)
+ crc =
+ crc32c_table[(crc ^ *data++) & 0xFFL] ^ (crc >> 8);
+
+- return __le32_to_cpu(crc);
++ return crc;
+ }
+
+ #endif /* CRC_LE_BITS == 8 */
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:52 2007
+Message-Id: <20071120181952.715418227@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:51 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Jan Beulich <jbeulich@novell.com>,
+ Andi Kleen <ak@suse.de>,
+ Ingo Molnar <mingo@elte.hu>,
+ Thomas Gleixner <tglx@linutronix.de>
+Subject: [patch 18/29] i386: avoid temporarily inconsistent pte-s
+Content-Disposition: inline; filename=x86-avoid-inconsistent-ptes.patch
+Content-Length: 1287
+Lines: 42
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Jan Beulich <jbeulich@novell.com>
+
+patch aa506dc7b12d03fbf8fd11aab752aed1aadd9c07 in mainline.
+
+i386: avoid temporarily inconsistent pte-s
+
+One more of these issues (which were considered fixed a few releases
+back): other than on x86-64, i386 allows set_fixmap() to replace
+already present mappings. Consequently, on PAE, care must be taken to
+not update the high half of a pte while the low half is still holding
+the old value.
+
+[ tglx: arch/x86 adaptation ]
+
+Signed-off-by: Jan Beulich <jbeulich@novell.com>
+Signed-off-by: Andi Kleen <ak@suse.de>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/i386/mm/pgtable.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/arch/i386/mm/pgtable.c
++++ b/arch/i386/mm/pgtable.c
+@@ -97,8 +97,7 @@ static void set_pte_pfn(unsigned long va
+ }
+ pte = pte_offset_kernel(pmd, vaddr);
+ if (pgprot_val(flags))
+- /* <pfn,flags> stored as-is, to permit clearing entries */
+- set_pte(pte, pfn_pte(pfn, flags));
++ set_pte_present(&init_mm, vaddr, pte, pfn_pte(pfn, flags));
+ else
+ pte_clear(&init_mm, vaddr, pte);
+
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:53 2007
+Message-Id: <20071120181952.879751829@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:52 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Andrew Hastings <abh@cray.com>,
+ Andi Kleen <ak@suse.de>,
+ Ingo Molnar <mingo@elte.hu>,
+ Thomas Gleixner <tglx@linutronix.de>
+Subject: [patch 19/29] x86: fix off-by-one in find_next_zero_string
+Content-Disposition: inline; filename=x86-fix-one-off-in-find-next-zero-string.patch
+Content-Length: 1004
+Lines: 38
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Andrew Hastings <abh@cray.com>
+
+patch 801916c1b369b637ce799e6c71a94963ff63df79 in mainline.
+
+x86: fix off-by-one in find_next_zero_string
+
+Fix an off-by-one error in find_next_zero_string which prevents
+allocating the last bit.
+
+[ tglx: arch/x86 adaptation ]
+
+Signed-off-by: Andrew Hastings <abh@cray.com>
+Signed-off-by: Andi Kleen <ak@suse.de>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86_64/lib/bitstr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86_64/lib/bitstr.c
++++ b/arch/x86_64/lib/bitstr.c
+@@ -14,7 +14,7 @@ find_next_zero_string(unsigned long *bit
+
+ /* could test bitsliced, but it's hardly worth it */
+ end = n+len;
+- if (end >= nbits)
++ if (end > nbits)
+ return -1;
+ for (i = n+1; i < end; i++) {
+ if (test_bit(i, bitmap)) {
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:53 2007
+Message-Id: <20071120181953.037082535@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:53 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Thomas Gleixner <tglx@linutronix.de>,
+ Ingo Molnar <mingo@elte.hu>
+Subject: [patch 20/29] x86: mark read_crX() asm code as volatile
+Content-Disposition: inline; filename=x86-mark-read-crx-volatile.patch
+Content-Length: 2143
+Lines: 77
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Kirill Korotaev <dev@openvz.org>
+
+patch c1217a75ea102d4e69321f210fab60bc47b9a48e in mainline.
+
+x86: mark read_crX() asm code as volatile
+
+Some gcc versions (I checked at least 4.1.1 from RHEL5 & 4.1.2 from gentoo)
+can generate incorrect code with read_crX()/write_crX() functions mix up,
+due to cached results of read_crX().
+
+The small app for x8664 below compiled with -O2 demonstrates this
+(i686 does the same thing):
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/asm-i386/system.h | 2 +-
+ include/asm-x86_64/system.h | 8 ++++----
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+--- a/include/asm-i386/system.h
++++ b/include/asm-i386/system.h
+@@ -141,7 +141,7 @@ static inline unsigned long native_read_
+ {
+ unsigned long val;
+ /* This could fault if %cr4 does not exist */
+- asm("1: movl %%cr4, %0 \n"
++ asm volatile("1: movl %%cr4, %0 \n"
+ "2: \n"
+ ".section __ex_table,\"a\" \n"
+ ".long 1b,2b \n"
+--- a/include/asm-x86_64/system.h
++++ b/include/asm-x86_64/system.h
+@@ -85,7 +85,7 @@ static inline void write_cr0(unsigned lo
+ static inline unsigned long read_cr2(void)
+ {
+ unsigned long cr2;
+- asm("movq %%cr2,%0" : "=r" (cr2));
++ asm volatile("movq %%cr2,%0" : "=r" (cr2));
+ return cr2;
+ }
+
+@@ -97,7 +97,7 @@ static inline void write_cr2(unsigned lo
+ static inline unsigned long read_cr3(void)
+ {
+ unsigned long cr3;
+- asm("movq %%cr3,%0" : "=r" (cr3));
++ asm volatile("movq %%cr3,%0" : "=r" (cr3));
+ return cr3;
+ }
+
+@@ -109,7 +109,7 @@ static inline void write_cr3(unsigned lo
+ static inline unsigned long read_cr4(void)
+ {
+ unsigned long cr4;
+- asm("movq %%cr4,%0" : "=r" (cr4));
++ asm volatile("movq %%cr4,%0" : "=r" (cr4));
+ return cr4;
+ }
+
+@@ -121,7 +121,7 @@ static inline void write_cr4(unsigned lo
+ static inline unsigned long read_cr8(void)
+ {
+ unsigned long cr8;
+- asm("movq %%cr8,%0" : "=r" (cr8));
++ asm volatile("movq %%cr8,%0" : "=r" (cr8));
+ return cr8;
+ }
+
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:53 2007
+Message-Id: <20071120181953.205339415@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:54 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Huang Ying <ying.huang@intel.com>,
+ Andi Kleen <ak@suse.de>,
+ Ingo Molnar <mingo@elte.hu>,
+ Thomas Gleixner <tglx@linutronix.de>
+Subject: [patch 21/29] x86: NX bit handling in change_page_attr()
+Content-Disposition: inline; filename=x86-nx-bit-handling-in-change-page-attr.patch
+Content-Length: 1456
+Lines: 42
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Huang, Ying <ying.huang@intel.com>
+
+patch 84e0fdb1754d066dd0a8b257de7299f392d1e727 in mainline.
+
+x86: NX bit handling in change_page_attr()
+
+This patch fixes a bug of change_page_attr/change_page_attr_addr on
+Intel x86_64 CPUs. After changing page attribute to be executable with
+these functions, the page remains un-executable on Intel x86_64 CPU.
+Because on Intel x86_64 CPU, only if the "NX" bits of all four level
+page tables are cleared, the corresponding page is executable (refer to
+section 4.13.2 of Intel 64 and IA-32 Architectures Software Developer's
+Manual). So, the bug is fixed through clearing the "NX" bit of PMD when
+splitting the huge PMD.
+
+Signed-off-by: Huang Ying <ying.huang@intel.com>
+Cc: Andi Kleen <ak@suse.de>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86_64/mm/pageattr.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/x86_64/mm/pageattr.c
++++ b/arch/x86_64/mm/pageattr.c
+@@ -148,6 +148,7 @@ __change_page_attr(unsigned long address
+ split = split_large_page(address, prot, ref_prot2);
+ if (!split)
+ return -ENOMEM;
++ pgprot_val(ref_prot2) &= ~_PAGE_NX;
+ set_pte(kpte, mk_pte(split, ref_prot2));
+ kpte_page = split;
+ }
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:53 2007
+Message-Id: <20071120181953.365484955@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:55 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Andrey Mirkin <major@openvz.org>,
+ Andi Kleen <ak@suse.de>,
+ Ingo Molnar <mingo@elte.hu>,
+ Thomas Gleixner <tglx@linutronix.de>
+Subject: [patch 22/29] x86: return correct error code from child_rip in x86_64 entry.S
+Content-Disposition: inline; filename=x98-return-correct-error-code-from-child-rip.patch
+Content-Length: 1090
+Lines: 41
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Andrey Mirkin <major@openvz.org>
+
+patch 1c5b5cfd290b6cb7c67020ef420e275f746a7236 in mainline.
+
+x86: return correct error code from child_rip in x86_64 entry.S
+
+Right now register edi is just cleared before calling do_exit.
+That is wrong because correct return value will be ignored.
+Value from rax should be copied to rdi instead of clearing edi.
+
+AK: changed to 32bit move because it's strictly an int
+
+[ tglx: arch/x86 adaptation ]
+
+Signed-off-by: Andrey Mirkin <major@openvz.org>
+Signed-off-by: Andi Kleen <ak@suse.de>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86_64/kernel/entry.S | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86_64/kernel/entry.S
++++ b/arch/x86_64/kernel/entry.S
+@@ -989,7 +989,7 @@ child_rip:
+ movq %rsi, %rdi
+ call *%rax
+ # exit
+- xorl %edi, %edi
++ mov %eax, %edi
+ call do_exit
+ CFI_ENDPROC
+ ENDPROC(child_rip)
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:53 2007
+Message-Id: <20071120181953.522369141@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:56 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ "David P. Reed" <dpreed@reed.com>,
+ Thomas Gleixner <tglx@linutronix.de>,
+ Ingo Molnar <mingo@elte.hu>
+Subject: [patch 23/29] ntp: fix typo that makes sync_cmos_clock erratic
+Content-Disposition: inline; filename=ntp-fix-sync-cmos-clock-typo.patch
+Content-Length: 1912
+Lines: 50
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: David P. Reed <dpreed@reed.com>
+
+patch fa6a1a554b50cbb7763f6907e6fef927ead480d9 in mainline.
+
+ntp: fix typo that makes sync_cmos_clock erratic
+
+Fix a typo in ntp.c that has caused updating of the persistent (RTC)
+clock when synced to NTP to behave erratically.
+
+When debugging a freeze that arises on my AMD64 machines when I
+run the ntpd service, I added a number of printk's to monitor the
+sync_cmos_clock procedure. I discovered that it was not syncing to
+cmos RTC every 11 minutes as documented, but instead would keep trying
+every second for hours at a time. The reason turned out to be a typo
+in sync_cmos_clock, where it attempts to ensure that
+update_persistent_clock is called very close to 500 msec. after a 1
+second boundary (required by the PC RTC's spec). That typo referred to
+"xtime" in one spot, rather than "now", which is derived from "xtime"
+but not equal to it. This makes the test erratic, creating a
+"coin-flip" that decides when update_persistent_clock is called - when
+it is called, which is rarely, it may be at any time during the one
+second period, rather than close to 500 msec, so the value written is
+needlessly incorrect, too.
+
+Signed-off-by: David P. Reed <dpreed@reed.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/time/ntp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/time/ntp.c
++++ b/kernel/time/ntp.c
+@@ -205,7 +205,7 @@ static void sync_cmos_clock(unsigned lon
+ return;
+
+ getnstimeofday(&now);
+- if (abs(xtime.tv_nsec - (NSEC_PER_SEC / 2)) <= tick_nsec / 2)
++ if (abs(now.tv_nsec - (NSEC_PER_SEC / 2)) <= tick_nsec / 2)
+ fail = update_persistent_clock(now);
+
+ next.tv_nsec = (NSEC_PER_SEC / 2) - now.tv_nsec;
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:53 2007
+Message-Id: <20071120181953.678005750@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:57 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ "David P. Reed" <dpreed@reed.com>,
+ Thomas Gleixner <tglx@linutronix.de>,
+ Ingo Molnar <mingo@elte.hu>
+Subject: [patch 24/29] x86: fix freeze in x86_64 RTC update code in time_64.c
+Content-Disposition: inline; filename=x86-fix-rtc-locking.patch
+Content-Length: 1970
+Lines: 66
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: David P. Reed <dpreed@reed.com>
+
+patch c399da0d97e06803e51085ec076b63a3168aad1b in mainline.
+
+x86: fix freeze in x86_64 RTC update code in time_64.c
+
+Fix hard freeze on x86_64 when the ntpd service calls
+update_persistent_clock()
+
+A repeatable but randomly timed freeze has been happening in Fedora 6
+and 7 for the last year, whenever I run the ntpd service on my AMD64x2
+HP Pavilion dv9000z laptop. This freeze is due to the use of
+spin_lock(&rtc_lock) under the assumption (per a bad comment) that
+set_rtc_mmss is called only with interrupts disabled. The call from
+ntp.c to update_persistent_clock is made with interrupts enabled.
+
+[ tglx@linutronix.de: ported to 2.6.23.stable ]
+
+Signed-off-by: David P. Reed <dpreed@reed.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86_64/kernel/time.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+--- a/arch/x86_64/kernel/time.c
++++ b/arch/x86_64/kernel/time.c
+@@ -87,18 +87,15 @@ static int set_rtc_mmss(unsigned long no
+ int retval = 0;
+ int real_seconds, real_minutes, cmos_minutes;
+ unsigned char control, freq_select;
++ unsigned long flags;
+
+ /*
+- * IRQs are disabled when we're called from the timer interrupt,
+- * no need for spin_lock_irqsave()
++ * set_rtc_mmss is called when irqs are enabled, so disable irqs here
+ */
+-
+- spin_lock(&rtc_lock);
+-
++ spin_lock_irqsave(&rtc_lock, flags);
+ /*
+ * Tell the clock it's being set and stop it.
+ */
+-
+ control = CMOS_READ(RTC_CONTROL);
+ CMOS_WRITE(control | RTC_SET, RTC_CONTROL);
+
+@@ -143,7 +140,7 @@ static int set_rtc_mmss(unsigned long no
+ CMOS_WRITE(control, RTC_CONTROL);
+ CMOS_WRITE(freq_select, RTC_FREQ_SELECT);
+
+- spin_unlock(&rtc_lock);
++ spin_unlock_irqrestore(&rtc_lock, flags);
+
+ return retval;
+ }
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:53 2007
+Message-Id: <20071120181953.833569092@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:58 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ Greg KH <greg@kroah.com>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Ingo Molnar <mingo@elte.hu>,
+ Satyam Sharma <satyam@infradead.org>
+Subject: [patch 25/29] softlockup watchdog fixes and cleanups
+Content-Disposition: inline; filename=softlockup-watchdog-fixes-and-cleanups.patch
+Content-Length: 6174
+Lines: 192
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Ingo Molnar <mingo@elte.hu>
+
+
+This is a merge of commits a5f2ce3c6024a5bb895647b6bd88ecae5001020a and
+43581a10075492445f65234384210492ff333eba in mainline to fix a warning in
+the 2.6.23.3 kernel release.
+
+softlockup watchdog: style cleanups
+
+kernel/softirq.c grew a few style uncleanlinesses in the past few
+months, clean that up. No functional changes:
+
+text data bss dec hex filename
+1126 76 4 1206 4b6 softlockup.o.before
+1129 76 4 1209 4b9 softlockup.o.after
+
+( the 3 bytes .text increase is due to the "<1>" appended to one of
+the printk messages. )
+
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+
+
+softlockup: improve debug output
+
+Improve the debuggability of kernel lockups by enhancing the debug
+output of the softlockup detector: print the task that causes the lockup
+and try to print a more intelligent backtrace.
+
+The old format was:
+
+BUG: soft lockup detected on CPU#1!
+[<c0105e4a>] show_trace_log_lvl+0x19/0x2e
+[<c0105f43>] show_trace+0x12/0x14
+[<c0105f59>] dump_stack+0x14/0x16
+[<c015f6bc>] softlockup_tick+0xbe/0xd0
+[<c013457d>] run_local_timers+0x12/0x14
+[<c01346b8>] update_process_times+0x3e/0x63
+[<c0145fb8>] tick_sched_timer+0x7c/0xc0
+[<c0140a75>] hrtimer_interrupt+0x135/0x1ba
+[<c011bde7>] smp_apic_timer_interrupt+0x6e/0x80
+[<c0105aa3>] apic_timer_interrupt+0x33/0x38
+[<c0104f8a>] syscall_call+0x7/0xb
+=======================
+
+The new format is:
+
+BUG: soft lockup detected on CPU#1! [prctl:2363]
+
+Pid: 2363, comm: prctl
+EIP: 0060:[<c013915f>] CPU: 1
+EIP is at sys_prctl+0x24/0x18c
+EFLAGS: 00000213 Not tainted (2.6.22-cfs-v20 #26)
+EAX: 00000001 EBX: 000003e7 ECX: 00000001 EDX: f6df0000
+ESI: 000003e7 EDI: 000003e7 EBP: f6df0fb0 DS: 007b ES: 007b FS: 00d8
+CR0: 8005003b CR2: 4d8c3340 CR3: 3731d000 CR4: 000006d0
+[<c0105e4a>] show_trace_log_lvl+0x19/0x2e
+[<c0105f43>] show_trace+0x12/0x14
+[<c01040be>] show_regs+0x1ab/0x1b3
+[<c015f807>] softlockup_tick+0xef/0x108
+[<c013457d>] run_local_timers+0x12/0x14
+[<c01346b8>] update_process_times+0x3e/0x63
+[<c0145fcc>] tick_sched_timer+0x7c/0xc0
+[<c0140a89>] hrtimer_interrupt+0x135/0x1ba
+[<c011bde7>] smp_apic_timer_interrupt+0x6e/0x80
+[<c0105aa3>] apic_timer_interrupt+0x33/0x38
+[<c0104f8a>] syscall_call+0x7/0xb
+=======================
+
+Note that in the old format we only knew that some system call locked
+up, we didnt know _which_. With the new format we know that it's at a
+specific place in sys_prctl(). [which was where i created an artificial
+kernel lockup to test the new format.]
+
+This is also useful if the lockup happens in user-space - the user-space
+EIP (and other registers) will be printed too. (such a lockup would
+either suggest that the task was running at SCHED_FIFO:99 and looping
+for more than 10 seconds, or that the softlockup detector has a
+false-positive.)
+
+The task name is printed too first, just in case we dont manage to print
+a useful backtrace.
+
+[satyam@infradead.org: fix warning]
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Satyam Sharma <satyam@infradead.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ kernel/softlockup.c | 37 +++++++++++++++++++++++--------------
+ 1 file changed, 23 insertions(+), 14 deletions(-)
+
+--- a/kernel/softlockup.c
++++ b/kernel/softlockup.c
+@@ -15,13 +15,16 @@
+ #include <linux/notifier.h>
+ #include <linux/module.h>
+
++#include <asm/irq_regs.h>
++
+ static DEFINE_SPINLOCK(print_lock);
+
+ static DEFINE_PER_CPU(unsigned long, touch_timestamp);
+ static DEFINE_PER_CPU(unsigned long, print_timestamp);
+ static DEFINE_PER_CPU(struct task_struct *, watchdog_task);
+
+-static int did_panic = 0;
++static int did_panic;
++int softlockup_thresh = 10;
+
+ static int
+ softlock_panic(struct notifier_block *this, unsigned long event, void *ptr)
+@@ -70,6 +73,7 @@ void softlockup_tick(void)
+ int this_cpu = smp_processor_id();
+ unsigned long touch_timestamp = per_cpu(touch_timestamp, this_cpu);
+ unsigned long print_timestamp;
++ struct pt_regs *regs = get_irq_regs();
+ unsigned long now;
+
+ if (touch_timestamp == 0) {
+@@ -99,21 +103,26 @@ void softlockup_tick(void)
+ wake_up_process(per_cpu(watchdog_task, this_cpu));
+
+ /* Warn about unreasonable 10+ seconds delays: */
+- if (now > (touch_timestamp + 10)) {
+- per_cpu(print_timestamp, this_cpu) = touch_timestamp;
++ if (now <= (touch_timestamp + softlockup_thresh))
++ return;
++
++ per_cpu(print_timestamp, this_cpu) = touch_timestamp;
+
+- spin_lock(&print_lock);
+- printk(KERN_ERR "BUG: soft lockup detected on CPU#%d!\n",
+- this_cpu);
++ spin_lock(&print_lock);
++ printk(KERN_ERR "BUG: soft lockup - CPU#%d stuck for %lus! [%s:%d]\n",
++ this_cpu, now - touch_timestamp,
++ current->comm, current->pid);
++ if (regs)
++ show_regs(regs);
++ else
+ dump_stack();
+- spin_unlock(&print_lock);
+- }
++ spin_unlock(&print_lock);
+ }
+
+ /*
+ * The watchdog thread - runs every second and touches the timestamp.
+ */
+-static int watchdog(void * __bind_cpu)
++static int watchdog(void *__bind_cpu)
+ {
+ struct sched_param param = { .sched_priority = MAX_RT_PRIO-1 };
+
+@@ -151,13 +160,13 @@ cpu_callback(struct notifier_block *nfb,
+ BUG_ON(per_cpu(watchdog_task, hotcpu));
+ p = kthread_create(watchdog, hcpu, "watchdog/%d", hotcpu);
+ if (IS_ERR(p)) {
+- printk("watchdog for %i failed\n", hotcpu);
++ printk(KERN_ERR "watchdog for %i failed\n", hotcpu);
+ return NOTIFY_BAD;
+ }
+- per_cpu(touch_timestamp, hotcpu) = 0;
+- per_cpu(watchdog_task, hotcpu) = p;
++ per_cpu(touch_timestamp, hotcpu) = 0;
++ per_cpu(watchdog_task, hotcpu) = p;
+ kthread_bind(p, hotcpu);
+- break;
++ break;
+ case CPU_ONLINE:
+ case CPU_ONLINE_FROZEN:
+ wake_up_process(per_cpu(watchdog_task, hotcpu));
+@@ -177,7 +186,7 @@ cpu_callback(struct notifier_block *nfb,
+ kthread_stop(p);
+ break;
+ #endif /* CONFIG_HOTPLUG_CPU */
+- }
++ }
+ return NOTIFY_OK;
+ }
+
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:54 2007
+Message-Id: <20071120181953.989222884@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:17:59 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Ingo Molnar <mingo@elte.hu>
+Subject: [patch 26/29] softlockup: use cpu_clock() instead of sched_clock()
+Content-Disposition: inline; filename=softlockup-use-cpu_clock-instead-of-sched_clock.patch
+Content-Length: 1462
+Lines: 52
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Ingo Molnar <mingo@elte.hu>
+
+patch a3b13c23f186ecb57204580cc1f2dbe9c284953a in mainline.
+
+sched_clock() is not a reliable time-source, use cpu_clock() instead.
+
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/softlockup.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+--- a/kernel/softlockup.c
++++ b/kernel/softlockup.c
+@@ -43,14 +43,16 @@ static struct notifier_block panic_block
+ * resolution, and we don't need to waste time with a big divide when
+ * 2^30ns == 1.074s.
+ */
+-static unsigned long get_timestamp(void)
++static unsigned long get_timestamp(int this_cpu)
+ {
+- return sched_clock() >> 30; /* 2^30 ~= 10^9 */
++ return cpu_clock(this_cpu) >> 30; /* 2^30 ~= 10^9 */
+ }
+
+ void touch_softlockup_watchdog(void)
+ {
+- __raw_get_cpu_var(touch_timestamp) = get_timestamp();
++ int this_cpu = raw_smp_processor_id();
++
++ __raw_get_cpu_var(touch_timestamp) = get_timestamp(this_cpu);
+ }
+ EXPORT_SYMBOL(touch_softlockup_watchdog);
+
+@@ -96,7 +98,7 @@ void softlockup_tick(void)
+ return;
+ }
+
+- now = get_timestamp();
++ now = get_timestamp(this_cpu);
+
+ /* Wake up the high-prio watchdog task every second: */
+ if (now > (touch_timestamp + 1))
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:54 2007
+Message-Id: <20071120181954.145506889@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:18:00 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Mike Pagano <mpagano-kernel@mpagano.com>,
+ Phil Dibowitz <phil@ipom.com>,
+ Tobias Powalowski <t.powa@gmx.de>
+Subject: [patch 27/29] USB: unusual_devs modification for Nikon D200
+Content-Disposition: inline; filename=usb-unusual_devs-modification-for-nikon-d200.patch
+Content-Length: 1089
+Lines: 37
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Phil Dibowitz <phil@ipom.com>
+
+patch 16eb345f4d9189b59bae576ae63cba7ca77817b2 in mainline.
+
+Upgrade the unusual_devs.h file to support the Nikon D200
+
+Signed-off-by: Mike Pagano <mpagano-kernel@mpagano.com>
+Signed-off-by: Phil Dibowitz <phil@ipom.com>
+Cc: Tobias Powalowski <t.powa@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/storage/unusual_devs.h | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/drivers/usb/storage/unusual_devs.h
++++ b/drivers/usb/storage/unusual_devs.h
+@@ -341,6 +341,13 @@ UNUSUAL_DEV( 0x04b0, 0x040d, 0x0100, 0x
+ US_SC_DEVICE, US_PR_DEVICE, NULL,
+ US_FL_FIX_CAPACITY),
+
++/* Reported by Graber and Mike Pagano <mpagano-kernel@mpagano.com> */
++UNUSUAL_DEV( 0x04b0, 0x040f, 0x0200, 0x0200,
++ "NIKON",
++ "NIKON DSC D200",
++ US_SC_DEVICE, US_PR_DEVICE, NULL,
++ US_FL_FIX_CAPACITY),
++
+ /* Reported by Emil Larsson <emil@swip.net> */
+ UNUSUAL_DEV( 0x04b0, 0x0411, 0x0100, 0x0101,
+ "NIKON",
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:54 2007
+Message-Id: <20071120181954.298542112@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:18:01 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Tobias Powalowski <t.powa@gmx.de>
+Subject: [patch 28/29] USB: Nikon D40X unusual_devs entry
+Content-Disposition: inline; filename=usb-nikon-d40x-unusual_devs-entry.patch
+Content-Length: 1080
+Lines: 38
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Ortwin Glück <odi@odi.ch>
+
+patch d466a9190ff1ceddfee50686e61d63590fc820d9 in mainline.
+
+Not surprisingly the Nikon D40X DSC needs the same quirks as the D40,
+but it has a separate ID.
+See http://bugs.gentoo.org/show_bug.cgi?id=191431
+
+From: Ortwin Glück <odi@odi.ch>
+Cc: Tobias Powalowski <t.powa@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/storage/unusual_devs.h | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/drivers/usb/storage/unusual_devs.h
++++ b/drivers/usb/storage/unusual_devs.h
+@@ -362,6 +362,13 @@ UNUSUAL_DEV( 0x04b0, 0x0413, 0x0110, 0x
+ US_SC_DEVICE, US_PR_DEVICE, NULL,
+ US_FL_FIX_CAPACITY),
+
++/* Reported by Shan Destromp (shansan@gmail.com) */
++UNUSUAL_DEV( 0x04b0, 0x0417, 0x0100, 0x0100,
++ "NIKON",
++ "NIKON DSC D40X",
++ US_SC_DEVICE, US_PR_DEVICE, NULL,
++ US_FL_FIX_CAPACITY),
++
+ /* BENQ DC5330
+ * Reported by Manuel Fombuena <mfombuena@ya.com> and
+ * Frank Copeland <fjc@thingy.apana.org.au> */
+
+--
+
+From gregkh@mini.kroah.org Tue Nov 20 10:19:54 2007
+Message-Id: <20071120181954.455270822@mini.kroah.org>
+References: <20071120181733.702234406@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Tue, 20 Nov 2007 10:18:02 -0800
+From: Greg Kroah-Hartman <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Dan Williams <dcbw@redhat.com>,
+ "John W. Linville" <linville@tuxdriver.com>,
+ Tobias Powalowski <t.powa@gmx.de>
+Subject: [patch 29/29] ipw2200: batch non-user-requested scan result notifications
+Content-Disposition: inline; filename=ipw2200-batch-non-user-requested-scan-result-notifications.patch
+Content-Length: 5852
+Lines: 170
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Dan Williams <dcbw@redhat.com>
+
+patch 0b5316769774d1dc2fdd702e095f9e6992af269a in mainline.
+
+ipw2200 makes extensive use of background scanning when unassociated or
+down. Unfortunately, the firmware sends scan completed events many
+times per second, which the driver pushes directly up to userspace.
+This needlessly wakes up processes listening for wireless events many
+times per second. Batch together scan completed events for
+non-user-requested scans and send them up to userspace every 4 seconds.
+Scan completed events resulting from an SIOCSIWSCAN call are pushed up
+without delay.
+
+Signed-off-by: Dan Williams <dcbw@redhat.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Cc: Tobias Powalowski <t.powa@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/ipw2200.c | 56 +++++++++++++++++++++++++++++++++--------
+ drivers/net/wireless/ipw2200.h | 3 ++
+ 2 files changed, 49 insertions(+), 10 deletions(-)
+
+--- a/drivers/net/wireless/ipw2200.c
++++ b/drivers/net/wireless/ipw2200.c
+@@ -1740,8 +1740,10 @@ static int ipw_radio_kill_sw(struct ipw_
+ if (disable_radio) {
+ priv->status |= STATUS_RF_KILL_SW;
+
+- if (priv->workqueue)
++ if (priv->workqueue) {
+ cancel_delayed_work(&priv->request_scan);
++ cancel_delayed_work(&priv->scan_event);
++ }
+ queue_work(priv->workqueue, &priv->down);
+ } else {
+ priv->status &= ~STATUS_RF_KILL_SW;
+@@ -1992,6 +1994,7 @@ static void ipw_irq_tasklet(struct ipw_p
+ wake_up_interruptible(&priv->wait_command_queue);
+ priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
+ cancel_delayed_work(&priv->request_scan);
++ cancel_delayed_work(&priv->scan_event);
+ schedule_work(&priv->link_down);
+ queue_delayed_work(priv->workqueue, &priv->rf_kill, 2 * HZ);
+ handled |= IPW_INTA_BIT_RF_KILL_DONE;
+@@ -4341,6 +4344,37 @@ static void ipw_handle_missed_beacon(str
+ IPW_DEBUG_NOTIF("Missed beacon: %d\n", missed_count);
+ }
+
++static void ipw_scan_event(struct work_struct *work)
++{
++ union iwreq_data wrqu;
++
++ struct ipw_priv *priv =
++ container_of(work, struct ipw_priv, scan_event.work);
++
++ wrqu.data.length = 0;
++ wrqu.data.flags = 0;
++ wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL);
++}
++
++static void handle_scan_event(struct ipw_priv *priv)
++{
++ /* Only userspace-requested scan completion events go out immediately */
++ if (!priv->user_requested_scan) {
++ if (!delayed_work_pending(&priv->scan_event))
++ queue_delayed_work(priv->workqueue, &priv->scan_event,
++ round_jiffies(msecs_to_jiffies(4000)));
++ } else {
++ union iwreq_data wrqu;
++
++ priv->user_requested_scan = 0;
++ cancel_delayed_work(&priv->scan_event);
++
++ wrqu.data.length = 0;
++ wrqu.data.flags = 0;
++ wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL);
++ }
++}
++
+ /**
+ * Handle host notification packet.
+ * Called from interrupt routine
+@@ -4702,14 +4736,8 @@ static void ipw_rx_notification(struct i
+ * on how the scan was initiated. User space can just
+ * sync on periodic scan to get fresh data...
+ * Jean II */
+- if (x->status == SCAN_COMPLETED_STATUS_COMPLETE) {
+- union iwreq_data wrqu;
+-
+- wrqu.data.length = 0;
+- wrqu.data.flags = 0;
+- wireless_send_event(priv->net_dev, SIOCGIWSCAN,
+- &wrqu, NULL);
+- }
++ if (x->status == SCAN_COMPLETED_STATUS_COMPLETE)
++ handle_scan_event(priv);
+ break;
+ }
+
+@@ -9472,6 +9500,10 @@ static int ipw_wx_set_scan(struct net_de
+ struct ipw_priv *priv = ieee80211_priv(dev);
+ struct iw_scan_req *req = (struct iw_scan_req *)extra;
+
++ mutex_lock(&priv->mutex);
++ priv->user_requested_scan = 1;
++ mutex_unlock(&priv->mutex);
++
+ if (wrqu->data.length == sizeof(struct iw_scan_req)) {
+ if (wrqu->data.flags & IW_SCAN_THIS_ESSID) {
+ ipw_request_direct_scan(priv, req->essid,
+@@ -10647,6 +10679,7 @@ static void ipw_link_up(struct ipw_priv
+ }
+
+ cancel_delayed_work(&priv->request_scan);
++ cancel_delayed_work(&priv->scan_event);
+ ipw_reset_stats(priv);
+ /* Ensure the rate is updated immediately */
+ priv->last_rate = ipw_get_current_rate(priv);
+@@ -10684,7 +10717,8 @@ static void ipw_link_down(struct ipw_pri
+ if (!(priv->status & STATUS_EXIT_PENDING)) {
+ /* Queue up another scan... */
+ queue_delayed_work(priv->workqueue, &priv->request_scan, 0);
+- }
++ } else
++ cancel_delayed_work(&priv->scan_event);
+ }
+
+ static void ipw_bg_link_down(struct work_struct *work)
+@@ -10714,6 +10748,7 @@ static int ipw_setup_deferred_work(struc
+ INIT_WORK(&priv->up, ipw_bg_up);
+ INIT_WORK(&priv->down, ipw_bg_down);
+ INIT_DELAYED_WORK(&priv->request_scan, ipw_request_scan);
++ INIT_DELAYED_WORK(&priv->scan_event, ipw_scan_event);
+ INIT_WORK(&priv->request_passive_scan, ipw_request_passive_scan);
+ INIT_DELAYED_WORK(&priv->gather_stats, ipw_bg_gather_stats);
+ INIT_WORK(&priv->abort_scan, ipw_bg_abort_scan);
+@@ -11746,6 +11781,7 @@ static void ipw_pci_remove(struct pci_de
+ cancel_delayed_work(&priv->adhoc_check);
+ cancel_delayed_work(&priv->gather_stats);
+ cancel_delayed_work(&priv->request_scan);
++ cancel_delayed_work(&priv->scan_event);
+ cancel_delayed_work(&priv->rf_kill);
+ cancel_delayed_work(&priv->scan_check);
+ destroy_workqueue(priv->workqueue);
+--- a/drivers/net/wireless/ipw2200.h
++++ b/drivers/net/wireless/ipw2200.h
+@@ -1288,6 +1288,8 @@ struct ipw_priv {
+
+ struct iw_public_data wireless_data;
+
++ int user_requested_scan;
++
+ struct workqueue_struct *workqueue;
+
+ struct delayed_work adhoc_check;
+@@ -1296,6 +1298,7 @@ struct ipw_priv {
+ struct work_struct system_config;
+ struct work_struct rx_replenish;
+ struct delayed_work request_scan;
++ struct delayed_work scan_event;
+ struct work_struct request_passive_scan;
+ struct work_struct adapter_restart;
+ struct delayed_work rf_kill;
+
+--
+
--- /dev/null
+diff --git a/Makefile b/Makefile
+index 435a3d7..a13aa77 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,7 +1,7 @@
+ VERSION = 2
+ PATCHLEVEL = 6
+ SUBLEVEL = 23
+-EXTRAVERSION = .8
++EXTRAVERSION = .9-rc1
+ NAME = Arr Matey! A Hairy Bilge Rat!
+
+ # *DOCUMENTATION*
+diff --git a/arch/i386/lib/delay.c b/arch/i386/lib/delay.c
+index f6edb11..66595ed 100644
+--- a/arch/i386/lib/delay.c
++++ b/arch/i386/lib/delay.c
+@@ -12,6 +12,7 @@
+
+ #include <linux/module.h>
+ #include <linux/sched.h>
++#include <linux/preempt.h>
+ #include <linux/delay.h>
+
+ #include <asm/processor.h>
+@@ -42,11 +43,13 @@ static void delay_tsc(unsigned long loops)
+ {
+ unsigned long bclock, now;
+
++ preempt_disable(); /* TSC's are per-cpu */
+ rdtscl(bclock);
+ do {
+ rep_nop();
+ rdtscl(now);
+ } while ((now-bclock) < loops);
++ preempt_enable();
+ }
+
+ /*
+diff --git a/arch/i386/mm/pgtable.c b/arch/i386/mm/pgtable.c
+index 01437c4..91faa59 100644
+--- a/arch/i386/mm/pgtable.c
++++ b/arch/i386/mm/pgtable.c
+@@ -97,8 +97,7 @@ static void set_pte_pfn(unsigned long vaddr, unsigned long pfn, pgprot_t flags)
+ }
+ pte = pte_offset_kernel(pmd, vaddr);
+ if (pgprot_val(flags))
+- /* <pfn,flags> stored as-is, to permit clearing entries */
+- set_pte(pte, pfn_pte(pfn, flags));
++ set_pte_present(&init_mm, vaddr, pte, pfn_pte(pfn, flags));
+ else
+ pte_clear(&init_mm, vaddr, pte);
+
+diff --git a/arch/x86_64/kernel/entry.S b/arch/x86_64/kernel/entry.S
+index 1d232e5..a6aad39 100644
+--- a/arch/x86_64/kernel/entry.S
++++ b/arch/x86_64/kernel/entry.S
+@@ -989,7 +989,7 @@ child_rip:
+ movq %rsi, %rdi
+ call *%rax
+ # exit
+- xorl %edi, %edi
++ mov %eax, %edi
+ call do_exit
+ CFI_ENDPROC
+ ENDPROC(child_rip)
+diff --git a/arch/x86_64/kernel/time.c b/arch/x86_64/kernel/time.c
+index 6d48a4e..4d0d1ac 100644
+--- a/arch/x86_64/kernel/time.c
++++ b/arch/x86_64/kernel/time.c
+@@ -87,18 +87,15 @@ static int set_rtc_mmss(unsigned long nowtime)
+ int retval = 0;
+ int real_seconds, real_minutes, cmos_minutes;
+ unsigned char control, freq_select;
++ unsigned long flags;
+
+ /*
+- * IRQs are disabled when we're called from the timer interrupt,
+- * no need for spin_lock_irqsave()
++ * set_rtc_mmss is called when irqs are enabled, so disable irqs here
+ */
+-
+- spin_lock(&rtc_lock);
+-
++ spin_lock_irqsave(&rtc_lock, flags);
+ /*
+ * Tell the clock it's being set and stop it.
+ */
+-
+ control = CMOS_READ(RTC_CONTROL);
+ CMOS_WRITE(control | RTC_SET, RTC_CONTROL);
+
+@@ -143,7 +140,7 @@ static int set_rtc_mmss(unsigned long nowtime)
+ CMOS_WRITE(control, RTC_CONTROL);
+ CMOS_WRITE(freq_select, RTC_FREQ_SELECT);
+
+- spin_unlock(&rtc_lock);
++ spin_unlock_irqrestore(&rtc_lock, flags);
+
+ return retval;
+ }
+diff --git a/arch/x86_64/lib/bitstr.c b/arch/x86_64/lib/bitstr.c
+index 2467660..7445caf 100644
+--- a/arch/x86_64/lib/bitstr.c
++++ b/arch/x86_64/lib/bitstr.c
+@@ -14,7 +14,7 @@ find_next_zero_string(unsigned long *bitmap, long start, long nbits, int len)
+
+ /* could test bitsliced, but it's hardly worth it */
+ end = n+len;
+- if (end >= nbits)
++ if (end > nbits)
+ return -1;
+ for (i = n+1; i < end; i++) {
+ if (test_bit(i, bitmap)) {
+diff --git a/arch/x86_64/lib/delay.c b/arch/x86_64/lib/delay.c
+index 2dbebd3..4d3f1f6 100644
+--- a/arch/x86_64/lib/delay.c
++++ b/arch/x86_64/lib/delay.c
+@@ -10,7 +10,9 @@
+
+ #include <linux/module.h>
+ #include <linux/sched.h>
++#include <linux/preempt.h>
+ #include <linux/delay.h>
++
+ #include <asm/delay.h>
+ #include <asm/msr.h>
+
+@@ -27,14 +29,15 @@ int read_current_timer(unsigned long *timer_value)
+ void __delay(unsigned long loops)
+ {
+ unsigned bclock, now;
+-
++
++ preempt_disable(); /* TSC's are pre-cpu */
+ rdtscl(bclock);
+- do
+- {
++ do {
+ rep_nop();
+ rdtscl(now);
+ }
+- while((now-bclock) < loops);
++ while ((now-bclock) < loops);
++ preempt_enable();
+ }
+ EXPORT_SYMBOL(__delay);
+
+diff --git a/arch/x86_64/mm/pageattr.c b/arch/x86_64/mm/pageattr.c
+index 0416ffb..eff3b22 100644
+--- a/arch/x86_64/mm/pageattr.c
++++ b/arch/x86_64/mm/pageattr.c
+@@ -148,6 +148,7 @@ __change_page_attr(unsigned long address, unsigned long pfn, pgprot_t prot,
+ split = split_large_page(address, prot, ref_prot2);
+ if (!split)
+ return -ENOMEM;
++ pgprot_val(ref_prot2) &= ~_PAGE_NX;
+ set_pte(kpte, mk_pte(split, ref_prot2));
+ kpte_page = split;
+ }
+diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
+index d05891f..dad84c0 100644
+--- a/drivers/acpi/video.c
++++ b/drivers/acpi/video.c
+@@ -1633,9 +1633,20 @@ static int
+ acpi_video_get_next_level(struct acpi_video_device *device,
+ u32 level_current, u32 event)
+ {
+- int min, max, min_above, max_below, i, l;
++ int min, max, min_above, max_below, i, l, delta = 255;
+ max = max_below = 0;
+ min = min_above = 255;
++ /* Find closest level to level_current */
++ for (i = 0; i < device->brightness->count; i++) {
++ l = device->brightness->levels[i];
++ if (abs(l - level_current) < abs(delta)) {
++ delta = l - level_current;
++ if (!delta)
++ break;
++ }
++ }
++ /* Ajust level_current to closest available level */
++ level_current += delta;
+ for (i = 0; i < device->brightness->count; i++) {
+ l = device->brightness->levels[i];
+ if (l < min)
+diff --git a/drivers/ata/sata_sis.c b/drivers/ata/sata_sis.c
+index 41c1d6e..e203974 100644
+--- a/drivers/ata/sata_sis.c
++++ b/drivers/ata/sata_sis.c
+@@ -92,7 +92,7 @@ static struct scsi_host_template sis_sht = {
+ .queuecommand = ata_scsi_queuecmd,
+ .can_queue = ATA_DEF_QUEUE,
+ .this_id = ATA_SHT_THIS_ID,
+- .sg_tablesize = ATA_MAX_PRD,
++ .sg_tablesize = LIBATA_MAX_PRD,
+ .cmd_per_lun = ATA_SHT_CMD_PER_LUN,
+ .emulated = ATA_SHT_EMULATED,
+ .use_clustering = ATA_SHT_USE_CLUSTERING,
+@@ -168,11 +168,11 @@ static unsigned int get_scr_cfg_addr(struct ata_port *ap, unsigned int sc_reg)
+ return addr;
+ }
+
+-static u32 sis_scr_cfg_read (struct ata_port *ap, unsigned int sc_reg)
++static u32 sis_scr_cfg_read (struct ata_port *ap, unsigned int sc_reg, u32 *val)
+ {
+ struct pci_dev *pdev = to_pci_dev(ap->host->dev);
+ unsigned int cfg_addr = get_scr_cfg_addr(ap, sc_reg);
+- u32 val, val2 = 0;
++ u32 val2 = 0;
+ u8 pmr;
+
+ if (sc_reg == SCR_ERROR) /* doesn't exist in PCI cfg space */
+@@ -180,13 +180,16 @@ static u32 sis_scr_cfg_read (struct ata_port *ap, unsigned int sc_reg)
+
+ pci_read_config_byte(pdev, SIS_PMR, &pmr);
+
+- pci_read_config_dword(pdev, cfg_addr, &val);
++ pci_read_config_dword(pdev, cfg_addr, val);
+
+ if ((pdev->device == 0x0182) || (pdev->device == 0x0183) ||
+ (pdev->device == 0x1182) || (pmr & SIS_PMR_COMBINED))
+ pci_read_config_dword(pdev, cfg_addr+0x10, &val2);
+
+- return (val|val2) & 0xfffffffb; /* avoid problems with powerdowned ports */
++ *val |= val2;
++ *val &= 0xfffffffb; /* avoid problems with powerdowned ports */
++
++ return 0;
+ }
+
+ static void sis_scr_cfg_write (struct ata_port *ap, unsigned int sc_reg, u32 val)
+@@ -216,7 +219,7 @@ static int sis_scr_read(struct ata_port *ap, unsigned int sc_reg, u32 *val)
+ return -EINVAL;
+
+ if (ap->flags & SIS_FLAG_CFGSCR)
+- return sis_scr_cfg_read(ap, sc_reg);
++ return sis_scr_cfg_read(ap, sc_reg, val);
+
+ pci_read_config_byte(pdev, SIS_PMR, &pmr);
+
+diff --git a/drivers/crypto/geode-aes.c b/drivers/crypto/geode-aes.c
+index 6a86958..fa4c990 100644
+--- a/drivers/crypto/geode-aes.c
++++ b/drivers/crypto/geode-aes.c
+@@ -110,8 +110,7 @@ geode_aes_crypt(struct geode_aes_op *op)
+ * we don't need to worry
+ */
+
+- if (op->src == op->dst)
+- flags |= (AES_CTRL_DCA | AES_CTRL_SCA);
++ flags |= (AES_CTRL_DCA | AES_CTRL_SCA);
+
+ if (op->dir == AES_DIR_ENCRYPT)
+ flags |= AES_CTRL_ENCRYPT;
+diff --git a/drivers/dma/dmaengine.c b/drivers/dma/dmaengine.c
+index 8248992..d59b2f4 100644
+--- a/drivers/dma/dmaengine.c
++++ b/drivers/dma/dmaengine.c
+@@ -182,10 +182,9 @@ static void dma_client_chan_alloc(struct dma_client *client)
+ /* we are done once this client rejects
+ * an available resource
+ */
+- if (ack == DMA_ACK) {
++ if (ack == DMA_ACK)
+ dma_chan_get(chan);
+- kref_get(&device->refcount);
+- } else if (ack == DMA_NAK)
++ else if (ack == DMA_NAK)
+ return;
+ }
+ }
+@@ -272,11 +271,8 @@ static void dma_clients_notify_removed(struct dma_chan *chan)
+ /* client was holding resources for this channel so
+ * free it
+ */
+- if (ack == DMA_ACK) {
++ if (ack == DMA_ACK)
+ dma_chan_put(chan);
+- kref_put(&chan->device->refcount,
+- dma_async_device_cleanup);
+- }
+ }
+
+ mutex_unlock(&dma_list_mutex);
+@@ -316,11 +312,8 @@ void dma_async_client_unregister(struct dma_client *client)
+ ack = client->event_callback(client, chan,
+ DMA_RESOURCE_REMOVED);
+
+- if (ack == DMA_ACK) {
++ if (ack == DMA_ACK)
+ dma_chan_put(chan);
+- kref_put(&chan->device->refcount,
+- dma_async_device_cleanup);
+- }
+ }
+
+ list_del(&client->global_node);
+@@ -397,6 +390,8 @@ int dma_async_device_register(struct dma_device *device)
+ goto err_out;
+ }
+
++ /* One for the channel, one of the class device */
++ kref_get(&device->refcount);
+ kref_get(&device->refcount);
+ kref_init(&chan->refcount);
+ chan->slow_ref = 0;
+diff --git a/drivers/i2c/busses/i2c-pasemi.c b/drivers/i2c/busses/i2c-pasemi.c
+index 58e3271..dcf5dec 100644
+--- a/drivers/i2c/busses/i2c-pasemi.c
++++ b/drivers/i2c/busses/i2c-pasemi.c
+@@ -51,6 +51,7 @@ struct pasemi_smbus {
+ #define MRXFIFO_DATA_M 0x000000ff
+
+ #define SMSTA_XEN 0x08000000
++#define SMSTA_MTN 0x00200000
+
+ #define CTL_MRR 0x00000400
+ #define CTL_MTR 0x00000200
+@@ -98,6 +99,10 @@ static unsigned int pasemi_smb_waitready(struct pasemi_smbus *smbus)
+ status = reg_read(smbus, REG_SMSTA);
+ }
+
++ /* Got NACK? */
++ if (status & SMSTA_MTN)
++ return -ENXIO;
++
+ if (timeout < 0) {
+ dev_warn(&smbus->dev->dev, "Timeout, status 0x%08x\n", status);
+ reg_write(smbus, REG_SMSTA, status);
+diff --git a/drivers/i2c/chips/eeprom.c b/drivers/i2c/chips/eeprom.c
+index d3da1fb..1a7eeeb 100644
+--- a/drivers/i2c/chips/eeprom.c
++++ b/drivers/i2c/chips/eeprom.c
+@@ -128,13 +128,20 @@ static ssize_t eeprom_read(struct kobject *kobj, struct bin_attribute *bin_attr,
+ for (slice = off >> 5; slice <= (off + count - 1) >> 5; slice++)
+ eeprom_update_client(client, slice);
+
+- /* Hide Vaio security settings to regular users (16 first bytes) */
+- if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) {
+- size_t in_row1 = 16 - off;
+- in_row1 = min(in_row1, count);
+- memset(buf, 0, in_row1);
+- if (count - in_row1 > 0)
+- memcpy(buf + in_row1, &data->data[16], count - in_row1);
++ /* Hide Vaio private settings to regular users:
++ - BIOS passwords: bytes 0x00 to 0x0f
++ - UUID: bytes 0x10 to 0x1f
++ - Serial number: 0xc0 to 0xdf */
++ if (data->nature == VAIO && !capable(CAP_SYS_ADMIN)) {
++ int i;
++
++ for (i = 0; i < count; i++) {
++ if ((off + i <= 0x1f) ||
++ (off + i >= 0xc0 && off + i <= 0xdf))
++ buf[i] = 0;
++ else
++ buf[i] = data->data[off + i];
++ }
+ } else {
+ memcpy(buf, &data->data[off], count);
+ }
+@@ -197,14 +204,18 @@ static int eeprom_detect(struct i2c_adapter *adapter, int address, int kind)
+ goto exit_kfree;
+
+ /* Detect the Vaio nature of EEPROMs.
+- We use the "PCG-" prefix as the signature. */
++ We use the "PCG-" or "VGN-" prefix as the signature. */
+ if (address == 0x57) {
+- if (i2c_smbus_read_byte_data(new_client, 0x80) == 'P'
+- && i2c_smbus_read_byte(new_client) == 'C'
+- && i2c_smbus_read_byte(new_client) == 'G'
+- && i2c_smbus_read_byte(new_client) == '-') {
++ char name[4];
++
++ name[0] = i2c_smbus_read_byte_data(new_client, 0x80);
++ name[1] = i2c_smbus_read_byte(new_client);
++ name[2] = i2c_smbus_read_byte(new_client);
++ name[3] = i2c_smbus_read_byte(new_client);
++
++ if (!memcmp(name, "PCG-", 4) || !memcmp(name, "VGN-", 4)) {
+ dev_info(&new_client->dev, "Vaio EEPROM detected, "
+- "enabling password protection\n");
++ "enabling privacy protection\n");
+ data->nature = VAIO;
+ }
+ }
+diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
+index 3808f52..e86cacb 100644
+--- a/drivers/md/raid5.c
++++ b/drivers/md/raid5.c
+@@ -689,7 +689,8 @@ ops_run_prexor(struct stripe_head *sh, struct dma_async_tx_descriptor *tx)
+ }
+
+ static struct dma_async_tx_descriptor *
+-ops_run_biodrain(struct stripe_head *sh, struct dma_async_tx_descriptor *tx)
++ops_run_biodrain(struct stripe_head *sh, struct dma_async_tx_descriptor *tx,
++ unsigned long pending)
+ {
+ int disks = sh->disks;
+ int pd_idx = sh->pd_idx, i;
+@@ -697,7 +698,7 @@ ops_run_biodrain(struct stripe_head *sh, struct dma_async_tx_descriptor *tx)
+ /* check if prexor is active which means only process blocks
+ * that are part of a read-modify-write (Wantprexor)
+ */
+- int prexor = test_bit(STRIPE_OP_PREXOR, &sh->ops.pending);
++ int prexor = test_bit(STRIPE_OP_PREXOR, &pending);
+
+ pr_debug("%s: stripe %llu\n", __FUNCTION__,
+ (unsigned long long)sh->sector);
+@@ -774,7 +775,8 @@ static void ops_complete_write(void *stripe_head_ref)
+ }
+
+ static void
+-ops_run_postxor(struct stripe_head *sh, struct dma_async_tx_descriptor *tx)
++ops_run_postxor(struct stripe_head *sh, struct dma_async_tx_descriptor *tx,
++ unsigned long pending)
+ {
+ /* kernel stack size limits the total number of disks */
+ int disks = sh->disks;
+@@ -782,7 +784,7 @@ ops_run_postxor(struct stripe_head *sh, struct dma_async_tx_descriptor *tx)
+
+ int count = 0, pd_idx = sh->pd_idx, i;
+ struct page *xor_dest;
+- int prexor = test_bit(STRIPE_OP_PREXOR, &sh->ops.pending);
++ int prexor = test_bit(STRIPE_OP_PREXOR, &pending);
+ unsigned long flags;
+ dma_async_tx_callback callback;
+
+@@ -809,7 +811,7 @@ ops_run_postxor(struct stripe_head *sh, struct dma_async_tx_descriptor *tx)
+ }
+
+ /* check whether this postxor is part of a write */
+- callback = test_bit(STRIPE_OP_BIODRAIN, &sh->ops.pending) ?
++ callback = test_bit(STRIPE_OP_BIODRAIN, &pending) ?
+ ops_complete_write : ops_complete_postxor;
+
+ /* 1/ if we prexor'd then the dest is reused as a source
+@@ -897,12 +899,12 @@ static void raid5_run_ops(struct stripe_head *sh, unsigned long pending)
+ tx = ops_run_prexor(sh, tx);
+
+ if (test_bit(STRIPE_OP_BIODRAIN, &pending)) {
+- tx = ops_run_biodrain(sh, tx);
++ tx = ops_run_biodrain(sh, tx, pending);
+ overlap_clear++;
+ }
+
+ if (test_bit(STRIPE_OP_POSTXOR, &pending))
+- ops_run_postxor(sh, tx);
++ ops_run_postxor(sh, tx, pending);
+
+ if (test_bit(STRIPE_OP_CHECK, &pending))
+ ops_run_check(sh);
+diff --git a/drivers/net/wireless/ipw2200.c b/drivers/net/wireless/ipw2200.c
+index 61497c4..da91b3b 100644
+--- a/drivers/net/wireless/ipw2200.c
++++ b/drivers/net/wireless/ipw2200.c
+@@ -1740,8 +1740,10 @@ static int ipw_radio_kill_sw(struct ipw_priv *priv, int disable_radio)
+ if (disable_radio) {
+ priv->status |= STATUS_RF_KILL_SW;
+
+- if (priv->workqueue)
++ if (priv->workqueue) {
+ cancel_delayed_work(&priv->request_scan);
++ cancel_delayed_work(&priv->scan_event);
++ }
+ queue_work(priv->workqueue, &priv->down);
+ } else {
+ priv->status &= ~STATUS_RF_KILL_SW;
+@@ -1992,6 +1994,7 @@ static void ipw_irq_tasklet(struct ipw_priv *priv)
+ wake_up_interruptible(&priv->wait_command_queue);
+ priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
+ cancel_delayed_work(&priv->request_scan);
++ cancel_delayed_work(&priv->scan_event);
+ schedule_work(&priv->link_down);
+ queue_delayed_work(priv->workqueue, &priv->rf_kill, 2 * HZ);
+ handled |= IPW_INTA_BIT_RF_KILL_DONE;
+@@ -4341,6 +4344,37 @@ static void ipw_handle_missed_beacon(struct ipw_priv *priv,
+ IPW_DEBUG_NOTIF("Missed beacon: %d\n", missed_count);
+ }
+
++static void ipw_scan_event(struct work_struct *work)
++{
++ union iwreq_data wrqu;
++
++ struct ipw_priv *priv =
++ container_of(work, struct ipw_priv, scan_event.work);
++
++ wrqu.data.length = 0;
++ wrqu.data.flags = 0;
++ wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL);
++}
++
++static void handle_scan_event(struct ipw_priv *priv)
++{
++ /* Only userspace-requested scan completion events go out immediately */
++ if (!priv->user_requested_scan) {
++ if (!delayed_work_pending(&priv->scan_event))
++ queue_delayed_work(priv->workqueue, &priv->scan_event,
++ round_jiffies(msecs_to_jiffies(4000)));
++ } else {
++ union iwreq_data wrqu;
++
++ priv->user_requested_scan = 0;
++ cancel_delayed_work(&priv->scan_event);
++
++ wrqu.data.length = 0;
++ wrqu.data.flags = 0;
++ wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL);
++ }
++}
++
+ /**
+ * Handle host notification packet.
+ * Called from interrupt routine
+@@ -4702,14 +4736,8 @@ static void ipw_rx_notification(struct ipw_priv *priv,
+ * on how the scan was initiated. User space can just
+ * sync on periodic scan to get fresh data...
+ * Jean II */
+- if (x->status == SCAN_COMPLETED_STATUS_COMPLETE) {
+- union iwreq_data wrqu;
+-
+- wrqu.data.length = 0;
+- wrqu.data.flags = 0;
+- wireless_send_event(priv->net_dev, SIOCGIWSCAN,
+- &wrqu, NULL);
+- }
++ if (x->status == SCAN_COMPLETED_STATUS_COMPLETE)
++ handle_scan_event(priv);
+ break;
+ }
+
+@@ -9472,6 +9500,10 @@ static int ipw_wx_set_scan(struct net_device *dev,
+ struct ipw_priv *priv = ieee80211_priv(dev);
+ struct iw_scan_req *req = (struct iw_scan_req *)extra;
+
++ mutex_lock(&priv->mutex);
++ priv->user_requested_scan = 1;
++ mutex_unlock(&priv->mutex);
++
+ if (wrqu->data.length == sizeof(struct iw_scan_req)) {
+ if (wrqu->data.flags & IW_SCAN_THIS_ESSID) {
+ ipw_request_direct_scan(priv, req->essid,
+@@ -10647,6 +10679,7 @@ static void ipw_link_up(struct ipw_priv *priv)
+ }
+
+ cancel_delayed_work(&priv->request_scan);
++ cancel_delayed_work(&priv->scan_event);
+ ipw_reset_stats(priv);
+ /* Ensure the rate is updated immediately */
+ priv->last_rate = ipw_get_current_rate(priv);
+@@ -10684,7 +10717,8 @@ static void ipw_link_down(struct ipw_priv *priv)
+ if (!(priv->status & STATUS_EXIT_PENDING)) {
+ /* Queue up another scan... */
+ queue_delayed_work(priv->workqueue, &priv->request_scan, 0);
+- }
++ } else
++ cancel_delayed_work(&priv->scan_event);
+ }
+
+ static void ipw_bg_link_down(struct work_struct *work)
+@@ -10714,6 +10748,7 @@ static int ipw_setup_deferred_work(struct ipw_priv *priv)
+ INIT_WORK(&priv->up, ipw_bg_up);
+ INIT_WORK(&priv->down, ipw_bg_down);
+ INIT_DELAYED_WORK(&priv->request_scan, ipw_request_scan);
++ INIT_DELAYED_WORK(&priv->scan_event, ipw_scan_event);
+ INIT_WORK(&priv->request_passive_scan, ipw_request_passive_scan);
+ INIT_DELAYED_WORK(&priv->gather_stats, ipw_bg_gather_stats);
+ INIT_WORK(&priv->abort_scan, ipw_bg_abort_scan);
+@@ -11746,6 +11781,7 @@ static void ipw_pci_remove(struct pci_dev *pdev)
+ cancel_delayed_work(&priv->adhoc_check);
+ cancel_delayed_work(&priv->gather_stats);
+ cancel_delayed_work(&priv->request_scan);
++ cancel_delayed_work(&priv->scan_event);
+ cancel_delayed_work(&priv->rf_kill);
+ cancel_delayed_work(&priv->scan_check);
+ destroy_workqueue(priv->workqueue);
+diff --git a/drivers/net/wireless/ipw2200.h b/drivers/net/wireless/ipw2200.h
+index 626a240..58b8fe5 100644
+--- a/drivers/net/wireless/ipw2200.h
++++ b/drivers/net/wireless/ipw2200.h
+@@ -1288,6 +1288,8 @@ struct ipw_priv {
+
+ struct iw_public_data wireless_data;
+
++ int user_requested_scan;
++
+ struct workqueue_struct *workqueue;
+
+ struct delayed_work adhoc_check;
+@@ -1296,6 +1298,7 @@ struct ipw_priv {
+ struct work_struct system_config;
+ struct work_struct rx_replenish;
+ struct delayed_work request_scan;
++ struct delayed_work scan_event;
+ struct work_struct request_passive_scan;
+ struct work_struct adapter_restart;
+ struct delayed_work rf_kill;
+diff --git a/drivers/oprofile/cpu_buffer.c b/drivers/oprofile/cpu_buffer.c
+index a83c3db..c93d3d2 100644
+--- a/drivers/oprofile/cpu_buffer.c
++++ b/drivers/oprofile/cpu_buffer.c
+@@ -64,6 +64,8 @@ int alloc_cpu_buffers(void)
+ b->head_pos = 0;
+ b->sample_received = 0;
+ b->sample_lost_overflow = 0;
++ b->backtrace_aborted = 0;
++ b->sample_invalid_eip = 0;
+ b->cpu = i;
+ INIT_DELAYED_WORK(&b->work, wq_sync_buffer);
+ }
+@@ -175,6 +177,11 @@ static int log_sample(struct oprofile_cpu_buffer * cpu_buf, unsigned long pc,
+
+ cpu_buf->sample_received++;
+
++ if (pc == ESCAPE_CODE) {
++ cpu_buf->sample_invalid_eip++;
++ return 0;
++ }
++
+ if (nr_available_slots(cpu_buf) < 3) {
+ cpu_buf->sample_lost_overflow++;
+ return 0;
+diff --git a/drivers/oprofile/cpu_buffer.h b/drivers/oprofile/cpu_buffer.h
+index 49900d9..c66c025 100644
+--- a/drivers/oprofile/cpu_buffer.h
++++ b/drivers/oprofile/cpu_buffer.h
+@@ -42,6 +42,7 @@ struct oprofile_cpu_buffer {
+ unsigned long sample_received;
+ unsigned long sample_lost_overflow;
+ unsigned long backtrace_aborted;
++ unsigned long sample_invalid_eip;
+ int cpu;
+ struct delayed_work work;
+ } ____cacheline_aligned;
+diff --git a/drivers/oprofile/oprofile_stats.c b/drivers/oprofile/oprofile_stats.c
+index f0acb66..d1f6d77 100644
+--- a/drivers/oprofile/oprofile_stats.c
++++ b/drivers/oprofile/oprofile_stats.c
+@@ -26,6 +26,8 @@ void oprofile_reset_stats(void)
+ cpu_buf = &cpu_buffer[i];
+ cpu_buf->sample_received = 0;
+ cpu_buf->sample_lost_overflow = 0;
++ cpu_buf->backtrace_aborted = 0;
++ cpu_buf->sample_invalid_eip = 0;
+ }
+
+ atomic_set(&oprofile_stats.sample_lost_no_mm, 0);
+@@ -61,6 +63,8 @@ void oprofile_create_stats_files(struct super_block * sb, struct dentry * root)
+ &cpu_buf->sample_lost_overflow);
+ oprofilefs_create_ro_ulong(sb, cpudir, "backtrace_aborted",
+ &cpu_buf->backtrace_aborted);
++ oprofilefs_create_ro_ulong(sb, cpudir, "sample_invalid_eip",
++ &cpu_buf->sample_invalid_eip);
+ }
+
+ oprofilefs_create_ro_atomic(sb, dir, "sample_lost_no_mm",
+diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h
+index c6b78ba..b2b6405 100644
+--- a/drivers/usb/storage/unusual_devs.h
++++ b/drivers/usb/storage/unusual_devs.h
+@@ -341,6 +341,13 @@ UNUSUAL_DEV( 0x04b0, 0x040d, 0x0100, 0x0100,
+ US_SC_DEVICE, US_PR_DEVICE, NULL,
+ US_FL_FIX_CAPACITY),
+
++/* Reported by Graber and Mike Pagano <mpagano-kernel@mpagano.com> */
++UNUSUAL_DEV( 0x04b0, 0x040f, 0x0200, 0x0200,
++ "NIKON",
++ "NIKON DSC D200",
++ US_SC_DEVICE, US_PR_DEVICE, NULL,
++ US_FL_FIX_CAPACITY),
++
+ /* Reported by Emil Larsson <emil@swip.net> */
+ UNUSUAL_DEV( 0x04b0, 0x0411, 0x0100, 0x0101,
+ "NIKON",
+@@ -355,6 +362,13 @@ UNUSUAL_DEV( 0x04b0, 0x0413, 0x0110, 0x0110,
+ US_SC_DEVICE, US_PR_DEVICE, NULL,
+ US_FL_FIX_CAPACITY),
+
++/* Reported by Shan Destromp (shansan@gmail.com) */
++UNUSUAL_DEV( 0x04b0, 0x0417, 0x0100, 0x0100,
++ "NIKON",
++ "NIKON DSC D40X",
++ US_SC_DEVICE, US_PR_DEVICE, NULL,
++ US_FL_FIX_CAPACITY),
++
+ /* BENQ DC5330
+ * Reported by Manuel Fombuena <mfombuena@ya.com> and
+ * Frank Copeland <fjc@thingy.apana.org.au> */
+diff --git a/drivers/video/ps3fb.c b/drivers/video/ps3fb.c
+index 646ec82..0f2a7ba 100644
+--- a/drivers/video/ps3fb.c
++++ b/drivers/video/ps3fb.c
+@@ -659,7 +659,7 @@ static int ps3fb_blank(int blank, struct fb_info *info)
+
+ static int ps3fb_get_vblank(struct fb_vblank *vblank)
+ {
+- memset(vblank, 0, sizeof(&vblank));
++ memset(vblank, 0, sizeof(*vblank));
+ vblank->flags = FB_VBLANK_HAVE_VSYNC;
+ return 0;
+ }
+diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c
+index b617428..0e5fa11 100644
+--- a/fs/nfsd/nfs2acl.c
++++ b/fs/nfsd/nfs2acl.c
+@@ -41,7 +41,7 @@ static __be32 nfsacld_proc_getacl(struct svc_rqst * rqstp,
+
+ fh = fh_copy(&resp->fh, &argp->fh);
+ if ((nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP)))
+- RETURN_STATUS(nfserr_inval);
++ RETURN_STATUS(nfserr);
+
+ if (argp->mask & ~(NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT))
+ RETURN_STATUS(nfserr_inval);
+diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c
+index 3e3f2de..b647f2f 100644
+--- a/fs/nfsd/nfs3acl.c
++++ b/fs/nfsd/nfs3acl.c
+@@ -37,7 +37,7 @@ static __be32 nfsd3_proc_getacl(struct svc_rqst * rqstp,
+
+ fh = fh_copy(&resp->fh, &argp->fh);
+ if ((nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP)))
+- RETURN_STATUS(nfserr_inval);
++ RETURN_STATUS(nfserr);
+
+ if (argp->mask & ~(NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT))
+ RETURN_STATUS(nfserr_inval);
+diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
+index 7011d62..51221be 100644
+--- a/fs/nfsd/nfsfh.c
++++ b/fs/nfsd/nfsfh.c
+@@ -95,6 +95,22 @@ nfsd_mode_check(struct svc_rqst *rqstp, umode_t mode, int type)
+ return 0;
+ }
+
++static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp,
++ struct svc_export *exp)
++{
++ /* Check if the request originated from a secure port. */
++ if (!rqstp->rq_secure && EX_SECURE(exp)) {
++ char buf[RPC_MAX_ADDRBUFLEN];
++ dprintk(KERN_WARNING
++ "nfsd: request from insecure port %s!\n",
++ svc_print_addr(rqstp, buf, sizeof(buf)));
++ return nfserr_perm;
++ }
++
++ /* Set user creds for this exportpoint */
++ return nfserrno(nfsd_setuser(rqstp, exp));
++}
++
+ /*
+ * Perform sanity checks on the dentry in a client's file handle.
+ *
+@@ -167,18 +183,7 @@ fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, int access)
+ goto out;
+ }
+
+- /* Check if the request originated from a secure port. */
+- error = nfserr_perm;
+- if (!rqstp->rq_secure && EX_SECURE(exp)) {
+- char buf[RPC_MAX_ADDRBUFLEN];
+- printk(KERN_WARNING
+- "nfsd: request from insecure port %s!\n",
+- svc_print_addr(rqstp, buf, sizeof(buf)));
+- goto out;
+- }
+-
+- /* Set user creds for this exportpoint */
+- error = nfserrno(nfsd_setuser(rqstp, exp));
++ error = nfsd_setuser_and_check_port(rqstp, exp);
+ if (error)
+ goto out;
+
+@@ -227,18 +232,22 @@ fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, int access)
+ fhp->fh_export = exp;
+ nfsd_nr_verified++;
+ } else {
+- /* just rechecking permissions
+- * (e.g. nfsproc_create calls fh_verify, then nfsd_create does as well)
++ /*
++ * just rechecking permissions
++ * (e.g. nfsproc_create calls fh_verify, then nfsd_create
++ * does as well)
+ */
+ dprintk("nfsd: fh_verify - just checking\n");
+ dentry = fhp->fh_dentry;
+ exp = fhp->fh_export;
+- /* Set user creds for this exportpoint; necessary even
++ /*
++ * Set user creds for this exportpoint; necessary even
+ * in the "just checking" case because this may be a
+ * filehandle that was created by fh_compose, and that
+ * is about to be used in another nfsv4 compound
+- * operation */
+- error = nfserrno(nfsd_setuser(rqstp, exp));
++ * operation.
++ */
++ error = nfsd_setuser_and_check_port(rqstp, exp);
+ if (error)
+ goto out;
+ }
+diff --git a/fs/reiserfs/stree.c b/fs/reiserfs/stree.c
+index 981027d..ce3c937 100644
+--- a/fs/reiserfs/stree.c
++++ b/fs/reiserfs/stree.c
+@@ -1458,9 +1458,6 @@ static void unmap_buffers(struct page *page, loff_t pos)
+ }
+ bh = next;
+ } while (bh != head);
+- if (PAGE_SIZE == bh->b_size) {
+- cancel_dirty_page(page, PAGE_CACHE_SIZE);
+- }
+ }
+ }
+ }
+diff --git a/include/asm-i386/system.h b/include/asm-i386/system.h
+index d69ba93..b104655 100644
+--- a/include/asm-i386/system.h
++++ b/include/asm-i386/system.h
+@@ -141,7 +141,7 @@ static inline unsigned long native_read_cr4_safe(void)
+ {
+ unsigned long val;
+ /* This could fault if %cr4 does not exist */
+- asm("1: movl %%cr4, %0 \n"
++ asm volatile("1: movl %%cr4, %0 \n"
+ "2: \n"
+ ".section __ex_table,\"a\" \n"
+ ".long 1b,2b \n"
+diff --git a/include/asm-x86_64/system.h b/include/asm-x86_64/system.h
+index 02175aa..47682a6 100644
+--- a/include/asm-x86_64/system.h
++++ b/include/asm-x86_64/system.h
+@@ -85,7 +85,7 @@ static inline void write_cr0(unsigned long val)
+ static inline unsigned long read_cr2(void)
+ {
+ unsigned long cr2;
+- asm("movq %%cr2,%0" : "=r" (cr2));
++ asm volatile("movq %%cr2,%0" : "=r" (cr2));
+ return cr2;
+ }
+
+@@ -97,7 +97,7 @@ static inline void write_cr2(unsigned long val)
+ static inline unsigned long read_cr3(void)
+ {
+ unsigned long cr3;
+- asm("movq %%cr3,%0" : "=r" (cr3));
++ asm volatile("movq %%cr3,%0" : "=r" (cr3));
+ return cr3;
+ }
+
+@@ -109,7 +109,7 @@ static inline void write_cr3(unsigned long val)
+ static inline unsigned long read_cr4(void)
+ {
+ unsigned long cr4;
+- asm("movq %%cr4,%0" : "=r" (cr4));
++ asm volatile("movq %%cr4,%0" : "=r" (cr4));
+ return cr4;
+ }
+
+@@ -121,7 +121,7 @@ static inline void write_cr4(unsigned long val)
+ static inline unsigned long read_cr8(void)
+ {
+ unsigned long cr8;
+- asm("movq %%cr8,%0" : "=r" (cr8));
++ asm volatile("movq %%cr8,%0" : "=r" (cr8));
+ return cr8;
+ }
+
+diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c
+index 67c67a8..2f592fe 100644
+--- a/kernel/sched_fair.c
++++ b/kernel/sched_fair.c
+@@ -93,7 +93,7 @@ unsigned int sysctl_sched_features __read_mostly =
+ SCHED_FEAT_FAIR_SLEEPERS *1 |
+ SCHED_FEAT_SLEEPER_AVG *0 |
+ SCHED_FEAT_SLEEPER_LOAD_AVG *1 |
+- SCHED_FEAT_PRECISE_CPU_LOAD *1 |
++ SCHED_FEAT_PRECISE_CPU_LOAD *0 |
+ SCHED_FEAT_START_DEBIT *1 |
+ SCHED_FEAT_SKIP_INITIAL *0;
+
+diff --git a/kernel/softlockup.c b/kernel/softlockup.c
+index e557c44..d857bb0 100644
+--- a/kernel/softlockup.c
++++ b/kernel/softlockup.c
+@@ -15,13 +15,16 @@
+ #include <linux/notifier.h>
+ #include <linux/module.h>
+
++#include <asm/irq_regs.h>
++
+ static DEFINE_SPINLOCK(print_lock);
+
+ static DEFINE_PER_CPU(unsigned long, touch_timestamp);
+ static DEFINE_PER_CPU(unsigned long, print_timestamp);
+ static DEFINE_PER_CPU(struct task_struct *, watchdog_task);
+
+-static int did_panic = 0;
++static int did_panic;
++int softlockup_thresh = 10;
+
+ static int
+ softlock_panic(struct notifier_block *this, unsigned long event, void *ptr)
+@@ -40,14 +43,16 @@ static struct notifier_block panic_block = {
+ * resolution, and we don't need to waste time with a big divide when
+ * 2^30ns == 1.074s.
+ */
+-static unsigned long get_timestamp(void)
++static unsigned long get_timestamp(int this_cpu)
+ {
+- return sched_clock() >> 30; /* 2^30 ~= 10^9 */
++ return cpu_clock(this_cpu) >> 30; /* 2^30 ~= 10^9 */
+ }
+
+ void touch_softlockup_watchdog(void)
+ {
+- __raw_get_cpu_var(touch_timestamp) = get_timestamp();
++ int this_cpu = raw_smp_processor_id();
++
++ __raw_get_cpu_var(touch_timestamp) = get_timestamp(this_cpu);
+ }
+ EXPORT_SYMBOL(touch_softlockup_watchdog);
+
+@@ -70,6 +75,7 @@ void softlockup_tick(void)
+ int this_cpu = smp_processor_id();
+ unsigned long touch_timestamp = per_cpu(touch_timestamp, this_cpu);
+ unsigned long print_timestamp;
++ struct pt_regs *regs = get_irq_regs();
+ unsigned long now;
+
+ if (touch_timestamp == 0) {
+@@ -92,28 +98,33 @@ void softlockup_tick(void)
+ return;
+ }
+
+- now = get_timestamp();
++ now = get_timestamp(this_cpu);
+
+ /* Wake up the high-prio watchdog task every second: */
+ if (now > (touch_timestamp + 1))
+ wake_up_process(per_cpu(watchdog_task, this_cpu));
+
+ /* Warn about unreasonable 10+ seconds delays: */
+- if (now > (touch_timestamp + 10)) {
+- per_cpu(print_timestamp, this_cpu) = touch_timestamp;
++ if (now <= (touch_timestamp + softlockup_thresh))
++ return;
++
++ per_cpu(print_timestamp, this_cpu) = touch_timestamp;
+
+- spin_lock(&print_lock);
+- printk(KERN_ERR "BUG: soft lockup detected on CPU#%d!\n",
+- this_cpu);
++ spin_lock(&print_lock);
++ printk(KERN_ERR "BUG: soft lockup - CPU#%d stuck for %lus! [%s:%d]\n",
++ this_cpu, now - touch_timestamp,
++ current->comm, current->pid);
++ if (regs)
++ show_regs(regs);
++ else
+ dump_stack();
+- spin_unlock(&print_lock);
+- }
++ spin_unlock(&print_lock);
+ }
+
+ /*
+ * The watchdog thread - runs every second and touches the timestamp.
+ */
+-static int watchdog(void * __bind_cpu)
++static int watchdog(void *__bind_cpu)
+ {
+ struct sched_param param = { .sched_priority = MAX_RT_PRIO-1 };
+
+@@ -151,13 +162,13 @@ cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu)
+ BUG_ON(per_cpu(watchdog_task, hotcpu));
+ p = kthread_create(watchdog, hcpu, "watchdog/%d", hotcpu);
+ if (IS_ERR(p)) {
+- printk("watchdog for %i failed\n", hotcpu);
++ printk(KERN_ERR "watchdog for %i failed\n", hotcpu);
+ return NOTIFY_BAD;
+ }
+- per_cpu(touch_timestamp, hotcpu) = 0;
+- per_cpu(watchdog_task, hotcpu) = p;
++ per_cpu(touch_timestamp, hotcpu) = 0;
++ per_cpu(watchdog_task, hotcpu) = p;
+ kthread_bind(p, hotcpu);
+- break;
++ break;
+ case CPU_ONLINE:
+ case CPU_ONLINE_FROZEN:
+ wake_up_process(per_cpu(watchdog_task, hotcpu));
+@@ -177,7 +188,7 @@ cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu)
+ kthread_stop(p);
+ break;
+ #endif /* CONFIG_HOTPLUG_CPU */
+- }
++ }
+ return NOTIFY_OK;
+ }
+
+diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
+index de6a2d6..14a2ecf 100644
+--- a/kernel/time/ntp.c
++++ b/kernel/time/ntp.c
+@@ -205,7 +205,7 @@ static void sync_cmos_clock(unsigned long dummy)
+ return;
+
+ getnstimeofday(&now);
+- if (abs(xtime.tv_nsec - (NSEC_PER_SEC / 2)) <= tick_nsec / 2)
++ if (abs(now.tv_nsec - (NSEC_PER_SEC / 2)) <= tick_nsec / 2)
+ fail = update_persistent_clock(now);
+
+ next.tv_nsec = (NSEC_PER_SEC / 2) - now.tv_nsec;
+diff --git a/lib/libcrc32c.c b/lib/libcrc32c.c
+index 60f4680..1f3a52e 100644
+--- a/lib/libcrc32c.c
++++ b/lib/libcrc32c.c
+@@ -33,7 +33,6 @@
+ #include <linux/crc32c.h>
+ #include <linux/compiler.h>
+ #include <linux/module.h>
+-#include <asm/byteorder.h>
+
+ MODULE_AUTHOR("Clay Haapala <chaapala@cisco.com>");
+ MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations");
+@@ -161,15 +160,13 @@ static const u32 crc32c_table[256] = {
+ */
+
+ u32 __attribute_pure__
+-crc32c_le(u32 seed, unsigned char const *data, size_t length)
++crc32c_le(u32 crc, unsigned char const *data, size_t length)
+ {
+- u32 crc = __cpu_to_le32(seed);
+-
+ while (length--)
+ crc =
+ crc32c_table[(crc ^ *data++) & 0xFFL] ^ (crc >> 8);
+
+- return __le32_to_cpu(crc);
++ return crc;
+ }
+
+ #endif /* CRC_LE_BITS == 8 */
projects / thirdparty / kernel / stable-queue.git / commitdiff
