--- /dev/null
+From a97f925a32aad2a37971d7bfb657006acf04e42d Mon Sep 17 00:00:00 2001
+From: Mikulas Patocka <mpatocka@redhat.com>
+Date: Sat, 6 Mar 2010 02:32:29 +0000
+Subject: dm: free dm_io before bio_endio not after
+
+From: Mikulas Patocka <mpatocka@redhat.com>
+
+commit a97f925a32aad2a37971d7bfb657006acf04e42d upstream.
+
+Free the dm_io structure before calling bio_endio() instead of after it,
+to ensure that the io_pool containing it is not referenced after it is
+freed.
+
+This partially fixes a problem described here
+ https://www.redhat.com/archives/dm-devel/2010-February/msg00109.html
+
+thread 1:
+bio_endio(bio, io_error);
+/* scheduling happens */
+ thread 2:
+ close the device
+ remove the device
+thread 1:
+free_io(md, io);
+
+Thread 2, when removing the device, sees non-empty md->io_pool (because the
+io hasn't been freed by thread 1 yet) and may crash with BUG in mempool_free.
+Thread 1 may also crash, when freeing into a nonexisting mempool.
+
+To fix this we must make sure that bio_endio() is the last call and
+the md structure is not accessed afterwards.
+
+There is another bio_endio in process_barrier, but it is called from the thread
+and the thread is destroyed prior to freeing the mempools, so this call is
+not affected by the bug.
+
+A similar bug exists with module unloads - the module may be unloaded
+immediately after bio_endio - but that is more difficult to fix.
+
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Signed-off-by: Alasdair G Kergon <agk@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/md/dm.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/md/dm.c
++++ b/drivers/md/dm.c
+@@ -614,8 +614,10 @@ static void dec_pending(struct dm_io *io
+ if (!md->barrier_error && io_error != -EOPNOTSUPP)
+ md->barrier_error = io_error;
+ end_io_acct(io);
++ free_io(md, io);
+ } else {
+ end_io_acct(io);
++ free_io(md, io);
+
+ if (io_error != DM_ENDIO_REQUEUE) {
+ trace_block_bio_complete(md->queue, bio);
+@@ -623,8 +625,6 @@ static void dec_pending(struct dm_io *io
+ bio_endio(bio, io_error);
+ }
+ }
+-
+- free_io(md, io);
+ }
+ }
+
--- /dev/null
+From 2db2c2eb6226e30f8059b82512a1364db98da8e3 Mon Sep 17 00:00:00 2001
+From: Gleb Natapov <gleb@redhat.com>
+Date: Wed, 10 Feb 2010 14:21:29 +0200
+Subject: KVM: x86 emulator: Add group8 instruction decoding
+
+From: Gleb Natapov <gleb@redhat.com>
+
+commit 2db2c2eb6226e30f8059b82512a1364db98da8e3 upstream.
+
+Use groups mechanism to decode 0F BA instructions.
+
+Signed-off-by: Gleb Natapov <gleb@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/emulate.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/emulate.c
++++ b/arch/x86/kvm/emulate.c
+@@ -86,6 +86,7 @@
+ enum {
+ Group1_80, Group1_81, Group1_82, Group1_83,
+ Group1A, Group3_Byte, Group3, Group4, Group5, Group7,
++ Group8,
+ };
+
+ static u32 opcode_table[256] = {
+@@ -258,7 +259,7 @@ static u32 twobyte_table[256] = {
+ 0, 0, ByteOp | DstReg | SrcMem | ModRM | Mov,
+ DstReg | SrcMem16 | ModRM | Mov,
+ /* 0xB8 - 0xBF */
+- 0, 0, DstMem | SrcImmByte | ModRM, DstMem | SrcReg | ModRM | BitOp,
++ 0, 0, Group | Group8, DstMem | SrcReg | ModRM | BitOp,
+ 0, 0, ByteOp | DstReg | SrcMem | ModRM | Mov,
+ DstReg | SrcMem16 | ModRM | Mov,
+ /* 0xC0 - 0xCF */
+@@ -314,6 +315,10 @@ static u32 group_table[] = {
+ 0, 0, ModRM | SrcMem, ModRM | SrcMem,
+ SrcNone | ModRM | DstMem | Mov, 0,
+ SrcMem16 | ModRM | Mov, SrcMem | ModRM | ByteOp,
++ [Group8*8] =
++ 0, 0, 0, 0,
++ DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM,
++ DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM,
+ };
+
+ static u32 group2_table[] = {
--- /dev/null
+From 60a29d4ea4e7b6b95d9391ebc8625b0426f3a363 Mon Sep 17 00:00:00 2001
+From: Gleb Natapov <gleb@redhat.com>
+Date: Wed, 10 Feb 2010 14:21:30 +0200
+Subject: KVM: x86 emulator: Add group9 instruction decoding
+
+From: Gleb Natapov <gleb@redhat.com>
+
+commit 60a29d4ea4e7b6b95d9391ebc8625b0426f3a363 upstream.
+
+Use groups mechanism to decode 0F C7 instructions.
+
+Signed-off-by: Gleb Natapov <gleb@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/emulate.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/emulate.c
++++ b/arch/x86/kvm/emulate.c
+@@ -86,7 +86,7 @@
+ enum {
+ Group1_80, Group1_81, Group1_82, Group1_83,
+ Group1A, Group3_Byte, Group3, Group4, Group5, Group7,
+- Group8,
++ Group8, Group9,
+ };
+
+ static u32 opcode_table[256] = {
+@@ -263,7 +263,8 @@ static u32 twobyte_table[256] = {
+ 0, 0, ByteOp | DstReg | SrcMem | ModRM | Mov,
+ DstReg | SrcMem16 | ModRM | Mov,
+ /* 0xC0 - 0xCF */
+- 0, 0, 0, DstMem | SrcReg | ModRM | Mov, 0, 0, 0, ImplicitOps | ModRM,
++ 0, 0, 0, DstMem | SrcReg | ModRM | Mov,
++ 0, 0, 0, Group | GroupDual | Group9,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 0xD0 - 0xDF */
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+@@ -319,6 +320,8 @@ static u32 group_table[] = {
+ 0, 0, 0, 0,
+ DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM,
+ DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM,
++ [Group9*8] =
++ 0, ImplicitOps | ModRM, 0, 0, 0, 0, 0, 0,
+ };
+
+ static u32 group2_table[] = {
+@@ -326,6 +329,8 @@ static u32 group2_table[] = {
+ SrcNone | ModRM, 0, 0, SrcNone | ModRM,
+ SrcNone | ModRM | DstMem | Mov, 0,
+ SrcMem16 | ModRM | Mov, 0,
++ [Group9*8] =
++ 0, 0, 0, 0, 0, 0, 0, 0,
+ };
+
+ /* EFLAGS bit definitions. */
--- /dev/null
+From e92805ac1228626c59c865f2f4e9059b9fb8c97b Mon Sep 17 00:00:00 2001
+From: Gleb Natapov <gleb@redhat.com>
+Date: Wed, 10 Feb 2010 14:21:35 +0200
+Subject: KVM: x86 emulator: Check CPL level during privilege instruction emulation
+
+From: Gleb Natapov <gleb@redhat.com>
+
+commit e92805ac1228626c59c865f2f4e9059b9fb8c97b upstream.
+
+Add CPL checking in case emulator is tricked into emulating
+privilege instruction from userspace.
+
+Signed-off-by: Gleb Natapov <gleb@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/emulate.c | 35 ++++++++++++++++++++---------------
+ 1 file changed, 20 insertions(+), 15 deletions(-)
+
+--- a/arch/x86/kvm/emulate.c
++++ b/arch/x86/kvm/emulate.c
+@@ -75,6 +75,7 @@
+ #define Group (1<<14) /* Bits 3:5 of modrm byte extend opcode */
+ #define GroupDual (1<<15) /* Alternate decoding of mod == 3 */
+ #define GroupMask 0xff /* Group number stored in bits 0:7 */
++#define Priv (1<<27) /* instruction generates #GP if current CPL != 0 */
+ /* Source 2 operand type */
+ #define Src2None (0<<29)
+ #define Src2CL (1<<29)
+@@ -204,7 +205,7 @@ static u32 opcode_table[256] = {
+ SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
+ /* 0xF0 - 0xF7 */
+ 0, 0, 0, 0,
+- ImplicitOps, ImplicitOps, Group | Group3_Byte, Group | Group3,
++ ImplicitOps | Priv, ImplicitOps, Group | Group3_Byte, Group | Group3,
+ /* 0xF8 - 0xFF */
+ ImplicitOps, 0, ImplicitOps, ImplicitOps,
+ ImplicitOps, ImplicitOps, Group | Group4, Group | Group5,
+@@ -212,16 +213,20 @@ static u32 opcode_table[256] = {
+
+ static u32 twobyte_table[256] = {
+ /* 0x00 - 0x0F */
+- 0, Group | GroupDual | Group7, 0, 0, 0, ImplicitOps, ImplicitOps, 0,
+- ImplicitOps, ImplicitOps, 0, 0, 0, ImplicitOps | ModRM, 0, 0,
++ 0, Group | GroupDual | Group7, 0, 0,
++ 0, ImplicitOps, ImplicitOps | Priv, 0,
++ ImplicitOps | Priv, ImplicitOps | Priv, 0, 0,
++ 0, ImplicitOps | ModRM, 0, 0,
+ /* 0x10 - 0x1F */
+ 0, 0, 0, 0, 0, 0, 0, 0, ImplicitOps | ModRM, 0, 0, 0, 0, 0, 0, 0,
+ /* 0x20 - 0x2F */
+- ModRM | ImplicitOps, ModRM, ModRM | ImplicitOps, ModRM, 0, 0, 0, 0,
++ ModRM | ImplicitOps | Priv, ModRM | Priv,
++ ModRM | ImplicitOps | Priv, ModRM | Priv,
++ 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 0x30 - 0x3F */
+- ImplicitOps, 0, ImplicitOps, 0,
+- ImplicitOps, ImplicitOps, 0, 0,
++ ImplicitOps | Priv, 0, ImplicitOps | Priv, 0,
++ ImplicitOps, ImplicitOps | Priv, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 0x40 - 0x47 */
+ DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
+@@ -313,9 +318,9 @@ static u32 group_table[] = {
+ SrcMem | ModRM | Stack, 0,
+ SrcMem | ModRM | Stack, 0, SrcMem | ModRM | Stack, 0,
+ [Group7*8] =
+- 0, 0, ModRM | SrcMem, ModRM | SrcMem,
++ 0, 0, ModRM | SrcMem | Priv, ModRM | SrcMem | Priv,
+ SrcNone | ModRM | DstMem | Mov, 0,
+- SrcMem16 | ModRM | Mov, SrcMem | ModRM | ByteOp,
++ SrcMem16 | ModRM | Mov | Priv, SrcMem | ModRM | ByteOp | Priv,
+ [Group8*8] =
+ 0, 0, 0, 0,
+ DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM,
+@@ -326,7 +331,7 @@ static u32 group_table[] = {
+
+ static u32 group2_table[] = {
+ [Group7*8] =
+- SrcNone | ModRM, 0, 0, SrcNone | ModRM,
++ SrcNone | ModRM | Priv, 0, 0, SrcNone | ModRM,
+ SrcNone | ModRM | DstMem | Mov, 0,
+ SrcMem16 | ModRM | Mov, 0,
+ [Group9*8] =
+@@ -1623,12 +1628,6 @@ emulate_sysexit(struct x86_emulate_ctxt
+ return -1;
+ }
+
+- /* sysexit must be called from CPL 0 */
+- if (kvm_x86_ops->get_cpl(ctxt->vcpu) != 0) {
+- kvm_inject_gp(ctxt->vcpu, 0);
+- return -1;
+- }
+-
+ setup_syscalls_segments(ctxt, &cs, &ss);
+
+ if ((c->rex_prefix & 0x8) != 0x0)
+@@ -1692,6 +1691,12 @@ x86_emulate_insn(struct x86_emulate_ctxt
+ memcpy(c->regs, ctxt->vcpu->arch.regs, sizeof c->regs);
+ saved_eip = c->eip;
+
++ /* Privileged instruction can be executed only in CPL=0 */
++ if ((c->d & Priv) && kvm_x86_ops->get_cpl(ctxt->vcpu)) {
++ kvm_inject_gp(ctxt->vcpu, 0);
++ goto done;
++ }
++
+ if (((c->d & ModRM) && (c->modrm_mod != 3)) || (c->d & MemAbs))
+ memop = c->modrm_ea;
+
--- /dev/null
+From d4c6a1549c056f1d817e8f6f2f97d8b44933472f Mon Sep 17 00:00:00 2001
+From: Gleb Natapov <gleb@redhat.com>
+Date: Wed, 10 Feb 2010 14:21:34 +0200
+Subject: KVM: x86 emulator: Fix popf emulation
+
+From: Gleb Natapov <gleb@redhat.com>
+
+commit d4c6a1549c056f1d817e8f6f2f97d8b44933472f upstream.
+
+POPF behaves differently depending on current CPU mode. Emulate correct
+logic to prevent guest from changing flags that it can't change otherwise.
+
+Signed-off-by: Gleb Natapov <gleb@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/emulate.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 54 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/emulate.c
++++ b/arch/x86/kvm/emulate.c
+@@ -334,11 +334,18 @@ static u32 group2_table[] = {
+ };
+
+ /* EFLAGS bit definitions. */
++#define EFLG_ID (1<<21)
++#define EFLG_VIP (1<<20)
++#define EFLG_VIF (1<<19)
++#define EFLG_AC (1<<18)
+ #define EFLG_VM (1<<17)
+ #define EFLG_RF (1<<16)
++#define EFLG_IOPL (3<<12)
++#define EFLG_NT (1<<14)
+ #define EFLG_OF (1<<11)
+ #define EFLG_DF (1<<10)
+ #define EFLG_IF (1<<9)
++#define EFLG_TF (1<<8)
+ #define EFLG_SF (1<<7)
+ #define EFLG_ZF (1<<6)
+ #define EFLG_AF (1<<4)
+@@ -1199,6 +1206,49 @@ static int emulate_pop(struct x86_emulat
+ return rc;
+ }
+
++static int emulate_popf(struct x86_emulate_ctxt *ctxt,
++ struct x86_emulate_ops *ops,
++ void *dest, int len)
++{
++ int rc;
++ unsigned long val, change_mask;
++ int iopl = (ctxt->eflags & X86_EFLAGS_IOPL) >> IOPL_SHIFT;
++ int cpl = kvm_x86_ops->get_cpl(ctxt->vcpu);
++
++ rc = emulate_pop(ctxt, ops, &val, len);
++ if (rc != X86EMUL_CONTINUE)
++ return rc;
++
++ change_mask = EFLG_CF | EFLG_PF | EFLG_AF | EFLG_ZF | EFLG_SF | EFLG_OF
++ | EFLG_TF | EFLG_DF | EFLG_NT | EFLG_RF | EFLG_AC | EFLG_ID;
++
++ switch(ctxt->mode) {
++ case X86EMUL_MODE_PROT64:
++ case X86EMUL_MODE_PROT32:
++ case X86EMUL_MODE_PROT16:
++ if (cpl == 0)
++ change_mask |= EFLG_IOPL;
++ if (cpl <= iopl)
++ change_mask |= EFLG_IF;
++ break;
++ case X86EMUL_MODE_VM86:
++ if (iopl < 3) {
++ kvm_inject_gp(ctxt->vcpu, 0);
++ return X86EMUL_PROPAGATE_FAULT;
++ }
++ change_mask |= EFLG_IF;
++ break;
++ default: /* real mode */
++ change_mask |= (EFLG_IOPL | EFLG_IF);
++ break;
++ }
++
++ *(unsigned long *)dest =
++ (ctxt->eflags & ~change_mask) | (val & change_mask);
++
++ return rc;
++}
++
+ static inline int emulate_grp1a(struct x86_emulate_ctxt *ctxt,
+ struct x86_emulate_ops *ops)
+ {
+@@ -1929,7 +1979,10 @@ special_insn:
+ c->dst.type = OP_REG;
+ c->dst.ptr = (unsigned long *) &ctxt->eflags;
+ c->dst.bytes = c->op_bytes;
+- goto pop_instruction;
++ rc = emulate_popf(ctxt, ops, &c->dst.val, c->op_bytes);
++ if (rc != X86EMUL_CONTINUE)
++ goto done;
++ break;
+ case 0xa0 ... 0xa1: /* mov */
+ c->dst.ptr = (unsigned long *)&c->regs[VCPU_REGS_RAX];
+ c->dst.val = c->src.val;
--- /dev/null
+From 8b9f44140bc4afd2698413cd9960c3912168ee91 Mon Sep 17 00:00:00 2001
+From: Gleb Natapov <gleb@redhat.com>
+Date: Thu, 18 Feb 2010 12:14:59 +0200
+Subject: KVM: x86 emulator: Forbid modifying CS segment register by mov instruction
+
+From: Gleb Natapov <gleb@redhat.com>
+
+commit 8b9f44140bc4afd2698413cd9960c3912168ee91 upstream.
+
+Inject #UD if guest attempts to do so. This is in accordance to Intel
+SDM.
+
+Signed-off-by: Gleb Natapov <gleb@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kvm/emulate.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/arch/x86/kvm/emulate.c
++++ b/arch/x86/kvm/emulate.c
+@@ -1875,6 +1875,12 @@ special_insn:
+ int err;
+
+ sel = c->src.val;
++
++ if (c->modrm_reg == VCPU_SREG_CS) {
++ kvm_queue_exception(ctxt->vcpu, UD_VECTOR);
++ goto done;
++ }
++
+ if (c->modrm_reg == VCPU_SREG_SS)
+ toggle_interruptibility(ctxt, X86_SHADOW_INT_MOV_SS);
+
--- /dev/null
+From ebed9203b68a4f333ce5d17e874b26c3afcfeff1 Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Tue, 2 Mar 2010 13:06:22 -0500
+Subject: NFS: Fix an allocation-under-spinlock bug
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+commit ebed9203b68a4f333ce5d17e874b26c3afcfeff1 upstream.
+
+sunrpc_cache_update() will always call detail->update() from inside the
+detail->hash_lock, so it cannot allocate memory.
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/nfs/dns_resolve.c | 18 +++++++++++++++---
+ 1 file changed, 15 insertions(+), 3 deletions(-)
+
+--- a/fs/nfs/dns_resolve.c
++++ b/fs/nfs/dns_resolve.c
+@@ -36,6 +36,19 @@ struct nfs_dns_ent {
+ };
+
+
++static void nfs_dns_ent_update(struct cache_head *cnew,
++ struct cache_head *ckey)
++{
++ struct nfs_dns_ent *new;
++ struct nfs_dns_ent *key;
++
++ new = container_of(cnew, struct nfs_dns_ent, h);
++ key = container_of(ckey, struct nfs_dns_ent, h);
++
++ memcpy(&new->addr, &key->addr, key->addrlen);
++ new->addrlen = key->addrlen;
++}
++
+ static void nfs_dns_ent_init(struct cache_head *cnew,
+ struct cache_head *ckey)
+ {
+@@ -49,8 +62,7 @@ static void nfs_dns_ent_init(struct cach
+ new->hostname = kstrndup(key->hostname, key->namelen, GFP_KERNEL);
+ if (new->hostname) {
+ new->namelen = key->namelen;
+- memcpy(&new->addr, &key->addr, key->addrlen);
+- new->addrlen = key->addrlen;
++ nfs_dns_ent_update(cnew, ckey);
+ } else {
+ new->namelen = 0;
+ new->addrlen = 0;
+@@ -234,7 +246,7 @@ static struct cache_detail nfs_dns_resol
+ .cache_show = nfs_dns_show,
+ .match = nfs_dns_match,
+ .init = nfs_dns_ent_init,
+- .update = nfs_dns_ent_init,
++ .update = nfs_dns_ent_update,
+ .alloc = nfs_dns_ent_alloc,
+ };
+
--- /dev/null
+From 5a98c04d78c896d52baef20ffc11f6d1ba6eb786 Mon Sep 17 00:00:00 2001
+From: James Hogan <james@albanarts.com>
+Date: Fri, 5 Mar 2010 13:44:31 -0800
+Subject: rtc-coh901331: fix braces in resume code
+
+From: James Hogan <james@albanarts.com>
+
+commit 5a98c04d78c896d52baef20ffc11f6d1ba6eb786 upstream.
+
+The else part of the if statement is indented but does not have braces
+around it. It clearly should since it uses clk_enable and clk_disable
+which are supposed to balance.
+
+Signed-off-by: James Hogan <james@albanarts.com>
+Acked-by: Linus Walleij <linus.walleij@stericsson.com>
+Acked-by: Alessandro Zummo <a.zummo@towertech.it>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/rtc/rtc-coh901331.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/rtc/rtc-coh901331.c
++++ b/drivers/rtc/rtc-coh901331.c
+@@ -271,12 +271,13 @@ static int coh901331_resume(struct platf
+ {
+ struct coh901331_port *rtap = dev_get_drvdata(&pdev->dev);
+
+- if (device_may_wakeup(&pdev->dev))
++ if (device_may_wakeup(&pdev->dev)) {
+ disable_irq_wake(rtap->irq);
+- else
++ } else {
+ clk_enable(rtap->clk);
+ writel(rtap->irqmaskstore, rtap->virtbase + COH901331_IRQ_MASK);
+ clk_disable(rtap->clk);
++ }
+ return 0;
+ }
+ #else
--- /dev/null
+From c212808a1ba6bfba489006399b8152a047305acf Mon Sep 17 00:00:00 2001
+From: Lars-Peter Clausen <lars@metafoo.de>
+Date: Fri, 5 Mar 2010 13:43:35 -0800
+Subject: s3cmci: initialize default platform data no_wprotect and no_detect with 1
+
+From: Lars-Peter Clausen <lars@metafoo.de>
+
+commit c212808a1ba6bfba489006399b8152a047305acf upstream.
+
+If no platform_data was givin to the device it's going to use it's default
+platform data struct which has all fields initialized to zero. As a
+result the driver is going to try to request gpio0 both as write protect
+and card detect pin. Which of course will fail and makes the driver
+unusable
+
+Previously to the introduction of no_wprotect and no_detect the behavior
+was to assume that if no platform data was given there is no write protect
+or card detect pin. This patch restores that behavior.
+
+Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
+Cc: Ben Dooks <ben-linux@fluff.org>
+Cc: <linux-mmc@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+--- a/drivers/mmc/host/s3cmci.c
++++ b/drivers/mmc/host/s3cmci.c
+@@ -1360,6 +1360,8 @@ static struct mmc_host_ops s3cmci_ops = {
+ static struct s3c24xx_mci_pdata s3cmci_def_pdata = {
+ /* This is currently here to avoid a number of if (host->pdata)
+ * checks. Any zero fields to ensure reasonable defaults are picked. */
++ .no_wprotect = 1,
++ .no_detect = 1,
+ };
+
+ #ifdef CONFIG_CPU_FREQ
--- /dev/null
+From dc2ed552804f3a2ae41c0ffe4bc09879ec8f7396 Mon Sep 17 00:00:00 2001
+From: Lars-Peter Clausen <lars@metafoo.de>
+Date: Fri, 5 Mar 2010 13:43:37 -0800
+Subject: s3cmci: s3cmci_card_present: Use no_detect to decide whether there is a card detect pin
+
+From: Lars-Peter Clausen <lars@metafoo.de>
+
+commit dc2ed552804f3a2ae41c0ffe4bc09879ec8f7396 upstream.
+
+Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
+Cc: Ben Dooks <ben-linux@fluff.org>
+Cc: <linux-mmc@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/mmc/host/s3cmci.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/mmc/host/s3cmci.c
++++ b/drivers/mmc/host/s3cmci.c
+@@ -1178,7 +1178,7 @@ static int s3cmci_card_present(struct mm
+ struct s3c24xx_mci_pdata *pdata = host->pdata;
+ int ret;
+
+- if (pdata->gpio_detect == 0)
++ if (pdata->no_detect)
+ return -ENOSYS;
+
+ ret = gpio_get_value(pdata->gpio_detect) ? 0 : 1;
usb-unusual_devs-add-support-for-multiple-option-3g-sticks.patch
drm-i915-use-a-dmi-quirk-to-skip-a-broken-sdvo-tv-output.patch
drm-ttm-handle-oom-in-ttm_tt_swapout.patch
+sunrpc-remove-unnecessary-svc_xprt_put.patch
+sunrpc-handle-einval-error-returns-from-the-tcp-connect-operation.patch
+s3cmci-s3cmci_card_present-use-no_detect-to-decide-whether-there-is-a-card-detect-pin.patch
+rtc-coh901331-fix-braces-in-resume-code.patch
+nfs-fix-an-allocation-under-spinlock-bug.patch
+dm-free-dm_io-before-bio_endio-not-after.patch
+kvm-x86-emulator-add-group8-instruction-decoding.patch
+kvm-x86-emulator-forbid-modifying-cs-segment-register-by-mov-instruction.patch
+kvm-x86-emulator-add-group9-instruction-decoding.patch
+kvm-x86-emulator-fix-popf-emulation.patch
+kvm-x86-emulator-check-cpl-level-during-privilege-instruction-emulation.patch
+s3cmci-initialize-default-platform-data-no_wprotect-and-no_detect-with-1.patch
sched-fix-sched_mv_power_savings-for-smt.patch
sched-fix-smt-scheduler-regression-in-find_busiest_queue.patch
sched-don-t-use-possibly-stale-sched_class.patch
--- /dev/null
+From 9fcfe0c83c3b04a759cde6b8c5f961237f17808b Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Tue, 2 Mar 2010 13:06:21 -0500
+Subject: SUNRPC: Handle EINVAL error returns from the TCP connect operation
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+commit 9fcfe0c83c3b04a759cde6b8c5f961237f17808b upstream.
+
+This can, for instance, happen if the user specifies a link local IPv6
+address.
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/sunrpc/xprtsock.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/net/sunrpc/xprtsock.c
++++ b/net/sunrpc/xprtsock.c
+@@ -1926,6 +1926,11 @@ static void xs_tcp_setup_socket(struct r
+ case -EALREADY:
+ xprt_clear_connecting(xprt);
+ return;
++ case -EINVAL:
++ /* Happens, for instance, if the user specified a link
++ * local IPv6 address without a scope-id.
++ */
++ goto out;
+ }
+ out_eagain:
+ status = -EAGAIN;
--- /dev/null
+From ab1b18f70a007ea6caeb007d269abb75b131a410 Mon Sep 17 00:00:00 2001
+From: Neil Brown <neilb@suse.de>
+Date: Sat, 27 Feb 2010 09:33:40 +1100
+Subject: sunrpc: remove unnecessary svc_xprt_put
+
+From: Neil Brown <neilb@suse.de>
+
+commit ab1b18f70a007ea6caeb007d269abb75b131a410 upstream.
+
+The 'struct svc_deferred_req's on the xpt_deferred queue do not
+own a reference to the owning xprt. This is seen in svc_revisit
+which is where things are added to this queue. dr->xprt is set to
+NULL and the reference to the xprt it put.
+
+So when this list is cleaned up in svc_delete_xprt, we mustn't
+put the reference.
+
+Also, replace the 'for' with a 'while' which is arguably
+simpler and more likely to compile efficiently.
+
+Cc: Tom Tucker <tom@opengridcomputing.com>
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/sunrpc/svc_xprt.c | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+--- a/net/sunrpc/svc_xprt.c
++++ b/net/sunrpc/svc_xprt.c
+@@ -901,11 +901,8 @@ void svc_delete_xprt(struct svc_xprt *xp
+ if (test_bit(XPT_TEMP, &xprt->xpt_flags))
+ serv->sv_tmpcnt--;
+
+- for (dr = svc_deferred_dequeue(xprt); dr;
+- dr = svc_deferred_dequeue(xprt)) {
+- svc_xprt_put(xprt);
++ while ((dr = svc_deferred_dequeue(xprt)) != NULL)
+ kfree(dr);
+- }
+
+ svc_xprt_put(xprt);
+ spin_unlock_bh(&serv->sv_lock);
projects / thirdparty / kernel / stable-queue.git / commitdiff
