--- /dev/null
+From greg@blue.kroah.org Mon Jul 30 21:26:14 2007
+Message-Id: <20070731042614.312386804@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:09 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Michael Chan <mchan@broadcom.com>,
+ "David S. Miller" <davem@davemloft.net>,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 01/26] BNX2: Fix netdev watchdog on 5708.
+Content-Disposition: inline; filename=bnx2-fix-netdev-watchdog-on-5708.patch
+Content-Length: 2111
+Lines: 74
+
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+There's a bug in the driver that only initializes half of the context
+memory on the 5708. Surprisingly, this works most of the time except
+for some occasional netdev watchdogs when sending a lot of 64-byte
+packets. This fix is to add the missing code to initialize the 2nd
+half of the context memory.
+
+Update version to 1.5.8.2.
+
+Signed-off-by: Michael Chan <mchan@broadcom.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/bnx2.c | 25 +++++++++++++++----------
+ 1 file changed, 15 insertions(+), 10 deletions(-)
+
+--- linux-2.6.21.6.orig/drivers/net/bnx2.c
++++ linux-2.6.21.6/drivers/net/bnx2.c
+@@ -54,8 +54,8 @@
+
+ #define DRV_MODULE_NAME "bnx2"
+ #define PFX DRV_MODULE_NAME ": "
+-#define DRV_MODULE_VERSION "1.5.8.1"
+-#define DRV_MODULE_RELDATE "May 7, 2007"
++#define DRV_MODULE_VERSION "1.5.8.2"
++#define DRV_MODULE_RELDATE "June 5, 2007"
+
+ #define RUN_AT(x) (jiffies + (x))
+
+@@ -1550,6 +1550,7 @@ bnx2_init_context(struct bnx2 *bp)
+ vcid = 96;
+ while (vcid) {
+ u32 vcid_addr, pcid_addr, offset;
++ int i;
+
+ vcid--;
+
+@@ -1570,16 +1571,20 @@ bnx2_init_context(struct bnx2 *bp)
+ pcid_addr = vcid_addr;
+ }
+
+- REG_WR(bp, BNX2_CTX_VIRT_ADDR, 0x00);
+- REG_WR(bp, BNX2_CTX_PAGE_TBL, pcid_addr);
++ for (i = 0; i < (CTX_SIZE / PHY_CTX_SIZE); i++) {
++ vcid_addr += (i << PHY_CTX_SHIFT);
++ pcid_addr += (i << PHY_CTX_SHIFT);
++
++ REG_WR(bp, BNX2_CTX_VIRT_ADDR, 0x00);
++ REG_WR(bp, BNX2_CTX_PAGE_TBL, pcid_addr);
++
++ /* Zero out the context. */
++ for (offset = 0; offset < PHY_CTX_SIZE; offset += 4)
++ CTX_WR(bp, 0x00, offset, 0);
+
+- /* Zero out the context. */
+- for (offset = 0; offset < PHY_CTX_SIZE; offset += 4) {
+- CTX_WR(bp, 0x00, offset, 0);
++ REG_WR(bp, BNX2_CTX_VIRT_ADDR, vcid_addr);
++ REG_WR(bp, BNX2_CTX_PAGE_TBL, pcid_addr);
+ }
+-
+- REG_WR(bp, BNX2_CTX_VIRT_ADDR, vcid_addr);
+- REG_WR(bp, BNX2_CTX_PAGE_TBL, pcid_addr);
+ }
+ }
+
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:14 2007
+Message-Id: <20070731042614.512732272@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:10 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ andi@firstfloor.org,
+ johnstul@us.ibm.com,
+ Bernhard Walle <bwalle@suse.de>,
+ Bob Picco <bob.picco@hp.com>,
+ acme@redhat.com,
+ Sripathi Kodi <sripathik@in.ibm.com>,
+ tglx@linutronix.de,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 02/26] sparsemem: fix oops in x86_64 show_mem
+Content-Disposition: inline; filename=fix-show_mem-x86_64-sparsemem.patch
+Content-Length: 1397
+Lines: 39
+
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+We aren't sampling for holes in memory. Thus we encounter a section hole with
+empty section map pointer for SPARSEMEM and OOPs for show_mem. This issue
+has been seen in 2.6.21, current git and current mm. This patch is for
+2.6.21 stable. It was tested against sparsemem.
+
+Previous to commit f0a5a58aa812b31fd9f197c4ba48245942364eae memory_present
+was called for node_start_pfn to node_end_pfn. This would cover the hole(s)
+with reserved pages and valid sections. Most SPARSEMEM supported arches
+do a pfn_valid check in show_mem before computing the page structure address.
+
+This issue was brought to my attention on IRC by Arnaldo Carvalho de Melo at
+acme@redhat.com. Thanks to Arnaldo for testing.
+
+Signed-off-by: Bob Picco <bob.picco@hp.com>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+
+ arch/x86_64/mm/init.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- linux-2.6.21.6.orig/arch/x86_64/mm/init.c
++++ linux-2.6.21.6/arch/x86_64/mm/init.c
+@@ -72,6 +72,8 @@ void show_mem(void)
+
+ for_each_online_pgdat(pgdat) {
+ for (i = 0; i < pgdat->node_spanned_pages; ++i) {
++ if (!pfn_valid(pgdat->node_start_pfn + i))
++ continue;
+ page = pfn_to_page(pgdat->node_start_pfn + i);
+ total++;
+ if (PageReserved(page))
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:14 2007
+Message-Id: <20070731042614.715274024@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:11 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ kuznet@ms2.inr.ac.ru,
+ mingo@elte.hu,
+ Thomas Gleixner <tglx@linutronix.de>,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 03/26] rt-mutex: Fix stale return value
+Content-Disposition: inline; filename=rt-mutex-fix-stale-return-value.patch
+Content-Length: 1365
+Lines: 49
+
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+Alexey Kuznetsov found some problems in the pi-futex code.
+
+The major problem is a stale return value in rt_mutex_slowlock():
+
+When the pi chain walk returns -EDEADLK, but the waiter was woken up
+during the phases where the locks were dropped, the rtmutex could be
+acquired, but due to the stale return value -EDEADLK returned to the
+caller.
+
+Reset the return value in the woken up path.
+
+Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/rtmutex.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+--- linux-2.6.21.6.orig/kernel/rtmutex.c
++++ linux-2.6.21.6/kernel/rtmutex.c
+@@ -659,9 +659,16 @@ rt_mutex_slowlock(struct rt_mutex *lock,
+ * all over without going into schedule to try
+ * to get the lock now:
+ */
+- if (unlikely(!waiter.task))
++ if (unlikely(!waiter.task)) {
++ /*
++ * Reset the return value. We might
++ * have returned with -EDEADLK and the
++ * owner released the lock while we
++ * were walking the pi chain.
++ */
++ ret = 0;
+ continue;
+-
++ }
+ if (unlikely(ret))
+ break;
+ }
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:15 2007
+Message-Id: <20070731042614.915795222@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:12 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ kuznet@ms2.inr.ac.ru,
+ mingo@elte.hu,
+ Thomas Gleixner <tglx@linutronix.de>,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 04/26] rt-mutex: Fix chain walk early wakeup bug
+Content-Disposition: inline; filename=rt-mutex-fix-chain-walk-early-wakeup-bug.patch
+Content-Length: 1325
+Lines: 48
+
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+Alexey Kuznetsov found some problems in the pi-futex code.
+
+One of the root causes is:
+
+When a wakeup happens, we do not to stop the chain walk so we
+we follow a non existing locking chain.
+
+Drop out when this happens.
+
+Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/rtmutex.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+--- linux-2.6.21.6.orig/kernel/rtmutex.c
++++ linux-2.6.21.6/kernel/rtmutex.c
+@@ -212,6 +212,19 @@ static int rt_mutex_adjust_prio_chain(st
+ if (!waiter || !waiter->task)
+ goto out_unlock_pi;
+
++ /*
++ * Check the orig_waiter state. After we dropped the locks,
++ * the previous owner of the lock might have released the lock
++ * and made us the pending owner:
++ */
++ if (orig_waiter && !orig_waiter->task)
++ goto out_unlock_pi;
++
++ /*
++ * Drop out, when the task has no waiters. Note,
++ * top_waiter can be NULL, when we are in the deboosting
++ * mode!
++ */
+ if (top_waiter && (!task_has_pi_waiters(task) ||
+ top_waiter != task_top_pi_waiter(task)))
+ goto out_unlock_pi;
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:15 2007
+Message-Id: <20070731042615.117044698@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:13 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ kuznet@ms2.inr.ac.ru,
+ mingo@elte.hu,
+ Thomas Gleixner <tglx@linutronix.de>,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 05/26] pi-futex: Fix exit races and locking problems
+Content-Disposition: inline; filename=pi-futex-fix-exit-races-and-locking-problems.patch
+Content-Length: 13463
+Lines: 445
+
+
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
+1. New entries can be added to tsk->pi_state_list after task completed
+ exit_pi_state_list(). The result is memory leakage and deadlocks.
+
+2. handle_mm_fault() is called under spinlock. The result is obvious.
+
+3. results in self-inflicted deadlock inside glibc.
+ Sometimes futex_lock_pi returns -ESRCH, when it is not expected
+ and glibc enters to for(;;) sleep() to simulate deadlock. This problem
+ is quite obvious and I think the patch is right. Though it looks like
+ each "if" in futex_lock_pi() got some stupid special case "else if". :-)
+
+4. sometimes futex_lock_pi() returns -EDEADLK,
+ when nobody has the lock. The reason is also obvious (see comment
+ in the patch), but correct fix is far beyond my comprehension.
+ I guess someone already saw this, the chunk:
+
+ if (rt_mutex_trylock(&q.pi_state->pi_mutex))
+ ret = 0;
+
+ is obviously from the same opera. But it does not work, because the
+ rtmutex is really taken at this point: wake_futex_pi() of previous
+ owner reassigned it to us. My fix works. But it looks very stupid.
+ I would think about removal of shift of ownership in wake_futex_pi()
+ and making all the work in context of process taking lock.
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+Fix 1) Avoid the tasklist lock variant of the exit race fix by adding
+ an additional state transition to the exit code.
+
+ This fixes also the issue, when a task with recursive segfaults
+ is not able to release the futexes.
+
+Fix 2) Cleanup the lookup_pi_state() failure path and solve the -ESRCH
+ problem finally.
+
+Fix 3) Solve the fixup_pi_state_owner() problem which needs to do the fixup
+ in the lock protected section by using the in_atomic userspace access
+ functions.
+
+ This removes also the ugly lock drop / unqueue inside of fixup_pi_state()
+
+Fix 4) Fix a stale lock in the error path of futex_wake_pi()
+
+Added some error checks for verification.
+
+The -EDEADLK problem is solved by the rtmutex fixups.
+
+Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/linux/sched.h | 1
+ kernel/exit.c | 22 +++++
+ kernel/futex.c | 191 +++++++++++++++++++++++++++++++++-----------------
+ 3 files changed, 150 insertions(+), 64 deletions(-)
+
+--- linux-2.6.21.6.orig/kernel/futex.c
++++ linux-2.6.21.6/kernel/futex.c
+@@ -396,10 +396,6 @@ static struct task_struct * futex_find_g
+ p = NULL;
+ goto out_unlock;
+ }
+- if (p->exit_state != 0) {
+- p = NULL;
+- goto out_unlock;
+- }
+ get_task_struct(p);
+ out_unlock:
+ rcu_read_unlock();
+@@ -467,7 +463,7 @@ lookup_pi_state(u32 uval, struct futex_h
+ struct futex_q *this, *next;
+ struct list_head *head;
+ struct task_struct *p;
+- pid_t pid;
++ pid_t pid = uval & FUTEX_TID_MASK;
+
+ head = &hb->chain;
+
+@@ -485,6 +481,8 @@ lookup_pi_state(u32 uval, struct futex_h
+ return -EINVAL;
+
+ WARN_ON(!atomic_read(&pi_state->refcount));
++ WARN_ON(pid && pi_state->owner &&
++ pi_state->owner->pid != pid);
+
+ atomic_inc(&pi_state->refcount);
+ me->pi_state = pi_state;
+@@ -495,15 +493,33 @@ lookup_pi_state(u32 uval, struct futex_h
+
+ /*
+ * We are the first waiter - try to look up the real owner and attach
+- * the new pi_state to it, but bail out when the owner died bit is set
+- * and TID = 0:
++ * the new pi_state to it, but bail out when TID = 0
+ */
+- pid = uval & FUTEX_TID_MASK;
+- if (!pid && (uval & FUTEX_OWNER_DIED))
++ if (!pid)
+ return -ESRCH;
+ p = futex_find_get_task(pid);
+- if (!p)
+- return -ESRCH;
++ if (IS_ERR(p))
++ return PTR_ERR(p);
++
++ /*
++ * We need to look at the task state flags to figure out,
++ * whether the task is exiting. To protect against the do_exit
++ * change of the task flags, we do this protected by
++ * p->pi_lock:
++ */
++ spin_lock_irq(&p->pi_lock);
++ if (unlikely(p->flags & PF_EXITING)) {
++ /*
++ * The task is on the way out. When PF_EXITPIDONE is
++ * set, we know that the task has finished the
++ * cleanup:
++ */
++ int ret = (p->flags & PF_EXITPIDONE) ? -ESRCH : -EAGAIN;
++
++ spin_unlock_irq(&p->pi_lock);
++ put_task_struct(p);
++ return ret;
++ }
+
+ pi_state = alloc_pi_state();
+
+@@ -516,7 +532,6 @@ lookup_pi_state(u32 uval, struct futex_h
+ /* Store the key for possible exit cleanups: */
+ pi_state->key = me->key;
+
+- spin_lock_irq(&p->pi_lock);
+ WARN_ON(!list_empty(&pi_state->list));
+ list_add(&pi_state->list, &p->pi_state_list);
+ pi_state->owner = p;
+@@ -583,15 +598,22 @@ static int wake_futex_pi(u32 __user *uad
+ * preserve the owner died bit.)
+ */
+ if (!(uval & FUTEX_OWNER_DIED)) {
++ int ret = 0;
++
+ newval = FUTEX_WAITERS | new_owner->pid;
+
+ pagefault_disable();
+ curval = futex_atomic_cmpxchg_inatomic(uaddr, uval, newval);
+ pagefault_enable();
++
+ if (curval == -EFAULT)
+- return -EFAULT;
++ ret = -EFAULT;
+ if (curval != uval)
+- return -EINVAL;
++ ret = -EINVAL;
++ if (ret) {
++ spin_unlock(&pi_state->pi_mutex.wait_lock);
++ return ret;
++ }
+ }
+
+ spin_lock_irq(&pi_state->owner->pi_lock);
+@@ -1149,6 +1171,7 @@ static int futex_lock_pi(u32 __user *uad
+ if (unlikely(ret != 0))
+ goto out_release_sem;
+
++ retry_unlocked:
+ hb = queue_lock(&q, -1, NULL);
+
+ retry_locked:
+@@ -1200,34 +1223,58 @@ static int futex_lock_pi(u32 __user *uad
+ ret = lookup_pi_state(uval, hb, &q);
+
+ if (unlikely(ret)) {
+- /*
+- * There were no waiters and the owner task lookup
+- * failed. When the OWNER_DIED bit is set, then we
+- * know that this is a robust futex and we actually
+- * take the lock. This is safe as we are protected by
+- * the hash bucket lock. We also set the waiters bit
+- * unconditionally here, to simplify glibc handling of
+- * multiple tasks racing to acquire the lock and
+- * cleanup the problems which were left by the dead
+- * owner.
+- */
+- if (curval & FUTEX_OWNER_DIED) {
+- uval = newval;
+- newval = current->pid |
+- FUTEX_OWNER_DIED | FUTEX_WAITERS;
++ switch (ret) {
+
+- pagefault_disable();
+- curval = futex_atomic_cmpxchg_inatomic(uaddr,
+- uval, newval);
+- pagefault_enable();
++ case -EAGAIN:
++ /*
++ * Task is exiting and we just wait for the
++ * exit to complete.
++ */
++ queue_unlock(&q, hb);
++ up_read(&curr->mm->mmap_sem);
++ cond_resched();
++ goto retry;
+
+- if (unlikely(curval == -EFAULT))
++ case -ESRCH:
++ /*
++ * No owner found for this futex. Check if the
++ * OWNER_DIED bit is set to figure out whether
++ * this is a robust futex or not.
++ */
++ if (get_futex_value_locked(&curval, uaddr))
+ goto uaddr_faulted;
+- if (unlikely(curval != uval))
+- goto retry_locked;
+- ret = 0;
++
++ /*
++ * There were no waiters and the owner task lookup
++ * failed. When the OWNER_DIED bit is set, then we
++ * know that this is a robust futex and we actually
++ * take the lock. This is safe as we are protected by
++ * the hash bucket lock. We also set the waiters bit
++ * unconditionally here, to simplify glibc handling of
++ * multiple tasks racing to acquire the lock and
++ * cleanup the problems which were left by the dead
++ * owner.
++ */
++ if (curval & FUTEX_OWNER_DIED) {
++ uval = newval;
++ newval = current->pid |
++ FUTEX_OWNER_DIED | FUTEX_WAITERS;
++
++ pagefault_disable();
++ curval = futex_atomic_cmpxchg_inatomic(uaddr,
++ uval,
++ newval);
++ pagefault_enable();
++
++ if (unlikely(curval == -EFAULT))
++ goto uaddr_faulted;
++ if (unlikely(curval != uval))
++ goto retry_locked;
++ ret = 0;
++ }
++ default:
++ goto out_unlock_release_sem;
+ }
+- goto out_unlock_release_sem;
+ }
+
+ /*
+@@ -1279,39 +1326,52 @@ static int futex_lock_pi(u32 __user *uad
+ list_add(&q.pi_state->list, ¤t->pi_state_list);
+ spin_unlock_irq(¤t->pi_lock);
+
+- /* Unqueue and drop the lock */
+- unqueue_me_pi(&q, hb);
+- up_read(&curr->mm->mmap_sem);
+ /*
+ * We own it, so we have to replace the pending owner
+- * TID. This must be atomic as we have preserve the
++ * TID. This must be atomic as we have to preserve the
+ * owner died bit here.
+ */
+- ret = get_user(uval, uaddr);
++ ret = get_futex_value_locked(&uval, uaddr);
+ while (!ret) {
+ newval = (uval & FUTEX_OWNER_DIED) | newtid;
++
++ pagefault_disable();
+ curval = futex_atomic_cmpxchg_inatomic(uaddr,
+ uval, newval);
++ pagefault_enable();
++
+ if (curval == -EFAULT)
+ ret = -EFAULT;
+ if (curval == uval)
+ break;
+ uval = curval;
+ }
+- } else {
++ } else if (ret) {
+ /*
+ * Catch the rare case, where the lock was released
+ * when we were on the way back before we locked
+ * the hash bucket.
+ */
+- if (ret && q.pi_state->owner == curr) {
+- if (rt_mutex_trylock(&q.pi_state->pi_mutex))
+- ret = 0;
++ if (q.pi_state->owner == curr &&
++ rt_mutex_trylock(&q.pi_state->pi_mutex)) {
++ ret = 0;
++ } else {
++ /*
++ * Paranoia check. If we did not take the lock
++ * in the trylock above, then we should not be
++ * the owner of the rtmutex, neither the real
++ * nor the pending one:
++ */
++ if (rt_mutex_owner(&q.pi_state->pi_mutex) == curr)
++ printk(KERN_ERR "futex_lock_pi: ret = %d "
++ "pi-mutex: %p pi-state %p\n", ret,
++ q.pi_state->pi_mutex.owner,
++ q.pi_state->owner);
+ }
+- /* Unqueue and drop the lock */
+- unqueue_me_pi(&q, hb);
+- up_read(&curr->mm->mmap_sem);
+ }
++ /* Unqueue and drop the lock */
++ unqueue_me_pi(&q, hb);
++ up_read(&curr->mm->mmap_sem);
+
+ if (!detect && ret == -EDEADLK && 0)
+ force_sig(SIGKILL, current);
+@@ -1331,16 +1391,18 @@ static int futex_lock_pi(u32 __user *uad
+ * non-atomically. Therefore, if get_user below is not
+ * enough, we need to handle the fault ourselves, while
+ * still holding the mmap_sem.
++ *
++ * ... and hb->lock. :-) --ANK
+ */
++ queue_unlock(&q, hb);
++
+ if (attempt++) {
+- if (futex_handle_fault((unsigned long)uaddr, attempt)) {
+- ret = -EFAULT;
+- goto out_unlock_release_sem;
+- }
+- goto retry_locked;
++ ret = futex_handle_fault((unsigned long)uaddr, attempt);
++ if (ret)
++ goto out_release_sem;
++ goto retry_unlocked;
+ }
+
+- queue_unlock(&q, hb);
+ up_read(&curr->mm->mmap_sem);
+
+ ret = get_user(uval, uaddr);
+@@ -1382,9 +1444,9 @@ retry:
+ goto out;
+
+ hb = hash_futex(&key);
++retry_unlocked:
+ spin_lock(&hb->lock);
+
+-retry_locked:
+ /*
+ * To avoid races, try to do the TID -> 0 atomic transition
+ * again. If it succeeds then we can return without waking
+@@ -1446,16 +1508,17 @@ pi_faulted:
+ * non-atomically. Therefore, if get_user below is not
+ * enough, we need to handle the fault ourselves, while
+ * still holding the mmap_sem.
++ *
++ * ... and hb->lock. :-) --ANK
+ */
++ spin_unlock(&hb->lock);
++
+ if (attempt++) {
+- if (futex_handle_fault((unsigned long)uaddr, attempt)) {
+- ret = -EFAULT;
+- goto out_unlock;
+- }
+- goto retry_locked;
++ ret = futex_handle_fault((unsigned long)uaddr, attempt);
++ if (ret)
++ goto out;
++ goto retry_unlocked;
+ }
+-
+- spin_unlock(&hb->lock);
+ up_read(¤t->mm->mmap_sem);
+
+ ret = get_user(uval, uaddr);
+--- linux-2.6.21.6.orig/include/linux/sched.h
++++ linux-2.6.21.6/include/linux/sched.h
+@@ -1138,6 +1138,7 @@ static inline void put_task_struct(struc
+ /* Not implemented yet, only for 486*/
+ #define PF_STARTING 0x00000002 /* being created */
+ #define PF_EXITING 0x00000004 /* getting shut down */
++#define PF_EXITPIDONE 0x00000008 /* pi exit done on shut down */
+ #define PF_FORKNOEXEC 0x00000040 /* forked but didn't exec */
+ #define PF_SUPERPRIV 0x00000100 /* used super-user privileges */
+ #define PF_DUMPCORE 0x00000200 /* dumped core */
+--- linux-2.6.21.6.orig/kernel/exit.c
++++ linux-2.6.21.6/kernel/exit.c
+@@ -884,13 +884,29 @@ fastcall NORET_TYPE void do_exit(long co
+ if (unlikely(tsk->flags & PF_EXITING)) {
+ printk(KERN_ALERT
+ "Fixing recursive fault but reboot is needed!\n");
++ /*
++ * We can do this unlocked here. The futex code uses
++ * this flag just to verify whether the pi state
++ * cleanup has been done or not. In the worst case it
++ * loops once more. We pretend that the cleanup was
++ * done as there is no way to return. Either the
++ * OWNER_DIED bit is set by now or we push the blocked
++ * task into the wait for ever nirwana as well.
++ */
++ tsk->flags |= PF_EXITPIDONE;
+ if (tsk->io_context)
+ exit_io_context();
+ set_current_state(TASK_UNINTERRUPTIBLE);
+ schedule();
+ }
+
++ /*
++ * tsk->flags are checked in the futex code to protect against
++ * an exiting task cleaning up the robust pi futexes.
++ */
++ spin_lock_irq(&tsk->pi_lock);
+ tsk->flags |= PF_EXITING;
++ spin_unlock_irq(&tsk->pi_lock);
+
+ if (unlikely(in_atomic()))
+ printk(KERN_INFO "note: %s[%d] exited with preempt_count %d\n",
+@@ -957,6 +973,12 @@ fastcall NORET_TYPE void do_exit(long co
+ * Make sure we are holding no locks:
+ */
+ debug_check_no_locks_held(tsk);
++ /*
++ * We can do this unlocked here. The futex code uses this flag
++ * just to verify whether the pi state cleanup has been done
++ * or not. In the worst case it loops once more.
++ */
++ tsk->flags |= PF_EXITPIDONE;
+
+ if (tsk->io_context)
+ exit_io_context();
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:15 2007
+Message-Id: <20070731042615.323387988@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:14 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Sergei Shtylyov <sshtylyov@ru.mvista.com>,
+ Geller Sandor <wildy@petra.hos.u-szeged.hu>,
+ Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 06/26] hpt366: disallow Ultra133 for HPT374
+Content-Disposition: inline; filename=hpt366-disallow-ultra133-for-hpt374.patch
+Content-Length: 2064
+Lines: 55
+
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+Eliminate UltraATA/133 support for HPT374 -- the chip isn't capable of this mode
+according to the manual, and doesn't even seem to tolerate 66 MHz DPLL clock...
+
+Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
+Cc: Geller Sandor <wildy@petra.hos.u-szeged.hu>
+Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ drivers/ide/pci/hpt366.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- linux-2.6.21.6.orig/drivers/ide/pci/hpt366.c
++++ linux-2.6.21.6/drivers/ide/pci/hpt366.c
+@@ -1,5 +1,5 @@
+ /*
+- * linux/drivers/ide/pci/hpt366.c Version 1.03 May 4, 2007
++ * linux/drivers/ide/pci/hpt366.c Version 1.04 Jun 4, 2007
+ *
+ * Copyright (C) 1999-2003 Andre Hedrick <andre@linux-ide.org>
+ * Portions Copyright (C) 2001 Sun Microsystems, Inc.
+@@ -106,7 +106,8 @@
+ * switch to calculating PCI clock frequency based on the chip's base DPLL
+ * frequency
+ * - switch to using the DPLL clock and enable UltraATA/133 mode by default on
+- * anything newer than HPT370/A
++ * anything newer than HPT370/A (except HPT374 that is not capable of this
++ * mode according to the manual)
+ * - fold PCI clock detection and DPLL setup code into init_chipset_hpt366(),
+ * also fixing the interchanged 25/40 MHz PCI clock cases for HPT36x chips;
+ * unify HPT36x/37x timing setup code and the speedproc handlers by joining
+@@ -365,7 +366,6 @@ static u32 sixty_six_base_hpt37x[] = {
+ };
+
+ #define HPT366_DEBUG_DRIVE_INFO 0
+-#define HPT374_ALLOW_ATA133_6 1
+ #define HPT371_ALLOW_ATA133_6 1
+ #define HPT302_ALLOW_ATA133_6 1
+ #define HPT372_ALLOW_ATA133_6 1
+@@ -450,7 +450,7 @@ static struct hpt_info hpt370a __devinit
+
+ static struct hpt_info hpt374 __devinitdata = {
+ .chip_type = HPT374,
+- .max_mode = HPT374_ALLOW_ATA133_6 ? 4 : 3,
++ .max_mode = 3,
+ .dpll_clk = 48,
+ .settings = hpt37x_settings
+ };
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:15 2007
+Message-Id: <20070731042615.540263733@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:15 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ Andrew Morton <akpm@linux-foundation.org>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ linux-raid@vger.kernel.org,
+ neilb@suse.de,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 07/26] md: Fix two raid10 bugs.
+Content-Disposition: inline; filename=md-fix-two-raid10-bugs.patch
+Content-Length: 1406
+Lines: 44
+
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+1/ When resyncing a degraded raid10 which has more than 2 copies of each block,
+ garbage can get synced on top of good data.
+
+2/ We round the wrong way in part of the device size calculation, which
+ can cause confusion.
+
+Signed-off-by: Neil Brown <neilb@suse.de>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+
+ drivers/md/raid10.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff .prev/drivers/md/raid10.c ./drivers/md/raid10.c
+--- linux-2.6.21.6.orig/drivers/md/raid10.c
++++ linux-2.6.21.6/drivers/md/raid10.c
+@@ -1867,6 +1867,7 @@ static sector_t sync_request(mddev_t *md
+ int d = r10_bio->devs[i].devnum;
+ bio = r10_bio->devs[i].bio;
+ bio->bi_end_io = NULL;
++ clear_bit(BIO_UPTODATE, &bio->bi_flags);
+ if (conf->mirrors[d].rdev == NULL ||
+ test_bit(Faulty, &conf->mirrors[d].rdev->flags))
+ continue;
+@@ -2037,6 +2038,11 @@ static int run(mddev_t *mddev)
+ /* 'size' is now the number of chunks in the array */
+ /* calculate "used chunks per device" in 'stride' */
+ stride = size * conf->copies;
++
++ /* We need to round up when dividing by raid_disks to
++ * get the stride size.
++ */
++ stride += conf->raid_disks - 1;
+ sector_div(stride, conf->raid_disks);
+ mddev->size = stride << (conf->chunk_shift-1);
+
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:15 2007
+Message-Id: <20070731042615.731652664@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:16 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ Andrew Morton <akpm@linux-foundation.org>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ linux-raid@vger.kernel.org,
+ neilb@suse.de,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 08/26] md: Fix bug in error handling during raid1 repair.
+Content-Disposition: inline; filename=md-fix-bug-in-error-handling-during-raid1-repair.patch
+Content-Length: 1906
+Lines: 57
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Mike Accetta <maccetta@laurelnetworks.com>
+
+If raid1/repair (which reads all block and fixes any differences
+it finds) hits a read error, it doesn't reset the bio for writing
+before writing correct data back, so the read error isn't fixed,
+and the device probably gets a zero-length write which it might
+complain about.
+
+Signed-off-by: Neil Brown <neilb@suse.de>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+
+ drivers/md/raid1.c | 21 ++++++++++++++-------
+ 1 file changed, 14 insertions(+), 7 deletions(-)
+
+diff .prev/drivers/md/raid1.c ./drivers/md/raid1.c
+--- linux-2.6.21.6.orig/drivers/md/raid1.c
++++ linux-2.6.21.6/drivers/md/raid1.c
+@@ -1240,17 +1240,24 @@ static void sync_request_write(mddev_t *
+ }
+ r1_bio->read_disk = primary;
+ for (i=0; i<mddev->raid_disks; i++)
+- if (r1_bio->bios[i]->bi_end_io == end_sync_read &&
+- test_bit(BIO_UPTODATE, &r1_bio->bios[i]->bi_flags)) {
++ if (r1_bio->bios[i]->bi_end_io == end_sync_read) {
+ int j;
+ int vcnt = r1_bio->sectors >> (PAGE_SHIFT- 9);
+ struct bio *pbio = r1_bio->bios[primary];
+ struct bio *sbio = r1_bio->bios[i];
+- for (j = vcnt; j-- ; )
+- if (memcmp(page_address(pbio->bi_io_vec[j].bv_page),
+- page_address(sbio->bi_io_vec[j].bv_page),
+- PAGE_SIZE))
+- break;
++
++ if (test_bit(BIO_UPTODATE, &sbio->bi_flags)) {
++ for (j = vcnt; j-- ; ) {
++ struct page *p, *s;
++ p = pbio->bi_io_vec[j].bv_page;
++ s = sbio->bi_io_vec[j].bv_page;
++ if (memcmp(page_address(p),
++ page_address(s),
++ PAGE_SIZE))
++ break;
++ }
++ } else
++ j = 0;
+ if (j >= 0)
+ mddev->resync_mismatches += r1_bio->sectors;
+ if (j < 0 || test_bit(MD_RECOVERY_CHECK, &mddev->recovery)) {
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:16 2007
+Message-Id: <20070731042615.932098779@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:17 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ agk@redhat.com,
+ Milan Broz <mbroz@redhat.com>,
+ Jens Axboe <jens.axboe@oracle.com>,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 09/26] dm crypt: disable barriers
+Content-Disposition: inline; filename=dm-crypt-disable-barriers.patch
+Content-Length: 1235
+Lines: 39
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Milan Broz <mbroz@redhat.com>
+
+Disable barriers in dm-crypt because of current workqueue processing can
+reorder requests.
+
+This must be addresed later but for now disabling barriers is needed to
+prevent data corruption.
+
+Signed-off-by: Milan Broz <mbroz@redhat.com>
+Signed-off-by: Alasdair G Kergon <agk@redhat.com>
+Cc: Jens Axboe <jens.axboe@oracle.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9c89f8be1a7d14aad9d2c3f7d90d7d88f82c61e2
+
+ drivers/md/dm-crypt.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- linux-2.6.21.6.orig/drivers/md/dm-crypt.c
++++ linux-2.6.21.6/drivers/md/dm-crypt.c
+@@ -954,6 +954,9 @@ static int crypt_map(struct dm_target *t
+ struct crypt_config *cc = ti->private;
+ struct crypt_io *io;
+
++ if (bio_barrier(bio))
++ return -EOPNOTSUPP;
++
+ io = mempool_alloc(cc->io_pool, GFP_NOIO);
+ io->target = ti;
+ io->base_bio = bio;
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:16 2007
+Message-Id: <20070731042616.133366065@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:18 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ agk@redhat.com,
+ Olaf Kirch <olaf.kirch@oracle.com>,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 10/26] dm crypt: fix call to clone_init
+Content-Disposition: inline; filename=dm-crypt-fix-call-to-clone_init.patch
+Content-Length: 3043
+Lines: 91
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Olaf Kirch <olaf.kirch@oracle.com>
+
+Call clone_init early
+
+We need to call clone_init as early as possible - at least before call
+bio_put(clone) in any error path. Otherwise, the destructor will try to
+dereference bi_private, which may still be NULL.
+
+Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com>
+Signed-off-by: Alasdair G Kergon <agk@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=027581f3515b5ec2218847dab578afa439a9d6b9
+
+ drivers/md/dm-crypt.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+--- linux-2.6.21.6.orig/drivers/md/dm-crypt.c
++++ linux-2.6.21.6/drivers/md/dm-crypt.c
+@@ -107,6 +107,8 @@ struct crypt_config {
+
+ static struct kmem_cache *_crypt_io_pool;
+
++static void clone_init(struct crypt_io *, struct bio *);
++
+ /*
+ * Different IV generation algorithms:
+ *
+@@ -379,9 +381,10 @@ static int crypt_convert(struct crypt_co
+ * May return a smaller bio when running out of pages
+ */
+ static struct bio *
+-crypt_alloc_buffer(struct crypt_config *cc, unsigned int size,
++crypt_alloc_buffer(struct crypt_io *io, unsigned int size,
+ struct bio *base_bio, unsigned int *bio_vec_idx)
+ {
++ struct crypt_config *cc = io->target->private;
+ struct bio *clone;
+ unsigned int nr_iovecs = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
+ gfp_t gfp_mask = GFP_NOIO | __GFP_HIGHMEM;
+@@ -396,7 +399,7 @@ crypt_alloc_buffer(struct crypt_config *
+ if (!clone)
+ return NULL;
+
+- clone->bi_destructor = dm_crypt_bio_destructor;
++ clone_init(io, clone);
+
+ /* if the last bio was not complete, continue where that one ended */
+ clone->bi_idx = *bio_vec_idx;
+@@ -562,6 +565,7 @@ static void clone_init(struct crypt_io *
+ clone->bi_end_io = crypt_endio;
+ clone->bi_bdev = cc->dev->bdev;
+ clone->bi_rw = io->base_bio->bi_rw;
++ clone->bi_destructor = dm_crypt_bio_destructor;
+ }
+
+ static void process_read(struct crypt_io *io)
+@@ -585,7 +589,6 @@ static void process_read(struct crypt_io
+ }
+
+ clone_init(io, clone);
+- clone->bi_destructor = dm_crypt_bio_destructor;
+ clone->bi_idx = 0;
+ clone->bi_vcnt = bio_segments(base_bio);
+ clone->bi_size = base_bio->bi_size;
+@@ -615,7 +618,7 @@ static void process_write(struct crypt_i
+ * so repeat the whole process until all the data can be handled.
+ */
+ while (remaining) {
+- clone = crypt_alloc_buffer(cc, base_bio->bi_size,
++ clone = crypt_alloc_buffer(io, base_bio->bi_size,
+ io->first_clone, &bvec_idx);
+ if (unlikely(!clone)) {
+ dec_pending(io, -ENOMEM);
+@@ -631,7 +634,6 @@ static void process_write(struct crypt_i
+ return;
+ }
+
+- clone_init(io, clone);
+ clone->bi_sector = cc->start + sector;
+
+ if (!io->first_clone) {
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:16 2007
+Message-Id: <20070731042616.535754101@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:20 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ agk@redhat.com,
+ Olaf Kirch <olaf.kirch@oracle.com>,
+ Jens Axboe <jens.axboe@oracle.com>,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 12/26] dm crypt: fix remove first_clone
+Content-Disposition: inline; filename=dm-crypt-fix-remove-first_clone.patch
+Content-Length: 3799
+Lines: 116
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Olaf Kirch <olaf.kirch@oracle.com>
+
+Get rid of first_clone in dm-crypt
+
+This gets rid of first_clone, which is not really needed. Apparently, cloned
+bios used to share their bvec some time way in the past - this is no longer
+the case. Contrarily, this even hurts us if we try to create a clone off
+first_clone after it has completed, and crypt_endio has destroyed its bvec.
+
+Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com>
+Signed-off-by: Alasdair G Kergon <agk@redhat.com>
+Cc: Jens Axboe <jens.axboe@oracle.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2f9941b6c55d70103c1bc3f2c7676acd9f20bf8a
+
+ drivers/md/dm-crypt.c | 34 ++++++----------------------------
+ 1 file changed, 6 insertions(+), 28 deletions(-)
+
+--- linux-2.6.21.6.orig/drivers/md/dm-crypt.c
++++ linux-2.6.21.6/drivers/md/dm-crypt.c
+@@ -33,7 +33,6 @@
+ struct crypt_io {
+ struct dm_target *target;
+ struct bio *base_bio;
+- struct bio *first_clone;
+ struct work_struct work;
+ atomic_t pending;
+ int error;
+@@ -380,9 +379,8 @@ static int crypt_convert(struct crypt_co
+ * This should never violate the device limitations
+ * May return a smaller bio when running out of pages
+ */
+-static struct bio *
+-crypt_alloc_buffer(struct crypt_io *io, unsigned int size,
+- struct bio *base_bio, unsigned int *bio_vec_idx)
++static struct bio *crypt_alloc_buffer(struct crypt_io *io, unsigned int size,
++ unsigned int *bio_vec_idx)
+ {
+ struct crypt_config *cc = io->target->private;
+ struct bio *clone;
+@@ -390,12 +388,7 @@ crypt_alloc_buffer(struct crypt_io *io,
+ gfp_t gfp_mask = GFP_NOIO | __GFP_HIGHMEM;
+ unsigned int i;
+
+- if (base_bio) {
+- clone = bio_alloc_bioset(GFP_NOIO, base_bio->bi_max_vecs, cc->bs);
+- __bio_clone(clone, base_bio);
+- } else
+- clone = bio_alloc_bioset(GFP_NOIO, nr_iovecs, cc->bs);
+-
++ clone = bio_alloc_bioset(GFP_NOIO, nr_iovecs, cc->bs);
+ if (!clone)
+ return NULL;
+
+@@ -498,9 +491,6 @@ static void dec_pending(struct crypt_io
+ if (!atomic_dec_and_test(&io->pending))
+ return;
+
+- if (io->first_clone)
+- bio_put(io->first_clone);
+-
+ bio_endio(io->base_bio, io->base_bio->bi_size, io->error);
+
+ mempool_free(io, cc->io_pool);
+@@ -618,8 +608,7 @@ static void process_write(struct crypt_i
+ * so repeat the whole process until all the data can be handled.
+ */
+ while (remaining) {
+- clone = crypt_alloc_buffer(io, base_bio->bi_size,
+- io->first_clone, &bvec_idx);
++ clone = crypt_alloc_buffer(io, base_bio->bi_size, &bvec_idx);
+ if (unlikely(!clone)) {
+ dec_pending(io, -ENOMEM);
+ return;
+@@ -635,21 +624,11 @@ static void process_write(struct crypt_i
+ }
+
+ clone->bi_sector = cc->start + sector;
+-
+- if (!io->first_clone) {
+- /*
+- * hold a reference to the first clone, because it
+- * holds the bio_vec array and that can't be freed
+- * before all other clones are released
+- */
+- bio_get(clone);
+- io->first_clone = clone;
+- }
+-
+ remaining -= clone->bi_size;
+ sector += bio_sectors(clone);
+
+- /* prevent bio_put of first_clone */
++ /* Grab another reference to the io struct
++ * before we kick off the request */
+ if (remaining)
+ atomic_inc(&io->pending);
+
+@@ -965,7 +944,6 @@ static int crypt_map(struct dm_target *t
+ io = mempool_alloc(cc->io_pool, GFP_NOIO);
+ io->target = ti;
+ io->base_bio = bio;
+- io->first_clone = NULL;
+ io->error = io->post_process = 0;
+ atomic_set(&io->pending, 0);
+ kcryptd_queue_io(io);
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:16 2007
+Message-Id: <20070731042616.748892566@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:21 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ dean@arctic.org,
+ ak@suse.de,
+ agl@us.ibm.com,
+ bill.irwin@oracle.com,
+ clameter@sgi.com,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 13/26] hugetlb: fix get_policy for stacked shared memory files
+Content-Disposition: inline; filename=hugetlb-fix-get_policy-for-stacked-shared-memory-files.patch
+Content-Length: 1636
+Lines: 56
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Adam Litke <agl@us.ibm.com>
+
+Here's another breakage as a result of shared memory stacked files :(
+
+The NUMA policy for a VMA is determined by checking the following (in the
+order given):
+
+1) vma->vm_ops->get_policy() (if defined)
+2) vma->vm_policy (if defined)
+3) task->mempolicy (if defined)
+4) Fall back to default_policy
+
+By switching to stacked files for shared memory, get_policy() is now always
+set to shm_get_policy which is a wrapper function. This causes us to stop
+at step 1, which yields NULL for hugetlb instead of task->mempolicy which
+was the previous (and correct) result.
+
+This patch modifies the shm_get_policy() wrapper to maintain steps 1-3 for
+the wrapped vm_ops.
+
+(akpm: the refcounting of mempolicies is busted and this patch does nothing to
+improve it)
+
+Signed-off-by: Adam Litke <agl@us.ibm.com>
+Acked-by: William Irwin <bill.irwin@oracle.com>
+Cc: dean gaudet <dean@arctic.org>
+Cc: Christoph Lameter <clameter@sgi.com>
+Cc: Andi Kleen <ak@suse.de>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+
+ ipc/shm.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- linux-2.6.21.6.orig/ipc/shm.c
++++ linux-2.6.21.6/ipc/shm.c
+@@ -254,8 +254,10 @@ struct mempolicy *shm_get_policy(struct
+
+ if (sfd->vm_ops->get_policy)
+ pol = sfd->vm_ops->get_policy(vma, addr);
+- else
++ else if (vma->vm_policy)
+ pol = vma->vm_policy;
++ else
++ pol = current->mempolicy;
+ return pol;
+ }
+ #endif
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:17 2007
+Message-Id: <20070731042616.939910618@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:22 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ alan@lxorguk.ukuu.org.uk,
+ gregkh@suse.de,
+ vatsa@linux.vnet.ibm.com,
+ chrisw@sous-sol.org,
+ paulmck@linux.vnet.ibm.com,
+ clameter@sgi.com,
+ Ingo Molnar <mingo@elte.hu>
+Subject: [patch 14/26] sched: fix next_interval determination in idle_balance()
+Content-Disposition: inline; filename=sched-fix-next_interval-determination-in-idle_balance.patch
+Content-Length: 2301
+Lines: 72
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Christoph Lameter <clameter@sgi.com>
+
+Fix massive SMP imbalance on NUMA nodes observed on 2.6.21.5 with CFS.
+(and later on reproduced without CFS as well).
+
+The intervals of domains that do not have SD_BALANCE_NEWIDLE must be
+considered for the calculation of the time of the next balance.
+Otherwise we may defer rebalancing forever and nodes might stay idle for
+very long times.
+
+Siddha also spotted that the conversion of the balance interval to
+jiffies is missing. Fix that to.
+
+From: Srivatsa Vaddagiri <vatsa@linux.vnet.ibm.com>
+
+also continue the loop if !(sd->flags & SD_LOAD_BALANCE).
+
+Tested-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+
+It did in fact trigger under all three of mainline, CFS, and -rt
+including CFS -- see below for a couple of emails from last Friday
+giving results for these three on the AMD box (where it happened) and on
+a single-quad NUMA-Q system (where it did not, at least not with such
+severity).
+
+Signed-off-by: Christoph Lameter <clameter@sgi.com>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ kernel/sched.c | 22 +++++++++++++---------
+ 1 file changed, 13 insertions(+), 9 deletions(-)
+
+--- linux-2.6.21.6.orig/kernel/sched.c
++++ linux-2.6.21.6/kernel/sched.c
+@@ -2831,17 +2831,21 @@ static void idle_balance(int this_cpu, s
+ unsigned long next_balance = jiffies + 60 * HZ;
+
+ for_each_domain(this_cpu, sd) {
+- if (sd->flags & SD_BALANCE_NEWIDLE) {
++ unsigned long interval;
++
++ if (!(sd->flags & SD_LOAD_BALANCE))
++ continue;
++
++ if (sd->flags & SD_BALANCE_NEWIDLE)
+ /* If we've pulled tasks over stop searching: */
+ pulled_task = load_balance_newidle(this_cpu,
+- this_rq, sd);
+- if (time_after(next_balance,
+- sd->last_balance + sd->balance_interval))
+- next_balance = sd->last_balance
+- + sd->balance_interval;
+- if (pulled_task)
+- break;
+- }
++ this_rq, sd);
++
++ interval = msecs_to_jiffies(sd->balance_interval);
++ if (time_after(next_balance, sd->last_balance + interval))
++ next_balance = sd->last_balance + interval;
++ if (pulled_task)
++ break;
+ }
+ if (!pulled_task)
+ /*
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:17 2007
+Message-Id: <20070731042617.140632901@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:23 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ mingo@elte.hu,
+ drepper@redhat.com,
+ jan.kiszka@web.de,
+ Thomas Gleixner <tglx@linutronix.de>,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 15/26] posix-timers: Prevent softirq starvation by small intervals and SIG_IGN
+Content-Disposition: inline; filename=posix-timers-prevent-softirq-starvation-by-small-intervals-and-sig_ign.patch
+Content-Length: 3783
+Lines: 98
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+posix-timers which deliver an ignored signal are currently rearmed in
+the timer softirq: This is necessary because the timer needs to be
+delivered again when SIG_IGN is removed. This is not a problem, when
+the interval is reasonable.
+
+With high resolution timers enabled one might arm a posix timer with a
+very small interval and ignore the signal. This might lead to a
+softirq starvation when the interval is so small that the timer is
+requeued onto the softirq pending list right away.
+
+This problem was pointed out by Jan Kiszka. Thanks Jan !
+
+The correct solution would be to stop the timer, when the signal is
+ignored and rearm it when SIG_IGN is removed. Unfortunately this
+requires modification in sigaction and involves non trivial sighand
+locking. It's too late in the release cycle for such a change.
+
+For now we just keep the timer running and enforce that the timer only
+fires every jiffie. This does not break anything as we keep the
+overrun counter correct. It adds a little inaccuracy to the
+timer_gettime() interface, but...
+
+The more complex change is necessary anyway to fix another short
+coming of the current implementation, which I discovered while looking
+at this problem: A pending signal is discarded when SIG_IGN is set. In
+case that a posixtimer signal is pending then it is discarded as well,
+but when SIG_IGN is removed later nothing rearms the timer. This is
+not new, it's that way since posix timers have been merged. So nothing
+to worry about right now.
+
+I have a working solution to fix all of this, but the impact is too
+large for both stable and 2.6.22. I'm going to send it out for review
+in the next days.
+
+This should go into 2.6.21.stable as well.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Ingo Molnar <mingo@elte.hu>
+Cc: Jan Kiszka <jan.kiszka@web.de>
+Cc: Ulrich Drepper <drepper@redhat.com>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/posix-timers.c | 35 +++++++++++++++++++++++++++++++++--
+ 1 file changed, 33 insertions(+), 2 deletions(-)
+
+--- linux-2.6.21.6.orig/kernel/posix-timers.c
++++ linux-2.6.21.6/kernel/posix-timers.c
+@@ -354,9 +354,40 @@ static enum hrtimer_restart posix_timer_
+ * it should be restarted.
+ */
+ if (timr->it.real.interval.tv64 != 0) {
++ ktime_t now = hrtimer_cb_get_time(timer);
++
++ /*
++ * FIXME: What we really want, is to stop this
++ * timer completely and restart it in case the
++ * SIG_IGN is removed. This is a non trivial
++ * change which involves sighand locking
++ * (sigh !), which we don't want to do late in
++ * the release cycle.
++ *
++ * For now we just let timers with an interval
++ * less than a jiffie expire every jiffie to
++ * avoid softirq starvation in case of SIG_IGN
++ * and a very small interval, which would put
++ * the timer right back on the softirq pending
++ * list. By moving now ahead of time we trick
++ * hrtimer_forward() to expire the timer
++ * later, while we still maintain the overrun
++ * accuracy, but have some inconsistency in
++ * the timer_gettime() case. This is at least
++ * better than a starved softirq. A more
++ * complex fix which solves also another related
++ * inconsistency is already in the pipeline.
++ */
++#ifdef CONFIG_HIGH_RES_TIMERS
++ {
++ ktime_t kj = ktime_set(0, NSEC_PER_SEC / HZ);
++
++ if (timr->it.real.interval.tv64 < kj.tv64)
++ now = ktime_add(now, kj);
++ }
++#endif
+ timr->it_overrun +=
+- hrtimer_forward(timer,
+- hrtimer_cb_get_time(timer),
++ hrtimer_forward(timer, now,
+ timr->it.real.interval);
+ ret = HRTIMER_RESTART;
+ ++timr->it_requeue_pending;
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:17 2007
+Message-Id: <20070731042617.352284361@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:24 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@osdl.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ akpm@osdl.org,
+ drepper@redhat.com,
+ mingo@elte.hu,
+ Thomas Gleixner <tglx@linutronix.de>,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 16/26] FUTEX: Restore the dropped ERSCH fix
+Content-Disposition: inline; filename=futex-restore-the-dropped-ersch-fix.patch
+Content-Length: 1221
+Lines: 46
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+The return value of futex_find_get_task() needs to be -ESRCH in case
+that the search fails. This was part of the original futex fixes and
+got accidentally dropped, when the futex-tidy-up patch was split out.
+
+Results in a NULL pointer dereference in case the search fails.
+
+Restore it.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Ingo Molnar <mingo@elte.hu>
+Cc: Ulrich Drepper <drepper@redhat.com>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ kernel/futex.c | 14 ++++++--------
+ 1 file changed, 6 insertions(+), 8 deletions(-)
+
+--- linux-2.6.21.6.orig/kernel/futex.c
++++ linux-2.6.21.6/kernel/futex.c
+@@ -390,14 +390,12 @@ static struct task_struct * futex_find_g
+
+ rcu_read_lock();
+ p = find_task_by_pid(pid);
+- if (!p)
+- goto out_unlock;
+- if ((current->euid != p->euid) && (current->euid != p->uid)) {
+- p = NULL;
+- goto out_unlock;
+- }
+- get_task_struct(p);
+-out_unlock:
++
++ if (!p || ((current->euid != p->euid) && (current->euid != p->uid)))
++ p = ERR_PTR(-ESRCH);
++ else
++ get_task_struct(p);
++
+ rcu_read_unlock();
+
+ return p;
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:17 2007
+Message-Id: <20070731042617.548736165@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:25 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ tonyj@suse.de,
+ viro@zeniv.linux.org.uk,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 17/26] audit: fix oops removing watch if audit disabled
+Content-Disposition: inline; filename=audit-fix-oops-removing-watch-if-audit-disabled.patch
+Content-Length: 1112
+Lines: 38
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Tony Jones <tonyj@suse.de>
+
+Removing a watched file will oops if audit is disabled (auditctl -e 0).
+
+To reproduce:
+- auditctl -e 1
+- touch /tmp/foo
+- auditctl -w /tmp/foo
+- auditctl -e 0
+- rm /tmp/foo (or mv)
+
+Signed-off-by: Tony Jones <tonyj@suse.de>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+
+ kernel/auditfilter.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- linux-2.6.21.6.orig/kernel/auditfilter.c
++++ linux-2.6.21.6/kernel/auditfilter.c
+@@ -905,7 +905,7 @@ static void audit_update_watch(struct au
+
+ /* If the update involves invalidating rules, do the inode-based
+ * filtering now, so we don't omit records. */
+- if (invalidating &&
++ if (invalidating && current->audit_context &&
+ audit_filter_inodes(current, current->audit_context) == AUDIT_RECORD_CONTEXT)
+ audit_set_auditable(current->audit_context);
+
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:17 2007
+Message-Id: <20070731042617.761392279@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:26 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Paul Mackerras <paulus@samba.org>,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 18/26] POWERPC: Fix subtle FP state corruption bug in signal return on SMP
+Content-Disposition: inline; filename=powerpc-fix-subtle-fp-state-corruption-bug-in-signal-return-on-smp.patch
+Content-Length: 2043
+Lines: 55
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+This fixes a bug which can cause corruption of the floating-point state
+on return from a signal handler. If we have a signal handler that has
+used the floating-point registers, and it happens to context-switch to
+another task while copying the interrupted floating-point state from the
+user stack into the thread struct (e.g. because of a page fault, or
+because it gets preempted), the context switch code will think that the
+FP registers contain valid FP state that needs to be copied into the
+thread_struct, and will thus overwrite the values that the signal return
+code has put into the thread_struct.
+
+This can occur because we clear the MSR bits that indicate the presence
+of valid FP state after copying the state into the thread_struct. To fix
+this we just move the clearing of the MSR bits to before the copy. A
+similar potential problem also occurs with the Altivec state, and this
+fixes that in the same way.
+
+Signed-off-by: Paul Mackerras <paulus@samba.org>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ arch/powerpc/kernel/signal_64.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+--- linux-2.6.21.6.orig/arch/powerpc/kernel/signal_64.c
++++ linux-2.6.21.6/arch/powerpc/kernel/signal_64.c
+@@ -177,6 +177,13 @@ static long restore_sigcontext(struct pt
+ */
+ discard_lazy_cpu_state();
+
++ /*
++ * Force reload of FP/VEC.
++ * This has to be done before copying stuff into current->thread.fpr/vr
++ * for the reasons explained in the previous comment.
++ */
++ regs->msr &= ~(MSR_FP | MSR_FE0 | MSR_FE1 | MSR_VEC);
++
+ err |= __copy_from_user(¤t->thread.fpr, &sc->fp_regs, FP_REGS_SIZE);
+
+ #ifdef CONFIG_ALTIVEC
+@@ -198,9 +205,6 @@ static long restore_sigcontext(struct pt
+ current->thread.vrsave = 0;
+ #endif /* CONFIG_ALTIVEC */
+
+- /* Force reload of FP/VEC */
+- regs->msr &= ~(MSR_FP | MSR_FE0 | MSR_FE1 | MSR_VEC);
+-
+ return err;
+ }
+
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:18 2007
+Message-Id: <20070731042617.951156609@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:27 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ npiggin@suse.de,
+ petr@vmware.com,
+ andrea@suse.de,
+ hugh@veritas.com,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 19/26] mm: kill validate_anon_vma to avoid mapcount BUG
+Content-Disposition: inline; filename=mm-kill-validate_anon_vma-to-avoid-mapcount-bug.patch
+Content-Length: 2853
+Lines: 91
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Hugh Dickins <hugh@veritas.com>
+
+validate_anon_vma gave a useful check on the integrity of the anon_vma list
+when Andrea was developing obj rmap; but it was not enabled in SLES9
+itself, nor in mainline, until Nick changed commented-out RMAP_DEBUG to
+configurable CONFIG_DEBUG_VM in 2.6.17. Now Petr Vandrovec reports that
+its BUG_ON(mapcount > 100000) can easily crash a CONFIG_DEBUG_VM=y system.
+
+That limit was just an arbitrary number to protect against an infinite
+loop. We could raise it to something enormous (depending on sizeof struct
+vma and size of memory?); but I rather think validate_anon_vma has outlived
+its usefulness, and is better just removed - which gives a magnificent
+performance boost to anything like Petr's test program ;)
+
+Of course, a very long anon_vma list is bad news for preemption latency,
+and I believe there has been one recent report of such: let's not forget
+that, but validate_anon_vma only makes it worse not better.
+
+Signed-off-by: Hugh Dickins <hugh@veritas.com>
+Cc: Petr Vandrovec <petr@vmware.com>
+Acked-by: Nick Piggin <npiggin@suse.de>
+Cc: Andrea Arcangeli <andrea@suse.de>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+
+ mm/rmap.c | 24 +-----------------------
+ 1 file changed, 1 insertion(+), 23 deletions(-)
+
+--- linux-2.6.21.6.orig/mm/rmap.c
++++ linux-2.6.21.6/mm/rmap.c
+@@ -53,24 +53,6 @@
+
+ struct kmem_cache *anon_vma_cachep;
+
+-static inline void validate_anon_vma(struct vm_area_struct *find_vma)
+-{
+-#ifdef CONFIG_DEBUG_VM
+- struct anon_vma *anon_vma = find_vma->anon_vma;
+- struct vm_area_struct *vma;
+- unsigned int mapcount = 0;
+- int found = 0;
+-
+- list_for_each_entry(vma, &anon_vma->head, anon_vma_node) {
+- mapcount++;
+- BUG_ON(mapcount > 100000);
+- if (vma == find_vma)
+- found = 1;
+- }
+- BUG_ON(!found);
+-#endif
+-}
+-
+ /* This must be called under the mmap_sem. */
+ int anon_vma_prepare(struct vm_area_struct *vma)
+ {
+@@ -121,10 +103,8 @@ void __anon_vma_link(struct vm_area_stru
+ {
+ struct anon_vma *anon_vma = vma->anon_vma;
+
+- if (anon_vma) {
++ if (anon_vma)
+ list_add_tail(&vma->anon_vma_node, &anon_vma->head);
+- validate_anon_vma(vma);
+- }
+ }
+
+ void anon_vma_link(struct vm_area_struct *vma)
+@@ -134,7 +114,6 @@ void anon_vma_link(struct vm_area_struct
+ if (anon_vma) {
+ spin_lock(&anon_vma->lock);
+ list_add_tail(&vma->anon_vma_node, &anon_vma->head);
+- validate_anon_vma(vma);
+ spin_unlock(&anon_vma->lock);
+ }
+ }
+@@ -148,7 +127,6 @@ void anon_vma_unlink(struct vm_area_stru
+ return;
+
+ spin_lock(&anon_vma->lock);
+- validate_anon_vma(vma);
+ list_del(&vma->anon_vma_node);
+
+ /* We must garbage collect the anon_vma if it's empty */
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:18 2007
+Message-Id: <20070731042618.152647051@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:28 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ jeffm@suse.com,
+ mchehab@infradead.org,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 20/26] saa7134: fix thread shutdown handling
+Content-Disposition: inline; filename=saa7134-fix-thread-shutdown-handling.patch
+Content-Length: 1558
+Lines: 42
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Jeff Mahoney <jeffm@suse.com>
+
+This patch changes the test for the thread pid from >= 0 to > 0.
+
+When the saa8134 driver initialization fails after a certain point, it goes
+through the complete shutdown process for the driver. Part of shutting it
+down includes tearing down the thread for tv audio.
+
+The test for tearing down the thread tests for >= 0. Since the dev
+structure is kzalloc'd, the test will always be true if we haven't tried to
+start the thread yet. We end up waiting on pid 0 to complete, which will
+never happen, so we lock up.
+
+This bug was observed in Novell Bugzilla 284718, when request_irq() failed.
+
+Signed-off-by: Jeff Mahoney <jeffm@suse.com>
+Acked-by: Mauro Carvalho Chehab <mchehab@infradead.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+
+ drivers/media/video/saa7134/saa7134-tvaudio.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- linux-2.6.21.6.orig/drivers/media/video/saa7134/saa7134-tvaudio.c
++++ linux-2.6.21.6/drivers/media/video/saa7134/saa7134-tvaudio.c
+@@ -1006,7 +1006,7 @@ int saa7134_tvaudio_init2(struct saa7134
+ int saa7134_tvaudio_fini(struct saa7134_dev *dev)
+ {
+ /* shutdown tvaudio thread */
+- if (dev->thread.pid >= 0) {
++ if (dev->thread.pid > 0) {
+ dev->thread.shutdown = 1;
+ wake_up_interruptible(&dev->thread.wq);
+ wait_for_completion(&dev->thread.exit);
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:18 2007
+Message-Id: <20070731042618.353275881@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:29 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ mgreer@mvista.com,
+ jaylubo@motorola.com,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 21/26] serial: clear proper MPSC interrupt cause bits
+Content-Disposition: inline; filename=serial-clear-proper-mpsc-interrupt-cause-bits.patch
+Content-Length: 1288
+Lines: 39
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Jay Lubomirski <jaylubo@motorola.com>
+
+The interrupt clearing code in mpsc_sdma_intr_ack() mistakenly clears the
+interrupt for both controllers instead of just the one its supposed to.
+This can result in the other controller appearing to hang because its
+interrupt was effectively lost.
+
+So, don't clear the interrupt cause bits for both MPSC controllers when
+clearing the interrupt for one of them. Just clear the one that is
+supposed to be cleared.
+
+Signed-off-by: Jay Lubomirski <jaylubo@motorola.com>
+Acked-by: Mark A. Greer <mgreer@mvista.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+
+ drivers/serial/mpsc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- linux-2.6.21.6.orig/drivers/serial/mpsc.c
++++ linux-2.6.21.6/drivers/serial/mpsc.c
+@@ -502,7 +502,8 @@ mpsc_sdma_intr_ack(struct mpsc_port_info
+
+ if (pi->mirror_regs)
+ pi->shared_regs->SDMA_INTR_CAUSE_m = 0;
+- writel(0, pi->shared_regs->sdma_intr_base + SDMA_INTR_CAUSE);
++ writeb(0x00, pi->shared_regs->sdma_intr_base + SDMA_INTR_CAUSE +
++ pi->port.line);
+ return;
+ }
+
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:18 2007
+Message-Id: <20070731042618.564344691@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:30 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Jason Wessel <jason.wessel@windriver.com>,
+ Jeremy Fitzhardinge <jeremy@goop.org>,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 22/26] i386: fix infinite loop with singlestep int80 syscalls
+Content-Disposition: inline; filename=i386-fix-infinite-loop-with-singlestep-int80-syscalls.patch
+Content-Length: 2921
+Lines: 111
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+The commit 635cf99a80f4ebee59d70eb64bb85ce829e4591f introduced a
+regression. Executing a ptrace single step after certain int80
+accesses will infinitely loop and never advance the PC.
+
+The TIF_SINGLESTEP check should be done on the return from the syscall
+and not before it.
+
+The new test case is below:
+
+/* Test whether singlestep through an int80 syscall works.
+ */
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/ptrace.h>
+#include <sys/wait.h>
+#include <sys/mman.h>
+#include <asm/user.h>
+#include <string.h>
+
+static int child, status;
+static struct user_regs_struct regs;
+
+static void do_child()
+{
+ char str[80] = "child: int80 test\n";
+
+ ptrace(PTRACE_TRACEME, 0, 0, 0);
+ kill(getpid(), SIGUSR1);
+ write(fileno(stdout),str,strlen(str));
+ asm ("int $0x80" : : "a" (20)); /* getpid */
+}
+
+static void do_parent()
+{
+ unsigned long eip, expected = 0;
+again:
+ waitpid(child, &status, 0);
+ if (WIFEXITED(status) || WIFSIGNALED(status))
+ return;
+
+ if (WIFSTOPPED(status)) {
+ ptrace(PTRACE_GETREGS, child, 0, ®s);
+ eip = regs.eip;
+ if (expected)
+ fprintf(stderr, "child stop @ %08lx, expected %08lx %s\n",
+ eip, expected,
+ eip == expected ? "" : " <== ERROR");
+
+ if (*(unsigned short *)eip == 0x80cd) {
+ fprintf(stderr, "int 0x80 at %08x\n", (unsigned int)eip);
+ expected = eip + 2;
+ } else
+ expected = 0;
+
+ ptrace(PTRACE_SINGLESTEP, child, NULL, NULL);
+ }
+ goto again;
+}
+
+int main(int argc, char * const argv[])
+{
+ child = fork();
+ if (child)
+ do_parent();
+ else
+ do_child();
+ return 0;
+}
+
+
+Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
+Cc: Jeremy Fitzhardinge <jeremy@goop.org>
+Cc: Chuck Ebbert <cebbert@redhat.com>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ arch/i386/kernel/entry.S | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- linux-2.6.21.6.orig/arch/i386/kernel/entry.S
++++ linux-2.6.21.6/arch/i386/kernel/entry.S
+@@ -371,10 +371,6 @@ ENTRY(system_call)
+ CFI_ADJUST_CFA_OFFSET 4
+ SAVE_ALL
+ GET_THREAD_INFO(%ebp)
+- testl $TF_MASK,PT_EFLAGS(%esp)
+- jz no_singlestep
+- orl $_TIF_SINGLESTEP,TI_flags(%ebp)
+-no_singlestep:
+ # system call tracing in operation / emulation
+ /* Note, _TIF_SECCOMP is bit number 8, and so it needs testw and not testb */
+ testw $(_TIF_SYSCALL_EMU|_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT),TI_flags(%ebp)
+@@ -389,6 +385,10 @@ syscall_exit:
+ # setting need_resched or sigpending
+ # between sampling and the iret
+ TRACE_IRQS_OFF
++ testl $TF_MASK,PT_EFLAGS(%esp) # If tracing set singlestep flag on exit
++ jz no_singlestep
++ orl $_TIF_SINGLESTEP,TI_flags(%ebp)
++no_singlestep:
+ movl TI_flags(%ebp), %ecx
+ testw $_TIF_ALLWORK_MASK, %cx # current->work
+ jne syscall_exit_work
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:18 2007
+Message-Id: <20070731042618.760038604@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:31 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@osdl.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ akpm@osdl.org,
+ johnstul@us.ibm.com,
+ mingo@elte.hu,
+ Vincent.Fortier1@EC.GC.CA,
+ Thomas Gleixner <tglx@linutronix.de>,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 23/26] NTP: remove clock_was_set() call to prevent deadlock
+Content-Disposition: inline; filename=ntp-remove-clock_was_set-call-to-prevent-deadlock.patch
+Content-Length: 1803
+Lines: 53
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+The clock_was_set() call in seconds_overflow() which happens only when
+leap seconds are inserted / deleted is wrong in two aspects:
+
+1. it results in a call to on_each_cpu() with interrupts disabled
+2. it is potential deadlock source vs. call_lock in smp_call_function()
+
+The only possible side effect of the removal might be, that an absolute
+CLOCK_REALTIME timer fires 1 second too late, in the rare case of leap
+second deletion and an absolute CLOCK_REALTIME timer which expires in
+the affected time frame. It will never fire too early.
+
+This was probably observed by the reporter of a June 30th -> July 1st
+hang: http://lkml.org/lkml/2007/7/3/
+
+A similar problem was observed by Dave Jones, who provided a screen shot
+with a lockdep back trace, which allowed to analyse the problem.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: john stultz <johnstul@us.ibm.com>
+Cc: Dave Jones <davej@redhat.com>
+Cc: Ingo Molnar <mingo@elte.hu>
+Cc: Vincent Fortier <Vincent.Fortier1@EC.GC.CA>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/time/ntp.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- linux-2.6.21.6.orig/kernel/time/ntp.c
++++ linux-2.6.21.6/kernel/time/ntp.c
+@@ -120,7 +120,6 @@ void second_overflow(void)
+ */
+ time_interpolator_update(-NSEC_PER_SEC);
+ time_state = TIME_OOP;
+- clock_was_set();
+ printk(KERN_NOTICE "Clock: inserting leap second "
+ "23:59:60 UTC\n");
+ }
+@@ -135,7 +134,6 @@ void second_overflow(void)
+ */
+ time_interpolator_update(NSEC_PER_SEC);
+ time_state = TIME_WAIT;
+- clock_was_set();
+ printk(KERN_NOTICE "Clock: deleting leap second "
+ "23:59:59 UTC\n");
+ }
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:19 2007
+Message-Id: <20070731042618.961456407@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:32 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Stephen Hemminger <shemminger@linux-foundation.org>,
+ Jeff Garzik <jeff@garzik.org>,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 24/26] sky2: workaround for lost IRQ
+Content-Disposition: inline; filename=sky2-workaround-for-lost-irq.patch
+Content-Length: 1526
+Lines: 45
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+This patch restores a couple of workarounds from 2.6.16:
+ * restart transmit moderation timer in case it expires during IRQ routine
+ * default to having 10 HZ watchdog timer.
+At this point it more important not to hang than to worry about the
+power cost.
+
+Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
+Cc: Jeff Garzik <jeff@garzik.org>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ drivers/net/sky2.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- linux-2.6.21.6.orig/drivers/net/sky2.c
++++ linux-2.6.21.6/drivers/net/sky2.c
+@@ -95,7 +95,7 @@ static int disable_msi = 0;
+ module_param(disable_msi, int, 0);
+ MODULE_PARM_DESC(disable_msi, "Disable Message Signaled Interrupt (MSI)");
+
+-static int idle_timeout = 0;
++static int idle_timeout = 100;
+ module_param(idle_timeout, int, 0);
+ MODULE_PARM_DESC(idle_timeout, "Watchdog timer for lost interrupts (ms)");
+
+@@ -2433,6 +2433,13 @@ static int sky2_poll(struct net_device *
+
+ work_done = sky2_status_intr(hw, work_limit);
+ if (work_done < work_limit) {
++ /* Bug/Errata workaround?
++ * Need to kick the TX irq moderation timer.
++ */
++ if (sky2_read8(hw, STAT_TX_TIMER_CTRL) == TIM_START) {
++ sky2_write8(hw, STAT_TX_TIMER_CTRL, TIM_STOP);
++ sky2_write8(hw, STAT_TX_TIMER_CTRL, TIM_START);
++ }
+ netif_rx_complete(dev0);
+
+ sky2_read32(hw, B0_Y2_SP_LISR);
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:19 2007
+Message-Id: <20070731042619.161564120@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:33 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ v4l-dvb-maintainer@linuxtv.org,
+ xyzzy@speakeasy.org,
+ Mauro Carvalho Chehab <mchehab@infradead.org>,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 25/26] V4L: bttv: fix v4l1 api usage breaking the driver
+Content-Disposition: inline; filename=v4l-bttv-fix-v4l1-api-usage-breaking-the-driver.patch
+Content-Length: 3301
+Lines: 96
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Trent Piepho <xyzzy@speakeasy.org>
+
+If one uses a V4L *one* application, such as vlc or mplayer's v4l driver, as
+the first user after the driver is loaded, the driver wedges itself and will
+never capture properly. Even if one uses a V4L2 application later, it still
+won't work.
+
+If one uses a V4L *two* application first, such as tvtime or mplayer's v4l2
+driver, then the driver will be ok. One can then run a V4L1 application, and
+it will work.
+
+It turns out the problem is with norm changing and the crop support that was
+added in 2.6.21. The driver defaults to PAL, and keeps the last norm it was
+set too across opens. If one changes the norm via V4L1, the cropping
+parameters are not reset like they should be, and they'll remain broken across
+device opens.
+
+This patch removes the direct setting of btv->tvnorm in the V4L1 ioctl
+VIDIOCSCHAN handler. The norm is set via the existing call to set_input(),
+which calls set_tvnorm(), which will reset the cropping values now that it is
+able to detect the norm change.
+
+Signed-off-by: Trent Piepho <xyzzy@speakeasy.org>
+Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+(cherry picked from commit 333408f21590d50397f3004e3f87070fa8f52c51)
+
+ drivers/media/video/bt8xx/bttv-driver.c | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
+
+--- linux-2.6.21.6.orig/drivers/media/video/bt8xx/bttv-driver.c
++++ linux-2.6.21.6/drivers/media/video/bt8xx/bttv-driver.c
+@@ -1313,7 +1313,7 @@ set_tvnorm(struct bttv *btv, unsigned in
+
+ /* Call with btv->lock down. */
+ static void
+-set_input(struct bttv *btv, unsigned int input)
++set_input(struct bttv *btv, unsigned int input, unsigned int norm)
+ {
+ unsigned long flags;
+
+@@ -1332,7 +1332,7 @@ set_input(struct bttv *btv, unsigned int
+ }
+ audio_input(btv,(input == bttv_tvcards[btv->c.type].tuner ?
+ TVAUDIO_INPUT_TUNER : TVAUDIO_INPUT_EXTERN));
+- set_tvnorm(btv,btv->tvnorm);
++ set_tvnorm(btv, norm);
+ i2c_vidiocschan(btv);
+ }
+
+@@ -1423,7 +1423,7 @@ static void bttv_reinit_bt848(struct btt
+
+ init_bt848(btv);
+ btv->pll.pll_current = -1;
+- set_input(btv,btv->input);
++ set_input(btv, btv->input, btv->tvnorm);
+ }
+
+ static int get_control(struct bttv *btv, struct v4l2_control *c)
+@@ -1993,8 +1993,7 @@ static int bttv_common_ioctls(struct btt
+ return 0;
+ }
+
+- btv->tvnorm = v->norm;
+- set_input(btv,v->channel);
++ set_input(btv, v->channel, v->norm);
+ mutex_unlock(&btv->lock);
+ return 0;
+ }
+@@ -2130,7 +2129,7 @@ static int bttv_common_ioctls(struct btt
+ if (*i > bttv_tvcards[btv->c.type].video_inputs)
+ return -EINVAL;
+ mutex_lock(&btv->lock);
+- set_input(btv,*i);
++ set_input(btv, *i, btv->tvnorm);
+ mutex_unlock(&btv->lock);
+ return 0;
+ }
+@@ -4762,7 +4761,7 @@ static int __devinit bttv_probe(struct p
+ bt848_hue(btv,32768);
+ bt848_sat(btv,32768);
+ audio_mute(btv, 1);
+- set_input(btv,0);
++ set_input(btv, 0, btv->tvnorm);
+ bttv_crop_reset(&btv->crop[0], btv->tvnorm);
+ btv->crop[1] = btv->crop[0]; /* current = default */
+ disclaim_vbi_lines(btv);
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:19 2007
+Message-Id: <20070731042619.372908889@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:34 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ v4l-dvb-maintainer@linuxtv.org,
+ jelle@foks.8m.com,
+ Mauro Carvalho Chehab <mchehab@infradead.org>,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 26/26] V4L: cx88-blackbird: fix vidioc_g_tuner never ending list of tuners
+Content-Disposition: inline; filename=v4l-cx88-blackbird-fix-vidioc_g_tuner-never-ending-list-of-tuners.patch
+Content-Length: 1268
+Lines: 40
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Jelle Foks <jelle@foks.8m.com>
+
+v4l-info and other programs would loop indefinitely while querying the
+tuners for cx88-blackbird cards.
+
+The cause was that vidioc_g_tuner didn't return an error value for
+qctrl->id != 0, making the application think there is a never ending
+list of tuners...
+
+This patch adds the same index check as done in vidioc_g_tuner() in
+cx88-video.
+
+Signed-off-by: Jelle Foks <jelle@foks.8m.com>
+Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+(cherry picked from commit f057131fb6eb2c45f6023e3da41ccd6e4e71aee9)
+
+ drivers/media/video/cx88/cx88-blackbird.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- linux-2.6.21.6.orig/drivers/media/video/cx88/cx88-blackbird.c
++++ linux-2.6.21.6/drivers/media/video/cx88/cx88-blackbird.c
+@@ -1034,6 +1034,8 @@ static int vidioc_g_tuner (struct file *
+
+ if (unlikely(UNSET == core->tuner_type))
+ return -EINVAL;
++ if (0 != t->index)
++ return -EINVAL;
+
+ strcpy(t->name, "Television");
+ t->type = V4L2_TUNER_ANALOG_TV;
+
+--
+
+From greg@blue.kroah.org Mon Jul 30 21:26:14 2007
+Message-Id: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:08 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk
+Subject: [patch 00/26] 2.6.21.7 -stable review
+Content-Length: 921
+Lines: 21
+
+Very sorry for the long delay in getting these out, it should be the
+last 2.6.21-stable release, unless there are some patches that people
+point out to us that deserve a new .21.y release.
+
+This is the start of the stable review cycle for the 2.6.21.7 release.
+There are 26 patches in this series, all will be posted as a response to
+this one. If anyone has any issues with these being applied, please let
+us know. If anyone is a maintainer of the proper subsystem, and wants
+to add a Signed-off-by: line to the patch, please respond with it.
+
+These patches are sent out with a number of different people on the
+Cc: line. If you wish to be a reviewer, please email stable@kernel.org
+to add your name to the list. If you want to be off the reviewer list,
+also email us.
+
+Responses should be made by August 2, 2007, 00:00:00 UTC. Anything
+received after that time might be too late.
+
+thanks,
+
+the -stable release team
+
+From greg@blue.kroah.org Mon Jul 30 21:26:16 2007
+Message-Id: <20070731042616.344878672@blue.kroah.org>
+References: <20070731042108.546594256@blue.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Mon, 30 Jul 2007 21:21:19 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ agk@redhat.com,
+ Olaf Kirch <olaf.kirch@oracle.com>,
+ Jens Axboe <jens.axboe@oracle.com>,
+ Chris Wright <chrisw@sous-sol.org>,
+ Greg Kroah-Hartman <gregkh@suse.de>
+Subject: [patch 11/26] dm crypt: fix avoid cloned bio ref after free
+Content-Disposition: inline; filename=dm-crypt-fix-avoid-cloned-bio-ref-after-free.patch
+In-Reply-To: <20070731043047.GA3975@kroah.com>
+Content-Length: 1282
+Lines: 42
+
+-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+
+From: Olaf Kirch <olaf.kirch@oracle.com>
+
+Do not access the bio after generic_make_request
+
+We should never access a bio after generic_make_request - there's no guarantee
+it still exists.
+
+Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com>
+Signed-off-by: Alasdair G Kergon <agk@redhat.com>
+Cc: Jens Axboe <jens.axboe@oracle.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=98221eb757de03d9aa6262b1eded2be708640ccc
+
+ drivers/md/dm-crypt.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- linux-2.6.21.6.orig/drivers/md/dm-crypt.c
++++ linux-2.6.21.6/drivers/md/dm-crypt.c
+@@ -655,9 +655,12 @@ static void process_write(struct crypt_i
+
+ generic_make_request(clone);
+
++ /* Do not reference clone after this - it
++ * may be gone already. */
++
+ /* out of memory -> run queues */
+ if (remaining)
+- congestion_wait(bio_data_dir(clone), HZ/100);
++ congestion_wait(WRITE, HZ/100);
+ }
+ }
+
+
+--
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
