--- /dev/null
+From 67914b5c400d6c213f9e56d7547a2038ab5c06f4 Mon Sep 17 00:00:00 2001
+From: Andy Walls <awalls@md.metrocast.net>
+Date: Sun, 13 Feb 2011 21:52:50 -0300
+Subject: [media] cx23885: Revert "Check for slave nack on all transactions"
+
+From: Andy Walls <awalls@md.metrocast.net>
+
+commit 67914b5c400d6c213f9e56d7547a2038ab5c06f4 upstream.
+
+This reverts commit 44835f197bf1e3f57464f23dfb239fef06cf89be.
+
+With the CX23885 hardware I2C master, checking for I2C slave ACK/NAK
+is not valid when the I2C_EXTEND or I2C_NOSTOP bits are set.
+Revert the commit that checks for I2C slave ACK/NAK on all transactions,
+so that XC5000 tuners work with the CX23885 again.
+
+Thanks go to Mark Zimmerman for reporting and bisecting this problem.
+
+Bisected-by: Mark Zimmerman <markzimm@frii.com>
+
+Reported-by: Mark Zimmerman <markzimm@frii.com>
+Signed-off-by: Andy Walls <awalls@md.metrocast.net>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/media/video/cx23885/cx23885-i2c.c | 8 --------
+ 1 file changed, 8 deletions(-)
+
+--- a/drivers/media/video/cx23885/cx23885-i2c.c
++++ b/drivers/media/video/cx23885/cx23885-i2c.c
+@@ -122,10 +122,6 @@ static int i2c_sendbytes(struct i2c_adap
+
+ if (!i2c_wait_done(i2c_adap))
+ goto eio;
+- if (!i2c_slave_did_ack(i2c_adap)) {
+- retval = -ENXIO;
+- goto err;
+- }
+ if (i2c_debug) {
+ printk(" <W %02x %02x", msg->addr << 1, msg->buf[0]);
+ if (!(ctrl & I2C_NOSTOP))
+@@ -209,10 +205,6 @@ static int i2c_readbytes(struct i2c_adap
+
+ if (!i2c_wait_done(i2c_adap))
+ goto eio;
+- if (cnt == 0 && !i2c_slave_did_ack(i2c_adap)) {
+- retval = -ENXIO;
+- goto err;
+- }
+ msg->buf[cnt] = cx_read(bus->reg_rdata) & 0xff;
+ if (i2c_debug) {
+ dprintk(1, " %02x", msg->buf[cnt]);
--- /dev/null
+From 1e6406b8f0dc1ae7d7c39c9e1ac6ca78e016ebfb Mon Sep 17 00:00:00 2001
+From: Sven Barth <pascaldragon@googlemail.com>
+Date: Sun, 13 Feb 2011 22:09:43 -0300
+Subject: [media] cx25840: fix probing of cx2583x chips
+
+From: Sven Barth <pascaldragon@googlemail.com>
+
+commit 1e6406b8f0dc1ae7d7c39c9e1ac6ca78e016ebfb upstream.
+
+Fix the probing of cx2583x chips, because two controls were clustered
+that are not created for these chips.
+
+This regression was introduced in 2.6.36.
+
+Signed-off-by: Sven Barth <pascaldragon@googlemail.com>
+Signed-off-by: Andy Walls <awalls@md.metrocast.net>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/media/video/cx25840/cx25840-core.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/media/video/cx25840/cx25840-core.c
++++ b/drivers/media/video/cx25840/cx25840-core.c
+@@ -2031,7 +2031,8 @@ static int cx25840_probe(struct i2c_clie
+ kfree(state);
+ return err;
+ }
+- v4l2_ctrl_cluster(2, &state->volume);
++ if (!is_cx2583x(state))
++ v4l2_ctrl_cluster(2, &state->volume);
+ v4l2_ctrl_handler_setup(&state->hdl);
+
+ cx25840_ir_probe(sd);
--- /dev/null
+From e192a7cf0effe7680264a5bc35c0ad1bdcdc921c Mon Sep 17 00:00:00 2001
+From: Olivier Grenie <olivier.grenie@dibcom.fr>
+Date: Fri, 14 Jan 2011 13:58:59 -0300
+Subject: [media] DiB7000M: add pid filtering
+
+From: Olivier Grenie <olivier.grenie@dibcom.fr>
+
+commit e192a7cf0effe7680264a5bc35c0ad1bdcdc921c upstream.
+
+This patch adds the pid filtering for the dib7000M demod. It also
+corrects the pid filtering for the dib7700 based board. It should
+prevent an oops, when using dib7700p based board.
+
+References: https://bugzilla.novell.com/show_bug.cgi?id=644807
+
+Signed-off-by: Olivier Grenie <olivier.grenie@dibcom.fr>
+Signed-off-by: Patrick Boettcher <patrick.boettcher@dibcom.fr>
+Tested-by: Pavel SKARKA <paul.sp@seznam.cz>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/media/dvb/dvb-usb/dib0700_devices.c | 21 +++++++++++++++++++--
+ drivers/media/dvb/frontends/dib7000m.c | 19 +++++++++++++++++++
+ drivers/media/dvb/frontends/dib7000m.h | 15 +++++++++++++++
+ 3 files changed, 53 insertions(+), 2 deletions(-)
+
+--- a/drivers/media/dvb/dvb-usb/dib0700_devices.c
++++ b/drivers/media/dvb/dvb-usb/dib0700_devices.c
+@@ -870,6 +870,23 @@ static int dib7070p_tuner_attach(struct
+ return 0;
+ }
+
++static int stk7700p_pid_filter(struct dvb_usb_adapter *adapter, int index,
++ u16 pid, int onoff)
++{
++ struct dib0700_state *st = adapter->dev->priv;
++ if (st->is_dib7000pc)
++ return dib7000p_pid_filter(adapter->fe, index, pid, onoff);
++ return dib7000m_pid_filter(adapter->fe, index, pid, onoff);
++}
++
++static int stk7700p_pid_filter_ctrl(struct dvb_usb_adapter *adapter, int onoff)
++{
++ struct dib0700_state *st = adapter->dev->priv;
++ if (st->is_dib7000pc)
++ return dib7000p_pid_filter_ctrl(adapter->fe, onoff);
++ return dib7000m_pid_filter_ctrl(adapter->fe, onoff);
++}
++
+ static int stk70x0p_pid_filter(struct dvb_usb_adapter *adapter, int index, u16 pid, int onoff)
+ {
+ return dib7000p_pid_filter(adapter->fe, index, pid, onoff);
+@@ -1875,8 +1892,8 @@ struct dvb_usb_device_properties dib0700
+ {
+ .caps = DVB_USB_ADAP_HAS_PID_FILTER | DVB_USB_ADAP_PID_FILTER_CAN_BE_TURNED_OFF,
+ .pid_filter_count = 32,
+- .pid_filter = stk70x0p_pid_filter,
+- .pid_filter_ctrl = stk70x0p_pid_filter_ctrl,
++ .pid_filter = stk7700p_pid_filter,
++ .pid_filter_ctrl = stk7700p_pid_filter_ctrl,
+ .frontend_attach = stk7700p_frontend_attach,
+ .tuner_attach = stk7700p_tuner_attach,
+
+--- a/drivers/media/dvb/frontends/dib7000m.c
++++ b/drivers/media/dvb/frontends/dib7000m.c
+@@ -1285,6 +1285,25 @@ struct i2c_adapter * dib7000m_get_i2c_ma
+ }
+ EXPORT_SYMBOL(dib7000m_get_i2c_master);
+
++int dib7000m_pid_filter_ctrl(struct dvb_frontend *fe, u8 onoff)
++{
++ struct dib7000m_state *state = fe->demodulator_priv;
++ u16 val = dib7000m_read_word(state, 294 + state->reg_offs) & 0xffef;
++ val |= (onoff & 0x1) << 4;
++ dprintk("PID filter enabled %d", onoff);
++ return dib7000m_write_word(state, 294 + state->reg_offs, val);
++}
++EXPORT_SYMBOL(dib7000m_pid_filter_ctrl);
++
++int dib7000m_pid_filter(struct dvb_frontend *fe, u8 id, u16 pid, u8 onoff)
++{
++ struct dib7000m_state *state = fe->demodulator_priv;
++ dprintk("PID filter: index %x, PID %d, OnOff %d", id, pid, onoff);
++ return dib7000m_write_word(state, 300 + state->reg_offs + id,
++ onoff ? (1 << 13) | pid : 0);
++}
++EXPORT_SYMBOL(dib7000m_pid_filter);
++
+ #if 0
+ /* used with some prototype boards */
+ int dib7000m_i2c_enumeration(struct i2c_adapter *i2c, int no_of_demods,
+--- a/drivers/media/dvb/frontends/dib7000m.h
++++ b/drivers/media/dvb/frontends/dib7000m.h
+@@ -46,6 +46,8 @@ extern struct dvb_frontend *dib7000m_att
+ extern struct i2c_adapter *dib7000m_get_i2c_master(struct dvb_frontend *,
+ enum dibx000_i2c_interface,
+ int);
++extern int dib7000m_pid_filter(struct dvb_frontend *, u8 id, u16 pid, u8 onoff);
++extern int dib7000m_pid_filter_ctrl(struct dvb_frontend *fe, u8 onoff);
+ #else
+ static inline
+ struct dvb_frontend *dib7000m_attach(struct i2c_adapter *i2c_adap,
+@@ -63,6 +65,19 @@ struct i2c_adapter *dib7000m_get_i2c_mas
+ printk(KERN_WARNING "%s: driver disabled by Kconfig\n", __func__);
+ return NULL;
+ }
++static inline int dib7000m_pid_filter(struct dvb_frontend *fe, u8 id,
++ u16 pid, u8 onoff)
++{
++ printk(KERN_WARNING "%s: driver disabled by Kconfig\n", __func__);
++ return -ENODEV;
++}
++
++static inline int dib7000m_pid_filter_ctrl(struct dvb_frontend *fe,
++ uint8_t onoff)
++{
++ printk(KERN_WARNING "%s: driver disabled by Kconfig\n", __func__);
++ return -ENODEV;
++}
+ #endif
+
+ /* TODO
--- /dev/null
+From 0d672e9f8ac320c6d1ea9103db6df7f99ea20361 Mon Sep 17 00:00:00 2001
+From: Ivan Vecera <ivecera@redhat.com>
+Date: Tue, 15 Feb 2011 02:08:39 +0000
+Subject: drivers/net: Call netif_carrier_off at the end of the probe
+
+From: Ivan Vecera <ivecera@redhat.com>
+
+commit 0d672e9f8ac320c6d1ea9103db6df7f99ea20361 upstream.
+
+Without calling of netif_carrier_off at the end of the probe the operstate
+is unknown when the device is initially opened. By default the carrier is
+on so when the device is opened and netif_carrier_on is called the link
+watch event is not fired and operstate remains zero (unknown).
+
+This patch fixes this behavior in forcedeth and r8169.
+
+Signed-off-by: Ivan Vecera <ivecera@redhat.com>
+Acked-by: Francois Romieu <romieu@fr.zoreil.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/forcedeth.c | 2 ++
+ drivers/net/r8169.c | 2 ++
+ 2 files changed, 4 insertions(+)
+
+--- a/drivers/net/forcedeth.c
++++ b/drivers/net/forcedeth.c
+@@ -5816,6 +5816,8 @@ static int __devinit nv_probe(struct pci
+ goto out_error;
+ }
+
++ netif_carrier_off(dev);
++
+ dev_printk(KERN_INFO, &pci_dev->dev, "ifname %s, PHY OUI 0x%x @ %d, "
+ "addr %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n",
+ dev->name,
+--- a/drivers/net/r8169.c
++++ b/drivers/net/r8169.c
+@@ -3236,6 +3236,8 @@ rtl8169_init_one(struct pci_dev *pdev, c
+ if (pci_dev_run_wake(pdev))
+ pm_runtime_put_noidle(&pdev->dev);
+
++ netif_carrier_off(dev);
++
+ out:
+ return rc;
+
--- /dev/null
+From ff75f40f44ae9b79d520bf32a05d35af74a805c0 Mon Sep 17 00:00:00 2001
+From: Julian Anastasov <ja@ssi.bg>
+Date: Tue, 22 Feb 2011 10:40:25 +0200
+Subject: ipvs: fix dst_lock locking on dest update
+
+From: Julian Anastasov <ja@ssi.bg>
+
+commit ff75f40f44ae9b79d520bf32a05d35af74a805c0 upstream.
+
+ Fix dst_lock usage in __ip_vs_update_dest. We need
+_bh locking because destination is updated in user context.
+Can cause lockups on frequent destination updates.
+Problem reported by Simon Kirby. Bug was introduced
+in 2.6.37 from the "ipvs: changes for local real server"
+change.
+
+Signed-off-by: Julian Anastasov <ja@ssi.bg>
+Signed-off-by: Hans Schillstrom <hans@schillstrom.com>
+Signed-off-by: Simon Horman <horms@verge.net.au>
+Cc: Simon Kirby <sim@hostway.ca>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/netfilter/ipvs/ip_vs_ctl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/netfilter/ipvs/ip_vs_ctl.c
++++ b/net/netfilter/ipvs/ip_vs_ctl.c
+@@ -810,9 +810,9 @@ __ip_vs_update_dest(struct ip_vs_service
+ dest->u_threshold = udest->u_threshold;
+ dest->l_threshold = udest->l_threshold;
+
+- spin_lock(&dest->dst_lock);
++ spin_lock_bh(&dest->dst_lock);
+ ip_vs_dst_reset(dest);
+- spin_unlock(&dest->dst_lock);
++ spin_unlock_bh(&dest->dst_lock);
+
+ if (add)
+ ip_vs_new_estimator(&dest->stats);
--- /dev/null
+From d213ad08362909ab50fbd6568fcc9fd568268d29 Mon Sep 17 00:00:00 2001
+From: Michael <mike@rsy.com>
+Date: Sat, 26 Feb 2011 01:56:34 -0300
+Subject: [media] ivtv: Fix corrective action taken upon DMA ERR interrupt to avoid hang
+
+From: Michael <mike@rsy.com>
+
+commit d213ad08362909ab50fbd6568fcc9fd568268d29 upstream.
+
+After upgrading the kernel from stock Ubuntu 7.10 to
+10.04, with no hardware changes, I started getting the dreaded DMA
+TIMEOUT errors, followed by inability to encode until the machine was
+rebooted.
+
+I came across a post from Andy in March
+(http://www.gossamer-threads.com/lists/ivtv/users/40943#40943) where he
+speculates that perhaps the corrective actions being taken after a DMA
+ERROR are not sufficient to recover the situation. After some testing
+I suspect that this is indeed the case, and that in fact the corrective
+action may be what hangs the card's DMA engine, rather than the
+original error.
+
+Specifically these DMA ERROR IRQs seem to present with two different
+values in the IVTV_REG_DMASTATUS register: 0x11 and 0x13. The current
+corrective action is to clear that status register back to 0x01 or
+0x03, and then issue the next DMA request. In the case of a 0x13 this
+seems to result in a minor glitch in the encoded stream due to the
+failed transfer that was not retried, but otherwise things continue OK.
+In the case of a 0x11 the card's DMA write engine is never heard from
+again, and a DMA TIMEOUT follows shortly after. 0x11 is the killer.
+
+I suspect that the two cases need to be handled differently. The
+difference is in bit 1 (0x02), which is set when the error is about to
+be successfully recovered, and clear when things are about to go bad.
+
+Bit 1 of DMASTATUS is described differently in different places either
+as a positive "write finished", or an inverted "write busy". If we
+take the first definition, then when an error arises with state 0x11,
+it means that the write did not complete. It makes sense to start a
+new transfer, as in the current code. But if we take the second
+definition, then 0x11 means "an error but the write engine is still
+busy". Trying to feed it a new transfer in this situation might not be
+a good idea.
+
+As an experiment, I added code to ignore the DMA ERROR IRQ if DMASTATUS
+is 0x11. I.e., don't start a new transfer, don't clear our flags, etc.
+The hope was that the card would complete the transfer and issue a ENC
+DMA COMPLETE, either successfully or with an error condition there.
+However the card still hung.
+
+The only remaining corrective action being taken with a 0x11 status was
+then the write back to the status register to clear the error, i.e.
+DMASTATUS = DMASTATUS & ~3. This would have the effect of clearing the
+error bit 4, while leaving the lower bits indicating DMA write busy.
+
+Strangely enough, removing this write to the status register solved the
+problem! If the DMA ERROR IRQ with DMASTATUS=0x11 is completely
+ignored, with no corrective action at all, then the card will complete
+the transfer and issue a new IRQ. If the status register is written to
+when it has the value 0x11, then the DMA engine hangs. Perhaps it's
+illegal to write to
+DMASTATUS while the read or write busy bit is set? At any rate, it
+appears that the current corrective action is indeed making things
+worse rather than better.
+
+I put together a patch that modifies ivtv_irq_dma_err to do the
+following:
+
+- Don't write back to IVTV_REG_DMASTATUS.
+- If write-busy is asserted, leave the card alone. Just extend the
+timeout slightly.
+- If write-busy is de-asserted, retry the current transfer.
+
+This has completely fixed my DMA TIMEOUT woes. DMA ERR events still
+occur, but now they seem to be correctly handled. 0x11 events no
+longer hang the card, and 0x13 events no longer result in a glitch in
+the stream, as the failed transfer is retried. I'm happy.
+
+I've inlined the patch below in case it is of interest. As described
+above, I have a theory about why it works (based on a different
+interpretation of bit 1 of DMASTATUS), but I can't guarantee that my
+theory is correct. There may be another explanation, or it may be a
+fluke. Maybe ignoring that IRQ entirely would be equally effective?
+Maybe the status register read/writeback sequence is race condition if
+the card changes it in the mean time? Also as I am using a PVR-150
+only, I have not been able to test it on other cards, which may be
+especially relevant for 350s that support concurrent decoding.
+Hopefully the patch does not break the DMA READ path.
+
+Mike
+
+[awalls@md.metrocast.net: Modified patch to add a verbose comment, make minor
+brace reformats, and clear the error flags in the IVTV_REG_DMASTATUS iff both
+read and write DMA were not in progress. Mike's conjecture about a race
+condition with the writeback is correct; it can confuse the DMA engine.]
+
+[Comment and analysis from the ML post by Michael <mike@rsy.com>]
+Signed-off-by: Andy Walls <awalls@md.metrocast.net>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/media/video/ivtv/ivtv-irq.c | 58 +++++++++++++++++++++++++++++++-----
+ 1 file changed, 51 insertions(+), 7 deletions(-)
+
+--- a/drivers/media/video/ivtv/ivtv-irq.c
++++ b/drivers/media/video/ivtv/ivtv-irq.c
+@@ -628,22 +628,66 @@ static void ivtv_irq_enc_pio_complete(st
+ static void ivtv_irq_dma_err(struct ivtv *itv)
+ {
+ u32 data[CX2341X_MBOX_MAX_DATA];
++ u32 status;
+
+ del_timer(&itv->dma_timer);
++
+ ivtv_api_get_data(&itv->enc_mbox, IVTV_MBOX_DMA_END, 2, data);
++ status = read_reg(IVTV_REG_DMASTATUS);
+ IVTV_DEBUG_WARN("DMA ERROR %08x %08x %08x %d\n", data[0], data[1],
+- read_reg(IVTV_REG_DMASTATUS), itv->cur_dma_stream);
+- write_reg(read_reg(IVTV_REG_DMASTATUS) & 3, IVTV_REG_DMASTATUS);
++ status, itv->cur_dma_stream);
++ /*
++ * We do *not* write back to the IVTV_REG_DMASTATUS register to
++ * clear the error status, if either the encoder write (0x02) or
++ * decoder read (0x01) bus master DMA operation do not indicate
++ * completed. We can race with the DMA engine, which may have
++ * transitioned to completed status *after* we read the register.
++ * Setting a IVTV_REG_DMASTATUS flag back to "busy" status, after the
++ * DMA engine has completed, will cause the DMA engine to stop working.
++ */
++ status &= 0x3;
++ if (status == 0x3)
++ write_reg(status, IVTV_REG_DMASTATUS);
++
+ if (!test_bit(IVTV_F_I_UDMA, &itv->i_flags) &&
+ itv->cur_dma_stream >= 0 && itv->cur_dma_stream < IVTV_MAX_STREAMS) {
+ struct ivtv_stream *s = &itv->streams[itv->cur_dma_stream];
+
+- /* retry */
+- if (s->type >= IVTV_DEC_STREAM_TYPE_MPG)
++ if (s->type >= IVTV_DEC_STREAM_TYPE_MPG) {
++ /* retry */
++ /*
++ * FIXME - handle cases of DMA error similar to
++ * encoder below, except conditioned on status & 0x1
++ */
+ ivtv_dma_dec_start(s);
+- else
+- ivtv_dma_enc_start(s);
+- return;
++ return;
++ } else {
++ if ((status & 0x2) == 0) {
++ /*
++ * CX2341x Bus Master DMA write is ongoing.
++ * Reset the timer and let it complete.
++ */
++ itv->dma_timer.expires =
++ jiffies + msecs_to_jiffies(600);
++ add_timer(&itv->dma_timer);
++ return;
++ }
++
++ if (itv->dma_retries < 3) {
++ /*
++ * CX2341x Bus Master DMA write has ended.
++ * Retry the write, starting with the first
++ * xfer segment. Just retrying the current
++ * segment is not sufficient.
++ */
++ s->sg_processed = 0;
++ itv->dma_retries++;
++ ivtv_dma_enc_start_xfer(s);
++ return;
++ }
++ /* Too many retries, give up on this one */
++ }
++
+ }
+ if (test_bit(IVTV_F_I_UDMA, &itv->i_flags)) {
+ ivtv_udma_start(itv);
--- /dev/null
+From 8909c9ad8ff03611c9c96c9a92656213e4bb495b Mon Sep 17 00:00:00 2001
+From: Vasiliy Kulikov <segoon@openwall.com>
+Date: Wed, 2 Mar 2011 00:33:13 +0300
+Subject: net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules
+
+From: Vasiliy Kulikov <segoon@openwall.com>
+
+commit 8909c9ad8ff03611c9c96c9a92656213e4bb495b upstream.
+
+Since a8f80e8ff94ecba629542d9b4b5f5a8ee3eb565c any process with
+CAP_NET_ADMIN may load any module from /lib/modules/. This doesn't mean
+that CAP_NET_ADMIN is a superset of CAP_SYS_MODULE as modules are
+limited to /lib/modules/**. However, CAP_NET_ADMIN capability shouldn't
+allow anybody load any module not related to networking.
+
+This patch restricts an ability of autoloading modules to netdev modules
+with explicit aliases. This fixes CVE-2011-1019.
+
+Arnd Bergmann suggested to leave untouched the old pre-v2.6.32 behavior
+of loading netdev modules by name (without any prefix) for processes
+with CAP_SYS_MODULE to maintain the compatibility with network scripts
+that use autoloading netdev modules by aliases like "eth0", "wlan0".
+
+Currently there are only three users of the feature in the upstream
+kernel: ipip, ip_gre and sit.
+
+ root@albatros:~# capsh --drop=$(seq -s, 0 11),$(seq -s, 13 34) --
+ root@albatros:~# grep Cap /proc/$$/status
+ CapInh: 0000000000000000
+ CapPrm: fffffff800001000
+ CapEff: fffffff800001000
+ CapBnd: fffffff800001000
+ root@albatros:~# modprobe xfs
+ FATAL: Error inserting xfs
+ (/lib/modules/2.6.38-rc6-00001-g2bf4ca3/kernel/fs/xfs/xfs.ko): Operation not permitted
+ root@albatros:~# lsmod | grep xfs
+ root@albatros:~# ifconfig xfs
+ xfs: error fetching interface information: Device not found
+ root@albatros:~# lsmod | grep xfs
+ root@albatros:~# lsmod | grep sit
+ root@albatros:~# ifconfig sit
+ sit: error fetching interface information: Device not found
+ root@albatros:~# lsmod | grep sit
+ root@albatros:~# ifconfig sit0
+ sit0 Link encap:IPv6-in-IPv4
+ NOARP MTU:1480 Metric:1
+
+ root@albatros:~# lsmod | grep sit
+ sit 10457 0
+ tunnel4 2957 1 sit
+
+For CAP_SYS_MODULE module loading is still relaxed:
+
+ root@albatros:~# grep Cap /proc/$$/status
+ CapInh: 0000000000000000
+ CapPrm: ffffffffffffffff
+ CapEff: ffffffffffffffff
+ CapBnd: ffffffffffffffff
+ root@albatros:~# ifconfig xfs
+ xfs: error fetching interface information: Device not found
+ root@albatros:~# lsmod | grep xfs
+ xfs 745319 0
+
+Reference: https://lkml.org/lkml/2011/2/24/203
+
+Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+Acked-by: David S. Miller <davem@davemloft.net>
+Acked-by: Kees Cook <kees.cook@canonical.com>
+Signed-off-by: James Morris <jmorris@namei.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/linux/netdevice.h | 3 +++
+ net/core/dev.c | 12 ++++++++++--
+ net/ipv4/ip_gre.c | 1 +
+ net/ipv4/ipip.c | 1 +
+ net/ipv6/sit.c | 2 +-
+ 5 files changed, 16 insertions(+), 3 deletions(-)
+
+--- a/include/linux/netdevice.h
++++ b/include/linux/netdevice.h
+@@ -2336,6 +2336,9 @@ extern int netdev_notice(const struct ne
+ extern int netdev_info(const struct net_device *dev, const char *format, ...)
+ __attribute__ ((format (printf, 2, 3)));
+
++#define MODULE_ALIAS_NETDEV(device) \
++ MODULE_ALIAS("netdev-" device)
++
+ #if defined(DEBUG)
+ #define netdev_dbg(__dev, format, args...) \
+ netdev_printk(KERN_DEBUG, __dev, format, ##args)
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -1116,13 +1116,21 @@ EXPORT_SYMBOL(netdev_bonding_change);
+ void dev_load(struct net *net, const char *name)
+ {
+ struct net_device *dev;
++ int no_module;
+
+ rcu_read_lock();
+ dev = dev_get_by_name_rcu(net, name);
+ rcu_read_unlock();
+
+- if (!dev && capable(CAP_NET_ADMIN))
+- request_module("%s", name);
++ no_module = !dev;
++ if (no_module && capable(CAP_NET_ADMIN))
++ no_module = request_module("netdev-%s", name);
++ if (no_module && capable(CAP_SYS_MODULE)) {
++ if (!request_module("%s", name))
++ pr_err("Loading kernel module for a network device "
++"with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev-%s "
++"instead\n", name);
++ }
+ }
+ EXPORT_SYMBOL(dev_load);
+
+--- a/net/ipv4/ip_gre.c
++++ b/net/ipv4/ip_gre.c
+@@ -1775,3 +1775,4 @@ module_exit(ipgre_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_ALIAS_RTNL_LINK("gre");
+ MODULE_ALIAS_RTNL_LINK("gretap");
++MODULE_ALIAS_NETDEV("gre0");
+--- a/net/ipv4/ipip.c
++++ b/net/ipv4/ipip.c
+@@ -921,3 +921,4 @@ static void __exit ipip_fini(void)
+ module_init(ipip_init);
+ module_exit(ipip_fini);
+ MODULE_LICENSE("GPL");
++MODULE_ALIAS_NETDEV("tunl0");
+--- a/net/ipv6/sit.c
++++ b/net/ipv6/sit.c
+@@ -1292,4 +1292,4 @@ static int __init sit_init(void)
+ module_init(sit_init);
+ module_exit(sit_cleanup);
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS("sit0");
++MODULE_ALIAS_NETDEV("sit0");
--- /dev/null
+From 9d0db8b6b1da9e3d4c696ef29449700c58d589db Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Tue, 1 Feb 2011 16:03:46 +0100
+Subject: netfilter: arpt_mangle: fix return values of checkentry
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 9d0db8b6b1da9e3d4c696ef29449700c58d589db upstream.
+
+In 135367b "netfilter: xtables: change xt_target.checkentry return type",
+the type returned by checkentry was changed from boolean to int, but the
+return values where not adjusted.
+
+arptables: Input/output error
+
+This broke arptables with the mangle target since it returns true
+under success, which is interpreted by xtables as >0, thus
+returning EIO.
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv4/netfilter/arpt_mangle.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/net/ipv4/netfilter/arpt_mangle.c
++++ b/net/ipv4/netfilter/arpt_mangle.c
+@@ -60,12 +60,12 @@ static int checkentry(const struct xt_tg
+
+ if (mangle->flags & ~ARPT_MANGLE_MASK ||
+ !(mangle->flags & ARPT_MANGLE_MASK))
+- return false;
++ return -EINVAL;
+
+ if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT &&
+ mangle->target != XT_CONTINUE)
+- return false;
+- return true;
++ return -EINVAL;
++ return 0;
+ }
+
+ static struct xt_target arpt_mangle_reg __read_mostly = {
--- /dev/null
+From f60ac8e7ab7cbb413a0131d5665b053f9f386526 Mon Sep 17 00:00:00 2001
+From: Francois Romieu <romieu@fr.zoreil.com>
+Date: Thu, 3 Feb 2011 17:27:52 +0100
+Subject: r8169: prevent RxFIFO induced loops in the irq handler.
+
+From: Francois Romieu <romieu@fr.zoreil.com>
+
+commit f60ac8e7ab7cbb413a0131d5665b053f9f386526 upstream.
+
+While the RxFIFO interruption is masked for most 8168, nothing prevents
+it to appear in the irq status word. This is no excuse to crash.
+
+Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
+Cc: Ivan Vecera <ivecera@redhat.com>
+Cc: Hayes <hayeswang@realtek.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/r8169.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/drivers/net/r8169.c
++++ b/drivers/net/r8169.c
+@@ -4613,6 +4613,14 @@ static irqreturn_t rtl8169_interrupt(int
+ netif_stop_queue(dev);
+ rtl8169_tx_timeout(dev);
+ goto done;
++ /* Testers needed. */
++ case RTL_GIGA_MAC_VER_17:
++ case RTL_GIGA_MAC_VER_19:
++ case RTL_GIGA_MAC_VER_20:
++ case RTL_GIGA_MAC_VER_21:
++ case RTL_GIGA_MAC_VER_23:
++ case RTL_GIGA_MAC_VER_24:
++ case RTL_GIGA_MAC_VER_27:
+ /* Experimental science. Pktgen proof. */
+ case RTL_GIGA_MAC_VER_12:
+ case RTL_GIGA_MAC_VER_25:
--- /dev/null
+From 1519e57fe81c14bb8fa4855579f19264d1ef63b4 Mon Sep 17 00:00:00 2001
+From: Francois Romieu <romieu@fr.zoreil.com>
+Date: Thu, 3 Feb 2011 12:02:36 +0100
+Subject: r8169: RxFIFO overflow oddities with 8168 chipsets.
+
+From: Francois Romieu <romieu@fr.zoreil.com>
+
+commit 1519e57fe81c14bb8fa4855579f19264d1ef63b4 upstream.
+
+Some experiment-based action to prevent my 8168 chipsets locking-up hard
+in the irq handler under load (pktgen ~1Mpps). Apparently a reset is not
+always mandatory (is it at all ?).
+
+- RTL_GIGA_MAC_VER_12
+- RTL_GIGA_MAC_VER_25
+ Missed ~55% packets. Note:
+ - this is an old SiS 965L motherboard
+ - the 8168 chipset emits (lots of) control frames towards the sender
+
+- RTL_GIGA_MAC_VER_26
+ The chipset does not go into a frenzy of mac control pause when it
+ crashes yet but it can still be crashed. It needs more work.
+
+Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
+Cc: Ivan Vecera <ivecera@redhat.com>
+Cc: Hayes <hayeswang@realtek.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/r8169.c | 30 +++++++++++++++++++++---------
+ 1 file changed, 21 insertions(+), 9 deletions(-)
+
+--- a/drivers/net/r8169.c
++++ b/drivers/net/r8169.c
+@@ -758,7 +758,8 @@ static void __rtl8169_check_link_status(
+ if (pm)
+ pm_request_resume(&tp->pci_dev->dev);
+ netif_carrier_on(dev);
+- netif_info(tp, ifup, dev, "link up\n");
++ if (net_ratelimit())
++ netif_info(tp, ifup, dev, "link up\n");
+ } else {
+ netif_carrier_off(dev);
+ netif_info(tp, ifdown, dev, "link down\n");
+@@ -4603,13 +4604,24 @@ static irqreturn_t rtl8169_interrupt(int
+ break;
+ }
+
+- /* Work around for rx fifo overflow */
+- if (unlikely(status & RxFIFOOver) &&
+- (tp->mac_version == RTL_GIGA_MAC_VER_11 ||
+- tp->mac_version == RTL_GIGA_MAC_VER_22)) {
+- netif_stop_queue(dev);
+- rtl8169_tx_timeout(dev);
+- break;
++ if (unlikely(status & RxFIFOOver)) {
++ switch (tp->mac_version) {
++ /* Work around for rx fifo overflow */
++ case RTL_GIGA_MAC_VER_11:
++ case RTL_GIGA_MAC_VER_22:
++ case RTL_GIGA_MAC_VER_26:
++ netif_stop_queue(dev);
++ rtl8169_tx_timeout(dev);
++ goto done;
++ /* Experimental science. Pktgen proof. */
++ case RTL_GIGA_MAC_VER_12:
++ case RTL_GIGA_MAC_VER_25:
++ if (status == RxFIFOOver)
++ goto done;
++ break;
++ default:
++ break;
++ }
+ }
+
+ if (unlikely(status & SYSErr)) {
+@@ -4645,7 +4657,7 @@ static irqreturn_t rtl8169_interrupt(int
+ (status & RxFIFOOver) ? (status | RxOverflow) : status);
+ status = RTL_R16(IntrStatus);
+ }
+-
++done:
+ return IRQ_RETVAL(handled);
+ }
+
--- /dev/null
+From b5ba6d12bdac21bc0620a5089e0f24e362645efd Mon Sep 17 00:00:00 2001
+From: Ivan Vecera <ivecera@redhat.com>
+Date: Thu, 27 Jan 2011 12:24:11 +0100
+Subject: r8169: use RxFIFO overflow workaround for 8168c chipset.
+
+From: Ivan Vecera <ivecera@redhat.com>
+
+commit b5ba6d12bdac21bc0620a5089e0f24e362645efd upstream.
+
+I found that one of the 8168c chipsets (concretely XID 1c4000c0) starts
+generating RxFIFO overflow errors. The result is an infinite loop in
+interrupt handler as the RxFIFOOver is handled only for ...MAC_VER_11.
+With the workaround everything goes fine.
+
+Signed-off-by: Ivan Vecera <ivecera@redhat.com>
+Acked-by: Francois Romieu <romieu@fr.zoreil.com>
+Cc: Hayes <hayeswang@realtek.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/r8169.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/r8169.c
++++ b/drivers/net/r8169.c
+@@ -3725,7 +3725,8 @@ static void rtl_hw_start_8168(struct net
+ RTL_W16(IntrMitigate, 0x5151);
+
+ /* Work around for RxFIFO overflow. */
+- if (tp->mac_version == RTL_GIGA_MAC_VER_11) {
++ if (tp->mac_version == RTL_GIGA_MAC_VER_11 ||
++ tp->mac_version == RTL_GIGA_MAC_VER_22) {
+ tp->intr_event |= RxFIFOOver | PCSTimeout;
+ tp->intr_event &= ~RxOverflow;
+ }
+@@ -4604,7 +4605,8 @@ static irqreturn_t rtl8169_interrupt(int
+
+ /* Work around for rx fifo overflow */
+ if (unlikely(status & RxFIFOOver) &&
+- (tp->mac_version == RTL_GIGA_MAC_VER_11)) {
++ (tp->mac_version == RTL_GIGA_MAC_VER_11 ||
++ tp->mac_version == RTL_GIGA_MAC_VER_22)) {
+ netif_stop_queue(dev);
+ rtl8169_tx_timeout(dev);
+ break;
--- /dev/null
+From 0c3b9168017cbad2c4af3dd65ec93fe646eeaa62 Mon Sep 17 00:00:00 2001
+From: Balbir Singh <balbir@linux.vnet.ibm.com>
+Date: Thu, 3 Mar 2011 17:04:35 +0530
+Subject: sched: Fix sched rt group scheduling when hierachy is enabled
+
+From: Balbir Singh <balbir@linux.vnet.ibm.com>
+
+commit 0c3b9168017cbad2c4af3dd65ec93fe646eeaa62 upstream.
+
+The current sched rt code is broken when it comes to hierarchical
+scheduling, this patch fixes two problems
+
+1. It adds redundant enqueuing (harmless) when it finds a queue
+ has tasks enqueued, but it has no run time and it is not
+ throttled.
+
+2. The most important change is in sched_rt_rq_enqueue/dequeue.
+ The code just picks the rt_rq belonging to the current cpu
+ on which the period timer runs, the patch fixes it, so that
+ the correct rt_se is enqueued/dequeued.
+
+Tested with a simple hierarchy
+
+/c/d, c and d assigned similar runtimes of 50,000 and a while
+1 loop runs within "d". Both c and d get throttled, without
+the patch, the task just stops running and never runs (depends
+on where the sched_rt b/w timer runs). With the patch, the
+task is throttled and runs as expected.
+
+[ bharata, suggestions on how to pick the rt_se belong to the
+ rt_rq and correct cpu ]
+
+Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
+Acked-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
+Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
+LKML-Reference: <20110303113435.GA2868@balbir.in.ibm.com>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/sched_rt.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+--- a/kernel/sched_rt.c
++++ b/kernel/sched_rt.c
+@@ -199,11 +199,12 @@ static void dequeue_rt_entity(struct sch
+
+ static void sched_rt_rq_enqueue(struct rt_rq *rt_rq)
+ {
+- int this_cpu = smp_processor_id();
+ struct task_struct *curr = rq_of_rt_rq(rt_rq)->curr;
+ struct sched_rt_entity *rt_se;
+
+- rt_se = rt_rq->tg->rt_se[this_cpu];
++ int cpu = cpu_of(rq_of_rt_rq(rt_rq));
++
++ rt_se = rt_rq->tg->rt_se[cpu];
+
+ if (rt_rq->rt_nr_running) {
+ if (rt_se && !on_rt_rq(rt_se))
+@@ -215,10 +216,10 @@ static void sched_rt_rq_enqueue(struct r
+
+ static void sched_rt_rq_dequeue(struct rt_rq *rt_rq)
+ {
+- int this_cpu = smp_processor_id();
+ struct sched_rt_entity *rt_se;
++ int cpu = cpu_of(rq_of_rt_rq(rt_rq));
+
+- rt_se = rt_rq->tg->rt_se[this_cpu];
++ rt_se = rt_rq->tg->rt_se[cpu];
+
+ if (rt_se && on_rt_rq(rt_se))
+ dequeue_rt_entity(rt_se);
+@@ -546,8 +547,11 @@ static int do_sched_rt_period_timer(stru
+ if (rt_rq->rt_time || rt_rq->rt_nr_running)
+ idle = 0;
+ raw_spin_unlock(&rt_rq->rt_runtime_lock);
+- } else if (rt_rq->rt_nr_running)
++ } else if (rt_rq->rt_nr_running) {
+ idle = 0;
++ if (!rt_rq_throttled(rt_rq))
++ enqueue = 1;
++ }
+
+ if (enqueue)
+ sched_rt_rq_enqueue(rt_rq);
nfsd-wrong-index-used-in-inner-loop.patch
hid-hid-mosart-ignore-buttons-report.patch
nfs-nfsv4-readdir-loses-entries.patch
+ipvs-fix-dst_lock-locking-on-dest-update.patch
+net-don-t-allow-cap_net_admin-to-load-non-netdev-kernel-modules.patch
+netfilter-arpt_mangle-fix-return-values-of-checkentry.patch
+r8169-use-rxfifo-overflow-workaround-for-8168c-chipset.patch
+r8169-rxfifo-overflow-oddities-with-8168-chipsets.patch
+r8169-prevent-rxfifo-induced-loops-in-the-irq-handler.patch
+drivers-net-call-netif_carrier_off-at-the-end-of-the-probe.patch
+sched-fix-sched-rt-group-scheduling-when-hierachy-is-enabled.patch
+ivtv-fix-corrective-action-taken-upon-dma-err-interrupt-to-avoid-hang.patch
+cx23885-revert-check-for-slave-nack-on-all-transactions.patch
+cx25840-fix-probing-of-cx2583x-chips.patch
+dib7000m-add-pid-filtering.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
