--- /dev/null
+From c6066ab342e8cb3e4e3ec74f7577f099d79465b3 Mon Sep 17 00:00:00 2001
+From: David Henningsson <david.henningsson@canonical.com>
+Date: Tue, 22 Mar 2011 10:23:28 +0100
+Subject: ALSA: HDA: Fix internal mic on Dell E5420/E5520
+
+From: David Henningsson <david.henningsson@canonical.com>
+
+This is a fixup for the 2.6.38 kernel, as the issue is being resolved
+by upstream commits 699d899560cd7e72da39231e584412e7ac8114a4 and
+094a42452abd5564429045e210281c6d22e67fca - which are too invasive
+to reach 2.6.38. Instead make pin fixes as a workaround.
+
+BugLink: http://bugs.launchpad.net/bugs/740055
+Tested-by: Kent Baxley <kent.baxley@canonical.com>
+Signed-off-by: David Henningsson <david.henningsson@canonical.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ sound/pci/hda/patch_sigmatel.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+--- a/sound/pci/hda/patch_sigmatel.c
++++ b/sound/pci/hda/patch_sigmatel.c
+@@ -94,6 +94,7 @@ enum {
+ STAC_92HD83XXX_REF,
+ STAC_92HD83XXX_PWR_REF,
+ STAC_DELL_S14,
++ STAC_DELL_E5520M,
+ STAC_92HD83XXX_HP,
+ STAC_HP_DV7_4000,
+ STAC_92HD83XXX_MODELS
+@@ -1657,6 +1658,13 @@ static unsigned int dell_s14_pin_configs
+ 0x40f000f0, 0x40f000f0,
+ };
+
++/* Switch int mic from 0x20 to 0x11 */
++static unsigned int dell_e5520m_pin_configs[10] = {
++ 0x04a11020, 0x0421101f, 0x400000f0, 0x90170110,
++ 0x23011050, 0x23a1102e, 0x400000f3, 0xd5a30130,
++ 0x400000f0, 0x40f000f0,
++};
++
+ static unsigned int hp_dv7_4000_pin_configs[10] = {
+ 0x03a12050, 0x0321201f, 0x40f000f0, 0x90170110,
+ 0x40f000f0, 0x40f000f0, 0x90170110, 0xd5a30140,
+@@ -1667,6 +1675,7 @@ static unsigned int *stac92hd83xxx_brd_t
+ [STAC_92HD83XXX_REF] = ref92hd83xxx_pin_configs,
+ [STAC_92HD83XXX_PWR_REF] = ref92hd83xxx_pin_configs,
+ [STAC_DELL_S14] = dell_s14_pin_configs,
++ [STAC_DELL_E5520M] = dell_e5520m_pin_configs,
+ [STAC_HP_DV7_4000] = hp_dv7_4000_pin_configs,
+ };
+
+@@ -1675,6 +1684,7 @@ static const char * const stac92hd83xxx_
+ [STAC_92HD83XXX_REF] = "ref",
+ [STAC_92HD83XXX_PWR_REF] = "mic-ref",
+ [STAC_DELL_S14] = "dell-s14",
++ [STAC_DELL_E5520M] = "dell-e5520m",
+ [STAC_92HD83XXX_HP] = "hp",
+ [STAC_HP_DV7_4000] = "hp-dv7-4000",
+ };
+@@ -1687,6 +1697,14 @@ static struct snd_pci_quirk stac92hd83xx
+ "DFI LanParty", STAC_92HD83XXX_REF),
+ SND_PCI_QUIRK(PCI_VENDOR_ID_DELL, 0x02ba,
+ "unknown Dell", STAC_DELL_S14),
++ SND_PCI_QUIRK(PCI_VENDOR_ID_DELL, 0x049a,
++ "Dell E5520", STAC_DELL_E5520M),
++ SND_PCI_QUIRK(PCI_VENDOR_ID_DELL, 0x049b,
++ "Dell E5420", STAC_DELL_E5520M),
++ SND_PCI_QUIRK(PCI_VENDOR_ID_DELL, 0x04eb,
++ "Dell E5420m", STAC_DELL_E5520M),
++ SND_PCI_QUIRK(PCI_VENDOR_ID_DELL, 0x04ec,
++ "Dell E5520m", STAC_DELL_E5520M),
+ SND_PCI_QUIRK_MASK(PCI_VENDOR_ID_HP, 0xff00, 0x3600,
+ "HP", STAC_92HD83XXX_HP),
+ {} /* terminator */
--- /dev/null
+From 8c3c283e6bf463ab498d6e7823aff6c4762314b6 Mon Sep 17 00:00:00 2001
+From: Olaf Hering <olaf@aepfle.de>
+Date: Wed, 16 Mar 2011 22:11:46 -0700
+Subject: Input: xen-kbdfront - advertise either absolute or relative coordinates
+
+From: Olaf Hering <olaf@aepfle.de>
+
+commit 8c3c283e6bf463ab498d6e7823aff6c4762314b6 upstream.
+
+A virtualized display device is usually viewed with the vncviewer
+application, either by 'xm vnc domU' or with vncviewer localhost:port.
+vncviewer and the RFB protocol provides absolute coordinates to the
+virtual display. These coordinates are either passed through to a PV
+guest or converted to relative coordinates for a HVM guest.
+
+A PV guest receives these coordinates and passes them to the kernels
+evdev driver. There it can be picked up by applications such as the
+xorg-input drivers. Using absolute coordinates avoids issues such as
+guest mouse pointer not tracking host mouse pointer due to wrong mouse
+acceleration settings in the guests X display.
+
+Advertise either absolute or relative coordinates to the input system
+and the evdev driver, depending on what dom0 provides. The xorg-input
+driver prefers relative coordinates even if a devices provides both.
+
+Signed-off-by: Olaf Hering <olaf@aepfle.de>
+Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/input/xen-kbdfront.c | 44 +++++++++++++++++++++++--------------------
+ 1 file changed, 24 insertions(+), 20 deletions(-)
+
+--- a/drivers/input/xen-kbdfront.c
++++ b/drivers/input/xen-kbdfront.c
+@@ -110,7 +110,7 @@ static irqreturn_t input_handler(int rq,
+ static int __devinit xenkbd_probe(struct xenbus_device *dev,
+ const struct xenbus_device_id *id)
+ {
+- int ret, i;
++ int ret, i, abs;
+ struct xenkbd_info *info;
+ struct input_dev *kbd, *ptr;
+
+@@ -128,6 +128,11 @@ static int __devinit xenkbd_probe(struct
+ if (!info->page)
+ goto error_nomem;
+
++ if (xenbus_scanf(XBT_NIL, dev->otherend, "feature-abs-pointer", "%d", &abs) < 0)
++ abs = 0;
++ if (abs)
++ xenbus_printf(XBT_NIL, dev->nodename, "request-abs-pointer", "1");
++
+ /* keyboard */
+ kbd = input_allocate_device();
+ if (!kbd)
+@@ -137,11 +142,12 @@ static int __devinit xenkbd_probe(struct
+ kbd->id.bustype = BUS_PCI;
+ kbd->id.vendor = 0x5853;
+ kbd->id.product = 0xffff;
+- kbd->evbit[0] = BIT(EV_KEY);
++
++ __set_bit(EV_KEY, kbd->evbit);
+ for (i = KEY_ESC; i < KEY_UNKNOWN; i++)
+- set_bit(i, kbd->keybit);
++ __set_bit(i, kbd->keybit);
+ for (i = KEY_OK; i < KEY_MAX; i++)
+- set_bit(i, kbd->keybit);
++ __set_bit(i, kbd->keybit);
+
+ ret = input_register_device(kbd);
+ if (ret) {
+@@ -160,12 +166,20 @@ static int __devinit xenkbd_probe(struct
+ ptr->id.bustype = BUS_PCI;
+ ptr->id.vendor = 0x5853;
+ ptr->id.product = 0xfffe;
+- ptr->evbit[0] = BIT(EV_KEY) | BIT(EV_REL) | BIT(EV_ABS);
++
++ if (abs) {
++ __set_bit(EV_ABS, ptr->evbit);
++ input_set_abs_params(ptr, ABS_X, 0, XENFB_WIDTH, 0, 0);
++ input_set_abs_params(ptr, ABS_Y, 0, XENFB_HEIGHT, 0, 0);
++ } else {
++ input_set_capability(ptr, EV_REL, REL_X);
++ input_set_capability(ptr, EV_REL, REL_Y);
++ }
++ input_set_capability(ptr, EV_REL, REL_WHEEL);
++
++ __set_bit(EV_KEY, ptr->evbit);
+ for (i = BTN_LEFT; i <= BTN_TASK; i++)
+- set_bit(i, ptr->keybit);
+- ptr->relbit[0] = BIT(REL_X) | BIT(REL_Y) | BIT(REL_WHEEL);
+- input_set_abs_params(ptr, ABS_X, 0, XENFB_WIDTH, 0, 0);
+- input_set_abs_params(ptr, ABS_Y, 0, XENFB_HEIGHT, 0, 0);
++ __set_bit(i, ptr->keybit);
+
+ ret = input_register_device(ptr);
+ if (ret) {
+@@ -272,7 +286,7 @@ static void xenkbd_backend_changed(struc
+ enum xenbus_state backend_state)
+ {
+ struct xenkbd_info *info = dev_get_drvdata(&dev->dev);
+- int ret, val;
++ int val;
+
+ switch (backend_state) {
+ case XenbusStateInitialising:
+@@ -285,16 +299,6 @@ static void xenkbd_backend_changed(struc
+
+ case XenbusStateInitWait:
+ InitWait:
+- ret = xenbus_scanf(XBT_NIL, info->xbdev->otherend,
+- "feature-abs-pointer", "%d", &val);
+- if (ret < 0)
+- val = 0;
+- if (val) {
+- ret = xenbus_printf(XBT_NIL, info->xbdev->nodename,
+- "request-abs-pointer", "1");
+- if (ret)
+- pr_warning("can't request abs-pointer\n");
+- }
+ xenbus_switch_state(dev, XenbusStateConnected);
+ break;
+
--- /dev/null
+From ef2b4b95a63a1d23958dcb99eb2c6898eddc87d0 Mon Sep 17 00:00:00 2001
+From: Andrea Arcangeli <aarcange@redhat.com>
+Date: Fri, 18 Mar 2011 00:16:35 +0100
+Subject: mm: PageBuddy and mapcount robustness
+
+From: Andrea Arcangeli <aarcange@redhat.com>
+
+commit ef2b4b95a63a1d23958dcb99eb2c6898eddc87d0 upstream.
+
+Change the _mapcount value indicating PageBuddy from -2 to -128 for
+more robusteness against page_mapcount() undeflows.
+
+Use reset_page_mapcount instead of __ClearPageBuddy in bad_page to
+ignore the previous retval of PageBuddy().
+
+Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
+Reported-by: Hugh Dickins <hughd@google.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/linux/mm.h | 11 +++++++++--
+ mm/page_alloc.c | 4 ++--
+ 2 files changed, 11 insertions(+), 4 deletions(-)
+
+--- a/include/linux/mm.h
++++ b/include/linux/mm.h
+@@ -402,16 +402,23 @@ static inline void init_page_count(struc
+ /*
+ * PageBuddy() indicate that the page is free and in the buddy system
+ * (see mm/page_alloc.c).
++ *
++ * PAGE_BUDDY_MAPCOUNT_VALUE must be <= -2 but better not too close to
++ * -2 so that an underflow of the page_mapcount() won't be mistaken
++ * for a genuine PAGE_BUDDY_MAPCOUNT_VALUE. -128 can be created very
++ * efficiently by most CPU architectures.
+ */
++#define PAGE_BUDDY_MAPCOUNT_VALUE (-128)
++
+ static inline int PageBuddy(struct page *page)
+ {
+- return atomic_read(&page->_mapcount) == -2;
++ return atomic_read(&page->_mapcount) == PAGE_BUDDY_MAPCOUNT_VALUE;
+ }
+
+ static inline void __SetPageBuddy(struct page *page)
+ {
+ VM_BUG_ON(atomic_read(&page->_mapcount) != -1);
+- atomic_set(&page->_mapcount, -2);
++ atomic_set(&page->_mapcount, PAGE_BUDDY_MAPCOUNT_VALUE);
+ }
+
+ static inline void __ClearPageBuddy(struct page *page)
+--- a/mm/page_alloc.c
++++ b/mm/page_alloc.c
+@@ -286,7 +286,7 @@ static void bad_page(struct page *page)
+
+ /* Don't complain about poisoned pages */
+ if (PageHWPoison(page)) {
+- __ClearPageBuddy(page);
++ reset_page_mapcount(page); /* remove PageBuddy */
+ return;
+ }
+
+@@ -317,7 +317,7 @@ static void bad_page(struct page *page)
+ dump_stack();
+ out:
+ /* Leave bad fields for debug, except PageBuddy could make trouble */
+- __ClearPageBuddy(page);
++ reset_page_mapcount(page); /* remove PageBuddy */
+ add_taint(TAINT_BAD_PAGE);
+ }
+
--- /dev/null
+From 47e9037ac16637cd7f12b8790ea7ce6680e42168 Mon Sep 17 00:00:00 2001
+From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+Date: Mon, 28 Feb 2011 16:20:11 +0000
+Subject: PCI hotplug: acpiphp: set current_state to D0 in register_slot
+
+From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+
+commit 47e9037ac16637cd7f12b8790ea7ce6680e42168 upstream.
+
+If a device doesn't support power management (pm_cap == 0) but it is
+acpi_pci_power_manageable() because there is a _PS0 method declared for
+it and _EJ0 is also declared for the slot then nobody is going to set
+current_state = PCI_D0 for this device. This is what I think it is
+happening:
+
+pci_enable_device
+ |
+__pci_enable_device_flags
+/* here we do not set current_state because !pm_cap */
+ |
+do_pci_enable_device
+ |
+pci_set_power_state
+ |
+__pci_start_power_transition
+ |
+pci_platform_power_transition
+/* platform_pci_power_manageable() calls acpi_pci_power_manageable that
+ * returns true */
+ |
+platform_pci_set_power_state
+/* acpi_pci_set_power_state gets called and does nothing because the
+ * acpi device has _EJ0, see the comment "If the ACPI device has _EJ0,
+ * ignore the device" */
+
+at this point if we refer to the commit message that introduced the
+comment above (10b3dcae0f275e2546e55303d64ddbb58cec7599), it is up to
+the hotplug driver to set the state to D0.
+However AFAICT the pci hotplug driver never does, in fact
+drivers/pci/hotplug/acpiphp_glue.c:register_slot sets the slot flags to
+(SLOT_ENABLED | SLOT_POWEREDON) but it does not set the pci device
+current state to PCI_D0.
+
+So my proposed fix is also to set current_state = PCI_D0 in
+register_slot.
+Comments are very welcome.
+
+Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/pci/hotplug/acpiphp_glue.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/pci/hotplug/acpiphp_glue.c
++++ b/drivers/pci/hotplug/acpiphp_glue.c
+@@ -212,6 +212,7 @@ register_slot(acpi_handle handle, u32 lv
+
+ pdev = pci_get_slot(pbus, PCI_DEVFN(device, function));
+ if (pdev) {
++ pdev->current_state = PCI_D0;
+ slot->flags |= (SLOT_ENABLED | SLOT_POWEREDON);
+ pci_dev_put(pdev);
+ }
--- /dev/null
+From da48524eb20662618854bb3df2db01fc65f3070c Mon Sep 17 00:00:00 2001
+From: Julien Tinnes <jln@google.com>
+Date: Fri, 18 Mar 2011 15:05:21 -0700
+Subject: Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code
+
+From: Julien Tinnes <jln@google.com>
+
+commit da48524eb20662618854bb3df2db01fc65f3070c upstream.
+
+Userland should be able to trust the pid and uid of the sender of a
+signal if the si_code is SI_TKILL.
+
+Unfortunately, the kernel has historically allowed sigqueueinfo() to
+send any si_code at all (as long as it was negative - to distinguish it
+from kernel-generated signals like SIGILL etc), so it could spoof a
+SI_TKILL with incorrect siginfo values.
+
+Happily, it looks like glibc has always set si_code to the appropriate
+SI_QUEUE, so there are probably no actual user code that ever uses
+anything but the appropriate SI_QUEUE flag.
+
+So just tighten the check for si_code (we used to allow any negative
+value), and add a (one-time) warning in case there are binaries out
+there that might depend on using other si_code values.
+
+Signed-off-by: Julien Tinnes <jln@google.com>
+Acked-by: Oleg Nesterov <oleg@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/signal.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+--- a/kernel/signal.c
++++ b/kernel/signal.c
+@@ -2421,9 +2421,13 @@ SYSCALL_DEFINE3(rt_sigqueueinfo, pid_t,
+ return -EFAULT;
+
+ /* Not even root can pretend to send signals from the kernel.
+- Nor can they impersonate a kill(), which adds source info. */
+- if (info.si_code >= 0)
++ * Nor can they impersonate a kill()/tgkill(), which adds source info.
++ */
++ if (info.si_code != SI_QUEUE) {
++ /* We used to allow any < 0 si_code */
++ WARN_ON_ONCE(info.si_code < 0);
+ return -EPERM;
++ }
+ info.si_signo = sig;
+
+ /* POSIX.1b doesn't mention process groups. */
+@@ -2437,9 +2441,13 @@ long do_rt_tgsigqueueinfo(pid_t tgid, pi
+ return -EINVAL;
+
+ /* Not even root can pretend to send signals from the kernel.
+- Nor can they impersonate a kill(), which adds source info. */
+- if (info->si_code >= 0)
++ * Nor can they impersonate a kill()/tgkill(), which adds source info.
++ */
++ if (info->si_code != SI_QUEUE) {
++ /* We used to allow any < 0 si_code */
++ WARN_ON_ONCE(info->si_code < 0);
+ return -EPERM;
++ }
+ info->si_signo = sig;
+
+ return do_send_specific(tgid, pid, sig, info);
oom-prevent-unnecessary-oom-kills-or-kernel-panics.patch
oom-skip-zombies-when-iterating-tasklist.patch
oom-avoid-deferring-oom-killer-if-exiting-task-is-being-traced.patch
+pci-hotplug-acpiphp-set-current_state-to-d0-in-register_slot.patch
+input-xen-kbdfront-advertise-either-absolute-or-relative-coordinates.patch
+xen-set-max_pfn_mapped-to-the-last-pfn-mapped.patch
+prevent-rt_sigqueueinfo-and-rt_tgsigqueueinfo-from-spoofing-the-signal-code.patch
+alsa-hda-fix-internal-mic-on-dell-e5420-e5520.patch
+mm-pagebuddy-and-mapcount-robustness.patch
--- /dev/null
+From 14988a4d350ce3b41ecad4f63c4f44c56f5ae34d Mon Sep 17 00:00:00 2001
+From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+Date: Fri, 18 Feb 2011 11:32:40 +0000
+Subject: xen: set max_pfn_mapped to the last pfn mapped
+
+From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+
+commit 14988a4d350ce3b41ecad4f63c4f44c56f5ae34d upstream.
+
+Do not set max_pfn_mapped to the end of the initial memory mappings,
+that also contain pages that don't belong in pfn space (like the mfn
+list).
+
+Set max_pfn_mapped to the last real pfn mapped in the initial memory
+mappings that is the pfn backing _end.
+
+Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+LKML-Reference: <alpine.DEB.2.00.1103171739050.3382@kaball-desktop>
+Signed-off-by: H. Peter Anvin <hpa@zytor.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/xen/mmu.c | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+--- a/arch/x86/xen/mmu.c
++++ b/arch/x86/xen/mmu.c
+@@ -1651,9 +1651,6 @@ static __init void xen_map_identity_earl
+ for (pteidx = 0; pteidx < PTRS_PER_PTE; pteidx++, pfn++) {
+ pte_t pte;
+
+- if (pfn > max_pfn_mapped)
+- max_pfn_mapped = pfn;
+-
+ if (!pte_none(pte_page[pteidx]))
+ continue;
+
+@@ -1711,6 +1708,12 @@ __init pgd_t *xen_setup_kernel_pagetable
+ pud_t *l3;
+ pmd_t *l2;
+
++ /* max_pfn_mapped is the last pfn mapped in the initial memory
++ * mappings. Considering that on Xen after the kernel mappings we
++ * have the mappings of some pages that don't exist in pfn space, we
++ * set max_pfn_mapped to the last real pfn mapped. */
++ max_pfn_mapped = PFN_DOWN(__pa(xen_start_info->mfn_list));
++
+ /* Zap identity mapping */
+ init_level4_pgt[0] = __pgd(0);
+
+@@ -1815,9 +1818,7 @@ __init pgd_t *xen_setup_kernel_pagetable
+ initial_kernel_pmd =
+ extend_brk(sizeof(pmd_t) * PTRS_PER_PMD, PAGE_SIZE);
+
+- max_pfn_mapped = PFN_DOWN(__pa(xen_start_info->pt_base) +
+- xen_start_info->nr_pt_frames * PAGE_SIZE +
+- 512*1024);
++ max_pfn_mapped = PFN_DOWN(__pa(xen_start_info->mfn_list));
+
+ kernel_pmd = m2v(pgd[KERNEL_PGD_BOUNDARY].pgd);
+ memcpy(initial_kernel_pmd, kernel_pmd, sizeof(pmd_t) * PTRS_PER_PMD);
projects / thirdparty / kernel / stable-queue.git / commitdiff
