--- /dev/null
+From 8b0162a3dc5c30e862b7a73da29e32de3170f5e4 Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@openwrt.org>
+Date: Mon, 3 Nov 2008 11:27:38 +0100
+Subject: ath5k: ignore the return value of ath5k_hw_noise_floor_calibration
+
+From: Felix Fietkau <nbd@openwrt.org>
+
+commit 8b0162a3dc5c30e862b7a73da29e32de3170f5e4 upstream.
+
+Noise floor calibration occasionally fails on Atheros hardware.
+This is not fatal and can happen if there's simply too much
+noise on the air. Ignoring the calibration error is the right
+thing to do here, because when the error is ignored, the hardware
+will still work, whereas if the error causes the driver to bail out
+of a bigger configuration function and does not configure the tx
+queues or the IMR (as is the case in reset.c), the hw no longer
+works properly until the next reset.
+
+Signed-off-by: Felix Fietkau <nbd@openwrt.org>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Cc: Bob Copeland <me@bobcopeland.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/ath5k/phy.c | 4 +---
+ drivers/net/wireless/ath5k/reset.c | 4 +---
+ 2 files changed, 2 insertions(+), 6 deletions(-)
+
+--- a/drivers/net/wireless/ath5k/phy.c
++++ b/drivers/net/wireless/ath5k/phy.c
+@@ -2195,9 +2195,7 @@ static int ath5k_hw_rf5110_calibrate(str
+ return ret;
+ }
+
+- ret = ath5k_hw_noise_floor_calibration(ah, channel->center_freq);
+- if (ret)
+- return ret;
++ ath5k_hw_noise_floor_calibration(ah, channel->center_freq);
+
+ /*
+ * Re-enable RX/TX and beacons
+--- a/drivers/net/wireless/ath5k/reset.c
++++ b/drivers/net/wireless/ath5k/reset.c
+@@ -842,9 +842,7 @@ int ath5k_hw_reset(struct ath5k_hw *ah,
+ *
+ * XXX: Find an interval that's OK for all cards...
+ */
+- ret = ath5k_hw_noise_floor_calibration(ah, channel->center_freq);
+- if (ret)
+- return ret;
++ ath5k_hw_noise_floor_calibration(ah, channel->center_freq);
+
+ /*
+ * Reset queues and start beacon timers at the end of the reset routine
--- /dev/null
+From ffb826767bffda61426d964a8fc24a216a14b0bd Mon Sep 17 00:00:00 2001
+From: Luis R. Rodriguez <lrodriguez@atheros.com>
+Date: Mon, 3 Nov 2008 14:43:01 -0800
+Subject: ath9k: enable RXing of beacons on STA/IBSS
+
+From: Luis R. Rodriguez <lrodriguez@atheros.com>
+
+commit ffb826767bffda61426d964a8fc24a216a14b0bd upstream.
+
+This enables beacons to come through on STA/IBSS.
+It should fix sporadic connection issues. Right now
+mac80211 expect beacons so give it beacons.
+
+Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/ath9k/recv.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/drivers/net/wireless/ath9k/recv.c
++++ b/drivers/net/wireless/ath9k/recv.c
+@@ -627,9 +627,8 @@ u32 ath_calcrxfilter(struct ath_softc *s
+ rfilt &= ~ATH9K_RX_FILTER_UCAST;
+ }
+
+- if (((sc->sc_ah->ah_opmode == ATH9K_M_STA) &&
+- (sc->rx_filter & FIF_BCN_PRBRESP_PROMISC)) ||
+- (sc->sc_ah->ah_opmode == ATH9K_M_IBSS))
++ if (sc->sc_ah->ah_opmode == ATH9K_M_STA ||
++ sc->sc_ah->ah_opmode == ATH9K_M_IBSS)
+ rfilt |= ATH9K_RX_FILTER_BEACON;
+
+ /* If in HOSTAP mode, want to enable reception of PSPOLL frames
--- /dev/null
+From a17d5232de7b53d34229de79ec22f4bb04adb7e4 Mon Sep 17 00:00:00 2001
+From: Duane Griffin <duaneg@dghda.com>
+Date: Fri, 19 Dec 2008 20:47:10 +0000
+Subject: eCryptfs: check readlink result was not an error before using it
+
+From: Duane Griffin <duaneg@dghda.com>
+
+commit a17d5232de7b53d34229de79ec22f4bb04adb7e4 upstream.
+
+The result from readlink is being used to index into the link name
+buffer without checking whether it is a valid length. If readlink
+returns an error this will fault or cause memory corruption.
+
+Cc: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
+Cc: Dustin Kirkland <kirkland@canonical.com>
+Cc: ecryptfs-devel@lists.launchpad.net
+Signed-off-by: Duane Griffin <duaneg@dghda.com>
+Acked-by: Michael Halcrow <mhalcrow@us.ibm.com>
+Acked-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/ecryptfs/inode.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/ecryptfs/inode.c
++++ b/fs/ecryptfs/inode.c
+@@ -673,10 +673,11 @@ static void *ecryptfs_follow_link(struct
+ ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ "
+ "dentry->d_name.name = [%s]\n", dentry->d_name.name);
+ rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len);
+- buf[rc] = '\0';
+ set_fs(old_fs);
+ if (rc < 0)
+ goto out_free;
++ else
++ buf[rc] = '\0';
+ rc = 0;
+ nd_set_link(nd, buf);
+ goto out;
--- /dev/null
+From dc711ca35f9d95a1eec02118e0c298b5e3068315 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Mon, 3 Nov 2008 15:03:50 -0500
+Subject: fix switch_names() breakage in short-to-short case
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit dc711ca35f9d95a1eec02118e0c298b5e3068315 upstream.
+
+We want ->name.len to match the resulting name on *both*
+source and target
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/dcache.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/fs/dcache.c
++++ b/fs/dcache.c
+@@ -1620,8 +1620,11 @@ static void switch_names(struct dentry *
+ */
+ memcpy(dentry->d_iname, target->d_name.name,
+ target->d_name.len + 1);
++ dentry->d_name.len = target->d_name.len;
++ return;
+ }
+ }
++ do_switch(dentry->d_name.len, target->d_name.len);
+ }
+
+ /*
+@@ -1681,7 +1684,6 @@ already_unhashed:
+
+ /* Switch the names.. */
+ switch_names(dentry, target);
+- do_switch(dentry->d_name.len, target->d_name.len);
+ do_switch(dentry->d_name.hash, target->d_name.hash);
+
+ /* ... and switch the parents */
+@@ -1791,7 +1793,6 @@ static void __d_materialise_dentry(struc
+ struct dentry *dparent, *aparent;
+
+ switch_names(dentry, anon);
+- do_switch(dentry->d_name.len, anon->d_name.len);
+ do_switch(dentry->d_name.hash, anon->d_name.hash);
+
+ dparent = dentry->d_parent;
--- /dev/null
+From 62568510b8e2679cbc331d7de10ea9ba81ae8b3d Mon Sep 17 00:00:00 2001
+From: Bernd Schmidt <bernds_cb1@t-online.de>
+Date: Tue, 13 Jan 2009 22:14:48 +0100
+Subject: Fix timeouts in sys_pselect7
+
+From: Bernd Schmidt <bernds_cb1@t-online.de>
+
+commit 62568510b8e2679cbc331d7de10ea9ba81ae8b3d upstream.
+
+Since we (Analog Devices) updated our Blackfin kernel to 2.6.28, we've
+seen occasional 5-second hangs from telnet. telnetd calls select with a
+NULL timeout, but with the new kernel, the system call occasionally
+returns 0, which causes telnet to call sleep (5). This did not happen
+with earlier kernels.
+
+The code in sys_pselect7 looks a bit strange, in particular the variable
+"to" is initialized to NULL, then changed if a non-null timeout was
+passed in, but not used further. It needs to be passed to
+core_sys_select instead of &end_time.
+
+This bug was introduced by 8ff3e8e85fa6c312051134b3953e397feb639f51
+("select: switch select() and poll() over to hrtimers").
+
+Signed-off-by: Bernd Schmidt <bernd.schmidt@analog.com>
+Reviewed-by: Ulrich Drepper <drepper@redhat.com>
+Tested-by: Robin Getz <rgetz@blackfin.uclinux.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/select.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/select.c
++++ b/fs/select.c
+@@ -560,7 +560,7 @@ static long do_pselect(int n, fd_set __u
+ sigprocmask(SIG_SETMASK, &ksigmask, &sigsaved);
+ }
+
+- ret = core_sys_select(n, inp, outp, exp, &end_time);
++ ret = core_sys_select(n, inp, outp, exp, to);
+ ret = poll_select_copy_remaining(&end_time, tsp, 0, ret);
+
+ if (ret == -ERESTARTNOHAND) {
--- /dev/null
+From 8916edef5888c5d8fe283714416a9ca95b4c3431 Mon Sep 17 00:00:00 2001
+From: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
+Date: Sun, 4 Jan 2009 05:40:37 +0900
+Subject: getrusage: RUSAGE_THREAD should return ru_utime and ru_stime
+
+From: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
+
+commit 8916edef5888c5d8fe283714416a9ca95b4c3431 upstream.
+
+Impact: task stats regression fix
+
+Original getrusage(RUSAGE_THREAD) implementation can return ru_utime and
+ru_stime. But commit "f06febc: timers: fix itimer/many thread hang" broke it.
+
+this patch restores it.
+
+Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
+Acked-by: Roland McGrath <roland@redhat.com>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/sys.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/kernel/sys.c
++++ b/kernel/sys.c
+@@ -1553,6 +1553,8 @@ static void k_getrusage(struct task_stru
+ utime = stime = cputime_zero;
+
+ if (who == RUSAGE_THREAD) {
++ utime = task_utime(current);
++ stime = task_stime(current);
+ accumulate_thread_rusage(p, r);
+ goto out;
+ }
--- /dev/null
+From 4dfdc46468a142216b284eea66040f49df3f7191 Mon Sep 17 00:00:00 2001
+From: Jiri Kosina <jkosina@suse.cz>
+Date: Tue, 30 Dec 2008 00:49:59 +0100
+Subject: HID: fix error condition propagation in hid-sony driver
+
+From: Jiri Kosina <jkosina@suse.cz>
+
+commit 4dfdc46468a142216b284eea66040f49df3f7191 upstream.
+
+sony_set_operational() only propagates return value from
+usb_control_msg(), which returns negative on error and number
+of transferred bytes otherwise.
+
+Reported-by: Marcin Tolysz <tolysz@gmail.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/hid/hid-sony.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/hid/hid-sony.c
++++ b/drivers/hid/hid-sony.c
+@@ -102,7 +102,7 @@ static int sony_probe(struct hid_device
+ }
+
+ ret = sony_set_operational(hdev);
+- if (ret)
++ if (ret < 0)
+ goto err_stop;
+
+ return 0;
--- /dev/null
+From 1c41fa8288277e76785acb50f52bb2f39509f903 Mon Sep 17 00:00:00 2001
+From: Brian King <brking@linux.vnet.ibm.com>
+Date: Wed, 3 Dec 2008 11:02:54 -0600
+Subject: [SCSI] ibmvfc: Delay NPIV login retry and add retries
+
+From: Brian King <brking@linux.vnet.ibm.com>
+
+commit 1c41fa8288277e76785acb50f52bb2f39509f903 upstream.
+
+Adds a delay prior to retrying a failed NPIV login. This fixes
+a scenario if the backing fibre channel adapter is getting reset
+due to an EEH event, NPIV login will fail. Currently, ibmvfc
+retries three times very quickly, resets the CRQ and tries one
+more time. If the adapter is getting reset due to EEH, this isn't
+enough time. This adds a delay prior to retrying a failed NPIV
+login and also increments the number of retries.
+
+Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
+Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/scsi/ibmvscsi/ibmvfc.c | 17 ++++++++++++-----
+ drivers/scsi/ibmvscsi/ibmvfc.h | 4 +++-
+ 2 files changed, 15 insertions(+), 6 deletions(-)
+
+--- a/drivers/scsi/ibmvscsi/ibmvfc.c
++++ b/drivers/scsi/ibmvscsi/ibmvfc.c
+@@ -566,7 +566,7 @@ static void ibmvfc_init_host(struct ibmv
+ struct ibmvfc_target *tgt;
+
+ if (vhost->action == IBMVFC_HOST_ACTION_INIT_WAIT) {
+- if (++vhost->init_retries > IBMVFC_MAX_INIT_RETRIES) {
++ if (++vhost->init_retries > IBMVFC_MAX_HOST_INIT_RETRIES) {
+ dev_err(vhost->dev,
+ "Host initialization retries exceeded. Taking adapter offline\n");
+ ibmvfc_link_down(vhost, IBMVFC_HOST_OFFLINE);
+@@ -847,11 +847,12 @@ static void ibmvfc_reset_host(struct ibm
+ static void ibmvfc_retry_host_init(struct ibmvfc_host *vhost)
+ {
+ if (vhost->action == IBMVFC_HOST_ACTION_INIT_WAIT) {
+- if (++vhost->init_retries > IBMVFC_MAX_INIT_RETRIES) {
++ vhost->delay_init = 1;
++ if (++vhost->init_retries > IBMVFC_MAX_HOST_INIT_RETRIES) {
+ dev_err(vhost->dev,
+ "Host initialization retries exceeded. Taking adapter offline\n");
+ ibmvfc_link_down(vhost, IBMVFC_HOST_OFFLINE);
+- } else if (vhost->init_retries == IBMVFC_MAX_INIT_RETRIES)
++ } else if (vhost->init_retries == IBMVFC_MAX_HOST_INIT_RETRIES)
+ __ibmvfc_reset_host(vhost);
+ else
+ ibmvfc_set_host_action(vhost, IBMVFC_HOST_ACTION_INIT);
+@@ -2669,7 +2670,7 @@ static void ibmvfc_init_tgt(struct ibmvf
+ static void ibmvfc_retry_tgt_init(struct ibmvfc_target *tgt,
+ void (*job_step) (struct ibmvfc_target *))
+ {
+- if (++tgt->init_retries > IBMVFC_MAX_INIT_RETRIES) {
++ if (++tgt->init_retries > IBMVFC_MAX_TGT_INIT_RETRIES) {
+ ibmvfc_set_tgt_action(tgt, IBMVFC_TGT_ACTION_DEL_RPORT);
+ wake_up(&tgt->vhost->work_wait_q);
+ } else
+@@ -3519,7 +3520,13 @@ static void ibmvfc_do_work(struct ibmvfc
+ break;
+ case IBMVFC_HOST_ACTION_INIT:
+ BUG_ON(vhost->state != IBMVFC_INITIALIZING);
+- vhost->job_step(vhost);
++ if (vhost->delay_init) {
++ vhost->delay_init = 0;
++ spin_unlock_irqrestore(vhost->host->host_lock, flags);
++ ssleep(5);
++ return;
++ } else
++ vhost->job_step(vhost);
+ break;
+ case IBMVFC_HOST_ACTION_QUERY:
+ list_for_each_entry(tgt, &vhost->targets, queue)
+--- a/drivers/scsi/ibmvscsi/ibmvfc.h
++++ b/drivers/scsi/ibmvscsi/ibmvfc.h
+@@ -43,7 +43,8 @@
+ #define IBMVFC_MAX_DISC_THREADS 4
+ #define IBMVFC_TGT_MEMPOOL_SZ 64
+ #define IBMVFC_MAX_CMDS_PER_LUN 64
+-#define IBMVFC_MAX_INIT_RETRIES 3
++#define IBMVFC_MAX_HOST_INIT_RETRIES 6
++#define IBMVFC_MAX_TGT_INIT_RETRIES 3
+ #define IBMVFC_DEV_LOSS_TMO (5 * 60)
+ #define IBMVFC_DEFAULT_LOG_LEVEL 2
+ #define IBMVFC_MAX_CDB_LEN 16
+@@ -671,6 +672,7 @@ struct ibmvfc_host {
+ int discovery_threads;
+ int client_migrated;
+ int reinit;
++ int delay_init;
+ int events_to_log;
+ #define IBMVFC_AE_LINKUP 0x0001
+ #define IBMVFC_AE_LINKDOWN 0x0002
--- /dev/null
+From d2131b33c7e07c2905ee2f2321cc4dae1928c483 Mon Sep 17 00:00:00 2001
+From: Brian King <brking@linux.vnet.ibm.com>
+Date: Thu, 18 Dec 2008 09:26:51 -0600
+Subject: [SCSI] ibmvfc: Improve async event handling
+
+From: Brian King <brking@linux.vnet.ibm.com>
+
+commit d2131b33c7e07c2905ee2f2321cc4dae1928c483 upstream.
+
+While doing various error injection testing, such as cable
+pulls and target moves, some issues were observed in handling
+these events. This patch improves the way these events are handled
+by increasing the delay waiting for the fabric to settle and also
+changes the behavior of Link Up to break the CRQ to ensure everything
+gets cleaned up properly on the VIOS.
+
+Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
+Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/scsi/ibmvscsi/ibmvfc.c | 10 ++++++----
+ drivers/scsi/ibmvscsi/ibmvfc.h | 2 +-
+ 2 files changed, 7 insertions(+), 5 deletions(-)
+
+--- a/drivers/scsi/ibmvscsi/ibmvfc.c
++++ b/drivers/scsi/ibmvscsi/ibmvfc.c
+@@ -2090,15 +2090,17 @@ static void ibmvfc_handle_async(struct i
+ case IBMVFC_AE_LINK_UP:
+ case IBMVFC_AE_RESUME:
+ vhost->events_to_log |= IBMVFC_AE_LINKUP;
+- ibmvfc_init_host(vhost, 1);
++ vhost->delay_init = 1;
++ __ibmvfc_reset_host(vhost);
+ break;
+ case IBMVFC_AE_SCN_FABRIC:
++ case IBMVFC_AE_SCN_DOMAIN:
+ vhost->events_to_log |= IBMVFC_AE_RSCN;
+- ibmvfc_init_host(vhost, 1);
++ vhost->delay_init = 1;
++ __ibmvfc_reset_host(vhost);
+ break;
+ case IBMVFC_AE_SCN_NPORT:
+ case IBMVFC_AE_SCN_GROUP:
+- case IBMVFC_AE_SCN_DOMAIN:
+ vhost->events_to_log |= IBMVFC_AE_RSCN;
+ case IBMVFC_AE_ELS_LOGO:
+ case IBMVFC_AE_ELS_PRLO:
+@@ -3523,7 +3525,7 @@ static void ibmvfc_do_work(struct ibmvfc
+ if (vhost->delay_init) {
+ vhost->delay_init = 0;
+ spin_unlock_irqrestore(vhost->host->host_lock, flags);
+- ssleep(5);
++ ssleep(15);
+ return;
+ } else
+ vhost->job_step(vhost);
+--- a/drivers/scsi/ibmvscsi/ibmvfc.h
++++ b/drivers/scsi/ibmvscsi/ibmvfc.h
+@@ -33,7 +33,7 @@
+ #define IBMVFC_DRIVER_DATE "(August 14, 2008)"
+
+ #define IBMVFC_DEFAULT_TIMEOUT 15
+-#define IBMVFC_INIT_TIMEOUT 30
++#define IBMVFC_INIT_TIMEOUT 120
+ #define IBMVFC_MAX_REQUESTS_DEFAULT 100
+
+ #define IBMVFC_DEBUG 0
--- /dev/null
+From 18e6959c385f3edf3991fa6662a53dac4eb10d5b Mon Sep 17 00:00:00 2001
+From: Nick Piggin <npiggin@suse.de>
+Date: Wed, 14 Jan 2009 07:28:16 +0100
+Subject: mm: fix assertion
+
+From: Nick Piggin <npiggin@suse.de>
+
+commit 18e6959c385f3edf3991fa6662a53dac4eb10d5b upstream.
+
+This assertion is incorrect for lockless pagecache. By definition if we
+have an unpinned page that we are trying to take a speculative reference
+to, it may become the tail of a compound page at any time (if it is
+freed, then reallocated as a compound page).
+
+It was still a valid assertion for the vmscan.c LRU isolation case, but
+it doesn't seem incredibly helpful... if somebody wants it, they can
+put it back directly where it applies in the vmscan code.
+
+Signed-off-by: Nick Piggin <npiggin@suse.de>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/linux/mm.h | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/include/linux/mm.h
++++ b/include/linux/mm.h
+@@ -253,7 +253,6 @@ static inline int put_page_testzero(stru
+ */
+ static inline int get_page_unless_zero(struct page *page)
+ {
+- VM_BUG_ON(PageTail(page));
+ return atomic_inc_not_zero(&page->_count);
+ }
+
--- /dev/null
+From e8c82c2e23e3527e0c9dc195e432c16784d270fa Mon Sep 17 00:00:00 2001
+From: Nick Piggin <npiggin@suse.de>
+Date: Tue, 6 Jan 2009 03:05:50 +0100
+Subject: mm lockless pagecache barrier fix
+
+From: Nick Piggin <npiggin@suse.de>
+
+commit e8c82c2e23e3527e0c9dc195e432c16784d270fa upstream.
+
+An XFS workload showed up a bug in the lockless pagecache patch. Basically it
+would go into an "infinite" loop, although it would sometimes be able to break
+out of the loop! The reason is a missing compiler barrier in the "increment
+reference count unless it was zero" case of the lockless pagecache protocol in
+the gang lookup functions.
+
+This would cause the compiler to use a cached value of struct page pointer to
+retry the operation with, rather than reload it. So the page might have been
+removed from pagecache and freed (refcount==0) but the lookup would not correctly
+notice the page is no longer in pagecache, and keep attempting to increment the
+refcount and failing, until the page gets reallocated for something else. This
+isn't a data corruption because the condition will be detected if the page has
+been reallocated. However it can result in a lockup.
+
+Linus points out that ACCESS_ONCE is also required in that pointer load, even
+if it's absence is not causing a bug on our particular build. The most general
+way to solve this is just to put an rcu_dereference in radix_tree_deref_slot.
+
+Assembly of find_get_pages,
+before:
+.L220:
+ movq (%rbx), %rax #* ivtmp.1162, tmp82
+ movq (%rax), %rdi #, prephitmp.1149
+.L218:
+ testb $1, %dil #, prephitmp.1149
+ jne .L217 #,
+ testq %rdi, %rdi # prephitmp.1149
+ je .L203 #,
+ cmpq $-1, %rdi #, prephitmp.1149
+ je .L217 #,
+ movl 8(%rdi), %esi # <variable>._count.counter, c
+ testl %esi, %esi # c
+ je .L218 #,
+
+after:
+.L212:
+ movq (%rbx), %rax #* ivtmp.1109, tmp81
+ movq (%rax), %rdi #, ret
+ testb $1, %dil #, ret
+ jne .L211 #,
+ testq %rdi, %rdi # ret
+ je .L197 #,
+ cmpq $-1, %rdi #, ret
+ je .L211 #,
+ movl 8(%rdi), %esi # <variable>._count.counter, c
+ testl %esi, %esi # c
+ je .L212 #,
+
+(notice the obvious infinite loop in the first example, if page->count remains 0)
+
+Signed-off-by: Nick Piggin <npiggin@suse.de>
+Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/linux/radix-tree.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/linux/radix-tree.h
++++ b/include/linux/radix-tree.h
+@@ -136,7 +136,7 @@ do { \
+ */
+ static inline void *radix_tree_deref_slot(void **pslot)
+ {
+- void *ret = *pslot;
++ void *ret = rcu_dereference(*pslot);
+ if (unlikely(radix_tree_is_indirect_ptr(ret)))
+ ret = RADIX_TREE_RETRY;
+ return ret;
--- /dev/null
+From ddccf307a3599e452804e228d8ed30fba578923e Mon Sep 17 00:00:00 2001
+From: Reinhard Nissl <rnissl@gmx.de>
+Date: Thu, 11 Dec 2008 00:31:03 +0100
+Subject: [SCSI] mvsas: increase port type detection delay to suit Seagate's 10k6 drive ST3450856SS 0003
+
+From: Reinhard Nissl <rnissl@gmx.de>
+
+commit ddccf307a3599e452804e228d8ed30fba578923e upstream.
+
+I increased the delay step by step until loading of mvsas
+reliably detected the drive 200 times in sequence. A much better
+approach would be to monitor the hardware for some flag which
+indicates that port detection has finished, but I do not have any
+hardware documentation.
+
+Signed-off-by: Reinhard Nissl <rnissl@gmx.de>
+Cc: Ke Wei <kewei@marvell.com>
+Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/scsi/mvsas.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/scsi/mvsas.c
++++ b/drivers/scsi/mvsas.c
+@@ -2959,7 +2959,7 @@ static int __devinit mvs_hw_init(struct
+
+ /* enable auto port detection */
+ mw32(GBL_PORT_TYPE, MODE_AUTO_DET_EN);
+- msleep(100);
++ msleep(1100);
+ /* init and reset phys */
+ for (i = 0; i < mvi->chip->n_phy; i++) {
+ u32 lo = be32_to_cpu(*(u32 *)&mvi->sas_addr[4]);
--- /dev/null
+From 136221fc3219b3805c48db5da065e8e3467175d4 Mon Sep 17 00:00:00 2001
+From: Wu Fengguang <fengguang.wu@intel.com>
+Date: Tue, 23 Dec 2008 15:21:30 -0500
+Subject: nfs: remove redundant tests on reading new pages
+
+From: Wu Fengguang <fengguang.wu@intel.com>
+
+commit 136221fc3219b3805c48db5da065e8e3467175d4 upstream.
+
+aops->readpages() and its NFS helper readpage_async_filler() will only
+be called to do readahead I/O for newly allocated pages. So it's not
+necessary to test for the always 0 dirty/uptodate page flags.
+
+The removal of nfs_wb_page() call also fixes a readahead bug: the NFS
+readahead has been synchronous since 2.6.23, because that call will
+clear PG_readahead, which is the reminder for asynchronous readahead.
+
+More background: the PG_readahead page flag is shared with PG_reclaim,
+one for read path and the other for write path. clear_page_dirty_for_io()
+unconditionally clears PG_readahead to prevent possible readahead residuals,
+assuming itself to be always called in the write path. However, NFS is one
+and the only exception in that it _always_ calls clear_page_dirty_for_io()
+in the read path, i.e. for readpages()/readpage().
+
+Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Wu Fengguang <wfg@linux.intel.com>
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/nfs/read.c | 6 ------
+ 1 file changed, 6 deletions(-)
+
+--- a/fs/nfs/read.c
++++ b/fs/nfs/read.c
+@@ -533,12 +533,6 @@ readpage_async_filler(void *data, struct
+ unsigned int len;
+ int error;
+
+- error = nfs_wb_page(inode, page);
+- if (error)
+- goto out_unlock;
+- if (PageUptodate(page))
+- goto out_unlock;
+-
+ len = nfs_page_length(page);
+ if (len == 0)
+ return nfs_return_empty_page(page);
--- /dev/null
+From 2218108e182fd8a6d9106077833ed7ad05fc8e75 Mon Sep 17 00:00:00 2001
+From: Brian King <brking@linux.vnet.ibm.com>
+Date: Thu, 18 Dec 2008 11:13:46 +0000
+Subject: powerpc: Disable Collaborative Memory Manager for kdump
+
+From: Brian King <brking@linux.vnet.ibm.com>
+
+commit 2218108e182fd8a6d9106077833ed7ad05fc8e75 upstream.
+
+When running Active Memory Sharing, the Collaborative Memory Manager
+(CMM) may mark some pages as "loaned" with the hypervisor.
+Periodically, the CMM will query the hypervisor for a loan request,
+which is a single signed value. When kexec'ing into a kdump kernel,
+the CMM driver in the kdump kernel is not aware of the pages the
+previous kernel had marked as "loaned", so the hypervisor and the CMM
+driver are out of sync. This results in the CMM driver getting a
+negative loan request, which can then get treated as a large unsigned
+value and can cause kdump to hang due to the CMM driver inflating too
+large. Since there really is no clean way for the CMM driver in the
+kdump kernel to clean this up, simply disable CMM in the kdump kernel.
+This fixes hangs we were seeing doing kdump with AMS.
+
+Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
+Signed-off-by: Paul Mackerras <paulus@samba.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/powerpc/platforms/pseries/Kconfig | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/powerpc/platforms/pseries/Kconfig
++++ b/arch/powerpc/platforms/pseries/Kconfig
+@@ -54,7 +54,7 @@ config PPC_SMLPAR
+
+ config CMM
+ tristate "Collaborative memory management"
+- depends on PPC_SMLPAR
++ depends on PPC_SMLPAR && !CRASH_DUMP
+ default y
+ help
+ Select this option, if you want to enable the kernel interface
0042--CVE-2009-0029-System-call-wrappers-part-32.patch
0043--CVE-2009-0029-System-call-wrappers-part-33.patch
0044--CVE-2009-0029-s390-specific-system-call-wrappers.patch
+x86-fix-rip-printout-in-early_idt_handler.patch
+fix-timeouts-in-sys_pselect7.patch
+usb-another-unusual_devs-entry-for-another-bad-argosy-storage-device.patch
+usb-storage-extend-unusual-range-for-067b-3507.patch
+usb-storage-recognizing-and-enabling-nokia-5200-cell-phoes.patch
+hid-fix-error-condition-propagation-in-hid-sony-driver.patch
+fix-switch_names-breakage-in-short-to-short-case.patch
+nfs-remove-redundant-tests-on-reading-new-pages.patch
+ecryptfs-check-readlink-result-was-not-an-error-before-using-it.patch
+mvsas-increase-port-type-detection-delay-to-suit-seagate-s-10k6-drive-st3450856ss-0003.patch
+x86-avoid-theoretical-vmalloc-fault-loop.patch
+ath9k-enable-rxing-of-beacons-on-sta-ibss.patch
+mm-lockless-pagecache-barrier-fix.patch
+powerpc-disable-collaborative-memory-manager-for-kdump.patch
+ibmvfc-delay-npiv-login-retry-and-add-retries.patch
+ibmvfc-improve-async-event-handling.patch
+getrusage-rusage_thread-should-return-ru_utime-and-ru_stime.patch
+ath5k-ignore-the-return-value-of-ath5k_hw_noise_floor_calibration.patch
+mm-fix-assertion.patch
--- /dev/null
+From e2673b28911a43257265523e3672861be6e44093 Mon Sep 17 00:00:00 2001
+From: Nguyen Anh Quynh <aquynh@gmail.com>
+Date: Thu, 11 Dec 2008 15:04:11 -0800
+Subject: USB: another unusual_devs entry for another bad Argosy storage device
+
+From: Nguyen Anh Quynh <aquynh@gmail.com>
+
+commit e2673b28911a43257265523e3672861be6e44093 upstream.
+
+I have another Argosy USB storage device, which has the same problem
+with the Argosy USB storage device already fixed in 2.6.27.7. But this
+device has another product ID (840:84), so this patch adds a new entry
+into unusual_devs to fix the mount problem.
+
+I enclose here two patches: one against 2.6.27.8, and another against
+the latest linus-git tree.
+
+
+The information about the Argosy device is like below:
+
+#lsusb -v -d 840:84
+Bus 005 Device 005: ID 0840:0084 Argosy Research, Inc.
+Device Descriptor:
+ bLength 18
+ bDescriptorType 1
+ bcdUSB 2.00
+ bDeviceClass 0 (Defined at Interface level)
+ bDeviceSubClass 0
+ bDeviceProtocol 0
+ bMaxPacketSize0 64
+ idVendor 0x0840 Argosy Research, Inc.
+ idProduct 0x0084
+ bcdDevice 0.01
+ iManufacturer 1 Generic
+ iProduct 2 USB 2.0 Storage Device
+ iSerial 3 8400000000002549
+ bNumConfigurations 1
+ Configuration Descriptor:
+ bLength 9
+ bDescriptorType 2
+ wTotalLength 32
+ bNumInterfaces 1
+ bConfigurationValue 1
+ iConfiguration 0
+ bmAttributes 0xc0
+ Self Powered
+ MaxPower 2mA
+ Interface Descriptor:
+ bLength 9
+ bDescriptorType 4
+ bInterfaceNumber 0
+ bAlternateSetting 0
+ bNumEndpoints 2
+ bInterfaceClass 8 Mass Storage
+ bInterfaceSubClass 6 SCSI
+ bInterfaceProtocol 80 Bulk (Zip)
+ iInterface 0
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x01 EP 1 OUT
+ bmAttributes 2
+ Transfer Type Bulk
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0200 1x 512 bytes
+ bInterval 0
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x82 EP 2 IN
+ bmAttributes 2
+ Transfer Type Bulk
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0200 1x 512 bytes
+ bInterval 0
+Device Qualifier (for other device speed):
+ bLength 10
+ bDescriptorType 6
+ bcdUSB 2.00
+ bDeviceClass 0 (Defined at Interface level)
+ bDeviceSubClass 0
+ bDeviceProtocol 0
+ bMaxPacketSize0 64
+ bNumConfigurations 1
+Device Status: 0x0000
+ (Bus Powered)
+
+Before the patch, dmesg returns a lot of information like below (my
+dmesg is overflown):
+....
+[ 138.833390] sd 7:0:0:0: [sdb] Add. Sense: No additional sense information
+[ 138.877631] sd 7:0:0:0: [sdb] Sense Key : No Sense [current]
+[ 138.877643] sd 7:0:0:0: [sdb] Add. Sense: No additional sense information
+[ 138.921906] sd 7:0:0:0: [sdb] Sense Key : No Sense [current]
+[ 138.921923] sd 7:0:0:0: [sdb] Add. Sense: No additional sense information
+....
+
+After the fix, dmesg returns below information:
+....
+usb 5-1: new high speed USB device using ehci_hcd and address 5
+usb 5-1: configuration #1 chosen from 1 choice
+scsi7 : SCSI emulation for USB Mass Storage devices
+usb-storage: device found at 5
+usb-storage: waiting for device to settle before scanning
+usb-storage: device scan complete
+scsi 7:0:0:0: Direct-Access HTS54808 0M9AT00 MG4O PQ: 0 ANSI: 0
+sd 7:0:0:0: [sdb] 156301488 512-byte hardware sectors (80026 MB)
+sd 7:0:0:0: [sdb] Write Protect is off
+sd 7:0:0:0: [sdb] Mode Sense: 03 00 00 00
+sd 7:0:0:0: [sdb] Assuming drive cache: write through
+sd 7:0:0:0: [sdb] 156301488 512-byte hardware sectors (80026 MB)
+sd 7:0:0:0: [sdb] Write Protect is off
+sd 7:0:0:0: [sdb] Mode Sense: 03 00 00 00
+sd 7:0:0:0: [sdb] Assuming drive cache: write through
+ sdb: sdb1
+sd 7:0:0:0: [sdb] Attached SCSI disk
+sd 7:0:0:0: Attached scsi generic sg1 type 0
+kjournald starting. Commit interval 5 seconds
+EXT3 FS on sdb1, internal journal
+EXT3-fs: recovery complete.
+EXT3-fs: mounted filesystem with ordered data mode.
+
+Cc: Kuniyasu Suzaki <k.suzaki@aist.go.jp>
+Signed-off-by: Nguyen Anh Quynh <aquynh@gmail.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/storage/unusual_devs.h | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/drivers/usb/storage/unusual_devs.h
++++ b/drivers/usb/storage/unusual_devs.h
+@@ -1320,6 +1320,13 @@ UNUSUAL_DEV( 0x0840, 0x0082, 0x0001, 0x0
+ US_SC_DEVICE, US_PR_DEVICE, NULL,
+ US_FL_FIX_CAPACITY),
+
++/* Reported and patched by Nguyen Anh Quynh <aquynh@gmail.com> */
++UNUSUAL_DEV( 0x0840, 0x0084, 0x0001, 0x0001,
++ "Argosy",
++ "Storage",
++ US_SC_DEVICE, US_PR_DEVICE, NULL,
++ US_FL_FIX_CAPACITY),
++
+ /* Entry and supporting patch by Theodore Kilgore <kilgota@auburn.edu>.
+ * Flag will support Bulk devices which use a standards-violating 32-byte
+ * Command Block Wrapper. Here, the "DC2MEGA" cameras (several brands) with
--- /dev/null
+From b16363991414a6025beb7269f9c1dd294f9b241f Mon Sep 17 00:00:00 2001
+From: Oliver Neukum <oliver@neukum.org>
+Date: Fri, 12 Dec 2008 11:01:45 +0100
+Subject: USB: storage: extend unusual range for 067b:3507
+
+From: Oliver Neukum <oliver@neukum.org>
+
+commit b16363991414a6025beb7269f9c1dd294f9b241f upstream.
+
+This device has been released in a new revision which is still buggy.
+
+Signed-off-by: Oliver Neukum <oneukum@suse.de>
+Signed-off-by: Phil Dibowitz <phil@ipom.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/storage/unusual_devs.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/usb/storage/unusual_devs.h
++++ b/drivers/usb/storage/unusual_devs.h
+@@ -1040,7 +1040,7 @@ UNUSUAL_DEV( 0x067b, 0x2507, 0x0100, 0x0
+ US_FL_FIX_CAPACITY | US_FL_GO_SLOW ),
+
+ /* Reported by Alex Butcher <alex.butcher@assursys.co.uk> */
+-UNUSUAL_DEV( 0x067b, 0x3507, 0x0001, 0x0001,
++UNUSUAL_DEV( 0x067b, 0x3507, 0x0001, 0x0101,
+ "Prolific Technology Inc.",
+ "ATAPI-6 Bridge Controller",
+ US_SC_DEVICE, US_PR_DEVICE, NULL,
--- /dev/null
+From b8d23491f127aa0cd1863bd6cb58e771c558b762 Mon Sep 17 00:00:00 2001
+From: Paulo Afonso Graner Fessel <pfessel@gmail.com>
+Date: Fri, 12 Dec 2008 12:05:18 +0100
+Subject: USB: storage: recognizing and enabling Nokia 5200 cell phoes
+
+From: Paulo Afonso Graner Fessel <pfessel@gmail.com>
+
+commit b8d23491f127aa0cd1863bd6cb58e771c558b762 upstream.
+
+This patch corrects the issue when one connects a Nokia 5200 cell
+phone in data storage mode. If one uses an unpatched unusual_devs.h,
+the following messages appear on /var/log/messages:
+
+Dec 12 01:03:24 alberich kernel: usb 4-2: new full speed USB device
+using uhci_hcd and address 3
+Dec 12 01:03:25 alberich kernel: usb 4-2: configuration #1 chosen from 1 choice
+Dec 12 01:03:25 alberich kernel: scsi10 : SCSI emulation for USB Mass
+Storage devices
+Dec 12 01:03:25 alberich kernel: usb 4-2: New USB device found,
+idVendor=0421, idProduct=04bd
+Dec 12 01:03:25 alberich kernel: usb 4-2: New USB device strings:
+Mfr=1, Product=2, SerialNumber=3
+Dec 12 01:03:25 alberich kernel: usb 4-2: Product: Nokia 5200
+Dec 12 01:03:25 alberich kernel: usb 4-2: Manufacturer: Nokia
+Dec 12 01:03:25 alberich kernel: usb 4-2: SerialNumber: 353930018354523
+Dec 12 01:03:25 alberich kernel: usbcore: registered new interface driver ub
+Dec 12 01:03:30 alberich kernel: scsi 10:0:0:0: Direct-Access
+Nokia Nokia 5200 0000 PQ: 0 AN
+SI: 4
+Dec 12 01:03:30 alberich kernel: sd 10:0:0:0: [sdg] 3985409 512-byte
+hardware sectors (2041 MB)
+Dec 12 01:03:30 alberich kernel: sd 10:0:0:0: [sdg] Write Protect is off
+Dec 12 01:03:30 alberich kernel: sd 10:0:0:0: [sdg] Assuming drive
+cache: write through
+Dec 12 01:03:30 alberich kernel: sd 10:0:0:0: [sdg] 3985409 512-byte
+hardware sectors (2041 MB)
+Dec 12 01:03:30 alberich kernel: sd 10:0:0:0: [sdg] Write Protect is off
+Dec 12 01:03:30 alberich kernel: sd 10:0:0:0: [sdg] Assuming drive
+cache: write through
+Dec 12 01:03:30 alberich kernel: sdg: sdg1
+Dec 12 01:03:30 alberich kernel: sd 10:0:0:0: [sdg] Attached SCSI removable disk
+Dec 12 01:03:30 alberich kernel: sd 10:0:0:0: Attached scsi generic sg9 type 0
+Dec 12 01:03:30 alberich kernel: sd 10:0:0:0: [sdg] Sense Key : No
+Sense [current]
+Dec 12 01:03:30 alberich kernel: sd 10:0:0:0: [sdg] Add. Sense: No
+additional sense information
+Dec 12 01:03:30 alberich kernel: sd 10:0:0:0: [sdg] Sense Key : No
+Sense [current]
+Dec 12 01:03:30 alberich kernel: sd 10:0:0:0: [sdg] Add. Sense: No
+additional sense information
+Dec 12 01:03:30 alberich kernel: sd 10:0:0:0: [sdg] Sense Key : No
+Sense [current]
+
+(...)
+
+The MicroSD card in the phone remains inaccessible and finally the
+cell phone turns itself off. The patch solves this problem and makes
+the cell phone fully accessible:
+
+[root@alberich kernel-linus-2.6.27.5-1mdv]# df -h
+Sist. Arq. Tam Usad Disp Uso% Montado em
+/dev/sda6 31G 5,2G 26G 17% /
+/dev/sda1 92M 27M 61M 31% /boot
+/dev/mapper/homevg-homelv 240G 237G 3,5G 99% /home
+/dev/sda3 21G 7,9G 13G 40% /mnt/windows
+/dev/sdg1 2,0G 287M 1,7G 15% /media/disk <--------
+
+I've found necessary to use the FL_US_CAPACITY_FIX switch, as without
+it the cell phone is recognized but it went berserk when performing
+low-level functions on it (a fdisk -l /dev/uba for example).
+
+lsusb -v output follows:
+
+Bus 004 Device 004: ID 0421:04bd Nokia Mobile Phones
+Device Descriptor:
+ bLength 18
+ bDescriptorType 1
+ bcdUSB 2.00
+ bDeviceClass 0 (Defined at Interface level)
+ bDeviceSubClass 0
+ bDeviceProtocol 0
+ bMaxPacketSize0 64
+ idVendor 0x0421 Nokia Mobile Phones
+ idProduct 0x04bd
+ bcdDevice 6.03
+ iManufacturer 1 Nokia
+ iProduct 2 Nokia 5200
+ iSerial 3 353930018354523
+ bNumConfigurations 1
+ Configuration Descriptor:
+ bLength 9
+ bDescriptorType 2
+ wTotalLength 32
+ bNumInterfaces 1
+ bConfigurationValue 1
+ iConfiguration 0
+ bmAttributes 0xc0
+ Self Powered
+ MaxPower 100mA
+ Interface Descriptor:
+ bLength 9
+ bDescriptorType 4
+ bInterfaceNumber 0
+ bAlternateSetting 0
+ bNumEndpoints 2
+ bInterfaceClass 8 Mass Storage
+ bInterfaceSubClass 6 SCSI
+ bInterfaceProtocol 80 Bulk (Zip)
+ iInterface 0
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x81 EP 1 IN
+ bmAttributes 2
+ Transfer Type Bulk
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0040 1x 64 bytes
+ bInterval 0
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x01 EP 1 OUT
+ bmAttributes 2
+ Transfer Type Bulk
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0040 1x 64 bytes
+ bInterval 0
+Device Status: 0x0001
+ Self Powered
+
+Signed-off-by: Paulo Afonso Graner Fessel <pfessel@gmail.com>
+Signed-off-by: Phil Dibowitz <phil@ipom.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/storage/unusual_devs.h | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/drivers/usb/storage/unusual_devs.h
++++ b/drivers/usb/storage/unusual_devs.h
+@@ -260,6 +260,13 @@ UNUSUAL_DEV( 0x0421, 0x04b9, 0x0500, 0x
+ US_SC_DEVICE, US_PR_DEVICE, NULL,
+ US_FL_FIX_CAPACITY ),
+
++/* Reported by Paulo Fessel <pfessel@gmail.com> */
++UNUSUAL_DEV( 0x0421, 0x04bd, 0x0000, 0x9999,
++ "Nokia",
++ "5200",
++ US_SC_DEVICE, US_PR_DEVICE, NULL,
++ US_FL_FIX_CAPACITY ),
++
+ /* Reported by Richard Nauber <RichardNauber@web.de> */
+ UNUSUAL_DEV( 0x0421, 0x04fa, 0x0550, 0x0660,
+ "Nokia",
--- /dev/null
+From f313e12308f7c5ea645f18e759d104d088b18615 Mon Sep 17 00:00:00 2001
+From: Andi Kleen <andi@firstfloor.org>
+Date: Fri, 9 Jan 2009 12:17:43 -0800
+Subject: x86: avoid theoretical vmalloc fault loop
+
+From: Andi Kleen <andi@firstfloor.org>
+
+commit f313e12308f7c5ea645f18e759d104d088b18615 upstream.
+
+Ajith Kumar noticed:
+
+ I was going through the vmalloc fault handling for x86_64 and am unclear
+ about the following lines in the vmalloc_fault() function.
+
+ pgd = pgd_offset(current->mm ?: &init_mm, address);
+ pgd_ref = pgd_offset_k(address);
+
+ Here the intention is to get the pgd corresponding to the current process
+ and sync it up with the pgd in init_mm(obtained from pgd_offset_k).
+ However, for kernel threads current->mm is NULL and hence pgd =
+ pgd_offset(init_mm, address) = pgd_ref which means the fault handler
+ returns without setting the pgd entry in the MM structure in the context
+ of which the kernel thread has faulted. This could lead to never-ending
+ faults and busy looping of kernel threads like pdflush. So, shouldn't the
+ pgd = pgd_offset(current->mm ?: &init_mm, address); be pgd =
+ pgd_offset(current->active_mm ?: &init_mm, address);
+
+We can use active_mm unconditionally because it should be always set.
+
+Signed-off-by: Andi Kleen <ak@linux.intel.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/mm/fault.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/mm/fault.c
++++ b/arch/x86/mm/fault.c
+@@ -533,7 +533,7 @@ static int vmalloc_fault(unsigned long a
+ happen within a race in page table update. In the later
+ case just flush. */
+
+- pgd = pgd_offset(current->mm ?: &init_mm, address);
++ pgd = pgd_offset(current->active_mm, address);
+ pgd_ref = pgd_offset_k(address);
+ if (pgd_none(*pgd_ref))
+ return -1;
--- /dev/null
+From 7aed55d1085f71241284a30af0300feea48c36db Mon Sep 17 00:00:00 2001
+From: Jiri Slaby <jirislaby@gmail.com>
+Date: Sun, 4 Jan 2009 00:27:09 +0100
+Subject: x86: fix RIP printout in early_idt_handler
+
+From: Jiri Slaby <jirislaby@gmail.com>
+
+commit 7aed55d1085f71241284a30af0300feea48c36db upstream.
+
+Impact: fix debug/crash printout
+
+Since errorcode is popped out, RIP is on the top of the stack.
+Use real RIP value instead of wrong CS.
+
+Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/kernel/head_64.S | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/head_64.S
++++ b/arch/x86/kernel/head_64.S
+@@ -305,7 +305,7 @@ ENTRY(early_idt_handler)
+ call dump_stack
+ #ifdef CONFIG_KALLSYMS
+ leaq early_idt_ripmsg(%rip),%rdi
+- movq 8(%rsp),%rsi # get rip again
++ movq 0(%rsp),%rsi # get rip again
+ call __print_symbol
+ #endif
+ #endif /* EARLY_PRINTK */
projects / thirdparty / kernel / stable-queue.git / commitdiff
