--- /dev/null
+From c6b358748e19ce7e230b0926ac42696bc485a562 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Mon, 28 Mar 2011 12:05:31 +0200
+Subject: ALSA: hda - Fix pin-config of Gigabyte mobo
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit c6b358748e19ce7e230b0926ac42696bc485a562 upstream.
+
+Use pin-fix instead of the static quirk for Gigabyte mobos 1458:a002.
+
+Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=677256
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ sound/pci/hda/patch_realtek.c | 21 ++++++++++++++++++---
+ 1 file changed, 18 insertions(+), 3 deletions(-)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -9932,7 +9932,6 @@ static struct snd_pci_quirk alc882_cfg_t
+ SND_PCI_QUIRK(0x1071, 0x8258, "Evesham Voyaeger", ALC883_LAPTOP_EAPD),
+ SND_PCI_QUIRK(0x10f1, 0x2350, "TYAN-S2350", ALC888_6ST_DELL),
+ SND_PCI_QUIRK(0x108e, 0x534d, NULL, ALC883_3ST_6ch),
+- SND_PCI_QUIRK(0x1458, 0xa002, "Gigabyte P35 DS3R", ALC882_6ST_DIG),
+
+ SND_PCI_QUIRK(0x1462, 0x0349, "MSI", ALC883_TARGA_2ch_DIG),
+ SND_PCI_QUIRK(0x1462, 0x040d, "MSI", ALC883_TARGA_2ch_DIG),
+@@ -10769,6 +10768,7 @@ enum {
+ PINFIX_LENOVO_Y530,
+ PINFIX_PB_M5210,
+ PINFIX_ACER_ASPIRE_7736,
++ PINFIX_GIGABYTE_880GM,
+ };
+
+ static const struct alc_fixup alc882_fixups[] = {
+@@ -10800,6 +10800,13 @@ static const struct alc_fixup alc882_fix
+ .type = ALC_FIXUP_SKU,
+ .v.sku = ALC_FIXUP_SKU_IGNORE,
+ },
++ [PINFIX_GIGABYTE_880GM] = {
++ .type = ALC_FIXUP_PINS,
++ .v.pins = (const struct alc_pincfg[]) {
++ { 0x14, 0x1114410 }, /* set as speaker */
++ { }
++ }
++ },
+ };
+
+ static struct snd_pci_quirk alc882_fixup_tbl[] = {
+@@ -10807,6 +10814,7 @@ static struct snd_pci_quirk alc882_fixup
+ SND_PCI_QUIRK(0x17aa, 0x3a0d, "Lenovo Y530", PINFIX_LENOVO_Y530),
+ SND_PCI_QUIRK(0x147b, 0x107a, "Abit AW9D-MAX", PINFIX_ABIT_AW9D_MAX),
+ SND_PCI_QUIRK(0x1025, 0x0296, "Acer Aspire 7736z", PINFIX_ACER_ASPIRE_7736),
++ SND_PCI_QUIRK(0x1458, 0xa002, "Gigabyte", PINFIX_GIGABYTE_880GM),
+ {}
+ };
+
+@@ -18851,8 +18859,6 @@ static struct snd_pci_quirk alc662_cfg_t
+ ALC662_3ST_6ch_DIG),
+ SND_PCI_QUIRK(0x1179, 0xff6e, "Toshiba NB20x", ALC662_AUTO),
+ SND_PCI_QUIRK(0x144d, 0xca00, "Samsung NC10", ALC272_SAMSUNG_NC10),
+- SND_PCI_QUIRK(0x1458, 0xa002, "Gigabyte 945GCM-S2L",
+- ALC662_3ST_6ch_DIG),
+ SND_PCI_QUIRK(0x152d, 0x2304, "Quanta WH1", ALC663_ASUS_H13),
+ SND_PCI_QUIRK(0x1565, 0x820f, "Biostar TA780G M2+", ALC662_3ST_6ch_DIG),
+ SND_PCI_QUIRK(0x1631, 0xc10c, "PB RS65", ALC663_ASUS_M51VA),
+@@ -19526,6 +19532,7 @@ enum {
+ ALC662_FIXUP_IDEAPAD,
+ ALC272_FIXUP_MARIO,
+ ALC662_FIXUP_CZC_P10T,
++ ALC662_FIXUP_GIGABYTE,
+ };
+
+ static const struct alc_fixup alc662_fixups[] = {
+@@ -19554,12 +19561,20 @@ static const struct alc_fixup alc662_fix
+ {}
+ }
+ },
++ [ALC662_FIXUP_GIGABYTE] = {
++ .type = ALC_FIXUP_PINS,
++ .v.pins = (const struct alc_pincfg[]) {
++ { 0x14, 0x1114410 }, /* set as speaker */
++ { }
++ }
++ },
+ };
+
+ static struct snd_pci_quirk alc662_fixup_tbl[] = {
+ SND_PCI_QUIRK(0x1025, 0x0308, "Acer Aspire 8942G", ALC662_FIXUP_ASPIRE),
+ SND_PCI_QUIRK(0x1025, 0x038b, "Acer Aspire 8943G", ALC662_FIXUP_ASPIRE),
+ SND_PCI_QUIRK(0x144d, 0xc051, "Samsung R720", ALC662_FIXUP_IDEAPAD),
++ SND_PCI_QUIRK(0x1458, 0xa002, "Gigabyte", ALC662_FIXUP_GIGABYTE),
+ SND_PCI_QUIRK(0x17aa, 0x38af, "Lenovo Ideapad Y550P", ALC662_FIXUP_IDEAPAD),
+ SND_PCI_QUIRK(0x17aa, 0x3a0d, "Lenovo Ideapad Y550", ALC662_FIXUP_IDEAPAD),
+ SND_PCI_QUIRK(0x1b35, 0x2206, "CZC P10T", ALC662_FIXUP_CZC_P10T),
--- /dev/null
+From c1d036c4d1cb00b7e8473a2ad0a78f13e13a8183 Mon Sep 17 00:00:00 2001
+From: Jeff Mahoney <jeffm@suse.com>
+Date: Thu, 24 Feb 2011 17:23:09 -0500
+Subject: [IA64] mca.c: Fix cast from integer to pointer warning
+
+From: Jeff Mahoney <jeffm@suse.com>
+
+commit c1d036c4d1cb00b7e8473a2ad0a78f13e13a8183 upstream.
+
+ia64_mca_cpu_init has a void *data local variable that is assigned
+the value from either __get_free_pages() or mca_bootmem(). The problem
+is that __get_free_pages returns an unsigned long and mca_bootmem, via
+alloc_bootmem(), returns a void *. format_mca_init_stack takes the void *,
+and it's also used with __pa(), but that casts it to long anyway.
+
+This results in the following build warning:
+
+arch/ia64/kernel/mca.c:1898: warning: assignment makes pointer from
+integer without a cast
+
+Cast the return of __get_free_pages to a void * to avoid
+the warning.
+
+Signed-off-by: Jeff Mahoney <jeffm@suse.com>
+Signed-off-by: Tony Luck <tony.luck@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/ia64/kernel/mca.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/ia64/kernel/mca.c
++++ b/arch/ia64/kernel/mca.c
+@@ -1859,7 +1859,8 @@ ia64_mca_cpu_init(void *cpu_data)
+ data = mca_bootmem();
+ first_time = 0;
+ } else
+- data = __get_free_pages(GFP_KERNEL, get_order(sz));
++ data = (void *)__get_free_pages(GFP_KERNEL,
++ get_order(sz));
+ if (!data)
+ panic("Could not allocate MCA memory for cpu %d\n",
+ cpu);
--- /dev/null
+From 468c3f924f043cad7a04f4f4d5224a2c9bc886c1 Mon Sep 17 00:00:00 2001
+From: Jiri Slaby <jslaby@suse.cz>
+Date: Sun, 13 Mar 2011 06:54:31 +0000
+Subject: NET: cdc-phonet, handle empty phonet header
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Jiri Slaby <jslaby@suse.cz>
+
+commit 468c3f924f043cad7a04f4f4d5224a2c9bc886c1 upstream.
+
+Currently, for N 5800 XM I get:
+cdc_phonet: probe of 1-6:1.10 failed with error -22
+
+It's because phonet_header is empty. Extra altsetting looks like
+there:
+E 05 24 00 01 10 03 24 ab 05 24 06 0a 0b 04 24 fd .$....$..$....$.
+E 00 .
+
+I don't see the header used anywhere so just check if the phonet
+descriptor is there, not the structure itself.
+
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Cc: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
+Cc: David S. Miller <davem@davemloft.net>
+Acked-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/usb/cdc-phonet.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+--- a/drivers/net/usb/cdc-phonet.c
++++ b/drivers/net/usb/cdc-phonet.c
+@@ -328,13 +328,13 @@ int usbpn_probe(struct usb_interface *in
+ {
+ static const char ifname[] = "usbpn%d";
+ const struct usb_cdc_union_desc *union_header = NULL;
+- const struct usb_cdc_header_desc *phonet_header = NULL;
+ const struct usb_host_interface *data_desc;
+ struct usb_interface *data_intf;
+ struct usb_device *usbdev = interface_to_usbdev(intf);
+ struct net_device *dev;
+ struct usbpn_dev *pnd;
+ u8 *data;
++ int phonet = 0;
+ int len, err;
+
+ data = intf->altsetting->extra;
+@@ -355,10 +355,7 @@ int usbpn_probe(struct usb_interface *in
+ (struct usb_cdc_union_desc *)data;
+ break;
+ case 0xAB:
+- if (phonet_header || dlen < 5)
+- break;
+- phonet_header =
+- (struct usb_cdc_header_desc *)data;
++ phonet = 1;
+ break;
+ }
+ }
+@@ -366,7 +363,7 @@ int usbpn_probe(struct usb_interface *in
+ len -= dlen;
+ }
+
+- if (!union_header || !phonet_header)
++ if (!union_header || !phonet)
+ return -EINVAL;
+
+ data_intf = usb_ifnum_to_if(usbdev, union_header->bSlaveInterface0);
--- /dev/null
+From ab711fe08297de1485fff0a366e6db8828cafd6a Mon Sep 17 00:00:00 2001
+From: Peter Zijlstra <a.p.zijlstra@chello.nl>
+Date: Thu, 31 Mar 2011 10:29:26 +0200
+Subject: perf: Fix task context scheduling
+
+From: Peter Zijlstra <a.p.zijlstra@chello.nl>
+
+commit ab711fe08297de1485fff0a366e6db8828cafd6a upstream.
+
+Jiri reported:
+
+ |
+ | - once an event is created by sys_perf_event_open, task context
+ | is created and it stays even if the event is closed, until the
+ | task is finished ... thats what I see in code and I assume it's
+ | correct
+ |
+ | - when the task opens event, perf_sched_events jump label is
+ | incremented and following callbacks are started from scheduler
+ |
+ | __perf_event_task_sched_in
+ | __perf_event_task_sched_out
+ |
+ | These callback *in/out set/unset cpuctx->task_ctx value to the
+ | task context.
+ |
+ | - close is called on event on CPU 0:
+ | - the task is scheduled on CPU 0
+ | - __perf_event_task_sched_in is called
+ | - cpuctx->task_ctx is set
+ | - perf_sched_events jump label is decremented and == 0
+ | - __perf_event_task_sched_out is not called
+ | - cpuctx->task_ctx on CPU 0 stays set
+ |
+ | - exit is called on CPU 1:
+ | - the task is scheduled on CPU 1
+ | - perf_event_exit_task is called
+ | - task_ctx_sched_out unsets cpuctx->task_ctx on CPU 1
+ | - put_ctx destroys the context
+ |
+ | - another call of perf_rotate_context on CPU 0 will use invalid
+ | task_ctx pointer, and eventualy panic.
+ |
+
+Cure this the simplest possibly way by partially reverting the
+jump_label optimization for the sched_out case.
+
+Reported-and-tested-by: Jiri Olsa <jolsa@redhat.com>
+Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
+Cc: Oleg Nesterov <oleg@redhat.com>
+LKML-Reference: <1301520405.4859.213.camel@twins>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/linux/perf_event.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/linux/perf_event.h
++++ b/include/linux/perf_event.h
+@@ -1052,7 +1052,7 @@ void perf_event_task_sched_out(struct ta
+ {
+ perf_sw_event(PERF_COUNT_SW_CONTEXT_SWITCHES, 1, 1, NULL, 0);
+
+- COND_STMT(&perf_task_events, __perf_event_task_sched_out(task, next));
++ __perf_event_task_sched_out(task, next);
+ }
+
+ extern void perf_event_mmap(struct vm_area_struct *vma);
cifs-check-for-private_data-before-trying-to-put-it.patch
cifs-set-ra_pages-in-backing_dev_info.patch
cifs-wrap-received-signature-check-in-srv_mutex.patch
+video-sn9c102-world-wirtable-sysfs-files.patch
+ubifs-restrict-world-writable-debugfs-files.patch
+alsa-hda-fix-pin-config-of-gigabyte-mobo.patch
+net-cdc-phonet-handle-empty-phonet-header.patch
+x86-fix-a-bogus-unwind-annotation-in-lib-semaphore_32.s.patch
+tioca-fix-assignment-from-incompatible-pointer-warnings.patch
+mca.c-fix-cast-from-integer-to-pointer-warning.patch
+vm-fix-mlock-on-stack-guard-page.patch
+ubifs-fix-assertion-warnings.patch
+perf-fix-task-context-scheduling.patch
--- /dev/null
+From b4a6b3436531f6c5256e6d60d388c3c28ff1a0e9 Mon Sep 17 00:00:00 2001
+From: Jeff Mahoney <jeffm@suse.com>
+Date: Thu, 24 Feb 2011 15:33:24 -0500
+Subject: [IA64] tioca: Fix assignment from incompatible pointer warnings
+
+From: Jeff Mahoney <jeffm@suse.com>
+
+commit b4a6b3436531f6c5256e6d60d388c3c28ff1a0e9 upstream.
+
+The prototype for sn_pci_provider->{dma_map,dma_map_consistent} expects
+an unsigned long instead of a u64.
+
+Signed-off-by: Jeff Mahoney <jeffm@suse.com>
+Signed-off-by: Tony Luck <tony.luck@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/ia64/sn/pci/tioca_provider.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/ia64/sn/pci/tioca_provider.c
++++ b/arch/ia64/sn/pci/tioca_provider.c
+@@ -509,7 +509,7 @@ tioca_dma_unmap(struct pci_dev *pdev, dm
+ * use the GART mapped mode.
+ */
+ static u64
+-tioca_dma_map(struct pci_dev *pdev, u64 paddr, size_t byte_count, int dma_flags)
++tioca_dma_map(struct pci_dev *pdev, unsigned long paddr, size_t byte_count, int dma_flags)
+ {
+ u64 mapaddr;
+
--- /dev/null
+From c88ac00c5af70c2a0741da14b22cdcf8507ddd92 Mon Sep 17 00:00:00 2001
+From: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
+Date: Tue, 29 Mar 2011 09:45:21 +0300
+Subject: UBIFS: fix assertion warnings
+
+From: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
+
+commit c88ac00c5af70c2a0741da14b22cdcf8507ddd92 upstream.
+
+This patch fixes UBIFS assertion warnings like:
+
+UBIFS assert failed in ubifs_leb_unmap at 135 (pid 29365)
+Pid: 29365, comm: integck Tainted: G I 2.6.37-ubi-2.6+ #34
+Call Trace:
+ [<ffffffffa047c663>] ubifs_lpt_init+0x95e/0x9ee [ubifs]
+ [<ffffffffa04623a7>] ubifs_remount_fs+0x2c7/0x762 [ubifs]
+ [<ffffffff810f066e>] do_remount_sb+0xb6/0x101
+ [<ffffffff81106ff4>] ? do_mount+0x191/0x78e
+ [<ffffffff811070bb>] do_mount+0x258/0x78e
+ [<ffffffff810da1e8>] ? alloc_pages_current+0xa2/0xc5
+ [<ffffffff81107674>] sys_mount+0x83/0xbd
+ [<ffffffff81009a12>] system_call_fastpath+0x16/0x1b
+
+They happen when we re-mount from R/O mode to R/W mode. While
+re-mounting, we write to the media, but we still have the c->ro_mount
+flag set. The fix is very simple - just clear the flag before
+starting re-mounting R/W.
+
+These warnings are caused by the following commit:
+2ef13294d29bcfb306e0d360f1b97f37b647b0c0
+
+For -stable guys: this bug was introduced in 2.6.38, this is materieal
+for 2.6.38-stable.
+
+Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/ubifs/super.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/ubifs/super.c
++++ b/fs/ubifs/super.c
+@@ -1543,6 +1543,7 @@ static int ubifs_remount_rw(struct ubifs
+ mutex_lock(&c->umount_mutex);
+ dbg_save_space_info(c);
+ c->remounting_rw = 1;
++ c->ro_mount = 0;
+ c->always_chk_crc = 1;
+
+ err = check_free_space(c);
+@@ -1648,7 +1649,6 @@ static int ubifs_remount_rw(struct ubifs
+ }
+
+ dbg_gen("re-mounted read-write");
+- c->ro_mount = 0;
+ c->remounting_rw = 0;
+ c->always_chk_crc = 0;
+ err = dbg_check_space_info(c);
+@@ -1656,6 +1656,7 @@ static int ubifs_remount_rw(struct ubifs
+ return err;
+
+ out:
++ c->ro_mount = 1;
+ vfree(c->orph_buf);
+ c->orph_buf = NULL;
+ if (c->bgt) {
--- /dev/null
+From 8c559d30b4e59cf6994215ada1fe744928f494bf Mon Sep 17 00:00:00 2001
+From: Vasiliy Kulikov <segoon@openwall.com>
+Date: Fri, 4 Feb 2011 15:24:19 +0300
+Subject: UBIFS: restrict world-writable debugfs files
+
+From: Vasiliy Kulikov <segoon@openwall.com>
+
+commit 8c559d30b4e59cf6994215ada1fe744928f494bf upstream.
+
+Don't allow everybody to dump sensitive information about filesystems.
+
+Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
+Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/ubifs/debug.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/fs/ubifs/debug.c
++++ b/fs/ubifs/debug.c
+@@ -2844,19 +2844,19 @@ int dbg_debugfs_init_fs(struct ubifs_inf
+ }
+
+ fname = "dump_lprops";
+- dent = debugfs_create_file(fname, S_IWUGO, d->dfs_dir, c, &dfs_fops);
++ dent = debugfs_create_file(fname, S_IWUSR, d->dfs_dir, c, &dfs_fops);
+ if (IS_ERR(dent))
+ goto out_remove;
+ d->dfs_dump_lprops = dent;
+
+ fname = "dump_budg";
+- dent = debugfs_create_file(fname, S_IWUGO, d->dfs_dir, c, &dfs_fops);
++ dent = debugfs_create_file(fname, S_IWUSR, d->dfs_dir, c, &dfs_fops);
+ if (IS_ERR(dent))
+ goto out_remove;
+ d->dfs_dump_budg = dent;
+
+ fname = "dump_tnc";
+- dent = debugfs_create_file(fname, S_IWUGO, d->dfs_dir, c, &dfs_fops);
++ dent = debugfs_create_file(fname, S_IWUSR, d->dfs_dir, c, &dfs_fops);
+ if (IS_ERR(dent))
+ goto out_remove;
+ d->dfs_dump_tnc = dent;
--- /dev/null
+From 14ddc3188d50855ae2a419a6aced995e2834e5d4 Mon Sep 17 00:00:00 2001
+From: Vasiliy Kulikov <segoon@openwall.com>
+Date: Fri, 4 Feb 2011 09:23:33 -0300
+Subject: [media] video: sn9c102: world-wirtable sysfs files
+
+From: Vasiliy Kulikov <segoon@openwall.com>
+
+commit 14ddc3188d50855ae2a419a6aced995e2834e5d4 upstream.
+
+Don't allow everybody to change video settings.
+
+Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
+Acked-by: Mauro Carvalho Chehab <mchehab@redhat.com>
+Acked-by: Luca Risolia <luca.risolia@studio.unibo.it>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/media/video/sn9c102/sn9c102_core.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/media/video/sn9c102/sn9c102_core.c
++++ b/drivers/media/video/sn9c102/sn9c102_core.c
+@@ -1430,9 +1430,9 @@ static DEVICE_ATTR(i2c_reg, S_IRUGO | S_
+ sn9c102_show_i2c_reg, sn9c102_store_i2c_reg);
+ static DEVICE_ATTR(i2c_val, S_IRUGO | S_IWUSR,
+ sn9c102_show_i2c_val, sn9c102_store_i2c_val);
+-static DEVICE_ATTR(green, S_IWUGO, NULL, sn9c102_store_green);
+-static DEVICE_ATTR(blue, S_IWUGO, NULL, sn9c102_store_blue);
+-static DEVICE_ATTR(red, S_IWUGO, NULL, sn9c102_store_red);
++static DEVICE_ATTR(green, S_IWUSR, NULL, sn9c102_store_green);
++static DEVICE_ATTR(blue, S_IWUSR, NULL, sn9c102_store_blue);
++static DEVICE_ATTR(red, S_IWUSR, NULL, sn9c102_store_red);
+ static DEVICE_ATTR(frame_header, S_IRUGO, sn9c102_show_frame_header, NULL);
+
+
--- /dev/null
+From 95042f9eb78a8d9a17455e2ef263f2f310ecef15 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Tue, 12 Apr 2011 14:15:51 -0700
+Subject: vm: fix mlock() on stack guard page
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit 95042f9eb78a8d9a17455e2ef263f2f310ecef15 upstream.
+
+Commit 53a7706d5ed8 ("mlock: do not hold mmap_sem for extended periods
+of time") changed mlock() to care about the exact number of pages that
+__get_user_pages() had brought it. Before, it would only care about
+errors.
+
+And that doesn't work, because we also handled one page specially in
+__mlock_vma_pages_range(), namely the stack guard page. So when that
+case was handled, the number of pages that the function returned was off
+by one. In particular, it could be zero, and then the caller would end
+up not making any progress at all.
+
+Rather than try to fix up that off-by-one error for the mlock case
+specially, this just moves the logic to handle the stack guard page
+into__get_user_pages() itself, thus making all the counts come out
+right automatically.
+
+Reported-by: Robert Święcki <robert@swiecki.net>
+Cc: Hugh Dickins <hughd@google.com>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ mm/memory.c | 26 ++++++++++++++++++--------
+ mm/mlock.c | 13 -------------
+ 2 files changed, 18 insertions(+), 21 deletions(-)
+
+--- a/mm/memory.c
++++ b/mm/memory.c
+@@ -1410,6 +1410,13 @@ no_page_table:
+ return page;
+ }
+
++static inline int stack_guard_page(struct vm_area_struct *vma, unsigned long addr)
++{
++ return (vma->vm_flags & VM_GROWSDOWN) &&
++ (vma->vm_start == addr) &&
++ !vma_stack_continue(vma->vm_prev, addr);
++}
++
+ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+ unsigned long start, int nr_pages, unsigned int gup_flags,
+ struct page **pages, struct vm_area_struct **vmas,
+@@ -1439,7 +1446,6 @@ int __get_user_pages(struct task_struct
+ vma = find_extend_vma(mm, start);
+ if (!vma && in_gate_area(tsk, start)) {
+ unsigned long pg = start & PAGE_MASK;
+- struct vm_area_struct *gate_vma = get_gate_vma(tsk);
+ pgd_t *pgd;
+ pud_t *pud;
+ pmd_t *pmd;
+@@ -1464,10 +1470,11 @@ int __get_user_pages(struct task_struct
+ pte_unmap(pte);
+ return i ? : -EFAULT;
+ }
++ vma = get_gate_vma(tsk);
+ if (pages) {
+ struct page *page;
+
+- page = vm_normal_page(gate_vma, start, *pte);
++ page = vm_normal_page(vma, start, *pte);
+ if (!page) {
+ if (!(gup_flags & FOLL_DUMP) &&
+ is_zero_pfn(pte_pfn(*pte)))
+@@ -1481,12 +1488,7 @@ int __get_user_pages(struct task_struct
+ get_page(page);
+ }
+ pte_unmap(pte);
+- if (vmas)
+- vmas[i] = gate_vma;
+- i++;
+- start += PAGE_SIZE;
+- nr_pages--;
+- continue;
++ goto next_page;
+ }
+
+ if (!vma ||
+@@ -1500,6 +1502,13 @@ int __get_user_pages(struct task_struct
+ continue;
+ }
+
++ /*
++ * If we don't actually want the page itself,
++ * and it's the stack guard page, just skip it.
++ */
++ if (!pages && stack_guard_page(vma, start))
++ goto next_page;
++
+ do {
+ struct page *page;
+ unsigned int foll_flags = gup_flags;
+@@ -1569,6 +1578,7 @@ int __get_user_pages(struct task_struct
+ flush_anon_page(vma, page, start);
+ flush_dcache_page(page);
+ }
++next_page:
+ if (vmas)
+ vmas[i] = vma;
+ i++;
+--- a/mm/mlock.c
++++ b/mm/mlock.c
+@@ -135,13 +135,6 @@ void munlock_vma_page(struct page *page)
+ }
+ }
+
+-static inline int stack_guard_page(struct vm_area_struct *vma, unsigned long addr)
+-{
+- return (vma->vm_flags & VM_GROWSDOWN) &&
+- (vma->vm_start == addr) &&
+- !vma_stack_continue(vma->vm_prev, addr);
+-}
+-
+ /**
+ * __mlock_vma_pages_range() - mlock a range of pages in the vma.
+ * @vma: target vma
+@@ -188,12 +181,6 @@ static long __mlock_vma_pages_range(stru
+ if (vma->vm_flags & VM_LOCKED)
+ gup_flags |= FOLL_MLOCK;
+
+- /* We don't try to access the guard page of a stack vma */
+- if (stack_guard_page(vma, start)) {
+- addr += PAGE_SIZE;
+- nr_pages--;
+- }
+-
+ return __get_user_pages(current, mm, addr, nr_pages, gup_flags,
+ NULL, NULL, nonblocking);
+ }
--- /dev/null
+From e938c287ea8d977e079f07464ac69923412663ce Mon Sep 17 00:00:00 2001
+From: Jan Beulich <JBeulich@novell.com>
+Date: Tue, 1 Mar 2011 14:28:02 +0000
+Subject: x86: Fix a bogus unwind annotation in lib/semaphore_32.S
+
+From: Jan Beulich <JBeulich@novell.com>
+
+commit e938c287ea8d977e079f07464ac69923412663ce upstream.
+
+'simple' would have required specifying current frame address
+and return address location manually, but that's obviously not
+the case (and not necessary) here.
+
+Signed-off-by: Jan Beulich <jbeulich@novell.com>
+LKML-Reference: <4D6D1082020000780003454C@vpn.id2.novell.com>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/lib/semaphore_32.S | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/lib/semaphore_32.S
++++ b/arch/x86/lib/semaphore_32.S
+@@ -36,7 +36,7 @@
+ */
+ #ifdef CONFIG_SMP
+ ENTRY(__write_lock_failed)
+- CFI_STARTPROC simple
++ CFI_STARTPROC
+ FRAME
+ 2: LOCK_PREFIX
+ addl $ RW_LOCK_BIAS,(%eax)
projects / thirdparty / kernel / stable-queue.git / commitdiff
