From: Greg Kroah-Hartman Date: Sat, 31 Jan 2009 02:46:02 +0000 (-0800) Subject: mboxes of patches for .27 and .28 X-Git-Tag: v2.6.27.14~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1062f03b86eddce43ac54778a1cc47c59a7be50e;p=thirdparty%2Fkernel%2Fstable-queue.git mboxes of patches for .27 and .28 --- diff --git a/queue-2.6.27/mbox b/queue-2.6.27/mbox new file mode 100644 index 00000000000..1d74f5de43a --- /dev/null +++ b/queue-2.6.27/mbox @@ -0,0 +1,3295 @@ +From gregkh@mini.kroah.org Fri Jan 30 18:36:19 2009 +Message-Id: <20090131023619.586642629@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:12 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Miklos Szeredi +Subject: [patch 01/32] fuse: destroy bdi on umount +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=fuse-destroy-bdi-on-umount.patch +Content-Length: 1657 +Lines: 55 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Miklos Szeredi + +commit 26c3679101dbccc054dcf370143941844ba70531 upstream. + +If a fuse filesystem is unmounted but the device file descriptor +remains open and a new mount reuses the old device number, then the +mount fails with EEXIST and the following warning is printed in the +kernel log: + + WARNING: at fs/sysfs/dir.c:462 sysfs_add_one+0x35/0x3d() + sysfs: duplicate filename '0:15' can not be created + +The cause is that the bdi belonging to the fuse filesystem was +destoryed only after the device file was released. Fix this by +calling bdi_destroy() from fuse_put_super() instead. + +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fuse/dev.c | 3 ++- + fs/fuse/inode.c | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/fs/fuse/dev.c ++++ b/fs/fuse/dev.c +@@ -281,7 +281,8 @@ static void request_end(struct fuse_conn + fc->blocked = 0; + wake_up_all(&fc->blocked_waitq); + } +- if (fc->num_background == FUSE_CONGESTION_THRESHOLD) { ++ if (fc->num_background == FUSE_CONGESTION_THRESHOLD && ++ fc->connected) { + clear_bdi_congested(&fc->bdi, READ); + clear_bdi_congested(&fc->bdi, WRITE); + } +--- a/fs/fuse/inode.c ++++ b/fs/fuse/inode.c +@@ -292,6 +292,7 @@ static void fuse_put_super(struct super_ + list_del(&fc->entry); + fuse_ctl_remove_conn(fc); + mutex_unlock(&fuse_mutex); ++ bdi_destroy(&fc->bdi); + fuse_conn_put(fc); + } + +@@ -531,7 +532,6 @@ void fuse_conn_put(struct fuse_conn *fc) + if (fc->destroy_req) + fuse_request_free(fc->destroy_req); + mutex_destroy(&fc->inst_mutex); +- bdi_destroy(&fc->bdi); + kfree(fc); + } + } + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:19 2009 +Message-Id: <20090131023619.705940347@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:13 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Miklos Szeredi +Subject: [patch 02/32] fuse: fix missing fput on error +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=fuse-fix-missing-fput-on-error.patch +Content-Length: 776 +Lines: 36 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Miklos Szeredi + +commit 3ddf1e7f57237ac7c5d5bfb7058f1ea4f970b661 upstream. + +Fix the leaking file reference if allocation or initialization of +fuse_conn failed. + +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fuse/inode.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/fs/fuse/inode.c ++++ b/fs/fuse/inode.c +@@ -832,12 +832,16 @@ static int fuse_fill_super(struct super_ + if (!file) + return -EINVAL; + +- if (file->f_op != &fuse_dev_operations) ++ if (file->f_op != &fuse_dev_operations) { ++ fput(file); + return -EINVAL; ++ } + + fc = new_conn(sb); +- if (!fc) ++ if (!fc) { ++ fput(file); + return -ENOMEM; ++ } + + fc->flags = d.flags; + fc->user_id = d.user_id; + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:19 2009 +Message-Id: <20090131023619.827230073@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:14 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Dan Carpenter , + Miklos Szeredi +Subject: [patch 03/32] fuse: fix NULL deref in fuse_file_alloc() +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=fuse-fix-null-deref-in-fuse_file_alloc.patch +Content-Length: 704 +Lines: 26 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Dan Carpenter + +commit bb875b38dc5e343bdb696b2eab8233e4d195e208 upstream. + +ff is set to NULL and then dereferenced on line 65. Compile tested only. + +Signed-off-by: Dan Carpenter +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fuse/file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/fuse/file.c ++++ b/fs/fuse/file.c +@@ -54,7 +54,7 @@ struct fuse_file *fuse_file_alloc(void) + ff->reserved_req = fuse_request_alloc(); + if (!ff->reserved_req) { + kfree(ff); +- ff = NULL; ++ return NULL; + } else { + INIT_LIST_HEAD(&ff->write_entry); + atomic_set(&ff->count, 0); + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:20 2009 +Message-Id: <20090131023619.947422998@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:15 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + John McCutchan , + Robert Love , + Vegard Nossum +Subject: [patch 04/32] inotify: clean up inotify_read and fix locking problems +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=inotify-clean-up-inotify_read-and-fix-locking-problems.patch +Content-Length: 5426 +Lines: 221 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Vegard Nossum + +commit 3632dee2f8b8a9720329f29eeaa4ec4669a3aff8 upstream. + +If userspace supplies an invalid pointer to a read() of an inotify +instance, the inotify device's event list mutex is unlocked twice. +This causes an unbalance which effectively leaves the data structure +unprotected, and we can trigger oopses by accessing the inotify +instance from different tasks concurrently. + +The best fix (contributed largely by Linus) is a total rewrite +of the function in question: + +On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote: +> The thing to notice is that: +> +> - locking is done in just one place, and there is no question about it +> not having an unlock. +> +> - that whole double-while(1)-loop thing is gone. +> +> - use multiple functions to make nesting and error handling sane +> +> - do error testing after doing the things you always need to do, ie do +> this: +> +> mutex_lock(..) +> ret = function_call(); +> mutex_unlock(..) +> +> .. test ret here .. +> +> instead of doing conditional exits with unlocking or freeing. +> +> So if the code is written in this way, it may still be buggy, but at least +> it's not buggy because of subtle "forgot to unlock" or "forgot to free" +> issues. +> +> This _always_ unlocks if it locked, and it always frees if it got a +> non-error kevent. + +Cc: John McCutchan +Cc: Robert Love +Signed-off-by: Vegard Nossum +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/inotify_user.c | 135 +++++++++++++++++++++++++++++------------------------- + 1 file changed, 74 insertions(+), 61 deletions(-) + +--- a/fs/inotify_user.c ++++ b/fs/inotify_user.c +@@ -427,10 +427,61 @@ static unsigned int inotify_poll(struct + return ret; + } + ++/* ++ * Get an inotify_kernel_event if one exists and is small ++ * enough to fit in "count". Return an error pointer if ++ * not large enough. ++ * ++ * Called with the device ev_mutex held. ++ */ ++static struct inotify_kernel_event *get_one_event(struct inotify_device *dev, ++ size_t count) ++{ ++ size_t event_size = sizeof(struct inotify_event); ++ struct inotify_kernel_event *kevent; ++ ++ if (list_empty(&dev->events)) ++ return NULL; ++ ++ kevent = inotify_dev_get_event(dev); ++ if (kevent->name) ++ event_size += kevent->event.len; ++ ++ if (event_size > count) ++ return ERR_PTR(-EINVAL); ++ ++ remove_kevent(dev, kevent); ++ return kevent; ++} ++ ++/* ++ * Copy an event to user space, returning how much we copied. ++ * ++ * We already checked that the event size is smaller than the ++ * buffer we had in "get_one_event()" above. ++ */ ++static ssize_t copy_event_to_user(struct inotify_kernel_event *kevent, ++ char __user *buf) ++{ ++ size_t event_size = sizeof(struct inotify_event); ++ ++ if (copy_to_user(buf, &kevent->event, event_size)) ++ return -EFAULT; ++ ++ if (kevent->name) { ++ buf += event_size; ++ ++ if (copy_to_user(buf, kevent->name, kevent->event.len)) ++ return -EFAULT; ++ ++ event_size += kevent->event.len; ++ } ++ return event_size; ++} ++ + static ssize_t inotify_read(struct file *file, char __user *buf, + size_t count, loff_t *pos) + { +- size_t event_size = sizeof (struct inotify_event); + struct inotify_device *dev; + char __user *start; + int ret; +@@ -440,81 +491,43 @@ static ssize_t inotify_read(struct file + dev = file->private_data; + + while (1) { ++ struct inotify_kernel_event *kevent; + + prepare_to_wait(&dev->wq, &wait, TASK_INTERRUPTIBLE); + + mutex_lock(&dev->ev_mutex); +- if (!list_empty(&dev->events)) { +- ret = 0; +- break; +- } ++ kevent = get_one_event(dev, count); + mutex_unlock(&dev->ev_mutex); + +- if (file->f_flags & O_NONBLOCK) { +- ret = -EAGAIN; +- break; +- } +- +- if (signal_pending(current)) { +- ret = -EINTR; +- break; ++ if (kevent) { ++ ret = PTR_ERR(kevent); ++ if (IS_ERR(kevent)) ++ break; ++ ret = copy_event_to_user(kevent, buf); ++ free_kevent(kevent); ++ if (ret < 0) ++ break; ++ buf += ret; ++ count -= ret; ++ continue; + } + +- schedule(); +- } +- +- finish_wait(&dev->wq, &wait); +- if (ret) +- return ret; +- +- while (1) { +- struct inotify_kernel_event *kevent; +- +- ret = buf - start; +- if (list_empty(&dev->events)) ++ ret = -EAGAIN; ++ if (file->f_flags & O_NONBLOCK) + break; +- +- kevent = inotify_dev_get_event(dev); +- if (event_size + kevent->event.len > count) { +- if (ret == 0 && count > 0) { +- /* +- * could not get a single event because we +- * didn't have enough buffer space. +- */ +- ret = -EINVAL; +- } ++ ret = -EINTR; ++ if (signal_pending(current)) + break; +- } +- remove_kevent(dev, kevent); + +- /* +- * Must perform the copy_to_user outside the mutex in order +- * to avoid a lock order reversal with mmap_sem. +- */ +- mutex_unlock(&dev->ev_mutex); +- +- if (copy_to_user(buf, &kevent->event, event_size)) { +- ret = -EFAULT; ++ if (start != buf) + break; +- } +- buf += event_size; +- count -= event_size; +- +- if (kevent->name) { +- if (copy_to_user(buf, kevent->name, kevent->event.len)){ +- ret = -EFAULT; +- break; +- } +- buf += kevent->event.len; +- count -= kevent->event.len; +- } + +- free_kevent(kevent); +- +- mutex_lock(&dev->ev_mutex); ++ schedule(); + } +- mutex_unlock(&dev->ev_mutex); + ++ finish_wait(&dev->wq, &wait); ++ if (start != buf && ret != -EFAULT) ++ ret = buf - start; + return ret; + } + + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:20 2009 +Message-Id: <20090131023620.077655966@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:16 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Brian Cavagnolo , + Andrey Yurovsky , + Johannes Berg , + "John W. Linville" +Subject: [patch 05/32] mac80211: decrement ref count to netdev after launching mesh discovery +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=mac80211-decrement-ref-count-to-netdev-after-launching-mesh-discovery.patch +Content-Length: 1053 +Lines: 32 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Brian Cavagnolo + +commit 5dc306f3bd1d4cfdf79df39221b3036eab1ddcf3 upstream. + +After launching mesh discovery in tx path, reference count was not being +decremented. This was preventing module unload. + +Signed-off-by: Brian Cavagnolo +Signed-off-by: Andrey Yurovsky +Acked-by: Johannes Berg +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + net/mac80211/tx.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -1335,8 +1335,10 @@ int ieee80211_master_start_xmit(struct s + if (is_multicast_ether_addr(hdr->addr3)) + memcpy(hdr->addr1, hdr->addr3, ETH_ALEN); + else +- if (mesh_nexthop_lookup(skb, odev)) ++ if (mesh_nexthop_lookup(skb, odev)) { ++ dev_put(odev); + return 0; ++ } + if (memcmp(odev->dev_addr, hdr->addr4, ETH_ALEN) != 0) + IEEE80211_IFSTA_MESH_CTR_INC(&osdata->u.sta, + fwded_frames); + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:20 2009 +Message-Id: <20090131023620.203789393@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:17 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk +Subject: [patch 06/32] sysfs: fix problems with binary files +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=sysfs-fix-problems-with-binary-files.patch +Content-Length: 941 +Lines: 40 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Greg Kroah-Hartman + +commit 4503efd0891c40e30928afb4b23dc3f99c62a6b2 upstream. + +Some sysfs binary files don't like having 0 passed to them as a size. +Fix this up at the root by just returning to the vfs if userspace asks +us for a zero sized buffer. + +Thanks to Pavel Roskin for pointing this out. + +Reported-by: Pavel Roskin +Signed-off-by: Greg Kroah-Hartman + +--- + fs/sysfs/bin.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/fs/sysfs/bin.c ++++ b/fs/sysfs/bin.c +@@ -62,6 +62,9 @@ read(struct file *file, char __user *use + loff_t offs = *off; + int count = min_t(size_t, bytes, PAGE_SIZE); + ++ if (!bytes) ++ return 0; ++ + if (size) { + if (offs > size) + return 0; +@@ -119,6 +122,9 @@ static ssize_t write(struct file *file, + loff_t offs = *off; + int count = min_t(size_t, bytes, PAGE_SIZE); + ++ if (!bytes) ++ return 0; ++ + if (size) { + if (offs > size) + return 0; + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:20 2009 +Message-Id: <20090131023620.323119857@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:18 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Peter Zijlstra , + Ingo Molnar +Subject: [patch 07/32] x86, mm: fix pte_free() +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=x86-mm-fix-pte_free.patch +Content-Length: 2201 +Lines: 70 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Peter Zijlstra + +commit 42ef73fe134732b2e91c0326df5fd568da17c4b2 upstream. + +On -rt we were seeing spurious bad page states like: + +Bad page state in process 'firefox' +page:c1bc2380 flags:0x40000000 mapping:c1bc2390 mapcount:0 count:0 +Trying to fix it up, but a reboot is needed +Backtrace: +Pid: 503, comm: firefox Not tainted 2.6.26.8-rt13 #3 +[] ? printk+0x14/0x19 +[] bad_page+0x4e/0x79 +[] free_hot_cold_page+0x5b/0x1d3 +[] free_hot_page+0xf/0x11 +[] __free_pages+0x20/0x2b +[] __pte_alloc+0x87/0x91 +[] handle_mm_fault+0xe4/0x733 +[] ? rt_mutex_down_read_trylock+0x57/0x63 +[] ? rt_mutex_down_read_trylock+0x57/0x63 +[] do_page_fault+0x36f/0x88a + +This is the case where a concurrent fault already installed the PTE and +we get to free the newly allocated one. + +This is due to pgtable_page_ctor() doing the spin_lock_init(&page->ptl) +which is overlaid with the {private, mapping} struct. + +union { + struct { + unsigned long private; + struct address_space *mapping; + }; + spinlock_t ptl; + struct kmem_cache *slab; + struct page *first_page; +}; + +Normally the spinlock is small enough to not stomp on page->mapping, but +PREEMPT_RT=y has huge 'spin'locks. + +But lockdep kernels should also be able to trigger this splat, as the +lock tracking code grows the spinlock to cover page->mapping. + +The obvious fix is calling pgtable_page_dtor() like the regular pte free +path __pte_free_tlb() does. + +It seems all architectures except x86 and nm10300 already do this, and +nm10300 doesn't seem to use pgtable_page_ctor(), which suggests it +doesn't do SMP or simply doesnt do MMU at all or something. + +Signed-off-by: Peter Zijlstra +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + include/asm-x86/pgalloc.h | 1 + + 1 file changed, 1 insertion(+) + +--- a/include/asm-x86/pgalloc.h ++++ b/include/asm-x86/pgalloc.h +@@ -42,6 +42,7 @@ static inline void pte_free_kernel(struc + + static inline void pte_free(struct mm_struct *mm, struct page *pte) + { ++ pgtable_page_dtor(pte); + __free_page(pte); + } + + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:20 2009 +Message-Id: <20090131023620.444433310@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:19 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Ivan Kokshaysky , + Richard Henderson , + Tobias Klausmann +Subject: [patch 08/32] alpha: nautilus - fix compile failure with gcc-4.3 +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=alpha-nautilus-fix-compile-failure-with-gcc-4.3.patch +Content-Length: 1211 +Lines: 38 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Ivan Kokshaysky + +commit 70b66cbfd3316b792a855cb9a2574e85f1a63d0f upstream. + +init_srm_irq() deals with irq's #16 and above, but size of irq_desc +array on nautilus and some other system types is 16. So gcc-4.3 +complains that "array subscript is above array bounds", even though +this function is never called on those systems. + +This adds a check for NR_IRQS <= 16, which effectively optimizes +init_srm_irq() code away on problematic platforms. + +Thanks to Daniel Drake for detailed analysis +of the problem. + +Signed-off-by: Ivan Kokshaysky +Cc: Richard Henderson +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Cc: Tobias Klausmann +Signed-off-by: Greg Kroah-Hartman + +--- + arch/alpha/kernel/irq_srm.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/alpha/kernel/irq_srm.c ++++ b/arch/alpha/kernel/irq_srm.c +@@ -63,6 +63,8 @@ init_srm_irqs(long max, unsigned long ig + { + long i; + ++ if (NR_IRQS <= 16) ++ return; + for (i = 16; i < max; ++i) { + if (i < 64 && ((ignore_mask >> i) & 1)) + continue; + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:20 2009 +Message-Id: <20090131023620.568912473@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:20 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Brandon Philips , + Bartlomiej Zolnierkiewicz +Subject: [patch 09/32] it821x: Add ultra_mask quirk for Vortex86SX +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=it821x-add-ultra_mask-quirk-for-vortex86sx.patch +Content-Length: 2300 +Lines: 81 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Brandon Philips + +commit b94b898f3107046b5c97c556e23529283ea5eadd upstream. + +On Vortex86SX with IDE controller revision 0x11 ultra DMA must be +disabled. This patch was tested by DMP and seems to work. + +It is a cleaned up version of their older Kernel patch: + http://www.dmp.com.tw/tech/vortex86sx/patch-2.6.24-DMP.gz + +Tested-by: Shawn Lin +Signed-off-by: Brandon Philips +Cc: Alan Cox +Signed-off-by: Bartlomiej Zolnierkiewicz +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ide/pci/it821x.c | 12 ++++++++++++ + include/linux/pci_ids.h | 1 + + 2 files changed, 13 insertions(+) + +--- a/drivers/ide/pci/it821x.c ++++ b/drivers/ide/pci/it821x.c +@@ -69,6 +69,8 @@ + + #define DRV_NAME "it821x" + ++#define QUIRK_VORTEX86 1 ++ + struct it821x_dev + { + unsigned int smart:1, /* Are we in smart raid mode */ +@@ -80,6 +82,7 @@ struct it821x_dev + u16 pio[2]; /* Cached PIO values */ + u16 mwdma[2]; /* Cached MWDMA values */ + u16 udma[2]; /* Cached UDMA values (per drive) */ ++ u16 quirks; + }; + + #define ATA_66 0 +@@ -586,6 +589,12 @@ static void __devinit init_hwif_it821x(i + + hwif->ultra_mask = ATA_UDMA6; + hwif->mwdma_mask = ATA_MWDMA2; ++ ++ /* Vortex86SX quirk: prevent Ultra-DMA mode to fix BadCRC issue */ ++ if (idev->quirks & QUIRK_VORTEX86) { ++ if (dev->revision == 0x11) ++ hwif->ultra_mask = 0; ++ } + } + + static void __devinit it8212_disable_raid(struct pci_dev *dev) +@@ -658,6 +667,8 @@ static int __devinit it821x_init_one(str + return -ENOMEM; + } + ++ itdevs->quirks = id->driver_data; ++ + rc = ide_pci_init_one(dev, &it821x_chipset, itdevs); + if (rc) + kfree(itdevs); +@@ -677,6 +688,7 @@ static void __devexit it821x_remove(stru + static const struct pci_device_id it821x_pci_tbl[] = { + { PCI_VDEVICE(ITE, PCI_DEVICE_ID_ITE_8211), 0 }, + { PCI_VDEVICE(ITE, PCI_DEVICE_ID_ITE_8212), 0 }, ++ { PCI_VDEVICE(RDC, PCI_DEVICE_ID_RDC_D1010), QUIRK_VORTEX86 }, + { 0, }, + }; + +--- a/include/linux/pci_ids.h ++++ b/include/linux/pci_ids.h +@@ -2148,6 +2148,7 @@ + #define PCI_DEVICE_ID_RDC_R6040 0x6040 + #define PCI_DEVICE_ID_RDC_R6060 0x6060 + #define PCI_DEVICE_ID_RDC_R6061 0x6061 ++#define PCI_DEVICE_ID_RDC_D1010 0x1010 + + #define PCI_VENDOR_ID_LENOVO 0x17aa + + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:20 2009 +Message-Id: <20090131023620.693374946@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:21 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Joseph Chan , + Tejun Heo , + Jeff Garzik +Subject: [patch 10/32] libata: pata_via: support VX855, future chips whose IDE controller use 0x0571 +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=libata-pata_via-support-vx855-future-chips-whose-ide-controller-use-0x0571.patch +Content-Length: 4074 +Lines: 118 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: JosephChan@via.com.tw + +commit e4d866cdea24543ee16ce6d07d80c513e86ba983 upstream. + +It supports VX855 and future chips whose IDE controller uses PCI ID 0x0571. + +Signed-off-by: Joseph Chan +Acked-by: Tejun Heo +Signed-off-by: Jeff Garzik +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ata/pata_via.c | 22 +++++++++++++++++----- + include/linux/pci_ids.h | 4 ++++ + 2 files changed, 21 insertions(+), 5 deletions(-) + +--- a/drivers/ata/pata_via.c ++++ b/drivers/ata/pata_via.c +@@ -87,6 +87,10 @@ enum { + VIA_SATA_PATA = 0x800, /* SATA/PATA combined configuration */ + }; + ++enum { ++ VIA_IDFLAG_SINGLE = (1 << 0), /* single channel controller) */ ++}; ++ + /* + * VIA SouthBridge chips. + */ +@@ -98,8 +102,12 @@ static const struct via_isa_bridge { + u8 rev_max; + u16 flags; + } via_isa_bridges[] = { ++ { "vx855", PCI_DEVICE_ID_VIA_VX855, 0x00, 0x2f, ++ VIA_UDMA_133 | VIA_BAD_AST | VIA_SATA_PATA }, + { "vx800", PCI_DEVICE_ID_VIA_VX800, 0x00, 0x2f, VIA_UDMA_133 | + VIA_BAD_AST | VIA_SATA_PATA }, ++ { "vt8261", PCI_DEVICE_ID_VIA_8261, 0x00, 0x2f, ++ VIA_UDMA_133 | VIA_BAD_AST }, + { "vt8237s", PCI_DEVICE_ID_VIA_8237S, 0x00, 0x2f, VIA_UDMA_133 | VIA_BAD_AST }, + { "vt8251", PCI_DEVICE_ID_VIA_8251, 0x00, 0x2f, VIA_UDMA_133 | VIA_BAD_AST }, + { "cx700", PCI_DEVICE_ID_VIA_CX700, 0x00, 0x2f, VIA_UDMA_133 | VIA_BAD_AST | VIA_SATA_PATA }, +@@ -123,6 +131,8 @@ static const struct via_isa_bridge { + { "vt82c586", PCI_DEVICE_ID_VIA_82C586_0, 0x00, 0x0f, VIA_UDMA_NONE | VIA_SET_FIFO }, + { "vt82c576", PCI_DEVICE_ID_VIA_82C576, 0x00, 0x2f, VIA_UDMA_NONE | VIA_SET_FIFO | VIA_NO_UNMASK }, + { "vt82c576", PCI_DEVICE_ID_VIA_82C576, 0x00, 0x2f, VIA_UDMA_NONE | VIA_SET_FIFO | VIA_NO_UNMASK | VIA_BAD_ID }, ++ { "vtxxxx", PCI_DEVICE_ID_VIA_ANON, 0x00, 0x2f, ++ VIA_UDMA_133 | VIA_BAD_AST }, + { NULL } + }; + +@@ -461,6 +471,7 @@ static int via_init_one(struct pci_dev * + static int printed_version; + u8 enable; + u32 timing; ++ unsigned long flags = id->driver_data; + int rc; + + if (!printed_version++) +@@ -470,9 +481,13 @@ static int via_init_one(struct pci_dev * + if (rc) + return rc; + ++ if (flags & VIA_IDFLAG_SINGLE) ++ ppi[1] = &ata_dummy_port_info; ++ + /* To find out how the IDE will behave and what features we + actually have to look at the bridge not the IDE controller */ +- for (config = via_isa_bridges; config->id; config++) ++ for (config = via_isa_bridges; config->id != PCI_DEVICE_ID_VIA_ANON; ++ config++) + if ((isa = pci_get_device(PCI_VENDOR_ID_VIA + + !!(config->flags & VIA_BAD_ID), + config->id, NULL))) { +@@ -483,10 +498,6 @@ static int via_init_one(struct pci_dev * + pci_dev_put(isa); + } + +- if (!config->id) { +- printk(KERN_WARNING "via: Unknown VIA SouthBridge, disabling.\n"); +- return -ENODEV; +- } + pci_dev_put(isa); + + if (!(config->flags & VIA_NO_ENABLES)) { +@@ -588,6 +599,7 @@ static const struct pci_device_id via[] + { PCI_VDEVICE(VIA, 0x1571), }, + { PCI_VDEVICE(VIA, 0x3164), }, + { PCI_VDEVICE(VIA, 0x5324), }, ++ { PCI_VDEVICE(VIA, 0xC409), VIA_IDFLAG_SINGLE }, + + { }, + }; +--- a/include/linux/pci_ids.h ++++ b/include/linux/pci_ids.h +@@ -1346,6 +1346,7 @@ + #define PCI_DEVICE_ID_VIA_8783_0 0x3208 + #define PCI_DEVICE_ID_VIA_8237 0x3227 + #define PCI_DEVICE_ID_VIA_8251 0x3287 ++#define PCI_DEVICE_ID_VIA_8261 0x3402 + #define PCI_DEVICE_ID_VIA_8237A 0x3337 + #define PCI_DEVICE_ID_VIA_8237S 0x3372 + #define PCI_DEVICE_ID_VIA_SATA_EIDE 0x5324 +@@ -1355,10 +1356,13 @@ + #define PCI_DEVICE_ID_VIA_CX700 0x8324 + #define PCI_DEVICE_ID_VIA_CX700_IDE 0x0581 + #define PCI_DEVICE_ID_VIA_VX800 0x8353 ++#define PCI_DEVICE_ID_VIA_VX855 0x8409 + #define PCI_DEVICE_ID_VIA_8371_1 0x8391 + #define PCI_DEVICE_ID_VIA_82C598_1 0x8598 + #define PCI_DEVICE_ID_VIA_838X_1 0xB188 + #define PCI_DEVICE_ID_VIA_83_87XX_1 0xB198 ++#define PCI_DEVICE_ID_VIA_C409_IDE 0XC409 ++#define PCI_DEVICE_ID_VIA_ANON 0xFFFF + + #define PCI_VENDOR_ID_SIEMENS 0x110A + #define PCI_DEVICE_ID_SIEMENS_DSCC4 0x2102 + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:20 2009 +Message-Id: <20090131023620.811307815@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:22 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Larry Finger , + "John W. Linville" +Subject: [patch 11/32] rtl8187: Add termination packet to prevent stall +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=rtl8187-add-termination-packet-to-prevent-stall.patch +Content-Length: 823 +Lines: 26 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Larry Finger + +commit 2fcbab044a3faf4d4a6e269148dd1f188303b206 upstream. + +The RTL8187 and RTL8187B devices can stall unless an explicit termination +packet is sent. + +Signed-off-by: Larry Finger +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/rtl8187_dev.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/wireless/rtl8187_dev.c ++++ b/drivers/net/wireless/rtl8187_dev.c +@@ -263,6 +263,7 @@ static int rtl8187_tx(struct ieee80211_h + + usb_fill_bulk_urb(urb, priv->udev, usb_sndbulkpipe(priv->udev, ep), + buf, skb->len, rtl8187_tx_cb, skb); ++ urb->transfer_flags |= URB_ZERO_PACKET; + rc = usb_submit_urb(urb, GFP_ATOMIC); + if (rc < 0) { + usb_free_urb(urb); + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:21 2009 +Message-Id: <20090131023620.929328811@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:23 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Flavio Leitner , + Alan Cox +Subject: [patch 12/32] serial_8250: support for Sealevel Systems Model 7803 COMM+8 +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=serial_8250-support-for-sealevel-systems-model-7803-comm-8.patch +Content-Length: 1296 +Lines: 39 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Flavio Leitner + +commit e65f0f8271b1b0452334e5da37fd35413a000de4 upstream. + +Add support for Sealevel Systems Model 7803 COMM+8 + +Signed-off-by: Flavio Leitner +Signed-off-by: Alan Cox +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/serial/8250_pci.c | 3 +++ + include/linux/pci_ids.h | 1 + + 2 files changed, 4 insertions(+) + +--- a/drivers/serial/8250_pci.c ++++ b/drivers/serial/8250_pci.c +@@ -2190,6 +2190,9 @@ static struct pci_device_id serial_pci_t + { PCI_VENDOR_ID_SEALEVEL, PCI_DEVICE_ID_SEALEVEL_COMM8, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, + pbn_b2_8_115200 }, ++ { PCI_VENDOR_ID_SEALEVEL, PCI_DEVICE_ID_SEALEVEL_7803, ++ PCI_ANY_ID, PCI_ANY_ID, 0, 0, ++ pbn_b2_8_460800 }, + { PCI_VENDOR_ID_SEALEVEL, PCI_DEVICE_ID_SEALEVEL_UCOMM8, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, + pbn_b2_8_115200 }, +--- a/include/linux/pci_ids.h ++++ b/include/linux/pci_ids.h +@@ -1784,6 +1784,7 @@ + #define PCI_DEVICE_ID_SEALEVEL_UCOMM232 0x7202 + #define PCI_DEVICE_ID_SEALEVEL_COMM4 0x7401 + #define PCI_DEVICE_ID_SEALEVEL_COMM8 0x7801 ++#define PCI_DEVICE_ID_SEALEVEL_7803 0x7803 + #define PCI_DEVICE_ID_SEALEVEL_UCOMM8 0x7804 + + #define PCI_VENDOR_ID_HYPERCOPE 0x1365 + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:21 2009 +Message-Id: <20090131023621.058512481@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:24 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Trond Myklebust +Subject: [patch 13/32] SUNRPC: Fix a memory leak in rpcb_getport_async +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=sunrpc-fix-a-memory-leak-in-rpcb_getport_async.patch +Content-Length: 908 +Lines: 32 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Trond Myklebust + +commit 96165e2b7c4e2c82a0b60c766d4a2036444c21a0 upstream. + +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + net/sunrpc/rpcb_clnt.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/net/sunrpc/rpcb_clnt.c ++++ b/net/sunrpc/rpcb_clnt.c +@@ -558,7 +558,7 @@ void rpcb_getport_async(struct rpc_task + status = -ENOMEM; + dprintk("RPC: %5u %s: no memory available\n", + task->tk_pid, __func__); +- goto bailout_nofree; ++ goto bailout_release_client; + } + map->r_prog = clnt->cl_prog; + map->r_vers = clnt->cl_vers; +@@ -583,6 +583,8 @@ void rpcb_getport_async(struct rpc_task + task->tk_xprt->stat.bind_count++; + return; + ++bailout_release_client: ++ rpc_release_client(rpcb_clnt); + bailout_nofree: + rpcb_wake_rpcbind_waiters(xprt, status); + task->tk_status = status; + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:21 2009 +Message-Id: <20090131023621.181481746@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:25 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Trond Myklebust +Subject: [patch 14/32] SUNRPC: Fix autobind on cloned rpc clients +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=sunrpc-fix-autobind-on-cloned-rpc-clients.patch +Content-Length: 3014 +Lines: 96 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Trond Myklebust + +commit 9a4bd29fe8f6d3f015fe1c8e5450eb62cfebfcc9 upstream. + +Despite the fact that cloned rpc clients won't have the cl_autobind flag +set, they may still find themselves calling rpcb_getport_async(). For this +to happen, it suffices for a _parent_ rpc_clnt to use autobinding, in which +case any clone may find itself triggering the !xprt_bound() case in +call_bind(). + +The correct fix for this is to walk back up the tree of cloned rpc clients, +in order to find the parent that 'owns' the transport, either because it +has clnt->cl_autobind set, or because it originally created the +transport... + +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + net/sunrpc/rpcb_clnt.c | 36 +++++++++++++++++++++++++++++------- + 1 file changed, 29 insertions(+), 7 deletions(-) + +--- a/net/sunrpc/rpcb_clnt.c ++++ b/net/sunrpc/rpcb_clnt.c +@@ -469,6 +469,28 @@ static struct rpc_task *rpcb_call_async( + return rpc_run_task(&task_setup_data); + } + ++/* ++ * In the case where rpc clients have been cloned, we want to make ++ * sure that we use the program number/version etc of the actual ++ * owner of the xprt. To do so, we walk back up the tree of parents ++ * to find whoever created the transport and/or whoever has the ++ * autobind flag set. ++ */ ++static struct rpc_clnt *rpcb_find_transport_owner(struct rpc_clnt *clnt) ++{ ++ struct rpc_clnt *parent = clnt->cl_parent; ++ ++ while (parent != clnt) { ++ if (parent->cl_xprt != clnt->cl_xprt) ++ break; ++ if (clnt->cl_autobind) ++ break; ++ clnt = parent; ++ parent = parent->cl_parent; ++ } ++ return clnt; ++} ++ + /** + * rpcb_getport_async - obtain the port for a given RPC service on a given host + * @task: task that is waiting for portmapper request +@@ -478,10 +500,10 @@ static struct rpc_task *rpcb_call_async( + */ + void rpcb_getport_async(struct rpc_task *task) + { +- struct rpc_clnt *clnt = task->tk_client; ++ struct rpc_clnt *clnt; + struct rpc_procinfo *proc; + u32 bind_version; +- struct rpc_xprt *xprt = task->tk_xprt; ++ struct rpc_xprt *xprt; + struct rpc_clnt *rpcb_clnt; + static struct rpcbind_args *map; + struct rpc_task *child; +@@ -490,13 +512,13 @@ void rpcb_getport_async(struct rpc_task + size_t salen; + int status; + ++ clnt = rpcb_find_transport_owner(task->tk_client); ++ xprt = clnt->cl_xprt; ++ + dprintk("RPC: %5u %s(%s, %u, %u, %d)\n", + task->tk_pid, __func__, + clnt->cl_server, clnt->cl_prog, clnt->cl_vers, xprt->prot); + +- /* Autobind on cloned rpc clients is discouraged */ +- BUG_ON(clnt->cl_parent != clnt); +- + /* Put self on the wait queue to ensure we get notified if + * some other task is already attempting to bind the port */ + rpc_sleep_on(&xprt->binding, task, NULL); +@@ -578,9 +600,9 @@ void rpcb_getport_async(struct rpc_task + task->tk_pid, __func__); + return; + } +- rpc_put_task(child); + +- task->tk_xprt->stat.bind_count++; ++ xprt->stat.bind_count++; ++ rpc_put_task(child); + return; + + bailout_release_client: + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:21 2009 +Message-Id: <20090131023621.304495011@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:26 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Alan Stern +Subject: [patch 15/32] USB: fix char-device disconnect handling +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=usb-fix-char-device-disconnect-handling.patch +Content-Length: 3675 +Lines: 120 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Alan Stern + +commit 501950d846218ed80a776d2aae5aed9c8b92e778 upstream. + +This patch (as1198) fixes a conceptual bug: Somewhere along the line +we managed to confuse USB class devices with USB char devices. As a +result, the code to send a disconnect signal to userspace would not be +built if both CONFIG_USB_DEVICE_CLASS and CONFIG_USB_DEVICEFS were +disabled. + +The usb_fs_classdev_common_remove() routine has been renamed to +usbdev_remove() and it is now called whenever any USB device is +removed, not just when a class device is unregistered. The notifier +registration and unregistration calls are no longer conditionally +compiled. And since the common removal code will always be called as +part of the char device interface, there's no need to call it again as +part of the usbfs interface; thus the invocation of +usb_fs_classdev_common_remove() has been taken out of +usbfs_remove_device(). + +Signed-off-by: Alan Stern +Reported-by: Alon Bar-Lev +Tested-by: Alon Bar-Lev +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/core/devio.c | 20 ++++++++++++-------- + drivers/usb/core/inode.c | 1 - + drivers/usb/core/usb.h | 1 - + 3 files changed, 12 insertions(+), 10 deletions(-) + +--- a/drivers/usb/core/devio.c ++++ b/drivers/usb/core/devio.c +@@ -1700,7 +1700,7 @@ const struct file_operations usbdev_file + .release = usbdev_release, + }; + +-void usb_fs_classdev_common_remove(struct usb_device *udev) ++static void usbdev_remove(struct usb_device *udev) + { + struct dev_state *ps; + struct siginfo sinfo; +@@ -1742,10 +1742,15 @@ static void usb_classdev_remove(struct u + { + if (dev->usb_classdev) + device_unregister(dev->usb_classdev); +- usb_fs_classdev_common_remove(dev); + } + +-static int usb_classdev_notify(struct notifier_block *self, ++#else ++#define usb_classdev_add(dev) 0 ++#define usb_classdev_remove(dev) do {} while (0) ++ ++#endif ++ ++static int usbdev_notify(struct notifier_block *self, + unsigned long action, void *dev) + { + switch (action) { +@@ -1755,15 +1760,15 @@ static int usb_classdev_notify(struct no + break; + case USB_DEVICE_REMOVE: + usb_classdev_remove(dev); ++ usbdev_remove(dev); + break; + } + return NOTIFY_OK; + } + + static struct notifier_block usbdev_nb = { +- .notifier_call = usb_classdev_notify, ++ .notifier_call = usbdev_notify, + }; +-#endif + + static struct cdev usb_device_cdev; + +@@ -1797,9 +1802,8 @@ int __init usb_devio_init(void) + * to /sys/dev + */ + usb_classdev_class->dev_kobj = NULL; +- +- usb_register_notify(&usbdev_nb); + #endif ++ usb_register_notify(&usbdev_nb); + out: + return retval; + +@@ -1810,8 +1814,8 @@ error_cdev: + + void usb_devio_cleanup(void) + { +-#ifdef CONFIG_USB_DEVICE_CLASS + usb_unregister_notify(&usbdev_nb); ++#ifdef CONFIG_USB_DEVICE_CLASS + class_destroy(usb_classdev_class); + #endif + cdev_del(&usb_device_cdev); +--- a/drivers/usb/core/inode.c ++++ b/drivers/usb/core/inode.c +@@ -716,7 +716,6 @@ static void usbfs_remove_device(struct u + fs_remove_file (dev->usbfs_dentry); + dev->usbfs_dentry = NULL; + } +- usb_fs_classdev_common_remove(dev); + } + + static int usbfs_notify(struct notifier_block *self, unsigned long action, void *dev) +--- a/drivers/usb/core/usb.h ++++ b/drivers/usb/core/usb.h +@@ -145,7 +145,6 @@ extern struct usb_driver usbfs_driver; + extern const struct file_operations usbfs_devices_fops; + extern const struct file_operations usbdev_file_operations; + extern void usbfs_conn_disc_event(void); +-extern void usb_fs_classdev_common_remove(struct usb_device *udev); + + extern int usb_devio_init(void); + extern void usb_devio_cleanup(void); + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:21 2009 +Message-Id: <20090131023621.423453904@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:27 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Oliver Neukum +Subject: [patch 16/32] USB: storage: add unusual devs entry +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=usb-storage-add-unusual-devs-entry.patch +Content-Length: 786 +Lines: 29 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Oliver Neukum + +commit b90de8aea36ae6fe8050a6e91b031369c4f251b2 upstream. + +This adds an unusual devs entry for 2116:0320 + +Signed-off-by: Oliver Neukum +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/storage/unusual_devs.h | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/usb/storage/unusual_devs.h ++++ b/drivers/usb/storage/unusual_devs.h +@@ -2047,6 +2047,12 @@ UNUSUAL_DEV( 0x19d2, 0x2000, 0x0000, 0x + US_SC_DEVICE, US_PR_DEVICE, NULL, + US_FL_IGNORE_DEVICE), + ++UNUSUAL_DEV( 0x2116, 0x0320, 0x0001, 0x0001, ++ "ST", ++ "2A", ++ US_SC_DEVICE, US_PR_DEVICE, NULL, ++ US_FL_FIX_CAPACITY), ++ + /* patch submitted by Davide Perini + * and Renato Perini + */ + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:21 2009 +Message-Id: <20090131023621.544657017@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:28 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Pete Zaitcev +Subject: [patch 17/32] USB: usbmon: Implement compat_ioctl +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=usb-usbmon-implement-compat_ioctl.patch +Content-Length: 4268 +Lines: 171 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Pete Zaitcev + +commit 7abce6bedc118eb39fe177c2c26be5d008505c14 upstream. + +Running a 32-bit usbmon(8) on 2.6.28-rc9 produces the following: +ioctl32(usbmon:28563): Unknown cmd fd(3) cmd(400c9206){t:ffffff92;sz:12} arg(ffd3f458) on /dev/usbmon0 + +It happens because the compatibility mode was implemented for 2.6.18 +and not updated for the fsops.compat_ioctl API. + +This patch relocates the pieces from under #ifdef CONFIG_COMPAT into +compat_ioctl with no other changes except one new whitespace. + +Signed-off-by: Pete Zaitcev +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/mon/mon_bin.c | 105 ++++++++++++++++++++++++++++------------------ + 1 file changed, 66 insertions(+), 39 deletions(-) + +--- a/drivers/usb/mon/mon_bin.c ++++ b/drivers/usb/mon/mon_bin.c +@@ -37,6 +37,7 @@ + #define MON_IOCX_GET _IOW(MON_IOC_MAGIC, 6, struct mon_bin_get) + #define MON_IOCX_MFETCH _IOWR(MON_IOC_MAGIC, 7, struct mon_bin_mfetch) + #define MON_IOCH_MFLUSH _IO(MON_IOC_MAGIC, 8) ++ + #ifdef CONFIG_COMPAT + #define MON_IOCX_GET32 _IOW(MON_IOC_MAGIC, 6, struct mon_bin_get32) + #define MON_IOCX_MFETCH32 _IOWR(MON_IOC_MAGIC, 7, struct mon_bin_mfetch32) +@@ -921,21 +922,6 @@ static int mon_bin_ioctl(struct inode *i + } + break; + +-#ifdef CONFIG_COMPAT +- case MON_IOCX_GET32: { +- struct mon_bin_get32 getb; +- +- if (copy_from_user(&getb, (void __user *)arg, +- sizeof(struct mon_bin_get32))) +- return -EFAULT; +- +- ret = mon_bin_get_event(file, rp, +- compat_ptr(getb.hdr32), compat_ptr(getb.data32), +- getb.alloc32); +- } +- break; +-#endif +- + case MON_IOCX_MFETCH: + { + struct mon_bin_mfetch mfetch; +@@ -962,7 +948,57 @@ static int mon_bin_ioctl(struct inode *i + } + break; + ++ case MON_IOCG_STATS: { ++ struct mon_bin_stats __user *sp; ++ unsigned int nevents; ++ unsigned int ndropped; ++ ++ spin_lock_irqsave(&rp->b_lock, flags); ++ ndropped = rp->cnt_lost; ++ rp->cnt_lost = 0; ++ spin_unlock_irqrestore(&rp->b_lock, flags); ++ nevents = mon_bin_queued(rp); ++ ++ sp = (struct mon_bin_stats __user *)arg; ++ if (put_user(rp->cnt_lost, &sp->dropped)) ++ return -EFAULT; ++ if (put_user(nevents, &sp->queued)) ++ return -EFAULT; ++ ++ } ++ break; ++ ++ default: ++ return -ENOTTY; ++ } ++ ++ return ret; ++} ++ + #ifdef CONFIG_COMPAT ++static long mon_bin_compat_ioctl(struct file *file, ++ unsigned int cmd, unsigned long arg) ++{ ++ struct mon_reader_bin *rp = file->private_data; ++ int ret; ++ ++ switch (cmd) { ++ ++ case MON_IOCX_GET32: { ++ struct mon_bin_get32 getb; ++ ++ if (copy_from_user(&getb, (void __user *)arg, ++ sizeof(struct mon_bin_get32))) ++ return -EFAULT; ++ ++ ret = mon_bin_get_event(file, rp, ++ compat_ptr(getb.hdr32), compat_ptr(getb.data32), ++ getb.alloc32); ++ if (ret < 0) ++ return ret; ++ } ++ return 0; ++ + case MON_IOCX_MFETCH32: + { + struct mon_bin_mfetch32 mfetch; +@@ -986,37 +1022,25 @@ static int mon_bin_ioctl(struct inode *i + return ret; + if (put_user(ret, &uptr->nfetch32)) + return -EFAULT; +- ret = 0; + } +- break; +-#endif +- +- case MON_IOCG_STATS: { +- struct mon_bin_stats __user *sp; +- unsigned int nevents; +- unsigned int ndropped; +- +- spin_lock_irqsave(&rp->b_lock, flags); +- ndropped = rp->cnt_lost; +- rp->cnt_lost = 0; +- spin_unlock_irqrestore(&rp->b_lock, flags); +- nevents = mon_bin_queued(rp); ++ return 0; + +- sp = (struct mon_bin_stats __user *)arg; +- if (put_user(rp->cnt_lost, &sp->dropped)) +- return -EFAULT; +- if (put_user(nevents, &sp->queued)) +- return -EFAULT; ++ case MON_IOCG_STATS: ++ return mon_bin_ioctl(NULL, file, cmd, ++ (unsigned long) compat_ptr(arg)); + +- } +- break; ++ case MON_IOCQ_URB_LEN: ++ case MON_IOCQ_RING_SIZE: ++ case MON_IOCT_RING_SIZE: ++ case MON_IOCH_MFLUSH: ++ return mon_bin_ioctl(NULL, file, cmd, arg); + + default: +- return -ENOTTY; ++ ; + } +- +- return ret; ++ return -ENOTTY; + } ++#endif /* CONFIG_COMPAT */ + + static unsigned int + mon_bin_poll(struct file *file, struct poll_table_struct *wait) +@@ -1094,6 +1118,9 @@ static const struct file_operations mon_ + /* .write = mon_text_write, */ + .poll = mon_bin_poll, + .ioctl = mon_bin_ioctl, ++#ifdef CONFIG_COMPAT ++ .compat_ioctl = mon_bin_compat_ioctl, ++#endif + .release = mon_bin_release, + .mmap = mon_bin_mmap, + }; + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:21 2009 +Message-Id: <20090131023621.668163501@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:29 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Luke Yelavich , + Takashi Iwai +Subject: [patch 18/32] ALSA: hda - add another MacBook Pro 4, 1 subsystem ID +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=alsa-hda-add-another-macbook-pro-4-1-subsystem-id.patch +Content-Length: 854 +Lines: 26 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Luke Yelavich + +commit 2a88464ceb1bda2571f88902fd8068a6168e3f7b upstream. + +Add another MacBook Pro 4,1 SSID (106b:3800). It seems that latter revisions, +(at least mine), have different IDs to earlier revisions. + +Signed-off-by: Luke Yelavich +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -6631,6 +6631,7 @@ static int patch_alc882(struct hda_codec + case 0x106b00a1: /* Macbook (might be wrong - PCI SSID?) */ + case 0x106b2c00: /* Macbook Pro rev3 */ + case 0x106b3600: /* Macbook 3.1 */ ++ case 0x106b3800: /* MacbookPro4,1 - latter revision */ + board_config = ALC885_MBP3; + break; + default: + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:21 2009 +Message-Id: <20090131023621.791696806@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:30 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Joerg Schirottke , + Takashi Iwai +Subject: [patch 19/32] ALSA: hda - Add quirk for HP DV6700 laptop +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=alsa-hda-add-quirk-for-hp-dv6700-laptop.patch +Content-Length: 873 +Lines: 25 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Joerg Schirottke + +commit aa9d823bb347fb66cb07f98c686be8bb85cb6a74 upstream. + +Added the matching model=laptop for HP DV6700 laptop. + +Signed-off-by: Joerg Schirottke +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_conexant.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_conexant.c ++++ b/sound/pci/hda/patch_conexant.c +@@ -1470,6 +1470,7 @@ static struct snd_pci_quirk cxt5047_cfg_ + SND_PCI_QUIRK(0x103c, 0x30a5, "HP DV5200T/DV8000T", CXT5047_LAPTOP_HP), + SND_PCI_QUIRK(0x103c, 0x30b2, "HP DV2000T/DV3000T", CXT5047_LAPTOP), + SND_PCI_QUIRK(0x103c, 0x30b5, "HP DV2000Z", CXT5047_LAPTOP), ++ SND_PCI_QUIRK(0x103c, 0x30cf, "HP DV6700", CXT5047_LAPTOP), + SND_PCI_QUIRK(0x1179, 0xff31, "Toshiba P100", CXT5047_LAPTOP_EAPD), + {} + }; + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:22 2009 +Message-Id: <20090131023621.914485657@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:31 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Takashi Iwai +Subject: [patch 20/32] ALSA: hda - Fix PCM reference NID for STAC/IDT analog outputs +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=alsa-hda-fix-pcm-reference-nid-for-stac-idt-analog-outputs.patch +Content-Length: 1084 +Lines: 30 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Takashi Iwai + +commit 00a602db1ce9d61319d6f769dee206ec85f19bda upstream. + +The reference NID for the analog outputs of STAC/IDT codecs is set +to a fixed number 0x02. But this isn't always correct and in many +codecs it points to a non-existing NID. + +This patch fixes the initialization of the PCM reference NID taken +from the actually probed DAC list. + +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_sigmatel.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/sound/pci/hda/patch_sigmatel.c ++++ b/sound/pci/hda/patch_sigmatel.c +@@ -2048,6 +2048,8 @@ static int stac92xx_build_pcms(struct hd + + info->name = "STAC92xx Analog"; + info->stream[SNDRV_PCM_STREAM_PLAYBACK] = stac92xx_pcm_analog_playback; ++ info->stream[SNDRV_PCM_STREAM_PLAYBACK].nid = ++ spec->multiout.dac_nids[0]; + info->stream[SNDRV_PCM_STREAM_CAPTURE] = stac92xx_pcm_analog_capture; + info->stream[SNDRV_PCM_STREAM_CAPTURE].nid = spec->adc_nids[0]; + info->stream[SNDRV_PCM_STREAM_CAPTURE].substreams = spec->num_adcs; + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:22 2009 +Message-Id: <20090131023622.047975106@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:32 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Paul Larson , + Eilon Greenstein , + "David S. Miller" +Subject: [patch 21/32] bnx2x: Block nvram access when the device is inactive +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=bnx2x-block-nvram-access-when-the-device-is-inactive.patch +Content-Length: 908 +Lines: 29 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Eilon Greenstein + +commit 2add3acb11a26cc14b54669433ae6ace6406cbf2 upstream. + +Don't dump eeprom when bnx2x adapter is down. Running ethtool -e causes an eeh +without it when the device is down + +Signed-off-by: Paul Larson +Signed-off-by: Eilon Greenstein +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/bnx2x_main.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/net/bnx2x_main.c ++++ b/drivers/net/bnx2x_main.c +@@ -8078,6 +8078,9 @@ static int bnx2x_get_eeprom(struct net_d + struct bnx2x *bp = netdev_priv(dev); + int rc; + ++ if (!netif_running(dev)) ++ return -EAGAIN; ++ + DP(BNX2X_MSG_NVM, "ethtool_eeprom: cmd %d\n" + DP_LEVEL " magic 0x%x offset 0x%x (%d) len 0x%x (%d)\n", + eeprom->cmd, eeprom->magic, eeprom->offset, eeprom->offset, + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:22 2009 +Message-Id: <20090131023622.171744893@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:33 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Herbert Xu +Subject: [patch 22/32] crypto: authenc - Fix zero-length IV crash +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=crypto-authenc-fix-zero-length-iv-crash.patch +Content-Length: 2037 +Lines: 65 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Herbert Xu + +commit 29b37f42127f7da511560a40ea74f5047da40c13 upstream. + +As it is if an algorithm with a zero-length IV is used (e.g., +NULL encryption) with authenc, authenc may generate an SG entry +of length zero, which will trigger a BUG check in the hash layer. + +This patch fixes it by skipping the IV SG generation if the IV +size is zero. + +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/authenc.c | 24 +++++++++++++++--------- + 1 file changed, 15 insertions(+), 9 deletions(-) + +--- a/crypto/authenc.c ++++ b/crypto/authenc.c +@@ -157,16 +157,19 @@ static int crypto_authenc_genicv(struct + dstp = sg_page(dst); + vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + dst->offset; + +- sg_init_table(cipher, 2); +- sg_set_buf(cipher, iv, ivsize); +- authenc_chain(cipher, dst, vdst == iv + ivsize); ++ if (ivsize) { ++ sg_init_table(cipher, 2); ++ sg_set_buf(cipher, iv, ivsize); ++ authenc_chain(cipher, dst, vdst == iv + ivsize); ++ dst = cipher; ++ } + + cryptlen = req->cryptlen + ivsize; +- hash = crypto_authenc_hash(req, flags, cipher, cryptlen); ++ hash = crypto_authenc_hash(req, flags, dst, cryptlen); + if (IS_ERR(hash)) + return PTR_ERR(hash); + +- scatterwalk_map_and_copy(hash, cipher, cryptlen, ++ scatterwalk_map_and_copy(hash, dst, cryptlen, + crypto_aead_authsize(authenc), 1); + return 0; + } +@@ -284,11 +287,14 @@ static int crypto_authenc_iverify(struct + srcp = sg_page(src); + vsrc = PageHighMem(srcp) ? NULL : page_address(srcp) + src->offset; + +- sg_init_table(cipher, 2); +- sg_set_buf(cipher, iv, ivsize); +- authenc_chain(cipher, src, vsrc == iv + ivsize); ++ if (ivsize) { ++ sg_init_table(cipher, 2); ++ sg_set_buf(cipher, iv, ivsize); ++ authenc_chain(cipher, src, vsrc == iv + ivsize); ++ src = cipher; ++ } + +- return crypto_authenc_verify(req, cipher, cryptlen + ivsize); ++ return crypto_authenc_verify(req, src, cryptlen + ivsize); + } + + static int crypto_authenc_decrypt(struct aead_request *req) + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:22 2009 +Message-Id: <20090131023622.296033390@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:34 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Jarod Wilson , + Neil Horman , + Herbert Xu +Subject: [patch 23/32] crypto: ccm - Fix handling of null assoc data +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=crypto-ccm-fix-handling-of-null-assoc-data.patch +Content-Length: 3824 +Lines: 81 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Jarod Wilson + +commit 516280e735b034216de97eb7ba080ec6acbfc58f upstream. + +Its a valid use case to have null associated data in a ccm vector, but +this case isn't being handled properly right now. + +The following ccm decryption/verification test vector, using the +rfc4309 implementation regularly triggers a panic, as will any +other vector with null assoc data: + +* key: ab2f8a74b71cd2b1ff802e487d82f8b9 +* iv: c6fb7d800d13abd8a6b2d8 +* Associated Data: [NULL] +* Tag Length: 8 +* input: d5e8939fc7892e2b + +The resulting panic looks like so: + +Unable to handle kernel paging request at ffff810064ddaec0 RIP: + [] :ccm:get_data_to_compute+0x1a6/0x1d6 +PGD 8063 PUD 0 +Oops: 0002 [1] SMP +last sysfs file: /module/libata/version +CPU 0 +Modules linked in: crypto_tester_kmod(U) seqiv krng ansi_cprng chainiv rng ctr aes_generic aes_x86_64 ccm cryptomgr testmgr_cipher testmgr aead crypto_blkcipher crypto_a +lgapi des ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth nfs lockd fscache nfs_acl sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_ +tcpudp iptable_filter ip_tables x_tables dm_mirror dm_log dm_multipath scsi_dh dm_mod video hwmon backlight sbs i2c_ec button battery asus_acpi acpi_memhotplug ac lp sg +snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss joydev snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss ide_cd snd_pcm floppy parport_p +c shpchp e752x_edac snd_timer e1000 i2c_i801 edac_mc snd soundcore snd_page_alloc i2c_core cdrom parport serio_raw pcspkr ata_piix libata sd_mod scsi_mod ext3 jbd uhci_h +cd ohci_hcd ehci_hcd +Pid: 12844, comm: crypto-tester Tainted: G 2.6.18-128.el5.fips1 #1 +RIP: 0010:[] [] :ccm:get_data_to_compute+0x1a6/0x1d6 +RSP: 0018:ffff8100134434e8 EFLAGS: 00010246 +RAX: 0000000000000000 RBX: ffff8100104898b0 RCX: ffffffffab6aea10 +RDX: 0000000000000010 RSI: ffff8100104898c0 RDI: ffff810064ddaec0 +RBP: 0000000000000000 R08: ffff8100104898b0 R09: 0000000000000000 +R10: ffff8100103bac84 R11: ffff8100104898b0 R12: ffff810010489858 +R13: ffff8100104898b0 R14: ffff8100103bac00 R15: 0000000000000000 +FS: 00002ab881adfd30(0000) GS:ffffffff803ac000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b +CR2: ffff810064ddaec0 CR3: 0000000012a88000 CR4: 00000000000006e0 +Process crypto-tester (pid: 12844, threadinfo ffff810013442000, task ffff81003d165860) +Stack: ffff8100103bac00 ffff8100104898e8 ffff8100134436f8 ffffffff00000000 + 0000000000000000 ffff8100104898b0 0000000000000000 ffff810010489858 + 0000000000000000 ffff8100103bac00 ffff8100134436f8 ffffffff8864c634 +Call Trace: + [] :ccm:crypto_ccm_auth+0x12d/0x140 + [] :ccm:crypto_ccm_decrypt+0x161/0x23a + [] :crypto_tester_kmod:cavs_test_rfc4309_ccm+0x4a5/0x559 +[...] + +The above is from a RHEL5-based kernel, but upstream is susceptible too. + +The fix is trivial: in crypto/ccm.c:crypto_ccm_auth(), pctx->ilen contains +whatever was in memory when pctx was allocated if assoclen is 0. The tested +fix is to simply add an else clause setting pctx->ilen to 0 for the +assoclen == 0 case, so that get_data_to_compute() doesn't try doing +things its not supposed to. + +Signed-off-by: Jarod Wilson +Acked-by: Neil Horman +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/ccm.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/crypto/ccm.c ++++ b/crypto/ccm.c +@@ -266,6 +266,8 @@ static int crypto_ccm_auth(struct aead_r + if (assoclen) { + pctx->ilen = format_adata(idata, assoclen); + get_data_to_compute(cipher, pctx, req->assoc, req->assoclen); ++ } else { ++ pctx->ilen = 0; + } + + /* compute plaintext into mac */ + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:22 2009 +Message-Id: <20090131023622.420029866@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:35 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Davide Libenzi , + Michael Kerrisk , + Bron Gondwana +Subject: [patch 24/32] epoll: drop max_user_instances and rely only on max_user_watches +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=epoll-drop-max_user_instances-and-rely-only-on-max_user_watches.patch +Content-Length: 3465 +Lines: 111 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Davide Libenzi + +commit 9df04e1f25effde823a600e755b51475d438f56b upstream. + +Linus suggested to put limits where the money is, and max_user_watches +already does that w/out the need of max_user_instances. That has the +advantage to mitigate the potential DoS while allowing pretty generous +default behavior. + +Allowing top 4% of low memory (per user) to be allocated in epoll watches, +we have: + +LOMEM MAX_WATCHES (per user) +512MB ~178000 +1GB ~356000 +2GB ~712000 + +A box with 512MB of lomem, will meet some challenge in hitting 180K +watches, socket buffers math teaches us. No more max_user_instances +limits then. + +Signed-off-by: Davide Libenzi +Cc: Willy Tarreau +Cc: Michael Kerrisk +Cc: Bron Gondwana +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/eventpoll.c | 22 ++++------------------ + include/linux/sched.h | 1 - + 2 files changed, 4 insertions(+), 19 deletions(-) + +--- a/fs/eventpoll.c ++++ b/fs/eventpoll.c +@@ -234,8 +234,6 @@ struct ep_pqueue { + /* + * Configuration options available inside /proc/sys/fs/epoll/ + */ +-/* Maximum number of epoll devices, per user */ +-static int max_user_instances __read_mostly; + /* Maximum number of epoll watched descriptors, per user */ + static int max_user_watches __read_mostly; + +@@ -261,14 +259,6 @@ static int zero; + + ctl_table epoll_table[] = { + { +- .procname = "max_user_instances", +- .data = &max_user_instances, +- .maxlen = sizeof(int), +- .mode = 0644, +- .proc_handler = &proc_dointvec_minmax, +- .extra1 = &zero, +- }, +- { + .procname = "max_user_watches", + .data = &max_user_watches, + .maxlen = sizeof(int), +@@ -491,7 +481,6 @@ static void ep_free(struct eventpoll *ep + + mutex_unlock(&epmutex); + mutex_destroy(&ep->mtx); +- atomic_dec(&ep->user->epoll_devs); + free_uid(ep->user); + kfree(ep); + } +@@ -581,10 +570,6 @@ static int ep_alloc(struct eventpoll **p + struct eventpoll *ep; + + user = get_current_user(); +- error = -EMFILE; +- if (unlikely(atomic_read(&user->epoll_devs) >= +- max_user_instances)) +- goto free_uid; + error = -ENOMEM; + ep = kzalloc(sizeof(*ep), GFP_KERNEL); + if (unlikely(!ep)) +@@ -1137,7 +1122,6 @@ SYSCALL_DEFINE1(epoll_create1, int, flag + flags & O_CLOEXEC); + if (fd < 0) + ep_free(ep); +- atomic_inc(&ep->user->epoll_devs); + + error_return: + DNPRINTK(3, (KERN_INFO "[%p] eventpoll: sys_epoll_create(%d) = %d\n", +@@ -1362,8 +1346,10 @@ static int __init eventpoll_init(void) + struct sysinfo si; + + si_meminfo(&si); +- max_user_instances = 128; +- max_user_watches = (((si.totalram - si.totalhigh) / 32) << PAGE_SHIFT) / ++ /* ++ * Allows top 4% of lomem to be allocated for epoll watches (per user). ++ */ ++ max_user_watches = (((si.totalram - si.totalhigh) / 25) << PAGE_SHIFT) / + EP_ITEM_COST; + + /* Initialize the structure used to perform safe poll wait head wake ups */ +--- a/include/linux/sched.h ++++ b/include/linux/sched.h +@@ -588,7 +588,6 @@ struct user_struct { + atomic_t inotify_devs; /* How many inotify devs does this user have opened? */ + #endif + #ifdef CONFIG_EPOLL +- atomic_t epoll_devs; /* The number of epoll descriptors currently open */ + atomic_t epoll_watches; /* The number of file descriptors currently watched */ + #endif + #ifdef CONFIG_POSIX_MQUEUE + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:22 2009 +Message-Id: <20090131023622.543309429@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:36 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk +Subject: [patch 25/32] ext3: Add sanity check to make_indexed_dir +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=ext3-add-sanity-check-to-make_indexed_dir.patch +Content-Length: 2041 +Lines: 64 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Theodore Ts'o + +commit a21102b55c4f8dfd3adb4a15a34cd62237b46039 upstream. + +Make sure the rec_len field in the '..' entry is sane, lest we overrun +the directory block and cause a kernel oops on a purposefully +corrupted filesystem. + +This fixes a bug related to a bug originally reported by Sami Liedes +for ext4 at: + +http://bugzilla.kernel.org/show_bug.cgi?id=12430 + +Signed-off-by: "Theodore Ts'o" +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext3/namei.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +--- a/fs/ext3/namei.c ++++ b/fs/ext3/namei.c +@@ -1374,7 +1374,7 @@ static int make_indexed_dir(handle_t *ha + struct fake_dirent *fde; + + blocksize = dir->i_sb->s_blocksize; +- dxtrace(printk("Creating index\n")); ++ dxtrace(printk(KERN_DEBUG "Creating index: inode %lu\n", dir->i_ino)); + retval = ext3_journal_get_write_access(handle, bh); + if (retval) { + ext3_std_error(dir->i_sb, retval); +@@ -1383,6 +1383,19 @@ static int make_indexed_dir(handle_t *ha + } + root = (struct dx_root *) bh->b_data; + ++ /* The 0th block becomes the root, move the dirents out */ ++ fde = &root->dotdot; ++ de = (struct ext3_dir_entry_2 *)((char *)fde + ++ ext3_rec_len_from_disk(fde->rec_len)); ++ if ((char *) de >= (((char *) root) + blocksize)) { ++ ext3_error(dir->i_sb, __func__, ++ "invalid rec_len for '..' in inode %lu", ++ dir->i_ino); ++ brelse(bh); ++ return -EIO; ++ } ++ len = ((char *) root) + blocksize - (char *) de; ++ + bh2 = ext3_append (handle, dir, &block, &retval); + if (!(bh2)) { + brelse(bh); +@@ -1391,11 +1404,6 @@ static int make_indexed_dir(handle_t *ha + EXT3_I(dir)->i_flags |= EXT3_INDEX_FL; + data1 = bh2->b_data; + +- /* The 0th block becomes the root, move the dirents out */ +- fde = &root->dotdot; +- de = (struct ext3_dir_entry_2 *)((char *)fde + +- ext3_rec_len_from_disk(fde->rec_len)); +- len = ((char *) root) + blocksize - (char *) de; + memcpy (data1, de, len); + de = (struct ext3_dir_entry_2 *) data1; + top = data1 + len; + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:22 2009 +Message-Id: <20090131023622.665951838@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:37 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Boaz Harrosh , + FUJITA Tomonori , + Jens Axboe +Subject: [patch 26/32] include/linux: Add bsg.h to the Kernel exported headers +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=include-linux-add-bsg.h-to-the-kernel-exported-headers.patch +Content-Length: 1137 +Lines: 36 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Boaz Harrosh + +commit a229fc61ef0ee3c30fd193beee0eeb87410227f1 upstream. + +bsg.h in current form is perfectly suitable for user-mode +consumption. It is needed together with scsi/sg.h for applications +that want to interface with the bsg driver. + +Currently the few projects that use it would copy it over into +the projects. But that is not acceptable for projects that need +to provide source and devel packages for distros. + +This should also be submitted to stable 2.6.28 and 2.6.27 since bsg had +a stable API since these Kernels and distro users will need the header +for these kernels a swell + +Signed-off-by: Boaz Harrosh +Acked-by: FUJITA Tomonori +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/Kbuild | 1 + + 1 file changed, 1 insertion(+) + +--- a/include/linux/Kbuild ++++ b/include/linux/Kbuild +@@ -41,6 +41,7 @@ header-y += baycom.h + header-y += bfs_fs.h + header-y += blkpg.h + header-y += bpqether.h ++header-y += bsg.h + header-y += can.h + header-y += cdk.h + header-y += chio.h + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:22 2009 +Message-Id: <20090131023622.786965897@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:38 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Robin Holt , + Dean Nelson +Subject: [patch 27/32] sgi-xpc: ensure flags are updated before bte_copy +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=sgi-xpc-ensure-flags-are-updated-before-bte_copy.patch +Content-Length: 2547 +Lines: 76 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Robin Holt + +commit 69b3bb65fa97a1e8563518dbbc35cd57beefb2d4 upstream. + +The clearing of the msg->flags needs a barrier between it and the notify +of the channel threads that the messages are cleaned and ready for use. + +Signed-off-by: Robin Holt +Signed-off-by: Dean Nelson +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/misc/sgi-xp/xpc_sn2.c | 9 +++++---- + drivers/misc/sgi-xp/xpc_uv.c | 2 +- + 2 files changed, 6 insertions(+), 5 deletions(-) + +--- a/drivers/misc/sgi-xp/xpc_sn2.c ++++ b/drivers/misc/sgi-xp/xpc_sn2.c +@@ -1841,6 +1841,7 @@ xpc_process_msg_chctl_flags_sn2(struct x + */ + xpc_clear_remote_msgqueue_flags_sn2(ch); + ++ smp_wmb(); /* ensure flags have been cleared before bte_copy */ + ch_sn2->w_remote_GP.put = ch_sn2->remote_GP.put; + + dev_dbg(xpc_chan, "w_remote_GP.put changed to %ld, partid=%d, " +@@ -1939,7 +1940,7 @@ xpc_get_deliverable_payload_sn2(struct x + break; + + get = ch_sn2->w_local_GP.get; +- rmb(); /* guarantee that .get loads before .put */ ++ smp_rmb(); /* guarantee that .get loads before .put */ + if (get == ch_sn2->w_remote_GP.put) + break; + +@@ -2058,7 +2059,7 @@ xpc_allocate_msg_sn2(struct xpc_channel + while (1) { + + put = ch_sn2->w_local_GP.put; +- rmb(); /* guarantee that .put loads before .get */ ++ smp_rmb(); /* guarantee that .put loads before .get */ + if (put - ch_sn2->w_remote_GP.get < ch->local_nentries) { + + /* There are available message entries. We need to try +@@ -2191,7 +2192,7 @@ xpc_send_payload_sn2(struct xpc_channel + * The preceding store of msg->flags must occur before the following + * load of local_GP->put. + */ +- mb(); ++ smp_mb(); + + /* see if the message is next in line to be sent, if so send it */ + +@@ -2292,7 +2293,7 @@ xpc_received_payload_sn2(struct xpc_chan + * The preceding store of msg->flags must occur before the following + * load of local_GP->get. + */ +- mb(); ++ smp_mb(); + + /* + * See if this message is next in line to be acknowledged as having +--- a/drivers/misc/sgi-xp/xpc_uv.c ++++ b/drivers/misc/sgi-xp/xpc_uv.c +@@ -1238,7 +1238,7 @@ xpc_send_payload_uv(struct xpc_channel * + atomic_inc(&ch->n_to_notify); + + msg_slot->key = key; +- wmb(); /* a non-NULL func must hit memory after the key */ ++ smp_wmb(); /* a non-NULL func must hit memory after the key */ + msg_slot->func = func; + + if (ch->flags & XPC_C_DISCONNECTING) { + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:23 2009 +Message-Id: <20090131023622.908155314@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:39 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Robin Holt , + Dean Nelson +Subject: [patch 28/32] sgi-xpc: Remove NULL pointer dereference. +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=sgi-xpc-remove-null-pointer-dereference.patch +Content-Length: 1157 +Lines: 38 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Robin Holt + +commit 17e2161654da4e6bdfd8d53d4f52e820ee93f423 upstream. + +If the bte copy fails, the attempt to retrieve payloads merely returns a +null pointer deref and not NULL as was expected. + +Signed-off-by: Robin Holt +Signed-off-by: Dean Nelson +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/misc/sgi-xp/xpc_sn2.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/drivers/misc/sgi-xp/xpc_sn2.c ++++ b/drivers/misc/sgi-xp/xpc_sn2.c +@@ -1962,11 +1962,13 @@ xpc_get_deliverable_payload_sn2(struct x + + msg = xpc_pull_remote_msg_sn2(ch, get); + +- DBUG_ON(msg != NULL && msg->number != get); +- DBUG_ON(msg != NULL && (msg->flags & XPC_M_SN2_DONE)); +- DBUG_ON(msg != NULL && !(msg->flags & XPC_M_SN2_READY)); ++ if (msg != NULL) { ++ DBUG_ON(msg->number != get); ++ DBUG_ON(msg->flags & XPC_M_SN2_DONE); ++ DBUG_ON(!(msg->flags & XPC_M_SN2_READY)); + +- payload = &msg->payload; ++ payload = &msg->payload; ++ } + break; + } + + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:23 2009 +Message-Id: <20090131023623.036553891@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:40 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Clemens Ladisch , + Takashi Iwai +Subject: [patch 29/32] sound: virtuoso: do not overwrite EEPROM on Xonar D2/D2X +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=sound-virtuoso-do-not-overwrite-eeprom-on-xonar-d2-d2x.patch +Content-Length: 3500 +Lines: 93 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Clemens Ladisch + +commit 7e86c0e6850504ec9516b953f316a47277825e33 upstream. + +On the Asus Xonar D2 and D2X models, the SPI chip select signal for the +fourth DAC shares its pin with the serial clock for the EEPROM that +contains the PCI subdevice ID values. It appears that when DAC +registers are written and some other unknown conditions occur (probably +noise on the EEPROM's chip select line), the EEPROM gets overwritten +with garbage, which makes it impossible to properly detect the card +later. + +Therefore, we better avoid DAC register writes and make sure that the +driver works with the DAC's registers' default values. Consequently, +the sample format is now I2S instead of left-justified (no user-visible +change), and the DAC's volume/mute registers cannot be used anymore +(volume changes are now done by the software volume plugin). + +Signed-off-by: Clemens Ladisch +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/oxygen/virtuoso.c | 22 +++++++++++++++------- + 1 file changed, 15 insertions(+), 7 deletions(-) + +--- a/sound/pci/oxygen/virtuoso.c ++++ b/sound/pci/oxygen/virtuoso.c +@@ -26,7 +26,7 @@ + * SPI 0 -> 1st PCM1796 (front) + * SPI 1 -> 2nd PCM1796 (surround) + * SPI 2 -> 3rd PCM1796 (center/LFE) +- * SPI 4 -> 4th PCM1796 (back) ++ * SPI 4 -> 4th PCM1796 (back) and EEPROM self-destruct (do not use!) + * + * GPIO 2 -> M0 of CS5381 + * GPIO 3 -> M1 of CS5381 +@@ -142,6 +142,12 @@ struct xonar_data { + static void pcm1796_write(struct oxygen *chip, unsigned int codec, + u8 reg, u8 value) + { ++ /* ++ * We don't want to do writes on SPI 4 because the EEPROM, which shares ++ * the same pin, might get confused and broken. We'd better take care ++ * that the driver works with the default register values ... ++ */ ++#if 0 + /* maps ALSA channel pair number to SPI output */ + static const u8 codec_map[4] = { + 0, 1, 2, 4 +@@ -152,6 +158,7 @@ static void pcm1796_write(struct oxygen + (codec_map[codec] << OXYGEN_SPI_CODEC_SHIFT) | + OXYGEN_SPI_CEN_LATCH_CLOCK_HI, + (reg << 8) | value); ++#endif + } + + static void cs4398_write(struct oxygen *chip, u8 reg, u8 value) +@@ -539,6 +546,9 @@ static const DECLARE_TLV_DB_SCALE(cs4362 + + static int xonar_d2_control_filter(struct snd_kcontrol_new *template) + { ++ if (!strncmp(template->name, "Master Playback ", 16)) ++ /* disable volume/mute because they would require SPI writes */ ++ return 1; + if (!strncmp(template->name, "CD Capture ", 11)) + /* CD in is actually connected to the video in pin */ + template->private_value ^= AC97_CD ^ AC97_VIDEO; +@@ -588,9 +598,8 @@ static const struct oxygen_model xonar_m + .dac_volume_min = 0x0f, + .dac_volume_max = 0xff, + .misc_flags = OXYGEN_MISC_MIDI, +- .function_flags = OXYGEN_FUNCTION_SPI | +- OXYGEN_FUNCTION_ENABLE_SPI_4_5, +- .dac_i2s_format = OXYGEN_I2S_FORMAT_LJUST, ++ .function_flags = OXYGEN_FUNCTION_SPI, ++ .dac_i2s_format = OXYGEN_I2S_FORMAT_I2S, + .adc_i2s_format = OXYGEN_I2S_FORMAT_LJUST, + }, + [MODEL_D2X] = { +@@ -619,9 +628,8 @@ static const struct oxygen_model xonar_m + .dac_volume_min = 0x0f, + .dac_volume_max = 0xff, + .misc_flags = OXYGEN_MISC_MIDI, +- .function_flags = OXYGEN_FUNCTION_SPI | +- OXYGEN_FUNCTION_ENABLE_SPI_4_5, +- .dac_i2s_format = OXYGEN_I2S_FORMAT_LJUST, ++ .function_flags = OXYGEN_FUNCTION_SPI, ++ .dac_i2s_format = OXYGEN_I2S_FORMAT_I2S, + .adc_i2s_format = OXYGEN_I2S_FORMAT_LJUST, + }, + [MODEL_D1] = { + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:23 2009 +Message-Id: <20090131023623.154023784@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:41 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Larry Finger , + "John W. Linville" +Subject: [patch 30/32] rtl8187: Fix error in setting OFDM power settings for RTL8187L +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=rtl8187-fix-error-in-setting-ofdm-power-settings-for-rtl8187l.patch +Content-Length: 1641 +Lines: 48 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Larry Finger + +commit eb83bbf57429ab80f49b413e3e44d3b19c3fdc5a upstream. + +After reports of poor performance, a review of the latest vendor driver +(rtl8187_linux_26.1025.0328.2007) for RTL8187L devices was undertaken. + +A difference was found in the code used to index the OFDM power tables. When +the Linux driver was changed, my unit works at a much greater range than +before. I think this fixes Bugzilla #12380 and has been tested by at least +two other users. + +Signed-off-by: Larry Finger +Tested-by: Martín Ernesto Barreyro +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/rtl8187_rtl8225.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +--- a/drivers/net/wireless/rtl8187_rtl8225.c ++++ b/drivers/net/wireless/rtl8187_rtl8225.c +@@ -287,7 +287,10 @@ static void rtl8225_rf_set_tx_power(stru + ofdm_power = priv->channels[channel - 1].hw_value >> 4; + + cck_power = min(cck_power, (u8)11); +- ofdm_power = min(ofdm_power, (u8)35); ++ if (ofdm_power > (u8)15) ++ ofdm_power = 25; ++ else ++ ofdm_power += 10; + + rtl818x_iowrite8(priv, &priv->map->TX_GAIN_CCK, + rtl8225_tx_gain_cck_ofdm[cck_power / 6] >> 1); +@@ -540,7 +543,10 @@ static void rtl8225z2_rf_set_tx_power(st + cck_power += priv->txpwr_base & 0xF; + cck_power = min(cck_power, (u8)35); + +- ofdm_power = min(ofdm_power, (u8)15); ++ if (ofdm_power > (u8)15) ++ ofdm_power = 25; ++ else ++ ofdm_power += 10; + ofdm_power += priv->txpwr_base >> 4; + ofdm_power = min(ofdm_power, (u8)35); + + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:23 2009 +Message-Id: <20090131023623.275464715@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:42 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Jiri Slaby , + Jesse Barnes +Subject: [patch 31/32] PCI hotplug: fix lock imbalance in pciehp +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=pci-hotplug-fix-lock-imbalance-in-pciehp.patch +Content-Length: 1108 +Lines: 34 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Jiri Slaby + +commit c2fdd36b550659f5ac2240d1f5a83ffa1a092289 upstream. + +set_lock_status omits mutex_unlock in fail path. Add the omitted +unlock. + +As a result a lockup caused by this can be triggered from userspace +by writing 1 to /sys/bus/pci/slots/.../lock often enough. + +Signed-off-by: Jiri Slaby +Reviewed-by: Kenji Kaneshige +Signed-off-by: Jesse Barnes +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/hotplug/pciehp_core.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/pci/hotplug/pciehp_core.c ++++ b/drivers/pci/hotplug/pciehp_core.c +@@ -126,8 +126,10 @@ static int set_lock_status(struct hotplu + mutex_lock(&slot->ctrl->crit_sect); + + /* has it been >1 sec since our last toggle? */ +- if ((get_seconds() - slot->last_emi_toggle) < 1) ++ if ((get_seconds() - slot->last_emi_toggle) < 1) { ++ mutex_unlock(&slot->ctrl->crit_sect); + return -EINVAL; ++ } + + /* see what our current state is */ + retval = get_lock_status(hotplug_slot, &value); + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:23 2009 +Message-Id: <20090131023623.402414222@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:43 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Jiri Slaby , + Ingo Molnar +Subject: [patch 32/32] relay: fix lock imbalance in relay_late_setup_files +References: <20090131023411.032399235@mini.kroah.org> +Content-Disposition: inline; filename=relay-fix-lock-imbalance-in-relay_late_setup_files.patch +Content-Length: 820 +Lines: 31 + +2.6.27-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Jiri Slaby + +commit b786c6a98ef6fa81114ba7b9fbfc0d67060775e3 upstream. + +One fail path in relay_late_setup_files() omits +mutex_unlock(&relay_channels_mutex); +Add it. + +Signed-off-by: Jiri Slaby +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/relay.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/kernel/relay.c ++++ b/kernel/relay.c +@@ -664,8 +664,10 @@ int relay_late_setup_files(struct rchan + + mutex_lock(&relay_channels_mutex); + /* Is chan already set up? */ +- if (unlikely(chan->has_base_filename)) ++ if (unlikely(chan->has_base_filename)) { ++ mutex_unlock(&relay_channels_mutex); + return -EEXIST; ++ } + chan->has_base_filename = 1; + chan->parent = parent; + curr_cpu = get_cpu(); + + +From gregkh@mini.kroah.org Fri Jan 30 18:36:19 2009 +Message-Id: <20090131023411.032399235@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:34:11 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk +Subject: [patch 00/32] 2.6.27-stable review +Content-Length: 3204 +Lines: 69 + + +This is the start of the stable review cycle for the 2.6.27.14 release. +There are 32 patches in this series, all will be posted as a response +to this one. If anyone has any issues with these being applied, please +let us know. If anyone is a maintainer of the proper subsystem, and +wants to add a Signed-off-by: line to the patch, please respond with it. + +Note, there still are some more .28 patches pending for the -stable +releases, but I wanted to get this release out now to fix the major +problems that have recently been found. + +If you have sent patches to be included in .28, and you don't see them +here, please feel free to just drop stable@kernel.org a message with the +git commit ids to make sure they end up in the next release. + +These patches are sent out with a number of different people on the Cc: +line. If you wish to be a reviewer, please email stable@kernel.org to +add your name to the list. If you want to be off the reviewer list, +also email us. + +Responses should be made by Monday, February 2, 00:00:00 UTC. Anything +received after that time might be too late. + +The whole patch series can be found in one patch at: + kernel.org/pub/linux/kernel/v2.6/stable-review/patch-2.6.27.14-rc1.gz +and the diffstat can be found below. + +thanks, + +greg k-h + + + Makefile | 2 +- + arch/alpha/kernel/irq_srm.c | 2 + + crypto/authenc.c | 24 ++++-- + crypto/ccm.c | 2 + + drivers/ata/pata_via.c | 22 ++++- + drivers/ide/pci/it821x.c | 12 +++ + drivers/misc/sgi-xp/xpc_sn2.c | 19 +++-- + drivers/misc/sgi-xp/xpc_uv.c | 2 +- + drivers/net/bnx2x_main.c | 3 + + drivers/net/wireless/rtl8187_dev.c | 1 + + drivers/net/wireless/rtl8187_rtl8225.c | 10 ++- + drivers/pci/hotplug/pciehp_core.c | 4 +- + drivers/serial/8250_pci.c | 3 + + drivers/usb/core/devio.c | 20 +++-- + drivers/usb/core/inode.c | 1 - + drivers/usb/core/usb.h | 1 - + drivers/usb/mon/mon_bin.c | 105 ++++++++++++++++--------- + drivers/usb/storage/unusual_devs.h | 6 ++ + fs/eventpoll.c | 22 +---- + fs/ext3/namei.c | 20 ++++-- + fs/fuse/dev.c | 3 +- + fs/fuse/file.c | 2 +- + fs/fuse/inode.c | 10 ++- + fs/inotify_user.c | 135 +++++++++++++++++-------------- + fs/sysfs/bin.c | 6 ++ + include/asm-x86/pgalloc.h | 1 + + include/linux/Kbuild | 1 + + include/linux/pci_ids.h | 6 ++ + include/linux/sched.h | 1 - + kernel/relay.c | 4 +- + net/mac80211/tx.c | 4 +- + net/sunrpc/rpcb_clnt.c | 40 ++++++++-- + sound/pci/hda/patch_conexant.c | 1 + + sound/pci/hda/patch_realtek.c | 1 + + sound/pci/hda/patch_sigmatel.c | 2 + + sound/pci/oxygen/virtuoso.c | 22 ++++-- + 36 files changed, 336 insertions(+), 184 deletions(-) + diff --git a/queue-2.6.28/mbox b/queue-2.6.28/mbox new file mode 100644 index 00000000000..76faab3582e --- /dev/null +++ b/queue-2.6.28/mbox @@ -0,0 +1,4406 @@ +From gregkh@mini.kroah.org Fri Jan 30 18:29:18 2009 +Message-Id: <20090131022918.483117600@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:25:49 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Andrey Yurovsky , + Nick Kossifidis , + "John W. Linville" , + Bob Copeland +Subject: [patch 01/43] ath5k: fix mesh point operation +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=ath5k-fix-mesh-point-operation.patch +Content-Length: 2260 +Lines: 61 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Andrey Yurovsky + +commit b706e65b40417e03c2451bb3f92488f3736843fa upstream. + +This patch fixes mesh point operation (thanks to YanBo for pointing +out the problem): make mesh point interfaces start beaconing when +they come up and configure the RX filter in mesh mode so that mesh +beacons and action frames are received. Add mesh point to the check +in ath5k_add_interface. Tested with multiple AR5211 cards. + +Signed-off-by: Andrey Yurovsky +Acked-by: Nick Kossifidis +Signed-off-by: John W. Linville +Cc: Bob Copeland +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/ath5k/base.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +--- a/drivers/net/wireless/ath5k/base.c ++++ b/drivers/net/wireless/ath5k/base.c +@@ -2157,7 +2157,8 @@ ath5k_beacon_config(struct ath5k_softc * + + if (sc->opmode == NL80211_IFTYPE_STATION) { + sc->imask |= AR5K_INT_BMISS; +- } else if (sc->opmode == NL80211_IFTYPE_ADHOC) { ++ } else if (sc->opmode == NL80211_IFTYPE_ADHOC || ++ sc->opmode == NL80211_IFTYPE_MESH_POINT) { + /* + * In IBSS mode we use a self-linked tx descriptor and let the + * hardware send the beacons automatically. We have to load it +@@ -2748,6 +2749,7 @@ static int ath5k_add_interface(struct ie + switch (conf->type) { + case NL80211_IFTYPE_STATION: + case NL80211_IFTYPE_ADHOC: ++ case NL80211_IFTYPE_MESH_POINT: + case NL80211_IFTYPE_MONITOR: + sc->opmode = conf->type; + break; +@@ -2819,7 +2821,8 @@ ath5k_config_interface(struct ieee80211_ + } + + if (conf->changed & IEEE80211_IFCC_BEACON && +- vif->type == NL80211_IFTYPE_ADHOC) { ++ (vif->type == NL80211_IFTYPE_ADHOC || ++ vif->type == NL80211_IFTYPE_MESH_POINT)) { + struct sk_buff *beacon = ieee80211_beacon_get(hw, vif); + if (!beacon) { + ret = -ENOMEM; +@@ -2951,6 +2954,9 @@ static void ath5k_configure_filter(struc + sc->opmode == NL80211_IFTYPE_ADHOC) { + rfilt |= AR5K_RX_FILTER_BEACON; + } ++ if (sc->opmode == NL80211_IFTYPE_MESH_POINT) ++ rfilt |= AR5K_RX_FILTER_CONTROL | AR5K_RX_FILTER_BEACON | ++ AR5K_RX_FILTER_PROBEREQ | AR5K_RX_FILTER_PROM; + + /* Set filters */ + ath5k_hw_set_rx_filter(ah,rfilt); + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:18 2009 +Message-Id: <20090131022918.609635995@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:25:50 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Brian Cavagnolo , + Andrey Yurovsky , + Johannes Berg , + "John W. Linville" +Subject: [patch 02/43] mac80211: decrement ref count to netdev after launching mesh discovery +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=mac80211-decrement-ref-count-to-netdev-after-launching-mesh-discovery.patch +Content-Length: 1065 +Lines: 33 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Brian Cavagnolo + +commit 5dc306f3bd1d4cfdf79df39221b3036eab1ddcf3 upstream. + +After launching mesh discovery in tx path, reference count was not being +decremented. This was preventing module unload. + +Signed-off-by: Brian Cavagnolo +Signed-off-by: Andrey Yurovsky +Acked-by: Johannes Berg +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + net/mac80211/tx.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -1299,8 +1299,10 @@ int ieee80211_master_start_xmit(struct s + if (is_multicast_ether_addr(hdr->addr3)) + memcpy(hdr->addr1, hdr->addr3, ETH_ALEN); + else +- if (mesh_nexthop_lookup(skb, osdata)) +- return 0; ++ if (mesh_nexthop_lookup(skb, osdata)) { ++ dev_put(odev); ++ return 0; ++ } + if (memcmp(odev->dev_addr, hdr->addr4, ETH_ALEN) != 0) + IEEE80211_IFSTA_MESH_CTR_INC(&osdata->u.mesh, + fwded_frames); + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:18 2009 +Message-Id: <20090131022918.728813165@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:25:51 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + John McCutchan , + Robert Love , + Vegard Nossum +Subject: [patch 03/43] inotify: clean up inotify_read and fix locking problems +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=inotify-clean-up-inotify_read-and-fix-locking-problems.patch +Content-Length: 5426 +Lines: 221 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Vegard Nossum + +commit 3632dee2f8b8a9720329f29eeaa4ec4669a3aff8 upstream. + +If userspace supplies an invalid pointer to a read() of an inotify +instance, the inotify device's event list mutex is unlocked twice. +This causes an unbalance which effectively leaves the data structure +unprotected, and we can trigger oopses by accessing the inotify +instance from different tasks concurrently. + +The best fix (contributed largely by Linus) is a total rewrite +of the function in question: + +On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote: +> The thing to notice is that: +> +> - locking is done in just one place, and there is no question about it +> not having an unlock. +> +> - that whole double-while(1)-loop thing is gone. +> +> - use multiple functions to make nesting and error handling sane +> +> - do error testing after doing the things you always need to do, ie do +> this: +> +> mutex_lock(..) +> ret = function_call(); +> mutex_unlock(..) +> +> .. test ret here .. +> +> instead of doing conditional exits with unlocking or freeing. +> +> So if the code is written in this way, it may still be buggy, but at least +> it's not buggy because of subtle "forgot to unlock" or "forgot to free" +> issues. +> +> This _always_ unlocks if it locked, and it always frees if it got a +> non-error kevent. + +Cc: John McCutchan +Cc: Robert Love +Signed-off-by: Vegard Nossum +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/inotify_user.c | 135 +++++++++++++++++++++++++++++------------------------- + 1 file changed, 74 insertions(+), 61 deletions(-) + +--- a/fs/inotify_user.c ++++ b/fs/inotify_user.c +@@ -427,10 +427,61 @@ static unsigned int inotify_poll(struct + return ret; + } + ++/* ++ * Get an inotify_kernel_event if one exists and is small ++ * enough to fit in "count". Return an error pointer if ++ * not large enough. ++ * ++ * Called with the device ev_mutex held. ++ */ ++static struct inotify_kernel_event *get_one_event(struct inotify_device *dev, ++ size_t count) ++{ ++ size_t event_size = sizeof(struct inotify_event); ++ struct inotify_kernel_event *kevent; ++ ++ if (list_empty(&dev->events)) ++ return NULL; ++ ++ kevent = inotify_dev_get_event(dev); ++ if (kevent->name) ++ event_size += kevent->event.len; ++ ++ if (event_size > count) ++ return ERR_PTR(-EINVAL); ++ ++ remove_kevent(dev, kevent); ++ return kevent; ++} ++ ++/* ++ * Copy an event to user space, returning how much we copied. ++ * ++ * We already checked that the event size is smaller than the ++ * buffer we had in "get_one_event()" above. ++ */ ++static ssize_t copy_event_to_user(struct inotify_kernel_event *kevent, ++ char __user *buf) ++{ ++ size_t event_size = sizeof(struct inotify_event); ++ ++ if (copy_to_user(buf, &kevent->event, event_size)) ++ return -EFAULT; ++ ++ if (kevent->name) { ++ buf += event_size; ++ ++ if (copy_to_user(buf, kevent->name, kevent->event.len)) ++ return -EFAULT; ++ ++ event_size += kevent->event.len; ++ } ++ return event_size; ++} ++ + static ssize_t inotify_read(struct file *file, char __user *buf, + size_t count, loff_t *pos) + { +- size_t event_size = sizeof (struct inotify_event); + struct inotify_device *dev; + char __user *start; + int ret; +@@ -440,81 +491,43 @@ static ssize_t inotify_read(struct file + dev = file->private_data; + + while (1) { ++ struct inotify_kernel_event *kevent; + + prepare_to_wait(&dev->wq, &wait, TASK_INTERRUPTIBLE); + + mutex_lock(&dev->ev_mutex); +- if (!list_empty(&dev->events)) { +- ret = 0; +- break; +- } ++ kevent = get_one_event(dev, count); + mutex_unlock(&dev->ev_mutex); + +- if (file->f_flags & O_NONBLOCK) { +- ret = -EAGAIN; +- break; +- } +- +- if (signal_pending(current)) { +- ret = -EINTR; +- break; ++ if (kevent) { ++ ret = PTR_ERR(kevent); ++ if (IS_ERR(kevent)) ++ break; ++ ret = copy_event_to_user(kevent, buf); ++ free_kevent(kevent); ++ if (ret < 0) ++ break; ++ buf += ret; ++ count -= ret; ++ continue; + } + +- schedule(); +- } +- +- finish_wait(&dev->wq, &wait); +- if (ret) +- return ret; +- +- while (1) { +- struct inotify_kernel_event *kevent; +- +- ret = buf - start; +- if (list_empty(&dev->events)) ++ ret = -EAGAIN; ++ if (file->f_flags & O_NONBLOCK) + break; +- +- kevent = inotify_dev_get_event(dev); +- if (event_size + kevent->event.len > count) { +- if (ret == 0 && count > 0) { +- /* +- * could not get a single event because we +- * didn't have enough buffer space. +- */ +- ret = -EINVAL; +- } ++ ret = -EINTR; ++ if (signal_pending(current)) + break; +- } +- remove_kevent(dev, kevent); + +- /* +- * Must perform the copy_to_user outside the mutex in order +- * to avoid a lock order reversal with mmap_sem. +- */ +- mutex_unlock(&dev->ev_mutex); +- +- if (copy_to_user(buf, &kevent->event, event_size)) { +- ret = -EFAULT; ++ if (start != buf) + break; +- } +- buf += event_size; +- count -= event_size; +- +- if (kevent->name) { +- if (copy_to_user(buf, kevent->name, kevent->event.len)){ +- ret = -EFAULT; +- break; +- } +- buf += kevent->event.len; +- count -= kevent->event.len; +- } + +- free_kevent(kevent); +- +- mutex_lock(&dev->ev_mutex); ++ schedule(); + } +- mutex_unlock(&dev->ev_mutex); + ++ finish_wait(&dev->wq, &wait); ++ if (start != buf && ret != -EFAULT) ++ ret = buf - start; + return ret; + } + + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:18 2009 +Message-Id: <20090131022918.848045293@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:25:52 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Miklos Szeredi +Subject: [patch 04/43] fuse: destroy bdi on umount +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=fuse-destroy-bdi-on-umount.patch +Content-Length: 1657 +Lines: 55 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Miklos Szeredi + +commit 26c3679101dbccc054dcf370143941844ba70531 upstream. + +If a fuse filesystem is unmounted but the device file descriptor +remains open and a new mount reuses the old device number, then the +mount fails with EEXIST and the following warning is printed in the +kernel log: + + WARNING: at fs/sysfs/dir.c:462 sysfs_add_one+0x35/0x3d() + sysfs: duplicate filename '0:15' can not be created + +The cause is that the bdi belonging to the fuse filesystem was +destoryed only after the device file was released. Fix this by +calling bdi_destroy() from fuse_put_super() instead. + +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fuse/dev.c | 3 ++- + fs/fuse/inode.c | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/fs/fuse/dev.c ++++ b/fs/fuse/dev.c +@@ -281,7 +281,8 @@ static void request_end(struct fuse_conn + fc->blocked = 0; + wake_up_all(&fc->blocked_waitq); + } +- if (fc->num_background == FUSE_CONGESTION_THRESHOLD) { ++ if (fc->num_background == FUSE_CONGESTION_THRESHOLD && ++ fc->connected) { + clear_bdi_congested(&fc->bdi, READ); + clear_bdi_congested(&fc->bdi, WRITE); + } +--- a/fs/fuse/inode.c ++++ b/fs/fuse/inode.c +@@ -292,6 +292,7 @@ static void fuse_put_super(struct super_ + list_del(&fc->entry); + fuse_ctl_remove_conn(fc); + mutex_unlock(&fuse_mutex); ++ bdi_destroy(&fc->bdi); + fuse_conn_put(fc); + } + +@@ -531,7 +532,6 @@ void fuse_conn_put(struct fuse_conn *fc) + if (fc->destroy_req) + fuse_request_free(fc->destroy_req); + mutex_destroy(&fc->inst_mutex); +- bdi_destroy(&fc->bdi); + kfree(fc); + } + } + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:19 2009 +Message-Id: <20090131022918.964591105@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:25:53 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Miklos Szeredi +Subject: [patch 05/43] fuse: fix missing fput on error +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=fuse-fix-missing-fput-on-error.patch +Content-Length: 776 +Lines: 36 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Miklos Szeredi + +commit 3ddf1e7f57237ac7c5d5bfb7058f1ea4f970b661 upstream. + +Fix the leaking file reference if allocation or initialization of +fuse_conn failed. + +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fuse/inode.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/fs/fuse/inode.c ++++ b/fs/fuse/inode.c +@@ -825,12 +825,16 @@ static int fuse_fill_super(struct super_ + if (!file) + return -EINVAL; + +- if (file->f_op != &fuse_dev_operations) ++ if (file->f_op != &fuse_dev_operations) { ++ fput(file); + return -EINVAL; ++ } + + fc = new_conn(sb); +- if (!fc) ++ if (!fc) { ++ fput(file); + return -ENOMEM; ++ } + + fc->flags = d.flags; + fc->user_id = d.user_id; + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:19 2009 +Message-Id: <20090131022919.088809342@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:25:54 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Dan Carpenter , + Miklos Szeredi +Subject: [patch 06/43] fuse: fix NULL deref in fuse_file_alloc() +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=fuse-fix-null-deref-in-fuse_file_alloc.patch +Content-Length: 704 +Lines: 26 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Dan Carpenter + +commit bb875b38dc5e343bdb696b2eab8233e4d195e208 upstream. + +ff is set to NULL and then dereferenced on line 65. Compile tested only. + +Signed-off-by: Dan Carpenter +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fuse/file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/fuse/file.c ++++ b/fs/fuse/file.c +@@ -54,7 +54,7 @@ struct fuse_file *fuse_file_alloc(void) + ff->reserved_req = fuse_request_alloc(); + if (!ff->reserved_req) { + kfree(ff); +- ff = NULL; ++ return NULL; + } else { + INIT_LIST_HEAD(&ff->write_entry); + atomic_set(&ff->count, 0); + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:19 2009 +Message-Id: <20090131022919.207456553@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:25:55 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Peter Zijlstra , + Ingo Molnar +Subject: [patch 07/43] x86, mm: fix pte_free() +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=x86-mm-fix-pte_free.patch +Content-Length: 2216 +Lines: 70 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Peter Zijlstra + +commit 42ef73fe134732b2e91c0326df5fd568da17c4b2 upstream. + +On -rt we were seeing spurious bad page states like: + +Bad page state in process 'firefox' +page:c1bc2380 flags:0x40000000 mapping:c1bc2390 mapcount:0 count:0 +Trying to fix it up, but a reboot is needed +Backtrace: +Pid: 503, comm: firefox Not tainted 2.6.26.8-rt13 #3 +[] ? printk+0x14/0x19 +[] bad_page+0x4e/0x79 +[] free_hot_cold_page+0x5b/0x1d3 +[] free_hot_page+0xf/0x11 +[] __free_pages+0x20/0x2b +[] __pte_alloc+0x87/0x91 +[] handle_mm_fault+0xe4/0x733 +[] ? rt_mutex_down_read_trylock+0x57/0x63 +[] ? rt_mutex_down_read_trylock+0x57/0x63 +[] do_page_fault+0x36f/0x88a + +This is the case where a concurrent fault already installed the PTE and +we get to free the newly allocated one. + +This is due to pgtable_page_ctor() doing the spin_lock_init(&page->ptl) +which is overlaid with the {private, mapping} struct. + +union { + struct { + unsigned long private; + struct address_space *mapping; + }; + spinlock_t ptl; + struct kmem_cache *slab; + struct page *first_page; +}; + +Normally the spinlock is small enough to not stomp on page->mapping, but +PREEMPT_RT=y has huge 'spin'locks. + +But lockdep kernels should also be able to trigger this splat, as the +lock tracking code grows the spinlock to cover page->mapping. + +The obvious fix is calling pgtable_page_dtor() like the regular pte free +path __pte_free_tlb() does. + +It seems all architectures except x86 and nm10300 already do this, and +nm10300 doesn't seem to use pgtable_page_ctor(), which suggests it +doesn't do SMP or simply doesnt do MMU at all or something. + +Signed-off-by: Peter Zijlstra +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/include/asm/pgalloc.h | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/include/asm/pgalloc.h ++++ b/arch/x86/include/asm/pgalloc.h +@@ -42,6 +42,7 @@ static inline void pte_free_kernel(struc + + static inline void pte_free(struct mm_struct *mm, struct page *pte) + { ++ pgtable_page_dtor(pte); + __free_page(pte); + } + + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:19 2009 +Message-Id: <20090131022919.331411555@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:25:56 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Bastien ROUCARIES , + Jesper Nilsson +Subject: [patch 08/43] klist.c: bit 0 in pointer cant be used as flag +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=klist.c-bit-0-in-pointer-can-t-be-used-as-flag.patch +Content-Length: 2694 +Lines: 68 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Jesper Nilsson + +commit c0e69a5bbc6fc74184aa043aadb9a53bc58f953b upstream. + +The commit a1ed5b0cffe4b16a93a6a3390e8cee0fbef94f86 +(klist: don't iterate over deleted entries) introduces use of the +low bit in a pointer to indicate if the knode is dead or not, +assuming that this bit is always free. + +This is not true for all architectures, CRIS for example may align data +on byte borders. + +The result is a bunch of warnings on bootup, devices not being +added correctly etc, reported by Hinko Kocevar : + +------------[ cut here ]------------ +WARNING: at lib/klist.c:62 () +Modules linked in: + +Stack from c1fe1cf0: + c01cc7f4 c1fe1d11 c000eb4e c000e4de 00000000 00000000 c1f4f78f c1f50c2d + c01d008c c1fdd1a0 c1fdd1a0 c1fe1d38 c0192954 c1fe0000 00000000 c1fe1dc0 + 00000002 7fffffff c1fe1da8 c0192d50 c1fe1dc0 00000002 7fffffff c1ff9fcc +Call Trace: [] [] [] [] [] [] [] + [] [] [] [] [] [] [] [] + [] [] [] [] [] [] [] [] + [] [] [] [] [] [] [] [] + [] [] <4>---[ end trace 4eaa2a86a8e2da22 ]--- +------------[ cut here ]------------ +Repeat ad nauseam. + +Wed, Jan 14, 2009 at 12:11:32AM +0100, Bastien ROUCARIES wrote: +> Perhaps using a pointerhackalign trick on this structure where +> #define pointerhackalign(x) __attribute__ ((aligned (x))) +> and declare +> struct klist_node { +> ... +> } pointerhackalign(2); +> +> Because __attribute__ ((aligned (x))) could only increase alignment +> it will safe to do that and serve as documentation purpose :) + +That works, but we need to do it not for the struct klist_node, +but for the struct we insert into the void * in klist_node, +which is struct klist. + +Reported-by: Hinko Kocevar +Signed-off-by: Jesper Nilsson +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/klist.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/linux/klist.h ++++ b/include/linux/klist.h +@@ -23,7 +23,7 @@ struct klist { + struct list_head k_list; + void (*get)(struct klist_node *); + void (*put)(struct klist_node *); +-}; ++} __attribute__ ((aligned (4))); + + #define KLIST_INIT(_name, _get, _put) \ + { .k_lock = __SPIN_LOCK_UNLOCKED(_name.k_lock), \ + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:19 2009 +Message-Id: <20090131022919.454787841@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:25:57 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk +Subject: [patch 09/43] sysfs: fix problems with binary files +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=sysfs-fix-problems-with-binary-files.patch +Content-Length: 925 +Lines: 40 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Greg Kroah-Hartman + +commit 4503efd0891c40e30928afb4b23dc3f99c62a6b2 upstream. + +Some sysfs binary files don't like having 0 passed to them as a size. +Fix this up at the root by just returning to the vfs if userspace asks +us for a zero sized buffer. + +Thanks to Pavel Roskin for pointing this out. + +Reported-by: Pavel Roskin +Signed-off-by: Greg Kroah-Hartman + +--- + fs/sysfs/bin.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/fs/sysfs/bin.c ++++ b/fs/sysfs/bin.c +@@ -63,6 +63,9 @@ read(struct file *file, char __user *use + int count = min_t(size_t, bytes, PAGE_SIZE); + char *temp; + ++ if (!bytes) ++ return 0; ++ + if (size) { + if (offs > size) + return 0; +@@ -131,6 +134,9 @@ static ssize_t write(struct file *file, + int count = min_t(size_t, bytes, PAGE_SIZE); + char *temp; + ++ if (!bytes) ++ return 0; ++ + if (size) { + if (offs > size) + return 0; + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:19 2009 +Message-Id: <20090131022919.575425732@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:25:58 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Suresh Siddha , + Venkatesh Pallipadi , + Ingo Molnar +Subject: [patch 10/43] x86: fix page attribute corruption with cpa() +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=x86-fix-page-attribute-corruption-with-cpa.patch +Content-Length: 4163 +Lines: 127 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Suresh Siddha + +commit a1e46212a410793d575718818e81ddc442a65283 upstream. + +Impact: fix sporadic slowdowns and warning messages + +This patch fixes a performance issue reported by Linus on his +Nehalem system. While Linus reverted the PAT patch (commit +58dab916dfb57328d50deb0aa9b3fc92efa248ff) which exposed the issue, +existing cpa() code can potentially still cause wrong(page attribute +corruption) behavior. + +This patch also fixes the "WARNING: at arch/x86/mm/pageattr.c:560" that +various people reported. + +In 64bit kernel, kernel identity mapping might have holes depending +on the available memory and how e820 reports the address range +covering the RAM, ACPI, PCI reserved regions. If there is a 2MB/1GB hole +in the address range that is not listed by e820 entries, kernel identity +mapping will have a corresponding hole in its 1-1 identity mapping. + +If cpa() happens on the kernel identity mapping which falls into these holes, +existing code fails like this: + + __change_page_attr_set_clr() + __change_page_attr() + returns 0 because of if (!kpte). But doesn't + set cpa->numpages and cpa->pfn. + cpa_process_alias() + uses uninitialized cpa->pfn (random value) + which can potentially lead to changing the page + attribute of kernel text/data, kernel identity + mapping of RAM pages etc. oops! + +This bug was easily exposed by another PAT patch which was doing +cpa() more often on kernel identity mapping holes (physical range between +max_low_pfn_mapped and 4GB), where in here it was setting the +cache disable attribute(PCD) for kernel identity mappings aswell. + +Fix cpa() to handle the kernel identity mapping holes. Retain +the WARN() for cpa() calls to other not present address ranges +(kernel-text/data, ioremap() addresses) + +Signed-off-by: Suresh Siddha +Signed-off-by: Venkatesh Pallipadi +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/mm/pageattr.c | 49 ++++++++++++++++++++++++++++++++++--------------- + 1 file changed, 34 insertions(+), 15 deletions(-) + +--- a/arch/x86/mm/pageattr.c ++++ b/arch/x86/mm/pageattr.c +@@ -534,6 +534,36 @@ out_unlock: + return 0; + } + ++static int __cpa_process_fault(struct cpa_data *cpa, unsigned long vaddr, ++ int primary) ++{ ++ /* ++ * Ignore all non primary paths. ++ */ ++ if (!primary) ++ return 0; ++ ++ /* ++ * Ignore the NULL PTE for kernel identity mapping, as it is expected ++ * to have holes. ++ * Also set numpages to '1' indicating that we processed cpa req for ++ * one virtual address page and its pfn. TBD: numpages can be set based ++ * on the initial value and the level returned by lookup_address(). ++ */ ++ if (within(vaddr, PAGE_OFFSET, ++ PAGE_OFFSET + (max_pfn_mapped << PAGE_SHIFT))) { ++ cpa->numpages = 1; ++ cpa->pfn = __pa(vaddr) >> PAGE_SHIFT; ++ return 0; ++ } else { ++ WARN(1, KERN_WARNING "CPA: called for zero pte. " ++ "vaddr = %lx cpa->vaddr = %lx\n", vaddr, ++ *cpa->vaddr); ++ ++ return -EFAULT; ++ } ++} ++ + static int __change_page_attr(struct cpa_data *cpa, int primary) + { + unsigned long address; +@@ -549,17 +579,11 @@ static int __change_page_attr(struct cpa + repeat: + kpte = lookup_address(address, &level); + if (!kpte) +- return 0; ++ return __cpa_process_fault(cpa, address, primary); + + old_pte = *kpte; +- if (!pte_val(old_pte)) { +- if (!primary) +- return 0; +- WARN(1, KERN_WARNING "CPA: called for zero pte. " +- "vaddr = %lx cpa->vaddr = %lx\n", address, +- *cpa->vaddr); +- return -EINVAL; +- } ++ if (!pte_val(old_pte)) ++ return __cpa_process_fault(cpa, address, primary); + + if (level == PG_LEVEL_4K) { + pte_t new_pte; +@@ -657,12 +681,7 @@ static int cpa_process_alias(struct cpa_ + vaddr = *cpa->vaddr; + + if (!(within(vaddr, PAGE_OFFSET, +- PAGE_OFFSET + (max_low_pfn_mapped << PAGE_SHIFT)) +-#ifdef CONFIG_X86_64 +- || within(vaddr, PAGE_OFFSET + (1UL<<32), +- PAGE_OFFSET + (max_pfn_mapped << PAGE_SHIFT)) +-#endif +- )) { ++ PAGE_OFFSET + (max_pfn_mapped << PAGE_SHIFT)))) { + + alias_cpa = *cpa; + temp_cpa_vaddr = (unsigned long) __va(cpa->pfn << PAGE_SHIFT); + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:19 2009 +Message-Id: <20090131022919.700083902@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:25:59 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Alan Stern +Subject: [patch 11/43] USB: fix toggle mismatch in disable_endpoint paths +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=usb-fix-toggle-mismatch-in-disable_endpoint-paths.patch +Content-Length: 6434 +Lines: 175 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Alan Stern + +commit ddeac4e75f2527a340f9dc655bde49bb2429b39b upstream. + +This patch (as1200) finishes some fixes that were left incomplete by +an earlier patch. + +Although nobody has addressed this issue in the past, it turns out +that we need to distinguish between two different modes of disabling +and enabling endpoints. In one mode only the data structures in +usbcore are affected, and in the other mode the host controller and +device hardware states are affected as well. + +The earlier patch added an extra argument to the routines in the +enable_endpoint pathways to reflect this difference. This patch adds +corresponding arguments to the disable_endpoint pathways. Without +this change, the endpoint toggle state can get out of sync between +the host and the device. The exact mechanism depends on the details +of the host controller (whether or not it stores its own copy of the +toggle values). + +Signed-off-by: Alan Stern +Reported-by: Dan Streetman +Tested-by: Dan Streetman +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/core/driver.c | 2 +- + drivers/usb/core/hub.c | 4 ++-- + drivers/usb/core/message.c | 40 ++++++++++++++++++++++++---------------- + drivers/usb/core/usb.h | 5 +++-- + 4 files changed, 30 insertions(+), 21 deletions(-) + +--- a/drivers/usb/core/driver.c ++++ b/drivers/usb/core/driver.c +@@ -269,7 +269,7 @@ static int usb_unbind_interface(struct d + * supports "soft" unbinding. + */ + if (!driver->soft_unbind) +- usb_disable_interface(udev, intf); ++ usb_disable_interface(udev, intf, false); + + driver->disconnect(intf); + +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -2383,8 +2383,8 @@ static int hub_port_debounce(struct usb_ + + void usb_ep0_reinit(struct usb_device *udev) + { +- usb_disable_endpoint(udev, 0 + USB_DIR_IN); +- usb_disable_endpoint(udev, 0 + USB_DIR_OUT); ++ usb_disable_endpoint(udev, 0 + USB_DIR_IN, true); ++ usb_disable_endpoint(udev, 0 + USB_DIR_OUT, true); + usb_enable_endpoint(udev, &udev->ep0, true); + } + EXPORT_SYMBOL_GPL(usb_ep0_reinit); +--- a/drivers/usb/core/message.c ++++ b/drivers/usb/core/message.c +@@ -1009,14 +1009,15 @@ EXPORT_SYMBOL_GPL(usb_clear_halt); + * @dev: the device whose endpoint is being disabled + * @epaddr: the endpoint's address. Endpoint number for output, + * endpoint number + USB_DIR_IN for input ++ * @reset_hardware: flag to erase any endpoint state stored in the ++ * controller hardware + * +- * Deallocates hcd/hardware state for this endpoint ... and nukes all +- * pending urbs. +- * +- * If the HCD hasn't registered a disable() function, this sets the +- * endpoint's maxpacket size to 0 to prevent further submissions. ++ * Disables the endpoint for URB submission and nukes all pending URBs. ++ * If @reset_hardware is set then also deallocates hcd/hardware state ++ * for the endpoint. + */ +-void usb_disable_endpoint(struct usb_device *dev, unsigned int epaddr) ++void usb_disable_endpoint(struct usb_device *dev, unsigned int epaddr, ++ bool reset_hardware) + { + unsigned int epnum = epaddr & USB_ENDPOINT_NUMBER_MASK; + struct usb_host_endpoint *ep; +@@ -1026,15 +1027,18 @@ void usb_disable_endpoint(struct usb_dev + + if (usb_endpoint_out(epaddr)) { + ep = dev->ep_out[epnum]; +- dev->ep_out[epnum] = NULL; ++ if (reset_hardware) ++ dev->ep_out[epnum] = NULL; + } else { + ep = dev->ep_in[epnum]; +- dev->ep_in[epnum] = NULL; ++ if (reset_hardware) ++ dev->ep_in[epnum] = NULL; + } + if (ep) { + ep->enabled = 0; + usb_hcd_flush_endpoint(dev, ep); +- usb_hcd_disable_endpoint(dev, ep); ++ if (reset_hardware) ++ usb_hcd_disable_endpoint(dev, ep); + } + } + +@@ -1042,17 +1046,21 @@ void usb_disable_endpoint(struct usb_dev + * usb_disable_interface -- Disable all endpoints for an interface + * @dev: the device whose interface is being disabled + * @intf: pointer to the interface descriptor ++ * @reset_hardware: flag to erase any endpoint state stored in the ++ * controller hardware + * + * Disables all the endpoints for the interface's current altsetting. + */ +-void usb_disable_interface(struct usb_device *dev, struct usb_interface *intf) ++void usb_disable_interface(struct usb_device *dev, struct usb_interface *intf, ++ bool reset_hardware) + { + struct usb_host_interface *alt = intf->cur_altsetting; + int i; + + for (i = 0; i < alt->desc.bNumEndpoints; ++i) { + usb_disable_endpoint(dev, +- alt->endpoint[i].desc.bEndpointAddress); ++ alt->endpoint[i].desc.bEndpointAddress, ++ reset_hardware); + } + } + +@@ -1073,8 +1081,8 @@ void usb_disable_device(struct usb_devic + dev_dbg(&dev->dev, "%s nuking %s URBs\n", __func__, + skip_ep0 ? "non-ep0" : "all"); + for (i = skip_ep0; i < 16; ++i) { +- usb_disable_endpoint(dev, i); +- usb_disable_endpoint(dev, i + USB_DIR_IN); ++ usb_disable_endpoint(dev, i, true); ++ usb_disable_endpoint(dev, i + USB_DIR_IN, true); + } + dev->toggle[0] = dev->toggle[1] = 0; + +@@ -1242,7 +1250,7 @@ int usb_set_interface(struct usb_device + /* prevent submissions using previous endpoint settings */ + if (iface->cur_altsetting != alt) + usb_remove_sysfs_intf_files(iface); +- usb_disable_interface(dev, iface); ++ usb_disable_interface(dev, iface, true); + + iface->cur_altsetting = alt; + +@@ -1320,8 +1328,8 @@ int usb_reset_configuration(struct usb_d + */ + + for (i = 1; i < 16; ++i) { +- usb_disable_endpoint(dev, i); +- usb_disable_endpoint(dev, i + USB_DIR_IN); ++ usb_disable_endpoint(dev, i, true); ++ usb_disable_endpoint(dev, i + USB_DIR_IN, true); + } + + config = dev->actconfig; +--- a/drivers/usb/core/usb.h ++++ b/drivers/usb/core/usb.h +@@ -13,9 +13,10 @@ extern void usb_enable_endpoint(struct u + struct usb_host_endpoint *ep, bool reset_toggle); + extern void usb_enable_interface(struct usb_device *dev, + struct usb_interface *intf, bool reset_toggles); +-extern void usb_disable_endpoint(struct usb_device *dev, unsigned int epaddr); ++extern void usb_disable_endpoint(struct usb_device *dev, unsigned int epaddr, ++ bool reset_hardware); + extern void usb_disable_interface(struct usb_device *dev, +- struct usb_interface *intf); ++ struct usb_interface *intf, bool reset_hardware); + extern void usb_release_interface_cache(struct kref *ref); + extern void usb_disable_device(struct usb_device *dev, int skip_ep0); + extern int usb_deauthorize_device(struct usb_device *); + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:19 2009 +Message-Id: <20090131022919.827332967@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:00 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Clemens Ladisch , + Takashi Iwai +Subject: [patch 12/43] sound: virtuoso: enable UART on Xonar HDAV1.3 +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=sound-virtuoso-enable-uart-on-xonar-hdav1.3.patch +Content-Length: 785 +Lines: 26 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Clemens Ladisch + +commit 22c733788bbd4b75c00279119a83da5cd74b987a upstream. + +This hardware has a better chance of working correctly if we don't +forget to enable it. + +Signed-off-by: Clemens Ladisch +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/oxygen/virtuoso.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/oxygen/virtuoso.c ++++ b/sound/pci/oxygen/virtuoso.c +@@ -908,6 +908,7 @@ static const struct oxygen_model model_x + .dac_channels = 8, + .dac_volume_min = 0x0f, + .dac_volume_max = 0xff, ++ .misc_flags = OXYGEN_MISC_MIDI, + .function_flags = OXYGEN_FUNCTION_2WIRE, + .dac_i2s_format = OXYGEN_I2S_FORMAT_LJUST, + .adc_i2s_format = OXYGEN_I2S_FORMAT_LJUST, + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:20 2009 +Message-Id: <20090131022919.950386375@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:01 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Pete Zaitcev +Subject: [patch 13/43] USB: usbmon: Implement compat_ioctl +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=usb-usbmon-implement-compat_ioctl.patch +Content-Length: 4268 +Lines: 171 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Pete Zaitcev + +commit 7abce6bedc118eb39fe177c2c26be5d008505c14 upstream. + +Running a 32-bit usbmon(8) on 2.6.28-rc9 produces the following: +ioctl32(usbmon:28563): Unknown cmd fd(3) cmd(400c9206){t:ffffff92;sz:12} arg(ffd3f458) on /dev/usbmon0 + +It happens because the compatibility mode was implemented for 2.6.18 +and not updated for the fsops.compat_ioctl API. + +This patch relocates the pieces from under #ifdef CONFIG_COMPAT into +compat_ioctl with no other changes except one new whitespace. + +Signed-off-by: Pete Zaitcev +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/mon/mon_bin.c | 105 ++++++++++++++++++++++++++++------------------ + 1 file changed, 66 insertions(+), 39 deletions(-) + +--- a/drivers/usb/mon/mon_bin.c ++++ b/drivers/usb/mon/mon_bin.c +@@ -37,6 +37,7 @@ + #define MON_IOCX_GET _IOW(MON_IOC_MAGIC, 6, struct mon_bin_get) + #define MON_IOCX_MFETCH _IOWR(MON_IOC_MAGIC, 7, struct mon_bin_mfetch) + #define MON_IOCH_MFLUSH _IO(MON_IOC_MAGIC, 8) ++ + #ifdef CONFIG_COMPAT + #define MON_IOCX_GET32 _IOW(MON_IOC_MAGIC, 6, struct mon_bin_get32) + #define MON_IOCX_MFETCH32 _IOWR(MON_IOC_MAGIC, 7, struct mon_bin_mfetch32) +@@ -921,21 +922,6 @@ static int mon_bin_ioctl(struct inode *i + } + break; + +-#ifdef CONFIG_COMPAT +- case MON_IOCX_GET32: { +- struct mon_bin_get32 getb; +- +- if (copy_from_user(&getb, (void __user *)arg, +- sizeof(struct mon_bin_get32))) +- return -EFAULT; +- +- ret = mon_bin_get_event(file, rp, +- compat_ptr(getb.hdr32), compat_ptr(getb.data32), +- getb.alloc32); +- } +- break; +-#endif +- + case MON_IOCX_MFETCH: + { + struct mon_bin_mfetch mfetch; +@@ -962,7 +948,57 @@ static int mon_bin_ioctl(struct inode *i + } + break; + ++ case MON_IOCG_STATS: { ++ struct mon_bin_stats __user *sp; ++ unsigned int nevents; ++ unsigned int ndropped; ++ ++ spin_lock_irqsave(&rp->b_lock, flags); ++ ndropped = rp->cnt_lost; ++ rp->cnt_lost = 0; ++ spin_unlock_irqrestore(&rp->b_lock, flags); ++ nevents = mon_bin_queued(rp); ++ ++ sp = (struct mon_bin_stats __user *)arg; ++ if (put_user(rp->cnt_lost, &sp->dropped)) ++ return -EFAULT; ++ if (put_user(nevents, &sp->queued)) ++ return -EFAULT; ++ ++ } ++ break; ++ ++ default: ++ return -ENOTTY; ++ } ++ ++ return ret; ++} ++ + #ifdef CONFIG_COMPAT ++static long mon_bin_compat_ioctl(struct file *file, ++ unsigned int cmd, unsigned long arg) ++{ ++ struct mon_reader_bin *rp = file->private_data; ++ int ret; ++ ++ switch (cmd) { ++ ++ case MON_IOCX_GET32: { ++ struct mon_bin_get32 getb; ++ ++ if (copy_from_user(&getb, (void __user *)arg, ++ sizeof(struct mon_bin_get32))) ++ return -EFAULT; ++ ++ ret = mon_bin_get_event(file, rp, ++ compat_ptr(getb.hdr32), compat_ptr(getb.data32), ++ getb.alloc32); ++ if (ret < 0) ++ return ret; ++ } ++ return 0; ++ + case MON_IOCX_MFETCH32: + { + struct mon_bin_mfetch32 mfetch; +@@ -986,37 +1022,25 @@ static int mon_bin_ioctl(struct inode *i + return ret; + if (put_user(ret, &uptr->nfetch32)) + return -EFAULT; +- ret = 0; + } +- break; +-#endif +- +- case MON_IOCG_STATS: { +- struct mon_bin_stats __user *sp; +- unsigned int nevents; +- unsigned int ndropped; +- +- spin_lock_irqsave(&rp->b_lock, flags); +- ndropped = rp->cnt_lost; +- rp->cnt_lost = 0; +- spin_unlock_irqrestore(&rp->b_lock, flags); +- nevents = mon_bin_queued(rp); ++ return 0; + +- sp = (struct mon_bin_stats __user *)arg; +- if (put_user(rp->cnt_lost, &sp->dropped)) +- return -EFAULT; +- if (put_user(nevents, &sp->queued)) +- return -EFAULT; ++ case MON_IOCG_STATS: ++ return mon_bin_ioctl(NULL, file, cmd, ++ (unsigned long) compat_ptr(arg)); + +- } +- break; ++ case MON_IOCQ_URB_LEN: ++ case MON_IOCQ_RING_SIZE: ++ case MON_IOCT_RING_SIZE: ++ case MON_IOCH_MFLUSH: ++ return mon_bin_ioctl(NULL, file, cmd, arg); + + default: +- return -ENOTTY; ++ ; + } +- +- return ret; ++ return -ENOTTY; + } ++#endif /* CONFIG_COMPAT */ + + static unsigned int + mon_bin_poll(struct file *file, struct poll_table_struct *wait) +@@ -1094,6 +1118,9 @@ static const struct file_operations mon_ + /* .write = mon_text_write, */ + .poll = mon_bin_poll, + .ioctl = mon_bin_ioctl, ++#ifdef CONFIG_COMPAT ++ .compat_ioctl = mon_bin_compat_ioctl, ++#endif + .release = mon_bin_release, + .mmap = mon_bin_mmap, + }; + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:20 2009 +Message-Id: <20090131022920.071727077@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:02 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Alan Stern +Subject: [patch 14/43] USB: fix char-device disconnect handling +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=usb-fix-char-device-disconnect-handling.patch +Content-Length: 3675 +Lines: 120 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Alan Stern + +commit 501950d846218ed80a776d2aae5aed9c8b92e778 upstream. + +This patch (as1198) fixes a conceptual bug: Somewhere along the line +we managed to confuse USB class devices with USB char devices. As a +result, the code to send a disconnect signal to userspace would not be +built if both CONFIG_USB_DEVICE_CLASS and CONFIG_USB_DEVICEFS were +disabled. + +The usb_fs_classdev_common_remove() routine has been renamed to +usbdev_remove() and it is now called whenever any USB device is +removed, not just when a class device is unregistered. The notifier +registration and unregistration calls are no longer conditionally +compiled. And since the common removal code will always be called as +part of the char device interface, there's no need to call it again as +part of the usbfs interface; thus the invocation of +usb_fs_classdev_common_remove() has been taken out of +usbfs_remove_device(). + +Signed-off-by: Alan Stern +Reported-by: Alon Bar-Lev +Tested-by: Alon Bar-Lev +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/core/devio.c | 20 ++++++++++++-------- + drivers/usb/core/inode.c | 1 - + drivers/usb/core/usb.h | 1 - + 3 files changed, 12 insertions(+), 10 deletions(-) + +--- a/drivers/usb/core/devio.c ++++ b/drivers/usb/core/devio.c +@@ -1703,7 +1703,7 @@ const struct file_operations usbdev_file + .release = usbdev_release, + }; + +-void usb_fs_classdev_common_remove(struct usb_device *udev) ++static void usbdev_remove(struct usb_device *udev) + { + struct dev_state *ps; + struct siginfo sinfo; +@@ -1745,10 +1745,15 @@ static void usb_classdev_remove(struct u + { + if (dev->usb_classdev) + device_unregister(dev->usb_classdev); +- usb_fs_classdev_common_remove(dev); + } + +-static int usb_classdev_notify(struct notifier_block *self, ++#else ++#define usb_classdev_add(dev) 0 ++#define usb_classdev_remove(dev) do {} while (0) ++ ++#endif ++ ++static int usbdev_notify(struct notifier_block *self, + unsigned long action, void *dev) + { + switch (action) { +@@ -1758,15 +1763,15 @@ static int usb_classdev_notify(struct no + break; + case USB_DEVICE_REMOVE: + usb_classdev_remove(dev); ++ usbdev_remove(dev); + break; + } + return NOTIFY_OK; + } + + static struct notifier_block usbdev_nb = { +- .notifier_call = usb_classdev_notify, ++ .notifier_call = usbdev_notify, + }; +-#endif + + static struct cdev usb_device_cdev; + +@@ -1801,9 +1806,8 @@ int __init usb_devio_init(void) + * to /sys/dev + */ + usb_classdev_class->dev_kobj = NULL; +- +- usb_register_notify(&usbdev_nb); + #endif ++ usb_register_notify(&usbdev_nb); + out: + return retval; + +@@ -1814,8 +1818,8 @@ error_cdev: + + void usb_devio_cleanup(void) + { +-#ifdef CONFIG_USB_DEVICE_CLASS + usb_unregister_notify(&usbdev_nb); ++#ifdef CONFIG_USB_DEVICE_CLASS + class_destroy(usb_classdev_class); + #endif + cdev_del(&usb_device_cdev); +--- a/drivers/usb/core/inode.c ++++ b/drivers/usb/core/inode.c +@@ -718,7 +718,6 @@ static void usbfs_remove_device(struct u + fs_remove_file (dev->usbfs_dentry); + dev->usbfs_dentry = NULL; + } +- usb_fs_classdev_common_remove(dev); + } + + static int usbfs_notify(struct notifier_block *self, unsigned long action, void *dev) +--- a/drivers/usb/core/usb.h ++++ b/drivers/usb/core/usb.h +@@ -148,7 +148,6 @@ extern struct usb_driver usbfs_driver; + extern const struct file_operations usbfs_devices_fops; + extern const struct file_operations usbdev_file_operations; + extern void usbfs_conn_disc_event(void); +-extern void usb_fs_classdev_common_remove(struct usb_device *udev); + + extern int usb_devio_init(void); + extern void usb_devio_cleanup(void); + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:20 2009 +Message-Id: <20090131022920.196458229@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:03 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Oliver Neukum +Subject: [patch 15/43] USB: storage: add unusual devs entry +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=usb-storage-add-unusual-devs-entry.patch +Content-Length: 786 +Lines: 29 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Oliver Neukum + +commit b90de8aea36ae6fe8050a6e91b031369c4f251b2 upstream. + +This adds an unusual devs entry for 2116:0320 + +Signed-off-by: Oliver Neukum +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/storage/unusual_devs.h | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/usb/storage/unusual_devs.h ++++ b/drivers/usb/storage/unusual_devs.h +@@ -1970,6 +1970,12 @@ UNUSUAL_DEV( 0x19d2, 0x2000, 0x0000, 0x + US_SC_DEVICE, US_PR_DEVICE, NULL, + US_FL_IGNORE_DEVICE), + ++UNUSUAL_DEV( 0x2116, 0x0320, 0x0001, 0x0001, ++ "ST", ++ "2A", ++ US_SC_DEVICE, US_PR_DEVICE, NULL, ++ US_FL_FIX_CAPACITY), ++ + /* patch submitted by Davide Perini + * and Renato Perini + */ + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:20 2009 +Message-Id: <20090131022920.319948928@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:04 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Ivan Kokshaysky , + Richard Henderson , + Tobias Klausmann +Subject: [patch 16/43] alpha: nautilus - fix compile failure with gcc-4.3 +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=alpha-nautilus-fix-compile-failure-with-gcc-4.3.patch +Content-Length: 1211 +Lines: 38 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Ivan Kokshaysky + +commit 70b66cbfd3316b792a855cb9a2574e85f1a63d0f upstream. + +init_srm_irq() deals with irq's #16 and above, but size of irq_desc +array on nautilus and some other system types is 16. So gcc-4.3 +complains that "array subscript is above array bounds", even though +this function is never called on those systems. + +This adds a check for NR_IRQS <= 16, which effectively optimizes +init_srm_irq() code away on problematic platforms. + +Thanks to Daniel Drake for detailed analysis +of the problem. + +Signed-off-by: Ivan Kokshaysky +Cc: Richard Henderson +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Cc: Tobias Klausmann +Signed-off-by: Greg Kroah-Hartman + +--- + arch/alpha/kernel/irq_srm.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/alpha/kernel/irq_srm.c ++++ b/arch/alpha/kernel/irq_srm.c +@@ -63,6 +63,8 @@ init_srm_irqs(long max, unsigned long ig + { + long i; + ++ if (NR_IRQS <= 16) ++ return; + for (i = 16; i < max; ++i) { + if (i < 64 && ((ignore_mask >> i) & 1)) + continue; + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:20 2009 +Message-Id: <20090131022920.444236711@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:05 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Ivan Kokshaysky , + Nick Piggin , + Johannes Weiner , + Richard Henderson +Subject: [patch 17/43] alpha: fix vmalloc breakage +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=alpha-fix-vmalloc-breakage.patch +Content-Length: 1922 +Lines: 64 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Ivan Kokshaysky + +commit 822c18f2e38cbc775792ab65ace4f9198678dec9 upstream. + +On alpha, we have to map some stuff in the VMALLOC space very early in the +boot process (to make SRM console callbacks work and so on, see +arch/alpha/mm/init.c). For old VM allocator, we just manually placed a +vm_struct onto the global vmlist and this worked for ages. + +Unfortunately, the new allocator isn't aware of this, so it constantly +tries to allocate the VM space which is already in use, making vmalloc on +alpha defunct. + +This patch forces KVA to import vmlist entries on init. + +[akpm@linux-foundation.org: remove unneeded check (per Johannes)] +Signed-off-by: Ivan Kokshaysky +Cc: Nick Piggin +Cc: Johannes Weiner +Cc: Richard Henderson +Cc: Johannes Weiner +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/vmalloc.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/mm/vmalloc.c ++++ b/mm/vmalloc.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -960,6 +961,8 @@ EXPORT_SYMBOL(vm_map_ram); + + void __init vmalloc_init(void) + { ++ struct vmap_area *va; ++ struct vm_struct *tmp; + int i; + + for_each_possible_cpu(i) { +@@ -972,6 +975,14 @@ void __init vmalloc_init(void) + vbq->nr_dirty = 0; + } + ++ /* Import existing vmlist entries. */ ++ for (tmp = vmlist; tmp; tmp = tmp->next) { ++ va = alloc_bootmem(sizeof(struct vmap_area)); ++ va->flags = tmp->flags | VM_VM_AREA; ++ va->va_start = (unsigned long)tmp->addr; ++ va->va_end = va->va_start + tmp->size; ++ __insert_vmap_area(va); ++ } + vmap_initialized = true; + } + + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:20 2009 +Message-Id: <20090131022920.563768314@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:06 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Arjan van de Ven , + Ingo Molnar , + Kyle McMartin +Subject: [patch 18/43] resources: skip sanity check of busy resources +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=resources-skip-sanity-check-of-busy-resources.patch +Content-Length: 1592 +Lines: 45 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Arjan van de Ven + +commit 3ac52669c7a24b93663acfcab606d1065ed1accd upstream. + +Impact: reduce false positives in iomem_map_sanity_check() + +Some drivers (vesafb) only map/reserve a portion of a resource. +If then some other driver comes in and maps the whole resource, +the current code WARN_ON's. This is not the intent of the checks +in iomem_map_sanity_check(); rather these checks want to +warn when crossing *hardware* resources only. + +This patch skips BUSY resources as suggested by Linus. + +Note: having two drivers talk to the same hardware at the same +time is obviously not optimal behavior, but that's a separate story. + +Signed-off-by: Arjan van de Ven +Signed-off-by: Ingo Molnar +Signed-off-by: Kyle McMartin +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/resource.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/kernel/resource.c ++++ b/kernel/resource.c +@@ -853,6 +853,15 @@ int iomem_map_sanity_check(resource_size + if (PFN_DOWN(p->start) <= PFN_DOWN(addr) && + PFN_DOWN(p->end) >= PFN_DOWN(addr + size - 1)) + continue; ++ /* ++ * if a resource is "BUSY", it's not a hardware resource ++ * but a driver mapping of such a resource; we don't want ++ * to warn for those; some drivers legitimately map only ++ * partial hardware resources. (example: vesafb) ++ */ ++ if (p->flags & IORESOURCE_BUSY) ++ continue; ++ + printk(KERN_WARNING "resource map sanity check conflict: " + "0x%llx 0x%llx 0x%llx 0x%llx %s\n", + (unsigned long long)addr, + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:20 2009 +Message-Id: <20090131022920.686701682@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:07 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Larry Finger , + "John W. Linville" +Subject: [patch 19/43] rtl8187: Add termination packet to prevent stall +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=rtl8187-add-termination-packet-to-prevent-stall.patch +Content-Length: 823 +Lines: 26 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Larry Finger + +commit 2fcbab044a3faf4d4a6e269148dd1f188303b206 upstream. + +The RTL8187 and RTL8187B devices can stall unless an explicit termination +packet is sent. + +Signed-off-by: Larry Finger +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/rtl8187_dev.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/wireless/rtl8187_dev.c ++++ b/drivers/net/wireless/rtl8187_dev.c +@@ -263,6 +263,7 @@ static int rtl8187_tx(struct ieee80211_h + + usb_fill_bulk_urb(urb, priv->udev, usb_sndbulkpipe(priv->udev, ep), + buf, skb->len, rtl8187_tx_cb, skb); ++ urb->transfer_flags |= URB_ZERO_PACKET; + rc = usb_submit_urb(urb, GFP_ATOMIC); + if (rc < 0) { + usb_free_urb(urb); + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:20 2009 +Message-Id: <20090131022920.807153866@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:08 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Brandon Philips , + Bartlomiej Zolnierkiewicz +Subject: [patch 20/43] it821x: Add ultra_mask quirk for Vortex86SX +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=it821x-add-ultra_mask-quirk-for-vortex86sx.patch +Content-Length: 2280 +Lines: 81 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Brandon Philips + +commit b94b898f3107046b5c97c556e23529283ea5eadd upstream. + +On Vortex86SX with IDE controller revision 0x11 ultra DMA must be +disabled. This patch was tested by DMP and seems to work. + +It is a cleaned up version of their older Kernel patch: + http://www.dmp.com.tw/tech/vortex86sx/patch-2.6.24-DMP.gz + +Tested-by: Shawn Lin +Signed-off-by: Brandon Philips +Cc: Alan Cox +Signed-off-by: Bartlomiej Zolnierkiewicz +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ide/it821x.c | 12 ++++++++++++ + include/linux/pci_ids.h | 1 + + 2 files changed, 13 insertions(+) + +--- a/drivers/ide/it821x.c ++++ b/drivers/ide/it821x.c +@@ -68,6 +68,8 @@ + + #define DRV_NAME "it821x" + ++#define QUIRK_VORTEX86 1 ++ + struct it821x_dev + { + unsigned int smart:1, /* Are we in smart raid mode */ +@@ -79,6 +81,7 @@ struct it821x_dev + u16 pio[2]; /* Cached PIO values */ + u16 mwdma[2]; /* Cached MWDMA values */ + u16 udma[2]; /* Cached UDMA values (per drive) */ ++ u16 quirks; + }; + + #define ATA_66 0 +@@ -580,6 +583,12 @@ static void __devinit init_hwif_it821x(i + + hwif->ultra_mask = ATA_UDMA6; + hwif->mwdma_mask = ATA_MWDMA2; ++ ++ /* Vortex86SX quirk: prevent Ultra-DMA mode to fix BadCRC issue */ ++ if (idev->quirks & QUIRK_VORTEX86) { ++ if (dev->revision == 0x11) ++ hwif->ultra_mask = 0; ++ } + } + + static void it8212_disable_raid(struct pci_dev *dev) +@@ -652,6 +661,8 @@ static int __devinit it821x_init_one(str + return -ENOMEM; + } + ++ itdevs->quirks = id->driver_data; ++ + rc = ide_pci_init_one(dev, &it821x_chipset, itdevs); + if (rc) + kfree(itdevs); +@@ -671,6 +682,7 @@ static void __devexit it821x_remove(stru + static const struct pci_device_id it821x_pci_tbl[] = { + { PCI_VDEVICE(ITE, PCI_DEVICE_ID_ITE_8211), 0 }, + { PCI_VDEVICE(ITE, PCI_DEVICE_ID_ITE_8212), 0 }, ++ { PCI_VDEVICE(RDC, PCI_DEVICE_ID_RDC_D1010), QUIRK_VORTEX86 }, + { 0, }, + }; + +--- a/include/linux/pci_ids.h ++++ b/include/linux/pci_ids.h +@@ -2171,6 +2171,7 @@ + #define PCI_DEVICE_ID_RDC_R6040 0x6040 + #define PCI_DEVICE_ID_RDC_R6060 0x6060 + #define PCI_DEVICE_ID_RDC_R6061 0x6061 ++#define PCI_DEVICE_ID_RDC_D1010 0x1010 + + #define PCI_VENDOR_ID_LENOVO 0x17aa + + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:21 2009 +Message-Id: <20090131022920.925104043@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:09 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Joseph Chan , + Tejun Heo , + Jeff Garzik +Subject: [patch 21/43] libata: pata_via: support VX855, future chips whose IDE controller use 0x0571 +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=libata-pata_via-support-vx855-future-chips-whose-ide-controller-use-0x0571.patch +Content-Length: 4074 +Lines: 118 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: JosephChan@via.com.tw + +commit e4d866cdea24543ee16ce6d07d80c513e86ba983 upstream. + +It supports VX855 and future chips whose IDE controller uses PCI ID 0x0571. + +Signed-off-by: Joseph Chan +Acked-by: Tejun Heo +Signed-off-by: Jeff Garzik +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ata/pata_via.c | 22 +++++++++++++++++----- + include/linux/pci_ids.h | 4 ++++ + 2 files changed, 21 insertions(+), 5 deletions(-) + +--- a/drivers/ata/pata_via.c ++++ b/drivers/ata/pata_via.c +@@ -86,6 +86,10 @@ enum { + VIA_SATA_PATA = 0x800, /* SATA/PATA combined configuration */ + }; + ++enum { ++ VIA_IDFLAG_SINGLE = (1 << 0), /* single channel controller) */ ++}; ++ + /* + * VIA SouthBridge chips. + */ +@@ -97,8 +101,12 @@ static const struct via_isa_bridge { + u8 rev_max; + u16 flags; + } via_isa_bridges[] = { ++ { "vx855", PCI_DEVICE_ID_VIA_VX855, 0x00, 0x2f, ++ VIA_UDMA_133 | VIA_BAD_AST | VIA_SATA_PATA }, + { "vx800", PCI_DEVICE_ID_VIA_VX800, 0x00, 0x2f, VIA_UDMA_133 | + VIA_BAD_AST | VIA_SATA_PATA }, ++ { "vt8261", PCI_DEVICE_ID_VIA_8261, 0x00, 0x2f, ++ VIA_UDMA_133 | VIA_BAD_AST }, + { "vt8237s", PCI_DEVICE_ID_VIA_8237S, 0x00, 0x2f, VIA_UDMA_133 | VIA_BAD_AST }, + { "vt8251", PCI_DEVICE_ID_VIA_8251, 0x00, 0x2f, VIA_UDMA_133 | VIA_BAD_AST }, + { "cx700", PCI_DEVICE_ID_VIA_CX700, 0x00, 0x2f, VIA_UDMA_133 | VIA_BAD_AST | VIA_SATA_PATA }, +@@ -122,6 +130,8 @@ static const struct via_isa_bridge { + { "vt82c586", PCI_DEVICE_ID_VIA_82C586_0, 0x00, 0x0f, VIA_UDMA_NONE | VIA_SET_FIFO }, + { "vt82c576", PCI_DEVICE_ID_VIA_82C576, 0x00, 0x2f, VIA_UDMA_NONE | VIA_SET_FIFO | VIA_NO_UNMASK }, + { "vt82c576", PCI_DEVICE_ID_VIA_82C576, 0x00, 0x2f, VIA_UDMA_NONE | VIA_SET_FIFO | VIA_NO_UNMASK | VIA_BAD_ID }, ++ { "vtxxxx", PCI_DEVICE_ID_VIA_ANON, 0x00, 0x2f, ++ VIA_UDMA_133 | VIA_BAD_AST }, + { NULL } + }; + +@@ -460,6 +470,7 @@ static int via_init_one(struct pci_dev * + static int printed_version; + u8 enable; + u32 timing; ++ unsigned long flags = id->driver_data; + int rc; + + if (!printed_version++) +@@ -469,9 +480,13 @@ static int via_init_one(struct pci_dev * + if (rc) + return rc; + ++ if (flags & VIA_IDFLAG_SINGLE) ++ ppi[1] = &ata_dummy_port_info; ++ + /* To find out how the IDE will behave and what features we + actually have to look at the bridge not the IDE controller */ +- for (config = via_isa_bridges; config->id; config++) ++ for (config = via_isa_bridges; config->id != PCI_DEVICE_ID_VIA_ANON; ++ config++) + if ((isa = pci_get_device(PCI_VENDOR_ID_VIA + + !!(config->flags & VIA_BAD_ID), + config->id, NULL))) { +@@ -482,10 +497,6 @@ static int via_init_one(struct pci_dev * + pci_dev_put(isa); + } + +- if (!config->id) { +- printk(KERN_WARNING "via: Unknown VIA SouthBridge, disabling.\n"); +- return -ENODEV; +- } + pci_dev_put(isa); + + if (!(config->flags & VIA_NO_ENABLES)) { +@@ -587,6 +598,7 @@ static const struct pci_device_id via[] + { PCI_VDEVICE(VIA, 0x1571), }, + { PCI_VDEVICE(VIA, 0x3164), }, + { PCI_VDEVICE(VIA, 0x5324), }, ++ { PCI_VDEVICE(VIA, 0xC409), VIA_IDFLAG_SINGLE }, + + { }, + }; +--- a/include/linux/pci_ids.h ++++ b/include/linux/pci_ids.h +@@ -1357,6 +1357,7 @@ + #define PCI_DEVICE_ID_VIA_8783_0 0x3208 + #define PCI_DEVICE_ID_VIA_8237 0x3227 + #define PCI_DEVICE_ID_VIA_8251 0x3287 ++#define PCI_DEVICE_ID_VIA_8261 0x3402 + #define PCI_DEVICE_ID_VIA_8237A 0x3337 + #define PCI_DEVICE_ID_VIA_8237S 0x3372 + #define PCI_DEVICE_ID_VIA_SATA_EIDE 0x5324 +@@ -1366,10 +1367,13 @@ + #define PCI_DEVICE_ID_VIA_CX700 0x8324 + #define PCI_DEVICE_ID_VIA_CX700_IDE 0x0581 + #define PCI_DEVICE_ID_VIA_VX800 0x8353 ++#define PCI_DEVICE_ID_VIA_VX855 0x8409 + #define PCI_DEVICE_ID_VIA_8371_1 0x8391 + #define PCI_DEVICE_ID_VIA_82C598_1 0x8598 + #define PCI_DEVICE_ID_VIA_838X_1 0xB188 + #define PCI_DEVICE_ID_VIA_83_87XX_1 0xB198 ++#define PCI_DEVICE_ID_VIA_C409_IDE 0XC409 ++#define PCI_DEVICE_ID_VIA_ANON 0xFFFF + + #define PCI_VENDOR_ID_SIEMENS 0x110A + #define PCI_DEVICE_ID_SIEMENS_DSCC4 0x2102 + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:21 2009 +Message-Id: <20090131022921.043844551@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:10 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Flavio Leitner , + Alan Cox +Subject: [patch 22/43] serial_8250: support for Sealevel Systems Model 7803 COMM+8 +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=serial_8250-support-for-sealevel-systems-model-7803-comm-8.patch +Content-Length: 1296 +Lines: 39 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Flavio Leitner + +commit e65f0f8271b1b0452334e5da37fd35413a000de4 upstream. + +Add support for Sealevel Systems Model 7803 COMM+8 + +Signed-off-by: Flavio Leitner +Signed-off-by: Alan Cox +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/serial/8250_pci.c | 3 +++ + include/linux/pci_ids.h | 1 + + 2 files changed, 4 insertions(+) + +--- a/drivers/serial/8250_pci.c ++++ b/drivers/serial/8250_pci.c +@@ -2271,6 +2271,9 @@ static struct pci_device_id serial_pci_t + { PCI_VENDOR_ID_SEALEVEL, PCI_DEVICE_ID_SEALEVEL_COMM8, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, + pbn_b2_8_115200 }, ++ { PCI_VENDOR_ID_SEALEVEL, PCI_DEVICE_ID_SEALEVEL_7803, ++ PCI_ANY_ID, PCI_ANY_ID, 0, 0, ++ pbn_b2_8_460800 }, + { PCI_VENDOR_ID_SEALEVEL, PCI_DEVICE_ID_SEALEVEL_UCOMM8, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, + pbn_b2_8_115200 }, +--- a/include/linux/pci_ids.h ++++ b/include/linux/pci_ids.h +@@ -1799,6 +1799,7 @@ + #define PCI_DEVICE_ID_SEALEVEL_UCOMM232 0x7202 + #define PCI_DEVICE_ID_SEALEVEL_COMM4 0x7401 + #define PCI_DEVICE_ID_SEALEVEL_COMM8 0x7801 ++#define PCI_DEVICE_ID_SEALEVEL_7803 0x7803 + #define PCI_DEVICE_ID_SEALEVEL_UCOMM8 0x7804 + + #define PCI_VENDOR_ID_HYPERCOPE 0x1365 + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:21 2009 +Message-Id: <20090131022921.167790198@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:11 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Eric Anholt , + Dave Airlie +Subject: [patch 23/43] drm: stash AGP include under the do-we-have-AGP ifdef +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=drm-stash-agp-include-under-the-do-we-have-agp-ifdef.patch +Content-Length: 670 +Lines: 31 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Eric Anholt + +commit 1bb88edb7a3769992026f34fd648bb459b0469aa upstream. + +This fixes the MIPS with DRM build. + +Signed-off-by: Eric Anholt +Tested-by: Martin Michlmayr +Signed-off-by: Dave Airlie +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/drm_agpsupport.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/gpu/drm/drm_agpsupport.c ++++ b/drivers/gpu/drm/drm_agpsupport.c +@@ -33,10 +33,11 @@ + + #include "drmP.h" + #include +-#include + + #if __OS_HAS_AGP + ++#include ++ + /** + * Get AGP information. + * + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:21 2009 +Message-Id: <20090131022921.291581147@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:12 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + Maksim Yevmenkin +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Lee Schermerhorn , + Nick Piggin , + Rik van Riel , + Hugh Dickins +Subject: [patch 24/43] Fix OOPS in mmap_region() when merging adjacent VM_LOCKED file segments +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=fix-oops-in-mmap_region-when-merging-adjacent-vm_locked-file-segments.patch +Content-Length: 1895 +Lines: 60 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Andrew Morton + +This patch differs from the upstream commit +de33c8db5910cda599899dd431cc30d7c1018cbf written by Linus, as it aims to +only prevent the oops from happening, not attempt to change anything +else. + + +The problem was introduced by commit +ba470de43188cdbff795b5da43a1474523c6c2fb + +which added new references to *vma after we've potentially freed it. + +From: Andrew Morton +Reported-by: Maksim Yevmenkin +Tested-by: Maksim Yevmenkin +Cc: Lee Schermerhorn +Cc: Nick Piggin +Cc: Andrew Morton +Cc: Rik van Riel +Cc: Hugh Dickins +Cc: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + + +--- + mm/mmap.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -1095,6 +1095,7 @@ unsigned long mmap_region(struct file *f + { + struct mm_struct *mm = current->mm; + struct vm_area_struct *vma, *prev; ++ struct vm_area_struct *merged_vma; + int correct_wcount = 0; + int error; + struct rb_node **rb_link, *rb_parent; +@@ -1207,13 +1208,17 @@ munmap_back: + if (vma_wants_writenotify(vma)) + vma->vm_page_prot = vm_get_page_prot(vm_flags & ~VM_SHARED); + +- if (file && vma_merge(mm, prev, addr, vma->vm_end, +- vma->vm_flags, NULL, file, pgoff, vma_policy(vma))) { ++ merged_vma = NULL; ++ if (file) ++ merged_vma = vma_merge(mm, prev, addr, vma->vm_end, ++ vma->vm_flags, NULL, file, pgoff, vma_policy(vma)); ++ if (merged_vma) { + mpol_put(vma_policy(vma)); + kmem_cache_free(vm_area_cachep, vma); + fput(file); + if (vm_flags & VM_EXECUTABLE) + removed_exe_file_vma(mm); ++ vma = merged_vma; + } else { + vma_link(mm, vma, prev, rb_link, rb_parent); + file = vma->vm_file; + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:21 2009 +Message-Id: <20090131022921.416637744@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:13 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Paul Larson , + Eilon Greenstein , + "David S. Miller" +Subject: [patch 25/43] bnx2x: Block nvram access when the device is inactive +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=bnx2x-block-nvram-access-when-the-device-is-inactive.patch +Content-Length: 908 +Lines: 29 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Eilon Greenstein + +commit 2add3acb11a26cc14b54669433ae6ace6406cbf2 upstream. + +Don't dump eeprom when bnx2x adapter is down. Running ethtool -e causes an eeh +without it when the device is down + +Signed-off-by: Paul Larson +Signed-off-by: Eilon Greenstein +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/bnx2x_main.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/net/bnx2x_main.c ++++ b/drivers/net/bnx2x_main.c +@@ -8079,6 +8079,9 @@ static int bnx2x_get_eeprom(struct net_d + struct bnx2x *bp = netdev_priv(dev); + int rc; + ++ if (!netif_running(dev)) ++ return -EAGAIN; ++ + DP(BNX2X_MSG_NVM, "ethtool_eeprom: cmd %d\n" + DP_LEVEL " magic 0x%x offset 0x%x (%d) len 0x%x (%d)\n", + eeprom->cmd, eeprom->magic, eeprom->offset, eeprom->offset, + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:21 2009 +Message-Id: <20090131022921.533637388@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:14 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk +Subject: [patch 26/43] ext3: Add sanity check to make_indexed_dir +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=ext3-add-sanity-check-to-make_indexed_dir.patch +Content-Length: 2041 +Lines: 64 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Theodore Ts'o + +commit a21102b55c4f8dfd3adb4a15a34cd62237b46039 upstream. + +Make sure the rec_len field in the '..' entry is sane, lest we overrun +the directory block and cause a kernel oops on a purposefully +corrupted filesystem. + +This fixes a bug related to a bug originally reported by Sami Liedes +for ext4 at: + +http://bugzilla.kernel.org/show_bug.cgi?id=12430 + +Signed-off-by: "Theodore Ts'o" +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext3/namei.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +--- a/fs/ext3/namei.c ++++ b/fs/ext3/namei.c +@@ -1357,7 +1357,7 @@ static int make_indexed_dir(handle_t *ha + struct fake_dirent *fde; + + blocksize = dir->i_sb->s_blocksize; +- dxtrace(printk("Creating index\n")); ++ dxtrace(printk(KERN_DEBUG "Creating index: inode %lu\n", dir->i_ino)); + retval = ext3_journal_get_write_access(handle, bh); + if (retval) { + ext3_std_error(dir->i_sb, retval); +@@ -1366,6 +1366,19 @@ static int make_indexed_dir(handle_t *ha + } + root = (struct dx_root *) bh->b_data; + ++ /* The 0th block becomes the root, move the dirents out */ ++ fde = &root->dotdot; ++ de = (struct ext3_dir_entry_2 *)((char *)fde + ++ ext3_rec_len_from_disk(fde->rec_len)); ++ if ((char *) de >= (((char *) root) + blocksize)) { ++ ext3_error(dir->i_sb, __func__, ++ "invalid rec_len for '..' in inode %lu", ++ dir->i_ino); ++ brelse(bh); ++ return -EIO; ++ } ++ len = ((char *) root) + blocksize - (char *) de; ++ + bh2 = ext3_append (handle, dir, &block, &retval); + if (!(bh2)) { + brelse(bh); +@@ -1374,11 +1387,6 @@ static int make_indexed_dir(handle_t *ha + EXT3_I(dir)->i_flags |= EXT3_INDEX_FL; + data1 = bh2->b_data; + +- /* The 0th block becomes the root, move the dirents out */ +- fde = &root->dotdot; +- de = (struct ext3_dir_entry_2 *)((char *)fde + +- ext3_rec_len_from_disk(fde->rec_len)); +- len = ((char *) root) + blocksize - (char *) de; + memcpy (data1, de, len); + de = (struct ext3_dir_entry_2 *) data1; + top = data1 + len; + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:21 2009 +Message-Id: <20090131022921.655540664@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:15 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Larry Finger , + "John W. Linville" +Subject: [patch 27/43] rtl8187: Fix error in setting OFDM power settings for RTL8187L +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=rtl8187-fix-error-in-setting-ofdm-power-settings-for-rtl8187l.patch +Content-Length: 1641 +Lines: 48 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Larry Finger + +commit eb83bbf57429ab80f49b413e3e44d3b19c3fdc5a upstream. + +After reports of poor performance, a review of the latest vendor driver +(rtl8187_linux_26.1025.0328.2007) for RTL8187L devices was undertaken. + +A difference was found in the code used to index the OFDM power tables. When +the Linux driver was changed, my unit works at a much greater range than +before. I think this fixes Bugzilla #12380 and has been tested by at least +two other users. + +Signed-off-by: Larry Finger +Tested-by: Martín Ernesto Barreyro +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/rtl8187_rtl8225.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +--- a/drivers/net/wireless/rtl8187_rtl8225.c ++++ b/drivers/net/wireless/rtl8187_rtl8225.c +@@ -287,7 +287,10 @@ static void rtl8225_rf_set_tx_power(stru + ofdm_power = priv->channels[channel - 1].hw_value >> 4; + + cck_power = min(cck_power, (u8)11); +- ofdm_power = min(ofdm_power, (u8)35); ++ if (ofdm_power > (u8)15) ++ ofdm_power = 25; ++ else ++ ofdm_power += 10; + + rtl818x_iowrite8(priv, &priv->map->TX_GAIN_CCK, + rtl8225_tx_gain_cck_ofdm[cck_power / 6] >> 1); +@@ -540,7 +543,10 @@ static void rtl8225z2_rf_set_tx_power(st + cck_power += priv->txpwr_base & 0xF; + cck_power = min(cck_power, (u8)35); + +- ofdm_power = min(ofdm_power, (u8)15); ++ if (ofdm_power > (u8)15) ++ ofdm_power = 25; ++ else ++ ofdm_power += 10; + ofdm_power += priv->txpwr_base >> 4; + ofdm_power = min(ofdm_power, (u8)35); + + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:21 2009 +Message-Id: <20090131022921.780118447@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:16 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Davide Libenzi , + Michael Kerrisk , + Bron Gondwana +Subject: [patch 28/43] epoll: drop max_user_instances and rely only on max_user_watches +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=epoll-drop-max_user_instances-and-rely-only-on-max_user_watches.patch +Content-Length: 3465 +Lines: 111 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Davide Libenzi + +commit 9df04e1f25effde823a600e755b51475d438f56b upstream. + +Linus suggested to put limits where the money is, and max_user_watches +already does that w/out the need of max_user_instances. That has the +advantage to mitigate the potential DoS while allowing pretty generous +default behavior. + +Allowing top 4% of low memory (per user) to be allocated in epoll watches, +we have: + +LOMEM MAX_WATCHES (per user) +512MB ~178000 +1GB ~356000 +2GB ~712000 + +A box with 512MB of lomem, will meet some challenge in hitting 180K +watches, socket buffers math teaches us. No more max_user_instances +limits then. + +Signed-off-by: Davide Libenzi +Cc: Willy Tarreau +Cc: Michael Kerrisk +Cc: Bron Gondwana +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/eventpoll.c | 22 ++++------------------ + include/linux/sched.h | 1 - + 2 files changed, 4 insertions(+), 19 deletions(-) + +--- a/fs/eventpoll.c ++++ b/fs/eventpoll.c +@@ -234,8 +234,6 @@ struct ep_pqueue { + /* + * Configuration options available inside /proc/sys/fs/epoll/ + */ +-/* Maximum number of epoll devices, per user */ +-static int max_user_instances __read_mostly; + /* Maximum number of epoll watched descriptors, per user */ + static int max_user_watches __read_mostly; + +@@ -261,14 +259,6 @@ static int zero; + + ctl_table epoll_table[] = { + { +- .procname = "max_user_instances", +- .data = &max_user_instances, +- .maxlen = sizeof(int), +- .mode = 0644, +- .proc_handler = &proc_dointvec_minmax, +- .extra1 = &zero, +- }, +- { + .procname = "max_user_watches", + .data = &max_user_watches, + .maxlen = sizeof(int), +@@ -491,7 +481,6 @@ static void ep_free(struct eventpoll *ep + + mutex_unlock(&epmutex); + mutex_destroy(&ep->mtx); +- atomic_dec(&ep->user->epoll_devs); + free_uid(ep->user); + kfree(ep); + } +@@ -581,10 +570,6 @@ static int ep_alloc(struct eventpoll **p + struct eventpoll *ep; + + user = get_current_user(); +- error = -EMFILE; +- if (unlikely(atomic_read(&user->epoll_devs) >= +- max_user_instances)) +- goto free_uid; + error = -ENOMEM; + ep = kzalloc(sizeof(*ep), GFP_KERNEL); + if (unlikely(!ep)) +@@ -1141,7 +1126,6 @@ SYSCALL_DEFINE1(epoll_create1, int, flag + flags & O_CLOEXEC); + if (fd < 0) + ep_free(ep); +- atomic_inc(&ep->user->epoll_devs); + + error_return: + DNPRINTK(3, (KERN_INFO "[%p] eventpoll: sys_epoll_create(%d) = %d\n", +@@ -1366,8 +1350,10 @@ static int __init eventpoll_init(void) + struct sysinfo si; + + si_meminfo(&si); +- max_user_instances = 128; +- max_user_watches = (((si.totalram - si.totalhigh) / 32) << PAGE_SHIFT) / ++ /* ++ * Allows top 4% of lomem to be allocated for epoll watches (per user). ++ */ ++ max_user_watches = (((si.totalram - si.totalhigh) / 25) << PAGE_SHIFT) / + EP_ITEM_COST; + + /* Initialize the structure used to perform safe poll wait head wake ups */ +--- a/include/linux/sched.h ++++ b/include/linux/sched.h +@@ -631,7 +631,6 @@ struct user_struct { + atomic_t inotify_devs; /* How many inotify devs does this user have opened? */ + #endif + #ifdef CONFIG_EPOLL +- atomic_t epoll_devs; /* The number of epoll descriptors currently open */ + atomic_t epoll_watches; /* The number of file descriptors currently watched */ + #endif + #ifdef CONFIG_POSIX_MQUEUE + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009 +Message-Id: <20090131022921.905626989@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:17 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Magnus Damm , + David Brownell +Subject: [patch 29/43] gpiolib: fix request related issue +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=gpiolib-fix-request-related-issue.patch +Content-Length: 722 +Lines: 27 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Magnus Damm + +commit 7460db567bbca76bf087d1694d792a1a96bdaa26 upstream. + +Fix request-already-requested handling in gpio_request(). + +Signed-off-by: Magnus Damm +Acked-by: David Brownell +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpio/gpiolib.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/gpio/gpiolib.c ++++ b/drivers/gpio/gpiolib.c +@@ -789,6 +789,7 @@ int gpio_request(unsigned gpio, const ch + } else { + status = -EBUSY; + module_put(chip->owner); ++ goto done; + } + + if (chip->request) { + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009 +Message-Id: <20090131022922.021522440@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:18 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Robin Holt , + Dean Nelson +Subject: [patch 30/43] sgi-xpc: Remove NULL pointer dereference. +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=sgi-xpc-remove-null-pointer-dereference.patch +Content-Length: 1157 +Lines: 38 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Robin Holt + +commit 17e2161654da4e6bdfd8d53d4f52e820ee93f423 upstream. + +If the bte copy fails, the attempt to retrieve payloads merely returns a +null pointer deref and not NULL as was expected. + +Signed-off-by: Robin Holt +Signed-off-by: Dean Nelson +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/misc/sgi-xp/xpc_sn2.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/drivers/misc/sgi-xp/xpc_sn2.c ++++ b/drivers/misc/sgi-xp/xpc_sn2.c +@@ -1961,11 +1961,13 @@ xpc_get_deliverable_payload_sn2(struct x + + msg = xpc_pull_remote_msg_sn2(ch, get); + +- DBUG_ON(msg != NULL && msg->number != get); +- DBUG_ON(msg != NULL && (msg->flags & XPC_M_SN2_DONE)); +- DBUG_ON(msg != NULL && !(msg->flags & XPC_M_SN2_READY)); ++ if (msg != NULL) { ++ DBUG_ON(msg->number != get); ++ DBUG_ON(msg->flags & XPC_M_SN2_DONE); ++ DBUG_ON(!(msg->flags & XPC_M_SN2_READY)); + +- payload = &msg->payload; ++ payload = &msg->payload; ++ } + break; + } + + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009 +Message-Id: <20090131022922.149662682@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:19 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Robin Holt , + Dean Nelson +Subject: [patch 31/43] sgi-xpc: ensure flags are updated before bte_copy +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=sgi-xpc-ensure-flags-are-updated-before-bte_copy.patch +Content-Length: 2547 +Lines: 76 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Robin Holt + +commit 69b3bb65fa97a1e8563518dbbc35cd57beefb2d4 upstream. + +The clearing of the msg->flags needs a barrier between it and the notify +of the channel threads that the messages are cleaned and ready for use. + +Signed-off-by: Robin Holt +Signed-off-by: Dean Nelson +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/misc/sgi-xp/xpc_sn2.c | 9 +++++---- + drivers/misc/sgi-xp/xpc_uv.c | 2 +- + 2 files changed, 6 insertions(+), 5 deletions(-) + +--- a/drivers/misc/sgi-xp/xpc_sn2.c ++++ b/drivers/misc/sgi-xp/xpc_sn2.c +@@ -1841,6 +1841,7 @@ xpc_process_msg_chctl_flags_sn2(struct x + */ + xpc_clear_remote_msgqueue_flags_sn2(ch); + ++ smp_wmb(); /* ensure flags have been cleared before bte_copy */ + ch_sn2->w_remote_GP.put = ch_sn2->remote_GP.put; + + dev_dbg(xpc_chan, "w_remote_GP.put changed to %ld, partid=%d, " +@@ -1939,7 +1940,7 @@ xpc_get_deliverable_payload_sn2(struct x + break; + + get = ch_sn2->w_local_GP.get; +- rmb(); /* guarantee that .get loads before .put */ ++ smp_rmb(); /* guarantee that .get loads before .put */ + if (get == ch_sn2->w_remote_GP.put) + break; + +@@ -2060,7 +2061,7 @@ xpc_allocate_msg_sn2(struct xpc_channel + while (1) { + + put = ch_sn2->w_local_GP.put; +- rmb(); /* guarantee that .put loads before .get */ ++ smp_rmb(); /* guarantee that .put loads before .get */ + if (put - ch_sn2->w_remote_GP.get < ch->local_nentries) { + + /* There are available message entries. We need to try +@@ -2193,7 +2194,7 @@ xpc_send_payload_sn2(struct xpc_channel + * The preceding store of msg->flags must occur before the following + * load of local_GP->put. + */ +- mb(); ++ smp_mb(); + + /* see if the message is next in line to be sent, if so send it */ + +@@ -2294,7 +2295,7 @@ xpc_received_payload_sn2(struct xpc_chan + * The preceding store of msg->flags must occur before the following + * load of local_GP->get. + */ +- mb(); ++ smp_mb(); + + /* + * See if this message is next in line to be acknowledged as having +--- a/drivers/misc/sgi-xp/xpc_uv.c ++++ b/drivers/misc/sgi-xp/xpc_uv.c +@@ -1238,7 +1238,7 @@ xpc_send_payload_uv(struct xpc_channel * + atomic_inc(&ch->n_to_notify); + + msg_slot->key = key; +- wmb(); /* a non-NULL func must hit memory after the key */ ++ smp_wmb(); /* a non-NULL func must hit memory after the key */ + msg_slot->func = func; + + if (ch->flags & XPC_C_DISCONNECTING) { + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009 +Message-Id: <20090131022922.273133272@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:20 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Boaz Harrosh , + FUJITA Tomonori , + Jens Axboe +Subject: [patch 32/43] include/linux: Add bsg.h to the Kernel exported headers +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=include-linux-add-bsg.h-to-the-kernel-exported-headers.patch +Content-Length: 1137 +Lines: 36 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Boaz Harrosh + +commit a229fc61ef0ee3c30fd193beee0eeb87410227f1 upstream. + +bsg.h in current form is perfectly suitable for user-mode +consumption. It is needed together with scsi/sg.h for applications +that want to interface with the bsg driver. + +Currently the few projects that use it would copy it over into +the projects. But that is not acceptable for projects that need +to provide source and devel packages for distros. + +This should also be submitted to stable 2.6.28 and 2.6.27 since bsg had +a stable API since these Kernels and distro users will need the header +for these kernels a swell + +Signed-off-by: Boaz Harrosh +Acked-by: FUJITA Tomonori +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/Kbuild | 1 + + 1 file changed, 1 insertion(+) + +--- a/include/linux/Kbuild ++++ b/include/linux/Kbuild +@@ -41,6 +41,7 @@ header-y += baycom.h + header-y += bfs_fs.h + header-y += blkpg.h + header-y += bpqether.h ++header-y += bsg.h + header-y += can.h + header-y += cdk.h + header-y += chio.h + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009 +Message-Id: <20090131022922.395903478@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:21 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Takashi Iwai +Subject: [patch 33/43] ALSA: hda - Fix PCM reference NID for STAC/IDT analog outputs +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=alsa-hda-fix-pcm-reference-nid-for-stac-idt-analog-outputs.patch +Content-Length: 1084 +Lines: 30 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Takashi Iwai + +commit 00a602db1ce9d61319d6f769dee206ec85f19bda upstream. + +The reference NID for the analog outputs of STAC/IDT codecs is set +to a fixed number 0x02. But this isn't always correct and in many +codecs it points to a non-existing NID. + +This patch fixes the initialization of the PCM reference NID taken +from the actually probed DAC list. + +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_sigmatel.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/sound/pci/hda/patch_sigmatel.c ++++ b/sound/pci/hda/patch_sigmatel.c +@@ -2428,6 +2428,8 @@ static int stac92xx_build_pcms(struct hd + + info->name = "STAC92xx Analog"; + info->stream[SNDRV_PCM_STREAM_PLAYBACK] = stac92xx_pcm_analog_playback; ++ info->stream[SNDRV_PCM_STREAM_PLAYBACK].nid = ++ spec->multiout.dac_nids[0]; + info->stream[SNDRV_PCM_STREAM_CAPTURE] = stac92xx_pcm_analog_capture; + info->stream[SNDRV_PCM_STREAM_CAPTURE].nid = spec->adc_nids[0]; + info->stream[SNDRV_PCM_STREAM_CAPTURE].substreams = spec->num_adcs; + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009 +Message-Id: <20090131022922.515758788@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:22 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Luke Yelavich , + Takashi Iwai +Subject: [patch 34/43] ALSA: hda - add another MacBook Pro 4, 1 subsystem ID +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=alsa-hda-add-another-macbook-pro-4-1-subsystem-id.patch +Content-Length: 831 +Lines: 26 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Luke Yelavich + +commit 2a88464ceb1bda2571f88902fd8068a6168e3f7b upstream. + +Add another MacBook Pro 4,1 SSID (106b:3800). It seems that latter revisions, +(at least mine), have different IDs to earlier revisions. + +Signed-off-by: Luke Yelavich +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -6780,6 +6780,7 @@ static int patch_alc882(struct hda_codec + case 0x106b00a4: /* MacbookPro4,1 */ + case 0x106b2c00: /* Macbook Pro rev3 */ + case 0x106b3600: /* Macbook 3.1 */ ++ case 0x106b3800: /* MacbookPro4,1 - latter revision */ + board_config = ALC885_MBP3; + break; + default: + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009 +Message-Id: <20090131022922.639158274@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:23 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Joerg Schirottke , + Takashi Iwai +Subject: [patch 35/43] ALSA: hda - Add quirk for HP DV6700 laptop +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=alsa-hda-add-quirk-for-hp-dv6700-laptop.patch +Content-Length: 873 +Lines: 25 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Joerg Schirottke + +commit aa9d823bb347fb66cb07f98c686be8bb85cb6a74 upstream. + +Added the matching model=laptop for HP DV6700 laptop. + +Signed-off-by: Joerg Schirottke +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_conexant.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_conexant.c ++++ b/sound/pci/hda/patch_conexant.c +@@ -1470,6 +1470,7 @@ static struct snd_pci_quirk cxt5047_cfg_ + SND_PCI_QUIRK(0x103c, 0x30a5, "HP DV5200T/DV8000T", CXT5047_LAPTOP_HP), + SND_PCI_QUIRK(0x103c, 0x30b2, "HP DV2000T/DV3000T", CXT5047_LAPTOP), + SND_PCI_QUIRK(0x103c, 0x30b5, "HP DV2000Z", CXT5047_LAPTOP), ++ SND_PCI_QUIRK(0x103c, 0x30cf, "HP DV6700", CXT5047_LAPTOP), + SND_PCI_QUIRK(0x1179, 0xff31, "Toshiba P100", CXT5047_LAPTOP_EAPD), + {} + }; + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009 +Message-Id: <20090131022922.763677251@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:24 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Herbert Xu +Subject: [patch 36/43] crypto: authenc - Fix zero-length IV crash +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=crypto-authenc-fix-zero-length-iv-crash.patch +Content-Length: 2037 +Lines: 65 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Herbert Xu + +commit 29b37f42127f7da511560a40ea74f5047da40c13 upstream. + +As it is if an algorithm with a zero-length IV is used (e.g., +NULL encryption) with authenc, authenc may generate an SG entry +of length zero, which will trigger a BUG check in the hash layer. + +This patch fixes it by skipping the IV SG generation if the IV +size is zero. + +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/authenc.c | 24 +++++++++++++++--------- + 1 file changed, 15 insertions(+), 9 deletions(-) + +--- a/crypto/authenc.c ++++ b/crypto/authenc.c +@@ -157,16 +157,19 @@ static int crypto_authenc_genicv(struct + dstp = sg_page(dst); + vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + dst->offset; + +- sg_init_table(cipher, 2); +- sg_set_buf(cipher, iv, ivsize); +- authenc_chain(cipher, dst, vdst == iv + ivsize); ++ if (ivsize) { ++ sg_init_table(cipher, 2); ++ sg_set_buf(cipher, iv, ivsize); ++ authenc_chain(cipher, dst, vdst == iv + ivsize); ++ dst = cipher; ++ } + + cryptlen = req->cryptlen + ivsize; +- hash = crypto_authenc_hash(req, flags, cipher, cryptlen); ++ hash = crypto_authenc_hash(req, flags, dst, cryptlen); + if (IS_ERR(hash)) + return PTR_ERR(hash); + +- scatterwalk_map_and_copy(hash, cipher, cryptlen, ++ scatterwalk_map_and_copy(hash, dst, cryptlen, + crypto_aead_authsize(authenc), 1); + return 0; + } +@@ -284,11 +287,14 @@ static int crypto_authenc_iverify(struct + srcp = sg_page(src); + vsrc = PageHighMem(srcp) ? NULL : page_address(srcp) + src->offset; + +- sg_init_table(cipher, 2); +- sg_set_buf(cipher, iv, ivsize); +- authenc_chain(cipher, src, vsrc == iv + ivsize); ++ if (ivsize) { ++ sg_init_table(cipher, 2); ++ sg_set_buf(cipher, iv, ivsize); ++ authenc_chain(cipher, src, vsrc == iv + ivsize); ++ src = cipher; ++ } + +- return crypto_authenc_verify(req, cipher, cryptlen + ivsize); ++ return crypto_authenc_verify(req, src, cryptlen + ivsize); + } + + static int crypto_authenc_decrypt(struct aead_request *req) + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:22 2009 +Message-Id: <20090131022922.915873402@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:25 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Jarod Wilson , + Neil Horman , + Herbert Xu +Subject: [patch 37/43] crypto: ccm - Fix handling of null assoc data +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=crypto-ccm-fix-handling-of-null-assoc-data.patch +Content-Length: 3824 +Lines: 81 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Jarod Wilson + +commit 516280e735b034216de97eb7ba080ec6acbfc58f upstream. + +Its a valid use case to have null associated data in a ccm vector, but +this case isn't being handled properly right now. + +The following ccm decryption/verification test vector, using the +rfc4309 implementation regularly triggers a panic, as will any +other vector with null assoc data: + +* key: ab2f8a74b71cd2b1ff802e487d82f8b9 +* iv: c6fb7d800d13abd8a6b2d8 +* Associated Data: [NULL] +* Tag Length: 8 +* input: d5e8939fc7892e2b + +The resulting panic looks like so: + +Unable to handle kernel paging request at ffff810064ddaec0 RIP: + [] :ccm:get_data_to_compute+0x1a6/0x1d6 +PGD 8063 PUD 0 +Oops: 0002 [1] SMP +last sysfs file: /module/libata/version +CPU 0 +Modules linked in: crypto_tester_kmod(U) seqiv krng ansi_cprng chainiv rng ctr aes_generic aes_x86_64 ccm cryptomgr testmgr_cipher testmgr aead crypto_blkcipher crypto_a +lgapi des ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth nfs lockd fscache nfs_acl sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_ +tcpudp iptable_filter ip_tables x_tables dm_mirror dm_log dm_multipath scsi_dh dm_mod video hwmon backlight sbs i2c_ec button battery asus_acpi acpi_memhotplug ac lp sg +snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss joydev snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss ide_cd snd_pcm floppy parport_p +c shpchp e752x_edac snd_timer e1000 i2c_i801 edac_mc snd soundcore snd_page_alloc i2c_core cdrom parport serio_raw pcspkr ata_piix libata sd_mod scsi_mod ext3 jbd uhci_h +cd ohci_hcd ehci_hcd +Pid: 12844, comm: crypto-tester Tainted: G 2.6.18-128.el5.fips1 #1 +RIP: 0010:[] [] :ccm:get_data_to_compute+0x1a6/0x1d6 +RSP: 0018:ffff8100134434e8 EFLAGS: 00010246 +RAX: 0000000000000000 RBX: ffff8100104898b0 RCX: ffffffffab6aea10 +RDX: 0000000000000010 RSI: ffff8100104898c0 RDI: ffff810064ddaec0 +RBP: 0000000000000000 R08: ffff8100104898b0 R09: 0000000000000000 +R10: ffff8100103bac84 R11: ffff8100104898b0 R12: ffff810010489858 +R13: ffff8100104898b0 R14: ffff8100103bac00 R15: 0000000000000000 +FS: 00002ab881adfd30(0000) GS:ffffffff803ac000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b +CR2: ffff810064ddaec0 CR3: 0000000012a88000 CR4: 00000000000006e0 +Process crypto-tester (pid: 12844, threadinfo ffff810013442000, task ffff81003d165860) +Stack: ffff8100103bac00 ffff8100104898e8 ffff8100134436f8 ffffffff00000000 + 0000000000000000 ffff8100104898b0 0000000000000000 ffff810010489858 + 0000000000000000 ffff8100103bac00 ffff8100134436f8 ffffffff8864c634 +Call Trace: + [] :ccm:crypto_ccm_auth+0x12d/0x140 + [] :ccm:crypto_ccm_decrypt+0x161/0x23a + [] :crypto_tester_kmod:cavs_test_rfc4309_ccm+0x4a5/0x559 +[...] + +The above is from a RHEL5-based kernel, but upstream is susceptible too. + +The fix is trivial: in crypto/ccm.c:crypto_ccm_auth(), pctx->ilen contains +whatever was in memory when pctx was allocated if assoclen is 0. The tested +fix is to simply add an else clause setting pctx->ilen to 0 for the +assoclen == 0 case, so that get_data_to_compute() doesn't try doing +things its not supposed to. + +Signed-off-by: Jarod Wilson +Acked-by: Neil Horman +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/ccm.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/crypto/ccm.c ++++ b/crypto/ccm.c +@@ -266,6 +266,8 @@ static int crypto_ccm_auth(struct aead_r + if (assoclen) { + pctx->ilen = format_adata(idata, assoclen); + get_data_to_compute(cipher, pctx, req->assoc, req->assoclen); ++ } else { ++ pctx->ilen = 0; + } + + /* compute plaintext into mac */ + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:23 2009 +Message-Id: <20090131022923.007770551@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:26 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + greg@kroah.com +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Suresh Siddha , + Venkatesh Pallipadi , + Ingo Molnar , + tvignaud@mandriva.com +Subject: [patch 38/43] x86, pat: fix reserve_memtype() for legacy 1MB range +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=fix_reserve_memtype_1MB.patch +Content-Length: 2991 +Lines: 85 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Suresh Siddha + +commit 5cca0cf15a94417f49625ce52e23589eed0a1675 upstream + +Thierry Vignaud reported: +> http://bugzilla.kernel.org/show_bug.cgi?id=12372 +> +> On P4 with an SiS motherboard (video card is a SiS 651) +> X server fails to start with error: +> xf86MapVidMem: Could not mmap framebuffer (0x00000000,0x2000) (Invalid +> argument) + +Here X is trying to map first 8KB of memory using /dev/mem. Existing +code treats first 0-4KB of memory as non-RAM and 4KB-8KB as RAM. Recent +code changes don't allow to map memory with different attributes +at the same time. + +Fix this by treating the first 1MB legacy region as special and always +track the attribute requests with in this region using linear linked +list (and don't bother if the range is RAM or non-RAM or mixed) + +Reported-and-tested-by: Thierry Vignaud +Signed-off-by: Suresh Siddha +Signed-off-by: Venkatesh Pallipadi +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/mm/pat.c | 37 +++++++++++++++++++++++++++---------- + 1 file changed, 27 insertions(+), 10 deletions(-) + +--- a/arch/x86/mm/pat.c ++++ b/arch/x86/mm/pat.c +@@ -333,11 +333,20 @@ int reserve_memtype(u64 start, u64 end, + req_type & _PAGE_CACHE_MASK); + } + +- is_range_ram = pagerange_is_ram(start, end); +- if (is_range_ram == 1) +- return reserve_ram_pages_type(start, end, req_type, new_type); +- else if (is_range_ram < 0) +- return -EINVAL; ++ /* ++ * For legacy reasons, some parts of the physical address range in the ++ * legacy 1MB region is treated as non-RAM (even when listed as RAM in ++ * the e820 tables). So we will track the memory attributes of this ++ * legacy 1MB region using the linear memtype_list always. ++ */ ++ if (end >= ISA_END_ADDRESS) { ++ is_range_ram = pagerange_is_ram(start, end); ++ if (is_range_ram == 1) ++ return reserve_ram_pages_type(start, end, req_type, ++ new_type); ++ else if (is_range_ram < 0) ++ return -EINVAL; ++ } + + new = kmalloc(sizeof(struct memtype), GFP_KERNEL); + if (!new) +@@ -437,11 +446,19 @@ int free_memtype(u64 start, u64 end) + if (is_ISA_range(start, end - 1)) + return 0; + +- is_range_ram = pagerange_is_ram(start, end); +- if (is_range_ram == 1) +- return free_ram_pages_type(start, end); +- else if (is_range_ram < 0) +- return -EINVAL; ++ /* ++ * For legacy reasons, some parts of the physical address range in the ++ * legacy 1MB region is treated as non-RAM (even when listed as RAM in ++ * the e820 tables). So we will track the memory attributes of this ++ * legacy 1MB region using the linear memtype_list always. ++ */ ++ if (end >= ISA_END_ADDRESS) { ++ is_range_ram = pagerange_is_ram(start, end); ++ if (is_range_ram == 1) ++ return free_ram_pages_type(start, end); ++ else if (is_range_ram < 0) ++ return -EINVAL; ++ } + + spin_lock(&memtype_lock); + list_for_each_entry(entry, &memtype_list, nd) { + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:23 2009 +Message-Id: <20090131022923.125156495@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:27 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + greg@kroah.com +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Suresh Siddha , + Venkatesh Pallipadi , + Ingo Molnar , + Daniel.Beschorner@facton.com, + pageexec@freemail.hu +Subject: [patch 39/43] x86, pat: fix PTE corruption issue while mapping RAM using /dev/mem +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=x86-pat-fix-pte-corruption-issue-while-mapping-ram-using-dev-mem.patch +Content-Length: 2114 +Lines: 63 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Suresh Siddha + +commit 9597134218300c045cf219be3664615e97cb239c upstream. + +Beschorner Daniel reported: +> hwinfo problem since 2.6.28, showing this in the oops: +> Corrupted page table at address 7fd04de3ec00 + +Also, PaX Team reported a regression with this commit: + +> commit 9542ada803198e6eba29d3289abb39ea82047b92 +> Author: Suresh Siddha +> Date: Wed Sep 24 08:53:33 2008 -0700 +> +> x86: track memtype for RAM in page struct + +This commit breaks mapping any RAM page through /dev/mem, as the +reserve_memtype() was not initializing the return attribute type and as such +corrupting the PTE entry that was setup with the return attribute type. + +Because of this bug, application mapping this RAM page through /dev/mem +will die with "Corrupted page table at address xxxx" message in the kernel +log and also the kernel identity mapping which maps the underlying RAM +page gets converted to UC. + +Fix this by initializing the return attribute type before calling +reserve_ram_pages_type() + +Reported-by: PaX Team +Reported-and-tested-by: Beschorner Daniel +Tested-and-Acked-by: PaX Team +Signed-off-by: Suresh Siddha +Signed-off-by: Venkatesh Pallipadi +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/mm/pat.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/arch/x86/mm/pat.c ++++ b/arch/x86/mm/pat.c +@@ -333,6 +333,9 @@ int reserve_memtype(u64 start, u64 end, + req_type & _PAGE_CACHE_MASK); + } + ++ if (new_type) ++ *new_type = actual_type ++ + /* + * For legacy reasons, some parts of the physical address range in the + * legacy 1MB region is treated as non-RAM (even when listed as RAM in +@@ -356,9 +359,6 @@ int reserve_memtype(u64 start, u64 end, + new->end = end; + new->type = actual_type; + +- if (new_type) +- *new_type = actual_type; +- + spin_lock(&memtype_lock); + + if (cached_entry && start >= cached_start) + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:23 2009 +Message-Id: <20090131022923.242308473@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:28 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Jiri Slaby , + Jesse Barnes +Subject: [patch 40/43] PCI hotplug: fix lock imbalance in pciehp +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=pci-hotplug-fix-lock-imbalance-in-pciehp.patch +Content-Length: 1108 +Lines: 34 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Jiri Slaby + +commit c2fdd36b550659f5ac2240d1f5a83ffa1a092289 upstream. + +set_lock_status omits mutex_unlock in fail path. Add the omitted +unlock. + +As a result a lockup caused by this can be triggered from userspace +by writing 1 to /sys/bus/pci/slots/.../lock often enough. + +Signed-off-by: Jiri Slaby +Reviewed-by: Kenji Kaneshige +Signed-off-by: Jesse Barnes +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/hotplug/pciehp_core.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/pci/hotplug/pciehp_core.c ++++ b/drivers/pci/hotplug/pciehp_core.c +@@ -126,8 +126,10 @@ static int set_lock_status(struct hotplu + mutex_lock(&slot->ctrl->crit_sect); + + /* has it been >1 sec since our last toggle? */ +- if ((get_seconds() - slot->last_emi_toggle) < 1) ++ if ((get_seconds() - slot->last_emi_toggle) < 1) { ++ mutex_unlock(&slot->ctrl->crit_sect); + return -EINVAL; ++ } + + /* see what our current state is */ + retval = get_lock_status(hotplug_slot, &value); + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:23 2009 +Message-Id: <20090131022923.362416684@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:29 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + Greg KH +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Dan Williams , + wd@denx.de, + Yuri Tikhonov +Subject: [patch 41/43] dmaengine: fix dependency chaining +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=dmaengine-fix-dependency-chaining.patch +Content-Length: 1110 +Lines: 35 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Yuri Tikhonov + +commit dd59b8537f6cb53ab863fafad86a5828f1e889a2 upstream + + + ASYNC_TX: fix dependency chaining + + In ASYNC_TX we track the dependencies between the descriptors +using the 'next' pointers of the structures. These pointers are +set to NULL as soon as the corresponding descriptor has been +submitted to the channel (in async_tx_run_dependencies()). + But, the first 'next' in chain still remains set, regardless +the fact, that tx->next is already submitted. This may lead to +multiple submisions of the same descriptor. This patch fixes this. + +Signed-off-by: Yuri Tikhonov +Signed-off-by: Dan Williams +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/async_tx/async_tx.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/crypto/async_tx/async_tx.c ++++ b/crypto/async_tx/async_tx.c +@@ -124,6 +124,8 @@ void async_tx_run_dependencies(struct dm + if (!dep) + return; + ++ /* we'll submit tx->next now, so clear the link */ ++ tx->next = NULL; + chan = dep->chan; + + /* keep submitting up until a channel switch is detected + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:23 2009 +Message-Id: <20090131022923.484456694@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:30 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Jiri Slaby , + "David S. Miller" +Subject: [patch 42/43] NET: net_namespace, fix lock imbalance +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=net-net_namespace-fix-lock-imbalance.patch +Content-Length: 735 +Lines: 28 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Jiri Slaby + +commit 357f5b0b91054ae23385ea4b0634bb8b43736e83 upstream. + +register_pernet_gen_subsys omits mutex_unlock in one fail path. +Fix it. + +Signed-off-by: Jiri Slaby +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + net/core/net_namespace.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/core/net_namespace.c ++++ b/net/core/net_namespace.c +@@ -342,8 +342,8 @@ again: + rv = register_pernet_operations(first_device, ops); + if (rv < 0) + ida_remove(&net_generic_ids, *id); +- mutex_unlock(&net_mutex); + out: ++ mutex_unlock(&net_mutex); + return rv; + } + EXPORT_SYMBOL_GPL(register_pernet_gen_subsys); + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:23 2009 +Message-Id: <20090131022923.604359437@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:26:31 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Jiri Slaby , + Ingo Molnar +Subject: [patch 43/43] relay: fix lock imbalance in relay_late_setup_files +References: <20090131022548.656772939@mini.kroah.org> +Content-Disposition: inline; filename=relay-fix-lock-imbalance-in-relay_late_setup_files.patch +Content-Length: 745 +Lines: 27 + +2.6.28-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Jiri Slaby + +commit b786c6a98ef6fa81114ba7b9fbfc0d67060775e3 upstream. + +One fail path in relay_late_setup_files() omits +mutex_unlock(&relay_channels_mutex); +Add it. + +Signed-off-by: Jiri Slaby +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- a/kernel/relay.c ++++ b/kernel/relay.c +@@ -663,8 +663,10 @@ int relay_late_setup_files(struct rchan *chan, + + mutex_lock(&relay_channels_mutex); + /* Is chan already set up? */ +- if (unlikely(chan->has_base_filename)) ++ if (unlikely(chan->has_base_filename)) { ++ mutex_unlock(&relay_channels_mutex); + return -EEXIST; ++ } + chan->has_base_filename = 1; + chan->parent = parent; + curr_cpu = get_cpu(); + + +From gregkh@mini.kroah.org Fri Jan 30 18:29:18 2009 +Message-Id: <20090131022548.656772939@mini.kroah.org> +User-Agent: quilt/0.47-1 +Date: Fri, 30 Jan 2009 18:25:48 -0800 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + Willy Tarreau , + Rodrigo Rubira Branco , + Jake Edge , + Eugene Teo , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk +Subject: [patch 00/43] 2.6.28-stable review +Status: RO +Content-Length: 3860 +Lines: 82 + + +This is the start of the stable review cycle for the 2.6.28.3 release. +There are 43 patches in this series, all will be posted as a response +to this one. If anyone has any issues with these being applied, please +let us know. If anyone is a maintainer of the proper subsystem, and +wants to add a Signed-off-by: line to the patch, please respond with it. + +Note, there still are some more .28 patches pending for the -stable +releases, but I wanted to get this release out now to fix the major +problems that have recently been found. + +If you have sent patches to be included in .28, and you don't see them +here, please feel free to just drop stable@kernel.org a message with the +git commit ids to make sure they end up in the next release. + +These patches are sent out with a number of different people on the Cc: +line. If you wish to be a reviewer, please email stable@kernel.org to +add your name to the list. If you want to be off the reviewer list, +also email us. + +Responses should be made by Monday, February 2, 00:00:00 UTC. Anything +received after that time might be too late. + +The whole patch series can be found in one patch at: + kernel.org/pub/linux/kernel/v2.6/stable-review/patch-2.6.28.3-rc1.gz +and the diffstat can be found below. + + +thanks, + +greg k-h + + Makefile | 2 +- + arch/alpha/kernel/irq_srm.c | 2 + + arch/x86/include/asm/pgalloc.h | 1 + + arch/x86/mm/pageattr.c | 49 ++++++++---- + arch/x86/mm/pat.c | 43 +++++++--- + crypto/async_tx/async_tx.c | 2 + + crypto/authenc.c | 24 ++++-- + crypto/ccm.c | 2 + + drivers/ata/pata_via.c | 22 ++++- + drivers/gpio/gpiolib.c | 1 + + drivers/gpu/drm/drm_agpsupport.c | 3 +- + drivers/ide/it821x.c | 12 +++ + drivers/misc/sgi-xp/xpc_sn2.c | 19 +++-- + drivers/misc/sgi-xp/xpc_uv.c | 2 +- + drivers/net/bnx2x_main.c | 3 + + drivers/net/wireless/ath5k/base.c | 10 ++- + drivers/net/wireless/rtl8187_dev.c | 1 + + drivers/net/wireless/rtl8187_rtl8225.c | 10 ++- + drivers/pci/hotplug/pciehp_core.c | 4 +- + drivers/serial/8250_pci.c | 3 + + drivers/usb/core/devio.c | 20 +++-- + drivers/usb/core/driver.c | 2 +- + drivers/usb/core/hub.c | 4 +- + drivers/usb/core/inode.c | 1 - + drivers/usb/core/message.c | 40 ++++++---- + drivers/usb/core/usb.h | 6 +- + drivers/usb/mon/mon_bin.c | 105 ++++++++++++++++--------- + drivers/usb/storage/unusual_devs.h | 6 ++ + fs/eventpoll.c | 22 +---- + fs/ext3/namei.c | 20 ++++-- + fs/fuse/dev.c | 3 +- + fs/fuse/file.c | 2 +- + fs/fuse/inode.c | 10 ++- + fs/inotify_user.c | 135 +++++++++++++++++-------------- + fs/sysfs/bin.c | 6 ++ + include/linux/Kbuild | 1 + + include/linux/klist.h | 2 +- + include/linux/pci_ids.h | 6 ++ + include/linux/sched.h | 1 - + kernel/relay.c | 4 +- + kernel/resource.c | 9 ++ + mm/mmap.c | 9 ++- + mm/vmalloc.c | 11 +++ + net/core/net_namespace.c | 2 +- + net/mac80211/tx.c | 6 +- + sound/pci/hda/patch_conexant.c | 1 + + sound/pci/hda/patch_realtek.c | 1 + + sound/pci/hda/patch_sigmatel.c | 2 + + sound/pci/oxygen/virtuoso.c | 1 + + 49 files changed, 427 insertions(+), 226 deletions(-) +