From: Greg Kroah-Hartman Date: Tue, 20 Nov 2007 18:35:26 +0000 (-0800) Subject: start 2.6.23 review cycle X-Git-Tag: v2.6.22.14~1 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=9681bde314c680c87c125c061416786e401afe89;p=thirdparty%2Fkernel%2Fstable-queue.git start 2.6.23 review cycle --- diff --git a/queue-2.6.23/acpi-video-adjust-current-level-to-closest-available-one.patch b/review-2.6.23/acpi-video-adjust-current-level-to-closest-available-one.patch similarity index 100% rename from queue-2.6.23/acpi-video-adjust-current-level-to-closest-available-one.patch rename to review-2.6.23/acpi-video-adjust-current-level-to-closest-available-one.patch diff --git a/queue-2.6.23/dmaengine-fix-broken-device-refcounting.patch b/review-2.6.23/dmaengine-fix-broken-device-refcounting.patch similarity index 100% rename from queue-2.6.23/dmaengine-fix-broken-device-refcounting.patch rename to review-2.6.23/dmaengine-fix-broken-device-refcounting.patch diff --git a/queue-2.6.23/drivers-video-ps3fb-fix-memset-size-error.patch b/review-2.6.23/drivers-video-ps3fb-fix-memset-size-error.patch similarity index 100% rename from queue-2.6.23/drivers-video-ps3fb-fix-memset-size-error.patch rename to review-2.6.23/drivers-video-ps3fb-fix-memset-size-error.patch diff --git a/queue-2.6.23/fix-divide-by-zero-in-the-2.6.23-scheduler-code.patch b/review-2.6.23/fix-divide-by-zero-in-the-2.6.23-scheduler-code.patch similarity index 100% rename from queue-2.6.23/fix-divide-by-zero-in-the-2.6.23-scheduler-code.patch rename to review-2.6.23/fix-divide-by-zero-in-the-2.6.23-scheduler-code.patch diff --git a/queue-2.6.23/geode-fix-not-inplace-encryption.patch b/review-2.6.23/geode-fix-not-inplace-encryption.patch similarity index 100% rename from queue-2.6.23/geode-fix-not-inplace-encryption.patch rename to review-2.6.23/geode-fix-not-inplace-encryption.patch diff --git a/queue-2.6.23/i2c-eeprom-hide-sony-vaio-serial-numbers.patch b/review-2.6.23/i2c-eeprom-hide-sony-vaio-serial-numbers.patch similarity index 100% rename from queue-2.6.23/i2c-eeprom-hide-sony-vaio-serial-numbers.patch rename to review-2.6.23/i2c-eeprom-hide-sony-vaio-serial-numbers.patch diff --git a/queue-2.6.23/i2c-eeprom-recognize-vgn-as-a-valid-sony-vaio-name-prefix.patch b/review-2.6.23/i2c-eeprom-recognize-vgn-as-a-valid-sony-vaio-name-prefix.patch similarity index 100% rename from queue-2.6.23/i2c-eeprom-recognize-vgn-as-a-valid-sony-vaio-name-prefix.patch rename to review-2.6.23/i2c-eeprom-recognize-vgn-as-a-valid-sony-vaio-name-prefix.patch diff --git a/queue-2.6.23/i2c-pasemi-fix-nack-detection.patch b/review-2.6.23/i2c-pasemi-fix-nack-detection.patch similarity index 100% rename from queue-2.6.23/i2c-pasemi-fix-nack-detection.patch rename to review-2.6.23/i2c-pasemi-fix-nack-detection.patch diff --git a/queue-2.6.23/ipw2200-batch-non-user-requested-scan-result-notifications.patch b/review-2.6.23/ipw2200-batch-non-user-requested-scan-result-notifications.patch similarity index 100% rename from queue-2.6.23/ipw2200-batch-non-user-requested-scan-result-notifications.patch rename to review-2.6.23/ipw2200-batch-non-user-requested-scan-result-notifications.patch diff --git a/queue-2.6.23/knfsd-fix-spurious-einval-errors-on-first-access-of-new-filesystem.patch b/review-2.6.23/knfsd-fix-spurious-einval-errors-on-first-access-of-new-filesystem.patch similarity index 100% rename from queue-2.6.23/knfsd-fix-spurious-einval-errors-on-first-access-of-new-filesystem.patch rename to review-2.6.23/knfsd-fix-spurious-einval-errors-on-first-access-of-new-filesystem.patch diff --git a/queue-2.6.23/libata-sata_sis-use-correct-s-g-table-size.patch b/review-2.6.23/libata-sata_sis-use-correct-s-g-table-size.patch similarity index 100% rename from queue-2.6.23/libata-sata_sis-use-correct-s-g-table-size.patch rename to review-2.6.23/libata-sata_sis-use-correct-s-g-table-size.patch diff --git a/queue-2.6.23/libcrc32c-keep-intermediate-crc-state-in-cpu-order.patch b/review-2.6.23/libcrc32c-keep-intermediate-crc-state-in-cpu-order.patch similarity index 100% rename from queue-2.6.23/libcrc32c-keep-intermediate-crc-state-in-cpu-order.patch rename to review-2.6.23/libcrc32c-keep-intermediate-crc-state-in-cpu-order.patch diff --git a/review-2.6.23/mbox b/review-2.6.23/mbox new file mode 100644 index 00000000000..1897af62dbe --- /dev/null +++ b/review-2.6.23/mbox @@ -0,0 +1,2920 @@ +From gregkh@mini.kroah.org Tue Nov 20 10:19:50 2007 +Message-Id: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:33 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk +Subject: [patch 00/29] 2.6.23-stable review +Content-Length: 894 +Lines: 21 + +This is the start of the stable review cycle for the 2.6.23.9 release. +There are 29 patches in this series, all will be posted as a response to +this one. If anyone has any issues with these being applied, please let +us know. If anyone is a maintainer of the proper subsystem, and wants +to add a Signed-off-by: line to the patch, please respond with it. + +I would especially like people who experienced the softlockup messages +in their kernel logs on 2.6.23.8 to test this series to make sure that +everything is now working properly. + +These patches are sent out with a number of different people on the Cc: +line. If you wish to be a reviewer, please email stable@kernel.org to +add your name to the list. If you want to be off the reviewer list, +also email us. + +Responses should be made by Friday, Nov 23, 00:00:00 UTC. Anything +received after that time might be too late. + +thanks, + +greg k-h + +From gregkh@mini.kroah.org Tue Nov 20 10:19:50 2007 +Message-Id: <20071120181950.063004216@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:34 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Olof Johansson , + Jean Delvare +Subject: [patch 01/29] i2c-pasemi: Fix NACK detection +Content-Disposition: inline; filename=i2c-pasemi-fix-nack-detection.patch +Content-Length: 1248 +Lines: 44 + +2.6.23-stable review patch. If anyone has any objections, please let us know. + +------------------ +From: Jean Delvare + +patch be8a1f7cd4501c3b4b32543577a33aee6d2193ac in mainline. + +Turns out we don't actually check the status to see if there was a +device out there to talk to, just if we had a timeout when doing so. + +Add the proper check, so we don't falsly think there are devices +on the bus that are not there, etc. + +Signed-off-by: Olof Johansson +Signed-off-by: Jean Delvare +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/i2c/busses/i2c-pasemi.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/i2c/busses/i2c-pasemi.c ++++ b/drivers/i2c/busses/i2c-pasemi.c +@@ -51,6 +51,7 @@ struct pasemi_smbus { + #define MRXFIFO_DATA_M 0x000000ff + + #define SMSTA_XEN 0x08000000 ++#define SMSTA_MTN 0x00200000 + + #define CTL_MRR 0x00000400 + #define CTL_MTR 0x00000200 +@@ -98,6 +99,10 @@ static unsigned int pasemi_smb_waitready + status = reg_read(smbus, REG_SMSTA); + } + ++ /* Got NACK? */ ++ if (status & SMSTA_MTN) ++ return -ENXIO; ++ + if (timeout < 0) { + dev_warn(&smbus->dev->dev, "Timeout, status 0x%08x\n", status); + reg_write(smbus, REG_SMSTA, status); + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:50 2007 +Message-Id: <20071120181950.224306604@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:35 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Jean Delvare +Subject: [patch 02/29] i2c/eeprom: Recognize VGN as a valid Sony Vaio name prefix +Content-Disposition: inline; filename=i2c-eeprom-recognize-vgn-as-a-valid-sony-vaio-name-prefix.patch +Content-Length: 1720 +Lines: 50 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Jean Delvare + +patch 8b925a3dd8a4d7451092cb9aa11da727ba69e0f0 in mainline. + +Recent (i.e. 2005 and later) Sony Vaio laptops have names beginning +with VGN rather than PCG. Update the eeprom driver so that it +recognizes these. + +Why this matters: the eeprom driver hides private data from the +EEPROMs it recognizes as Vaio EEPROMs (passwords, serial number...) so +if the driver fails to recognize a Vaio EEPROM as such, the private +data is exposed to the world. + +Signed-off-by: Jean Delvare +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/i2c/chips/eeprom.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +--- a/drivers/i2c/chips/eeprom.c ++++ b/drivers/i2c/chips/eeprom.c +@@ -197,12 +197,16 @@ static int eeprom_detect(struct i2c_adap + goto exit_kfree; + + /* Detect the Vaio nature of EEPROMs. +- We use the "PCG-" prefix as the signature. */ ++ We use the "PCG-" or "VGN-" prefix as the signature. */ + if (address == 0x57) { +- if (i2c_smbus_read_byte_data(new_client, 0x80) == 'P' +- && i2c_smbus_read_byte(new_client) == 'C' +- && i2c_smbus_read_byte(new_client) == 'G' +- && i2c_smbus_read_byte(new_client) == '-') { ++ char name[4]; ++ ++ name[0] = i2c_smbus_read_byte_data(new_client, 0x80); ++ name[1] = i2c_smbus_read_byte(new_client); ++ name[2] = i2c_smbus_read_byte(new_client); ++ name[3] = i2c_smbus_read_byte(new_client); ++ ++ if (!memcmp(name, "PCG-", 4) || !memcmp(name, "VGN-", 4)) { + dev_info(&new_client->dev, "Vaio EEPROM detected, " + "enabling password protection\n"); + data->nature = VAIO; + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:50 2007 +Message-Id: <20071120181950.380983069@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:36 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Jean Delvare +Subject: [patch 03/29] i2c/eeprom: Hide Sony Vaio serial numbers +Content-Disposition: inline; filename=i2c-eeprom-hide-sony-vaio-serial-numbers.patch +Content-Length: 2071 +Lines: 63 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Jean Delvare + +patch 0f2cbd38aa377e30df3b7602abed69464d1970aa in mainline. + +The sysfs interface to DMI data takes care to not make the system +serial number and UUID world-readable, presumably due to privacy +concerns. For consistency, we should not let the eeprom driver +export these same strings to the world on Sony Vaio laptops. +Instead, only make them readable by root, as we already do for BIOS +passwords. + +Signed-off-by: Jean Delvare +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/i2c/chips/eeprom.c | 23 +++++++++++++++-------- + 1 file changed, 15 insertions(+), 8 deletions(-) + +--- a/drivers/i2c/chips/eeprom.c ++++ b/drivers/i2c/chips/eeprom.c +@@ -128,13 +128,20 @@ static ssize_t eeprom_read(struct kobjec + for (slice = off >> 5; slice <= (off + count - 1) >> 5; slice++) + eeprom_update_client(client, slice); + +- /* Hide Vaio security settings to regular users (16 first bytes) */ +- if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) { +- size_t in_row1 = 16 - off; +- in_row1 = min(in_row1, count); +- memset(buf, 0, in_row1); +- if (count - in_row1 > 0) +- memcpy(buf + in_row1, &data->data[16], count - in_row1); ++ /* Hide Vaio private settings to regular users: ++ - BIOS passwords: bytes 0x00 to 0x0f ++ - UUID: bytes 0x10 to 0x1f ++ - Serial number: 0xc0 to 0xdf */ ++ if (data->nature == VAIO && !capable(CAP_SYS_ADMIN)) { ++ int i; ++ ++ for (i = 0; i < count; i++) { ++ if ((off + i <= 0x1f) || ++ (off + i >= 0xc0 && off + i <= 0xdf)) ++ buf[i] = 0; ++ else ++ buf[i] = data->data[off + i]; ++ } + } else { + memcpy(buf, &data->data[off], count); + } +@@ -208,7 +215,7 @@ static int eeprom_detect(struct i2c_adap + + if (!memcmp(name, "PCG-", 4) || !memcmp(name, "VGN-", 4)) { + dev_info(&new_client->dev, "Vaio EEPROM detected, " +- "enabling password protection\n"); ++ "enabling privacy protection\n"); + data->nature = VAIO; + } + } + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:50 2007 +Message-Id: <20071120181950.537809912@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:37 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + torvalds@linux-foundation.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Geert.Uytterhoeven@sonycom.com, + lizf@cn.fujitsu.com +Subject: [patch 04/29] drivers/video/ps3fb: fix memset size error +Content-Disposition: inline; filename=drivers-video-ps3fb-fix-memset-size-error.patch +Content-Length: 914 +Lines: 35 + + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Li Zefan + +patch 3cc2c17700c98b0af778566b0af6292b23b01430 in mainline. + +The size passing to memset is wrong. + +Signed-off-by Li Zefan +Acked-by: Geert Uytterhoeven +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + + +--- + drivers/video/ps3fb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/video/ps3fb.c ++++ b/drivers/video/ps3fb.c +@@ -659,7 +659,7 @@ static int ps3fb_blank(int blank, struct + + static int ps3fb_get_vblank(struct fb_vblank *vblank) + { +- memset(vblank, 0, sizeof(&vblank)); ++ memset(vblank, 0, sizeof(*vblank)); + vblank->flags = FB_VBLANK_HAVE_VSYNC; + return 0; + } + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:50 2007 +Message-Id: <20071120181950.694036505@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:38 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + torvalds@linux-foundation.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + phil.el@wanadoo.fr, + safari-kernel@safari.iki.fi +Subject: [patch 05/29] oProfile: oops when profile_pc() returns ~0LU +Content-Disposition: inline; filename=oprofile-oops-when-profile_pc-returns-0lu.patch +Content-Length: 2726 +Lines: 85 + + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Philippe Elie + +patch df9d177aa28d50e64bae6fbd6b263833079e3571 in mainline. + +Instruction pointer returned by profile_pc() can be a random value. This +break the assumption than we can safely set struct op_sample.eip field to a +magic value to signal to the per-cpu buffer reader side special event like +task switch ending up in a segfault in get_task_mm() when profile_pc() +return ~0UL. Fixed by sanitizing the sampled eip and reject/log invalid +eip. + +Problem reported by Sami Farin, patch tested by him. + +Signed-off-by: Philippe Elie +Tested-by: Sami Farin +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/oprofile/cpu_buffer.c | 7 +++++++ + drivers/oprofile/cpu_buffer.h | 1 + + drivers/oprofile/oprofile_stats.c | 4 ++++ + 3 files changed, 12 insertions(+) + +--- a/drivers/oprofile/cpu_buffer.c ++++ b/drivers/oprofile/cpu_buffer.c +@@ -64,6 +64,8 @@ int alloc_cpu_buffers(void) + b->head_pos = 0; + b->sample_received = 0; + b->sample_lost_overflow = 0; ++ b->backtrace_aborted = 0; ++ b->sample_invalid_eip = 0; + b->cpu = i; + INIT_DELAYED_WORK(&b->work, wq_sync_buffer); + } +@@ -175,6 +177,11 @@ static int log_sample(struct oprofile_cp + + cpu_buf->sample_received++; + ++ if (pc == ESCAPE_CODE) { ++ cpu_buf->sample_invalid_eip++; ++ return 0; ++ } ++ + if (nr_available_slots(cpu_buf) < 3) { + cpu_buf->sample_lost_overflow++; + return 0; +--- a/drivers/oprofile/cpu_buffer.h ++++ b/drivers/oprofile/cpu_buffer.h +@@ -42,6 +42,7 @@ struct oprofile_cpu_buffer { + unsigned long sample_received; + unsigned long sample_lost_overflow; + unsigned long backtrace_aborted; ++ unsigned long sample_invalid_eip; + int cpu; + struct delayed_work work; + } ____cacheline_aligned; +--- a/drivers/oprofile/oprofile_stats.c ++++ b/drivers/oprofile/oprofile_stats.c +@@ -26,6 +26,8 @@ void oprofile_reset_stats(void) + cpu_buf = &cpu_buffer[i]; + cpu_buf->sample_received = 0; + cpu_buf->sample_lost_overflow = 0; ++ cpu_buf->backtrace_aborted = 0; ++ cpu_buf->sample_invalid_eip = 0; + } + + atomic_set(&oprofile_stats.sample_lost_no_mm, 0); +@@ -61,6 +63,8 @@ void oprofile_create_stats_files(struct + &cpu_buf->sample_lost_overflow); + oprofilefs_create_ro_ulong(sb, cpudir, "backtrace_aborted", + &cpu_buf->backtrace_aborted); ++ oprofilefs_create_ro_ulong(sb, cpudir, "sample_invalid_eip", ++ &cpu_buf->sample_invalid_eip); + } + + oprofilefs_create_ro_atomic(sb, dir, "sample_lost_no_mm", + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:50 2007 +Message-Id: <20071120181950.850656256@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:39 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + torvalds@linux-foundation.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + joel.bertrand@systella.fr, + neilb@suse.de, + dan.j.williams@intel.com +Subject: [patch 06/29] raid5: fix unending write sequence +Content-Disposition: inline; filename=raid5-fix-unending-write-sequence.patch +Content-Length: 4258 +Lines: 112 + + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Dan Williams + +patch 6c55be8b962f1bdc592d579e81fc27b11ea53dfc in mainline. + + +handling stripe 7629696, state=0x14 cnt=1, pd_idx=2 ops=0:0:0 +check 5: state 0x6 toread 0000000000000000 read 0000000000000000 write fffff800ffcffcc0 written 0000000000000000 +check 4: state 0x6 toread 0000000000000000 read 0000000000000000 write fffff800fdd4e360 written 0000000000000000 +check 3: state 0x1 toread 0000000000000000 read 0000000000000000 write 0000000000000000 written 0000000000000000 +check 2: state 0x1 toread 0000000000000000 read 0000000000000000 write 0000000000000000 written 0000000000000000 +check 1: state 0x6 toread 0000000000000000 read 0000000000000000 write fffff800ff517e40 written 0000000000000000 +check 0: state 0x6 toread 0000000000000000 read 0000000000000000 write fffff800fd4cae60 written 0000000000000000 +locked=4 uptodate=2 to_read=0 to_write=4 failed=0 failed_num=0 +for sector 7629696, rmw=0 rcw=0 + + +These blocks were prepared to be written out, but were never handled in +ops_run_biodrain(), so they remain locked forever. The operations flags +are all clear which means handle_stripe() thinks nothing else needs to be +done. + +This state suggests that the STRIPE_OP_PREXOR bit was sampled 'set' when it +should not have been. This patch cleans up cases where the code looks at +sh->ops.pending when it should be looking at the consistent stack-based +snapshot of the operations flags. + +Report from Joel: + Resync done. Patch fix this bug. + +Signed-off-by: Dan Williams +Tested-by: Joel Bertrand +Cc: +Cc: Neil Brown +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/raid5.c | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) + +--- a/drivers/md/raid5.c ++++ b/drivers/md/raid5.c +@@ -689,7 +689,8 @@ ops_run_prexor(struct stripe_head *sh, s + } + + static struct dma_async_tx_descriptor * +-ops_run_biodrain(struct stripe_head *sh, struct dma_async_tx_descriptor *tx) ++ops_run_biodrain(struct stripe_head *sh, struct dma_async_tx_descriptor *tx, ++ unsigned long pending) + { + int disks = sh->disks; + int pd_idx = sh->pd_idx, i; +@@ -697,7 +698,7 @@ ops_run_biodrain(struct stripe_head *sh, + /* check if prexor is active which means only process blocks + * that are part of a read-modify-write (Wantprexor) + */ +- int prexor = test_bit(STRIPE_OP_PREXOR, &sh->ops.pending); ++ int prexor = test_bit(STRIPE_OP_PREXOR, &pending); + + pr_debug("%s: stripe %llu\n", __FUNCTION__, + (unsigned long long)sh->sector); +@@ -774,7 +775,8 @@ static void ops_complete_write(void *str + } + + static void +-ops_run_postxor(struct stripe_head *sh, struct dma_async_tx_descriptor *tx) ++ops_run_postxor(struct stripe_head *sh, struct dma_async_tx_descriptor *tx, ++ unsigned long pending) + { + /* kernel stack size limits the total number of disks */ + int disks = sh->disks; +@@ -782,7 +784,7 @@ ops_run_postxor(struct stripe_head *sh, + + int count = 0, pd_idx = sh->pd_idx, i; + struct page *xor_dest; +- int prexor = test_bit(STRIPE_OP_PREXOR, &sh->ops.pending); ++ int prexor = test_bit(STRIPE_OP_PREXOR, &pending); + unsigned long flags; + dma_async_tx_callback callback; + +@@ -809,7 +811,7 @@ ops_run_postxor(struct stripe_head *sh, + } + + /* check whether this postxor is part of a write */ +- callback = test_bit(STRIPE_OP_BIODRAIN, &sh->ops.pending) ? ++ callback = test_bit(STRIPE_OP_BIODRAIN, &pending) ? + ops_complete_write : ops_complete_postxor; + + /* 1/ if we prexor'd then the dest is reused as a source +@@ -897,12 +899,12 @@ static void raid5_run_ops(struct stripe_ + tx = ops_run_prexor(sh, tx); + + if (test_bit(STRIPE_OP_BIODRAIN, &pending)) { +- tx = ops_run_biodrain(sh, tx); ++ tx = ops_run_biodrain(sh, tx, pending); + overlap_clear++; + } + + if (test_bit(STRIPE_OP_POSTXOR, &pending)) +- ops_run_postxor(sh, tx); ++ ops_run_postxor(sh, tx, pending); + + if (test_bit(STRIPE_OP_CHECK, &pending)) + ops_run_check(sh); + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:51 2007 +Message-Id: <20071120181951.004886951@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:40 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + Linus Torvalds +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Roland , + Neil Brown , + "J. Bruce Fields" , + nfs@lists.sourceforge.net, + Andreas Gruenbacher +Subject: [patch 07/29] knfsd: fix spurious EINVAL errors on first access of new filesystem +Content-Disposition: inline; filename=knfsd-fix-spurious-einval-errors-on-first-access-of-new-filesystem.patch +Content-Length: 1730 +Lines: 52 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: J. Bruce Fields + +patch ac8587dcb58e40dd336d99d60f852041e06cc3dd in mainline. + +The v2/v3 acl code in nfsd is translating any return from fh_verify() to +nfserr_inval. This is particularly unfortunate in the case of an +nfserr_dropit return, which is an internal error meant to indicate to +callers that this request has been deferred and should just be dropped +pending the results of an upcall to mountd. + +Thanks to Roland for bug report and data collection. + +Cc: Roland +Acked-by: Andreas Gruenbacher +Signed-off-by: J. Bruce Fields +Reviewed-By: NeilBrown +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs2acl.c | 2 +- + fs/nfsd/nfs3acl.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/nfsd/nfs2acl.c ++++ b/fs/nfsd/nfs2acl.c +@@ -41,7 +41,7 @@ static __be32 nfsacld_proc_getacl(struct + + fh = fh_copy(&resp->fh, &argp->fh); + if ((nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP))) +- RETURN_STATUS(nfserr_inval); ++ RETURN_STATUS(nfserr); + + if (argp->mask & ~(NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT)) + RETURN_STATUS(nfserr_inval); +--- a/fs/nfsd/nfs3acl.c ++++ b/fs/nfsd/nfs3acl.c +@@ -37,7 +37,7 @@ static __be32 nfsd3_proc_getacl(struct s + + fh = fh_copy(&resp->fh, &argp->fh); + if ((nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP))) +- RETURN_STATUS(nfserr_inval); ++ RETURN_STATUS(nfserr); + + if (argp->mask & ~(NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT)) + RETURN_STATUS(nfserr_inval); + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:51 2007 +Message-Id: <20071120181951.158359614@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:41 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + Linus Torvalds +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Neil Brown , + "J. Bruce Fields" , + nfs@lists.sourceforge.net +Subject: [patch 08/29] nfsd4: recheck for secure ports in fh_verify +Content-Disposition: inline; filename=nfsd4-recheck-for-secure-ports-in-fh_verify.patch +Content-Length: 3429 +Lines: 109 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: J. Bruce Fields + +patch 6fa02839bf9412e18e773d04e96182b4cd0b5d57 in mainline. + +As with + + 7fc90ec93a5eb71f4b08... "call nfsd_setuser() on fh_compose()..." + +this is a case where we need to redo a security check in fh_verify() +even though the filehandle already has an associated dentry--if the +filehandle was created by fh_compose() in an earlier operation of the +nfsv4 compound, then we may not have done these checks yet. + +Without this fix it is possible, for example, to traverse from an export +without the secure ports requirement to one with it in a single +compound, and bypass the secure port check on the new export. + +While we're here, fix up some minor style problems and change a printk() +to a dprintk(), to make it harder for random unprivileged users to spam +the logs. + +Signed-off-by: J. Bruce Fields +Reviewed-By: NeilBrown +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfsfh.c | 43 ++++++++++++++++++++++++++----------------- + 1 file changed, 26 insertions(+), 17 deletions(-) + +--- a/fs/nfsd/nfsfh.c ++++ b/fs/nfsd/nfsfh.c +@@ -95,6 +95,22 @@ nfsd_mode_check(struct svc_rqst *rqstp, + return 0; + } + ++static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp, ++ struct svc_export *exp) ++{ ++ /* Check if the request originated from a secure port. */ ++ if (!rqstp->rq_secure && EX_SECURE(exp)) { ++ char buf[RPC_MAX_ADDRBUFLEN]; ++ dprintk(KERN_WARNING ++ "nfsd: request from insecure port %s!\n", ++ svc_print_addr(rqstp, buf, sizeof(buf))); ++ return nfserr_perm; ++ } ++ ++ /* Set user creds for this exportpoint */ ++ return nfserrno(nfsd_setuser(rqstp, exp)); ++} ++ + /* + * Perform sanity checks on the dentry in a client's file handle. + * +@@ -167,18 +183,7 @@ fh_verify(struct svc_rqst *rqstp, struct + goto out; + } + +- /* Check if the request originated from a secure port. */ +- error = nfserr_perm; +- if (!rqstp->rq_secure && EX_SECURE(exp)) { +- char buf[RPC_MAX_ADDRBUFLEN]; +- printk(KERN_WARNING +- "nfsd: request from insecure port %s!\n", +- svc_print_addr(rqstp, buf, sizeof(buf))); +- goto out; +- } +- +- /* Set user creds for this exportpoint */ +- error = nfserrno(nfsd_setuser(rqstp, exp)); ++ error = nfsd_setuser_and_check_port(rqstp, exp); + if (error) + goto out; + +@@ -227,18 +232,22 @@ fh_verify(struct svc_rqst *rqstp, struct + fhp->fh_export = exp; + nfsd_nr_verified++; + } else { +- /* just rechecking permissions +- * (e.g. nfsproc_create calls fh_verify, then nfsd_create does as well) ++ /* ++ * just rechecking permissions ++ * (e.g. nfsproc_create calls fh_verify, then nfsd_create ++ * does as well) + */ + dprintk("nfsd: fh_verify - just checking\n"); + dentry = fhp->fh_dentry; + exp = fhp->fh_export; +- /* Set user creds for this exportpoint; necessary even ++ /* ++ * Set user creds for this exportpoint; necessary even + * in the "just checking" case because this may be a + * filehandle that was created by fh_compose, and that + * is about to be used in another nfsv4 compound +- * operation */ +- error = nfserrno(nfsd_setuser(rqstp, exp)); ++ * operation. ++ */ ++ error = nfsd_setuser_and_check_port(rqstp, exp); + if (error) + goto out; + } + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:51 2007 +Message-Id: <20071120181951.313751277@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:42 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + torvalds@linux-foundation.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + shannon.nelson@intel.com, + dan.j.williams@intel.com, + hskinnemoen@atmel.com +Subject: [patch 09/29] dmaengine: fix broken device refcounting +Content-Disposition: inline; filename=dmaengine-fix-broken-device-refcounting.patch +Content-Length: 2452 +Lines: 83 + + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Haavard Skinnemoen + +patch 348badf1e825323c419dd118f65783db0f7d2ec8 in mainline. + +When a DMA device is unregistered, its reference count is decremented twice +for each channel: Once dma_class_dev_release() and once in +dma_chan_cleanup(). This may result in the DMA device driver's remove() +function completing before all channels have been cleaned up, causing lots +of use-after-free fun. + +Fix it by incrementing the device's reference count twice for each +channel during registration. + +[dan.j.williams@intel.com: kill unnecessary client refcounting] +Signed-off-by: Haavard Skinnemoen +Signed-off-by: Dan Williams +Signed-off-by: Shannon Nelson +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + + +--- + drivers/dma/dmaengine.c | 17 ++++++----------- + 1 file changed, 6 insertions(+), 11 deletions(-) + +--- a/drivers/dma/dmaengine.c ++++ b/drivers/dma/dmaengine.c +@@ -182,10 +182,9 @@ static void dma_client_chan_alloc(struct + /* we are done once this client rejects + * an available resource + */ +- if (ack == DMA_ACK) { ++ if (ack == DMA_ACK) + dma_chan_get(chan); +- kref_get(&device->refcount); +- } else if (ack == DMA_NAK) ++ else if (ack == DMA_NAK) + return; + } + } +@@ -272,11 +271,8 @@ static void dma_clients_notify_removed(s + /* client was holding resources for this channel so + * free it + */ +- if (ack == DMA_ACK) { ++ if (ack == DMA_ACK) + dma_chan_put(chan); +- kref_put(&chan->device->refcount, +- dma_async_device_cleanup); +- } + } + + mutex_unlock(&dma_list_mutex); +@@ -316,11 +312,8 @@ void dma_async_client_unregister(struct + ack = client->event_callback(client, chan, + DMA_RESOURCE_REMOVED); + +- if (ack == DMA_ACK) { ++ if (ack == DMA_ACK) + dma_chan_put(chan); +- kref_put(&chan->device->refcount, +- dma_async_device_cleanup); +- } + } + + list_del(&client->global_node); +@@ -397,6 +390,8 @@ int dma_async_device_register(struct dma + goto err_out; + } + ++ /* One for the channel, one of the class device */ ++ kref_get(&device->refcount); + kref_get(&device->refcount); + kref_init(&chan->refcount); + chan->slow_ref = 0; + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:51 2007 +Message-Id: <20071120181951.468602057@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:43 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + torvalds@linux-foundation.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + mitov@issp.bas.bg, + ak@suse.de, + tglx@linutronix.de, + mingo@elte.hu +Subject: [patch 10/29] x86: disable preemption in delay_tsc() +Content-Disposition: inline; filename=x86-disable-preemption-in-delay_tsc.patch +Content-Length: 1963 +Lines: 86 + + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Andrew Morton + +patch 35d5d08a085c56f153458c3f5d8ce24123617faf in mainline. + +Marin Mitov points out that delay_tsc() can misbehave if it is preempted and +rescheduled on a different CPU which has a skewed TSC. Fix it by disabling +preemption. + +(I assume that the worst-case behaviour here is a stall of 2^32 cycles) + +Cc: Andi Kleen +Cc: Marin Mitov +Cc: Thomas Gleixner +Cc: Ingo Molnar +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + arch/i386/lib/delay.c | 3 +++ + arch/x86_64/lib/delay.c | 11 +++++++---- + 2 files changed, 10 insertions(+), 4 deletions(-) + +--- a/arch/i386/lib/delay.c ++++ b/arch/i386/lib/delay.c +@@ -12,6 +12,7 @@ + + #include + #include ++#include + #include + + #include +@@ -42,11 +43,13 @@ static void delay_tsc(unsigned long loop + { + unsigned long bclock, now; + ++ preempt_disable(); /* TSC's are per-cpu */ + rdtscl(bclock); + do { + rep_nop(); + rdtscl(now); + } while ((now-bclock) < loops); ++ preempt_enable(); + } + + /* +--- a/arch/x86_64/lib/delay.c ++++ b/arch/x86_64/lib/delay.c +@@ -10,7 +10,9 @@ + + #include + #include ++#include + #include ++ + #include + #include + +@@ -27,14 +29,15 @@ int read_current_timer(unsigned long *ti + void __delay(unsigned long loops) + { + unsigned bclock, now; +- ++ ++ preempt_disable(); /* TSC's are pre-cpu */ + rdtscl(bclock); +- do +- { ++ do { + rep_nop(); + rdtscl(now); + } +- while((now-bclock) < loops); ++ while ((now-bclock) < loops); ++ preempt_enable(); + } + EXPORT_SYMBOL(__delay); + + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:51 2007 +Message-Id: <20071120181951.623098164@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:44 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + torvalds@linux-foundation.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + maximlevitsky@gmail.com, + peterz@infradead.org, + jeffm@suse.com, + wfg@mail.ustc.edu.cn, + chris.mason@oracle.com +Subject: [patch 11/29] reiserfs: dont drop PG_dirty when releasing sub-page-sized dirty file +Content-Disposition: inline; filename=reiserfs-don-t-drop-pg_dirty-when-releasing-sub-page-sized-dirty-file.patch +Content-Length: 3712 +Lines: 112 + + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Fengguang Wu + +patch c06a018fa5362fa9ed0768bd747c0fab26bc8849 in mainline. + +This is not a new problem in 2.6.23-git17. 2.6.22/2.6.23 is buggy in the +same way. + +Reiserfs could accumulate dirty sub-page-size files until umount time. +They cannot be synced to disk by pdflush routines or explicit `sync' +commands. Only `umount' can do the trick. + +The direct cause is: the dirty page's PG_dirty is wrongly _cleared_. +Call trace: + [] cancel_dirty_page+0xd0/0xf0 + [] :reiserfs:reiserfs_cut_from_item+0x660/0x710 + [] :reiserfs:reiserfs_do_truncate+0x271/0x530 + [] :reiserfs:reiserfs_truncate_file+0xfd/0x3b0 + [] :reiserfs:reiserfs_file_release+0x1e0/0x340 + [] __fput+0xcc/0x1b0 + [] fput+0x16/0x20 + [] filp_close+0x56/0x90 + [] sys_close+0xad/0x110 + [] system_call+0x7e/0x83 + +Fix the bug by removing the cancel_dirty_page() call. Tests show that +it causes no bad behaviors on various write sizes. + +=== for the patient === +Here are more detailed demonstrations of the problem. + +1) the page has both PG_dirty(D)/PAGECACHE_TAG_DIRTY(d) after being written to; + and then only PAGECACHE_TAG_DIRTY(d) remains after the file is closed. + +------------------------------ screen 0 ------------------------------ +[T0] root /home/wfg# cat > /test/tiny +[T1] hi +[T2] root /home/wfg# + +------------------------------ screen 1 ------------------------------ +[T1] root /home/wfg# echo /test/tiny > /proc/filecache +[T1] root /home/wfg# cat /proc/filecache + # file /test/tiny + # flags R:referenced A:active M:mmap U:uptodate D:dirty W:writeback O:owner B:buffer d:dirty w:writeback + # idx len state refcnt + 0 1 ___UD__Bd_ 2 +[T2] root /home/wfg# cat /proc/filecache + # file /test/tiny + # flags R:referenced A:active M:mmap U:uptodate D:dirty W:writeback O:owner B:buffer d:dirty w:writeback + # idx len state refcnt + 0 1 ___U___Bd_ 2 + +2) note the non-zero 'cancelled_write_bytes' after /tmp/hi is copied. + +------------------------------ screen 0 ------------------------------ +[T0] root /home/wfg# echo hi > /tmp/hi +[T1] root /home/wfg# cp /tmp/hi /dev/stdin /test +[T2] hi +[T3] root /home/wfg# + +------------------------------ screen 1 ------------------------------ +[T1] root /proc/4397# cd /proc/`pidof cp` +[T1] root /proc/4713# cat io + rchar: 8396 + wchar: 3 + syscr: 20 + syscw: 1 + read_bytes: 0 + write_bytes: 20480 + cancelled_write_bytes: 4096 +[T2] root /proc/4713# cat io + rchar: 8399 + wchar: 6 + syscr: 21 + syscw: 2 + read_bytes: 0 + write_bytes: 24576 + cancelled_write_bytes: 4096 + +//Question: the 'write_bytes' is a bit more than expected ;-) + +Tested-by: Maxim Levitsky +Cc: Peter Zijlstra +Cc: Jeff Mahoney +Signed-off-by: Fengguang Wu +Reviewed-by: Chris Mason +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/reiserfs/stree.c | 3 --- + 1 file changed, 3 deletions(-) + +--- a/fs/reiserfs/stree.c ++++ b/fs/reiserfs/stree.c +@@ -1458,9 +1458,6 @@ static void unmap_buffers(struct page *p + } + bh = next; + } while (bh != head); +- if (PAGE_SIZE == bh->b_size) { +- cancel_dirty_page(page, PAGE_CACHE_SIZE); +- } + } + } + } + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:51 2007 +Message-Id: <20071120181951.782660426@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:45 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Tejun Heo , + Jeff Garzik , + Tobias Powalowski +Subject: [patch 12/29] sata_sis: fix SCR read breakage +Content-Disposition: inline; filename=sata_sis-fix-scr-read-breakage.patch +Content-Length: 2071 +Lines: 69 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Tejun Heo + +patch aaa092a114696f4425cd57c4d7fa05110007e247 in mainline. + +sata_sis: fix SCR read breakage + +SCR read for controllers which uses PCI configuration space for SCR +access got broken while adding @val argument to SCR accessors. Fix +it. + +Signed-off-by: Tejun Heo +Signed-off-by: Jeff Garzik +Cc: Tobias Powalowski +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ata/sata_sis.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +--- a/drivers/ata/sata_sis.c ++++ b/drivers/ata/sata_sis.c +@@ -168,11 +168,11 @@ static unsigned int get_scr_cfg_addr(str + return addr; + } + +-static u32 sis_scr_cfg_read (struct ata_port *ap, unsigned int sc_reg) ++static u32 sis_scr_cfg_read (struct ata_port *ap, unsigned int sc_reg, u32 *val) + { + struct pci_dev *pdev = to_pci_dev(ap->host->dev); + unsigned int cfg_addr = get_scr_cfg_addr(ap, sc_reg); +- u32 val, val2 = 0; ++ u32 val2 = 0; + u8 pmr; + + if (sc_reg == SCR_ERROR) /* doesn't exist in PCI cfg space */ +@@ -180,13 +180,16 @@ static u32 sis_scr_cfg_read (struct ata_ + + pci_read_config_byte(pdev, SIS_PMR, &pmr); + +- pci_read_config_dword(pdev, cfg_addr, &val); ++ pci_read_config_dword(pdev, cfg_addr, val); + + if ((pdev->device == 0x0182) || (pdev->device == 0x0183) || + (pdev->device == 0x1182) || (pmr & SIS_PMR_COMBINED)) + pci_read_config_dword(pdev, cfg_addr+0x10, &val2); + +- return (val|val2) & 0xfffffffb; /* avoid problems with powerdowned ports */ ++ *val |= val2; ++ *val &= 0xfffffffb; /* avoid problems with powerdowned ports */ ++ ++ return 0; + } + + static void sis_scr_cfg_write (struct ata_port *ap, unsigned int sc_reg, u32 val) +@@ -216,7 +219,7 @@ static int sis_scr_read(struct ata_port + return -EINVAL; + + if (ap->flags & SIS_FLAG_CFGSCR) +- return sis_scr_cfg_read(ap, sc_reg); ++ return sis_scr_cfg_read(ap, sc_reg, val); + + pci_read_config_byte(pdev, SIS_PMR, &pmr); + + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:52 2007 +Message-Id: <20071120181951.942643646@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:46 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Jeff Garzik , + Tobias Powalowski +Subject: [patch 13/29] libata: sata_sis: use correct S/G table size +Content-Disposition: inline; filename=libata-sata_sis-use-correct-s-g-table-size.patch +Content-Length: 1065 +Lines: 35 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Jeff Garzik + +patch 96af154710d44b574515431a0bb014888398a741 in mainline. + +[libata] sata_sis: use correct S/G table size + +sata_sis has the same restrictions as other SFF controllers, and so must +use LIBATA_MAX_PRD to denote that SCSI may only fill ATA_MAX_PRD/2 +entries, due to our need to handle IOMMU merging. + +Signed-off-by: Jeff Garzik +Cc: Tobias Powalowski +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ata/sata_sis.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/ata/sata_sis.c ++++ b/drivers/ata/sata_sis.c +@@ -92,7 +92,7 @@ static struct scsi_host_template sis_sht + .queuecommand = ata_scsi_queuecmd, + .can_queue = ATA_DEF_QUEUE, + .this_id = ATA_SHT_THIS_ID, +- .sg_tablesize = ATA_MAX_PRD, ++ .sg_tablesize = LIBATA_MAX_PRD, + .cmd_per_lun = ATA_SHT_CMD_PER_LUN, + .emulated = ATA_SHT_EMULATED, + .use_clustering = ATA_SHT_USE_CLUSTERING, + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:52 2007 +Message-Id: <20071120181952.096217446@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:47 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Alexey Starikovskiy , + Len Brown , + Tobias Powalowski +Subject: [patch 14/29] ACPI: VIDEO: Adjust current level to closest available one. +Content-Disposition: inline; filename=acpi-video-adjust-current-level-to-closest-available-one.patch +Content-Length: 1343 +Lines: 46 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Alexey Starikovskiy + +patch 63f0edfc0b7f8058f9d3f9b572615ec97ae011ba in mainline. + +ACPI: VIDEO: Adjust current level to closest available one. + + +Signed-off-by: Alexey Starikovskiy +Signed-off-by: Len Brown +Cc: Tobias Powalowski +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/video.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +--- a/drivers/acpi/video.c ++++ b/drivers/acpi/video.c +@@ -1633,9 +1633,20 @@ static int + acpi_video_get_next_level(struct acpi_video_device *device, + u32 level_current, u32 event) + { +- int min, max, min_above, max_below, i, l; ++ int min, max, min_above, max_below, i, l, delta = 255; + max = max_below = 0; + min = min_above = 255; ++ /* Find closest level to level_current */ ++ for (i = 0; i < device->brightness->count; i++) { ++ l = device->brightness->levels[i]; ++ if (abs(l - level_current) < abs(delta)) { ++ delta = l - level_current; ++ if (!delta) ++ break; ++ } ++ } ++ /* Ajust level_current to closest available level */ ++ level_current += delta; + for (i = 0; i < device->brightness->count; i++) { + l = device->brightness->levels[i]; + if (l < min) + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:52 2007 +Message-Id: <20071120181952.250793595@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:48 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Ingo Molnar +Subject: [patch 15/29] Fix divide-by-zero in the 2.6.23 scheduler code +Content-Disposition: inline; filename=fix-divide-by-zero-in-the-2.6.23-scheduler-code.patch +Content-Length: 2549 +Lines: 94 + + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Chuck Ebbert + +No patch in mainline as this logic has been removed from 2.6.24 so it is +not necessary. + + +https://bugzilla.redhat.com/show_bug.cgi?id=340161 + +The problem code has been removed in 2.6.24. The below patch disables +SCHED_FEAT_PRECISE_CPU_LOAD which causes the offending code to be skipped +but does not prevent the user from enabling it. + +The divide-by-zero is here in kernel/sched.c: + +static void update_cpu_load(struct rq *this_rq) +{ + u64 fair_delta64, exec_delta64, idle_delta64, sample_interval64, tmp64; + unsigned long total_load = this_rq->ls.load.weight; + unsigned long this_load = total_load; + struct load_stat *ls = &this_rq->ls; + int i, scale; + + this_rq->nr_load_updates++; + if (unlikely(!(sysctl_sched_features & SCHED_FEAT_PRECISE_CPU_LOAD))) + goto do_avg; + + /* Update delta_fair/delta_exec fields first */ + update_curr_load(this_rq); + + fair_delta64 = ls->delta_fair + 1; + ls->delta_fair = 0; + + exec_delta64 = ls->delta_exec + 1; + ls->delta_exec = 0; + + sample_interval64 = this_rq->clock - ls->load_update_last; + ls->load_update_last = this_rq->clock; + + if ((s64)sample_interval64 < (s64)TICK_NSEC) + sample_interval64 = TICK_NSEC; + + if (exec_delta64 > sample_interval64) + exec_delta64 = sample_interval64; + + idle_delta64 = sample_interval64 - exec_delta64; + +======> tmp64 = div64_64(SCHED_LOAD_SCALE * exec_delta64, fair_delta64); + tmp64 = div64_64(tmp64 * exec_delta64, sample_interval64); + + this_load = (unsigned long)tmp64; + +do_avg: + + /* Update our load: */ + for (i = 0, scale = 1; i < CPU_LOAD_IDX_MAX; i++, scale += scale) { + unsigned long old_load, new_load; + + /* scale is effectively 1 << i now, and >> i divides by scale */ + + old_load = this_rq->cpu_load[i]; + new_load = this_load; + + this_rq->cpu_load[i] = (old_load*(scale-1) + new_load) >> i; + } +} + +For stable only; the code has been removed in 2.6.24. + +Signed-off-by: Chuck Ebbert +Acked-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/sched_fair.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/sched_fair.c ++++ b/kernel/sched_fair.c +@@ -93,7 +93,7 @@ unsigned int sysctl_sched_features __rea + SCHED_FEAT_FAIR_SLEEPERS *1 | + SCHED_FEAT_SLEEPER_AVG *0 | + SCHED_FEAT_SLEEPER_LOAD_AVG *1 | +- SCHED_FEAT_PRECISE_CPU_LOAD *1 | ++ SCHED_FEAT_PRECISE_CPU_LOAD *0 | + SCHED_FEAT_START_DEBIT *1 | + SCHED_FEAT_SKIP_INITIAL *0; + + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:52 2007 +Message-Id: <20071120181952.405280272@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:49 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Sebastian Siewior , + Jordan Crouse , + Herbert Xu +Subject: [patch 16/29] geode: Fix not inplace encryption +Content-Disposition: inline; filename=geode-fix-not-inplace-encryption.patch +Content-Length: 1119 +Lines: 36 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Sebastian Siewior + +patch 2e21630ddc3fb717dc645356b75771c6a52dc627 in mainline. + +Currently the Geode AES module fails to encrypt or decrypt if +the coherent bits are not set what is currently the case if the +encryption does not occur inplace. However, the encryption works +on my Geode machine _only_ if the coherent bits are always set. + +Signed-off-by: Sebastian Siewior +Acked-by: Jordan Crouse +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/geode-aes.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/crypto/geode-aes.c ++++ b/drivers/crypto/geode-aes.c +@@ -110,8 +110,7 @@ geode_aes_crypt(struct geode_aes_op *op) + * we don't need to worry + */ + +- if (op->src == op->dst) +- flags |= (AES_CTRL_DCA | AES_CTRL_SCA); ++ flags |= (AES_CTRL_DCA | AES_CTRL_SCA); + + if (op->dir == AES_DIR_ENCRYPT) + flags |= AES_CTRL_ENCRYPT; + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:52 2007 +Message-Id: <20071120181952.559917815@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:50 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + Greg KH +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Benny Halevy , + Herbert Xu +Subject: [patch 17/29] libcrc32c: keep intermediate crc state in cpu order +Content-Disposition: inline; filename=libcrc32c-keep-intermediate-crc-state-in-cpu-order.patch +Content-Length: 1482 +Lines: 54 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Herbert Xu + +It's upstream changeset ef19454bd437b2ba14c9cda1de85debd9f383484. + +[LIB] crc32c: Keep intermediate crc state in cpu order + +crypto/crc32.c:chksum_final() is computing the digest as +*(__le32 *)out = ~cpu_to_le32(mctx->crc); +so the low-level crc32c_le routines should just keep +the crc in cpu order, otherwise it is getting swabbed +one too many times on big-endian machines. + +Signed-off-by: Benny Halevy +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + lib/libcrc32c.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +--- a/lib/libcrc32c.c ++++ b/lib/libcrc32c.c +@@ -33,7 +33,6 @@ + #include + #include + #include +-#include + + MODULE_AUTHOR("Clay Haapala "); + MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations"); +@@ -161,15 +160,13 @@ static const u32 crc32c_table[256] = { + */ + + u32 __attribute_pure__ +-crc32c_le(u32 seed, unsigned char const *data, size_t length) ++crc32c_le(u32 crc, unsigned char const *data, size_t length) + { +- u32 crc = __cpu_to_le32(seed); +- + while (length--) + crc = + crc32c_table[(crc ^ *data++) & 0xFFL] ^ (crc >> 8); + +- return __le32_to_cpu(crc); ++ return crc; + } + + #endif /* CRC_LE_BITS == 8 */ + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:52 2007 +Message-Id: <20071120181952.715418227@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:51 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Jan Beulich , + Andi Kleen , + Ingo Molnar , + Thomas Gleixner +Subject: [patch 18/29] i386: avoid temporarily inconsistent pte-s +Content-Disposition: inline; filename=x86-avoid-inconsistent-ptes.patch +Content-Length: 1287 +Lines: 42 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Jan Beulich + +patch aa506dc7b12d03fbf8fd11aab752aed1aadd9c07 in mainline. + +i386: avoid temporarily inconsistent pte-s + +One more of these issues (which were considered fixed a few releases +back): other than on x86-64, i386 allows set_fixmap() to replace +already present mappings. Consequently, on PAE, care must be taken to +not update the high half of a pte while the low half is still holding +the old value. + +[ tglx: arch/x86 adaptation ] + +Signed-off-by: Jan Beulich +Signed-off-by: Andi Kleen +Signed-off-by: Ingo Molnar +Signed-off-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman + +--- + arch/i386/mm/pgtable.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/arch/i386/mm/pgtable.c ++++ b/arch/i386/mm/pgtable.c +@@ -97,8 +97,7 @@ static void set_pte_pfn(unsigned long va + } + pte = pte_offset_kernel(pmd, vaddr); + if (pgprot_val(flags)) +- /* stored as-is, to permit clearing entries */ +- set_pte(pte, pfn_pte(pfn, flags)); ++ set_pte_present(&init_mm, vaddr, pte, pfn_pte(pfn, flags)); + else + pte_clear(&init_mm, vaddr, pte); + + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:53 2007 +Message-Id: <20071120181952.879751829@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:52 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Andrew Hastings , + Andi Kleen , + Ingo Molnar , + Thomas Gleixner +Subject: [patch 19/29] x86: fix off-by-one in find_next_zero_string +Content-Disposition: inline; filename=x86-fix-one-off-in-find-next-zero-string.patch +Content-Length: 1004 +Lines: 38 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Andrew Hastings + +patch 801916c1b369b637ce799e6c71a94963ff63df79 in mainline. + +x86: fix off-by-one in find_next_zero_string + +Fix an off-by-one error in find_next_zero_string which prevents +allocating the last bit. + +[ tglx: arch/x86 adaptation ] + +Signed-off-by: Andrew Hastings +Signed-off-by: Andi Kleen +Signed-off-by: Ingo Molnar +Signed-off-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86_64/lib/bitstr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86_64/lib/bitstr.c ++++ b/arch/x86_64/lib/bitstr.c +@@ -14,7 +14,7 @@ find_next_zero_string(unsigned long *bit + + /* could test bitsliced, but it's hardly worth it */ + end = n+len; +- if (end >= nbits) ++ if (end > nbits) + return -1; + for (i = n+1; i < end; i++) { + if (test_bit(i, bitmap)) { + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:53 2007 +Message-Id: <20071120181953.037082535@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:53 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Thomas Gleixner , + Ingo Molnar +Subject: [patch 20/29] x86: mark read_crX() asm code as volatile +Content-Disposition: inline; filename=x86-mark-read-crx-volatile.patch +Content-Length: 2143 +Lines: 77 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Kirill Korotaev + +patch c1217a75ea102d4e69321f210fab60bc47b9a48e in mainline. + +x86: mark read_crX() asm code as volatile + +Some gcc versions (I checked at least 4.1.1 from RHEL5 & 4.1.2 from gentoo) +can generate incorrect code with read_crX()/write_crX() functions mix up, +due to cached results of read_crX(). + +The small app for x8664 below compiled with -O2 demonstrates this +(i686 does the same thing): + +Signed-off-by: Thomas Gleixner +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + include/asm-i386/system.h | 2 +- + include/asm-x86_64/system.h | 8 ++++---- + 2 files changed, 5 insertions(+), 5 deletions(-) + +--- a/include/asm-i386/system.h ++++ b/include/asm-i386/system.h +@@ -141,7 +141,7 @@ static inline unsigned long native_read_ + { + unsigned long val; + /* This could fault if %cr4 does not exist */ +- asm("1: movl %%cr4, %0 \n" ++ asm volatile("1: movl %%cr4, %0 \n" + "2: \n" + ".section __ex_table,\"a\" \n" + ".long 1b,2b \n" +--- a/include/asm-x86_64/system.h ++++ b/include/asm-x86_64/system.h +@@ -85,7 +85,7 @@ static inline void write_cr0(unsigned lo + static inline unsigned long read_cr2(void) + { + unsigned long cr2; +- asm("movq %%cr2,%0" : "=r" (cr2)); ++ asm volatile("movq %%cr2,%0" : "=r" (cr2)); + return cr2; + } + +@@ -97,7 +97,7 @@ static inline void write_cr2(unsigned lo + static inline unsigned long read_cr3(void) + { + unsigned long cr3; +- asm("movq %%cr3,%0" : "=r" (cr3)); ++ asm volatile("movq %%cr3,%0" : "=r" (cr3)); + return cr3; + } + +@@ -109,7 +109,7 @@ static inline void write_cr3(unsigned lo + static inline unsigned long read_cr4(void) + { + unsigned long cr4; +- asm("movq %%cr4,%0" : "=r" (cr4)); ++ asm volatile("movq %%cr4,%0" : "=r" (cr4)); + return cr4; + } + +@@ -121,7 +121,7 @@ static inline void write_cr4(unsigned lo + static inline unsigned long read_cr8(void) + { + unsigned long cr8; +- asm("movq %%cr8,%0" : "=r" (cr8)); ++ asm volatile("movq %%cr8,%0" : "=r" (cr8)); + return cr8; + } + + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:53 2007 +Message-Id: <20071120181953.205339415@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:54 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Huang Ying , + Andi Kleen , + Ingo Molnar , + Thomas Gleixner +Subject: [patch 21/29] x86: NX bit handling in change_page_attr() +Content-Disposition: inline; filename=x86-nx-bit-handling-in-change-page-attr.patch +Content-Length: 1456 +Lines: 42 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Huang, Ying + +patch 84e0fdb1754d066dd0a8b257de7299f392d1e727 in mainline. + +x86: NX bit handling in change_page_attr() + +This patch fixes a bug of change_page_attr/change_page_attr_addr on +Intel x86_64 CPUs. After changing page attribute to be executable with +these functions, the page remains un-executable on Intel x86_64 CPU. +Because on Intel x86_64 CPU, only if the "NX" bits of all four level +page tables are cleared, the corresponding page is executable (refer to +section 4.13.2 of Intel 64 and IA-32 Architectures Software Developer's +Manual). So, the bug is fixed through clearing the "NX" bit of PMD when +splitting the huge PMD. + +Signed-off-by: Huang Ying +Cc: Andi Kleen +Signed-off-by: Andrew Morton +Signed-off-by: Ingo Molnar +Signed-off-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86_64/mm/pageattr.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86_64/mm/pageattr.c ++++ b/arch/x86_64/mm/pageattr.c +@@ -148,6 +148,7 @@ __change_page_attr(unsigned long address + split = split_large_page(address, prot, ref_prot2); + if (!split) + return -ENOMEM; ++ pgprot_val(ref_prot2) &= ~_PAGE_NX; + set_pte(kpte, mk_pte(split, ref_prot2)); + kpte_page = split; + } + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:53 2007 +Message-Id: <20071120181953.365484955@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:55 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Andrey Mirkin , + Andi Kleen , + Ingo Molnar , + Thomas Gleixner +Subject: [patch 22/29] x86: return correct error code from child_rip in x86_64 entry.S +Content-Disposition: inline; filename=x98-return-correct-error-code-from-child-rip.patch +Content-Length: 1090 +Lines: 41 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Andrey Mirkin + +patch 1c5b5cfd290b6cb7c67020ef420e275f746a7236 in mainline. + +x86: return correct error code from child_rip in x86_64 entry.S + +Right now register edi is just cleared before calling do_exit. +That is wrong because correct return value will be ignored. +Value from rax should be copied to rdi instead of clearing edi. + +AK: changed to 32bit move because it's strictly an int + +[ tglx: arch/x86 adaptation ] + +Signed-off-by: Andrey Mirkin +Signed-off-by: Andi Kleen +Signed-off-by: Ingo Molnar +Signed-off-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86_64/kernel/entry.S | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86_64/kernel/entry.S ++++ b/arch/x86_64/kernel/entry.S +@@ -989,7 +989,7 @@ child_rip: + movq %rsi, %rdi + call *%rax + # exit +- xorl %edi, %edi ++ mov %eax, %edi + call do_exit + CFI_ENDPROC + ENDPROC(child_rip) + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:53 2007 +Message-Id: <20071120181953.522369141@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:56 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + "David P. Reed" , + Thomas Gleixner , + Ingo Molnar +Subject: [patch 23/29] ntp: fix typo that makes sync_cmos_clock erratic +Content-Disposition: inline; filename=ntp-fix-sync-cmos-clock-typo.patch +Content-Length: 1912 +Lines: 50 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: David P. Reed + +patch fa6a1a554b50cbb7763f6907e6fef927ead480d9 in mainline. + +ntp: fix typo that makes sync_cmos_clock erratic + +Fix a typo in ntp.c that has caused updating of the persistent (RTC) +clock when synced to NTP to behave erratically. + +When debugging a freeze that arises on my AMD64 machines when I +run the ntpd service, I added a number of printk's to monitor the +sync_cmos_clock procedure. I discovered that it was not syncing to +cmos RTC every 11 minutes as documented, but instead would keep trying +every second for hours at a time. The reason turned out to be a typo +in sync_cmos_clock, where it attempts to ensure that +update_persistent_clock is called very close to 500 msec. after a 1 +second boundary (required by the PC RTC's spec). That typo referred to +"xtime" in one spot, rather than "now", which is derived from "xtime" +but not equal to it. This makes the test erratic, creating a +"coin-flip" that decides when update_persistent_clock is called - when +it is called, which is rarely, it may be at any time during the one +second period, rather than close to 500 msec, so the value written is +needlessly incorrect, too. + +Signed-off-by: David P. Reed +Signed-off-by: Thomas Gleixner +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/time/ntp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/time/ntp.c ++++ b/kernel/time/ntp.c +@@ -205,7 +205,7 @@ static void sync_cmos_clock(unsigned lon + return; + + getnstimeofday(&now); +- if (abs(xtime.tv_nsec - (NSEC_PER_SEC / 2)) <= tick_nsec / 2) ++ if (abs(now.tv_nsec - (NSEC_PER_SEC / 2)) <= tick_nsec / 2) + fail = update_persistent_clock(now); + + next.tv_nsec = (NSEC_PER_SEC / 2) - now.tv_nsec; + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:53 2007 +Message-Id: <20071120181953.678005750@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:57 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + "David P. Reed" , + Thomas Gleixner , + Ingo Molnar +Subject: [patch 24/29] x86: fix freeze in x86_64 RTC update code in time_64.c +Content-Disposition: inline; filename=x86-fix-rtc-locking.patch +Content-Length: 1970 +Lines: 66 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: David P. Reed + +patch c399da0d97e06803e51085ec076b63a3168aad1b in mainline. + +x86: fix freeze in x86_64 RTC update code in time_64.c + +Fix hard freeze on x86_64 when the ntpd service calls +update_persistent_clock() + +A repeatable but randomly timed freeze has been happening in Fedora 6 +and 7 for the last year, whenever I run the ntpd service on my AMD64x2 +HP Pavilion dv9000z laptop. This freeze is due to the use of +spin_lock(&rtc_lock) under the assumption (per a bad comment) that +set_rtc_mmss is called only with interrupts disabled. The call from +ntp.c to update_persistent_clock is made with interrupts enabled. + +[ tglx@linutronix.de: ported to 2.6.23.stable ] + +Signed-off-by: David P. Reed +Signed-off-by: Thomas Gleixner +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86_64/kernel/time.c | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/arch/x86_64/kernel/time.c ++++ b/arch/x86_64/kernel/time.c +@@ -87,18 +87,15 @@ static int set_rtc_mmss(unsigned long no + int retval = 0; + int real_seconds, real_minutes, cmos_minutes; + unsigned char control, freq_select; ++ unsigned long flags; + + /* +- * IRQs are disabled when we're called from the timer interrupt, +- * no need for spin_lock_irqsave() ++ * set_rtc_mmss is called when irqs are enabled, so disable irqs here + */ +- +- spin_lock(&rtc_lock); +- ++ spin_lock_irqsave(&rtc_lock, flags); + /* + * Tell the clock it's being set and stop it. + */ +- + control = CMOS_READ(RTC_CONTROL); + CMOS_WRITE(control | RTC_SET, RTC_CONTROL); + +@@ -143,7 +140,7 @@ static int set_rtc_mmss(unsigned long no + CMOS_WRITE(control, RTC_CONTROL); + CMOS_WRITE(freq_select, RTC_FREQ_SELECT); + +- spin_unlock(&rtc_lock); ++ spin_unlock_irqrestore(&rtc_lock, flags); + + return retval; + } + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:53 2007 +Message-Id: <20071120181953.833569092@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:58 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + Greg KH +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Ingo Molnar , + Satyam Sharma +Subject: [patch 25/29] softlockup watchdog fixes and cleanups +Content-Disposition: inline; filename=softlockup-watchdog-fixes-and-cleanups.patch +Content-Length: 6174 +Lines: 192 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Ingo Molnar + + +This is a merge of commits a5f2ce3c6024a5bb895647b6bd88ecae5001020a and +43581a10075492445f65234384210492ff333eba in mainline to fix a warning in +the 2.6.23.3 kernel release. + +softlockup watchdog: style cleanups + +kernel/softirq.c grew a few style uncleanlinesses in the past few +months, clean that up. No functional changes: + +text data bss dec hex filename +1126 76 4 1206 4b6 softlockup.o.before +1129 76 4 1209 4b9 softlockup.o.after + +( the 3 bytes .text increase is due to the "<1>" appended to one of +the printk messages. ) + +Signed-off-by: Ingo Molnar +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds + + +softlockup: improve debug output + +Improve the debuggability of kernel lockups by enhancing the debug +output of the softlockup detector: print the task that causes the lockup +and try to print a more intelligent backtrace. + +The old format was: + +BUG: soft lockup detected on CPU#1! +[] show_trace_log_lvl+0x19/0x2e +[] show_trace+0x12/0x14 +[] dump_stack+0x14/0x16 +[] softlockup_tick+0xbe/0xd0 +[] run_local_timers+0x12/0x14 +[] update_process_times+0x3e/0x63 +[] tick_sched_timer+0x7c/0xc0 +[] hrtimer_interrupt+0x135/0x1ba +[] smp_apic_timer_interrupt+0x6e/0x80 +[] apic_timer_interrupt+0x33/0x38 +[] syscall_call+0x7/0xb +======================= + +The new format is: + +BUG: soft lockup detected on CPU#1! [prctl:2363] + +Pid: 2363, comm: prctl +EIP: 0060:[] CPU: 1 +EIP is at sys_prctl+0x24/0x18c +EFLAGS: 00000213 Not tainted (2.6.22-cfs-v20 #26) +EAX: 00000001 EBX: 000003e7 ECX: 00000001 EDX: f6df0000 +ESI: 000003e7 EDI: 000003e7 EBP: f6df0fb0 DS: 007b ES: 007b FS: 00d8 +CR0: 8005003b CR2: 4d8c3340 CR3: 3731d000 CR4: 000006d0 +[] show_trace_log_lvl+0x19/0x2e +[] show_trace+0x12/0x14 +[] show_regs+0x1ab/0x1b3 +[] softlockup_tick+0xef/0x108 +[] run_local_timers+0x12/0x14 +[] update_process_times+0x3e/0x63 +[] tick_sched_timer+0x7c/0xc0 +[] hrtimer_interrupt+0x135/0x1ba +[] smp_apic_timer_interrupt+0x6e/0x80 +[] apic_timer_interrupt+0x33/0x38 +[] syscall_call+0x7/0xb +======================= + +Note that in the old format we only knew that some system call locked +up, we didnt know _which_. With the new format we know that it's at a +specific place in sys_prctl(). [which was where i created an artificial +kernel lockup to test the new format.] + +This is also useful if the lockup happens in user-space - the user-space +EIP (and other registers) will be printed too. (such a lockup would +either suggest that the task was running at SCHED_FIFO:99 and looping +for more than 10 seconds, or that the softlockup detector has a +false-positive.) + +The task name is printed too first, just in case we dont manage to print +a useful backtrace. + +[satyam@infradead.org: fix warning] +Signed-off-by: Ingo Molnar +Signed-off-by: Satyam Sharma +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + + +--- + kernel/softlockup.c | 37 +++++++++++++++++++++++-------------- + 1 file changed, 23 insertions(+), 14 deletions(-) + +--- a/kernel/softlockup.c ++++ b/kernel/softlockup.c +@@ -15,13 +15,16 @@ + #include + #include + ++#include ++ + static DEFINE_SPINLOCK(print_lock); + + static DEFINE_PER_CPU(unsigned long, touch_timestamp); + static DEFINE_PER_CPU(unsigned long, print_timestamp); + static DEFINE_PER_CPU(struct task_struct *, watchdog_task); + +-static int did_panic = 0; ++static int did_panic; ++int softlockup_thresh = 10; + + static int + softlock_panic(struct notifier_block *this, unsigned long event, void *ptr) +@@ -70,6 +73,7 @@ void softlockup_tick(void) + int this_cpu = smp_processor_id(); + unsigned long touch_timestamp = per_cpu(touch_timestamp, this_cpu); + unsigned long print_timestamp; ++ struct pt_regs *regs = get_irq_regs(); + unsigned long now; + + if (touch_timestamp == 0) { +@@ -99,21 +103,26 @@ void softlockup_tick(void) + wake_up_process(per_cpu(watchdog_task, this_cpu)); + + /* Warn about unreasonable 10+ seconds delays: */ +- if (now > (touch_timestamp + 10)) { +- per_cpu(print_timestamp, this_cpu) = touch_timestamp; ++ if (now <= (touch_timestamp + softlockup_thresh)) ++ return; ++ ++ per_cpu(print_timestamp, this_cpu) = touch_timestamp; + +- spin_lock(&print_lock); +- printk(KERN_ERR "BUG: soft lockup detected on CPU#%d!\n", +- this_cpu); ++ spin_lock(&print_lock); ++ printk(KERN_ERR "BUG: soft lockup - CPU#%d stuck for %lus! [%s:%d]\n", ++ this_cpu, now - touch_timestamp, ++ current->comm, current->pid); ++ if (regs) ++ show_regs(regs); ++ else + dump_stack(); +- spin_unlock(&print_lock); +- } ++ spin_unlock(&print_lock); + } + + /* + * The watchdog thread - runs every second and touches the timestamp. + */ +-static int watchdog(void * __bind_cpu) ++static int watchdog(void *__bind_cpu) + { + struct sched_param param = { .sched_priority = MAX_RT_PRIO-1 }; + +@@ -151,13 +160,13 @@ cpu_callback(struct notifier_block *nfb, + BUG_ON(per_cpu(watchdog_task, hotcpu)); + p = kthread_create(watchdog, hcpu, "watchdog/%d", hotcpu); + if (IS_ERR(p)) { +- printk("watchdog for %i failed\n", hotcpu); ++ printk(KERN_ERR "watchdog for %i failed\n", hotcpu); + return NOTIFY_BAD; + } +- per_cpu(touch_timestamp, hotcpu) = 0; +- per_cpu(watchdog_task, hotcpu) = p; ++ per_cpu(touch_timestamp, hotcpu) = 0; ++ per_cpu(watchdog_task, hotcpu) = p; + kthread_bind(p, hotcpu); +- break; ++ break; + case CPU_ONLINE: + case CPU_ONLINE_FROZEN: + wake_up_process(per_cpu(watchdog_task, hotcpu)); +@@ -177,7 +186,7 @@ cpu_callback(struct notifier_block *nfb, + kthread_stop(p); + break; + #endif /* CONFIG_HOTPLUG_CPU */ +- } ++ } + return NOTIFY_OK; + } + + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:54 2007 +Message-Id: <20071120181953.989222884@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:17:59 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Ingo Molnar +Subject: [patch 26/29] softlockup: use cpu_clock() instead of sched_clock() +Content-Disposition: inline; filename=softlockup-use-cpu_clock-instead-of-sched_clock.patch +Content-Length: 1462 +Lines: 52 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Ingo Molnar + +patch a3b13c23f186ecb57204580cc1f2dbe9c284953a in mainline. + +sched_clock() is not a reliable time-source, use cpu_clock() instead. + +Signed-off-by: Ingo Molnar +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/softlockup.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/kernel/softlockup.c ++++ b/kernel/softlockup.c +@@ -43,14 +43,16 @@ static struct notifier_block panic_block + * resolution, and we don't need to waste time with a big divide when + * 2^30ns == 1.074s. + */ +-static unsigned long get_timestamp(void) ++static unsigned long get_timestamp(int this_cpu) + { +- return sched_clock() >> 30; /* 2^30 ~= 10^9 */ ++ return cpu_clock(this_cpu) >> 30; /* 2^30 ~= 10^9 */ + } + + void touch_softlockup_watchdog(void) + { +- __raw_get_cpu_var(touch_timestamp) = get_timestamp(); ++ int this_cpu = raw_smp_processor_id(); ++ ++ __raw_get_cpu_var(touch_timestamp) = get_timestamp(this_cpu); + } + EXPORT_SYMBOL(touch_softlockup_watchdog); + +@@ -96,7 +98,7 @@ void softlockup_tick(void) + return; + } + +- now = get_timestamp(); ++ now = get_timestamp(this_cpu); + + /* Wake up the high-prio watchdog task every second: */ + if (now > (touch_timestamp + 1)) + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:54 2007 +Message-Id: <20071120181954.145506889@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:18:00 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Mike Pagano , + Phil Dibowitz , + Tobias Powalowski +Subject: [patch 27/29] USB: unusual_devs modification for Nikon D200 +Content-Disposition: inline; filename=usb-unusual_devs-modification-for-nikon-d200.patch +Content-Length: 1089 +Lines: 37 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Phil Dibowitz + +patch 16eb345f4d9189b59bae576ae63cba7ca77817b2 in mainline. + +Upgrade the unusual_devs.h file to support the Nikon D200 + +Signed-off-by: Mike Pagano +Signed-off-by: Phil Dibowitz +Cc: Tobias Powalowski +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/storage/unusual_devs.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/usb/storage/unusual_devs.h ++++ b/drivers/usb/storage/unusual_devs.h +@@ -341,6 +341,13 @@ UNUSUAL_DEV( 0x04b0, 0x040d, 0x0100, 0x + US_SC_DEVICE, US_PR_DEVICE, NULL, + US_FL_FIX_CAPACITY), + ++/* Reported by Graber and Mike Pagano */ ++UNUSUAL_DEV( 0x04b0, 0x040f, 0x0200, 0x0200, ++ "NIKON", ++ "NIKON DSC D200", ++ US_SC_DEVICE, US_PR_DEVICE, NULL, ++ US_FL_FIX_CAPACITY), ++ + /* Reported by Emil Larsson */ + UNUSUAL_DEV( 0x04b0, 0x0411, 0x0100, 0x0101, + "NIKON", + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:54 2007 +Message-Id: <20071120181954.298542112@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:18:01 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Tobias Powalowski +Subject: [patch 28/29] USB: Nikon D40X unusual_devs entry +Content-Disposition: inline; filename=usb-nikon-d40x-unusual_devs-entry.patch +Content-Length: 1080 +Lines: 38 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Ortwin Glück + +patch d466a9190ff1ceddfee50686e61d63590fc820d9 in mainline. + +Not surprisingly the Nikon D40X DSC needs the same quirks as the D40, +but it has a separate ID. +See http://bugs.gentoo.org/show_bug.cgi?id=191431 + +From: Ortwin Glück +Cc: Tobias Powalowski +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/storage/unusual_devs.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/usb/storage/unusual_devs.h ++++ b/drivers/usb/storage/unusual_devs.h +@@ -362,6 +362,13 @@ UNUSUAL_DEV( 0x04b0, 0x0413, 0x0110, 0x + US_SC_DEVICE, US_PR_DEVICE, NULL, + US_FL_FIX_CAPACITY), + ++/* Reported by Shan Destromp (shansan@gmail.com) */ ++UNUSUAL_DEV( 0x04b0, 0x0417, 0x0100, 0x0100, ++ "NIKON", ++ "NIKON DSC D40X", ++ US_SC_DEVICE, US_PR_DEVICE, NULL, ++ US_FL_FIX_CAPACITY), ++ + /* BENQ DC5330 + * Reported by Manuel Fombuena and + * Frank Copeland */ + +-- + +From gregkh@mini.kroah.org Tue Nov 20 10:19:54 2007 +Message-Id: <20071120181954.455270822@mini.kroah.org> +References: <20071120181733.702234406@mini.kroah.org> +User-Agent: quilt/0.46-1 +Date: Tue, 20 Nov 2007 10:18:02 -0800 +From: Greg Kroah-Hartman +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + Chris Wedgwood , + Michael Krufky , + Chuck Ebbert , + Domenico Andreoli , + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Dan Williams , + "John W. Linville" , + Tobias Powalowski +Subject: [patch 29/29] ipw2200: batch non-user-requested scan result notifications +Content-Disposition: inline; filename=ipw2200-batch-non-user-requested-scan-result-notifications.patch +Content-Length: 5852 +Lines: 170 + +2.6.23-stable review patch. If anyone has any objections, please let us +know. + +------------------ +From: Dan Williams + +patch 0b5316769774d1dc2fdd702e095f9e6992af269a in mainline. + +ipw2200 makes extensive use of background scanning when unassociated or +down. Unfortunately, the firmware sends scan completed events many +times per second, which the driver pushes directly up to userspace. +This needlessly wakes up processes listening for wireless events many +times per second. Batch together scan completed events for +non-user-requested scans and send them up to userspace every 4 seconds. +Scan completed events resulting from an SIOCSIWSCAN call are pushed up +without delay. + +Signed-off-by: Dan Williams +Signed-off-by: John W. Linville +Cc: Tobias Powalowski +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/ipw2200.c | 56 +++++++++++++++++++++++++++++++++-------- + drivers/net/wireless/ipw2200.h | 3 ++ + 2 files changed, 49 insertions(+), 10 deletions(-) + +--- a/drivers/net/wireless/ipw2200.c ++++ b/drivers/net/wireless/ipw2200.c +@@ -1740,8 +1740,10 @@ static int ipw_radio_kill_sw(struct ipw_ + if (disable_radio) { + priv->status |= STATUS_RF_KILL_SW; + +- if (priv->workqueue) ++ if (priv->workqueue) { + cancel_delayed_work(&priv->request_scan); ++ cancel_delayed_work(&priv->scan_event); ++ } + queue_work(priv->workqueue, &priv->down); + } else { + priv->status &= ~STATUS_RF_KILL_SW; +@@ -1992,6 +1994,7 @@ static void ipw_irq_tasklet(struct ipw_p + wake_up_interruptible(&priv->wait_command_queue); + priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING); + cancel_delayed_work(&priv->request_scan); ++ cancel_delayed_work(&priv->scan_event); + schedule_work(&priv->link_down); + queue_delayed_work(priv->workqueue, &priv->rf_kill, 2 * HZ); + handled |= IPW_INTA_BIT_RF_KILL_DONE; +@@ -4341,6 +4344,37 @@ static void ipw_handle_missed_beacon(str + IPW_DEBUG_NOTIF("Missed beacon: %d\n", missed_count); + } + ++static void ipw_scan_event(struct work_struct *work) ++{ ++ union iwreq_data wrqu; ++ ++ struct ipw_priv *priv = ++ container_of(work, struct ipw_priv, scan_event.work); ++ ++ wrqu.data.length = 0; ++ wrqu.data.flags = 0; ++ wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL); ++} ++ ++static void handle_scan_event(struct ipw_priv *priv) ++{ ++ /* Only userspace-requested scan completion events go out immediately */ ++ if (!priv->user_requested_scan) { ++ if (!delayed_work_pending(&priv->scan_event)) ++ queue_delayed_work(priv->workqueue, &priv->scan_event, ++ round_jiffies(msecs_to_jiffies(4000))); ++ } else { ++ union iwreq_data wrqu; ++ ++ priv->user_requested_scan = 0; ++ cancel_delayed_work(&priv->scan_event); ++ ++ wrqu.data.length = 0; ++ wrqu.data.flags = 0; ++ wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL); ++ } ++} ++ + /** + * Handle host notification packet. + * Called from interrupt routine +@@ -4702,14 +4736,8 @@ static void ipw_rx_notification(struct i + * on how the scan was initiated. User space can just + * sync on periodic scan to get fresh data... + * Jean II */ +- if (x->status == SCAN_COMPLETED_STATUS_COMPLETE) { +- union iwreq_data wrqu; +- +- wrqu.data.length = 0; +- wrqu.data.flags = 0; +- wireless_send_event(priv->net_dev, SIOCGIWSCAN, +- &wrqu, NULL); +- } ++ if (x->status == SCAN_COMPLETED_STATUS_COMPLETE) ++ handle_scan_event(priv); + break; + } + +@@ -9472,6 +9500,10 @@ static int ipw_wx_set_scan(struct net_de + struct ipw_priv *priv = ieee80211_priv(dev); + struct iw_scan_req *req = (struct iw_scan_req *)extra; + ++ mutex_lock(&priv->mutex); ++ priv->user_requested_scan = 1; ++ mutex_unlock(&priv->mutex); ++ + if (wrqu->data.length == sizeof(struct iw_scan_req)) { + if (wrqu->data.flags & IW_SCAN_THIS_ESSID) { + ipw_request_direct_scan(priv, req->essid, +@@ -10647,6 +10679,7 @@ static void ipw_link_up(struct ipw_priv + } + + cancel_delayed_work(&priv->request_scan); ++ cancel_delayed_work(&priv->scan_event); + ipw_reset_stats(priv); + /* Ensure the rate is updated immediately */ + priv->last_rate = ipw_get_current_rate(priv); +@@ -10684,7 +10717,8 @@ static void ipw_link_down(struct ipw_pri + if (!(priv->status & STATUS_EXIT_PENDING)) { + /* Queue up another scan... */ + queue_delayed_work(priv->workqueue, &priv->request_scan, 0); +- } ++ } else ++ cancel_delayed_work(&priv->scan_event); + } + + static void ipw_bg_link_down(struct work_struct *work) +@@ -10714,6 +10748,7 @@ static int ipw_setup_deferred_work(struc + INIT_WORK(&priv->up, ipw_bg_up); + INIT_WORK(&priv->down, ipw_bg_down); + INIT_DELAYED_WORK(&priv->request_scan, ipw_request_scan); ++ INIT_DELAYED_WORK(&priv->scan_event, ipw_scan_event); + INIT_WORK(&priv->request_passive_scan, ipw_request_passive_scan); + INIT_DELAYED_WORK(&priv->gather_stats, ipw_bg_gather_stats); + INIT_WORK(&priv->abort_scan, ipw_bg_abort_scan); +@@ -11746,6 +11781,7 @@ static void ipw_pci_remove(struct pci_de + cancel_delayed_work(&priv->adhoc_check); + cancel_delayed_work(&priv->gather_stats); + cancel_delayed_work(&priv->request_scan); ++ cancel_delayed_work(&priv->scan_event); + cancel_delayed_work(&priv->rf_kill); + cancel_delayed_work(&priv->scan_check); + destroy_workqueue(priv->workqueue); +--- a/drivers/net/wireless/ipw2200.h ++++ b/drivers/net/wireless/ipw2200.h +@@ -1288,6 +1288,8 @@ struct ipw_priv { + + struct iw_public_data wireless_data; + ++ int user_requested_scan; ++ + struct workqueue_struct *workqueue; + + struct delayed_work adhoc_check; +@@ -1296,6 +1298,7 @@ struct ipw_priv { + struct work_struct system_config; + struct work_struct rx_replenish; + struct delayed_work request_scan; ++ struct delayed_work scan_event; + struct work_struct request_passive_scan; + struct work_struct adapter_restart; + struct delayed_work rf_kill; + +-- + diff --git a/queue-2.6.23/nfsd4-recheck-for-secure-ports-in-fh_verify.patch b/review-2.6.23/nfsd4-recheck-for-secure-ports-in-fh_verify.patch similarity index 100% rename from queue-2.6.23/nfsd4-recheck-for-secure-ports-in-fh_verify.patch rename to review-2.6.23/nfsd4-recheck-for-secure-ports-in-fh_verify.patch diff --git a/queue-2.6.23/ntp-fix-sync-cmos-clock-typo.patch b/review-2.6.23/ntp-fix-sync-cmos-clock-typo.patch similarity index 100% rename from queue-2.6.23/ntp-fix-sync-cmos-clock-typo.patch rename to review-2.6.23/ntp-fix-sync-cmos-clock-typo.patch diff --git a/queue-2.6.23/oprofile-oops-when-profile_pc-returns-0lu.patch b/review-2.6.23/oprofile-oops-when-profile_pc-returns-0lu.patch similarity index 100% rename from queue-2.6.23/oprofile-oops-when-profile_pc-returns-0lu.patch rename to review-2.6.23/oprofile-oops-when-profile_pc-returns-0lu.patch diff --git a/review-2.6.23/patch-2.6.23.9-rc1 b/review-2.6.23/patch-2.6.23.9-rc1 new file mode 100644 index 00000000000..78aec17deb1 --- /dev/null +++ b/review-2.6.23/patch-2.6.23.9-rc1 @@ -0,0 +1,1046 @@ +diff --git a/Makefile b/Makefile +index 435a3d7..a13aa77 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + VERSION = 2 + PATCHLEVEL = 6 + SUBLEVEL = 23 +-EXTRAVERSION = .8 ++EXTRAVERSION = .9-rc1 + NAME = Arr Matey! A Hairy Bilge Rat! + + # *DOCUMENTATION* +diff --git a/arch/i386/lib/delay.c b/arch/i386/lib/delay.c +index f6edb11..66595ed 100644 +--- a/arch/i386/lib/delay.c ++++ b/arch/i386/lib/delay.c +@@ -12,6 +12,7 @@ + + #include + #include ++#include + #include + + #include +@@ -42,11 +43,13 @@ static void delay_tsc(unsigned long loops) + { + unsigned long bclock, now; + ++ preempt_disable(); /* TSC's are per-cpu */ + rdtscl(bclock); + do { + rep_nop(); + rdtscl(now); + } while ((now-bclock) < loops); ++ preempt_enable(); + } + + /* +diff --git a/arch/i386/mm/pgtable.c b/arch/i386/mm/pgtable.c +index 01437c4..91faa59 100644 +--- a/arch/i386/mm/pgtable.c ++++ b/arch/i386/mm/pgtable.c +@@ -97,8 +97,7 @@ static void set_pte_pfn(unsigned long vaddr, unsigned long pfn, pgprot_t flags) + } + pte = pte_offset_kernel(pmd, vaddr); + if (pgprot_val(flags)) +- /* stored as-is, to permit clearing entries */ +- set_pte(pte, pfn_pte(pfn, flags)); ++ set_pte_present(&init_mm, vaddr, pte, pfn_pte(pfn, flags)); + else + pte_clear(&init_mm, vaddr, pte); + +diff --git a/arch/x86_64/kernel/entry.S b/arch/x86_64/kernel/entry.S +index 1d232e5..a6aad39 100644 +--- a/arch/x86_64/kernel/entry.S ++++ b/arch/x86_64/kernel/entry.S +@@ -989,7 +989,7 @@ child_rip: + movq %rsi, %rdi + call *%rax + # exit +- xorl %edi, %edi ++ mov %eax, %edi + call do_exit + CFI_ENDPROC + ENDPROC(child_rip) +diff --git a/arch/x86_64/kernel/time.c b/arch/x86_64/kernel/time.c +index 6d48a4e..4d0d1ac 100644 +--- a/arch/x86_64/kernel/time.c ++++ b/arch/x86_64/kernel/time.c +@@ -87,18 +87,15 @@ static int set_rtc_mmss(unsigned long nowtime) + int retval = 0; + int real_seconds, real_minutes, cmos_minutes; + unsigned char control, freq_select; ++ unsigned long flags; + + /* +- * IRQs are disabled when we're called from the timer interrupt, +- * no need for spin_lock_irqsave() ++ * set_rtc_mmss is called when irqs are enabled, so disable irqs here + */ +- +- spin_lock(&rtc_lock); +- ++ spin_lock_irqsave(&rtc_lock, flags); + /* + * Tell the clock it's being set and stop it. + */ +- + control = CMOS_READ(RTC_CONTROL); + CMOS_WRITE(control | RTC_SET, RTC_CONTROL); + +@@ -143,7 +140,7 @@ static int set_rtc_mmss(unsigned long nowtime) + CMOS_WRITE(control, RTC_CONTROL); + CMOS_WRITE(freq_select, RTC_FREQ_SELECT); + +- spin_unlock(&rtc_lock); ++ spin_unlock_irqrestore(&rtc_lock, flags); + + return retval; + } +diff --git a/arch/x86_64/lib/bitstr.c b/arch/x86_64/lib/bitstr.c +index 2467660..7445caf 100644 +--- a/arch/x86_64/lib/bitstr.c ++++ b/arch/x86_64/lib/bitstr.c +@@ -14,7 +14,7 @@ find_next_zero_string(unsigned long *bitmap, long start, long nbits, int len) + + /* could test bitsliced, but it's hardly worth it */ + end = n+len; +- if (end >= nbits) ++ if (end > nbits) + return -1; + for (i = n+1; i < end; i++) { + if (test_bit(i, bitmap)) { +diff --git a/arch/x86_64/lib/delay.c b/arch/x86_64/lib/delay.c +index 2dbebd3..4d3f1f6 100644 +--- a/arch/x86_64/lib/delay.c ++++ b/arch/x86_64/lib/delay.c +@@ -10,7 +10,9 @@ + + #include + #include ++#include + #include ++ + #include + #include + +@@ -27,14 +29,15 @@ int read_current_timer(unsigned long *timer_value) + void __delay(unsigned long loops) + { + unsigned bclock, now; +- ++ ++ preempt_disable(); /* TSC's are pre-cpu */ + rdtscl(bclock); +- do +- { ++ do { + rep_nop(); + rdtscl(now); + } +- while((now-bclock) < loops); ++ while ((now-bclock) < loops); ++ preempt_enable(); + } + EXPORT_SYMBOL(__delay); + +diff --git a/arch/x86_64/mm/pageattr.c b/arch/x86_64/mm/pageattr.c +index 0416ffb..eff3b22 100644 +--- a/arch/x86_64/mm/pageattr.c ++++ b/arch/x86_64/mm/pageattr.c +@@ -148,6 +148,7 @@ __change_page_attr(unsigned long address, unsigned long pfn, pgprot_t prot, + split = split_large_page(address, prot, ref_prot2); + if (!split) + return -ENOMEM; ++ pgprot_val(ref_prot2) &= ~_PAGE_NX; + set_pte(kpte, mk_pte(split, ref_prot2)); + kpte_page = split; + } +diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c +index d05891f..dad84c0 100644 +--- a/drivers/acpi/video.c ++++ b/drivers/acpi/video.c +@@ -1633,9 +1633,20 @@ static int + acpi_video_get_next_level(struct acpi_video_device *device, + u32 level_current, u32 event) + { +- int min, max, min_above, max_below, i, l; ++ int min, max, min_above, max_below, i, l, delta = 255; + max = max_below = 0; + min = min_above = 255; ++ /* Find closest level to level_current */ ++ for (i = 0; i < device->brightness->count; i++) { ++ l = device->brightness->levels[i]; ++ if (abs(l - level_current) < abs(delta)) { ++ delta = l - level_current; ++ if (!delta) ++ break; ++ } ++ } ++ /* Ajust level_current to closest available level */ ++ level_current += delta; + for (i = 0; i < device->brightness->count; i++) { + l = device->brightness->levels[i]; + if (l < min) +diff --git a/drivers/ata/sata_sis.c b/drivers/ata/sata_sis.c +index 41c1d6e..e203974 100644 +--- a/drivers/ata/sata_sis.c ++++ b/drivers/ata/sata_sis.c +@@ -92,7 +92,7 @@ static struct scsi_host_template sis_sht = { + .queuecommand = ata_scsi_queuecmd, + .can_queue = ATA_DEF_QUEUE, + .this_id = ATA_SHT_THIS_ID, +- .sg_tablesize = ATA_MAX_PRD, ++ .sg_tablesize = LIBATA_MAX_PRD, + .cmd_per_lun = ATA_SHT_CMD_PER_LUN, + .emulated = ATA_SHT_EMULATED, + .use_clustering = ATA_SHT_USE_CLUSTERING, +@@ -168,11 +168,11 @@ static unsigned int get_scr_cfg_addr(struct ata_port *ap, unsigned int sc_reg) + return addr; + } + +-static u32 sis_scr_cfg_read (struct ata_port *ap, unsigned int sc_reg) ++static u32 sis_scr_cfg_read (struct ata_port *ap, unsigned int sc_reg, u32 *val) + { + struct pci_dev *pdev = to_pci_dev(ap->host->dev); + unsigned int cfg_addr = get_scr_cfg_addr(ap, sc_reg); +- u32 val, val2 = 0; ++ u32 val2 = 0; + u8 pmr; + + if (sc_reg == SCR_ERROR) /* doesn't exist in PCI cfg space */ +@@ -180,13 +180,16 @@ static u32 sis_scr_cfg_read (struct ata_port *ap, unsigned int sc_reg) + + pci_read_config_byte(pdev, SIS_PMR, &pmr); + +- pci_read_config_dword(pdev, cfg_addr, &val); ++ pci_read_config_dword(pdev, cfg_addr, val); + + if ((pdev->device == 0x0182) || (pdev->device == 0x0183) || + (pdev->device == 0x1182) || (pmr & SIS_PMR_COMBINED)) + pci_read_config_dword(pdev, cfg_addr+0x10, &val2); + +- return (val|val2) & 0xfffffffb; /* avoid problems with powerdowned ports */ ++ *val |= val2; ++ *val &= 0xfffffffb; /* avoid problems with powerdowned ports */ ++ ++ return 0; + } + + static void sis_scr_cfg_write (struct ata_port *ap, unsigned int sc_reg, u32 val) +@@ -216,7 +219,7 @@ static int sis_scr_read(struct ata_port *ap, unsigned int sc_reg, u32 *val) + return -EINVAL; + + if (ap->flags & SIS_FLAG_CFGSCR) +- return sis_scr_cfg_read(ap, sc_reg); ++ return sis_scr_cfg_read(ap, sc_reg, val); + + pci_read_config_byte(pdev, SIS_PMR, &pmr); + +diff --git a/drivers/crypto/geode-aes.c b/drivers/crypto/geode-aes.c +index 6a86958..fa4c990 100644 +--- a/drivers/crypto/geode-aes.c ++++ b/drivers/crypto/geode-aes.c +@@ -110,8 +110,7 @@ geode_aes_crypt(struct geode_aes_op *op) + * we don't need to worry + */ + +- if (op->src == op->dst) +- flags |= (AES_CTRL_DCA | AES_CTRL_SCA); ++ flags |= (AES_CTRL_DCA | AES_CTRL_SCA); + + if (op->dir == AES_DIR_ENCRYPT) + flags |= AES_CTRL_ENCRYPT; +diff --git a/drivers/dma/dmaengine.c b/drivers/dma/dmaengine.c +index 8248992..d59b2f4 100644 +--- a/drivers/dma/dmaengine.c ++++ b/drivers/dma/dmaengine.c +@@ -182,10 +182,9 @@ static void dma_client_chan_alloc(struct dma_client *client) + /* we are done once this client rejects + * an available resource + */ +- if (ack == DMA_ACK) { ++ if (ack == DMA_ACK) + dma_chan_get(chan); +- kref_get(&device->refcount); +- } else if (ack == DMA_NAK) ++ else if (ack == DMA_NAK) + return; + } + } +@@ -272,11 +271,8 @@ static void dma_clients_notify_removed(struct dma_chan *chan) + /* client was holding resources for this channel so + * free it + */ +- if (ack == DMA_ACK) { ++ if (ack == DMA_ACK) + dma_chan_put(chan); +- kref_put(&chan->device->refcount, +- dma_async_device_cleanup); +- } + } + + mutex_unlock(&dma_list_mutex); +@@ -316,11 +312,8 @@ void dma_async_client_unregister(struct dma_client *client) + ack = client->event_callback(client, chan, + DMA_RESOURCE_REMOVED); + +- if (ack == DMA_ACK) { ++ if (ack == DMA_ACK) + dma_chan_put(chan); +- kref_put(&chan->device->refcount, +- dma_async_device_cleanup); +- } + } + + list_del(&client->global_node); +@@ -397,6 +390,8 @@ int dma_async_device_register(struct dma_device *device) + goto err_out; + } + ++ /* One for the channel, one of the class device */ ++ kref_get(&device->refcount); + kref_get(&device->refcount); + kref_init(&chan->refcount); + chan->slow_ref = 0; +diff --git a/drivers/i2c/busses/i2c-pasemi.c b/drivers/i2c/busses/i2c-pasemi.c +index 58e3271..dcf5dec 100644 +--- a/drivers/i2c/busses/i2c-pasemi.c ++++ b/drivers/i2c/busses/i2c-pasemi.c +@@ -51,6 +51,7 @@ struct pasemi_smbus { + #define MRXFIFO_DATA_M 0x000000ff + + #define SMSTA_XEN 0x08000000 ++#define SMSTA_MTN 0x00200000 + + #define CTL_MRR 0x00000400 + #define CTL_MTR 0x00000200 +@@ -98,6 +99,10 @@ static unsigned int pasemi_smb_waitready(struct pasemi_smbus *smbus) + status = reg_read(smbus, REG_SMSTA); + } + ++ /* Got NACK? */ ++ if (status & SMSTA_MTN) ++ return -ENXIO; ++ + if (timeout < 0) { + dev_warn(&smbus->dev->dev, "Timeout, status 0x%08x\n", status); + reg_write(smbus, REG_SMSTA, status); +diff --git a/drivers/i2c/chips/eeprom.c b/drivers/i2c/chips/eeprom.c +index d3da1fb..1a7eeeb 100644 +--- a/drivers/i2c/chips/eeprom.c ++++ b/drivers/i2c/chips/eeprom.c +@@ -128,13 +128,20 @@ static ssize_t eeprom_read(struct kobject *kobj, struct bin_attribute *bin_attr, + for (slice = off >> 5; slice <= (off + count - 1) >> 5; slice++) + eeprom_update_client(client, slice); + +- /* Hide Vaio security settings to regular users (16 first bytes) */ +- if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) { +- size_t in_row1 = 16 - off; +- in_row1 = min(in_row1, count); +- memset(buf, 0, in_row1); +- if (count - in_row1 > 0) +- memcpy(buf + in_row1, &data->data[16], count - in_row1); ++ /* Hide Vaio private settings to regular users: ++ - BIOS passwords: bytes 0x00 to 0x0f ++ - UUID: bytes 0x10 to 0x1f ++ - Serial number: 0xc0 to 0xdf */ ++ if (data->nature == VAIO && !capable(CAP_SYS_ADMIN)) { ++ int i; ++ ++ for (i = 0; i < count; i++) { ++ if ((off + i <= 0x1f) || ++ (off + i >= 0xc0 && off + i <= 0xdf)) ++ buf[i] = 0; ++ else ++ buf[i] = data->data[off + i]; ++ } + } else { + memcpy(buf, &data->data[off], count); + } +@@ -197,14 +204,18 @@ static int eeprom_detect(struct i2c_adapter *adapter, int address, int kind) + goto exit_kfree; + + /* Detect the Vaio nature of EEPROMs. +- We use the "PCG-" prefix as the signature. */ ++ We use the "PCG-" or "VGN-" prefix as the signature. */ + if (address == 0x57) { +- if (i2c_smbus_read_byte_data(new_client, 0x80) == 'P' +- && i2c_smbus_read_byte(new_client) == 'C' +- && i2c_smbus_read_byte(new_client) == 'G' +- && i2c_smbus_read_byte(new_client) == '-') { ++ char name[4]; ++ ++ name[0] = i2c_smbus_read_byte_data(new_client, 0x80); ++ name[1] = i2c_smbus_read_byte(new_client); ++ name[2] = i2c_smbus_read_byte(new_client); ++ name[3] = i2c_smbus_read_byte(new_client); ++ ++ if (!memcmp(name, "PCG-", 4) || !memcmp(name, "VGN-", 4)) { + dev_info(&new_client->dev, "Vaio EEPROM detected, " +- "enabling password protection\n"); ++ "enabling privacy protection\n"); + data->nature = VAIO; + } + } +diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c +index 3808f52..e86cacb 100644 +--- a/drivers/md/raid5.c ++++ b/drivers/md/raid5.c +@@ -689,7 +689,8 @@ ops_run_prexor(struct stripe_head *sh, struct dma_async_tx_descriptor *tx) + } + + static struct dma_async_tx_descriptor * +-ops_run_biodrain(struct stripe_head *sh, struct dma_async_tx_descriptor *tx) ++ops_run_biodrain(struct stripe_head *sh, struct dma_async_tx_descriptor *tx, ++ unsigned long pending) + { + int disks = sh->disks; + int pd_idx = sh->pd_idx, i; +@@ -697,7 +698,7 @@ ops_run_biodrain(struct stripe_head *sh, struct dma_async_tx_descriptor *tx) + /* check if prexor is active which means only process blocks + * that are part of a read-modify-write (Wantprexor) + */ +- int prexor = test_bit(STRIPE_OP_PREXOR, &sh->ops.pending); ++ int prexor = test_bit(STRIPE_OP_PREXOR, &pending); + + pr_debug("%s: stripe %llu\n", __FUNCTION__, + (unsigned long long)sh->sector); +@@ -774,7 +775,8 @@ static void ops_complete_write(void *stripe_head_ref) + } + + static void +-ops_run_postxor(struct stripe_head *sh, struct dma_async_tx_descriptor *tx) ++ops_run_postxor(struct stripe_head *sh, struct dma_async_tx_descriptor *tx, ++ unsigned long pending) + { + /* kernel stack size limits the total number of disks */ + int disks = sh->disks; +@@ -782,7 +784,7 @@ ops_run_postxor(struct stripe_head *sh, struct dma_async_tx_descriptor *tx) + + int count = 0, pd_idx = sh->pd_idx, i; + struct page *xor_dest; +- int prexor = test_bit(STRIPE_OP_PREXOR, &sh->ops.pending); ++ int prexor = test_bit(STRIPE_OP_PREXOR, &pending); + unsigned long flags; + dma_async_tx_callback callback; + +@@ -809,7 +811,7 @@ ops_run_postxor(struct stripe_head *sh, struct dma_async_tx_descriptor *tx) + } + + /* check whether this postxor is part of a write */ +- callback = test_bit(STRIPE_OP_BIODRAIN, &sh->ops.pending) ? ++ callback = test_bit(STRIPE_OP_BIODRAIN, &pending) ? + ops_complete_write : ops_complete_postxor; + + /* 1/ if we prexor'd then the dest is reused as a source +@@ -897,12 +899,12 @@ static void raid5_run_ops(struct stripe_head *sh, unsigned long pending) + tx = ops_run_prexor(sh, tx); + + if (test_bit(STRIPE_OP_BIODRAIN, &pending)) { +- tx = ops_run_biodrain(sh, tx); ++ tx = ops_run_biodrain(sh, tx, pending); + overlap_clear++; + } + + if (test_bit(STRIPE_OP_POSTXOR, &pending)) +- ops_run_postxor(sh, tx); ++ ops_run_postxor(sh, tx, pending); + + if (test_bit(STRIPE_OP_CHECK, &pending)) + ops_run_check(sh); +diff --git a/drivers/net/wireless/ipw2200.c b/drivers/net/wireless/ipw2200.c +index 61497c4..da91b3b 100644 +--- a/drivers/net/wireless/ipw2200.c ++++ b/drivers/net/wireless/ipw2200.c +@@ -1740,8 +1740,10 @@ static int ipw_radio_kill_sw(struct ipw_priv *priv, int disable_radio) + if (disable_radio) { + priv->status |= STATUS_RF_KILL_SW; + +- if (priv->workqueue) ++ if (priv->workqueue) { + cancel_delayed_work(&priv->request_scan); ++ cancel_delayed_work(&priv->scan_event); ++ } + queue_work(priv->workqueue, &priv->down); + } else { + priv->status &= ~STATUS_RF_KILL_SW; +@@ -1992,6 +1994,7 @@ static void ipw_irq_tasklet(struct ipw_priv *priv) + wake_up_interruptible(&priv->wait_command_queue); + priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING); + cancel_delayed_work(&priv->request_scan); ++ cancel_delayed_work(&priv->scan_event); + schedule_work(&priv->link_down); + queue_delayed_work(priv->workqueue, &priv->rf_kill, 2 * HZ); + handled |= IPW_INTA_BIT_RF_KILL_DONE; +@@ -4341,6 +4344,37 @@ static void ipw_handle_missed_beacon(struct ipw_priv *priv, + IPW_DEBUG_NOTIF("Missed beacon: %d\n", missed_count); + } + ++static void ipw_scan_event(struct work_struct *work) ++{ ++ union iwreq_data wrqu; ++ ++ struct ipw_priv *priv = ++ container_of(work, struct ipw_priv, scan_event.work); ++ ++ wrqu.data.length = 0; ++ wrqu.data.flags = 0; ++ wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL); ++} ++ ++static void handle_scan_event(struct ipw_priv *priv) ++{ ++ /* Only userspace-requested scan completion events go out immediately */ ++ if (!priv->user_requested_scan) { ++ if (!delayed_work_pending(&priv->scan_event)) ++ queue_delayed_work(priv->workqueue, &priv->scan_event, ++ round_jiffies(msecs_to_jiffies(4000))); ++ } else { ++ union iwreq_data wrqu; ++ ++ priv->user_requested_scan = 0; ++ cancel_delayed_work(&priv->scan_event); ++ ++ wrqu.data.length = 0; ++ wrqu.data.flags = 0; ++ wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL); ++ } ++} ++ + /** + * Handle host notification packet. + * Called from interrupt routine +@@ -4702,14 +4736,8 @@ static void ipw_rx_notification(struct ipw_priv *priv, + * on how the scan was initiated. User space can just + * sync on periodic scan to get fresh data... + * Jean II */ +- if (x->status == SCAN_COMPLETED_STATUS_COMPLETE) { +- union iwreq_data wrqu; +- +- wrqu.data.length = 0; +- wrqu.data.flags = 0; +- wireless_send_event(priv->net_dev, SIOCGIWSCAN, +- &wrqu, NULL); +- } ++ if (x->status == SCAN_COMPLETED_STATUS_COMPLETE) ++ handle_scan_event(priv); + break; + } + +@@ -9472,6 +9500,10 @@ static int ipw_wx_set_scan(struct net_device *dev, + struct ipw_priv *priv = ieee80211_priv(dev); + struct iw_scan_req *req = (struct iw_scan_req *)extra; + ++ mutex_lock(&priv->mutex); ++ priv->user_requested_scan = 1; ++ mutex_unlock(&priv->mutex); ++ + if (wrqu->data.length == sizeof(struct iw_scan_req)) { + if (wrqu->data.flags & IW_SCAN_THIS_ESSID) { + ipw_request_direct_scan(priv, req->essid, +@@ -10647,6 +10679,7 @@ static void ipw_link_up(struct ipw_priv *priv) + } + + cancel_delayed_work(&priv->request_scan); ++ cancel_delayed_work(&priv->scan_event); + ipw_reset_stats(priv); + /* Ensure the rate is updated immediately */ + priv->last_rate = ipw_get_current_rate(priv); +@@ -10684,7 +10717,8 @@ static void ipw_link_down(struct ipw_priv *priv) + if (!(priv->status & STATUS_EXIT_PENDING)) { + /* Queue up another scan... */ + queue_delayed_work(priv->workqueue, &priv->request_scan, 0); +- } ++ } else ++ cancel_delayed_work(&priv->scan_event); + } + + static void ipw_bg_link_down(struct work_struct *work) +@@ -10714,6 +10748,7 @@ static int ipw_setup_deferred_work(struct ipw_priv *priv) + INIT_WORK(&priv->up, ipw_bg_up); + INIT_WORK(&priv->down, ipw_bg_down); + INIT_DELAYED_WORK(&priv->request_scan, ipw_request_scan); ++ INIT_DELAYED_WORK(&priv->scan_event, ipw_scan_event); + INIT_WORK(&priv->request_passive_scan, ipw_request_passive_scan); + INIT_DELAYED_WORK(&priv->gather_stats, ipw_bg_gather_stats); + INIT_WORK(&priv->abort_scan, ipw_bg_abort_scan); +@@ -11746,6 +11781,7 @@ static void ipw_pci_remove(struct pci_dev *pdev) + cancel_delayed_work(&priv->adhoc_check); + cancel_delayed_work(&priv->gather_stats); + cancel_delayed_work(&priv->request_scan); ++ cancel_delayed_work(&priv->scan_event); + cancel_delayed_work(&priv->rf_kill); + cancel_delayed_work(&priv->scan_check); + destroy_workqueue(priv->workqueue); +diff --git a/drivers/net/wireless/ipw2200.h b/drivers/net/wireless/ipw2200.h +index 626a240..58b8fe5 100644 +--- a/drivers/net/wireless/ipw2200.h ++++ b/drivers/net/wireless/ipw2200.h +@@ -1288,6 +1288,8 @@ struct ipw_priv { + + struct iw_public_data wireless_data; + ++ int user_requested_scan; ++ + struct workqueue_struct *workqueue; + + struct delayed_work adhoc_check; +@@ -1296,6 +1298,7 @@ struct ipw_priv { + struct work_struct system_config; + struct work_struct rx_replenish; + struct delayed_work request_scan; ++ struct delayed_work scan_event; + struct work_struct request_passive_scan; + struct work_struct adapter_restart; + struct delayed_work rf_kill; +diff --git a/drivers/oprofile/cpu_buffer.c b/drivers/oprofile/cpu_buffer.c +index a83c3db..c93d3d2 100644 +--- a/drivers/oprofile/cpu_buffer.c ++++ b/drivers/oprofile/cpu_buffer.c +@@ -64,6 +64,8 @@ int alloc_cpu_buffers(void) + b->head_pos = 0; + b->sample_received = 0; + b->sample_lost_overflow = 0; ++ b->backtrace_aborted = 0; ++ b->sample_invalid_eip = 0; + b->cpu = i; + INIT_DELAYED_WORK(&b->work, wq_sync_buffer); + } +@@ -175,6 +177,11 @@ static int log_sample(struct oprofile_cpu_buffer * cpu_buf, unsigned long pc, + + cpu_buf->sample_received++; + ++ if (pc == ESCAPE_CODE) { ++ cpu_buf->sample_invalid_eip++; ++ return 0; ++ } ++ + if (nr_available_slots(cpu_buf) < 3) { + cpu_buf->sample_lost_overflow++; + return 0; +diff --git a/drivers/oprofile/cpu_buffer.h b/drivers/oprofile/cpu_buffer.h +index 49900d9..c66c025 100644 +--- a/drivers/oprofile/cpu_buffer.h ++++ b/drivers/oprofile/cpu_buffer.h +@@ -42,6 +42,7 @@ struct oprofile_cpu_buffer { + unsigned long sample_received; + unsigned long sample_lost_overflow; + unsigned long backtrace_aborted; ++ unsigned long sample_invalid_eip; + int cpu; + struct delayed_work work; + } ____cacheline_aligned; +diff --git a/drivers/oprofile/oprofile_stats.c b/drivers/oprofile/oprofile_stats.c +index f0acb66..d1f6d77 100644 +--- a/drivers/oprofile/oprofile_stats.c ++++ b/drivers/oprofile/oprofile_stats.c +@@ -26,6 +26,8 @@ void oprofile_reset_stats(void) + cpu_buf = &cpu_buffer[i]; + cpu_buf->sample_received = 0; + cpu_buf->sample_lost_overflow = 0; ++ cpu_buf->backtrace_aborted = 0; ++ cpu_buf->sample_invalid_eip = 0; + } + + atomic_set(&oprofile_stats.sample_lost_no_mm, 0); +@@ -61,6 +63,8 @@ void oprofile_create_stats_files(struct super_block * sb, struct dentry * root) + &cpu_buf->sample_lost_overflow); + oprofilefs_create_ro_ulong(sb, cpudir, "backtrace_aborted", + &cpu_buf->backtrace_aborted); ++ oprofilefs_create_ro_ulong(sb, cpudir, "sample_invalid_eip", ++ &cpu_buf->sample_invalid_eip); + } + + oprofilefs_create_ro_atomic(sb, dir, "sample_lost_no_mm", +diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h +index c6b78ba..b2b6405 100644 +--- a/drivers/usb/storage/unusual_devs.h ++++ b/drivers/usb/storage/unusual_devs.h +@@ -341,6 +341,13 @@ UNUSUAL_DEV( 0x04b0, 0x040d, 0x0100, 0x0100, + US_SC_DEVICE, US_PR_DEVICE, NULL, + US_FL_FIX_CAPACITY), + ++/* Reported by Graber and Mike Pagano */ ++UNUSUAL_DEV( 0x04b0, 0x040f, 0x0200, 0x0200, ++ "NIKON", ++ "NIKON DSC D200", ++ US_SC_DEVICE, US_PR_DEVICE, NULL, ++ US_FL_FIX_CAPACITY), ++ + /* Reported by Emil Larsson */ + UNUSUAL_DEV( 0x04b0, 0x0411, 0x0100, 0x0101, + "NIKON", +@@ -355,6 +362,13 @@ UNUSUAL_DEV( 0x04b0, 0x0413, 0x0110, 0x0110, + US_SC_DEVICE, US_PR_DEVICE, NULL, + US_FL_FIX_CAPACITY), + ++/* Reported by Shan Destromp (shansan@gmail.com) */ ++UNUSUAL_DEV( 0x04b0, 0x0417, 0x0100, 0x0100, ++ "NIKON", ++ "NIKON DSC D40X", ++ US_SC_DEVICE, US_PR_DEVICE, NULL, ++ US_FL_FIX_CAPACITY), ++ + /* BENQ DC5330 + * Reported by Manuel Fombuena and + * Frank Copeland */ +diff --git a/drivers/video/ps3fb.c b/drivers/video/ps3fb.c +index 646ec82..0f2a7ba 100644 +--- a/drivers/video/ps3fb.c ++++ b/drivers/video/ps3fb.c +@@ -659,7 +659,7 @@ static int ps3fb_blank(int blank, struct fb_info *info) + + static int ps3fb_get_vblank(struct fb_vblank *vblank) + { +- memset(vblank, 0, sizeof(&vblank)); ++ memset(vblank, 0, sizeof(*vblank)); + vblank->flags = FB_VBLANK_HAVE_VSYNC; + return 0; + } +diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c +index b617428..0e5fa11 100644 +--- a/fs/nfsd/nfs2acl.c ++++ b/fs/nfsd/nfs2acl.c +@@ -41,7 +41,7 @@ static __be32 nfsacld_proc_getacl(struct svc_rqst * rqstp, + + fh = fh_copy(&resp->fh, &argp->fh); + if ((nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP))) +- RETURN_STATUS(nfserr_inval); ++ RETURN_STATUS(nfserr); + + if (argp->mask & ~(NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT)) + RETURN_STATUS(nfserr_inval); +diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c +index 3e3f2de..b647f2f 100644 +--- a/fs/nfsd/nfs3acl.c ++++ b/fs/nfsd/nfs3acl.c +@@ -37,7 +37,7 @@ static __be32 nfsd3_proc_getacl(struct svc_rqst * rqstp, + + fh = fh_copy(&resp->fh, &argp->fh); + if ((nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP))) +- RETURN_STATUS(nfserr_inval); ++ RETURN_STATUS(nfserr); + + if (argp->mask & ~(NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT)) + RETURN_STATUS(nfserr_inval); +diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c +index 7011d62..51221be 100644 +--- a/fs/nfsd/nfsfh.c ++++ b/fs/nfsd/nfsfh.c +@@ -95,6 +95,22 @@ nfsd_mode_check(struct svc_rqst *rqstp, umode_t mode, int type) + return 0; + } + ++static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp, ++ struct svc_export *exp) ++{ ++ /* Check if the request originated from a secure port. */ ++ if (!rqstp->rq_secure && EX_SECURE(exp)) { ++ char buf[RPC_MAX_ADDRBUFLEN]; ++ dprintk(KERN_WARNING ++ "nfsd: request from insecure port %s!\n", ++ svc_print_addr(rqstp, buf, sizeof(buf))); ++ return nfserr_perm; ++ } ++ ++ /* Set user creds for this exportpoint */ ++ return nfserrno(nfsd_setuser(rqstp, exp)); ++} ++ + /* + * Perform sanity checks on the dentry in a client's file handle. + * +@@ -167,18 +183,7 @@ fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, int access) + goto out; + } + +- /* Check if the request originated from a secure port. */ +- error = nfserr_perm; +- if (!rqstp->rq_secure && EX_SECURE(exp)) { +- char buf[RPC_MAX_ADDRBUFLEN]; +- printk(KERN_WARNING +- "nfsd: request from insecure port %s!\n", +- svc_print_addr(rqstp, buf, sizeof(buf))); +- goto out; +- } +- +- /* Set user creds for this exportpoint */ +- error = nfserrno(nfsd_setuser(rqstp, exp)); ++ error = nfsd_setuser_and_check_port(rqstp, exp); + if (error) + goto out; + +@@ -227,18 +232,22 @@ fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, int access) + fhp->fh_export = exp; + nfsd_nr_verified++; + } else { +- /* just rechecking permissions +- * (e.g. nfsproc_create calls fh_verify, then nfsd_create does as well) ++ /* ++ * just rechecking permissions ++ * (e.g. nfsproc_create calls fh_verify, then nfsd_create ++ * does as well) + */ + dprintk("nfsd: fh_verify - just checking\n"); + dentry = fhp->fh_dentry; + exp = fhp->fh_export; +- /* Set user creds for this exportpoint; necessary even ++ /* ++ * Set user creds for this exportpoint; necessary even + * in the "just checking" case because this may be a + * filehandle that was created by fh_compose, and that + * is about to be used in another nfsv4 compound +- * operation */ +- error = nfserrno(nfsd_setuser(rqstp, exp)); ++ * operation. ++ */ ++ error = nfsd_setuser_and_check_port(rqstp, exp); + if (error) + goto out; + } +diff --git a/fs/reiserfs/stree.c b/fs/reiserfs/stree.c +index 981027d..ce3c937 100644 +--- a/fs/reiserfs/stree.c ++++ b/fs/reiserfs/stree.c +@@ -1458,9 +1458,6 @@ static void unmap_buffers(struct page *page, loff_t pos) + } + bh = next; + } while (bh != head); +- if (PAGE_SIZE == bh->b_size) { +- cancel_dirty_page(page, PAGE_CACHE_SIZE); +- } + } + } + } +diff --git a/include/asm-i386/system.h b/include/asm-i386/system.h +index d69ba93..b104655 100644 +--- a/include/asm-i386/system.h ++++ b/include/asm-i386/system.h +@@ -141,7 +141,7 @@ static inline unsigned long native_read_cr4_safe(void) + { + unsigned long val; + /* This could fault if %cr4 does not exist */ +- asm("1: movl %%cr4, %0 \n" ++ asm volatile("1: movl %%cr4, %0 \n" + "2: \n" + ".section __ex_table,\"a\" \n" + ".long 1b,2b \n" +diff --git a/include/asm-x86_64/system.h b/include/asm-x86_64/system.h +index 02175aa..47682a6 100644 +--- a/include/asm-x86_64/system.h ++++ b/include/asm-x86_64/system.h +@@ -85,7 +85,7 @@ static inline void write_cr0(unsigned long val) + static inline unsigned long read_cr2(void) + { + unsigned long cr2; +- asm("movq %%cr2,%0" : "=r" (cr2)); ++ asm volatile("movq %%cr2,%0" : "=r" (cr2)); + return cr2; + } + +@@ -97,7 +97,7 @@ static inline void write_cr2(unsigned long val) + static inline unsigned long read_cr3(void) + { + unsigned long cr3; +- asm("movq %%cr3,%0" : "=r" (cr3)); ++ asm volatile("movq %%cr3,%0" : "=r" (cr3)); + return cr3; + } + +@@ -109,7 +109,7 @@ static inline void write_cr3(unsigned long val) + static inline unsigned long read_cr4(void) + { + unsigned long cr4; +- asm("movq %%cr4,%0" : "=r" (cr4)); ++ asm volatile("movq %%cr4,%0" : "=r" (cr4)); + return cr4; + } + +@@ -121,7 +121,7 @@ static inline void write_cr4(unsigned long val) + static inline unsigned long read_cr8(void) + { + unsigned long cr8; +- asm("movq %%cr8,%0" : "=r" (cr8)); ++ asm volatile("movq %%cr8,%0" : "=r" (cr8)); + return cr8; + } + +diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c +index 67c67a8..2f592fe 100644 +--- a/kernel/sched_fair.c ++++ b/kernel/sched_fair.c +@@ -93,7 +93,7 @@ unsigned int sysctl_sched_features __read_mostly = + SCHED_FEAT_FAIR_SLEEPERS *1 | + SCHED_FEAT_SLEEPER_AVG *0 | + SCHED_FEAT_SLEEPER_LOAD_AVG *1 | +- SCHED_FEAT_PRECISE_CPU_LOAD *1 | ++ SCHED_FEAT_PRECISE_CPU_LOAD *0 | + SCHED_FEAT_START_DEBIT *1 | + SCHED_FEAT_SKIP_INITIAL *0; + +diff --git a/kernel/softlockup.c b/kernel/softlockup.c +index e557c44..d857bb0 100644 +--- a/kernel/softlockup.c ++++ b/kernel/softlockup.c +@@ -15,13 +15,16 @@ + #include + #include + ++#include ++ + static DEFINE_SPINLOCK(print_lock); + + static DEFINE_PER_CPU(unsigned long, touch_timestamp); + static DEFINE_PER_CPU(unsigned long, print_timestamp); + static DEFINE_PER_CPU(struct task_struct *, watchdog_task); + +-static int did_panic = 0; ++static int did_panic; ++int softlockup_thresh = 10; + + static int + softlock_panic(struct notifier_block *this, unsigned long event, void *ptr) +@@ -40,14 +43,16 @@ static struct notifier_block panic_block = { + * resolution, and we don't need to waste time with a big divide when + * 2^30ns == 1.074s. + */ +-static unsigned long get_timestamp(void) ++static unsigned long get_timestamp(int this_cpu) + { +- return sched_clock() >> 30; /* 2^30 ~= 10^9 */ ++ return cpu_clock(this_cpu) >> 30; /* 2^30 ~= 10^9 */ + } + + void touch_softlockup_watchdog(void) + { +- __raw_get_cpu_var(touch_timestamp) = get_timestamp(); ++ int this_cpu = raw_smp_processor_id(); ++ ++ __raw_get_cpu_var(touch_timestamp) = get_timestamp(this_cpu); + } + EXPORT_SYMBOL(touch_softlockup_watchdog); + +@@ -70,6 +75,7 @@ void softlockup_tick(void) + int this_cpu = smp_processor_id(); + unsigned long touch_timestamp = per_cpu(touch_timestamp, this_cpu); + unsigned long print_timestamp; ++ struct pt_regs *regs = get_irq_regs(); + unsigned long now; + + if (touch_timestamp == 0) { +@@ -92,28 +98,33 @@ void softlockup_tick(void) + return; + } + +- now = get_timestamp(); ++ now = get_timestamp(this_cpu); + + /* Wake up the high-prio watchdog task every second: */ + if (now > (touch_timestamp + 1)) + wake_up_process(per_cpu(watchdog_task, this_cpu)); + + /* Warn about unreasonable 10+ seconds delays: */ +- if (now > (touch_timestamp + 10)) { +- per_cpu(print_timestamp, this_cpu) = touch_timestamp; ++ if (now <= (touch_timestamp + softlockup_thresh)) ++ return; ++ ++ per_cpu(print_timestamp, this_cpu) = touch_timestamp; + +- spin_lock(&print_lock); +- printk(KERN_ERR "BUG: soft lockup detected on CPU#%d!\n", +- this_cpu); ++ spin_lock(&print_lock); ++ printk(KERN_ERR "BUG: soft lockup - CPU#%d stuck for %lus! [%s:%d]\n", ++ this_cpu, now - touch_timestamp, ++ current->comm, current->pid); ++ if (regs) ++ show_regs(regs); ++ else + dump_stack(); +- spin_unlock(&print_lock); +- } ++ spin_unlock(&print_lock); + } + + /* + * The watchdog thread - runs every second and touches the timestamp. + */ +-static int watchdog(void * __bind_cpu) ++static int watchdog(void *__bind_cpu) + { + struct sched_param param = { .sched_priority = MAX_RT_PRIO-1 }; + +@@ -151,13 +162,13 @@ cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu) + BUG_ON(per_cpu(watchdog_task, hotcpu)); + p = kthread_create(watchdog, hcpu, "watchdog/%d", hotcpu); + if (IS_ERR(p)) { +- printk("watchdog for %i failed\n", hotcpu); ++ printk(KERN_ERR "watchdog for %i failed\n", hotcpu); + return NOTIFY_BAD; + } +- per_cpu(touch_timestamp, hotcpu) = 0; +- per_cpu(watchdog_task, hotcpu) = p; ++ per_cpu(touch_timestamp, hotcpu) = 0; ++ per_cpu(watchdog_task, hotcpu) = p; + kthread_bind(p, hotcpu); +- break; ++ break; + case CPU_ONLINE: + case CPU_ONLINE_FROZEN: + wake_up_process(per_cpu(watchdog_task, hotcpu)); +@@ -177,7 +188,7 @@ cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu) + kthread_stop(p); + break; + #endif /* CONFIG_HOTPLUG_CPU */ +- } ++ } + return NOTIFY_OK; + } + +diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c +index de6a2d6..14a2ecf 100644 +--- a/kernel/time/ntp.c ++++ b/kernel/time/ntp.c +@@ -205,7 +205,7 @@ static void sync_cmos_clock(unsigned long dummy) + return; + + getnstimeofday(&now); +- if (abs(xtime.tv_nsec - (NSEC_PER_SEC / 2)) <= tick_nsec / 2) ++ if (abs(now.tv_nsec - (NSEC_PER_SEC / 2)) <= tick_nsec / 2) + fail = update_persistent_clock(now); + + next.tv_nsec = (NSEC_PER_SEC / 2) - now.tv_nsec; +diff --git a/lib/libcrc32c.c b/lib/libcrc32c.c +index 60f4680..1f3a52e 100644 +--- a/lib/libcrc32c.c ++++ b/lib/libcrc32c.c +@@ -33,7 +33,6 @@ + #include + #include + #include +-#include + + MODULE_AUTHOR("Clay Haapala "); + MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations"); +@@ -161,15 +160,13 @@ static const u32 crc32c_table[256] = { + */ + + u32 __attribute_pure__ +-crc32c_le(u32 seed, unsigned char const *data, size_t length) ++crc32c_le(u32 crc, unsigned char const *data, size_t length) + { +- u32 crc = __cpu_to_le32(seed); +- + while (length--) + crc = + crc32c_table[(crc ^ *data++) & 0xFFL] ^ (crc >> 8); + +- return __le32_to_cpu(crc); ++ return crc; + } + + #endif /* CRC_LE_BITS == 8 */ diff --git a/queue-2.6.23/raid5-fix-unending-write-sequence.patch b/review-2.6.23/raid5-fix-unending-write-sequence.patch similarity index 100% rename from queue-2.6.23/raid5-fix-unending-write-sequence.patch rename to review-2.6.23/raid5-fix-unending-write-sequence.patch diff --git a/queue-2.6.23/reiserfs-don-t-drop-pg_dirty-when-releasing-sub-page-sized-dirty-file.patch b/review-2.6.23/reiserfs-don-t-drop-pg_dirty-when-releasing-sub-page-sized-dirty-file.patch similarity index 100% rename from queue-2.6.23/reiserfs-don-t-drop-pg_dirty-when-releasing-sub-page-sized-dirty-file.patch rename to review-2.6.23/reiserfs-don-t-drop-pg_dirty-when-releasing-sub-page-sized-dirty-file.patch diff --git a/queue-2.6.23/sata_sis-fix-scr-read-breakage.patch b/review-2.6.23/sata_sis-fix-scr-read-breakage.patch similarity index 100% rename from queue-2.6.23/sata_sis-fix-scr-read-breakage.patch rename to review-2.6.23/sata_sis-fix-scr-read-breakage.patch diff --git a/queue-2.6.23/series b/review-2.6.23/series similarity index 100% rename from queue-2.6.23/series rename to review-2.6.23/series diff --git a/queue-2.6.23/softlockup-use-cpu_clock-instead-of-sched_clock.patch b/review-2.6.23/softlockup-use-cpu_clock-instead-of-sched_clock.patch similarity index 100% rename from queue-2.6.23/softlockup-use-cpu_clock-instead-of-sched_clock.patch rename to review-2.6.23/softlockup-use-cpu_clock-instead-of-sched_clock.patch diff --git a/queue-2.6.23/softlockup-watchdog-fixes-and-cleanups.patch b/review-2.6.23/softlockup-watchdog-fixes-and-cleanups.patch similarity index 100% rename from queue-2.6.23/softlockup-watchdog-fixes-and-cleanups.patch rename to review-2.6.23/softlockup-watchdog-fixes-and-cleanups.patch diff --git a/queue-2.6.23/usb-nikon-d40x-unusual_devs-entry.patch b/review-2.6.23/usb-nikon-d40x-unusual_devs-entry.patch similarity index 100% rename from queue-2.6.23/usb-nikon-d40x-unusual_devs-entry.patch rename to review-2.6.23/usb-nikon-d40x-unusual_devs-entry.patch diff --git a/queue-2.6.23/usb-unusual_devs-modification-for-nikon-d200.patch b/review-2.6.23/usb-unusual_devs-modification-for-nikon-d200.patch similarity index 100% rename from queue-2.6.23/usb-unusual_devs-modification-for-nikon-d200.patch rename to review-2.6.23/usb-unusual_devs-modification-for-nikon-d200.patch diff --git a/queue-2.6.23/x86-avoid-inconsistent-ptes.patch b/review-2.6.23/x86-avoid-inconsistent-ptes.patch similarity index 100% rename from queue-2.6.23/x86-avoid-inconsistent-ptes.patch rename to review-2.6.23/x86-avoid-inconsistent-ptes.patch diff --git a/queue-2.6.23/x86-disable-preemption-in-delay_tsc.patch b/review-2.6.23/x86-disable-preemption-in-delay_tsc.patch similarity index 100% rename from queue-2.6.23/x86-disable-preemption-in-delay_tsc.patch rename to review-2.6.23/x86-disable-preemption-in-delay_tsc.patch diff --git a/queue-2.6.23/x86-fix-one-off-in-find-next-zero-string.patch b/review-2.6.23/x86-fix-one-off-in-find-next-zero-string.patch similarity index 100% rename from queue-2.6.23/x86-fix-one-off-in-find-next-zero-string.patch rename to review-2.6.23/x86-fix-one-off-in-find-next-zero-string.patch diff --git a/queue-2.6.23/x86-fix-rtc-locking.patch b/review-2.6.23/x86-fix-rtc-locking.patch similarity index 100% rename from queue-2.6.23/x86-fix-rtc-locking.patch rename to review-2.6.23/x86-fix-rtc-locking.patch diff --git a/queue-2.6.23/x86-mark-read-crx-volatile.patch b/review-2.6.23/x86-mark-read-crx-volatile.patch similarity index 100% rename from queue-2.6.23/x86-mark-read-crx-volatile.patch rename to review-2.6.23/x86-mark-read-crx-volatile.patch diff --git a/queue-2.6.23/x86-nx-bit-handling-in-change-page-attr.patch b/review-2.6.23/x86-nx-bit-handling-in-change-page-attr.patch similarity index 100% rename from queue-2.6.23/x86-nx-bit-handling-in-change-page-attr.patch rename to review-2.6.23/x86-nx-bit-handling-in-change-page-attr.patch diff --git a/queue-2.6.23/x98-return-correct-error-code-from-child-rip.patch b/review-2.6.23/x98-return-correct-error-code-from-child-rip.patch similarity index 100% rename from queue-2.6.23/x98-return-correct-error-code-from-child-rip.patch rename to review-2.6.23/x98-return-correct-error-code-from-child-rip.patch