Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Mike Pagano (mpagano)" <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] linux-patches r1797 - genpatches-2.6/trunk/2.6.35
Date: Mon, 27 Sep 2010 14:39:58
Message-Id: 20100927143939.8E40A20051@flycatcher.gentoo.org
1 Author: mpagano
2 Date: 2010-09-27 14:39:39 +0000 (Mon, 27 Sep 2010)
3 New Revision: 1797
4
5 Added:
6 genpatches-2.6/trunk/2.6.35/1005_linux-2.6.35.6.patch
7 Removed:
8 genpatches-2.6/trunk/2.6.35/2600_support-eject-dell-studio-1555.patch
9 Modified:
10 genpatches-2.6/trunk/2.6.35/0000_README
11 Log:
12 Linux patch 2.6.35.6. Remove redundant patch
13
14 Modified: genpatches-2.6/trunk/2.6.35/0000_README
15 ===================================================================
16 --- genpatches-2.6/trunk/2.6.35/0000_README 2010-09-27 14:28:40 UTC (rev 1796)
17 +++ genpatches-2.6/trunk/2.6.35/0000_README 2010-09-27 14:39:39 UTC (rev 1797)
18 @@ -63,10 +63,6 @@
19 From: http://bugs.gentoo.org/show_bug.cgi?id=318365
20 Desc: create /sys/fs/cgroup to mount cgroupfs to support systemd
21
22 -Patch: 2600_support-eject-dell-studio-1555.patch
23 -From: http://bugs.gentoo.org/show_bug.cgi?id=333379
24 -Desc: Add support for eject key on Dell Studio 1555
25 -
26 Patch: 2900_xconfig-with-qt4.patch
27 From: http://bugs.gentoo.org/show_bug.cgi?id=320761
28 Desc: xconfig patch for qt4 - thanks to Sam Iam
29
30 Added: genpatches-2.6/trunk/2.6.35/1005_linux-2.6.35.6.patch
31 ===================================================================
32 --- genpatches-2.6/trunk/2.6.35/1005_linux-2.6.35.6.patch (rev 0)
33 +++ genpatches-2.6/trunk/2.6.35/1005_linux-2.6.35.6.patch 2010-09-27 14:39:39 UTC (rev 1797)
34 @@ -0,0 +1,4005 @@
35 +diff --git a/arch/alpha/kernel/err_marvel.c b/arch/alpha/kernel/err_marvel.c
36 +index 52a79df..5c905aa 100644
37 +--- a/arch/alpha/kernel/err_marvel.c
38 ++++ b/arch/alpha/kernel/err_marvel.c
39 +@@ -109,7 +109,7 @@ marvel_print_err_cyc(u64 err_cyc)
40 + #define IO7__ERR_CYC__CYCLE__M (0x7)
41 +
42 + printk("%s Packet In Error: %s\n"
43 +- "%s Error in %s, cycle %ld%s%s\n",
44 ++ "%s Error in %s, cycle %lld%s%s\n",
45 + err_print_prefix,
46 + packet_desc[EXTRACT(err_cyc, IO7__ERR_CYC__PACKET)],
47 + err_print_prefix,
48 +@@ -313,7 +313,7 @@ marvel_print_po7_ugbge_sym(u64 ugbge_sym)
49 + }
50 +
51 + printk("%s Up Hose Garbage Symptom:\n"
52 +- "%s Source Port: %ld - Dest PID: %ld - OpCode: %s\n",
53 ++ "%s Source Port: %lld - Dest PID: %lld - OpCode: %s\n",
54 + err_print_prefix,
55 + err_print_prefix,
56 + EXTRACT(ugbge_sym, IO7__PO7_UGBGE_SYM__UPH_SRC_PORT),
57 +@@ -552,7 +552,7 @@ marvel_print_pox_spl_cmplt(u64 spl_cmplt)
58 + #define IO7__POX_SPLCMPLT__REM_BYTE_COUNT__M (0xfff)
59 +
60 + printk("%s Split Completion Error:\n"
61 +- "%s Source (Bus:Dev:Func): %ld:%ld:%ld\n",
62 ++ "%s Source (Bus:Dev:Func): %lld:%lld:%lld\n",
63 + err_print_prefix,
64 + err_print_prefix,
65 + EXTRACT(spl_cmplt, IO7__POX_SPLCMPLT__SOURCE_BUS),
66 +diff --git a/arch/alpha/kernel/proto.h b/arch/alpha/kernel/proto.h
67 +index 3d2627e..d3e52d3 100644
68 +--- a/arch/alpha/kernel/proto.h
69 ++++ b/arch/alpha/kernel/proto.h
70 +@@ -156,9 +156,6 @@ extern void SMC669_Init(int);
71 + /* es1888.c */
72 + extern void es1888_init(void);
73 +
74 +-/* ns87312.c */
75 +-extern void ns87312_enable_ide(long ide_base);
76 +-
77 + /* ../lib/fpreg.c */
78 + extern void alpha_write_fp_reg (unsigned long reg, unsigned long val);
79 + extern unsigned long alpha_read_fp_reg (unsigned long reg);
80 +diff --git a/arch/alpha/kernel/sys_cabriolet.c b/arch/alpha/kernel/sys_cabriolet.c
81 +index affd0f3..14c8898 100644
82 +--- a/arch/alpha/kernel/sys_cabriolet.c
83 ++++ b/arch/alpha/kernel/sys_cabriolet.c
84 +@@ -33,7 +33,7 @@
85 + #include "irq_impl.h"
86 + #include "pci_impl.h"
87 + #include "machvec_impl.h"
88 +-
89 ++#include "pc873xx.h"
90 +
91 + /* Note mask bit is true for DISABLED irqs. */
92 + static unsigned long cached_irq_mask = ~0UL;
93 +@@ -236,17 +236,30 @@ cabriolet_map_irq(struct pci_dev *dev, u8 slot, u8 pin)
94 + }
95 +
96 + static inline void __init
97 ++cabriolet_enable_ide(void)
98 ++{
99 ++ if (pc873xx_probe() == -1) {
100 ++ printk(KERN_ERR "Probing for PC873xx Super IO chip failed.\n");
101 ++ } else {
102 ++ printk(KERN_INFO "Found %s Super IO chip at 0x%x\n",
103 ++ pc873xx_get_model(), pc873xx_get_base());
104 ++
105 ++ pc873xx_enable_ide();
106 ++ }
107 ++}
108 ++
109 ++static inline void __init
110 + cabriolet_init_pci(void)
111 + {
112 + common_init_pci();
113 +- ns87312_enable_ide(0x398);
114 ++ cabriolet_enable_ide();
115 + }
116 +
117 + static inline void __init
118 + cia_cab_init_pci(void)
119 + {
120 + cia_init_pci();
121 +- ns87312_enable_ide(0x398);
122 ++ cabriolet_enable_ide();
123 + }
124 +
125 + /*
126 +diff --git a/arch/alpha/kernel/sys_takara.c b/arch/alpha/kernel/sys_takara.c
127 +index 2304648..4da596b 100644
128 +--- a/arch/alpha/kernel/sys_takara.c
129 ++++ b/arch/alpha/kernel/sys_takara.c
130 +@@ -29,7 +29,7 @@
131 + #include "irq_impl.h"
132 + #include "pci_impl.h"
133 + #include "machvec_impl.h"
134 +-
135 ++#include "pc873xx.h"
136 +
137 + /* Note mask bit is true for DISABLED irqs. */
138 + static unsigned long cached_irq_mask[2] = { -1, -1 };
139 +@@ -264,7 +264,14 @@ takara_init_pci(void)
140 + alpha_mv.pci_map_irq = takara_map_irq_srm;
141 +
142 + cia_init_pci();
143 +- ns87312_enable_ide(0x26e);
144 ++
145 ++ if (pc873xx_probe() == -1) {
146 ++ printk(KERN_ERR "Probing for PC873xx Super IO chip failed.\n");
147 ++ } else {
148 ++ printk(KERN_INFO "Found %s Super IO chip at 0x%x\n",
149 ++ pc873xx_get_model(), pc873xx_get_base());
150 ++ pc873xx_enable_ide();
151 ++ }
152 + }
153 +
154 +
155 +diff --git a/arch/arm/mach-at91/at91sam9g45_devices.c b/arch/arm/mach-at91/at91sam9g45_devices.c
156 +index 809114d..501ac6f 100644
157 +--- a/arch/arm/mach-at91/at91sam9g45_devices.c
158 ++++ b/arch/arm/mach-at91/at91sam9g45_devices.c
159 +@@ -46,7 +46,7 @@ static struct resource hdmac_resources[] = {
160 + .end = AT91_BASE_SYS + AT91_DMA + SZ_512 - 1,
161 + .flags = IORESOURCE_MEM,
162 + },
163 +- [2] = {
164 ++ [1] = {
165 + .start = AT91SAM9G45_ID_DMA,
166 + .end = AT91SAM9G45_ID_DMA,
167 + .flags = IORESOURCE_IRQ,
168 +diff --git a/arch/ia64/kernel/fsys.S b/arch/ia64/kernel/fsys.S
169 +index 3567d54..331d42b 100644
170 +--- a/arch/ia64/kernel/fsys.S
171 ++++ b/arch/ia64/kernel/fsys.S
172 +@@ -420,22 +420,31 @@ EX(.fail_efault, ld8 r14=[r33]) // r14 <- *set
173 + ;;
174 +
175 + RSM_PSR_I(p0, r18, r19) // mask interrupt delivery
176 +- mov ar.ccv=0
177 + andcm r14=r14,r17 // filter out SIGKILL & SIGSTOP
178 ++ mov r8=EINVAL // default to EINVAL
179 +
180 + #ifdef CONFIG_SMP
181 +- mov r17=1
182 ++ // __ticket_spin_trylock(r31)
183 ++ ld4 r17=[r31]
184 + ;;
185 +- cmpxchg4.acq r18=[r31],r17,ar.ccv // try to acquire the lock
186 +- mov r8=EINVAL // default to EINVAL
187 ++ mov.m ar.ccv=r17
188 ++ extr.u r9=r17,17,15
189 ++ adds r19=1,r17
190 ++ extr.u r18=r17,0,15
191 ++ ;;
192 ++ cmp.eq p6,p7=r9,r18
193 + ;;
194 ++(p6) cmpxchg4.acq r9=[r31],r19,ar.ccv
195 ++(p6) dep.z r20=r19,1,15 // next serving ticket for unlock
196 ++(p7) br.cond.spnt.many .lock_contention
197 ++ ;;
198 ++ cmp4.eq p0,p7=r9,r17
199 ++ adds r31=2,r31
200 ++(p7) br.cond.spnt.many .lock_contention
201 + ld8 r3=[r2] // re-read current->blocked now that we hold the lock
202 +- cmp4.ne p6,p0=r18,r0
203 +-(p6) br.cond.spnt.many .lock_contention
204 + ;;
205 + #else
206 + ld8 r3=[r2] // re-read current->blocked now that we hold the lock
207 +- mov r8=EINVAL // default to EINVAL
208 + #endif
209 + add r18=IA64_TASK_PENDING_OFFSET+IA64_SIGPENDING_SIGNAL_OFFSET,r16
210 + add r19=IA64_TASK_SIGNAL_OFFSET,r16
211 +@@ -490,7 +499,9 @@ EX(.fail_efault, ld8 r14=[r33]) // r14 <- *set
212 + (p6) br.cond.spnt.few 1b // yes -> retry
213 +
214 + #ifdef CONFIG_SMP
215 +- st4.rel [r31]=r0 // release the lock
216 ++ // __ticket_spin_unlock(r31)
217 ++ st2.rel [r31]=r20
218 ++ mov r20=0 // i must not leak kernel bits...
219 + #endif
220 + SSM_PSR_I(p0, p9, r31)
221 + ;;
222 +@@ -512,7 +523,8 @@ EX(.fail_efault, (p15) st8 [r34]=r3)
223 +
224 + .sig_pending:
225 + #ifdef CONFIG_SMP
226 +- st4.rel [r31]=r0 // release the lock
227 ++ // __ticket_spin_unlock(r31)
228 ++ st2.rel [r31]=r20 // release the lock
229 + #endif
230 + SSM_PSR_I(p0, p9, r17)
231 + ;;
232 +diff --git a/arch/sparc/include/asm/oplib_64.h b/arch/sparc/include/asm/oplib_64.h
233 +index a5db031..3e0b2d6 100644
234 +--- a/arch/sparc/include/asm/oplib_64.h
235 ++++ b/arch/sparc/include/asm/oplib_64.h
236 +@@ -185,9 +185,8 @@ extern int prom_getunumber(int syndrome_code,
237 + char *buf, int buflen);
238 +
239 + /* Retain physical memory to the caller across soft resets. */
240 +-extern unsigned long prom_retain(const char *name,
241 +- unsigned long pa_low, unsigned long pa_high,
242 +- long size, long align);
243 ++extern int prom_retain(const char *name, unsigned long size,
244 ++ unsigned long align, unsigned long *paddr);
245 +
246 + /* Load explicit I/D TLB entries into the calling processor. */
247 + extern long prom_itlb_load(unsigned long index,
248 +@@ -287,26 +286,6 @@ extern void prom_sun4v_guest_soft_state(void);
249 + extern int prom_ihandle2path(int handle, char *buffer, int bufsize);
250 +
251 + /* Client interface level routines. */
252 +-extern long p1275_cmd(const char *, long, ...);
253 +-
254 +-#if 0
255 +-#define P1275_SIZE(x) ((((long)((x) / 32)) << 32) | (x))
256 +-#else
257 +-#define P1275_SIZE(x) x
258 +-#endif
259 +-
260 +-/* We support at most 16 input and 1 output argument */
261 +-#define P1275_ARG_NUMBER 0
262 +-#define P1275_ARG_IN_STRING 1
263 +-#define P1275_ARG_OUT_BUF 2
264 +-#define P1275_ARG_OUT_32B 3
265 +-#define P1275_ARG_IN_FUNCTION 4
266 +-#define P1275_ARG_IN_BUF 5
267 +-#define P1275_ARG_IN_64B 6
268 +-
269 +-#define P1275_IN(x) ((x) & 0xf)
270 +-#define P1275_OUT(x) (((x) << 4) & 0xf0)
271 +-#define P1275_INOUT(i,o) (P1275_IN(i)|P1275_OUT(o))
272 +-#define P1275_ARG(n,x) ((x) << ((n)*3 + 8))
273 ++extern void p1275_cmd_direct(unsigned long *);
274 +
275 + #endif /* !(__SPARC64_OPLIB_H) */
276 +diff --git a/arch/sparc/prom/cif.S b/arch/sparc/prom/cif.S
277 +index 5f27ad7..9c86b4b 100644
278 +--- a/arch/sparc/prom/cif.S
279 ++++ b/arch/sparc/prom/cif.S
280 +@@ -9,18 +9,18 @@
281 + #include <asm/thread_info.h>
282 +
283 + .text
284 +- .globl prom_cif_interface
285 +-prom_cif_interface:
286 +- sethi %hi(p1275buf), %o0
287 +- or %o0, %lo(p1275buf), %o0
288 +- ldx [%o0 + 0x010], %o1 ! prom_cif_stack
289 +- save %o1, -192, %sp
290 +- ldx [%i0 + 0x008], %l2 ! prom_cif_handler
291 ++ .globl prom_cif_direct
292 ++prom_cif_direct:
293 ++ sethi %hi(p1275buf), %o1
294 ++ or %o1, %lo(p1275buf), %o1
295 ++ ldx [%o1 + 0x0010], %o2 ! prom_cif_stack
296 ++ save %o2, -192, %sp
297 ++ ldx [%i1 + 0x0008], %l2 ! prom_cif_handler
298 + mov %g4, %l0
299 + mov %g5, %l1
300 + mov %g6, %l3
301 + call %l2
302 +- add %i0, 0x018, %o0 ! prom_args
303 ++ mov %i0, %o0 ! prom_args
304 + mov %l0, %g4
305 + mov %l1, %g5
306 + mov %l3, %g6
307 +diff --git a/arch/sparc/prom/console_64.c b/arch/sparc/prom/console_64.c
308 +index f55d58a..10322dc 100644
309 +--- a/arch/sparc/prom/console_64.c
310 ++++ b/arch/sparc/prom/console_64.c
311 +@@ -21,14 +21,22 @@ extern int prom_stdin, prom_stdout;
312 + inline int
313 + prom_nbgetchar(void)
314 + {
315 ++ unsigned long args[7];
316 + char inc;
317 +
318 +- if (p1275_cmd("read", P1275_ARG(1,P1275_ARG_OUT_BUF)|
319 +- P1275_INOUT(3,1),
320 +- prom_stdin, &inc, P1275_SIZE(1)) == 1)
321 ++ args[0] = (unsigned long) "read";
322 ++ args[1] = 3;
323 ++ args[2] = 1;
324 ++ args[3] = (unsigned int) prom_stdin;
325 ++ args[4] = (unsigned long) &inc;
326 ++ args[5] = 1;
327 ++ args[6] = (unsigned long) -1;
328 ++
329 ++ p1275_cmd_direct(args);
330 ++
331 ++ if (args[6] == 1)
332 + return inc;
333 +- else
334 +- return -1;
335 ++ return -1;
336 + }
337 +
338 + /* Non blocking put character to console device, returns -1 if
339 +@@ -37,12 +45,22 @@ prom_nbgetchar(void)
340 + inline int
341 + prom_nbputchar(char c)
342 + {
343 ++ unsigned long args[7];
344 + char outc;
345 +
346 + outc = c;
347 +- if (p1275_cmd("write", P1275_ARG(1,P1275_ARG_IN_BUF)|
348 +- P1275_INOUT(3,1),
349 +- prom_stdout, &outc, P1275_SIZE(1)) == 1)
350 ++
351 ++ args[0] = (unsigned long) "write";
352 ++ args[1] = 3;
353 ++ args[2] = 1;
354 ++ args[3] = (unsigned int) prom_stdout;
355 ++ args[4] = (unsigned long) &outc;
356 ++ args[5] = 1;
357 ++ args[6] = (unsigned long) -1;
358 ++
359 ++ p1275_cmd_direct(args);
360 ++
361 ++ if (args[6] == 1)
362 + return 0;
363 + else
364 + return -1;
365 +@@ -67,7 +85,15 @@ prom_putchar(char c)
366 + void
367 + prom_puts(const char *s, int len)
368 + {
369 +- p1275_cmd("write", P1275_ARG(1,P1275_ARG_IN_BUF)|
370 +- P1275_INOUT(3,1),
371 +- prom_stdout, s, P1275_SIZE(len));
372 ++ unsigned long args[7];
373 ++
374 ++ args[0] = (unsigned long) "write";
375 ++ args[1] = 3;
376 ++ args[2] = 1;
377 ++ args[3] = (unsigned int) prom_stdout;
378 ++ args[4] = (unsigned long) s;
379 ++ args[5] = len;
380 ++ args[6] = (unsigned long) -1;
381 ++
382 ++ p1275_cmd_direct(args);
383 + }
384 +diff --git a/arch/sparc/prom/devops_64.c b/arch/sparc/prom/devops_64.c
385 +index 9dbd803..a017119 100644
386 +--- a/arch/sparc/prom/devops_64.c
387 ++++ b/arch/sparc/prom/devops_64.c
388 +@@ -18,16 +18,32 @@
389 + int
390 + prom_devopen(const char *dstr)
391 + {
392 +- return p1275_cmd ("open", P1275_ARG(0,P1275_ARG_IN_STRING)|
393 +- P1275_INOUT(1,1),
394 +- dstr);
395 ++ unsigned long args[5];
396 ++
397 ++ args[0] = (unsigned long) "open";
398 ++ args[1] = 1;
399 ++ args[2] = 1;
400 ++ args[3] = (unsigned long) dstr;
401 ++ args[4] = (unsigned long) -1;
402 ++
403 ++ p1275_cmd_direct(args);
404 ++
405 ++ return (int) args[4];
406 + }
407 +
408 + /* Close the device described by device handle 'dhandle'. */
409 + int
410 + prom_devclose(int dhandle)
411 + {
412 +- p1275_cmd ("close", P1275_INOUT(1,0), dhandle);
413 ++ unsigned long args[4];
414 ++
415 ++ args[0] = (unsigned long) "close";
416 ++ args[1] = 1;
417 ++ args[2] = 0;
418 ++ args[3] = (unsigned int) dhandle;
419 ++
420 ++ p1275_cmd_direct(args);
421 ++
422 + return 0;
423 + }
424 +
425 +@@ -37,5 +53,15 @@ prom_devclose(int dhandle)
426 + void
427 + prom_seek(int dhandle, unsigned int seekhi, unsigned int seeklo)
428 + {
429 +- p1275_cmd ("seek", P1275_INOUT(3,1), dhandle, seekhi, seeklo);
430 ++ unsigned long args[7];
431 ++
432 ++ args[0] = (unsigned long) "seek";
433 ++ args[1] = 3;
434 ++ args[2] = 1;
435 ++ args[3] = (unsigned int) dhandle;
436 ++ args[4] = seekhi;
437 ++ args[5] = seeklo;
438 ++ args[6] = (unsigned long) -1;
439 ++
440 ++ p1275_cmd_direct(args);
441 + }
442 +diff --git a/arch/sparc/prom/misc_64.c b/arch/sparc/prom/misc_64.c
443 +index 39fc6af..6cb1581 100644
444 +--- a/arch/sparc/prom/misc_64.c
445 ++++ b/arch/sparc/prom/misc_64.c
446 +@@ -20,10 +20,17 @@
447 +
448 + int prom_service_exists(const char *service_name)
449 + {
450 +- int err = p1275_cmd("test", P1275_ARG(0, P1275_ARG_IN_STRING) |
451 +- P1275_INOUT(1, 1), service_name);
452 ++ unsigned long args[5];
453 +
454 +- if (err)
455 ++ args[0] = (unsigned long) "test";
456 ++ args[1] = 1;
457 ++ args[2] = 1;
458 ++ args[3] = (unsigned long) service_name;
459 ++ args[4] = (unsigned long) -1;
460 ++
461 ++ p1275_cmd_direct(args);
462 ++
463 ++ if (args[4])
464 + return 0;
465 + return 1;
466 + }
467 +@@ -31,30 +38,47 @@ int prom_service_exists(const char *service_name)
468 + void prom_sun4v_guest_soft_state(void)
469 + {
470 + const char *svc = "SUNW,soft-state-supported";
471 ++ unsigned long args[3];
472 +
473 + if (!prom_service_exists(svc))
474 + return;
475 +- p1275_cmd(svc, P1275_INOUT(0, 0));
476 ++ args[0] = (unsigned long) svc;
477 ++ args[1] = 0;
478 ++ args[2] = 0;
479 ++ p1275_cmd_direct(args);
480 + }
481 +
482 + /* Reset and reboot the machine with the command 'bcommand'. */
483 + void prom_reboot(const char *bcommand)
484 + {
485 ++ unsigned long args[4];
486 ++
487 + #ifdef CONFIG_SUN_LDOMS
488 + if (ldom_domaining_enabled)
489 + ldom_reboot(bcommand);
490 + #endif
491 +- p1275_cmd("boot", P1275_ARG(0, P1275_ARG_IN_STRING) |
492 +- P1275_INOUT(1, 0), bcommand);
493 ++ args[0] = (unsigned long) "boot";
494 ++ args[1] = 1;
495 ++ args[2] = 0;
496 ++ args[3] = (unsigned long) bcommand;
497 ++
498 ++ p1275_cmd_direct(args);
499 + }
500 +
501 + /* Forth evaluate the expression contained in 'fstring'. */
502 + void prom_feval(const char *fstring)
503 + {
504 ++ unsigned long args[5];
505 ++
506 + if (!fstring || fstring[0] == 0)
507 + return;
508 +- p1275_cmd("interpret", P1275_ARG(0, P1275_ARG_IN_STRING) |
509 +- P1275_INOUT(1, 1), fstring);
510 ++ args[0] = (unsigned long) "interpret";
511 ++ args[1] = 1;
512 ++ args[2] = 1;
513 ++ args[3] = (unsigned long) fstring;
514 ++ args[4] = (unsigned long) -1;
515 ++
516 ++ p1275_cmd_direct(args);
517 + }
518 + EXPORT_SYMBOL(prom_feval);
519 +
520 +@@ -68,6 +92,7 @@ extern void smp_release(void);
521 + */
522 + void prom_cmdline(void)
523 + {
524 ++ unsigned long args[3];
525 + unsigned long flags;
526 +
527 + local_irq_save(flags);
528 +@@ -76,7 +101,11 @@ void prom_cmdline(void)
529 + smp_capture();
530 + #endif
531 +
532 +- p1275_cmd("enter", P1275_INOUT(0, 0));
533 ++ args[0] = (unsigned long) "enter";
534 ++ args[1] = 0;
535 ++ args[2] = 0;
536 ++
537 ++ p1275_cmd_direct(args);
538 +
539 + #ifdef CONFIG_SMP
540 + smp_release();
541 +@@ -90,22 +119,32 @@ void prom_cmdline(void)
542 + */
543 + void notrace prom_halt(void)
544 + {
545 ++ unsigned long args[3];
546 ++
547 + #ifdef CONFIG_SUN_LDOMS
548 + if (ldom_domaining_enabled)
549 + ldom_power_off();
550 + #endif
551 + again:
552 +- p1275_cmd("exit", P1275_INOUT(0, 0));
553 ++ args[0] = (unsigned long) "exit";
554 ++ args[1] = 0;
555 ++ args[2] = 0;
556 ++ p1275_cmd_direct(args);
557 + goto again; /* PROM is out to get me -DaveM */
558 + }
559 +
560 + void prom_halt_power_off(void)
561 + {
562 ++ unsigned long args[3];
563 ++
564 + #ifdef CONFIG_SUN_LDOMS
565 + if (ldom_domaining_enabled)
566 + ldom_power_off();
567 + #endif
568 +- p1275_cmd("SUNW,power-off", P1275_INOUT(0, 0));
569 ++ args[0] = (unsigned long) "SUNW,power-off";
570 ++ args[1] = 0;
571 ++ args[2] = 0;
572 ++ p1275_cmd_direct(args);
573 +
574 + /* if nothing else helps, we just halt */
575 + prom_halt();
576 +@@ -114,10 +153,15 @@ void prom_halt_power_off(void)
577 + /* Set prom sync handler to call function 'funcp'. */
578 + void prom_setcallback(callback_func_t funcp)
579 + {
580 ++ unsigned long args[5];
581 + if (!funcp)
582 + return;
583 +- p1275_cmd("set-callback", P1275_ARG(0, P1275_ARG_IN_FUNCTION) |
584 +- P1275_INOUT(1, 1), funcp);
585 ++ args[0] = (unsigned long) "set-callback";
586 ++ args[1] = 1;
587 ++ args[2] = 1;
588 ++ args[3] = (unsigned long) funcp;
589 ++ args[4] = (unsigned long) -1;
590 ++ p1275_cmd_direct(args);
591 + }
592 +
593 + /* Get the idprom and stuff it into buffer 'idbuf'. Returns the
594 +@@ -173,57 +217,61 @@ static int prom_get_memory_ihandle(void)
595 + }
596 +
597 + /* Load explicit I/D TLB entries. */
598 ++static long tlb_load(const char *type, unsigned long index,
599 ++ unsigned long tte_data, unsigned long vaddr)
600 ++{
601 ++ unsigned long args[9];
602 ++
603 ++ args[0] = (unsigned long) prom_callmethod_name;
604 ++ args[1] = 5;
605 ++ args[2] = 1;
606 ++ args[3] = (unsigned long) type;
607 ++ args[4] = (unsigned int) prom_get_mmu_ihandle();
608 ++ args[5] = vaddr;
609 ++ args[6] = tte_data;
610 ++ args[7] = index;
611 ++ args[8] = (unsigned long) -1;
612 ++
613 ++ p1275_cmd_direct(args);
614 ++
615 ++ return (long) args[8];
616 ++}
617 ++
618 + long prom_itlb_load(unsigned long index,
619 + unsigned long tte_data,
620 + unsigned long vaddr)
621 + {
622 +- return p1275_cmd(prom_callmethod_name,
623 +- (P1275_ARG(0, P1275_ARG_IN_STRING) |
624 +- P1275_ARG(2, P1275_ARG_IN_64B) |
625 +- P1275_ARG(3, P1275_ARG_IN_64B) |
626 +- P1275_INOUT(5, 1)),
627 +- "SUNW,itlb-load",
628 +- prom_get_mmu_ihandle(),
629 +- /* And then our actual args are pushed backwards. */
630 +- vaddr,
631 +- tte_data,
632 +- index);
633 ++ return tlb_load("SUNW,itlb-load", index, tte_data, vaddr);
634 + }
635 +
636 + long prom_dtlb_load(unsigned long index,
637 + unsigned long tte_data,
638 + unsigned long vaddr)
639 + {
640 +- return p1275_cmd(prom_callmethod_name,
641 +- (P1275_ARG(0, P1275_ARG_IN_STRING) |
642 +- P1275_ARG(2, P1275_ARG_IN_64B) |
643 +- P1275_ARG(3, P1275_ARG_IN_64B) |
644 +- P1275_INOUT(5, 1)),
645 +- "SUNW,dtlb-load",
646 +- prom_get_mmu_ihandle(),
647 +- /* And then our actual args are pushed backwards. */
648 +- vaddr,
649 +- tte_data,
650 +- index);
651 ++ return tlb_load("SUNW,dtlb-load", index, tte_data, vaddr);
652 + }
653 +
654 + int prom_map(int mode, unsigned long size,
655 + unsigned long vaddr, unsigned long paddr)
656 + {
657 +- int ret = p1275_cmd(prom_callmethod_name,
658 +- (P1275_ARG(0, P1275_ARG_IN_STRING) |
659 +- P1275_ARG(3, P1275_ARG_IN_64B) |
660 +- P1275_ARG(4, P1275_ARG_IN_64B) |
661 +- P1275_ARG(6, P1275_ARG_IN_64B) |
662 +- P1275_INOUT(7, 1)),
663 +- prom_map_name,
664 +- prom_get_mmu_ihandle(),
665 +- mode,
666 +- size,
667 +- vaddr,
668 +- 0,
669 +- paddr);
670 +-
671 ++ unsigned long args[11];
672 ++ int ret;
673 ++
674 ++ args[0] = (unsigned long) prom_callmethod_name;
675 ++ args[1] = 7;
676 ++ args[2] = 1;
677 ++ args[3] = (unsigned long) prom_map_name;
678 ++ args[4] = (unsigned int) prom_get_mmu_ihandle();
679 ++ args[5] = (unsigned int) mode;
680 ++ args[6] = size;
681 ++ args[7] = vaddr;
682 ++ args[8] = 0;
683 ++ args[9] = paddr;
684 ++ args[10] = (unsigned long) -1;
685 ++
686 ++ p1275_cmd_direct(args);
687 ++
688 ++ ret = (int) args[10];
689 + if (ret == 0)
690 + ret = -1;
691 + return ret;
692 +@@ -231,40 +279,51 @@ int prom_map(int mode, unsigned long size,
693 +
694 + void prom_unmap(unsigned long size, unsigned long vaddr)
695 + {
696 +- p1275_cmd(prom_callmethod_name,
697 +- (P1275_ARG(0, P1275_ARG_IN_STRING) |
698 +- P1275_ARG(2, P1275_ARG_IN_64B) |
699 +- P1275_ARG(3, P1275_ARG_IN_64B) |
700 +- P1275_INOUT(4, 0)),
701 +- prom_unmap_name,
702 +- prom_get_mmu_ihandle(),
703 +- size,
704 +- vaddr);
705 ++ unsigned long args[7];
706 ++
707 ++ args[0] = (unsigned long) prom_callmethod_name;
708 ++ args[1] = 4;
709 ++ args[2] = 0;
710 ++ args[3] = (unsigned long) prom_unmap_name;
711 ++ args[4] = (unsigned int) prom_get_mmu_ihandle();
712 ++ args[5] = size;
713 ++ args[6] = vaddr;
714 ++
715 ++ p1275_cmd_direct(args);
716 + }
717 +
718 + /* Set aside physical memory which is not touched or modified
719 + * across soft resets.
720 + */
721 +-unsigned long prom_retain(const char *name,
722 +- unsigned long pa_low, unsigned long pa_high,
723 +- long size, long align)
724 ++int prom_retain(const char *name, unsigned long size,
725 ++ unsigned long align, unsigned long *paddr)
726 + {
727 +- /* XXX I don't think we return multiple values correctly.
728 +- * XXX OBP supposedly returns pa_low/pa_high here, how does
729 +- * XXX it work?
730 ++ unsigned long args[11];
731 ++
732 ++ args[0] = (unsigned long) prom_callmethod_name;
733 ++ args[1] = 5;
734 ++ args[2] = 3;
735 ++ args[3] = (unsigned long) "SUNW,retain";
736 ++ args[4] = (unsigned int) prom_get_memory_ihandle();
737 ++ args[5] = align;
738 ++ args[6] = size;
739 ++ args[7] = (unsigned long) name;
740 ++ args[8] = (unsigned long) -1;
741 ++ args[9] = (unsigned long) -1;
742 ++ args[10] = (unsigned long) -1;
743 ++
744 ++ p1275_cmd_direct(args);
745 ++
746 ++ if (args[8])
747 ++ return (int) args[8];
748 ++
749 ++ /* Next we get "phys_high" then "phys_low". On 64-bit
750 ++ * the phys_high cell is don't care since the phys_low
751 ++ * cell has the full value.
752 + */
753 ++ *paddr = args[10];
754 +
755 +- /* If align is zero, the pa_low/pa_high args are passed,
756 +- * else they are not.
757 +- */
758 +- if (align == 0)
759 +- return p1275_cmd("SUNW,retain",
760 +- (P1275_ARG(0, P1275_ARG_IN_BUF) | P1275_INOUT(5, 2)),
761 +- name, pa_low, pa_high, size, align);
762 +- else
763 +- return p1275_cmd("SUNW,retain",
764 +- (P1275_ARG(0, P1275_ARG_IN_BUF) | P1275_INOUT(3, 2)),
765 +- name, size, align);
766 ++ return 0;
767 + }
768 +
769 + /* Get "Unumber" string for the SIMM at the given
770 +@@ -277,62 +336,129 @@ int prom_getunumber(int syndrome_code,
771 + unsigned long phys_addr,
772 + char *buf, int buflen)
773 + {
774 +- return p1275_cmd(prom_callmethod_name,
775 +- (P1275_ARG(0, P1275_ARG_IN_STRING) |
776 +- P1275_ARG(3, P1275_ARG_OUT_BUF) |
777 +- P1275_ARG(6, P1275_ARG_IN_64B) |
778 +- P1275_INOUT(8, 2)),
779 +- "SUNW,get-unumber", prom_get_memory_ihandle(),
780 +- buflen, buf, P1275_SIZE(buflen),
781 +- 0, phys_addr, syndrome_code);
782 ++ unsigned long args[12];
783 ++
784 ++ args[0] = (unsigned long) prom_callmethod_name;
785 ++ args[1] = 7;
786 ++ args[2] = 2;
787 ++ args[3] = (unsigned long) "SUNW,get-unumber";
788 ++ args[4] = (unsigned int) prom_get_memory_ihandle();
789 ++ args[5] = buflen;
790 ++ args[6] = (unsigned long) buf;
791 ++ args[7] = 0;
792 ++ args[8] = phys_addr;
793 ++ args[9] = (unsigned int) syndrome_code;
794 ++ args[10] = (unsigned long) -1;
795 ++ args[11] = (unsigned long) -1;
796 ++
797 ++ p1275_cmd_direct(args);
798 ++
799 ++ return (int) args[10];
800 + }
801 +
802 + /* Power management extensions. */
803 + void prom_sleepself(void)
804 + {
805 +- p1275_cmd("SUNW,sleep-self", P1275_INOUT(0, 0));
806 ++ unsigned long args[3];
807 ++
808 ++ args[0] = (unsigned long) "SUNW,sleep-self";
809 ++ args[1] = 0;
810 ++ args[2] = 0;
811 ++ p1275_cmd_direct(args);
812 + }
813 +
814 + int prom_sleepsystem(void)
815 + {
816 +- return p1275_cmd("SUNW,sleep-system", P1275_INOUT(0, 1));
817 ++ unsigned long args[4];
818 ++
819 ++ args[0] = (unsigned long) "SUNW,sleep-system";
820 ++ args[1] = 0;
821 ++ args[2] = 1;
822 ++ args[3] = (unsigned long) -1;
823 ++ p1275_cmd_direct(args);
824 ++
825 ++ return (int) args[3];
826 + }
827 +
828 + int prom_wakeupsystem(void)
829 + {
830 +- return p1275_cmd("SUNW,wakeup-system", P1275_INOUT(0, 1));
831 ++ unsigned long args[4];
832 ++
833 ++ args[0] = (unsigned long) "SUNW,wakeup-system";
834 ++ args[1] = 0;
835 ++ args[2] = 1;
836 ++ args[3] = (unsigned long) -1;
837 ++ p1275_cmd_direct(args);
838 ++
839 ++ return (int) args[3];
840 + }
841 +
842 + #ifdef CONFIG_SMP
843 + void prom_startcpu(int cpunode, unsigned long pc, unsigned long arg)
844 + {
845 +- p1275_cmd("SUNW,start-cpu", P1275_INOUT(3, 0), cpunode, pc, arg);
846 ++ unsigned long args[6];
847 ++
848 ++ args[0] = (unsigned long) "SUNW,start-cpu";
849 ++ args[1] = 3;
850 ++ args[2] = 0;
851 ++ args[3] = (unsigned int) cpunode;
852 ++ args[4] = pc;
853 ++ args[5] = arg;
854 ++ p1275_cmd_direct(args);
855 + }
856 +
857 + void prom_startcpu_cpuid(int cpuid, unsigned long pc, unsigned long arg)
858 + {
859 +- p1275_cmd("SUNW,start-cpu-by-cpuid", P1275_INOUT(3, 0),
860 +- cpuid, pc, arg);
861 ++ unsigned long args[6];
862 ++
863 ++ args[0] = (unsigned long) "SUNW,start-cpu-by-cpuid";
864 ++ args[1] = 3;
865 ++ args[2] = 0;
866 ++ args[3] = (unsigned int) cpuid;
867 ++ args[4] = pc;
868 ++ args[5] = arg;
869 ++ p1275_cmd_direct(args);
870 + }
871 +
872 + void prom_stopcpu_cpuid(int cpuid)
873 + {
874 +- p1275_cmd("SUNW,stop-cpu-by-cpuid", P1275_INOUT(1, 0),
875 +- cpuid);
876 ++ unsigned long args[4];
877 ++
878 ++ args[0] = (unsigned long) "SUNW,stop-cpu-by-cpuid";
879 ++ args[1] = 1;
880 ++ args[2] = 0;
881 ++ args[3] = (unsigned int) cpuid;
882 ++ p1275_cmd_direct(args);
883 + }
884 +
885 + void prom_stopself(void)
886 + {
887 +- p1275_cmd("SUNW,stop-self", P1275_INOUT(0, 0));
888 ++ unsigned long args[3];
889 ++
890 ++ args[0] = (unsigned long) "SUNW,stop-self";
891 ++ args[1] = 0;
892 ++ args[2] = 0;
893 ++ p1275_cmd_direct(args);
894 + }
895 +
896 + void prom_idleself(void)
897 + {
898 +- p1275_cmd("SUNW,idle-self", P1275_INOUT(0, 0));
899 ++ unsigned long args[3];
900 ++
901 ++ args[0] = (unsigned long) "SUNW,idle-self";
902 ++ args[1] = 0;
903 ++ args[2] = 0;
904 ++ p1275_cmd_direct(args);
905 + }
906 +
907 + void prom_resumecpu(int cpunode)
908 + {
909 +- p1275_cmd("SUNW,resume-cpu", P1275_INOUT(1, 0), cpunode);
910 ++ unsigned long args[4];
911 ++
912 ++ args[0] = (unsigned long) "SUNW,resume-cpu";
913 ++ args[1] = 1;
914 ++ args[2] = 0;
915 ++ args[3] = (unsigned int) cpunode;
916 ++ p1275_cmd_direct(args);
917 + }
918 + #endif
919 +diff --git a/arch/sparc/prom/p1275.c b/arch/sparc/prom/p1275.c
920 +index 2d8b70d..fa6e4e2 100644
921 +--- a/arch/sparc/prom/p1275.c
922 ++++ b/arch/sparc/prom/p1275.c
923 +@@ -22,13 +22,11 @@ struct {
924 + long prom_callback; /* 0x00 */
925 + void (*prom_cif_handler)(long *); /* 0x08 */
926 + unsigned long prom_cif_stack; /* 0x10 */
927 +- unsigned long prom_args [23]; /* 0x18 */
928 +- char prom_buffer [3000];
929 + } p1275buf;
930 +
931 + extern void prom_world(int);
932 +
933 +-extern void prom_cif_interface(void);
934 ++extern void prom_cif_direct(unsigned long *args);
935 + extern void prom_cif_callback(void);
936 +
937 + /*
938 +@@ -36,114 +34,20 @@ extern void prom_cif_callback(void);
939 + */
940 + DEFINE_RAW_SPINLOCK(prom_entry_lock);
941 +
942 +-long p1275_cmd(const char *service, long fmt, ...)
943 ++void p1275_cmd_direct(unsigned long *args)
944 + {
945 +- char *p, *q;
946 + unsigned long flags;
947 +- int nargs, nrets, i;
948 +- va_list list;
949 +- long attrs, x;
950 +-
951 +- p = p1275buf.prom_buffer;
952 +
953 + raw_local_save_flags(flags);
954 + raw_local_irq_restore(PIL_NMI);
955 + raw_spin_lock(&prom_entry_lock);
956 +
957 +- p1275buf.prom_args[0] = (unsigned long)p; /* service */
958 +- strcpy (p, service);
959 +- p = (char *)(((long)(strchr (p, 0) + 8)) & ~7);
960 +- p1275buf.prom_args[1] = nargs = (fmt & 0x0f); /* nargs */
961 +- p1275buf.prom_args[2] = nrets = ((fmt & 0xf0) >> 4); /* nrets */
962 +- attrs = fmt >> 8;
963 +- va_start(list, fmt);
964 +- for (i = 0; i < nargs; i++, attrs >>= 3) {
965 +- switch (attrs & 0x7) {
966 +- case P1275_ARG_NUMBER:
967 +- p1275buf.prom_args[i + 3] =
968 +- (unsigned)va_arg(list, long);
969 +- break;
970 +- case P1275_ARG_IN_64B:
971 +- p1275buf.prom_args[i + 3] =
972 +- va_arg(list, unsigned long);
973 +- break;
974 +- case P1275_ARG_IN_STRING:
975 +- strcpy (p, va_arg(list, char *));
976 +- p1275buf.prom_args[i + 3] = (unsigned long)p;
977 +- p = (char *)(((long)(strchr (p, 0) + 8)) & ~7);
978 +- break;
979 +- case P1275_ARG_OUT_BUF:
980 +- (void) va_arg(list, char *);
981 +- p1275buf.prom_args[i + 3] = (unsigned long)p;
982 +- x = va_arg(list, long);
983 +- i++; attrs >>= 3;
984 +- p = (char *)(((long)(p + (int)x + 7)) & ~7);
985 +- p1275buf.prom_args[i + 3] = x;
986 +- break;
987 +- case P1275_ARG_IN_BUF:
988 +- q = va_arg(list, char *);
989 +- p1275buf.prom_args[i + 3] = (unsigned long)p;
990 +- x = va_arg(list, long);
991 +- i++; attrs >>= 3;
992 +- memcpy (p, q, (int)x);
993 +- p = (char *)(((long)(p + (int)x + 7)) & ~7);
994 +- p1275buf.prom_args[i + 3] = x;
995 +- break;
996 +- case P1275_ARG_OUT_32B:
997 +- (void) va_arg(list, char *);
998 +- p1275buf.prom_args[i + 3] = (unsigned long)p;
999 +- p += 32;
1000 +- break;
1001 +- case P1275_ARG_IN_FUNCTION:
1002 +- p1275buf.prom_args[i + 3] =
1003 +- (unsigned long)prom_cif_callback;
1004 +- p1275buf.prom_callback = va_arg(list, long);
1005 +- break;
1006 +- }
1007 +- }
1008 +- va_end(list);
1009 +-
1010 + prom_world(1);
1011 +- prom_cif_interface();
1012 ++ prom_cif_direct(args);
1013 + prom_world(0);
1014 +
1015 +- attrs = fmt >> 8;
1016 +- va_start(list, fmt);
1017 +- for (i = 0; i < nargs; i++, attrs >>= 3) {
1018 +- switch (attrs & 0x7) {
1019 +- case P1275_ARG_NUMBER:
1020 +- (void) va_arg(list, long);
1021 +- break;
1022 +- case P1275_ARG_IN_STRING:
1023 +- (void) va_arg(list, char *);
1024 +- break;
1025 +- case P1275_ARG_IN_FUNCTION:
1026 +- (void) va_arg(list, long);
1027 +- break;
1028 +- case P1275_ARG_IN_BUF:
1029 +- (void) va_arg(list, char *);
1030 +- (void) va_arg(list, long);
1031 +- i++; attrs >>= 3;
1032 +- break;
1033 +- case P1275_ARG_OUT_BUF:
1034 +- p = va_arg(list, char *);
1035 +- x = va_arg(list, long);
1036 +- memcpy (p, (char *)(p1275buf.prom_args[i + 3]), (int)x);
1037 +- i++; attrs >>= 3;
1038 +- break;
1039 +- case P1275_ARG_OUT_32B:
1040 +- p = va_arg(list, char *);
1041 +- memcpy (p, (char *)(p1275buf.prom_args[i + 3]), 32);
1042 +- break;
1043 +- }
1044 +- }
1045 +- va_end(list);
1046 +- x = p1275buf.prom_args [nargs + 3];
1047 +-
1048 + raw_spin_unlock(&prom_entry_lock);
1049 + raw_local_irq_restore(flags);
1050 +-
1051 +- return x;
1052 + }
1053 +
1054 + void prom_cif_init(void *cif_handler, void *cif_stack)
1055 +diff --git a/arch/sparc/prom/tree_64.c b/arch/sparc/prom/tree_64.c
1056 +index 3c0d2dd..9d3f913 100644
1057 +--- a/arch/sparc/prom/tree_64.c
1058 ++++ b/arch/sparc/prom/tree_64.c
1059 +@@ -16,22 +16,39 @@
1060 + #include <asm/oplib.h>
1061 + #include <asm/ldc.h>
1062 +
1063 ++static int prom_node_to_node(const char *type, int node)
1064 ++{
1065 ++ unsigned long args[5];
1066 ++
1067 ++ args[0] = (unsigned long) type;
1068 ++ args[1] = 1;
1069 ++ args[2] = 1;
1070 ++ args[3] = (unsigned int) node;
1071 ++ args[4] = (unsigned long) -1;
1072 ++
1073 ++ p1275_cmd_direct(args);
1074 ++
1075 ++ return (int) args[4];
1076 ++}
1077 ++
1078 + /* Return the child of node 'node' or zero if no this node has no
1079 + * direct descendent.
1080 + */
1081 + inline int __prom_getchild(int node)
1082 + {
1083 +- return p1275_cmd ("child", P1275_INOUT(1, 1), node);
1084 ++ return prom_node_to_node("child", node);
1085 + }
1086 +
1087 + inline int prom_getchild(int node)
1088 + {
1089 + int cnode;
1090 +
1091 +- if(node == -1) return 0;
1092 ++ if (node == -1)
1093 ++ return 0;
1094 + cnode = __prom_getchild(node);
1095 +- if(cnode == -1) return 0;
1096 +- return (int)cnode;
1097 ++ if (cnode == -1)
1098 ++ return 0;
1099 ++ return cnode;
1100 + }
1101 + EXPORT_SYMBOL(prom_getchild);
1102 +
1103 +@@ -39,10 +56,12 @@ inline int prom_getparent(int node)
1104 + {
1105 + int cnode;
1106 +
1107 +- if(node == -1) return 0;
1108 +- cnode = p1275_cmd ("parent", P1275_INOUT(1, 1), node);
1109 +- if(cnode == -1) return 0;
1110 +- return (int)cnode;
1111 ++ if (node == -1)
1112 ++ return 0;
1113 ++ cnode = prom_node_to_node("parent", node);
1114 ++ if (cnode == -1)
1115 ++ return 0;
1116 ++ return cnode;
1117 + }
1118 +
1119 + /* Return the next sibling of node 'node' or zero if no more siblings
1120 +@@ -50,7 +69,7 @@ inline int prom_getparent(int node)
1121 + */
1122 + inline int __prom_getsibling(int node)
1123 + {
1124 +- return p1275_cmd(prom_peer_name, P1275_INOUT(1, 1), node);
1125 ++ return prom_node_to_node(prom_peer_name, node);
1126 + }
1127 +
1128 + inline int prom_getsibling(int node)
1129 +@@ -72,11 +91,21 @@ EXPORT_SYMBOL(prom_getsibling);
1130 + */
1131 + inline int prom_getproplen(int node, const char *prop)
1132 + {
1133 +- if((!node) || (!prop)) return -1;
1134 +- return p1275_cmd ("getproplen",
1135 +- P1275_ARG(1,P1275_ARG_IN_STRING)|
1136 +- P1275_INOUT(2, 1),
1137 +- node, prop);
1138 ++ unsigned long args[6];
1139 ++
1140 ++ if (!node || !prop)
1141 ++ return -1;
1142 ++
1143 ++ args[0] = (unsigned long) "getproplen";
1144 ++ args[1] = 2;
1145 ++ args[2] = 1;
1146 ++ args[3] = (unsigned int) node;
1147 ++ args[4] = (unsigned long) prop;
1148 ++ args[5] = (unsigned long) -1;
1149 ++
1150 ++ p1275_cmd_direct(args);
1151 ++
1152 ++ return (int) args[5];
1153 + }
1154 + EXPORT_SYMBOL(prom_getproplen);
1155 +
1156 +@@ -87,19 +116,25 @@ EXPORT_SYMBOL(prom_getproplen);
1157 + inline int prom_getproperty(int node, const char *prop,
1158 + char *buffer, int bufsize)
1159 + {
1160 ++ unsigned long args[8];
1161 + int plen;
1162 +
1163 + plen = prom_getproplen(node, prop);
1164 +- if ((plen > bufsize) || (plen == 0) || (plen == -1)) {
1165 ++ if ((plen > bufsize) || (plen == 0) || (plen == -1))
1166 + return -1;
1167 +- } else {
1168 +- /* Ok, things seem all right. */
1169 +- return p1275_cmd(prom_getprop_name,
1170 +- P1275_ARG(1,P1275_ARG_IN_STRING)|
1171 +- P1275_ARG(2,P1275_ARG_OUT_BUF)|
1172 +- P1275_INOUT(4, 1),
1173 +- node, prop, buffer, P1275_SIZE(plen));
1174 +- }
1175 ++
1176 ++ args[0] = (unsigned long) prom_getprop_name;
1177 ++ args[1] = 4;
1178 ++ args[2] = 1;
1179 ++ args[3] = (unsigned int) node;
1180 ++ args[4] = (unsigned long) prop;
1181 ++ args[5] = (unsigned long) buffer;
1182 ++ args[6] = bufsize;
1183 ++ args[7] = (unsigned long) -1;
1184 ++
1185 ++ p1275_cmd_direct(args);
1186 ++
1187 ++ return (int) args[7];
1188 + }
1189 + EXPORT_SYMBOL(prom_getproperty);
1190 +
1191 +@@ -110,7 +145,7 @@ inline int prom_getint(int node, const char *prop)
1192 + {
1193 + int intprop;
1194 +
1195 +- if(prom_getproperty(node, prop, (char *) &intprop, sizeof(int)) != -1)
1196 ++ if (prom_getproperty(node, prop, (char *) &intprop, sizeof(int)) != -1)
1197 + return intprop;
1198 +
1199 + return -1;
1200 +@@ -126,7 +161,8 @@ int prom_getintdefault(int node, const char *property, int deflt)
1201 + int retval;
1202 +
1203 + retval = prom_getint(node, property);
1204 +- if(retval == -1) return deflt;
1205 ++ if (retval == -1)
1206 ++ return deflt;
1207 +
1208 + return retval;
1209 + }
1210 +@@ -138,7 +174,8 @@ int prom_getbool(int node, const char *prop)
1211 + int retval;
1212 +
1213 + retval = prom_getproplen(node, prop);
1214 +- if(retval == -1) return 0;
1215 ++ if (retval == -1)
1216 ++ return 0;
1217 + return 1;
1218 + }
1219 + EXPORT_SYMBOL(prom_getbool);
1220 +@@ -152,7 +189,8 @@ void prom_getstring(int node, const char *prop, char *user_buf, int ubuf_size)
1221 + int len;
1222 +
1223 + len = prom_getproperty(node, prop, user_buf, ubuf_size);
1224 +- if(len != -1) return;
1225 ++ if (len != -1)
1226 ++ return;
1227 + user_buf[0] = 0;
1228 + }
1229 + EXPORT_SYMBOL(prom_getstring);
1230 +@@ -164,7 +202,8 @@ int prom_nodematch(int node, const char *name)
1231 + {
1232 + char namebuf[128];
1233 + prom_getproperty(node, "name", namebuf, sizeof(namebuf));
1234 +- if(strcmp(namebuf, name) == 0) return 1;
1235 ++ if (strcmp(namebuf, name) == 0)
1236 ++ return 1;
1237 + return 0;
1238 + }
1239 +
1240 +@@ -190,16 +229,29 @@ int prom_searchsiblings(int node_start, const char *nodename)
1241 + }
1242 + EXPORT_SYMBOL(prom_searchsiblings);
1243 +
1244 ++static const char *prom_nextprop_name = "nextprop";
1245 ++
1246 + /* Return the first property type for node 'node'.
1247 + * buffer should be at least 32B in length
1248 + */
1249 + inline char *prom_firstprop(int node, char *buffer)
1250 + {
1251 ++ unsigned long args[7];
1252 ++
1253 + *buffer = 0;
1254 +- if(node == -1) return buffer;
1255 +- p1275_cmd ("nextprop", P1275_ARG(2,P1275_ARG_OUT_32B)|
1256 +- P1275_INOUT(3, 0),
1257 +- node, (char *) 0x0, buffer);
1258 ++ if (node == -1)
1259 ++ return buffer;
1260 ++
1261 ++ args[0] = (unsigned long) prom_nextprop_name;
1262 ++ args[1] = 3;
1263 ++ args[2] = 1;
1264 ++ args[3] = (unsigned int) node;
1265 ++ args[4] = 0;
1266 ++ args[5] = (unsigned long) buffer;
1267 ++ args[6] = (unsigned long) -1;
1268 ++
1269 ++ p1275_cmd_direct(args);
1270 ++
1271 + return buffer;
1272 + }
1273 + EXPORT_SYMBOL(prom_firstprop);
1274 +@@ -210,9 +262,10 @@ EXPORT_SYMBOL(prom_firstprop);
1275 + */
1276 + inline char *prom_nextprop(int node, const char *oprop, char *buffer)
1277 + {
1278 ++ unsigned long args[7];
1279 + char buf[32];
1280 +
1281 +- if(node == -1) {
1282 ++ if (node == -1) {
1283 + *buffer = 0;
1284 + return buffer;
1285 + }
1286 +@@ -220,10 +273,17 @@ inline char *prom_nextprop(int node, const char *oprop, char *buffer)
1287 + strcpy (buf, oprop);
1288 + oprop = buf;
1289 + }
1290 +- p1275_cmd ("nextprop", P1275_ARG(1,P1275_ARG_IN_STRING)|
1291 +- P1275_ARG(2,P1275_ARG_OUT_32B)|
1292 +- P1275_INOUT(3, 0),
1293 +- node, oprop, buffer);
1294 ++
1295 ++ args[0] = (unsigned long) prom_nextprop_name;
1296 ++ args[1] = 3;
1297 ++ args[2] = 1;
1298 ++ args[3] = (unsigned int) node;
1299 ++ args[4] = (unsigned long) oprop;
1300 ++ args[5] = (unsigned long) buffer;
1301 ++ args[6] = (unsigned long) -1;
1302 ++
1303 ++ p1275_cmd_direct(args);
1304 ++
1305 + return buffer;
1306 + }
1307 + EXPORT_SYMBOL(prom_nextprop);
1308 +@@ -231,12 +291,19 @@ EXPORT_SYMBOL(prom_nextprop);
1309 + int
1310 + prom_finddevice(const char *name)
1311 + {
1312 ++ unsigned long args[5];
1313 ++
1314 + if (!name)
1315 + return 0;
1316 +- return p1275_cmd(prom_finddev_name,
1317 +- P1275_ARG(0,P1275_ARG_IN_STRING)|
1318 +- P1275_INOUT(1, 1),
1319 +- name);
1320 ++ args[0] = (unsigned long) "finddevice";
1321 ++ args[1] = 1;
1322 ++ args[2] = 1;
1323 ++ args[3] = (unsigned long) name;
1324 ++ args[4] = (unsigned long) -1;
1325 ++
1326 ++ p1275_cmd_direct(args);
1327 ++
1328 ++ return (int) args[4];
1329 + }
1330 + EXPORT_SYMBOL(prom_finddevice);
1331 +
1332 +@@ -247,7 +314,7 @@ int prom_node_has_property(int node, const char *prop)
1333 + *buf = 0;
1334 + do {
1335 + prom_nextprop(node, buf, buf);
1336 +- if(!strcmp(buf, prop))
1337 ++ if (!strcmp(buf, prop))
1338 + return 1;
1339 + } while (*buf);
1340 + return 0;
1341 +@@ -260,6 +327,8 @@ EXPORT_SYMBOL(prom_node_has_property);
1342 + int
1343 + prom_setprop(int node, const char *pname, char *value, int size)
1344 + {
1345 ++ unsigned long args[8];
1346 ++
1347 + if (size == 0)
1348 + return 0;
1349 + if ((pname == 0) || (value == 0))
1350 +@@ -271,19 +340,37 @@ prom_setprop(int node, const char *pname, char *value, int size)
1351 + return 0;
1352 + }
1353 + #endif
1354 +- return p1275_cmd ("setprop", P1275_ARG(1,P1275_ARG_IN_STRING)|
1355 +- P1275_ARG(2,P1275_ARG_IN_BUF)|
1356 +- P1275_INOUT(4, 1),
1357 +- node, pname, value, P1275_SIZE(size));
1358 ++ args[0] = (unsigned long) "setprop";
1359 ++ args[1] = 4;
1360 ++ args[2] = 1;
1361 ++ args[3] = (unsigned int) node;
1362 ++ args[4] = (unsigned long) pname;
1363 ++ args[5] = (unsigned long) value;
1364 ++ args[6] = size;
1365 ++ args[7] = (unsigned long) -1;
1366 ++
1367 ++ p1275_cmd_direct(args);
1368 ++
1369 ++ return (int) args[7];
1370 + }
1371 + EXPORT_SYMBOL(prom_setprop);
1372 +
1373 + inline int prom_inst2pkg(int inst)
1374 + {
1375 ++ unsigned long args[5];
1376 + int node;
1377 +
1378 +- node = p1275_cmd ("instance-to-package", P1275_INOUT(1, 1), inst);
1379 +- if (node == -1) return 0;
1380 ++ args[0] = (unsigned long) "instance-to-package";
1381 ++ args[1] = 1;
1382 ++ args[2] = 1;
1383 ++ args[3] = (unsigned int) inst;
1384 ++ args[4] = (unsigned long) -1;
1385 ++
1386 ++ p1275_cmd_direct(args);
1387 ++
1388 ++ node = (int) args[4];
1389 ++ if (node == -1)
1390 ++ return 0;
1391 + return node;
1392 + }
1393 +
1394 +@@ -296,17 +383,28 @@ prom_pathtoinode(const char *path)
1395 + int node, inst;
1396 +
1397 + inst = prom_devopen (path);
1398 +- if (inst == 0) return 0;
1399 +- node = prom_inst2pkg (inst);
1400 +- prom_devclose (inst);
1401 +- if (node == -1) return 0;
1402 ++ if (inst == 0)
1403 ++ return 0;
1404 ++ node = prom_inst2pkg(inst);
1405 ++ prom_devclose(inst);
1406 ++ if (node == -1)
1407 ++ return 0;
1408 + return node;
1409 + }
1410 +
1411 + int prom_ihandle2path(int handle, char *buffer, int bufsize)
1412 + {
1413 +- return p1275_cmd("instance-to-path",
1414 +- P1275_ARG(1,P1275_ARG_OUT_BUF)|
1415 +- P1275_INOUT(3, 1),
1416 +- handle, buffer, P1275_SIZE(bufsize));
1417 ++ unsigned long args[7];
1418 ++
1419 ++ args[0] = (unsigned long) "instance-to-path";
1420 ++ args[1] = 3;
1421 ++ args[2] = 1;
1422 ++ args[3] = (unsigned int) handle;
1423 ++ args[4] = (unsigned long) buffer;
1424 ++ args[5] = bufsize;
1425 ++ args[6] = (unsigned long) -1;
1426 ++
1427 ++ p1275_cmd_direct(args);
1428 ++
1429 ++ return (int) args[6];
1430 + }
1431 +diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
1432 +index 5ac0bb4..715a7fa 100644
1433 +--- a/arch/x86/kvm/emulate.c
1434 ++++ b/arch/x86/kvm/emulate.c
1435 +@@ -345,10 +345,10 @@ static u32 group_table[] = {
1436 + DstMem | SrcNone | ModRM, DstMem | SrcNone | ModRM,
1437 + 0, 0, 0, 0,
1438 + [Group4*8] =
1439 +- ByteOp | DstMem | SrcNone | ModRM, ByteOp | DstMem | SrcNone | ModRM,
1440 ++ ByteOp | DstMem | SrcNone | ModRM | Lock, ByteOp | DstMem | SrcNone | ModRM | Lock,
1441 + 0, 0, 0, 0, 0, 0,
1442 + [Group5*8] =
1443 +- DstMem | SrcNone | ModRM, DstMem | SrcNone | ModRM,
1444 ++ DstMem | SrcNone | ModRM | Lock, DstMem | SrcNone | ModRM | Lock,
1445 + SrcMem | ModRM | Stack, 0,
1446 + SrcMem | ModRM | Stack, SrcMem | ModRM | Src2Mem16 | ImplicitOps,
1447 + SrcMem | ModRM | Stack, 0,
1448 +diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
1449 +index b1ed0a1..92b6ca4 100644
1450 +--- a/arch/x86/kvm/mmu.c
1451 ++++ b/arch/x86/kvm/mmu.c
1452 +@@ -799,8 +799,12 @@ static int kvm_handle_hva(struct kvm *kvm, unsigned long hva,
1453 + ret = handler(kvm, &memslot->rmap[gfn_offset], data);
1454 +
1455 + for (j = 0; j < KVM_NR_PAGE_SIZES - 1; ++j) {
1456 +- int idx = gfn_offset;
1457 +- idx /= KVM_PAGES_PER_HPAGE(PT_DIRECTORY_LEVEL + j);
1458 ++ unsigned long idx;
1459 ++ int nr;
1460 ++
1461 ++ nr = KVM_PAGES_PER_HPAGE(PT_DIRECTORY_LEVEL+j);
1462 ++ idx = (memslot->base_gfn+gfn_offset) / nr -
1463 ++ memslot->base_gfn / nr;
1464 + ret |= handler(kvm,
1465 + &memslot->lpage_info[j][idx].rmap_pde,
1466 + data);
1467 +diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
1468 +index 2331bdc..e34452b 100644
1469 +--- a/arch/x86/kvm/paging_tmpl.h
1470 ++++ b/arch/x86/kvm/paging_tmpl.h
1471 +@@ -324,8 +324,32 @@ static u64 *FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
1472 + break;
1473 + }
1474 +
1475 +- if (is_shadow_present_pte(*sptep) && !is_large_pte(*sptep))
1476 +- continue;
1477 ++ if (is_shadow_present_pte(*sptep) && !is_large_pte(*sptep)) {
1478 ++ struct kvm_mmu_page *child;
1479 ++ unsigned direct_access;
1480 ++
1481 ++ if (level != gw->level)
1482 ++ continue;
1483 ++
1484 ++ /*
1485 ++ * For the direct sp, if the guest pte's dirty bit
1486 ++ * changed form clean to dirty, it will corrupt the
1487 ++ * sp's access: allow writable in the read-only sp,
1488 ++ * so we should update the spte at this point to get
1489 ++ * a new sp with the correct access.
1490 ++ */
1491 ++ direct_access = gw->pt_access & gw->pte_access;
1492 ++ if (!is_dirty_gpte(gw->ptes[gw->level - 1]))
1493 ++ direct_access &= ~ACC_WRITE_MASK;
1494 ++
1495 ++ child = page_header(*sptep & PT64_BASE_ADDR_MASK);
1496 ++ if (child->role.access == direct_access)
1497 ++ continue;
1498 ++
1499 ++ mmu_page_remove_parent_pte(child, sptep);
1500 ++ __set_spte(sptep, shadow_trap_nonpresent_pte);
1501 ++ kvm_flush_remote_tlbs(vcpu->kvm);
1502 ++ }
1503 +
1504 + if (is_large_pte(*sptep)) {
1505 + rmap_remove(vcpu->kvm, sptep);
1506 +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
1507 +index ee03679..7d04388 100644
1508 +--- a/arch/x86/kvm/vmx.c
1509 ++++ b/arch/x86/kvm/vmx.c
1510 +@@ -177,6 +177,7 @@ static u64 construct_eptp(unsigned long root_hpa);
1511 + static DEFINE_PER_CPU(struct vmcs *, vmxarea);
1512 + static DEFINE_PER_CPU(struct vmcs *, current_vmcs);
1513 + static DEFINE_PER_CPU(struct list_head, vcpus_on_cpu);
1514 ++static DEFINE_PER_CPU(struct desc_ptr, host_gdt);
1515 +
1516 + static unsigned long *vmx_io_bitmap_a;
1517 + static unsigned long *vmx_io_bitmap_b;
1518 +@@ -812,6 +813,7 @@ static void __vmx_load_host_state(struct vcpu_vmx *vmx)
1519 + wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base);
1520 + }
1521 + #endif
1522 ++ load_gdt(&__get_cpu_var(host_gdt));
1523 + }
1524 +
1525 + static void vmx_load_host_state(struct vcpu_vmx *vmx)
1526 +@@ -1314,6 +1316,8 @@ static int hardware_enable(void *garbage)
1527 +
1528 + ept_sync_global();
1529 +
1530 ++ store_gdt(&__get_cpu_var(host_gdt));
1531 ++
1532 + return 0;
1533 + }
1534 +
1535 +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
1536 +index 7fa89c3..fd22688 100644
1537 +--- a/arch/x86/kvm/x86.c
1538 ++++ b/arch/x86/kvm/x86.c
1539 +@@ -5438,6 +5438,11 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
1540 + int user_alloc)
1541 + {
1542 + int npages = memslot->npages;
1543 ++ int map_flags = MAP_PRIVATE | MAP_ANONYMOUS;
1544 ++
1545 ++ /* Prevent internal slot pages from being moved by fork()/COW. */
1546 ++ if (memslot->id >= KVM_MEMORY_SLOTS)
1547 ++ map_flags = MAP_SHARED | MAP_ANONYMOUS;
1548 +
1549 + /*To keep backward compatibility with older userspace,
1550 + *x86 needs to hanlde !user_alloc case.
1551 +@@ -5450,7 +5455,7 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
1552 + userspace_addr = do_mmap(NULL, 0,
1553 + npages * PAGE_SIZE,
1554 + PROT_READ | PROT_WRITE,
1555 +- MAP_PRIVATE | MAP_ANONYMOUS,
1556 ++ map_flags,
1557 + 0);
1558 + up_write(&current->mm->mmap_sem);
1559 +
1560 +diff --git a/arch/x86/lib/atomic64_386_32.S b/arch/x86/lib/atomic64_386_32.S
1561 +index 78ee8e0..2cda60a 100644
1562 +--- a/arch/x86/lib/atomic64_386_32.S
1563 ++++ b/arch/x86/lib/atomic64_386_32.S
1564 +@@ -26,35 +26,37 @@
1565 + .endm
1566 +
1567 + #define BEGIN(op) \
1568 +-.macro END; \
1569 ++.macro endp; \
1570 + CFI_ENDPROC; \
1571 + ENDPROC(atomic64_##op##_386); \
1572 +-.purgem END; \
1573 ++.purgem endp; \
1574 + .endm; \
1575 + ENTRY(atomic64_##op##_386); \
1576 + CFI_STARTPROC; \
1577 + LOCK v;
1578 +
1579 ++#define ENDP endp
1580 ++
1581 + #define RET \
1582 + UNLOCK v; \
1583 + ret
1584 +
1585 +-#define RET_END \
1586 ++#define RET_ENDP \
1587 + RET; \
1588 +- END
1589 ++ ENDP
1590 +
1591 + #define v %ecx
1592 + BEGIN(read)
1593 + movl (v), %eax
1594 + movl 4(v), %edx
1595 +-RET_END
1596 ++RET_ENDP
1597 + #undef v
1598 +
1599 + #define v %esi
1600 + BEGIN(set)
1601 + movl %ebx, (v)
1602 + movl %ecx, 4(v)
1603 +-RET_END
1604 ++RET_ENDP
1605 + #undef v
1606 +
1607 + #define v %esi
1608 +@@ -63,14 +65,14 @@ BEGIN(xchg)
1609 + movl 4(v), %edx
1610 + movl %ebx, (v)
1611 + movl %ecx, 4(v)
1612 +-RET_END
1613 ++RET_ENDP
1614 + #undef v
1615 +
1616 + #define v %ecx
1617 + BEGIN(add)
1618 + addl %eax, (v)
1619 + adcl %edx, 4(v)
1620 +-RET_END
1621 ++RET_ENDP
1622 + #undef v
1623 +
1624 + #define v %ecx
1625 +@@ -79,14 +81,14 @@ BEGIN(add_return)
1626 + adcl 4(v), %edx
1627 + movl %eax, (v)
1628 + movl %edx, 4(v)
1629 +-RET_END
1630 ++RET_ENDP
1631 + #undef v
1632 +
1633 + #define v %ecx
1634 + BEGIN(sub)
1635 + subl %eax, (v)
1636 + sbbl %edx, 4(v)
1637 +-RET_END
1638 ++RET_ENDP
1639 + #undef v
1640 +
1641 + #define v %ecx
1642 +@@ -98,14 +100,14 @@ BEGIN(sub_return)
1643 + adcl 4(v), %edx
1644 + movl %eax, (v)
1645 + movl %edx, 4(v)
1646 +-RET_END
1647 ++RET_ENDP
1648 + #undef v
1649 +
1650 + #define v %esi
1651 + BEGIN(inc)
1652 + addl $1, (v)
1653 + adcl $0, 4(v)
1654 +-RET_END
1655 ++RET_ENDP
1656 + #undef v
1657 +
1658 + #define v %esi
1659 +@@ -116,14 +118,14 @@ BEGIN(inc_return)
1660 + adcl $0, %edx
1661 + movl %eax, (v)
1662 + movl %edx, 4(v)
1663 +-RET_END
1664 ++RET_ENDP
1665 + #undef v
1666 +
1667 + #define v %esi
1668 + BEGIN(dec)
1669 + subl $1, (v)
1670 + sbbl $0, 4(v)
1671 +-RET_END
1672 ++RET_ENDP
1673 + #undef v
1674 +
1675 + #define v %esi
1676 +@@ -134,7 +136,7 @@ BEGIN(dec_return)
1677 + sbbl $0, %edx
1678 + movl %eax, (v)
1679 + movl %edx, 4(v)
1680 +-RET_END
1681 ++RET_ENDP
1682 + #undef v
1683 +
1684 + #define v %ecx
1685 +@@ -156,7 +158,7 @@ BEGIN(add_unless)
1686 + jne 1b
1687 + xorl %eax, %eax
1688 + jmp 2b
1689 +-END
1690 ++ENDP
1691 + #undef v
1692 +
1693 + #define v %esi
1694 +@@ -177,7 +179,7 @@ BEGIN(inc_not_zero)
1695 + testl %edx, %edx
1696 + jne 1b
1697 + jmp 2b
1698 +-END
1699 ++ENDP
1700 + #undef v
1701 +
1702 + #define v %esi
1703 +@@ -190,5 +192,5 @@ BEGIN(dec_if_positive)
1704 + movl %eax, (v)
1705 + movl %edx, 4(v)
1706 + 1:
1707 +-RET_END
1708 ++RET_ENDP
1709 + #undef v
1710 +diff --git a/arch/x86/oprofile/nmi_int.c b/arch/x86/oprofile/nmi_int.c
1711 +index cfe4faa..009b819 100644
1712 +--- a/arch/x86/oprofile/nmi_int.c
1713 ++++ b/arch/x86/oprofile/nmi_int.c
1714 +@@ -671,7 +671,9 @@ static int __init ppro_init(char **cpu_type)
1715 + case 14:
1716 + *cpu_type = "i386/core";
1717 + break;
1718 +- case 15: case 23:
1719 ++ case 0x0f:
1720 ++ case 0x16:
1721 ++ case 0x17:
1722 + *cpu_type = "i386/core_2";
1723 + break;
1724 + case 0x1a:
1725 +diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c
1726 +index 941fcb8..cb1cedc 100644
1727 +--- a/drivers/base/power/main.c
1728 ++++ b/drivers/base/power/main.c
1729 +@@ -59,6 +59,7 @@ void device_pm_init(struct device *dev)
1730 + {
1731 + dev->power.status = DPM_ON;
1732 + init_completion(&dev->power.completion);
1733 ++ complete_all(&dev->power.completion);
1734 + pm_runtime_init(dev);
1735 + }
1736 +
1737 +diff --git a/drivers/char/agp/intel-agp.c b/drivers/char/agp/intel-agp.c
1738 +index d836a71..adc0f89 100644
1739 +--- a/drivers/char/agp/intel-agp.c
1740 ++++ b/drivers/char/agp/intel-agp.c
1741 +@@ -805,6 +805,8 @@ static const struct intel_driver_description {
1742 + "G45/G43", NULL, &intel_i965_driver },
1743 + { PCI_DEVICE_ID_INTEL_B43_HB, PCI_DEVICE_ID_INTEL_B43_IG,
1744 + "B43", NULL, &intel_i965_driver },
1745 ++ { PCI_DEVICE_ID_INTEL_B43_1_HB, PCI_DEVICE_ID_INTEL_B43_1_IG,
1746 ++ "B43", NULL, &intel_i965_driver },
1747 + { PCI_DEVICE_ID_INTEL_G41_HB, PCI_DEVICE_ID_INTEL_G41_IG,
1748 + "G41", NULL, &intel_i965_driver },
1749 + { PCI_DEVICE_ID_INTEL_IRONLAKE_D_HB, PCI_DEVICE_ID_INTEL_IRONLAKE_D_IG,
1750 +@@ -815,17 +817,27 @@ static const struct intel_driver_description {
1751 + "HD Graphics", NULL, &intel_i965_driver },
1752 + { PCI_DEVICE_ID_INTEL_IRONLAKE_MC2_HB, PCI_DEVICE_ID_INTEL_IRONLAKE_M_IG,
1753 + "HD Graphics", NULL, &intel_i965_driver },
1754 +- { PCI_DEVICE_ID_INTEL_SANDYBRIDGE_HB, PCI_DEVICE_ID_INTEL_SANDYBRIDGE_IG,
1755 +- "Sandybridge", NULL, &intel_i965_driver },
1756 +- { PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_HB, PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_IG,
1757 +- "Sandybridge", NULL, &intel_i965_driver },
1758 ++ { PCI_DEVICE_ID_INTEL_SANDYBRIDGE_HB, PCI_DEVICE_ID_INTEL_SANDYBRIDGE_GT1_IG,
1759 ++ "Sandybridge", NULL, &intel_gen6_driver },
1760 ++ { PCI_DEVICE_ID_INTEL_SANDYBRIDGE_HB, PCI_DEVICE_ID_INTEL_SANDYBRIDGE_GT2_IG,
1761 ++ "Sandybridge", NULL, &intel_gen6_driver },
1762 ++ { PCI_DEVICE_ID_INTEL_SANDYBRIDGE_HB, PCI_DEVICE_ID_INTEL_SANDYBRIDGE_GT2_PLUS_IG,
1763 ++ "Sandybridge", NULL, &intel_gen6_driver },
1764 ++ { PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_HB, PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_GT1_IG,
1765 ++ "Sandybridge", NULL, &intel_gen6_driver },
1766 ++ { PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_HB, PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_GT2_IG,
1767 ++ "Sandybridge", NULL, &intel_gen6_driver },
1768 ++ { PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_HB, PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_GT2_PLUS_IG,
1769 ++ "Sandybridge", NULL, &intel_gen6_driver },
1770 ++ { PCI_DEVICE_ID_INTEL_SANDYBRIDGE_S_HB, PCI_DEVICE_ID_INTEL_SANDYBRIDGE_S_IG,
1771 ++ "Sandybridge", NULL, &intel_gen6_driver },
1772 + { 0, 0, NULL, NULL, NULL }
1773 + };
1774 +
1775 + static int __devinit intel_gmch_probe(struct pci_dev *pdev,
1776 + struct agp_bridge_data *bridge)
1777 + {
1778 +- int i;
1779 ++ int i, mask;
1780 + bridge->driver = NULL;
1781 +
1782 + for (i = 0; intel_agp_chipsets[i].name != NULL; i++) {
1783 +@@ -845,14 +857,19 @@ static int __devinit intel_gmch_probe(struct pci_dev *pdev,
1784 +
1785 + dev_info(&pdev->dev, "Intel %s Chipset\n", intel_agp_chipsets[i].name);
1786 +
1787 +- if (bridge->driver->mask_memory == intel_i965_mask_memory) {
1788 +- if (pci_set_dma_mask(intel_private.pcidev, DMA_BIT_MASK(36)))
1789 +- dev_err(&intel_private.pcidev->dev,
1790 +- "set gfx device dma mask 36bit failed!\n");
1791 +- else
1792 +- pci_set_consistent_dma_mask(intel_private.pcidev,
1793 +- DMA_BIT_MASK(36));
1794 +- }
1795 ++ if (bridge->driver->mask_memory == intel_gen6_mask_memory)
1796 ++ mask = 40;
1797 ++ else if (bridge->driver->mask_memory == intel_i965_mask_memory)
1798 ++ mask = 36;
1799 ++ else
1800 ++ mask = 32;
1801 ++
1802 ++ if (pci_set_dma_mask(intel_private.pcidev, DMA_BIT_MASK(mask)))
1803 ++ dev_err(&intel_private.pcidev->dev,
1804 ++ "set gfx device dma mask %d-bit failed!\n", mask);
1805 ++ else
1806 ++ pci_set_consistent_dma_mask(intel_private.pcidev,
1807 ++ DMA_BIT_MASK(mask));
1808 +
1809 + return 1;
1810 + }
1811 +@@ -1036,6 +1053,7 @@ static struct pci_device_id agp_intel_pci_table[] = {
1812 + ID(PCI_DEVICE_ID_INTEL_IRONLAKE_MC2_HB),
1813 + ID(PCI_DEVICE_ID_INTEL_SANDYBRIDGE_HB),
1814 + ID(PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_HB),
1815 ++ ID(PCI_DEVICE_ID_INTEL_SANDYBRIDGE_S_HB),
1816 + { }
1817 + };
1818 +
1819 +diff --git a/drivers/char/agp/intel-agp.h b/drivers/char/agp/intel-agp.h
1820 +index 2547465..bc9a4ad 100644
1821 +--- a/drivers/char/agp/intel-agp.h
1822 ++++ b/drivers/char/agp/intel-agp.h
1823 +@@ -178,6 +178,8 @@
1824 + #define PCI_DEVICE_ID_INTEL_Q33_IG 0x29D2
1825 + #define PCI_DEVICE_ID_INTEL_B43_HB 0x2E40
1826 + #define PCI_DEVICE_ID_INTEL_B43_IG 0x2E42
1827 ++#define PCI_DEVICE_ID_INTEL_B43_1_HB 0x2E90
1828 ++#define PCI_DEVICE_ID_INTEL_B43_1_IG 0x2E92
1829 + #define PCI_DEVICE_ID_INTEL_GM45_HB 0x2A40
1830 + #define PCI_DEVICE_ID_INTEL_GM45_IG 0x2A42
1831 + #define PCI_DEVICE_ID_INTEL_EAGLELAKE_HB 0x2E00
1832 +@@ -194,10 +196,16 @@
1833 + #define PCI_DEVICE_ID_INTEL_IRONLAKE_MA_HB 0x0062
1834 + #define PCI_DEVICE_ID_INTEL_IRONLAKE_MC2_HB 0x006a
1835 + #define PCI_DEVICE_ID_INTEL_IRONLAKE_M_IG 0x0046
1836 +-#define PCI_DEVICE_ID_INTEL_SANDYBRIDGE_HB 0x0100
1837 +-#define PCI_DEVICE_ID_INTEL_SANDYBRIDGE_IG 0x0102
1838 +-#define PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_HB 0x0104
1839 +-#define PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_IG 0x0106
1840 ++#define PCI_DEVICE_ID_INTEL_SANDYBRIDGE_HB 0x0100 /* Desktop */
1841 ++#define PCI_DEVICE_ID_INTEL_SANDYBRIDGE_GT1_IG 0x0102
1842 ++#define PCI_DEVICE_ID_INTEL_SANDYBRIDGE_GT2_IG 0x0112
1843 ++#define PCI_DEVICE_ID_INTEL_SANDYBRIDGE_GT2_PLUS_IG 0x0122
1844 ++#define PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_HB 0x0104 /* Mobile */
1845 ++#define PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_GT1_IG 0x0106
1846 ++#define PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_GT2_IG 0x0116
1847 ++#define PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_GT2_PLUS_IG 0x0126
1848 ++#define PCI_DEVICE_ID_INTEL_SANDYBRIDGE_S_HB 0x0108 /* Server */
1849 ++#define PCI_DEVICE_ID_INTEL_SANDYBRIDGE_S_IG 0x010A
1850 +
1851 + /* cover 915 and 945 variants */
1852 + #define IS_I915 (agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_E7221_HB || \
1853 +@@ -224,7 +232,8 @@
1854 + agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_PINEVIEW_HB)
1855 +
1856 + #define IS_SNB (agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_SANDYBRIDGE_HB || \
1857 +- agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_HB)
1858 ++ agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_HB || \
1859 ++ agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_SANDYBRIDGE_S_HB)
1860 +
1861 + #define IS_G4X (agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_EAGLELAKE_HB || \
1862 + agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_Q45_HB || \
1863 +diff --git a/drivers/char/agp/intel-gtt.c b/drivers/char/agp/intel-gtt.c
1864 +index ea6997e..ed11c77 100644
1865 +--- a/drivers/char/agp/intel-gtt.c
1866 ++++ b/drivers/char/agp/intel-gtt.c
1867 +@@ -585,8 +585,7 @@ static void intel_i830_init_gtt_entries(void)
1868 + gtt_entries = 0;
1869 + break;
1870 + }
1871 +- } else if (agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_SANDYBRIDGE_HB ||
1872 +- agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_HB) {
1873 ++ } else if (IS_SNB) {
1874 + /*
1875 + * SandyBridge has new memory control reg at 0x50.w
1876 + */
1877 +@@ -1318,6 +1317,16 @@ static unsigned long intel_i965_mask_memory(struct agp_bridge_data *bridge,
1878 + return addr | bridge->driver->masks[type].mask;
1879 + }
1880 +
1881 ++static unsigned long intel_gen6_mask_memory(struct agp_bridge_data *bridge,
1882 ++ dma_addr_t addr, int type)
1883 ++{
1884 ++ /* gen6 has bit11-4 for physical addr bit39-32 */
1885 ++ addr |= (addr >> 28) & 0xff0;
1886 ++
1887 ++ /* Type checking must be done elsewhere */
1888 ++ return addr | bridge->driver->masks[type].mask;
1889 ++}
1890 ++
1891 + static void intel_i965_get_gtt_range(int *gtt_offset, int *gtt_size)
1892 + {
1893 + u16 snb_gmch_ctl;
1894 +@@ -1337,6 +1346,7 @@ static void intel_i965_get_gtt_range(int *gtt_offset, int *gtt_size)
1895 + break;
1896 + case PCI_DEVICE_ID_INTEL_SANDYBRIDGE_HB:
1897 + case PCI_DEVICE_ID_INTEL_SANDYBRIDGE_M_HB:
1898 ++ case PCI_DEVICE_ID_INTEL_SANDYBRIDGE_S_HB:
1899 + *gtt_offset = MB(2);
1900 +
1901 + pci_read_config_word(intel_private.pcidev, SNB_GMCH_CTRL, &snb_gmch_ctl);
1902 +@@ -1526,6 +1536,39 @@ static const struct agp_bridge_driver intel_i965_driver = {
1903 + #endif
1904 + };
1905 +
1906 ++static const struct agp_bridge_driver intel_gen6_driver = {
1907 ++ .owner = THIS_MODULE,
1908 ++ .aperture_sizes = intel_i830_sizes,
1909 ++ .size_type = FIXED_APER_SIZE,
1910 ++ .num_aperture_sizes = 4,
1911 ++ .needs_scratch_page = true,
1912 ++ .configure = intel_i9xx_configure,
1913 ++ .fetch_size = intel_i9xx_fetch_size,
1914 ++ .cleanup = intel_i915_cleanup,
1915 ++ .mask_memory = intel_gen6_mask_memory,
1916 ++ .masks = intel_i810_masks,
1917 ++ .agp_enable = intel_i810_agp_enable,
1918 ++ .cache_flush = global_cache_flush,
1919 ++ .create_gatt_table = intel_i965_create_gatt_table,
1920 ++ .free_gatt_table = intel_i830_free_gatt_table,
1921 ++ .insert_memory = intel_i915_insert_entries,
1922 ++ .remove_memory = intel_i915_remove_entries,
1923 ++ .alloc_by_type = intel_i830_alloc_by_type,
1924 ++ .free_by_type = intel_i810_free_by_type,
1925 ++ .agp_alloc_page = agp_generic_alloc_page,
1926 ++ .agp_alloc_pages = agp_generic_alloc_pages,
1927 ++ .agp_destroy_page = agp_generic_destroy_page,
1928 ++ .agp_destroy_pages = agp_generic_destroy_pages,
1929 ++ .agp_type_to_mask_type = intel_i830_type_to_mask_type,
1930 ++ .chipset_flush = intel_i915_chipset_flush,
1931 ++#ifdef USE_PCI_DMA_API
1932 ++ .agp_map_page = intel_agp_map_page,
1933 ++ .agp_unmap_page = intel_agp_unmap_page,
1934 ++ .agp_map_memory = intel_agp_map_memory,
1935 ++ .agp_unmap_memory = intel_agp_unmap_memory,
1936 ++#endif
1937 ++};
1938 ++
1939 + static const struct agp_bridge_driver intel_g33_driver = {
1940 + .owner = THIS_MODULE,
1941 + .aperture_sizes = intel_i830_sizes,
1942 +diff --git a/drivers/char/mem.c b/drivers/char/mem.c
1943 +index a398ecd..1f528fa 100644
1944 +--- a/drivers/char/mem.c
1945 ++++ b/drivers/char/mem.c
1946 +@@ -788,10 +788,11 @@ static const struct file_operations zero_fops = {
1947 + /*
1948 + * capabilities for /dev/zero
1949 + * - permits private mappings, "copies" are taken of the source of zeros
1950 ++ * - no writeback happens
1951 + */
1952 + static struct backing_dev_info zero_bdi = {
1953 + .name = "char/mem",
1954 +- .capabilities = BDI_CAP_MAP_COPY,
1955 ++ .capabilities = BDI_CAP_MAP_COPY | BDI_CAP_NO_ACCT_AND_WRITEBACK,
1956 + };
1957 +
1958 + static const struct file_operations full_fops = {
1959 +diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
1960 +index 942a982..c810481 100644
1961 +--- a/drivers/char/virtio_console.c
1962 ++++ b/drivers/char/virtio_console.c
1963 +@@ -596,6 +596,10 @@ static ssize_t port_fops_write(struct file *filp, const char __user *ubuf,
1964 + ssize_t ret;
1965 + bool nonblock;
1966 +
1967 ++ /* Userspace could be out to fool us */
1968 ++ if (!count)
1969 ++ return 0;
1970 ++
1971 + port = filp->private_data;
1972 +
1973 + nonblock = filp->f_flags & O_NONBLOCK;
1974 +@@ -642,7 +646,7 @@ static unsigned int port_fops_poll(struct file *filp, poll_table *wait)
1975 + poll_wait(filp, &port->waitqueue, wait);
1976 +
1977 + ret = 0;
1978 +- if (port->inbuf)
1979 ++ if (!will_read_block(port))
1980 + ret |= POLLIN | POLLRDNORM;
1981 + if (!will_write_block(port))
1982 + ret |= POLLOUT;
1983 +diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c
1984 +index 423dc90..194e0c4 100644
1985 +--- a/drivers/gpu/drm/i915/i915_drv.c
1986 ++++ b/drivers/gpu/drm/i915/i915_drv.c
1987 +@@ -175,12 +175,18 @@ static const struct pci_device_id pciidlist[] = {
1988 + INTEL_VGA_DEVICE(0x2e22, &intel_g45_info),
1989 + INTEL_VGA_DEVICE(0x2e32, &intel_g45_info),
1990 + INTEL_VGA_DEVICE(0x2e42, &intel_g45_info),
1991 ++ INTEL_VGA_DEVICE(0x2e92, &intel_g45_info), /* B43_G.1 */
1992 + INTEL_VGA_DEVICE(0xa001, &intel_pineview_info),
1993 + INTEL_VGA_DEVICE(0xa011, &intel_pineview_info),
1994 + INTEL_VGA_DEVICE(0x0042, &intel_ironlake_d_info),
1995 + INTEL_VGA_DEVICE(0x0046, &intel_ironlake_m_info),
1996 + INTEL_VGA_DEVICE(0x0102, &intel_sandybridge_d_info),
1997 ++ INTEL_VGA_DEVICE(0x0112, &intel_sandybridge_d_info),
1998 ++ INTEL_VGA_DEVICE(0x0122, &intel_sandybridge_d_info),
1999 + INTEL_VGA_DEVICE(0x0106, &intel_sandybridge_m_info),
2000 ++ INTEL_VGA_DEVICE(0x0116, &intel_sandybridge_m_info),
2001 ++ INTEL_VGA_DEVICE(0x0126, &intel_sandybridge_m_info),
2002 ++ INTEL_VGA_DEVICE(0x010A, &intel_sandybridge_d_info),
2003 + {0, 0, 0}
2004 + };
2005 +
2006 +diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
2007 +index ac38e46..d1c1243 100644
2008 +--- a/drivers/gpu/drm/i915/intel_display.c
2009 ++++ b/drivers/gpu/drm/i915/intel_display.c
2010 +@@ -2376,11 +2376,19 @@ static bool intel_crtc_mode_fixup(struct drm_crtc *crtc,
2011 + struct drm_display_mode *adjusted_mode)
2012 + {
2013 + struct drm_device *dev = crtc->dev;
2014 ++
2015 + if (HAS_PCH_SPLIT(dev)) {
2016 + /* FDI link clock is fixed at 2.7G */
2017 + if (mode->clock * 3 > 27000 * 4)
2018 + return MODE_CLOCK_HIGH;
2019 + }
2020 ++
2021 ++ /* XXX some encoders set the crtcinfo, others don't.
2022 ++ * Obviously we need some form of conflict resolution here...
2023 ++ */
2024 ++ if (adjusted_mode->crtc_htotal == 0)
2025 ++ drm_mode_set_crtcinfo(adjusted_mode, 0);
2026 ++
2027 + return true;
2028 + }
2029 +
2030 +diff --git a/drivers/gpu/drm/nouveau/nv50_instmem.c b/drivers/gpu/drm/nouveau/nv50_instmem.c
2031 +index 5f21df3..3fcae54 100644
2032 +--- a/drivers/gpu/drm/nouveau/nv50_instmem.c
2033 ++++ b/drivers/gpu/drm/nouveau/nv50_instmem.c
2034 +@@ -141,6 +141,8 @@ nv50_instmem_init(struct drm_device *dev)
2035 + chan->file_priv = (struct drm_file *)-2;
2036 + dev_priv->fifos[0] = dev_priv->fifos[127] = chan;
2037 +
2038 ++ INIT_LIST_HEAD(&chan->ramht_refs);
2039 ++
2040 + /* Channel's PRAMIN object + heap */
2041 + ret = nouveau_gpuobj_new_fake(dev, 0, c_offset, c_size, 0,
2042 + NULL, &chan->ramin);
2043 +diff --git a/drivers/message/fusion/mptscsih.c b/drivers/message/fusion/mptscsih.c
2044 +index 5c53624..407cb84 100644
2045 +--- a/drivers/message/fusion/mptscsih.c
2046 ++++ b/drivers/message/fusion/mptscsih.c
2047 +@@ -2459,6 +2459,8 @@ mptscsih_slave_configure(struct scsi_device *sdev)
2048 + ioc->name,sdev->tagged_supported, sdev->simple_tags,
2049 + sdev->ordered_tags));
2050 +
2051 ++ blk_queue_dma_alignment (sdev->request_queue, 512 - 1);
2052 ++
2053 + return 0;
2054 + }
2055 +
2056 +diff --git a/drivers/net/bonding/bond_3ad.c b/drivers/net/bonding/bond_3ad.c
2057 +index 822f586..0ddf4c6 100644
2058 +--- a/drivers/net/bonding/bond_3ad.c
2059 ++++ b/drivers/net/bonding/bond_3ad.c
2060 +@@ -2466,6 +2466,9 @@ int bond_3ad_lacpdu_recv(struct sk_buff *skb, struct net_device *dev, struct pac
2061 + if (!(dev->flags & IFF_MASTER))
2062 + goto out;
2063 +
2064 ++ if (!pskb_may_pull(skb, sizeof(struct lacpdu)))
2065 ++ goto out;
2066 ++
2067 + read_lock(&bond->lock);
2068 + slave = bond_get_slave_by_dev((struct bonding *)netdev_priv(dev),
2069 + orig_dev);
2070 +diff --git a/drivers/net/bonding/bond_alb.c b/drivers/net/bonding/bond_alb.c
2071 +index 8d7dfd2..0cb1ded 100644
2072 +--- a/drivers/net/bonding/bond_alb.c
2073 ++++ b/drivers/net/bonding/bond_alb.c
2074 +@@ -369,6 +369,9 @@ static int rlb_arp_recv(struct sk_buff *skb, struct net_device *bond_dev, struct
2075 + goto out;
2076 + }
2077 +
2078 ++ if (!pskb_may_pull(skb, arp_hdr_len(bond_dev)))
2079 ++ goto out;
2080 ++
2081 + if (skb->len < sizeof(struct arp_pkt)) {
2082 + pr_debug("Packet is too small to be an ARP\n");
2083 + goto out;
2084 +diff --git a/drivers/net/cxgb3/cxgb3_main.c b/drivers/net/cxgb3/cxgb3_main.c
2085 +index e3f1b85..3e0f19f 100644
2086 +--- a/drivers/net/cxgb3/cxgb3_main.c
2087 ++++ b/drivers/net/cxgb3/cxgb3_main.c
2088 +@@ -2296,6 +2296,8 @@ static int cxgb_extension_ioctl(struct net_device *dev, void __user *useraddr)
2089 + case CHELSIO_GET_QSET_NUM:{
2090 + struct ch_reg edata;
2091 +
2092 ++ memset(&edata, 0, sizeof(struct ch_reg));
2093 ++
2094 + edata.cmd = CHELSIO_GET_QSET_NUM;
2095 + edata.val = pi->nqsets;
2096 + if (copy_to_user(useraddr, &edata, sizeof(edata)))
2097 +diff --git a/drivers/net/eql.c b/drivers/net/eql.c
2098 +index dda2c79..0cb1cf9 100644
2099 +--- a/drivers/net/eql.c
2100 ++++ b/drivers/net/eql.c
2101 +@@ -555,6 +555,8 @@ static int eql_g_master_cfg(struct net_device *dev, master_config_t __user *mcp)
2102 + equalizer_t *eql;
2103 + master_config_t mc;
2104 +
2105 ++ memset(&mc, 0, sizeof(master_config_t));
2106 ++
2107 + if (eql_is_master(dev)) {
2108 + eql = netdev_priv(dev);
2109 + mc.max_slaves = eql->max_slaves;
2110 +diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
2111 +index 4dd2351..e254274 100644
2112 +--- a/drivers/net/usb/hso.c
2113 ++++ b/drivers/net/usb/hso.c
2114 +@@ -1653,6 +1653,8 @@ static int hso_get_count(struct hso_serial *serial,
2115 + struct uart_icount cnow;
2116 + struct hso_tiocmget *tiocmget = serial->tiocmget;
2117 +
2118 ++ memset(&icount, 0, sizeof(struct serial_icounter_struct));
2119 ++
2120 + if (!tiocmget)
2121 + return -ENOENT;
2122 + spin_lock_irq(&serial->serial_lock);
2123 +diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c
2124 +index 435fbbc..8e499e8 100644
2125 +--- a/drivers/pci/intel-iommu.c
2126 ++++ b/drivers/pci/intel-iommu.c
2127 +@@ -71,6 +71,49 @@
2128 + #define DMA_32BIT_PFN IOVA_PFN(DMA_BIT_MASK(32))
2129 + #define DMA_64BIT_PFN IOVA_PFN(DMA_BIT_MASK(64))
2130 +
2131 ++/* page table handling */
2132 ++#define LEVEL_STRIDE (9)
2133 ++#define LEVEL_MASK (((u64)1 << LEVEL_STRIDE) - 1)
2134 ++
2135 ++static inline int agaw_to_level(int agaw)
2136 ++{
2137 ++ return agaw + 2;
2138 ++}
2139 ++
2140 ++static inline int agaw_to_width(int agaw)
2141 ++{
2142 ++ return 30 + agaw * LEVEL_STRIDE;
2143 ++}
2144 ++
2145 ++static inline int width_to_agaw(int width)
2146 ++{
2147 ++ return (width - 30) / LEVEL_STRIDE;
2148 ++}
2149 ++
2150 ++static inline unsigned int level_to_offset_bits(int level)
2151 ++{
2152 ++ return (level - 1) * LEVEL_STRIDE;
2153 ++}
2154 ++
2155 ++static inline int pfn_level_offset(unsigned long pfn, int level)
2156 ++{
2157 ++ return (pfn >> level_to_offset_bits(level)) & LEVEL_MASK;
2158 ++}
2159 ++
2160 ++static inline unsigned long level_mask(int level)
2161 ++{
2162 ++ return -1UL << level_to_offset_bits(level);
2163 ++}
2164 ++
2165 ++static inline unsigned long level_size(int level)
2166 ++{
2167 ++ return 1UL << level_to_offset_bits(level);
2168 ++}
2169 ++
2170 ++static inline unsigned long align_to_level(unsigned long pfn, int level)
2171 ++{
2172 ++ return (pfn + level_size(level) - 1) & level_mask(level);
2173 ++}
2174 +
2175 + /* VT-d pages must always be _smaller_ than MM pages. Otherwise things
2176 + are never going to work. */
2177 +@@ -434,8 +477,6 @@ void free_iova_mem(struct iova *iova)
2178 + }
2179 +
2180 +
2181 +-static inline int width_to_agaw(int width);
2182 +-
2183 + static int __iommu_calculate_agaw(struct intel_iommu *iommu, int max_gaw)
2184 + {
2185 + unsigned long sagaw;
2186 +@@ -646,51 +687,6 @@ out:
2187 + spin_unlock_irqrestore(&iommu->lock, flags);
2188 + }
2189 +
2190 +-/* page table handling */
2191 +-#define LEVEL_STRIDE (9)
2192 +-#define LEVEL_MASK (((u64)1 << LEVEL_STRIDE) - 1)
2193 +-
2194 +-static inline int agaw_to_level(int agaw)
2195 +-{
2196 +- return agaw + 2;
2197 +-}
2198 +-
2199 +-static inline int agaw_to_width(int agaw)
2200 +-{
2201 +- return 30 + agaw * LEVEL_STRIDE;
2202 +-
2203 +-}
2204 +-
2205 +-static inline int width_to_agaw(int width)
2206 +-{
2207 +- return (width - 30) / LEVEL_STRIDE;
2208 +-}
2209 +-
2210 +-static inline unsigned int level_to_offset_bits(int level)
2211 +-{
2212 +- return (level - 1) * LEVEL_STRIDE;
2213 +-}
2214 +-
2215 +-static inline int pfn_level_offset(unsigned long pfn, int level)
2216 +-{
2217 +- return (pfn >> level_to_offset_bits(level)) & LEVEL_MASK;
2218 +-}
2219 +-
2220 +-static inline unsigned long level_mask(int level)
2221 +-{
2222 +- return -1UL << level_to_offset_bits(level);
2223 +-}
2224 +-
2225 +-static inline unsigned long level_size(int level)
2226 +-{
2227 +- return 1UL << level_to_offset_bits(level);
2228 +-}
2229 +-
2230 +-static inline unsigned long align_to_level(unsigned long pfn, int level)
2231 +-{
2232 +- return (pfn + level_size(level) - 1) & level_mask(level);
2233 +-}
2234 +-
2235 + static struct dma_pte *pfn_to_dma_pte(struct dmar_domain *domain,
2236 + unsigned long pfn)
2237 + {
2238 +diff --git a/drivers/platform/x86/dell-wmi.c b/drivers/platform/x86/dell-wmi.c
2239 +index 66f53c3..12a8e6f 100644
2240 +--- a/drivers/platform/x86/dell-wmi.c
2241 ++++ b/drivers/platform/x86/dell-wmi.c
2242 +@@ -221,7 +221,7 @@ static void dell_wmi_notify(u32 value, void *context)
2243 + return;
2244 + }
2245 +
2246 +- if (dell_new_hk_type)
2247 ++ if (dell_new_hk_type || buffer_entry[1] == 0x0)
2248 + reported_key = (int)buffer_entry[2];
2249 + else
2250 + reported_key = (int)buffer_entry[1] & 0xffff;
2251 +diff --git a/drivers/platform/x86/hp-wmi.c b/drivers/platform/x86/hp-wmi.c
2252 +index 51c07a0..f1c1862 100644
2253 +--- a/drivers/platform/x86/hp-wmi.c
2254 ++++ b/drivers/platform/x86/hp-wmi.c
2255 +@@ -58,6 +58,12 @@ enum hp_wmi_radio {
2256 + HPWMI_WWAN = 2,
2257 + };
2258 +
2259 ++enum hp_wmi_event_ids {
2260 ++ HPWMI_DOCK_EVENT = 1,
2261 ++ HPWMI_BEZEL_BUTTON = 4,
2262 ++ HPWMI_WIRELESS = 5,
2263 ++};
2264 ++
2265 + static int __devinit hp_wmi_bios_setup(struct platform_device *device);
2266 + static int __exit hp_wmi_bios_remove(struct platform_device *device);
2267 + static int hp_wmi_resume_handler(struct device *device);
2268 +@@ -338,7 +344,7 @@ static void hp_wmi_notify(u32 value, void *context)
2269 + struct acpi_buffer response = { ACPI_ALLOCATE_BUFFER, NULL };
2270 + static struct key_entry *key;
2271 + union acpi_object *obj;
2272 +- int eventcode;
2273 ++ int eventcode, key_code;
2274 + acpi_status status;
2275 +
2276 + status = wmi_get_event_data(value, &response);
2277 +@@ -357,28 +363,32 @@ static void hp_wmi_notify(u32 value, void *context)
2278 +
2279 + eventcode = *((u8 *) obj->buffer.pointer);
2280 + kfree(obj);
2281 +- if (eventcode == 0x4)
2282 +- eventcode = hp_wmi_perform_query(HPWMI_HOTKEY_QUERY, 0,
2283 +- 0);
2284 +- key = hp_wmi_get_entry_by_scancode(eventcode);
2285 +- if (key) {
2286 +- switch (key->type) {
2287 +- case KE_KEY:
2288 +- input_report_key(hp_wmi_input_dev,
2289 +- key->keycode, 1);
2290 +- input_sync(hp_wmi_input_dev);
2291 +- input_report_key(hp_wmi_input_dev,
2292 +- key->keycode, 0);
2293 +- input_sync(hp_wmi_input_dev);
2294 +- break;
2295 +- }
2296 +- } else if (eventcode == 0x1) {
2297 ++ switch (eventcode) {
2298 ++ case HPWMI_DOCK_EVENT:
2299 + input_report_switch(hp_wmi_input_dev, SW_DOCK,
2300 + hp_wmi_dock_state());
2301 + input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE,
2302 + hp_wmi_tablet_state());
2303 + input_sync(hp_wmi_input_dev);
2304 +- } else if (eventcode == 0x5) {
2305 ++ break;
2306 ++ case HPWMI_BEZEL_BUTTON:
2307 ++ key_code = hp_wmi_perform_query(HPWMI_HOTKEY_QUERY, 0,
2308 ++ 0);
2309 ++ key = hp_wmi_get_entry_by_scancode(key_code);
2310 ++ if (key) {
2311 ++ switch (key->type) {
2312 ++ case KE_KEY:
2313 ++ input_report_key(hp_wmi_input_dev,
2314 ++ key->keycode, 1);
2315 ++ input_sync(hp_wmi_input_dev);
2316 ++ input_report_key(hp_wmi_input_dev,
2317 ++ key->keycode, 0);
2318 ++ input_sync(hp_wmi_input_dev);
2319 ++ break;
2320 ++ }
2321 ++ }
2322 ++ break;
2323 ++ case HPWMI_WIRELESS:
2324 + if (wifi_rfkill)
2325 + rfkill_set_states(wifi_rfkill,
2326 + hp_wmi_get_sw_state(HPWMI_WIFI),
2327 +@@ -391,9 +401,12 @@ static void hp_wmi_notify(u32 value, void *context)
2328 + rfkill_set_states(wwan_rfkill,
2329 + hp_wmi_get_sw_state(HPWMI_WWAN),
2330 + hp_wmi_get_hw_state(HPWMI_WWAN));
2331 +- } else
2332 ++ break;
2333 ++ default:
2334 + printk(KERN_INFO "HP WMI: Unknown key pressed - %x\n",
2335 + eventcode);
2336 ++ break;
2337 ++ }
2338 + }
2339 +
2340 + static int __init hp_wmi_input_setup(void)
2341 +diff --git a/drivers/rtc/rtc-s3c.c b/drivers/rtc/rtc-s3c.c
2342 +index 70b68d3..2a305ef 100644
2343 +--- a/drivers/rtc/rtc-s3c.c
2344 ++++ b/drivers/rtc/rtc-s3c.c
2345 +@@ -298,11 +298,6 @@ static int s3c_rtc_setalarm(struct device *dev, struct rtc_wkalrm *alrm)
2346 +
2347 + s3c_rtc_setaie(alrm->enabled);
2348 +
2349 +- if (alrm->enabled)
2350 +- enable_irq_wake(s3c_rtc_alarmno);
2351 +- else
2352 +- disable_irq_wake(s3c_rtc_alarmno);
2353 +-
2354 + return 0;
2355 + }
2356 +
2357 +@@ -547,6 +542,10 @@ static int s3c_rtc_suspend(struct platform_device *pdev, pm_message_t state)
2358 + ticnt_en_save &= S3C64XX_RTCCON_TICEN;
2359 + }
2360 + s3c_rtc_enable(pdev, 0);
2361 ++
2362 ++ if (device_may_wakeup(&pdev->dev))
2363 ++ enable_irq_wake(s3c_rtc_alarmno);
2364 ++
2365 + return 0;
2366 + }
2367 +
2368 +@@ -560,6 +559,10 @@ static int s3c_rtc_resume(struct platform_device *pdev)
2369 + tmp = readb(s3c_rtc_base + S3C2410_RTCCON);
2370 + writeb(tmp | ticnt_en_save, s3c_rtc_base + S3C2410_RTCCON);
2371 + }
2372 ++
2373 ++ if (device_may_wakeup(&pdev->dev))
2374 ++ disable_irq_wake(s3c_rtc_alarmno);
2375 ++
2376 + return 0;
2377 + }
2378 + #else
2379 +diff --git a/drivers/staging/vt6655/wpactl.c b/drivers/staging/vt6655/wpactl.c
2380 +index 22c2fab..f79808e 100644
2381 +--- a/drivers/staging/vt6655/wpactl.c
2382 ++++ b/drivers/staging/vt6655/wpactl.c
2383 +@@ -766,9 +766,14 @@ static int wpa_set_associate(PSDevice pDevice,
2384 + DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wpa_ie_len = %d\n", param->u.wpa_associate.wpa_ie_len);
2385 +
2386 +
2387 +- if (param->u.wpa_associate.wpa_ie &&
2388 +- copy_from_user(&abyWPAIE[0], param->u.wpa_associate.wpa_ie, param->u.wpa_associate.wpa_ie_len))
2389 +- return -EINVAL;
2390 ++ if (param->u.wpa_associate.wpa_ie_len) {
2391 ++ if (!param->u.wpa_associate.wpa_ie)
2392 ++ return -EINVAL;
2393 ++ if (param->u.wpa_associate.wpa_ie_len > sizeof(abyWPAIE))
2394 ++ return -EINVAL;
2395 ++ if (copy_from_user(&abyWPAIE[0], param->u.wpa_associate.wpa_ie, param->u.wpa_associate.wpa_ie_len))
2396 ++ return -EFAULT;
2397 ++ }
2398 +
2399 + if (param->u.wpa_associate.mode == 1)
2400 + pMgmt->eConfigMode = WMAC_CONFIG_IBSS_STA;
2401 +diff --git a/drivers/usb/musb/musb_debugfs.c b/drivers/usb/musb/musb_debugfs.c
2402 +index c79a5e3..9e8639d 100644
2403 +--- a/drivers/usb/musb/musb_debugfs.c
2404 ++++ b/drivers/usb/musb/musb_debugfs.c
2405 +@@ -195,15 +195,14 @@ static const struct file_operations musb_regdump_fops = {
2406 +
2407 + static int musb_test_mode_open(struct inode *inode, struct file *file)
2408 + {
2409 +- file->private_data = inode->i_private;
2410 +-
2411 + return single_open(file, musb_test_mode_show, inode->i_private);
2412 + }
2413 +
2414 + static ssize_t musb_test_mode_write(struct file *file,
2415 + const char __user *ubuf, size_t count, loff_t *ppos)
2416 + {
2417 +- struct musb *musb = file->private_data;
2418 ++ struct seq_file *s = file->private_data;
2419 ++ struct musb *musb = s->private;
2420 + u8 test = 0;
2421 + char buf[18];
2422 +
2423 +diff --git a/drivers/usb/serial/mos7720.c b/drivers/usb/serial/mos7720.c
2424 +index 30922a7..aa66581 100644
2425 +--- a/drivers/usb/serial/mos7720.c
2426 ++++ b/drivers/usb/serial/mos7720.c
2427 +@@ -2024,6 +2024,9 @@ static int mos7720_ioctl(struct tty_struct *tty, struct file *file,
2428 +
2429 + case TIOCGICOUNT:
2430 + cnow = mos7720_port->icount;
2431 ++
2432 ++ memset(&icount, 0, sizeof(struct serial_icounter_struct));
2433 ++
2434 + icount.cts = cnow.cts;
2435 + icount.dsr = cnow.dsr;
2436 + icount.rng = cnow.rng;
2437 +diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c
2438 +index 1c9b6e9..1a42bc2 100644
2439 +--- a/drivers/usb/serial/mos7840.c
2440 ++++ b/drivers/usb/serial/mos7840.c
2441 +@@ -2285,6 +2285,9 @@ static int mos7840_ioctl(struct tty_struct *tty, struct file *file,
2442 + case TIOCGICOUNT:
2443 + cnow = mos7840_port->icount;
2444 + smp_rmb();
2445 ++
2446 ++ memset(&icount, 0, sizeof(struct serial_icounter_struct));
2447 ++
2448 + icount.cts = cnow.cts;
2449 + icount.dsr = cnow.dsr;
2450 + icount.rng = cnow.rng;
2451 +diff --git a/drivers/video/sis/sis_main.c b/drivers/video/sis/sis_main.c
2452 +index 559bf17..b52f8e4 100644
2453 +--- a/drivers/video/sis/sis_main.c
2454 ++++ b/drivers/video/sis/sis_main.c
2455 +@@ -1701,6 +1701,9 @@ static int sisfb_ioctl(struct fb_info *info, unsigned int cmd,
2456 + break;
2457 +
2458 + case FBIOGET_VBLANK:
2459 ++
2460 ++ memset(&sisvbblank, 0, sizeof(struct fb_vblank));
2461 ++
2462 + sisvbblank.count = 0;
2463 + sisvbblank.flags = sisfb_setupvbblankflags(ivideo, &sisvbblank.vcount, &sisvbblank.hcount);
2464 +
2465 +diff --git a/drivers/video/via/ioctl.c b/drivers/video/via/ioctl.c
2466 +index da03c07..4d553d0 100644
2467 +--- a/drivers/video/via/ioctl.c
2468 ++++ b/drivers/video/via/ioctl.c
2469 +@@ -25,6 +25,8 @@ int viafb_ioctl_get_viafb_info(u_long arg)
2470 + {
2471 + struct viafb_ioctl_info viainfo;
2472 +
2473 ++ memset(&viainfo, 0, sizeof(struct viafb_ioctl_info));
2474 ++
2475 + viainfo.viafb_id = VIAID;
2476 + viainfo.vendor_id = PCI_VIA_VENDOR_ID;
2477 +
2478 +diff --git a/fs/aio.c b/fs/aio.c
2479 +index 1ccf25c..5fb0fd7 100644
2480 +--- a/fs/aio.c
2481 ++++ b/fs/aio.c
2482 +@@ -712,8 +712,16 @@ static ssize_t aio_run_iocb(struct kiocb *iocb)
2483 + */
2484 + ret = retry(iocb);
2485 +
2486 +- if (ret != -EIOCBRETRY && ret != -EIOCBQUEUED)
2487 ++ if (ret != -EIOCBRETRY && ret != -EIOCBQUEUED) {
2488 ++ /*
2489 ++ * There's no easy way to restart the syscall since other AIO's
2490 ++ * may be already running. Just fail this IO with EINTR.
2491 ++ */
2492 ++ if (unlikely(ret == -ERESTARTSYS || ret == -ERESTARTNOINTR ||
2493 ++ ret == -ERESTARTNOHAND || ret == -ERESTART_RESTARTBLOCK))
2494 ++ ret = -EINTR;
2495 + aio_complete(iocb, ret, 0);
2496 ++ }
2497 + out:
2498 + spin_lock_irq(&ctx->ctx_lock);
2499 +
2500 +@@ -1659,6 +1667,9 @@ long do_io_submit(aio_context_t ctx_id, long nr,
2501 + if (unlikely(nr < 0))
2502 + return -EINVAL;
2503 +
2504 ++ if (unlikely(nr > LONG_MAX/sizeof(*iocbpp)))
2505 ++ nr = LONG_MAX/sizeof(*iocbpp);
2506 ++
2507 + if (unlikely(!access_ok(VERIFY_READ, iocbpp, (nr*sizeof(*iocbpp)))))
2508 + return -EFAULT;
2509 +
2510 +diff --git a/fs/char_dev.c b/fs/char_dev.c
2511 +index f80a4f2..143d393 100644
2512 +--- a/fs/char_dev.c
2513 ++++ b/fs/char_dev.c
2514 +@@ -40,7 +40,9 @@ struct backing_dev_info directly_mappable_cdev_bdi = {
2515 + #endif
2516 + /* permit direct mmap, for read, write or exec */
2517 + BDI_CAP_MAP_DIRECT |
2518 +- BDI_CAP_READ_MAP | BDI_CAP_WRITE_MAP | BDI_CAP_EXEC_MAP),
2519 ++ BDI_CAP_READ_MAP | BDI_CAP_WRITE_MAP | BDI_CAP_EXEC_MAP |
2520 ++ /* no writeback happens */
2521 ++ BDI_CAP_NO_ACCT_AND_WRITEBACK),
2522 + };
2523 +
2524 + static struct kobj_map *cdev_map;
2525 +diff --git a/fs/compat.c b/fs/compat.c
2526 +index 6490d21..af7c230 100644
2527 +--- a/fs/compat.c
2528 ++++ b/fs/compat.c
2529 +@@ -1150,7 +1150,7 @@ static ssize_t compat_do_readv_writev(int type, struct file *file,
2530 + {
2531 + compat_ssize_t tot_len;
2532 + struct iovec iovstack[UIO_FASTIOV];
2533 +- struct iovec *iov;
2534 ++ struct iovec *iov = iovstack;
2535 + ssize_t ret;
2536 + io_fn_t fn;
2537 + iov_fn_t fnv;
2538 +diff --git a/fs/gfs2/log.c b/fs/gfs2/log.c
2539 +index 6a857e2..83917b5 100644
2540 +--- a/fs/gfs2/log.c
2541 ++++ b/fs/gfs2/log.c
2542 +@@ -932,7 +932,7 @@ int gfs2_logd(void *data)
2543 +
2544 + do {
2545 + prepare_to_wait(&sdp->sd_logd_waitq, &wait,
2546 +- TASK_UNINTERRUPTIBLE);
2547 ++ TASK_INTERRUPTIBLE);
2548 + if (!gfs2_ail_flush_reqd(sdp) &&
2549 + !gfs2_jrnl_flush_reqd(sdp) &&
2550 + !kthread_should_stop())
2551 +diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
2552 +index e46ca68..0c6bbc0 100644
2553 +--- a/fs/notify/inotify/inotify_user.c
2554 ++++ b/fs/notify/inotify/inotify_user.c
2555 +@@ -96,8 +96,11 @@ static inline __u32 inotify_arg_to_mask(u32 arg)
2556 + {
2557 + __u32 mask;
2558 +
2559 +- /* everything should accept their own ignored and cares about children */
2560 +- mask = (FS_IN_IGNORED | FS_EVENT_ON_CHILD);
2561 ++ /*
2562 ++ * everything should accept their own ignored, cares about children,
2563 ++ * and should receive events when the inode is unmounted
2564 ++ */
2565 ++ mask = (FS_IN_IGNORED | FS_EVENT_ON_CHILD | FS_UNMOUNT);
2566 +
2567 + /* mask off the flags used to open the fd */
2568 + mask |= (arg & (IN_ALL_EVENTS | IN_ONESHOT));
2569 +diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c
2570 +index 91c817f..2367fb3 100644
2571 +--- a/fs/proc/vmcore.c
2572 ++++ b/fs/proc/vmcore.c
2573 +@@ -163,7 +163,7 @@ static ssize_t read_vmcore(struct file *file, char __user *buffer,
2574 +
2575 + static const struct file_operations proc_vmcore_operations = {
2576 + .read = read_vmcore,
2577 +- .llseek = generic_file_llseek,
2578 ++ .llseek = default_llseek,
2579 + };
2580 +
2581 + static struct vmcore* __init get_new_element(void)
2582 +diff --git a/fs/xfs/linux-2.6/xfs_ioctl.c b/fs/xfs/linux-2.6/xfs_ioctl.c
2583 +index e59a810..82a74f6 100644
2584 +--- a/fs/xfs/linux-2.6/xfs_ioctl.c
2585 ++++ b/fs/xfs/linux-2.6/xfs_ioctl.c
2586 +@@ -794,6 +794,8 @@ xfs_ioc_fsgetxattr(
2587 + {
2588 + struct fsxattr fa;
2589 +
2590 ++ memset(&fa, 0, sizeof(struct fsxattr));
2591 ++
2592 + xfs_ilock(ip, XFS_ILOCK_SHARED);
2593 + fa.fsx_xflags = xfs_ip2xflags(ip);
2594 + fa.fsx_extsize = ip->i_d.di_extsize << ip->i_mount->m_sb.sb_blocklog;
2595 +diff --git a/include/linux/ksm.h b/include/linux/ksm.h
2596 +index 43bdab7..e809eb1 100644
2597 +--- a/include/linux/ksm.h
2598 ++++ b/include/linux/ksm.h
2599 +@@ -16,6 +16,9 @@
2600 + struct stable_node;
2601 + struct mem_cgroup;
2602 +
2603 ++struct page *ksm_does_need_to_copy(struct page *page,
2604 ++ struct vm_area_struct *vma, unsigned long address);
2605 ++
2606 + #ifdef CONFIG_KSM
2607 + int ksm_madvise(struct vm_area_struct *vma, unsigned long start,
2608 + unsigned long end, int advice, unsigned long *vm_flags);
2609 +@@ -70,19 +73,14 @@ static inline void set_page_stable_node(struct page *page,
2610 + * We'd like to make this conditional on vma->vm_flags & VM_MERGEABLE,
2611 + * but what if the vma was unmerged while the page was swapped out?
2612 + */
2613 +-struct page *ksm_does_need_to_copy(struct page *page,
2614 +- struct vm_area_struct *vma, unsigned long address);
2615 +-static inline struct page *ksm_might_need_to_copy(struct page *page,
2616 ++static inline int ksm_might_need_to_copy(struct page *page,
2617 + struct vm_area_struct *vma, unsigned long address)
2618 + {
2619 + struct anon_vma *anon_vma = page_anon_vma(page);
2620 +
2621 +- if (!anon_vma ||
2622 +- (anon_vma == vma->anon_vma &&
2623 +- page->index == linear_page_index(vma, address)))
2624 +- return page;
2625 +-
2626 +- return ksm_does_need_to_copy(page, vma, address);
2627 ++ return anon_vma &&
2628 ++ (anon_vma != vma->anon_vma ||
2629 ++ page->index != linear_page_index(vma, address));
2630 + }
2631 +
2632 + int page_referenced_ksm(struct page *page,
2633 +@@ -115,10 +113,10 @@ static inline int ksm_madvise(struct vm_area_struct *vma, unsigned long start,
2634 + return 0;
2635 + }
2636 +
2637 +-static inline struct page *ksm_might_need_to_copy(struct page *page,
2638 ++static inline int ksm_might_need_to_copy(struct page *page,
2639 + struct vm_area_struct *vma, unsigned long address)
2640 + {
2641 +- return page;
2642 ++ return 0;
2643 + }
2644 +
2645 + static inline int page_referenced_ksm(struct page *page,
2646 +diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
2647 +index 7cb116a..f24d8fc 100644
2648 +--- a/include/linux/kvm_host.h
2649 ++++ b/include/linux/kvm_host.h
2650 +@@ -123,6 +123,7 @@ struct kvm_memory_slot {
2651 + } *lpage_info[KVM_NR_PAGE_SIZES - 1];
2652 + unsigned long userspace_addr;
2653 + int user_alloc;
2654 ++ int id;
2655 + };
2656 +
2657 + static inline unsigned long kvm_dirty_bitmap_bytes(struct kvm_memory_slot *memslot)
2658 +diff --git a/include/linux/mm.h b/include/linux/mm.h
2659 +index a2b4804..c1f54d2 100644
2660 +--- a/include/linux/mm.h
2661 ++++ b/include/linux/mm.h
2662 +@@ -78,7 +78,11 @@ extern unsigned int kobjsize(const void *objp);
2663 + #define VM_MAYSHARE 0x00000080
2664 +
2665 + #define VM_GROWSDOWN 0x00000100 /* general info on the segment */
2666 ++#if defined(CONFIG_STACK_GROWSUP) || defined(CONFIG_IA64)
2667 + #define VM_GROWSUP 0x00000200
2668 ++#else
2669 ++#define VM_GROWSUP 0x00000000
2670 ++#endif
2671 + #define VM_PFNMAP 0x00000400 /* Page-ranges managed without "struct page", just pure PFN */
2672 + #define VM_DENYWRITE 0x00000800 /* ETXTBSY on write attempts.. */
2673 +
2674 +@@ -1329,8 +1333,10 @@ unsigned long ra_submit(struct file_ra_state *ra,
2675 +
2676 + /* Do stack extension */
2677 + extern int expand_stack(struct vm_area_struct *vma, unsigned long address);
2678 +-#ifdef CONFIG_IA64
2679 ++#if VM_GROWSUP
2680 + extern int expand_upwards(struct vm_area_struct *vma, unsigned long address);
2681 ++#else
2682 ++ #define expand_upwards(vma, address) do { } while (0)
2683 + #endif
2684 + extern int expand_stack_downwards(struct vm_area_struct *vma,
2685 + unsigned long address);
2686 +diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
2687 +index b4d109e..8b2db3d 100644
2688 +--- a/include/linux/mmzone.h
2689 ++++ b/include/linux/mmzone.h
2690 +@@ -284,6 +284,13 @@ struct zone {
2691 + unsigned long watermark[NR_WMARK];
2692 +
2693 + /*
2694 ++ * When free pages are below this point, additional steps are taken
2695 ++ * when reading the number of free pages to avoid per-cpu counter
2696 ++ * drift allowing watermarks to be breached
2697 ++ */
2698 ++ unsigned long percpu_drift_mark;
2699 ++
2700 ++ /*
2701 + * We don't know if the memory that we're going to allocate will be freeable
2702 + * or/and it will be released eventually, so to avoid totally wasting several
2703 + * GB of ram we must reserve some of the lower zone memory (otherwise we risk
2704 +@@ -456,6 +463,12 @@ static inline int zone_is_oom_locked(const struct zone *zone)
2705 + return test_bit(ZONE_OOM_LOCKED, &zone->flags);
2706 + }
2707 +
2708 ++#ifdef CONFIG_SMP
2709 ++unsigned long zone_nr_free_pages(struct zone *zone);
2710 ++#else
2711 ++#define zone_nr_free_pages(zone) zone_page_state(zone, NR_FREE_PAGES)
2712 ++#endif /* CONFIG_SMP */
2713 ++
2714 + /*
2715 + * The "priority" of VM scanning is how much of the queues we will scan in one
2716 + * go. A value of 12 for DEF_PRIORITY implies that we will scan 1/4096th of the
2717 +diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h
2718 +index 7f43ccd..eaaea37 100644
2719 +--- a/include/linux/vmstat.h
2720 ++++ b/include/linux/vmstat.h
2721 +@@ -170,6 +170,28 @@ static inline unsigned long zone_page_state(struct zone *zone,
2722 + return x;
2723 + }
2724 +
2725 ++/*
2726 ++ * More accurate version that also considers the currently pending
2727 ++ * deltas. For that we need to loop over all cpus to find the current
2728 ++ * deltas. There is no synchronization so the result cannot be
2729 ++ * exactly accurate either.
2730 ++ */
2731 ++static inline unsigned long zone_page_state_snapshot(struct zone *zone,
2732 ++ enum zone_stat_item item)
2733 ++{
2734 ++ long x = atomic_long_read(&zone->vm_stat[item]);
2735 ++
2736 ++#ifdef CONFIG_SMP
2737 ++ int cpu;
2738 ++ for_each_online_cpu(cpu)
2739 ++ x += per_cpu_ptr(zone->pageset, cpu)->vm_stat_diff[item];
2740 ++
2741 ++ if (x < 0)
2742 ++ x = 0;
2743 ++#endif
2744 ++ return x;
2745 ++}
2746 ++
2747 + extern unsigned long global_reclaimable_pages(void);
2748 + extern unsigned long zone_reclaimable_pages(struct zone *zone);
2749 +
2750 +diff --git a/include/net/sock.h b/include/net/sock.h
2751 +index 0a691ea..e2a9f59 100644
2752 +--- a/include/net/sock.h
2753 ++++ b/include/net/sock.h
2754 +@@ -749,6 +749,7 @@ struct proto {
2755 + /* Keeping track of sk's, looking them up, and port selection methods. */
2756 + void (*hash)(struct sock *sk);
2757 + void (*unhash)(struct sock *sk);
2758 ++ void (*rehash)(struct sock *sk);
2759 + int (*get_port)(struct sock *sk, unsigned short snum);
2760 +
2761 + /* Keeping track of sockets in use */
2762 +diff --git a/include/net/tcp.h b/include/net/tcp.h
2763 +index a144914..e824cf0 100644
2764 +--- a/include/net/tcp.h
2765 ++++ b/include/net/tcp.h
2766 +@@ -268,11 +268,21 @@ static inline int between(__u32 seq1, __u32 seq2, __u32 seq3)
2767 + return seq3 - seq2 >= seq1 - seq2;
2768 + }
2769 +
2770 +-static inline int tcp_too_many_orphans(struct sock *sk, int num)
2771 ++static inline bool tcp_too_many_orphans(struct sock *sk, int shift)
2772 + {
2773 +- return (num > sysctl_tcp_max_orphans) ||
2774 +- (sk->sk_wmem_queued > SOCK_MIN_SNDBUF &&
2775 +- atomic_read(&tcp_memory_allocated) > sysctl_tcp_mem[2]);
2776 ++ struct percpu_counter *ocp = sk->sk_prot->orphan_count;
2777 ++ int orphans = percpu_counter_read_positive(ocp);
2778 ++
2779 ++ if (orphans << shift > sysctl_tcp_max_orphans) {
2780 ++ orphans = percpu_counter_sum_positive(ocp);
2781 ++ if (orphans << shift > sysctl_tcp_max_orphans)
2782 ++ return true;
2783 ++ }
2784 ++
2785 ++ if (sk->sk_wmem_queued > SOCK_MIN_SNDBUF &&
2786 ++ atomic_read(&tcp_memory_allocated) > sysctl_tcp_mem[2])
2787 ++ return true;
2788 ++ return false;
2789 + }
2790 +
2791 + /* syncookies: remember time of last synqueue overflow */
2792 +@@ -509,8 +519,22 @@ extern unsigned int tcp_current_mss(struct sock *sk);
2793 + /* Bound MSS / TSO packet size with the half of the window */
2794 + static inline int tcp_bound_to_half_wnd(struct tcp_sock *tp, int pktsize)
2795 + {
2796 +- if (tp->max_window && pktsize > (tp->max_window >> 1))
2797 +- return max(tp->max_window >> 1, 68U - tp->tcp_header_len);
2798 ++ int cutoff;
2799 ++
2800 ++ /* When peer uses tiny windows, there is no use in packetizing
2801 ++ * to sub-MSS pieces for the sake of SWS or making sure there
2802 ++ * are enough packets in the pipe for fast recovery.
2803 ++ *
2804 ++ * On the other hand, for extremely large MSS devices, handling
2805 ++ * smaller than MSS windows in this way does make sense.
2806 ++ */
2807 ++ if (tp->max_window >= 512)
2808 ++ cutoff = (tp->max_window >> 1);
2809 ++ else
2810 ++ cutoff = tp->max_window;
2811 ++
2812 ++ if (cutoff && pktsize > cutoff)
2813 ++ return max_t(int, cutoff, 68U - tp->tcp_header_len);
2814 + else
2815 + return pktsize;
2816 + }
2817 +diff --git a/include/net/udp.h b/include/net/udp.h
2818 +index 5348d80..4201dc8 100644
2819 +--- a/include/net/udp.h
2820 ++++ b/include/net/udp.h
2821 +@@ -151,6 +151,7 @@ static inline void udp_lib_hash(struct sock *sk)
2822 + }
2823 +
2824 + extern void udp_lib_unhash(struct sock *sk);
2825 ++extern void udp_lib_rehash(struct sock *sk, u16 new_hash);
2826 +
2827 + static inline void udp_lib_close(struct sock *sk, long timeout)
2828 + {
2829 +diff --git a/kernel/exit.c b/kernel/exit.c
2830 +index ceffc67..ac90425 100644
2831 +--- a/kernel/exit.c
2832 ++++ b/kernel/exit.c
2833 +@@ -1383,8 +1383,7 @@ static int wait_task_stopped(struct wait_opts *wo,
2834 + if (!unlikely(wo->wo_flags & WNOWAIT))
2835 + *p_code = 0;
2836 +
2837 +- /* don't need the RCU readlock here as we're holding a spinlock */
2838 +- uid = __task_cred(p)->uid;
2839 ++ uid = task_uid(p);
2840 + unlock_sig:
2841 + spin_unlock_irq(&p->sighand->siglock);
2842 + if (!exit_code)
2843 +@@ -1457,7 +1456,7 @@ static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
2844 + }
2845 + if (!unlikely(wo->wo_flags & WNOWAIT))
2846 + p->signal->flags &= ~SIGNAL_STOP_CONTINUED;
2847 +- uid = __task_cred(p)->uid;
2848 ++ uid = task_uid(p);
2849 + spin_unlock_irq(&p->sighand->siglock);
2850 +
2851 + pid = task_pid_vnr(p);
2852 +diff --git a/kernel/hw_breakpoint.c b/kernel/hw_breakpoint.c
2853 +index 7a56b22..6eb6422 100644
2854 +--- a/kernel/hw_breakpoint.c
2855 ++++ b/kernel/hw_breakpoint.c
2856 +@@ -417,7 +417,8 @@ register_user_hw_breakpoint(struct perf_event_attr *attr,
2857 + perf_overflow_handler_t triggered,
2858 + struct task_struct *tsk)
2859 + {
2860 +- return perf_event_create_kernel_counter(attr, -1, tsk->pid, triggered);
2861 ++ return perf_event_create_kernel_counter(attr, -1, task_pid_vnr(tsk),
2862 ++ triggered);
2863 + }
2864 + EXPORT_SYMBOL_GPL(register_user_hw_breakpoint);
2865 +
2866 +diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c
2867 +index 25ce010..7fa52b5 100644
2868 +--- a/kernel/power/snapshot.c
2869 ++++ b/kernel/power/snapshot.c
2870 +@@ -1121,9 +1121,19 @@ static unsigned long preallocate_image_pages(unsigned long nr_pages, gfp_t mask)
2871 + return nr_alloc;
2872 + }
2873 +
2874 +-static unsigned long preallocate_image_memory(unsigned long nr_pages)
2875 ++static unsigned long preallocate_image_memory(unsigned long nr_pages,
2876 ++ unsigned long avail_normal)
2877 + {
2878 +- return preallocate_image_pages(nr_pages, GFP_IMAGE);
2879 ++ unsigned long alloc;
2880 ++
2881 ++ if (avail_normal <= alloc_normal)
2882 ++ return 0;
2883 ++
2884 ++ alloc = avail_normal - alloc_normal;
2885 ++ if (nr_pages < alloc)
2886 ++ alloc = nr_pages;
2887 ++
2888 ++ return preallocate_image_pages(alloc, GFP_IMAGE);
2889 + }
2890 +
2891 + #ifdef CONFIG_HIGHMEM
2892 +@@ -1169,15 +1179,22 @@ static inline unsigned long preallocate_highmem_fraction(unsigned long nr_pages,
2893 + */
2894 + static void free_unnecessary_pages(void)
2895 + {
2896 +- unsigned long save_highmem, to_free_normal, to_free_highmem;
2897 ++ unsigned long save, to_free_normal, to_free_highmem;
2898 +
2899 +- to_free_normal = alloc_normal - count_data_pages();
2900 +- save_highmem = count_highmem_pages();
2901 +- if (alloc_highmem > save_highmem) {
2902 +- to_free_highmem = alloc_highmem - save_highmem;
2903 ++ save = count_data_pages();
2904 ++ if (alloc_normal >= save) {
2905 ++ to_free_normal = alloc_normal - save;
2906 ++ save = 0;
2907 ++ } else {
2908 ++ to_free_normal = 0;
2909 ++ save -= alloc_normal;
2910 ++ }
2911 ++ save += count_highmem_pages();
2912 ++ if (alloc_highmem >= save) {
2913 ++ to_free_highmem = alloc_highmem - save;
2914 + } else {
2915 + to_free_highmem = 0;
2916 +- to_free_normal -= save_highmem - alloc_highmem;
2917 ++ to_free_normal -= save - alloc_highmem;
2918 + }
2919 +
2920 + memory_bm_position_reset(&copy_bm);
2921 +@@ -1258,7 +1275,7 @@ int hibernate_preallocate_memory(void)
2922 + {
2923 + struct zone *zone;
2924 + unsigned long saveable, size, max_size, count, highmem, pages = 0;
2925 +- unsigned long alloc, save_highmem, pages_highmem;
2926 ++ unsigned long alloc, save_highmem, pages_highmem, avail_normal;
2927 + struct timeval start, stop;
2928 + int error;
2929 +
2930 +@@ -1295,6 +1312,7 @@ int hibernate_preallocate_memory(void)
2931 + else
2932 + count += zone_page_state(zone, NR_FREE_PAGES);
2933 + }
2934 ++ avail_normal = count;
2935 + count += highmem;
2936 + count -= totalreserve_pages;
2937 +
2938 +@@ -1309,12 +1327,21 @@ int hibernate_preallocate_memory(void)
2939 + */
2940 + if (size >= saveable) {
2941 + pages = preallocate_image_highmem(save_highmem);
2942 +- pages += preallocate_image_memory(saveable - pages);
2943 ++ pages += preallocate_image_memory(saveable - pages, avail_normal);
2944 + goto out;
2945 + }
2946 +
2947 + /* Estimate the minimum size of the image. */
2948 + pages = minimum_image_size(saveable);
2949 ++ /*
2950 ++ * To avoid excessive pressure on the normal zone, leave room in it to
2951 ++ * accommodate an image of the minimum size (unless it's already too
2952 ++ * small, in which case don't preallocate pages from it at all).
2953 ++ */
2954 ++ if (avail_normal > pages)
2955 ++ avail_normal -= pages;
2956 ++ else
2957 ++ avail_normal = 0;
2958 + if (size < pages)
2959 + size = min_t(unsigned long, pages, max_size);
2960 +
2961 +@@ -1335,16 +1362,34 @@ int hibernate_preallocate_memory(void)
2962 + */
2963 + pages_highmem = preallocate_image_highmem(highmem / 2);
2964 + alloc = (count - max_size) - pages_highmem;
2965 +- pages = preallocate_image_memory(alloc);
2966 +- if (pages < alloc)
2967 +- goto err_out;
2968 +- size = max_size - size;
2969 +- alloc = size;
2970 +- size = preallocate_highmem_fraction(size, highmem, count);
2971 +- pages_highmem += size;
2972 +- alloc -= size;
2973 +- pages += preallocate_image_memory(alloc);
2974 +- pages += pages_highmem;
2975 ++ pages = preallocate_image_memory(alloc, avail_normal);
2976 ++ if (pages < alloc) {
2977 ++ /* We have exhausted non-highmem pages, try highmem. */
2978 ++ alloc -= pages;
2979 ++ pages += pages_highmem;
2980 ++ pages_highmem = preallocate_image_highmem(alloc);
2981 ++ if (pages_highmem < alloc)
2982 ++ goto err_out;
2983 ++ pages += pages_highmem;
2984 ++ /*
2985 ++ * size is the desired number of saveable pages to leave in
2986 ++ * memory, so try to preallocate (all memory - size) pages.
2987 ++ */
2988 ++ alloc = (count - pages) - size;
2989 ++ pages += preallocate_image_highmem(alloc);
2990 ++ } else {
2991 ++ /*
2992 ++ * There are approximately max_size saveable pages at this point
2993 ++ * and we want to reduce this number down to size.
2994 ++ */
2995 ++ alloc = max_size - size;
2996 ++ size = preallocate_highmem_fraction(alloc, highmem, count);
2997 ++ pages_highmem += size;
2998 ++ alloc -= size;
2999 ++ size = preallocate_image_memory(alloc, avail_normal);
3000 ++ pages_highmem += preallocate_image_highmem(alloc - size);
3001 ++ pages += pages_highmem + size;
3002 ++ }
3003 +
3004 + /*
3005 + * We only need as many page frames for the image as there are saveable
3006 +diff --git a/kernel/sched.c b/kernel/sched.c
3007 +index 6d0dbeb..4fa520b 100644
3008 +--- a/kernel/sched.c
3009 ++++ b/kernel/sched.c
3010 +@@ -3349,9 +3349,9 @@ void task_times(struct task_struct *p, cputime_t *ut, cputime_t *st)
3011 + rtime = nsecs_to_cputime(p->se.sum_exec_runtime);
3012 +
3013 + if (total) {
3014 +- u64 temp;
3015 ++ u64 temp = rtime;
3016 +
3017 +- temp = (u64)(rtime * utime);
3018 ++ temp *= utime;
3019 + do_div(temp, total);
3020 + utime = (cputime_t)temp;
3021 + } else
3022 +@@ -3382,9 +3382,9 @@ void thread_group_times(struct task_struct *p, cputime_t *ut, cputime_t *st)
3023 + rtime = nsecs_to_cputime(cputime.sum_exec_runtime);
3024 +
3025 + if (total) {
3026 +- u64 temp;
3027 ++ u64 temp = rtime;
3028 +
3029 +- temp = (u64)(rtime * cputime.utime);
3030 ++ temp *= cputime.utime;
3031 + do_div(temp, total);
3032 + utime = (cputime_t)temp;
3033 + } else
3034 +diff --git a/kernel/sys.c b/kernel/sys.c
3035 +index e83ddbb..f4fcc6e 100644
3036 +--- a/kernel/sys.c
3037 ++++ b/kernel/sys.c
3038 +@@ -931,6 +931,7 @@ SYSCALL_DEFINE2(setpgid, pid_t, pid, pid_t, pgid)
3039 + pgid = pid;
3040 + if (pgid < 0)
3041 + return -EINVAL;
3042 ++ rcu_read_lock();
3043 +
3044 + /* From this point forward we keep holding onto the tasklist lock
3045 + * so that our parent does not change from under us. -DaveM
3046 +@@ -984,6 +985,7 @@ SYSCALL_DEFINE2(setpgid, pid_t, pid, pid_t, pgid)
3047 + out:
3048 + /* All paths lead to here, thus we are safe. -DaveM */
3049 + write_unlock_irq(&tasklist_lock);
3050 ++ rcu_read_unlock();
3051 + return err;
3052 + }
3053 +
3054 +diff --git a/mm/backing-dev.c b/mm/backing-dev.c
3055 +index 123bcef..c0f7157 100644
3056 +--- a/mm/backing-dev.c
3057 ++++ b/mm/backing-dev.c
3058 +@@ -29,6 +29,7 @@ EXPORT_SYMBOL_GPL(default_backing_dev_info);
3059 +
3060 + struct backing_dev_info noop_backing_dev_info = {
3061 + .name = "noop",
3062 ++ .capabilities = BDI_CAP_NO_ACCT_AND_WRITEBACK,
3063 + };
3064 + EXPORT_SYMBOL_GPL(noop_backing_dev_info);
3065 +
3066 +@@ -254,6 +255,7 @@ static int __init default_bdi_init(void)
3067 + err = bdi_init(&default_backing_dev_info);
3068 + if (!err)
3069 + bdi_register(&default_backing_dev_info, NULL, "default");
3070 ++ err = bdi_init(&noop_backing_dev_info);
3071 +
3072 + return err;
3073 + }
3074 +diff --git a/mm/ksm.c b/mm/ksm.c
3075 +index 6c3e99b..17ee9df 100644
3076 +--- a/mm/ksm.c
3077 ++++ b/mm/ksm.c
3078 +@@ -1523,8 +1523,6 @@ struct page *ksm_does_need_to_copy(struct page *page,
3079 + {
3080 + struct page *new_page;
3081 +
3082 +- unlock_page(page); /* any racers will COW it, not modify it */
3083 +-
3084 + new_page = alloc_page_vma(GFP_HIGHUSER_MOVABLE, vma, address);
3085 + if (new_page) {
3086 + copy_user_highpage(new_page, page, address, vma);
3087 +@@ -1540,7 +1538,6 @@ struct page *ksm_does_need_to_copy(struct page *page,
3088 + add_page_to_unevictable_list(new_page);
3089 + }
3090 +
3091 +- page_cache_release(page);
3092 + return new_page;
3093 + }
3094 +
3095 +diff --git a/mm/memory.c b/mm/memory.c
3096 +index 53cf85d..7550758 100644
3097 +--- a/mm/memory.c
3098 ++++ b/mm/memory.c
3099 +@@ -2626,7 +2626,7 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
3100 + unsigned int flags, pte_t orig_pte)
3101 + {
3102 + spinlock_t *ptl;
3103 +- struct page *page;
3104 ++ struct page *page, *swapcache = NULL;
3105 + swp_entry_t entry;
3106 + pte_t pte;
3107 + struct mem_cgroup *ptr = NULL;
3108 +@@ -2681,10 +2681,25 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
3109 + lock_page(page);
3110 + delayacct_clear_flag(DELAYACCT_PF_SWAPIN);
3111 +
3112 +- page = ksm_might_need_to_copy(page, vma, address);
3113 +- if (!page) {
3114 +- ret = VM_FAULT_OOM;
3115 +- goto out;
3116 ++ /*
3117 ++ * Make sure try_to_free_swap or reuse_swap_page or swapoff did not
3118 ++ * release the swapcache from under us. The page pin, and pte_same
3119 ++ * test below, are not enough to exclude that. Even if it is still
3120 ++ * swapcache, we need to check that the page's swap has not changed.
3121 ++ */
3122 ++ if (unlikely(!PageSwapCache(page) || page_private(page) != entry.val))
3123 ++ goto out_page;
3124 ++
3125 ++ if (ksm_might_need_to_copy(page, vma, address)) {
3126 ++ swapcache = page;
3127 ++ page = ksm_does_need_to_copy(page, vma, address);
3128 ++
3129 ++ if (unlikely(!page)) {
3130 ++ ret = VM_FAULT_OOM;
3131 ++ page = swapcache;
3132 ++ swapcache = NULL;
3133 ++ goto out_page;
3134 ++ }
3135 + }
3136 +
3137 + if (mem_cgroup_try_charge_swapin(mm, page, GFP_KERNEL, &ptr)) {
3138 +@@ -2735,6 +2750,18 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
3139 + if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
3140 + try_to_free_swap(page);
3141 + unlock_page(page);
3142 ++ if (swapcache) {
3143 ++ /*
3144 ++ * Hold the lock to avoid the swap entry to be reused
3145 ++ * until we take the PT lock for the pte_same() check
3146 ++ * (to avoid false positives from pte_same). For
3147 ++ * further safety release the lock after the swap_free
3148 ++ * so that the swap count won't change under a
3149 ++ * parallel locked swapcache.
3150 ++ */
3151 ++ unlock_page(swapcache);
3152 ++ page_cache_release(swapcache);
3153 ++ }
3154 +
3155 + if (flags & FAULT_FLAG_WRITE) {
3156 + ret |= do_wp_page(mm, vma, address, page_table, pmd, ptl, pte);
3157 +@@ -2756,15 +2783,17 @@ out_page:
3158 + unlock_page(page);
3159 + out_release:
3160 + page_cache_release(page);
3161 ++ if (swapcache) {
3162 ++ unlock_page(swapcache);
3163 ++ page_cache_release(swapcache);
3164 ++ }
3165 + return ret;
3166 + }
3167 +
3168 + /*
3169 +- * This is like a special single-page "expand_downwards()",
3170 +- * except we must first make sure that 'address-PAGE_SIZE'
3171 ++ * This is like a special single-page "expand_{down|up}wards()",
3172 ++ * except we must first make sure that 'address{-|+}PAGE_SIZE'
3173 + * doesn't hit another vma.
3174 +- *
3175 +- * The "find_vma()" will do the right thing even if we wrap
3176 + */
3177 + static inline int check_stack_guard_page(struct vm_area_struct *vma, unsigned long address)
3178 + {
3179 +@@ -2783,6 +2812,15 @@ static inline int check_stack_guard_page(struct vm_area_struct *vma, unsigned lo
3180 +
3181 + expand_stack(vma, address - PAGE_SIZE);
3182 + }
3183 ++ if ((vma->vm_flags & VM_GROWSUP) && address + PAGE_SIZE == vma->vm_end) {
3184 ++ struct vm_area_struct *next = vma->vm_next;
3185 ++
3186 ++ /* As VM_GROWSDOWN but s/below/above/ */
3187 ++ if (next && next->vm_start == address + PAGE_SIZE)
3188 ++ return next->vm_flags & VM_GROWSUP ? 0 : -ENOMEM;
3189 ++
3190 ++ expand_upwards(vma, address + PAGE_SIZE);
3191 ++ }
3192 + return 0;
3193 + }
3194 +
3195 +diff --git a/mm/mmap.c b/mm/mmap.c
3196 +index 3867cfc..3a94362 100644
3197 +--- a/mm/mmap.c
3198 ++++ b/mm/mmap.c
3199 +@@ -1704,9 +1704,6 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
3200 + * PA-RISC uses this for its stack; IA64 for its Register Backing Store.
3201 + * vma is the last one with address > vma->vm_end. Have to extend vma.
3202 + */
3203 +-#ifndef CONFIG_IA64
3204 +-static
3205 +-#endif
3206 + int expand_upwards(struct vm_area_struct *vma, unsigned long address)
3207 + {
3208 + int error;
3209 +@@ -1997,6 +1994,7 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
3210 + removed_exe_file_vma(mm);
3211 + fput(new->vm_file);
3212 + }
3213 ++ unlink_anon_vmas(new);
3214 + out_free_mpol:
3215 + mpol_put(pol);
3216 + out_free_vma:
3217 +diff --git a/mm/mmzone.c b/mm/mmzone.c
3218 +index f5b7d17..e35bfb8 100644
3219 +--- a/mm/mmzone.c
3220 ++++ b/mm/mmzone.c
3221 +@@ -87,3 +87,24 @@ int memmap_valid_within(unsigned long pfn,
3222 + return 1;
3223 + }
3224 + #endif /* CONFIG_ARCH_HAS_HOLES_MEMORYMODEL */
3225 ++
3226 ++#ifdef CONFIG_SMP
3227 ++/* Called when a more accurate view of NR_FREE_PAGES is needed */
3228 ++unsigned long zone_nr_free_pages(struct zone *zone)
3229 ++{
3230 ++ unsigned long nr_free_pages = zone_page_state(zone, NR_FREE_PAGES);
3231 ++
3232 ++ /*
3233 ++ * While kswapd is awake, it is considered the zone is under some
3234 ++ * memory pressure. Under pressure, there is a risk that
3235 ++ * per-cpu-counter-drift will allow the min watermark to be breached
3236 ++ * potentially causing a live-lock. While kswapd is awake and
3237 ++ * free pages are low, get a better estimate for free pages
3238 ++ */
3239 ++ if (nr_free_pages < zone->percpu_drift_mark &&
3240 ++ !waitqueue_active(&zone->zone_pgdat->kswapd_wait))
3241 ++ return zone_page_state_snapshot(zone, NR_FREE_PAGES);
3242 ++
3243 ++ return nr_free_pages;
3244 ++}
3245 ++#endif /* CONFIG_SMP */
3246 +diff --git a/mm/page_alloc.c b/mm/page_alloc.c
3247 +index 9bd339e..f7cc624 100644
3248 +--- a/mm/page_alloc.c
3249 ++++ b/mm/page_alloc.c
3250 +@@ -588,13 +588,13 @@ static void free_pcppages_bulk(struct zone *zone, int count,
3251 + {
3252 + int migratetype = 0;
3253 + int batch_free = 0;
3254 ++ int to_free = count;
3255 +
3256 + spin_lock(&zone->lock);
3257 + zone->all_unreclaimable = 0;
3258 + zone->pages_scanned = 0;
3259 +
3260 +- __mod_zone_page_state(zone, NR_FREE_PAGES, count);
3261 +- while (count) {
3262 ++ while (to_free) {
3263 + struct page *page;
3264 + struct list_head *list;
3265 +
3266 +@@ -619,8 +619,9 @@ static void free_pcppages_bulk(struct zone *zone, int count,
3267 + /* MIGRATE_MOVABLE list may include MIGRATE_RESERVEs */
3268 + __free_one_page(page, zone, 0, page_private(page));
3269 + trace_mm_page_pcpu_drain(page, 0, page_private(page));
3270 +- } while (--count && --batch_free && !list_empty(list));
3271 ++ } while (--to_free && --batch_free && !list_empty(list));
3272 + }
3273 ++ __mod_zone_page_state(zone, NR_FREE_PAGES, count);
3274 + spin_unlock(&zone->lock);
3275 + }
3276 +
3277 +@@ -631,8 +632,8 @@ static void free_one_page(struct zone *zone, struct page *page, int order,
3278 + zone->all_unreclaimable = 0;
3279 + zone->pages_scanned = 0;
3280 +
3281 +- __mod_zone_page_state(zone, NR_FREE_PAGES, 1 << order);
3282 + __free_one_page(page, zone, order, migratetype);
3283 ++ __mod_zone_page_state(zone, NR_FREE_PAGES, 1 << order);
3284 + spin_unlock(&zone->lock);
3285 + }
3286 +
3287 +@@ -1461,7 +1462,7 @@ int zone_watermark_ok(struct zone *z, int order, unsigned long mark,
3288 + {
3289 + /* free_pages my go negative - that's OK */
3290 + long min = mark;
3291 +- long free_pages = zone_page_state(z, NR_FREE_PAGES) - (1 << order) + 1;
3292 ++ long free_pages = zone_nr_free_pages(z) - (1 << order) + 1;
3293 + int o;
3294 +
3295 + if (alloc_flags & ALLOC_HIGH)
3296 +@@ -1843,6 +1844,7 @@ __alloc_pages_direct_reclaim(gfp_t gfp_mask, unsigned int order,
3297 + struct page *page = NULL;
3298 + struct reclaim_state reclaim_state;
3299 + struct task_struct *p = current;
3300 ++ bool drained = false;
3301 +
3302 + cond_resched();
3303 +
3304 +@@ -1861,14 +1863,25 @@ __alloc_pages_direct_reclaim(gfp_t gfp_mask, unsigned int order,
3305 +
3306 + cond_resched();
3307 +
3308 +- if (order != 0)
3309 +- drain_all_pages();
3310 ++ if (unlikely(!(*did_some_progress)))
3311 ++ return NULL;
3312 +
3313 +- if (likely(*did_some_progress))
3314 +- page = get_page_from_freelist(gfp_mask, nodemask, order,
3315 ++retry:
3316 ++ page = get_page_from_freelist(gfp_mask, nodemask, order,
3317 + zonelist, high_zoneidx,
3318 + alloc_flags, preferred_zone,
3319 + migratetype);
3320 ++
3321 ++ /*
3322 ++ * If an allocation failed after direct reclaim, it could be because
3323 ++ * pages are pinned on the per-cpu lists. Drain them and try again
3324 ++ */
3325 ++ if (!page && !drained) {
3326 ++ drain_all_pages();
3327 ++ drained = true;
3328 ++ goto retry;
3329 ++ }
3330 ++
3331 + return page;
3332 + }
3333 +
3334 +@@ -2412,7 +2425,7 @@ void show_free_areas(void)
3335 + " all_unreclaimable? %s"
3336 + "\n",
3337 + zone->name,
3338 +- K(zone_page_state(zone, NR_FREE_PAGES)),
3339 ++ K(zone_nr_free_pages(zone)),
3340 + K(min_wmark_pages(zone)),
3341 + K(low_wmark_pages(zone)),
3342 + K(high_wmark_pages(zone)),
3343 +diff --git a/mm/percpu.c b/mm/percpu.c
3344 +index 6470e77..0a09fff 100644
3345 +--- a/mm/percpu.c
3346 ++++ b/mm/percpu.c
3347 +@@ -1413,9 +1413,9 @@ int __init pcpu_setup_first_chunk(const struct pcpu_alloc_info *ai,
3348 +
3349 + if (pcpu_first_unit_cpu == NR_CPUS)
3350 + pcpu_first_unit_cpu = cpu;
3351 ++ pcpu_last_unit_cpu = cpu;
3352 + }
3353 + }
3354 +- pcpu_last_unit_cpu = cpu;
3355 + pcpu_nr_units = unit;
3356 +
3357 + for_each_possible_cpu(cpu)
3358 +diff --git a/mm/vmscan.c b/mm/vmscan.c
3359 +index b94fe1b..9753626 100644
3360 +--- a/mm/vmscan.c
3361 ++++ b/mm/vmscan.c
3362 +@@ -1726,13 +1726,12 @@ static void shrink_zone(int priority, struct zone *zone,
3363 + * If a zone is deemed to be full of pinned pages then just give it a light
3364 + * scan then give up on it.
3365 + */
3366 +-static bool shrink_zones(int priority, struct zonelist *zonelist,
3367 ++static void shrink_zones(int priority, struct zonelist *zonelist,
3368 + struct scan_control *sc)
3369 + {
3370 + enum zone_type high_zoneidx = gfp_zone(sc->gfp_mask);
3371 + struct zoneref *z;
3372 + struct zone *zone;
3373 +- bool all_unreclaimable = true;
3374 +
3375 + for_each_zone_zonelist_nodemask(zone, z, zonelist, high_zoneidx,
3376 + sc->nodemask) {
3377 +@@ -1759,8 +1758,38 @@ static bool shrink_zones(int priority, struct zonelist *zonelist,
3378 + }
3379 +
3380 + shrink_zone(priority, zone, sc);
3381 +- all_unreclaimable = false;
3382 + }
3383 ++}
3384 ++
3385 ++static bool zone_reclaimable(struct zone *zone)
3386 ++{
3387 ++ return zone->pages_scanned < zone_reclaimable_pages(zone) * 6;
3388 ++}
3389 ++
3390 ++/*
3391 ++ * As hibernation is going on, kswapd is freezed so that it can't mark
3392 ++ * the zone into all_unreclaimable. It can't handle OOM during hibernation.
3393 ++ * So let's check zone's unreclaimable in direct reclaim as well as kswapd.
3394 ++ */
3395 ++static bool all_unreclaimable(struct zonelist *zonelist,
3396 ++ struct scan_control *sc)
3397 ++{
3398 ++ struct zoneref *z;
3399 ++ struct zone *zone;
3400 ++ bool all_unreclaimable = true;
3401 ++
3402 ++ for_each_zone_zonelist_nodemask(zone, z, zonelist,
3403 ++ gfp_zone(sc->gfp_mask), sc->nodemask) {
3404 ++ if (!populated_zone(zone))
3405 ++ continue;
3406 ++ if (!cpuset_zone_allowed_hardwall(zone, GFP_KERNEL))
3407 ++ continue;
3408 ++ if (zone_reclaimable(zone)) {
3409 ++ all_unreclaimable = false;
3410 ++ break;
3411 ++ }
3412 ++ }
3413 ++
3414 + return all_unreclaimable;
3415 + }
3416 +
3417 +@@ -1784,7 +1813,6 @@ static unsigned long do_try_to_free_pages(struct zonelist *zonelist,
3418 + struct scan_control *sc)
3419 + {
3420 + int priority;
3421 +- bool all_unreclaimable;
3422 + unsigned long total_scanned = 0;
3423 + struct reclaim_state *reclaim_state = current->reclaim_state;
3424 + unsigned long lru_pages = 0;
3425 +@@ -1815,7 +1843,7 @@ static unsigned long do_try_to_free_pages(struct zonelist *zonelist,
3426 + sc->nr_scanned = 0;
3427 + if (!priority)
3428 + disable_swap_token();
3429 +- all_unreclaimable = shrink_zones(priority, zonelist, sc);
3430 ++ shrink_zones(priority, zonelist, sc);
3431 + /*
3432 + * Don't shrink slabs when reclaiming memory from
3433 + * over limit cgroups
3434 +@@ -1879,7 +1907,7 @@ out:
3435 + return sc->nr_reclaimed;
3436 +
3437 + /* top priority shrink_zones still had more to do? don't OOM, then */
3438 +- if (scanning_global_lru(sc) && !all_unreclaimable)
3439 ++ if (scanning_global_lru(sc) && !all_unreclaimable(zonelist, sc))
3440 + return 1;
3441 +
3442 + return 0;
3443 +@@ -2137,8 +2165,7 @@ loop_again:
3444 + total_scanned += sc.nr_scanned;
3445 + if (zone->all_unreclaimable)
3446 + continue;
3447 +- if (nr_slab == 0 &&
3448 +- zone->pages_scanned >= (zone_reclaimable_pages(zone) * 6))
3449 ++ if (nr_slab == 0 && !zone_reclaimable(zone))
3450 + zone->all_unreclaimable = 1;
3451 + /*
3452 + * If we've done a decent amount of scanning and
3453 +diff --git a/mm/vmstat.c b/mm/vmstat.c
3454 +index 7759941..26d5716 100644
3455 +--- a/mm/vmstat.c
3456 ++++ b/mm/vmstat.c
3457 +@@ -138,11 +138,24 @@ static void refresh_zone_stat_thresholds(void)
3458 + int threshold;
3459 +
3460 + for_each_populated_zone(zone) {
3461 ++ unsigned long max_drift, tolerate_drift;
3462 ++
3463 + threshold = calculate_threshold(zone);
3464 +
3465 + for_each_online_cpu(cpu)
3466 + per_cpu_ptr(zone->pageset, cpu)->stat_threshold
3467 + = threshold;
3468 ++
3469 ++ /*
3470 ++ * Only set percpu_drift_mark if there is a danger that
3471 ++ * NR_FREE_PAGES reports the low watermark is ok when in fact
3472 ++ * the min watermark could be breached by an allocation
3473 ++ */
3474 ++ tolerate_drift = low_wmark_pages(zone) - min_wmark_pages(zone);
3475 ++ max_drift = num_online_cpus() * threshold;
3476 ++ if (max_drift > tolerate_drift)
3477 ++ zone->percpu_drift_mark = high_wmark_pages(zone) +
3478 ++ max_drift;
3479 + }
3480 + }
3481 +
3482 +@@ -813,7 +826,7 @@ static void zoneinfo_show_print(struct seq_file *m, pg_data_t *pgdat,
3483 + "\n scanned %lu"
3484 + "\n spanned %lu"
3485 + "\n present %lu",
3486 +- zone_page_state(zone, NR_FREE_PAGES),
3487 ++ zone_nr_free_pages(zone),
3488 + min_wmark_pages(zone),
3489 + low_wmark_pages(zone),
3490 + high_wmark_pages(zone),
3491 +diff --git a/net/Kconfig b/net/Kconfig
3492 +index 0d68b40..a44092e 100644
3493 +--- a/net/Kconfig
3494 ++++ b/net/Kconfig
3495 +@@ -206,7 +206,7 @@ source "net/dcb/Kconfig"
3496 +
3497 + config RPS
3498 + boolean
3499 +- depends on SMP && SYSFS
3500 ++ depends on SMP && SYSFS && USE_GENERIC_SMP_HELPERS
3501 + default y
3502 +
3503 + menu "Network testing"
3504 +diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
3505 +index 8fb75f8..e759b89 100644
3506 +--- a/net/bridge/br_netfilter.c
3507 ++++ b/net/bridge/br_netfilter.c
3508 +@@ -749,9 +749,11 @@ static int br_nf_dev_queue_xmit(struct sk_buff *skb)
3509 + {
3510 + if (skb->nfct != NULL && skb->protocol == htons(ETH_P_IP) &&
3511 + skb->len + nf_bridge_mtu_reduction(skb) > skb->dev->mtu &&
3512 +- !skb_is_gso(skb))
3513 ++ !skb_is_gso(skb)) {
3514 ++ /* BUG: Should really parse the IP options here. */
3515 ++ memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
3516 + return ip_fragment(skb, br_dev_queue_push_xmit);
3517 +- else
3518 ++ } else
3519 + return br_dev_queue_push_xmit(skb);
3520 + }
3521 + #else
3522 +diff --git a/net/core/skbuff.c b/net/core/skbuff.c
3523 +index ce88293..a586e89 100644
3524 +--- a/net/core/skbuff.c
3525 ++++ b/net/core/skbuff.c
3526 +@@ -2574,6 +2574,10 @@ struct sk_buff *skb_segment(struct sk_buff *skb, int features)
3527 + __copy_skb_header(nskb, skb);
3528 + nskb->mac_len = skb->mac_len;
3529 +
3530 ++ /* nskb and skb might have different headroom */
3531 ++ if (nskb->ip_summed == CHECKSUM_PARTIAL)
3532 ++ nskb->csum_start += skb_headroom(nskb) - headroom;
3533 ++
3534 + skb_reset_mac_header(nskb);
3535 + skb_set_network_header(nskb, skb->mac_len);
3536 + nskb->transport_header = (nskb->network_header +
3537 +@@ -2704,7 +2708,7 @@ int skb_gro_receive(struct sk_buff **head, struct sk_buff *skb)
3538 + return -E2BIG;
3539 +
3540 + headroom = skb_headroom(p);
3541 +- nskb = netdev_alloc_skb(p->dev, headroom + skb_gro_offset(p));
3542 ++ nskb = alloc_skb(headroom + skb_gro_offset(p), GFP_ATOMIC);
3543 + if (unlikely(!nskb))
3544 + return -ENOMEM;
3545 +
3546 +diff --git a/net/ipv4/datagram.c b/net/ipv4/datagram.c
3547 +index fb24658..31cafd4 100644
3548 +--- a/net/ipv4/datagram.c
3549 ++++ b/net/ipv4/datagram.c
3550 +@@ -62,8 +62,11 @@ int ip4_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
3551 + }
3552 + if (!inet->inet_saddr)
3553 + inet->inet_saddr = rt->rt_src; /* Update source address */
3554 +- if (!inet->inet_rcv_saddr)
3555 ++ if (!inet->inet_rcv_saddr) {
3556 + inet->inet_rcv_saddr = rt->rt_src;
3557 ++ if (sk->sk_prot->rehash)
3558 ++ sk->sk_prot->rehash(sk);
3559 ++ }
3560 + inet->inet_daddr = rt->rt_dst;
3561 + inet->inet_dport = usin->sin_port;
3562 + sk->sk_state = TCP_ESTABLISHED;
3563 +diff --git a/net/ipv4/route.c b/net/ipv4/route.c
3564 +index 560acc6..0189deb 100644
3565 +--- a/net/ipv4/route.c
3566 ++++ b/net/ipv4/route.c
3567 +@@ -2741,6 +2741,11 @@ slow_output:
3568 +
3569 + EXPORT_SYMBOL_GPL(__ip_route_output_key);
3570 +
3571 ++static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 cookie)
3572 ++{
3573 ++ return NULL;
3574 ++}
3575 ++
3576 + static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, u32 mtu)
3577 + {
3578 + }
3579 +@@ -2749,7 +2754,7 @@ static struct dst_ops ipv4_dst_blackhole_ops = {
3580 + .family = AF_INET,
3581 + .protocol = cpu_to_be16(ETH_P_IP),
3582 + .destroy = ipv4_dst_destroy,
3583 +- .check = ipv4_dst_check,
3584 ++ .check = ipv4_blackhole_dst_check,
3585 + .update_pmtu = ipv4_rt_blackhole_update_pmtu,
3586 + .entries = ATOMIC_INIT(0),
3587 + };
3588 +diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
3589 +index c259714..c88ca26 100644
3590 +--- a/net/ipv4/tcp.c
3591 ++++ b/net/ipv4/tcp.c
3592 +@@ -453,7 +453,8 @@ unsigned int tcp_poll(struct file *file, struct socket *sock, poll_table *wait)
3593 + if (sk_stream_wspace(sk) >= sk_stream_min_wspace(sk))
3594 + mask |= POLLOUT | POLLWRNORM;
3595 + }
3596 +- }
3597 ++ } else
3598 ++ mask |= POLLOUT | POLLWRNORM;
3599 +
3600 + if (tp->urg_data & TCP_URG_VALID)
3601 + mask |= POLLPRI;
3602 +@@ -2002,11 +2003,8 @@ adjudge_to_death:
3603 + }
3604 + }
3605 + if (sk->sk_state != TCP_CLOSE) {
3606 +- int orphan_count = percpu_counter_read_positive(
3607 +- sk->sk_prot->orphan_count);
3608 +-
3609 + sk_mem_reclaim(sk);
3610 +- if (tcp_too_many_orphans(sk, orphan_count)) {
3611 ++ if (tcp_too_many_orphans(sk, 0)) {
3612 + if (net_ratelimit())
3613 + printk(KERN_INFO "TCP: too many of orphaned "
3614 + "sockets\n");
3615 +@@ -3196,7 +3194,7 @@ void __init tcp_init(void)
3616 + {
3617 + struct sk_buff *skb = NULL;
3618 + unsigned long nr_pages, limit;
3619 +- int order, i, max_share;
3620 ++ int i, max_share, cnt;
3621 + unsigned long jiffy = jiffies;
3622 +
3623 + BUILD_BUG_ON(sizeof(struct tcp_skb_cb) > sizeof(skb->cb));
3624 +@@ -3245,22 +3243,12 @@ void __init tcp_init(void)
3625 + INIT_HLIST_HEAD(&tcp_hashinfo.bhash[i].chain);
3626 + }
3627 +
3628 +- /* Try to be a bit smarter and adjust defaults depending
3629 +- * on available memory.
3630 +- */
3631 +- for (order = 0; ((1 << order) << PAGE_SHIFT) <
3632 +- (tcp_hashinfo.bhash_size * sizeof(struct inet_bind_hashbucket));
3633 +- order++)
3634 +- ;
3635 +- if (order >= 4) {
3636 +- tcp_death_row.sysctl_max_tw_buckets = 180000;
3637 +- sysctl_tcp_max_orphans = 4096 << (order - 4);
3638 +- sysctl_max_syn_backlog = 1024;
3639 +- } else if (order < 3) {
3640 +- tcp_death_row.sysctl_max_tw_buckets >>= (3 - order);
3641 +- sysctl_tcp_max_orphans >>= (3 - order);
3642 +- sysctl_max_syn_backlog = 128;
3643 +- }
3644 ++
3645 ++ cnt = tcp_hashinfo.ehash_mask + 1;
3646 ++
3647 ++ tcp_death_row.sysctl_max_tw_buckets = cnt / 2;
3648 ++ sysctl_tcp_max_orphans = cnt / 2;
3649 ++ sysctl_max_syn_backlog = max(128, cnt / 256);
3650 +
3651 + /* Set the pressure threshold to be a fraction of global memory that
3652 + * is up to 1/2 at 256 MB, decreasing toward zero with the amount of
3653 +diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
3654 +index 440a5c6..7abd922 100644
3655 +--- a/net/ipv4/tcp_timer.c
3656 ++++ b/net/ipv4/tcp_timer.c
3657 +@@ -67,18 +67,18 @@ static void tcp_write_err(struct sock *sk)
3658 + static int tcp_out_of_resources(struct sock *sk, int do_reset)
3659 + {
3660 + struct tcp_sock *tp = tcp_sk(sk);
3661 +- int orphans = percpu_counter_read_positive(&tcp_orphan_count);
3662 ++ int shift = 0;
3663 +
3664 + /* If peer does not open window for long time, or did not transmit
3665 + * anything for long time, penalize it. */
3666 + if ((s32)(tcp_time_stamp - tp->lsndtime) > 2*TCP_RTO_MAX || !do_reset)
3667 +- orphans <<= 1;
3668 ++ shift++;
3669 +
3670 + /* If some dubious ICMP arrived, penalize even more. */
3671 + if (sk->sk_err_soft)
3672 +- orphans <<= 1;
3673 ++ shift++;
3674 +
3675 +- if (tcp_too_many_orphans(sk, orphans)) {
3676 ++ if (tcp_too_many_orphans(sk, shift)) {
3677 + if (net_ratelimit())
3678 + printk(KERN_INFO "Out of socket memory\n");
3679 +
3680 +diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
3681 +index eec4ff4..434dd67 100644
3682 +--- a/net/ipv4/udp.c
3683 ++++ b/net/ipv4/udp.c
3684 +@@ -1260,6 +1260,49 @@ void udp_lib_unhash(struct sock *sk)
3685 + }
3686 + EXPORT_SYMBOL(udp_lib_unhash);
3687 +
3688 ++/*
3689 ++ * inet_rcv_saddr was changed, we must rehash secondary hash
3690 ++ */
3691 ++void udp_lib_rehash(struct sock *sk, u16 newhash)
3692 ++{
3693 ++ if (sk_hashed(sk)) {
3694 ++ struct udp_table *udptable = sk->sk_prot->h.udp_table;
3695 ++ struct udp_hslot *hslot, *hslot2, *nhslot2;
3696 ++
3697 ++ hslot2 = udp_hashslot2(udptable, udp_sk(sk)->udp_portaddr_hash);
3698 ++ nhslot2 = udp_hashslot2(udptable, newhash);
3699 ++ udp_sk(sk)->udp_portaddr_hash = newhash;
3700 ++ if (hslot2 != nhslot2) {
3701 ++ hslot = udp_hashslot(udptable, sock_net(sk),
3702 ++ udp_sk(sk)->udp_port_hash);
3703 ++ /* we must lock primary chain too */
3704 ++ spin_lock_bh(&hslot->lock);
3705 ++
3706 ++ spin_lock(&hslot2->lock);
3707 ++ hlist_nulls_del_init_rcu(&udp_sk(sk)->udp_portaddr_node);
3708 ++ hslot2->count--;
3709 ++ spin_unlock(&hslot2->lock);
3710 ++
3711 ++ spin_lock(&nhslot2->lock);
3712 ++ hlist_nulls_add_head_rcu(&udp_sk(sk)->udp_portaddr_node,
3713 ++ &nhslot2->head);
3714 ++ nhslot2->count++;
3715 ++ spin_unlock(&nhslot2->lock);
3716 ++
3717 ++ spin_unlock_bh(&hslot->lock);
3718 ++ }
3719 ++ }
3720 ++}
3721 ++EXPORT_SYMBOL(udp_lib_rehash);
3722 ++
3723 ++static void udp_v4_rehash(struct sock *sk)
3724 ++{
3725 ++ u16 new_hash = udp4_portaddr_hash(sock_net(sk),
3726 ++ inet_sk(sk)->inet_rcv_saddr,
3727 ++ inet_sk(sk)->inet_num);
3728 ++ udp_lib_rehash(sk, new_hash);
3729 ++}
3730 ++
3731 + static int __udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
3732 + {
3733 + int rc;
3734 +@@ -1843,6 +1886,7 @@ struct proto udp_prot = {
3735 + .backlog_rcv = __udp_queue_rcv_skb,
3736 + .hash = udp_lib_hash,
3737 + .unhash = udp_lib_unhash,
3738 ++ .rehash = udp_v4_rehash,
3739 + .get_port = udp_v4_get_port,
3740 + .memory_allocated = &udp_memory_allocated,
3741 + .sysctl_mem = sysctl_udp_mem,
3742 +diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
3743 +index 7126846..0e3754a1 100644
3744 +--- a/net/ipv6/datagram.c
3745 ++++ b/net/ipv6/datagram.c
3746 +@@ -104,9 +104,12 @@ ipv4_connected:
3747 + if (ipv6_addr_any(&np->saddr))
3748 + ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
3749 +
3750 +- if (ipv6_addr_any(&np->rcv_saddr))
3751 ++ if (ipv6_addr_any(&np->rcv_saddr)) {
3752 + ipv6_addr_set_v4mapped(inet->inet_rcv_saddr,
3753 + &np->rcv_saddr);
3754 ++ if (sk->sk_prot->rehash)
3755 ++ sk->sk_prot->rehash(sk);
3756 ++ }
3757 +
3758 + goto out;
3759 + }
3760 +@@ -191,6 +194,8 @@ ipv4_connected:
3761 + if (ipv6_addr_any(&np->rcv_saddr)) {
3762 + ipv6_addr_copy(&np->rcv_saddr, &fl.fl6_src);
3763 + inet->inet_rcv_saddr = LOOPBACK4_IPV6;
3764 ++ if (sk->sk_prot->rehash)
3765 ++ sk->sk_prot->rehash(sk);
3766 + }
3767 +
3768 + ip6_dst_store(sk, dst,
3769 +diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
3770 +index 87be586..97e1214 100644
3771 +--- a/net/ipv6/udp.c
3772 ++++ b/net/ipv6/udp.c
3773 +@@ -111,6 +111,15 @@ int udp_v6_get_port(struct sock *sk, unsigned short snum)
3774 + return udp_lib_get_port(sk, snum, ipv6_rcv_saddr_equal, hash2_nulladdr);
3775 + }
3776 +
3777 ++static void udp_v6_rehash(struct sock *sk)
3778 ++{
3779 ++ u16 new_hash = udp6_portaddr_hash(sock_net(sk),
3780 ++ &inet6_sk(sk)->rcv_saddr,
3781 ++ inet_sk(sk)->inet_num);
3782 ++
3783 ++ udp_lib_rehash(sk, new_hash);
3784 ++}
3785 ++
3786 + static inline int compute_score(struct sock *sk, struct net *net,
3787 + unsigned short hnum,
3788 + struct in6_addr *saddr, __be16 sport,
3789 +@@ -1452,6 +1461,7 @@ struct proto udpv6_prot = {
3790 + .backlog_rcv = udpv6_queue_rcv_skb,
3791 + .hash = udp_lib_hash,
3792 + .unhash = udp_lib_unhash,
3793 ++ .rehash = udp_v6_rehash,
3794 + .get_port = udp_v6_get_port,
3795 + .memory_allocated = &udp_memory_allocated,
3796 + .sysctl_mem = sysctl_udp_mem,
3797 +diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
3798 +index 79986a6..fd55b51 100644
3799 +--- a/net/irda/af_irda.c
3800 ++++ b/net/irda/af_irda.c
3801 +@@ -824,8 +824,8 @@ static int irda_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
3802 +
3803 + err = irda_open_tsap(self, addr->sir_lsap_sel, addr->sir_name);
3804 + if (err < 0) {
3805 +- kfree(self->ias_obj->name);
3806 +- kfree(self->ias_obj);
3807 ++ irias_delete_object(self->ias_obj);
3808 ++ self->ias_obj = NULL;
3809 + goto out;
3810 + }
3811 +
3812 +diff --git a/net/l2tp/l2tp_eth.c b/net/l2tp/l2tp_eth.c
3813 +index 58c6c4c..1ae6976 100644
3814 +--- a/net/l2tp/l2tp_eth.c
3815 ++++ b/net/l2tp/l2tp_eth.c
3816 +@@ -132,7 +132,7 @@ static void l2tp_eth_dev_recv(struct l2tp_session *session, struct sk_buff *skb,
3817 + printk("\n");
3818 + }
3819 +
3820 +- if (data_len < ETH_HLEN)
3821 ++ if (!pskb_may_pull(skb, sizeof(ETH_HLEN)))
3822 + goto error;
3823 +
3824 + secpath_reset(skb);
3825 +diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
3826 +index 023ba82..5826129 100644
3827 +--- a/net/llc/af_llc.c
3828 ++++ b/net/llc/af_llc.c
3829 +@@ -1024,7 +1024,8 @@ static int llc_ui_setsockopt(struct socket *sock, int level, int optname,
3830 + {
3831 + struct sock *sk = sock->sk;
3832 + struct llc_sock *llc = llc_sk(sk);
3833 +- int rc = -EINVAL, opt;
3834 ++ unsigned int opt;
3835 ++ int rc = -EINVAL;
3836 +
3837 + lock_sock(sk);
3838 + if (unlikely(level != SOL_LLC || optlen != sizeof(int)))
3839 +diff --git a/net/rds/recv.c b/net/rds/recv.c
3840 +index 795a00b..c93588c 100644
3841 +--- a/net/rds/recv.c
3842 ++++ b/net/rds/recv.c
3843 +@@ -297,7 +297,7 @@ static int rds_still_queued(struct rds_sock *rs, struct rds_incoming *inc,
3844 + int rds_notify_queue_get(struct rds_sock *rs, struct msghdr *msghdr)
3845 + {
3846 + struct rds_notifier *notifier;
3847 +- struct rds_rdma_notify cmsg;
3848 ++ struct rds_rdma_notify cmsg = { 0 }; /* fill holes with zero */
3849 + unsigned int count = 0, max_messages = ~0U;
3850 + unsigned long flags;
3851 + LIST_HEAD(copy);
3852 +diff --git a/net/sctp/output.c b/net/sctp/output.c
3853 +index a646681..bcc4590 100644
3854 +--- a/net/sctp/output.c
3855 ++++ b/net/sctp/output.c
3856 +@@ -92,7 +92,6 @@ struct sctp_packet *sctp_packet_config(struct sctp_packet *packet,
3857 + SCTP_DEBUG_PRINTK("%s: packet:%p vtag:0x%x\n", __func__,
3858 + packet, vtag);
3859 +
3860 +- sctp_packet_reset(packet);
3861 + packet->vtag = vtag;
3862 +
3863 + if (ecn_capable && sctp_packet_empty(packet)) {
3864 +diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
3865 +index fef2cc5..617bea4 100644
3866 +--- a/net/unix/af_unix.c
3867 ++++ b/net/unix/af_unix.c
3868 +@@ -673,6 +673,7 @@ static int unix_autobind(struct socket *sock)
3869 + static u32 ordernum = 1;
3870 + struct unix_address *addr;
3871 + int err;
3872 ++ unsigned int retries = 0;
3873 +
3874 + mutex_lock(&u->readlock);
3875 +
3876 +@@ -698,9 +699,17 @@ retry:
3877 + if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
3878 + addr->hash)) {
3879 + spin_unlock(&unix_table_lock);
3880 +- /* Sanity yield. It is unusual case, but yet... */
3881 +- if (!(ordernum&0xFF))
3882 +- yield();
3883 ++ /*
3884 ++ * __unix_find_socket_byname() may take long time if many names
3885 ++ * are already in use.
3886 ++ */
3887 ++ cond_resched();
3888 ++ /* Give up if all names seems to be in use. */
3889 ++ if (retries++ == 0xFFFFF) {
3890 ++ err = -ENOSPC;
3891 ++ kfree(addr);
3892 ++ goto out;
3893 ++ }
3894 + goto retry;
3895 + }
3896 + addr->hash ^= sk->sk_type;
3897 +diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
3898 +index 6261745..e0d1e2b 100644
3899 +--- a/security/keys/keyctl.c
3900 ++++ b/security/keys/keyctl.c
3901 +@@ -1259,6 +1259,7 @@ long keyctl_session_to_parent(void)
3902 + keyring_r = NULL;
3903 +
3904 + me = current;
3905 ++ rcu_read_lock();
3906 + write_lock_irq(&tasklist_lock);
3907 +
3908 + parent = me->real_parent;
3909 +@@ -1291,7 +1292,8 @@ long keyctl_session_to_parent(void)
3910 + goto not_permitted;
3911 +
3912 + /* the keyrings must have the same UID */
3913 +- if (pcred->tgcred->session_keyring->uid != mycred->euid ||
3914 ++ if ((pcred->tgcred->session_keyring &&
3915 ++ pcred->tgcred->session_keyring->uid != mycred->euid) ||
3916 + mycred->tgcred->session_keyring->uid != mycred->euid)
3917 + goto not_permitted;
3918 +
3919 +@@ -1306,6 +1308,7 @@ long keyctl_session_to_parent(void)
3920 + set_ti_thread_flag(task_thread_info(parent), TIF_NOTIFY_RESUME);
3921 +
3922 + write_unlock_irq(&tasklist_lock);
3923 ++ rcu_read_unlock();
3924 + if (oldcred)
3925 + put_cred(oldcred);
3926 + return 0;
3927 +@@ -1314,6 +1317,7 @@ already_same:
3928 + ret = 0;
3929 + not_permitted:
3930 + write_unlock_irq(&tasklist_lock);
3931 ++ rcu_read_unlock();
3932 + put_cred(cred);
3933 + return ret;
3934 +
3935 +diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
3936 +index f1e7bab..b8d730c 100644
3937 +--- a/sound/pci/hda/patch_sigmatel.c
3938 ++++ b/sound/pci/hda/patch_sigmatel.c
3939 +@@ -202,6 +202,7 @@ struct sigmatel_spec {
3940 + unsigned int spdif_mute: 1;
3941 + unsigned int check_volume_offset:1;
3942 + unsigned int auto_mic:1;
3943 ++ unsigned int linear_tone_beep:1;
3944 +
3945 + /* gpio lines */
3946 + unsigned int eapd_mask;
3947 +@@ -3802,7 +3803,7 @@ static int stac92xx_parse_auto_config(struct hda_codec *codec, hda_nid_t dig_out
3948 + return err;
3949 + if (codec->beep) {
3950 + /* IDT/STAC codecs have linear beep tone parameter */
3951 +- codec->beep->linear_tone = 1;
3952 ++ codec->beep->linear_tone = spec->linear_tone_beep;
3953 + /* if no beep switch is available, make its own one */
3954 + caps = query_amp_caps(codec, nid, HDA_OUTPUT);
3955 + if (!(caps & AC_AMPCAP_MUTE)) {
3956 +@@ -5005,6 +5006,7 @@ static int patch_stac9200(struct hda_codec *codec)
3957 +
3958 + codec->no_trigger_sense = 1;
3959 + codec->spec = spec;
3960 ++ spec->linear_tone_beep = 1;
3961 + spec->num_pins = ARRAY_SIZE(stac9200_pin_nids);
3962 + spec->pin_nids = stac9200_pin_nids;
3963 + spec->board_config = snd_hda_check_board_config(codec, STAC_9200_MODELS,
3964 +@@ -5068,6 +5070,7 @@ static int patch_stac925x(struct hda_codec *codec)
3965 +
3966 + codec->no_trigger_sense = 1;
3967 + codec->spec = spec;
3968 ++ spec->linear_tone_beep = 1;
3969 + spec->num_pins = ARRAY_SIZE(stac925x_pin_nids);
3970 + spec->pin_nids = stac925x_pin_nids;
3971 +
3972 +@@ -5153,6 +5156,7 @@ static int patch_stac92hd73xx(struct hda_codec *codec)
3973 +
3974 + codec->no_trigger_sense = 1;
3975 + codec->spec = spec;
3976 ++ spec->linear_tone_beep = 0;
3977 + codec->slave_dig_outs = stac92hd73xx_slave_dig_outs;
3978 + spec->num_pins = ARRAY_SIZE(stac92hd73xx_pin_nids);
3979 + spec->pin_nids = stac92hd73xx_pin_nids;
3980 +@@ -5300,6 +5304,7 @@ static int patch_stac92hd83xxx(struct hda_codec *codec)
3981 +
3982 + codec->no_trigger_sense = 1;
3983 + codec->spec = spec;
3984 ++ spec->linear_tone_beep = 1;
3985 + codec->slave_dig_outs = stac92hd83xxx_slave_dig_outs;
3986 + spec->digbeep_nid = 0x21;
3987 + spec->mux_nids = stac92hd83xxx_mux_nids;
3988 +@@ -5522,6 +5527,7 @@ static int patch_stac92hd71bxx(struct hda_codec *codec)
3989 +
3990 + codec->no_trigger_sense = 1;
3991 + codec->spec = spec;
3992 ++ spec->linear_tone_beep = 0;
3993 + codec->patch_ops = stac92xx_patch_ops;
3994 + spec->num_pins = STAC92HD71BXX_NUM_PINS;
3995 + switch (codec->vendor_id) {
3996 +@@ -5779,6 +5785,7 @@ static int patch_stac922x(struct hda_codec *codec)
3997 +
3998 + codec->no_trigger_sense = 1;
3999 + codec->spec = spec;
4000 ++ spec->linear_tone_beep = 1;
4001 + spec->num_pins = ARRAY_SIZE(stac922x_pin_nids);
4002 + spec->pin_nids = stac922x_pin_nids;
4003 + spec->board_config = snd_hda_check_board_config(codec, STAC_922X_MODELS,
4004 +@@ -5883,6 +5890,7 @@ static int patch_stac927x(struct hda_codec *codec)
4005 +
4006 + codec->no_trigger_sense = 1;
4007 + codec->spec = spec;
4008 ++ spec->linear_tone_beep = 1;
4009 + codec->slave_dig_outs = stac927x_slave_dig_outs;
4010 + spec->num_pins = ARRAY_SIZE(stac927x_pin_nids);
4011 + spec->pin_nids = stac927x_pin_nids;
4012 +@@ -6018,6 +6026,7 @@ static int patch_stac9205(struct hda_codec *codec)
4013 +
4014 + codec->no_trigger_sense = 1;
4015 + codec->spec = spec;
4016 ++ spec->linear_tone_beep = 1;
4017 + spec->num_pins = ARRAY_SIZE(stac9205_pin_nids);
4018 + spec->pin_nids = stac9205_pin_nids;
4019 + spec->board_config = snd_hda_check_board_config(codec, STAC_9205_MODELS,
4020 +@@ -6174,6 +6183,7 @@ static int patch_stac9872(struct hda_codec *codec)
4021 + return -ENOMEM;
4022 + codec->no_trigger_sense = 1;
4023 + codec->spec = spec;
4024 ++ spec->linear_tone_beep = 1;
4025 + spec->num_pins = ARRAY_SIZE(stac9872_pin_nids);
4026 + spec->pin_nids = stac9872_pin_nids;
4027 +
4028 +diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
4029 +index f032806..2774528 100644
4030 +--- a/virt/kvm/kvm_main.c
4031 ++++ b/virt/kvm/kvm_main.c
4032 +@@ -566,6 +566,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
4033 +
4034 + new = old = *memslot;
4035 +
4036 ++ new.id = mem->slot;
4037 + new.base_gfn = base_gfn;
4038 + new.npages = npages;
4039 + new.flags = mem->flags;
4040
4041 Deleted: genpatches-2.6/trunk/2.6.35/2600_support-eject-dell-studio-1555.patch
4042 ===================================================================
4043 --- genpatches-2.6/trunk/2.6.35/2600_support-eject-dell-studio-1555.patch 2010-09-27 14:28:40 UTC (rev 1796)
4044 +++ genpatches-2.6/trunk/2.6.35/2600_support-eject-dell-studio-1555.patch 2010-09-27 14:39:39 UTC (rev 1797)
4045 @@ -1,30 +0,0 @@
4046 -From: Islam Amer <pharon@×××××.com>
4047 -Date: Thu, 24 Jun 2010 17:39:47 +0000 (-0400)
4048 -Subject: dell-wmi: Add support for eject key on Dell Studio 1555
4049 -X-Git-Tag: v2.6.36-rc1~579^2~64
4050 -X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=d5164dbf1f651d1e955b158fb70a9c844cc91cd1
4051 -
4052 -dell-wmi: Add support for eject key on Dell Studio 1555
4053 -
4054 -Fixes pressing the eject key on Dell Studio 1555 does not work and produces
4055 -message :
4056 -
4057 -dell-wmi: Unknown key 0 pressed
4058 -
4059 -Signed-off-by: Islam Amer <pharon@×××××.com>
4060 ----
4061 -
4062 -diff --git a/drivers/platform/x86/dell-wmi.c b/drivers/platform/x86/dell-wmi.c
4063 -index 66f53c3..12a8e6f 100644
4064 ---- a/drivers/platform/x86/dell-wmi.c
4065 -+++ b/drivers/platform/x86/dell-wmi.c
4066 -@@ -221,7 +221,7 @@ static void dell_wmi_notify(u32 value, void *context)
4067 - return;
4068 - }
4069 -
4070 -- if (dell_new_hk_type)
4071 -+ if (dell_new_hk_type || buffer_entry[1] == 0x0)
4072 - reported_key = (int)buffer_entry[2];
4073 - else
4074 - reported_key = (int)buffer_entry[1] & 0xffff;
4075 -
Report Message
Find on MARC Find on Google Groups