1 |
Author: mpagano |
2 |
Date: 2010-10-31 22:36:53 +0000 (Sun, 31 Oct 2010) |
3 |
New Revision: 1817 |
4 |
|
5 |
Added: |
6 |
genpatches-2.6/trunk/2.6.32/1024_linux-2.6.32.25.patch |
7 |
Removed: |
8 |
genpatches-2.6/trunk/2.6.32/1500_CVE-2010-3904-RDS-Priv-Escal-fix.patch |
9 |
Modified: |
10 |
genpatches-2.6/trunk/2.6.32/0000_README |
11 |
Log: |
12 |
Linux patch 2.6.32.25 and removal of redundant patch. |
13 |
|
14 |
Modified: genpatches-2.6/trunk/2.6.32/0000_README |
15 |
=================================================================== |
16 |
--- genpatches-2.6/trunk/2.6.32/0000_README 2010-10-21 20:47:49 UTC (rev 1816) |
17 |
+++ genpatches-2.6/trunk/2.6.32/0000_README 2010-10-31 22:36:53 UTC (rev 1817) |
18 |
@@ -135,9 +135,9 @@ |
19 |
From: http://www.kernel.org |
20 |
Desc: Linux 2.6.32.24 |
21 |
|
22 |
-Patch: 1500_CVE-2010-3904-RDS-Priv-Escal-fix.patch |
23 |
+Patch: 1024_linux-2.6.32.25.patch |
24 |
From: http://www.kernel.org |
25 |
-Desc: CVE-2010-3904 RDS Protocol priviledge escalation |
26 |
+Desc: Linux 2.6.32.25 |
27 |
|
28 |
Patch: 2500_libata-fix-truncated-LBA48-ret-vals.patch |
29 |
From: http://bugs.gentoo.org/show_bug.cgi?id=303313 |
30 |
|
31 |
Added: genpatches-2.6/trunk/2.6.32/1024_linux-2.6.32.25.patch |
32 |
=================================================================== |
33 |
--- genpatches-2.6/trunk/2.6.32/1024_linux-2.6.32.25.patch (rev 0) |
34 |
+++ genpatches-2.6/trunk/2.6.32/1024_linux-2.6.32.25.patch 2010-10-31 22:36:53 UTC (rev 1817) |
35 |
@@ -0,0 +1,2018 @@ |
36 |
+diff --git a/arch/powerpc/kernel/head_64.S b/arch/powerpc/kernel/head_64.S |
37 |
+index c38afdb..0a3cf9e 100644 |
38 |
+--- a/arch/powerpc/kernel/head_64.S |
39 |
++++ b/arch/powerpc/kernel/head_64.S |
40 |
+@@ -563,15 +563,21 @@ __secondary_start: |
41 |
+ /* Set thread priority to MEDIUM */ |
42 |
+ HMT_MEDIUM |
43 |
+ |
44 |
+- /* Do early setup for that CPU (stab, slb, hash table pointer) */ |
45 |
+- bl .early_setup_secondary |
46 |
+- |
47 |
+ /* Initialize the kernel stack. Just a repeat for iSeries. */ |
48 |
+ LOAD_REG_ADDR(r3, current_set) |
49 |
+ sldi r28,r24,3 /* get current_set[cpu#] */ |
50 |
+- ldx r1,r3,r28 |
51 |
+- addi r1,r1,THREAD_SIZE-STACK_FRAME_OVERHEAD |
52 |
+- std r1,PACAKSAVE(r13) |
53 |
++ ldx r14,r3,r28 |
54 |
++ addi r14,r14,THREAD_SIZE-STACK_FRAME_OVERHEAD |
55 |
++ std r14,PACAKSAVE(r13) |
56 |
++ |
57 |
++ /* Do early setup for that CPU (stab, slb, hash table pointer) */ |
58 |
++ bl .early_setup_secondary |
59 |
++ |
60 |
++ /* |
61 |
++ * setup the new stack pointer, but *don't* use this until |
62 |
++ * translation is on. |
63 |
++ */ |
64 |
++ mr r1, r14 |
65 |
+ |
66 |
+ /* Clear backchain so we get nice backtraces */ |
67 |
+ li r7,0 |
68 |
+diff --git a/arch/um/drivers/ubd_kern.c b/arch/um/drivers/ubd_kern.c |
69 |
+index 635d16d..9fcf26c 100644 |
70 |
+--- a/arch/um/drivers/ubd_kern.c |
71 |
++++ b/arch/um/drivers/ubd_kern.c |
72 |
+@@ -160,6 +160,7 @@ struct ubd { |
73 |
+ struct scatterlist sg[MAX_SG]; |
74 |
+ struct request *request; |
75 |
+ int start_sg, end_sg; |
76 |
++ sector_t rq_pos; |
77 |
+ }; |
78 |
+ |
79 |
+ #define DEFAULT_COW { \ |
80 |
+@@ -184,6 +185,7 @@ struct ubd { |
81 |
+ .request = NULL, \ |
82 |
+ .start_sg = 0, \ |
83 |
+ .end_sg = 0, \ |
84 |
++ .rq_pos = 0, \ |
85 |
+ } |
86 |
+ |
87 |
+ /* Protected by ubd_lock */ |
88 |
+@@ -1222,7 +1224,6 @@ static void do_ubd_request(struct request_queue *q) |
89 |
+ { |
90 |
+ struct io_thread_req *io_req; |
91 |
+ struct request *req; |
92 |
+- sector_t sector; |
93 |
+ int n; |
94 |
+ |
95 |
+ while(1){ |
96 |
+@@ -1233,12 +1234,12 @@ static void do_ubd_request(struct request_queue *q) |
97 |
+ return; |
98 |
+ |
99 |
+ dev->request = req; |
100 |
++ dev->rq_pos = blk_rq_pos(req); |
101 |
+ dev->start_sg = 0; |
102 |
+ dev->end_sg = blk_rq_map_sg(q, req, dev->sg); |
103 |
+ } |
104 |
+ |
105 |
+ req = dev->request; |
106 |
+- sector = blk_rq_pos(req); |
107 |
+ while(dev->start_sg < dev->end_sg){ |
108 |
+ struct scatterlist *sg = &dev->sg[dev->start_sg]; |
109 |
+ |
110 |
+@@ -1250,10 +1251,9 @@ static void do_ubd_request(struct request_queue *q) |
111 |
+ return; |
112 |
+ } |
113 |
+ prepare_request(req, io_req, |
114 |
+- (unsigned long long)sector << 9, |
115 |
++ (unsigned long long)dev->rq_pos << 9, |
116 |
+ sg->offset, sg->length, sg_page(sg)); |
117 |
+ |
118 |
+- sector += sg->length >> 9; |
119 |
+ n = os_write_file(thread_fd, &io_req, |
120 |
+ sizeof(struct io_thread_req *)); |
121 |
+ if(n != sizeof(struct io_thread_req *)){ |
122 |
+@@ -1266,6 +1266,7 @@ static void do_ubd_request(struct request_queue *q) |
123 |
+ return; |
124 |
+ } |
125 |
+ |
126 |
++ dev->rq_pos += sg->length >> 9; |
127 |
+ dev->start_sg++; |
128 |
+ } |
129 |
+ dev->end_sg = 0; |
130 |
+diff --git a/arch/x86/include/asm/amd_iommu_types.h b/arch/x86/include/asm/amd_iommu_types.h |
131 |
+index 2a2cc7a..7beb491 100644 |
132 |
+--- a/arch/x86/include/asm/amd_iommu_types.h |
133 |
++++ b/arch/x86/include/asm/amd_iommu_types.h |
134 |
+@@ -305,6 +305,9 @@ struct amd_iommu { |
135 |
+ /* capabilities of that IOMMU read from ACPI */ |
136 |
+ u32 cap; |
137 |
+ |
138 |
++ /* flags read from acpi table */ |
139 |
++ u8 acpi_flags; |
140 |
++ |
141 |
+ /* |
142 |
+ * Capability pointer. There could be more than one IOMMU per PCI |
143 |
+ * device function if there are more than one AMD IOMMU capability |
144 |
+@@ -348,6 +351,15 @@ struct amd_iommu { |
145 |
+ |
146 |
+ /* default dma_ops domain for that IOMMU */ |
147 |
+ struct dma_ops_domain *default_dom; |
148 |
++ |
149 |
++ /* |
150 |
++ * This array is required to work around a potential BIOS bug. |
151 |
++ * The BIOS may miss to restore parts of the PCI configuration |
152 |
++ * space when the system resumes from S3. The result is that the |
153 |
++ * IOMMU does not execute commands anymore which leads to system |
154 |
++ * failure. |
155 |
++ */ |
156 |
++ u32 cache_cfg[4]; |
157 |
+ }; |
158 |
+ |
159 |
+ /* |
160 |
+@@ -469,4 +481,10 @@ static inline void amd_iommu_stats_init(void) { } |
161 |
+ /* some function prototypes */ |
162 |
+ extern void amd_iommu_reset_cmd_buffer(struct amd_iommu *iommu); |
163 |
+ |
164 |
++static inline bool is_rd890_iommu(struct pci_dev *pdev) |
165 |
++{ |
166 |
++ return (pdev->vendor == PCI_VENDOR_ID_ATI) && |
167 |
++ (pdev->device == PCI_DEVICE_ID_RD890_IOMMU); |
168 |
++} |
169 |
++ |
170 |
+ #endif /* _ASM_X86_AMD_IOMMU_TYPES_H */ |
171 |
+diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile |
172 |
+index d8e5d0c..d1911ab 100644 |
173 |
+--- a/arch/x86/kernel/Makefile |
174 |
++++ b/arch/x86/kernel/Makefile |
175 |
+@@ -11,6 +11,8 @@ ifdef CONFIG_FUNCTION_TRACER |
176 |
+ CFLAGS_REMOVE_tsc.o = -pg |
177 |
+ CFLAGS_REMOVE_rtc.o = -pg |
178 |
+ CFLAGS_REMOVE_paravirt-spinlocks.o = -pg |
179 |
++CFLAGS_REMOVE_pvclock.o = -pg |
180 |
++CFLAGS_REMOVE_kvmclock.o = -pg |
181 |
+ CFLAGS_REMOVE_ftrace.o = -pg |
182 |
+ CFLAGS_REMOVE_early_printk.o = -pg |
183 |
+ endif |
184 |
+diff --git a/arch/x86/kernel/amd_iommu.c b/arch/x86/kernel/amd_iommu.c |
185 |
+index f0fa7a1..7cd33f7 100644 |
186 |
+--- a/arch/x86/kernel/amd_iommu.c |
187 |
++++ b/arch/x86/kernel/amd_iommu.c |
188 |
+@@ -1688,6 +1688,7 @@ static void __unmap_single(struct amd_iommu *iommu, |
189 |
+ size_t size, |
190 |
+ int dir) |
191 |
+ { |
192 |
++ dma_addr_t flush_addr; |
193 |
+ dma_addr_t i, start; |
194 |
+ unsigned int pages; |
195 |
+ |
196 |
+@@ -1695,6 +1696,7 @@ static void __unmap_single(struct amd_iommu *iommu, |
197 |
+ (dma_addr + size > dma_dom->aperture_size)) |
198 |
+ return; |
199 |
+ |
200 |
++ flush_addr = dma_addr; |
201 |
+ pages = iommu_num_pages(dma_addr, size, PAGE_SIZE); |
202 |
+ dma_addr &= PAGE_MASK; |
203 |
+ start = dma_addr; |
204 |
+@@ -1709,7 +1711,7 @@ static void __unmap_single(struct amd_iommu *iommu, |
205 |
+ dma_ops_free_addresses(dma_dom, dma_addr, pages); |
206 |
+ |
207 |
+ if (amd_iommu_unmap_flush || dma_dom->need_flush) { |
208 |
+- iommu_flush_pages(iommu, dma_dom->domain.id, dma_addr, size); |
209 |
++ iommu_flush_pages(iommu, dma_dom->domain.id, flush_addr, size); |
210 |
+ dma_dom->need_flush = false; |
211 |
+ } |
212 |
+ } |
213 |
+diff --git a/arch/x86/kernel/amd_iommu_init.c b/arch/x86/kernel/amd_iommu_init.c |
214 |
+index 3925adf..400be99 100644 |
215 |
+--- a/arch/x86/kernel/amd_iommu_init.c |
216 |
++++ b/arch/x86/kernel/amd_iommu_init.c |
217 |
+@@ -622,6 +622,13 @@ static void __init init_iommu_from_pci(struct amd_iommu *iommu) |
218 |
+ iommu->last_device = calc_devid(MMIO_GET_BUS(range), |
219 |
+ MMIO_GET_LD(range)); |
220 |
+ iommu->evt_msi_num = MMIO_MSI_NUM(misc); |
221 |
++ |
222 |
++ if (is_rd890_iommu(iommu->dev)) { |
223 |
++ pci_read_config_dword(iommu->dev, 0xf0, &iommu->cache_cfg[0]); |
224 |
++ pci_read_config_dword(iommu->dev, 0xf4, &iommu->cache_cfg[1]); |
225 |
++ pci_read_config_dword(iommu->dev, 0xf8, &iommu->cache_cfg[2]); |
226 |
++ pci_read_config_dword(iommu->dev, 0xfc, &iommu->cache_cfg[3]); |
227 |
++ } |
228 |
+ } |
229 |
+ |
230 |
+ /* |
231 |
+@@ -639,29 +646,9 @@ static void __init init_iommu_from_acpi(struct amd_iommu *iommu, |
232 |
+ struct ivhd_entry *e; |
233 |
+ |
234 |
+ /* |
235 |
+- * First set the recommended feature enable bits from ACPI |
236 |
+- * into the IOMMU control registers |
237 |
++ * First save the recommended feature enable bits from ACPI |
238 |
+ */ |
239 |
+- h->flags & IVHD_FLAG_HT_TUN_EN_MASK ? |
240 |
+- iommu_feature_enable(iommu, CONTROL_HT_TUN_EN) : |
241 |
+- iommu_feature_disable(iommu, CONTROL_HT_TUN_EN); |
242 |
+- |
243 |
+- h->flags & IVHD_FLAG_PASSPW_EN_MASK ? |
244 |
+- iommu_feature_enable(iommu, CONTROL_PASSPW_EN) : |
245 |
+- iommu_feature_disable(iommu, CONTROL_PASSPW_EN); |
246 |
+- |
247 |
+- h->flags & IVHD_FLAG_RESPASSPW_EN_MASK ? |
248 |
+- iommu_feature_enable(iommu, CONTROL_RESPASSPW_EN) : |
249 |
+- iommu_feature_disable(iommu, CONTROL_RESPASSPW_EN); |
250 |
+- |
251 |
+- h->flags & IVHD_FLAG_ISOC_EN_MASK ? |
252 |
+- iommu_feature_enable(iommu, CONTROL_ISOC_EN) : |
253 |
+- iommu_feature_disable(iommu, CONTROL_ISOC_EN); |
254 |
+- |
255 |
+- /* |
256 |
+- * make IOMMU memory accesses cache coherent |
257 |
+- */ |
258 |
+- iommu_feature_enable(iommu, CONTROL_COHERENT_EN); |
259 |
++ iommu->acpi_flags = h->flags; |
260 |
+ |
261 |
+ /* |
262 |
+ * Done. Now parse the device entries |
263 |
+@@ -1089,6 +1076,40 @@ static void init_device_table(void) |
264 |
+ } |
265 |
+ } |
266 |
+ |
267 |
++static void iommu_init_flags(struct amd_iommu *iommu) |
268 |
++{ |
269 |
++ iommu->acpi_flags & IVHD_FLAG_HT_TUN_EN_MASK ? |
270 |
++ iommu_feature_enable(iommu, CONTROL_HT_TUN_EN) : |
271 |
++ iommu_feature_disable(iommu, CONTROL_HT_TUN_EN); |
272 |
++ |
273 |
++ iommu->acpi_flags & IVHD_FLAG_PASSPW_EN_MASK ? |
274 |
++ iommu_feature_enable(iommu, CONTROL_PASSPW_EN) : |
275 |
++ iommu_feature_disable(iommu, CONTROL_PASSPW_EN); |
276 |
++ |
277 |
++ iommu->acpi_flags & IVHD_FLAG_RESPASSPW_EN_MASK ? |
278 |
++ iommu_feature_enable(iommu, CONTROL_RESPASSPW_EN) : |
279 |
++ iommu_feature_disable(iommu, CONTROL_RESPASSPW_EN); |
280 |
++ |
281 |
++ iommu->acpi_flags & IVHD_FLAG_ISOC_EN_MASK ? |
282 |
++ iommu_feature_enable(iommu, CONTROL_ISOC_EN) : |
283 |
++ iommu_feature_disable(iommu, CONTROL_ISOC_EN); |
284 |
++ |
285 |
++ /* |
286 |
++ * make IOMMU memory accesses cache coherent |
287 |
++ */ |
288 |
++ iommu_feature_enable(iommu, CONTROL_COHERENT_EN); |
289 |
++} |
290 |
++ |
291 |
++static void iommu_apply_quirks(struct amd_iommu *iommu) |
292 |
++{ |
293 |
++ if (is_rd890_iommu(iommu->dev)) { |
294 |
++ pci_write_config_dword(iommu->dev, 0xf0, iommu->cache_cfg[0]); |
295 |
++ pci_write_config_dword(iommu->dev, 0xf4, iommu->cache_cfg[1]); |
296 |
++ pci_write_config_dword(iommu->dev, 0xf8, iommu->cache_cfg[2]); |
297 |
++ pci_write_config_dword(iommu->dev, 0xfc, iommu->cache_cfg[3]); |
298 |
++ } |
299 |
++} |
300 |
++ |
301 |
+ /* |
302 |
+ * This function finally enables all IOMMUs found in the system after |
303 |
+ * they have been initialized |
304 |
+@@ -1099,6 +1120,8 @@ static void enable_iommus(void) |
305 |
+ |
306 |
+ for_each_iommu(iommu) { |
307 |
+ iommu_disable(iommu); |
308 |
++ iommu_apply_quirks(iommu); |
309 |
++ iommu_init_flags(iommu); |
310 |
+ iommu_set_device_table(iommu); |
311 |
+ iommu_enable_command_buffer(iommu); |
312 |
+ iommu_enable_event_buffer(iommu); |
313 |
+diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c |
314 |
+index 0da6495..420e43e 100644 |
315 |
+--- a/arch/x86/kernel/apic/io_apic.c |
316 |
++++ b/arch/x86/kernel/apic/io_apic.c |
317 |
+@@ -332,14 +332,19 @@ void arch_init_copy_chip_data(struct irq_desc *old_desc, |
318 |
+ |
319 |
+ old_cfg = old_desc->chip_data; |
320 |
+ |
321 |
+- memcpy(cfg, old_cfg, sizeof(struct irq_cfg)); |
322 |
++ cfg->vector = old_cfg->vector; |
323 |
++ cfg->move_in_progress = old_cfg->move_in_progress; |
324 |
++ cpumask_copy(cfg->domain, old_cfg->domain); |
325 |
++ cpumask_copy(cfg->old_domain, old_cfg->old_domain); |
326 |
+ |
327 |
+ init_copy_irq_2_pin(old_cfg, cfg, node); |
328 |
+ } |
329 |
+ |
330 |
+-static void free_irq_cfg(struct irq_cfg *old_cfg) |
331 |
++static void free_irq_cfg(struct irq_cfg *cfg) |
332 |
+ { |
333 |
+- kfree(old_cfg); |
334 |
++ free_cpumask_var(cfg->domain); |
335 |
++ free_cpumask_var(cfg->old_domain); |
336 |
++ kfree(cfg); |
337 |
+ } |
338 |
+ |
339 |
+ void arch_free_chip_data(struct irq_desc *old_desc, struct irq_desc *desc) |
340 |
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
341 |
+index cc25c2b..4e34d10 100644 |
342 |
+--- a/arch/x86/kernel/cpu/common.c |
343 |
++++ b/arch/x86/kernel/cpu/common.c |
344 |
+@@ -540,7 +540,7 @@ void __cpuinit cpu_detect(struct cpuinfo_x86 *c) |
345 |
+ } |
346 |
+ } |
347 |
+ |
348 |
+-static void __cpuinit get_cpu_cap(struct cpuinfo_x86 *c) |
349 |
++void __cpuinit get_cpu_cap(struct cpuinfo_x86 *c) |
350 |
+ { |
351 |
+ u32 tfms, xlvl; |
352 |
+ u32 ebx; |
353 |
+@@ -579,6 +579,7 @@ static void __cpuinit get_cpu_cap(struct cpuinfo_x86 *c) |
354 |
+ if (c->extended_cpuid_level >= 0x80000007) |
355 |
+ c->x86_power = cpuid_edx(0x80000007); |
356 |
+ |
357 |
++ init_scattered_cpuid_features(c); |
358 |
+ } |
359 |
+ |
360 |
+ static void __cpuinit identify_cpu_without_cpuid(struct cpuinfo_x86 *c) |
361 |
+@@ -727,7 +728,6 @@ static void __cpuinit generic_identify(struct cpuinfo_x86 *c) |
362 |
+ |
363 |
+ get_model_name(c); /* Default name */ |
364 |
+ |
365 |
+- init_scattered_cpuid_features(c); |
366 |
+ detect_nopl(c); |
367 |
+ } |
368 |
+ |
369 |
+diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h |
370 |
+index 6de9a90..eb19c08 100644 |
371 |
+--- a/arch/x86/kernel/cpu/cpu.h |
372 |
++++ b/arch/x86/kernel/cpu/cpu.h |
373 |
+@@ -33,5 +33,6 @@ extern const struct cpu_dev *const __x86_cpu_dev_start[], |
374 |
+ *const __x86_cpu_dev_end[]; |
375 |
+ |
376 |
+ extern void display_cacheinfo(struct cpuinfo_x86 *c); |
377 |
++extern void get_cpu_cap(struct cpuinfo_x86 *c); |
378 |
+ |
379 |
+ #endif |
380 |
+diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c |
381 |
+index 2f12d6d..6a77cca 100644 |
382 |
+--- a/arch/x86/kernel/cpu/intel.c |
383 |
++++ b/arch/x86/kernel/cpu/intel.c |
384 |
+@@ -40,6 +40,7 @@ static void __cpuinit early_init_intel(struct cpuinfo_x86 *c) |
385 |
+ misc_enable &= ~MSR_IA32_MISC_ENABLE_LIMIT_CPUID; |
386 |
+ wrmsrl(MSR_IA32_MISC_ENABLE, misc_enable); |
387 |
+ c->cpuid_level = cpuid_eax(0); |
388 |
++ get_cpu_cap(c); |
389 |
+ } |
390 |
+ } |
391 |
+ |
392 |
+diff --git a/arch/x86/kernel/cpu/mcheck/mce_amd.c b/arch/x86/kernel/cpu/mcheck/mce_amd.c |
393 |
+index 83a3d1f..8387792 100644 |
394 |
+--- a/arch/x86/kernel/cpu/mcheck/mce_amd.c |
395 |
++++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c |
396 |
+@@ -140,6 +140,7 @@ void mce_amd_feature_init(struct cpuinfo_x86 *c) |
397 |
+ address = (low & MASK_BLKPTR_LO) >> 21; |
398 |
+ if (!address) |
399 |
+ break; |
400 |
++ |
401 |
+ address += MCG_XBLK_ADDR; |
402 |
+ } else |
403 |
+ ++address; |
404 |
+@@ -147,12 +148,8 @@ void mce_amd_feature_init(struct cpuinfo_x86 *c) |
405 |
+ if (rdmsr_safe(address, &low, &high)) |
406 |
+ break; |
407 |
+ |
408 |
+- if (!(high & MASK_VALID_HI)) { |
409 |
+- if (block) |
410 |
+- continue; |
411 |
+- else |
412 |
+- break; |
413 |
+- } |
414 |
++ if (!(high & MASK_VALID_HI)) |
415 |
++ continue; |
416 |
+ |
417 |
+ if (!(high & MASK_CNTP_HI) || |
418 |
+ (high & MASK_LOCKED_HI)) |
419 |
+diff --git a/arch/x86/kernel/hpet.c b/arch/x86/kernel/hpet.c |
420 |
+index 19528ef..c771e1a 100644 |
421 |
+--- a/arch/x86/kernel/hpet.c |
422 |
++++ b/arch/x86/kernel/hpet.c |
423 |
+@@ -497,7 +497,7 @@ static int hpet_assign_irq(struct hpet_dev *dev) |
424 |
+ { |
425 |
+ unsigned int irq; |
426 |
+ |
427 |
+- irq = create_irq(); |
428 |
++ irq = create_irq_nr(0, -1); |
429 |
+ if (!irq) |
430 |
+ return -EINVAL; |
431 |
+ |
432 |
+diff --git a/arch/x86/oprofile/nmi_int.c b/arch/x86/oprofile/nmi_int.c |
433 |
+index 238526b..ca6b336 100644 |
434 |
+--- a/arch/x86/oprofile/nmi_int.c |
435 |
++++ b/arch/x86/oprofile/nmi_int.c |
436 |
+@@ -624,6 +624,7 @@ static int __init ppro_init(char **cpu_type) |
437 |
+ case 0x0f: |
438 |
+ case 0x16: |
439 |
+ case 0x17: |
440 |
++ case 0x1d: |
441 |
+ *cpu_type = "i386/core_2"; |
442 |
+ break; |
443 |
+ case 0x1a: |
444 |
+diff --git a/block/bsg.c b/block/bsg.c |
445 |
+index 0676301..7154a7a 100644 |
446 |
+--- a/block/bsg.c |
447 |
++++ b/block/bsg.c |
448 |
+@@ -424,7 +424,7 @@ static int blk_complete_sgv4_hdr_rq(struct request *rq, struct sg_io_v4 *hdr, |
449 |
+ /* |
450 |
+ * fill in all the output members |
451 |
+ */ |
452 |
+- hdr->device_status = status_byte(rq->errors); |
453 |
++ hdr->device_status = rq->errors & 0xff; |
454 |
+ hdr->transport_status = host_byte(rq->errors); |
455 |
+ hdr->driver_status = driver_byte(rq->errors); |
456 |
+ hdr->info = 0; |
457 |
+diff --git a/drivers/acpi/acpica/aclocal.h b/drivers/acpi/acpica/aclocal.h |
458 |
+index 81e64f4..d46e256 100644 |
459 |
+--- a/drivers/acpi/acpica/aclocal.h |
460 |
++++ b/drivers/acpi/acpica/aclocal.h |
461 |
+@@ -846,6 +846,7 @@ struct acpi_bit_register_info { |
462 |
+ ACPI_BITMASK_POWER_BUTTON_STATUS | \ |
463 |
+ ACPI_BITMASK_SLEEP_BUTTON_STATUS | \ |
464 |
+ ACPI_BITMASK_RT_CLOCK_STATUS | \ |
465 |
++ ACPI_BITMASK_PCIEXP_WAKE_DISABLE | \ |
466 |
+ ACPI_BITMASK_WAKE_STATUS) |
467 |
+ |
468 |
+ #define ACPI_BITMASK_TIMER_ENABLE 0x0001 |
469 |
+diff --git a/drivers/acpi/blacklist.c b/drivers/acpi/blacklist.c |
470 |
+index 2815df6..ab645bb 100644 |
471 |
+--- a/drivers/acpi/blacklist.c |
472 |
++++ b/drivers/acpi/blacklist.c |
473 |
+@@ -218,6 +218,14 @@ static struct dmi_system_id acpi_osi_dmi_table[] __initdata = { |
474 |
+ }, |
475 |
+ }, |
476 |
+ { |
477 |
++ .callback = dmi_disable_osi_vista, |
478 |
++ .ident = "Toshiba Satellite L355", |
479 |
++ .matches = { |
480 |
++ DMI_MATCH(DMI_SYS_VENDOR, "TOSHIBA"), |
481 |
++ DMI_MATCH(DMI_PRODUCT_VERSION, "Satellite L355"), |
482 |
++ }, |
483 |
++ }, |
484 |
++ { |
485 |
+ .callback = dmi_disable_osi_win7, |
486 |
+ .ident = "ASUS K50IJ", |
487 |
+ .matches = { |
488 |
+@@ -225,6 +233,14 @@ static struct dmi_system_id acpi_osi_dmi_table[] __initdata = { |
489 |
+ DMI_MATCH(DMI_PRODUCT_NAME, "K50IJ"), |
490 |
+ }, |
491 |
+ }, |
492 |
++ { |
493 |
++ .callback = dmi_disable_osi_vista, |
494 |
++ .ident = "Toshiba P305D", |
495 |
++ .matches = { |
496 |
++ DMI_MATCH(DMI_SYS_VENDOR, "TOSHIBA"), |
497 |
++ DMI_MATCH(DMI_PRODUCT_NAME, "Satellite P305D"), |
498 |
++ }, |
499 |
++ }, |
500 |
+ |
501 |
+ /* |
502 |
+ * BIOS invocation of _OSI(Linux) is almost always a BIOS bug. |
503 |
+diff --git a/drivers/acpi/processor_core.c b/drivers/acpi/processor_core.c |
504 |
+index ec742a4..7102474 100644 |
505 |
+--- a/drivers/acpi/processor_core.c |
506 |
++++ b/drivers/acpi/processor_core.c |
507 |
+@@ -134,12 +134,6 @@ static int set_no_mwait(const struct dmi_system_id *id) |
508 |
+ |
509 |
+ static struct dmi_system_id __cpuinitdata processor_idle_dmi_table[] = { |
510 |
+ { |
511 |
+- set_no_mwait, "IFL91 board", { |
512 |
+- DMI_MATCH(DMI_BIOS_VENDOR, "COMPAL"), |
513 |
+- DMI_MATCH(DMI_SYS_VENDOR, "ZEPTO"), |
514 |
+- DMI_MATCH(DMI_PRODUCT_VERSION, "3215W"), |
515 |
+- DMI_MATCH(DMI_BOARD_NAME, "IFL91") }, NULL}, |
516 |
+- { |
517 |
+ set_no_mwait, "Extensa 5220", { |
518 |
+ DMI_MATCH(DMI_BIOS_VENDOR, "Phoenix Technologies LTD"), |
519 |
+ DMI_MATCH(DMI_SYS_VENDOR, "Acer"), |
520 |
+diff --git a/drivers/dma/mv_xor.c b/drivers/dma/mv_xor.c |
521 |
+index 466ab10..f2b44d5 100644 |
522 |
+--- a/drivers/dma/mv_xor.c |
523 |
++++ b/drivers/dma/mv_xor.c |
524 |
+@@ -161,7 +161,7 @@ static int mv_is_err_intr(u32 intr_cause) |
525 |
+ |
526 |
+ static void mv_xor_device_clear_eoc_cause(struct mv_xor_chan *chan) |
527 |
+ { |
528 |
+- u32 val = (1 << (1 + (chan->idx * 16))); |
529 |
++ u32 val = ~(1 << (chan->idx * 16)); |
530 |
+ dev_dbg(chan->device->common.dev, "%s, val 0x%08x\n", __func__, val); |
531 |
+ __raw_writel(val, XOR_INTR_CAUSE(chan)); |
532 |
+ } |
533 |
+diff --git a/drivers/i2c/busses/i2c-pca-isa.c b/drivers/i2c/busses/i2c-pca-isa.c |
534 |
+index f7346a9..62a5ce5 100644 |
535 |
+--- a/drivers/i2c/busses/i2c-pca-isa.c |
536 |
++++ b/drivers/i2c/busses/i2c-pca-isa.c |
537 |
+@@ -71,8 +71,8 @@ static int pca_isa_readbyte(void *pd, int reg) |
538 |
+ |
539 |
+ static int pca_isa_waitforcompletion(void *pd) |
540 |
+ { |
541 |
+- long ret = ~0; |
542 |
+ unsigned long timeout; |
543 |
++ long ret; |
544 |
+ |
545 |
+ if (irq > -1) { |
546 |
+ ret = wait_event_timeout(pca_wait, |
547 |
+@@ -81,11 +81,15 @@ static int pca_isa_waitforcompletion(void *pd) |
548 |
+ } else { |
549 |
+ /* Do polling */ |
550 |
+ timeout = jiffies + pca_isa_ops.timeout; |
551 |
+- while (((pca_isa_readbyte(pd, I2C_PCA_CON) |
552 |
+- & I2C_PCA_CON_SI) == 0) |
553 |
+- && (ret = time_before(jiffies, timeout))) |
554 |
++ do { |
555 |
++ ret = time_before(jiffies, timeout); |
556 |
++ if (pca_isa_readbyte(pd, I2C_PCA_CON) |
557 |
++ & I2C_PCA_CON_SI) |
558 |
++ break; |
559 |
+ udelay(100); |
560 |
++ } while (ret); |
561 |
+ } |
562 |
++ |
563 |
+ return ret > 0; |
564 |
+ } |
565 |
+ |
566 |
+diff --git a/drivers/i2c/busses/i2c-pca-platform.c b/drivers/i2c/busses/i2c-pca-platform.c |
567 |
+index 5b2213d..1d8c208 100644 |
568 |
+--- a/drivers/i2c/busses/i2c-pca-platform.c |
569 |
++++ b/drivers/i2c/busses/i2c-pca-platform.c |
570 |
+@@ -80,8 +80,8 @@ static void i2c_pca_pf_writebyte32(void *pd, int reg, int val) |
571 |
+ static int i2c_pca_pf_waitforcompletion(void *pd) |
572 |
+ { |
573 |
+ struct i2c_pca_pf_data *i2c = pd; |
574 |
+- long ret = ~0; |
575 |
+ unsigned long timeout; |
576 |
++ long ret; |
577 |
+ |
578 |
+ if (i2c->irq) { |
579 |
+ ret = wait_event_timeout(i2c->wait, |
580 |
+@@ -90,10 +90,13 @@ static int i2c_pca_pf_waitforcompletion(void *pd) |
581 |
+ } else { |
582 |
+ /* Do polling */ |
583 |
+ timeout = jiffies + i2c->adap.timeout; |
584 |
+- while (((i2c->algo_data.read_byte(i2c, I2C_PCA_CON) |
585 |
+- & I2C_PCA_CON_SI) == 0) |
586 |
+- && (ret = time_before(jiffies, timeout))) |
587 |
++ do { |
588 |
++ ret = time_before(jiffies, timeout); |
589 |
++ if (i2c->algo_data.read_byte(i2c, I2C_PCA_CON) |
590 |
++ & I2C_PCA_CON_SI) |
591 |
++ break; |
592 |
+ udelay(100); |
593 |
++ } while (ret); |
594 |
+ } |
595 |
+ |
596 |
+ return ret > 0; |
597 |
+diff --git a/drivers/infiniband/hw/cxgb3/iwch_cm.c b/drivers/infiniband/hw/cxgb3/iwch_cm.c |
598 |
+index 66b4135..675fc04 100644 |
599 |
+--- a/drivers/infiniband/hw/cxgb3/iwch_cm.c |
600 |
++++ b/drivers/infiniband/hw/cxgb3/iwch_cm.c |
601 |
+@@ -486,7 +486,8 @@ static int send_connect(struct iwch_ep *ep) |
602 |
+ V_MSS_IDX(mtu_idx) | |
603 |
+ V_L2T_IDX(ep->l2t->idx) | V_TX_CHANNEL(ep->l2t->smt_idx); |
604 |
+ opt0l = V_TOS((ep->tos >> 2) & M_TOS) | V_RCV_BUFSIZ(rcv_win>>10); |
605 |
+- opt2 = V_FLAVORS_VALID(1) | V_CONG_CONTROL_FLAVOR(cong_flavor); |
606 |
++ opt2 = F_RX_COALESCE_VALID | V_RX_COALESCE(0) | V_FLAVORS_VALID(1) | |
607 |
++ V_CONG_CONTROL_FLAVOR(cong_flavor); |
608 |
+ skb->priority = CPL_PRIORITY_SETUP; |
609 |
+ set_arp_failure_handler(skb, act_open_req_arp_failure); |
610 |
+ |
611 |
+@@ -1303,7 +1304,8 @@ static void accept_cr(struct iwch_ep *ep, __be32 peer_ip, struct sk_buff *skb) |
612 |
+ V_MSS_IDX(mtu_idx) | |
613 |
+ V_L2T_IDX(ep->l2t->idx) | V_TX_CHANNEL(ep->l2t->smt_idx); |
614 |
+ opt0l = V_TOS((ep->tos >> 2) & M_TOS) | V_RCV_BUFSIZ(rcv_win>>10); |
615 |
+- opt2 = V_FLAVORS_VALID(1) | V_CONG_CONTROL_FLAVOR(cong_flavor); |
616 |
++ opt2 = F_RX_COALESCE_VALID | V_RX_COALESCE(0) | V_FLAVORS_VALID(1) | |
617 |
++ V_CONG_CONTROL_FLAVOR(cong_flavor); |
618 |
+ |
619 |
+ rpl = cplhdr(skb); |
620 |
+ rpl->wr.wr_hi = htonl(V_WR_OP(FW_WROPCODE_FORWARD)); |
621 |
+diff --git a/drivers/input/joydev.c b/drivers/input/joydev.c |
622 |
+index b1bd6dd..93c60e0 100644 |
623 |
+--- a/drivers/input/joydev.c |
624 |
++++ b/drivers/input/joydev.c |
625 |
+@@ -481,6 +481,9 @@ static int joydev_handle_JSIOCSAXMAP(struct joydev *joydev, |
626 |
+ |
627 |
+ memcpy(joydev->abspam, abspam, len); |
628 |
+ |
629 |
++ for (i = 0; i < joydev->nabs; i++) |
630 |
++ joydev->absmap[joydev->abspam[i]] = i; |
631 |
++ |
632 |
+ out: |
633 |
+ kfree(abspam); |
634 |
+ return retval; |
635 |
+diff --git a/drivers/media/video/cx231xx/cx231xx-cards.c b/drivers/media/video/cx231xx/cx231xx-cards.c |
636 |
+index 319c459..dd30b9d 100644 |
637 |
+--- a/drivers/media/video/cx231xx/cx231xx-cards.c |
638 |
++++ b/drivers/media/video/cx231xx/cx231xx-cards.c |
639 |
+@@ -225,14 +225,16 @@ void cx231xx_pre_card_setup(struct cx231xx *dev) |
640 |
+ dev->board.name, dev->model); |
641 |
+ |
642 |
+ /* set the direction for GPIO pins */ |
643 |
+- cx231xx_set_gpio_direction(dev, dev->board.tuner_gpio->bit, 1); |
644 |
+- cx231xx_set_gpio_value(dev, dev->board.tuner_gpio->bit, 1); |
645 |
+- cx231xx_set_gpio_direction(dev, dev->board.tuner_sif_gpio, 1); |
646 |
++ if (dev->board.tuner_gpio) { |
647 |
++ cx231xx_set_gpio_direction(dev, dev->board.tuner_gpio->bit, 1); |
648 |
++ cx231xx_set_gpio_value(dev, dev->board.tuner_gpio->bit, 1); |
649 |
++ cx231xx_set_gpio_direction(dev, dev->board.tuner_sif_gpio, 1); |
650 |
+ |
651 |
+- /* request some modules if any required */ |
652 |
++ /* request some modules if any required */ |
653 |
+ |
654 |
+- /* reset the Tuner */ |
655 |
+- cx231xx_gpio_set(dev, dev->board.tuner_gpio); |
656 |
++ /* reset the Tuner */ |
657 |
++ cx231xx_gpio_set(dev, dev->board.tuner_gpio); |
658 |
++ } |
659 |
+ |
660 |
+ /* set the mode to Analog mode initially */ |
661 |
+ cx231xx_set_mode(dev, CX231XX_ANALOG_MODE); |
662 |
+diff --git a/drivers/media/video/saa7134/saa7134-core.c b/drivers/media/video/saa7134/saa7134-core.c |
663 |
+index f87757f..09d4223 100644 |
664 |
+--- a/drivers/media/video/saa7134/saa7134-core.c |
665 |
++++ b/drivers/media/video/saa7134/saa7134-core.c |
666 |
+@@ -420,19 +420,6 @@ int saa7134_set_dmabits(struct saa7134_dev *dev) |
667 |
+ ctrl |= SAA7134_MAIN_CTRL_TE5; |
668 |
+ irq |= SAA7134_IRQ1_INTE_RA2_1 | |
669 |
+ SAA7134_IRQ1_INTE_RA2_0; |
670 |
+- |
671 |
+- /* dma: setup channel 5 (= TS) */ |
672 |
+- |
673 |
+- saa_writeb(SAA7134_TS_DMA0, (dev->ts.nr_packets - 1) & 0xff); |
674 |
+- saa_writeb(SAA7134_TS_DMA1, |
675 |
+- ((dev->ts.nr_packets - 1) >> 8) & 0xff); |
676 |
+- /* TSNOPIT=0, TSCOLAP=0 */ |
677 |
+- saa_writeb(SAA7134_TS_DMA2, |
678 |
+- (((dev->ts.nr_packets - 1) >> 16) & 0x3f) | 0x00); |
679 |
+- saa_writel(SAA7134_RS_PITCH(5), TS_PACKET_SIZE); |
680 |
+- saa_writel(SAA7134_RS_CONTROL(5), SAA7134_RS_CONTROL_BURST_16 | |
681 |
+- SAA7134_RS_CONTROL_ME | |
682 |
+- (dev->ts.pt_ts.dma >> 12)); |
683 |
+ } |
684 |
+ |
685 |
+ /* set task conditions + field handling */ |
686 |
+diff --git a/drivers/media/video/saa7134/saa7134-ts.c b/drivers/media/video/saa7134/saa7134-ts.c |
687 |
+index 03488ba..b9817d7 100644 |
688 |
+--- a/drivers/media/video/saa7134/saa7134-ts.c |
689 |
++++ b/drivers/media/video/saa7134/saa7134-ts.c |
690 |
+@@ -250,6 +250,19 @@ int saa7134_ts_start(struct saa7134_dev *dev) |
691 |
+ |
692 |
+ BUG_ON(dev->ts_started); |
693 |
+ |
694 |
++ /* dma: setup channel 5 (= TS) */ |
695 |
++ saa_writeb(SAA7134_TS_DMA0, (dev->ts.nr_packets - 1) & 0xff); |
696 |
++ saa_writeb(SAA7134_TS_DMA1, |
697 |
++ ((dev->ts.nr_packets - 1) >> 8) & 0xff); |
698 |
++ /* TSNOPIT=0, TSCOLAP=0 */ |
699 |
++ saa_writeb(SAA7134_TS_DMA2, |
700 |
++ (((dev->ts.nr_packets - 1) >> 16) & 0x3f) | 0x00); |
701 |
++ saa_writel(SAA7134_RS_PITCH(5), TS_PACKET_SIZE); |
702 |
++ saa_writel(SAA7134_RS_CONTROL(5), SAA7134_RS_CONTROL_BURST_16 | |
703 |
++ SAA7134_RS_CONTROL_ME | |
704 |
++ (dev->ts.pt_ts.dma >> 12)); |
705 |
++ |
706 |
++ /* reset hardware TS buffers */ |
707 |
+ saa_writeb(SAA7134_TS_SERIAL1, 0x00); |
708 |
+ saa_writeb(SAA7134_TS_SERIAL1, 0x03); |
709 |
+ saa_writeb(SAA7134_TS_SERIAL1, 0x00); |
710 |
+diff --git a/drivers/media/video/v4l2-compat-ioctl32.c b/drivers/media/video/v4l2-compat-ioctl32.c |
711 |
+index 997975d..64076ff 100644 |
712 |
+--- a/drivers/media/video/v4l2-compat-ioctl32.c |
713 |
++++ b/drivers/media/video/v4l2-compat-ioctl32.c |
714 |
+@@ -193,17 +193,24 @@ static int put_video_window32(struct video_window *kp, struct video_window32 __u |
715 |
+ struct video_code32 { |
716 |
+ char loadwhat[16]; /* name or tag of file being passed */ |
717 |
+ compat_int_t datasize; |
718 |
+- unsigned char *data; |
719 |
++ compat_uptr_t data; |
720 |
+ }; |
721 |
+ |
722 |
+-static int get_microcode32(struct video_code *kp, struct video_code32 __user *up) |
723 |
++static struct video_code __user *get_microcode32(struct video_code32 *kp) |
724 |
+ { |
725 |
+- if (!access_ok(VERIFY_READ, up, sizeof(struct video_code32)) || |
726 |
+- copy_from_user(kp->loadwhat, up->loadwhat, sizeof(up->loadwhat)) || |
727 |
+- get_user(kp->datasize, &up->datasize) || |
728 |
+- copy_from_user(kp->data, up->data, up->datasize)) |
729 |
+- return -EFAULT; |
730 |
+- return 0; |
731 |
++ struct video_code __user *up; |
732 |
++ |
733 |
++ up = compat_alloc_user_space(sizeof(*up)); |
734 |
++ |
735 |
++ /* |
736 |
++ * NOTE! We don't actually care if these fail. If the |
737 |
++ * user address is invalid, the native ioctl will do |
738 |
++ * the error handling for us |
739 |
++ */ |
740 |
++ (void) copy_to_user(up->loadwhat, kp->loadwhat, sizeof(up->loadwhat)); |
741 |
++ (void) put_user(kp->datasize, &up->datasize); |
742 |
++ (void) put_user(compat_ptr(kp->data), &up->data); |
743 |
++ return up; |
744 |
+ } |
745 |
+ |
746 |
+ #define VIDIOCGTUNER32 _IOWR('v', 4, struct video_tuner32) |
747 |
+@@ -741,7 +748,7 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar |
748 |
+ struct video_tuner vt; |
749 |
+ struct video_buffer vb; |
750 |
+ struct video_window vw; |
751 |
+- struct video_code vc; |
752 |
++ struct video_code32 vc; |
753 |
+ struct video_audio va; |
754 |
+ #endif |
755 |
+ struct v4l2_format v2f; |
756 |
+@@ -820,8 +827,11 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar |
757 |
+ break; |
758 |
+ |
759 |
+ case VIDIOCSMICROCODE: |
760 |
+- err = get_microcode32(&karg.vc, up); |
761 |
+- compatible_arg = 0; |
762 |
++ /* Copy the 32-bit "video_code32" to kernel space */ |
763 |
++ if (copy_from_user(&karg.vc, up, sizeof(karg.vc))) |
764 |
++ return -EFAULT; |
765 |
++ /* Convert the 32-bit version to a 64-bit version in user space */ |
766 |
++ up = get_microcode32(&karg.vc); |
767 |
+ break; |
768 |
+ |
769 |
+ case VIDIOCSFREQ: |
770 |
+diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c |
771 |
+index 676cd0c..14c5480 100644 |
772 |
+--- a/drivers/mmc/host/sdhci-s3c.c |
773 |
++++ b/drivers/mmc/host/sdhci-s3c.c |
774 |
+@@ -379,8 +379,10 @@ static int __devexit sdhci_s3c_remove(struct platform_device *pdev) |
775 |
+ sdhci_remove_host(host, 1); |
776 |
+ |
777 |
+ for (ptr = 0; ptr < 3; ptr++) { |
778 |
+- clk_disable(sc->clk_bus[ptr]); |
779 |
+- clk_put(sc->clk_bus[ptr]); |
780 |
++ if (sc->clk_bus[ptr]) { |
781 |
++ clk_disable(sc->clk_bus[ptr]); |
782 |
++ clk_put(sc->clk_bus[ptr]); |
783 |
++ } |
784 |
+ } |
785 |
+ clk_disable(sc->clk_io); |
786 |
+ clk_put(sc->clk_io); |
787 |
+diff --git a/drivers/net/atlx/atl1.c b/drivers/net/atlx/atl1.c |
788 |
+index 00569dc..403bfb6 100644 |
789 |
+--- a/drivers/net/atlx/atl1.c |
790 |
++++ b/drivers/net/atlx/atl1.c |
791 |
+@@ -2856,10 +2856,11 @@ static int atl1_resume(struct pci_dev *pdev) |
792 |
+ pci_enable_wake(pdev, PCI_D3cold, 0); |
793 |
+ |
794 |
+ atl1_reset_hw(&adapter->hw); |
795 |
+- adapter->cmb.cmb->int_stats = 0; |
796 |
+ |
797 |
+- if (netif_running(netdev)) |
798 |
++ if (netif_running(netdev)) { |
799 |
++ adapter->cmb.cmb->int_stats = 0; |
800 |
+ atl1_up(adapter); |
801 |
++ } |
802 |
+ netif_device_attach(netdev); |
803 |
+ |
804 |
+ return 0; |
805 |
+diff --git a/drivers/net/b44.c b/drivers/net/b44.c |
806 |
+index 4869adb..137cb03 100644 |
807 |
+--- a/drivers/net/b44.c |
808 |
++++ b/drivers/net/b44.c |
809 |
+@@ -2175,8 +2175,6 @@ static int __devinit b44_init_one(struct ssb_device *sdev, |
810 |
+ dev->irq = sdev->irq; |
811 |
+ SET_ETHTOOL_OPS(dev, &b44_ethtool_ops); |
812 |
+ |
813 |
+- netif_carrier_off(dev); |
814 |
+- |
815 |
+ err = ssb_bus_powerup(sdev->bus, 0); |
816 |
+ if (err) { |
817 |
+ dev_err(sdev->dev, |
818 |
+@@ -2216,6 +2214,8 @@ static int __devinit b44_init_one(struct ssb_device *sdev, |
819 |
+ goto err_out_powerdown; |
820 |
+ } |
821 |
+ |
822 |
++ netif_carrier_off(dev); |
823 |
++ |
824 |
+ ssb_set_drvdata(sdev, dev); |
825 |
+ |
826 |
+ /* Chip reset provides power to the b44 MAC & PCI cores, which |
827 |
+diff --git a/drivers/net/netxen/netxen_nic_init.c b/drivers/net/netxen/netxen_nic_init.c |
828 |
+index 8a09043..0f3ae46 100644 |
829 |
+--- a/drivers/net/netxen/netxen_nic_init.c |
830 |
++++ b/drivers/net/netxen/netxen_nic_init.c |
831 |
+@@ -1199,7 +1199,6 @@ netxen_process_rcv(struct netxen_adapter *adapter, |
832 |
+ if (pkt_offset) |
833 |
+ skb_pull(skb, pkt_offset); |
834 |
+ |
835 |
+- skb->truesize = skb->len + sizeof(struct sk_buff); |
836 |
+ skb->protocol = eth_type_trans(skb, netdev); |
837 |
+ |
838 |
+ napi_gro_receive(&sds_ring->napi, skb); |
839 |
+@@ -1261,8 +1260,6 @@ netxen_process_lro(struct netxen_adapter *adapter, |
840 |
+ |
841 |
+ skb_put(skb, lro_length + data_offset); |
842 |
+ |
843 |
+- skb->truesize = skb->len + sizeof(struct sk_buff) + skb_headroom(skb); |
844 |
+- |
845 |
+ skb_pull(skb, l2_hdr_offset); |
846 |
+ skb->protocol = eth_type_trans(skb, netdev); |
847 |
+ |
848 |
+diff --git a/drivers/net/r6040.c b/drivers/net/r6040.c |
849 |
+index 8b14c6e..9ee9f01 100644 |
850 |
+--- a/drivers/net/r6040.c |
851 |
++++ b/drivers/net/r6040.c |
852 |
+@@ -135,7 +135,7 @@ |
853 |
+ #define RX_DESC_SIZE (RX_DCNT * sizeof(struct r6040_descriptor)) |
854 |
+ #define TX_DESC_SIZE (TX_DCNT * sizeof(struct r6040_descriptor)) |
855 |
+ #define MBCR_DEFAULT 0x012A /* MAC Bus Control Register */ |
856 |
+-#define MCAST_MAX 4 /* Max number multicast addresses to filter */ |
857 |
++#define MCAST_MAX 3 /* Max number multicast addresses to filter */ |
858 |
+ |
859 |
+ /* Descriptor status */ |
860 |
+ #define DSC_OWNER_MAC 0x8000 /* MAC is the owner of this descriptor */ |
861 |
+@@ -985,9 +985,6 @@ static void r6040_multicast_list(struct net_device *dev) |
862 |
+ crc >>= 26; |
863 |
+ hash_table[crc >> 4] |= 1 << (15 - (crc & 0xf)); |
864 |
+ } |
865 |
+- /* Write the index of the hash table */ |
866 |
+- for (i = 0; i < 4; i++) |
867 |
+- iowrite16(hash_table[i] << 14, ioaddr + MCR1); |
868 |
+ /* Fill the MAC hash tables with their values */ |
869 |
+ iowrite16(hash_table[0], ioaddr + MAR0); |
870 |
+ iowrite16(hash_table[1], ioaddr + MAR1); |
871 |
+@@ -995,6 +992,7 @@ static void r6040_multicast_list(struct net_device *dev) |
872 |
+ iowrite16(hash_table[3], ioaddr + MAR3); |
873 |
+ } |
874 |
+ /* Multicast Address 1~4 case */ |
875 |
++ dmi = dev->mc_list; |
876 |
+ for (i = 0, dmi; (i < dev->mc_count) && (i < MCAST_MAX); i++) { |
877 |
+ adrp = (u16 *)dmi->dmi_addr; |
878 |
+ iowrite16(adrp[0], ioaddr + MID_1L + 8*i); |
879 |
+@@ -1003,9 +1001,9 @@ static void r6040_multicast_list(struct net_device *dev) |
880 |
+ dmi = dmi->next; |
881 |
+ } |
882 |
+ for (i = dev->mc_count; i < MCAST_MAX; i++) { |
883 |
+- iowrite16(0xffff, ioaddr + MID_0L + 8*i); |
884 |
+- iowrite16(0xffff, ioaddr + MID_0M + 8*i); |
885 |
+- iowrite16(0xffff, ioaddr + MID_0H + 8*i); |
886 |
++ iowrite16(0xffff, ioaddr + MID_1L + 8*i); |
887 |
++ iowrite16(0xffff, ioaddr + MID_1M + 8*i); |
888 |
++ iowrite16(0xffff, ioaddr + MID_1H + 8*i); |
889 |
+ } |
890 |
+ } |
891 |
+ |
892 |
+diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c |
893 |
+index 62e784a..7dd2132 100644 |
894 |
+--- a/drivers/net/r8169.c |
895 |
++++ b/drivers/net/r8169.c |
896 |
+@@ -3999,7 +3999,7 @@ static inline void rtl8169_map_to_asic(struct RxDesc *desc, dma_addr_t mapping, |
897 |
+ static struct sk_buff *rtl8169_alloc_rx_skb(struct pci_dev *pdev, |
898 |
+ struct net_device *dev, |
899 |
+ struct RxDesc *desc, int rx_buf_sz, |
900 |
+- unsigned int align) |
901 |
++ unsigned int align, gfp_t gfp) |
902 |
+ { |
903 |
+ struct sk_buff *skb; |
904 |
+ dma_addr_t mapping; |
905 |
+@@ -4007,7 +4007,7 @@ static struct sk_buff *rtl8169_alloc_rx_skb(struct pci_dev *pdev, |
906 |
+ |
907 |
+ pad = align ? align : NET_IP_ALIGN; |
908 |
+ |
909 |
+- skb = netdev_alloc_skb(dev, rx_buf_sz + pad); |
910 |
++ skb = __netdev_alloc_skb(dev, rx_buf_sz + pad, gfp); |
911 |
+ if (!skb) |
912 |
+ goto err_out; |
913 |
+ |
914 |
+@@ -4038,7 +4038,7 @@ static void rtl8169_rx_clear(struct rtl8169_private *tp) |
915 |
+ } |
916 |
+ |
917 |
+ static u32 rtl8169_rx_fill(struct rtl8169_private *tp, struct net_device *dev, |
918 |
+- u32 start, u32 end) |
919 |
++ u32 start, u32 end, gfp_t gfp) |
920 |
+ { |
921 |
+ u32 cur; |
922 |
+ |
923 |
+@@ -4053,7 +4053,7 @@ static u32 rtl8169_rx_fill(struct rtl8169_private *tp, struct net_device *dev, |
924 |
+ |
925 |
+ skb = rtl8169_alloc_rx_skb(tp->pci_dev, dev, |
926 |
+ tp->RxDescArray + i, |
927 |
+- tp->rx_buf_sz, tp->align); |
928 |
++ tp->rx_buf_sz, tp->align, gfp); |
929 |
+ if (!skb) |
930 |
+ break; |
931 |
+ |
932 |
+@@ -4081,7 +4081,7 @@ static int rtl8169_init_ring(struct net_device *dev) |
933 |
+ memset(tp->tx_skb, 0x0, NUM_TX_DESC * sizeof(struct ring_info)); |
934 |
+ memset(tp->Rx_skbuff, 0x0, NUM_RX_DESC * sizeof(struct sk_buff *)); |
935 |
+ |
936 |
+- if (rtl8169_rx_fill(tp, dev, 0, NUM_RX_DESC) != NUM_RX_DESC) |
937 |
++ if (rtl8169_rx_fill(tp, dev, 0, NUM_RX_DESC, GFP_KERNEL) != NUM_RX_DESC) |
938 |
+ goto err_out; |
939 |
+ |
940 |
+ rtl8169_mark_as_last_descriptor(tp->RxDescArray + NUM_RX_DESC - 1); |
941 |
+@@ -4584,7 +4584,7 @@ static int rtl8169_rx_interrupt(struct net_device *dev, |
942 |
+ count = cur_rx - tp->cur_rx; |
943 |
+ tp->cur_rx = cur_rx; |
944 |
+ |
945 |
+- delta = rtl8169_rx_fill(tp, dev, tp->dirty_rx, tp->cur_rx); |
946 |
++ delta = rtl8169_rx_fill(tp, dev, tp->dirty_rx, tp->cur_rx, GFP_ATOMIC); |
947 |
+ if (!delta && count && netif_msg_intr(tp)) |
948 |
+ printk(KERN_INFO "%s: no Rx buffer allocated\n", dev->name); |
949 |
+ tp->dirty_rx += delta; |
950 |
+diff --git a/drivers/net/skge.c b/drivers/net/skge.c |
951 |
+index 8f54143..5b07e00 100644 |
952 |
+--- a/drivers/net/skge.c |
953 |
++++ b/drivers/net/skge.c |
954 |
+@@ -40,6 +40,7 @@ |
955 |
+ #include <linux/sched.h> |
956 |
+ #include <linux/seq_file.h> |
957 |
+ #include <linux/mii.h> |
958 |
++#include <linux/dmi.h> |
959 |
+ #include <asm/irq.h> |
960 |
+ |
961 |
+ #include "skge.h" |
962 |
+@@ -3890,6 +3891,8 @@ static void __devinit skge_show_addr(struct net_device *dev) |
963 |
+ dev->name, dev->dev_addr); |
964 |
+ } |
965 |
+ |
966 |
++static int only_32bit_dma; |
967 |
++ |
968 |
+ static int __devinit skge_probe(struct pci_dev *pdev, |
969 |
+ const struct pci_device_id *ent) |
970 |
+ { |
971 |
+@@ -3911,7 +3914,7 @@ static int __devinit skge_probe(struct pci_dev *pdev, |
972 |
+ |
973 |
+ pci_set_master(pdev); |
974 |
+ |
975 |
+- if (!pci_set_dma_mask(pdev, DMA_BIT_MASK(64))) { |
976 |
++ if (!only_32bit_dma && !pci_set_dma_mask(pdev, DMA_BIT_MASK(64))) { |
977 |
+ using_dac = 1; |
978 |
+ err = pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(64)); |
979 |
+ } else if (!(err = pci_set_dma_mask(pdev, DMA_BIT_MASK(32)))) { |
980 |
+@@ -4168,8 +4171,21 @@ static struct pci_driver skge_driver = { |
981 |
+ .shutdown = skge_shutdown, |
982 |
+ }; |
983 |
+ |
984 |
++static struct dmi_system_id skge_32bit_dma_boards[] = { |
985 |
++ { |
986 |
++ .ident = "Gigabyte nForce boards", |
987 |
++ .matches = { |
988 |
++ DMI_MATCH(DMI_BOARD_VENDOR, "Gigabyte Technology Co"), |
989 |
++ DMI_MATCH(DMI_BOARD_NAME, "nForce"), |
990 |
++ }, |
991 |
++ }, |
992 |
++ {} |
993 |
++}; |
994 |
++ |
995 |
+ static int __init skge_init_module(void) |
996 |
+ { |
997 |
++ if (dmi_check_system(skge_32bit_dma_boards)) |
998 |
++ only_32bit_dma = 1; |
999 |
+ skge_debug_init(); |
1000 |
+ return pci_register_driver(&skge_driver); |
1001 |
+ } |
1002 |
+diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c |
1003 |
+index bf6bd67..4633fc2 100644 |
1004 |
+--- a/drivers/pci/quirks.c |
1005 |
++++ b/drivers/pci/quirks.c |
1006 |
+@@ -155,6 +155,26 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_NEC, PCI_DEVICE_ID_NEC_CBUS_2, quirk_isa_d |
1007 |
+ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_NEC, PCI_DEVICE_ID_NEC_CBUS_3, quirk_isa_dma_hangs); |
1008 |
+ |
1009 |
+ /* |
1010 |
++ * Intel NM10 "TigerPoint" LPC PM1a_STS.BM_STS must be clear |
1011 |
++ * for some HT machines to use C4 w/o hanging. |
1012 |
++ */ |
1013 |
++static void __devinit quirk_tigerpoint_bm_sts(struct pci_dev *dev) |
1014 |
++{ |
1015 |
++ u32 pmbase; |
1016 |
++ u16 pm1a; |
1017 |
++ |
1018 |
++ pci_read_config_dword(dev, 0x40, &pmbase); |
1019 |
++ pmbase = pmbase & 0xff80; |
1020 |
++ pm1a = inw(pmbase); |
1021 |
++ |
1022 |
++ if (pm1a & 0x10) { |
1023 |
++ dev_info(&dev->dev, FW_BUG "TigerPoint LPC.BM_STS cleared\n"); |
1024 |
++ outw(0x10, pmbase); |
1025 |
++ } |
1026 |
++} |
1027 |
++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_TGP_LPC, quirk_tigerpoint_bm_sts); |
1028 |
++ |
1029 |
++/* |
1030 |
+ * Chipsets where PCI->PCI transfers vanish or hang |
1031 |
+ */ |
1032 |
+ static void __devinit quirk_nopcipci(struct pci_dev *dev) |
1033 |
+diff --git a/drivers/usb/core/file.c b/drivers/usb/core/file.c |
1034 |
+index 222ee07..8164ba5 100644 |
1035 |
+--- a/drivers/usb/core/file.c |
1036 |
++++ b/drivers/usb/core/file.c |
1037 |
+@@ -159,9 +159,9 @@ void usb_major_cleanup(void) |
1038 |
+ int usb_register_dev(struct usb_interface *intf, |
1039 |
+ struct usb_class_driver *class_driver) |
1040 |
+ { |
1041 |
+- int retval = -EINVAL; |
1042 |
++ int retval; |
1043 |
+ int minor_base = class_driver->minor_base; |
1044 |
+- int minor = 0; |
1045 |
++ int minor; |
1046 |
+ char name[20]; |
1047 |
+ char *temp; |
1048 |
+ |
1049 |
+@@ -173,12 +173,17 @@ int usb_register_dev(struct usb_interface *intf, |
1050 |
+ */ |
1051 |
+ minor_base = 0; |
1052 |
+ #endif |
1053 |
+- intf->minor = -1; |
1054 |
+- |
1055 |
+- dbg ("looking for a minor, starting at %d", minor_base); |
1056 |
+ |
1057 |
+ if (class_driver->fops == NULL) |
1058 |
+- goto exit; |
1059 |
++ return -EINVAL; |
1060 |
++ if (intf->minor >= 0) |
1061 |
++ return -EADDRINUSE; |
1062 |
++ |
1063 |
++ retval = init_usb_class(); |
1064 |
++ if (retval) |
1065 |
++ return retval; |
1066 |
++ |
1067 |
++ dev_dbg(&intf->dev, "looking for a minor, starting at %d", minor_base); |
1068 |
+ |
1069 |
+ down_write(&minor_rwsem); |
1070 |
+ for (minor = minor_base; minor < MAX_USB_MINORS; ++minor) { |
1071 |
+@@ -186,20 +191,12 @@ int usb_register_dev(struct usb_interface *intf, |
1072 |
+ continue; |
1073 |
+ |
1074 |
+ usb_minors[minor] = class_driver->fops; |
1075 |
+- |
1076 |
+- retval = 0; |
1077 |
++ intf->minor = minor; |
1078 |
+ break; |
1079 |
+ } |
1080 |
+ up_write(&minor_rwsem); |
1081 |
+- |
1082 |
+- if (retval) |
1083 |
+- goto exit; |
1084 |
+- |
1085 |
+- retval = init_usb_class(); |
1086 |
+- if (retval) |
1087 |
+- goto exit; |
1088 |
+- |
1089 |
+- intf->minor = minor; |
1090 |
++ if (intf->minor < 0) |
1091 |
++ return -EXFULL; |
1092 |
+ |
1093 |
+ /* create a usb class device for this usb interface */ |
1094 |
+ snprintf(name, sizeof(name), class_driver->name, minor - minor_base); |
1095 |
+@@ -213,11 +210,11 @@ int usb_register_dev(struct usb_interface *intf, |
1096 |
+ "%s", temp); |
1097 |
+ if (IS_ERR(intf->usb_dev)) { |
1098 |
+ down_write(&minor_rwsem); |
1099 |
+- usb_minors[intf->minor] = NULL; |
1100 |
++ usb_minors[minor] = NULL; |
1101 |
++ intf->minor = -1; |
1102 |
+ up_write(&minor_rwsem); |
1103 |
+ retval = PTR_ERR(intf->usb_dev); |
1104 |
+ } |
1105 |
+-exit: |
1106 |
+ return retval; |
1107 |
+ } |
1108 |
+ EXPORT_SYMBOL_GPL(usb_register_dev); |
1109 |
+diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c |
1110 |
+index 980a8d2..1ca6545 100644 |
1111 |
+--- a/drivers/usb/core/message.c |
1112 |
++++ b/drivers/usb/core/message.c |
1113 |
+@@ -1792,6 +1792,7 @@ free_interfaces: |
1114 |
+ intf->dev.groups = usb_interface_groups; |
1115 |
+ intf->dev.dma_mask = dev->dev.dma_mask; |
1116 |
+ INIT_WORK(&intf->reset_ws, __usb_queue_reset_device); |
1117 |
++ intf->minor = -1; |
1118 |
+ device_initialize(&intf->dev); |
1119 |
+ mark_quiesced(intf); |
1120 |
+ dev_set_name(&intf->dev, "%d-%s:%d.%d", |
1121 |
+diff --git a/drivers/usb/musb/musb_gadget.c b/drivers/usb/musb/musb_gadget.c |
1122 |
+index 74073f9..c6f5ee4 100644 |
1123 |
+--- a/drivers/usb/musb/musb_gadget.c |
1124 |
++++ b/drivers/usb/musb/musb_gadget.c |
1125 |
+@@ -577,11 +577,19 @@ static void rxstate(struct musb *musb, struct musb_request *req) |
1126 |
+ { |
1127 |
+ const u8 epnum = req->epnum; |
1128 |
+ struct usb_request *request = &req->request; |
1129 |
+- struct musb_ep *musb_ep = &musb->endpoints[epnum].ep_out; |
1130 |
++ struct musb_ep *musb_ep; |
1131 |
+ void __iomem *epio = musb->endpoints[epnum].regs; |
1132 |
+ unsigned fifo_count = 0; |
1133 |
+- u16 len = musb_ep->packet_sz; |
1134 |
++ u16 len; |
1135 |
+ u16 csr = musb_readw(epio, MUSB_RXCSR); |
1136 |
++ struct musb_hw_ep *hw_ep = &musb->endpoints[epnum]; |
1137 |
++ |
1138 |
++ if (hw_ep->is_shared_fifo) |
1139 |
++ musb_ep = &hw_ep->ep_in; |
1140 |
++ else |
1141 |
++ musb_ep = &hw_ep->ep_out; |
1142 |
++ |
1143 |
++ len = musb_ep->packet_sz; |
1144 |
+ |
1145 |
+ /* We shouldn't get here while DMA is active, but we do... */ |
1146 |
+ if (dma_channel_status(musb_ep->dma) == MUSB_DMA_STATUS_BUSY) { |
1147 |
+@@ -749,9 +757,15 @@ void musb_g_rx(struct musb *musb, u8 epnum) |
1148 |
+ u16 csr; |
1149 |
+ struct usb_request *request; |
1150 |
+ void __iomem *mbase = musb->mregs; |
1151 |
+- struct musb_ep *musb_ep = &musb->endpoints[epnum].ep_out; |
1152 |
++ struct musb_ep *musb_ep; |
1153 |
+ void __iomem *epio = musb->endpoints[epnum].regs; |
1154 |
+ struct dma_channel *dma; |
1155 |
++ struct musb_hw_ep *hw_ep = &musb->endpoints[epnum]; |
1156 |
++ |
1157 |
++ if (hw_ep->is_shared_fifo) |
1158 |
++ musb_ep = &hw_ep->ep_in; |
1159 |
++ else |
1160 |
++ musb_ep = &hw_ep->ep_out; |
1161 |
+ |
1162 |
+ musb_ep_select(mbase, epnum); |
1163 |
+ |
1164 |
+@@ -1074,7 +1088,7 @@ struct free_record { |
1165 |
+ /* |
1166 |
+ * Context: controller locked, IRQs blocked. |
1167 |
+ */ |
1168 |
+-static void musb_ep_restart(struct musb *musb, struct musb_request *req) |
1169 |
++void musb_ep_restart(struct musb *musb, struct musb_request *req) |
1170 |
+ { |
1171 |
+ DBG(3, "<== %s request %p len %u on hw_ep%d\n", |
1172 |
+ req->tx ? "TX/IN" : "RX/OUT", |
1173 |
+diff --git a/drivers/usb/musb/musb_gadget.h b/drivers/usb/musb/musb_gadget.h |
1174 |
+index 59502da..76711f2 100644 |
1175 |
+--- a/drivers/usb/musb/musb_gadget.h |
1176 |
++++ b/drivers/usb/musb/musb_gadget.h |
1177 |
+@@ -105,4 +105,6 @@ extern void musb_g_giveback(struct musb_ep *, struct usb_request *, int); |
1178 |
+ |
1179 |
+ extern int musb_gadget_set_halt(struct usb_ep *ep, int value); |
1180 |
+ |
1181 |
++extern void musb_ep_restart(struct musb *, struct musb_request *); |
1182 |
++ |
1183 |
+ #endif /* __MUSB_GADGET_H */ |
1184 |
+diff --git a/drivers/usb/musb/musb_gadget_ep0.c b/drivers/usb/musb/musb_gadget_ep0.c |
1185 |
+index 067e5a9..53c0444 100644 |
1186 |
+--- a/drivers/usb/musb/musb_gadget_ep0.c |
1187 |
++++ b/drivers/usb/musb/musb_gadget_ep0.c |
1188 |
+@@ -369,6 +369,7 @@ stall: |
1189 |
+ ctrlrequest->wIndex & 0x0f; |
1190 |
+ struct musb_ep *musb_ep; |
1191 |
+ struct musb_hw_ep *ep; |
1192 |
++ struct musb_request *request; |
1193 |
+ void __iomem *regs; |
1194 |
+ int is_in; |
1195 |
+ u16 csr; |
1196 |
+@@ -411,6 +412,14 @@ stall: |
1197 |
+ csr); |
1198 |
+ } |
1199 |
+ |
1200 |
++ /* Maybe start the first request in the queue */ |
1201 |
++ request = to_musb_request( |
1202 |
++ next_request(musb_ep)); |
1203 |
++ if (!musb_ep->busy && request) { |
1204 |
++ DBG(3, "restarting the request\n"); |
1205 |
++ musb_ep_restart(musb, request); |
1206 |
++ } |
1207 |
++ |
1208 |
+ /* select ep0 again */ |
1209 |
+ musb_ep_select(mbase, 0); |
1210 |
+ handled = 1; |
1211 |
+diff --git a/fs/exec.c b/fs/exec.c |
1212 |
+index 56da15f..a0410eb 100644 |
1213 |
+--- a/fs/exec.c |
1214 |
++++ b/fs/exec.c |
1215 |
+@@ -376,6 +376,9 @@ static int count(char __user * __user * argv, int max) |
1216 |
+ argv++; |
1217 |
+ if (i++ >= max) |
1218 |
+ return -E2BIG; |
1219 |
++ |
1220 |
++ if (fatal_signal_pending(current)) |
1221 |
++ return -ERESTARTNOHAND; |
1222 |
+ cond_resched(); |
1223 |
+ } |
1224 |
+ } |
1225 |
+@@ -419,6 +422,12 @@ static int copy_strings(int argc, char __user * __user * argv, |
1226 |
+ while (len > 0) { |
1227 |
+ int offset, bytes_to_copy; |
1228 |
+ |
1229 |
++ if (fatal_signal_pending(current)) { |
1230 |
++ ret = -ERESTARTNOHAND; |
1231 |
++ goto out; |
1232 |
++ } |
1233 |
++ cond_resched(); |
1234 |
++ |
1235 |
+ offset = pos % PAGE_SIZE; |
1236 |
+ if (offset == 0) |
1237 |
+ offset = PAGE_SIZE; |
1238 |
+@@ -594,6 +603,11 @@ int setup_arg_pages(struct linux_binprm *bprm, |
1239 |
+ #else |
1240 |
+ stack_top = arch_align_stack(stack_top); |
1241 |
+ stack_top = PAGE_ALIGN(stack_top); |
1242 |
++ |
1243 |
++ if (unlikely(stack_top < mmap_min_addr) || |
1244 |
++ unlikely(vma->vm_end - vma->vm_start >= stack_top - mmap_min_addr)) |
1245 |
++ return -ENOMEM; |
1246 |
++ |
1247 |
+ stack_shift = vma->vm_end - stack_top; |
1248 |
+ |
1249 |
+ bprm->p -= stack_shift; |
1250 |
+diff --git a/fs/ocfs2/symlink.c b/fs/ocfs2/symlink.c |
1251 |
+index e342103..91e656f 100644 |
1252 |
+--- a/fs/ocfs2/symlink.c |
1253 |
++++ b/fs/ocfs2/symlink.c |
1254 |
+@@ -128,7 +128,7 @@ static void *ocfs2_fast_follow_link(struct dentry *dentry, |
1255 |
+ } |
1256 |
+ |
1257 |
+ /* Fast symlinks can't be large */ |
1258 |
+- len = strlen(target); |
1259 |
++ len = strnlen(target, ocfs2_fast_symlink_chars(inode->i_sb)); |
1260 |
+ link = kzalloc(len + 1, GFP_NOFS); |
1261 |
+ if (!link) { |
1262 |
+ status = -ENOMEM; |
1263 |
+diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c |
1264 |
+index 899145d..e10ef04 100644 |
1265 |
+--- a/fs/proc/task_mmu.c |
1266 |
++++ b/fs/proc/task_mmu.c |
1267 |
+@@ -220,7 +220,8 @@ static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma) |
1268 |
+ /* We don't show the stack guard page in /proc/maps */ |
1269 |
+ start = vma->vm_start; |
1270 |
+ if (vma->vm_flags & VM_GROWSDOWN) |
1271 |
+- start += PAGE_SIZE; |
1272 |
++ if (!vma_stack_continue(vma->vm_prev, vma->vm_start)) |
1273 |
++ start += PAGE_SIZE; |
1274 |
+ |
1275 |
+ seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu %n", |
1276 |
+ start, |
1277 |
+diff --git a/include/drm/drm_pciids.h b/include/drm/drm_pciids.h |
1278 |
+index 0cbdccc..3d016e9 100644 |
1279 |
+--- a/include/drm/drm_pciids.h |
1280 |
++++ b/include/drm/drm_pciids.h |
1281 |
+@@ -85,7 +85,6 @@ |
1282 |
+ {0x1002, 0x5460, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RV380|RADEON_IS_MOBILITY}, \ |
1283 |
+ {0x1002, 0x5462, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RV380|RADEON_IS_MOBILITY}, \ |
1284 |
+ {0x1002, 0x5464, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RV380|RADEON_IS_MOBILITY}, \ |
1285 |
+- {0x1002, 0x5657, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RV380|RADEON_NEW_MEMMAP}, \ |
1286 |
+ {0x1002, 0x5548, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_R423|RADEON_NEW_MEMMAP}, \ |
1287 |
+ {0x1002, 0x5549, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_R423|RADEON_NEW_MEMMAP}, \ |
1288 |
+ {0x1002, 0x554A, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_R423|RADEON_NEW_MEMMAP}, \ |
1289 |
+@@ -103,6 +102,7 @@ |
1290 |
+ {0x1002, 0x564F, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RV410|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP}, \ |
1291 |
+ {0x1002, 0x5652, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RV410|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP}, \ |
1292 |
+ {0x1002, 0x5653, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RV410|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP}, \ |
1293 |
++ {0x1002, 0x5657, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RV410|RADEON_NEW_MEMMAP}, \ |
1294 |
+ {0x1002, 0x5834, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS300|RADEON_IS_IGP}, \ |
1295 |
+ {0x1002, 0x5835, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS300|RADEON_IS_IGP|RADEON_IS_MOBILITY}, \ |
1296 |
+ {0x1002, 0x5954, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS480|RADEON_IS_IGP|RADEON_IS_MOBILITY|RADEON_IS_IGPGART}, \ |
1297 |
+diff --git a/include/linux/mm.h b/include/linux/mm.h |
1298 |
+index a8d25e4..11e5be6 100644 |
1299 |
+--- a/include/linux/mm.h |
1300 |
++++ b/include/linux/mm.h |
1301 |
+@@ -841,6 +841,12 @@ int set_page_dirty(struct page *page); |
1302 |
+ int set_page_dirty_lock(struct page *page); |
1303 |
+ int clear_page_dirty_for_io(struct page *page); |
1304 |
+ |
1305 |
++/* Is the vma a continuation of the stack vma above it? */ |
1306 |
++static inline int vma_stack_continue(struct vm_area_struct *vma, unsigned long addr) |
1307 |
++{ |
1308 |
++ return vma && (vma->vm_end == addr) && (vma->vm_flags & VM_GROWSDOWN); |
1309 |
++} |
1310 |
++ |
1311 |
+ extern unsigned long move_page_tables(struct vm_area_struct *vma, |
1312 |
+ unsigned long old_addr, struct vm_area_struct *new_vma, |
1313 |
+ unsigned long new_addr, unsigned long len); |
1314 |
+diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h |
1315 |
+index 67325bf..07ed684 100644 |
1316 |
+--- a/include/linux/pci_ids.h |
1317 |
++++ b/include/linux/pci_ids.h |
1318 |
+@@ -393,6 +393,9 @@ |
1319 |
+ #define PCI_DEVICE_ID_VLSI_82C147 0x0105 |
1320 |
+ #define PCI_DEVICE_ID_VLSI_VAS96011 0x0702 |
1321 |
+ |
1322 |
++/* AMD RD890 Chipset */ |
1323 |
++#define PCI_DEVICE_ID_RD890_IOMMU 0x5a23 |
1324 |
++ |
1325 |
+ #define PCI_VENDOR_ID_ADL 0x1005 |
1326 |
+ #define PCI_DEVICE_ID_ADL_2301 0x2301 |
1327 |
+ |
1328 |
+diff --git a/include/linux/socket.h b/include/linux/socket.h |
1329 |
+index 3273a0c..9464cfb 100644 |
1330 |
+--- a/include/linux/socket.h |
1331 |
++++ b/include/linux/socket.h |
1332 |
+@@ -304,7 +304,7 @@ extern int csum_partial_copy_fromiovecend(unsigned char *kdata, |
1333 |
+ int offset, |
1334 |
+ unsigned int len, __wsum *csump); |
1335 |
+ |
1336 |
+-extern int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode); |
1337 |
++extern long verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode); |
1338 |
+ extern int memcpy_toiovec(struct iovec *v, unsigned char *kdata, int len); |
1339 |
+ extern int memcpy_toiovecend(const struct iovec *v, unsigned char *kdata, |
1340 |
+ int offset, int len); |
1341 |
+diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c |
1342 |
+index 931a4d9..a6e9d00 100644 |
1343 |
+--- a/kernel/hrtimer.c |
1344 |
++++ b/kernel/hrtimer.c |
1345 |
+@@ -920,6 +920,7 @@ static inline int |
1346 |
+ remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base) |
1347 |
+ { |
1348 |
+ if (hrtimer_is_queued(timer)) { |
1349 |
++ unsigned long state; |
1350 |
+ int reprogram; |
1351 |
+ |
1352 |
+ /* |
1353 |
+@@ -933,8 +934,13 @@ remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base) |
1354 |
+ debug_deactivate(timer); |
1355 |
+ timer_stats_hrtimer_clear_start_info(timer); |
1356 |
+ reprogram = base->cpu_base == &__get_cpu_var(hrtimer_bases); |
1357 |
+- __remove_hrtimer(timer, base, HRTIMER_STATE_INACTIVE, |
1358 |
+- reprogram); |
1359 |
++ /* |
1360 |
++ * We must preserve the CALLBACK state flag here, |
1361 |
++ * otherwise we could move the timer base in |
1362 |
++ * switch_hrtimer_base. |
1363 |
++ */ |
1364 |
++ state = timer->state & HRTIMER_STATE_CALLBACK; |
1365 |
++ __remove_hrtimer(timer, base, state, reprogram); |
1366 |
+ return 1; |
1367 |
+ } |
1368 |
+ return 0; |
1369 |
+@@ -1221,6 +1227,9 @@ static void __run_hrtimer(struct hrtimer *timer, ktime_t *now) |
1370 |
+ BUG_ON(timer->state != HRTIMER_STATE_CALLBACK); |
1371 |
+ enqueue_hrtimer(timer, base); |
1372 |
+ } |
1373 |
++ |
1374 |
++ WARN_ON_ONCE(!(timer->state & HRTIMER_STATE_CALLBACK)); |
1375 |
++ |
1376 |
+ timer->state &= ~HRTIMER_STATE_CALLBACK; |
1377 |
+ } |
1378 |
+ |
1379 |
+diff --git a/kernel/sched.c b/kernel/sched.c |
1380 |
+index 3480822..a675fd6 100644 |
1381 |
+--- a/kernel/sched.c |
1382 |
++++ b/kernel/sched.c |
1383 |
+@@ -7752,10 +7752,9 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu) |
1384 |
+ unsigned long flags; |
1385 |
+ struct rq *rq; |
1386 |
+ |
1387 |
+- switch (action) { |
1388 |
++ switch (action & ~CPU_TASKS_FROZEN) { |
1389 |
+ |
1390 |
+ case CPU_UP_PREPARE: |
1391 |
+- case CPU_UP_PREPARE_FROZEN: |
1392 |
+ p = kthread_create(migration_thread, hcpu, "migration/%d", cpu); |
1393 |
+ if (IS_ERR(p)) |
1394 |
+ return NOTIFY_BAD; |
1395 |
+@@ -7770,7 +7769,6 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu) |
1396 |
+ break; |
1397 |
+ |
1398 |
+ case CPU_ONLINE: |
1399 |
+- case CPU_ONLINE_FROZEN: |
1400 |
+ /* Strictly unnecessary, as first user will wake it. */ |
1401 |
+ wake_up_process(cpu_rq(cpu)->migration_thread); |
1402 |
+ |
1403 |
+@@ -7787,7 +7785,6 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu) |
1404 |
+ |
1405 |
+ #ifdef CONFIG_HOTPLUG_CPU |
1406 |
+ case CPU_UP_CANCELED: |
1407 |
+- case CPU_UP_CANCELED_FROZEN: |
1408 |
+ if (!cpu_rq(cpu)->migration_thread) |
1409 |
+ break; |
1410 |
+ /* Unbind it from offline cpu so it can run. Fall thru. */ |
1411 |
+@@ -7812,7 +7809,6 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu) |
1412 |
+ break; |
1413 |
+ |
1414 |
+ case CPU_DEAD: |
1415 |
+- case CPU_DEAD_FROZEN: |
1416 |
+ migrate_live_tasks(cpu); |
1417 |
+ rq = cpu_rq(cpu); |
1418 |
+ /* Idle task back to normal (off runqueue, low prio) */ |
1419 |
+@@ -7846,7 +7842,6 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu) |
1420 |
+ break; |
1421 |
+ |
1422 |
+ case CPU_DYING: |
1423 |
+- case CPU_DYING_FROZEN: |
1424 |
+ /* Update our root-domain */ |
1425 |
+ rq = cpu_rq(cpu); |
1426 |
+ spin_lock_irqsave(&rq->lock, flags); |
1427 |
+diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c |
1428 |
+index c88b21c..e749a05 100644 |
1429 |
+--- a/kernel/trace/ring_buffer.c |
1430 |
++++ b/kernel/trace/ring_buffer.c |
1431 |
+@@ -389,7 +389,7 @@ static inline int test_time_stamp(u64 delta) |
1432 |
+ #define BUF_MAX_DATA_SIZE (BUF_PAGE_SIZE - (sizeof(u32) * 2)) |
1433 |
+ |
1434 |
+ /* Max number of timestamps that can fit on a page */ |
1435 |
+-#define RB_TIMESTAMPS_PER_PAGE (BUF_PAGE_SIZE / RB_LEN_TIME_STAMP) |
1436 |
++#define RB_TIMESTAMPS_PER_PAGE (BUF_PAGE_SIZE / RB_LEN_TIME_EXTEND) |
1437 |
+ |
1438 |
+ int ring_buffer_print_page_header(struct trace_seq *s) |
1439 |
+ { |
1440 |
+diff --git a/mm/mlock.c b/mm/mlock.c |
1441 |
+index 380ea89..2d846cf 100644 |
1442 |
+--- a/mm/mlock.c |
1443 |
++++ b/mm/mlock.c |
1444 |
+@@ -138,12 +138,6 @@ void munlock_vma_page(struct page *page) |
1445 |
+ } |
1446 |
+ } |
1447 |
+ |
1448 |
+-/* Is the vma a continuation of the stack vma above it? */ |
1449 |
+-static inline int vma_stack_continue(struct vm_area_struct *vma, unsigned long addr) |
1450 |
+-{ |
1451 |
+- return vma && (vma->vm_end == addr) && (vma->vm_flags & VM_GROWSDOWN); |
1452 |
+-} |
1453 |
+- |
1454 |
+ static inline int stack_guard_page(struct vm_area_struct *vma, unsigned long addr) |
1455 |
+ { |
1456 |
+ return (vma->vm_flags & VM_GROWSDOWN) && |
1457 |
+diff --git a/net/core/ethtool.c b/net/core/ethtool.c |
1458 |
+index 5aef51e..450862e 100644 |
1459 |
+--- a/net/core/ethtool.c |
1460 |
++++ b/net/core/ethtool.c |
1461 |
+@@ -311,7 +311,7 @@ static int ethtool_get_regs(struct net_device *dev, char __user *useraddr) |
1462 |
+ if (regs.len > reglen) |
1463 |
+ regs.len = reglen; |
1464 |
+ |
1465 |
+- regbuf = kmalloc(reglen, GFP_USER); |
1466 |
++ regbuf = kzalloc(reglen, GFP_USER); |
1467 |
+ if (!regbuf) |
1468 |
+ return -ENOMEM; |
1469 |
+ |
1470 |
+diff --git a/net/core/iovec.c b/net/core/iovec.c |
1471 |
+index 16ad45d..8cee101 100644 |
1472 |
+--- a/net/core/iovec.c |
1473 |
++++ b/net/core/iovec.c |
1474 |
+@@ -36,9 +36,10 @@ |
1475 |
+ * in any case. |
1476 |
+ */ |
1477 |
+ |
1478 |
+-int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode) |
1479 |
++long verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode) |
1480 |
+ { |
1481 |
+- int size, err, ct; |
1482 |
++ int size, ct; |
1483 |
++ long err; |
1484 |
+ |
1485 |
+ if (m->msg_namelen) { |
1486 |
+ if (mode == VERIFY_READ) { |
1487 |
+diff --git a/net/core/stream.c b/net/core/stream.c |
1488 |
+index a37debf..e48c85f 100644 |
1489 |
+--- a/net/core/stream.c |
1490 |
++++ b/net/core/stream.c |
1491 |
+@@ -140,10 +140,10 @@ int sk_stream_wait_memory(struct sock *sk, long *timeo_p) |
1492 |
+ |
1493 |
+ set_bit(SOCK_NOSPACE, &sk->sk_socket->flags); |
1494 |
+ sk->sk_write_pending++; |
1495 |
+- sk_wait_event(sk, ¤t_timeo, !sk->sk_err && |
1496 |
+- !(sk->sk_shutdown & SEND_SHUTDOWN) && |
1497 |
+- sk_stream_memory_free(sk) && |
1498 |
+- vm_wait); |
1499 |
++ sk_wait_event(sk, ¤t_timeo, sk->sk_err || |
1500 |
++ (sk->sk_shutdown & SEND_SHUTDOWN) || |
1501 |
++ (sk_stream_memory_free(sk) && |
1502 |
++ !vm_wait)); |
1503 |
+ sk->sk_write_pending--; |
1504 |
+ |
1505 |
+ if (vm_wait) { |
1506 |
+diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c |
1507 |
+index 4d50daa..2ef9026 100644 |
1508 |
+--- a/net/ipv4/ip_output.c |
1509 |
++++ b/net/ipv4/ip_output.c |
1510 |
+@@ -476,9 +476,8 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) |
1511 |
+ * we can switch to copy when see the first bad fragment. |
1512 |
+ */ |
1513 |
+ if (skb_has_frags(skb)) { |
1514 |
+- struct sk_buff *frag; |
1515 |
++ struct sk_buff *frag, *frag2; |
1516 |
+ int first_len = skb_pagelen(skb); |
1517 |
+- int truesizes = 0; |
1518 |
+ |
1519 |
+ if (first_len - hlen > mtu || |
1520 |
+ ((first_len - hlen) & 7) || |
1521 |
+@@ -491,18 +490,18 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) |
1522 |
+ if (frag->len > mtu || |
1523 |
+ ((frag->len & 7) && frag->next) || |
1524 |
+ skb_headroom(frag) < hlen) |
1525 |
+- goto slow_path; |
1526 |
++ goto slow_path_clean; |
1527 |
+ |
1528 |
+ /* Partially cloned skb? */ |
1529 |
+ if (skb_shared(frag)) |
1530 |
+- goto slow_path; |
1531 |
++ goto slow_path_clean; |
1532 |
+ |
1533 |
+ BUG_ON(frag->sk); |
1534 |
+ if (skb->sk) { |
1535 |
+ frag->sk = skb->sk; |
1536 |
+ frag->destructor = sock_wfree; |
1537 |
+ } |
1538 |
+- truesizes += frag->truesize; |
1539 |
++ skb->truesize -= frag->truesize; |
1540 |
+ } |
1541 |
+ |
1542 |
+ /* Everything is OK. Generate! */ |
1543 |
+@@ -512,7 +511,6 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) |
1544 |
+ frag = skb_shinfo(skb)->frag_list; |
1545 |
+ skb_frag_list_init(skb); |
1546 |
+ skb->data_len = first_len - skb_headlen(skb); |
1547 |
+- skb->truesize -= truesizes; |
1548 |
+ skb->len = first_len; |
1549 |
+ iph->tot_len = htons(first_len); |
1550 |
+ iph->frag_off = htons(IP_MF); |
1551 |
+@@ -564,6 +562,15 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) |
1552 |
+ } |
1553 |
+ IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGFAILS); |
1554 |
+ return err; |
1555 |
++ |
1556 |
++slow_path_clean: |
1557 |
++ skb_walk_frags(skb, frag2) { |
1558 |
++ if (frag2 == frag) |
1559 |
++ break; |
1560 |
++ frag2->sk = NULL; |
1561 |
++ frag2->destructor = NULL; |
1562 |
++ skb->truesize += frag2->truesize; |
1563 |
++ } |
1564 |
+ } |
1565 |
+ |
1566 |
+ slow_path: |
1567 |
+diff --git a/net/ipv4/route.c b/net/ipv4/route.c |
1568 |
+index 5b1050a..6c8f6c9 100644 |
1569 |
+--- a/net/ipv4/route.c |
1570 |
++++ b/net/ipv4/route.c |
1571 |
+@@ -2712,6 +2712,11 @@ slow_output: |
1572 |
+ |
1573 |
+ EXPORT_SYMBOL_GPL(__ip_route_output_key); |
1574 |
+ |
1575 |
++static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 cookie) |
1576 |
++{ |
1577 |
++ return NULL; |
1578 |
++} |
1579 |
++ |
1580 |
+ static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, u32 mtu) |
1581 |
+ { |
1582 |
+ } |
1583 |
+@@ -2720,7 +2725,7 @@ static struct dst_ops ipv4_dst_blackhole_ops = { |
1584 |
+ .family = AF_INET, |
1585 |
+ .protocol = cpu_to_be16(ETH_P_IP), |
1586 |
+ .destroy = ipv4_dst_destroy, |
1587 |
+- .check = ipv4_dst_check, |
1588 |
++ .check = ipv4_blackhole_dst_check, |
1589 |
+ .update_pmtu = ipv4_rt_blackhole_update_pmtu, |
1590 |
+ .entries = ATOMIC_INIT(0), |
1591 |
+ }; |
1592 |
+diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c |
1593 |
+index 108fad0..4678308 100644 |
1594 |
+--- a/net/ipv4/tcp.c |
1595 |
++++ b/net/ipv4/tcp.c |
1596 |
+@@ -386,8 +386,6 @@ unsigned int tcp_poll(struct file *file, struct socket *sock, poll_table *wait) |
1597 |
+ */ |
1598 |
+ |
1599 |
+ mask = 0; |
1600 |
+- if (sk->sk_err) |
1601 |
+- mask = POLLERR; |
1602 |
+ |
1603 |
+ /* |
1604 |
+ * POLLHUP is certainly not done right. But poll() doesn't |
1605 |
+@@ -457,6 +455,11 @@ unsigned int tcp_poll(struct file *file, struct socket *sock, poll_table *wait) |
1606 |
+ if (tp->urg_data & TCP_URG_VALID) |
1607 |
+ mask |= POLLPRI; |
1608 |
+ } |
1609 |
++ /* This barrier is coupled with smp_wmb() in tcp_reset() */ |
1610 |
++ smp_rmb(); |
1611 |
++ if (sk->sk_err) |
1612 |
++ mask |= POLLERR; |
1613 |
++ |
1614 |
+ return mask; |
1615 |
+ } |
1616 |
+ |
1617 |
+@@ -935,7 +938,7 @@ int tcp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, |
1618 |
+ goto out_err; |
1619 |
+ |
1620 |
+ while (--iovlen >= 0) { |
1621 |
+- int seglen = iov->iov_len; |
1622 |
++ size_t seglen = iov->iov_len; |
1623 |
+ unsigned char __user *from = iov->iov_base; |
1624 |
+ |
1625 |
+ iov++; |
1626 |
+diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c |
1627 |
+index 2433bcd..ce1ce82 100644 |
1628 |
+--- a/net/ipv4/tcp_input.c |
1629 |
++++ b/net/ipv4/tcp_input.c |
1630 |
+@@ -3969,6 +3969,8 @@ static void tcp_reset(struct sock *sk) |
1631 |
+ default: |
1632 |
+ sk->sk_err = ECONNRESET; |
1633 |
+ } |
1634 |
++ /* This barrier is coupled with smp_rmb() in tcp_poll() */ |
1635 |
++ smp_wmb(); |
1636 |
+ |
1637 |
+ if (!sock_flag(sk, SOCK_DEAD)) |
1638 |
+ sk->sk_error_report(sk); |
1639 |
+diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c |
1640 |
+index 74fb2eb..e3a9a65 100644 |
1641 |
+--- a/net/ipv4/xfrm4_policy.c |
1642 |
++++ b/net/ipv4/xfrm4_policy.c |
1643 |
+@@ -71,7 +71,7 @@ __xfrm4_find_bundle(struct flowi *fl, struct xfrm_policy *policy) |
1644 |
+ if (xdst->u.rt.fl.oif == fl->oif && /*XXX*/ |
1645 |
+ xdst->u.rt.fl.fl4_dst == fl->fl4_dst && |
1646 |
+ xdst->u.rt.fl.fl4_src == fl->fl4_src && |
1647 |
+- xdst->u.rt.fl.fl4_tos == fl->fl4_tos && |
1648 |
++ !((xdst->u.rt.fl.fl4_tos ^ fl->fl4_tos) & IPTOS_RT_MASK) && |
1649 |
+ xfrm_bundle_ok(policy, xdst, fl, AF_INET, 0)) { |
1650 |
+ dst_clone(dst); |
1651 |
+ break; |
1652 |
+@@ -83,7 +83,7 @@ __xfrm4_find_bundle(struct flowi *fl, struct xfrm_policy *policy) |
1653 |
+ |
1654 |
+ static int xfrm4_get_tos(struct flowi *fl) |
1655 |
+ { |
1656 |
+- return fl->fl4_tos; |
1657 |
++ return IPTOS_RT_MASK & fl->fl4_tos; /* Strip ECN bits */ |
1658 |
+ } |
1659 |
+ |
1660 |
+ static int xfrm4_init_path(struct xfrm_dst *path, struct dst_entry *dst, |
1661 |
+diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c |
1662 |
+index cd48801..eca3ef7 100644 |
1663 |
+--- a/net/ipv6/ip6_output.c |
1664 |
++++ b/net/ipv6/ip6_output.c |
1665 |
+@@ -643,7 +643,7 @@ static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) |
1666 |
+ |
1667 |
+ if (skb_has_frags(skb)) { |
1668 |
+ int first_len = skb_pagelen(skb); |
1669 |
+- int truesizes = 0; |
1670 |
++ struct sk_buff *frag2; |
1671 |
+ |
1672 |
+ if (first_len - hlen > mtu || |
1673 |
+ ((first_len - hlen) & 7) || |
1674 |
+@@ -655,18 +655,18 @@ static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) |
1675 |
+ if (frag->len > mtu || |
1676 |
+ ((frag->len & 7) && frag->next) || |
1677 |
+ skb_headroom(frag) < hlen) |
1678 |
+- goto slow_path; |
1679 |
++ goto slow_path_clean; |
1680 |
+ |
1681 |
+ /* Partially cloned skb? */ |
1682 |
+ if (skb_shared(frag)) |
1683 |
+- goto slow_path; |
1684 |
++ goto slow_path_clean; |
1685 |
+ |
1686 |
+ BUG_ON(frag->sk); |
1687 |
+ if (skb->sk) { |
1688 |
+ frag->sk = skb->sk; |
1689 |
+ frag->destructor = sock_wfree; |
1690 |
+- truesizes += frag->truesize; |
1691 |
+ } |
1692 |
++ skb->truesize -= frag->truesize; |
1693 |
+ } |
1694 |
+ |
1695 |
+ err = 0; |
1696 |
+@@ -697,7 +697,6 @@ static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) |
1697 |
+ |
1698 |
+ first_len = skb_pagelen(skb); |
1699 |
+ skb->data_len = first_len - skb_headlen(skb); |
1700 |
+- skb->truesize -= truesizes; |
1701 |
+ skb->len = first_len; |
1702 |
+ ipv6_hdr(skb)->payload_len = htons(first_len - |
1703 |
+ sizeof(struct ipv6hdr)); |
1704 |
+@@ -760,6 +759,15 @@ static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) |
1705 |
+ IPSTATS_MIB_FRAGFAILS); |
1706 |
+ dst_release(&rt->u.dst); |
1707 |
+ return err; |
1708 |
++ |
1709 |
++slow_path_clean: |
1710 |
++ skb_walk_frags(skb, frag2) { |
1711 |
++ if (frag2 == frag) |
1712 |
++ break; |
1713 |
++ frag2->sk = NULL; |
1714 |
++ frag2->destructor = NULL; |
1715 |
++ skb->truesize += frag2->truesize; |
1716 |
++ } |
1717 |
+ } |
1718 |
+ |
1719 |
+ slow_path: |
1720 |
+diff --git a/net/ipv6/route.c b/net/ipv6/route.c |
1721 |
+index d6fe764..e307517 100644 |
1722 |
+--- a/net/ipv6/route.c |
1723 |
++++ b/net/ipv6/route.c |
1724 |
+@@ -1561,14 +1561,13 @@ out: |
1725 |
+ * i.e. Path MTU discovery |
1726 |
+ */ |
1727 |
+ |
1728 |
+-void rt6_pmtu_discovery(struct in6_addr *daddr, struct in6_addr *saddr, |
1729 |
+- struct net_device *dev, u32 pmtu) |
1730 |
++static void rt6_do_pmtu_disc(struct in6_addr *daddr, struct in6_addr *saddr, |
1731 |
++ struct net *net, u32 pmtu, int ifindex) |
1732 |
+ { |
1733 |
+ struct rt6_info *rt, *nrt; |
1734 |
+- struct net *net = dev_net(dev); |
1735 |
+ int allfrag = 0; |
1736 |
+ |
1737 |
+- rt = rt6_lookup(net, daddr, saddr, dev->ifindex, 0); |
1738 |
++ rt = rt6_lookup(net, daddr, saddr, ifindex, 0); |
1739 |
+ if (rt == NULL) |
1740 |
+ return; |
1741 |
+ |
1742 |
+@@ -1636,6 +1635,27 @@ out: |
1743 |
+ dst_release(&rt->u.dst); |
1744 |
+ } |
1745 |
+ |
1746 |
++void rt6_pmtu_discovery(struct in6_addr *daddr, struct in6_addr *saddr, |
1747 |
++ struct net_device *dev, u32 pmtu) |
1748 |
++{ |
1749 |
++ struct net *net = dev_net(dev); |
1750 |
++ |
1751 |
++ /* |
1752 |
++ * RFC 1981 states that a node "MUST reduce the size of the packets it |
1753 |
++ * is sending along the path" that caused the Packet Too Big message. |
1754 |
++ * Since it's not possible in the general case to determine which |
1755 |
++ * interface was used to send the original packet, we update the MTU |
1756 |
++ * on the interface that will be used to send future packets. We also |
1757 |
++ * update the MTU on the interface that received the Packet Too Big in |
1758 |
++ * case the original packet was forced out that interface with |
1759 |
++ * SO_BINDTODEVICE or similar. This is the next best thing to the |
1760 |
++ * correct behaviour, which would be to update the MTU on all |
1761 |
++ * interfaces. |
1762 |
++ */ |
1763 |
++ rt6_do_pmtu_disc(daddr, saddr, net, pmtu, 0); |
1764 |
++ rt6_do_pmtu_disc(daddr, saddr, net, pmtu, dev->ifindex); |
1765 |
++} |
1766 |
++ |
1767 |
+ /* |
1768 |
+ * Misc support functions |
1769 |
+ */ |
1770 |
+diff --git a/net/phonet/af_phonet.c b/net/phonet/af_phonet.c |
1771 |
+index f60c0c2..519ff9d 100644 |
1772 |
+--- a/net/phonet/af_phonet.c |
1773 |
++++ b/net/phonet/af_phonet.c |
1774 |
+@@ -67,6 +67,8 @@ static int pn_socket_create(struct net *net, struct socket *sock, int protocol) |
1775 |
+ struct phonet_protocol *pnp; |
1776 |
+ int err; |
1777 |
+ |
1778 |
++ if (!net_eq(net, &init_net)) |
1779 |
++ return -EAFNOSUPPORT; |
1780 |
+ if (!capable(CAP_SYS_ADMIN)) |
1781 |
+ return -EPERM; |
1782 |
+ |
1783 |
+@@ -353,6 +355,8 @@ static int phonet_rcv(struct sk_buff *skb, struct net_device *dev, |
1784 |
+ struct sockaddr_pn sa; |
1785 |
+ u16 len; |
1786 |
+ |
1787 |
++ if (!net_eq(net, &init_net)) |
1788 |
++ goto out; |
1789 |
+ /* check we have at least a full Phonet header */ |
1790 |
+ if (!pskb_pull(skb, sizeof(struct phonethdr))) |
1791 |
+ goto out; |
1792 |
+diff --git a/net/phonet/pep.c b/net/phonet/pep.c |
1793 |
+index 5f32d21..9cdd35e 100644 |
1794 |
+--- a/net/phonet/pep.c |
1795 |
++++ b/net/phonet/pep.c |
1796 |
+@@ -224,12 +224,13 @@ static void pipe_grant_credits(struct sock *sk) |
1797 |
+ static int pipe_rcv_status(struct sock *sk, struct sk_buff *skb) |
1798 |
+ { |
1799 |
+ struct pep_sock *pn = pep_sk(sk); |
1800 |
+- struct pnpipehdr *hdr = pnp_hdr(skb); |
1801 |
++ struct pnpipehdr *hdr; |
1802 |
+ int wake = 0; |
1803 |
+ |
1804 |
+ if (!pskb_may_pull(skb, sizeof(*hdr) + 4)) |
1805 |
+ return -EINVAL; |
1806 |
+ |
1807 |
++ hdr = pnp_hdr(skb); |
1808 |
+ if (hdr->data[0] != PN_PEP_TYPE_COMMON) { |
1809 |
+ LIMIT_NETDEBUG(KERN_DEBUG"Phonet unknown PEP type: %u\n", |
1810 |
+ (unsigned)hdr->data[0]); |
1811 |
+diff --git a/net/phonet/pn_dev.c b/net/phonet/pn_dev.c |
1812 |
+index 5f42f30..5a2275c 100644 |
1813 |
+--- a/net/phonet/pn_dev.c |
1814 |
++++ b/net/phonet/pn_dev.c |
1815 |
+@@ -246,7 +246,11 @@ static struct notifier_block phonet_device_notifier = { |
1816 |
+ /* Per-namespace Phonet devices handling */ |
1817 |
+ static int phonet_init_net(struct net *net) |
1818 |
+ { |
1819 |
+- struct phonet_net *pnn = kmalloc(sizeof(*pnn), GFP_KERNEL); |
1820 |
++ struct phonet_net *pnn; |
1821 |
++ |
1822 |
++ if (!net_eq(net, &init_net)) |
1823 |
++ return 0; |
1824 |
++ pnn = kmalloc(sizeof(*pnn), GFP_KERNEL); |
1825 |
+ if (!pnn) |
1826 |
+ return -ENOMEM; |
1827 |
+ |
1828 |
+@@ -263,9 +267,13 @@ static int phonet_init_net(struct net *net) |
1829 |
+ |
1830 |
+ static void phonet_exit_net(struct net *net) |
1831 |
+ { |
1832 |
+- struct phonet_net *pnn = net_generic(net, phonet_net_id); |
1833 |
++ struct phonet_net *pnn; |
1834 |
+ struct net_device *dev; |
1835 |
+ |
1836 |
++ if (!net_eq(net, &init_net)) |
1837 |
++ return; |
1838 |
++ pnn = net_generic(net, phonet_net_id); |
1839 |
++ |
1840 |
+ rtnl_lock(); |
1841 |
+ for_each_netdev(net, dev) |
1842 |
+ phonet_device_destroy(dev); |
1843 |
+diff --git a/net/phonet/pn_netlink.c b/net/phonet/pn_netlink.c |
1844 |
+index d21fd35..7acab1e 100644 |
1845 |
+--- a/net/phonet/pn_netlink.c |
1846 |
++++ b/net/phonet/pn_netlink.c |
1847 |
+@@ -68,6 +68,8 @@ static int addr_doit(struct sk_buff *skb, struct nlmsghdr *nlh, void *attr) |
1848 |
+ int err; |
1849 |
+ u8 pnaddr; |
1850 |
+ |
1851 |
++ if (!net_eq(net, &init_net)) |
1852 |
++ return -EOPNOTSUPP; |
1853 |
+ if (!capable(CAP_SYS_ADMIN)) |
1854 |
+ return -EPERM; |
1855 |
+ |
1856 |
+@@ -124,12 +126,16 @@ nla_put_failure: |
1857 |
+ |
1858 |
+ static int getaddr_dumpit(struct sk_buff *skb, struct netlink_callback *cb) |
1859 |
+ { |
1860 |
++ struct net *net = sock_net(skb->sk); |
1861 |
+ struct phonet_device_list *pndevs; |
1862 |
+ struct phonet_device *pnd; |
1863 |
+ int dev_idx = 0, dev_start_idx = cb->args[0]; |
1864 |
+ int addr_idx = 0, addr_start_idx = cb->args[1]; |
1865 |
+ |
1866 |
+- pndevs = phonet_device_list(sock_net(skb->sk)); |
1867 |
++ if (!net_eq(net, &init_net)) |
1868 |
++ goto skip; |
1869 |
++ |
1870 |
++ pndevs = phonet_device_list(net); |
1871 |
+ spin_lock_bh(&pndevs->lock); |
1872 |
+ list_for_each_entry(pnd, &pndevs->list, list) { |
1873 |
+ u8 addr; |
1874 |
+@@ -154,6 +160,7 @@ static int getaddr_dumpit(struct sk_buff *skb, struct netlink_callback *cb) |
1875 |
+ |
1876 |
+ out: |
1877 |
+ spin_unlock_bh(&pndevs->lock); |
1878 |
++skip: |
1879 |
+ cb->args[0] = dev_idx; |
1880 |
+ cb->args[1] = addr_idx; |
1881 |
+ |
1882 |
+diff --git a/net/rds/page.c b/net/rds/page.c |
1883 |
+index 3679012..b442a48 100644 |
1884 |
+--- a/net/rds/page.c |
1885 |
++++ b/net/rds/page.c |
1886 |
+@@ -56,30 +56,17 @@ int rds_page_copy_user(struct page *page, unsigned long offset, |
1887 |
+ unsigned long ret; |
1888 |
+ void *addr; |
1889 |
+ |
1890 |
+- if (to_user) |
1891 |
++ addr = kmap(page); |
1892 |
++ if (to_user) { |
1893 |
+ rds_stats_add(s_copy_to_user, bytes); |
1894 |
+- else |
1895 |
++ ret = copy_to_user(ptr, addr + offset, bytes); |
1896 |
++ } else { |
1897 |
+ rds_stats_add(s_copy_from_user, bytes); |
1898 |
+- |
1899 |
+- addr = kmap_atomic(page, KM_USER0); |
1900 |
+- if (to_user) |
1901 |
+- ret = __copy_to_user_inatomic(ptr, addr + offset, bytes); |
1902 |
+- else |
1903 |
+- ret = __copy_from_user_inatomic(addr + offset, ptr, bytes); |
1904 |
+- kunmap_atomic(addr, KM_USER0); |
1905 |
+- |
1906 |
+- if (ret) { |
1907 |
+- addr = kmap(page); |
1908 |
+- if (to_user) |
1909 |
+- ret = copy_to_user(ptr, addr + offset, bytes); |
1910 |
+- else |
1911 |
+- ret = copy_from_user(addr + offset, ptr, bytes); |
1912 |
+- kunmap(page); |
1913 |
+- if (ret) |
1914 |
+- return -EFAULT; |
1915 |
++ ret = copy_from_user(addr + offset, ptr, bytes); |
1916 |
+ } |
1917 |
++ kunmap(page); |
1918 |
+ |
1919 |
+- return 0; |
1920 |
++ return ret ? -EFAULT : 0; |
1921 |
+ } |
1922 |
+ EXPORT_SYMBOL_GPL(rds_page_copy_user); |
1923 |
+ |
1924 |
+diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c |
1925 |
+index 502cce7..7d188bc 100644 |
1926 |
+--- a/net/rose/af_rose.c |
1927 |
++++ b/net/rose/af_rose.c |
1928 |
+@@ -677,7 +677,7 @@ static int rose_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) |
1929 |
+ if (addr_len == sizeof(struct sockaddr_rose) && addr->srose_ndigis > 1) |
1930 |
+ return -EINVAL; |
1931 |
+ |
1932 |
+- if (addr->srose_ndigis > ROSE_MAX_DIGIS) |
1933 |
++ if ((unsigned int) addr->srose_ndigis > ROSE_MAX_DIGIS) |
1934 |
+ return -EINVAL; |
1935 |
+ |
1936 |
+ if ((dev = rose_dev_get(&addr->srose_addr)) == NULL) { |
1937 |
+@@ -737,7 +737,7 @@ static int rose_connect(struct socket *sock, struct sockaddr *uaddr, int addr_le |
1938 |
+ if (addr_len == sizeof(struct sockaddr_rose) && addr->srose_ndigis > 1) |
1939 |
+ return -EINVAL; |
1940 |
+ |
1941 |
+- if (addr->srose_ndigis > ROSE_MAX_DIGIS) |
1942 |
++ if ((unsigned int) addr->srose_ndigis > ROSE_MAX_DIGIS) |
1943 |
+ return -EINVAL; |
1944 |
+ |
1945 |
+ /* Source + Destination digis should not exceed ROSE_MAX_DIGIS */ |
1946 |
+diff --git a/net/wireless/wext.c b/net/wireless/wext.c |
1947 |
+index fddcf9c..a2e4c60 100644 |
1948 |
+--- a/net/wireless/wext.c |
1949 |
++++ b/net/wireless/wext.c |
1950 |
+@@ -1029,7 +1029,7 @@ static int ioctl_private_iw_point(struct iw_point *iwp, unsigned int cmd, |
1951 |
+ } else if (!iwp->pointer) |
1952 |
+ return -EFAULT; |
1953 |
+ |
1954 |
+- extra = kmalloc(extra_size, GFP_KERNEL); |
1955 |
++ extra = kzalloc(extra_size, GFP_KERNEL); |
1956 |
+ if (!extra) |
1957 |
+ return -ENOMEM; |
1958 |
+ |
1959 |
+diff --git a/sound/core/control.c b/sound/core/control.c |
1960 |
+index a8b7fab..7834a54 100644 |
1961 |
+--- a/sound/core/control.c |
1962 |
++++ b/sound/core/control.c |
1963 |
+@@ -31,6 +31,7 @@ |
1964 |
+ |
1965 |
+ /* max number of user-defined controls */ |
1966 |
+ #define MAX_USER_CONTROLS 32 |
1967 |
++#define MAX_CONTROL_COUNT 1028 |
1968 |
+ |
1969 |
+ struct snd_kctl_ioctl { |
1970 |
+ struct list_head list; /* list of all ioctls */ |
1971 |
+@@ -190,6 +191,10 @@ static struct snd_kcontrol *snd_ctl_new(struct snd_kcontrol *control, |
1972 |
+ |
1973 |
+ if (snd_BUG_ON(!control || !control->count)) |
1974 |
+ return NULL; |
1975 |
++ |
1976 |
++ if (control->count > MAX_CONTROL_COUNT) |
1977 |
++ return NULL; |
1978 |
++ |
1979 |
+ kctl = kzalloc(sizeof(*kctl) + sizeof(struct snd_kcontrol_volatile) * control->count, GFP_KERNEL); |
1980 |
+ if (kctl == NULL) { |
1981 |
+ snd_printk(KERN_ERR "Cannot allocate control instance\n"); |
1982 |
+diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c |
1983 |
+index 70d6f25..e4c12a1 100644 |
1984 |
+--- a/sound/core/rawmidi.c |
1985 |
++++ b/sound/core/rawmidi.c |
1986 |
+@@ -530,13 +530,15 @@ static int snd_rawmidi_release(struct inode *inode, struct file *file) |
1987 |
+ { |
1988 |
+ struct snd_rawmidi_file *rfile; |
1989 |
+ struct snd_rawmidi *rmidi; |
1990 |
++ struct module *module; |
1991 |
+ |
1992 |
+ rfile = file->private_data; |
1993 |
+ rmidi = rfile->rmidi; |
1994 |
+ rawmidi_release_priv(rfile); |
1995 |
+ kfree(rfile); |
1996 |
++ module = rmidi->card->module; |
1997 |
+ snd_card_file_remove(rmidi->card, file); |
1998 |
+- module_put(rmidi->card->module); |
1999 |
++ module_put(module); |
2000 |
+ return 0; |
2001 |
+ } |
2002 |
+ |
2003 |
+diff --git a/sound/pci/hda/patch_analog.c b/sound/pci/hda/patch_analog.c |
2004 |
+index bd0794e..3736bc4 100644 |
2005 |
+--- a/sound/pci/hda/patch_analog.c |
2006 |
++++ b/sound/pci/hda/patch_analog.c |
2007 |
+@@ -3510,6 +3510,7 @@ static struct snd_pci_quirk ad1984_cfg_tbl[] = { |
2008 |
+ /* Lenovo Thinkpad T61/X61 */ |
2009 |
+ SND_PCI_QUIRK_VENDOR(0x17aa, "Lenovo Thinkpad", AD1984_THINKPAD), |
2010 |
+ SND_PCI_QUIRK(0x1028, 0x0214, "Dell T3400", AD1984_DELL_DESKTOP), |
2011 |
++ SND_PCI_QUIRK(0x1028, 0x0233, "Dell Latitude E6400", AD1984_DELL_DESKTOP), |
2012 |
+ {} |
2013 |
+ }; |
2014 |
+ |
2015 |
+diff --git a/sound/pci/oxygen/oxygen.c b/sound/pci/oxygen/oxygen.c |
2016 |
+index 72db4c3..6811433 100644 |
2017 |
+--- a/sound/pci/oxygen/oxygen.c |
2018 |
++++ b/sound/pci/oxygen/oxygen.c |
2019 |
+@@ -393,6 +393,10 @@ static int __devinit get_oxygen_model(struct oxygen *chip, |
2020 |
+ chip->model.suspend = claro_suspend; |
2021 |
+ chip->model.resume = claro_resume; |
2022 |
+ chip->model.set_adc_params = set_ak5385_params; |
2023 |
++ chip->model.device_config = PLAYBACK_0_TO_I2S | |
2024 |
++ PLAYBACK_1_TO_SPDIF | |
2025 |
++ CAPTURE_0_FROM_I2S_2 | |
2026 |
++ CAPTURE_1_FROM_SPDIF; |
2027 |
+ break; |
2028 |
+ } |
2029 |
+ if (id->driver_data == MODEL_MERIDIAN || |
2030 |
+diff --git a/sound/pci/rme9652/hdsp.c b/sound/pci/rme9652/hdsp.c |
2031 |
+index 7bb827c..401518c 100644 |
2032 |
+--- a/sound/pci/rme9652/hdsp.c |
2033 |
++++ b/sound/pci/rme9652/hdsp.c |
2034 |
+@@ -4610,6 +4610,7 @@ static int snd_hdsp_hwdep_ioctl(struct snd_hwdep *hw, struct file *file, unsigne |
2035 |
+ if (err < 0) |
2036 |
+ return err; |
2037 |
+ |
2038 |
++ memset(&info, 0, sizeof(info)); |
2039 |
+ spin_lock_irqsave(&hdsp->lock, flags); |
2040 |
+ info.pref_sync_ref = (unsigned char)hdsp_pref_sync_ref(hdsp); |
2041 |
+ info.wordclock_sync_check = (unsigned char)hdsp_wc_sync_check(hdsp); |
2042 |
+diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c |
2043 |
+index 0dce331..ec2125c 100644 |
2044 |
+--- a/sound/pci/rme9652/hdspm.c |
2045 |
++++ b/sound/pci/rme9652/hdspm.c |
2046 |
+@@ -4127,6 +4127,7 @@ static int snd_hdspm_hwdep_ioctl(struct snd_hwdep * hw, struct file *file, |
2047 |
+ |
2048 |
+ case SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO: |
2049 |
+ |
2050 |
++ memset(&info, 0, sizeof(info)); |
2051 |
+ spin_lock_irq(&hdspm->lock); |
2052 |
+ info.pref_sync_ref = hdspm_pref_sync_ref(hdspm); |
2053 |
+ info.wordclock_sync_check = hdspm_wc_sync_check(hdspm); |
2054 |
|
2055 |
Deleted: genpatches-2.6/trunk/2.6.32/1500_CVE-2010-3904-RDS-Priv-Escal-fix.patch |
2056 |
=================================================================== |
2057 |
--- genpatches-2.6/trunk/2.6.32/1500_CVE-2010-3904-RDS-Priv-Escal-fix.patch 2010-10-21 20:47:49 UTC (rev 1816) |
2058 |
+++ genpatches-2.6/trunk/2.6.32/1500_CVE-2010-3904-RDS-Priv-Escal-fix.patch 2010-10-31 22:36:53 UTC (rev 1817) |
2059 |
@@ -1,41 +0,0 @@ |
2060 |
---- a/net/rds/page.c 2010-10-19 16:40:45.060591205 -0400 |
2061 |
-+++ b/net/rds/page.c 2010-10-19 16:46:14.119044215 -0400 |
2062 |
-@@ -57,30 +57,18 @@ int rds_page_copy_user(struct page *page |
2063 |
- unsigned long ret; |
2064 |
- void *addr; |
2065 |
- |
2066 |
-- if (to_user) |
2067 |
-+ addr = kmap(page); |
2068 |
-+ if (to_user) { |
2069 |
- rds_stats_add(s_copy_to_user, bytes); |
2070 |
-- else |
2071 |
-+ ret = copy_to_user(ptr, addr + offset, bytes); |
2072 |
-+ } else { |
2073 |
- rds_stats_add(s_copy_from_user, bytes); |
2074 |
-- |
2075 |
-- addr = kmap_atomic(page, KM_USER0); |
2076 |
-- if (to_user) |
2077 |
-- ret = __copy_to_user_inatomic(ptr, addr + offset, bytes); |
2078 |
-- else |
2079 |
-- ret = __copy_from_user_inatomic(addr + offset, ptr, bytes); |
2080 |
-- kunmap_atomic(addr, KM_USER0); |
2081 |
-- |
2082 |
-- if (ret) { |
2083 |
-- addr = kmap(page); |
2084 |
-- if (to_user) |
2085 |
-- ret = copy_to_user(ptr, addr + offset, bytes); |
2086 |
-- else |
2087 |
-- ret = copy_from_user(addr + offset, ptr, bytes); |
2088 |
-- kunmap(page); |
2089 |
-- if (ret) |
2090 |
-- return -EFAULT; |
2091 |
-+ ret = copy_from_user(addr + offset, ptr, bytes); |
2092 |
- } |
2093 |
- |
2094 |
-- return 0; |
2095 |
-+ kunmap(page); |
2096 |
-+ |
2097 |
-+ return ret ? -EFAULT : 0; |
2098 |
- } |
2099 |
- EXPORT_SYMBOL_GPL(rds_page_copy_user); |
2100 |
- |