diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/arch/i386/kernel/cpu/cpufreq/powernow-k8.c linux-2.6.10-ck6/arch/i386/kernel/cpu/cpufreq/powernow-k8.c --- linux-2.6.10-ck5/arch/i386/kernel/cpu/cpufreq/powernow-k8.c 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck6/arch/i386/kernel/cpu/cpufreq/powernow-k8.c 2005-02-23 23:34:14.000000000 +1100 @@ -1010,6 +1010,7 @@ static int __init powernowk8_cpu_init(st /* min/max the cpu is capable of */ if (cpufreq_frequency_table_cpuinfo(pol, data->powernow_table)) { printk(KERN_ERR PFX "invalid powernow_table\n"); + powernow_k8_cpu_exit_acpi(data); kfree(data->powernow_table); kfree(data); return -EINVAL; @@ -1027,6 +1028,7 @@ static int __init powernowk8_cpu_init(st err_out: set_cpus_allowed(current, oldmask); schedule(); + powernow_k8_cpu_exit_acpi(data); kfree(data); return -ENODEV; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/arch/i386/kernel/cpu/cpufreq/speedstep-centrino.c linux-2.6.10-ck6/arch/i386/kernel/cpu/cpufreq/speedstep-centrino.c --- linux-2.6.10-ck5/arch/i386/kernel/cpu/cpufreq/speedstep-centrino.c 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck6/arch/i386/kernel/cpu/cpufreq/speedstep-centrino.c 2005-02-23 23:34:14.000000000 +1100 @@ -249,7 +249,7 @@ static int centrino_cpu_init_table(struc /* Matched a non-match */ printk(KERN_INFO PFX "no table support for CPU model \"%s\": \n", cpu->x86_model_id); -#ifdef CONFIG_X86_SPEEDSTEP_CENTRINO_ACPI +#ifndef CONFIG_X86_SPEEDSTEP_CENTRINO_ACPI printk(KERN_INFO PFX "try compiling with CONFIG_X86_SPEEDSTEP_CENTRINO_ACPI enabled\n"); #endif return -ENOENT; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/arch/i386/kernel/nmi.c linux-2.6.10-ck6/arch/i386/kernel/nmi.c --- linux-2.6.10-ck5/arch/i386/kernel/nmi.c 2004-10-19 08:57:04.000000000 +1000 +++ linux-2.6.10-ck6/arch/i386/kernel/nmi.c 2005-02-23 23:34:14.000000000 +1100 @@ -117,8 +117,12 @@ int __init check_nmi_watchdog (void) /* FIXME: Only boot CPU is online at this stage. Check CPUs as they come up. */ for (cpu = 0; cpu < NR_CPUS; cpu++) { - if (!cpu_online(cpu)) +#ifdef CONFIG_SMP + /* Check cpu_callin_map here because that is set + after the timer is started. */ + if (!cpu_isset(cpu, cpu_callin_map)) continue; +#endif if (nmi_count(cpu) - prev_nmi_count[cpu] <= 5) { printk("CPU#%d: NMI appears to be stuck!\n", cpu); nmi_active = 0; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/arch/i386/kernel/smpboot.c linux-2.6.10-ck6/arch/i386/kernel/smpboot.c --- linux-2.6.10-ck5/arch/i386/kernel/smpboot.c 2004-10-19 08:57:04.000000000 +1000 +++ linux-2.6.10-ck6/arch/i386/kernel/smpboot.c 2005-02-23 23:34:14.000000000 +1100 @@ -65,7 +65,7 @@ int phys_proc_id[NR_CPUS]; /* Package ID /* bitmap of online cpus */ cpumask_t cpu_online_map; -static cpumask_t cpu_callin_map; +cpumask_t cpu_callin_map; cpumask_t cpu_callout_map; static cpumask_t smp_commenced_mask; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/arch/i386/kernel/time.c linux-2.6.10-ck6/arch/i386/kernel/time.c --- linux-2.6.10-ck5/arch/i386/kernel/time.c 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck6/arch/i386/kernel/time.c 2005-02-23 23:34:14.000000000 +1100 @@ -343,12 +343,13 @@ static int timer_resume(struct sys_devic hpet_reenable(); #endif sec = get_cmos_time() + clock_cmos_diff; - sleep_length = get_cmos_time() - sleep_start; + sleep_length = (get_cmos_time() - sleep_start) * HZ; write_seqlock_irqsave(&xtime_lock, flags); xtime.tv_sec = sec; xtime.tv_nsec = 0; write_sequnlock_irqrestore(&xtime_lock, flags); - jiffies += sleep_length * HZ; + jiffies += sleep_length; + wall_jiffies += sleep_length; return 0; } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/arch/ia64/ia32/binfmt_elf32.c linux-2.6.10-ck6/arch/ia64/ia32/binfmt_elf32.c --- linux-2.6.10-ck5/arch/ia64/ia32/binfmt_elf32.c 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck6/arch/ia64/ia32/binfmt_elf32.c 2005-02-23 23:34:14.000000000 +1100 @@ -103,7 +103,7 @@ ia64_elf32_init (struct pt_regs *regs) if (insert_vm_struct(current->mm, vma)) { kmem_cache_free(vm_area_cachep, vma); up_write(¤t->mm->mmap_sem); - return; + BUG(); } } up_write(¤t->mm->mmap_sem); @@ -130,7 +130,7 @@ ia64_elf32_init (struct pt_regs *regs) if (insert_vm_struct(current->mm, vma)) { kmem_cache_free(vm_area_cachep, vma); up_write(¤t->mm->mmap_sem); - return; + BUG(); } } up_write(¤t->mm->mmap_sem); @@ -153,7 +153,7 @@ ia64_elf32_init (struct pt_regs *regs) if (insert_vm_struct(current->mm, vma)) { kmem_cache_free(vm_area_cachep, vma); up_write(¤t->mm->mmap_sem); - return; + BUG(); } } up_write(¤t->mm->mmap_sem); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/arch/ia64/kernel/irq_ia64.c linux-2.6.10-ck6/arch/ia64/kernel/irq_ia64.c --- linux-2.6.10-ck5/arch/ia64/kernel/irq_ia64.c 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck6/arch/ia64/kernel/irq_ia64.c 2005-02-23 23:34:14.000000000 +1100 @@ -115,7 +115,7 @@ ia64_handle_irq (ia64_vector vector, str * switched atomically. */ bsp = ia64_getreg(_IA64_REG_AR_BSP); - sp = ia64_getreg(_IA64_REG_AR_SP); + sp = ia64_getreg(_IA64_REG_SP); if ((sp - bsp) < 1024) { static unsigned char count; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/arch/ia64/kernel/unwind.c linux-2.6.10-ck6/arch/ia64/kernel/unwind.c --- linux-2.6.10-ck5/arch/ia64/kernel/unwind.c 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck6/arch/ia64/kernel/unwind.c 2005-02-23 23:34:14.000000000 +1100 @@ -1945,7 +1945,7 @@ EXPORT_SYMBOL(unw_unwind); int unw_unwind_to_user (struct unw_frame_info *info) { - unsigned long ip; + unsigned long ip, sp; while (unw_unwind(info) >= 0) { if (unw_get_rp(info, &ip) < 0) { @@ -1954,6 +1954,9 @@ unw_unwind_to_user (struct unw_frame_inf __FUNCTION__, ip); return -1; } + unw_get_sp(info, &sp); + if (sp >= (unsigned long)info->task + IA64_STK_OFFSET) + break; if (ip < FIXADDR_USER_END) return 0; } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/arch/ia64/sn/kernel/setup.c linux-2.6.10-ck6/arch/ia64/sn/kernel/setup.c --- linux-2.6.10-ck5/arch/ia64/sn/kernel/setup.c 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck6/arch/ia64/sn/kernel/setup.c 2005-02-23 23:34:14.000000000 +1100 @@ -163,13 +163,12 @@ static int __init pxm_to_nasid(int pxm) void __init early_sn_setup(void) { - void ia64_sal_handler_init(void *entry_point, void *gpval); efi_system_table_t *efi_systab; efi_config_table_t *config_tables; struct ia64_sal_systab *sal_systab; struct ia64_sal_desc_entry_point *ep; char *p; - int i; + int i, j; /* * Parse enough of the SAL tables to locate the SAL entry point. Since, console @@ -185,19 +184,21 @@ void __init early_sn_setup(void) 0) { sal_systab = __va(config_tables[i].table); p = (char *)(sal_systab + 1); - for (i = 0; i < sal_systab->entry_count; i++) { + for (j = 0; j < sal_systab->entry_count; j++) { if (*p == SAL_DESC_ENTRY_POINT) { ep = (struct ia64_sal_desc_entry_point *)p; ia64_sal_handler_init(__va (ep->sal_proc), __va(ep->gp)); - break; + return; } p += SAL_DESC_SIZE(*p); } } } + /* Uh-oh, SAL not available?? */ + printk(KERN_ERR "failed to find SAL entry point\n"); } extern int platform_intr_list[]; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/arch/ppc64/mm/hugetlbpage.c linux-2.6.10-ck6/arch/ppc64/mm/hugetlbpage.c --- linux-2.6.10-ck5/arch/ppc64/mm/hugetlbpage.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck6/arch/ppc64/mm/hugetlbpage.c 2005-02-23 23:34:14.000000000 +1100 @@ -745,7 +745,7 @@ void hugetlb_mm_free_pgd(struct mm_struc pgdir = mm->context.huge_pgdir; if (! pgdir) - return; + goto out; mm->context.huge_pgdir = NULL; @@ -768,6 +768,7 @@ void hugetlb_mm_free_pgd(struct mm_struc BUG_ON(memcmp(pgdir, empty_zero_page, PAGE_SIZE)); kmem_cache_free(zero_cache, pgdir); + out: spin_unlock(&mm->page_table_lock); } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/arch/um/kernel/skas/process.c linux-2.6.10-ck6/arch/um/kernel/skas/process.c --- linux-2.6.10-ck5/arch/um/kernel/skas/process.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck6/arch/um/kernel/skas/process.c 2005-02-23 23:34:14.000000000 +1100 @@ -222,9 +222,10 @@ void new_thread(void *stack, void **swit block_signals(); if(sigsetjmp(fork_buf, 1) == 0) new_thread_proc(stack, handler); - set_signals(flags); remove_sigstack(); + + set_signals(flags); } void thread_wait(void *sw, void *fb) diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/arch/x86_64/kernel/acpi/wakeup.S linux-2.6.10-ck6/arch/x86_64/kernel/acpi/wakeup.S --- linux-2.6.10-ck5/arch/x86_64/kernel/acpi/wakeup.S 2004-03-11 21:28:56.000000000 +1100 +++ linux-2.6.10-ck6/arch/x86_64/kernel/acpi/wakeup.S 2005-02-23 23:34:14.000000000 +1100 @@ -429,9 +429,6 @@ ENTRY(do_suspend_lowlevel_s4bios) do_suspend_lowlevel: .LFB5: subq $8, %rsp -.LCFI2: - testl %edi, %edi - jne .L99 xorl %eax, %eax call save_processor_state diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/arch/x86_64/kernel/nmi.c linux-2.6.10-ck6/arch/x86_64/kernel/nmi.c --- linux-2.6.10-ck5/arch/x86_64/kernel/nmi.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck6/arch/x86_64/kernel/nmi.c 2005-02-23 23:34:14.000000000 +1100 @@ -130,8 +130,12 @@ int __init check_nmi_watchdog (void) mdelay((10*1000)/nmi_hz); // wait 10 ticks for (cpu = 0; cpu < NR_CPUS; cpu++) { - if (!cpu_online(cpu)) +#ifdef CONFIG_SMP + /* Check cpu_callin_map here because that is set + after the timer is started. */ + if (!cpu_isset(cpu, cpu_callin_map)) continue; +#endif if (cpu_pda[cpu].__nmi_count - counts[cpu] <= 5) { printk("CPU#%d: NMI appears to be stuck (%d)!\n", cpu, diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/arch/x86_64/kernel/smpboot.c linux-2.6.10-ck6/arch/x86_64/kernel/smpboot.c --- linux-2.6.10-ck5/arch/x86_64/kernel/smpboot.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck6/arch/x86_64/kernel/smpboot.c 2005-02-23 23:34:14.000000000 +1100 @@ -62,7 +62,7 @@ u8 phys_proc_id[NR_CPUS] = { [0 ... NR_C /* Bitmask of currently online CPUs */ cpumask_t cpu_online_map; -static cpumask_t cpu_callin_map; +cpumask_t cpu_callin_map; cpumask_t cpu_callout_map; static cpumask_t smp_commenced_mask; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/block/scsi_ioctl.c linux-2.6.10-ck6/drivers/block/scsi_ioctl.c --- linux-2.6.10-ck5/drivers/block/scsi_ioctl.c 2005-02-23 23:34:03.000000000 +1100 +++ linux-2.6.10-ck6/drivers/block/scsi_ioctl.c 2005-02-23 23:34:14.000000000 +1100 @@ -199,7 +199,7 @@ static int verify_command(struct file *f return 0; } - if (!(type & CMD_WARNED)) { + if (!type) { cmd_type[cmd[0]] = CMD_WARNED; printk(KERN_WARNING "scsi: unknown opcode 0x%02x\n", cmd[0]); } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/char/ipmi/ipmi_msghandler.c linux-2.6.10-ck6/drivers/char/ipmi/ipmi_msghandler.c --- linux-2.6.10-ck5/drivers/char/ipmi/ipmi_msghandler.c 2004-10-19 08:57:05.000000000 +1000 +++ linux-2.6.10-ck6/drivers/char/ipmi/ipmi_msghandler.c 2005-02-23 23:34:14.000000000 +1100 @@ -2389,12 +2389,17 @@ static int handle_bmc_rsp(ipmi_smi_t if (!found) { /* Special handling for NULL users. */ - if (!recv_msg->user && intf->null_user_handler) + if (!recv_msg->user && intf->null_user_handler){ intf->null_user_handler(intf, msg); - /* The user for the message went away, so give up. */ - spin_lock_irqsave(&intf->counter_lock, flags); - intf->unhandled_local_responses++; - spin_unlock_irqrestore(&intf->counter_lock, flags); + spin_lock_irqsave(&intf->counter_lock, flags); + intf->handled_local_responses++; + spin_unlock_irqrestore(&intf->counter_lock, flags); + }else{ + /* The user for the message went away, so give up. */ + spin_lock_irqsave(&intf->counter_lock, flags); + intf->unhandled_local_responses++; + spin_unlock_irqrestore(&intf->counter_lock, flags); + } ipmi_free_recv_msg(recv_msg); } else { struct ipmi_system_interface_addr *smi_addr; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/char/ipmi/ipmi_si_intf.c linux-2.6.10-ck6/drivers/char/ipmi/ipmi_si_intf.c --- linux-2.6.10-ck5/drivers/char/ipmi/ipmi_si_intf.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck6/drivers/char/ipmi/ipmi_si_intf.c 2005-02-23 23:34:14.000000000 +1100 @@ -1299,7 +1299,7 @@ static int try_init_mem(int intf_num, st memset(info, 0, sizeof(*info)); info->io_setup = mem_setup; - info->io.info = (void *) addrs[intf_num]; + info->io.info = &addrs[intf_num]; info->io.addr = NULL; info->io.regspacing = regspacings[intf_num]; if (!info->io.regspacing) @@ -1587,8 +1587,9 @@ static int decode_dmi(dmi_header_t *dm, case 0x01: /* 32-bit boundaries */ ipmi_data->offset = 4; break; - case 0x02: /* 16-bit boundaries */ - ipmi_data->offset = 2; + case 0x02: /* 16-byte boundaries */ + ipmi_data->offset = 16; + break; default: printk("ipmi_si: Unknown SMBIOS IPMI Base Addr" " Modifier: 0x%x\n", reg_spacing); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/char/n_tty.c linux-2.6.10-ck6/drivers/char/n_tty.c --- linux-2.6.10-ck5/drivers/char/n_tty.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck6/drivers/char/n_tty.c 2005-02-23 23:34:14.000000000 +1100 @@ -1143,13 +1143,13 @@ static inline int copy_from_read_buf(str { int retval; - ssize_t n; + size_t n; unsigned long flags; retval = 0; spin_lock_irqsave(&tty->read_lock, flags); n = min(tty->read_cnt, N_TTY_BUF_SIZE - tty->read_tail); - n = min((ssize_t)*nr, n); + n = min(*nr, n); spin_unlock_irqrestore(&tty->read_lock, flags); if (n) { mb(); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/char/tty_io.c linux-2.6.10-ck6/drivers/char/tty_io.c --- linux-2.6.10-ck5/drivers/char/tty_io.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck6/drivers/char/tty_io.c 2005-02-23 23:34:14.000000000 +1100 @@ -918,9 +918,11 @@ void disassociate_ctty(int on_exit) lock_kernel(); + down(&tty_sem); tty = current->signal->tty; if (tty) { tty_pgrp = tty->pgrp; + up(&tty_sem); if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) tty_vhangup(tty); } else { @@ -928,6 +930,7 @@ void disassociate_ctty(int on_exit) kill_pg(current->signal->tty_old_pgrp, SIGHUP, on_exit); kill_pg(current->signal->tty_old_pgrp, SIGCONT, on_exit); } + up(&tty_sem); unlock_kernel(); return; } @@ -937,15 +940,19 @@ void disassociate_ctty(int on_exit) kill_pg(tty_pgrp, SIGCONT, on_exit); } + /* Must lock changes to tty_old_pgrp */ + down(&tty_sem); current->signal->tty_old_pgrp = 0; tty->session = 0; tty->pgrp = -1; + /* Now clear signal->tty under the lock */ read_lock(&tasklist_lock); do_each_task_pid(current->signal->session, PIDTYPE_SID, p) { p->signal->tty = NULL; } while_each_task_pid(current->signal->session, PIDTYPE_SID, p); read_unlock(&tasklist_lock); + up(&tty_sem); unlock_kernel(); } @@ -1171,12 +1178,6 @@ static int init_dev(struct tty_driver *d struct termios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc; int retval=0; - /* - * Check whether we need to acquire the tty semaphore to avoid - * race conditions. For now, play it safe. - */ - down(&tty_sem); - /* check whether we're reopening an existing tty */ if (driver->flags & TTY_DRIVER_DEVPTS_MEM) { tty = devpts_get_tty(idx); @@ -1365,7 +1366,6 @@ success: /* All paths come through here to release the semaphore */ end_init: - up(&tty_sem); return retval; /* Release locally allocated memory ... nothing placed in slots */ @@ -1561,9 +1561,14 @@ static void release_dev(struct file * fi * each iteration we avoid any problems. */ while (1) { + /* Guard against races with tty->count changes elsewhere and + opens on /dev/tty */ + + down(&tty_sem); tty_closing = tty->count <= 1; o_tty_closing = o_tty && (o_tty->count <= (pty_master ? 1 : 0)); + up(&tty_sem); do_sleep = 0; if (tty_closing) { @@ -1599,6 +1604,8 @@ static void release_dev(struct file * fi * both sides, and we've completed the last operation that could * block, so it's safe to proceed with closing. */ + + down(&tty_sem); if (pty_master) { if (--o_tty->count < 0) { printk(KERN_WARNING "release_dev: bad pty slave count " @@ -1612,7 +1619,8 @@ static void release_dev(struct file * fi tty->count, tty_name(tty, buf)); tty->count = 0; } - + up(&tty_sem); + /* * We've decremented tty->count, so we need to remove this file * descriptor off the tty->tty_files list; this serves two @@ -1759,10 +1767,14 @@ retry_open: noctty = filp->f_flags & O_NOCTTY; index = -1; retval = 0; + + down(&tty_sem); if (device == MKDEV(TTYAUX_MAJOR,0)) { - if (!current->signal->tty) + if (!current->signal->tty) { + up(&tty_sem); return -ENXIO; + } driver = current->signal->tty->driver; index = current->signal->tty->index; filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ @@ -1787,14 +1799,18 @@ retry_open: noctty = 1; goto got_driver; } + up(&tty_sem); return -ENODEV; } driver = get_tty_driver(device, &index); - if (!driver) + if (!driver) { + up(&tty_sem); return -ENODEV; + } got_driver: retval = init_dev(driver, index, &tty); + up(&tty_sem); if (retval) return retval; @@ -1880,7 +1896,10 @@ static int ptmx_open(struct inode * inod } up(&allocated_ptys_lock); + down(&tty_sem); retval = init_dev(ptm_driver, index, &tty); + up(&tty_sem); + if (retval) goto out; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/cpufreq/cpufreq.c linux-2.6.10-ck6/drivers/cpufreq/cpufreq.c --- linux-2.6.10-ck5/drivers/cpufreq/cpufreq.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck6/drivers/cpufreq/cpufreq.c 2005-02-23 23:34:14.000000000 +1100 @@ -893,6 +893,16 @@ static int cpufreq_resume(struct sys_dev return 0; } + if (cpufreq_driver->resume) { + ret = cpufreq_driver->resume(cpu_policy); + if (ret) { + printk(KERN_ERR "cpufreq: resume failed in ->resume " + "step on CPU %u\n", cpu_policy->cpu); + cpufreq_cpu_put(cpu_policy); + return ret; + } + } + if (!(cpufreq_driver->flags & CPUFREQ_CONST_LOOPS)) { unsigned int cur_freq = 0; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/i2c/busses/i2c-ali1563.c linux-2.6.10-ck6/drivers/i2c/busses/i2c-ali1563.c --- linux-2.6.10-ck5/drivers/i2c/busses/i2c-ali1563.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck6/drivers/i2c/busses/i2c-ali1563.c 2005-02-23 23:34:14.000000000 +1100 @@ -306,7 +306,7 @@ static void ali1563_enable(struct pci_de pci_write_config_word(dev,ALI1563_SMBBA,ctrl); } -static int __init ali1563_setup(struct pci_dev * dev) +static int __devinit ali1563_setup(struct pci_dev * dev) { u16 ctrl; @@ -362,7 +362,7 @@ static struct i2c_adapter ali1563_adapte .algo = &ali1563_algorithm, }; -static int __init ali1563_probe(struct pci_dev * dev, +static int __devinit ali1563_probe(struct pci_dev * dev, const struct pci_device_id * id_table) { int error; @@ -378,7 +378,7 @@ static int __init ali1563_probe(struct p return error; } -static void __exit ali1563_remove(struct pci_dev * dev) +static void __devexit ali1563_remove(struct pci_dev * dev) { i2c_del_adapter(&ali1563_adapter); ali1563_shutdown(dev); @@ -400,7 +400,7 @@ static struct pci_driver ali1563_pci_dri .name = "ali1563_i2c", .id_table = ali1563_id_table, .probe = ali1563_probe, - .remove = ali1563_remove, + .remove = __devexit_p(ali1563_remove), }; static int __init ali1563_init(void) diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/i2c/busses/i2c-sis5595.c linux-2.6.10-ck6/drivers/i2c/busses/i2c-sis5595.c --- linux-2.6.10-ck5/drivers/i2c/busses/i2c-sis5595.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck6/drivers/i2c/busses/i2c-sis5595.c 2005-02-23 23:34:14.000000000 +1100 @@ -181,9 +181,11 @@ static int sis5595_setup(struct pci_dev if (force_addr) { dev_info(&SIS5595_dev->dev, "forcing ISA address 0x%04X\n", sis5595_base); - if (!pci_write_config_word(SIS5595_dev, ACPI_BASE, sis5595_base)) + if (pci_write_config_word(SIS5595_dev, ACPI_BASE, sis5595_base) + != PCIBIOS_SUCCESSFUL) goto error; - if (!pci_read_config_word(SIS5595_dev, ACPI_BASE, &a)) + if (pci_read_config_word(SIS5595_dev, ACPI_BASE, &a) + != PCIBIOS_SUCCESSFUL) goto error; if ((a & ~(SIS5595_EXTENT - 1)) != sis5595_base) { /* doesn't work for some chips! */ @@ -192,13 +194,16 @@ static int sis5595_setup(struct pci_dev } } - if (!pci_read_config_byte(SIS5595_dev, SIS5595_ENABLE_REG, &val)) + if (pci_read_config_byte(SIS5595_dev, SIS5595_ENABLE_REG, &val) + != PCIBIOS_SUCCESSFUL) goto error; if ((val & 0x80) == 0) { dev_info(&SIS5595_dev->dev, "enabling ACPI\n"); - if (!pci_write_config_byte(SIS5595_dev, SIS5595_ENABLE_REG, val | 0x80)) + if (pci_write_config_byte(SIS5595_dev, SIS5595_ENABLE_REG, val | 0x80) + != PCIBIOS_SUCCESSFUL) goto error; - if (!pci_read_config_byte(SIS5595_dev, SIS5595_ENABLE_REG, &val)) + if (pci_read_config_byte(SIS5595_dev, SIS5595_ENABLE_REG, &val) + != PCIBIOS_SUCCESSFUL) goto error; if ((val & 0x80) == 0) { /* doesn't work for some chips? */ diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/i2c/busses/i2c-viapro.c linux-2.6.10-ck6/drivers/i2c/busses/i2c-viapro.c --- linux-2.6.10-ck5/drivers/i2c/busses/i2c-viapro.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck6/drivers/i2c/busses/i2c-viapro.c 2005-02-23 23:34:14.000000000 +1100 @@ -231,8 +231,8 @@ static s32 vt596_access(struct i2c_adapt len = data->block[0]; if (len < 0) len = 0; - if (len > 32) - len = 32; + if (len > I2C_SMBUS_BLOCK_MAX) + len = I2C_SMBUS_BLOCK_MAX; outb_p(len, SMBHSTDAT0); i = inb_p(SMBHSTCNT); /* Reset SMBBLKDAT */ for (i = 1; i <= len; i++) @@ -266,6 +266,8 @@ static s32 vt596_access(struct i2c_adapt break; case VT596_BLOCK_DATA: data->block[0] = inb_p(SMBHSTDAT0); + if (data->block[0] > I2C_SMBUS_BLOCK_MAX) + data->block[0] = I2C_SMBUS_BLOCK_MAX; i = inb_p(SMBHSTCNT); /* Reset SMBBLKDAT */ for (i = 1; i <= data->block[0]; i++) data->block[i] = inb_p(SMBBLKDAT); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/ide/pci/it8172.c linux-2.6.10-ck6/drivers/ide/pci/it8172.c --- linux-2.6.10-ck5/drivers/ide/pci/it8172.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck6/drivers/ide/pci/it8172.c 2005-02-23 23:34:14.000000000 +1100 @@ -270,7 +270,7 @@ static int __devinit it8172_init_one(str { if ((!(PCI_FUNC(dev->devfn) & 1) || (!((dev->class >> 8) == PCI_CLASS_STORAGE_IDE)))) - return 1; /* IT8172 is more than only a IDE controller */ + return -ENODEV; /* IT8172 is more than an IDE controller */ ide_setup_pci_device(dev, &it8172_chipsets[id->driver_data]); return 0; } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/md/md.c linux-2.6.10-ck6/drivers/md/md.c --- linux-2.6.10-ck5/drivers/md/md.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck6/drivers/md/md.c 2005-02-23 23:34:14.000000000 +1100 @@ -332,29 +332,26 @@ static int bi_complete(struct bio *bio, static int sync_page_io(struct block_device *bdev, sector_t sector, int size, struct page *page, int rw) { - struct bio bio; - struct bio_vec vec; + struct bio *bio = bio_alloc(GFP_KERNEL, 1); struct completion event; + int ret; + + bio_get(bio); rw |= (1 << BIO_RW_SYNC); - bio_init(&bio); - bio.bi_io_vec = &vec; - vec.bv_page = page; - vec.bv_len = size; - vec.bv_offset = 0; - bio.bi_vcnt = 1; - bio.bi_idx = 0; - bio.bi_size = size; - bio.bi_bdev = bdev; - bio.bi_sector = sector; + bio->bi_bdev = bdev; + bio->bi_sector = sector; + bio_add_page(bio, page, size, 0); init_completion(&event); - bio.bi_private = &event; - bio.bi_end_io = bi_complete; - submit_bio(rw, &bio); + bio->bi_private = &event; + bio->bi_end_io = bi_complete; + submit_bio(rw, bio); wait_for_completion(&event); - return test_bit(BIO_UPTODATE, &bio.bi_flags); + ret = test_bit(BIO_UPTODATE, &bio->bi_flags); + bio_put(bio); + return ret; } static int read_disk_sb(mdk_rdev_t * rdev) diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/mtd/inftlmount.c linux-2.6.10-ck6/drivers/mtd/inftlmount.c --- linux-2.6.10-ck5/drivers/mtd/inftlmount.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck6/drivers/mtd/inftlmount.c 2005-02-23 23:34:14.000000000 +1100 @@ -8,7 +8,7 @@ * Author: Fabrice Bellard (fabrice.bellard@netgem.com) * Copyright (C) 2000 Netgem S.A. * - * $Id: inftlmount.c,v 1.15 2004/11/05 21:55:55 kalev Exp $ + * $Id: inftlmount.c,v 1.16 2004/11/22 13:50:53 kalev Exp $ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -41,7 +41,7 @@ #include #include -char inftlmountrev[]="$Revision: 1.15 $"; +char inftlmountrev[]="$Revision: 1.16 $"; /* * find_boot_record: Find the INFTL Media Header and its Spare copy which @@ -389,8 +389,6 @@ int INFTL_formatblock(struct INFTLrecord struct erase_info *instr = &inftl->instr; int physblock; - instr->mtd = inftl->mbd.mtd; - DEBUG(MTD_DEBUG_LEVEL3, "INFTL: INFTL_formatblock(inftl=%p," "block=%d)\n", inftl, block); @@ -400,6 +398,7 @@ int INFTL_formatblock(struct INFTLrecord _first_? */ /* Use async erase interface, test return code */ + instr->mtd = inftl->mbd.mtd; instr->addr = block * inftl->EraseSize; instr->len = inftl->mbd.mtd->erasesize; /* Erase one physical eraseblock at a time, even though the NAND api diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/mtd/nand/s3c2410.c linux-2.6.10-ck6/drivers/mtd/nand/s3c2410.c --- linux-2.6.10-ck5/drivers/mtd/nand/s3c2410.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck6/drivers/mtd/nand/s3c2410.c 2005-02-23 23:34:14.000000000 +1100 @@ -11,7 +11,7 @@ * 28-Sep-2004 BJD Fixed ECC placement for Hardware mode * 12-Oct-2004 BJD Fixed errors in use of platform data * - * $Id: s3c2410.c,v 1.5 2004/10/12 10:10:15 bjd Exp $ + * $Id: s3c2410.c,v 1.6 2004/11/24 12:25:48 bjd Exp $ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -167,7 +167,7 @@ static int s3c2410_nand_inithw(struct s3 if (plat != NULL) { tacls = s3c2410_nand_calc_rate(plat->tacls, clkrate, 8); twrph0 = s3c2410_nand_calc_rate(plat->twrph0, clkrate, 8); - twrph1 = s3c2410_nand_calc_rate(plat->twrph0, clkrate, 8); + twrph1 = s3c2410_nand_calc_rate(plat->twrph1, clkrate, 8); } else { /* default timings */ tacls = 8; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/mtd/nftlmount.c linux-2.6.10-ck6/drivers/mtd/nftlmount.c --- linux-2.6.10-ck5/drivers/mtd/nftlmount.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck6/drivers/mtd/nftlmount.c 2005-02-23 23:34:14.000000000 +1100 @@ -4,7 +4,7 @@ * Author: Fabrice Bellard (fabrice.bellard@netgem.com) * Copyright (C) 2000 Netgem S.A. * - * $Id: nftlmount.c,v 1.39 2004/11/05 22:51:41 kalev Exp $ + * $Id: nftlmount.c,v 1.40 2004/11/22 14:38:29 kalev Exp $ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,7 +31,7 @@ #define SECTORSIZE 512 -char nftlmountrev[]="$Revision: 1.39 $"; +char nftlmountrev[]="$Revision: 1.40 $"; /* find_boot_record: Find the NFTL Media Header and its Spare copy which contains the * various device information of the NFTL partition and Bad Unit Table. Update @@ -302,8 +302,6 @@ int NFTL_formatblock(struct NFTLrecord * struct nftl_uci1 uci; struct erase_info *instr = &nftl->instr; - instr->mtd = nftl->mbd.mtd; - /* Read the Unit Control Information #1 for Wear-Leveling */ if (MTD_READOOB(nftl->mbd.mtd, block * nftl->EraseSize + SECTORSIZE + 8, 8, &retlen, (char *)&uci) < 0) @@ -320,6 +318,7 @@ int NFTL_formatblock(struct NFTLrecord * memset(instr, 0, sizeof(struct erase_info)); /* XXX: use async erase interface, XXX: test return code */ + instr->mtd = nftl->mbd.mtd; instr->addr = block * nftl->EraseSize; instr->len = nftl->EraseSize; MTD_ERASE(nftl->mbd.mtd, instr); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/net/e1000/e1000_hw.c linux-2.6.10-ck6/drivers/net/e1000/e1000_hw.c --- linux-2.6.10-ck5/drivers/net/e1000/e1000_hw.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck6/drivers/net/e1000/e1000_hw.c 2005-02-23 23:34:14.000000000 +1100 @@ -3478,7 +3478,7 @@ e1000_read_eeprom(struct e1000_hw *hw, /* A check for invalid values: offset too large, too many words, and not * enough words. */ - if((offset > eeprom->word_size) || (words > eeprom->word_size - offset) || + if((offset >= eeprom->word_size) || (words > eeprom->word_size - offset) || (words == 0)) { DEBUGOUT("\"words\" parameter out of bounds\n"); return -E1000_ERR_EEPROM; @@ -3626,7 +3626,7 @@ e1000_write_eeprom(struct e1000_hw *hw, /* A check for invalid values: offset too large, too many words, and not * enough words. */ - if((offset > eeprom->word_size) || (words > eeprom->word_size - offset) || + if((offset >= eeprom->word_size) || (words > eeprom->word_size - offset) || (words == 0)) { DEBUGOUT("\"words\" parameter out of bounds\n"); return -E1000_ERR_EEPROM; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/net/wan/cosa.c linux-2.6.10-ck6/drivers/net/wan/cosa.c --- linux-2.6.10-ck5/drivers/net/wan/cosa.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck6/drivers/net/wan/cosa.c 2005-02-23 23:34:14.000000000 +1100 @@ -642,11 +642,11 @@ static void sppp_channel_init(struct cha return; } chan->pppdev.dev = d; - sppp_attach(&chan->pppdev); d->base_addr = chan->cosa->datareg; d->irq = chan->cosa->irq; d->dma = chan->cosa->dma; d->priv = chan; + sppp_attach(&chan->pppdev); if (register_netdev(d)) { printk(KERN_WARNING "%s: register_netdev failed.\n", d->name); sppp_detach(d); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/net/wan/sdla.c linux-2.6.10-ck6/drivers/net/wan/sdla.c --- linux-2.6.10-ck5/drivers/net/wan/sdla.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck6/drivers/net/wan/sdla.c 2005-02-23 23:34:14.000000000 +1100 @@ -1306,6 +1306,8 @@ NOTE: This is rather a useless action r case SDLA_WRITEMEM: case SDLA_READMEM: + if(!capable(CAP_SYS_RAWIO)) + return -EPERM; return(sdla_xfer(dev, ifr->ifr_data, cmd == SDLA_READMEM)); case SDLA_START: diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/pci/hotplug/acpiphp_ibm.c linux-2.6.10-ck6/drivers/pci/hotplug/acpiphp_ibm.c --- linux-2.6.10-ck5/drivers/pci/hotplug/acpiphp_ibm.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck6/drivers/pci/hotplug/acpiphp_ibm.c 2005-02-23 23:34:14.000000000 +1100 @@ -47,7 +47,7 @@ MODULE_AUTHOR(DRIVER_AUTHOR); MODULE_DESCRIPTION(DRIVER_DESC); MODULE_LICENSE("GPL"); MODULE_VERSION(DRIVER_VERSION); -module_param(debug, bool, 644); +module_param(debug, bool, 0644); MODULE_PARM_DESC(debug, " Debugging mode enabled or not"); #define MY_NAME "acpiphp_ibm" diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/scsi/gdth.c linux-2.6.10-ck6/drivers/scsi/gdth.c --- linux-2.6.10-ck5/drivers/scsi/gdth.c 2004-10-19 08:57:06.000000000 +1000 +++ linux-2.6.10-ck6/drivers/scsi/gdth.c 2005-02-23 23:34:14.000000000 +1100 @@ -2708,7 +2708,6 @@ static void gdth_copy_internal_data(int ushort cpsum,cpnow; struct scatterlist *sl; gdth_ha_str *ha; - int sgcnt; char *address; cpcount = count<=(ushort)scp->bufflen ? count:(ushort)scp->bufflen; @@ -2717,9 +2716,9 @@ static void gdth_copy_internal_data(int if (scp->use_sg) { sl = (struct scatterlist *)scp->request_buffer; #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,13) - sgcnt = pci_map_sg(ha->pdev,sl,scp->use_sg,PCI_DMA_FROMDEVICE); - for (i=0,cpsum=0; iuse_sg; ++i,++sl) { + unsigned long flags; + cpnow = (ushort)sl->length; TRACE(("copy_internal() now %d sum %d count %d %d\n", cpnow,cpsum,cpcount,(ushort)scp->bufflen)); if (cpsum+cpnow > cpcount) @@ -2730,17 +2729,18 @@ static void gdth_copy_internal_data(int hanum); return; } - address = (char *)(page_address(sl->page) + sl->offset); + local_irq_save(flags); + address = kmap_atomic(sl->page, KM_BIO_SRC_IRQ) + sl->offset; memcpy(address,buffer,cpnow); + flush_dcache_page(sl->page); + kunmap_atomic(address, KM_BIO_SRC_IRQ); + local_irq_restore(flags); if (cpsum == cpcount) break; buffer += cpnow; } - pci_unmap_sg(ha->pdev,scp->request_buffer, - scp->use_sg,PCI_DMA_FROMDEVICE); #else - sgcnt = scp->use_sg; - for (i=0,cpsum=0; iuse_sg; ++i,++sl) { cpnow = (ushort)sl->length; TRACE(("copy_internal() now %d sum %d count %d %d\n", cpnow,cpsum,cpcount,(ushort)scp->bufflen)); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/scsi/ibmvscsi/ibmvscsi.c linux-2.6.10-ck6/drivers/scsi/ibmvscsi/ibmvscsi.c --- linux-2.6.10-ck5/drivers/scsi/ibmvscsi/ibmvscsi.c 2004-10-19 08:57:06.000000000 +1000 +++ linux-2.6.10-ck6/drivers/scsi/ibmvscsi/ibmvscsi.c 2005-02-23 23:34:14.000000000 +1100 @@ -466,7 +466,7 @@ static int map_data_for_srp_cmd(struct s static int ibmvscsi_send_srp_event(struct srp_event_struct *evt_struct, struct ibmvscsi_host_data *hostdata) { - struct scsi_cmnd *cmnd = evt_struct->cmnd; + struct scsi_cmnd *cmnd; u64 *crq_as_u64 = (u64 *) &evt_struct->crq; int rc; @@ -478,22 +478,15 @@ static int ibmvscsi_send_srp_event(struc if ((evt_struct->crq.format == VIOSRP_SRP_FORMAT) && (atomic_dec_if_positive(&hostdata->request_limit) < 0)) { /* See if the adapter is disabled */ - if (atomic_read(&hostdata->request_limit) < 0) { - if (cmnd) - cmnd->result = DID_ERROR << 16; - if (evt_struct->cmnd_done) - evt_struct->cmnd_done(cmnd); - unmap_cmd_data(&evt_struct->iu.srp.cmd, - hostdata->dev); - free_event_struct(&hostdata->pool, evt_struct); - return 0; - } else { - printk("ibmvscsi: Warning, request_limit exceeded\n"); - unmap_cmd_data(&evt_struct->iu.srp.cmd, - hostdata->dev); - free_event_struct(&hostdata->pool, evt_struct); - return SCSI_MLQUEUE_HOST_BUSY; - } + if (atomic_read(&hostdata->request_limit) < 0) + goto send_error; + + printk(KERN_WARNING + "ibmvscsi: Warning, request_limit exceeded\n"); + unmap_cmd_data(&evt_struct->iu.srp.cmd, + hostdata->dev); + free_event_struct(&hostdata->pool, evt_struct); + return SCSI_MLQUEUE_HOST_BUSY; } /* Copy the IU into the transfer area */ @@ -510,18 +503,24 @@ static int ibmvscsi_send_srp_event(struc ibmvscsi_send_crq(hostdata, crq_as_u64[0], crq_as_u64[1])) != 0) { list_del(&evt_struct->list); - cmnd = evt_struct->cmnd; printk(KERN_ERR "ibmvscsi: failed to send event struct rc %d\n", rc); - unmap_cmd_data(&evt_struct->iu.srp.cmd, hostdata->dev); - free_event_struct(&hostdata->pool, evt_struct); - if (cmnd) - cmnd->result = DID_ERROR << 16; - if (evt_struct->cmnd_done) - evt_struct->cmnd_done(cmnd); + goto send_error; } return 0; + + send_error: + unmap_cmd_data(&evt_struct->iu.srp.cmd, hostdata->dev); + + if ((cmnd = evt_struct->cmnd) != NULL) { + cmnd->result = DID_ERROR << 16; + evt_struct->cmnd_done(cmnd); + } else if (evt_struct->done) + evt_struct->done(evt_struct); + + free_event_struct(&hostdata->pool, evt_struct); + return 0; } /** @@ -1325,7 +1324,7 @@ static int ibmvscsi_probe(struct vio_dev */ for (wait_switch = jiffies + (init_timeout * HZ); time_before(jiffies, wait_switch) && - atomic_read(&hostdata->request_limit) < 0;) { + atomic_read(&hostdata->request_limit) < 2;) { set_current_state(TASK_UNINTERRUPTIBLE); schedule_timeout(HZ / 100); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/scsi/scsi_lib.c linux-2.6.10-ck6/drivers/scsi/scsi_lib.c --- linux-2.6.10-ck5/drivers/scsi/scsi_lib.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck6/drivers/scsi/scsi_lib.c 2005-02-23 23:34:14.000000000 +1100 @@ -1668,6 +1668,7 @@ scsi_device_set_state(struct scsi_device case SDEV_CREATED: case SDEV_RUNNING: case SDEV_QUIESCE: + case SDEV_BLOCK: break; default: goto illegal; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/scsi/sd.c linux-2.6.10-ck6/drivers/scsi/sd.c --- linux-2.6.10-ck5/drivers/scsi/sd.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck6/drivers/scsi/sd.c 2005-02-23 23:34:14.000000000 +1100 @@ -1082,9 +1082,12 @@ repeat: " READ CAPACITY(16).\n", diskname); longrc = 1; goto repeat; - } else { - printk(KERN_ERR "%s: too big for kernel. Assuming maximum 2Tb\n", diskname); } + printk(KERN_ERR "%s: too big for this kernel. Use a " + "kernel compiled with support for large block " + "devices.\n", diskname); + sdkp->capacity = 0; + goto got_data; } sdkp->capacity = 1 + (((sector_t)buffer[0] << 24) | (buffer[1] << 16) | diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/usb/gadget/serial.c linux-2.6.10-ck6/drivers/usb/gadget/serial.c --- linux-2.6.10-ck5/drivers/usb/gadget/serial.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck6/drivers/usb/gadget/serial.c 2005-02-23 23:34:14.000000000 +1100 @@ -2322,11 +2322,11 @@ static void gs_free_ports(struct gs_dev wake_up_interruptible(&port->port_tty->read_wait); wake_up_interruptible(&port->port_tty->write_wait); } + spin_unlock_irqrestore(&port->port_lock, flags); } else { kfree(port); } - spin_unlock_irqrestore(&port->port_lock, flags); } } } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/drivers/usb/Makefile linux-2.6.10-ck6/drivers/usb/Makefile --- linux-2.6.10-ck5/drivers/usb/Makefile 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck6/drivers/usb/Makefile 2005-02-23 23:34:14.000000000 +1100 @@ -9,7 +9,7 @@ obj-$(CONFIG_USB) += core/ obj-$(CONFIG_USB_EHCI_HCD) += host/ obj-$(CONFIG_USB_OHCI_HCD) += host/ obj-$(CONFIG_USB_UHCI_HCD) += host/ -obj-$(CONFIG_USB_SL811HS) += host/ +obj-$(CONFIG_USB_SL811_HCD) += host/ obj-$(CONFIG_ETRAX_USB_HOST) += host/ obj-$(CONFIG_USB_ACM) += class/ @@ -49,7 +49,6 @@ obj-$(CONFIG_USB_PEGASUS) += net/ obj-$(CONFIG_USB_RTL8150) += net/ obj-$(CONFIG_USB_USBNET) += net/ -obj-$(CONFIG_USB_DC2XX) += image/ obj-$(CONFIG_USB_HPUSBSCSI) += image/ obj-$(CONFIG_USB_MDC800) += image/ obj-$(CONFIG_USB_MICROTEK) += image/ diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/fs/binfmt_elf.c linux-2.6.10-ck6/fs/binfmt_elf.c --- linux-2.6.10-ck5/fs/binfmt_elf.c 2005-02-23 23:34:03.000000000 +1100 +++ linux-2.6.10-ck6/fs/binfmt_elf.c 2005-02-23 23:34:14.000000000 +1100 @@ -325,7 +325,8 @@ static unsigned long load_elf_interp(str */ if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr)) goto out; - if (interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr)) + if (interp_elf_ex->e_phnum < 1 || + interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr)) goto out; /* Now read in all of the header information */ @@ -534,12 +535,13 @@ static int load_elf_binary(struct linux_ /* Now read in all of the header information */ - retval = -ENOMEM; if (loc->elf_ex.e_phentsize != sizeof(struct elf_phdr)) goto out; - if (loc->elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr)) + if (loc->elf_ex.e_phnum < 1 || + loc->elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr)) goto out; size = loc->elf_ex.e_phnum * sizeof(struct elf_phdr); + retval = -ENOMEM; elf_phdata = (struct elf_phdr *) kmalloc(size, GFP_KERNEL); if (!elf_phdata) goto out; @@ -585,10 +587,12 @@ static int load_elf_binary(struct linux_ * is an a.out format binary */ - retval = -ENOMEM; + retval = -ENOEXEC; if (elf_ppnt->p_filesz > PATH_MAX || - elf_ppnt->p_filesz == 0) + elf_ppnt->p_filesz < 2) goto out_free_file; + + retval = -ENOMEM; elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz, GFP_KERNEL); if (!elf_interpreter) @@ -603,7 +607,7 @@ static int load_elf_binary(struct linux_ goto out_free_interp; } /* make sure path is NULL terminated */ - retval = -EINVAL; + retval = -ENOEXEC; if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0') goto out_free_interp; @@ -878,8 +882,9 @@ static int load_elf_binary(struct linux_ interpreter, &interp_load_addr); if (BAD_ADDR(elf_entry)) { - printk(KERN_ERR "Unable to load interpreter\n"); - send_sig(SIGSEGV, current, 0); + printk(KERN_ERR "Unable to load interpreter %.128s\n", + elf_interpreter); + force_sig(SIGSEGV, current); retval = -ENOEXEC; /* Nobody gets to see this, but.. */ goto out_free_dentry; } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/fs/ext3/inode.c linux-2.6.10-ck6/fs/ext3/inode.c --- linux-2.6.10-ck5/fs/ext3/inode.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck6/fs/ext3/inode.c 2005-02-23 23:34:14.000000000 +1100 @@ -84,7 +84,7 @@ int ext3_forget(handle_t *handle, int is (!is_metadata && !ext3_should_journal_data(inode))) { if (bh) { BUFFER_TRACE(bh, "call journal_forget"); - ext3_journal_forget(handle, bh); + return ext3_journal_forget(handle, bh); } return 0; } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/fs/ext3/super.c linux-2.6.10-ck6/fs/ext3/super.c --- linux-2.6.10-ck5/fs/ext3/super.c 2005-02-23 23:34:03.000000000 +1100 +++ linux-2.6.10-ck6/fs/ext3/super.c 2005-02-23 23:34:14.000000000 +1100 @@ -108,14 +108,19 @@ void ext3_journal_abort_handle(const cha char nbuf[16]; const char *errstr = ext3_decode_error(NULL, err, nbuf); - printk(KERN_ERR "%s: aborting transaction: %s in %s", - caller, errstr, err_fn); - if (bh) BUFFER_TRACE(bh, "abort"); - journal_abort_handle(handle); + if (!handle->h_err) handle->h_err = err; + + if (is_handle_aborted(handle)) + return; + + printk(KERN_ERR "%s: aborting transaction: %s in %s\n", + caller, errstr, err_fn); + + journal_abort_handle(handle); } /* Deal with the reporting of failure conditions on a filesystem such as @@ -143,9 +148,6 @@ static void ext3_handle_error(struct sup if (sb->s_flags & MS_RDONLY) return; - if (test_opt (sb, ERRORS_PANIC)) - panic ("EXT3-fs (device %s): panic forced after error\n", - sb->s_id); if (test_opt (sb, ERRORS_RO)) { printk (KERN_CRIT "Remounting filesystem read-only\n"); sb->s_flags |= MS_RDONLY; @@ -156,6 +158,9 @@ static void ext3_handle_error(struct sup if (journal) journal_abort(journal, -EIO); } + if (test_opt(sb, ERRORS_PANIC)) + panic("EXT3-fs (device %s): panic forced after error\n", + sb->s_id); ext3_commit_super(sb, es, 1); } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/fs/jbd/revoke.c linux-2.6.10-ck6/fs/jbd/revoke.c --- linux-2.6.10-ck5/fs/jbd/revoke.c 2004-10-19 08:57:11.000000000 +1000 +++ linux-2.6.10-ck6/fs/jbd/revoke.c 2005-02-23 23:34:14.000000000 +1100 @@ -376,7 +376,12 @@ int journal_revoke(handle_t *handle, uns first having the revoke cancelled: it's illegal to free a block twice without allocating it in between! */ if (bh) { - J_ASSERT_BH(bh, !buffer_revoked(bh)); + if (!J_EXPECT_BH(bh, !buffer_revoked(bh), + "inconsistent data on disk")) { + if (!bh_in) + brelse(bh); + return -EIO; + } set_buffer_revoked(bh); set_buffer_revokevalid(bh); if (bh_in) { diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/fs/jbd/transaction.c linux-2.6.10-ck6/fs/jbd/transaction.c --- linux-2.6.10-ck5/fs/jbd/transaction.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck6/fs/jbd/transaction.c 2005-02-23 23:34:14.000000000 +1100 @@ -1198,11 +1198,12 @@ journal_release_buffer(handle_t *handle, * Allow this call even if the handle has aborted --- it may be part of * the caller's cleanup after an abort. */ -void journal_forget(handle_t *handle, struct buffer_head *bh) +int journal_forget (handle_t *handle, struct buffer_head *bh) { transaction_t *transaction = handle->h_transaction; journal_t *journal = transaction->t_journal; struct journal_head *jh; + int err = 0; BUFFER_TRACE(bh, "entry"); @@ -1213,6 +1214,14 @@ void journal_forget(handle_t *handle, st goto not_jbd; jh = bh2jh(bh); + /* Critical error: attempting to delete a bitmap buffer, maybe? + * Don't do any jbd operations, and return an error. */ + if (!J_EXPECT_JH(jh, !jh->b_committed_data, + "inconsistent data on disk")) { + err = -EIO; + goto not_jbd; + } + if (jh->b_transaction == handle->h_transaction) { J_ASSERT_JH(jh, !jh->b_frozen_data); @@ -1223,7 +1232,6 @@ void journal_forget(handle_t *handle, st clear_buffer_jbddirty(bh); JBUFFER_TRACE(jh, "belongs to current transaction: unfile"); - J_ASSERT_JH(jh, !jh->b_committed_data); __journal_unfile_buffer(jh); @@ -1248,7 +1256,7 @@ void journal_forget(handle_t *handle, st spin_unlock(&journal->j_list_lock); jbd_unlock_bh_state(bh); __bforget(bh); - return; + return 0; } } } else if (jh->b_transaction) { @@ -1270,7 +1278,7 @@ not_jbd: spin_unlock(&journal->j_list_lock); jbd_unlock_bh_state(bh); __brelse(bh); - return; + return err; } /** diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/fs/jffs2/build.c linux-2.6.10-ck6/fs/jffs2/build.c --- linux-2.6.10-ck5/fs/jffs2/build.c 2004-08-15 14:08:16.000000000 +1000 +++ linux-2.6.10-ck6/fs/jffs2/build.c 2005-02-23 23:34:14.000000000 +1100 @@ -88,6 +88,7 @@ static int jffs2_build_filesystem(struct int ret; int i; struct jffs2_inode_cache *ic; + struct jffs2_full_dirent *fd; struct jffs2_full_dirent *dead_fds = NULL; /* First, scan the medium and build all the inode caches with @@ -98,7 +99,7 @@ static int jffs2_build_filesystem(struct c->flags &= ~JFFS2_SB_FLAG_MOUNTING; if (ret) - return ret; + goto exit; D1(printk(KERN_DEBUG "Scanned flash completely\n")); D1(jffs2_dump_block_lists(c)); @@ -135,9 +136,7 @@ static int jffs2_build_filesystem(struct D1(printk(KERN_DEBUG "Pass 2a starting\n")); while (dead_fds) { - struct jffs2_inode_cache *ic; - struct jffs2_full_dirent *fd = dead_fds; - + fd = dead_fds; dead_fds = fd->next; ic = jffs2_get_ino_cache(c, fd->ino); @@ -152,7 +151,6 @@ static int jffs2_build_filesystem(struct /* Finally, we can scan again and free the dirent structs */ for_each_inode(i, c, ic) { - struct jffs2_full_dirent *fd; D1(printk(KERN_DEBUG "Pass 3: ino #%u, ic %p, nodes %p\n", ic->ino, ic, ic->nodes)); while(ic->scan_dents) { @@ -169,6 +167,19 @@ static int jffs2_build_filesystem(struct /* Rotate the lists by some number to ensure wear levelling */ jffs2_rotate_lists(c); + ret = 0; + +exit: + if (ret) { + for_each_inode(i, c, ic) { + while(ic->scan_dents) { + fd = ic->scan_dents; + ic->scan_dents = fd->next; + jffs2_free_full_dirent(fd); + } + } + } + return ret; } @@ -310,6 +321,7 @@ int jffs2_do_mount_fs(struct jffs2_sb_in c->blocks[i].used_size = 0; c->blocks[i].first_node = NULL; c->blocks[i].last_node = NULL; + c->blocks[i].bad_count = 0; } init_MUTEX(&c->alloc_sem); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/fs/jfs/inode.c linux-2.6.10-ck6/fs/jfs/inode.c --- linux-2.6.10-ck5/fs/jfs/inode.c 2004-10-19 08:57:11.000000000 +1000 +++ linux-2.6.10-ck6/fs/jfs/inode.c 2005-02-23 23:34:14.000000000 +1100 @@ -81,8 +81,7 @@ int jfs_commit_inode(struct inode *inode * Don't commit if inode has been committed since last being * marked dirty, or if it has been deleted. */ - if (test_cflag(COMMIT_Nolink, inode) || - !test_cflag(COMMIT_Dirty, inode)) + if (inode->i_nlink == 0 || !test_cflag(COMMIT_Dirty, inode)) return 0; if (isReadOnly(inode)) { @@ -100,7 +99,13 @@ int jfs_commit_inode(struct inode *inode tid = txBegin(inode->i_sb, COMMIT_INODE); down(&JFS_IP(inode)->commit_sem); - rc = txCommit(tid, 1, &inode, wait ? COMMIT_SYNC : 0); + + /* + * Retest inode state after taking commit_sem + */ + if (inode->i_nlink && test_cflag(COMMIT_Dirty, inode)) + rc = txCommit(tid, 1, &inode, wait ? COMMIT_SYNC : 0); + txEnd(tid); up(&JFS_IP(inode)->commit_sem); return rc; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/fs/nls/nls_ascii.c linux-2.6.10-ck6/fs/nls/nls_ascii.c --- linux-2.6.10-ck5/fs/nls/nls_ascii.c 2004-08-15 14:08:17.000000000 +1000 +++ linux-2.6.10-ck6/fs/nls/nls_ascii.c 2005-02-23 23:34:14.000000000 +1100 @@ -13,7 +13,7 @@ #include #include -static wchar_t charset2uni[128] = { +static wchar_t charset2uni[256] = { /* 0x00*/ 0x0000, 0x0001, 0x0002, 0x0003, 0x0004, 0x0005, 0x0006, 0x0007, @@ -56,7 +56,7 @@ static wchar_t charset2uni[128] = { 0x007c, 0x007d, 0x007e, 0x007f, }; -static unsigned char page00[128] = { +static unsigned char page00[256] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */ @@ -75,11 +75,11 @@ static unsigned char page00[128] = { 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, /* 0x78-0x7f */ }; -static unsigned char *page_uni2charset[128] = { - page00, NULL, NULL, NULL, NULL, NULL, NULL, NULL, +static unsigned char *page_uni2charset[256] = { + page00, }; -static unsigned char charset2lower[128] = { +static unsigned char charset2lower[256] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */ @@ -98,7 +98,7 @@ static unsigned char charset2lower[128] 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, /* 0x78-0x7f */ }; -static unsigned char charset2upper[128] = { +static unsigned char charset2upper[256] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */ diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/fs/openpromfs/inode.c linux-2.6.10-ck6/fs/openpromfs/inode.c --- linux-2.6.10-ck5/fs/openpromfs/inode.c 2004-10-19 08:57:11.000000000 +1000 +++ linux-2.6.10-ck6/fs/openpromfs/inode.c 2005-02-23 23:34:14.000000000 +1100 @@ -94,8 +94,6 @@ static ssize_t property_read(struct file openprom_property *op; char buffer[64]; - if (*ppos >= 0xffffff || count >= 0xffffff) - return -EINVAL; if (!filp->private_data) { node = nodes[(u16)((long)inode->u.generic_ip)].node; i = ((u32)(long)inode->u.generic_ip) >> 16; @@ -168,6 +166,8 @@ static ssize_t property_read(struct file op = (openprom_property *)filp->private_data; if (!count || !(op->len || (op->flag & OPP_ASCIIZ))) return 0; + if (*ppos >= 0xffffff || count >= 0xffffff) + return -EINVAL; if (op->flag & OPP_STRINGLIST) { for (k = 0, p = op->value; p < op->value + op->len; p++) if (!*p) diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/fs/proc/generic.c linux-2.6.10-ck6/fs/proc/generic.c --- linux-2.6.10-ck5/fs/proc/generic.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck6/fs/proc/generic.c 2005-02-23 23:34:14.000000000 +1100 @@ -60,7 +60,7 @@ proc_file_read(struct file *file, char _ return -ENOMEM; while ((nbytes > 0) && !eof) { - count = min_t(ssize_t, PROC_BLOCK_SIZE, nbytes); + count = min_t(size_t, PROC_BLOCK_SIZE, nbytes); start = NULL; if (dp->get_info) { diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/fs/reiserfs/file.c linux-2.6.10-ck6/fs/reiserfs/file.c --- linux-2.6.10-ck5/fs/reiserfs/file.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck6/fs/reiserfs/file.c 2005-02-23 23:34:14.000000000 +1100 @@ -588,7 +588,7 @@ error_exit: /* Unlock pages prepared by reiserfs_prepare_file_region_for_write */ void reiserfs_unprepare_pages(struct page **prepared_pages, /* list of locked pages */ - int num_pages /* amount of pages */) { + size_t num_pages /* amount of pages */) { int i; // loop counter for (i=0; i < num_pages ; i++) { @@ -619,7 +619,7 @@ int reiserfs_copy_from_user_to_file_regi int offset; // offset in page for ( i = 0, offset = (pos & (PAGE_CACHE_SIZE-1)); i < num_pages ; i++,offset=0) { - int count = min_t(int,PAGE_CACHE_SIZE-offset,write_bytes); // How much of bytes to write to this page + size_t count = min_t(size_t,PAGE_CACHE_SIZE-offset,write_bytes); // How much of bytes to write to this page struct page *page=prepared_pages[i]; // Current page we process. fault_in_pages_readable( buf, count); @@ -718,8 +718,8 @@ int reiserfs_submit_file_region_for_writ struct reiserfs_transaction_handle *th, struct inode *inode, loff_t pos, /* Writing position offset */ - int num_pages, /* Number of pages to write */ - int write_bytes, /* number of bytes to write */ + size_t num_pages, /* Number of pages to write */ + size_t write_bytes, /* number of bytes to write */ struct page **prepared_pages /* list of pages */ ) { @@ -854,9 +854,9 @@ int reiserfs_check_for_tail_and_convert( int reiserfs_prepare_file_region_for_write( struct inode *inode /* Inode of the file */, loff_t pos, /* position in the file */ - int num_pages, /* number of pages to + size_t num_pages, /* number of pages to prepare */ - int write_bytes, /* Amount of bytes to be + size_t write_bytes, /* Amount of bytes to be overwritten from @pos */ struct page **prepared_pages /* pointer to array @@ -1252,10 +1252,9 @@ ssize_t reiserfs_file_write( struct file while ( count > 0) { /* This is the main loop in which we running until some error occures or until we write all of the data. */ - int num_pages;/* amount of pages we are going to write this iteration */ - int write_bytes; /* amount of bytes to write during this iteration */ - int blocks_to_allocate; /* how much blocks we need to allocate for - this iteration */ + size_t num_pages;/* amount of pages we are going to write this iteration */ + size_t write_bytes; /* amount of bytes to write during this iteration */ + size_t blocks_to_allocate; /* how much blocks we need to allocate for this iteration */ /* (pos & (PAGE_CACHE_SIZE-1)) is an idiom for offset into a page of pos*/ num_pages = !!((pos+count) & (PAGE_CACHE_SIZE - 1)) + /* round up partial @@ -1269,7 +1268,7 @@ ssize_t reiserfs_file_write( struct file /* If we were asked to write more data than we want to or if there is not that much space, then we shorten amount of data to write for this iteration. */ - num_pages = min_t(int, REISERFS_WRITE_PAGES_AT_A_TIME, reiserfs_can_fit_pages(inode->i_sb)); + num_pages = min_t(size_t, REISERFS_WRITE_PAGES_AT_A_TIME, reiserfs_can_fit_pages(inode->i_sb)); /* Also we should not forget to set size in bytes accordingly */ write_bytes = (num_pages << PAGE_CACHE_SHIFT) - (pos & (PAGE_CACHE_SIZE-1)); @@ -1295,7 +1294,7 @@ ssize_t reiserfs_file_write( struct file // But overwriting files on absolutelly full volumes would not // be very efficient. Well, people are not supposed to fill // 100% of disk space anyway. - write_bytes = min_t(int, count, inode->i_sb->s_blocksize - (pos & (inode->i_sb->s_blocksize - 1))); + write_bytes = min_t(size_t, count, inode->i_sb->s_blocksize - (pos & (inode->i_sb->s_blocksize - 1))); num_pages = 1; // No blocks were claimed before, so do it now. reiserfs_claim_blocks_to_be_allocated(inode->i_sb, 1 << (PAGE_CACHE_SHIFT - inode->i_blkbits)); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/fs/smbfs/proc.c linux-2.6.10-ck6/fs/smbfs/proc.c --- linux-2.6.10-ck5/fs/smbfs/proc.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck6/fs/smbfs/proc.c 2005-02-23 23:34:14.000000000 +1100 @@ -1427,9 +1427,9 @@ smb_proc_readX_data(struct smb_request * * So we must first calculate the amount of padding used by the server. */ data_off -= hdrlen; - if (data_off > SMB_READX_MAX_PAD) { - PARANOIA("offset is larger than max pad!\n"); - PARANOIA("%d > %d\n", data_off, SMB_READX_MAX_PAD); + if (data_off > SMB_READX_MAX_PAD || data_off < 0) { + PARANOIA("offset is larger than SMB_READX_MAX_PAD or negative!\n"); + PARANOIA("%d > %d || %d < 0\n", data_off, SMB_READX_MAX_PAD, data_off); req->rq_rlen = req->rq_bufsize + 1; return; } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/fs/smbfs/request.c linux-2.6.10-ck6/fs/smbfs/request.c --- linux-2.6.10-ck5/fs/smbfs/request.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck6/fs/smbfs/request.c 2005-02-23 23:34:14.000000000 +1100 @@ -588,8 +588,18 @@ static int smb_recv_trans2(struct smb_sb data_count = WVAL(inbuf, smb_drcnt); /* Modify offset for the split header/buffer we use */ - data_offset -= hdrlen; - parm_offset -= hdrlen; + if (data_count || data_offset) { + if (unlikely(data_offset < hdrlen)) + goto out_bad_data; + else + data_offset -= hdrlen; + } + if (parm_count || parm_offset) { + if (unlikely(parm_offset < hdrlen)) + goto out_bad_parm; + else + parm_offset -= hdrlen; + } if (parm_count == parm_tot && data_count == data_tot) { /* @@ -600,18 +610,22 @@ static int smb_recv_trans2(struct smb_sb * response that fits. */ VERBOSE("single trans2 response " - "dcnt=%d, pcnt=%d, doff=%d, poff=%d\n", + "dcnt=%u, pcnt=%u, doff=%u, poff=%u\n", data_count, parm_count, data_offset, parm_offset); req->rq_ldata = data_count; req->rq_lparm = parm_count; req->rq_data = req->rq_buffer + data_offset; req->rq_parm = req->rq_buffer + parm_offset; + if (unlikely(parm_offset + parm_count > req->rq_rlen)) + goto out_bad_parm; + if (unlikely(data_offset + data_count > req->rq_rlen)) + goto out_bad_data; return 0; } VERBOSE("multi trans2 response " - "frag=%d, dcnt=%d, pcnt=%d, doff=%d, poff=%d\n", + "frag=%d, dcnt=%u, pcnt=%u, doff=%u, poff=%u\n", req->rq_fragment, data_count, parm_count, data_offset, parm_offset); @@ -638,13 +652,15 @@ static int smb_recv_trans2(struct smb_sb req->rq_parm = req->rq_trans2buffer; req->rq_data = req->rq_trans2buffer + parm_tot; - } else if (req->rq_total_data < data_tot || - req->rq_total_parm < parm_tot) + } else if (unlikely(req->rq_total_data < data_tot || + req->rq_total_parm < parm_tot)) goto out_data_grew; - if (parm_disp + parm_count > req->rq_total_parm) + if (unlikely(parm_disp + parm_count > req->rq_total_parm || + parm_offset + parm_count > req->rq_rlen)) goto out_bad_parm; - if (data_disp + data_count > req->rq_total_data) + if (unlikely(data_disp + data_count > req->rq_total_data || + data_offset + data_count > req->rq_rlen)) goto out_bad_data; inbuf = req->rq_buffer; @@ -666,10 +682,9 @@ static int smb_recv_trans2(struct smb_sb return 1; out_too_long: - printk(KERN_ERR "smb_trans2: data/param too long, data=%d, parm=%d\n", + printk(KERN_ERR "smb_trans2: data/param too long, data=%u, parm=%u\n", data_tot, parm_tot); - req->rq_errno = -EIO; - goto out; + goto out_EIO; out_no_mem: printk(KERN_ERR "smb_trans2: couldn't allocate data area of %d bytes\n", req->rq_trans2bufsize); @@ -677,16 +692,15 @@ out_no_mem: goto out; out_data_grew: printk(KERN_ERR "smb_trans2: data/params grew!\n"); - req->rq_errno = -EIO; - goto out; + goto out_EIO; out_bad_parm: - printk(KERN_ERR "smb_trans2: invalid parms, disp=%d, cnt=%d, tot=%d\n", - parm_disp, parm_count, parm_tot); - req->rq_errno = -EIO; - goto out; + printk(KERN_ERR "smb_trans2: invalid parms, disp=%u, cnt=%u, tot=%u, ofs=%u\n", + parm_disp, parm_count, parm_tot, parm_offset); + goto out_EIO; out_bad_data: - printk(KERN_ERR "smb_trans2: invalid data, disp=%d, cnt=%d, tot=%d\n", - data_disp, data_count, data_tot); + printk(KERN_ERR "smb_trans2: invalid data, disp=%u, cnt=%u, tot=%u, ofs=%u\n", + data_disp, data_count, data_tot, data_offset); +out_EIO: req->rq_errno = -EIO; out: return req->rq_errno; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/fs/vfat/namei.c linux-2.6.10-ck6/fs/vfat/namei.c --- linux-2.6.10-ck5/fs/vfat/namei.c 2004-10-19 08:57:11.000000000 +1000 +++ linux-2.6.10-ck6/fs/vfat/namei.c 2005-02-23 23:34:14.000000000 +1100 @@ -199,10 +199,10 @@ static inline int vfat_is_used_badchars( static int vfat_valid_longname(const unsigned char *name, unsigned int len) { - if (len && name[len-1] == ' ') - return 0; + if (name[len - 1] == ' ') + return -EINVAL; if (len >= 256) - return 0; + return -ENAMETOOLONG; /* MS-DOS "device special files" */ if (len == 3 || (len > 3 && name[3] == '.')) { /* basename == 3 */ @@ -210,18 +210,18 @@ static int vfat_valid_longname(const uns !strnicmp(name, "con", 3) || !strnicmp(name, "nul", 3) || !strnicmp(name, "prn", 3)) - return 0; + return -EINVAL; } if (len == 4 || (len > 4 && name[4] == '.')) { /* basename == 4 */ /* "com1", "com2", ... */ if ('1' <= name[3] && name[3] <= '9') { if (!strnicmp(name, "com", 3) || !strnicmp(name, "lpt", 3)) - return 0; + return -EINVAL; } } - return 1; + return 0; } static int vfat_find_form(struct inode *dir, unsigned char *name) @@ -624,8 +624,9 @@ static int vfat_build_slots(struct inode loff_t offset; *slots = 0; - if (!vfat_valid_longname(name, len)) - return -EINVAL; + res = vfat_valid_longname(name, len); + if (res) + return res; if(!(page = __get_free_page(GFP_KERNEL))) return -ENOMEM; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/fs/xfs/linux-2.6/xfs_ioctl.c linux-2.6.10-ck6/fs/xfs/linux-2.6/xfs_ioctl.c --- linux-2.6.10-ck5/fs/xfs/linux-2.6/xfs_ioctl.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck6/fs/xfs/linux-2.6/xfs_ioctl.c 2005-02-23 23:34:14.000000000 +1100 @@ -499,7 +499,7 @@ xfs_attrmulti_by_handle( xfs_fsop_attrmulti_handlereq_t am_hreq; struct inode *inode; vnode_t *vp; - int i, size; + unsigned int i, size; error = xfs_vget_fsop_handlereq(mp, parinode, CAP_SYS_ADMIN, arg, sizeof(xfs_fsop_attrmulti_handlereq_t), @@ -509,6 +509,11 @@ xfs_attrmulti_by_handle( return -error; size = am_hreq.opcount * sizeof(attr_multiop_t); + if (!size || size > 16 * PAGE_SIZE) { + VN_RELE(vp); + return -XFS_ERROR(E2BIG); + } + ops = (xfs_attr_multiop_t *)kmalloc(size, GFP_KERNEL); if (!ops) { VN_RELE(vp); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/fs/xfs/xfs_vnodeops.c linux-2.6.10-ck6/fs/xfs/xfs_vnodeops.c --- linux-2.6.10-ck5/fs/xfs/xfs_vnodeops.c 2004-10-19 08:57:11.000000000 +1000 +++ linux-2.6.10-ck6/fs/xfs/xfs_vnodeops.c 2005-02-23 23:34:14.000000000 +1100 @@ -3900,7 +3900,7 @@ xfs_finish_reclaim( int error; if (vp && VN_BAD(vp)) - return 0; + goto reclaim; /* The hash lock here protects a thread in xfs_iget_core from * racing with us on linking the inode back with a vnode. @@ -3948,8 +3948,7 @@ xfs_finish_reclaim( */ if (error) { xfs_iunlock(ip, XFS_ILOCK_EXCL); - xfs_ireclaim(ip); - return (0); + goto reclaim; } xfs_iflock(ip); /* synchronize with xfs_iflush_done */ } @@ -3968,6 +3967,7 @@ xfs_finish_reclaim( xfs_iunlock(ip, XFS_ILOCK_EXCL); } + reclaim: xfs_ireclaim(ip); return 0; } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/include/asm-i386/smp.h linux-2.6.10-ck6/include/asm-i386/smp.h --- linux-2.6.10-ck5/include/asm-i386/smp.h 2005-02-23 23:34:03.000000000 +1100 +++ linux-2.6.10-ck6/include/asm-i386/smp.h 2005-02-23 23:34:14.000000000 +1100 @@ -53,6 +53,7 @@ extern u8 x86_cpu_to_apicid[]; #define __smp_processor_id() (current_thread_info()->cpu) extern cpumask_t cpu_callout_map; +extern cpumask_t cpu_callin_map; #define cpu_possible_map cpu_callout_map /* We don't mark CPUs online until __cpu_up(), so we need another measure */ diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/include/asm-ia64/sal.h linux-2.6.10-ck6/include/asm-ia64/sal.h --- linux-2.6.10-ck5/include/asm-ia64/sal.h 2004-10-19 08:57:11.000000000 +1000 +++ linux-2.6.10-ck6/include/asm-ia64/sal.h 2005-02-23 23:34:14.000000000 +1100 @@ -829,6 +829,8 @@ extern int ia64_sal_oemcall_nolock(struc extern int ia64_sal_oemcall_reentrant(struct ia64_sal_retval *, u64, u64, u64, u64, u64, u64, u64, u64); +extern void ia64_sal_handler_init(void *entry_point, void *gpval); + #endif /* __ASSEMBLY__ */ #endif /* _ASM_IA64_SAL_H */ diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/include/asm-x86_64/mmu_context.h linux-2.6.10-ck6/include/asm-x86_64/mmu_context.h --- linux-2.6.10-ck5/include/asm-x86_64/mmu_context.h 2004-03-11 21:29:28.000000000 +1100 +++ linux-2.6.10-ck6/include/asm-x86_64/mmu_context.h 2005-02-23 23:34:14.000000000 +1100 @@ -54,9 +54,10 @@ static inline void switch_mm(struct mm_s out_of_line_bug(); if(!test_and_set_bit(cpu, &next->cpu_vm_mask)) { /* We were in lazy tlb mode and leave_mm disabled - * tlb flush IPI delivery. We must flush our tlb. + * tlb flush IPI delivery. We must reload CR3 + * to make sure to use no freed page tables. */ - local_flush_tlb(); + asm volatile("movq %0,%%cr3" :: "r" (__pa(next->pgd)) : "memory"); load_LDT_nolock(&next->context, cpu); } } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/include/asm-x86_64/smp.h linux-2.6.10-ck6/include/asm-x86_64/smp.h --- linux-2.6.10-ck5/include/asm-x86_64/smp.h 2005-02-23 23:34:03.000000000 +1100 +++ linux-2.6.10-ck6/include/asm-x86_64/smp.h 2005-02-23 23:34:14.000000000 +1100 @@ -59,6 +59,7 @@ extern u8 phys_proc_id[NR_CPUS]; */ extern cpumask_t cpu_callout_map; +extern cpumask_t cpu_callin_map; #define cpu_possible_map cpu_callout_map static inline int num_booting_cpus(void) diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/include/linux/ext3_jbd.h linux-2.6.10-ck6/include/linux/ext3_jbd.h --- linux-2.6.10-ck5/include/linux/ext3_jbd.h 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck6/include/linux/ext3_jbd.h 2005-02-23 23:34:14.000000000 +1100 @@ -138,10 +138,13 @@ ext3_journal_release_buffer(handle_t *ha journal_release_buffer(handle, bh, credits); } -static inline void -ext3_journal_forget(handle_t *handle, struct buffer_head *bh) +static inline int +__ext3_journal_forget(const char *where, handle_t *handle, struct buffer_head *bh) { - journal_forget(handle, bh); + int err = journal_forget(handle, bh); + if (err) + ext3_journal_abort_handle(where, __FUNCTION__, bh, handle,err); + return err; } static inline int @@ -187,6 +190,8 @@ __ext3_journal_dirty_metadata(const char __ext3_journal_get_create_access(__FUNCTION__, (handle), (bh)) #define ext3_journal_dirty_metadata(handle, bh) \ __ext3_journal_dirty_metadata(__FUNCTION__, (handle), (bh)) +#define ext3_journal_forget(handle, bh) \ + __ext3_journal_forget(__FUNCTION__, (handle), (bh)) handle_t *ext3_journal_start_sb(struct super_block *sb, int nblocks); int __ext3_journal_stop(const char *where, handle_t *handle); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/include/linux/jbd.h linux-2.6.10-ck6/include/linux/jbd.h --- linux-2.6.10-ck5/include/linux/jbd.h 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck6/include/linux/jbd.h 2005-02-23 23:34:14.000000000 +1100 @@ -277,13 +277,15 @@ void buffer_assertion_failure(struct buf #define J_EXPECT_JH(jh, expr, why...) J_ASSERT_JH(jh, expr) #else #define __journal_expect(expr, why...) \ - do { \ - if (!(expr)) { \ + ({ \ + int val = (expr); \ + if (!val) { \ printk(KERN_ERR \ "EXT3-fs unexpected failure: %s;\n",# expr); \ - printk(KERN_ERR why); \ + printk(KERN_ERR why "\n"); \ } \ - } while (0) + val; \ + }) #define J_EXPECT(expr, why...) __journal_expect(expr, ## why) #define J_EXPECT_BH(bh, expr, why...) __journal_expect(expr, ## why) #define J_EXPECT_JH(jh, expr, why...) __journal_expect(expr, ## why) @@ -874,7 +876,7 @@ extern int journal_dirty_data (handle_t extern int journal_dirty_metadata (handle_t *, struct buffer_head *); extern void journal_release_buffer (handle_t *, struct buffer_head *, int credits); -extern void journal_forget (handle_t *, struct buffer_head *); +extern int journal_forget (handle_t *, struct buffer_head *); extern void journal_sync_buffer (struct buffer_head *); extern int journal_invalidatepage(journal_t *, struct page *, unsigned long); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.6.10-ck6/include/linux/netfilter_ipv4/ip_conntrack.h --- linux-2.6.10-ck5/include/linux/netfilter_ipv4/ip_conntrack.h 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck6/include/linux/netfilter_ipv4/ip_conntrack.h 2005-02-23 23:34:14.000000000 +1100 @@ -278,10 +278,9 @@ extern void (*ip_conntrack_destroyed)(st /* Fake conntrack entry for untracked connections */ extern struct ip_conntrack ip_conntrack_untracked; -extern int ip_ct_no_defrag; /* Returns new sk_buff, or NULL */ struct sk_buff * -ip_ct_gather_frags(struct sk_buff *skb); +ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user); /* Delete all conntracks which match. */ extern void diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/include/net/ip.h linux-2.6.10-ck6/include/net/ip.h --- linux-2.6.10-ck5/include/net/ip.h 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck6/include/net/ip.h 2005-02-23 23:34:14.000000000 +1100 @@ -253,9 +253,21 @@ extern int ip_call_ra_chain(struct sk_bu /* * Functions provided by ip_fragment.o */ - -struct sk_buff *ip_defrag(struct sk_buff *skb); -extern void ipfrag_flush(void); + +enum ip_defrag_users +{ + IP_DEFRAG_LOCAL_DELIVER, + IP_DEFRAG_CALL_RA_CHAIN, + IP_DEFRAG_CONNTRACK_IN, + IP_DEFRAG_CONNTRACK_OUT, + IP_DEFRAG_NAT_OUT, + IP_DEFRAG_FW_COMPAT, + IP_DEFRAG_VS_IN, + IP_DEFRAG_VS_OUT, + IP_DEFRAG_VS_FWD +}; + +struct sk_buff *ip_defrag(struct sk_buff *skb, u32 user); extern int ip_frag_nqueues; extern atomic_t ip_frag_mem; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/kernel/audit.c linux-2.6.10-ck6/kernel/audit.c --- linux-2.6.10-ck5/kernel/audit.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck6/kernel/audit.c 2005-02-23 23:34:14.000000000 +1100 @@ -419,7 +419,7 @@ static int audit_receive_skb(struct sk_b if (rlen > skb->len) rlen = skb->len; if ((err = audit_receive_msg(skb, nlh))) { - netlink_ack(skb, nlh, -err); + netlink_ack(skb, nlh, err); } else if (nlh->nlmsg_flags & NLM_F_ACK) netlink_ack(skb, nlh, 0); skb_pull(skb, rlen); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/kernel/auditsc.c linux-2.6.10-ck6/kernel/auditsc.c --- linux-2.6.10-ck5/kernel/auditsc.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck6/kernel/auditsc.c 2005-02-23 23:34:14.000000000 +1100 @@ -591,7 +591,7 @@ static void audit_log_exit(struct audit_ if (context->personality != PER_LINUX) audit_log_format(ab, " per=%lx", context->personality); if (context->return_valid) - audit_log_format(ab, " exit=%u", context->return_code); + audit_log_format(ab, " exit=%d", context->return_code); audit_log_format(ab, " a0=%lx a1=%lx a2=%lx a3=%lx items=%d" " pid=%d loginuid=%d uid=%d gid=%d" diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/kernel/exit.c linux-2.6.10-ck6/kernel/exit.c --- linux-2.6.10-ck5/kernel/exit.c 2005-02-23 23:34:04.000000000 +1100 +++ linux-2.6.10-ck6/kernel/exit.c 2005-02-23 23:34:14.000000000 +1100 @@ -331,7 +331,9 @@ void daemonize(const char *name, ...) exit_mm(current); set_special_pids(1, 1); + down(&tty_sem); current->signal->tty = NULL; + up(&tty_sem); /* Block and flush all signals */ sigfillset(&blocked); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/kernel/module.c linux-2.6.10-ck6/kernel/module.c --- linux-2.6.10-ck5/kernel/module.c 2005-02-23 23:34:04.000000000 +1100 +++ linux-2.6.10-ck6/kernel/module.c 2005-02-23 23:34:14.000000000 +1100 @@ -1713,6 +1713,9 @@ static struct module *load_module(void _ / sizeof(struct kernel_param), NULL); } + if (err < 0) + goto arch_cleanup; + err = mod_sysfs_setup(mod, (struct kernel_param *) sechdrs[setupindex].sh_addr, diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/kernel/sched.c linux-2.6.10-ck6/kernel/sched.c --- linux-2.6.10-ck5/kernel/sched.c 2005-02-23 23:34:04.000000000 +1100 +++ linux-2.6.10-ck6/kernel/sched.c 2005-02-23 23:34:14.000000000 +1100 @@ -4521,7 +4521,7 @@ void __might_sleep(char *file, int line) static unsigned long prev_jiffy; /* ratelimiting */ if ((in_atomic() || irqs_disabled()) && - system_state == SYSTEM_RUNNING) { + system_state == SYSTEM_RUNNING && !oops_in_progress) { if (time_before(jiffies, prev_jiffy + HZ) && prev_jiffy) return; prev_jiffy = jiffies; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/kernel/sys.c linux-2.6.10-ck6/kernel/sys.c --- linux-2.6.10-ck5/kernel/sys.c 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck6/kernel/sys.c 2005-02-23 23:34:14.000000000 +1100 @@ -23,6 +23,7 @@ #include #include #include +#include #include #include @@ -1075,6 +1076,7 @@ asmlinkage long sys_setsid(void) if (!thread_group_leader(current)) return -EINVAL; + down(&tty_sem); write_lock_irq(&tasklist_lock); pid = find_pid(PIDTYPE_PGID, current->pid); @@ -1088,6 +1090,7 @@ asmlinkage long sys_setsid(void) err = process_group(current); out: write_unlock_irq(&tasklist_lock); + up(&tty_sem); return err; } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/Makefile linux-2.6.10-ck6/Makefile --- linux-2.6.10-ck5/Makefile 2005-02-23 23:34:04.000000000 +1100 +++ linux-2.6.10-ck6/Makefile 2005-02-23 23:34:14.000000000 +1100 @@ -1,8 +1,8 @@ VERSION = 2 PATCHLEVEL = 6 SUBLEVEL = 10 -EXTRAVERSION =-ck5 -NAME=Woozy Numbat +EXTRAVERSION = -ck6 +NAME=Excuse Me Mr. # *DOCUMENTATION* # To see a list of typical targets execute "make help" diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/net/atm/addr.c linux-2.6.10-ck6/net/atm/addr.c --- linux-2.6.10-ck5/net/atm/addr.c 2004-06-16 17:35:46.000000000 +1000 +++ linux-2.6.10-ck6/net/atm/addr.c 2005-02-23 23:34:14.000000000 +1100 @@ -114,7 +114,7 @@ int atm_del_addr(struct atm_dev *dev,str } -int atm_get_addr(struct atm_dev *dev,struct sockaddr_atmsvc __user *buf,int size) +int atm_get_addr(struct atm_dev *dev,struct sockaddr_atmsvc __user *buf,size_t size) { unsigned long flags; struct atm_dev_addr *walk; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/net/atm/addr.h linux-2.6.10-ck6/net/atm/addr.h --- linux-2.6.10-ck5/net/atm/addr.h 2004-06-16 17:35:46.000000000 +1000 +++ linux-2.6.10-ck6/net/atm/addr.h 2005-02-23 23:34:14.000000000 +1100 @@ -13,6 +13,6 @@ void atm_reset_addr(struct atm_dev *dev); int atm_add_addr(struct atm_dev *dev,struct sockaddr_atmsvc *addr); int atm_del_addr(struct atm_dev *dev,struct sockaddr_atmsvc *addr); -int atm_get_addr(struct atm_dev *dev,struct sockaddr_atmsvc __user *buf,int size); +int atm_get_addr(struct atm_dev *dev,struct sockaddr_atmsvc __user *buf,size_t size); #endif diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/net/compat.c linux-2.6.10-ck6/net/compat.c --- linux-2.6.10-ck5/net/compat.c 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck6/net/compat.c 2005-02-23 23:34:14.000000000 +1100 @@ -125,7 +125,7 @@ int verify_compat_iovec(struct msghdr *k (struct compat_cmsghdr __user *)NULL) #define CMSG_COMPAT_OK(ucmlen, ucmsg, mhdr) \ - ((ucmlen) >= sizeof(struct cmsghdr) && \ + ((ucmlen) >= sizeof(struct compat_cmsghdr) && \ (ucmlen) <= (unsigned long) \ ((mhdr)->msg_controllen - \ ((char *)(ucmsg) - (char *)(mhdr)->msg_control))) diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/net/ipv4/ip_fragment.c linux-2.6.10-ck6/net/ipv4/ip_fragment.c --- linux-2.6.10-ck5/net/ipv4/ip_fragment.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck6/net/ipv4/ip_fragment.c 2005-02-23 23:34:14.000000000 +1100 @@ -73,6 +73,7 @@ struct ipfrag_skb_cb struct ipq { struct ipq *next; /* linked list pointers */ struct list_head lru_list; /* lru list member */ + u32 user; u32 saddr; u32 daddr; u16 id; @@ -243,13 +244,13 @@ static void ipq_kill(struct ipq *ipq) /* Memory limiting on fragments. Evictor trashes the oldest * fragment queue until we are back under the threshold. */ -static void __ip_evictor(int threshold) +static void ip_evictor(void) { struct ipq *qp; struct list_head *tmp; int work; - work = atomic_read(&ip_frag_mem) - threshold; + work = atomic_read(&ip_frag_mem) - sysctl_ipfrag_low_thresh; if (work <= 0) return; @@ -274,11 +275,6 @@ static void __ip_evictor(int threshold) } } -static inline void ip_evictor(void) -{ - __ip_evictor(sysctl_ipfrag_low_thresh); -} - /* * Oops, a fragment queue timed out. Kill it and send an ICMP reply. */ @@ -325,7 +321,8 @@ static struct ipq *ip_frag_intern(unsign if(qp->id == qp_in->id && qp->saddr == qp_in->saddr && qp->daddr == qp_in->daddr && - qp->protocol == qp_in->protocol) { + qp->protocol == qp_in->protocol && + qp->user == qp_in->user) { atomic_inc(&qp->refcnt); write_unlock(&ipfrag_lock); qp_in->last_in |= COMPLETE; @@ -352,7 +349,7 @@ static struct ipq *ip_frag_intern(unsign } /* Add an entry to the 'ipq' queue for a newly received IP datagram. */ -static struct ipq *ip_frag_create(unsigned hash, struct iphdr *iph) +static struct ipq *ip_frag_create(unsigned hash, struct iphdr *iph, u32 user) { struct ipq *qp; @@ -364,6 +361,7 @@ static struct ipq *ip_frag_create(unsign qp->id = iph->id; qp->saddr = iph->saddr; qp->daddr = iph->daddr; + qp->user = user; qp->len = 0; qp->meat = 0; qp->fragments = NULL; @@ -386,7 +384,7 @@ out_nomem: /* Find the correct entry in the "incomplete datagrams" queue for * this IP datagram, and create new one, if nothing is found. */ -static inline struct ipq *ip_find(struct iphdr *iph) +static inline struct ipq *ip_find(struct iphdr *iph, u32 user) { __u16 id = iph->id; __u32 saddr = iph->saddr; @@ -400,7 +398,8 @@ static inline struct ipq *ip_find(struct if(qp->id == id && qp->saddr == saddr && qp->daddr == daddr && - qp->protocol == protocol) { + qp->protocol == protocol && + qp->user == user) { atomic_inc(&qp->refcnt); read_unlock(&ipfrag_lock); return qp; @@ -408,7 +407,7 @@ static inline struct ipq *ip_find(struct } read_unlock(&ipfrag_lock); - return ip_frag_create(hash, iph); + return ip_frag_create(hash, iph, user); } /* Add new segment to existing queue. */ @@ -642,7 +641,7 @@ out_fail: } /* Process an incoming IP datagram fragment. */ -struct sk_buff *ip_defrag(struct sk_buff *skb) +struct sk_buff *ip_defrag(struct sk_buff *skb, u32 user) { struct iphdr *iph = skb->nh.iph; struct ipq *qp; @@ -657,7 +656,7 @@ struct sk_buff *ip_defrag(struct sk_buff dev = skb->dev; /* Lookup (or create) queue header */ - if ((qp = ip_find(iph)) != NULL) { + if ((qp = ip_find(iph, user)) != NULL) { struct sk_buff *ret = NULL; spin_lock(&qp->lock); @@ -689,10 +688,4 @@ void ipfrag_init(void) add_timer(&ipfrag_secret_timer); } -void ipfrag_flush(void) -{ - __ip_evictor(0); -} - EXPORT_SYMBOL(ip_defrag); -EXPORT_SYMBOL(ipfrag_flush); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/net/ipv4/ip_input.c linux-2.6.10-ck6/net/ipv4/ip_input.c --- linux-2.6.10-ck5/net/ipv4/ip_input.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck6/net/ipv4/ip_input.c 2005-02-23 23:34:14.000000000 +1100 @@ -172,7 +172,7 @@ int ip_call_ra_chain(struct sk_buff *skb (!sk->sk_bound_dev_if || sk->sk_bound_dev_if == skb->dev->ifindex)) { if (skb->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { - skb = ip_defrag(skb); + skb = ip_defrag(skb, IP_DEFRAG_CALL_RA_CHAIN); if (skb == NULL) { read_unlock(&ip_ra_lock); return 1; @@ -273,7 +273,7 @@ int ip_local_deliver(struct sk_buff *skb */ if (skb->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { - skb = ip_defrag(skb); + skb = ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER); if (!skb) return 0; } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/net/ipv4/ip_output.c linux-2.6.10-ck6/net/ipv4/ip_output.c --- linux-2.6.10-ck5/net/ipv4/ip_output.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck6/net/ipv4/ip_output.c 2005-02-23 23:34:14.000000000 +1100 @@ -504,6 +504,7 @@ int ip_fragment(struct sk_buff *skb, int /* Prepare header of the next frame, * before previous one went down. */ if (frag) { + frag->ip_summed = CHECKSUM_NONE; frag->h.raw = frag->data; frag->nh.raw = __skb_push(frag, hlen); memcpy(frag->nh.raw, iph, hlen); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/net/ipv4/ipvs/ip_vs_core.c linux-2.6.10-ck6/net/ipv4/ipvs/ip_vs_core.c --- linux-2.6.10-ck5/net/ipv4/ipvs/ip_vs_core.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck6/net/ipv4/ipvs/ip_vs_core.c 2005-02-23 23:34:14.000000000 +1100 @@ -545,9 +545,9 @@ u16 ip_vs_checksum_complete(struct sk_bu } static inline struct sk_buff * -ip_vs_gather_frags(struct sk_buff *skb) +ip_vs_gather_frags(struct sk_buff *skb, u_int32_t user) { - skb = ip_defrag(skb); + skb = ip_defrag(skb, user); if (skb) ip_send_check(skb->nh.iph); return skb; @@ -621,7 +621,7 @@ static int ip_vs_out_icmp(struct sk_buff /* reassemble IP fragments */ if (skb->nh.iph->frag_off & __constant_htons(IP_MF|IP_OFFSET)) { - skb = ip_vs_gather_frags(skb); + skb = ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT); if (!skb) return NF_STOLEN; *pskb = skb; @@ -760,7 +760,7 @@ ip_vs_out(unsigned int hooknum, struct s /* reassemble IP fragments */ if (unlikely(iph->frag_off & __constant_htons(IP_MF|IP_OFFSET) && !pp->dont_defrag)) { - skb = ip_vs_gather_frags(skb); + skb = ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT); if (!skb) return NF_STOLEN; iph = skb->nh.iph; @@ -865,7 +865,8 @@ check_for_ip_vs_out(struct sk_buff **psk * forward to the right destination host if relevant. * Currently handles error types - unreachable, quench, ttl exceeded. */ -static int ip_vs_in_icmp(struct sk_buff **pskb, int *related) +static int +ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum) { struct sk_buff *skb = *pskb; struct iphdr *iph; @@ -879,7 +880,9 @@ static int ip_vs_in_icmp(struct sk_buff /* reassemble IP fragments */ if (skb->nh.iph->frag_off & __constant_htons(IP_MF|IP_OFFSET)) { - skb = ip_vs_gather_frags(skb); + skb = ip_vs_gather_frags(skb, + hooknum == NF_IP_LOCAL_IN ? + IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD); if (!skb) return NF_STOLEN; *pskb = skb; @@ -988,7 +991,7 @@ ip_vs_in(unsigned int hooknum, struct sk iph = skb->nh.iph; if (unlikely(iph->protocol == IPPROTO_ICMP)) { - int related, verdict = ip_vs_in_icmp(pskb, &related); + int related, verdict = ip_vs_in_icmp(pskb, &related, hooknum); if (related) return verdict; @@ -1083,7 +1086,7 @@ ip_vs_forward_icmp(unsigned int hooknum, if ((*pskb)->nh.iph->protocol != IPPROTO_ICMP) return NF_ACCEPT; - return ip_vs_in_icmp(pskb, &r); + return ip_vs_in_icmp(pskb, &r, hooknum); } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/net/ipv4/netfilter/ip_conntrack_core.c linux-2.6.10-ck6/net/ipv4/netfilter/ip_conntrack_core.c --- linux-2.6.10-ck5/net/ipv4/netfilter/ip_conntrack_core.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck6/net/ipv4/netfilter/ip_conntrack_core.c 2005-02-23 23:34:14.000000000 +1100 @@ -1113,29 +1113,22 @@ void ip_ct_refresh_acct(struct ip_conntr } } -int ip_ct_no_defrag; - /* Returns new sk_buff, or NULL */ struct sk_buff * -ip_ct_gather_frags(struct sk_buff *skb) +ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user) { struct sock *sk = skb->sk; #ifdef CONFIG_NETFILTER_DEBUG unsigned int olddebug = skb->nf_debug; #endif - if (unlikely(ip_ct_no_defrag)) { - kfree_skb(skb); - return NULL; - } - if (sk) { sock_hold(sk); skb_orphan(skb); } local_bh_disable(); - skb = ip_defrag(skb); + skb = ip_defrag(skb, user); local_bh_enable(); if (!skb) { diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/net/ipv4/netfilter/ip_conntrack_standalone.c linux-2.6.10-ck6/net/ipv4/netfilter/ip_conntrack_standalone.c --- linux-2.6.10-ck5/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-02-23 23:34:04.000000000 +1100 +++ linux-2.6.10-ck6/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-02-23 23:34:14.000000000 +1100 @@ -381,7 +381,10 @@ static unsigned int ip_conntrack_defrag( /* Gather fragments. */ if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { - *pskb = ip_ct_gather_frags(*pskb); + *pskb = ip_ct_gather_frags(*pskb, + hooknum == NF_IP_PRE_ROUTING ? + IP_DEFRAG_CONNTRACK_IN : + IP_DEFRAG_CONNTRACK_OUT); if (!*pskb) return NF_STOLEN; } @@ -813,12 +816,6 @@ static int init_or_cleanup(int init) cleanup_defraglocalops: nf_unregister_hook(&ip_conntrack_defrag_local_out_ops); cleanup_defragops: - /* Frag queues may hold fragments with skb->dst == NULL */ - ip_ct_no_defrag = 1; - synchronize_net(); - local_bh_disable(); - ipfrag_flush(); - local_bh_enable(); nf_unregister_hook(&ip_conntrack_defrag_ops); cleanup_proc_stat: #ifdef CONFIG_PROC_FS diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/net/ipv4/netfilter/ip_fw_compat.c linux-2.6.10-ck6/net/ipv4/netfilter/ip_fw_compat.c --- linux-2.6.10-ck5/net/ipv4/netfilter/ip_fw_compat.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck6/net/ipv4/netfilter/ip_fw_compat.c 2005-02-23 23:34:14.000000000 +1100 @@ -80,7 +80,7 @@ fw_in(unsigned int hooknum, &redirpt, pskb); if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { - *pskb = ip_ct_gather_frags(*pskb); + *pskb = ip_ct_gather_frags(*pskb, IP_DEFRAG_NAT_OUT); if (!*pskb) return NF_STOLEN; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/net/ipv4/netfilter/ip_nat_standalone.c linux-2.6.10-ck6/net/ipv4/netfilter/ip_nat_standalone.c --- linux-2.6.10-ck5/net/ipv4/netfilter/ip_nat_standalone.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck6/net/ipv4/netfilter/ip_nat_standalone.c 2005-02-23 23:34:14.000000000 +1100 @@ -202,7 +202,7 @@ ip_nat_out(unsigned int hooknum, I'm starting to have nightmares about fragments. */ if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { - *pskb = ip_ct_gather_frags(*pskb); + *pskb = ip_ct_gather_frags(*pskb, IP_DEFRAG_NAT_OUT); if (!*pskb) return NF_STOLEN; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/net/ipv6/ip6_output.c linux-2.6.10-ck6/net/ipv6/ip6_output.c --- linux-2.6.10-ck5/net/ipv6/ip6_output.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck6/net/ipv6/ip6_output.c 2005-02-23 23:34:14.000000000 +1100 @@ -592,6 +592,7 @@ static int ip6_fragment(struct sk_buff * /* Prepare header of the next frame, * before previous one went down. */ if (frag) { + frag->ip_summed = CHECKSUM_NONE; frag->h.raw = frag->data; fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr)); frag->nh.raw = __skb_push(frag, hlen); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/net/sched/police.c linux-2.6.10-ck6/net/sched/police.c --- linux-2.6.10-ck5/net/sched/police.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck6/net/sched/police.c 2005-02-23 23:34:14.000000000 +1100 @@ -180,7 +180,8 @@ int tcf_act_police_locate(struct rtattr if (rtattr_parse(tb, TCA_POLICE_MAX, RTA_DATA(rta), RTA_PAYLOAD(rta)) < 0) return -1; - if (tb[TCA_POLICE_TBF-1] == NULL) + if (tb[TCA_POLICE_TBF-1] == NULL || + RTA_PAYLOAD(tb[TCA_POLICE_TBF-1]) != sizeof(*parm)) return -1; parm = RTA_DATA(tb[TCA_POLICE_TBF-1]); @@ -220,11 +221,17 @@ override: goto failure; } } - if (tb[TCA_POLICE_RESULT-1]) - p->result = *(int*)RTA_DATA(tb[TCA_POLICE_RESULT-1]); + if (tb[TCA_POLICE_RESULT-1]) { + if (RTA_PAYLOAD(tb[TCA_POLICE_RESULT-1]) != sizeof(u32)) + goto failure; + p->result = *(u32*)RTA_DATA(tb[TCA_POLICE_RESULT-1]); + } #ifdef CONFIG_NET_ESTIMATOR - if (tb[TCA_POLICE_AVRATE-1]) + if (tb[TCA_POLICE_AVRATE-1]) { + if (RTA_PAYLOAD(tb[TCA_POLICE_AVRATE-1]) != sizeof(u32)) + goto failure; p->ewma_rate = *(u32*)RTA_DATA(tb[TCA_POLICE_AVRATE-1]); + } #endif p->toks = p->burst = parm->burst; p->mtu = parm->mtu; @@ -424,7 +431,8 @@ struct tcf_police * tcf_police_locate(st if (rtattr_parse(tb, TCA_POLICE_MAX, RTA_DATA(rta), RTA_PAYLOAD(rta)) < 0) return NULL; - if (tb[TCA_POLICE_TBF-1] == NULL) + if (tb[TCA_POLICE_TBF-1] == NULL || + RTA_PAYLOAD(tb[TCA_POLICE_TBF-1]) != sizeof(*parm)) return NULL; parm = RTA_DATA(tb[TCA_POLICE_TBF-1]); @@ -449,11 +457,17 @@ struct tcf_police * tcf_police_locate(st (p->P_tab = qdisc_get_rtab(&parm->peakrate, tb[TCA_POLICE_PEAKRATE-1])) == NULL) goto failure; } - if (tb[TCA_POLICE_RESULT-1]) - p->result = *(int*)RTA_DATA(tb[TCA_POLICE_RESULT-1]); + if (tb[TCA_POLICE_RESULT-1]) { + if (RTA_PAYLOAD(tb[TCA_POLICE_RESULT-1]) != sizeof(u32)) + goto failure; + p->result = *(u32*)RTA_DATA(tb[TCA_POLICE_RESULT-1]); + } #ifdef CONFIG_NET_ESTIMATOR - if (tb[TCA_POLICE_AVRATE-1]) + if (tb[TCA_POLICE_AVRATE-1]) { + if (RTA_PAYLOAD(tb[TCA_POLICE_AVRATE-1]) != sizeof(u32)) + goto failure; p->ewma_rate = *(u32*)RTA_DATA(tb[TCA_POLICE_AVRATE-1]); + } #endif p->toks = p->burst = parm->burst; p->mtu = parm->mtu; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/net/sctp/socket.c linux-2.6.10-ck6/net/sctp/socket.c --- linux-2.6.10-ck5/net/sctp/socket.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck6/net/sctp/socket.c 2005-02-23 23:34:14.000000000 +1100 @@ -343,8 +343,8 @@ SCTP_STATIC int sctp_do_bind(struct sock } /* Refresh ephemeral port. */ - if (!snum) - snum = inet_sk(sk)->num; + if (!bp->port) + bp->port = inet_sk(sk)->num; /* Add the address to the bind address list. */ sctp_local_bh_disable(); @@ -354,8 +354,6 @@ SCTP_STATIC int sctp_do_bind(struct sock addr->v4.sin_port = ntohs(addr->v4.sin_port); ret = sctp_add_bind_addr(bp, addr, GFP_ATOMIC); addr->v4.sin_port = htons(addr->v4.sin_port); - if (!ret && !bp->port) - bp->port = snum; sctp_write_unlock(&ep->base.addr_lock); sctp_local_bh_enable(); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/security/Kconfig linux-2.6.10-ck6/security/Kconfig --- linux-2.6.10-ck5/security/Kconfig 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck6/security/Kconfig 2005-02-23 23:34:14.000000000 +1100 @@ -76,6 +76,7 @@ config SECURITY_ROOTPLUG config SECURITY_SECLVL tristate "BSD Secure Levels" depends on SECURITY + select CRYPTO select CRYPTO_SHA1 help Implements BSD Secure Levels as an LSM. See diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/core/seq/seq_midi_emul.c linux-2.6.10-ck6/sound/core/seq/seq_midi_emul.c --- linux-2.6.10-ck5/sound/core/seq/seq_midi_emul.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck6/sound/core/seq/seq_midi_emul.c 2005-02-23 23:34:14.000000000 +1100 @@ -549,12 +549,12 @@ sysex(snd_midi_op_t *ops, void *private, } else if (buf[5] == 0x01 && buf[6] == 0x30) { /* reverb mode */ - parsed = SNDRV_MIDI_SYSEX_GS_CHORUS_MODE; + parsed = SNDRV_MIDI_SYSEX_GS_REVERB_MODE; chset->gs_reverb_mode = buf[7]; } else if (buf[5] == 0x01 && buf[6] == 0x38) { /* chorus mode */ - parsed = SNDRV_MIDI_SYSEX_GS_REVERB_MODE; + parsed = SNDRV_MIDI_SYSEX_GS_CHORUS_MODE; chset->gs_chorus_mode = buf[7]; } else if (buf[5] == 0x00 && buf[6] == 0x04) { diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/drivers/opl3/Makefile linux-2.6.10-ck6/sound/drivers/opl3/Makefile --- linux-2.6.10-ck5/sound/drivers/opl3/Makefile 2004-05-23 12:54:39.000000000 +1000 +++ linux-2.6.10-ck6/sound/drivers/opl3/Makefile 2005-02-23 23:34:14.000000000 +1100 @@ -18,4 +18,5 @@ endif sequencer = $(if $(subst y,,$(CONFIG_SND_SEQUENCER)),$(if $(1),m),$(if $(CONFIG_SND_SEQUENCER),$(1))) obj-$(CONFIG_SND_OPL3_LIB) += snd-opl3-lib.o +obj-$(CONFIG_SND_OPL4_LIB) += snd-opl3-lib.o obj-$(call sequencer,$(CONFIG_SND_OPL3_LIB)) += snd-opl3-synth.o diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/drivers/vx/vx_core.c linux-2.6.10-ck6/sound/drivers/vx/vx_core.c --- linux-2.6.10-ck5/sound/drivers/vx/vx_core.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck6/sound/drivers/vx/vx_core.c 2005-02-23 23:34:14.000000000 +1100 @@ -734,7 +734,7 @@ vx_core_t *snd_vx_create(snd_card_t *car snd_assert(card && hw && ops, return NULL); - chip = kcalloc(1, sizeof(chip) + extra_size, GFP_KERNEL); + chip = kcalloc(1, sizeof(*chip) + extra_size, GFP_KERNEL); if (! chip) { snd_printk(KERN_ERR "vx_core: no memory\n"); return NULL; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/isa/cs423x/cs4231_lib.c linux-2.6.10-ck6/sound/isa/cs423x/cs4231_lib.c --- linux-2.6.10-ck5/sound/isa/cs423x/cs4231_lib.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck6/sound/isa/cs423x/cs4231_lib.c 2005-02-23 23:34:14.000000000 +1100 @@ -694,7 +694,7 @@ static void snd_cs4231_init(cs4231_t *ch snd_cs4231_mce_down(chip); -#ifdef SNDRV_DEBUGq_MCE +#ifdef SNDRV_DEBUG_MCE snd_printk("init: (1)\n"); #endif snd_cs4231_mce_up(chip); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/isa/es18xx.c linux-2.6.10-ck6/sound/isa/es18xx.c --- linux-2.6.10-ck5/sound/isa/es18xx.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck6/sound/isa/es18xx.c 2005-02-23 23:34:14.000000000 +1100 @@ -1849,7 +1849,7 @@ static int enable[SNDRV_CARDS] = SNDRV_D static int isapnp[SNDRV_CARDS] = {[0 ... (SNDRV_CARDS - 1)] = 1}; #endif static long port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; /* 0x220,0x240,0x260,0x280 */ -#ifndef CONFIG_PNP_ +#ifndef CONFIG_PNP static long mpu_port[SNDRV_CARDS] = {[0 ... (SNDRV_CARDS - 1)] = -1}; #else static long mpu_port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; @@ -1988,7 +1988,7 @@ static int __devinit snd_audiodrive_pnp( kfree(cfg); return 0; } -#endif /* CONFIG_PNP_ */ +#endif /* CONFIG_PNP */ static int __devinit snd_audiodrive_probe(int dev, struct pnp_card_link *pcard, const struct pnp_card_device_id *pid) diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/isa/sb/emu8000_callback.c linux-2.6.10-ck6/sound/isa/sb/emu8000_callback.c --- linux-2.6.10-ck5/sound/isa/sb/emu8000_callback.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck6/sound/isa/sb/emu8000_callback.c 2005-02-23 23:34:14.000000000 +1100 @@ -528,6 +528,10 @@ load_fx(snd_emux_t *emu, int type, int m emu8000_t *hw; hw = emu->hw; + /* skip header */ + buf += 16; + len -= 16; + switch (type) { case SNDRV_EMU8000_LOAD_CHORUS_FX: return snd_emu8000_load_chorus_fx(hw, mode, buf, len); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/isa/sscape.c linux-2.6.10-ck6/sound/isa/sscape.c --- linux-2.6.10-ck5/sound/isa/sscape.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck6/sound/isa/sscape.c 2005-02-23 23:34:14.000000000 +1100 @@ -487,7 +487,7 @@ static int upload_dma_data(struct sounds * the userspace pointer ... */ len = min(size, dma.bytes); - __copy_from_user(dma.area, data, len); + len -= __copy_from_user(dma.area, data, len); data += len; size -= len; @@ -571,8 +571,9 @@ static int sscape_upload_bootblock(struc if (data < 0) { snd_printk(KERN_ERR "sscape: timeout reading firmware version\n"); ret = -EAGAIN; - } else { - __copy_to_user(&bb->version, &data, sizeof(bb->version)); + } + else if (__copy_to_user(&bb->version, &data, sizeof(bb->version))) { + ret = -EFAULT; } } @@ -591,7 +592,7 @@ static int sscape_upload_microcode(struc { unsigned long flags; char __user *code; - int err, ret; + int err; /* * We are going to have to copy this data into a special @@ -601,12 +602,11 @@ static int sscape_upload_microcode(struc * NOTE: This buffer is 64K long! That's WAY too big to * copy into a stack-temporary anyway. */ - if (get_user(code, &mc->code)) + if ( get_user(code, &mc->code) || + !access_ok(VERIFY_READ, code, SSCAPE_MICROCODE_SIZE) ) return -EFAULT; - if ((err = verify_area(VERIFY_READ, code, SSCAPE_MICROCODE_SIZE)) != 0) - return err; - if ((ret = upload_dma_data(sscape, code, SSCAPE_MICROCODE_SIZE)) == 0) { + if ((err = upload_dma_data(sscape, code, SSCAPE_MICROCODE_SIZE)) == 0) { snd_printk(KERN_INFO "sscape: MIDI firmware loaded\n"); } @@ -616,7 +616,7 @@ static int sscape_upload_microcode(struc initialise_mpu401(sscape->mpu); - return ret; + return err; } /* @@ -673,14 +673,14 @@ static int sscape_hw_ioctl(snd_hwdep_t * * DMA-able buffer before we can upload it. We shall therefore * just check that the data pointer is valid for now ... */ - if ((err = verify_area(VERIFY_READ, bb->code, sizeof(bb->code))) != 0) - return err; + if ( !access_ok(VERIFY_READ, bb->code, sizeof(bb->code)) ) + return -EFAULT; /* * Now check that we can write the firmware version number too... */ - if ((err = verify_area(VERIFY_WRITE, &bb->version, sizeof(bb->version))) != 0) - return err; + if ( !access_ok(VERIFY_WRITE, &bb->version, sizeof(bb->version)) ) + return -EFAULT; err = sscape_upload_bootblock(sscape, bb); } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/pci/azt3328.c linux-2.6.10-ck6/sound/pci/azt3328.c --- linux-2.6.10-ck5/sound/pci/azt3328.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck6/sound/pci/azt3328.c 2005-02-23 23:34:14.000000000 +1100 @@ -1363,15 +1363,15 @@ static int __devinit snd_azf3328_create( for (tmp=0; tmp <= 0x01; tmp += 1) snd_azf3328_dbgmisc("0x%02x: opl 0x%04x, mpu300 0x%04x, mpu310 0x%04x, mpu320 0x%04x, mpu330 0x%04x\n", tmp, inb(0x388 + tmp), inb(0x300 + tmp), inb(0x310 + tmp), inb(0x320 + tmp), inb(0x330 + tmp)); - /* create mixer interface & switches */ - if ((err = snd_azf3328_mixer_new(chip)) < 0) - return err; - if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, chip, &ops)) < 0) { snd_azf3328_free(chip); return err; } + /* create mixer interface & switches */ + if ((err = snd_azf3328_mixer_new(chip)) < 0) + return err; + #if 0 /* set very low bitrate to reduce noise and power consumption? */ snd_azf3328_setfmt(chip, IDX_IO_PLAY_SOUNDFORMAT, 5512, 8, 1); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/pci/cmipci.c linux-2.6.10-ck6/sound/pci/cmipci.c --- linux-2.6.10-ck5/sound/pci/cmipci.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck6/sound/pci/cmipci.c 2005-02-23 23:34:14.000000000 +1100 @@ -2608,8 +2608,8 @@ static int __devinit snd_cmipci_create(s if (request_irq(pci->irq, snd_cmipci_interrupt, SA_INTERRUPT|SA_SHIRQ, card->driver, (void *)cm)) { snd_printk("unable to grab IRQ %d\n", pci->irq); - err = -EBUSY; - goto __error; + snd_cmipci_free(cm); + return -EBUSY; } cm->irq = pci->irq; @@ -2662,6 +2662,11 @@ static int __devinit snd_cmipci_create(s break; } + if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, cm, &ops)) < 0) { + snd_cmipci_free(cm); + return err; + } + /* set MPU address */ switch (iomidi) { case 0x320: val = CM_VMPU_320; break; @@ -2717,22 +2722,22 @@ static int __devinit snd_cmipci_create(s /* create pcm devices */ pcm_index = pcm_spdif_index = 0; if ((err = snd_cmipci_pcm_new(cm, pcm_index)) < 0) - goto __error; + return err; pcm_index++; if (cm->has_dual_dac) { if ((err = snd_cmipci_pcm2_new(cm, pcm_index)) < 0) - goto __error; + return err; pcm_index++; } if (cm->can_ac3_hw || cm->can_ac3_sw) { pcm_spdif_index = pcm_index; if ((err = snd_cmipci_pcm_spdif_new(cm, pcm_index)) < 0) - goto __error; + return err; } /* create mixer interface & switches */ if ((err = snd_cmipci_mixer_new(cm, pcm_spdif_index)) < 0) - goto __error; + return err; if (iomidi > 0) { if ((err = snd_mpu401_uart_new(card, 0, MPU401_HW_CMIPCI, @@ -2742,10 +2747,6 @@ static int __devinit snd_cmipci_create(s } } - if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, cm, &ops)) < 0) { - snd_cmipci_free(cm); - return err; - } #ifdef USE_VAR48KRATE for (val = 0; val < ARRAY_SIZE(rates); val++) snd_cmipci_set_pll(cm, rates[val], val); @@ -2785,10 +2786,6 @@ static int __devinit snd_cmipci_create(s *rcmipci = cm; return 0; - - __error: - snd_cmipci_free(cm); - return err; } /* diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/pci/cs4281.c linux-2.6.10-ck6/sound/pci/cs4281.c --- linux-2.6.10-ck5/sound/pci/cs4281.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck6/sound/pci/cs4281.c 2005-02-23 23:34:14.000000000 +1100 @@ -1439,15 +1439,15 @@ static int __devinit snd_cs4281_create(s return tmp; } - snd_cs4281_proc_init(chip); - - snd_card_set_pm_callback(card, cs4281_suspend, cs4281_resume, chip); - if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, chip, &ops)) < 0) { snd_cs4281_free(chip); return err; } + snd_cs4281_proc_init(chip); + + snd_card_set_pm_callback(card, cs4281_suspend, cs4281_resume, chip); + snd_card_set_dev(card, &pci->dev); *rchip = chip; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/pci/cs46xx/cs46xx_lib.c linux-2.6.10-ck6/sound/pci/cs46xx/cs46xx_lib.c --- linux-2.6.10-ck5/sound/pci/cs46xx/cs46xx_lib.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck6/sound/pci/cs46xx/cs46xx_lib.c 2005-02-23 23:34:14.000000000 +1100 @@ -3866,15 +3866,15 @@ int __devinit snd_cs46xx_create(snd_card return err; } - snd_cs46xx_proc_init(card, chip); - - snd_card_set_pm_callback(card, snd_cs46xx_suspend, snd_cs46xx_resume, chip); - if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, chip, &ops)) < 0) { snd_cs46xx_free(chip); return err; } + snd_cs46xx_proc_init(card, chip); + + snd_card_set_pm_callback(card, snd_cs46xx_suspend, snd_cs46xx_resume, chip); + chip->active_ctrl(chip, -1); /* disable CLKRUN */ snd_card_set_dev(card, &pci->dev); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/pci/ens1370.c linux-2.6.10-ck6/sound/pci/ens1370.c --- linux-2.6.10-ck5/sound/pci/ens1370.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck6/sound/pci/ens1370.c 2005-02-23 23:34:14.000000000 +1100 @@ -1930,7 +1930,6 @@ static int __devinit snd_ensoniq_create( ensoniq->subsystem_vendor_id = cmdw; pci_read_config_word(pci, PCI_SUBSYSTEM_ID, &cmdw); ensoniq->subsystem_device_id = cmdw; - snd_ensoniq_proc_init(ensoniq); #ifdef CHIP1370 #if 0 ensoniq->ctrl = ES_1370_CDC_EN | ES_1370_SERR_DISABLE | ES_1370_PCLKDIVO(ES_1370_SRTODIV(8000)); @@ -2023,6 +2022,8 @@ static int __devinit snd_ensoniq_create( return err; } + snd_ensoniq_proc_init(ensoniq); + snd_card_set_dev(card, &pci->dev); *rensoniq = ensoniq; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/pci/korg1212/korg1212.c linux-2.6.10-ck6/sound/pci/korg1212/korg1212.c --- linux-2.6.10-ck5/sound/pci/korg1212/korg1212.c 2004-12-25 10:14:53.000000000 +1100 +++ linux-2.6.10-ck6/sound/pci/korg1212/korg1212.c 2005-02-23 23:34:14.000000000 +1100 @@ -2411,14 +2411,17 @@ static int __devinit snd_korg1212_create if (rc) K1212_DEBUG_PRINTK("K1212_DEBUG: Reboot Card - RC = %d [%s]\n", rc, stateName[korg1212->cardState]); #endif + if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, korg1212, &ops)) < 0) { + snd_korg1212_free(korg1212); + return err; + } + snd_korg1212_EnableCardInterrupts(korg1212); mdelay(CARD_BOOT_DELAY_IN_MS); - if (snd_korg1212_downloadDSPCode(korg1212)) { - snd_korg1212_free(korg1212); + if (snd_korg1212_downloadDSPCode(korg1212)) return -EBUSY; - } printk(KERN_INFO "dspMemPhy = %08x U[%08x]\n" "PlayDataPhy = %08x L[%08x]\n" @@ -2433,10 +2436,8 @@ static int __devinit snd_korg1212_create korg1212->RoutingTablePhy, LowerWordSwap(korg1212->RoutingTablePhy), korg1212->AdatTimeCodePhy, LowerWordSwap(korg1212->AdatTimeCodePhy)); - if ((err = snd_pcm_new(korg1212->card, "korg1212", 0, 1, 1, &korg1212->pcm)) < 0) { - snd_korg1212_free(korg1212); + if ((err = snd_pcm_new(korg1212->card, "korg1212", 0, 1, 1, &korg1212->pcm)) < 0) return err; - } korg1212->pcm->private_data = korg1212; korg1212->pcm->private_free = snd_korg1212_free_pcm; @@ -2453,19 +2454,12 @@ static int __devinit snd_korg1212_create for (i = 0; i < ARRAY_SIZE(snd_korg1212_controls); i++) { err = snd_ctl_add(korg1212->card, snd_ctl_new1(&snd_korg1212_controls[i], korg1212)); - if (err < 0) { - snd_korg1212_free(korg1212); + if (err < 0) return err; - } } snd_korg1212_proc_init(korg1212); - if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, korg1212, &ops)) < 0) { - snd_korg1212_free(korg1212); - return err; - } - snd_card_set_dev(card, &pci->dev); * rchip = korg1212; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/pci/maestro3.c linux-2.6.10-ck6/sound/pci/maestro3.c --- linux-2.6.10-ck5/sound/pci/maestro3.c 2004-12-25 10:14:53.000000000 +1100 +++ linux-2.6.10-ck6/sound/pci/maestro3.c 2005-02-23 23:34:14.000000000 +1100 @@ -2577,26 +2577,7 @@ snd_m3_create(snd_card_t *card, struct p snd_m3_assp_init(chip); snd_m3_amp_enable(chip, 1); - - if ((err = snd_m3_mixer(chip)) < 0) { - snd_m3_free(chip); - return err; - } - for (i = 0; i < chip->num_substreams; i++) { - m3_dma_t *s = &chip->substreams[i]; - s->chip = chip; - if ((err = snd_m3_assp_client_init(chip, s, i)) < 0) { - snd_m3_free(chip); - return err; - } - } - - if ((err = snd_m3_pcm(chip, 0)) < 0) { - snd_m3_free(chip); - return err; - } - if (request_irq(pci->irq, snd_m3_interrupt, SA_INTERRUPT|SA_SHIRQ, card->driver, (void *)chip)) { snd_printk("unable to grab IRQ %d\n", pci->irq); @@ -2618,6 +2599,19 @@ snd_m3_create(snd_card_t *card, struct p return err; } + if ((err = snd_m3_mixer(chip)) < 0) + return err; + + for (i = 0; i < chip->num_substreams; i++) { + m3_dma_t *s = &chip->substreams[i]; + s->chip = chip; + if ((err = snd_m3_assp_client_init(chip, s, i)) < 0) + return err; + } + + if ((err = snd_m3_pcm(chip, 0)) < 0) + return err; + snd_m3_enable_ints(chip); snd_m3_assp_continue(chip); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/pci/nm256/nm256.c linux-2.6.10-ck6/sound/pci/nm256/nm256.c --- linux-2.6.10-ck5/sound/pci/nm256/nm256.c 2004-12-25 10:14:53.000000000 +1100 +++ linux-2.6.10-ck6/sound/pci/nm256/nm256.c 2005-02-23 23:34:14.000000000 +1100 @@ -1488,12 +1488,6 @@ snd_nm256_create(snd_card_t *card, struc snd_nm256_init_chip(chip); - if ((err = snd_nm256_pcm(chip, 0)) < 0) - goto __error; - - if ((err = snd_nm256_mixer(chip)) < 0) - goto __error; - // pci_set_master(pci); /* needed? */ snd_card_set_pm_callback(card, nm256_suspend, nm256_resume, chip); @@ -1614,6 +1608,12 @@ static int __devinit snd_nm256_probe(str chip->reset_workaround = 1; } + if ((err = snd_nm256_pcm(chip, 0)) < 0 || + (err = snd_nm256_mixer(chip)) < 0) { + snd_card_free(card); + return err; + } + sprintf(card->shortname, "NeoMagic %s", card->driver); sprintf(card->longname, "%s at 0x%lx & 0x%lx, irq %d", card->shortname, diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/pci/rme9652/hdsp.c linux-2.6.10-ck6/sound/pci/rme9652/hdsp.c --- linux-2.6.10-ck5/sound/pci/rme9652/hdsp.c 2004-12-25 10:14:53.000000000 +1100 +++ linux-2.6.10-ck6/sound/pci/rme9652/hdsp.c 2005-02-23 23:34:14.000000000 +1100 @@ -2728,7 +2728,7 @@ static int snd_hdsp_get_autosync_ref(snd { hdsp_t *hdsp = snd_kcontrol_chip(kcontrol); - ucontrol->value.enumerated.item[0] = hdsp_pref_sync_ref(hdsp); + ucontrol->value.enumerated.item[0] = hdsp_autosync_ref(hdsp); return 0; } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/pci/sonicvibes.c linux-2.6.10-ck6/sound/pci/sonicvibes.c --- linux-2.6.10-ck5/sound/pci/sonicvibes.c 2004-12-25 10:14:53.000000000 +1100 +++ linux-2.6.10-ck6/sound/pci/sonicvibes.c 2005-02-23 23:34:14.000000000 +1100 @@ -1333,13 +1333,14 @@ static int __devinit snd_sonicvibes_crea #endif sonic->revision = snd_sonicvibes_in(sonic, SV_IREG_REVISION); snd_ctl_add(card, snd_ctl_new1(&snd_sonicvibes_game_control, sonic)); - snd_sonicvibes_proc_init(sonic); if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, sonic, &ops)) < 0) { snd_sonicvibes_free(sonic); return err; } + snd_sonicvibes_proc_init(sonic); + snd_card_set_dev(card, &pci->dev); *rsonic = sonic; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/pci/trident/trident_main.c linux-2.6.10-ck6/sound/pci/trident/trident_main.c --- linux-2.6.10-ck5/sound/pci/trident/trident_main.c 2004-12-25 10:14:53.000000000 +1100 +++ linux-2.6.10-ck6/sound/pci/trident/trident_main.c 2005-02-23 23:34:14.000000000 +1100 @@ -3611,10 +3611,13 @@ int __devinit snd_trident_create(snd_car return err; } - if ((err = snd_trident_mixer(trident, pcm_spdif_device)) < 0) { + if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, trident, &ops)) < 0) { snd_trident_free(trident); return err; } + + if ((err = snd_trident_mixer(trident, pcm_spdif_device)) < 0) + return err; /* initialise synth voices */ for (i = 0; i < 64; i++) { @@ -3635,12 +3638,7 @@ int __devinit snd_trident_create(snd_car snd_card_set_pm_callback(card, snd_trident_suspend, snd_trident_resume, trident); - snd_trident_proc_init(trident); - if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, trident, &ops)) < 0) { - snd_trident_free(trident); - return err; - } snd_card_set_dev(card, &pci->dev); *rtrident = trident; return 0; @@ -3650,7 +3648,7 @@ int __devinit snd_trident_create(snd_car snd_trident_free Description: This routine will free the device specific class for - q the 4DWave card. + the 4DWave card. Paramters: trident - device specific private data for 4DWave card diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/pci/ymfpci/ymfpci_main.c linux-2.6.10-ck6/sound/pci/ymfpci/ymfpci_main.c --- linux-2.6.10-ck5/sound/pci/ymfpci/ymfpci_main.c 2004-12-25 10:14:53.000000000 +1100 +++ linux-2.6.10-ck6/sound/pci/ymfpci/ymfpci_main.c 2005-02-23 23:34:14.000000000 +1100 @@ -2265,13 +2265,13 @@ int __devinit snd_ymfpci_create(snd_card snd_card_set_pm_callback(card, snd_ymfpci_suspend, snd_ymfpci_resume, chip); #endif - snd_ymfpci_proc_init(card, chip); - if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, chip, &ops)) < 0) { snd_ymfpci_free(chip); return err; } + snd_ymfpci_proc_init(card, chip); + snd_card_set_dev(card, &pci->dev); *rchip = chip; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.10-ck5/sound/usb/usbaudio.c linux-2.6.10-ck6/sound/usb/usbaudio.c --- linux-2.6.10-ck5/sound/usb/usbaudio.c 2004-12-25 10:14:53.000000000 +1100 +++ linux-2.6.10-ck6/sound/usb/usbaudio.c 2005-02-23 23:34:14.000000000 +1100 @@ -725,7 +725,7 @@ static int deactivate_urbs(snd_usb_subst subs->running = 0; if (!force && subs->stream->chip->shutdown) /* to be sure... */ - return 0; + return -EBADFD; async = !can_sleep && async_unlink; @@ -770,6 +770,9 @@ static int start_urbs(snd_usb_substream_ unsigned int i; int err; + if (subs->stream->chip->shutdown) + return -EBADFD; + for (i = 0; i < subs->nurbs; i++) { snd_assert(subs->dataurb[i].urb, return -EINVAL); if (subs->ops.prepare(subs, runtime, subs->dataurb[i].urb) < 0) {