diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/arch/i386/mm/init.c linux-2.6.11-ck4/arch/i386/mm/init.c --- linux-2.6.11-ck3/arch/i386/mm/init.c 2005-03-26 11:33:22.000000000 +1100 +++ linux-2.6.11-ck4/arch/i386/mm/init.c 2005-03-02 19:30:24.000000000 +1100 @@ -41,7 +41,6 @@ #include unsigned int __VMALLOC_RESERVE = 128 << 20; -EXPORT_SYMBOL(__VMALLOC_RESERVE); DEFINE_PER_CPU(struct mmu_gather, mmu_gathers); unsigned long highstart_pfn, highend_pfn; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/arch/ia64/kernel/fsys.S linux-2.6.11-ck4/arch/ia64/kernel/fsys.S --- linux-2.6.11-ck3/arch/ia64/kernel/fsys.S 2005-03-02 19:30:24.000000000 +1100 +++ linux-2.6.11-ck4/arch/ia64/kernel/fsys.S 2005-04-09 11:17:30.000000000 +1000 @@ -611,8 +611,10 @@ GLOBAL_ENTRY(fsys_bubble_down) movl r2=ia64_ret_from_syscall ;; mov rp=r2 // set the real return addr - tbit.z p8,p0=r3,TIF_SYSCALL_TRACE + and r3=_TIF_SYSCALL_TRACEAUDIT,r3 ;; + cmp.eq p8,p0=r3,r0 + (p10) br.cond.spnt.many ia64_ret_from_syscall // p10==true means out registers are more than 8 (p8) br.call.sptk.many b6=b6 // ignore this return addr br.cond.sptk ia64_trace_syscall diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/arch/ia64/kernel/signal.c linux-2.6.11-ck4/arch/ia64/kernel/signal.c --- linux-2.6.11-ck3/arch/ia64/kernel/signal.c 2005-03-02 19:30:24.000000000 +1100 +++ linux-2.6.11-ck4/arch/ia64/kernel/signal.c 2005-04-09 11:17:30.000000000 +1000 @@ -224,7 +224,8 @@ ia64_rt_sigreturn (struct sigscratch *sc * could be corrupted. */ retval = (long) &ia64_leave_kernel; - if (test_thread_flag(TIF_SYSCALL_TRACE)) + if (test_thread_flag(TIF_SYSCALL_TRACE) + || test_thread_flag(TIF_SYSCALL_AUDIT)) /* * strace expects to be notified after sigreturn returns even though the * context to which we return may not be in the middle of a syscall. diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/arch/um/kernel/skas/uaccess.c linux-2.6.11-ck4/arch/um/kernel/skas/uaccess.c --- linux-2.6.11-ck3/arch/um/kernel/skas/uaccess.c 2005-03-02 19:30:25.000000000 +1100 +++ linux-2.6.11-ck4/arch/um/kernel/skas/uaccess.c 2005-04-09 11:17:30.000000000 +1000 @@ -61,7 +61,8 @@ static void do_buffer_op(void *jmpbuf, v void *arg; int *res; - va_copy(args, *(va_list *)arg_ptr); + /* Some old gccs recognize __va_copy, but not va_copy */ + __va_copy(args, *(va_list *)arg_ptr); addr = va_arg(args, unsigned long); len = va_arg(args, int); is_write = va_arg(args, int); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/drivers/i2c/chips/eeprom.c linux-2.6.11-ck4/drivers/i2c/chips/eeprom.c --- linux-2.6.11-ck3/drivers/i2c/chips/eeprom.c 2005-03-02 19:30:25.000000000 +1100 +++ linux-2.6.11-ck4/drivers/i2c/chips/eeprom.c 2005-04-09 11:17:30.000000000 +1000 @@ -130,7 +130,8 @@ static ssize_t eeprom_read(struct kobjec /* Hide Vaio security settings to regular users (16 first bytes) */ if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) { - int in_row1 = 16 - off; + size_t in_row1 = 16 - off; + in_row1 = min(in_row1, count); memset(buf, 0, in_row1); if (count - in_row1 > 0) memcpy(buf + in_row1, &data->data[16], count - in_row1); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/drivers/pci/search.c linux-2.6.11-ck4/drivers/pci/search.c --- linux-2.6.11-ck3/drivers/pci/search.c 2005-03-26 11:33:22.000000000 +1100 +++ linux-2.6.11-ck4/drivers/pci/search.c 2005-03-02 19:30:26.000000000 +1100 @@ -346,19 +346,6 @@ exit: } /** - * pci_find_class - begin or continue searching for a PCI device by class - * @class: search for a PCI device with this class designation - * @from: Previous PCI device found in search, or %NULL for new search. - * - * Deprecated - please use pci_get_class. This is provided only for - * compatibility with nVidia GPU kernel driver. - */ -struct pci_dev *pci_find_class(unsigned int class, struct pci_dev *from) -{ - return pci_get_class(class, from); -} - -/** * pci_dev_present - Returns 1 if device matching the device list is present, 0 if not. * @ids: A pointer to a null terminated list of struct pci_device_id structures * that describe the type of PCI device the caller is trying to find. @@ -399,4 +386,3 @@ EXPORT_SYMBOL(pci_get_device); EXPORT_SYMBOL(pci_get_subsys); EXPORT_SYMBOL(pci_get_slot); EXPORT_SYMBOL(pci_get_class); -EXPORT_SYMBOL(pci_find_class); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/fs/binfmt_elf.c linux-2.6.11-ck4/fs/binfmt_elf.c --- linux-2.6.11-ck3/fs/binfmt_elf.c 2005-03-02 19:30:28.000000000 +1100 +++ linux-2.6.11-ck4/fs/binfmt_elf.c 2005-04-09 11:17:30.000000000 +1000 @@ -1008,6 +1008,7 @@ out_free_ph: static int load_elf_library(struct file *file) { struct elf_phdr *elf_phdata; + struct elf_phdr *eppnt; unsigned long elf_bss, bss, len; int retval, error, i, j; struct elfhdr elf_ex; @@ -1031,44 +1032,47 @@ static int load_elf_library(struct file /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */ error = -ENOMEM; - elf_phdata = (struct elf_phdr *) kmalloc(j, GFP_KERNEL); + elf_phdata = kmalloc(j, GFP_KERNEL); if (!elf_phdata) goto out; + eppnt = elf_phdata; error = -ENOEXEC; - retval = kernel_read(file, elf_ex.e_phoff, (char *) elf_phdata, j); + retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j); if (retval != j) goto out_free_ph; for (j = 0, i = 0; ip_type == PT_LOAD) j++; + if ((eppnt + i)->p_type == PT_LOAD) + j++; if (j != 1) goto out_free_ph; - while (elf_phdata->p_type != PT_LOAD) elf_phdata++; + while (eppnt->p_type != PT_LOAD) + eppnt++; /* Now use mmap to map the library into memory. */ down_write(¤t->mm->mmap_sem); error = do_mmap(file, - ELF_PAGESTART(elf_phdata->p_vaddr), - (elf_phdata->p_filesz + - ELF_PAGEOFFSET(elf_phdata->p_vaddr)), + ELF_PAGESTART(eppnt->p_vaddr), + (eppnt->p_filesz + + ELF_PAGEOFFSET(eppnt->p_vaddr)), PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE, - (elf_phdata->p_offset - - ELF_PAGEOFFSET(elf_phdata->p_vaddr))); + (eppnt->p_offset - + ELF_PAGEOFFSET(eppnt->p_vaddr))); up_write(¤t->mm->mmap_sem); - if (error != ELF_PAGESTART(elf_phdata->p_vaddr)) + if (error != ELF_PAGESTART(eppnt->p_vaddr)) goto out_free_ph; - elf_bss = elf_phdata->p_vaddr + elf_phdata->p_filesz; + elf_bss = eppnt->p_vaddr + eppnt->p_filesz; if (padzero(elf_bss)) { error = -EFAULT; goto out_free_ph; } - len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1); - bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; + len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + ELF_MIN_ALIGN - 1); + bss = eppnt->p_memsz + eppnt->p_vaddr; if (bss > len) { down_write(¤t->mm->mmap_sem); do_brk(len, bss - len); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/fs/ext2/dir.c linux-2.6.11-ck4/fs/ext2/dir.c --- linux-2.6.11-ck3/fs/ext2/dir.c 2005-03-02 19:30:28.000000000 +1100 +++ linux-2.6.11-ck4/fs/ext2/dir.c 2005-04-09 11:17:30.000000000 +1000 @@ -592,6 +592,7 @@ int ext2_make_empty(struct inode *inode, goto fail; } kaddr = kmap_atomic(page, KM_USER0); + memset(kaddr, 0, chunk_size); de = (struct ext2_dir_entry_2 *)kaddr; de->name_len = 1; de->rec_len = cpu_to_le16(EXT2_DIR_REC_LEN(1)); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/fs/isofs/inode.c linux-2.6.11-ck4/fs/isofs/inode.c --- linux-2.6.11-ck3/fs/isofs/inode.c 2004-10-19 08:57:11.000000000 +1000 +++ linux-2.6.11-ck4/fs/isofs/inode.c 2005-04-09 11:17:30.000000000 +1000 @@ -685,6 +685,8 @@ root_found: sbi->s_log_zone_size = isonum_723 (h_pri->logical_block_size); sbi->s_max_size = isonum_733(h_pri->volume_space_size); } else { + if (!pri) + goto out_freebh; rootp = (struct iso_directory_record *) pri->root_directory_record; sbi->s_nzones = isonum_733 (pri->volume_space_size); sbi->s_log_zone_size = isonum_723 (pri->logical_block_size); @@ -1395,6 +1397,9 @@ struct inode *isofs_iget(struct super_bl struct inode *inode; struct isofs_iget5_callback_data data; + if (offset >= 1ul << sb->s_blocksize_bits) + return NULL; + data.block = block; data.offset = offset; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/fs/isofs/rock.c linux-2.6.11-ck4/fs/isofs/rock.c --- linux-2.6.11-ck3/fs/isofs/rock.c 2004-10-19 08:57:11.000000000 +1000 +++ linux-2.6.11-ck4/fs/isofs/rock.c 2005-04-09 11:17:30.000000000 +1000 @@ -53,6 +53,7 @@ if(LEN & 1) LEN++; \ CHR = ((unsigned char *) DE) + LEN; \ LEN = *((unsigned char *) DE) - LEN; \ + if (LEN<0) LEN=0; \ if (ISOFS_SB(inode->i_sb)->s_rock_offset!=-1) \ { \ LEN-=ISOFS_SB(inode->i_sb)->s_rock_offset; \ @@ -73,6 +74,10 @@ offset1 = 0; \ pbh = sb_bread(DEV->i_sb, block); \ if(pbh){ \ + if (offset > pbh->b_size || offset + cont_size > pbh->b_size){ \ + brelse(pbh); \ + goto out; \ + } \ memcpy(buffer + offset1, pbh->b_data + offset, cont_size - offset1); \ brelse(pbh); \ chr = (unsigned char *) buffer; \ @@ -103,12 +108,13 @@ int get_rock_ridge_filename(struct iso_d struct rock_ridge * rr; int sig; - while (len > 1){ /* There may be one byte for padding somewhere */ + while (len > 2){ /* There may be one byte for padding somewhere */ rr = (struct rock_ridge *) chr; - if (rr->len == 0) goto out; /* Something got screwed up here */ + if (rr->len < 3) goto out; /* Something got screwed up here */ sig = isonum_721(chr); chr += rr->len; len -= rr->len; + if (len < 0) goto out; /* corrupted isofs */ switch(sig){ case SIG('R','R'): @@ -122,6 +128,7 @@ int get_rock_ridge_filename(struct iso_d break; case SIG('N','M'): if (truncate) break; + if (rr->len < 5) break; /* * If the flags are 2 or 4, this indicates '.' or '..'. * We don't want to do anything with this, because it @@ -186,12 +193,13 @@ parse_rock_ridge_inode_internal(struct i struct rock_ridge * rr; int rootflag; - while (len > 1){ /* There may be one byte for padding somewhere */ + while (len > 2){ /* There may be one byte for padding somewhere */ rr = (struct rock_ridge *) chr; - if (rr->len == 0) goto out; /* Something got screwed up here */ + if (rr->len < 3) goto out; /* Something got screwed up here */ sig = isonum_721(chr); chr += rr->len; len -= rr->len; + if (len < 0) goto out; /* corrupted isofs */ switch(sig){ #ifndef CONFIG_ZISOFS /* No flag for SF or ZF */ @@ -462,7 +470,7 @@ static int rock_ridge_symlink_readpage(s struct rock_ridge *rr; if (!ISOFS_SB(inode->i_sb)->s_rock) - panic ("Cannot have symlink with high sierra variant of iso filesystem\n"); + goto error; block = ei->i_iget5_block; lock_kernel(); @@ -487,13 +495,15 @@ static int rock_ridge_symlink_readpage(s SETUP_ROCK_RIDGE(raw_inode, chr, len); repeat: - while (len > 1) { /* There may be one byte for padding somewhere */ + while (len > 2) { /* There may be one byte for padding somewhere */ rr = (struct rock_ridge *) chr; - if (rr->len == 0) + if (rr->len < 3) goto out; /* Something got screwed up here */ sig = isonum_721(chr); chr += rr->len; len -= rr->len; + if (len < 0) + goto out; /* corrupted isofs */ switch (sig) { case SIG('R', 'R'): @@ -543,6 +553,7 @@ static int rock_ridge_symlink_readpage(s fail: brelse(bh); unlock_kernel(); + error: SetPageError(page); kunmap(page); unlock_page(page); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/fs/jbd/transaction.c linux-2.6.11-ck4/fs/jbd/transaction.c --- linux-2.6.11-ck3/fs/jbd/transaction.c 2005-03-02 19:30:28.000000000 +1100 +++ linux-2.6.11-ck4/fs/jbd/transaction.c 2005-04-09 11:17:30.000000000 +1000 @@ -1775,10 +1775,10 @@ static int journal_unmap_buffer(journal_ JBUFFER_TRACE(jh, "checkpointed: add to BJ_Forget"); ret = __dispose_buffer(jh, journal->j_running_transaction); + journal_put_journal_head(jh); spin_unlock(&journal->j_list_lock); jbd_unlock_bh_state(bh); spin_unlock(&journal->j_state_lock); - journal_put_journal_head(jh); return ret; } else { /* There is no currently-running transaction. So the @@ -1789,10 +1789,10 @@ static int journal_unmap_buffer(journal_ JBUFFER_TRACE(jh, "give to committing trans"); ret = __dispose_buffer(jh, journal->j_committing_transaction); + journal_put_journal_head(jh); spin_unlock(&journal->j_list_lock); jbd_unlock_bh_state(bh); spin_unlock(&journal->j_state_lock); - journal_put_journal_head(jh); return ret; } else { /* The orphan record's transaction has @@ -1813,10 +1813,10 @@ static int journal_unmap_buffer(journal_ journal->j_running_transaction); jh->b_next_transaction = NULL; } + journal_put_journal_head(jh); spin_unlock(&journal->j_list_lock); jbd_unlock_bh_state(bh); spin_unlock(&journal->j_state_lock); - journal_put_journal_head(jh); return 0; } else { /* Good, the buffer belongs to the running transaction. diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/include/linux/pci.h linux-2.6.11-ck4/include/linux/pci.h --- linux-2.6.11-ck3/include/linux/pci.h 2005-03-26 11:33:22.000000000 +1100 +++ linux-2.6.11-ck4/include/linux/pci.h 2005-03-02 19:30:30.000000000 +1100 @@ -767,7 +767,6 @@ struct pci_dev *pci_get_subsys (unsigned struct pci_dev *from); struct pci_dev *pci_get_slot (struct pci_bus *bus, unsigned int devfn); struct pci_dev *pci_get_class (unsigned int class, struct pci_dev *from); -struct pci_dev *pci_find_class (unsigned int class, struct pci_dev *from); int pci_dev_present(const struct pci_device_id *ids); int pci_bus_read_config_byte (struct pci_bus *bus, unsigned int devfn, int where, u8 *val); @@ -934,9 +933,6 @@ unsigned int ss_vendor, unsigned int ss_ static inline struct pci_dev *pci_get_class(unsigned int class, struct pci_dev *from) { return NULL; } -static inline struct pci_dev *pci_find_class(unsigned int class, struct pci_dev *from) -{ return NULL; } - #define pci_dev_present(ids) (0) #define pci_dev_put(dev) do { } while (0) diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/kernel/sched.c linux-2.6.11-ck4/kernel/sched.c --- linux-2.6.11-ck3/kernel/sched.c 2005-03-26 11:33:22.000000000 +1100 +++ linux-2.6.11-ck4/kernel/sched.c 2005-04-09 11:17:30.000000000 +1000 @@ -470,7 +470,7 @@ static inline void sched_info_switch(tas /* * Get nanosecond clock difference without overflowing unsigned long. */ -static unsigned long ns_diff(unsigned long long v1, unsigned long long v2) +static inline unsigned long ns_diff(unsigned long long v1, unsigned long long v2) { unsigned long long vdiff; if (unlikely(v1 < v2)) @@ -494,7 +494,7 @@ static inline int task_queued(task_t *ta /* * Adding/removing a task to/from a runqueue: */ -static void dequeue_task(struct task_struct *p, runqueue_t *rq) +static inline void dequeue_task(struct task_struct *p, runqueue_t *rq) { list_del_init(&p->run_list); if (list_empty(rq->queue + p->prio)) @@ -502,7 +502,7 @@ static void dequeue_task(struct task_str p->ns_debit = 0; } -static void enqueue_task(struct task_struct *p, runqueue_t *rq) +static inline void enqueue_task(struct task_struct *p, runqueue_t *rq) { list_add_tail(&p->run_list, rq->queue + p->prio); __set_bit(p->prio, rq->bitmap); @@ -745,7 +745,7 @@ static void activate_task(task_t *p, run /* * deactivate_task - remove a task from the runqueue. */ -static void deactivate_task(struct task_struct *p, runqueue_t *rq) +static inline void deactivate_task(struct task_struct *p, runqueue_t *rq) { rq->nr_running--; dequeue_task(p, rq); @@ -2353,7 +2353,7 @@ out: } #ifdef CONFIG_SCHED_SMT -static void wake_sleeping_dependent(int this_cpu, runqueue_t *this_rq) +static inline void wake_sleeping_dependent(int this_cpu, runqueue_t *this_rq) { struct sched_domain *sd = this_rq->sd; cpumask_t sibling_map; @@ -2398,7 +2398,7 @@ static void wake_sleeping_dependent(int */ } -static int dependent_sleeper(int this_cpu, runqueue_t *this_rq) +static inline int dependent_sleeper(int this_cpu, runqueue_t *this_rq) { struct sched_domain *sd = this_rq->sd; cpumask_t sibling_map; @@ -2613,7 +2613,7 @@ switch_tasks: if (next == rq->idle) schedstat_inc(rq, sched_goidle); prev->timestamp = now; - if (next->flags & PF_YIELDED) { + if (unlikely(next->flags & PF_YIELDED)) { /* * Tasks that have yield()ed get requeued at normal priority */ @@ -3227,15 +3227,19 @@ int sched_setscheduler(struct task_struc { int retval; int queued, oldprio, oldpolicy = -1; + struct sched_param zero_param = { .sched_priority = 0 }; unsigned long flags; runqueue_t *rq; - if (SCHED_RT(policy) && !capable(CAP_SYS_NICE)) + if (SCHED_RT(policy) && !capable(CAP_SYS_NICE)) { /* * If the caller requested an RT policy without having the * necessary rights, we downgrade the policy to SCHED_ISO. + * We also set the parameter to zero to pass the checks. */ policy = SCHED_ISO; + param = &zero_param; + } recheck: /* double check policy once rq lock held */ if (policy < 0) diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/lib/rwsem.c linux-2.6.11-ck4/lib/rwsem.c --- linux-2.6.11-ck3/lib/rwsem.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.11-ck4/lib/rwsem.c 2005-04-09 11:17:30.000000000 +1000 @@ -150,7 +150,7 @@ rwsem_down_failed_common(struct rw_semap set_task_state(tsk, TASK_UNINTERRUPTIBLE); /* set up my own style of waitqueue */ - spin_lock(&sem->wait_lock); + spin_lock_irq(&sem->wait_lock); waiter->task = tsk; get_task_struct(tsk); @@ -163,7 +163,7 @@ rwsem_down_failed_common(struct rw_semap if (!(count & RWSEM_ACTIVE_MASK)) sem = __rwsem_do_wake(sem, 0); - spin_unlock(&sem->wait_lock); + spin_unlock_irq(&sem->wait_lock); /* wait to be given the lock */ for (;;) { @@ -219,15 +219,17 @@ rwsem_down_write_failed(struct rw_semaph */ struct rw_semaphore fastcall *rwsem_wake(struct rw_semaphore *sem) { + unsigned long flags; + rwsemtrace(sem, "Entering rwsem_wake"); - spin_lock(&sem->wait_lock); + spin_lock_irqsave(&sem->wait_lock, flags); /* do nothing if list empty */ if (!list_empty(&sem->wait_list)) sem = __rwsem_do_wake(sem, 0); - spin_unlock(&sem->wait_lock); + spin_unlock_irqrestore(&sem->wait_lock, flags); rwsemtrace(sem, "Leaving rwsem_wake"); @@ -241,15 +243,17 @@ struct rw_semaphore fastcall *rwsem_wake */ struct rw_semaphore fastcall *rwsem_downgrade_wake(struct rw_semaphore *sem) { + unsigned long flags; + rwsemtrace(sem, "Entering rwsem_downgrade_wake"); - spin_lock(&sem->wait_lock); + spin_lock_irqsave(&sem->wait_lock, flags); /* do nothing if list empty */ if (!list_empty(&sem->wait_list)) sem = __rwsem_do_wake(sem, 1); - spin_unlock(&sem->wait_lock); + spin_unlock_irqrestore(&sem->wait_lock, flags); rwsemtrace(sem, "Leaving rwsem_downgrade_wake"); return sem; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/lib/rwsem-spinlock.c linux-2.6.11-ck4/lib/rwsem-spinlock.c --- linux-2.6.11-ck3/lib/rwsem-spinlock.c 2004-08-15 14:08:19.000000000 +1000 +++ linux-2.6.11-ck4/lib/rwsem-spinlock.c 2005-04-09 11:17:30.000000000 +1000 @@ -140,12 +140,12 @@ void fastcall __sched __down_read(struct rwsemtrace(sem, "Entering __down_read"); - spin_lock(&sem->wait_lock); + spin_lock_irq(&sem->wait_lock); if (sem->activity >= 0 && list_empty(&sem->wait_list)) { /* granted */ sem->activity++; - spin_unlock(&sem->wait_lock); + spin_unlock_irq(&sem->wait_lock); goto out; } @@ -160,7 +160,7 @@ void fastcall __sched __down_read(struct list_add_tail(&waiter.list, &sem->wait_list); /* we don't need to touch the semaphore struct anymore */ - spin_unlock(&sem->wait_lock); + spin_unlock_irq(&sem->wait_lock); /* wait to be given the lock */ for (;;) { @@ -181,10 +181,12 @@ void fastcall __sched __down_read(struct */ int fastcall __down_read_trylock(struct rw_semaphore *sem) { + unsigned long flags; int ret = 0; + rwsemtrace(sem, "Entering __down_read_trylock"); - spin_lock(&sem->wait_lock); + spin_lock_irqsave(&sem->wait_lock, flags); if (sem->activity >= 0 && list_empty(&sem->wait_list)) { /* granted */ @@ -192,7 +194,7 @@ int fastcall __down_read_trylock(struct ret = 1; } - spin_unlock(&sem->wait_lock); + spin_unlock_irqrestore(&sem->wait_lock, flags); rwsemtrace(sem, "Leaving __down_read_trylock"); return ret; @@ -209,12 +211,12 @@ void fastcall __sched __down_write(struc rwsemtrace(sem, "Entering __down_write"); - spin_lock(&sem->wait_lock); + spin_lock_irq(&sem->wait_lock); if (sem->activity == 0 && list_empty(&sem->wait_list)) { /* granted */ sem->activity = -1; - spin_unlock(&sem->wait_lock); + spin_unlock_irq(&sem->wait_lock); goto out; } @@ -229,7 +231,7 @@ void fastcall __sched __down_write(struc list_add_tail(&waiter.list, &sem->wait_list); /* we don't need to touch the semaphore struct anymore */ - spin_unlock(&sem->wait_lock); + spin_unlock_irq(&sem->wait_lock); /* wait to be given the lock */ for (;;) { @@ -250,10 +252,12 @@ void fastcall __sched __down_write(struc */ int fastcall __down_write_trylock(struct rw_semaphore *sem) { + unsigned long flags; int ret = 0; + rwsemtrace(sem, "Entering __down_write_trylock"); - spin_lock(&sem->wait_lock); + spin_lock_irqsave(&sem->wait_lock, flags); if (sem->activity == 0 && list_empty(&sem->wait_list)) { /* granted */ @@ -261,7 +265,7 @@ int fastcall __down_write_trylock(struct ret = 1; } - spin_unlock(&sem->wait_lock); + spin_unlock_irqrestore(&sem->wait_lock, flags); rwsemtrace(sem, "Leaving __down_write_trylock"); return ret; @@ -272,14 +276,16 @@ int fastcall __down_write_trylock(struct */ void fastcall __up_read(struct rw_semaphore *sem) { + unsigned long flags; + rwsemtrace(sem, "Entering __up_read"); - spin_lock(&sem->wait_lock); + spin_lock_irqsave(&sem->wait_lock, flags); if (--sem->activity == 0 && !list_empty(&sem->wait_list)) sem = __rwsem_wake_one_writer(sem); - spin_unlock(&sem->wait_lock); + spin_unlock_irqrestore(&sem->wait_lock, flags); rwsemtrace(sem, "Leaving __up_read"); } @@ -289,15 +295,17 @@ void fastcall __up_read(struct rw_semaph */ void fastcall __up_write(struct rw_semaphore *sem) { + unsigned long flags; + rwsemtrace(sem, "Entering __up_write"); - spin_lock(&sem->wait_lock); + spin_lock_irqsave(&sem->wait_lock, flags); sem->activity = 0; if (!list_empty(&sem->wait_list)) sem = __rwsem_do_wake(sem, 1); - spin_unlock(&sem->wait_lock); + spin_unlock_irqrestore(&sem->wait_lock, flags); rwsemtrace(sem, "Leaving __up_write"); } @@ -308,15 +316,17 @@ void fastcall __up_write(struct rw_semap */ void fastcall __downgrade_write(struct rw_semaphore *sem) { + unsigned long flags; + rwsemtrace(sem, "Entering __downgrade_write"); - spin_lock(&sem->wait_lock); + spin_lock_irqsave(&sem->wait_lock, flags); sem->activity = 1; if (!list_empty(&sem->wait_list)) sem = __rwsem_do_wake(sem, 0); - spin_unlock(&sem->wait_lock); + spin_unlock_irqrestore(&sem->wait_lock, flags); rwsemtrace(sem, "Leaving __downgrade_write"); } diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/Makefile linux-2.6.11-ck4/Makefile --- linux-2.6.11-ck3/Makefile 2005-03-26 11:33:22.000000000 +1100 +++ linux-2.6.11-ck4/Makefile 2005-04-09 11:17:30.000000000 +1000 @@ -1,8 +1,8 @@ VERSION = 2 PATCHLEVEL = 6 SUBLEVEL = 11 -EXTRAVERSION = -ck3 -NAME=Woozy Numbat +EXTRAVERSION = -ck4 +NAME=Cognac Woozy Numbat # *DOCUMENTATION* # To see a list of typical targets execute "make help" diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/mm/mmap.c linux-2.6.11-ck4/mm/mmap.c --- linux-2.6.11-ck3/mm/mmap.c 2005-03-26 11:33:22.000000000 +1100 +++ linux-2.6.11-ck4/mm/mmap.c 2005-03-02 19:30:30.000000000 +1100 @@ -1113,8 +1113,7 @@ out: __vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); if (vm_flags & VM_LOCKED) { mm->locked_vm += len >> PAGE_SHIFT; - if (!(vm_flags & VM_IO)) - make_pages_present(addr, addr + len); + make_pages_present(addr, addr + len); } if (flags & MAP_POPULATE) { up_write(&mm->mmap_sem); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/net/bluetooth/af_bluetooth.c linux-2.6.11-ck4/net/bluetooth/af_bluetooth.c --- linux-2.6.11-ck3/net/bluetooth/af_bluetooth.c 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.11-ck4/net/bluetooth/af_bluetooth.c 2005-04-09 11:17:30.000000000 +1000 @@ -64,7 +64,7 @@ static kmem_cache_t *bt_sock_cache; int bt_sock_register(int proto, struct net_proto_family *ops) { - if (proto >= BT_MAX_PROTO) + if (proto < 0 || proto >= BT_MAX_PROTO) return -EINVAL; if (bt_proto[proto]) @@ -77,7 +77,7 @@ EXPORT_SYMBOL(bt_sock_register); int bt_sock_unregister(int proto) { - if (proto >= BT_MAX_PROTO) + if (proto < 0 || proto >= BT_MAX_PROTO) return -EINVAL; if (!bt_proto[proto]) @@ -92,7 +92,7 @@ static int bt_sock_create(struct socket { int err = 0; - if (proto >= BT_MAX_PROTO) + if (proto < 0 || proto >= BT_MAX_PROTO) return -EINVAL; #if defined(CONFIG_KMOD) diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/net/ipv4/tcp_input.c linux-2.6.11-ck4/net/ipv4/tcp_input.c --- linux-2.6.11-ck3/net/ipv4/tcp_input.c 2005-03-02 19:30:30.000000000 +1100 +++ linux-2.6.11-ck4/net/ipv4/tcp_input.c 2005-04-09 11:17:30.000000000 +1000 @@ -1653,7 +1653,10 @@ static void DBGUNDO(struct sock *sk, str static void tcp_undo_cwr(struct tcp_sock *tp, int undo) { if (tp->prior_ssthresh) { - tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1); + if (tcp_is_bic(tp)) + tp->snd_cwnd = max(tp->snd_cwnd, tp->bictcp.last_max_cwnd); + else + tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1); if (undo && tp->prior_ssthresh > tp->snd_ssthresh) { tp->snd_ssthresh = tp->prior_ssthresh; diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/net/ipv4/xfrm4_output.c linux-2.6.11-ck4/net/ipv4/xfrm4_output.c --- linux-2.6.11-ck3/net/ipv4/xfrm4_output.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.11-ck4/net/ipv4/xfrm4_output.c 2005-04-09 11:17:30.000000000 +1000 @@ -103,17 +103,17 @@ int xfrm4_output(struct sk_buff *skb) goto error_nolock; } - spin_lock_bh(&x->lock); - err = xfrm_state_check(x, skb); - if (err) - goto error; - if (x->props.mode) { err = xfrm4_tunnel_check_size(skb); if (err) - goto error; + goto error_nolock; } + spin_lock_bh(&x->lock); + err = xfrm_state_check(x, skb); + if (err) + goto error; + xfrm4_encap(skb); err = x->type->output(skb); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/net/ipv6/xfrm6_output.c linux-2.6.11-ck4/net/ipv6/xfrm6_output.c --- linux-2.6.11-ck3/net/ipv6/xfrm6_output.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.11-ck4/net/ipv6/xfrm6_output.c 2005-04-09 11:17:30.000000000 +1000 @@ -103,17 +103,17 @@ int xfrm6_output(struct sk_buff *skb) goto error_nolock; } - spin_lock_bh(&x->lock); - err = xfrm_state_check(x, skb); - if (err) - goto error; - if (x->props.mode) { err = xfrm6_tunnel_check_size(skb); if (err) - goto error; + goto error_nolock; } + spin_lock_bh(&x->lock); + err = xfrm_state_check(x, skb); + if (err) + goto error; + xfrm6_encap(skb); err = x->type->output(skb); diff -Naurp --exclude-from=/home/con/kernel/dontdiff linux-2.6.11-ck3/sound/core/timer.c linux-2.6.11-ck4/sound/core/timer.c --- linux-2.6.11-ck3/sound/core/timer.c 2005-03-02 19:30:31.000000000 +1100 +++ linux-2.6.11-ck4/sound/core/timer.c 2005-04-09 11:17:30.000000000 +1000 @@ -1117,7 +1117,8 @@ static void snd_timer_user_append_to_tqu if (tu->qused >= tu->queue_size) { tu->overrun++; } else { - memcpy(&tu->queue[tu->qtail++], tread, sizeof(*tread)); + memcpy(&tu->tqueue[tu->qtail++], tread, sizeof(*tread)); + tu->qtail %= tu->queue_size; tu->qused++; } } @@ -1140,6 +1141,8 @@ static void snd_timer_user_ccallback(snd spin_lock(&tu->qlock); snd_timer_user_append_to_tqueue(tu, &r1); spin_unlock(&tu->qlock); + kill_fasync(&tu->fasync, SIGIO, POLL_IN); + wake_up(&tu->qchange_sleep); } static void snd_timer_user_tinterrupt(snd_timer_instance_t *timeri,