commit 6be2b9d741428eb461fc557e986d9921238bfb9b Author: Chris Wright Date: Mon Jun 9 11:27:19 2008 -0700 Linux 2.6.25.6 commit fd22beb45137e0920e34b03f9067c59a16350669 Author: Hugh Dickins Date: Thu Jun 5 15:09:02 2008 +0100 x86: fix bad pmd ffff810000207xxx(9090909090909090) upstream commit: 2884f110d5409714f3a04eeb6d2ecd77da66b242 OGAWA Hirofumi and Fede have reported rare pmd_ERROR messages: mm/memory.c:127: bad pmd ffff810000207xxx(9090909090909090). Initialization's cleanup_highmap was leaving alignment filler behind in the pmd for MODULES_VADDR: when vmalloc's guard page would occupy a new page table, it's not allocated, and then module unload's vfree hits the bad 9090 pmd entry left over. Signed-off-by: Hugh Dickins Signed-off-by: Ingo Molnar Hugh notes: It's actually not a serious problem, but it does look as if it's a serious problem, so we should stamp it out. Signed-off-by: Chris Wright commit 8dbac2301d9dae0646f7b87e62f8cdee9a6e208b Author: CHIKAMA masaki Date: Fri Jun 6 18:41:31 2008 +0000 cpufreq: fix null object access on Transmeta CPU upstream commit: 879000f94442860e72c934f9e568989bc7fb8ec4 If cpu specific cpufreq driver(i.e. longrun) has "setpolicy" function, governor object isn't set into cpufreq_policy object at "__cpufreq_set_policy" function in driver/cpufreq/cpufreq.c . This causes a null object access at "store_scaling_setspeed" and "show_scaling_setspeed" function in driver/cpufreq/cpufreq.c when reading or writing through /sys interface (ex. cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_setspeed) Addresses: http://bugzilla.kernel.org/show_bug.cgi?id=10654 https://bugzilla.redhat.com/show_bug.cgi?id=443354 Signed-off-by: CHIKAMA Masaki Cc: Dave Jones Cc: Chuck Ebbert Acked-by: Dominik Brodowski Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright commit 52491a6bd397c868a0e8b0282548e8527f26e705 Author: Andrew G. Morgan Date: Fri Jun 6 18:44:08 2008 +0000 capabilities: remain source compatible with 32-bit raw legacy capability support. upstream commit: ca05a99a54db1db5bca72eccb5866d2a86f8517f Source code out there hard-codes a notion of what the _LINUX_CAPABILITY_VERSION #define means in terms of the semantics of the raw capability system calls capget() and capset(). Its unfortunate, but true. Since the confusing header file has been in a released kernel, there is software that is erroneously using 64-bit capabilities with the semantics of 32-bit compatibilities. These recently compiled programs may suffer corruption of their memory when sys_getcap() overwrites more memory than they are coded to expect, and the raising of added capabilities when using sys_capset(). As such, this patch does a number of things to clean up the situation for all. It 1. forces the _LINUX_CAPABILITY_VERSION define to always retain its legacy value. 2. adopts a new #define strategy for the kernel's internal implementation of the preferred magic. 3. deprecates v2 capability magic in favor of a new (v3) magic number. The functionality of v3 is entirely equivalent to v2, the only difference being that the v2 magic causes the kernel to log a "deprecated" warning so the admin can find applications that may be using v2 inappropriately. [User space code continues to be encouraged to use the libcap API which protects the application from details like this. libcap-2.10 is the first to support v3 capabilities.] Fixes issue reported in https://bugzilla.redhat.com/show_bug.cgi?id=447518. Thanks to Bojan Smojver for the report. [akpm@linux-foundation.org: s/depreciate/deprecate/g] [akpm@linux-foundation.org: be robust about put_user size] [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Andrew G. Morgan Cc: Serge E. Hallyn Cc: Bojan Smojver Cc: stable@kernel.org Signed-off-by: Andrew Morton Signed-off-by: Chris Wright commit bd1253c627df8150301fbbe6fe79285ca1075188 Author: Dan Williams Date: Fri Jun 6 18:43:58 2008 +0000 md: fix prexor vs sync_request race upstream commit: e0a115e5aa554b93150a8dc1c3fe15467708abb2 During the initial array synchronization process there is a window between when a prexor operation is scheduled to a specific stripe and when it completes for a sync_request to be scheduled to the same stripe. When this happens the prexor completes and the stripe is unconditionally marked "insync", effectively canceling the sync_request for the stripe. Prior to 2.6.23 this was not a problem because the prexor operation was done under sh->lock. The effect in older kernels being that the prexor would still erroneously mark the stripe "insync", but sync_request would be held off and re-mark the stripe as "!in_sync". Change the write completion logic to not mark the stripe "in_sync" if a prexor was performed. The effect of the change is to sometimes not set STRIPE_INSYNC. The worst this can do is cause the resync to stall waiting for STRIPE_INSYNC to be set. If this were happening, then STRIPE_SYNCING would be set and handle_issuing_new_read_requests would cause all available blocks to eventually be read, at which point prexor would never be used on that stripe any more and STRIPE_INSYNC would eventually be set. echo repair > /sys/block/mdN/md/sync_action will correct arrays that may have lost this race. Cc: Signed-off-by: Dan Williams Signed-off-by: Neil Brown Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds [chrisw: backport to 2.6.25.5] Signed-off-by: Chris Wright commit 16936480e23dcb50b7b9d76f61288876fcbd65f1 Author: Dan Williams Date: Fri Jun 6 18:43:53 2008 +0000 md: fix uninitialized use of mddev->recovery_wait upstream commit: a6d8113a986c66aeb379a26b6e0062488b3e59e1 If an array was created with --assume-clean we will oops when trying to set ->resync_max. Fix this by initializing ->recovery_wait in mddev_find. Cc: Signed-off-by: Dan Williams Signed-off-by: Neil Brown Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright commit 3c327ceee972ed6c39226d92e7855b6544ae974f Author: Dan Williams Date: Fri Jun 6 18:43:45 2008 +0000 md: do not compute parity unless it is on a failed drive upstream commit: c337869d95011495fa181536786e74aa2d7ff031 If a block is computed (rather than read) then a check/repair operation may be lead to believe that the data on disk is correct, when infact it isn't. So only compute blocks for failed devices. This issue has been around since at least 2.6.12, but has become harder to hit in recent kernels since most reads bypass the cache. echo repair > /sys/block/mdN/md/sync_action will set the parity blocks to the correct state. Cc: Signed-off-by: Dan Williams Signed-off-by: Neil Brown Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright commit 6a2115c0195d0b3aeee20016d628d2ccf0dde640 Author: Michael Halcrow Date: Fri Jun 6 18:43:31 2008 +0000 eCryptfs: remove unnecessary page decrypt call upstream commit: d3e49afbb66109613c3474f2273f5830ac2dcb09 The page decrypt calls in ecryptfs_write() are both pointless and buggy. Pointless because ecryptfs_get_locked_page() has already brought the page up to date, and buggy because prior mmap writes will just be blown away by the decrypt call. This patch also removes the declaration of a now-nonexistent function ecryptfs_write_zeros(). Thanks to Eric Sandeen and David Kleikamp for helping to track this down. Eric said: fsx w/ mmap dies quickly ( < 100 ops) without this, and survives nicely (to millions of ops+) with it in place. Signed-off-by: Michael Halcrow Cc: Eric Sandeen Cc: Dave Kleikamp Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds [chrisw: backport to 2.6.25.5] Signed-off-by: Chris Wright commit 921b0dbeeecd12729b49c0e9db1b70f5da1b20d3 Author: Jiri Kosina Date: Fri Jun 6 18:43:23 2008 +0000 brk: make sys_brk() honor COMPAT_BRK when computing lower bound upstream commit: a5b4592cf77b973c29e7c9695873a26052b58951 Fix a regression introduced by commit 4cc6028d4040f95cdb590a87db478b42b8be0508 Author: Jiri Kosina Date: Wed Feb 6 22:39:44 2008 +0100 brk: check the lower bound properly The check in sys_brk() on minimum value the brk might have must take CONFIG_COMPAT_BRK setting into account. When this option is turned on (i.e. we support ancient legacy binaries, e.g. libc5-linked stuff), the lower bound on brk value is mm->end_code, otherwise the brk start is allowed to be arbitrarily shifted. Signed-off-by: Jiri Kosina Tested-by: Geert Uytterhoeven Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright commit 3dac273cad59097a8ab335958a7c5904f0a99d65 Author: Thomas Tuttle Date: Fri Jun 6 18:41:41 2008 +0000 pagemap: fix bug in add_to_pagemap, require aligned-length reads of /proc/pid/pagemap upstream commit: aae8679b0ebcaa92f99c1c3cb0cd651594a43915 Fix a bug in add_to_pagemap. Previously, since pm->out was a char *, put_user was only copying 1 byte of every PFN, resulting in the top 7 bytes of each PFN not being copied. By requiring that reads be a multiple of 8 bytes, I can make pm->out and pm->end u64*s instead of char*s, which makes put_user work properly, and also simplifies the logic in add_to_pagemap a bit. [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Thomas Tuttle Cc: Matt Mackall Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright commit 7acdaecd4c3d8ab57c13e04e0cfd892d84952e9c Author: Vegard Nossum Date: Fri Jun 6 18:40:28 2008 +0000 proc: calculate the correct /proc/ link count upstream commit: aed5417593ad125283f35513573282139a8664b5 This patch: commit e9720acd728a46cb40daa52c99a979f7c4ff195c Author: Pavel Emelyanov Date: Fri Mar 7 11:08:40 2008 -0800 [NET]: Make /proc/net a symlink on /proc/self/net (v3) introduced a /proc/self/net directory without bumping the corresponding link count for /proc/self. This patch replaces the static link count initializations with a call that counts the number of directory entries in the given pid_entry table whenever it is instantiated, and thus relieves the burden of manually keeping the two in sync. [akpm@linux-foundation.org: cleanup] Acked-by: Eric W. Biederman Cc: Pavel Emelyanov Signed-off-by: Vegard Nossum Cc: "David S. Miller" Cc: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright commit 50e3ae09d6b1cc0146942437ce7a5f33fdb933fb Author: Casey Schaufler Date: Mon Jun 2 10:04:32 2008 -0700 Smack: fuse mount hang fix upstream commit: e97dcb0eadbb821eccd549d4987b653cf61e2374 The d_instantiate hook for Smack can hang on the root inode of a filesystem if the file system code has not really done all the set-up. Fuse is known to encounter this problem. This change detects an attempt to instantiate a root inode and addresses it early in the processing, before any attempt is made to do something that might hang. Signed-off-by: Casey Schaufler Tested-by: Luiz Fernando N. Capitulino Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright commit 1965da94d854758b4beebfeadcfae480039cbb76 Author: Alexey Dobriyan Date: Thu Jun 5 18:44:59 2008 -0500 atl1: fix 4G memory corruption bug upstream commit: aefdbf1a3b832a580a50cf3d1dcbb717be7cbdbe When using 4+ GB RAM and SWIOTLB is active, the driver corrupts memory by writing an skb after the relevant DMA page has been unmapped. Although this doesn't happen when *not* using bounce buffers, clearing the pointer to the DMA page after unmapping it fixes the problem. http://marc.info/?t=120861317000005&r=2&w=2 Signed-off-by: Alexey Dobriyan Signed-off-by: Jay Cliburn Signed-off-by: Jeff Garzik [jacliburn@bellsouth.net: backport to 2.6.25.4] Signed-off-by: Chris Wright commit e44f560e6d3f351c654a8d8b3dcdeb5f2bd81b5b Author: Patrick McHardy Date: Fri Jun 6 19:16:07 2008 +0200 netfilter: nf_conntrack_ipv6: fix inconsistent lock state in nf_ct_frag6_gather() upstream commit: b9c698964614f71b9c8afeca163a945b4c2e2d20 [ 63.531438] ================================= [ 63.531520] [ INFO: inconsistent lock state ] [ 63.531520] 2.6.26-rc4 #7 [ 63.531520] --------------------------------- [ 63.531520] inconsistent {softirq-on-W} -> {in-softirq-W} usage. [ 63.531520] tcpsic6/3864 [HC0[0]:SC1[1]:HE1:SE0] takes: [ 63.531520] (&q->lock#2){-+..}, at: [] ipv6_frag_rcv+0xd0/0xbd0 [ 63.531520] {softirq-on-W} state was registered at: [ 63.531520] [] __lock_acquire+0x3aa/0x1080 [ 63.531520] [] lock_acquire+0x76/0xa0 [ 63.531520] [] _spin_lock+0x2b/0x40 [ 63.531520] [] nf_ct_frag6_gather+0x3f6/0x910 ... According to this and another similar lockdep report inet_fragment locks are taken from nf_ct_frag6_gather() with softirqs enabled, but these locks are mainly used in softirq context, so disabling BHs is necessary. Reported-and-tested-by: Eric Sesterhenn Signed-off-by: Jarek Poplawski Signed-off-by: Patrick McHardy Signed-off-by: Chris Wright commit 28bd0ee9df114ed78c82135b55669bb6459e7bda Author: Patrick McHardy Date: Fri Jun 6 19:16:05 2008 +0200 netfilter: xt_connlimit: fix accouning when receive RST packet in ESTABLISHED state upstream commit: d2ee3f2c4b1db1320c1efb4dcaceeaf6c7e6c2d3 In xt_connlimit match module, the counter of an IP is decreased when the TCP packet is go through the chain with ip_conntrack state TW. Well, it's very natural that the server and client close the socket with FIN packet. But when the client/server close the socket with RST packet(using so_linger), the counter for this connection still exsit. The following patch can fix it which is based on linux-2.6.25.4 Signed-off-by: Dong Wei Acked-by: Jan Engelhardt Signed-off-by: Patrick McHardy Signed-off-by: Chris Wright commit 502f9661c07490f7691962b5956267c0bb01c601 Author: Patrick McHardy Date: Fri Jun 6 19:16:04 2008 +0200 netfilter: nf_conntrack_expect: fix error path unwind in nf_conntrack_expect_init() upstream commit: 12293bf91126ad253a25e2840b307fdc7c2754c3 Signed-off-by: Alexey Dobriyan Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller Signed-off-by: Chris Wright commit 84371d53c0aa64f9063fb6a01a17a73c4f243de8 Author: Suresh Siddha Date: Wed Jun 4 22:05:29 2008 +0000 x86, fpu: fix CONFIG_PREEMPT=y corruption of application's FPU stack upstream commit: 870568b39064cab2dd971fe57969916036982862 Jürgen Mell reported an FPU state corruption bug under CONFIG_PREEMPT, and bisected it to commit v2.6.19-1363-gacc2076, "i386: add sleazy FPU optimization". Add tsk_used_math() checks to prevent calling math_state_restore() which can sleep in the case of !tsk_used_math(). This prevents making a blocking call in __switch_to(). Apparently "fpu_counter > 5" check is not enough, as in some signal handling and fork/exec scenarios, fpu_counter > 5 and !tsk_used_math() is possible. It's a side effect though. This is the failing scenario: process 'A' in save_i387_ia32() just after clear_used_math() Got an interrupt and pre-empted out. At the next context switch to process 'A' again, kernel tries to restore the math state proactively and sees a fpu_counter > 0 and !tsk_used_math() This results in init_fpu() during the __switch_to()'s math_state_restore() And resulting in fpu corruption which will be saved/restored (save_i387_fxsave and restore_i387_fxsave) during the remaining part of the signal handling after the context switch. Bisected-by: Jürgen Mell Signed-off-by: Suresh Siddha Tested-by: Jürgen Mell Signed-off-by: Ingo Molnar Signed-off-by: Thomas Gleixner Signed-off-by: Chris Wright commit 3a2647b85bc7b6af9fd56e4c48cff7fa46243409 Author: Venkatesh Pallipadi Date: Mon Apr 28 15:13:43 2008 -0400 CPUFREQ: Make acpi-cpufreq more robust against BIOS freq changes behind our back. upstream commit: e56a727b023d40d1adf660168883f30f2e6abe0a We checked the hardware freq with OS cached freq value in get_cur_freqon_cpu(). Signed-off-by: Venkatesh Pallipadi Signed-off-by: Thomas Renninger Signed-off-by: Dave Jones Cc: Thomas Renninger Cc: "Anthony L. Awtrey" [chrisw: backport to 2.6.25.4] Signed-off-by: Chris Wright commit 582e7ebaa207504f23927bcf57ec56da42451846 Author: Diego 'Flameeyes' Petteno Date: Wed May 28 12:49:59 2008 +0200 HID: split Numlock emulation quirk from HID_QUIRK_APPLE_HAS_FN. upstream commit: 6e7045990f35ef9250804b3fd85e855b8c2aaeb6. [jkosina@suse.cz: Needed to fix apple aluminium keyboard regression] Since 2.6.25 the HID_QUIRK_APPLE_HAS_FN quirk is enabled even for non-laptop Apple keyboards of the Aluminium series. The USB version of these don't need Numlock emulation, like the laptop (and Aluminium Wireless) do, as they have a proper keypad. This patch splits the Numlock emulation for Apple keyboards in a different quirk flag, so that it can be enabled for all the keyboards but the Aluminium USB ones. If the Numlock emulation is enabled for Aluminium USB keyboards, the JKL and UIO keys become the numeric pad, and the rest of the keyboard is disabled, included the key used to disable Numlock. Additionally, these keyboard should not have a Numlock at all, as the Numlock key is instead replaced by the 'Clear' key as usual for Apple USB keyboards. Signed-off-by: Diego 'Flameeyes' Petteno Signed-off-by: Jiri Kosina Signed-off-by: Chris Wright commit cb7344d6596f4415c0d9e486b30b0458e5292a77 Author: Phil Oester Date: Tue May 13 23:27:48 2008 -0700 netfilter: xt_iprange: module aliases for xt_iprange upstream commit: 01b7a314291b2ef56ad718ee1374a1bac4768b29 Using iptables 1.3.8 with kernel 2.6.25, rules which include '-m iprange' don't automatically pull in xt_iprange module. Below patch adds module aliases to fix that. Patch against latest -git, but seems like a good candidate for -stable also. Signed-off-by: Phil Oester Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller Signed-off-by: Chris Wright commit 4d5f1d695a285331c793d58187e5ffddcbcc6a23 Author: Masakazu Mokuno Date: Mon May 12 13:50:28 2008 +0900 PS3: gelic: fix memory leak upstream commit: 6fc7431dc0775f21ad7a7a39c2ad0290291a56ea This fixes the bug that the I/O buffer is not freed at the driver removal. Signed-off-by: Masakazu Mokuno Signed-off-by: John W. Linville Signed-off-by: Chris Wright commit ad47080745eb5290a7883997ce7f8e317c5b241a Author: Linus Torvalds Date: Wed May 28 17:40:12 2008 -0400 Revert "PCI: remove default PCI expansion ROM memory allocation" upstream commit: 8d539108560ec121d59eee05160236488266221c This reverts commit 9f8daccaa05c14e5643bdd4faf5aed9cc8e6f11e, which was reported to break X startup (xf86-video-ati-6.8.0). See http://bugs.freedesktop.org/show_bug.cgi?id=15523 for details. Reported-by: Laurence Withers Cc: Gary Hade Cc: Greg KH Cc: Jan Beulich Cc: "Jun'ichi Nomura" Cc: Andrew Morton Cc: Ingo Molnar Cc: Thomas Gleixner Signed-off-by: Linus Torvalds [cebbert@redhat.com: backport, remove first hunk to make port easier] [chrisw@sous-sol.org: add back first hunk] Signed-off-by: Chris Wright commit 80f3186924d89e1e8f3dbe9d7efdd7921a355769 Author: Ingo Molnar Date: Wed May 28 17:33:46 2008 -0400 x86: prevent PGE flush from interruption/preemption upstream commit: b1979a5fda7869a790f4fd83fb06c78498d26ba1 CR4 manipulation is not protected against interrupts and preemption, but KVM uses smp_function_call to manipulate the X86_CR4_VMXE bit either from the CPU hotplug code or from the kvm_init call. We need to protect the CR4 manipulation from both interrupts and preemption. Original bug report: http://lkml.org/lkml/2008/5/7/48 Bugzilla entry: http://bugzilla.kernel.org/show_bug.cgi?id=10642 This is not a regression from 2.6.25, it's a long standing and hard to trigger bug. Signed-off-by: Ingo Molnar Signed-off-by: Thomas Gleixner Signed-off-by: Chris Wright commit 2486e8fca463e0f9e6edfebe07186cb7478c6a95 Author: Christoph Hellwig Date: Wed May 28 17:29:44 2008 -0400 XFS: Fix memory corruption with small buffer reads upstream commit: 6ab455eeaff6893cd06da33843e840d888cdc04a When we have multiple buffers in a single page for a blocksize == pagesize filesystem we might overwrite the page contents if two callers hit it shortly after each other. To prevent that we need to keep the page locked until I/O is completed and the page marked uptodate. Thanks to Eric Sandeen for triaging this bug and finding a reproducible testcase and Dave Chinner for additional advice. This should fix kernel.org bz #10421. Tested-by: Eric Sandeen SGI-PV: 981813 SGI-Modid: xfs-linux-melb:xfs-kern:31173a Signed-off-by: Christoph Hellwig Signed-off-by: David Chinner Signed-off-by: Lachlan McIlroy Signed-off-by: Chris Wright commit 6bdb15cddf9d758c825cf28678d1f903104d2134 Author: Thomas Gleixner Date: Sat May 24 17:40:17 2008 +0000 x86: disable TSC for sched_clock() when calibration failed upstream commit: 74dc51a3de06aa516e3b9fdc4017b2aeb38bf44b When the TSC calibration fails then TSC is still used in sched_clock(). Disable it completely in that case. Signed-off-by: Thomas Gleixner Cc: stable@kernel.org Signed-off-by: Chris Wright commit 94aa6550e8668fab1997e2d57a48b22cf68090b2 Author: Thomas Gleixner Date: Tue May 13 12:31:00 2008 +0200 x86: distangle user disabled TSC from unstable upstream commit: 9ccc906c97e34fd91dc6aaf5b69b52d824386910 tsc_enabled is set to 0 from the command line switch "notsc" and from the mark_tsc_unstable code. Seperate those functionalities and replace tsc_enable with tsc_disable. This makes also the native_sched_clock() decision when to use TSC understandable. Preparatory patch to solve the sched_clock() issue on 32 bit. Signed-off-by: Thomas Gleixner Signed-off-by: Chris Wright commit cf8ec9fd81d2be5cdcd978ca7ca1977d0548d7cb Author: Rusty Russell Date: Tue Mar 4 23:07:50 2008 +1100 x86: if we cannot calibrate the TSC, we panic. upstream commit: 3c2047cd32b1a8c782d7efab72707e7daa251625 The current tsc_init() clears the TSC feature bit if the TSC khz cannot be calculated, causing us to panic in arch/x86/kernel/cpu/bugs.c check_config(). We should simply mark it unstable. Frankly, someone should take an axe to this code. mark_tsc_unstable() not only marks it unstable, but sets tsc_enabled to 0, which seems redundant but is actually important here because means it won't be used by sched_clock() either. Perhaps a tristate enum "UNUSABLE, UNSTABLE, OK" would be clearer, and separate mark_tsc_unstable() and mark_tsc_broken() functions? Signed-off-by: Rusty Russell Signed-off-by: Ingo Molnar Signed-off-by: Chris Wright commit 611a6f01f6cf797604dea042a0b64a868fd3170b Author: Thomas Gleixner Date: Sat May 24 17:40:18 2008 +0000 x86: fix setup of cyc2ns in tsc_64.c upstream commit: b6db80ee1331e7beaeb91b4b3d946dd16c72e388 When the TSC is calibrated against the PIT due to the nonavailability of PMTIMER/HPET or due to SMI interference then the setup of the per CPU cyc2ns variables is skipped. This is unlikely to happen but it would definitely render sched_clock() unusable. This was introduced with commit 53d517cdbaac704352b3d0c10fecb99e0b54572e x86: scale cyc_2_nsec according to CPU frequency Update the per CPU cyc2ns variables in all exit pathes of tsc_calibrate. Signed-off-by: Thomas Gleixner Cc: stable@kernel.org Signed-off-by: Chris Wright commit fdeb373e553c6feedfba6ffd005f837b5fef3622 Author: Jack Morgenstein Date: Sat May 24 17:40:21 2008 +0000 IPoIB: Test for NULL broadcast object in ipiob_mcast_join_finish() upstream commit: e1d50dce5af77cb6d33555af70e2b8748dd84009 We saw a kernel oops in our regression testing when a multicast "join finish" occurred just after the interface was -- this is . The test randomly causes the HCA physical port to go down then up. The cause of this is that ipoib_mcast_join_finish() processing happen just after ipoib_mcast_dev_flush() was invoked (in which case the broadcast pointer is NULL). This patch tests for and handles the case where priv->broadcast is NULL. Cc: Signed-off-by: Jack Morgenstein Signed-off-by: Roland Dreier Signed-off-by: Chris Wright commit 687b21a34349aea5f9cf9bab07e7a981500d8a67 Author: Chuck Ebbert Date: Sat May 24 17:40:16 2008 +0000 x86: don't read maxlvt before checking if APIC is mapped upstream commit: 2584a82deed7196f48066f1b1a7fad4ec5bea961 A check for unmapped apic was added before reading maxlvt but the early read of maxlvt wasn't removed. Signed-off-by: Chuck Ebbert Cc: Andi Kleen Signed-off-by: Thomas Gleixner Signed-off-by: Chris Wright commit bbd8ceb5e10bfcf6e235eba1a8b1c5d00f0c5137 Author: maximilian attems Date: Sat May 24 17:40:14 2008 +0000 types.h: don't expose struct ustat to userspace upstream commit: 6c7c6afbb8c0e60d32a563cae7c6889211e9d9d8 can't be used together with because they both define struct ustat: $ cat test.c #include #include $ gcc -c test.c In file included from test.c:2: /usr/include/linux/types.h:165: error: redefinition of 'struct ustat' has been reported a while ago to debian, but seems to have been lost in cat fighting: http://bugs.debian.org/429064 Signed-off-by: maximilian attems Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright commit d7f8570c79107646445ffe2eba5e556c2c89c4d8 Author: Cedric Le Goater Date: Sat May 24 17:40:10 2008 +0000 cgroups: remove node_ prefix_from ns subsystem upstream commit: 5c02b575780d0d785815a1e7b79a98edddee895a This is a slight change in the namespace cgroup subsystem api. The change is that previously when cgroup_clone() was called (currently only from the unshare path in ns_proxy cgroup, you'd get a new group named "node_$pid" whereas now you'll get a group named after just your pid.) The only users who would notice it are those who are using the ns_proxy cgroup subsystem to auto-create cgroups when namespaces are unshared - something of an experimental feature, which I think really needs more complete container/namespace support in order to be useful. I suspect the only users are Cedric and Serge, or maybe a few others on containers@lists.linux-foundation.org. And in fact it would only be noticed by the users who make the assumption about how the name is generated, rather than getting it from the /proc//cgroups file for the process in question. Whether the change is actually needed or not I'm fairly agnostic on, but I guess it is more elegant to just use the pid as the new group name rather than adding a fairly arbitrary "node_" prefix on the front. [menage@google.com: provided changelog] Signed-off-by: Cedric Le Goater Cc: "Paul Menage" Cc: "Serge E. Hallyn" Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright commit c0e23ad0d9403d173e9838ce2377799d2207dd2d Author: Atsushi Nemoto Date: Wed May 21 02:35:17 2008 +0000 usb-serial: Use ftdi_sio driver for RATOC REX-USB60F upstream commit: 26ab705396b65a469233a8327ecb51b8aebb6be0 This patch reverts 57833ea6b95a3995149f1f6d1a8d8862ab7a0ba2 ("usb-serial: pl2303: add support for RATOC REX-USB60F") and adds support for the device to ftdi_sio driver. Cc: Akira Tsukamoto Signed-off-by: Atsushi Nemoto Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chris Wright commit 720386d64cc2f455fee6c5e1a903f79adc1f13ce Author: Greg Kroah-Hartman Date: Wed May 21 02:35:14 2008 +0000 USB: add TELIT HDSPA UC864-E modem to option driver upstream commit: ee53b0ca0153b4f944cb142b5e65c96a1860d765 This adds the Telit UC864-E HDSPA modem support to the option driver. This lets their customers comply with the GPL instead of having to use a binary driver from the manufacturer. Cc: Simon Kissel Cc: Nico Erfurth Cc: Andrea Ghezzo Cc: Dietmar Staps Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chris Wright commit 5e7d20ab1775e4c0416c9db243d25b22158701c6 Author: Steve French Date: Tue May 20 18:21:49 2008 -0400 CIFS: Fix UNC path prefix on QueryUnixPathInfo to have correct slash upstream commit: 076d8423a98659a92837b07aa494cb74bfefe77c When a share was in DFS and the server was Unix/Linux, we were sending paths of the form \\server\share/dir/file rather than //server/share/dir/file There was some discussion between me and jra over whether we should use /server/share/dir/file as MS sometimes says - but the documentation for this claims it should be doubleslash for this type of UNC-like path format and that works, so leaving it as doubleslash but converting the \ to / in the the //server/share portion. This gets Samba to now correctly return STATUS_PATH_NOT_COVERED when it is supposed to (Windows already did since the direction of the slash was not an issue for them). Still need another minor change to fully enable DFS (need to finish some chages to SMBGetDFSRefer Signed-off-by: Steve French Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 1012388341e7a053ae68d34a5a7dc433b10f81d4 Author: Jan Beulich Date: Tue May 20 18:20:00 2008 -0400 i386: fix asm constraint in do_IRQ() upstream commit: 5065dbafc299507f16731434e95b91dadff03006 i386: fix asm constraint in do_IRQ() Two prior changes resulted in the "ecx" clobber being lost. Signed-off-by: Jan Beulich Signed-off-by: Ingo Molnar Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 7fdd04485f827d178c02e4ede7d1781f3b8276cc Author: Roland McGrath Date: Fri May 9 15:43:44 2008 -0700 x86: user_regset_view table fix for ia32 on 64-bit commit 1f465f4e475454b8bb590846c50a9d16e8046f3d upstream The user_regset_view table for the 32-bit regsets on the 64-bit build had the wrong sizes for the FP regsets. This bug had no user-visible effect (just on kernel modules using the user_regset interfaces and the like). But the fix is trivial and risk-free. Signed-off-by: Roland McGrath Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chris Wright commit 4715fd51f30c385fbc45ceb38dcd9a495487a2f8 Author: Jean Delvare Date: Mon May 19 11:14:02 2008 +0200 i2c/max6875: Really prevent 24RF08 corruption commit 70455e790391dac85d9b483a9e286a40df1ecc7f in upstream i2c-core takes care of the possible corruption of 24RF08 chips for quite some times, so device drivers no longer need to do it. And they really should not, as applying the prevention twice voids it. I thought that I had fixed all drivers long ago but apparently I had missed that one. Signed-off-by: Jean Delvare Cc: Ben Gardner Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chris Wright commit 6c1e0ffbb2119b4e6416210969901f9c5d792aed Author: Jean Delvare Date: Mon May 19 11:12:07 2008 +0200 i2c-nforce2: Disable the second SMBus channel on the DFI Lanparty NF4 Expert commit 08851d6eb4eeb0894f4d095dfdf8ab61c435ad57 in upstream There is a strange chip at 0x2e on the second SMBus channel of the DFI Lanparty NF4 Expert motherboard. Accessing the chip reboots the system. As there's nothing interesting on this SMBus channel, the easiest and safest thing to do is to disable it on that board. This is a better fix to bug #5889 than the it87 driver update that was done originally: http://bugzilla.kernel.org/show_bug.cgi?id=5889 Signed-off-by: Jean Delvare Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chris Wright commit af00e1d3e02aa7d0a04d7c837ef845887abe17fd Author: Greg Kroah-Hartman Date: Wed May 14 19:21:22 2008 +0000 USB: fix build errors in ohci-omap.c and ohci-sm501.c This fixes the build errors previously caused by 45fa78357eab3287b5c39f2d983b91150b3f4bd8 This makes the code mirror what went into Linus's tree previously. Reported-by: Randy Dunlap Cc: Alan Stern Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chris Wright commit 06c9630008899ee40df90c5ff248c2165fda54fd Author: Heiko Carstens Date: Thu May 15 02:45:16 2008 +0000 memory_hotplug: always initialize pageblock bitmap commit 76cdd58e558669366adfaded436fda01b30cce3e upstream Trying to online a new memory section that was added via memory hotplug sometimes results in crashes when the new pages are added via __free_page. Reason for that is that the pageblock bitmap isn't initialized and hence contains random stuff. That means that get_pageblock_migratetype() returns also random stuff and therefore list_add(&page->lru, &zone->free_area[order].free_list[migratetype]); in __free_one_page() tries to do a list_add to something that isn't even necessarily a list. This happens since 86051ca5eaf5e560113ec7673462804c54284456 ("mm: fix usemap initialization") which makes sure that the pageblock bitmap gets only initialized for pages present in a zone. Unfortunately for hot-added memory the zones "grow" after the memmap and the pageblock memmap have been initialized. Which means that the new pages have an unitialized bitmap. To solve this the calls to grow_zone_span() and grow_pgdat_span() are moved to __add_zone() just before the initialization happens. The patch also moves the two functions since __add_zone() is the only caller and I didn't want to add a forward declaration. Signed-off-by: Heiko Carstens Cc: Andy Whitcroft Cc: Dave Hansen Cc: Gerald Schaefer Cc: KAMEZAWA Hiroyuki Cc: Yasunori Goto Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chris Wright commit c8b3aee8e35a6412bd73d124d0f12639feab9538 Author: Tejun Heo Date: Thu May 15 22:14:57 2008 +0900 libata: force hardreset if link is in powersave mode Inhibiting link PM mode doesn't bring the link back online if it's already in powersave mode. If SRST is used in these cases, libata EH thinks that the link is offline and fails detection. Force hardreset if link is in powersave mode. Signed-off-by: Tejun Heo Cc: Jeff Garzik Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chris Wright commit 2e11e376bf8c26498fb1e5678b533f44902bb530 Author: Tiger Yang Date: Thu May 15 02:45:18 2008 +0000 ext3/4: fix uninitialized bs in ext3/4_xattr_set_handle() commit 7e01c8e5420b6c7f9d85d34c15d8c7a15c9fc720 upstream This fix the uninitialized bs when we try to replace a xattr entry in ibody with the new value which require more than free space. This situation only happens we format ext3/4 with inode size more than 128 and we have put xattr entries both in ibody and block. The consequences about this bug is we will lost the xattr block which pointed by i_file_acl with all xattr entires in it. We will alloc a new xattr block and put that large value entry in it. The old xattr block will become orphan block. Signed-off-by: Tiger Yang Cc: Cc: Andreas Gruenbacher Acked-by: Andreas Dilger Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chris Wright commit e594f136b69ca9409470f678824a7f1e3ef37e41 Author: Greg Kroah-Hartman Date: Wed May 14 19:21:22 2008 +0000 USB: add Telstra NextG CDMA id to option driver commit 23cacd65f65956426bbca25964a68c174db83a31 upstream As reported by Magnus Boman Cc: Magnus Boman Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chris Wright commit b74759bf0b0b0e7c5757504111f642347afdbcbb Author: Eugeniy Meshcheryakov Date: Wed May 14 19:21:09 2008 +0000 USB: do not handle device 1410:5010 in 'option' driver commit cdafc37a7b727b75ced65e31e47dafbd8b70f97f upstream This device is not a serial port, but a virtual CD-ROM device. For example with my Novatel MC950D: lsusb -v -d 1410:5010 | grep InterfaceClass bInterfaceClass 8 Mass Storage After some time (ca. 5min) or if virtual CD is ejected, device id changes to 1410:4400: % lsusb -v -d 1410:4400 | grep InterfaceClass bInterfaceClass 255 Vendor Specific Class bInterfaceClass 255 Vendor Specific Class Variable name says that 0x5010 is a Novatel U727, but searching in internet shows, that this device also provides virtual CD that should be ejected before use. Product id for serial port in this case is 0x4100. Signed-off-by: Eugeniy Meshcheryakov Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chris Wright commit 5b64a9a1a8b8ea949a15647fd4b991c89e37611d Author: Iain McFarlane Date: Wed May 14 19:21:19 2008 +0000 USB: add Zoom Telephonics Model 3095F V.92 USB Mini External modem to cdc-acm commit 6149ed5e3a6207595bd7362af7724d64f44af216 upstream The patch below is a necessary workaround to support the Zoom Telephonics Model 3095F V.92 USB Mini External modem, which fails to initialise properly during normal probing thus: May 3 22:53:00 imcfarla kernel: drivers/usb/class/cdc-acm.c: Zero length descriptor references May 3 22:53:00 imcfarla kernel: cdc_acm: probe of 5-2:1.0 failed with error -22 Adding the patch below causes the probing section to be skipped, and the modem then initialises correctly. Signed-off-by: Iain McFarlane Acked-by: Oliver Neukum Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chris Wright commit 9b493f43765d7709768d0576ac8487de14fa0d53 Author: Dan Williams Date: Wed May 14 19:20:56 2008 +0000 USB: option: add new Dell 5520 HSDPA variant commit 96cb15cf977356d9d3117dd88f3fe187d6024f4b upstream New variant of the 5520 found by Luke Sheldrick. Signed-off-by: Dan Williams Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chris Wright commit 39b6f2780c9415317d643772e92a7ff262593144 Author: Filip Aben Date: Wed May 14 19:21:03 2008 +0000 USB: unusual_devs: Add support for GI 0401 SD-Card interface commit e7c6f80fd733218aa1e79efa5d9ece9f76966160 upstream Enables the SD-Card interface on the GI 0401 HSUPA card from Option. The unusual_devs.h entry is necessary because the device descriptor is vendor-specific. That prevents usb-storage from binding to it as an interface driver. This revised patch adds a small comment explaining why and reduces the rev range. T: Bus=02 Lev=01 Prnt=01 Port=06 Cnt=01 Dev#= 3 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=ff(vend.) Sub=ff Prot=ff MxPS=64 #Cfgs= 1 P: Vendor=0af0 ProdID=7401 Rev= 0.00 S: Manufacturer=Option N.V. S: Product=Globetrotter HSUPA Modem C:* #Ifs=10 Cfg#= 1 Atr=80 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 0 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) I: If#= 0 Alt= 1 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms I:* If#= 1 Alt= 0 #EPs= 0 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) I: If#= 1 Alt= 1 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms I:* If#= 2 Alt= 0 #EPs= 0 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) I: If#= 2 Alt= 1 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms I:* If#= 3 Alt= 0 #EPs= 0 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) I: If#= 3 Alt= 1 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms I:* If#= 4 Alt= 0 #EPs= 0 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) I: If#= 4 Alt= 1 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms I:* If#= 5 Alt= 0 #EPs= 0 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) I: If#= 5 Alt= 1 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms I:* If#= 6 Alt= 0 #EPs= 0 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) I: If#= 6 Alt= 1 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms I:* If#= 7 Alt= 0 #EPs= 0 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) I: If#= 7 Alt= 1 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=08(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms I:* If#= 8 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=89(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=8a(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=09(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms I:* If#= 9 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage E: Ad=0a(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms Signed-off-by: Filip Aben Signed-off-by: Phil Dibowitz Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chris Wright commit f9ca235d7d22c1aabd98c44f94e059c949ed567a Author: Xiaofan Chen Date: Wed May 14 19:20:51 2008 +0000 USB: remove PICDEM FS USB demo (04d8:000c) device from ldusb commit 5fc89390f74ac42165db477793fb30f6a200e79c upstream Date: Tue, 13 May 2008 21:52:00 +0800 Subject: USB: remove PICDEM FS USB demo (04d8:000c) device from ldusb Microchip has changed the PICDEM FS USB demo device (0x04d8:000c) to use bulk transfer and not interrupt transfer. So I've updated the libusb based program here (Post #31). http://forum.microchip.com/tm.aspx?m=106426&mpage=2 So I believe that the in-kernel ldusb driver will no longer work with the demo firmware. It should be removed. Signed-off-by: Xiaofan Chen Cc: Michael Hund Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chris Wright commit 77baabb259ede46ded3f9a85b446f37aaaa9edf8 Author: Paul Mackerras Date: Wed May 14 09:31:07 2008 +1000 POWERPC Bolt in SLB entry for kernel stack on secondary cpus This is upstream as commit 3b5750644b2ffa2a76fdfe7b4e00e4af2ecf3539. This fixes a regression reported by Kamalesh Bulabel where a POWER4 machine would crash because of an SLB miss at a point where the SLB miss exception was unrecoverable. This regression is tracked at: http://bugzilla.kernel.org/show_bug.cgi?id=10082 SLB misses at such points shouldn't happen because the kernel stack is the only memory accessed other than things in the first segment of the linear mapping (which is mapped at all times by entry 0 of the SLB). The context switch code ensures that SLB entry 2 covers the kernel stack, if it is not already covered by entry 0. None of entries 0 to 2 are ever replaced by the SLB miss handler. Where this went wrong is that the context switch code assumes it doesn't have to write to SLB entry 2 if the new kernel stack is in the same segment as the old kernel stack, since entry 2 should already be correct. However, when we start up a secondary cpu, it calls slb_initialize, which doesn't set up entry 2. This is correct for the boot cpu, where we will be using a stack in the kernel BSS at this point (i.e. init_thread_union), but not necessarily for secondary cpus, whose initial stack can be allocated anywhere. This doesn't cause any immediate problem since the SLB miss handler will just create an SLB entry somewhere else to cover the initial stack. In fact it's possible for the cpu to go quite a long time without SLB entry 2 being valid. Eventually, though, the entry created by the SLB miss handler will get overwritten by some other entry, and if the next access to the stack is at an unrecoverable point, we get the crash. This fixes the problem by making slb_initialize create a suitable entry for the kernel stack, if we are on a secondary cpu and the stack isn't covered by SLB entry 0. This requires initializing the get_paca()->kstack field earlier, so I do that in smp_create_idle where the current field is initialized. This also abstracts a bit of the computation that mk_esid_data in slb.c does so that it can be used in slb_initialize. Signed-off-by: Paul Mackerras Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chris Wright