commit d60cceec0948426ee9b468f0ded136f56f506169 Author: Greg Kroah-Hartman Date: Fri Feb 6 14:49:24 2009 -0800 Linux 2.6.27.15 commit 94f67585bfe7b543f72ec3e55a768d3aa1a79b6e Author: Lin Ming Date: Thu Nov 13 10:54:39 2008 +0800 ACPICA: Allow multiple backslash prefix in namepaths commit d037c5fd7367548191eab2b376a1d08c4ffaf7ff upstream. In a fully qualified namepath, allow multiple backslash prefixes. This can happen because of the use of a double-backslash in strings (since backslash is the escape character) causing confusion. ACPICA BZ 739 Lin Ming. http://www.acpica.org/bugzilla/show_bug.cgi?id=739 Signed-off-by: Lin Ming Signed-off-by: Bob Moore Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit 8dad4906c15a3907e96a4fad3119e05c407418d1 Author: Mark Lord Date: Tue Jan 27 16:33:13 2009 -0500 sata_mv: Fix chip type for Hightpoint RocketRaid 1740/1742 commit 4462254ac6be9150aae87d54d388fc348d6fcead upstream. Fix chip type for the Highpoint RocketRAID 1740 and 1742 PCI cards. These really do have Marvell 6042 chips on them, rather than the 5081 chip. Confirmed by multiple (two) users (for the 1740), and by examining the product photographs from Highpoint's web site. Signed-off-by: Mark Lord Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman commit 91dbeaec2e6c589217394eaf5112f33bdc49f208 Author: Jeff Layton Date: Wed Jan 21 11:34:50 2009 -0500 dlm: initialize file_lock struct in GETLK before copying conflicting lock commit 20d5a39929232a715f29e6cb7e3f0d0c790f41eb upstream. dlm_posix_get fills out the relevant fields in the file_lock before returning when there is a lock conflict, but doesn't clean out any of the other fields in the file_lock. When nfsd does a NFSv4 lockt call, it sets the fl_lmops to nfsd_posix_mng_ops before calling the lower fs. When the lock comes back after testing a lock on GFS2, it still has that field set. This confuses nfsd into thinking that the file_lock is a nfsd4 lock. Fix this by making DLM reinitialize the file_lock before copying the fields from the conflicting lock. Signed-off-by: Jeff Layton Signed-off-by: David Teigland Signed-off-by: Greg Kroah-Hartman commit c92391233d3ce7337a131295f9838b74d2ba32f6 Author: Rafael J. Wysocki Date: Tue Jan 27 17:39:02 2009 +0100 ACPI suspend: Blacklist HP xw4600 Workstation for old code ordering commit 4fb507b6b764195bb7821cf2baa988f6eb677d30 HP xw4600 Workstation is known to require the "old" (ie. compatible with ACPI 1.0) suspend code ordering, so blacklist it for this purpose. Signed-off-by: Rafael J. Wysocki Tested-by: John Brown Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit d31aee5fb34719e89fa800caf3954c8de5680ebc Author: Rafael J. Wysocki Date: Mon Dec 29 19:19:07 2008 +0100 ACPI: Do not modify SCI_EN directly commit 11e93130c7ce5228d484fd5e86f3984835d4256b upstream. According to the ACPI specification the SCI_EN flag is controlled by the hardware, which sets this flag to inform the kernel that ACPI is enabled. For this reason, we shouldn't try to modify SCI_EN directly. Also, we don't need to do it in irqrouter_resume(), since lower-level resume code takes care of enabling ACPI in case it hasn't been enabled by the BIOS before passing control to the kernel (which by the way is against the ACPI specification). Signed-off-by: Rafael J. Wysocki Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit 04fa5274d09f88417bce73c9364018a876227505 Author: Alexey Starikovskiy Date: Tue Dec 23 02:44:54 2008 +0300 Newly inserted battery might differ from one just removed, so update of battery info fields is required. commit 50b178512b7d6e7724f87459f6bd06504c9c2da1 upstream. Signed-off-by: Alexey Starikovskiy Acked-by: Andy Neitzke Signed-off-by: Alexey Starikovskiy Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit 0a3e5c9d9093df1358ae3e6a5c151d172d2a871e Author: Zhang Rui Date: Fri Oct 17 01:42:41 2008 -0400 don't load asus-acpi if model is not supported commit 7745384080ef70f7710530afa3e45477b126e056 upstream. asus_hotk_get_info should return -ENODEV if the model is not supported. http://bugzilla.kernel.org/show_bug.cgi?id=10389 Signed-off-by: Zhang Rui Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit 9b304c0bd70f0056f86340ee6eafacefbbb6a5e8 Author: Zhang Rui Date: Wed Dec 31 10:58:48 2008 +0800 video: always update the brightness when poking "brightness" commit 9e6dada9d255497127251c03aaa59296d186f959 upstream. always update props.brightness no matter the backlight is changed via procfs, hotkeys or sysfs. Sighed-off-by: Zhang Rui Acked-by: Matthew Garrett Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit a21e824081db7004d321e201872c04d82663f6eb Author: Corentin Chary Date: Wed Sep 24 10:35:55 2008 +0200 asus-laptop: Fix the led behavior with value > 1 commit e3deda9c87ac5eef2b5d18cd0b5511370979ca26 upstream. Fix http://bugzilla.kernel.org/show_bug.cgi?id=11613 . Signed-off-by: Corentin Chary Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit 1a93dbaa7554329cf1173b96c92721f6d326de94 Author: Torsten Krah Date: Fri Oct 17 09:47:57 2008 +0200 asus-laptop: Add support for P30/P35 commit 4d0b856ef7eea5c03f4c1fa57793286ac068f4cd upstream. Add support for P30/P35. http://bugzilla.kernel.org/show_bug.cgi?id=10848 Signed-off-by: Corentin Chary Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit 870346e874245447a5097bc1513acb45478c0a7a Author: Bob Moore Date: Fri Jul 4 10:56:13 2008 +0800 ACPICA: Fix wrong resource descriptor length for 64-bit build commit 9db4fcd99f7ef886ded97cd26a8642c70fbe34df upstream. The "minimal" descriptors such as EndTag are calculated as 12 bytes long, but the actual length in the internal descriptor is 16 because of the round-up to 8 on 64-bit build. http://www.acpica.org/bugzilla/show_bug.cgi?id=728 Signed-off-by: Bob Moore Signed-off-by: Lin Ming Signed-off-by: Andi Kleen Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit c17b1f3e00077f32e6369f750c491c00e08e23f5 Author: Alexey Starikovskiy Date: Mon Nov 3 14:26:40 2008 -0500 ACPI EC: Fix regression due to use of uninitialized variable commit d21cf3c16b1191f3154a51e0b20c82bf851cc553 upstream. breakage introduced by following patch commit 27663c5855b10af9ec67bc7dfba001426ba21222 Author: Matthew Wilcox Date: Fri Oct 10 02:22:59 2008 -0400 acpi_evaluate_integer() does not clear passed variable if there is an error at evaluation. So if we ignore error, we must supply initialized variable. http://bugzilla.kernel.org/show_bug.cgi?id=11917 Signed-off-by: Alexey Starikovskiy Tested-by: Alan Jenkins Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit 9db287c1a187d68dab05c1823265baffa47c6297 Author: Thomas Renninger Date: Tue Jan 27 17:38:52 2009 +0100 ACPI: Fix compiler warnings introduced by 32 to 64 bit acpi conversions commit: 27663c5855b10af9ec67bc7dfba001426ba21222 forgot to convert things at two prints. Cc: Matthew Wilcox Cc: Len Brown Signed-off-by: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit f52ec8df5a440a438ed4b151c297f0295f8bbe21 Author: Matthew Wilcox Date: Tue Jan 27 17:38:51 2009 +0100 ACPI: Change acpi_evaluate_integer to support 64-bit on 32-bit kernels commit 27663c5855b10af9ec67bc7dfba001426ba21222 upstream As of version 2.0, ACPI can return 64-bit integers. The current acpi_evaluate_integer only supports 64-bit integers on 64-bit platforms. Change the argument to take a pointer to an acpi_integer so we support 64-bit integers on all platforms. lenb: replaced use of "acpi_integer" with "unsigned long long" lenb: fixed bug in acpi_thermal_trips_update() Signed-off-by: Matthew Wilcox Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit 7bfa098b4d7ba5459b2a9380448bd23aa3efe033 Author: Fiodor Suietov Date: Tue Jan 27 17:38:50 2009 +0100 ACPICA: Add check for invalid handle in acpi_get_object_info commit 237a927682a63f02adb542dbdaafe8a81566451d upstream Return AE_BAD_PARAMETER if input handle is invalid. http://www.acpica.org/bugzilla/show_bug.cgi?id=474 Signed-off-by: Fiodor Suietov Signed-off-by: Bob Moore Signed-off-by: Lin Ming Signed-off-by: Andi Kleen Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit 622a88ec79861a7576949142a9191de6f52a6da2 Author: Lin Ming Date: Tue Jan 27 17:38:49 2009 +0100 ACPICA: Fixed a couple memory leaks associated with "implicit return" commit d8a0ec914afa1a994d2f6184ac4c6668b5f8068f upstream Fixed a couple memory leaks associated with "implicit return" objects when the AML Interpreter slack mode is enabled. http://www.acpica.org/bugzilla/show_bug.cgi?id=349 Signed-off-by: Lin Ming Signed-off-by: Bob Moore Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit 995e929573c15b2cea0a531c124df3c721fc24d1 Author: Zhao Yakui Date: Mon Aug 11 14:54:16 2008 +0800 ACPI: Attach the ACPI device to the ACPI handle as early as possible commit eab4b645769fa2f8703f5a3cb0cc4ac090d347af upstream. Attach the ACPI device to the ACPI handle as early as possible so that OS can get the corresponding ACPI device by the acpi handle in the course of getting the power/wakeup/performance flags. http://bugzilla.kernel.org/show_bug.cgi?id=8049 http://bugzilla.kernel.org/show_bug.cgi?id=11000 Signed-off-by: Zhao Yakui Signed-off-by: Zhang Rui Signed-off-by: Andi Kleen Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit 3b9720cedb49b94ca1f9523da9f7c76647878b5a Author: Zhao Yakui Date: Sun Jan 4 12:04:21 2009 +0800 ACPI: Avoid array address overflow when _CST MWAIT hint bits are set commit 13b40a1a065824d2d4e55c8b48ea9f3f9d162929 upstream. The Cx Register address obtained from the _CST object is used as the MWAIT hints if the register type is FFixedHW. And it is used to check whether the Cx type is supported or not. On some boxes the following Cx state package is obtained from _CST object: >{ ResourceTemplate () { Register (FFixedHW, 0x01, // Bit Width 0x02, // Bit Offset 0x0000000000889759, // Address 0x03, // Access Size ) }, 0x03, 0xF5, 0x015E } In such case we should use the bit[7:4] of Cx address to check whether the Cx type is supported or not. mask the MWAIT hint to avoid array address overflow Signed-off-by: Zhao Yakui Acked-by:Venki Pallipadi Signed-off-by: Len Brown Cc: Thomas Renninger commit 3157bb44c4d5d1c0b8808c13a4b4264f78f0cb8d Author: Venkatesh Pallipadi Date: Tue Jan 27 17:38:46 2009 +0100 cpuidle: Add decaying history logic to menu idle predictor commit 816bb611e41be29b476dc16f6297eb551bf4d747 upstream Add decaying history of predicted idle time, instead of using the last early wakeup. This logic helps menu governor do better job of predicting idle time. With this change, we also measured noticable (~8%) power savings on a DP server system with CPUs supporting deep C states, when system was lightly loaded. There was no change to power or perf on other load conditions. Signed-off-by: Venkatesh Pallipadi Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit 7e703f5777cc32d55a8d926df51fd3a07a4ee3d9 Author: Venkatesh Pallipadi Date: Tue Jan 27 17:38:45 2009 +0100 cpuidle: use last_state which can reflect the actual state entered commit 887e301aa1105326f1412a98749024263b1031c7 upstream cpuidle accounts the idle time for the C-state it was trying to enter and not to the actual state that the driver eventually entered. The driver may select a different state than the one chosen by cpuidle due to constraints like bus-mastering, etc. Change the time acounting code to look at the dev->last_state after returning from target_state->enter(). Driver can modify dev->last_state internally, inside the enter routine to reflect the actual C-state entered. Signed-off-by: Venkatesh Pallipadi Tested-by: Kevin Hilman Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit 7ab17915a271c29a7b8ca0383597a80866cf023c Author: Venkatesh Pallipadi Date: Tue Jan 27 17:38:44 2009 +0100 cpuidle: upon BIOS bug, default to default_idle rather than polling commit 89cedfefca1d446ee2598fd3bcbb23ee3802e26a upstream http://bugzilla.kernel.org/show_bug.cgi?id=11345 Signed-off-by: Venkatesh Pallipadi Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit fc2e4009300088813c3be2de80b01ddc2399999e Author: Venkatesh Pallipadi Date: Tue Jan 27 17:38:43 2009 +0100 cpuidle: update the last_state acpi cpuidle reflecting actual state entered commit addbad46ed0906cd584784423b9d0babc7476446 reflect the actual state entered in dev->last_state, when actaul state entered is different from intended one. Signed-off-by: Venkatesh Pallipadi Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit dcc66ea99edf129459fad800d09d65deecaf8e7b Author: Suresh Siddha Date: Wed Jan 28 17:03:01 2009 -0800 x86: fix page attribute corruption with cpa() commit a1e46212a410793d575718818e81ddc442a65283 upstream. Impact: fix sporadic slowdowns and warning messages This patch fixes a performance issue reported by Linus on his Nehalem system. While Linus reverted the PAT patch (commit 58dab916dfb57328d50deb0aa9b3fc92efa248ff) which exposed the issue, existing cpa() code can potentially still cause wrong(page attribute corruption) behavior. This patch also fixes the "WARNING: at arch/x86/mm/pageattr.c:560" that various people reported. In 64bit kernel, kernel identity mapping might have holes depending on the available memory and how e820 reports the address range covering the RAM, ACPI, PCI reserved regions. If there is a 2MB/1GB hole in the address range that is not listed by e820 entries, kernel identity mapping will have a corresponding hole in its 1-1 identity mapping. If cpa() happens on the kernel identity mapping which falls into these holes, existing code fails like this: __change_page_attr_set_clr() __change_page_attr() returns 0 because of if (!kpte). But doesn't set cpa->numpages and cpa->pfn. cpa_process_alias() uses uninitialized cpa->pfn (random value) which can potentially lead to changing the page attribute of kernel text/data, kernel identity mapping of RAM pages etc. oops! This bug was easily exposed by another PAT patch which was doing cpa() more often on kernel identity mapping holes (physical range between max_low_pfn_mapped and 4GB), where in here it was setting the cache disable attribute(PCD) for kernel identity mappings aswell. Fix cpa() to handle the kernel identity mapping holes. Retain the WARN() for cpa() calls to other not present address ranges (kernel-text/data, ioremap() addresses) Signed-off-by: Suresh Siddha Signed-off-by: Venkatesh Pallipadi Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit 834fd53eabb313a8c8d1ed92ecb66a1314146bf7 Author: Karl Bongers Date: Thu Jan 29 18:37:38 2009 +0100 USB: isp1760: Fix probe in PCI glue code This is the backported version of the upstream commit Stefan Bader did the backport Contains fixes so probe on x86 PCI runs, apparently I'm first to try this. Several fixes to memory access to probe host scratch register. Previously would bug check on chip_addr var used uninitialized. Scratch reg write failed in one instance due to 16-bit initial access mode, so added "& 0x0000ffff" to the readl as fix. Includes some general cleanup - remove global vars, organize memory map resource use. Signed-off-by: Karl Bongers Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Stefan Bader Signed-off-by: Greg Kroah-Hartman commit 0cb2fbb804d48fbbb30c6c08b3dbe6d727bfa72f Author: Tejun Heo Date: Sun Feb 1 10:56:31 2009 +0900 sata_nv: ck804 has borked hardreset too commit 8d993eaa9c3c61b8a5929a7f695078a1fcfb4869 upstream. While playing with nvraid, I found out that rmmoding and insmoding often trigger hardreset failure on the first port (the second one was always okay). Seriously, how diverse can you get with hardreset behaviors? Anyways, make ck804 use noclassify variant too. Signed-off-by: Tejun Heo Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman commit 50874841bb3af6d285d2fd4316a1ea86fa8e3738 Author: Tejun Heo Date: Sun Jan 25 11:29:38 2009 +0900 sata_nv: fix MCP5x reset commit 2d775708bc6613f1be47f1e720781343341ecc94 upstream. MCP5x family of controllers seem to share much more with nf2's as far as reset protocol is concerned. It requires heardreset to get the PHY going and classfication code report after hardreset is unreliable. Create a new board type MCP5x and use noclassify hardreset. SWNCQ is modified to inherit from this new type. This fixes hotplug regression reported in kernel bz#12351. Signed-off-by: Tejun Heo Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman commit d564c4e06bdb4f98089cfcf08e25812d3e4f85a1 Author: Tejun Heo Date: Sun Jan 25 11:25:22 2009 +0900 sata_nv: rename nv_nf2_hardreset() commit e8caa3c70e94d867ca2efe9e53fd388b52d6d0c8 upstream. nv_nf2_hardreset() will be used by other flavors too. Rename it to nv_noclassify_hardreset(). Signed-off-by: Tejun Heo Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman commit 4326eb09d53c8c5e4995bde12c09af77d3a94f53 Author: Seth Heasley Date: Fri Jan 23 12:43:38 2009 -0800 PCI: irq and pci_ids patch for Intel Tigerpoint DeviceIDs commit 57064d213d2e44654d4f13c66df135b5e7389a26 upstream. This patch adds the Intel Tigerpoint LPC Controller DeviceIDs. Signed-off-by: Seth Heasley Signed-off-by: Jesse Barnes Signed-off-by: Greg Kroah-Hartman commit b4c278766f4281e9968cbbe81fd139a1a4991043 Author: Jeff Layton Date: Thu Jan 22 14:16:04 2009 -0500 nfsd: only set file_lock.fl_lmops in nfsd4_lockt if a stateowner is found commit fa82a491275a613b15489aab4b99acecb00958d3 upstream. nfsd4_lockt does a search for a lockstateowner when building the lock struct to test. If one is found, it'll set fl_owner to it. Regardless of whether that happens, it'll also set fl_lmops. Given that this lock is basically a "lightweight" lock that's just used for checking conflicts, setting fl_lmops is probably not appropriate for it. This behavior exposed a bug in DLM's GETLK implementation where it wasn't clearing out the fields in the file_lock before filling in conflicting lock info. While we were able to fix this in DLM, it still seems pointless and dangerous to set the fl_lmops this way when we may have a NULL lockstateowner. Signed-off-by: Jeff Layton Signed-off-by: J. Bruce Fields Signed-off-by: Greg Kroah-Hartman commit 8f014c81fac572256eaeff5ac31e8f58d1888ab1 Author: J. Bruce Fields Date: Sat Dec 20 11:58:38 2008 -0800 nfsd: Ensure nfsv4 calls the underlying filesystem on LOCKT commit 55ef1274dddd4de387c54d110e354ffbb6cdc706 upstream. Since nfsv4 allows LOCKT without an open, but the ->lock() method is a file method, we fake up a struct file in the nfsv4 code with just the fields we need initialized. But we forgot to initialize the file operations, with the result that LOCKT never results in a call to the filesystem's ->lock() method (if it exists). We could just add that one more initialization. But this hack of faking up a struct file with only some fields initialized seems the kind of thing that might cause more problems in the future. We should either do an open and get a real struct file, or make lock-testing an inode (not a file) method. This patch does the former. Reported-by: Marc Eshel Tested-by: Marc Eshel Signed-off-by: J. Bruce Fields Signed-off-by: Greg Kroah-Hartman commit 7d6c1e66f7bfcebb9d70f91731071f24a22e1a71 Author: Patrick McHardy Date: Tue Nov 4 14:49:57 2008 -0800 net: fix packet socket delivery in rx irq handler commit 9b22ea560957de1484e6b3e8538f7eef202e3596 upstream. The changes to deliver hardware accelerated VLAN packets to packet sockets (commit bc1d0411) caused a warning for non-NAPI drivers. The __vlan_hwaccel_rx() function is called directly from the drivers RX function, for non-NAPI drivers that means its still in RX IRQ context: [ 27.779463] ------------[ cut here ]------------ [ 27.779509] WARNING: at kernel/softirq.c:136 local_bh_enable+0x37/0x81() ... [ 27.782520] [] netif_nit_deliver+0x5b/0x75 [ 27.782590] [] __vlan_hwaccel_rx+0x79/0x162 [ 27.782664] [] atl1_intr+0x9a9/0xa7c [atl1] [ 27.782738] [] handle_IRQ_event+0x23/0x51 [ 27.782808] [] handle_edge_irq+0xc2/0x102 [ 27.782878] [] do_IRQ+0x4d/0x64 Split hardware accelerated VLAN reception into two parts to fix this: - __vlan_hwaccel_rx just stores the VLAN TCI and performs the VLAN device lookup, then calls netif_receive_skb()/netif_rx() - vlan_hwaccel_do_receive(), which is invoked by netif_receive_skb() in softirq context, performs the real reception and delivery to packet sockets. Reported-and-tested-by: Ramon Casellas Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller Cc: Jesse Brandeburg Signed-off-by: Greg Kroah-Hartman commit cc7187e7b5e7f1e6dbefe75cf7b798e065933e4a Author: Stuart Hopkins Date: Sat Dec 20 04:12:33 2008 -0500 Input: atkbd - Samsung NC10 key repeat fix commit 4200844bd9dc511088258437d564a187f0ffc94e upstream. This patch fixes the key repeat issue with the Fn+F? keys on the new Samsung NC10 Netbook, so that the keys can be defined and used within ACPID correctly, otherwise the keys repeat indefinately. This solves part of http://bugzilla.kernel.org/show_bug.cgi?id=12021 Signed-off-by: Stuart Hopkins Signed-off-by: Dmitry Torokhov Cc: Chuck Ebbert Signed-off-by: Greg Kroah-Hartman commit c317f779676cf7226d3a8185a5fc8cd4bc58c2de Author: Matthew Garrett Date: Tue Dec 30 00:43:11 2008 -0800 Input: atkbd - broaden the Dell DMI signatures commit 2a3ec3265741c3b2a7ebbd1b33f538e5a5583c48 upstream. Some Dells need the dell input quirk applied but have a different vendor string in their DMI tables. Add an extra entry to cover these machines as well. Signed-off-by: Matthew Garrett Signed-off-by: Dmitry Torokhov Cc: Chuck Ebbert Signed-off-by: Greg Kroah-Hartman commit 29213e5505e77c76b1d528404f981a621297cfd1 Author: Mikulas Patocka Date: Fri Jan 30 15:27:14 2009 -0500 Fix memory corruption in console selection commit 878b8619f711280fd05845e21956434b5e588cc4 upstream. Fix an off-by-two memory error in console selection. The loop below goes from sel_start to sel_end (inclusive), so it writes one more character. This one more character was added to the allocated size (+1), but it was not multiplied by an UTF-8 multiplier. This patch fixes a memory corruption when UTF-8 console is used and the user selects a few characters, all of them 3-byte in UTF-8 (for example a frame line). When memory redzones are enabled, a redzone corruption is reported. When they are not enabled, trashing of random memory occurs. Signed-off-by: Mikulas Patocka Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 94eebffcf94729a92344dcfb1bc58ec1d830c5d2 Author: Risto Suominen Date: Tue Jan 13 20:09:30 2009 +0000 fbdev/atyfb: Fix DSP config on some PowerMacs & PowerBooks commit 7fbb7cadd062baf299fd8b26a80ea99da0c3fe01 upstream. Since the complete re-write in 2.6.10, some PowerMacs (At least PowerMac 5500 and PowerMac G3 Beige rev A) with ATI Mach64 chip have suffered from unstable columns in their framebuffer image. This seems to depend on a value (4) read from PLL_EXT_CNTL register, which leads to incorrect DSP config parameters to be written to the chip. This patch uses a value calculated by aty_init_pll_ct instead, as a starting point. There are questions as to whether this should be extended to other platforms or maybe made dependent on specific chip types, but in the meantime, this has been tested on various powermacs and works for them so let's commit it. Signed-off-by: Risto Suominen Tested-by: Michael Pettersson Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Greg Kroah-Hartman commit 8e9c63009d8bef93ec4c1d7ca8c97839423114c7 Author: Paul Larson Date: Fri Jan 30 10:21:49 2009 -0600 Add enable_ms to jsm driver commit 0461ec5bc7745b89a8ab67ba0ea497abd58a6301 upstream. This fixes a crash observed when non-existant enable_ms function is called for jsm driver. Signed-off-by: Scott Kilau Signed-off-by: Paul Larson Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 0d7fbf8ae56d28b9bfbc1c42decdf2a812715066 Author: Andi Kleen Date: Fri Jan 16 15:22:11 2009 +0100 x86: use early clobbers in usercopy*.c commit e0a96129db574d6365e3439d16d88517c437ab33 upstream. Impact: fix rare (but currently harmless) miscompile with certain configs and gcc versions Hugh Dickins noticed that strncpy_from_user() was miscompiled in some circumstances with gcc 4.3. Thanks to Hugh's excellent analysis it was easy to track down. Hugh writes: > Try building an x86_64 defconfig 2.6.29-rc1 kernel tree, > except not quite defconfig, switch CONFIG_PREEMPT_NONE=y > and CONFIG_PREEMPT_VOLUNTARY off (because it expands a > might_fault() there, which hides the issue): using a > gcc 4.3.2 (I've checked both openSUSE 11.1 and Fedora 10). > > It generates the following: > > 0000000000000000 <__strncpy_from_user>: > 0: 48 89 d1 mov %rdx,%rcx > 3: 48 85 c9 test %rcx,%rcx > 6: 74 0e je 16 <__strncpy_from_user+0x16> > 8: ac lods %ds:(%rsi),%al > 9: aa stos %al,%es:(%rdi) > a: 84 c0 test %al,%al > c: 74 05 je 13 <__strncpy_from_user+0x13> > e: 48 ff c9 dec %rcx > 11: 75 f5 jne 8 <__strncpy_from_user+0x8> > 13: 48 29 c9 sub %rcx,%rcx > 16: 48 89 c8 mov %rcx,%rax > 19: c3 retq > > Observe that "sub %rcx,%rcx; mov %rcx,%rax", whereas gcc 4.2.1 > (and many other configs) say "sub %rcx,%rdx; mov %rdx,%rax". > Isn't it returning 0 when it ought to be returning strlen? The asm constraints for the strncpy_from_user() result were missing an early clobber, which tells gcc that the last output arguments are written before all input arguments are read. Also add more early clobbers in the rest of the file and fix 32-bit usercopy.c in the same way. Signed-off-by: Andi Kleen Signed-off-by: H. Peter Anvin [ since this API is rarely used and no in-kernel user relies on a 'len' return value (they only rely on negative return values) this miscompile was never noticed in the field. But it's worth fixing it nevertheless. ] Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit c08c1b409d4b447477dd5c94b1c4c1987ea77dc3 Author: Mark Lord Date: Mon Jan 19 18:04:37 2009 -0500 sata_mv: fix 8-port timeouts on 508x/6081 chips commit b0bccb18bc523d1d5060d25958f12438062829a9 upstream. Fix a longstanding bug for the 8-port Marvell Sata controllers (508x/6081), where accesses to the upper 4 ports would cause lost-interrupts / timeouts for the lower 4-ports. With this patch, the 6081 boards should finally be reliable enough for mainstream use with Linux. Signed-off-by: Mark Lord Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman commit 0358c7852ced5f98ce1c9bbbdd4c791db7406585 Author: Adrian Bunk Date: Wed Oct 29 12:15:47 2008 +0200 m68knommu: set NO_DMA commit e0212e72186e855027dd35b37e9d7a99a078448c upstream. m68knommu does not set the Kconfig NO_DMA variable, but also does not provide the required functions, resulting in the following build error triggered by commit a40c24a13366e324bc0ff8c3bb107db89312c984 (net: Add SKB DMA mapping helper functions.): <-- snip --> .. LD vmlinux net/built-in.o: In function `skb_dma_unmap': (.text+0xac5e): undefined reference to `dma_unmap_single' net/built-in.o: In function `skb_dma_unmap': (.text+0xac7a): undefined reference to `dma_unmap_page' net/built-in.o: In function `skb_dma_map': (.text+0xacdc): undefined reference to `dma_map_single' net/built-in.o: In function `skb_dma_map': (.text+0xace8): undefined reference to `dma_mapping_error' net/built-in.o: In function `skb_dma_map': (.text+0xad10): undefined reference to `dma_map_page' net/built-in.o: In function `skb_dma_map': (.text+0xad82): undefined reference to `dma_unmap_page' net/built-in.o: In function `skb_dma_map': (.text+0xadc6): undefined reference to `dma_unmap_single' make[1]: *** [vmlinux] Error 1 <-- snip --> Signed-off-by: Adrian Bunk Signed-off-by: Greg Ungerer Signed-off-by: Greg Kroah-Hartman commit 7fe09db5ae3d18b0915d6c0ef3d55a004e16e267 Author: Brandeburg, Jesse Date: Tue Sep 30 13:08:48 2008 +0000 ixgb: fix bug when freeing resources commit 23e55a32ca1ffdbe7a492ef99f0e0ac48e504a13 upstream. It was pointed out by Breno Leitao that ixgb would crash on PPC when an IOMMU was in use, if change_mtu was called. It appears to be a pretty simple issue in the driver that wasn't discovered because most systems don't run with an IOMMU. The driver needs to only unmap buffers that are mapped (duh). CC: Breno Leitao Signed-off-by: Jesse Brandeburg Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit b7b448e662a938360e546d22665c81ab62f6365a Author: Jeff Layton Date: Thu Jan 22 10:35:13 2009 -0500 cifs: make sure we allocate enough storage for socket address commit a9ac49d303f967be0dabd97cb722c4a13109c6c2 upstream. cifs_mount declares a struct sockaddr on the stack and then casts it to the proper address type. The storage allocated is fine for ipv4, but is too small for ipv6 addresses. Declare it as "struct sockaddr_storage" instead of struct sockaddr". This bug was manifesting itself as oopses and address corruption when mounting IPv6 addresses. Signed-off-by: Jeff Layton Tested-by: Stefan Bader Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman