commit 0687110b06ff817f612381a347918a0b7eecb380 Author: Greg Kroah-Hartman Date: Mon Nov 9 16:59:38 2009 -0800 Linux 2.6.27.39 commit 2f72dc5da58baa3012cb04ea2309ba0f7ef8f574 Author: Joerg Roedel Date: Fri Nov 6 11:50:26 2009 +0100 x86/amd-iommu: Workaround for erratum 63 commit c5cca146aa03e1f60fb179df65f0dbaf17bc64ed upstream. There is an erratum for IOMMU hardware which documents undefined behavior when forwarding SMI requests from peripherals and the DTE of that peripheral has a sysmgt value of 01b. This problem caused weird IO_PAGE_FAULTS in my case. This patch implements the suggested workaround for that erratum into the AMD IOMMU driver. The erratum is documented with number 63. Signed-off-by: Joerg Roedel Signed-off-by: Greg Kroah-Hartman commit 7c536f4b06b335490228376e236f1897acfc6924 Author: Joerg Roedel Date: Wed Oct 28 18:02:26 2009 +0100 x86/amd-iommu: Un__init function required on shutdown commit ca0207114f1708b563f510b7781a360ec5b98359 upstream. The function iommu_feature_disable is required on system shutdown to disable the IOMMU but it is marked as __init. This may result in a panic if the memory is reused. This patch fixes this bug. Signed-off-by: Joerg Roedel Signed-off-by: Greg Kroah-Hartman commit 3d364e6533516b915af98317cd555ecd85073503 Author: Jiri Bohac Date: Wed Oct 28 22:23:54 2009 -0700 bonding: fix a race condition in calls to slave MII ioctls commit d9d5283228d0c752f199c901fff6e1405dc91bcb upstream. In mii monitor mode, bond_check_dev_link() calls the the ioctl handler of slave devices. It stores the ndo_do_ioctl function pointer to a static (!) ioctl variable and later uses it to call the handler with the IOCTL macro. If another thread executes bond_check_dev_link() at the same time (even with a different bond, which none of the locks prevent), a race condition occurs. If the two racing slaves have different drivers, this may result in one driver's ioctl handler being called with a pointer to a net_device controlled with a different driver, resulting in unpredictable breakage. Unless I am overlooking something, the "static" must be a copy'n'paste error (?). Signed-off-by: Jiri Bohac Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 71e2f32b6006fcef62578fb5bb7ba025a85a2d44 Author: Peter Zijlstra Date: Fri Aug 8 21:47:09 2008 +0200 printk: robustify printk commit b845b517b5e3706a3729f6ea83b88ab85f0725b0 upstream. Avoid deadlocks against rq->lock and xtime_lock by deferring the klogd wakeup by polling from the timer tick. Signed-off-by: Peter Zijlstra Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit e3a7dfadd027458955f0783ba19d99c096b1b572 Author: Trond Myklebust Date: Mon Oct 26 08:09:46 2009 -0400 NFSv4: The link() operation should return any delegation on the file commit 9a3936aac133037f65124fcb2d676a6c201a90a4 upstream. Otherwise, we have to wait for the server to recall it. Signed-off-by: Trond Myklebust Signed-off-by: Greg Kroah-Hartman commit 23c8301ad483e9453a86dca14a6f729e5bc03885 Author: Trond Myklebust Date: Tue Jul 21 19:22:38 2009 -0400 NFSv4: Fix a problem whereby a buggy server can oops the kernel commit d953126a28f97ec965d23c69fd5795854c048f30 upstream. We just had a case in which a buggy server occasionally returns the wrong attributes during an OPEN call. While the client does catch this sort of condition in nfs4_open_done(), and causes the nfs4_atomic_open() to return -EISDIR, the logic in nfs_atomic_lookup() is broken, since it causes a fallback to an ordinary lookup instead of just returning the error. When the buggy server then returns a regular file for the fallback lookup, the VFS allows the open, and bad things start to happen, since the open file doesn't have any associated NFSv4 state. The fix is firstly to return the EISDIR/ENOTDIR errors immediately, and secondly to ensure that we are always careful when dereferencing the nfs_open_context state pointer. Signed-off-by: Trond Myklebust Signed-off-by: Greg Kroah-Hartman commit b8dc9d1b7ffc843ee9dcb697c72b057bee082fc8 Author: Trond Myklebust Date: Thu Oct 8 11:50:55 2009 -0400 NFSv4: Kill nfs4_renewd_prepare_shutdown() commit 3050141bae57984dd660e6861632ccf9b8bca77e upstream. The NFSv4 renew daemon is shared between all active super blocks that refer to a particular NFS server, so it is wrong to be shutting it down in nfs4_kill_super every time a super block is destroyed. This patch therefore kills nfs4_renewd_prepare_shutdown altogether, and leaves it up to nfs4_shutdown_client() to also shut down the renew daemon by means of the existing call to nfs4_kill_renewd(). Signed-off-by: Trond Myklebust Signed-off-by: Greg Kroah-Hartman commit ecb50328c9d53fb06a01734a12ce70748747feac Author: Ben Hutchings Date: Tue Oct 6 15:42:18 2009 -0400 nfs: Avoid overrun when copying client IP address string commit f4373bf9e67e4a653c8854acd7b02dac9714c98a upstream. As seen in , nfs4_init_client() can overrun the source string when copying the client IP address from nfs_parsed_mount_data::client_address to nfs_client::cl_ipaddr. Since these are both treated as null-terminated strings elsewhere, the copy should be done with strlcpy() not memcpy(). Signed-off-by: Ben Hutchings Signed-off-by: Trond Myklebust Signed-off-by: Greg Kroah-Hartman commit b5d2222fa553a000577326fd2ea65d401f4ac000 Author: Trond Myklebust Date: Fri Oct 23 14:46:42 2009 -0400 NFSv4: Fix a bug when the server returns NFS4ERR_RESOURCE commit 52567b03ca38b6e556ced450d64dba8d66e23b0e upstream. RFC 3530 states that when we recieve the error NFS4ERR_RESOURCE, we are not supposed to bump the sequence number on OPEN, LOCK, LOCKU, CLOSE, etc operations. The problem is that we map that error into EREMOTEIO in the XDR layer, and so the NFSv4 middle-layer routines like seqid_mutating_err(), and nfs_increment_seqid() don't recognise it. The fix is to defer the mapping until after the middle layers have processed the error. Signed-off-by: Trond Myklebust Signed-off-by: Greg Kroah-Hartman commit 8107fe51452d9213d5442a368ce710681b0c88c9 Author: Terry Loftin Date: Thu Oct 22 21:36:01 2009 -0400 nfs: Panic when commit fails commit a8b40bc7e635831b61c43acc71a86d3a68b2dff0 upstream. Actually pass the NFS_FILE_SYNC option to the server to avoid a Panic in nfs_direct_write_complete() when a commit fails. At the end of an nfs write, if the nfs commit fails, all the writes will be rescheduled. They are supposed to be rescheduled as NFS_FILE_SYNC writes, but the rpc_task structure is not completely intialized and so the option is not passed. When the rescheduled writes complete, the return indicates that they are NFS_UNSTABLE and we try to do another commit. This leads to a Panic because the commit data structure pointer was set to null in the initial (failed) commit attempt. Signed-off-by: Terry Loftin Signed-off-by: Trond Myklebust Signed-off-by: Greg Kroah-Hartman commit d4f9442f8805df2d235b446e3e7fe53f2f3d232e Author: Samuel Ortiz Date: Wed Dec 17 15:44:58 2008 -0800 irda: Add irda_skb_cb qdisc related padding commit 69c30e1e7492192f882a3fc11888b320fde5206a upstream. We need to pad irda_skb_cb in order to keep it safe accross dev_queue_xmit() calls. This is some ugly and temporary hack triggered by recent qisc code changes. Even though it fixes bugzilla.kernel.org bug #11795, it will be replaced by a proper fix before 2.6.29 is released. Signed-off-by: Samuel Ortiz Signed-off-by: David S. Miller Cc: Chuck Ebbert Signed-off-by: Greg Kroah-Hartman commit 997138858db742022a87db305136f7e44d50c3b1 Author: Avi Kivity Date: Sun Oct 4 16:45:13 2009 +0200 KVM: Prevent overflow in KVM_GET_SUPPORTED_CPUID (CVE-2009-3638) commit 6a54435560efdab1a08f429a954df4d6c740bddf upstream. The number of entries is multiplied by the entry size, which can overflow on 32-bit hosts. Bound the entry count instead. Reported-by: David Wagner Signed-off-by: Avi Kivity Cc: Chuck Ebbert Signed-off-by: Greg Kroah-Hartman commit c10b1aca87daa6765146d251defa37e5c7109f15 Author: Jiri Pirko Date: Thu Oct 8 01:21:46 2009 -0700 netlink: fix typo in initialization (CVE-2009-3612) commit ad61df918c44316940404891d5082c63e79c256a upstream. Commit 9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8 ("[NETLINK]: Missing initializations in dumped data") introduced a typo in initialization. This patch fixes this. Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller Cc: Chuck Ebbert Signed-off-by: Greg Kroah-Hartman commit 6bf956e1ab1a292ef04de8d718767813e8a21140 Author: Arnaldo Carvalho de Melo Date: Mon Oct 26 14:36:45 2009 -0400 appletalk: Fix skb leak when ipddp interface is not loaded (CVE-2009-2903) commit ffcfb8db540ff879c2a85bf7e404954281443414 upstream appletalk: Fix skb leak when ipddp interface is not loaded [ backport to 2.6.27 : Chuck Ebbert Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: David S. Miller Cc: Chuck Ebbert Signed-off-by: Greg Kroah-Hartman commit 7be3b35420ebca1359a874c474bb5d3703435c0b Author: Tomoki Sekiyama Date: Sun Oct 18 23:17:37 2009 -0700 AF_UNIX: Fix deadlock on connecting to shutdown socket (CVE-2009-3621) commit 77238f2b942b38ab4e7f3aced44084493e4a8675 upstream. I found a deadlock bug in UNIX domain socket, which makes able to DoS attack against the local machine by non-root users. How to reproduce: 1. Make a listening AF_UNIX/SOCK_STREAM socket with an abstruct namespace(*), and shutdown(2) it. 2. Repeat connect(2)ing to the listening socket from the other sockets until the connection backlog is full-filled. 3. connect(2) takes the CPU forever. If every core is taken, the system hangs. PoC code: (Run as many times as cores on SMP machines.) int main(void) { int ret; int csd; int lsd; struct sockaddr_un sun; /* make an abstruct name address (*) */ memset(&sun, 0, sizeof(sun)); sun.sun_family = PF_UNIX; sprintf(&sun.sun_path[1], "%d", getpid()); /* create the listening socket and shutdown */ lsd = socket(AF_UNIX, SOCK_STREAM, 0); bind(lsd, (struct sockaddr *)&sun, sizeof(sun)); listen(lsd, 1); shutdown(lsd, SHUT_RDWR); /* connect loop */ alarm(15); /* forcely exit the loop after 15 sec */ for (;;) { csd = socket(AF_UNIX, SOCK_STREAM, 0); ret = connect(csd, (struct sockaddr *)&sun, sizeof(sun)); if (-1 == ret) { perror("connect()"); break; } puts("Connection OK"); } return 0; } (*) Make sun_path[0] = 0 to use the abstruct namespace. If a file-based socket is used, the system doesn't deadlock because of context switches in the file system layer. Why this happens: Error checks between unix_socket_connect() and unix_wait_for_peer() are inconsistent. The former calls the latter to wait until the backlog is processed. Despite the latter returns without doing anything when the socket is shutdown, the former doesn't check the shutdown state and just retries calling the latter forever. Patch: The patch below adds shutdown check into unix_socket_connect(), so connect(2) to the shutdown socket will return -ECONREFUSED. Signed-off-by: Tomoki Sekiyama Signed-off-by: Masanori Yoshida Cc: Chuck Ebbert Signed-off-by: David S. Miller commit 91d5ee32e8562dbb2cb801e85d15f39a81849147 Author: Jan Beulich Date: Mon Oct 26 15:20:29 2009 +0000 x86-64: Fix register leak in 32-bit syscall audting commit 81766741fe1eee3884219e8daaf03f466f2ed52f upstream. Restoring %ebp after the call to audit_syscall_exit() is not only unnecessary (because the register didn't get clobbered), but in the sysenter case wasn't even doing the right thing: It loaded %ebp from a location below the top of stack (RBP < ARGOFFSET), i.e. arbitrary kernel data got passed back to user mode in the register. Signed-off-by: Jan Beulich Acked-by: Roland McGrath LKML-Reference: <4AE5CC4D020000780001BD13@vpn.id2.novell.com> Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit c632a72c55ac1621f8e15f69ed35ee1cec3dd6f2 Author: Alan Cox Date: Thu Oct 29 12:16:22 2009 +0000 tty: Mark generic_serial users as BROKEN commit 412145947adfca60a4b5b4893fbae82dffa25edd upstream. There isn't much else I can do with these. I can find no hardware for any of them and no users. The code is broken. Signed-off-by: Alan Cox Signed-off-by: Greg Kroah-Hartman commit 36a6ff74c7e6e20ac00dfe8432fddc37febfaee1 Author: Len Brown Date: Sat Sep 5 13:33:23 2009 -0400 Revert "ACPI: Attach the ACPI device to the ACPI handle as early as possible" commit f61f925859c57f6175082aeeee17743c68558a6e upstream. This reverts commit eab4b645769fa2f8703f5a3cb0cc4ac090d347af. http://bugzilla.kernel.org/show_bug.cgi?id=13002 Signed-off-by: Len Brown Cc: Chuck Ebbert Signed-off-by: Greg Kroah-Hartman commit 466bf8f200f6586eff838566e6e40dbc448dd8e4 Author: Alan Cox Date: Tue Oct 27 15:35:55 2009 +0000 ray_cs: Fix copy_from_user handling commit 575c9ed7798218dc923f319c0d78f0c25ca506b9 upstream. I've not touched the other stuff here but the word "locking" comes to mind. Signed-off-by: Alan Cox Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit ce25e35ebeaa56e566acbd1739a7c371ad5cd0c1 Author: KOSAKI Motohiro Date: Mon Oct 26 16:49:58 2009 -0700 mbind(): fix leak of never putback pages commit ab8a3e14e6f8e567560f664bbd29aefb306a274e upstream. If mbind() receives an invalid address, do_mbind leaks a page. The following test program detects this leak. This patch fixes it. migrate_efault.c ======================================= #include #include #include #include #include #include #include static unsigned long pagesize; static void* make_hole_mapping(void) { void* addr; addr = mmap(NULL, pagesize*3, PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, 0, 0); if (addr == MAP_FAILED) return NULL; /* make page populate */ memset(addr, 0, pagesize*3); /* make memory hole */ munmap(addr+pagesize, pagesize); return addr; } int main(int argc, char** argv) { void* addr; int ch; int node; struct bitmask *nmask = numa_allocate_nodemask(); int err; int node_set = 0; while ((ch = getopt(argc, argv, "n:")) != -1){ switch (ch){ case 'n': node = strtol(optarg, NULL, 0); numa_bitmask_setbit(nmask, node); node_set = 1; break; default: ; } } argc -= optind; argv += optind; if (!node_set) numa_bitmask_setbit(nmask, 0); pagesize = getpagesize(); addr = make_hole_mapping(); err = mbind(addr, pagesize*3, MPOL_BIND, nmask->maskp, nmask->size, MPOL_MF_MOVE_ALL); if (err) perror("mbind "); return 0; } ======================================= Signed-off-by: KOSAKI Motohiro Acked-by: Christoph Lameter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 6e6276689ca89240c8faa575b64a36b356d7b8ab Author: David Woodhouse Date: Fri Oct 30 17:45:14 2009 +0000 libertas if_usb: Fix crash on 64-bit machines commit e9024a059f2c17fb2bfab212ee9d31511d7b8e57 upstream. On a 64-bit kernel, skb->tail is an offset, not a pointer. The libertas usb driver passes it to usb_fill_bulk_urb() anyway, causing interesting crashes. Fix that by using skb->data instead. This highlights a problem with usb_fill_bulk_urb(). It doesn't notice when dma_map_single() fails and return the error to its caller as it should. In fact it _can't_ currently return the error, since it returns void. So this problem was showing up only at unmap time, after we'd already suffered memory corruption by doing DMA to a bogus address. Signed-off-by: David Woodhouse Acked-by: David S. Miller Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 30aae6d58a0cc3447ca149de5b73769d6206477a Author: Tejun Heo Date: Fri Oct 16 13:00:51 2009 +0900 libata: fix internal command failure handling commit f4b31db92d163df8a639f5a8c8633bdeb6e8432d upstream. When an internal command fails, it should be failed directly without invoking EH. In the original implemetation, this was accomplished by letting internal command bypass failure handling in ata_qc_complete(). However, later changes added post-successful-completion handling to that code path and the success path is no longer adequate as internal command failure path. One of the visible problems is that internal command failure due to timeout or other freeze conditions would spuriously trigger WARN_ON_ONCE() in the success path. This patch updates failure path such that internal command failure handling is contained there. Signed-off-by: Tejun Heo Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman commit 506d32b08b4cf1c048c4908820bea6ce94592ea5 Author: Dmitry Torokhov Date: Mon Oct 12 21:35:00 2009 -0700 Input: synaptics - add another Protege M300 to rate blacklist commit 5f5eeff4c93256ee93435a3bf08cf18c45e9a994 upstream. Apparently some of Toshiba Protege M300 identify themselves as "Portable PC" in DMI so we need to add that to the DMI table as well. We need DMI data so we can automatically lower Synaptics reporting rate from 80 to 40 pps to avoid over-taxing their keyboard controllers. Tested-by: Rod Davison Signed-off-by: Dmitry Torokhov Signed-off-by: Greg Kroah-Hartman commit 6a3cb5b0d5927bc4b54ed5138920be6e4b3c86ad Author: Ben Hutchings Date: Mon Oct 26 16:49:51 2009 -0700 hfsplus: refuse to mount volumes larger than 2TB commit 5c36fe3d87b3f0c85894a49193c66096a3d6b26f upstream. As found in , hfsplus is using type u32 rather than sector_t for some sector number calculations. In particular, hfsplus_get_block() does: u32 ablock, dblock, mask; ... map_bh(bh_result, sb, (dblock << HFSPLUS_SB(sb).fs_shift) + HFSPLUS_SB(sb).blockoffset + (iblock & mask)); I am not confident that I can find and fix all cases where a sector number may be truncated. For now, avoid data loss by refusing to mount HFS+ volumes with more than 2^32 sectors (2TB). [akpm@linux-foundation.org: fix 32 and 64-bit issues] Signed-off-by: Ben Hutchings Cc: Eric Sesterhenn Cc: Roman Zippel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit e2198f52308f469ff781567f2a6f20d48fc06032 Author: Earl Chew Date: Mon Oct 19 15:55:41 2009 -0700 fs: pipe.c null pointer dereference commit ad3960243e55320d74195fb85c975e0a8cc4466c upstream. This patch fixes a null pointer exception in pipe_rdwr_open() which generates the stack trace: > Unable to handle kernel NULL pointer dereference at 0000000000000028 RIP: > [] pipe_rdwr_open+0x35/0x70 > [] __dentry_open+0x13c/0x230 > [] do_filp_open+0x2d/0x40 > [] do_sys_open+0x5a/0x100 > [] sysenter_do_call+0x1b/0x67 The failure mode is triggered by an attempt to open an anonymous pipe via /proc/pid/fd/* as exemplified by this script: ============================================================= while : ; do { echo y ; sleep 1 ; } | { while read ; do echo z$REPLY; done ; } & PID=$! OUT=$(ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID; } ) OUT="${OUT%% *}" DELAY=$((RANDOM * 1000 / 32768)) usleep $((DELAY * 1000 + RANDOM % 1000 )) echo n > /proc/$OUT/fd/1 # Trigger defect done ============================================================= Note that the failure window is quite small and I could only reliably reproduce the defect by inserting a small delay in pipe_rdwr_open(). For example: static int pipe_rdwr_open(struct inode *inode, struct file *filp) { msleep(100); mutex_lock(&inode->i_mutex); Although the defect was observed in pipe_rdwr_open(), I think it makes sense to replicate the change through all the pipe_*_open() functions. The core of the change is to verify that inode->i_pipe has not been released before attempting to manipulate it. If inode->i_pipe is no longer present, return ENOENT to indicate so. The comment about potentially using atomic_t for i_pipe->readers and i_pipe->writers has also been removed because it is no longer relevant in this context. The inode->i_mutex lock must be used so that inode->i_pipe can be dealt with correctly. Signed-off-by: Earl Chew Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit cc943ca634e17ad529306f9d08a7841f0129952c Author: Stas Sergeev Date: Sun Oct 18 00:31:38 2009 +0400 Driver core: fix driver_register() return value commit 39acbc12affcaa23ef1d887ba3d197baca8e6e47 upstream. In this patch: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=16dc42e018c2868211b4928f20a957c0c216126c the check was added for another driver to already claim the same device on the same bus. But the returned error code was wrong: to modprobe, the -EEXIST means that _this_ driver is already installed. It therefore doesn't produce the needed error message when _another_ driver is trying to register for the same device. Returning -EBUSY fixes the problem. Signed-off-by: Stas Sergeev Signed-off-by: Greg Kroah-Hartman commit c99974ec505348f5d38585700c3f95813394ceb7 Author: OGAWA Hirofumi Date: Fri Oct 30 17:02:31 2009 +0900 dpt_i2o: Fix typo of EINVAL commit aefba418bfecd1985a08f50a95bd854a119f0153 upstream. Commit ef7562b7f28319e6dd1f85dc1af87df2a7a84832 ("dpt_i2o: Fix up copy*user") had a silly typo: EINVAL should be -EINVAL. Signed-off-by: OGAWA Hirofumi Cc: Alan Cox Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit c1e746f840b02765dd3dceaa1097986e04a5c066 Author: Alan Cox Date: Tue Oct 27 15:35:35 2009 +0000 dpt_i2o: Fix up copy*user commit ef7562b7f28319e6dd1f85dc1af87df2a7a84832 upstream. Signed-off-by: Alan Cox Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 9a3e3d7cf51eeafaad9f90c7c1d8f0b97ed0687e Author: Larry Finger Date: Fri Oct 16 10:18:09 2009 -0500 b43: Fix Bugzilla #14181 and the bug from the previous 'fix' commit d50bae33d1358b909ade05ae121d83d3a60ab63f upstream. "b43: Fix PPC crash in rfkill polling on unload" fixed the bug reported in Bugzilla No. 14181; however, it introduced a new bug. Whenever the radio switch was turned off, it was necessary to unload and reload the driver for it to recognize the switch again. This patch fixes both the original bug in #14181 and the bug introduced by the previous patch. It must be stated, however, that if there is a BCM4306/3 with an rfkill switch (not yet proven), then the driver will need an unload/reload cycle to turn the device back on. Signed-off-by: Larry Finger Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 63de8c036a111bf8e717c2b5cc8facca4d5837f2 Author: Benjamin Herrenschmidt Date: Mon Oct 26 16:50:05 2009 -0700 8250_pci: add IBM Saturn serial card commit c68d2b1594548cda7f6dbac6a4d9d30a9b01558c upstream. The IBM Saturn serial card has only one port. Without that fixup, the kernel thinks it has two, which confuses userland setup and admin tools as well. [akpm@linux-foundation.org: fix pci-ids.h layout] Signed-off-by: Benjamin Herrenschmidt Acked-by: Alan Cox Cc: Michael Reed Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Acked-by: Alan Cox Signed-off-by: Greg Kroah-Hartman