commit 113a7025cd8dec02fe9b474d28da831ea64d8a26 Author: Greg Kroah-Hartman Date: Fri Feb 6 13:47:45 2009 -0800 Linux 2.6.28.4 commit 723060e9421fb0bf065cfdd962df39a8daa450bb Author: Lin Ming Date: Thu Nov 13 10:54:39 2008 +0800 ACPICA: Allow multiple backslash prefix in namepaths commit d037c5fd7367548191eab2b376a1d08c4ffaf7ff upstream. In a fully qualified namepath, allow multiple backslash prefixes. This can happen because of the use of a double-backslash in strings (since backslash is the escape character) causing confusion. ACPICA BZ 739 Lin Ming. http://www.acpica.org/bugzilla/show_bug.cgi?id=739 Signed-off-by: Lin Ming Signed-off-by: Bob Moore Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit 1b3826f5b9b1b9e3e60300080834b8979e63bd94 Author: Mark Lord Date: Tue Jan 27 16:33:13 2009 -0500 sata_mv: Fix chip type for Hightpoint RocketRaid 1740/1742 commit 4462254ac6be9150aae87d54d388fc348d6fcead upstream. Fix chip type for the Highpoint RocketRAID 1740 and 1742 PCI cards. These really do have Marvell 6042 chips on them, rather than the 5081 chip. Confirmed by multiple (two) users (for the 1740), and by examining the product photographs from Highpoint's web site. Signed-off-by: Mark Lord Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman commit f5dec563113acaf3f7e62c55508661741c21e562 Author: Jeff Layton Date: Wed Jan 21 11:34:50 2009 -0500 dlm: initialize file_lock struct in GETLK before copying conflicting lock commit 20d5a39929232a715f29e6cb7e3f0d0c790f41eb upstream. dlm_posix_get fills out the relevant fields in the file_lock before returning when there is a lock conflict, but doesn't clean out any of the other fields in the file_lock. When nfsd does a NFSv4 lockt call, it sets the fl_lmops to nfsd_posix_mng_ops before calling the lower fs. When the lock comes back after testing a lock on GFS2, it still has that field set. This confuses nfsd into thinking that the file_lock is a nfsd4 lock. Fix this by making DLM reinitialize the file_lock before copying the fields from the conflicting lock. Signed-off-by: Jeff Layton Signed-off-by: David Teigland Signed-off-by: Greg Kroah-Hartman commit a88af3b3c8938d43bb0b0a71508b546086789eee Author: Rafael J. Wysocki Date: Mon Dec 29 19:19:07 2008 +0100 ACPI: Do not modify SCI_EN directly commit 11e93130c7ce5228d484fd5e86f3984835d4256b upstream. According to the ACPI specification the SCI_EN flag is controlled by the hardware, which sets this flag to inform the kernel that ACPI is enabled. For this reason, we shouldn't try to modify SCI_EN directly. Also, we don't need to do it in irqrouter_resume(), since lower-level resume code takes care of enabling ACPI in case it hasn't been enabled by the BIOS before passing control to the kernel (which by the way is against the ACPI specification). Signed-off-by: Rafael J. Wysocki Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit f74bb48f2e5ec381ba74f6952f55f0402c151d3e Author: Alexey Starikovskiy Date: Tue Dec 23 02:44:54 2008 +0300 Newly inserted battery might differ from one just removed, so update of battery info fields is required. commit 50b178512b7d6e7724f87459f6bd06504c9c2da1 upstream. Signed-off-by: Alexey Starikovskiy Acked-by: Andy Neitzke Signed-off-by: Alexey Starikovskiy Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit d0269c8bc47b632a1f195f14129772045162da5c Author: Zhang Rui Date: Wed Dec 31 10:58:48 2008 +0800 video: always update the brightness when poking "brightness" commit 9e6dada9d255497127251c03aaa59296d186f959 upstream. always update props.brightness no matter the backlight is changed via procfs, hotkeys or sysfs. Sighed-off-by: Zhang Rui Acked-by: Matthew Garrett Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit 8509107b0429f80e8cf5c191e45125b3f2f21672 Author: Zhao Yakui Date: Sun Jan 4 12:04:21 2009 +0800 ACPI: Avoid array address overflow when _CST MWAIT hint bits are set commit 13b40a1a065824d2d4e55c8b48ea9f3f9d162929 upstream. The Cx Register address obtained from the _CST object is used as the MWAIT hints if the register type is FFixedHW. And it is used to check whether the Cx type is supported or not. On some boxes the following Cx state package is obtained from _CST object: >{ ResourceTemplate () { Register (FFixedHW, 0x01, // Bit Width 0x02, // Bit Offset 0x0000000000889759, // Address 0x03, // Access Size ) }, 0x03, 0xF5, 0x015E } In such case we should use the bit[7:4] of Cx address to check whether the Cx type is supported or not. mask the MWAIT hint to avoid array address overflow Signed-off-by: Zhao Yakui Acked-by:Venki Pallipadi Signed-off-by: Len Brown Cc: Thomas Renninger commit 00559920e4bd114effb56e669690aa2479260af2 Author: Venkatesh Pallipadi Date: Tue Jan 27 17:38:46 2009 +0100 cpuidle: Add decaying history logic to menu idle predictor commit 816bb611e41be29b476dc16f6297eb551bf4d747 upstream Add decaying history of predicted idle time, instead of using the last early wakeup. This logic helps menu governor do better job of predicting idle time. With this change, we also measured noticable (~8%) power savings on a DP server system with CPUs supporting deep C states, when system was lightly loaded. There was no change to power or perf on other load conditions. Signed-off-by: Venkatesh Pallipadi Signed-off-by: Len Brown Cc: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit f50db0e8116410e8e7465d1810621dbf19c55ff9 Author: Seth Heasley Date: Fri Jan 23 12:43:38 2009 -0800 PCI: irq and pci_ids patch for Intel Tigerpoint DeviceIDs commit 57064d213d2e44654d4f13c66df135b5e7389a26 upstream. This patch adds the Intel Tigerpoint LPC Controller DeviceIDs. Signed-off-by: Seth Heasley Signed-off-by: Jesse Barnes Signed-off-by: Greg Kroah-Hartman commit 3a0dfc2d0a1fe25c03e2c41d6931ea5b423513db Author: Christian Lamparter Date: Sat Jan 24 10:45:10 2009 +0100 minstrel: fix warning if lowest supported rate index is not 0 commit d57854bb1d78ba89ffbfdfd1c3e95b52ed7478ff upstream This patch fixes the following WARNING (caused by rix_to_ndx): " >WARNING: at net/mac80211/rc80211_minstrel.c:69 minstrel_rate_init+0xd2/0x33a [mac80211]() >[...] >Call Trace: > warn_on_slowpath+0x51/0x75 > _format_mac_addr+0x4c/0x88 > minstrel_rate_init+0xd2/0x33a [mac80211] > print_mac+0x16/0x1b > schedule_hrtimeout_range+0xdc/0x107 > ieee80211_add_station+0x158/0x1bd [mac80211] > nl80211_new_station+0x1b3/0x20b [cfg80211] The reason is that I'm experimenting with "g" only mode on a 802.11 b/g card. Therefore rate_lowest_index returns 4 (= 6Mbit, instead of usual 0 = 1Mbit). Since mi->r array is initialized with zeros in minstrel_alloc_sta, rix_to_ndx has a hard time to find the 6Mbit entry and will trigged the WARNING. Signed-off-by: Christian Lamparter Acked-by: Felix Fietkau Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit d661ee77bd5eedd3782155b6c6f4426dda3abdd3 Author: Christian Lamparter Date: Sat Jan 24 10:44:53 2009 +0100 p54usb: rewriting rx/tx routines to make use of usb_anchor's facilities commit dd397dc9dddfa2149a1bbc9e52ac7d5630737cec upstream Alan Stern found several flaws in p54usb's implementation and annotated: "usb_kill_urb() and similar routines do not expect an URB's completion routine to deallocate it. This is almost obvious -- if the URB is deallocated before the completion routine returns then there's no way for usb_kill_urb to detect when the URB actually is complete." This patch addresses all known limitations in the old implementation and fixes khub's "use-after-freed" hang, when SLUB debug's poisoning option is enabled. Signed-off-by: Christian Lamparter Tested-by: Larry Finger Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 621c147ff8fc7fca0d127e0e4c7c9c017560900a Author: Christian Lamparter Date: Sat Jan 24 10:44:40 2009 +0100 p54: fix p54_read_eeprom to cope with tx_hdr_len commit b92f30d65aeb0502e2ed8beb80c8465578b40002 upstream This patch fixes a regression in "p54: move eeprom code into common library" 7cb770729ba895f73253dfcd46c3fcba45d896f9 Some of p54usb's devices need a little headroom for the transportation and this was forgotten in the eeprom change. Signed-off-by: Christian Lamparter Signed-off-by: Greg Kroah-Hartman commit 631c7b5c602f9516cfe11c4556181c14bee6fdb3 Author: Johannes Berg Date: Sat Jan 24 10:44:26 2009 +0100 p54: fix lm87 checksum endianness commit c91276592695e13d1b52eab572551017cbf96ee7 upstream This fixes the checksum calculation for lm87 firmwares on big endian platforms, the device treats the data as an array of 32-bit little endian values so the driver needs to do that as well. Signed-off-by: Johannes Berg Acked-by: Christian Lamparter Signed-off-by: John W. Linville commit 1d2966c46a14815bf7c5016b5ca6068bce9ec1c6 Author: Abbas, Mohamed Date: Wed Jan 21 10:58:02 2009 -0800 iwlwifi: fix rs_get_rate WARN_ON() commit c338ba3ca5bef2df2082d9e8d336ff7b2880c326 upstream. In ieee80211_sta structure there is u64 supp_rates[IEEE80211_NUM_BANDS] this is filled with all support rate from assoc_resp. If we associate with G-band AP only supp_rates of G-band will be set the other band supp_rates will be set to 0. If the user type this command this will cause mac80211 to set to new channel, mac80211 does not disassociate in setting new channel, so the active band is now A-band. then in handling the new essid mac80211 will kick in the assoc steps which involve sending disassociation frame. in this mac80211 will WARN_ON sta->supp_rates[A_BAND] == 0. This fixes: http://www.intellinuxwireless.org/bugzilla/show_bug.cgi?id=1822 http://www.kerneloops.org/searchweek.php?search=rs_get_rate Signed-off-by: mohamed abbas Signed-off-by: Reinette Chatre Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 05b3cbed318b32175df7cfbafd0cac04cff6b776 Author: J. Bruce Fields Date: Sat Dec 20 11:58:38 2008 -0800 nfsd: Ensure nfsv4 calls the underlying filesystem on LOCKT commit 55ef1274dddd4de387c54d110e354ffbb6cdc706 upstream. Since nfsv4 allows LOCKT without an open, but the ->lock() method is a file method, we fake up a struct file in the nfsv4 code with just the fields we need initialized. But we forgot to initialize the file operations, with the result that LOCKT never results in a call to the filesystem's ->lock() method (if it exists). We could just add that one more initialization. But this hack of faking up a struct file with only some fields initialized seems the kind of thing that might cause more problems in the future. We should either do an open and get a real struct file, or make lock-testing an inode (not a file) method. This patch does the former. Reported-by: Marc Eshel Tested-by: Marc Eshel Signed-off-by: J. Bruce Fields Signed-off-by: Greg Kroah-Hartman commit d47d1c2e6541d2a53d9a2cfc41eec021ec8af95b Author: Jeff Layton Date: Thu Jan 22 14:16:04 2009 -0500 nfsd: only set file_lock.fl_lmops in nfsd4_lockt if a stateowner is found commit fa82a491275a613b15489aab4b99acecb00958d3 upstream. nfsd4_lockt does a search for a lockstateowner when building the lock struct to test. If one is found, it'll set fl_owner to it. Regardless of whether that happens, it'll also set fl_lmops. Given that this lock is basically a "lightweight" lock that's just used for checking conflicts, setting fl_lmops is probably not appropriate for it. This behavior exposed a bug in DLM's GETLK implementation where it wasn't clearing out the fields in the file_lock before filling in conflicting lock info. While we were able to fix this in DLM, it still seems pointless and dangerous to set the fl_lmops this way when we may have a NULL lockstateowner. Signed-off-by: Jeff Layton Signed-off-by: J. Bruce Fields Signed-off-by: Greg Kroah-Hartman commit 6a832114080e2f8f050db5c0f9c6f31671f92e57 Author: Stuart Hopkins Date: Sat Dec 20 04:12:33 2008 -0500 Input: atkbd - Samsung NC10 key repeat fix commit 4200844bd9dc511088258437d564a187f0ffc94e upstream. This patch fixes the key repeat issue with the Fn+F? keys on the new Samsung NC10 Netbook, so that the keys can be defined and used within ACPID correctly, otherwise the keys repeat indefinately. This solves part of http://bugzilla.kernel.org/show_bug.cgi?id=12021 Signed-off-by: Stuart Hopkins Signed-off-by: Dmitry Torokhov Cc: Chuck Ebbert Signed-off-by: Greg Kroah-Hartman commit 826949add389c6cdee9412071aba4637160e1519 Author: Paul Larson Date: Fri Jan 30 10:21:49 2009 -0600 Add enable_ms to jsm driver commit 0461ec5bc7745b89a8ab67ba0ea497abd58a6301 upstream. This fixes a crash observed when non-existant enable_ms function is called for jsm driver. Signed-off-by: Scott Kilau Signed-off-by: Paul Larson Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 8255fc826e58c0a59711029e01db9fcdc06ba211 Author: Mikulas Patocka Date: Fri Jan 30 15:27:14 2009 -0500 Fix memory corruption in console selection commit 878b8619f711280fd05845e21956434b5e588cc4 upstream. Fix an off-by-two memory error in console selection. The loop below goes from sel_start to sel_end (inclusive), so it writes one more character. This one more character was added to the allocated size (+1), but it was not multiplied by an UTF-8 multiplier. This patch fixes a memory corruption when UTF-8 console is used and the user selects a few characters, all of them 3-byte in UTF-8 (for example a frame line). When memory redzones are enabled, a redzone corruption is reported. When they are not enabled, trashing of random memory occurs. Signed-off-by: Mikulas Patocka Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 8550890004fb0220bef61604d82a96fb183e2b82 Author: Tejun Heo Date: Sun Feb 1 10:56:31 2009 +0900 sata_nv: ck804 has borked hardreset too commit 8d993eaa9c3c61b8a5929a7f695078a1fcfb4869 upstream. While playing with nvraid, I found out that rmmoding and insmoding often trigger hardreset failure on the first port (the second one was always okay). Seriously, how diverse can you get with hardreset behaviors? Anyways, make ck804 use noclassify variant too. Signed-off-by: Tejun Heo Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman commit bd646a877c03473f3f736a54d54ca15735c45255 Author: Tejun Heo Date: Sun Jan 25 11:29:38 2009 +0900 sata_nv: fix MCP5x reset commit 2d775708bc6613f1be47f1e720781343341ecc94 upstream. MCP5x family of controllers seem to share much more with nf2's as far as reset protocol is concerned. It requires heardreset to get the PHY going and classfication code report after hardreset is unreliable. Create a new board type MCP5x and use noclassify hardreset. SWNCQ is modified to inherit from this new type. This fixes hotplug regression reported in kernel bz#12351. Signed-off-by: Tejun Heo Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman commit 57d39852a4005747bec2fef56c639b5096fb4e80 Author: Tejun Heo Date: Sun Jan 25 11:25:22 2009 +0900 sata_nv: rename nv_nf2_hardreset() commit e8caa3c70e94d867ca2efe9e53fd388b52d6d0c8 upstream. nv_nf2_hardreset() will be used by other flavors too. Rename it to nv_noclassify_hardreset(). Signed-off-by: Tejun Heo Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman commit f48c97c0ac7b7eb162b3f8364dc38fbf5e862727 Author: Jeff Mahoney Date: Tue Jan 27 23:48:59 2009 +0200 kmalloc: return NULL instead of link failure commit 1cf3eb2ff6b0844c678f2f48d0053b9d12b7da67 upstream. The SLAB kmalloc with a constant value isn't consistent with the other implementations because it bails out with __you_cannot_kmalloc_that_much rather than returning NULL and properly allowing the caller to fall back to vmalloc or take other action. This doesn't happen with a non-constant value or with SLOB or SLUB. Starting with 2.6.28, I've been seeing build failures on s390x. This is due to init_section_page_cgroup trying to allocate 2.5MB when the max size for a kmalloc on s390x is 2MB. It's failing because the value is constant. The workarounds at the call size are ugly and the caller shouldn't have to change behavior depending on what the backend of the API is. So, this patch eliminates the link failure and returns NULL like the other implementations. Signed-off-by: Jeff Mahoney Cc: Martin Schwidefsky Cc: Heiko Carstens Cc: Christoph Lameter Cc: Pekka Enberg Cc: Matt Mackall Cc: Nick Piggin Signed-off-by: Andrew Morton Signed-off-by: Pekka Enberg Signed-off-by: Greg Kroah-Hartman commit 6577acab14a720244edada8299267452c90f0841 Author: Risto Suominen Date: Tue Jan 13 20:09:30 2009 +0000 fbdev/atyfb: Fix DSP config on some PowerMacs & PowerBooks commit 7fbb7cadd062baf299fd8b26a80ea99da0c3fe01 upstream. Since the complete re-write in 2.6.10, some PowerMacs (At least PowerMac 5500 and PowerMac G3 Beige rev A) with ATI Mach64 chip have suffered from unstable columns in their framebuffer image. This seems to depend on a value (4) read from PLL_EXT_CNTL register, which leads to incorrect DSP config parameters to be written to the chip. This patch uses a value calculated by aty_init_pll_ct instead, as a starting point. There are questions as to whether this should be extended to other platforms or maybe made dependent on specific chip types, but in the meantime, this has been tested on various powermacs and works for them so let's commit it. Signed-off-by: Risto Suominen Tested-by: Michael Pettersson Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Greg Kroah-Hartman commit 44c28be98a979209d3fa7a72acfd043200b39f83 Author: Andrey Borzenkov Date: Thu Jan 29 20:39:32 2009 +0300 orinoco: move kmalloc(..., GFP_KERNEL) outside spinlock in orinoco_ioctl_set_genie commit 7fe99c4e28ab54eada8aa456b417114e6ef21587 upstream orinoco: move kmalloc(..., GFP_KERNEL) outside spinlock in orinoco_ioctl_set_genie [ 56.923623] BUG: sleeping function called from invalid context at /home/bor/src/linux-git/mm/slub.c:1599 [ 56.923644] in_atomic(): 0, irqs_disabled(): 1, pid: 3031, name: wpa_supplicant [ 56.923656] 2 locks held by wpa_supplicant/3031: [ 56.923662] #0: (rtnl_mutex){--..}, at: [] rtnl_lock+0xf/0x20 [ 56.923703] #1: (&priv->lock){++..}, at: [] orinoco_ioctl_set_genie+0x52/0x130 [orinoco] [ 56.923782] irq event stamp: 910 [ 56.923788] hardirqs last enabled at (909): [] __kmalloc+0x7b/0x140 [ 56.923820] hardirqs last disabled at (910): [] _spin_lock_irqsave+0x19/0x80 [ 56.923847] softirqs last enabled at (880): [] __do_softirq+0xc4/0x110 [ 56.923865] softirqs last disabled at (871): [] do_softirq+0x8e/0xe0 [ 56.923895] Pid: 3031, comm: wpa_supplicant Not tainted 2.6.29-rc2-1avb #1 [ 56.923905] Call Trace: [ 56.923919] [] ? do_softirq+0x8e/0xe0 [ 56.923941] [] __might_sleep+0xd2/0x100 [ 56.923952] [] __kmalloc+0xd7/0x140 [ 56.923963] [] ? _spin_lock_irqsave+0x6a/0x80 [ 56.923981] [] ? orinoco_ioctl_set_genie+0x79/0x130 [orinoco] [ 56.923999] [] ? orinoco_ioctl_set_genie+0x52/0x130 [orinoco] [ 56.924017] [] orinoco_ioctl_set_genie+0x79/0x130 [orinoco] [ 56.924036] [] ? copy_from_user+0x35/0x130 [ 56.924061] [] ioctl_standard_call+0x196/0x380 [ 56.924085] [] ? __dev_get_by_name+0x85/0xb0 [ 56.924096] [] wext_handle_ioctl+0x14f/0x230 [ 56.924113] [] ? orinoco_ioctl_set_genie+0x0/0x130 [orinoco] [ 56.924132] [] dev_ioctl+0x495/0x570 [ 56.924155] [] ? sys_sendto+0xa5/0xd0 [ 56.924171] [] ? mark_held_locks+0x48/0x90 [ 56.924183] [] ? sock_ioctl+0x0/0x280 [ 56.924193] [] sock_ioctl+0xfd/0x280 [ 56.924203] [] ? sock_ioctl+0x0/0x280 [ 56.924235] [] vfs_ioctl+0x20/0x80 [ 56.924246] [] do_vfs_ioctl+0x72/0x570 [ 56.924257] [] ? sys_send+0x32/0x40 [ 56.924268] [] ? sys_socketcall+0x1d0/0x2a0 [ 56.924280] [] ? sysenter_exit+0xf/0x16 [ 56.924292] [] sys_ioctl+0x39/0x70 [ 56.924302] [] sysenter_do_call+0x12/0x31 Signed-off-by: Andrey Borzenkov Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 172b428d2a8ece22d60ce37c9b9f2a2b0c1f983e Author: Patrick McHardy Date: Wed Jan 21 12:19:49 2009 -0800 netfilter: ctnetlink: fix scheduling while atomic commit 748085fcbedbf7b0f38d95e178265d7b13360b44 upstream. Caused by call to request_module() while holding nf_conntrack_lock. Reported-and-tested-by: Kövesdi György Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 0c8d760228762ad7adf232ff39b3cdaad707d530 Author: Jeff Layton Date: Thu Jan 22 10:35:13 2009 -0500 cifs: make sure we allocate enough storage for socket address commit a9ac49d303f967be0dabd97cb722c4a13109c6c2 upstream. cifs_mount declares a struct sockaddr on the stack and then casts it to the proper address type. The storage allocated is fine for ipv4, but is too small for ipv6 addresses. Declare it as "struct sockaddr_storage" instead of struct sockaddr". This bug was manifesting itself as oopses and address corruption when mounting IPv6 addresses. Signed-off-by: Jeff Layton Tested-by: Stefan Bader Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 049ee5f967464ed93b6428eef7112c8ed1939acf Author: Andi Kleen Date: Fri Jan 16 15:22:11 2009 +0100 x86: use early clobbers in usercopy*.c commit e0a96129db574d6365e3439d16d88517c437ab33 upstream. Impact: fix rare (but currently harmless) miscompile with certain configs and gcc versions Hugh Dickins noticed that strncpy_from_user() was miscompiled in some circumstances with gcc 4.3. Thanks to Hugh's excellent analysis it was easy to track down. Hugh writes: > Try building an x86_64 defconfig 2.6.29-rc1 kernel tree, > except not quite defconfig, switch CONFIG_PREEMPT_NONE=y > and CONFIG_PREEMPT_VOLUNTARY off (because it expands a > might_fault() there, which hides the issue): using a > gcc 4.3.2 (I've checked both openSUSE 11.1 and Fedora 10). > > It generates the following: > > 0000000000000000 <__strncpy_from_user>: > 0: 48 89 d1 mov %rdx,%rcx > 3: 48 85 c9 test %rcx,%rcx > 6: 74 0e je 16 <__strncpy_from_user+0x16> > 8: ac lods %ds:(%rsi),%al > 9: aa stos %al,%es:(%rdi) > a: 84 c0 test %al,%al > c: 74 05 je 13 <__strncpy_from_user+0x13> > e: 48 ff c9 dec %rcx > 11: 75 f5 jne 8 <__strncpy_from_user+0x8> > 13: 48 29 c9 sub %rcx,%rcx > 16: 48 89 c8 mov %rcx,%rax > 19: c3 retq > > Observe that "sub %rcx,%rcx; mov %rcx,%rax", whereas gcc 4.2.1 > (and many other configs) say "sub %rcx,%rdx; mov %rdx,%rax". > Isn't it returning 0 when it ought to be returning strlen? The asm constraints for the strncpy_from_user() result were missing an early clobber, which tells gcc that the last output arguments are written before all input arguments are read. Also add more early clobbers in the rest of the file and fix 32-bit usercopy.c in the same way. Signed-off-by: Andi Kleen Signed-off-by: H. Peter Anvin [ since this API is rarely used and no in-kernel user relies on a 'len' return value (they only rely on negative return values) this miscompile was never noticed in the field. But it's worth fixing it nevertheless. ] Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit 3b156a5edf928dffd65f666ca32bcd1f8d630f87 Author: Hidetoshi Seto Date: Wed Dec 24 17:27:04 2008 +0900 PCI/MSI: bugfix/utilize for msi_capability_init() commit 0db29af1e767464d71b89410d61a1e5b668d0370 upstream. This patch fix a following bug and does a cleanup. bug: commit 5993760f7fc75b77e4701f1e56dc84c0d6cf18d5 had a wrong change (since is_64 is boolean[0|1]): - pci_write_config_dword(dev, - msi_mask_bits_reg(pos, is_64bit_address(control)), - maskbits); + pci_write_config_dword(dev, entry->msi_attrib.is_64, maskbits); utilize: Unify separated if (entry->msi_attrib.maskbit) statements. Signed-off-by: Hidetoshi Seto Acked-by: "Jike Song" Signed-off-by: Jesse Barnes Signed-off-by: Greg Kroah-Hartman commit 4725746a3b3f02e57be8fa57f6fce20626bb8433 Author: Adrian Bunk Date: Wed Oct 29 12:15:47 2008 +0200 m68knommu: set NO_DMA commit e0212e72186e855027dd35b37e9d7a99a078448c upstream. m68knommu does not set the Kconfig NO_DMA variable, but also does not provide the required functions, resulting in the following build error triggered by commit a40c24a13366e324bc0ff8c3bb107db89312c984 (net: Add SKB DMA mapping helper functions.): <-- snip --> .. LD vmlinux net/built-in.o: In function `skb_dma_unmap': (.text+0xac5e): undefined reference to `dma_unmap_single' net/built-in.o: In function `skb_dma_unmap': (.text+0xac7a): undefined reference to `dma_unmap_page' net/built-in.o: In function `skb_dma_map': (.text+0xacdc): undefined reference to `dma_map_single' net/built-in.o: In function `skb_dma_map': (.text+0xace8): undefined reference to `dma_mapping_error' net/built-in.o: In function `skb_dma_map': (.text+0xad10): undefined reference to `dma_map_page' net/built-in.o: In function `skb_dma_map': (.text+0xad82): undefined reference to `dma_unmap_page' net/built-in.o: In function `skb_dma_map': (.text+0xadc6): undefined reference to `dma_unmap_single' make[1]: *** [vmlinux] Error 1 <-- snip --> Signed-off-by: Adrian Bunk Signed-off-by: Greg Ungerer Signed-off-by: Greg Kroah-Hartman commit fc304eb4ccc0227d3230ce7a11b31f2d2bd43792 Author: Mark Lord Date: Mon Jan 19 18:04:37 2009 -0500 sata_mv: fix 8-port timeouts on 508x/6081 chips commit b0bccb18bc523d1d5060d25958f12438062829a9 upstream. Fix a longstanding bug for the 8-port Marvell Sata controllers (508x/6081), where accesses to the upper 4 ports would cause lost-interrupts / timeouts for the lower 4-ports. With this patch, the 6081 boards should finally be reliable enough for mainstream use with Linux. Signed-off-by: Mark Lord Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman commit 06332b60cc1565fcc7d78a277007530842772a5c Author: Jeremy Fitzhardinge Date: Wed Jan 28 16:50:20 2009 -0800 xen: make sysfs files behave as their names suggest commit 618b2c8db24522ae273d8299c6a936ea13793c4d upstream. 1: make "target_kb" only accept and produce a memory size in kilobytes. 2: add a second "target" file which produces output in bytes, and will accept memparse input (scaled bytes) This fixes the rather irritating problem that writing the same value read back into target_kb would end up shrinking the domain by a factor of 1024, with generally bad results. Signed-off-by: Jeremy Fitzhardinge Cc: "dan.magenheimer@oracle.com" Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit a473fe79d2e74f0697969f003fe503c590376a2c Author: Linus Torvalds Date: Sun Feb 1 11:00:16 2009 -0800 Manually revert "mlock: downgrade mmap sem while populating mlocked regions" commit 27421e211a39784694b597dbf35848b88363c248 upstream. This essentially reverts commit 8edb08caf68184fb170f4f69c7445929e199eaea. It downgraded our mmap semaphore to a read-lock while mlocking pages, in order to allow other threads (and external accesses like "ps" et al) to walk the vma lists and take page faults etc. Which is a nice idea, but the implementation does not work. Because we cannot upgrade the lock back to a write lock without releasing the mmap semaphore, the code had to release the lock entirely and then re-take it as a writelock. However, that meant that the caller possibly lost the vma chain that it was following, since now another thread could come in and mmap/munmap the range. The code tried to work around that by just looking up the vma again and erroring out if that happened, but quite frankly, that was just a buggy hack that doesn't actually protect against anything (the other thread could just have replaced the vma with another one instead of totally unmapping it). The only way to downgrade to a read map _reliably_ is to do it at the end, which is likely the right thing to do: do all the 'vma' operations with the write-lock held, then downgrade to a read after completing them all, and then do the "populate the newly mlocked regions" while holding just the read lock. And then just drop the read-lock and return to user space. The (perhaps somewhat simpler) alternative is to just make all the callers of mlock_vma_pages_range() know that the mmap lock got dropped, and just re-grab the mmap semaphore if it needs to mlock more than one vma region. So we can do this "downgrade mmap sem while populating mlocked regions" thing right, but the way it was done here was absolutely not correct. Thus the revert, in the expectation that we will do it all correctly some day. Cc: Lee Schermerhorn Cc: Rik van Riel Cc: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman