commit fe21db377c34c1a24a6069713bcf87d44bb89a18 Author: Greg Kroah-Hartman Date: Wed Jan 6 14:27:24 2010 -0800 Linux 2.6.31.10 commit 710854ea715d8e31df700d87a64d6ed0d08ee442 Author: Dmitry Monakhov Date: Thu Dec 10 16:36:27 2009 +0000 ext4: fix sleep inside spinlock issue with quota and dealloc (#14739) commit 39bc680a8160bb9d6743f7873b535d553ff61058 upstream. Unlock i_block_reservation_lock before vfs_dq_reserve_block(). This patch fixes http://bugzilla.kernel.org/show_bug.cgi?id=14739 Cc: Theodore Ts'o Signed-off-by: Dmitry Monakhov Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman commit 8227f06a8f941d900836bc7ac22d72949fc247d5 Author: Dmitry Monakhov Date: Mon Dec 14 15:21:14 2009 +0300 ext4: Convert to generic reserved quota's space management. commit a9e7f4472075fb6937c545af3f6329e9946bbe66 upstream. This patch also fixes write vs chown race condition. Acked-by: "Theodore Ts'o" Signed-off-by: Dmitry Monakhov Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman commit c169e13a6662cbf36fc0098508e7aa31b49cbf23 Author: Dmitry Monakhov Date: Mon Dec 14 15:21:13 2009 +0300 quota: decouple fs reserved space from quota reservation commit fd8fbfc1709822bd94247c5b2ab15a5f5041e103 upstream. Currently inode_reservation is managed by fs itself and this reservation is transfered on dquot_transfer(). This means what inode_reservation must always be in sync with dquot->dq_dqb.dqb_rsvspace. Otherwise dquot_transfer() will result in incorrect quota(WARN_ON in dquot_claim_reserved_space() will be triggered) This is not easy because of complex locking order issues for example http://bugzilla.kernel.org/show_bug.cgi?id=14739 The patch introduce quota reservation field for each fs-inode (fs specific inode is used in order to prevent bloating generic vfs inode). This reservation is managed by quota code internally similar to i_blocks/i_bytes and may not be always in sync with internal fs reservation. Also perform some code rearrangement: - Unify dquot_reserve_space() and dquot_reserve_space() - Unify dquot_release_reserved_space() and dquot_free_space() - Also this patch add missing warning update to release_rsv() dquot_release_reserved_space() must call flush_warnings() as dquot_free_space() does. Signed-off-by: Dmitry Monakhov Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman commit 36f1fbe83ea3e2b64d4429439d05ad2dc25b3ca8 Author: Dmitry Monakhov Date: Mon Dec 14 15:21:12 2009 +0300 Add unlocked version of inode_add_bytes() function commit b462707e7ccad058ae151e5c5b06eb5cadcb737f upstream. Quota code requires unlocked version of this function. Off course we can just copy-paste the code, but copy-pasting is always an evil. Signed-off-by: Dmitry Monakhov Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman commit 0bce92b05a81bb290ae58f689b14a283a87db6d7 Author: Moiseev Vladimir Date: Mon Dec 7 17:26:54 2009 +0800 Input: atkbd - add force relese key quirk for Samsung R59P/R60P/R61P This patch is not upstream. Since 2.6.32, there is an interface in /sys for handling the force_release events from userspace, so such quirk patches are no longer accepted upstream now. But this patch is valid for version 2.6.31 downwards. OriginalAuthor: Moiseev Vladimir Alexander Huhlaev BugLink: http://bugs.launchpad.net/bugs/253874 Signed-off-by: Keng-Yu Lin Cc: Moiseev Vladimir Cc: Alexander Huhlaev Signed-off-by: Greg Kroah-Hartman commit ae3559fa2fe48ab923b52885bba2dca0355428f0 Author: Daisuke Nishimura Date: Tue Jan 5 12:26:33 2010 +0900 memcg: avoid oom-killing innocent task in case of use_hierarchy commit d31f56dbf8bafaacb0c617f9a6f137498d5c7aed upstream task_in_mem_cgroup(), which is called by select_bad_process() to check whether a task can be a candidate for being oom-killed from memcg's limit, checks "curr->use_hierarchy"("curr" is the mem_cgroup the task belongs to). But this check return true(it's false positive) when: /00 use_hierarchy == 0 <- hitting limit /00/aa use_hierarchy == 1 <- "curr" This leads to killing an innocent task in 00/aa. This patch is a fix for this bug. And this patch also fixes the arg for mem_cgroup_print_oom_info(). We should print information of mem_cgroup which the task being killed, not current, belongs to. Signed-off-by: Daisuke Nishimura Acked-by: KAMEZAWA Hiroyuki Reviewed-by: Balbir Singh Signed-off-by: Greg Kroah-Hartman commit f1850a5783908f6528c305e321119e7aa6641151 Author: Gertjan van Wingerde Date: Mon Dec 14 20:33:55 2009 +0100 rt2x00: Disable powersaving for rt61pci and rt2800pci. commit 93b6bd26b74efe46b4579592560f9f1cb7b61994 upstream. We've had many reports of rt61pci failures with powersaving enabled. Therefore, as a stop-gap measure, disable powersaving of the rt61pci until we have found a proper solution. Also disable powersaving on rt2800pci as it most probably will show the same problem. Signed-off-by: Gertjan van Wingerde Acked-by: Ivo van Doorn Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 92a5184168d552fd3e8f43d05ac04924d6aaa43b Author: Serge E. Hallyn Date: Tue Dec 29 14:50:19 2009 -0600 generic_permission: MAY_OPEN is not write access commit 7ea6600148c265b1fd53e521022b1d7aec81d974 upstream. generic_permission was refusing CAP_DAC_READ_SEARCH-enabled processes from opening DAC-protected files read-only, because do_filp_open adds MAY_OPEN to the open mask. Ignore MAY_OPEN. After this patch, CAP_DAC_READ_SEARCH is again sufficient to open(fname, O_RDONLY) on a file to which DAC otherwise refuses us read permission. Reported-by: Mike Kazantsev Signed-off-by: Serge E. Hallyn Tested-by: Mike Kazantsev Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 64b220304ef04ce44243aae5f477407a7dc26fa6 Author: Jan Rekorajski Date: Mon Nov 16 11:57:02 2009 +0000 XFS bug in log recover with quota (bugzilla id 855) commit 8ec6dba2581754e375be66f7bedd708d856d8b30 upstream. Hi, I was hit by a bug in linux 2.6.31 when XFS is not able to recover the log after a crash if fs was mounted with quotas. Gory details in XFS bugzilla: http://oss.sgi.com/bugzilla/show_bug.cgi?id=855. It looks like wrong struct is used in buffer length check, and the following patch should fix the problem. xfs_dqblk_t has a size of 104+32 bytes, while xfs_disk_dquot_t is 104 bytes long, and this is exactly what I see in system logs - "XFS: dquot too small (104) in xlog_recover_do_dquot_trans." Signed-off-by: Jan Rekorajski Reviewed-by: Christoph Hellwig Signed-off-by: Alex Elder Cc: Simon Kirby Signed-off-by: Greg Kroah-Hartman commit 1bb36e83e350d997fb109b77e41bf4dce57ffe58 Author: Linus Torvalds Date: Thu Dec 17 07:04:56 2009 -0800 x86/ptrace: make genregs[32]_get/set more robust commit 04a1e62c2cec820501f93526ad1e46073b802dc4 upstream. The loop condition is fragile: we compare an unsigned value to zero, and then decrement it by something larger than one in the loop. All the callers should be passing in appropriately aligned buffer lengths, but it's better to just not rely on it, and have some appropriate defensive loop limits. Acked-by: Roland McGrath Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 2bdc1c6942693c9ab1c17b82bc374966133963f3 Author: Dan Carpenter Date: Thu Dec 10 16:44:51 2009 -0300 V4L/DVB (13596): ov511.c typo: lock => unlock commit 50e9d31183ed61c787b870cb3ee8f6c3db8c8a1e upstream. This was found with a static checker and has not been tested, but it seems pretty clear that the mutex_lock() was supposed to be mutex_unlock() Signed-off-by: Dan Carpenter Signed-off-by: Douglas Schilling Landgraf Signed-off-by: Mauro Carvalho Chehab Cc: Brandon Philips Signed-off-by: Greg Kroah-Hartman commit 45a53b5dce3f9e5c368061a77b9dcbce6d7f8946 Author: Jan Kara Date: Mon Nov 30 19:47:55 2009 +0100 udf: Try harder when looking for VAT inode commit e971b0b9e0dd50d9ceecb67a6a6ab80a80906033 upstream. Some disks do not contain VAT inode in the last recorded block as required by the standard but a few blocks earlier (or the number of recorded blocks is wrong). So look for the VAT inode a bit before the end of the media. Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman commit 238659281dab178c457e16b515582f0b4f4019b7 Author: Stefan Weinhuber Date: Mon Dec 7 12:51:48 2009 +0100 S390: dasd: support DIAG access for read-only devices commit 22825ab7693fd29769518a0d25ba43c01a50092a upstream. When a DASD device is used with the DIAG discipline, the DIAG initialization will indicate success or error with a respective return code. So far we have interpreted a return code of 4 as error, but it actually means that the initialization was successful, but the device is read-only. To allow read-only devices to be used with DIAG we need to accept a return code of 4 as success. Re-initialization of the DIAG access is also part of the DIAG error recovery. If we find that the access mode of a device has been changed from writable to read-only while the device was in use, we print an error message. Signed-off-by: Stefan Weinhuber Signed-off-by: Martin Schwidefsky Cc: Stephen Powell Signed-off-by: Greg Kroah-Hartman commit 1e856b3bc1a27e2a41b64af46296112a8aa6a7bd Author: Patrick McHardy Date: Tue Dec 15 16:59:18 2009 +0100 ipv6: reassembly: use seperate reassembly queues for conntrack and local delivery commit 0b5ccb2ee250136dd7385b1c7da28417d0d4d32d upstream. Currently the same reassembly queue might be used for packets reassembled by conntrack in different positions in the stack (PREROUTING/LOCAL_OUT), as well as local delivery. This can cause "packet jumps" when the fragment completing a reassembled packet is queued from a different position in the stack than the previous ones. Add a "user" identifier to the reassembly queue key to seperate the queues of each caller, similar to what we do for IPv4. Signed-off-by: Patrick McHardy Signed-off-by: Greg Kroah-Hartman commit b167b0c6a4ae732370eba9486b6274d6637fdd06 Author: Michele Jr De Candia Date: Thu Nov 26 09:22:32 2009 +0100 i2c/tsl2550: Fix lux value in extended mode commit 5f5bfb09d81c9a1d26238ae6668e584c14ae3daf upstream. According to the TAOS Application Note 'Controlling a Backlight with the TSL2550 Ambient Light Sensor' (page 14), the actual lux value in extended mode should be obtained multiplying the calculated lux value by 5. Signed-off-by: Michele Jr De Candia Signed-off-by: Jean Delvare Signed-off-by: Greg Kroah-Hartman commit 0b8d9a7c4ac4e90adf8a499d91ebc9ca4513f295 Author: Jonathan Cameron Date: Wed Dec 16 21:38:28 2009 +0100 hwmon: (sht15) Off-by-one error in array index + incorrect constants commit 4235f684b66d6f00d2cd8849c884cf8f8b57ecad upstream. Fix an off-by-one error in array index + incorrect constants. Signed-off-by: Christoph Walser Signed-off-by: Jonathan Cameron Signed-off-by: Jean Delvare Signed-off-by: Greg Kroah-Hartman commit cdbb74a7b9d18c0a3f99c5e242fce12456a52899 Author: Roel Kluin Date: Sat Oct 24 13:28:45 2009 +0200 hwmon: (fschmd) Fix check on unsigned in watchdog_write() commit c7702c31340f84cfd5e5df22293578b7ae1e9370 upstream. If unsigned the watchdog_trigger() return value will not be checked correctly. Signed-off-by: Roel Kluin Acked-by: Andrew Morton Cc: Hans de Goede Signed-off-by: Jean Delvare Signed-off-by: Greg Kroah-Hartman commit cebb2ee677ef2016331f14e937811976a95003b3 Author: Martin Decky Date: Thu Sep 10 03:44:47 2009 +0200 hostap: Revert a toxic part of the conversion to net_device_ops commit e484c16f6212f7f06407382efa4d3ad214b6c589 upstream. As the hostap driver was converted to use net_device_ops, a mistake was made in hostap_main.c (commit 5ae4efbcd2611562a8b93596be034e63495706a5). Originally, the tx_queue_len was set to 0 for every other interface than HOSTAP_INTERFACE_MASTER, but the new fragment of code sets tx_queue_len to 0 only for HOSTAP_INTERFACE_MASTER. The opposite of the previous behavior makes the driver to drop all packets in AP mode. Change the way 0 is assigned to tx_queue_len according to the original logic. Signed-off-by: Martin Decky Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 1bfc1db036675e61af0ea34d3ac18206de566b64 Author: Roger Oksanen Date: Fri Dec 18 20:18:21 2009 -0800 e100: Fix broken cbs accounting due to missing memset. commit 70abc8cb90e679d8519721e2761d8366a18212a6 upstream. Alan Stern noticed that e100 caused slab corruption. commit 98468efddb101f8a29af974101c17ba513b07be1 changed the allocation of cbs to use dma pools that don't return zeroed memory, especially the cb->status field used to track which cb to clean, causing (the visible) double freeing of skbs and a wrong free cbs count. Now the cbs are explicitly zeroed at allocation time. Reported-by: Alan Stern Tested-by: Alan Stern Signed-off-by: Roger Oksanen Acked-by: Jesse Brandeburg Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 550b1d3896894543cc13dafe6910119024177482 Author: Roger Oksanen Date: Sun Nov 29 17:17:29 2009 -0800 e100: Use pci pool to work around GFP_ATOMIC order 5 memory allocation failure commit 98468efddb101f8a29af974101c17ba513b07be1 upstream. pci_alloc_consistent uses GFP_ATOMIC allocation that may fail on some systems with limited memory (Bug #14265). pci_pool_alloc allows waiting with GFP_KERNEL. Tested-by: Karol Lewandowski Signed-off-by: Roger Oksanen Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 43abf240b660703fbff2bae3695e41f1169795f5 Author: Suresh Siddha Date: Wed Dec 16 16:25:42 2009 -0800 x86, cpuid: Add "volatile" to asm in native_cpuid() commit 45a94d7cd45ed991914011919e7d40eb6d2546d1 upstream. xsave_cntxt_init() does something like: cpuid(0xd, ..); // find out what features FP/SSE/.. etc are supported xsetbv(); // enable the features known to OS cpuid(0xd, ..); // find out the size of the context for features enabled Depending on what features get enabled in xsetbv(), value of the cpuid.eax=0xd.ecx=0.ebx changes correspondingly (representing the size of the context that is enabled). As we don't have volatile keyword for native_cpuid(), gcc 4.1.2 optimizes away the second cpuid and the kernel continues to use the cpuid information obtained before xsetbv(), ultimately leading to kernel crash on processors supporting more state than the legacy FP/SSE. Add "volatile" for native_cpuid(). Signed-off-by: Suresh Siddha LKML-Reference: <1261009542.2745.55.camel@sbs-t61.sc.intel.com> Signed-off-by: H. Peter Anvin Signed-off-by: Greg Kroah-Hartman commit 3c55fa560d5befabcfe62c76d94e84a43ee34f06 Author: Donny Kurnia Date: Wed Dec 23 19:03:12 2009 +0700 USB: option: support hi speed for modem Haier CE100 commit c983202bd03eb82394ef1dce5906702fcbc7bb80 upstream. I made this patch for usbserial driver to add the support for EVDO modem Haier CE100. The bugs report for this is here: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/490068 This patch based on these post: http://blankblondtank.wordpress.com/2009/09/04/mengoptimalkan-koneksi-modem-haier-ce-100-cdma-di-linux/ http://tantos.web.id/blogs/how-to-internet-connection-using-cdma-evdo-modem-and-karmic-koala-ubuntu-9-10 I hope this patch can help other that have the Haier C100 modem, mostly in my country, Indonesia. Signed-off-by: Donny Kurnia Signed-off-by: Greg Kroah-Hartman commit 67024e047458edebb46559ad7db8b568f7443599 Author: Sergei Shtylyov Date: Tue Dec 15 13:30:01 2009 +0200 USB: musb: gadget_ep0: avoid SetupEnd interrupt commit 17be5c5f5ef99c94374e07f71effa78e93a20eda upstream. Gadget stalling a zero-length SETUP request results in this error message: SetupEnd came in a wrong ep0stage idle In order to avoid it, always set the CSR0.DataEnd bit after detecting a zero- length request. Add the missing '\n' to the error message itself as well... Signed-off-by: Sergei Shtylyov Acked-by: Anand Gadiyar Signed-off-by: Felipe Balbi Signed-off-by: Greg Kroah-Hartman commit 79ec7f562e3d0a7a78697ce3031e648e5a4cbdc2 Author: pancho horrillo Date: Wed Dec 23 11:09:13 2009 +0100 USB: Fix a bug on appledisplay.c regarding signedness commit 37e9066b2f85480d99d3795373f5ef0b00ac1189 upstream. brightness status is reported by the Apple Cinema Displays as an 'unsigned char' (u8) value, but the code used 'char' instead. Note that he driver was developed on the PowerPC architecture, where the two types are synonymous, which is not always the case. Fixed that. Otherwise the driver will interpret brightness levels > 127 as negative, and fail to load. Signed-off-by: pancho horrillo Signed-off-by: Greg Kroah-Hartman commit 61a6c8ed6de9b2eb4c3f2850bbfb2e0aa9e182f0 Author: Clemens Ladisch Date: Mon Dec 21 15:36:44 2009 -0800 USB: emi62: fix crash when trying to load EMI 6|2 firmware commit ac06c06770bb8761b1f1f9bdf2f5420fa6d3e9fa upstream. While converting emi62 to use request_firmware(), the driver was also changed to use the ihex helper functions. However, this broke the loading of the FPGA firmware because the code tries to access the addr field of the EOF record which works with a plain array that has an empty last record but not with the ihex helper functions where the end of the data is signaled with a NULL record pointer, resulting in: BUG: unable to handle kernel NULL pointer dereference at (null) IP: [] emi62_load_firmware+0x33c/0x740 [emi62] This can be fixed by changing the loop condition to test the return value of ihex_next_binrec() directly (like in emi26.c). Signed-off-by: Clemens Ladisch Reported-and-tested-by: Der Mickster Acked-by: David Woodhouse Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 184369b078e7c0c13bcd9f4487b994536713cc4c Author: Clemens Ladisch Date: Fri Dec 18 09:27:24 2009 +0100 sound: sgio2audio/pdaudiocf/usb-audio: initialize PCM buffer commit 3e85fd614c7b6bb7f33bb04a0dcb5a3bfca4c0fe upstream. When allocating the PCM buffer, use vmalloc_user() instead of vmalloc(). Otherwise, it would be possible for applications to play the previous contents of the kernel memory to the speakers, or to read it directly if the buffer is exported to userspace. Signed-off-by: Clemens Ladisch Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit fc480c27d9d5b2be5da93de8169d040f8a082f71 Author: Mike Christie Date: Tue Nov 17 21:25:16 2009 -0600 SCSI: fc class: fix fc_transport_init error handling commit 48de68a40aef032a2e198437f4781a83bfb938db upstream. If transport_class_register fails we should unregister any registered classes, or we will leak memory or other resources. I did a quick modprobe of scsi_transport_fc to test the patch. Signed-off-by: Mike Christie Signed-off-by: James Bottomley Signed-off-by: Greg Kroah-Hartman commit 14e3cd129aad425dae38ac5ba9aa7d709283a085 Author: Sergei Shtylyov Date: Thu Dec 17 01:11:27 2009 -0500 pata_hpt3x2n: fix clock turnaround commit 256ace9bbd4cdb6d48d5f55d55d42fa20527fad1 upstream. The clock turnaround code still doesn't work for several reasons: - 'USE_DPLL' flag in 'ap->host->private_data' is never initialized or updated, so the driver can only set the chip to the DPLL clock mode, not the PCI mode; - the driver doesn't serialize access to the channels depending on the current clock mode like the vendor drivers, so the clock turnaround is only executed "optionally", not always as it should be; - the wrong ports are written to when hpt3x2n_set_clock() is called for the secondary channel; - hpt3x2n_set_clock() can inadvertently enable the disabled channels when resetting the channel state machines. Signed-off-by: Sergei Shtylyov Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman commit 7564ecada882a2ec698bddcfb85a48e4b0e2b2a5 Author: Bartlomiej Zolnierkiewicz Date: Sun Dec 20 19:22:33 2009 +0100 pata_cmd64x: fix overclocking of UDMA0-2 modes commit 509426bd46ad0903dca409803e0ee3d30f99f1e8 upstream. adev->dma_mode stores the transfer mode value not UDMA mode number so the condition in cmd64x_set_dmamode() is always true and the higher UDMA clock is always selected. This can potentially result in data corruption when UDMA33 device is used, when 40-wire cable is used or when the error recovery code decides to lower the device speed down. The issue was introduced in the commit 6a40da0 ("libata cmd64x: whack into a shape that looks like the documentation") which goes back to kernel 2.6.20. Signed-off-by: Bartlomiej Zolnierkiewicz Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman commit 73b52c3b88805ec5528c647fcb71eab3443e47cb Author: NeilBrown Date: Wed Dec 30 12:08:49 2009 +1100 md: Fix unfortunate interaction with evms commit cbd1998377504df005302ac90d49db72a48552a6 upstream. evms configures md arrays by: open device send ioctl close device for each different ioctl needed. Since 2.6.29, the device can disappear after the 'close' unless a significant configuration has happened to the device. The change made by "SET_ARRAY_INFO" can too minor to stop the device from disappearing, but important enough that losing the change is bad. So: make sure SET_ARRAY_INFO sets mddev->ctime, and keep the device active as long as ctime is non-zero (it gets zeroed with lots of other things when the array is stopped). This is suitable for -stable kernels since 2.6.29. Signed-off-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit 2e6f37a113babaf54f2ef776a549a6440d262de9 Author: Daniel Mack Date: Wed Dec 16 05:12:58 2009 +0100 Libertas: fix buffer overflow in lbs_get_essid() commit 45b241689179a6065384260242637cf21dabfb2d upstream. The libertas driver copies the SSID buffer back to the wireless core and appends a trailing NULL character for termination. This is a) unnecessary because the buffer is allocated with kzalloc and is hence already NULLed when this function is called, and b) for priv->curbssparams.ssid_len == 32, it writes back one byte too much which causes memory corruptions. Fix this by removing the extra write. Signed-off-by: Daniel Mack Cc: Stephen Hemminger Cc: Maithili Hinge Cc: Kiran Divekar Cc: Michael Hirsch Cc: netdev@vger.kernel.org Cc: libertas-dev@lists.infradead.org Cc: linux-wireless@lists.infradead.org Acked-by: Holger Schurig Acked-by: Dan Williams Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit cf95a4b52defc0daf910a71f76e5f647eb28bd1d Author: Julia Lawall Date: Sun Dec 13 05:47:04 2009 +0000 drivers/net/usb: Correct code taking the size of a pointer commit 6057912d7baad31be9819518674ffad349a065b1 upstream. sizeof(dev->dev_addr) is the size of a pointer. A few lines above, the size of this field is obtained using netdev->addr_len for a call to memcpy, so do the same here. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression *x; expression f; type T; @@ *f(...,(T)x,...) // Signed-off-by: Julia Lawall Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 2ebcfd6c0ef863636ce215f71c70c3b2d4e57a6f Author: Nicolas Ferre Date: Wed Dec 16 16:28:03 2009 +0100 dma: at_hdmac: correct incompatible type for argument 1 of 'spin_lock_bh' commit 4297a462f455e38f08976df7b16c849614a287da upstream. Correct a typo error in locking calls. Signed-off-by: Nicolas Ferre Signed-off-by: Dan Williams Signed-off-by: Greg Kroah-Hartman commit 5c87f0c04abf876c8019c04ff581976a9a241206 Author: Thomas Gleixner Date: Thu Dec 10 15:35:10 2009 +0100 clockevents: Prevent clockevent_devices list corruption on cpu hotplug commit bb6eddf7676e1c1f3e637aa93c5224488d99036f upstream. Xiaotian Feng triggered a list corruption in the clock events list on CPU hotplug and debugged the root cause. If a CPU registers more than one per cpu clock event device, then only the active clock event device is removed on CPU_DEAD. The unused devices are kept in the clock events device list. On CPU up the clock event devices are registered again, which means that we list_add an already enqueued list_head. That results in list corruption. Resolve this by removing all devices which are associated to the dead CPU on CPU_DEAD. Reported-by: Xiaotian Feng Signed-off-by: Thomas Gleixner Tested-by: Xiaotian Feng Signed-off-by: Greg Kroah-Hartman commit c7d622e356d6a21b788bd34cef607e01ae28c197 Author: Jeff Layton Date: Thu Dec 3 08:09:41 2009 -0500 cifs: NULL out tcon, pSesInfo, and srvTcp pointers when chasing DFS referrals commit a2934c7b363ddcc001964f2444649f909e583bef upstream. The scenario is this: The kernel gets EREMOTE and starts chasing a DFS referral at mount time. The tcon reference is put, which puts the session reference too, but neither pointer is zeroed out. The mount gets retried (goto try_mount_again) with new mount info. Session setup fails fails and rc ends up being non-zero. The code then falls through to the end and tries to put the previously freed tcon pointer again. Oops at: cifs_put_smb_ses+0x14/0xd0 Fix this by moving the initialization of the rc variable and the tcon, pSesInfo and srvTcp pointers below the try_mount_again label. Also, add a FreeXid() before the goto to prevent xid "leaks". Signed-off-by: Jeff Layton Reported-by: Gustavo Carvalho Homem Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 637cd43cefe67a93f58a5147762ad66a556d0483 Author: Eric Millbrandt Date: Tue Dec 22 10:13:24 2009 -0500 ASoC: Do not write to invalid registers on the wm9712. commit 48e3cbb3f67a27d9c2db075f3d0f700246c40caa upstream. This patch fixes a bug where "virtual" registers were being written to the ac97 bus. This was causing unrelated registers to become corrupted (headphone 0x04, touchscreen 0x78, etc). This patch duplicates protection that was included in the wm9713 driver. Signed-off-by: Eric Millbrandt Acked-by: Liam Girdwood Signed-off-by: Mark Brown Signed-off-by: Greg Kroah-Hartman commit f3b8a699214d28f17c1ef8fd3c71cba7c33c3889 Author: Stefan Bader Date: Mon Dec 21 16:20:04 2009 -0800 acerhdf: limit modalias matching to supported commit bdc731bc5fcd1794e9ac8ac80c389d302381c123 upstream. BugLink: https://bugs.launchpad.net/ubuntu/+bug/435958 The module alias currently matches any Acer computer but when loaded the BIOS checks will only succeed on Aspire One models. This causes a invalid BIOS warning for all other models (seen on Aspire 4810T). This is not fatal but worries users that see this message. Limiting the moule alias to models starting with AOA or DOA for Packard Bell. Signed-off-by: Stefan Bader Acked-by: Borislav Petkov Acked-by: Peter Feuerer Signed-off-by: Andrew Morton Signed-off-by: Len Brown Signed-off-by: Greg Kroah-Hartman