ia64/xen-unstable

view patches/linux-2.6.12/2.6.12.6.patch @ 7749:b8eaf192bad7

Enable export of set_nmi_callback in suitably priv 64-bit doms.
Signed-off-by: Keir Fraser <keir@xensource.com>
author kaf24@firebug.cl.cam.ac.uk
date Thu Nov 10 11:58:39 2005 +0100 (2005-11-10)
parents 899f7b4b19fc
children
line source
1 diff --git a/Makefile b/Makefile
2 --- a/Makefile
3 +++ b/Makefile
4 @@ -1,7 +1,7 @@
5 VERSION = 2
6 PATCHLEVEL = 6
7 SUBLEVEL = 12
8 -EXTRAVERSION =
9 +EXTRAVERSION = .6
10 NAME=Woozy Numbat
12 # *DOCUMENTATION*
13 @@ -1149,7 +1149,7 @@ endif # KBUILD_EXTMOD
14 #(which is the most common case IMHO) to avoid unneeded clutter in the big tags file.
15 #Adding $(srctree) adds about 20M on i386 to the size of the output file!
17 -ifeq ($(KBUILD_OUTPUT),)
18 +ifeq ($(src),$(obj))
19 __srctree =
20 else
21 __srctree = $(srctree)/
22 diff --git a/arch/i386/kernel/cpu/cpufreq/powernow-k8.c b/arch/i386/kernel/cpu/cpufreq/powernow-k8.c
23 --- a/arch/i386/kernel/cpu/cpufreq/powernow-k8.c
24 +++ b/arch/i386/kernel/cpu/cpufreq/powernow-k8.c
25 @@ -44,7 +44,7 @@
27 #define PFX "powernow-k8: "
28 #define BFX PFX "BIOS error: "
29 -#define VERSION "version 1.40.2"
30 +#define VERSION "version 1.40.4"
31 #include "powernow-k8.h"
33 /* serialize freq changes */
34 @@ -978,7 +978,7 @@ static int __init powernowk8_cpu_init(st
35 {
36 struct powernow_k8_data *data;
37 cpumask_t oldmask = CPU_MASK_ALL;
38 - int rc;
39 + int rc, i;
41 if (!check_supported_cpu(pol->cpu))
42 return -ENODEV;
43 @@ -1064,7 +1064,9 @@ static int __init powernowk8_cpu_init(st
44 printk("cpu_init done, current fid 0x%x, vid 0x%x\n",
45 data->currfid, data->currvid);
47 - powernow_data[pol->cpu] = data;
48 + for_each_cpu_mask(i, cpu_core_map[pol->cpu]) {
49 + powernow_data[i] = data;
50 + }
52 return 0;
54 diff --git a/arch/i386/kernel/process.c b/arch/i386/kernel/process.c
55 --- a/arch/i386/kernel/process.c
56 +++ b/arch/i386/kernel/process.c
57 @@ -827,6 +827,8 @@ asmlinkage int sys_get_thread_area(struc
58 if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
59 return -EINVAL;
61 + memset(&info, 0, sizeof(info));
62 +
63 desc = current->thread.tls_array + idx - GDT_ENTRY_TLS_MIN;
65 info.entry_number = idx;
66 diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c
67 --- a/arch/ia64/kernel/ptrace.c
68 +++ b/arch/ia64/kernel/ptrace.c
69 @@ -945,6 +945,13 @@ access_uarea (struct task_struct *child,
70 *data = (pt->cr_ipsr & IPSR_MASK);
71 return 0;
73 + case PT_AR_RSC:
74 + if (write_access)
75 + pt->ar_rsc = *data | (3 << 2); /* force PL3 */
76 + else
77 + *data = pt->ar_rsc;
78 + return 0;
79 +
80 case PT_AR_RNAT:
81 urbs_end = ia64_get_user_rbs_end(child, pt, NULL);
82 rnat_addr = (long) ia64_rse_rnat_addr((long *)
83 @@ -996,9 +1003,6 @@ access_uarea (struct task_struct *child,
84 case PT_AR_BSPSTORE:
85 ptr = pt_reg_addr(pt, ar_bspstore);
86 break;
87 - case PT_AR_RSC:
88 - ptr = pt_reg_addr(pt, ar_rsc);
89 - break;
90 case PT_AR_UNAT:
91 ptr = pt_reg_addr(pt, ar_unat);
92 break;
93 @@ -1234,7 +1238,7 @@ ptrace_getregs (struct task_struct *chil
94 static long
95 ptrace_setregs (struct task_struct *child, struct pt_all_user_regs __user *ppr)
96 {
97 - unsigned long psr, ec, lc, rnat, bsp, cfm, nat_bits, val = 0;
98 + unsigned long psr, rsc, ec, lc, rnat, bsp, cfm, nat_bits, val = 0;
99 struct unw_frame_info info;
100 struct switch_stack *sw;
101 struct ia64_fpreg fpval;
102 @@ -1267,7 +1271,7 @@ ptrace_setregs (struct task_struct *chil
103 /* app regs */
105 retval |= __get_user(pt->ar_pfs, &ppr->ar[PT_AUR_PFS]);
106 - retval |= __get_user(pt->ar_rsc, &ppr->ar[PT_AUR_RSC]);
107 + retval |= __get_user(rsc, &ppr->ar[PT_AUR_RSC]);
108 retval |= __get_user(pt->ar_bspstore, &ppr->ar[PT_AUR_BSPSTORE]);
109 retval |= __get_user(pt->ar_unat, &ppr->ar[PT_AUR_UNAT]);
110 retval |= __get_user(pt->ar_ccv, &ppr->ar[PT_AUR_CCV]);
111 @@ -1365,6 +1369,7 @@ ptrace_setregs (struct task_struct *chil
112 retval |= __get_user(nat_bits, &ppr->nat);
114 retval |= access_uarea(child, PT_CR_IPSR, &psr, 1);
115 + retval |= access_uarea(child, PT_AR_RSC, &rsc, 1);
116 retval |= access_uarea(child, PT_AR_EC, &ec, 1);
117 retval |= access_uarea(child, PT_AR_LC, &lc, 1);
118 retval |= access_uarea(child, PT_AR_RNAT, &rnat, 1);
119 diff --git a/arch/ia64/kernel/signal.c b/arch/ia64/kernel/signal.c
120 --- a/arch/ia64/kernel/signal.c
121 +++ b/arch/ia64/kernel/signal.c
122 @@ -94,7 +94,7 @@ sys_sigaltstack (const stack_t __user *u
123 static long
124 restore_sigcontext (struct sigcontext __user *sc, struct sigscratch *scr)
125 {
126 - unsigned long ip, flags, nat, um, cfm;
127 + unsigned long ip, flags, nat, um, cfm, rsc;
128 long err;
130 /* Always make any pending restarted system calls return -EINTR */
131 @@ -106,7 +106,7 @@ restore_sigcontext (struct sigcontext __
132 err |= __get_user(ip, &sc->sc_ip); /* instruction pointer */
133 err |= __get_user(cfm, &sc->sc_cfm);
134 err |= __get_user(um, &sc->sc_um); /* user mask */
135 - err |= __get_user(scr->pt.ar_rsc, &sc->sc_ar_rsc);
136 + err |= __get_user(rsc, &sc->sc_ar_rsc);
137 err |= __get_user(scr->pt.ar_unat, &sc->sc_ar_unat);
138 err |= __get_user(scr->pt.ar_fpsr, &sc->sc_ar_fpsr);
139 err |= __get_user(scr->pt.ar_pfs, &sc->sc_ar_pfs);
140 @@ -119,6 +119,7 @@ restore_sigcontext (struct sigcontext __
141 err |= __copy_from_user(&scr->pt.r15, &sc->sc_gr[15], 8); /* r15 */
143 scr->pt.cr_ifs = cfm | (1UL << 63);
144 + scr->pt.ar_rsc = rsc | (3 << 2); /* force PL3 */
146 /* establish new instruction pointer: */
147 scr->pt.cr_iip = ip & ~0x3UL;
148 diff --git a/arch/ppc/kernel/time.c b/arch/ppc/kernel/time.c
149 --- a/arch/ppc/kernel/time.c
150 +++ b/arch/ppc/kernel/time.c
151 @@ -89,6 +89,9 @@ unsigned long tb_to_ns_scale;
153 extern unsigned long wall_jiffies;
155 +/* used for timezone offset */
156 +static long timezone_offset;
157 +
158 DEFINE_SPINLOCK(rtc_lock);
160 EXPORT_SYMBOL(rtc_lock);
161 @@ -170,7 +173,7 @@ void timer_interrupt(struct pt_regs * re
162 xtime.tv_sec - last_rtc_update >= 659 &&
163 abs((xtime.tv_nsec / 1000) - (1000000-1000000/HZ)) < 500000/HZ &&
164 jiffies - wall_jiffies == 1) {
165 - if (ppc_md.set_rtc_time(xtime.tv_sec+1 + time_offset) == 0)
166 + if (ppc_md.set_rtc_time(xtime.tv_sec+1 + timezone_offset) == 0)
167 last_rtc_update = xtime.tv_sec+1;
168 else
169 /* Try again one minute later */
170 @@ -286,7 +289,7 @@ void __init time_init(void)
171 unsigned old_stamp, stamp, elapsed;
173 if (ppc_md.time_init != NULL)
174 - time_offset = ppc_md.time_init();
175 + timezone_offset = ppc_md.time_init();
177 if (__USE_RTC()) {
178 /* 601 processor: dec counts down by 128 every 128ns */
179 @@ -331,10 +334,10 @@ void __init time_init(void)
180 set_dec(tb_ticks_per_jiffy);
182 /* If platform provided a timezone (pmac), we correct the time */
183 - if (time_offset) {
184 - sys_tz.tz_minuteswest = -time_offset / 60;
185 + if (timezone_offset) {
186 + sys_tz.tz_minuteswest = -timezone_offset / 60;
187 sys_tz.tz_dsttime = 0;
188 - xtime.tv_sec -= time_offset;
189 + xtime.tv_sec -= timezone_offset;
190 }
191 set_normalized_timespec(&wall_to_monotonic,
192 -xtime.tv_sec, -xtime.tv_nsec);
193 diff --git a/arch/ppc64/boot/zlib.c b/arch/ppc64/boot/zlib.c
194 --- a/arch/ppc64/boot/zlib.c
195 +++ b/arch/ppc64/boot/zlib.c
196 @@ -1307,7 +1307,7 @@ local int huft_build(
197 {
198 *t = (inflate_huft *)Z_NULL;
199 *m = 0;
200 - return Z_OK;
201 + return Z_DATA_ERROR;
202 }
205 @@ -1351,6 +1351,7 @@ local int huft_build(
206 if ((j = *p++) != 0)
207 v[x[j]++] = i;
208 } while (++i < n);
209 + n = x[g]; /* set n to length of v */
212 /* Generate the Huffman codes and for each, make the table entries */
213 diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c
214 --- a/arch/um/kernel/process.c
215 +++ b/arch/um/kernel/process.c
216 @@ -130,7 +130,7 @@ int start_fork_tramp(void *thread_arg, u
217 return(arg.pid);
218 }
220 -static int ptrace_child(void)
221 +static int ptrace_child(void *arg)
222 {
223 int ret;
224 int pid = os_getpid(), ppid = getppid();
225 @@ -159,16 +159,20 @@ static int ptrace_child(void)
226 _exit(ret);
227 }
229 -static int start_ptraced_child(void)
230 +static int start_ptraced_child(void **stack_out)
231 {
232 + void *stack;
233 + unsigned long sp;
234 int pid, n, status;
236 - pid = fork();
237 - if(pid == 0)
238 - ptrace_child();
239 -
240 + stack = mmap(NULL, PAGE_SIZE, PROT_READ | PROT_WRITE | PROT_EXEC,
241 + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
242 + if(stack == MAP_FAILED)
243 + panic("check_ptrace : mmap failed, errno = %d", errno);
244 + sp = (unsigned long) stack + PAGE_SIZE - sizeof(void *);
245 + pid = clone(ptrace_child, (void *) sp, SIGCHLD, NULL);
246 if(pid < 0)
247 - panic("check_ptrace : fork failed, errno = %d", errno);
248 + panic("check_ptrace : clone failed, errno = %d", errno);
249 CATCH_EINTR(n = waitpid(pid, &status, WUNTRACED));
250 if(n < 0)
251 panic("check_ptrace : wait failed, errno = %d", errno);
252 @@ -176,6 +180,7 @@ static int start_ptraced_child(void)
253 panic("check_ptrace : expected SIGSTOP, got status = %d",
254 status);
256 + *stack_out = stack;
257 return(pid);
258 }
260 @@ -183,12 +188,12 @@ static int start_ptraced_child(void)
261 * just avoid using sysemu, not panic, but only if SYSEMU features are broken.
262 * So only for SYSEMU features we test mustpanic, while normal host features
263 * must work anyway!*/
264 -static int stop_ptraced_child(int pid, int exitcode, int mustexit)
265 +static int stop_ptraced_child(int pid, void *stack, int exitcode, int mustpanic)
266 {
267 int status, n, ret = 0;
269 if(ptrace(PTRACE_CONT, pid, 0, 0) < 0)
270 - panic("stop_ptraced_child : ptrace failed, errno = %d", errno);
271 + panic("check_ptrace : ptrace failed, errno = %d", errno);
272 CATCH_EINTR(n = waitpid(pid, &status, 0));
273 if(!WIFEXITED(status) || (WEXITSTATUS(status) != exitcode)) {
274 int exit_with = WEXITSTATUS(status);
275 @@ -199,13 +204,15 @@ static int stop_ptraced_child(int pid, i
276 printk("check_ptrace : child exited with exitcode %d, while "
277 "expecting %d; status 0x%x", exit_with,
278 exitcode, status);
279 - if (mustexit)
280 + if (mustpanic)
281 panic("\n");
282 else
283 printk("\n");
284 ret = -1;
285 }
287 + if(munmap(stack, PAGE_SIZE) < 0)
288 + panic("check_ptrace : munmap failed, errno = %d", errno);
289 return ret;
290 }
292 @@ -227,11 +234,12 @@ __uml_setup("nosysemu", nosysemu_cmd_par
294 static void __init check_sysemu(void)
295 {
296 + void *stack;
297 int pid, syscall, n, status, count=0;
299 printk("Checking syscall emulation patch for ptrace...");
300 sysemu_supported = 0;
301 - pid = start_ptraced_child();
302 + pid = start_ptraced_child(&stack);
304 if(ptrace(PTRACE_SYSEMU, pid, 0, 0) < 0)
305 goto fail;
306 @@ -249,7 +257,7 @@ static void __init check_sysemu(void)
307 panic("check_sysemu : failed to modify system "
308 "call return, errno = %d", errno);
310 - if (stop_ptraced_child(pid, 0, 0) < 0)
311 + if (stop_ptraced_child(pid, stack, 0, 0) < 0)
312 goto fail_stopped;
314 sysemu_supported = 1;
315 @@ -257,7 +265,7 @@ static void __init check_sysemu(void)
316 set_using_sysemu(!force_sysemu_disabled);
318 printk("Checking advanced syscall emulation patch for ptrace...");
319 - pid = start_ptraced_child();
320 + pid = start_ptraced_child(&stack);
321 while(1){
322 count++;
323 if(ptrace(PTRACE_SYSEMU_SINGLESTEP, pid, 0, 0) < 0)
324 @@ -282,7 +290,7 @@ static void __init check_sysemu(void)
325 break;
326 }
327 }
328 - if (stop_ptraced_child(pid, 0, 0) < 0)
329 + if (stop_ptraced_child(pid, stack, 0, 0) < 0)
330 goto fail_stopped;
332 sysemu_supported = 2;
333 @@ -293,17 +301,18 @@ static void __init check_sysemu(void)
334 return;
336 fail:
337 - stop_ptraced_child(pid, 1, 0);
338 + stop_ptraced_child(pid, stack, 1, 0);
339 fail_stopped:
340 printk("missing\n");
341 }
343 void __init check_ptrace(void)
344 {
345 + void *stack;
346 int pid, syscall, n, status;
348 printk("Checking that ptrace can change system call numbers...");
349 - pid = start_ptraced_child();
350 + pid = start_ptraced_child(&stack);
352 if (ptrace(PTRACE_OLDSETOPTIONS, pid, 0, (void *)PTRACE_O_TRACESYSGOOD) < 0)
353 panic("check_ptrace: PTRACE_SETOPTIONS failed, errno = %d", errno);
354 @@ -330,7 +339,7 @@ void __init check_ptrace(void)
355 break;
356 }
357 }
358 - stop_ptraced_child(pid, 0, 1);
359 + stop_ptraced_child(pid, stack, 0, 1);
360 printk("OK\n");
361 check_sysemu();
362 }
363 @@ -362,10 +371,11 @@ void forward_pending_sigio(int target)
364 static inline int check_skas3_ptrace_support(void)
365 {
366 struct ptrace_faultinfo fi;
367 + void *stack;
368 int pid, n, ret = 1;
370 printf("Checking for the skas3 patch in the host...");
371 - pid = start_ptraced_child();
372 + pid = start_ptraced_child(&stack);
374 n = ptrace(PTRACE_FAULTINFO, pid, 0, &fi);
375 if (n < 0) {
376 @@ -380,7 +390,7 @@ static inline int check_skas3_ptrace_sup
377 }
379 init_registers(pid);
380 - stop_ptraced_child(pid, 1, 1);
381 + stop_ptraced_child(pid, stack, 1, 1);
383 return(ret);
384 }
385 diff --git a/arch/x86_64/ia32/syscall32.c b/arch/x86_64/ia32/syscall32.c
386 --- a/arch/x86_64/ia32/syscall32.c
387 +++ b/arch/x86_64/ia32/syscall32.c
388 @@ -57,6 +57,7 @@ int syscall32_setup_pages(struct linux_b
389 int npages = (VSYSCALL32_END - VSYSCALL32_BASE) >> PAGE_SHIFT;
390 struct vm_area_struct *vma;
391 struct mm_struct *mm = current->mm;
392 + int ret;
394 vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
395 if (!vma)
396 @@ -78,7 +79,11 @@ int syscall32_setup_pages(struct linux_b
397 vma->vm_mm = mm;
399 down_write(&mm->mmap_sem);
400 - insert_vm_struct(mm, vma);
401 + if ((ret = insert_vm_struct(mm, vma))) {
402 + up_write(&mm->mmap_sem);
403 + kmem_cache_free(vm_area_cachep, vma);
404 + return ret;
405 + }
406 mm->total_vm += npages;
407 up_write(&mm->mmap_sem);
408 return 0;
409 diff --git a/arch/x86_64/kernel/setup.c b/arch/x86_64/kernel/setup.c
410 --- a/arch/x86_64/kernel/setup.c
411 +++ b/arch/x86_64/kernel/setup.c
412 @@ -729,8 +729,6 @@ static void __init amd_detect_cmp(struct
413 int cpu = smp_processor_id();
414 int node = 0;
415 unsigned bits;
416 - if (c->x86_num_cores == 1)
417 - return;
419 bits = 0;
420 while ((1 << bits) < c->x86_num_cores)
421 diff --git a/arch/x86_64/kernel/smp.c b/arch/x86_64/kernel/smp.c
422 --- a/arch/x86_64/kernel/smp.c
423 +++ b/arch/x86_64/kernel/smp.c
424 @@ -284,6 +284,71 @@ struct call_data_struct {
425 static struct call_data_struct * call_data;
427 /*
428 + * this function sends a 'generic call function' IPI to one other CPU
429 + * in the system.
430 + */
431 +static void __smp_call_function_single (int cpu, void (*func) (void *info), void *info,
432 + int nonatomic, int wait)
433 +{
434 + struct call_data_struct data;
435 + int cpus = 1;
436 +
437 + data.func = func;
438 + data.info = info;
439 + atomic_set(&data.started, 0);
440 + data.wait = wait;
441 + if (wait)
442 + atomic_set(&data.finished, 0);
443 +
444 + call_data = &data;
445 + wmb();
446 + /* Send a message to all other CPUs and wait for them to respond */
447 + send_IPI_mask(cpumask_of_cpu(cpu), CALL_FUNCTION_VECTOR);
448 +
449 + /* Wait for response */
450 + while (atomic_read(&data.started) != cpus)
451 + cpu_relax();
452 +
453 + if (!wait)
454 + return;
455 +
456 + while (atomic_read(&data.finished) != cpus)
457 + cpu_relax();
458 +}
459 +
460 +/*
461 + * Run a function on another CPU
462 + * <func> The function to run. This must be fast and non-blocking.
463 + * <info> An arbitrary pointer to pass to the function.
464 + * <nonatomic> Currently unused.
465 + * <wait> If true, wait until function has completed on other CPUs.
466 + * [RETURNS] 0 on success, else a negative status code.
467 + *
468 + * Does not return until the remote CPU is nearly ready to execute <func>
469 + * or is or has executed.
470 + */
471 +
472 +int smp_call_function_single (int cpu, void (*func) (void *info), void *info,
473 + int nonatomic, int wait)
474 +{
475 +
476 + int me = get_cpu(); /* prevent preemption and reschedule on another processor */
477 +
478 + if (cpu == me) {
479 + printk("%s: trying to call self\n", __func__);
480 + put_cpu();
481 + return -EBUSY;
482 + }
483 + spin_lock_bh(&call_lock);
484 +
485 + __smp_call_function_single(cpu, func,info,nonatomic,wait);
486 +
487 + spin_unlock_bh(&call_lock);
488 + put_cpu();
489 + return 0;
490 +}
491 +
492 +/*
493 * this function sends a 'generic call function' IPI to all other CPUs
494 * in the system.
495 */
496 diff --git a/arch/x86_64/kernel/smpboot.c b/arch/x86_64/kernel/smpboot.c
497 --- a/arch/x86_64/kernel/smpboot.c
498 +++ b/arch/x86_64/kernel/smpboot.c
499 @@ -202,9 +202,6 @@ static __cpuinit void sync_master(void *
500 {
501 unsigned long flags, i;
503 - if (smp_processor_id() != boot_cpu_id)
504 - return;
505 -
506 go[MASTER] = 0;
508 local_irq_save(flags);
509 @@ -253,7 +250,7 @@ get_delta(long *rt, long *master)
510 return tcenter - best_tm;
511 }
513 -static __cpuinit void sync_tsc(void)
514 +static __cpuinit void sync_tsc(unsigned int master)
515 {
516 int i, done = 0;
517 long delta, adj, adjust_latency = 0;
518 @@ -267,9 +264,17 @@ static __cpuinit void sync_tsc(void)
519 } t[NUM_ROUNDS] __cpuinitdata;
520 #endif
522 + printk(KERN_INFO "CPU %d: Syncing TSC to CPU %u.\n",
523 + smp_processor_id(), master);
524 +
525 go[MASTER] = 1;
527 - smp_call_function(sync_master, NULL, 1, 0);
528 + /* It is dangerous to broadcast IPI as cpus are coming up,
529 + * as they may not be ready to accept them. So since
530 + * we only need to send the ipi to the boot cpu direct
531 + * the message, and avoid the race.
532 + */
533 + smp_call_function_single(master, sync_master, NULL, 1, 0);
535 while (go[MASTER]) /* wait for master to be ready */
536 no_cpu_relax();
537 @@ -313,16 +318,14 @@ static __cpuinit void sync_tsc(void)
538 printk(KERN_INFO
539 "CPU %d: synchronized TSC with CPU %u (last diff %ld cycles, "
540 "maxerr %lu cycles)\n",
541 - smp_processor_id(), boot_cpu_id, delta, rt);
542 + smp_processor_id(), master, delta, rt);
543 }
545 static void __cpuinit tsc_sync_wait(void)
546 {
547 if (notscsync || !cpu_has_tsc)
548 return;
549 - printk(KERN_INFO "CPU %d: Syncing TSC to CPU %u.\n", smp_processor_id(),
550 - boot_cpu_id);
551 - sync_tsc();
552 + sync_tsc(0);
553 }
555 static __init int notscsync_setup(char *s)
556 diff --git a/drivers/acpi/pci_irq.c b/drivers/acpi/pci_irq.c
557 --- a/drivers/acpi/pci_irq.c
558 +++ b/drivers/acpi/pci_irq.c
559 @@ -433,8 +433,9 @@ acpi_pci_irq_enable (
560 printk(KERN_WARNING PREFIX "PCI Interrupt %s[%c]: no GSI",
561 pci_name(dev), ('A' + pin));
562 /* Interrupt Line values above 0xF are forbidden */
563 - if (dev->irq >= 0 && (dev->irq <= 0xF)) {
564 + if (dev->irq > 0 && (dev->irq <= 0xF)) {
565 printk(" - using IRQ %d\n", dev->irq);
566 + acpi_register_gsi(dev->irq, ACPI_LEVEL_SENSITIVE, ACPI_ACTIVE_LOW);
567 return_VALUE(0);
568 }
569 else {
570 diff --git a/drivers/char/rocket.c b/drivers/char/rocket.c
571 --- a/drivers/char/rocket.c
572 +++ b/drivers/char/rocket.c
573 @@ -277,7 +277,7 @@ static void rp_do_receive(struct r_port
574 ToRecv = space;
576 if (ToRecv <= 0)
577 - return;
578 + goto done;
580 /*
581 * if status indicates there are errored characters in the
582 @@ -359,6 +359,7 @@ static void rp_do_receive(struct r_port
583 }
584 /* Push the data up to the tty layer */
585 ld->receive_buf(tty, tty->flip.char_buf, tty->flip.flag_buf, count);
586 +done:
587 tty_ldisc_deref(ld);
588 }
590 diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c
591 --- a/drivers/char/tpm/tpm.c
592 +++ b/drivers/char/tpm/tpm.c
593 @@ -32,12 +32,6 @@
595 #define TPM_BUFSIZE 2048
597 -/* PCI configuration addresses */
598 -#define PCI_GEN_PMCON_1 0xA0
599 -#define PCI_GEN1_DEC 0xE4
600 -#define PCI_LPC_EN 0xE6
601 -#define PCI_GEN2_DEC 0xEC
602 -
603 static LIST_HEAD(tpm_chip_list);
604 static DEFINE_SPINLOCK(driver_lock);
605 static int dev_mask[32];
606 @@ -61,72 +55,6 @@ void tpm_time_expired(unsigned long ptr)
607 EXPORT_SYMBOL_GPL(tpm_time_expired);
609 /*
610 - * Initialize the LPC bus and enable the TPM ports
611 - */
612 -int tpm_lpc_bus_init(struct pci_dev *pci_dev, u16 base)
613 -{
614 - u32 lpcenable, tmp;
615 - int is_lpcm = 0;
616 -
617 - switch (pci_dev->vendor) {
618 - case PCI_VENDOR_ID_INTEL:
619 - switch (pci_dev->device) {
620 - case PCI_DEVICE_ID_INTEL_82801CA_12:
621 - case PCI_DEVICE_ID_INTEL_82801DB_12:
622 - is_lpcm = 1;
623 - break;
624 - }
625 - /* init ICH (enable LPC) */
626 - pci_read_config_dword(pci_dev, PCI_GEN1_DEC, &lpcenable);
627 - lpcenable |= 0x20000000;
628 - pci_write_config_dword(pci_dev, PCI_GEN1_DEC, lpcenable);
629 -
630 - if (is_lpcm) {
631 - pci_read_config_dword(pci_dev, PCI_GEN1_DEC,
632 - &lpcenable);
633 - if ((lpcenable & 0x20000000) == 0) {
634 - dev_err(&pci_dev->dev,
635 - "cannot enable LPC\n");
636 - return -ENODEV;
637 - }
638 - }
639 -
640 - /* initialize TPM registers */
641 - pci_read_config_dword(pci_dev, PCI_GEN2_DEC, &tmp);
642 -
643 - if (!is_lpcm)
644 - tmp = (tmp & 0xFFFF0000) | (base & 0xFFF0);
645 - else
646 - tmp =
647 - (tmp & 0xFFFF0000) | (base & 0xFFF0) |
648 - 0x00000001;
649 -
650 - pci_write_config_dword(pci_dev, PCI_GEN2_DEC, tmp);
651 -
652 - if (is_lpcm) {
653 - pci_read_config_dword(pci_dev, PCI_GEN_PMCON_1,
654 - &tmp);
655 - tmp |= 0x00000004; /* enable CLKRUN */
656 - pci_write_config_dword(pci_dev, PCI_GEN_PMCON_1,
657 - tmp);
658 - }
659 - tpm_write_index(0x0D, 0x55); /* unlock 4F */
660 - tpm_write_index(0x0A, 0x00); /* int disable */
661 - tpm_write_index(0x08, base); /* base addr lo */
662 - tpm_write_index(0x09, (base & 0xFF00) >> 8); /* base addr hi */
663 - tpm_write_index(0x0D, 0xAA); /* lock 4F */
664 - break;
665 - case PCI_VENDOR_ID_AMD:
666 - /* nothing yet */
667 - break;
668 - }
669 -
670 - return 0;
671 -}
672 -
673 -EXPORT_SYMBOL_GPL(tpm_lpc_bus_init);
674 -
675 -/*
676 * Internal kernel interface to transmit TPM commands
677 */
678 static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
679 @@ -590,10 +518,6 @@ int tpm_pm_resume(struct pci_dev *pci_de
680 if (chip == NULL)
681 return -ENODEV;
683 - spin_lock(&driver_lock);
684 - tpm_lpc_bus_init(pci_dev, chip->vendor->base);
685 - spin_unlock(&driver_lock);
686 -
687 return 0;
688 }
690 diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
691 --- a/drivers/char/tpm/tpm.h
692 +++ b/drivers/char/tpm/tpm.h
693 @@ -79,8 +79,6 @@ static inline void tpm_write_index(int i
694 }
696 extern void tpm_time_expired(unsigned long);
697 -extern int tpm_lpc_bus_init(struct pci_dev *, u16);
698 -
699 extern int tpm_register_hardware(struct pci_dev *,
700 struct tpm_vendor_specific *);
701 extern int tpm_open(struct inode *, struct file *);
702 diff --git a/drivers/char/tpm/tpm_atmel.c b/drivers/char/tpm/tpm_atmel.c
703 --- a/drivers/char/tpm/tpm_atmel.c
704 +++ b/drivers/char/tpm/tpm_atmel.c
705 @@ -22,7 +22,10 @@
706 #include "tpm.h"
708 /* Atmel definitions */
709 -#define TPM_ATML_BASE 0x400
710 +enum tpm_atmel_addr {
711 + TPM_ATMEL_BASE_ADDR_LO = 0x08,
712 + TPM_ATMEL_BASE_ADDR_HI = 0x09
713 +};
715 /* write status bits */
716 #define ATML_STATUS_ABORT 0x01
717 @@ -127,7 +130,6 @@ static struct tpm_vendor_specific tpm_at
718 .cancel = tpm_atml_cancel,
719 .req_complete_mask = ATML_STATUS_BUSY | ATML_STATUS_DATA_AVAIL,
720 .req_complete_val = ATML_STATUS_DATA_AVAIL,
721 - .base = TPM_ATML_BASE,
722 .miscdev = { .fops = &atmel_ops, },
723 };
725 @@ -136,14 +138,16 @@ static int __devinit tpm_atml_init(struc
726 {
727 u8 version[4];
728 int rc = 0;
729 + int lo, hi;
731 if (pci_enable_device(pci_dev))
732 return -EIO;
734 - if (tpm_lpc_bus_init(pci_dev, TPM_ATML_BASE)) {
735 - rc = -ENODEV;
736 - goto out_err;
737 - }
738 + lo = tpm_read_index( TPM_ATMEL_BASE_ADDR_LO );
739 + hi = tpm_read_index( TPM_ATMEL_BASE_ADDR_HI );
740 +
741 + tpm_atmel.base = (hi<<8)|lo;
742 + dev_dbg( &pci_dev->dev, "Operating with base: 0x%x\n", tpm_atmel.base);
744 /* verify that it is an Atmel part */
745 if (tpm_read_index(4) != 'A' || tpm_read_index(5) != 'T'
746 diff --git a/drivers/char/tpm/tpm_nsc.c b/drivers/char/tpm/tpm_nsc.c
747 --- a/drivers/char/tpm/tpm_nsc.c
748 +++ b/drivers/char/tpm/tpm_nsc.c
749 @@ -24,6 +24,10 @@
750 /* National definitions */
751 #define TPM_NSC_BASE 0x360
752 #define TPM_NSC_IRQ 0x07
753 +#define TPM_NSC_BASE0_HI 0x60
754 +#define TPM_NSC_BASE0_LO 0x61
755 +#define TPM_NSC_BASE1_HI 0x62
756 +#define TPM_NSC_BASE1_LO 0x63
758 #define NSC_LDN_INDEX 0x07
759 #define NSC_SID_INDEX 0x20
760 @@ -234,7 +238,6 @@ static struct tpm_vendor_specific tpm_ns
761 .cancel = tpm_nsc_cancel,
762 .req_complete_mask = NSC_STATUS_OBF,
763 .req_complete_val = NSC_STATUS_OBF,
764 - .base = TPM_NSC_BASE,
765 .miscdev = { .fops = &nsc_ops, },
767 };
768 @@ -243,15 +246,16 @@ static int __devinit tpm_nsc_init(struct
769 const struct pci_device_id *pci_id)
770 {
771 int rc = 0;
772 + int lo, hi;
773 +
774 + hi = tpm_read_index(TPM_NSC_BASE0_HI);
775 + lo = tpm_read_index(TPM_NSC_BASE0_LO);
776 +
777 + tpm_nsc.base = (hi<<8) | lo;
779 if (pci_enable_device(pci_dev))
780 return -EIO;
782 - if (tpm_lpc_bus_init(pci_dev, TPM_NSC_BASE)) {
783 - rc = -ENODEV;
784 - goto out_err;
785 - }
786 -
787 /* verify that it is a National part (SID) */
788 if (tpm_read_index(NSC_SID_INDEX) != 0xEF) {
789 rc = -ENODEV;
790 diff --git a/drivers/char/tty_ioctl.c b/drivers/char/tty_ioctl.c
791 --- a/drivers/char/tty_ioctl.c
792 +++ b/drivers/char/tty_ioctl.c
793 @@ -476,11 +476,11 @@ int n_tty_ioctl(struct tty_struct * tty,
794 ld = tty_ldisc_ref(tty);
795 switch (arg) {
796 case TCIFLUSH:
797 - if (ld->flush_buffer)
798 + if (ld && ld->flush_buffer)
799 ld->flush_buffer(tty);
800 break;
801 case TCIOFLUSH:
802 - if (ld->flush_buffer)
803 + if (ld && ld->flush_buffer)
804 ld->flush_buffer(tty);
805 /* fall through */
806 case TCOFLUSH:
807 diff --git a/drivers/media/video/cx88/cx88-video.c b/drivers/media/video/cx88/cx88-video.c
808 --- a/drivers/media/video/cx88/cx88-video.c
809 +++ b/drivers/media/video/cx88/cx88-video.c
810 @@ -261,7 +261,7 @@ static struct cx88_ctrl cx8800_ctls[] =
811 .default_value = 0,
812 .type = V4L2_CTRL_TYPE_INTEGER,
813 },
814 - .off = 0,
815 + .off = 128,
816 .reg = MO_HUE,
817 .mask = 0x00ff,
818 .shift = 0,
819 diff --git a/drivers/net/e1000/e1000_main.c b/drivers/net/e1000/e1000_main.c
820 --- a/drivers/net/e1000/e1000_main.c
821 +++ b/drivers/net/e1000/e1000_main.c
822 @@ -2307,6 +2307,7 @@ e1000_xmit_frame(struct sk_buff *skb, st
823 tso = e1000_tso(adapter, skb);
824 if (tso < 0) {
825 dev_kfree_skb_any(skb);
826 + spin_unlock_irqrestore(&adapter->tx_lock, flags);
827 return NETDEV_TX_OK;
828 }
830 diff --git a/drivers/net/hamradio/Kconfig b/drivers/net/hamradio/Kconfig
831 --- a/drivers/net/hamradio/Kconfig
832 +++ b/drivers/net/hamradio/Kconfig
833 @@ -17,7 +17,7 @@ config MKISS
835 config 6PACK
836 tristate "Serial port 6PACK driver"
837 - depends on AX25 && BROKEN_ON_SMP
838 + depends on AX25
839 ---help---
840 6pack is a transmission protocol for the data exchange between your
841 PC and your TNC (the Terminal Node Controller acts as a kind of
842 diff --git a/drivers/net/shaper.c b/drivers/net/shaper.c
843 --- a/drivers/net/shaper.c
844 +++ b/drivers/net/shaper.c
845 @@ -135,10 +135,8 @@ static int shaper_start_xmit(struct sk_b
846 {
847 struct shaper *shaper = dev->priv;
848 struct sk_buff *ptr;
849 -
850 - if (down_trylock(&shaper->sem))
851 - return -1;
853 + spin_lock(&shaper->lock);
854 ptr=shaper->sendq.prev;
856 /*
857 @@ -232,7 +230,7 @@ static int shaper_start_xmit(struct sk_b
858 shaper->stats.collisions++;
859 }
860 shaper_kick(shaper);
861 - up(&shaper->sem);
862 + spin_unlock(&shaper->lock);
863 return 0;
864 }
866 @@ -271,11 +269,9 @@ static void shaper_timer(unsigned long d
867 {
868 struct shaper *shaper = (struct shaper *)data;
870 - if (!down_trylock(&shaper->sem)) {
871 - shaper_kick(shaper);
872 - up(&shaper->sem);
873 - } else
874 - mod_timer(&shaper->timer, jiffies);
875 + spin_lock(&shaper->lock);
876 + shaper_kick(shaper);
877 + spin_unlock(&shaper->lock);
878 }
880 /*
881 @@ -332,21 +328,6 @@ static void shaper_kick(struct shaper *s
884 /*
885 - * Flush the shaper queues on a closedown
886 - */
887 -
888 -static void shaper_flush(struct shaper *shaper)
889 -{
890 - struct sk_buff *skb;
891 -
892 - down(&shaper->sem);
893 - while((skb=skb_dequeue(&shaper->sendq))!=NULL)
894 - dev_kfree_skb(skb);
895 - shaper_kick(shaper);
896 - up(&shaper->sem);
897 -}
898 -
899 -/*
900 * Bring the interface up. We just disallow this until a
901 * bind.
902 */
903 @@ -375,7 +356,15 @@ static int shaper_open(struct net_device
904 static int shaper_close(struct net_device *dev)
905 {
906 struct shaper *shaper=dev->priv;
907 - shaper_flush(shaper);
908 + struct sk_buff *skb;
909 +
910 + while ((skb = skb_dequeue(&shaper->sendq)) != NULL)
911 + dev_kfree_skb(skb);
912 +
913 + spin_lock_bh(&shaper->lock);
914 + shaper_kick(shaper);
915 + spin_unlock_bh(&shaper->lock);
916 +
917 del_timer_sync(&shaper->timer);
918 return 0;
919 }
920 @@ -576,6 +565,7 @@ static void shaper_init_priv(struct net_
921 init_timer(&sh->timer);
922 sh->timer.function=shaper_timer;
923 sh->timer.data=(unsigned long)sh;
924 + spin_lock_init(&sh->lock);
925 }
927 /*
928 diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c
929 --- a/drivers/pci/pci-driver.c
930 +++ b/drivers/pci/pci-driver.c
931 @@ -396,7 +396,7 @@ int pci_register_driver(struct pci_drive
932 /* FIXME, once all of the existing PCI drivers have been fixed to set
933 * the pci shutdown function, this test can go away. */
934 if (!drv->driver.shutdown)
935 - drv->driver.shutdown = pci_device_shutdown,
936 + drv->driver.shutdown = pci_device_shutdown;
937 drv->driver.owner = drv->owner;
938 drv->driver.kobj.ktype = &pci_driver_kobj_type;
939 pci_init_dynids(&drv->dynids);
940 diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
941 --- a/drivers/scsi/qla2xxx/qla_init.c
942 +++ b/drivers/scsi/qla2xxx/qla_init.c
943 @@ -1914,9 +1914,11 @@ qla2x00_reg_remote_port(scsi_qla_host_t
944 rport_ids.roles |= FC_RPORT_ROLE_FCP_TARGET;
946 fcport->rport = rport = fc_remote_port_add(ha->host, 0, &rport_ids);
947 - if (!rport)
948 + if (!rport) {
949 qla_printk(KERN_WARNING, ha,
950 "Unable to allocate fc remote port!\n");
951 + return;
952 + }
954 if (rport->scsi_target_id != -1 && rport->scsi_target_id < MAX_TARGETS)
955 fcport->os_target_id = rport->scsi_target_id;
956 diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
957 --- a/drivers/scsi/qla2xxx/qla_os.c
958 +++ b/drivers/scsi/qla2xxx/qla_os.c
959 @@ -1150,7 +1150,7 @@ iospace_error_exit:
960 */
961 int qla2x00_probe_one(struct pci_dev *pdev, struct qla_board_info *brd_info)
962 {
963 - int ret;
964 + int ret = -ENODEV;
965 device_reg_t __iomem *reg;
966 struct Scsi_Host *host;
967 scsi_qla_host_t *ha;
968 @@ -1161,7 +1161,7 @@ int qla2x00_probe_one(struct pci_dev *pd
969 fc_port_t *fcport;
971 if (pci_enable_device(pdev))
972 - return -1;
973 + goto probe_out;
975 host = scsi_host_alloc(&qla2x00_driver_template,
976 sizeof(scsi_qla_host_t));
977 @@ -1183,9 +1183,8 @@ int qla2x00_probe_one(struct pci_dev *pd
979 /* Configure PCI I/O space */
980 ret = qla2x00_iospace_config(ha);
981 - if (ret != 0) {
982 - goto probe_alloc_failed;
983 - }
984 + if (ret)
985 + goto probe_failed;
987 /* Sanitize the information from PCI BIOS. */
988 host->irq = pdev->irq;
989 @@ -1258,23 +1257,10 @@ int qla2x00_probe_one(struct pci_dev *pd
990 qla_printk(KERN_WARNING, ha,
991 "[ERROR] Failed to allocate memory for adapter\n");
993 - goto probe_alloc_failed;
994 + ret = -ENOMEM;
995 + goto probe_failed;
996 }
998 - pci_set_drvdata(pdev, ha);
999 - host->this_id = 255;
1000 - host->cmd_per_lun = 3;
1001 - host->unique_id = ha->instance;
1002 - host->max_cmd_len = MAX_CMDSZ;
1003 - host->max_channel = ha->ports - 1;
1004 - host->max_id = ha->max_targets;
1005 - host->max_lun = ha->max_luns;
1006 - host->transportt = qla2xxx_transport_template;
1007 - if (scsi_add_host(host, &pdev->dev))
1008 - goto probe_alloc_failed;
1010 - qla2x00_alloc_sysfs_attr(ha);
1012 if (qla2x00_initialize_adapter(ha) &&
1013 !(ha->device_flags & DFLG_NO_CABLE)) {
1015 @@ -1285,11 +1271,10 @@ int qla2x00_probe_one(struct pci_dev *pd
1016 "Adapter flags %x.\n",
1017 ha->host_no, ha->device_flags));
1019 + ret = -ENODEV;
1020 goto probe_failed;
1023 - qla2x00_init_host_attr(ha);
1025 /*
1026 * Startup the kernel thread for this host adapter
1027 */
1028 @@ -1299,17 +1284,26 @@ int qla2x00_probe_one(struct pci_dev *pd
1029 qla_printk(KERN_WARNING, ha,
1030 "Unable to start DPC thread!\n");
1032 + ret = -ENODEV;
1033 goto probe_failed;
1035 wait_for_completion(&ha->dpc_inited);
1037 + host->this_id = 255;
1038 + host->cmd_per_lun = 3;
1039 + host->unique_id = ha->instance;
1040 + host->max_cmd_len = MAX_CMDSZ;
1041 + host->max_channel = ha->ports - 1;
1042 + host->max_lun = MAX_LUNS;
1043 + host->transportt = qla2xxx_transport_template;
1045 if (IS_QLA2100(ha) || IS_QLA2200(ha))
1046 ret = request_irq(host->irq, qla2100_intr_handler,
1047 SA_INTERRUPT|SA_SHIRQ, ha->brd_info->drv_name, ha);
1048 else
1049 ret = request_irq(host->irq, qla2300_intr_handler,
1050 SA_INTERRUPT|SA_SHIRQ, ha->brd_info->drv_name, ha);
1051 - if (ret != 0) {
1052 + if (ret) {
1053 qla_printk(KERN_WARNING, ha,
1054 "Failed to reserve interrupt %d already in use.\n",
1055 host->irq);
1056 @@ -1363,9 +1357,18 @@ int qla2x00_probe_one(struct pci_dev *pd
1057 msleep(10);
1060 + pci_set_drvdata(pdev, ha);
1061 ha->flags.init_done = 1;
1062 num_hosts++;
1064 + ret = scsi_add_host(host, &pdev->dev);
1065 + if (ret)
1066 + goto probe_failed;
1068 + qla2x00_alloc_sysfs_attr(ha);
1070 + qla2x00_init_host_attr(ha);
1072 qla_printk(KERN_INFO, ha, "\n"
1073 " QLogic Fibre Channel HBA Driver: %s\n"
1074 " QLogic %s - %s\n"
1075 @@ -1384,9 +1387,6 @@ int qla2x00_probe_one(struct pci_dev *pd
1076 probe_failed:
1077 fc_remove_host(ha->host);
1079 - scsi_remove_host(host);
1081 -probe_alloc_failed:
1082 qla2x00_free_device(ha);
1084 scsi_host_put(host);
1085 @@ -1394,7 +1394,8 @@ probe_alloc_failed:
1086 probe_disable_device:
1087 pci_disable_device(pdev);
1089 - return -1;
1090 +probe_out:
1091 + return ret;
1093 EXPORT_SYMBOL_GPL(qla2x00_probe_one);
1095 diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
1096 --- a/drivers/scsi/sg.c
1097 +++ b/drivers/scsi/sg.c
1098 @@ -2969,23 +2969,22 @@ static void * dev_seq_start(struct seq_f
1100 struct sg_proc_deviter * it = kmalloc(sizeof(*it), GFP_KERNEL);
1102 + s->private = it;
1103 if (! it)
1104 return NULL;
1106 if (NULL == sg_dev_arr)
1107 - goto err1;
1108 + return NULL;
1109 it->index = *pos;
1110 it->max = sg_last_dev();
1111 if (it->index >= it->max)
1112 - goto err1;
1113 + return NULL;
1114 return it;
1115 -err1:
1116 - kfree(it);
1117 - return NULL;
1120 static void * dev_seq_next(struct seq_file *s, void *v, loff_t *pos)
1122 - struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
1123 + struct sg_proc_deviter * it = s->private;
1125 *pos = ++it->index;
1126 return (it->index < it->max) ? it : NULL;
1127 @@ -2993,7 +2992,9 @@ static void * dev_seq_next(struct seq_fi
1129 static void dev_seq_stop(struct seq_file *s, void *v)
1131 - kfree (v);
1132 + struct sg_proc_deviter * it = s->private;
1134 + kfree (it);
1137 static int sg_proc_open_dev(struct inode *inode, struct file *file)
1138 diff --git a/drivers/usb/net/usbnet.c b/drivers/usb/net/usbnet.c
1139 --- a/drivers/usb/net/usbnet.c
1140 +++ b/drivers/usb/net/usbnet.c
1141 @@ -1922,7 +1922,7 @@ static int genelink_rx_fixup (struct usb
1143 // copy the packet data to the new skb
1144 memcpy(skb_put(gl_skb, size), packet->packet_data, size);
1145 - skb_return (dev, skb);
1146 + skb_return (dev, gl_skb);
1149 // advance to the next packet
1150 diff --git a/fs/bio.c b/fs/bio.c
1151 --- a/fs/bio.c
1152 +++ b/fs/bio.c
1153 @@ -261,6 +261,7 @@ inline void __bio_clone(struct bio *bio,
1154 */
1155 bio->bi_vcnt = bio_src->bi_vcnt;
1156 bio->bi_size = bio_src->bi_size;
1157 + bio->bi_idx = bio_src->bi_idx;
1158 bio_phys_segments(q, bio);
1159 bio_hw_segments(q, bio);
1161 diff --git a/fs/char_dev.c b/fs/char_dev.c
1162 --- a/fs/char_dev.c
1163 +++ b/fs/char_dev.c
1164 @@ -139,7 +139,7 @@ __unregister_chrdev_region(unsigned majo
1165 struct char_device_struct *cd = NULL, **cp;
1166 int i = major_to_index(major);
1168 - up(&chrdevs_lock);
1169 + down(&chrdevs_lock);
1170 for (cp = &chrdevs[i]; *cp; cp = &(*cp)->next)
1171 if ((*cp)->major == major &&
1172 (*cp)->baseminor == baseminor &&
1173 diff --git a/fs/exec.c b/fs/exec.c
1174 --- a/fs/exec.c
1175 +++ b/fs/exec.c
1176 @@ -649,6 +649,7 @@ static inline int de_thread(struct task_
1178 sig->group_exit_task = NULL;
1179 sig->notify_count = 0;
1180 + sig->real_timer.data = (unsigned long)current;
1181 spin_unlock_irq(lock);
1183 /*
1184 diff --git a/fs/isofs/compress.c b/fs/isofs/compress.c
1185 --- a/fs/isofs/compress.c
1186 +++ b/fs/isofs/compress.c
1187 @@ -129,8 +129,14 @@ static int zisofs_readpage(struct file *
1188 cend = le32_to_cpu(*(__le32 *)(bh->b_data + (blockendptr & bufmask)));
1189 brelse(bh);
1191 + if (cstart > cend)
1192 + goto eio;
1194 csize = cend-cstart;
1196 + if (csize > deflateBound(1UL << zisofs_block_shift))
1197 + goto eio;
1199 /* Now page[] contains an array of pages, any of which can be NULL,
1200 and the locks on which we hold. We should now read the data and
1201 release the pages. If the pages are NULL the decompressed data
1202 diff --git a/include/asm-i386/string.h b/include/asm-i386/string.h
1203 --- a/include/asm-i386/string.h
1204 +++ b/include/asm-i386/string.h
1205 @@ -116,7 +116,8 @@ __asm__ __volatile__(
1206 "orb $1,%%al\n"
1207 "3:"
1208 :"=a" (__res), "=&S" (d0), "=&D" (d1)
1209 - :"1" (cs),"2" (ct));
1210 + :"1" (cs),"2" (ct)
1211 + :"memory");
1212 return __res;
1215 @@ -138,8 +139,9 @@ __asm__ __volatile__(
1216 "3:\tsbbl %%eax,%%eax\n\t"
1217 "orb $1,%%al\n"
1218 "4:"
1219 - :"=a" (__res), "=&S" (d0), "=&D" (d1), "=&c" (d2)
1220 - :"1" (cs),"2" (ct),"3" (count));
1221 + :"=a" (__res), "=&S" (d0), "=&D" (d1), "=&c" (d2)
1222 + :"1" (cs),"2" (ct),"3" (count)
1223 + :"memory");
1224 return __res;
1227 @@ -158,7 +160,9 @@ __asm__ __volatile__(
1228 "movl $1,%1\n"
1229 "2:\tmovl %1,%0\n\t"
1230 "decl %0"
1231 - :"=a" (__res), "=&S" (d0) : "1" (s),"0" (c));
1232 + :"=a" (__res), "=&S" (d0)
1233 + :"1" (s),"0" (c)
1234 + :"memory");
1235 return __res;
1238 @@ -175,7 +179,9 @@ __asm__ __volatile__(
1239 "leal -1(%%esi),%0\n"
1240 "2:\ttestb %%al,%%al\n\t"
1241 "jne 1b"
1242 - :"=g" (__res), "=&S" (d0), "=&a" (d1) :"0" (0),"1" (s),"2" (c));
1243 + :"=g" (__res), "=&S" (d0), "=&a" (d1)
1244 + :"0" (0),"1" (s),"2" (c)
1245 + :"memory");
1246 return __res;
1249 @@ -189,7 +195,9 @@ __asm__ __volatile__(
1250 "scasb\n\t"
1251 "notl %0\n\t"
1252 "decl %0"
1253 - :"=c" (__res), "=&D" (d0) :"1" (s),"a" (0), "0" (0xffffffffu));
1254 + :"=c" (__res), "=&D" (d0)
1255 + :"1" (s),"a" (0), "0" (0xffffffffu)
1256 + :"memory");
1257 return __res;
1260 @@ -333,7 +341,9 @@ __asm__ __volatile__(
1261 "je 1f\n\t"
1262 "movl $1,%0\n"
1263 "1:\tdecl %0"
1264 - :"=D" (__res), "=&c" (d0) : "a" (c),"0" (cs),"1" (count));
1265 + :"=D" (__res), "=&c" (d0)
1266 + :"a" (c),"0" (cs),"1" (count)
1267 + :"memory");
1268 return __res;
1271 @@ -369,7 +379,7 @@ __asm__ __volatile__(
1272 "je 2f\n\t"
1273 "stosb\n"
1274 "2:"
1275 - : "=&c" (d0), "=&D" (d1)
1276 + :"=&c" (d0), "=&D" (d1)
1277 :"a" (c), "q" (count), "0" (count/4), "1" ((long) s)
1278 :"memory");
1279 return (s);
1280 @@ -392,7 +402,8 @@ __asm__ __volatile__(
1281 "jne 1b\n"
1282 "3:\tsubl %2,%0"
1283 :"=a" (__res), "=&d" (d0)
1284 - :"c" (s),"1" (count));
1285 + :"c" (s),"1" (count)
1286 + :"memory");
1287 return __res;
1289 /* end of additional stuff */
1290 @@ -473,7 +484,8 @@ static inline void * memscan(void * addr
1291 "dec %%edi\n"
1292 "1:"
1293 : "=D" (addr), "=c" (size)
1294 - : "0" (addr), "1" (size), "a" (c));
1295 + : "0" (addr), "1" (size), "a" (c)
1296 + : "memory");
1297 return addr;
1300 diff --git a/include/asm-x86_64/smp.h b/include/asm-x86_64/smp.h
1301 --- a/include/asm-x86_64/smp.h
1302 +++ b/include/asm-x86_64/smp.h
1303 @@ -46,6 +46,8 @@ extern int pic_mode;
1304 extern int smp_num_siblings;
1305 extern void smp_flush_tlb(void);
1306 extern void smp_message_irq(int cpl, void *dev_id, struct pt_regs *regs);
1307 +extern int smp_call_function_single (int cpuid, void (*func) (void *info), void *info,
1308 + int retry, int wait);
1309 extern void smp_send_reschedule(int cpu);
1310 extern void smp_invalidate_rcv(void); /* Process an NMI */
1311 extern void zap_low_mappings(void);
1312 diff --git a/include/linux/if_shaper.h b/include/linux/if_shaper.h
1313 --- a/include/linux/if_shaper.h
1314 +++ b/include/linux/if_shaper.h
1315 @@ -23,7 +23,7 @@ struct shaper
1316 __u32 shapeclock;
1317 unsigned long recovery; /* Time we can next clock a packet out on
1318 an empty queue */
1319 - struct semaphore sem;
1320 + spinlock_t lock;
1321 struct net_device_stats stats;
1322 struct net_device *dev;
1323 int (*hard_start_xmit) (struct sk_buff *skb,
1324 diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
1325 --- a/include/linux/skbuff.h
1326 +++ b/include/linux/skbuff.h
1327 @@ -1192,7 +1192,7 @@ static inline void *skb_header_pointer(c
1329 int hlen = skb_headlen(skb);
1331 - if (offset + len <= hlen)
1332 + if (hlen - offset >= len)
1333 return skb->data + offset;
1335 if (skb_copy_bits(skb, offset, buffer, len) < 0)
1336 diff --git a/include/linux/zlib.h b/include/linux/zlib.h
1337 --- a/include/linux/zlib.h
1338 +++ b/include/linux/zlib.h
1339 @@ -506,6 +506,11 @@ extern int zlib_deflateReset (z_streamp
1340 stream state was inconsistent (such as zalloc or state being NULL).
1341 */
1343 +static inline unsigned long deflateBound(unsigned long s)
1344 +{
1345 + return s + ((s + 7) >> 3) + ((s + 63) >> 6) + 11;
1346 +}
1348 extern int zlib_deflateParams (z_streamp strm, int level, int strategy);
1349 /*
1350 Dynamically update the compression level and compression strategy. The
1351 diff --git a/kernel/module.c b/kernel/module.c
1352 --- a/kernel/module.c
1353 +++ b/kernel/module.c
1354 @@ -249,13 +249,18 @@ static inline unsigned int block_size(in
1355 /* Created by linker magic */
1356 extern char __per_cpu_start[], __per_cpu_end[];
1358 -static void *percpu_modalloc(unsigned long size, unsigned long align)
1359 +static void *percpu_modalloc(unsigned long size, unsigned long align,
1360 + const char *name)
1362 unsigned long extra;
1363 unsigned int i;
1364 void *ptr;
1366 - BUG_ON(align > SMP_CACHE_BYTES);
1367 + if (align > SMP_CACHE_BYTES) {
1368 + printk(KERN_WARNING "%s: per-cpu alignment %li > %i\n",
1369 + name, align, SMP_CACHE_BYTES);
1370 + align = SMP_CACHE_BYTES;
1371 + }
1373 ptr = __per_cpu_start;
1374 for (i = 0; i < pcpu_num_used; ptr += block_size(pcpu_size[i]), i++) {
1375 @@ -347,7 +352,8 @@ static int percpu_modinit(void)
1377 __initcall(percpu_modinit);
1378 #else /* ... !CONFIG_SMP */
1379 -static inline void *percpu_modalloc(unsigned long size, unsigned long align)
1380 +static inline void *percpu_modalloc(unsigned long size, unsigned long align,
1381 + const char *name)
1383 return NULL;
1385 @@ -1554,7 +1560,8 @@ static struct module *load_module(void _
1386 if (pcpuindex) {
1387 /* We have a special allocation for this section. */
1388 percpu = percpu_modalloc(sechdrs[pcpuindex].sh_size,
1389 - sechdrs[pcpuindex].sh_addralign);
1390 + sechdrs[pcpuindex].sh_addralign,
1391 + mod->name);
1392 if (!percpu) {
1393 err = -ENOMEM;
1394 goto free_mod;
1395 diff --git a/kernel/signal.c b/kernel/signal.c
1396 --- a/kernel/signal.c
1397 +++ b/kernel/signal.c
1398 @@ -686,7 +686,7 @@ static void handle_stop_signal(int sig,
1400 struct task_struct *t;
1402 - if (p->flags & SIGNAL_GROUP_EXIT)
1403 + if (p->signal->flags & SIGNAL_GROUP_EXIT)
1404 /*
1405 * The process is in the middle of dying already.
1406 */
1407 diff --git a/lib/inflate.c b/lib/inflate.c
1408 --- a/lib/inflate.c
1409 +++ b/lib/inflate.c
1410 @@ -326,7 +326,7 @@ DEBG("huft1 ");
1412 *t = (struct huft *)NULL;
1413 *m = 0;
1414 - return 0;
1415 + return 2;
1418 DEBG("huft2 ");
1419 @@ -374,6 +374,7 @@ DEBG("huft5 ");
1420 if ((j = *p++) != 0)
1421 v[x[j]++] = i;
1422 } while (++i < n);
1423 + n = x[g]; /* set n to length of v */
1425 DEBG("h6 ");
1427 @@ -410,12 +411,13 @@ DEBG1("1 ");
1428 DEBG1("2 ");
1429 f -= a + 1; /* deduct codes from patterns left */
1430 xp = c + k;
1431 - while (++j < z) /* try smaller tables up to z bits */
1432 - {
1433 - if ((f <<= 1) <= *++xp)
1434 - break; /* enough codes to use up j bits */
1435 - f -= *xp; /* else deduct codes from patterns */
1436 - }
1437 + if (j < z)
1438 + while (++j < z) /* try smaller tables up to z bits */
1439 + {
1440 + if ((f <<= 1) <= *++xp)
1441 + break; /* enough codes to use up j bits */
1442 + f -= *xp; /* else deduct codes from patterns */
1443 + }
1445 DEBG1("3 ");
1446 z = 1 << j; /* table entries for j-bit table */
1447 diff --git a/mm/memory.c b/mm/memory.c
1448 --- a/mm/memory.c
1449 +++ b/mm/memory.c
1450 @@ -1164,7 +1164,7 @@ int remap_pfn_range(struct vm_area_struc
1452 pgd_t *pgd;
1453 unsigned long next;
1454 - unsigned long end = addr + size;
1455 + unsigned long end = addr + PAGE_ALIGN(size);
1456 struct mm_struct *mm = vma->vm_mm;
1457 int err;
1459 diff --git a/mm/mempolicy.c b/mm/mempolicy.c
1460 --- a/mm/mempolicy.c
1461 +++ b/mm/mempolicy.c
1462 @@ -409,7 +409,7 @@ asmlinkage long sys_set_mempolicy(int mo
1463 struct mempolicy *new;
1464 DECLARE_BITMAP(nodes, MAX_NUMNODES);
1466 - if (mode > MPOL_MAX)
1467 + if (mode < 0 || mode > MPOL_MAX)
1468 return -EINVAL;
1469 err = get_nodes(nodes, nmask, maxnode, mode);
1470 if (err)
1471 diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
1472 --- a/net/8021q/vlan.c
1473 +++ b/net/8021q/vlan.c
1474 @@ -578,6 +578,14 @@ static int vlan_device_event(struct noti
1475 if (!vlandev)
1476 continue;
1478 + if (netif_carrier_ok(dev)) {
1479 + if (!netif_carrier_ok(vlandev))
1480 + netif_carrier_on(vlandev);
1481 + } else {
1482 + if (netif_carrier_ok(vlandev))
1483 + netif_carrier_off(vlandev);
1484 + }
1486 if ((vlandev->state & VLAN_LINK_STATE_MASK) != flgs) {
1487 vlandev->state = (vlandev->state &~ VLAN_LINK_STATE_MASK)
1488 | flgs;
1489 diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
1490 --- a/net/ipv4/icmp.c
1491 +++ b/net/ipv4/icmp.c
1492 @@ -349,12 +349,12 @@ static void icmp_push_reply(struct icmp_
1494 struct sk_buff *skb;
1496 - ip_append_data(icmp_socket->sk, icmp_glue_bits, icmp_param,
1497 - icmp_param->data_len+icmp_param->head_len,
1498 - icmp_param->head_len,
1499 - ipc, rt, MSG_DONTWAIT);
1501 - if ((skb = skb_peek(&icmp_socket->sk->sk_write_queue)) != NULL) {
1502 + if (ip_append_data(icmp_socket->sk, icmp_glue_bits, icmp_param,
1503 + icmp_param->data_len+icmp_param->head_len,
1504 + icmp_param->head_len,
1505 + ipc, rt, MSG_DONTWAIT) < 0)
1506 + ip_flush_pending_frames(icmp_socket->sk);
1507 + else if ((skb = skb_peek(&icmp_socket->sk->sk_write_queue)) != NULL) {
1508 struct icmphdr *icmph = skb->h.icmph;
1509 unsigned int csum = 0;
1510 struct sk_buff *skb1;
1511 diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
1512 --- a/net/ipv4/ip_output.c
1513 +++ b/net/ipv4/ip_output.c
1514 @@ -111,7 +111,6 @@ static int ip_dev_loopback_xmit(struct s
1515 #ifdef CONFIG_NETFILTER_DEBUG
1516 nf_debug_ip_loopback_xmit(newskb);
1517 #endif
1518 - nf_reset(newskb);
1519 netif_rx(newskb);
1520 return 0;
1522 @@ -196,8 +195,6 @@ static inline int ip_finish_output2(stru
1523 nf_debug_ip_finish_output2(skb);
1524 #endif /*CONFIG_NETFILTER_DEBUG*/
1526 - nf_reset(skb);
1528 if (hh) {
1529 int hh_alen;
1531 diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
1532 --- a/net/ipv4/ip_sockglue.c
1533 +++ b/net/ipv4/ip_sockglue.c
1534 @@ -848,6 +848,9 @@ mc_msf_out:
1536 case IP_IPSEC_POLICY:
1537 case IP_XFRM_POLICY:
1538 + err = -EPERM;
1539 + if (!capable(CAP_NET_ADMIN))
1540 + break;
1541 err = xfrm_user_policy(sk, optname, optval, optlen);
1542 break;
1544 diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
1545 --- a/net/ipv4/netfilter/ip_conntrack_core.c
1546 +++ b/net/ipv4/netfilter/ip_conntrack_core.c
1547 @@ -1124,6 +1124,9 @@ void ip_conntrack_cleanup(void)
1548 schedule();
1549 goto i_see_dead_people;
1551 + /* wait until all references to ip_conntrack_untracked are dropped */
1552 + while (atomic_read(&ip_conntrack_untracked.ct_general.use) > 1)
1553 + schedule();
1555 kmem_cache_destroy(ip_conntrack_cachep);
1556 kmem_cache_destroy(ip_conntrack_expect_cachep);
1557 diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
1558 --- a/net/ipv4/netfilter/ip_conntrack_standalone.c
1559 +++ b/net/ipv4/netfilter/ip_conntrack_standalone.c
1560 @@ -432,6 +432,13 @@ static unsigned int ip_conntrack_defrag(
1561 const struct net_device *out,
1562 int (*okfn)(struct sk_buff *))
1564 +#if !defined(CONFIG_IP_NF_NAT) && !defined(CONFIG_IP_NF_NAT_MODULE)
1565 + /* Previously seen (loopback)? Ignore. Do this before
1566 + fragment check. */
1567 + if ((*pskb)->nfct)
1568 + return NF_ACCEPT;
1569 +#endif
1571 /* Gather fragments. */
1572 if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
1573 *pskb = ip_ct_gather_frags(*pskb,
1574 diff --git a/net/ipv4/netfilter/ip_nat_proto_tcp.c b/net/ipv4/netfilter/ip_nat_proto_tcp.c
1575 --- a/net/ipv4/netfilter/ip_nat_proto_tcp.c
1576 +++ b/net/ipv4/netfilter/ip_nat_proto_tcp.c
1577 @@ -40,7 +40,8 @@ tcp_unique_tuple(struct ip_conntrack_tup
1578 enum ip_nat_manip_type maniptype,
1579 const struct ip_conntrack *conntrack)
1581 - static u_int16_t port, *portptr;
1582 + static u_int16_t port;
1583 + u_int16_t *portptr;
1584 unsigned int range_size, min, i;
1586 if (maniptype == IP_NAT_MANIP_SRC)
1587 diff --git a/net/ipv4/netfilter/ip_nat_proto_udp.c b/net/ipv4/netfilter/ip_nat_proto_udp.c
1588 --- a/net/ipv4/netfilter/ip_nat_proto_udp.c
1589 +++ b/net/ipv4/netfilter/ip_nat_proto_udp.c
1590 @@ -41,7 +41,8 @@ udp_unique_tuple(struct ip_conntrack_tup
1591 enum ip_nat_manip_type maniptype,
1592 const struct ip_conntrack *conntrack)
1594 - static u_int16_t port, *portptr;
1595 + static u_int16_t port;
1596 + u_int16_t *portptr;
1597 unsigned int range_size, min, i;
1599 if (maniptype == IP_NAT_MANIP_SRC)
1600 diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
1601 --- a/net/ipv6/ip6_input.c
1602 +++ b/net/ipv6/ip6_input.c
1603 @@ -198,12 +198,13 @@ resubmit:
1604 if (!raw_sk) {
1605 if (xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1606 IP6_INC_STATS_BH(IPSTATS_MIB_INUNKNOWNPROTOS);
1607 - icmpv6_param_prob(skb, ICMPV6_UNK_NEXTHDR, nhoff);
1608 + icmpv6_send(skb, ICMPV6_PARAMPROB,
1609 + ICMPV6_UNK_NEXTHDR, nhoff,
1610 + skb->dev);
1612 - } else {
1613 + } else
1614 IP6_INC_STATS_BH(IPSTATS_MIB_INDELIVERS);
1615 - kfree_skb(skb);
1616 - }
1617 + kfree_skb(skb);
1619 rcu_read_unlock();
1620 return 0;
1621 diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
1622 --- a/net/ipv6/ipv6_sockglue.c
1623 +++ b/net/ipv6/ipv6_sockglue.c
1624 @@ -503,6 +503,9 @@ done:
1625 break;
1626 case IPV6_IPSEC_POLICY:
1627 case IPV6_XFRM_POLICY:
1628 + retv = -EPERM;
1629 + if (!capable(CAP_NET_ADMIN))
1630 + break;
1631 retv = xfrm_user_policy(sk, optname, optval, optlen);
1632 break;
1634 diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
1635 --- a/net/ipv6/netfilter/ip6_queue.c
1636 +++ b/net/ipv6/netfilter/ip6_queue.c
1637 @@ -76,7 +76,9 @@ static DECLARE_MUTEX(ipqnl_sem);
1638 static void
1639 ipq_issue_verdict(struct ipq_queue_entry *entry, int verdict)
1641 + local_bh_disable();
1642 nf_reinject(entry->skb, entry->info, verdict);
1643 + local_bh_enable();
1644 kfree(entry);
1647 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
1648 --- a/net/netlink/af_netlink.c
1649 +++ b/net/netlink/af_netlink.c
1650 @@ -315,8 +315,8 @@ err:
1651 static void netlink_remove(struct sock *sk)
1653 netlink_table_grab();
1654 - nl_table[sk->sk_protocol].hash.entries--;
1655 - sk_del_node_init(sk);
1656 + if (sk_del_node_init(sk))
1657 + nl_table[sk->sk_protocol].hash.entries--;
1658 if (nlk_sk(sk)->groups)
1659 __sk_del_bind_node(sk);
1660 netlink_table_ungrab();
1661 @@ -429,7 +429,12 @@ retry:
1662 err = netlink_insert(sk, pid);
1663 if (err == -EADDRINUSE)
1664 goto retry;
1665 - return 0;
1667 + /* If 2 threads race to autobind, that is fine. */
1668 + if (err == -EBUSY)
1669 + err = 0;
1671 + return err;
1674 static inline int netlink_capable(struct socket *sock, unsigned int flag)
1675 diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
1676 --- a/net/packet/af_packet.c
1677 +++ b/net/packet/af_packet.c
1678 @@ -274,6 +274,9 @@ static int packet_rcv_spkt(struct sk_buf
1679 dst_release(skb->dst);
1680 skb->dst = NULL;
1682 + /* drop conntrack reference */
1683 + nf_reset(skb);
1685 spkt = (struct sockaddr_pkt*)skb->cb;
1687 skb_push(skb, skb->data-skb->mac.raw);
1688 @@ -517,6 +520,9 @@ static int packet_rcv(struct sk_buff *sk
1689 dst_release(skb->dst);
1690 skb->dst = NULL;
1692 + /* drop conntrack reference */
1693 + nf_reset(skb);
1695 spin_lock(&sk->sk_receive_queue.lock);
1696 po->stats.tp_packets++;
1697 __skb_queue_tail(&sk->sk_receive_queue, skb);
1698 diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
1699 --- a/net/xfrm/xfrm_user.c
1700 +++ b/net/xfrm/xfrm_user.c
1701 @@ -1180,6 +1180,9 @@ static struct xfrm_policy *xfrm_compile_
1702 if (nr > XFRM_MAX_DEPTH)
1703 return NULL;
1705 + if (p->dir > XFRM_POLICY_OUT)
1706 + return NULL;
1708 xp = xfrm_policy_alloc(GFP_KERNEL);
1709 if (xp == NULL) {
1710 *dir = -ENOBUFS;
1711 diff --git a/security/keys/keyring.c b/security/keys/keyring.c
1712 --- a/security/keys/keyring.c
1713 +++ b/security/keys/keyring.c
1714 @@ -188,7 +188,11 @@ static void keyring_destroy(struct key *
1716 if (keyring->description) {
1717 write_lock(&keyring_name_lock);
1718 - list_del(&keyring->type_data.link);
1720 + if (keyring->type_data.link.next != NULL &&
1721 + !list_empty(&keyring->type_data.link))
1722 + list_del(&keyring->type_data.link);
1724 write_unlock(&keyring_name_lock);
1727 diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
1728 --- a/security/keys/process_keys.c
1729 +++ b/security/keys/process_keys.c
1730 @@ -641,7 +641,7 @@ long join_session_keyring(const char *na
1731 keyring = keyring_alloc(name, tsk->uid, tsk->gid, 0, NULL);
1732 if (IS_ERR(keyring)) {
1733 ret = PTR_ERR(keyring);
1734 - goto error;
1735 + goto error2;
1738 else if (IS_ERR(keyring)) {