ia64/xen-unstable

changeset 4929:2c0bcfd2a1fc

bitkeeper revision 1.1414 (428877c4Kn3AfJCu8rQfgt-njOlK7w)

Merge firebug.cl.cam.ac.uk:/auto/groups/xeno-xenod/BK/xen-unstable.bk
into firebug.cl.cam.ac.uk:/local/scratch/cl349/xen-unstable.bk
author cl349@firebug.cl.cam.ac.uk
date Mon May 16 10:36:52 2005 +0000 (2005-05-16)
parents 8e3f809f3616 522cd960f6ce
children c02d87b68355 a90b8526b255
files .rootkeys linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/early_printk.c patches/linux-2.6.11/linux-2.6.11.8.patch patches/linux-2.6.11/linux-2.6.11.9.patch
line diff
     1.1 --- a/.rootkeys	Mon May 16 09:49:48 2005 +0000
     1.2 +++ b/.rootkeys	Mon May 16 10:36:52 2005 +0000
     1.3 @@ -274,7 +274,7 @@ 424efaa6kKleWe45IrqsG8gkejgEQA linux-2.6
     1.4  424efaa6HSyuVodl6SxFGj39vlp6MA linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/Makefile
     1.5  424efaa7bVAw3Z_q0SdFivfNVavyIg linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/asm-offsets.c
     1.6  424efaa7ddTVabh547Opf0u9vKmUXw linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/e820.c
     1.7 -424efaa72fQEHYQ-Sp2IW9X2xTA5zQ linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/early_printk.c
     1.8 +428868bbQust_FkSdkerMqYBWfrVKg linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/early_printk.c
     1.9  424efaa7B_BWrAkLPJNoKk4EQY2a7w linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/entry.S
    1.10  424efaa7vhgi7th5QVICjfuHmEWOkw linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/head.S
    1.11  424efaa7tiMEZSAYepwyjaNWxyXF7Q linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/head64.c
    1.12 @@ -469,7 +469,7 @@ 413cb3b53nyOv1OIeDSsCXhBFDXvJA netbsd-2.
    1.13  413aa1d0oNP8HXLvfPuMe6cSroUfSA patches/linux-2.6.11/agpgart.patch
    1.14  427261074Iy1MkbbqIV6zdZDWWx_Jg patches/linux-2.6.11/i386-cpu-hotplug-updated-for-mm.patch
    1.15  42372652KCUP-IOH9RN19YQmGhs4aA patches/linux-2.6.11/iomap.patch
    1.16 -428359d4b3fDYtazwXi4UUmSWaOUew patches/linux-2.6.11/linux-2.6.11.8.patch
    1.17 +428359d4b3fDYtazwXi4UUmSWaOUew patches/linux-2.6.11/linux-2.6.11.9.patch
    1.18  424f001e_M1Tnxc52rDrmCLelnDWMQ patches/linux-2.6.11/x86_64-linux.patch
    1.19  3f776bd1Hy9rn69ntXBhPReUFw9IEA tools/Makefile
    1.20  40e1b09db5mN69Ijj0X_Eol-S7dXiw tools/Rules.mk
     2.1 --- a/linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/early_printk.c	Mon May 16 09:49:48 2005 +0000
     2.2 +++ b/linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/early_printk.c	Mon May 16 10:36:52 2005 +0000
     2.3 @@ -1,3 +1,4 @@
     2.4 +#include <linux/config.h>
     2.5  #include <linux/console.h>
     2.6  #include <linux/kernel.h>
     2.7  #include <linux/init.h>
     2.8 @@ -16,7 +17,6 @@
     2.9  #define MAX_YPOS	25
    2.10  #define MAX_XPOS	80
    2.11  
    2.12 -#if 0
    2.13  static int current_ypos = 1, current_xpos = 0; 
    2.14  
    2.15  static void early_vga_write(struct console *con, const char *str, unsigned n)
    2.16 @@ -58,8 +58,8 @@ static struct console early_vga_console 
    2.17  	.flags =	CON_PRINTBUFFER,
    2.18  	.index =	-1,
    2.19  };
    2.20 -#endif
    2.21  
    2.22 +#ifndef CONFIG_XEN
    2.23  /* Serial functions loosely based on a similar package from Klaus P. Gerlicher */ 
    2.24  
    2.25  int early_serial_base = 0x3f8;  /* ttyS0 */ 
    2.26 @@ -80,7 +80,6 @@ int early_serial_base = 0x3f8;  /* ttyS0
    2.27  #define DLL             0       /*  Divisor Latch Low         */
    2.28  #define DLH             1       /*  Divisor latch High        */
    2.29  
    2.30 -#if 0
    2.31  static int early_serial_putc(unsigned char ch) 
    2.32  { 
    2.33  	unsigned timeout = 0xffff; 
    2.34 @@ -99,11 +98,9 @@ static void early_serial_write(struct co
    2.35  		s++; 
    2.36  	} 
    2.37  } 
    2.38 -#endif
    2.39  
    2.40  #define DEFAULT_BAUD 9600
    2.41  
    2.42 -#if 0
    2.43  static __init void early_serial_init(char *s)
    2.44  {
    2.45  	unsigned char c; 
    2.46 @@ -151,6 +148,26 @@ static __init void early_serial_init(cha
    2.47  	outb((divisor >> 8) & 0xff, early_serial_base + DLH); 
    2.48  	outb(c & ~DLAB, early_serial_base + LCR);
    2.49  }
    2.50 +#else
    2.51 +
    2.52 +static void
    2.53 +early_serial_write(struct console *con, const char *s, unsigned count)
    2.54 +{
    2.55 +	int n;
    2.56 +
    2.57 +	while (count > 0) {
    2.58 +		n = HYPERVISOR_console_io(CONSOLEIO_write, count, (char *)s);
    2.59 +		if (n <= 0)
    2.60 +			break;
    2.61 +		count -= n;
    2.62 +		s += n;
    2.63 +	}
    2.64 +} 
    2.65 +
    2.66 +static __init void early_serial_init(char *s)
    2.67 +{
    2.68 +}
    2.69 +#endif
    2.70  
    2.71  static struct console early_serial_console = {
    2.72  	.name =		"earlyser",
    2.73 @@ -158,23 +175,9 @@ static struct console early_serial_conso
    2.74  	.flags =	CON_PRINTBUFFER,
    2.75  	.index =	-1,
    2.76  };
    2.77 -#endif
    2.78 -
    2.79 -static void xen_console_write(struct console *con, const char *s, unsigned n)
    2.80 -{
    2.81 -        HYPERVISOR_console_io(CONSOLEIO_write, n, (char *) s);
    2.82 -}
    2.83 -
    2.84 -static struct console xen_console = {
    2.85 -        .name =         "xen",
    2.86 -        .write =        xen_console_write,
    2.87 -        .flags =        CON_PRINTBUFFER,
    2.88 -        .index =        -1,
    2.89 -};
    2.90  
    2.91  /* Direct interface for emergencies */
    2.92 -struct console *early_console = &xen_console;
    2.93 -/* struct console *early_console = &early_vga_console; */
    2.94 +struct console *early_console = &early_vga_console;
    2.95  static int early_console_initialized = 0;
    2.96  
    2.97  void early_printk(const char *fmt, ...)
    2.98 @@ -193,9 +196,9 @@ static int keep_early;
    2.99  
   2.100  int __init setup_early_printk(char *opt) 
   2.101  {  
   2.102 +	char *space;
   2.103 +	char buf[256]; 
   2.104  
   2.105 -        early_console = &xen_console; 
   2.106 -#if 0
   2.107  	if (early_console_initialized)
   2.108  		return -1;
   2.109  
   2.110 @@ -218,7 +221,6 @@ int __init setup_early_printk(char *opt)
   2.111  	} else if (!strncmp(buf, "vga", 3)) {
   2.112  		early_console = &early_vga_console; 
   2.113  	}
   2.114 -#endif
   2.115  	early_console_initialized = 1;
   2.116  	register_console(early_console);       
   2.117  	return 0;
     3.1 --- a/patches/linux-2.6.11/linux-2.6.11.8.patch	Mon May 16 09:49:48 2005 +0000
     3.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.3 @@ -1,1613 +0,0 @@
     3.4 -diff -Nru a/Makefile b/Makefile
     3.5 ---- a/Makefile	2005-04-29 18:34:28 -07:00
     3.6 -+++ b/Makefile	2005-04-29 18:34:28 -07:00
     3.7 -@@ -1,8 +1,8 @@
     3.8 - VERSION = 2
     3.9 - PATCHLEVEL = 6
    3.10 - SUBLEVEL = 11
    3.11 --EXTRAVERSION =
    3.12 --NAME=Woozy Numbat
    3.13 -+EXTRAVERSION = .8
    3.14 -+NAME=Woozy Beaver
    3.15 - 
    3.16 - # *DOCUMENTATION*
    3.17 - # To see a list of typical targets execute "make help"
    3.18 -diff -Nru a/arch/ia64/kernel/fsys.S b/arch/ia64/kernel/fsys.S
    3.19 ---- a/arch/ia64/kernel/fsys.S	2005-04-29 18:34:28 -07:00
    3.20 -+++ b/arch/ia64/kernel/fsys.S	2005-04-29 18:34:28 -07:00
    3.21 -@@ -611,8 +611,10 @@
    3.22 - 	movl r2=ia64_ret_from_syscall
    3.23 - 	;;
    3.24 - 	mov rp=r2				// set the real return addr
    3.25 --	tbit.z p8,p0=r3,TIF_SYSCALL_TRACE
    3.26 -+	and r3=_TIF_SYSCALL_TRACEAUDIT,r3
    3.27 - 	;;
    3.28 -+	cmp.eq p8,p0=r3,r0
    3.29 -+
    3.30 - (p10)	br.cond.spnt.many ia64_ret_from_syscall	// p10==true means out registers are more than 8
    3.31 - (p8)	br.call.sptk.many b6=b6		// ignore this return addr
    3.32 - 	br.cond.sptk ia64_trace_syscall
    3.33 -diff -Nru a/arch/ia64/kernel/signal.c b/arch/ia64/kernel/signal.c
    3.34 ---- a/arch/ia64/kernel/signal.c	2005-04-29 18:34:28 -07:00
    3.35 -+++ b/arch/ia64/kernel/signal.c	2005-04-29 18:34:28 -07:00
    3.36 -@@ -224,7 +224,8 @@
    3.37 - 	 * could be corrupted.
    3.38 - 	 */
    3.39 - 	retval = (long) &ia64_leave_kernel;
    3.40 --	if (test_thread_flag(TIF_SYSCALL_TRACE))
    3.41 -+	if (test_thread_flag(TIF_SYSCALL_TRACE)
    3.42 -+	    || test_thread_flag(TIF_SYSCALL_AUDIT))
    3.43 - 		/*
    3.44 - 		 * strace expects to be notified after sigreturn returns even though the
    3.45 - 		 * context to which we return may not be in the middle of a syscall.
    3.46 -diff -Nru a/arch/ppc/oprofile/op_model_fsl_booke.c b/arch/ppc/oprofile/op_model_fsl_booke.c
    3.47 ---- a/arch/ppc/oprofile/op_model_fsl_booke.c	2005-04-29 18:34:28 -07:00
    3.48 -+++ b/arch/ppc/oprofile/op_model_fsl_booke.c	2005-04-29 18:34:28 -07:00
    3.49 -@@ -150,7 +150,6 @@
    3.50 - 	int is_kernel;
    3.51 - 	int val;
    3.52 - 	int i;
    3.53 --	unsigned int cpu = smp_processor_id();
    3.54 - 
    3.55 - 	/* set the PMM bit (see comment below) */
    3.56 - 	mtmsr(mfmsr() | MSR_PMM);
    3.57 -@@ -162,7 +161,7 @@
    3.58 - 		val = ctr_read(i);
    3.59 - 		if (val < 0) {
    3.60 - 			if (oprofile_running && ctr[i].enabled) {
    3.61 --				oprofile_add_sample(pc, is_kernel, i, cpu);
    3.62 -+				oprofile_add_pc(pc, is_kernel, i);
    3.63 - 				ctr_write(i, reset_value[i]);
    3.64 - 			} else {
    3.65 - 				ctr_write(i, 0);
    3.66 -diff -Nru a/arch/ppc/platforms/4xx/ebony.h b/arch/ppc/platforms/4xx/ebony.h
    3.67 ---- a/arch/ppc/platforms/4xx/ebony.h	2005-04-29 18:34:28 -07:00
    3.68 -+++ b/arch/ppc/platforms/4xx/ebony.h	2005-04-29 18:34:28 -07:00
    3.69 -@@ -61,8 +61,8 @@
    3.70 -  */
    3.71 - 
    3.72 - /* OpenBIOS defined UART mappings, used before early_serial_setup */
    3.73 --#define UART0_IO_BASE	(u8 *) 0xE0000200
    3.74 --#define UART1_IO_BASE	(u8 *) 0xE0000300
    3.75 -+#define UART0_IO_BASE	0xE0000200
    3.76 -+#define UART1_IO_BASE	0xE0000300
    3.77 - 
    3.78 - /* external Epson SG-615P */
    3.79 - #define BASE_BAUD	691200
    3.80 -diff -Nru a/arch/ppc/platforms/4xx/luan.h b/arch/ppc/platforms/4xx/luan.h
    3.81 ---- a/arch/ppc/platforms/4xx/luan.h	2005-04-29 18:34:28 -07:00
    3.82 -+++ b/arch/ppc/platforms/4xx/luan.h	2005-04-29 18:34:28 -07:00
    3.83 -@@ -47,9 +47,9 @@
    3.84 - #define RS_TABLE_SIZE	3
    3.85 - 
    3.86 - /* PIBS defined UART mappings, used before early_serial_setup */
    3.87 --#define UART0_IO_BASE	(u8 *) 0xa0000200
    3.88 --#define UART1_IO_BASE	(u8 *) 0xa0000300
    3.89 --#define UART2_IO_BASE	(u8 *) 0xa0000600
    3.90 -+#define UART0_IO_BASE	0xa0000200
    3.91 -+#define UART1_IO_BASE	0xa0000300
    3.92 -+#define UART2_IO_BASE	0xa0000600
    3.93 - 
    3.94 - #define BASE_BAUD	11059200
    3.95 - #define STD_UART_OP(num)					\
    3.96 -diff -Nru a/arch/ppc/platforms/4xx/ocotea.h b/arch/ppc/platforms/4xx/ocotea.h
    3.97 ---- a/arch/ppc/platforms/4xx/ocotea.h	2005-04-29 18:34:28 -07:00
    3.98 -+++ b/arch/ppc/platforms/4xx/ocotea.h	2005-04-29 18:34:28 -07:00
    3.99 -@@ -56,8 +56,8 @@
   3.100 - #define RS_TABLE_SIZE	2
   3.101 - 
   3.102 - /* OpenBIOS defined UART mappings, used before early_serial_setup */
   3.103 --#define UART0_IO_BASE	(u8 *) 0xE0000200
   3.104 --#define UART1_IO_BASE	(u8 *) 0xE0000300
   3.105 -+#define UART0_IO_BASE	0xE0000200
   3.106 -+#define UART1_IO_BASE	0xE0000300
   3.107 - 
   3.108 - #define BASE_BAUD	11059200/16
   3.109 - #define STD_UART_OP(num)					\
   3.110 -diff -Nru a/arch/sparc/kernel/ptrace.c b/arch/sparc/kernel/ptrace.c
   3.111 ---- a/arch/sparc/kernel/ptrace.c	2005-04-29 18:34:28 -07:00
   3.112 -+++ b/arch/sparc/kernel/ptrace.c	2005-04-29 18:34:28 -07:00
   3.113 -@@ -531,18 +531,6 @@
   3.114 - 			pt_error_return(regs, EIO);
   3.115 - 			goto out_tsk;
   3.116 - 		}
   3.117 --		if (addr != 1) {
   3.118 --			if (addr & 3) {
   3.119 --				pt_error_return(regs, EINVAL);
   3.120 --				goto out_tsk;
   3.121 --			}
   3.122 --#ifdef DEBUG_PTRACE
   3.123 --			printk ("Original: %08lx %08lx\n", child->thread.kregs->pc, child->thread.kregs->npc);
   3.124 --			printk ("Continuing with %08lx %08lx\n", addr, addr+4);
   3.125 --#endif
   3.126 --			child->thread.kregs->pc = addr;
   3.127 --			child->thread.kregs->npc = addr + 4;
   3.128 --		}
   3.129 - 
   3.130 - 		if (request == PTRACE_SYSCALL)
   3.131 - 			set_tsk_thread_flag(child, TIF_SYSCALL_TRACE);
   3.132 -diff -Nru a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c
   3.133 ---- a/arch/sparc64/kernel/ptrace.c	2005-04-29 18:34:28 -07:00
   3.134 -+++ b/arch/sparc64/kernel/ptrace.c	2005-04-29 18:34:28 -07:00
   3.135 -@@ -514,25 +514,6 @@
   3.136 - 			pt_error_return(regs, EIO);
   3.137 - 			goto out_tsk;
   3.138 - 		}
   3.139 --		if (addr != 1) {
   3.140 --			unsigned long pc_mask = ~0UL;
   3.141 --
   3.142 --			if ((child->thread_info->flags & _TIF_32BIT) != 0)
   3.143 --				pc_mask = 0xffffffff;
   3.144 --
   3.145 --			if (addr & 3) {
   3.146 --				pt_error_return(regs, EINVAL);
   3.147 --				goto out_tsk;
   3.148 --			}
   3.149 --#ifdef DEBUG_PTRACE
   3.150 --			printk ("Original: %016lx %016lx\n",
   3.151 --				child->thread_info->kregs->tpc,
   3.152 --				child->thread_info->kregs->tnpc);
   3.153 --			printk ("Continuing with %016lx %016lx\n", addr, addr+4);
   3.154 --#endif
   3.155 --			child->thread_info->kregs->tpc = (addr & pc_mask);
   3.156 --			child->thread_info->kregs->tnpc = ((addr + 4) & pc_mask);
   3.157 --		}
   3.158 - 
   3.159 - 		if (request == PTRACE_SYSCALL) {
   3.160 - 			set_tsk_thread_flag(child, TIF_SYSCALL_TRACE);
   3.161 -diff -Nru a/arch/sparc64/kernel/signal32.c b/arch/sparc64/kernel/signal32.c
   3.162 ---- a/arch/sparc64/kernel/signal32.c	2005-04-29 18:34:28 -07:00
   3.163 -+++ b/arch/sparc64/kernel/signal32.c	2005-04-29 18:34:28 -07:00
   3.164 -@@ -192,9 +192,12 @@
   3.165 - 			err |= __put_user(from->si_uid, &to->si_uid);
   3.166 - 			break;
   3.167 - 		case __SI_FAULT >> 16:
   3.168 --		case __SI_POLL >> 16:
   3.169 - 			err |= __put_user(from->si_trapno, &to->si_trapno);
   3.170 - 			err |= __put_user((unsigned long)from->si_addr, &to->si_addr);
   3.171 -+			break;
   3.172 -+		case __SI_POLL >> 16:
   3.173 -+			err |= __put_user(from->si_band, &to->si_band);
   3.174 -+			err |= __put_user(from->si_fd, &to->si_fd);
   3.175 - 			break;
   3.176 - 		case __SI_RT >> 16: /* This is not generated by the kernel as of now.  */
   3.177 - 		case __SI_MESGQ >> 16:
   3.178 -diff -Nru a/arch/sparc64/kernel/systbls.S b/arch/sparc64/kernel/systbls.S
   3.179 ---- a/arch/sparc64/kernel/systbls.S	2005-04-29 18:34:27 -07:00
   3.180 -+++ b/arch/sparc64/kernel/systbls.S	2005-04-29 18:34:27 -07:00
   3.181 -@@ -75,7 +75,7 @@
   3.182 - /*260*/	.word compat_sys_sched_getaffinity, compat_sys_sched_setaffinity, sys32_timer_settime, compat_sys_timer_gettime, sys_timer_getoverrun
   3.183 - 	.word sys_timer_delete, sys32_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy
   3.184 - /*270*/	.word sys32_io_submit, sys_io_cancel, compat_sys_io_getevents, sys32_mq_open, sys_mq_unlink
   3.185 --	.word sys_mq_timedsend, sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid
   3.186 -+	.word compat_sys_mq_timedsend, compat_sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid
   3.187 - /*280*/	.word sys_ni_syscall, sys_add_key, sys_request_key, sys_keyctl
   3.188 - 
   3.189 - #endif /* CONFIG_COMPAT */
   3.190 -diff -Nru a/arch/um/include/sysdep-i386/syscalls.h b/arch/um/include/sysdep-i386/syscalls.h
   3.191 ---- a/arch/um/include/sysdep-i386/syscalls.h	2005-04-29 18:34:27 -07:00
   3.192 -+++ b/arch/um/include/sysdep-i386/syscalls.h	2005-04-29 18:34:27 -07:00
   3.193 -@@ -23,6 +23,9 @@
   3.194 - 		      unsigned long prot, unsigned long flags,
   3.195 - 		      unsigned long fd, unsigned long pgoff);
   3.196 - 
   3.197 -+/* On i386 they choose a meaningless naming.*/
   3.198 -+#define __NR_kexec_load __NR_sys_kexec_load
   3.199 -+
   3.200 - #define ARCH_SYSCALLS \
   3.201 - 	[ __NR_waitpid ] = (syscall_handler_t *) sys_waitpid, \
   3.202 - 	[ __NR_break ] = (syscall_handler_t *) sys_ni_syscall, \
   3.203 -@@ -101,15 +104,12 @@
   3.204 - 	[ 223 ] = (syscall_handler_t *) sys_ni_syscall, \
   3.205 - 	[ __NR_set_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \
   3.206 - 	[ __NR_get_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \
   3.207 --	[ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, \
   3.208 - 	[ 251 ] = (syscall_handler_t *) sys_ni_syscall, \
   3.209 --        [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, \
   3.210 --	[ __NR_utimes ] = (syscall_handler_t *) sys_utimes, \
   3.211 --	[ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall,
   3.212 --        
   3.213 -+	[ 285 ] = (syscall_handler_t *) sys_ni_syscall,
   3.214 -+
   3.215 - /* 222 doesn't yet have a name in include/asm-i386/unistd.h */
   3.216 - 
   3.217 --#define LAST_ARCH_SYSCALL __NR_vserver
   3.218 -+#define LAST_ARCH_SYSCALL 285
   3.219 - 
   3.220 - /*
   3.221 -  * Overrides for Emacs so that we follow Linus's tabbing style.
   3.222 -diff -Nru a/arch/um/include/sysdep-x86_64/syscalls.h b/arch/um/include/sysdep-x86_64/syscalls.h
   3.223 ---- a/arch/um/include/sysdep-x86_64/syscalls.h	2005-04-29 18:34:28 -07:00
   3.224 -+++ b/arch/um/include/sysdep-x86_64/syscalls.h	2005-04-29 18:34:28 -07:00
   3.225 -@@ -71,12 +71,7 @@
   3.226 - 	[ __NR_iopl ] = (syscall_handler_t *) sys_ni_syscall, \
   3.227 - 	[ __NR_set_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \
   3.228 - 	[ __NR_get_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \
   3.229 --        [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, \
   3.230 - 	[ __NR_semtimedop ] = (syscall_handler_t *) sys_semtimedop, \
   3.231 --	[ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, \
   3.232 --	[ 223 ] = (syscall_handler_t *) sys_ni_syscall, \
   3.233 --	[ __NR_utimes ] = (syscall_handler_t *) sys_utimes, \
   3.234 --	[ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall, \
   3.235 - 	[ 251 ] = (syscall_handler_t *) sys_ni_syscall,
   3.236 - 
   3.237 - #define LAST_ARCH_SYSCALL 251
   3.238 -diff -Nru a/arch/um/kernel/skas/uaccess.c b/arch/um/kernel/skas/uaccess.c
   3.239 ---- a/arch/um/kernel/skas/uaccess.c	2005-04-29 18:34:28 -07:00
   3.240 -+++ b/arch/um/kernel/skas/uaccess.c	2005-04-29 18:34:28 -07:00
   3.241 -@@ -61,7 +61,8 @@
   3.242 - 	void *arg;
   3.243 - 	int *res;
   3.244 - 
   3.245 --	va_copy(args, *(va_list *)arg_ptr);
   3.246 -+	/* Some old gccs recognize __va_copy, but not va_copy */
   3.247 -+	__va_copy(args, *(va_list *)arg_ptr);
   3.248 - 	addr = va_arg(args, unsigned long);
   3.249 - 	len = va_arg(args, int);
   3.250 - 	is_write = va_arg(args, int);
   3.251 -diff -Nru a/arch/um/kernel/sys_call_table.c b/arch/um/kernel/sys_call_table.c
   3.252 ---- a/arch/um/kernel/sys_call_table.c	2005-04-29 18:34:28 -07:00
   3.253 -+++ b/arch/um/kernel/sys_call_table.c	2005-04-29 18:34:28 -07:00
   3.254 -@@ -48,7 +48,6 @@
   3.255 - extern syscall_handler_t old_select;
   3.256 - extern syscall_handler_t sys_modify_ldt;
   3.257 - extern syscall_handler_t sys_rt_sigsuspend;
   3.258 --extern syscall_handler_t sys_vserver;
   3.259 - extern syscall_handler_t sys_mbind;
   3.260 - extern syscall_handler_t sys_get_mempolicy;
   3.261 - extern syscall_handler_t sys_set_mempolicy;
   3.262 -@@ -242,6 +241,7 @@
   3.263 - 	[ __NR_epoll_create ] = (syscall_handler_t *) sys_epoll_create,
   3.264 - 	[ __NR_epoll_ctl ] = (syscall_handler_t *) sys_epoll_ctl,
   3.265 - 	[ __NR_epoll_wait ] = (syscall_handler_t *) sys_epoll_wait,
   3.266 -+	[ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages,
   3.267 -         [ __NR_set_tid_address ] = (syscall_handler_t *) sys_set_tid_address,
   3.268 - 	[ __NR_timer_create ] = (syscall_handler_t *) sys_timer_create,
   3.269 - 	[ __NR_timer_settime ] = (syscall_handler_t *) sys_timer_settime,
   3.270 -@@ -252,12 +252,10 @@
   3.271 - 	[ __NR_clock_gettime ] = (syscall_handler_t *) sys_clock_gettime,
   3.272 - 	[ __NR_clock_getres ] = (syscall_handler_t *) sys_clock_getres,
   3.273 - 	[ __NR_clock_nanosleep ] = (syscall_handler_t *) sys_clock_nanosleep,
   3.274 --	[ __NR_statfs64 ] = (syscall_handler_t *) sys_statfs64,
   3.275 --	[ __NR_fstatfs64 ] = (syscall_handler_t *) sys_fstatfs64,
   3.276 - 	[ __NR_tgkill ] = (syscall_handler_t *) sys_tgkill,
   3.277 - 	[ __NR_utimes ] = (syscall_handler_t *) sys_utimes,
   3.278 --	[ __NR_fadvise64_64 ] = (syscall_handler_t *) sys_fadvise64_64,
   3.279 --	[ __NR_vserver ] = (syscall_handler_t *) sys_vserver,
   3.280 -+	[ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64,
   3.281 -+	[ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall,
   3.282 - 	[ __NR_mbind ] = (syscall_handler_t *) sys_mbind,
   3.283 - 	[ __NR_get_mempolicy ] = (syscall_handler_t *) sys_get_mempolicy,
   3.284 - 	[ __NR_set_mempolicy ] = (syscall_handler_t *) sys_set_mempolicy,
   3.285 -@@ -267,9 +265,8 @@
   3.286 - 	[ __NR_mq_timedreceive ] = (syscall_handler_t *) sys_mq_timedreceive,
   3.287 - 	[ __NR_mq_notify ] = (syscall_handler_t *) sys_mq_notify,
   3.288 - 	[ __NR_mq_getsetattr ] = (syscall_handler_t *) sys_mq_getsetattr,
   3.289 --	[ __NR_sys_kexec_load ] = (syscall_handler_t *) sys_ni_syscall,
   3.290 -+	[ __NR_kexec_load ] = (syscall_handler_t *) sys_ni_syscall,
   3.291 - 	[ __NR_waitid ] = (syscall_handler_t *) sys_waitid,
   3.292 --	[ 285 ] = (syscall_handler_t *) sys_ni_syscall,
   3.293 - 	[ __NR_add_key ] = (syscall_handler_t *) sys_add_key,
   3.294 - 	[ __NR_request_key ] = (syscall_handler_t *) sys_request_key,
   3.295 - 	[ __NR_keyctl ] = (syscall_handler_t *) sys_keyctl,
   3.296 -diff -Nru a/drivers/char/drm/drm_ioctl.c b/drivers/char/drm/drm_ioctl.c
   3.297 ---- a/drivers/char/drm/drm_ioctl.c	2005-04-29 18:34:27 -07:00
   3.298 -+++ b/drivers/char/drm/drm_ioctl.c	2005-04-29 18:34:27 -07:00
   3.299 -@@ -326,6 +326,8 @@
   3.300 - 
   3.301 - 	DRM_COPY_FROM_USER_IOCTL(sv, argp, sizeof(sv));
   3.302 - 
   3.303 -+	memset(&version, 0, sizeof(version));
   3.304 -+
   3.305 - 	dev->driver->version(&version);
   3.306 - 	retv.drm_di_major = DRM_IF_MAJOR;
   3.307 - 	retv.drm_di_minor = DRM_IF_MINOR;
   3.308 -diff -Nru a/drivers/i2c/chips/eeprom.c b/drivers/i2c/chips/eeprom.c
   3.309 ---- a/drivers/i2c/chips/eeprom.c	2005-04-29 18:34:27 -07:00
   3.310 -+++ b/drivers/i2c/chips/eeprom.c	2005-04-29 18:34:27 -07:00
   3.311 -@@ -130,7 +130,8 @@
   3.312 - 
   3.313 - 	/* Hide Vaio security settings to regular users (16 first bytes) */
   3.314 - 	if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) {
   3.315 --		int in_row1 = 16 - off;
   3.316 -+		size_t in_row1 = 16 - off;
   3.317 -+		in_row1 = min(in_row1, count);
   3.318 - 		memset(buf, 0, in_row1);
   3.319 - 		if (count - in_row1 > 0)
   3.320 - 			memcpy(buf + in_row1, &data->data[16], count - in_row1);
   3.321 -diff -Nru a/drivers/i2c/chips/it87.c b/drivers/i2c/chips/it87.c
   3.322 ---- a/drivers/i2c/chips/it87.c	2005-04-29 18:34:28 -07:00
   3.323 -+++ b/drivers/i2c/chips/it87.c	2005-04-29 18:34:28 -07:00
   3.324 -@@ -631,7 +631,7 @@
   3.325 - 	struct it87_data *data = it87_update_device(dev);
   3.326 - 	return sprintf(buf,"%d\n", ALARMS_FROM_REG(data->alarms));
   3.327 - }
   3.328 --static DEVICE_ATTR(alarms, S_IRUGO | S_IWUSR, show_alarms, NULL);
   3.329 -+static DEVICE_ATTR(alarms, S_IRUGO, show_alarms, NULL);
   3.330 - 
   3.331 - static ssize_t
   3.332 - show_vrm_reg(struct device *dev, char *buf)
   3.333 -diff -Nru a/drivers/i2c/chips/via686a.c b/drivers/i2c/chips/via686a.c
   3.334 ---- a/drivers/i2c/chips/via686a.c	2005-04-29 18:34:27 -07:00
   3.335 -+++ b/drivers/i2c/chips/via686a.c	2005-04-29 18:34:27 -07:00
   3.336 -@@ -554,7 +554,7 @@
   3.337 - 	struct via686a_data *data = via686a_update_device(dev);
   3.338 - 	return sprintf(buf,"%d\n", ALARMS_FROM_REG(data->alarms));
   3.339 - }
   3.340 --static DEVICE_ATTR(alarms, S_IRUGO | S_IWUSR, show_alarms, NULL);
   3.341 -+static DEVICE_ATTR(alarms, S_IRUGO, show_alarms, NULL);
   3.342 - 
   3.343 - /* The driver. I choose to use type i2c_driver, as at is identical to both
   3.344 -    smbus_driver and isa_driver, and clients could be of either kind */
   3.345 -diff -Nru a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h
   3.346 ---- a/drivers/input/serio/i8042-x86ia64io.h	2005-04-29 18:34:28 -07:00
   3.347 -+++ b/drivers/input/serio/i8042-x86ia64io.h	2005-04-29 18:34:28 -07:00
   3.348 -@@ -88,7 +88,7 @@
   3.349 - };
   3.350 - #endif
   3.351 - 
   3.352 --#ifdef CONFIG_ACPI
   3.353 -+#if defined(__ia64__) && defined(CONFIG_ACPI)
   3.354 - #include <linux/acpi.h>
   3.355 - #include <acpi/acpi_bus.h>
   3.356 - 
   3.357 -@@ -281,7 +281,7 @@
   3.358 - 	i8042_kbd_irq = I8042_MAP_IRQ(1);
   3.359 - 	i8042_aux_irq = I8042_MAP_IRQ(12);
   3.360 - 
   3.361 --#ifdef CONFIG_ACPI
   3.362 -+#if defined(__ia64__) && defined(CONFIG_ACPI)
   3.363 - 	if (i8042_acpi_init())
   3.364 - 		return -1;
   3.365 - #endif
   3.366 -@@ -300,7 +300,7 @@
   3.367 - 
   3.368 - static inline void i8042_platform_exit(void)
   3.369 - {
   3.370 --#ifdef CONFIG_ACPI
   3.371 -+#if defined(__ia64__) && defined(CONFIG_ACPI)
   3.372 - 	i8042_acpi_exit();
   3.373 - #endif
   3.374 - }
   3.375 -diff -Nru a/drivers/md/raid6altivec.uc b/drivers/md/raid6altivec.uc
   3.376 ---- a/drivers/md/raid6altivec.uc	2005-04-29 18:34:28 -07:00
   3.377 -+++ b/drivers/md/raid6altivec.uc	2005-04-29 18:34:28 -07:00
   3.378 -@@ -108,7 +108,11 @@
   3.379 - int raid6_have_altivec(void)
   3.380 - {
   3.381 - 	/* This assumes either all CPUs have Altivec or none does */
   3.382 -+#ifdef CONFIG_PPC64
   3.383 - 	return cur_cpu_spec->cpu_features & CPU_FTR_ALTIVEC;
   3.384 -+#else
   3.385 -+	return cur_cpu_spec[0]->cpu_features & CPU_FTR_ALTIVEC;
   3.386 -+#endif
   3.387 - }
   3.388 - #endif
   3.389 - 
   3.390 -diff -Nru a/drivers/media/video/adv7170.c b/drivers/media/video/adv7170.c
   3.391 ---- a/drivers/media/video/adv7170.c	2005-04-29 18:34:28 -07:00
   3.392 -+++ b/drivers/media/video/adv7170.c	2005-04-29 18:34:28 -07:00
   3.393 -@@ -130,7 +130,7 @@
   3.394 - 		u8 block_data[32];
   3.395 - 
   3.396 - 		msg.addr = client->addr;
   3.397 --		msg.flags = client->flags;
   3.398 -+		msg.flags = 0;
   3.399 - 		while (len >= 2) {
   3.400 - 			msg.buf = (char *) block_data;
   3.401 - 			msg.len = 0;
   3.402 -diff -Nru a/drivers/media/video/adv7175.c b/drivers/media/video/adv7175.c
   3.403 ---- a/drivers/media/video/adv7175.c	2005-04-29 18:34:28 -07:00
   3.404 -+++ b/drivers/media/video/adv7175.c	2005-04-29 18:34:28 -07:00
   3.405 -@@ -126,7 +126,7 @@
   3.406 - 		u8 block_data[32];
   3.407 - 
   3.408 - 		msg.addr = client->addr;
   3.409 --		msg.flags = client->flags;
   3.410 -+		msg.flags = 0;
   3.411 - 		while (len >= 2) {
   3.412 - 			msg.buf = (char *) block_data;
   3.413 - 			msg.len = 0;
   3.414 -diff -Nru a/drivers/media/video/bt819.c b/drivers/media/video/bt819.c
   3.415 ---- a/drivers/media/video/bt819.c	2005-04-29 18:34:27 -07:00
   3.416 -+++ b/drivers/media/video/bt819.c	2005-04-29 18:34:27 -07:00
   3.417 -@@ -146,7 +146,7 @@
   3.418 - 		u8 block_data[32];
   3.419 - 
   3.420 - 		msg.addr = client->addr;
   3.421 --		msg.flags = client->flags;
   3.422 -+		msg.flags = 0;
   3.423 - 		while (len >= 2) {
   3.424 - 			msg.buf = (char *) block_data;
   3.425 - 			msg.len = 0;
   3.426 -diff -Nru a/drivers/media/video/bttv-cards.c b/drivers/media/video/bttv-cards.c
   3.427 ---- a/drivers/media/video/bttv-cards.c	2005-04-29 18:34:28 -07:00
   3.428 -+++ b/drivers/media/video/bttv-cards.c	2005-04-29 18:34:28 -07:00
   3.429 -@@ -2718,8 +2718,6 @@
   3.430 -         }
   3.431 - 	btv->pll.pll_current = -1;
   3.432 - 
   3.433 --	bttv_reset_audio(btv);
   3.434 --
   3.435 - 	/* tuner configuration (from card list / autodetect / insmod option) */
   3.436 -  	if (UNSET != bttv_tvcards[btv->c.type].tuner_type)
   3.437 - 		if(UNSET == btv->tuner_type)
   3.438 -diff -Nru a/drivers/media/video/saa7110.c b/drivers/media/video/saa7110.c
   3.439 ---- a/drivers/media/video/saa7110.c	2005-04-29 18:34:27 -07:00
   3.440 -+++ b/drivers/media/video/saa7110.c	2005-04-29 18:34:27 -07:00
   3.441 -@@ -60,8 +60,10 @@
   3.442 - 
   3.443 - #define	I2C_SAA7110		0x9C	/* or 0x9E */
   3.444 - 
   3.445 -+#define SAA7110_NR_REG		0x35
   3.446 -+
   3.447 - struct saa7110 {
   3.448 --	unsigned char reg[54];
   3.449 -+	u8 reg[SAA7110_NR_REG];
   3.450 - 
   3.451 - 	int norm;
   3.452 - 	int input;
   3.453 -@@ -95,31 +97,28 @@
   3.454 - 		     unsigned int       len)
   3.455 - {
   3.456 - 	int ret = -1;
   3.457 --	u8 reg = *data++;
   3.458 -+	u8 reg = *data;		/* first register to write to */
   3.459 - 
   3.460 --	len--;
   3.461 -+	/* Sanity check */
   3.462 -+	if (reg + (len - 1) > SAA7110_NR_REG)
   3.463 -+		return ret;
   3.464 - 
   3.465 - 	/* the saa7110 has an autoincrement function, use it if
   3.466 - 	 * the adapter understands raw I2C */
   3.467 - 	if (i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) {
   3.468 - 		struct saa7110 *decoder = i2c_get_clientdata(client);
   3.469 - 		struct i2c_msg msg;
   3.470 --		u8 block_data[54];
   3.471 - 
   3.472 --		msg.len = 0;
   3.473 --		msg.buf = (char *) block_data;
   3.474 -+		msg.len = len;
   3.475 -+		msg.buf = (char *) data;
   3.476 - 		msg.addr = client->addr;
   3.477 --		msg.flags = client->flags;
   3.478 --		while (len >= 1) {
   3.479 --			msg.len = 0;
   3.480 --			block_data[msg.len++] = reg;
   3.481 --			while (len-- >= 1 && msg.len < 54)
   3.482 --				block_data[msg.len++] =
   3.483 --				    decoder->reg[reg++] = *data++;
   3.484 --			ret = i2c_transfer(client->adapter, &msg, 1);
   3.485 --		}
   3.486 -+		msg.flags = 0;
   3.487 -+		ret = i2c_transfer(client->adapter, &msg, 1);
   3.488 -+
   3.489 -+		/* Cache the written data */
   3.490 -+		memcpy(decoder->reg + reg, data + 1, len - 1);
   3.491 - 	} else {
   3.492 --		while (len-- >= 1) {
   3.493 -+		for (++data, --len; len; len--) {
   3.494 - 			if ((ret = saa7110_write(client, reg++,
   3.495 - 						 *data++)) < 0)
   3.496 - 				break;
   3.497 -@@ -192,7 +191,7 @@
   3.498 - 	return 0;
   3.499 - }
   3.500 - 
   3.501 --static const unsigned char initseq[] = {
   3.502 -+static const unsigned char initseq[1 + SAA7110_NR_REG] = {
   3.503 - 	0, 0x4C, 0x3C, 0x0D, 0xEF, 0xBD, 0xF2, 0x03, 0x00,
   3.504 - 	/* 0x08 */ 0xF8, 0xF8, 0x60, 0x60, 0x00, 0x86, 0x18, 0x90,
   3.505 - 	/* 0x10 */ 0x00, 0x59, 0x40, 0x46, 0x42, 0x1A, 0xFF, 0xDA,
   3.506 -diff -Nru a/drivers/media/video/saa7114.c b/drivers/media/video/saa7114.c
   3.507 ---- a/drivers/media/video/saa7114.c	2005-04-29 18:34:28 -07:00
   3.508 -+++ b/drivers/media/video/saa7114.c	2005-04-29 18:34:28 -07:00
   3.509 -@@ -163,7 +163,7 @@
   3.510 - 		u8 block_data[32];
   3.511 - 
   3.512 - 		msg.addr = client->addr;
   3.513 --		msg.flags = client->flags;
   3.514 -+		msg.flags = 0;
   3.515 - 		while (len >= 2) {
   3.516 - 			msg.buf = (char *) block_data;
   3.517 - 			msg.len = 0;
   3.518 -diff -Nru a/drivers/media/video/saa7185.c b/drivers/media/video/saa7185.c
   3.519 ---- a/drivers/media/video/saa7185.c	2005-04-29 18:34:28 -07:00
   3.520 -+++ b/drivers/media/video/saa7185.c	2005-04-29 18:34:28 -07:00
   3.521 -@@ -118,7 +118,7 @@
   3.522 - 		u8 block_data[32];
   3.523 - 
   3.524 - 		msg.addr = client->addr;
   3.525 --		msg.flags = client->flags;
   3.526 -+		msg.flags = 0;
   3.527 - 		while (len >= 2) {
   3.528 - 			msg.buf = (char *) block_data;
   3.529 - 			msg.len = 0;
   3.530 -diff -Nru a/drivers/net/amd8111e.c b/drivers/net/amd8111e.c
   3.531 ---- a/drivers/net/amd8111e.c	2005-04-29 18:34:28 -07:00
   3.532 -+++ b/drivers/net/amd8111e.c	2005-04-29 18:34:28 -07:00
   3.533 -@@ -1381,6 +1381,8 @@
   3.534 - 
   3.535 - 	if(amd8111e_restart(dev)){
   3.536 - 		spin_unlock_irq(&lp->lock);
   3.537 -+		if (dev->irq)
   3.538 -+			free_irq(dev->irq, dev);
   3.539 - 		return -ENOMEM;
   3.540 - 	}
   3.541 - 	/* Start ipg timer */
   3.542 -diff -Nru a/drivers/net/ppp_async.c b/drivers/net/ppp_async.c
   3.543 ---- a/drivers/net/ppp_async.c	2005-04-29 18:34:28 -07:00
   3.544 -+++ b/drivers/net/ppp_async.c	2005-04-29 18:34:28 -07:00
   3.545 -@@ -1000,7 +1000,7 @@
   3.546 - 	data += 4;
   3.547 - 	dlen -= 4;
   3.548 - 	/* data[0] is code, data[1] is length */
   3.549 --	while (dlen >= 2 && dlen >= data[1]) {
   3.550 -+	while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) {
   3.551 - 		switch (data[0]) {
   3.552 - 		case LCP_MRU:
   3.553 - 			val = (data[2] << 8) + data[3];
   3.554 -diff -Nru a/drivers/net/r8169.c b/drivers/net/r8169.c
   3.555 ---- a/drivers/net/r8169.c	2005-04-29 18:34:28 -07:00
   3.556 -+++ b/drivers/net/r8169.c	2005-04-29 18:34:28 -07:00
   3.557 -@@ -1683,16 +1683,19 @@
   3.558 - 	rtl8169_make_unusable_by_asic(desc);
   3.559 - }
   3.560 - 
   3.561 --static inline void rtl8169_return_to_asic(struct RxDesc *desc, int rx_buf_sz)
   3.562 -+static inline void rtl8169_mark_to_asic(struct RxDesc *desc, u32 rx_buf_sz)
   3.563 - {
   3.564 --	desc->opts1 |= cpu_to_le32(DescOwn + rx_buf_sz);
   3.565 -+	u32 eor = le32_to_cpu(desc->opts1) & RingEnd;
   3.566 -+
   3.567 -+	desc->opts1 = cpu_to_le32(DescOwn | eor | rx_buf_sz);
   3.568 - }
   3.569 - 
   3.570 --static inline void rtl8169_give_to_asic(struct RxDesc *desc, dma_addr_t mapping,
   3.571 --					int rx_buf_sz)
   3.572 -+static inline void rtl8169_map_to_asic(struct RxDesc *desc, dma_addr_t mapping,
   3.573 -+				       u32 rx_buf_sz)
   3.574 - {
   3.575 - 	desc->addr = cpu_to_le64(mapping);
   3.576 --	desc->opts1 |= cpu_to_le32(DescOwn + rx_buf_sz);
   3.577 -+	wmb();
   3.578 -+	rtl8169_mark_to_asic(desc, rx_buf_sz);
   3.579 - }
   3.580 - 
   3.581 - static int rtl8169_alloc_rx_skb(struct pci_dev *pdev, struct sk_buff **sk_buff,
   3.582 -@@ -1712,7 +1715,7 @@
   3.583 - 	mapping = pci_map_single(pdev, skb->tail, rx_buf_sz,
   3.584 - 				 PCI_DMA_FROMDEVICE);
   3.585 - 
   3.586 --	rtl8169_give_to_asic(desc, mapping, rx_buf_sz);
   3.587 -+	rtl8169_map_to_asic(desc, mapping, rx_buf_sz);
   3.588 - 
   3.589 - out:
   3.590 - 	return ret;
   3.591 -@@ -2150,7 +2153,7 @@
   3.592 - 			skb_reserve(skb, NET_IP_ALIGN);
   3.593 - 			eth_copy_and_sum(skb, sk_buff[0]->tail, pkt_size, 0);
   3.594 - 			*sk_buff = skb;
   3.595 --			rtl8169_return_to_asic(desc, rx_buf_sz);
   3.596 -+			rtl8169_mark_to_asic(desc, rx_buf_sz);
   3.597 - 			ret = 0;
   3.598 - 		}
   3.599 - 	}
   3.600 -diff -Nru a/drivers/net/sis900.c b/drivers/net/sis900.c
   3.601 ---- a/drivers/net/sis900.c	2005-04-29 18:34:27 -07:00
   3.602 -+++ b/drivers/net/sis900.c	2005-04-29 18:34:27 -07:00
   3.603 -@@ -236,7 +236,7 @@
   3.604 - 	signature = (u16) read_eeprom(ioaddr, EEPROMSignature);    
   3.605 - 	if (signature == 0xffff || signature == 0x0000) {
   3.606 - 		printk (KERN_INFO "%s: Error EERPOM read %x\n", 
   3.607 --			net_dev->name, signature);
   3.608 -+			pci_name(pci_dev), signature);
   3.609 - 		return 0;
   3.610 - 	}
   3.611 - 
   3.612 -@@ -268,7 +268,7 @@
   3.613 - 	if (!isa_bridge)
   3.614 - 		isa_bridge = pci_get_device(PCI_VENDOR_ID_SI, 0x0018, isa_bridge);
   3.615 - 	if (!isa_bridge) {
   3.616 --		printk("%s: Can not find ISA bridge\n", net_dev->name);
   3.617 -+		printk("%s: Can not find ISA bridge\n", pci_name(pci_dev));
   3.618 - 		return 0;
   3.619 - 	}
   3.620 - 	pci_read_config_byte(isa_bridge, 0x48, &reg);
   3.621 -@@ -456,10 +456,6 @@
   3.622 - 	net_dev->tx_timeout = sis900_tx_timeout;
   3.623 - 	net_dev->watchdog_timeo = TX_TIMEOUT;
   3.624 - 	net_dev->ethtool_ops = &sis900_ethtool_ops;
   3.625 --	
   3.626 --	ret = register_netdev(net_dev);
   3.627 --	if (ret)
   3.628 --		goto err_unmap_rx;
   3.629 - 		
   3.630 - 	/* Get Mac address according to the chip revision */
   3.631 - 	pci_read_config_byte(pci_dev, PCI_CLASS_REVISION, &revision);
   3.632 -@@ -476,7 +472,7 @@
   3.633 - 
   3.634 - 	if (ret == 0) {
   3.635 - 		ret = -ENODEV;
   3.636 --		goto err_out_unregister;
   3.637 -+		goto err_unmap_rx;
   3.638 - 	}
   3.639 - 	
   3.640 - 	/* 630ET : set the mii access mode as software-mode */
   3.641 -@@ -486,7 +482,7 @@
   3.642 - 	/* probe for mii transceiver */
   3.643 - 	if (sis900_mii_probe(net_dev) == 0) {
   3.644 - 		ret = -ENODEV;
   3.645 --		goto err_out_unregister;
   3.646 -+		goto err_unmap_rx;
   3.647 - 	}
   3.648 - 
   3.649 - 	/* save our host bridge revision */
   3.650 -@@ -496,6 +492,10 @@
   3.651 - 		pci_dev_put(dev);
   3.652 - 	}
   3.653 - 
   3.654 -+	ret = register_netdev(net_dev);
   3.655 -+	if (ret)
   3.656 -+		goto err_unmap_rx;
   3.657 -+
   3.658 - 	/* print some information about our NIC */
   3.659 - 	printk(KERN_INFO "%s: %s at %#lx, IRQ %d, ", net_dev->name,
   3.660 - 	       card_name, ioaddr, net_dev->irq);
   3.661 -@@ -505,8 +505,6 @@
   3.662 - 
   3.663 - 	return 0;
   3.664 - 
   3.665 -- err_out_unregister:
   3.666 -- 	unregister_netdev(net_dev);
   3.667 -  err_unmap_rx:
   3.668 - 	pci_free_consistent(pci_dev, RX_TOTAL_SIZE, sis_priv->rx_ring,
   3.669 - 		sis_priv->rx_ring_dma);
   3.670 -@@ -533,6 +531,7 @@
   3.671 - static int __init sis900_mii_probe(struct net_device * net_dev)
   3.672 - {
   3.673 - 	struct sis900_private * sis_priv = net_dev->priv;
   3.674 -+	const char *dev_name = pci_name(sis_priv->pci_dev);
   3.675 - 	u16 poll_bit = MII_STAT_LINK, status = 0;
   3.676 - 	unsigned long timeout = jiffies + 5 * HZ;
   3.677 - 	int phy_addr;
   3.678 -@@ -582,21 +581,20 @@
   3.679 - 					mii_phy->phy_types =
   3.680 - 					    (mii_status & (MII_STAT_CAN_TX_FDX | MII_STAT_CAN_TX)) ? LAN : HOME;
   3.681 - 				printk(KERN_INFO "%s: %s transceiver found at address %d.\n",
   3.682 --				       net_dev->name, mii_chip_table[i].name,
   3.683 -+				       dev_name, mii_chip_table[i].name,
   3.684 - 				       phy_addr);
   3.685 - 				break;
   3.686 - 			}
   3.687 - 			
   3.688 - 		if( !mii_chip_table[i].phy_id1 ) {
   3.689 - 			printk(KERN_INFO "%s: Unknown PHY transceiver found at address %d.\n",
   3.690 --			       net_dev->name, phy_addr);
   3.691 -+			       dev_name, phy_addr);
   3.692 - 			mii_phy->phy_types = UNKNOWN;
   3.693 - 		}
   3.694 - 	}
   3.695 - 	
   3.696 - 	if (sis_priv->mii == NULL) {
   3.697 --		printk(KERN_INFO "%s: No MII transceivers found!\n",
   3.698 --			net_dev->name);
   3.699 -+		printk(KERN_INFO "%s: No MII transceivers found!\n", dev_name);
   3.700 - 		return 0;
   3.701 - 	}
   3.702 - 
   3.703 -@@ -621,7 +619,7 @@
   3.704 - 			poll_bit ^= (mdio_read(net_dev, sis_priv->cur_phy, MII_STATUS) & poll_bit);
   3.705 - 			if (time_after_eq(jiffies, timeout)) {
   3.706 - 				printk(KERN_WARNING "%s: reset phy and link down now\n",
   3.707 --					net_dev->name);
   3.708 -+				       dev_name);
   3.709 - 				return -ETIME;
   3.710 - 			}
   3.711 - 		}
   3.712 -@@ -691,7 +689,7 @@
   3.713 - 		sis_priv->mii = default_phy;
   3.714 - 		sis_priv->cur_phy = default_phy->phy_addr;
   3.715 - 		printk(KERN_INFO "%s: Using transceiver found at address %d as default\n",
   3.716 --					net_dev->name,sis_priv->cur_phy);
   3.717 -+		       pci_name(sis_priv->pci_dev), sis_priv->cur_phy);
   3.718 - 	}
   3.719 - 	
   3.720 - 	status = mdio_read(net_dev, sis_priv->cur_phy, MII_CONTROL);
   3.721 -diff -Nru a/drivers/net/tun.c b/drivers/net/tun.c
   3.722 ---- a/drivers/net/tun.c	2005-04-29 18:34:27 -07:00
   3.723 -+++ b/drivers/net/tun.c	2005-04-29 18:34:27 -07:00
   3.724 -@@ -229,7 +229,7 @@
   3.725 - 	size_t len = count;
   3.726 - 
   3.727 - 	if (!(tun->flags & TUN_NO_PI)) {
   3.728 --		if ((len -= sizeof(pi)) > len)
   3.729 -+		if ((len -= sizeof(pi)) > count)
   3.730 - 			return -EINVAL;
   3.731 - 
   3.732 - 		if(memcpy_fromiovec((void *)&pi, iv, sizeof(pi)))
   3.733 -diff -Nru a/drivers/net/via-rhine.c b/drivers/net/via-rhine.c
   3.734 ---- a/drivers/net/via-rhine.c	2005-04-29 18:34:28 -07:00
   3.735 -+++ b/drivers/net/via-rhine.c	2005-04-29 18:34:28 -07:00
   3.736 -@@ -1197,8 +1197,10 @@
   3.737 - 		       dev->name, rp->pdev->irq);
   3.738 - 
   3.739 - 	rc = alloc_ring(dev);
   3.740 --	if (rc)
   3.741 -+	if (rc) {
   3.742 -+		free_irq(rp->pdev->irq, dev);
   3.743 - 		return rc;
   3.744 -+	}
   3.745 - 	alloc_rbufs(dev);
   3.746 - 	alloc_tbufs(dev);
   3.747 - 	rhine_chip_reset(dev);
   3.748 -@@ -1898,6 +1900,9 @@
   3.749 - 	struct net_device *dev = pci_get_drvdata(pdev);
   3.750 - 	struct rhine_private *rp = netdev_priv(dev);
   3.751 - 	void __iomem *ioaddr = rp->base;
   3.752 -+
   3.753 -+	if (!(rp->quirks & rqWOL))
   3.754 -+		return; /* Nothing to do for non-WOL adapters */
   3.755 - 
   3.756 - 	rhine_power_init(dev);
   3.757 - 
   3.758 -diff -Nru a/drivers/net/wan/hd6457x.c b/drivers/net/wan/hd6457x.c
   3.759 ---- a/drivers/net/wan/hd6457x.c	2005-04-29 18:34:27 -07:00
   3.760 -+++ b/drivers/net/wan/hd6457x.c	2005-04-29 18:34:27 -07:00
   3.761 -@@ -315,7 +315,7 @@
   3.762 - #endif
   3.763 - 	stats->rx_packets++;
   3.764 - 	stats->rx_bytes += skb->len;
   3.765 --	skb->dev->last_rx = jiffies;
   3.766 -+	dev->last_rx = jiffies;
   3.767 - 	skb->protocol = hdlc_type_trans(skb, dev);
   3.768 - 	netif_rx(skb);
   3.769 - }
   3.770 -diff -Nru a/drivers/pci/hotplug/pciehp_ctrl.c b/drivers/pci/hotplug/pciehp_ctrl.c
   3.771 ---- a/drivers/pci/hotplug/pciehp_ctrl.c	2005-04-29 18:34:27 -07:00
   3.772 -+++ b/drivers/pci/hotplug/pciehp_ctrl.c	2005-04-29 18:34:27 -07:00
   3.773 -@@ -1354,10 +1354,11 @@
   3.774 - 				dbg("PCI Bridge Hot-Remove s:b:d:f(%02x:%02x:%02x:%02x)\n", 
   3.775 - 					ctrl->seg, func->bus, func->device, func->function);
   3.776 - 				bridge_slot_remove(func);
   3.777 --			} else
   3.778 -+			} else {
   3.779 - 				dbg("PCI Function Hot-Remove s:b:d:f(%02x:%02x:%02x:%02x)\n", 
   3.780 - 					ctrl->seg, func->bus, func->device, func->function);
   3.781 - 				slot_remove(func);
   3.782 -+			}
   3.783 - 
   3.784 - 			func = pciehp_slot_find(ctrl->slot_bus, device, 0);
   3.785 - 		}
   3.786 -diff -Nru a/fs/binfmt_elf.c b/fs/binfmt_elf.c
   3.787 ---- a/fs/binfmt_elf.c	2005-04-29 18:34:28 -07:00
   3.788 -+++ b/fs/binfmt_elf.c	2005-04-29 18:34:28 -07:00
   3.789 -@@ -1008,6 +1008,7 @@
   3.790 - static int load_elf_library(struct file *file)
   3.791 - {
   3.792 - 	struct elf_phdr *elf_phdata;
   3.793 -+	struct elf_phdr *eppnt;
   3.794 - 	unsigned long elf_bss, bss, len;
   3.795 - 	int retval, error, i, j;
   3.796 - 	struct elfhdr elf_ex;
   3.797 -@@ -1031,44 +1032,47 @@
   3.798 - 	/* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
   3.799 - 
   3.800 - 	error = -ENOMEM;
   3.801 --	elf_phdata = (struct elf_phdr *) kmalloc(j, GFP_KERNEL);
   3.802 -+	elf_phdata = kmalloc(j, GFP_KERNEL);
   3.803 - 	if (!elf_phdata)
   3.804 - 		goto out;
   3.805 - 
   3.806 -+	eppnt = elf_phdata;
   3.807 - 	error = -ENOEXEC;
   3.808 --	retval = kernel_read(file, elf_ex.e_phoff, (char *) elf_phdata, j);
   3.809 -+	retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);
   3.810 - 	if (retval != j)
   3.811 - 		goto out_free_ph;
   3.812 - 
   3.813 - 	for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
   3.814 --		if ((elf_phdata + i)->p_type == PT_LOAD) j++;
   3.815 -+		if ((eppnt + i)->p_type == PT_LOAD)
   3.816 -+			j++;
   3.817 - 	if (j != 1)
   3.818 - 		goto out_free_ph;
   3.819 - 
   3.820 --	while (elf_phdata->p_type != PT_LOAD) elf_phdata++;
   3.821 -+	while (eppnt->p_type != PT_LOAD)
   3.822 -+		eppnt++;
   3.823 - 
   3.824 - 	/* Now use mmap to map the library into memory. */
   3.825 - 	down_write(&current->mm->mmap_sem);
   3.826 - 	error = do_mmap(file,
   3.827 --			ELF_PAGESTART(elf_phdata->p_vaddr),
   3.828 --			(elf_phdata->p_filesz +
   3.829 --			 ELF_PAGEOFFSET(elf_phdata->p_vaddr)),
   3.830 -+			ELF_PAGESTART(eppnt->p_vaddr),
   3.831 -+			(eppnt->p_filesz +
   3.832 -+			 ELF_PAGEOFFSET(eppnt->p_vaddr)),
   3.833 - 			PROT_READ | PROT_WRITE | PROT_EXEC,
   3.834 - 			MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
   3.835 --			(elf_phdata->p_offset -
   3.836 --			 ELF_PAGEOFFSET(elf_phdata->p_vaddr)));
   3.837 -+			(eppnt->p_offset -
   3.838 -+			 ELF_PAGEOFFSET(eppnt->p_vaddr)));
   3.839 - 	up_write(&current->mm->mmap_sem);
   3.840 --	if (error != ELF_PAGESTART(elf_phdata->p_vaddr))
   3.841 -+	if (error != ELF_PAGESTART(eppnt->p_vaddr))
   3.842 - 		goto out_free_ph;
   3.843 - 
   3.844 --	elf_bss = elf_phdata->p_vaddr + elf_phdata->p_filesz;
   3.845 -+	elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
   3.846 - 	if (padzero(elf_bss)) {
   3.847 - 		error = -EFAULT;
   3.848 - 		goto out_free_ph;
   3.849 - 	}
   3.850 - 
   3.851 --	len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1);
   3.852 --	bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
   3.853 -+	len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + ELF_MIN_ALIGN - 1);
   3.854 -+	bss = eppnt->p_memsz + eppnt->p_vaddr;
   3.855 - 	if (bss > len) {
   3.856 - 		down_write(&current->mm->mmap_sem);
   3.857 - 		do_brk(len, bss - len);
   3.858 -diff -Nru a/fs/cramfs/inode.c b/fs/cramfs/inode.c
   3.859 ---- a/fs/cramfs/inode.c	2005-04-29 18:34:27 -07:00
   3.860 -+++ b/fs/cramfs/inode.c	2005-04-29 18:34:27 -07:00
   3.861 -@@ -70,6 +70,7 @@
   3.862 - 			inode->i_data.a_ops = &cramfs_aops;
   3.863 - 		} else {
   3.864 - 			inode->i_size = 0;
   3.865 -+			inode->i_blocks = 0;
   3.866 - 			init_special_inode(inode, inode->i_mode,
   3.867 - 				old_decode_dev(cramfs_inode->size));
   3.868 - 		}
   3.869 -diff -Nru a/fs/eventpoll.c b/fs/eventpoll.c
   3.870 ---- a/fs/eventpoll.c	2005-04-29 18:34:27 -07:00
   3.871 -+++ b/fs/eventpoll.c	2005-04-29 18:34:27 -07:00
   3.872 -@@ -619,6 +619,7 @@
   3.873 - 	return error;
   3.874 - }
   3.875 - 
   3.876 -+#define MAX_EVENTS (INT_MAX / sizeof(struct epoll_event))
   3.877 - 
   3.878 - /*
   3.879 -  * Implement the event wait interface for the eventpoll file. It is the kernel
   3.880 -@@ -635,7 +636,7 @@
   3.881 - 		     current, epfd, events, maxevents, timeout));
   3.882 - 
   3.883 - 	/* The maximum number of event must be greater than zero */
   3.884 --	if (maxevents <= 0)
   3.885 -+	if (maxevents <= 0 || maxevents > MAX_EVENTS)
   3.886 - 		return -EINVAL;
   3.887 - 
   3.888 - 	/* Verify that the area passed by the user is writeable */
   3.889 -diff -Nru a/fs/exec.c b/fs/exec.c
   3.890 ---- a/fs/exec.c	2005-04-29 18:34:27 -07:00
   3.891 -+++ b/fs/exec.c	2005-04-29 18:34:27 -07:00
   3.892 -@@ -814,7 +814,7 @@
   3.893 - {
   3.894 - 	/* buf must be at least sizeof(tsk->comm) in size */
   3.895 - 	task_lock(tsk);
   3.896 --	memcpy(buf, tsk->comm, sizeof(tsk->comm));
   3.897 -+	strncpy(buf, tsk->comm, sizeof(tsk->comm));
   3.898 - 	task_unlock(tsk);
   3.899 - }
   3.900 - 
   3.901 -diff -Nru a/fs/ext2/dir.c b/fs/ext2/dir.c
   3.902 ---- a/fs/ext2/dir.c	2005-04-29 18:34:28 -07:00
   3.903 -+++ b/fs/ext2/dir.c	2005-04-29 18:34:28 -07:00
   3.904 -@@ -592,6 +592,7 @@
   3.905 - 		goto fail;
   3.906 - 	}
   3.907 - 	kaddr = kmap_atomic(page, KM_USER0);
   3.908 -+       memset(kaddr, 0, chunk_size);
   3.909 - 	de = (struct ext2_dir_entry_2 *)kaddr;
   3.910 - 	de->name_len = 1;
   3.911 - 	de->rec_len = cpu_to_le16(EXT2_DIR_REC_LEN(1));
   3.912 -diff -Nru a/fs/isofs/inode.c b/fs/isofs/inode.c
   3.913 ---- a/fs/isofs/inode.c	2005-04-29 18:34:28 -07:00
   3.914 -+++ b/fs/isofs/inode.c	2005-04-29 18:34:28 -07:00
   3.915 -@@ -685,6 +685,8 @@
   3.916 - 	  sbi->s_log_zone_size = isonum_723 (h_pri->logical_block_size);
   3.917 - 	  sbi->s_max_size = isonum_733(h_pri->volume_space_size);
   3.918 - 	} else {
   3.919 -+	  if (!pri)
   3.920 -+	    goto out_freebh;
   3.921 - 	  rootp = (struct iso_directory_record *) pri->root_directory_record;
   3.922 - 	  sbi->s_nzones = isonum_733 (pri->volume_space_size);
   3.923 - 	  sbi->s_log_zone_size = isonum_723 (pri->logical_block_size);
   3.924 -@@ -1394,6 +1396,9 @@
   3.925 - 	unsigned long hashval;
   3.926 - 	struct inode *inode;
   3.927 - 	struct isofs_iget5_callback_data data;
   3.928 -+
   3.929 -+	if (offset >= 1ul << sb->s_blocksize_bits)
   3.930 -+		return NULL;
   3.931 - 
   3.932 - 	data.block = block;
   3.933 - 	data.offset = offset;
   3.934 -diff -Nru a/fs/isofs/rock.c b/fs/isofs/rock.c
   3.935 ---- a/fs/isofs/rock.c	2005-04-29 18:34:28 -07:00
   3.936 -+++ b/fs/isofs/rock.c	2005-04-29 18:34:28 -07:00
   3.937 -@@ -53,6 +53,7 @@
   3.938 -   if(LEN & 1) LEN++;						\
   3.939 -   CHR = ((unsigned char *) DE) + LEN;				\
   3.940 -   LEN = *((unsigned char *) DE) - LEN;                          \
   3.941 -+  if (LEN<0) LEN=0;                                             \
   3.942 -   if (ISOFS_SB(inode->i_sb)->s_rock_offset!=-1)                \
   3.943 -   {                                                             \
   3.944 -      LEN-=ISOFS_SB(inode->i_sb)->s_rock_offset;                \
   3.945 -@@ -73,6 +74,10 @@
   3.946 -     offset1 = 0; \
   3.947 -     pbh = sb_bread(DEV->i_sb, block); \
   3.948 -     if(pbh){       \
   3.949 -+      if (offset > pbh->b_size || offset + cont_size > pbh->b_size){	\
   3.950 -+	brelse(pbh); \
   3.951 -+	goto out; \
   3.952 -+      } \
   3.953 -       memcpy(buffer + offset1, pbh->b_data + offset, cont_size - offset1); \
   3.954 -       brelse(pbh); \
   3.955 -       chr = (unsigned char *) buffer; \
   3.956 -@@ -103,12 +108,13 @@
   3.957 -     struct rock_ridge * rr;
   3.958 -     int sig;
   3.959 -     
   3.960 --    while (len > 1){ /* There may be one byte for padding somewhere */
   3.961 -+    while (len > 2){ /* There may be one byte for padding somewhere */
   3.962 -       rr = (struct rock_ridge *) chr;
   3.963 --      if (rr->len == 0) goto out; /* Something got screwed up here */
   3.964 -+      if (rr->len < 3) goto out; /* Something got screwed up here */
   3.965 -       sig = isonum_721(chr);
   3.966 -       chr += rr->len; 
   3.967 -       len -= rr->len;
   3.968 -+      if (len < 0) goto out;	/* corrupted isofs */
   3.969 - 
   3.970 -       switch(sig){
   3.971 -       case SIG('R','R'):
   3.972 -@@ -122,6 +128,7 @@
   3.973 - 	break;
   3.974 -       case SIG('N','M'):
   3.975 - 	if (truncate) break;
   3.976 -+	if (rr->len < 5) break;
   3.977 -         /*
   3.978 - 	 * If the flags are 2 or 4, this indicates '.' or '..'.
   3.979 - 	 * We don't want to do anything with this, because it
   3.980 -@@ -186,12 +193,13 @@
   3.981 -     struct rock_ridge * rr;
   3.982 -     int rootflag;
   3.983 -     
   3.984 --    while (len > 1){ /* There may be one byte for padding somewhere */
   3.985 -+    while (len > 2){ /* There may be one byte for padding somewhere */
   3.986 -       rr = (struct rock_ridge *) chr;
   3.987 --      if (rr->len == 0) goto out; /* Something got screwed up here */
   3.988 -+      if (rr->len < 3) goto out; /* Something got screwed up here */
   3.989 -       sig = isonum_721(chr);
   3.990 -       chr += rr->len; 
   3.991 -       len -= rr->len;
   3.992 -+      if (len < 0) goto out;	/* corrupted isofs */
   3.993 -       
   3.994 -       switch(sig){
   3.995 - #ifndef CONFIG_ZISOFS		/* No flag for SF or ZF */
   3.996 -@@ -462,7 +470,7 @@
   3.997 - 	struct rock_ridge *rr;
   3.998 - 
   3.999 - 	if (!ISOFS_SB(inode->i_sb)->s_rock)
  3.1000 --		panic ("Cannot have symlink with high sierra variant of iso filesystem\n");
  3.1001 -+		goto error;
  3.1002 - 
  3.1003 - 	block = ei->i_iget5_block;
  3.1004 - 	lock_kernel();
  3.1005 -@@ -487,13 +495,15 @@
  3.1006 - 	SETUP_ROCK_RIDGE(raw_inode, chr, len);
  3.1007 - 
  3.1008 -       repeat:
  3.1009 --	while (len > 1) { /* There may be one byte for padding somewhere */
  3.1010 -+	while (len > 2) { /* There may be one byte for padding somewhere */
  3.1011 - 		rr = (struct rock_ridge *) chr;
  3.1012 --		if (rr->len == 0)
  3.1013 -+		if (rr->len < 3)
  3.1014 - 			goto out;	/* Something got screwed up here */
  3.1015 - 		sig = isonum_721(chr);
  3.1016 - 		chr += rr->len;
  3.1017 - 		len -= rr->len;
  3.1018 -+		if (len < 0)
  3.1019 -+			goto out;	/* corrupted isofs */
  3.1020 - 
  3.1021 - 		switch (sig) {
  3.1022 - 		case SIG('R', 'R'):
  3.1023 -@@ -543,6 +553,7 @@
  3.1024 -       fail:
  3.1025 - 	brelse(bh);
  3.1026 - 	unlock_kernel();
  3.1027 -+      error:
  3.1028 - 	SetPageError(page);
  3.1029 - 	kunmap(page);
  3.1030 - 	unlock_page(page);
  3.1031 -diff -Nru a/fs/jbd/transaction.c b/fs/jbd/transaction.c
  3.1032 ---- a/fs/jbd/transaction.c	2005-04-29 18:34:27 -07:00
  3.1033 -+++ b/fs/jbd/transaction.c	2005-04-29 18:34:27 -07:00
  3.1034 -@@ -1775,10 +1775,10 @@
  3.1035 - 			JBUFFER_TRACE(jh, "checkpointed: add to BJ_Forget");
  3.1036 - 			ret = __dispose_buffer(jh,
  3.1037 - 					journal->j_running_transaction);
  3.1038 -+			journal_put_journal_head(jh);
  3.1039 - 			spin_unlock(&journal->j_list_lock);
  3.1040 - 			jbd_unlock_bh_state(bh);
  3.1041 - 			spin_unlock(&journal->j_state_lock);
  3.1042 --			journal_put_journal_head(jh);
  3.1043 - 			return ret;
  3.1044 - 		} else {
  3.1045 - 			/* There is no currently-running transaction. So the
  3.1046 -@@ -1789,10 +1789,10 @@
  3.1047 - 				JBUFFER_TRACE(jh, "give to committing trans");
  3.1048 - 				ret = __dispose_buffer(jh,
  3.1049 - 					journal->j_committing_transaction);
  3.1050 -+				journal_put_journal_head(jh);
  3.1051 - 				spin_unlock(&journal->j_list_lock);
  3.1052 - 				jbd_unlock_bh_state(bh);
  3.1053 - 				spin_unlock(&journal->j_state_lock);
  3.1054 --				journal_put_journal_head(jh);
  3.1055 - 				return ret;
  3.1056 - 			} else {
  3.1057 - 				/* The orphan record's transaction has
  3.1058 -@@ -1813,10 +1813,10 @@
  3.1059 - 					journal->j_running_transaction);
  3.1060 - 			jh->b_next_transaction = NULL;
  3.1061 - 		}
  3.1062 -+		journal_put_journal_head(jh);
  3.1063 - 		spin_unlock(&journal->j_list_lock);
  3.1064 - 		jbd_unlock_bh_state(bh);
  3.1065 - 		spin_unlock(&journal->j_state_lock);
  3.1066 --		journal_put_journal_head(jh);
  3.1067 - 		return 0;
  3.1068 - 	} else {
  3.1069 - 		/* Good, the buffer belongs to the running transaction.
  3.1070 -diff -Nru a/fs/partitions/msdos.c b/fs/partitions/msdos.c
  3.1071 ---- a/fs/partitions/msdos.c	2005-04-29 18:34:28 -07:00
  3.1072 -+++ b/fs/partitions/msdos.c	2005-04-29 18:34:28 -07:00
  3.1073 -@@ -114,6 +114,9 @@
  3.1074 - 		 */
  3.1075 - 		for (i=0; i<4; i++, p++) {
  3.1076 - 			u32 offs, size, next;
  3.1077 -+
  3.1078 -+			if (SYS_IND(p) == 0)
  3.1079 -+				continue;
  3.1080 - 			if (!NR_SECTS(p) || is_extended_partition(p))
  3.1081 - 				continue;
  3.1082 - 
  3.1083 -@@ -430,6 +433,8 @@
  3.1084 - 	for (slot = 1 ; slot <= 4 ; slot++, p++) {
  3.1085 - 		u32 start = START_SECT(p)*sector_size;
  3.1086 - 		u32 size = NR_SECTS(p)*sector_size;
  3.1087 -+		if (SYS_IND(p) == 0)
  3.1088 -+			continue;
  3.1089 - 		if (!size)
  3.1090 - 			continue;
  3.1091 - 		if (is_extended_partition(p)) {
  3.1092 -diff -Nru a/kernel/signal.c b/kernel/signal.c
  3.1093 ---- a/kernel/signal.c	2005-04-29 18:34:27 -07:00
  3.1094 -+++ b/kernel/signal.c	2005-04-29 18:34:27 -07:00
  3.1095 -@@ -1728,6 +1728,7 @@
  3.1096 - 			 * with another processor delivering a stop signal,
  3.1097 - 			 * then the SIGCONT that wakes us up should clear it.
  3.1098 - 			 */
  3.1099 -+			read_unlock(&tasklist_lock);
  3.1100 - 			return 0;
  3.1101 - 		}
  3.1102 - 
  3.1103 -diff -Nru a/lib/rwsem-spinlock.c b/lib/rwsem-spinlock.c
  3.1104 ---- a/lib/rwsem-spinlock.c	2005-04-29 18:34:28 -07:00
  3.1105 -+++ b/lib/rwsem-spinlock.c	2005-04-29 18:34:28 -07:00
  3.1106 -@@ -140,12 +140,12 @@
  3.1107 - 
  3.1108 - 	rwsemtrace(sem, "Entering __down_read");
  3.1109 - 
  3.1110 --	spin_lock(&sem->wait_lock);
  3.1111 -+	spin_lock_irq(&sem->wait_lock);
  3.1112 - 
  3.1113 - 	if (sem->activity >= 0 && list_empty(&sem->wait_list)) {
  3.1114 - 		/* granted */
  3.1115 - 		sem->activity++;
  3.1116 --		spin_unlock(&sem->wait_lock);
  3.1117 -+		spin_unlock_irq(&sem->wait_lock);
  3.1118 - 		goto out;
  3.1119 - 	}
  3.1120 - 
  3.1121 -@@ -160,7 +160,7 @@
  3.1122 - 	list_add_tail(&waiter.list, &sem->wait_list);
  3.1123 - 
  3.1124 - 	/* we don't need to touch the semaphore struct anymore */
  3.1125 --	spin_unlock(&sem->wait_lock);
  3.1126 -+	spin_unlock_irq(&sem->wait_lock);
  3.1127 - 
  3.1128 - 	/* wait to be given the lock */
  3.1129 - 	for (;;) {
  3.1130 -@@ -181,10 +181,12 @@
  3.1131 -  */
  3.1132 - int fastcall __down_read_trylock(struct rw_semaphore *sem)
  3.1133 - {
  3.1134 -+	unsigned long flags;
  3.1135 - 	int ret = 0;
  3.1136 -+
  3.1137 - 	rwsemtrace(sem, "Entering __down_read_trylock");
  3.1138 - 
  3.1139 --	spin_lock(&sem->wait_lock);
  3.1140 -+	spin_lock_irqsave(&sem->wait_lock, flags);
  3.1141 - 
  3.1142 - 	if (sem->activity >= 0 && list_empty(&sem->wait_list)) {
  3.1143 - 		/* granted */
  3.1144 -@@ -192,7 +194,7 @@
  3.1145 - 		ret = 1;
  3.1146 - 	}
  3.1147 - 
  3.1148 --	spin_unlock(&sem->wait_lock);
  3.1149 -+	spin_unlock_irqrestore(&sem->wait_lock, flags);
  3.1150 - 
  3.1151 - 	rwsemtrace(sem, "Leaving __down_read_trylock");
  3.1152 - 	return ret;
  3.1153 -@@ -209,12 +211,12 @@
  3.1154 - 
  3.1155 - 	rwsemtrace(sem, "Entering __down_write");
  3.1156 - 
  3.1157 --	spin_lock(&sem->wait_lock);
  3.1158 -+	spin_lock_irq(&sem->wait_lock);
  3.1159 - 
  3.1160 - 	if (sem->activity == 0 && list_empty(&sem->wait_list)) {
  3.1161 - 		/* granted */
  3.1162 - 		sem->activity = -1;
  3.1163 --		spin_unlock(&sem->wait_lock);
  3.1164 -+		spin_unlock_irq(&sem->wait_lock);
  3.1165 - 		goto out;
  3.1166 - 	}
  3.1167 - 
  3.1168 -@@ -229,7 +231,7 @@
  3.1169 - 	list_add_tail(&waiter.list, &sem->wait_list);
  3.1170 - 
  3.1171 - 	/* we don't need to touch the semaphore struct anymore */
  3.1172 --	spin_unlock(&sem->wait_lock);
  3.1173 -+	spin_unlock_irq(&sem->wait_lock);
  3.1174 - 
  3.1175 - 	/* wait to be given the lock */
  3.1176 - 	for (;;) {
  3.1177 -@@ -250,10 +252,12 @@
  3.1178 -  */
  3.1179 - int fastcall __down_write_trylock(struct rw_semaphore *sem)
  3.1180 - {
  3.1181 -+	unsigned long flags;
  3.1182 - 	int ret = 0;
  3.1183 -+
  3.1184 - 	rwsemtrace(sem, "Entering __down_write_trylock");
  3.1185 - 
  3.1186 --	spin_lock(&sem->wait_lock);
  3.1187 -+	spin_lock_irqsave(&sem->wait_lock, flags);
  3.1188 - 
  3.1189 - 	if (sem->activity == 0 && list_empty(&sem->wait_list)) {
  3.1190 - 		/* granted */
  3.1191 -@@ -261,7 +265,7 @@
  3.1192 - 		ret = 1;
  3.1193 - 	}
  3.1194 - 
  3.1195 --	spin_unlock(&sem->wait_lock);
  3.1196 -+	spin_unlock_irqrestore(&sem->wait_lock, flags);
  3.1197 - 
  3.1198 - 	rwsemtrace(sem, "Leaving __down_write_trylock");
  3.1199 - 	return ret;
  3.1200 -@@ -272,14 +276,16 @@
  3.1201 -  */
  3.1202 - void fastcall __up_read(struct rw_semaphore *sem)
  3.1203 - {
  3.1204 -+	unsigned long flags;
  3.1205 -+
  3.1206 - 	rwsemtrace(sem, "Entering __up_read");
  3.1207 - 
  3.1208 --	spin_lock(&sem->wait_lock);
  3.1209 -+	spin_lock_irqsave(&sem->wait_lock, flags);
  3.1210 - 
  3.1211 - 	if (--sem->activity == 0 && !list_empty(&sem->wait_list))
  3.1212 - 		sem = __rwsem_wake_one_writer(sem);
  3.1213 - 
  3.1214 --	spin_unlock(&sem->wait_lock);
  3.1215 -+	spin_unlock_irqrestore(&sem->wait_lock, flags);
  3.1216 - 
  3.1217 - 	rwsemtrace(sem, "Leaving __up_read");
  3.1218 - }
  3.1219 -@@ -289,15 +295,17 @@
  3.1220 -  */
  3.1221 - void fastcall __up_write(struct rw_semaphore *sem)
  3.1222 - {
  3.1223 -+	unsigned long flags;
  3.1224 -+
  3.1225 - 	rwsemtrace(sem, "Entering __up_write");
  3.1226 - 
  3.1227 --	spin_lock(&sem->wait_lock);
  3.1228 -+	spin_lock_irqsave(&sem->wait_lock, flags);
  3.1229 - 
  3.1230 - 	sem->activity = 0;
  3.1231 - 	if (!list_empty(&sem->wait_list))
  3.1232 - 		sem = __rwsem_do_wake(sem, 1);
  3.1233 - 
  3.1234 --	spin_unlock(&sem->wait_lock);
  3.1235 -+	spin_unlock_irqrestore(&sem->wait_lock, flags);
  3.1236 - 
  3.1237 - 	rwsemtrace(sem, "Leaving __up_write");
  3.1238 - }
  3.1239 -@@ -308,15 +316,17 @@
  3.1240 -  */
  3.1241 - void fastcall __downgrade_write(struct rw_semaphore *sem)
  3.1242 - {
  3.1243 -+	unsigned long flags;
  3.1244 -+
  3.1245 - 	rwsemtrace(sem, "Entering __downgrade_write");
  3.1246 - 
  3.1247 --	spin_lock(&sem->wait_lock);
  3.1248 -+	spin_lock_irqsave(&sem->wait_lock, flags);
  3.1249 - 
  3.1250 - 	sem->activity = 1;
  3.1251 - 	if (!list_empty(&sem->wait_list))
  3.1252 - 		sem = __rwsem_do_wake(sem, 0);
  3.1253 - 
  3.1254 --	spin_unlock(&sem->wait_lock);
  3.1255 -+	spin_unlock_irqrestore(&sem->wait_lock, flags);
  3.1256 - 
  3.1257 - 	rwsemtrace(sem, "Leaving __downgrade_write");
  3.1258 - }
  3.1259 -diff -Nru a/lib/rwsem.c b/lib/rwsem.c
  3.1260 ---- a/lib/rwsem.c	2005-04-29 18:34:28 -07:00
  3.1261 -+++ b/lib/rwsem.c	2005-04-29 18:34:28 -07:00
  3.1262 -@@ -150,7 +150,7 @@
  3.1263 - 	set_task_state(tsk, TASK_UNINTERRUPTIBLE);
  3.1264 - 
  3.1265 - 	/* set up my own style of waitqueue */
  3.1266 --	spin_lock(&sem->wait_lock);
  3.1267 -+	spin_lock_irq(&sem->wait_lock);
  3.1268 - 	waiter->task = tsk;
  3.1269 - 	get_task_struct(tsk);
  3.1270 - 
  3.1271 -@@ -163,7 +163,7 @@
  3.1272 - 	if (!(count & RWSEM_ACTIVE_MASK))
  3.1273 - 		sem = __rwsem_do_wake(sem, 0);
  3.1274 - 
  3.1275 --	spin_unlock(&sem->wait_lock);
  3.1276 -+	spin_unlock_irq(&sem->wait_lock);
  3.1277 - 
  3.1278 - 	/* wait to be given the lock */
  3.1279 - 	for (;;) {
  3.1280 -@@ -219,15 +219,17 @@
  3.1281 -  */
  3.1282 - struct rw_semaphore fastcall *rwsem_wake(struct rw_semaphore *sem)
  3.1283 - {
  3.1284 -+	unsigned long flags;
  3.1285 -+
  3.1286 - 	rwsemtrace(sem, "Entering rwsem_wake");
  3.1287 - 
  3.1288 --	spin_lock(&sem->wait_lock);
  3.1289 -+	spin_lock_irqsave(&sem->wait_lock, flags);
  3.1290 - 
  3.1291 - 	/* do nothing if list empty */
  3.1292 - 	if (!list_empty(&sem->wait_list))
  3.1293 - 		sem = __rwsem_do_wake(sem, 0);
  3.1294 - 
  3.1295 --	spin_unlock(&sem->wait_lock);
  3.1296 -+	spin_unlock_irqrestore(&sem->wait_lock, flags);
  3.1297 - 
  3.1298 - 	rwsemtrace(sem, "Leaving rwsem_wake");
  3.1299 - 
  3.1300 -@@ -241,15 +243,17 @@
  3.1301 -  */
  3.1302 - struct rw_semaphore fastcall *rwsem_downgrade_wake(struct rw_semaphore *sem)
  3.1303 - {
  3.1304 -+	unsigned long flags;
  3.1305 -+
  3.1306 - 	rwsemtrace(sem, "Entering rwsem_downgrade_wake");
  3.1307 - 
  3.1308 --	spin_lock(&sem->wait_lock);
  3.1309 -+	spin_lock_irqsave(&sem->wait_lock, flags);
  3.1310 - 
  3.1311 - 	/* do nothing if list empty */
  3.1312 - 	if (!list_empty(&sem->wait_list))
  3.1313 - 		sem = __rwsem_do_wake(sem, 1);
  3.1314 - 
  3.1315 --	spin_unlock(&sem->wait_lock);
  3.1316 -+	spin_unlock_irqrestore(&sem->wait_lock, flags);
  3.1317 - 
  3.1318 - 	rwsemtrace(sem, "Leaving rwsem_downgrade_wake");
  3.1319 - 	return sem;
  3.1320 -diff -Nru a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
  3.1321 ---- a/net/bluetooth/af_bluetooth.c	2005-04-29 18:34:27 -07:00
  3.1322 -+++ b/net/bluetooth/af_bluetooth.c	2005-04-29 18:34:27 -07:00
  3.1323 -@@ -64,7 +64,7 @@
  3.1324 - 
  3.1325 - int bt_sock_register(int proto, struct net_proto_family *ops)
  3.1326 - {
  3.1327 --	if (proto >= BT_MAX_PROTO)
  3.1328 -+	if (proto < 0 || proto >= BT_MAX_PROTO)
  3.1329 - 		return -EINVAL;
  3.1330 - 
  3.1331 - 	if (bt_proto[proto])
  3.1332 -@@ -77,7 +77,7 @@
  3.1333 - 
  3.1334 - int bt_sock_unregister(int proto)
  3.1335 - {
  3.1336 --	if (proto >= BT_MAX_PROTO)
  3.1337 -+	if (proto < 0 || proto >= BT_MAX_PROTO)
  3.1338 - 		return -EINVAL;
  3.1339 - 
  3.1340 - 	if (!bt_proto[proto])
  3.1341 -@@ -92,7 +92,7 @@
  3.1342 - {
  3.1343 - 	int err = 0;
  3.1344 - 
  3.1345 --	if (proto >= BT_MAX_PROTO)
  3.1346 -+	if (proto < 0 || proto >= BT_MAX_PROTO)
  3.1347 - 		return -EINVAL;
  3.1348 - 
  3.1349 - #if defined(CONFIG_KMOD)
  3.1350 -diff -Nru a/net/ipv4/fib_hash.c b/net/ipv4/fib_hash.c
  3.1351 ---- a/net/ipv4/fib_hash.c	2005-04-29 18:34:28 -07:00
  3.1352 -+++ b/net/ipv4/fib_hash.c	2005-04-29 18:34:28 -07:00
  3.1353 -@@ -919,13 +919,23 @@
  3.1354 - 	return fa;
  3.1355 - }
  3.1356 - 
  3.1357 -+static struct fib_alias *fib_get_idx(struct seq_file *seq, loff_t pos)
  3.1358 -+{
  3.1359 -+	struct fib_alias *fa = fib_get_first(seq);
  3.1360 -+
  3.1361 -+	if (fa)
  3.1362 -+		while (pos && (fa = fib_get_next(seq)))
  3.1363 -+			--pos;
  3.1364 -+	return pos ? NULL : fa;
  3.1365 -+}
  3.1366 -+
  3.1367 - static void *fib_seq_start(struct seq_file *seq, loff_t *pos)
  3.1368 - {
  3.1369 - 	void *v = NULL;
  3.1370 - 
  3.1371 - 	read_lock(&fib_hash_lock);
  3.1372 - 	if (ip_fib_main_table)
  3.1373 --		v = *pos ? fib_get_next(seq) : SEQ_START_TOKEN;
  3.1374 -+		v = *pos ? fib_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
  3.1375 - 	return v;
  3.1376 - }
  3.1377 - 
  3.1378 -diff -Nru a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
  3.1379 ---- a/net/ipv4/tcp_input.c	2005-04-29 18:34:28 -07:00
  3.1380 -+++ b/net/ipv4/tcp_input.c	2005-04-29 18:34:28 -07:00
  3.1381 -@@ -1653,7 +1653,10 @@
  3.1382 - static void tcp_undo_cwr(struct tcp_sock *tp, int undo)
  3.1383 - {
  3.1384 - 	if (tp->prior_ssthresh) {
  3.1385 --		tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1);
  3.1386 -+		if (tcp_is_bic(tp))
  3.1387 -+			tp->snd_cwnd = max(tp->snd_cwnd, tp->bictcp.last_max_cwnd);
  3.1388 -+		else
  3.1389 -+			tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1);
  3.1390 - 
  3.1391 - 		if (undo && tp->prior_ssthresh > tp->snd_ssthresh) {
  3.1392 - 			tp->snd_ssthresh = tp->prior_ssthresh;
  3.1393 -diff -Nru a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
  3.1394 ---- a/net/ipv4/tcp_timer.c	2005-04-29 18:34:28 -07:00
  3.1395 -+++ b/net/ipv4/tcp_timer.c	2005-04-29 18:34:28 -07:00
  3.1396 -@@ -38,6 +38,7 @@
  3.1397 - 
  3.1398 - #ifdef TCP_DEBUG
  3.1399 - const char tcp_timer_bug_msg[] = KERN_DEBUG "tcpbug: unknown timer value\n";
  3.1400 -+EXPORT_SYMBOL(tcp_timer_bug_msg);
  3.1401 - #endif
  3.1402 - 
  3.1403 - /*
  3.1404 -diff -Nru a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
  3.1405 ---- a/net/ipv4/xfrm4_output.c	2005-04-29 18:34:27 -07:00
  3.1406 -+++ b/net/ipv4/xfrm4_output.c	2005-04-29 18:34:27 -07:00
  3.1407 -@@ -103,16 +103,16 @@
  3.1408 - 			goto error_nolock;
  3.1409 - 	}
  3.1410 - 
  3.1411 --	spin_lock_bh(&x->lock);
  3.1412 --	err = xfrm_state_check(x, skb);
  3.1413 --	if (err)
  3.1414 --		goto error;
  3.1415 --
  3.1416 - 	if (x->props.mode) {
  3.1417 - 		err = xfrm4_tunnel_check_size(skb);
  3.1418 - 		if (err)
  3.1419 --			goto error;
  3.1420 -+			goto error_nolock;
  3.1421 - 	}
  3.1422 -+
  3.1423 -+	spin_lock_bh(&x->lock);
  3.1424 -+	err = xfrm_state_check(x, skb);
  3.1425 -+	if (err)
  3.1426 -+		goto error;
  3.1427 - 
  3.1428 - 	xfrm4_encap(skb);
  3.1429 - 
  3.1430 -diff -Nru a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
  3.1431 ---- a/net/ipv6/xfrm6_output.c	2005-04-29 18:34:28 -07:00
  3.1432 -+++ b/net/ipv6/xfrm6_output.c	2005-04-29 18:34:28 -07:00
  3.1433 -@@ -103,16 +103,16 @@
  3.1434 - 			goto error_nolock;
  3.1435 - 	}
  3.1436 - 
  3.1437 --	spin_lock_bh(&x->lock);
  3.1438 --	err = xfrm_state_check(x, skb);
  3.1439 --	if (err)
  3.1440 --		goto error;
  3.1441 --
  3.1442 - 	if (x->props.mode) {
  3.1443 - 		err = xfrm6_tunnel_check_size(skb);
  3.1444 - 		if (err)
  3.1445 --			goto error;
  3.1446 -+			goto error_nolock;
  3.1447 - 	}
  3.1448 -+
  3.1449 -+	spin_lock_bh(&x->lock);
  3.1450 -+	err = xfrm_state_check(x, skb);
  3.1451 -+	if (err)
  3.1452 -+		goto error;
  3.1453 - 
  3.1454 - 	xfrm6_encap(skb);
  3.1455 - 
  3.1456 -diff -Nru a/net/netrom/nr_in.c b/net/netrom/nr_in.c
  3.1457 ---- a/net/netrom/nr_in.c	2005-04-29 18:34:27 -07:00
  3.1458 -+++ b/net/netrom/nr_in.c	2005-04-29 18:34:27 -07:00
  3.1459 -@@ -74,7 +74,6 @@
  3.1460 - static int nr_state1_machine(struct sock *sk, struct sk_buff *skb,
  3.1461 - 	int frametype)
  3.1462 - {
  3.1463 --	bh_lock_sock(sk);
  3.1464 - 	switch (frametype) {
  3.1465 - 	case NR_CONNACK: {
  3.1466 - 		nr_cb *nr = nr_sk(sk);
  3.1467 -@@ -103,8 +102,6 @@
  3.1468 - 	default:
  3.1469 - 		break;
  3.1470 - 	}
  3.1471 --	bh_unlock_sock(sk);
  3.1472 --
  3.1473 - 	return 0;
  3.1474 - }
  3.1475 - 
  3.1476 -@@ -116,7 +113,6 @@
  3.1477 - static int nr_state2_machine(struct sock *sk, struct sk_buff *skb,
  3.1478 - 	int frametype)
  3.1479 - {
  3.1480 --	bh_lock_sock(sk);
  3.1481 - 	switch (frametype) {
  3.1482 - 	case NR_CONNACK | NR_CHOKE_FLAG:
  3.1483 - 		nr_disconnect(sk, ECONNRESET);
  3.1484 -@@ -132,8 +128,6 @@
  3.1485 - 	default:
  3.1486 - 		break;
  3.1487 - 	}
  3.1488 --	bh_unlock_sock(sk);
  3.1489 --
  3.1490 - 	return 0;
  3.1491 - }
  3.1492 - 
  3.1493 -@@ -154,7 +148,6 @@
  3.1494 - 	nr = skb->data[18];
  3.1495 - 	ns = skb->data[17];
  3.1496 - 
  3.1497 --	bh_lock_sock(sk);
  3.1498 - 	switch (frametype) {
  3.1499 - 	case NR_CONNREQ:
  3.1500 - 		nr_write_internal(sk, NR_CONNACK);
  3.1501 -@@ -265,8 +258,6 @@
  3.1502 - 	default:
  3.1503 - 		break;
  3.1504 - 	}
  3.1505 --	bh_unlock_sock(sk);
  3.1506 --
  3.1507 - 	return queued;
  3.1508 - }
  3.1509 - 
  3.1510 -diff -Nru a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
  3.1511 ---- a/net/xfrm/xfrm_state.c	2005-04-29 18:34:28 -07:00
  3.1512 -+++ b/net/xfrm/xfrm_state.c	2005-04-29 18:34:28 -07:00
  3.1513 -@@ -609,7 +609,7 @@
  3.1514 - 
  3.1515 - 	for (i = 0; i < XFRM_DST_HSIZE; i++) {
  3.1516 - 		list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
  3.1517 --			if (x->km.seq == seq) {
  3.1518 -+			if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) {
  3.1519 - 				xfrm_state_hold(x);
  3.1520 - 				return x;
  3.1521 - 			}
  3.1522 -diff -Nru a/security/keys/key.c b/security/keys/key.c
  3.1523 ---- a/security/keys/key.c	2005-04-29 18:34:28 -07:00
  3.1524 -+++ b/security/keys/key.c	2005-04-29 18:34:28 -07:00
  3.1525 -@@ -57,9 +57,10 @@
  3.1526 - {
  3.1527 - 	struct key_user *candidate = NULL, *user;
  3.1528 - 	struct rb_node *parent = NULL;
  3.1529 --	struct rb_node **p = &key_user_tree.rb_node;
  3.1530 -+	struct rb_node **p;
  3.1531 - 
  3.1532 -  try_again:
  3.1533 -+	p = &key_user_tree.rb_node;
  3.1534 - 	spin_lock(&key_user_lock);
  3.1535 - 
  3.1536 - 	/* search the tree for a user record with a matching UID */
  3.1537 -diff -Nru a/sound/core/timer.c b/sound/core/timer.c
  3.1538 ---- a/sound/core/timer.c	2005-04-29 18:34:28 -07:00
  3.1539 -+++ b/sound/core/timer.c	2005-04-29 18:34:28 -07:00
  3.1540 -@@ -1117,7 +1117,8 @@
  3.1541 - 	if (tu->qused >= tu->queue_size) {
  3.1542 - 		tu->overrun++;
  3.1543 - 	} else {
  3.1544 --		memcpy(&tu->queue[tu->qtail++], tread, sizeof(*tread));
  3.1545 -+		memcpy(&tu->tqueue[tu->qtail++], tread, sizeof(*tread));
  3.1546 -+		tu->qtail %= tu->queue_size;
  3.1547 - 		tu->qused++;
  3.1548 - 	}
  3.1549 - }
  3.1550 -@@ -1140,6 +1141,8 @@
  3.1551 - 	spin_lock(&tu->qlock);
  3.1552 - 	snd_timer_user_append_to_tqueue(tu, &r1);
  3.1553 - 	spin_unlock(&tu->qlock);
  3.1554 -+	kill_fasync(&tu->fasync, SIGIO, POLL_IN);
  3.1555 -+	wake_up(&tu->qchange_sleep);
  3.1556 - }
  3.1557 - 
  3.1558 - static void snd_timer_user_tinterrupt(snd_timer_instance_t *timeri,
  3.1559 -diff -Nru a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c
  3.1560 ---- a/sound/pci/ac97/ac97_codec.c	2005-04-29 18:34:28 -07:00
  3.1561 -+++ b/sound/pci/ac97/ac97_codec.c	2005-04-29 18:34:28 -07:00
  3.1562 -@@ -1185,7 +1185,7 @@
  3.1563 - /*
  3.1564 -  * create mute switch(es) for normal stereo controls
  3.1565 -  */
  3.1566 --static int snd_ac97_cmute_new(snd_card_t *card, char *name, int reg, ac97_t *ac97)
  3.1567 -+static int snd_ac97_cmute_new_stereo(snd_card_t *card, char *name, int reg, int check_stereo, ac97_t *ac97)
  3.1568 - {
  3.1569 - 	snd_kcontrol_t *kctl;
  3.1570 - 	int err;
  3.1571 -@@ -1196,7 +1196,7 @@
  3.1572 - 
  3.1573 - 	mute_mask = 0x8000;
  3.1574 - 	val = snd_ac97_read(ac97, reg);
  3.1575 --	if (ac97->flags & AC97_STEREO_MUTES) {
  3.1576 -+	if (check_stereo || (ac97->flags & AC97_STEREO_MUTES)) {
  3.1577 - 		/* check whether both mute bits work */
  3.1578 - 		val1 = val | 0x8080;
  3.1579 - 		snd_ac97_write(ac97, reg, val1);
  3.1580 -@@ -1254,7 +1254,7 @@
  3.1581 - /*
  3.1582 -  * create a mute-switch and a volume for normal stereo/mono controls
  3.1583 -  */
  3.1584 --static int snd_ac97_cmix_new(snd_card_t *card, const char *pfx, int reg, ac97_t *ac97)
  3.1585 -+static int snd_ac97_cmix_new_stereo(snd_card_t *card, const char *pfx, int reg, int check_stereo, ac97_t *ac97)
  3.1586 - {
  3.1587 - 	int err;
  3.1588 - 	char name[44];
  3.1589 -@@ -1265,7 +1265,7 @@
  3.1590 - 
  3.1591 - 	if (snd_ac97_try_bit(ac97, reg, 15)) {
  3.1592 - 		sprintf(name, "%s Switch", pfx);
  3.1593 --		if ((err = snd_ac97_cmute_new(card, name, reg, ac97)) < 0)
  3.1594 -+		if ((err = snd_ac97_cmute_new_stereo(card, name, reg, check_stereo, ac97)) < 0)
  3.1595 - 			return err;
  3.1596 - 	}
  3.1597 - 	check_volume_resolution(ac97, reg, &lo_max, &hi_max);
  3.1598 -@@ -1277,6 +1277,8 @@
  3.1599 - 	return 0;
  3.1600 - }
  3.1601 - 
  3.1602 -+#define snd_ac97_cmix_new(card, pfx, reg, ac97)	snd_ac97_cmix_new_stereo(card, pfx, reg, 0, ac97)
  3.1603 -+#define snd_ac97_cmute_new(card, name, reg, ac97)	snd_ac97_cmute_new_stereo(card, name, reg, 0, ac97)
  3.1604 - 
  3.1605 - static unsigned int snd_ac97_determine_spdif_rates(ac97_t *ac97);
  3.1606 - 
  3.1607 -@@ -1327,7 +1329,8 @@
  3.1608 - 
  3.1609 - 	/* build surround controls */
  3.1610 - 	if (snd_ac97_try_volume_mix(ac97, AC97_SURROUND_MASTER)) {
  3.1611 --		if ((err = snd_ac97_cmix_new(card, "Surround Playback", AC97_SURROUND_MASTER, ac97)) < 0)
  3.1612 -+		/* Surround Master (0x38) is with stereo mutes */
  3.1613 -+		if ((err = snd_ac97_cmix_new_stereo(card, "Surround Playback", AC97_SURROUND_MASTER, 1, ac97)) < 0)
  3.1614 - 			return err;
  3.1615 - 	}
  3.1616 - 
     4.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     4.2 +++ b/patches/linux-2.6.11/linux-2.6.11.9.patch	Mon May 16 10:36:52 2005 +0000
     4.3 @@ -0,0 +1,1692 @@
     4.4 +diff -Nru a/Documentation/SecurityBugs b/Documentation/SecurityBugs
     4.5 +--- /dev/null	Wed Dec 31 16:00:00 196900
     4.6 ++++ b/Documentation/SecurityBugs	2005-05-11 15:43:53 -07:00
     4.7 +@@ -0,0 +1,38 @@
     4.8 ++Linux kernel developers take security very seriously.  As such, we'd
     4.9 ++like to know when a security bug is found so that it can be fixed and
    4.10 ++disclosed as quickly as possible.  Please report security bugs to the
    4.11 ++Linux kernel security team.
    4.12 ++
    4.13 ++1) Contact
    4.14 ++
    4.15 ++The Linux kernel security team can be contacted by email at
    4.16 ++<security@kernel.org>.  This is a private list of security officers
    4.17 ++who will help verify the bug report and develop and release a fix.
    4.18 ++It is possible that the security team will bring in extra help from
    4.19 ++area maintainers to understand and fix the security vulnerability.
    4.20 ++
    4.21 ++As it is with any bug, the more information provided the easier it
    4.22 ++will be to diagnose and fix.  Please review the procedure outlined in
    4.23 ++REPORTING-BUGS if you are unclear about what information is helpful.
    4.24 ++Any exploit code is very helpful and will not be released without
    4.25 ++consent from the reporter unless it has already been made public.
    4.26 ++
    4.27 ++2) Disclosure
    4.28 ++
    4.29 ++The goal of the Linux kernel security team is to work with the
    4.30 ++bug submitter to bug resolution as well as disclosure.  We prefer
    4.31 ++to fully disclose the bug as soon as possible.  It is reasonable to
    4.32 ++delay disclosure when the bug or the fix is not yet fully understood,
    4.33 ++the solution is not well-tested or for vendor coordination.  However, we
    4.34 ++expect these delays to be short, measurable in days, not weeks or months.
    4.35 ++A disclosure date is negotiated by the security team working with the
    4.36 ++bug submitter as well as vendors.  However, the kernel security team
    4.37 ++holds the final say when setting a disclosure date.  The timeframe for
    4.38 ++disclosure is from immediate (esp. if it's already publically known)
    4.39 ++to a few weeks.  As a basic default policy, we expect report date to
    4.40 ++disclosure date to be on the order of 7 days.
    4.41 ++
    4.42 ++3) Non-disclosure agreements
    4.43 ++
    4.44 ++The Linux kernel security team is not a formal body and therefore unable
    4.45 ++to enter any non-disclosure agreements.
    4.46 +diff -Nru a/MAINTAINERS b/MAINTAINERS
    4.47 +--- a/MAINTAINERS	2005-05-11 15:43:53 -07:00
    4.48 ++++ b/MAINTAINERS	2005-05-11 15:43:53 -07:00
    4.49 +@@ -1966,6 +1966,11 @@
    4.50 + W:	http://www.weinigel.se
    4.51 + S:	Supported
    4.52 + 
    4.53 ++SECURITY CONTACT
    4.54 ++P:	Security Officers
    4.55 ++M:	security@kernel.org
    4.56 ++S:	Supported
    4.57 ++
    4.58 + SELINUX SECURITY MODULE
    4.59 + P:	Stephen Smalley
    4.60 + M:	sds@epoch.ncsc.mil
    4.61 +diff -Nru a/Makefile b/Makefile
    4.62 +--- a/Makefile	2005-05-11 15:43:53 -07:00
    4.63 ++++ b/Makefile	2005-05-11 15:43:53 -07:00
    4.64 +@@ -1,8 +1,8 @@
    4.65 + VERSION = 2
    4.66 + PATCHLEVEL = 6
    4.67 + SUBLEVEL = 11
    4.68 +-EXTRAVERSION =
    4.69 +-NAME=Woozy Numbat
    4.70 ++EXTRAVERSION = .9
    4.71 ++NAME=Woozy Beaver
    4.72 + 
    4.73 + # *DOCUMENTATION*
    4.74 + # To see a list of typical targets execute "make help"
    4.75 +diff -Nru a/REPORTING-BUGS b/REPORTING-BUGS
    4.76 +--- a/REPORTING-BUGS	2005-05-11 15:43:53 -07:00
    4.77 ++++ b/REPORTING-BUGS	2005-05-11 15:43:53 -07:00
    4.78 +@@ -16,6 +16,10 @@
    4.79 + describe how to recreate it. That is worth even more than the oops itself.
    4.80 + The list of maintainers is in the MAINTAINERS file in this directory.
    4.81 + 
    4.82 ++      If it is a security bug, please copy the Security Contact listed
    4.83 ++in the MAINTAINERS file.  They can help coordinate bugfix and disclosure.
    4.84 ++See Documentation/SecurityBugs for more infomation.
    4.85 ++
    4.86 +       If you are totally stumped as to whom to send the report, send it to
    4.87 + linux-kernel@vger.kernel.org. (For more information on the linux-kernel
    4.88 + mailing list see http://www.tux.org/lkml/).
    4.89 +diff -Nru a/arch/ia64/kernel/fsys.S b/arch/ia64/kernel/fsys.S
    4.90 +--- a/arch/ia64/kernel/fsys.S	2005-05-11 15:43:53 -07:00
    4.91 ++++ b/arch/ia64/kernel/fsys.S	2005-05-11 15:43:53 -07:00
    4.92 +@@ -611,8 +611,10 @@
    4.93 + 	movl r2=ia64_ret_from_syscall
    4.94 + 	;;
    4.95 + 	mov rp=r2				// set the real return addr
    4.96 +-	tbit.z p8,p0=r3,TIF_SYSCALL_TRACE
    4.97 ++	and r3=_TIF_SYSCALL_TRACEAUDIT,r3
    4.98 + 	;;
    4.99 ++	cmp.eq p8,p0=r3,r0
   4.100 ++
   4.101 + (p10)	br.cond.spnt.many ia64_ret_from_syscall	// p10==true means out registers are more than 8
   4.102 + (p8)	br.call.sptk.many b6=b6		// ignore this return addr
   4.103 + 	br.cond.sptk ia64_trace_syscall
   4.104 +diff -Nru a/arch/ia64/kernel/signal.c b/arch/ia64/kernel/signal.c
   4.105 +--- a/arch/ia64/kernel/signal.c	2005-05-11 15:43:53 -07:00
   4.106 ++++ b/arch/ia64/kernel/signal.c	2005-05-11 15:43:53 -07:00
   4.107 +@@ -224,7 +224,8 @@
   4.108 + 	 * could be corrupted.
   4.109 + 	 */
   4.110 + 	retval = (long) &ia64_leave_kernel;
   4.111 +-	if (test_thread_flag(TIF_SYSCALL_TRACE))
   4.112 ++	if (test_thread_flag(TIF_SYSCALL_TRACE)
   4.113 ++	    || test_thread_flag(TIF_SYSCALL_AUDIT))
   4.114 + 		/*
   4.115 + 		 * strace expects to be notified after sigreturn returns even though the
   4.116 + 		 * context to which we return may not be in the middle of a syscall.
   4.117 +diff -Nru a/arch/ppc/oprofile/op_model_fsl_booke.c b/arch/ppc/oprofile/op_model_fsl_booke.c
   4.118 +--- a/arch/ppc/oprofile/op_model_fsl_booke.c	2005-05-11 15:43:53 -07:00
   4.119 ++++ b/arch/ppc/oprofile/op_model_fsl_booke.c	2005-05-11 15:43:53 -07:00
   4.120 +@@ -150,7 +150,6 @@
   4.121 + 	int is_kernel;
   4.122 + 	int val;
   4.123 + 	int i;
   4.124 +-	unsigned int cpu = smp_processor_id();
   4.125 + 
   4.126 + 	/* set the PMM bit (see comment below) */
   4.127 + 	mtmsr(mfmsr() | MSR_PMM);
   4.128 +@@ -162,7 +161,7 @@
   4.129 + 		val = ctr_read(i);
   4.130 + 		if (val < 0) {
   4.131 + 			if (oprofile_running && ctr[i].enabled) {
   4.132 +-				oprofile_add_sample(pc, is_kernel, i, cpu);
   4.133 ++				oprofile_add_pc(pc, is_kernel, i);
   4.134 + 				ctr_write(i, reset_value[i]);
   4.135 + 			} else {
   4.136 + 				ctr_write(i, 0);
   4.137 +diff -Nru a/arch/ppc/platforms/4xx/ebony.h b/arch/ppc/platforms/4xx/ebony.h
   4.138 +--- a/arch/ppc/platforms/4xx/ebony.h	2005-05-11 15:43:53 -07:00
   4.139 ++++ b/arch/ppc/platforms/4xx/ebony.h	2005-05-11 15:43:53 -07:00
   4.140 +@@ -61,8 +61,8 @@
   4.141 +  */
   4.142 + 
   4.143 + /* OpenBIOS defined UART mappings, used before early_serial_setup */
   4.144 +-#define UART0_IO_BASE	(u8 *) 0xE0000200
   4.145 +-#define UART1_IO_BASE	(u8 *) 0xE0000300
   4.146 ++#define UART0_IO_BASE	0xE0000200
   4.147 ++#define UART1_IO_BASE	0xE0000300
   4.148 + 
   4.149 + /* external Epson SG-615P */
   4.150 + #define BASE_BAUD	691200
   4.151 +diff -Nru a/arch/ppc/platforms/4xx/luan.h b/arch/ppc/platforms/4xx/luan.h
   4.152 +--- a/arch/ppc/platforms/4xx/luan.h	2005-05-11 15:43:53 -07:00
   4.153 ++++ b/arch/ppc/platforms/4xx/luan.h	2005-05-11 15:43:53 -07:00
   4.154 +@@ -47,9 +47,9 @@
   4.155 + #define RS_TABLE_SIZE	3
   4.156 + 
   4.157 + /* PIBS defined UART mappings, used before early_serial_setup */
   4.158 +-#define UART0_IO_BASE	(u8 *) 0xa0000200
   4.159 +-#define UART1_IO_BASE	(u8 *) 0xa0000300
   4.160 +-#define UART2_IO_BASE	(u8 *) 0xa0000600
   4.161 ++#define UART0_IO_BASE	0xa0000200
   4.162 ++#define UART1_IO_BASE	0xa0000300
   4.163 ++#define UART2_IO_BASE	0xa0000600
   4.164 + 
   4.165 + #define BASE_BAUD	11059200
   4.166 + #define STD_UART_OP(num)					\
   4.167 +diff -Nru a/arch/ppc/platforms/4xx/ocotea.h b/arch/ppc/platforms/4xx/ocotea.h
   4.168 +--- a/arch/ppc/platforms/4xx/ocotea.h	2005-05-11 15:43:53 -07:00
   4.169 ++++ b/arch/ppc/platforms/4xx/ocotea.h	2005-05-11 15:43:53 -07:00
   4.170 +@@ -56,8 +56,8 @@
   4.171 + #define RS_TABLE_SIZE	2
   4.172 + 
   4.173 + /* OpenBIOS defined UART mappings, used before early_serial_setup */
   4.174 +-#define UART0_IO_BASE	(u8 *) 0xE0000200
   4.175 +-#define UART1_IO_BASE	(u8 *) 0xE0000300
   4.176 ++#define UART0_IO_BASE	0xE0000200
   4.177 ++#define UART1_IO_BASE	0xE0000300
   4.178 + 
   4.179 + #define BASE_BAUD	11059200/16
   4.180 + #define STD_UART_OP(num)					\
   4.181 +diff -Nru a/arch/sparc/kernel/ptrace.c b/arch/sparc/kernel/ptrace.c
   4.182 +--- a/arch/sparc/kernel/ptrace.c	2005-05-11 15:43:53 -07:00
   4.183 ++++ b/arch/sparc/kernel/ptrace.c	2005-05-11 15:43:53 -07:00
   4.184 +@@ -531,18 +531,6 @@
   4.185 + 			pt_error_return(regs, EIO);
   4.186 + 			goto out_tsk;
   4.187 + 		}
   4.188 +-		if (addr != 1) {
   4.189 +-			if (addr & 3) {
   4.190 +-				pt_error_return(regs, EINVAL);
   4.191 +-				goto out_tsk;
   4.192 +-			}
   4.193 +-#ifdef DEBUG_PTRACE
   4.194 +-			printk ("Original: %08lx %08lx\n", child->thread.kregs->pc, child->thread.kregs->npc);
   4.195 +-			printk ("Continuing with %08lx %08lx\n", addr, addr+4);
   4.196 +-#endif
   4.197 +-			child->thread.kregs->pc = addr;
   4.198 +-			child->thread.kregs->npc = addr + 4;
   4.199 +-		}
   4.200 + 
   4.201 + 		if (request == PTRACE_SYSCALL)
   4.202 + 			set_tsk_thread_flag(child, TIF_SYSCALL_TRACE);
   4.203 +diff -Nru a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c
   4.204 +--- a/arch/sparc64/kernel/ptrace.c	2005-05-11 15:43:53 -07:00
   4.205 ++++ b/arch/sparc64/kernel/ptrace.c	2005-05-11 15:43:53 -07:00
   4.206 +@@ -514,25 +514,6 @@
   4.207 + 			pt_error_return(regs, EIO);
   4.208 + 			goto out_tsk;
   4.209 + 		}
   4.210 +-		if (addr != 1) {
   4.211 +-			unsigned long pc_mask = ~0UL;
   4.212 +-
   4.213 +-			if ((child->thread_info->flags & _TIF_32BIT) != 0)
   4.214 +-				pc_mask = 0xffffffff;
   4.215 +-
   4.216 +-			if (addr & 3) {
   4.217 +-				pt_error_return(regs, EINVAL);
   4.218 +-				goto out_tsk;
   4.219 +-			}
   4.220 +-#ifdef DEBUG_PTRACE
   4.221 +-			printk ("Original: %016lx %016lx\n",
   4.222 +-				child->thread_info->kregs->tpc,
   4.223 +-				child->thread_info->kregs->tnpc);
   4.224 +-			printk ("Continuing with %016lx %016lx\n", addr, addr+4);
   4.225 +-#endif
   4.226 +-			child->thread_info->kregs->tpc = (addr & pc_mask);
   4.227 +-			child->thread_info->kregs->tnpc = ((addr + 4) & pc_mask);
   4.228 +-		}
   4.229 + 
   4.230 + 		if (request == PTRACE_SYSCALL) {
   4.231 + 			set_tsk_thread_flag(child, TIF_SYSCALL_TRACE);
   4.232 +diff -Nru a/arch/sparc64/kernel/signal32.c b/arch/sparc64/kernel/signal32.c
   4.233 +--- a/arch/sparc64/kernel/signal32.c	2005-05-11 15:43:53 -07:00
   4.234 ++++ b/arch/sparc64/kernel/signal32.c	2005-05-11 15:43:53 -07:00
   4.235 +@@ -192,9 +192,12 @@
   4.236 + 			err |= __put_user(from->si_uid, &to->si_uid);
   4.237 + 			break;
   4.238 + 		case __SI_FAULT >> 16:
   4.239 +-		case __SI_POLL >> 16:
   4.240 + 			err |= __put_user(from->si_trapno, &to->si_trapno);
   4.241 + 			err |= __put_user((unsigned long)from->si_addr, &to->si_addr);
   4.242 ++			break;
   4.243 ++		case __SI_POLL >> 16:
   4.244 ++			err |= __put_user(from->si_band, &to->si_band);
   4.245 ++			err |= __put_user(from->si_fd, &to->si_fd);
   4.246 + 			break;
   4.247 + 		case __SI_RT >> 16: /* This is not generated by the kernel as of now.  */
   4.248 + 		case __SI_MESGQ >> 16:
   4.249 +diff -Nru a/arch/sparc64/kernel/systbls.S b/arch/sparc64/kernel/systbls.S
   4.250 +--- a/arch/sparc64/kernel/systbls.S	2005-05-11 15:43:53 -07:00
   4.251 ++++ b/arch/sparc64/kernel/systbls.S	2005-05-11 15:43:53 -07:00
   4.252 +@@ -75,7 +75,7 @@
   4.253 + /*260*/	.word compat_sys_sched_getaffinity, compat_sys_sched_setaffinity, sys32_timer_settime, compat_sys_timer_gettime, sys_timer_getoverrun
   4.254 + 	.word sys_timer_delete, sys32_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy
   4.255 + /*270*/	.word sys32_io_submit, sys_io_cancel, compat_sys_io_getevents, sys32_mq_open, sys_mq_unlink
   4.256 +-	.word sys_mq_timedsend, sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid
   4.257 ++	.word compat_sys_mq_timedsend, compat_sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid
   4.258 + /*280*/	.word sys_ni_syscall, sys_add_key, sys_request_key, sys_keyctl
   4.259 + 
   4.260 + #endif /* CONFIG_COMPAT */
   4.261 +diff -Nru a/arch/um/include/sysdep-i386/syscalls.h b/arch/um/include/sysdep-i386/syscalls.h
   4.262 +--- a/arch/um/include/sysdep-i386/syscalls.h	2005-05-11 15:43:53 -07:00
   4.263 ++++ b/arch/um/include/sysdep-i386/syscalls.h	2005-05-11 15:43:53 -07:00
   4.264 +@@ -23,6 +23,9 @@
   4.265 + 		      unsigned long prot, unsigned long flags,
   4.266 + 		      unsigned long fd, unsigned long pgoff);
   4.267 + 
   4.268 ++/* On i386 they choose a meaningless naming.*/
   4.269 ++#define __NR_kexec_load __NR_sys_kexec_load
   4.270 ++
   4.271 + #define ARCH_SYSCALLS \
   4.272 + 	[ __NR_waitpid ] = (syscall_handler_t *) sys_waitpid, \
   4.273 + 	[ __NR_break ] = (syscall_handler_t *) sys_ni_syscall, \
   4.274 +@@ -101,15 +104,12 @@
   4.275 + 	[ 223 ] = (syscall_handler_t *) sys_ni_syscall, \
   4.276 + 	[ __NR_set_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \
   4.277 + 	[ __NR_get_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \
   4.278 +-	[ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, \
   4.279 + 	[ 251 ] = (syscall_handler_t *) sys_ni_syscall, \
   4.280 +-        [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, \
   4.281 +-	[ __NR_utimes ] = (syscall_handler_t *) sys_utimes, \
   4.282 +-	[ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall,
   4.283 +-        
   4.284 ++	[ 285 ] = (syscall_handler_t *) sys_ni_syscall,
   4.285 ++
   4.286 + /* 222 doesn't yet have a name in include/asm-i386/unistd.h */
   4.287 + 
   4.288 +-#define LAST_ARCH_SYSCALL __NR_vserver
   4.289 ++#define LAST_ARCH_SYSCALL 285
   4.290 + 
   4.291 + /*
   4.292 +  * Overrides for Emacs so that we follow Linus's tabbing style.
   4.293 +diff -Nru a/arch/um/include/sysdep-x86_64/syscalls.h b/arch/um/include/sysdep-x86_64/syscalls.h
   4.294 +--- a/arch/um/include/sysdep-x86_64/syscalls.h	2005-05-11 15:43:53 -07:00
   4.295 ++++ b/arch/um/include/sysdep-x86_64/syscalls.h	2005-05-11 15:43:53 -07:00
   4.296 +@@ -71,12 +71,7 @@
   4.297 + 	[ __NR_iopl ] = (syscall_handler_t *) sys_ni_syscall, \
   4.298 + 	[ __NR_set_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \
   4.299 + 	[ __NR_get_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \
   4.300 +-        [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, \
   4.301 + 	[ __NR_semtimedop ] = (syscall_handler_t *) sys_semtimedop, \
   4.302 +-	[ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, \
   4.303 +-	[ 223 ] = (syscall_handler_t *) sys_ni_syscall, \
   4.304 +-	[ __NR_utimes ] = (syscall_handler_t *) sys_utimes, \
   4.305 +-	[ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall, \
   4.306 + 	[ 251 ] = (syscall_handler_t *) sys_ni_syscall,
   4.307 + 
   4.308 + #define LAST_ARCH_SYSCALL 251
   4.309 +diff -Nru a/arch/um/kernel/skas/uaccess.c b/arch/um/kernel/skas/uaccess.c
   4.310 +--- a/arch/um/kernel/skas/uaccess.c	2005-05-11 15:43:53 -07:00
   4.311 ++++ b/arch/um/kernel/skas/uaccess.c	2005-05-11 15:43:53 -07:00
   4.312 +@@ -61,7 +61,8 @@
   4.313 + 	void *arg;
   4.314 + 	int *res;
   4.315 + 
   4.316 +-	va_copy(args, *(va_list *)arg_ptr);
   4.317 ++	/* Some old gccs recognize __va_copy, but not va_copy */
   4.318 ++	__va_copy(args, *(va_list *)arg_ptr);
   4.319 + 	addr = va_arg(args, unsigned long);
   4.320 + 	len = va_arg(args, int);
   4.321 + 	is_write = va_arg(args, int);
   4.322 +diff -Nru a/arch/um/kernel/sys_call_table.c b/arch/um/kernel/sys_call_table.c
   4.323 +--- a/arch/um/kernel/sys_call_table.c	2005-05-11 15:43:53 -07:00
   4.324 ++++ b/arch/um/kernel/sys_call_table.c	2005-05-11 15:43:53 -07:00
   4.325 +@@ -48,7 +48,6 @@
   4.326 + extern syscall_handler_t old_select;
   4.327 + extern syscall_handler_t sys_modify_ldt;
   4.328 + extern syscall_handler_t sys_rt_sigsuspend;
   4.329 +-extern syscall_handler_t sys_vserver;
   4.330 + extern syscall_handler_t sys_mbind;
   4.331 + extern syscall_handler_t sys_get_mempolicy;
   4.332 + extern syscall_handler_t sys_set_mempolicy;
   4.333 +@@ -242,6 +241,7 @@
   4.334 + 	[ __NR_epoll_create ] = (syscall_handler_t *) sys_epoll_create,
   4.335 + 	[ __NR_epoll_ctl ] = (syscall_handler_t *) sys_epoll_ctl,
   4.336 + 	[ __NR_epoll_wait ] = (syscall_handler_t *) sys_epoll_wait,
   4.337 ++	[ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages,
   4.338 +         [ __NR_set_tid_address ] = (syscall_handler_t *) sys_set_tid_address,
   4.339 + 	[ __NR_timer_create ] = (syscall_handler_t *) sys_timer_create,
   4.340 + 	[ __NR_timer_settime ] = (syscall_handler_t *) sys_timer_settime,
   4.341 +@@ -252,12 +252,10 @@
   4.342 + 	[ __NR_clock_gettime ] = (syscall_handler_t *) sys_clock_gettime,
   4.343 + 	[ __NR_clock_getres ] = (syscall_handler_t *) sys_clock_getres,
   4.344 + 	[ __NR_clock_nanosleep ] = (syscall_handler_t *) sys_clock_nanosleep,
   4.345 +-	[ __NR_statfs64 ] = (syscall_handler_t *) sys_statfs64,
   4.346 +-	[ __NR_fstatfs64 ] = (syscall_handler_t *) sys_fstatfs64,
   4.347 + 	[ __NR_tgkill ] = (syscall_handler_t *) sys_tgkill,
   4.348 + 	[ __NR_utimes ] = (syscall_handler_t *) sys_utimes,
   4.349 +-	[ __NR_fadvise64_64 ] = (syscall_handler_t *) sys_fadvise64_64,
   4.350 +-	[ __NR_vserver ] = (syscall_handler_t *) sys_vserver,
   4.351 ++	[ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64,
   4.352 ++	[ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall,
   4.353 + 	[ __NR_mbind ] = (syscall_handler_t *) sys_mbind,
   4.354 + 	[ __NR_get_mempolicy ] = (syscall_handler_t *) sys_get_mempolicy,
   4.355 + 	[ __NR_set_mempolicy ] = (syscall_handler_t *) sys_set_mempolicy,
   4.356 +@@ -267,9 +265,8 @@
   4.357 + 	[ __NR_mq_timedreceive ] = (syscall_handler_t *) sys_mq_timedreceive,
   4.358 + 	[ __NR_mq_notify ] = (syscall_handler_t *) sys_mq_notify,
   4.359 + 	[ __NR_mq_getsetattr ] = (syscall_handler_t *) sys_mq_getsetattr,
   4.360 +-	[ __NR_sys_kexec_load ] = (syscall_handler_t *) sys_ni_syscall,
   4.361 ++	[ __NR_kexec_load ] = (syscall_handler_t *) sys_ni_syscall,
   4.362 + 	[ __NR_waitid ] = (syscall_handler_t *) sys_waitid,
   4.363 +-	[ 285 ] = (syscall_handler_t *) sys_ni_syscall,
   4.364 + 	[ __NR_add_key ] = (syscall_handler_t *) sys_add_key,
   4.365 + 	[ __NR_request_key ] = (syscall_handler_t *) sys_request_key,
   4.366 + 	[ __NR_keyctl ] = (syscall_handler_t *) sys_keyctl,
   4.367 +diff -Nru a/drivers/char/drm/drm_ioctl.c b/drivers/char/drm/drm_ioctl.c
   4.368 +--- a/drivers/char/drm/drm_ioctl.c	2005-05-11 15:43:53 -07:00
   4.369 ++++ b/drivers/char/drm/drm_ioctl.c	2005-05-11 15:43:53 -07:00
   4.370 +@@ -326,6 +326,8 @@
   4.371 + 
   4.372 + 	DRM_COPY_FROM_USER_IOCTL(sv, argp, sizeof(sv));
   4.373 + 
   4.374 ++	memset(&version, 0, sizeof(version));
   4.375 ++
   4.376 + 	dev->driver->version(&version);
   4.377 + 	retv.drm_di_major = DRM_IF_MAJOR;
   4.378 + 	retv.drm_di_minor = DRM_IF_MINOR;
   4.379 +diff -Nru a/drivers/i2c/chips/eeprom.c b/drivers/i2c/chips/eeprom.c
   4.380 +--- a/drivers/i2c/chips/eeprom.c	2005-05-11 15:43:53 -07:00
   4.381 ++++ b/drivers/i2c/chips/eeprom.c	2005-05-11 15:43:53 -07:00
   4.382 +@@ -130,7 +130,8 @@
   4.383 + 
   4.384 + 	/* Hide Vaio security settings to regular users (16 first bytes) */
   4.385 + 	if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) {
   4.386 +-		int in_row1 = 16 - off;
   4.387 ++		size_t in_row1 = 16 - off;
   4.388 ++		in_row1 = min(in_row1, count);
   4.389 + 		memset(buf, 0, in_row1);
   4.390 + 		if (count - in_row1 > 0)
   4.391 + 			memcpy(buf + in_row1, &data->data[16], count - in_row1);
   4.392 +diff -Nru a/drivers/i2c/chips/it87.c b/drivers/i2c/chips/it87.c
   4.393 +--- a/drivers/i2c/chips/it87.c	2005-05-11 15:43:53 -07:00
   4.394 ++++ b/drivers/i2c/chips/it87.c	2005-05-11 15:43:53 -07:00
   4.395 +@@ -631,7 +631,7 @@
   4.396 + 	struct it87_data *data = it87_update_device(dev);
   4.397 + 	return sprintf(buf,"%d\n", ALARMS_FROM_REG(data->alarms));
   4.398 + }
   4.399 +-static DEVICE_ATTR(alarms, S_IRUGO | S_IWUSR, show_alarms, NULL);
   4.400 ++static DEVICE_ATTR(alarms, S_IRUGO, show_alarms, NULL);
   4.401 + 
   4.402 + static ssize_t
   4.403 + show_vrm_reg(struct device *dev, char *buf)
   4.404 +diff -Nru a/drivers/i2c/chips/via686a.c b/drivers/i2c/chips/via686a.c
   4.405 +--- a/drivers/i2c/chips/via686a.c	2005-05-11 15:43:53 -07:00
   4.406 ++++ b/drivers/i2c/chips/via686a.c	2005-05-11 15:43:53 -07:00
   4.407 +@@ -554,7 +554,7 @@
   4.408 + 	struct via686a_data *data = via686a_update_device(dev);
   4.409 + 	return sprintf(buf,"%d\n", ALARMS_FROM_REG(data->alarms));
   4.410 + }
   4.411 +-static DEVICE_ATTR(alarms, S_IRUGO | S_IWUSR, show_alarms, NULL);
   4.412 ++static DEVICE_ATTR(alarms, S_IRUGO, show_alarms, NULL);
   4.413 + 
   4.414 + /* The driver. I choose to use type i2c_driver, as at is identical to both
   4.415 +    smbus_driver and isa_driver, and clients could be of either kind */
   4.416 +diff -Nru a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h
   4.417 +--- a/drivers/input/serio/i8042-x86ia64io.h	2005-05-11 15:43:53 -07:00
   4.418 ++++ b/drivers/input/serio/i8042-x86ia64io.h	2005-05-11 15:43:53 -07:00
   4.419 +@@ -88,7 +88,7 @@
   4.420 + };
   4.421 + #endif
   4.422 + 
   4.423 +-#ifdef CONFIG_ACPI
   4.424 ++#if defined(__ia64__) && defined(CONFIG_ACPI)
   4.425 + #include <linux/acpi.h>
   4.426 + #include <acpi/acpi_bus.h>
   4.427 + 
   4.428 +@@ -281,7 +281,7 @@
   4.429 + 	i8042_kbd_irq = I8042_MAP_IRQ(1);
   4.430 + 	i8042_aux_irq = I8042_MAP_IRQ(12);
   4.431 + 
   4.432 +-#ifdef CONFIG_ACPI
   4.433 ++#if defined(__ia64__) && defined(CONFIG_ACPI)
   4.434 + 	if (i8042_acpi_init())
   4.435 + 		return -1;
   4.436 + #endif
   4.437 +@@ -300,7 +300,7 @@
   4.438 + 
   4.439 + static inline void i8042_platform_exit(void)
   4.440 + {
   4.441 +-#ifdef CONFIG_ACPI
   4.442 ++#if defined(__ia64__) && defined(CONFIG_ACPI)
   4.443 + 	i8042_acpi_exit();
   4.444 + #endif
   4.445 + }
   4.446 +diff -Nru a/drivers/md/raid6altivec.uc b/drivers/md/raid6altivec.uc
   4.447 +--- a/drivers/md/raid6altivec.uc	2005-05-11 15:43:53 -07:00
   4.448 ++++ b/drivers/md/raid6altivec.uc	2005-05-11 15:43:53 -07:00
   4.449 +@@ -108,7 +108,11 @@
   4.450 + int raid6_have_altivec(void)
   4.451 + {
   4.452 + 	/* This assumes either all CPUs have Altivec or none does */
   4.453 ++#ifdef CONFIG_PPC64
   4.454 + 	return cur_cpu_spec->cpu_features & CPU_FTR_ALTIVEC;
   4.455 ++#else
   4.456 ++	return cur_cpu_spec[0]->cpu_features & CPU_FTR_ALTIVEC;
   4.457 ++#endif
   4.458 + }
   4.459 + #endif
   4.460 + 
   4.461 +diff -Nru a/drivers/media/video/adv7170.c b/drivers/media/video/adv7170.c
   4.462 +--- a/drivers/media/video/adv7170.c	2005-05-11 15:43:53 -07:00
   4.463 ++++ b/drivers/media/video/adv7170.c	2005-05-11 15:43:53 -07:00
   4.464 +@@ -130,7 +130,7 @@
   4.465 + 		u8 block_data[32];
   4.466 + 
   4.467 + 		msg.addr = client->addr;
   4.468 +-		msg.flags = client->flags;
   4.469 ++		msg.flags = 0;
   4.470 + 		while (len >= 2) {
   4.471 + 			msg.buf = (char *) block_data;
   4.472 + 			msg.len = 0;
   4.473 +diff -Nru a/drivers/media/video/adv7175.c b/drivers/media/video/adv7175.c
   4.474 +--- a/drivers/media/video/adv7175.c	2005-05-11 15:43:53 -07:00
   4.475 ++++ b/drivers/media/video/adv7175.c	2005-05-11 15:43:53 -07:00
   4.476 +@@ -126,7 +126,7 @@
   4.477 + 		u8 block_data[32];
   4.478 + 
   4.479 + 		msg.addr = client->addr;
   4.480 +-		msg.flags = client->flags;
   4.481 ++		msg.flags = 0;
   4.482 + 		while (len >= 2) {
   4.483 + 			msg.buf = (char *) block_data;
   4.484 + 			msg.len = 0;
   4.485 +diff -Nru a/drivers/media/video/bt819.c b/drivers/media/video/bt819.c
   4.486 +--- a/drivers/media/video/bt819.c	2005-05-11 15:43:53 -07:00
   4.487 ++++ b/drivers/media/video/bt819.c	2005-05-11 15:43:53 -07:00
   4.488 +@@ -146,7 +146,7 @@
   4.489 + 		u8 block_data[32];
   4.490 + 
   4.491 + 		msg.addr = client->addr;
   4.492 +-		msg.flags = client->flags;
   4.493 ++		msg.flags = 0;
   4.494 + 		while (len >= 2) {
   4.495 + 			msg.buf = (char *) block_data;
   4.496 + 			msg.len = 0;
   4.497 +diff -Nru a/drivers/media/video/bttv-cards.c b/drivers/media/video/bttv-cards.c
   4.498 +--- a/drivers/media/video/bttv-cards.c	2005-05-11 15:43:53 -07:00
   4.499 ++++ b/drivers/media/video/bttv-cards.c	2005-05-11 15:43:53 -07:00
   4.500 +@@ -2718,8 +2718,6 @@
   4.501 +         }
   4.502 + 	btv->pll.pll_current = -1;
   4.503 + 
   4.504 +-	bttv_reset_audio(btv);
   4.505 +-
   4.506 + 	/* tuner configuration (from card list / autodetect / insmod option) */
   4.507 +  	if (UNSET != bttv_tvcards[btv->c.type].tuner_type)
   4.508 + 		if(UNSET == btv->tuner_type)
   4.509 +diff -Nru a/drivers/media/video/saa7110.c b/drivers/media/video/saa7110.c
   4.510 +--- a/drivers/media/video/saa7110.c	2005-05-11 15:43:53 -07:00
   4.511 ++++ b/drivers/media/video/saa7110.c	2005-05-11 15:43:53 -07:00
   4.512 +@@ -60,8 +60,10 @@
   4.513 + 
   4.514 + #define	I2C_SAA7110		0x9C	/* or 0x9E */
   4.515 + 
   4.516 ++#define SAA7110_NR_REG		0x35
   4.517 ++
   4.518 + struct saa7110 {
   4.519 +-	unsigned char reg[54];
   4.520 ++	u8 reg[SAA7110_NR_REG];
   4.521 + 
   4.522 + 	int norm;
   4.523 + 	int input;
   4.524 +@@ -95,31 +97,28 @@
   4.525 + 		     unsigned int       len)
   4.526 + {
   4.527 + 	int ret = -1;
   4.528 +-	u8 reg = *data++;
   4.529 ++	u8 reg = *data;		/* first register to write to */
   4.530 + 
   4.531 +-	len--;
   4.532 ++	/* Sanity check */
   4.533 ++	if (reg + (len - 1) > SAA7110_NR_REG)
   4.534 ++		return ret;
   4.535 + 
   4.536 + 	/* the saa7110 has an autoincrement function, use it if
   4.537 + 	 * the adapter understands raw I2C */
   4.538 + 	if (i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) {
   4.539 + 		struct saa7110 *decoder = i2c_get_clientdata(client);
   4.540 + 		struct i2c_msg msg;
   4.541 +-		u8 block_data[54];
   4.542 + 
   4.543 +-		msg.len = 0;
   4.544 +-		msg.buf = (char *) block_data;
   4.545 ++		msg.len = len;
   4.546 ++		msg.buf = (char *) data;
   4.547 + 		msg.addr = client->addr;
   4.548 +-		msg.flags = client->flags;
   4.549 +-		while (len >= 1) {
   4.550 +-			msg.len = 0;
   4.551 +-			block_data[msg.len++] = reg;
   4.552 +-			while (len-- >= 1 && msg.len < 54)
   4.553 +-				block_data[msg.len++] =
   4.554 +-				    decoder->reg[reg++] = *data++;
   4.555 +-			ret = i2c_transfer(client->adapter, &msg, 1);
   4.556 +-		}
   4.557 ++		msg.flags = 0;
   4.558 ++		ret = i2c_transfer(client->adapter, &msg, 1);
   4.559 ++
   4.560 ++		/* Cache the written data */
   4.561 ++		memcpy(decoder->reg + reg, data + 1, len - 1);
   4.562 + 	} else {
   4.563 +-		while (len-- >= 1) {
   4.564 ++		for (++data, --len; len; len--) {
   4.565 + 			if ((ret = saa7110_write(client, reg++,
   4.566 + 						 *data++)) < 0)
   4.567 + 				break;
   4.568 +@@ -192,7 +191,7 @@
   4.569 + 	return 0;
   4.570 + }
   4.571 + 
   4.572 +-static const unsigned char initseq[] = {
   4.573 ++static const unsigned char initseq[1 + SAA7110_NR_REG] = {
   4.574 + 	0, 0x4C, 0x3C, 0x0D, 0xEF, 0xBD, 0xF2, 0x03, 0x00,
   4.575 + 	/* 0x08 */ 0xF8, 0xF8, 0x60, 0x60, 0x00, 0x86, 0x18, 0x90,
   4.576 + 	/* 0x10 */ 0x00, 0x59, 0x40, 0x46, 0x42, 0x1A, 0xFF, 0xDA,
   4.577 +diff -Nru a/drivers/media/video/saa7114.c b/drivers/media/video/saa7114.c
   4.578 +--- a/drivers/media/video/saa7114.c	2005-05-11 15:43:53 -07:00
   4.579 ++++ b/drivers/media/video/saa7114.c	2005-05-11 15:43:53 -07:00
   4.580 +@@ -163,7 +163,7 @@
   4.581 + 		u8 block_data[32];
   4.582 + 
   4.583 + 		msg.addr = client->addr;
   4.584 +-		msg.flags = client->flags;
   4.585 ++		msg.flags = 0;
   4.586 + 		while (len >= 2) {
   4.587 + 			msg.buf = (char *) block_data;
   4.588 + 			msg.len = 0;
   4.589 +diff -Nru a/drivers/media/video/saa7185.c b/drivers/media/video/saa7185.c
   4.590 +--- a/drivers/media/video/saa7185.c	2005-05-11 15:43:53 -07:00
   4.591 ++++ b/drivers/media/video/saa7185.c	2005-05-11 15:43:53 -07:00
   4.592 +@@ -118,7 +118,7 @@
   4.593 + 		u8 block_data[32];
   4.594 + 
   4.595 + 		msg.addr = client->addr;
   4.596 +-		msg.flags = client->flags;
   4.597 ++		msg.flags = 0;
   4.598 + 		while (len >= 2) {
   4.599 + 			msg.buf = (char *) block_data;
   4.600 + 			msg.len = 0;
   4.601 +diff -Nru a/drivers/net/amd8111e.c b/drivers/net/amd8111e.c
   4.602 +--- a/drivers/net/amd8111e.c	2005-05-11 15:43:53 -07:00
   4.603 ++++ b/drivers/net/amd8111e.c	2005-05-11 15:43:53 -07:00
   4.604 +@@ -1381,6 +1381,8 @@
   4.605 + 
   4.606 + 	if(amd8111e_restart(dev)){
   4.607 + 		spin_unlock_irq(&lp->lock);
   4.608 ++		if (dev->irq)
   4.609 ++			free_irq(dev->irq, dev);
   4.610 + 		return -ENOMEM;
   4.611 + 	}
   4.612 + 	/* Start ipg timer */
   4.613 +diff -Nru a/drivers/net/ppp_async.c b/drivers/net/ppp_async.c
   4.614 +--- a/drivers/net/ppp_async.c	2005-05-11 15:43:53 -07:00
   4.615 ++++ b/drivers/net/ppp_async.c	2005-05-11 15:43:53 -07:00
   4.616 +@@ -1000,7 +1000,7 @@
   4.617 + 	data += 4;
   4.618 + 	dlen -= 4;
   4.619 + 	/* data[0] is code, data[1] is length */
   4.620 +-	while (dlen >= 2 && dlen >= data[1]) {
   4.621 ++	while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) {
   4.622 + 		switch (data[0]) {
   4.623 + 		case LCP_MRU:
   4.624 + 			val = (data[2] << 8) + data[3];
   4.625 +diff -Nru a/drivers/net/r8169.c b/drivers/net/r8169.c
   4.626 +--- a/drivers/net/r8169.c	2005-05-11 15:43:53 -07:00
   4.627 ++++ b/drivers/net/r8169.c	2005-05-11 15:43:53 -07:00
   4.628 +@@ -1683,16 +1683,19 @@
   4.629 + 	rtl8169_make_unusable_by_asic(desc);
   4.630 + }
   4.631 + 
   4.632 +-static inline void rtl8169_return_to_asic(struct RxDesc *desc, int rx_buf_sz)
   4.633 ++static inline void rtl8169_mark_to_asic(struct RxDesc *desc, u32 rx_buf_sz)
   4.634 + {
   4.635 +-	desc->opts1 |= cpu_to_le32(DescOwn + rx_buf_sz);
   4.636 ++	u32 eor = le32_to_cpu(desc->opts1) & RingEnd;
   4.637 ++
   4.638 ++	desc->opts1 = cpu_to_le32(DescOwn | eor | rx_buf_sz);
   4.639 + }
   4.640 + 
   4.641 +-static inline void rtl8169_give_to_asic(struct RxDesc *desc, dma_addr_t mapping,
   4.642 +-					int rx_buf_sz)
   4.643 ++static inline void rtl8169_map_to_asic(struct RxDesc *desc, dma_addr_t mapping,
   4.644 ++				       u32 rx_buf_sz)
   4.645 + {
   4.646 + 	desc->addr = cpu_to_le64(mapping);
   4.647 +-	desc->opts1 |= cpu_to_le32(DescOwn + rx_buf_sz);
   4.648 ++	wmb();
   4.649 ++	rtl8169_mark_to_asic(desc, rx_buf_sz);
   4.650 + }
   4.651 + 
   4.652 + static int rtl8169_alloc_rx_skb(struct pci_dev *pdev, struct sk_buff **sk_buff,
   4.653 +@@ -1712,7 +1715,7 @@
   4.654 + 	mapping = pci_map_single(pdev, skb->tail, rx_buf_sz,
   4.655 + 				 PCI_DMA_FROMDEVICE);
   4.656 + 
   4.657 +-	rtl8169_give_to_asic(desc, mapping, rx_buf_sz);
   4.658 ++	rtl8169_map_to_asic(desc, mapping, rx_buf_sz);
   4.659 + 
   4.660 + out:
   4.661 + 	return ret;
   4.662 +@@ -2150,7 +2153,7 @@
   4.663 + 			skb_reserve(skb, NET_IP_ALIGN);
   4.664 + 			eth_copy_and_sum(skb, sk_buff[0]->tail, pkt_size, 0);
   4.665 + 			*sk_buff = skb;
   4.666 +-			rtl8169_return_to_asic(desc, rx_buf_sz);
   4.667 ++			rtl8169_mark_to_asic(desc, rx_buf_sz);
   4.668 + 			ret = 0;
   4.669 + 		}
   4.670 + 	}
   4.671 +diff -Nru a/drivers/net/sis900.c b/drivers/net/sis900.c
   4.672 +--- a/drivers/net/sis900.c	2005-05-11 15:43:53 -07:00
   4.673 ++++ b/drivers/net/sis900.c	2005-05-11 15:43:53 -07:00
   4.674 +@@ -236,7 +236,7 @@
   4.675 + 	signature = (u16) read_eeprom(ioaddr, EEPROMSignature);    
   4.676 + 	if (signature == 0xffff || signature == 0x0000) {
   4.677 + 		printk (KERN_INFO "%s: Error EERPOM read %x\n", 
   4.678 +-			net_dev->name, signature);
   4.679 ++			pci_name(pci_dev), signature);
   4.680 + 		return 0;
   4.681 + 	}
   4.682 + 
   4.683 +@@ -268,7 +268,7 @@
   4.684 + 	if (!isa_bridge)
   4.685 + 		isa_bridge = pci_get_device(PCI_VENDOR_ID_SI, 0x0018, isa_bridge);
   4.686 + 	if (!isa_bridge) {
   4.687 +-		printk("%s: Can not find ISA bridge\n", net_dev->name);
   4.688 ++		printk("%s: Can not find ISA bridge\n", pci_name(pci_dev));
   4.689 + 		return 0;
   4.690 + 	}
   4.691 + 	pci_read_config_byte(isa_bridge, 0x48, &reg);
   4.692 +@@ -456,10 +456,6 @@
   4.693 + 	net_dev->tx_timeout = sis900_tx_timeout;
   4.694 + 	net_dev->watchdog_timeo = TX_TIMEOUT;
   4.695 + 	net_dev->ethtool_ops = &sis900_ethtool_ops;
   4.696 +-	
   4.697 +-	ret = register_netdev(net_dev);
   4.698 +-	if (ret)
   4.699 +-		goto err_unmap_rx;
   4.700 + 		
   4.701 + 	/* Get Mac address according to the chip revision */
   4.702 + 	pci_read_config_byte(pci_dev, PCI_CLASS_REVISION, &revision);
   4.703 +@@ -476,7 +472,7 @@
   4.704 + 
   4.705 + 	if (ret == 0) {
   4.706 + 		ret = -ENODEV;
   4.707 +-		goto err_out_unregister;
   4.708 ++		goto err_unmap_rx;
   4.709 + 	}
   4.710 + 	
   4.711 + 	/* 630ET : set the mii access mode as software-mode */
   4.712 +@@ -486,7 +482,7 @@
   4.713 + 	/* probe for mii transceiver */
   4.714 + 	if (sis900_mii_probe(net_dev) == 0) {
   4.715 + 		ret = -ENODEV;
   4.716 +-		goto err_out_unregister;
   4.717 ++		goto err_unmap_rx;
   4.718 + 	}
   4.719 + 
   4.720 + 	/* save our host bridge revision */
   4.721 +@@ -496,6 +492,10 @@
   4.722 + 		pci_dev_put(dev);
   4.723 + 	}
   4.724 + 
   4.725 ++	ret = register_netdev(net_dev);
   4.726 ++	if (ret)
   4.727 ++		goto err_unmap_rx;
   4.728 ++
   4.729 + 	/* print some information about our NIC */
   4.730 + 	printk(KERN_INFO "%s: %s at %#lx, IRQ %d, ", net_dev->name,
   4.731 + 	       card_name, ioaddr, net_dev->irq);
   4.732 +@@ -505,8 +505,6 @@
   4.733 + 
   4.734 + 	return 0;
   4.735 + 
   4.736 +- err_out_unregister:
   4.737 +- 	unregister_netdev(net_dev);
   4.738 +  err_unmap_rx:
   4.739 + 	pci_free_consistent(pci_dev, RX_TOTAL_SIZE, sis_priv->rx_ring,
   4.740 + 		sis_priv->rx_ring_dma);
   4.741 +@@ -533,6 +531,7 @@
   4.742 + static int __init sis900_mii_probe(struct net_device * net_dev)
   4.743 + {
   4.744 + 	struct sis900_private * sis_priv = net_dev->priv;
   4.745 ++	const char *dev_name = pci_name(sis_priv->pci_dev);
   4.746 + 	u16 poll_bit = MII_STAT_LINK, status = 0;
   4.747 + 	unsigned long timeout = jiffies + 5 * HZ;
   4.748 + 	int phy_addr;
   4.749 +@@ -582,21 +581,20 @@
   4.750 + 					mii_phy->phy_types =
   4.751 + 					    (mii_status & (MII_STAT_CAN_TX_FDX | MII_STAT_CAN_TX)) ? LAN : HOME;
   4.752 + 				printk(KERN_INFO "%s: %s transceiver found at address %d.\n",
   4.753 +-				       net_dev->name, mii_chip_table[i].name,
   4.754 ++				       dev_name, mii_chip_table[i].name,
   4.755 + 				       phy_addr);
   4.756 + 				break;
   4.757 + 			}
   4.758 + 			
   4.759 + 		if( !mii_chip_table[i].phy_id1 ) {
   4.760 + 			printk(KERN_INFO "%s: Unknown PHY transceiver found at address %d.\n",
   4.761 +-			       net_dev->name, phy_addr);
   4.762 ++			       dev_name, phy_addr);
   4.763 + 			mii_phy->phy_types = UNKNOWN;
   4.764 + 		}
   4.765 + 	}
   4.766 + 	
   4.767 + 	if (sis_priv->mii == NULL) {
   4.768 +-		printk(KERN_INFO "%s: No MII transceivers found!\n",
   4.769 +-			net_dev->name);
   4.770 ++		printk(KERN_INFO "%s: No MII transceivers found!\n", dev_name);
   4.771 + 		return 0;
   4.772 + 	}
   4.773 + 
   4.774 +@@ -621,7 +619,7 @@
   4.775 + 			poll_bit ^= (mdio_read(net_dev, sis_priv->cur_phy, MII_STATUS) & poll_bit);
   4.776 + 			if (time_after_eq(jiffies, timeout)) {
   4.777 + 				printk(KERN_WARNING "%s: reset phy and link down now\n",
   4.778 +-					net_dev->name);
   4.779 ++				       dev_name);
   4.780 + 				return -ETIME;
   4.781 + 			}
   4.782 + 		}
   4.783 +@@ -691,7 +689,7 @@
   4.784 + 		sis_priv->mii = default_phy;
   4.785 + 		sis_priv->cur_phy = default_phy->phy_addr;
   4.786 + 		printk(KERN_INFO "%s: Using transceiver found at address %d as default\n",
   4.787 +-					net_dev->name,sis_priv->cur_phy);
   4.788 ++		       pci_name(sis_priv->pci_dev), sis_priv->cur_phy);
   4.789 + 	}
   4.790 + 	
   4.791 + 	status = mdio_read(net_dev, sis_priv->cur_phy, MII_CONTROL);
   4.792 +diff -Nru a/drivers/net/tun.c b/drivers/net/tun.c
   4.793 +--- a/drivers/net/tun.c	2005-05-11 15:43:53 -07:00
   4.794 ++++ b/drivers/net/tun.c	2005-05-11 15:43:53 -07:00
   4.795 +@@ -229,7 +229,7 @@
   4.796 + 	size_t len = count;
   4.797 + 
   4.798 + 	if (!(tun->flags & TUN_NO_PI)) {
   4.799 +-		if ((len -= sizeof(pi)) > len)
   4.800 ++		if ((len -= sizeof(pi)) > count)
   4.801 + 			return -EINVAL;
   4.802 + 
   4.803 + 		if(memcpy_fromiovec((void *)&pi, iv, sizeof(pi)))
   4.804 +diff -Nru a/drivers/net/via-rhine.c b/drivers/net/via-rhine.c
   4.805 +--- a/drivers/net/via-rhine.c	2005-05-11 15:43:53 -07:00
   4.806 ++++ b/drivers/net/via-rhine.c	2005-05-11 15:43:53 -07:00
   4.807 +@@ -1197,8 +1197,10 @@
   4.808 + 		       dev->name, rp->pdev->irq);
   4.809 + 
   4.810 + 	rc = alloc_ring(dev);
   4.811 +-	if (rc)
   4.812 ++	if (rc) {
   4.813 ++		free_irq(rp->pdev->irq, dev);
   4.814 + 		return rc;
   4.815 ++	}
   4.816 + 	alloc_rbufs(dev);
   4.817 + 	alloc_tbufs(dev);
   4.818 + 	rhine_chip_reset(dev);
   4.819 +@@ -1898,6 +1900,9 @@
   4.820 + 	struct net_device *dev = pci_get_drvdata(pdev);
   4.821 + 	struct rhine_private *rp = netdev_priv(dev);
   4.822 + 	void __iomem *ioaddr = rp->base;
   4.823 ++
   4.824 ++	if (!(rp->quirks & rqWOL))
   4.825 ++		return; /* Nothing to do for non-WOL adapters */
   4.826 + 
   4.827 + 	rhine_power_init(dev);
   4.828 + 
   4.829 +diff -Nru a/drivers/net/wan/hd6457x.c b/drivers/net/wan/hd6457x.c
   4.830 +--- a/drivers/net/wan/hd6457x.c	2005-05-11 15:43:53 -07:00
   4.831 ++++ b/drivers/net/wan/hd6457x.c	2005-05-11 15:43:53 -07:00
   4.832 +@@ -315,7 +315,7 @@
   4.833 + #endif
   4.834 + 	stats->rx_packets++;
   4.835 + 	stats->rx_bytes += skb->len;
   4.836 +-	skb->dev->last_rx = jiffies;
   4.837 ++	dev->last_rx = jiffies;
   4.838 + 	skb->protocol = hdlc_type_trans(skb, dev);
   4.839 + 	netif_rx(skb);
   4.840 + }
   4.841 +diff -Nru a/drivers/pci/hotplug/pciehp_ctrl.c b/drivers/pci/hotplug/pciehp_ctrl.c
   4.842 +--- a/drivers/pci/hotplug/pciehp_ctrl.c	2005-05-11 15:43:53 -07:00
   4.843 ++++ b/drivers/pci/hotplug/pciehp_ctrl.c	2005-05-11 15:43:53 -07:00
   4.844 +@@ -1354,10 +1354,11 @@
   4.845 + 				dbg("PCI Bridge Hot-Remove s:b:d:f(%02x:%02x:%02x:%02x)\n", 
   4.846 + 					ctrl->seg, func->bus, func->device, func->function);
   4.847 + 				bridge_slot_remove(func);
   4.848 +-			} else
   4.849 ++			} else {
   4.850 + 				dbg("PCI Function Hot-Remove s:b:d:f(%02x:%02x:%02x:%02x)\n", 
   4.851 + 					ctrl->seg, func->bus, func->device, func->function);
   4.852 + 				slot_remove(func);
   4.853 ++			}
   4.854 + 
   4.855 + 			func = pciehp_slot_find(ctrl->slot_bus, device, 0);
   4.856 + 		}
   4.857 +diff -Nru a/fs/binfmt_elf.c b/fs/binfmt_elf.c
   4.858 +--- a/fs/binfmt_elf.c	2005-05-11 15:43:53 -07:00
   4.859 ++++ b/fs/binfmt_elf.c	2005-05-11 15:43:53 -07:00
   4.860 +@@ -257,7 +257,7 @@
   4.861 + 	}
   4.862 + 
   4.863 + 	/* Populate argv and envp */
   4.864 +-	p = current->mm->arg_start;
   4.865 ++	p = current->mm->arg_end = current->mm->arg_start;
   4.866 + 	while (argc-- > 0) {
   4.867 + 		size_t len;
   4.868 + 		__put_user((elf_addr_t)p, argv++);
   4.869 +@@ -1008,6 +1008,7 @@
   4.870 + static int load_elf_library(struct file *file)
   4.871 + {
   4.872 + 	struct elf_phdr *elf_phdata;
   4.873 ++	struct elf_phdr *eppnt;
   4.874 + 	unsigned long elf_bss, bss, len;
   4.875 + 	int retval, error, i, j;
   4.876 + 	struct elfhdr elf_ex;
   4.877 +@@ -1031,44 +1032,47 @@
   4.878 + 	/* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
   4.879 + 
   4.880 + 	error = -ENOMEM;
   4.881 +-	elf_phdata = (struct elf_phdr *) kmalloc(j, GFP_KERNEL);
   4.882 ++	elf_phdata = kmalloc(j, GFP_KERNEL);
   4.883 + 	if (!elf_phdata)
   4.884 + 		goto out;
   4.885 + 
   4.886 ++	eppnt = elf_phdata;
   4.887 + 	error = -ENOEXEC;
   4.888 +-	retval = kernel_read(file, elf_ex.e_phoff, (char *) elf_phdata, j);
   4.889 ++	retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);
   4.890 + 	if (retval != j)
   4.891 + 		goto out_free_ph;
   4.892 + 
   4.893 + 	for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
   4.894 +-		if ((elf_phdata + i)->p_type == PT_LOAD) j++;
   4.895 ++		if ((eppnt + i)->p_type == PT_LOAD)
   4.896 ++			j++;
   4.897 + 	if (j != 1)
   4.898 + 		goto out_free_ph;
   4.899 + 
   4.900 +-	while (elf_phdata->p_type != PT_LOAD) elf_phdata++;
   4.901 ++	while (eppnt->p_type != PT_LOAD)
   4.902 ++		eppnt++;
   4.903 + 
   4.904 + 	/* Now use mmap to map the library into memory. */
   4.905 + 	down_write(&current->mm->mmap_sem);
   4.906 + 	error = do_mmap(file,
   4.907 +-			ELF_PAGESTART(elf_phdata->p_vaddr),
   4.908 +-			(elf_phdata->p_filesz +
   4.909 +-			 ELF_PAGEOFFSET(elf_phdata->p_vaddr)),
   4.910 ++			ELF_PAGESTART(eppnt->p_vaddr),
   4.911 ++			(eppnt->p_filesz +
   4.912 ++			 ELF_PAGEOFFSET(eppnt->p_vaddr)),
   4.913 + 			PROT_READ | PROT_WRITE | PROT_EXEC,
   4.914 + 			MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
   4.915 +-			(elf_phdata->p_offset -
   4.916 +-			 ELF_PAGEOFFSET(elf_phdata->p_vaddr)));
   4.917 ++			(eppnt->p_offset -
   4.918 ++			 ELF_PAGEOFFSET(eppnt->p_vaddr)));
   4.919 + 	up_write(&current->mm->mmap_sem);
   4.920 +-	if (error != ELF_PAGESTART(elf_phdata->p_vaddr))
   4.921 ++	if (error != ELF_PAGESTART(eppnt->p_vaddr))
   4.922 + 		goto out_free_ph;
   4.923 + 
   4.924 +-	elf_bss = elf_phdata->p_vaddr + elf_phdata->p_filesz;
   4.925 ++	elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
   4.926 + 	if (padzero(elf_bss)) {
   4.927 + 		error = -EFAULT;
   4.928 + 		goto out_free_ph;
   4.929 + 	}
   4.930 + 
   4.931 +-	len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1);
   4.932 +-	bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
   4.933 ++	len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + ELF_MIN_ALIGN - 1);
   4.934 ++	bss = eppnt->p_memsz + eppnt->p_vaddr;
   4.935 + 	if (bss > len) {
   4.936 + 		down_write(&current->mm->mmap_sem);
   4.937 + 		do_brk(len, bss - len);
   4.938 +@@ -1275,7 +1279,7 @@
   4.939 + static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
   4.940 + 		       struct mm_struct *mm)
   4.941 + {
   4.942 +-	int i, len;
   4.943 ++	unsigned int i, len;
   4.944 + 	
   4.945 + 	/* first copy the parameters from user space */
   4.946 + 	memset(psinfo, 0, sizeof(struct elf_prpsinfo));
   4.947 +diff -Nru a/fs/cramfs/inode.c b/fs/cramfs/inode.c
   4.948 +--- a/fs/cramfs/inode.c	2005-05-11 15:43:53 -07:00
   4.949 ++++ b/fs/cramfs/inode.c	2005-05-11 15:43:53 -07:00
   4.950 +@@ -70,6 +70,7 @@
   4.951 + 			inode->i_data.a_ops = &cramfs_aops;
   4.952 + 		} else {
   4.953 + 			inode->i_size = 0;
   4.954 ++			inode->i_blocks = 0;
   4.955 + 			init_special_inode(inode, inode->i_mode,
   4.956 + 				old_decode_dev(cramfs_inode->size));
   4.957 + 		}
   4.958 +diff -Nru a/fs/eventpoll.c b/fs/eventpoll.c
   4.959 +--- a/fs/eventpoll.c	2005-05-11 15:43:53 -07:00
   4.960 ++++ b/fs/eventpoll.c	2005-05-11 15:43:53 -07:00
   4.961 +@@ -619,6 +619,7 @@
   4.962 + 	return error;
   4.963 + }
   4.964 + 
   4.965 ++#define MAX_EVENTS (INT_MAX / sizeof(struct epoll_event))
   4.966 + 
   4.967 + /*
   4.968 +  * Implement the event wait interface for the eventpoll file. It is the kernel
   4.969 +@@ -635,7 +636,7 @@
   4.970 + 		     current, epfd, events, maxevents, timeout));
   4.971 + 
   4.972 + 	/* The maximum number of event must be greater than zero */
   4.973 +-	if (maxevents <= 0)
   4.974 ++	if (maxevents <= 0 || maxevents > MAX_EVENTS)
   4.975 + 		return -EINVAL;
   4.976 + 
   4.977 + 	/* Verify that the area passed by the user is writeable */
   4.978 +diff -Nru a/fs/exec.c b/fs/exec.c
   4.979 +--- a/fs/exec.c	2005-05-11 15:43:53 -07:00
   4.980 ++++ b/fs/exec.c	2005-05-11 15:43:53 -07:00
   4.981 +@@ -814,7 +814,7 @@
   4.982 + {
   4.983 + 	/* buf must be at least sizeof(tsk->comm) in size */
   4.984 + 	task_lock(tsk);
   4.985 +-	memcpy(buf, tsk->comm, sizeof(tsk->comm));
   4.986 ++	strncpy(buf, tsk->comm, sizeof(tsk->comm));
   4.987 + 	task_unlock(tsk);
   4.988 + }
   4.989 + 
   4.990 +diff -Nru a/fs/ext2/dir.c b/fs/ext2/dir.c
   4.991 +--- a/fs/ext2/dir.c	2005-05-11 15:43:53 -07:00
   4.992 ++++ b/fs/ext2/dir.c	2005-05-11 15:43:53 -07:00
   4.993 +@@ -592,6 +592,7 @@
   4.994 + 		goto fail;
   4.995 + 	}
   4.996 + 	kaddr = kmap_atomic(page, KM_USER0);
   4.997 ++       memset(kaddr, 0, chunk_size);
   4.998 + 	de = (struct ext2_dir_entry_2 *)kaddr;
   4.999 + 	de->name_len = 1;
  4.1000 + 	de->rec_len = cpu_to_le16(EXT2_DIR_REC_LEN(1));
  4.1001 +diff -Nru a/fs/isofs/inode.c b/fs/isofs/inode.c
  4.1002 +--- a/fs/isofs/inode.c	2005-05-11 15:43:53 -07:00
  4.1003 ++++ b/fs/isofs/inode.c	2005-05-11 15:43:53 -07:00
  4.1004 +@@ -685,6 +685,8 @@
  4.1005 + 	  sbi->s_log_zone_size = isonum_723 (h_pri->logical_block_size);
  4.1006 + 	  sbi->s_max_size = isonum_733(h_pri->volume_space_size);
  4.1007 + 	} else {
  4.1008 ++	  if (!pri)
  4.1009 ++	    goto out_freebh;
  4.1010 + 	  rootp = (struct iso_directory_record *) pri->root_directory_record;
  4.1011 + 	  sbi->s_nzones = isonum_733 (pri->volume_space_size);
  4.1012 + 	  sbi->s_log_zone_size = isonum_723 (pri->logical_block_size);
  4.1013 +@@ -1394,6 +1396,9 @@
  4.1014 + 	unsigned long hashval;
  4.1015 + 	struct inode *inode;
  4.1016 + 	struct isofs_iget5_callback_data data;
  4.1017 ++
  4.1018 ++	if (offset >= 1ul << sb->s_blocksize_bits)
  4.1019 ++		return NULL;
  4.1020 + 
  4.1021 + 	data.block = block;
  4.1022 + 	data.offset = offset;
  4.1023 +diff -Nru a/fs/isofs/rock.c b/fs/isofs/rock.c
  4.1024 +--- a/fs/isofs/rock.c	2005-05-11 15:43:53 -07:00
  4.1025 ++++ b/fs/isofs/rock.c	2005-05-11 15:43:53 -07:00
  4.1026 +@@ -53,6 +53,7 @@
  4.1027 +   if(LEN & 1) LEN++;						\
  4.1028 +   CHR = ((unsigned char *) DE) + LEN;				\
  4.1029 +   LEN = *((unsigned char *) DE) - LEN;                          \
  4.1030 ++  if (LEN<0) LEN=0;                                             \
  4.1031 +   if (ISOFS_SB(inode->i_sb)->s_rock_offset!=-1)                \
  4.1032 +   {                                                             \
  4.1033 +      LEN-=ISOFS_SB(inode->i_sb)->s_rock_offset;                \
  4.1034 +@@ -73,6 +74,10 @@
  4.1035 +     offset1 = 0; \
  4.1036 +     pbh = sb_bread(DEV->i_sb, block); \
  4.1037 +     if(pbh){       \
  4.1038 ++      if (offset > pbh->b_size || offset + cont_size > pbh->b_size){	\
  4.1039 ++	brelse(pbh); \
  4.1040 ++	goto out; \
  4.1041 ++      } \
  4.1042 +       memcpy(buffer + offset1, pbh->b_data + offset, cont_size - offset1); \
  4.1043 +       brelse(pbh); \
  4.1044 +       chr = (unsigned char *) buffer; \
  4.1045 +@@ -103,12 +108,13 @@
  4.1046 +     struct rock_ridge * rr;
  4.1047 +     int sig;
  4.1048 +     
  4.1049 +-    while (len > 1){ /* There may be one byte for padding somewhere */
  4.1050 ++    while (len > 2){ /* There may be one byte for padding somewhere */
  4.1051 +       rr = (struct rock_ridge *) chr;
  4.1052 +-      if (rr->len == 0) goto out; /* Something got screwed up here */
  4.1053 ++      if (rr->len < 3) goto out; /* Something got screwed up here */
  4.1054 +       sig = isonum_721(chr);
  4.1055 +       chr += rr->len; 
  4.1056 +       len -= rr->len;
  4.1057 ++      if (len < 0) goto out;	/* corrupted isofs */
  4.1058 + 
  4.1059 +       switch(sig){
  4.1060 +       case SIG('R','R'):
  4.1061 +@@ -122,6 +128,7 @@
  4.1062 + 	break;
  4.1063 +       case SIG('N','M'):
  4.1064 + 	if (truncate) break;
  4.1065 ++	if (rr->len < 5) break;
  4.1066 +         /*
  4.1067 + 	 * If the flags are 2 or 4, this indicates '.' or '..'.
  4.1068 + 	 * We don't want to do anything with this, because it
  4.1069 +@@ -186,12 +193,13 @@
  4.1070 +     struct rock_ridge * rr;
  4.1071 +     int rootflag;
  4.1072 +     
  4.1073 +-    while (len > 1){ /* There may be one byte for padding somewhere */
  4.1074 ++    while (len > 2){ /* There may be one byte for padding somewhere */
  4.1075 +       rr = (struct rock_ridge *) chr;
  4.1076 +-      if (rr->len == 0) goto out; /* Something got screwed up here */
  4.1077 ++      if (rr->len < 3) goto out; /* Something got screwed up here */
  4.1078 +       sig = isonum_721(chr);
  4.1079 +       chr += rr->len; 
  4.1080 +       len -= rr->len;
  4.1081 ++      if (len < 0) goto out;	/* corrupted isofs */
  4.1082 +       
  4.1083 +       switch(sig){
  4.1084 + #ifndef CONFIG_ZISOFS		/* No flag for SF or ZF */
  4.1085 +@@ -462,7 +470,7 @@
  4.1086 + 	struct rock_ridge *rr;
  4.1087 + 
  4.1088 + 	if (!ISOFS_SB(inode->i_sb)->s_rock)
  4.1089 +-		panic ("Cannot have symlink with high sierra variant of iso filesystem\n");
  4.1090 ++		goto error;
  4.1091 + 
  4.1092 + 	block = ei->i_iget5_block;
  4.1093 + 	lock_kernel();
  4.1094 +@@ -487,13 +495,15 @@
  4.1095 + 	SETUP_ROCK_RIDGE(raw_inode, chr, len);
  4.1096 + 
  4.1097 +       repeat:
  4.1098 +-	while (len > 1) { /* There may be one byte for padding somewhere */
  4.1099 ++	while (len > 2) { /* There may be one byte for padding somewhere */
  4.1100 + 		rr = (struct rock_ridge *) chr;
  4.1101 +-		if (rr->len == 0)
  4.1102 ++		if (rr->len < 3)
  4.1103 + 			goto out;	/* Something got screwed up here */
  4.1104 + 		sig = isonum_721(chr);
  4.1105 + 		chr += rr->len;
  4.1106 + 		len -= rr->len;
  4.1107 ++		if (len < 0)
  4.1108 ++			goto out;	/* corrupted isofs */
  4.1109 + 
  4.1110 + 		switch (sig) {
  4.1111 + 		case SIG('R', 'R'):
  4.1112 +@@ -543,6 +553,7 @@
  4.1113 +       fail:
  4.1114 + 	brelse(bh);
  4.1115 + 	unlock_kernel();
  4.1116 ++      error:
  4.1117 + 	SetPageError(page);
  4.1118 + 	kunmap(page);
  4.1119 + 	unlock_page(page);
  4.1120 +diff -Nru a/fs/jbd/transaction.c b/fs/jbd/transaction.c
  4.1121 +--- a/fs/jbd/transaction.c	2005-05-11 15:43:53 -07:00
  4.1122 ++++ b/fs/jbd/transaction.c	2005-05-11 15:43:53 -07:00
  4.1123 +@@ -1775,10 +1775,10 @@
  4.1124 + 			JBUFFER_TRACE(jh, "checkpointed: add to BJ_Forget");
  4.1125 + 			ret = __dispose_buffer(jh,
  4.1126 + 					journal->j_running_transaction);
  4.1127 ++			journal_put_journal_head(jh);
  4.1128 + 			spin_unlock(&journal->j_list_lock);
  4.1129 + 			jbd_unlock_bh_state(bh);
  4.1130 + 			spin_unlock(&journal->j_state_lock);
  4.1131 +-			journal_put_journal_head(jh);
  4.1132 + 			return ret;
  4.1133 + 		} else {
  4.1134 + 			/* There is no currently-running transaction. So the
  4.1135 +@@ -1789,10 +1789,10 @@
  4.1136 + 				JBUFFER_TRACE(jh, "give to committing trans");
  4.1137 + 				ret = __dispose_buffer(jh,
  4.1138 + 					journal->j_committing_transaction);
  4.1139 ++				journal_put_journal_head(jh);
  4.1140 + 				spin_unlock(&journal->j_list_lock);
  4.1141 + 				jbd_unlock_bh_state(bh);
  4.1142 + 				spin_unlock(&journal->j_state_lock);
  4.1143 +-				journal_put_journal_head(jh);
  4.1144 + 				return ret;
  4.1145 + 			} else {
  4.1146 + 				/* The orphan record's transaction has
  4.1147 +@@ -1813,10 +1813,10 @@
  4.1148 + 					journal->j_running_transaction);
  4.1149 + 			jh->b_next_transaction = NULL;
  4.1150 + 		}
  4.1151 ++		journal_put_journal_head(jh);
  4.1152 + 		spin_unlock(&journal->j_list_lock);
  4.1153 + 		jbd_unlock_bh_state(bh);
  4.1154 + 		spin_unlock(&journal->j_state_lock);
  4.1155 +-		journal_put_journal_head(jh);
  4.1156 + 		return 0;
  4.1157 + 	} else {
  4.1158 + 		/* Good, the buffer belongs to the running transaction.
  4.1159 +diff -Nru a/kernel/exit.c b/kernel/exit.c
  4.1160 +--- a/kernel/exit.c	2005-05-11 15:43:53 -07:00
  4.1161 ++++ b/kernel/exit.c	2005-05-11 15:43:53 -07:00
  4.1162 +@@ -516,8 +516,6 @@
  4.1163 + 	 */
  4.1164 + 	BUG_ON(p == reaper || reaper->exit_state >= EXIT_ZOMBIE);
  4.1165 + 	p->real_parent = reaper;
  4.1166 +-	if (p->parent == p->real_parent)
  4.1167 +-		BUG();
  4.1168 + }
  4.1169 + 
  4.1170 + static inline void reparent_thread(task_t *p, task_t *father, int traced)
  4.1171 +diff -Nru a/kernel/signal.c b/kernel/signal.c
  4.1172 +--- a/kernel/signal.c	2005-05-11 15:43:53 -07:00
  4.1173 ++++ b/kernel/signal.c	2005-05-11 15:43:53 -07:00
  4.1174 +@@ -1728,6 +1728,7 @@
  4.1175 + 			 * with another processor delivering a stop signal,
  4.1176 + 			 * then the SIGCONT that wakes us up should clear it.
  4.1177 + 			 */
  4.1178 ++			read_unlock(&tasklist_lock);
  4.1179 + 			return 0;
  4.1180 + 		}
  4.1181 + 
  4.1182 +diff -Nru a/lib/rwsem-spinlock.c b/lib/rwsem-spinlock.c
  4.1183 +--- a/lib/rwsem-spinlock.c	2005-05-11 15:43:53 -07:00
  4.1184 ++++ b/lib/rwsem-spinlock.c	2005-05-11 15:43:53 -07:00
  4.1185 +@@ -140,12 +140,12 @@
  4.1186 + 
  4.1187 + 	rwsemtrace(sem, "Entering __down_read");
  4.1188 + 
  4.1189 +-	spin_lock(&sem->wait_lock);
  4.1190 ++	spin_lock_irq(&sem->wait_lock);
  4.1191 + 
  4.1192 + 	if (sem->activity >= 0 && list_empty(&sem->wait_list)) {
  4.1193 + 		/* granted */
  4.1194 + 		sem->activity++;
  4.1195 +-		spin_unlock(&sem->wait_lock);
  4.1196 ++		spin_unlock_irq(&sem->wait_lock);
  4.1197 + 		goto out;
  4.1198 + 	}
  4.1199 + 
  4.1200 +@@ -160,7 +160,7 @@
  4.1201 + 	list_add_tail(&waiter.list, &sem->wait_list);
  4.1202 + 
  4.1203 + 	/* we don't need to touch the semaphore struct anymore */
  4.1204 +-	spin_unlock(&sem->wait_lock);
  4.1205 ++	spin_unlock_irq(&sem->wait_lock);
  4.1206 + 
  4.1207 + 	/* wait to be given the lock */
  4.1208 + 	for (;;) {
  4.1209 +@@ -181,10 +181,12 @@
  4.1210 +  */
  4.1211 + int fastcall __down_read_trylock(struct rw_semaphore *sem)
  4.1212 + {
  4.1213 ++	unsigned long flags;
  4.1214 + 	int ret = 0;
  4.1215 ++
  4.1216 + 	rwsemtrace(sem, "Entering __down_read_trylock");
  4.1217 + 
  4.1218 +-	spin_lock(&sem->wait_lock);
  4.1219 ++	spin_lock_irqsave(&sem->wait_lock, flags);
  4.1220 + 
  4.1221 + 	if (sem->activity >= 0 && list_empty(&sem->wait_list)) {
  4.1222 + 		/* granted */
  4.1223 +@@ -192,7 +194,7 @@
  4.1224 + 		ret = 1;
  4.1225 + 	}
  4.1226 + 
  4.1227 +-	spin_unlock(&sem->wait_lock);
  4.1228 ++	spin_unlock_irqrestore(&sem->wait_lock, flags);
  4.1229 + 
  4.1230 + 	rwsemtrace(sem, "Leaving __down_read_trylock");
  4.1231 + 	return ret;
  4.1232 +@@ -209,12 +211,12 @@
  4.1233 + 
  4.1234 + 	rwsemtrace(sem, "Entering __down_write");
  4.1235 + 
  4.1236 +-	spin_lock(&sem->wait_lock);
  4.1237 ++	spin_lock_irq(&sem->wait_lock);
  4.1238 + 
  4.1239 + 	if (sem->activity == 0 && list_empty(&sem->wait_list)) {
  4.1240 + 		/* granted */
  4.1241 + 		sem->activity = -1;
  4.1242 +-		spin_unlock(&sem->wait_lock);
  4.1243 ++		spin_unlock_irq(&sem->wait_lock);
  4.1244 + 		goto out;
  4.1245 + 	}
  4.1246 + 
  4.1247 +@@ -229,7 +231,7 @@
  4.1248 + 	list_add_tail(&waiter.list, &sem->wait_list);
  4.1249 + 
  4.1250 + 	/* we don't need to touch the semaphore struct anymore */
  4.1251 +-	spin_unlock(&sem->wait_lock);
  4.1252 ++	spin_unlock_irq(&sem->wait_lock);
  4.1253 + 
  4.1254 + 	/* wait to be given the lock */
  4.1255 + 	for (;;) {
  4.1256 +@@ -250,10 +252,12 @@
  4.1257 +  */
  4.1258 + int fastcall __down_write_trylock(struct rw_semaphore *sem)
  4.1259 + {
  4.1260 ++	unsigned long flags;
  4.1261 + 	int ret = 0;
  4.1262 ++
  4.1263 + 	rwsemtrace(sem, "Entering __down_write_trylock");
  4.1264 + 
  4.1265 +-	spin_lock(&sem->wait_lock);
  4.1266 ++	spin_lock_irqsave(&sem->wait_lock, flags);
  4.1267 + 
  4.1268 + 	if (sem->activity == 0 && list_empty(&sem->wait_list)) {
  4.1269 + 		/* granted */
  4.1270 +@@ -261,7 +265,7 @@
  4.1271 + 		ret = 1;
  4.1272 + 	}
  4.1273 + 
  4.1274 +-	spin_unlock(&sem->wait_lock);
  4.1275 ++	spin_unlock_irqrestore(&sem->wait_lock, flags);
  4.1276 + 
  4.1277 + 	rwsemtrace(sem, "Leaving __down_write_trylock");
  4.1278 + 	return ret;
  4.1279 +@@ -272,14 +276,16 @@
  4.1280 +  */
  4.1281 + void fastcall __up_read(struct rw_semaphore *sem)
  4.1282 + {
  4.1283 ++	unsigned long flags;
  4.1284 ++
  4.1285 + 	rwsemtrace(sem, "Entering __up_read");
  4.1286 + 
  4.1287 +-	spin_lock(&sem->wait_lock);
  4.1288 ++	spin_lock_irqsave(&sem->wait_lock, flags);
  4.1289 + 
  4.1290 + 	if (--sem->activity == 0 && !list_empty(&sem->wait_list))
  4.1291 + 		sem = __rwsem_wake_one_writer(sem);
  4.1292 + 
  4.1293 +-	spin_unlock(&sem->wait_lock);
  4.1294 ++	spin_unlock_irqrestore(&sem->wait_lock, flags);
  4.1295 + 
  4.1296 + 	rwsemtrace(sem, "Leaving __up_read");
  4.1297 + }
  4.1298 +@@ -289,15 +295,17 @@
  4.1299 +  */
  4.1300 + void fastcall __up_write(struct rw_semaphore *sem)
  4.1301 + {
  4.1302 ++	unsigned long flags;
  4.1303 ++
  4.1304 + 	rwsemtrace(sem, "Entering __up_write");
  4.1305 + 
  4.1306 +-	spin_lock(&sem->wait_lock);
  4.1307 ++	spin_lock_irqsave(&sem->wait_lock, flags);
  4.1308 + 
  4.1309 + 	sem->activity = 0;
  4.1310 + 	if (!list_empty(&sem->wait_list))
  4.1311 + 		sem = __rwsem_do_wake(sem, 1);
  4.1312 + 
  4.1313 +-	spin_unlock(&sem->wait_lock);
  4.1314 ++	spin_unlock_irqrestore(&sem->wait_lock, flags);
  4.1315 + 
  4.1316 + 	rwsemtrace(sem, "Leaving __up_write");
  4.1317 + }
  4.1318 +@@ -308,15 +316,17 @@
  4.1319 +  */
  4.1320 + void fastcall __downgrade_write(struct rw_semaphore *sem)
  4.1321 + {
  4.1322 ++	unsigned long flags;
  4.1323 ++
  4.1324 + 	rwsemtrace(sem, "Entering __downgrade_write");
  4.1325 + 
  4.1326 +-	spin_lock(&sem->wait_lock);
  4.1327 ++	spin_lock_irqsave(&sem->wait_lock, flags);
  4.1328 + 
  4.1329 + 	sem->activity = 1;
  4.1330 + 	if (!list_empty(&sem->wait_list))
  4.1331 + 		sem = __rwsem_do_wake(sem, 0);
  4.1332 + 
  4.1333 +-	spin_unlock(&sem->wait_lock);
  4.1334 ++	spin_unlock_irqrestore(&sem->wait_lock, flags);
  4.1335 + 
  4.1336 + 	rwsemtrace(sem, "Leaving __downgrade_write");
  4.1337 + }
  4.1338 +diff -Nru a/lib/rwsem.c b/lib/rwsem.c
  4.1339 +--- a/lib/rwsem.c	2005-05-11 15:43:53 -07:00
  4.1340 ++++ b/lib/rwsem.c	2005-05-11 15:43:53 -07:00
  4.1341 +@@ -150,7 +150,7 @@
  4.1342 + 	set_task_state(tsk, TASK_UNINTERRUPTIBLE);
  4.1343 + 
  4.1344 + 	/* set up my own style of waitqueue */
  4.1345 +-	spin_lock(&sem->wait_lock);
  4.1346 ++	spin_lock_irq(&sem->wait_lock);
  4.1347 + 	waiter->task = tsk;
  4.1348 + 	get_task_struct(tsk);
  4.1349 + 
  4.1350 +@@ -163,7 +163,7 @@
  4.1351 + 	if (!(count & RWSEM_ACTIVE_MASK))
  4.1352 + 		sem = __rwsem_do_wake(sem, 0);
  4.1353 + 
  4.1354 +-	spin_unlock(&sem->wait_lock);
  4.1355 ++	spin_unlock_irq(&sem->wait_lock);
  4.1356 + 
  4.1357 + 	/* wait to be given the lock */
  4.1358 + 	for (;;) {
  4.1359 +@@ -219,15 +219,17 @@
  4.1360 +  */
  4.1361 + struct rw_semaphore fastcall *rwsem_wake(struct rw_semaphore *sem)
  4.1362 + {
  4.1363 ++	unsigned long flags;
  4.1364 ++
  4.1365 + 	rwsemtrace(sem, "Entering rwsem_wake");
  4.1366 + 
  4.1367 +-	spin_lock(&sem->wait_lock);
  4.1368 ++	spin_lock_irqsave(&sem->wait_lock, flags);
  4.1369 + 
  4.1370 + 	/* do nothing if list empty */
  4.1371 + 	if (!list_empty(&sem->wait_list))
  4.1372 + 		sem = __rwsem_do_wake(sem, 0);
  4.1373 + 
  4.1374 +-	spin_unlock(&sem->wait_lock);
  4.1375 ++	spin_unlock_irqrestore(&sem->wait_lock, flags);
  4.1376 + 
  4.1377 + 	rwsemtrace(sem, "Leaving rwsem_wake");
  4.1378 + 
  4.1379 +@@ -241,15 +243,17 @@
  4.1380 +  */
  4.1381 + struct rw_semaphore fastcall *rwsem_downgrade_wake(struct rw_semaphore *sem)
  4.1382 + {
  4.1383 ++	unsigned long flags;
  4.1384 ++
  4.1385 + 	rwsemtrace(sem, "Entering rwsem_downgrade_wake");
  4.1386 + 
  4.1387 +-	spin_lock(&sem->wait_lock);
  4.1388 ++	spin_lock_irqsave(&sem->wait_lock, flags);
  4.1389 + 
  4.1390 + 	/* do nothing if list empty */
  4.1391 + 	if (!list_empty(&sem->wait_list))
  4.1392 + 		sem = __rwsem_do_wake(sem, 1);
  4.1393 + 
  4.1394 +-	spin_unlock(&sem->wait_lock);
  4.1395 ++	spin_unlock_irqrestore(&sem->wait_lock, flags);
  4.1396 + 
  4.1397 + 	rwsemtrace(sem, "Leaving rwsem_downgrade_wake");
  4.1398 + 	return sem;
  4.1399 +diff -Nru a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
  4.1400 +--- a/net/bluetooth/af_bluetooth.c	2005-05-11 15:43:53 -07:00
  4.1401 ++++ b/net/bluetooth/af_bluetooth.c	2005-05-11 15:43:53 -07:00
  4.1402 +@@ -64,7 +64,7 @@
  4.1403 + 
  4.1404 + int bt_sock_register(int proto, struct net_proto_family *ops)
  4.1405 + {
  4.1406 +-	if (proto >= BT_MAX_PROTO)
  4.1407 ++	if (proto < 0 || proto >= BT_MAX_PROTO)
  4.1408 + 		return -EINVAL;
  4.1409 + 
  4.1410 + 	if (bt_proto[proto])
  4.1411 +@@ -77,7 +77,7 @@
  4.1412 + 
  4.1413 + int bt_sock_unregister(int proto)
  4.1414 + {
  4.1415 +-	if (proto >= BT_MAX_PROTO)
  4.1416 ++	if (proto < 0 || proto >= BT_MAX_PROTO)
  4.1417 + 		return -EINVAL;
  4.1418 + 
  4.1419 + 	if (!bt_proto[proto])
  4.1420 +@@ -92,7 +92,7 @@
  4.1421 + {
  4.1422 + 	int err = 0;
  4.1423 + 
  4.1424 +-	if (proto >= BT_MAX_PROTO)
  4.1425 ++	if (proto < 0 || proto >= BT_MAX_PROTO)
  4.1426 + 		return -EINVAL;
  4.1427 + 
  4.1428 + #if defined(CONFIG_KMOD)
  4.1429 +diff -Nru a/net/ipv4/fib_hash.c b/net/ipv4/fib_hash.c
  4.1430 +--- a/net/ipv4/fib_hash.c	2005-05-11 15:43:53 -07:00
  4.1431 ++++ b/net/ipv4/fib_hash.c	2005-05-11 15:43:53 -07:00
  4.1432 +@@ -919,13 +919,23 @@
  4.1433 + 	return fa;
  4.1434 + }
  4.1435 + 
  4.1436 ++static struct fib_alias *fib_get_idx(struct seq_file *seq, loff_t pos)
  4.1437 ++{
  4.1438 ++	struct fib_alias *fa = fib_get_first(seq);
  4.1439 ++
  4.1440 ++	if (fa)
  4.1441 ++		while (pos && (fa = fib_get_next(seq)))
  4.1442 ++			--pos;
  4.1443 ++	return pos ? NULL : fa;
  4.1444 ++}
  4.1445 ++
  4.1446 + static void *fib_seq_start(struct seq_file *seq, loff_t *pos)
  4.1447 + {
  4.1448 + 	void *v = NULL;
  4.1449 + 
  4.1450 + 	read_lock(&fib_hash_lock);
  4.1451 + 	if (ip_fib_main_table)
  4.1452 +-		v = *pos ? fib_get_next(seq) : SEQ_START_TOKEN;
  4.1453 ++		v = *pos ? fib_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
  4.1454 + 	return v;
  4.1455 + }
  4.1456 + 
  4.1457 +diff -Nru a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
  4.1458 +--- a/net/ipv4/tcp_input.c	2005-05-11 15:43:53 -07:00
  4.1459 ++++ b/net/ipv4/tcp_input.c	2005-05-11 15:43:53 -07:00
  4.1460 +@@ -1653,7 +1653,10 @@
  4.1461 + static void tcp_undo_cwr(struct tcp_sock *tp, int undo)
  4.1462 + {
  4.1463 + 	if (tp->prior_ssthresh) {
  4.1464 +-		tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1);
  4.1465 ++		if (tcp_is_bic(tp))
  4.1466 ++			tp->snd_cwnd = max(tp->snd_cwnd, tp->bictcp.last_max_cwnd);
  4.1467 ++		else
  4.1468 ++			tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1);
  4.1469 + 
  4.1470 + 		if (undo && tp->prior_ssthresh > tp->snd_ssthresh) {
  4.1471 + 			tp->snd_ssthresh = tp->prior_ssthresh;
  4.1472 +diff -Nru a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
  4.1473 +--- a/net/ipv4/tcp_timer.c	2005-05-11 15:43:53 -07:00
  4.1474 ++++ b/net/ipv4/tcp_timer.c	2005-05-11 15:43:53 -07:00
  4.1475 +@@ -38,6 +38,7 @@
  4.1476 + 
  4.1477 + #ifdef TCP_DEBUG
  4.1478 + const char tcp_timer_bug_msg[] = KERN_DEBUG "tcpbug: unknown timer value\n";
  4.1479 ++EXPORT_SYMBOL(tcp_timer_bug_msg);
  4.1480 + #endif
  4.1481 + 
  4.1482 + /*
  4.1483 +diff -Nru a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
  4.1484 +--- a/net/ipv4/xfrm4_output.c	2005-05-11 15:43:53 -07:00
  4.1485 ++++ b/net/ipv4/xfrm4_output.c	2005-05-11 15:43:53 -07:00
  4.1486 +@@ -103,16 +103,16 @@
  4.1487 + 			goto error_nolock;
  4.1488 + 	}
  4.1489 + 
  4.1490 +-	spin_lock_bh(&x->lock);
  4.1491 +-	err = xfrm_state_check(x, skb);
  4.1492 +-	if (err)
  4.1493 +-		goto error;
  4.1494 +-
  4.1495 + 	if (x->props.mode) {
  4.1496 + 		err = xfrm4_tunnel_check_size(skb);
  4.1497 + 		if (err)
  4.1498 +-			goto error;
  4.1499 ++			goto error_nolock;
  4.1500 + 	}
  4.1501 ++
  4.1502 ++	spin_lock_bh(&x->lock);
  4.1503 ++	err = xfrm_state_check(x, skb);
  4.1504 ++	if (err)
  4.1505 ++		goto error;
  4.1506 + 
  4.1507 + 	xfrm4_encap(skb);
  4.1508 + 
  4.1509 +diff -Nru a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
  4.1510 +--- a/net/ipv6/xfrm6_output.c	2005-05-11 15:43:53 -07:00
  4.1511 ++++ b/net/ipv6/xfrm6_output.c	2005-05-11 15:43:53 -07:00
  4.1512 +@@ -103,16 +103,16 @@
  4.1513 + 			goto error_nolock;
  4.1514 + 	}
  4.1515 + 
  4.1516 +-	spin_lock_bh(&x->lock);
  4.1517 +-	err = xfrm_state_check(x, skb);
  4.1518 +-	if (err)
  4.1519 +-		goto error;
  4.1520 +-
  4.1521 + 	if (x->props.mode) {
  4.1522 + 		err = xfrm6_tunnel_check_size(skb);
  4.1523 + 		if (err)
  4.1524 +-			goto error;
  4.1525 ++			goto error_nolock;
  4.1526 + 	}
  4.1527 ++
  4.1528 ++	spin_lock_bh(&x->lock);
  4.1529 ++	err = xfrm_state_check(x, skb);
  4.1530 ++	if (err)
  4.1531 ++		goto error;
  4.1532 + 
  4.1533 + 	xfrm6_encap(skb);
  4.1534 + 
  4.1535 +diff -Nru a/net/netrom/nr_in.c b/net/netrom/nr_in.c
  4.1536 +--- a/net/netrom/nr_in.c	2005-05-11 15:43:53 -07:00
  4.1537 ++++ b/net/netrom/nr_in.c	2005-05-11 15:43:53 -07:00
  4.1538 +@@ -74,7 +74,6 @@
  4.1539 + static int nr_state1_machine(struct sock *sk, struct sk_buff *skb,
  4.1540 + 	int frametype)
  4.1541 + {
  4.1542 +-	bh_lock_sock(sk);
  4.1543 + 	switch (frametype) {
  4.1544 + 	case NR_CONNACK: {
  4.1545 + 		nr_cb *nr = nr_sk(sk);
  4.1546 +@@ -103,8 +102,6 @@
  4.1547 + 	default:
  4.1548 + 		break;
  4.1549 + 	}
  4.1550 +-	bh_unlock_sock(sk);
  4.1551 +-
  4.1552 + 	return 0;
  4.1553 + }
  4.1554 + 
  4.1555 +@@ -116,7 +113,6 @@
  4.1556 + static int nr_state2_machine(struct sock *sk, struct sk_buff *skb,
  4.1557 + 	int frametype)
  4.1558 + {
  4.1559 +-	bh_lock_sock(sk);
  4.1560 + 	switch (frametype) {
  4.1561 + 	case NR_CONNACK | NR_CHOKE_FLAG:
  4.1562 + 		nr_disconnect(sk, ECONNRESET);
  4.1563 +@@ -132,8 +128,6 @@
  4.1564 + 	default:
  4.1565 + 		break;
  4.1566 + 	}
  4.1567 +-	bh_unlock_sock(sk);
  4.1568 +-
  4.1569 + 	return 0;
  4.1570 + }
  4.1571 + 
  4.1572 +@@ -154,7 +148,6 @@
  4.1573 + 	nr = skb->data[18];
  4.1574 + 	ns = skb->data[17];
  4.1575 + 
  4.1576 +-	bh_lock_sock(sk);
  4.1577 + 	switch (frametype) {
  4.1578 + 	case NR_CONNREQ:
  4.1579 + 		nr_write_internal(sk, NR_CONNACK);
  4.1580 +@@ -265,8 +258,6 @@
  4.1581 + 	default:
  4.1582 + 		break;
  4.1583 + 	}
  4.1584 +-	bh_unlock_sock(sk);
  4.1585 +-
  4.1586 + 	return queued;
  4.1587 + }
  4.1588 + 
  4.1589 +diff -Nru a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
  4.1590 +--- a/net/xfrm/xfrm_state.c	2005-05-11 15:43:53 -07:00
  4.1591 ++++ b/net/xfrm/xfrm_state.c	2005-05-11 15:43:53 -07:00
  4.1592 +@@ -609,7 +609,7 @@
  4.1593 + 
  4.1594 + 	for (i = 0; i < XFRM_DST_HSIZE; i++) {
  4.1595 + 		list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
  4.1596 +-			if (x->km.seq == seq) {
  4.1597 ++			if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) {
  4.1598 + 				xfrm_state_hold(x);
  4.1599 + 				return x;
  4.1600 + 			}
  4.1601 +diff -Nru a/security/keys/key.c b/security/keys/key.c
  4.1602 +--- a/security/keys/key.c	2005-05-11 15:43:53 -07:00
  4.1603 ++++ b/security/keys/key.c	2005-05-11 15:43:53 -07:00
  4.1604 +@@ -57,9 +57,10 @@
  4.1605 + {
  4.1606 + 	struct key_user *candidate = NULL, *user;
  4.1607 + 	struct rb_node *parent = NULL;
  4.1608 +-	struct rb_node **p = &key_user_tree.rb_node;
  4.1609 ++	struct rb_node **p;
  4.1610 + 
  4.1611 +  try_again:
  4.1612 ++	p = &key_user_tree.rb_node;
  4.1613 + 	spin_lock(&key_user_lock);
  4.1614 + 
  4.1615 + 	/* search the tree for a user record with a matching UID */
  4.1616 +diff -Nru a/sound/core/timer.c b/sound/core/timer.c
  4.1617 +--- a/sound/core/timer.c	2005-05-11 15:43:53 -07:00
  4.1618 ++++ b/sound/core/timer.c	2005-05-11 15:43:53 -07:00
  4.1619 +@@ -1117,7 +1117,8 @@
  4.1620 + 	if (tu->qused >= tu->queue_size) {
  4.1621 + 		tu->overrun++;
  4.1622 + 	} else {
  4.1623 +-		memcpy(&tu->queue[tu->qtail++], tread, sizeof(*tread));
  4.1624 ++		memcpy(&tu->tqueue[tu->qtail++], tread, sizeof(*tread));
  4.1625 ++		tu->qtail %= tu->queue_size;
  4.1626 + 		tu->qused++;
  4.1627 + 	}
  4.1628 + }
  4.1629 +@@ -1140,6 +1141,8 @@
  4.1630 + 	spin_lock(&tu->qlock);
  4.1631 + 	snd_timer_user_append_to_tqueue(tu, &r1);
  4.1632 + 	spin_unlock(&tu->qlock);
  4.1633 ++	kill_fasync(&tu->fasync, SIGIO, POLL_IN);
  4.1634 ++	wake_up(&tu->qchange_sleep);
  4.1635 + }
  4.1636 + 
  4.1637 + static void snd_timer_user_tinterrupt(snd_timer_instance_t *timeri,
  4.1638 +diff -Nru a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c
  4.1639 +--- a/sound/pci/ac97/ac97_codec.c	2005-05-11 15:43:53 -07:00
  4.1640 ++++ b/sound/pci/ac97/ac97_codec.c	2005-05-11 15:43:53 -07:00
  4.1641 +@@ -1185,7 +1185,7 @@
  4.1642 + /*
  4.1643 +  * create mute switch(es) for normal stereo controls
  4.1644 +  */
  4.1645 +-static int snd_ac97_cmute_new(snd_card_t *card, char *name, int reg, ac97_t *ac97)
  4.1646 ++static int snd_ac97_cmute_new_stereo(snd_card_t *card, char *name, int reg, int check_stereo, ac97_t *ac97)
  4.1647 + {
  4.1648 + 	snd_kcontrol_t *kctl;
  4.1649 + 	int err;
  4.1650 +@@ -1196,7 +1196,7 @@
  4.1651 + 
  4.1652 + 	mute_mask = 0x8000;
  4.1653 + 	val = snd_ac97_read(ac97, reg);
  4.1654 +-	if (ac97->flags & AC97_STEREO_MUTES) {
  4.1655 ++	if (check_stereo || (ac97->flags & AC97_STEREO_MUTES)) {
  4.1656 + 		/* check whether both mute bits work */
  4.1657 + 		val1 = val | 0x8080;
  4.1658 + 		snd_ac97_write(ac97, reg, val1);
  4.1659 +@@ -1254,7 +1254,7 @@
  4.1660 + /*
  4.1661 +  * create a mute-switch and a volume for normal stereo/mono controls
  4.1662 +  */
  4.1663 +-static int snd_ac97_cmix_new(snd_card_t *card, const char *pfx, int reg, ac97_t *ac97)
  4.1664 ++static int snd_ac97_cmix_new_stereo(snd_card_t *card, const char *pfx, int reg, int check_stereo, ac97_t *ac97)
  4.1665 + {
  4.1666 + 	int err;
  4.1667 + 	char name[44];
  4.1668 +@@ -1265,7 +1265,7 @@
  4.1669 + 
  4.1670 + 	if (snd_ac97_try_bit(ac97, reg, 15)) {
  4.1671 + 		sprintf(name, "%s Switch", pfx);
  4.1672 +-		if ((err = snd_ac97_cmute_new(card, name, reg, ac97)) < 0)
  4.1673 ++		if ((err = snd_ac97_cmute_new_stereo(card, name, reg, check_stereo, ac97)) < 0)
  4.1674 + 			return err;
  4.1675 + 	}
  4.1676 + 	check_volume_resolution(ac97, reg, &lo_max, &hi_max);
  4.1677 +@@ -1277,6 +1277,8 @@
  4.1678 + 	return 0;
  4.1679 + }
  4.1680 + 
  4.1681 ++#define snd_ac97_cmix_new(card, pfx, reg, ac97)	snd_ac97_cmix_new_stereo(card, pfx, reg, 0, ac97)
  4.1682 ++#define snd_ac97_cmute_new(card, name, reg, ac97)	snd_ac97_cmute_new_stereo(card, name, reg, 0, ac97)
  4.1683 + 
  4.1684 + static unsigned int snd_ac97_determine_spdif_rates(ac97_t *ac97);
  4.1685 + 
  4.1686 +@@ -1327,7 +1329,8 @@
  4.1687 + 
  4.1688 + 	/* build surround controls */
  4.1689 + 	if (snd_ac97_try_volume_mix(ac97, AC97_SURROUND_MASTER)) {
  4.1690 +-		if ((err = snd_ac97_cmix_new(card, "Surround Playback", AC97_SURROUND_MASTER, ac97)) < 0)
  4.1691 ++		/* Surround Master (0x38) is with stereo mutes */
  4.1692 ++		if ((err = snd_ac97_cmix_new_stereo(card, "Surround Playback", AC97_SURROUND_MASTER, 1, ac97)) < 0)
  4.1693 + 			return err;
  4.1694 + 	}
  4.1695 +