ia64/xen-unstable
changeset 4921:ff057bfda49d
bitkeeper revision 1.1159.258.128 (42874300TsP1zKFrpq-B0IR1Tfg5Sw)
upgrade to 2.6.11.9
upgrade to 2.6.11.9
| author | iap10@freefall.cl.cam.ac.uk |
|---|---|
| date | Sun May 15 12:39:28 2005 +0000 (2005-05-15) |
| parents | eeffc4961eee |
| children | d0a4a77aa98f e2f7b51dfa85 |
| files | .rootkeys patches/linux-2.6.11/linux-2.6.11.8.patch patches/linux-2.6.11/linux-2.6.11.9.patch |
line diff
1.1 --- a/.rootkeys Sun May 15 05:27:55 2005 +0000 1.2 +++ b/.rootkeys Sun May 15 12:39:28 2005 +0000 1.3 @@ -367,7 +367,7 @@ 422e4430-gOD358H8nGGnNWes08Nng netbsd-2. 1.4 413cb3b53nyOv1OIeDSsCXhBFDXvJA netbsd-2.0-xen-sparse/sys/nfs/files.nfs 1.5 413aa1d0oNP8HXLvfPuMe6cSroUfSA patches/linux-2.6.11/agpgart.patch 1.6 42372652KCUP-IOH9RN19YQmGhs4aA patches/linux-2.6.11/iomap.patch 1.7 -428359d4b3fDYtazwXi4UUmSWaOUew patches/linux-2.6.11/linux-2.6.11.8.patch 1.8 +428359d4b3fDYtazwXi4UUmSWaOUew patches/linux-2.6.11/linux-2.6.11.9.patch 1.9 418abc69J3F638vPO9MYoDGeYilxoQ patches/linux-2.6.11/nettel.patch 1.10 3f776bd1Hy9rn69ntXBhPReUFw9IEA tools/Makefile 1.11 40e1b09db5mN69Ijj0X_Eol-S7dXiw tools/Rules.mk
2.1 --- a/patches/linux-2.6.11/linux-2.6.11.8.patch Sun May 15 05:27:55 2005 +0000 2.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 2.3 @@ -1,1613 +0,0 @@ 2.4 -diff -Nru a/Makefile b/Makefile 2.5 ---- a/Makefile 2005-04-29 18:34:28 -07:00 2.6 -+++ b/Makefile 2005-04-29 18:34:28 -07:00 2.7 -@@ -1,8 +1,8 @@ 2.8 - VERSION = 2 2.9 - PATCHLEVEL = 6 2.10 - SUBLEVEL = 11 2.11 --EXTRAVERSION = 2.12 --NAME=Woozy Numbat 2.13 -+EXTRAVERSION = .8 2.14 -+NAME=Woozy Beaver 2.15 - 2.16 - # *DOCUMENTATION* 2.17 - # To see a list of typical targets execute "make help" 2.18 -diff -Nru a/arch/ia64/kernel/fsys.S b/arch/ia64/kernel/fsys.S 2.19 ---- a/arch/ia64/kernel/fsys.S 2005-04-29 18:34:28 -07:00 2.20 -+++ b/arch/ia64/kernel/fsys.S 2005-04-29 18:34:28 -07:00 2.21 -@@ -611,8 +611,10 @@ 2.22 - movl r2=ia64_ret_from_syscall 2.23 - ;; 2.24 - mov rp=r2 // set the real return addr 2.25 -- tbit.z p8,p0=r3,TIF_SYSCALL_TRACE 2.26 -+ and r3=_TIF_SYSCALL_TRACEAUDIT,r3 2.27 - ;; 2.28 -+ cmp.eq p8,p0=r3,r0 2.29 -+ 2.30 - (p10) br.cond.spnt.many ia64_ret_from_syscall // p10==true means out registers are more than 8 2.31 - (p8) br.call.sptk.many b6=b6 // ignore this return addr 2.32 - br.cond.sptk ia64_trace_syscall 2.33 -diff -Nru a/arch/ia64/kernel/signal.c b/arch/ia64/kernel/signal.c 2.34 ---- a/arch/ia64/kernel/signal.c 2005-04-29 18:34:28 -07:00 2.35 -+++ b/arch/ia64/kernel/signal.c 2005-04-29 18:34:28 -07:00 2.36 -@@ -224,7 +224,8 @@ 2.37 - * could be corrupted. 2.38 - */ 2.39 - retval = (long) &ia64_leave_kernel; 2.40 -- if (test_thread_flag(TIF_SYSCALL_TRACE)) 2.41 -+ if (test_thread_flag(TIF_SYSCALL_TRACE) 2.42 -+ || test_thread_flag(TIF_SYSCALL_AUDIT)) 2.43 - /* 2.44 - * strace expects to be notified after sigreturn returns even though the 2.45 - * context to which we return may not be in the middle of a syscall. 2.46 -diff -Nru a/arch/ppc/oprofile/op_model_fsl_booke.c b/arch/ppc/oprofile/op_model_fsl_booke.c 2.47 ---- a/arch/ppc/oprofile/op_model_fsl_booke.c 2005-04-29 18:34:28 -07:00 2.48 -+++ b/arch/ppc/oprofile/op_model_fsl_booke.c 2005-04-29 18:34:28 -07:00 2.49 -@@ -150,7 +150,6 @@ 2.50 - int is_kernel; 2.51 - int val; 2.52 - int i; 2.53 -- unsigned int cpu = smp_processor_id(); 2.54 - 2.55 - /* set the PMM bit (see comment below) */ 2.56 - mtmsr(mfmsr() | MSR_PMM); 2.57 -@@ -162,7 +161,7 @@ 2.58 - val = ctr_read(i); 2.59 - if (val < 0) { 2.60 - if (oprofile_running && ctr[i].enabled) { 2.61 -- oprofile_add_sample(pc, is_kernel, i, cpu); 2.62 -+ oprofile_add_pc(pc, is_kernel, i); 2.63 - ctr_write(i, reset_value[i]); 2.64 - } else { 2.65 - ctr_write(i, 0); 2.66 -diff -Nru a/arch/ppc/platforms/4xx/ebony.h b/arch/ppc/platforms/4xx/ebony.h 2.67 ---- a/arch/ppc/platforms/4xx/ebony.h 2005-04-29 18:34:28 -07:00 2.68 -+++ b/arch/ppc/platforms/4xx/ebony.h 2005-04-29 18:34:28 -07:00 2.69 -@@ -61,8 +61,8 @@ 2.70 - */ 2.71 - 2.72 - /* OpenBIOS defined UART mappings, used before early_serial_setup */ 2.73 --#define UART0_IO_BASE (u8 *) 0xE0000200 2.74 --#define UART1_IO_BASE (u8 *) 0xE0000300 2.75 -+#define UART0_IO_BASE 0xE0000200 2.76 -+#define UART1_IO_BASE 0xE0000300 2.77 - 2.78 - /* external Epson SG-615P */ 2.79 - #define BASE_BAUD 691200 2.80 -diff -Nru a/arch/ppc/platforms/4xx/luan.h b/arch/ppc/platforms/4xx/luan.h 2.81 ---- a/arch/ppc/platforms/4xx/luan.h 2005-04-29 18:34:28 -07:00 2.82 -+++ b/arch/ppc/platforms/4xx/luan.h 2005-04-29 18:34:28 -07:00 2.83 -@@ -47,9 +47,9 @@ 2.84 - #define RS_TABLE_SIZE 3 2.85 - 2.86 - /* PIBS defined UART mappings, used before early_serial_setup */ 2.87 --#define UART0_IO_BASE (u8 *) 0xa0000200 2.88 --#define UART1_IO_BASE (u8 *) 0xa0000300 2.89 --#define UART2_IO_BASE (u8 *) 0xa0000600 2.90 -+#define UART0_IO_BASE 0xa0000200 2.91 -+#define UART1_IO_BASE 0xa0000300 2.92 -+#define UART2_IO_BASE 0xa0000600 2.93 - 2.94 - #define BASE_BAUD 11059200 2.95 - #define STD_UART_OP(num) \ 2.96 -diff -Nru a/arch/ppc/platforms/4xx/ocotea.h b/arch/ppc/platforms/4xx/ocotea.h 2.97 ---- a/arch/ppc/platforms/4xx/ocotea.h 2005-04-29 18:34:28 -07:00 2.98 -+++ b/arch/ppc/platforms/4xx/ocotea.h 2005-04-29 18:34:28 -07:00 2.99 -@@ -56,8 +56,8 @@ 2.100 - #define RS_TABLE_SIZE 2 2.101 - 2.102 - /* OpenBIOS defined UART mappings, used before early_serial_setup */ 2.103 --#define UART0_IO_BASE (u8 *) 0xE0000200 2.104 --#define UART1_IO_BASE (u8 *) 0xE0000300 2.105 -+#define UART0_IO_BASE 0xE0000200 2.106 -+#define UART1_IO_BASE 0xE0000300 2.107 - 2.108 - #define BASE_BAUD 11059200/16 2.109 - #define STD_UART_OP(num) \ 2.110 -diff -Nru a/arch/sparc/kernel/ptrace.c b/arch/sparc/kernel/ptrace.c 2.111 ---- a/arch/sparc/kernel/ptrace.c 2005-04-29 18:34:28 -07:00 2.112 -+++ b/arch/sparc/kernel/ptrace.c 2005-04-29 18:34:28 -07:00 2.113 -@@ -531,18 +531,6 @@ 2.114 - pt_error_return(regs, EIO); 2.115 - goto out_tsk; 2.116 - } 2.117 -- if (addr != 1) { 2.118 -- if (addr & 3) { 2.119 -- pt_error_return(regs, EINVAL); 2.120 -- goto out_tsk; 2.121 -- } 2.122 --#ifdef DEBUG_PTRACE 2.123 -- printk ("Original: %08lx %08lx\n", child->thread.kregs->pc, child->thread.kregs->npc); 2.124 -- printk ("Continuing with %08lx %08lx\n", addr, addr+4); 2.125 --#endif 2.126 -- child->thread.kregs->pc = addr; 2.127 -- child->thread.kregs->npc = addr + 4; 2.128 -- } 2.129 - 2.130 - if (request == PTRACE_SYSCALL) 2.131 - set_tsk_thread_flag(child, TIF_SYSCALL_TRACE); 2.132 -diff -Nru a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c 2.133 ---- a/arch/sparc64/kernel/ptrace.c 2005-04-29 18:34:28 -07:00 2.134 -+++ b/arch/sparc64/kernel/ptrace.c 2005-04-29 18:34:28 -07:00 2.135 -@@ -514,25 +514,6 @@ 2.136 - pt_error_return(regs, EIO); 2.137 - goto out_tsk; 2.138 - } 2.139 -- if (addr != 1) { 2.140 -- unsigned long pc_mask = ~0UL; 2.141 -- 2.142 -- if ((child->thread_info->flags & _TIF_32BIT) != 0) 2.143 -- pc_mask = 0xffffffff; 2.144 -- 2.145 -- if (addr & 3) { 2.146 -- pt_error_return(regs, EINVAL); 2.147 -- goto out_tsk; 2.148 -- } 2.149 --#ifdef DEBUG_PTRACE 2.150 -- printk ("Original: %016lx %016lx\n", 2.151 -- child->thread_info->kregs->tpc, 2.152 -- child->thread_info->kregs->tnpc); 2.153 -- printk ("Continuing with %016lx %016lx\n", addr, addr+4); 2.154 --#endif 2.155 -- child->thread_info->kregs->tpc = (addr & pc_mask); 2.156 -- child->thread_info->kregs->tnpc = ((addr + 4) & pc_mask); 2.157 -- } 2.158 - 2.159 - if (request == PTRACE_SYSCALL) { 2.160 - set_tsk_thread_flag(child, TIF_SYSCALL_TRACE); 2.161 -diff -Nru a/arch/sparc64/kernel/signal32.c b/arch/sparc64/kernel/signal32.c 2.162 ---- a/arch/sparc64/kernel/signal32.c 2005-04-29 18:34:28 -07:00 2.163 -+++ b/arch/sparc64/kernel/signal32.c 2005-04-29 18:34:28 -07:00 2.164 -@@ -192,9 +192,12 @@ 2.165 - err |= __put_user(from->si_uid, &to->si_uid); 2.166 - break; 2.167 - case __SI_FAULT >> 16: 2.168 -- case __SI_POLL >> 16: 2.169 - err |= __put_user(from->si_trapno, &to->si_trapno); 2.170 - err |= __put_user((unsigned long)from->si_addr, &to->si_addr); 2.171 -+ break; 2.172 -+ case __SI_POLL >> 16: 2.173 -+ err |= __put_user(from->si_band, &to->si_band); 2.174 -+ err |= __put_user(from->si_fd, &to->si_fd); 2.175 - break; 2.176 - case __SI_RT >> 16: /* This is not generated by the kernel as of now. */ 2.177 - case __SI_MESGQ >> 16: 2.178 -diff -Nru a/arch/sparc64/kernel/systbls.S b/arch/sparc64/kernel/systbls.S 2.179 ---- a/arch/sparc64/kernel/systbls.S 2005-04-29 18:34:27 -07:00 2.180 -+++ b/arch/sparc64/kernel/systbls.S 2005-04-29 18:34:27 -07:00 2.181 -@@ -75,7 +75,7 @@ 2.182 - /*260*/ .word compat_sys_sched_getaffinity, compat_sys_sched_setaffinity, sys32_timer_settime, compat_sys_timer_gettime, sys_timer_getoverrun 2.183 - .word sys_timer_delete, sys32_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy 2.184 - /*270*/ .word sys32_io_submit, sys_io_cancel, compat_sys_io_getevents, sys32_mq_open, sys_mq_unlink 2.185 -- .word sys_mq_timedsend, sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid 2.186 -+ .word compat_sys_mq_timedsend, compat_sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid 2.187 - /*280*/ .word sys_ni_syscall, sys_add_key, sys_request_key, sys_keyctl 2.188 - 2.189 - #endif /* CONFIG_COMPAT */ 2.190 -diff -Nru a/arch/um/include/sysdep-i386/syscalls.h b/arch/um/include/sysdep-i386/syscalls.h 2.191 ---- a/arch/um/include/sysdep-i386/syscalls.h 2005-04-29 18:34:27 -07:00 2.192 -+++ b/arch/um/include/sysdep-i386/syscalls.h 2005-04-29 18:34:27 -07:00 2.193 -@@ -23,6 +23,9 @@ 2.194 - unsigned long prot, unsigned long flags, 2.195 - unsigned long fd, unsigned long pgoff); 2.196 - 2.197 -+/* On i386 they choose a meaningless naming.*/ 2.198 -+#define __NR_kexec_load __NR_sys_kexec_load 2.199 -+ 2.200 - #define ARCH_SYSCALLS \ 2.201 - [ __NR_waitpid ] = (syscall_handler_t *) sys_waitpid, \ 2.202 - [ __NR_break ] = (syscall_handler_t *) sys_ni_syscall, \ 2.203 -@@ -101,15 +104,12 @@ 2.204 - [ 223 ] = (syscall_handler_t *) sys_ni_syscall, \ 2.205 - [ __NR_set_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \ 2.206 - [ __NR_get_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \ 2.207 -- [ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, \ 2.208 - [ 251 ] = (syscall_handler_t *) sys_ni_syscall, \ 2.209 -- [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, \ 2.210 -- [ __NR_utimes ] = (syscall_handler_t *) sys_utimes, \ 2.211 -- [ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall, 2.212 -- 2.213 -+ [ 285 ] = (syscall_handler_t *) sys_ni_syscall, 2.214 -+ 2.215 - /* 222 doesn't yet have a name in include/asm-i386/unistd.h */ 2.216 - 2.217 --#define LAST_ARCH_SYSCALL __NR_vserver 2.218 -+#define LAST_ARCH_SYSCALL 285 2.219 - 2.220 - /* 2.221 - * Overrides for Emacs so that we follow Linus's tabbing style. 2.222 -diff -Nru a/arch/um/include/sysdep-x86_64/syscalls.h b/arch/um/include/sysdep-x86_64/syscalls.h 2.223 ---- a/arch/um/include/sysdep-x86_64/syscalls.h 2005-04-29 18:34:28 -07:00 2.224 -+++ b/arch/um/include/sysdep-x86_64/syscalls.h 2005-04-29 18:34:28 -07:00 2.225 -@@ -71,12 +71,7 @@ 2.226 - [ __NR_iopl ] = (syscall_handler_t *) sys_ni_syscall, \ 2.227 - [ __NR_set_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \ 2.228 - [ __NR_get_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \ 2.229 -- [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, \ 2.230 - [ __NR_semtimedop ] = (syscall_handler_t *) sys_semtimedop, \ 2.231 -- [ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, \ 2.232 -- [ 223 ] = (syscall_handler_t *) sys_ni_syscall, \ 2.233 -- [ __NR_utimes ] = (syscall_handler_t *) sys_utimes, \ 2.234 -- [ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall, \ 2.235 - [ 251 ] = (syscall_handler_t *) sys_ni_syscall, 2.236 - 2.237 - #define LAST_ARCH_SYSCALL 251 2.238 -diff -Nru a/arch/um/kernel/skas/uaccess.c b/arch/um/kernel/skas/uaccess.c 2.239 ---- a/arch/um/kernel/skas/uaccess.c 2005-04-29 18:34:28 -07:00 2.240 -+++ b/arch/um/kernel/skas/uaccess.c 2005-04-29 18:34:28 -07:00 2.241 -@@ -61,7 +61,8 @@ 2.242 - void *arg; 2.243 - int *res; 2.244 - 2.245 -- va_copy(args, *(va_list *)arg_ptr); 2.246 -+ /* Some old gccs recognize __va_copy, but not va_copy */ 2.247 -+ __va_copy(args, *(va_list *)arg_ptr); 2.248 - addr = va_arg(args, unsigned long); 2.249 - len = va_arg(args, int); 2.250 - is_write = va_arg(args, int); 2.251 -diff -Nru a/arch/um/kernel/sys_call_table.c b/arch/um/kernel/sys_call_table.c 2.252 ---- a/arch/um/kernel/sys_call_table.c 2005-04-29 18:34:28 -07:00 2.253 -+++ b/arch/um/kernel/sys_call_table.c 2005-04-29 18:34:28 -07:00 2.254 -@@ -48,7 +48,6 @@ 2.255 - extern syscall_handler_t old_select; 2.256 - extern syscall_handler_t sys_modify_ldt; 2.257 - extern syscall_handler_t sys_rt_sigsuspend; 2.258 --extern syscall_handler_t sys_vserver; 2.259 - extern syscall_handler_t sys_mbind; 2.260 - extern syscall_handler_t sys_get_mempolicy; 2.261 - extern syscall_handler_t sys_set_mempolicy; 2.262 -@@ -242,6 +241,7 @@ 2.263 - [ __NR_epoll_create ] = (syscall_handler_t *) sys_epoll_create, 2.264 - [ __NR_epoll_ctl ] = (syscall_handler_t *) sys_epoll_ctl, 2.265 - [ __NR_epoll_wait ] = (syscall_handler_t *) sys_epoll_wait, 2.266 -+ [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, 2.267 - [ __NR_set_tid_address ] = (syscall_handler_t *) sys_set_tid_address, 2.268 - [ __NR_timer_create ] = (syscall_handler_t *) sys_timer_create, 2.269 - [ __NR_timer_settime ] = (syscall_handler_t *) sys_timer_settime, 2.270 -@@ -252,12 +252,10 @@ 2.271 - [ __NR_clock_gettime ] = (syscall_handler_t *) sys_clock_gettime, 2.272 - [ __NR_clock_getres ] = (syscall_handler_t *) sys_clock_getres, 2.273 - [ __NR_clock_nanosleep ] = (syscall_handler_t *) sys_clock_nanosleep, 2.274 -- [ __NR_statfs64 ] = (syscall_handler_t *) sys_statfs64, 2.275 -- [ __NR_fstatfs64 ] = (syscall_handler_t *) sys_fstatfs64, 2.276 - [ __NR_tgkill ] = (syscall_handler_t *) sys_tgkill, 2.277 - [ __NR_utimes ] = (syscall_handler_t *) sys_utimes, 2.278 -- [ __NR_fadvise64_64 ] = (syscall_handler_t *) sys_fadvise64_64, 2.279 -- [ __NR_vserver ] = (syscall_handler_t *) sys_vserver, 2.280 -+ [ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, 2.281 -+ [ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall, 2.282 - [ __NR_mbind ] = (syscall_handler_t *) sys_mbind, 2.283 - [ __NR_get_mempolicy ] = (syscall_handler_t *) sys_get_mempolicy, 2.284 - [ __NR_set_mempolicy ] = (syscall_handler_t *) sys_set_mempolicy, 2.285 -@@ -267,9 +265,8 @@ 2.286 - [ __NR_mq_timedreceive ] = (syscall_handler_t *) sys_mq_timedreceive, 2.287 - [ __NR_mq_notify ] = (syscall_handler_t *) sys_mq_notify, 2.288 - [ __NR_mq_getsetattr ] = (syscall_handler_t *) sys_mq_getsetattr, 2.289 -- [ __NR_sys_kexec_load ] = (syscall_handler_t *) sys_ni_syscall, 2.290 -+ [ __NR_kexec_load ] = (syscall_handler_t *) sys_ni_syscall, 2.291 - [ __NR_waitid ] = (syscall_handler_t *) sys_waitid, 2.292 -- [ 285 ] = (syscall_handler_t *) sys_ni_syscall, 2.293 - [ __NR_add_key ] = (syscall_handler_t *) sys_add_key, 2.294 - [ __NR_request_key ] = (syscall_handler_t *) sys_request_key, 2.295 - [ __NR_keyctl ] = (syscall_handler_t *) sys_keyctl, 2.296 -diff -Nru a/drivers/char/drm/drm_ioctl.c b/drivers/char/drm/drm_ioctl.c 2.297 ---- a/drivers/char/drm/drm_ioctl.c 2005-04-29 18:34:27 -07:00 2.298 -+++ b/drivers/char/drm/drm_ioctl.c 2005-04-29 18:34:27 -07:00 2.299 -@@ -326,6 +326,8 @@ 2.300 - 2.301 - DRM_COPY_FROM_USER_IOCTL(sv, argp, sizeof(sv)); 2.302 - 2.303 -+ memset(&version, 0, sizeof(version)); 2.304 -+ 2.305 - dev->driver->version(&version); 2.306 - retv.drm_di_major = DRM_IF_MAJOR; 2.307 - retv.drm_di_minor = DRM_IF_MINOR; 2.308 -diff -Nru a/drivers/i2c/chips/eeprom.c b/drivers/i2c/chips/eeprom.c 2.309 ---- a/drivers/i2c/chips/eeprom.c 2005-04-29 18:34:27 -07:00 2.310 -+++ b/drivers/i2c/chips/eeprom.c 2005-04-29 18:34:27 -07:00 2.311 -@@ -130,7 +130,8 @@ 2.312 - 2.313 - /* Hide Vaio security settings to regular users (16 first bytes) */ 2.314 - if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) { 2.315 -- int in_row1 = 16 - off; 2.316 -+ size_t in_row1 = 16 - off; 2.317 -+ in_row1 = min(in_row1, count); 2.318 - memset(buf, 0, in_row1); 2.319 - if (count - in_row1 > 0) 2.320 - memcpy(buf + in_row1, &data->data[16], count - in_row1); 2.321 -diff -Nru a/drivers/i2c/chips/it87.c b/drivers/i2c/chips/it87.c 2.322 ---- a/drivers/i2c/chips/it87.c 2005-04-29 18:34:28 -07:00 2.323 -+++ b/drivers/i2c/chips/it87.c 2005-04-29 18:34:28 -07:00 2.324 -@@ -631,7 +631,7 @@ 2.325 - struct it87_data *data = it87_update_device(dev); 2.326 - return sprintf(buf,"%d\n", ALARMS_FROM_REG(data->alarms)); 2.327 - } 2.328 --static DEVICE_ATTR(alarms, S_IRUGO | S_IWUSR, show_alarms, NULL); 2.329 -+static DEVICE_ATTR(alarms, S_IRUGO, show_alarms, NULL); 2.330 - 2.331 - static ssize_t 2.332 - show_vrm_reg(struct device *dev, char *buf) 2.333 -diff -Nru a/drivers/i2c/chips/via686a.c b/drivers/i2c/chips/via686a.c 2.334 ---- a/drivers/i2c/chips/via686a.c 2005-04-29 18:34:27 -07:00 2.335 -+++ b/drivers/i2c/chips/via686a.c 2005-04-29 18:34:27 -07:00 2.336 -@@ -554,7 +554,7 @@ 2.337 - struct via686a_data *data = via686a_update_device(dev); 2.338 - return sprintf(buf,"%d\n", ALARMS_FROM_REG(data->alarms)); 2.339 - } 2.340 --static DEVICE_ATTR(alarms, S_IRUGO | S_IWUSR, show_alarms, NULL); 2.341 -+static DEVICE_ATTR(alarms, S_IRUGO, show_alarms, NULL); 2.342 - 2.343 - /* The driver. I choose to use type i2c_driver, as at is identical to both 2.344 - smbus_driver and isa_driver, and clients could be of either kind */ 2.345 -diff -Nru a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h 2.346 ---- a/drivers/input/serio/i8042-x86ia64io.h 2005-04-29 18:34:28 -07:00 2.347 -+++ b/drivers/input/serio/i8042-x86ia64io.h 2005-04-29 18:34:28 -07:00 2.348 -@@ -88,7 +88,7 @@ 2.349 - }; 2.350 - #endif 2.351 - 2.352 --#ifdef CONFIG_ACPI 2.353 -+#if defined(__ia64__) && defined(CONFIG_ACPI) 2.354 - #include <linux/acpi.h> 2.355 - #include <acpi/acpi_bus.h> 2.356 - 2.357 -@@ -281,7 +281,7 @@ 2.358 - i8042_kbd_irq = I8042_MAP_IRQ(1); 2.359 - i8042_aux_irq = I8042_MAP_IRQ(12); 2.360 - 2.361 --#ifdef CONFIG_ACPI 2.362 -+#if defined(__ia64__) && defined(CONFIG_ACPI) 2.363 - if (i8042_acpi_init()) 2.364 - return -1; 2.365 - #endif 2.366 -@@ -300,7 +300,7 @@ 2.367 - 2.368 - static inline void i8042_platform_exit(void) 2.369 - { 2.370 --#ifdef CONFIG_ACPI 2.371 -+#if defined(__ia64__) && defined(CONFIG_ACPI) 2.372 - i8042_acpi_exit(); 2.373 - #endif 2.374 - } 2.375 -diff -Nru a/drivers/md/raid6altivec.uc b/drivers/md/raid6altivec.uc 2.376 ---- a/drivers/md/raid6altivec.uc 2005-04-29 18:34:28 -07:00 2.377 -+++ b/drivers/md/raid6altivec.uc 2005-04-29 18:34:28 -07:00 2.378 -@@ -108,7 +108,11 @@ 2.379 - int raid6_have_altivec(void) 2.380 - { 2.381 - /* This assumes either all CPUs have Altivec or none does */ 2.382 -+#ifdef CONFIG_PPC64 2.383 - return cur_cpu_spec->cpu_features & CPU_FTR_ALTIVEC; 2.384 -+#else 2.385 -+ return cur_cpu_spec[0]->cpu_features & CPU_FTR_ALTIVEC; 2.386 -+#endif 2.387 - } 2.388 - #endif 2.389 - 2.390 -diff -Nru a/drivers/media/video/adv7170.c b/drivers/media/video/adv7170.c 2.391 ---- a/drivers/media/video/adv7170.c 2005-04-29 18:34:28 -07:00 2.392 -+++ b/drivers/media/video/adv7170.c 2005-04-29 18:34:28 -07:00 2.393 -@@ -130,7 +130,7 @@ 2.394 - u8 block_data[32]; 2.395 - 2.396 - msg.addr = client->addr; 2.397 -- msg.flags = client->flags; 2.398 -+ msg.flags = 0; 2.399 - while (len >= 2) { 2.400 - msg.buf = (char *) block_data; 2.401 - msg.len = 0; 2.402 -diff -Nru a/drivers/media/video/adv7175.c b/drivers/media/video/adv7175.c 2.403 ---- a/drivers/media/video/adv7175.c 2005-04-29 18:34:28 -07:00 2.404 -+++ b/drivers/media/video/adv7175.c 2005-04-29 18:34:28 -07:00 2.405 -@@ -126,7 +126,7 @@ 2.406 - u8 block_data[32]; 2.407 - 2.408 - msg.addr = client->addr; 2.409 -- msg.flags = client->flags; 2.410 -+ msg.flags = 0; 2.411 - while (len >= 2) { 2.412 - msg.buf = (char *) block_data; 2.413 - msg.len = 0; 2.414 -diff -Nru a/drivers/media/video/bt819.c b/drivers/media/video/bt819.c 2.415 ---- a/drivers/media/video/bt819.c 2005-04-29 18:34:27 -07:00 2.416 -+++ b/drivers/media/video/bt819.c 2005-04-29 18:34:27 -07:00 2.417 -@@ -146,7 +146,7 @@ 2.418 - u8 block_data[32]; 2.419 - 2.420 - msg.addr = client->addr; 2.421 -- msg.flags = client->flags; 2.422 -+ msg.flags = 0; 2.423 - while (len >= 2) { 2.424 - msg.buf = (char *) block_data; 2.425 - msg.len = 0; 2.426 -diff -Nru a/drivers/media/video/bttv-cards.c b/drivers/media/video/bttv-cards.c 2.427 ---- a/drivers/media/video/bttv-cards.c 2005-04-29 18:34:28 -07:00 2.428 -+++ b/drivers/media/video/bttv-cards.c 2005-04-29 18:34:28 -07:00 2.429 -@@ -2718,8 +2718,6 @@ 2.430 - } 2.431 - btv->pll.pll_current = -1; 2.432 - 2.433 -- bttv_reset_audio(btv); 2.434 -- 2.435 - /* tuner configuration (from card list / autodetect / insmod option) */ 2.436 - if (UNSET != bttv_tvcards[btv->c.type].tuner_type) 2.437 - if(UNSET == btv->tuner_type) 2.438 -diff -Nru a/drivers/media/video/saa7110.c b/drivers/media/video/saa7110.c 2.439 ---- a/drivers/media/video/saa7110.c 2005-04-29 18:34:27 -07:00 2.440 -+++ b/drivers/media/video/saa7110.c 2005-04-29 18:34:27 -07:00 2.441 -@@ -60,8 +60,10 @@ 2.442 - 2.443 - #define I2C_SAA7110 0x9C /* or 0x9E */ 2.444 - 2.445 -+#define SAA7110_NR_REG 0x35 2.446 -+ 2.447 - struct saa7110 { 2.448 -- unsigned char reg[54]; 2.449 -+ u8 reg[SAA7110_NR_REG]; 2.450 - 2.451 - int norm; 2.452 - int input; 2.453 -@@ -95,31 +97,28 @@ 2.454 - unsigned int len) 2.455 - { 2.456 - int ret = -1; 2.457 -- u8 reg = *data++; 2.458 -+ u8 reg = *data; /* first register to write to */ 2.459 - 2.460 -- len--; 2.461 -+ /* Sanity check */ 2.462 -+ if (reg + (len - 1) > SAA7110_NR_REG) 2.463 -+ return ret; 2.464 - 2.465 - /* the saa7110 has an autoincrement function, use it if 2.466 - * the adapter understands raw I2C */ 2.467 - if (i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) { 2.468 - struct saa7110 *decoder = i2c_get_clientdata(client); 2.469 - struct i2c_msg msg; 2.470 -- u8 block_data[54]; 2.471 - 2.472 -- msg.len = 0; 2.473 -- msg.buf = (char *) block_data; 2.474 -+ msg.len = len; 2.475 -+ msg.buf = (char *) data; 2.476 - msg.addr = client->addr; 2.477 -- msg.flags = client->flags; 2.478 -- while (len >= 1) { 2.479 -- msg.len = 0; 2.480 -- block_data[msg.len++] = reg; 2.481 -- while (len-- >= 1 && msg.len < 54) 2.482 -- block_data[msg.len++] = 2.483 -- decoder->reg[reg++] = *data++; 2.484 -- ret = i2c_transfer(client->adapter, &msg, 1); 2.485 -- } 2.486 -+ msg.flags = 0; 2.487 -+ ret = i2c_transfer(client->adapter, &msg, 1); 2.488 -+ 2.489 -+ /* Cache the written data */ 2.490 -+ memcpy(decoder->reg + reg, data + 1, len - 1); 2.491 - } else { 2.492 -- while (len-- >= 1) { 2.493 -+ for (++data, --len; len; len--) { 2.494 - if ((ret = saa7110_write(client, reg++, 2.495 - *data++)) < 0) 2.496 - break; 2.497 -@@ -192,7 +191,7 @@ 2.498 - return 0; 2.499 - } 2.500 - 2.501 --static const unsigned char initseq[] = { 2.502 -+static const unsigned char initseq[1 + SAA7110_NR_REG] = { 2.503 - 0, 0x4C, 0x3C, 0x0D, 0xEF, 0xBD, 0xF2, 0x03, 0x00, 2.504 - /* 0x08 */ 0xF8, 0xF8, 0x60, 0x60, 0x00, 0x86, 0x18, 0x90, 2.505 - /* 0x10 */ 0x00, 0x59, 0x40, 0x46, 0x42, 0x1A, 0xFF, 0xDA, 2.506 -diff -Nru a/drivers/media/video/saa7114.c b/drivers/media/video/saa7114.c 2.507 ---- a/drivers/media/video/saa7114.c 2005-04-29 18:34:28 -07:00 2.508 -+++ b/drivers/media/video/saa7114.c 2005-04-29 18:34:28 -07:00 2.509 -@@ -163,7 +163,7 @@ 2.510 - u8 block_data[32]; 2.511 - 2.512 - msg.addr = client->addr; 2.513 -- msg.flags = client->flags; 2.514 -+ msg.flags = 0; 2.515 - while (len >= 2) { 2.516 - msg.buf = (char *) block_data; 2.517 - msg.len = 0; 2.518 -diff -Nru a/drivers/media/video/saa7185.c b/drivers/media/video/saa7185.c 2.519 ---- a/drivers/media/video/saa7185.c 2005-04-29 18:34:28 -07:00 2.520 -+++ b/drivers/media/video/saa7185.c 2005-04-29 18:34:28 -07:00 2.521 -@@ -118,7 +118,7 @@ 2.522 - u8 block_data[32]; 2.523 - 2.524 - msg.addr = client->addr; 2.525 -- msg.flags = client->flags; 2.526 -+ msg.flags = 0; 2.527 - while (len >= 2) { 2.528 - msg.buf = (char *) block_data; 2.529 - msg.len = 0; 2.530 -diff -Nru a/drivers/net/amd8111e.c b/drivers/net/amd8111e.c 2.531 ---- a/drivers/net/amd8111e.c 2005-04-29 18:34:28 -07:00 2.532 -+++ b/drivers/net/amd8111e.c 2005-04-29 18:34:28 -07:00 2.533 -@@ -1381,6 +1381,8 @@ 2.534 - 2.535 - if(amd8111e_restart(dev)){ 2.536 - spin_unlock_irq(&lp->lock); 2.537 -+ if (dev->irq) 2.538 -+ free_irq(dev->irq, dev); 2.539 - return -ENOMEM; 2.540 - } 2.541 - /* Start ipg timer */ 2.542 -diff -Nru a/drivers/net/ppp_async.c b/drivers/net/ppp_async.c 2.543 ---- a/drivers/net/ppp_async.c 2005-04-29 18:34:28 -07:00 2.544 -+++ b/drivers/net/ppp_async.c 2005-04-29 18:34:28 -07:00 2.545 -@@ -1000,7 +1000,7 @@ 2.546 - data += 4; 2.547 - dlen -= 4; 2.548 - /* data[0] is code, data[1] is length */ 2.549 -- while (dlen >= 2 && dlen >= data[1]) { 2.550 -+ while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) { 2.551 - switch (data[0]) { 2.552 - case LCP_MRU: 2.553 - val = (data[2] << 8) + data[3]; 2.554 -diff -Nru a/drivers/net/r8169.c b/drivers/net/r8169.c 2.555 ---- a/drivers/net/r8169.c 2005-04-29 18:34:28 -07:00 2.556 -+++ b/drivers/net/r8169.c 2005-04-29 18:34:28 -07:00 2.557 -@@ -1683,16 +1683,19 @@ 2.558 - rtl8169_make_unusable_by_asic(desc); 2.559 - } 2.560 - 2.561 --static inline void rtl8169_return_to_asic(struct RxDesc *desc, int rx_buf_sz) 2.562 -+static inline void rtl8169_mark_to_asic(struct RxDesc *desc, u32 rx_buf_sz) 2.563 - { 2.564 -- desc->opts1 |= cpu_to_le32(DescOwn + rx_buf_sz); 2.565 -+ u32 eor = le32_to_cpu(desc->opts1) & RingEnd; 2.566 -+ 2.567 -+ desc->opts1 = cpu_to_le32(DescOwn | eor | rx_buf_sz); 2.568 - } 2.569 - 2.570 --static inline void rtl8169_give_to_asic(struct RxDesc *desc, dma_addr_t mapping, 2.571 -- int rx_buf_sz) 2.572 -+static inline void rtl8169_map_to_asic(struct RxDesc *desc, dma_addr_t mapping, 2.573 -+ u32 rx_buf_sz) 2.574 - { 2.575 - desc->addr = cpu_to_le64(mapping); 2.576 -- desc->opts1 |= cpu_to_le32(DescOwn + rx_buf_sz); 2.577 -+ wmb(); 2.578 -+ rtl8169_mark_to_asic(desc, rx_buf_sz); 2.579 - } 2.580 - 2.581 - static int rtl8169_alloc_rx_skb(struct pci_dev *pdev, struct sk_buff **sk_buff, 2.582 -@@ -1712,7 +1715,7 @@ 2.583 - mapping = pci_map_single(pdev, skb->tail, rx_buf_sz, 2.584 - PCI_DMA_FROMDEVICE); 2.585 - 2.586 -- rtl8169_give_to_asic(desc, mapping, rx_buf_sz); 2.587 -+ rtl8169_map_to_asic(desc, mapping, rx_buf_sz); 2.588 - 2.589 - out: 2.590 - return ret; 2.591 -@@ -2150,7 +2153,7 @@ 2.592 - skb_reserve(skb, NET_IP_ALIGN); 2.593 - eth_copy_and_sum(skb, sk_buff[0]->tail, pkt_size, 0); 2.594 - *sk_buff = skb; 2.595 -- rtl8169_return_to_asic(desc, rx_buf_sz); 2.596 -+ rtl8169_mark_to_asic(desc, rx_buf_sz); 2.597 - ret = 0; 2.598 - } 2.599 - } 2.600 -diff -Nru a/drivers/net/sis900.c b/drivers/net/sis900.c 2.601 ---- a/drivers/net/sis900.c 2005-04-29 18:34:27 -07:00 2.602 -+++ b/drivers/net/sis900.c 2005-04-29 18:34:27 -07:00 2.603 -@@ -236,7 +236,7 @@ 2.604 - signature = (u16) read_eeprom(ioaddr, EEPROMSignature); 2.605 - if (signature == 0xffff || signature == 0x0000) { 2.606 - printk (KERN_INFO "%s: Error EERPOM read %x\n", 2.607 -- net_dev->name, signature); 2.608 -+ pci_name(pci_dev), signature); 2.609 - return 0; 2.610 - } 2.611 - 2.612 -@@ -268,7 +268,7 @@ 2.613 - if (!isa_bridge) 2.614 - isa_bridge = pci_get_device(PCI_VENDOR_ID_SI, 0x0018, isa_bridge); 2.615 - if (!isa_bridge) { 2.616 -- printk("%s: Can not find ISA bridge\n", net_dev->name); 2.617 -+ printk("%s: Can not find ISA bridge\n", pci_name(pci_dev)); 2.618 - return 0; 2.619 - } 2.620 - pci_read_config_byte(isa_bridge, 0x48, ®); 2.621 -@@ -456,10 +456,6 @@ 2.622 - net_dev->tx_timeout = sis900_tx_timeout; 2.623 - net_dev->watchdog_timeo = TX_TIMEOUT; 2.624 - net_dev->ethtool_ops = &sis900_ethtool_ops; 2.625 -- 2.626 -- ret = register_netdev(net_dev); 2.627 -- if (ret) 2.628 -- goto err_unmap_rx; 2.629 - 2.630 - /* Get Mac address according to the chip revision */ 2.631 - pci_read_config_byte(pci_dev, PCI_CLASS_REVISION, &revision); 2.632 -@@ -476,7 +472,7 @@ 2.633 - 2.634 - if (ret == 0) { 2.635 - ret = -ENODEV; 2.636 -- goto err_out_unregister; 2.637 -+ goto err_unmap_rx; 2.638 - } 2.639 - 2.640 - /* 630ET : set the mii access mode as software-mode */ 2.641 -@@ -486,7 +482,7 @@ 2.642 - /* probe for mii transceiver */ 2.643 - if (sis900_mii_probe(net_dev) == 0) { 2.644 - ret = -ENODEV; 2.645 -- goto err_out_unregister; 2.646 -+ goto err_unmap_rx; 2.647 - } 2.648 - 2.649 - /* save our host bridge revision */ 2.650 -@@ -496,6 +492,10 @@ 2.651 - pci_dev_put(dev); 2.652 - } 2.653 - 2.654 -+ ret = register_netdev(net_dev); 2.655 -+ if (ret) 2.656 -+ goto err_unmap_rx; 2.657 -+ 2.658 - /* print some information about our NIC */ 2.659 - printk(KERN_INFO "%s: %s at %#lx, IRQ %d, ", net_dev->name, 2.660 - card_name, ioaddr, net_dev->irq); 2.661 -@@ -505,8 +505,6 @@ 2.662 - 2.663 - return 0; 2.664 - 2.665 -- err_out_unregister: 2.666 -- unregister_netdev(net_dev); 2.667 - err_unmap_rx: 2.668 - pci_free_consistent(pci_dev, RX_TOTAL_SIZE, sis_priv->rx_ring, 2.669 - sis_priv->rx_ring_dma); 2.670 -@@ -533,6 +531,7 @@ 2.671 - static int __init sis900_mii_probe(struct net_device * net_dev) 2.672 - { 2.673 - struct sis900_private * sis_priv = net_dev->priv; 2.674 -+ const char *dev_name = pci_name(sis_priv->pci_dev); 2.675 - u16 poll_bit = MII_STAT_LINK, status = 0; 2.676 - unsigned long timeout = jiffies + 5 * HZ; 2.677 - int phy_addr; 2.678 -@@ -582,21 +581,20 @@ 2.679 - mii_phy->phy_types = 2.680 - (mii_status & (MII_STAT_CAN_TX_FDX | MII_STAT_CAN_TX)) ? LAN : HOME; 2.681 - printk(KERN_INFO "%s: %s transceiver found at address %d.\n", 2.682 -- net_dev->name, mii_chip_table[i].name, 2.683 -+ dev_name, mii_chip_table[i].name, 2.684 - phy_addr); 2.685 - break; 2.686 - } 2.687 - 2.688 - if( !mii_chip_table[i].phy_id1 ) { 2.689 - printk(KERN_INFO "%s: Unknown PHY transceiver found at address %d.\n", 2.690 -- net_dev->name, phy_addr); 2.691 -+ dev_name, phy_addr); 2.692 - mii_phy->phy_types = UNKNOWN; 2.693 - } 2.694 - } 2.695 - 2.696 - if (sis_priv->mii == NULL) { 2.697 -- printk(KERN_INFO "%s: No MII transceivers found!\n", 2.698 -- net_dev->name); 2.699 -+ printk(KERN_INFO "%s: No MII transceivers found!\n", dev_name); 2.700 - return 0; 2.701 - } 2.702 - 2.703 -@@ -621,7 +619,7 @@ 2.704 - poll_bit ^= (mdio_read(net_dev, sis_priv->cur_phy, MII_STATUS) & poll_bit); 2.705 - if (time_after_eq(jiffies, timeout)) { 2.706 - printk(KERN_WARNING "%s: reset phy and link down now\n", 2.707 -- net_dev->name); 2.708 -+ dev_name); 2.709 - return -ETIME; 2.710 - } 2.711 - } 2.712 -@@ -691,7 +689,7 @@ 2.713 - sis_priv->mii = default_phy; 2.714 - sis_priv->cur_phy = default_phy->phy_addr; 2.715 - printk(KERN_INFO "%s: Using transceiver found at address %d as default\n", 2.716 -- net_dev->name,sis_priv->cur_phy); 2.717 -+ pci_name(sis_priv->pci_dev), sis_priv->cur_phy); 2.718 - } 2.719 - 2.720 - status = mdio_read(net_dev, sis_priv->cur_phy, MII_CONTROL); 2.721 -diff -Nru a/drivers/net/tun.c b/drivers/net/tun.c 2.722 ---- a/drivers/net/tun.c 2005-04-29 18:34:27 -07:00 2.723 -+++ b/drivers/net/tun.c 2005-04-29 18:34:27 -07:00 2.724 -@@ -229,7 +229,7 @@ 2.725 - size_t len = count; 2.726 - 2.727 - if (!(tun->flags & TUN_NO_PI)) { 2.728 -- if ((len -= sizeof(pi)) > len) 2.729 -+ if ((len -= sizeof(pi)) > count) 2.730 - return -EINVAL; 2.731 - 2.732 - if(memcpy_fromiovec((void *)&pi, iv, sizeof(pi))) 2.733 -diff -Nru a/drivers/net/via-rhine.c b/drivers/net/via-rhine.c 2.734 ---- a/drivers/net/via-rhine.c 2005-04-29 18:34:28 -07:00 2.735 -+++ b/drivers/net/via-rhine.c 2005-04-29 18:34:28 -07:00 2.736 -@@ -1197,8 +1197,10 @@ 2.737 - dev->name, rp->pdev->irq); 2.738 - 2.739 - rc = alloc_ring(dev); 2.740 -- if (rc) 2.741 -+ if (rc) { 2.742 -+ free_irq(rp->pdev->irq, dev); 2.743 - return rc; 2.744 -+ } 2.745 - alloc_rbufs(dev); 2.746 - alloc_tbufs(dev); 2.747 - rhine_chip_reset(dev); 2.748 -@@ -1898,6 +1900,9 @@ 2.749 - struct net_device *dev = pci_get_drvdata(pdev); 2.750 - struct rhine_private *rp = netdev_priv(dev); 2.751 - void __iomem *ioaddr = rp->base; 2.752 -+ 2.753 -+ if (!(rp->quirks & rqWOL)) 2.754 -+ return; /* Nothing to do for non-WOL adapters */ 2.755 - 2.756 - rhine_power_init(dev); 2.757 - 2.758 -diff -Nru a/drivers/net/wan/hd6457x.c b/drivers/net/wan/hd6457x.c 2.759 ---- a/drivers/net/wan/hd6457x.c 2005-04-29 18:34:27 -07:00 2.760 -+++ b/drivers/net/wan/hd6457x.c 2005-04-29 18:34:27 -07:00 2.761 -@@ -315,7 +315,7 @@ 2.762 - #endif 2.763 - stats->rx_packets++; 2.764 - stats->rx_bytes += skb->len; 2.765 -- skb->dev->last_rx = jiffies; 2.766 -+ dev->last_rx = jiffies; 2.767 - skb->protocol = hdlc_type_trans(skb, dev); 2.768 - netif_rx(skb); 2.769 - } 2.770 -diff -Nru a/drivers/pci/hotplug/pciehp_ctrl.c b/drivers/pci/hotplug/pciehp_ctrl.c 2.771 ---- a/drivers/pci/hotplug/pciehp_ctrl.c 2005-04-29 18:34:27 -07:00 2.772 -+++ b/drivers/pci/hotplug/pciehp_ctrl.c 2005-04-29 18:34:27 -07:00 2.773 -@@ -1354,10 +1354,11 @@ 2.774 - dbg("PCI Bridge Hot-Remove s:b:d:f(%02x:%02x:%02x:%02x)\n", 2.775 - ctrl->seg, func->bus, func->device, func->function); 2.776 - bridge_slot_remove(func); 2.777 -- } else 2.778 -+ } else { 2.779 - dbg("PCI Function Hot-Remove s:b:d:f(%02x:%02x:%02x:%02x)\n", 2.780 - ctrl->seg, func->bus, func->device, func->function); 2.781 - slot_remove(func); 2.782 -+ } 2.783 - 2.784 - func = pciehp_slot_find(ctrl->slot_bus, device, 0); 2.785 - } 2.786 -diff -Nru a/fs/binfmt_elf.c b/fs/binfmt_elf.c 2.787 ---- a/fs/binfmt_elf.c 2005-04-29 18:34:28 -07:00 2.788 -+++ b/fs/binfmt_elf.c 2005-04-29 18:34:28 -07:00 2.789 -@@ -1008,6 +1008,7 @@ 2.790 - static int load_elf_library(struct file *file) 2.791 - { 2.792 - struct elf_phdr *elf_phdata; 2.793 -+ struct elf_phdr *eppnt; 2.794 - unsigned long elf_bss, bss, len; 2.795 - int retval, error, i, j; 2.796 - struct elfhdr elf_ex; 2.797 -@@ -1031,44 +1032,47 @@ 2.798 - /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */ 2.799 - 2.800 - error = -ENOMEM; 2.801 -- elf_phdata = (struct elf_phdr *) kmalloc(j, GFP_KERNEL); 2.802 -+ elf_phdata = kmalloc(j, GFP_KERNEL); 2.803 - if (!elf_phdata) 2.804 - goto out; 2.805 - 2.806 -+ eppnt = elf_phdata; 2.807 - error = -ENOEXEC; 2.808 -- retval = kernel_read(file, elf_ex.e_phoff, (char *) elf_phdata, j); 2.809 -+ retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j); 2.810 - if (retval != j) 2.811 - goto out_free_ph; 2.812 - 2.813 - for (j = 0, i = 0; i<elf_ex.e_phnum; i++) 2.814 -- if ((elf_phdata + i)->p_type == PT_LOAD) j++; 2.815 -+ if ((eppnt + i)->p_type == PT_LOAD) 2.816 -+ j++; 2.817 - if (j != 1) 2.818 - goto out_free_ph; 2.819 - 2.820 -- while (elf_phdata->p_type != PT_LOAD) elf_phdata++; 2.821 -+ while (eppnt->p_type != PT_LOAD) 2.822 -+ eppnt++; 2.823 - 2.824 - /* Now use mmap to map the library into memory. */ 2.825 - down_write(¤t->mm->mmap_sem); 2.826 - error = do_mmap(file, 2.827 -- ELF_PAGESTART(elf_phdata->p_vaddr), 2.828 -- (elf_phdata->p_filesz + 2.829 -- ELF_PAGEOFFSET(elf_phdata->p_vaddr)), 2.830 -+ ELF_PAGESTART(eppnt->p_vaddr), 2.831 -+ (eppnt->p_filesz + 2.832 -+ ELF_PAGEOFFSET(eppnt->p_vaddr)), 2.833 - PROT_READ | PROT_WRITE | PROT_EXEC, 2.834 - MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE, 2.835 -- (elf_phdata->p_offset - 2.836 -- ELF_PAGEOFFSET(elf_phdata->p_vaddr))); 2.837 -+ (eppnt->p_offset - 2.838 -+ ELF_PAGEOFFSET(eppnt->p_vaddr))); 2.839 - up_write(¤t->mm->mmap_sem); 2.840 -- if (error != ELF_PAGESTART(elf_phdata->p_vaddr)) 2.841 -+ if (error != ELF_PAGESTART(eppnt->p_vaddr)) 2.842 - goto out_free_ph; 2.843 - 2.844 -- elf_bss = elf_phdata->p_vaddr + elf_phdata->p_filesz; 2.845 -+ elf_bss = eppnt->p_vaddr + eppnt->p_filesz; 2.846 - if (padzero(elf_bss)) { 2.847 - error = -EFAULT; 2.848 - goto out_free_ph; 2.849 - } 2.850 - 2.851 -- len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1); 2.852 -- bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; 2.853 -+ len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + ELF_MIN_ALIGN - 1); 2.854 -+ bss = eppnt->p_memsz + eppnt->p_vaddr; 2.855 - if (bss > len) { 2.856 - down_write(¤t->mm->mmap_sem); 2.857 - do_brk(len, bss - len); 2.858 -diff -Nru a/fs/cramfs/inode.c b/fs/cramfs/inode.c 2.859 ---- a/fs/cramfs/inode.c 2005-04-29 18:34:27 -07:00 2.860 -+++ b/fs/cramfs/inode.c 2005-04-29 18:34:27 -07:00 2.861 -@@ -70,6 +70,7 @@ 2.862 - inode->i_data.a_ops = &cramfs_aops; 2.863 - } else { 2.864 - inode->i_size = 0; 2.865 -+ inode->i_blocks = 0; 2.866 - init_special_inode(inode, inode->i_mode, 2.867 - old_decode_dev(cramfs_inode->size)); 2.868 - } 2.869 -diff -Nru a/fs/eventpoll.c b/fs/eventpoll.c 2.870 ---- a/fs/eventpoll.c 2005-04-29 18:34:27 -07:00 2.871 -+++ b/fs/eventpoll.c 2005-04-29 18:34:27 -07:00 2.872 -@@ -619,6 +619,7 @@ 2.873 - return error; 2.874 - } 2.875 - 2.876 -+#define MAX_EVENTS (INT_MAX / sizeof(struct epoll_event)) 2.877 - 2.878 - /* 2.879 - * Implement the event wait interface for the eventpoll file. It is the kernel 2.880 -@@ -635,7 +636,7 @@ 2.881 - current, epfd, events, maxevents, timeout)); 2.882 - 2.883 - /* The maximum number of event must be greater than zero */ 2.884 -- if (maxevents <= 0) 2.885 -+ if (maxevents <= 0 || maxevents > MAX_EVENTS) 2.886 - return -EINVAL; 2.887 - 2.888 - /* Verify that the area passed by the user is writeable */ 2.889 -diff -Nru a/fs/exec.c b/fs/exec.c 2.890 ---- a/fs/exec.c 2005-04-29 18:34:27 -07:00 2.891 -+++ b/fs/exec.c 2005-04-29 18:34:27 -07:00 2.892 -@@ -814,7 +814,7 @@ 2.893 - { 2.894 - /* buf must be at least sizeof(tsk->comm) in size */ 2.895 - task_lock(tsk); 2.896 -- memcpy(buf, tsk->comm, sizeof(tsk->comm)); 2.897 -+ strncpy(buf, tsk->comm, sizeof(tsk->comm)); 2.898 - task_unlock(tsk); 2.899 - } 2.900 - 2.901 -diff -Nru a/fs/ext2/dir.c b/fs/ext2/dir.c 2.902 ---- a/fs/ext2/dir.c 2005-04-29 18:34:28 -07:00 2.903 -+++ b/fs/ext2/dir.c 2005-04-29 18:34:28 -07:00 2.904 -@@ -592,6 +592,7 @@ 2.905 - goto fail; 2.906 - } 2.907 - kaddr = kmap_atomic(page, KM_USER0); 2.908 -+ memset(kaddr, 0, chunk_size); 2.909 - de = (struct ext2_dir_entry_2 *)kaddr; 2.910 - de->name_len = 1; 2.911 - de->rec_len = cpu_to_le16(EXT2_DIR_REC_LEN(1)); 2.912 -diff -Nru a/fs/isofs/inode.c b/fs/isofs/inode.c 2.913 ---- a/fs/isofs/inode.c 2005-04-29 18:34:28 -07:00 2.914 -+++ b/fs/isofs/inode.c 2005-04-29 18:34:28 -07:00 2.915 -@@ -685,6 +685,8 @@ 2.916 - sbi->s_log_zone_size = isonum_723 (h_pri->logical_block_size); 2.917 - sbi->s_max_size = isonum_733(h_pri->volume_space_size); 2.918 - } else { 2.919 -+ if (!pri) 2.920 -+ goto out_freebh; 2.921 - rootp = (struct iso_directory_record *) pri->root_directory_record; 2.922 - sbi->s_nzones = isonum_733 (pri->volume_space_size); 2.923 - sbi->s_log_zone_size = isonum_723 (pri->logical_block_size); 2.924 -@@ -1394,6 +1396,9 @@ 2.925 - unsigned long hashval; 2.926 - struct inode *inode; 2.927 - struct isofs_iget5_callback_data data; 2.928 -+ 2.929 -+ if (offset >= 1ul << sb->s_blocksize_bits) 2.930 -+ return NULL; 2.931 - 2.932 - data.block = block; 2.933 - data.offset = offset; 2.934 -diff -Nru a/fs/isofs/rock.c b/fs/isofs/rock.c 2.935 ---- a/fs/isofs/rock.c 2005-04-29 18:34:28 -07:00 2.936 -+++ b/fs/isofs/rock.c 2005-04-29 18:34:28 -07:00 2.937 -@@ -53,6 +53,7 @@ 2.938 - if(LEN & 1) LEN++; \ 2.939 - CHR = ((unsigned char *) DE) + LEN; \ 2.940 - LEN = *((unsigned char *) DE) - LEN; \ 2.941 -+ if (LEN<0) LEN=0; \ 2.942 - if (ISOFS_SB(inode->i_sb)->s_rock_offset!=-1) \ 2.943 - { \ 2.944 - LEN-=ISOFS_SB(inode->i_sb)->s_rock_offset; \ 2.945 -@@ -73,6 +74,10 @@ 2.946 - offset1 = 0; \ 2.947 - pbh = sb_bread(DEV->i_sb, block); \ 2.948 - if(pbh){ \ 2.949 -+ if (offset > pbh->b_size || offset + cont_size > pbh->b_size){ \ 2.950 -+ brelse(pbh); \ 2.951 -+ goto out; \ 2.952 -+ } \ 2.953 - memcpy(buffer + offset1, pbh->b_data + offset, cont_size - offset1); \ 2.954 - brelse(pbh); \ 2.955 - chr = (unsigned char *) buffer; \ 2.956 -@@ -103,12 +108,13 @@ 2.957 - struct rock_ridge * rr; 2.958 - int sig; 2.959 - 2.960 -- while (len > 1){ /* There may be one byte for padding somewhere */ 2.961 -+ while (len > 2){ /* There may be one byte for padding somewhere */ 2.962 - rr = (struct rock_ridge *) chr; 2.963 -- if (rr->len == 0) goto out; /* Something got screwed up here */ 2.964 -+ if (rr->len < 3) goto out; /* Something got screwed up here */ 2.965 - sig = isonum_721(chr); 2.966 - chr += rr->len; 2.967 - len -= rr->len; 2.968 -+ if (len < 0) goto out; /* corrupted isofs */ 2.969 - 2.970 - switch(sig){ 2.971 - case SIG('R','R'): 2.972 -@@ -122,6 +128,7 @@ 2.973 - break; 2.974 - case SIG('N','M'): 2.975 - if (truncate) break; 2.976 -+ if (rr->len < 5) break; 2.977 - /* 2.978 - * If the flags are 2 or 4, this indicates '.' or '..'. 2.979 - * We don't want to do anything with this, because it 2.980 -@@ -186,12 +193,13 @@ 2.981 - struct rock_ridge * rr; 2.982 - int rootflag; 2.983 - 2.984 -- while (len > 1){ /* There may be one byte for padding somewhere */ 2.985 -+ while (len > 2){ /* There may be one byte for padding somewhere */ 2.986 - rr = (struct rock_ridge *) chr; 2.987 -- if (rr->len == 0) goto out; /* Something got screwed up here */ 2.988 -+ if (rr->len < 3) goto out; /* Something got screwed up here */ 2.989 - sig = isonum_721(chr); 2.990 - chr += rr->len; 2.991 - len -= rr->len; 2.992 -+ if (len < 0) goto out; /* corrupted isofs */ 2.993 - 2.994 - switch(sig){ 2.995 - #ifndef CONFIG_ZISOFS /* No flag for SF or ZF */ 2.996 -@@ -462,7 +470,7 @@ 2.997 - struct rock_ridge *rr; 2.998 - 2.999 - if (!ISOFS_SB(inode->i_sb)->s_rock) 2.1000 -- panic ("Cannot have symlink with high sierra variant of iso filesystem\n"); 2.1001 -+ goto error; 2.1002 - 2.1003 - block = ei->i_iget5_block; 2.1004 - lock_kernel(); 2.1005 -@@ -487,13 +495,15 @@ 2.1006 - SETUP_ROCK_RIDGE(raw_inode, chr, len); 2.1007 - 2.1008 - repeat: 2.1009 -- while (len > 1) { /* There may be one byte for padding somewhere */ 2.1010 -+ while (len > 2) { /* There may be one byte for padding somewhere */ 2.1011 - rr = (struct rock_ridge *) chr; 2.1012 -- if (rr->len == 0) 2.1013 -+ if (rr->len < 3) 2.1014 - goto out; /* Something got screwed up here */ 2.1015 - sig = isonum_721(chr); 2.1016 - chr += rr->len; 2.1017 - len -= rr->len; 2.1018 -+ if (len < 0) 2.1019 -+ goto out; /* corrupted isofs */ 2.1020 - 2.1021 - switch (sig) { 2.1022 - case SIG('R', 'R'): 2.1023 -@@ -543,6 +553,7 @@ 2.1024 - fail: 2.1025 - brelse(bh); 2.1026 - unlock_kernel(); 2.1027 -+ error: 2.1028 - SetPageError(page); 2.1029 - kunmap(page); 2.1030 - unlock_page(page); 2.1031 -diff -Nru a/fs/jbd/transaction.c b/fs/jbd/transaction.c 2.1032 ---- a/fs/jbd/transaction.c 2005-04-29 18:34:27 -07:00 2.1033 -+++ b/fs/jbd/transaction.c 2005-04-29 18:34:27 -07:00 2.1034 -@@ -1775,10 +1775,10 @@ 2.1035 - JBUFFER_TRACE(jh, "checkpointed: add to BJ_Forget"); 2.1036 - ret = __dispose_buffer(jh, 2.1037 - journal->j_running_transaction); 2.1038 -+ journal_put_journal_head(jh); 2.1039 - spin_unlock(&journal->j_list_lock); 2.1040 - jbd_unlock_bh_state(bh); 2.1041 - spin_unlock(&journal->j_state_lock); 2.1042 -- journal_put_journal_head(jh); 2.1043 - return ret; 2.1044 - } else { 2.1045 - /* There is no currently-running transaction. So the 2.1046 -@@ -1789,10 +1789,10 @@ 2.1047 - JBUFFER_TRACE(jh, "give to committing trans"); 2.1048 - ret = __dispose_buffer(jh, 2.1049 - journal->j_committing_transaction); 2.1050 -+ journal_put_journal_head(jh); 2.1051 - spin_unlock(&journal->j_list_lock); 2.1052 - jbd_unlock_bh_state(bh); 2.1053 - spin_unlock(&journal->j_state_lock); 2.1054 -- journal_put_journal_head(jh); 2.1055 - return ret; 2.1056 - } else { 2.1057 - /* The orphan record's transaction has 2.1058 -@@ -1813,10 +1813,10 @@ 2.1059 - journal->j_running_transaction); 2.1060 - jh->b_next_transaction = NULL; 2.1061 - } 2.1062 -+ journal_put_journal_head(jh); 2.1063 - spin_unlock(&journal->j_list_lock); 2.1064 - jbd_unlock_bh_state(bh); 2.1065 - spin_unlock(&journal->j_state_lock); 2.1066 -- journal_put_journal_head(jh); 2.1067 - return 0; 2.1068 - } else { 2.1069 - /* Good, the buffer belongs to the running transaction. 2.1070 -diff -Nru a/fs/partitions/msdos.c b/fs/partitions/msdos.c 2.1071 ---- a/fs/partitions/msdos.c 2005-04-29 18:34:28 -07:00 2.1072 -+++ b/fs/partitions/msdos.c 2005-04-29 18:34:28 -07:00 2.1073 -@@ -114,6 +114,9 @@ 2.1074 - */ 2.1075 - for (i=0; i<4; i++, p++) { 2.1076 - u32 offs, size, next; 2.1077 -+ 2.1078 -+ if (SYS_IND(p) == 0) 2.1079 -+ continue; 2.1080 - if (!NR_SECTS(p) || is_extended_partition(p)) 2.1081 - continue; 2.1082 - 2.1083 -@@ -430,6 +433,8 @@ 2.1084 - for (slot = 1 ; slot <= 4 ; slot++, p++) { 2.1085 - u32 start = START_SECT(p)*sector_size; 2.1086 - u32 size = NR_SECTS(p)*sector_size; 2.1087 -+ if (SYS_IND(p) == 0) 2.1088 -+ continue; 2.1089 - if (!size) 2.1090 - continue; 2.1091 - if (is_extended_partition(p)) { 2.1092 -diff -Nru a/kernel/signal.c b/kernel/signal.c 2.1093 ---- a/kernel/signal.c 2005-04-29 18:34:27 -07:00 2.1094 -+++ b/kernel/signal.c 2005-04-29 18:34:27 -07:00 2.1095 -@@ -1728,6 +1728,7 @@ 2.1096 - * with another processor delivering a stop signal, 2.1097 - * then the SIGCONT that wakes us up should clear it. 2.1098 - */ 2.1099 -+ read_unlock(&tasklist_lock); 2.1100 - return 0; 2.1101 - } 2.1102 - 2.1103 -diff -Nru a/lib/rwsem-spinlock.c b/lib/rwsem-spinlock.c 2.1104 ---- a/lib/rwsem-spinlock.c 2005-04-29 18:34:28 -07:00 2.1105 -+++ b/lib/rwsem-spinlock.c 2005-04-29 18:34:28 -07:00 2.1106 -@@ -140,12 +140,12 @@ 2.1107 - 2.1108 - rwsemtrace(sem, "Entering __down_read"); 2.1109 - 2.1110 -- spin_lock(&sem->wait_lock); 2.1111 -+ spin_lock_irq(&sem->wait_lock); 2.1112 - 2.1113 - if (sem->activity >= 0 && list_empty(&sem->wait_list)) { 2.1114 - /* granted */ 2.1115 - sem->activity++; 2.1116 -- spin_unlock(&sem->wait_lock); 2.1117 -+ spin_unlock_irq(&sem->wait_lock); 2.1118 - goto out; 2.1119 - } 2.1120 - 2.1121 -@@ -160,7 +160,7 @@ 2.1122 - list_add_tail(&waiter.list, &sem->wait_list); 2.1123 - 2.1124 - /* we don't need to touch the semaphore struct anymore */ 2.1125 -- spin_unlock(&sem->wait_lock); 2.1126 -+ spin_unlock_irq(&sem->wait_lock); 2.1127 - 2.1128 - /* wait to be given the lock */ 2.1129 - for (;;) { 2.1130 -@@ -181,10 +181,12 @@ 2.1131 - */ 2.1132 - int fastcall __down_read_trylock(struct rw_semaphore *sem) 2.1133 - { 2.1134 -+ unsigned long flags; 2.1135 - int ret = 0; 2.1136 -+ 2.1137 - rwsemtrace(sem, "Entering __down_read_trylock"); 2.1138 - 2.1139 -- spin_lock(&sem->wait_lock); 2.1140 -+ spin_lock_irqsave(&sem->wait_lock, flags); 2.1141 - 2.1142 - if (sem->activity >= 0 && list_empty(&sem->wait_list)) { 2.1143 - /* granted */ 2.1144 -@@ -192,7 +194,7 @@ 2.1145 - ret = 1; 2.1146 - } 2.1147 - 2.1148 -- spin_unlock(&sem->wait_lock); 2.1149 -+ spin_unlock_irqrestore(&sem->wait_lock, flags); 2.1150 - 2.1151 - rwsemtrace(sem, "Leaving __down_read_trylock"); 2.1152 - return ret; 2.1153 -@@ -209,12 +211,12 @@ 2.1154 - 2.1155 - rwsemtrace(sem, "Entering __down_write"); 2.1156 - 2.1157 -- spin_lock(&sem->wait_lock); 2.1158 -+ spin_lock_irq(&sem->wait_lock); 2.1159 - 2.1160 - if (sem->activity == 0 && list_empty(&sem->wait_list)) { 2.1161 - /* granted */ 2.1162 - sem->activity = -1; 2.1163 -- spin_unlock(&sem->wait_lock); 2.1164 -+ spin_unlock_irq(&sem->wait_lock); 2.1165 - goto out; 2.1166 - } 2.1167 - 2.1168 -@@ -229,7 +231,7 @@ 2.1169 - list_add_tail(&waiter.list, &sem->wait_list); 2.1170 - 2.1171 - /* we don't need to touch the semaphore struct anymore */ 2.1172 -- spin_unlock(&sem->wait_lock); 2.1173 -+ spin_unlock_irq(&sem->wait_lock); 2.1174 - 2.1175 - /* wait to be given the lock */ 2.1176 - for (;;) { 2.1177 -@@ -250,10 +252,12 @@ 2.1178 - */ 2.1179 - int fastcall __down_write_trylock(struct rw_semaphore *sem) 2.1180 - { 2.1181 -+ unsigned long flags; 2.1182 - int ret = 0; 2.1183 -+ 2.1184 - rwsemtrace(sem, "Entering __down_write_trylock"); 2.1185 - 2.1186 -- spin_lock(&sem->wait_lock); 2.1187 -+ spin_lock_irqsave(&sem->wait_lock, flags); 2.1188 - 2.1189 - if (sem->activity == 0 && list_empty(&sem->wait_list)) { 2.1190 - /* granted */ 2.1191 -@@ -261,7 +265,7 @@ 2.1192 - ret = 1; 2.1193 - } 2.1194 - 2.1195 -- spin_unlock(&sem->wait_lock); 2.1196 -+ spin_unlock_irqrestore(&sem->wait_lock, flags); 2.1197 - 2.1198 - rwsemtrace(sem, "Leaving __down_write_trylock"); 2.1199 - return ret; 2.1200 -@@ -272,14 +276,16 @@ 2.1201 - */ 2.1202 - void fastcall __up_read(struct rw_semaphore *sem) 2.1203 - { 2.1204 -+ unsigned long flags; 2.1205 -+ 2.1206 - rwsemtrace(sem, "Entering __up_read"); 2.1207 - 2.1208 -- spin_lock(&sem->wait_lock); 2.1209 -+ spin_lock_irqsave(&sem->wait_lock, flags); 2.1210 - 2.1211 - if (--sem->activity == 0 && !list_empty(&sem->wait_list)) 2.1212 - sem = __rwsem_wake_one_writer(sem); 2.1213 - 2.1214 -- spin_unlock(&sem->wait_lock); 2.1215 -+ spin_unlock_irqrestore(&sem->wait_lock, flags); 2.1216 - 2.1217 - rwsemtrace(sem, "Leaving __up_read"); 2.1218 - } 2.1219 -@@ -289,15 +295,17 @@ 2.1220 - */ 2.1221 - void fastcall __up_write(struct rw_semaphore *sem) 2.1222 - { 2.1223 -+ unsigned long flags; 2.1224 -+ 2.1225 - rwsemtrace(sem, "Entering __up_write"); 2.1226 - 2.1227 -- spin_lock(&sem->wait_lock); 2.1228 -+ spin_lock_irqsave(&sem->wait_lock, flags); 2.1229 - 2.1230 - sem->activity = 0; 2.1231 - if (!list_empty(&sem->wait_list)) 2.1232 - sem = __rwsem_do_wake(sem, 1); 2.1233 - 2.1234 -- spin_unlock(&sem->wait_lock); 2.1235 -+ spin_unlock_irqrestore(&sem->wait_lock, flags); 2.1236 - 2.1237 - rwsemtrace(sem, "Leaving __up_write"); 2.1238 - } 2.1239 -@@ -308,15 +316,17 @@ 2.1240 - */ 2.1241 - void fastcall __downgrade_write(struct rw_semaphore *sem) 2.1242 - { 2.1243 -+ unsigned long flags; 2.1244 -+ 2.1245 - rwsemtrace(sem, "Entering __downgrade_write"); 2.1246 - 2.1247 -- spin_lock(&sem->wait_lock); 2.1248 -+ spin_lock_irqsave(&sem->wait_lock, flags); 2.1249 - 2.1250 - sem->activity = 1; 2.1251 - if (!list_empty(&sem->wait_list)) 2.1252 - sem = __rwsem_do_wake(sem, 0); 2.1253 - 2.1254 -- spin_unlock(&sem->wait_lock); 2.1255 -+ spin_unlock_irqrestore(&sem->wait_lock, flags); 2.1256 - 2.1257 - rwsemtrace(sem, "Leaving __downgrade_write"); 2.1258 - } 2.1259 -diff -Nru a/lib/rwsem.c b/lib/rwsem.c 2.1260 ---- a/lib/rwsem.c 2005-04-29 18:34:28 -07:00 2.1261 -+++ b/lib/rwsem.c 2005-04-29 18:34:28 -07:00 2.1262 -@@ -150,7 +150,7 @@ 2.1263 - set_task_state(tsk, TASK_UNINTERRUPTIBLE); 2.1264 - 2.1265 - /* set up my own style of waitqueue */ 2.1266 -- spin_lock(&sem->wait_lock); 2.1267 -+ spin_lock_irq(&sem->wait_lock); 2.1268 - waiter->task = tsk; 2.1269 - get_task_struct(tsk); 2.1270 - 2.1271 -@@ -163,7 +163,7 @@ 2.1272 - if (!(count & RWSEM_ACTIVE_MASK)) 2.1273 - sem = __rwsem_do_wake(sem, 0); 2.1274 - 2.1275 -- spin_unlock(&sem->wait_lock); 2.1276 -+ spin_unlock_irq(&sem->wait_lock); 2.1277 - 2.1278 - /* wait to be given the lock */ 2.1279 - for (;;) { 2.1280 -@@ -219,15 +219,17 @@ 2.1281 - */ 2.1282 - struct rw_semaphore fastcall *rwsem_wake(struct rw_semaphore *sem) 2.1283 - { 2.1284 -+ unsigned long flags; 2.1285 -+ 2.1286 - rwsemtrace(sem, "Entering rwsem_wake"); 2.1287 - 2.1288 -- spin_lock(&sem->wait_lock); 2.1289 -+ spin_lock_irqsave(&sem->wait_lock, flags); 2.1290 - 2.1291 - /* do nothing if list empty */ 2.1292 - if (!list_empty(&sem->wait_list)) 2.1293 - sem = __rwsem_do_wake(sem, 0); 2.1294 - 2.1295 -- spin_unlock(&sem->wait_lock); 2.1296 -+ spin_unlock_irqrestore(&sem->wait_lock, flags); 2.1297 - 2.1298 - rwsemtrace(sem, "Leaving rwsem_wake"); 2.1299 - 2.1300 -@@ -241,15 +243,17 @@ 2.1301 - */ 2.1302 - struct rw_semaphore fastcall *rwsem_downgrade_wake(struct rw_semaphore *sem) 2.1303 - { 2.1304 -+ unsigned long flags; 2.1305 -+ 2.1306 - rwsemtrace(sem, "Entering rwsem_downgrade_wake"); 2.1307 - 2.1308 -- spin_lock(&sem->wait_lock); 2.1309 -+ spin_lock_irqsave(&sem->wait_lock, flags); 2.1310 - 2.1311 - /* do nothing if list empty */ 2.1312 - if (!list_empty(&sem->wait_list)) 2.1313 - sem = __rwsem_do_wake(sem, 1); 2.1314 - 2.1315 -- spin_unlock(&sem->wait_lock); 2.1316 -+ spin_unlock_irqrestore(&sem->wait_lock, flags); 2.1317 - 2.1318 - rwsemtrace(sem, "Leaving rwsem_downgrade_wake"); 2.1319 - return sem; 2.1320 -diff -Nru a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c 2.1321 ---- a/net/bluetooth/af_bluetooth.c 2005-04-29 18:34:27 -07:00 2.1322 -+++ b/net/bluetooth/af_bluetooth.c 2005-04-29 18:34:27 -07:00 2.1323 -@@ -64,7 +64,7 @@ 2.1324 - 2.1325 - int bt_sock_register(int proto, struct net_proto_family *ops) 2.1326 - { 2.1327 -- if (proto >= BT_MAX_PROTO) 2.1328 -+ if (proto < 0 || proto >= BT_MAX_PROTO) 2.1329 - return -EINVAL; 2.1330 - 2.1331 - if (bt_proto[proto]) 2.1332 -@@ -77,7 +77,7 @@ 2.1333 - 2.1334 - int bt_sock_unregister(int proto) 2.1335 - { 2.1336 -- if (proto >= BT_MAX_PROTO) 2.1337 -+ if (proto < 0 || proto >= BT_MAX_PROTO) 2.1338 - return -EINVAL; 2.1339 - 2.1340 - if (!bt_proto[proto]) 2.1341 -@@ -92,7 +92,7 @@ 2.1342 - { 2.1343 - int err = 0; 2.1344 - 2.1345 -- if (proto >= BT_MAX_PROTO) 2.1346 -+ if (proto < 0 || proto >= BT_MAX_PROTO) 2.1347 - return -EINVAL; 2.1348 - 2.1349 - #if defined(CONFIG_KMOD) 2.1350 -diff -Nru a/net/ipv4/fib_hash.c b/net/ipv4/fib_hash.c 2.1351 ---- a/net/ipv4/fib_hash.c 2005-04-29 18:34:28 -07:00 2.1352 -+++ b/net/ipv4/fib_hash.c 2005-04-29 18:34:28 -07:00 2.1353 -@@ -919,13 +919,23 @@ 2.1354 - return fa; 2.1355 - } 2.1356 - 2.1357 -+static struct fib_alias *fib_get_idx(struct seq_file *seq, loff_t pos) 2.1358 -+{ 2.1359 -+ struct fib_alias *fa = fib_get_first(seq); 2.1360 -+ 2.1361 -+ if (fa) 2.1362 -+ while (pos && (fa = fib_get_next(seq))) 2.1363 -+ --pos; 2.1364 -+ return pos ? NULL : fa; 2.1365 -+} 2.1366 -+ 2.1367 - static void *fib_seq_start(struct seq_file *seq, loff_t *pos) 2.1368 - { 2.1369 - void *v = NULL; 2.1370 - 2.1371 - read_lock(&fib_hash_lock); 2.1372 - if (ip_fib_main_table) 2.1373 -- v = *pos ? fib_get_next(seq) : SEQ_START_TOKEN; 2.1374 -+ v = *pos ? fib_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2.1375 - return v; 2.1376 - } 2.1377 - 2.1378 -diff -Nru a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c 2.1379 ---- a/net/ipv4/tcp_input.c 2005-04-29 18:34:28 -07:00 2.1380 -+++ b/net/ipv4/tcp_input.c 2005-04-29 18:34:28 -07:00 2.1381 -@@ -1653,7 +1653,10 @@ 2.1382 - static void tcp_undo_cwr(struct tcp_sock *tp, int undo) 2.1383 - { 2.1384 - if (tp->prior_ssthresh) { 2.1385 -- tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1); 2.1386 -+ if (tcp_is_bic(tp)) 2.1387 -+ tp->snd_cwnd = max(tp->snd_cwnd, tp->bictcp.last_max_cwnd); 2.1388 -+ else 2.1389 -+ tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1); 2.1390 - 2.1391 - if (undo && tp->prior_ssthresh > tp->snd_ssthresh) { 2.1392 - tp->snd_ssthresh = tp->prior_ssthresh; 2.1393 -diff -Nru a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c 2.1394 ---- a/net/ipv4/tcp_timer.c 2005-04-29 18:34:28 -07:00 2.1395 -+++ b/net/ipv4/tcp_timer.c 2005-04-29 18:34:28 -07:00 2.1396 -@@ -38,6 +38,7 @@ 2.1397 - 2.1398 - #ifdef TCP_DEBUG 2.1399 - const char tcp_timer_bug_msg[] = KERN_DEBUG "tcpbug: unknown timer value\n"; 2.1400 -+EXPORT_SYMBOL(tcp_timer_bug_msg); 2.1401 - #endif 2.1402 - 2.1403 - /* 2.1404 -diff -Nru a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c 2.1405 ---- a/net/ipv4/xfrm4_output.c 2005-04-29 18:34:27 -07:00 2.1406 -+++ b/net/ipv4/xfrm4_output.c 2005-04-29 18:34:27 -07:00 2.1407 -@@ -103,16 +103,16 @@ 2.1408 - goto error_nolock; 2.1409 - } 2.1410 - 2.1411 -- spin_lock_bh(&x->lock); 2.1412 -- err = xfrm_state_check(x, skb); 2.1413 -- if (err) 2.1414 -- goto error; 2.1415 -- 2.1416 - if (x->props.mode) { 2.1417 - err = xfrm4_tunnel_check_size(skb); 2.1418 - if (err) 2.1419 -- goto error; 2.1420 -+ goto error_nolock; 2.1421 - } 2.1422 -+ 2.1423 -+ spin_lock_bh(&x->lock); 2.1424 -+ err = xfrm_state_check(x, skb); 2.1425 -+ if (err) 2.1426 -+ goto error; 2.1427 - 2.1428 - xfrm4_encap(skb); 2.1429 - 2.1430 -diff -Nru a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c 2.1431 ---- a/net/ipv6/xfrm6_output.c 2005-04-29 18:34:28 -07:00 2.1432 -+++ b/net/ipv6/xfrm6_output.c 2005-04-29 18:34:28 -07:00 2.1433 -@@ -103,16 +103,16 @@ 2.1434 - goto error_nolock; 2.1435 - } 2.1436 - 2.1437 -- spin_lock_bh(&x->lock); 2.1438 -- err = xfrm_state_check(x, skb); 2.1439 -- if (err) 2.1440 -- goto error; 2.1441 -- 2.1442 - if (x->props.mode) { 2.1443 - err = xfrm6_tunnel_check_size(skb); 2.1444 - if (err) 2.1445 -- goto error; 2.1446 -+ goto error_nolock; 2.1447 - } 2.1448 -+ 2.1449 -+ spin_lock_bh(&x->lock); 2.1450 -+ err = xfrm_state_check(x, skb); 2.1451 -+ if (err) 2.1452 -+ goto error; 2.1453 - 2.1454 - xfrm6_encap(skb); 2.1455 - 2.1456 -diff -Nru a/net/netrom/nr_in.c b/net/netrom/nr_in.c 2.1457 ---- a/net/netrom/nr_in.c 2005-04-29 18:34:27 -07:00 2.1458 -+++ b/net/netrom/nr_in.c 2005-04-29 18:34:27 -07:00 2.1459 -@@ -74,7 +74,6 @@ 2.1460 - static int nr_state1_machine(struct sock *sk, struct sk_buff *skb, 2.1461 - int frametype) 2.1462 - { 2.1463 -- bh_lock_sock(sk); 2.1464 - switch (frametype) { 2.1465 - case NR_CONNACK: { 2.1466 - nr_cb *nr = nr_sk(sk); 2.1467 -@@ -103,8 +102,6 @@ 2.1468 - default: 2.1469 - break; 2.1470 - } 2.1471 -- bh_unlock_sock(sk); 2.1472 -- 2.1473 - return 0; 2.1474 - } 2.1475 - 2.1476 -@@ -116,7 +113,6 @@ 2.1477 - static int nr_state2_machine(struct sock *sk, struct sk_buff *skb, 2.1478 - int frametype) 2.1479 - { 2.1480 -- bh_lock_sock(sk); 2.1481 - switch (frametype) { 2.1482 - case NR_CONNACK | NR_CHOKE_FLAG: 2.1483 - nr_disconnect(sk, ECONNRESET); 2.1484 -@@ -132,8 +128,6 @@ 2.1485 - default: 2.1486 - break; 2.1487 - } 2.1488 -- bh_unlock_sock(sk); 2.1489 -- 2.1490 - return 0; 2.1491 - } 2.1492 - 2.1493 -@@ -154,7 +148,6 @@ 2.1494 - nr = skb->data[18]; 2.1495 - ns = skb->data[17]; 2.1496 - 2.1497 -- bh_lock_sock(sk); 2.1498 - switch (frametype) { 2.1499 - case NR_CONNREQ: 2.1500 - nr_write_internal(sk, NR_CONNACK); 2.1501 -@@ -265,8 +258,6 @@ 2.1502 - default: 2.1503 - break; 2.1504 - } 2.1505 -- bh_unlock_sock(sk); 2.1506 -- 2.1507 - return queued; 2.1508 - } 2.1509 - 2.1510 -diff -Nru a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c 2.1511 ---- a/net/xfrm/xfrm_state.c 2005-04-29 18:34:28 -07:00 2.1512 -+++ b/net/xfrm/xfrm_state.c 2005-04-29 18:34:28 -07:00 2.1513 -@@ -609,7 +609,7 @@ 2.1514 - 2.1515 - for (i = 0; i < XFRM_DST_HSIZE; i++) { 2.1516 - list_for_each_entry(x, xfrm_state_bydst+i, bydst) { 2.1517 -- if (x->km.seq == seq) { 2.1518 -+ if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) { 2.1519 - xfrm_state_hold(x); 2.1520 - return x; 2.1521 - } 2.1522 -diff -Nru a/security/keys/key.c b/security/keys/key.c 2.1523 ---- a/security/keys/key.c 2005-04-29 18:34:28 -07:00 2.1524 -+++ b/security/keys/key.c 2005-04-29 18:34:28 -07:00 2.1525 -@@ -57,9 +57,10 @@ 2.1526 - { 2.1527 - struct key_user *candidate = NULL, *user; 2.1528 - struct rb_node *parent = NULL; 2.1529 -- struct rb_node **p = &key_user_tree.rb_node; 2.1530 -+ struct rb_node **p; 2.1531 - 2.1532 - try_again: 2.1533 -+ p = &key_user_tree.rb_node; 2.1534 - spin_lock(&key_user_lock); 2.1535 - 2.1536 - /* search the tree for a user record with a matching UID */ 2.1537 -diff -Nru a/sound/core/timer.c b/sound/core/timer.c 2.1538 ---- a/sound/core/timer.c 2005-04-29 18:34:28 -07:00 2.1539 -+++ b/sound/core/timer.c 2005-04-29 18:34:28 -07:00 2.1540 -@@ -1117,7 +1117,8 @@ 2.1541 - if (tu->qused >= tu->queue_size) { 2.1542 - tu->overrun++; 2.1543 - } else { 2.1544 -- memcpy(&tu->queue[tu->qtail++], tread, sizeof(*tread)); 2.1545 -+ memcpy(&tu->tqueue[tu->qtail++], tread, sizeof(*tread)); 2.1546 -+ tu->qtail %= tu->queue_size; 2.1547 - tu->qused++; 2.1548 - } 2.1549 - } 2.1550 -@@ -1140,6 +1141,8 @@ 2.1551 - spin_lock(&tu->qlock); 2.1552 - snd_timer_user_append_to_tqueue(tu, &r1); 2.1553 - spin_unlock(&tu->qlock); 2.1554 -+ kill_fasync(&tu->fasync, SIGIO, POLL_IN); 2.1555 -+ wake_up(&tu->qchange_sleep); 2.1556 - } 2.1557 - 2.1558 - static void snd_timer_user_tinterrupt(snd_timer_instance_t *timeri, 2.1559 -diff -Nru a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c 2.1560 ---- a/sound/pci/ac97/ac97_codec.c 2005-04-29 18:34:28 -07:00 2.1561 -+++ b/sound/pci/ac97/ac97_codec.c 2005-04-29 18:34:28 -07:00 2.1562 -@@ -1185,7 +1185,7 @@ 2.1563 - /* 2.1564 - * create mute switch(es) for normal stereo controls 2.1565 - */ 2.1566 --static int snd_ac97_cmute_new(snd_card_t *card, char *name, int reg, ac97_t *ac97) 2.1567 -+static int snd_ac97_cmute_new_stereo(snd_card_t *card, char *name, int reg, int check_stereo, ac97_t *ac97) 2.1568 - { 2.1569 - snd_kcontrol_t *kctl; 2.1570 - int err; 2.1571 -@@ -1196,7 +1196,7 @@ 2.1572 - 2.1573 - mute_mask = 0x8000; 2.1574 - val = snd_ac97_read(ac97, reg); 2.1575 -- if (ac97->flags & AC97_STEREO_MUTES) { 2.1576 -+ if (check_stereo || (ac97->flags & AC97_STEREO_MUTES)) { 2.1577 - /* check whether both mute bits work */ 2.1578 - val1 = val | 0x8080; 2.1579 - snd_ac97_write(ac97, reg, val1); 2.1580 -@@ -1254,7 +1254,7 @@ 2.1581 - /* 2.1582 - * create a mute-switch and a volume for normal stereo/mono controls 2.1583 - */ 2.1584 --static int snd_ac97_cmix_new(snd_card_t *card, const char *pfx, int reg, ac97_t *ac97) 2.1585 -+static int snd_ac97_cmix_new_stereo(snd_card_t *card, const char *pfx, int reg, int check_stereo, ac97_t *ac97) 2.1586 - { 2.1587 - int err; 2.1588 - char name[44]; 2.1589 -@@ -1265,7 +1265,7 @@ 2.1590 - 2.1591 - if (snd_ac97_try_bit(ac97, reg, 15)) { 2.1592 - sprintf(name, "%s Switch", pfx); 2.1593 -- if ((err = snd_ac97_cmute_new(card, name, reg, ac97)) < 0) 2.1594 -+ if ((err = snd_ac97_cmute_new_stereo(card, name, reg, check_stereo, ac97)) < 0) 2.1595 - return err; 2.1596 - } 2.1597 - check_volume_resolution(ac97, reg, &lo_max, &hi_max); 2.1598 -@@ -1277,6 +1277,8 @@ 2.1599 - return 0; 2.1600 - } 2.1601 - 2.1602 -+#define snd_ac97_cmix_new(card, pfx, reg, ac97) snd_ac97_cmix_new_stereo(card, pfx, reg, 0, ac97) 2.1603 -+#define snd_ac97_cmute_new(card, name, reg, ac97) snd_ac97_cmute_new_stereo(card, name, reg, 0, ac97) 2.1604 - 2.1605 - static unsigned int snd_ac97_determine_spdif_rates(ac97_t *ac97); 2.1606 - 2.1607 -@@ -1327,7 +1329,8 @@ 2.1608 - 2.1609 - /* build surround controls */ 2.1610 - if (snd_ac97_try_volume_mix(ac97, AC97_SURROUND_MASTER)) { 2.1611 -- if ((err = snd_ac97_cmix_new(card, "Surround Playback", AC97_SURROUND_MASTER, ac97)) < 0) 2.1612 -+ /* Surround Master (0x38) is with stereo mutes */ 2.1613 -+ if ((err = snd_ac97_cmix_new_stereo(card, "Surround Playback", AC97_SURROUND_MASTER, 1, ac97)) < 0) 2.1614 - return err; 2.1615 - } 2.1616 -
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/patches/linux-2.6.11/linux-2.6.11.9.patch Sun May 15 12:39:28 2005 +0000 3.3 @@ -0,0 +1,1692 @@ 3.4 +diff -Nru a/Documentation/SecurityBugs b/Documentation/SecurityBugs 3.5 +--- /dev/null Wed Dec 31 16:00:00 196900 3.6 ++++ b/Documentation/SecurityBugs 2005-05-11 15:43:53 -07:00 3.7 +@@ -0,0 +1,38 @@ 3.8 ++Linux kernel developers take security very seriously. As such, we'd 3.9 ++like to know when a security bug is found so that it can be fixed and 3.10 ++disclosed as quickly as possible. Please report security bugs to the 3.11 ++Linux kernel security team. 3.12 ++ 3.13 ++1) Contact 3.14 ++ 3.15 ++The Linux kernel security team can be contacted by email at 3.16 ++<security@kernel.org>. This is a private list of security officers 3.17 ++who will help verify the bug report and develop and release a fix. 3.18 ++It is possible that the security team will bring in extra help from 3.19 ++area maintainers to understand and fix the security vulnerability. 3.20 ++ 3.21 ++As it is with any bug, the more information provided the easier it 3.22 ++will be to diagnose and fix. Please review the procedure outlined in 3.23 ++REPORTING-BUGS if you are unclear about what information is helpful. 3.24 ++Any exploit code is very helpful and will not be released without 3.25 ++consent from the reporter unless it has already been made public. 3.26 ++ 3.27 ++2) Disclosure 3.28 ++ 3.29 ++The goal of the Linux kernel security team is to work with the 3.30 ++bug submitter to bug resolution as well as disclosure. We prefer 3.31 ++to fully disclose the bug as soon as possible. It is reasonable to 3.32 ++delay disclosure when the bug or the fix is not yet fully understood, 3.33 ++the solution is not well-tested or for vendor coordination. However, we 3.34 ++expect these delays to be short, measurable in days, not weeks or months. 3.35 ++A disclosure date is negotiated by the security team working with the 3.36 ++bug submitter as well as vendors. However, the kernel security team 3.37 ++holds the final say when setting a disclosure date. The timeframe for 3.38 ++disclosure is from immediate (esp. if it's already publically known) 3.39 ++to a few weeks. As a basic default policy, we expect report date to 3.40 ++disclosure date to be on the order of 7 days. 3.41 ++ 3.42 ++3) Non-disclosure agreements 3.43 ++ 3.44 ++The Linux kernel security team is not a formal body and therefore unable 3.45 ++to enter any non-disclosure agreements. 3.46 +diff -Nru a/MAINTAINERS b/MAINTAINERS 3.47 +--- a/MAINTAINERS 2005-05-11 15:43:53 -07:00 3.48 ++++ b/MAINTAINERS 2005-05-11 15:43:53 -07:00 3.49 +@@ -1966,6 +1966,11 @@ 3.50 + W: http://www.weinigel.se 3.51 + S: Supported 3.52 + 3.53 ++SECURITY CONTACT 3.54 ++P: Security Officers 3.55 ++M: security@kernel.org 3.56 ++S: Supported 3.57 ++ 3.58 + SELINUX SECURITY MODULE 3.59 + P: Stephen Smalley 3.60 + M: sds@epoch.ncsc.mil 3.61 +diff -Nru a/Makefile b/Makefile 3.62 +--- a/Makefile 2005-05-11 15:43:53 -07:00 3.63 ++++ b/Makefile 2005-05-11 15:43:53 -07:00 3.64 +@@ -1,8 +1,8 @@ 3.65 + VERSION = 2 3.66 + PATCHLEVEL = 6 3.67 + SUBLEVEL = 11 3.68 +-EXTRAVERSION = 3.69 +-NAME=Woozy Numbat 3.70 ++EXTRAVERSION = .9 3.71 ++NAME=Woozy Beaver 3.72 + 3.73 + # *DOCUMENTATION* 3.74 + # To see a list of typical targets execute "make help" 3.75 +diff -Nru a/REPORTING-BUGS b/REPORTING-BUGS 3.76 +--- a/REPORTING-BUGS 2005-05-11 15:43:53 -07:00 3.77 ++++ b/REPORTING-BUGS 2005-05-11 15:43:53 -07:00 3.78 +@@ -16,6 +16,10 @@ 3.79 + describe how to recreate it. That is worth even more than the oops itself. 3.80 + The list of maintainers is in the MAINTAINERS file in this directory. 3.81 + 3.82 ++ If it is a security bug, please copy the Security Contact listed 3.83 ++in the MAINTAINERS file. They can help coordinate bugfix and disclosure. 3.84 ++See Documentation/SecurityBugs for more infomation. 3.85 ++ 3.86 + If you are totally stumped as to whom to send the report, send it to 3.87 + linux-kernel@vger.kernel.org. (For more information on the linux-kernel 3.88 + mailing list see http://www.tux.org/lkml/). 3.89 +diff -Nru a/arch/ia64/kernel/fsys.S b/arch/ia64/kernel/fsys.S 3.90 +--- a/arch/ia64/kernel/fsys.S 2005-05-11 15:43:53 -07:00 3.91 ++++ b/arch/ia64/kernel/fsys.S 2005-05-11 15:43:53 -07:00 3.92 +@@ -611,8 +611,10 @@ 3.93 + movl r2=ia64_ret_from_syscall 3.94 + ;; 3.95 + mov rp=r2 // set the real return addr 3.96 +- tbit.z p8,p0=r3,TIF_SYSCALL_TRACE 3.97 ++ and r3=_TIF_SYSCALL_TRACEAUDIT,r3 3.98 + ;; 3.99 ++ cmp.eq p8,p0=r3,r0 3.100 ++ 3.101 + (p10) br.cond.spnt.many ia64_ret_from_syscall // p10==true means out registers are more than 8 3.102 + (p8) br.call.sptk.many b6=b6 // ignore this return addr 3.103 + br.cond.sptk ia64_trace_syscall 3.104 +diff -Nru a/arch/ia64/kernel/signal.c b/arch/ia64/kernel/signal.c 3.105 +--- a/arch/ia64/kernel/signal.c 2005-05-11 15:43:53 -07:00 3.106 ++++ b/arch/ia64/kernel/signal.c 2005-05-11 15:43:53 -07:00 3.107 +@@ -224,7 +224,8 @@ 3.108 + * could be corrupted. 3.109 + */ 3.110 + retval = (long) &ia64_leave_kernel; 3.111 +- if (test_thread_flag(TIF_SYSCALL_TRACE)) 3.112 ++ if (test_thread_flag(TIF_SYSCALL_TRACE) 3.113 ++ || test_thread_flag(TIF_SYSCALL_AUDIT)) 3.114 + /* 3.115 + * strace expects to be notified after sigreturn returns even though the 3.116 + * context to which we return may not be in the middle of a syscall. 3.117 +diff -Nru a/arch/ppc/oprofile/op_model_fsl_booke.c b/arch/ppc/oprofile/op_model_fsl_booke.c 3.118 +--- a/arch/ppc/oprofile/op_model_fsl_booke.c 2005-05-11 15:43:53 -07:00 3.119 ++++ b/arch/ppc/oprofile/op_model_fsl_booke.c 2005-05-11 15:43:53 -07:00 3.120 +@@ -150,7 +150,6 @@ 3.121 + int is_kernel; 3.122 + int val; 3.123 + int i; 3.124 +- unsigned int cpu = smp_processor_id(); 3.125 + 3.126 + /* set the PMM bit (see comment below) */ 3.127 + mtmsr(mfmsr() | MSR_PMM); 3.128 +@@ -162,7 +161,7 @@ 3.129 + val = ctr_read(i); 3.130 + if (val < 0) { 3.131 + if (oprofile_running && ctr[i].enabled) { 3.132 +- oprofile_add_sample(pc, is_kernel, i, cpu); 3.133 ++ oprofile_add_pc(pc, is_kernel, i); 3.134 + ctr_write(i, reset_value[i]); 3.135 + } else { 3.136 + ctr_write(i, 0); 3.137 +diff -Nru a/arch/ppc/platforms/4xx/ebony.h b/arch/ppc/platforms/4xx/ebony.h 3.138 +--- a/arch/ppc/platforms/4xx/ebony.h 2005-05-11 15:43:53 -07:00 3.139 ++++ b/arch/ppc/platforms/4xx/ebony.h 2005-05-11 15:43:53 -07:00 3.140 +@@ -61,8 +61,8 @@ 3.141 + */ 3.142 + 3.143 + /* OpenBIOS defined UART mappings, used before early_serial_setup */ 3.144 +-#define UART0_IO_BASE (u8 *) 0xE0000200 3.145 +-#define UART1_IO_BASE (u8 *) 0xE0000300 3.146 ++#define UART0_IO_BASE 0xE0000200 3.147 ++#define UART1_IO_BASE 0xE0000300 3.148 + 3.149 + /* external Epson SG-615P */ 3.150 + #define BASE_BAUD 691200 3.151 +diff -Nru a/arch/ppc/platforms/4xx/luan.h b/arch/ppc/platforms/4xx/luan.h 3.152 +--- a/arch/ppc/platforms/4xx/luan.h 2005-05-11 15:43:53 -07:00 3.153 ++++ b/arch/ppc/platforms/4xx/luan.h 2005-05-11 15:43:53 -07:00 3.154 +@@ -47,9 +47,9 @@ 3.155 + #define RS_TABLE_SIZE 3 3.156 + 3.157 + /* PIBS defined UART mappings, used before early_serial_setup */ 3.158 +-#define UART0_IO_BASE (u8 *) 0xa0000200 3.159 +-#define UART1_IO_BASE (u8 *) 0xa0000300 3.160 +-#define UART2_IO_BASE (u8 *) 0xa0000600 3.161 ++#define UART0_IO_BASE 0xa0000200 3.162 ++#define UART1_IO_BASE 0xa0000300 3.163 ++#define UART2_IO_BASE 0xa0000600 3.164 + 3.165 + #define BASE_BAUD 11059200 3.166 + #define STD_UART_OP(num) \ 3.167 +diff -Nru a/arch/ppc/platforms/4xx/ocotea.h b/arch/ppc/platforms/4xx/ocotea.h 3.168 +--- a/arch/ppc/platforms/4xx/ocotea.h 2005-05-11 15:43:53 -07:00 3.169 ++++ b/arch/ppc/platforms/4xx/ocotea.h 2005-05-11 15:43:53 -07:00 3.170 +@@ -56,8 +56,8 @@ 3.171 + #define RS_TABLE_SIZE 2 3.172 + 3.173 + /* OpenBIOS defined UART mappings, used before early_serial_setup */ 3.174 +-#define UART0_IO_BASE (u8 *) 0xE0000200 3.175 +-#define UART1_IO_BASE (u8 *) 0xE0000300 3.176 ++#define UART0_IO_BASE 0xE0000200 3.177 ++#define UART1_IO_BASE 0xE0000300 3.178 + 3.179 + #define BASE_BAUD 11059200/16 3.180 + #define STD_UART_OP(num) \ 3.181 +diff -Nru a/arch/sparc/kernel/ptrace.c b/arch/sparc/kernel/ptrace.c 3.182 +--- a/arch/sparc/kernel/ptrace.c 2005-05-11 15:43:53 -07:00 3.183 ++++ b/arch/sparc/kernel/ptrace.c 2005-05-11 15:43:53 -07:00 3.184 +@@ -531,18 +531,6 @@ 3.185 + pt_error_return(regs, EIO); 3.186 + goto out_tsk; 3.187 + } 3.188 +- if (addr != 1) { 3.189 +- if (addr & 3) { 3.190 +- pt_error_return(regs, EINVAL); 3.191 +- goto out_tsk; 3.192 +- } 3.193 +-#ifdef DEBUG_PTRACE 3.194 +- printk ("Original: %08lx %08lx\n", child->thread.kregs->pc, child->thread.kregs->npc); 3.195 +- printk ("Continuing with %08lx %08lx\n", addr, addr+4); 3.196 +-#endif 3.197 +- child->thread.kregs->pc = addr; 3.198 +- child->thread.kregs->npc = addr + 4; 3.199 +- } 3.200 + 3.201 + if (request == PTRACE_SYSCALL) 3.202 + set_tsk_thread_flag(child, TIF_SYSCALL_TRACE); 3.203 +diff -Nru a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c 3.204 +--- a/arch/sparc64/kernel/ptrace.c 2005-05-11 15:43:53 -07:00 3.205 ++++ b/arch/sparc64/kernel/ptrace.c 2005-05-11 15:43:53 -07:00 3.206 +@@ -514,25 +514,6 @@ 3.207 + pt_error_return(regs, EIO); 3.208 + goto out_tsk; 3.209 + } 3.210 +- if (addr != 1) { 3.211 +- unsigned long pc_mask = ~0UL; 3.212 +- 3.213 +- if ((child->thread_info->flags & _TIF_32BIT) != 0) 3.214 +- pc_mask = 0xffffffff; 3.215 +- 3.216 +- if (addr & 3) { 3.217 +- pt_error_return(regs, EINVAL); 3.218 +- goto out_tsk; 3.219 +- } 3.220 +-#ifdef DEBUG_PTRACE 3.221 +- printk ("Original: %016lx %016lx\n", 3.222 +- child->thread_info->kregs->tpc, 3.223 +- child->thread_info->kregs->tnpc); 3.224 +- printk ("Continuing with %016lx %016lx\n", addr, addr+4); 3.225 +-#endif 3.226 +- child->thread_info->kregs->tpc = (addr & pc_mask); 3.227 +- child->thread_info->kregs->tnpc = ((addr + 4) & pc_mask); 3.228 +- } 3.229 + 3.230 + if (request == PTRACE_SYSCALL) { 3.231 + set_tsk_thread_flag(child, TIF_SYSCALL_TRACE); 3.232 +diff -Nru a/arch/sparc64/kernel/signal32.c b/arch/sparc64/kernel/signal32.c 3.233 +--- a/arch/sparc64/kernel/signal32.c 2005-05-11 15:43:53 -07:00 3.234 ++++ b/arch/sparc64/kernel/signal32.c 2005-05-11 15:43:53 -07:00 3.235 +@@ -192,9 +192,12 @@ 3.236 + err |= __put_user(from->si_uid, &to->si_uid); 3.237 + break; 3.238 + case __SI_FAULT >> 16: 3.239 +- case __SI_POLL >> 16: 3.240 + err |= __put_user(from->si_trapno, &to->si_trapno); 3.241 + err |= __put_user((unsigned long)from->si_addr, &to->si_addr); 3.242 ++ break; 3.243 ++ case __SI_POLL >> 16: 3.244 ++ err |= __put_user(from->si_band, &to->si_band); 3.245 ++ err |= __put_user(from->si_fd, &to->si_fd); 3.246 + break; 3.247 + case __SI_RT >> 16: /* This is not generated by the kernel as of now. */ 3.248 + case __SI_MESGQ >> 16: 3.249 +diff -Nru a/arch/sparc64/kernel/systbls.S b/arch/sparc64/kernel/systbls.S 3.250 +--- a/arch/sparc64/kernel/systbls.S 2005-05-11 15:43:53 -07:00 3.251 ++++ b/arch/sparc64/kernel/systbls.S 2005-05-11 15:43:53 -07:00 3.252 +@@ -75,7 +75,7 @@ 3.253 + /*260*/ .word compat_sys_sched_getaffinity, compat_sys_sched_setaffinity, sys32_timer_settime, compat_sys_timer_gettime, sys_timer_getoverrun 3.254 + .word sys_timer_delete, sys32_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy 3.255 + /*270*/ .word sys32_io_submit, sys_io_cancel, compat_sys_io_getevents, sys32_mq_open, sys_mq_unlink 3.256 +- .word sys_mq_timedsend, sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid 3.257 ++ .word compat_sys_mq_timedsend, compat_sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid 3.258 + /*280*/ .word sys_ni_syscall, sys_add_key, sys_request_key, sys_keyctl 3.259 + 3.260 + #endif /* CONFIG_COMPAT */ 3.261 +diff -Nru a/arch/um/include/sysdep-i386/syscalls.h b/arch/um/include/sysdep-i386/syscalls.h 3.262 +--- a/arch/um/include/sysdep-i386/syscalls.h 2005-05-11 15:43:53 -07:00 3.263 ++++ b/arch/um/include/sysdep-i386/syscalls.h 2005-05-11 15:43:53 -07:00 3.264 +@@ -23,6 +23,9 @@ 3.265 + unsigned long prot, unsigned long flags, 3.266 + unsigned long fd, unsigned long pgoff); 3.267 + 3.268 ++/* On i386 they choose a meaningless naming.*/ 3.269 ++#define __NR_kexec_load __NR_sys_kexec_load 3.270 ++ 3.271 + #define ARCH_SYSCALLS \ 3.272 + [ __NR_waitpid ] = (syscall_handler_t *) sys_waitpid, \ 3.273 + [ __NR_break ] = (syscall_handler_t *) sys_ni_syscall, \ 3.274 +@@ -101,15 +104,12 @@ 3.275 + [ 223 ] = (syscall_handler_t *) sys_ni_syscall, \ 3.276 + [ __NR_set_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \ 3.277 + [ __NR_get_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \ 3.278 +- [ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, \ 3.279 + [ 251 ] = (syscall_handler_t *) sys_ni_syscall, \ 3.280 +- [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, \ 3.281 +- [ __NR_utimes ] = (syscall_handler_t *) sys_utimes, \ 3.282 +- [ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall, 3.283 +- 3.284 ++ [ 285 ] = (syscall_handler_t *) sys_ni_syscall, 3.285 ++ 3.286 + /* 222 doesn't yet have a name in include/asm-i386/unistd.h */ 3.287 + 3.288 +-#define LAST_ARCH_SYSCALL __NR_vserver 3.289 ++#define LAST_ARCH_SYSCALL 285 3.290 + 3.291 + /* 3.292 + * Overrides for Emacs so that we follow Linus's tabbing style. 3.293 +diff -Nru a/arch/um/include/sysdep-x86_64/syscalls.h b/arch/um/include/sysdep-x86_64/syscalls.h 3.294 +--- a/arch/um/include/sysdep-x86_64/syscalls.h 2005-05-11 15:43:53 -07:00 3.295 ++++ b/arch/um/include/sysdep-x86_64/syscalls.h 2005-05-11 15:43:53 -07:00 3.296 +@@ -71,12 +71,7 @@ 3.297 + [ __NR_iopl ] = (syscall_handler_t *) sys_ni_syscall, \ 3.298 + [ __NR_set_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \ 3.299 + [ __NR_get_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \ 3.300 +- [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, \ 3.301 + [ __NR_semtimedop ] = (syscall_handler_t *) sys_semtimedop, \ 3.302 +- [ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, \ 3.303 +- [ 223 ] = (syscall_handler_t *) sys_ni_syscall, \ 3.304 +- [ __NR_utimes ] = (syscall_handler_t *) sys_utimes, \ 3.305 +- [ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall, \ 3.306 + [ 251 ] = (syscall_handler_t *) sys_ni_syscall, 3.307 + 3.308 + #define LAST_ARCH_SYSCALL 251 3.309 +diff -Nru a/arch/um/kernel/skas/uaccess.c b/arch/um/kernel/skas/uaccess.c 3.310 +--- a/arch/um/kernel/skas/uaccess.c 2005-05-11 15:43:53 -07:00 3.311 ++++ b/arch/um/kernel/skas/uaccess.c 2005-05-11 15:43:53 -07:00 3.312 +@@ -61,7 +61,8 @@ 3.313 + void *arg; 3.314 + int *res; 3.315 + 3.316 +- va_copy(args, *(va_list *)arg_ptr); 3.317 ++ /* Some old gccs recognize __va_copy, but not va_copy */ 3.318 ++ __va_copy(args, *(va_list *)arg_ptr); 3.319 + addr = va_arg(args, unsigned long); 3.320 + len = va_arg(args, int); 3.321 + is_write = va_arg(args, int); 3.322 +diff -Nru a/arch/um/kernel/sys_call_table.c b/arch/um/kernel/sys_call_table.c 3.323 +--- a/arch/um/kernel/sys_call_table.c 2005-05-11 15:43:53 -07:00 3.324 ++++ b/arch/um/kernel/sys_call_table.c 2005-05-11 15:43:53 -07:00 3.325 +@@ -48,7 +48,6 @@ 3.326 + extern syscall_handler_t old_select; 3.327 + extern syscall_handler_t sys_modify_ldt; 3.328 + extern syscall_handler_t sys_rt_sigsuspend; 3.329 +-extern syscall_handler_t sys_vserver; 3.330 + extern syscall_handler_t sys_mbind; 3.331 + extern syscall_handler_t sys_get_mempolicy; 3.332 + extern syscall_handler_t sys_set_mempolicy; 3.333 +@@ -242,6 +241,7 @@ 3.334 + [ __NR_epoll_create ] = (syscall_handler_t *) sys_epoll_create, 3.335 + [ __NR_epoll_ctl ] = (syscall_handler_t *) sys_epoll_ctl, 3.336 + [ __NR_epoll_wait ] = (syscall_handler_t *) sys_epoll_wait, 3.337 ++ [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, 3.338 + [ __NR_set_tid_address ] = (syscall_handler_t *) sys_set_tid_address, 3.339 + [ __NR_timer_create ] = (syscall_handler_t *) sys_timer_create, 3.340 + [ __NR_timer_settime ] = (syscall_handler_t *) sys_timer_settime, 3.341 +@@ -252,12 +252,10 @@ 3.342 + [ __NR_clock_gettime ] = (syscall_handler_t *) sys_clock_gettime, 3.343 + [ __NR_clock_getres ] = (syscall_handler_t *) sys_clock_getres, 3.344 + [ __NR_clock_nanosleep ] = (syscall_handler_t *) sys_clock_nanosleep, 3.345 +- [ __NR_statfs64 ] = (syscall_handler_t *) sys_statfs64, 3.346 +- [ __NR_fstatfs64 ] = (syscall_handler_t *) sys_fstatfs64, 3.347 + [ __NR_tgkill ] = (syscall_handler_t *) sys_tgkill, 3.348 + [ __NR_utimes ] = (syscall_handler_t *) sys_utimes, 3.349 +- [ __NR_fadvise64_64 ] = (syscall_handler_t *) sys_fadvise64_64, 3.350 +- [ __NR_vserver ] = (syscall_handler_t *) sys_vserver, 3.351 ++ [ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, 3.352 ++ [ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall, 3.353 + [ __NR_mbind ] = (syscall_handler_t *) sys_mbind, 3.354 + [ __NR_get_mempolicy ] = (syscall_handler_t *) sys_get_mempolicy, 3.355 + [ __NR_set_mempolicy ] = (syscall_handler_t *) sys_set_mempolicy, 3.356 +@@ -267,9 +265,8 @@ 3.357 + [ __NR_mq_timedreceive ] = (syscall_handler_t *) sys_mq_timedreceive, 3.358 + [ __NR_mq_notify ] = (syscall_handler_t *) sys_mq_notify, 3.359 + [ __NR_mq_getsetattr ] = (syscall_handler_t *) sys_mq_getsetattr, 3.360 +- [ __NR_sys_kexec_load ] = (syscall_handler_t *) sys_ni_syscall, 3.361 ++ [ __NR_kexec_load ] = (syscall_handler_t *) sys_ni_syscall, 3.362 + [ __NR_waitid ] = (syscall_handler_t *) sys_waitid, 3.363 +- [ 285 ] = (syscall_handler_t *) sys_ni_syscall, 3.364 + [ __NR_add_key ] = (syscall_handler_t *) sys_add_key, 3.365 + [ __NR_request_key ] = (syscall_handler_t *) sys_request_key, 3.366 + [ __NR_keyctl ] = (syscall_handler_t *) sys_keyctl, 3.367 +diff -Nru a/drivers/char/drm/drm_ioctl.c b/drivers/char/drm/drm_ioctl.c 3.368 +--- a/drivers/char/drm/drm_ioctl.c 2005-05-11 15:43:53 -07:00 3.369 ++++ b/drivers/char/drm/drm_ioctl.c 2005-05-11 15:43:53 -07:00 3.370 +@@ -326,6 +326,8 @@ 3.371 + 3.372 + DRM_COPY_FROM_USER_IOCTL(sv, argp, sizeof(sv)); 3.373 + 3.374 ++ memset(&version, 0, sizeof(version)); 3.375 ++ 3.376 + dev->driver->version(&version); 3.377 + retv.drm_di_major = DRM_IF_MAJOR; 3.378 + retv.drm_di_minor = DRM_IF_MINOR; 3.379 +diff -Nru a/drivers/i2c/chips/eeprom.c b/drivers/i2c/chips/eeprom.c 3.380 +--- a/drivers/i2c/chips/eeprom.c 2005-05-11 15:43:53 -07:00 3.381 ++++ b/drivers/i2c/chips/eeprom.c 2005-05-11 15:43:53 -07:00 3.382 +@@ -130,7 +130,8 @@ 3.383 + 3.384 + /* Hide Vaio security settings to regular users (16 first bytes) */ 3.385 + if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) { 3.386 +- int in_row1 = 16 - off; 3.387 ++ size_t in_row1 = 16 - off; 3.388 ++ in_row1 = min(in_row1, count); 3.389 + memset(buf, 0, in_row1); 3.390 + if (count - in_row1 > 0) 3.391 + memcpy(buf + in_row1, &data->data[16], count - in_row1); 3.392 +diff -Nru a/drivers/i2c/chips/it87.c b/drivers/i2c/chips/it87.c 3.393 +--- a/drivers/i2c/chips/it87.c 2005-05-11 15:43:53 -07:00 3.394 ++++ b/drivers/i2c/chips/it87.c 2005-05-11 15:43:53 -07:00 3.395 +@@ -631,7 +631,7 @@ 3.396 + struct it87_data *data = it87_update_device(dev); 3.397 + return sprintf(buf,"%d\n", ALARMS_FROM_REG(data->alarms)); 3.398 + } 3.399 +-static DEVICE_ATTR(alarms, S_IRUGO | S_IWUSR, show_alarms, NULL); 3.400 ++static DEVICE_ATTR(alarms, S_IRUGO, show_alarms, NULL); 3.401 + 3.402 + static ssize_t 3.403 + show_vrm_reg(struct device *dev, char *buf) 3.404 +diff -Nru a/drivers/i2c/chips/via686a.c b/drivers/i2c/chips/via686a.c 3.405 +--- a/drivers/i2c/chips/via686a.c 2005-05-11 15:43:53 -07:00 3.406 ++++ b/drivers/i2c/chips/via686a.c 2005-05-11 15:43:53 -07:00 3.407 +@@ -554,7 +554,7 @@ 3.408 + struct via686a_data *data = via686a_update_device(dev); 3.409 + return sprintf(buf,"%d\n", ALARMS_FROM_REG(data->alarms)); 3.410 + } 3.411 +-static DEVICE_ATTR(alarms, S_IRUGO | S_IWUSR, show_alarms, NULL); 3.412 ++static DEVICE_ATTR(alarms, S_IRUGO, show_alarms, NULL); 3.413 + 3.414 + /* The driver. I choose to use type i2c_driver, as at is identical to both 3.415 + smbus_driver and isa_driver, and clients could be of either kind */ 3.416 +diff -Nru a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h 3.417 +--- a/drivers/input/serio/i8042-x86ia64io.h 2005-05-11 15:43:53 -07:00 3.418 ++++ b/drivers/input/serio/i8042-x86ia64io.h 2005-05-11 15:43:53 -07:00 3.419 +@@ -88,7 +88,7 @@ 3.420 + }; 3.421 + #endif 3.422 + 3.423 +-#ifdef CONFIG_ACPI 3.424 ++#if defined(__ia64__) && defined(CONFIG_ACPI) 3.425 + #include <linux/acpi.h> 3.426 + #include <acpi/acpi_bus.h> 3.427 + 3.428 +@@ -281,7 +281,7 @@ 3.429 + i8042_kbd_irq = I8042_MAP_IRQ(1); 3.430 + i8042_aux_irq = I8042_MAP_IRQ(12); 3.431 + 3.432 +-#ifdef CONFIG_ACPI 3.433 ++#if defined(__ia64__) && defined(CONFIG_ACPI) 3.434 + if (i8042_acpi_init()) 3.435 + return -1; 3.436 + #endif 3.437 +@@ -300,7 +300,7 @@ 3.438 + 3.439 + static inline void i8042_platform_exit(void) 3.440 + { 3.441 +-#ifdef CONFIG_ACPI 3.442 ++#if defined(__ia64__) && defined(CONFIG_ACPI) 3.443 + i8042_acpi_exit(); 3.444 + #endif 3.445 + } 3.446 +diff -Nru a/drivers/md/raid6altivec.uc b/drivers/md/raid6altivec.uc 3.447 +--- a/drivers/md/raid6altivec.uc 2005-05-11 15:43:53 -07:00 3.448 ++++ b/drivers/md/raid6altivec.uc 2005-05-11 15:43:53 -07:00 3.449 +@@ -108,7 +108,11 @@ 3.450 + int raid6_have_altivec(void) 3.451 + { 3.452 + /* This assumes either all CPUs have Altivec or none does */ 3.453 ++#ifdef CONFIG_PPC64 3.454 + return cur_cpu_spec->cpu_features & CPU_FTR_ALTIVEC; 3.455 ++#else 3.456 ++ return cur_cpu_spec[0]->cpu_features & CPU_FTR_ALTIVEC; 3.457 ++#endif 3.458 + } 3.459 + #endif 3.460 + 3.461 +diff -Nru a/drivers/media/video/adv7170.c b/drivers/media/video/adv7170.c 3.462 +--- a/drivers/media/video/adv7170.c 2005-05-11 15:43:53 -07:00 3.463 ++++ b/drivers/media/video/adv7170.c 2005-05-11 15:43:53 -07:00 3.464 +@@ -130,7 +130,7 @@ 3.465 + u8 block_data[32]; 3.466 + 3.467 + msg.addr = client->addr; 3.468 +- msg.flags = client->flags; 3.469 ++ msg.flags = 0; 3.470 + while (len >= 2) { 3.471 + msg.buf = (char *) block_data; 3.472 + msg.len = 0; 3.473 +diff -Nru a/drivers/media/video/adv7175.c b/drivers/media/video/adv7175.c 3.474 +--- a/drivers/media/video/adv7175.c 2005-05-11 15:43:53 -07:00 3.475 ++++ b/drivers/media/video/adv7175.c 2005-05-11 15:43:53 -07:00 3.476 +@@ -126,7 +126,7 @@ 3.477 + u8 block_data[32]; 3.478 + 3.479 + msg.addr = client->addr; 3.480 +- msg.flags = client->flags; 3.481 ++ msg.flags = 0; 3.482 + while (len >= 2) { 3.483 + msg.buf = (char *) block_data; 3.484 + msg.len = 0; 3.485 +diff -Nru a/drivers/media/video/bt819.c b/drivers/media/video/bt819.c 3.486 +--- a/drivers/media/video/bt819.c 2005-05-11 15:43:53 -07:00 3.487 ++++ b/drivers/media/video/bt819.c 2005-05-11 15:43:53 -07:00 3.488 +@@ -146,7 +146,7 @@ 3.489 + u8 block_data[32]; 3.490 + 3.491 + msg.addr = client->addr; 3.492 +- msg.flags = client->flags; 3.493 ++ msg.flags = 0; 3.494 + while (len >= 2) { 3.495 + msg.buf = (char *) block_data; 3.496 + msg.len = 0; 3.497 +diff -Nru a/drivers/media/video/bttv-cards.c b/drivers/media/video/bttv-cards.c 3.498 +--- a/drivers/media/video/bttv-cards.c 2005-05-11 15:43:53 -07:00 3.499 ++++ b/drivers/media/video/bttv-cards.c 2005-05-11 15:43:53 -07:00 3.500 +@@ -2718,8 +2718,6 @@ 3.501 + } 3.502 + btv->pll.pll_current = -1; 3.503 + 3.504 +- bttv_reset_audio(btv); 3.505 +- 3.506 + /* tuner configuration (from card list / autodetect / insmod option) */ 3.507 + if (UNSET != bttv_tvcards[btv->c.type].tuner_type) 3.508 + if(UNSET == btv->tuner_type) 3.509 +diff -Nru a/drivers/media/video/saa7110.c b/drivers/media/video/saa7110.c 3.510 +--- a/drivers/media/video/saa7110.c 2005-05-11 15:43:53 -07:00 3.511 ++++ b/drivers/media/video/saa7110.c 2005-05-11 15:43:53 -07:00 3.512 +@@ -60,8 +60,10 @@ 3.513 + 3.514 + #define I2C_SAA7110 0x9C /* or 0x9E */ 3.515 + 3.516 ++#define SAA7110_NR_REG 0x35 3.517 ++ 3.518 + struct saa7110 { 3.519 +- unsigned char reg[54]; 3.520 ++ u8 reg[SAA7110_NR_REG]; 3.521 + 3.522 + int norm; 3.523 + int input; 3.524 +@@ -95,31 +97,28 @@ 3.525 + unsigned int len) 3.526 + { 3.527 + int ret = -1; 3.528 +- u8 reg = *data++; 3.529 ++ u8 reg = *data; /* first register to write to */ 3.530 + 3.531 +- len--; 3.532 ++ /* Sanity check */ 3.533 ++ if (reg + (len - 1) > SAA7110_NR_REG) 3.534 ++ return ret; 3.535 + 3.536 + /* the saa7110 has an autoincrement function, use it if 3.537 + * the adapter understands raw I2C */ 3.538 + if (i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) { 3.539 + struct saa7110 *decoder = i2c_get_clientdata(client); 3.540 + struct i2c_msg msg; 3.541 +- u8 block_data[54]; 3.542 + 3.543 +- msg.len = 0; 3.544 +- msg.buf = (char *) block_data; 3.545 ++ msg.len = len; 3.546 ++ msg.buf = (char *) data; 3.547 + msg.addr = client->addr; 3.548 +- msg.flags = client->flags; 3.549 +- while (len >= 1) { 3.550 +- msg.len = 0; 3.551 +- block_data[msg.len++] = reg; 3.552 +- while (len-- >= 1 && msg.len < 54) 3.553 +- block_data[msg.len++] = 3.554 +- decoder->reg[reg++] = *data++; 3.555 +- ret = i2c_transfer(client->adapter, &msg, 1); 3.556 +- } 3.557 ++ msg.flags = 0; 3.558 ++ ret = i2c_transfer(client->adapter, &msg, 1); 3.559 ++ 3.560 ++ /* Cache the written data */ 3.561 ++ memcpy(decoder->reg + reg, data + 1, len - 1); 3.562 + } else { 3.563 +- while (len-- >= 1) { 3.564 ++ for (++data, --len; len; len--) { 3.565 + if ((ret = saa7110_write(client, reg++, 3.566 + *data++)) < 0) 3.567 + break; 3.568 +@@ -192,7 +191,7 @@ 3.569 + return 0; 3.570 + } 3.571 + 3.572 +-static const unsigned char initseq[] = { 3.573 ++static const unsigned char initseq[1 + SAA7110_NR_REG] = { 3.574 + 0, 0x4C, 0x3C, 0x0D, 0xEF, 0xBD, 0xF2, 0x03, 0x00, 3.575 + /* 0x08 */ 0xF8, 0xF8, 0x60, 0x60, 0x00, 0x86, 0x18, 0x90, 3.576 + /* 0x10 */ 0x00, 0x59, 0x40, 0x46, 0x42, 0x1A, 0xFF, 0xDA, 3.577 +diff -Nru a/drivers/media/video/saa7114.c b/drivers/media/video/saa7114.c 3.578 +--- a/drivers/media/video/saa7114.c 2005-05-11 15:43:53 -07:00 3.579 ++++ b/drivers/media/video/saa7114.c 2005-05-11 15:43:53 -07:00 3.580 +@@ -163,7 +163,7 @@ 3.581 + u8 block_data[32]; 3.582 + 3.583 + msg.addr = client->addr; 3.584 +- msg.flags = client->flags; 3.585 ++ msg.flags = 0; 3.586 + while (len >= 2) { 3.587 + msg.buf = (char *) block_data; 3.588 + msg.len = 0; 3.589 +diff -Nru a/drivers/media/video/saa7185.c b/drivers/media/video/saa7185.c 3.590 +--- a/drivers/media/video/saa7185.c 2005-05-11 15:43:53 -07:00 3.591 ++++ b/drivers/media/video/saa7185.c 2005-05-11 15:43:53 -07:00 3.592 +@@ -118,7 +118,7 @@ 3.593 + u8 block_data[32]; 3.594 + 3.595 + msg.addr = client->addr; 3.596 +- msg.flags = client->flags; 3.597 ++ msg.flags = 0; 3.598 + while (len >= 2) { 3.599 + msg.buf = (char *) block_data; 3.600 + msg.len = 0; 3.601 +diff -Nru a/drivers/net/amd8111e.c b/drivers/net/amd8111e.c 3.602 +--- a/drivers/net/amd8111e.c 2005-05-11 15:43:53 -07:00 3.603 ++++ b/drivers/net/amd8111e.c 2005-05-11 15:43:53 -07:00 3.604 +@@ -1381,6 +1381,8 @@ 3.605 + 3.606 + if(amd8111e_restart(dev)){ 3.607 + spin_unlock_irq(&lp->lock); 3.608 ++ if (dev->irq) 3.609 ++ free_irq(dev->irq, dev); 3.610 + return -ENOMEM; 3.611 + } 3.612 + /* Start ipg timer */ 3.613 +diff -Nru a/drivers/net/ppp_async.c b/drivers/net/ppp_async.c 3.614 +--- a/drivers/net/ppp_async.c 2005-05-11 15:43:53 -07:00 3.615 ++++ b/drivers/net/ppp_async.c 2005-05-11 15:43:53 -07:00 3.616 +@@ -1000,7 +1000,7 @@ 3.617 + data += 4; 3.618 + dlen -= 4; 3.619 + /* data[0] is code, data[1] is length */ 3.620 +- while (dlen >= 2 && dlen >= data[1]) { 3.621 ++ while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) { 3.622 + switch (data[0]) { 3.623 + case LCP_MRU: 3.624 + val = (data[2] << 8) + data[3]; 3.625 +diff -Nru a/drivers/net/r8169.c b/drivers/net/r8169.c 3.626 +--- a/drivers/net/r8169.c 2005-05-11 15:43:53 -07:00 3.627 ++++ b/drivers/net/r8169.c 2005-05-11 15:43:53 -07:00 3.628 +@@ -1683,16 +1683,19 @@ 3.629 + rtl8169_make_unusable_by_asic(desc); 3.630 + } 3.631 + 3.632 +-static inline void rtl8169_return_to_asic(struct RxDesc *desc, int rx_buf_sz) 3.633 ++static inline void rtl8169_mark_to_asic(struct RxDesc *desc, u32 rx_buf_sz) 3.634 + { 3.635 +- desc->opts1 |= cpu_to_le32(DescOwn + rx_buf_sz); 3.636 ++ u32 eor = le32_to_cpu(desc->opts1) & RingEnd; 3.637 ++ 3.638 ++ desc->opts1 = cpu_to_le32(DescOwn | eor | rx_buf_sz); 3.639 + } 3.640 + 3.641 +-static inline void rtl8169_give_to_asic(struct RxDesc *desc, dma_addr_t mapping, 3.642 +- int rx_buf_sz) 3.643 ++static inline void rtl8169_map_to_asic(struct RxDesc *desc, dma_addr_t mapping, 3.644 ++ u32 rx_buf_sz) 3.645 + { 3.646 + desc->addr = cpu_to_le64(mapping); 3.647 +- desc->opts1 |= cpu_to_le32(DescOwn + rx_buf_sz); 3.648 ++ wmb(); 3.649 ++ rtl8169_mark_to_asic(desc, rx_buf_sz); 3.650 + } 3.651 + 3.652 + static int rtl8169_alloc_rx_skb(struct pci_dev *pdev, struct sk_buff **sk_buff, 3.653 +@@ -1712,7 +1715,7 @@ 3.654 + mapping = pci_map_single(pdev, skb->tail, rx_buf_sz, 3.655 + PCI_DMA_FROMDEVICE); 3.656 + 3.657 +- rtl8169_give_to_asic(desc, mapping, rx_buf_sz); 3.658 ++ rtl8169_map_to_asic(desc, mapping, rx_buf_sz); 3.659 + 3.660 + out: 3.661 + return ret; 3.662 +@@ -2150,7 +2153,7 @@ 3.663 + skb_reserve(skb, NET_IP_ALIGN); 3.664 + eth_copy_and_sum(skb, sk_buff[0]->tail, pkt_size, 0); 3.665 + *sk_buff = skb; 3.666 +- rtl8169_return_to_asic(desc, rx_buf_sz); 3.667 ++ rtl8169_mark_to_asic(desc, rx_buf_sz); 3.668 + ret = 0; 3.669 + } 3.670 + } 3.671 +diff -Nru a/drivers/net/sis900.c b/drivers/net/sis900.c 3.672 +--- a/drivers/net/sis900.c 2005-05-11 15:43:53 -07:00 3.673 ++++ b/drivers/net/sis900.c 2005-05-11 15:43:53 -07:00 3.674 +@@ -236,7 +236,7 @@ 3.675 + signature = (u16) read_eeprom(ioaddr, EEPROMSignature); 3.676 + if (signature == 0xffff || signature == 0x0000) { 3.677 + printk (KERN_INFO "%s: Error EERPOM read %x\n", 3.678 +- net_dev->name, signature); 3.679 ++ pci_name(pci_dev), signature); 3.680 + return 0; 3.681 + } 3.682 + 3.683 +@@ -268,7 +268,7 @@ 3.684 + if (!isa_bridge) 3.685 + isa_bridge = pci_get_device(PCI_VENDOR_ID_SI, 0x0018, isa_bridge); 3.686 + if (!isa_bridge) { 3.687 +- printk("%s: Can not find ISA bridge\n", net_dev->name); 3.688 ++ printk("%s: Can not find ISA bridge\n", pci_name(pci_dev)); 3.689 + return 0; 3.690 + } 3.691 + pci_read_config_byte(isa_bridge, 0x48, ®); 3.692 +@@ -456,10 +456,6 @@ 3.693 + net_dev->tx_timeout = sis900_tx_timeout; 3.694 + net_dev->watchdog_timeo = TX_TIMEOUT; 3.695 + net_dev->ethtool_ops = &sis900_ethtool_ops; 3.696 +- 3.697 +- ret = register_netdev(net_dev); 3.698 +- if (ret) 3.699 +- goto err_unmap_rx; 3.700 + 3.701 + /* Get Mac address according to the chip revision */ 3.702 + pci_read_config_byte(pci_dev, PCI_CLASS_REVISION, &revision); 3.703 +@@ -476,7 +472,7 @@ 3.704 + 3.705 + if (ret == 0) { 3.706 + ret = -ENODEV; 3.707 +- goto err_out_unregister; 3.708 ++ goto err_unmap_rx; 3.709 + } 3.710 + 3.711 + /* 630ET : set the mii access mode as software-mode */ 3.712 +@@ -486,7 +482,7 @@ 3.713 + /* probe for mii transceiver */ 3.714 + if (sis900_mii_probe(net_dev) == 0) { 3.715 + ret = -ENODEV; 3.716 +- goto err_out_unregister; 3.717 ++ goto err_unmap_rx; 3.718 + } 3.719 + 3.720 + /* save our host bridge revision */ 3.721 +@@ -496,6 +492,10 @@ 3.722 + pci_dev_put(dev); 3.723 + } 3.724 + 3.725 ++ ret = register_netdev(net_dev); 3.726 ++ if (ret) 3.727 ++ goto err_unmap_rx; 3.728 ++ 3.729 + /* print some information about our NIC */ 3.730 + printk(KERN_INFO "%s: %s at %#lx, IRQ %d, ", net_dev->name, 3.731 + card_name, ioaddr, net_dev->irq); 3.732 +@@ -505,8 +505,6 @@ 3.733 + 3.734 + return 0; 3.735 + 3.736 +- err_out_unregister: 3.737 +- unregister_netdev(net_dev); 3.738 + err_unmap_rx: 3.739 + pci_free_consistent(pci_dev, RX_TOTAL_SIZE, sis_priv->rx_ring, 3.740 + sis_priv->rx_ring_dma); 3.741 +@@ -533,6 +531,7 @@ 3.742 + static int __init sis900_mii_probe(struct net_device * net_dev) 3.743 + { 3.744 + struct sis900_private * sis_priv = net_dev->priv; 3.745 ++ const char *dev_name = pci_name(sis_priv->pci_dev); 3.746 + u16 poll_bit = MII_STAT_LINK, status = 0; 3.747 + unsigned long timeout = jiffies + 5 * HZ; 3.748 + int phy_addr; 3.749 +@@ -582,21 +581,20 @@ 3.750 + mii_phy->phy_types = 3.751 + (mii_status & (MII_STAT_CAN_TX_FDX | MII_STAT_CAN_TX)) ? LAN : HOME; 3.752 + printk(KERN_INFO "%s: %s transceiver found at address %d.\n", 3.753 +- net_dev->name, mii_chip_table[i].name, 3.754 ++ dev_name, mii_chip_table[i].name, 3.755 + phy_addr); 3.756 + break; 3.757 + } 3.758 + 3.759 + if( !mii_chip_table[i].phy_id1 ) { 3.760 + printk(KERN_INFO "%s: Unknown PHY transceiver found at address %d.\n", 3.761 +- net_dev->name, phy_addr); 3.762 ++ dev_name, phy_addr); 3.763 + mii_phy->phy_types = UNKNOWN; 3.764 + } 3.765 + } 3.766 + 3.767 + if (sis_priv->mii == NULL) { 3.768 +- printk(KERN_INFO "%s: No MII transceivers found!\n", 3.769 +- net_dev->name); 3.770 ++ printk(KERN_INFO "%s: No MII transceivers found!\n", dev_name); 3.771 + return 0; 3.772 + } 3.773 + 3.774 +@@ -621,7 +619,7 @@ 3.775 + poll_bit ^= (mdio_read(net_dev, sis_priv->cur_phy, MII_STATUS) & poll_bit); 3.776 + if (time_after_eq(jiffies, timeout)) { 3.777 + printk(KERN_WARNING "%s: reset phy and link down now\n", 3.778 +- net_dev->name); 3.779 ++ dev_name); 3.780 + return -ETIME; 3.781 + } 3.782 + } 3.783 +@@ -691,7 +689,7 @@ 3.784 + sis_priv->mii = default_phy; 3.785 + sis_priv->cur_phy = default_phy->phy_addr; 3.786 + printk(KERN_INFO "%s: Using transceiver found at address %d as default\n", 3.787 +- net_dev->name,sis_priv->cur_phy); 3.788 ++ pci_name(sis_priv->pci_dev), sis_priv->cur_phy); 3.789 + } 3.790 + 3.791 + status = mdio_read(net_dev, sis_priv->cur_phy, MII_CONTROL); 3.792 +diff -Nru a/drivers/net/tun.c b/drivers/net/tun.c 3.793 +--- a/drivers/net/tun.c 2005-05-11 15:43:53 -07:00 3.794 ++++ b/drivers/net/tun.c 2005-05-11 15:43:53 -07:00 3.795 +@@ -229,7 +229,7 @@ 3.796 + size_t len = count; 3.797 + 3.798 + if (!(tun->flags & TUN_NO_PI)) { 3.799 +- if ((len -= sizeof(pi)) > len) 3.800 ++ if ((len -= sizeof(pi)) > count) 3.801 + return -EINVAL; 3.802 + 3.803 + if(memcpy_fromiovec((void *)&pi, iv, sizeof(pi))) 3.804 +diff -Nru a/drivers/net/via-rhine.c b/drivers/net/via-rhine.c 3.805 +--- a/drivers/net/via-rhine.c 2005-05-11 15:43:53 -07:00 3.806 ++++ b/drivers/net/via-rhine.c 2005-05-11 15:43:53 -07:00 3.807 +@@ -1197,8 +1197,10 @@ 3.808 + dev->name, rp->pdev->irq); 3.809 + 3.810 + rc = alloc_ring(dev); 3.811 +- if (rc) 3.812 ++ if (rc) { 3.813 ++ free_irq(rp->pdev->irq, dev); 3.814 + return rc; 3.815 ++ } 3.816 + alloc_rbufs(dev); 3.817 + alloc_tbufs(dev); 3.818 + rhine_chip_reset(dev); 3.819 +@@ -1898,6 +1900,9 @@ 3.820 + struct net_device *dev = pci_get_drvdata(pdev); 3.821 + struct rhine_private *rp = netdev_priv(dev); 3.822 + void __iomem *ioaddr = rp->base; 3.823 ++ 3.824 ++ if (!(rp->quirks & rqWOL)) 3.825 ++ return; /* Nothing to do for non-WOL adapters */ 3.826 + 3.827 + rhine_power_init(dev); 3.828 + 3.829 +diff -Nru a/drivers/net/wan/hd6457x.c b/drivers/net/wan/hd6457x.c 3.830 +--- a/drivers/net/wan/hd6457x.c 2005-05-11 15:43:53 -07:00 3.831 ++++ b/drivers/net/wan/hd6457x.c 2005-05-11 15:43:53 -07:00 3.832 +@@ -315,7 +315,7 @@ 3.833 + #endif 3.834 + stats->rx_packets++; 3.835 + stats->rx_bytes += skb->len; 3.836 +- skb->dev->last_rx = jiffies; 3.837 ++ dev->last_rx = jiffies; 3.838 + skb->protocol = hdlc_type_trans(skb, dev); 3.839 + netif_rx(skb); 3.840 + } 3.841 +diff -Nru a/drivers/pci/hotplug/pciehp_ctrl.c b/drivers/pci/hotplug/pciehp_ctrl.c 3.842 +--- a/drivers/pci/hotplug/pciehp_ctrl.c 2005-05-11 15:43:53 -07:00 3.843 ++++ b/drivers/pci/hotplug/pciehp_ctrl.c 2005-05-11 15:43:53 -07:00 3.844 +@@ -1354,10 +1354,11 @@ 3.845 + dbg("PCI Bridge Hot-Remove s:b:d:f(%02x:%02x:%02x:%02x)\n", 3.846 + ctrl->seg, func->bus, func->device, func->function); 3.847 + bridge_slot_remove(func); 3.848 +- } else 3.849 ++ } else { 3.850 + dbg("PCI Function Hot-Remove s:b:d:f(%02x:%02x:%02x:%02x)\n", 3.851 + ctrl->seg, func->bus, func->device, func->function); 3.852 + slot_remove(func); 3.853 ++ } 3.854 + 3.855 + func = pciehp_slot_find(ctrl->slot_bus, device, 0); 3.856 + } 3.857 +diff -Nru a/fs/binfmt_elf.c b/fs/binfmt_elf.c 3.858 +--- a/fs/binfmt_elf.c 2005-05-11 15:43:53 -07:00 3.859 ++++ b/fs/binfmt_elf.c 2005-05-11 15:43:53 -07:00 3.860 +@@ -257,7 +257,7 @@ 3.861 + } 3.862 + 3.863 + /* Populate argv and envp */ 3.864 +- p = current->mm->arg_start; 3.865 ++ p = current->mm->arg_end = current->mm->arg_start; 3.866 + while (argc-- > 0) { 3.867 + size_t len; 3.868 + __put_user((elf_addr_t)p, argv++); 3.869 +@@ -1008,6 +1008,7 @@ 3.870 + static int load_elf_library(struct file *file) 3.871 + { 3.872 + struct elf_phdr *elf_phdata; 3.873 ++ struct elf_phdr *eppnt; 3.874 + unsigned long elf_bss, bss, len; 3.875 + int retval, error, i, j; 3.876 + struct elfhdr elf_ex; 3.877 +@@ -1031,44 +1032,47 @@ 3.878 + /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */ 3.879 + 3.880 + error = -ENOMEM; 3.881 +- elf_phdata = (struct elf_phdr *) kmalloc(j, GFP_KERNEL); 3.882 ++ elf_phdata = kmalloc(j, GFP_KERNEL); 3.883 + if (!elf_phdata) 3.884 + goto out; 3.885 + 3.886 ++ eppnt = elf_phdata; 3.887 + error = -ENOEXEC; 3.888 +- retval = kernel_read(file, elf_ex.e_phoff, (char *) elf_phdata, j); 3.889 ++ retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j); 3.890 + if (retval != j) 3.891 + goto out_free_ph; 3.892 + 3.893 + for (j = 0, i = 0; i<elf_ex.e_phnum; i++) 3.894 +- if ((elf_phdata + i)->p_type == PT_LOAD) j++; 3.895 ++ if ((eppnt + i)->p_type == PT_LOAD) 3.896 ++ j++; 3.897 + if (j != 1) 3.898 + goto out_free_ph; 3.899 + 3.900 +- while (elf_phdata->p_type != PT_LOAD) elf_phdata++; 3.901 ++ while (eppnt->p_type != PT_LOAD) 3.902 ++ eppnt++; 3.903 + 3.904 + /* Now use mmap to map the library into memory. */ 3.905 + down_write(¤t->mm->mmap_sem); 3.906 + error = do_mmap(file, 3.907 +- ELF_PAGESTART(elf_phdata->p_vaddr), 3.908 +- (elf_phdata->p_filesz + 3.909 +- ELF_PAGEOFFSET(elf_phdata->p_vaddr)), 3.910 ++ ELF_PAGESTART(eppnt->p_vaddr), 3.911 ++ (eppnt->p_filesz + 3.912 ++ ELF_PAGEOFFSET(eppnt->p_vaddr)), 3.913 + PROT_READ | PROT_WRITE | PROT_EXEC, 3.914 + MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE, 3.915 +- (elf_phdata->p_offset - 3.916 +- ELF_PAGEOFFSET(elf_phdata->p_vaddr))); 3.917 ++ (eppnt->p_offset - 3.918 ++ ELF_PAGEOFFSET(eppnt->p_vaddr))); 3.919 + up_write(¤t->mm->mmap_sem); 3.920 +- if (error != ELF_PAGESTART(elf_phdata->p_vaddr)) 3.921 ++ if (error != ELF_PAGESTART(eppnt->p_vaddr)) 3.922 + goto out_free_ph; 3.923 + 3.924 +- elf_bss = elf_phdata->p_vaddr + elf_phdata->p_filesz; 3.925 ++ elf_bss = eppnt->p_vaddr + eppnt->p_filesz; 3.926 + if (padzero(elf_bss)) { 3.927 + error = -EFAULT; 3.928 + goto out_free_ph; 3.929 + } 3.930 + 3.931 +- len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1); 3.932 +- bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; 3.933 ++ len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + ELF_MIN_ALIGN - 1); 3.934 ++ bss = eppnt->p_memsz + eppnt->p_vaddr; 3.935 + if (bss > len) { 3.936 + down_write(¤t->mm->mmap_sem); 3.937 + do_brk(len, bss - len); 3.938 +@@ -1275,7 +1279,7 @@ 3.939 + static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, 3.940 + struct mm_struct *mm) 3.941 + { 3.942 +- int i, len; 3.943 ++ unsigned int i, len; 3.944 + 3.945 + /* first copy the parameters from user space */ 3.946 + memset(psinfo, 0, sizeof(struct elf_prpsinfo)); 3.947 +diff -Nru a/fs/cramfs/inode.c b/fs/cramfs/inode.c 3.948 +--- a/fs/cramfs/inode.c 2005-05-11 15:43:53 -07:00 3.949 ++++ b/fs/cramfs/inode.c 2005-05-11 15:43:53 -07:00 3.950 +@@ -70,6 +70,7 @@ 3.951 + inode->i_data.a_ops = &cramfs_aops; 3.952 + } else { 3.953 + inode->i_size = 0; 3.954 ++ inode->i_blocks = 0; 3.955 + init_special_inode(inode, inode->i_mode, 3.956 + old_decode_dev(cramfs_inode->size)); 3.957 + } 3.958 +diff -Nru a/fs/eventpoll.c b/fs/eventpoll.c 3.959 +--- a/fs/eventpoll.c 2005-05-11 15:43:53 -07:00 3.960 ++++ b/fs/eventpoll.c 2005-05-11 15:43:53 -07:00 3.961 +@@ -619,6 +619,7 @@ 3.962 + return error; 3.963 + } 3.964 + 3.965 ++#define MAX_EVENTS (INT_MAX / sizeof(struct epoll_event)) 3.966 + 3.967 + /* 3.968 + * Implement the event wait interface for the eventpoll file. It is the kernel 3.969 +@@ -635,7 +636,7 @@ 3.970 + current, epfd, events, maxevents, timeout)); 3.971 + 3.972 + /* The maximum number of event must be greater than zero */ 3.973 +- if (maxevents <= 0) 3.974 ++ if (maxevents <= 0 || maxevents > MAX_EVENTS) 3.975 + return -EINVAL; 3.976 + 3.977 + /* Verify that the area passed by the user is writeable */ 3.978 +diff -Nru a/fs/exec.c b/fs/exec.c 3.979 +--- a/fs/exec.c 2005-05-11 15:43:53 -07:00 3.980 ++++ b/fs/exec.c 2005-05-11 15:43:53 -07:00 3.981 +@@ -814,7 +814,7 @@ 3.982 + { 3.983 + /* buf must be at least sizeof(tsk->comm) in size */ 3.984 + task_lock(tsk); 3.985 +- memcpy(buf, tsk->comm, sizeof(tsk->comm)); 3.986 ++ strncpy(buf, tsk->comm, sizeof(tsk->comm)); 3.987 + task_unlock(tsk); 3.988 + } 3.989 + 3.990 +diff -Nru a/fs/ext2/dir.c b/fs/ext2/dir.c 3.991 +--- a/fs/ext2/dir.c 2005-05-11 15:43:53 -07:00 3.992 ++++ b/fs/ext2/dir.c 2005-05-11 15:43:53 -07:00 3.993 +@@ -592,6 +592,7 @@ 3.994 + goto fail; 3.995 + } 3.996 + kaddr = kmap_atomic(page, KM_USER0); 3.997 ++ memset(kaddr, 0, chunk_size); 3.998 + de = (struct ext2_dir_entry_2 *)kaddr; 3.999 + de->name_len = 1; 3.1000 + de->rec_len = cpu_to_le16(EXT2_DIR_REC_LEN(1)); 3.1001 +diff -Nru a/fs/isofs/inode.c b/fs/isofs/inode.c 3.1002 +--- a/fs/isofs/inode.c 2005-05-11 15:43:53 -07:00 3.1003 ++++ b/fs/isofs/inode.c 2005-05-11 15:43:53 -07:00 3.1004 +@@ -685,6 +685,8 @@ 3.1005 + sbi->s_log_zone_size = isonum_723 (h_pri->logical_block_size); 3.1006 + sbi->s_max_size = isonum_733(h_pri->volume_space_size); 3.1007 + } else { 3.1008 ++ if (!pri) 3.1009 ++ goto out_freebh; 3.1010 + rootp = (struct iso_directory_record *) pri->root_directory_record; 3.1011 + sbi->s_nzones = isonum_733 (pri->volume_space_size); 3.1012 + sbi->s_log_zone_size = isonum_723 (pri->logical_block_size); 3.1013 +@@ -1394,6 +1396,9 @@ 3.1014 + unsigned long hashval; 3.1015 + struct inode *inode; 3.1016 + struct isofs_iget5_callback_data data; 3.1017 ++ 3.1018 ++ if (offset >= 1ul << sb->s_blocksize_bits) 3.1019 ++ return NULL; 3.1020 + 3.1021 + data.block = block; 3.1022 + data.offset = offset; 3.1023 +diff -Nru a/fs/isofs/rock.c b/fs/isofs/rock.c 3.1024 +--- a/fs/isofs/rock.c 2005-05-11 15:43:53 -07:00 3.1025 ++++ b/fs/isofs/rock.c 2005-05-11 15:43:53 -07:00 3.1026 +@@ -53,6 +53,7 @@ 3.1027 + if(LEN & 1) LEN++; \ 3.1028 + CHR = ((unsigned char *) DE) + LEN; \ 3.1029 + LEN = *((unsigned char *) DE) - LEN; \ 3.1030 ++ if (LEN<0) LEN=0; \ 3.1031 + if (ISOFS_SB(inode->i_sb)->s_rock_offset!=-1) \ 3.1032 + { \ 3.1033 + LEN-=ISOFS_SB(inode->i_sb)->s_rock_offset; \ 3.1034 +@@ -73,6 +74,10 @@ 3.1035 + offset1 = 0; \ 3.1036 + pbh = sb_bread(DEV->i_sb, block); \ 3.1037 + if(pbh){ \ 3.1038 ++ if (offset > pbh->b_size || offset + cont_size > pbh->b_size){ \ 3.1039 ++ brelse(pbh); \ 3.1040 ++ goto out; \ 3.1041 ++ } \ 3.1042 + memcpy(buffer + offset1, pbh->b_data + offset, cont_size - offset1); \ 3.1043 + brelse(pbh); \ 3.1044 + chr = (unsigned char *) buffer; \ 3.1045 +@@ -103,12 +108,13 @@ 3.1046 + struct rock_ridge * rr; 3.1047 + int sig; 3.1048 + 3.1049 +- while (len > 1){ /* There may be one byte for padding somewhere */ 3.1050 ++ while (len > 2){ /* There may be one byte for padding somewhere */ 3.1051 + rr = (struct rock_ridge *) chr; 3.1052 +- if (rr->len == 0) goto out; /* Something got screwed up here */ 3.1053 ++ if (rr->len < 3) goto out; /* Something got screwed up here */ 3.1054 + sig = isonum_721(chr); 3.1055 + chr += rr->len; 3.1056 + len -= rr->len; 3.1057 ++ if (len < 0) goto out; /* corrupted isofs */ 3.1058 + 3.1059 + switch(sig){ 3.1060 + case SIG('R','R'): 3.1061 +@@ -122,6 +128,7 @@ 3.1062 + break; 3.1063 + case SIG('N','M'): 3.1064 + if (truncate) break; 3.1065 ++ if (rr->len < 5) break; 3.1066 + /* 3.1067 + * If the flags are 2 or 4, this indicates '.' or '..'. 3.1068 + * We don't want to do anything with this, because it 3.1069 +@@ -186,12 +193,13 @@ 3.1070 + struct rock_ridge * rr; 3.1071 + int rootflag; 3.1072 + 3.1073 +- while (len > 1){ /* There may be one byte for padding somewhere */ 3.1074 ++ while (len > 2){ /* There may be one byte for padding somewhere */ 3.1075 + rr = (struct rock_ridge *) chr; 3.1076 +- if (rr->len == 0) goto out; /* Something got screwed up here */ 3.1077 ++ if (rr->len < 3) goto out; /* Something got screwed up here */ 3.1078 + sig = isonum_721(chr); 3.1079 + chr += rr->len; 3.1080 + len -= rr->len; 3.1081 ++ if (len < 0) goto out; /* corrupted isofs */ 3.1082 + 3.1083 + switch(sig){ 3.1084 + #ifndef CONFIG_ZISOFS /* No flag for SF or ZF */ 3.1085 +@@ -462,7 +470,7 @@ 3.1086 + struct rock_ridge *rr; 3.1087 + 3.1088 + if (!ISOFS_SB(inode->i_sb)->s_rock) 3.1089 +- panic ("Cannot have symlink with high sierra variant of iso filesystem\n"); 3.1090 ++ goto error; 3.1091 + 3.1092 + block = ei->i_iget5_block; 3.1093 + lock_kernel(); 3.1094 +@@ -487,13 +495,15 @@ 3.1095 + SETUP_ROCK_RIDGE(raw_inode, chr, len); 3.1096 + 3.1097 + repeat: 3.1098 +- while (len > 1) { /* There may be one byte for padding somewhere */ 3.1099 ++ while (len > 2) { /* There may be one byte for padding somewhere */ 3.1100 + rr = (struct rock_ridge *) chr; 3.1101 +- if (rr->len == 0) 3.1102 ++ if (rr->len < 3) 3.1103 + goto out; /* Something got screwed up here */ 3.1104 + sig = isonum_721(chr); 3.1105 + chr += rr->len; 3.1106 + len -= rr->len; 3.1107 ++ if (len < 0) 3.1108 ++ goto out; /* corrupted isofs */ 3.1109 + 3.1110 + switch (sig) { 3.1111 + case SIG('R', 'R'): 3.1112 +@@ -543,6 +553,7 @@ 3.1113 + fail: 3.1114 + brelse(bh); 3.1115 + unlock_kernel(); 3.1116 ++ error: 3.1117 + SetPageError(page); 3.1118 + kunmap(page); 3.1119 + unlock_page(page); 3.1120 +diff -Nru a/fs/jbd/transaction.c b/fs/jbd/transaction.c 3.1121 +--- a/fs/jbd/transaction.c 2005-05-11 15:43:53 -07:00 3.1122 ++++ b/fs/jbd/transaction.c 2005-05-11 15:43:53 -07:00 3.1123 +@@ -1775,10 +1775,10 @@ 3.1124 + JBUFFER_TRACE(jh, "checkpointed: add to BJ_Forget"); 3.1125 + ret = __dispose_buffer(jh, 3.1126 + journal->j_running_transaction); 3.1127 ++ journal_put_journal_head(jh); 3.1128 + spin_unlock(&journal->j_list_lock); 3.1129 + jbd_unlock_bh_state(bh); 3.1130 + spin_unlock(&journal->j_state_lock); 3.1131 +- journal_put_journal_head(jh); 3.1132 + return ret; 3.1133 + } else { 3.1134 + /* There is no currently-running transaction. So the 3.1135 +@@ -1789,10 +1789,10 @@ 3.1136 + JBUFFER_TRACE(jh, "give to committing trans"); 3.1137 + ret = __dispose_buffer(jh, 3.1138 + journal->j_committing_transaction); 3.1139 ++ journal_put_journal_head(jh); 3.1140 + spin_unlock(&journal->j_list_lock); 3.1141 + jbd_unlock_bh_state(bh); 3.1142 + spin_unlock(&journal->j_state_lock); 3.1143 +- journal_put_journal_head(jh); 3.1144 + return ret; 3.1145 + } else { 3.1146 + /* The orphan record's transaction has 3.1147 +@@ -1813,10 +1813,10 @@ 3.1148 + journal->j_running_transaction); 3.1149 + jh->b_next_transaction = NULL; 3.1150 + } 3.1151 ++ journal_put_journal_head(jh); 3.1152 + spin_unlock(&journal->j_list_lock); 3.1153 + jbd_unlock_bh_state(bh); 3.1154 + spin_unlock(&journal->j_state_lock); 3.1155 +- journal_put_journal_head(jh); 3.1156 + return 0; 3.1157 + } else { 3.1158 + /* Good, the buffer belongs to the running transaction. 3.1159 +diff -Nru a/kernel/exit.c b/kernel/exit.c 3.1160 +--- a/kernel/exit.c 2005-05-11 15:43:53 -07:00 3.1161 ++++ b/kernel/exit.c 2005-05-11 15:43:53 -07:00 3.1162 +@@ -516,8 +516,6 @@ 3.1163 + */ 3.1164 + BUG_ON(p == reaper || reaper->exit_state >= EXIT_ZOMBIE); 3.1165 + p->real_parent = reaper; 3.1166 +- if (p->parent == p->real_parent) 3.1167 +- BUG(); 3.1168 + } 3.1169 + 3.1170 + static inline void reparent_thread(task_t *p, task_t *father, int traced) 3.1171 +diff -Nru a/kernel/signal.c b/kernel/signal.c 3.1172 +--- a/kernel/signal.c 2005-05-11 15:43:53 -07:00 3.1173 ++++ b/kernel/signal.c 2005-05-11 15:43:53 -07:00 3.1174 +@@ -1728,6 +1728,7 @@ 3.1175 + * with another processor delivering a stop signal, 3.1176 + * then the SIGCONT that wakes us up should clear it. 3.1177 + */ 3.1178 ++ read_unlock(&tasklist_lock); 3.1179 + return 0; 3.1180 + } 3.1181 + 3.1182 +diff -Nru a/lib/rwsem-spinlock.c b/lib/rwsem-spinlock.c 3.1183 +--- a/lib/rwsem-spinlock.c 2005-05-11 15:43:53 -07:00 3.1184 ++++ b/lib/rwsem-spinlock.c 2005-05-11 15:43:53 -07:00 3.1185 +@@ -140,12 +140,12 @@ 3.1186 + 3.1187 + rwsemtrace(sem, "Entering __down_read"); 3.1188 + 3.1189 +- spin_lock(&sem->wait_lock); 3.1190 ++ spin_lock_irq(&sem->wait_lock); 3.1191 + 3.1192 + if (sem->activity >= 0 && list_empty(&sem->wait_list)) { 3.1193 + /* granted */ 3.1194 + sem->activity++; 3.1195 +- spin_unlock(&sem->wait_lock); 3.1196 ++ spin_unlock_irq(&sem->wait_lock); 3.1197 + goto out; 3.1198 + } 3.1199 + 3.1200 +@@ -160,7 +160,7 @@ 3.1201 + list_add_tail(&waiter.list, &sem->wait_list); 3.1202 + 3.1203 + /* we don't need to touch the semaphore struct anymore */ 3.1204 +- spin_unlock(&sem->wait_lock); 3.1205 ++ spin_unlock_irq(&sem->wait_lock); 3.1206 + 3.1207 + /* wait to be given the lock */ 3.1208 + for (;;) { 3.1209 +@@ -181,10 +181,12 @@ 3.1210 + */ 3.1211 + int fastcall __down_read_trylock(struct rw_semaphore *sem) 3.1212 + { 3.1213 ++ unsigned long flags; 3.1214 + int ret = 0; 3.1215 ++ 3.1216 + rwsemtrace(sem, "Entering __down_read_trylock"); 3.1217 + 3.1218 +- spin_lock(&sem->wait_lock); 3.1219 ++ spin_lock_irqsave(&sem->wait_lock, flags); 3.1220 + 3.1221 + if (sem->activity >= 0 && list_empty(&sem->wait_list)) { 3.1222 + /* granted */ 3.1223 +@@ -192,7 +194,7 @@ 3.1224 + ret = 1; 3.1225 + } 3.1226 + 3.1227 +- spin_unlock(&sem->wait_lock); 3.1228 ++ spin_unlock_irqrestore(&sem->wait_lock, flags); 3.1229 + 3.1230 + rwsemtrace(sem, "Leaving __down_read_trylock"); 3.1231 + return ret; 3.1232 +@@ -209,12 +211,12 @@ 3.1233 + 3.1234 + rwsemtrace(sem, "Entering __down_write"); 3.1235 + 3.1236 +- spin_lock(&sem->wait_lock); 3.1237 ++ spin_lock_irq(&sem->wait_lock); 3.1238 + 3.1239 + if (sem->activity == 0 && list_empty(&sem->wait_list)) { 3.1240 + /* granted */ 3.1241 + sem->activity = -1; 3.1242 +- spin_unlock(&sem->wait_lock); 3.1243 ++ spin_unlock_irq(&sem->wait_lock); 3.1244 + goto out; 3.1245 + } 3.1246 + 3.1247 +@@ -229,7 +231,7 @@ 3.1248 + list_add_tail(&waiter.list, &sem->wait_list); 3.1249 + 3.1250 + /* we don't need to touch the semaphore struct anymore */ 3.1251 +- spin_unlock(&sem->wait_lock); 3.1252 ++ spin_unlock_irq(&sem->wait_lock); 3.1253 + 3.1254 + /* wait to be given the lock */ 3.1255 + for (;;) { 3.1256 +@@ -250,10 +252,12 @@ 3.1257 + */ 3.1258 + int fastcall __down_write_trylock(struct rw_semaphore *sem) 3.1259 + { 3.1260 ++ unsigned long flags; 3.1261 + int ret = 0; 3.1262 ++ 3.1263 + rwsemtrace(sem, "Entering __down_write_trylock"); 3.1264 + 3.1265 +- spin_lock(&sem->wait_lock); 3.1266 ++ spin_lock_irqsave(&sem->wait_lock, flags); 3.1267 + 3.1268 + if (sem->activity == 0 && list_empty(&sem->wait_list)) { 3.1269 + /* granted */ 3.1270 +@@ -261,7 +265,7 @@ 3.1271 + ret = 1; 3.1272 + } 3.1273 + 3.1274 +- spin_unlock(&sem->wait_lock); 3.1275 ++ spin_unlock_irqrestore(&sem->wait_lock, flags); 3.1276 + 3.1277 + rwsemtrace(sem, "Leaving __down_write_trylock"); 3.1278 + return ret; 3.1279 +@@ -272,14 +276,16 @@ 3.1280 + */ 3.1281 + void fastcall __up_read(struct rw_semaphore *sem) 3.1282 + { 3.1283 ++ unsigned long flags; 3.1284 ++ 3.1285 + rwsemtrace(sem, "Entering __up_read"); 3.1286 + 3.1287 +- spin_lock(&sem->wait_lock); 3.1288 ++ spin_lock_irqsave(&sem->wait_lock, flags); 3.1289 + 3.1290 + if (--sem->activity == 0 && !list_empty(&sem->wait_list)) 3.1291 + sem = __rwsem_wake_one_writer(sem); 3.1292 + 3.1293 +- spin_unlock(&sem->wait_lock); 3.1294 ++ spin_unlock_irqrestore(&sem->wait_lock, flags); 3.1295 + 3.1296 + rwsemtrace(sem, "Leaving __up_read"); 3.1297 + } 3.1298 +@@ -289,15 +295,17 @@ 3.1299 + */ 3.1300 + void fastcall __up_write(struct rw_semaphore *sem) 3.1301 + { 3.1302 ++ unsigned long flags; 3.1303 ++ 3.1304 + rwsemtrace(sem, "Entering __up_write"); 3.1305 + 3.1306 +- spin_lock(&sem->wait_lock); 3.1307 ++ spin_lock_irqsave(&sem->wait_lock, flags); 3.1308 + 3.1309 + sem->activity = 0; 3.1310 + if (!list_empty(&sem->wait_list)) 3.1311 + sem = __rwsem_do_wake(sem, 1); 3.1312 + 3.1313 +- spin_unlock(&sem->wait_lock); 3.1314 ++ spin_unlock_irqrestore(&sem->wait_lock, flags); 3.1315 + 3.1316 + rwsemtrace(sem, "Leaving __up_write"); 3.1317 + } 3.1318 +@@ -308,15 +316,17 @@ 3.1319 + */ 3.1320 + void fastcall __downgrade_write(struct rw_semaphore *sem) 3.1321 + { 3.1322 ++ unsigned long flags; 3.1323 ++ 3.1324 + rwsemtrace(sem, "Entering __downgrade_write"); 3.1325 + 3.1326 +- spin_lock(&sem->wait_lock); 3.1327 ++ spin_lock_irqsave(&sem->wait_lock, flags); 3.1328 + 3.1329 + sem->activity = 1; 3.1330 + if (!list_empty(&sem->wait_list)) 3.1331 + sem = __rwsem_do_wake(sem, 0); 3.1332 + 3.1333 +- spin_unlock(&sem->wait_lock); 3.1334 ++ spin_unlock_irqrestore(&sem->wait_lock, flags); 3.1335 + 3.1336 + rwsemtrace(sem, "Leaving __downgrade_write"); 3.1337 + } 3.1338 +diff -Nru a/lib/rwsem.c b/lib/rwsem.c 3.1339 +--- a/lib/rwsem.c 2005-05-11 15:43:53 -07:00 3.1340 ++++ b/lib/rwsem.c 2005-05-11 15:43:53 -07:00 3.1341 +@@ -150,7 +150,7 @@ 3.1342 + set_task_state(tsk, TASK_UNINTERRUPTIBLE); 3.1343 + 3.1344 + /* set up my own style of waitqueue */ 3.1345 +- spin_lock(&sem->wait_lock); 3.1346 ++ spin_lock_irq(&sem->wait_lock); 3.1347 + waiter->task = tsk; 3.1348 + get_task_struct(tsk); 3.1349 + 3.1350 +@@ -163,7 +163,7 @@ 3.1351 + if (!(count & RWSEM_ACTIVE_MASK)) 3.1352 + sem = __rwsem_do_wake(sem, 0); 3.1353 + 3.1354 +- spin_unlock(&sem->wait_lock); 3.1355 ++ spin_unlock_irq(&sem->wait_lock); 3.1356 + 3.1357 + /* wait to be given the lock */ 3.1358 + for (;;) { 3.1359 +@@ -219,15 +219,17 @@ 3.1360 + */ 3.1361 + struct rw_semaphore fastcall *rwsem_wake(struct rw_semaphore *sem) 3.1362 + { 3.1363 ++ unsigned long flags; 3.1364 ++ 3.1365 + rwsemtrace(sem, "Entering rwsem_wake"); 3.1366 + 3.1367 +- spin_lock(&sem->wait_lock); 3.1368 ++ spin_lock_irqsave(&sem->wait_lock, flags); 3.1369 + 3.1370 + /* do nothing if list empty */ 3.1371 + if (!list_empty(&sem->wait_list)) 3.1372 + sem = __rwsem_do_wake(sem, 0); 3.1373 + 3.1374 +- spin_unlock(&sem->wait_lock); 3.1375 ++ spin_unlock_irqrestore(&sem->wait_lock, flags); 3.1376 + 3.1377 + rwsemtrace(sem, "Leaving rwsem_wake"); 3.1378 + 3.1379 +@@ -241,15 +243,17 @@ 3.1380 + */ 3.1381 + struct rw_semaphore fastcall *rwsem_downgrade_wake(struct rw_semaphore *sem) 3.1382 + { 3.1383 ++ unsigned long flags; 3.1384 ++ 3.1385 + rwsemtrace(sem, "Entering rwsem_downgrade_wake"); 3.1386 + 3.1387 +- spin_lock(&sem->wait_lock); 3.1388 ++ spin_lock_irqsave(&sem->wait_lock, flags); 3.1389 + 3.1390 + /* do nothing if list empty */ 3.1391 + if (!list_empty(&sem->wait_list)) 3.1392 + sem = __rwsem_do_wake(sem, 1); 3.1393 + 3.1394 +- spin_unlock(&sem->wait_lock); 3.1395 ++ spin_unlock_irqrestore(&sem->wait_lock, flags); 3.1396 + 3.1397 + rwsemtrace(sem, "Leaving rwsem_downgrade_wake"); 3.1398 + return sem; 3.1399 +diff -Nru a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c 3.1400 +--- a/net/bluetooth/af_bluetooth.c 2005-05-11 15:43:53 -07:00 3.1401 ++++ b/net/bluetooth/af_bluetooth.c 2005-05-11 15:43:53 -07:00 3.1402 +@@ -64,7 +64,7 @@ 3.1403 + 3.1404 + int bt_sock_register(int proto, struct net_proto_family *ops) 3.1405 + { 3.1406 +- if (proto >= BT_MAX_PROTO) 3.1407 ++ if (proto < 0 || proto >= BT_MAX_PROTO) 3.1408 + return -EINVAL; 3.1409 + 3.1410 + if (bt_proto[proto]) 3.1411 +@@ -77,7 +77,7 @@ 3.1412 + 3.1413 + int bt_sock_unregister(int proto) 3.1414 + { 3.1415 +- if (proto >= BT_MAX_PROTO) 3.1416 ++ if (proto < 0 || proto >= BT_MAX_PROTO) 3.1417 + return -EINVAL; 3.1418 + 3.1419 + if (!bt_proto[proto]) 3.1420 +@@ -92,7 +92,7 @@ 3.1421 + { 3.1422 + int err = 0; 3.1423 + 3.1424 +- if (proto >= BT_MAX_PROTO) 3.1425 ++ if (proto < 0 || proto >= BT_MAX_PROTO) 3.1426 + return -EINVAL; 3.1427 + 3.1428 + #if defined(CONFIG_KMOD) 3.1429 +diff -Nru a/net/ipv4/fib_hash.c b/net/ipv4/fib_hash.c 3.1430 +--- a/net/ipv4/fib_hash.c 2005-05-11 15:43:53 -07:00 3.1431 ++++ b/net/ipv4/fib_hash.c 2005-05-11 15:43:53 -07:00 3.1432 +@@ -919,13 +919,23 @@ 3.1433 + return fa; 3.1434 + } 3.1435 + 3.1436 ++static struct fib_alias *fib_get_idx(struct seq_file *seq, loff_t pos) 3.1437 ++{ 3.1438 ++ struct fib_alias *fa = fib_get_first(seq); 3.1439 ++ 3.1440 ++ if (fa) 3.1441 ++ while (pos && (fa = fib_get_next(seq))) 3.1442 ++ --pos; 3.1443 ++ return pos ? NULL : fa; 3.1444 ++} 3.1445 ++ 3.1446 + static void *fib_seq_start(struct seq_file *seq, loff_t *pos) 3.1447 + { 3.1448 + void *v = NULL; 3.1449 + 3.1450 + read_lock(&fib_hash_lock); 3.1451 + if (ip_fib_main_table) 3.1452 +- v = *pos ? fib_get_next(seq) : SEQ_START_TOKEN; 3.1453 ++ v = *pos ? fib_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 3.1454 + return v; 3.1455 + } 3.1456 + 3.1457 +diff -Nru a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c 3.1458 +--- a/net/ipv4/tcp_input.c 2005-05-11 15:43:53 -07:00 3.1459 ++++ b/net/ipv4/tcp_input.c 2005-05-11 15:43:53 -07:00 3.1460 +@@ -1653,7 +1653,10 @@ 3.1461 + static void tcp_undo_cwr(struct tcp_sock *tp, int undo) 3.1462 + { 3.1463 + if (tp->prior_ssthresh) { 3.1464 +- tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1); 3.1465 ++ if (tcp_is_bic(tp)) 3.1466 ++ tp->snd_cwnd = max(tp->snd_cwnd, tp->bictcp.last_max_cwnd); 3.1467 ++ else 3.1468 ++ tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1); 3.1469 + 3.1470 + if (undo && tp->prior_ssthresh > tp->snd_ssthresh) { 3.1471 + tp->snd_ssthresh = tp->prior_ssthresh; 3.1472 +diff -Nru a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c 3.1473 +--- a/net/ipv4/tcp_timer.c 2005-05-11 15:43:53 -07:00 3.1474 ++++ b/net/ipv4/tcp_timer.c 2005-05-11 15:43:53 -07:00 3.1475 +@@ -38,6 +38,7 @@ 3.1476 + 3.1477 + #ifdef TCP_DEBUG 3.1478 + const char tcp_timer_bug_msg[] = KERN_DEBUG "tcpbug: unknown timer value\n"; 3.1479 ++EXPORT_SYMBOL(tcp_timer_bug_msg); 3.1480 + #endif 3.1481 + 3.1482 + /* 3.1483 +diff -Nru a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c 3.1484 +--- a/net/ipv4/xfrm4_output.c 2005-05-11 15:43:53 -07:00 3.1485 ++++ b/net/ipv4/xfrm4_output.c 2005-05-11 15:43:53 -07:00 3.1486 +@@ -103,16 +103,16 @@ 3.1487 + goto error_nolock; 3.1488 + } 3.1489 + 3.1490 +- spin_lock_bh(&x->lock); 3.1491 +- err = xfrm_state_check(x, skb); 3.1492 +- if (err) 3.1493 +- goto error; 3.1494 +- 3.1495 + if (x->props.mode) { 3.1496 + err = xfrm4_tunnel_check_size(skb); 3.1497 + if (err) 3.1498 +- goto error; 3.1499 ++ goto error_nolock; 3.1500 + } 3.1501 ++ 3.1502 ++ spin_lock_bh(&x->lock); 3.1503 ++ err = xfrm_state_check(x, skb); 3.1504 ++ if (err) 3.1505 ++ goto error; 3.1506 + 3.1507 + xfrm4_encap(skb); 3.1508 + 3.1509 +diff -Nru a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c 3.1510 +--- a/net/ipv6/xfrm6_output.c 2005-05-11 15:43:53 -07:00 3.1511 ++++ b/net/ipv6/xfrm6_output.c 2005-05-11 15:43:53 -07:00 3.1512 +@@ -103,16 +103,16 @@ 3.1513 + goto error_nolock; 3.1514 + } 3.1515 + 3.1516 +- spin_lock_bh(&x->lock); 3.1517 +- err = xfrm_state_check(x, skb); 3.1518 +- if (err) 3.1519 +- goto error; 3.1520 +- 3.1521 + if (x->props.mode) { 3.1522 + err = xfrm6_tunnel_check_size(skb); 3.1523 + if (err) 3.1524 +- goto error; 3.1525 ++ goto error_nolock; 3.1526 + } 3.1527 ++ 3.1528 ++ spin_lock_bh(&x->lock); 3.1529 ++ err = xfrm_state_check(x, skb); 3.1530 ++ if (err) 3.1531 ++ goto error; 3.1532 + 3.1533 + xfrm6_encap(skb); 3.1534 + 3.1535 +diff -Nru a/net/netrom/nr_in.c b/net/netrom/nr_in.c 3.1536 +--- a/net/netrom/nr_in.c 2005-05-11 15:43:53 -07:00 3.1537 ++++ b/net/netrom/nr_in.c 2005-05-11 15:43:53 -07:00 3.1538 +@@ -74,7 +74,6 @@ 3.1539 + static int nr_state1_machine(struct sock *sk, struct sk_buff *skb, 3.1540 + int frametype) 3.1541 + { 3.1542 +- bh_lock_sock(sk); 3.1543 + switch (frametype) { 3.1544 + case NR_CONNACK: { 3.1545 + nr_cb *nr = nr_sk(sk); 3.1546 +@@ -103,8 +102,6 @@ 3.1547 + default: 3.1548 + break; 3.1549 + } 3.1550 +- bh_unlock_sock(sk); 3.1551 +- 3.1552 + return 0; 3.1553 + } 3.1554 + 3.1555 +@@ -116,7 +113,6 @@ 3.1556 + static int nr_state2_machine(struct sock *sk, struct sk_buff *skb, 3.1557 + int frametype) 3.1558 + { 3.1559 +- bh_lock_sock(sk); 3.1560 + switch (frametype) { 3.1561 + case NR_CONNACK | NR_CHOKE_FLAG: 3.1562 + nr_disconnect(sk, ECONNRESET); 3.1563 +@@ -132,8 +128,6 @@ 3.1564 + default: 3.1565 + break; 3.1566 + } 3.1567 +- bh_unlock_sock(sk); 3.1568 +- 3.1569 + return 0; 3.1570 + } 3.1571 + 3.1572 +@@ -154,7 +148,6 @@ 3.1573 + nr = skb->data[18]; 3.1574 + ns = skb->data[17]; 3.1575 + 3.1576 +- bh_lock_sock(sk); 3.1577 + switch (frametype) { 3.1578 + case NR_CONNREQ: 3.1579 + nr_write_internal(sk, NR_CONNACK); 3.1580 +@@ -265,8 +258,6 @@ 3.1581 + default: 3.1582 + break; 3.1583 + } 3.1584 +- bh_unlock_sock(sk); 3.1585 +- 3.1586 + return queued; 3.1587 + } 3.1588 + 3.1589 +diff -Nru a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c 3.1590 +--- a/net/xfrm/xfrm_state.c 2005-05-11 15:43:53 -07:00 3.1591 ++++ b/net/xfrm/xfrm_state.c 2005-05-11 15:43:53 -07:00 3.1592 +@@ -609,7 +609,7 @@ 3.1593 + 3.1594 + for (i = 0; i < XFRM_DST_HSIZE; i++) { 3.1595 + list_for_each_entry(x, xfrm_state_bydst+i, bydst) { 3.1596 +- if (x->km.seq == seq) { 3.1597 ++ if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) { 3.1598 + xfrm_state_hold(x); 3.1599 + return x; 3.1600 + } 3.1601 +diff -Nru a/security/keys/key.c b/security/keys/key.c 3.1602 +--- a/security/keys/key.c 2005-05-11 15:43:53 -07:00 3.1603 ++++ b/security/keys/key.c 2005-05-11 15:43:53 -07:00 3.1604 +@@ -57,9 +57,10 @@ 3.1605 + { 3.1606 + struct key_user *candidate = NULL, *user; 3.1607 + struct rb_node *parent = NULL; 3.1608 +- struct rb_node **p = &key_user_tree.rb_node; 3.1609 ++ struct rb_node **p; 3.1610 + 3.1611 + try_again: 3.1612 ++ p = &key_user_tree.rb_node; 3.1613 + spin_lock(&key_user_lock); 3.1614 + 3.1615 + /* search the tree for a user record with a matching UID */ 3.1616 +diff -Nru a/sound/core/timer.c b/sound/core/timer.c 3.1617 +--- a/sound/core/timer.c 2005-05-11 15:43:53 -07:00 3.1618 ++++ b/sound/core/timer.c 2005-05-11 15:43:53 -07:00 3.1619 +@@ -1117,7 +1117,8 @@ 3.1620 + if (tu->qused >= tu->queue_size) { 3.1621 + tu->overrun++; 3.1622 + } else { 3.1623 +- memcpy(&tu->queue[tu->qtail++], tread, sizeof(*tread)); 3.1624 ++ memcpy(&tu->tqueue[tu->qtail++], tread, sizeof(*tread)); 3.1625 ++ tu->qtail %= tu->queue_size; 3.1626 + tu->qused++; 3.1627 + } 3.1628 + } 3.1629 +@@ -1140,6 +1141,8 @@ 3.1630 + spin_lock(&tu->qlock); 3.1631 + snd_timer_user_append_to_tqueue(tu, &r1); 3.1632 + spin_unlock(&tu->qlock); 3.1633 ++ kill_fasync(&tu->fasync, SIGIO, POLL_IN); 3.1634 ++ wake_up(&tu->qchange_sleep); 3.1635 + } 3.1636 + 3.1637 + static void snd_timer_user_tinterrupt(snd_timer_instance_t *timeri, 3.1638 +diff -Nru a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c 3.1639 +--- a/sound/pci/ac97/ac97_codec.c 2005-05-11 15:43:53 -07:00 3.1640 ++++ b/sound/pci/ac97/ac97_codec.c 2005-05-11 15:43:53 -07:00 3.1641 +@@ -1185,7 +1185,7 @@ 3.1642 + /* 3.1643 + * create mute switch(es) for normal stereo controls 3.1644 + */ 3.1645 +-static int snd_ac97_cmute_new(snd_card_t *card, char *name, int reg, ac97_t *ac97) 3.1646 ++static int snd_ac97_cmute_new_stereo(snd_card_t *card, char *name, int reg, int check_stereo, ac97_t *ac97) 3.1647 + { 3.1648 + snd_kcontrol_t *kctl; 3.1649 + int err; 3.1650 +@@ -1196,7 +1196,7 @@ 3.1651 + 3.1652 + mute_mask = 0x8000; 3.1653 + val = snd_ac97_read(ac97, reg); 3.1654 +- if (ac97->flags & AC97_STEREO_MUTES) { 3.1655 ++ if (check_stereo || (ac97->flags & AC97_STEREO_MUTES)) { 3.1656 + /* check whether both mute bits work */ 3.1657 + val1 = val | 0x8080; 3.1658 + snd_ac97_write(ac97, reg, val1); 3.1659 +@@ -1254,7 +1254,7 @@ 3.1660 + /* 3.1661 + * create a mute-switch and a volume for normal stereo/mono controls 3.1662 + */ 3.1663 +-static int snd_ac97_cmix_new(snd_card_t *card, const char *pfx, int reg, ac97_t *ac97) 3.1664 ++static int snd_ac97_cmix_new_stereo(snd_card_t *card, const char *pfx, int reg, int check_stereo, ac97_t *ac97) 3.1665 + { 3.1666 + int err; 3.1667 + char name[44]; 3.1668 +@@ -1265,7 +1265,7 @@ 3.1669 + 3.1670 + if (snd_ac97_try_bit(ac97, reg, 15)) { 3.1671 + sprintf(name, "%s Switch", pfx); 3.1672 +- if ((err = snd_ac97_cmute_new(card, name, reg, ac97)) < 0) 3.1673 ++ if ((err = snd_ac97_cmute_new_stereo(card, name, reg, check_stereo, ac97)) < 0) 3.1674 + return err; 3.1675 + } 3.1676 + check_volume_resolution(ac97, reg, &lo_max, &hi_max); 3.1677 +@@ -1277,6 +1277,8 @@ 3.1678 + return 0; 3.1679 + } 3.1680 + 3.1681 ++#define snd_ac97_cmix_new(card, pfx, reg, ac97) snd_ac97_cmix_new_stereo(card, pfx, reg, 0, ac97) 3.1682 ++#define snd_ac97_cmute_new(card, name, reg, ac97) snd_ac97_cmute_new_stereo(card, name, reg, 0, ac97) 3.1683 + 3.1684 + static unsigned int snd_ac97_determine_spdif_rates(ac97_t *ac97); 3.1685 + 3.1686 +@@ -1327,7 +1329,8 @@ 3.1687 + 3.1688 + /* build surround controls */ 3.1689 + if (snd_ac97_try_volume_mix(ac97, AC97_SURROUND_MASTER)) { 3.1690 +- if ((err = snd_ac97_cmix_new(card, "Surround Playback", AC97_SURROUND_MASTER, ac97)) < 0) 3.1691 ++ /* Surround Master (0x38) is with stereo mutes */ 3.1692 ++ if ((err = snd_ac97_cmix_new_stereo(card, "Surround Playback", AC97_SURROUND_MASTER, 1, ac97)) < 0) 3.1693 + return err; 3.1694 + } 3.1695 +