ia64/xen-unstable

changeset 4921:ff057bfda49d

bitkeeper revision 1.1159.258.128 (42874300TsP1zKFrpq-B0IR1Tfg5Sw)

upgrade to 2.6.11.9
author iap10@freefall.cl.cam.ac.uk
date Sun May 15 12:39:28 2005 +0000 (2005-05-15)
parents eeffc4961eee
children d0a4a77aa98f e2f7b51dfa85
files .rootkeys patches/linux-2.6.11/linux-2.6.11.8.patch patches/linux-2.6.11/linux-2.6.11.9.patch
line diff
     1.1 --- a/.rootkeys	Sun May 15 05:27:55 2005 +0000
     1.2 +++ b/.rootkeys	Sun May 15 12:39:28 2005 +0000
     1.3 @@ -367,7 +367,7 @@ 422e4430-gOD358H8nGGnNWes08Nng netbsd-2.
     1.4  413cb3b53nyOv1OIeDSsCXhBFDXvJA netbsd-2.0-xen-sparse/sys/nfs/files.nfs
     1.5  413aa1d0oNP8HXLvfPuMe6cSroUfSA patches/linux-2.6.11/agpgart.patch
     1.6  42372652KCUP-IOH9RN19YQmGhs4aA patches/linux-2.6.11/iomap.patch
     1.7 -428359d4b3fDYtazwXi4UUmSWaOUew patches/linux-2.6.11/linux-2.6.11.8.patch
     1.8 +428359d4b3fDYtazwXi4UUmSWaOUew patches/linux-2.6.11/linux-2.6.11.9.patch
     1.9  418abc69J3F638vPO9MYoDGeYilxoQ patches/linux-2.6.11/nettel.patch
    1.10  3f776bd1Hy9rn69ntXBhPReUFw9IEA tools/Makefile
    1.11  40e1b09db5mN69Ijj0X_Eol-S7dXiw tools/Rules.mk
     2.1 --- a/patches/linux-2.6.11/linux-2.6.11.8.patch	Sun May 15 05:27:55 2005 +0000
     2.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.3 @@ -1,1613 +0,0 @@
     2.4 -diff -Nru a/Makefile b/Makefile
     2.5 ---- a/Makefile	2005-04-29 18:34:28 -07:00
     2.6 -+++ b/Makefile	2005-04-29 18:34:28 -07:00
     2.7 -@@ -1,8 +1,8 @@
     2.8 - VERSION = 2
     2.9 - PATCHLEVEL = 6
    2.10 - SUBLEVEL = 11
    2.11 --EXTRAVERSION =
    2.12 --NAME=Woozy Numbat
    2.13 -+EXTRAVERSION = .8
    2.14 -+NAME=Woozy Beaver
    2.15 - 
    2.16 - # *DOCUMENTATION*
    2.17 - # To see a list of typical targets execute "make help"
    2.18 -diff -Nru a/arch/ia64/kernel/fsys.S b/arch/ia64/kernel/fsys.S
    2.19 ---- a/arch/ia64/kernel/fsys.S	2005-04-29 18:34:28 -07:00
    2.20 -+++ b/arch/ia64/kernel/fsys.S	2005-04-29 18:34:28 -07:00
    2.21 -@@ -611,8 +611,10 @@
    2.22 - 	movl r2=ia64_ret_from_syscall
    2.23 - 	;;
    2.24 - 	mov rp=r2				// set the real return addr
    2.25 --	tbit.z p8,p0=r3,TIF_SYSCALL_TRACE
    2.26 -+	and r3=_TIF_SYSCALL_TRACEAUDIT,r3
    2.27 - 	;;
    2.28 -+	cmp.eq p8,p0=r3,r0
    2.29 -+
    2.30 - (p10)	br.cond.spnt.many ia64_ret_from_syscall	// p10==true means out registers are more than 8
    2.31 - (p8)	br.call.sptk.many b6=b6		// ignore this return addr
    2.32 - 	br.cond.sptk ia64_trace_syscall
    2.33 -diff -Nru a/arch/ia64/kernel/signal.c b/arch/ia64/kernel/signal.c
    2.34 ---- a/arch/ia64/kernel/signal.c	2005-04-29 18:34:28 -07:00
    2.35 -+++ b/arch/ia64/kernel/signal.c	2005-04-29 18:34:28 -07:00
    2.36 -@@ -224,7 +224,8 @@
    2.37 - 	 * could be corrupted.
    2.38 - 	 */
    2.39 - 	retval = (long) &ia64_leave_kernel;
    2.40 --	if (test_thread_flag(TIF_SYSCALL_TRACE))
    2.41 -+	if (test_thread_flag(TIF_SYSCALL_TRACE)
    2.42 -+	    || test_thread_flag(TIF_SYSCALL_AUDIT))
    2.43 - 		/*
    2.44 - 		 * strace expects to be notified after sigreturn returns even though the
    2.45 - 		 * context to which we return may not be in the middle of a syscall.
    2.46 -diff -Nru a/arch/ppc/oprofile/op_model_fsl_booke.c b/arch/ppc/oprofile/op_model_fsl_booke.c
    2.47 ---- a/arch/ppc/oprofile/op_model_fsl_booke.c	2005-04-29 18:34:28 -07:00
    2.48 -+++ b/arch/ppc/oprofile/op_model_fsl_booke.c	2005-04-29 18:34:28 -07:00
    2.49 -@@ -150,7 +150,6 @@
    2.50 - 	int is_kernel;
    2.51 - 	int val;
    2.52 - 	int i;
    2.53 --	unsigned int cpu = smp_processor_id();
    2.54 - 
    2.55 - 	/* set the PMM bit (see comment below) */
    2.56 - 	mtmsr(mfmsr() | MSR_PMM);
    2.57 -@@ -162,7 +161,7 @@
    2.58 - 		val = ctr_read(i);
    2.59 - 		if (val < 0) {
    2.60 - 			if (oprofile_running && ctr[i].enabled) {
    2.61 --				oprofile_add_sample(pc, is_kernel, i, cpu);
    2.62 -+				oprofile_add_pc(pc, is_kernel, i);
    2.63 - 				ctr_write(i, reset_value[i]);
    2.64 - 			} else {
    2.65 - 				ctr_write(i, 0);
    2.66 -diff -Nru a/arch/ppc/platforms/4xx/ebony.h b/arch/ppc/platforms/4xx/ebony.h
    2.67 ---- a/arch/ppc/platforms/4xx/ebony.h	2005-04-29 18:34:28 -07:00
    2.68 -+++ b/arch/ppc/platforms/4xx/ebony.h	2005-04-29 18:34:28 -07:00
    2.69 -@@ -61,8 +61,8 @@
    2.70 -  */
    2.71 - 
    2.72 - /* OpenBIOS defined UART mappings, used before early_serial_setup */
    2.73 --#define UART0_IO_BASE	(u8 *) 0xE0000200
    2.74 --#define UART1_IO_BASE	(u8 *) 0xE0000300
    2.75 -+#define UART0_IO_BASE	0xE0000200
    2.76 -+#define UART1_IO_BASE	0xE0000300
    2.77 - 
    2.78 - /* external Epson SG-615P */
    2.79 - #define BASE_BAUD	691200
    2.80 -diff -Nru a/arch/ppc/platforms/4xx/luan.h b/arch/ppc/platforms/4xx/luan.h
    2.81 ---- a/arch/ppc/platforms/4xx/luan.h	2005-04-29 18:34:28 -07:00
    2.82 -+++ b/arch/ppc/platforms/4xx/luan.h	2005-04-29 18:34:28 -07:00
    2.83 -@@ -47,9 +47,9 @@
    2.84 - #define RS_TABLE_SIZE	3
    2.85 - 
    2.86 - /* PIBS defined UART mappings, used before early_serial_setup */
    2.87 --#define UART0_IO_BASE	(u8 *) 0xa0000200
    2.88 --#define UART1_IO_BASE	(u8 *) 0xa0000300
    2.89 --#define UART2_IO_BASE	(u8 *) 0xa0000600
    2.90 -+#define UART0_IO_BASE	0xa0000200
    2.91 -+#define UART1_IO_BASE	0xa0000300
    2.92 -+#define UART2_IO_BASE	0xa0000600
    2.93 - 
    2.94 - #define BASE_BAUD	11059200
    2.95 - #define STD_UART_OP(num)					\
    2.96 -diff -Nru a/arch/ppc/platforms/4xx/ocotea.h b/arch/ppc/platforms/4xx/ocotea.h
    2.97 ---- a/arch/ppc/platforms/4xx/ocotea.h	2005-04-29 18:34:28 -07:00
    2.98 -+++ b/arch/ppc/platforms/4xx/ocotea.h	2005-04-29 18:34:28 -07:00
    2.99 -@@ -56,8 +56,8 @@
   2.100 - #define RS_TABLE_SIZE	2
   2.101 - 
   2.102 - /* OpenBIOS defined UART mappings, used before early_serial_setup */
   2.103 --#define UART0_IO_BASE	(u8 *) 0xE0000200
   2.104 --#define UART1_IO_BASE	(u8 *) 0xE0000300
   2.105 -+#define UART0_IO_BASE	0xE0000200
   2.106 -+#define UART1_IO_BASE	0xE0000300
   2.107 - 
   2.108 - #define BASE_BAUD	11059200/16
   2.109 - #define STD_UART_OP(num)					\
   2.110 -diff -Nru a/arch/sparc/kernel/ptrace.c b/arch/sparc/kernel/ptrace.c
   2.111 ---- a/arch/sparc/kernel/ptrace.c	2005-04-29 18:34:28 -07:00
   2.112 -+++ b/arch/sparc/kernel/ptrace.c	2005-04-29 18:34:28 -07:00
   2.113 -@@ -531,18 +531,6 @@
   2.114 - 			pt_error_return(regs, EIO);
   2.115 - 			goto out_tsk;
   2.116 - 		}
   2.117 --		if (addr != 1) {
   2.118 --			if (addr & 3) {
   2.119 --				pt_error_return(regs, EINVAL);
   2.120 --				goto out_tsk;
   2.121 --			}
   2.122 --#ifdef DEBUG_PTRACE
   2.123 --			printk ("Original: %08lx %08lx\n", child->thread.kregs->pc, child->thread.kregs->npc);
   2.124 --			printk ("Continuing with %08lx %08lx\n", addr, addr+4);
   2.125 --#endif
   2.126 --			child->thread.kregs->pc = addr;
   2.127 --			child->thread.kregs->npc = addr + 4;
   2.128 --		}
   2.129 - 
   2.130 - 		if (request == PTRACE_SYSCALL)
   2.131 - 			set_tsk_thread_flag(child, TIF_SYSCALL_TRACE);
   2.132 -diff -Nru a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c
   2.133 ---- a/arch/sparc64/kernel/ptrace.c	2005-04-29 18:34:28 -07:00
   2.134 -+++ b/arch/sparc64/kernel/ptrace.c	2005-04-29 18:34:28 -07:00
   2.135 -@@ -514,25 +514,6 @@
   2.136 - 			pt_error_return(regs, EIO);
   2.137 - 			goto out_tsk;
   2.138 - 		}
   2.139 --		if (addr != 1) {
   2.140 --			unsigned long pc_mask = ~0UL;
   2.141 --
   2.142 --			if ((child->thread_info->flags & _TIF_32BIT) != 0)
   2.143 --				pc_mask = 0xffffffff;
   2.144 --
   2.145 --			if (addr & 3) {
   2.146 --				pt_error_return(regs, EINVAL);
   2.147 --				goto out_tsk;
   2.148 --			}
   2.149 --#ifdef DEBUG_PTRACE
   2.150 --			printk ("Original: %016lx %016lx\n",
   2.151 --				child->thread_info->kregs->tpc,
   2.152 --				child->thread_info->kregs->tnpc);
   2.153 --			printk ("Continuing with %016lx %016lx\n", addr, addr+4);
   2.154 --#endif
   2.155 --			child->thread_info->kregs->tpc = (addr & pc_mask);
   2.156 --			child->thread_info->kregs->tnpc = ((addr + 4) & pc_mask);
   2.157 --		}
   2.158 - 
   2.159 - 		if (request == PTRACE_SYSCALL) {
   2.160 - 			set_tsk_thread_flag(child, TIF_SYSCALL_TRACE);
   2.161 -diff -Nru a/arch/sparc64/kernel/signal32.c b/arch/sparc64/kernel/signal32.c
   2.162 ---- a/arch/sparc64/kernel/signal32.c	2005-04-29 18:34:28 -07:00
   2.163 -+++ b/arch/sparc64/kernel/signal32.c	2005-04-29 18:34:28 -07:00
   2.164 -@@ -192,9 +192,12 @@
   2.165 - 			err |= __put_user(from->si_uid, &to->si_uid);
   2.166 - 			break;
   2.167 - 		case __SI_FAULT >> 16:
   2.168 --		case __SI_POLL >> 16:
   2.169 - 			err |= __put_user(from->si_trapno, &to->si_trapno);
   2.170 - 			err |= __put_user((unsigned long)from->si_addr, &to->si_addr);
   2.171 -+			break;
   2.172 -+		case __SI_POLL >> 16:
   2.173 -+			err |= __put_user(from->si_band, &to->si_band);
   2.174 -+			err |= __put_user(from->si_fd, &to->si_fd);
   2.175 - 			break;
   2.176 - 		case __SI_RT >> 16: /* This is not generated by the kernel as of now.  */
   2.177 - 		case __SI_MESGQ >> 16:
   2.178 -diff -Nru a/arch/sparc64/kernel/systbls.S b/arch/sparc64/kernel/systbls.S
   2.179 ---- a/arch/sparc64/kernel/systbls.S	2005-04-29 18:34:27 -07:00
   2.180 -+++ b/arch/sparc64/kernel/systbls.S	2005-04-29 18:34:27 -07:00
   2.181 -@@ -75,7 +75,7 @@
   2.182 - /*260*/	.word compat_sys_sched_getaffinity, compat_sys_sched_setaffinity, sys32_timer_settime, compat_sys_timer_gettime, sys_timer_getoverrun
   2.183 - 	.word sys_timer_delete, sys32_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy
   2.184 - /*270*/	.word sys32_io_submit, sys_io_cancel, compat_sys_io_getevents, sys32_mq_open, sys_mq_unlink
   2.185 --	.word sys_mq_timedsend, sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid
   2.186 -+	.word compat_sys_mq_timedsend, compat_sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid
   2.187 - /*280*/	.word sys_ni_syscall, sys_add_key, sys_request_key, sys_keyctl
   2.188 - 
   2.189 - #endif /* CONFIG_COMPAT */
   2.190 -diff -Nru a/arch/um/include/sysdep-i386/syscalls.h b/arch/um/include/sysdep-i386/syscalls.h
   2.191 ---- a/arch/um/include/sysdep-i386/syscalls.h	2005-04-29 18:34:27 -07:00
   2.192 -+++ b/arch/um/include/sysdep-i386/syscalls.h	2005-04-29 18:34:27 -07:00
   2.193 -@@ -23,6 +23,9 @@
   2.194 - 		      unsigned long prot, unsigned long flags,
   2.195 - 		      unsigned long fd, unsigned long pgoff);
   2.196 - 
   2.197 -+/* On i386 they choose a meaningless naming.*/
   2.198 -+#define __NR_kexec_load __NR_sys_kexec_load
   2.199 -+
   2.200 - #define ARCH_SYSCALLS \
   2.201 - 	[ __NR_waitpid ] = (syscall_handler_t *) sys_waitpid, \
   2.202 - 	[ __NR_break ] = (syscall_handler_t *) sys_ni_syscall, \
   2.203 -@@ -101,15 +104,12 @@
   2.204 - 	[ 223 ] = (syscall_handler_t *) sys_ni_syscall, \
   2.205 - 	[ __NR_set_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \
   2.206 - 	[ __NR_get_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \
   2.207 --	[ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, \
   2.208 - 	[ 251 ] = (syscall_handler_t *) sys_ni_syscall, \
   2.209 --        [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, \
   2.210 --	[ __NR_utimes ] = (syscall_handler_t *) sys_utimes, \
   2.211 --	[ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall,
   2.212 --        
   2.213 -+	[ 285 ] = (syscall_handler_t *) sys_ni_syscall,
   2.214 -+
   2.215 - /* 222 doesn't yet have a name in include/asm-i386/unistd.h */
   2.216 - 
   2.217 --#define LAST_ARCH_SYSCALL __NR_vserver
   2.218 -+#define LAST_ARCH_SYSCALL 285
   2.219 - 
   2.220 - /*
   2.221 -  * Overrides for Emacs so that we follow Linus's tabbing style.
   2.222 -diff -Nru a/arch/um/include/sysdep-x86_64/syscalls.h b/arch/um/include/sysdep-x86_64/syscalls.h
   2.223 ---- a/arch/um/include/sysdep-x86_64/syscalls.h	2005-04-29 18:34:28 -07:00
   2.224 -+++ b/arch/um/include/sysdep-x86_64/syscalls.h	2005-04-29 18:34:28 -07:00
   2.225 -@@ -71,12 +71,7 @@
   2.226 - 	[ __NR_iopl ] = (syscall_handler_t *) sys_ni_syscall, \
   2.227 - 	[ __NR_set_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \
   2.228 - 	[ __NR_get_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \
   2.229 --        [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, \
   2.230 - 	[ __NR_semtimedop ] = (syscall_handler_t *) sys_semtimedop, \
   2.231 --	[ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, \
   2.232 --	[ 223 ] = (syscall_handler_t *) sys_ni_syscall, \
   2.233 --	[ __NR_utimes ] = (syscall_handler_t *) sys_utimes, \
   2.234 --	[ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall, \
   2.235 - 	[ 251 ] = (syscall_handler_t *) sys_ni_syscall,
   2.236 - 
   2.237 - #define LAST_ARCH_SYSCALL 251
   2.238 -diff -Nru a/arch/um/kernel/skas/uaccess.c b/arch/um/kernel/skas/uaccess.c
   2.239 ---- a/arch/um/kernel/skas/uaccess.c	2005-04-29 18:34:28 -07:00
   2.240 -+++ b/arch/um/kernel/skas/uaccess.c	2005-04-29 18:34:28 -07:00
   2.241 -@@ -61,7 +61,8 @@
   2.242 - 	void *arg;
   2.243 - 	int *res;
   2.244 - 
   2.245 --	va_copy(args, *(va_list *)arg_ptr);
   2.246 -+	/* Some old gccs recognize __va_copy, but not va_copy */
   2.247 -+	__va_copy(args, *(va_list *)arg_ptr);
   2.248 - 	addr = va_arg(args, unsigned long);
   2.249 - 	len = va_arg(args, int);
   2.250 - 	is_write = va_arg(args, int);
   2.251 -diff -Nru a/arch/um/kernel/sys_call_table.c b/arch/um/kernel/sys_call_table.c
   2.252 ---- a/arch/um/kernel/sys_call_table.c	2005-04-29 18:34:28 -07:00
   2.253 -+++ b/arch/um/kernel/sys_call_table.c	2005-04-29 18:34:28 -07:00
   2.254 -@@ -48,7 +48,6 @@
   2.255 - extern syscall_handler_t old_select;
   2.256 - extern syscall_handler_t sys_modify_ldt;
   2.257 - extern syscall_handler_t sys_rt_sigsuspend;
   2.258 --extern syscall_handler_t sys_vserver;
   2.259 - extern syscall_handler_t sys_mbind;
   2.260 - extern syscall_handler_t sys_get_mempolicy;
   2.261 - extern syscall_handler_t sys_set_mempolicy;
   2.262 -@@ -242,6 +241,7 @@
   2.263 - 	[ __NR_epoll_create ] = (syscall_handler_t *) sys_epoll_create,
   2.264 - 	[ __NR_epoll_ctl ] = (syscall_handler_t *) sys_epoll_ctl,
   2.265 - 	[ __NR_epoll_wait ] = (syscall_handler_t *) sys_epoll_wait,
   2.266 -+	[ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages,
   2.267 -         [ __NR_set_tid_address ] = (syscall_handler_t *) sys_set_tid_address,
   2.268 - 	[ __NR_timer_create ] = (syscall_handler_t *) sys_timer_create,
   2.269 - 	[ __NR_timer_settime ] = (syscall_handler_t *) sys_timer_settime,
   2.270 -@@ -252,12 +252,10 @@
   2.271 - 	[ __NR_clock_gettime ] = (syscall_handler_t *) sys_clock_gettime,
   2.272 - 	[ __NR_clock_getres ] = (syscall_handler_t *) sys_clock_getres,
   2.273 - 	[ __NR_clock_nanosleep ] = (syscall_handler_t *) sys_clock_nanosleep,
   2.274 --	[ __NR_statfs64 ] = (syscall_handler_t *) sys_statfs64,
   2.275 --	[ __NR_fstatfs64 ] = (syscall_handler_t *) sys_fstatfs64,
   2.276 - 	[ __NR_tgkill ] = (syscall_handler_t *) sys_tgkill,
   2.277 - 	[ __NR_utimes ] = (syscall_handler_t *) sys_utimes,
   2.278 --	[ __NR_fadvise64_64 ] = (syscall_handler_t *) sys_fadvise64_64,
   2.279 --	[ __NR_vserver ] = (syscall_handler_t *) sys_vserver,
   2.280 -+	[ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64,
   2.281 -+	[ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall,
   2.282 - 	[ __NR_mbind ] = (syscall_handler_t *) sys_mbind,
   2.283 - 	[ __NR_get_mempolicy ] = (syscall_handler_t *) sys_get_mempolicy,
   2.284 - 	[ __NR_set_mempolicy ] = (syscall_handler_t *) sys_set_mempolicy,
   2.285 -@@ -267,9 +265,8 @@
   2.286 - 	[ __NR_mq_timedreceive ] = (syscall_handler_t *) sys_mq_timedreceive,
   2.287 - 	[ __NR_mq_notify ] = (syscall_handler_t *) sys_mq_notify,
   2.288 - 	[ __NR_mq_getsetattr ] = (syscall_handler_t *) sys_mq_getsetattr,
   2.289 --	[ __NR_sys_kexec_load ] = (syscall_handler_t *) sys_ni_syscall,
   2.290 -+	[ __NR_kexec_load ] = (syscall_handler_t *) sys_ni_syscall,
   2.291 - 	[ __NR_waitid ] = (syscall_handler_t *) sys_waitid,
   2.292 --	[ 285 ] = (syscall_handler_t *) sys_ni_syscall,
   2.293 - 	[ __NR_add_key ] = (syscall_handler_t *) sys_add_key,
   2.294 - 	[ __NR_request_key ] = (syscall_handler_t *) sys_request_key,
   2.295 - 	[ __NR_keyctl ] = (syscall_handler_t *) sys_keyctl,
   2.296 -diff -Nru a/drivers/char/drm/drm_ioctl.c b/drivers/char/drm/drm_ioctl.c
   2.297 ---- a/drivers/char/drm/drm_ioctl.c	2005-04-29 18:34:27 -07:00
   2.298 -+++ b/drivers/char/drm/drm_ioctl.c	2005-04-29 18:34:27 -07:00
   2.299 -@@ -326,6 +326,8 @@
   2.300 - 
   2.301 - 	DRM_COPY_FROM_USER_IOCTL(sv, argp, sizeof(sv));
   2.302 - 
   2.303 -+	memset(&version, 0, sizeof(version));
   2.304 -+
   2.305 - 	dev->driver->version(&version);
   2.306 - 	retv.drm_di_major = DRM_IF_MAJOR;
   2.307 - 	retv.drm_di_minor = DRM_IF_MINOR;
   2.308 -diff -Nru a/drivers/i2c/chips/eeprom.c b/drivers/i2c/chips/eeprom.c
   2.309 ---- a/drivers/i2c/chips/eeprom.c	2005-04-29 18:34:27 -07:00
   2.310 -+++ b/drivers/i2c/chips/eeprom.c	2005-04-29 18:34:27 -07:00
   2.311 -@@ -130,7 +130,8 @@
   2.312 - 
   2.313 - 	/* Hide Vaio security settings to regular users (16 first bytes) */
   2.314 - 	if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) {
   2.315 --		int in_row1 = 16 - off;
   2.316 -+		size_t in_row1 = 16 - off;
   2.317 -+		in_row1 = min(in_row1, count);
   2.318 - 		memset(buf, 0, in_row1);
   2.319 - 		if (count - in_row1 > 0)
   2.320 - 			memcpy(buf + in_row1, &data->data[16], count - in_row1);
   2.321 -diff -Nru a/drivers/i2c/chips/it87.c b/drivers/i2c/chips/it87.c
   2.322 ---- a/drivers/i2c/chips/it87.c	2005-04-29 18:34:28 -07:00
   2.323 -+++ b/drivers/i2c/chips/it87.c	2005-04-29 18:34:28 -07:00
   2.324 -@@ -631,7 +631,7 @@
   2.325 - 	struct it87_data *data = it87_update_device(dev);
   2.326 - 	return sprintf(buf,"%d\n", ALARMS_FROM_REG(data->alarms));
   2.327 - }
   2.328 --static DEVICE_ATTR(alarms, S_IRUGO | S_IWUSR, show_alarms, NULL);
   2.329 -+static DEVICE_ATTR(alarms, S_IRUGO, show_alarms, NULL);
   2.330 - 
   2.331 - static ssize_t
   2.332 - show_vrm_reg(struct device *dev, char *buf)
   2.333 -diff -Nru a/drivers/i2c/chips/via686a.c b/drivers/i2c/chips/via686a.c
   2.334 ---- a/drivers/i2c/chips/via686a.c	2005-04-29 18:34:27 -07:00
   2.335 -+++ b/drivers/i2c/chips/via686a.c	2005-04-29 18:34:27 -07:00
   2.336 -@@ -554,7 +554,7 @@
   2.337 - 	struct via686a_data *data = via686a_update_device(dev);
   2.338 - 	return sprintf(buf,"%d\n", ALARMS_FROM_REG(data->alarms));
   2.339 - }
   2.340 --static DEVICE_ATTR(alarms, S_IRUGO | S_IWUSR, show_alarms, NULL);
   2.341 -+static DEVICE_ATTR(alarms, S_IRUGO, show_alarms, NULL);
   2.342 - 
   2.343 - /* The driver. I choose to use type i2c_driver, as at is identical to both
   2.344 -    smbus_driver and isa_driver, and clients could be of either kind */
   2.345 -diff -Nru a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h
   2.346 ---- a/drivers/input/serio/i8042-x86ia64io.h	2005-04-29 18:34:28 -07:00
   2.347 -+++ b/drivers/input/serio/i8042-x86ia64io.h	2005-04-29 18:34:28 -07:00
   2.348 -@@ -88,7 +88,7 @@
   2.349 - };
   2.350 - #endif
   2.351 - 
   2.352 --#ifdef CONFIG_ACPI
   2.353 -+#if defined(__ia64__) && defined(CONFIG_ACPI)
   2.354 - #include <linux/acpi.h>
   2.355 - #include <acpi/acpi_bus.h>
   2.356 - 
   2.357 -@@ -281,7 +281,7 @@
   2.358 - 	i8042_kbd_irq = I8042_MAP_IRQ(1);
   2.359 - 	i8042_aux_irq = I8042_MAP_IRQ(12);
   2.360 - 
   2.361 --#ifdef CONFIG_ACPI
   2.362 -+#if defined(__ia64__) && defined(CONFIG_ACPI)
   2.363 - 	if (i8042_acpi_init())
   2.364 - 		return -1;
   2.365 - #endif
   2.366 -@@ -300,7 +300,7 @@
   2.367 - 
   2.368 - static inline void i8042_platform_exit(void)
   2.369 - {
   2.370 --#ifdef CONFIG_ACPI
   2.371 -+#if defined(__ia64__) && defined(CONFIG_ACPI)
   2.372 - 	i8042_acpi_exit();
   2.373 - #endif
   2.374 - }
   2.375 -diff -Nru a/drivers/md/raid6altivec.uc b/drivers/md/raid6altivec.uc
   2.376 ---- a/drivers/md/raid6altivec.uc	2005-04-29 18:34:28 -07:00
   2.377 -+++ b/drivers/md/raid6altivec.uc	2005-04-29 18:34:28 -07:00
   2.378 -@@ -108,7 +108,11 @@
   2.379 - int raid6_have_altivec(void)
   2.380 - {
   2.381 - 	/* This assumes either all CPUs have Altivec or none does */
   2.382 -+#ifdef CONFIG_PPC64
   2.383 - 	return cur_cpu_spec->cpu_features & CPU_FTR_ALTIVEC;
   2.384 -+#else
   2.385 -+	return cur_cpu_spec[0]->cpu_features & CPU_FTR_ALTIVEC;
   2.386 -+#endif
   2.387 - }
   2.388 - #endif
   2.389 - 
   2.390 -diff -Nru a/drivers/media/video/adv7170.c b/drivers/media/video/adv7170.c
   2.391 ---- a/drivers/media/video/adv7170.c	2005-04-29 18:34:28 -07:00
   2.392 -+++ b/drivers/media/video/adv7170.c	2005-04-29 18:34:28 -07:00
   2.393 -@@ -130,7 +130,7 @@
   2.394 - 		u8 block_data[32];
   2.395 - 
   2.396 - 		msg.addr = client->addr;
   2.397 --		msg.flags = client->flags;
   2.398 -+		msg.flags = 0;
   2.399 - 		while (len >= 2) {
   2.400 - 			msg.buf = (char *) block_data;
   2.401 - 			msg.len = 0;
   2.402 -diff -Nru a/drivers/media/video/adv7175.c b/drivers/media/video/adv7175.c
   2.403 ---- a/drivers/media/video/adv7175.c	2005-04-29 18:34:28 -07:00
   2.404 -+++ b/drivers/media/video/adv7175.c	2005-04-29 18:34:28 -07:00
   2.405 -@@ -126,7 +126,7 @@
   2.406 - 		u8 block_data[32];
   2.407 - 
   2.408 - 		msg.addr = client->addr;
   2.409 --		msg.flags = client->flags;
   2.410 -+		msg.flags = 0;
   2.411 - 		while (len >= 2) {
   2.412 - 			msg.buf = (char *) block_data;
   2.413 - 			msg.len = 0;
   2.414 -diff -Nru a/drivers/media/video/bt819.c b/drivers/media/video/bt819.c
   2.415 ---- a/drivers/media/video/bt819.c	2005-04-29 18:34:27 -07:00
   2.416 -+++ b/drivers/media/video/bt819.c	2005-04-29 18:34:27 -07:00
   2.417 -@@ -146,7 +146,7 @@
   2.418 - 		u8 block_data[32];
   2.419 - 
   2.420 - 		msg.addr = client->addr;
   2.421 --		msg.flags = client->flags;
   2.422 -+		msg.flags = 0;
   2.423 - 		while (len >= 2) {
   2.424 - 			msg.buf = (char *) block_data;
   2.425 - 			msg.len = 0;
   2.426 -diff -Nru a/drivers/media/video/bttv-cards.c b/drivers/media/video/bttv-cards.c
   2.427 ---- a/drivers/media/video/bttv-cards.c	2005-04-29 18:34:28 -07:00
   2.428 -+++ b/drivers/media/video/bttv-cards.c	2005-04-29 18:34:28 -07:00
   2.429 -@@ -2718,8 +2718,6 @@
   2.430 -         }
   2.431 - 	btv->pll.pll_current = -1;
   2.432 - 
   2.433 --	bttv_reset_audio(btv);
   2.434 --
   2.435 - 	/* tuner configuration (from card list / autodetect / insmod option) */
   2.436 -  	if (UNSET != bttv_tvcards[btv->c.type].tuner_type)
   2.437 - 		if(UNSET == btv->tuner_type)
   2.438 -diff -Nru a/drivers/media/video/saa7110.c b/drivers/media/video/saa7110.c
   2.439 ---- a/drivers/media/video/saa7110.c	2005-04-29 18:34:27 -07:00
   2.440 -+++ b/drivers/media/video/saa7110.c	2005-04-29 18:34:27 -07:00
   2.441 -@@ -60,8 +60,10 @@
   2.442 - 
   2.443 - #define	I2C_SAA7110		0x9C	/* or 0x9E */
   2.444 - 
   2.445 -+#define SAA7110_NR_REG		0x35
   2.446 -+
   2.447 - struct saa7110 {
   2.448 --	unsigned char reg[54];
   2.449 -+	u8 reg[SAA7110_NR_REG];
   2.450 - 
   2.451 - 	int norm;
   2.452 - 	int input;
   2.453 -@@ -95,31 +97,28 @@
   2.454 - 		     unsigned int       len)
   2.455 - {
   2.456 - 	int ret = -1;
   2.457 --	u8 reg = *data++;
   2.458 -+	u8 reg = *data;		/* first register to write to */
   2.459 - 
   2.460 --	len--;
   2.461 -+	/* Sanity check */
   2.462 -+	if (reg + (len - 1) > SAA7110_NR_REG)
   2.463 -+		return ret;
   2.464 - 
   2.465 - 	/* the saa7110 has an autoincrement function, use it if
   2.466 - 	 * the adapter understands raw I2C */
   2.467 - 	if (i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) {
   2.468 - 		struct saa7110 *decoder = i2c_get_clientdata(client);
   2.469 - 		struct i2c_msg msg;
   2.470 --		u8 block_data[54];
   2.471 - 
   2.472 --		msg.len = 0;
   2.473 --		msg.buf = (char *) block_data;
   2.474 -+		msg.len = len;
   2.475 -+		msg.buf = (char *) data;
   2.476 - 		msg.addr = client->addr;
   2.477 --		msg.flags = client->flags;
   2.478 --		while (len >= 1) {
   2.479 --			msg.len = 0;
   2.480 --			block_data[msg.len++] = reg;
   2.481 --			while (len-- >= 1 && msg.len < 54)
   2.482 --				block_data[msg.len++] =
   2.483 --				    decoder->reg[reg++] = *data++;
   2.484 --			ret = i2c_transfer(client->adapter, &msg, 1);
   2.485 --		}
   2.486 -+		msg.flags = 0;
   2.487 -+		ret = i2c_transfer(client->adapter, &msg, 1);
   2.488 -+
   2.489 -+		/* Cache the written data */
   2.490 -+		memcpy(decoder->reg + reg, data + 1, len - 1);
   2.491 - 	} else {
   2.492 --		while (len-- >= 1) {
   2.493 -+		for (++data, --len; len; len--) {
   2.494 - 			if ((ret = saa7110_write(client, reg++,
   2.495 - 						 *data++)) < 0)
   2.496 - 				break;
   2.497 -@@ -192,7 +191,7 @@
   2.498 - 	return 0;
   2.499 - }
   2.500 - 
   2.501 --static const unsigned char initseq[] = {
   2.502 -+static const unsigned char initseq[1 + SAA7110_NR_REG] = {
   2.503 - 	0, 0x4C, 0x3C, 0x0D, 0xEF, 0xBD, 0xF2, 0x03, 0x00,
   2.504 - 	/* 0x08 */ 0xF8, 0xF8, 0x60, 0x60, 0x00, 0x86, 0x18, 0x90,
   2.505 - 	/* 0x10 */ 0x00, 0x59, 0x40, 0x46, 0x42, 0x1A, 0xFF, 0xDA,
   2.506 -diff -Nru a/drivers/media/video/saa7114.c b/drivers/media/video/saa7114.c
   2.507 ---- a/drivers/media/video/saa7114.c	2005-04-29 18:34:28 -07:00
   2.508 -+++ b/drivers/media/video/saa7114.c	2005-04-29 18:34:28 -07:00
   2.509 -@@ -163,7 +163,7 @@
   2.510 - 		u8 block_data[32];
   2.511 - 
   2.512 - 		msg.addr = client->addr;
   2.513 --		msg.flags = client->flags;
   2.514 -+		msg.flags = 0;
   2.515 - 		while (len >= 2) {
   2.516 - 			msg.buf = (char *) block_data;
   2.517 - 			msg.len = 0;
   2.518 -diff -Nru a/drivers/media/video/saa7185.c b/drivers/media/video/saa7185.c
   2.519 ---- a/drivers/media/video/saa7185.c	2005-04-29 18:34:28 -07:00
   2.520 -+++ b/drivers/media/video/saa7185.c	2005-04-29 18:34:28 -07:00
   2.521 -@@ -118,7 +118,7 @@
   2.522 - 		u8 block_data[32];
   2.523 - 
   2.524 - 		msg.addr = client->addr;
   2.525 --		msg.flags = client->flags;
   2.526 -+		msg.flags = 0;
   2.527 - 		while (len >= 2) {
   2.528 - 			msg.buf = (char *) block_data;
   2.529 - 			msg.len = 0;
   2.530 -diff -Nru a/drivers/net/amd8111e.c b/drivers/net/amd8111e.c
   2.531 ---- a/drivers/net/amd8111e.c	2005-04-29 18:34:28 -07:00
   2.532 -+++ b/drivers/net/amd8111e.c	2005-04-29 18:34:28 -07:00
   2.533 -@@ -1381,6 +1381,8 @@
   2.534 - 
   2.535 - 	if(amd8111e_restart(dev)){
   2.536 - 		spin_unlock_irq(&lp->lock);
   2.537 -+		if (dev->irq)
   2.538 -+			free_irq(dev->irq, dev);
   2.539 - 		return -ENOMEM;
   2.540 - 	}
   2.541 - 	/* Start ipg timer */
   2.542 -diff -Nru a/drivers/net/ppp_async.c b/drivers/net/ppp_async.c
   2.543 ---- a/drivers/net/ppp_async.c	2005-04-29 18:34:28 -07:00
   2.544 -+++ b/drivers/net/ppp_async.c	2005-04-29 18:34:28 -07:00
   2.545 -@@ -1000,7 +1000,7 @@
   2.546 - 	data += 4;
   2.547 - 	dlen -= 4;
   2.548 - 	/* data[0] is code, data[1] is length */
   2.549 --	while (dlen >= 2 && dlen >= data[1]) {
   2.550 -+	while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) {
   2.551 - 		switch (data[0]) {
   2.552 - 		case LCP_MRU:
   2.553 - 			val = (data[2] << 8) + data[3];
   2.554 -diff -Nru a/drivers/net/r8169.c b/drivers/net/r8169.c
   2.555 ---- a/drivers/net/r8169.c	2005-04-29 18:34:28 -07:00
   2.556 -+++ b/drivers/net/r8169.c	2005-04-29 18:34:28 -07:00
   2.557 -@@ -1683,16 +1683,19 @@
   2.558 - 	rtl8169_make_unusable_by_asic(desc);
   2.559 - }
   2.560 - 
   2.561 --static inline void rtl8169_return_to_asic(struct RxDesc *desc, int rx_buf_sz)
   2.562 -+static inline void rtl8169_mark_to_asic(struct RxDesc *desc, u32 rx_buf_sz)
   2.563 - {
   2.564 --	desc->opts1 |= cpu_to_le32(DescOwn + rx_buf_sz);
   2.565 -+	u32 eor = le32_to_cpu(desc->opts1) & RingEnd;
   2.566 -+
   2.567 -+	desc->opts1 = cpu_to_le32(DescOwn | eor | rx_buf_sz);
   2.568 - }
   2.569 - 
   2.570 --static inline void rtl8169_give_to_asic(struct RxDesc *desc, dma_addr_t mapping,
   2.571 --					int rx_buf_sz)
   2.572 -+static inline void rtl8169_map_to_asic(struct RxDesc *desc, dma_addr_t mapping,
   2.573 -+				       u32 rx_buf_sz)
   2.574 - {
   2.575 - 	desc->addr = cpu_to_le64(mapping);
   2.576 --	desc->opts1 |= cpu_to_le32(DescOwn + rx_buf_sz);
   2.577 -+	wmb();
   2.578 -+	rtl8169_mark_to_asic(desc, rx_buf_sz);
   2.579 - }
   2.580 - 
   2.581 - static int rtl8169_alloc_rx_skb(struct pci_dev *pdev, struct sk_buff **sk_buff,
   2.582 -@@ -1712,7 +1715,7 @@
   2.583 - 	mapping = pci_map_single(pdev, skb->tail, rx_buf_sz,
   2.584 - 				 PCI_DMA_FROMDEVICE);
   2.585 - 
   2.586 --	rtl8169_give_to_asic(desc, mapping, rx_buf_sz);
   2.587 -+	rtl8169_map_to_asic(desc, mapping, rx_buf_sz);
   2.588 - 
   2.589 - out:
   2.590 - 	return ret;
   2.591 -@@ -2150,7 +2153,7 @@
   2.592 - 			skb_reserve(skb, NET_IP_ALIGN);
   2.593 - 			eth_copy_and_sum(skb, sk_buff[0]->tail, pkt_size, 0);
   2.594 - 			*sk_buff = skb;
   2.595 --			rtl8169_return_to_asic(desc, rx_buf_sz);
   2.596 -+			rtl8169_mark_to_asic(desc, rx_buf_sz);
   2.597 - 			ret = 0;
   2.598 - 		}
   2.599 - 	}
   2.600 -diff -Nru a/drivers/net/sis900.c b/drivers/net/sis900.c
   2.601 ---- a/drivers/net/sis900.c	2005-04-29 18:34:27 -07:00
   2.602 -+++ b/drivers/net/sis900.c	2005-04-29 18:34:27 -07:00
   2.603 -@@ -236,7 +236,7 @@
   2.604 - 	signature = (u16) read_eeprom(ioaddr, EEPROMSignature);    
   2.605 - 	if (signature == 0xffff || signature == 0x0000) {
   2.606 - 		printk (KERN_INFO "%s: Error EERPOM read %x\n", 
   2.607 --			net_dev->name, signature);
   2.608 -+			pci_name(pci_dev), signature);
   2.609 - 		return 0;
   2.610 - 	}
   2.611 - 
   2.612 -@@ -268,7 +268,7 @@
   2.613 - 	if (!isa_bridge)
   2.614 - 		isa_bridge = pci_get_device(PCI_VENDOR_ID_SI, 0x0018, isa_bridge);
   2.615 - 	if (!isa_bridge) {
   2.616 --		printk("%s: Can not find ISA bridge\n", net_dev->name);
   2.617 -+		printk("%s: Can not find ISA bridge\n", pci_name(pci_dev));
   2.618 - 		return 0;
   2.619 - 	}
   2.620 - 	pci_read_config_byte(isa_bridge, 0x48, &reg);
   2.621 -@@ -456,10 +456,6 @@
   2.622 - 	net_dev->tx_timeout = sis900_tx_timeout;
   2.623 - 	net_dev->watchdog_timeo = TX_TIMEOUT;
   2.624 - 	net_dev->ethtool_ops = &sis900_ethtool_ops;
   2.625 --	
   2.626 --	ret = register_netdev(net_dev);
   2.627 --	if (ret)
   2.628 --		goto err_unmap_rx;
   2.629 - 		
   2.630 - 	/* Get Mac address according to the chip revision */
   2.631 - 	pci_read_config_byte(pci_dev, PCI_CLASS_REVISION, &revision);
   2.632 -@@ -476,7 +472,7 @@
   2.633 - 
   2.634 - 	if (ret == 0) {
   2.635 - 		ret = -ENODEV;
   2.636 --		goto err_out_unregister;
   2.637 -+		goto err_unmap_rx;
   2.638 - 	}
   2.639 - 	
   2.640 - 	/* 630ET : set the mii access mode as software-mode */
   2.641 -@@ -486,7 +482,7 @@
   2.642 - 	/* probe for mii transceiver */
   2.643 - 	if (sis900_mii_probe(net_dev) == 0) {
   2.644 - 		ret = -ENODEV;
   2.645 --		goto err_out_unregister;
   2.646 -+		goto err_unmap_rx;
   2.647 - 	}
   2.648 - 
   2.649 - 	/* save our host bridge revision */
   2.650 -@@ -496,6 +492,10 @@
   2.651 - 		pci_dev_put(dev);
   2.652 - 	}
   2.653 - 
   2.654 -+	ret = register_netdev(net_dev);
   2.655 -+	if (ret)
   2.656 -+		goto err_unmap_rx;
   2.657 -+
   2.658 - 	/* print some information about our NIC */
   2.659 - 	printk(KERN_INFO "%s: %s at %#lx, IRQ %d, ", net_dev->name,
   2.660 - 	       card_name, ioaddr, net_dev->irq);
   2.661 -@@ -505,8 +505,6 @@
   2.662 - 
   2.663 - 	return 0;
   2.664 - 
   2.665 -- err_out_unregister:
   2.666 -- 	unregister_netdev(net_dev);
   2.667 -  err_unmap_rx:
   2.668 - 	pci_free_consistent(pci_dev, RX_TOTAL_SIZE, sis_priv->rx_ring,
   2.669 - 		sis_priv->rx_ring_dma);
   2.670 -@@ -533,6 +531,7 @@
   2.671 - static int __init sis900_mii_probe(struct net_device * net_dev)
   2.672 - {
   2.673 - 	struct sis900_private * sis_priv = net_dev->priv;
   2.674 -+	const char *dev_name = pci_name(sis_priv->pci_dev);
   2.675 - 	u16 poll_bit = MII_STAT_LINK, status = 0;
   2.676 - 	unsigned long timeout = jiffies + 5 * HZ;
   2.677 - 	int phy_addr;
   2.678 -@@ -582,21 +581,20 @@
   2.679 - 					mii_phy->phy_types =
   2.680 - 					    (mii_status & (MII_STAT_CAN_TX_FDX | MII_STAT_CAN_TX)) ? LAN : HOME;
   2.681 - 				printk(KERN_INFO "%s: %s transceiver found at address %d.\n",
   2.682 --				       net_dev->name, mii_chip_table[i].name,
   2.683 -+				       dev_name, mii_chip_table[i].name,
   2.684 - 				       phy_addr);
   2.685 - 				break;
   2.686 - 			}
   2.687 - 			
   2.688 - 		if( !mii_chip_table[i].phy_id1 ) {
   2.689 - 			printk(KERN_INFO "%s: Unknown PHY transceiver found at address %d.\n",
   2.690 --			       net_dev->name, phy_addr);
   2.691 -+			       dev_name, phy_addr);
   2.692 - 			mii_phy->phy_types = UNKNOWN;
   2.693 - 		}
   2.694 - 	}
   2.695 - 	
   2.696 - 	if (sis_priv->mii == NULL) {
   2.697 --		printk(KERN_INFO "%s: No MII transceivers found!\n",
   2.698 --			net_dev->name);
   2.699 -+		printk(KERN_INFO "%s: No MII transceivers found!\n", dev_name);
   2.700 - 		return 0;
   2.701 - 	}
   2.702 - 
   2.703 -@@ -621,7 +619,7 @@
   2.704 - 			poll_bit ^= (mdio_read(net_dev, sis_priv->cur_phy, MII_STATUS) & poll_bit);
   2.705 - 			if (time_after_eq(jiffies, timeout)) {
   2.706 - 				printk(KERN_WARNING "%s: reset phy and link down now\n",
   2.707 --					net_dev->name);
   2.708 -+				       dev_name);
   2.709 - 				return -ETIME;
   2.710 - 			}
   2.711 - 		}
   2.712 -@@ -691,7 +689,7 @@
   2.713 - 		sis_priv->mii = default_phy;
   2.714 - 		sis_priv->cur_phy = default_phy->phy_addr;
   2.715 - 		printk(KERN_INFO "%s: Using transceiver found at address %d as default\n",
   2.716 --					net_dev->name,sis_priv->cur_phy);
   2.717 -+		       pci_name(sis_priv->pci_dev), sis_priv->cur_phy);
   2.718 - 	}
   2.719 - 	
   2.720 - 	status = mdio_read(net_dev, sis_priv->cur_phy, MII_CONTROL);
   2.721 -diff -Nru a/drivers/net/tun.c b/drivers/net/tun.c
   2.722 ---- a/drivers/net/tun.c	2005-04-29 18:34:27 -07:00
   2.723 -+++ b/drivers/net/tun.c	2005-04-29 18:34:27 -07:00
   2.724 -@@ -229,7 +229,7 @@
   2.725 - 	size_t len = count;
   2.726 - 
   2.727 - 	if (!(tun->flags & TUN_NO_PI)) {
   2.728 --		if ((len -= sizeof(pi)) > len)
   2.729 -+		if ((len -= sizeof(pi)) > count)
   2.730 - 			return -EINVAL;
   2.731 - 
   2.732 - 		if(memcpy_fromiovec((void *)&pi, iv, sizeof(pi)))
   2.733 -diff -Nru a/drivers/net/via-rhine.c b/drivers/net/via-rhine.c
   2.734 ---- a/drivers/net/via-rhine.c	2005-04-29 18:34:28 -07:00
   2.735 -+++ b/drivers/net/via-rhine.c	2005-04-29 18:34:28 -07:00
   2.736 -@@ -1197,8 +1197,10 @@
   2.737 - 		       dev->name, rp->pdev->irq);
   2.738 - 
   2.739 - 	rc = alloc_ring(dev);
   2.740 --	if (rc)
   2.741 -+	if (rc) {
   2.742 -+		free_irq(rp->pdev->irq, dev);
   2.743 - 		return rc;
   2.744 -+	}
   2.745 - 	alloc_rbufs(dev);
   2.746 - 	alloc_tbufs(dev);
   2.747 - 	rhine_chip_reset(dev);
   2.748 -@@ -1898,6 +1900,9 @@
   2.749 - 	struct net_device *dev = pci_get_drvdata(pdev);
   2.750 - 	struct rhine_private *rp = netdev_priv(dev);
   2.751 - 	void __iomem *ioaddr = rp->base;
   2.752 -+
   2.753 -+	if (!(rp->quirks & rqWOL))
   2.754 -+		return; /* Nothing to do for non-WOL adapters */
   2.755 - 
   2.756 - 	rhine_power_init(dev);
   2.757 - 
   2.758 -diff -Nru a/drivers/net/wan/hd6457x.c b/drivers/net/wan/hd6457x.c
   2.759 ---- a/drivers/net/wan/hd6457x.c	2005-04-29 18:34:27 -07:00
   2.760 -+++ b/drivers/net/wan/hd6457x.c	2005-04-29 18:34:27 -07:00
   2.761 -@@ -315,7 +315,7 @@
   2.762 - #endif
   2.763 - 	stats->rx_packets++;
   2.764 - 	stats->rx_bytes += skb->len;
   2.765 --	skb->dev->last_rx = jiffies;
   2.766 -+	dev->last_rx = jiffies;
   2.767 - 	skb->protocol = hdlc_type_trans(skb, dev);
   2.768 - 	netif_rx(skb);
   2.769 - }
   2.770 -diff -Nru a/drivers/pci/hotplug/pciehp_ctrl.c b/drivers/pci/hotplug/pciehp_ctrl.c
   2.771 ---- a/drivers/pci/hotplug/pciehp_ctrl.c	2005-04-29 18:34:27 -07:00
   2.772 -+++ b/drivers/pci/hotplug/pciehp_ctrl.c	2005-04-29 18:34:27 -07:00
   2.773 -@@ -1354,10 +1354,11 @@
   2.774 - 				dbg("PCI Bridge Hot-Remove s:b:d:f(%02x:%02x:%02x:%02x)\n", 
   2.775 - 					ctrl->seg, func->bus, func->device, func->function);
   2.776 - 				bridge_slot_remove(func);
   2.777 --			} else
   2.778 -+			} else {
   2.779 - 				dbg("PCI Function Hot-Remove s:b:d:f(%02x:%02x:%02x:%02x)\n", 
   2.780 - 					ctrl->seg, func->bus, func->device, func->function);
   2.781 - 				slot_remove(func);
   2.782 -+			}
   2.783 - 
   2.784 - 			func = pciehp_slot_find(ctrl->slot_bus, device, 0);
   2.785 - 		}
   2.786 -diff -Nru a/fs/binfmt_elf.c b/fs/binfmt_elf.c
   2.787 ---- a/fs/binfmt_elf.c	2005-04-29 18:34:28 -07:00
   2.788 -+++ b/fs/binfmt_elf.c	2005-04-29 18:34:28 -07:00
   2.789 -@@ -1008,6 +1008,7 @@
   2.790 - static int load_elf_library(struct file *file)
   2.791 - {
   2.792 - 	struct elf_phdr *elf_phdata;
   2.793 -+	struct elf_phdr *eppnt;
   2.794 - 	unsigned long elf_bss, bss, len;
   2.795 - 	int retval, error, i, j;
   2.796 - 	struct elfhdr elf_ex;
   2.797 -@@ -1031,44 +1032,47 @@
   2.798 - 	/* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
   2.799 - 
   2.800 - 	error = -ENOMEM;
   2.801 --	elf_phdata = (struct elf_phdr *) kmalloc(j, GFP_KERNEL);
   2.802 -+	elf_phdata = kmalloc(j, GFP_KERNEL);
   2.803 - 	if (!elf_phdata)
   2.804 - 		goto out;
   2.805 - 
   2.806 -+	eppnt = elf_phdata;
   2.807 - 	error = -ENOEXEC;
   2.808 --	retval = kernel_read(file, elf_ex.e_phoff, (char *) elf_phdata, j);
   2.809 -+	retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);
   2.810 - 	if (retval != j)
   2.811 - 		goto out_free_ph;
   2.812 - 
   2.813 - 	for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
   2.814 --		if ((elf_phdata + i)->p_type == PT_LOAD) j++;
   2.815 -+		if ((eppnt + i)->p_type == PT_LOAD)
   2.816 -+			j++;
   2.817 - 	if (j != 1)
   2.818 - 		goto out_free_ph;
   2.819 - 
   2.820 --	while (elf_phdata->p_type != PT_LOAD) elf_phdata++;
   2.821 -+	while (eppnt->p_type != PT_LOAD)
   2.822 -+		eppnt++;
   2.823 - 
   2.824 - 	/* Now use mmap to map the library into memory. */
   2.825 - 	down_write(&current->mm->mmap_sem);
   2.826 - 	error = do_mmap(file,
   2.827 --			ELF_PAGESTART(elf_phdata->p_vaddr),
   2.828 --			(elf_phdata->p_filesz +
   2.829 --			 ELF_PAGEOFFSET(elf_phdata->p_vaddr)),
   2.830 -+			ELF_PAGESTART(eppnt->p_vaddr),
   2.831 -+			(eppnt->p_filesz +
   2.832 -+			 ELF_PAGEOFFSET(eppnt->p_vaddr)),
   2.833 - 			PROT_READ | PROT_WRITE | PROT_EXEC,
   2.834 - 			MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
   2.835 --			(elf_phdata->p_offset -
   2.836 --			 ELF_PAGEOFFSET(elf_phdata->p_vaddr)));
   2.837 -+			(eppnt->p_offset -
   2.838 -+			 ELF_PAGEOFFSET(eppnt->p_vaddr)));
   2.839 - 	up_write(&current->mm->mmap_sem);
   2.840 --	if (error != ELF_PAGESTART(elf_phdata->p_vaddr))
   2.841 -+	if (error != ELF_PAGESTART(eppnt->p_vaddr))
   2.842 - 		goto out_free_ph;
   2.843 - 
   2.844 --	elf_bss = elf_phdata->p_vaddr + elf_phdata->p_filesz;
   2.845 -+	elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
   2.846 - 	if (padzero(elf_bss)) {
   2.847 - 		error = -EFAULT;
   2.848 - 		goto out_free_ph;
   2.849 - 	}
   2.850 - 
   2.851 --	len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1);
   2.852 --	bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
   2.853 -+	len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + ELF_MIN_ALIGN - 1);
   2.854 -+	bss = eppnt->p_memsz + eppnt->p_vaddr;
   2.855 - 	if (bss > len) {
   2.856 - 		down_write(&current->mm->mmap_sem);
   2.857 - 		do_brk(len, bss - len);
   2.858 -diff -Nru a/fs/cramfs/inode.c b/fs/cramfs/inode.c
   2.859 ---- a/fs/cramfs/inode.c	2005-04-29 18:34:27 -07:00
   2.860 -+++ b/fs/cramfs/inode.c	2005-04-29 18:34:27 -07:00
   2.861 -@@ -70,6 +70,7 @@
   2.862 - 			inode->i_data.a_ops = &cramfs_aops;
   2.863 - 		} else {
   2.864 - 			inode->i_size = 0;
   2.865 -+			inode->i_blocks = 0;
   2.866 - 			init_special_inode(inode, inode->i_mode,
   2.867 - 				old_decode_dev(cramfs_inode->size));
   2.868 - 		}
   2.869 -diff -Nru a/fs/eventpoll.c b/fs/eventpoll.c
   2.870 ---- a/fs/eventpoll.c	2005-04-29 18:34:27 -07:00
   2.871 -+++ b/fs/eventpoll.c	2005-04-29 18:34:27 -07:00
   2.872 -@@ -619,6 +619,7 @@
   2.873 - 	return error;
   2.874 - }
   2.875 - 
   2.876 -+#define MAX_EVENTS (INT_MAX / sizeof(struct epoll_event))
   2.877 - 
   2.878 - /*
   2.879 -  * Implement the event wait interface for the eventpoll file. It is the kernel
   2.880 -@@ -635,7 +636,7 @@
   2.881 - 		     current, epfd, events, maxevents, timeout));
   2.882 - 
   2.883 - 	/* The maximum number of event must be greater than zero */
   2.884 --	if (maxevents <= 0)
   2.885 -+	if (maxevents <= 0 || maxevents > MAX_EVENTS)
   2.886 - 		return -EINVAL;
   2.887 - 
   2.888 - 	/* Verify that the area passed by the user is writeable */
   2.889 -diff -Nru a/fs/exec.c b/fs/exec.c
   2.890 ---- a/fs/exec.c	2005-04-29 18:34:27 -07:00
   2.891 -+++ b/fs/exec.c	2005-04-29 18:34:27 -07:00
   2.892 -@@ -814,7 +814,7 @@
   2.893 - {
   2.894 - 	/* buf must be at least sizeof(tsk->comm) in size */
   2.895 - 	task_lock(tsk);
   2.896 --	memcpy(buf, tsk->comm, sizeof(tsk->comm));
   2.897 -+	strncpy(buf, tsk->comm, sizeof(tsk->comm));
   2.898 - 	task_unlock(tsk);
   2.899 - }
   2.900 - 
   2.901 -diff -Nru a/fs/ext2/dir.c b/fs/ext2/dir.c
   2.902 ---- a/fs/ext2/dir.c	2005-04-29 18:34:28 -07:00
   2.903 -+++ b/fs/ext2/dir.c	2005-04-29 18:34:28 -07:00
   2.904 -@@ -592,6 +592,7 @@
   2.905 - 		goto fail;
   2.906 - 	}
   2.907 - 	kaddr = kmap_atomic(page, KM_USER0);
   2.908 -+       memset(kaddr, 0, chunk_size);
   2.909 - 	de = (struct ext2_dir_entry_2 *)kaddr;
   2.910 - 	de->name_len = 1;
   2.911 - 	de->rec_len = cpu_to_le16(EXT2_DIR_REC_LEN(1));
   2.912 -diff -Nru a/fs/isofs/inode.c b/fs/isofs/inode.c
   2.913 ---- a/fs/isofs/inode.c	2005-04-29 18:34:28 -07:00
   2.914 -+++ b/fs/isofs/inode.c	2005-04-29 18:34:28 -07:00
   2.915 -@@ -685,6 +685,8 @@
   2.916 - 	  sbi->s_log_zone_size = isonum_723 (h_pri->logical_block_size);
   2.917 - 	  sbi->s_max_size = isonum_733(h_pri->volume_space_size);
   2.918 - 	} else {
   2.919 -+	  if (!pri)
   2.920 -+	    goto out_freebh;
   2.921 - 	  rootp = (struct iso_directory_record *) pri->root_directory_record;
   2.922 - 	  sbi->s_nzones = isonum_733 (pri->volume_space_size);
   2.923 - 	  sbi->s_log_zone_size = isonum_723 (pri->logical_block_size);
   2.924 -@@ -1394,6 +1396,9 @@
   2.925 - 	unsigned long hashval;
   2.926 - 	struct inode *inode;
   2.927 - 	struct isofs_iget5_callback_data data;
   2.928 -+
   2.929 -+	if (offset >= 1ul << sb->s_blocksize_bits)
   2.930 -+		return NULL;
   2.931 - 
   2.932 - 	data.block = block;
   2.933 - 	data.offset = offset;
   2.934 -diff -Nru a/fs/isofs/rock.c b/fs/isofs/rock.c
   2.935 ---- a/fs/isofs/rock.c	2005-04-29 18:34:28 -07:00
   2.936 -+++ b/fs/isofs/rock.c	2005-04-29 18:34:28 -07:00
   2.937 -@@ -53,6 +53,7 @@
   2.938 -   if(LEN & 1) LEN++;						\
   2.939 -   CHR = ((unsigned char *) DE) + LEN;				\
   2.940 -   LEN = *((unsigned char *) DE) - LEN;                          \
   2.941 -+  if (LEN<0) LEN=0;                                             \
   2.942 -   if (ISOFS_SB(inode->i_sb)->s_rock_offset!=-1)                \
   2.943 -   {                                                             \
   2.944 -      LEN-=ISOFS_SB(inode->i_sb)->s_rock_offset;                \
   2.945 -@@ -73,6 +74,10 @@
   2.946 -     offset1 = 0; \
   2.947 -     pbh = sb_bread(DEV->i_sb, block); \
   2.948 -     if(pbh){       \
   2.949 -+      if (offset > pbh->b_size || offset + cont_size > pbh->b_size){	\
   2.950 -+	brelse(pbh); \
   2.951 -+	goto out; \
   2.952 -+      } \
   2.953 -       memcpy(buffer + offset1, pbh->b_data + offset, cont_size - offset1); \
   2.954 -       brelse(pbh); \
   2.955 -       chr = (unsigned char *) buffer; \
   2.956 -@@ -103,12 +108,13 @@
   2.957 -     struct rock_ridge * rr;
   2.958 -     int sig;
   2.959 -     
   2.960 --    while (len > 1){ /* There may be one byte for padding somewhere */
   2.961 -+    while (len > 2){ /* There may be one byte for padding somewhere */
   2.962 -       rr = (struct rock_ridge *) chr;
   2.963 --      if (rr->len == 0) goto out; /* Something got screwed up here */
   2.964 -+      if (rr->len < 3) goto out; /* Something got screwed up here */
   2.965 -       sig = isonum_721(chr);
   2.966 -       chr += rr->len; 
   2.967 -       len -= rr->len;
   2.968 -+      if (len < 0) goto out;	/* corrupted isofs */
   2.969 - 
   2.970 -       switch(sig){
   2.971 -       case SIG('R','R'):
   2.972 -@@ -122,6 +128,7 @@
   2.973 - 	break;
   2.974 -       case SIG('N','M'):
   2.975 - 	if (truncate) break;
   2.976 -+	if (rr->len < 5) break;
   2.977 -         /*
   2.978 - 	 * If the flags are 2 or 4, this indicates '.' or '..'.
   2.979 - 	 * We don't want to do anything with this, because it
   2.980 -@@ -186,12 +193,13 @@
   2.981 -     struct rock_ridge * rr;
   2.982 -     int rootflag;
   2.983 -     
   2.984 --    while (len > 1){ /* There may be one byte for padding somewhere */
   2.985 -+    while (len > 2){ /* There may be one byte for padding somewhere */
   2.986 -       rr = (struct rock_ridge *) chr;
   2.987 --      if (rr->len == 0) goto out; /* Something got screwed up here */
   2.988 -+      if (rr->len < 3) goto out; /* Something got screwed up here */
   2.989 -       sig = isonum_721(chr);
   2.990 -       chr += rr->len; 
   2.991 -       len -= rr->len;
   2.992 -+      if (len < 0) goto out;	/* corrupted isofs */
   2.993 -       
   2.994 -       switch(sig){
   2.995 - #ifndef CONFIG_ZISOFS		/* No flag for SF or ZF */
   2.996 -@@ -462,7 +470,7 @@
   2.997 - 	struct rock_ridge *rr;
   2.998 - 
   2.999 - 	if (!ISOFS_SB(inode->i_sb)->s_rock)
  2.1000 --		panic ("Cannot have symlink with high sierra variant of iso filesystem\n");
  2.1001 -+		goto error;
  2.1002 - 
  2.1003 - 	block = ei->i_iget5_block;
  2.1004 - 	lock_kernel();
  2.1005 -@@ -487,13 +495,15 @@
  2.1006 - 	SETUP_ROCK_RIDGE(raw_inode, chr, len);
  2.1007 - 
  2.1008 -       repeat:
  2.1009 --	while (len > 1) { /* There may be one byte for padding somewhere */
  2.1010 -+	while (len > 2) { /* There may be one byte for padding somewhere */
  2.1011 - 		rr = (struct rock_ridge *) chr;
  2.1012 --		if (rr->len == 0)
  2.1013 -+		if (rr->len < 3)
  2.1014 - 			goto out;	/* Something got screwed up here */
  2.1015 - 		sig = isonum_721(chr);
  2.1016 - 		chr += rr->len;
  2.1017 - 		len -= rr->len;
  2.1018 -+		if (len < 0)
  2.1019 -+			goto out;	/* corrupted isofs */
  2.1020 - 
  2.1021 - 		switch (sig) {
  2.1022 - 		case SIG('R', 'R'):
  2.1023 -@@ -543,6 +553,7 @@
  2.1024 -       fail:
  2.1025 - 	brelse(bh);
  2.1026 - 	unlock_kernel();
  2.1027 -+      error:
  2.1028 - 	SetPageError(page);
  2.1029 - 	kunmap(page);
  2.1030 - 	unlock_page(page);
  2.1031 -diff -Nru a/fs/jbd/transaction.c b/fs/jbd/transaction.c
  2.1032 ---- a/fs/jbd/transaction.c	2005-04-29 18:34:27 -07:00
  2.1033 -+++ b/fs/jbd/transaction.c	2005-04-29 18:34:27 -07:00
  2.1034 -@@ -1775,10 +1775,10 @@
  2.1035 - 			JBUFFER_TRACE(jh, "checkpointed: add to BJ_Forget");
  2.1036 - 			ret = __dispose_buffer(jh,
  2.1037 - 					journal->j_running_transaction);
  2.1038 -+			journal_put_journal_head(jh);
  2.1039 - 			spin_unlock(&journal->j_list_lock);
  2.1040 - 			jbd_unlock_bh_state(bh);
  2.1041 - 			spin_unlock(&journal->j_state_lock);
  2.1042 --			journal_put_journal_head(jh);
  2.1043 - 			return ret;
  2.1044 - 		} else {
  2.1045 - 			/* There is no currently-running transaction. So the
  2.1046 -@@ -1789,10 +1789,10 @@
  2.1047 - 				JBUFFER_TRACE(jh, "give to committing trans");
  2.1048 - 				ret = __dispose_buffer(jh,
  2.1049 - 					journal->j_committing_transaction);
  2.1050 -+				journal_put_journal_head(jh);
  2.1051 - 				spin_unlock(&journal->j_list_lock);
  2.1052 - 				jbd_unlock_bh_state(bh);
  2.1053 - 				spin_unlock(&journal->j_state_lock);
  2.1054 --				journal_put_journal_head(jh);
  2.1055 - 				return ret;
  2.1056 - 			} else {
  2.1057 - 				/* The orphan record's transaction has
  2.1058 -@@ -1813,10 +1813,10 @@
  2.1059 - 					journal->j_running_transaction);
  2.1060 - 			jh->b_next_transaction = NULL;
  2.1061 - 		}
  2.1062 -+		journal_put_journal_head(jh);
  2.1063 - 		spin_unlock(&journal->j_list_lock);
  2.1064 - 		jbd_unlock_bh_state(bh);
  2.1065 - 		spin_unlock(&journal->j_state_lock);
  2.1066 --		journal_put_journal_head(jh);
  2.1067 - 		return 0;
  2.1068 - 	} else {
  2.1069 - 		/* Good, the buffer belongs to the running transaction.
  2.1070 -diff -Nru a/fs/partitions/msdos.c b/fs/partitions/msdos.c
  2.1071 ---- a/fs/partitions/msdos.c	2005-04-29 18:34:28 -07:00
  2.1072 -+++ b/fs/partitions/msdos.c	2005-04-29 18:34:28 -07:00
  2.1073 -@@ -114,6 +114,9 @@
  2.1074 - 		 */
  2.1075 - 		for (i=0; i<4; i++, p++) {
  2.1076 - 			u32 offs, size, next;
  2.1077 -+
  2.1078 -+			if (SYS_IND(p) == 0)
  2.1079 -+				continue;
  2.1080 - 			if (!NR_SECTS(p) || is_extended_partition(p))
  2.1081 - 				continue;
  2.1082 - 
  2.1083 -@@ -430,6 +433,8 @@
  2.1084 - 	for (slot = 1 ; slot <= 4 ; slot++, p++) {
  2.1085 - 		u32 start = START_SECT(p)*sector_size;
  2.1086 - 		u32 size = NR_SECTS(p)*sector_size;
  2.1087 -+		if (SYS_IND(p) == 0)
  2.1088 -+			continue;
  2.1089 - 		if (!size)
  2.1090 - 			continue;
  2.1091 - 		if (is_extended_partition(p)) {
  2.1092 -diff -Nru a/kernel/signal.c b/kernel/signal.c
  2.1093 ---- a/kernel/signal.c	2005-04-29 18:34:27 -07:00
  2.1094 -+++ b/kernel/signal.c	2005-04-29 18:34:27 -07:00
  2.1095 -@@ -1728,6 +1728,7 @@
  2.1096 - 			 * with another processor delivering a stop signal,
  2.1097 - 			 * then the SIGCONT that wakes us up should clear it.
  2.1098 - 			 */
  2.1099 -+			read_unlock(&tasklist_lock);
  2.1100 - 			return 0;
  2.1101 - 		}
  2.1102 - 
  2.1103 -diff -Nru a/lib/rwsem-spinlock.c b/lib/rwsem-spinlock.c
  2.1104 ---- a/lib/rwsem-spinlock.c	2005-04-29 18:34:28 -07:00
  2.1105 -+++ b/lib/rwsem-spinlock.c	2005-04-29 18:34:28 -07:00
  2.1106 -@@ -140,12 +140,12 @@
  2.1107 - 
  2.1108 - 	rwsemtrace(sem, "Entering __down_read");
  2.1109 - 
  2.1110 --	spin_lock(&sem->wait_lock);
  2.1111 -+	spin_lock_irq(&sem->wait_lock);
  2.1112 - 
  2.1113 - 	if (sem->activity >= 0 && list_empty(&sem->wait_list)) {
  2.1114 - 		/* granted */
  2.1115 - 		sem->activity++;
  2.1116 --		spin_unlock(&sem->wait_lock);
  2.1117 -+		spin_unlock_irq(&sem->wait_lock);
  2.1118 - 		goto out;
  2.1119 - 	}
  2.1120 - 
  2.1121 -@@ -160,7 +160,7 @@
  2.1122 - 	list_add_tail(&waiter.list, &sem->wait_list);
  2.1123 - 
  2.1124 - 	/* we don't need to touch the semaphore struct anymore */
  2.1125 --	spin_unlock(&sem->wait_lock);
  2.1126 -+	spin_unlock_irq(&sem->wait_lock);
  2.1127 - 
  2.1128 - 	/* wait to be given the lock */
  2.1129 - 	for (;;) {
  2.1130 -@@ -181,10 +181,12 @@
  2.1131 -  */
  2.1132 - int fastcall __down_read_trylock(struct rw_semaphore *sem)
  2.1133 - {
  2.1134 -+	unsigned long flags;
  2.1135 - 	int ret = 0;
  2.1136 -+
  2.1137 - 	rwsemtrace(sem, "Entering __down_read_trylock");
  2.1138 - 
  2.1139 --	spin_lock(&sem->wait_lock);
  2.1140 -+	spin_lock_irqsave(&sem->wait_lock, flags);
  2.1141 - 
  2.1142 - 	if (sem->activity >= 0 && list_empty(&sem->wait_list)) {
  2.1143 - 		/* granted */
  2.1144 -@@ -192,7 +194,7 @@
  2.1145 - 		ret = 1;
  2.1146 - 	}
  2.1147 - 
  2.1148 --	spin_unlock(&sem->wait_lock);
  2.1149 -+	spin_unlock_irqrestore(&sem->wait_lock, flags);
  2.1150 - 
  2.1151 - 	rwsemtrace(sem, "Leaving __down_read_trylock");
  2.1152 - 	return ret;
  2.1153 -@@ -209,12 +211,12 @@
  2.1154 - 
  2.1155 - 	rwsemtrace(sem, "Entering __down_write");
  2.1156 - 
  2.1157 --	spin_lock(&sem->wait_lock);
  2.1158 -+	spin_lock_irq(&sem->wait_lock);
  2.1159 - 
  2.1160 - 	if (sem->activity == 0 && list_empty(&sem->wait_list)) {
  2.1161 - 		/* granted */
  2.1162 - 		sem->activity = -1;
  2.1163 --		spin_unlock(&sem->wait_lock);
  2.1164 -+		spin_unlock_irq(&sem->wait_lock);
  2.1165 - 		goto out;
  2.1166 - 	}
  2.1167 - 
  2.1168 -@@ -229,7 +231,7 @@
  2.1169 - 	list_add_tail(&waiter.list, &sem->wait_list);
  2.1170 - 
  2.1171 - 	/* we don't need to touch the semaphore struct anymore */
  2.1172 --	spin_unlock(&sem->wait_lock);
  2.1173 -+	spin_unlock_irq(&sem->wait_lock);
  2.1174 - 
  2.1175 - 	/* wait to be given the lock */
  2.1176 - 	for (;;) {
  2.1177 -@@ -250,10 +252,12 @@
  2.1178 -  */
  2.1179 - int fastcall __down_write_trylock(struct rw_semaphore *sem)
  2.1180 - {
  2.1181 -+	unsigned long flags;
  2.1182 - 	int ret = 0;
  2.1183 -+
  2.1184 - 	rwsemtrace(sem, "Entering __down_write_trylock");
  2.1185 - 
  2.1186 --	spin_lock(&sem->wait_lock);
  2.1187 -+	spin_lock_irqsave(&sem->wait_lock, flags);
  2.1188 - 
  2.1189 - 	if (sem->activity == 0 && list_empty(&sem->wait_list)) {
  2.1190 - 		/* granted */
  2.1191 -@@ -261,7 +265,7 @@
  2.1192 - 		ret = 1;
  2.1193 - 	}
  2.1194 - 
  2.1195 --	spin_unlock(&sem->wait_lock);
  2.1196 -+	spin_unlock_irqrestore(&sem->wait_lock, flags);
  2.1197 - 
  2.1198 - 	rwsemtrace(sem, "Leaving __down_write_trylock");
  2.1199 - 	return ret;
  2.1200 -@@ -272,14 +276,16 @@
  2.1201 -  */
  2.1202 - void fastcall __up_read(struct rw_semaphore *sem)
  2.1203 - {
  2.1204 -+	unsigned long flags;
  2.1205 -+
  2.1206 - 	rwsemtrace(sem, "Entering __up_read");
  2.1207 - 
  2.1208 --	spin_lock(&sem->wait_lock);
  2.1209 -+	spin_lock_irqsave(&sem->wait_lock, flags);
  2.1210 - 
  2.1211 - 	if (--sem->activity == 0 && !list_empty(&sem->wait_list))
  2.1212 - 		sem = __rwsem_wake_one_writer(sem);
  2.1213 - 
  2.1214 --	spin_unlock(&sem->wait_lock);
  2.1215 -+	spin_unlock_irqrestore(&sem->wait_lock, flags);
  2.1216 - 
  2.1217 - 	rwsemtrace(sem, "Leaving __up_read");
  2.1218 - }
  2.1219 -@@ -289,15 +295,17 @@
  2.1220 -  */
  2.1221 - void fastcall __up_write(struct rw_semaphore *sem)
  2.1222 - {
  2.1223 -+	unsigned long flags;
  2.1224 -+
  2.1225 - 	rwsemtrace(sem, "Entering __up_write");
  2.1226 - 
  2.1227 --	spin_lock(&sem->wait_lock);
  2.1228 -+	spin_lock_irqsave(&sem->wait_lock, flags);
  2.1229 - 
  2.1230 - 	sem->activity = 0;
  2.1231 - 	if (!list_empty(&sem->wait_list))
  2.1232 - 		sem = __rwsem_do_wake(sem, 1);
  2.1233 - 
  2.1234 --	spin_unlock(&sem->wait_lock);
  2.1235 -+	spin_unlock_irqrestore(&sem->wait_lock, flags);
  2.1236 - 
  2.1237 - 	rwsemtrace(sem, "Leaving __up_write");
  2.1238 - }
  2.1239 -@@ -308,15 +316,17 @@
  2.1240 -  */
  2.1241 - void fastcall __downgrade_write(struct rw_semaphore *sem)
  2.1242 - {
  2.1243 -+	unsigned long flags;
  2.1244 -+
  2.1245 - 	rwsemtrace(sem, "Entering __downgrade_write");
  2.1246 - 
  2.1247 --	spin_lock(&sem->wait_lock);
  2.1248 -+	spin_lock_irqsave(&sem->wait_lock, flags);
  2.1249 - 
  2.1250 - 	sem->activity = 1;
  2.1251 - 	if (!list_empty(&sem->wait_list))
  2.1252 - 		sem = __rwsem_do_wake(sem, 0);
  2.1253 - 
  2.1254 --	spin_unlock(&sem->wait_lock);
  2.1255 -+	spin_unlock_irqrestore(&sem->wait_lock, flags);
  2.1256 - 
  2.1257 - 	rwsemtrace(sem, "Leaving __downgrade_write");
  2.1258 - }
  2.1259 -diff -Nru a/lib/rwsem.c b/lib/rwsem.c
  2.1260 ---- a/lib/rwsem.c	2005-04-29 18:34:28 -07:00
  2.1261 -+++ b/lib/rwsem.c	2005-04-29 18:34:28 -07:00
  2.1262 -@@ -150,7 +150,7 @@
  2.1263 - 	set_task_state(tsk, TASK_UNINTERRUPTIBLE);
  2.1264 - 
  2.1265 - 	/* set up my own style of waitqueue */
  2.1266 --	spin_lock(&sem->wait_lock);
  2.1267 -+	spin_lock_irq(&sem->wait_lock);
  2.1268 - 	waiter->task = tsk;
  2.1269 - 	get_task_struct(tsk);
  2.1270 - 
  2.1271 -@@ -163,7 +163,7 @@
  2.1272 - 	if (!(count & RWSEM_ACTIVE_MASK))
  2.1273 - 		sem = __rwsem_do_wake(sem, 0);
  2.1274 - 
  2.1275 --	spin_unlock(&sem->wait_lock);
  2.1276 -+	spin_unlock_irq(&sem->wait_lock);
  2.1277 - 
  2.1278 - 	/* wait to be given the lock */
  2.1279 - 	for (;;) {
  2.1280 -@@ -219,15 +219,17 @@
  2.1281 -  */
  2.1282 - struct rw_semaphore fastcall *rwsem_wake(struct rw_semaphore *sem)
  2.1283 - {
  2.1284 -+	unsigned long flags;
  2.1285 -+
  2.1286 - 	rwsemtrace(sem, "Entering rwsem_wake");
  2.1287 - 
  2.1288 --	spin_lock(&sem->wait_lock);
  2.1289 -+	spin_lock_irqsave(&sem->wait_lock, flags);
  2.1290 - 
  2.1291 - 	/* do nothing if list empty */
  2.1292 - 	if (!list_empty(&sem->wait_list))
  2.1293 - 		sem = __rwsem_do_wake(sem, 0);
  2.1294 - 
  2.1295 --	spin_unlock(&sem->wait_lock);
  2.1296 -+	spin_unlock_irqrestore(&sem->wait_lock, flags);
  2.1297 - 
  2.1298 - 	rwsemtrace(sem, "Leaving rwsem_wake");
  2.1299 - 
  2.1300 -@@ -241,15 +243,17 @@
  2.1301 -  */
  2.1302 - struct rw_semaphore fastcall *rwsem_downgrade_wake(struct rw_semaphore *sem)
  2.1303 - {
  2.1304 -+	unsigned long flags;
  2.1305 -+
  2.1306 - 	rwsemtrace(sem, "Entering rwsem_downgrade_wake");
  2.1307 - 
  2.1308 --	spin_lock(&sem->wait_lock);
  2.1309 -+	spin_lock_irqsave(&sem->wait_lock, flags);
  2.1310 - 
  2.1311 - 	/* do nothing if list empty */
  2.1312 - 	if (!list_empty(&sem->wait_list))
  2.1313 - 		sem = __rwsem_do_wake(sem, 1);
  2.1314 - 
  2.1315 --	spin_unlock(&sem->wait_lock);
  2.1316 -+	spin_unlock_irqrestore(&sem->wait_lock, flags);
  2.1317 - 
  2.1318 - 	rwsemtrace(sem, "Leaving rwsem_downgrade_wake");
  2.1319 - 	return sem;
  2.1320 -diff -Nru a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
  2.1321 ---- a/net/bluetooth/af_bluetooth.c	2005-04-29 18:34:27 -07:00
  2.1322 -+++ b/net/bluetooth/af_bluetooth.c	2005-04-29 18:34:27 -07:00
  2.1323 -@@ -64,7 +64,7 @@
  2.1324 - 
  2.1325 - int bt_sock_register(int proto, struct net_proto_family *ops)
  2.1326 - {
  2.1327 --	if (proto >= BT_MAX_PROTO)
  2.1328 -+	if (proto < 0 || proto >= BT_MAX_PROTO)
  2.1329 - 		return -EINVAL;
  2.1330 - 
  2.1331 - 	if (bt_proto[proto])
  2.1332 -@@ -77,7 +77,7 @@
  2.1333 - 
  2.1334 - int bt_sock_unregister(int proto)
  2.1335 - {
  2.1336 --	if (proto >= BT_MAX_PROTO)
  2.1337 -+	if (proto < 0 || proto >= BT_MAX_PROTO)
  2.1338 - 		return -EINVAL;
  2.1339 - 
  2.1340 - 	if (!bt_proto[proto])
  2.1341 -@@ -92,7 +92,7 @@
  2.1342 - {
  2.1343 - 	int err = 0;
  2.1344 - 
  2.1345 --	if (proto >= BT_MAX_PROTO)
  2.1346 -+	if (proto < 0 || proto >= BT_MAX_PROTO)
  2.1347 - 		return -EINVAL;
  2.1348 - 
  2.1349 - #if defined(CONFIG_KMOD)
  2.1350 -diff -Nru a/net/ipv4/fib_hash.c b/net/ipv4/fib_hash.c
  2.1351 ---- a/net/ipv4/fib_hash.c	2005-04-29 18:34:28 -07:00
  2.1352 -+++ b/net/ipv4/fib_hash.c	2005-04-29 18:34:28 -07:00
  2.1353 -@@ -919,13 +919,23 @@
  2.1354 - 	return fa;
  2.1355 - }
  2.1356 - 
  2.1357 -+static struct fib_alias *fib_get_idx(struct seq_file *seq, loff_t pos)
  2.1358 -+{
  2.1359 -+	struct fib_alias *fa = fib_get_first(seq);
  2.1360 -+
  2.1361 -+	if (fa)
  2.1362 -+		while (pos && (fa = fib_get_next(seq)))
  2.1363 -+			--pos;
  2.1364 -+	return pos ? NULL : fa;
  2.1365 -+}
  2.1366 -+
  2.1367 - static void *fib_seq_start(struct seq_file *seq, loff_t *pos)
  2.1368 - {
  2.1369 - 	void *v = NULL;
  2.1370 - 
  2.1371 - 	read_lock(&fib_hash_lock);
  2.1372 - 	if (ip_fib_main_table)
  2.1373 --		v = *pos ? fib_get_next(seq) : SEQ_START_TOKEN;
  2.1374 -+		v = *pos ? fib_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
  2.1375 - 	return v;
  2.1376 - }
  2.1377 - 
  2.1378 -diff -Nru a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
  2.1379 ---- a/net/ipv4/tcp_input.c	2005-04-29 18:34:28 -07:00
  2.1380 -+++ b/net/ipv4/tcp_input.c	2005-04-29 18:34:28 -07:00
  2.1381 -@@ -1653,7 +1653,10 @@
  2.1382 - static void tcp_undo_cwr(struct tcp_sock *tp, int undo)
  2.1383 - {
  2.1384 - 	if (tp->prior_ssthresh) {
  2.1385 --		tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1);
  2.1386 -+		if (tcp_is_bic(tp))
  2.1387 -+			tp->snd_cwnd = max(tp->snd_cwnd, tp->bictcp.last_max_cwnd);
  2.1388 -+		else
  2.1389 -+			tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1);
  2.1390 - 
  2.1391 - 		if (undo && tp->prior_ssthresh > tp->snd_ssthresh) {
  2.1392 - 			tp->snd_ssthresh = tp->prior_ssthresh;
  2.1393 -diff -Nru a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
  2.1394 ---- a/net/ipv4/tcp_timer.c	2005-04-29 18:34:28 -07:00
  2.1395 -+++ b/net/ipv4/tcp_timer.c	2005-04-29 18:34:28 -07:00
  2.1396 -@@ -38,6 +38,7 @@
  2.1397 - 
  2.1398 - #ifdef TCP_DEBUG
  2.1399 - const char tcp_timer_bug_msg[] = KERN_DEBUG "tcpbug: unknown timer value\n";
  2.1400 -+EXPORT_SYMBOL(tcp_timer_bug_msg);
  2.1401 - #endif
  2.1402 - 
  2.1403 - /*
  2.1404 -diff -Nru a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
  2.1405 ---- a/net/ipv4/xfrm4_output.c	2005-04-29 18:34:27 -07:00
  2.1406 -+++ b/net/ipv4/xfrm4_output.c	2005-04-29 18:34:27 -07:00
  2.1407 -@@ -103,16 +103,16 @@
  2.1408 - 			goto error_nolock;
  2.1409 - 	}
  2.1410 - 
  2.1411 --	spin_lock_bh(&x->lock);
  2.1412 --	err = xfrm_state_check(x, skb);
  2.1413 --	if (err)
  2.1414 --		goto error;
  2.1415 --
  2.1416 - 	if (x->props.mode) {
  2.1417 - 		err = xfrm4_tunnel_check_size(skb);
  2.1418 - 		if (err)
  2.1419 --			goto error;
  2.1420 -+			goto error_nolock;
  2.1421 - 	}
  2.1422 -+
  2.1423 -+	spin_lock_bh(&x->lock);
  2.1424 -+	err = xfrm_state_check(x, skb);
  2.1425 -+	if (err)
  2.1426 -+		goto error;
  2.1427 - 
  2.1428 - 	xfrm4_encap(skb);
  2.1429 - 
  2.1430 -diff -Nru a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
  2.1431 ---- a/net/ipv6/xfrm6_output.c	2005-04-29 18:34:28 -07:00
  2.1432 -+++ b/net/ipv6/xfrm6_output.c	2005-04-29 18:34:28 -07:00
  2.1433 -@@ -103,16 +103,16 @@
  2.1434 - 			goto error_nolock;
  2.1435 - 	}
  2.1436 - 
  2.1437 --	spin_lock_bh(&x->lock);
  2.1438 --	err = xfrm_state_check(x, skb);
  2.1439 --	if (err)
  2.1440 --		goto error;
  2.1441 --
  2.1442 - 	if (x->props.mode) {
  2.1443 - 		err = xfrm6_tunnel_check_size(skb);
  2.1444 - 		if (err)
  2.1445 --			goto error;
  2.1446 -+			goto error_nolock;
  2.1447 - 	}
  2.1448 -+
  2.1449 -+	spin_lock_bh(&x->lock);
  2.1450 -+	err = xfrm_state_check(x, skb);
  2.1451 -+	if (err)
  2.1452 -+		goto error;
  2.1453 - 
  2.1454 - 	xfrm6_encap(skb);
  2.1455 - 
  2.1456 -diff -Nru a/net/netrom/nr_in.c b/net/netrom/nr_in.c
  2.1457 ---- a/net/netrom/nr_in.c	2005-04-29 18:34:27 -07:00
  2.1458 -+++ b/net/netrom/nr_in.c	2005-04-29 18:34:27 -07:00
  2.1459 -@@ -74,7 +74,6 @@
  2.1460 - static int nr_state1_machine(struct sock *sk, struct sk_buff *skb,
  2.1461 - 	int frametype)
  2.1462 - {
  2.1463 --	bh_lock_sock(sk);
  2.1464 - 	switch (frametype) {
  2.1465 - 	case NR_CONNACK: {
  2.1466 - 		nr_cb *nr = nr_sk(sk);
  2.1467 -@@ -103,8 +102,6 @@
  2.1468 - 	default:
  2.1469 - 		break;
  2.1470 - 	}
  2.1471 --	bh_unlock_sock(sk);
  2.1472 --
  2.1473 - 	return 0;
  2.1474 - }
  2.1475 - 
  2.1476 -@@ -116,7 +113,6 @@
  2.1477 - static int nr_state2_machine(struct sock *sk, struct sk_buff *skb,
  2.1478 - 	int frametype)
  2.1479 - {
  2.1480 --	bh_lock_sock(sk);
  2.1481 - 	switch (frametype) {
  2.1482 - 	case NR_CONNACK | NR_CHOKE_FLAG:
  2.1483 - 		nr_disconnect(sk, ECONNRESET);
  2.1484 -@@ -132,8 +128,6 @@
  2.1485 - 	default:
  2.1486 - 		break;
  2.1487 - 	}
  2.1488 --	bh_unlock_sock(sk);
  2.1489 --
  2.1490 - 	return 0;
  2.1491 - }
  2.1492 - 
  2.1493 -@@ -154,7 +148,6 @@
  2.1494 - 	nr = skb->data[18];
  2.1495 - 	ns = skb->data[17];
  2.1496 - 
  2.1497 --	bh_lock_sock(sk);
  2.1498 - 	switch (frametype) {
  2.1499 - 	case NR_CONNREQ:
  2.1500 - 		nr_write_internal(sk, NR_CONNACK);
  2.1501 -@@ -265,8 +258,6 @@
  2.1502 - 	default:
  2.1503 - 		break;
  2.1504 - 	}
  2.1505 --	bh_unlock_sock(sk);
  2.1506 --
  2.1507 - 	return queued;
  2.1508 - }
  2.1509 - 
  2.1510 -diff -Nru a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
  2.1511 ---- a/net/xfrm/xfrm_state.c	2005-04-29 18:34:28 -07:00
  2.1512 -+++ b/net/xfrm/xfrm_state.c	2005-04-29 18:34:28 -07:00
  2.1513 -@@ -609,7 +609,7 @@
  2.1514 - 
  2.1515 - 	for (i = 0; i < XFRM_DST_HSIZE; i++) {
  2.1516 - 		list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
  2.1517 --			if (x->km.seq == seq) {
  2.1518 -+			if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) {
  2.1519 - 				xfrm_state_hold(x);
  2.1520 - 				return x;
  2.1521 - 			}
  2.1522 -diff -Nru a/security/keys/key.c b/security/keys/key.c
  2.1523 ---- a/security/keys/key.c	2005-04-29 18:34:28 -07:00
  2.1524 -+++ b/security/keys/key.c	2005-04-29 18:34:28 -07:00
  2.1525 -@@ -57,9 +57,10 @@
  2.1526 - {
  2.1527 - 	struct key_user *candidate = NULL, *user;
  2.1528 - 	struct rb_node *parent = NULL;
  2.1529 --	struct rb_node **p = &key_user_tree.rb_node;
  2.1530 -+	struct rb_node **p;
  2.1531 - 
  2.1532 -  try_again:
  2.1533 -+	p = &key_user_tree.rb_node;
  2.1534 - 	spin_lock(&key_user_lock);
  2.1535 - 
  2.1536 - 	/* search the tree for a user record with a matching UID */
  2.1537 -diff -Nru a/sound/core/timer.c b/sound/core/timer.c
  2.1538 ---- a/sound/core/timer.c	2005-04-29 18:34:28 -07:00
  2.1539 -+++ b/sound/core/timer.c	2005-04-29 18:34:28 -07:00
  2.1540 -@@ -1117,7 +1117,8 @@
  2.1541 - 	if (tu->qused >= tu->queue_size) {
  2.1542 - 		tu->overrun++;
  2.1543 - 	} else {
  2.1544 --		memcpy(&tu->queue[tu->qtail++], tread, sizeof(*tread));
  2.1545 -+		memcpy(&tu->tqueue[tu->qtail++], tread, sizeof(*tread));
  2.1546 -+		tu->qtail %= tu->queue_size;
  2.1547 - 		tu->qused++;
  2.1548 - 	}
  2.1549 - }
  2.1550 -@@ -1140,6 +1141,8 @@
  2.1551 - 	spin_lock(&tu->qlock);
  2.1552 - 	snd_timer_user_append_to_tqueue(tu, &r1);
  2.1553 - 	spin_unlock(&tu->qlock);
  2.1554 -+	kill_fasync(&tu->fasync, SIGIO, POLL_IN);
  2.1555 -+	wake_up(&tu->qchange_sleep);
  2.1556 - }
  2.1557 - 
  2.1558 - static void snd_timer_user_tinterrupt(snd_timer_instance_t *timeri,
  2.1559 -diff -Nru a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c
  2.1560 ---- a/sound/pci/ac97/ac97_codec.c	2005-04-29 18:34:28 -07:00
  2.1561 -+++ b/sound/pci/ac97/ac97_codec.c	2005-04-29 18:34:28 -07:00
  2.1562 -@@ -1185,7 +1185,7 @@
  2.1563 - /*
  2.1564 -  * create mute switch(es) for normal stereo controls
  2.1565 -  */
  2.1566 --static int snd_ac97_cmute_new(snd_card_t *card, char *name, int reg, ac97_t *ac97)
  2.1567 -+static int snd_ac97_cmute_new_stereo(snd_card_t *card, char *name, int reg, int check_stereo, ac97_t *ac97)
  2.1568 - {
  2.1569 - 	snd_kcontrol_t *kctl;
  2.1570 - 	int err;
  2.1571 -@@ -1196,7 +1196,7 @@
  2.1572 - 
  2.1573 - 	mute_mask = 0x8000;
  2.1574 - 	val = snd_ac97_read(ac97, reg);
  2.1575 --	if (ac97->flags & AC97_STEREO_MUTES) {
  2.1576 -+	if (check_stereo || (ac97->flags & AC97_STEREO_MUTES)) {
  2.1577 - 		/* check whether both mute bits work */
  2.1578 - 		val1 = val | 0x8080;
  2.1579 - 		snd_ac97_write(ac97, reg, val1);
  2.1580 -@@ -1254,7 +1254,7 @@
  2.1581 - /*
  2.1582 -  * create a mute-switch and a volume for normal stereo/mono controls
  2.1583 -  */
  2.1584 --static int snd_ac97_cmix_new(snd_card_t *card, const char *pfx, int reg, ac97_t *ac97)
  2.1585 -+static int snd_ac97_cmix_new_stereo(snd_card_t *card, const char *pfx, int reg, int check_stereo, ac97_t *ac97)
  2.1586 - {
  2.1587 - 	int err;
  2.1588 - 	char name[44];
  2.1589 -@@ -1265,7 +1265,7 @@
  2.1590 - 
  2.1591 - 	if (snd_ac97_try_bit(ac97, reg, 15)) {
  2.1592 - 		sprintf(name, "%s Switch", pfx);
  2.1593 --		if ((err = snd_ac97_cmute_new(card, name, reg, ac97)) < 0)
  2.1594 -+		if ((err = snd_ac97_cmute_new_stereo(card, name, reg, check_stereo, ac97)) < 0)
  2.1595 - 			return err;
  2.1596 - 	}
  2.1597 - 	check_volume_resolution(ac97, reg, &lo_max, &hi_max);
  2.1598 -@@ -1277,6 +1277,8 @@
  2.1599 - 	return 0;
  2.1600 - }
  2.1601 - 
  2.1602 -+#define snd_ac97_cmix_new(card, pfx, reg, ac97)	snd_ac97_cmix_new_stereo(card, pfx, reg, 0, ac97)
  2.1603 -+#define snd_ac97_cmute_new(card, name, reg, ac97)	snd_ac97_cmute_new_stereo(card, name, reg, 0, ac97)
  2.1604 - 
  2.1605 - static unsigned int snd_ac97_determine_spdif_rates(ac97_t *ac97);
  2.1606 - 
  2.1607 -@@ -1327,7 +1329,8 @@
  2.1608 - 
  2.1609 - 	/* build surround controls */
  2.1610 - 	if (snd_ac97_try_volume_mix(ac97, AC97_SURROUND_MASTER)) {
  2.1611 --		if ((err = snd_ac97_cmix_new(card, "Surround Playback", AC97_SURROUND_MASTER, ac97)) < 0)
  2.1612 -+		/* Surround Master (0x38) is with stereo mutes */
  2.1613 -+		if ((err = snd_ac97_cmix_new_stereo(card, "Surround Playback", AC97_SURROUND_MASTER, 1, ac97)) < 0)
  2.1614 - 			return err;
  2.1615 - 	}
  2.1616 - 
     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/patches/linux-2.6.11/linux-2.6.11.9.patch	Sun May 15 12:39:28 2005 +0000
     3.3 @@ -0,0 +1,1692 @@
     3.4 +diff -Nru a/Documentation/SecurityBugs b/Documentation/SecurityBugs
     3.5 +--- /dev/null	Wed Dec 31 16:00:00 196900
     3.6 ++++ b/Documentation/SecurityBugs	2005-05-11 15:43:53 -07:00
     3.7 +@@ -0,0 +1,38 @@
     3.8 ++Linux kernel developers take security very seriously.  As such, we'd
     3.9 ++like to know when a security bug is found so that it can be fixed and
    3.10 ++disclosed as quickly as possible.  Please report security bugs to the
    3.11 ++Linux kernel security team.
    3.12 ++
    3.13 ++1) Contact
    3.14 ++
    3.15 ++The Linux kernel security team can be contacted by email at
    3.16 ++<security@kernel.org>.  This is a private list of security officers
    3.17 ++who will help verify the bug report and develop and release a fix.
    3.18 ++It is possible that the security team will bring in extra help from
    3.19 ++area maintainers to understand and fix the security vulnerability.
    3.20 ++
    3.21 ++As it is with any bug, the more information provided the easier it
    3.22 ++will be to diagnose and fix.  Please review the procedure outlined in
    3.23 ++REPORTING-BUGS if you are unclear about what information is helpful.
    3.24 ++Any exploit code is very helpful and will not be released without
    3.25 ++consent from the reporter unless it has already been made public.
    3.26 ++
    3.27 ++2) Disclosure
    3.28 ++
    3.29 ++The goal of the Linux kernel security team is to work with the
    3.30 ++bug submitter to bug resolution as well as disclosure.  We prefer
    3.31 ++to fully disclose the bug as soon as possible.  It is reasonable to
    3.32 ++delay disclosure when the bug or the fix is not yet fully understood,
    3.33 ++the solution is not well-tested or for vendor coordination.  However, we
    3.34 ++expect these delays to be short, measurable in days, not weeks or months.
    3.35 ++A disclosure date is negotiated by the security team working with the
    3.36 ++bug submitter as well as vendors.  However, the kernel security team
    3.37 ++holds the final say when setting a disclosure date.  The timeframe for
    3.38 ++disclosure is from immediate (esp. if it's already publically known)
    3.39 ++to a few weeks.  As a basic default policy, we expect report date to
    3.40 ++disclosure date to be on the order of 7 days.
    3.41 ++
    3.42 ++3) Non-disclosure agreements
    3.43 ++
    3.44 ++The Linux kernel security team is not a formal body and therefore unable
    3.45 ++to enter any non-disclosure agreements.
    3.46 +diff -Nru a/MAINTAINERS b/MAINTAINERS
    3.47 +--- a/MAINTAINERS	2005-05-11 15:43:53 -07:00
    3.48 ++++ b/MAINTAINERS	2005-05-11 15:43:53 -07:00
    3.49 +@@ -1966,6 +1966,11 @@
    3.50 + W:	http://www.weinigel.se
    3.51 + S:	Supported
    3.52 + 
    3.53 ++SECURITY CONTACT
    3.54 ++P:	Security Officers
    3.55 ++M:	security@kernel.org
    3.56 ++S:	Supported
    3.57 ++
    3.58 + SELINUX SECURITY MODULE
    3.59 + P:	Stephen Smalley
    3.60 + M:	sds@epoch.ncsc.mil
    3.61 +diff -Nru a/Makefile b/Makefile
    3.62 +--- a/Makefile	2005-05-11 15:43:53 -07:00
    3.63 ++++ b/Makefile	2005-05-11 15:43:53 -07:00
    3.64 +@@ -1,8 +1,8 @@
    3.65 + VERSION = 2
    3.66 + PATCHLEVEL = 6
    3.67 + SUBLEVEL = 11
    3.68 +-EXTRAVERSION =
    3.69 +-NAME=Woozy Numbat
    3.70 ++EXTRAVERSION = .9
    3.71 ++NAME=Woozy Beaver
    3.72 + 
    3.73 + # *DOCUMENTATION*
    3.74 + # To see a list of typical targets execute "make help"
    3.75 +diff -Nru a/REPORTING-BUGS b/REPORTING-BUGS
    3.76 +--- a/REPORTING-BUGS	2005-05-11 15:43:53 -07:00
    3.77 ++++ b/REPORTING-BUGS	2005-05-11 15:43:53 -07:00
    3.78 +@@ -16,6 +16,10 @@
    3.79 + describe how to recreate it. That is worth even more than the oops itself.
    3.80 + The list of maintainers is in the MAINTAINERS file in this directory.
    3.81 + 
    3.82 ++      If it is a security bug, please copy the Security Contact listed
    3.83 ++in the MAINTAINERS file.  They can help coordinate bugfix and disclosure.
    3.84 ++See Documentation/SecurityBugs for more infomation.
    3.85 ++
    3.86 +       If you are totally stumped as to whom to send the report, send it to
    3.87 + linux-kernel@vger.kernel.org. (For more information on the linux-kernel
    3.88 + mailing list see http://www.tux.org/lkml/).
    3.89 +diff -Nru a/arch/ia64/kernel/fsys.S b/arch/ia64/kernel/fsys.S
    3.90 +--- a/arch/ia64/kernel/fsys.S	2005-05-11 15:43:53 -07:00
    3.91 ++++ b/arch/ia64/kernel/fsys.S	2005-05-11 15:43:53 -07:00
    3.92 +@@ -611,8 +611,10 @@
    3.93 + 	movl r2=ia64_ret_from_syscall
    3.94 + 	;;
    3.95 + 	mov rp=r2				// set the real return addr
    3.96 +-	tbit.z p8,p0=r3,TIF_SYSCALL_TRACE
    3.97 ++	and r3=_TIF_SYSCALL_TRACEAUDIT,r3
    3.98 + 	;;
    3.99 ++	cmp.eq p8,p0=r3,r0
   3.100 ++
   3.101 + (p10)	br.cond.spnt.many ia64_ret_from_syscall	// p10==true means out registers are more than 8
   3.102 + (p8)	br.call.sptk.many b6=b6		// ignore this return addr
   3.103 + 	br.cond.sptk ia64_trace_syscall
   3.104 +diff -Nru a/arch/ia64/kernel/signal.c b/arch/ia64/kernel/signal.c
   3.105 +--- a/arch/ia64/kernel/signal.c	2005-05-11 15:43:53 -07:00
   3.106 ++++ b/arch/ia64/kernel/signal.c	2005-05-11 15:43:53 -07:00
   3.107 +@@ -224,7 +224,8 @@
   3.108 + 	 * could be corrupted.
   3.109 + 	 */
   3.110 + 	retval = (long) &ia64_leave_kernel;
   3.111 +-	if (test_thread_flag(TIF_SYSCALL_TRACE))
   3.112 ++	if (test_thread_flag(TIF_SYSCALL_TRACE)
   3.113 ++	    || test_thread_flag(TIF_SYSCALL_AUDIT))
   3.114 + 		/*
   3.115 + 		 * strace expects to be notified after sigreturn returns even though the
   3.116 + 		 * context to which we return may not be in the middle of a syscall.
   3.117 +diff -Nru a/arch/ppc/oprofile/op_model_fsl_booke.c b/arch/ppc/oprofile/op_model_fsl_booke.c
   3.118 +--- a/arch/ppc/oprofile/op_model_fsl_booke.c	2005-05-11 15:43:53 -07:00
   3.119 ++++ b/arch/ppc/oprofile/op_model_fsl_booke.c	2005-05-11 15:43:53 -07:00
   3.120 +@@ -150,7 +150,6 @@
   3.121 + 	int is_kernel;
   3.122 + 	int val;
   3.123 + 	int i;
   3.124 +-	unsigned int cpu = smp_processor_id();
   3.125 + 
   3.126 + 	/* set the PMM bit (see comment below) */
   3.127 + 	mtmsr(mfmsr() | MSR_PMM);
   3.128 +@@ -162,7 +161,7 @@
   3.129 + 		val = ctr_read(i);
   3.130 + 		if (val < 0) {
   3.131 + 			if (oprofile_running && ctr[i].enabled) {
   3.132 +-				oprofile_add_sample(pc, is_kernel, i, cpu);
   3.133 ++				oprofile_add_pc(pc, is_kernel, i);
   3.134 + 				ctr_write(i, reset_value[i]);
   3.135 + 			} else {
   3.136 + 				ctr_write(i, 0);
   3.137 +diff -Nru a/arch/ppc/platforms/4xx/ebony.h b/arch/ppc/platforms/4xx/ebony.h
   3.138 +--- a/arch/ppc/platforms/4xx/ebony.h	2005-05-11 15:43:53 -07:00
   3.139 ++++ b/arch/ppc/platforms/4xx/ebony.h	2005-05-11 15:43:53 -07:00
   3.140 +@@ -61,8 +61,8 @@
   3.141 +  */
   3.142 + 
   3.143 + /* OpenBIOS defined UART mappings, used before early_serial_setup */
   3.144 +-#define UART0_IO_BASE	(u8 *) 0xE0000200
   3.145 +-#define UART1_IO_BASE	(u8 *) 0xE0000300
   3.146 ++#define UART0_IO_BASE	0xE0000200
   3.147 ++#define UART1_IO_BASE	0xE0000300
   3.148 + 
   3.149 + /* external Epson SG-615P */
   3.150 + #define BASE_BAUD	691200
   3.151 +diff -Nru a/arch/ppc/platforms/4xx/luan.h b/arch/ppc/platforms/4xx/luan.h
   3.152 +--- a/arch/ppc/platforms/4xx/luan.h	2005-05-11 15:43:53 -07:00
   3.153 ++++ b/arch/ppc/platforms/4xx/luan.h	2005-05-11 15:43:53 -07:00
   3.154 +@@ -47,9 +47,9 @@
   3.155 + #define RS_TABLE_SIZE	3
   3.156 + 
   3.157 + /* PIBS defined UART mappings, used before early_serial_setup */
   3.158 +-#define UART0_IO_BASE	(u8 *) 0xa0000200
   3.159 +-#define UART1_IO_BASE	(u8 *) 0xa0000300
   3.160 +-#define UART2_IO_BASE	(u8 *) 0xa0000600
   3.161 ++#define UART0_IO_BASE	0xa0000200
   3.162 ++#define UART1_IO_BASE	0xa0000300
   3.163 ++#define UART2_IO_BASE	0xa0000600
   3.164 + 
   3.165 + #define BASE_BAUD	11059200
   3.166 + #define STD_UART_OP(num)					\
   3.167 +diff -Nru a/arch/ppc/platforms/4xx/ocotea.h b/arch/ppc/platforms/4xx/ocotea.h
   3.168 +--- a/arch/ppc/platforms/4xx/ocotea.h	2005-05-11 15:43:53 -07:00
   3.169 ++++ b/arch/ppc/platforms/4xx/ocotea.h	2005-05-11 15:43:53 -07:00
   3.170 +@@ -56,8 +56,8 @@
   3.171 + #define RS_TABLE_SIZE	2
   3.172 + 
   3.173 + /* OpenBIOS defined UART mappings, used before early_serial_setup */
   3.174 +-#define UART0_IO_BASE	(u8 *) 0xE0000200
   3.175 +-#define UART1_IO_BASE	(u8 *) 0xE0000300
   3.176 ++#define UART0_IO_BASE	0xE0000200
   3.177 ++#define UART1_IO_BASE	0xE0000300
   3.178 + 
   3.179 + #define BASE_BAUD	11059200/16
   3.180 + #define STD_UART_OP(num)					\
   3.181 +diff -Nru a/arch/sparc/kernel/ptrace.c b/arch/sparc/kernel/ptrace.c
   3.182 +--- a/arch/sparc/kernel/ptrace.c	2005-05-11 15:43:53 -07:00
   3.183 ++++ b/arch/sparc/kernel/ptrace.c	2005-05-11 15:43:53 -07:00
   3.184 +@@ -531,18 +531,6 @@
   3.185 + 			pt_error_return(regs, EIO);
   3.186 + 			goto out_tsk;
   3.187 + 		}
   3.188 +-		if (addr != 1) {
   3.189 +-			if (addr & 3) {
   3.190 +-				pt_error_return(regs, EINVAL);
   3.191 +-				goto out_tsk;
   3.192 +-			}
   3.193 +-#ifdef DEBUG_PTRACE
   3.194 +-			printk ("Original: %08lx %08lx\n", child->thread.kregs->pc, child->thread.kregs->npc);
   3.195 +-			printk ("Continuing with %08lx %08lx\n", addr, addr+4);
   3.196 +-#endif
   3.197 +-			child->thread.kregs->pc = addr;
   3.198 +-			child->thread.kregs->npc = addr + 4;
   3.199 +-		}
   3.200 + 
   3.201 + 		if (request == PTRACE_SYSCALL)
   3.202 + 			set_tsk_thread_flag(child, TIF_SYSCALL_TRACE);
   3.203 +diff -Nru a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c
   3.204 +--- a/arch/sparc64/kernel/ptrace.c	2005-05-11 15:43:53 -07:00
   3.205 ++++ b/arch/sparc64/kernel/ptrace.c	2005-05-11 15:43:53 -07:00
   3.206 +@@ -514,25 +514,6 @@
   3.207 + 			pt_error_return(regs, EIO);
   3.208 + 			goto out_tsk;
   3.209 + 		}
   3.210 +-		if (addr != 1) {
   3.211 +-			unsigned long pc_mask = ~0UL;
   3.212 +-
   3.213 +-			if ((child->thread_info->flags & _TIF_32BIT) != 0)
   3.214 +-				pc_mask = 0xffffffff;
   3.215 +-
   3.216 +-			if (addr & 3) {
   3.217 +-				pt_error_return(regs, EINVAL);
   3.218 +-				goto out_tsk;
   3.219 +-			}
   3.220 +-#ifdef DEBUG_PTRACE
   3.221 +-			printk ("Original: %016lx %016lx\n",
   3.222 +-				child->thread_info->kregs->tpc,
   3.223 +-				child->thread_info->kregs->tnpc);
   3.224 +-			printk ("Continuing with %016lx %016lx\n", addr, addr+4);
   3.225 +-#endif
   3.226 +-			child->thread_info->kregs->tpc = (addr & pc_mask);
   3.227 +-			child->thread_info->kregs->tnpc = ((addr + 4) & pc_mask);
   3.228 +-		}
   3.229 + 
   3.230 + 		if (request == PTRACE_SYSCALL) {
   3.231 + 			set_tsk_thread_flag(child, TIF_SYSCALL_TRACE);
   3.232 +diff -Nru a/arch/sparc64/kernel/signal32.c b/arch/sparc64/kernel/signal32.c
   3.233 +--- a/arch/sparc64/kernel/signal32.c	2005-05-11 15:43:53 -07:00
   3.234 ++++ b/arch/sparc64/kernel/signal32.c	2005-05-11 15:43:53 -07:00
   3.235 +@@ -192,9 +192,12 @@
   3.236 + 			err |= __put_user(from->si_uid, &to->si_uid);
   3.237 + 			break;
   3.238 + 		case __SI_FAULT >> 16:
   3.239 +-		case __SI_POLL >> 16:
   3.240 + 			err |= __put_user(from->si_trapno, &to->si_trapno);
   3.241 + 			err |= __put_user((unsigned long)from->si_addr, &to->si_addr);
   3.242 ++			break;
   3.243 ++		case __SI_POLL >> 16:
   3.244 ++			err |= __put_user(from->si_band, &to->si_band);
   3.245 ++			err |= __put_user(from->si_fd, &to->si_fd);
   3.246 + 			break;
   3.247 + 		case __SI_RT >> 16: /* This is not generated by the kernel as of now.  */
   3.248 + 		case __SI_MESGQ >> 16:
   3.249 +diff -Nru a/arch/sparc64/kernel/systbls.S b/arch/sparc64/kernel/systbls.S
   3.250 +--- a/arch/sparc64/kernel/systbls.S	2005-05-11 15:43:53 -07:00
   3.251 ++++ b/arch/sparc64/kernel/systbls.S	2005-05-11 15:43:53 -07:00
   3.252 +@@ -75,7 +75,7 @@
   3.253 + /*260*/	.word compat_sys_sched_getaffinity, compat_sys_sched_setaffinity, sys32_timer_settime, compat_sys_timer_gettime, sys_timer_getoverrun
   3.254 + 	.word sys_timer_delete, sys32_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy
   3.255 + /*270*/	.word sys32_io_submit, sys_io_cancel, compat_sys_io_getevents, sys32_mq_open, sys_mq_unlink
   3.256 +-	.word sys_mq_timedsend, sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid
   3.257 ++	.word compat_sys_mq_timedsend, compat_sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid
   3.258 + /*280*/	.word sys_ni_syscall, sys_add_key, sys_request_key, sys_keyctl
   3.259 + 
   3.260 + #endif /* CONFIG_COMPAT */
   3.261 +diff -Nru a/arch/um/include/sysdep-i386/syscalls.h b/arch/um/include/sysdep-i386/syscalls.h
   3.262 +--- a/arch/um/include/sysdep-i386/syscalls.h	2005-05-11 15:43:53 -07:00
   3.263 ++++ b/arch/um/include/sysdep-i386/syscalls.h	2005-05-11 15:43:53 -07:00
   3.264 +@@ -23,6 +23,9 @@
   3.265 + 		      unsigned long prot, unsigned long flags,
   3.266 + 		      unsigned long fd, unsigned long pgoff);
   3.267 + 
   3.268 ++/* On i386 they choose a meaningless naming.*/
   3.269 ++#define __NR_kexec_load __NR_sys_kexec_load
   3.270 ++
   3.271 + #define ARCH_SYSCALLS \
   3.272 + 	[ __NR_waitpid ] = (syscall_handler_t *) sys_waitpid, \
   3.273 + 	[ __NR_break ] = (syscall_handler_t *) sys_ni_syscall, \
   3.274 +@@ -101,15 +104,12 @@
   3.275 + 	[ 223 ] = (syscall_handler_t *) sys_ni_syscall, \
   3.276 + 	[ __NR_set_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \
   3.277 + 	[ __NR_get_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \
   3.278 +-	[ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, \
   3.279 + 	[ 251 ] = (syscall_handler_t *) sys_ni_syscall, \
   3.280 +-        [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, \
   3.281 +-	[ __NR_utimes ] = (syscall_handler_t *) sys_utimes, \
   3.282 +-	[ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall,
   3.283 +-        
   3.284 ++	[ 285 ] = (syscall_handler_t *) sys_ni_syscall,
   3.285 ++
   3.286 + /* 222 doesn't yet have a name in include/asm-i386/unistd.h */
   3.287 + 
   3.288 +-#define LAST_ARCH_SYSCALL __NR_vserver
   3.289 ++#define LAST_ARCH_SYSCALL 285
   3.290 + 
   3.291 + /*
   3.292 +  * Overrides for Emacs so that we follow Linus's tabbing style.
   3.293 +diff -Nru a/arch/um/include/sysdep-x86_64/syscalls.h b/arch/um/include/sysdep-x86_64/syscalls.h
   3.294 +--- a/arch/um/include/sysdep-x86_64/syscalls.h	2005-05-11 15:43:53 -07:00
   3.295 ++++ b/arch/um/include/sysdep-x86_64/syscalls.h	2005-05-11 15:43:53 -07:00
   3.296 +@@ -71,12 +71,7 @@
   3.297 + 	[ __NR_iopl ] = (syscall_handler_t *) sys_ni_syscall, \
   3.298 + 	[ __NR_set_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \
   3.299 + 	[ __NR_get_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \
   3.300 +-        [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, \
   3.301 + 	[ __NR_semtimedop ] = (syscall_handler_t *) sys_semtimedop, \
   3.302 +-	[ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, \
   3.303 +-	[ 223 ] = (syscall_handler_t *) sys_ni_syscall, \
   3.304 +-	[ __NR_utimes ] = (syscall_handler_t *) sys_utimes, \
   3.305 +-	[ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall, \
   3.306 + 	[ 251 ] = (syscall_handler_t *) sys_ni_syscall,
   3.307 + 
   3.308 + #define LAST_ARCH_SYSCALL 251
   3.309 +diff -Nru a/arch/um/kernel/skas/uaccess.c b/arch/um/kernel/skas/uaccess.c
   3.310 +--- a/arch/um/kernel/skas/uaccess.c	2005-05-11 15:43:53 -07:00
   3.311 ++++ b/arch/um/kernel/skas/uaccess.c	2005-05-11 15:43:53 -07:00
   3.312 +@@ -61,7 +61,8 @@
   3.313 + 	void *arg;
   3.314 + 	int *res;
   3.315 + 
   3.316 +-	va_copy(args, *(va_list *)arg_ptr);
   3.317 ++	/* Some old gccs recognize __va_copy, but not va_copy */
   3.318 ++	__va_copy(args, *(va_list *)arg_ptr);
   3.319 + 	addr = va_arg(args, unsigned long);
   3.320 + 	len = va_arg(args, int);
   3.321 + 	is_write = va_arg(args, int);
   3.322 +diff -Nru a/arch/um/kernel/sys_call_table.c b/arch/um/kernel/sys_call_table.c
   3.323 +--- a/arch/um/kernel/sys_call_table.c	2005-05-11 15:43:53 -07:00
   3.324 ++++ b/arch/um/kernel/sys_call_table.c	2005-05-11 15:43:53 -07:00
   3.325 +@@ -48,7 +48,6 @@
   3.326 + extern syscall_handler_t old_select;
   3.327 + extern syscall_handler_t sys_modify_ldt;
   3.328 + extern syscall_handler_t sys_rt_sigsuspend;
   3.329 +-extern syscall_handler_t sys_vserver;
   3.330 + extern syscall_handler_t sys_mbind;
   3.331 + extern syscall_handler_t sys_get_mempolicy;
   3.332 + extern syscall_handler_t sys_set_mempolicy;
   3.333 +@@ -242,6 +241,7 @@
   3.334 + 	[ __NR_epoll_create ] = (syscall_handler_t *) sys_epoll_create,
   3.335 + 	[ __NR_epoll_ctl ] = (syscall_handler_t *) sys_epoll_ctl,
   3.336 + 	[ __NR_epoll_wait ] = (syscall_handler_t *) sys_epoll_wait,
   3.337 ++	[ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages,
   3.338 +         [ __NR_set_tid_address ] = (syscall_handler_t *) sys_set_tid_address,
   3.339 + 	[ __NR_timer_create ] = (syscall_handler_t *) sys_timer_create,
   3.340 + 	[ __NR_timer_settime ] = (syscall_handler_t *) sys_timer_settime,
   3.341 +@@ -252,12 +252,10 @@
   3.342 + 	[ __NR_clock_gettime ] = (syscall_handler_t *) sys_clock_gettime,
   3.343 + 	[ __NR_clock_getres ] = (syscall_handler_t *) sys_clock_getres,
   3.344 + 	[ __NR_clock_nanosleep ] = (syscall_handler_t *) sys_clock_nanosleep,
   3.345 +-	[ __NR_statfs64 ] = (syscall_handler_t *) sys_statfs64,
   3.346 +-	[ __NR_fstatfs64 ] = (syscall_handler_t *) sys_fstatfs64,
   3.347 + 	[ __NR_tgkill ] = (syscall_handler_t *) sys_tgkill,
   3.348 + 	[ __NR_utimes ] = (syscall_handler_t *) sys_utimes,
   3.349 +-	[ __NR_fadvise64_64 ] = (syscall_handler_t *) sys_fadvise64_64,
   3.350 +-	[ __NR_vserver ] = (syscall_handler_t *) sys_vserver,
   3.351 ++	[ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64,
   3.352 ++	[ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall,
   3.353 + 	[ __NR_mbind ] = (syscall_handler_t *) sys_mbind,
   3.354 + 	[ __NR_get_mempolicy ] = (syscall_handler_t *) sys_get_mempolicy,
   3.355 + 	[ __NR_set_mempolicy ] = (syscall_handler_t *) sys_set_mempolicy,
   3.356 +@@ -267,9 +265,8 @@
   3.357 + 	[ __NR_mq_timedreceive ] = (syscall_handler_t *) sys_mq_timedreceive,
   3.358 + 	[ __NR_mq_notify ] = (syscall_handler_t *) sys_mq_notify,
   3.359 + 	[ __NR_mq_getsetattr ] = (syscall_handler_t *) sys_mq_getsetattr,
   3.360 +-	[ __NR_sys_kexec_load ] = (syscall_handler_t *) sys_ni_syscall,
   3.361 ++	[ __NR_kexec_load ] = (syscall_handler_t *) sys_ni_syscall,
   3.362 + 	[ __NR_waitid ] = (syscall_handler_t *) sys_waitid,
   3.363 +-	[ 285 ] = (syscall_handler_t *) sys_ni_syscall,
   3.364 + 	[ __NR_add_key ] = (syscall_handler_t *) sys_add_key,
   3.365 + 	[ __NR_request_key ] = (syscall_handler_t *) sys_request_key,
   3.366 + 	[ __NR_keyctl ] = (syscall_handler_t *) sys_keyctl,
   3.367 +diff -Nru a/drivers/char/drm/drm_ioctl.c b/drivers/char/drm/drm_ioctl.c
   3.368 +--- a/drivers/char/drm/drm_ioctl.c	2005-05-11 15:43:53 -07:00
   3.369 ++++ b/drivers/char/drm/drm_ioctl.c	2005-05-11 15:43:53 -07:00
   3.370 +@@ -326,6 +326,8 @@
   3.371 + 
   3.372 + 	DRM_COPY_FROM_USER_IOCTL(sv, argp, sizeof(sv));
   3.373 + 
   3.374 ++	memset(&version, 0, sizeof(version));
   3.375 ++
   3.376 + 	dev->driver->version(&version);
   3.377 + 	retv.drm_di_major = DRM_IF_MAJOR;
   3.378 + 	retv.drm_di_minor = DRM_IF_MINOR;
   3.379 +diff -Nru a/drivers/i2c/chips/eeprom.c b/drivers/i2c/chips/eeprom.c
   3.380 +--- a/drivers/i2c/chips/eeprom.c	2005-05-11 15:43:53 -07:00
   3.381 ++++ b/drivers/i2c/chips/eeprom.c	2005-05-11 15:43:53 -07:00
   3.382 +@@ -130,7 +130,8 @@
   3.383 + 
   3.384 + 	/* Hide Vaio security settings to regular users (16 first bytes) */
   3.385 + 	if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) {
   3.386 +-		int in_row1 = 16 - off;
   3.387 ++		size_t in_row1 = 16 - off;
   3.388 ++		in_row1 = min(in_row1, count);
   3.389 + 		memset(buf, 0, in_row1);
   3.390 + 		if (count - in_row1 > 0)
   3.391 + 			memcpy(buf + in_row1, &data->data[16], count - in_row1);
   3.392 +diff -Nru a/drivers/i2c/chips/it87.c b/drivers/i2c/chips/it87.c
   3.393 +--- a/drivers/i2c/chips/it87.c	2005-05-11 15:43:53 -07:00
   3.394 ++++ b/drivers/i2c/chips/it87.c	2005-05-11 15:43:53 -07:00
   3.395 +@@ -631,7 +631,7 @@
   3.396 + 	struct it87_data *data = it87_update_device(dev);
   3.397 + 	return sprintf(buf,"%d\n", ALARMS_FROM_REG(data->alarms));
   3.398 + }
   3.399 +-static DEVICE_ATTR(alarms, S_IRUGO | S_IWUSR, show_alarms, NULL);
   3.400 ++static DEVICE_ATTR(alarms, S_IRUGO, show_alarms, NULL);
   3.401 + 
   3.402 + static ssize_t
   3.403 + show_vrm_reg(struct device *dev, char *buf)
   3.404 +diff -Nru a/drivers/i2c/chips/via686a.c b/drivers/i2c/chips/via686a.c
   3.405 +--- a/drivers/i2c/chips/via686a.c	2005-05-11 15:43:53 -07:00
   3.406 ++++ b/drivers/i2c/chips/via686a.c	2005-05-11 15:43:53 -07:00
   3.407 +@@ -554,7 +554,7 @@
   3.408 + 	struct via686a_data *data = via686a_update_device(dev);
   3.409 + 	return sprintf(buf,"%d\n", ALARMS_FROM_REG(data->alarms));
   3.410 + }
   3.411 +-static DEVICE_ATTR(alarms, S_IRUGO | S_IWUSR, show_alarms, NULL);
   3.412 ++static DEVICE_ATTR(alarms, S_IRUGO, show_alarms, NULL);
   3.413 + 
   3.414 + /* The driver. I choose to use type i2c_driver, as at is identical to both
   3.415 +    smbus_driver and isa_driver, and clients could be of either kind */
   3.416 +diff -Nru a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h
   3.417 +--- a/drivers/input/serio/i8042-x86ia64io.h	2005-05-11 15:43:53 -07:00
   3.418 ++++ b/drivers/input/serio/i8042-x86ia64io.h	2005-05-11 15:43:53 -07:00
   3.419 +@@ -88,7 +88,7 @@
   3.420 + };
   3.421 + #endif
   3.422 + 
   3.423 +-#ifdef CONFIG_ACPI
   3.424 ++#if defined(__ia64__) && defined(CONFIG_ACPI)
   3.425 + #include <linux/acpi.h>
   3.426 + #include <acpi/acpi_bus.h>
   3.427 + 
   3.428 +@@ -281,7 +281,7 @@
   3.429 + 	i8042_kbd_irq = I8042_MAP_IRQ(1);
   3.430 + 	i8042_aux_irq = I8042_MAP_IRQ(12);
   3.431 + 
   3.432 +-#ifdef CONFIG_ACPI
   3.433 ++#if defined(__ia64__) && defined(CONFIG_ACPI)
   3.434 + 	if (i8042_acpi_init())
   3.435 + 		return -1;
   3.436 + #endif
   3.437 +@@ -300,7 +300,7 @@
   3.438 + 
   3.439 + static inline void i8042_platform_exit(void)
   3.440 + {
   3.441 +-#ifdef CONFIG_ACPI
   3.442 ++#if defined(__ia64__) && defined(CONFIG_ACPI)
   3.443 + 	i8042_acpi_exit();
   3.444 + #endif
   3.445 + }
   3.446 +diff -Nru a/drivers/md/raid6altivec.uc b/drivers/md/raid6altivec.uc
   3.447 +--- a/drivers/md/raid6altivec.uc	2005-05-11 15:43:53 -07:00
   3.448 ++++ b/drivers/md/raid6altivec.uc	2005-05-11 15:43:53 -07:00
   3.449 +@@ -108,7 +108,11 @@
   3.450 + int raid6_have_altivec(void)
   3.451 + {
   3.452 + 	/* This assumes either all CPUs have Altivec or none does */
   3.453 ++#ifdef CONFIG_PPC64
   3.454 + 	return cur_cpu_spec->cpu_features & CPU_FTR_ALTIVEC;
   3.455 ++#else
   3.456 ++	return cur_cpu_spec[0]->cpu_features & CPU_FTR_ALTIVEC;
   3.457 ++#endif
   3.458 + }
   3.459 + #endif
   3.460 + 
   3.461 +diff -Nru a/drivers/media/video/adv7170.c b/drivers/media/video/adv7170.c
   3.462 +--- a/drivers/media/video/adv7170.c	2005-05-11 15:43:53 -07:00
   3.463 ++++ b/drivers/media/video/adv7170.c	2005-05-11 15:43:53 -07:00
   3.464 +@@ -130,7 +130,7 @@
   3.465 + 		u8 block_data[32];
   3.466 + 
   3.467 + 		msg.addr = client->addr;
   3.468 +-		msg.flags = client->flags;
   3.469 ++		msg.flags = 0;
   3.470 + 		while (len >= 2) {
   3.471 + 			msg.buf = (char *) block_data;
   3.472 + 			msg.len = 0;
   3.473 +diff -Nru a/drivers/media/video/adv7175.c b/drivers/media/video/adv7175.c
   3.474 +--- a/drivers/media/video/adv7175.c	2005-05-11 15:43:53 -07:00
   3.475 ++++ b/drivers/media/video/adv7175.c	2005-05-11 15:43:53 -07:00
   3.476 +@@ -126,7 +126,7 @@
   3.477 + 		u8 block_data[32];
   3.478 + 
   3.479 + 		msg.addr = client->addr;
   3.480 +-		msg.flags = client->flags;
   3.481 ++		msg.flags = 0;
   3.482 + 		while (len >= 2) {
   3.483 + 			msg.buf = (char *) block_data;
   3.484 + 			msg.len = 0;
   3.485 +diff -Nru a/drivers/media/video/bt819.c b/drivers/media/video/bt819.c
   3.486 +--- a/drivers/media/video/bt819.c	2005-05-11 15:43:53 -07:00
   3.487 ++++ b/drivers/media/video/bt819.c	2005-05-11 15:43:53 -07:00
   3.488 +@@ -146,7 +146,7 @@
   3.489 + 		u8 block_data[32];
   3.490 + 
   3.491 + 		msg.addr = client->addr;
   3.492 +-		msg.flags = client->flags;
   3.493 ++		msg.flags = 0;
   3.494 + 		while (len >= 2) {
   3.495 + 			msg.buf = (char *) block_data;
   3.496 + 			msg.len = 0;
   3.497 +diff -Nru a/drivers/media/video/bttv-cards.c b/drivers/media/video/bttv-cards.c
   3.498 +--- a/drivers/media/video/bttv-cards.c	2005-05-11 15:43:53 -07:00
   3.499 ++++ b/drivers/media/video/bttv-cards.c	2005-05-11 15:43:53 -07:00
   3.500 +@@ -2718,8 +2718,6 @@
   3.501 +         }
   3.502 + 	btv->pll.pll_current = -1;
   3.503 + 
   3.504 +-	bttv_reset_audio(btv);
   3.505 +-
   3.506 + 	/* tuner configuration (from card list / autodetect / insmod option) */
   3.507 +  	if (UNSET != bttv_tvcards[btv->c.type].tuner_type)
   3.508 + 		if(UNSET == btv->tuner_type)
   3.509 +diff -Nru a/drivers/media/video/saa7110.c b/drivers/media/video/saa7110.c
   3.510 +--- a/drivers/media/video/saa7110.c	2005-05-11 15:43:53 -07:00
   3.511 ++++ b/drivers/media/video/saa7110.c	2005-05-11 15:43:53 -07:00
   3.512 +@@ -60,8 +60,10 @@
   3.513 + 
   3.514 + #define	I2C_SAA7110		0x9C	/* or 0x9E */
   3.515 + 
   3.516 ++#define SAA7110_NR_REG		0x35
   3.517 ++
   3.518 + struct saa7110 {
   3.519 +-	unsigned char reg[54];
   3.520 ++	u8 reg[SAA7110_NR_REG];
   3.521 + 
   3.522 + 	int norm;
   3.523 + 	int input;
   3.524 +@@ -95,31 +97,28 @@
   3.525 + 		     unsigned int       len)
   3.526 + {
   3.527 + 	int ret = -1;
   3.528 +-	u8 reg = *data++;
   3.529 ++	u8 reg = *data;		/* first register to write to */
   3.530 + 
   3.531 +-	len--;
   3.532 ++	/* Sanity check */
   3.533 ++	if (reg + (len - 1) > SAA7110_NR_REG)
   3.534 ++		return ret;
   3.535 + 
   3.536 + 	/* the saa7110 has an autoincrement function, use it if
   3.537 + 	 * the adapter understands raw I2C */
   3.538 + 	if (i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) {
   3.539 + 		struct saa7110 *decoder = i2c_get_clientdata(client);
   3.540 + 		struct i2c_msg msg;
   3.541 +-		u8 block_data[54];
   3.542 + 
   3.543 +-		msg.len = 0;
   3.544 +-		msg.buf = (char *) block_data;
   3.545 ++		msg.len = len;
   3.546 ++		msg.buf = (char *) data;
   3.547 + 		msg.addr = client->addr;
   3.548 +-		msg.flags = client->flags;
   3.549 +-		while (len >= 1) {
   3.550 +-			msg.len = 0;
   3.551 +-			block_data[msg.len++] = reg;
   3.552 +-			while (len-- >= 1 && msg.len < 54)
   3.553 +-				block_data[msg.len++] =
   3.554 +-				    decoder->reg[reg++] = *data++;
   3.555 +-			ret = i2c_transfer(client->adapter, &msg, 1);
   3.556 +-		}
   3.557 ++		msg.flags = 0;
   3.558 ++		ret = i2c_transfer(client->adapter, &msg, 1);
   3.559 ++
   3.560 ++		/* Cache the written data */
   3.561 ++		memcpy(decoder->reg + reg, data + 1, len - 1);
   3.562 + 	} else {
   3.563 +-		while (len-- >= 1) {
   3.564 ++		for (++data, --len; len; len--) {
   3.565 + 			if ((ret = saa7110_write(client, reg++,
   3.566 + 						 *data++)) < 0)
   3.567 + 				break;
   3.568 +@@ -192,7 +191,7 @@
   3.569 + 	return 0;
   3.570 + }
   3.571 + 
   3.572 +-static const unsigned char initseq[] = {
   3.573 ++static const unsigned char initseq[1 + SAA7110_NR_REG] = {
   3.574 + 	0, 0x4C, 0x3C, 0x0D, 0xEF, 0xBD, 0xF2, 0x03, 0x00,
   3.575 + 	/* 0x08 */ 0xF8, 0xF8, 0x60, 0x60, 0x00, 0x86, 0x18, 0x90,
   3.576 + 	/* 0x10 */ 0x00, 0x59, 0x40, 0x46, 0x42, 0x1A, 0xFF, 0xDA,
   3.577 +diff -Nru a/drivers/media/video/saa7114.c b/drivers/media/video/saa7114.c
   3.578 +--- a/drivers/media/video/saa7114.c	2005-05-11 15:43:53 -07:00
   3.579 ++++ b/drivers/media/video/saa7114.c	2005-05-11 15:43:53 -07:00
   3.580 +@@ -163,7 +163,7 @@
   3.581 + 		u8 block_data[32];
   3.582 + 
   3.583 + 		msg.addr = client->addr;
   3.584 +-		msg.flags = client->flags;
   3.585 ++		msg.flags = 0;
   3.586 + 		while (len >= 2) {
   3.587 + 			msg.buf = (char *) block_data;
   3.588 + 			msg.len = 0;
   3.589 +diff -Nru a/drivers/media/video/saa7185.c b/drivers/media/video/saa7185.c
   3.590 +--- a/drivers/media/video/saa7185.c	2005-05-11 15:43:53 -07:00
   3.591 ++++ b/drivers/media/video/saa7185.c	2005-05-11 15:43:53 -07:00
   3.592 +@@ -118,7 +118,7 @@
   3.593 + 		u8 block_data[32];
   3.594 + 
   3.595 + 		msg.addr = client->addr;
   3.596 +-		msg.flags = client->flags;
   3.597 ++		msg.flags = 0;
   3.598 + 		while (len >= 2) {
   3.599 + 			msg.buf = (char *) block_data;
   3.600 + 			msg.len = 0;
   3.601 +diff -Nru a/drivers/net/amd8111e.c b/drivers/net/amd8111e.c
   3.602 +--- a/drivers/net/amd8111e.c	2005-05-11 15:43:53 -07:00
   3.603 ++++ b/drivers/net/amd8111e.c	2005-05-11 15:43:53 -07:00
   3.604 +@@ -1381,6 +1381,8 @@
   3.605 + 
   3.606 + 	if(amd8111e_restart(dev)){
   3.607 + 		spin_unlock_irq(&lp->lock);
   3.608 ++		if (dev->irq)
   3.609 ++			free_irq(dev->irq, dev);
   3.610 + 		return -ENOMEM;
   3.611 + 	}
   3.612 + 	/* Start ipg timer */
   3.613 +diff -Nru a/drivers/net/ppp_async.c b/drivers/net/ppp_async.c
   3.614 +--- a/drivers/net/ppp_async.c	2005-05-11 15:43:53 -07:00
   3.615 ++++ b/drivers/net/ppp_async.c	2005-05-11 15:43:53 -07:00
   3.616 +@@ -1000,7 +1000,7 @@
   3.617 + 	data += 4;
   3.618 + 	dlen -= 4;
   3.619 + 	/* data[0] is code, data[1] is length */
   3.620 +-	while (dlen >= 2 && dlen >= data[1]) {
   3.621 ++	while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) {
   3.622 + 		switch (data[0]) {
   3.623 + 		case LCP_MRU:
   3.624 + 			val = (data[2] << 8) + data[3];
   3.625 +diff -Nru a/drivers/net/r8169.c b/drivers/net/r8169.c
   3.626 +--- a/drivers/net/r8169.c	2005-05-11 15:43:53 -07:00
   3.627 ++++ b/drivers/net/r8169.c	2005-05-11 15:43:53 -07:00
   3.628 +@@ -1683,16 +1683,19 @@
   3.629 + 	rtl8169_make_unusable_by_asic(desc);
   3.630 + }
   3.631 + 
   3.632 +-static inline void rtl8169_return_to_asic(struct RxDesc *desc, int rx_buf_sz)
   3.633 ++static inline void rtl8169_mark_to_asic(struct RxDesc *desc, u32 rx_buf_sz)
   3.634 + {
   3.635 +-	desc->opts1 |= cpu_to_le32(DescOwn + rx_buf_sz);
   3.636 ++	u32 eor = le32_to_cpu(desc->opts1) & RingEnd;
   3.637 ++
   3.638 ++	desc->opts1 = cpu_to_le32(DescOwn | eor | rx_buf_sz);
   3.639 + }
   3.640 + 
   3.641 +-static inline void rtl8169_give_to_asic(struct RxDesc *desc, dma_addr_t mapping,
   3.642 +-					int rx_buf_sz)
   3.643 ++static inline void rtl8169_map_to_asic(struct RxDesc *desc, dma_addr_t mapping,
   3.644 ++				       u32 rx_buf_sz)
   3.645 + {
   3.646 + 	desc->addr = cpu_to_le64(mapping);
   3.647 +-	desc->opts1 |= cpu_to_le32(DescOwn + rx_buf_sz);
   3.648 ++	wmb();
   3.649 ++	rtl8169_mark_to_asic(desc, rx_buf_sz);
   3.650 + }
   3.651 + 
   3.652 + static int rtl8169_alloc_rx_skb(struct pci_dev *pdev, struct sk_buff **sk_buff,
   3.653 +@@ -1712,7 +1715,7 @@
   3.654 + 	mapping = pci_map_single(pdev, skb->tail, rx_buf_sz,
   3.655 + 				 PCI_DMA_FROMDEVICE);
   3.656 + 
   3.657 +-	rtl8169_give_to_asic(desc, mapping, rx_buf_sz);
   3.658 ++	rtl8169_map_to_asic(desc, mapping, rx_buf_sz);
   3.659 + 
   3.660 + out:
   3.661 + 	return ret;
   3.662 +@@ -2150,7 +2153,7 @@
   3.663 + 			skb_reserve(skb, NET_IP_ALIGN);
   3.664 + 			eth_copy_and_sum(skb, sk_buff[0]->tail, pkt_size, 0);
   3.665 + 			*sk_buff = skb;
   3.666 +-			rtl8169_return_to_asic(desc, rx_buf_sz);
   3.667 ++			rtl8169_mark_to_asic(desc, rx_buf_sz);
   3.668 + 			ret = 0;
   3.669 + 		}
   3.670 + 	}
   3.671 +diff -Nru a/drivers/net/sis900.c b/drivers/net/sis900.c
   3.672 +--- a/drivers/net/sis900.c	2005-05-11 15:43:53 -07:00
   3.673 ++++ b/drivers/net/sis900.c	2005-05-11 15:43:53 -07:00
   3.674 +@@ -236,7 +236,7 @@
   3.675 + 	signature = (u16) read_eeprom(ioaddr, EEPROMSignature);    
   3.676 + 	if (signature == 0xffff || signature == 0x0000) {
   3.677 + 		printk (KERN_INFO "%s: Error EERPOM read %x\n", 
   3.678 +-			net_dev->name, signature);
   3.679 ++			pci_name(pci_dev), signature);
   3.680 + 		return 0;
   3.681 + 	}
   3.682 + 
   3.683 +@@ -268,7 +268,7 @@
   3.684 + 	if (!isa_bridge)
   3.685 + 		isa_bridge = pci_get_device(PCI_VENDOR_ID_SI, 0x0018, isa_bridge);
   3.686 + 	if (!isa_bridge) {
   3.687 +-		printk("%s: Can not find ISA bridge\n", net_dev->name);
   3.688 ++		printk("%s: Can not find ISA bridge\n", pci_name(pci_dev));
   3.689 + 		return 0;
   3.690 + 	}
   3.691 + 	pci_read_config_byte(isa_bridge, 0x48, &reg);
   3.692 +@@ -456,10 +456,6 @@
   3.693 + 	net_dev->tx_timeout = sis900_tx_timeout;
   3.694 + 	net_dev->watchdog_timeo = TX_TIMEOUT;
   3.695 + 	net_dev->ethtool_ops = &sis900_ethtool_ops;
   3.696 +-	
   3.697 +-	ret = register_netdev(net_dev);
   3.698 +-	if (ret)
   3.699 +-		goto err_unmap_rx;
   3.700 + 		
   3.701 + 	/* Get Mac address according to the chip revision */
   3.702 + 	pci_read_config_byte(pci_dev, PCI_CLASS_REVISION, &revision);
   3.703 +@@ -476,7 +472,7 @@
   3.704 + 
   3.705 + 	if (ret == 0) {
   3.706 + 		ret = -ENODEV;
   3.707 +-		goto err_out_unregister;
   3.708 ++		goto err_unmap_rx;
   3.709 + 	}
   3.710 + 	
   3.711 + 	/* 630ET : set the mii access mode as software-mode */
   3.712 +@@ -486,7 +482,7 @@
   3.713 + 	/* probe for mii transceiver */
   3.714 + 	if (sis900_mii_probe(net_dev) == 0) {
   3.715 + 		ret = -ENODEV;
   3.716 +-		goto err_out_unregister;
   3.717 ++		goto err_unmap_rx;
   3.718 + 	}
   3.719 + 
   3.720 + 	/* save our host bridge revision */
   3.721 +@@ -496,6 +492,10 @@
   3.722 + 		pci_dev_put(dev);
   3.723 + 	}
   3.724 + 
   3.725 ++	ret = register_netdev(net_dev);
   3.726 ++	if (ret)
   3.727 ++		goto err_unmap_rx;
   3.728 ++
   3.729 + 	/* print some information about our NIC */
   3.730 + 	printk(KERN_INFO "%s: %s at %#lx, IRQ %d, ", net_dev->name,
   3.731 + 	       card_name, ioaddr, net_dev->irq);
   3.732 +@@ -505,8 +505,6 @@
   3.733 + 
   3.734 + 	return 0;
   3.735 + 
   3.736 +- err_out_unregister:
   3.737 +- 	unregister_netdev(net_dev);
   3.738 +  err_unmap_rx:
   3.739 + 	pci_free_consistent(pci_dev, RX_TOTAL_SIZE, sis_priv->rx_ring,
   3.740 + 		sis_priv->rx_ring_dma);
   3.741 +@@ -533,6 +531,7 @@
   3.742 + static int __init sis900_mii_probe(struct net_device * net_dev)
   3.743 + {
   3.744 + 	struct sis900_private * sis_priv = net_dev->priv;
   3.745 ++	const char *dev_name = pci_name(sis_priv->pci_dev);
   3.746 + 	u16 poll_bit = MII_STAT_LINK, status = 0;
   3.747 + 	unsigned long timeout = jiffies + 5 * HZ;
   3.748 + 	int phy_addr;
   3.749 +@@ -582,21 +581,20 @@
   3.750 + 					mii_phy->phy_types =
   3.751 + 					    (mii_status & (MII_STAT_CAN_TX_FDX | MII_STAT_CAN_TX)) ? LAN : HOME;
   3.752 + 				printk(KERN_INFO "%s: %s transceiver found at address %d.\n",
   3.753 +-				       net_dev->name, mii_chip_table[i].name,
   3.754 ++				       dev_name, mii_chip_table[i].name,
   3.755 + 				       phy_addr);
   3.756 + 				break;
   3.757 + 			}
   3.758 + 			
   3.759 + 		if( !mii_chip_table[i].phy_id1 ) {
   3.760 + 			printk(KERN_INFO "%s: Unknown PHY transceiver found at address %d.\n",
   3.761 +-			       net_dev->name, phy_addr);
   3.762 ++			       dev_name, phy_addr);
   3.763 + 			mii_phy->phy_types = UNKNOWN;
   3.764 + 		}
   3.765 + 	}
   3.766 + 	
   3.767 + 	if (sis_priv->mii == NULL) {
   3.768 +-		printk(KERN_INFO "%s: No MII transceivers found!\n",
   3.769 +-			net_dev->name);
   3.770 ++		printk(KERN_INFO "%s: No MII transceivers found!\n", dev_name);
   3.771 + 		return 0;
   3.772 + 	}
   3.773 + 
   3.774 +@@ -621,7 +619,7 @@
   3.775 + 			poll_bit ^= (mdio_read(net_dev, sis_priv->cur_phy, MII_STATUS) & poll_bit);
   3.776 + 			if (time_after_eq(jiffies, timeout)) {
   3.777 + 				printk(KERN_WARNING "%s: reset phy and link down now\n",
   3.778 +-					net_dev->name);
   3.779 ++				       dev_name);
   3.780 + 				return -ETIME;
   3.781 + 			}
   3.782 + 		}
   3.783 +@@ -691,7 +689,7 @@
   3.784 + 		sis_priv->mii = default_phy;
   3.785 + 		sis_priv->cur_phy = default_phy->phy_addr;
   3.786 + 		printk(KERN_INFO "%s: Using transceiver found at address %d as default\n",
   3.787 +-					net_dev->name,sis_priv->cur_phy);
   3.788 ++		       pci_name(sis_priv->pci_dev), sis_priv->cur_phy);
   3.789 + 	}
   3.790 + 	
   3.791 + 	status = mdio_read(net_dev, sis_priv->cur_phy, MII_CONTROL);
   3.792 +diff -Nru a/drivers/net/tun.c b/drivers/net/tun.c
   3.793 +--- a/drivers/net/tun.c	2005-05-11 15:43:53 -07:00
   3.794 ++++ b/drivers/net/tun.c	2005-05-11 15:43:53 -07:00
   3.795 +@@ -229,7 +229,7 @@
   3.796 + 	size_t len = count;
   3.797 + 
   3.798 + 	if (!(tun->flags & TUN_NO_PI)) {
   3.799 +-		if ((len -= sizeof(pi)) > len)
   3.800 ++		if ((len -= sizeof(pi)) > count)
   3.801 + 			return -EINVAL;
   3.802 + 
   3.803 + 		if(memcpy_fromiovec((void *)&pi, iv, sizeof(pi)))
   3.804 +diff -Nru a/drivers/net/via-rhine.c b/drivers/net/via-rhine.c
   3.805 +--- a/drivers/net/via-rhine.c	2005-05-11 15:43:53 -07:00
   3.806 ++++ b/drivers/net/via-rhine.c	2005-05-11 15:43:53 -07:00
   3.807 +@@ -1197,8 +1197,10 @@
   3.808 + 		       dev->name, rp->pdev->irq);
   3.809 + 
   3.810 + 	rc = alloc_ring(dev);
   3.811 +-	if (rc)
   3.812 ++	if (rc) {
   3.813 ++		free_irq(rp->pdev->irq, dev);
   3.814 + 		return rc;
   3.815 ++	}
   3.816 + 	alloc_rbufs(dev);
   3.817 + 	alloc_tbufs(dev);
   3.818 + 	rhine_chip_reset(dev);
   3.819 +@@ -1898,6 +1900,9 @@
   3.820 + 	struct net_device *dev = pci_get_drvdata(pdev);
   3.821 + 	struct rhine_private *rp = netdev_priv(dev);
   3.822 + 	void __iomem *ioaddr = rp->base;
   3.823 ++
   3.824 ++	if (!(rp->quirks & rqWOL))
   3.825 ++		return; /* Nothing to do for non-WOL adapters */
   3.826 + 
   3.827 + 	rhine_power_init(dev);
   3.828 + 
   3.829 +diff -Nru a/drivers/net/wan/hd6457x.c b/drivers/net/wan/hd6457x.c
   3.830 +--- a/drivers/net/wan/hd6457x.c	2005-05-11 15:43:53 -07:00
   3.831 ++++ b/drivers/net/wan/hd6457x.c	2005-05-11 15:43:53 -07:00
   3.832 +@@ -315,7 +315,7 @@
   3.833 + #endif
   3.834 + 	stats->rx_packets++;
   3.835 + 	stats->rx_bytes += skb->len;
   3.836 +-	skb->dev->last_rx = jiffies;
   3.837 ++	dev->last_rx = jiffies;
   3.838 + 	skb->protocol = hdlc_type_trans(skb, dev);
   3.839 + 	netif_rx(skb);
   3.840 + }
   3.841 +diff -Nru a/drivers/pci/hotplug/pciehp_ctrl.c b/drivers/pci/hotplug/pciehp_ctrl.c
   3.842 +--- a/drivers/pci/hotplug/pciehp_ctrl.c	2005-05-11 15:43:53 -07:00
   3.843 ++++ b/drivers/pci/hotplug/pciehp_ctrl.c	2005-05-11 15:43:53 -07:00
   3.844 +@@ -1354,10 +1354,11 @@
   3.845 + 				dbg("PCI Bridge Hot-Remove s:b:d:f(%02x:%02x:%02x:%02x)\n", 
   3.846 + 					ctrl->seg, func->bus, func->device, func->function);
   3.847 + 				bridge_slot_remove(func);
   3.848 +-			} else
   3.849 ++			} else {
   3.850 + 				dbg("PCI Function Hot-Remove s:b:d:f(%02x:%02x:%02x:%02x)\n", 
   3.851 + 					ctrl->seg, func->bus, func->device, func->function);
   3.852 + 				slot_remove(func);
   3.853 ++			}
   3.854 + 
   3.855 + 			func = pciehp_slot_find(ctrl->slot_bus, device, 0);
   3.856 + 		}
   3.857 +diff -Nru a/fs/binfmt_elf.c b/fs/binfmt_elf.c
   3.858 +--- a/fs/binfmt_elf.c	2005-05-11 15:43:53 -07:00
   3.859 ++++ b/fs/binfmt_elf.c	2005-05-11 15:43:53 -07:00
   3.860 +@@ -257,7 +257,7 @@
   3.861 + 	}
   3.862 + 
   3.863 + 	/* Populate argv and envp */
   3.864 +-	p = current->mm->arg_start;
   3.865 ++	p = current->mm->arg_end = current->mm->arg_start;
   3.866 + 	while (argc-- > 0) {
   3.867 + 		size_t len;
   3.868 + 		__put_user((elf_addr_t)p, argv++);
   3.869 +@@ -1008,6 +1008,7 @@
   3.870 + static int load_elf_library(struct file *file)
   3.871 + {
   3.872 + 	struct elf_phdr *elf_phdata;
   3.873 ++	struct elf_phdr *eppnt;
   3.874 + 	unsigned long elf_bss, bss, len;
   3.875 + 	int retval, error, i, j;
   3.876 + 	struct elfhdr elf_ex;
   3.877 +@@ -1031,44 +1032,47 @@
   3.878 + 	/* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
   3.879 + 
   3.880 + 	error = -ENOMEM;
   3.881 +-	elf_phdata = (struct elf_phdr *) kmalloc(j, GFP_KERNEL);
   3.882 ++	elf_phdata = kmalloc(j, GFP_KERNEL);
   3.883 + 	if (!elf_phdata)
   3.884 + 		goto out;
   3.885 + 
   3.886 ++	eppnt = elf_phdata;
   3.887 + 	error = -ENOEXEC;
   3.888 +-	retval = kernel_read(file, elf_ex.e_phoff, (char *) elf_phdata, j);
   3.889 ++	retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);
   3.890 + 	if (retval != j)
   3.891 + 		goto out_free_ph;
   3.892 + 
   3.893 + 	for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
   3.894 +-		if ((elf_phdata + i)->p_type == PT_LOAD) j++;
   3.895 ++		if ((eppnt + i)->p_type == PT_LOAD)
   3.896 ++			j++;
   3.897 + 	if (j != 1)
   3.898 + 		goto out_free_ph;
   3.899 + 
   3.900 +-	while (elf_phdata->p_type != PT_LOAD) elf_phdata++;
   3.901 ++	while (eppnt->p_type != PT_LOAD)
   3.902 ++		eppnt++;
   3.903 + 
   3.904 + 	/* Now use mmap to map the library into memory. */
   3.905 + 	down_write(&current->mm->mmap_sem);
   3.906 + 	error = do_mmap(file,
   3.907 +-			ELF_PAGESTART(elf_phdata->p_vaddr),
   3.908 +-			(elf_phdata->p_filesz +
   3.909 +-			 ELF_PAGEOFFSET(elf_phdata->p_vaddr)),
   3.910 ++			ELF_PAGESTART(eppnt->p_vaddr),
   3.911 ++			(eppnt->p_filesz +
   3.912 ++			 ELF_PAGEOFFSET(eppnt->p_vaddr)),
   3.913 + 			PROT_READ | PROT_WRITE | PROT_EXEC,
   3.914 + 			MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
   3.915 +-			(elf_phdata->p_offset -
   3.916 +-			 ELF_PAGEOFFSET(elf_phdata->p_vaddr)));
   3.917 ++			(eppnt->p_offset -
   3.918 ++			 ELF_PAGEOFFSET(eppnt->p_vaddr)));
   3.919 + 	up_write(&current->mm->mmap_sem);
   3.920 +-	if (error != ELF_PAGESTART(elf_phdata->p_vaddr))
   3.921 ++	if (error != ELF_PAGESTART(eppnt->p_vaddr))
   3.922 + 		goto out_free_ph;
   3.923 + 
   3.924 +-	elf_bss = elf_phdata->p_vaddr + elf_phdata->p_filesz;
   3.925 ++	elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
   3.926 + 	if (padzero(elf_bss)) {
   3.927 + 		error = -EFAULT;
   3.928 + 		goto out_free_ph;
   3.929 + 	}
   3.930 + 
   3.931 +-	len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1);
   3.932 +-	bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
   3.933 ++	len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + ELF_MIN_ALIGN - 1);
   3.934 ++	bss = eppnt->p_memsz + eppnt->p_vaddr;
   3.935 + 	if (bss > len) {
   3.936 + 		down_write(&current->mm->mmap_sem);
   3.937 + 		do_brk(len, bss - len);
   3.938 +@@ -1275,7 +1279,7 @@
   3.939 + static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
   3.940 + 		       struct mm_struct *mm)
   3.941 + {
   3.942 +-	int i, len;
   3.943 ++	unsigned int i, len;
   3.944 + 	
   3.945 + 	/* first copy the parameters from user space */
   3.946 + 	memset(psinfo, 0, sizeof(struct elf_prpsinfo));
   3.947 +diff -Nru a/fs/cramfs/inode.c b/fs/cramfs/inode.c
   3.948 +--- a/fs/cramfs/inode.c	2005-05-11 15:43:53 -07:00
   3.949 ++++ b/fs/cramfs/inode.c	2005-05-11 15:43:53 -07:00
   3.950 +@@ -70,6 +70,7 @@
   3.951 + 			inode->i_data.a_ops = &cramfs_aops;
   3.952 + 		} else {
   3.953 + 			inode->i_size = 0;
   3.954 ++			inode->i_blocks = 0;
   3.955 + 			init_special_inode(inode, inode->i_mode,
   3.956 + 				old_decode_dev(cramfs_inode->size));
   3.957 + 		}
   3.958 +diff -Nru a/fs/eventpoll.c b/fs/eventpoll.c
   3.959 +--- a/fs/eventpoll.c	2005-05-11 15:43:53 -07:00
   3.960 ++++ b/fs/eventpoll.c	2005-05-11 15:43:53 -07:00
   3.961 +@@ -619,6 +619,7 @@
   3.962 + 	return error;
   3.963 + }
   3.964 + 
   3.965 ++#define MAX_EVENTS (INT_MAX / sizeof(struct epoll_event))
   3.966 + 
   3.967 + /*
   3.968 +  * Implement the event wait interface for the eventpoll file. It is the kernel
   3.969 +@@ -635,7 +636,7 @@
   3.970 + 		     current, epfd, events, maxevents, timeout));
   3.971 + 
   3.972 + 	/* The maximum number of event must be greater than zero */
   3.973 +-	if (maxevents <= 0)
   3.974 ++	if (maxevents <= 0 || maxevents > MAX_EVENTS)
   3.975 + 		return -EINVAL;
   3.976 + 
   3.977 + 	/* Verify that the area passed by the user is writeable */
   3.978 +diff -Nru a/fs/exec.c b/fs/exec.c
   3.979 +--- a/fs/exec.c	2005-05-11 15:43:53 -07:00
   3.980 ++++ b/fs/exec.c	2005-05-11 15:43:53 -07:00
   3.981 +@@ -814,7 +814,7 @@
   3.982 + {
   3.983 + 	/* buf must be at least sizeof(tsk->comm) in size */
   3.984 + 	task_lock(tsk);
   3.985 +-	memcpy(buf, tsk->comm, sizeof(tsk->comm));
   3.986 ++	strncpy(buf, tsk->comm, sizeof(tsk->comm));
   3.987 + 	task_unlock(tsk);
   3.988 + }
   3.989 + 
   3.990 +diff -Nru a/fs/ext2/dir.c b/fs/ext2/dir.c
   3.991 +--- a/fs/ext2/dir.c	2005-05-11 15:43:53 -07:00
   3.992 ++++ b/fs/ext2/dir.c	2005-05-11 15:43:53 -07:00
   3.993 +@@ -592,6 +592,7 @@
   3.994 + 		goto fail;
   3.995 + 	}
   3.996 + 	kaddr = kmap_atomic(page, KM_USER0);
   3.997 ++       memset(kaddr, 0, chunk_size);
   3.998 + 	de = (struct ext2_dir_entry_2 *)kaddr;
   3.999 + 	de->name_len = 1;
  3.1000 + 	de->rec_len = cpu_to_le16(EXT2_DIR_REC_LEN(1));
  3.1001 +diff -Nru a/fs/isofs/inode.c b/fs/isofs/inode.c
  3.1002 +--- a/fs/isofs/inode.c	2005-05-11 15:43:53 -07:00
  3.1003 ++++ b/fs/isofs/inode.c	2005-05-11 15:43:53 -07:00
  3.1004 +@@ -685,6 +685,8 @@
  3.1005 + 	  sbi->s_log_zone_size = isonum_723 (h_pri->logical_block_size);
  3.1006 + 	  sbi->s_max_size = isonum_733(h_pri->volume_space_size);
  3.1007 + 	} else {
  3.1008 ++	  if (!pri)
  3.1009 ++	    goto out_freebh;
  3.1010 + 	  rootp = (struct iso_directory_record *) pri->root_directory_record;
  3.1011 + 	  sbi->s_nzones = isonum_733 (pri->volume_space_size);
  3.1012 + 	  sbi->s_log_zone_size = isonum_723 (pri->logical_block_size);
  3.1013 +@@ -1394,6 +1396,9 @@
  3.1014 + 	unsigned long hashval;
  3.1015 + 	struct inode *inode;
  3.1016 + 	struct isofs_iget5_callback_data data;
  3.1017 ++
  3.1018 ++	if (offset >= 1ul << sb->s_blocksize_bits)
  3.1019 ++		return NULL;
  3.1020 + 
  3.1021 + 	data.block = block;
  3.1022 + 	data.offset = offset;
  3.1023 +diff -Nru a/fs/isofs/rock.c b/fs/isofs/rock.c
  3.1024 +--- a/fs/isofs/rock.c	2005-05-11 15:43:53 -07:00
  3.1025 ++++ b/fs/isofs/rock.c	2005-05-11 15:43:53 -07:00
  3.1026 +@@ -53,6 +53,7 @@
  3.1027 +   if(LEN & 1) LEN++;						\
  3.1028 +   CHR = ((unsigned char *) DE) + LEN;				\
  3.1029 +   LEN = *((unsigned char *) DE) - LEN;                          \
  3.1030 ++  if (LEN<0) LEN=0;                                             \
  3.1031 +   if (ISOFS_SB(inode->i_sb)->s_rock_offset!=-1)                \
  3.1032 +   {                                                             \
  3.1033 +      LEN-=ISOFS_SB(inode->i_sb)->s_rock_offset;                \
  3.1034 +@@ -73,6 +74,10 @@
  3.1035 +     offset1 = 0; \
  3.1036 +     pbh = sb_bread(DEV->i_sb, block); \
  3.1037 +     if(pbh){       \
  3.1038 ++      if (offset > pbh->b_size || offset + cont_size > pbh->b_size){	\
  3.1039 ++	brelse(pbh); \
  3.1040 ++	goto out; \
  3.1041 ++      } \
  3.1042 +       memcpy(buffer + offset1, pbh->b_data + offset, cont_size - offset1); \
  3.1043 +       brelse(pbh); \
  3.1044 +       chr = (unsigned char *) buffer; \
  3.1045 +@@ -103,12 +108,13 @@
  3.1046 +     struct rock_ridge * rr;
  3.1047 +     int sig;
  3.1048 +     
  3.1049 +-    while (len > 1){ /* There may be one byte for padding somewhere */
  3.1050 ++    while (len > 2){ /* There may be one byte for padding somewhere */
  3.1051 +       rr = (struct rock_ridge *) chr;
  3.1052 +-      if (rr->len == 0) goto out; /* Something got screwed up here */
  3.1053 ++      if (rr->len < 3) goto out; /* Something got screwed up here */
  3.1054 +       sig = isonum_721(chr);
  3.1055 +       chr += rr->len; 
  3.1056 +       len -= rr->len;
  3.1057 ++      if (len < 0) goto out;	/* corrupted isofs */
  3.1058 + 
  3.1059 +       switch(sig){
  3.1060 +       case SIG('R','R'):
  3.1061 +@@ -122,6 +128,7 @@
  3.1062 + 	break;
  3.1063 +       case SIG('N','M'):
  3.1064 + 	if (truncate) break;
  3.1065 ++	if (rr->len < 5) break;
  3.1066 +         /*
  3.1067 + 	 * If the flags are 2 or 4, this indicates '.' or '..'.
  3.1068 + 	 * We don't want to do anything with this, because it
  3.1069 +@@ -186,12 +193,13 @@
  3.1070 +     struct rock_ridge * rr;
  3.1071 +     int rootflag;
  3.1072 +     
  3.1073 +-    while (len > 1){ /* There may be one byte for padding somewhere */
  3.1074 ++    while (len > 2){ /* There may be one byte for padding somewhere */
  3.1075 +       rr = (struct rock_ridge *) chr;
  3.1076 +-      if (rr->len == 0) goto out; /* Something got screwed up here */
  3.1077 ++      if (rr->len < 3) goto out; /* Something got screwed up here */
  3.1078 +       sig = isonum_721(chr);
  3.1079 +       chr += rr->len; 
  3.1080 +       len -= rr->len;
  3.1081 ++      if (len < 0) goto out;	/* corrupted isofs */
  3.1082 +       
  3.1083 +       switch(sig){
  3.1084 + #ifndef CONFIG_ZISOFS		/* No flag for SF or ZF */
  3.1085 +@@ -462,7 +470,7 @@
  3.1086 + 	struct rock_ridge *rr;
  3.1087 + 
  3.1088 + 	if (!ISOFS_SB(inode->i_sb)->s_rock)
  3.1089 +-		panic ("Cannot have symlink with high sierra variant of iso filesystem\n");
  3.1090 ++		goto error;
  3.1091 + 
  3.1092 + 	block = ei->i_iget5_block;
  3.1093 + 	lock_kernel();
  3.1094 +@@ -487,13 +495,15 @@
  3.1095 + 	SETUP_ROCK_RIDGE(raw_inode, chr, len);
  3.1096 + 
  3.1097 +       repeat:
  3.1098 +-	while (len > 1) { /* There may be one byte for padding somewhere */
  3.1099 ++	while (len > 2) { /* There may be one byte for padding somewhere */
  3.1100 + 		rr = (struct rock_ridge *) chr;
  3.1101 +-		if (rr->len == 0)
  3.1102 ++		if (rr->len < 3)
  3.1103 + 			goto out;	/* Something got screwed up here */
  3.1104 + 		sig = isonum_721(chr);
  3.1105 + 		chr += rr->len;
  3.1106 + 		len -= rr->len;
  3.1107 ++		if (len < 0)
  3.1108 ++			goto out;	/* corrupted isofs */
  3.1109 + 
  3.1110 + 		switch (sig) {
  3.1111 + 		case SIG('R', 'R'):
  3.1112 +@@ -543,6 +553,7 @@
  3.1113 +       fail:
  3.1114 + 	brelse(bh);
  3.1115 + 	unlock_kernel();
  3.1116 ++      error:
  3.1117 + 	SetPageError(page);
  3.1118 + 	kunmap(page);
  3.1119 + 	unlock_page(page);
  3.1120 +diff -Nru a/fs/jbd/transaction.c b/fs/jbd/transaction.c
  3.1121 +--- a/fs/jbd/transaction.c	2005-05-11 15:43:53 -07:00
  3.1122 ++++ b/fs/jbd/transaction.c	2005-05-11 15:43:53 -07:00
  3.1123 +@@ -1775,10 +1775,10 @@
  3.1124 + 			JBUFFER_TRACE(jh, "checkpointed: add to BJ_Forget");
  3.1125 + 			ret = __dispose_buffer(jh,
  3.1126 + 					journal->j_running_transaction);
  3.1127 ++			journal_put_journal_head(jh);
  3.1128 + 			spin_unlock(&journal->j_list_lock);
  3.1129 + 			jbd_unlock_bh_state(bh);
  3.1130 + 			spin_unlock(&journal->j_state_lock);
  3.1131 +-			journal_put_journal_head(jh);
  3.1132 + 			return ret;
  3.1133 + 		} else {
  3.1134 + 			/* There is no currently-running transaction. So the
  3.1135 +@@ -1789,10 +1789,10 @@
  3.1136 + 				JBUFFER_TRACE(jh, "give to committing trans");
  3.1137 + 				ret = __dispose_buffer(jh,
  3.1138 + 					journal->j_committing_transaction);
  3.1139 ++				journal_put_journal_head(jh);
  3.1140 + 				spin_unlock(&journal->j_list_lock);
  3.1141 + 				jbd_unlock_bh_state(bh);
  3.1142 + 				spin_unlock(&journal->j_state_lock);
  3.1143 +-				journal_put_journal_head(jh);
  3.1144 + 				return ret;
  3.1145 + 			} else {
  3.1146 + 				/* The orphan record's transaction has
  3.1147 +@@ -1813,10 +1813,10 @@
  3.1148 + 					journal->j_running_transaction);
  3.1149 + 			jh->b_next_transaction = NULL;
  3.1150 + 		}
  3.1151 ++		journal_put_journal_head(jh);
  3.1152 + 		spin_unlock(&journal->j_list_lock);
  3.1153 + 		jbd_unlock_bh_state(bh);
  3.1154 + 		spin_unlock(&journal->j_state_lock);
  3.1155 +-		journal_put_journal_head(jh);
  3.1156 + 		return 0;
  3.1157 + 	} else {
  3.1158 + 		/* Good, the buffer belongs to the running transaction.
  3.1159 +diff -Nru a/kernel/exit.c b/kernel/exit.c
  3.1160 +--- a/kernel/exit.c	2005-05-11 15:43:53 -07:00
  3.1161 ++++ b/kernel/exit.c	2005-05-11 15:43:53 -07:00
  3.1162 +@@ -516,8 +516,6 @@
  3.1163 + 	 */
  3.1164 + 	BUG_ON(p == reaper || reaper->exit_state >= EXIT_ZOMBIE);
  3.1165 + 	p->real_parent = reaper;
  3.1166 +-	if (p->parent == p->real_parent)
  3.1167 +-		BUG();
  3.1168 + }
  3.1169 + 
  3.1170 + static inline void reparent_thread(task_t *p, task_t *father, int traced)
  3.1171 +diff -Nru a/kernel/signal.c b/kernel/signal.c
  3.1172 +--- a/kernel/signal.c	2005-05-11 15:43:53 -07:00
  3.1173 ++++ b/kernel/signal.c	2005-05-11 15:43:53 -07:00
  3.1174 +@@ -1728,6 +1728,7 @@
  3.1175 + 			 * with another processor delivering a stop signal,
  3.1176 + 			 * then the SIGCONT that wakes us up should clear it.
  3.1177 + 			 */
  3.1178 ++			read_unlock(&tasklist_lock);
  3.1179 + 			return 0;
  3.1180 + 		}
  3.1181 + 
  3.1182 +diff -Nru a/lib/rwsem-spinlock.c b/lib/rwsem-spinlock.c
  3.1183 +--- a/lib/rwsem-spinlock.c	2005-05-11 15:43:53 -07:00
  3.1184 ++++ b/lib/rwsem-spinlock.c	2005-05-11 15:43:53 -07:00
  3.1185 +@@ -140,12 +140,12 @@
  3.1186 + 
  3.1187 + 	rwsemtrace(sem, "Entering __down_read");
  3.1188 + 
  3.1189 +-	spin_lock(&sem->wait_lock);
  3.1190 ++	spin_lock_irq(&sem->wait_lock);
  3.1191 + 
  3.1192 + 	if (sem->activity >= 0 && list_empty(&sem->wait_list)) {
  3.1193 + 		/* granted */
  3.1194 + 		sem->activity++;
  3.1195 +-		spin_unlock(&sem->wait_lock);
  3.1196 ++		spin_unlock_irq(&sem->wait_lock);
  3.1197 + 		goto out;
  3.1198 + 	}
  3.1199 + 
  3.1200 +@@ -160,7 +160,7 @@
  3.1201 + 	list_add_tail(&waiter.list, &sem->wait_list);
  3.1202 + 
  3.1203 + 	/* we don't need to touch the semaphore struct anymore */
  3.1204 +-	spin_unlock(&sem->wait_lock);
  3.1205 ++	spin_unlock_irq(&sem->wait_lock);
  3.1206 + 
  3.1207 + 	/* wait to be given the lock */
  3.1208 + 	for (;;) {
  3.1209 +@@ -181,10 +181,12 @@
  3.1210 +  */
  3.1211 + int fastcall __down_read_trylock(struct rw_semaphore *sem)
  3.1212 + {
  3.1213 ++	unsigned long flags;
  3.1214 + 	int ret = 0;
  3.1215 ++
  3.1216 + 	rwsemtrace(sem, "Entering __down_read_trylock");
  3.1217 + 
  3.1218 +-	spin_lock(&sem->wait_lock);
  3.1219 ++	spin_lock_irqsave(&sem->wait_lock, flags);
  3.1220 + 
  3.1221 + 	if (sem->activity >= 0 && list_empty(&sem->wait_list)) {
  3.1222 + 		/* granted */
  3.1223 +@@ -192,7 +194,7 @@
  3.1224 + 		ret = 1;
  3.1225 + 	}
  3.1226 + 
  3.1227 +-	spin_unlock(&sem->wait_lock);
  3.1228 ++	spin_unlock_irqrestore(&sem->wait_lock, flags);
  3.1229 + 
  3.1230 + 	rwsemtrace(sem, "Leaving __down_read_trylock");
  3.1231 + 	return ret;
  3.1232 +@@ -209,12 +211,12 @@
  3.1233 + 
  3.1234 + 	rwsemtrace(sem, "Entering __down_write");
  3.1235 + 
  3.1236 +-	spin_lock(&sem->wait_lock);
  3.1237 ++	spin_lock_irq(&sem->wait_lock);
  3.1238 + 
  3.1239 + 	if (sem->activity == 0 && list_empty(&sem->wait_list)) {
  3.1240 + 		/* granted */
  3.1241 + 		sem->activity = -1;
  3.1242 +-		spin_unlock(&sem->wait_lock);
  3.1243 ++		spin_unlock_irq(&sem->wait_lock);
  3.1244 + 		goto out;
  3.1245 + 	}
  3.1246 + 
  3.1247 +@@ -229,7 +231,7 @@
  3.1248 + 	list_add_tail(&waiter.list, &sem->wait_list);
  3.1249 + 
  3.1250 + 	/* we don't need to touch the semaphore struct anymore */
  3.1251 +-	spin_unlock(&sem->wait_lock);
  3.1252 ++	spin_unlock_irq(&sem->wait_lock);
  3.1253 + 
  3.1254 + 	/* wait to be given the lock */
  3.1255 + 	for (;;) {
  3.1256 +@@ -250,10 +252,12 @@
  3.1257 +  */
  3.1258 + int fastcall __down_write_trylock(struct rw_semaphore *sem)
  3.1259 + {
  3.1260 ++	unsigned long flags;
  3.1261 + 	int ret = 0;
  3.1262 ++
  3.1263 + 	rwsemtrace(sem, "Entering __down_write_trylock");
  3.1264 + 
  3.1265 +-	spin_lock(&sem->wait_lock);
  3.1266 ++	spin_lock_irqsave(&sem->wait_lock, flags);
  3.1267 + 
  3.1268 + 	if (sem->activity == 0 && list_empty(&sem->wait_list)) {
  3.1269 + 		/* granted */
  3.1270 +@@ -261,7 +265,7 @@
  3.1271 + 		ret = 1;
  3.1272 + 	}
  3.1273 + 
  3.1274 +-	spin_unlock(&sem->wait_lock);
  3.1275 ++	spin_unlock_irqrestore(&sem->wait_lock, flags);
  3.1276 + 
  3.1277 + 	rwsemtrace(sem, "Leaving __down_write_trylock");
  3.1278 + 	return ret;
  3.1279 +@@ -272,14 +276,16 @@
  3.1280 +  */
  3.1281 + void fastcall __up_read(struct rw_semaphore *sem)
  3.1282 + {
  3.1283 ++	unsigned long flags;
  3.1284 ++
  3.1285 + 	rwsemtrace(sem, "Entering __up_read");
  3.1286 + 
  3.1287 +-	spin_lock(&sem->wait_lock);
  3.1288 ++	spin_lock_irqsave(&sem->wait_lock, flags);
  3.1289 + 
  3.1290 + 	if (--sem->activity == 0 && !list_empty(&sem->wait_list))
  3.1291 + 		sem = __rwsem_wake_one_writer(sem);
  3.1292 + 
  3.1293 +-	spin_unlock(&sem->wait_lock);
  3.1294 ++	spin_unlock_irqrestore(&sem->wait_lock, flags);
  3.1295 + 
  3.1296 + 	rwsemtrace(sem, "Leaving __up_read");
  3.1297 + }
  3.1298 +@@ -289,15 +295,17 @@
  3.1299 +  */
  3.1300 + void fastcall __up_write(struct rw_semaphore *sem)
  3.1301 + {
  3.1302 ++	unsigned long flags;
  3.1303 ++
  3.1304 + 	rwsemtrace(sem, "Entering __up_write");
  3.1305 + 
  3.1306 +-	spin_lock(&sem->wait_lock);
  3.1307 ++	spin_lock_irqsave(&sem->wait_lock, flags);
  3.1308 + 
  3.1309 + 	sem->activity = 0;
  3.1310 + 	if (!list_empty(&sem->wait_list))
  3.1311 + 		sem = __rwsem_do_wake(sem, 1);
  3.1312 + 
  3.1313 +-	spin_unlock(&sem->wait_lock);
  3.1314 ++	spin_unlock_irqrestore(&sem->wait_lock, flags);
  3.1315 + 
  3.1316 + 	rwsemtrace(sem, "Leaving __up_write");
  3.1317 + }
  3.1318 +@@ -308,15 +316,17 @@
  3.1319 +  */
  3.1320 + void fastcall __downgrade_write(struct rw_semaphore *sem)
  3.1321 + {
  3.1322 ++	unsigned long flags;
  3.1323 ++
  3.1324 + 	rwsemtrace(sem, "Entering __downgrade_write");
  3.1325 + 
  3.1326 +-	spin_lock(&sem->wait_lock);
  3.1327 ++	spin_lock_irqsave(&sem->wait_lock, flags);
  3.1328 + 
  3.1329 + 	sem->activity = 1;
  3.1330 + 	if (!list_empty(&sem->wait_list))
  3.1331 + 		sem = __rwsem_do_wake(sem, 0);
  3.1332 + 
  3.1333 +-	spin_unlock(&sem->wait_lock);
  3.1334 ++	spin_unlock_irqrestore(&sem->wait_lock, flags);
  3.1335 + 
  3.1336 + 	rwsemtrace(sem, "Leaving __downgrade_write");
  3.1337 + }
  3.1338 +diff -Nru a/lib/rwsem.c b/lib/rwsem.c
  3.1339 +--- a/lib/rwsem.c	2005-05-11 15:43:53 -07:00
  3.1340 ++++ b/lib/rwsem.c	2005-05-11 15:43:53 -07:00
  3.1341 +@@ -150,7 +150,7 @@
  3.1342 + 	set_task_state(tsk, TASK_UNINTERRUPTIBLE);
  3.1343 + 
  3.1344 + 	/* set up my own style of waitqueue */
  3.1345 +-	spin_lock(&sem->wait_lock);
  3.1346 ++	spin_lock_irq(&sem->wait_lock);
  3.1347 + 	waiter->task = tsk;
  3.1348 + 	get_task_struct(tsk);
  3.1349 + 
  3.1350 +@@ -163,7 +163,7 @@
  3.1351 + 	if (!(count & RWSEM_ACTIVE_MASK))
  3.1352 + 		sem = __rwsem_do_wake(sem, 0);
  3.1353 + 
  3.1354 +-	spin_unlock(&sem->wait_lock);
  3.1355 ++	spin_unlock_irq(&sem->wait_lock);
  3.1356 + 
  3.1357 + 	/* wait to be given the lock */
  3.1358 + 	for (;;) {
  3.1359 +@@ -219,15 +219,17 @@
  3.1360 +  */
  3.1361 + struct rw_semaphore fastcall *rwsem_wake(struct rw_semaphore *sem)
  3.1362 + {
  3.1363 ++	unsigned long flags;
  3.1364 ++
  3.1365 + 	rwsemtrace(sem, "Entering rwsem_wake");
  3.1366 + 
  3.1367 +-	spin_lock(&sem->wait_lock);
  3.1368 ++	spin_lock_irqsave(&sem->wait_lock, flags);
  3.1369 + 
  3.1370 + 	/* do nothing if list empty */
  3.1371 + 	if (!list_empty(&sem->wait_list))
  3.1372 + 		sem = __rwsem_do_wake(sem, 0);
  3.1373 + 
  3.1374 +-	spin_unlock(&sem->wait_lock);
  3.1375 ++	spin_unlock_irqrestore(&sem->wait_lock, flags);
  3.1376 + 
  3.1377 + 	rwsemtrace(sem, "Leaving rwsem_wake");
  3.1378 + 
  3.1379 +@@ -241,15 +243,17 @@
  3.1380 +  */
  3.1381 + struct rw_semaphore fastcall *rwsem_downgrade_wake(struct rw_semaphore *sem)
  3.1382 + {
  3.1383 ++	unsigned long flags;
  3.1384 ++
  3.1385 + 	rwsemtrace(sem, "Entering rwsem_downgrade_wake");
  3.1386 + 
  3.1387 +-	spin_lock(&sem->wait_lock);
  3.1388 ++	spin_lock_irqsave(&sem->wait_lock, flags);
  3.1389 + 
  3.1390 + 	/* do nothing if list empty */
  3.1391 + 	if (!list_empty(&sem->wait_list))
  3.1392 + 		sem = __rwsem_do_wake(sem, 1);
  3.1393 + 
  3.1394 +-	spin_unlock(&sem->wait_lock);
  3.1395 ++	spin_unlock_irqrestore(&sem->wait_lock, flags);
  3.1396 + 
  3.1397 + 	rwsemtrace(sem, "Leaving rwsem_downgrade_wake");
  3.1398 + 	return sem;
  3.1399 +diff -Nru a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
  3.1400 +--- a/net/bluetooth/af_bluetooth.c	2005-05-11 15:43:53 -07:00
  3.1401 ++++ b/net/bluetooth/af_bluetooth.c	2005-05-11 15:43:53 -07:00
  3.1402 +@@ -64,7 +64,7 @@
  3.1403 + 
  3.1404 + int bt_sock_register(int proto, struct net_proto_family *ops)
  3.1405 + {
  3.1406 +-	if (proto >= BT_MAX_PROTO)
  3.1407 ++	if (proto < 0 || proto >= BT_MAX_PROTO)
  3.1408 + 		return -EINVAL;
  3.1409 + 
  3.1410 + 	if (bt_proto[proto])
  3.1411 +@@ -77,7 +77,7 @@
  3.1412 + 
  3.1413 + int bt_sock_unregister(int proto)
  3.1414 + {
  3.1415 +-	if (proto >= BT_MAX_PROTO)
  3.1416 ++	if (proto < 0 || proto >= BT_MAX_PROTO)
  3.1417 + 		return -EINVAL;
  3.1418 + 
  3.1419 + 	if (!bt_proto[proto])
  3.1420 +@@ -92,7 +92,7 @@
  3.1421 + {
  3.1422 + 	int err = 0;
  3.1423 + 
  3.1424 +-	if (proto >= BT_MAX_PROTO)
  3.1425 ++	if (proto < 0 || proto >= BT_MAX_PROTO)
  3.1426 + 		return -EINVAL;
  3.1427 + 
  3.1428 + #if defined(CONFIG_KMOD)
  3.1429 +diff -Nru a/net/ipv4/fib_hash.c b/net/ipv4/fib_hash.c
  3.1430 +--- a/net/ipv4/fib_hash.c	2005-05-11 15:43:53 -07:00
  3.1431 ++++ b/net/ipv4/fib_hash.c	2005-05-11 15:43:53 -07:00
  3.1432 +@@ -919,13 +919,23 @@
  3.1433 + 	return fa;
  3.1434 + }
  3.1435 + 
  3.1436 ++static struct fib_alias *fib_get_idx(struct seq_file *seq, loff_t pos)
  3.1437 ++{
  3.1438 ++	struct fib_alias *fa = fib_get_first(seq);
  3.1439 ++
  3.1440 ++	if (fa)
  3.1441 ++		while (pos && (fa = fib_get_next(seq)))
  3.1442 ++			--pos;
  3.1443 ++	return pos ? NULL : fa;
  3.1444 ++}
  3.1445 ++
  3.1446 + static void *fib_seq_start(struct seq_file *seq, loff_t *pos)
  3.1447 + {
  3.1448 + 	void *v = NULL;
  3.1449 + 
  3.1450 + 	read_lock(&fib_hash_lock);
  3.1451 + 	if (ip_fib_main_table)
  3.1452 +-		v = *pos ? fib_get_next(seq) : SEQ_START_TOKEN;
  3.1453 ++		v = *pos ? fib_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
  3.1454 + 	return v;
  3.1455 + }
  3.1456 + 
  3.1457 +diff -Nru a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
  3.1458 +--- a/net/ipv4/tcp_input.c	2005-05-11 15:43:53 -07:00
  3.1459 ++++ b/net/ipv4/tcp_input.c	2005-05-11 15:43:53 -07:00
  3.1460 +@@ -1653,7 +1653,10 @@
  3.1461 + static void tcp_undo_cwr(struct tcp_sock *tp, int undo)
  3.1462 + {
  3.1463 + 	if (tp->prior_ssthresh) {
  3.1464 +-		tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1);
  3.1465 ++		if (tcp_is_bic(tp))
  3.1466 ++			tp->snd_cwnd = max(tp->snd_cwnd, tp->bictcp.last_max_cwnd);
  3.1467 ++		else
  3.1468 ++			tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1);
  3.1469 + 
  3.1470 + 		if (undo && tp->prior_ssthresh > tp->snd_ssthresh) {
  3.1471 + 			tp->snd_ssthresh = tp->prior_ssthresh;
  3.1472 +diff -Nru a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
  3.1473 +--- a/net/ipv4/tcp_timer.c	2005-05-11 15:43:53 -07:00
  3.1474 ++++ b/net/ipv4/tcp_timer.c	2005-05-11 15:43:53 -07:00
  3.1475 +@@ -38,6 +38,7 @@
  3.1476 + 
  3.1477 + #ifdef TCP_DEBUG
  3.1478 + const char tcp_timer_bug_msg[] = KERN_DEBUG "tcpbug: unknown timer value\n";
  3.1479 ++EXPORT_SYMBOL(tcp_timer_bug_msg);
  3.1480 + #endif
  3.1481 + 
  3.1482 + /*
  3.1483 +diff -Nru a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
  3.1484 +--- a/net/ipv4/xfrm4_output.c	2005-05-11 15:43:53 -07:00
  3.1485 ++++ b/net/ipv4/xfrm4_output.c	2005-05-11 15:43:53 -07:00
  3.1486 +@@ -103,16 +103,16 @@
  3.1487 + 			goto error_nolock;
  3.1488 + 	}
  3.1489 + 
  3.1490 +-	spin_lock_bh(&x->lock);
  3.1491 +-	err = xfrm_state_check(x, skb);
  3.1492 +-	if (err)
  3.1493 +-		goto error;
  3.1494 +-
  3.1495 + 	if (x->props.mode) {
  3.1496 + 		err = xfrm4_tunnel_check_size(skb);
  3.1497 + 		if (err)
  3.1498 +-			goto error;
  3.1499 ++			goto error_nolock;
  3.1500 + 	}
  3.1501 ++
  3.1502 ++	spin_lock_bh(&x->lock);
  3.1503 ++	err = xfrm_state_check(x, skb);
  3.1504 ++	if (err)
  3.1505 ++		goto error;
  3.1506 + 
  3.1507 + 	xfrm4_encap(skb);
  3.1508 + 
  3.1509 +diff -Nru a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
  3.1510 +--- a/net/ipv6/xfrm6_output.c	2005-05-11 15:43:53 -07:00
  3.1511 ++++ b/net/ipv6/xfrm6_output.c	2005-05-11 15:43:53 -07:00
  3.1512 +@@ -103,16 +103,16 @@
  3.1513 + 			goto error_nolock;
  3.1514 + 	}
  3.1515 + 
  3.1516 +-	spin_lock_bh(&x->lock);
  3.1517 +-	err = xfrm_state_check(x, skb);
  3.1518 +-	if (err)
  3.1519 +-		goto error;
  3.1520 +-
  3.1521 + 	if (x->props.mode) {
  3.1522 + 		err = xfrm6_tunnel_check_size(skb);
  3.1523 + 		if (err)
  3.1524 +-			goto error;
  3.1525 ++			goto error_nolock;
  3.1526 + 	}
  3.1527 ++
  3.1528 ++	spin_lock_bh(&x->lock);
  3.1529 ++	err = xfrm_state_check(x, skb);
  3.1530 ++	if (err)
  3.1531 ++		goto error;
  3.1532 + 
  3.1533 + 	xfrm6_encap(skb);
  3.1534 + 
  3.1535 +diff -Nru a/net/netrom/nr_in.c b/net/netrom/nr_in.c
  3.1536 +--- a/net/netrom/nr_in.c	2005-05-11 15:43:53 -07:00
  3.1537 ++++ b/net/netrom/nr_in.c	2005-05-11 15:43:53 -07:00
  3.1538 +@@ -74,7 +74,6 @@
  3.1539 + static int nr_state1_machine(struct sock *sk, struct sk_buff *skb,
  3.1540 + 	int frametype)
  3.1541 + {
  3.1542 +-	bh_lock_sock(sk);
  3.1543 + 	switch (frametype) {
  3.1544 + 	case NR_CONNACK: {
  3.1545 + 		nr_cb *nr = nr_sk(sk);
  3.1546 +@@ -103,8 +102,6 @@
  3.1547 + 	default:
  3.1548 + 		break;
  3.1549 + 	}
  3.1550 +-	bh_unlock_sock(sk);
  3.1551 +-
  3.1552 + 	return 0;
  3.1553 + }
  3.1554 + 
  3.1555 +@@ -116,7 +113,6 @@
  3.1556 + static int nr_state2_machine(struct sock *sk, struct sk_buff *skb,
  3.1557 + 	int frametype)
  3.1558 + {
  3.1559 +-	bh_lock_sock(sk);
  3.1560 + 	switch (frametype) {
  3.1561 + 	case NR_CONNACK | NR_CHOKE_FLAG:
  3.1562 + 		nr_disconnect(sk, ECONNRESET);
  3.1563 +@@ -132,8 +128,6 @@
  3.1564 + 	default:
  3.1565 + 		break;
  3.1566 + 	}
  3.1567 +-	bh_unlock_sock(sk);
  3.1568 +-
  3.1569 + 	return 0;
  3.1570 + }
  3.1571 + 
  3.1572 +@@ -154,7 +148,6 @@
  3.1573 + 	nr = skb->data[18];
  3.1574 + 	ns = skb->data[17];
  3.1575 + 
  3.1576 +-	bh_lock_sock(sk);
  3.1577 + 	switch (frametype) {
  3.1578 + 	case NR_CONNREQ:
  3.1579 + 		nr_write_internal(sk, NR_CONNACK);
  3.1580 +@@ -265,8 +258,6 @@
  3.1581 + 	default:
  3.1582 + 		break;
  3.1583 + 	}
  3.1584 +-	bh_unlock_sock(sk);
  3.1585 +-
  3.1586 + 	return queued;
  3.1587 + }
  3.1588 + 
  3.1589 +diff -Nru a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
  3.1590 +--- a/net/xfrm/xfrm_state.c	2005-05-11 15:43:53 -07:00
  3.1591 ++++ b/net/xfrm/xfrm_state.c	2005-05-11 15:43:53 -07:00
  3.1592 +@@ -609,7 +609,7 @@
  3.1593 + 
  3.1594 + 	for (i = 0; i < XFRM_DST_HSIZE; i++) {
  3.1595 + 		list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
  3.1596 +-			if (x->km.seq == seq) {
  3.1597 ++			if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) {
  3.1598 + 				xfrm_state_hold(x);
  3.1599 + 				return x;
  3.1600 + 			}
  3.1601 +diff -Nru a/security/keys/key.c b/security/keys/key.c
  3.1602 +--- a/security/keys/key.c	2005-05-11 15:43:53 -07:00
  3.1603 ++++ b/security/keys/key.c	2005-05-11 15:43:53 -07:00
  3.1604 +@@ -57,9 +57,10 @@
  3.1605 + {
  3.1606 + 	struct key_user *candidate = NULL, *user;
  3.1607 + 	struct rb_node *parent = NULL;
  3.1608 +-	struct rb_node **p = &key_user_tree.rb_node;
  3.1609 ++	struct rb_node **p;
  3.1610 + 
  3.1611 +  try_again:
  3.1612 ++	p = &key_user_tree.rb_node;
  3.1613 + 	spin_lock(&key_user_lock);
  3.1614 + 
  3.1615 + 	/* search the tree for a user record with a matching UID */
  3.1616 +diff -Nru a/sound/core/timer.c b/sound/core/timer.c
  3.1617 +--- a/sound/core/timer.c	2005-05-11 15:43:53 -07:00
  3.1618 ++++ b/sound/core/timer.c	2005-05-11 15:43:53 -07:00
  3.1619 +@@ -1117,7 +1117,8 @@
  3.1620 + 	if (tu->qused >= tu->queue_size) {
  3.1621 + 		tu->overrun++;
  3.1622 + 	} else {
  3.1623 +-		memcpy(&tu->queue[tu->qtail++], tread, sizeof(*tread));
  3.1624 ++		memcpy(&tu->tqueue[tu->qtail++], tread, sizeof(*tread));
  3.1625 ++		tu->qtail %= tu->queue_size;
  3.1626 + 		tu->qused++;
  3.1627 + 	}
  3.1628 + }
  3.1629 +@@ -1140,6 +1141,8 @@
  3.1630 + 	spin_lock(&tu->qlock);
  3.1631 + 	snd_timer_user_append_to_tqueue(tu, &r1);
  3.1632 + 	spin_unlock(&tu->qlock);
  3.1633 ++	kill_fasync(&tu->fasync, SIGIO, POLL_IN);
  3.1634 ++	wake_up(&tu->qchange_sleep);
  3.1635 + }
  3.1636 + 
  3.1637 + static void snd_timer_user_tinterrupt(snd_timer_instance_t *timeri,
  3.1638 +diff -Nru a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c
  3.1639 +--- a/sound/pci/ac97/ac97_codec.c	2005-05-11 15:43:53 -07:00
  3.1640 ++++ b/sound/pci/ac97/ac97_codec.c	2005-05-11 15:43:53 -07:00
  3.1641 +@@ -1185,7 +1185,7 @@
  3.1642 + /*
  3.1643 +  * create mute switch(es) for normal stereo controls
  3.1644 +  */
  3.1645 +-static int snd_ac97_cmute_new(snd_card_t *card, char *name, int reg, ac97_t *ac97)
  3.1646 ++static int snd_ac97_cmute_new_stereo(snd_card_t *card, char *name, int reg, int check_stereo, ac97_t *ac97)
  3.1647 + {
  3.1648 + 	snd_kcontrol_t *kctl;
  3.1649 + 	int err;
  3.1650 +@@ -1196,7 +1196,7 @@
  3.1651 + 
  3.1652 + 	mute_mask = 0x8000;
  3.1653 + 	val = snd_ac97_read(ac97, reg);
  3.1654 +-	if (ac97->flags & AC97_STEREO_MUTES) {
  3.1655 ++	if (check_stereo || (ac97->flags & AC97_STEREO_MUTES)) {
  3.1656 + 		/* check whether both mute bits work */
  3.1657 + 		val1 = val | 0x8080;
  3.1658 + 		snd_ac97_write(ac97, reg, val1);
  3.1659 +@@ -1254,7 +1254,7 @@
  3.1660 + /*
  3.1661 +  * create a mute-switch and a volume for normal stereo/mono controls
  3.1662 +  */
  3.1663 +-static int snd_ac97_cmix_new(snd_card_t *card, const char *pfx, int reg, ac97_t *ac97)
  3.1664 ++static int snd_ac97_cmix_new_stereo(snd_card_t *card, const char *pfx, int reg, int check_stereo, ac97_t *ac97)
  3.1665 + {
  3.1666 + 	int err;
  3.1667 + 	char name[44];
  3.1668 +@@ -1265,7 +1265,7 @@
  3.1669 + 
  3.1670 + 	if (snd_ac97_try_bit(ac97, reg, 15)) {
  3.1671 + 		sprintf(name, "%s Switch", pfx);
  3.1672 +-		if ((err = snd_ac97_cmute_new(card, name, reg, ac97)) < 0)
  3.1673 ++		if ((err = snd_ac97_cmute_new_stereo(card, name, reg, check_stereo, ac97)) < 0)
  3.1674 + 			return err;
  3.1675 + 	}
  3.1676 + 	check_volume_resolution(ac97, reg, &lo_max, &hi_max);
  3.1677 +@@ -1277,6 +1277,8 @@
  3.1678 + 	return 0;
  3.1679 + }
  3.1680 + 
  3.1681 ++#define snd_ac97_cmix_new(card, pfx, reg, ac97)	snd_ac97_cmix_new_stereo(card, pfx, reg, 0, ac97)
  3.1682 ++#define snd_ac97_cmute_new(card, name, reg, ac97)	snd_ac97_cmute_new_stereo(card, name, reg, 0, ac97)
  3.1683 + 
  3.1684 + static unsigned int snd_ac97_determine_spdif_rates(ac97_t *ac97);
  3.1685 + 
  3.1686 +@@ -1327,7 +1329,8 @@
  3.1687 + 
  3.1688 + 	/* build surround controls */
  3.1689 + 	if (snd_ac97_try_volume_mix(ac97, AC97_SURROUND_MASTER)) {
  3.1690 +-		if ((err = snd_ac97_cmix_new(card, "Surround Playback", AC97_SURROUND_MASTER, ac97)) < 0)
  3.1691 ++		/* Surround Master (0x38) is with stereo mutes */
  3.1692 ++		if ((err = snd_ac97_cmix_new_stereo(card, "Surround Playback", AC97_SURROUND_MASTER, 1, ac97)) < 0)
  3.1693 + 			return err;
  3.1694 + 	}
  3.1695 +