debuggers.hg
changeset 4967:2c0bcfd2a1fc
bitkeeper revision 1.1414 (428877c4Kn3AfJCu8rQfgt-njOlK7w)
Merge firebug.cl.cam.ac.uk:/auto/groups/xeno-xenod/BK/xen-unstable.bk
into firebug.cl.cam.ac.uk:/local/scratch/cl349/xen-unstable.bk
Merge firebug.cl.cam.ac.uk:/auto/groups/xeno-xenod/BK/xen-unstable.bk
into firebug.cl.cam.ac.uk:/local/scratch/cl349/xen-unstable.bk
| author | cl349@firebug.cl.cam.ac.uk |
|---|---|
| date | Mon May 16 10:36:52 2005 +0000 (2005-05-16) |
| parents | 8e3f809f3616 522cd960f6ce |
| children | c02d87b68355 a90b8526b255 |
| files | .rootkeys linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/early_printk.c patches/linux-2.6.11/linux-2.6.11.8.patch patches/linux-2.6.11/linux-2.6.11.9.patch |
line diff
1.1 --- a/.rootkeys Mon May 16 09:49:48 2005 +0000 1.2 +++ b/.rootkeys Mon May 16 10:36:52 2005 +0000 1.3 @@ -274,7 +274,7 @@ 424efaa6kKleWe45IrqsG8gkejgEQA linux-2.6 1.4 424efaa6HSyuVodl6SxFGj39vlp6MA linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/Makefile 1.5 424efaa7bVAw3Z_q0SdFivfNVavyIg linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/asm-offsets.c 1.6 424efaa7ddTVabh547Opf0u9vKmUXw linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/e820.c 1.7 -424efaa72fQEHYQ-Sp2IW9X2xTA5zQ linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/early_printk.c 1.8 +428868bbQust_FkSdkerMqYBWfrVKg linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/early_printk.c 1.9 424efaa7B_BWrAkLPJNoKk4EQY2a7w linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/entry.S 1.10 424efaa7vhgi7th5QVICjfuHmEWOkw linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/head.S 1.11 424efaa7tiMEZSAYepwyjaNWxyXF7Q linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/head64.c 1.12 @@ -469,7 +469,7 @@ 413cb3b53nyOv1OIeDSsCXhBFDXvJA netbsd-2. 1.13 413aa1d0oNP8HXLvfPuMe6cSroUfSA patches/linux-2.6.11/agpgart.patch 1.14 427261074Iy1MkbbqIV6zdZDWWx_Jg patches/linux-2.6.11/i386-cpu-hotplug-updated-for-mm.patch 1.15 42372652KCUP-IOH9RN19YQmGhs4aA patches/linux-2.6.11/iomap.patch 1.16 -428359d4b3fDYtazwXi4UUmSWaOUew patches/linux-2.6.11/linux-2.6.11.8.patch 1.17 +428359d4b3fDYtazwXi4UUmSWaOUew patches/linux-2.6.11/linux-2.6.11.9.patch 1.18 424f001e_M1Tnxc52rDrmCLelnDWMQ patches/linux-2.6.11/x86_64-linux.patch 1.19 3f776bd1Hy9rn69ntXBhPReUFw9IEA tools/Makefile 1.20 40e1b09db5mN69Ijj0X_Eol-S7dXiw tools/Rules.mk
2.1 --- a/linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/early_printk.c Mon May 16 09:49:48 2005 +0000 2.2 +++ b/linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/early_printk.c Mon May 16 10:36:52 2005 +0000 2.3 @@ -1,3 +1,4 @@ 2.4 +#include <linux/config.h> 2.5 #include <linux/console.h> 2.6 #include <linux/kernel.h> 2.7 #include <linux/init.h> 2.8 @@ -16,7 +17,6 @@ 2.9 #define MAX_YPOS 25 2.10 #define MAX_XPOS 80 2.11 2.12 -#if 0 2.13 static int current_ypos = 1, current_xpos = 0; 2.14 2.15 static void early_vga_write(struct console *con, const char *str, unsigned n) 2.16 @@ -58,8 +58,8 @@ static struct console early_vga_console 2.17 .flags = CON_PRINTBUFFER, 2.18 .index = -1, 2.19 }; 2.20 -#endif 2.21 2.22 +#ifndef CONFIG_XEN 2.23 /* Serial functions loosely based on a similar package from Klaus P. Gerlicher */ 2.24 2.25 int early_serial_base = 0x3f8; /* ttyS0 */ 2.26 @@ -80,7 +80,6 @@ int early_serial_base = 0x3f8; /* ttyS0 2.27 #define DLL 0 /* Divisor Latch Low */ 2.28 #define DLH 1 /* Divisor latch High */ 2.29 2.30 -#if 0 2.31 static int early_serial_putc(unsigned char ch) 2.32 { 2.33 unsigned timeout = 0xffff; 2.34 @@ -99,11 +98,9 @@ static void early_serial_write(struct co 2.35 s++; 2.36 } 2.37 } 2.38 -#endif 2.39 2.40 #define DEFAULT_BAUD 9600 2.41 2.42 -#if 0 2.43 static __init void early_serial_init(char *s) 2.44 { 2.45 unsigned char c; 2.46 @@ -151,6 +148,26 @@ static __init void early_serial_init(cha 2.47 outb((divisor >> 8) & 0xff, early_serial_base + DLH); 2.48 outb(c & ~DLAB, early_serial_base + LCR); 2.49 } 2.50 +#else 2.51 + 2.52 +static void 2.53 +early_serial_write(struct console *con, const char *s, unsigned count) 2.54 +{ 2.55 + int n; 2.56 + 2.57 + while (count > 0) { 2.58 + n = HYPERVISOR_console_io(CONSOLEIO_write, count, (char *)s); 2.59 + if (n <= 0) 2.60 + break; 2.61 + count -= n; 2.62 + s += n; 2.63 + } 2.64 +} 2.65 + 2.66 +static __init void early_serial_init(char *s) 2.67 +{ 2.68 +} 2.69 +#endif 2.70 2.71 static struct console early_serial_console = { 2.72 .name = "earlyser", 2.73 @@ -158,23 +175,9 @@ static struct console early_serial_conso 2.74 .flags = CON_PRINTBUFFER, 2.75 .index = -1, 2.76 }; 2.77 -#endif 2.78 - 2.79 -static void xen_console_write(struct console *con, const char *s, unsigned n) 2.80 -{ 2.81 - HYPERVISOR_console_io(CONSOLEIO_write, n, (char *) s); 2.82 -} 2.83 - 2.84 -static struct console xen_console = { 2.85 - .name = "xen", 2.86 - .write = xen_console_write, 2.87 - .flags = CON_PRINTBUFFER, 2.88 - .index = -1, 2.89 -}; 2.90 2.91 /* Direct interface for emergencies */ 2.92 -struct console *early_console = &xen_console; 2.93 -/* struct console *early_console = &early_vga_console; */ 2.94 +struct console *early_console = &early_vga_console; 2.95 static int early_console_initialized = 0; 2.96 2.97 void early_printk(const char *fmt, ...) 2.98 @@ -193,9 +196,9 @@ static int keep_early; 2.99 2.100 int __init setup_early_printk(char *opt) 2.101 { 2.102 + char *space; 2.103 + char buf[256]; 2.104 2.105 - early_console = &xen_console; 2.106 -#if 0 2.107 if (early_console_initialized) 2.108 return -1; 2.109 2.110 @@ -218,7 +221,6 @@ int __init setup_early_printk(char *opt) 2.111 } else if (!strncmp(buf, "vga", 3)) { 2.112 early_console = &early_vga_console; 2.113 } 2.114 -#endif 2.115 early_console_initialized = 1; 2.116 register_console(early_console); 2.117 return 0;
3.1 --- a/patches/linux-2.6.11/linux-2.6.11.8.patch Mon May 16 09:49:48 2005 +0000 3.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 3.3 @@ -1,1613 +0,0 @@ 3.4 -diff -Nru a/Makefile b/Makefile 3.5 ---- a/Makefile 2005-04-29 18:34:28 -07:00 3.6 -+++ b/Makefile 2005-04-29 18:34:28 -07:00 3.7 -@@ -1,8 +1,8 @@ 3.8 - VERSION = 2 3.9 - PATCHLEVEL = 6 3.10 - SUBLEVEL = 11 3.11 --EXTRAVERSION = 3.12 --NAME=Woozy Numbat 3.13 -+EXTRAVERSION = .8 3.14 -+NAME=Woozy Beaver 3.15 - 3.16 - # *DOCUMENTATION* 3.17 - # To see a list of typical targets execute "make help" 3.18 -diff -Nru a/arch/ia64/kernel/fsys.S b/arch/ia64/kernel/fsys.S 3.19 ---- a/arch/ia64/kernel/fsys.S 2005-04-29 18:34:28 -07:00 3.20 -+++ b/arch/ia64/kernel/fsys.S 2005-04-29 18:34:28 -07:00 3.21 -@@ -611,8 +611,10 @@ 3.22 - movl r2=ia64_ret_from_syscall 3.23 - ;; 3.24 - mov rp=r2 // set the real return addr 3.25 -- tbit.z p8,p0=r3,TIF_SYSCALL_TRACE 3.26 -+ and r3=_TIF_SYSCALL_TRACEAUDIT,r3 3.27 - ;; 3.28 -+ cmp.eq p8,p0=r3,r0 3.29 -+ 3.30 - (p10) br.cond.spnt.many ia64_ret_from_syscall // p10==true means out registers are more than 8 3.31 - (p8) br.call.sptk.many b6=b6 // ignore this return addr 3.32 - br.cond.sptk ia64_trace_syscall 3.33 -diff -Nru a/arch/ia64/kernel/signal.c b/arch/ia64/kernel/signal.c 3.34 ---- a/arch/ia64/kernel/signal.c 2005-04-29 18:34:28 -07:00 3.35 -+++ b/arch/ia64/kernel/signal.c 2005-04-29 18:34:28 -07:00 3.36 -@@ -224,7 +224,8 @@ 3.37 - * could be corrupted. 3.38 - */ 3.39 - retval = (long) &ia64_leave_kernel; 3.40 -- if (test_thread_flag(TIF_SYSCALL_TRACE)) 3.41 -+ if (test_thread_flag(TIF_SYSCALL_TRACE) 3.42 -+ || test_thread_flag(TIF_SYSCALL_AUDIT)) 3.43 - /* 3.44 - * strace expects to be notified after sigreturn returns even though the 3.45 - * context to which we return may not be in the middle of a syscall. 3.46 -diff -Nru a/arch/ppc/oprofile/op_model_fsl_booke.c b/arch/ppc/oprofile/op_model_fsl_booke.c 3.47 ---- a/arch/ppc/oprofile/op_model_fsl_booke.c 2005-04-29 18:34:28 -07:00 3.48 -+++ b/arch/ppc/oprofile/op_model_fsl_booke.c 2005-04-29 18:34:28 -07:00 3.49 -@@ -150,7 +150,6 @@ 3.50 - int is_kernel; 3.51 - int val; 3.52 - int i; 3.53 -- unsigned int cpu = smp_processor_id(); 3.54 - 3.55 - /* set the PMM bit (see comment below) */ 3.56 - mtmsr(mfmsr() | MSR_PMM); 3.57 -@@ -162,7 +161,7 @@ 3.58 - val = ctr_read(i); 3.59 - if (val < 0) { 3.60 - if (oprofile_running && ctr[i].enabled) { 3.61 -- oprofile_add_sample(pc, is_kernel, i, cpu); 3.62 -+ oprofile_add_pc(pc, is_kernel, i); 3.63 - ctr_write(i, reset_value[i]); 3.64 - } else { 3.65 - ctr_write(i, 0); 3.66 -diff -Nru a/arch/ppc/platforms/4xx/ebony.h b/arch/ppc/platforms/4xx/ebony.h 3.67 ---- a/arch/ppc/platforms/4xx/ebony.h 2005-04-29 18:34:28 -07:00 3.68 -+++ b/arch/ppc/platforms/4xx/ebony.h 2005-04-29 18:34:28 -07:00 3.69 -@@ -61,8 +61,8 @@ 3.70 - */ 3.71 - 3.72 - /* OpenBIOS defined UART mappings, used before early_serial_setup */ 3.73 --#define UART0_IO_BASE (u8 *) 0xE0000200 3.74 --#define UART1_IO_BASE (u8 *) 0xE0000300 3.75 -+#define UART0_IO_BASE 0xE0000200 3.76 -+#define UART1_IO_BASE 0xE0000300 3.77 - 3.78 - /* external Epson SG-615P */ 3.79 - #define BASE_BAUD 691200 3.80 -diff -Nru a/arch/ppc/platforms/4xx/luan.h b/arch/ppc/platforms/4xx/luan.h 3.81 ---- a/arch/ppc/platforms/4xx/luan.h 2005-04-29 18:34:28 -07:00 3.82 -+++ b/arch/ppc/platforms/4xx/luan.h 2005-04-29 18:34:28 -07:00 3.83 -@@ -47,9 +47,9 @@ 3.84 - #define RS_TABLE_SIZE 3 3.85 - 3.86 - /* PIBS defined UART mappings, used before early_serial_setup */ 3.87 --#define UART0_IO_BASE (u8 *) 0xa0000200 3.88 --#define UART1_IO_BASE (u8 *) 0xa0000300 3.89 --#define UART2_IO_BASE (u8 *) 0xa0000600 3.90 -+#define UART0_IO_BASE 0xa0000200 3.91 -+#define UART1_IO_BASE 0xa0000300 3.92 -+#define UART2_IO_BASE 0xa0000600 3.93 - 3.94 - #define BASE_BAUD 11059200 3.95 - #define STD_UART_OP(num) \ 3.96 -diff -Nru a/arch/ppc/platforms/4xx/ocotea.h b/arch/ppc/platforms/4xx/ocotea.h 3.97 ---- a/arch/ppc/platforms/4xx/ocotea.h 2005-04-29 18:34:28 -07:00 3.98 -+++ b/arch/ppc/platforms/4xx/ocotea.h 2005-04-29 18:34:28 -07:00 3.99 -@@ -56,8 +56,8 @@ 3.100 - #define RS_TABLE_SIZE 2 3.101 - 3.102 - /* OpenBIOS defined UART mappings, used before early_serial_setup */ 3.103 --#define UART0_IO_BASE (u8 *) 0xE0000200 3.104 --#define UART1_IO_BASE (u8 *) 0xE0000300 3.105 -+#define UART0_IO_BASE 0xE0000200 3.106 -+#define UART1_IO_BASE 0xE0000300 3.107 - 3.108 - #define BASE_BAUD 11059200/16 3.109 - #define STD_UART_OP(num) \ 3.110 -diff -Nru a/arch/sparc/kernel/ptrace.c b/arch/sparc/kernel/ptrace.c 3.111 ---- a/arch/sparc/kernel/ptrace.c 2005-04-29 18:34:28 -07:00 3.112 -+++ b/arch/sparc/kernel/ptrace.c 2005-04-29 18:34:28 -07:00 3.113 -@@ -531,18 +531,6 @@ 3.114 - pt_error_return(regs, EIO); 3.115 - goto out_tsk; 3.116 - } 3.117 -- if (addr != 1) { 3.118 -- if (addr & 3) { 3.119 -- pt_error_return(regs, EINVAL); 3.120 -- goto out_tsk; 3.121 -- } 3.122 --#ifdef DEBUG_PTRACE 3.123 -- printk ("Original: %08lx %08lx\n", child->thread.kregs->pc, child->thread.kregs->npc); 3.124 -- printk ("Continuing with %08lx %08lx\n", addr, addr+4); 3.125 --#endif 3.126 -- child->thread.kregs->pc = addr; 3.127 -- child->thread.kregs->npc = addr + 4; 3.128 -- } 3.129 - 3.130 - if (request == PTRACE_SYSCALL) 3.131 - set_tsk_thread_flag(child, TIF_SYSCALL_TRACE); 3.132 -diff -Nru a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c 3.133 ---- a/arch/sparc64/kernel/ptrace.c 2005-04-29 18:34:28 -07:00 3.134 -+++ b/arch/sparc64/kernel/ptrace.c 2005-04-29 18:34:28 -07:00 3.135 -@@ -514,25 +514,6 @@ 3.136 - pt_error_return(regs, EIO); 3.137 - goto out_tsk; 3.138 - } 3.139 -- if (addr != 1) { 3.140 -- unsigned long pc_mask = ~0UL; 3.141 -- 3.142 -- if ((child->thread_info->flags & _TIF_32BIT) != 0) 3.143 -- pc_mask = 0xffffffff; 3.144 -- 3.145 -- if (addr & 3) { 3.146 -- pt_error_return(regs, EINVAL); 3.147 -- goto out_tsk; 3.148 -- } 3.149 --#ifdef DEBUG_PTRACE 3.150 -- printk ("Original: %016lx %016lx\n", 3.151 -- child->thread_info->kregs->tpc, 3.152 -- child->thread_info->kregs->tnpc); 3.153 -- printk ("Continuing with %016lx %016lx\n", addr, addr+4); 3.154 --#endif 3.155 -- child->thread_info->kregs->tpc = (addr & pc_mask); 3.156 -- child->thread_info->kregs->tnpc = ((addr + 4) & pc_mask); 3.157 -- } 3.158 - 3.159 - if (request == PTRACE_SYSCALL) { 3.160 - set_tsk_thread_flag(child, TIF_SYSCALL_TRACE); 3.161 -diff -Nru a/arch/sparc64/kernel/signal32.c b/arch/sparc64/kernel/signal32.c 3.162 ---- a/arch/sparc64/kernel/signal32.c 2005-04-29 18:34:28 -07:00 3.163 -+++ b/arch/sparc64/kernel/signal32.c 2005-04-29 18:34:28 -07:00 3.164 -@@ -192,9 +192,12 @@ 3.165 - err |= __put_user(from->si_uid, &to->si_uid); 3.166 - break; 3.167 - case __SI_FAULT >> 16: 3.168 -- case __SI_POLL >> 16: 3.169 - err |= __put_user(from->si_trapno, &to->si_trapno); 3.170 - err |= __put_user((unsigned long)from->si_addr, &to->si_addr); 3.171 -+ break; 3.172 -+ case __SI_POLL >> 16: 3.173 -+ err |= __put_user(from->si_band, &to->si_band); 3.174 -+ err |= __put_user(from->si_fd, &to->si_fd); 3.175 - break; 3.176 - case __SI_RT >> 16: /* This is not generated by the kernel as of now. */ 3.177 - case __SI_MESGQ >> 16: 3.178 -diff -Nru a/arch/sparc64/kernel/systbls.S b/arch/sparc64/kernel/systbls.S 3.179 ---- a/arch/sparc64/kernel/systbls.S 2005-04-29 18:34:27 -07:00 3.180 -+++ b/arch/sparc64/kernel/systbls.S 2005-04-29 18:34:27 -07:00 3.181 -@@ -75,7 +75,7 @@ 3.182 - /*260*/ .word compat_sys_sched_getaffinity, compat_sys_sched_setaffinity, sys32_timer_settime, compat_sys_timer_gettime, sys_timer_getoverrun 3.183 - .word sys_timer_delete, sys32_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy 3.184 - /*270*/ .word sys32_io_submit, sys_io_cancel, compat_sys_io_getevents, sys32_mq_open, sys_mq_unlink 3.185 -- .word sys_mq_timedsend, sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid 3.186 -+ .word compat_sys_mq_timedsend, compat_sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid 3.187 - /*280*/ .word sys_ni_syscall, sys_add_key, sys_request_key, sys_keyctl 3.188 - 3.189 - #endif /* CONFIG_COMPAT */ 3.190 -diff -Nru a/arch/um/include/sysdep-i386/syscalls.h b/arch/um/include/sysdep-i386/syscalls.h 3.191 ---- a/arch/um/include/sysdep-i386/syscalls.h 2005-04-29 18:34:27 -07:00 3.192 -+++ b/arch/um/include/sysdep-i386/syscalls.h 2005-04-29 18:34:27 -07:00 3.193 -@@ -23,6 +23,9 @@ 3.194 - unsigned long prot, unsigned long flags, 3.195 - unsigned long fd, unsigned long pgoff); 3.196 - 3.197 -+/* On i386 they choose a meaningless naming.*/ 3.198 -+#define __NR_kexec_load __NR_sys_kexec_load 3.199 -+ 3.200 - #define ARCH_SYSCALLS \ 3.201 - [ __NR_waitpid ] = (syscall_handler_t *) sys_waitpid, \ 3.202 - [ __NR_break ] = (syscall_handler_t *) sys_ni_syscall, \ 3.203 -@@ -101,15 +104,12 @@ 3.204 - [ 223 ] = (syscall_handler_t *) sys_ni_syscall, \ 3.205 - [ __NR_set_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \ 3.206 - [ __NR_get_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \ 3.207 -- [ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, \ 3.208 - [ 251 ] = (syscall_handler_t *) sys_ni_syscall, \ 3.209 -- [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, \ 3.210 -- [ __NR_utimes ] = (syscall_handler_t *) sys_utimes, \ 3.211 -- [ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall, 3.212 -- 3.213 -+ [ 285 ] = (syscall_handler_t *) sys_ni_syscall, 3.214 -+ 3.215 - /* 222 doesn't yet have a name in include/asm-i386/unistd.h */ 3.216 - 3.217 --#define LAST_ARCH_SYSCALL __NR_vserver 3.218 -+#define LAST_ARCH_SYSCALL 285 3.219 - 3.220 - /* 3.221 - * Overrides for Emacs so that we follow Linus's tabbing style. 3.222 -diff -Nru a/arch/um/include/sysdep-x86_64/syscalls.h b/arch/um/include/sysdep-x86_64/syscalls.h 3.223 ---- a/arch/um/include/sysdep-x86_64/syscalls.h 2005-04-29 18:34:28 -07:00 3.224 -+++ b/arch/um/include/sysdep-x86_64/syscalls.h 2005-04-29 18:34:28 -07:00 3.225 -@@ -71,12 +71,7 @@ 3.226 - [ __NR_iopl ] = (syscall_handler_t *) sys_ni_syscall, \ 3.227 - [ __NR_set_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \ 3.228 - [ __NR_get_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \ 3.229 -- [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, \ 3.230 - [ __NR_semtimedop ] = (syscall_handler_t *) sys_semtimedop, \ 3.231 -- [ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, \ 3.232 -- [ 223 ] = (syscall_handler_t *) sys_ni_syscall, \ 3.233 -- [ __NR_utimes ] = (syscall_handler_t *) sys_utimes, \ 3.234 -- [ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall, \ 3.235 - [ 251 ] = (syscall_handler_t *) sys_ni_syscall, 3.236 - 3.237 - #define LAST_ARCH_SYSCALL 251 3.238 -diff -Nru a/arch/um/kernel/skas/uaccess.c b/arch/um/kernel/skas/uaccess.c 3.239 ---- a/arch/um/kernel/skas/uaccess.c 2005-04-29 18:34:28 -07:00 3.240 -+++ b/arch/um/kernel/skas/uaccess.c 2005-04-29 18:34:28 -07:00 3.241 -@@ -61,7 +61,8 @@ 3.242 - void *arg; 3.243 - int *res; 3.244 - 3.245 -- va_copy(args, *(va_list *)arg_ptr); 3.246 -+ /* Some old gccs recognize __va_copy, but not va_copy */ 3.247 -+ __va_copy(args, *(va_list *)arg_ptr); 3.248 - addr = va_arg(args, unsigned long); 3.249 - len = va_arg(args, int); 3.250 - is_write = va_arg(args, int); 3.251 -diff -Nru a/arch/um/kernel/sys_call_table.c b/arch/um/kernel/sys_call_table.c 3.252 ---- a/arch/um/kernel/sys_call_table.c 2005-04-29 18:34:28 -07:00 3.253 -+++ b/arch/um/kernel/sys_call_table.c 2005-04-29 18:34:28 -07:00 3.254 -@@ -48,7 +48,6 @@ 3.255 - extern syscall_handler_t old_select; 3.256 - extern syscall_handler_t sys_modify_ldt; 3.257 - extern syscall_handler_t sys_rt_sigsuspend; 3.258 --extern syscall_handler_t sys_vserver; 3.259 - extern syscall_handler_t sys_mbind; 3.260 - extern syscall_handler_t sys_get_mempolicy; 3.261 - extern syscall_handler_t sys_set_mempolicy; 3.262 -@@ -242,6 +241,7 @@ 3.263 - [ __NR_epoll_create ] = (syscall_handler_t *) sys_epoll_create, 3.264 - [ __NR_epoll_ctl ] = (syscall_handler_t *) sys_epoll_ctl, 3.265 - [ __NR_epoll_wait ] = (syscall_handler_t *) sys_epoll_wait, 3.266 -+ [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, 3.267 - [ __NR_set_tid_address ] = (syscall_handler_t *) sys_set_tid_address, 3.268 - [ __NR_timer_create ] = (syscall_handler_t *) sys_timer_create, 3.269 - [ __NR_timer_settime ] = (syscall_handler_t *) sys_timer_settime, 3.270 -@@ -252,12 +252,10 @@ 3.271 - [ __NR_clock_gettime ] = (syscall_handler_t *) sys_clock_gettime, 3.272 - [ __NR_clock_getres ] = (syscall_handler_t *) sys_clock_getres, 3.273 - [ __NR_clock_nanosleep ] = (syscall_handler_t *) sys_clock_nanosleep, 3.274 -- [ __NR_statfs64 ] = (syscall_handler_t *) sys_statfs64, 3.275 -- [ __NR_fstatfs64 ] = (syscall_handler_t *) sys_fstatfs64, 3.276 - [ __NR_tgkill ] = (syscall_handler_t *) sys_tgkill, 3.277 - [ __NR_utimes ] = (syscall_handler_t *) sys_utimes, 3.278 -- [ __NR_fadvise64_64 ] = (syscall_handler_t *) sys_fadvise64_64, 3.279 -- [ __NR_vserver ] = (syscall_handler_t *) sys_vserver, 3.280 -+ [ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, 3.281 -+ [ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall, 3.282 - [ __NR_mbind ] = (syscall_handler_t *) sys_mbind, 3.283 - [ __NR_get_mempolicy ] = (syscall_handler_t *) sys_get_mempolicy, 3.284 - [ __NR_set_mempolicy ] = (syscall_handler_t *) sys_set_mempolicy, 3.285 -@@ -267,9 +265,8 @@ 3.286 - [ __NR_mq_timedreceive ] = (syscall_handler_t *) sys_mq_timedreceive, 3.287 - [ __NR_mq_notify ] = (syscall_handler_t *) sys_mq_notify, 3.288 - [ __NR_mq_getsetattr ] = (syscall_handler_t *) sys_mq_getsetattr, 3.289 -- [ __NR_sys_kexec_load ] = (syscall_handler_t *) sys_ni_syscall, 3.290 -+ [ __NR_kexec_load ] = (syscall_handler_t *) sys_ni_syscall, 3.291 - [ __NR_waitid ] = (syscall_handler_t *) sys_waitid, 3.292 -- [ 285 ] = (syscall_handler_t *) sys_ni_syscall, 3.293 - [ __NR_add_key ] = (syscall_handler_t *) sys_add_key, 3.294 - [ __NR_request_key ] = (syscall_handler_t *) sys_request_key, 3.295 - [ __NR_keyctl ] = (syscall_handler_t *) sys_keyctl, 3.296 -diff -Nru a/drivers/char/drm/drm_ioctl.c b/drivers/char/drm/drm_ioctl.c 3.297 ---- a/drivers/char/drm/drm_ioctl.c 2005-04-29 18:34:27 -07:00 3.298 -+++ b/drivers/char/drm/drm_ioctl.c 2005-04-29 18:34:27 -07:00 3.299 -@@ -326,6 +326,8 @@ 3.300 - 3.301 - DRM_COPY_FROM_USER_IOCTL(sv, argp, sizeof(sv)); 3.302 - 3.303 -+ memset(&version, 0, sizeof(version)); 3.304 -+ 3.305 - dev->driver->version(&version); 3.306 - retv.drm_di_major = DRM_IF_MAJOR; 3.307 - retv.drm_di_minor = DRM_IF_MINOR; 3.308 -diff -Nru a/drivers/i2c/chips/eeprom.c b/drivers/i2c/chips/eeprom.c 3.309 ---- a/drivers/i2c/chips/eeprom.c 2005-04-29 18:34:27 -07:00 3.310 -+++ b/drivers/i2c/chips/eeprom.c 2005-04-29 18:34:27 -07:00 3.311 -@@ -130,7 +130,8 @@ 3.312 - 3.313 - /* Hide Vaio security settings to regular users (16 first bytes) */ 3.314 - if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) { 3.315 -- int in_row1 = 16 - off; 3.316 -+ size_t in_row1 = 16 - off; 3.317 -+ in_row1 = min(in_row1, count); 3.318 - memset(buf, 0, in_row1); 3.319 - if (count - in_row1 > 0) 3.320 - memcpy(buf + in_row1, &data->data[16], count - in_row1); 3.321 -diff -Nru a/drivers/i2c/chips/it87.c b/drivers/i2c/chips/it87.c 3.322 ---- a/drivers/i2c/chips/it87.c 2005-04-29 18:34:28 -07:00 3.323 -+++ b/drivers/i2c/chips/it87.c 2005-04-29 18:34:28 -07:00 3.324 -@@ -631,7 +631,7 @@ 3.325 - struct it87_data *data = it87_update_device(dev); 3.326 - return sprintf(buf,"%d\n", ALARMS_FROM_REG(data->alarms)); 3.327 - } 3.328 --static DEVICE_ATTR(alarms, S_IRUGO | S_IWUSR, show_alarms, NULL); 3.329 -+static DEVICE_ATTR(alarms, S_IRUGO, show_alarms, NULL); 3.330 - 3.331 - static ssize_t 3.332 - show_vrm_reg(struct device *dev, char *buf) 3.333 -diff -Nru a/drivers/i2c/chips/via686a.c b/drivers/i2c/chips/via686a.c 3.334 ---- a/drivers/i2c/chips/via686a.c 2005-04-29 18:34:27 -07:00 3.335 -+++ b/drivers/i2c/chips/via686a.c 2005-04-29 18:34:27 -07:00 3.336 -@@ -554,7 +554,7 @@ 3.337 - struct via686a_data *data = via686a_update_device(dev); 3.338 - return sprintf(buf,"%d\n", ALARMS_FROM_REG(data->alarms)); 3.339 - } 3.340 --static DEVICE_ATTR(alarms, S_IRUGO | S_IWUSR, show_alarms, NULL); 3.341 -+static DEVICE_ATTR(alarms, S_IRUGO, show_alarms, NULL); 3.342 - 3.343 - /* The driver. I choose to use type i2c_driver, as at is identical to both 3.344 - smbus_driver and isa_driver, and clients could be of either kind */ 3.345 -diff -Nru a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h 3.346 ---- a/drivers/input/serio/i8042-x86ia64io.h 2005-04-29 18:34:28 -07:00 3.347 -+++ b/drivers/input/serio/i8042-x86ia64io.h 2005-04-29 18:34:28 -07:00 3.348 -@@ -88,7 +88,7 @@ 3.349 - }; 3.350 - #endif 3.351 - 3.352 --#ifdef CONFIG_ACPI 3.353 -+#if defined(__ia64__) && defined(CONFIG_ACPI) 3.354 - #include <linux/acpi.h> 3.355 - #include <acpi/acpi_bus.h> 3.356 - 3.357 -@@ -281,7 +281,7 @@ 3.358 - i8042_kbd_irq = I8042_MAP_IRQ(1); 3.359 - i8042_aux_irq = I8042_MAP_IRQ(12); 3.360 - 3.361 --#ifdef CONFIG_ACPI 3.362 -+#if defined(__ia64__) && defined(CONFIG_ACPI) 3.363 - if (i8042_acpi_init()) 3.364 - return -1; 3.365 - #endif 3.366 -@@ -300,7 +300,7 @@ 3.367 - 3.368 - static inline void i8042_platform_exit(void) 3.369 - { 3.370 --#ifdef CONFIG_ACPI 3.371 -+#if defined(__ia64__) && defined(CONFIG_ACPI) 3.372 - i8042_acpi_exit(); 3.373 - #endif 3.374 - } 3.375 -diff -Nru a/drivers/md/raid6altivec.uc b/drivers/md/raid6altivec.uc 3.376 ---- a/drivers/md/raid6altivec.uc 2005-04-29 18:34:28 -07:00 3.377 -+++ b/drivers/md/raid6altivec.uc 2005-04-29 18:34:28 -07:00 3.378 -@@ -108,7 +108,11 @@ 3.379 - int raid6_have_altivec(void) 3.380 - { 3.381 - /* This assumes either all CPUs have Altivec or none does */ 3.382 -+#ifdef CONFIG_PPC64 3.383 - return cur_cpu_spec->cpu_features & CPU_FTR_ALTIVEC; 3.384 -+#else 3.385 -+ return cur_cpu_spec[0]->cpu_features & CPU_FTR_ALTIVEC; 3.386 -+#endif 3.387 - } 3.388 - #endif 3.389 - 3.390 -diff -Nru a/drivers/media/video/adv7170.c b/drivers/media/video/adv7170.c 3.391 ---- a/drivers/media/video/adv7170.c 2005-04-29 18:34:28 -07:00 3.392 -+++ b/drivers/media/video/adv7170.c 2005-04-29 18:34:28 -07:00 3.393 -@@ -130,7 +130,7 @@ 3.394 - u8 block_data[32]; 3.395 - 3.396 - msg.addr = client->addr; 3.397 -- msg.flags = client->flags; 3.398 -+ msg.flags = 0; 3.399 - while (len >= 2) { 3.400 - msg.buf = (char *) block_data; 3.401 - msg.len = 0; 3.402 -diff -Nru a/drivers/media/video/adv7175.c b/drivers/media/video/adv7175.c 3.403 ---- a/drivers/media/video/adv7175.c 2005-04-29 18:34:28 -07:00 3.404 -+++ b/drivers/media/video/adv7175.c 2005-04-29 18:34:28 -07:00 3.405 -@@ -126,7 +126,7 @@ 3.406 - u8 block_data[32]; 3.407 - 3.408 - msg.addr = client->addr; 3.409 -- msg.flags = client->flags; 3.410 -+ msg.flags = 0; 3.411 - while (len >= 2) { 3.412 - msg.buf = (char *) block_data; 3.413 - msg.len = 0; 3.414 -diff -Nru a/drivers/media/video/bt819.c b/drivers/media/video/bt819.c 3.415 ---- a/drivers/media/video/bt819.c 2005-04-29 18:34:27 -07:00 3.416 -+++ b/drivers/media/video/bt819.c 2005-04-29 18:34:27 -07:00 3.417 -@@ -146,7 +146,7 @@ 3.418 - u8 block_data[32]; 3.419 - 3.420 - msg.addr = client->addr; 3.421 -- msg.flags = client->flags; 3.422 -+ msg.flags = 0; 3.423 - while (len >= 2) { 3.424 - msg.buf = (char *) block_data; 3.425 - msg.len = 0; 3.426 -diff -Nru a/drivers/media/video/bttv-cards.c b/drivers/media/video/bttv-cards.c 3.427 ---- a/drivers/media/video/bttv-cards.c 2005-04-29 18:34:28 -07:00 3.428 -+++ b/drivers/media/video/bttv-cards.c 2005-04-29 18:34:28 -07:00 3.429 -@@ -2718,8 +2718,6 @@ 3.430 - } 3.431 - btv->pll.pll_current = -1; 3.432 - 3.433 -- bttv_reset_audio(btv); 3.434 -- 3.435 - /* tuner configuration (from card list / autodetect / insmod option) */ 3.436 - if (UNSET != bttv_tvcards[btv->c.type].tuner_type) 3.437 - if(UNSET == btv->tuner_type) 3.438 -diff -Nru a/drivers/media/video/saa7110.c b/drivers/media/video/saa7110.c 3.439 ---- a/drivers/media/video/saa7110.c 2005-04-29 18:34:27 -07:00 3.440 -+++ b/drivers/media/video/saa7110.c 2005-04-29 18:34:27 -07:00 3.441 -@@ -60,8 +60,10 @@ 3.442 - 3.443 - #define I2C_SAA7110 0x9C /* or 0x9E */ 3.444 - 3.445 -+#define SAA7110_NR_REG 0x35 3.446 -+ 3.447 - struct saa7110 { 3.448 -- unsigned char reg[54]; 3.449 -+ u8 reg[SAA7110_NR_REG]; 3.450 - 3.451 - int norm; 3.452 - int input; 3.453 -@@ -95,31 +97,28 @@ 3.454 - unsigned int len) 3.455 - { 3.456 - int ret = -1; 3.457 -- u8 reg = *data++; 3.458 -+ u8 reg = *data; /* first register to write to */ 3.459 - 3.460 -- len--; 3.461 -+ /* Sanity check */ 3.462 -+ if (reg + (len - 1) > SAA7110_NR_REG) 3.463 -+ return ret; 3.464 - 3.465 - /* the saa7110 has an autoincrement function, use it if 3.466 - * the adapter understands raw I2C */ 3.467 - if (i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) { 3.468 - struct saa7110 *decoder = i2c_get_clientdata(client); 3.469 - struct i2c_msg msg; 3.470 -- u8 block_data[54]; 3.471 - 3.472 -- msg.len = 0; 3.473 -- msg.buf = (char *) block_data; 3.474 -+ msg.len = len; 3.475 -+ msg.buf = (char *) data; 3.476 - msg.addr = client->addr; 3.477 -- msg.flags = client->flags; 3.478 -- while (len >= 1) { 3.479 -- msg.len = 0; 3.480 -- block_data[msg.len++] = reg; 3.481 -- while (len-- >= 1 && msg.len < 54) 3.482 -- block_data[msg.len++] = 3.483 -- decoder->reg[reg++] = *data++; 3.484 -- ret = i2c_transfer(client->adapter, &msg, 1); 3.485 -- } 3.486 -+ msg.flags = 0; 3.487 -+ ret = i2c_transfer(client->adapter, &msg, 1); 3.488 -+ 3.489 -+ /* Cache the written data */ 3.490 -+ memcpy(decoder->reg + reg, data + 1, len - 1); 3.491 - } else { 3.492 -- while (len-- >= 1) { 3.493 -+ for (++data, --len; len; len--) { 3.494 - if ((ret = saa7110_write(client, reg++, 3.495 - *data++)) < 0) 3.496 - break; 3.497 -@@ -192,7 +191,7 @@ 3.498 - return 0; 3.499 - } 3.500 - 3.501 --static const unsigned char initseq[] = { 3.502 -+static const unsigned char initseq[1 + SAA7110_NR_REG] = { 3.503 - 0, 0x4C, 0x3C, 0x0D, 0xEF, 0xBD, 0xF2, 0x03, 0x00, 3.504 - /* 0x08 */ 0xF8, 0xF8, 0x60, 0x60, 0x00, 0x86, 0x18, 0x90, 3.505 - /* 0x10 */ 0x00, 0x59, 0x40, 0x46, 0x42, 0x1A, 0xFF, 0xDA, 3.506 -diff -Nru a/drivers/media/video/saa7114.c b/drivers/media/video/saa7114.c 3.507 ---- a/drivers/media/video/saa7114.c 2005-04-29 18:34:28 -07:00 3.508 -+++ b/drivers/media/video/saa7114.c 2005-04-29 18:34:28 -07:00 3.509 -@@ -163,7 +163,7 @@ 3.510 - u8 block_data[32]; 3.511 - 3.512 - msg.addr = client->addr; 3.513 -- msg.flags = client->flags; 3.514 -+ msg.flags = 0; 3.515 - while (len >= 2) { 3.516 - msg.buf = (char *) block_data; 3.517 - msg.len = 0; 3.518 -diff -Nru a/drivers/media/video/saa7185.c b/drivers/media/video/saa7185.c 3.519 ---- a/drivers/media/video/saa7185.c 2005-04-29 18:34:28 -07:00 3.520 -+++ b/drivers/media/video/saa7185.c 2005-04-29 18:34:28 -07:00 3.521 -@@ -118,7 +118,7 @@ 3.522 - u8 block_data[32]; 3.523 - 3.524 - msg.addr = client->addr; 3.525 -- msg.flags = client->flags; 3.526 -+ msg.flags = 0; 3.527 - while (len >= 2) { 3.528 - msg.buf = (char *) block_data; 3.529 - msg.len = 0; 3.530 -diff -Nru a/drivers/net/amd8111e.c b/drivers/net/amd8111e.c 3.531 ---- a/drivers/net/amd8111e.c 2005-04-29 18:34:28 -07:00 3.532 -+++ b/drivers/net/amd8111e.c 2005-04-29 18:34:28 -07:00 3.533 -@@ -1381,6 +1381,8 @@ 3.534 - 3.535 - if(amd8111e_restart(dev)){ 3.536 - spin_unlock_irq(&lp->lock); 3.537 -+ if (dev->irq) 3.538 -+ free_irq(dev->irq, dev); 3.539 - return -ENOMEM; 3.540 - } 3.541 - /* Start ipg timer */ 3.542 -diff -Nru a/drivers/net/ppp_async.c b/drivers/net/ppp_async.c 3.543 ---- a/drivers/net/ppp_async.c 2005-04-29 18:34:28 -07:00 3.544 -+++ b/drivers/net/ppp_async.c 2005-04-29 18:34:28 -07:00 3.545 -@@ -1000,7 +1000,7 @@ 3.546 - data += 4; 3.547 - dlen -= 4; 3.548 - /* data[0] is code, data[1] is length */ 3.549 -- while (dlen >= 2 && dlen >= data[1]) { 3.550 -+ while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) { 3.551 - switch (data[0]) { 3.552 - case LCP_MRU: 3.553 - val = (data[2] << 8) + data[3]; 3.554 -diff -Nru a/drivers/net/r8169.c b/drivers/net/r8169.c 3.555 ---- a/drivers/net/r8169.c 2005-04-29 18:34:28 -07:00 3.556 -+++ b/drivers/net/r8169.c 2005-04-29 18:34:28 -07:00 3.557 -@@ -1683,16 +1683,19 @@ 3.558 - rtl8169_make_unusable_by_asic(desc); 3.559 - } 3.560 - 3.561 --static inline void rtl8169_return_to_asic(struct RxDesc *desc, int rx_buf_sz) 3.562 -+static inline void rtl8169_mark_to_asic(struct RxDesc *desc, u32 rx_buf_sz) 3.563 - { 3.564 -- desc->opts1 |= cpu_to_le32(DescOwn + rx_buf_sz); 3.565 -+ u32 eor = le32_to_cpu(desc->opts1) & RingEnd; 3.566 -+ 3.567 -+ desc->opts1 = cpu_to_le32(DescOwn | eor | rx_buf_sz); 3.568 - } 3.569 - 3.570 --static inline void rtl8169_give_to_asic(struct RxDesc *desc, dma_addr_t mapping, 3.571 -- int rx_buf_sz) 3.572 -+static inline void rtl8169_map_to_asic(struct RxDesc *desc, dma_addr_t mapping, 3.573 -+ u32 rx_buf_sz) 3.574 - { 3.575 - desc->addr = cpu_to_le64(mapping); 3.576 -- desc->opts1 |= cpu_to_le32(DescOwn + rx_buf_sz); 3.577 -+ wmb(); 3.578 -+ rtl8169_mark_to_asic(desc, rx_buf_sz); 3.579 - } 3.580 - 3.581 - static int rtl8169_alloc_rx_skb(struct pci_dev *pdev, struct sk_buff **sk_buff, 3.582 -@@ -1712,7 +1715,7 @@ 3.583 - mapping = pci_map_single(pdev, skb->tail, rx_buf_sz, 3.584 - PCI_DMA_FROMDEVICE); 3.585 - 3.586 -- rtl8169_give_to_asic(desc, mapping, rx_buf_sz); 3.587 -+ rtl8169_map_to_asic(desc, mapping, rx_buf_sz); 3.588 - 3.589 - out: 3.590 - return ret; 3.591 -@@ -2150,7 +2153,7 @@ 3.592 - skb_reserve(skb, NET_IP_ALIGN); 3.593 - eth_copy_and_sum(skb, sk_buff[0]->tail, pkt_size, 0); 3.594 - *sk_buff = skb; 3.595 -- rtl8169_return_to_asic(desc, rx_buf_sz); 3.596 -+ rtl8169_mark_to_asic(desc, rx_buf_sz); 3.597 - ret = 0; 3.598 - } 3.599 - } 3.600 -diff -Nru a/drivers/net/sis900.c b/drivers/net/sis900.c 3.601 ---- a/drivers/net/sis900.c 2005-04-29 18:34:27 -07:00 3.602 -+++ b/drivers/net/sis900.c 2005-04-29 18:34:27 -07:00 3.603 -@@ -236,7 +236,7 @@ 3.604 - signature = (u16) read_eeprom(ioaddr, EEPROMSignature); 3.605 - if (signature == 0xffff || signature == 0x0000) { 3.606 - printk (KERN_INFO "%s: Error EERPOM read %x\n", 3.607 -- net_dev->name, signature); 3.608 -+ pci_name(pci_dev), signature); 3.609 - return 0; 3.610 - } 3.611 - 3.612 -@@ -268,7 +268,7 @@ 3.613 - if (!isa_bridge) 3.614 - isa_bridge = pci_get_device(PCI_VENDOR_ID_SI, 0x0018, isa_bridge); 3.615 - if (!isa_bridge) { 3.616 -- printk("%s: Can not find ISA bridge\n", net_dev->name); 3.617 -+ printk("%s: Can not find ISA bridge\n", pci_name(pci_dev)); 3.618 - return 0; 3.619 - } 3.620 - pci_read_config_byte(isa_bridge, 0x48, ®); 3.621 -@@ -456,10 +456,6 @@ 3.622 - net_dev->tx_timeout = sis900_tx_timeout; 3.623 - net_dev->watchdog_timeo = TX_TIMEOUT; 3.624 - net_dev->ethtool_ops = &sis900_ethtool_ops; 3.625 -- 3.626 -- ret = register_netdev(net_dev); 3.627 -- if (ret) 3.628 -- goto err_unmap_rx; 3.629 - 3.630 - /* Get Mac address according to the chip revision */ 3.631 - pci_read_config_byte(pci_dev, PCI_CLASS_REVISION, &revision); 3.632 -@@ -476,7 +472,7 @@ 3.633 - 3.634 - if (ret == 0) { 3.635 - ret = -ENODEV; 3.636 -- goto err_out_unregister; 3.637 -+ goto err_unmap_rx; 3.638 - } 3.639 - 3.640 - /* 630ET : set the mii access mode as software-mode */ 3.641 -@@ -486,7 +482,7 @@ 3.642 - /* probe for mii transceiver */ 3.643 - if (sis900_mii_probe(net_dev) == 0) { 3.644 - ret = -ENODEV; 3.645 -- goto err_out_unregister; 3.646 -+ goto err_unmap_rx; 3.647 - } 3.648 - 3.649 - /* save our host bridge revision */ 3.650 -@@ -496,6 +492,10 @@ 3.651 - pci_dev_put(dev); 3.652 - } 3.653 - 3.654 -+ ret = register_netdev(net_dev); 3.655 -+ if (ret) 3.656 -+ goto err_unmap_rx; 3.657 -+ 3.658 - /* print some information about our NIC */ 3.659 - printk(KERN_INFO "%s: %s at %#lx, IRQ %d, ", net_dev->name, 3.660 - card_name, ioaddr, net_dev->irq); 3.661 -@@ -505,8 +505,6 @@ 3.662 - 3.663 - return 0; 3.664 - 3.665 -- err_out_unregister: 3.666 -- unregister_netdev(net_dev); 3.667 - err_unmap_rx: 3.668 - pci_free_consistent(pci_dev, RX_TOTAL_SIZE, sis_priv->rx_ring, 3.669 - sis_priv->rx_ring_dma); 3.670 -@@ -533,6 +531,7 @@ 3.671 - static int __init sis900_mii_probe(struct net_device * net_dev) 3.672 - { 3.673 - struct sis900_private * sis_priv = net_dev->priv; 3.674 -+ const char *dev_name = pci_name(sis_priv->pci_dev); 3.675 - u16 poll_bit = MII_STAT_LINK, status = 0; 3.676 - unsigned long timeout = jiffies + 5 * HZ; 3.677 - int phy_addr; 3.678 -@@ -582,21 +581,20 @@ 3.679 - mii_phy->phy_types = 3.680 - (mii_status & (MII_STAT_CAN_TX_FDX | MII_STAT_CAN_TX)) ? LAN : HOME; 3.681 - printk(KERN_INFO "%s: %s transceiver found at address %d.\n", 3.682 -- net_dev->name, mii_chip_table[i].name, 3.683 -+ dev_name, mii_chip_table[i].name, 3.684 - phy_addr); 3.685 - break; 3.686 - } 3.687 - 3.688 - if( !mii_chip_table[i].phy_id1 ) { 3.689 - printk(KERN_INFO "%s: Unknown PHY transceiver found at address %d.\n", 3.690 -- net_dev->name, phy_addr); 3.691 -+ dev_name, phy_addr); 3.692 - mii_phy->phy_types = UNKNOWN; 3.693 - } 3.694 - } 3.695 - 3.696 - if (sis_priv->mii == NULL) { 3.697 -- printk(KERN_INFO "%s: No MII transceivers found!\n", 3.698 -- net_dev->name); 3.699 -+ printk(KERN_INFO "%s: No MII transceivers found!\n", dev_name); 3.700 - return 0; 3.701 - } 3.702 - 3.703 -@@ -621,7 +619,7 @@ 3.704 - poll_bit ^= (mdio_read(net_dev, sis_priv->cur_phy, MII_STATUS) & poll_bit); 3.705 - if (time_after_eq(jiffies, timeout)) { 3.706 - printk(KERN_WARNING "%s: reset phy and link down now\n", 3.707 -- net_dev->name); 3.708 -+ dev_name); 3.709 - return -ETIME; 3.710 - } 3.711 - } 3.712 -@@ -691,7 +689,7 @@ 3.713 - sis_priv->mii = default_phy; 3.714 - sis_priv->cur_phy = default_phy->phy_addr; 3.715 - printk(KERN_INFO "%s: Using transceiver found at address %d as default\n", 3.716 -- net_dev->name,sis_priv->cur_phy); 3.717 -+ pci_name(sis_priv->pci_dev), sis_priv->cur_phy); 3.718 - } 3.719 - 3.720 - status = mdio_read(net_dev, sis_priv->cur_phy, MII_CONTROL); 3.721 -diff -Nru a/drivers/net/tun.c b/drivers/net/tun.c 3.722 ---- a/drivers/net/tun.c 2005-04-29 18:34:27 -07:00 3.723 -+++ b/drivers/net/tun.c 2005-04-29 18:34:27 -07:00 3.724 -@@ -229,7 +229,7 @@ 3.725 - size_t len = count; 3.726 - 3.727 - if (!(tun->flags & TUN_NO_PI)) { 3.728 -- if ((len -= sizeof(pi)) > len) 3.729 -+ if ((len -= sizeof(pi)) > count) 3.730 - return -EINVAL; 3.731 - 3.732 - if(memcpy_fromiovec((void *)&pi, iv, sizeof(pi))) 3.733 -diff -Nru a/drivers/net/via-rhine.c b/drivers/net/via-rhine.c 3.734 ---- a/drivers/net/via-rhine.c 2005-04-29 18:34:28 -07:00 3.735 -+++ b/drivers/net/via-rhine.c 2005-04-29 18:34:28 -07:00 3.736 -@@ -1197,8 +1197,10 @@ 3.737 - dev->name, rp->pdev->irq); 3.738 - 3.739 - rc = alloc_ring(dev); 3.740 -- if (rc) 3.741 -+ if (rc) { 3.742 -+ free_irq(rp->pdev->irq, dev); 3.743 - return rc; 3.744 -+ } 3.745 - alloc_rbufs(dev); 3.746 - alloc_tbufs(dev); 3.747 - rhine_chip_reset(dev); 3.748 -@@ -1898,6 +1900,9 @@ 3.749 - struct net_device *dev = pci_get_drvdata(pdev); 3.750 - struct rhine_private *rp = netdev_priv(dev); 3.751 - void __iomem *ioaddr = rp->base; 3.752 -+ 3.753 -+ if (!(rp->quirks & rqWOL)) 3.754 -+ return; /* Nothing to do for non-WOL adapters */ 3.755 - 3.756 - rhine_power_init(dev); 3.757 - 3.758 -diff -Nru a/drivers/net/wan/hd6457x.c b/drivers/net/wan/hd6457x.c 3.759 ---- a/drivers/net/wan/hd6457x.c 2005-04-29 18:34:27 -07:00 3.760 -+++ b/drivers/net/wan/hd6457x.c 2005-04-29 18:34:27 -07:00 3.761 -@@ -315,7 +315,7 @@ 3.762 - #endif 3.763 - stats->rx_packets++; 3.764 - stats->rx_bytes += skb->len; 3.765 -- skb->dev->last_rx = jiffies; 3.766 -+ dev->last_rx = jiffies; 3.767 - skb->protocol = hdlc_type_trans(skb, dev); 3.768 - netif_rx(skb); 3.769 - } 3.770 -diff -Nru a/drivers/pci/hotplug/pciehp_ctrl.c b/drivers/pci/hotplug/pciehp_ctrl.c 3.771 ---- a/drivers/pci/hotplug/pciehp_ctrl.c 2005-04-29 18:34:27 -07:00 3.772 -+++ b/drivers/pci/hotplug/pciehp_ctrl.c 2005-04-29 18:34:27 -07:00 3.773 -@@ -1354,10 +1354,11 @@ 3.774 - dbg("PCI Bridge Hot-Remove s:b:d:f(%02x:%02x:%02x:%02x)\n", 3.775 - ctrl->seg, func->bus, func->device, func->function); 3.776 - bridge_slot_remove(func); 3.777 -- } else 3.778 -+ } else { 3.779 - dbg("PCI Function Hot-Remove s:b:d:f(%02x:%02x:%02x:%02x)\n", 3.780 - ctrl->seg, func->bus, func->device, func->function); 3.781 - slot_remove(func); 3.782 -+ } 3.783 - 3.784 - func = pciehp_slot_find(ctrl->slot_bus, device, 0); 3.785 - } 3.786 -diff -Nru a/fs/binfmt_elf.c b/fs/binfmt_elf.c 3.787 ---- a/fs/binfmt_elf.c 2005-04-29 18:34:28 -07:00 3.788 -+++ b/fs/binfmt_elf.c 2005-04-29 18:34:28 -07:00 3.789 -@@ -1008,6 +1008,7 @@ 3.790 - static int load_elf_library(struct file *file) 3.791 - { 3.792 - struct elf_phdr *elf_phdata; 3.793 -+ struct elf_phdr *eppnt; 3.794 - unsigned long elf_bss, bss, len; 3.795 - int retval, error, i, j; 3.796 - struct elfhdr elf_ex; 3.797 -@@ -1031,44 +1032,47 @@ 3.798 - /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */ 3.799 - 3.800 - error = -ENOMEM; 3.801 -- elf_phdata = (struct elf_phdr *) kmalloc(j, GFP_KERNEL); 3.802 -+ elf_phdata = kmalloc(j, GFP_KERNEL); 3.803 - if (!elf_phdata) 3.804 - goto out; 3.805 - 3.806 -+ eppnt = elf_phdata; 3.807 - error = -ENOEXEC; 3.808 -- retval = kernel_read(file, elf_ex.e_phoff, (char *) elf_phdata, j); 3.809 -+ retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j); 3.810 - if (retval != j) 3.811 - goto out_free_ph; 3.812 - 3.813 - for (j = 0, i = 0; i<elf_ex.e_phnum; i++) 3.814 -- if ((elf_phdata + i)->p_type == PT_LOAD) j++; 3.815 -+ if ((eppnt + i)->p_type == PT_LOAD) 3.816 -+ j++; 3.817 - if (j != 1) 3.818 - goto out_free_ph; 3.819 - 3.820 -- while (elf_phdata->p_type != PT_LOAD) elf_phdata++; 3.821 -+ while (eppnt->p_type != PT_LOAD) 3.822 -+ eppnt++; 3.823 - 3.824 - /* Now use mmap to map the library into memory. */ 3.825 - down_write(¤t->mm->mmap_sem); 3.826 - error = do_mmap(file, 3.827 -- ELF_PAGESTART(elf_phdata->p_vaddr), 3.828 -- (elf_phdata->p_filesz + 3.829 -- ELF_PAGEOFFSET(elf_phdata->p_vaddr)), 3.830 -+ ELF_PAGESTART(eppnt->p_vaddr), 3.831 -+ (eppnt->p_filesz + 3.832 -+ ELF_PAGEOFFSET(eppnt->p_vaddr)), 3.833 - PROT_READ | PROT_WRITE | PROT_EXEC, 3.834 - MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE, 3.835 -- (elf_phdata->p_offset - 3.836 -- ELF_PAGEOFFSET(elf_phdata->p_vaddr))); 3.837 -+ (eppnt->p_offset - 3.838 -+ ELF_PAGEOFFSET(eppnt->p_vaddr))); 3.839 - up_write(¤t->mm->mmap_sem); 3.840 -- if (error != ELF_PAGESTART(elf_phdata->p_vaddr)) 3.841 -+ if (error != ELF_PAGESTART(eppnt->p_vaddr)) 3.842 - goto out_free_ph; 3.843 - 3.844 -- elf_bss = elf_phdata->p_vaddr + elf_phdata->p_filesz; 3.845 -+ elf_bss = eppnt->p_vaddr + eppnt->p_filesz; 3.846 - if (padzero(elf_bss)) { 3.847 - error = -EFAULT; 3.848 - goto out_free_ph; 3.849 - } 3.850 - 3.851 -- len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1); 3.852 -- bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; 3.853 -+ len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + ELF_MIN_ALIGN - 1); 3.854 -+ bss = eppnt->p_memsz + eppnt->p_vaddr; 3.855 - if (bss > len) { 3.856 - down_write(¤t->mm->mmap_sem); 3.857 - do_brk(len, bss - len); 3.858 -diff -Nru a/fs/cramfs/inode.c b/fs/cramfs/inode.c 3.859 ---- a/fs/cramfs/inode.c 2005-04-29 18:34:27 -07:00 3.860 -+++ b/fs/cramfs/inode.c 2005-04-29 18:34:27 -07:00 3.861 -@@ -70,6 +70,7 @@ 3.862 - inode->i_data.a_ops = &cramfs_aops; 3.863 - } else { 3.864 - inode->i_size = 0; 3.865 -+ inode->i_blocks = 0; 3.866 - init_special_inode(inode, inode->i_mode, 3.867 - old_decode_dev(cramfs_inode->size)); 3.868 - } 3.869 -diff -Nru a/fs/eventpoll.c b/fs/eventpoll.c 3.870 ---- a/fs/eventpoll.c 2005-04-29 18:34:27 -07:00 3.871 -+++ b/fs/eventpoll.c 2005-04-29 18:34:27 -07:00 3.872 -@@ -619,6 +619,7 @@ 3.873 - return error; 3.874 - } 3.875 - 3.876 -+#define MAX_EVENTS (INT_MAX / sizeof(struct epoll_event)) 3.877 - 3.878 - /* 3.879 - * Implement the event wait interface for the eventpoll file. It is the kernel 3.880 -@@ -635,7 +636,7 @@ 3.881 - current, epfd, events, maxevents, timeout)); 3.882 - 3.883 - /* The maximum number of event must be greater than zero */ 3.884 -- if (maxevents <= 0) 3.885 -+ if (maxevents <= 0 || maxevents > MAX_EVENTS) 3.886 - return -EINVAL; 3.887 - 3.888 - /* Verify that the area passed by the user is writeable */ 3.889 -diff -Nru a/fs/exec.c b/fs/exec.c 3.890 ---- a/fs/exec.c 2005-04-29 18:34:27 -07:00 3.891 -+++ b/fs/exec.c 2005-04-29 18:34:27 -07:00 3.892 -@@ -814,7 +814,7 @@ 3.893 - { 3.894 - /* buf must be at least sizeof(tsk->comm) in size */ 3.895 - task_lock(tsk); 3.896 -- memcpy(buf, tsk->comm, sizeof(tsk->comm)); 3.897 -+ strncpy(buf, tsk->comm, sizeof(tsk->comm)); 3.898 - task_unlock(tsk); 3.899 - } 3.900 - 3.901 -diff -Nru a/fs/ext2/dir.c b/fs/ext2/dir.c 3.902 ---- a/fs/ext2/dir.c 2005-04-29 18:34:28 -07:00 3.903 -+++ b/fs/ext2/dir.c 2005-04-29 18:34:28 -07:00 3.904 -@@ -592,6 +592,7 @@ 3.905 - goto fail; 3.906 - } 3.907 - kaddr = kmap_atomic(page, KM_USER0); 3.908 -+ memset(kaddr, 0, chunk_size); 3.909 - de = (struct ext2_dir_entry_2 *)kaddr; 3.910 - de->name_len = 1; 3.911 - de->rec_len = cpu_to_le16(EXT2_DIR_REC_LEN(1)); 3.912 -diff -Nru a/fs/isofs/inode.c b/fs/isofs/inode.c 3.913 ---- a/fs/isofs/inode.c 2005-04-29 18:34:28 -07:00 3.914 -+++ b/fs/isofs/inode.c 2005-04-29 18:34:28 -07:00 3.915 -@@ -685,6 +685,8 @@ 3.916 - sbi->s_log_zone_size = isonum_723 (h_pri->logical_block_size); 3.917 - sbi->s_max_size = isonum_733(h_pri->volume_space_size); 3.918 - } else { 3.919 -+ if (!pri) 3.920 -+ goto out_freebh; 3.921 - rootp = (struct iso_directory_record *) pri->root_directory_record; 3.922 - sbi->s_nzones = isonum_733 (pri->volume_space_size); 3.923 - sbi->s_log_zone_size = isonum_723 (pri->logical_block_size); 3.924 -@@ -1394,6 +1396,9 @@ 3.925 - unsigned long hashval; 3.926 - struct inode *inode; 3.927 - struct isofs_iget5_callback_data data; 3.928 -+ 3.929 -+ if (offset >= 1ul << sb->s_blocksize_bits) 3.930 -+ return NULL; 3.931 - 3.932 - data.block = block; 3.933 - data.offset = offset; 3.934 -diff -Nru a/fs/isofs/rock.c b/fs/isofs/rock.c 3.935 ---- a/fs/isofs/rock.c 2005-04-29 18:34:28 -07:00 3.936 -+++ b/fs/isofs/rock.c 2005-04-29 18:34:28 -07:00 3.937 -@@ -53,6 +53,7 @@ 3.938 - if(LEN & 1) LEN++; \ 3.939 - CHR = ((unsigned char *) DE) + LEN; \ 3.940 - LEN = *((unsigned char *) DE) - LEN; \ 3.941 -+ if (LEN<0) LEN=0; \ 3.942 - if (ISOFS_SB(inode->i_sb)->s_rock_offset!=-1) \ 3.943 - { \ 3.944 - LEN-=ISOFS_SB(inode->i_sb)->s_rock_offset; \ 3.945 -@@ -73,6 +74,10 @@ 3.946 - offset1 = 0; \ 3.947 - pbh = sb_bread(DEV->i_sb, block); \ 3.948 - if(pbh){ \ 3.949 -+ if (offset > pbh->b_size || offset + cont_size > pbh->b_size){ \ 3.950 -+ brelse(pbh); \ 3.951 -+ goto out; \ 3.952 -+ } \ 3.953 - memcpy(buffer + offset1, pbh->b_data + offset, cont_size - offset1); \ 3.954 - brelse(pbh); \ 3.955 - chr = (unsigned char *) buffer; \ 3.956 -@@ -103,12 +108,13 @@ 3.957 - struct rock_ridge * rr; 3.958 - int sig; 3.959 - 3.960 -- while (len > 1){ /* There may be one byte for padding somewhere */ 3.961 -+ while (len > 2){ /* There may be one byte for padding somewhere */ 3.962 - rr = (struct rock_ridge *) chr; 3.963 -- if (rr->len == 0) goto out; /* Something got screwed up here */ 3.964 -+ if (rr->len < 3) goto out; /* Something got screwed up here */ 3.965 - sig = isonum_721(chr); 3.966 - chr += rr->len; 3.967 - len -= rr->len; 3.968 -+ if (len < 0) goto out; /* corrupted isofs */ 3.969 - 3.970 - switch(sig){ 3.971 - case SIG('R','R'): 3.972 -@@ -122,6 +128,7 @@ 3.973 - break; 3.974 - case SIG('N','M'): 3.975 - if (truncate) break; 3.976 -+ if (rr->len < 5) break; 3.977 - /* 3.978 - * If the flags are 2 or 4, this indicates '.' or '..'. 3.979 - * We don't want to do anything with this, because it 3.980 -@@ -186,12 +193,13 @@ 3.981 - struct rock_ridge * rr; 3.982 - int rootflag; 3.983 - 3.984 -- while (len > 1){ /* There may be one byte for padding somewhere */ 3.985 -+ while (len > 2){ /* There may be one byte for padding somewhere */ 3.986 - rr = (struct rock_ridge *) chr; 3.987 -- if (rr->len == 0) goto out; /* Something got screwed up here */ 3.988 -+ if (rr->len < 3) goto out; /* Something got screwed up here */ 3.989 - sig = isonum_721(chr); 3.990 - chr += rr->len; 3.991 - len -= rr->len; 3.992 -+ if (len < 0) goto out; /* corrupted isofs */ 3.993 - 3.994 - switch(sig){ 3.995 - #ifndef CONFIG_ZISOFS /* No flag for SF or ZF */ 3.996 -@@ -462,7 +470,7 @@ 3.997 - struct rock_ridge *rr; 3.998 - 3.999 - if (!ISOFS_SB(inode->i_sb)->s_rock) 3.1000 -- panic ("Cannot have symlink with high sierra variant of iso filesystem\n"); 3.1001 -+ goto error; 3.1002 - 3.1003 - block = ei->i_iget5_block; 3.1004 - lock_kernel(); 3.1005 -@@ -487,13 +495,15 @@ 3.1006 - SETUP_ROCK_RIDGE(raw_inode, chr, len); 3.1007 - 3.1008 - repeat: 3.1009 -- while (len > 1) { /* There may be one byte for padding somewhere */ 3.1010 -+ while (len > 2) { /* There may be one byte for padding somewhere */ 3.1011 - rr = (struct rock_ridge *) chr; 3.1012 -- if (rr->len == 0) 3.1013 -+ if (rr->len < 3) 3.1014 - goto out; /* Something got screwed up here */ 3.1015 - sig = isonum_721(chr); 3.1016 - chr += rr->len; 3.1017 - len -= rr->len; 3.1018 -+ if (len < 0) 3.1019 -+ goto out; /* corrupted isofs */ 3.1020 - 3.1021 - switch (sig) { 3.1022 - case SIG('R', 'R'): 3.1023 -@@ -543,6 +553,7 @@ 3.1024 - fail: 3.1025 - brelse(bh); 3.1026 - unlock_kernel(); 3.1027 -+ error: 3.1028 - SetPageError(page); 3.1029 - kunmap(page); 3.1030 - unlock_page(page); 3.1031 -diff -Nru a/fs/jbd/transaction.c b/fs/jbd/transaction.c 3.1032 ---- a/fs/jbd/transaction.c 2005-04-29 18:34:27 -07:00 3.1033 -+++ b/fs/jbd/transaction.c 2005-04-29 18:34:27 -07:00 3.1034 -@@ -1775,10 +1775,10 @@ 3.1035 - JBUFFER_TRACE(jh, "checkpointed: add to BJ_Forget"); 3.1036 - ret = __dispose_buffer(jh, 3.1037 - journal->j_running_transaction); 3.1038 -+ journal_put_journal_head(jh); 3.1039 - spin_unlock(&journal->j_list_lock); 3.1040 - jbd_unlock_bh_state(bh); 3.1041 - spin_unlock(&journal->j_state_lock); 3.1042 -- journal_put_journal_head(jh); 3.1043 - return ret; 3.1044 - } else { 3.1045 - /* There is no currently-running transaction. So the 3.1046 -@@ -1789,10 +1789,10 @@ 3.1047 - JBUFFER_TRACE(jh, "give to committing trans"); 3.1048 - ret = __dispose_buffer(jh, 3.1049 - journal->j_committing_transaction); 3.1050 -+ journal_put_journal_head(jh); 3.1051 - spin_unlock(&journal->j_list_lock); 3.1052 - jbd_unlock_bh_state(bh); 3.1053 - spin_unlock(&journal->j_state_lock); 3.1054 -- journal_put_journal_head(jh); 3.1055 - return ret; 3.1056 - } else { 3.1057 - /* The orphan record's transaction has 3.1058 -@@ -1813,10 +1813,10 @@ 3.1059 - journal->j_running_transaction); 3.1060 - jh->b_next_transaction = NULL; 3.1061 - } 3.1062 -+ journal_put_journal_head(jh); 3.1063 - spin_unlock(&journal->j_list_lock); 3.1064 - jbd_unlock_bh_state(bh); 3.1065 - spin_unlock(&journal->j_state_lock); 3.1066 -- journal_put_journal_head(jh); 3.1067 - return 0; 3.1068 - } else { 3.1069 - /* Good, the buffer belongs to the running transaction. 3.1070 -diff -Nru a/fs/partitions/msdos.c b/fs/partitions/msdos.c 3.1071 ---- a/fs/partitions/msdos.c 2005-04-29 18:34:28 -07:00 3.1072 -+++ b/fs/partitions/msdos.c 2005-04-29 18:34:28 -07:00 3.1073 -@@ -114,6 +114,9 @@ 3.1074 - */ 3.1075 - for (i=0; i<4; i++, p++) { 3.1076 - u32 offs, size, next; 3.1077 -+ 3.1078 -+ if (SYS_IND(p) == 0) 3.1079 -+ continue; 3.1080 - if (!NR_SECTS(p) || is_extended_partition(p)) 3.1081 - continue; 3.1082 - 3.1083 -@@ -430,6 +433,8 @@ 3.1084 - for (slot = 1 ; slot <= 4 ; slot++, p++) { 3.1085 - u32 start = START_SECT(p)*sector_size; 3.1086 - u32 size = NR_SECTS(p)*sector_size; 3.1087 -+ if (SYS_IND(p) == 0) 3.1088 -+ continue; 3.1089 - if (!size) 3.1090 - continue; 3.1091 - if (is_extended_partition(p)) { 3.1092 -diff -Nru a/kernel/signal.c b/kernel/signal.c 3.1093 ---- a/kernel/signal.c 2005-04-29 18:34:27 -07:00 3.1094 -+++ b/kernel/signal.c 2005-04-29 18:34:27 -07:00 3.1095 -@@ -1728,6 +1728,7 @@ 3.1096 - * with another processor delivering a stop signal, 3.1097 - * then the SIGCONT that wakes us up should clear it. 3.1098 - */ 3.1099 -+ read_unlock(&tasklist_lock); 3.1100 - return 0; 3.1101 - } 3.1102 - 3.1103 -diff -Nru a/lib/rwsem-spinlock.c b/lib/rwsem-spinlock.c 3.1104 ---- a/lib/rwsem-spinlock.c 2005-04-29 18:34:28 -07:00 3.1105 -+++ b/lib/rwsem-spinlock.c 2005-04-29 18:34:28 -07:00 3.1106 -@@ -140,12 +140,12 @@ 3.1107 - 3.1108 - rwsemtrace(sem, "Entering __down_read"); 3.1109 - 3.1110 -- spin_lock(&sem->wait_lock); 3.1111 -+ spin_lock_irq(&sem->wait_lock); 3.1112 - 3.1113 - if (sem->activity >= 0 && list_empty(&sem->wait_list)) { 3.1114 - /* granted */ 3.1115 - sem->activity++; 3.1116 -- spin_unlock(&sem->wait_lock); 3.1117 -+ spin_unlock_irq(&sem->wait_lock); 3.1118 - goto out; 3.1119 - } 3.1120 - 3.1121 -@@ -160,7 +160,7 @@ 3.1122 - list_add_tail(&waiter.list, &sem->wait_list); 3.1123 - 3.1124 - /* we don't need to touch the semaphore struct anymore */ 3.1125 -- spin_unlock(&sem->wait_lock); 3.1126 -+ spin_unlock_irq(&sem->wait_lock); 3.1127 - 3.1128 - /* wait to be given the lock */ 3.1129 - for (;;) { 3.1130 -@@ -181,10 +181,12 @@ 3.1131 - */ 3.1132 - int fastcall __down_read_trylock(struct rw_semaphore *sem) 3.1133 - { 3.1134 -+ unsigned long flags; 3.1135 - int ret = 0; 3.1136 -+ 3.1137 - rwsemtrace(sem, "Entering __down_read_trylock"); 3.1138 - 3.1139 -- spin_lock(&sem->wait_lock); 3.1140 -+ spin_lock_irqsave(&sem->wait_lock, flags); 3.1141 - 3.1142 - if (sem->activity >= 0 && list_empty(&sem->wait_list)) { 3.1143 - /* granted */ 3.1144 -@@ -192,7 +194,7 @@ 3.1145 - ret = 1; 3.1146 - } 3.1147 - 3.1148 -- spin_unlock(&sem->wait_lock); 3.1149 -+ spin_unlock_irqrestore(&sem->wait_lock, flags); 3.1150 - 3.1151 - rwsemtrace(sem, "Leaving __down_read_trylock"); 3.1152 - return ret; 3.1153 -@@ -209,12 +211,12 @@ 3.1154 - 3.1155 - rwsemtrace(sem, "Entering __down_write"); 3.1156 - 3.1157 -- spin_lock(&sem->wait_lock); 3.1158 -+ spin_lock_irq(&sem->wait_lock); 3.1159 - 3.1160 - if (sem->activity == 0 && list_empty(&sem->wait_list)) { 3.1161 - /* granted */ 3.1162 - sem->activity = -1; 3.1163 -- spin_unlock(&sem->wait_lock); 3.1164 -+ spin_unlock_irq(&sem->wait_lock); 3.1165 - goto out; 3.1166 - } 3.1167 - 3.1168 -@@ -229,7 +231,7 @@ 3.1169 - list_add_tail(&waiter.list, &sem->wait_list); 3.1170 - 3.1171 - /* we don't need to touch the semaphore struct anymore */ 3.1172 -- spin_unlock(&sem->wait_lock); 3.1173 -+ spin_unlock_irq(&sem->wait_lock); 3.1174 - 3.1175 - /* wait to be given the lock */ 3.1176 - for (;;) { 3.1177 -@@ -250,10 +252,12 @@ 3.1178 - */ 3.1179 - int fastcall __down_write_trylock(struct rw_semaphore *sem) 3.1180 - { 3.1181 -+ unsigned long flags; 3.1182 - int ret = 0; 3.1183 -+ 3.1184 - rwsemtrace(sem, "Entering __down_write_trylock"); 3.1185 - 3.1186 -- spin_lock(&sem->wait_lock); 3.1187 -+ spin_lock_irqsave(&sem->wait_lock, flags); 3.1188 - 3.1189 - if (sem->activity == 0 && list_empty(&sem->wait_list)) { 3.1190 - /* granted */ 3.1191 -@@ -261,7 +265,7 @@ 3.1192 - ret = 1; 3.1193 - } 3.1194 - 3.1195 -- spin_unlock(&sem->wait_lock); 3.1196 -+ spin_unlock_irqrestore(&sem->wait_lock, flags); 3.1197 - 3.1198 - rwsemtrace(sem, "Leaving __down_write_trylock"); 3.1199 - return ret; 3.1200 -@@ -272,14 +276,16 @@ 3.1201 - */ 3.1202 - void fastcall __up_read(struct rw_semaphore *sem) 3.1203 - { 3.1204 -+ unsigned long flags; 3.1205 -+ 3.1206 - rwsemtrace(sem, "Entering __up_read"); 3.1207 - 3.1208 -- spin_lock(&sem->wait_lock); 3.1209 -+ spin_lock_irqsave(&sem->wait_lock, flags); 3.1210 - 3.1211 - if (--sem->activity == 0 && !list_empty(&sem->wait_list)) 3.1212 - sem = __rwsem_wake_one_writer(sem); 3.1213 - 3.1214 -- spin_unlock(&sem->wait_lock); 3.1215 -+ spin_unlock_irqrestore(&sem->wait_lock, flags); 3.1216 - 3.1217 - rwsemtrace(sem, "Leaving __up_read"); 3.1218 - } 3.1219 -@@ -289,15 +295,17 @@ 3.1220 - */ 3.1221 - void fastcall __up_write(struct rw_semaphore *sem) 3.1222 - { 3.1223 -+ unsigned long flags; 3.1224 -+ 3.1225 - rwsemtrace(sem, "Entering __up_write"); 3.1226 - 3.1227 -- spin_lock(&sem->wait_lock); 3.1228 -+ spin_lock_irqsave(&sem->wait_lock, flags); 3.1229 - 3.1230 - sem->activity = 0; 3.1231 - if (!list_empty(&sem->wait_list)) 3.1232 - sem = __rwsem_do_wake(sem, 1); 3.1233 - 3.1234 -- spin_unlock(&sem->wait_lock); 3.1235 -+ spin_unlock_irqrestore(&sem->wait_lock, flags); 3.1236 - 3.1237 - rwsemtrace(sem, "Leaving __up_write"); 3.1238 - } 3.1239 -@@ -308,15 +316,17 @@ 3.1240 - */ 3.1241 - void fastcall __downgrade_write(struct rw_semaphore *sem) 3.1242 - { 3.1243 -+ unsigned long flags; 3.1244 -+ 3.1245 - rwsemtrace(sem, "Entering __downgrade_write"); 3.1246 - 3.1247 -- spin_lock(&sem->wait_lock); 3.1248 -+ spin_lock_irqsave(&sem->wait_lock, flags); 3.1249 - 3.1250 - sem->activity = 1; 3.1251 - if (!list_empty(&sem->wait_list)) 3.1252 - sem = __rwsem_do_wake(sem, 0); 3.1253 - 3.1254 -- spin_unlock(&sem->wait_lock); 3.1255 -+ spin_unlock_irqrestore(&sem->wait_lock, flags); 3.1256 - 3.1257 - rwsemtrace(sem, "Leaving __downgrade_write"); 3.1258 - } 3.1259 -diff -Nru a/lib/rwsem.c b/lib/rwsem.c 3.1260 ---- a/lib/rwsem.c 2005-04-29 18:34:28 -07:00 3.1261 -+++ b/lib/rwsem.c 2005-04-29 18:34:28 -07:00 3.1262 -@@ -150,7 +150,7 @@ 3.1263 - set_task_state(tsk, TASK_UNINTERRUPTIBLE); 3.1264 - 3.1265 - /* set up my own style of waitqueue */ 3.1266 -- spin_lock(&sem->wait_lock); 3.1267 -+ spin_lock_irq(&sem->wait_lock); 3.1268 - waiter->task = tsk; 3.1269 - get_task_struct(tsk); 3.1270 - 3.1271 -@@ -163,7 +163,7 @@ 3.1272 - if (!(count & RWSEM_ACTIVE_MASK)) 3.1273 - sem = __rwsem_do_wake(sem, 0); 3.1274 - 3.1275 -- spin_unlock(&sem->wait_lock); 3.1276 -+ spin_unlock_irq(&sem->wait_lock); 3.1277 - 3.1278 - /* wait to be given the lock */ 3.1279 - for (;;) { 3.1280 -@@ -219,15 +219,17 @@ 3.1281 - */ 3.1282 - struct rw_semaphore fastcall *rwsem_wake(struct rw_semaphore *sem) 3.1283 - { 3.1284 -+ unsigned long flags; 3.1285 -+ 3.1286 - rwsemtrace(sem, "Entering rwsem_wake"); 3.1287 - 3.1288 -- spin_lock(&sem->wait_lock); 3.1289 -+ spin_lock_irqsave(&sem->wait_lock, flags); 3.1290 - 3.1291 - /* do nothing if list empty */ 3.1292 - if (!list_empty(&sem->wait_list)) 3.1293 - sem = __rwsem_do_wake(sem, 0); 3.1294 - 3.1295 -- spin_unlock(&sem->wait_lock); 3.1296 -+ spin_unlock_irqrestore(&sem->wait_lock, flags); 3.1297 - 3.1298 - rwsemtrace(sem, "Leaving rwsem_wake"); 3.1299 - 3.1300 -@@ -241,15 +243,17 @@ 3.1301 - */ 3.1302 - struct rw_semaphore fastcall *rwsem_downgrade_wake(struct rw_semaphore *sem) 3.1303 - { 3.1304 -+ unsigned long flags; 3.1305 -+ 3.1306 - rwsemtrace(sem, "Entering rwsem_downgrade_wake"); 3.1307 - 3.1308 -- spin_lock(&sem->wait_lock); 3.1309 -+ spin_lock_irqsave(&sem->wait_lock, flags); 3.1310 - 3.1311 - /* do nothing if list empty */ 3.1312 - if (!list_empty(&sem->wait_list)) 3.1313 - sem = __rwsem_do_wake(sem, 1); 3.1314 - 3.1315 -- spin_unlock(&sem->wait_lock); 3.1316 -+ spin_unlock_irqrestore(&sem->wait_lock, flags); 3.1317 - 3.1318 - rwsemtrace(sem, "Leaving rwsem_downgrade_wake"); 3.1319 - return sem; 3.1320 -diff -Nru a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c 3.1321 ---- a/net/bluetooth/af_bluetooth.c 2005-04-29 18:34:27 -07:00 3.1322 -+++ b/net/bluetooth/af_bluetooth.c 2005-04-29 18:34:27 -07:00 3.1323 -@@ -64,7 +64,7 @@ 3.1324 - 3.1325 - int bt_sock_register(int proto, struct net_proto_family *ops) 3.1326 - { 3.1327 -- if (proto >= BT_MAX_PROTO) 3.1328 -+ if (proto < 0 || proto >= BT_MAX_PROTO) 3.1329 - return -EINVAL; 3.1330 - 3.1331 - if (bt_proto[proto]) 3.1332 -@@ -77,7 +77,7 @@ 3.1333 - 3.1334 - int bt_sock_unregister(int proto) 3.1335 - { 3.1336 -- if (proto >= BT_MAX_PROTO) 3.1337 -+ if (proto < 0 || proto >= BT_MAX_PROTO) 3.1338 - return -EINVAL; 3.1339 - 3.1340 - if (!bt_proto[proto]) 3.1341 -@@ -92,7 +92,7 @@ 3.1342 - { 3.1343 - int err = 0; 3.1344 - 3.1345 -- if (proto >= BT_MAX_PROTO) 3.1346 -+ if (proto < 0 || proto >= BT_MAX_PROTO) 3.1347 - return -EINVAL; 3.1348 - 3.1349 - #if defined(CONFIG_KMOD) 3.1350 -diff -Nru a/net/ipv4/fib_hash.c b/net/ipv4/fib_hash.c 3.1351 ---- a/net/ipv4/fib_hash.c 2005-04-29 18:34:28 -07:00 3.1352 -+++ b/net/ipv4/fib_hash.c 2005-04-29 18:34:28 -07:00 3.1353 -@@ -919,13 +919,23 @@ 3.1354 - return fa; 3.1355 - } 3.1356 - 3.1357 -+static struct fib_alias *fib_get_idx(struct seq_file *seq, loff_t pos) 3.1358 -+{ 3.1359 -+ struct fib_alias *fa = fib_get_first(seq); 3.1360 -+ 3.1361 -+ if (fa) 3.1362 -+ while (pos && (fa = fib_get_next(seq))) 3.1363 -+ --pos; 3.1364 -+ return pos ? NULL : fa; 3.1365 -+} 3.1366 -+ 3.1367 - static void *fib_seq_start(struct seq_file *seq, loff_t *pos) 3.1368 - { 3.1369 - void *v = NULL; 3.1370 - 3.1371 - read_lock(&fib_hash_lock); 3.1372 - if (ip_fib_main_table) 3.1373 -- v = *pos ? fib_get_next(seq) : SEQ_START_TOKEN; 3.1374 -+ v = *pos ? fib_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 3.1375 - return v; 3.1376 - } 3.1377 - 3.1378 -diff -Nru a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c 3.1379 ---- a/net/ipv4/tcp_input.c 2005-04-29 18:34:28 -07:00 3.1380 -+++ b/net/ipv4/tcp_input.c 2005-04-29 18:34:28 -07:00 3.1381 -@@ -1653,7 +1653,10 @@ 3.1382 - static void tcp_undo_cwr(struct tcp_sock *tp, int undo) 3.1383 - { 3.1384 - if (tp->prior_ssthresh) { 3.1385 -- tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1); 3.1386 -+ if (tcp_is_bic(tp)) 3.1387 -+ tp->snd_cwnd = max(tp->snd_cwnd, tp->bictcp.last_max_cwnd); 3.1388 -+ else 3.1389 -+ tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1); 3.1390 - 3.1391 - if (undo && tp->prior_ssthresh > tp->snd_ssthresh) { 3.1392 - tp->snd_ssthresh = tp->prior_ssthresh; 3.1393 -diff -Nru a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c 3.1394 ---- a/net/ipv4/tcp_timer.c 2005-04-29 18:34:28 -07:00 3.1395 -+++ b/net/ipv4/tcp_timer.c 2005-04-29 18:34:28 -07:00 3.1396 -@@ -38,6 +38,7 @@ 3.1397 - 3.1398 - #ifdef TCP_DEBUG 3.1399 - const char tcp_timer_bug_msg[] = KERN_DEBUG "tcpbug: unknown timer value\n"; 3.1400 -+EXPORT_SYMBOL(tcp_timer_bug_msg); 3.1401 - #endif 3.1402 - 3.1403 - /* 3.1404 -diff -Nru a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c 3.1405 ---- a/net/ipv4/xfrm4_output.c 2005-04-29 18:34:27 -07:00 3.1406 -+++ b/net/ipv4/xfrm4_output.c 2005-04-29 18:34:27 -07:00 3.1407 -@@ -103,16 +103,16 @@ 3.1408 - goto error_nolock; 3.1409 - } 3.1410 - 3.1411 -- spin_lock_bh(&x->lock); 3.1412 -- err = xfrm_state_check(x, skb); 3.1413 -- if (err) 3.1414 -- goto error; 3.1415 -- 3.1416 - if (x->props.mode) { 3.1417 - err = xfrm4_tunnel_check_size(skb); 3.1418 - if (err) 3.1419 -- goto error; 3.1420 -+ goto error_nolock; 3.1421 - } 3.1422 -+ 3.1423 -+ spin_lock_bh(&x->lock); 3.1424 -+ err = xfrm_state_check(x, skb); 3.1425 -+ if (err) 3.1426 -+ goto error; 3.1427 - 3.1428 - xfrm4_encap(skb); 3.1429 - 3.1430 -diff -Nru a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c 3.1431 ---- a/net/ipv6/xfrm6_output.c 2005-04-29 18:34:28 -07:00 3.1432 -+++ b/net/ipv6/xfrm6_output.c 2005-04-29 18:34:28 -07:00 3.1433 -@@ -103,16 +103,16 @@ 3.1434 - goto error_nolock; 3.1435 - } 3.1436 - 3.1437 -- spin_lock_bh(&x->lock); 3.1438 -- err = xfrm_state_check(x, skb); 3.1439 -- if (err) 3.1440 -- goto error; 3.1441 -- 3.1442 - if (x->props.mode) { 3.1443 - err = xfrm6_tunnel_check_size(skb); 3.1444 - if (err) 3.1445 -- goto error; 3.1446 -+ goto error_nolock; 3.1447 - } 3.1448 -+ 3.1449 -+ spin_lock_bh(&x->lock); 3.1450 -+ err = xfrm_state_check(x, skb); 3.1451 -+ if (err) 3.1452 -+ goto error; 3.1453 - 3.1454 - xfrm6_encap(skb); 3.1455 - 3.1456 -diff -Nru a/net/netrom/nr_in.c b/net/netrom/nr_in.c 3.1457 ---- a/net/netrom/nr_in.c 2005-04-29 18:34:27 -07:00 3.1458 -+++ b/net/netrom/nr_in.c 2005-04-29 18:34:27 -07:00 3.1459 -@@ -74,7 +74,6 @@ 3.1460 - static int nr_state1_machine(struct sock *sk, struct sk_buff *skb, 3.1461 - int frametype) 3.1462 - { 3.1463 -- bh_lock_sock(sk); 3.1464 - switch (frametype) { 3.1465 - case NR_CONNACK: { 3.1466 - nr_cb *nr = nr_sk(sk); 3.1467 -@@ -103,8 +102,6 @@ 3.1468 - default: 3.1469 - break; 3.1470 - } 3.1471 -- bh_unlock_sock(sk); 3.1472 -- 3.1473 - return 0; 3.1474 - } 3.1475 - 3.1476 -@@ -116,7 +113,6 @@ 3.1477 - static int nr_state2_machine(struct sock *sk, struct sk_buff *skb, 3.1478 - int frametype) 3.1479 - { 3.1480 -- bh_lock_sock(sk); 3.1481 - switch (frametype) { 3.1482 - case NR_CONNACK | NR_CHOKE_FLAG: 3.1483 - nr_disconnect(sk, ECONNRESET); 3.1484 -@@ -132,8 +128,6 @@ 3.1485 - default: 3.1486 - break; 3.1487 - } 3.1488 -- bh_unlock_sock(sk); 3.1489 -- 3.1490 - return 0; 3.1491 - } 3.1492 - 3.1493 -@@ -154,7 +148,6 @@ 3.1494 - nr = skb->data[18]; 3.1495 - ns = skb->data[17]; 3.1496 - 3.1497 -- bh_lock_sock(sk); 3.1498 - switch (frametype) { 3.1499 - case NR_CONNREQ: 3.1500 - nr_write_internal(sk, NR_CONNACK); 3.1501 -@@ -265,8 +258,6 @@ 3.1502 - default: 3.1503 - break; 3.1504 - } 3.1505 -- bh_unlock_sock(sk); 3.1506 -- 3.1507 - return queued; 3.1508 - } 3.1509 - 3.1510 -diff -Nru a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c 3.1511 ---- a/net/xfrm/xfrm_state.c 2005-04-29 18:34:28 -07:00 3.1512 -+++ b/net/xfrm/xfrm_state.c 2005-04-29 18:34:28 -07:00 3.1513 -@@ -609,7 +609,7 @@ 3.1514 - 3.1515 - for (i = 0; i < XFRM_DST_HSIZE; i++) { 3.1516 - list_for_each_entry(x, xfrm_state_bydst+i, bydst) { 3.1517 -- if (x->km.seq == seq) { 3.1518 -+ if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) { 3.1519 - xfrm_state_hold(x); 3.1520 - return x; 3.1521 - } 3.1522 -diff -Nru a/security/keys/key.c b/security/keys/key.c 3.1523 ---- a/security/keys/key.c 2005-04-29 18:34:28 -07:00 3.1524 -+++ b/security/keys/key.c 2005-04-29 18:34:28 -07:00 3.1525 -@@ -57,9 +57,10 @@ 3.1526 - { 3.1527 - struct key_user *candidate = NULL, *user; 3.1528 - struct rb_node *parent = NULL; 3.1529 -- struct rb_node **p = &key_user_tree.rb_node; 3.1530 -+ struct rb_node **p; 3.1531 - 3.1532 - try_again: 3.1533 -+ p = &key_user_tree.rb_node; 3.1534 - spin_lock(&key_user_lock); 3.1535 - 3.1536 - /* search the tree for a user record with a matching UID */ 3.1537 -diff -Nru a/sound/core/timer.c b/sound/core/timer.c 3.1538 ---- a/sound/core/timer.c 2005-04-29 18:34:28 -07:00 3.1539 -+++ b/sound/core/timer.c 2005-04-29 18:34:28 -07:00 3.1540 -@@ -1117,7 +1117,8 @@ 3.1541 - if (tu->qused >= tu->queue_size) { 3.1542 - tu->overrun++; 3.1543 - } else { 3.1544 -- memcpy(&tu->queue[tu->qtail++], tread, sizeof(*tread)); 3.1545 -+ memcpy(&tu->tqueue[tu->qtail++], tread, sizeof(*tread)); 3.1546 -+ tu->qtail %= tu->queue_size; 3.1547 - tu->qused++; 3.1548 - } 3.1549 - } 3.1550 -@@ -1140,6 +1141,8 @@ 3.1551 - spin_lock(&tu->qlock); 3.1552 - snd_timer_user_append_to_tqueue(tu, &r1); 3.1553 - spin_unlock(&tu->qlock); 3.1554 -+ kill_fasync(&tu->fasync, SIGIO, POLL_IN); 3.1555 -+ wake_up(&tu->qchange_sleep); 3.1556 - } 3.1557 - 3.1558 - static void snd_timer_user_tinterrupt(snd_timer_instance_t *timeri, 3.1559 -diff -Nru a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c 3.1560 ---- a/sound/pci/ac97/ac97_codec.c 2005-04-29 18:34:28 -07:00 3.1561 -+++ b/sound/pci/ac97/ac97_codec.c 2005-04-29 18:34:28 -07:00 3.1562 -@@ -1185,7 +1185,7 @@ 3.1563 - /* 3.1564 - * create mute switch(es) for normal stereo controls 3.1565 - */ 3.1566 --static int snd_ac97_cmute_new(snd_card_t *card, char *name, int reg, ac97_t *ac97) 3.1567 -+static int snd_ac97_cmute_new_stereo(snd_card_t *card, char *name, int reg, int check_stereo, ac97_t *ac97) 3.1568 - { 3.1569 - snd_kcontrol_t *kctl; 3.1570 - int err; 3.1571 -@@ -1196,7 +1196,7 @@ 3.1572 - 3.1573 - mute_mask = 0x8000; 3.1574 - val = snd_ac97_read(ac97, reg); 3.1575 -- if (ac97->flags & AC97_STEREO_MUTES) { 3.1576 -+ if (check_stereo || (ac97->flags & AC97_STEREO_MUTES)) { 3.1577 - /* check whether both mute bits work */ 3.1578 - val1 = val | 0x8080; 3.1579 - snd_ac97_write(ac97, reg, val1); 3.1580 -@@ -1254,7 +1254,7 @@ 3.1581 - /* 3.1582 - * create a mute-switch and a volume for normal stereo/mono controls 3.1583 - */ 3.1584 --static int snd_ac97_cmix_new(snd_card_t *card, const char *pfx, int reg, ac97_t *ac97) 3.1585 -+static int snd_ac97_cmix_new_stereo(snd_card_t *card, const char *pfx, int reg, int check_stereo, ac97_t *ac97) 3.1586 - { 3.1587 - int err; 3.1588 - char name[44]; 3.1589 -@@ -1265,7 +1265,7 @@ 3.1590 - 3.1591 - if (snd_ac97_try_bit(ac97, reg, 15)) { 3.1592 - sprintf(name, "%s Switch", pfx); 3.1593 -- if ((err = snd_ac97_cmute_new(card, name, reg, ac97)) < 0) 3.1594 -+ if ((err = snd_ac97_cmute_new_stereo(card, name, reg, check_stereo, ac97)) < 0) 3.1595 - return err; 3.1596 - } 3.1597 - check_volume_resolution(ac97, reg, &lo_max, &hi_max); 3.1598 -@@ -1277,6 +1277,8 @@ 3.1599 - return 0; 3.1600 - } 3.1601 - 3.1602 -+#define snd_ac97_cmix_new(card, pfx, reg, ac97) snd_ac97_cmix_new_stereo(card, pfx, reg, 0, ac97) 3.1603 -+#define snd_ac97_cmute_new(card, name, reg, ac97) snd_ac97_cmute_new_stereo(card, name, reg, 0, ac97) 3.1604 - 3.1605 - static unsigned int snd_ac97_determine_spdif_rates(ac97_t *ac97); 3.1606 - 3.1607 -@@ -1327,7 +1329,8 @@ 3.1608 - 3.1609 - /* build surround controls */ 3.1610 - if (snd_ac97_try_volume_mix(ac97, AC97_SURROUND_MASTER)) { 3.1611 -- if ((err = snd_ac97_cmix_new(card, "Surround Playback", AC97_SURROUND_MASTER, ac97)) < 0) 3.1612 -+ /* Surround Master (0x38) is with stereo mutes */ 3.1613 -+ if ((err = snd_ac97_cmix_new_stereo(card, "Surround Playback", AC97_SURROUND_MASTER, 1, ac97)) < 0) 3.1614 - return err; 3.1615 - } 3.1616 -
4.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 4.2 +++ b/patches/linux-2.6.11/linux-2.6.11.9.patch Mon May 16 10:36:52 2005 +0000 4.3 @@ -0,0 +1,1692 @@ 4.4 +diff -Nru a/Documentation/SecurityBugs b/Documentation/SecurityBugs 4.5 +--- /dev/null Wed Dec 31 16:00:00 196900 4.6 ++++ b/Documentation/SecurityBugs 2005-05-11 15:43:53 -07:00 4.7 +@@ -0,0 +1,38 @@ 4.8 ++Linux kernel developers take security very seriously. As such, we'd 4.9 ++like to know when a security bug is found so that it can be fixed and 4.10 ++disclosed as quickly as possible. Please report security bugs to the 4.11 ++Linux kernel security team. 4.12 ++ 4.13 ++1) Contact 4.14 ++ 4.15 ++The Linux kernel security team can be contacted by email at 4.16 ++<security@kernel.org>. This is a private list of security officers 4.17 ++who will help verify the bug report and develop and release a fix. 4.18 ++It is possible that the security team will bring in extra help from 4.19 ++area maintainers to understand and fix the security vulnerability. 4.20 ++ 4.21 ++As it is with any bug, the more information provided the easier it 4.22 ++will be to diagnose and fix. Please review the procedure outlined in 4.23 ++REPORTING-BUGS if you are unclear about what information is helpful. 4.24 ++Any exploit code is very helpful and will not be released without 4.25 ++consent from the reporter unless it has already been made public. 4.26 ++ 4.27 ++2) Disclosure 4.28 ++ 4.29 ++The goal of the Linux kernel security team is to work with the 4.30 ++bug submitter to bug resolution as well as disclosure. We prefer 4.31 ++to fully disclose the bug as soon as possible. It is reasonable to 4.32 ++delay disclosure when the bug or the fix is not yet fully understood, 4.33 ++the solution is not well-tested or for vendor coordination. However, we 4.34 ++expect these delays to be short, measurable in days, not weeks or months. 4.35 ++A disclosure date is negotiated by the security team working with the 4.36 ++bug submitter as well as vendors. However, the kernel security team 4.37 ++holds the final say when setting a disclosure date. The timeframe for 4.38 ++disclosure is from immediate (esp. if it's already publically known) 4.39 ++to a few weeks. As a basic default policy, we expect report date to 4.40 ++disclosure date to be on the order of 7 days. 4.41 ++ 4.42 ++3) Non-disclosure agreements 4.43 ++ 4.44 ++The Linux kernel security team is not a formal body and therefore unable 4.45 ++to enter any non-disclosure agreements. 4.46 +diff -Nru a/MAINTAINERS b/MAINTAINERS 4.47 +--- a/MAINTAINERS 2005-05-11 15:43:53 -07:00 4.48 ++++ b/MAINTAINERS 2005-05-11 15:43:53 -07:00 4.49 +@@ -1966,6 +1966,11 @@ 4.50 + W: http://www.weinigel.se 4.51 + S: Supported 4.52 + 4.53 ++SECURITY CONTACT 4.54 ++P: Security Officers 4.55 ++M: security@kernel.org 4.56 ++S: Supported 4.57 ++ 4.58 + SELINUX SECURITY MODULE 4.59 + P: Stephen Smalley 4.60 + M: sds@epoch.ncsc.mil 4.61 +diff -Nru a/Makefile b/Makefile 4.62 +--- a/Makefile 2005-05-11 15:43:53 -07:00 4.63 ++++ b/Makefile 2005-05-11 15:43:53 -07:00 4.64 +@@ -1,8 +1,8 @@ 4.65 + VERSION = 2 4.66 + PATCHLEVEL = 6 4.67 + SUBLEVEL = 11 4.68 +-EXTRAVERSION = 4.69 +-NAME=Woozy Numbat 4.70 ++EXTRAVERSION = .9 4.71 ++NAME=Woozy Beaver 4.72 + 4.73 + # *DOCUMENTATION* 4.74 + # To see a list of typical targets execute "make help" 4.75 +diff -Nru a/REPORTING-BUGS b/REPORTING-BUGS 4.76 +--- a/REPORTING-BUGS 2005-05-11 15:43:53 -07:00 4.77 ++++ b/REPORTING-BUGS 2005-05-11 15:43:53 -07:00 4.78 +@@ -16,6 +16,10 @@ 4.79 + describe how to recreate it. That is worth even more than the oops itself. 4.80 + The list of maintainers is in the MAINTAINERS file in this directory. 4.81 + 4.82 ++ If it is a security bug, please copy the Security Contact listed 4.83 ++in the MAINTAINERS file. They can help coordinate bugfix and disclosure. 4.84 ++See Documentation/SecurityBugs for more infomation. 4.85 ++ 4.86 + If you are totally stumped as to whom to send the report, send it to 4.87 + linux-kernel@vger.kernel.org. (For more information on the linux-kernel 4.88 + mailing list see http://www.tux.org/lkml/). 4.89 +diff -Nru a/arch/ia64/kernel/fsys.S b/arch/ia64/kernel/fsys.S 4.90 +--- a/arch/ia64/kernel/fsys.S 2005-05-11 15:43:53 -07:00 4.91 ++++ b/arch/ia64/kernel/fsys.S 2005-05-11 15:43:53 -07:00 4.92 +@@ -611,8 +611,10 @@ 4.93 + movl r2=ia64_ret_from_syscall 4.94 + ;; 4.95 + mov rp=r2 // set the real return addr 4.96 +- tbit.z p8,p0=r3,TIF_SYSCALL_TRACE 4.97 ++ and r3=_TIF_SYSCALL_TRACEAUDIT,r3 4.98 + ;; 4.99 ++ cmp.eq p8,p0=r3,r0 4.100 ++ 4.101 + (p10) br.cond.spnt.many ia64_ret_from_syscall // p10==true means out registers are more than 8 4.102 + (p8) br.call.sptk.many b6=b6 // ignore this return addr 4.103 + br.cond.sptk ia64_trace_syscall 4.104 +diff -Nru a/arch/ia64/kernel/signal.c b/arch/ia64/kernel/signal.c 4.105 +--- a/arch/ia64/kernel/signal.c 2005-05-11 15:43:53 -07:00 4.106 ++++ b/arch/ia64/kernel/signal.c 2005-05-11 15:43:53 -07:00 4.107 +@@ -224,7 +224,8 @@ 4.108 + * could be corrupted. 4.109 + */ 4.110 + retval = (long) &ia64_leave_kernel; 4.111 +- if (test_thread_flag(TIF_SYSCALL_TRACE)) 4.112 ++ if (test_thread_flag(TIF_SYSCALL_TRACE) 4.113 ++ || test_thread_flag(TIF_SYSCALL_AUDIT)) 4.114 + /* 4.115 + * strace expects to be notified after sigreturn returns even though the 4.116 + * context to which we return may not be in the middle of a syscall. 4.117 +diff -Nru a/arch/ppc/oprofile/op_model_fsl_booke.c b/arch/ppc/oprofile/op_model_fsl_booke.c 4.118 +--- a/arch/ppc/oprofile/op_model_fsl_booke.c 2005-05-11 15:43:53 -07:00 4.119 ++++ b/arch/ppc/oprofile/op_model_fsl_booke.c 2005-05-11 15:43:53 -07:00 4.120 +@@ -150,7 +150,6 @@ 4.121 + int is_kernel; 4.122 + int val; 4.123 + int i; 4.124 +- unsigned int cpu = smp_processor_id(); 4.125 + 4.126 + /* set the PMM bit (see comment below) */ 4.127 + mtmsr(mfmsr() | MSR_PMM); 4.128 +@@ -162,7 +161,7 @@ 4.129 + val = ctr_read(i); 4.130 + if (val < 0) { 4.131 + if (oprofile_running && ctr[i].enabled) { 4.132 +- oprofile_add_sample(pc, is_kernel, i, cpu); 4.133 ++ oprofile_add_pc(pc, is_kernel, i); 4.134 + ctr_write(i, reset_value[i]); 4.135 + } else { 4.136 + ctr_write(i, 0); 4.137 +diff -Nru a/arch/ppc/platforms/4xx/ebony.h b/arch/ppc/platforms/4xx/ebony.h 4.138 +--- a/arch/ppc/platforms/4xx/ebony.h 2005-05-11 15:43:53 -07:00 4.139 ++++ b/arch/ppc/platforms/4xx/ebony.h 2005-05-11 15:43:53 -07:00 4.140 +@@ -61,8 +61,8 @@ 4.141 + */ 4.142 + 4.143 + /* OpenBIOS defined UART mappings, used before early_serial_setup */ 4.144 +-#define UART0_IO_BASE (u8 *) 0xE0000200 4.145 +-#define UART1_IO_BASE (u8 *) 0xE0000300 4.146 ++#define UART0_IO_BASE 0xE0000200 4.147 ++#define UART1_IO_BASE 0xE0000300 4.148 + 4.149 + /* external Epson SG-615P */ 4.150 + #define BASE_BAUD 691200 4.151 +diff -Nru a/arch/ppc/platforms/4xx/luan.h b/arch/ppc/platforms/4xx/luan.h 4.152 +--- a/arch/ppc/platforms/4xx/luan.h 2005-05-11 15:43:53 -07:00 4.153 ++++ b/arch/ppc/platforms/4xx/luan.h 2005-05-11 15:43:53 -07:00 4.154 +@@ -47,9 +47,9 @@ 4.155 + #define RS_TABLE_SIZE 3 4.156 + 4.157 + /* PIBS defined UART mappings, used before early_serial_setup */ 4.158 +-#define UART0_IO_BASE (u8 *) 0xa0000200 4.159 +-#define UART1_IO_BASE (u8 *) 0xa0000300 4.160 +-#define UART2_IO_BASE (u8 *) 0xa0000600 4.161 ++#define UART0_IO_BASE 0xa0000200 4.162 ++#define UART1_IO_BASE 0xa0000300 4.163 ++#define UART2_IO_BASE 0xa0000600 4.164 + 4.165 + #define BASE_BAUD 11059200 4.166 + #define STD_UART_OP(num) \ 4.167 +diff -Nru a/arch/ppc/platforms/4xx/ocotea.h b/arch/ppc/platforms/4xx/ocotea.h 4.168 +--- a/arch/ppc/platforms/4xx/ocotea.h 2005-05-11 15:43:53 -07:00 4.169 ++++ b/arch/ppc/platforms/4xx/ocotea.h 2005-05-11 15:43:53 -07:00 4.170 +@@ -56,8 +56,8 @@ 4.171 + #define RS_TABLE_SIZE 2 4.172 + 4.173 + /* OpenBIOS defined UART mappings, used before early_serial_setup */ 4.174 +-#define UART0_IO_BASE (u8 *) 0xE0000200 4.175 +-#define UART1_IO_BASE (u8 *) 0xE0000300 4.176 ++#define UART0_IO_BASE 0xE0000200 4.177 ++#define UART1_IO_BASE 0xE0000300 4.178 + 4.179 + #define BASE_BAUD 11059200/16 4.180 + #define STD_UART_OP(num) \ 4.181 +diff -Nru a/arch/sparc/kernel/ptrace.c b/arch/sparc/kernel/ptrace.c 4.182 +--- a/arch/sparc/kernel/ptrace.c 2005-05-11 15:43:53 -07:00 4.183 ++++ b/arch/sparc/kernel/ptrace.c 2005-05-11 15:43:53 -07:00 4.184 +@@ -531,18 +531,6 @@ 4.185 + pt_error_return(regs, EIO); 4.186 + goto out_tsk; 4.187 + } 4.188 +- if (addr != 1) { 4.189 +- if (addr & 3) { 4.190 +- pt_error_return(regs, EINVAL); 4.191 +- goto out_tsk; 4.192 +- } 4.193 +-#ifdef DEBUG_PTRACE 4.194 +- printk ("Original: %08lx %08lx\n", child->thread.kregs->pc, child->thread.kregs->npc); 4.195 +- printk ("Continuing with %08lx %08lx\n", addr, addr+4); 4.196 +-#endif 4.197 +- child->thread.kregs->pc = addr; 4.198 +- child->thread.kregs->npc = addr + 4; 4.199 +- } 4.200 + 4.201 + if (request == PTRACE_SYSCALL) 4.202 + set_tsk_thread_flag(child, TIF_SYSCALL_TRACE); 4.203 +diff -Nru a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c 4.204 +--- a/arch/sparc64/kernel/ptrace.c 2005-05-11 15:43:53 -07:00 4.205 ++++ b/arch/sparc64/kernel/ptrace.c 2005-05-11 15:43:53 -07:00 4.206 +@@ -514,25 +514,6 @@ 4.207 + pt_error_return(regs, EIO); 4.208 + goto out_tsk; 4.209 + } 4.210 +- if (addr != 1) { 4.211 +- unsigned long pc_mask = ~0UL; 4.212 +- 4.213 +- if ((child->thread_info->flags & _TIF_32BIT) != 0) 4.214 +- pc_mask = 0xffffffff; 4.215 +- 4.216 +- if (addr & 3) { 4.217 +- pt_error_return(regs, EINVAL); 4.218 +- goto out_tsk; 4.219 +- } 4.220 +-#ifdef DEBUG_PTRACE 4.221 +- printk ("Original: %016lx %016lx\n", 4.222 +- child->thread_info->kregs->tpc, 4.223 +- child->thread_info->kregs->tnpc); 4.224 +- printk ("Continuing with %016lx %016lx\n", addr, addr+4); 4.225 +-#endif 4.226 +- child->thread_info->kregs->tpc = (addr & pc_mask); 4.227 +- child->thread_info->kregs->tnpc = ((addr + 4) & pc_mask); 4.228 +- } 4.229 + 4.230 + if (request == PTRACE_SYSCALL) { 4.231 + set_tsk_thread_flag(child, TIF_SYSCALL_TRACE); 4.232 +diff -Nru a/arch/sparc64/kernel/signal32.c b/arch/sparc64/kernel/signal32.c 4.233 +--- a/arch/sparc64/kernel/signal32.c 2005-05-11 15:43:53 -07:00 4.234 ++++ b/arch/sparc64/kernel/signal32.c 2005-05-11 15:43:53 -07:00 4.235 +@@ -192,9 +192,12 @@ 4.236 + err |= __put_user(from->si_uid, &to->si_uid); 4.237 + break; 4.238 + case __SI_FAULT >> 16: 4.239 +- case __SI_POLL >> 16: 4.240 + err |= __put_user(from->si_trapno, &to->si_trapno); 4.241 + err |= __put_user((unsigned long)from->si_addr, &to->si_addr); 4.242 ++ break; 4.243 ++ case __SI_POLL >> 16: 4.244 ++ err |= __put_user(from->si_band, &to->si_band); 4.245 ++ err |= __put_user(from->si_fd, &to->si_fd); 4.246 + break; 4.247 + case __SI_RT >> 16: /* This is not generated by the kernel as of now. */ 4.248 + case __SI_MESGQ >> 16: 4.249 +diff -Nru a/arch/sparc64/kernel/systbls.S b/arch/sparc64/kernel/systbls.S 4.250 +--- a/arch/sparc64/kernel/systbls.S 2005-05-11 15:43:53 -07:00 4.251 ++++ b/arch/sparc64/kernel/systbls.S 2005-05-11 15:43:53 -07:00 4.252 +@@ -75,7 +75,7 @@ 4.253 + /*260*/ .word compat_sys_sched_getaffinity, compat_sys_sched_setaffinity, sys32_timer_settime, compat_sys_timer_gettime, sys_timer_getoverrun 4.254 + .word sys_timer_delete, sys32_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy 4.255 + /*270*/ .word sys32_io_submit, sys_io_cancel, compat_sys_io_getevents, sys32_mq_open, sys_mq_unlink 4.256 +- .word sys_mq_timedsend, sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid 4.257 ++ .word compat_sys_mq_timedsend, compat_sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid 4.258 + /*280*/ .word sys_ni_syscall, sys_add_key, sys_request_key, sys_keyctl 4.259 + 4.260 + #endif /* CONFIG_COMPAT */ 4.261 +diff -Nru a/arch/um/include/sysdep-i386/syscalls.h b/arch/um/include/sysdep-i386/syscalls.h 4.262 +--- a/arch/um/include/sysdep-i386/syscalls.h 2005-05-11 15:43:53 -07:00 4.263 ++++ b/arch/um/include/sysdep-i386/syscalls.h 2005-05-11 15:43:53 -07:00 4.264 +@@ -23,6 +23,9 @@ 4.265 + unsigned long prot, unsigned long flags, 4.266 + unsigned long fd, unsigned long pgoff); 4.267 + 4.268 ++/* On i386 they choose a meaningless naming.*/ 4.269 ++#define __NR_kexec_load __NR_sys_kexec_load 4.270 ++ 4.271 + #define ARCH_SYSCALLS \ 4.272 + [ __NR_waitpid ] = (syscall_handler_t *) sys_waitpid, \ 4.273 + [ __NR_break ] = (syscall_handler_t *) sys_ni_syscall, \ 4.274 +@@ -101,15 +104,12 @@ 4.275 + [ 223 ] = (syscall_handler_t *) sys_ni_syscall, \ 4.276 + [ __NR_set_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \ 4.277 + [ __NR_get_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \ 4.278 +- [ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, \ 4.279 + [ 251 ] = (syscall_handler_t *) sys_ni_syscall, \ 4.280 +- [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, \ 4.281 +- [ __NR_utimes ] = (syscall_handler_t *) sys_utimes, \ 4.282 +- [ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall, 4.283 +- 4.284 ++ [ 285 ] = (syscall_handler_t *) sys_ni_syscall, 4.285 ++ 4.286 + /* 222 doesn't yet have a name in include/asm-i386/unistd.h */ 4.287 + 4.288 +-#define LAST_ARCH_SYSCALL __NR_vserver 4.289 ++#define LAST_ARCH_SYSCALL 285 4.290 + 4.291 + /* 4.292 + * Overrides for Emacs so that we follow Linus's tabbing style. 4.293 +diff -Nru a/arch/um/include/sysdep-x86_64/syscalls.h b/arch/um/include/sysdep-x86_64/syscalls.h 4.294 +--- a/arch/um/include/sysdep-x86_64/syscalls.h 2005-05-11 15:43:53 -07:00 4.295 ++++ b/arch/um/include/sysdep-x86_64/syscalls.h 2005-05-11 15:43:53 -07:00 4.296 +@@ -71,12 +71,7 @@ 4.297 + [ __NR_iopl ] = (syscall_handler_t *) sys_ni_syscall, \ 4.298 + [ __NR_set_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \ 4.299 + [ __NR_get_thread_area ] = (syscall_handler_t *) sys_ni_syscall, \ 4.300 +- [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, \ 4.301 + [ __NR_semtimedop ] = (syscall_handler_t *) sys_semtimedop, \ 4.302 +- [ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, \ 4.303 +- [ 223 ] = (syscall_handler_t *) sys_ni_syscall, \ 4.304 +- [ __NR_utimes ] = (syscall_handler_t *) sys_utimes, \ 4.305 +- [ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall, \ 4.306 + [ 251 ] = (syscall_handler_t *) sys_ni_syscall, 4.307 + 4.308 + #define LAST_ARCH_SYSCALL 251 4.309 +diff -Nru a/arch/um/kernel/skas/uaccess.c b/arch/um/kernel/skas/uaccess.c 4.310 +--- a/arch/um/kernel/skas/uaccess.c 2005-05-11 15:43:53 -07:00 4.311 ++++ b/arch/um/kernel/skas/uaccess.c 2005-05-11 15:43:53 -07:00 4.312 +@@ -61,7 +61,8 @@ 4.313 + void *arg; 4.314 + int *res; 4.315 + 4.316 +- va_copy(args, *(va_list *)arg_ptr); 4.317 ++ /* Some old gccs recognize __va_copy, but not va_copy */ 4.318 ++ __va_copy(args, *(va_list *)arg_ptr); 4.319 + addr = va_arg(args, unsigned long); 4.320 + len = va_arg(args, int); 4.321 + is_write = va_arg(args, int); 4.322 +diff -Nru a/arch/um/kernel/sys_call_table.c b/arch/um/kernel/sys_call_table.c 4.323 +--- a/arch/um/kernel/sys_call_table.c 2005-05-11 15:43:53 -07:00 4.324 ++++ b/arch/um/kernel/sys_call_table.c 2005-05-11 15:43:53 -07:00 4.325 +@@ -48,7 +48,6 @@ 4.326 + extern syscall_handler_t old_select; 4.327 + extern syscall_handler_t sys_modify_ldt; 4.328 + extern syscall_handler_t sys_rt_sigsuspend; 4.329 +-extern syscall_handler_t sys_vserver; 4.330 + extern syscall_handler_t sys_mbind; 4.331 + extern syscall_handler_t sys_get_mempolicy; 4.332 + extern syscall_handler_t sys_set_mempolicy; 4.333 +@@ -242,6 +241,7 @@ 4.334 + [ __NR_epoll_create ] = (syscall_handler_t *) sys_epoll_create, 4.335 + [ __NR_epoll_ctl ] = (syscall_handler_t *) sys_epoll_ctl, 4.336 + [ __NR_epoll_wait ] = (syscall_handler_t *) sys_epoll_wait, 4.337 ++ [ __NR_remap_file_pages ] = (syscall_handler_t *) sys_remap_file_pages, 4.338 + [ __NR_set_tid_address ] = (syscall_handler_t *) sys_set_tid_address, 4.339 + [ __NR_timer_create ] = (syscall_handler_t *) sys_timer_create, 4.340 + [ __NR_timer_settime ] = (syscall_handler_t *) sys_timer_settime, 4.341 +@@ -252,12 +252,10 @@ 4.342 + [ __NR_clock_gettime ] = (syscall_handler_t *) sys_clock_gettime, 4.343 + [ __NR_clock_getres ] = (syscall_handler_t *) sys_clock_getres, 4.344 + [ __NR_clock_nanosleep ] = (syscall_handler_t *) sys_clock_nanosleep, 4.345 +- [ __NR_statfs64 ] = (syscall_handler_t *) sys_statfs64, 4.346 +- [ __NR_fstatfs64 ] = (syscall_handler_t *) sys_fstatfs64, 4.347 + [ __NR_tgkill ] = (syscall_handler_t *) sys_tgkill, 4.348 + [ __NR_utimes ] = (syscall_handler_t *) sys_utimes, 4.349 +- [ __NR_fadvise64_64 ] = (syscall_handler_t *) sys_fadvise64_64, 4.350 +- [ __NR_vserver ] = (syscall_handler_t *) sys_vserver, 4.351 ++ [ __NR_fadvise64 ] = (syscall_handler_t *) sys_fadvise64, 4.352 ++ [ __NR_vserver ] = (syscall_handler_t *) sys_ni_syscall, 4.353 + [ __NR_mbind ] = (syscall_handler_t *) sys_mbind, 4.354 + [ __NR_get_mempolicy ] = (syscall_handler_t *) sys_get_mempolicy, 4.355 + [ __NR_set_mempolicy ] = (syscall_handler_t *) sys_set_mempolicy, 4.356 +@@ -267,9 +265,8 @@ 4.357 + [ __NR_mq_timedreceive ] = (syscall_handler_t *) sys_mq_timedreceive, 4.358 + [ __NR_mq_notify ] = (syscall_handler_t *) sys_mq_notify, 4.359 + [ __NR_mq_getsetattr ] = (syscall_handler_t *) sys_mq_getsetattr, 4.360 +- [ __NR_sys_kexec_load ] = (syscall_handler_t *) sys_ni_syscall, 4.361 ++ [ __NR_kexec_load ] = (syscall_handler_t *) sys_ni_syscall, 4.362 + [ __NR_waitid ] = (syscall_handler_t *) sys_waitid, 4.363 +- [ 285 ] = (syscall_handler_t *) sys_ni_syscall, 4.364 + [ __NR_add_key ] = (syscall_handler_t *) sys_add_key, 4.365 + [ __NR_request_key ] = (syscall_handler_t *) sys_request_key, 4.366 + [ __NR_keyctl ] = (syscall_handler_t *) sys_keyctl, 4.367 +diff -Nru a/drivers/char/drm/drm_ioctl.c b/drivers/char/drm/drm_ioctl.c 4.368 +--- a/drivers/char/drm/drm_ioctl.c 2005-05-11 15:43:53 -07:00 4.369 ++++ b/drivers/char/drm/drm_ioctl.c 2005-05-11 15:43:53 -07:00 4.370 +@@ -326,6 +326,8 @@ 4.371 + 4.372 + DRM_COPY_FROM_USER_IOCTL(sv, argp, sizeof(sv)); 4.373 + 4.374 ++ memset(&version, 0, sizeof(version)); 4.375 ++ 4.376 + dev->driver->version(&version); 4.377 + retv.drm_di_major = DRM_IF_MAJOR; 4.378 + retv.drm_di_minor = DRM_IF_MINOR; 4.379 +diff -Nru a/drivers/i2c/chips/eeprom.c b/drivers/i2c/chips/eeprom.c 4.380 +--- a/drivers/i2c/chips/eeprom.c 2005-05-11 15:43:53 -07:00 4.381 ++++ b/drivers/i2c/chips/eeprom.c 2005-05-11 15:43:53 -07:00 4.382 +@@ -130,7 +130,8 @@ 4.383 + 4.384 + /* Hide Vaio security settings to regular users (16 first bytes) */ 4.385 + if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) { 4.386 +- int in_row1 = 16 - off; 4.387 ++ size_t in_row1 = 16 - off; 4.388 ++ in_row1 = min(in_row1, count); 4.389 + memset(buf, 0, in_row1); 4.390 + if (count - in_row1 > 0) 4.391 + memcpy(buf + in_row1, &data->data[16], count - in_row1); 4.392 +diff -Nru a/drivers/i2c/chips/it87.c b/drivers/i2c/chips/it87.c 4.393 +--- a/drivers/i2c/chips/it87.c 2005-05-11 15:43:53 -07:00 4.394 ++++ b/drivers/i2c/chips/it87.c 2005-05-11 15:43:53 -07:00 4.395 +@@ -631,7 +631,7 @@ 4.396 + struct it87_data *data = it87_update_device(dev); 4.397 + return sprintf(buf,"%d\n", ALARMS_FROM_REG(data->alarms)); 4.398 + } 4.399 +-static DEVICE_ATTR(alarms, S_IRUGO | S_IWUSR, show_alarms, NULL); 4.400 ++static DEVICE_ATTR(alarms, S_IRUGO, show_alarms, NULL); 4.401 + 4.402 + static ssize_t 4.403 + show_vrm_reg(struct device *dev, char *buf) 4.404 +diff -Nru a/drivers/i2c/chips/via686a.c b/drivers/i2c/chips/via686a.c 4.405 +--- a/drivers/i2c/chips/via686a.c 2005-05-11 15:43:53 -07:00 4.406 ++++ b/drivers/i2c/chips/via686a.c 2005-05-11 15:43:53 -07:00 4.407 +@@ -554,7 +554,7 @@ 4.408 + struct via686a_data *data = via686a_update_device(dev); 4.409 + return sprintf(buf,"%d\n", ALARMS_FROM_REG(data->alarms)); 4.410 + } 4.411 +-static DEVICE_ATTR(alarms, S_IRUGO | S_IWUSR, show_alarms, NULL); 4.412 ++static DEVICE_ATTR(alarms, S_IRUGO, show_alarms, NULL); 4.413 + 4.414 + /* The driver. I choose to use type i2c_driver, as at is identical to both 4.415 + smbus_driver and isa_driver, and clients could be of either kind */ 4.416 +diff -Nru a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h 4.417 +--- a/drivers/input/serio/i8042-x86ia64io.h 2005-05-11 15:43:53 -07:00 4.418 ++++ b/drivers/input/serio/i8042-x86ia64io.h 2005-05-11 15:43:53 -07:00 4.419 +@@ -88,7 +88,7 @@ 4.420 + }; 4.421 + #endif 4.422 + 4.423 +-#ifdef CONFIG_ACPI 4.424 ++#if defined(__ia64__) && defined(CONFIG_ACPI) 4.425 + #include <linux/acpi.h> 4.426 + #include <acpi/acpi_bus.h> 4.427 + 4.428 +@@ -281,7 +281,7 @@ 4.429 + i8042_kbd_irq = I8042_MAP_IRQ(1); 4.430 + i8042_aux_irq = I8042_MAP_IRQ(12); 4.431 + 4.432 +-#ifdef CONFIG_ACPI 4.433 ++#if defined(__ia64__) && defined(CONFIG_ACPI) 4.434 + if (i8042_acpi_init()) 4.435 + return -1; 4.436 + #endif 4.437 +@@ -300,7 +300,7 @@ 4.438 + 4.439 + static inline void i8042_platform_exit(void) 4.440 + { 4.441 +-#ifdef CONFIG_ACPI 4.442 ++#if defined(__ia64__) && defined(CONFIG_ACPI) 4.443 + i8042_acpi_exit(); 4.444 + #endif 4.445 + } 4.446 +diff -Nru a/drivers/md/raid6altivec.uc b/drivers/md/raid6altivec.uc 4.447 +--- a/drivers/md/raid6altivec.uc 2005-05-11 15:43:53 -07:00 4.448 ++++ b/drivers/md/raid6altivec.uc 2005-05-11 15:43:53 -07:00 4.449 +@@ -108,7 +108,11 @@ 4.450 + int raid6_have_altivec(void) 4.451 + { 4.452 + /* This assumes either all CPUs have Altivec or none does */ 4.453 ++#ifdef CONFIG_PPC64 4.454 + return cur_cpu_spec->cpu_features & CPU_FTR_ALTIVEC; 4.455 ++#else 4.456 ++ return cur_cpu_spec[0]->cpu_features & CPU_FTR_ALTIVEC; 4.457 ++#endif 4.458 + } 4.459 + #endif 4.460 + 4.461 +diff -Nru a/drivers/media/video/adv7170.c b/drivers/media/video/adv7170.c 4.462 +--- a/drivers/media/video/adv7170.c 2005-05-11 15:43:53 -07:00 4.463 ++++ b/drivers/media/video/adv7170.c 2005-05-11 15:43:53 -07:00 4.464 +@@ -130,7 +130,7 @@ 4.465 + u8 block_data[32]; 4.466 + 4.467 + msg.addr = client->addr; 4.468 +- msg.flags = client->flags; 4.469 ++ msg.flags = 0; 4.470 + while (len >= 2) { 4.471 + msg.buf = (char *) block_data; 4.472 + msg.len = 0; 4.473 +diff -Nru a/drivers/media/video/adv7175.c b/drivers/media/video/adv7175.c 4.474 +--- a/drivers/media/video/adv7175.c 2005-05-11 15:43:53 -07:00 4.475 ++++ b/drivers/media/video/adv7175.c 2005-05-11 15:43:53 -07:00 4.476 +@@ -126,7 +126,7 @@ 4.477 + u8 block_data[32]; 4.478 + 4.479 + msg.addr = client->addr; 4.480 +- msg.flags = client->flags; 4.481 ++ msg.flags = 0; 4.482 + while (len >= 2) { 4.483 + msg.buf = (char *) block_data; 4.484 + msg.len = 0; 4.485 +diff -Nru a/drivers/media/video/bt819.c b/drivers/media/video/bt819.c 4.486 +--- a/drivers/media/video/bt819.c 2005-05-11 15:43:53 -07:00 4.487 ++++ b/drivers/media/video/bt819.c 2005-05-11 15:43:53 -07:00 4.488 +@@ -146,7 +146,7 @@ 4.489 + u8 block_data[32]; 4.490 + 4.491 + msg.addr = client->addr; 4.492 +- msg.flags = client->flags; 4.493 ++ msg.flags = 0; 4.494 + while (len >= 2) { 4.495 + msg.buf = (char *) block_data; 4.496 + msg.len = 0; 4.497 +diff -Nru a/drivers/media/video/bttv-cards.c b/drivers/media/video/bttv-cards.c 4.498 +--- a/drivers/media/video/bttv-cards.c 2005-05-11 15:43:53 -07:00 4.499 ++++ b/drivers/media/video/bttv-cards.c 2005-05-11 15:43:53 -07:00 4.500 +@@ -2718,8 +2718,6 @@ 4.501 + } 4.502 + btv->pll.pll_current = -1; 4.503 + 4.504 +- bttv_reset_audio(btv); 4.505 +- 4.506 + /* tuner configuration (from card list / autodetect / insmod option) */ 4.507 + if (UNSET != bttv_tvcards[btv->c.type].tuner_type) 4.508 + if(UNSET == btv->tuner_type) 4.509 +diff -Nru a/drivers/media/video/saa7110.c b/drivers/media/video/saa7110.c 4.510 +--- a/drivers/media/video/saa7110.c 2005-05-11 15:43:53 -07:00 4.511 ++++ b/drivers/media/video/saa7110.c 2005-05-11 15:43:53 -07:00 4.512 +@@ -60,8 +60,10 @@ 4.513 + 4.514 + #define I2C_SAA7110 0x9C /* or 0x9E */ 4.515 + 4.516 ++#define SAA7110_NR_REG 0x35 4.517 ++ 4.518 + struct saa7110 { 4.519 +- unsigned char reg[54]; 4.520 ++ u8 reg[SAA7110_NR_REG]; 4.521 + 4.522 + int norm; 4.523 + int input; 4.524 +@@ -95,31 +97,28 @@ 4.525 + unsigned int len) 4.526 + { 4.527 + int ret = -1; 4.528 +- u8 reg = *data++; 4.529 ++ u8 reg = *data; /* first register to write to */ 4.530 + 4.531 +- len--; 4.532 ++ /* Sanity check */ 4.533 ++ if (reg + (len - 1) > SAA7110_NR_REG) 4.534 ++ return ret; 4.535 + 4.536 + /* the saa7110 has an autoincrement function, use it if 4.537 + * the adapter understands raw I2C */ 4.538 + if (i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) { 4.539 + struct saa7110 *decoder = i2c_get_clientdata(client); 4.540 + struct i2c_msg msg; 4.541 +- u8 block_data[54]; 4.542 + 4.543 +- msg.len = 0; 4.544 +- msg.buf = (char *) block_data; 4.545 ++ msg.len = len; 4.546 ++ msg.buf = (char *) data; 4.547 + msg.addr = client->addr; 4.548 +- msg.flags = client->flags; 4.549 +- while (len >= 1) { 4.550 +- msg.len = 0; 4.551 +- block_data[msg.len++] = reg; 4.552 +- while (len-- >= 1 && msg.len < 54) 4.553 +- block_data[msg.len++] = 4.554 +- decoder->reg[reg++] = *data++; 4.555 +- ret = i2c_transfer(client->adapter, &msg, 1); 4.556 +- } 4.557 ++ msg.flags = 0; 4.558 ++ ret = i2c_transfer(client->adapter, &msg, 1); 4.559 ++ 4.560 ++ /* Cache the written data */ 4.561 ++ memcpy(decoder->reg + reg, data + 1, len - 1); 4.562 + } else { 4.563 +- while (len-- >= 1) { 4.564 ++ for (++data, --len; len; len--) { 4.565 + if ((ret = saa7110_write(client, reg++, 4.566 + *data++)) < 0) 4.567 + break; 4.568 +@@ -192,7 +191,7 @@ 4.569 + return 0; 4.570 + } 4.571 + 4.572 +-static const unsigned char initseq[] = { 4.573 ++static const unsigned char initseq[1 + SAA7110_NR_REG] = { 4.574 + 0, 0x4C, 0x3C, 0x0D, 0xEF, 0xBD, 0xF2, 0x03, 0x00, 4.575 + /* 0x08 */ 0xF8, 0xF8, 0x60, 0x60, 0x00, 0x86, 0x18, 0x90, 4.576 + /* 0x10 */ 0x00, 0x59, 0x40, 0x46, 0x42, 0x1A, 0xFF, 0xDA, 4.577 +diff -Nru a/drivers/media/video/saa7114.c b/drivers/media/video/saa7114.c 4.578 +--- a/drivers/media/video/saa7114.c 2005-05-11 15:43:53 -07:00 4.579 ++++ b/drivers/media/video/saa7114.c 2005-05-11 15:43:53 -07:00 4.580 +@@ -163,7 +163,7 @@ 4.581 + u8 block_data[32]; 4.582 + 4.583 + msg.addr = client->addr; 4.584 +- msg.flags = client->flags; 4.585 ++ msg.flags = 0; 4.586 + while (len >= 2) { 4.587 + msg.buf = (char *) block_data; 4.588 + msg.len = 0; 4.589 +diff -Nru a/drivers/media/video/saa7185.c b/drivers/media/video/saa7185.c 4.590 +--- a/drivers/media/video/saa7185.c 2005-05-11 15:43:53 -07:00 4.591 ++++ b/drivers/media/video/saa7185.c 2005-05-11 15:43:53 -07:00 4.592 +@@ -118,7 +118,7 @@ 4.593 + u8 block_data[32]; 4.594 + 4.595 + msg.addr = client->addr; 4.596 +- msg.flags = client->flags; 4.597 ++ msg.flags = 0; 4.598 + while (len >= 2) { 4.599 + msg.buf = (char *) block_data; 4.600 + msg.len = 0; 4.601 +diff -Nru a/drivers/net/amd8111e.c b/drivers/net/amd8111e.c 4.602 +--- a/drivers/net/amd8111e.c 2005-05-11 15:43:53 -07:00 4.603 ++++ b/drivers/net/amd8111e.c 2005-05-11 15:43:53 -07:00 4.604 +@@ -1381,6 +1381,8 @@ 4.605 + 4.606 + if(amd8111e_restart(dev)){ 4.607 + spin_unlock_irq(&lp->lock); 4.608 ++ if (dev->irq) 4.609 ++ free_irq(dev->irq, dev); 4.610 + return -ENOMEM; 4.611 + } 4.612 + /* Start ipg timer */ 4.613 +diff -Nru a/drivers/net/ppp_async.c b/drivers/net/ppp_async.c 4.614 +--- a/drivers/net/ppp_async.c 2005-05-11 15:43:53 -07:00 4.615 ++++ b/drivers/net/ppp_async.c 2005-05-11 15:43:53 -07:00 4.616 +@@ -1000,7 +1000,7 @@ 4.617 + data += 4; 4.618 + dlen -= 4; 4.619 + /* data[0] is code, data[1] is length */ 4.620 +- while (dlen >= 2 && dlen >= data[1]) { 4.621 ++ while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) { 4.622 + switch (data[0]) { 4.623 + case LCP_MRU: 4.624 + val = (data[2] << 8) + data[3]; 4.625 +diff -Nru a/drivers/net/r8169.c b/drivers/net/r8169.c 4.626 +--- a/drivers/net/r8169.c 2005-05-11 15:43:53 -07:00 4.627 ++++ b/drivers/net/r8169.c 2005-05-11 15:43:53 -07:00 4.628 +@@ -1683,16 +1683,19 @@ 4.629 + rtl8169_make_unusable_by_asic(desc); 4.630 + } 4.631 + 4.632 +-static inline void rtl8169_return_to_asic(struct RxDesc *desc, int rx_buf_sz) 4.633 ++static inline void rtl8169_mark_to_asic(struct RxDesc *desc, u32 rx_buf_sz) 4.634 + { 4.635 +- desc->opts1 |= cpu_to_le32(DescOwn + rx_buf_sz); 4.636 ++ u32 eor = le32_to_cpu(desc->opts1) & RingEnd; 4.637 ++ 4.638 ++ desc->opts1 = cpu_to_le32(DescOwn | eor | rx_buf_sz); 4.639 + } 4.640 + 4.641 +-static inline void rtl8169_give_to_asic(struct RxDesc *desc, dma_addr_t mapping, 4.642 +- int rx_buf_sz) 4.643 ++static inline void rtl8169_map_to_asic(struct RxDesc *desc, dma_addr_t mapping, 4.644 ++ u32 rx_buf_sz) 4.645 + { 4.646 + desc->addr = cpu_to_le64(mapping); 4.647 +- desc->opts1 |= cpu_to_le32(DescOwn + rx_buf_sz); 4.648 ++ wmb(); 4.649 ++ rtl8169_mark_to_asic(desc, rx_buf_sz); 4.650 + } 4.651 + 4.652 + static int rtl8169_alloc_rx_skb(struct pci_dev *pdev, struct sk_buff **sk_buff, 4.653 +@@ -1712,7 +1715,7 @@ 4.654 + mapping = pci_map_single(pdev, skb->tail, rx_buf_sz, 4.655 + PCI_DMA_FROMDEVICE); 4.656 + 4.657 +- rtl8169_give_to_asic(desc, mapping, rx_buf_sz); 4.658 ++ rtl8169_map_to_asic(desc, mapping, rx_buf_sz); 4.659 + 4.660 + out: 4.661 + return ret; 4.662 +@@ -2150,7 +2153,7 @@ 4.663 + skb_reserve(skb, NET_IP_ALIGN); 4.664 + eth_copy_and_sum(skb, sk_buff[0]->tail, pkt_size, 0); 4.665 + *sk_buff = skb; 4.666 +- rtl8169_return_to_asic(desc, rx_buf_sz); 4.667 ++ rtl8169_mark_to_asic(desc, rx_buf_sz); 4.668 + ret = 0; 4.669 + } 4.670 + } 4.671 +diff -Nru a/drivers/net/sis900.c b/drivers/net/sis900.c 4.672 +--- a/drivers/net/sis900.c 2005-05-11 15:43:53 -07:00 4.673 ++++ b/drivers/net/sis900.c 2005-05-11 15:43:53 -07:00 4.674 +@@ -236,7 +236,7 @@ 4.675 + signature = (u16) read_eeprom(ioaddr, EEPROMSignature); 4.676 + if (signature == 0xffff || signature == 0x0000) { 4.677 + printk (KERN_INFO "%s: Error EERPOM read %x\n", 4.678 +- net_dev->name, signature); 4.679 ++ pci_name(pci_dev), signature); 4.680 + return 0; 4.681 + } 4.682 + 4.683 +@@ -268,7 +268,7 @@ 4.684 + if (!isa_bridge) 4.685 + isa_bridge = pci_get_device(PCI_VENDOR_ID_SI, 0x0018, isa_bridge); 4.686 + if (!isa_bridge) { 4.687 +- printk("%s: Can not find ISA bridge\n", net_dev->name); 4.688 ++ printk("%s: Can not find ISA bridge\n", pci_name(pci_dev)); 4.689 + return 0; 4.690 + } 4.691 + pci_read_config_byte(isa_bridge, 0x48, ®); 4.692 +@@ -456,10 +456,6 @@ 4.693 + net_dev->tx_timeout = sis900_tx_timeout; 4.694 + net_dev->watchdog_timeo = TX_TIMEOUT; 4.695 + net_dev->ethtool_ops = &sis900_ethtool_ops; 4.696 +- 4.697 +- ret = register_netdev(net_dev); 4.698 +- if (ret) 4.699 +- goto err_unmap_rx; 4.700 + 4.701 + /* Get Mac address according to the chip revision */ 4.702 + pci_read_config_byte(pci_dev, PCI_CLASS_REVISION, &revision); 4.703 +@@ -476,7 +472,7 @@ 4.704 + 4.705 + if (ret == 0) { 4.706 + ret = -ENODEV; 4.707 +- goto err_out_unregister; 4.708 ++ goto err_unmap_rx; 4.709 + } 4.710 + 4.711 + /* 630ET : set the mii access mode as software-mode */ 4.712 +@@ -486,7 +482,7 @@ 4.713 + /* probe for mii transceiver */ 4.714 + if (sis900_mii_probe(net_dev) == 0) { 4.715 + ret = -ENODEV; 4.716 +- goto err_out_unregister; 4.717 ++ goto err_unmap_rx; 4.718 + } 4.719 + 4.720 + /* save our host bridge revision */ 4.721 +@@ -496,6 +492,10 @@ 4.722 + pci_dev_put(dev); 4.723 + } 4.724 + 4.725 ++ ret = register_netdev(net_dev); 4.726 ++ if (ret) 4.727 ++ goto err_unmap_rx; 4.728 ++ 4.729 + /* print some information about our NIC */ 4.730 + printk(KERN_INFO "%s: %s at %#lx, IRQ %d, ", net_dev->name, 4.731 + card_name, ioaddr, net_dev->irq); 4.732 +@@ -505,8 +505,6 @@ 4.733 + 4.734 + return 0; 4.735 + 4.736 +- err_out_unregister: 4.737 +- unregister_netdev(net_dev); 4.738 + err_unmap_rx: 4.739 + pci_free_consistent(pci_dev, RX_TOTAL_SIZE, sis_priv->rx_ring, 4.740 + sis_priv->rx_ring_dma); 4.741 +@@ -533,6 +531,7 @@ 4.742 + static int __init sis900_mii_probe(struct net_device * net_dev) 4.743 + { 4.744 + struct sis900_private * sis_priv = net_dev->priv; 4.745 ++ const char *dev_name = pci_name(sis_priv->pci_dev); 4.746 + u16 poll_bit = MII_STAT_LINK, status = 0; 4.747 + unsigned long timeout = jiffies + 5 * HZ; 4.748 + int phy_addr; 4.749 +@@ -582,21 +581,20 @@ 4.750 + mii_phy->phy_types = 4.751 + (mii_status & (MII_STAT_CAN_TX_FDX | MII_STAT_CAN_TX)) ? LAN : HOME; 4.752 + printk(KERN_INFO "%s: %s transceiver found at address %d.\n", 4.753 +- net_dev->name, mii_chip_table[i].name, 4.754 ++ dev_name, mii_chip_table[i].name, 4.755 + phy_addr); 4.756 + break; 4.757 + } 4.758 + 4.759 + if( !mii_chip_table[i].phy_id1 ) { 4.760 + printk(KERN_INFO "%s: Unknown PHY transceiver found at address %d.\n", 4.761 +- net_dev->name, phy_addr); 4.762 ++ dev_name, phy_addr); 4.763 + mii_phy->phy_types = UNKNOWN; 4.764 + } 4.765 + } 4.766 + 4.767 + if (sis_priv->mii == NULL) { 4.768 +- printk(KERN_INFO "%s: No MII transceivers found!\n", 4.769 +- net_dev->name); 4.770 ++ printk(KERN_INFO "%s: No MII transceivers found!\n", dev_name); 4.771 + return 0; 4.772 + } 4.773 + 4.774 +@@ -621,7 +619,7 @@ 4.775 + poll_bit ^= (mdio_read(net_dev, sis_priv->cur_phy, MII_STATUS) & poll_bit); 4.776 + if (time_after_eq(jiffies, timeout)) { 4.777 + printk(KERN_WARNING "%s: reset phy and link down now\n", 4.778 +- net_dev->name); 4.779 ++ dev_name); 4.780 + return -ETIME; 4.781 + } 4.782 + } 4.783 +@@ -691,7 +689,7 @@ 4.784 + sis_priv->mii = default_phy; 4.785 + sis_priv->cur_phy = default_phy->phy_addr; 4.786 + printk(KERN_INFO "%s: Using transceiver found at address %d as default\n", 4.787 +- net_dev->name,sis_priv->cur_phy); 4.788 ++ pci_name(sis_priv->pci_dev), sis_priv->cur_phy); 4.789 + } 4.790 + 4.791 + status = mdio_read(net_dev, sis_priv->cur_phy, MII_CONTROL); 4.792 +diff -Nru a/drivers/net/tun.c b/drivers/net/tun.c 4.793 +--- a/drivers/net/tun.c 2005-05-11 15:43:53 -07:00 4.794 ++++ b/drivers/net/tun.c 2005-05-11 15:43:53 -07:00 4.795 +@@ -229,7 +229,7 @@ 4.796 + size_t len = count; 4.797 + 4.798 + if (!(tun->flags & TUN_NO_PI)) { 4.799 +- if ((len -= sizeof(pi)) > len) 4.800 ++ if ((len -= sizeof(pi)) > count) 4.801 + return -EINVAL; 4.802 + 4.803 + if(memcpy_fromiovec((void *)&pi, iv, sizeof(pi))) 4.804 +diff -Nru a/drivers/net/via-rhine.c b/drivers/net/via-rhine.c 4.805 +--- a/drivers/net/via-rhine.c 2005-05-11 15:43:53 -07:00 4.806 ++++ b/drivers/net/via-rhine.c 2005-05-11 15:43:53 -07:00 4.807 +@@ -1197,8 +1197,10 @@ 4.808 + dev->name, rp->pdev->irq); 4.809 + 4.810 + rc = alloc_ring(dev); 4.811 +- if (rc) 4.812 ++ if (rc) { 4.813 ++ free_irq(rp->pdev->irq, dev); 4.814 + return rc; 4.815 ++ } 4.816 + alloc_rbufs(dev); 4.817 + alloc_tbufs(dev); 4.818 + rhine_chip_reset(dev); 4.819 +@@ -1898,6 +1900,9 @@ 4.820 + struct net_device *dev = pci_get_drvdata(pdev); 4.821 + struct rhine_private *rp = netdev_priv(dev); 4.822 + void __iomem *ioaddr = rp->base; 4.823 ++ 4.824 ++ if (!(rp->quirks & rqWOL)) 4.825 ++ return; /* Nothing to do for non-WOL adapters */ 4.826 + 4.827 + rhine_power_init(dev); 4.828 + 4.829 +diff -Nru a/drivers/net/wan/hd6457x.c b/drivers/net/wan/hd6457x.c 4.830 +--- a/drivers/net/wan/hd6457x.c 2005-05-11 15:43:53 -07:00 4.831 ++++ b/drivers/net/wan/hd6457x.c 2005-05-11 15:43:53 -07:00 4.832 +@@ -315,7 +315,7 @@ 4.833 + #endif 4.834 + stats->rx_packets++; 4.835 + stats->rx_bytes += skb->len; 4.836 +- skb->dev->last_rx = jiffies; 4.837 ++ dev->last_rx = jiffies; 4.838 + skb->protocol = hdlc_type_trans(skb, dev); 4.839 + netif_rx(skb); 4.840 + } 4.841 +diff -Nru a/drivers/pci/hotplug/pciehp_ctrl.c b/drivers/pci/hotplug/pciehp_ctrl.c 4.842 +--- a/drivers/pci/hotplug/pciehp_ctrl.c 2005-05-11 15:43:53 -07:00 4.843 ++++ b/drivers/pci/hotplug/pciehp_ctrl.c 2005-05-11 15:43:53 -07:00 4.844 +@@ -1354,10 +1354,11 @@ 4.845 + dbg("PCI Bridge Hot-Remove s:b:d:f(%02x:%02x:%02x:%02x)\n", 4.846 + ctrl->seg, func->bus, func->device, func->function); 4.847 + bridge_slot_remove(func); 4.848 +- } else 4.849 ++ } else { 4.850 + dbg("PCI Function Hot-Remove s:b:d:f(%02x:%02x:%02x:%02x)\n", 4.851 + ctrl->seg, func->bus, func->device, func->function); 4.852 + slot_remove(func); 4.853 ++ } 4.854 + 4.855 + func = pciehp_slot_find(ctrl->slot_bus, device, 0); 4.856 + } 4.857 +diff -Nru a/fs/binfmt_elf.c b/fs/binfmt_elf.c 4.858 +--- a/fs/binfmt_elf.c 2005-05-11 15:43:53 -07:00 4.859 ++++ b/fs/binfmt_elf.c 2005-05-11 15:43:53 -07:00 4.860 +@@ -257,7 +257,7 @@ 4.861 + } 4.862 + 4.863 + /* Populate argv and envp */ 4.864 +- p = current->mm->arg_start; 4.865 ++ p = current->mm->arg_end = current->mm->arg_start; 4.866 + while (argc-- > 0) { 4.867 + size_t len; 4.868 + __put_user((elf_addr_t)p, argv++); 4.869 +@@ -1008,6 +1008,7 @@ 4.870 + static int load_elf_library(struct file *file) 4.871 + { 4.872 + struct elf_phdr *elf_phdata; 4.873 ++ struct elf_phdr *eppnt; 4.874 + unsigned long elf_bss, bss, len; 4.875 + int retval, error, i, j; 4.876 + struct elfhdr elf_ex; 4.877 +@@ -1031,44 +1032,47 @@ 4.878 + /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */ 4.879 + 4.880 + error = -ENOMEM; 4.881 +- elf_phdata = (struct elf_phdr *) kmalloc(j, GFP_KERNEL); 4.882 ++ elf_phdata = kmalloc(j, GFP_KERNEL); 4.883 + if (!elf_phdata) 4.884 + goto out; 4.885 + 4.886 ++ eppnt = elf_phdata; 4.887 + error = -ENOEXEC; 4.888 +- retval = kernel_read(file, elf_ex.e_phoff, (char *) elf_phdata, j); 4.889 ++ retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j); 4.890 + if (retval != j) 4.891 + goto out_free_ph; 4.892 + 4.893 + for (j = 0, i = 0; i<elf_ex.e_phnum; i++) 4.894 +- if ((elf_phdata + i)->p_type == PT_LOAD) j++; 4.895 ++ if ((eppnt + i)->p_type == PT_LOAD) 4.896 ++ j++; 4.897 + if (j != 1) 4.898 + goto out_free_ph; 4.899 + 4.900 +- while (elf_phdata->p_type != PT_LOAD) elf_phdata++; 4.901 ++ while (eppnt->p_type != PT_LOAD) 4.902 ++ eppnt++; 4.903 + 4.904 + /* Now use mmap to map the library into memory. */ 4.905 + down_write(¤t->mm->mmap_sem); 4.906 + error = do_mmap(file, 4.907 +- ELF_PAGESTART(elf_phdata->p_vaddr), 4.908 +- (elf_phdata->p_filesz + 4.909 +- ELF_PAGEOFFSET(elf_phdata->p_vaddr)), 4.910 ++ ELF_PAGESTART(eppnt->p_vaddr), 4.911 ++ (eppnt->p_filesz + 4.912 ++ ELF_PAGEOFFSET(eppnt->p_vaddr)), 4.913 + PROT_READ | PROT_WRITE | PROT_EXEC, 4.914 + MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE, 4.915 +- (elf_phdata->p_offset - 4.916 +- ELF_PAGEOFFSET(elf_phdata->p_vaddr))); 4.917 ++ (eppnt->p_offset - 4.918 ++ ELF_PAGEOFFSET(eppnt->p_vaddr))); 4.919 + up_write(¤t->mm->mmap_sem); 4.920 +- if (error != ELF_PAGESTART(elf_phdata->p_vaddr)) 4.921 ++ if (error != ELF_PAGESTART(eppnt->p_vaddr)) 4.922 + goto out_free_ph; 4.923 + 4.924 +- elf_bss = elf_phdata->p_vaddr + elf_phdata->p_filesz; 4.925 ++ elf_bss = eppnt->p_vaddr + eppnt->p_filesz; 4.926 + if (padzero(elf_bss)) { 4.927 + error = -EFAULT; 4.928 + goto out_free_ph; 4.929 + } 4.930 + 4.931 +- len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1); 4.932 +- bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; 4.933 ++ len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + ELF_MIN_ALIGN - 1); 4.934 ++ bss = eppnt->p_memsz + eppnt->p_vaddr; 4.935 + if (bss > len) { 4.936 + down_write(¤t->mm->mmap_sem); 4.937 + do_brk(len, bss - len); 4.938 +@@ -1275,7 +1279,7 @@ 4.939 + static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, 4.940 + struct mm_struct *mm) 4.941 + { 4.942 +- int i, len; 4.943 ++ unsigned int i, len; 4.944 + 4.945 + /* first copy the parameters from user space */ 4.946 + memset(psinfo, 0, sizeof(struct elf_prpsinfo)); 4.947 +diff -Nru a/fs/cramfs/inode.c b/fs/cramfs/inode.c 4.948 +--- a/fs/cramfs/inode.c 2005-05-11 15:43:53 -07:00 4.949 ++++ b/fs/cramfs/inode.c 2005-05-11 15:43:53 -07:00 4.950 +@@ -70,6 +70,7 @@ 4.951 + inode->i_data.a_ops = &cramfs_aops; 4.952 + } else { 4.953 + inode->i_size = 0; 4.954 ++ inode->i_blocks = 0; 4.955 + init_special_inode(inode, inode->i_mode, 4.956 + old_decode_dev(cramfs_inode->size)); 4.957 + } 4.958 +diff -Nru a/fs/eventpoll.c b/fs/eventpoll.c 4.959 +--- a/fs/eventpoll.c 2005-05-11 15:43:53 -07:00 4.960 ++++ b/fs/eventpoll.c 2005-05-11 15:43:53 -07:00 4.961 +@@ -619,6 +619,7 @@ 4.962 + return error; 4.963 + } 4.964 + 4.965 ++#define MAX_EVENTS (INT_MAX / sizeof(struct epoll_event)) 4.966 + 4.967 + /* 4.968 + * Implement the event wait interface for the eventpoll file. It is the kernel 4.969 +@@ -635,7 +636,7 @@ 4.970 + current, epfd, events, maxevents, timeout)); 4.971 + 4.972 + /* The maximum number of event must be greater than zero */ 4.973 +- if (maxevents <= 0) 4.974 ++ if (maxevents <= 0 || maxevents > MAX_EVENTS) 4.975 + return -EINVAL; 4.976 + 4.977 + /* Verify that the area passed by the user is writeable */ 4.978 +diff -Nru a/fs/exec.c b/fs/exec.c 4.979 +--- a/fs/exec.c 2005-05-11 15:43:53 -07:00 4.980 ++++ b/fs/exec.c 2005-05-11 15:43:53 -07:00 4.981 +@@ -814,7 +814,7 @@ 4.982 + { 4.983 + /* buf must be at least sizeof(tsk->comm) in size */ 4.984 + task_lock(tsk); 4.985 +- memcpy(buf, tsk->comm, sizeof(tsk->comm)); 4.986 ++ strncpy(buf, tsk->comm, sizeof(tsk->comm)); 4.987 + task_unlock(tsk); 4.988 + } 4.989 + 4.990 +diff -Nru a/fs/ext2/dir.c b/fs/ext2/dir.c 4.991 +--- a/fs/ext2/dir.c 2005-05-11 15:43:53 -07:00 4.992 ++++ b/fs/ext2/dir.c 2005-05-11 15:43:53 -07:00 4.993 +@@ -592,6 +592,7 @@ 4.994 + goto fail; 4.995 + } 4.996 + kaddr = kmap_atomic(page, KM_USER0); 4.997 ++ memset(kaddr, 0, chunk_size); 4.998 + de = (struct ext2_dir_entry_2 *)kaddr; 4.999 + de->name_len = 1; 4.1000 + de->rec_len = cpu_to_le16(EXT2_DIR_REC_LEN(1)); 4.1001 +diff -Nru a/fs/isofs/inode.c b/fs/isofs/inode.c 4.1002 +--- a/fs/isofs/inode.c 2005-05-11 15:43:53 -07:00 4.1003 ++++ b/fs/isofs/inode.c 2005-05-11 15:43:53 -07:00 4.1004 +@@ -685,6 +685,8 @@ 4.1005 + sbi->s_log_zone_size = isonum_723 (h_pri->logical_block_size); 4.1006 + sbi->s_max_size = isonum_733(h_pri->volume_space_size); 4.1007 + } else { 4.1008 ++ if (!pri) 4.1009 ++ goto out_freebh; 4.1010 + rootp = (struct iso_directory_record *) pri->root_directory_record; 4.1011 + sbi->s_nzones = isonum_733 (pri->volume_space_size); 4.1012 + sbi->s_log_zone_size = isonum_723 (pri->logical_block_size); 4.1013 +@@ -1394,6 +1396,9 @@ 4.1014 + unsigned long hashval; 4.1015 + struct inode *inode; 4.1016 + struct isofs_iget5_callback_data data; 4.1017 ++ 4.1018 ++ if (offset >= 1ul << sb->s_blocksize_bits) 4.1019 ++ return NULL; 4.1020 + 4.1021 + data.block = block; 4.1022 + data.offset = offset; 4.1023 +diff -Nru a/fs/isofs/rock.c b/fs/isofs/rock.c 4.1024 +--- a/fs/isofs/rock.c 2005-05-11 15:43:53 -07:00 4.1025 ++++ b/fs/isofs/rock.c 2005-05-11 15:43:53 -07:00 4.1026 +@@ -53,6 +53,7 @@ 4.1027 + if(LEN & 1) LEN++; \ 4.1028 + CHR = ((unsigned char *) DE) + LEN; \ 4.1029 + LEN = *((unsigned char *) DE) - LEN; \ 4.1030 ++ if (LEN<0) LEN=0; \ 4.1031 + if (ISOFS_SB(inode->i_sb)->s_rock_offset!=-1) \ 4.1032 + { \ 4.1033 + LEN-=ISOFS_SB(inode->i_sb)->s_rock_offset; \ 4.1034 +@@ -73,6 +74,10 @@ 4.1035 + offset1 = 0; \ 4.1036 + pbh = sb_bread(DEV->i_sb, block); \ 4.1037 + if(pbh){ \ 4.1038 ++ if (offset > pbh->b_size || offset + cont_size > pbh->b_size){ \ 4.1039 ++ brelse(pbh); \ 4.1040 ++ goto out; \ 4.1041 ++ } \ 4.1042 + memcpy(buffer + offset1, pbh->b_data + offset, cont_size - offset1); \ 4.1043 + brelse(pbh); \ 4.1044 + chr = (unsigned char *) buffer; \ 4.1045 +@@ -103,12 +108,13 @@ 4.1046 + struct rock_ridge * rr; 4.1047 + int sig; 4.1048 + 4.1049 +- while (len > 1){ /* There may be one byte for padding somewhere */ 4.1050 ++ while (len > 2){ /* There may be one byte for padding somewhere */ 4.1051 + rr = (struct rock_ridge *) chr; 4.1052 +- if (rr->len == 0) goto out; /* Something got screwed up here */ 4.1053 ++ if (rr->len < 3) goto out; /* Something got screwed up here */ 4.1054 + sig = isonum_721(chr); 4.1055 + chr += rr->len; 4.1056 + len -= rr->len; 4.1057 ++ if (len < 0) goto out; /* corrupted isofs */ 4.1058 + 4.1059 + switch(sig){ 4.1060 + case SIG('R','R'): 4.1061 +@@ -122,6 +128,7 @@ 4.1062 + break; 4.1063 + case SIG('N','M'): 4.1064 + if (truncate) break; 4.1065 ++ if (rr->len < 5) break; 4.1066 + /* 4.1067 + * If the flags are 2 or 4, this indicates '.' or '..'. 4.1068 + * We don't want to do anything with this, because it 4.1069 +@@ -186,12 +193,13 @@ 4.1070 + struct rock_ridge * rr; 4.1071 + int rootflag; 4.1072 + 4.1073 +- while (len > 1){ /* There may be one byte for padding somewhere */ 4.1074 ++ while (len > 2){ /* There may be one byte for padding somewhere */ 4.1075 + rr = (struct rock_ridge *) chr; 4.1076 +- if (rr->len == 0) goto out; /* Something got screwed up here */ 4.1077 ++ if (rr->len < 3) goto out; /* Something got screwed up here */ 4.1078 + sig = isonum_721(chr); 4.1079 + chr += rr->len; 4.1080 + len -= rr->len; 4.1081 ++ if (len < 0) goto out; /* corrupted isofs */ 4.1082 + 4.1083 + switch(sig){ 4.1084 + #ifndef CONFIG_ZISOFS /* No flag for SF or ZF */ 4.1085 +@@ -462,7 +470,7 @@ 4.1086 + struct rock_ridge *rr; 4.1087 + 4.1088 + if (!ISOFS_SB(inode->i_sb)->s_rock) 4.1089 +- panic ("Cannot have symlink with high sierra variant of iso filesystem\n"); 4.1090 ++ goto error; 4.1091 + 4.1092 + block = ei->i_iget5_block; 4.1093 + lock_kernel(); 4.1094 +@@ -487,13 +495,15 @@ 4.1095 + SETUP_ROCK_RIDGE(raw_inode, chr, len); 4.1096 + 4.1097 + repeat: 4.1098 +- while (len > 1) { /* There may be one byte for padding somewhere */ 4.1099 ++ while (len > 2) { /* There may be one byte for padding somewhere */ 4.1100 + rr = (struct rock_ridge *) chr; 4.1101 +- if (rr->len == 0) 4.1102 ++ if (rr->len < 3) 4.1103 + goto out; /* Something got screwed up here */ 4.1104 + sig = isonum_721(chr); 4.1105 + chr += rr->len; 4.1106 + len -= rr->len; 4.1107 ++ if (len < 0) 4.1108 ++ goto out; /* corrupted isofs */ 4.1109 + 4.1110 + switch (sig) { 4.1111 + case SIG('R', 'R'): 4.1112 +@@ -543,6 +553,7 @@ 4.1113 + fail: 4.1114 + brelse(bh); 4.1115 + unlock_kernel(); 4.1116 ++ error: 4.1117 + SetPageError(page); 4.1118 + kunmap(page); 4.1119 + unlock_page(page); 4.1120 +diff -Nru a/fs/jbd/transaction.c b/fs/jbd/transaction.c 4.1121 +--- a/fs/jbd/transaction.c 2005-05-11 15:43:53 -07:00 4.1122 ++++ b/fs/jbd/transaction.c 2005-05-11 15:43:53 -07:00 4.1123 +@@ -1775,10 +1775,10 @@ 4.1124 + JBUFFER_TRACE(jh, "checkpointed: add to BJ_Forget"); 4.1125 + ret = __dispose_buffer(jh, 4.1126 + journal->j_running_transaction); 4.1127 ++ journal_put_journal_head(jh); 4.1128 + spin_unlock(&journal->j_list_lock); 4.1129 + jbd_unlock_bh_state(bh); 4.1130 + spin_unlock(&journal->j_state_lock); 4.1131 +- journal_put_journal_head(jh); 4.1132 + return ret; 4.1133 + } else { 4.1134 + /* There is no currently-running transaction. So the 4.1135 +@@ -1789,10 +1789,10 @@ 4.1136 + JBUFFER_TRACE(jh, "give to committing trans"); 4.1137 + ret = __dispose_buffer(jh, 4.1138 + journal->j_committing_transaction); 4.1139 ++ journal_put_journal_head(jh); 4.1140 + spin_unlock(&journal->j_list_lock); 4.1141 + jbd_unlock_bh_state(bh); 4.1142 + spin_unlock(&journal->j_state_lock); 4.1143 +- journal_put_journal_head(jh); 4.1144 + return ret; 4.1145 + } else { 4.1146 + /* The orphan record's transaction has 4.1147 +@@ -1813,10 +1813,10 @@ 4.1148 + journal->j_running_transaction); 4.1149 + jh->b_next_transaction = NULL; 4.1150 + } 4.1151 ++ journal_put_journal_head(jh); 4.1152 + spin_unlock(&journal->j_list_lock); 4.1153 + jbd_unlock_bh_state(bh); 4.1154 + spin_unlock(&journal->j_state_lock); 4.1155 +- journal_put_journal_head(jh); 4.1156 + return 0; 4.1157 + } else { 4.1158 + /* Good, the buffer belongs to the running transaction. 4.1159 +diff -Nru a/kernel/exit.c b/kernel/exit.c 4.1160 +--- a/kernel/exit.c 2005-05-11 15:43:53 -07:00 4.1161 ++++ b/kernel/exit.c 2005-05-11 15:43:53 -07:00 4.1162 +@@ -516,8 +516,6 @@ 4.1163 + */ 4.1164 + BUG_ON(p == reaper || reaper->exit_state >= EXIT_ZOMBIE); 4.1165 + p->real_parent = reaper; 4.1166 +- if (p->parent == p->real_parent) 4.1167 +- BUG(); 4.1168 + } 4.1169 + 4.1170 + static inline void reparent_thread(task_t *p, task_t *father, int traced) 4.1171 +diff -Nru a/kernel/signal.c b/kernel/signal.c 4.1172 +--- a/kernel/signal.c 2005-05-11 15:43:53 -07:00 4.1173 ++++ b/kernel/signal.c 2005-05-11 15:43:53 -07:00 4.1174 +@@ -1728,6 +1728,7 @@ 4.1175 + * with another processor delivering a stop signal, 4.1176 + * then the SIGCONT that wakes us up should clear it. 4.1177 + */ 4.1178 ++ read_unlock(&tasklist_lock); 4.1179 + return 0; 4.1180 + } 4.1181 + 4.1182 +diff -Nru a/lib/rwsem-spinlock.c b/lib/rwsem-spinlock.c 4.1183 +--- a/lib/rwsem-spinlock.c 2005-05-11 15:43:53 -07:00 4.1184 ++++ b/lib/rwsem-spinlock.c 2005-05-11 15:43:53 -07:00 4.1185 +@@ -140,12 +140,12 @@ 4.1186 + 4.1187 + rwsemtrace(sem, "Entering __down_read"); 4.1188 + 4.1189 +- spin_lock(&sem->wait_lock); 4.1190 ++ spin_lock_irq(&sem->wait_lock); 4.1191 + 4.1192 + if (sem->activity >= 0 && list_empty(&sem->wait_list)) { 4.1193 + /* granted */ 4.1194 + sem->activity++; 4.1195 +- spin_unlock(&sem->wait_lock); 4.1196 ++ spin_unlock_irq(&sem->wait_lock); 4.1197 + goto out; 4.1198 + } 4.1199 + 4.1200 +@@ -160,7 +160,7 @@ 4.1201 + list_add_tail(&waiter.list, &sem->wait_list); 4.1202 + 4.1203 + /* we don't need to touch the semaphore struct anymore */ 4.1204 +- spin_unlock(&sem->wait_lock); 4.1205 ++ spin_unlock_irq(&sem->wait_lock); 4.1206 + 4.1207 + /* wait to be given the lock */ 4.1208 + for (;;) { 4.1209 +@@ -181,10 +181,12 @@ 4.1210 + */ 4.1211 + int fastcall __down_read_trylock(struct rw_semaphore *sem) 4.1212 + { 4.1213 ++ unsigned long flags; 4.1214 + int ret = 0; 4.1215 ++ 4.1216 + rwsemtrace(sem, "Entering __down_read_trylock"); 4.1217 + 4.1218 +- spin_lock(&sem->wait_lock); 4.1219 ++ spin_lock_irqsave(&sem->wait_lock, flags); 4.1220 + 4.1221 + if (sem->activity >= 0 && list_empty(&sem->wait_list)) { 4.1222 + /* granted */ 4.1223 +@@ -192,7 +194,7 @@ 4.1224 + ret = 1; 4.1225 + } 4.1226 + 4.1227 +- spin_unlock(&sem->wait_lock); 4.1228 ++ spin_unlock_irqrestore(&sem->wait_lock, flags); 4.1229 + 4.1230 + rwsemtrace(sem, "Leaving __down_read_trylock"); 4.1231 + return ret; 4.1232 +@@ -209,12 +211,12 @@ 4.1233 + 4.1234 + rwsemtrace(sem, "Entering __down_write"); 4.1235 + 4.1236 +- spin_lock(&sem->wait_lock); 4.1237 ++ spin_lock_irq(&sem->wait_lock); 4.1238 + 4.1239 + if (sem->activity == 0 && list_empty(&sem->wait_list)) { 4.1240 + /* granted */ 4.1241 + sem->activity = -1; 4.1242 +- spin_unlock(&sem->wait_lock); 4.1243 ++ spin_unlock_irq(&sem->wait_lock); 4.1244 + goto out; 4.1245 + } 4.1246 + 4.1247 +@@ -229,7 +231,7 @@ 4.1248 + list_add_tail(&waiter.list, &sem->wait_list); 4.1249 + 4.1250 + /* we don't need to touch the semaphore struct anymore */ 4.1251 +- spin_unlock(&sem->wait_lock); 4.1252 ++ spin_unlock_irq(&sem->wait_lock); 4.1253 + 4.1254 + /* wait to be given the lock */ 4.1255 + for (;;) { 4.1256 +@@ -250,10 +252,12 @@ 4.1257 + */ 4.1258 + int fastcall __down_write_trylock(struct rw_semaphore *sem) 4.1259 + { 4.1260 ++ unsigned long flags; 4.1261 + int ret = 0; 4.1262 ++ 4.1263 + rwsemtrace(sem, "Entering __down_write_trylock"); 4.1264 + 4.1265 +- spin_lock(&sem->wait_lock); 4.1266 ++ spin_lock_irqsave(&sem->wait_lock, flags); 4.1267 + 4.1268 + if (sem->activity == 0 && list_empty(&sem->wait_list)) { 4.1269 + /* granted */ 4.1270 +@@ -261,7 +265,7 @@ 4.1271 + ret = 1; 4.1272 + } 4.1273 + 4.1274 +- spin_unlock(&sem->wait_lock); 4.1275 ++ spin_unlock_irqrestore(&sem->wait_lock, flags); 4.1276 + 4.1277 + rwsemtrace(sem, "Leaving __down_write_trylock"); 4.1278 + return ret; 4.1279 +@@ -272,14 +276,16 @@ 4.1280 + */ 4.1281 + void fastcall __up_read(struct rw_semaphore *sem) 4.1282 + { 4.1283 ++ unsigned long flags; 4.1284 ++ 4.1285 + rwsemtrace(sem, "Entering __up_read"); 4.1286 + 4.1287 +- spin_lock(&sem->wait_lock); 4.1288 ++ spin_lock_irqsave(&sem->wait_lock, flags); 4.1289 + 4.1290 + if (--sem->activity == 0 && !list_empty(&sem->wait_list)) 4.1291 + sem = __rwsem_wake_one_writer(sem); 4.1292 + 4.1293 +- spin_unlock(&sem->wait_lock); 4.1294 ++ spin_unlock_irqrestore(&sem->wait_lock, flags); 4.1295 + 4.1296 + rwsemtrace(sem, "Leaving __up_read"); 4.1297 + } 4.1298 +@@ -289,15 +295,17 @@ 4.1299 + */ 4.1300 + void fastcall __up_write(struct rw_semaphore *sem) 4.1301 + { 4.1302 ++ unsigned long flags; 4.1303 ++ 4.1304 + rwsemtrace(sem, "Entering __up_write"); 4.1305 + 4.1306 +- spin_lock(&sem->wait_lock); 4.1307 ++ spin_lock_irqsave(&sem->wait_lock, flags); 4.1308 + 4.1309 + sem->activity = 0; 4.1310 + if (!list_empty(&sem->wait_list)) 4.1311 + sem = __rwsem_do_wake(sem, 1); 4.1312 + 4.1313 +- spin_unlock(&sem->wait_lock); 4.1314 ++ spin_unlock_irqrestore(&sem->wait_lock, flags); 4.1315 + 4.1316 + rwsemtrace(sem, "Leaving __up_write"); 4.1317 + } 4.1318 +@@ -308,15 +316,17 @@ 4.1319 + */ 4.1320 + void fastcall __downgrade_write(struct rw_semaphore *sem) 4.1321 + { 4.1322 ++ unsigned long flags; 4.1323 ++ 4.1324 + rwsemtrace(sem, "Entering __downgrade_write"); 4.1325 + 4.1326 +- spin_lock(&sem->wait_lock); 4.1327 ++ spin_lock_irqsave(&sem->wait_lock, flags); 4.1328 + 4.1329 + sem->activity = 1; 4.1330 + if (!list_empty(&sem->wait_list)) 4.1331 + sem = __rwsem_do_wake(sem, 0); 4.1332 + 4.1333 +- spin_unlock(&sem->wait_lock); 4.1334 ++ spin_unlock_irqrestore(&sem->wait_lock, flags); 4.1335 + 4.1336 + rwsemtrace(sem, "Leaving __downgrade_write"); 4.1337 + } 4.1338 +diff -Nru a/lib/rwsem.c b/lib/rwsem.c 4.1339 +--- a/lib/rwsem.c 2005-05-11 15:43:53 -07:00 4.1340 ++++ b/lib/rwsem.c 2005-05-11 15:43:53 -07:00 4.1341 +@@ -150,7 +150,7 @@ 4.1342 + set_task_state(tsk, TASK_UNINTERRUPTIBLE); 4.1343 + 4.1344 + /* set up my own style of waitqueue */ 4.1345 +- spin_lock(&sem->wait_lock); 4.1346 ++ spin_lock_irq(&sem->wait_lock); 4.1347 + waiter->task = tsk; 4.1348 + get_task_struct(tsk); 4.1349 + 4.1350 +@@ -163,7 +163,7 @@ 4.1351 + if (!(count & RWSEM_ACTIVE_MASK)) 4.1352 + sem = __rwsem_do_wake(sem, 0); 4.1353 + 4.1354 +- spin_unlock(&sem->wait_lock); 4.1355 ++ spin_unlock_irq(&sem->wait_lock); 4.1356 + 4.1357 + /* wait to be given the lock */ 4.1358 + for (;;) { 4.1359 +@@ -219,15 +219,17 @@ 4.1360 + */ 4.1361 + struct rw_semaphore fastcall *rwsem_wake(struct rw_semaphore *sem) 4.1362 + { 4.1363 ++ unsigned long flags; 4.1364 ++ 4.1365 + rwsemtrace(sem, "Entering rwsem_wake"); 4.1366 + 4.1367 +- spin_lock(&sem->wait_lock); 4.1368 ++ spin_lock_irqsave(&sem->wait_lock, flags); 4.1369 + 4.1370 + /* do nothing if list empty */ 4.1371 + if (!list_empty(&sem->wait_list)) 4.1372 + sem = __rwsem_do_wake(sem, 0); 4.1373 + 4.1374 +- spin_unlock(&sem->wait_lock); 4.1375 ++ spin_unlock_irqrestore(&sem->wait_lock, flags); 4.1376 + 4.1377 + rwsemtrace(sem, "Leaving rwsem_wake"); 4.1378 + 4.1379 +@@ -241,15 +243,17 @@ 4.1380 + */ 4.1381 + struct rw_semaphore fastcall *rwsem_downgrade_wake(struct rw_semaphore *sem) 4.1382 + { 4.1383 ++ unsigned long flags; 4.1384 ++ 4.1385 + rwsemtrace(sem, "Entering rwsem_downgrade_wake"); 4.1386 + 4.1387 +- spin_lock(&sem->wait_lock); 4.1388 ++ spin_lock_irqsave(&sem->wait_lock, flags); 4.1389 + 4.1390 + /* do nothing if list empty */ 4.1391 + if (!list_empty(&sem->wait_list)) 4.1392 + sem = __rwsem_do_wake(sem, 1); 4.1393 + 4.1394 +- spin_unlock(&sem->wait_lock); 4.1395 ++ spin_unlock_irqrestore(&sem->wait_lock, flags); 4.1396 + 4.1397 + rwsemtrace(sem, "Leaving rwsem_downgrade_wake"); 4.1398 + return sem; 4.1399 +diff -Nru a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c 4.1400 +--- a/net/bluetooth/af_bluetooth.c 2005-05-11 15:43:53 -07:00 4.1401 ++++ b/net/bluetooth/af_bluetooth.c 2005-05-11 15:43:53 -07:00 4.1402 +@@ -64,7 +64,7 @@ 4.1403 + 4.1404 + int bt_sock_register(int proto, struct net_proto_family *ops) 4.1405 + { 4.1406 +- if (proto >= BT_MAX_PROTO) 4.1407 ++ if (proto < 0 || proto >= BT_MAX_PROTO) 4.1408 + return -EINVAL; 4.1409 + 4.1410 + if (bt_proto[proto]) 4.1411 +@@ -77,7 +77,7 @@ 4.1412 + 4.1413 + int bt_sock_unregister(int proto) 4.1414 + { 4.1415 +- if (proto >= BT_MAX_PROTO) 4.1416 ++ if (proto < 0 || proto >= BT_MAX_PROTO) 4.1417 + return -EINVAL; 4.1418 + 4.1419 + if (!bt_proto[proto]) 4.1420 +@@ -92,7 +92,7 @@ 4.1421 + { 4.1422 + int err = 0; 4.1423 + 4.1424 +- if (proto >= BT_MAX_PROTO) 4.1425 ++ if (proto < 0 || proto >= BT_MAX_PROTO) 4.1426 + return -EINVAL; 4.1427 + 4.1428 + #if defined(CONFIG_KMOD) 4.1429 +diff -Nru a/net/ipv4/fib_hash.c b/net/ipv4/fib_hash.c 4.1430 +--- a/net/ipv4/fib_hash.c 2005-05-11 15:43:53 -07:00 4.1431 ++++ b/net/ipv4/fib_hash.c 2005-05-11 15:43:53 -07:00 4.1432 +@@ -919,13 +919,23 @@ 4.1433 + return fa; 4.1434 + } 4.1435 + 4.1436 ++static struct fib_alias *fib_get_idx(struct seq_file *seq, loff_t pos) 4.1437 ++{ 4.1438 ++ struct fib_alias *fa = fib_get_first(seq); 4.1439 ++ 4.1440 ++ if (fa) 4.1441 ++ while (pos && (fa = fib_get_next(seq))) 4.1442 ++ --pos; 4.1443 ++ return pos ? NULL : fa; 4.1444 ++} 4.1445 ++ 4.1446 + static void *fib_seq_start(struct seq_file *seq, loff_t *pos) 4.1447 + { 4.1448 + void *v = NULL; 4.1449 + 4.1450 + read_lock(&fib_hash_lock); 4.1451 + if (ip_fib_main_table) 4.1452 +- v = *pos ? fib_get_next(seq) : SEQ_START_TOKEN; 4.1453 ++ v = *pos ? fib_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 4.1454 + return v; 4.1455 + } 4.1456 + 4.1457 +diff -Nru a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c 4.1458 +--- a/net/ipv4/tcp_input.c 2005-05-11 15:43:53 -07:00 4.1459 ++++ b/net/ipv4/tcp_input.c 2005-05-11 15:43:53 -07:00 4.1460 +@@ -1653,7 +1653,10 @@ 4.1461 + static void tcp_undo_cwr(struct tcp_sock *tp, int undo) 4.1462 + { 4.1463 + if (tp->prior_ssthresh) { 4.1464 +- tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1); 4.1465 ++ if (tcp_is_bic(tp)) 4.1466 ++ tp->snd_cwnd = max(tp->snd_cwnd, tp->bictcp.last_max_cwnd); 4.1467 ++ else 4.1468 ++ tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh<<1); 4.1469 + 4.1470 + if (undo && tp->prior_ssthresh > tp->snd_ssthresh) { 4.1471 + tp->snd_ssthresh = tp->prior_ssthresh; 4.1472 +diff -Nru a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c 4.1473 +--- a/net/ipv4/tcp_timer.c 2005-05-11 15:43:53 -07:00 4.1474 ++++ b/net/ipv4/tcp_timer.c 2005-05-11 15:43:53 -07:00 4.1475 +@@ -38,6 +38,7 @@ 4.1476 + 4.1477 + #ifdef TCP_DEBUG 4.1478 + const char tcp_timer_bug_msg[] = KERN_DEBUG "tcpbug: unknown timer value\n"; 4.1479 ++EXPORT_SYMBOL(tcp_timer_bug_msg); 4.1480 + #endif 4.1481 + 4.1482 + /* 4.1483 +diff -Nru a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c 4.1484 +--- a/net/ipv4/xfrm4_output.c 2005-05-11 15:43:53 -07:00 4.1485 ++++ b/net/ipv4/xfrm4_output.c 2005-05-11 15:43:53 -07:00 4.1486 +@@ -103,16 +103,16 @@ 4.1487 + goto error_nolock; 4.1488 + } 4.1489 + 4.1490 +- spin_lock_bh(&x->lock); 4.1491 +- err = xfrm_state_check(x, skb); 4.1492 +- if (err) 4.1493 +- goto error; 4.1494 +- 4.1495 + if (x->props.mode) { 4.1496 + err = xfrm4_tunnel_check_size(skb); 4.1497 + if (err) 4.1498 +- goto error; 4.1499 ++ goto error_nolock; 4.1500 + } 4.1501 ++ 4.1502 ++ spin_lock_bh(&x->lock); 4.1503 ++ err = xfrm_state_check(x, skb); 4.1504 ++ if (err) 4.1505 ++ goto error; 4.1506 + 4.1507 + xfrm4_encap(skb); 4.1508 + 4.1509 +diff -Nru a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c 4.1510 +--- a/net/ipv6/xfrm6_output.c 2005-05-11 15:43:53 -07:00 4.1511 ++++ b/net/ipv6/xfrm6_output.c 2005-05-11 15:43:53 -07:00 4.1512 +@@ -103,16 +103,16 @@ 4.1513 + goto error_nolock; 4.1514 + } 4.1515 + 4.1516 +- spin_lock_bh(&x->lock); 4.1517 +- err = xfrm_state_check(x, skb); 4.1518 +- if (err) 4.1519 +- goto error; 4.1520 +- 4.1521 + if (x->props.mode) { 4.1522 + err = xfrm6_tunnel_check_size(skb); 4.1523 + if (err) 4.1524 +- goto error; 4.1525 ++ goto error_nolock; 4.1526 + } 4.1527 ++ 4.1528 ++ spin_lock_bh(&x->lock); 4.1529 ++ err = xfrm_state_check(x, skb); 4.1530 ++ if (err) 4.1531 ++ goto error; 4.1532 + 4.1533 + xfrm6_encap(skb); 4.1534 + 4.1535 +diff -Nru a/net/netrom/nr_in.c b/net/netrom/nr_in.c 4.1536 +--- a/net/netrom/nr_in.c 2005-05-11 15:43:53 -07:00 4.1537 ++++ b/net/netrom/nr_in.c 2005-05-11 15:43:53 -07:00 4.1538 +@@ -74,7 +74,6 @@ 4.1539 + static int nr_state1_machine(struct sock *sk, struct sk_buff *skb, 4.1540 + int frametype) 4.1541 + { 4.1542 +- bh_lock_sock(sk); 4.1543 + switch (frametype) { 4.1544 + case NR_CONNACK: { 4.1545 + nr_cb *nr = nr_sk(sk); 4.1546 +@@ -103,8 +102,6 @@ 4.1547 + default: 4.1548 + break; 4.1549 + } 4.1550 +- bh_unlock_sock(sk); 4.1551 +- 4.1552 + return 0; 4.1553 + } 4.1554 + 4.1555 +@@ -116,7 +113,6 @@ 4.1556 + static int nr_state2_machine(struct sock *sk, struct sk_buff *skb, 4.1557 + int frametype) 4.1558 + { 4.1559 +- bh_lock_sock(sk); 4.1560 + switch (frametype) { 4.1561 + case NR_CONNACK | NR_CHOKE_FLAG: 4.1562 + nr_disconnect(sk, ECONNRESET); 4.1563 +@@ -132,8 +128,6 @@ 4.1564 + default: 4.1565 + break; 4.1566 + } 4.1567 +- bh_unlock_sock(sk); 4.1568 +- 4.1569 + return 0; 4.1570 + } 4.1571 + 4.1572 +@@ -154,7 +148,6 @@ 4.1573 + nr = skb->data[18]; 4.1574 + ns = skb->data[17]; 4.1575 + 4.1576 +- bh_lock_sock(sk); 4.1577 + switch (frametype) { 4.1578 + case NR_CONNREQ: 4.1579 + nr_write_internal(sk, NR_CONNACK); 4.1580 +@@ -265,8 +258,6 @@ 4.1581 + default: 4.1582 + break; 4.1583 + } 4.1584 +- bh_unlock_sock(sk); 4.1585 +- 4.1586 + return queued; 4.1587 + } 4.1588 + 4.1589 +diff -Nru a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c 4.1590 +--- a/net/xfrm/xfrm_state.c 2005-05-11 15:43:53 -07:00 4.1591 ++++ b/net/xfrm/xfrm_state.c 2005-05-11 15:43:53 -07:00 4.1592 +@@ -609,7 +609,7 @@ 4.1593 + 4.1594 + for (i = 0; i < XFRM_DST_HSIZE; i++) { 4.1595 + list_for_each_entry(x, xfrm_state_bydst+i, bydst) { 4.1596 +- if (x->km.seq == seq) { 4.1597 ++ if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) { 4.1598 + xfrm_state_hold(x); 4.1599 + return x; 4.1600 + } 4.1601 +diff -Nru a/security/keys/key.c b/security/keys/key.c 4.1602 +--- a/security/keys/key.c 2005-05-11 15:43:53 -07:00 4.1603 ++++ b/security/keys/key.c 2005-05-11 15:43:53 -07:00 4.1604 +@@ -57,9 +57,10 @@ 4.1605 + { 4.1606 + struct key_user *candidate = NULL, *user; 4.1607 + struct rb_node *parent = NULL; 4.1608 +- struct rb_node **p = &key_user_tree.rb_node; 4.1609 ++ struct rb_node **p; 4.1610 + 4.1611 + try_again: 4.1612 ++ p = &key_user_tree.rb_node; 4.1613 + spin_lock(&key_user_lock); 4.1614 + 4.1615 + /* search the tree for a user record with a matching UID */ 4.1616 +diff -Nru a/sound/core/timer.c b/sound/core/timer.c 4.1617 +--- a/sound/core/timer.c 2005-05-11 15:43:53 -07:00 4.1618 ++++ b/sound/core/timer.c 2005-05-11 15:43:53 -07:00 4.1619 +@@ -1117,7 +1117,8 @@ 4.1620 + if (tu->qused >= tu->queue_size) { 4.1621 + tu->overrun++; 4.1622 + } else { 4.1623 +- memcpy(&tu->queue[tu->qtail++], tread, sizeof(*tread)); 4.1624 ++ memcpy(&tu->tqueue[tu->qtail++], tread, sizeof(*tread)); 4.1625 ++ tu->qtail %= tu->queue_size; 4.1626 + tu->qused++; 4.1627 + } 4.1628 + } 4.1629 +@@ -1140,6 +1141,8 @@ 4.1630 + spin_lock(&tu->qlock); 4.1631 + snd_timer_user_append_to_tqueue(tu, &r1); 4.1632 + spin_unlock(&tu->qlock); 4.1633 ++ kill_fasync(&tu->fasync, SIGIO, POLL_IN); 4.1634 ++ wake_up(&tu->qchange_sleep); 4.1635 + } 4.1636 + 4.1637 + static void snd_timer_user_tinterrupt(snd_timer_instance_t *timeri, 4.1638 +diff -Nru a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c 4.1639 +--- a/sound/pci/ac97/ac97_codec.c 2005-05-11 15:43:53 -07:00 4.1640 ++++ b/sound/pci/ac97/ac97_codec.c 2005-05-11 15:43:53 -07:00 4.1641 +@@ -1185,7 +1185,7 @@ 4.1642 + /* 4.1643 + * create mute switch(es) for normal stereo controls 4.1644 + */ 4.1645 +-static int snd_ac97_cmute_new(snd_card_t *card, char *name, int reg, ac97_t *ac97) 4.1646 ++static int snd_ac97_cmute_new_stereo(snd_card_t *card, char *name, int reg, int check_stereo, ac97_t *ac97) 4.1647 + { 4.1648 + snd_kcontrol_t *kctl; 4.1649 + int err; 4.1650 +@@ -1196,7 +1196,7 @@ 4.1651 + 4.1652 + mute_mask = 0x8000; 4.1653 + val = snd_ac97_read(ac97, reg); 4.1654 +- if (ac97->flags & AC97_STEREO_MUTES) { 4.1655 ++ if (check_stereo || (ac97->flags & AC97_STEREO_MUTES)) { 4.1656 + /* check whether both mute bits work */ 4.1657 + val1 = val | 0x8080; 4.1658 + snd_ac97_write(ac97, reg, val1); 4.1659 +@@ -1254,7 +1254,7 @@ 4.1660 + /* 4.1661 + * create a mute-switch and a volume for normal stereo/mono controls 4.1662 + */ 4.1663 +-static int snd_ac97_cmix_new(snd_card_t *card, const char *pfx, int reg, ac97_t *ac97) 4.1664 ++static int snd_ac97_cmix_new_stereo(snd_card_t *card, const char *pfx, int reg, int check_stereo, ac97_t *ac97) 4.1665 + { 4.1666 + int err; 4.1667 + char name[44]; 4.1668 +@@ -1265,7 +1265,7 @@ 4.1669 + 4.1670 + if (snd_ac97_try_bit(ac97, reg, 15)) { 4.1671 + sprintf(name, "%s Switch", pfx); 4.1672 +- if ((err = snd_ac97_cmute_new(card, name, reg, ac97)) < 0) 4.1673 ++ if ((err = snd_ac97_cmute_new_stereo(card, name, reg, check_stereo, ac97)) < 0) 4.1674 + return err; 4.1675 + } 4.1676 + check_volume_resolution(ac97, reg, &lo_max, &hi_max); 4.1677 +@@ -1277,6 +1277,8 @@ 4.1678 + return 0; 4.1679 + } 4.1680 + 4.1681 ++#define snd_ac97_cmix_new(card, pfx, reg, ac97) snd_ac97_cmix_new_stereo(card, pfx, reg, 0, ac97) 4.1682 ++#define snd_ac97_cmute_new(card, name, reg, ac97) snd_ac97_cmute_new_stereo(card, name, reg, 0, ac97) 4.1683 + 4.1684 + static unsigned int snd_ac97_determine_spdif_rates(ac97_t *ac97); 4.1685 + 4.1686 +@@ -1327,7 +1329,8 @@ 4.1687 + 4.1688 + /* build surround controls */ 4.1689 + if (snd_ac97_try_volume_mix(ac97, AC97_SURROUND_MASTER)) { 4.1690 +- if ((err = snd_ac97_cmix_new(card, "Surround Playback", AC97_SURROUND_MASTER, ac97)) < 0) 4.1691 ++ /* Surround Master (0x38) is with stereo mutes */ 4.1692 ++ if ((err = snd_ac97_cmix_new_stereo(card, "Surround Playback", AC97_SURROUND_MASTER, 1, ac97)) < 0) 4.1693 + return err; 4.1694 + } 4.1695 +