Contents of /trunk/kernel26-alx/patches-2.6.27-r3/0145-2.6.27.46-all-fixes.patch
Parent Directory
| 
Revision Log
Revision 1176 -
(show annotations)
(download)
Thu Oct 14 15:11:06 2010 UTC (13 years, 7 months ago) by niro
File size: 44616 byte(s)
Thu Oct 14 15:11:06 2010 UTC (13 years, 7 months ago) by niro
File size: 44616 byte(s)
-2.6.27-alx-r3: new magellan 0.5.2 kernel
| 1 | diff --git a/Documentation/filesystems/tmpfs.txt b/Documentation/filesystems/tmpfs.txt |
| 2 | index 222437e..a94fede 100644 |
| 3 | --- a/Documentation/filesystems/tmpfs.txt |
| 4 | +++ b/Documentation/filesystems/tmpfs.txt |
| 5 | @@ -82,11 +82,13 @@ tmpfs has a mount option to set the NUMA memory allocation policy for |
| 6 | all files in that instance (if CONFIG_NUMA is enabled) - which can be |
| 7 | adjusted on the fly via 'mount -o remount ...' |
| 8 | |
| 9 | -mpol=default prefers to allocate memory from the local node |
| 10 | +mpol=default use the process allocation policy |
| 11 | + (see set_mempolicy(2)) |
| 12 | mpol=prefer:Node prefers to allocate memory from the given Node |
| 13 | mpol=bind:NodeList allocates memory only from nodes in NodeList |
| 14 | mpol=interleave prefers to allocate from each node in turn |
| 15 | mpol=interleave:NodeList allocates from each node of NodeList in turn |
| 16 | +mpol=local prefers to allocate memory from the local node |
| 17 | |
| 18 | NodeList format is a comma-separated list of decimal numbers and ranges, |
| 19 | a range being two hyphen-separated decimal numbers, the smallest and |
| 20 | @@ -134,3 +136,5 @@ Author: |
| 21 | Christoph Rohland <cr@sap.com>, 1.12.01 |
| 22 | Updated: |
| 23 | Hugh Dickins <hugh@veritas.com>, 4 June 2007 |
| 24 | +Updated: |
| 25 | + KOSAKI Motohiro, 16 Mar 2010 |
| 26 | diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c |
| 27 | index a0e1dbe..5efd5b2 100644 |
| 28 | --- a/arch/x86/ia32/ia32_aout.c |
| 29 | +++ b/arch/x86/ia32/ia32_aout.c |
| 30 | @@ -324,7 +324,6 @@ static int load_aout_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
| 31 | current->mm->free_area_cache = TASK_UNMAPPED_BASE; |
| 32 | current->mm->cached_hole_size = 0; |
| 33 | |
| 34 | - current->mm->mmap = NULL; |
| 35 | compute_creds(bprm); |
| 36 | current->flags &= ~PF_FORKNOEXEC; |
| 37 | |
| 38 | diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
| 39 | index 4cee61a..7981dbe 100644 |
| 40 | --- a/arch/x86/kvm/vmx.c |
| 41 | +++ b/arch/x86/kvm/vmx.c |
| 42 | @@ -2464,6 +2464,9 @@ static int handle_dr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) |
| 43 | unsigned long val; |
| 44 | int dr, reg; |
| 45 | |
| 46 | + if (!kvm_require_cpl(vcpu, 0)) |
| 47 | + return 1; |
| 48 | + |
| 49 | /* |
| 50 | * FIXME: this code assumes the host is debugging the guest. |
| 51 | * need to deal with guest debugging itself too. |
| 52 | diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
| 53 | index bf872f2..80ffc99 100644 |
| 54 | --- a/arch/x86/kvm/x86.c |
| 55 | +++ b/arch/x86/kvm/x86.c |
| 56 | @@ -198,6 +198,19 @@ static void __queue_exception(struct kvm_vcpu *vcpu) |
| 57 | } |
| 58 | |
| 59 | /* |
| 60 | + * Checks if cpl <= required_cpl; if true, return true. Otherwise queue |
| 61 | + * a #GP and return false. |
| 62 | + */ |
| 63 | +bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl) |
| 64 | +{ |
| 65 | + if (kvm_x86_ops->get_cpl(vcpu) <= required_cpl) |
| 66 | + return true; |
| 67 | + kvm_queue_exception_e(vcpu, GP_VECTOR, 0); |
| 68 | + return false; |
| 69 | +} |
| 70 | +EXPORT_SYMBOL_GPL(kvm_require_cpl); |
| 71 | + |
| 72 | +/* |
| 73 | * Load the pae pdptrs. Return true is they are all valid. |
| 74 | */ |
| 75 | int load_pdptrs(struct kvm_vcpu *vcpu, unsigned long cr3) |
| 76 | @@ -3645,7 +3658,13 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu, |
| 77 | |
| 78 | vcpu->arch.cr2 = sregs->cr2; |
| 79 | mmu_reset_needed |= vcpu->arch.cr3 != sregs->cr3; |
| 80 | - vcpu->arch.cr3 = sregs->cr3; |
| 81 | + |
| 82 | + down_read(&vcpu->kvm->slots_lock); |
| 83 | + if (gfn_to_memslot(vcpu->kvm, sregs->cr3 >> PAGE_SHIFT)) |
| 84 | + vcpu->arch.cr3 = sregs->cr3; |
| 85 | + else |
| 86 | + set_bit(KVM_REQ_TRIPLE_FAULT, &vcpu->requests); |
| 87 | + up_read(&vcpu->kvm->slots_lock); |
| 88 | |
| 89 | kvm_set_cr8(vcpu, sregs->cr8); |
| 90 | |
| 91 | diff --git a/arch/x86/kvm/x86_emulate.c b/arch/x86/kvm/x86_emulate.c |
| 92 | index f2f9046..1dc1cfd 100644 |
| 93 | --- a/arch/x86/kvm/x86_emulate.c |
| 94 | +++ b/arch/x86/kvm/x86_emulate.c |
| 95 | @@ -581,6 +581,9 @@ static int do_insn_fetch(struct x86_emulate_ctxt *ctxt, |
| 96 | { |
| 97 | int rc = 0; |
| 98 | |
| 99 | + /* x86 instructions are limited to 15 bytes. */ |
| 100 | + if (eip + size - ctxt->decode.eip_orig > 15) |
| 101 | + return X86EMUL_UNHANDLEABLE; |
| 102 | eip += ctxt->cs_base; |
| 103 | while (size--) { |
| 104 | rc = do_fetch_insn_byte(ctxt, ops, eip++, dest++); |
| 105 | @@ -839,7 +842,7 @@ x86_decode_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops) |
| 106 | /* Shadow copy of register state. Committed on successful emulation. */ |
| 107 | |
| 108 | memset(c, 0, sizeof(struct decode_cache)); |
| 109 | - c->eip = ctxt->vcpu->arch.rip; |
| 110 | + c->eip = c->eip_orig = ctxt->vcpu->arch.rip; |
| 111 | ctxt->cs_base = seg_base(ctxt, VCPU_SREG_CS); |
| 112 | memcpy(c->regs, ctxt->vcpu->arch.regs, sizeof c->regs); |
| 113 | |
| 114 | diff --git a/drivers/char/mem.c b/drivers/char/mem.c |
| 115 | index 672b08e..3191fc8 100644 |
| 116 | --- a/drivers/char/mem.c |
| 117 | +++ b/drivers/char/mem.c |
| 118 | @@ -724,6 +724,9 @@ static ssize_t read_zero(struct file * file, char __user * buf, |
| 119 | written += chunk - unwritten; |
| 120 | if (unwritten) |
| 121 | break; |
| 122 | + /* Consider changing this to just 'signal_pending()' with lots of testing */ |
| 123 | + if (fatal_signal_pending(current)) |
| 124 | + return written ? written : -EINTR; |
| 125 | buf += chunk; |
| 126 | count -= chunk; |
| 127 | cond_resched(); |
| 128 | diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c |
| 129 | index c4b82c7..e6788f4 100644 |
| 130 | --- a/drivers/char/tty_io.c |
| 131 | +++ b/drivers/char/tty_io.c |
| 132 | @@ -2437,8 +2437,10 @@ static int tty_fasync(int fd, struct file *filp, int on) |
| 133 | pid = task_pid(current); |
| 134 | type = PIDTYPE_PID; |
| 135 | } |
| 136 | - retval = __f_setown(filp, pid, type, 0); |
| 137 | + get_pid(pid); |
| 138 | spin_unlock_irqrestore(&tty->ctrl_lock, flags); |
| 139 | + retval = __f_setown(filp, pid, type, 0); |
| 140 | + put_pid(pid); |
| 141 | if (retval) |
| 142 | goto out; |
| 143 | } else { |
| 144 | diff --git a/drivers/gpu/drm/r128/r128_cce.c b/drivers/gpu/drm/r128/r128_cce.c |
| 145 | index c31afbd..11bb1fd 100644 |
| 146 | --- a/drivers/gpu/drm/r128/r128_cce.c |
| 147 | +++ b/drivers/gpu/drm/r128/r128_cce.c |
| 148 | @@ -353,6 +353,11 @@ static int r128_do_init_cce(struct drm_device * dev, drm_r128_init_t * init) |
| 149 | |
| 150 | DRM_DEBUG("\n"); |
| 151 | |
| 152 | + if (dev->dev_private) { |
| 153 | + DRM_DEBUG("called when already initialized\n"); |
| 154 | + return -EINVAL; |
| 155 | + } |
| 156 | + |
| 157 | dev_priv = drm_alloc(sizeof(drm_r128_private_t), DRM_MEM_DRIVER); |
| 158 | if (dev_priv == NULL) |
| 159 | return -ENOMEM; |
| 160 | @@ -651,6 +656,8 @@ int r128_cce_start(struct drm_device *dev, void *data, struct drm_file *file_pri |
| 161 | |
| 162 | LOCK_TEST_WITH_RETURN(dev, file_priv); |
| 163 | |
| 164 | + DEV_INIT_TEST_WITH_RETURN(dev_priv); |
| 165 | + |
| 166 | if (dev_priv->cce_running || dev_priv->cce_mode == R128_PM4_NONPM4) { |
| 167 | DRM_DEBUG("while CCE running\n"); |
| 168 | return 0; |
| 169 | @@ -673,6 +680,8 @@ int r128_cce_stop(struct drm_device *dev, void *data, struct drm_file *file_priv |
| 170 | |
| 171 | LOCK_TEST_WITH_RETURN(dev, file_priv); |
| 172 | |
| 173 | + DEV_INIT_TEST_WITH_RETURN(dev_priv); |
| 174 | + |
| 175 | /* Flush any pending CCE commands. This ensures any outstanding |
| 176 | * commands are exectuted by the engine before we turn it off. |
| 177 | */ |
| 178 | @@ -710,10 +719,7 @@ int r128_cce_reset(struct drm_device *dev, void *data, struct drm_file *file_pri |
| 179 | |
| 180 | LOCK_TEST_WITH_RETURN(dev, file_priv); |
| 181 | |
| 182 | - if (!dev_priv) { |
| 183 | - DRM_DEBUG("called before init done\n"); |
| 184 | - return -EINVAL; |
| 185 | - } |
| 186 | + DEV_INIT_TEST_WITH_RETURN(dev_priv); |
| 187 | |
| 188 | r128_do_cce_reset(dev_priv); |
| 189 | |
| 190 | @@ -730,6 +736,8 @@ int r128_cce_idle(struct drm_device *dev, void *data, struct drm_file *file_priv |
| 191 | |
| 192 | LOCK_TEST_WITH_RETURN(dev, file_priv); |
| 193 | |
| 194 | + DEV_INIT_TEST_WITH_RETURN(dev_priv); |
| 195 | + |
| 196 | if (dev_priv->cce_running) { |
| 197 | r128_do_cce_flush(dev_priv); |
| 198 | } |
| 199 | @@ -743,6 +751,8 @@ int r128_engine_reset(struct drm_device *dev, void *data, struct drm_file *file_ |
| 200 | |
| 201 | LOCK_TEST_WITH_RETURN(dev, file_priv); |
| 202 | |
| 203 | + DEV_INIT_TEST_WITH_RETURN(dev->dev_private); |
| 204 | + |
| 205 | return r128_do_engine_reset(dev); |
| 206 | } |
| 207 | |
| 208 | diff --git a/drivers/gpu/drm/r128/r128_drv.h b/drivers/gpu/drm/r128/r128_drv.h |
| 209 | index 011105e..bc030f6 100644 |
| 210 | --- a/drivers/gpu/drm/r128/r128_drv.h |
| 211 | +++ b/drivers/gpu/drm/r128/r128_drv.h |
| 212 | @@ -418,6 +418,14 @@ static __inline__ void r128_update_ring_snapshot(drm_r128_private_t * dev_priv) |
| 213 | * Misc helper macros |
| 214 | */ |
| 215 | |
| 216 | +#define DEV_INIT_TEST_WITH_RETURN(_dev_priv) \ |
| 217 | +do { \ |
| 218 | + if (!_dev_priv) { \ |
| 219 | + DRM_ERROR("called with no initialization\n"); \ |
| 220 | + return -EINVAL; \ |
| 221 | + } \ |
| 222 | +} while (0) |
| 223 | + |
| 224 | #define RING_SPACE_TEST_WITH_RETURN( dev_priv ) \ |
| 225 | do { \ |
| 226 | drm_r128_ring_buffer_t *ring = &dev_priv->ring; int i; \ |
| 227 | diff --git a/drivers/gpu/drm/r128/r128_state.c b/drivers/gpu/drm/r128/r128_state.c |
| 228 | index 51a9afc..7cd107f 100644 |
| 229 | --- a/drivers/gpu/drm/r128/r128_state.c |
| 230 | +++ b/drivers/gpu/drm/r128/r128_state.c |
| 231 | @@ -1244,14 +1244,18 @@ static void r128_cce_dispatch_stipple(struct drm_device * dev, u32 * stipple) |
| 232 | static int r128_cce_clear(struct drm_device *dev, void *data, struct drm_file *file_priv) |
| 233 | { |
| 234 | drm_r128_private_t *dev_priv = dev->dev_private; |
| 235 | - drm_r128_sarea_t *sarea_priv = dev_priv->sarea_priv; |
| 236 | + drm_r128_sarea_t *sarea_priv; |
| 237 | drm_r128_clear_t *clear = data; |
| 238 | DRM_DEBUG("\n"); |
| 239 | |
| 240 | LOCK_TEST_WITH_RETURN(dev, file_priv); |
| 241 | |
| 242 | + DEV_INIT_TEST_WITH_RETURN(dev_priv); |
| 243 | + |
| 244 | RING_SPACE_TEST_WITH_RETURN(dev_priv); |
| 245 | |
| 246 | + sarea_priv = dev_priv->sarea_priv; |
| 247 | + |
| 248 | if (sarea_priv->nbox > R128_NR_SAREA_CLIPRECTS) |
| 249 | sarea_priv->nbox = R128_NR_SAREA_CLIPRECTS; |
| 250 | |
| 251 | @@ -1312,6 +1316,8 @@ static int r128_cce_flip(struct drm_device *dev, void *data, struct drm_file *fi |
| 252 | |
| 253 | LOCK_TEST_WITH_RETURN(dev, file_priv); |
| 254 | |
| 255 | + DEV_INIT_TEST_WITH_RETURN(dev_priv); |
| 256 | + |
| 257 | RING_SPACE_TEST_WITH_RETURN(dev_priv); |
| 258 | |
| 259 | if (!dev_priv->page_flipping) |
| 260 | @@ -1331,6 +1337,8 @@ static int r128_cce_swap(struct drm_device *dev, void *data, struct drm_file *fi |
| 261 | |
| 262 | LOCK_TEST_WITH_RETURN(dev, file_priv); |
| 263 | |
| 264 | + DEV_INIT_TEST_WITH_RETURN(dev_priv); |
| 265 | + |
| 266 | RING_SPACE_TEST_WITH_RETURN(dev_priv); |
| 267 | |
| 268 | if (sarea_priv->nbox > R128_NR_SAREA_CLIPRECTS) |
| 269 | @@ -1354,10 +1362,7 @@ static int r128_cce_vertex(struct drm_device *dev, void *data, struct drm_file * |
| 270 | |
| 271 | LOCK_TEST_WITH_RETURN(dev, file_priv); |
| 272 | |
| 273 | - if (!dev_priv) { |
| 274 | - DRM_ERROR("called with no initialization\n"); |
| 275 | - return -EINVAL; |
| 276 | - } |
| 277 | + DEV_INIT_TEST_WITH_RETURN(dev_priv); |
| 278 | |
| 279 | DRM_DEBUG("pid=%d index=%d count=%d discard=%d\n", |
| 280 | DRM_CURRENTPID, vertex->idx, vertex->count, vertex->discard); |
| 281 | @@ -1410,10 +1415,7 @@ static int r128_cce_indices(struct drm_device *dev, void *data, struct drm_file |
| 282 | |
| 283 | LOCK_TEST_WITH_RETURN(dev, file_priv); |
| 284 | |
| 285 | - if (!dev_priv) { |
| 286 | - DRM_ERROR("called with no initialization\n"); |
| 287 | - return -EINVAL; |
| 288 | - } |
| 289 | + DEV_INIT_TEST_WITH_RETURN(dev_priv); |
| 290 | |
| 291 | DRM_DEBUG("pid=%d buf=%d s=%d e=%d d=%d\n", DRM_CURRENTPID, |
| 292 | elts->idx, elts->start, elts->end, elts->discard); |
| 293 | @@ -1476,6 +1478,8 @@ static int r128_cce_blit(struct drm_device *dev, void *data, struct drm_file *fi |
| 294 | |
| 295 | LOCK_TEST_WITH_RETURN(dev, file_priv); |
| 296 | |
| 297 | + DEV_INIT_TEST_WITH_RETURN(dev_priv); |
| 298 | + |
| 299 | DRM_DEBUG("pid=%d index=%d\n", DRM_CURRENTPID, blit->idx); |
| 300 | |
| 301 | if (blit->idx < 0 || blit->idx >= dma->buf_count) { |
| 302 | @@ -1501,6 +1505,8 @@ static int r128_cce_depth(struct drm_device *dev, void *data, struct drm_file *f |
| 303 | |
| 304 | LOCK_TEST_WITH_RETURN(dev, file_priv); |
| 305 | |
| 306 | + DEV_INIT_TEST_WITH_RETURN(dev_priv); |
| 307 | + |
| 308 | RING_SPACE_TEST_WITH_RETURN(dev_priv); |
| 309 | |
| 310 | ret = -EINVAL; |
| 311 | @@ -1531,6 +1537,8 @@ static int r128_cce_stipple(struct drm_device *dev, void *data, struct drm_file |
| 312 | |
| 313 | LOCK_TEST_WITH_RETURN(dev, file_priv); |
| 314 | |
| 315 | + DEV_INIT_TEST_WITH_RETURN(dev_priv); |
| 316 | + |
| 317 | if (DRM_COPY_FROM_USER(&mask, stipple->mask, 32 * sizeof(u32))) |
| 318 | return -EFAULT; |
| 319 | |
| 320 | @@ -1555,10 +1563,7 @@ static int r128_cce_indirect(struct drm_device *dev, void *data, struct drm_file |
| 321 | |
| 322 | LOCK_TEST_WITH_RETURN(dev, file_priv); |
| 323 | |
| 324 | - if (!dev_priv) { |
| 325 | - DRM_ERROR("called with no initialization\n"); |
| 326 | - return -EINVAL; |
| 327 | - } |
| 328 | + DEV_INIT_TEST_WITH_RETURN(dev_priv); |
| 329 | |
| 330 | DRM_DEBUG("idx=%d s=%d e=%d d=%d\n", |
| 331 | indirect->idx, indirect->start, indirect->end, |
| 332 | @@ -1620,10 +1625,7 @@ static int r128_getparam(struct drm_device *dev, void *data, struct drm_file *fi |
| 333 | drm_r128_getparam_t *param = data; |
| 334 | int value; |
| 335 | |
| 336 | - if (!dev_priv) { |
| 337 | - DRM_ERROR("called with no initialization\n"); |
| 338 | - return -EINVAL; |
| 339 | - } |
| 340 | + DEV_INIT_TEST_WITH_RETURN(dev_priv); |
| 341 | |
| 342 | DRM_DEBUG("pid=%d\n", DRM_CURRENTPID); |
| 343 | |
| 344 | diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c |
| 345 | index 93c1722..2b8f439 100644 |
| 346 | --- a/drivers/hwmon/coretemp.c |
| 347 | +++ b/drivers/hwmon/coretemp.c |
| 348 | @@ -191,7 +191,7 @@ static int __devinit adjust_tjmax(struct cpuinfo_x86 *c, u32 id, struct device * |
| 349 | if (err) { |
| 350 | dev_warn(dev, |
| 351 | "Unable to access MSR 0xEE, for Tjmax, left" |
| 352 | - " at default"); |
| 353 | + " at default\n"); |
| 354 | } else if (eax & 0x40000000) { |
| 355 | tjmax = 85000; |
| 356 | } |
| 357 | diff --git a/drivers/hwmon/lm78.c b/drivers/hwmon/lm78.c |
| 358 | index affee01..488e867 100644 |
| 359 | --- a/drivers/hwmon/lm78.c |
| 360 | +++ b/drivers/hwmon/lm78.c |
| 361 | @@ -655,7 +655,7 @@ static int __devinit lm78_isa_probe(struct platform_device *pdev) |
| 362 | |
| 363 | /* Reserve the ISA region */ |
| 364 | res = platform_get_resource(pdev, IORESOURCE_IO, 0); |
| 365 | - if (!request_region(res->start, LM78_EXTENT, "lm78")) { |
| 366 | + if (!request_region(res->start + LM78_ADDR_REG_OFFSET, 2, "lm78")) { |
| 367 | err = -EBUSY; |
| 368 | goto exit; |
| 369 | } |
| 370 | @@ -699,7 +699,7 @@ static int __devinit lm78_isa_probe(struct platform_device *pdev) |
| 371 | device_remove_file(&pdev->dev, &dev_attr_name); |
| 372 | kfree(data); |
| 373 | exit_release_region: |
| 374 | - release_region(res->start, LM78_EXTENT); |
| 375 | + release_region(res->start + LM78_ADDR_REG_OFFSET, 2); |
| 376 | exit: |
| 377 | return err; |
| 378 | } |
| 379 | @@ -711,7 +711,7 @@ static int __devexit lm78_isa_remove(struct platform_device *pdev) |
| 380 | hwmon_device_unregister(data->hwmon_dev); |
| 381 | sysfs_remove_group(&pdev->dev.kobj, &lm78_group); |
| 382 | device_remove_file(&pdev->dev, &dev_attr_name); |
| 383 | - release_region(data->client.addr, LM78_EXTENT); |
| 384 | + release_region(data->client.addr + LM78_ADDR_REG_OFFSET, 2); |
| 385 | kfree(data); |
| 386 | |
| 387 | return 0; |
| 388 | @@ -836,9 +836,17 @@ static struct lm78_data *lm78_update_device(struct device *dev) |
| 389 | static int __init lm78_isa_found(unsigned short address) |
| 390 | { |
| 391 | int val, save, found = 0; |
| 392 | - |
| 393 | - if (!request_region(address, LM78_EXTENT, "lm78")) |
| 394 | - return 0; |
| 395 | + int port; |
| 396 | + |
| 397 | + /* Some boards declare base+0 to base+7 as a PNP device, some base+4 |
| 398 | + * to base+7 and some base+5 to base+6. So we better request each port |
| 399 | + * individually for the probing phase. */ |
| 400 | + for (port = address; port < address + LM78_EXTENT; port++) { |
| 401 | + if (!request_region(port, 1, "lm78")) { |
| 402 | + pr_debug("lm78: Failed to request port 0x%x\n", port); |
| 403 | + goto release; |
| 404 | + } |
| 405 | + } |
| 406 | |
| 407 | #define REALLY_SLOW_IO |
| 408 | /* We need the timeouts for at least some LM78-like |
| 409 | @@ -901,7 +909,8 @@ static int __init lm78_isa_found(unsigned short address) |
| 410 | val & 0x80 ? "LM79" : "LM78", (int)address); |
| 411 | |
| 412 | release: |
| 413 | - release_region(address, LM78_EXTENT); |
| 414 | + for (port--; port >= address; port--) |
| 415 | + release_region(port, 1); |
| 416 | return found; |
| 417 | } |
| 418 | |
| 419 | diff --git a/drivers/i2c/i2c-core.c b/drivers/i2c/i2c-core.c |
| 420 | index a10d0d2..3d3fb00 100644 |
| 421 | --- a/drivers/i2c/i2c-core.c |
| 422 | +++ b/drivers/i2c/i2c-core.c |
| 423 | @@ -644,6 +644,9 @@ int i2c_del_adapter(struct i2c_adapter *adap) |
| 424 | } |
| 425 | } |
| 426 | |
| 427 | + /* device name is gone after device_unregister */ |
| 428 | + dev_dbg(&adap->dev, "adapter [%s] unregistered\n", adap->name); |
| 429 | + |
| 430 | /* clean up the sysfs representation */ |
| 431 | init_completion(&adap->dev_released); |
| 432 | device_unregister(&adap->dev); |
| 433 | @@ -654,8 +657,6 @@ int i2c_del_adapter(struct i2c_adapter *adap) |
| 434 | /* free bus id */ |
| 435 | idr_remove(&i2c_adapter_idr, adap->nr); |
| 436 | |
| 437 | - dev_dbg(&adap->dev, "adapter [%s] unregistered\n", adap->name); |
| 438 | - |
| 439 | /* Clear the device structure in case this adapter is ever going to be |
| 440 | added again */ |
| 441 | memset(&adap->dev, 0, sizeof(adap->dev)); |
| 442 | diff --git a/drivers/media/video/em28xx/em28xx-dvb.c b/drivers/media/video/em28xx/em28xx-dvb.c |
| 443 | index d2b1a1a..72894f4 100644 |
| 444 | --- a/drivers/media/video/em28xx/em28xx-dvb.c |
| 445 | +++ b/drivers/media/video/em28xx/em28xx-dvb.c |
| 446 | @@ -501,6 +501,7 @@ static int dvb_fini(struct em28xx *dev) |
| 447 | |
| 448 | if (dev->dvb) { |
| 449 | unregister_dvb(dev->dvb); |
| 450 | + kfree(dev->dvb); |
| 451 | dev->dvb = NULL; |
| 452 | } |
| 453 | |
| 454 | diff --git a/drivers/mtd/ubi/cdev.c b/drivers/mtd/ubi/cdev.c |
| 455 | index 03c759b..82dfbe5 100644 |
| 456 | --- a/drivers/mtd/ubi/cdev.c |
| 457 | +++ b/drivers/mtd/ubi/cdev.c |
| 458 | @@ -793,7 +793,6 @@ static int ubi_cdev_ioctl(struct inode *inode, struct file *file, |
| 459 | break; |
| 460 | } |
| 461 | |
| 462 | - req.name[req.name_len] = '\0'; |
| 463 | err = verify_mkvol_req(ubi, &req); |
| 464 | if (err) |
| 465 | break; |
| 466 | diff --git a/drivers/net/b44.c b/drivers/net/b44.c |
| 467 | index f1521c6..012614e 100644 |
| 468 | --- a/drivers/net/b44.c |
| 469 | +++ b/drivers/net/b44.c |
| 470 | @@ -1502,8 +1502,7 @@ static int b44_magic_pattern(u8 *macaddr, u8 *ppattern, u8 *pmask, int offset) |
| 471 | for (k = 0; k< ethaddr_bytes; k++) { |
| 472 | ppattern[offset + magicsync + |
| 473 | (j * ETH_ALEN) + k] = macaddr[k]; |
| 474 | - len++; |
| 475 | - set_bit(len, (unsigned long *) pmask); |
| 476 | + set_bit(len++, (unsigned long *) pmask); |
| 477 | } |
| 478 | } |
| 479 | return len - 1; |
| 480 | diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c |
| 481 | index 5a07b50..598d2e9 100644 |
| 482 | --- a/drivers/net/bonding/bond_main.c |
| 483 | +++ b/drivers/net/bonding/bond_main.c |
| 484 | @@ -2228,6 +2228,9 @@ static int bond_miimon_inspect(struct bonding *bond) |
| 485 | { |
| 486 | struct slave *slave; |
| 487 | int i, link_state, commit = 0; |
| 488 | + bool ignore_updelay; |
| 489 | + |
| 490 | + ignore_updelay = !bond->curr_active_slave ? true : false; |
| 491 | |
| 492 | bond_for_each_slave(bond, slave, i) { |
| 493 | slave->new_link = BOND_LINK_NOCHANGE; |
| 494 | @@ -2292,6 +2295,7 @@ static int bond_miimon_inspect(struct bonding *bond) |
| 495 | ": %s: link status up for " |
| 496 | "interface %s, enabling it in %d ms.\n", |
| 497 | bond->dev->name, slave->dev->name, |
| 498 | + ignore_updelay ? 0 : |
| 499 | bond->params.updelay * |
| 500 | bond->params.miimon); |
| 501 | } |
| 502 | @@ -2310,9 +2314,13 @@ static int bond_miimon_inspect(struct bonding *bond) |
| 503 | continue; |
| 504 | } |
| 505 | |
| 506 | + if (ignore_updelay) |
| 507 | + slave->delay = 0; |
| 508 | + |
| 509 | if (slave->delay <= 0) { |
| 510 | slave->new_link = BOND_LINK_UP; |
| 511 | commit++; |
| 512 | + ignore_updelay = false; |
| 513 | continue; |
| 514 | } |
| 515 | |
| 516 | diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c |
| 517 | index f718215..68bba7f 100644 |
| 518 | --- a/drivers/net/r8169.c |
| 519 | +++ b/drivers/net/r8169.c |
| 520 | @@ -1842,9 +1842,9 @@ static void __devexit rtl8169_remove_one(struct pci_dev *pdev) |
| 521 | static void rtl8169_set_rxbufsize(struct rtl8169_private *tp, |
| 522 | struct net_device *dev) |
| 523 | { |
| 524 | - unsigned int mtu = dev->mtu; |
| 525 | + unsigned int max_frame = dev->mtu + VLAN_ETH_HLEN + ETH_FCS_LEN; |
| 526 | |
| 527 | - tp->rx_buf_sz = (mtu > RX_BUF_SIZE) ? mtu + ETH_HLEN + 8 : RX_BUF_SIZE; |
| 528 | + tp->rx_buf_sz = (max_frame > RX_BUF_SIZE) ? max_frame : RX_BUF_SIZE; |
| 529 | } |
| 530 | |
| 531 | static int rtl8169_open(struct net_device *dev) |
| 532 | diff --git a/drivers/net/sky2.c b/drivers/net/sky2.c |
| 533 | index 42963a9..aa9ff46 100644 |
| 534 | --- a/drivers/net/sky2.c |
| 535 | +++ b/drivers/net/sky2.c |
| 536 | @@ -1438,7 +1438,6 @@ static int sky2_up(struct net_device *dev) |
| 537 | if (ramsize > 0) { |
| 538 | u32 rxspace; |
| 539 | |
| 540 | - hw->flags |= SKY2_HW_RAM_BUFFER; |
| 541 | pr_debug(PFX "%s: ram buffer %dK\n", dev->name, ramsize); |
| 542 | if (ramsize < 16) |
| 543 | rxspace = ramsize / 2; |
| 544 | @@ -2846,6 +2845,9 @@ static int __devinit sky2_init(struct sky2_hw *hw) |
| 545 | ++hw->ports; |
| 546 | } |
| 547 | |
| 548 | + if (sky2_read8(hw, B2_E_0)) |
| 549 | + hw->flags |= SKY2_HW_RAM_BUFFER; |
| 550 | + |
| 551 | return 0; |
| 552 | } |
| 553 | |
| 554 | diff --git a/drivers/parisc/eisa_eeprom.c b/drivers/parisc/eisa_eeprom.c |
| 555 | index 5ac2079..7eee236 100644 |
| 556 | --- a/drivers/parisc/eisa_eeprom.c |
| 557 | +++ b/drivers/parisc/eisa_eeprom.c |
| 558 | @@ -55,7 +55,7 @@ static ssize_t eisa_eeprom_read(struct file * file, |
| 559 | ssize_t ret; |
| 560 | int i; |
| 561 | |
| 562 | - if (*ppos >= HPEE_MAX_LENGTH) |
| 563 | + if (*ppos < 0 || *ppos >= HPEE_MAX_LENGTH) |
| 564 | return 0; |
| 565 | |
| 566 | count = *ppos + count < HPEE_MAX_LENGTH ? count : HPEE_MAX_LENGTH - *ppos; |
| 567 | diff --git a/drivers/serial/8250.c b/drivers/serial/8250.c |
| 568 | index 3499a9d..f84f068 100644 |
| 569 | --- a/drivers/serial/8250.c |
| 570 | +++ b/drivers/serial/8250.c |
| 571 | @@ -70,6 +70,9 @@ static unsigned int nr_uarts = CONFIG_SERIAL_8250_RUNTIME_UARTS; |
| 572 | |
| 573 | #define PASS_LIMIT 256 |
| 574 | |
| 575 | +#define BOTH_EMPTY (UART_LSR_TEMT | UART_LSR_THRE) |
| 576 | + |
| 577 | + |
| 578 | /* |
| 579 | * We default to IRQ0 for the "no irq" hack. Some |
| 580 | * machine types want others as well - they're free |
| 581 | @@ -1656,7 +1659,7 @@ static unsigned int serial8250_tx_empty(struct uart_port *port) |
| 582 | up->lsr_saved_flags |= lsr & LSR_SAVE_FLAGS; |
| 583 | spin_unlock_irqrestore(&up->port.lock, flags); |
| 584 | |
| 585 | - return lsr & UART_LSR_TEMT ? TIOCSER_TEMT : 0; |
| 586 | + return (lsr & BOTH_EMPTY) == BOTH_EMPTY ? TIOCSER_TEMT : 0; |
| 587 | } |
| 588 | |
| 589 | static unsigned int serial8250_get_mctrl(struct uart_port *port) |
| 590 | @@ -1714,8 +1717,6 @@ static void serial8250_break_ctl(struct uart_port *port, int break_state) |
| 591 | spin_unlock_irqrestore(&up->port.lock, flags); |
| 592 | } |
| 593 | |
| 594 | -#define BOTH_EMPTY (UART_LSR_TEMT | UART_LSR_THRE) |
| 595 | - |
| 596 | /* |
| 597 | * Wait for transmitter & holding register to empty |
| 598 | */ |
| 599 | diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c |
| 600 | index 33b2935..8657266 100644 |
| 601 | --- a/drivers/usb/core/devio.c |
| 602 | +++ b/drivers/usb/core/devio.c |
| 603 | @@ -1123,6 +1123,13 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb, |
| 604 | free_async(as); |
| 605 | return -ENOMEM; |
| 606 | } |
| 607 | + /* Isochronous input data may end up being discontiguous |
| 608 | + * if some of the packets are short. Clear the buffer so |
| 609 | + * that the gaps don't leak kernel data to userspace. |
| 610 | + */ |
| 611 | + if (is_in && uurb->type == USBDEVFS_URB_TYPE_ISO) |
| 612 | + memset(as->urb->transfer_buffer, 0, |
| 613 | + uurb->buffer_length); |
| 614 | } |
| 615 | as->urb->dev = ps->dev; |
| 616 | as->urb->pipe = (uurb->type << 30) | |
| 617 | @@ -1224,10 +1231,14 @@ static int processcompl(struct async *as, void __user * __user *arg) |
| 618 | void __user *addr = as->userurb; |
| 619 | unsigned int i; |
| 620 | |
| 621 | - if (as->userbuffer) |
| 622 | - if (copy_to_user(as->userbuffer, urb->transfer_buffer, |
| 623 | - urb->transfer_buffer_length)) |
| 624 | + if (as->userbuffer && urb->actual_length) { |
| 625 | + if (urb->number_of_packets > 0) /* Isochronous */ |
| 626 | + i = urb->transfer_buffer_length; |
| 627 | + else /* Non-Isoc */ |
| 628 | + i = urb->actual_length; |
| 629 | + if (copy_to_user(as->userbuffer, urb->transfer_buffer, i)) |
| 630 | goto err_out; |
| 631 | + } |
| 632 | if (put_user(as->status, &userurb->status)) |
| 633 | goto err_out; |
| 634 | if (put_user(urb->actual_length, &userurb->actual_length)) |
| 635 | @@ -1246,14 +1257,11 @@ static int processcompl(struct async *as, void __user * __user *arg) |
| 636 | } |
| 637 | } |
| 638 | |
| 639 | - free_async(as); |
| 640 | - |
| 641 | if (put_user(addr, (void __user * __user *)arg)) |
| 642 | return -EFAULT; |
| 643 | return 0; |
| 644 | |
| 645 | err_out: |
| 646 | - free_async(as); |
| 647 | return -EFAULT; |
| 648 | } |
| 649 | |
| 650 | @@ -1283,8 +1291,11 @@ static struct async *reap_as(struct dev_state *ps) |
| 651 | static int proc_reapurb(struct dev_state *ps, void __user *arg) |
| 652 | { |
| 653 | struct async *as = reap_as(ps); |
| 654 | - if (as) |
| 655 | - return processcompl(as, (void __user * __user *)arg); |
| 656 | + if (as) { |
| 657 | + int retval = processcompl(as, (void __user * __user *)arg); |
| 658 | + free_async(as); |
| 659 | + return retval; |
| 660 | + } |
| 661 | if (signal_pending(current)) |
| 662 | return -EINTR; |
| 663 | return -EIO; |
| 664 | @@ -1292,11 +1303,16 @@ static int proc_reapurb(struct dev_state *ps, void __user *arg) |
| 665 | |
| 666 | static int proc_reapurbnonblock(struct dev_state *ps, void __user *arg) |
| 667 | { |
| 668 | + int retval; |
| 669 | struct async *as; |
| 670 | |
| 671 | - if (!(as = async_getcompleted(ps))) |
| 672 | - return -EAGAIN; |
| 673 | - return processcompl(as, (void __user * __user *)arg); |
| 674 | + as = async_getcompleted(ps); |
| 675 | + retval = -EAGAIN; |
| 676 | + if (as) { |
| 677 | + retval = processcompl(as, (void __user * __user *)arg); |
| 678 | + free_async(as); |
| 679 | + } |
| 680 | + return retval; |
| 681 | } |
| 682 | |
| 683 | #ifdef CONFIG_COMPAT |
| 684 | @@ -1347,9 +1363,9 @@ static int processcompl_compat(struct async *as, void __user * __user *arg) |
| 685 | void __user *addr = as->userurb; |
| 686 | unsigned int i; |
| 687 | |
| 688 | - if (as->userbuffer) |
| 689 | + if (as->userbuffer && urb->actual_length) |
| 690 | if (copy_to_user(as->userbuffer, urb->transfer_buffer, |
| 691 | - urb->transfer_buffer_length)) |
| 692 | + urb->actual_length)) |
| 693 | return -EFAULT; |
| 694 | if (put_user(as->status, &userurb->status)) |
| 695 | return -EFAULT; |
| 696 | @@ -1369,7 +1385,6 @@ static int processcompl_compat(struct async *as, void __user * __user *arg) |
| 697 | } |
| 698 | } |
| 699 | |
| 700 | - free_async(as); |
| 701 | if (put_user(ptr_to_compat(addr), (u32 __user *)arg)) |
| 702 | return -EFAULT; |
| 703 | return 0; |
| 704 | @@ -1378,8 +1393,11 @@ static int processcompl_compat(struct async *as, void __user * __user *arg) |
| 705 | static int proc_reapurb_compat(struct dev_state *ps, void __user *arg) |
| 706 | { |
| 707 | struct async *as = reap_as(ps); |
| 708 | - if (as) |
| 709 | - return processcompl_compat(as, (void __user * __user *)arg); |
| 710 | + if (as) { |
| 711 | + int retval = processcompl_compat(as, (void __user * __user *)arg); |
| 712 | + free_async(as); |
| 713 | + return retval; |
| 714 | + } |
| 715 | if (signal_pending(current)) |
| 716 | return -EINTR; |
| 717 | return -EIO; |
| 718 | @@ -1387,11 +1405,16 @@ static int proc_reapurb_compat(struct dev_state *ps, void __user *arg) |
| 719 | |
| 720 | static int proc_reapurbnonblock_compat(struct dev_state *ps, void __user *arg) |
| 721 | { |
| 722 | + int retval; |
| 723 | struct async *as; |
| 724 | |
| 725 | - if (!(as = async_getcompleted(ps))) |
| 726 | - return -EAGAIN; |
| 727 | - return processcompl_compat(as, (void __user * __user *)arg); |
| 728 | + retval = -EAGAIN; |
| 729 | + as = async_getcompleted(ps); |
| 730 | + if (as) { |
| 731 | + retval = processcompl_compat(as, (void __user * __user *)arg); |
| 732 | + free_async(as); |
| 733 | + } |
| 734 | + return retval; |
| 735 | } |
| 736 | |
| 737 | #endif |
| 738 | diff --git a/drivers/usb/host/ehci-hub.c b/drivers/usb/host/ehci-hub.c |
| 739 | index ef9b038..f1a29e2 100644 |
| 740 | --- a/drivers/usb/host/ehci-hub.c |
| 741 | +++ b/drivers/usb/host/ehci-hub.c |
| 742 | @@ -254,10 +254,8 @@ static int ehci_bus_resume (struct usb_hcd *hcd) |
| 743 | temp = ehci_readl(ehci, &ehci->regs->port_status [i]); |
| 744 | temp &= ~(PORT_RWC_BITS | PORT_WAKE_BITS); |
| 745 | if (test_bit(i, &ehci->bus_suspended) && |
| 746 | - (temp & PORT_SUSPEND)) { |
| 747 | - ehci->reset_done [i] = jiffies + msecs_to_jiffies (20); |
| 748 | + (temp & PORT_SUSPEND)) |
| 749 | temp |= PORT_RESUME; |
| 750 | - } |
| 751 | ehci_writel(ehci, temp, &ehci->regs->port_status [i]); |
| 752 | } |
| 753 | i = HCS_N_PORTS (ehci->hcs_params); |
| 754 | @@ -752,6 +750,9 @@ static int ehci_hub_control ( |
| 755 | ehci_readl(ehci, status_reg)); |
| 756 | } |
| 757 | |
| 758 | + if (!(temp & (PORT_RESUME|PORT_RESET))) |
| 759 | + ehci->reset_done[wIndex] = 0; |
| 760 | + |
| 761 | /* transfer dedicated ports to the companion hc */ |
| 762 | if ((temp & PORT_CONNECT) && |
| 763 | test_bit(wIndex, &ehci->companion_ports)) { |
| 764 | diff --git a/drivers/usb/host/ehci-q.c b/drivers/usb/host/ehci-q.c |
| 765 | index 097dd55..da88a80 100644 |
| 766 | --- a/drivers/usb/host/ehci-q.c |
| 767 | +++ b/drivers/usb/host/ehci-q.c |
| 768 | @@ -346,12 +346,11 @@ qh_completions (struct ehci_hcd *ehci, struct ehci_qh *qh) |
| 769 | */ |
| 770 | if ((token & QTD_STS_XACT) && |
| 771 | QTD_CERR(token) == 0 && |
| 772 | - --qh->xacterrs > 0 && |
| 773 | + ++qh->xacterrs < QH_XACTERR_MAX && |
| 774 | !urb->unlinked) { |
| 775 | ehci_dbg(ehci, |
| 776 | - "detected XactErr len %d/%d retry %d\n", |
| 777 | - qtd->length - QTD_LENGTH(token), qtd->length, |
| 778 | - QH_XACTERR_MAX - qh->xacterrs); |
| 779 | + "detected XactErr len %zu/%zu retry %d\n", |
| 780 | + qtd->length - QTD_LENGTH(token), qtd->length, qh->xacterrs); |
| 781 | |
| 782 | /* reset the token in the qtd and the |
| 783 | * qh overlay (which still contains |
| 784 | @@ -451,7 +450,7 @@ halt: |
| 785 | last = qtd; |
| 786 | |
| 787 | /* reinit the xacterr counter for the next qtd */ |
| 788 | - qh->xacterrs = QH_XACTERR_MAX; |
| 789 | + qh->xacterrs = 0; |
| 790 | } |
| 791 | |
| 792 | /* last urb's completion might still need calling */ |
| 793 | @@ -898,7 +897,7 @@ static void qh_link_async (struct ehci_hcd *ehci, struct ehci_qh *qh) |
| 794 | head->qh_next.qh = qh; |
| 795 | head->hw_next = dma; |
| 796 | |
| 797 | - qh->xacterrs = QH_XACTERR_MAX; |
| 798 | + qh->xacterrs = 0; |
| 799 | qh->qh_state = QH_STATE_LINKED; |
| 800 | /* qtd completions reported later by interrupt */ |
| 801 | } |
| 802 | diff --git a/drivers/usb/host/ehci-sched.c b/drivers/usb/host/ehci-sched.c |
| 803 | index 18e8741..e813ca8 100644 |
| 804 | --- a/drivers/usb/host/ehci-sched.c |
| 805 | +++ b/drivers/usb/host/ehci-sched.c |
| 806 | @@ -542,6 +542,7 @@ static int qh_link_periodic (struct ehci_hcd *ehci, struct ehci_qh *qh) |
| 807 | } |
| 808 | } |
| 809 | qh->qh_state = QH_STATE_LINKED; |
| 810 | + qh->xacterrs = 0; |
| 811 | qh_get (qh); |
| 812 | |
| 813 | /* update per-qh bandwidth for usbfs */ |
| 814 | diff --git a/fs/exec.c b/fs/exec.c |
| 815 | index 5ec0f56..50da182 100644 |
| 816 | --- a/fs/exec.c |
| 817 | +++ b/fs/exec.c |
| 818 | @@ -1826,8 +1826,9 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) |
| 819 | /* |
| 820 | * Dont allow local users get cute and trick others to coredump |
| 821 | * into their pre-created files: |
| 822 | + * Note, this is not relevant for pipes |
| 823 | */ |
| 824 | - if (inode->i_uid != current->fsuid) |
| 825 | + if (!ispipe && (inode->i_uid != current->fsuid)) |
| 826 | goto close_fail; |
| 827 | if (!file->f_op) |
| 828 | goto close_fail; |
| 829 | diff --git a/fs/ext4/super.c b/fs/ext4/super.c |
| 830 | index db2642a..baacaf8 100644 |
| 831 | --- a/fs/ext4/super.c |
| 832 | +++ b/fs/ext4/super.c |
| 833 | @@ -254,7 +254,8 @@ static const char *ext4_decode_error(struct super_block *sb, int errno, |
| 834 | errstr = "Out of memory"; |
| 835 | break; |
| 836 | case -EROFS: |
| 837 | - if (!sb || EXT4_SB(sb)->s_journal->j_flags & JBD2_ABORT) |
| 838 | + if (!sb || (EXT4_SB(sb)->s_journal && |
| 839 | + EXT4_SB(sb)->s_journal->j_flags & JBD2_ABORT)) |
| 840 | errstr = "Journal has aborted"; |
| 841 | else |
| 842 | errstr = "Readonly filesystem"; |
| 843 | diff --git a/fs/fcntl.c b/fs/fcntl.c |
| 844 | index 4eed4d6..ac79b7e 100644 |
| 845 | --- a/fs/fcntl.c |
| 846 | +++ b/fs/fcntl.c |
| 847 | @@ -200,9 +200,7 @@ static int setfl(int fd, struct file * filp, unsigned long arg) |
| 848 | static void f_modown(struct file *filp, struct pid *pid, enum pid_type type, |
| 849 | uid_t uid, uid_t euid, int force) |
| 850 | { |
| 851 | - unsigned long flags; |
| 852 | - |
| 853 | - write_lock_irqsave(&filp->f_owner.lock, flags); |
| 854 | + write_lock_irq(&filp->f_owner.lock); |
| 855 | if (force || !filp->f_owner.pid) { |
| 856 | put_pid(filp->f_owner.pid); |
| 857 | filp->f_owner.pid = get_pid(pid); |
| 858 | @@ -210,7 +208,7 @@ static void f_modown(struct file *filp, struct pid *pid, enum pid_type type, |
| 859 | filp->f_owner.uid = uid; |
| 860 | filp->f_owner.euid = euid; |
| 861 | } |
| 862 | - write_unlock_irqrestore(&filp->f_owner.lock, flags); |
| 863 | + write_unlock_irq(&filp->f_owner.lock); |
| 864 | } |
| 865 | |
| 866 | int __f_setown(struct file *filp, struct pid *pid, enum pid_type type, |
| 867 | diff --git a/fs/namei.c b/fs/namei.c |
| 868 | index e6c73de..832cd4b 100644 |
| 869 | --- a/fs/namei.c |
| 870 | +++ b/fs/namei.c |
| 871 | @@ -841,6 +841,17 @@ fail: |
| 872 | } |
| 873 | |
| 874 | /* |
| 875 | + * This is a temporary kludge to deal with "automount" symlinks; proper |
| 876 | + * solution is to trigger them on follow_mount(), so that do_lookup() |
| 877 | + * would DTRT. To be killed before 2.6.34-final. |
| 878 | + */ |
| 879 | +static inline int follow_on_final(struct inode *inode, unsigned lookup_flags) |
| 880 | +{ |
| 881 | + return inode && unlikely(inode->i_op->follow_link) && |
| 882 | + ((lookup_flags & LOOKUP_FOLLOW) || S_ISDIR(inode->i_mode)); |
| 883 | +} |
| 884 | + |
| 885 | +/* |
| 886 | * Name resolution. |
| 887 | * This is the basic name resolution function, turning a pathname into |
| 888 | * the final dentry. We expect 'base' to be positive and a directory. |
| 889 | @@ -984,8 +995,7 @@ last_component: |
| 890 | if (err) |
| 891 | break; |
| 892 | inode = next.dentry->d_inode; |
| 893 | - if ((lookup_flags & LOOKUP_FOLLOW) |
| 894 | - && inode && inode->i_op && inode->i_op->follow_link) { |
| 895 | + if (follow_on_final(inode, lookup_flags)) { |
| 896 | err = do_follow_link(&next, nd); |
| 897 | if (err) |
| 898 | goto return_err; |
| 899 | diff --git a/include/asm-x86/checksum_32.h b/include/asm-x86/checksum_32.h |
| 900 | index 52bbb0d..0fbf77e 100644 |
| 901 | --- a/include/asm-x86/checksum_32.h |
| 902 | +++ b/include/asm-x86/checksum_32.h |
| 903 | @@ -161,7 +161,8 @@ static inline __sum16 csum_ipv6_magic(const struct in6_addr *saddr, |
| 904 | "adcl $0, %0 ;\n" |
| 905 | : "=&r" (sum) |
| 906 | : "r" (saddr), "r" (daddr), |
| 907 | - "r" (htonl(len)), "r" (htonl(proto)), "0" (sum)); |
| 908 | + "r" (htonl(len)), "r" (htonl(proto)), "0" (sum) |
| 909 | + : "memory"); |
| 910 | |
| 911 | return csum_fold(sum); |
| 912 | } |
| 913 | diff --git a/include/asm-x86/kvm_host.h b/include/asm-x86/kvm_host.h |
| 914 | index cf7c887..69d4de9 100644 |
| 915 | --- a/include/asm-x86/kvm_host.h |
| 916 | +++ b/include/asm-x86/kvm_host.h |
| 917 | @@ -537,6 +537,7 @@ void kvm_queue_exception(struct kvm_vcpu *vcpu, unsigned nr); |
| 918 | void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code); |
| 919 | void kvm_inject_page_fault(struct kvm_vcpu *vcpu, unsigned long cr2, |
| 920 | u32 error_code); |
| 921 | +bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl); |
| 922 | |
| 923 | void kvm_inject_nmi(struct kvm_vcpu *vcpu); |
| 924 | |
| 925 | diff --git a/include/asm-x86/kvm_x86_emulate.h b/include/asm-x86/kvm_x86_emulate.h |
| 926 | index 4e8c1e4..fcbb680 100644 |
| 927 | --- a/include/asm-x86/kvm_x86_emulate.h |
| 928 | +++ b/include/asm-x86/kvm_x86_emulate.h |
| 929 | @@ -128,7 +128,7 @@ struct decode_cache { |
| 930 | u8 seg_override; |
| 931 | unsigned int d; |
| 932 | unsigned long regs[NR_VCPU_REGS]; |
| 933 | - unsigned long eip; |
| 934 | + unsigned long eip, eip_orig; |
| 935 | /* modrm */ |
| 936 | u8 modrm; |
| 937 | u8 modrm_mod; |
| 938 | diff --git a/include/linux/sched.h b/include/linux/sched.h |
| 939 | index ebe801e..6d32974 100644 |
| 940 | --- a/include/linux/sched.h |
| 941 | +++ b/include/linux/sched.h |
| 942 | @@ -901,7 +901,7 @@ struct sched_class { |
| 943 | void (*yield_task) (struct rq *rq); |
| 944 | int (*select_task_rq)(struct task_struct *p, int sync); |
| 945 | |
| 946 | - void (*check_preempt_curr) (struct rq *rq, struct task_struct *p); |
| 947 | + void (*check_preempt_curr) (struct rq *rq, struct task_struct *p, int sync); |
| 948 | |
| 949 | struct task_struct * (*pick_next_task) (struct rq *rq); |
| 950 | void (*put_prev_task) (struct rq *rq, struct task_struct *p); |
| 951 | @@ -2232,6 +2232,28 @@ static inline void mm_init_owner(struct mm_struct *mm, struct task_struct *p) |
| 952 | |
| 953 | #define TASK_STATE_TO_CHAR_STR "RSDTtZX" |
| 954 | |
| 955 | +static inline unsigned long task_rlimit(const struct task_struct *tsk, |
| 956 | + unsigned int limit) |
| 957 | +{ |
| 958 | + return ACCESS_ONCE(tsk->signal->rlim[limit].rlim_cur); |
| 959 | +} |
| 960 | + |
| 961 | +static inline unsigned long task_rlimit_max(const struct task_struct *tsk, |
| 962 | + unsigned int limit) |
| 963 | +{ |
| 964 | + return ACCESS_ONCE(tsk->signal->rlim[limit].rlim_max); |
| 965 | +} |
| 966 | + |
| 967 | +static inline unsigned long rlimit(unsigned int limit) |
| 968 | +{ |
| 969 | + return task_rlimit(current, limit); |
| 970 | +} |
| 971 | + |
| 972 | +static inline unsigned long rlimit_max(unsigned int limit) |
| 973 | +{ |
| 974 | + return task_rlimit_max(current, limit); |
| 975 | +} |
| 976 | + |
| 977 | #endif /* __KERNEL__ */ |
| 978 | |
| 979 | #endif |
| 980 | diff --git a/include/linux/topology.h b/include/linux/topology.h |
| 981 | index 2158fc0..2565f4a 100644 |
| 982 | --- a/include/linux/topology.h |
| 983 | +++ b/include/linux/topology.h |
| 984 | @@ -99,7 +99,7 @@ void arch_update_cpu_topology(void); |
| 985 | | SD_BALANCE_FORK \ |
| 986 | | SD_BALANCE_EXEC \ |
| 987 | | SD_WAKE_AFFINE \ |
| 988 | - | SD_WAKE_IDLE \ |
| 989 | + | SD_WAKE_BALANCE \ |
| 990 | | SD_SHARE_CPUPOWER, \ |
| 991 | .last_balance = jiffies, \ |
| 992 | .balance_interval = 1, \ |
| 993 | @@ -120,10 +120,10 @@ void arch_update_cpu_topology(void); |
| 994 | .wake_idx = 1, \ |
| 995 | .forkexec_idx = 1, \ |
| 996 | .flags = SD_LOAD_BALANCE \ |
| 997 | - | SD_BALANCE_NEWIDLE \ |
| 998 | | SD_BALANCE_FORK \ |
| 999 | | SD_BALANCE_EXEC \ |
| 1000 | | SD_WAKE_AFFINE \ |
| 1001 | + | SD_WAKE_BALANCE \ |
| 1002 | | SD_SHARE_PKG_RESOURCES\ |
| 1003 | | BALANCE_FOR_MC_POWER, \ |
| 1004 | .last_balance = jiffies, \ |
| 1005 | diff --git a/kernel/futex.c b/kernel/futex.c |
| 1006 | index ec84da5..02d07e4 100644 |
| 1007 | --- a/kernel/futex.c |
| 1008 | +++ b/kernel/futex.c |
| 1009 | @@ -533,8 +533,25 @@ lookup_pi_state(u32 uval, struct futex_hash_bucket *hb, |
| 1010 | return -EINVAL; |
| 1011 | |
| 1012 | WARN_ON(!atomic_read(&pi_state->refcount)); |
| 1013 | - WARN_ON(pid && pi_state->owner && |
| 1014 | - pi_state->owner->pid != pid); |
| 1015 | + |
| 1016 | + /* |
| 1017 | + * When pi_state->owner is NULL then the owner died |
| 1018 | + * and another waiter is on the fly. pi_state->owner |
| 1019 | + * is fixed up by the task which acquires |
| 1020 | + * pi_state->rt_mutex. |
| 1021 | + * |
| 1022 | + * We do not check for pid == 0 which can happen when |
| 1023 | + * the owner died and robust_list_exit() cleared the |
| 1024 | + * TID. |
| 1025 | + */ |
| 1026 | + if (pid && pi_state->owner) { |
| 1027 | + /* |
| 1028 | + * Bail out if user space manipulated the |
| 1029 | + * futex value. |
| 1030 | + */ |
| 1031 | + if (pid != task_pid_vnr(pi_state->owner)) |
| 1032 | + return -EINVAL; |
| 1033 | + } |
| 1034 | |
| 1035 | atomic_inc(&pi_state->refcount); |
| 1036 | *ps = pi_state; |
| 1037 | @@ -630,6 +647,13 @@ static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_q *this) |
| 1038 | if (!pi_state) |
| 1039 | return -EINVAL; |
| 1040 | |
| 1041 | + /* |
| 1042 | + * If current does not own the pi_state then the futex is |
| 1043 | + * inconsistent and user space fiddled with the futex value. |
| 1044 | + */ |
| 1045 | + if (pi_state->owner != current) |
| 1046 | + return -EINVAL; |
| 1047 | + |
| 1048 | spin_lock(&pi_state->pi_mutex.wait_lock); |
| 1049 | new_owner = rt_mutex_next_owner(&pi_state->pi_mutex); |
| 1050 | |
| 1051 | diff --git a/kernel/printk.c b/kernel/printk.c |
| 1052 | index 204660d..b9df41b 100644 |
| 1053 | --- a/kernel/printk.c |
| 1054 | +++ b/kernel/printk.c |
| 1055 | @@ -995,7 +995,7 @@ int printk_needs_cpu(int cpu) |
| 1056 | void wake_up_klogd(void) |
| 1057 | { |
| 1058 | if (waitqueue_active(&log_wait)) |
| 1059 | - __get_cpu_var(printk_pending) = 1; |
| 1060 | + __raw_get_cpu_var(printk_pending) = 1; |
| 1061 | } |
| 1062 | |
| 1063 | /** |
| 1064 | diff --git a/kernel/sched.c b/kernel/sched.c |
| 1065 | index 98c0cdc..f01ff16 100644 |
| 1066 | --- a/kernel/sched.c |
| 1067 | +++ b/kernel/sched.c |
| 1068 | @@ -604,9 +604,9 @@ struct rq { |
| 1069 | |
| 1070 | static DEFINE_PER_CPU_SHARED_ALIGNED(struct rq, runqueues); |
| 1071 | |
| 1072 | -static inline void check_preempt_curr(struct rq *rq, struct task_struct *p) |
| 1073 | +static inline void check_preempt_curr(struct rq *rq, struct task_struct *p, int sync) |
| 1074 | { |
| 1075 | - rq->curr->sched_class->check_preempt_curr(rq, p); |
| 1076 | + rq->curr->sched_class->check_preempt_curr(rq, p, sync); |
| 1077 | } |
| 1078 | |
| 1079 | static inline int cpu_of(struct rq *rq) |
| 1080 | @@ -2285,7 +2285,7 @@ out_running: |
| 1081 | trace_mark(kernel_sched_wakeup, |
| 1082 | "pid %d state %ld ## rq %p task %p rq->curr %p", |
| 1083 | p->pid, p->state, rq, p, rq->curr); |
| 1084 | - check_preempt_curr(rq, p); |
| 1085 | + check_preempt_curr(rq, p, sync); |
| 1086 | |
| 1087 | p->state = TASK_RUNNING; |
| 1088 | #ifdef CONFIG_SMP |
| 1089 | @@ -2420,7 +2420,7 @@ void wake_up_new_task(struct task_struct *p, unsigned long clone_flags) |
| 1090 | trace_mark(kernel_sched_wakeup_new, |
| 1091 | "pid %d state %ld ## rq %p task %p rq->curr %p", |
| 1092 | p->pid, p->state, rq, p, rq->curr); |
| 1093 | - check_preempt_curr(rq, p); |
| 1094 | + check_preempt_curr(rq, p, 0); |
| 1095 | #ifdef CONFIG_SMP |
| 1096 | if (p->sched_class->task_wake_up) |
| 1097 | p->sched_class->task_wake_up(rq, p); |
| 1098 | @@ -2880,7 +2880,7 @@ static void pull_task(struct rq *src_rq, struct task_struct *p, |
| 1099 | * Note that idle threads have a prio of MAX_PRIO, for this test |
| 1100 | * to be always true for them. |
| 1101 | */ |
| 1102 | - check_preempt_curr(this_rq, p); |
| 1103 | + check_preempt_curr(this_rq, p, 0); |
| 1104 | } |
| 1105 | |
| 1106 | /* |
| 1107 | @@ -5957,7 +5957,7 @@ static int __migrate_task(struct task_struct *p, int src_cpu, int dest_cpu) |
| 1108 | set_task_cpu(p, dest_cpu); |
| 1109 | if (on_rq) { |
| 1110 | activate_task(rq_dest, p, 0); |
| 1111 | - check_preempt_curr(rq_dest, p); |
| 1112 | + check_preempt_curr(rq_dest, p, 0); |
| 1113 | } |
| 1114 | done: |
| 1115 | ret = 1; |
| 1116 | diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c |
| 1117 | index fb8994c..ab8e6f3 100644 |
| 1118 | --- a/kernel/sched_fair.c |
| 1119 | +++ b/kernel/sched_fair.c |
| 1120 | @@ -1331,7 +1331,7 @@ static inline int depth_se(struct sched_entity *se) |
| 1121 | /* |
| 1122 | * Preempt the current task with a newly woken task if needed: |
| 1123 | */ |
| 1124 | -static void check_preempt_wakeup(struct rq *rq, struct task_struct *p) |
| 1125 | +static void check_preempt_wakeup(struct rq *rq, struct task_struct *p, int sync) |
| 1126 | { |
| 1127 | struct task_struct *curr = rq->curr; |
| 1128 | struct cfs_rq *cfs_rq = task_cfs_rq(curr); |
| 1129 | @@ -1360,6 +1360,13 @@ static void check_preempt_wakeup(struct rq *rq, struct task_struct *p) |
| 1130 | if (!sched_feat(WAKEUP_PREEMPT)) |
| 1131 | return; |
| 1132 | |
| 1133 | + if (sched_feat(WAKEUP_OVERLAP) && sync && |
| 1134 | + se->avg_overlap < sysctl_sched_migration_cost && |
| 1135 | + pse->avg_overlap < sysctl_sched_migration_cost) { |
| 1136 | + resched_task(curr); |
| 1137 | + return; |
| 1138 | + } |
| 1139 | + |
| 1140 | /* |
| 1141 | * preemption test can be made between sibling entities who are in the |
| 1142 | * same cfs_rq i.e who have a common parent. Walk up the hierarchy of |
| 1143 | @@ -1642,7 +1649,7 @@ static void prio_changed_fair(struct rq *rq, struct task_struct *p, |
| 1144 | if (p->prio > oldprio) |
| 1145 | resched_task(rq->curr); |
| 1146 | } else |
| 1147 | - check_preempt_curr(rq, p); |
| 1148 | + check_preempt_curr(rq, p, 0); |
| 1149 | } |
| 1150 | |
| 1151 | /* |
| 1152 | @@ -1659,7 +1666,7 @@ static void switched_to_fair(struct rq *rq, struct task_struct *p, |
| 1153 | if (running) |
| 1154 | resched_task(rq->curr); |
| 1155 | else |
| 1156 | - check_preempt_curr(rq, p); |
| 1157 | + check_preempt_curr(rq, p, 0); |
| 1158 | } |
| 1159 | |
| 1160 | /* Account for a task changing its policy or group. |
| 1161 | diff --git a/kernel/sched_features.h b/kernel/sched_features.h |
| 1162 | index c4c88ae..4e51893 100644 |
| 1163 | --- a/kernel/sched_features.h |
| 1164 | +++ b/kernel/sched_features.h |
| 1165 | @@ -11,3 +11,4 @@ SCHED_FEAT(ASYM_GRAN, 1) |
| 1166 | SCHED_FEAT(LB_BIAS, 1) |
| 1167 | SCHED_FEAT(LB_WAKEUP_UPDATE, 1) |
| 1168 | SCHED_FEAT(ASYM_EFF_LOAD, 1) |
| 1169 | +SCHED_FEAT(WAKEUP_OVERLAP, 1) |
| 1170 | diff --git a/kernel/sched_idletask.c b/kernel/sched_idletask.c |
| 1171 | index 3a4f92d..dec4cca 100644 |
| 1172 | --- a/kernel/sched_idletask.c |
| 1173 | +++ b/kernel/sched_idletask.c |
| 1174 | @@ -14,7 +14,7 @@ static int select_task_rq_idle(struct task_struct *p, int sync) |
| 1175 | /* |
| 1176 | * Idle tasks are unconditionally rescheduled: |
| 1177 | */ |
| 1178 | -static void check_preempt_curr_idle(struct rq *rq, struct task_struct *p) |
| 1179 | +static void check_preempt_curr_idle(struct rq *rq, struct task_struct *p, int sync) |
| 1180 | { |
| 1181 | resched_task(rq->idle); |
| 1182 | } |
| 1183 | @@ -76,7 +76,7 @@ static void switched_to_idle(struct rq *rq, struct task_struct *p, |
| 1184 | if (running) |
| 1185 | resched_task(rq->curr); |
| 1186 | else |
| 1187 | - check_preempt_curr(rq, p); |
| 1188 | + check_preempt_curr(rq, p, 0); |
| 1189 | } |
| 1190 | |
| 1191 | static void prio_changed_idle(struct rq *rq, struct task_struct *p, |
| 1192 | @@ -93,7 +93,7 @@ static void prio_changed_idle(struct rq *rq, struct task_struct *p, |
| 1193 | if (p->prio > oldprio) |
| 1194 | resched_task(rq->curr); |
| 1195 | } else |
| 1196 | - check_preempt_curr(rq, p); |
| 1197 | + check_preempt_curr(rq, p, 0); |
| 1198 | } |
| 1199 | |
| 1200 | /* |
| 1201 | diff --git a/kernel/sched_rt.c b/kernel/sched_rt.c |
| 1202 | index 37f0721..68c4745 100644 |
| 1203 | --- a/kernel/sched_rt.c |
| 1204 | +++ b/kernel/sched_rt.c |
| 1205 | @@ -784,7 +784,7 @@ static void check_preempt_equal_prio(struct rq *rq, struct task_struct *p) |
| 1206 | /* |
| 1207 | * Preempt the current task with a newly woken task if needed: |
| 1208 | */ |
| 1209 | -static void check_preempt_curr_rt(struct rq *rq, struct task_struct *p) |
| 1210 | +static void check_preempt_curr_rt(struct rq *rq, struct task_struct *p, int sync) |
| 1211 | { |
| 1212 | if (p->prio < rq->curr->prio) { |
| 1213 | resched_task(rq->curr); |
| 1214 | diff --git a/mm/mempolicy.c b/mm/mempolicy.c |
| 1215 | index 7acf81c..b759b7d 100644 |
| 1216 | --- a/mm/mempolicy.c |
| 1217 | +++ b/mm/mempolicy.c |
| 1218 | @@ -2029,8 +2029,8 @@ int mpol_parse_str(char *str, struct mempolicy **mpol, int no_context) |
| 1219 | char *rest = nodelist; |
| 1220 | while (isdigit(*rest)) |
| 1221 | rest++; |
| 1222 | - if (!*rest) |
| 1223 | - err = 0; |
| 1224 | + if (*rest) |
| 1225 | + goto out; |
| 1226 | } |
| 1227 | break; |
| 1228 | case MPOL_INTERLEAVE: |
| 1229 | @@ -2039,7 +2039,6 @@ int mpol_parse_str(char *str, struct mempolicy **mpol, int no_context) |
| 1230 | */ |
| 1231 | if (!nodelist) |
| 1232 | nodes = node_states[N_HIGH_MEMORY]; |
| 1233 | - err = 0; |
| 1234 | break; |
| 1235 | case MPOL_LOCAL: |
| 1236 | /* |
| 1237 | @@ -2049,11 +2048,19 @@ int mpol_parse_str(char *str, struct mempolicy **mpol, int no_context) |
| 1238 | goto out; |
| 1239 | mode = MPOL_PREFERRED; |
| 1240 | break; |
| 1241 | - |
| 1242 | - /* |
| 1243 | - * case MPOL_BIND: mpol_new() enforces non-empty nodemask. |
| 1244 | - * case MPOL_DEFAULT: mpol_new() enforces empty nodemask, ignores flags. |
| 1245 | - */ |
| 1246 | + case MPOL_DEFAULT: |
| 1247 | + /* |
| 1248 | + * Insist on a empty nodelist |
| 1249 | + */ |
| 1250 | + if (!nodelist) |
| 1251 | + err = 0; |
| 1252 | + goto out; |
| 1253 | + case MPOL_BIND: |
| 1254 | + /* |
| 1255 | + * Insist on a nodelist |
| 1256 | + */ |
| 1257 | + if (!nodelist) |
| 1258 | + goto out; |
| 1259 | } |
| 1260 | |
| 1261 | mode_flags = 0; |
| 1262 | @@ -2067,14 +2074,17 @@ int mpol_parse_str(char *str, struct mempolicy **mpol, int no_context) |
| 1263 | else if (!strcmp(flags, "relative")) |
| 1264 | mode_flags |= MPOL_F_RELATIVE_NODES; |
| 1265 | else |
| 1266 | - err = 1; |
| 1267 | + goto out; |
| 1268 | } |
| 1269 | |
| 1270 | new = mpol_new(mode, mode_flags, &nodes); |
| 1271 | if (IS_ERR(new)) |
| 1272 | - err = 1; |
| 1273 | - else if (no_context) |
| 1274 | - new->w.user_nodemask = nodes; /* save for contextualization */ |
| 1275 | + goto out; |
| 1276 | + err = 0; |
| 1277 | + if (no_context) { |
| 1278 | + /* save for contextualization */ |
| 1279 | + new->w.user_nodemask = nodes; |
| 1280 | + } |
| 1281 | |
| 1282 | out: |
| 1283 | /* Restore string for error message */ |
| 1284 | diff --git a/mm/migrate.c b/mm/migrate.c |
| 1285 | index d493c02..96178f4 100644 |
| 1286 | --- a/mm/migrate.c |
| 1287 | +++ b/mm/migrate.c |
| 1288 | @@ -1062,6 +1062,9 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, |
| 1289 | goto out; |
| 1290 | |
| 1291 | err = -ENODEV; |
| 1292 | + if (node < 0 || node >= MAX_NUMNODES) |
| 1293 | + goto out; |
| 1294 | + |
| 1295 | if (!node_state(node, N_HIGH_MEMORY)) |
| 1296 | goto out; |
| 1297 | |
| 1298 | diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c |
| 1299 | index cd9d526..2268a7e 100644 |
| 1300 | --- a/net/ax25/af_ax25.c |
| 1301 | +++ b/net/ax25/af_ax25.c |
| 1302 | @@ -894,7 +894,6 @@ struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev) |
| 1303 | |
| 1304 | sock_init_data(NULL, sk); |
| 1305 | |
| 1306 | - sk->sk_destruct = ax25_free_sock; |
| 1307 | sk->sk_type = osk->sk_type; |
| 1308 | sk->sk_priority = osk->sk_priority; |
| 1309 | sk->sk_protocol = osk->sk_protocol; |
| 1310 | @@ -932,6 +931,7 @@ struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev) |
| 1311 | } |
| 1312 | |
| 1313 | sk->sk_protinfo = ax25; |
| 1314 | + sk->sk_destruct = ax25_free_sock; |
| 1315 | ax25->sk = sk; |
| 1316 | |
| 1317 | return sk; |
| 1318 | diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c |
| 1319 | index f976fc5..6d108fb 100644 |
| 1320 | --- a/net/ipv4/tcp_minisocks.c |
| 1321 | +++ b/net/ipv4/tcp_minisocks.c |
| 1322 | @@ -362,7 +362,7 @@ void tcp_twsk_destructor(struct sock *sk) |
| 1323 | #ifdef CONFIG_TCP_MD5SIG |
| 1324 | struct tcp_timewait_sock *twsk = tcp_twsk(sk); |
| 1325 | if (twsk->tw_md5_keylen) |
| 1326 | - tcp_put_md5sig_pool(); |
| 1327 | + tcp_free_md5sig_pool(); |
| 1328 | #endif |
| 1329 | } |
| 1330 | |
| 1331 | diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c |
| 1332 | index b7a50e9..0a913c9 100644 |
| 1333 | --- a/net/ipv6/sit.c |
| 1334 | +++ b/net/ipv6/sit.c |
| 1335 | @@ -260,7 +260,7 @@ static int ipip6_tunnel_get_prl(struct ip_tunnel *t, |
| 1336 | |
| 1337 | c = 0; |
| 1338 | for (prl = t->prl; prl; prl = prl->next) { |
| 1339 | - if (c > cmax) |
| 1340 | + if (c >= cmax) |
| 1341 | break; |
| 1342 | if (kprl.addr != htonl(INADDR_ANY) && prl->addr != kprl.addr) |
| 1343 | continue; |
| 1344 | diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c |
| 1345 | index 1122c95..2b801a0 100644 |
| 1346 | --- a/net/sched/sch_api.c |
| 1347 | +++ b/net/sched/sch_api.c |
| 1348 | @@ -1453,6 +1453,8 @@ static int tc_fill_tclass(struct sk_buff *skb, struct Qdisc *q, |
| 1349 | nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*tcm), flags); |
| 1350 | tcm = NLMSG_DATA(nlh); |
| 1351 | tcm->tcm_family = AF_UNSPEC; |
| 1352 | + tcm->tcm__pad1 = 0; |
| 1353 | + tcm->tcm__pad2 = 0; |
| 1354 | tcm->tcm_ifindex = qdisc_dev(q)->ifindex; |
| 1355 | tcm->tcm_parent = q->handle; |
| 1356 | tcm->tcm_handle = q->handle; |
| 1357 | diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c |
| 1358 | index facdaa9..3c33817 100644 |
| 1359 | --- a/net/unix/af_unix.c |
| 1360 | +++ b/net/unix/af_unix.c |
| 1361 | @@ -1491,6 +1491,7 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock, |
| 1362 | struct sk_buff *skb; |
| 1363 | int sent=0; |
| 1364 | struct scm_cookie tmp_scm; |
| 1365 | + bool fds_sent = false; |
| 1366 | |
| 1367 | if (NULL == siocb->scm) |
| 1368 | siocb->scm = &tmp_scm; |
| 1369 | @@ -1552,12 +1553,14 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock, |
| 1370 | size = min_t(int, size, skb_tailroom(skb)); |
| 1371 | |
| 1372 | memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); |
| 1373 | - if (siocb->scm->fp) { |
| 1374 | + /* Only send the fds in the first buffer */ |
| 1375 | + if (siocb->scm->fp && !fds_sent) { |
| 1376 | err = unix_attach_fds(siocb->scm, skb); |
| 1377 | if (err) { |
| 1378 | kfree_skb(skb); |
| 1379 | goto out_err; |
| 1380 | } |
| 1381 | + fds_sent = true; |
| 1382 | } |
| 1383 | |
| 1384 | if ((err = memcpy_fromiovec(skb_put(skb,size), msg->msg_iov, size)) != 0) { |