Index: linux-2.6.10-ck7/arch/i386/kernel/cpu/common.c =================================================================== --- linux-2.6.10-ck7.orig/arch/i386/kernel/cpu/common.c 2004-10-19 08:57:04.000000000 +1000 +++ linux-2.6.10-ck7/arch/i386/kernel/cpu/common.c 2005-03-01 21:38:37.000000000 +1100 @@ -334,21 +334,19 @@ void __init identify_cpu(struct cpuinfo_ generic_identify(c); - printk(KERN_DEBUG "CPU: After generic identify, caps: %08lx %08lx %08lx %08lx\n", - c->x86_capability[0], - c->x86_capability[1], - c->x86_capability[2], - c->x86_capability[3]); + printk(KERN_DEBUG "CPU: After generic identify, caps:"); + for (i = 0; i < NCAPINTS; i++) + printk(" %08lx", c->x86_capability[i]); + printk("\n"); if (this_cpu->c_identify) { this_cpu->c_identify(c); - printk(KERN_DEBUG "CPU: After vendor identify, caps: %08lx %08lx %08lx %08lx\n", - c->x86_capability[0], - c->x86_capability[1], - c->x86_capability[2], - c->x86_capability[3]); -} + printk(KERN_DEBUG "CPU: After vendor identify, caps:"); + for (i = 0; i < NCAPINTS; i++) + printk(" %08lx", c->x86_capability[i]); + printk("\n"); + } /* * Vendor-specific initialization. In this section we @@ -398,11 +396,10 @@ void __init identify_cpu(struct cpuinfo_ /* Now the feature flags better reflect actual CPU features! */ - printk(KERN_DEBUG "CPU: After all inits, caps: %08lx %08lx %08lx %08lx\n", - c->x86_capability[0], - c->x86_capability[1], - c->x86_capability[2], - c->x86_capability[3]); + printk(KERN_DEBUG "CPU: After all inits, caps:"); + for (i = 0; i < NCAPINTS; i++) + printk(" %08lx", c->x86_capability[i]); + printk("\n"); /* * On SMP, boot_cpu_data holds the common feature set between Index: linux-2.6.10-ck7/arch/i386/kernel/cpu/cpufreq/gx-suspmod.c =================================================================== --- linux-2.6.10-ck7.orig/arch/i386/kernel/cpu/cpufreq/gx-suspmod.c 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck7/arch/i386/kernel/cpu/cpufreq/gx-suspmod.c 2005-03-01 21:38:37.000000000 +1100 @@ -209,7 +209,7 @@ static unsigned int gx_get_cpuspeed(unsi if ((gx_params->pci_suscfg & SUSMOD) == 0) return stock_freq; - return (stock_freq * gx_params->on_duration) + return (stock_freq * gx_params->off_duration) / (gx_params->on_duration + gx_params->off_duration); } Index: linux-2.6.10-ck7/arch/i386/kernel/cpu/cpufreq/p4-clockmod.c =================================================================== --- linux-2.6.10-ck7.orig/arch/i386/kernel/cpu/cpufreq/p4-clockmod.c 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck7/arch/i386/kernel/cpu/cpufreq/p4-clockmod.c 2005-03-01 21:38:37.000000000 +1100 @@ -171,7 +171,7 @@ static unsigned int cpufreq_p4_get_frequ return speedstep_get_processor_frequency(SPEEDSTEP_PROCESSOR_PM); } - if ((c->x86 == 0x06) && (c->x86_model == 0x13)) { + if ((c->x86 == 0x06) && (c->x86_model == 0x0D)) { /* Pentium M (Dothan) */ printk(KERN_WARNING PFX "Warning: Pentium M detected. " "The speedstep_centrino module offers voltage scaling" Index: linux-2.6.10-ck7/arch/i386/kernel/cpu/cpufreq/powernow-k8.c =================================================================== --- linux-2.6.10-ck7.orig/arch/i386/kernel/cpu/cpufreq/powernow-k8.c 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck7/arch/i386/kernel/cpu/cpufreq/powernow-k8.c 2005-03-01 21:38:37.000000000 +1100 @@ -1010,6 +1010,7 @@ static int __init powernowk8_cpu_init(st /* min/max the cpu is capable of */ if (cpufreq_frequency_table_cpuinfo(pol, data->powernow_table)) { printk(KERN_ERR PFX "invalid powernow_table\n"); + powernow_k8_cpu_exit_acpi(data); kfree(data->powernow_table); kfree(data); return -EINVAL; @@ -1027,6 +1028,7 @@ static int __init powernowk8_cpu_init(st err_out: set_cpus_allowed(current, oldmask); schedule(); + powernow_k8_cpu_exit_acpi(data); kfree(data); return -ENODEV; Index: linux-2.6.10-ck7/arch/i386/kernel/cpu/cpufreq/speedstep-centrino.c =================================================================== --- linux-2.6.10-ck7.orig/arch/i386/kernel/cpu/cpufreq/speedstep-centrino.c 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck7/arch/i386/kernel/cpu/cpufreq/speedstep-centrino.c 2005-03-01 21:38:37.000000000 +1100 @@ -249,7 +249,7 @@ static int centrino_cpu_init_table(struc /* Matched a non-match */ printk(KERN_INFO PFX "no table support for CPU model \"%s\": \n", cpu->x86_model_id); -#ifdef CONFIG_X86_SPEEDSTEP_CENTRINO_ACPI +#ifndef CONFIG_X86_SPEEDSTEP_CENTRINO_ACPI printk(KERN_INFO PFX "try compiling with CONFIG_X86_SPEEDSTEP_CENTRINO_ACPI enabled\n"); #endif return -ENOENT; Index: linux-2.6.10-ck7/arch/i386/kernel/nmi.c =================================================================== --- linux-2.6.10-ck7.orig/arch/i386/kernel/nmi.c 2004-10-19 08:57:04.000000000 +1000 +++ linux-2.6.10-ck7/arch/i386/kernel/nmi.c 2005-03-01 21:38:37.000000000 +1100 @@ -117,8 +117,12 @@ int __init check_nmi_watchdog (void) /* FIXME: Only boot CPU is online at this stage. Check CPUs as they come up. */ for (cpu = 0; cpu < NR_CPUS; cpu++) { - if (!cpu_online(cpu)) +#ifdef CONFIG_SMP + /* Check cpu_callin_map here because that is set + after the timer is started. */ + if (!cpu_isset(cpu, cpu_callin_map)) continue; +#endif if (nmi_count(cpu) - prev_nmi_count[cpu] <= 5) { printk("CPU#%d: NMI appears to be stuck!\n", cpu); nmi_active = 0; Index: linux-2.6.10-ck7/arch/i386/kernel/pci-dma.c =================================================================== --- linux-2.6.10-ck7.orig/arch/i386/kernel/pci-dma.c 2004-10-19 08:57:04.000000000 +1000 +++ linux-2.6.10-ck7/arch/i386/kernel/pci-dma.c 2005-03-01 21:38:37.000000000 +1100 @@ -89,11 +89,11 @@ int dma_declare_coherent_memory(struct d if (!mem_base) goto out; - dev->dma_mem = kmalloc(GFP_KERNEL, sizeof(struct dma_coherent_mem)); + dev->dma_mem = kmalloc(sizeof(struct dma_coherent_mem), GFP_KERNEL); if (!dev->dma_mem) goto out; memset(dev->dma_mem, 0, sizeof(struct dma_coherent_mem)); - dev->dma_mem->bitmap = kmalloc(GFP_KERNEL, bitmap_size); + dev->dma_mem->bitmap = kmalloc(bitmap_size, GFP_KERNEL); if (!dev->dma_mem->bitmap) goto free1_out; memset(dev->dma_mem->bitmap, 0, bitmap_size); Index: linux-2.6.10-ck7/arch/i386/kernel/smpboot.c =================================================================== --- linux-2.6.10-ck7.orig/arch/i386/kernel/smpboot.c 2004-10-19 08:57:04.000000000 +1000 +++ linux-2.6.10-ck7/arch/i386/kernel/smpboot.c 2005-03-01 21:38:37.000000000 +1100 @@ -65,7 +65,7 @@ int phys_proc_id[NR_CPUS]; /* Package ID /* bitmap of online cpus */ cpumask_t cpu_online_map; -static cpumask_t cpu_callin_map; +cpumask_t cpu_callin_map; cpumask_t cpu_callout_map; static cpumask_t smp_commenced_mask; Index: linux-2.6.10-ck7/arch/i386/kernel/time.c =================================================================== --- linux-2.6.10-ck7.orig/arch/i386/kernel/time.c 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck7/arch/i386/kernel/time.c 2005-03-01 21:38:37.000000000 +1100 @@ -343,12 +343,13 @@ static int timer_resume(struct sys_devic hpet_reenable(); #endif sec = get_cmos_time() + clock_cmos_diff; - sleep_length = get_cmos_time() - sleep_start; + sleep_length = (get_cmos_time() - sleep_start) * HZ; write_seqlock_irqsave(&xtime_lock, flags); xtime.tv_sec = sec; xtime.tv_nsec = 0; write_sequnlock_irqrestore(&xtime_lock, flags); - jiffies += sleep_length * HZ; + jiffies += sleep_length; + wall_jiffies += sleep_length; return 0; } Index: linux-2.6.10-ck7/arch/ia64/ia32/binfmt_elf32.c =================================================================== --- linux-2.6.10-ck7.orig/arch/ia64/ia32/binfmt_elf32.c 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck7/arch/ia64/ia32/binfmt_elf32.c 2005-03-01 21:38:37.000000000 +1100 @@ -103,7 +103,7 @@ ia64_elf32_init (struct pt_regs *regs) if (insert_vm_struct(current->mm, vma)) { kmem_cache_free(vm_area_cachep, vma); up_write(¤t->mm->mmap_sem); - return; + BUG(); } } up_write(¤t->mm->mmap_sem); @@ -130,7 +130,7 @@ ia64_elf32_init (struct pt_regs *regs) if (insert_vm_struct(current->mm, vma)) { kmem_cache_free(vm_area_cachep, vma); up_write(¤t->mm->mmap_sem); - return; + BUG(); } } up_write(¤t->mm->mmap_sem); @@ -153,7 +153,7 @@ ia64_elf32_init (struct pt_regs *regs) if (insert_vm_struct(current->mm, vma)) { kmem_cache_free(vm_area_cachep, vma); up_write(¤t->mm->mmap_sem); - return; + BUG(); } } up_write(¤t->mm->mmap_sem); Index: linux-2.6.10-ck7/arch/ia64/ia32/sys_ia32.c =================================================================== --- linux-2.6.10-ck7.orig/arch/ia64/ia32/sys_ia32.c 2004-10-19 08:57:05.000000000 +1000 +++ linux-2.6.10-ck7/arch/ia64/ia32/sys_ia32.c 2005-03-01 21:38:37.000000000 +1100 @@ -1415,7 +1415,7 @@ sys32_ipc(u32 call, int first, int secon case SHMDT: return sys_shmdt(compat_ptr(ptr)); case SHMGET: - return sys_shmget(first, second, third); + return sys_shmget(first, (unsigned)second, third); case SHMCTL: return compat_sys_shmctl(first, second, compat_ptr(ptr)); Index: linux-2.6.10-ck7/arch/ia64/kernel/entry.S =================================================================== --- linux-2.6.10-ck7.orig/arch/ia64/kernel/entry.S 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck7/arch/ia64/kernel/entry.S 2005-03-01 21:38:37.000000000 +1100 @@ -51,8 +51,11 @@ * setup a null register window frame. */ ENTRY(ia64_execve) - .prologue ASM_UNW_PRLG_RP|ASM_UNW_PRLG_PFS, ASM_UNW_PRLG_GRSAVE(3) - alloc loc1=ar.pfs,3,2,4,0 + /* + * Allocate 8 input registers since ptrace() may clobber them + */ + .prologue ASM_UNW_PRLG_RP|ASM_UNW_PRLG_PFS, ASM_UNW_PRLG_GRSAVE(8) + alloc loc1=ar.pfs,8,2,4,0 mov loc0=rp .body mov out0=in0 // filename @@ -113,8 +116,11 @@ END(ia64_execve) * u64 tls) */ GLOBAL_ENTRY(sys_clone2) - .prologue ASM_UNW_PRLG_RP|ASM_UNW_PRLG_PFS, ASM_UNW_PRLG_GRSAVE(6) - alloc r16=ar.pfs,6,2,6,0 + /* + * Allocate 8 input registers since ptrace() may clobber them + */ + .prologue ASM_UNW_PRLG_RP|ASM_UNW_PRLG_PFS, ASM_UNW_PRLG_GRSAVE(8) + alloc r16=ar.pfs,8,2,6,0 DO_SAVE_SWITCH_STACK adds r2=PT(R16)+IA64_SWITCH_STACK_SIZE+16,sp mov loc0=rp @@ -142,8 +148,11 @@ END(sys_clone2) * Deprecated. Use sys_clone2() instead. */ GLOBAL_ENTRY(sys_clone) - .prologue ASM_UNW_PRLG_RP|ASM_UNW_PRLG_PFS, ASM_UNW_PRLG_GRSAVE(5) - alloc r16=ar.pfs,5,2,6,0 + /* + * Allocate 8 input registers since ptrace() may clobber them + */ + .prologue ASM_UNW_PRLG_RP|ASM_UNW_PRLG_PFS, ASM_UNW_PRLG_GRSAVE(8) + alloc r16=ar.pfs,8,2,6,0 DO_SAVE_SWITCH_STACK adds r2=PT(R16)+IA64_SWITCH_STACK_SIZE+16,sp mov loc0=rp @@ -1183,7 +1192,10 @@ END(sys_rt_sigsuspend) ENTRY(sys_rt_sigreturn) PT_REGS_UNWIND_INFO(0) - alloc r2=ar.pfs,0,0,1,0 + /* + * Allocate 8 input registers since ptrace() may clobber them + */ + alloc r2=ar.pfs,8,0,1,0 .prologue PT_REGS_SAVES(16) adds sp=-16,sp Index: linux-2.6.10-ck7/arch/ia64/kernel/fsys.S =================================================================== --- linux-2.6.10-ck7.orig/arch/ia64/kernel/fsys.S 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck7/arch/ia64/kernel/fsys.S 2005-03-01 21:38:37.000000000 +1100 @@ -612,8 +612,9 @@ GLOBAL_ENTRY(fsys_bubble_down) ;; mov rp=r2 // set the real return addr tbit.z p8,p0=r3,TIF_SYSCALL_TRACE - -(p8) br.call.sptk.many b6=b6 // ignore this return addr + ;; +(p10) br.cond.spnt.many ia64_ret_from_syscall // p10==true means out registers are more than 8 +(p8) br.call.sptk.many b6=b6 // ignore this return addr br.cond.sptk ia64_trace_syscall END(fsys_bubble_down) Index: linux-2.6.10-ck7/arch/ia64/kernel/gate.S =================================================================== --- linux-2.6.10-ck7.orig/arch/ia64/kernel/gate.S 2004-06-16 17:35:31.000000000 +1000 +++ linux-2.6.10-ck7/arch/ia64/kernel/gate.S 2005-03-01 21:38:37.000000000 +1100 @@ -81,6 +81,7 @@ GLOBAL_ENTRY(__kernel_syscall_via_epc) LOAD_FSYSCALL_TABLE(r14) mov r16=IA64_KR(CURRENT) // 12 cycle read latency + tnat.nz p10,p9=r15 mov r19=NR_syscalls-1 ;; shladd r18=r17,3,r14 @@ -119,7 +120,8 @@ GLOBAL_ENTRY(__kernel_syscall_via_epc) #endif mov r10=-1 - mov r8=ENOSYS +(p10) mov r8=EINVAL +(p9) mov r8=ENOSYS FSYS_RETURN END(__kernel_syscall_via_epc) Index: linux-2.6.10-ck7/arch/ia64/kernel/irq_ia64.c =================================================================== --- linux-2.6.10-ck7.orig/arch/ia64/kernel/irq_ia64.c 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck7/arch/ia64/kernel/irq_ia64.c 2005-03-01 21:38:37.000000000 +1100 @@ -115,7 +115,7 @@ ia64_handle_irq (ia64_vector vector, str * switched atomically. */ bsp = ia64_getreg(_IA64_REG_AR_BSP); - sp = ia64_getreg(_IA64_REG_AR_SP); + sp = ia64_getreg(_IA64_REG_SP); if ((sp - bsp) < 1024) { static unsigned char count; Index: linux-2.6.10-ck7/arch/ia64/kernel/ivt.S =================================================================== --- linux-2.6.10-ck7.orig/arch/ia64/kernel/ivt.S 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck7/arch/ia64/kernel/ivt.S 2005-03-01 21:38:37.000000000 +1100 @@ -51,6 +51,7 @@ #include #include #include +#include #if 1 # define PSR_DEFAULT_BITS psr.ac @@ -732,10 +733,12 @@ ENTRY(break_fault) ssm psr.ic | PSR_DEFAULT_BITS ;; srlz.i // guarantee that interruption collection is on + mov r3=NR_syscalls - 1 ;; (p15) ssm psr.i // restore psr.i + // p10==true means out registers are more than 8 or r15's Nat is true +(p10) br.cond.spnt.many ia64_ret_from_syscall ;; - mov r3=NR_syscalls - 1 movl r16=sys_call_table adds r15=-1024,r15 // r15 contains the syscall number---subtract 1024 @@ -836,8 +839,11 @@ END(interrupt) * On exit: * - executing on bank 1 registers * - psr.ic enabled, interrupts restored + * - p10: TRUE if syscall is invoked with more than 8 out + * registers or r15's Nat is true * - r1: kernel's gp * - r3: preserved (same as on entry) + * - r8: -EINVAL if p10 is true * - r12: points to kernel stack * - r13: points to current task * - p15: TRUE if interrupts need to be re-enabled @@ -871,12 +877,17 @@ GLOBAL_ENTRY(ia64_syscall_setup) ;; st8 [r16]=r19,PT(AR_RNAT)-PT(CR_IFS) // store ar.pfs.pfm in cr.ifs + extr.u r11=r19,7,7 // I0 // get sol of ar.pfs + and r8=0x7f,r19 // A // get sof of ar.pfs + st8 [r17]=r27,PT(AR_BSPSTORE)-PT(AR_RSC)// save ar.rsc + tbit.nz p15,p0=r29,IA64_PSR_I_BIT // I0 (p9) mov in1=-1 + ;; (pUStk) sub r18=r18,r22 // r18=RSE.ndirty*8 - tbit.nz p15,p0=r29,IA64_PSR_I_BIT tnat.nz p10,p0=in2 + add r11=8,r11 ;; (pKStk) adds r16=PT(PR)-PT(AR_RNAT),r16 // skip over ar_rnat field (pKStk) adds r17=PT(B0)-PT(AR_BSPSTORE),r17 // skip over ar_bspstore field @@ -904,25 +915,29 @@ GLOBAL_ENTRY(ia64_syscall_setup) (p13) mov in5=-1 ;; st8 [r16]=r21,PT(R8)-PT(AR_FPSR) // save ar.fpsr - st8.spill [r17]=r15 // save r15 tnat.nz p14,p0=in6 + cmp.lt p10,p9=r11,r8 // frame size can't be more than local+8 ;; stf8 [r16]=f1 // ensure pt_regs.r8 != 0 (see handle_syscall_error) +(p9) tnat.nz p10,p0=r15 adds r12=-16,r1 // switch to kernel memory stack (with 16 bytes of scratch) + + st8.spill [r17]=r15 // save r15 tnat.nz p8,p0=in7 + nop.i 0 mov r13=r2 // establish `current' movl r1=__gp // establish kernel global pointer ;; (p14) mov in6=-1 (p8) mov in7=-1 - tnat.nz p9,p0=r15 + nop.i 0 cmp.eq pSys,pNonSys=r0,r0 // set pSys=1, pNonSys=0 movl r17=FPSR_DEFAULT ;; mov.m ar.fpsr=r17 // set ar.fpsr to kernel default value -(p9) mov r15=-1 +(p10) mov r8=-EINVAL br.ret.sptk.many b7 END(ia64_syscall_setup) Index: linux-2.6.10-ck7/arch/ia64/kernel/process.c =================================================================== --- linux-2.6.10-ck7.orig/arch/ia64/kernel/process.c 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck7/arch/ia64/kernel/process.c 2005-03-01 21:38:37.000000000 +1100 @@ -613,7 +613,7 @@ dump_fpu (struct pt_regs *pt, elf_fpregs return 1; /* f0-f31 are always valid so we always return 1 */ } -asmlinkage long +long sys_execve (char __user *filename, char __user * __user *argv, char __user * __user *envp, struct pt_regs *regs) { Index: linux-2.6.10-ck7/arch/ia64/kernel/unwind.c =================================================================== --- linux-2.6.10-ck7.orig/arch/ia64/kernel/unwind.c 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck7/arch/ia64/kernel/unwind.c 2005-03-01 21:38:37.000000000 +1100 @@ -1945,7 +1945,7 @@ EXPORT_SYMBOL(unw_unwind); int unw_unwind_to_user (struct unw_frame_info *info) { - unsigned long ip; + unsigned long ip, sp; while (unw_unwind(info) >= 0) { if (unw_get_rp(info, &ip) < 0) { @@ -1954,6 +1954,9 @@ unw_unwind_to_user (struct unw_frame_inf __FUNCTION__, ip); return -1; } + unw_get_sp(info, &sp); + if (sp >= (unsigned long)info->task + IA64_STK_OFFSET) + break; if (ip < FIXADDR_USER_END) return 0; } Index: linux-2.6.10-ck7/arch/ia64/sn/kernel/setup.c =================================================================== --- linux-2.6.10-ck7.orig/arch/ia64/sn/kernel/setup.c 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck7/arch/ia64/sn/kernel/setup.c 2005-03-01 21:38:37.000000000 +1100 @@ -163,13 +163,12 @@ static int __init pxm_to_nasid(int pxm) void __init early_sn_setup(void) { - void ia64_sal_handler_init(void *entry_point, void *gpval); efi_system_table_t *efi_systab; efi_config_table_t *config_tables; struct ia64_sal_systab *sal_systab; struct ia64_sal_desc_entry_point *ep; char *p; - int i; + int i, j; /* * Parse enough of the SAL tables to locate the SAL entry point. Since, console @@ -185,19 +184,21 @@ void __init early_sn_setup(void) 0) { sal_systab = __va(config_tables[i].table); p = (char *)(sal_systab + 1); - for (i = 0; i < sal_systab->entry_count; i++) { + for (j = 0; j < sal_systab->entry_count; j++) { if (*p == SAL_DESC_ENTRY_POINT) { ep = (struct ia64_sal_desc_entry_point *)p; ia64_sal_handler_init(__va (ep->sal_proc), __va(ep->gp)); - break; + return; } p += SAL_DESC_SIZE(*p); } } } + /* Uh-oh, SAL not available?? */ + printk(KERN_ERR "failed to find SAL entry point\n"); } extern int platform_intr_list[]; Index: linux-2.6.10-ck7/arch/mips/kernel/irixelf.c =================================================================== --- linux-2.6.10-ck7.orig/arch/mips/kernel/irixelf.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/arch/mips/kernel/irixelf.c 2005-03-01 21:38:37.000000000 +1100 @@ -127,7 +127,9 @@ static void set_brk(unsigned long start, end = PAGE_ALIGN(end); if (end <= start) return; + down_write(¤t->mm->mmap_sem); do_brk(start, end - start); + up_write(¤t->mm->mmap_sem); } @@ -375,7 +377,9 @@ static unsigned int load_irix_interp(str /* Map the last of the bss segment */ if (last_bss > len) { + down_write(¤t->mm->mmap_sem); do_brk(len, (last_bss - len)); + up_write(¤t->mm->mmap_sem); } kfree(elf_phdata); @@ -562,7 +566,9 @@ void irix_map_prda_page (void) unsigned long v; struct prda *pp; + down_write(¤t->mm->mmap_sem); v = do_brk (PRDA_ADDRESS, PAGE_SIZE); + up_write(¤t->mm->mmap_sem); if (v < 0) return; @@ -852,8 +858,11 @@ static int load_irix_library(struct file len = (elf_phdata->p_filesz + elf_phdata->p_vaddr+ 0xfff) & 0xfffff000; bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; - if (bss > len) + if (bss > len) { + down_write(¤t->mm->mmap_sem); do_brk(len, bss-len); + up_write(¤t->mm->mmap_sem); + } kfree(elf_phdata); return 0; } Index: linux-2.6.10-ck7/arch/mips/kernel/linux32.c =================================================================== --- linux-2.6.10-ck7.orig/arch/mips/kernel/linux32.c 2004-08-15 14:08:04.000000000 +1000 +++ linux-2.6.10-ck7/arch/mips/kernel/linux32.c 2005-03-01 21:38:37.000000000 +1100 @@ -1117,7 +1117,7 @@ sys32_ipc (u32 call, int first, int seco err = sys_shmdt ((char *)A(ptr)); break; case SHMGET: - err = sys_shmget (first, second, third); + err = sys_shmget (first, (unsigned)second, third); break; case SHMCTL: err = do_sys32_shmctl (first, second, (void *)AA(ptr)); Index: linux-2.6.10-ck7/arch/ppc64/kernel/prom_init.c =================================================================== --- linux-2.6.10-ck7.orig/arch/ppc64/kernel/prom_init.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/arch/ppc64/kernel/prom_init.c 2005-03-01 21:38:37.000000000 +1100 @@ -846,7 +846,7 @@ static void __init prom_initialize_tce_t prom_debug("TCE table: %s\n", path); prom_debug("\tnode = 0x%x\n", node); - prom_debug("\tbase = 0x%x\n", vbase); + prom_debug("\tbase = 0x%x\n", base); prom_debug("\tsize = 0x%x\n", minsize); /* Initialize the table to have a one-to-one mapping Index: linux-2.6.10-ck7/arch/ppc64/kernel/syscalls.c =================================================================== --- linux-2.6.10-ck7.orig/arch/ppc64/kernel/syscalls.c 2004-08-15 14:08:05.000000000 +1000 +++ linux-2.6.10-ck7/arch/ppc64/kernel/syscalls.c 2005-03-01 21:38:37.000000000 +1100 @@ -57,7 +57,8 @@ check_bugs(void) * This is really horribly ugly. */ asmlinkage int -sys_ipc (uint call, int first, int second, long third, void __user *ptr, long fifth) +sys_ipc (uint call, int first, unsigned long second, long third, + void __user *ptr, long fifth) { int version, ret; @@ -67,15 +68,16 @@ sys_ipc (uint call, int first, int secon ret = -ENOSYS; switch (call) { case SEMOP: - ret = sys_semtimedop (first, (struct sembuf __user *)ptr, second, - NULL); + ret = sys_semtimedop(first, (struct sembuf __user *)ptr, + (unsigned)second, NULL); break; case SEMTIMEDOP: - ret = sys_semtimedop (first, (struct sembuf __user *)ptr, second, + ret = sys_semtimedop(first, (struct sembuf __user *)ptr, + (unsigned)second, (const struct timespec __user *) fifth); break; case SEMGET: - ret = sys_semget (first, second, third); + ret = sys_semget (first, (int)second, third); break; case SEMCTL: { union semun fourth; @@ -85,11 +87,12 @@ sys_ipc (uint call, int first, int secon break; if ((ret = get_user(fourth.__pad, (void __user * __user *)ptr))) break; - ret = sys_semctl (first, second, third, fourth); + ret = sys_semctl(first, (int)second, third, fourth); break; } case MSGSND: - ret = sys_msgsnd (first, (struct msgbuf __user *) ptr, second, third); + ret = sys_msgsnd(first, (struct msgbuf __user *)ptr, + (size_t)second, third); break; case MSGRCV: switch (version) { @@ -103,27 +106,29 @@ sys_ipc (uint call, int first, int secon (struct ipc_kludge __user *) ptr, sizeof (tmp)) ? -EFAULT : 0)) break; - ret = sys_msgrcv (first, tmp.msgp, second, tmp.msgtyp, - third); + ret = sys_msgrcv(first, tmp.msgp, (size_t) second, + tmp.msgtyp, third); break; } default: ret = sys_msgrcv (first, (struct msgbuf __user *) ptr, - second, fifth, third); + (size_t)second, fifth, third); break; } break; case MSGGET: - ret = sys_msgget ((key_t) first, second); + ret = sys_msgget ((key_t)first, (int)second); break; case MSGCTL: - ret = sys_msgctl (first, second, (struct msqid_ds __user *) ptr); + ret = sys_msgctl(first, (int)second, + (struct msqid_ds __user *)ptr); break; case SHMAT: switch (version) { default: { ulong raddr; - ret = do_shmat (first, (char __user *) ptr, second, &raddr); + ret = do_shmat(first, (char __user *) ptr, + (int)second, &raddr); if (ret) break; ret = put_user (raddr, (ulong __user *) third); @@ -133,8 +138,8 @@ sys_ipc (uint call, int first, int secon ret = -EINVAL; if (!segment_eq(get_fs(), get_ds())) break; - ret = do_shmat (first, (char __user *) ptr, second, - (ulong *) third); + ret = do_shmat(first, (char __user *)ptr, + (int)second, (ulong *)third); break; } break; @@ -142,10 +147,11 @@ sys_ipc (uint call, int first, int secon ret = sys_shmdt ((char __user *)ptr); break; case SHMGET: - ret = sys_shmget (first, second, third); + ret = sys_shmget (first, (size_t)second, third); break; case SHMCTL: - ret = sys_shmctl (first, second, (struct shmid_ds __user *) ptr); + ret = sys_shmctl(first, (int)second, + (struct shmid_ds __user *)ptr); break; } Index: linux-2.6.10-ck7/arch/ppc64/mm/hugetlbpage.c =================================================================== --- linux-2.6.10-ck7.orig/arch/ppc64/mm/hugetlbpage.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/arch/ppc64/mm/hugetlbpage.c 2005-03-01 21:38:37.000000000 +1100 @@ -745,7 +745,7 @@ void hugetlb_mm_free_pgd(struct mm_struc pgdir = mm->context.huge_pgdir; if (! pgdir) - return; + goto out; mm->context.huge_pgdir = NULL; @@ -768,6 +768,7 @@ void hugetlb_mm_free_pgd(struct mm_struc BUG_ON(memcmp(pgdir, empty_zero_page, PAGE_SIZE)); kmem_cache_free(zero_cache, pgdir); + out: spin_unlock(&mm->page_table_lock); } Index: linux-2.6.10-ck7/arch/s390/kernel/compat_linux.c =================================================================== --- linux-2.6.10-ck7.orig/arch/s390/kernel/compat_linux.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/arch/s390/kernel/compat_linux.c 2005-03-01 21:38:37.000000000 +1100 @@ -331,7 +331,7 @@ asmlinkage long sys32_ipc(u32 call, int case SHMDT: return sys_shmdt(compat_ptr(ptr)); case SHMGET: - return sys_shmget(first, second, third); + return sys_shmget(first, (unsigned)second, third); case SHMCTL: return compat_sys_shmctl(first, second, compat_ptr(ptr)); } Index: linux-2.6.10-ck7/arch/s390/kernel/sys_s390.c =================================================================== --- linux-2.6.10-ck7.orig/arch/s390/kernel/sys_s390.c 2004-06-16 17:35:34.000000000 +1000 +++ linux-2.6.10-ck7/arch/s390/kernel/sys_s390.c 2005-03-01 21:38:37.000000000 +1100 @@ -145,7 +145,7 @@ asmlinkage long old_select(struct sel_ar * * This is really horribly ugly. */ -asmlinkage long sys_ipc(uint call, int first, int second, +asmlinkage long sys_ipc(uint call, int first, unsigned long second, unsigned long third, void __user *ptr) { struct ipc_kludge tmp; @@ -153,24 +153,25 @@ asmlinkage long sys_ipc(uint call, int f switch (call) { case SEMOP: - return sys_semtimedop (first, (struct sembuf __user *) ptr, second, - NULL); + return sys_semtimedop(first, (struct sembuf __user *)ptr, + (unsigned)second, NULL); case SEMTIMEDOP: - return sys_semtimedop (first, (struct sembuf __user *) ptr, second, + return sys_semtimedop(first, (struct sembuf __user *)ptr, + (unsigned)second, (const struct timespec __user *) third); case SEMGET: - return sys_semget (first, second, third); + return sys_semget(first, (int)second, third); case SEMCTL: { union semun fourth; if (!ptr) return -EINVAL; if (get_user(fourth.__pad, (void __user * __user *) ptr)) return -EFAULT; - return sys_semctl (first, second, third, fourth); + return sys_semctl(first, (int)second, third, fourth); } case MSGSND: return sys_msgsnd (first, (struct msgbuf __user *) ptr, - second, third); + (size_t)second, third); break; case MSGRCV: if (!ptr) @@ -179,15 +180,17 @@ asmlinkage long sys_ipc(uint call, int f sizeof (struct ipc_kludge))) return -EFAULT; return sys_msgrcv (first, tmp.msgp, - second, tmp.msgtyp, third); + (size_t)second, tmp.msgtyp, third); case MSGGET: - return sys_msgget ((key_t) first, second); + return sys_msgget((key_t)first, (int)second); case MSGCTL: - return sys_msgctl (first, second, (struct msqid_ds __user *) ptr); + return sys_msgctl(first, (int)second, + (struct msqid_ds __user *)ptr); case SHMAT: { ulong raddr; - ret = do_shmat (first, (char __user *) ptr, second, &raddr); + ret = do_shmat(first, (char __user *)ptr, + (int)second, &raddr); if (ret) return ret; return put_user (raddr, (ulong __user *) third); @@ -196,9 +199,9 @@ asmlinkage long sys_ipc(uint call, int f case SHMDT: return sys_shmdt ((char __user *)ptr); case SHMGET: - return sys_shmget (first, second, third); + return sys_shmget(first, (size_t)second, third); case SHMCTL: - return sys_shmctl (first, second, + return sys_shmctl(first, (int)second, (struct shmid_ds __user *) ptr); default: return -ENOSYS; Index: linux-2.6.10-ck7/arch/sparc64/kernel/binfmt_aout32.c =================================================================== --- linux-2.6.10-ck7.orig/arch/sparc64/kernel/binfmt_aout32.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/arch/sparc64/kernel/binfmt_aout32.c 2005-03-01 21:38:37.000000000 +1100 @@ -49,7 +49,9 @@ static void set_brk(unsigned long start, end = PAGE_ALIGN(end); if (end <= start) return; + down_write(¤t->mm->mmap_sem); do_brk(start, end - start); + up_write(¤t->mm->mmap_sem); } /* @@ -246,10 +248,14 @@ static int load_aout32_binary(struct lin if (N_MAGIC(ex) == NMAGIC) { loff_t pos = fd_offset; /* Fuck me plenty... */ + down_write(¤t->mm->mmap_sem); error = do_brk(N_TXTADDR(ex), ex.a_text); + up_write(¤t->mm->mmap_sem); bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex), ex.a_text, &pos); + down_write(¤t->mm->mmap_sem); error = do_brk(N_DATADDR(ex), ex.a_data); + up_write(¤t->mm->mmap_sem); bprm->file->f_op->read(bprm->file, (char __user *)N_DATADDR(ex), ex.a_data, &pos); goto beyond_if; @@ -257,8 +263,10 @@ static int load_aout32_binary(struct lin if (N_MAGIC(ex) == OMAGIC) { loff_t pos = fd_offset; + down_write(¤t->mm->mmap_sem); do_brk(N_TXTADDR(ex) & PAGE_MASK, ex.a_text+ex.a_data + PAGE_SIZE - 1); + up_write(¤t->mm->mmap_sem); bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex), ex.a_text+ex.a_data, &pos); } else { @@ -272,7 +280,9 @@ static int load_aout32_binary(struct lin if (!bprm->file->f_op->mmap) { loff_t pos = fd_offset; + down_write(¤t->mm->mmap_sem); do_brk(0, ex.a_text+ex.a_data); + up_write(¤t->mm->mmap_sem); bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex), ex.a_text+ex.a_data, &pos); @@ -389,7 +399,9 @@ static int load_aout32_library(struct fi len = PAGE_ALIGN(ex.a_text + ex.a_data); bss = ex.a_text + ex.a_data + ex.a_bss; if (bss > len) { + down_write(¤t->mm->mmap_sem); error = do_brk(start_addr + len, bss - len); + up_write(¤t->mm->mmap_sem); retval = error; if (error != start_addr + len) goto out; Index: linux-2.6.10-ck7/arch/sparc64/kernel/pci_psycho.c =================================================================== --- linux-2.6.10-ck7.orig/arch/sparc64/kernel/pci_psycho.c 2004-10-19 08:57:05.000000000 +1000 +++ linux-2.6.10-ck7/arch/sparc64/kernel/pci_psycho.c 2005-03-01 21:38:37.000000000 +1100 @@ -453,9 +453,9 @@ static void __psycho_check_one_stc(struc tag_base = regbase + PSYCHO_STC_TAG_A; line_base = regbase + PSYCHO_STC_LINE_A; } else { - err_base = regbase + PSYCHO_STC_ERR_A; - tag_base = regbase + PSYCHO_STC_TAG_A; - line_base = regbase + PSYCHO_STC_LINE_A; + err_base = regbase + PSYCHO_STC_ERR_B; + tag_base = regbase + PSYCHO_STC_TAG_B; + line_base = regbase + PSYCHO_STC_LINE_B; } spin_lock(&stc_buf_lock); Index: linux-2.6.10-ck7/arch/sparc64/kernel/sys_sparc32.c =================================================================== --- linux-2.6.10-ck7.orig/arch/sparc64/kernel/sys_sparc32.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/arch/sparc64/kernel/sys_sparc32.c 2005-03-01 21:38:37.000000000 +1100 @@ -242,7 +242,7 @@ asmlinkage long sys32_getegid16(void) static long get_tv32(struct timeval *o, struct compat_timeval __user *i) { - return (!access_ok(VERIFY_READ, tv32, sizeof(*tv32)) || + return (!access_ok(VERIFY_READ, i, sizeof(*i)) || (__get_user(o->tv_sec, &i->tv_sec) | __get_user(o->tv_usec, &i->tv_usec))); } @@ -835,7 +835,7 @@ asmlinkage long compat_sys_ipc(u32 call, err = sys_shmdt(ptr); goto out; case SHMGET: - err = sys_shmget(first, second, third); + err = sys_shmget(first, (unsigned)second, third); goto out; case SHMCTL: err = do_sys32_shmctl(first, second, ptr); Index: linux-2.6.10-ck7/arch/sparc64/kernel/sys_sparc.c =================================================================== --- linux-2.6.10-ck7.orig/arch/sparc64/kernel/sys_sparc.c 2004-08-15 14:08:05.000000000 +1000 +++ linux-2.6.10-ck7/arch/sparc64/kernel/sys_sparc.c 2005-03-01 21:38:37.000000000 +1100 @@ -199,7 +199,8 @@ out: * This is really horribly ugly. */ -asmlinkage long sys_ipc(unsigned int call, int first, int second, unsigned long third, void __user *ptr, long fifth) +asmlinkage long sys_ipc(unsigned int call, int first, unsigned long second, + unsigned long third, void __user *ptr, long fifth) { int err; @@ -207,14 +208,15 @@ asmlinkage long sys_ipc(unsigned int cal if (call <= SEMCTL) { switch (call) { case SEMOP: - err = sys_semtimedop(first, ptr, second, NULL); + err = sys_semtimedop(first, ptr, + (unsigned)second, NULL); goto out; case SEMTIMEDOP: - err = sys_semtimedop(first, ptr, second, + err = sys_semtimedop(first, ptr, (unsigned)second, (const struct timespec __user *) fifth); goto out; case SEMGET: - err = sys_semget(first, second, (int)third); + err = sys_semget(first, (int)second, (int)third); goto out; case SEMCTL: { union semun fourth; @@ -225,7 +227,7 @@ asmlinkage long sys_ipc(unsigned int cal if (get_user(fourth.__pad, (void __user * __user *) ptr)) goto out; - err = sys_semctl(first, second | IPC_64, + err = sys_semctl(first, (int)second | IPC_64, (int)third, fourth); goto out; } @@ -237,17 +239,18 @@ asmlinkage long sys_ipc(unsigned int cal if (call <= MSGCTL) { switch (call) { case MSGSND: - err = sys_msgsnd(first, ptr, second, (int)third); + err = sys_msgsnd(first, ptr, (size_t)second, + (int)third); goto out; case MSGRCV: - err = sys_msgrcv(first, ptr, second, fifth, + err = sys_msgrcv(first, ptr, (size_t)second, fifth, (int)third); goto out; case MSGGET: - err = sys_msgget((key_t) first, second); + err = sys_msgget((key_t)first, (int)second); goto out; case MSGCTL: - err = sys_msgctl(first, second | IPC_64, ptr); + err = sys_msgctl(first, (int)second | IPC_64, ptr); goto out; default: err = -ENOSYS; @@ -258,7 +261,7 @@ asmlinkage long sys_ipc(unsigned int cal switch (call) { case SHMAT: { ulong raddr; - err = do_shmat(first, ptr, second, &raddr); + err = do_shmat(first, ptr, (int)second, &raddr); if (!err) { if (put_user(raddr, (ulong __user *) third)) @@ -270,10 +273,10 @@ asmlinkage long sys_ipc(unsigned int cal err = sys_shmdt(ptr); goto out; case SHMGET: - err = sys_shmget(first, second, (int)third); + err = sys_shmget(first, (size_t)second, (int)third); goto out; case SHMCTL: - err = sys_shmctl(first, second | IPC_64, ptr); + err = sys_shmctl(first, (int)second | IPC_64, ptr); goto out; default: err = -ENOSYS; Index: linux-2.6.10-ck7/arch/sparc64/solaris/ioctl.c =================================================================== --- linux-2.6.10-ck7.orig/arch/sparc64/solaris/ioctl.c 2004-08-15 14:08:05.000000000 +1000 +++ linux-2.6.10-ck7/arch/sparc64/solaris/ioctl.c 2005-03-01 21:38:37.000000000 +1100 @@ -298,7 +298,7 @@ static inline int solaris_sockmod(unsign if (! current->files->fd[fd] || ! current->files->fd[fd]->f_dentry || ! (ino = current->files->fd[fd]->f_dentry->d_inode) || - ! ino->i_sock) { + ! S_ISSOCK(ino->i_mode)) { spin_unlock(¤t->files->file_lock); return TBADF; } @@ -478,7 +478,7 @@ static inline int solaris_S(struct file struct module_info *mi; ino = filp->f_dentry->d_inode; - if (! ino->i_sock) + if (!S_ISSOCK(ino->i_mode)) return -EBADF; sock = filp->private_data; if (! sock) { Index: linux-2.6.10-ck7/arch/sparc64/solaris/socksys.c =================================================================== --- linux-2.6.10-ck7.orig/arch/sparc64/solaris/socksys.c 2004-03-11 21:28:56.000000000 +1100 +++ linux-2.6.10-ck7/arch/sparc64/solaris/socksys.c 2005-03-01 21:38:37.000000000 +1100 @@ -150,7 +150,7 @@ static unsigned int socksys_poll(struct unsigned int mask = 0; ino=filp->f_dentry->d_inode; - if (ino && ino->i_sock) { + if (ino && S_ISSOCK(ino->i_mode)) { struct sol_socket_struct *sock; sock = (struct sol_socket_struct*)filp->private_data; if (sock && sock->pfirst) { Index: linux-2.6.10-ck7/arch/sparc64/solaris/timod.c =================================================================== --- linux-2.6.10-ck7.orig/arch/sparc64/solaris/timod.c 2004-08-15 14:08:05.000000000 +1000 +++ linux-2.6.10-ck7/arch/sparc64/solaris/timod.c 2005-03-01 21:38:37.000000000 +1100 @@ -853,9 +853,7 @@ asmlinkage int solaris_getmsg(unsigned i if(!filp) goto out; ino = filp->f_dentry->d_inode; - if (!ino) goto out; - - if (!ino->i_sock) + if (!ino || !S_ISSOCK(ino->i_mode)) goto out; ctlptr = (struct strbuf __user *)A(arg1); @@ -923,7 +921,7 @@ asmlinkage int solaris_putmsg(unsigned i ino = filp->f_dentry->d_inode; if (!ino) goto out; - if (!ino->i_sock && + if (!S_ISSOCK(ino->i_mode) && (imajor(ino) != 30 || iminor(ino) != 1)) goto out; Index: linux-2.6.10-ck7/arch/sparc/kernel/auxio.c =================================================================== --- linux-2.6.10-ck7.orig/arch/sparc/kernel/auxio.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/arch/sparc/kernel/auxio.c 2005-03-01 21:38:37.000000000 +1100 @@ -53,7 +53,8 @@ void __init auxio_probe(void) #endif } } - prom_getproperty(auxio_nd, "reg", (char *) auxregs, sizeof(auxregs)); + if(prom_getproperty(auxio_nd, "reg", (char *) auxregs, sizeof(auxregs)) <= 0) + return; prom_apply_obio_ranges(auxregs, 0x1); /* Map the register both read and write */ r.flags = auxregs[0].which_io & 0xF; @@ -121,7 +122,8 @@ void __init auxio_power_probe(void) return; /* Map the power control register. */ - prom_getproperty(node, "reg", (char *)®s, sizeof(regs)); + if (prom_getproperty(node, "reg", (char *)®s, sizeof(regs)) <= 0) + return; prom_apply_obio_ranges(®s, 1); memset(&r, 0, sizeof(r)); r.flags = regs.which_io & 0xF; Index: linux-2.6.10-ck7/arch/sparc/kernel/idprom.c =================================================================== --- linux-2.6.10-ck7.orig/arch/sparc/kernel/idprom.c 2004-03-11 21:28:54.000000000 +1100 +++ linux-2.6.10-ck7/arch/sparc/kernel/idprom.c 2005-03-01 21:38:37.000000000 +1100 @@ -53,13 +53,12 @@ static void __init display_system_type(u for (i = 0; i < NUM_SUN_MACHINES; i++) { if(Sun_Machines[i].id_machtype == machtype) { - if (machtype != (SM_SUN4M_OBP | 0x00)) + if (machtype != (SM_SUN4M_OBP | 0x00) || + prom_getproperty(prom_root_node, "banner-name", + sysname, sizeof(sysname)) <= 0) printk("TYPE: %s\n", Sun_Machines[i].name); - else { - prom_getproperty(prom_root_node, "banner-name", - sysname, sizeof(sysname)); + else printk("TYPE: %s\n", sysname); - } return; } } Index: linux-2.6.10-ck7/arch/sparc/kernel/sun4c_irq.c =================================================================== --- linux-2.6.10-ck7.orig/arch/sparc/kernel/sun4c_irq.c 2004-08-15 14:08:05.000000000 +1000 +++ linux-2.6.10-ck7/arch/sparc/kernel/sun4c_irq.c 2005-03-01 21:38:37.000000000 +1100 @@ -217,13 +217,18 @@ void __init sun4c_init_IRQ(void) panic("Cannot find /interrupt-enable node"); /* Depending on the "address" property is bad news... */ - prom_getproperty(ie_node, "reg", (char *) int_regs, sizeof(int_regs)); - memset(&phyres, 0, sizeof(struct resource)); - phyres.flags = int_regs[0].which_io; - phyres.start = int_regs[0].phys_addr; - interrupt_enable = (char *) sbus_ioremap(&phyres, 0, - int_regs[0].reg_size, "sun4c_intr"); + interrupt_enable = NULL; + if (prom_getproperty(ie_node, "reg", (char *) int_regs, + sizeof(int_regs)) != -1) { + memset(&phyres, 0, sizeof(struct resource)); + phyres.flags = int_regs[0].which_io; + phyres.start = int_regs[0].phys_addr; + interrupt_enable = (char *) sbus_ioremap(&phyres, 0, + int_regs[0].reg_size, "sun4c_intr"); + } } + if (!interrupt_enable) + panic("Cannot map interrupt_enable"); BTFIXUPSET_CALL(sbint_to_irq, sun4c_sbint_to_irq, BTFIXUPCALL_NORM); BTFIXUPSET_CALL(enable_irq, sun4c_enable_irq, BTFIXUPCALL_NORM); Index: linux-2.6.10-ck7/arch/sparc/mm/iommu.c =================================================================== --- linux-2.6.10-ck7.orig/arch/sparc/mm/iommu.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/arch/sparc/mm/iommu.c 2005-03-01 21:38:37.000000000 +1100 @@ -71,14 +71,16 @@ iommu_init(int iommund, struct sbus_bus prom_printf("Unable to allocate iommu structure\n"); prom_halt(); } - prom_getproperty(iommund, "reg", (void *) iommu_promregs, - sizeof(iommu_promregs)); - memset(&r, 0, sizeof(r)); - r.flags = iommu_promregs[0].which_io; - r.start = iommu_promregs[0].phys_addr; - iommu->regs = (struct iommu_regs *) - sbus_ioremap(&r, 0, PAGE_SIZE * 3, "iommu_regs"); - if(!iommu->regs) { + iommu->regs = NULL; + if (prom_getproperty(iommund, "reg", (void *) iommu_promregs, + sizeof(iommu_promregs)) != -1) { + memset(&r, 0, sizeof(r)); + r.flags = iommu_promregs[0].which_io; + r.start = iommu_promregs[0].phys_addr; + iommu->regs = (struct iommu_regs *) + sbus_ioremap(&r, 0, PAGE_SIZE * 3, "iommu_regs"); + } + if (!iommu->regs) { prom_printf("Cannot map IOMMU registers\n"); prom_halt(); } Index: linux-2.6.10-ck7/arch/sparc/mm/io-unit.c =================================================================== --- linux-2.6.10-ck7.orig/arch/sparc/mm/io-unit.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/arch/sparc/mm/io-unit.c 2005-03-01 21:38:37.000000000 +1100 @@ -52,13 +52,15 @@ iounit_init(int sbi_node, int io_node, s iounit->rotor[1] = IOUNIT_BMAP2_START; iounit->rotor[2] = IOUNIT_BMAPM_START; - prom_getproperty(sbi_node, "reg", (void *) iommu_promregs, - sizeof(iommu_promregs)); - prom_apply_generic_ranges(io_node, 0, iommu_promregs, 3); - memset(&r, 0, sizeof(r)); - r.flags = iommu_promregs[2].which_io; - r.start = iommu_promregs[2].phys_addr; - xpt = (iopte_t *) sbus_ioremap(&r, 0, PAGE_SIZE * 16, "XPT"); + xpt = NULL; + if(prom_getproperty(sbi_node, "reg", (void *) iommu_promregs, + sizeof(iommu_promregs)) != -1) { + prom_apply_generic_ranges(io_node, 0, iommu_promregs, 3); + memset(&r, 0, sizeof(r)); + r.flags = iommu_promregs[2].which_io; + r.start = iommu_promregs[2].phys_addr; + xpt = (iopte_t *) sbus_ioremap(&r, 0, PAGE_SIZE * 16, "XPT"); + } if(!xpt) panic("Cannot map External Page Table."); sbus->iommu = (struct iommu_struct *)iounit; Index: linux-2.6.10-ck7/arch/sparc/mm/sun4c.c =================================================================== --- linux-2.6.10-ck7.orig/arch/sparc/mm/sun4c.c 2004-10-19 08:57:05.000000000 +1000 +++ linux-2.6.10-ck7/arch/sparc/mm/sun4c.c 2005-03-01 21:38:37.000000000 +1100 @@ -511,7 +511,8 @@ void __init sun4c_probe_memerr_reg(void) node = prom_searchsiblings(prom_root_node, "memory-error"); if (!node) return; - prom_getproperty(node, "reg", (char *)regs, sizeof(regs)); + if (prom_getproperty(node, "reg", (char *)regs, sizeof(regs)) <= 0) + return; /* hmm I think regs[0].which_io is zero here anyways */ sun4c_memerr_reg = ioremap(regs[0].phys_addr, regs[0].reg_size); } Index: linux-2.6.10-ck7/arch/sparc/prom/console.c =================================================================== --- linux-2.6.10-ck7.orig/arch/sparc/prom/console.c 2004-03-11 21:28:54.000000000 +1100 +++ linux-2.6.10-ck7/arch/sparc/prom/console.c 2005-03-01 21:38:37.000000000 +1100 @@ -111,6 +111,7 @@ prom_query_input_device(void) int st_p; char propb[64]; char *p; + int propl; switch(prom_vers) { case PROM_V0: @@ -139,14 +140,16 @@ prom_query_input_device(void) if(strncmp(propb, "serial", sizeof("serial"))) return PROMDEV_I_UNK; } - prom_getproperty(prom_root_node, "stdin-path", propb, sizeof(propb)); - p = propb; - while(*p) p++; p -= 2; - if(p[0] == ':') { - if(p[1] == 'a') - return PROMDEV_ITTYA; - else if(p[1] == 'b') - return PROMDEV_ITTYB; + propl = prom_getproperty(prom_root_node, "stdin-path", propb, sizeof(propb)); + if(propl > 2) { + p = propb; + while(*p) p++; p -= 2; + if(p[0] == ':') { + if(p[1] == 'a') + return PROMDEV_ITTYA; + else if(p[1] == 'b') + return PROMDEV_ITTYB; + } } return PROMDEV_I_UNK; } @@ -179,7 +182,7 @@ prom_query_output_device(void) restore_current(); spin_unlock_irqrestore(&prom_lock, flags); propl = prom_getproperty(st_p, "device_type", propb, sizeof(propb)); - if (propl >= 0 && propl == sizeof("display") && + if (propl == sizeof("display") && strncmp("display", propb, sizeof("display")) == 0) { return PROMDEV_OSCREEN; @@ -188,16 +191,20 @@ prom_query_output_device(void) if(propl >= 0 && strncmp("serial", propb, sizeof("serial")) != 0) return PROMDEV_O_UNK; - prom_getproperty(prom_root_node, "stdout-path", propb, sizeof(propb)); - if(strncmp(propb, con_name_jmc, CON_SIZE_JMC) == 0) + propl = prom_getproperty(prom_root_node, "stdout-path", + propb, sizeof(propb)); + if(propl == CON_SIZE_JMC && + strncmp(propb, con_name_jmc, CON_SIZE_JMC) == 0) return PROMDEV_OTTYA; - p = propb; - while(*p) p++; p -= 2; - if(p[0]==':') { - if(p[1] == 'a') - return PROMDEV_OTTYA; - else if(p[1] == 'b') - return PROMDEV_OTTYB; + if(propl > 2) { + p = propb; + while(*p) p++; p-= 2; + if(p[0]==':') { + if(p[1] == 'a') + return PROMDEV_OTTYA; + else if(p[1] == 'b') + return PROMDEV_OTTYB; + } } } else { switch(*romvec->pv_stdin) { Index: linux-2.6.10-ck7/arch/sparc/prom/tree.c =================================================================== --- linux-2.6.10-ck7.orig/arch/sparc/prom/tree.c 2004-03-11 21:28:54.000000000 +1100 +++ linux-2.6.10-ck7/arch/sparc/prom/tree.c 2005-03-01 21:38:37.000000000 +1100 @@ -176,8 +176,11 @@ void prom_getstring(int node, char *prop */ int prom_nodematch(int node, char *name) { + int error; + static char namebuf[128]; - prom_getproperty(node, "name", namebuf, sizeof(namebuf)); + error = prom_getproperty(node, "name", namebuf, sizeof(namebuf)); + if (error == -1) return 0; if(strcmp(namebuf, name) == 0) return 1; return 0; } Index: linux-2.6.10-ck7/arch/um/kernel/skas/process.c =================================================================== --- linux-2.6.10-ck7.orig/arch/um/kernel/skas/process.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/arch/um/kernel/skas/process.c 2005-03-01 21:38:37.000000000 +1100 @@ -222,9 +222,10 @@ void new_thread(void *stack, void **swit block_signals(); if(sigsetjmp(fork_buf, 1) == 0) new_thread_proc(stack, handler); - set_signals(flags); remove_sigstack(); + + set_signals(flags); } void thread_wait(void *sw, void *fb) Index: linux-2.6.10-ck7/arch/x86_64/ia32/ia32_aout.c =================================================================== --- linux-2.6.10-ck7.orig/arch/x86_64/ia32/ia32_aout.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/arch/x86_64/ia32/ia32_aout.c 2005-03-01 21:38:37.000000000 +1100 @@ -114,7 +114,9 @@ static void set_brk(unsigned long start, end = PAGE_ALIGN(end); if (end <= start) return; + down_write(¤t->mm->mmap_sem); do_brk(start, end - start); + up_write(¤t->mm->mmap_sem); } #if CORE_DUMP @@ -324,7 +326,10 @@ static int load_aout_binary(struct linux pos = 32; map_size = ex.a_text+ex.a_data; + down_write(¤t->mm->mmap_sem); error = do_brk(text_addr & PAGE_MASK, map_size); + up_write(¤t->mm->mmap_sem); + if (error != (text_addr & PAGE_MASK)) { send_sig(SIGKILL, current, 0); return error; @@ -360,7 +365,9 @@ static int load_aout_binary(struct linux if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { loff_t pos = fd_offset; + down_write(¤t->mm->mmap_sem); do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); + up_write(¤t->mm->mmap_sem); bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), ex.a_text+ex.a_data, &pos); flush_icache_range((unsigned long) N_TXTADDR(ex), @@ -468,8 +475,9 @@ static int load_aout_library(struct file error_time = jiffies; } #endif - + down_write(¤t->mm->mmap_sem); do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); + up_write(¤t->mm->mmap_sem); file->f_op->read(file, (char *)start_addr, ex.a_text + ex.a_data, &pos); @@ -493,7 +501,9 @@ static int load_aout_library(struct file len = PAGE_ALIGN(ex.a_text + ex.a_data); bss = ex.a_text + ex.a_data + ex.a_bss; if (bss > len) { + down_write(¤t->mm->mmap_sem); error = do_brk(start_addr + len, bss - len); + up_write(¤t->mm->mmap_sem); retval = error; if (error != start_addr + len) goto out; Index: linux-2.6.10-ck7/arch/x86_64/ia32/ipc32.c =================================================================== --- linux-2.6.10-ck7.orig/arch/x86_64/ia32/ipc32.c 2004-05-23 12:54:27.000000000 +1000 +++ linux-2.6.10-ck7/arch/x86_64/ia32/ipc32.c 2005-03-01 21:38:37.000000000 +1100 @@ -49,7 +49,7 @@ sys32_ipc(u32 call, int first, int secon case SHMDT: return sys_shmdt(compat_ptr(ptr)); case SHMGET: - return sys_shmget(first, second, third); + return sys_shmget(first, (unsigned)second, third); case SHMCTL: return compat_sys_shmctl(first, second, compat_ptr(ptr)); } Index: linux-2.6.10-ck7/arch/x86_64/kernel/acpi/wakeup.S =================================================================== --- linux-2.6.10-ck7.orig/arch/x86_64/kernel/acpi/wakeup.S 2004-03-11 21:28:56.000000000 +1100 +++ linux-2.6.10-ck7/arch/x86_64/kernel/acpi/wakeup.S 2005-03-01 21:38:37.000000000 +1100 @@ -429,9 +429,6 @@ ENTRY(do_suspend_lowlevel_s4bios) do_suspend_lowlevel: .LFB5: subq $8, %rsp -.LCFI2: - testl %edi, %edi - jne .L99 xorl %eax, %eax call save_processor_state Index: linux-2.6.10-ck7/arch/x86_64/kernel/nmi.c =================================================================== --- linux-2.6.10-ck7.orig/arch/x86_64/kernel/nmi.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/arch/x86_64/kernel/nmi.c 2005-03-01 21:38:37.000000000 +1100 @@ -130,8 +130,12 @@ int __init check_nmi_watchdog (void) mdelay((10*1000)/nmi_hz); // wait 10 ticks for (cpu = 0; cpu < NR_CPUS; cpu++) { - if (!cpu_online(cpu)) +#ifdef CONFIG_SMP + /* Check cpu_callin_map here because that is set + after the timer is started. */ + if (!cpu_isset(cpu, cpu_callin_map)) continue; +#endif if (cpu_pda[cpu].__nmi_count - counts[cpu] <= 5) { printk("CPU#%d: NMI appears to be stuck (%d)!\n", cpu, Index: linux-2.6.10-ck7/arch/x86_64/kernel/smpboot.c =================================================================== --- linux-2.6.10-ck7.orig/arch/x86_64/kernel/smpboot.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/arch/x86_64/kernel/smpboot.c 2005-03-01 21:38:37.000000000 +1100 @@ -62,7 +62,7 @@ u8 phys_proc_id[NR_CPUS] = { [0 ... NR_C /* Bitmask of currently online CPUs */ cpumask_t cpu_online_map; -static cpumask_t cpu_callin_map; +cpumask_t cpu_callin_map; cpumask_t cpu_callout_map; static cpumask_t smp_commenced_mask; Index: linux-2.6.10-ck7/drivers/acpi/ibm_acpi.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/acpi/ibm_acpi.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/drivers/acpi/ibm_acpi.c 2005-03-01 21:38:37.000000000 +1100 @@ -1168,7 +1168,7 @@ static int set_ibm_param(const char *val #define IBM_PARAM(feature) \ module_param_call(feature, set_ibm_param, NULL, NULL, 0) -static void __exit acpi_ibm_exit(void) +static void acpi_ibm_exit(void) { int i; Index: linux-2.6.10-ck7/drivers/acpi/video.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/acpi/video.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/drivers/acpi/video.c 2005-03-01 21:38:37.000000000 +1100 @@ -1523,7 +1523,7 @@ static int acpi_video_device_enumerate(s dod->package.count)); active_device_list= kmalloc( - dod->package.count*sizeof(struct acpi_video_enumerated_device), + (1+dod->package.count)*sizeof(struct acpi_video_enumerated_device), GFP_KERNEL); if (!active_device_list) { Index: linux-2.6.10-ck7/drivers/atm/zatm.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/atm/zatm.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/drivers/atm/zatm.c 2005-03-01 21:38:37.000000000 +1100 @@ -1605,7 +1605,7 @@ static int __devinit zatm_init_one(struc goto out_disable; zatm_dev->pci_dev = pci_dev; - dev = (struct atm_dev *)zatm_dev; + dev->dev_data = zatm_dev; zatm_dev->copper = (int)ent->driver_data; if ((ret = zatm_init(dev)) || (ret = zatm_start(dev))) goto out_release; Index: linux-2.6.10-ck7/drivers/block/cciss_scsi.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/block/cciss_scsi.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/drivers/block/cciss_scsi.c 2005-03-01 21:38:37.000000000 +1100 @@ -691,14 +691,13 @@ static int cciss_scsi_detect(int ctlr) { struct Scsi_Host *sh; + int error; sh = scsi_host_alloc(&cciss_driver_template, sizeof(struct ctlr_info *)); if (sh == NULL) - return 0; - + goto fail; sh->io_port = 0; // good enough? FIXME, sh->n_io_port = 0; // I don't think we use these two... - sh->this_id = SELF_SCSI_ID; ((struct cciss_scsi_adapter_data_t *) @@ -706,10 +705,16 @@ cciss_scsi_detect(int ctlr) sh->hostdata[0] = (unsigned long) hba[ctlr]; sh->irq = hba[ctlr]->intr; sh->unique_id = sh->irq; - scsi_add_host(sh, &hba[ctlr]->pdev->dev); /* XXX handle failure */ + error = scsi_add_host(sh, &hba[ctlr]->pdev->dev); + if (error) + goto fail_host_put; scsi_scan_host(sh); - return 1; + + fail_host_put: + scsi_host_put(sh); + fail: + return 0; } static void __exit cleanup_cciss_module(void); Index: linux-2.6.10-ck7/drivers/block/cfq-iosched.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/block/cfq-iosched.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/drivers/block/cfq-iosched.c 2005-03-01 21:38:37.000000000 +1100 @@ -622,8 +622,10 @@ static void cfq_requeue_request(request_ cfq_sort_rr_list(cfqq, 0); } - crq->accounted = 0; - cfqq->cfqd->rq_in_driver--; + if (crq->accounted) { + crq->accounted = 0; + cfqq->cfqd->rq_in_driver--; + } } list_add(&rq->queuelist, &q->queue_head); } Index: linux-2.6.10-ck7/drivers/block/noop-iosched.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/block/noop-iosched.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/drivers/block/noop-iosched.c 2005-03-01 21:38:37.000000000 +1100 @@ -59,12 +59,10 @@ void elevator_noop_merge_requests(reques void elevator_noop_add_request(request_queue_t *q, struct request *rq, int where) { - struct list_head *insert = q->queue_head.prev; - if (where == ELEVATOR_INSERT_FRONT) - insert = &q->queue_head; - - list_add_tail(&rq->queuelist, &q->queue_head); + list_add(&rq->queuelist, &q->queue_head); + else + list_add_tail(&rq->queuelist, &q->queue_head); /* * new merges must not precede this barrier Index: linux-2.6.10-ck7/drivers/block/scsi_ioctl.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/block/scsi_ioctl.c 2004-12-25 10:14:47.000000000 +1100 +++ linux-2.6.10-ck7/drivers/block/scsi_ioctl.c 2005-03-01 21:38:37.000000000 +1100 @@ -199,7 +199,7 @@ static int verify_command(struct file *f return 0; } - if (!(type & CMD_WARNED)) { + if (!type) { cmd_type[cmd[0]] = CMD_WARNED; printk(KERN_WARNING "scsi: unknown opcode 0x%02x\n", cmd[0]); } @@ -339,7 +339,8 @@ static int sg_scsi_ioctl(struct file *fi struct gendisk *bd_disk, Scsi_Ioctl_Command __user *sic) { struct request *rq; - int err, in_len, out_len, bytes, opcode, cmdlen; + int err; + unsigned int in_len, out_len, bytes, opcode, cmdlen; char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE]; /* Index: linux-2.6.10-ck7/drivers/char/ipmi/ipmi_msghandler.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/char/ipmi/ipmi_msghandler.c 2004-10-19 08:57:05.000000000 +1000 +++ linux-2.6.10-ck7/drivers/char/ipmi/ipmi_msghandler.c 2005-03-01 21:38:37.000000000 +1100 @@ -2389,12 +2389,17 @@ static int handle_bmc_rsp(ipmi_smi_t if (!found) { /* Special handling for NULL users. */ - if (!recv_msg->user && intf->null_user_handler) + if (!recv_msg->user && intf->null_user_handler){ intf->null_user_handler(intf, msg); - /* The user for the message went away, so give up. */ - spin_lock_irqsave(&intf->counter_lock, flags); - intf->unhandled_local_responses++; - spin_unlock_irqrestore(&intf->counter_lock, flags); + spin_lock_irqsave(&intf->counter_lock, flags); + intf->handled_local_responses++; + spin_unlock_irqrestore(&intf->counter_lock, flags); + }else{ + /* The user for the message went away, so give up. */ + spin_lock_irqsave(&intf->counter_lock, flags); + intf->unhandled_local_responses++; + spin_unlock_irqrestore(&intf->counter_lock, flags); + } ipmi_free_recv_msg(recv_msg); } else { struct ipmi_system_interface_addr *smi_addr; Index: linux-2.6.10-ck7/drivers/char/ipmi/ipmi_si_intf.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/char/ipmi/ipmi_si_intf.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck7/drivers/char/ipmi/ipmi_si_intf.c 2005-03-01 21:38:37.000000000 +1100 @@ -1299,7 +1299,7 @@ static int try_init_mem(int intf_num, st memset(info, 0, sizeof(*info)); info->io_setup = mem_setup; - info->io.info = (void *) addrs[intf_num]; + info->io.info = &addrs[intf_num]; info->io.addr = NULL; info->io.regspacing = regspacings[intf_num]; if (!info->io.regspacing) @@ -1587,8 +1587,9 @@ static int decode_dmi(dmi_header_t *dm, case 0x01: /* 32-bit boundaries */ ipmi_data->offset = 4; break; - case 0x02: /* 16-bit boundaries */ - ipmi_data->offset = 2; + case 0x02: /* 16-byte boundaries */ + ipmi_data->offset = 16; + break; default: printk("ipmi_si: Unknown SMBIOS IPMI Base Addr" " Modifier: 0x%x\n", reg_spacing); Index: linux-2.6.10-ck7/drivers/char/moxa.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/char/moxa.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck7/drivers/char/moxa.c 2005-03-01 21:38:37.000000000 +1100 @@ -1666,7 +1666,7 @@ int MoxaDriverIoctl(unsigned int cmd, un if(copy_from_user(&dltmp, argp, sizeof(struct dl_str))) return -EFAULT; - if(dltmp.cardno < 0 || dltmp.cardno >= MAX_BOARDS) + if(dltmp.cardno < 0 || dltmp.cardno >= MAX_BOARDS || dltmp.len < 0) return -EINVAL; switch(cmd) @@ -2775,6 +2775,8 @@ static int moxaloadbios(int cardno, unsi void __iomem *baseAddr; int i; + if(len < 0 || len > sizeof(moxaBuff)) + return -EINVAL; if(copy_from_user(moxaBuff, tmp, len)) return -EFAULT; baseAddr = moxaBaseAddr[cardno]; @@ -2822,7 +2824,7 @@ static int moxaload320b(int cardno, unsi void __iomem *baseAddr; int i; - if(len > sizeof(moxaBuff)) + if(len < 0 || len > sizeof(moxaBuff)) return -EINVAL; if(copy_from_user(moxaBuff, tmp, len)) return -EFAULT; @@ -2842,6 +2844,8 @@ static int moxaloadcode(int cardno, unsi void __iomem *baseAddr, *ofsAddr; int retval, port, i; + if(len < 0 || len > sizeof(moxaBuff)) + return -EINVAL; if(copy_from_user(moxaBuff, tmp, len)) return -EFAULT; baseAddr = moxaBaseAddr[cardno]; Index: linux-2.6.10-ck7/drivers/char/n_tty.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/char/n_tty.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck7/drivers/char/n_tty.c 2005-03-01 21:38:37.000000000 +1100 @@ -1143,13 +1143,13 @@ static inline int copy_from_read_buf(str { int retval; - ssize_t n; + size_t n; unsigned long flags; retval = 0; spin_lock_irqsave(&tty->read_lock, flags); n = min(tty->read_cnt, N_TTY_BUF_SIZE - tty->read_tail); - n = min((ssize_t)*nr, n); + n = min(*nr, n); spin_unlock_irqrestore(&tty->read_lock, flags); if (n) { mb(); Index: linux-2.6.10-ck7/drivers/char/random.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/char/random.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck7/drivers/char/random.c 2005-03-01 21:38:37.000000000 +1100 @@ -1906,7 +1906,7 @@ static int poolsize_strategy(ctl_table * void __user *oldval, size_t __user *oldlenp, void __user *newval, size_t newlen, void **context) { - int len; + unsigned long len; sysctl_poolsize = random_state->poolinfo.POOLBYTES; @@ -1916,7 +1916,7 @@ static int poolsize_strategy(ctl_table * * write case happens twice; it's harmless). */ if (newval && newlen) { - len = newlen; + len = (unsigned long) newlen; if (len > table->maxlen) len = table->maxlen; if (copy_from_user(table->data, newval, len)) Index: linux-2.6.10-ck7/drivers/char/tty_io.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/char/tty_io.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck7/drivers/char/tty_io.c 2005-03-01 21:38:37.000000000 +1100 @@ -918,9 +918,11 @@ void disassociate_ctty(int on_exit) lock_kernel(); + down(&tty_sem); tty = current->signal->tty; if (tty) { tty_pgrp = tty->pgrp; + up(&tty_sem); if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) tty_vhangup(tty); } else { @@ -928,6 +930,7 @@ void disassociate_ctty(int on_exit) kill_pg(current->signal->tty_old_pgrp, SIGHUP, on_exit); kill_pg(current->signal->tty_old_pgrp, SIGCONT, on_exit); } + up(&tty_sem); unlock_kernel(); return; } @@ -937,15 +940,19 @@ void disassociate_ctty(int on_exit) kill_pg(tty_pgrp, SIGCONT, on_exit); } + /* Must lock changes to tty_old_pgrp */ + down(&tty_sem); current->signal->tty_old_pgrp = 0; tty->session = 0; tty->pgrp = -1; + /* Now clear signal->tty under the lock */ read_lock(&tasklist_lock); do_each_task_pid(current->signal->session, PIDTYPE_SID, p) { p->signal->tty = NULL; } while_each_task_pid(current->signal->session, PIDTYPE_SID, p); read_unlock(&tasklist_lock); + up(&tty_sem); unlock_kernel(); } @@ -1171,12 +1178,6 @@ static int init_dev(struct tty_driver *d struct termios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc; int retval=0; - /* - * Check whether we need to acquire the tty semaphore to avoid - * race conditions. For now, play it safe. - */ - down(&tty_sem); - /* check whether we're reopening an existing tty */ if (driver->flags & TTY_DRIVER_DEVPTS_MEM) { tty = devpts_get_tty(idx); @@ -1365,7 +1366,6 @@ success: /* All paths come through here to release the semaphore */ end_init: - up(&tty_sem); return retval; /* Release locally allocated memory ... nothing placed in slots */ @@ -1561,9 +1561,14 @@ static void release_dev(struct file * fi * each iteration we avoid any problems. */ while (1) { + /* Guard against races with tty->count changes elsewhere and + opens on /dev/tty */ + + down(&tty_sem); tty_closing = tty->count <= 1; o_tty_closing = o_tty && (o_tty->count <= (pty_master ? 1 : 0)); + up(&tty_sem); do_sleep = 0; if (tty_closing) { @@ -1599,6 +1604,8 @@ static void release_dev(struct file * fi * both sides, and we've completed the last operation that could * block, so it's safe to proceed with closing. */ + + down(&tty_sem); if (pty_master) { if (--o_tty->count < 0) { printk(KERN_WARNING "release_dev: bad pty slave count " @@ -1612,7 +1619,8 @@ static void release_dev(struct file * fi tty->count, tty_name(tty, buf)); tty->count = 0; } - + up(&tty_sem); + /* * We've decremented tty->count, so we need to remove this file * descriptor off the tty->tty_files list; this serves two @@ -1759,10 +1767,14 @@ retry_open: noctty = filp->f_flags & O_NOCTTY; index = -1; retval = 0; + + down(&tty_sem); if (device == MKDEV(TTYAUX_MAJOR,0)) { - if (!current->signal->tty) + if (!current->signal->tty) { + up(&tty_sem); return -ENXIO; + } driver = current->signal->tty->driver; index = current->signal->tty->index; filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ @@ -1787,14 +1799,18 @@ retry_open: noctty = 1; goto got_driver; } + up(&tty_sem); return -ENODEV; } driver = get_tty_driver(device, &index); - if (!driver) + if (!driver) { + up(&tty_sem); return -ENODEV; + } got_driver: retval = init_dev(driver, index, &tty); + up(&tty_sem); if (retval) return retval; @@ -1880,7 +1896,10 @@ static int ptmx_open(struct inode * inod } up(&allocated_ptys_lock); + down(&tty_sem); retval = init_dev(ptm_driver, index, &tty); + up(&tty_sem); + if (retval) goto out; Index: linux-2.6.10-ck7/drivers/cpufreq/cpufreq.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/cpufreq/cpufreq.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck7/drivers/cpufreq/cpufreq.c 2005-03-01 21:38:37.000000000 +1100 @@ -893,6 +893,16 @@ static int cpufreq_resume(struct sys_dev return 0; } + if (cpufreq_driver->resume) { + ret = cpufreq_driver->resume(cpu_policy); + if (ret) { + printk(KERN_ERR "cpufreq: resume failed in ->resume " + "step on CPU %u\n", cpu_policy->cpu); + cpufreq_cpu_put(cpu_policy); + return ret; + } + } + if (!(cpufreq_driver->flags & CPUFREQ_CONST_LOOPS)) { unsigned int cur_freq = 0; Index: linux-2.6.10-ck7/drivers/i2c/busses/i2c-ali1563.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/i2c/busses/i2c-ali1563.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck7/drivers/i2c/busses/i2c-ali1563.c 2005-03-01 21:38:37.000000000 +1100 @@ -306,7 +306,7 @@ static void ali1563_enable(struct pci_de pci_write_config_word(dev,ALI1563_SMBBA,ctrl); } -static int __init ali1563_setup(struct pci_dev * dev) +static int __devinit ali1563_setup(struct pci_dev * dev) { u16 ctrl; @@ -362,7 +362,7 @@ static struct i2c_adapter ali1563_adapte .algo = &ali1563_algorithm, }; -static int __init ali1563_probe(struct pci_dev * dev, +static int __devinit ali1563_probe(struct pci_dev * dev, const struct pci_device_id * id_table) { int error; @@ -378,7 +378,7 @@ static int __init ali1563_probe(struct p return error; } -static void __exit ali1563_remove(struct pci_dev * dev) +static void __devexit ali1563_remove(struct pci_dev * dev) { i2c_del_adapter(&ali1563_adapter); ali1563_shutdown(dev); @@ -400,7 +400,7 @@ static struct pci_driver ali1563_pci_dri .name = "ali1563_i2c", .id_table = ali1563_id_table, .probe = ali1563_probe, - .remove = ali1563_remove, + .remove = __devexit_p(ali1563_remove), }; static int __init ali1563_init(void) Index: linux-2.6.10-ck7/drivers/i2c/busses/i2c-sis5595.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/i2c/busses/i2c-sis5595.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck7/drivers/i2c/busses/i2c-sis5595.c 2005-03-01 21:38:37.000000000 +1100 @@ -181,9 +181,11 @@ static int sis5595_setup(struct pci_dev if (force_addr) { dev_info(&SIS5595_dev->dev, "forcing ISA address 0x%04X\n", sis5595_base); - if (!pci_write_config_word(SIS5595_dev, ACPI_BASE, sis5595_base)) + if (pci_write_config_word(SIS5595_dev, ACPI_BASE, sis5595_base) + != PCIBIOS_SUCCESSFUL) goto error; - if (!pci_read_config_word(SIS5595_dev, ACPI_BASE, &a)) + if (pci_read_config_word(SIS5595_dev, ACPI_BASE, &a) + != PCIBIOS_SUCCESSFUL) goto error; if ((a & ~(SIS5595_EXTENT - 1)) != sis5595_base) { /* doesn't work for some chips! */ @@ -192,13 +194,16 @@ static int sis5595_setup(struct pci_dev } } - if (!pci_read_config_byte(SIS5595_dev, SIS5595_ENABLE_REG, &val)) + if (pci_read_config_byte(SIS5595_dev, SIS5595_ENABLE_REG, &val) + != PCIBIOS_SUCCESSFUL) goto error; if ((val & 0x80) == 0) { dev_info(&SIS5595_dev->dev, "enabling ACPI\n"); - if (!pci_write_config_byte(SIS5595_dev, SIS5595_ENABLE_REG, val | 0x80)) + if (pci_write_config_byte(SIS5595_dev, SIS5595_ENABLE_REG, val | 0x80) + != PCIBIOS_SUCCESSFUL) goto error; - if (!pci_read_config_byte(SIS5595_dev, SIS5595_ENABLE_REG, &val)) + if (pci_read_config_byte(SIS5595_dev, SIS5595_ENABLE_REG, &val) + != PCIBIOS_SUCCESSFUL) goto error; if ((val & 0x80) == 0) { /* doesn't work for some chips? */ Index: linux-2.6.10-ck7/drivers/i2c/busses/i2c-viapro.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/i2c/busses/i2c-viapro.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck7/drivers/i2c/busses/i2c-viapro.c 2005-03-01 21:38:37.000000000 +1100 @@ -231,8 +231,8 @@ static s32 vt596_access(struct i2c_adapt len = data->block[0]; if (len < 0) len = 0; - if (len > 32) - len = 32; + if (len > I2C_SMBUS_BLOCK_MAX) + len = I2C_SMBUS_BLOCK_MAX; outb_p(len, SMBHSTDAT0); i = inb_p(SMBHSTCNT); /* Reset SMBBLKDAT */ for (i = 1; i <= len; i++) @@ -266,6 +266,8 @@ static s32 vt596_access(struct i2c_adapt break; case VT596_BLOCK_DATA: data->block[0] = inb_p(SMBHSTDAT0); + if (data->block[0] > I2C_SMBUS_BLOCK_MAX) + data->block[0] = I2C_SMBUS_BLOCK_MAX; i = inb_p(SMBHSTCNT); /* Reset SMBBLKDAT */ for (i = 1; i <= data->block[0]; i++) data->block[i] = inb_p(SMBBLKDAT); Index: linux-2.6.10-ck7/drivers/ide/ide-probe.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/ide/ide-probe.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck7/drivers/ide/ide-probe.c 2005-03-01 21:38:37.000000000 +1100 @@ -749,7 +749,7 @@ static void probe_hwif(ide_hwif_t *hwif) * * BenH. */ - if (wait_hwif_ready(hwif)) + if (wait_hwif_ready(hwif) == -EBUSY) printk(KERN_DEBUG "%s: Wait for ready failed before probe !\n", hwif->name); /* Index: linux-2.6.10-ck7/drivers/ide/pci/generic.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/ide/pci/generic.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck7/drivers/ide/pci/generic.c 2005-03-01 21:38:37.000000000 +1100 @@ -96,25 +96,27 @@ static int __devinit generic_init_one(st { ide_pci_device_t *d = &generic_chipsets[id->driver_data]; u16 command; + int ret = -ENODEV; if (dev->vendor == PCI_VENDOR_ID_UMC && dev->device == PCI_DEVICE_ID_UMC_UM8886A && (!(PCI_FUNC(dev->devfn) & 1))) - return 1; /* UM8886A/BF pair */ + goto out; /* UM8886A/BF pair */ if (dev->vendor == PCI_VENDOR_ID_OPTI && dev->device == PCI_DEVICE_ID_OPTI_82C558 && (!(PCI_FUNC(dev->devfn) & 1))) - return 1; + goto out; pci_read_config_word(dev, PCI_COMMAND, &command); - if(!(command & PCI_COMMAND_IO)) - { + if (!(command & PCI_COMMAND_IO)) { printk(KERN_INFO "Skipping disabled %s IDE controller.\n", d->name); - return 1; + goto out; } + ret = 0; ide_setup_pci_device(dev, d); - return 0; +out: + return ret; } static struct pci_device_id generic_pci_tbl[] = { Index: linux-2.6.10-ck7/drivers/ide/pci/it8172.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/ide/pci/it8172.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck7/drivers/ide/pci/it8172.c 2005-03-01 21:38:37.000000000 +1100 @@ -270,7 +270,7 @@ static int __devinit it8172_init_one(str { if ((!(PCI_FUNC(dev->devfn) & 1) || (!((dev->class >> 8) == PCI_CLASS_STORAGE_IDE)))) - return 1; /* IT8172 is more than only a IDE controller */ + return -ENODEV; /* IT8172 is more than an IDE controller */ ide_setup_pci_device(dev, &it8172_chipsets[id->driver_data]); return 0; } Index: linux-2.6.10-ck7/drivers/input/gameport/Makefile =================================================================== --- linux-2.6.10-ck7.orig/drivers/input/gameport/Makefile 2004-03-11 21:29:10.000000000 +1100 +++ linux-2.6.10-ck7/drivers/input/gameport/Makefile 2005-03-01 21:38:37.000000000 +1100 @@ -5,7 +5,7 @@ # Each configuration option enables a list of files. obj-$(CONFIG_GAMEPORT) += gameport.o -obj-$(CONFIG_GAMEPORT_CS461X) += cs461x.o +obj-$(CONFIG_GAMEPORT_CS461x) += cs461x.o obj-$(CONFIG_GAMEPORT_EMU10K1) += emu10k1-gp.o obj-$(CONFIG_GAMEPORT_FM801) += fm801-gp.o obj-$(CONFIG_GAMEPORT_L4) += lightning.o Index: linux-2.6.10-ck7/drivers/md/md.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/md/md.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck7/drivers/md/md.c 2005-03-01 21:38:37.000000000 +1100 @@ -332,29 +332,26 @@ static int bi_complete(struct bio *bio, static int sync_page_io(struct block_device *bdev, sector_t sector, int size, struct page *page, int rw) { - struct bio bio; - struct bio_vec vec; + struct bio *bio = bio_alloc(GFP_KERNEL, 1); struct completion event; + int ret; + + bio_get(bio); rw |= (1 << BIO_RW_SYNC); - bio_init(&bio); - bio.bi_io_vec = &vec; - vec.bv_page = page; - vec.bv_len = size; - vec.bv_offset = 0; - bio.bi_vcnt = 1; - bio.bi_idx = 0; - bio.bi_size = size; - bio.bi_bdev = bdev; - bio.bi_sector = sector; + bio->bi_bdev = bdev; + bio->bi_sector = sector; + bio_add_page(bio, page, size, 0); init_completion(&event); - bio.bi_private = &event; - bio.bi_end_io = bi_complete; - submit_bio(rw, &bio); + bio->bi_private = &event; + bio->bi_end_io = bi_complete; + submit_bio(rw, bio); wait_for_completion(&event); - return test_bit(BIO_UPTODATE, &bio.bi_flags); + ret = test_bit(BIO_UPTODATE, &bio->bi_flags); + bio_put(bio); + return ret; } static int read_disk_sb(mdk_rdev_t * rdev) Index: linux-2.6.10-ck7/drivers/mtd/inftlmount.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/mtd/inftlmount.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck7/drivers/mtd/inftlmount.c 2005-03-01 21:38:37.000000000 +1100 @@ -8,7 +8,7 @@ * Author: Fabrice Bellard (fabrice.bellard@netgem.com) * Copyright (C) 2000 Netgem S.A. * - * $Id: inftlmount.c,v 1.15 2004/11/05 21:55:55 kalev Exp $ + * $Id: inftlmount.c,v 1.16 2004/11/22 13:50:53 kalev Exp $ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -41,7 +41,7 @@ #include #include -char inftlmountrev[]="$Revision: 1.15 $"; +char inftlmountrev[]="$Revision: 1.16 $"; /* * find_boot_record: Find the INFTL Media Header and its Spare copy which @@ -389,8 +389,6 @@ int INFTL_formatblock(struct INFTLrecord struct erase_info *instr = &inftl->instr; int physblock; - instr->mtd = inftl->mbd.mtd; - DEBUG(MTD_DEBUG_LEVEL3, "INFTL: INFTL_formatblock(inftl=%p," "block=%d)\n", inftl, block); @@ -400,6 +398,7 @@ int INFTL_formatblock(struct INFTLrecord _first_? */ /* Use async erase interface, test return code */ + instr->mtd = inftl->mbd.mtd; instr->addr = block * inftl->EraseSize; instr->len = inftl->mbd.mtd->erasesize; /* Erase one physical eraseblock at a time, even though the NAND api Index: linux-2.6.10-ck7/drivers/mtd/nand/s3c2410.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/mtd/nand/s3c2410.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck7/drivers/mtd/nand/s3c2410.c 2005-03-01 21:38:37.000000000 +1100 @@ -11,7 +11,7 @@ * 28-Sep-2004 BJD Fixed ECC placement for Hardware mode * 12-Oct-2004 BJD Fixed errors in use of platform data * - * $Id: s3c2410.c,v 1.5 2004/10/12 10:10:15 bjd Exp $ + * $Id: s3c2410.c,v 1.6 2004/11/24 12:25:48 bjd Exp $ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -167,7 +167,7 @@ static int s3c2410_nand_inithw(struct s3 if (plat != NULL) { tacls = s3c2410_nand_calc_rate(plat->tacls, clkrate, 8); twrph0 = s3c2410_nand_calc_rate(plat->twrph0, clkrate, 8); - twrph1 = s3c2410_nand_calc_rate(plat->twrph0, clkrate, 8); + twrph1 = s3c2410_nand_calc_rate(plat->twrph1, clkrate, 8); } else { /* default timings */ tacls = 8; Index: linux-2.6.10-ck7/drivers/mtd/nftlmount.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/mtd/nftlmount.c 2004-12-25 10:14:48.000000000 +1100 +++ linux-2.6.10-ck7/drivers/mtd/nftlmount.c 2005-03-01 21:38:37.000000000 +1100 @@ -4,7 +4,7 @@ * Author: Fabrice Bellard (fabrice.bellard@netgem.com) * Copyright (C) 2000 Netgem S.A. * - * $Id: nftlmount.c,v 1.39 2004/11/05 22:51:41 kalev Exp $ + * $Id: nftlmount.c,v 1.40 2004/11/22 14:38:29 kalev Exp $ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,7 +31,7 @@ #define SECTORSIZE 512 -char nftlmountrev[]="$Revision: 1.39 $"; +char nftlmountrev[]="$Revision: 1.40 $"; /* find_boot_record: Find the NFTL Media Header and its Spare copy which contains the * various device information of the NFTL partition and Bad Unit Table. Update @@ -302,8 +302,6 @@ int NFTL_formatblock(struct NFTLrecord * struct nftl_uci1 uci; struct erase_info *instr = &nftl->instr; - instr->mtd = nftl->mbd.mtd; - /* Read the Unit Control Information #1 for Wear-Leveling */ if (MTD_READOOB(nftl->mbd.mtd, block * nftl->EraseSize + SECTORSIZE + 8, 8, &retlen, (char *)&uci) < 0) @@ -320,6 +318,7 @@ int NFTL_formatblock(struct NFTLrecord * memset(instr, 0, sizeof(struct erase_info)); /* XXX: use async erase interface, XXX: test return code */ + instr->mtd = nftl->mbd.mtd; instr->addr = block * nftl->EraseSize; instr->len = nftl->EraseSize; MTD_ERASE(nftl->mbd.mtd, instr); Index: linux-2.6.10-ck7/drivers/net/e1000/e1000_hw.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/net/e1000/e1000_hw.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/net/e1000/e1000_hw.c 2005-03-01 21:38:37.000000000 +1100 @@ -3478,7 +3478,7 @@ e1000_read_eeprom(struct e1000_hw *hw, /* A check for invalid values: offset too large, too many words, and not * enough words. */ - if((offset > eeprom->word_size) || (words > eeprom->word_size - offset) || + if((offset >= eeprom->word_size) || (words > eeprom->word_size - offset) || (words == 0)) { DEBUGOUT("\"words\" parameter out of bounds\n"); return -E1000_ERR_EEPROM; @@ -3626,7 +3626,7 @@ e1000_write_eeprom(struct e1000_hw *hw, /* A check for invalid values: offset too large, too many words, and not * enough words. */ - if((offset > eeprom->word_size) || (words > eeprom->word_size - offset) || + if((offset >= eeprom->word_size) || (words > eeprom->word_size - offset) || (words == 0)) { DEBUGOUT("\"words\" parameter out of bounds\n"); return -E1000_ERR_EEPROM; Index: linux-2.6.10-ck7/drivers/net/r8169.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/net/r8169.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/net/r8169.c 2005-03-01 21:38:37.000000000 +1100 @@ -1389,12 +1389,12 @@ static int rtl8169_alloc_rx_skb(struct p dma_addr_t mapping; int ret = 0; - skb = dev_alloc_skb(RX_BUF_SIZE); + skb = dev_alloc_skb(RX_BUF_SIZE + NET_IP_ALIGN); if (!skb) goto err_out; skb->dev = dev; - skb_reserve(skb, 2); + skb_reserve(skb, NET_IP_ALIGN); *sk_buff = skb; mapping = pci_map_single(pdev, skb->tail, RX_BUF_SIZE, @@ -1638,10 +1638,10 @@ static inline int rtl8169_try_rx_copy(st if (pkt_size < rx_copybreak) { struct sk_buff *skb; - skb = dev_alloc_skb(pkt_size + 2); + skb = dev_alloc_skb(pkt_size + NET_IP_ALIGN); if (skb) { skb->dev = dev; - skb_reserve(skb, 2); + skb_reserve(skb, NET_IP_ALIGN); eth_copy_and_sum(skb, sk_buff[0]->tail, pkt_size, 0); *sk_buff = skb; rtl8169_return_to_asic(desc); Index: linux-2.6.10-ck7/drivers/net/tulip/de2104x.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/net/tulip/de2104x.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/net/tulip/de2104x.c 2005-03-01 21:38:37.000000000 +1100 @@ -1958,8 +1958,6 @@ static int __devinit de_init_one (struct dev->tx_timeout = de_tx_timeout; dev->watchdog_timeo = TX_TIMEOUT; - dev->irq = pdev->irq; - de = dev->priv; de->de21040 = ent->driver_data == 0 ? 1 : 0; de->pdev = pdev; @@ -1995,6 +1993,8 @@ static int __devinit de_init_one (struct goto err_out_res; } + dev->irq = pdev->irq; + /* obtain and check validity of PCI I/O address */ pciaddr = pci_resource_start(pdev, 1); if (!pciaddr) { Index: linux-2.6.10-ck7/drivers/net/wan/cosa.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/net/wan/cosa.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/net/wan/cosa.c 2005-03-01 21:38:37.000000000 +1100 @@ -642,11 +642,11 @@ static void sppp_channel_init(struct cha return; } chan->pppdev.dev = d; - sppp_attach(&chan->pppdev); d->base_addr = chan->cosa->datareg; d->irq = chan->cosa->irq; d->dma = chan->cosa->dma; d->priv = chan; + sppp_attach(&chan->pppdev); if (register_netdev(d)) { printk(KERN_WARNING "%s: register_netdev failed.\n", d->name); sppp_detach(d); Index: linux-2.6.10-ck7/drivers/net/wan/sdla.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/net/wan/sdla.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/net/wan/sdla.c 2005-03-01 21:38:37.000000000 +1100 @@ -1306,6 +1306,8 @@ NOTE: This is rather a useless action r case SDLA_WRITEMEM: case SDLA_READMEM: + if(!capable(CAP_SYS_RAWIO)) + return -EPERM; return(sdla_xfer(dev, ifr->ifr_data, cmd == SDLA_READMEM)); case SDLA_START: Index: linux-2.6.10-ck7/drivers/parport/parport_pc.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/parport/parport_pc.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/parport/parport_pc.c 2005-03-01 21:38:37.000000000 +1100 @@ -3176,7 +3176,6 @@ static int __init parport_init_mode_setu #ifdef MODULE static const char *irq[PARPORT_PC_MAX_PORTS]; static const char *dma[PARPORT_PC_MAX_PORTS]; -static char *init_mode; MODULE_PARM_DESC(io, "Base I/O address (SPP regs)"); module_param_array(io, int, NULL, 0); @@ -3192,8 +3191,9 @@ MODULE_PARM_DESC(verbose_probing, "Log c module_param(verbose_probing, int, 0644); #endif #ifdef CONFIG_PCI +static char *init_mode; MODULE_PARM_DESC(init_mode, "Initialise mode for VIA VT8231 port (spp, ps2, epp, ecp or ecpepp)"); -MODULE_PARM(init_mode, "s"); +module_param(init_mode, charp, 0); #endif static int __init parse_parport_params(void) Index: linux-2.6.10-ck7/drivers/pci/hotplug/acpiphp_ibm.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/pci/hotplug/acpiphp_ibm.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/pci/hotplug/acpiphp_ibm.c 2005-03-01 21:38:37.000000000 +1100 @@ -47,7 +47,7 @@ MODULE_AUTHOR(DRIVER_AUTHOR); MODULE_DESCRIPTION(DRIVER_DESC); MODULE_LICENSE("GPL"); MODULE_VERSION(DRIVER_VERSION); -module_param(debug, bool, 644); +module_param(debug, bool, 0644); MODULE_PARM_DESC(debug, " Debugging mode enabled or not"); #define MY_NAME "acpiphp_ibm" Index: linux-2.6.10-ck7/drivers/s390/block/dasd_genhd.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/s390/block/dasd_genhd.c 2004-08-15 14:08:08.000000000 +1000 +++ linux-2.6.10-ck7/drivers/s390/block/dasd_genhd.c 2005-03-01 21:38:37.000000000 +1100 @@ -149,8 +149,8 @@ dasd_destroy_partitions(struct dasd_devi * Can't call delete_partitions directly. Use ioctl. * The ioctl also does locking and invalidation. */ - memset(&bpart, sizeof(struct blkpg_partition), 0); - memset(&barg, sizeof(struct blkpg_ioctl_arg), 0); + memset(&bpart, 0, sizeof(struct blkpg_partition)); + memset(&barg, 0, sizeof(struct blkpg_ioctl_arg)); barg.data = &bpart; barg.op = BLKPG_DEL_PARTITION; for (bpart.pno = device->gdp->minors - 1; bpart.pno > 0; bpart.pno--) Index: linux-2.6.10-ck7/drivers/s390/cio/cmf.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/s390/cio/cmf.c 2004-10-19 08:57:06.000000000 +1000 +++ linux-2.6.10-ck7/drivers/s390/cio/cmf.c 2005-03-01 21:38:38.000000000 +1100 @@ -526,7 +526,7 @@ readall_cmb (struct ccw_device *cdev, st time = get_clock() - cdev->private->cmb_start_time; spin_unlock_irqrestore(cdev->ccwlock, flags); - memset(data, sizeof(struct cmbdata), 0); + memset(data, 0, sizeof(struct cmbdata)); /* we only know values before device_busy_time */ data->size = offsetof(struct cmbdata, device_busy_time); @@ -736,7 +736,7 @@ readall_cmbe (struct ccw_device *cdev, s time = get_clock() - cdev->private->cmb_start_time; spin_unlock_irqrestore(cdev->ccwlock, flags); - memset (data, sizeof(struct cmbdata), 0); + memset (data, 0, sizeof(struct cmbdata)); /* we only know values before device_busy_time */ data->size = offsetof(struct cmbdata, device_busy_time); Index: linux-2.6.10-ck7/drivers/s390/cio/css.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/s390/cio/css.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/s390/cio/css.c 2005-03-01 21:38:38.000000000 +1100 @@ -527,7 +527,7 @@ css_enqueue_subchannel_slow(unsigned lon new_slow_sch = kmalloc(sizeof(struct slow_subchannel), GFP_ATOMIC); if (!new_slow_sch) return -ENOMEM; - memset(new_slow_sch, sizeof(struct slow_subchannel), 0); + memset(new_slow_sch, 0, sizeof(struct slow_subchannel)); new_slow_sch->schid = schid; spin_lock_irqsave(&slow_subchannel_lock, flags); list_add_tail(&new_slow_sch->slow_list, &slow_subchannels_head); Index: linux-2.6.10-ck7/drivers/scsi/advansys.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/scsi/advansys.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/scsi/advansys.c 2005-03-01 21:38:38.000000000 +1100 @@ -4322,12 +4322,12 @@ advansys_detect(struct scsi_host_templat int ioport = 0; int share_irq = FALSE; int iolen = 0; + struct device *dev = NULL; #ifdef CONFIG_PCI int pci_init_search = 0; struct pci_dev *pci_devicep[ASC_NUM_BOARD_SUPPORTED]; int pci_card_cnt_max = 0; int pci_card_cnt = 0; - struct device *dev = NULL; struct pci_dev *pci_devp = NULL; int pci_device_id_cnt = 0; unsigned int pci_device_id[ASC_PCI_DEVICE_ID_CNT] = { @@ -8944,7 +8944,7 @@ DvcAdvWritePCIConfigByte( #ifdef CONFIG_PCI pci_write_config_byte(to_pci_dev(asc_dvc->cfg->dev), offset, byte_data); #else /* CONFIG_PCI */ - return 0; + return; #endif /* CONFIG_PCI */ } @@ -12014,13 +12014,13 @@ AscInitFromAscDvcVar( PortAddr iop_base; ushort cfg_msw; ushort warn_code; - ushort pci_device_id; + ushort pci_device_id = 0; iop_base = asc_dvc->iop_base; +#ifdef CONFIG_PCI if (asc_dvc->cfg->dev) pci_device_id = to_pci_dev(asc_dvc->cfg->dev)->device; - else - pci_device_id = 0; +#endif warn_code = 0; cfg_msw = AscGetChipCfgMsw(iop_base); if ((cfg_msw & ASC_CFG_MSW_CLR_MASK) != 0) { Index: linux-2.6.10-ck7/drivers/scsi/ahci.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/scsi/ahci.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/scsi/ahci.c 2005-03-01 21:38:38.000000000 +1100 @@ -939,6 +939,7 @@ static int ahci_init_one (struct pci_dev unsigned long base; void *mmio_base; unsigned int board_idx = (unsigned int) ent->driver_data; + int pci_dev_busy = 0; int rc; VPRINTK("ENTER\n"); @@ -951,8 +952,10 @@ static int ahci_init_one (struct pci_dev return rc; rc = pci_request_regions(pdev, DRV_NAME); - if (rc) + if (rc) { + pci_dev_busy = 1; goto err_out; + } pci_enable_intx(pdev); @@ -1014,7 +1017,8 @@ err_out_free_ent: err_out_regions: pci_release_regions(pdev); err_out: - pci_disable_device(pdev); + if (!pci_dev_busy) + pci_disable_device(pdev); return rc; } Index: linux-2.6.10-ck7/drivers/scsi/gdth.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/scsi/gdth.c 2004-10-19 08:57:06.000000000 +1000 +++ linux-2.6.10-ck7/drivers/scsi/gdth.c 2005-03-01 21:38:38.000000000 +1100 @@ -2708,7 +2708,6 @@ static void gdth_copy_internal_data(int ushort cpsum,cpnow; struct scatterlist *sl; gdth_ha_str *ha; - int sgcnt; char *address; cpcount = count<=(ushort)scp->bufflen ? count:(ushort)scp->bufflen; @@ -2717,9 +2716,9 @@ static void gdth_copy_internal_data(int if (scp->use_sg) { sl = (struct scatterlist *)scp->request_buffer; #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,13) - sgcnt = pci_map_sg(ha->pdev,sl,scp->use_sg,PCI_DMA_FROMDEVICE); - for (i=0,cpsum=0; iuse_sg; ++i,++sl) { + unsigned long flags; + cpnow = (ushort)sl->length; TRACE(("copy_internal() now %d sum %d count %d %d\n", cpnow,cpsum,cpcount,(ushort)scp->bufflen)); if (cpsum+cpnow > cpcount) @@ -2730,17 +2729,18 @@ static void gdth_copy_internal_data(int hanum); return; } - address = (char *)(page_address(sl->page) + sl->offset); + local_irq_save(flags); + address = kmap_atomic(sl->page, KM_BIO_SRC_IRQ) + sl->offset; memcpy(address,buffer,cpnow); + flush_dcache_page(sl->page); + kunmap_atomic(address, KM_BIO_SRC_IRQ); + local_irq_restore(flags); if (cpsum == cpcount) break; buffer += cpnow; } - pci_unmap_sg(ha->pdev,scp->request_buffer, - scp->use_sg,PCI_DMA_FROMDEVICE); #else - sgcnt = scp->use_sg; - for (i=0,cpsum=0; iuse_sg; ++i,++sl) { cpnow = (ushort)sl->length; TRACE(("copy_internal() now %d sum %d count %d %d\n", cpnow,cpsum,cpcount,(ushort)scp->bufflen)); Index: linux-2.6.10-ck7/drivers/scsi/ibmvscsi/ibmvscsi.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/scsi/ibmvscsi/ibmvscsi.c 2004-10-19 08:57:06.000000000 +1000 +++ linux-2.6.10-ck7/drivers/scsi/ibmvscsi/ibmvscsi.c 2005-03-01 21:38:38.000000000 +1100 @@ -466,7 +466,7 @@ static int map_data_for_srp_cmd(struct s static int ibmvscsi_send_srp_event(struct srp_event_struct *evt_struct, struct ibmvscsi_host_data *hostdata) { - struct scsi_cmnd *cmnd = evt_struct->cmnd; + struct scsi_cmnd *cmnd; u64 *crq_as_u64 = (u64 *) &evt_struct->crq; int rc; @@ -478,22 +478,15 @@ static int ibmvscsi_send_srp_event(struc if ((evt_struct->crq.format == VIOSRP_SRP_FORMAT) && (atomic_dec_if_positive(&hostdata->request_limit) < 0)) { /* See if the adapter is disabled */ - if (atomic_read(&hostdata->request_limit) < 0) { - if (cmnd) - cmnd->result = DID_ERROR << 16; - if (evt_struct->cmnd_done) - evt_struct->cmnd_done(cmnd); - unmap_cmd_data(&evt_struct->iu.srp.cmd, - hostdata->dev); - free_event_struct(&hostdata->pool, evt_struct); - return 0; - } else { - printk("ibmvscsi: Warning, request_limit exceeded\n"); - unmap_cmd_data(&evt_struct->iu.srp.cmd, - hostdata->dev); - free_event_struct(&hostdata->pool, evt_struct); - return SCSI_MLQUEUE_HOST_BUSY; - } + if (atomic_read(&hostdata->request_limit) < 0) + goto send_error; + + printk(KERN_WARNING + "ibmvscsi: Warning, request_limit exceeded\n"); + unmap_cmd_data(&evt_struct->iu.srp.cmd, + hostdata->dev); + free_event_struct(&hostdata->pool, evt_struct); + return SCSI_MLQUEUE_HOST_BUSY; } /* Copy the IU into the transfer area */ @@ -510,18 +503,24 @@ static int ibmvscsi_send_srp_event(struc ibmvscsi_send_crq(hostdata, crq_as_u64[0], crq_as_u64[1])) != 0) { list_del(&evt_struct->list); - cmnd = evt_struct->cmnd; printk(KERN_ERR "ibmvscsi: failed to send event struct rc %d\n", rc); - unmap_cmd_data(&evt_struct->iu.srp.cmd, hostdata->dev); - free_event_struct(&hostdata->pool, evt_struct); - if (cmnd) - cmnd->result = DID_ERROR << 16; - if (evt_struct->cmnd_done) - evt_struct->cmnd_done(cmnd); + goto send_error; } return 0; + + send_error: + unmap_cmd_data(&evt_struct->iu.srp.cmd, hostdata->dev); + + if ((cmnd = evt_struct->cmnd) != NULL) { + cmnd->result = DID_ERROR << 16; + evt_struct->cmnd_done(cmnd); + } else if (evt_struct->done) + evt_struct->done(evt_struct); + + free_event_struct(&hostdata->pool, evt_struct); + return 0; } /** @@ -1325,7 +1324,7 @@ static int ibmvscsi_probe(struct vio_dev */ for (wait_switch = jiffies + (init_timeout * HZ); time_before(jiffies, wait_switch) && - atomic_read(&hostdata->request_limit) < 0;) { + atomic_read(&hostdata->request_limit) < 2;) { set_current_state(TASK_UNINTERRUPTIBLE); schedule_timeout(HZ / 100); Index: linux-2.6.10-ck7/drivers/scsi/libata-core.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/scsi/libata-core.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/scsi/libata-core.c 2005-03-01 21:38:38.000000000 +1100 @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -2369,6 +2370,9 @@ static void ata_pio_task(void *_data) unsigned long timeout = 0; switch (ap->pio_task_state) { + case PIO_ST_IDLE: + return; + case PIO_ST: ata_pio_block(ap); break; @@ -2385,18 +2389,14 @@ static void ata_pio_task(void *_data) case PIO_ST_TMOUT: case PIO_ST_ERR: ata_pio_error(ap); - break; + return; } - if ((ap->pio_task_state != PIO_ST_IDLE) && - (ap->pio_task_state != PIO_ST_TMOUT) && - (ap->pio_task_state != PIO_ST_ERR)) { - if (timeout) - queue_delayed_work(ata_wq, &ap->pio_task, - timeout); - else - queue_work(ata_wq, &ap->pio_task); - } + if (timeout) + queue_delayed_work(ata_wq, &ap->pio_task, + timeout); + else + queue_work(ata_wq, &ap->pio_task); } static void atapi_request_sense(struct ata_port *ap, struct ata_device *dev, @@ -3559,6 +3559,7 @@ int ata_pci_init_one (struct pci_dev *pd struct ata_port_info *port[2]; u8 tmp8, mask; unsigned int legacy_mode = 0; + int disable_dev_on_err = 1; int rc; DPRINTK("ENTER\n"); @@ -3588,8 +3589,10 @@ int ata_pci_init_one (struct pci_dev *pd return rc; rc = pci_request_regions(pdev, DRV_NAME); - if (rc) + if (rc) { + disable_dev_on_err = 0; goto err_out; + } if (legacy_mode) { if (!request_region(0x1f0, 8, "libata")) { @@ -3599,8 +3602,10 @@ int ata_pci_init_one (struct pci_dev *pd conflict = ____request_resource(&ioport_resource, &res); if (!strcmp(conflict->name, "libata")) legacy_mode |= (1 << 0); - else + else { + disable_dev_on_err = 0; printk(KERN_WARNING "ata: 0x1f0 IDE port busy\n"); + } } else legacy_mode |= (1 << 0); @@ -3611,8 +3616,10 @@ int ata_pci_init_one (struct pci_dev *pd conflict = ____request_resource(&ioport_resource, &res); if (!strcmp(conflict->name, "libata")) legacy_mode |= (1 << 1); - else + else { + disable_dev_on_err = 0; printk(KERN_WARNING "ata: 0x170 IDE port busy\n"); + } } else legacy_mode |= (1 << 1); } @@ -3663,7 +3670,8 @@ err_out_regions: release_region(0x170, 8); pci_release_regions(pdev); err_out: - pci_disable_device(pdev); + if (disable_dev_on_err) + pci_disable_device(pdev); return rc; } Index: linux-2.6.10-ck7/drivers/scsi/sata_nv.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/scsi/sata_nv.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/scsi/sata_nv.c 2005-03-01 21:38:38.000000000 +1100 @@ -321,6 +321,7 @@ static int nv_init_one (struct pci_dev * struct nv_host *host; struct ata_port_info *ppi; struct ata_probe_ent *probe_ent; + int pci_dev_busy = 0; int rc; if (!printed_version++) @@ -331,8 +332,10 @@ static int nv_init_one (struct pci_dev * goto err_out; rc = pci_request_regions(pdev, DRV_NAME); - if (rc) + if (rc) { + pci_dev_busy = 1; goto err_out_disable; + } rc = pci_set_dma_mask(pdev, ATA_DMA_MASK); if (rc) @@ -404,7 +407,8 @@ err_out_free_ent: err_out_regions: pci_release_regions(pdev); err_out_disable: - pci_disable_device(pdev); + if (!pci_dev_busy) + pci_disable_device(pdev); err_out: return rc; } Index: linux-2.6.10-ck7/drivers/scsi/sata_promise.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/scsi/sata_promise.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/scsi/sata_promise.c 2005-03-01 21:38:38.000000000 +1100 @@ -546,6 +546,7 @@ static int pdc_ata_init_one (struct pci_ unsigned long base; void *mmio_base; unsigned int board_idx = (unsigned int) ent->driver_data; + int pci_dev_busy = 0; int rc; if (!printed_version++) @@ -560,8 +561,10 @@ static int pdc_ata_init_one (struct pci_ return rc; rc = pci_request_regions(pdev, DRV_NAME); - if (rc) + if (rc) { + pci_dev_busy = 1; goto err_out; + } rc = pci_set_dma_mask(pdev, ATA_DMA_MASK); if (rc) @@ -640,7 +643,8 @@ err_out_free_ent: err_out_regions: pci_release_regions(pdev); err_out: - pci_disable_device(pdev); + if (!pci_dev_busy) + pci_disable_device(pdev); return rc; } Index: linux-2.6.10-ck7/drivers/scsi/sata_sil.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/scsi/sata_sil.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/scsi/sata_sil.c 2005-03-01 21:38:38.000000000 +1100 @@ -332,6 +332,7 @@ static int sil_init_one (struct pci_dev void *mmio_base; int rc; unsigned int i; + int pci_dev_busy = 0; u32 tmp, irq_mask; if (!printed_version++) @@ -346,8 +347,10 @@ static int sil_init_one (struct pci_dev return rc; rc = pci_request_regions(pdev, DRV_NAME); - if (rc) + if (rc) { + pci_dev_busy = 1; goto err_out; + } rc = pci_set_dma_mask(pdev, ATA_DMA_MASK); if (rc) @@ -434,7 +437,8 @@ err_out_free_ent: err_out_regions: pci_release_regions(pdev); err_out: - pci_disable_device(pdev); + if (!pci_dev_busy) + pci_disable_device(pdev); return rc; } Index: linux-2.6.10-ck7/drivers/scsi/sata_sis.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/scsi/sata_sis.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/scsi/sata_sis.c 2005-03-01 21:38:38.000000000 +1100 @@ -200,14 +200,17 @@ static int sis_init_one (struct pci_dev int rc; u32 genctl; struct ata_port_info *ppi; + int pci_dev_busy = 0; rc = pci_enable_device(pdev); if (rc) return rc; rc = pci_request_regions(pdev, DRV_NAME); - if (rc) + if (rc) { + pci_dev_busy = 1; goto err_out; + } rc = pci_set_dma_mask(pdev, ATA_DMA_MASK); if (rc) @@ -259,7 +262,8 @@ err_out_regions: pci_release_regions(pdev); err_out: - pci_disable_device(pdev); + if (!pci_dev_busy) + pci_disable_device(pdev); return rc; } Index: linux-2.6.10-ck7/drivers/scsi/sata_svw.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/scsi/sata_svw.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/scsi/sata_svw.c 2005-03-01 21:38:38.000000000 +1100 @@ -338,6 +338,7 @@ static int k2_sata_init_one (struct pci_ struct ata_probe_ent *probe_ent = NULL; unsigned long base; void *mmio_base; + int pci_dev_busy = 0; int rc; if (!printed_version++) @@ -359,8 +360,10 @@ static int k2_sata_init_one (struct pci_ /* Request PCI regions */ rc = pci_request_regions(pdev, DRV_NAME); - if (rc) + if (rc) { + pci_dev_busy = 1; goto err_out; + } rc = pci_set_dma_mask(pdev, ATA_DMA_MASK); if (rc) @@ -433,7 +436,8 @@ err_out_free_ent: err_out_regions: pci_release_regions(pdev); err_out: - pci_disable_device(pdev); + if (!pci_dev_busy) + pci_disable_device(pdev); return rc; } Index: linux-2.6.10-ck7/drivers/scsi/sata_sx4.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/scsi/sata_sx4.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/scsi/sata_sx4.c 2005-03-01 21:38:38.000000000 +1100 @@ -1366,6 +1366,7 @@ static int pdc_sata_init_one (struct pci void *mmio_base, *dimm_mmio = NULL; struct pdc_host_priv *hpriv = NULL; unsigned int board_idx = (unsigned int) ent->driver_data; + int pci_dev_busy = 0; int rc; if (!printed_version++) @@ -1380,8 +1381,10 @@ static int pdc_sata_init_one (struct pci return rc; rc = pci_request_regions(pdev, DRV_NAME); - if (rc) + if (rc) { + pci_dev_busy = 1; goto err_out; + } rc = pci_set_dma_mask(pdev, ATA_DMA_MASK); if (rc) @@ -1471,7 +1474,8 @@ err_out_free_ent: err_out_regions: pci_release_regions(pdev); err_out: - pci_disable_device(pdev); + if (!pci_dev_busy) + pci_disable_device(pdev); return rc; } Index: linux-2.6.10-ck7/drivers/scsi/sata_uli.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/scsi/sata_uli.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/scsi/sata_uli.c 2005-03-01 21:38:38.000000000 +1100 @@ -200,14 +200,17 @@ static int uli_init_one (struct pci_dev struct ata_port_info *ppi; int rc; unsigned int board_idx = (unsigned int) ent->driver_data; + int pci_dev_busy = 0; rc = pci_enable_device(pdev); if (rc) return rc; rc = pci_request_regions(pdev, DRV_NAME); - if (rc) + if (rc) { + pci_dev_busy = 1; goto err_out; + } rc = pci_set_dma_mask(pdev, ATA_DMA_MASK); if (rc) @@ -265,7 +268,8 @@ err_out_regions: pci_release_regions(pdev); err_out: - pci_disable_device(pdev); + if (!pci_dev_busy) + pci_disable_device(pdev); return rc; } Index: linux-2.6.10-ck7/drivers/scsi/sata_via.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/scsi/sata_via.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/scsi/sata_via.c 2005-03-01 21:38:38.000000000 +1100 @@ -170,6 +170,7 @@ static int svia_init_one (struct pci_dev int rc; struct ata_port_info *ppi; struct ata_probe_ent *probe_ent; + int pci_dev_busy = 0; u8 tmp8; if (!printed_version++) @@ -180,8 +181,10 @@ static int svia_init_one (struct pci_dev return rc; rc = pci_request_regions(pdev, DRV_NAME); - if (rc) + if (rc) { + pci_dev_busy = 1; goto err_out; + } pci_read_config_byte(pdev, SATA_PATA_SHARING, &tmp8); if (tmp8 & SATA_2DEV) { @@ -266,7 +269,8 @@ static int svia_init_one (struct pci_dev err_out_regions: pci_release_regions(pdev); err_out: - pci_disable_device(pdev); + if (!pci_dev_busy) + pci_disable_device(pdev); return rc; } Index: linux-2.6.10-ck7/drivers/scsi/sata_vsc.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/scsi/sata_vsc.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/scsi/sata_vsc.c 2005-03-01 21:38:38.000000000 +1100 @@ -255,6 +255,7 @@ static int __devinit vsc_sata_init_one ( static int printed_version; struct ata_probe_ent *probe_ent = NULL; unsigned long base; + int pci_dev_busy = 0; void *mmio_base; int rc; @@ -274,8 +275,10 @@ static int __devinit vsc_sata_init_one ( } rc = pci_request_regions(pdev, DRV_NAME); - if (rc) + if (rc) { + pci_dev_busy = 1; goto err_out; + } /* * Use 32 bit DMA mask, because 64 bit address support is poor. @@ -352,7 +355,8 @@ err_out_free_ent: err_out_regions: pci_release_regions(pdev); err_out: - pci_disable_device(pdev); + if (!pci_dev_busy) + pci_disable_device(pdev); return rc; } Index: linux-2.6.10-ck7/drivers/scsi/scsi_lib.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/scsi/scsi_lib.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/scsi/scsi_lib.c 2005-03-01 21:38:38.000000000 +1100 @@ -1668,6 +1668,7 @@ scsi_device_set_state(struct scsi_device case SDEV_CREATED: case SDEV_RUNNING: case SDEV_QUIESCE: + case SDEV_BLOCK: break; default: goto illegal; Index: linux-2.6.10-ck7/drivers/scsi/sd.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/scsi/sd.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/scsi/sd.c 2005-03-01 21:38:38.000000000 +1100 @@ -1082,9 +1082,12 @@ repeat: " READ CAPACITY(16).\n", diskname); longrc = 1; goto repeat; - } else { - printk(KERN_ERR "%s: too big for kernel. Assuming maximum 2Tb\n", diskname); } + printk(KERN_ERR "%s: too big for this kernel. Use a " + "kernel compiled with support for large block " + "devices.\n", diskname); + sdkp->capacity = 0; + goto got_data; } sdkp->capacity = 1 + (((sector_t)buffer[0] << 24) | (buffer[1] << 16) | Index: linux-2.6.10-ck7/drivers/serial/serial_core.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/serial/serial_core.c 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/serial/serial_core.c 2005-03-01 21:38:38.000000000 +1100 @@ -1877,7 +1877,21 @@ int uart_resume_port(struct uart_driver * Re-enable the console device after suspending. */ if (uart_console(port)) { - uart_change_speed(state, NULL); + struct termios termios; + + /* + * First try to use the console cflag setting. + */ + memset(&termios, 0, sizeof(struct termios)); + termios.c_cflag = port->cons->cflag; + + /* + * If that's unset, use the tty termios setting. + */ + if (state->info && state->info->tty && termios.c_cflag == 0) + termios = *state->info->tty->termios; + + port->ops->set_termios(port, &termios, NULL); console_start(port->cons); } Index: linux-2.6.10-ck7/drivers/usb/gadget/serial.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/usb/gadget/serial.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck7/drivers/usb/gadget/serial.c 2005-03-01 21:38:38.000000000 +1100 @@ -2322,11 +2322,11 @@ static void gs_free_ports(struct gs_dev wake_up_interruptible(&port->port_tty->read_wait); wake_up_interruptible(&port->port_tty->write_wait); } + spin_unlock_irqrestore(&port->port_lock, flags); } else { kfree(port); } - spin_unlock_irqrestore(&port->port_lock, flags); } } } Index: linux-2.6.10-ck7/drivers/usb/Makefile =================================================================== --- linux-2.6.10-ck7.orig/drivers/usb/Makefile 2004-12-25 10:14:49.000000000 +1100 +++ linux-2.6.10-ck7/drivers/usb/Makefile 2005-03-01 21:38:38.000000000 +1100 @@ -9,7 +9,7 @@ obj-$(CONFIG_USB) += core/ obj-$(CONFIG_USB_EHCI_HCD) += host/ obj-$(CONFIG_USB_OHCI_HCD) += host/ obj-$(CONFIG_USB_UHCI_HCD) += host/ -obj-$(CONFIG_USB_SL811HS) += host/ +obj-$(CONFIG_USB_SL811_HCD) += host/ obj-$(CONFIG_ETRAX_USB_HOST) += host/ obj-$(CONFIG_USB_ACM) += class/ @@ -49,7 +49,6 @@ obj-$(CONFIG_USB_PEGASUS) += net/ obj-$(CONFIG_USB_RTL8150) += net/ obj-$(CONFIG_USB_USBNET) += net/ -obj-$(CONFIG_USB_DC2XX) += image/ obj-$(CONFIG_USB_HPUSBSCSI) += image/ obj-$(CONFIG_USB_MDC800) += image/ obj-$(CONFIG_USB_MICROTEK) += image/ Index: linux-2.6.10-ck7/drivers/usb/serial/ftdi_sio.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/usb/serial/ftdi_sio.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck7/drivers/usb/serial/ftdi_sio.c 2005-03-01 21:38:38.000000000 +1100 @@ -1137,7 +1137,7 @@ static int set_serial_info(struct usb_se goto check_and_exit; } - if ((new_serial.baud_base != priv->baud_base) || + if ((new_serial.baud_base != priv->baud_base) && (new_serial.baud_base < 9600)) return -EINVAL; @@ -1518,7 +1518,7 @@ static int ftdi_write (struct usb_serial dbg("%s port %d, %d bytes", __FUNCTION__, port->number, count); if (count == 0) { - err("write request of 0 bytes"); + dbg("write request of 0 bytes"); return 0; } Index: linux-2.6.10-ck7/drivers/video/cg3.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/video/cg3.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck7/drivers/video/cg3.c 2005-03-01 21:38:38.000000000 +1100 @@ -209,7 +209,7 @@ cg3_blank(int blank, struct fb_info *inf case FB_BLANK_HSYNC_SUSPEND: /* VESA blank (hsync off) */ case FB_BLANK_POWERDOWN: /* Poweroff */ val = sbus_readb(®s->control); - val |= CG3_CR_ENABLE_VIDEO; + val &= ~CG3_CR_ENABLE_VIDEO; sbus_writeb(val, ®s->control); par->flags |= CG3_FLAG_BLANKED; break; Index: linux-2.6.10-ck7/drivers/video/matrox/matroxfb_base.c =================================================================== --- linux-2.6.10-ck7.orig/drivers/video/matrox/matroxfb_base.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck7/drivers/video/matrox/matroxfb_base.c 2005-03-01 21:38:38.000000000 +1100 @@ -2477,8 +2477,10 @@ MODULE_PARM(noinit, "i"); MODULE_PARM_DESC(noinit, "Disables W/SG/SD-RAM and bus interface initialization (0 or 1=do not initialize) (default=0)"); MODULE_PARM(memtype, "i"); MODULE_PARM_DESC(memtype, "Memory type for G200/G400 (see Documentation/fb/matroxfb.txt for explanation) (default=3 for G200, 0 for G400)"); +#ifdef CONFIG_MTRR MODULE_PARM(mtrr, "i"); MODULE_PARM_DESC(mtrr, "This speeds up video memory accesses (0=disabled or 1) (default=1)"); +#endif MODULE_PARM(sgram, "i"); MODULE_PARM_DESC(sgram, "Indicates that G100/G200/G400 has SGRAM memory (0=SDRAM, 1=SGRAM) (default=0)"); MODULE_PARM(inv24, "i"); Index: linux-2.6.10-ck7/fs/binfmt_aout.c =================================================================== --- linux-2.6.10-ck7.orig/fs/binfmt_aout.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck7/fs/binfmt_aout.c 2005-03-01 21:38:38.000000000 +1100 @@ -50,7 +50,10 @@ static int set_brk(unsigned long start, start = PAGE_ALIGN(start); end = PAGE_ALIGN(end); if (end > start) { - unsigned long addr = do_brk(start, end - start); + unsigned long addr; + down_write(¤t->mm->mmap_sem); + addr = do_brk(start, end - start); + up_write(¤t->mm->mmap_sem); if (BAD_ADDR(addr)) return addr; } @@ -323,10 +326,14 @@ static int load_aout_binary(struct linux loff_t pos = fd_offset; /* Fuck me plenty... */ /* */ + down_write(¤t->mm->mmap_sem); error = do_brk(N_TXTADDR(ex), ex.a_text); + up_write(¤t->mm->mmap_sem); bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), ex.a_text, &pos); + down_write(¤t->mm->mmap_sem); error = do_brk(N_DATADDR(ex), ex.a_data); + up_write(¤t->mm->mmap_sem); bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex), ex.a_data, &pos); goto beyond_if; @@ -346,8 +353,9 @@ static int load_aout_binary(struct linux pos = 32; map_size = ex.a_text+ex.a_data; #endif - + down_write(¤t->mm->mmap_sem); error = do_brk(text_addr & PAGE_MASK, map_size); + up_write(¤t->mm->mmap_sem); if (error != (text_addr & PAGE_MASK)) { send_sig(SIGKILL, current, 0); return error; @@ -382,7 +390,9 @@ static int load_aout_binary(struct linux if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { loff_t pos = fd_offset; + down_write(¤t->mm->mmap_sem); do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); + up_write(¤t->mm->mmap_sem); bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex), ex.a_text+ex.a_data, &pos); @@ -487,8 +497,9 @@ static int load_aout_library(struct file file->f_dentry->d_name.name); error_time = jiffies; } - + down_write(¤t->mm->mmap_sem); do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); + up_write(¤t->mm->mmap_sem); file->f_op->read(file, (char __user *)start_addr, ex.a_text + ex.a_data, &pos); @@ -512,7 +523,9 @@ static int load_aout_library(struct file len = PAGE_ALIGN(ex.a_text + ex.a_data); bss = ex.a_text + ex.a_data + ex.a_bss; if (bss > len) { + down_write(¤t->mm->mmap_sem); error = do_brk(start_addr + len, bss - len); + up_write(¤t->mm->mmap_sem); retval = error; if (error != start_addr + len) goto out; Index: linux-2.6.10-ck7/fs/binfmt_elf.c =================================================================== --- linux-2.6.10-ck7.orig/fs/binfmt_elf.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck7/fs/binfmt_elf.c 2005-03-01 21:38:38.000000000 +1100 @@ -88,7 +88,10 @@ static int set_brk(unsigned long start, start = ELF_PAGEALIGN(start); end = ELF_PAGEALIGN(end); if (end > start) { - unsigned long addr = do_brk(start, end - start); + unsigned long addr; + down_write(¤t->mm->mmap_sem); + addr = do_brk(start, end - start); + up_write(¤t->mm->mmap_sem); if (BAD_ADDR(addr)) return addr; } @@ -322,7 +325,8 @@ static unsigned long load_elf_interp(str */ if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr)) goto out; - if (interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr)) + if (interp_elf_ex->e_phnum < 1 || + interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr)) goto out; /* Now read in all of the header information */ @@ -408,7 +412,9 @@ static unsigned long load_elf_interp(str /* Map the last of the bss segment */ if (last_bss > elf_bss) { + down_write(¤t->mm->mmap_sem); error = do_brk(elf_bss, last_bss - elf_bss); + up_write(¤t->mm->mmap_sem); if (BAD_ADDR(error)) goto out_close; } @@ -448,7 +454,9 @@ static unsigned long load_aout_interp(st goto out; } + down_write(¤t->mm->mmap_sem); do_brk(0, text_data); + up_write(¤t->mm->mmap_sem); if (!interpreter->f_op || !interpreter->f_op->read) goto out; if (interpreter->f_op->read(interpreter, addr, text_data, &offset) < 0) @@ -456,8 +464,11 @@ static unsigned long load_aout_interp(st flush_icache_range((unsigned long)addr, (unsigned long)addr + text_data); + + down_write(¤t->mm->mmap_sem); do_brk(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), interp_ex->a_bss); + up_write(¤t->mm->mmap_sem); elf_entry = interp_ex->a_entry; out: @@ -524,12 +535,13 @@ static int load_elf_binary(struct linux_ /* Now read in all of the header information */ - retval = -ENOMEM; if (loc->elf_ex.e_phentsize != sizeof(struct elf_phdr)) goto out; - if (loc->elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr)) + if (loc->elf_ex.e_phnum < 1 || + loc->elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr)) goto out; size = loc->elf_ex.e_phnum * sizeof(struct elf_phdr); + retval = -ENOMEM; elf_phdata = (struct elf_phdr *) kmalloc(size, GFP_KERNEL); if (!elf_phdata) goto out; @@ -575,10 +587,12 @@ static int load_elf_binary(struct linux_ * is an a.out format binary */ - retval = -ENOMEM; + retval = -ENOEXEC; if (elf_ppnt->p_filesz > PATH_MAX || - elf_ppnt->p_filesz == 0) + elf_ppnt->p_filesz < 2) goto out_free_file; + + retval = -ENOMEM; elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz, GFP_KERNEL); if (!elf_interpreter) @@ -593,7 +607,7 @@ static int load_elf_binary(struct linux_ goto out_free_interp; } /* make sure path is NULL terminated */ - retval = -EINVAL; + retval = -ENOEXEC; if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0') goto out_free_interp; @@ -868,8 +882,9 @@ static int load_elf_binary(struct linux_ interpreter, &interp_load_addr); if (BAD_ADDR(elf_entry)) { - printk(KERN_ERR "Unable to load interpreter\n"); - send_sig(SIGSEGV, current, 0); + printk(KERN_ERR "Unable to load interpreter %.128s\n", + elf_interpreter); + force_sig(SIGSEGV, current); retval = -ENOEXEC; /* Nobody gets to see this, but.. */ goto out_free_dentry; } @@ -1024,8 +1039,11 @@ static int load_elf_library(struct file len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1); bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; - if (bss > len) + if (bss > len) { + down_write(¤t->mm->mmap_sem); do_brk(len, bss - len); + up_write(¤t->mm->mmap_sem); + } error = 0; out_free_ph: Index: linux-2.6.10-ck7/fs/ext3/inode.c =================================================================== --- linux-2.6.10-ck7.orig/fs/ext3/inode.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck7/fs/ext3/inode.c 2005-03-01 21:38:38.000000000 +1100 @@ -84,7 +84,7 @@ int ext3_forget(handle_t *handle, int is (!is_metadata && !ext3_should_journal_data(inode))) { if (bh) { BUFFER_TRACE(bh, "call journal_forget"); - ext3_journal_forget(handle, bh); + return ext3_journal_forget(handle, bh); } return 0; } Index: linux-2.6.10-ck7/fs/ext3/super.c =================================================================== --- linux-2.6.10-ck7.orig/fs/ext3/super.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck7/fs/ext3/super.c 2005-03-01 21:38:38.000000000 +1100 @@ -108,14 +108,19 @@ void ext3_journal_abort_handle(const cha char nbuf[16]; const char *errstr = ext3_decode_error(NULL, err, nbuf); - printk(KERN_ERR "%s: aborting transaction: %s in %s", - caller, errstr, err_fn); - if (bh) BUFFER_TRACE(bh, "abort"); - journal_abort_handle(handle); + if (!handle->h_err) handle->h_err = err; + + if (is_handle_aborted(handle)) + return; + + printk(KERN_ERR "%s: aborting transaction: %s in %s\n", + caller, errstr, err_fn); + + journal_abort_handle(handle); } /* Deal with the reporting of failure conditions on a filesystem such as @@ -143,9 +148,6 @@ static void ext3_handle_error(struct sup if (sb->s_flags & MS_RDONLY) return; - if (test_opt (sb, ERRORS_PANIC)) - panic ("EXT3-fs (device %s): panic forced after error\n", - sb->s_id); if (test_opt (sb, ERRORS_RO)) { printk (KERN_CRIT "Remounting filesystem read-only\n"); sb->s_flags |= MS_RDONLY; @@ -156,6 +158,9 @@ static void ext3_handle_error(struct sup if (journal) journal_abort(journal, -EIO); } + if (test_opt(sb, ERRORS_PANIC)) + panic("EXT3-fs (device %s): panic forced after error\n", + sb->s_id); ext3_commit_super(sb, es, 1); } Index: linux-2.6.10-ck7/fs/jbd/revoke.c =================================================================== --- linux-2.6.10-ck7.orig/fs/jbd/revoke.c 2004-10-19 08:57:11.000000000 +1000 +++ linux-2.6.10-ck7/fs/jbd/revoke.c 2005-03-01 21:38:38.000000000 +1100 @@ -376,7 +376,12 @@ int journal_revoke(handle_t *handle, uns first having the revoke cancelled: it's illegal to free a block twice without allocating it in between! */ if (bh) { - J_ASSERT_BH(bh, !buffer_revoked(bh)); + if (!J_EXPECT_BH(bh, !buffer_revoked(bh), + "inconsistent data on disk")) { + if (!bh_in) + brelse(bh); + return -EIO; + } set_buffer_revoked(bh); set_buffer_revokevalid(bh); if (bh_in) { Index: linux-2.6.10-ck7/fs/jbd/transaction.c =================================================================== --- linux-2.6.10-ck7.orig/fs/jbd/transaction.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck7/fs/jbd/transaction.c 2005-03-01 21:38:38.000000000 +1100 @@ -1198,11 +1198,12 @@ journal_release_buffer(handle_t *handle, * Allow this call even if the handle has aborted --- it may be part of * the caller's cleanup after an abort. */ -void journal_forget(handle_t *handle, struct buffer_head *bh) +int journal_forget (handle_t *handle, struct buffer_head *bh) { transaction_t *transaction = handle->h_transaction; journal_t *journal = transaction->t_journal; struct journal_head *jh; + int err = 0; BUFFER_TRACE(bh, "entry"); @@ -1213,6 +1214,14 @@ void journal_forget(handle_t *handle, st goto not_jbd; jh = bh2jh(bh); + /* Critical error: attempting to delete a bitmap buffer, maybe? + * Don't do any jbd operations, and return an error. */ + if (!J_EXPECT_JH(jh, !jh->b_committed_data, + "inconsistent data on disk")) { + err = -EIO; + goto not_jbd; + } + if (jh->b_transaction == handle->h_transaction) { J_ASSERT_JH(jh, !jh->b_frozen_data); @@ -1223,7 +1232,6 @@ void journal_forget(handle_t *handle, st clear_buffer_jbddirty(bh); JBUFFER_TRACE(jh, "belongs to current transaction: unfile"); - J_ASSERT_JH(jh, !jh->b_committed_data); __journal_unfile_buffer(jh); @@ -1248,7 +1256,7 @@ void journal_forget(handle_t *handle, st spin_unlock(&journal->j_list_lock); jbd_unlock_bh_state(bh); __bforget(bh); - return; + return 0; } } } else if (jh->b_transaction) { @@ -1270,7 +1278,7 @@ not_jbd: spin_unlock(&journal->j_list_lock); jbd_unlock_bh_state(bh); __brelse(bh); - return; + return err; } /** Index: linux-2.6.10-ck7/fs/jffs2/build.c =================================================================== --- linux-2.6.10-ck7.orig/fs/jffs2/build.c 2004-08-15 14:08:16.000000000 +1000 +++ linux-2.6.10-ck7/fs/jffs2/build.c 2005-03-01 21:38:38.000000000 +1100 @@ -88,6 +88,7 @@ static int jffs2_build_filesystem(struct int ret; int i; struct jffs2_inode_cache *ic; + struct jffs2_full_dirent *fd; struct jffs2_full_dirent *dead_fds = NULL; /* First, scan the medium and build all the inode caches with @@ -98,7 +99,7 @@ static int jffs2_build_filesystem(struct c->flags &= ~JFFS2_SB_FLAG_MOUNTING; if (ret) - return ret; + goto exit; D1(printk(KERN_DEBUG "Scanned flash completely\n")); D1(jffs2_dump_block_lists(c)); @@ -135,9 +136,7 @@ static int jffs2_build_filesystem(struct D1(printk(KERN_DEBUG "Pass 2a starting\n")); while (dead_fds) { - struct jffs2_inode_cache *ic; - struct jffs2_full_dirent *fd = dead_fds; - + fd = dead_fds; dead_fds = fd->next; ic = jffs2_get_ino_cache(c, fd->ino); @@ -152,7 +151,6 @@ static int jffs2_build_filesystem(struct /* Finally, we can scan again and free the dirent structs */ for_each_inode(i, c, ic) { - struct jffs2_full_dirent *fd; D1(printk(KERN_DEBUG "Pass 3: ino #%u, ic %p, nodes %p\n", ic->ino, ic, ic->nodes)); while(ic->scan_dents) { @@ -169,6 +167,19 @@ static int jffs2_build_filesystem(struct /* Rotate the lists by some number to ensure wear levelling */ jffs2_rotate_lists(c); + ret = 0; + +exit: + if (ret) { + for_each_inode(i, c, ic) { + while(ic->scan_dents) { + fd = ic->scan_dents; + ic->scan_dents = fd->next; + jffs2_free_full_dirent(fd); + } + } + } + return ret; } @@ -310,6 +321,7 @@ int jffs2_do_mount_fs(struct jffs2_sb_in c->blocks[i].used_size = 0; c->blocks[i].first_node = NULL; c->blocks[i].last_node = NULL; + c->blocks[i].bad_count = 0; } init_MUTEX(&c->alloc_sem); Index: linux-2.6.10-ck7/fs/jfs/inode.c =================================================================== --- linux-2.6.10-ck7.orig/fs/jfs/inode.c 2004-10-19 08:57:11.000000000 +1000 +++ linux-2.6.10-ck7/fs/jfs/inode.c 2005-03-01 21:38:38.000000000 +1100 @@ -81,8 +81,7 @@ int jfs_commit_inode(struct inode *inode * Don't commit if inode has been committed since last being * marked dirty, or if it has been deleted. */ - if (test_cflag(COMMIT_Nolink, inode) || - !test_cflag(COMMIT_Dirty, inode)) + if (inode->i_nlink == 0 || !test_cflag(COMMIT_Dirty, inode)) return 0; if (isReadOnly(inode)) { @@ -100,7 +99,13 @@ int jfs_commit_inode(struct inode *inode tid = txBegin(inode->i_sb, COMMIT_INODE); down(&JFS_IP(inode)->commit_sem); - rc = txCommit(tid, 1, &inode, wait ? COMMIT_SYNC : 0); + + /* + * Retest inode state after taking commit_sem + */ + if (inode->i_nlink && test_cflag(COMMIT_Dirty, inode)) + rc = txCommit(tid, 1, &inode, wait ? COMMIT_SYNC : 0); + txEnd(tid); up(&JFS_IP(inode)->commit_sem); return rc; Index: linux-2.6.10-ck7/fs/nfs/dir.c =================================================================== --- linux-2.6.10-ck7.orig/fs/nfs/dir.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck7/fs/nfs/dir.c 2005-03-01 21:38:38.000000000 +1100 @@ -1438,7 +1438,7 @@ static int nfs_rename(struct inode *old_ goto go_ahead; if (S_ISDIR(new_inode->i_mode)) goto out; - else if (atomic_read(&new_dentry->d_count) > 1) { + else if (atomic_read(&new_dentry->d_count) > 2) { int err; /* copy the target dentry's name */ dentry = d_alloc(new_dentry->d_parent, @@ -1453,10 +1453,8 @@ static int nfs_rename(struct inode *old_ new_inode = NULL; /* instantiate the replacement target */ d_instantiate(new_dentry, NULL); - } - + } else if (atomic_read(&new_dentry->d_count) > 1) { /* dentry still busy? */ - if (atomic_read(&new_dentry->d_count) > 1) { #ifdef NFS_PARANOIA printk("nfs_rename: target %s/%s busy, d_count=%d\n", new_dentry->d_parent->d_name.name, Index: linux-2.6.10-ck7/fs/nfs/direct.c =================================================================== --- linux-2.6.10-ck7.orig/fs/nfs/direct.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck7/fs/nfs/direct.c 2005-03-01 21:38:38.000000000 +1100 @@ -72,8 +72,10 @@ nfs_get_user_pages(int rw, unsigned long size_t array_size; /* set an arbitrary limit to prevent arithmetic overflow */ - if (size > MAX_DIRECTIO_SIZE) + if (size > MAX_DIRECTIO_SIZE) { + *pages = NULL; return -EFBIG; + } page_count = (user_addr + size + PAGE_SIZE - 1) >> PAGE_SHIFT; page_count -= user_addr >> PAGE_SHIFT; Index: linux-2.6.10-ck7/fs/nfs/inode.c =================================================================== --- linux-2.6.10-ck7.orig/fs/nfs/inode.c 2004-10-19 08:57:11.000000000 +1000 +++ linux-2.6.10-ck7/fs/nfs/inode.c 2005-03-01 21:38:38.000000000 +1100 @@ -486,13 +486,27 @@ nfs_statfs(struct super_block *sb, struc if (error < 0) goto out_err; - buf->f_frsize = server->wtmult; + /* + * Current versions of glibc do not correctly handle the + * case where f_frsize != f_bsize. Eventually we want to + * report the value of wtmult in this field. + */ + buf->f_frsize = sb->s_blocksize; + + /* + * On most *nix systems, f_blocks, f_bfree, and f_bavail + * are reported in units of f_frsize. Linux hasn't had + * an f_frsize field in its statfs struct until recently, + * thus historically Linux's sys_statfs reports these + * fields in units of f_bsize. + */ buf->f_bsize = sb->s_blocksize; blockbits = sb->s_blocksize_bits; blockres = (1 << blockbits) - 1; buf->f_blocks = (res.tbytes + blockres) >> blockbits; buf->f_bfree = (res.fbytes + blockres) >> blockbits; buf->f_bavail = (res.abytes + blockres) >> blockbits; + buf->f_files = res.tfiles; buf->f_ffree = res.afiles; Index: linux-2.6.10-ck7/fs/nls/nls_ascii.c =================================================================== --- linux-2.6.10-ck7.orig/fs/nls/nls_ascii.c 2004-08-15 14:08:17.000000000 +1000 +++ linux-2.6.10-ck7/fs/nls/nls_ascii.c 2005-03-01 21:38:38.000000000 +1100 @@ -13,7 +13,7 @@ #include #include -static wchar_t charset2uni[128] = { +static wchar_t charset2uni[256] = { /* 0x00*/ 0x0000, 0x0001, 0x0002, 0x0003, 0x0004, 0x0005, 0x0006, 0x0007, @@ -56,7 +56,7 @@ static wchar_t charset2uni[128] = { 0x007c, 0x007d, 0x007e, 0x007f, }; -static unsigned char page00[128] = { +static unsigned char page00[256] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */ @@ -75,11 +75,11 @@ static unsigned char page00[128] = { 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, /* 0x78-0x7f */ }; -static unsigned char *page_uni2charset[128] = { - page00, NULL, NULL, NULL, NULL, NULL, NULL, NULL, +static unsigned char *page_uni2charset[256] = { + page00, }; -static unsigned char charset2lower[128] = { +static unsigned char charset2lower[256] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */ @@ -98,7 +98,7 @@ static unsigned char charset2lower[128] 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, /* 0x78-0x7f */ }; -static unsigned char charset2upper[128] = { +static unsigned char charset2upper[256] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */ Index: linux-2.6.10-ck7/fs/openpromfs/inode.c =================================================================== --- linux-2.6.10-ck7.orig/fs/openpromfs/inode.c 2004-10-19 08:57:11.000000000 +1000 +++ linux-2.6.10-ck7/fs/openpromfs/inode.c 2005-03-01 21:38:38.000000000 +1100 @@ -94,8 +94,6 @@ static ssize_t property_read(struct file openprom_property *op; char buffer[64]; - if (*ppos >= 0xffffff || count >= 0xffffff) - return -EINVAL; if (!filp->private_data) { node = nodes[(u16)((long)inode->u.generic_ip)].node; i = ((u32)(long)inode->u.generic_ip) >> 16; @@ -168,6 +166,8 @@ static ssize_t property_read(struct file op = (openprom_property *)filp->private_data; if (!count || !(op->len || (op->flag & OPP_ASCIIZ))) return 0; + if (*ppos >= 0xffffff || count >= 0xffffff) + return -EINVAL; if (op->flag & OPP_STRINGLIST) { for (k = 0, p = op->value; p < op->value + op->len; p++) if (!*p) Index: linux-2.6.10-ck7/fs/proc/generic.c =================================================================== --- linux-2.6.10-ck7.orig/fs/proc/generic.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck7/fs/proc/generic.c 2005-03-01 21:38:38.000000000 +1100 @@ -60,7 +60,7 @@ proc_file_read(struct file *file, char _ return -ENOMEM; while ((nbytes > 0) && !eof) { - count = min_t(ssize_t, PROC_BLOCK_SIZE, nbytes); + count = min_t(size_t, PROC_BLOCK_SIZE, nbytes); start = NULL; if (dp->get_info) { Index: linux-2.6.10-ck7/fs/reiserfs/file.c =================================================================== --- linux-2.6.10-ck7.orig/fs/reiserfs/file.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck7/fs/reiserfs/file.c 2005-03-01 21:38:38.000000000 +1100 @@ -588,7 +588,7 @@ error_exit: /* Unlock pages prepared by reiserfs_prepare_file_region_for_write */ void reiserfs_unprepare_pages(struct page **prepared_pages, /* list of locked pages */ - int num_pages /* amount of pages */) { + size_t num_pages /* amount of pages */) { int i; // loop counter for (i=0; i < num_pages ; i++) { @@ -619,7 +619,7 @@ int reiserfs_copy_from_user_to_file_regi int offset; // offset in page for ( i = 0, offset = (pos & (PAGE_CACHE_SIZE-1)); i < num_pages ; i++,offset=0) { - int count = min_t(int,PAGE_CACHE_SIZE-offset,write_bytes); // How much of bytes to write to this page + size_t count = min_t(size_t,PAGE_CACHE_SIZE-offset,write_bytes); // How much of bytes to write to this page struct page *page=prepared_pages[i]; // Current page we process. fault_in_pages_readable( buf, count); @@ -718,8 +718,8 @@ int reiserfs_submit_file_region_for_writ struct reiserfs_transaction_handle *th, struct inode *inode, loff_t pos, /* Writing position offset */ - int num_pages, /* Number of pages to write */ - int write_bytes, /* number of bytes to write */ + size_t num_pages, /* Number of pages to write */ + size_t write_bytes, /* number of bytes to write */ struct page **prepared_pages /* list of pages */ ) { @@ -854,9 +854,9 @@ int reiserfs_check_for_tail_and_convert( int reiserfs_prepare_file_region_for_write( struct inode *inode /* Inode of the file */, loff_t pos, /* position in the file */ - int num_pages, /* number of pages to + size_t num_pages, /* number of pages to prepare */ - int write_bytes, /* Amount of bytes to be + size_t write_bytes, /* Amount of bytes to be overwritten from @pos */ struct page **prepared_pages /* pointer to array @@ -1252,10 +1252,9 @@ ssize_t reiserfs_file_write( struct file while ( count > 0) { /* This is the main loop in which we running until some error occures or until we write all of the data. */ - int num_pages;/* amount of pages we are going to write this iteration */ - int write_bytes; /* amount of bytes to write during this iteration */ - int blocks_to_allocate; /* how much blocks we need to allocate for - this iteration */ + size_t num_pages;/* amount of pages we are going to write this iteration */ + size_t write_bytes; /* amount of bytes to write during this iteration */ + size_t blocks_to_allocate; /* how much blocks we need to allocate for this iteration */ /* (pos & (PAGE_CACHE_SIZE-1)) is an idiom for offset into a page of pos*/ num_pages = !!((pos+count) & (PAGE_CACHE_SIZE - 1)) + /* round up partial @@ -1269,7 +1268,7 @@ ssize_t reiserfs_file_write( struct file /* If we were asked to write more data than we want to or if there is not that much space, then we shorten amount of data to write for this iteration. */ - num_pages = min_t(int, REISERFS_WRITE_PAGES_AT_A_TIME, reiserfs_can_fit_pages(inode->i_sb)); + num_pages = min_t(size_t, REISERFS_WRITE_PAGES_AT_A_TIME, reiserfs_can_fit_pages(inode->i_sb)); /* Also we should not forget to set size in bytes accordingly */ write_bytes = (num_pages << PAGE_CACHE_SHIFT) - (pos & (PAGE_CACHE_SIZE-1)); @@ -1295,7 +1294,7 @@ ssize_t reiserfs_file_write( struct file // But overwriting files on absolutelly full volumes would not // be very efficient. Well, people are not supposed to fill // 100% of disk space anyway. - write_bytes = min_t(int, count, inode->i_sb->s_blocksize - (pos & (inode->i_sb->s_blocksize - 1))); + write_bytes = min_t(size_t, count, inode->i_sb->s_blocksize - (pos & (inode->i_sb->s_blocksize - 1))); num_pages = 1; // No blocks were claimed before, so do it now. reiserfs_claim_blocks_to_be_allocated(inode->i_sb, 1 << (PAGE_CACHE_SHIFT - inode->i_blkbits)); Index: linux-2.6.10-ck7/fs/smbfs/proc.c =================================================================== --- linux-2.6.10-ck7.orig/fs/smbfs/proc.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck7/fs/smbfs/proc.c 2005-03-01 21:38:38.000000000 +1100 @@ -1427,9 +1427,9 @@ smb_proc_readX_data(struct smb_request * * So we must first calculate the amount of padding used by the server. */ data_off -= hdrlen; - if (data_off > SMB_READX_MAX_PAD) { - PARANOIA("offset is larger than max pad!\n"); - PARANOIA("%d > %d\n", data_off, SMB_READX_MAX_PAD); + if (data_off > SMB_READX_MAX_PAD || data_off < 0) { + PARANOIA("offset is larger than SMB_READX_MAX_PAD or negative!\n"); + PARANOIA("%d > %d || %d < 0\n", data_off, SMB_READX_MAX_PAD, data_off); req->rq_rlen = req->rq_bufsize + 1; return; } Index: linux-2.6.10-ck7/fs/smbfs/request.c =================================================================== --- linux-2.6.10-ck7.orig/fs/smbfs/request.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck7/fs/smbfs/request.c 2005-03-01 21:38:38.000000000 +1100 @@ -588,8 +588,18 @@ static int smb_recv_trans2(struct smb_sb data_count = WVAL(inbuf, smb_drcnt); /* Modify offset for the split header/buffer we use */ - data_offset -= hdrlen; - parm_offset -= hdrlen; + if (data_count || data_offset) { + if (unlikely(data_offset < hdrlen)) + goto out_bad_data; + else + data_offset -= hdrlen; + } + if (parm_count || parm_offset) { + if (unlikely(parm_offset < hdrlen)) + goto out_bad_parm; + else + parm_offset -= hdrlen; + } if (parm_count == parm_tot && data_count == data_tot) { /* @@ -600,18 +610,22 @@ static int smb_recv_trans2(struct smb_sb * response that fits. */ VERBOSE("single trans2 response " - "dcnt=%d, pcnt=%d, doff=%d, poff=%d\n", + "dcnt=%u, pcnt=%u, doff=%u, poff=%u\n", data_count, parm_count, data_offset, parm_offset); req->rq_ldata = data_count; req->rq_lparm = parm_count; req->rq_data = req->rq_buffer + data_offset; req->rq_parm = req->rq_buffer + parm_offset; + if (unlikely(parm_offset + parm_count > req->rq_rlen)) + goto out_bad_parm; + if (unlikely(data_offset + data_count > req->rq_rlen)) + goto out_bad_data; return 0; } VERBOSE("multi trans2 response " - "frag=%d, dcnt=%d, pcnt=%d, doff=%d, poff=%d\n", + "frag=%d, dcnt=%u, pcnt=%u, doff=%u, poff=%u\n", req->rq_fragment, data_count, parm_count, data_offset, parm_offset); @@ -638,13 +652,15 @@ static int smb_recv_trans2(struct smb_sb req->rq_parm = req->rq_trans2buffer; req->rq_data = req->rq_trans2buffer + parm_tot; - } else if (req->rq_total_data < data_tot || - req->rq_total_parm < parm_tot) + } else if (unlikely(req->rq_total_data < data_tot || + req->rq_total_parm < parm_tot)) goto out_data_grew; - if (parm_disp + parm_count > req->rq_total_parm) + if (unlikely(parm_disp + parm_count > req->rq_total_parm || + parm_offset + parm_count > req->rq_rlen)) goto out_bad_parm; - if (data_disp + data_count > req->rq_total_data) + if (unlikely(data_disp + data_count > req->rq_total_data || + data_offset + data_count > req->rq_rlen)) goto out_bad_data; inbuf = req->rq_buffer; @@ -666,10 +682,9 @@ static int smb_recv_trans2(struct smb_sb return 1; out_too_long: - printk(KERN_ERR "smb_trans2: data/param too long, data=%d, parm=%d\n", + printk(KERN_ERR "smb_trans2: data/param too long, data=%u, parm=%u\n", data_tot, parm_tot); - req->rq_errno = -EIO; - goto out; + goto out_EIO; out_no_mem: printk(KERN_ERR "smb_trans2: couldn't allocate data area of %d bytes\n", req->rq_trans2bufsize); @@ -677,16 +692,15 @@ out_no_mem: goto out; out_data_grew: printk(KERN_ERR "smb_trans2: data/params grew!\n"); - req->rq_errno = -EIO; - goto out; + goto out_EIO; out_bad_parm: - printk(KERN_ERR "smb_trans2: invalid parms, disp=%d, cnt=%d, tot=%d\n", - parm_disp, parm_count, parm_tot); - req->rq_errno = -EIO; - goto out; + printk(KERN_ERR "smb_trans2: invalid parms, disp=%u, cnt=%u, tot=%u, ofs=%u\n", + parm_disp, parm_count, parm_tot, parm_offset); + goto out_EIO; out_bad_data: - printk(KERN_ERR "smb_trans2: invalid data, disp=%d, cnt=%d, tot=%d\n", - data_disp, data_count, data_tot); + printk(KERN_ERR "smb_trans2: invalid data, disp=%u, cnt=%u, tot=%u, ofs=%u\n", + data_disp, data_count, data_tot, data_offset); +out_EIO: req->rq_errno = -EIO; out: return req->rq_errno; Index: linux-2.6.10-ck7/fs/vfat/namei.c =================================================================== --- linux-2.6.10-ck7.orig/fs/vfat/namei.c 2004-10-19 08:57:11.000000000 +1000 +++ linux-2.6.10-ck7/fs/vfat/namei.c 2005-03-01 21:38:38.000000000 +1100 @@ -199,10 +199,10 @@ static inline int vfat_is_used_badchars( static int vfat_valid_longname(const unsigned char *name, unsigned int len) { - if (len && name[len-1] == ' ') - return 0; + if (name[len - 1] == ' ') + return -EINVAL; if (len >= 256) - return 0; + return -ENAMETOOLONG; /* MS-DOS "device special files" */ if (len == 3 || (len > 3 && name[3] == '.')) { /* basename == 3 */ @@ -210,18 +210,18 @@ static int vfat_valid_longname(const uns !strnicmp(name, "con", 3) || !strnicmp(name, "nul", 3) || !strnicmp(name, "prn", 3)) - return 0; + return -EINVAL; } if (len == 4 || (len > 4 && name[4] == '.')) { /* basename == 4 */ /* "com1", "com2", ... */ if ('1' <= name[3] && name[3] <= '9') { if (!strnicmp(name, "com", 3) || !strnicmp(name, "lpt", 3)) - return 0; + return -EINVAL; } } - return 1; + return 0; } static int vfat_find_form(struct inode *dir, unsigned char *name) @@ -624,8 +624,9 @@ static int vfat_build_slots(struct inode loff_t offset; *slots = 0; - if (!vfat_valid_longname(name, len)) - return -EINVAL; + res = vfat_valid_longname(name, len); + if (res) + return res; if(!(page = __get_free_page(GFP_KERNEL))) return -ENOMEM; Index: linux-2.6.10-ck7/fs/xfs/linux-2.6/xfs_ioctl.c =================================================================== --- linux-2.6.10-ck7.orig/fs/xfs/linux-2.6/xfs_ioctl.c 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck7/fs/xfs/linux-2.6/xfs_ioctl.c 2005-03-01 21:38:38.000000000 +1100 @@ -499,7 +499,7 @@ xfs_attrmulti_by_handle( xfs_fsop_attrmulti_handlereq_t am_hreq; struct inode *inode; vnode_t *vp; - int i, size; + unsigned int i, size; error = xfs_vget_fsop_handlereq(mp, parinode, CAP_SYS_ADMIN, arg, sizeof(xfs_fsop_attrmulti_handlereq_t), @@ -509,6 +509,11 @@ xfs_attrmulti_by_handle( return -error; size = am_hreq.opcount * sizeof(attr_multiop_t); + if (!size || size > 16 * PAGE_SIZE) { + VN_RELE(vp); + return -XFS_ERROR(E2BIG); + } + ops = (xfs_attr_multiop_t *)kmalloc(size, GFP_KERNEL); if (!ops) { VN_RELE(vp); Index: linux-2.6.10-ck7/fs/xfs/xfs_vnodeops.c =================================================================== --- linux-2.6.10-ck7.orig/fs/xfs/xfs_vnodeops.c 2004-10-19 08:57:11.000000000 +1000 +++ linux-2.6.10-ck7/fs/xfs/xfs_vnodeops.c 2005-03-01 21:38:38.000000000 +1100 @@ -3900,7 +3900,7 @@ xfs_finish_reclaim( int error; if (vp && VN_BAD(vp)) - return 0; + goto reclaim; /* The hash lock here protects a thread in xfs_iget_core from * racing with us on linking the inode back with a vnode. @@ -3948,8 +3948,7 @@ xfs_finish_reclaim( */ if (error) { xfs_iunlock(ip, XFS_ILOCK_EXCL); - xfs_ireclaim(ip); - return (0); + goto reclaim; } xfs_iflock(ip); /* synchronize with xfs_iflush_done */ } @@ -3968,6 +3967,7 @@ xfs_finish_reclaim( xfs_iunlock(ip, XFS_ILOCK_EXCL); } + reclaim: xfs_ireclaim(ip); return 0; } Index: linux-2.6.10-ck7/include/asm-alpha/io_trivial.h =================================================================== --- linux-2.6.10-ck7.orig/include/asm-alpha/io_trivial.h 2004-10-19 08:57:11.000000000 +1000 +++ linux-2.6.10-ck7/include/asm-alpha/io_trivial.h 2005-03-01 21:38:38.000000000 +1100 @@ -26,7 +26,7 @@ IO_CONCAT(__IO_PREFIX,iowrite8)(u8 b, vo __EXTERN_INLINE void IO_CONCAT(__IO_PREFIX,iowrite16)(u16 b, void __iomem *a) { - __kernel_stb(b, *(volatile u16 __force *)a); + __kernel_stw(b, *(volatile u16 __force *)a); } #endif @@ -66,7 +66,7 @@ IO_CONCAT(__IO_PREFIX,writeb)(u8 b, vola __EXTERN_INLINE void IO_CONCAT(__IO_PREFIX,writew)(u16 b, volatile void __iomem *a) { - __kernel_stb(b, *(volatile u16 __force *)a); + __kernel_stw(b, *(volatile u16 __force *)a); } #elif IO_CONCAT(__IO_PREFIX,trivial_rw_bw) == 2 __EXTERN_INLINE u8 Index: linux-2.6.10-ck7/include/asm-i386/processor.h =================================================================== --- linux-2.6.10-ck7.orig/include/asm-i386/processor.h 2004-12-25 10:14:50.000000000 +1100 +++ linux-2.6.10-ck7/include/asm-i386/processor.h 2005-03-01 21:38:38.000000000 +1100 @@ -126,6 +126,8 @@ extern void dodgy_tsc(void); /* * Generic CPUID function + * clear %ecx since some cpus (Cyrix MII) do not set or clear %ecx + * resulting in stale register contents being returned. */ static inline void cpuid(int op, int *eax, int *ebx, int *ecx, int *edx) { @@ -134,7 +136,7 @@ static inline void cpuid(int op, int *ea "=b" (*ebx), "=c" (*ecx), "=d" (*edx) - : "0" (op)); + : "0" (op), "c"(0)); } /* Index: linux-2.6.10-ck7/include/asm-i386/smp.h =================================================================== --- linux-2.6.10-ck7.orig/include/asm-i386/smp.h 2004-10-19 08:57:11.000000000 +1000 +++ linux-2.6.10-ck7/include/asm-i386/smp.h 2005-03-01 21:38:38.000000000 +1100 @@ -53,6 +53,7 @@ extern u8 x86_cpu_to_apicid[]; #define smp_processor_id() (current_thread_info()->cpu) extern cpumask_t cpu_callout_map; +extern cpumask_t cpu_callin_map; #define cpu_possible_map cpu_callout_map /* We don't mark CPUs online until __cpu_up(), so we need another measure */ Index: linux-2.6.10-ck7/include/asm-ia64/sal.h =================================================================== --- linux-2.6.10-ck7.orig/include/asm-ia64/sal.h 2004-10-19 08:57:11.000000000 +1000 +++ linux-2.6.10-ck7/include/asm-ia64/sal.h 2005-03-01 21:38:38.000000000 +1100 @@ -829,6 +829,8 @@ extern int ia64_sal_oemcall_nolock(struc extern int ia64_sal_oemcall_reentrant(struct ia64_sal_retval *, u64, u64, u64, u64, u64, u64, u64, u64); +extern void ia64_sal_handler_init(void *entry_point, void *gpval); + #endif /* __ASSEMBLY__ */ #endif /* _ASM_IA64_SAL_H */ Index: linux-2.6.10-ck7/include/asm-ia64/unistd.h =================================================================== --- linux-2.6.10-ck7.orig/include/asm-ia64/unistd.h 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck7/include/asm-ia64/unistd.h 2005-03-01 21:38:38.000000000 +1100 @@ -373,7 +373,7 @@ asmlinkage unsigned long sys_mmap2( int fd, long pgoff); struct pt_regs; struct sigaction; -asmlinkage long sys_execve(char __user *filename, char __user * __user *argv, +long sys_execve(char __user *filename, char __user * __user *argv, char __user * __user *envp, struct pt_regs *regs); asmlinkage long sys_pipe(long arg0, long arg1, long arg2, long arg3, long arg4, long arg5, long arg6, long arg7, long stack); Index: linux-2.6.10-ck7/include/asm-sparc64/pgtable.h =================================================================== --- linux-2.6.10-ck7.orig/include/asm-sparc64/pgtable.h 2004-08-15 14:08:18.000000000 +1000 +++ linux-2.6.10-ck7/include/asm-sparc64/pgtable.h 2005-03-01 21:38:38.000000000 +1100 @@ -313,7 +313,7 @@ static inline pte_t pte_modify(pte_t ori /* Find an entry in the second-level page table.. */ #define pmd_offset(dir, address) \ ((pmd_t *) pgd_page(*(dir)) + \ - ((address >> PMD_SHIFT) & (REAL_PTRS_PER_PMD-1))) + (((address) >> PMD_SHIFT) & (REAL_PTRS_PER_PMD-1))) /* Find an entry in the third-level page table.. */ #define pte_index(dir, address) \ Index: linux-2.6.10-ck7/include/asm-sparc/floppy.h =================================================================== --- linux-2.6.10-ck7.orig/include/asm-sparc/floppy.h 2004-03-11 21:29:30.000000000 +1100 +++ linux-2.6.10-ck7/include/asm-sparc/floppy.h 2005-03-01 21:38:38.000000000 +1100 @@ -312,8 +312,8 @@ static int sun_floppy_init(void) } /* The sun4m lets us know if the controller is actually usable. */ - if(sparc_cpu_model == sun4m) { - prom_getproperty(fd_node, "status", state, sizeof(state)); + if(sparc_cpu_model == sun4m && + prom_getproperty(fd_node, "status", state, sizeof(state)) != -1) { if(!strcmp(state, "disabled")) { goto no_sun_fdc; } Index: linux-2.6.10-ck7/include/asm-sparc/oplib.h =================================================================== --- linux-2.6.10-ck7.orig/include/asm-sparc/oplib.h 2004-05-23 12:54:36.000000000 +1000 +++ linux-2.6.10-ck7/include/asm-sparc/oplib.h 2005-03-01 21:38:38.000000000 +1100 @@ -10,6 +10,7 @@ #include #include +#include /* The master romvec pointer... */ extern struct linux_romvec *romvec; @@ -244,8 +245,8 @@ extern int prom_getproplen(int thisnode, /* Fetch the requested property using the given buffer. Returns * the number of bytes the prom put into your buffer or -1 on error. */ -extern int prom_getproperty(int thisnode, char *property, - char *prop_buffer, int propbuf_size); +extern int __must_check prom_getproperty(int thisnode, char *property, + char *prop_buffer, int propbuf_size); /* Acquire an integer property. */ extern int prom_getint(int node, char *property); Index: linux-2.6.10-ck7/include/asm-x86_64/smp.h =================================================================== --- linux-2.6.10-ck7.orig/include/asm-x86_64/smp.h 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck7/include/asm-x86_64/smp.h 2005-03-01 21:38:38.000000000 +1100 @@ -59,6 +59,7 @@ extern u8 phys_proc_id[NR_CPUS]; */ extern cpumask_t cpu_callout_map; +extern cpumask_t cpu_callin_map; #define cpu_possible_map cpu_callout_map static inline int num_booting_cpus(void) Index: linux-2.6.10-ck7/include/linux/ext3_jbd.h =================================================================== --- linux-2.6.10-ck7.orig/include/linux/ext3_jbd.h 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck7/include/linux/ext3_jbd.h 2005-03-01 21:38:38.000000000 +1100 @@ -138,10 +138,13 @@ ext3_journal_release_buffer(handle_t *ha journal_release_buffer(handle, bh, credits); } -static inline void -ext3_journal_forget(handle_t *handle, struct buffer_head *bh) +static inline int +__ext3_journal_forget(const char *where, handle_t *handle, struct buffer_head *bh) { - journal_forget(handle, bh); + int err = journal_forget(handle, bh); + if (err) + ext3_journal_abort_handle(where, __FUNCTION__, bh, handle,err); + return err; } static inline int @@ -187,6 +190,8 @@ __ext3_journal_dirty_metadata(const char __ext3_journal_get_create_access(__FUNCTION__, (handle), (bh)) #define ext3_journal_dirty_metadata(handle, bh) \ __ext3_journal_dirty_metadata(__FUNCTION__, (handle), (bh)) +#define ext3_journal_forget(handle, bh) \ + __ext3_journal_forget(__FUNCTION__, (handle), (bh)) handle_t *ext3_journal_start_sb(struct super_block *sb, int nblocks); int __ext3_journal_stop(const char *where, handle_t *handle); Index: linux-2.6.10-ck7/include/linux/ipv6.h =================================================================== --- linux-2.6.10-ck7.orig/include/linux/ipv6.h 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck7/include/linux/ipv6.h 2005-03-01 21:38:38.000000000 +1100 @@ -279,6 +279,7 @@ struct tcp6_sock { struct ipv6_pinfo inet6; }; +#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) static inline struct ipv6_pinfo * inet6_sk(const struct sock *__sk) { return ((struct raw6_sock *)__sk)->pinet6; @@ -289,7 +290,6 @@ static inline struct raw6_opt * raw6_sk( return &((struct raw6_sock *)__sk)->raw6; } -#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) #define __ipv6_only_sock(sk) (inet6_sk(sk)->ipv6only) #define ipv6_only_sock(sk) ((sk)->sk_family == PF_INET6 && __ipv6_only_sock(sk)) #else Index: linux-2.6.10-ck7/include/linux/jbd.h =================================================================== --- linux-2.6.10-ck7.orig/include/linux/jbd.h 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck7/include/linux/jbd.h 2005-03-01 21:38:38.000000000 +1100 @@ -277,13 +277,15 @@ void buffer_assertion_failure(struct buf #define J_EXPECT_JH(jh, expr, why...) J_ASSERT_JH(jh, expr) #else #define __journal_expect(expr, why...) \ - do { \ - if (!(expr)) { \ + ({ \ + int val = (expr); \ + if (!val) { \ printk(KERN_ERR \ "EXT3-fs unexpected failure: %s;\n",# expr); \ - printk(KERN_ERR why); \ + printk(KERN_ERR why "\n"); \ } \ - } while (0) + val; \ + }) #define J_EXPECT(expr, why...) __journal_expect(expr, ## why) #define J_EXPECT_BH(bh, expr, why...) __journal_expect(expr, ## why) #define J_EXPECT_JH(jh, expr, why...) __journal_expect(expr, ## why) @@ -874,7 +876,7 @@ extern int journal_dirty_data (handle_t extern int journal_dirty_metadata (handle_t *, struct buffer_head *); extern void journal_release_buffer (handle_t *, struct buffer_head *, int credits); -extern void journal_forget (handle_t *, struct buffer_head *); +extern int journal_forget (handle_t *, struct buffer_head *); extern void journal_sync_buffer (struct buffer_head *); extern int journal_invalidatepage(journal_t *, struct page *, unsigned long); Index: linux-2.6.10-ck7/include/linux/netfilter_ipv4/ip_conntrack.h =================================================================== --- linux-2.6.10-ck7.orig/include/linux/netfilter_ipv4/ip_conntrack.h 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck7/include/linux/netfilter_ipv4/ip_conntrack.h 2005-03-01 21:38:38.000000000 +1100 @@ -278,10 +278,9 @@ extern void (*ip_conntrack_destroyed)(st /* Fake conntrack entry for untracked connections */ extern struct ip_conntrack ip_conntrack_untracked; -extern int ip_ct_no_defrag; /* Returns new sk_buff, or NULL */ struct sk_buff * -ip_ct_gather_frags(struct sk_buff *skb); +ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user); /* Delete all conntracks which match. */ extern void Index: linux-2.6.10-ck7/include/net/ip.h =================================================================== --- linux-2.6.10-ck7.orig/include/net/ip.h 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck7/include/net/ip.h 2005-03-01 21:38:38.000000000 +1100 @@ -253,9 +253,21 @@ extern int ip_call_ra_chain(struct sk_bu /* * Functions provided by ip_fragment.o */ - -struct sk_buff *ip_defrag(struct sk_buff *skb); -extern void ipfrag_flush(void); + +enum ip_defrag_users +{ + IP_DEFRAG_LOCAL_DELIVER, + IP_DEFRAG_CALL_RA_CHAIN, + IP_DEFRAG_CONNTRACK_IN, + IP_DEFRAG_CONNTRACK_OUT, + IP_DEFRAG_NAT_OUT, + IP_DEFRAG_FW_COMPAT, + IP_DEFRAG_VS_IN, + IP_DEFRAG_VS_OUT, + IP_DEFRAG_VS_FWD +}; + +struct sk_buff *ip_defrag(struct sk_buff *skb, u32 user); extern int ip_frag_nqueues; extern atomic_t ip_frag_mem; Index: linux-2.6.10-ck7/kernel/audit.c =================================================================== --- linux-2.6.10-ck7.orig/kernel/audit.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck7/kernel/audit.c 2005-03-01 21:38:38.000000000 +1100 @@ -419,7 +419,7 @@ static int audit_receive_skb(struct sk_b if (rlen > skb->len) rlen = skb->len; if ((err = audit_receive_msg(skb, nlh))) { - netlink_ack(skb, nlh, -err); + netlink_ack(skb, nlh, err); } else if (nlh->nlmsg_flags & NLM_F_ACK) netlink_ack(skb, nlh, 0); skb_pull(skb, rlen); Index: linux-2.6.10-ck7/kernel/auditsc.c =================================================================== --- linux-2.6.10-ck7.orig/kernel/auditsc.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck7/kernel/auditsc.c 2005-03-01 21:38:38.000000000 +1100 @@ -591,7 +591,7 @@ static void audit_log_exit(struct audit_ if (context->personality != PER_LINUX) audit_log_format(ab, " per=%lx", context->personality); if (context->return_valid) - audit_log_format(ab, " exit=%u", context->return_code); + audit_log_format(ab, " exit=%d", context->return_code); audit_log_format(ab, " a0=%lx a1=%lx a2=%lx a3=%lx items=%d" " pid=%d loginuid=%d uid=%d gid=%d" Index: linux-2.6.10-ck7/kernel/exit.c =================================================================== --- linux-2.6.10-ck7.orig/kernel/exit.c 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck7/kernel/exit.c 2005-03-01 21:38:38.000000000 +1100 @@ -332,7 +332,9 @@ void daemonize(const char *name, ...) exit_mm(current); set_special_pids(1, 1); + down(&tty_sem); current->signal->tty = NULL; + up(&tty_sem); /* Block and flush all signals */ sigfillset(&blocked); Index: linux-2.6.10-ck7/kernel/module.c =================================================================== --- linux-2.6.10-ck7.orig/kernel/module.c 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck7/kernel/module.c 2005-03-01 21:38:38.000000000 +1100 @@ -1713,6 +1713,9 @@ static struct module *load_module(void _ / sizeof(struct kernel_param), NULL); } + if (err < 0) + goto arch_cleanup; + err = mod_sysfs_setup(mod, (struct kernel_param *) sechdrs[setupindex].sh_addr, Index: linux-2.6.10-ck7/kernel/sched.c =================================================================== --- linux-2.6.10-ck7.orig/kernel/sched.c 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck7/kernel/sched.c 2005-03-01 21:38:38.000000000 +1100 @@ -4631,7 +4631,7 @@ void __might_sleep(char *file, int line) static unsigned long prev_jiffy; /* ratelimiting */ if ((in_atomic() || irqs_disabled()) && - system_state == SYSTEM_RUNNING) { + system_state == SYSTEM_RUNNING && !oops_in_progress) { if (time_before(jiffies, prev_jiffy + HZ) && prev_jiffy) return; prev_jiffy = jiffies; Index: linux-2.6.10-ck7/kernel/sys.c =================================================================== --- linux-2.6.10-ck7.orig/kernel/sys.c 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck7/kernel/sys.c 2005-03-01 21:38:38.000000000 +1100 @@ -23,6 +23,7 @@ #include #include #include +#include #include #include @@ -1075,6 +1076,7 @@ asmlinkage long sys_setsid(void) if (!thread_group_leader(current)) return -EINVAL; + down(&tty_sem); write_lock_irq(&tasklist_lock); pid = find_pid(PIDTYPE_PGID, current->pid); @@ -1088,6 +1090,7 @@ asmlinkage long sys_setsid(void) err = process_group(current); out: write_unlock_irq(&tasklist_lock); + up(&tty_sem); return err; } Index: linux-2.6.10-ck7/Makefile =================================================================== --- linux-2.6.10-ck7.orig/Makefile 2004-12-25 10:14:46.000000000 +1100 +++ linux-2.6.10-ck7/Makefile 2005-03-01 21:38:38.000000000 +1100 @@ -1,8 +1,8 @@ VERSION = 2 PATCHLEVEL = 6 SUBLEVEL = 10 -EXTRAVERSION = -NAME=Woozy Numbat +EXTRAVERSION = -as6 +NAME=Bulls On Parade # *DOCUMENTATION* # To see a list of typical targets execute "make help" Index: linux-2.6.10-ck7/mm/mmap.c =================================================================== --- linux-2.6.10-ck7.orig/mm/mmap.c 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck7/mm/mmap.c 2005-03-01 21:38:38.000000000 +1100 @@ -1319,13 +1319,57 @@ out: return prev ? prev->vm_next : vma; } +/* + * Verify that the stack growth is acceptable and + * update accounting. This is shared with both the + * grow-up and grow-down cases. + */ +static int acct_stack_growth(struct vm_area_struct * vma, unsigned long size, unsigned long grow) +{ + struct mm_struct *mm = vma->vm_mm; + struct rlimit *rlim = current->signal->rlim; + + /* address space limit tests */ + rlim = current->signal->rlim; + if (mm->total_vm + grow > rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT) + return -ENOMEM; + + /* Stack limit test */ + if (size > rlim[RLIMIT_STACK].rlim_cur) + return -ENOMEM; + + /* mlock limit tests */ + if (vma->vm_flags & VM_LOCKED) { + unsigned long locked; + unsigned long limit; + locked = mm->locked_vm + grow; + limit = rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT; + if (locked > limit && !capable(CAP_IPC_LOCK)) + return -ENOMEM; + } + + /* + * Overcommit.. This must be the final test, as it will + * update security statistics. + */ + if (security_vm_enough_memory(grow)) + return -ENOMEM; + + /* Ok, everything looks good - let it rip */ + mm->total_vm += grow; + if (vma->vm_flags & VM_LOCKED) + mm->locked_vm += grow; + __vm_stat_account(mm, vma->vm_flags, vma->vm_file, grow); + return 0; +} + #ifdef CONFIG_STACK_GROWSUP /* * vma is the first one with address > vma->vm_end. Have to extend vma. */ int expand_stack(struct vm_area_struct * vma, unsigned long address) { - unsigned long grow; + int error; if (!(vma->vm_flags & VM_GROWSUP)) return -EFAULT; @@ -1345,28 +1389,21 @@ int expand_stack(struct vm_area_struct * */ address += 4 + PAGE_SIZE - 1; address &= PAGE_MASK; - grow = (address - vma->vm_end) >> PAGE_SHIFT; + error = 0; - /* Overcommit.. */ - if (security_vm_enough_memory(grow)) { - anon_vma_unlock(vma); - return -ENOMEM; + /* Somebody else might have raced and expanded it already */ + if (address > vma->vm_end) { + unsigned long size, grow; + + size = address - vma->vm_start; + grow = (address - vma->vm_end) >> PAGE_SHIFT; + + error = acct_stack_growth(vma, size, grow); + if (!error) + vma->vm_end = address; } - - if (address - vma->vm_start > current->signal->rlim[RLIMIT_STACK].rlim_cur || - ((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > - current->signal->rlim[RLIMIT_AS].rlim_cur) { - anon_vma_unlock(vma); - vm_unacct_memory(grow); - return -ENOMEM; - } - vma->vm_end = address; - vma->vm_mm->total_vm += grow; - if (vma->vm_flags & VM_LOCKED) - vma->vm_mm->locked_vm += grow; - __vm_stat_account(vma->vm_mm, vma->vm_flags, vma->vm_file, grow); anon_vma_unlock(vma); - return 0; + return error; } struct vm_area_struct * @@ -1391,7 +1428,7 @@ find_extend_vma(struct mm_struct *mm, un */ int expand_stack(struct vm_area_struct *vma, unsigned long address) { - unsigned long grow; + int error; /* * We must make sure the anon_vma is allocated @@ -1407,29 +1444,23 @@ int expand_stack(struct vm_area_struct * * anon_vma lock to serialize against concurrent expand_stacks. */ address &= PAGE_MASK; - grow = (vma->vm_start - address) >> PAGE_SHIFT; + error = 0; - /* Overcommit.. */ - if (security_vm_enough_memory(grow)) { - anon_vma_unlock(vma); - return -ENOMEM; - } - - if (vma->vm_end - address > current->signal->rlim[RLIMIT_STACK].rlim_cur || - ((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > - current->signal->rlim[RLIMIT_AS].rlim_cur) { - anon_vma_unlock(vma); - vm_unacct_memory(grow); - return -ENOMEM; + /* Somebody else might have raced and expanded it already */ + if (address < vma->vm_start) { + unsigned long size, grow; + + size = vma->vm_end - address; + grow = (vma->vm_start - address) >> PAGE_SHIFT; + + error = acct_stack_growth(vma, size, grow); + if (!error) { + vma->vm_start = address; + vma->vm_pgoff -= grow; + } } - vma->vm_start = address; - vma->vm_pgoff -= grow; - vma->vm_mm->total_vm += grow; - if (vma->vm_flags & VM_LOCKED) - vma->vm_mm->locked_vm += grow; - __vm_stat_account(vma->vm_mm, vma->vm_flags, vma->vm_file, grow); anon_vma_unlock(vma); - return 0; + return error; } struct vm_area_struct * @@ -1770,6 +1801,12 @@ unsigned long do_brk(unsigned long addr, } /* + * mm->mmap_sem is required to protect against another thread + * changing the mappings in case we sleep. + */ + WARN_ON(down_read_trylock(&mm->mmap_sem)); + + /* * Clear old maps. this also does some error checking for us */ munmap_back: Index: linux-2.6.10-ck7/mm/vmscan.c =================================================================== --- linux-2.6.10-ck7.orig/mm/vmscan.c 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck7/mm/vmscan.c 2005-03-01 21:38:38.000000000 +1100 @@ -1063,6 +1063,7 @@ scan: shrink_slab(sc.nr_scanned, GFP_KERNEL, lru_pages); sc.nr_reclaimed += reclaim_state->reclaimed_slab; total_reclaimed += sc.nr_reclaimed; + total_scanned += sc.nr_scanned; if (zone->all_unreclaimable) continue; if (zone->pages_scanned >= (zone->nr_active + Index: linux-2.6.10-ck7/net/atm/addr.c =================================================================== --- linux-2.6.10-ck7.orig/net/atm/addr.c 2004-06-16 17:35:46.000000000 +1000 +++ linux-2.6.10-ck7/net/atm/addr.c 2005-03-01 21:38:38.000000000 +1100 @@ -114,7 +114,7 @@ int atm_del_addr(struct atm_dev *dev,str } -int atm_get_addr(struct atm_dev *dev,struct sockaddr_atmsvc __user *buf,int size) +int atm_get_addr(struct atm_dev *dev,struct sockaddr_atmsvc __user *buf,size_t size) { unsigned long flags; struct atm_dev_addr *walk; Index: linux-2.6.10-ck7/net/atm/addr.h =================================================================== --- linux-2.6.10-ck7.orig/net/atm/addr.h 2004-06-16 17:35:46.000000000 +1000 +++ linux-2.6.10-ck7/net/atm/addr.h 2005-03-01 21:38:38.000000000 +1100 @@ -13,6 +13,6 @@ void atm_reset_addr(struct atm_dev *dev); int atm_add_addr(struct atm_dev *dev,struct sockaddr_atmsvc *addr); int atm_del_addr(struct atm_dev *dev,struct sockaddr_atmsvc *addr); -int atm_get_addr(struct atm_dev *dev,struct sockaddr_atmsvc __user *buf,int size); +int atm_get_addr(struct atm_dev *dev,struct sockaddr_atmsvc __user *buf,size_t size); #endif Index: linux-2.6.10-ck7/net/compat.c =================================================================== --- linux-2.6.10-ck7.orig/net/compat.c 2004-12-25 10:14:51.000000000 +1100 +++ linux-2.6.10-ck7/net/compat.c 2005-03-01 21:38:38.000000000 +1100 @@ -125,7 +125,7 @@ int verify_compat_iovec(struct msghdr *k (struct compat_cmsghdr __user *)NULL) #define CMSG_COMPAT_OK(ucmlen, ucmsg, mhdr) \ - ((ucmlen) >= sizeof(struct cmsghdr) && \ + ((ucmlen) >= sizeof(struct compat_cmsghdr) && \ (ucmlen) <= (unsigned long) \ ((mhdr)->msg_controllen - \ ((char *)(ucmsg) - (char *)(mhdr)->msg_control))) Index: linux-2.6.10-ck7/net/ipv4/ip_fragment.c =================================================================== --- linux-2.6.10-ck7.orig/net/ipv4/ip_fragment.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/net/ipv4/ip_fragment.c 2005-03-01 21:38:38.000000000 +1100 @@ -73,6 +73,7 @@ struct ipfrag_skb_cb struct ipq { struct ipq *next; /* linked list pointers */ struct list_head lru_list; /* lru list member */ + u32 user; u32 saddr; u32 daddr; u16 id; @@ -243,13 +244,13 @@ static void ipq_kill(struct ipq *ipq) /* Memory limiting on fragments. Evictor trashes the oldest * fragment queue until we are back under the threshold. */ -static void __ip_evictor(int threshold) +static void ip_evictor(void) { struct ipq *qp; struct list_head *tmp; int work; - work = atomic_read(&ip_frag_mem) - threshold; + work = atomic_read(&ip_frag_mem) - sysctl_ipfrag_low_thresh; if (work <= 0) return; @@ -274,11 +275,6 @@ static void __ip_evictor(int threshold) } } -static inline void ip_evictor(void) -{ - __ip_evictor(sysctl_ipfrag_low_thresh); -} - /* * Oops, a fragment queue timed out. Kill it and send an ICMP reply. */ @@ -325,7 +321,8 @@ static struct ipq *ip_frag_intern(unsign if(qp->id == qp_in->id && qp->saddr == qp_in->saddr && qp->daddr == qp_in->daddr && - qp->protocol == qp_in->protocol) { + qp->protocol == qp_in->protocol && + qp->user == qp_in->user) { atomic_inc(&qp->refcnt); write_unlock(&ipfrag_lock); qp_in->last_in |= COMPLETE; @@ -352,7 +349,7 @@ static struct ipq *ip_frag_intern(unsign } /* Add an entry to the 'ipq' queue for a newly received IP datagram. */ -static struct ipq *ip_frag_create(unsigned hash, struct iphdr *iph) +static struct ipq *ip_frag_create(unsigned hash, struct iphdr *iph, u32 user) { struct ipq *qp; @@ -364,6 +361,7 @@ static struct ipq *ip_frag_create(unsign qp->id = iph->id; qp->saddr = iph->saddr; qp->daddr = iph->daddr; + qp->user = user; qp->len = 0; qp->meat = 0; qp->fragments = NULL; @@ -386,7 +384,7 @@ out_nomem: /* Find the correct entry in the "incomplete datagrams" queue for * this IP datagram, and create new one, if nothing is found. */ -static inline struct ipq *ip_find(struct iphdr *iph) +static inline struct ipq *ip_find(struct iphdr *iph, u32 user) { __u16 id = iph->id; __u32 saddr = iph->saddr; @@ -400,7 +398,8 @@ static inline struct ipq *ip_find(struct if(qp->id == id && qp->saddr == saddr && qp->daddr == daddr && - qp->protocol == protocol) { + qp->protocol == protocol && + qp->user == user) { atomic_inc(&qp->refcnt); read_unlock(&ipfrag_lock); return qp; @@ -408,7 +407,7 @@ static inline struct ipq *ip_find(struct } read_unlock(&ipfrag_lock); - return ip_frag_create(hash, iph); + return ip_frag_create(hash, iph, user); } /* Add new segment to existing queue. */ @@ -642,7 +641,7 @@ out_fail: } /* Process an incoming IP datagram fragment. */ -struct sk_buff *ip_defrag(struct sk_buff *skb) +struct sk_buff *ip_defrag(struct sk_buff *skb, u32 user) { struct iphdr *iph = skb->nh.iph; struct ipq *qp; @@ -657,7 +656,7 @@ struct sk_buff *ip_defrag(struct sk_buff dev = skb->dev; /* Lookup (or create) queue header */ - if ((qp = ip_find(iph)) != NULL) { + if ((qp = ip_find(iph, user)) != NULL) { struct sk_buff *ret = NULL; spin_lock(&qp->lock); @@ -689,10 +688,4 @@ void ipfrag_init(void) add_timer(&ipfrag_secret_timer); } -void ipfrag_flush(void) -{ - __ip_evictor(0); -} - EXPORT_SYMBOL(ip_defrag); -EXPORT_SYMBOL(ipfrag_flush); Index: linux-2.6.10-ck7/net/ipv4/ip_input.c =================================================================== --- linux-2.6.10-ck7.orig/net/ipv4/ip_input.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck7/net/ipv4/ip_input.c 2005-03-01 21:38:38.000000000 +1100 @@ -172,7 +172,7 @@ int ip_call_ra_chain(struct sk_buff *skb (!sk->sk_bound_dev_if || sk->sk_bound_dev_if == skb->dev->ifindex)) { if (skb->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { - skb = ip_defrag(skb); + skb = ip_defrag(skb, IP_DEFRAG_CALL_RA_CHAIN); if (skb == NULL) { read_unlock(&ip_ra_lock); return 1; @@ -273,7 +273,7 @@ int ip_local_deliver(struct sk_buff *skb */ if (skb->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { - skb = ip_defrag(skb); + skb = ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER); if (!skb) return 0; } Index: linux-2.6.10-ck7/net/ipv4/ip_output.c =================================================================== --- linux-2.6.10-ck7.orig/net/ipv4/ip_output.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/net/ipv4/ip_output.c 2005-03-01 21:38:38.000000000 +1100 @@ -504,6 +504,7 @@ int ip_fragment(struct sk_buff *skb, int /* Prepare header of the next frame, * before previous one went down. */ if (frag) { + frag->ip_summed = CHECKSUM_NONE; frag->h.raw = frag->data; frag->nh.raw = __skb_push(frag, hlen); memcpy(frag->nh.raw, iph, hlen); Index: linux-2.6.10-ck7/net/ipv4/ipvs/ip_vs_core.c =================================================================== --- linux-2.6.10-ck7.orig/net/ipv4/ipvs/ip_vs_core.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck7/net/ipv4/ipvs/ip_vs_core.c 2005-03-01 21:38:38.000000000 +1100 @@ -545,9 +545,9 @@ u16 ip_vs_checksum_complete(struct sk_bu } static inline struct sk_buff * -ip_vs_gather_frags(struct sk_buff *skb) +ip_vs_gather_frags(struct sk_buff *skb, u_int32_t user) { - skb = ip_defrag(skb); + skb = ip_defrag(skb, user); if (skb) ip_send_check(skb->nh.iph); return skb; @@ -621,7 +621,7 @@ static int ip_vs_out_icmp(struct sk_buff /* reassemble IP fragments */ if (skb->nh.iph->frag_off & __constant_htons(IP_MF|IP_OFFSET)) { - skb = ip_vs_gather_frags(skb); + skb = ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT); if (!skb) return NF_STOLEN; *pskb = skb; @@ -760,7 +760,7 @@ ip_vs_out(unsigned int hooknum, struct s /* reassemble IP fragments */ if (unlikely(iph->frag_off & __constant_htons(IP_MF|IP_OFFSET) && !pp->dont_defrag)) { - skb = ip_vs_gather_frags(skb); + skb = ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT); if (!skb) return NF_STOLEN; iph = skb->nh.iph; @@ -865,7 +865,8 @@ check_for_ip_vs_out(struct sk_buff **psk * forward to the right destination host if relevant. * Currently handles error types - unreachable, quench, ttl exceeded. */ -static int ip_vs_in_icmp(struct sk_buff **pskb, int *related) +static int +ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum) { struct sk_buff *skb = *pskb; struct iphdr *iph; @@ -879,7 +880,9 @@ static int ip_vs_in_icmp(struct sk_buff /* reassemble IP fragments */ if (skb->nh.iph->frag_off & __constant_htons(IP_MF|IP_OFFSET)) { - skb = ip_vs_gather_frags(skb); + skb = ip_vs_gather_frags(skb, + hooknum == NF_IP_LOCAL_IN ? + IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD); if (!skb) return NF_STOLEN; *pskb = skb; @@ -988,7 +991,7 @@ ip_vs_in(unsigned int hooknum, struct sk iph = skb->nh.iph; if (unlikely(iph->protocol == IPPROTO_ICMP)) { - int related, verdict = ip_vs_in_icmp(pskb, &related); + int related, verdict = ip_vs_in_icmp(pskb, &related, hooknum); if (related) return verdict; @@ -1083,7 +1086,7 @@ ip_vs_forward_icmp(unsigned int hooknum, if ((*pskb)->nh.iph->protocol != IPPROTO_ICMP) return NF_ACCEPT; - return ip_vs_in_icmp(pskb, &r); + return ip_vs_in_icmp(pskb, &r, hooknum); } Index: linux-2.6.10-ck7/net/ipv4/netfilter/ip_conntrack_core.c =================================================================== --- linux-2.6.10-ck7.orig/net/ipv4/netfilter/ip_conntrack_core.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/net/ipv4/netfilter/ip_conntrack_core.c 2005-03-01 21:38:38.000000000 +1100 @@ -1113,29 +1113,22 @@ void ip_ct_refresh_acct(struct ip_conntr } } -int ip_ct_no_defrag; - /* Returns new sk_buff, or NULL */ struct sk_buff * -ip_ct_gather_frags(struct sk_buff *skb) +ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user) { struct sock *sk = skb->sk; #ifdef CONFIG_NETFILTER_DEBUG unsigned int olddebug = skb->nf_debug; #endif - if (unlikely(ip_ct_no_defrag)) { - kfree_skb(skb); - return NULL; - } - if (sk) { sock_hold(sk); skb_orphan(skb); } local_bh_disable(); - skb = ip_defrag(skb); + skb = ip_defrag(skb, user); local_bh_enable(); if (!skb) { Index: linux-2.6.10-ck7/net/ipv4/netfilter/ip_conntrack_proto_sctp.c =================================================================== --- linux-2.6.10-ck7.orig/net/ipv4/netfilter/ip_conntrack_proto_sctp.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck7/net/ipv4/netfilter/ip_conntrack_proto_sctp.c 2005-03-01 21:38:38.000000000 +1100 @@ -609,7 +609,7 @@ static ctl_table ip_ct_net_table[] = { static struct ctl_table_header *ip_ct_sysctl_header; #endif -int __init init(void) +static int __init init(void) { int ret; @@ -622,6 +622,7 @@ int __init init(void) #ifdef CONFIG_SYSCTL ip_ct_sysctl_header = register_sysctl_table(ip_ct_net_table, 0); if (ip_ct_sysctl_header == NULL) { + ret = -ENOMEM; printk("ip_conntrack_proto_sctp: can't register to sysctl.\n"); goto cleanup; } @@ -639,7 +640,7 @@ int __init init(void) return ret; } -void __exit fini(void) +static void __exit fini(void) { ip_conntrack_protocol_unregister(&ip_conntrack_protocol_sctp); #ifdef CONFIG_SYSCTL Index: linux-2.6.10-ck7/net/ipv4/netfilter/ip_conntrack_proto_tcp.c =================================================================== --- linux-2.6.10-ck7.orig/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2005-03-01 21:38:38.000000000 +1100 @@ -906,7 +906,8 @@ static int tcp_packet(struct ip_conntrac if (index == TCP_RST_SET && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status) && conntrack->proto.tcp.last_index <= TCP_SYNACK_SET) - || conntrack->proto.tcp.last_index == TCP_ACK_SET) + || (!test_bit(IPS_ASSURED_BIT, &conntrack->status) + && conntrack->proto.tcp.last_index == TCP_ACK_SET)) && after(ntohl(th->ack_seq), conntrack->proto.tcp.last_seq)) { /* Ignore RST closing down invalid SYN or ACK Index: linux-2.6.10-ck7/net/ipv4/netfilter/ip_conntrack_standalone.c =================================================================== --- linux-2.6.10-ck7.orig/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-03-01 21:38:38.000000000 +1100 @@ -381,7 +381,10 @@ static unsigned int ip_conntrack_defrag( /* Gather fragments. */ if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { - *pskb = ip_ct_gather_frags(*pskb); + *pskb = ip_ct_gather_frags(*pskb, + hooknum == NF_IP_PRE_ROUTING ? + IP_DEFRAG_CONNTRACK_IN : + IP_DEFRAG_CONNTRACK_OUT); if (!*pskb) return NF_STOLEN; } @@ -791,7 +794,8 @@ static int init_or_cleanup(int init) ip_ct_sysctl_header = register_sysctl_table(ip_ct_net_table, 0); if (ip_ct_sysctl_header == NULL) { printk("ip_conntrack: can't register to sysctl.\n"); - goto cleanup; + ret = -ENOMEM; + goto cleanup_localinops; } #endif @@ -800,6 +804,7 @@ static int init_or_cleanup(int init) cleanup: #ifdef CONFIG_SYSCTL unregister_sysctl_table(ip_ct_sysctl_header); + cleanup_localinops: #endif nf_unregister_hook(&ip_conntrack_local_in_ops); cleanup_inoutandlocalops: @@ -811,17 +816,11 @@ static int init_or_cleanup(int init) cleanup_defraglocalops: nf_unregister_hook(&ip_conntrack_defrag_local_out_ops); cleanup_defragops: - /* Frag queues may hold fragments with skb->dst == NULL */ - ip_ct_no_defrag = 1; - synchronize_net(); - local_bh_disable(); - ipfrag_flush(); - local_bh_enable(); nf_unregister_hook(&ip_conntrack_defrag_ops); cleanup_proc_stat: #ifdef CONFIG_PROC_FS - proc_net_remove("ip_conntrack_stat"); -cleanup_proc_exp: + remove_proc_entry("ip_conntrack", proc_net_stat); + cleanup_proc_exp: proc_net_remove("ip_conntrack_expect"); cleanup_proc: proc_net_remove("ip_conntrack"); Index: linux-2.6.10-ck7/net/ipv4/netfilter/ip_fw_compat.c =================================================================== --- linux-2.6.10-ck7.orig/net/ipv4/netfilter/ip_fw_compat.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/net/ipv4/netfilter/ip_fw_compat.c 2005-03-01 21:38:38.000000000 +1100 @@ -80,7 +80,7 @@ fw_in(unsigned int hooknum, &redirpt, pskb); if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { - *pskb = ip_ct_gather_frags(*pskb); + *pskb = ip_ct_gather_frags(*pskb, IP_DEFRAG_NAT_OUT); if (!*pskb) return NF_STOLEN; Index: linux-2.6.10-ck7/net/ipv4/netfilter/ip_nat_standalone.c =================================================================== --- linux-2.6.10-ck7.orig/net/ipv4/netfilter/ip_nat_standalone.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/net/ipv4/netfilter/ip_nat_standalone.c 2005-03-01 21:38:38.000000000 +1100 @@ -202,7 +202,7 @@ ip_nat_out(unsigned int hooknum, I'm starting to have nightmares about fragments. */ if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { - *pskb = ip_ct_gather_frags(*pskb); + *pskb = ip_ct_gather_frags(*pskb, IP_DEFRAG_NAT_OUT); if (!*pskb) return NF_STOLEN; Index: linux-2.6.10-ck7/net/ipv4/netfilter/ipt_ECN.c =================================================================== --- linux-2.6.10-ck7.orig/net/ipv4/netfilter/ipt_ECN.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/net/ipv4/netfilter/ipt_ECN.c 2005-03-01 21:38:38.000000000 +1100 @@ -67,7 +67,7 @@ set_ect_tcp(struct sk_buff **pskb, const if (einfo->operation & IPT_ECN_OP_SET_CWR) th->cwr = einfo->proto.tcp.cwr; - diffs[1] = ((u_int16_t *)&th)[6]; + diffs[1] = ((u_int16_t *)th)[6]; /* Only mangle if it's changed. */ if (diffs[0] != diffs[1]) { Index: linux-2.6.10-ck7/net/ipv4/netfilter/ipt_recent.c =================================================================== --- linux-2.6.10-ck7.orig/net/ipv4/netfilter/ipt_recent.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/net/ipv4/netfilter/ipt_recent.c 2005-03-01 21:38:38.000000000 +1100 @@ -959,7 +959,7 @@ static struct ipt_match recent_match = { /* Kernel module initialization. */ static int __init init(void) { - int count; + int err, count; printk(version); #ifdef CONFIG_PROC_FS @@ -983,7 +983,10 @@ static int __init init(void) if(debug) printk(KERN_INFO RECENT_NAME ": ip_list_hash_size: %d\n",ip_list_hash_size); #endif - return ipt_register_match(&recent_match); + err = ipt_register_match(&recent_match); + if (err) + remove_proc_entry("ipt_recent", proc_net); + return err; } /* Kernel module destruction. */ Index: linux-2.6.10-ck7/net/ipv4/tcp.c =================================================================== --- linux-2.6.10-ck7.orig/net/ipv4/tcp.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/net/ipv4/tcp.c 2005-03-01 21:38:38.000000000 +1100 @@ -654,7 +654,7 @@ static ssize_t do_tcp_sendpages(struct s while (psize > 0) { struct sk_buff *skb = sk->sk_write_queue.prev; struct page *page = pages[poffset / PAGE_SIZE]; - int copy, i; + int copy, i, can_coalesce; int offset = poffset % PAGE_SIZE; int size = min_t(size_t, psize, PAGE_SIZE - offset); @@ -663,7 +663,7 @@ new_segment: if (!sk_stream_memory_free(sk)) goto wait_for_sndbuf; - skb = sk_stream_alloc_pskb(sk, 0, tp->mss_cache, + skb = sk_stream_alloc_pskb(sk, 0, 0, sk->sk_allocation); if (!skb) goto wait_for_memory; @@ -676,18 +676,27 @@ new_segment: copy = size; i = skb_shinfo(skb)->nr_frags; - if (skb_can_coalesce(skb, i, page, offset)) { + can_coalesce = skb_can_coalesce(skb, i, page, offset); + if (!can_coalesce && i >= MAX_SKB_FRAGS) { + tcp_mark_push(tp, skb); + goto new_segment; + } + if (sk->sk_forward_alloc < copy && + !sk_stream_mem_schedule(sk, copy, 0)) + goto wait_for_memory; + + if (can_coalesce) { skb_shinfo(skb)->frags[i - 1].size += copy; - } else if (i < MAX_SKB_FRAGS) { + } else { get_page(page); skb_fill_page_desc(skb, i, page, offset, copy); - } else { - tcp_mark_push(tp, skb); - goto new_segment; } skb->len += copy; skb->data_len += copy; + skb->truesize += copy; + sk->sk_wmem_queued += copy; + sk->sk_forward_alloc -= copy; skb->ip_summed = CHECKSUM_HW; tp->write_seq += copy; TCP_SKB_CB(skb)->end_seq += copy; Index: linux-2.6.10-ck7/net/ipv6/ip6_output.c =================================================================== --- linux-2.6.10-ck7.orig/net/ipv6/ip6_output.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/net/ipv6/ip6_output.c 2005-03-01 21:38:38.000000000 +1100 @@ -592,6 +592,7 @@ static int ip6_fragment(struct sk_buff * /* Prepare header of the next frame, * before previous one went down. */ if (frag) { + frag->ip_summed = CHECKSUM_NONE; frag->h.raw = frag->data; fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr)); frag->nh.raw = __skb_push(frag, hlen); Index: linux-2.6.10-ck7/net/ipv6/sit.c =================================================================== --- linux-2.6.10-ck7.orig/net/ipv6/sit.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck7/net/ipv6/sit.c 2005-03-01 21:38:38.000000000 +1100 @@ -135,10 +135,10 @@ static void ipip6_tunnel_link(struct ip_ { struct ip_tunnel **tp = ipip6_bucket(t); - write_lock_bh(&ipip6_lock); t->next = *tp; - write_unlock_bh(&ipip6_lock); + write_lock_bh(&ipip6_lock); *tp = t; + write_unlock_bh(&ipip6_lock); } static struct ip_tunnel * ipip6_tunnel_locate(struct ip_tunnel_parm *parms, int create) Index: linux-2.6.10-ck7/net/sched/police.c =================================================================== --- linux-2.6.10-ck7.orig/net/sched/police.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/net/sched/police.c 2005-03-01 21:38:38.000000000 +1100 @@ -180,7 +180,8 @@ int tcf_act_police_locate(struct rtattr if (rtattr_parse(tb, TCA_POLICE_MAX, RTA_DATA(rta), RTA_PAYLOAD(rta)) < 0) return -1; - if (tb[TCA_POLICE_TBF-1] == NULL) + if (tb[TCA_POLICE_TBF-1] == NULL || + RTA_PAYLOAD(tb[TCA_POLICE_TBF-1]) != sizeof(*parm)) return -1; parm = RTA_DATA(tb[TCA_POLICE_TBF-1]); @@ -220,11 +221,17 @@ override: goto failure; } } - if (tb[TCA_POLICE_RESULT-1]) - p->result = *(int*)RTA_DATA(tb[TCA_POLICE_RESULT-1]); + if (tb[TCA_POLICE_RESULT-1]) { + if (RTA_PAYLOAD(tb[TCA_POLICE_RESULT-1]) != sizeof(u32)) + goto failure; + p->result = *(u32*)RTA_DATA(tb[TCA_POLICE_RESULT-1]); + } #ifdef CONFIG_NET_ESTIMATOR - if (tb[TCA_POLICE_AVRATE-1]) + if (tb[TCA_POLICE_AVRATE-1]) { + if (RTA_PAYLOAD(tb[TCA_POLICE_AVRATE-1]) != sizeof(u32)) + goto failure; p->ewma_rate = *(u32*)RTA_DATA(tb[TCA_POLICE_AVRATE-1]); + } #endif p->toks = p->burst = parm->burst; p->mtu = parm->mtu; @@ -424,7 +431,8 @@ struct tcf_police * tcf_police_locate(st if (rtattr_parse(tb, TCA_POLICE_MAX, RTA_DATA(rta), RTA_PAYLOAD(rta)) < 0) return NULL; - if (tb[TCA_POLICE_TBF-1] == NULL) + if (tb[TCA_POLICE_TBF-1] == NULL || + RTA_PAYLOAD(tb[TCA_POLICE_TBF-1]) != sizeof(*parm)) return NULL; parm = RTA_DATA(tb[TCA_POLICE_TBF-1]); @@ -449,11 +457,17 @@ struct tcf_police * tcf_police_locate(st (p->P_tab = qdisc_get_rtab(&parm->peakrate, tb[TCA_POLICE_PEAKRATE-1])) == NULL) goto failure; } - if (tb[TCA_POLICE_RESULT-1]) - p->result = *(int*)RTA_DATA(tb[TCA_POLICE_RESULT-1]); + if (tb[TCA_POLICE_RESULT-1]) { + if (RTA_PAYLOAD(tb[TCA_POLICE_RESULT-1]) != sizeof(u32)) + goto failure; + p->result = *(u32*)RTA_DATA(tb[TCA_POLICE_RESULT-1]); + } #ifdef CONFIG_NET_ESTIMATOR - if (tb[TCA_POLICE_AVRATE-1]) + if (tb[TCA_POLICE_AVRATE-1]) { + if (RTA_PAYLOAD(tb[TCA_POLICE_AVRATE-1]) != sizeof(u32)) + goto failure; p->ewma_rate = *(u32*)RTA_DATA(tb[TCA_POLICE_AVRATE-1]); + } #endif p->toks = p->burst = parm->burst; p->mtu = parm->mtu; Index: linux-2.6.10-ck7/net/sctp/input.c =================================================================== --- linux-2.6.10-ck7.orig/net/sctp/input.c 2004-08-15 14:08:20.000000000 +1000 +++ linux-2.6.10-ck7/net/sctp/input.c 2005-03-01 21:38:38.000000000 +1100 @@ -326,11 +326,12 @@ struct sock *sctp_err_lookup(int family, } if (asoc) { + sk = asoc->base.sk; + if (ntohl(sctphdr->vtag) != asoc->c.peer_vtag) { ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); goto out; } - sk = asoc->base.sk; } else sk = ep->base.sk; Index: linux-2.6.10-ck7/net/sctp/socket.c =================================================================== --- linux-2.6.10-ck7.orig/net/sctp/socket.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/net/sctp/socket.c 2005-03-01 21:38:38.000000000 +1100 @@ -343,8 +343,8 @@ SCTP_STATIC int sctp_do_bind(struct sock } /* Refresh ephemeral port. */ - if (!snum) - snum = inet_sk(sk)->num; + if (!bp->port) + bp->port = inet_sk(sk)->num; /* Add the address to the bind address list. */ sctp_local_bh_disable(); @@ -354,8 +354,6 @@ SCTP_STATIC int sctp_do_bind(struct sock addr->v4.sin_port = ntohs(addr->v4.sin_port); ret = sctp_add_bind_addr(bp, addr, GFP_ATOMIC); addr->v4.sin_port = htons(addr->v4.sin_port); - if (!ret && !bp->port) - bp->port = snum; sctp_write_unlock(&ep->base.addr_lock); sctp_local_bh_enable(); Index: linux-2.6.10-ck7/net/sunrpc/sched.c =================================================================== --- linux-2.6.10-ck7.orig/net/sunrpc/sched.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck7/net/sunrpc/sched.c 2005-03-01 21:38:38.000000000 +1100 @@ -875,11 +875,6 @@ void rpc_init_task(struct rpc_task *task task->tk_cookie = (unsigned long)current; INIT_LIST_HEAD(&task->tk_links); - /* Add to global list of all tasks */ - spin_lock(&rpc_sched_lock); - list_add(&task->tk_task, &all_tasks); - spin_unlock(&rpc_sched_lock); - if (clnt) { atomic_inc(&clnt->cl_users); if (clnt->cl_softrtry) @@ -892,6 +887,11 @@ void rpc_init_task(struct rpc_task *task task->tk_magic = 0xf00baa; task->tk_pid = rpc_task_id++; #endif + /* Add to global list of all tasks */ + spin_lock(&rpc_sched_lock); + list_add_tail(&task->tk_task, &all_tasks); + spin_unlock(&rpc_sched_lock); + dprintk("RPC: %4d new task procpid %d\n", task->tk_pid, current->pid); } @@ -1080,12 +1080,15 @@ rpc_killall_tasks(struct rpc_clnt *clnt) * Spin lock all_tasks to prevent changes... */ spin_lock(&rpc_sched_lock); - alltask_for_each(rovr, le, &all_tasks) + alltask_for_each(rovr, le, &all_tasks) { + if (! RPC_IS_ACTIVATED(rovr)) + continue; if (!clnt || rovr->tk_client == clnt) { rovr->tk_flags |= RPC_TASK_KILLED; rpc_exit(rovr, -EIO); rpc_wake_up_task(rovr); } + } spin_unlock(&rpc_sched_lock); } Index: linux-2.6.10-ck7/net/sunrpc/xdr.c =================================================================== --- linux-2.6.10-ck7.orig/net/sunrpc/xdr.c 2004-08-15 14:08:20.000000000 +1000 +++ linux-2.6.10-ck7/net/sunrpc/xdr.c 2005-03-01 21:38:38.000000000 +1100 @@ -498,6 +498,7 @@ _shift_data_right_pages(struct page **pa do { /* Are any pointers crossing a page boundary? */ if (pgto_base == 0) { + flush_dcache_page(*pgto); pgto_base = PAGE_CACHE_SIZE; pgto--; } @@ -521,6 +522,7 @@ _shift_data_right_pages(struct page **pa kunmap_atomic(vto, KM_USER0); } while ((len -= copy) != 0); + flush_dcache_page(*pgto); } /* @@ -554,12 +556,14 @@ _copy_to_pages(struct page **pages, size pgbase += copy; if (pgbase == PAGE_CACHE_SIZE) { + flush_dcache_page(*pgto); pgbase = 0; pgto++; } p += copy; } while ((len -= copy) != 0); + flush_dcache_page(*pgto); } /* Index: linux-2.6.10-ck7/security/dummy.c =================================================================== --- linux-2.6.10-ck7.orig/security/dummy.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/security/dummy.c 2005-03-01 21:38:38.000000000 +1100 @@ -74,11 +74,8 @@ static int dummy_acct (struct file *file static int dummy_capable (struct task_struct *tsk, int cap) { - if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0) - /* capability granted */ + if (cap_raised (tsk->cap_effective, cap)) return 0; - - /* capability denied */ return -EPERM; } @@ -191,6 +188,8 @@ static void dummy_bprm_apply_creds (stru current->suid = current->euid = current->fsuid = bprm->e_uid; current->sgid = current->egid = current->fsgid = bprm->e_gid; + + dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); } static int dummy_bprm_set_security (struct linux_binprm *bprm) @@ -550,6 +549,7 @@ static int dummy_task_setuid (uid_t id0, static int dummy_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags) { + dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); return 0; } Index: linux-2.6.10-ck7/security/Kconfig =================================================================== --- linux-2.6.10-ck7.orig/security/Kconfig 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/security/Kconfig 2005-03-01 21:38:38.000000000 +1100 @@ -76,6 +76,7 @@ config SECURITY_ROOTPLUG config SECURITY_SECLVL tristate "BSD Secure Levels" depends on SECURITY + select CRYPTO select CRYPTO_SHA1 help Implements BSD Secure Levels as an LSM. See Index: linux-2.6.10-ck7/sound/core/seq/seq_midi_emul.c =================================================================== --- linux-2.6.10-ck7.orig/sound/core/seq/seq_midi_emul.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck7/sound/core/seq/seq_midi_emul.c 2005-03-01 21:38:38.000000000 +1100 @@ -549,12 +549,12 @@ sysex(snd_midi_op_t *ops, void *private, } else if (buf[5] == 0x01 && buf[6] == 0x30) { /* reverb mode */ - parsed = SNDRV_MIDI_SYSEX_GS_CHORUS_MODE; + parsed = SNDRV_MIDI_SYSEX_GS_REVERB_MODE; chset->gs_reverb_mode = buf[7]; } else if (buf[5] == 0x01 && buf[6] == 0x38) { /* chorus mode */ - parsed = SNDRV_MIDI_SYSEX_GS_REVERB_MODE; + parsed = SNDRV_MIDI_SYSEX_GS_CHORUS_MODE; chset->gs_chorus_mode = buf[7]; } else if (buf[5] == 0x00 && buf[6] == 0x04) { Index: linux-2.6.10-ck7/sound/drivers/opl3/Makefile =================================================================== --- linux-2.6.10-ck7.orig/sound/drivers/opl3/Makefile 2004-05-23 12:54:39.000000000 +1000 +++ linux-2.6.10-ck7/sound/drivers/opl3/Makefile 2005-03-01 21:38:38.000000000 +1100 @@ -18,4 +18,5 @@ endif sequencer = $(if $(subst y,,$(CONFIG_SND_SEQUENCER)),$(if $(1),m),$(if $(CONFIG_SND_SEQUENCER),$(1))) obj-$(CONFIG_SND_OPL3_LIB) += snd-opl3-lib.o +obj-$(CONFIG_SND_OPL4_LIB) += snd-opl3-lib.o obj-$(call sequencer,$(CONFIG_SND_OPL3_LIB)) += snd-opl3-synth.o Index: linux-2.6.10-ck7/sound/drivers/vx/vx_core.c =================================================================== --- linux-2.6.10-ck7.orig/sound/drivers/vx/vx_core.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck7/sound/drivers/vx/vx_core.c 2005-03-01 21:38:38.000000000 +1100 @@ -734,7 +734,7 @@ vx_core_t *snd_vx_create(snd_card_t *car snd_assert(card && hw && ops, return NULL); - chip = kcalloc(1, sizeof(chip) + extra_size, GFP_KERNEL); + chip = kcalloc(1, sizeof(*chip) + extra_size, GFP_KERNEL); if (! chip) { snd_printk(KERN_ERR "vx_core: no memory\n"); return NULL; Index: linux-2.6.10-ck7/sound/isa/cs423x/cs4231_lib.c =================================================================== --- linux-2.6.10-ck7.orig/sound/isa/cs423x/cs4231_lib.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck7/sound/isa/cs423x/cs4231_lib.c 2005-03-01 21:38:38.000000000 +1100 @@ -694,7 +694,7 @@ static void snd_cs4231_init(cs4231_t *ch snd_cs4231_mce_down(chip); -#ifdef SNDRV_DEBUGq_MCE +#ifdef SNDRV_DEBUG_MCE snd_printk("init: (1)\n"); #endif snd_cs4231_mce_up(chip); Index: linux-2.6.10-ck7/sound/isa/es18xx.c =================================================================== --- linux-2.6.10-ck7.orig/sound/isa/es18xx.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/sound/isa/es18xx.c 2005-03-01 21:38:38.000000000 +1100 @@ -1849,7 +1849,7 @@ static int enable[SNDRV_CARDS] = SNDRV_D static int isapnp[SNDRV_CARDS] = {[0 ... (SNDRV_CARDS - 1)] = 1}; #endif static long port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; /* 0x220,0x240,0x260,0x280 */ -#ifndef CONFIG_PNP_ +#ifndef CONFIG_PNP static long mpu_port[SNDRV_CARDS] = {[0 ... (SNDRV_CARDS - 1)] = -1}; #else static long mpu_port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; @@ -1988,7 +1988,7 @@ static int __devinit snd_audiodrive_pnp( kfree(cfg); return 0; } -#endif /* CONFIG_PNP_ */ +#endif /* CONFIG_PNP */ static int __devinit snd_audiodrive_probe(int dev, struct pnp_card_link *pcard, const struct pnp_card_device_id *pid) Index: linux-2.6.10-ck7/sound/isa/sb/emu8000_callback.c =================================================================== --- linux-2.6.10-ck7.orig/sound/isa/sb/emu8000_callback.c 2004-10-19 08:57:12.000000000 +1000 +++ linux-2.6.10-ck7/sound/isa/sb/emu8000_callback.c 2005-03-01 21:38:38.000000000 +1100 @@ -528,6 +528,10 @@ load_fx(snd_emux_t *emu, int type, int m emu8000_t *hw; hw = emu->hw; + /* skip header */ + buf += 16; + len -= 16; + switch (type) { case SNDRV_EMU8000_LOAD_CHORUS_FX: return snd_emu8000_load_chorus_fx(hw, mode, buf, len); Index: linux-2.6.10-ck7/sound/isa/sscape.c =================================================================== --- linux-2.6.10-ck7.orig/sound/isa/sscape.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/sound/isa/sscape.c 2005-03-01 21:38:38.000000000 +1100 @@ -487,7 +487,7 @@ static int upload_dma_data(struct sounds * the userspace pointer ... */ len = min(size, dma.bytes); - __copy_from_user(dma.area, data, len); + len -= __copy_from_user(dma.area, data, len); data += len; size -= len; @@ -571,8 +571,9 @@ static int sscape_upload_bootblock(struc if (data < 0) { snd_printk(KERN_ERR "sscape: timeout reading firmware version\n"); ret = -EAGAIN; - } else { - __copy_to_user(&bb->version, &data, sizeof(bb->version)); + } + else if (__copy_to_user(&bb->version, &data, sizeof(bb->version))) { + ret = -EFAULT; } } @@ -591,7 +592,7 @@ static int sscape_upload_microcode(struc { unsigned long flags; char __user *code; - int err, ret; + int err; /* * We are going to have to copy this data into a special @@ -601,12 +602,11 @@ static int sscape_upload_microcode(struc * NOTE: This buffer is 64K long! That's WAY too big to * copy into a stack-temporary anyway. */ - if (get_user(code, &mc->code)) + if ( get_user(code, &mc->code) || + !access_ok(VERIFY_READ, code, SSCAPE_MICROCODE_SIZE) ) return -EFAULT; - if ((err = verify_area(VERIFY_READ, code, SSCAPE_MICROCODE_SIZE)) != 0) - return err; - if ((ret = upload_dma_data(sscape, code, SSCAPE_MICROCODE_SIZE)) == 0) { + if ((err = upload_dma_data(sscape, code, SSCAPE_MICROCODE_SIZE)) == 0) { snd_printk(KERN_INFO "sscape: MIDI firmware loaded\n"); } @@ -616,7 +616,7 @@ static int sscape_upload_microcode(struc initialise_mpu401(sscape->mpu); - return ret; + return err; } /* @@ -673,14 +673,14 @@ static int sscape_hw_ioctl(snd_hwdep_t * * DMA-able buffer before we can upload it. We shall therefore * just check that the data pointer is valid for now ... */ - if ((err = verify_area(VERIFY_READ, bb->code, sizeof(bb->code))) != 0) - return err; + if ( !access_ok(VERIFY_READ, bb->code, sizeof(bb->code)) ) + return -EFAULT; /* * Now check that we can write the firmware version number too... */ - if ((err = verify_area(VERIFY_WRITE, &bb->version, sizeof(bb->version))) != 0) - return err; + if ( !access_ok(VERIFY_WRITE, &bb->version, sizeof(bb->version)) ) + return -EFAULT; err = sscape_upload_bootblock(sscape, bb); } Index: linux-2.6.10-ck7/sound/pci/azt3328.c =================================================================== --- linux-2.6.10-ck7.orig/sound/pci/azt3328.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/sound/pci/azt3328.c 2005-03-01 21:38:38.000000000 +1100 @@ -1363,15 +1363,15 @@ static int __devinit snd_azf3328_create( for (tmp=0; tmp <= 0x01; tmp += 1) snd_azf3328_dbgmisc("0x%02x: opl 0x%04x, mpu300 0x%04x, mpu310 0x%04x, mpu320 0x%04x, mpu330 0x%04x\n", tmp, inb(0x388 + tmp), inb(0x300 + tmp), inb(0x310 + tmp), inb(0x320 + tmp), inb(0x330 + tmp)); - /* create mixer interface & switches */ - if ((err = snd_azf3328_mixer_new(chip)) < 0) - return err; - if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, chip, &ops)) < 0) { snd_azf3328_free(chip); return err; } + /* create mixer interface & switches */ + if ((err = snd_azf3328_mixer_new(chip)) < 0) + return err; + #if 0 /* set very low bitrate to reduce noise and power consumption? */ snd_azf3328_setfmt(chip, IDX_IO_PLAY_SOUNDFORMAT, 5512, 8, 1); Index: linux-2.6.10-ck7/sound/pci/cmipci.c =================================================================== --- linux-2.6.10-ck7.orig/sound/pci/cmipci.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/sound/pci/cmipci.c 2005-03-01 21:38:38.000000000 +1100 @@ -2608,8 +2608,8 @@ static int __devinit snd_cmipci_create(s if (request_irq(pci->irq, snd_cmipci_interrupt, SA_INTERRUPT|SA_SHIRQ, card->driver, (void *)cm)) { snd_printk("unable to grab IRQ %d\n", pci->irq); - err = -EBUSY; - goto __error; + snd_cmipci_free(cm); + return -EBUSY; } cm->irq = pci->irq; @@ -2662,6 +2662,11 @@ static int __devinit snd_cmipci_create(s break; } + if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, cm, &ops)) < 0) { + snd_cmipci_free(cm); + return err; + } + /* set MPU address */ switch (iomidi) { case 0x320: val = CM_VMPU_320; break; @@ -2717,22 +2722,22 @@ static int __devinit snd_cmipci_create(s /* create pcm devices */ pcm_index = pcm_spdif_index = 0; if ((err = snd_cmipci_pcm_new(cm, pcm_index)) < 0) - goto __error; + return err; pcm_index++; if (cm->has_dual_dac) { if ((err = snd_cmipci_pcm2_new(cm, pcm_index)) < 0) - goto __error; + return err; pcm_index++; } if (cm->can_ac3_hw || cm->can_ac3_sw) { pcm_spdif_index = pcm_index; if ((err = snd_cmipci_pcm_spdif_new(cm, pcm_index)) < 0) - goto __error; + return err; } /* create mixer interface & switches */ if ((err = snd_cmipci_mixer_new(cm, pcm_spdif_index)) < 0) - goto __error; + return err; if (iomidi > 0) { if ((err = snd_mpu401_uart_new(card, 0, MPU401_HW_CMIPCI, @@ -2742,10 +2747,6 @@ static int __devinit snd_cmipci_create(s } } - if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, cm, &ops)) < 0) { - snd_cmipci_free(cm); - return err; - } #ifdef USE_VAR48KRATE for (val = 0; val < ARRAY_SIZE(rates); val++) snd_cmipci_set_pll(cm, rates[val], val); @@ -2785,10 +2786,6 @@ static int __devinit snd_cmipci_create(s *rcmipci = cm; return 0; - - __error: - snd_cmipci_free(cm); - return err; } /* Index: linux-2.6.10-ck7/sound/pci/cs4281.c =================================================================== --- linux-2.6.10-ck7.orig/sound/pci/cs4281.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/sound/pci/cs4281.c 2005-03-01 21:38:38.000000000 +1100 @@ -1439,15 +1439,15 @@ static int __devinit snd_cs4281_create(s return tmp; } - snd_cs4281_proc_init(chip); - - snd_card_set_pm_callback(card, cs4281_suspend, cs4281_resume, chip); - if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, chip, &ops)) < 0) { snd_cs4281_free(chip); return err; } + snd_cs4281_proc_init(chip); + + snd_card_set_pm_callback(card, cs4281_suspend, cs4281_resume, chip); + snd_card_set_dev(card, &pci->dev); *rchip = chip; Index: linux-2.6.10-ck7/sound/pci/cs46xx/cs46xx_lib.c =================================================================== --- linux-2.6.10-ck7.orig/sound/pci/cs46xx/cs46xx_lib.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/sound/pci/cs46xx/cs46xx_lib.c 2005-03-01 21:38:38.000000000 +1100 @@ -3866,15 +3866,15 @@ int __devinit snd_cs46xx_create(snd_card return err; } - snd_cs46xx_proc_init(card, chip); - - snd_card_set_pm_callback(card, snd_cs46xx_suspend, snd_cs46xx_resume, chip); - if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, chip, &ops)) < 0) { snd_cs46xx_free(chip); return err; } + snd_cs46xx_proc_init(card, chip); + + snd_card_set_pm_callback(card, snd_cs46xx_suspend, snd_cs46xx_resume, chip); + chip->active_ctrl(chip, -1); /* disable CLKRUN */ snd_card_set_dev(card, &pci->dev); Index: linux-2.6.10-ck7/sound/pci/ens1370.c =================================================================== --- linux-2.6.10-ck7.orig/sound/pci/ens1370.c 2004-12-25 10:14:52.000000000 +1100 +++ linux-2.6.10-ck7/sound/pci/ens1370.c 2005-03-01 21:38:38.000000000 +1100 @@ -1930,7 +1930,6 @@ static int __devinit snd_ensoniq_create( ensoniq->subsystem_vendor_id = cmdw; pci_read_config_word(pci, PCI_SUBSYSTEM_ID, &cmdw); ensoniq->subsystem_device_id = cmdw; - snd_ensoniq_proc_init(ensoniq); #ifdef CHIP1370 #if 0 ensoniq->ctrl = ES_1370_CDC_EN | ES_1370_SERR_DISABLE | ES_1370_PCLKDIVO(ES_1370_SRTODIV(8000)); @@ -2023,6 +2022,8 @@ static int __devinit snd_ensoniq_create( return err; } + snd_ensoniq_proc_init(ensoniq); + snd_card_set_dev(card, &pci->dev); *rensoniq = ensoniq; Index: linux-2.6.10-ck7/sound/pci/korg1212/korg1212.c =================================================================== --- linux-2.6.10-ck7.orig/sound/pci/korg1212/korg1212.c 2004-12-25 10:14:53.000000000 +1100 +++ linux-2.6.10-ck7/sound/pci/korg1212/korg1212.c 2005-03-01 21:38:38.000000000 +1100 @@ -2411,14 +2411,17 @@ static int __devinit snd_korg1212_create if (rc) K1212_DEBUG_PRINTK("K1212_DEBUG: Reboot Card - RC = %d [%s]\n", rc, stateName[korg1212->cardState]); #endif + if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, korg1212, &ops)) < 0) { + snd_korg1212_free(korg1212); + return err; + } + snd_korg1212_EnableCardInterrupts(korg1212); mdelay(CARD_BOOT_DELAY_IN_MS); - if (snd_korg1212_downloadDSPCode(korg1212)) { - snd_korg1212_free(korg1212); + if (snd_korg1212_downloadDSPCode(korg1212)) return -EBUSY; - } printk(KERN_INFO "dspMemPhy = %08x U[%08x]\n" "PlayDataPhy = %08x L[%08x]\n" @@ -2433,10 +2436,8 @@ static int __devinit snd_korg1212_create korg1212->RoutingTablePhy, LowerWordSwap(korg1212->RoutingTablePhy), korg1212->AdatTimeCodePhy, LowerWordSwap(korg1212->AdatTimeCodePhy)); - if ((err = snd_pcm_new(korg1212->card, "korg1212", 0, 1, 1, &korg1212->pcm)) < 0) { - snd_korg1212_free(korg1212); + if ((err = snd_pcm_new(korg1212->card, "korg1212", 0, 1, 1, &korg1212->pcm)) < 0) return err; - } korg1212->pcm->private_data = korg1212; korg1212->pcm->private_free = snd_korg1212_free_pcm; @@ -2453,19 +2454,12 @@ static int __devinit snd_korg1212_create for (i = 0; i < ARRAY_SIZE(snd_korg1212_controls); i++) { err = snd_ctl_add(korg1212->card, snd_ctl_new1(&snd_korg1212_controls[i], korg1212)); - if (err < 0) { - snd_korg1212_free(korg1212); + if (err < 0) return err; - } } snd_korg1212_proc_init(korg1212); - if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, korg1212, &ops)) < 0) { - snd_korg1212_free(korg1212); - return err; - } - snd_card_set_dev(card, &pci->dev); * rchip = korg1212; Index: linux-2.6.10-ck7/sound/pci/maestro3.c =================================================================== --- linux-2.6.10-ck7.orig/sound/pci/maestro3.c 2004-12-25 10:14:53.000000000 +1100 +++ linux-2.6.10-ck7/sound/pci/maestro3.c 2005-03-01 21:38:38.000000000 +1100 @@ -2577,26 +2577,7 @@ snd_m3_create(snd_card_t *card, struct p snd_m3_assp_init(chip); snd_m3_amp_enable(chip, 1); - - if ((err = snd_m3_mixer(chip)) < 0) { - snd_m3_free(chip); - return err; - } - for (i = 0; i < chip->num_substreams; i++) { - m3_dma_t *s = &chip->substreams[i]; - s->chip = chip; - if ((err = snd_m3_assp_client_init(chip, s, i)) < 0) { - snd_m3_free(chip); - return err; - } - } - - if ((err = snd_m3_pcm(chip, 0)) < 0) { - snd_m3_free(chip); - return err; - } - if (request_irq(pci->irq, snd_m3_interrupt, SA_INTERRUPT|SA_SHIRQ, card->driver, (void *)chip)) { snd_printk("unable to grab IRQ %d\n", pci->irq); @@ -2618,6 +2599,19 @@ snd_m3_create(snd_card_t *card, struct p return err; } + if ((err = snd_m3_mixer(chip)) < 0) + return err; + + for (i = 0; i < chip->num_substreams; i++) { + m3_dma_t *s = &chip->substreams[i]; + s->chip = chip; + if ((err = snd_m3_assp_client_init(chip, s, i)) < 0) + return err; + } + + if ((err = snd_m3_pcm(chip, 0)) < 0) + return err; + snd_m3_enable_ints(chip); snd_m3_assp_continue(chip); Index: linux-2.6.10-ck7/sound/pci/nm256/nm256.c =================================================================== --- linux-2.6.10-ck7.orig/sound/pci/nm256/nm256.c 2004-12-25 10:14:53.000000000 +1100 +++ linux-2.6.10-ck7/sound/pci/nm256/nm256.c 2005-03-01 21:38:38.000000000 +1100 @@ -1488,12 +1488,6 @@ snd_nm256_create(snd_card_t *card, struc snd_nm256_init_chip(chip); - if ((err = snd_nm256_pcm(chip, 0)) < 0) - goto __error; - - if ((err = snd_nm256_mixer(chip)) < 0) - goto __error; - // pci_set_master(pci); /* needed? */ snd_card_set_pm_callback(card, nm256_suspend, nm256_resume, chip); @@ -1614,6 +1608,12 @@ static int __devinit snd_nm256_probe(str chip->reset_workaround = 1; } + if ((err = snd_nm256_pcm(chip, 0)) < 0 || + (err = snd_nm256_mixer(chip)) < 0) { + snd_card_free(card); + return err; + } + sprintf(card->shortname, "NeoMagic %s", card->driver); sprintf(card->longname, "%s at 0x%lx & 0x%lx, irq %d", card->shortname, Index: linux-2.6.10-ck7/sound/pci/rme9652/hdsp.c =================================================================== --- linux-2.6.10-ck7.orig/sound/pci/rme9652/hdsp.c 2004-12-25 10:14:53.000000000 +1100 +++ linux-2.6.10-ck7/sound/pci/rme9652/hdsp.c 2005-03-01 21:38:38.000000000 +1100 @@ -2728,7 +2728,7 @@ static int snd_hdsp_get_autosync_ref(snd { hdsp_t *hdsp = snd_kcontrol_chip(kcontrol); - ucontrol->value.enumerated.item[0] = hdsp_pref_sync_ref(hdsp); + ucontrol->value.enumerated.item[0] = hdsp_autosync_ref(hdsp); return 0; } Index: linux-2.6.10-ck7/sound/pci/sonicvibes.c =================================================================== --- linux-2.6.10-ck7.orig/sound/pci/sonicvibes.c 2004-12-25 10:14:53.000000000 +1100 +++ linux-2.6.10-ck7/sound/pci/sonicvibes.c 2005-03-01 21:38:38.000000000 +1100 @@ -1333,13 +1333,14 @@ static int __devinit snd_sonicvibes_crea #endif sonic->revision = snd_sonicvibes_in(sonic, SV_IREG_REVISION); snd_ctl_add(card, snd_ctl_new1(&snd_sonicvibes_game_control, sonic)); - snd_sonicvibes_proc_init(sonic); if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, sonic, &ops)) < 0) { snd_sonicvibes_free(sonic); return err; } + snd_sonicvibes_proc_init(sonic); + snd_card_set_dev(card, &pci->dev); *rsonic = sonic; Index: linux-2.6.10-ck7/sound/pci/trident/trident_main.c =================================================================== --- linux-2.6.10-ck7.orig/sound/pci/trident/trident_main.c 2004-12-25 10:14:53.000000000 +1100 +++ linux-2.6.10-ck7/sound/pci/trident/trident_main.c 2005-03-01 21:38:38.000000000 +1100 @@ -3611,10 +3611,13 @@ int __devinit snd_trident_create(snd_car return err; } - if ((err = snd_trident_mixer(trident, pcm_spdif_device)) < 0) { + if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, trident, &ops)) < 0) { snd_trident_free(trident); return err; } + + if ((err = snd_trident_mixer(trident, pcm_spdif_device)) < 0) + return err; /* initialise synth voices */ for (i = 0; i < 64; i++) { @@ -3635,12 +3638,7 @@ int __devinit snd_trident_create(snd_car snd_card_set_pm_callback(card, snd_trident_suspend, snd_trident_resume, trident); - snd_trident_proc_init(trident); - if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, trident, &ops)) < 0) { - snd_trident_free(trident); - return err; - } snd_card_set_dev(card, &pci->dev); *rtrident = trident; return 0; @@ -3650,7 +3648,7 @@ int __devinit snd_trident_create(snd_car snd_trident_free Description: This routine will free the device specific class for - q the 4DWave card. + the 4DWave card. Paramters: trident - device specific private data for 4DWave card Index: linux-2.6.10-ck7/sound/pci/ymfpci/ymfpci_main.c =================================================================== --- linux-2.6.10-ck7.orig/sound/pci/ymfpci/ymfpci_main.c 2004-12-25 10:14:53.000000000 +1100 +++ linux-2.6.10-ck7/sound/pci/ymfpci/ymfpci_main.c 2005-03-01 21:38:38.000000000 +1100 @@ -2265,13 +2265,13 @@ int __devinit snd_ymfpci_create(snd_card snd_card_set_pm_callback(card, snd_ymfpci_suspend, snd_ymfpci_resume, chip); #endif - snd_ymfpci_proc_init(card, chip); - if ((err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, chip, &ops)) < 0) { snd_ymfpci_free(chip); return err; } + snd_ymfpci_proc_init(card, chip); + snd_card_set_dev(card, &pci->dev); *rchip = chip; Index: linux-2.6.10-ck7/sound/usb/usbaudio.c =================================================================== --- linux-2.6.10-ck7.orig/sound/usb/usbaudio.c 2004-12-25 10:14:53.000000000 +1100 +++ linux-2.6.10-ck7/sound/usb/usbaudio.c 2005-03-01 21:38:38.000000000 +1100 @@ -725,7 +725,7 @@ static int deactivate_urbs(snd_usb_subst subs->running = 0; if (!force && subs->stream->chip->shutdown) /* to be sure... */ - return 0; + return -EBADFD; async = !can_sleep && async_unlink; @@ -770,6 +770,9 @@ static int start_urbs(snd_usb_substream_ unsigned int i; int err; + if (subs->stream->chip->shutdown) + return -EBADFD; + for (i = 0; i < subs->nurbs; i++) { snd_assert(subs->dataurb[i].urb, return -EINVAL); if (subs->ops.prepare(subs, runtime, subs->dataurb[i].urb) < 0) {