When sending a security context of 50+ characters in an ACQUIRE 
message, following kernel panic occurred.

kernel BUG in xfrm_send_acquire at net/xfrm/xfrm_user.c:1781!
cpu 0x3: Vector: 700 (Program Check) at [c0000000421bb2e0]
    pc: c00000000033b074: .xfrm_send_acquire+0x240/0x2c8
    lr: c00000000033b014: .xfrm_send_acquire+0x1e0/0x2c8
    sp: c0000000421bb560
   msr: 8000000000029032
  current = 0xc00000000fce8f00
  paca    = 0xc000000000464b00
    pid   = 2303, comm = ping
kernel BUG in xfrm_send_acquire at net/xfrm/xfrm_user.c:1781!
enter ? for help
3:mon> t
[c0000000421bb650] c00000000033538c .km_query+0x6c/0xec
[c0000000421bb6f0] c000000000337374 .xfrm_state_find+0x7f4/0xb88
[c0000000421bb7f0] c000000000332350 .xfrm_tmpl_resolve+0xc4/0x21c
[c0000000421bb8d0] c0000000003326e8 .xfrm_lookup+0x1a0/0x5b0
[c0000000421bba00] c0000000002e6ea0 .ip_route_output_flow+0x88/0xb4
[c0000000421bbaa0] c0000000003106d8 .ip4_datagram_connect+0x218/0x374
[c0000000421bbbd0] c00000000031bc00 .inet_dgram_connect+0xac/0xd4
[c0000000421bbc60] c0000000002b11ac .sys_connect+0xd8/0x120
[c0000000421bbd90] c0000000002d38d0 .compat_sys_socketcall+0xdc/0x214
[c0000000421bbe30] c00000000000869c syscall_exit+0x0/0x40
--- Exception: c00 (System Call) at 0000000007f0ca9c
SP (fc0ef8f0) is in userspace

We are using size of security context from xfrm_policy to determine
how much space to alloc skb and then putting security context from
xfrm_state into skb. Should have been using size of security context 
from xfrm_state to alloc skb. Following fix does that
Signed-off-by: NJoy Latten <latten@austin.ibm.com>
Acked-by: NJames Morris <jmorris@namei.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

When a VLAN interface is created on top of a bridge interface and 
netfilter is enabled to see the bridged packets, the packets can be 
corrupted when passing through the netfilter code. This is caused by the 
VLAN driver not setting the 'protocol' and 'nh' members of the sk_buff 
structure. In general, this is no problem as the VLAN interface is mostly 
connected to a physical ethernet interface which does not use the 
'protocol' and 'nh' members. For a bridge interface, however, these 
members do matter.
Signed-off-by: NJerome Borsboom <j.borsboom@erasmusmc.nl>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The pktgen module prevents suspend-to-disk.  Fix.
Acked-by: N"Michal Piotrowski" <michal.k.k.piotrowski@gmail.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Use put_unaligned to fix warnings about unaligned accesses.
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
  [POWERPC] mpc52xx_pic: fix main interrupt masking

* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6:
  myri10ge: update driver version to 1.3.0-1.233
  myri10ge: more Intel chipsets providing aligned PCIe completions
  myri10ge: fix management of the firmware 4KB boundary crossing restriction
  cxgb3 - missing CPL hanler and register setting.
  cxgb3 - MAC watchdog update
  cxgb3 - avoid deadlock with mac watchdog
  skge: fix wake on lan
  sky2: phy workarounds for Yukon EC-U A1
  sky2: turn on clocks when doing resume
  sky2: turn carrier off when down
  skge: turn carrier off when down
  [PATCH] bcm43xx: Fix PPC machine checks and match loopback gain specs
  [PATCH] bcm43xx: Fix 802.11b/g scan limits to match regulatory reqs
  [PATCH] zd1211rw: Fix E2P_PHY_REG patching
  [PATCH] zd1211rw: Reject AL2230S devices

* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/usb-2.6:
  USB: Nikon D80 unusual device patch
  EHCI: fix remote wakeup regression in 2.6.21-rc

Noone should use kobj.name directly since it may contain garbage.
Objects with longer names have them stored in separately allocated
memory pointed to by kobj->k_name.
Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

the Nikon D80 camera will not work without an UNUSUAL_DEV entry embodied
in the attached patch (made against 2.6.20.3). Hope you find it helpful,
or if not, pass it along to someone who does.

From: Emil Larsson <emil@swip.net>
Signed-off-by: NPhil Dibowitz <phil@ipom.com>
Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>

There is one significant difference between the behavior of root hubs
(as embodied in host controller hardware) and external hubs: When a
remote-wakeup signal is received, an external hub sends an interrupt
message at the _end_ of the resume sequence but a root hub generates
and interrupt at the _beginning_ of the resume sequence.  The host
system must poll for the end of the sequence.

When ehci-hcd was converted to interrupt-driven operation instead of
using polling, the remaining need for this particular poll was
overlooked.  This patch (as894) fixes the problem.
Signed-off-by: NAlan Stern <stern@rowland.harvard.edu>
Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>

The bit setting was off by one.
Tested with RTC and GPIO_WKUP interrupts.
Signed-off-by: NDomen Puncer <domen.puncer@telargo.com>
Signed-off-by: NSylvain Munaut <tnt@246tNt.com>
Signed-off-by: NPaul Mackerras <paulus@samba.org>

Merge branch 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into upstream-fixes

Update the myri10ge driver version number to 1.3.0-1.233.
Signed-off-by: NBrice Goglin <brice@myri.com>
Signed-off-by: NJeff Garzik <jeff@garzik.org>

Add the Intel 5000 southbridge (aka Intel 6310/6311/6321ESB) PCIe ports
and the Intel E30x0 chipsets to the whitelist of aligned PCIe completion.
Signed-off-by: NBrice Goglin <brice@myri.com>
Signed-off-by: NJeff Garzik <jeff@garzik.org>

Simpler way of dealing with the firmware 4KB boundary crossing
restriction for rx buffers.  This fixes a variety of memory
corruption issues when using an "uncommon" MTU with a 16KB
page size.
Signed-off-by: NBrice Goglin <brice@myri.com>
Signed-off-by: NJeff Garzik <jeff@garzik.org>

Remove specific CPL handler.
Add missing CPL handler.
Add missing register setting when the interface is brought up.
Signed-off-by: NDivy Le Ray <divy@chelsio.com>
Signed-off-by: NJeff Garzik <jeff@garzik.org>

The MAC watchdog was failing if the peer interface was brought down.
Signed-off-by: NDivy Le Ray <divy@chelsio.com>
Signed-off-by: NJeff Garzik <jeff@garzik.org>

Fix a deadlock when the interface s configured down and
the watchdog tack is sleeping on rtnl_lock.
Signed-off-by: NDivy Le Ray <divy@chelsio.com>
Signed-off-by: NJeff Garzik <jeff@garzik.org>

Need to rework wake on lan code to setup properly and get activated
on shutdown (and suspend), not when ethtool is run.

This does not need to go to stable queue because wake on lan
was not even included in 2.6.20 (or earlier versions).
Signed-off-by: NStephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: NJeff Garzik <jeff@garzik.org>

The workaround Yukon EC-U wasn't comparing with correct
version and wasn't doing correct setup. Without it, 88e8056
throws all sorts of errors.
Signed-off-by: NStephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: NJeff Garzik <jeff@garzik.org>

Some of these chips are disabled until clock is enabled.
This fixes:
     http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404107Signed-off-by: NStephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: NJeff Garzik <jeff@garzik.org>

Driver needs to turn off carrier when down.
Signed-off-by: NStephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: NJeff Garzik <jeff@garzik.org>

Driver needs to turn off carrier when down, otherwise it can
confuse bonding and bridging and looks like carrier is on immediately
when it is brought back up.
Signed-off-by: NStephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: NJeff Garzik <jeff@garzik.org>

Update the FRV arch MAINTAINER record to get a hit on "grep -i frv".  Whilst
FR-V is technically correct, it's normally thought of as FRV.
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

The UCB1400 is missing a name parameter in the device_driver struct.
This causes missing information in the /sys tree and seems to cause
other problems with the AC97 functionality. This was tested on a PXA270
system.
Signed-off-by: NCliff Brake <cbrake@bec-systems.com>
Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

* 'for-2.6.21' of master.kernel.org:/pub/scm/linux/kernel/git/davej/agpgart:
  [AGPGART] intel_agp: fix G965 GTT size detect

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
  ieee1394: change deprecation status of dv1394

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
  IPoIB/cm: Fix DMA direction typo
  IB/iser: Don't defer connection failure notification to workqueue

* 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
  HID: Do not discard truncated input reports

* master.kernel.org:/pub/scm/linux/kernel/git/bart/ide-2.6:
  ide: add "optical" to sysfs "media" attribute
  ide: ugly messages trying to open CD drive with no media present
  ide: correctly prevent IDE timer expiry function to run if request was already handled

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [NETFILTER]: ipt_CLUSTERIP: fix oops in checkentry function
  [TCP]: slow_start_after_idle should influence cwnd validation too
  [SC92031]: Fix priv->lock context
  [NET_SCHED]: cls_tcindex: fix compatibility breakage

* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
  [IA64] SGI Altix : fix pcibr_dmamap_ate32() bug
  [IA64] Fix CPU freq displayed in /proc/cpuinfo
  [IA64] Fix wrong assumption about irq and vector in msi_ia64.c
  [IA64] BTE error timer fix

Add "optical" to sysfs "media" attribute as already in /proc
Signed-off-by: NDanny Kukawka <dkukawka@suse.de>
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>

I get the following error messages when trying to open a CD device
(specifically, the Teac CD-ROM CD-224E) that has no media present:

hda: packet command error: status=3D0x51 { DriveReady SeekComplete Error }
hda: packet command error: error=3D0x54 { AbortedCommand LastFailedSense=0x05 }
ide: failed opcode was: unknown

This happens when a "start stop unit" command (0x1b 0 0 0 3 0 0 0 0 0)
is sent to the drive to try to close the CD-ROM tray, but this drive
doesn't have that capability (it's a slim portable-type CD-ROM), so it
reports sense key 5 (illegal request) with asc/ascq 24/0.  This is
exactly how SFF8090i says it should respond.

But ide-cd.c (in cdrom_decode_status() ) just sees sense key 5 and spews
out an error.  It then goes on to request sense data, and
cdrom_log_sense() understands this error and doesn't log it.

The patch, for kernel 2.6.20.4, suppresses this error message.
Signed-off-by: NStuart Hayes <stuart_hayes@dell.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>

It is possible for the timer expiry function to run even though the
request has already been handled: ide_timer_expiry() only checks that
the handler is not NULL, but it is possible that we have handled a
request (thus clearing the handler) and then started a new request
(thus starting the timer again, and setting a handler). 

A simple way to exhibit this is to set the DMA timeout to 1 jiffy and
run dd: The kernel will panic after a few minutes because
ide_timer_expiry() tries to add a timer when it's already active.

To fix this, we simply add a request generation count that gets
incremented at every interrupt, and check in ide_timer_expiry() that
we have not already handled a new interrupt before running the expiry
function.
Signed-off-by: NSuleiman Souhlal <suleiman@google.com>
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>

The clusterip_config_find_get() already increases entries reference
counter, so there is no reason to do it twice in checkentry() callback.

This causes the config to be freed before it is removed from the list,
resulting in a crash when adding the next rule.
Signed-off-by: NJaroslav Kysela <perex@suse.cz>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The specifications for loopback_gain calculation and for G PHY
initialization have been updated. This patch implements them and
fixes a machine check error that occurs for PPC architecture with a
phy->rev of 1.
Signed-off-by: NLarry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

In 802.11b/g mode, bcm43xx actively scans channels 1-14 no matter what
locale has been set, either in the sprom or by the locale option. This
behaviorviolates regulatory rules everywhere in the world except
Japan. This patch changes the default range to the correct value if the
locale has been set, and to channels 1-13 if no locale has been set.
Signed-off-by: NLarry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Due to conflicting/confusing defines in the vendor driver, we were
reading E2P_PHY_REG from the wrong location.

CR157 patching was slightly incorrect in that the vendor driver only
patches in an 8-bit value, whereas we were patching 24 bits.

Additionally, CR157 patching was happening on both zd1211 and zd1211b,
but this should only happen on zd1211.
Signed-off-by: NDaniel Drake <dsd@gentoo.org>
Signed-off-by: NUlrich Kunitz <kune@deine-taler.de>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Receive buffers need to be mapped with DMA_FROM_DEVICE.  Incorrectly
mapping with DMA_TO_DEVICE causes a hard lock on ppc64 machines with
an IOMMU.

This fixes <https://bugs.openfabrics.org/show_bug.cgi?id=431>
Signed-off-by: NMichael S. Tsirkin <mst@dev.mellanox.co.il>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>