the toshiba ACPI driver will, in a failure case, free the rfkill state
before stopping the polling timer that would use this state. More interesting,
in the same failure case handling, it calls the exit function, which also
frees the rfkill state, but after stopping the polling.

If the race happens, a NULL pointer is passed to rfkill_force_state()
which then causes a nice dereference.

Fix the race by just not doing the too-early freeing of the rfkill state.

This appears to be the cause of a hot issue on kerneloops.org; while I
have no solid evidence of that this patch will fix the issue, the race
appears rather real.
Signed-off-by: NArjan van de Ven <arjan@linux.intel.com>
Signed-off-by: NLen Brown <len.brown@intel.com>

A generic work-around from ACPICA is in the queue,
but since Linux has a work-around in its battery
driver, we can disable this warning now.

Allow _BIF method to return an Package with Buffer elements

http://bugzilla.kernel.org/show_bug.cgi?id=11822Signed-off-by: NLin Ming <ming.m.lin@intel.com>
Signed-off-by: NLen Brown <len.brown@intel.com>

Linux will continue to ignore OSI(Linux),
except for a white-list containing a few systems.

So delete the black-list,
and stop soliciting user-feedback on the console.
Signed-off-by: NLen Brown <len.brown@intel.com>

This can happen if the _WAK method returns nothing (as per ACPI
1.0) but does return an integer if the implicit return mechanism
is enabled.  This is the only method that has this problem,
since it is also defined to return a package of two integers
(ACPI 1.0b+). In all other cases, if a method returns an object
when one was not expected, no warning is issued.
Signed-off-by: NBob Moore <robert.moore@intel.com>
Signed-off-by: NLin Ming <ming.m.lin@intel.com>
Signed-off-by: NLen Brown <len.brown@intel.com>

This fixes a regression from v2.6.27, caused by commit
5814f737e1cd2cfa2893badd62189acae3e1e1fd, "ACPI: thinkpad-acpi:
attempt to preserve fan state on resume".

It is possible for fan_suspend() to fail to properly initialize
fan_control_desired_level as required by fan_resume(), resulting on
the fan always being set to level 7 on resume if the user didn't
touch the fan controller.

In order to get fan sleep/resume handling to work right:

1. Fix the fan_suspend handling of the T43 firmware quirk. If it is
still undefined, we didn't touch the fan yet and that means we have no
business doing it on resume.

2. Store the fan level on its own variable to avoid any possible
issues with hijacking fan_control_desired_level (which isn't supposed
to have anything other than 0-7 in it, anyway).

3. Change the fan_resume code to me more straightforward to understand
(although we DO optimize the boolean logic there, otherwise it looks
disgusting).

4. Add comments to help understand what the code is supposed to be
doing.

5. Change fan_set_level to be less strict about how auto and
full-speed modes are requested.

http://bugzilla.kernel.org/show_bug.cgi?id=11982Signed-off-by: NHenrique de Moraes Holschuh <hmh@hmh.eng.br>
Reported-by: NTino Keitel <tino.keitel@tikei.de>
Signed-off-by: NLen Brown <len.brown@intel.com>

There's no need to print "Sony: " just after "sony-laptop: " (DRV_PFX).
Signed-off-by: NAlessandro Guido <ag@alessandroguido.name>
Signed-off-by: NLen Brown <len.brown@intel.com>

After commit 540b8bb9:

  sony-laptop: fingers off backlight if video.ko is serving this functionality

I can't set brightness on my sony laptop (nothing in /sys/class/backlight).
dmesg says "sony-laptop: Sony: Brightness ignored, must be controlled by ACPI
video driver".

The function acpi_video_backlight_support returns 0 if we should use the
vendor-specific backlight support, while non-0 if the ACPI generic should
be used. Because of this, the check introduced by the said commit appears
reversed.
Signed-off-by: NAlessandro Guido <ag@alessandroguido.name>
Signed-off-by: NLen Brown <len.brown@intel.com>

Revert "ACPI: don't enable control method power button as wakeup device when Fixed Power button is used"

This reverts commit faee816b.

http://bugzilla.kernel.org/show_bug.cgi?id=12091Signed-off-by: NLen Brown <len.brown@intel.com>

Some Apple boxes evidently require us to set SCI_EN on resume
directly, because if we don't do that, they hung somewhere in the
resume code path.  Moreover, on these boxes it is not sufficient to
use acpi_enable() to turn ACPI on during resume.  All of this is
against the ACPI specification which states that (1) the BIOS is
supposed to return from the S3 sleep state with ACPI enabled
(SCI_EN set) and (2) the SCI_EN bit is owned by the hardware and we
are not supposed to change it.

For this reason, blacklist the affected systems so that the SCI_EN
bit is set during resume on them.

[NOTE: Unconditional setting SCI_EN for all system on resume doesn't
 work, because it makes some other systems crash (that's to be
 expected).  Also, it is not entirely clear right now if all of the
 Apple boxes require this workaround.]

This patch fixes the recent regression tracked as
http://bugzilla.kernel.org/show_bug.cgi?id=12038Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl>
Tested-by: NTino Keitel <tino.keitel@gmx.de>
Tested-by: NBob Copeland <me@bobcopeland.com>
Signed-off-by: NLen Brown <len.brown@intel.com>

Now I know why I had strange "scheduling in atomic" problems:
acpi_evaluate_integer() does malloc(..., irqs_disabled() ? GFP_ATOMIC
: GFP_KERNEL)... which is (of course) broken.

There's no way to reliably tell if we need GFP_ATOMIC or not from
code, this one for example fails to detect spinlocks held.

Fortunately, allocation seems small enough to be done on stack.
Signed-off-by: NPavel Machek <pavel@suse.cz>
Acked-by: NBob Moore <robert.moore@intel.com>
Signed-off-by: NLen Brown <len.brown@intel.com>

ACPI battery interface reports its state either in mW or in mA, and
discharge rate in your case is reported in mW. power_supply interface
does not have such a parameter, so current_now parameter is used
for all cases. But in case of mW, reported discharge should
be converted into mA.
Signed-off-by: NAlexey Starikovskiy <astarikovskiy@suse.de>
Tested-by: NFerenc Wagner <wferi@niif.hu>
Signed-off-by: NLen Brown <len.brown@intel.com>

fix 2.6.28 EC interrupt storm regression
Signed-off-by: NAlexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: NLen Brown <len.brown@intel.com>

* master.kernel.org:/home/rmk/linux-2.6-arm:
  [ARM] 5330/1: mach-pxa: Fixup reset for systems using reboot=cold or other strings
  [ARM] pxa: fix incorrect PCMCIA PSKTSEL pin configuration for spitz
  [ARM] pxa: fix I2C controller device being registered twice on Akita
  pxafb: only initialize the smart panel thread when dealing with a smartpanel
  pxafb: introduce LCD_TYPE_MASK and use it.

* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
  [IA64] xen: fix xen_get_eflags.
  [IA64] ia64/pv_ops/pv_cpu_ops: fix _IA64_REG_IP case.
  [IA64] remove duplicate include iommu.h
  [IA64] use mprintk instead of printk, in ia64_mca_modify_original_stack
  [IA64] Rationalize kernel mode alignment checking

* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6:
  USB: ACE1001 patch for cp2101.c
  USB: usbmon: fix read(2)
  USB: gadget rndis: send notifications
  USB: gadget rndis: stop windows self-immolation
  USB: storage: update unusual_devs entries for Nokia 5300 and 5310
  USB: storage: updates unusual_devs entry for the Nokia 6300
  usb: musb: fix bug in musb_schedule
  USB: fix SB700 usb subsystem hang bug

fix xen_get_eflags. It doesn't take any argument.
Signed-off-by: NIsaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: NTony Luck <tony.luck@intel.com>

pv_cpu_ops.getreg(_IA64_REG_IP) returned constant.
But the returned ip valued should be the one in the caller, not of the callee.
This patch fixes that.
Signed-off-by: NIsaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: NTony Luck <tony.luck@intel.com>

arch/ia64/kernel/pci-dma.c only needs to include iommu once.
Signed-off-by: NHuang Weiyi <weiyi.huang@gmail.com>
Signed-off-by: NTony Luck <tony.luck@intel.com>

Using printk from MCA/INIT context is unsafe since it can cause deadlock.
The ia64_mca_modify_original_stack is called from both of mca handler and
init handler, so it should use mprintk instead of printk.
Signed-off-by: NHidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: NTony Luck <tony.luck@intel.com>

Itanium processors can handle some misaligned data accesses. They
also provide a mode where all such accesses are forced to trap. The
kernel was schizophrenic about use of this mode:

* Base kernel code ran in permissive mode where the only traps
  generated were from those cases that the h/w could not handle.
* Interrupt, syscall and trap code ran in strict mode where all
  unaligned accesses caused traps to the 0x5a00 unaligned reference
  vector.

Use strict alignment checking throughout the kernel, but make
sure that we continue to let user mode use more relaxed mode
as the default.
Signed-off-by: NTony Luck <tony.luck@intel.com>

When we migrate an interrupt from one CPU to another, we set the
move_in_progress flag and clean up the vectors later once they're not
being used.  If you're unlucky and call destroy_irq() before the vectors
become un-used, the move_in_progress flag is never cleared, which causes
the interrupt to become unusable.

This was discovered by Jesse Brandeburg for whom it manifested as an
MSI-X device refusing to use MSI-X mode when the driver was unloaded
and reloaded repeatedly.
Signed-off-by: NMatthew Wilcox <willy@linux.intel.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Fix a regression reported by Max Kellermann whereby kernel profiling
showed that his clients were spending 45% of their time in
rpcauth_lookup_credcache.

It turns out that although his processes had identical uid/gid/groups,
generic_match() was failing to detect this, because the task->group_info
pointers were not shared. This again lead to the creation of a huge number
of identical credentials at the RPC layer.

The regression is fixed by comparing the contents of task->group_info
if the actual pointers are not identical.
Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
  [CIFS] Do not attempt to close invalidated file handles
  [CIFS] fix check for dead tcon in smb_init

* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
  MIPS: csrc-r4k: Fix declaration depending on the wrong CONFIG_ symbol.
  MIPS: csrc-r4k: Fix spelling mistake.
  MIPS: RB532: Provide functions for gpio configuration
  MIPS: IP22: Make indy_sc_ops variable static
  MIPS: RB532: GPIO register offsets are relative to GPIOBASE
  MIPS: Malta: Fix include paths in malta-amon.c

Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  intel-iommu: fix compile warnings

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (23 commits)
  net: fix tiny output corruption of /proc/net/snmp6
  atl2: don't request irq on resume if netif running
  ipv6: use seq_release_private for ip6mr.c /proc entries
  pkt_sched: fix missing check for packet overrun in qdisc_dump_stab()
  smc911x: Fix printf format typo in smc911x driver.
  asix: Fix asix-based cards connecting to 10/100Mbs LAN.
  mv643xx_eth: fix recycle check bound
  mv643xx_eth: fix the order of mdiobus_{unregister, free}() calls
  sh: sh_eth: Update to change of mii_bus
  TPROXY: supply a struct flowi->flags argument in inet_sk_rebuild_header()
  TPROXY: fill struct flowi->flags in udp_sendmsg()
  net: ipg.c fix bracing on endian swapping
  phylib: Fix auto-negotiation restart avoidance
  net: jme.c rxdesc.flags is __le16, other missing endian swaps
  phylib: fix phy name example in documentation
  net: Do not fire linkwatch events until the device is registered.
  phonet: fix compilation with gcc-3.4
  ixgbe: fix compilation with gcc-3.4
  pktgen: fix multiple queue warning
  net: fix ip_mr_init() error path
  ...

Merge branch 'tracing-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

* 'tracing-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  ftrace: fix dyn ftrace filter selection
  ftrace: make filtered functions effective on setting
  ftrace: fix set_ftrace_filter
  trace: introduce missing mutex_unlock()
  tracing: kernel/trace/trace.c: introduce missing kfree()

Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  x86: uaccess_64: fix return value in __copy_from_user()
  x86: quirk for reboot stalls on a Dell Optiplex 330

Commit 81e192d6 ("parisc: convert to
generic compat_sys_ptrace") introduced a bug which segfaults the parisc
64bit kernel when stracing 32bit applications:

  Kernel Fault: Code=15 regs=00000000bafa42b0 (Addr=00000001baf5ab57)
       YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI
  PSW: 00001000000001101111111100001011 Tainted: G        W
  r00-03  000000ff0806ff0b 000000004068edc0 00000000401203f8 00000000fb3e2508
  r04-07  0000000040686dc0 00000000baf5a800 fffffffffffffffc fffffffffb3e2508
  r08-11  00000000baf5a800 000000000004b068 00000000000402b0 0000000000040d68
  r12-15  0000000000042a9c 0000000000040a9c 0000000000040d60 0000000000042e9c
  r16-19  000000000004b060 000000000004b058 0000000000042d9c ffffffffffffffff
  r20-23  000000000800000b 0000000000000000 000000000800000b fffffffffb3e2508
  r24-27  00000000fffffffc 0000000000000003 00000000fffffffc 0000000040686dc0
  r28-31  00000001baf5a7ff 00000000bafa4280 00000000bafa42b0 00000000000001d7
  sr00-03  0000000000fca000 0000000000000000 0000000000000000 0000000000fca000
  sr04-07  0000000000000000 0000000000000000 0000000000000000 0000000000000000

  IASQ: 0000000000000000 0000000000000000 IAOQ: 0000000040120400 0000000040120404
   IIR: 4b9a06b0    ISR: 0000000000000000  IOR: 00000001baf5ab57
   CPU:        0   CR30: 00000000bafa4000 CR31: 00000000d22344e0
   ORIG_R28: 00000000fb3e2248
   IAOQ[0]: compat_arch_ptrace+0xb8/0x160
   IAOQ[1]: compat_arch_ptrace+0xbc/0x160
   RP(r2): compat_arch_ptrace+0xb0/0x160
  Backtrace:
   [<00000000401612ac>] compat_sys_ptrace+0x15c/0x180
   [<0000000040104ef8>] syscall_exit+0x0/0x14

The problem is that compat_arch_ptrace() enters with an addr value of
type compat_ulong_t and calls translate_usr_offset() to translate the
address offset into a struct pt_regs offset like this:

	addr = translate_usr_offset(addr)

this means that any return value of translate_usr_offset() is stored
back as compat_ulong_t type into the addr variable.

But since translate_usr_offset() returns -1 for invalid offsets, addr
can now get the value 0xffffffff which then fails the next return-value
sanity check and thus the kernel tries to access invalid memory:

	if (addr < 0)
		break;

Fix this bug by modifying translate_usr_offset() to take and return
values of type compat_ulong_t, and by returning the value
"sizeof(struct pt_regs)" as an error indicator.

Additionally change the sanity check to check for return values
for >= sizeof(struct pt_regs).

This patch survived my compile and run-tests.
Signed-off-by: NHelge Deller <deller@gmx.de>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

If a connection with open file handles has gone down
and come back up and reconnected without reopening
the file handle yet, do not attempt to send an SMB close
request for this handle in cifs_close.  We were
checking for the connection being invalid in cifs_close
but since the connection may have been reconnected
we also need to check whether the file handle
was marked invalid (otherwise we could close the
wrong file handle by accident).
Acked-by: NJeff Layton <jlayton@redhat.com>
Signed-off-by: NSteve French <sfrench@us.ibm.com>

Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

As gpiolib doesn't support pin multiplexing, it provides no way to
access the GPIOFUNC register. Also there is no support for setting
interrupt status and level. These functions provide access to them and
are needed by the CompactFlash driver.
Signed-off-by: NPhil Sutter <n0-1@freewrt.org>
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

The indy_sc_ops variable in arch/mips/mm/sc-ip22.c is needlessly defined
global, and this patch makes it static.
Signed-off-by: NDmitri Vorobiev <dmitri.vorobiev@movial.fi>
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
---

This patch fixes the wrong use of GPIO register offsets
in devices.c. To avoid further problems, use gpio_get_value
to return the NAND status instead of our own expanded code.

Also define the zero offset of the alternate function register to allow
consistent access.
Signed-off-by: NFlorian Fainelli <florian@openwrt.org>
Signed-off-by: NPhil Sutter <n0-1@freewrt.org>
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

On linux-queue, malta doesn't build after the include file relocation.
This should fix it.

There some occurrences of 'asm-mips' in the comments of quite a few
files, but this is the only place I found it in any code.
Signed-off-by: NDavid Daney <ddaney@avtrex.com>
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

Because "name" is static, it can be occasionally be filled with
somewhat garbage if two processes read /proc/net/snmp6.

Also, remove useless casts and "-1" -- snprintf() correctly terminates it's
output.
Signed-off-by: NAlexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

If the device is suspended with the cable disconnected, then
resumed with the cable connected, dev->open is called before
resume. During resume, we request an IRQ, but the IRQ was
already assigned during dev->open, resulting in the warning
shown below.

Don't request an IRQ if the device is running.

Call Trace:
 [<c011b89a>] warn_on_slowpath+0x40/0x59
 [<c023df15>] raw_pci_read+0x4d/0x55
 [<c023dff3>] pci_read+0x1c/0x21
 [<c01bcd81>] __pci_find_next_cap_ttl+0x44/0x70
 [<c01bce86>] __pci_find_next_cap+0x1a/0x1f
 [<c01bcef9>] pci_find_capability+0x28/0x2c
 [<c01c4144>] pci_msi_check_device+0x53/0x62
 [<c01c49c2>] pci_enable_msi+0x3a/0x1cd
 [<e019f17b>] atl2_write_phy_reg+0x40/0x5f [atl2]
 [<c01061b1>] dma_generic_alloc_coherent+0x0/0xd7
 [<e019f107>] atl2_request_irq+0x15/0x49 [atl2]
 [<e01a1481>] atl2_open+0x20b/0x297 [atl2]
 [<c024a35c>] dev_open+0x62/0x91
 [<c0248b9a>] dev_change_flags+0x93/0x141
 [<c024f308>] do_setlink+0x238/0x2d5
 [<c02501b2>] rtnl_setlink+0xa9/0xbf
 [<c0297f0c>] mutex_lock+0xb/0x19
 [<c024ffa7>] rtnl_dump_ifinfo+0x0/0x69
 [<c0250109>] rtnl_setlink+0x0/0xbf
 [<c024fe42>] rtnetlink_rcv_msg+0x185/0x19f
 [<c0240fd1>] sock_rmalloc+0x23/0x57
 [<c024fcbd>] rtnetlink_rcv_msg+0x0/0x19f
 [<c0259457>] netlink_rcv_skb+0x2d/0x71
 [<c024fcb7>] rtnetlink_rcv+0x14/0x1a
 [<c025929e>] netlink_unicast+0x184/0x1e4
 [<c025992a>] netlink_sendmsg+0x233/0x240
 [<c023f405>] sock_sendmsg+0xb7/0xd0
 [<c0129131>] autoremove_wake_function+0x0/0x2b
 [<c0129131>] autoremove_wake_function+0x0/0x2b
 [<c0147796>] mempool_alloc+0x2d/0x9e
 [<c020c923>] scsi_pool_alloc_command+0x35/0x4f
 [<c0297f0c>] mutex_lock+0xb/0x19
 [<c028e867>] unix_stream_recvmsg+0x357/0x3e2
 [<c01b81c9>] copy_from_user+0x23/0x4f
 [<c02452ea>] verify_iovec+0x3e/0x6c
 [<c023f5ab>] sys_sendmsg+0x18d/0x1f0
 [<c023ffa8>] sys_recvmsg+0x146/0x1c8
 [<c0240016>] sys_recvmsg+0x1b4/0x1c8
 [<c0118f48>] __wake_up+0xf/0x15
 [<c02586cd>] netlink_table_ungrab+0x17/0x19
 [<c01b83ba>] copy_to_user+0x25/0x3b
 [<c023fe4a>] move_addr_to_user+0x50/0x68
 [<c0240266>] sys_getsockname+0x6f/0x9a
 [<c0240280>] sys_getsockname+0x89/0x9a
 [<c015046a>] do_wp_page+0x3ae/0x41a
 [<c0151525>] handle_mm_fault+0x4c5/0x540
 [<c02405d0>] sys_socketcall+0x176/0x1b0
 [<c010376d>] sysenter_do_call+0x12/0x21
Signed-off-by: NAlan Jenkins <alan-jenkins@tuffmail.co.uk>
Signed-off-by: NJay Cliburn <jcliburn@gmail.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

In ip6mr.c, /proc entries /proc/net/ip6_mr_cache and /proc/net/ip6_mr_vif
are opened with seq_open_private(), thus seq_release_private() should be 
used to release them.
Should fix a small memory leak.
Signed-off-by: NBenjamin Thery <benjamin.thery@bull.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>