Replace the introduced i_sem by an i_mutex in the filesystem locking
documentation. This was introduced [1] after all occurrences were
already replaced in the same text [2]. However, the term "inode
semaphore" has not been replaced then, and it's replaced now.

[1] afddba49
[2] a7bc02f4Signed-off-by: NThadeu Lima de Souza Cascardo <cascardo@holoscopio.com>
Cc: Nick Piggin <npiggin@suse.de>
Cc: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Cc: Randy Dunlap <rdunlap@xenotime.net>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

The i386 subarch happens to pull in original NR_syscalls. Maybe we can
make that work for all host arch, but for now just avoid the clash by
using an all-upper-case name.

  CC      arch/um/kernel/skas/syscall.o/data/linux-2.6/arch/um/kernel/skas/syscall.c:13:1: warning: "NR_syscalls" redefined
In file included from /data/linux-2.6/arch/x86/include/asm/unistd.h:3,
                 from /data/linux-2.6/arch/um/sys-i386/shared/sysdep/syscalls.h:6,
                 from /data/linux-2.6/arch/um/kernel/skas/syscall.c:10:
/data/linux-2.6/arch/x86/include/asm/unistd_32.h:349:1: warning: this is the location of the previous definition
Signed-off-by: NJan Kiszka <jan.kiszka@web.de>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

s/seperate/separate
Signed-off-by: NAnand Gadiyar <gadiyar@ti.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

Since the drivers probe call was changed from .init.text
to .devinit.text in commit c2e13037
the fb_fix_screeninfo structure must be
changed from .init.data to .devinit.data, too.
Signed-off-by: NHenrik Kretzschmar <henne@nachtwindheim.de>
Tested-by: NRalf Baechle <ralf@linux-mips.org>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

The location of the sparse web page and git tree were no longer
valid.  This changes them to point to the current versions.
Signed-off-by: NBill Pemberton <wfp5p@virginia.edu>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

discontiguous => discontinuous
coealesce => coalesce
Signed-off-by: NThomas Weber <weber@corscience.de>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

This is just a cleanup and doesn't change how the code works.

The original code had a mix of returns and gotos so I changed everything
to just return directly.
Signed-off-by: NDan Carpenter <error27@gmail.com>
Reviewed-by: NChristoph Lameter <cl@linux-foundation.org>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

Fix obvious cases of "it's" being used when "its" was meant.
Signed-off-by: NFrancis Galiegue <fgaliegue@gmail.com>
Acked-by: NRandy Dunlap <rdunlap@xenotime.net>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

* 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6:
  [S390] zcore: Fix reipl device detection
  [S390] vdso: use ntp adjusted clock multiplier
  [S390] cio: use exception-save stsch
  [S390] add hook to reenable mss after hibernation
  [S390] cio: allow enable_facility from outside init functions
  [S390] dasd: fix endless loop in erp

The reipl device information is passed from the kernel to zfcpdump
using a pointer in the lowcore (0xe00) that points to the reipl
information Currently if that pointer is not zero, we copy the reipl
information. If the pointer is not initialized and points outside
the accessible memory, it can happen that the memory copy fails.
In that case we currently stop the initialization of zcore which leads
to a failing kernel dump. The correct behavior is to disable the reipl
after dump and continue with zcore intialization.
Signed-off-by: NMichael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>

Commit "timekeeping: Fix clock_gettime vsyscall time warp" (0696b711)
introduced the new parameter "mult" to update_vsyscall(). This parameter
contains the internal NTP adjusted clock multiplier.

The s390x vdso did not use this adjusted multiplier.  Instead, it used
the constant clock multiplier for gettimeofday() and clock_gettime()
variants.  This may result in observable time warps as explained in
commit 0696b711.

Make the NTP adjusted clock multiplier available to the s390x vdso
implementation and use it for time calculations.

Cc: <stable@kernel.org>
Signed-off-by: NHendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>

Using stsch on schids with ssid != 0 can lead to an operand
exception. Use stsch_err to handle potential exceptions
if we fail to reenable mss after hibernation.

Cc: <stable@kernel.org>
Signed-off-by: NSebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>

Reenable multiple subchannel sets after hibernation,
prior to the device callbacks.

Cc: <stable@kernel.org>
Signed-off-by: NSebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>

Prepare chsc_enable_facility to be used from outside init functions.
Use static memory for the chsc call and protect its access by a
spinlock (although there is no concurrent usage).

Cc: <stable@kernel.org>
Signed-off-by: NSebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>

If not enough memory is available to build a new erp request it ended
up in an endless loop trying to build erp requests. Fixed the loop to
proceed the next request instead.
Signed-off-by: NStefan Haberland <stefan.haberland@de.ibm.com>
Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>

* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
  [SCSI] bnx2i: Bug fixes related to MTU change issue when there are active iscsi sessions
  [SCSI] ibmvscsi: fix DMA API misuse
  [SCSI] wd7000: fix reset handler typo spin_unlock_irq() => spin_lock_irq()
  [SCSI] zfcp: Fix tracing of requests with error status
  [SCSI] zfcp: Update MAINTAINERS entry
  [SCSI] iscsi_tcp: fix relogin/shutdown hang
  [SCSI] qla2xxx: fix lock imbalance
  [SCSI] lpfc: fix lock imbalances
  [SCSI] be2iscsi: fix lock imbalance
  [SCSI] dpt_i2o: several use after free issues

The virtio balloon driver can dig into the reservation pools of the OS
to satisfy a balloon request.  This is not advisable and other balloon
drivers (drivers/xen/balloon.c) avoid this as well.

The patch also adds changes to avoid printing a warning if allocation
fails, since we retry after sometime anyway.
Signed-off-by: NBalbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
Cc: kvm <kvm@vger.kernel.org>
Cc: stable@kernel.org
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

* 'for-linus/i2c' of git://git.fluff.org/bjdooks/linux:
  i2c-stu300: off by one issue
  i2c-pnx: Add stop conditions for end of transfer
  i2c-pnx: Limit maximum divider to 1023
  i2c-omap: fix OOPS in omap_i2c_unidle() during probe
  i2c-imx: fix error handling

When the dt3155 driver is built-in (not as a loadable module),
these build errors happen:

  drivers/staging/dt3155/dt3155_drv.c:1047: error: implicit declaration of function 'request_irq'
  drivers/staging/dt3155/dt3155_drv.c:1048: error: 'IRQF_SHARED' undeclared (first use in this function)
  drivers/staging/dt3155/dt3155_drv.c:1048: error: 'IRQF_DISABLED' undeclared (first use in this function)
  drivers/staging/dt3155/dt3155_drv.c:1091: error: implicit declaration of function 'free_irq'

so remove the #ifdef MODULE check since it's not needed.  Also remove
the CONFIG_PCI check since the Kconfig file already requires that.
Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
Cc: Scott Smedley <ss@aao.gov.au>
Tested-by: NJan III Sobieski <jan3sobi3ski@gmail.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  security: testing the wrong variable in create_by_name()
  CRED: Fix a race in creds_are_invalid() in credentials debugging
  CRED: Fix double free in prepare_usermodehelper_creds() error handling

There is a typo here.  We should be testing "*dentry" instead of
"dentry".  If "*dentry" is an ERR_PTR, it gets dereferenced in either
mkdir() or create() which would cause an OOPs.
Signed-off-by: NDan Carpenter <error27@gmail.com>
Signed-off-by: NJames Morris <jmorris@namei.org>

creds_are_invalid() reads both cred->usage and cred->subscribers and then
compares them to make sure the number of processes subscribed to a cred struct
never exceeds the refcount of that cred struct.

The problem is that this can cause a race with both copy_creds() and
exit_creds() as the two counters, whilst they are of atomic_t type, are only
atomic with respect to themselves, and not atomic with respect to each other.

This means that if creds_are_invalid() can read the values on one CPU whilst
they're being modified on another CPU, and so can observe an evolving state in
which the subscribers count now is greater than the usage count a moment
before.

Switching the order in which the counts are read cannot help, so the thing to
do is to remove that particular check.

I had considered rechecking the values to see if they're in flux if the test
fails, but I can't guarantee they won't appear the same, even if they've
changed several times in the meantime.

Note that this can only happen if CONFIG_DEBUG_CREDENTIALS is enabled.

The problem is only likely to occur with multithreaded programs, and can be
tested by the tst-eintr1 program from glibc's "make check".  The symptoms look
like:

	CRED: Invalid credentials
	CRED: At include/linux/cred.h:240
	CRED: Specified credentials: ffff88003dda5878 [real][eff]
	CRED: ->magic=43736564, put_addr=(null)
	CRED: ->usage=766, subscr=766
	CRED: ->*uid = { 0,0,0,0 }
	CRED: ->*gid = { 0,0,0,0 }
	CRED: ->security is ffff88003d72f538
	CRED: ->security {359, 359}
	------------[ cut here ]------------
	kernel BUG at kernel/cred.c:850!
	...
	RIP: 0010:[<ffffffff81049889>]  [<ffffffff81049889>] __invalid_creds+0x4e/0x52
	...
	Call Trace:
	 [<ffffffff8104a37b>] copy_creds+0x6b/0x23f

Note the ->usage=766 and subscr=766.  The values appear the same because
they've been re-read since the check was made.
Reported-by: NRoland McGrath <roland@redhat.com>
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Signed-off-by: NJames Morris <jmorris@namei.org>

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
  m68knommu: allow 4 coldfire serial ports
  m68knommu: fix coldfire tcdrain
  m68knommu: remove a duplicate vector setting line for 68360
  Fix m68k-uclinux's rt_sigreturn trampoline
  m68knommu: correct the CC flags for Coldfire M5272 targets
  uclinux: error message when FLAT reloc symbol is invalid, v2

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lrg/voltage-2.6:
  mc13783-regulator: fix a memory leak in mc13783_regulator_remove
  regulator: Let drivers know when they use the stub API

* git://git.kernel.org/pub/scm/linux/kernel/git/joern/logfs:
  [LogFS] Split large truncated into smaller chunks
  [LogFS] Set s_bdi
  [LogFS] Prevent mempool_destroy NULL pointer dereference
  [LogFS] Move assertion
  [LogFS] Plug 8 byte information leak
  [LogFS] Prevent memory corruption on large deletes
  [LogFS] Remove unused method

Fix trivial conflict with added header includes in fs/logfs/super.c

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shaggy/jfs-2.6:
  jfs: add jfs specific ->setattr call
  jfs: fix diAllocExt error in resizing filesystem
  jfs_dmap.[ch]: trivial typo fix: s/heigth/height/g

* 'kvm-updates/2.6.34' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: x86: Fix TSS size check for 16-bit tasks
  KVM: Add missing srcu_read_lock() for kvm_mmu_notifier_release()
  KVM: Increase NR_IOBUS_DEVS limit to 200
  KVM: fix the handling of dirty bitmaps to avoid overflows
  KVM: MMU: fix kvm_mmu_zap_page() and its calling path
  KVM: VMX: Save/restore rflags.vm correctly in real mode
  KVM: allow bit 10 to be cleared in MSR_IA32_MC4_CTL
  KVM: Don't spam kernel log when injecting exceptions due to bad cr writes
  KVM: SVM: Fix memory leaks that happen when svm_create_vcpu() fails
  KVM: take srcu lock before call to complete_pio()

* 'for-linus' of git://neil.brown.name/md:
  md/raid5: allow for more than 2^31 chunks.

In the error handling in afs_mntpt_do_automount(), we pass an error
pointer to page_cache_release() if read_mapping_page() failed.  Instead,
we should extend the gotos around the error handling we don't need.
Reported-by: NDan Carpenter <error27@gmail.com>
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

A 16-bit TSS is only 44 bytes long. So make sure to test for the correct
size on task switch.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAvi Kivity <avi@redhat.com>

I got this dmesg due to srcu_read_lock() is missing in
kvm_mmu_notifier_release().

===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
arch/x86/kvm/x86.h:72 invoked rcu_dereference_check() without protection!

other info that might help us debug this:

rcu_scheduler_active = 1, debug_locks = 0
2 locks held by qemu-system-x86/3100:
 #0:  (rcu_read_lock){.+.+..}, at: [<ffffffff810d73dc>] __mmu_notifier_release+0x38/0xdf
 #1:  (&(&kvm->mmu_lock)->rlock){+.+...}, at: [<ffffffffa0130a6a>] kvm_mmu_zap_all+0x21/0x5e [kvm]

stack backtrace:
Pid: 3100, comm: qemu-system-x86 Not tainted 2.6.34-rc3-22949-gbc8a97a-dirty #2
Call Trace:
 [<ffffffff8106afd9>] lockdep_rcu_dereference+0xaa/0xb3
 [<ffffffffa0123a89>] unalias_gfn+0x56/0xab [kvm]
 [<ffffffffa0119600>] gfn_to_memslot+0x16/0x25 [kvm]
 [<ffffffffa012ffca>] gfn_to_rmap+0x17/0x6e [kvm]
 [<ffffffffa01300c1>] rmap_remove+0xa0/0x19d [kvm]
 [<ffffffffa0130649>] kvm_mmu_zap_page+0x109/0x34d [kvm]
 [<ffffffffa0130a7e>] kvm_mmu_zap_all+0x35/0x5e [kvm]
 [<ffffffffa0122870>] kvm_arch_flush_shadow+0x16/0x22 [kvm]
 [<ffffffffa01189e0>] kvm_mmu_notifier_release+0x15/0x17 [kvm]
 [<ffffffff810d742c>] __mmu_notifier_release+0x88/0xdf
 [<ffffffff810d73dc>] ? __mmu_notifier_release+0x38/0xdf
 [<ffffffff81040848>] ? exit_mm+0xe0/0x115
 [<ffffffff810c2cb0>] exit_mmap+0x2c/0x17e
 [<ffffffff8103c472>] mmput+0x2d/0xd4
 [<ffffffff81040870>] exit_mm+0x108/0x115
[...]
Signed-off-by: NLai Jiangshan <laijs@cn.fujitsu.com>
Signed-off-by: NAvi Kivity <avi@redhat.com>

Fix driver/serial/mcf.c for 4-ports coldfire's (e.g. MCF5484).
Signed-off-by: NPhilippe De Muyter <phdm@macqel.be>
Signed-off-by: NGreg Ungerer <gerg@uclinux.org>

Fix tcdrain on coldfire uarts.
Currently with coldfire uarts tcdrain returns without waiting for txempty,
because (tx)fifosize is 0.  Fix that and call uart_update_timeout when
setting the baud rate, otherwise tcdrain will wait for an half our :)
Also constify mcf_uart_ops.
Signed-off-by: NPhilippe De Muyter <phdm@macqel.be>
Signed-off-by: NGreg Ungerer <gerg@uclinux.org>

Remove a duplicate vector setting line for the 68360 interrupt
setup. Pointed out by Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: NGreg Ungerer <gerg@uclinux.org>

Signed-off-by: NMaxim Kuvyrkov <maxim@codesourcery.com>
Signed-off-by: NGreg Ungerer <gerg@uclinux.org>

Signed-off-by: NPhilip Nye <philipn@engarts.com>
Signed-off-by: NGreg Ungerer <gerg@uclinux.org>

This patch fixes a cosmetic error in printk. Text segment and data/bss
segment are allocated from two different areas. It is not meaningful to
give the diff between them in the error reporting messages.
Signed-off-by: NJun Sun <jsun@junsun.net>
Signed-off-by: NGreg Ungerer <gerg@uclinux.org>

We can't pull in linux/sched.h due to circular dependency, so just
forward-declare the struct.

This fixes the following warning:

  CC      arch/um/sys-i386/elfcore.o
In file included from /data/linux-2.6/include/linux/elf.h:8,
                 from /data/linux-2.6/arch/um/sys-i386/elfcore.c:2:
arch/um/sys-i386/asm/elf.h:78: warning: ‘struct task_struct’ declared inside parameter list
arch/um/sys-i386/asm/elf.h:78: warning: its scope is only this definition or declaration, which is probably not what you want

I guess not many people build against i386 hosts anymore, so this
remained widely unnoticed.
Signed-off-by: NJan Kiszka <jan.kiszka@web.de>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

Patch 570b8fb5:

	Author: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
	Date:   Tue Mar 30 00:04:00 2010 +0100
	Subject: CRED: Fix memory leak in error handling

attempts to fix a memory leak in the error handling by making the offending
return statement into a jump down to the bottom of the function where a
kfree(tgcred) is inserted.

This is, however, incorrect, as it does a kfree() after doing put_cred() if
security_prepare_creds() fails.  That will result in a double free if 'error'
is jumped to as put_cred() will also attempt to free the new tgcred record by
virtue of it being pointed to by the new cred record.
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Signed-off-by: NJames Morris <jmorris@namei.org>