Our testing uncovered a race condition in ib_sa_event():

	spin_lock_irqsave(&port->ah_lock, flags);
	if (port->sm_ah)
		kref_put(&port->sm_ah->ref, free_sm_ah);
	port->sm_ah = NULL;
	spin_unlock_irqrestore(&port->ah_lock, flags);

	schedule_work(&sa_dev->port[event->element.port_num -
				    sa_dev->start_port].update_task);

If two events occur back-to-back (e.g., client-reregister and LID
change), both may pass the spinlock-protected code above before the
scheduled work updates the port->sm_ah handle.  Then if the scheduled
work ends up running twice, the second operation will then find a
non-NULL port->sm_ah, and will simply overwrite it in update_sm_ah --
resulting in an AH leak.
Signed-off-by: NJack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
  IB/ehca: Use consistent types for ehca_plpar_hcall9()
  IB/ehca: Fix printk format warnings from u64 type change
  IPoIB: Do not print error messages for multicast join retries
  IB/mlx4: Fix memory ordering problem when posting LSO sends
  mlx4_core: Fix min() warning
  IPoIB: Fix deadlock between ipoib_open() and child interface create
  IPoIB: Fix hang in napi_disable() if P_Key is never found

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lrg/voltage-2.6:
  move wm8400-regulator's probe function to .devinit.text

Reading 0 bytes from /sys/devices/platform/dell_rbu/image_type or
/sys/devices/platform/dell_rbu/packet_size by an ordinary user causes an
oops.
Signed-off-by: NPavel Roskin <proski@gnu.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Plug this leak.
Acked-by: NDavid Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>
Cc: <stable@kernel.org>
Signed-off-by: NVegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

A pointer to wm8400_regulator_probe is passed to the core via
platform_driver_register and so the function must not disappear when the
.init sections are discarded.  Otherwise (if also having HOTPLUG=y)
unbinding and binding a device to the driver via sysfs will result in an
oops as does a device being registered late.

An alternative to this patch is using platform_driver_probe instead of
platform_driver_register plus removing the pointer to the probe function
from the struct platform_driver.
Signed-off-by: NUwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: NLiam Girdwood <lrg@slimlogic.co.uk>

ehca_plpar_hcall9() takes an unsigned long array, so make all callers
pass that in.  This fixes warnings introduced by commit fe333321
("powerpc: Change u64/s64 to a long long integer type"), which changed
u64 from unsigned long to unsigned long long.
Signed-off-by: NStephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

Commit fe333321 ("powerpc: Change u64/s64 to a long long integer
type") changed u64 from unsigned long to unsigned long long, which
means that printk formats for printing u64 values should use "ll"
instead of "l" to avoid warnings.  Fix all the places affected by this
in ehca.
Signed-off-by: NStephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

When IPoIB tries to join a multicast group, and the SA module's SM
address handle is NULL (because of an SM change, etc), the join
returns with -EAGAIN status.  In that case, don't print an error
message unless multicast debugging is enabled.
Signed-off-by: NYossi Etigin <yosefe@voltaire.com>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

The current work request posting code writes the LSO segment before
writing any data segments.  This leaves a window where the LSO segment
overwrites the stamping in one cacheline that the HCA prefetches
before the rest of the cacheline is filled with the correct data
segments.  When the HCA processes this work request, a local
protection error may result.

Fix this by saving the LSO header size field off and writing it only
after all data segments are written.  This fix is a cleaned-up version
of a patch from Jack Morgenstein <jackm@dev.mellanox.co.il>.

This fixes <https://bugs.openfabrics.org/show_bug.cgi?id=1383>.
Reported-by: NJack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6: (23 commits)
  ACPI PCI hotplug: harden against panic regression
  ACPI: rename main.c to sleep.c
  dell-laptop: move to drivers/platform/x86/ from drivers/misc/
  eeepc-laptop: enable Bluetooth ACPI details
  ACPI: fix ACPI_FADT_S4_RTC_WAKE comment
  kprobes: check CONFIG_FREEZER instead of CONFIG_PM
  PM: Fix freezer compilation if PM_SLEEP is unset
  thermal fixup for broken BIOS which has invalid trip points.
  ACPI: EC: Don't trust ECDT tables from ASUS
  ACPI: EC: Limit workaround for ASUS notebooks even more
  ACPI: thinkpad-acpi: bump up version to 0.22
  ACPI: thinkpad-acpi: handle HKEY event 6030
  ACPI: thinkpad-acpi: clean-up fan subdriver quirk
  ACPI: thinkpad-acpi: start the event hunt season
  ACPI: thinkpad-acpi: handle HKEY thermal and battery alarms
  ACPI: thinkpad-acpi: clean up hotkey_notify()
  ACPI: thinkpad-acpi: use killable instead of interruptible mutexes
  ACPI: thinkpad-acpi: add UWB radio support
  ACPI: thinkpad-acpi: preserve radio state across shutdown
  ACPI: thinkpad-acpi: resume with radios disabled
  ...

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
  netxen: include ipv6.h (fixes build failure)
  netxen: avoid invalid iounmap

ACPI hotplug panic with current git head
http://lkml.org/lkml/2009/1/10/136

Rather than reverting the entire commit that causes the crash:
e8c331e9
"PCI hotplug: introduce functions for ACPI slot detection"

simply harden against it while the changes to
the hotplug code on this particularl machine are understood.
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>
Acked-by: NJesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: NLen Brown <len.brown@intel.com>

Signed-off-by: NLen Brown <len.brown@intel.com>

Signed-off-by: NLen Brown <len.brown@intel.com>

Although rfkill support for the EEE bluetooth device has been added to
2.6.28-rc the appropriate ACPI accessor definitions were not added, so
the support was non functional. The patch below adds the get and set
accessors and has been verified to work on an EEE 901.
Signed-off-by: NJonathan McDowell <noodles@earth.li>
Acked-by: NMatthew Garrett <mjg@redhat.com>
Acked-by: NCorentin Chary <corentincj@iksaif.net>
Signed-off-by: NLen Brown <len.brown@intel.com>

Make the comment for ACPI_FADT_S4_RTC_WAKE match the ACPI spec;
that bit has nothing to do with status bits.
Signed-off-by: NDavid Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLen Brown <len.brown@intel.com>

Check CONFIG_FREEZER instead of CONFIG_PM because kprobe booster
depends on freeze_processes() and thaw_processes() when CONFIG_PREEMPT=y.

This fixes a linkage error which occurs when CONFIG_PREEMPT=y, CONFIG_PM=y
and CONFIG_FREEZER=n.
Reported-by: NCheng Renquan <crquan@gmail.com>
Signed-off-by: NMasami Hiramatsu <mhiramat@redhat.com>
Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl>
Acked-by: NIngo Molnar <mingo@elte.hu>
Signed-off-by: NLen Brown <len.brown@intel.com>

Freezer fails to compile if with the following configuration
settings:

CONFIG_CGROUPS=y
CONFIG_CGROUP_FREEZER=y
CONFIG_MODULES=y
CONFIG_FREEZER=y
CONFIG_PM=y
CONFIG_PM_SLEEP=n

Fix this by making process.o compilation depend on CONFIG_FREEZER.
Reported-by: NCheng Renquan <crquan@gmail.com>
Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl>
Acked-by: NPavel Machek <pavel@suse.cz>
Signed-off-by: NLen Brown <len.brown@intel.com>

ACPI thermal driver only re-evaluate VALID trip points.

For the broken BIOS show in
http://bugzilla.kernel.org/show_bug.cgi?id=8544
the active[0] is set to invalid at boot time
and it will not be re-evaluated again.
We can still get a single warning message at boot time.

http://marc.info/?l=linux-kernel&m=120496222629983&w=2

http://bugzilla.kernel.org/show_bug.cgi?id=12203

Signed-off-by: Zhang Rui<rui.zhang@intel.com>
Tested-by: NMárton Németh <nm127@freemail.hu>
Signed-off-by: NLen Brown <len.brown@intel.com>

Fixes a build error in absence of CONFIG_IPV6:

drivers/net/netxen/netxen_nic_main.c:1189: error: implicit declaration of function 'ipv6_hdr'
drivers/net/netxen/netxen_nic_main.c:1189: error: invalid type argument of '->'
Reported-by: NIngo Molnar <mingo@elte.hu>
Signed-off-by: NDhananjay Phadke <dhananjay@netxen.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

http://bugzilla.kernel.org/show_bug.cgi?id=9399
http://bugzilla.kernel.org/show_bug.cgi?id=11880Signed-off-by: NAlexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: NLen Brown <len.brown@intel.com>

For NX3031 only one I/O range is mapped, so unmapping other
two which are used by older chips, causes this warning on
ppc64.

"Attempt to iounmap early bolted mapping at 0x0000000000000000"
Signed-off-by: NDhananjay Phadke <dhananjay@netxen.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

References: http://bugzilla.kernel.org/show_bug.cgi?id=11884Signed-off-by: NAlexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: NLen Brown <len.brown@intel.com>

* git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable:
  Btrfs: fix ioctl arg size (userland incompatible change!)
  Btrfs: Clear the device->running_pending flag before bailing on congestion

The structure used to send device in btrfs ioctl calls was not
properly aligned, and so 32 bit ioctls would not work properly on
64 bit kernels.

We could fix this with compat ioctls, but we're just one byte away
and it doesn't make sense at this stage to carry about the compat ioctls
forever at this stage in the project.

This patch brings the ioctl arg up to an evenly aligned 4k.
Signed-off-by: NChris Mason <chris.mason@oracle.com>

Btrfs maintains a queue of async bio submissions so the checksumming
threads don't have to wait on get_request_wait.  In order to avoid
extra wakeups, this code has a running_pending flag that is used
to tell new submissions they don't need to wake the thread.

When the threads notice congestion on a single device, they
may decide to requeue the job and move on to other devices.  This
makes sure the running_pending flag is cleared before the
job is requeued.

It should help avoid IO stalls by making sure the task is woken up
when new submissions come in.
Signed-off-by: NChris Mason <chris.mason@oracle.com>

* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
  serial: Add 16850 uart type support to OF uart driver
  hvc_console: Remove tty->low_latency
  powerpc: Get the number of SLBs from "slb-size" property
  powerpc: is_hugepage_only_range() must account for both 4kB and 64kB slices
  powerpc/ps3: printing fixups for l64 to ll64 conversion drivers/video
  powerpc/ps3: Printing fixups for l64 to ll64 conversion drivers/scsi
  powerpc/ps3: Printing fixups for l64 to ll64 conversion drivers/ps3
  powerpc/ps3: Printing fixups for l64 to ll64 conversion sound/ppc
  powerpc/ps3: Printing fixups for l64 to ll64 conversion drivers/char
  powerpc/ps3: Printing fixups for l64 to ll64 conversion drivers/block
  powerpc/ps3: Printing fixups for l64 to ll64 conversion arch/powerpc
  powerpc/ps3: ps3_repository_read_mm_info() takes u64 * arguments
  powerpc/ps3: clear_bit()/set_bit() operate on unsigned longs
  powerpc/ps3: The lv1_ routines have u64 parameters
  powerpc/ps3: Use dma_addr_t down through the stack
  powerpc/ps3: set_dabr() takes an unsigned long
  powerpc: Cleanup from l64 to ll64 change drivers/scsi

* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
  sata_fsl: Return non-zero on error in probe()
  drivers/ata/pata_ali.c: s/isa_bridge/ali_isa_bridge/ to fix alpha build
  libata: New driver for OCTEON SOC Compact Flash interface (v7).
  libata: Add another column to the ata_timing table.
  sata_via: Add VT8261 support
  pata_atiixp: update port enabledness test handling
  [libata] get-identity ioctl: Fix use of invalid memory pointer

* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
  [SCSI] Skip deleted devices in __scsi_device_lookup_by_target()
  [SCSI] Add SUN Universal Xport to no attach blacklist
  [SCSI] iscsi_tcp: make padbuf non-static
  [SCSI] mpt fusion: Add Firmware debug support
  [SCSI] mpt fusion: Add separate msi enable disable for FC,SPI,SAS
  [SCSI] mpt fusion: Update MPI Headers to version 01.05.19
  [SCSI] qla2xxx: Fix ISP restart bug in multiq code

* 'drm-next' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
  drm/i915: lock correct mutex around object unreference.
  drm/i915: add support for physical memory objects
  drm/i915: make LVDS fixed mode a preferred mode
  drm: handle depth & bpp changes correctly
  drm: initial KMS config fixes
  drm/i915: setup sarea properly in master_priv
  drm/i915: set vblank enabled flag correctly across IRQ install/uninstall
  drm/i915: don't enable vblanks on disabled pipes

This reverts commit 98e6e286, as Yinghai
Lu reports that it breaks kexec with at least the e1000 and e1000e
drivers.  The reason is that the shutdown sequence puts the hardware
into D3 sleep, and the commit causes us to claim that it then is in D0
(running) state just because we don't understand the PM capabilities.

Which then later makes "pci_set_power_state()" not do anything, and the
device never wakes up properly and just returns 0xff to everything.
Reported-by: NYinghai Lu <yinghai@kernel.org>
Acked-by: NFrom: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Jesse Barnes <jesse.barnes@intel.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

while I was looking over kernel sources I've found this small bug.

Formerly, zero was returned even if an error happened.
Signed-off-by: NMichal Sojka <sojkam1@fel.cvut.cz>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

drivers/ata/pata_ali.c:44: error: static declaration of 'isa_bridge' follows non-static declaration
arch/alpha/include/asm/pci.h:274: error: previous declaration of 'isa_bridge' was here

Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Jeff Garzik <jeff@garzik.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

Cavium OCTEON processor support was recently merged, so now we have
this CF driver for your consideration.

Most OCTEON variants have *no* DMA or interrupt support on the CF
interface so for these, only PIO is supported.  Although if DMA is
available, we do take advantage of it.
Signed-off-by: NDavid Daney <ddaney@caviumnetworks.com>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>