aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitignore1
-rw-r--r--Documentation/filesystems/vfs.txt3
-rw-r--r--Documentation/kbuild/makefiles.txt10
-rw-r--r--Documentation/kernel-parameters.txt38
-rw-r--r--Documentation/lguest/.gitignore1
-rw-r--r--Documentation/lguest/lguest.txt11
-rw-r--r--MAINTAINERS22
-rw-r--r--Makefile2
-rw-r--r--arch/arm/kernel/sys_oabi-compat.c19
-rw-r--r--arch/frv/kernel/setup.c1
-rw-r--r--arch/ia64/include/asm/paravirt_privop.h2
-rw-r--r--arch/ia64/kernel/smp.c14
-rw-r--r--arch/s390/kernel/compat_linux.c18
-rw-r--r--arch/sparc/kernel/sys_sparc32.c19
-rw-r--r--arch/x86/ia32/sys_ia32.c19
-rw-r--r--arch/x86/include/asm/lguest_hcall.h2
-rw-r--r--arch/x86/lguest/boot.c16
-rw-r--r--drivers/acpi/sleep.c8
-rw-r--r--drivers/base/core.c3
-rw-r--r--drivers/char/agp/generic.c4
-rw-r--r--drivers/char/vt.c2
-rw-r--r--drivers/gpu/drm/drm_stub.c11
-rw-r--r--drivers/gpu/drm/drm_sysfs.c1
-rw-r--r--drivers/gpu/drm/via/via_dma.c12
-rw-r--r--drivers/ide/cs5536.c1
-rw-r--r--drivers/ide/hpt366.c14
-rw-r--r--drivers/ide/ide-io.c11
-rw-r--r--drivers/ide/pmac.c2
-rw-r--r--drivers/lguest/lg.h3
-rw-r--r--drivers/lguest/segments.c13
-rw-r--r--drivers/lguest/x86/core.c9
-rw-r--r--drivers/md/bitmap.c7
-rw-r--r--drivers/md/md.c41
-rw-r--r--drivers/md/md.h21
-rw-r--r--drivers/md/raid5.c7
-rw-r--r--drivers/virtio/virtio_balloon.c3
-rw-r--r--fs/autofs/dirhash.c34
-rw-r--r--fs/autofs4/dev-ioctl.c12
-rw-r--r--fs/btrfs/ioctl.c49
-rw-r--r--fs/btrfs/super.c13
-rw-r--r--fs/cifs/CHANGES3
-rw-r--r--fs/cifs/cifs_spnego.c2
-rw-r--r--fs/cifs/cifsfs.c48
-rw-r--r--fs/cifs/cifsglob.h3
-rw-r--r--fs/cifs/cifspdu.h8
-rw-r--r--fs/cifs/cifssmb.c6
-rw-r--r--fs/cifs/connect.c205
-rw-r--r--fs/cifs/dir.c145
-rw-r--r--fs/cifs/dns_resolve.c2
-rw-r--r--fs/cifs/file.c127
-rw-r--r--fs/cifs/inode.c77
-rw-r--r--fs/cifs/readdir.c6
-rw-r--r--fs/cifs/sess.c47
-rw-r--r--fs/compat.c37
-rw-r--r--fs/compat_ioctl.c7
-rw-r--r--fs/dcache.c1
-rw-r--r--fs/ecryptfs/miscdev.c15
-rw-r--r--fs/filesystems.c2
-rw-r--r--fs/namei.c2
-rw-r--r--fs/namespace.c7
-rw-r--r--fs/ncpfs/ioctl.c21
-rw-r--r--fs/nfs/nfs3xdr.c3
-rw-r--r--fs/nfsd/nfs4recover.c46
-rw-r--r--fs/nfsd/vfs.c34
-rw-r--r--fs/stat.c137
-rw-r--r--fs/sysfs/bin.c13
-rw-r--r--fs/xattr.c10
-rw-r--r--fs/xfs/linux-2.6/xfs_ioctl.c23
-rw-r--r--fs/xfs/linux-2.6/xfs_ioctl32.c12
-rw-r--r--include/linux/fs.h5
-rw-r--r--include/linux/reiserfs_fs_sb.h2
-rw-r--r--include/linux/seccomp.h2
-rw-r--r--include/linux/suspend.h36
-rw-r--r--include/linux/syscalls.h2
-rw-r--r--kernel/audit_tree.c3
-rw-r--r--kernel/power/main.c24
-rw-r--r--kernel/resource.c46
-rw-r--r--lib/kobject.c3
-rw-r--r--mm/vmscan.c5
-rw-r--r--scripts/Makefile.build3
-rw-r--r--scripts/Makefile.lib9
-rw-r--r--security/smack/smack_lsm.c11
-rw-r--r--sound/pci/emu10k1/io.c2
-rw-r--r--sound/pci/hda/hda_codec.c8
-rw-r--r--sound/pci/hda/hda_intel.c2
-rw-r--r--sound/pci/hda/patch_analog.c8
-rw-r--r--sound/pci/hda/patch_sigmatel.c10
-rw-r--r--sound/pci/intel8x0.c12
-rw-r--r--sound/soc/omap/omap-mcbsp.c7
-rw-r--r--sound/soc/omap/osk5912.c4
-rw-r--r--sound/soc/pxa/pxa-ssp.c1
-rw-r--r--sound/soc/s3c24xx/jive_wm8750.c12
-rw-r--r--sound/soc/s3c24xx/s3c-i2s-v2.c18
-rw-r--r--sound/soc/s3c24xx/s3c2412-i2s.c2
94 files changed, 958 insertions, 807 deletions
diff --git a/.gitignore b/.gitignore
index 869e1a3b64b6..51bd99d6a260 100644
--- a/.gitignore
+++ b/.gitignore
@@ -49,6 +49,7 @@ include/linux/compile.h
49include/linux/version.h 49include/linux/version.h
50include/linux/utsrelease.h 50include/linux/utsrelease.h
51include/linux/bounds.h 51include/linux/bounds.h
52include/generated
52 53
53# stgit generated dirs 54# stgit generated dirs
54patches-* 55patches-*
diff --git a/Documentation/filesystems/vfs.txt b/Documentation/filesystems/vfs.txt
index deeeed0faa8f..f49eecf2e573 100644
--- a/Documentation/filesystems/vfs.txt
+++ b/Documentation/filesystems/vfs.txt
@@ -277,8 +277,7 @@ or bottom half).
277 unfreeze_fs: called when VFS is unlocking a filesystem and making it writable 277 unfreeze_fs: called when VFS is unlocking a filesystem and making it writable
278 again. 278 again.
279 279
280 statfs: called when the VFS needs to get filesystem statistics. This 280 statfs: called when the VFS needs to get filesystem statistics.
281 is called with the kernel lock held
282 281
283 remount_fs: called when the filesystem is remounted. This is called 282 remount_fs: called when the filesystem is remounted. This is called
284 with the kernel lock held 283 with the kernel lock held
diff --git a/Documentation/kbuild/makefiles.txt b/Documentation/kbuild/makefiles.txt
index d4b05672f9f7..d76cfd8712e1 100644
--- a/Documentation/kbuild/makefiles.txt
+++ b/Documentation/kbuild/makefiles.txt
@@ -316,6 +316,16 @@ more details, with real examples.
316 #arch/m68k/fpsp040/Makefile 316 #arch/m68k/fpsp040/Makefile
317 ldflags-y := -x 317 ldflags-y := -x
318 318
319 subdir-ccflags-y, subdir-asflags-y
320 The two flags listed above are similar to ccflags-y and as-falgs-y.
321 The difference is that the subdir- variants has effect for the kbuild
322 file where tey are present and all subdirectories.
323 Options specified using subdir-* are added to the commandline before
324 the options specified using the non-subdir variants.
325
326 Example:
327 subdir-ccflags-y := -Werror
328
319 CFLAGS_$@, AFLAGS_$@ 329 CFLAGS_$@, AFLAGS_$@
320 330
321 CFLAGS_$@ and AFLAGS_$@ only apply to commands in current 331 CFLAGS_$@ and AFLAGS_$@ only apply to commands in current
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index a19f021f081a..600cdd72900c 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -231,6 +231,35 @@ and is between 256 and 4096 characters. It is defined in the file
231 power state again in power transition. 231 power state again in power transition.
232 1 : disable the power state check 232 1 : disable the power state check
233 233
234 acpi_sci= [HW,ACPI] ACPI System Control Interrupt trigger mode
235 Format: { level | edge | high | low }
236
237 acpi_serialize [HW,ACPI] force serialization of AML methods
238
239 acpi_skip_timer_override [HW,ACPI]
240 Recognize and ignore IRQ0/pin2 Interrupt Override.
241 For broken nForce2 BIOS resulting in XT-PIC timer.
242
243 acpi_sleep= [HW,ACPI] Sleep options
244 Format: { s3_bios, s3_mode, s3_beep, s4_nohwsig,
245 old_ordering, s4_nonvs }
246 See Documentation/power/video.txt for information on
247 s3_bios and s3_mode.
248 s3_beep is for debugging; it makes the PC's speaker beep
249 as soon as the kernel's real-mode entry point is called.
250 s4_nohwsig prevents ACPI hardware signature from being
251 used during resume from hibernation.
252 old_ordering causes the ACPI 1.0 ordering of the _PTS
253 control method, with respect to putting devices into
254 low power states, to be enforced (the ACPI 2.0 ordering
255 of _PTS is used by default).
256 s4_nonvs prevents the kernel from saving/restoring the
257 ACPI NVS memory during hibernation.
258
259 acpi_use_timer_override [HW,ACPI]
260 Use timer override. For some broken Nvidia NF5 boards
261 that require a timer override, but don't have HPET
262
234 acpi_enforce_resources= [ACPI] 263 acpi_enforce_resources= [ACPI]
235 { strict | lax | no } 264 { strict | lax | no }
236 Check for resource conflicts between native drivers 265 Check for resource conflicts between native drivers
@@ -250,6 +279,9 @@ and is between 256 and 4096 characters. It is defined in the file
250 ad1848= [HW,OSS] 279 ad1848= [HW,OSS]
251 Format: <io>,<irq>,<dma>,<dma2>,<type> 280 Format: <io>,<irq>,<dma>,<dma2>,<type>
252 281
282 add_efi_memmap [EFI; X86] Include EFI memory map in
283 kernel's map of available physical RAM.
284
253 advansys= [HW,SCSI] 285 advansys= [HW,SCSI]
254 See header of drivers/scsi/advansys.c. 286 See header of drivers/scsi/advansys.c.
255 287
@@ -1838,6 +1870,12 @@ and is between 256 and 4096 characters. It is defined in the file
1838 autoconfiguration. 1870 autoconfiguration.
1839 Ranges are in pairs (memory base and size). 1871 Ranges are in pairs (memory base and size).
1840 1872
1873 ports= [IP_VS_FTP] IPVS ftp helper module
1874 Default is 21.
1875 Up to 8 (IP_VS_APP_MAX_PORTS) ports
1876 may be specified.
1877 Format: <port>,<port>....
1878
1841 print-fatal-signals= 1879 print-fatal-signals=
1842 [KNL] debug: print fatal signals 1880 [KNL] debug: print fatal signals
1843 print-fatal-signals=1: print segfault info to 1881 print-fatal-signals=1: print segfault info to
diff --git a/Documentation/lguest/.gitignore b/Documentation/lguest/.gitignore
new file mode 100644
index 000000000000..115587fd5f65
--- /dev/null
+++ b/Documentation/lguest/.gitignore
@@ -0,0 +1 @@
lguest
diff --git a/Documentation/lguest/lguest.txt b/Documentation/lguest/lguest.txt
index 29510dc51510..28c747362f95 100644
--- a/Documentation/lguest/lguest.txt
+++ b/Documentation/lguest/lguest.txt
@@ -3,11 +3,11 @@
3 /, /` - or, A Young Coder's Illustrated Hypervisor 3 /, /` - or, A Young Coder's Illustrated Hypervisor
4 \\"--\\ http://lguest.ozlabs.org 4 \\"--\\ http://lguest.ozlabs.org
5 5
6Lguest is designed to be a minimal hypervisor for the Linux kernel, for 6Lguest is designed to be a minimal 32-bit x86 hypervisor for the Linux kernel,
7Linux developers and users to experiment with virtualization with the 7for Linux developers and users to experiment with virtualization with the
8minimum of complexity. Nonetheless, it should have sufficient 8minimum of complexity. Nonetheless, it should have sufficient features to
9features to make it useful for specific tasks, and, of course, you are 9make it useful for specific tasks, and, of course, you are encouraged to fork
10encouraged to fork and enhance it (see drivers/lguest/README). 10and enhance it (see drivers/lguest/README).
11 11
12Features: 12Features:
13 13
@@ -37,6 +37,7 @@ Running Lguest:
37 "Paravirtualized guest support" = Y 37 "Paravirtualized guest support" = Y
38 "Lguest guest support" = Y 38 "Lguest guest support" = Y
39 "High Memory Support" = off/4GB 39 "High Memory Support" = off/4GB
40 "PAE (Physical Address Extension) Support" = N
40 "Alignment value to which kernel should be aligned" = 0x100000 41 "Alignment value to which kernel should be aligned" = 0x100000
41 (CONFIG_PARAVIRT=y, CONFIG_LGUEST_GUEST=y, CONFIG_HIGHMEM64G=n and 42 (CONFIG_PARAVIRT=y, CONFIG_LGUEST_GUEST=y, CONFIG_HIGHMEM64G=n and
42 CONFIG_PHYSICAL_ALIGN=0x100000) 43 CONFIG_PHYSICAL_ALIGN=0x100000)
diff --git a/MAINTAINERS b/MAINTAINERS
index 0beac8a7f8f2..6baace38b24d 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1287,6 +1287,14 @@ S: Maintained
1287F: Documentation/video4linux/bttv/ 1287F: Documentation/video4linux/bttv/
1288F: drivers/media/video/bt8xx/bttv* 1288F: drivers/media/video/bt8xx/bttv*
1289 1289
1290CACHEFILES: FS-CACHE BACKEND FOR CACHING ON MOUNTED FILESYSTEMS
1291P: David Howells
1292M: dhowells@redhat.com
1293L: linux-cachefs@redhat.com
1294S: Supported
1295F: Documentation/filesystems/caching/cachefiles.txt
1296F: fs/cachefiles/
1297
1290CAFE CMOS INTEGRATED CAMERA CONTROLLER DRIVER 1298CAFE CMOS INTEGRATED CAMERA CONTROLLER DRIVER
1291P: Jonathan Corbet 1299P: Jonathan Corbet
1292M: corbet@lwn.net 1300M: corbet@lwn.net
@@ -2325,6 +2333,15 @@ F: Documentation/power/freezing-of-tasks.txt
2325F: include/linux/freezer.h 2333F: include/linux/freezer.h
2326F: kernel/freezer.c 2334F: kernel/freezer.c
2327 2335
2336FS-CACHE: LOCAL CACHING FOR NETWORK FILESYSTEMS
2337P: David Howells
2338M: dhowells@redhat.com
2339L: linux-cachefs@redhat.com
2340S: Supported
2341F: Documentation/filesystems/caching/
2342F: fs/fscache/
2343F: include/linux/fscache*.h
2344
2328FTRACE 2345FTRACE
2329P: Steven Rostedt 2346P: Steven Rostedt
2330M: rostedt@goodmis.org 2347M: rostedt@goodmis.org
@@ -5235,7 +5252,12 @@ M: perex@perex.cz
5235P: Takashi Iwai 5252P: Takashi Iwai
5236M: tiwai@suse.de 5253M: tiwai@suse.de
5237L: alsa-devel@alsa-project.org (subscribers-only) 5254L: alsa-devel@alsa-project.org (subscribers-only)
5255W: http://www.alsa-project.org/
5256T: git git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6.git
5257T: git git://git.alsa-project.org/alsa-kernel.git
5238S: Maintained 5258S: Maintained
5259F: Documentation/sound/
5260F: include/sound/
5239F: sound/ 5261F: sound/
5240 5262
5241SOUND - SOC LAYER / DYNAMIC AUDIO POWER MANAGEMENT (ASoC) 5263SOUND - SOC LAYER / DYNAMIC AUDIO POWER MANAGEMENT (ASoC)
diff --git a/Makefile b/Makefile
index bfdef56add34..6f4208ff2d10 100644
--- a/Makefile
+++ b/Makefile
@@ -1200,7 +1200,7 @@ CLEAN_FILES += vmlinux System.map \
1200 .tmp_kallsyms* .tmp_version .tmp_vmlinux* .tmp_System.map 1200 .tmp_kallsyms* .tmp_version .tmp_vmlinux* .tmp_System.map
1201 1201
1202# Directories & files removed with 'make mrproper' 1202# Directories & files removed with 'make mrproper'
1203MRPROPER_DIRS += include/config include2 usr/include 1203MRPROPER_DIRS += include/config include2 usr/include include/generated
1204MRPROPER_FILES += .config .config.old include/asm .version .old_version \ 1204MRPROPER_FILES += .config .config.old include/asm .version .old_version \
1205 include/linux/autoconf.h include/linux/version.h \ 1205 include/linux/autoconf.h include/linux/version.h \
1206 include/linux/utsrelease.h \ 1206 include/linux/utsrelease.h \
diff --git a/arch/arm/kernel/sys_oabi-compat.c b/arch/arm/kernel/sys_oabi-compat.c
index e04173c7e621..d59a0cd537f0 100644
--- a/arch/arm/kernel/sys_oabi-compat.c
+++ b/arch/arm/kernel/sys_oabi-compat.c
@@ -177,21 +177,12 @@ asmlinkage long sys_oabi_fstatat64(int dfd,
177 int flag) 177 int flag)
178{ 178{
179 struct kstat stat; 179 struct kstat stat;
180 int error = -EINVAL; 180 int error;
181 181
182 if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0) 182 error = vfs_fstatat(dfd, filename, &stat, flag);
183 goto out; 183 if (error)
184 184 return error;
185 if (flag & AT_SYMLINK_NOFOLLOW) 185 return cp_oldabi_stat64(&stat, statbuf);
186 error = vfs_lstat_fd(dfd, filename, &stat);
187 else
188 error = vfs_stat_fd(dfd, filename, &stat);
189
190 if (!error)
191 error = cp_oldabi_stat64(&stat, statbuf);
192
193out:
194 return error;
195} 186}
196 187
197struct oabi_flock64 { 188struct oabi_flock64 {
diff --git a/arch/frv/kernel/setup.c b/arch/frv/kernel/setup.c
index 0669e1382383..55e4fab7c0bc 100644
--- a/arch/frv/kernel/setup.c
+++ b/arch/frv/kernel/setup.c
@@ -46,7 +46,6 @@
46#include <asm/io.h> 46#include <asm/io.h>
47 47
48#ifdef CONFIG_BLK_DEV_INITRD 48#ifdef CONFIG_BLK_DEV_INITRD
49#include <linux/blk.h>
50#include <asm/pgtable.h> 49#include <asm/pgtable.h>
51#endif 50#endif
52 51
diff --git a/arch/ia64/include/asm/paravirt_privop.h b/arch/ia64/include/asm/paravirt_privop.h
index 3d2951130b5f..8f6cb11c9fae 100644
--- a/arch/ia64/include/asm/paravirt_privop.h
+++ b/arch/ia64/include/asm/paravirt_privop.h
@@ -445,7 +445,6 @@ paravirt_set_rr0_to_rr4(unsigned long val0, unsigned long val1,
445 register unsigned long ia64_intri_res asm ("r8"); \ 445 register unsigned long ia64_intri_res asm ("r8"); \
446 register unsigned long __reg asm ("r8") = (reg); \ 446 register unsigned long __reg asm ("r8") = (reg); \
447 \ 447 \
448 BUILD_BUG_ON(!__builtin_constant_p(reg)); \
449 asm volatile (paravirt_alt_bundle(__PARAVIRT_BR, \ 448 asm volatile (paravirt_alt_bundle(__PARAVIRT_BR, \
450 PARAVIRT_TYPE(GETREG) \ 449 PARAVIRT_TYPE(GETREG) \
451 + (reg)) \ 450 + (reg)) \
@@ -464,7 +463,6 @@ paravirt_set_rr0_to_rr4(unsigned long val0, unsigned long val1,
464 register unsigned long ia64_clobber1 asm ("r8"); \ 463 register unsigned long ia64_clobber1 asm ("r8"); \
465 register unsigned long ia64_clobber2 asm ("r9"); \ 464 register unsigned long ia64_clobber2 asm ("r9"); \
466 \ 465 \
467 BUILD_BUG_ON(!__builtin_constant_p(reg)); \
468 asm volatile (paravirt_alt_bundle(__PARAVIRT_BR, \ 466 asm volatile (paravirt_alt_bundle(__PARAVIRT_BR, \
469 PARAVIRT_TYPE(SETREG) \ 467 PARAVIRT_TYPE(SETREG) \
470 + (reg)) \ 468 + (reg)) \
diff --git a/arch/ia64/kernel/smp.c b/arch/ia64/kernel/smp.c
index 2ea4199d9c57..5230eaafd83f 100644
--- a/arch/ia64/kernel/smp.c
+++ b/arch/ia64/kernel/smp.c
@@ -225,6 +225,7 @@ smp_send_reschedule (int cpu)
225{ 225{
226 platform_send_ipi(cpu, IA64_IPI_RESCHEDULE, IA64_IPI_DM_INT, 0); 226 platform_send_ipi(cpu, IA64_IPI_RESCHEDULE, IA64_IPI_DM_INT, 0);
227} 227}
228EXPORT_SYMBOL_GPL(smp_send_reschedule);
228 229
229/* 230/*
230 * Called with preemption disabled. 231 * Called with preemption disabled.
@@ -300,15 +301,12 @@ smp_flush_tlb_mm (struct mm_struct *mm)
300 return; 301 return;
301 } 302 }
302 303
304 smp_call_function_mask(mm->cpu_vm_mask,
305 (void (*)(void *))local_finish_flush_tlb_mm, mm, 1);
306 local_irq_disable();
307 local_finish_flush_tlb_mm(mm);
308 local_irq_enable();
303 preempt_enable(); 309 preempt_enable();
304 /*
305 * We could optimize this further by using mm->cpu_vm_mask to track which CPUs
306 * have been running in the address space. It's not clear that this is worth the
307 * trouble though: to avoid races, we have to raise the IPI on the target CPU
308 * anyhow, and once a CPU is interrupted, the cost of local_flush_tlb_all() is
309 * rather trivial.
310 */
311 on_each_cpu((void (*)(void *))local_finish_flush_tlb_mm, mm, 1);
312} 310}
313 311
314void arch_send_call_function_single_ipi(int cpu) 312void arch_send_call_function_single_ipi(int cpu)
diff --git a/arch/s390/kernel/compat_linux.c b/arch/s390/kernel/compat_linux.c
index 6cc87d8c8682..002c70d3cb75 100644
--- a/arch/s390/kernel/compat_linux.c
+++ b/arch/s390/kernel/compat_linux.c
@@ -702,20 +702,12 @@ asmlinkage long sys32_fstatat64(unsigned int dfd, char __user *filename,
702 struct stat64_emu31 __user* statbuf, int flag) 702 struct stat64_emu31 __user* statbuf, int flag)
703{ 703{
704 struct kstat stat; 704 struct kstat stat;
705 int error = -EINVAL; 705 int error;
706
707 if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0)
708 goto out;
709
710 if (flag & AT_SYMLINK_NOFOLLOW)
711 error = vfs_lstat_fd(dfd, filename, &stat);
712 else
713 error = vfs_stat_fd(dfd, filename, &stat);
714 706
715 if (!error) 707 error = vfs_fstatat(dfd, filename, &stat, flag);
716 error = cp_stat64(statbuf, &stat); 708 if (error)
717out: 709 return error;
718 return error; 710 return cp_stat64(statbuf, &stat);
719} 711}
720 712
721/* 713/*
diff --git a/arch/sparc/kernel/sys_sparc32.c b/arch/sparc/kernel/sys_sparc32.c
index e800503879e4..f5000a460c05 100644
--- a/arch/sparc/kernel/sys_sparc32.c
+++ b/arch/sparc/kernel/sys_sparc32.c
@@ -206,21 +206,12 @@ asmlinkage long compat_sys_fstatat64(unsigned int dfd, char __user *filename,
206 struct compat_stat64 __user * statbuf, int flag) 206 struct compat_stat64 __user * statbuf, int flag)
207{ 207{
208 struct kstat stat; 208 struct kstat stat;
209 int error = -EINVAL; 209 int error;
210
211 if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0)
212 goto out;
213
214 if (flag & AT_SYMLINK_NOFOLLOW)
215 error = vfs_lstat_fd(dfd, filename, &stat);
216 else
217 error = vfs_stat_fd(dfd, filename, &stat);
218
219 if (!error)
220 error = cp_compat_stat64(&stat, statbuf);
221 210
222out: 211 error = vfs_fstatat(dfd, filename, &stat, flag);
223 return error; 212 if (error)
213 return error;
214 return cp_compat_stat64(&stat, statbuf);
224} 215}
225 216
226asmlinkage long compat_sys_sysfs(int option, u32 arg1, u32 arg2) 217asmlinkage long compat_sys_sysfs(int option, u32 arg1, u32 arg2)
diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c
index efac92fd1efb..085a8c35f149 100644
--- a/arch/x86/ia32/sys_ia32.c
+++ b/arch/x86/ia32/sys_ia32.c
@@ -129,21 +129,12 @@ asmlinkage long sys32_fstatat(unsigned int dfd, char __user *filename,
129 struct stat64 __user *statbuf, int flag) 129 struct stat64 __user *statbuf, int flag)
130{ 130{
131 struct kstat stat; 131 struct kstat stat;
132 int error = -EINVAL; 132 int error;
133 133
134 if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0) 134 error = vfs_fstatat(dfd, filename, &stat, flag);
135 goto out; 135 if (error)
136 136 return error;
137 if (flag & AT_SYMLINK_NOFOLLOW) 137 return cp_stat64(statbuf, &stat);
138 error = vfs_lstat_fd(dfd, filename, &stat);
139 else
140 error = vfs_stat_fd(dfd, filename, &stat);
141
142 if (!error)
143 error = cp_stat64(statbuf, &stat);
144
145out:
146 return error;
147} 138}
148 139
149/* 140/*
diff --git a/arch/x86/include/asm/lguest_hcall.h b/arch/x86/include/asm/lguest_hcall.h
index 0f4ee7148afe..faae1996487b 100644
--- a/arch/x86/include/asm/lguest_hcall.h
+++ b/arch/x86/include/asm/lguest_hcall.h
@@ -5,7 +5,6 @@
5#define LHCALL_FLUSH_ASYNC 0 5#define LHCALL_FLUSH_ASYNC 0
6#define LHCALL_LGUEST_INIT 1 6#define LHCALL_LGUEST_INIT 1
7#define LHCALL_SHUTDOWN 2 7#define LHCALL_SHUTDOWN 2
8#define LHCALL_LOAD_GDT 3
9#define LHCALL_NEW_PGTABLE 4 8#define LHCALL_NEW_PGTABLE 4
10#define LHCALL_FLUSH_TLB 5 9#define LHCALL_FLUSH_TLB 5
11#define LHCALL_LOAD_IDT_ENTRY 6 10#define LHCALL_LOAD_IDT_ENTRY 6
@@ -17,6 +16,7 @@
17#define LHCALL_SET_PMD 15 16#define LHCALL_SET_PMD 15
18#define LHCALL_LOAD_TLS 16 17#define LHCALL_LOAD_TLS 16
19#define LHCALL_NOTIFY 17 18#define LHCALL_NOTIFY 17
19#define LHCALL_LOAD_GDT_ENTRY 18
20 20
21#define LGUEST_TRAP_ENTRY 0x1F 21#define LGUEST_TRAP_ENTRY 0x1F
22 22
diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c
index e94a11e42f98..a2085368a3dc 100644
--- a/arch/x86/lguest/boot.c
+++ b/arch/x86/lguest/boot.c
@@ -273,15 +273,15 @@ static void lguest_load_idt(const struct desc_ptr *desc)
273 * controls the entire thing and the Guest asks it to make changes using the 273 * controls the entire thing and the Guest asks it to make changes using the
274 * LOAD_GDT hypercall. 274 * LOAD_GDT hypercall.
275 * 275 *
276 * This is the opposite of the IDT code where we have a LOAD_IDT_ENTRY 276 * This is the exactly like the IDT code.
277 * hypercall and use that repeatedly to load a new IDT. I don't think it
278 * really matters, but wouldn't it be nice if they were the same? Wouldn't
279 * it be even better if you were the one to send the patch to fix it?
280 */ 277 */
281static void lguest_load_gdt(const struct desc_ptr *desc) 278static void lguest_load_gdt(const struct desc_ptr *desc)
282{ 279{
283 BUG_ON((desc->size + 1) / 8 != GDT_ENTRIES); 280 unsigned int i;
284 kvm_hypercall2(LHCALL_LOAD_GDT, __pa(desc->address), GDT_ENTRIES); 281 struct desc_struct *gdt = (void *)desc->address;
282
283 for (i = 0; i < (desc->size+1)/8; i++)
284 kvm_hypercall3(LHCALL_LOAD_GDT_ENTRY, i, gdt[i].a, gdt[i].b);
285} 285}
286 286
287/* For a single GDT entry which changes, we do the lazy thing: alter our GDT, 287/* For a single GDT entry which changes, we do the lazy thing: alter our GDT,
@@ -291,7 +291,9 @@ static void lguest_write_gdt_entry(struct desc_struct *dt, int entrynum,
291 const void *desc, int type) 291 const void *desc, int type)
292{ 292{
293 native_write_gdt_entry(dt, entrynum, desc, type); 293 native_write_gdt_entry(dt, entrynum, desc, type);
294 kvm_hypercall2(LHCALL_LOAD_GDT, __pa(dt), GDT_ENTRIES); 294 /* Tell Host about this new entry. */
295 kvm_hypercall3(LHCALL_LOAD_GDT_ENTRY, entrynum,
296 dt[entrynum].a, dt[entrynum].b);
295} 297}
296 298
297/* OK, I lied. There are three "thread local storage" GDT entries which change 299/* OK, I lied. There are three "thread local storage" GDT entries which change
diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c
index 779e4e500df4..d060e6fd7fd5 100644
--- a/drivers/acpi/sleep.c
+++ b/drivers/acpi/sleep.c
@@ -300,9 +300,9 @@ static int acpi_suspend_state_valid(suspend_state_t pm_state)
300static struct platform_suspend_ops acpi_suspend_ops = { 300static struct platform_suspend_ops acpi_suspend_ops = {
301 .valid = acpi_suspend_state_valid, 301 .valid = acpi_suspend_state_valid,
302 .begin = acpi_suspend_begin, 302 .begin = acpi_suspend_begin,
303 .prepare = acpi_pm_prepare, 303 .prepare_late = acpi_pm_prepare,
304 .enter = acpi_suspend_enter, 304 .enter = acpi_suspend_enter,
305 .finish = acpi_pm_finish, 305 .wake = acpi_pm_finish,
306 .end = acpi_pm_end, 306 .end = acpi_pm_end,
307}; 307};
308 308
@@ -328,9 +328,9 @@ static int acpi_suspend_begin_old(suspend_state_t pm_state)
328static struct platform_suspend_ops acpi_suspend_ops_old = { 328static struct platform_suspend_ops acpi_suspend_ops_old = {
329 .valid = acpi_suspend_state_valid, 329 .valid = acpi_suspend_state_valid,
330 .begin = acpi_suspend_begin_old, 330 .begin = acpi_suspend_begin_old,
331 .prepare = acpi_pm_disable_gpes, 331 .prepare_late = acpi_pm_disable_gpes,
332 .enter = acpi_suspend_enter, 332 .enter = acpi_suspend_enter,
333 .finish = acpi_pm_finish, 333 .wake = acpi_pm_finish,
334 .end = acpi_pm_end, 334 .end = acpi_pm_end,
335 .recover = acpi_pm_finish, 335 .recover = acpi_pm_finish,
336}; 336};
diff --git a/drivers/base/core.c b/drivers/base/core.c
index d230ff4b3eec..4aa527b8a913 100644
--- a/drivers/base/core.c
+++ b/drivers/base/core.c
@@ -891,7 +891,8 @@ int device_add(struct device *dev)
891 set_dev_node(dev, dev_to_node(parent)); 891 set_dev_node(dev, dev_to_node(parent));
892 892
893 /* first, register with generic layer. */ 893 /* first, register with generic layer. */
894 error = kobject_add(&dev->kobj, dev->kobj.parent, "%s", dev_name(dev)); 894 /* we require the name to be set before, and pass NULL */
895 error = kobject_add(&dev->kobj, dev->kobj.parent, NULL);
895 if (error) 896 if (error)
896 goto Error; 897 goto Error;
897 898
diff --git a/drivers/char/agp/generic.c b/drivers/char/agp/generic.c
index 10d6cbd7c05e..2224b762b7fb 100644
--- a/drivers/char/agp/generic.c
+++ b/drivers/char/agp/generic.c
@@ -1226,7 +1226,7 @@ int agp_generic_alloc_pages(struct agp_bridge_data *bridge, struct agp_memory *m
1226 int i, ret = -ENOMEM; 1226 int i, ret = -ENOMEM;
1227 1227
1228 for (i = 0; i < num_pages; i++) { 1228 for (i = 0; i < num_pages; i++) {
1229 page = alloc_page(GFP_KERNEL | GFP_DMA32); 1229 page = alloc_page(GFP_KERNEL | GFP_DMA32 | __GFP_ZERO);
1230 /* agp_free_memory() needs gart address */ 1230 /* agp_free_memory() needs gart address */
1231 if (page == NULL) 1231 if (page == NULL)
1232 goto out; 1232 goto out;
@@ -1257,7 +1257,7 @@ void *agp_generic_alloc_page(struct agp_bridge_data *bridge)
1257{ 1257{
1258 struct page * page; 1258 struct page * page;
1259 1259
1260 page = alloc_page(GFP_KERNEL | GFP_DMA32); 1260 page = alloc_page(GFP_KERNEL | GFP_DMA32 | __GFP_ZERO);
1261 if (page == NULL) 1261 if (page == NULL)
1262 return NULL; 1262 return NULL;
1263 1263
diff --git a/drivers/char/vt.c b/drivers/char/vt.c
index 2c1d133819b5..08151d4de489 100644
--- a/drivers/char/vt.c
+++ b/drivers/char/vt.c
@@ -2274,7 +2274,7 @@ rescan_last_byte:
2274 continue; /* nothing to display */ 2274 continue; /* nothing to display */
2275 } 2275 }
2276 /* Glyph not found */ 2276 /* Glyph not found */
2277 if ((!(vc->vc_utf && !vc->vc_disp_ctrl) && c < 128) && !(c & ~charmask)) { 2277 if ((!(vc->vc_utf && !vc->vc_disp_ctrl) || c < 128) && !(c & ~charmask)) {
2278 /* In legacy mode use the glyph we get by a 1:1 mapping. 2278 /* In legacy mode use the glyph we get by a 1:1 mapping.
2279 This would make absolutely no sense with Unicode in mind, 2279 This would make absolutely no sense with Unicode in mind,
2280 but do this for ASCII characters since a font may lack 2280 but do this for ASCII characters since a font may lack
diff --git a/drivers/gpu/drm/drm_stub.c b/drivers/gpu/drm/drm_stub.c
index d009661781bc..ef878615c49f 100644
--- a/drivers/gpu/drm/drm_stub.c
+++ b/drivers/gpu/drm/drm_stub.c
@@ -159,6 +159,9 @@ void drm_master_put(struct drm_master **master)
159int drm_setmaster_ioctl(struct drm_device *dev, void *data, 159int drm_setmaster_ioctl(struct drm_device *dev, void *data,
160 struct drm_file *file_priv) 160 struct drm_file *file_priv)
161{ 161{
162 if (file_priv->is_master)
163 return 0;
164
162 if (file_priv->minor->master && file_priv->minor->master != file_priv->master) 165 if (file_priv->minor->master && file_priv->minor->master != file_priv->master)
163 return -EINVAL; 166 return -EINVAL;
164 167
@@ -169,6 +172,7 @@ int drm_setmaster_ioctl(struct drm_device *dev, void *data,
169 file_priv->minor->master != file_priv->master) { 172 file_priv->minor->master != file_priv->master) {
170 mutex_lock(&dev->struct_mutex); 173 mutex_lock(&dev->struct_mutex);
171 file_priv->minor->master = drm_master_get(file_priv->master); 174 file_priv->minor->master = drm_master_get(file_priv->master);
175 file_priv->is_master = 1;
172 mutex_unlock(&dev->struct_mutex); 176 mutex_unlock(&dev->struct_mutex);
173 } 177 }
174 178
@@ -178,10 +182,15 @@ int drm_setmaster_ioctl(struct drm_device *dev, void *data,
178int drm_dropmaster_ioctl(struct drm_device *dev, void *data, 182int drm_dropmaster_ioctl(struct drm_device *dev, void *data,
179 struct drm_file *file_priv) 183 struct drm_file *file_priv)
180{ 184{
181 if (!file_priv->master) 185 if (!file_priv->is_master)
182 return -EINVAL; 186 return -EINVAL;
187
188 if (!file_priv->minor->master)
189 return -EINVAL;
190
183 mutex_lock(&dev->struct_mutex); 191 mutex_lock(&dev->struct_mutex);
184 drm_master_put(&file_priv->minor->master); 192 drm_master_put(&file_priv->minor->master);
193 file_priv->is_master = 0;
185 mutex_unlock(&dev->struct_mutex); 194 mutex_unlock(&dev->struct_mutex);
186 return 0; 195 return 0;
187} 196}
diff --git a/drivers/gpu/drm/drm_sysfs.c b/drivers/gpu/drm/drm_sysfs.c
index bc0c6849360c..022876ae34f0 100644
--- a/drivers/gpu/drm/drm_sysfs.c
+++ b/drivers/gpu/drm/drm_sysfs.c
@@ -132,6 +132,7 @@ void drm_sysfs_destroy(void)
132 */ 132 */
133static void drm_sysfs_device_release(struct device *dev) 133static void drm_sysfs_device_release(struct device *dev)
134{ 134{
135 memset(dev, 0, sizeof(struct device));
135 return; 136 return;
136} 137}
137 138
diff --git a/drivers/gpu/drm/via/via_dma.c b/drivers/gpu/drm/via/via_dma.c
index 7a339dba6a69..bfb92d283260 100644
--- a/drivers/gpu/drm/via/via_dma.c
+++ b/drivers/gpu/drm/via/via_dma.c
@@ -481,11 +481,13 @@ static int via_wait_idle(drm_via_private_t * dev_priv)
481{ 481{
482 int count = 10000000; 482 int count = 10000000;
483 483
484 while (!(VIA_READ(VIA_REG_STATUS) & VIA_VR_QUEUE_BUSY) && count--); 484 while (!(VIA_READ(VIA_REG_STATUS) & VIA_VR_QUEUE_BUSY) && --count)
485 ;
485 486
486 while (count-- && (VIA_READ(VIA_REG_STATUS) & 487 while (count && (VIA_READ(VIA_REG_STATUS) &
487 (VIA_CMD_RGTR_BUSY | VIA_2D_ENG_BUSY | 488 (VIA_CMD_RGTR_BUSY | VIA_2D_ENG_BUSY |
488 VIA_3D_ENG_BUSY))) ; 489 VIA_3D_ENG_BUSY)))
490 --count;
489 return count; 491 return count;
490} 492}
491 493
@@ -705,7 +707,7 @@ static int via_cmdbuf_size(struct drm_device *dev, void *data, struct drm_file *
705 switch (d_siz->func) { 707 switch (d_siz->func) {
706 case VIA_CMDBUF_SPACE: 708 case VIA_CMDBUF_SPACE:
707 while (((tmp_size = via_cmdbuf_space(dev_priv)) < d_siz->size) 709 while (((tmp_size = via_cmdbuf_space(dev_priv)) < d_siz->size)
708 && count--) { 710 && --count) {
709 if (!d_siz->wait) { 711 if (!d_siz->wait) {
710 break; 712 break;
711 } 713 }
@@ -717,7 +719,7 @@ static int via_cmdbuf_size(struct drm_device *dev, void *data, struct drm_file *
717 break; 719 break;
718 case VIA_CMDBUF_LAG: 720 case VIA_CMDBUF_LAG:
719 while (((tmp_size = via_cmdbuf_lag(dev_priv)) > d_siz->size) 721 while (((tmp_size = via_cmdbuf_lag(dev_priv)) > d_siz->size)
720 && count--) { 722 && --count) {
721 if (!d_siz->wait) { 723 if (!d_siz->wait) {
722 break; 724 break;
723 } 725 }
diff --git a/drivers/ide/cs5536.c b/drivers/ide/cs5536.c
index 353a35bbba63..0332a95eefd4 100644
--- a/drivers/ide/cs5536.c
+++ b/drivers/ide/cs5536.c
@@ -236,6 +236,7 @@ static const struct ide_dma_ops cs5536_dma_ops = {
236 .dma_test_irq = ide_dma_test_irq, 236 .dma_test_irq = ide_dma_test_irq,
237 .dma_lost_irq = ide_dma_lost_irq, 237 .dma_lost_irq = ide_dma_lost_irq,
238 .dma_timer_expiry = ide_dma_sff_timer_expiry, 238 .dma_timer_expiry = ide_dma_sff_timer_expiry,
239 .dma_sff_read_status = ide_dma_sff_read_status,
239}; 240};
240 241
241static const struct ide_port_info cs5536_info = { 242static const struct ide_port_info cs5536_info = {
diff --git a/drivers/ide/hpt366.c b/drivers/ide/hpt366.c
index a0eb87f59134..0feb66c720e1 100644
--- a/drivers/ide/hpt366.c
+++ b/drivers/ide/hpt366.c
@@ -3,7 +3,7 @@
3 * Portions Copyright (C) 2001 Sun Microsystems, Inc. 3 * Portions Copyright (C) 2001 Sun Microsystems, Inc.
4 * Portions Copyright (C) 2003 Red Hat Inc 4 * Portions Copyright (C) 2003 Red Hat Inc
5 * Portions Copyright (C) 2007 Bartlomiej Zolnierkiewicz 5 * Portions Copyright (C) 2007 Bartlomiej Zolnierkiewicz
6 * Portions Copyright (C) 2005-2008 MontaVista Software, Inc. 6 * Portions Copyright (C) 2005-2009 MontaVista Software, Inc.
7 * 7 *
8 * Thanks to HighPoint Technologies for their assistance, and hardware. 8 * Thanks to HighPoint Technologies for their assistance, and hardware.
9 * Special Thanks to Jon Burchmore in SanDiego for the deep pockets, his 9 * Special Thanks to Jon Burchmore in SanDiego for the deep pockets, his
@@ -114,6 +114,8 @@
114 * the register setting lists into the table indexed by the clock selected 114 * the register setting lists into the table indexed by the clock selected
115 * - set the correct hwif->ultra_mask for each individual chip 115 * - set the correct hwif->ultra_mask for each individual chip
116 * - add Ultra and MW DMA mode filtering for the HPT37[24] based SATA cards 116 * - add Ultra and MW DMA mode filtering for the HPT37[24] based SATA cards
117 * - stop resetting HPT370's state machine before each DMA transfer as that has
118 * caused more harm than good
117 * Sergei Shtylyov, <sshtylyov@ru.mvista.com> or <source@mvista.com> 119 * Sergei Shtylyov, <sshtylyov@ru.mvista.com> or <source@mvista.com>
118 */ 120 */
119 121
@@ -133,7 +135,7 @@
133#define DRV_NAME "hpt366" 135#define DRV_NAME "hpt366"
134 136
135/* various tuning parameters */ 137/* various tuning parameters */
136#define HPT_RESET_STATE_ENGINE 138#undef HPT_RESET_STATE_ENGINE
137#undef HPT_DELAY_INTERRUPT 139#undef HPT_DELAY_INTERRUPT
138 140
139static const char *quirk_drives[] = { 141static const char *quirk_drives[] = {
@@ -808,7 +810,7 @@ static void hpt370_irq_timeout(ide_drive_t *drive)
808 /* get DMA command mode */ 810 /* get DMA command mode */
809 dma_cmd = inb(hwif->dma_base + ATA_DMA_CMD); 811 dma_cmd = inb(hwif->dma_base + ATA_DMA_CMD);
810 /* stop DMA */ 812 /* stop DMA */
811 outb(dma_cmd & ~0x1, hwif->dma_base + ATA_DMA_CMD); 813 outb(dma_cmd & ~ATA_DMA_START, hwif->dma_base + ATA_DMA_CMD);
812 hpt370_clear_engine(drive); 814 hpt370_clear_engine(drive);
813} 815}
814 816
@@ -825,11 +827,11 @@ static int hpt370_dma_end(ide_drive_t *drive)
825 ide_hwif_t *hwif = drive->hwif; 827 ide_hwif_t *hwif = drive->hwif;
826 u8 dma_stat = inb(hwif->dma_base + ATA_DMA_STATUS); 828 u8 dma_stat = inb(hwif->dma_base + ATA_DMA_STATUS);
827 829
828 if (dma_stat & 0x01) { 830 if (dma_stat & ATA_DMA_ACTIVE) {
829 /* wait a little */ 831 /* wait a little */
830 udelay(20); 832 udelay(20);
831 dma_stat = inb(hwif->dma_base + ATA_DMA_STATUS); 833 dma_stat = inb(hwif->dma_base + ATA_DMA_STATUS);
832 if (dma_stat & 0x01) 834 if (dma_stat & ATA_DMA_ACTIVE)
833 hpt370_irq_timeout(drive); 835 hpt370_irq_timeout(drive);
834 } 836 }
835 return ide_dma_end(drive); 837 return ide_dma_end(drive);
@@ -851,7 +853,7 @@ static int hpt374_dma_test_irq(ide_drive_t *drive)
851 853
852 dma_stat = inb(hwif->dma_base + ATA_DMA_STATUS); 854 dma_stat = inb(hwif->dma_base + ATA_DMA_STATUS);
853 /* return 1 if INTR asserted */ 855 /* return 1 if INTR asserted */
854 if (dma_stat & 4) 856 if (dma_stat & ATA_DMA_INTR)
855 return 1; 857 return 1;
856 858
857 return 0; 859 return 0;
diff --git a/drivers/ide/ide-io.c b/drivers/ide/ide-io.c
index 2ae02b8d7f8e..35dc38d3b2c5 100644
--- a/drivers/ide/ide-io.c
+++ b/drivers/ide/ide-io.c
@@ -102,11 +102,14 @@ void ide_complete_cmd(ide_drive_t *drive, struct ide_cmd *cmd, u8 stat, u8 err)
102 drive->dev_flags |= IDE_DFLAG_PARKED; 102 drive->dev_flags |= IDE_DFLAG_PARKED;
103 } 103 }
104 104
105 if (rq && rq->cmd_type == REQ_TYPE_ATA_TASKFILE) 105 if (rq && rq->cmd_type == REQ_TYPE_ATA_TASKFILE) {
106 memcpy(rq->special, cmd, sizeof(*cmd)); 106 struct ide_cmd *orig_cmd = rq->special;
107 107
108 if (cmd->tf_flags & IDE_TFLAG_DYN) 108 if (cmd->tf_flags & IDE_TFLAG_DYN)
109 kfree(cmd); 109 kfree(orig_cmd);
110 else
111 memcpy(orig_cmd, cmd, sizeof(*cmd));
112 }
110} 113}
111 114
112/* obsolete, blk_rq_bytes() should be used instead */ 115/* obsolete, blk_rq_bytes() should be used instead */
diff --git a/drivers/ide/pmac.c b/drivers/ide/pmac.c
index 052b9bf1f8fb..f76e4e6b408f 100644
--- a/drivers/ide/pmac.c
+++ b/drivers/ide/pmac.c
@@ -1682,7 +1682,7 @@ static int __devinit pmac_ide_init_dma(ide_hwif_t *hwif,
1682 * The +2 is +1 for the stop command and +1 to allow for 1682 * The +2 is +1 for the stop command and +1 to allow for
1683 * aligning the start address to a multiple of 16 bytes. 1683 * aligning the start address to a multiple of 16 bytes.
1684 */ 1684 */
1685 pmif->dma_table_cpu = (struct dbdma_cmd*)pci_alloc_consistent( 1685 pmif->dma_table_cpu = pci_alloc_consistent(
1686 dev, 1686 dev,
1687 (MAX_DCMDS + 2) * sizeof(struct dbdma_cmd), 1687 (MAX_DCMDS + 2) * sizeof(struct dbdma_cmd),
1688 &hwif->dmatable_dma); 1688 &hwif->dmatable_dma);
diff --git a/drivers/lguest/lg.h b/drivers/lguest/lg.h
index ac8a4a3741b8..af92a176697f 100644
--- a/drivers/lguest/lg.h
+++ b/drivers/lguest/lg.h
@@ -158,7 +158,8 @@ void free_interrupts(void);
158/* segments.c: */ 158/* segments.c: */
159void setup_default_gdt_entries(struct lguest_ro_state *state); 159void setup_default_gdt_entries(struct lguest_ro_state *state);
160void setup_guest_gdt(struct lg_cpu *cpu); 160void setup_guest_gdt(struct lg_cpu *cpu);
161void load_guest_gdt(struct lg_cpu *cpu, unsigned long table, u32 num); 161void load_guest_gdt_entry(struct lg_cpu *cpu, unsigned int i,
162 u32 low, u32 hi);
162void guest_load_tls(struct lg_cpu *cpu, unsigned long tls_array); 163void guest_load_tls(struct lg_cpu *cpu, unsigned long tls_array);
163void copy_gdt(const struct lg_cpu *cpu, struct desc_struct *gdt); 164void copy_gdt(const struct lg_cpu *cpu, struct desc_struct *gdt);
164void copy_gdt_tls(const struct lg_cpu *cpu, struct desc_struct *gdt); 165void copy_gdt_tls(const struct lg_cpu *cpu, struct desc_struct *gdt);
diff --git a/drivers/lguest/segments.c b/drivers/lguest/segments.c
index 4f15439b7f12..7ede64ffeef9 100644
--- a/drivers/lguest/segments.c
+++ b/drivers/lguest/segments.c
@@ -144,18 +144,19 @@ void copy_gdt(const struct lg_cpu *cpu, struct desc_struct *gdt)
144 gdt[i] = cpu->arch.gdt[i]; 144 gdt[i] = cpu->arch.gdt[i];
145} 145}
146 146
147/*H:620 This is where the Guest asks us to load a new GDT (LHCALL_LOAD_GDT). 147/*H:620 This is where the Guest asks us to load a new GDT entry
148 * We copy it from the Guest and tweak the entries. */ 148 * (LHCALL_LOAD_GDT_ENTRY). We tweak the entry and copy it in. */
149void load_guest_gdt(struct lg_cpu *cpu, unsigned long table, u32 num) 149void load_guest_gdt_entry(struct lg_cpu *cpu, u32 num, u32 lo, u32 hi)
150{ 150{
151 /* We assume the Guest has the same number of GDT entries as the 151 /* We assume the Guest has the same number of GDT entries as the
152 * Host, otherwise we'd have to dynamically allocate the Guest GDT. */ 152 * Host, otherwise we'd have to dynamically allocate the Guest GDT. */
153 if (num > ARRAY_SIZE(cpu->arch.gdt)) 153 if (num > ARRAY_SIZE(cpu->arch.gdt))
154 kill_guest(cpu, "too many gdt entries %i", num); 154 kill_guest(cpu, "too many gdt entries %i", num);
155 155
156 /* We read the whole thing in, then fix it up. */ 156 /* Set it up, then fix it. */
157 __lgread(cpu, cpu->arch.gdt, table, num * sizeof(cpu->arch.gdt[0])); 157 cpu->arch.gdt[num].a = lo;
158 fixup_gdt_table(cpu, 0, ARRAY_SIZE(cpu->arch.gdt)); 158 cpu->arch.gdt[num].b = hi;
159 fixup_gdt_table(cpu, num, num+1);
159 /* Mark that the GDT changed so the core knows it has to copy it again, 160 /* Mark that the GDT changed so the core knows it has to copy it again,
160 * even if the Guest is run on the same CPU. */ 161 * even if the Guest is run on the same CPU. */
161 cpu->changed |= CHANGED_GDT; 162 cpu->changed |= CHANGED_GDT;
diff --git a/drivers/lguest/x86/core.c b/drivers/lguest/x86/core.c
index a6b717644be0..1a83910f674f 100644
--- a/drivers/lguest/x86/core.c
+++ b/drivers/lguest/x86/core.c
@@ -324,6 +324,11 @@ static void rewrite_hypercall(struct lg_cpu *cpu)
324 u8 insn[3] = {0xcd, 0x1f, 0x90}; 324 u8 insn[3] = {0xcd, 0x1f, 0x90};
325 325
326 __lgwrite(cpu, guest_pa(cpu, cpu->regs->eip), insn, sizeof(insn)); 326 __lgwrite(cpu, guest_pa(cpu, cpu->regs->eip), insn, sizeof(insn));
327 /* The above write might have caused a copy of that page to be made
328 * (if it was read-only). We need to make sure the Guest has
329 * up-to-date pagetables. As this doesn't happen often, we can just
330 * drop them all. */
331 guest_pagetable_clear_all(cpu);
327} 332}
328 333
329static bool is_hypercall(struct lg_cpu *cpu) 334static bool is_hypercall(struct lg_cpu *cpu)
@@ -563,8 +568,8 @@ void __exit lguest_arch_host_fini(void)
563int lguest_arch_do_hcall(struct lg_cpu *cpu, struct hcall_args *args) 568int lguest_arch_do_hcall(struct lg_cpu *cpu, struct hcall_args *args)
564{ 569{
565 switch (args->arg0) { 570 switch (args->arg0) {
566 case LHCALL_LOAD_GDT: 571 case LHCALL_LOAD_GDT_ENTRY:
567 load_guest_gdt(cpu, args->arg1, args->arg2); 572 load_guest_gdt_entry(cpu, args->arg1, args->arg2, args->arg3);
568 break; 573 break;
569 case LHCALL_LOAD_IDT_ENTRY: 574 case LHCALL_LOAD_IDT_ENTRY:
570 load_guest_idt_entry(cpu, args->arg1, args->arg2, args->arg3); 575 load_guest_idt_entry(cpu, args->arg1, args->arg2, args->arg3);
diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c
index f8a9f7ab2cb8..1fb91edc7de2 100644
--- a/drivers/md/bitmap.c
+++ b/drivers/md/bitmap.c
@@ -1479,6 +1479,7 @@ void bitmap_cond_end_sync(struct bitmap *bitmap, sector_t sector)
1479 s += blocks; 1479 s += blocks;
1480 } 1480 }
1481 bitmap->last_end_sync = jiffies; 1481 bitmap->last_end_sync = jiffies;
1482 sysfs_notify(&bitmap->mddev->kobj, NULL, "sync_completed");
1482} 1483}
1483 1484
1484static void bitmap_set_memory_bits(struct bitmap *bitmap, sector_t offset, int needed) 1485static void bitmap_set_memory_bits(struct bitmap *bitmap, sector_t offset, int needed)
@@ -1589,7 +1590,7 @@ void bitmap_destroy(mddev_t *mddev)
1589int bitmap_create(mddev_t *mddev) 1590int bitmap_create(mddev_t *mddev)
1590{ 1591{
1591 struct bitmap *bitmap; 1592 struct bitmap *bitmap;
1592 unsigned long blocks = mddev->resync_max_sectors; 1593 sector_t blocks = mddev->resync_max_sectors;
1593 unsigned long chunks; 1594 unsigned long chunks;
1594 unsigned long pages; 1595 unsigned long pages;
1595 struct file *file = mddev->bitmap_file; 1596 struct file *file = mddev->bitmap_file;
@@ -1631,8 +1632,8 @@ int bitmap_create(mddev_t *mddev)
1631 bitmap->chunkshift = ffz(~bitmap->chunksize); 1632 bitmap->chunkshift = ffz(~bitmap->chunksize);
1632 1633
1633 /* now that chunksize and chunkshift are set, we can use these macros */ 1634 /* now that chunksize and chunkshift are set, we can use these macros */
1634 chunks = (blocks + CHUNK_BLOCK_RATIO(bitmap) - 1) / 1635 chunks = (blocks + CHUNK_BLOCK_RATIO(bitmap) - 1) >>
1635 CHUNK_BLOCK_RATIO(bitmap); 1636 CHUNK_BLOCK_SHIFT(bitmap);
1636 pages = (chunks + PAGE_COUNTER_RATIO - 1) / PAGE_COUNTER_RATIO; 1637 pages = (chunks + PAGE_COUNTER_RATIO - 1) / PAGE_COUNTER_RATIO;
1637 1638
1638 BUG_ON(!pages); 1639 BUG_ON(!pages);
diff --git a/drivers/md/md.c b/drivers/md/md.c
index ed5727c089a9..612343fdde94 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -2017,6 +2017,8 @@ repeat:
2017 clear_bit(MD_CHANGE_PENDING, &mddev->flags); 2017 clear_bit(MD_CHANGE_PENDING, &mddev->flags);
2018 spin_unlock_irq(&mddev->write_lock); 2018 spin_unlock_irq(&mddev->write_lock);
2019 wake_up(&mddev->sb_wait); 2019 wake_up(&mddev->sb_wait);
2020 if (test_bit(MD_RECOVERY_RUNNING, &mddev->recovery))
2021 sysfs_notify(&mddev->kobj, NULL, "sync_completed");
2020 2022
2021} 2023}
2022 2024
@@ -2086,6 +2088,7 @@ state_store(mdk_rdev_t *rdev, const char *buf, size_t len)
2086 * -writemostly - clears write_mostly 2088 * -writemostly - clears write_mostly
2087 * blocked - sets the Blocked flag 2089 * blocked - sets the Blocked flag
2088 * -blocked - clears the Blocked flag 2090 * -blocked - clears the Blocked flag
2091 * insync - sets Insync providing device isn't active
2089 */ 2092 */
2090 int err = -EINVAL; 2093 int err = -EINVAL;
2091 if (cmd_match(buf, "faulty") && rdev->mddev->pers) { 2094 if (cmd_match(buf, "faulty") && rdev->mddev->pers) {
@@ -2118,6 +2121,9 @@ state_store(mdk_rdev_t *rdev, const char *buf, size_t len)
2118 md_wakeup_thread(rdev->mddev->thread); 2121 md_wakeup_thread(rdev->mddev->thread);
2119 2122
2120 err = 0; 2123 err = 0;
2124 } else if (cmd_match(buf, "insync") && rdev->raid_disk == -1) {
2125 set_bit(In_sync, &rdev->flags);
2126 err = 0;
2121 } 2127 }
2122 if (!err && rdev->sysfs_state) 2128 if (!err && rdev->sysfs_state)
2123 sysfs_notify_dirent(rdev->sysfs_state); 2129 sysfs_notify_dirent(rdev->sysfs_state);
@@ -2190,7 +2196,7 @@ slot_store(mdk_rdev_t *rdev, const char *buf, size_t len)
2190 } else if (rdev->mddev->pers) { 2196 } else if (rdev->mddev->pers) {
2191 mdk_rdev_t *rdev2; 2197 mdk_rdev_t *rdev2;
2192 /* Activating a spare .. or possibly reactivating 2198 /* Activating a spare .. or possibly reactivating
2193 * if we every get bitmaps working here. 2199 * if we ever get bitmaps working here.
2194 */ 2200 */
2195 2201
2196 if (rdev->raid_disk != -1) 2202 if (rdev->raid_disk != -1)
@@ -3482,12 +3488,15 @@ sync_completed_show(mddev_t *mddev, char *page)
3482{ 3488{
3483 unsigned long max_sectors, resync; 3489 unsigned long max_sectors, resync;
3484 3490
3491 if (!test_bit(MD_RECOVERY_RUNNING, &mddev->recovery))
3492 return sprintf(page, "none\n");
3493
3485 if (test_bit(MD_RECOVERY_SYNC, &mddev->recovery)) 3494 if (test_bit(MD_RECOVERY_SYNC, &mddev->recovery))
3486 max_sectors = mddev->resync_max_sectors; 3495 max_sectors = mddev->resync_max_sectors;
3487 else 3496 else
3488 max_sectors = mddev->dev_sectors; 3497 max_sectors = mddev->dev_sectors;
3489 3498
3490 resync = (mddev->curr_resync - atomic_read(&mddev->recovery_active)); 3499 resync = mddev->curr_resync_completed;
3491 return sprintf(page, "%lu / %lu\n", resync, max_sectors); 3500 return sprintf(page, "%lu / %lu\n", resync, max_sectors);
3492} 3501}
3493 3502
@@ -6334,18 +6343,13 @@ void md_do_sync(mddev_t *mddev)
6334 sector_t sectors; 6343 sector_t sectors;
6335 6344
6336 skipped = 0; 6345 skipped = 0;
6337 if (j >= mddev->resync_max) {
6338 sysfs_notify(&mddev->kobj, NULL, "sync_completed");
6339 wait_event(mddev->recovery_wait,
6340 mddev->resync_max > j
6341 || kthread_should_stop());
6342 }
6343 if (kthread_should_stop())
6344 goto interrupted;
6345 6346
6346 if (mddev->curr_resync > mddev->curr_resync_completed && 6347 if ((mddev->curr_resync > mddev->curr_resync_completed &&
6347 (mddev->curr_resync - mddev->curr_resync_completed) 6348 (mddev->curr_resync - mddev->curr_resync_completed)
6348 > (max_sectors >> 4)) { 6349 > (max_sectors >> 4)) ||
6350 (j - mddev->curr_resync_completed)*2
6351 >= mddev->resync_max - mddev->curr_resync_completed
6352 ) {
6349 /* time to update curr_resync_completed */ 6353 /* time to update curr_resync_completed */
6350 blk_unplug(mddev->queue); 6354 blk_unplug(mddev->queue);
6351 wait_event(mddev->recovery_wait, 6355 wait_event(mddev->recovery_wait,
@@ -6353,7 +6357,17 @@ void md_do_sync(mddev_t *mddev)
6353 mddev->curr_resync_completed = 6357 mddev->curr_resync_completed =
6354 mddev->curr_resync; 6358 mddev->curr_resync;
6355 set_bit(MD_CHANGE_CLEAN, &mddev->flags); 6359 set_bit(MD_CHANGE_CLEAN, &mddev->flags);
6360 sysfs_notify(&mddev->kobj, NULL, "sync_completed");
6356 } 6361 }
6362
6363 if (j >= mddev->resync_max)
6364 wait_event(mddev->recovery_wait,
6365 mddev->resync_max > j
6366 || kthread_should_stop());
6367
6368 if (kthread_should_stop())
6369 goto interrupted;
6370
6357 sectors = mddev->pers->sync_request(mddev, j, &skipped, 6371 sectors = mddev->pers->sync_request(mddev, j, &skipped,
6358 currspeed < speed_min(mddev)); 6372 currspeed < speed_min(mddev));
6359 if (sectors == 0) { 6373 if (sectors == 0) {
@@ -6461,6 +6475,7 @@ void md_do_sync(mddev_t *mddev)
6461 6475
6462 skip: 6476 skip:
6463 mddev->curr_resync = 0; 6477 mddev->curr_resync = 0;
6478 mddev->curr_resync_completed = 0;
6464 mddev->resync_min = 0; 6479 mddev->resync_min = 0;
6465 mddev->resync_max = MaxSector; 6480 mddev->resync_max = MaxSector;
6466 sysfs_notify(&mddev->kobj, NULL, "sync_completed"); 6481 sysfs_notify(&mddev->kobj, NULL, "sync_completed");
diff --git a/drivers/md/md.h b/drivers/md/md.h
index e9b7f54c24d6..8227ab909d44 100644
--- a/drivers/md/md.h
+++ b/drivers/md/md.h
@@ -12,10 +12,17 @@
12 Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 12 Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
13*/ 13*/
14 14
15#ifndef _MD_K_H 15#ifndef _MD_MD_H
16#define _MD_K_H 16#define _MD_MD_H
17 17
18#ifdef CONFIG_BLOCK 18#include <linux/blkdev.h>
19#include <linux/kobject.h>
20#include <linux/list.h>
21#include <linux/mm.h>
22#include <linux/mutex.h>
23#include <linux/timer.h>
24#include <linux/wait.h>
25#include <linux/workqueue.h>
19 26
20#define MaxSector (~(sector_t)0) 27#define MaxSector (~(sector_t)0)
21 28
@@ -408,10 +415,6 @@ static inline void safe_put_page(struct page *p)
408 if (p) put_page(p); 415 if (p) put_page(p);
409} 416}
410 417
411#endif /* CONFIG_BLOCK */
412#endif
413
414
415extern int register_md_personality(struct mdk_personality *p); 418extern int register_md_personality(struct mdk_personality *p);
416extern int unregister_md_personality(struct mdk_personality *p); 419extern int unregister_md_personality(struct mdk_personality *p);
417extern mdk_thread_t * md_register_thread(void (*run) (mddev_t *mddev), 420extern mdk_thread_t * md_register_thread(void (*run) (mddev_t *mddev),
@@ -434,3 +437,5 @@ extern void md_new_event(mddev_t *mddev);
434extern int md_allow_write(mddev_t *mddev); 437extern int md_allow_write(mddev_t *mddev);
435extern void md_wait_for_blocked_rdev(mdk_rdev_t *rdev, mddev_t *mddev); 438extern void md_wait_for_blocked_rdev(mdk_rdev_t *rdev, mddev_t *mddev);
436extern void md_set_array_sectors(mddev_t *mddev, sector_t array_sectors); 439extern void md_set_array_sectors(mddev_t *mddev, sector_t array_sectors);
440
441#endif /* _MD_MD_H */
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
index 3bbc6d647044..4616bc3a6e71 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -3845,6 +3845,7 @@ static sector_t reshape_request(mddev_t *mddev, sector_t sector_nr, int *skipped
3845 wait_event(conf->wait_for_overlap, 3845 wait_event(conf->wait_for_overlap,
3846 atomic_read(&conf->reshape_stripes)==0); 3846 atomic_read(&conf->reshape_stripes)==0);
3847 mddev->reshape_position = conf->reshape_progress; 3847 mddev->reshape_position = conf->reshape_progress;
3848 mddev->curr_resync_completed = mddev->curr_resync;
3848 conf->reshape_checkpoint = jiffies; 3849 conf->reshape_checkpoint = jiffies;
3849 set_bit(MD_CHANGE_DEVS, &mddev->flags); 3850 set_bit(MD_CHANGE_DEVS, &mddev->flags);
3850 md_wakeup_thread(mddev->thread); 3851 md_wakeup_thread(mddev->thread);
@@ -3854,6 +3855,7 @@ static sector_t reshape_request(mddev_t *mddev, sector_t sector_nr, int *skipped
3854 conf->reshape_safe = mddev->reshape_position; 3855 conf->reshape_safe = mddev->reshape_position;
3855 spin_unlock_irq(&conf->device_lock); 3856 spin_unlock_irq(&conf->device_lock);
3856 wake_up(&conf->wait_for_overlap); 3857 wake_up(&conf->wait_for_overlap);
3858 sysfs_notify(&mddev->kobj, NULL, "sync_completed");
3857 } 3859 }
3858 3860
3859 if (mddev->delta_disks < 0) { 3861 if (mddev->delta_disks < 0) {
@@ -3938,11 +3940,13 @@ static sector_t reshape_request(mddev_t *mddev, sector_t sector_nr, int *skipped
3938 * then we need to write out the superblock. 3940 * then we need to write out the superblock.
3939 */ 3941 */
3940 sector_nr += reshape_sectors; 3942 sector_nr += reshape_sectors;
3941 if (sector_nr >= mddev->resync_max) { 3943 if ((sector_nr - mddev->curr_resync_completed) * 2
3944 >= mddev->resync_max - mddev->curr_resync_completed) {
3942 /* Cannot proceed until we've updated the superblock... */ 3945 /* Cannot proceed until we've updated the superblock... */
3943 wait_event(conf->wait_for_overlap, 3946 wait_event(conf->wait_for_overlap,
3944 atomic_read(&conf->reshape_stripes) == 0); 3947 atomic_read(&conf->reshape_stripes) == 0);
3945 mddev->reshape_position = conf->reshape_progress; 3948 mddev->reshape_position = conf->reshape_progress;
3949 mddev->curr_resync_completed = mddev->curr_resync;
3946 conf->reshape_checkpoint = jiffies; 3950 conf->reshape_checkpoint = jiffies;
3947 set_bit(MD_CHANGE_DEVS, &mddev->flags); 3951 set_bit(MD_CHANGE_DEVS, &mddev->flags);
3948 md_wakeup_thread(mddev->thread); 3952 md_wakeup_thread(mddev->thread);
@@ -3953,6 +3957,7 @@ static sector_t reshape_request(mddev_t *mddev, sector_t sector_nr, int *skipped
3953 conf->reshape_safe = mddev->reshape_position; 3957 conf->reshape_safe = mddev->reshape_position;
3954 spin_unlock_irq(&conf->device_lock); 3958 spin_unlock_irq(&conf->device_lock);
3955 wake_up(&conf->wait_for_overlap); 3959 wake_up(&conf->wait_for_overlap);
3960 sysfs_notify(&mddev->kobj, NULL, "sync_completed");
3956 } 3961 }
3957 return reshape_sectors; 3962 return reshape_sectors;
3958} 3963}
diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c
index 59268266b79a..9c76a061a04d 100644
--- a/drivers/virtio/virtio_balloon.c
+++ b/drivers/virtio/virtio_balloon.c
@@ -190,7 +190,8 @@ static int balloon(void *_vballoon)
190 try_to_freeze(); 190 try_to_freeze();
191 wait_event_interruptible(vb->config_change, 191 wait_event_interruptible(vb->config_change,
192 (diff = towards_target(vb)) != 0 192 (diff = towards_target(vb)) != 0
193 || kthread_should_stop()); 193 || kthread_should_stop()
194 || freezing(current));
194 if (diff > 0) 195 if (diff > 0)
195 fill_balloon(vb, diff); 196 fill_balloon(vb, diff);
196 else if (diff < 0) 197 else if (diff < 0)
diff --git a/fs/autofs/dirhash.c b/fs/autofs/dirhash.c
index bf8c8af98004..4eb4d8dfb2f1 100644
--- a/fs/autofs/dirhash.c
+++ b/fs/autofs/dirhash.c
@@ -39,10 +39,12 @@ struct autofs_dir_ent *autofs_expire(struct super_block *sb,
39{ 39{
40 struct autofs_dirhash *dh = &sbi->dirhash; 40 struct autofs_dirhash *dh = &sbi->dirhash;
41 struct autofs_dir_ent *ent; 41 struct autofs_dir_ent *ent;
42 struct dentry *dentry;
43 unsigned long timeout = sbi->exp_timeout; 42 unsigned long timeout = sbi->exp_timeout;
44 43
45 while (1) { 44 while (1) {
45 struct path path;
46 int umount_ok;
47
46 if ( list_empty(&dh->expiry_head) || sbi->catatonic ) 48 if ( list_empty(&dh->expiry_head) || sbi->catatonic )
47 return NULL; /* No entries */ 49 return NULL; /* No entries */
48 /* We keep the list sorted by last_usage and want old stuff */ 50 /* We keep the list sorted by last_usage and want old stuff */
@@ -57,17 +59,17 @@ struct autofs_dir_ent *autofs_expire(struct super_block *sb,
57 return ent; /* Symlinks are always expirable */ 59 return ent; /* Symlinks are always expirable */
58 60
59 /* Get the dentry for the autofs subdirectory */ 61 /* Get the dentry for the autofs subdirectory */
60 dentry = ent->dentry; 62 path.dentry = ent->dentry;
61 63
62 if ( !dentry ) { 64 if (!path.dentry) {
63 /* Should only happen in catatonic mode */ 65 /* Should only happen in catatonic mode */
64 printk("autofs: dentry == NULL but inode range is directory, entry %s\n", ent->name); 66 printk("autofs: dentry == NULL but inode range is directory, entry %s\n", ent->name);
65 autofs_delete_usage(ent); 67 autofs_delete_usage(ent);
66 continue; 68 continue;
67 } 69 }
68 70
69 if ( !dentry->d_inode ) { 71 if (!path.dentry->d_inode) {
70 dput(dentry); 72 dput(path.dentry);
71 printk("autofs: negative dentry on expiry queue: %s\n", 73 printk("autofs: negative dentry on expiry queue: %s\n",
72 ent->name); 74 ent->name);
73 autofs_delete_usage(ent); 75 autofs_delete_usage(ent);
@@ -76,29 +78,29 @@ struct autofs_dir_ent *autofs_expire(struct super_block *sb,
76 78
77 /* Make sure entry is mounted and unused; note that dentry will 79 /* Make sure entry is mounted and unused; note that dentry will
78 point to the mounted-on-top root. */ 80 point to the mounted-on-top root. */
79 if (!S_ISDIR(dentry->d_inode->i_mode)||!d_mountpoint(dentry)) { 81 if (!S_ISDIR(path.dentry->d_inode->i_mode) ||
82 !d_mountpoint(path.dentry)) {
80 DPRINTK(("autofs: not expirable (not a mounted directory): %s\n", ent->name)); 83 DPRINTK(("autofs: not expirable (not a mounted directory): %s\n", ent->name));
81 continue; 84 continue;
82 } 85 }
83 mntget(mnt); 86 path.mnt = mnt;
84 dget(dentry); 87 path_get(&path);
85 if (!follow_down(&mnt, &dentry)) { 88 if (!follow_down(&path.mnt, &path.dentry)) {
86 dput(dentry); 89 path_put(&path);
87 mntput(mnt);
88 DPRINTK(("autofs: not expirable (not a mounted directory): %s\n", ent->name)); 90 DPRINTK(("autofs: not expirable (not a mounted directory): %s\n", ent->name));
89 continue; 91 continue;
90 } 92 }
91 while (d_mountpoint(dentry) && follow_down(&mnt, &dentry)) 93 while (d_mountpoint(path.dentry) &&
94 follow_down(&path.mnt, &path.dentry))
92 ; 95 ;
93 dput(dentry); 96 umount_ok = may_umount(path.mnt);
97 path_put(&path);
94 98
95 if ( may_umount(mnt) ) { 99 if (umount_ok) {
96 mntput(mnt);
97 DPRINTK(("autofs: signaling expire on %s\n", ent->name)); 100 DPRINTK(("autofs: signaling expire on %s\n", ent->name));
98 return ent; /* Expirable! */ 101 return ent; /* Expirable! */
99 } 102 }
100 DPRINTK(("autofs: didn't expire due to may_umount: %s\n", ent->name)); 103 DPRINTK(("autofs: didn't expire due to may_umount: %s\n", ent->name));
101 mntput(mnt);
102 } 104 }
103 return NULL; /* No expirable entries */ 105 return NULL; /* No expirable entries */
104} 106}
diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c
index 9e5ae8a4f5c8..84168c0dcc2d 100644
--- a/fs/autofs4/dev-ioctl.c
+++ b/fs/autofs4/dev-ioctl.c
@@ -54,11 +54,10 @@ static int check_name(const char *name)
54 * Check a string doesn't overrun the chunk of 54 * Check a string doesn't overrun the chunk of
55 * memory we copied from user land. 55 * memory we copied from user land.
56 */ 56 */
57static int invalid_str(char *str, void *end) 57static int invalid_str(char *str, size_t size)
58{ 58{
59 while ((void *) str <= end) 59 if (memchr(str, 0, size))
60 if (!*str++) 60 return 0;
61 return 0;
62 return -EINVAL; 61 return -EINVAL;
63} 62}
64 63
@@ -138,8 +137,7 @@ static int validate_dev_ioctl(int cmd, struct autofs_dev_ioctl *param)
138 } 137 }
139 138
140 if (param->size > sizeof(*param)) { 139 if (param->size > sizeof(*param)) {
141 err = invalid_str(param->path, 140 err = invalid_str(param->path, param->size - sizeof(*param));
142 (void *) ((size_t) param + param->size));
143 if (err) { 141 if (err) {
144 AUTOFS_WARN( 142 AUTOFS_WARN(
145 "path string terminator missing for cmd(0x%08x)", 143 "path string terminator missing for cmd(0x%08x)",
@@ -488,7 +486,7 @@ static int autofs_dev_ioctl_requester(struct file *fp,
488 } 486 }
489 487
490 path = param->path; 488 path = param->path;
491 devid = sbi->sb->s_dev; 489 devid = new_encode_dev(sbi->sb->s_dev);
492 490
493 param->requester.uid = param->requester.gid = -1; 491 param->requester.uid = param->requester.gid = -1;
494 492
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 7594bec1be10..9f135e878507 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -461,15 +461,9 @@ static int btrfs_ioctl_resize(struct btrfs_root *root, void __user *arg)
461 if (!capable(CAP_SYS_ADMIN)) 461 if (!capable(CAP_SYS_ADMIN))
462 return -EPERM; 462 return -EPERM;
463 463
464 vol_args = kmalloc(sizeof(*vol_args), GFP_NOFS); 464 vol_args = memdup_user(arg, sizeof(*vol_args));
465 465 if (IS_ERR(vol_args))
466 if (!vol_args) 466 return PTR_ERR(vol_args);
467 return -ENOMEM;
468
469 if (copy_from_user(vol_args, arg, sizeof(*vol_args))) {
470 ret = -EFAULT;
471 goto out;
472 }
473 467
474 vol_args->name[BTRFS_PATH_NAME_MAX] = '\0'; 468 vol_args->name[BTRFS_PATH_NAME_MAX] = '\0';
475 namelen = strlen(vol_args->name); 469 namelen = strlen(vol_args->name);
@@ -545,7 +539,6 @@ static int btrfs_ioctl_resize(struct btrfs_root *root, void __user *arg)
545 539
546out_unlock: 540out_unlock:
547 mutex_unlock(&root->fs_info->volume_mutex); 541 mutex_unlock(&root->fs_info->volume_mutex);
548out:
549 kfree(vol_args); 542 kfree(vol_args);
550 return ret; 543 return ret;
551} 544}
@@ -565,15 +558,9 @@ static noinline int btrfs_ioctl_snap_create(struct file *file,
565 if (root->fs_info->sb->s_flags & MS_RDONLY) 558 if (root->fs_info->sb->s_flags & MS_RDONLY)
566 return -EROFS; 559 return -EROFS;
567 560
568 vol_args = kmalloc(sizeof(*vol_args), GFP_NOFS); 561 vol_args = memdup_user(arg, sizeof(*vol_args));
569 562 if (IS_ERR(vol_args))
570 if (!vol_args) 563 return PTR_ERR(vol_args);
571 return -ENOMEM;
572
573 if (copy_from_user(vol_args, arg, sizeof(*vol_args))) {
574 ret = -EFAULT;
575 goto out;
576 }
577 564
578 vol_args->name[BTRFS_PATH_NAME_MAX] = '\0'; 565 vol_args->name[BTRFS_PATH_NAME_MAX] = '\0';
579 namelen = strlen(vol_args->name); 566 namelen = strlen(vol_args->name);
@@ -675,19 +662,13 @@ static long btrfs_ioctl_add_dev(struct btrfs_root *root, void __user *arg)
675 if (!capable(CAP_SYS_ADMIN)) 662 if (!capable(CAP_SYS_ADMIN))
676 return -EPERM; 663 return -EPERM;
677 664
678 vol_args = kmalloc(sizeof(*vol_args), GFP_NOFS); 665 vol_args = memdup_user(arg, sizeof(*vol_args));
666 if (IS_ERR(vol_args))
667 return PTR_ERR(vol_args);
679 668
680 if (!vol_args)
681 return -ENOMEM;
682
683 if (copy_from_user(vol_args, arg, sizeof(*vol_args))) {
684 ret = -EFAULT;
685 goto out;
686 }
687 vol_args->name[BTRFS_PATH_NAME_MAX] = '\0'; 669 vol_args->name[BTRFS_PATH_NAME_MAX] = '\0';
688 ret = btrfs_init_new_device(root, vol_args->name); 670 ret = btrfs_init_new_device(root, vol_args->name);
689 671
690out:
691 kfree(vol_args); 672 kfree(vol_args);
692 return ret; 673 return ret;
693} 674}
@@ -703,19 +684,13 @@ static long btrfs_ioctl_rm_dev(struct btrfs_root *root, void __user *arg)
703 if (root->fs_info->sb->s_flags & MS_RDONLY) 684 if (root->fs_info->sb->s_flags & MS_RDONLY)
704 return -EROFS; 685 return -EROFS;
705 686
706 vol_args = kmalloc(sizeof(*vol_args), GFP_NOFS); 687 vol_args = memdup_user(arg, sizeof(*vol_args));
688 if (IS_ERR(vol_args))
689 return PTR_ERR(vol_args);
707 690
708 if (!vol_args)
709 return -ENOMEM;
710
711 if (copy_from_user(vol_args, arg, sizeof(*vol_args))) {
712 ret = -EFAULT;
713 goto out;
714 }
715 vol_args->name[BTRFS_PATH_NAME_MAX] = '\0'; 691 vol_args->name[BTRFS_PATH_NAME_MAX] = '\0';
716 ret = btrfs_rm_device(root, vol_args->name); 692 ret = btrfs_rm_device(root, vol_args->name);
717 693
718out:
719 kfree(vol_args); 694 kfree(vol_args);
720 return ret; 695 return ret;
721} 696}
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
index 9744af9d71e9..a7acfe639a44 100644
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -635,14 +635,9 @@ static long btrfs_control_ioctl(struct file *file, unsigned int cmd,
635 if (!capable(CAP_SYS_ADMIN)) 635 if (!capable(CAP_SYS_ADMIN))
636 return -EPERM; 636 return -EPERM;
637 637
638 vol = kmalloc(sizeof(*vol), GFP_KERNEL); 638 vol = memdup_user((void __user *)arg, sizeof(*vol));
639 if (!vol) 639 if (IS_ERR(vol))
640 return -ENOMEM; 640 return PTR_ERR(vol);
641
642 if (copy_from_user(vol, (void __user *)arg, sizeof(*vol))) {
643 ret = -EFAULT;
644 goto out;
645 }
646 641
647 switch (cmd) { 642 switch (cmd) {
648 case BTRFS_IOC_SCAN_DEV: 643 case BTRFS_IOC_SCAN_DEV:
@@ -650,7 +645,7 @@ static long btrfs_control_ioctl(struct file *file, unsigned int cmd,
650 &btrfs_fs_type, &fs_devices); 645 &btrfs_fs_type, &fs_devices);
651 break; 646 break;
652 } 647 }
653out: 648
654 kfree(vol); 649 kfree(vol);
655 return ret; 650 return ret;
656} 651}
diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
index 65984006192c..9d1fb6ec8a5a 100644
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -15,7 +15,8 @@ Posix file open support added (turned off after one attempt if server
15fails to support it properly, as with Samba server versions prior to 3.3.2) 15fails to support it properly, as with Samba server versions prior to 3.3.2)
16Fix "redzone overwritten" bug in cifs_put_tcon (CIFSTcon may allocate too 16Fix "redzone overwritten" bug in cifs_put_tcon (CIFSTcon may allocate too
17little memory for the "nativeFileSystem" field returned by the server 17little memory for the "nativeFileSystem" field returned by the server
18during mount). 18during mount). Endian convert inode numbers if necessary (makes it easier
19to compare inode numbers on network files from big endian systems).
19 20
20Version 1.56 21Version 1.56
21------------ 22------------
diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c
index 3fd3a9df043a..67bf93a40d2e 100644
--- a/fs/cifs/cifs_spnego.c
+++ b/fs/cifs/cifs_spnego.c
@@ -41,7 +41,7 @@ cifs_spnego_key_instantiate(struct key *key, const void *data, size_t datalen)
41 41
42 /* attach the data */ 42 /* attach the data */
43 memcpy(payload, data, datalen); 43 memcpy(payload, data, datalen);
44 rcu_assign_pointer(key->payload.data, payload); 44 key->payload.data = payload;
45 ret = 0; 45 ret = 0;
46 46
47error: 47error:
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 38491fd3871d..0d6d8b573652 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -66,9 +66,6 @@ unsigned int sign_CIFS_PDUs = 1;
66extern struct task_struct *oplockThread; /* remove sparse warning */ 66extern struct task_struct *oplockThread; /* remove sparse warning */
67struct task_struct *oplockThread = NULL; 67struct task_struct *oplockThread = NULL;
68/* extern struct task_struct * dnotifyThread; remove sparse warning */ 68/* extern struct task_struct * dnotifyThread; remove sparse warning */
69#ifdef CONFIG_CIFS_EXPERIMENTAL
70static struct task_struct *dnotifyThread = NULL;
71#endif
72static const struct super_operations cifs_super_ops; 69static const struct super_operations cifs_super_ops;
73unsigned int CIFSMaxBufSize = CIFS_MAX_MSGSIZE; 70unsigned int CIFSMaxBufSize = CIFS_MAX_MSGSIZE;
74module_param(CIFSMaxBufSize, int, 0); 71module_param(CIFSMaxBufSize, int, 0);
@@ -316,6 +313,7 @@ cifs_alloc_inode(struct super_block *sb)
316 cifs_inode->clientCanCacheAll = false; 313 cifs_inode->clientCanCacheAll = false;
317 cifs_inode->delete_pending = false; 314 cifs_inode->delete_pending = false;
318 cifs_inode->vfs_inode.i_blkbits = 14; /* 2**14 = CIFS_MAX_MSGSIZE */ 315 cifs_inode->vfs_inode.i_blkbits = 14; /* 2**14 = CIFS_MAX_MSGSIZE */
316 cifs_inode->server_eof = 0;
319 317
320 /* Can not set i_flags here - they get immediately overwritten 318 /* Can not set i_flags here - they get immediately overwritten
321 to zero by the VFS */ 319 to zero by the VFS */
@@ -1040,34 +1038,6 @@ static int cifs_oplock_thread(void *dummyarg)
1040 return 0; 1038 return 0;
1041} 1039}
1042 1040
1043#ifdef CONFIG_CIFS_EXPERIMENTAL
1044static int cifs_dnotify_thread(void *dummyarg)
1045{
1046 struct list_head *tmp;
1047 struct TCP_Server_Info *server;
1048
1049 do {
1050 if (try_to_freeze())
1051 continue;
1052 set_current_state(TASK_INTERRUPTIBLE);
1053 schedule_timeout(15*HZ);
1054 /* check if any stuck requests that need
1055 to be woken up and wakeq so the
1056 thread can wake up and error out */
1057 read_lock(&cifs_tcp_ses_lock);
1058 list_for_each(tmp, &cifs_tcp_ses_list) {
1059 server = list_entry(tmp, struct TCP_Server_Info,
1060 tcp_ses_list);
1061 if (atomic_read(&server->inFlight))
1062 wake_up_all(&server->response_q);
1063 }
1064 read_unlock(&cifs_tcp_ses_lock);
1065 } while (!kthread_should_stop());
1066
1067 return 0;
1068}
1069#endif
1070
1071static int __init 1041static int __init
1072init_cifs(void) 1042init_cifs(void)
1073{ 1043{
@@ -1144,21 +1114,8 @@ init_cifs(void)
1144 goto out_unregister_dfs_key_type; 1114 goto out_unregister_dfs_key_type;
1145 } 1115 }
1146 1116
1147#ifdef CONFIG_CIFS_EXPERIMENTAL
1148 dnotifyThread = kthread_run(cifs_dnotify_thread, NULL, "cifsdnotifyd");
1149 if (IS_ERR(dnotifyThread)) {
1150 rc = PTR_ERR(dnotifyThread);
1151 cERROR(1, ("error %d create dnotify thread", rc));
1152 goto out_stop_oplock_thread;
1153 }
1154#endif
1155
1156 return 0; 1117 return 0;
1157 1118
1158#ifdef CONFIG_CIFS_EXPERIMENTAL
1159 out_stop_oplock_thread:
1160#endif
1161 kthread_stop(oplockThread);
1162 out_unregister_dfs_key_type: 1119 out_unregister_dfs_key_type:
1163#ifdef CONFIG_CIFS_DFS_UPCALL 1120#ifdef CONFIG_CIFS_DFS_UPCALL
1164 unregister_key_type(&key_type_dns_resolver); 1121 unregister_key_type(&key_type_dns_resolver);
@@ -1196,9 +1153,6 @@ exit_cifs(void)
1196 cifs_destroy_inodecache(); 1153 cifs_destroy_inodecache();
1197 cifs_destroy_mids(); 1154 cifs_destroy_mids();
1198 cifs_destroy_request_bufs(); 1155 cifs_destroy_request_bufs();
1199#ifdef CONFIG_CIFS_EXPERIMENTAL
1200 kthread_stop(dnotifyThread);
1201#endif
1202 kthread_stop(oplockThread); 1156 kthread_stop(oplockThread);
1203} 1157}
1204 1158
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index 9fbf4dff5da6..df40ab64cd95 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -350,7 +350,7 @@ struct cifsFileInfo {
350 bool invalidHandle:1; /* file closed via session abend */ 350 bool invalidHandle:1; /* file closed via session abend */
351 bool messageMode:1; /* for pipes: message vs byte mode */ 351 bool messageMode:1; /* for pipes: message vs byte mode */
352 atomic_t wrtPending; /* handle in use - defer close */ 352 atomic_t wrtPending; /* handle in use - defer close */
353 struct semaphore fh_sem; /* prevents reopen race after dead ses*/ 353 struct mutex fh_mutex; /* prevents reopen race after dead ses*/
354 struct cifs_search_info srch_inf; 354 struct cifs_search_info srch_inf;
355}; 355};
356 356
@@ -370,6 +370,7 @@ struct cifsInodeInfo {
370 bool clientCanCacheAll:1; /* read and writebehind oplock */ 370 bool clientCanCacheAll:1; /* read and writebehind oplock */
371 bool oplockPending:1; 371 bool oplockPending:1;
372 bool delete_pending:1; /* DELETE_ON_CLOSE is set */ 372 bool delete_pending:1; /* DELETE_ON_CLOSE is set */
373 u64 server_eof; /* current file size on server */
373 struct inode vfs_inode; 374 struct inode vfs_inode;
374}; 375};
375 376
diff --git a/fs/cifs/cifspdu.h b/fs/cifs/cifspdu.h
index b370489c8da5..a785f69dbc9f 100644
--- a/fs/cifs/cifspdu.h
+++ b/fs/cifs/cifspdu.h
@@ -2163,7 +2163,7 @@ typedef struct {
2163 __le32 Type; 2163 __le32 Type;
2164 __le64 DevMajor; 2164 __le64 DevMajor;
2165 __le64 DevMinor; 2165 __le64 DevMinor;
2166 __u64 UniqueId; 2166 __le64 UniqueId;
2167 __le64 Permissions; 2167 __le64 Permissions;
2168 __le64 Nlinks; 2168 __le64 Nlinks;
2169} __attribute__((packed)) FILE_UNIX_BASIC_INFO; /* level 0x200 QPathInfo */ 2169} __attribute__((packed)) FILE_UNIX_BASIC_INFO; /* level 0x200 QPathInfo */
@@ -2308,7 +2308,7 @@ struct unlink_psx_rq { /* level 0x20a SetPathInfo */
2308} __attribute__((packed)); 2308} __attribute__((packed));
2309 2309
2310struct file_internal_info { 2310struct file_internal_info {
2311 __u64 UniqueId; /* inode number */ 2311 __le64 UniqueId; /* inode number */
2312} __attribute__((packed)); /* level 0x3ee */ 2312} __attribute__((packed)); /* level 0x3ee */
2313 2313
2314struct file_mode_info { 2314struct file_mode_info {
@@ -2338,7 +2338,7 @@ typedef struct {
2338 __le32 Type; 2338 __le32 Type;
2339 __le64 DevMajor; 2339 __le64 DevMajor;
2340 __le64 DevMinor; 2340 __le64 DevMinor;
2341 __u64 UniqueId; 2341 __le64 UniqueId;
2342 __le64 Permissions; 2342 __le64 Permissions;
2343 __le64 Nlinks; 2343 __le64 Nlinks;
2344 char FileName[1]; 2344 char FileName[1];
@@ -2386,7 +2386,7 @@ typedef struct {
2386 __le32 FileNameLength; 2386 __le32 FileNameLength;
2387 __le32 EaSize; /* EA size */ 2387 __le32 EaSize; /* EA size */
2388 __le32 Reserved; 2388 __le32 Reserved;
2389 __u64 UniqueId; /* inode num - le since Samba puts ino in low 32 bit*/ 2389 __le64 UniqueId; /* inode num - le since Samba puts ino in low 32 bit*/
2390 char FileName[1]; 2390 char FileName[1];
2391} __attribute__((packed)) SEARCH_ID_FULL_DIR_INFO; /* level 0x105 FF rsp data */ 2391} __attribute__((packed)) SEARCH_ID_FULL_DIR_INFO; /* level 0x105 FF rsp data */
2392 2392
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index bc09c998631f..a0845dc7b8a9 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -1626,6 +1626,8 @@ CIFSSMBWrite2(const int xid, struct cifsTconInfo *tcon,
1626 int smb_hdr_len; 1626 int smb_hdr_len;
1627 int resp_buf_type = 0; 1627 int resp_buf_type = 0;
1628 1628
1629 *nbytes = 0;
1630
1629 cFYI(1, ("write2 at %lld %d bytes", (long long)offset, count)); 1631 cFYI(1, ("write2 at %lld %d bytes", (long long)offset, count));
1630 1632
1631 if (tcon->ses->capabilities & CAP_LARGE_FILES) { 1633 if (tcon->ses->capabilities & CAP_LARGE_FILES) {
@@ -1682,11 +1684,9 @@ CIFSSMBWrite2(const int xid, struct cifsTconInfo *tcon,
1682 cifs_stats_inc(&tcon->num_writes); 1684 cifs_stats_inc(&tcon->num_writes);
1683 if (rc) { 1685 if (rc) {
1684 cFYI(1, ("Send error Write2 = %d", rc)); 1686 cFYI(1, ("Send error Write2 = %d", rc));
1685 *nbytes = 0;
1686 } else if (resp_buf_type == 0) { 1687 } else if (resp_buf_type == 0) {
1687 /* presumably this can not happen, but best to be safe */ 1688 /* presumably this can not happen, but best to be safe */
1688 rc = -EIO; 1689 rc = -EIO;
1689 *nbytes = 0;
1690 } else { 1690 } else {
1691 WRITE_RSP *pSMBr = (WRITE_RSP *)iov[0].iov_base; 1691 WRITE_RSP *pSMBr = (WRITE_RSP *)iov[0].iov_base;
1692 *nbytes = le16_to_cpu(pSMBr->CountHigh); 1692 *nbytes = le16_to_cpu(pSMBr->CountHigh);
@@ -3918,7 +3918,7 @@ GetInodeNumberRetry:
3918 } 3918 }
3919 pfinfo = (struct file_internal_info *) 3919 pfinfo = (struct file_internal_info *)
3920 (data_offset + (char *) &pSMBr->hdr.Protocol); 3920 (data_offset + (char *) &pSMBr->hdr.Protocol);
3921 *inode_number = pfinfo->UniqueId; 3921 *inode_number = le64_to_cpu(pfinfo->UniqueId);
3922 } 3922 }
3923 } 3923 }
3924GetInodeNumOut: 3924GetInodeNumOut:
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 0de3b5615a22..bacdef1546b7 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2214,9 +2214,58 @@ is_path_accessible(int xid, struct cifsTconInfo *tcon,
2214 return rc; 2214 return rc;
2215} 2215}
2216 2216
2217static void
2218cleanup_volume_info(struct smb_vol **pvolume_info)
2219{
2220 struct smb_vol *volume_info;
2221
2222 if (!pvolume_info && !*pvolume_info)
2223 return;
2224
2225 volume_info = *pvolume_info;
2226 kzfree(volume_info->password);
2227 kfree(volume_info->UNC);
2228 kfree(volume_info->prepath);
2229 kfree(volume_info);
2230 *pvolume_info = NULL;
2231 return;
2232}
2233
2234#ifdef CONFIG_CIFS_DFS_UPCALL
2235/* build_path_to_root returns full path to root when
2236 * we do not have an exiting connection (tcon) */
2237static char *
2238build_unc_path_to_root(const struct smb_vol *volume_info,
2239 const struct cifs_sb_info *cifs_sb)
2240{
2241 char *full_path;
2242
2243 int unc_len = strnlen(volume_info->UNC, MAX_TREE_SIZE + 1);
2244 full_path = kmalloc(unc_len + cifs_sb->prepathlen + 1, GFP_KERNEL);
2245 if (full_path == NULL)
2246 return ERR_PTR(-ENOMEM);
2247
2248 strncpy(full_path, volume_info->UNC, unc_len);
2249 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) {
2250 int i;
2251 for (i = 0; i < unc_len; i++) {
2252 if (full_path[i] == '\\')
2253 full_path[i] = '/';
2254 }
2255 }
2256
2257 if (cifs_sb->prepathlen)
2258 strncpy(full_path + unc_len, cifs_sb->prepath,
2259 cifs_sb->prepathlen);
2260
2261 full_path[unc_len + cifs_sb->prepathlen] = 0; /* add trailing null */
2262 return full_path;
2263}
2264#endif
2265
2217int 2266int
2218cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, 2267cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2219 char *mount_data, const char *devname) 2268 char *mount_data_global, const char *devname)
2220{ 2269{
2221 int rc = 0; 2270 int rc = 0;
2222 int xid; 2271 int xid;
@@ -2225,6 +2274,13 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2225 struct cifsTconInfo *tcon = NULL; 2274 struct cifsTconInfo *tcon = NULL;
2226 struct TCP_Server_Info *srvTcp = NULL; 2275 struct TCP_Server_Info *srvTcp = NULL;
2227 char *full_path; 2276 char *full_path;
2277 char *mount_data = mount_data_global;
2278#ifdef CONFIG_CIFS_DFS_UPCALL
2279 struct dfs_info3_param *referrals = NULL;
2280 unsigned int num_referrals = 0;
2281try_mount_again:
2282#endif
2283 full_path = NULL;
2228 2284
2229 xid = GetXid(); 2285 xid = GetXid();
2230 2286
@@ -2371,11 +2427,9 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2371 } 2427 }
2372 } 2428 }
2373 2429
2374 /* check for null share name ie connect to dfs root */
2375 if ((strchr(volume_info->UNC + 3, '\\') == NULL) 2430 if ((strchr(volume_info->UNC + 3, '\\') == NULL)
2376 && (strchr(volume_info->UNC + 3, '/') == NULL)) { 2431 && (strchr(volume_info->UNC + 3, '/') == NULL)) {
2377 /* rc = connect_to_dfs_path(...) */ 2432 cERROR(1, ("Missing share name"));
2378 cFYI(1, ("DFS root not supported"));
2379 rc = -ENODEV; 2433 rc = -ENODEV;
2380 goto mount_fail_check; 2434 goto mount_fail_check;
2381 } else { 2435 } else {
@@ -2392,7 +2446,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2392 } 2446 }
2393 } 2447 }
2394 if (rc) 2448 if (rc)
2395 goto mount_fail_check; 2449 goto remote_path_check;
2396 tcon->seal = volume_info->seal; 2450 tcon->seal = volume_info->seal;
2397 write_lock(&cifs_tcp_ses_lock); 2451 write_lock(&cifs_tcp_ses_lock);
2398 list_add(&tcon->tcon_list, &pSesInfo->tcon_list); 2452 list_add(&tcon->tcon_list, &pSesInfo->tcon_list);
@@ -2417,19 +2471,9 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2417 /* BB FIXME fix time_gran to be larger for LANMAN sessions */ 2471 /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2418 sb->s_time_gran = 100; 2472 sb->s_time_gran = 100;
2419 2473
2420mount_fail_check: 2474 if (rc)
2421 /* on error free sesinfo and tcon struct if needed */ 2475 goto remote_path_check;
2422 if (rc) { 2476
2423 /* If find_unc succeeded then rc == 0 so we can not end */
2424 /* up accidently freeing someone elses tcon struct */
2425 if (tcon)
2426 cifs_put_tcon(tcon);
2427 else if (pSesInfo)
2428 cifs_put_smb_ses(pSesInfo);
2429 else
2430 cifs_put_tcp_session(srvTcp);
2431 goto out;
2432 }
2433 cifs_sb->tcon = tcon; 2477 cifs_sb->tcon = tcon;
2434 2478
2435 /* do not care if following two calls succeed - informational */ 2479 /* do not care if following two calls succeed - informational */
@@ -2461,7 +2505,9 @@ mount_fail_check:
2461 cifs_sb->rsize = min(cifs_sb->rsize, 2505 cifs_sb->rsize = min(cifs_sb->rsize,
2462 (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE)); 2506 (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2463 2507
2464 if (!rc && cifs_sb->prepathlen) { 2508remote_path_check:
2509 /* check if a whole path (including prepath) is not remote */
2510 if (!rc && cifs_sb->prepathlen && tcon) {
2465 /* build_path_to_root works only when we have a valid tcon */ 2511 /* build_path_to_root works only when we have a valid tcon */
2466 full_path = cifs_build_path_to_root(cifs_sb); 2512 full_path = cifs_build_path_to_root(cifs_sb);
2467 if (full_path == NULL) { 2513 if (full_path == NULL) {
@@ -2469,31 +2515,79 @@ mount_fail_check:
2469 goto mount_fail_check; 2515 goto mount_fail_check;
2470 } 2516 }
2471 rc = is_path_accessible(xid, tcon, cifs_sb, full_path); 2517 rc = is_path_accessible(xid, tcon, cifs_sb, full_path);
2472 if (rc) { 2518 if (rc != -EREMOTE) {
2473 cERROR(1, ("Path %s in not accessible: %d",
2474 full_path, rc));
2475 kfree(full_path); 2519 kfree(full_path);
2476 goto mount_fail_check; 2520 goto mount_fail_check;
2477 } 2521 }
2478 kfree(full_path); 2522 kfree(full_path);
2479 } 2523 }
2480 2524
2525 /* get referral if needed */
2526 if (rc == -EREMOTE) {
2527#ifdef CONFIG_CIFS_DFS_UPCALL
2528 /* convert forward to back slashes in prepath here if needed */
2529 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2530 convert_delimiter(cifs_sb->prepath,
2531 CIFS_DIR_SEP(cifs_sb));
2532 full_path = build_unc_path_to_root(volume_info, cifs_sb);
2533 if (IS_ERR(full_path)) {
2534 rc = PTR_ERR(full_path);
2535 goto mount_fail_check;
2536 }
2537
2538 cFYI(1, ("Getting referral for: %s", full_path));
2539 rc = get_dfs_path(xid, pSesInfo , full_path + 1,
2540 cifs_sb->local_nls, &num_referrals, &referrals,
2541 cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
2542 if (!rc && num_referrals > 0) {
2543 char *fake_devname = NULL;
2544
2545 if (mount_data != mount_data_global)
2546 kfree(mount_data);
2547 mount_data = cifs_compose_mount_options(
2548 cifs_sb->mountdata, full_path + 1,
2549 referrals, &fake_devname);
2550 kfree(fake_devname);
2551 free_dfs_info_array(referrals, num_referrals);
2552
2553 if (tcon)
2554 cifs_put_tcon(tcon);
2555 else if (pSesInfo)
2556 cifs_put_smb_ses(pSesInfo);
2557
2558 cleanup_volume_info(&volume_info);
2559 FreeXid(xid);
2560 kfree(full_path);
2561 goto try_mount_again;
2562 }
2563#else /* No DFS support, return error on mount */
2564 rc = -EOPNOTSUPP;
2565#endif
2566 }
2567
2568mount_fail_check:
2569 /* on error free sesinfo and tcon struct if needed */
2570 if (rc) {
2571 if (mount_data != mount_data_global)
2572 kfree(mount_data);
2573 /* If find_unc succeeded then rc == 0 so we can not end */
2574 /* up accidently freeing someone elses tcon struct */
2575 if (tcon)
2576 cifs_put_tcon(tcon);
2577 else if (pSesInfo)
2578 cifs_put_smb_ses(pSesInfo);
2579 else
2580 cifs_put_tcp_session(srvTcp);
2581 goto out;
2582 }
2583
2481 /* volume_info->password is freed above when existing session found 2584 /* volume_info->password is freed above when existing session found
2482 (in which case it is not needed anymore) but when new sesion is created 2585 (in which case it is not needed anymore) but when new sesion is created
2483 the password ptr is put in the new session structure (in which case the 2586 the password ptr is put in the new session structure (in which case the
2484 password will be freed at unmount time) */ 2587 password will be freed at unmount time) */
2485out: 2588out:
2486 /* zero out password before freeing */ 2589 /* zero out password before freeing */
2487 if (volume_info) { 2590 cleanup_volume_info(&volume_info);
2488 if (volume_info->password != NULL) {
2489 memset(volume_info->password, 0,
2490 strlen(volume_info->password));
2491 kfree(volume_info->password);
2492 }
2493 kfree(volume_info->UNC);
2494 kfree(volume_info->prepath);
2495 kfree(volume_info);
2496 }
2497 FreeXid(xid); 2591 FreeXid(xid);
2498 return rc; 2592 return rc;
2499} 2593}
@@ -2673,8 +2767,7 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2673/* We look for obvious messed up bcc or strings in response so we do not go off 2767/* We look for obvious messed up bcc or strings in response so we do not go off
2674 the end since (at least) WIN2K and Windows XP have a major bug in not null 2768 the end since (at least) WIN2K and Windows XP have a major bug in not null
2675 terminating last Unicode string in response */ 2769 terminating last Unicode string in response */
2676 if (ses->serverOS) 2770 kfree(ses->serverOS);
2677 kfree(ses->serverOS);
2678 ses->serverOS = kzalloc(2 * (len + 1), 2771 ses->serverOS = kzalloc(2 * (len + 1),
2679 GFP_KERNEL); 2772 GFP_KERNEL);
2680 if (ses->serverOS == NULL) 2773 if (ses->serverOS == NULL)
@@ -2710,8 +2803,7 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2710 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); 2803 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2711 /* last string is not always null terminated 2804 /* last string is not always null terminated
2712 (for e.g. for Windows XP & 2000) */ 2805 (for e.g. for Windows XP & 2000) */
2713 if (ses->serverDomain) 2806 kfree(ses->serverDomain);
2714 kfree(ses->serverDomain);
2715 ses->serverDomain = 2807 ses->serverDomain =
2716 kzalloc(2*(len+1), 2808 kzalloc(2*(len+1),
2717 GFP_KERNEL); 2809 GFP_KERNEL);
@@ -2725,8 +2817,7 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2725 ses->serverDomain[1+(2*len)] = 0; 2817 ses->serverDomain[1+(2*len)] = 0;
2726 } else { /* else no more room so create 2818 } else { /* else no more room so create
2727 dummy domain string */ 2819 dummy domain string */
2728 if (ses->serverDomain) 2820 kfree(ses->serverDomain);
2729 kfree(ses->serverDomain);
2730 ses->serverDomain = 2821 ses->serverDomain =
2731 kzalloc(2, GFP_KERNEL); 2822 kzalloc(2, GFP_KERNEL);
2732 } 2823 }
@@ -2772,8 +2863,7 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2772 bcc_ptr++; 2863 bcc_ptr++;
2773 2864
2774 len = strnlen(bcc_ptr, 1024); 2865 len = strnlen(bcc_ptr, 1024);
2775 if (ses->serverDomain) 2866 kfree(ses->serverDomain);
2776 kfree(ses->serverDomain);
2777 ses->serverDomain = kzalloc(len + 1, 2867 ses->serverDomain = kzalloc(len + 1,
2778 GFP_KERNEL); 2868 GFP_KERNEL);
2779 if (ses->serverDomain == NULL) 2869 if (ses->serverDomain == NULL)
@@ -3013,8 +3103,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
3013/* We look for obvious messed up bcc or strings in response so we do not go off 3103/* We look for obvious messed up bcc or strings in response so we do not go off
3014 the end since (at least) WIN2K and Windows XP have a major bug in not null 3104 the end since (at least) WIN2K and Windows XP have a major bug in not null
3015 terminating last Unicode string in response */ 3105 terminating last Unicode string in response */
3016 if (ses->serverOS) 3106 kfree(ses->serverOS);
3017 kfree(ses->serverOS);
3018 ses->serverOS = 3107 ses->serverOS =
3019 kzalloc(2 * (len + 1), GFP_KERNEL); 3108 kzalloc(2 * (len + 1), GFP_KERNEL);
3020 cifs_strfromUCS_le(ses->serverOS, 3109 cifs_strfromUCS_le(ses->serverOS,
@@ -3086,8 +3175,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
3086 if (((long) bcc_ptr + len) - (long) 3175 if (((long) bcc_ptr + len) - (long)
3087 pByteArea(smb_buffer_response) 3176 pByteArea(smb_buffer_response)
3088 <= BCC(smb_buffer_response)) { 3177 <= BCC(smb_buffer_response)) {
3089 if (ses->serverOS) 3178 kfree(ses->serverOS);
3090 kfree(ses->serverOS);
3091 ses->serverOS = 3179 ses->serverOS =
3092 kzalloc(len + 1, 3180 kzalloc(len + 1,
3093 GFP_KERNEL); 3181 GFP_KERNEL);
@@ -3414,8 +3502,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3414/* We look for obvious messed up bcc or strings in response so we do not go off 3502/* We look for obvious messed up bcc or strings in response so we do not go off
3415 the end since (at least) WIN2K and Windows XP have a major bug in not null 3503 the end since (at least) WIN2K and Windows XP have a major bug in not null
3416 terminating last Unicode string in response */ 3504 terminating last Unicode string in response */
3417 if (ses->serverOS) 3505 kfree(ses->serverOS);
3418 kfree(ses->serverOS);
3419 ses->serverOS = 3506 ses->serverOS =
3420 kzalloc(2 * (len + 1), GFP_KERNEL); 3507 kzalloc(2 * (len + 1), GFP_KERNEL);
3421 cifs_strfromUCS_le(ses->serverOS, 3508 cifs_strfromUCS_le(ses->serverOS,
@@ -3448,8 +3535,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3448 if (remaining_words > 0) { 3535 if (remaining_words > 0) {
3449 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); 3536 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3450 /* last string not always null terminated (e.g. for Windows XP & 2000) */ 3537 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3451 if (ses->serverDomain) 3538 kfree(ses->serverDomain);
3452 kfree(ses->serverDomain);
3453 ses->serverDomain = 3539 ses->serverDomain =
3454 kzalloc(2 * 3540 kzalloc(2 *
3455 (len + 3541 (len +
@@ -3476,13 +3562,11 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3476 = 0; 3562 = 0;
3477 } /* else no more room so create dummy domain string */ 3563 } /* else no more room so create dummy domain string */
3478 else { 3564 else {
3479 if (ses->serverDomain) 3565 kfree(ses->serverDomain);
3480 kfree(ses->serverDomain);
3481 ses->serverDomain = kzalloc(2,GFP_KERNEL); 3566 ses->serverDomain = kzalloc(2,GFP_KERNEL);
3482 } 3567 }
3483 } else { /* no room so create dummy domain and NOS string */ 3568 } else { /* no room so create dummy domain and NOS string */
3484 if (ses->serverDomain) 3569 kfree(ses->serverDomain);
3485 kfree(ses->serverDomain);
3486 ses->serverDomain = kzalloc(2, GFP_KERNEL); 3570 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3487 kfree(ses->serverNOS); 3571 kfree(ses->serverNOS);
3488 ses->serverNOS = kzalloc(2, GFP_KERNEL); 3572 ses->serverNOS = kzalloc(2, GFP_KERNEL);
@@ -3492,8 +3576,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3492 if (((long) bcc_ptr + len) - 3576 if (((long) bcc_ptr + len) -
3493 (long) pByteArea(smb_buffer_response) 3577 (long) pByteArea(smb_buffer_response)
3494 <= BCC(smb_buffer_response)) { 3578 <= BCC(smb_buffer_response)) {
3495 if (ses->serverOS) 3579 kfree(ses->serverOS);
3496 kfree(ses->serverOS);
3497 ses->serverOS = kzalloc(len + 1, GFP_KERNEL); 3580 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
3498 strncpy(ses->serverOS,bcc_ptr, len); 3581 strncpy(ses->serverOS,bcc_ptr, len);
3499 3582
@@ -3512,8 +3595,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3512 bcc_ptr++; 3595 bcc_ptr++;
3513 3596
3514 len = strnlen(bcc_ptr, 1024); 3597 len = strnlen(bcc_ptr, 1024);
3515 if (ses->serverDomain) 3598 kfree(ses->serverDomain);
3516 kfree(ses->serverDomain);
3517 ses->serverDomain = 3599 ses->serverDomain =
3518 kzalloc(len+1, 3600 kzalloc(len+1,
3519 GFP_KERNEL); 3601 GFP_KERNEL);
@@ -3674,16 +3756,15 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3674 BCC(smb_buffer_response)) { 3756 BCC(smb_buffer_response)) {
3675 kfree(tcon->nativeFileSystem); 3757 kfree(tcon->nativeFileSystem);
3676 tcon->nativeFileSystem = 3758 tcon->nativeFileSystem =
3677 kzalloc(2*(length + 1), GFP_KERNEL); 3759 kzalloc((4 * length) + 2, GFP_KERNEL);
3678 if (tcon->nativeFileSystem) 3760 if (tcon->nativeFileSystem) {
3679 cifs_strfromUCS_le( 3761 cifs_strfromUCS_le(
3680 tcon->nativeFileSystem, 3762 tcon->nativeFileSystem,
3681 (__le16 *) bcc_ptr, 3763 (__le16 *) bcc_ptr,
3682 length, nls_codepage); 3764 length, nls_codepage);
3683 bcc_ptr += 2 * length; 3765 cFYI(1, ("nativeFileSystem=%s",
3684 bcc_ptr[0] = 0; /* null terminate the string */ 3766 tcon->nativeFileSystem));
3685 bcc_ptr[1] = 0; 3767 }
3686 bcc_ptr += 2;
3687 } 3768 }
3688 /* else do not bother copying these information fields*/ 3769 /* else do not bother copying these information fields*/
3689 } else { 3770 } else {
diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
index 54dce78fbb73..461750e01364 100644
--- a/fs/cifs/dir.c
+++ b/fs/cifs/dir.c
@@ -129,12 +129,62 @@ cifs_bp_rename_retry:
129 return full_path; 129 return full_path;
130} 130}
131 131
132static void
133cifs_fill_fileinfo(struct inode *newinode, __u16 fileHandle,
134 struct cifsTconInfo *tcon, bool write_only)
135{
136 int oplock = 0;
137 struct cifsFileInfo *pCifsFile;
138 struct cifsInodeInfo *pCifsInode;
139
140 pCifsFile = kzalloc(sizeof(struct cifsFileInfo), GFP_KERNEL);
141
142 if (pCifsFile == NULL)
143 return;
144
145 if (oplockEnabled)
146 oplock = REQ_OPLOCK;
147
148 pCifsFile->netfid = fileHandle;
149 pCifsFile->pid = current->tgid;
150 pCifsFile->pInode = newinode;
151 pCifsFile->invalidHandle = false;
152 pCifsFile->closePend = false;
153 mutex_init(&pCifsFile->fh_mutex);
154 mutex_init(&pCifsFile->lock_mutex);
155 INIT_LIST_HEAD(&pCifsFile->llist);
156 atomic_set(&pCifsFile->wrtPending, 0);
157
158 /* set the following in open now
159 pCifsFile->pfile = file; */
160 write_lock(&GlobalSMBSeslock);
161 list_add(&pCifsFile->tlist, &tcon->openFileList);
162 pCifsInode = CIFS_I(newinode);
163 if (pCifsInode) {
164 /* if readable file instance put first in list*/
165 if (write_only)
166 list_add_tail(&pCifsFile->flist,
167 &pCifsInode->openFileList);
168 else
169 list_add(&pCifsFile->flist, &pCifsInode->openFileList);
170
171 if ((oplock & 0xF) == OPLOCK_EXCLUSIVE) {
172 pCifsInode->clientCanCacheAll = true;
173 pCifsInode->clientCanCacheRead = true;
174 cFYI(1, ("Exclusive Oplock inode %p", newinode));
175 } else if ((oplock & 0xF) == OPLOCK_READ)
176 pCifsInode->clientCanCacheRead = true;
177 }
178 write_unlock(&GlobalSMBSeslock);
179}
180
132int cifs_posix_open(char *full_path, struct inode **pinode, 181int cifs_posix_open(char *full_path, struct inode **pinode,
133 struct super_block *sb, int mode, int oflags, 182 struct super_block *sb, int mode, int oflags,
134 int *poplock, __u16 *pnetfid, int xid) 183 int *poplock, __u16 *pnetfid, int xid)
135{ 184{
136 int rc; 185 int rc;
137 __u32 oplock; 186 __u32 oplock;
187 bool write_only = false;
138 FILE_UNIX_BASIC_INFO *presp_data; 188 FILE_UNIX_BASIC_INFO *presp_data;
139 __u32 posix_flags = 0; 189 __u32 posix_flags = 0;
140 struct cifs_sb_info *cifs_sb = CIFS_SB(sb); 190 struct cifs_sb_info *cifs_sb = CIFS_SB(sb);
@@ -172,6 +222,8 @@ int cifs_posix_open(char *full_path, struct inode **pinode,
172 if (oflags & O_DIRECT) 222 if (oflags & O_DIRECT)
173 posix_flags |= SMB_O_DIRECT; 223 posix_flags |= SMB_O_DIRECT;
174 224
225 if (!(oflags & FMODE_READ))
226 write_only = true;
175 227
176 rc = CIFSPOSIXCreate(xid, cifs_sb->tcon, posix_flags, mode, 228 rc = CIFSPOSIXCreate(xid, cifs_sb->tcon, posix_flags, mode,
177 pnetfid, presp_data, &oplock, full_path, 229 pnetfid, presp_data, &oplock, full_path,
@@ -187,8 +239,10 @@ int cifs_posix_open(char *full_path, struct inode **pinode,
187 if (!pinode) 239 if (!pinode)
188 goto posix_open_ret; /* caller does not need info */ 240 goto posix_open_ret; /* caller does not need info */
189 241
190 if (*pinode == NULL) 242 if (*pinode == NULL) {
191 *pinode = cifs_new_inode(sb, &presp_data->UniqueId); 243 __u64 unique_id = le64_to_cpu(presp_data->UniqueId);
244 *pinode = cifs_new_inode(sb, &unique_id);
245 }
192 /* else an inode was passed in. Update its info, don't create one */ 246 /* else an inode was passed in. Update its info, don't create one */
193 247
194 /* We do not need to close the file if new_inode fails since 248 /* We do not need to close the file if new_inode fails since
@@ -198,6 +252,8 @@ int cifs_posix_open(char *full_path, struct inode **pinode,
198 252
199 posix_fill_in_inode(*pinode, presp_data, 1); 253 posix_fill_in_inode(*pinode, presp_data, 1);
200 254
255 cifs_fill_fileinfo(*pinode, *pnetfid, cifs_sb->tcon, write_only);
256
201posix_open_ret: 257posix_open_ret:
202 kfree(presp_data); 258 kfree(presp_data);
203 return rc; 259 return rc;
@@ -239,7 +295,6 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode,
239 char *full_path = NULL; 295 char *full_path = NULL;
240 FILE_ALL_INFO *buf = NULL; 296 FILE_ALL_INFO *buf = NULL;
241 struct inode *newinode = NULL; 297 struct inode *newinode = NULL;
242 struct cifsInodeInfo *pCifsInode;
243 int disposition = FILE_OVERWRITE_IF; 298 int disposition = FILE_OVERWRITE_IF;
244 bool write_only = false; 299 bool write_only = false;
245 300
@@ -410,44 +465,8 @@ cifs_create_set_dentry:
410 /* mknod case - do not leave file open */ 465 /* mknod case - do not leave file open */
411 CIFSSMBClose(xid, tcon, fileHandle); 466 CIFSSMBClose(xid, tcon, fileHandle);
412 } else if (newinode) { 467 } else if (newinode) {
413 struct cifsFileInfo *pCifsFile = 468 cifs_fill_fileinfo(newinode, fileHandle,
414 kzalloc(sizeof(struct cifsFileInfo), GFP_KERNEL); 469 cifs_sb->tcon, write_only);
415
416 if (pCifsFile == NULL)
417 goto cifs_create_out;
418 pCifsFile->netfid = fileHandle;
419 pCifsFile->pid = current->tgid;
420 pCifsFile->pInode = newinode;
421 pCifsFile->invalidHandle = false;
422 pCifsFile->closePend = false;
423 init_MUTEX(&pCifsFile->fh_sem);
424 mutex_init(&pCifsFile->lock_mutex);
425 INIT_LIST_HEAD(&pCifsFile->llist);
426 atomic_set(&pCifsFile->wrtPending, 0);
427
428 /* set the following in open now
429 pCifsFile->pfile = file; */
430 write_lock(&GlobalSMBSeslock);
431 list_add(&pCifsFile->tlist, &tcon->openFileList);
432 pCifsInode = CIFS_I(newinode);
433 if (pCifsInode) {
434 /* if readable file instance put first in list*/
435 if (write_only) {
436 list_add_tail(&pCifsFile->flist,
437 &pCifsInode->openFileList);
438 } else {
439 list_add(&pCifsFile->flist,
440 &pCifsInode->openFileList);
441 }
442 if ((oplock & 0xF) == OPLOCK_EXCLUSIVE) {
443 pCifsInode->clientCanCacheAll = true;
444 pCifsInode->clientCanCacheRead = true;
445 cFYI(1, ("Exclusive Oplock inode %p",
446 newinode));
447 } else if ((oplock & 0xF) == OPLOCK_READ)
448 pCifsInode->clientCanCacheRead = true;
449 }
450 write_unlock(&GlobalSMBSeslock);
451 } 470 }
452cifs_create_out: 471cifs_create_out:
453 kfree(buf); 472 kfree(buf);
@@ -580,17 +599,21 @@ int cifs_mknod(struct inode *inode, struct dentry *direntry, int mode,
580 return rc; 599 return rc;
581} 600}
582 601
583
584struct dentry * 602struct dentry *
585cifs_lookup(struct inode *parent_dir_inode, struct dentry *direntry, 603cifs_lookup(struct inode *parent_dir_inode, struct dentry *direntry,
586 struct nameidata *nd) 604 struct nameidata *nd)
587{ 605{
588 int xid; 606 int xid;
589 int rc = 0; /* to get around spurious gcc warning, set to zero here */ 607 int rc = 0; /* to get around spurious gcc warning, set to zero here */
608 int oplock = 0;
609 int mode;
610 __u16 fileHandle = 0;
611 bool posix_open = false;
590 struct cifs_sb_info *cifs_sb; 612 struct cifs_sb_info *cifs_sb;
591 struct cifsTconInfo *pTcon; 613 struct cifsTconInfo *pTcon;
592 struct inode *newInode = NULL; 614 struct inode *newInode = NULL;
593 char *full_path = NULL; 615 char *full_path = NULL;
616 struct file *filp;
594 617
595 xid = GetXid(); 618 xid = GetXid();
596 619
@@ -632,12 +655,37 @@ cifs_lookup(struct inode *parent_dir_inode, struct dentry *direntry,
632 } 655 }
633 cFYI(1, ("Full path: %s inode = 0x%p", full_path, direntry->d_inode)); 656 cFYI(1, ("Full path: %s inode = 0x%p", full_path, direntry->d_inode));
634 657
635 if (pTcon->unix_ext) 658 if (pTcon->unix_ext) {
636 rc = cifs_get_inode_info_unix(&newInode, full_path, 659 if (!(nd->flags & (LOOKUP_PARENT | LOOKUP_DIRECTORY)) &&
637 parent_dir_inode->i_sb, xid); 660 (nd->flags & LOOKUP_OPEN)) {
638 else 661 if (!((nd->intent.open.flags & O_CREAT) &&
662 (nd->intent.open.flags & O_EXCL))) {
663 mode = nd->intent.open.create_mode &
664 ~current_umask();
665 rc = cifs_posix_open(full_path, &newInode,
666 parent_dir_inode->i_sb, mode,
667 nd->intent.open.flags, &oplock,
668 &fileHandle, xid);
669 /*
670 * This code works around a bug in
671 * samba posix open in samba versions 3.3.1
672 * and earlier where create works
673 * but open fails with invalid parameter.
674 * If either of these error codes are
675 * returned, follow the normal lookup.
676 * Otherwise, the error during posix open
677 * is handled.
678 */
679 if ((rc != -EINVAL) && (rc != -EOPNOTSUPP))
680 posix_open = true;
681 }
682 }
683 if (!posix_open)
684 rc = cifs_get_inode_info_unix(&newInode, full_path,
685 parent_dir_inode->i_sb, xid);
686 } else
639 rc = cifs_get_inode_info(&newInode, full_path, NULL, 687 rc = cifs_get_inode_info(&newInode, full_path, NULL,
640 parent_dir_inode->i_sb, xid, NULL); 688 parent_dir_inode->i_sb, xid, NULL);
641 689
642 if ((rc == 0) && (newInode != NULL)) { 690 if ((rc == 0) && (newInode != NULL)) {
643 if (pTcon->nocase) 691 if (pTcon->nocase)
@@ -645,7 +693,8 @@ cifs_lookup(struct inode *parent_dir_inode, struct dentry *direntry,
645 else 693 else
646 direntry->d_op = &cifs_dentry_ops; 694 direntry->d_op = &cifs_dentry_ops;
647 d_add(direntry, newInode); 695 d_add(direntry, newInode);
648 696 if (posix_open)
697 filp = lookup_instantiate_filp(nd, direntry, NULL);
649 /* since paths are not looked up by component - the parent 698 /* since paths are not looked up by component - the parent
650 directories are presumed to be good here */ 699 directories are presumed to be good here */
651 renew_parental_timestamps(direntry); 700 renew_parental_timestamps(direntry);
diff --git a/fs/cifs/dns_resolve.c b/fs/cifs/dns_resolve.c
index 1e0c1bd8f2e4..df4a306f697e 100644
--- a/fs/cifs/dns_resolve.c
+++ b/fs/cifs/dns_resolve.c
@@ -78,7 +78,7 @@ dns_resolver_instantiate(struct key *key, const void *data,
78 } 78 }
79 79
80 key->type_data.x[0] = datalen; 80 key->type_data.x[0] = datalen;
81 rcu_assign_pointer(key->payload.data, ip); 81 key->payload.data = ip;
82 82
83 return rc; 83 return rc;
84} 84}
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index 81747acca4c4..50ca088d8860 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -46,7 +46,7 @@ static inline struct cifsFileInfo *cifs_init_private(
46 memset(private_data, 0, sizeof(struct cifsFileInfo)); 46 memset(private_data, 0, sizeof(struct cifsFileInfo));
47 private_data->netfid = netfid; 47 private_data->netfid = netfid;
48 private_data->pid = current->tgid; 48 private_data->pid = current->tgid;
49 init_MUTEX(&private_data->fh_sem); 49 mutex_init(&private_data->fh_mutex);
50 mutex_init(&private_data->lock_mutex); 50 mutex_init(&private_data->lock_mutex);
51 INIT_LIST_HEAD(&private_data->llist); 51 INIT_LIST_HEAD(&private_data->llist);
52 private_data->pfile = file; /* needed for writepage */ 52 private_data->pfile = file; /* needed for writepage */
@@ -284,35 +284,32 @@ int cifs_open(struct inode *inode, struct file *file)
284 cifs_sb = CIFS_SB(inode->i_sb); 284 cifs_sb = CIFS_SB(inode->i_sb);
285 tcon = cifs_sb->tcon; 285 tcon = cifs_sb->tcon;
286 286
287 if (file->f_flags & O_CREAT) { 287 /* search inode for this file and fill in file->private_data */
288 /* search inode for this file and fill in file->private_data */ 288 pCifsInode = CIFS_I(file->f_path.dentry->d_inode);
289 pCifsInode = CIFS_I(file->f_path.dentry->d_inode); 289 read_lock(&GlobalSMBSeslock);
290 read_lock(&GlobalSMBSeslock); 290 list_for_each(tmp, &pCifsInode->openFileList) {
291 list_for_each(tmp, &pCifsInode->openFileList) { 291 pCifsFile = list_entry(tmp, struct cifsFileInfo,
292 pCifsFile = list_entry(tmp, struct cifsFileInfo, 292 flist);
293 flist); 293 if ((pCifsFile->pfile == NULL) &&
294 if ((pCifsFile->pfile == NULL) && 294 (pCifsFile->pid == current->tgid)) {
295 (pCifsFile->pid == current->tgid)) { 295 /* mode set in cifs_create */
296 /* mode set in cifs_create */ 296
297 297 /* needed for writepage */
298 /* needed for writepage */ 298 pCifsFile->pfile = file;
299 pCifsFile->pfile = file; 299
300 300 file->private_data = pCifsFile;
301 file->private_data = pCifsFile; 301 break;
302 break;
303 }
304 }
305 read_unlock(&GlobalSMBSeslock);
306 if (file->private_data != NULL) {
307 rc = 0;
308 FreeXid(xid);
309 return rc;
310 } else {
311 if (file->f_flags & O_EXCL)
312 cERROR(1, ("could not find file instance for "
313 "new file %p", file));
314 } 302 }
315 } 303 }
304 read_unlock(&GlobalSMBSeslock);
305
306 if (file->private_data != NULL) {
307 rc = 0;
308 FreeXid(xid);
309 return rc;
310 } else if ((file->f_flags & O_CREAT) && (file->f_flags & O_EXCL))
311 cERROR(1, ("could not find file instance for "
312 "new file %p", file));
316 313
317 full_path = build_path_from_dentry(file->f_path.dentry); 314 full_path = build_path_from_dentry(file->f_path.dentry);
318 if (full_path == NULL) { 315 if (full_path == NULL) {
@@ -500,9 +497,9 @@ static int cifs_reopen_file(struct file *file, bool can_flush)
500 return -EBADF; 497 return -EBADF;
501 498
502 xid = GetXid(); 499 xid = GetXid();
503 down(&pCifsFile->fh_sem); 500 mutex_unlock(&pCifsFile->fh_mutex);
504 if (!pCifsFile->invalidHandle) { 501 if (!pCifsFile->invalidHandle) {
505 up(&pCifsFile->fh_sem); 502 mutex_lock(&pCifsFile->fh_mutex);
506 FreeXid(xid); 503 FreeXid(xid);
507 return 0; 504 return 0;
508 } 505 }
@@ -533,7 +530,7 @@ static int cifs_reopen_file(struct file *file, bool can_flush)
533 if (full_path == NULL) { 530 if (full_path == NULL) {
534 rc = -ENOMEM; 531 rc = -ENOMEM;
535reopen_error_exit: 532reopen_error_exit:
536 up(&pCifsFile->fh_sem); 533 mutex_lock(&pCifsFile->fh_mutex);
537 FreeXid(xid); 534 FreeXid(xid);
538 return rc; 535 return rc;
539 } 536 }
@@ -575,14 +572,14 @@ reopen_error_exit:
575 cifs_sb->local_nls, cifs_sb->mnt_cifs_flags & 572 cifs_sb->local_nls, cifs_sb->mnt_cifs_flags &
576 CIFS_MOUNT_MAP_SPECIAL_CHR); 573 CIFS_MOUNT_MAP_SPECIAL_CHR);
577 if (rc) { 574 if (rc) {
578 up(&pCifsFile->fh_sem); 575 mutex_lock(&pCifsFile->fh_mutex);
579 cFYI(1, ("cifs_open returned 0x%x", rc)); 576 cFYI(1, ("cifs_open returned 0x%x", rc));
580 cFYI(1, ("oplock: %d", oplock)); 577 cFYI(1, ("oplock: %d", oplock));
581 } else { 578 } else {
582reopen_success: 579reopen_success:
583 pCifsFile->netfid = netfid; 580 pCifsFile->netfid = netfid;
584 pCifsFile->invalidHandle = false; 581 pCifsFile->invalidHandle = false;
585 up(&pCifsFile->fh_sem); 582 mutex_lock(&pCifsFile->fh_mutex);
586 pCifsInode = CIFS_I(inode); 583 pCifsInode = CIFS_I(inode);
587 if (pCifsInode) { 584 if (pCifsInode) {
588 if (can_flush) { 585 if (can_flush) {
@@ -971,6 +968,40 @@ int cifs_lock(struct file *file, int cmd, struct file_lock *pfLock)
971 return rc; 968 return rc;
972} 969}
973 970
971/*
972 * Set the timeout on write requests past EOF. For some servers (Windows)
973 * these calls can be very long.
974 *
975 * If we're writing >10M past the EOF we give a 180s timeout. Anything less
976 * than that gets a 45s timeout. Writes not past EOF get 15s timeouts.
977 * The 10M cutoff is totally arbitrary. A better scheme for this would be
978 * welcome if someone wants to suggest one.
979 *
980 * We may be able to do a better job with this if there were some way to
981 * declare that a file should be sparse.
982 */
983static int
984cifs_write_timeout(struct cifsInodeInfo *cifsi, loff_t offset)
985{
986 if (offset <= cifsi->server_eof)
987 return CIFS_STD_OP;
988 else if (offset > (cifsi->server_eof + (10 * 1024 * 1024)))
989 return CIFS_VLONG_OP;
990 else
991 return CIFS_LONG_OP;
992}
993
994/* update the file size (if needed) after a write */
995static void
996cifs_update_eof(struct cifsInodeInfo *cifsi, loff_t offset,
997 unsigned int bytes_written)
998{
999 loff_t end_of_write = offset + bytes_written;
1000
1001 if (end_of_write > cifsi->server_eof)
1002 cifsi->server_eof = end_of_write;
1003}
1004
974ssize_t cifs_user_write(struct file *file, const char __user *write_data, 1005ssize_t cifs_user_write(struct file *file, const char __user *write_data,
975 size_t write_size, loff_t *poffset) 1006 size_t write_size, loff_t *poffset)
976{ 1007{
@@ -981,6 +1012,7 @@ ssize_t cifs_user_write(struct file *file, const char __user *write_data,
981 struct cifsTconInfo *pTcon; 1012 struct cifsTconInfo *pTcon;
982 int xid, long_op; 1013 int xid, long_op;
983 struct cifsFileInfo *open_file; 1014 struct cifsFileInfo *open_file;
1015 struct cifsInodeInfo *cifsi = CIFS_I(file->f_path.dentry->d_inode);
984 1016
985 cifs_sb = CIFS_SB(file->f_path.dentry->d_sb); 1017 cifs_sb = CIFS_SB(file->f_path.dentry->d_sb);
986 1018
@@ -1000,11 +1032,7 @@ ssize_t cifs_user_write(struct file *file, const char __user *write_data,
1000 1032
1001 xid = GetXid(); 1033 xid = GetXid();
1002 1034
1003 if (*poffset > file->f_path.dentry->d_inode->i_size) 1035 long_op = cifs_write_timeout(cifsi, *poffset);
1004 long_op = CIFS_VLONG_OP; /* writes past EOF take long time */
1005 else
1006 long_op = CIFS_LONG_OP;
1007
1008 for (total_written = 0; write_size > total_written; 1036 for (total_written = 0; write_size > total_written;
1009 total_written += bytes_written) { 1037 total_written += bytes_written) {
1010 rc = -EAGAIN; 1038 rc = -EAGAIN;
@@ -1048,8 +1076,10 @@ ssize_t cifs_user_write(struct file *file, const char __user *write_data,
1048 FreeXid(xid); 1076 FreeXid(xid);
1049 return rc; 1077 return rc;
1050 } 1078 }
1051 } else 1079 } else {
1080 cifs_update_eof(cifsi, *poffset, bytes_written);
1052 *poffset += bytes_written; 1081 *poffset += bytes_written;
1082 }
1053 long_op = CIFS_STD_OP; /* subsequent writes fast - 1083 long_op = CIFS_STD_OP; /* subsequent writes fast -
1054 15 seconds is plenty */ 1084 15 seconds is plenty */
1055 } 1085 }
@@ -1085,6 +1115,7 @@ static ssize_t cifs_write(struct file *file, const char *write_data,
1085 struct cifsTconInfo *pTcon; 1115 struct cifsTconInfo *pTcon;
1086 int xid, long_op; 1116 int xid, long_op;
1087 struct cifsFileInfo *open_file; 1117 struct cifsFileInfo *open_file;
1118 struct cifsInodeInfo *cifsi = CIFS_I(file->f_path.dentry->d_inode);
1088 1119
1089 cifs_sb = CIFS_SB(file->f_path.dentry->d_sb); 1120 cifs_sb = CIFS_SB(file->f_path.dentry->d_sb);
1090 1121
@@ -1099,11 +1130,7 @@ static ssize_t cifs_write(struct file *file, const char *write_data,
1099 1130
1100 xid = GetXid(); 1131 xid = GetXid();
1101 1132
1102 if (*poffset > file->f_path.dentry->d_inode->i_size) 1133 long_op = cifs_write_timeout(cifsi, *poffset);
1103 long_op = CIFS_VLONG_OP; /* writes past EOF can be slow */
1104 else
1105 long_op = CIFS_LONG_OP;
1106
1107 for (total_written = 0; write_size > total_written; 1134 for (total_written = 0; write_size > total_written;
1108 total_written += bytes_written) { 1135 total_written += bytes_written) {
1109 rc = -EAGAIN; 1136 rc = -EAGAIN;
@@ -1166,8 +1193,10 @@ static ssize_t cifs_write(struct file *file, const char *write_data,
1166 FreeXid(xid); 1193 FreeXid(xid);
1167 return rc; 1194 return rc;
1168 } 1195 }
1169 } else 1196 } else {
1197 cifs_update_eof(cifsi, *poffset, bytes_written);
1170 *poffset += bytes_written; 1198 *poffset += bytes_written;
1199 }
1171 long_op = CIFS_STD_OP; /* subsequent writes fast - 1200 long_op = CIFS_STD_OP; /* subsequent writes fast -
1172 15 seconds is plenty */ 1201 15 seconds is plenty */
1173 } 1202 }
@@ -1380,11 +1409,12 @@ static int cifs_writepages(struct address_space *mapping,
1380 int nr_pages; 1409 int nr_pages;
1381 __u64 offset = 0; 1410 __u64 offset = 0;
1382 struct cifsFileInfo *open_file; 1411 struct cifsFileInfo *open_file;
1412 struct cifsInodeInfo *cifsi = CIFS_I(mapping->host);
1383 struct page *page; 1413 struct page *page;
1384 struct pagevec pvec; 1414 struct pagevec pvec;
1385 int rc = 0; 1415 int rc = 0;
1386 int scanned = 0; 1416 int scanned = 0;
1387 int xid; 1417 int xid, long_op;
1388 1418
1389 cifs_sb = CIFS_SB(mapping->host->i_sb); 1419 cifs_sb = CIFS_SB(mapping->host->i_sb);
1390 1420
@@ -1528,12 +1558,15 @@ retry:
1528 cERROR(1, ("No writable handles for inode")); 1558 cERROR(1, ("No writable handles for inode"));
1529 rc = -EBADF; 1559 rc = -EBADF;
1530 } else { 1560 } else {
1561 long_op = cifs_write_timeout(cifsi, offset);
1531 rc = CIFSSMBWrite2(xid, cifs_sb->tcon, 1562 rc = CIFSSMBWrite2(xid, cifs_sb->tcon,
1532 open_file->netfid, 1563 open_file->netfid,
1533 bytes_to_write, offset, 1564 bytes_to_write, offset,
1534 &bytes_written, iov, n_iov, 1565 &bytes_written, iov, n_iov,
1535 CIFS_LONG_OP); 1566 long_op);
1536 atomic_dec(&open_file->wrtPending); 1567 atomic_dec(&open_file->wrtPending);
1568 cifs_update_eof(cifsi, offset, bytes_written);
1569
1537 if (rc || bytes_written < bytes_to_write) { 1570 if (rc || bytes_written < bytes_to_write) {
1538 cERROR(1, ("Write2 ret %d, wrote %d", 1571 cERROR(1, ("Write2 ret %d, wrote %d",
1539 rc, bytes_written)); 1572 rc, bytes_written));
diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
index f121a80fdd6f..f36b4e40e443 100644
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -143,6 +143,7 @@ static void cifs_unix_info_to_inode(struct inode *inode,
143 143
144 inode->i_nlink = le64_to_cpu(info->Nlinks); 144 inode->i_nlink = le64_to_cpu(info->Nlinks);
145 145
146 cifsInfo->server_eof = end_of_file;
146 spin_lock(&inode->i_lock); 147 spin_lock(&inode->i_lock);
147 if (is_size_safe_to_change(cifsInfo, end_of_file)) { 148 if (is_size_safe_to_change(cifsInfo, end_of_file)) {
148 /* 149 /*
@@ -276,7 +277,8 @@ int cifs_get_inode_info_unix(struct inode **pinode,
276 277
277 /* get new inode */ 278 /* get new inode */
278 if (*pinode == NULL) { 279 if (*pinode == NULL) {
279 *pinode = cifs_new_inode(sb, &find_data.UniqueId); 280 __u64 unique_id = le64_to_cpu(find_data.UniqueId);
281 *pinode = cifs_new_inode(sb, &unique_id);
280 if (*pinode == NULL) { 282 if (*pinode == NULL) {
281 rc = -ENOMEM; 283 rc = -ENOMEM;
282 goto cgiiu_exit; 284 goto cgiiu_exit;
@@ -605,12 +607,12 @@ int cifs_get_inode_info(struct inode **pinode,
605 inode->i_mode |= S_IFREG; 607 inode->i_mode |= S_IFREG;
606 } 608 }
607 609
610 cifsInfo->server_eof = le64_to_cpu(pfindData->EndOfFile);
608 spin_lock(&inode->i_lock); 611 spin_lock(&inode->i_lock);
609 if (is_size_safe_to_change(cifsInfo, 612 if (is_size_safe_to_change(cifsInfo, cifsInfo->server_eof)) {
610 le64_to_cpu(pfindData->EndOfFile))) {
611 /* can not safely shrink the file size here if the 613 /* can not safely shrink the file size here if the
612 client is writing to it due to potential races */ 614 client is writing to it due to potential races */
613 i_size_write(inode, le64_to_cpu(pfindData->EndOfFile)); 615 i_size_write(inode, cifsInfo->server_eof);
614 616
615 /* 512 bytes (2**9) is the fake blocksize that must be 617 /* 512 bytes (2**9) is the fake blocksize that must be
616 used for this calculation */ 618 used for this calculation */
@@ -1138,6 +1140,7 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode)
1138 cFYI(1, ("posix mkdir returned 0x%x", rc)); 1140 cFYI(1, ("posix mkdir returned 0x%x", rc));
1139 d_drop(direntry); 1141 d_drop(direntry);
1140 } else { 1142 } else {
1143 __u64 unique_id;
1141 if (pInfo->Type == cpu_to_le32(-1)) { 1144 if (pInfo->Type == cpu_to_le32(-1)) {
1142 /* no return info, go query for it */ 1145 /* no return info, go query for it */
1143 kfree(pInfo); 1146 kfree(pInfo);
@@ -1151,8 +1154,8 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode)
1151 else 1154 else
1152 direntry->d_op = &cifs_dentry_ops; 1155 direntry->d_op = &cifs_dentry_ops;
1153 1156
1154 newinode = cifs_new_inode(inode->i_sb, 1157 unique_id = le64_to_cpu(pInfo->UniqueId);
1155 &pInfo->UniqueId); 1158 newinode = cifs_new_inode(inode->i_sb, &unique_id);
1156 if (newinode == NULL) { 1159 if (newinode == NULL) {
1157 kfree(pInfo); 1160 kfree(pInfo);
1158 goto mkdir_get_info; 1161 goto mkdir_get_info;
@@ -1450,7 +1453,8 @@ int cifs_rename(struct inode *source_dir, struct dentry *source_dentry,
1450 checking the UniqueId via FILE_INTERNAL_INFO */ 1453 checking the UniqueId via FILE_INTERNAL_INFO */
1451 1454
1452unlink_target: 1455unlink_target:
1453 if ((rc == -EACCES) || (rc == -EEXIST)) { 1456 /* Try unlinking the target dentry if it's not negative */
1457 if (target_dentry->d_inode && (rc == -EACCES || rc == -EEXIST)) {
1454 tmprc = cifs_unlink(target_dir, target_dentry); 1458 tmprc = cifs_unlink(target_dir, target_dentry);
1455 if (tmprc) 1459 if (tmprc)
1456 goto cifs_rename_exit; 1460 goto cifs_rename_exit;
@@ -1753,6 +1757,7 @@ cifs_set_file_size(struct inode *inode, struct iattr *attrs,
1753 } 1757 }
1754 1758
1755 if (rc == 0) { 1759 if (rc == 0) {
1760 cifsInode->server_eof = attrs->ia_size;
1756 rc = cifs_vmtruncate(inode, attrs->ia_size); 1761 rc = cifs_vmtruncate(inode, attrs->ia_size);
1757 cifs_truncate_page(inode->i_mapping, inode->i_size); 1762 cifs_truncate_page(inode->i_mapping, inode->i_size);
1758 } 1763 }
@@ -1792,20 +1797,21 @@ cifs_setattr_unix(struct dentry *direntry, struct iattr *attrs)
1792 goto out; 1797 goto out;
1793 } 1798 }
1794 1799
1795 if ((attrs->ia_valid & ATTR_MTIME) || (attrs->ia_valid & ATTR_SIZE)) { 1800 /*
1796 /* 1801 * Attempt to flush data before changing attributes. We need to do
1797 Flush data before changing file size or changing the last 1802 * this for ATTR_SIZE and ATTR_MTIME for sure, and if we change the
1798 write time of the file on the server. If the 1803 * ownership or mode then we may also need to do this. Here, we take
1799 flush returns error, store it to report later and continue. 1804 * the safe way out and just do the flush on all setattr requests. If
1800 BB: This should be smarter. Why bother flushing pages that 1805 * the flush returns error, store it to report later and continue.
1801 will be truncated anyway? Also, should we error out here if 1806 *
1802 the flush returns error? 1807 * BB: This should be smarter. Why bother flushing pages that
1803 */ 1808 * will be truncated anyway? Also, should we error out here if
1804 rc = filemap_write_and_wait(inode->i_mapping); 1809 * the flush returns error?
1805 if (rc != 0) { 1810 */
1806 cifsInode->write_behind_rc = rc; 1811 rc = filemap_write_and_wait(inode->i_mapping);
1807 rc = 0; 1812 if (rc != 0) {
1808 } 1813 cifsInode->write_behind_rc = rc;
1814 rc = 0;
1809 } 1815 }
1810 1816
1811 if (attrs->ia_valid & ATTR_SIZE) { 1817 if (attrs->ia_valid & ATTR_SIZE) {
@@ -1903,20 +1909,21 @@ cifs_setattr_nounix(struct dentry *direntry, struct iattr *attrs)
1903 return -ENOMEM; 1909 return -ENOMEM;
1904 } 1910 }
1905 1911
1906 if ((attrs->ia_valid & ATTR_MTIME) || (attrs->ia_valid & ATTR_SIZE)) { 1912 /*
1907 /* 1913 * Attempt to flush data before changing attributes. We need to do
1908 Flush data before changing file size or changing the last 1914 * this for ATTR_SIZE and ATTR_MTIME for sure, and if we change the
1909 write time of the file on the server. If the 1915 * ownership or mode then we may also need to do this. Here, we take
1910 flush returns error, store it to report later and continue. 1916 * the safe way out and just do the flush on all setattr requests. If
1911 BB: This should be smarter. Why bother flushing pages that 1917 * the flush returns error, store it to report later and continue.
1912 will be truncated anyway? Also, should we error out here if 1918 *
1913 the flush returns error? 1919 * BB: This should be smarter. Why bother flushing pages that
1914 */ 1920 * will be truncated anyway? Also, should we error out here if
1915 rc = filemap_write_and_wait(inode->i_mapping); 1921 * the flush returns error?
1916 if (rc != 0) { 1922 */
1917 cifsInode->write_behind_rc = rc; 1923 rc = filemap_write_and_wait(inode->i_mapping);
1918 rc = 0; 1924 if (rc != 0) {
1919 } 1925 cifsInode->write_behind_rc = rc;
1926 rc = 0;
1920 } 1927 }
1921 1928
1922 if (attrs->ia_valid & ATTR_SIZE) { 1929 if (attrs->ia_valid & ATTR_SIZE) {
diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c
index c2c01ff4c32c..1a8be6228333 100644
--- a/fs/cifs/readdir.c
+++ b/fs/cifs/readdir.c
@@ -239,6 +239,7 @@ static void fill_in_inode(struct inode *tmp_inode, int new_buf_type,
239 if (atomic_read(&cifsInfo->inUse) == 0) 239 if (atomic_read(&cifsInfo->inUse) == 0)
240 atomic_set(&cifsInfo->inUse, 1); 240 atomic_set(&cifsInfo->inUse, 1);
241 241
242 cifsInfo->server_eof = end_of_file;
242 spin_lock(&tmp_inode->i_lock); 243 spin_lock(&tmp_inode->i_lock);
243 if (is_size_safe_to_change(cifsInfo, end_of_file)) { 244 if (is_size_safe_to_change(cifsInfo, end_of_file)) {
244 /* can not safely change the file size here if the 245 /* can not safely change the file size here if the
@@ -375,6 +376,7 @@ static void unix_fill_in_inode(struct inode *tmp_inode,
375 tmp_inode->i_gid = le64_to_cpu(pfindData->Gid); 376 tmp_inode->i_gid = le64_to_cpu(pfindData->Gid);
376 tmp_inode->i_nlink = le64_to_cpu(pfindData->Nlinks); 377 tmp_inode->i_nlink = le64_to_cpu(pfindData->Nlinks);
377 378
379 cifsInfo->server_eof = end_of_file;
378 spin_lock(&tmp_inode->i_lock); 380 spin_lock(&tmp_inode->i_lock);
379 if (is_size_safe_to_change(cifsInfo, end_of_file)) { 381 if (is_size_safe_to_change(cifsInfo, end_of_file)) {
380 /* can not safely change the file size here if the 382 /* can not safely change the file size here if the
@@ -840,7 +842,7 @@ static int cifs_get_name_from_search_buf(struct qstr *pqst,
840 len = strnlen(filename, PATH_MAX); 842 len = strnlen(filename, PATH_MAX);
841 } 843 }
842 844
843 *pinum = pFindData->UniqueId; 845 *pinum = le64_to_cpu(pFindData->UniqueId);
844 } else if (level == SMB_FIND_FILE_DIRECTORY_INFO) { 846 } else if (level == SMB_FIND_FILE_DIRECTORY_INFO) {
845 FILE_DIRECTORY_INFO *pFindData = 847 FILE_DIRECTORY_INFO *pFindData =
846 (FILE_DIRECTORY_INFO *)current_entry; 848 (FILE_DIRECTORY_INFO *)current_entry;
@@ -856,7 +858,7 @@ static int cifs_get_name_from_search_buf(struct qstr *pqst,
856 (SEARCH_ID_FULL_DIR_INFO *)current_entry; 858 (SEARCH_ID_FULL_DIR_INFO *)current_entry;
857 filename = &pFindData->FileName[0]; 859 filename = &pFindData->FileName[0];
858 len = le32_to_cpu(pFindData->FileNameLength); 860 len = le32_to_cpu(pFindData->FileNameLength);
859 *pinum = pFindData->UniqueId; 861 *pinum = le64_to_cpu(pFindData->UniqueId);
860 } else if (level == SMB_FIND_FILE_BOTH_DIRECTORY_INFO) { 862 } else if (level == SMB_FIND_FILE_BOTH_DIRECTORY_INFO) {
861 FILE_BOTH_DIRECTORY_INFO *pFindData = 863 FILE_BOTH_DIRECTORY_INFO *pFindData =
862 (FILE_BOTH_DIRECTORY_INFO *)current_entry; 864 (FILE_BOTH_DIRECTORY_INFO *)current_entry;
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 5c68b4282be9..c652c73760dd 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -285,35 +285,36 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
285 int words_left, len; 285 int words_left, len;
286 char *data = *pbcc_area; 286 char *data = *pbcc_area;
287 287
288
289
290 cFYI(1, ("bleft %d", bleft)); 288 cFYI(1, ("bleft %d", bleft));
291 289
292 290 /*
293 /* SMB header is unaligned, so cifs servers word align start of 291 * Windows servers do not always double null terminate their final
294 Unicode strings */ 292 * Unicode string. Check to see if there are an uneven number of bytes
295 data++; 293 * left. If so, then add an extra NULL pad byte to the end of the
296 bleft--; /* Windows servers do not always double null terminate 294 * response.
297 their final Unicode string - in which case we 295 *
298 now will not attempt to decode the byte of junk 296 * See section 2.7.2 in "Implementing CIFS" for details
299 which follows it */ 297 */
298 if (bleft % 2) {
299 data[bleft] = 0;
300 ++bleft;
301 }
300 302
301 words_left = bleft / 2; 303 words_left = bleft / 2;
302 304
303 /* save off server operating system */ 305 /* save off server operating system */
304 len = UniStrnlen((wchar_t *) data, words_left); 306 len = UniStrnlen((wchar_t *) data, words_left);
305 307
306/* We look for obvious messed up bcc or strings in response so we do not go off
307 the end since (at least) WIN2K and Windows XP have a major bug in not null
308 terminating last Unicode string in response */
309 if (len >= words_left) 308 if (len >= words_left)
310 return rc; 309 return rc;
311 310
312 kfree(ses->serverOS); 311 kfree(ses->serverOS);
313 /* UTF-8 string will not grow more than four times as big as UCS-16 */ 312 /* UTF-8 string will not grow more than four times as big as UCS-16 */
314 ses->serverOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL); 313 ses->serverOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
315 if (ses->serverOS != NULL) 314 if (ses->serverOS != NULL) {
316 cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp); 315 cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp);
316 cFYI(1, ("serverOS=%s", ses->serverOS));
317 }
317 data += 2 * (len + 1); 318 data += 2 * (len + 1);
318 words_left -= len + 1; 319 words_left -= len + 1;
319 320
@@ -328,6 +329,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
328 if (ses->serverNOS != NULL) { 329 if (ses->serverNOS != NULL) {
329 cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len, 330 cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len,
330 nls_cp); 331 nls_cp);
332 cFYI(1, ("serverNOS=%s", ses->serverNOS));
331 if (strncmp(ses->serverNOS, "NT LAN Manager 4", 16) == 0) { 333 if (strncmp(ses->serverNOS, "NT LAN Manager 4", 16) == 0) {
332 cFYI(1, ("NT4 server")); 334 cFYI(1, ("NT4 server"));
333 ses->flags |= CIFS_SES_NT4; 335 ses->flags |= CIFS_SES_NT4;
@@ -343,12 +345,11 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
343 return rc; 345 return rc;
344 346
345 kfree(ses->serverDomain); 347 kfree(ses->serverDomain);
346 ses->serverDomain = kzalloc(2 * (len + 1), GFP_KERNEL); /* BB FIXME wrong length */ 348 ses->serverDomain = kzalloc((4 * len) + 2, GFP_KERNEL);
347 if (ses->serverDomain != NULL) { 349 if (ses->serverDomain != NULL) {
348 cifs_strfromUCS_le(ses->serverDomain, (__le16 *)data, len, 350 cifs_strfromUCS_le(ses->serverDomain, (__le16 *)data, len,
349 nls_cp); 351 nls_cp);
350 ses->serverDomain[2*len] = 0; 352 cFYI(1, ("serverDomain=%s", ses->serverDomain));
351 ses->serverDomain[(2*len) + 1] = 0;
352 } 353 }
353 data += 2 * (len + 1); 354 data += 2 * (len + 1);
354 words_left -= len + 1; 355 words_left -= len + 1;
@@ -702,12 +703,18 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
702 } 703 }
703 704
704 /* BB check if Unicode and decode strings */ 705 /* BB check if Unicode and decode strings */
705 if (smb_buf->Flags2 & SMBFLG2_UNICODE) 706 if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
707 /* unicode string area must be word-aligned */
708 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
709 ++bcc_ptr;
710 --bytes_remaining;
711 }
706 rc = decode_unicode_ssetup(&bcc_ptr, bytes_remaining, 712 rc = decode_unicode_ssetup(&bcc_ptr, bytes_remaining,
707 ses, nls_cp); 713 ses, nls_cp);
708 else 714 } else {
709 rc = decode_ascii_ssetup(&bcc_ptr, bytes_remaining, 715 rc = decode_ascii_ssetup(&bcc_ptr, bytes_remaining,
710 ses, nls_cp); 716 ses, nls_cp);
717 }
711 718
712ssetup_exit: 719ssetup_exit:
713 if (spnego_key) { 720 if (spnego_key) {
diff --git a/fs/compat.c b/fs/compat.c
index 3f84d5f15889..379a399bf5c3 100644
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -181,22 +181,24 @@ asmlinkage long compat_sys_newstat(char __user * filename,
181 struct compat_stat __user *statbuf) 181 struct compat_stat __user *statbuf)
182{ 182{
183 struct kstat stat; 183 struct kstat stat;
184 int error = vfs_stat_fd(AT_FDCWD, filename, &stat); 184 int error;
185 185
186 if (!error) 186 error = vfs_stat(filename, &stat);
187 error = cp_compat_stat(&stat, statbuf); 187 if (error)
188 return error; 188 return error;
189 return cp_compat_stat(&stat, statbuf);
189} 190}
190 191
191asmlinkage long compat_sys_newlstat(char __user * filename, 192asmlinkage long compat_sys_newlstat(char __user * filename,
192 struct compat_stat __user *statbuf) 193 struct compat_stat __user *statbuf)
193{ 194{
194 struct kstat stat; 195 struct kstat stat;
195 int error = vfs_lstat_fd(AT_FDCWD, filename, &stat); 196 int error;
196 197
197 if (!error) 198 error = vfs_lstat(filename, &stat);
198 error = cp_compat_stat(&stat, statbuf); 199 if (error)
199 return error; 200 return error;
201 return cp_compat_stat(&stat, statbuf);
200} 202}
201 203
202#ifndef __ARCH_WANT_STAT64 204#ifndef __ARCH_WANT_STAT64
@@ -204,21 +206,12 @@ asmlinkage long compat_sys_newfstatat(unsigned int dfd, char __user *filename,
204 struct compat_stat __user *statbuf, int flag) 206 struct compat_stat __user *statbuf, int flag)
205{ 207{
206 struct kstat stat; 208 struct kstat stat;
207 int error = -EINVAL; 209 int error;
208
209 if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0)
210 goto out;
211
212 if (flag & AT_SYMLINK_NOFOLLOW)
213 error = vfs_lstat_fd(dfd, filename, &stat);
214 else
215 error = vfs_stat_fd(dfd, filename, &stat);
216
217 if (!error)
218 error = cp_compat_stat(&stat, statbuf);
219 210
220out: 211 error = vfs_fstatat(dfd, filename, &stat, flag);
221 return error; 212 if (error)
213 return error;
214 return cp_compat_stat(&stat, statbuf);
222} 215}
223#endif 216#endif
224 217
diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
index 3e87ce443ea2..b83f6bcfa51a 100644
--- a/fs/compat_ioctl.c
+++ b/fs/compat_ioctl.c
@@ -58,7 +58,6 @@
58#include <linux/i2c.h> 58#include <linux/i2c.h>
59#include <linux/i2c-dev.h> 59#include <linux/i2c-dev.h>
60#include <linux/atalk.h> 60#include <linux/atalk.h>
61#include <linux/loop.h>
62 61
63#include <net/bluetooth/bluetooth.h> 62#include <net/bluetooth/bluetooth.h>
64#include <net/bluetooth/hci.h> 63#include <net/bluetooth/hci.h>
@@ -68,6 +67,7 @@
68#include <linux/gigaset_dev.h> 67#include <linux/gigaset_dev.h>
69 68
70#ifdef CONFIG_BLOCK 69#ifdef CONFIG_BLOCK
70#include <linux/loop.h>
71#include <scsi/scsi.h> 71#include <scsi/scsi.h>
72#include <scsi/scsi_ioctl.h> 72#include <scsi/scsi_ioctl.h>
73#include <scsi/sg.h> 73#include <scsi/sg.h>
@@ -2660,6 +2660,8 @@ HANDLE_IOCTL(SONET_GETFRAMING, do_atm_ioctl)
2660HANDLE_IOCTL(SONET_GETFRSENSE, do_atm_ioctl) 2660HANDLE_IOCTL(SONET_GETFRSENSE, do_atm_ioctl)
2661/* block stuff */ 2661/* block stuff */
2662#ifdef CONFIG_BLOCK 2662#ifdef CONFIG_BLOCK
2663/* loop */
2664IGNORE_IOCTL(LOOP_CLR_FD)
2663/* Raw devices */ 2665/* Raw devices */
2664HANDLE_IOCTL(RAW_SETBIND, raw_ioctl) 2666HANDLE_IOCTL(RAW_SETBIND, raw_ioctl)
2665HANDLE_IOCTL(RAW_GETBIND, raw_ioctl) 2667HANDLE_IOCTL(RAW_GETBIND, raw_ioctl)
@@ -2728,9 +2730,6 @@ HANDLE_IOCTL(LPSETTIMEOUT, lp_timeout_trans)
2728IGNORE_IOCTL(VFAT_IOCTL_READDIR_BOTH32) 2730IGNORE_IOCTL(VFAT_IOCTL_READDIR_BOTH32)
2729IGNORE_IOCTL(VFAT_IOCTL_READDIR_SHORT32) 2731IGNORE_IOCTL(VFAT_IOCTL_READDIR_SHORT32)
2730 2732
2731/* loop */
2732IGNORE_IOCTL(LOOP_CLR_FD)
2733
2734#ifdef CONFIG_SPARC 2733#ifdef CONFIG_SPARC
2735/* Sparc framebuffers, handled in sbusfb_compat_ioctl() */ 2734/* Sparc framebuffers, handled in sbusfb_compat_ioctl() */
2736IGNORE_IOCTL(FBIOGTYPE) 2735IGNORE_IOCTL(FBIOGTYPE)
diff --git a/fs/dcache.c b/fs/dcache.c
index 761d30be2683..1fcffebfb44f 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2149,7 +2149,6 @@ int is_subdir(struct dentry *new_dentry, struct dentry *old_dentry)
2149 int result; 2149 int result;
2150 unsigned long seq; 2150 unsigned long seq;
2151 2151
2152 /* FIXME: This is old behavior, needed? Please check callers. */
2153 if (new_dentry == old_dentry) 2152 if (new_dentry == old_dentry)
2154 return 1; 2153 return 1;
2155 2154
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
index a67fea655f49..dda3c58eefc0 100644
--- a/fs/ecryptfs/miscdev.c
+++ b/fs/ecryptfs/miscdev.c
@@ -418,18 +418,13 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf,
418 418
419 if (count == 0) 419 if (count == 0)
420 goto out; 420 goto out;
421 data = kmalloc(count, GFP_KERNEL); 421
422 if (!data) { 422 data = memdup_user(buf, count);
423 printk(KERN_ERR "%s: Out of memory whilst attempting to " 423 if (IS_ERR(data)) {
424 "kmalloc([%zd], GFP_KERNEL)\n", __func__, count); 424 printk(KERN_ERR "%s: memdup_user returned error [%ld]\n",
425 __func__, PTR_ERR(data));
425 goto out; 426 goto out;
426 } 427 }
427 rc = copy_from_user(data, buf, count);
428 if (rc) {
429 printk(KERN_ERR "%s: copy_from_user returned error [%d]\n",
430 __func__, rc);
431 goto out_free;
432 }
433 sz = count; 428 sz = count;
434 i = 0; 429 i = 0;
435 switch (data[i++]) { 430 switch (data[i++]) {
diff --git a/fs/filesystems.c b/fs/filesystems.c
index 1aa70260e6d1..a24c58e181db 100644
--- a/fs/filesystems.c
+++ b/fs/filesystems.c
@@ -199,7 +199,7 @@ SYSCALL_DEFINE3(sysfs, int, option, unsigned long, arg1, unsigned long, arg2)
199 return retval; 199 return retval;
200} 200}
201 201
202int get_filesystem_list(char * buf) 202int __init get_filesystem_list(char *buf)
203{ 203{
204 int len = 0; 204 int len = 0;
205 struct file_system_type * tmp; 205 struct file_system_type * tmp;
diff --git a/fs/namei.c b/fs/namei.c
index b8433ebfae05..78f253cd2d4f 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1248,6 +1248,8 @@ struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)
1248 int err; 1248 int err;
1249 struct qstr this; 1249 struct qstr this;
1250 1250
1251 WARN_ON_ONCE(!mutex_is_locked(&base->d_inode->i_mutex));
1252
1251 err = __lookup_one_len(name, &this, base, len); 1253 err = __lookup_one_len(name, &this, base, len);
1252 if (err) 1254 if (err)
1253 return ERR_PTR(err); 1255 return ERR_PTR(err);
diff --git a/fs/namespace.c b/fs/namespace.c
index c6f54e4c4290..41196209a906 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1377,7 +1377,7 @@ static int attach_recursive_mnt(struct vfsmount *source_mnt,
1377 if (parent_path) { 1377 if (parent_path) {
1378 detach_mnt(source_mnt, parent_path); 1378 detach_mnt(source_mnt, parent_path);
1379 attach_mnt(source_mnt, path); 1379 attach_mnt(source_mnt, path);
1380 touch_mnt_namespace(current->nsproxy->mnt_ns); 1380 touch_mnt_namespace(parent_path->mnt->mnt_ns);
1381 } else { 1381 } else {
1382 mnt_set_mountpoint(dest_mnt, dest_dentry, source_mnt); 1382 mnt_set_mountpoint(dest_mnt, dest_dentry, source_mnt);
1383 commit_tree(source_mnt); 1383 commit_tree(source_mnt);
@@ -1920,8 +1920,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
1920 if (data_page) 1920 if (data_page)
1921 ((char *)data_page)[PAGE_SIZE - 1] = 0; 1921 ((char *)data_page)[PAGE_SIZE - 1] = 0;
1922 1922
1923 /* Default to relatime */ 1923 /* Default to relatime unless overriden */
1924 mnt_flags |= MNT_RELATIME; 1924 if (!(flags & MS_NOATIME))
1925 mnt_flags |= MNT_RELATIME;
1925 1926
1926 /* Separate the per-mountpoint flags */ 1927 /* Separate the per-mountpoint flags */
1927 if (flags & MS_NOSUID) 1928 if (flags & MS_NOSUID)
diff --git a/fs/ncpfs/ioctl.c b/fs/ncpfs/ioctl.c
index f54360f50a9c..fa038df63ac8 100644
--- a/fs/ncpfs/ioctl.c
+++ b/fs/ncpfs/ioctl.c
@@ -660,13 +660,10 @@ outrel:
660 if (user.object_name_len > NCP_OBJECT_NAME_MAX_LEN) 660 if (user.object_name_len > NCP_OBJECT_NAME_MAX_LEN)
661 return -ENOMEM; 661 return -ENOMEM;
662 if (user.object_name_len) { 662 if (user.object_name_len) {
663 newname = kmalloc(user.object_name_len, GFP_USER); 663 newname = memdup_user(user.object_name,
664 if (!newname) 664 user.object_name_len);
665 return -ENOMEM; 665 if (IS_ERR(newname))
666 if (copy_from_user(newname, user.object_name, user.object_name_len)) { 666 return PTR_ERR(newname);
667 kfree(newname);
668 return -EFAULT;
669 }
670 } else { 667 } else {
671 newname = NULL; 668 newname = NULL;
672 } 669 }
@@ -760,13 +757,9 @@ outrel:
760 if (user.len > NCP_PRIVATE_DATA_MAX_LEN) 757 if (user.len > NCP_PRIVATE_DATA_MAX_LEN)
761 return -ENOMEM; 758 return -ENOMEM;
762 if (user.len) { 759 if (user.len) {
763 new = kmalloc(user.len, GFP_USER); 760 new = memdup_user(user.data, user.len);
764 if (!new) 761 if (IS_ERR(new))
765 return -ENOMEM; 762 return PTR_ERR(new);
766 if (copy_from_user(new, user.data, user.len)) {
767 kfree(new);
768 return -EFAULT;
769 }
770 } else { 763 } else {
771 new = NULL; 764 new = NULL;
772 } 765 }
diff --git a/fs/nfs/nfs3xdr.c b/fs/nfs/nfs3xdr.c
index e6a1932c7110..35869a4921f1 100644
--- a/fs/nfs/nfs3xdr.c
+++ b/fs/nfs/nfs3xdr.c
@@ -713,7 +713,8 @@ nfs3_xdr_setaclargs(struct rpc_rqst *req, __be32 *p,
713 if (args->npages != 0) 713 if (args->npages != 0)
714 xdr_encode_pages(buf, args->pages, 0, args->len); 714 xdr_encode_pages(buf, args->pages, 0, args->len);
715 else 715 else
716 req->rq_slen += args->len; 716 req->rq_slen = xdr_adjust_iovec(req->rq_svec,
717 p + XDR_QUADLEN(args->len));
717 718
718 err = nfsacl_encode(buf, base, args->inode, 719 err = nfsacl_encode(buf, base, args->inode,
719 (args->mask & NFS_ACL) ? 720 (args->mask & NFS_ACL) ?
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 3444c0052a87..5275097a7565 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -229,21 +229,23 @@ nfsd4_list_rec_dir(struct dentry *dir, recdir_func *f)
229 goto out; 229 goto out;
230 status = vfs_readdir(filp, nfsd4_build_namelist, &names); 230 status = vfs_readdir(filp, nfsd4_build_namelist, &names);
231 fput(filp); 231 fput(filp);
232 mutex_lock(&dir->d_inode->i_mutex);
232 while (!list_empty(&names)) { 233 while (!list_empty(&names)) {
233 entry = list_entry(names.next, struct name_list, list); 234 entry = list_entry(names.next, struct name_list, list);
234 235
235 dentry = lookup_one_len(entry->name, dir, HEXDIR_LEN-1); 236 dentry = lookup_one_len(entry->name, dir, HEXDIR_LEN-1);
236 if (IS_ERR(dentry)) { 237 if (IS_ERR(dentry)) {
237 status = PTR_ERR(dentry); 238 status = PTR_ERR(dentry);
238 goto out; 239 break;
239 } 240 }
240 status = f(dir, dentry); 241 status = f(dir, dentry);
241 dput(dentry); 242 dput(dentry);
242 if (status) 243 if (status)
243 goto out; 244 break;
244 list_del(&entry->list); 245 list_del(&entry->list);
245 kfree(entry); 246 kfree(entry);
246 } 247 }
248 mutex_unlock(&dir->d_inode->i_mutex);
247out: 249out:
248 while (!list_empty(&names)) { 250 while (!list_empty(&names)) {
249 entry = list_entry(names.next, struct name_list, list); 251 entry = list_entry(names.next, struct name_list, list);
@@ -255,36 +257,6 @@ out:
255} 257}
256 258
257static int 259static int
258nfsd4_remove_clid_file(struct dentry *dir, struct dentry *dentry)
259{
260 int status;
261
262 if (!S_ISREG(dir->d_inode->i_mode)) {
263 printk("nfsd4: non-file found in client recovery directory\n");
264 return -EINVAL;
265 }
266 mutex_lock_nested(&dir->d_inode->i_mutex, I_MUTEX_PARENT);
267 status = vfs_unlink(dir->d_inode, dentry);
268 mutex_unlock(&dir->d_inode->i_mutex);
269 return status;
270}
271
272static int
273nfsd4_clear_clid_dir(struct dentry *dir, struct dentry *dentry)
274{
275 int status;
276
277 /* For now this directory should already be empty, but we empty it of
278 * any regular files anyway, just in case the directory was created by
279 * a kernel from the future.... */
280 nfsd4_list_rec_dir(dentry, nfsd4_remove_clid_file);
281 mutex_lock_nested(&dir->d_inode->i_mutex, I_MUTEX_PARENT);
282 status = vfs_rmdir(dir->d_inode, dentry);
283 mutex_unlock(&dir->d_inode->i_mutex);
284 return status;
285}
286
287static int
288nfsd4_unlink_clid_dir(char *name, int namlen) 260nfsd4_unlink_clid_dir(char *name, int namlen)
289{ 261{
290 struct dentry *dentry; 262 struct dentry *dentry;
@@ -294,18 +266,18 @@ nfsd4_unlink_clid_dir(char *name, int namlen)
294 266
295 mutex_lock(&rec_dir.dentry->d_inode->i_mutex); 267 mutex_lock(&rec_dir.dentry->d_inode->i_mutex);
296 dentry = lookup_one_len(name, rec_dir.dentry, namlen); 268 dentry = lookup_one_len(name, rec_dir.dentry, namlen);
297 mutex_unlock(&rec_dir.dentry->d_inode->i_mutex);
298 if (IS_ERR(dentry)) { 269 if (IS_ERR(dentry)) {
299 status = PTR_ERR(dentry); 270 status = PTR_ERR(dentry);
300 return status; 271 goto out_unlock;
301 } 272 }
302 status = -ENOENT; 273 status = -ENOENT;
303 if (!dentry->d_inode) 274 if (!dentry->d_inode)
304 goto out; 275 goto out;
305 276 status = vfs_rmdir(rec_dir.dentry->d_inode, dentry);
306 status = nfsd4_clear_clid_dir(rec_dir.dentry, dentry);
307out: 277out:
308 dput(dentry); 278 dput(dentry);
279out_unlock:
280 mutex_unlock(&rec_dir.dentry->d_inode->i_mutex);
309 return status; 281 return status;
310} 282}
311 283
@@ -348,7 +320,7 @@ purge_old(struct dentry *parent, struct dentry *child)
348 if (nfs4_has_reclaimed_state(child->d_name.name, false)) 320 if (nfs4_has_reclaimed_state(child->d_name.name, false))
349 return 0; 321 return 0;
350 322
351 status = nfsd4_clear_clid_dir(parent, child); 323 status = vfs_rmdir(parent->d_inode, child);
352 if (status) 324 if (status)
353 printk("failed to remove client recovery directory %s\n", 325 printk("failed to remove client recovery directory %s\n",
354 child->d_name.name); 326 child->d_name.name);
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index ab93fcfef254..6c68ffd6b4bb 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -116,10 +116,15 @@ nfsd_cross_mnt(struct svc_rqst *rqstp, struct dentry **dpp,
116 } 116 }
117 if ((exp->ex_flags & NFSEXP_CROSSMOUNT) || EX_NOHIDE(exp2)) { 117 if ((exp->ex_flags & NFSEXP_CROSSMOUNT) || EX_NOHIDE(exp2)) {
118 /* successfully crossed mount point */ 118 /* successfully crossed mount point */
119 exp_put(exp); 119 /*
120 *expp = exp2; 120 * This is subtle: dentry is *not* under mnt at this point.
121 * The only reason we are safe is that original mnt is pinned
122 * down by exp, so we should dput before putting exp.
123 */
121 dput(dentry); 124 dput(dentry);
122 *dpp = mounts; 125 *dpp = mounts;
126 exp_put(exp);
127 *expp = exp2;
123 } else { 128 } else {
124 exp_put(exp2); 129 exp_put(exp2);
125 dput(mounts); 130 dput(mounts);
@@ -1885,8 +1890,8 @@ static int nfsd_buffered_filldir(void *__buf, const char *name, int namlen,
1885 return 0; 1890 return 0;
1886} 1891}
1887 1892
1888static int nfsd_buffered_readdir(struct file *file, filldir_t func, 1893static __be32 nfsd_buffered_readdir(struct file *file, filldir_t func,
1889 struct readdir_cd *cdp, loff_t *offsetp) 1894 struct readdir_cd *cdp, loff_t *offsetp)
1890{ 1895{
1891 struct readdir_data buf; 1896 struct readdir_data buf;
1892 struct buffered_dirent *de; 1897 struct buffered_dirent *de;
@@ -1896,11 +1901,12 @@ static int nfsd_buffered_readdir(struct file *file, filldir_t func,
1896 1901
1897 buf.dirent = (void *)__get_free_page(GFP_KERNEL); 1902 buf.dirent = (void *)__get_free_page(GFP_KERNEL);
1898 if (!buf.dirent) 1903 if (!buf.dirent)
1899 return -ENOMEM; 1904 return nfserrno(-ENOMEM);
1900 1905
1901 offset = *offsetp; 1906 offset = *offsetp;
1902 1907
1903 while (1) { 1908 while (1) {
1909 struct inode *dir_inode = file->f_path.dentry->d_inode;
1904 unsigned int reclen; 1910 unsigned int reclen;
1905 1911
1906 cdp->err = nfserr_eof; /* will be cleared on successful read */ 1912 cdp->err = nfserr_eof; /* will be cleared on successful read */
@@ -1919,26 +1925,38 @@ static int nfsd_buffered_readdir(struct file *file, filldir_t func,
1919 if (!size) 1925 if (!size)
1920 break; 1926 break;
1921 1927
1928 /*
1929 * Various filldir functions may end up calling back into
1930 * lookup_one_len() and the file system's ->lookup() method.
1931 * These expect i_mutex to be held, as it would within readdir.
1932 */
1933 host_err = mutex_lock_killable(&dir_inode->i_mutex);
1934 if (host_err)
1935 break;
1936
1922 de = (struct buffered_dirent *)buf.dirent; 1937 de = (struct buffered_dirent *)buf.dirent;
1923 while (size > 0) { 1938 while (size > 0) {
1924 offset = de->offset; 1939 offset = de->offset;
1925 1940
1926 if (func(cdp, de->name, de->namlen, de->offset, 1941 if (func(cdp, de->name, de->namlen, de->offset,
1927 de->ino, de->d_type)) 1942 de->ino, de->d_type))
1928 goto done; 1943 break;
1929 1944
1930 if (cdp->err != nfs_ok) 1945 if (cdp->err != nfs_ok)
1931 goto done; 1946 break;
1932 1947
1933 reclen = ALIGN(sizeof(*de) + de->namlen, 1948 reclen = ALIGN(sizeof(*de) + de->namlen,
1934 sizeof(u64)); 1949 sizeof(u64));
1935 size -= reclen; 1950 size -= reclen;
1936 de = (struct buffered_dirent *)((char *)de + reclen); 1951 de = (struct buffered_dirent *)((char *)de + reclen);
1937 } 1952 }
1953 mutex_unlock(&dir_inode->i_mutex);
1954 if (size > 0) /* We bailed out early */
1955 break;
1956
1938 offset = vfs_llseek(file, 0, SEEK_CUR); 1957 offset = vfs_llseek(file, 0, SEEK_CUR);
1939 } 1958 }
1940 1959
1941 done:
1942 free_page((unsigned long)(buf.dirent)); 1960 free_page((unsigned long)(buf.dirent));
1943 1961
1944 if (host_err) 1962 if (host_err)
diff --git a/fs/stat.c b/fs/stat.c
index 2db740a0cfb5..075694e31d8b 100644
--- a/fs/stat.c
+++ b/fs/stat.c
@@ -55,59 +55,54 @@ int vfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
55 55
56EXPORT_SYMBOL(vfs_getattr); 56EXPORT_SYMBOL(vfs_getattr);
57 57
58int vfs_stat_fd(int dfd, char __user *name, struct kstat *stat) 58int vfs_fstat(unsigned int fd, struct kstat *stat)
59{ 59{
60 struct path path; 60 struct file *f = fget(fd);
61 int error; 61 int error = -EBADF;
62 62
63 error = user_path_at(dfd, name, LOOKUP_FOLLOW, &path); 63 if (f) {
64 if (!error) { 64 error = vfs_getattr(f->f_path.mnt, f->f_path.dentry, stat);
65 error = vfs_getattr(path.mnt, path.dentry, stat); 65 fput(f);
66 path_put(&path);
67 } 66 }
68 return error; 67 return error;
69} 68}
69EXPORT_SYMBOL(vfs_fstat);
70 70
71int vfs_stat(char __user *name, struct kstat *stat) 71int vfs_fstatat(int dfd, char __user *filename, struct kstat *stat, int flag)
72{ 72{
73 return vfs_stat_fd(AT_FDCWD, name, stat); 73 struct path path;
74} 74 int error = -EINVAL;
75 int lookup_flags = 0;
75 76
76EXPORT_SYMBOL(vfs_stat); 77 if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0)
78 goto out;
77 79
78int vfs_lstat_fd(int dfd, char __user *name, struct kstat *stat) 80 if (!(flag & AT_SYMLINK_NOFOLLOW))
79{ 81 lookup_flags |= LOOKUP_FOLLOW;
80 struct path path;
81 int error;
82 82
83 error = user_path_at(dfd, name, 0, &path); 83 error = user_path_at(dfd, filename, lookup_flags, &path);
84 if (!error) { 84 if (error)
85 error = vfs_getattr(path.mnt, path.dentry, stat); 85 goto out;
86 path_put(&path); 86
87 } 87 error = vfs_getattr(path.mnt, path.dentry, stat);
88 path_put(&path);
89out:
88 return error; 90 return error;
89} 91}
92EXPORT_SYMBOL(vfs_fstatat);
90 93
91int vfs_lstat(char __user *name, struct kstat *stat) 94int vfs_stat(char __user *name, struct kstat *stat)
92{ 95{
93 return vfs_lstat_fd(AT_FDCWD, name, stat); 96 return vfs_fstatat(AT_FDCWD, name, stat, 0);
94} 97}
98EXPORT_SYMBOL(vfs_stat);
95 99
96EXPORT_SYMBOL(vfs_lstat); 100int vfs_lstat(char __user *name, struct kstat *stat)
97
98int vfs_fstat(unsigned int fd, struct kstat *stat)
99{ 101{
100 struct file *f = fget(fd); 102 return vfs_fstatat(AT_FDCWD, name, stat, AT_SYMLINK_NOFOLLOW);
101 int error = -EBADF;
102
103 if (f) {
104 error = vfs_getattr(f->f_path.mnt, f->f_path.dentry, stat);
105 fput(f);
106 }
107 return error;
108} 103}
104EXPORT_SYMBOL(vfs_lstat);
109 105
110EXPORT_SYMBOL(vfs_fstat);
111 106
112#ifdef __ARCH_WANT_OLD_STAT 107#ifdef __ARCH_WANT_OLD_STAT
113 108
@@ -155,23 +150,25 @@ static int cp_old_stat(struct kstat *stat, struct __old_kernel_stat __user * sta
155SYSCALL_DEFINE2(stat, char __user *, filename, struct __old_kernel_stat __user *, statbuf) 150SYSCALL_DEFINE2(stat, char __user *, filename, struct __old_kernel_stat __user *, statbuf)
156{ 151{
157 struct kstat stat; 152 struct kstat stat;
158 int error = vfs_stat_fd(AT_FDCWD, filename, &stat); 153 int error;
159 154
160 if (!error) 155 error = vfs_stat(filename, &stat);
161 error = cp_old_stat(&stat, statbuf); 156 if (error)
157 return error;
162 158
163 return error; 159 return cp_old_stat(&stat, statbuf);
164} 160}
165 161
166SYSCALL_DEFINE2(lstat, char __user *, filename, struct __old_kernel_stat __user *, statbuf) 162SYSCALL_DEFINE2(lstat, char __user *, filename, struct __old_kernel_stat __user *, statbuf)
167{ 163{
168 struct kstat stat; 164 struct kstat stat;
169 int error = vfs_lstat_fd(AT_FDCWD, filename, &stat); 165 int error;
170 166
171 if (!error) 167 error = vfs_lstat(filename, &stat);
172 error = cp_old_stat(&stat, statbuf); 168 if (error)
169 return error;
173 170
174 return error; 171 return cp_old_stat(&stat, statbuf);
175} 172}
176 173
177SYSCALL_DEFINE2(fstat, unsigned int, fd, struct __old_kernel_stat __user *, statbuf) 174SYSCALL_DEFINE2(fstat, unsigned int, fd, struct __old_kernel_stat __user *, statbuf)
@@ -240,23 +237,23 @@ static int cp_new_stat(struct kstat *stat, struct stat __user *statbuf)
240SYSCALL_DEFINE2(newstat, char __user *, filename, struct stat __user *, statbuf) 237SYSCALL_DEFINE2(newstat, char __user *, filename, struct stat __user *, statbuf)
241{ 238{
242 struct kstat stat; 239 struct kstat stat;
243 int error = vfs_stat_fd(AT_FDCWD, filename, &stat); 240 int error = vfs_stat(filename, &stat);
244
245 if (!error)
246 error = cp_new_stat(&stat, statbuf);
247 241
248 return error; 242 if (error)
243 return error;
244 return cp_new_stat(&stat, statbuf);
249} 245}
250 246
251SYSCALL_DEFINE2(newlstat, char __user *, filename, struct stat __user *, statbuf) 247SYSCALL_DEFINE2(newlstat, char __user *, filename, struct stat __user *, statbuf)
252{ 248{
253 struct kstat stat; 249 struct kstat stat;
254 int error = vfs_lstat_fd(AT_FDCWD, filename, &stat); 250 int error;
255 251
256 if (!error) 252 error = vfs_lstat(filename, &stat);
257 error = cp_new_stat(&stat, statbuf); 253 if (error)
254 return error;
258 255
259 return error; 256 return cp_new_stat(&stat, statbuf);
260} 257}
261 258
262#if !defined(__ARCH_WANT_STAT64) || defined(__ARCH_WANT_SYS_NEWFSTATAT) 259#if !defined(__ARCH_WANT_STAT64) || defined(__ARCH_WANT_SYS_NEWFSTATAT)
@@ -264,21 +261,12 @@ SYSCALL_DEFINE4(newfstatat, int, dfd, char __user *, filename,
264 struct stat __user *, statbuf, int, flag) 261 struct stat __user *, statbuf, int, flag)
265{ 262{
266 struct kstat stat; 263 struct kstat stat;
267 int error = -EINVAL; 264 int error;
268
269 if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0)
270 goto out;
271
272 if (flag & AT_SYMLINK_NOFOLLOW)
273 error = vfs_lstat_fd(dfd, filename, &stat);
274 else
275 error = vfs_stat_fd(dfd, filename, &stat);
276
277 if (!error)
278 error = cp_new_stat(&stat, statbuf);
279 265
280out: 266 error = vfs_fstatat(dfd, filename, &stat, flag);
281 return error; 267 if (error)
268 return error;
269 return cp_new_stat(&stat, statbuf);
282} 270}
283#endif 271#endif
284 272
@@ -404,21 +392,12 @@ SYSCALL_DEFINE4(fstatat64, int, dfd, char __user *, filename,
404 struct stat64 __user *, statbuf, int, flag) 392 struct stat64 __user *, statbuf, int, flag)
405{ 393{
406 struct kstat stat; 394 struct kstat stat;
407 int error = -EINVAL; 395 int error;
408
409 if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0)
410 goto out;
411
412 if (flag & AT_SYMLINK_NOFOLLOW)
413 error = vfs_lstat_fd(dfd, filename, &stat);
414 else
415 error = vfs_stat_fd(dfd, filename, &stat);
416
417 if (!error)
418 error = cp_new_stat64(&stat, statbuf);
419 396
420out: 397 error = vfs_fstatat(dfd, filename, &stat, flag);
421 return error; 398 if (error)
399 return error;
400 return cp_new_stat64(&stat, statbuf);
422} 401}
423#endif /* __ARCH_WANT_STAT64 */ 402#endif /* __ARCH_WANT_STAT64 */
424 403
diff --git a/fs/sysfs/bin.c b/fs/sysfs/bin.c
index 93e0c0281d45..9345806c8853 100644
--- a/fs/sysfs/bin.c
+++ b/fs/sysfs/bin.c
@@ -157,14 +157,9 @@ static ssize_t write(struct file *file, const char __user *userbuf,
157 count = size - offs; 157 count = size - offs;
158 } 158 }
159 159
160 temp = kmalloc(count, GFP_KERNEL); 160 temp = memdup_user(userbuf, count);
161 if (!temp) 161 if (IS_ERR(temp))
162 return -ENOMEM; 162 return PTR_ERR(temp);
163
164 if (copy_from_user(temp, userbuf, count)) {
165 count = -EFAULT;
166 goto out_free;
167 }
168 163
169 mutex_lock(&bb->mutex); 164 mutex_lock(&bb->mutex);
170 165
@@ -176,8 +171,6 @@ static ssize_t write(struct file *file, const char __user *userbuf,
176 if (count > 0) 171 if (count > 0)
177 *off = offs + count; 172 *off = offs + count;
178 173
179out_free:
180 kfree(temp);
181 return count; 174 return count;
182} 175}
183 176
diff --git a/fs/xattr.c b/fs/xattr.c
index 197c4fcac032..d51b8f9db921 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -237,13 +237,9 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value,
237 if (size) { 237 if (size) {
238 if (size > XATTR_SIZE_MAX) 238 if (size > XATTR_SIZE_MAX)
239 return -E2BIG; 239 return -E2BIG;
240 kvalue = kmalloc(size, GFP_KERNEL); 240 kvalue = memdup_user(value, size);
241 if (!kvalue) 241 if (IS_ERR(kvalue))
242 return -ENOMEM; 242 return PTR_ERR(kvalue);
243 if (copy_from_user(kvalue, value, size)) {
244 kfree(kvalue);
245 return -EFAULT;
246 }
247 } 243 }
248 244
249 error = vfs_setxattr(d, kname, kvalue, size, flags); 245 error = vfs_setxattr(d, kname, kvalue, size, flags);
diff --git a/fs/xfs/linux-2.6/xfs_ioctl.c b/fs/xfs/linux-2.6/xfs_ioctl.c
index d0b499418a7d..34eaab608e6e 100644
--- a/fs/xfs/linux-2.6/xfs_ioctl.c
+++ b/fs/xfs/linux-2.6/xfs_ioctl.c
@@ -489,17 +489,12 @@ xfs_attrmulti_attr_set(
489 if (len > XATTR_SIZE_MAX) 489 if (len > XATTR_SIZE_MAX)
490 return EINVAL; 490 return EINVAL;
491 491
492 kbuf = kmalloc(len, GFP_KERNEL); 492 kbuf = memdup_user(ubuf, len);
493 if (!kbuf) 493 if (IS_ERR(kbuf))
494 return ENOMEM; 494 return PTR_ERR(kbuf);
495
496 if (copy_from_user(kbuf, ubuf, len))
497 goto out_kfree;
498 495
499 error = xfs_attr_set(XFS_I(inode), name, kbuf, len, flags); 496 error = xfs_attr_set(XFS_I(inode), name, kbuf, len, flags);
500 497
501 out_kfree:
502 kfree(kbuf);
503 return error; 498 return error;
504} 499}
505 500
@@ -540,20 +535,16 @@ xfs_attrmulti_by_handle(
540 if (!size || size > 16 * PAGE_SIZE) 535 if (!size || size > 16 * PAGE_SIZE)
541 goto out_dput; 536 goto out_dput;
542 537
543 error = ENOMEM; 538 ops = memdup_user(am_hreq.ops, size);
544 ops = kmalloc(size, GFP_KERNEL); 539 if (IS_ERR(ops)) {
545 if (!ops) 540 error = PTR_ERR(ops);
546 goto out_dput; 541 goto out_dput;
547 542 }
548 error = EFAULT;
549 if (copy_from_user(ops, am_hreq.ops, size))
550 goto out_kfree_ops;
551 543
552 attr_name = kmalloc(MAXNAMELEN, GFP_KERNEL); 544 attr_name = kmalloc(MAXNAMELEN, GFP_KERNEL);
553 if (!attr_name) 545 if (!attr_name)
554 goto out_kfree_ops; 546 goto out_kfree_ops;
555 547
556
557 error = 0; 548 error = 0;
558 for (i = 0; i < am_hreq.opcount; i++) { 549 for (i = 0; i < am_hreq.opcount; i++) {
559 ops[i].am_error = strncpy_from_user(attr_name, 550 ops[i].am_error = strncpy_from_user(attr_name,
diff --git a/fs/xfs/linux-2.6/xfs_ioctl32.c b/fs/xfs/linux-2.6/xfs_ioctl32.c
index c70c4e3db790..0882d166239a 100644
--- a/fs/xfs/linux-2.6/xfs_ioctl32.c
+++ b/fs/xfs/linux-2.6/xfs_ioctl32.c
@@ -427,20 +427,16 @@ xfs_compat_attrmulti_by_handle(
427 if (!size || size > 16 * PAGE_SIZE) 427 if (!size || size > 16 * PAGE_SIZE)
428 goto out_dput; 428 goto out_dput;
429 429
430 error = ENOMEM; 430 ops = memdup_user(compat_ptr(am_hreq.ops), size);
431 ops = kmalloc(size, GFP_KERNEL); 431 if (IS_ERR(ops)) {
432 if (!ops) 432 error = PTR_ERR(ops);
433 goto out_dput; 433 goto out_dput;
434 434 }
435 error = EFAULT;
436 if (copy_from_user(ops, compat_ptr(am_hreq.ops), size))
437 goto out_kfree_ops;
438 435
439 attr_name = kmalloc(MAXNAMELEN, GFP_KERNEL); 436 attr_name = kmalloc(MAXNAMELEN, GFP_KERNEL);
440 if (!attr_name) 437 if (!attr_name)
441 goto out_kfree_ops; 438 goto out_kfree_ops;
442 439
443
444 error = 0; 440 error = 0;
445 for (i = 0; i < am_hreq.opcount; i++) { 441 for (i = 0; i < am_hreq.opcount; i++) {
446 ops[i].am_error = strncpy_from_user(attr_name, 442 ops[i].am_error = strncpy_from_user(attr_name,
diff --git a/include/linux/fs.h b/include/linux/fs.h
index e766be0d4329..5bed436f4353 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2299,9 +2299,8 @@ extern int vfs_readdir(struct file *, filldir_t, void *);
2299 2299
2300extern int vfs_stat(char __user *, struct kstat *); 2300extern int vfs_stat(char __user *, struct kstat *);
2301extern int vfs_lstat(char __user *, struct kstat *); 2301extern int vfs_lstat(char __user *, struct kstat *);
2302extern int vfs_stat_fd(int dfd, char __user *, struct kstat *);
2303extern int vfs_lstat_fd(int dfd, char __user *, struct kstat *);
2304extern int vfs_fstat(unsigned int, struct kstat *); 2302extern int vfs_fstat(unsigned int, struct kstat *);
2303extern int vfs_fstatat(int , char __user *, struct kstat *, int);
2305 2304
2306extern int do_vfs_ioctl(struct file *filp, unsigned int fd, unsigned int cmd, 2305extern int do_vfs_ioctl(struct file *filp, unsigned int fd, unsigned int cmd,
2307 unsigned long arg); 2306 unsigned long arg);
@@ -2449,7 +2448,7 @@ struct ctl_table;
2449int proc_nr_files(struct ctl_table *table, int write, struct file *filp, 2448int proc_nr_files(struct ctl_table *table, int write, struct file *filp,
2450 void __user *buffer, size_t *lenp, loff_t *ppos); 2449 void __user *buffer, size_t *lenp, loff_t *ppos);
2451 2450
2452int get_filesystem_list(char * buf); 2451int __init get_filesystem_list(char *buf);
2453 2452
2454#endif /* __KERNEL__ */ 2453#endif /* __KERNEL__ */
2455#endif /* _LINUX_FS_H */ 2454#endif /* _LINUX_FS_H */
diff --git a/include/linux/reiserfs_fs_sb.h b/include/linux/reiserfs_fs_sb.h
index 5621d87c4479..6b361d23a499 100644
--- a/include/linux/reiserfs_fs_sb.h
+++ b/include/linux/reiserfs_fs_sb.h
@@ -193,7 +193,7 @@ struct reiserfs_journal {
193 atomic_t j_wcount; /* count of writers for current commit */ 193 atomic_t j_wcount; /* count of writers for current commit */
194 unsigned long j_bcount; /* batch count. allows turning X transactions into 1 */ 194 unsigned long j_bcount; /* batch count. allows turning X transactions into 1 */
195 unsigned long j_first_unflushed_offset; /* first unflushed transactions offset */ 195 unsigned long j_first_unflushed_offset; /* first unflushed transactions offset */
196 unsigned long j_last_flush_trans_id; /* last fully flushed journal timestamp */ 196 unsigned j_last_flush_trans_id; /* last fully flushed journal timestamp */
197 struct buffer_head *j_header_bh; 197 struct buffer_head *j_header_bh;
198 198
199 time_t j_trans_start_time; /* time this transaction started */ 199 time_t j_trans_start_time; /* time this transaction started */
diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
index 262a8dccfa81..167c33361d9c 100644
--- a/include/linux/seccomp.h
+++ b/include/linux/seccomp.h
@@ -21,6 +21,8 @@ extern long prctl_set_seccomp(unsigned long);
21 21
22#else /* CONFIG_SECCOMP */ 22#else /* CONFIG_SECCOMP */
23 23
24#include <linux/errno.h>
25
24typedef struct { } seccomp_t; 26typedef struct { } seccomp_t;
25 27
26#define secure_computing(x) do { } while (0) 28#define secure_computing(x) do { } while (0)
diff --git a/include/linux/suspend.h b/include/linux/suspend.h
index 3e3a4364cbff..795032edfc46 100644
--- a/include/linux/suspend.h
+++ b/include/linux/suspend.h
@@ -58,10 +58,17 @@ typedef int __bitwise suspend_state_t;
58 * by @begin(). 58 * by @begin().
59 * @prepare() is called right after devices have been suspended (ie. the 59 * @prepare() is called right after devices have been suspended (ie. the
60 * appropriate .suspend() method has been executed for each device) and 60 * appropriate .suspend() method has been executed for each device) and
61 * before the nonboot CPUs are disabled (it is executed with IRQs enabled). 61 * before device drivers' late suspend callbacks are executed. It returns
62 * This callback is optional. It returns 0 on success or a negative 62 * 0 on success or a negative error code otherwise, in which case the
63 * error code otherwise, in which case the system cannot enter the desired 63 * system cannot enter the desired sleep state (@prepare_late(), @enter(),
64 * sleep state (@enter() and @finish() will not be called in that case). 64 * @wake(), and @finish() will not be called in that case).
65 *
66 * @prepare_late: Finish preparing the platform for entering the system sleep
67 * state indicated by @begin().
68 * @prepare_late is called before disabling nonboot CPUs and after
69 * device drivers' late suspend callbacks have been executed. It returns
70 * 0 on success or a negative error code otherwise, in which case the
71 * system cannot enter the desired sleep state (@enter() and @wake()).
65 * 72 *
66 * @enter: Enter the system sleep state indicated by @begin() or represented by 73 * @enter: Enter the system sleep state indicated by @begin() or represented by
67 * the argument if @begin() is not implemented. 74 * the argument if @begin() is not implemented.
@@ -69,19 +76,26 @@ typedef int __bitwise suspend_state_t;
69 * error code otherwise, in which case the system cannot enter the desired 76 * error code otherwise, in which case the system cannot enter the desired
70 * sleep state. 77 * sleep state.
71 * 78 *
72 * @finish: Called when the system has just left a sleep state, right after 79 * @wake: Called when the system has just left a sleep state, right after
73 * the nonboot CPUs have been enabled and before devices are resumed (it is 80 * the nonboot CPUs have been enabled and before device drivers' early
74 * executed with IRQs enabled). 81 * resume callbacks are executed.
82 * This callback is optional, but should be implemented by the platforms
83 * that implement @prepare_late(). If implemented, it is always called
84 * after @enter(), even if @enter() fails.
85 *
86 * @finish: Finish wake-up of the platform.
87 * @finish is called right prior to calling device drivers' regular suspend
88 * callbacks.
75 * This callback is optional, but should be implemented by the platforms 89 * This callback is optional, but should be implemented by the platforms
76 * that implement @prepare(). If implemented, it is always called after 90 * that implement @prepare(). If implemented, it is always called after
77 * @enter() (even if @enter() fails). 91 * @enter() and @wake(), if implemented, even if any of them fails.
78 * 92 *
79 * @end: Called by the PM core right after resuming devices, to indicate to 93 * @end: Called by the PM core right after resuming devices, to indicate to
80 * the platform that the system has returned to the working state or 94 * the platform that the system has returned to the working state or
81 * the transition to the sleep state has been aborted. 95 * the transition to the sleep state has been aborted.
82 * This callback is optional, but should be implemented by the platforms 96 * This callback is optional, but should be implemented by the platforms
83 * that implement @begin(), but platforms implementing @begin() should 97 * that implement @begin(). Accordingly, platforms implementing @begin()
84 * also provide a @end() which cleans up transitions aborted before 98 * should also provide a @end() which cleans up transitions aborted before
85 * @enter(). 99 * @enter().
86 * 100 *
87 * @recover: Recover the platform from a suspend failure. 101 * @recover: Recover the platform from a suspend failure.
@@ -93,7 +107,9 @@ struct platform_suspend_ops {
93 int (*valid)(suspend_state_t state); 107 int (*valid)(suspend_state_t state);
94 int (*begin)(suspend_state_t state); 108 int (*begin)(suspend_state_t state);
95 int (*prepare)(void); 109 int (*prepare)(void);
110 int (*prepare_late)(void);
96 int (*enter)(suspend_state_t state); 111 int (*enter)(suspend_state_t state);
112 void (*wake)(void);
97 void (*finish)(void); 113 void (*finish)(void);
98 void (*end)(void); 114 void (*end)(void);
99 void (*recover)(void); 115 void (*recover)(void);
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index dabe4ad89141..40617c1d8976 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -148,7 +148,7 @@ struct old_linux_dirent;
148 asm ("\t.globl " #alias "\n\t.set " #alias ", " #name "\n" \ 148 asm ("\t.globl " #alias "\n\t.set " #alias ", " #name "\n" \
149 "\t.globl ." #alias "\n\t.set ." #alias ", ." #name) 149 "\t.globl ." #alias "\n\t.set ." #alias ", ." #name)
150#else 150#else
151#ifdef CONFIG_ALPHA 151#if defined(CONFIG_ALPHA) || defined(CONFIG_MIPS)
152#define SYSCALL_ALIAS(alias, name) \ 152#define SYSCALL_ALIAS(alias, name) \
153 asm ( #alias " = " #name "\n\t.globl " #alias) 153 asm ( #alias " = " #name "\n\t.globl " #alias)
154#else 154#else
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 917ab9525568..6e7351739a82 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -734,9 +734,6 @@ int audit_tag_tree(char *old, char *new)
734 dentry = dget(path.dentry); 734 dentry = dget(path.dentry);
735 path_put(&path); 735 path_put(&path);
736 736
737 if (dentry == tagged->mnt_root && dentry == mnt->mnt_root)
738 follow_up(&mnt, &dentry);
739
740 list_add_tail(&list, &tagged->mnt_list); 737 list_add_tail(&list, &tagged->mnt_list);
741 738
742 mutex_lock(&audit_filter_mutex); 739 mutex_lock(&audit_filter_mutex);
diff --git a/kernel/power/main.c b/kernel/power/main.c
index f172f41858bb..f99ed6a75eac 100644
--- a/kernel/power/main.c
+++ b/kernel/power/main.c
@@ -291,20 +291,26 @@ static int suspend_enter(suspend_state_t state)
291 291
292 device_pm_lock(); 292 device_pm_lock();
293 293
294 if (suspend_ops->prepare) {
295 error = suspend_ops->prepare();
296 if (error)
297 goto Done;
298 }
299
294 error = device_power_down(PMSG_SUSPEND); 300 error = device_power_down(PMSG_SUSPEND);
295 if (error) { 301 if (error) {
296 printk(KERN_ERR "PM: Some devices failed to power down\n"); 302 printk(KERN_ERR "PM: Some devices failed to power down\n");
297 goto Done; 303 goto Platfrom_finish;
298 } 304 }
299 305
300 if (suspend_ops->prepare) { 306 if (suspend_ops->prepare_late) {
301 error = suspend_ops->prepare(); 307 error = suspend_ops->prepare_late();
302 if (error) 308 if (error)
303 goto Power_up_devices; 309 goto Power_up_devices;
304 } 310 }
305 311
306 if (suspend_test(TEST_PLATFORM)) 312 if (suspend_test(TEST_PLATFORM))
307 goto Platfrom_finish; 313 goto Platform_wake;
308 314
309 error = disable_nonboot_cpus(); 315 error = disable_nonboot_cpus();
310 if (error || suspend_test(TEST_CPUS)) 316 if (error || suspend_test(TEST_CPUS))
@@ -326,13 +332,17 @@ static int suspend_enter(suspend_state_t state)
326 Enable_cpus: 332 Enable_cpus:
327 enable_nonboot_cpus(); 333 enable_nonboot_cpus();
328 334
329 Platfrom_finish: 335 Platform_wake:
330 if (suspend_ops->finish) 336 if (suspend_ops->wake)
331 suspend_ops->finish(); 337 suspend_ops->wake();
332 338
333 Power_up_devices: 339 Power_up_devices:
334 device_power_up(PMSG_RESUME); 340 device_power_up(PMSG_RESUME);
335 341
342 Platfrom_finish:
343 if (suspend_ops->finish)
344 suspend_ops->finish();
345
336 Done: 346 Done:
337 device_pm_unlock(); 347 device_pm_unlock();
338 348
diff --git a/kernel/resource.c b/kernel/resource.c
index fd5d7d574bb9..ac5f3a36923f 100644
--- a/kernel/resource.c
+++ b/kernel/resource.c
@@ -533,43 +533,21 @@ static void __init __reserve_region_with_split(struct resource *root,
533 res->end = end; 533 res->end = end;
534 res->flags = IORESOURCE_BUSY; 534 res->flags = IORESOURCE_BUSY;
535 535
536 for (;;) { 536 conflict = __request_resource(parent, res);
537 conflict = __request_resource(parent, res); 537 if (!conflict)
538 if (!conflict) 538 return;
539 break;
540 if (conflict != parent) {
541 parent = conflict;
542 if (!(conflict->flags & IORESOURCE_BUSY))
543 continue;
544 }
545
546 /* Uhhuh, that didn't work out.. */
547 kfree(res);
548 res = NULL;
549 break;
550 }
551
552 if (!res) {
553 /* failed, split and try again */
554
555 /* conflict covered whole area */
556 if (conflict->start <= start && conflict->end >= end)
557 return;
558 539
559 if (conflict->start > start) 540 /* failed, split and try again */
560 __reserve_region_with_split(root, start, conflict->start-1, name); 541 kfree(res);
561 if (!(conflict->flags & IORESOURCE_BUSY)) {
562 resource_size_t common_start, common_end;
563 542
564 common_start = max(conflict->start, start); 543 /* conflict covered whole area */
565 common_end = min(conflict->end, end); 544 if (conflict->start <= start && conflict->end >= end)
566 if (common_start < common_end) 545 return;
567 __reserve_region_with_split(root, common_start, common_end, name);
568 }
569 if (conflict->end < end)
570 __reserve_region_with_split(root, conflict->end+1, end, name);
571 }
572 546
547 if (conflict->start > start)
548 __reserve_region_with_split(root, start, conflict->start-1, name);
549 if (conflict->end < end)
550 __reserve_region_with_split(root, conflict->end+1, end, name);
573} 551}
574 552
575void __init reserve_region_with_split(struct resource *root, 553void __init reserve_region_with_split(struct resource *root,
diff --git a/lib/kobject.c b/lib/kobject.c
index a6dec32f2ddd..bacf6fe4f7a0 100644
--- a/lib/kobject.c
+++ b/lib/kobject.c
@@ -218,6 +218,9 @@ int kobject_set_name_vargs(struct kobject *kobj, const char *fmt,
218 const char *old_name = kobj->name; 218 const char *old_name = kobj->name;
219 char *s; 219 char *s;
220 220
221 if (kobj->name && !fmt)
222 return 0;
223
221 kobj->name = kvasprintf(GFP_KERNEL, fmt, vargs); 224 kobj->name = kvasprintf(GFP_KERNEL, fmt, vargs);
222 if (!kobj->name) 225 if (!kobj->name)
223 return -ENOMEM; 226 return -ENOMEM;
diff --git a/mm/vmscan.c b/mm/vmscan.c
index 39fdfb14eeaa..99155b7b8123 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -2088,13 +2088,13 @@ static void shrink_all_zones(unsigned long nr_pages, int prio,
2088 nr_reclaimed += shrink_list(l, nr_to_scan, zone, 2088 nr_reclaimed += shrink_list(l, nr_to_scan, zone,
2089 sc, prio); 2089 sc, prio);
2090 if (nr_reclaimed >= nr_pages) { 2090 if (nr_reclaimed >= nr_pages) {
2091 sc->nr_reclaimed = nr_reclaimed; 2091 sc->nr_reclaimed += nr_reclaimed;
2092 return; 2092 return;
2093 } 2093 }
2094 } 2094 }
2095 } 2095 }
2096 } 2096 }
2097 sc->nr_reclaimed = nr_reclaimed; 2097 sc->nr_reclaimed += nr_reclaimed;
2098} 2098}
2099 2099
2100/* 2100/*
@@ -2115,6 +2115,7 @@ unsigned long shrink_all_memory(unsigned long nr_pages)
2115 .may_unmap = 0, 2115 .may_unmap = 0,
2116 .may_writepage = 1, 2116 .may_writepage = 1,
2117 .isolate_pages = isolate_pages_global, 2117 .isolate_pages = isolate_pages_global,
2118 .nr_reclaimed = 0,
2118 }; 2119 };
2119 2120
2120 current->reclaim_state = &reclaim_state; 2121 current->reclaim_state = &reclaim_state;
diff --git a/scripts/Makefile.build b/scripts/Makefile.build
index 39a9642927d3..5c4b7a400c18 100644
--- a/scripts/Makefile.build
+++ b/scripts/Makefile.build
@@ -27,6 +27,9 @@ ccflags-y :=
27cppflags-y := 27cppflags-y :=
28ldflags-y := 28ldflags-y :=
29 29
30subdir-asflags-y :=
31subdir-ccflags-y :=
32
30# Read auto.conf if it exists, otherwise ignore 33# Read auto.conf if it exists, otherwise ignore
31-include include/config/auto.conf 34-include include/config/auto.conf
32 35
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index 979619574f70..cba61ca403ca 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -4,6 +4,11 @@ ccflags-y += $(EXTRA_CFLAGS)
4cppflags-y += $(EXTRA_CPPFLAGS) 4cppflags-y += $(EXTRA_CPPFLAGS)
5ldflags-y += $(EXTRA_LDFLAGS) 5ldflags-y += $(EXTRA_LDFLAGS)
6 6
7#
8# flags that take effect in sub directories
9export KBUILD_SUBDIR_ASFLAGS := $(KBUILD_SUBDIR_ASFLAGS) $(subdir-asflags-y)
10export KBUILD_SUBDIR_CCFLAGS := $(KBUILD_SUBDIR_CCFLAGS) $(subdir-ccflags-y)
11
7# Figure out what we need to build from the various variables 12# Figure out what we need to build from the various variables
8# =========================================================================== 13# ===========================================================================
9 14
@@ -104,10 +109,10 @@ else
104debug_flags = 109debug_flags =
105endif 110endif
106 111
107orig_c_flags = $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) \ 112orig_c_flags = $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) $(KBUILD_SUBDIR_CCFLAGS) \
108 $(ccflags-y) $(CFLAGS_$(basetarget).o) 113 $(ccflags-y) $(CFLAGS_$(basetarget).o)
109_c_flags = $(filter-out $(CFLAGS_REMOVE_$(basetarget).o), $(orig_c_flags)) 114_c_flags = $(filter-out $(CFLAGS_REMOVE_$(basetarget).o), $(orig_c_flags))
110_a_flags = $(KBUILD_CPPFLAGS) $(KBUILD_AFLAGS) \ 115_a_flags = $(KBUILD_CPPFLAGS) $(KBUILD_AFLAGS) $(KBUILD_SUBDIR_ASFLAGS) \
111 $(asflags-y) $(AFLAGS_$(basetarget).o) 116 $(asflags-y) $(AFLAGS_$(basetarget).o)
112_cpp_flags = $(KBUILD_CPPFLAGS) $(cppflags-y) $(CPPFLAGS_$(@F)) 117_cpp_flags = $(KBUILD_CPPFLAGS) $(cppflags-y) $(CPPFLAGS_$(@F))
113 118
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 921514902eca..98b3195347ab 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -609,8 +609,12 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name,
609 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 609 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
610 if (!capable(CAP_MAC_ADMIN)) 610 if (!capable(CAP_MAC_ADMIN))
611 rc = -EPERM; 611 rc = -EPERM;
612 /* a label cannot be void and cannot begin with '-' */ 612 /*
613 if (size == 0 || (size > 0 && ((char *)value)[0] == '-')) 613 * check label validity here so import wont fail on
614 * post_setxattr
615 */
616 if (size == 0 || size >= SMK_LABELLEN ||
617 smk_import(value, size) == NULL)
614 rc = -EINVAL; 618 rc = -EINVAL;
615 } else 619 } else
616 rc = cap_inode_setxattr(dentry, name, value, size, flags); 620 rc = cap_inode_setxattr(dentry, name, value, size, flags);
@@ -644,9 +648,6 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
644 if (strcmp(name, XATTR_NAME_SMACK)) 648 if (strcmp(name, XATTR_NAME_SMACK))
645 return; 649 return;
646 650
647 if (size >= SMK_LABELLEN)
648 return;
649
650 isp = dentry->d_inode->i_security; 651 isp = dentry->d_inode->i_security;
651 652
652 /* 653 /*
diff --git a/sound/pci/emu10k1/io.c b/sound/pci/emu10k1/io.c
index 4bfc31d1b281..c1a5aa15af8f 100644
--- a/sound/pci/emu10k1/io.c
+++ b/sound/pci/emu10k1/io.c
@@ -490,7 +490,7 @@ void snd_emu10k1_wait(struct snd_emu10k1 *emu, unsigned int wait)
490 if (newtime != curtime) 490 if (newtime != curtime)
491 break; 491 break;
492 } 492 }
493 if (count >= 16384) 493 if (count > 16384)
494 break; 494 break;
495 curtime = newtime; 495 curtime = newtime;
496 } 496 }
diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
index fd6e6f337d10..8820faf6c9d8 100644
--- a/sound/pci/hda/hda_codec.c
+++ b/sound/pci/hda/hda_codec.c
@@ -642,19 +642,21 @@ static int get_codec_name(struct hda_codec *codec)
642 */ 642 */
643static void /*__devinit*/ setup_fg_nodes(struct hda_codec *codec) 643static void /*__devinit*/ setup_fg_nodes(struct hda_codec *codec)
644{ 644{
645 int i, total_nodes; 645 int i, total_nodes, function_id;
646 hda_nid_t nid; 646 hda_nid_t nid;
647 647
648 total_nodes = snd_hda_get_sub_nodes(codec, AC_NODE_ROOT, &nid); 648 total_nodes = snd_hda_get_sub_nodes(codec, AC_NODE_ROOT, &nid);
649 for (i = 0; i < total_nodes; i++, nid++) { 649 for (i = 0; i < total_nodes; i++, nid++) {
650 codec->function_id = snd_hda_param_read(codec, nid, 650 function_id = snd_hda_param_read(codec, nid,
651 AC_PAR_FUNCTION_TYPE) & 0xff; 651 AC_PAR_FUNCTION_TYPE) & 0xff;
652 switch (codec->function_id) { 652 switch (function_id) {
653 case AC_GRP_AUDIO_FUNCTION: 653 case AC_GRP_AUDIO_FUNCTION:
654 codec->afg = nid; 654 codec->afg = nid;
655 codec->function_id = function_id;
655 break; 656 break;
656 case AC_GRP_MODEM_FUNCTION: 657 case AC_GRP_MODEM_FUNCTION:
657 codec->mfg = nid; 658 codec->mfg = nid;
659 codec->function_id = function_id;
658 break; 660 break;
659 default: 661 default:
660 break; 662 break;
diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
index bc882f8f163c..21e99cfa8c49 100644
--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
@@ -312,7 +312,6 @@ struct azx_dev {
312 unsigned int period_bytes; /* size of the period in bytes */ 312 unsigned int period_bytes; /* size of the period in bytes */
313 unsigned int frags; /* number for period in the play buffer */ 313 unsigned int frags; /* number for period in the play buffer */
314 unsigned int fifo_size; /* FIFO size */ 314 unsigned int fifo_size; /* FIFO size */
315 unsigned int start_flag: 1; /* stream full start flag */
316 unsigned long start_jiffies; /* start + minimum jiffies */ 315 unsigned long start_jiffies; /* start + minimum jiffies */
317 unsigned long min_jiffies; /* minimum jiffies before position is valid */ 316 unsigned long min_jiffies; /* minimum jiffies before position is valid */
318 317
@@ -333,6 +332,7 @@ struct azx_dev {
333 unsigned int opened :1; 332 unsigned int opened :1;
334 unsigned int running :1; 333 unsigned int running :1;
335 unsigned int irq_pending :1; 334 unsigned int irq_pending :1;
335 unsigned int start_flag: 1; /* stream full start flag */
336 /* 336 /*
337 * For VIA: 337 * For VIA:
338 * A flag to ensure DMA position is 0 338 * A flag to ensure DMA position is 0
diff --git a/sound/pci/hda/patch_analog.c b/sound/pci/hda/patch_analog.c
index 38ad3f7b040f..9bcd8ab5a27f 100644
--- a/sound/pci/hda/patch_analog.c
+++ b/sound/pci/hda/patch_analog.c
@@ -3977,6 +3977,14 @@ static int patch_ad1884a(struct hda_codec *codec)
3977 spec->input_mux = &ad1884a_laptop_capture_source; 3977 spec->input_mux = &ad1884a_laptop_capture_source;
3978 codec->patch_ops.unsol_event = ad1884a_hp_unsol_event; 3978 codec->patch_ops.unsol_event = ad1884a_hp_unsol_event;
3979 codec->patch_ops.init = ad1884a_hp_init; 3979 codec->patch_ops.init = ad1884a_hp_init;
3980 /* set the upper-limit for mixer amp to 0dB for avoiding the
3981 * possible damage by overloading
3982 */
3983 snd_hda_override_amp_caps(codec, 0x20, HDA_INPUT,
3984 (0x17 << AC_AMPCAP_OFFSET_SHIFT) |
3985 (0x17 << AC_AMPCAP_NUM_STEPS_SHIFT) |
3986 (0x05 << AC_AMPCAP_STEP_SIZE_SHIFT) |
3987 (1 << AC_AMPCAP_MUTE_SHIFT));
3980 break; 3988 break;
3981 case AD1884A_MOBILE: 3989 case AD1884A_MOBILE:
3982 spec->mixers[0] = ad1884a_mobile_mixers; 3990 spec->mixers[0] = ad1884a_mobile_mixers;
diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
index ce30b459aee6..917bc5d3ac2c 100644
--- a/sound/pci/hda/patch_sigmatel.c
+++ b/sound/pci/hda/patch_sigmatel.c
@@ -3076,6 +3076,11 @@ static int create_multi_out_ctls(struct hda_codec *codec, int num_outs,
3076 unsigned int wid_caps; 3076 unsigned int wid_caps;
3077 3077
3078 for (i = 0; i < num_outs && i < ARRAY_SIZE(chname); i++) { 3078 for (i = 0; i < num_outs && i < ARRAY_SIZE(chname); i++) {
3079 if (type == AUTO_PIN_HP_OUT && !spec->hp_detect) {
3080 wid_caps = get_wcaps(codec, pins[i]);
3081 if (wid_caps & AC_WCAP_UNSOL_CAP)
3082 spec->hp_detect = 1;
3083 }
3079 nid = dac_nids[i]; 3084 nid = dac_nids[i];
3080 if (!nid) 3085 if (!nid)
3081 continue; 3086 continue;
@@ -3119,11 +3124,6 @@ static int create_multi_out_ctls(struct hda_codec *codec, int num_outs,
3119 err = create_controls_idx(codec, name, idx, nid, 3); 3124 err = create_controls_idx(codec, name, idx, nid, 3);
3120 if (err < 0) 3125 if (err < 0)
3121 return err; 3126 return err;
3122 if (type == AUTO_PIN_HP_OUT && !spec->hp_detect) {
3123 wid_caps = get_wcaps(codec, pins[i]);
3124 if (wid_caps & AC_WCAP_UNSOL_CAP)
3125 spec->hp_detect = 1;
3126 }
3127 } 3127 }
3128 } 3128 }
3129 return 0; 3129 return 0;
diff --git a/sound/pci/intel8x0.c b/sound/pci/intel8x0.c
index 5dced5b79387..8042d5398892 100644
--- a/sound/pci/intel8x0.c
+++ b/sound/pci/intel8x0.c
@@ -1854,6 +1854,12 @@ static struct ac97_quirk ac97_quirks[] __devinitdata = {
1854 }, 1854 },
1855 { 1855 {
1856 .subvendor = 0x1028, 1856 .subvendor = 0x1028,
1857 .subdevice = 0x016a,
1858 .name = "Dell Inspiron 8600", /* STAC9750/51 */
1859 .type = AC97_TUNE_HP_ONLY
1860 },
1861 {
1862 .subvendor = 0x1028,
1857 .subdevice = 0x0186, 1863 .subdevice = 0x0186,
1858 .name = "Dell Latitude D810", /* cf. Malone #41015 */ 1864 .name = "Dell Latitude D810", /* cf. Malone #41015 */
1859 .type = AC97_TUNE_HP_MUTE_LED 1865 .type = AC97_TUNE_HP_MUTE_LED
@@ -1896,12 +1902,6 @@ static struct ac97_quirk ac97_quirks[] __devinitdata = {
1896 }, 1902 },
1897 { 1903 {
1898 .subvendor = 0x103c, 1904 .subvendor = 0x103c,
1899 .subdevice = 0x0934,
1900 .name = "HP nx8220",
1901 .type = AC97_TUNE_MUTE_LED
1902 },
1903 {
1904 .subvendor = 0x103c,
1905 .subdevice = 0x129d, 1905 .subdevice = 0x129d,
1906 .name = "HP xw8000", 1906 .name = "HP xw8000",
1907 .type = AC97_TUNE_HP_ONLY 1907 .type = AC97_TUNE_HP_ONLY
diff --git a/sound/soc/omap/omap-mcbsp.c b/sound/soc/omap/omap-mcbsp.c
index 9c09b94f0cf8..90f4df7fd906 100644
--- a/sound/soc/omap/omap-mcbsp.c
+++ b/sound/soc/omap/omap-mcbsp.c
@@ -283,7 +283,7 @@ static int omap_mcbsp_dai_hw_params(struct snd_pcm_substream *substream,
283 break; 283 break;
284 case SND_SOC_DAIFMT_DSP_B: 284 case SND_SOC_DAIFMT_DSP_B:
285 regs->srgr2 |= FPER(wlen * channels - 1); 285 regs->srgr2 |= FPER(wlen * channels - 1);
286 regs->srgr1 |= FWID(wlen * channels - 2); 286 regs->srgr1 |= FWID(0);
287 break; 287 break;
288 } 288 }
289 289
@@ -302,6 +302,7 @@ static int omap_mcbsp_dai_set_dai_fmt(struct snd_soc_dai *cpu_dai,
302{ 302{
303 struct omap_mcbsp_data *mcbsp_data = to_mcbsp(cpu_dai->private_data); 303 struct omap_mcbsp_data *mcbsp_data = to_mcbsp(cpu_dai->private_data);
304 struct omap_mcbsp_reg_cfg *regs = &mcbsp_data->regs; 304 struct omap_mcbsp_reg_cfg *regs = &mcbsp_data->regs;
305 unsigned int temp_fmt = fmt;
305 306
306 if (mcbsp_data->configured) 307 if (mcbsp_data->configured)
307 return 0; 308 return 0;
@@ -328,6 +329,8 @@ static int omap_mcbsp_dai_set_dai_fmt(struct snd_soc_dai *cpu_dai,
328 /* 0-bit data delay */ 329 /* 0-bit data delay */
329 regs->rcr2 |= RDATDLY(0); 330 regs->rcr2 |= RDATDLY(0);
330 regs->xcr2 |= XDATDLY(0); 331 regs->xcr2 |= XDATDLY(0);
332 /* Invert FS polarity configuration */
333 temp_fmt ^= SND_SOC_DAIFMT_NB_IF;
331 break; 334 break;
332 default: 335 default:
333 /* Unsupported data format */ 336 /* Unsupported data format */
@@ -351,7 +354,7 @@ static int omap_mcbsp_dai_set_dai_fmt(struct snd_soc_dai *cpu_dai,
351 } 354 }
352 355
353 /* Set bit clock (CLKX/CLKR) and FS polarities */ 356 /* Set bit clock (CLKX/CLKR) and FS polarities */
354 switch (fmt & SND_SOC_DAIFMT_INV_MASK) { 357 switch (temp_fmt & SND_SOC_DAIFMT_INV_MASK) {
355 case SND_SOC_DAIFMT_NB_NF: 358 case SND_SOC_DAIFMT_NB_NF:
356 /* 359 /*
357 * Normal BCLK + FS. 360 * Normal BCLK + FS.
diff --git a/sound/soc/omap/osk5912.c b/sound/soc/omap/osk5912.c
index a952a4eb3361..a4e149b7f0eb 100644
--- a/sound/soc/omap/osk5912.c
+++ b/sound/soc/omap/osk5912.c
@@ -62,7 +62,7 @@ static int osk_hw_params(struct snd_pcm_substream *substream,
62 /* Set codec DAI configuration */ 62 /* Set codec DAI configuration */
63 err = snd_soc_dai_set_fmt(codec_dai, 63 err = snd_soc_dai_set_fmt(codec_dai,
64 SND_SOC_DAIFMT_DSP_B | 64 SND_SOC_DAIFMT_DSP_B |
65 SND_SOC_DAIFMT_NB_IF | 65 SND_SOC_DAIFMT_NB_NF |
66 SND_SOC_DAIFMT_CBM_CFM); 66 SND_SOC_DAIFMT_CBM_CFM);
67 if (err < 0) { 67 if (err < 0) {
68 printk(KERN_ERR "can't set codec DAI configuration\n"); 68 printk(KERN_ERR "can't set codec DAI configuration\n");
@@ -72,7 +72,7 @@ static int osk_hw_params(struct snd_pcm_substream *substream,
72 /* Set cpu DAI configuration */ 72 /* Set cpu DAI configuration */
73 err = snd_soc_dai_set_fmt(cpu_dai, 73 err = snd_soc_dai_set_fmt(cpu_dai,
74 SND_SOC_DAIFMT_DSP_B | 74 SND_SOC_DAIFMT_DSP_B |
75 SND_SOC_DAIFMT_NB_IF | 75 SND_SOC_DAIFMT_NB_NF |
76 SND_SOC_DAIFMT_CBM_CFM); 76 SND_SOC_DAIFMT_CBM_CFM);
77 if (err < 0) { 77 if (err < 0) {
78 printk(KERN_ERR "can't set cpu DAI configuration\n"); 78 printk(KERN_ERR "can't set cpu DAI configuration\n");
diff --git a/sound/soc/pxa/pxa-ssp.c b/sound/soc/pxa/pxa-ssp.c
index 308a657928d2..de2254475d52 100644
--- a/sound/soc/pxa/pxa-ssp.c
+++ b/sound/soc/pxa/pxa-ssp.c
@@ -806,6 +806,7 @@ static int pxa_ssp_probe(struct platform_device *pdev,
806 goto err_priv; 806 goto err_priv;
807 } 807 }
808 808
809 priv->dai_fmt = (unsigned int) -1;
809 dai->private_data = priv; 810 dai->private_data = priv;
810 811
811 return 0; 812 return 0;
diff --git a/sound/soc/s3c24xx/jive_wm8750.c b/sound/soc/s3c24xx/jive_wm8750.c
index 32063790d95b..93e6c87b7399 100644
--- a/sound/soc/s3c24xx/jive_wm8750.c
+++ b/sound/soc/s3c24xx/jive_wm8750.c
@@ -69,8 +69,8 @@ static int jive_hw_params(struct snd_pcm_substream *substream,
69 break; 69 break;
70 } 70 }
71 71
72 s3c_i2sv2_calc_rate(&div, NULL, params_rate(params), 72 s3c_i2sv2_iis_calc_rate(&div, NULL, params_rate(params),
73 s3c2412_get_iisclk()); 73 s3c2412_get_iisclk());
74 74
75 /* set codec DAI configuration */ 75 /* set codec DAI configuration */
76 ret = snd_soc_dai_set_fmt(codec_dai, SND_SOC_DAIFMT_I2S | 76 ret = snd_soc_dai_set_fmt(codec_dai, SND_SOC_DAIFMT_I2S |
@@ -145,8 +145,9 @@ static struct snd_soc_dai_link jive_dai = {
145}; 145};
146 146
147/* jive audio machine driver */ 147/* jive audio machine driver */
148static struct snd_soc_machine snd_soc_machine_jive = { 148static struct snd_soc_card snd_soc_machine_jive = {
149 .name = "Jive", 149 .name = "Jive",
150 .platform = &s3c24xx_soc_platform,
150 .dai_link = &jive_dai, 151 .dai_link = &jive_dai,
151 .num_links = 1, 152 .num_links = 1,
152}; 153};
@@ -157,9 +158,8 @@ static struct wm8750_setup_data jive_wm8750_setup = {
157 158
158/* jive audio subsystem */ 159/* jive audio subsystem */
159static struct snd_soc_device jive_snd_devdata = { 160static struct snd_soc_device jive_snd_devdata = {
160 .machine = &snd_soc_machine_jive, 161 .card = &snd_soc_machine_jive,
161 .platform = &s3c24xx_soc_platform, 162 .codec_dev = &soc_codec_dev_wm8750,
162 .codec_dev = &soc_codec_dev_wm8750_spi,
163 .codec_data = &jive_wm8750_setup, 163 .codec_data = &jive_wm8750_setup,
164}; 164};
165 165
diff --git a/sound/soc/s3c24xx/s3c-i2s-v2.c b/sound/soc/s3c24xx/s3c-i2s-v2.c
index 295a4c910262..689ffcd17e1f 100644
--- a/sound/soc/s3c24xx/s3c-i2s-v2.c
+++ b/sound/soc/s3c24xx/s3c-i2s-v2.c
@@ -473,9 +473,9 @@ static int s3c2412_i2s_set_clkdiv(struct snd_soc_dai *cpu_dai,
473/* default table of all avaialable root fs divisors */ 473/* default table of all avaialable root fs divisors */
474static unsigned int iis_fs_tab[] = { 256, 512, 384, 768 }; 474static unsigned int iis_fs_tab[] = { 256, 512, 384, 768 };
475 475
476int s3c2412_iis_calc_rate(struct s3c_i2sv2_rate_calc *info, 476int s3c_i2sv2_iis_calc_rate(struct s3c_i2sv2_rate_calc *info,
477 unsigned int *fstab, 477 unsigned int *fstab,
478 unsigned int rate, struct clk *clk) 478 unsigned int rate, struct clk *clk)
479{ 479{
480 unsigned long clkrate = clk_get_rate(clk); 480 unsigned long clkrate = clk_get_rate(clk);
481 unsigned int div; 481 unsigned int div;
@@ -531,7 +531,7 @@ int s3c2412_iis_calc_rate(struct s3c_i2sv2_rate_calc *info,
531 531
532 return 0; 532 return 0;
533} 533}
534EXPORT_SYMBOL_GPL(s3c2412_iis_calc_rate); 534EXPORT_SYMBOL_GPL(s3c_i2sv2_iis_calc_rate);
535 535
536int s3c_i2sv2_probe(struct platform_device *pdev, 536int s3c_i2sv2_probe(struct platform_device *pdev,
537 struct snd_soc_dai *dai, 537 struct snd_soc_dai *dai,
@@ -624,10 +624,12 @@ static int s3c2412_i2s_resume(struct snd_soc_dai *dai)
624 624
625int s3c_i2sv2_register_dai(struct snd_soc_dai *dai) 625int s3c_i2sv2_register_dai(struct snd_soc_dai *dai)
626{ 626{
627 dai->ops.trigger = s3c2412_i2s_trigger; 627 struct snd_soc_dai_ops *ops = dai->ops;
628 dai->ops.hw_params = s3c2412_i2s_hw_params; 628
629 dai->ops.set_fmt = s3c2412_i2s_set_fmt; 629 ops->trigger = s3c2412_i2s_trigger;
630 dai->ops.set_clkdiv = s3c2412_i2s_set_clkdiv; 630 ops->hw_params = s3c2412_i2s_hw_params;
631 ops->set_fmt = s3c2412_i2s_set_fmt;
632 ops->set_clkdiv = s3c2412_i2s_set_clkdiv;
631 633
632 dai->suspend = s3c2412_i2s_suspend; 634 dai->suspend = s3c2412_i2s_suspend;
633 dai->resume = s3c2412_i2s_resume; 635 dai->resume = s3c2412_i2s_resume;
diff --git a/sound/soc/s3c24xx/s3c2412-i2s.c b/sound/soc/s3c24xx/s3c2412-i2s.c
index 1ca3cdaa8213..b7e0b3f0bfc8 100644
--- a/sound/soc/s3c24xx/s3c2412-i2s.c
+++ b/sound/soc/s3c24xx/s3c2412-i2s.c
@@ -33,8 +33,8 @@
33 33
34#include <plat/regs-s3c2412-iis.h> 34#include <plat/regs-s3c2412-iis.h>
35 35
36#include <plat/regs-gpio.h>
37#include <plat/audio.h> 36#include <plat/audio.h>
37#include <mach/regs-gpio.h>
38#include <mach/dma.h> 38#include <mach/dma.h>
39 39
40#include "s3c24xx-pcm.h" 40#include "s3c24xx-pcm.h"
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-07 12:49:19 -0500