6 files changed, 516 insertions, 342 deletions
diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
index 49502bc5360a..423fd56bf612 100644
--- a/drivers/char/Kconfig
+++ b/drivers/char/Kconfig
@@ -616,5 +616,16 @@ config MSM_SMD_PKT
          Enables userspace clients to read and write to some packet SMD
          ports via device interface for MSM chipset.
+config TILE_SROM
+        bool "Character-device access via hypervisor to the Tilera SPI ROM"
+        depends on TILE
+        default y
+        ---help---
+          This device provides character-level read-write access
+          to the SROM, typically via the "0", "1", and "2" devices
+          in /dev/srom/.  The Tilera hypervisor makes the flash
+          device appear much like a simple EEPROM, and knows
+          how to partition a single ROM for multiple purposes.
 endmenu
diff --git a/drivers/char/Makefile b/drivers/char/Makefile
index 7a00672bd85d..32762ba769c2 100644
--- a/drivers/char/Makefile
+++ b/drivers/char/Makefile
@@ -63,3 +63,5 @@ obj-$(CONFIG_RAMOOPS)		+= ramoops.o
 obj-$(CONFIG_JS_RTC)            += js-rtc.o
 js-rtc-y = rtc.o
+obj-$(CONFIG_TILE_SROM)         += tile-srom.o
diff --git a/drivers/char/ramoops.c b/drivers/char/ramoops.c
index fca0c51bbc90..810aff9e750f 100644
--- a/drivers/char/ramoops.c
+++ b/drivers/char/ramoops.c
@@ -147,6 +147,14 @@ static int __init ramoops_probe(struct platform_device *pdev)
        cxt->phys_addr = pdata->mem_address;
        cxt->record_size = pdata->record_size;
        cxt->dump_oops = pdata->dump_oops;
+        /*
+         * Update the module parameter variables as well so they are visible
+         * through /sys/module/ramoops/parameters/
+         */
+        mem_size = pdata->mem_size;
+        mem_address = pdata->mem_address;
+        record_size = pdata->record_size;
+        dump_oops = pdata->dump_oops;
        if (!request_mem_region(cxt->phys_addr, cxt->size, "ramoops")) {
                pr_err("request mem region failed\n");
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 729281961f22..c35a785005b0 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1300,345 +1300,14 @@ ctl_table random_table[] = {
 };
 #endif  /* CONFIG_SYSCTL */
-/********************************************************************
+static u32 random_int_secret[MD5_MESSAGE_BYTES / 4] ____cacheline_aligned;
- *
- * Random functions for networking
- *
- ********************************************************************/
-/*
- * TCP initial sequence number picking.  This uses the random number
- * generator to pick an initial secret value.  This value is hashed
- * along with the TCP endpoint information to provide a unique
- * starting point for each pair of TCP endpoints.  This defeats
- * attacks which rely on guessing the initial TCP sequence number.
- * This algorithm was suggested by Steve Bellovin.
- *
- * Using a very strong hash was taking an appreciable amount of the total
- * TCP connection establishment time, so this is a weaker hash,
- * compensated for by changing the secret periodically.
- */
-/* F, G and H are basic MD4 functions: selection, majority, parity */
-#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
-#define G(x, y, z) (((x) & (y)) + (((x) ^ (y)) & (z)))
-#define H(x, y, z) ((x) ^ (y) ^ (z))
-/*
- * The generic round function.  The application is so specific that
- * we don't bother protecting all the arguments with parens, as is generally
- * good macro practice, in favor of extra legibility.
- * Rotation is separate from addition to prevent recomputation
- */
-#define ROUND(f, a, b, c, d, x, s)      \
-        (a += f(b, c, d) + x, a = (a << s) | (a >> (32 - s)))
-#define K1 0
-#define K2 013240474631UL
-#define K3 015666365641UL
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-static __u32 twothirdsMD4Transform(__u32 const buf[4], __u32 const in[12])
-{
-        __u32 a = buf[0], b = buf[1], c = buf[2], d = buf[3];
-        /* Round 1 */
-        ROUND(F, a, b, c, d, in[ 0] + K1,  3);
-        ROUND(F, d, a, b, c, in[ 1] + K1,  7);
-        ROUND(F, c, d, a, b, in[ 2] + K1, 11);
-        ROUND(F, b, c, d, a, in[ 3] + K1, 19);
-        ROUND(F, a, b, c, d, in[ 4] + K1,  3);
-        ROUND(F, d, a, b, c, in[ 5] + K1,  7);
-        ROUND(F, c, d, a, b, in[ 6] + K1, 11);
-        ROUND(F, b, c, d, a, in[ 7] + K1, 19);
-        ROUND(F, a, b, c, d, in[ 8] + K1,  3);
-        ROUND(F, d, a, b, c, in[ 9] + K1,  7);
-        ROUND(F, c, d, a, b, in[10] + K1, 11);
-        ROUND(F, b, c, d, a, in[11] + K1, 19);
-        /* Round 2 */
-        ROUND(G, a, b, c, d, in[ 1] + K2,  3);
-        ROUND(G, d, a, b, c, in[ 3] + K2,  5);
-        ROUND(G, c, d, a, b, in[ 5] + K2,  9);
-        ROUND(G, b, c, d, a, in[ 7] + K2, 13);
-        ROUND(G, a, b, c, d, in[ 9] + K2,  3);
-        ROUND(G, d, a, b, c, in[11] + K2,  5);
-        ROUND(G, c, d, a, b, in[ 0] + K2,  9);
-        ROUND(G, b, c, d, a, in[ 2] + K2, 13);
-        ROUND(G, a, b, c, d, in[ 4] + K2,  3);
-        ROUND(G, d, a, b, c, in[ 6] + K2,  5);
-        ROUND(G, c, d, a, b, in[ 8] + K2,  9);
-        ROUND(G, b, c, d, a, in[10] + K2, 13);
-        /* Round 3 */
-        ROUND(H, a, b, c, d, in[ 3] + K3,  3);
-        ROUND(H, d, a, b, c, in[ 7] + K3,  9);
-        ROUND(H, c, d, a, b, in[11] + K3, 11);
-        ROUND(H, b, c, d, a, in[ 2] + K3, 15);
-        ROUND(H, a, b, c, d, in[ 6] + K3,  3);
-        ROUND(H, d, a, b, c, in[10] + K3,  9);
-        ROUND(H, c, d, a, b, in[ 1] + K3, 11);
-        ROUND(H, b, c, d, a, in[ 5] + K3, 15);
-        ROUND(H, a, b, c, d, in[ 9] + K3,  3);
-        ROUND(H, d, a, b, c, in[ 0] + K3,  9);
-        ROUND(H, c, d, a, b, in[ 4] + K3, 11);
-        ROUND(H, b, c, d, a, in[ 8] + K3, 15);
-        return buf[1] + b; /* "most hashed" word */
-        /* Alternative: return sum of all words? */
-}
-#endif
-#undef ROUND
-#undef F
-#undef G
-#undef H
-#undef K1
-#undef K2
-#undef K3
-/* This should not be decreased so low that ISNs wrap too fast. */
-#define REKEY_INTERVAL (300 * HZ)
-/*
- * Bit layout of the tcp sequence numbers (before adding current time):
- * bit 24-31: increased after every key exchange
- * bit 0-23: hash(source,dest)
- *
- * The implementation is similar to the algorithm described
- * in the Appendix of RFC 1185, except that
- * - it uses a 1 MHz clock instead of a 250 kHz clock
- * - it performs a rekey every 5 minutes, which is equivalent
- *      to a (source,dest) tulple dependent forward jump of the
- *      clock by 0..2^(HASH_BITS+1)
- *
- * Thus the average ISN wraparound time is 68 minutes instead of
- * 4.55 hours.
- *
- * SMP cleanup and lock avoidance with poor man's RCU.
- *                      Manfred Spraul <manfred@colorfullife.com>
- *
- */
-#define COUNT_BITS 8
-#define COUNT_MASK ((1 << COUNT_BITS) - 1)
-#define HASH_BITS 24
-#define HASH_MASK ((1 << HASH_BITS) - 1)
-static struct keydata {
+static int __init random_int_secret_init(void)
-        __u32 count; /* already shifted to the final position */
-        __u32 secret[12];
-} ____cacheline_aligned ip_keydata[2];
-static unsigned int ip_cnt;
-static void rekey_seq_generator(struct work_struct *work);
-static DECLARE_DELAYED_WORK(rekey_work, rekey_seq_generator);
-/*
- * Lock avoidance:
- * The ISN generation runs lockless - it's just a hash over random data.
- * State changes happen every 5 minutes when the random key is replaced.
- * Synchronization is performed by having two copies of the hash function
- * state and rekey_seq_generator always updates the inactive copy.
- * The copy is then activated by updating ip_cnt.
- * The implementation breaks down if someone blocks the thread
- * that processes SYN requests for more than 5 minutes. Should never
- * happen, and even if that happens only a not perfectly compliant
- * ISN is generated, nothing fatal.
- */
-static void rekey_seq_generator(struct work_struct *work)
 {
-        struct keydata *keyptr = &ip_keydata[1 ^ (ip_cnt & 1)];
+        get_random_bytes(random_int_secret, sizeof(random_int_secret));
-        get_random_bytes(keyptr->secret, sizeof(keyptr->secret));
-        keyptr->count = (ip_cnt & COUNT_MASK) << HASH_BITS;
-        smp_wmb();
-        ip_cnt++;
-        schedule_delayed_work(&rekey_work,
-                              round_jiffies_relative(REKEY_INTERVAL));
-}
-static inline struct keydata *get_keyptr(void)
-{
-        struct keydata *keyptr = &ip_keydata[ip_cnt & 1];
-        smp_rmb();
-        return keyptr;
-}
-static __init int seqgen_init(void)
-{
-        rekey_seq_generator(NULL);
        return 0;
 }
-late_initcall(seqgen_init);
+late_initcall(random_int_secret_init);
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-__u32 secure_tcpv6_sequence_number(__be32 *saddr, __be32 *daddr,
-                                   __be16 sport, __be16 dport)
-{
-        __u32 seq;
-        __u32 hash[12];
-        struct keydata *keyptr = get_keyptr();
-        /* The procedure is the same as for IPv4, but addresses are longer.
-         * Thus we must use twothirdsMD4Transform.
-         */
-        memcpy(hash, saddr, 16);
-        hash[4] = ((__force u16)sport << 16) + (__force u16)dport;
-        memcpy(&hash[5], keyptr->secret, sizeof(__u32) * 7);
-        seq = twothirdsMD4Transform((const __u32 *)daddr, hash) & HASH_MASK;
-        seq += keyptr->count;
-        seq += ktime_to_ns(ktime_get_real());
-        return seq;
-}
-EXPORT_SYMBOL(secure_tcpv6_sequence_number);
-#endif
-/*  The code below is shamelessly stolen from secure_tcp_sequence_number().
- *  All blames to Andrey V. Savochkin <saw@msu.ru>.
- */
-__u32 secure_ip_id(__be32 daddr)
-{
-        struct keydata *keyptr;
-        __u32 hash[4];
-        keyptr = get_keyptr();
-        /*
-         *  Pick a unique starting offset for each IP destination.
-         *  The dest ip address is placed in the starting vector,
-         *  which is then hashed with random data.
-         */
-        hash[0] = (__force __u32)daddr;
-        hash[1] = keyptr->secret[9];
-        hash[2] = keyptr->secret[10];
-        hash[3] = keyptr->secret[11];
-        return half_md4_transform(hash, keyptr->secret);
-}
-__u32 secure_ipv6_id(const __be32 daddr[4])
-{
-        const struct keydata *keyptr;
-        __u32 hash[4];
-        keyptr = get_keyptr();
-        hash[0] = (__force __u32)daddr[0];
-        hash[1] = (__force __u32)daddr[1];
-        hash[2] = (__force __u32)daddr[2];
-        hash[3] = (__force __u32)daddr[3];
-        return half_md4_transform(hash, keyptr->secret);
-}
-#ifdef CONFIG_INET
-__u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr,
-                                 __be16 sport, __be16 dport)
-{
-        __u32 seq;
-        __u32 hash[4];
-        struct keydata *keyptr = get_keyptr();
-        /*
-         *  Pick a unique starting offset for each TCP connection endpoints
-         *  (saddr, daddr, sport, dport).
-         *  Note that the words are placed into the starting vector, which is
-         *  then mixed with a partial MD4 over random data.
-         */
-        hash[0] = (__force u32)saddr;
-        hash[1] = (__force u32)daddr;
-        hash[2] = ((__force u16)sport << 16) + (__force u16)dport;
-        hash[3] = keyptr->secret[11];
-        seq = half_md4_transform(hash, keyptr->secret) & HASH_MASK;
-        seq += keyptr->count;
-        /*
-         *      As close as possible to RFC 793, which
-         *      suggests using a 250 kHz clock.
-         *      Further reading shows this assumes 2 Mb/s networks.
-         *      For 10 Mb/s Ethernet, a 1 MHz clock is appropriate.
-         *      For 10 Gb/s Ethernet, a 1 GHz clock should be ok, but
-         *      we also need to limit the resolution so that the u32 seq
-         *      overlaps less than one time per MSL (2 minutes).
-         *      Choosing a clock of 64 ns period is OK. (period of 274 s)
-         */
-        seq += ktime_to_ns(ktime_get_real()) >> 6;
-        return seq;
-}
-/* Generate secure starting point for ephemeral IPV4 transport port search */
-u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport)
-{
-        struct keydata *keyptr = get_keyptr();
-        u32 hash[4];
-        /*
-         *  Pick a unique starting offset for each ephemeral port search
-         *  (saddr, daddr, dport) and 48bits of random data.
-         */
-        hash[0] = (__force u32)saddr;
-        hash[1] = (__force u32)daddr;
-        hash[2] = (__force u32)dport ^ keyptr->secret[10];
-        hash[3] = keyptr->secret[11];
-        return half_md4_transform(hash, keyptr->secret);
-}
-EXPORT_SYMBOL_GPL(secure_ipv4_port_ephemeral);
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
-                               __be16 dport)
-{
-        struct keydata *keyptr = get_keyptr();
-        u32 hash[12];
-        memcpy(hash, saddr, 16);
-        hash[4] = (__force u32)dport;
-        memcpy(&hash[5], keyptr->secret, sizeof(__u32) * 7);
-        return twothirdsMD4Transform((const __u32 *)daddr, hash);
-}
-#endif
-#if defined(CONFIG_IP_DCCP) || defined(CONFIG_IP_DCCP_MODULE)
-/* Similar to secure_tcp_sequence_number but generate a 48 bit value
- * bit's 32-47 increase every key exchange
- *       0-31  hash(source, dest)
- */
-u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr,
-                                __be16 sport, __be16 dport)
-{
-        u64 seq;
-        __u32 hash[4];
-        struct keydata *keyptr = get_keyptr();
-        hash[0] = (__force u32)saddr;
-        hash[1] = (__force u32)daddr;
-        hash[2] = ((__force u16)sport << 16) + (__force u16)dport;
-        hash[3] = keyptr->secret[11];
-        seq = half_md4_transform(hash, keyptr->secret);
-        seq |= ((u64)keyptr->count) << (32 - HASH_BITS);
-        seq += ktime_to_ns(ktime_get_real());
-        seq &= (1ull << 48) - 1;
-        return seq;
-}
-EXPORT_SYMBOL(secure_dccp_sequence_number);
-#endif
-#endif /* CONFIG_INET */
 /*
 * Get a random word for internal kernel use only. Similar to urandom but
@@ -1646,17 +1315,15 @@ EXPORT_SYMBOL(secure_dccp_sequence_number);
 * value is not cryptographically secure but for several uses the cost of
 * depleting entropy is too high
 */
-DEFINE_PER_CPU(__u32 [4], get_random_int_hash);
+DEFINE_PER_CPU(__u32 [MD5_DIGEST_WORDS], get_random_int_hash);
 unsigned int get_random_int(void)
 {
-        struct keydata *keyptr;
        __u32 *hash = get_cpu_var(get_random_int_hash);
-        int ret;
+        unsigned int ret;
-        keyptr = get_keyptr();
        hash[0] += current->pid + jiffies + get_cycles();
+        md5_transform(hash, random_int_secret);
-        ret = half_md4_transform(hash, keyptr->secret);
+        ret = hash[0];
        put_cpu_var(get_random_int_hash);
        return ret;
diff --git a/drivers/char/tile-srom.c b/drivers/char/tile-srom.c
new file mode 100644
index 000000000000..cf3ee008dca2
--- /dev/null
+++ b/drivers/char/tile-srom.c
@@ -0,0 +1,481 @@
+/*
+ * Copyright 2011 Tilera Corporation. All Rights Reserved.
+ *
+ *   This program is free software; you can redistribute it and/or
+ *   modify it under the terms of the GNU General Public License
+ *   as published by the Free Software Foundation, version 2.
+ *
+ *   This program is distributed in the hope that it will be useful, but
+ *   WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
+ *   NON INFRINGEMENT.  See the GNU General Public License for
+ *   more details.
+ *
+ * SPI Flash ROM driver
+ *
+ * This source code is derived from code provided in "Linux Device
+ * Drivers, Third Edition", by Jonathan Corbet, Alessandro Rubini, and
+ * Greg Kroah-Hartman, published by O'Reilly Media, Inc.
+ */
+#include <linux/module.h>
+#include <linux/moduleparam.h>
+#include <linux/init.h>
+#include <linux/kernel.h>       /* printk() */
+#include <linux/slab.h>         /* kmalloc() */
+#include <linux/fs.h>           /* everything... */
+#include <linux/errno.h>        /* error codes */
+#include <linux/types.h>        /* size_t */
+#include <linux/proc_fs.h>
+#include <linux/fcntl.h>        /* O_ACCMODE */
+#include <linux/aio.h>
+#include <linux/pagemap.h>
+#include <linux/hugetlb.h>
+#include <linux/uaccess.h>
+#include <linux/platform_device.h>
+#include <hv/hypervisor.h>
+#include <linux/ioctl.h>
+#include <linux/cdev.h>
+#include <linux/delay.h>
+#include <hv/drv_srom_intf.h>
+/*
+ * Size of our hypervisor I/O requests.  We break up large transfers
+ * so that we don't spend large uninterrupted spans of time in the
+ * hypervisor.  Erasing an SROM sector takes a significant fraction of
+ * a second, so if we allowed the user to, say, do one I/O to write the
+ * entire ROM, we'd get soft lockup timeouts, or worse.
+ */
+#define SROM_CHUNK_SIZE ((size_t)4096)
+/*
+ * When hypervisor is busy (e.g. erasing), poll the status periodically.
+ */
+/*
+ * Interval to poll the state in msec
+ */
+#define SROM_WAIT_TRY_INTERVAL 20
+/*
+ * Maximum times to poll the state
+ */
+#define SROM_MAX_WAIT_TRY_TIMES 1000
+struct srom_dev {
+        int hv_devhdl;                  /* Handle for hypervisor device */
+        u32 total_size;                 /* Size of this device */
+        u32 sector_size;                /* Size of a sector */
+        u32 page_size;                  /* Size of a page */
+        struct mutex lock;              /* Allow only one accessor at a time */
+};
+static int srom_major;                  /* Dynamic major by default */
+module_param(srom_major, int, 0);
+MODULE_AUTHOR("Tilera Corporation");
+MODULE_LICENSE("GPL");
+static int srom_devs;                   /* Number of SROM partitions */
+static struct cdev srom_cdev;
+static struct class *srom_class;
+static struct srom_dev *srom_devices;
+/*
+ * Handle calling the hypervisor and managing EAGAIN/EBUSY.
+ */
+static ssize_t _srom_read(int hv_devhdl, void *buf,
+                          loff_t off, size_t count)
+{
+        int retval, retries = SROM_MAX_WAIT_TRY_TIMES;
+        for (;;) {
+                retval = hv_dev_pread(hv_devhdl, 0, (HV_VirtAddr)buf,
+                                      count, off);
+                if (retval >= 0)
+                        return retval;
+                if (retval == HV_EAGAIN)
+                        continue;
+                if (retval == HV_EBUSY && --retries > 0) {
+                        msleep(SROM_WAIT_TRY_INTERVAL);
+                        continue;
+                }
+                pr_err("_srom_read: error %d\n", retval);
+                return -EIO;
+        }
+}
+static ssize_t _srom_write(int hv_devhdl, const void *buf,
+                           loff_t off, size_t count)
+{
+        int retval, retries = SROM_MAX_WAIT_TRY_TIMES;
+        for (;;) {
+                retval = hv_dev_pwrite(hv_devhdl, 0, (HV_VirtAddr)buf,
+                                       count, off);
+                if (retval >= 0)
+                        return retval;
+                if (retval == HV_EAGAIN)
+                        continue;
+                if (retval == HV_EBUSY && --retries > 0) {
+                        msleep(SROM_WAIT_TRY_INTERVAL);
+                        continue;
+                }
+                pr_err("_srom_write: error %d\n", retval);
+                return -EIO;
+        }
+}
+/**
+ * srom_open() - Device open routine.
+ * @inode: Inode for this device.
+ * @filp: File for this specific open of the device.
+ *
+ * Returns zero, or an error code.
+ */
+static int srom_open(struct inode *inode, struct file *filp)
+{
+        filp->private_data = &srom_devices[iminor(inode)];
+        return 0;
+}
+/**
+ * srom_release() - Device release routine.
+ * @inode: Inode for this device.
+ * @filp: File for this specific open of the device.
+ *
+ * Returns zero, or an error code.
+ */
+static int srom_release(struct inode *inode, struct file *filp)
+{
+        struct srom_dev *srom = filp->private_data;
+        char dummy;
+        /* Make sure we've flushed anything written to the ROM. */
+        mutex_lock(&srom->lock);
+        if (srom->hv_devhdl >= 0)
+                _srom_write(srom->hv_devhdl, &dummy, SROM_FLUSH_OFF, 1);
+        mutex_unlock(&srom->lock);
+        filp->private_data = NULL;
+        return 0;
+}
+/**
+ * srom_read() - Read data from the device.
+ * @filp: File for this specific open of the device.
+ * @buf: User's data buffer.
+ * @count: Number of bytes requested.
+ * @f_pos: File position.
+ *
+ * Returns number of bytes read, or an error code.
+ */
+static ssize_t srom_read(struct file *filp, char __user *buf,
+                         size_t count, loff_t *f_pos)
+{
+        int retval = 0;
+        void *kernbuf;
+        struct srom_dev *srom = filp->private_data;
+        kernbuf = kmalloc(SROM_CHUNK_SIZE, GFP_KERNEL);
+        if (!kernbuf)
+                return -ENOMEM;
+        if (mutex_lock_interruptible(&srom->lock)) {
+                retval = -ERESTARTSYS;
+                kfree(kernbuf);
+                return retval;
+        }
+        while (count) {
+                int hv_retval;
+                int bytes_this_pass = min(count, SROM_CHUNK_SIZE);
+                hv_retval = _srom_read(srom->hv_devhdl, kernbuf,
+                                       *f_pos, bytes_this_pass);
+                if (hv_retval > 0) {
+                        if (copy_to_user(buf, kernbuf, hv_retval) != 0) {
+                                retval = -EFAULT;
+                                break;
+                        }
+                } else if (hv_retval <= 0) {
+                        if (retval == 0)
+                                retval = hv_retval;
+                        break;
+                }
+                retval += hv_retval;
+                *f_pos += hv_retval;
+                buf += hv_retval;
+                count -= hv_retval;
+        }
+        mutex_unlock(&srom->lock);
+        kfree(kernbuf);
+        return retval;
+}
+/**
+ * srom_write() - Write data to the device.
+ * @filp: File for this specific open of the device.
+ * @buf: User's data buffer.
+ * @count: Number of bytes requested.
+ * @f_pos: File position.
+ *
+ * Returns number of bytes written, or an error code.
+ */
+static ssize_t srom_write(struct file *filp, const char __user *buf,
+                          size_t count, loff_t *f_pos)
+{
+        int retval = 0;
+        void *kernbuf;
+        struct srom_dev *srom = filp->private_data;
+        kernbuf = kmalloc(SROM_CHUNK_SIZE, GFP_KERNEL);
+        if (!kernbuf)
+                return -ENOMEM;
+        if (mutex_lock_interruptible(&srom->lock)) {
+                retval = -ERESTARTSYS;
+                kfree(kernbuf);
+                return retval;
+        }
+        while (count) {
+                int hv_retval;
+                int bytes_this_pass = min(count, SROM_CHUNK_SIZE);
+                if (copy_from_user(kernbuf, buf, bytes_this_pass) != 0) {
+                        retval = -EFAULT;
+                        break;
+                }
+                hv_retval = _srom_write(srom->hv_devhdl, kernbuf,
+                                        *f_pos, bytes_this_pass);
+                if (hv_retval <= 0) {
+                        if (retval == 0)
+                                retval = hv_retval;
+                        break;
+                }
+                retval += hv_retval;
+                *f_pos += hv_retval;
+                buf += hv_retval;
+                count -= hv_retval;
+        }
+        mutex_unlock(&srom->lock);
+        kfree(kernbuf);
+        return retval;
+}
+/* Provide our own implementation so we can use srom->total_size. */
+loff_t srom_llseek(struct file *filp, loff_t offset, int origin)
+{
+        struct srom_dev *srom = filp->private_data;
+        if (mutex_lock_interruptible(&srom->lock))
+                return -ERESTARTSYS;
+        switch (origin) {
+        case SEEK_END:
+                offset += srom->total_size;
+                break;
+        case SEEK_CUR:
+                offset += filp->f_pos;
+                break;
+        }
+        if (offset < 0 || offset > srom->total_size) {
+                offset = -EINVAL;
+        } else {
+                filp->f_pos = offset;
+                filp->f_version = 0;
+        }
+        mutex_unlock(&srom->lock);
+        return offset;
+}
+static ssize_t total_show(struct device *dev,
+                          struct device_attribute *attr, char *buf)
+{
+        struct srom_dev *srom = dev_get_drvdata(dev);
+        return sprintf(buf, "%u\n", srom->total_size);
+}
+static ssize_t sector_show(struct device *dev,
+                           struct device_attribute *attr, char *buf)
+{
+        struct srom_dev *srom = dev_get_drvdata(dev);
+        return sprintf(buf, "%u\n", srom->sector_size);
+}
+static ssize_t page_show(struct device *dev,
+                         struct device_attribute *attr, char *buf)
+{
+        struct srom_dev *srom = dev_get_drvdata(dev);
+        return sprintf(buf, "%u\n", srom->page_size);
+}
+static struct device_attribute srom_dev_attrs[] = {
+        __ATTR(total_size, S_IRUGO, total_show, NULL),
+        __ATTR(sector_size, S_IRUGO, sector_show, NULL),
+        __ATTR(page_size, S_IRUGO, page_show, NULL),
+        __ATTR_NULL
+};
+static char *srom_devnode(struct device *dev, mode_t *mode)
+{
+        *mode = S_IRUGO | S_IWUSR;
+        return kasprintf(GFP_KERNEL, "srom/%s", dev_name(dev));
+}
+/*
+ * The fops
+ */
+static const struct file_operations srom_fops = {
+        .owner =     THIS_MODULE,
+        .llseek =    srom_llseek,
+        .read =      srom_read,
+        .write =     srom_write,
+        .open =      srom_open,
+        .release =   srom_release,
+};
+/**
+ * srom_setup_minor() - Initialize per-minor information.
+ * @srom: Per-device SROM state.
+ * @index: Device to set up.
+ */
+static int srom_setup_minor(struct srom_dev *srom, int index)
+{
+        struct device *dev;
+        int devhdl = srom->hv_devhdl;
+        mutex_init(&srom->lock);
+        if (_srom_read(devhdl, &srom->total_size,
+                       SROM_TOTAL_SIZE_OFF, sizeof(srom->total_size)) < 0)
+                return -EIO;
+        if (_srom_read(devhdl, &srom->sector_size,
+                       SROM_SECTOR_SIZE_OFF, sizeof(srom->sector_size)) < 0)
+                return -EIO;
+        if (_srom_read(devhdl, &srom->page_size,
+                       SROM_PAGE_SIZE_OFF, sizeof(srom->page_size)) < 0)
+                return -EIO;
+        dev = device_create(srom_class, &platform_bus,
+                            MKDEV(srom_major, index), srom, "%d", index);
+        return IS_ERR(dev) ? PTR_ERR(dev) : 0;
+}
+/** srom_init() - Initialize the driver's module. */
+static int srom_init(void)
+{
+        int result, i;
+        dev_t dev = MKDEV(srom_major, 0);
+        /*
+         * Start with a plausible number of partitions; the krealloc() call
+         * below will yield about log(srom_devs) additional allocations.
+         */
+        srom_devices = kzalloc(4 * sizeof(struct srom_dev), GFP_KERNEL);
+        /* Discover the number of srom partitions. */
+        for (i = 0; ; i++) {
+                int devhdl;
+                char buf[20];
+                struct srom_dev *new_srom_devices =
+                        krealloc(srom_devices, (i+1) * sizeof(struct srom_dev),
+                                 GFP_KERNEL | __GFP_ZERO);
+                if (!new_srom_devices) {
+                        result = -ENOMEM;
+                        goto fail_mem;
+                }
+                srom_devices = new_srom_devices;
+                sprintf(buf, "srom/0/%d", i);
+                devhdl = hv_dev_open((HV_VirtAddr)buf, 0);
+                if (devhdl < 0) {
+                        if (devhdl != HV_ENODEV)
+                                pr_notice("srom/%d: hv_dev_open failed: %d.\n",
+                                          i, devhdl);
+                        break;
+                }
+                srom_devices[i].hv_devhdl = devhdl;
+        }
+        srom_devs = i;
+        /* Bail out early if we have no partitions at all. */
+        if (srom_devs == 0) {
+                result = -ENODEV;
+                goto fail_mem;
+        }
+        /* Register our major, and accept a dynamic number. */
+        if (srom_major)
+                result = register_chrdev_region(dev, srom_devs, "srom");
+        else {
+                result = alloc_chrdev_region(&dev, 0, srom_devs, "srom");
+                srom_major = MAJOR(dev);
+        }
+        if (result < 0)
+                goto fail_mem;
+        /* Register a character device. */
+        cdev_init(&srom_cdev, &srom_fops);
+        srom_cdev.owner = THIS_MODULE;
+        srom_cdev.ops = &srom_fops;
+        result = cdev_add(&srom_cdev, dev, srom_devs);
+        if (result < 0)
+                goto fail_chrdev;
+        /* Create a sysfs class. */
+        srom_class = class_create(THIS_MODULE, "srom");
+        if (IS_ERR(srom_class)) {
+                result = PTR_ERR(srom_class);
+                goto fail_cdev;
+        }
+        srom_class->dev_attrs = srom_dev_attrs;
+        srom_class->devnode = srom_devnode;
+        /* Do per-partition initialization */
+        for (i = 0; i < srom_devs; i++) {
+                result = srom_setup_minor(srom_devices + i, i);
+                if (result < 0)
+                        goto fail_class;
+        }
+        return 0;
+fail_class:
+        for (i = 0; i < srom_devs; i++)
+                device_destroy(srom_class, MKDEV(srom_major, i));
+        class_destroy(srom_class);
+fail_cdev:
+        cdev_del(&srom_cdev);
+fail_chrdev:
+        unregister_chrdev_region(dev, srom_devs);
+fail_mem:
+        kfree(srom_devices);
+        return result;
+}
+/** srom_cleanup() - Clean up the driver's module. */
+static void srom_cleanup(void)
+{
+        int i;
+        for (i = 0; i < srom_devs; i++)
+                device_destroy(srom_class, MKDEV(srom_major, i));
+        class_destroy(srom_class);
+        cdev_del(&srom_cdev);
+        unregister_chrdev_region(MKDEV(srom_major, 0), srom_devs);
+        kfree(srom_devices);
+}
+module_init(srom_init);
+module_exit(srom_cleanup);
diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
index 7fc2f108f490..3f4051a7c5a7 100644
--- a/drivers/char/tpm/tpm_tis.c
+++ b/drivers/char/tpm/tpm_tis.c
@@ -80,7 +80,7 @@ enum tis_defaults {
 static LIST_HEAD(tis_chips);
 static DEFINE_SPINLOCK(tis_lock);
-#ifdef CONFIG_PNP
+#if defined(CONFIG_PNP) && defined(CONFIG_ACPI)
 static int is_itpm(struct pnp_dev *dev)
 {
        struct acpi_device *acpi = pnp_acpi_device(dev);
@@ -93,6 +93,11 @@ static int is_itpm(struct pnp_dev *dev)
        return 0;
 }
+#else
+static inline int is_itpm(struct pnp_dev *dev)
+{
+        return 0;
+}
 #endif
 static int check_locality(struct tpm_chip *chip, int l)