Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6
diff --git a/Documentation/dell_rbu.txt b/Documentation/dell_rbu.txt
index 95d7f62..941343a 100644
--- a/Documentation/dell_rbu.txt
+++ b/Documentation/dell_rbu.txt
@@ -35,6 +35,7 @@
/sys/class/firmware/dell_rbu/data
/sys/devices/platform/dell_rbu/image_type
/sys/devices/platform/dell_rbu/data
+/sys/devices/platform/dell_rbu/packet_size
The driver supports two types of update mechanism; monolithic and packetized.
These update mechanism depends upon the BIOS currently running on the system.
@@ -47,8 +48,26 @@
changed to packets during the driver load time by specifying the load
parameter image_type=packet. This can also be changed later as below
echo packet > /sys/devices/platform/dell_rbu/image_type
-Also echoing either mono ,packet or init in to image_type will free up the
-memory allocated by the driver.
+
+In packet update mode the packet size has to be given before any packets can
+be downloaded. It is done as below
+echo XXXX > /sys/devices/platform/dell_rbu/packet_size
+In the packet update mechanism, the user neesd to create a new file having
+packets of data arranged back to back. It can be done as follows
+The user creates packets header, gets the chunk of the BIOS image and
+placs it next to the packetheader; now, the packetheader + BIOS image chunk
+added to geather should match the specified packet_size. This makes one
+packet, the user needs to create more such packets out of the entire BIOS
+image file and then arrange all these packets back to back in to one single
+file.
+This file is then copied to /sys/class/firmware/dell_rbu/data.
+Once this file gets to the driver, the driver extracts packet_size data from
+the file and spreads it accross the physical memory in contiguous packet_sized
+space.
+This method makes sure that all the packets get to the driver in a single operation.
+
+In monolithic update the user simply get the BIOS image (.hdr file) and copies
+to the data file as is without any change to the BIOS image itself.
Do the steps below to download the BIOS image.
1) echo 1 > /sys/class/firmware/dell_rbu/loading
@@ -58,7 +77,10 @@
The /sys/class/firmware/dell_rbu/ entries will remain till the following is
done.
echo -1 > /sys/class/firmware/dell_rbu/loading.
-Until this step is completed the drivr cannot be unloaded.
+Until this step is completed the driver cannot be unloaded.
+Also echoing either mono ,packet or init in to image_type will free up the
+memory allocated by the driver.
+
If an user by accident executes steps 1 and 3 above without executing step 2;
it will make the /sys/class/firmware/dell_rbu/ entries to disappear.
The entries can be recreated by doing the following
@@ -66,15 +88,11 @@
NOTE: echoing init in image_type does not change it original value.
Also the driver provides /sys/devices/platform/dell_rbu/data readonly file to
-read back the image downloaded. This is useful in case of packet update
-mechanism where the above steps 1,2,3 will repeated for every packet.
-By reading the /sys/devices/platform/dell_rbu/data file all packet data
-downloaded can be verified in a single file.
-The packets are arranged in this file one after the other in a FIFO order.
+read back the image downloaded.
NOTE:
-This driver requires a patch for firmware_class.c which has the addition
-of request_firmware_nowait_nohotplug function to wortk
+This driver requires a patch for firmware_class.c which has the modified
+request_firmware_nowait function.
Also after updating the BIOS image an user mdoe application neeeds to execute
code which message the BIOS update request to the BIOS. So on the next reboot
the BIOS knows about the new image downloaded and it updates it self.
diff --git a/arch/m32r/kernel/entry.S b/arch/m32r/kernel/entry.S
index dddbf6b..85920fb 100644
--- a/arch/m32r/kernel/entry.S
+++ b/arch/m32r/kernel/entry.S
@@ -681,6 +681,15 @@
bl do_debug_trap
bra error_code
+ENTRY(ill_trap)
+ /* void ill_trap(void) */
+ SWITCH_TO_KERNEL_STACK
+ SAVE_ALL
+ ldi r1, #0 ; error_code ; FIXME
+ mv r0, sp ; pt_regs
+ bl do_ill_trap
+ bra error_code
+
/* Cache flushing handler */
ENTRY(cache_flushing_handler)
diff --git a/arch/m32r/kernel/traps.c b/arch/m32r/kernel/traps.c
index 0192227..5fe8ed6 100644
--- a/arch/m32r/kernel/traps.c
+++ b/arch/m32r/kernel/traps.c
@@ -5,8 +5,6 @@
* Hitoshi Yamamoto
*/
-/* $Id$ */
-
/*
* 'traps.c' handles hardware traps and faults after we have saved some
* state in 'entry.S'.
@@ -35,6 +33,7 @@
asmlinkage void rie_handler(void);
asmlinkage void debug_trap(void);
asmlinkage void cache_flushing_handler(void);
+asmlinkage void ill_trap(void);
#ifdef CONFIG_SMP
extern void smp_reschedule_interrupt(void);
@@ -77,22 +76,22 @@
eit_vector[5] = BRA_INSN(default_eit_handler, 5);
eit_vector[8] = BRA_INSN(rie_handler, 8);
eit_vector[12] = BRA_INSN(alignment_check, 12);
- eit_vector[16] = 0xff000000UL;
+ eit_vector[16] = BRA_INSN(ill_trap, 16);
eit_vector[17] = BRA_INSN(debug_trap, 17);
eit_vector[18] = BRA_INSN(system_call, 18);
- eit_vector[19] = 0xff000000UL;
- eit_vector[20] = 0xff000000UL;
- eit_vector[21] = 0xff000000UL;
- eit_vector[22] = 0xff000000UL;
- eit_vector[23] = 0xff000000UL;
- eit_vector[24] = 0xff000000UL;
- eit_vector[25] = 0xff000000UL;
- eit_vector[26] = 0xff000000UL;
- eit_vector[27] = 0xff000000UL;
+ eit_vector[19] = BRA_INSN(ill_trap, 19);
+ eit_vector[20] = BRA_INSN(ill_trap, 20);
+ eit_vector[21] = BRA_INSN(ill_trap, 21);
+ eit_vector[22] = BRA_INSN(ill_trap, 22);
+ eit_vector[23] = BRA_INSN(ill_trap, 23);
+ eit_vector[24] = BRA_INSN(ill_trap, 24);
+ eit_vector[25] = BRA_INSN(ill_trap, 25);
+ eit_vector[26] = BRA_INSN(ill_trap, 26);
+ eit_vector[27] = BRA_INSN(ill_trap, 27);
eit_vector[28] = BRA_INSN(cache_flushing_handler, 28);
- eit_vector[29] = 0xff000000UL;
- eit_vector[30] = 0xff000000UL;
- eit_vector[31] = 0xff000000UL;
+ eit_vector[29] = BRA_INSN(ill_trap, 29);
+ eit_vector[30] = BRA_INSN(ill_trap, 30);
+ eit_vector[31] = BRA_INSN(ill_trap, 31);
eit_vector[32] = BRA_INSN(ei_handler, 32);
eit_vector[64] = BRA_INSN(pie_handler, 64);
#ifdef CONFIG_MMU
@@ -286,7 +285,8 @@
DO_ERROR( 1, SIGTRAP, "debug trap", debug_trap)
DO_ERROR_INFO(0x20, SIGILL, "reserved instruction ", rie_handler, ILL_ILLOPC, regs->bpc)
-DO_ERROR_INFO(0x100, SIGILL, "privilege instruction", pie_handler, ILL_PRVOPC, regs->bpc)
+DO_ERROR_INFO(0x100, SIGILL, "privileged instruction", pie_handler, ILL_PRVOPC, regs->bpc)
+DO_ERROR_INFO(-1, SIGILL, "illegal trap", ill_trap, ILL_ILLTRP, regs->bpc)
extern int handle_unaligned_access(unsigned long, struct pt_regs *);
@@ -329,4 +329,3 @@
set_fs(oldfs);
}
}
-
diff --git a/arch/ppc/kernel/dma-mapping.c b/arch/ppc/kernel/dma-mapping.c
index b566d98..8edee80 100644
--- a/arch/ppc/kernel/dma-mapping.c
+++ b/arch/ppc/kernel/dma-mapping.c
@@ -401,10 +401,10 @@
static inline void __dma_sync_page_highmem(struct page *page,
unsigned long offset, size_t size, int direction)
{
- size_t seg_size = min((size_t)PAGE_SIZE, size) - offset;
+ size_t seg_size = min((size_t)(PAGE_SIZE - offset), size);
size_t cur_size = seg_size;
unsigned long flags, start, seg_offset = offset;
- int nr_segs = PAGE_ALIGN(size + (PAGE_SIZE - offset))/PAGE_SIZE;
+ int nr_segs = 1 + ((size - seg_size) + PAGE_SIZE - 1)/PAGE_SIZE;
int seg_nr = 0;
local_irq_save(flags);
diff --git a/arch/ppc64/kernel/module.c b/arch/ppc64/kernel/module.c
index c683bf8..928b858 100644
--- a/arch/ppc64/kernel/module.c
+++ b/arch/ppc64/kernel/module.c
@@ -341,6 +341,19 @@
*(unsigned long *)location = my_r2(sechdrs, me);
break;
+ case R_PPC64_TOC16:
+ /* Subtact TOC pointer */
+ value -= my_r2(sechdrs, me);
+ if (value + 0x8000 > 0xffff) {
+ printk("%s: bad TOC16 relocation (%lu)\n",
+ me->name, value);
+ return -ENOEXEC;
+ }
+ *((uint16_t *) location)
+ = (*((uint16_t *) location) & ~0xffff)
+ | (value & 0xffff);
+ break;
+
case R_PPC64_TOC16_DS:
/* Subtact TOC pointer */
value -= my_r2(sechdrs, me);
diff --git a/arch/ppc64/kernel/pSeries_pci.c b/arch/ppc64/kernel/pSeries_pci.c
index 1f5f141..928f8fe 100644
--- a/arch/ppc64/kernel/pSeries_pci.c
+++ b/arch/ppc64/kernel/pSeries_pci.c
@@ -32,7 +32,7 @@
#include "pci.h"
-static int __initdata s7a_workaround = -1;
+static int __devinitdata s7a_workaround = -1;
#if 0
void pcibios_name_device(struct pci_dev *dev)
@@ -60,7 +60,7 @@
DECLARE_PCI_FIXUP_HEADER(PCI_ANY_ID, PCI_ANY_ID, pcibios_name_device);
#endif
-static void __init check_s7a(void)
+static void __devinit check_s7a(void)
{
struct device_node *root;
char *model;
diff --git a/drivers/firmware/dell_rbu.c b/drivers/firmware/dell_rbu.c
index b667823..4f4ba9b 100644
--- a/drivers/firmware/dell_rbu.c
+++ b/drivers/firmware/dell_rbu.c
@@ -50,7 +50,7 @@
MODULE_AUTHOR("Abhay Salunke <abhay_salunke@dell.com>");
MODULE_DESCRIPTION("Driver for updating BIOS image on DELL systems");
MODULE_LICENSE("GPL");
-MODULE_VERSION("2.0");
+MODULE_VERSION("3.0");
#define BIOS_SCAN_LIMIT 0xffffffff
#define MAX_IMAGE_LENGTH 16
@@ -62,15 +62,16 @@
int dma_alloc;
spinlock_t lock;
unsigned long packet_read_count;
- unsigned long packet_write_count;
unsigned long num_packets;
unsigned long packetsize;
+ unsigned long imagesize;
int entry_created;
} rbu_data;
static char image_type[MAX_IMAGE_LENGTH + 1] = "mono";
module_param_string(image_type, image_type, sizeof (image_type), 0);
-MODULE_PARM_DESC(image_type, "BIOS image type. choose- mono or packet");
+MODULE_PARM_DESC(image_type,
+ "BIOS image type. choose- mono or packet or init");
struct packet_data {
struct list_head list;
@@ -88,55 +89,13 @@
static void init_packet_head(void)
{
INIT_LIST_HEAD(&packet_data_head.list);
- rbu_data.packet_write_count = 0;
rbu_data.packet_read_count = 0;
rbu_data.num_packets = 0;
rbu_data.packetsize = 0;
+ rbu_data.imagesize = 0;
}
-static int fill_last_packet(void *data, size_t length)
-{
- struct list_head *ptemp_list;
- struct packet_data *packet = NULL;
- int packet_count = 0;
-
- pr_debug("fill_last_packet: entry \n");
-
- if (!rbu_data.num_packets) {
- pr_debug("fill_last_packet: num_packets=0\n");
- return -ENOMEM;
- }
-
- packet_count = rbu_data.num_packets;
-
- ptemp_list = (&packet_data_head.list)->prev;
-
- packet = list_entry(ptemp_list, struct packet_data, list);
-
- if ((rbu_data.packet_write_count + length) > rbu_data.packetsize) {
- pr_debug("dell_rbu:%s: packet size data "
- "overrun\n", __FUNCTION__);
- return -EINVAL;
- }
-
- pr_debug("fill_last_packet : buffer = %p\n", packet->data);
-
- memcpy((packet->data + rbu_data.packet_write_count), data, length);
-
- if ((rbu_data.packet_write_count + length) == rbu_data.packetsize) {
- /*
- * this was the last data chunk in the packet
- * so reinitialize the packet data counter to zero
- */
- rbu_data.packet_write_count = 0;
- } else
- rbu_data.packet_write_count += length;
-
- pr_debug("fill_last_packet: exit \n");
- return 0;
-}
-
-static int create_packet(size_t length)
+static int create_packet(void *data, size_t length)
{
struct packet_data *newpacket;
int ordernum = 0;
@@ -186,9 +145,11 @@
INIT_LIST_HEAD(&newpacket->list);
list_add_tail(&newpacket->list, &packet_data_head.list);
/*
- * packets have fixed size
+ * packets may not have fixed size
*/
- newpacket->length = rbu_data.packetsize;
+ newpacket->length = length;
+
+ memcpy(newpacket->data, data, length);
pr_debug("create_packet: exit \n");
@@ -198,13 +159,37 @@
static int packetize_data(void *data, size_t length)
{
int rc = 0;
-
- if (!rbu_data.packet_write_count) {
- if ((rc = create_packet(length)))
- return rc;
+ int done = 0;
+ int packet_length;
+ u8 *temp;
+ u8 *end = (u8 *) data + length;
+ pr_debug("packetize_data: data length %d\n", length);
+ if (!rbu_data.packetsize) {
+ printk(KERN_WARNING
+ "dell_rbu: packetsize not specified\n");
+ return -EIO;
}
- if ((rc = fill_last_packet(data, length)))
- return rc;
+
+ temp = (u8 *) data;
+
+ /* packetize the hunk */
+ while (!done) {
+ if ((temp + rbu_data.packetsize) < end)
+ packet_length = rbu_data.packetsize;
+ else {
+ /* this is the last packet */
+ packet_length = end - temp;
+ done = 1;
+ }
+
+ if ((rc = create_packet(temp, packet_length)))
+ return rc;
+
+ pr_debug("%lu:%lu\n", temp, (end - temp));
+ temp += packet_length;
+ }
+
+ rbu_data.imagesize = length;
return rc;
}
@@ -243,7 +228,7 @@
return bytes_copied;
}
-static int packet_read_list(char *data, size_t *pread_length)
+static int packet_read_list(char *data, size_t * pread_length)
{
struct list_head *ptemp_list;
int temp_count = 0;
@@ -303,10 +288,9 @@
newpacket->ordernum);
kfree(newpacket);
}
- rbu_data.packet_write_count = 0;
rbu_data.packet_read_count = 0;
rbu_data.num_packets = 0;
- rbu_data.packetsize = 0;
+ rbu_data.imagesize = 0;
}
/*
@@ -425,7 +409,6 @@
size_t bytes_left;
size_t data_length;
char *ptempBuf = buffer;
- unsigned long imagesize;
/* check to see if we have something to return */
if (rbu_data.num_packets == 0) {
@@ -434,22 +417,20 @@
goto read_rbu_data_exit;
}
- imagesize = rbu_data.num_packets * rbu_data.packetsize;
-
- if (pos > imagesize) {
+ if (pos > rbu_data.imagesize) {
retval = 0;
printk(KERN_WARNING "dell_rbu:read_packet_data: "
"data underrun\n");
goto read_rbu_data_exit;
}
- bytes_left = imagesize - pos;
+ bytes_left = rbu_data.imagesize - pos;
data_length = min(bytes_left, count);
if ((retval = packet_read_list(ptempBuf, &data_length)) < 0)
goto read_rbu_data_exit;
- if ((pos + count) > imagesize) {
+ if ((pos + count) > rbu_data.imagesize) {
rbu_data.packet_read_count = 0;
/* this was the last copy */
retval = bytes_left;
@@ -499,7 +480,7 @@
}
static ssize_t read_rbu_data(struct kobject *kobj, char *buffer,
- loff_t pos, size_t count)
+ loff_t pos, size_t count)
{
ssize_t ret_count = 0;
@@ -531,13 +512,18 @@
memcpy(rbu_data.image_update_buffer,
fw->data, fw->size);
} else if (!strcmp(image_type, "packet")) {
- if (!rbu_data.packetsize)
- rbu_data.packetsize = fw->size;
- else if (rbu_data.packetsize != fw->size) {
+ /*
+ * we need to free previous packets if a
+ * new hunk of packets needs to be downloaded
+ */
+ packet_empty_list();
+ if (packetize_data(fw->data, fw->size))
+ /* Incase something goes wrong when we are
+ * in middle of packetizing the data, we
+ * need to free up whatever packets might
+ * have been created before we quit.
+ */
packet_empty_list();
- rbu_data.packetsize = fw->size;
- }
- packetize_data(fw->data, fw->size);
} else
pr_debug("invalid image type specified.\n");
spin_unlock(&rbu_data.lock);
@@ -553,7 +539,7 @@
}
static ssize_t read_rbu_image_type(struct kobject *kobj, char *buffer,
- loff_t pos, size_t count)
+ loff_t pos, size_t count)
{
int size = 0;
if (!pos)
@@ -562,7 +548,7 @@
}
static ssize_t write_rbu_image_type(struct kobject *kobj, char *buffer,
- loff_t pos, size_t count)
+ loff_t pos, size_t count)
{
int rc = count;
int req_firm_rc = 0;
@@ -621,25 +607,49 @@
return rc;
}
+static ssize_t read_rbu_packet_size(struct kobject *kobj, char *buffer,
+ loff_t pos, size_t count)
+{
+ int size = 0;
+ if (!pos) {
+ spin_lock(&rbu_data.lock);
+ size = sprintf(buffer, "%lu\n", rbu_data.packetsize);
+ spin_unlock(&rbu_data.lock);
+ }
+ return size;
+}
+
+static ssize_t write_rbu_packet_size(struct kobject *kobj, char *buffer,
+ loff_t pos, size_t count)
+{
+ unsigned long temp;
+ spin_lock(&rbu_data.lock);
+ packet_empty_list();
+ sscanf(buffer, "%lu", &temp);
+ if (temp < 0xffffffff)
+ rbu_data.packetsize = temp;
+
+ spin_unlock(&rbu_data.lock);
+ return count;
+}
+
static struct bin_attribute rbu_data_attr = {
- .attr = {
- .name = "data",
- .owner = THIS_MODULE,
- .mode = 0444,
- },
+ .attr = {.name = "data",.owner = THIS_MODULE,.mode = 0444},
.read = read_rbu_data,
};
static struct bin_attribute rbu_image_type_attr = {
- .attr = {
- .name = "image_type",
- .owner = THIS_MODULE,
- .mode = 0644,
- },
+ .attr = {.name = "image_type",.owner = THIS_MODULE,.mode = 0644},
.read = read_rbu_image_type,
.write = write_rbu_image_type,
};
+static struct bin_attribute rbu_packet_size_attr = {
+ .attr = {.name = "packet_size",.owner = THIS_MODULE,.mode = 0644},
+ .read = read_rbu_packet_size,
+ .write = write_rbu_packet_size,
+};
+
static int __init dcdrbu_init(void)
{
int rc = 0;
@@ -657,6 +667,8 @@
sysfs_create_bin_file(&rbu_device->dev.kobj, &rbu_data_attr);
sysfs_create_bin_file(&rbu_device->dev.kobj, &rbu_image_type_attr);
+ sysfs_create_bin_file(&rbu_device->dev.kobj,
+ &rbu_packet_size_attr);
rc = request_firmware_nowait(THIS_MODULE, FW_ACTION_NOHOTPLUG,
"dell_rbu", &rbu_device->dev, &context, callbackfn_rbu);
diff --git a/drivers/media/video/bttv-cards.c b/drivers/media/video/bttv-cards.c
index 6c33280..0881a17 100644
--- a/drivers/media/video/bttv-cards.c
+++ b/drivers/media/video/bttv-cards.c
@@ -2393,10 +2393,10 @@
.tuner = 0,
.tuner_type = TUNER_LG_TDVS_H062F,
.tuner_addr = ADDR_UNSET,
- .video_inputs = 2,
+ .video_inputs = 3,
.audio_inputs = 1,
.svhs = 2,
- .muxsel = { 2, 3 },
+ .muxsel = { 2, 3, 1 },
.gpiomask = 0x00e00007,
.audiomux = { 0x00400005, 0, 0x00000001, 0, 0x00c00007, 0 },
.no_msp34xx = 1,
diff --git a/drivers/s390/cio/device.c b/drivers/s390/cio/device.c
index 14c76f5..9adc11e 100644
--- a/drivers/s390/cio/device.c
+++ b/drivers/s390/cio/device.c
@@ -544,7 +544,7 @@
.sibling = sibling,
};
- dev = bus_find_device(&css_bus_type, NULL, &data, match_devno);
+ dev = bus_find_device(&ccw_bus_type, NULL, &data, match_devno);
return dev ? to_ccwdev(dev) : NULL;
}
diff --git a/fs/9p/vfs_file.c b/fs/9p/vfs_file.c
index a4799e9..bbc3cc6 100644
--- a/fs/9p/vfs_file.c
+++ b/fs/9p/vfs_file.c
@@ -175,16 +175,16 @@
}
/**
- * v9fs_read - read from a file (internal)
+ * v9fs_file_read - read from a file
* @filep: file pointer to read
* @data: data buffer to read data into
* @count: size of buffer
* @offset: offset at which to read data
*
*/
-
static ssize_t
-v9fs_read(struct file *filp, char *buffer, size_t count, loff_t * offset)
+v9fs_file_read(struct file *filp, char __user * data, size_t count,
+ loff_t * offset)
{
struct inode *inode = filp->f_dentry->d_inode;
struct v9fs_session_info *v9ses = v9fs_inode2v9ses(inode);
@@ -194,6 +194,7 @@
int rsize = 0;
int result = 0;
int total = 0;
+ int n;
dprintk(DEBUG_VFS, "\n");
@@ -216,10 +217,15 @@
} else
*offset += result;
- /* XXX - extra copy */
- memcpy(buffer, fcall->params.rread.data, result);
+ n = copy_to_user(data, fcall->params.rread.data, result);
+ if (n) {
+ dprintk(DEBUG_ERROR, "Problem copying to user %d\n", n);
+ kfree(fcall);
+ return -EFAULT;
+ }
+
count -= result;
- buffer += result;
+ data += result;
total += result;
kfree(fcall);
@@ -232,101 +238,6 @@
}
/**
- * v9fs_file_read - read from a file
- * @filep: file pointer to read
- * @data: data buffer to read data into
- * @count: size of buffer
- * @offset: offset at which to read data
- *
- */
-
-static ssize_t
-v9fs_file_read(struct file *filp, char __user * data, size_t count,
- loff_t * offset)
-{
- int retval = -1;
- int ret = 0;
- char *buffer;
-
- buffer = kmalloc(count, GFP_KERNEL);
- if (!buffer)
- return -ENOMEM;
-
- retval = v9fs_read(filp, buffer, count, offset);
- if (retval > 0) {
- if ((ret = copy_to_user(data, buffer, retval)) != 0) {
- dprintk(DEBUG_ERROR, "Problem copying to user %d\n",
- ret);
- retval = ret;
- }
- }
-
- kfree(buffer);
-
- return retval;
-}
-
-/**
- * v9fs_write - write to a file
- * @filep: file pointer to write
- * @data: data buffer to write data from
- * @count: size of buffer
- * @offset: offset at which to write data
- *
- */
-
-static ssize_t
-v9fs_write(struct file *filp, char *buffer, size_t count, loff_t * offset)
-{
- struct inode *inode = filp->f_dentry->d_inode;
- struct v9fs_session_info *v9ses = v9fs_inode2v9ses(inode);
- struct v9fs_fid *v9fid = filp->private_data;
- struct v9fs_fcall *fcall;
- int fid = v9fid->fid;
- int result = -EIO;
- int rsize = 0;
- int total = 0;
-
- dprintk(DEBUG_VFS, "data %p count %d offset %x\n", buffer, (int)count,
- (int)*offset);
- rsize = v9ses->maxdata - V9FS_IOHDRSZ;
- if (v9fid->iounit != 0 && rsize > v9fid->iounit)
- rsize = v9fid->iounit;
-
- dump_data(buffer, count);
-
- do {
- if (count < rsize)
- rsize = count;
-
- result =
- v9fs_t_write(v9ses, fid, *offset, rsize, buffer, &fcall);
- if (result < 0) {
- eprintk(KERN_ERR, "error while writing: %s(%d)\n",
- FCALL_ERROR(fcall), result);
- kfree(fcall);
- return result;
- } else
- *offset += result;
-
- kfree(fcall);
-
- if (result != rsize) {
- eprintk(KERN_ERR,
- "short write: v9fs_t_write returned %d\n",
- result);
- break;
- }
-
- count -= result;
- buffer += result;
- total += result;
- } while (count);
-
- return total;
-}
-
-/**
* v9fs_file_write - write to a file
* @filep: file pointer to write
* @data: data buffer to write data from
@@ -339,24 +250,65 @@
v9fs_file_write(struct file *filp, const char __user * data,
size_t count, loff_t * offset)
{
- int ret = -1;
- char *buffer;
+ struct inode *inode = filp->f_dentry->d_inode;
+ struct v9fs_session_info *v9ses = v9fs_inode2v9ses(inode);
+ struct v9fs_fid *v9fid = filp->private_data;
+ struct v9fs_fcall *fcall;
+ int fid = v9fid->fid;
+ int result = -EIO;
+ int rsize = 0;
+ int total = 0;
+ char *buf;
- buffer = kmalloc(count, GFP_KERNEL);
- if (buffer == NULL)
+ dprintk(DEBUG_VFS, "data %p count %d offset %x\n", data, (int)count,
+ (int)*offset);
+ rsize = v9ses->maxdata - V9FS_IOHDRSZ;
+ if (v9fid->iounit != 0 && rsize > v9fid->iounit)
+ rsize = v9fid->iounit;
+
+ buf = kmalloc(v9ses->maxdata - V9FS_IOHDRSZ, GFP_KERNEL);
+ if (!buf)
return -ENOMEM;
- ret = copy_from_user(buffer, data, count);
- if (ret) {
- dprintk(DEBUG_ERROR, "Problem copying from user\n");
- ret = -EFAULT;
- } else {
- ret = v9fs_write(filp, buffer, count, offset);
- }
+ do {
+ if (count < rsize)
+ rsize = count;
- kfree(buffer);
+ result = copy_from_user(buf, data, rsize);
+ if (result) {
+ dprintk(DEBUG_ERROR, "Problem copying from user\n");
+ kfree(buf);
+ return -EFAULT;
+ }
- return ret;
+ dump_data(buf, rsize);
+ result = v9fs_t_write(v9ses, fid, *offset, rsize, buf, &fcall);
+ if (result < 0) {
+ eprintk(KERN_ERR, "error while writing: %s(%d)\n",
+ FCALL_ERROR(fcall), result);
+ kfree(fcall);
+ kfree(buf);
+ return result;
+ } else
+ *offset += result;
+
+ kfree(fcall);
+ fcall = NULL;
+
+ if (result != rsize) {
+ eprintk(KERN_ERR,
+ "short write: v9fs_t_write returned %d\n",
+ result);
+ break;
+ }
+
+ count -= result;
+ data += result;
+ total += result;
+ } while (count);
+
+ kfree(buf);
+ return total;
}
struct file_operations v9fs_file_operations = {
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 7976a23..d4b1557 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -905,7 +905,7 @@
send_sig(SIGKILL, current, 0);
goto out_free_dentry;
}
- if (padzero(elf_bss)) {
+ if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
send_sig(SIGSEGV, current, 0);
retval = -EFAULT; /* Nobody gets to see this, but.. */
goto out_free_dentry;
diff --git a/fs/nfs_common/nfsacl.c b/fs/nfs_common/nfsacl.c
index 251e5a1..0c2be8c 100644
--- a/fs/nfs_common/nfsacl.c
+++ b/fs/nfs_common/nfsacl.c
@@ -48,43 +48,26 @@
(struct nfsacl_encode_desc *) desc;
u32 *p = (u32 *) elem;
- if (nfsacl_desc->count < nfsacl_desc->acl->a_count) {
- struct posix_acl_entry *entry =
- &nfsacl_desc->acl->a_entries[nfsacl_desc->count++];
+ struct posix_acl_entry *entry =
+ &nfsacl_desc->acl->a_entries[nfsacl_desc->count++];
- *p++ = htonl(entry->e_tag | nfsacl_desc->typeflag);
- switch(entry->e_tag) {
- case ACL_USER_OBJ:
- *p++ = htonl(nfsacl_desc->uid);
- break;
- case ACL_GROUP_OBJ:
- *p++ = htonl(nfsacl_desc->gid);
- break;
- case ACL_USER:
- case ACL_GROUP:
- *p++ = htonl(entry->e_id);
- break;
- default: /* Solaris depends on that! */
- *p++ = 0;
- break;
- }
- *p++ = htonl(entry->e_perm & S_IRWXO);
- } else {
- const struct posix_acl_entry *pa, *pe;
- int group_obj_perm = ACL_READ|ACL_WRITE|ACL_EXECUTE;
-
- FOREACH_ACL_ENTRY(pa, nfsacl_desc->acl, pe) {
- if (pa->e_tag == ACL_GROUP_OBJ) {
- group_obj_perm = pa->e_perm & S_IRWXO;
- break;
- }
- }
- /* fake up ACL_MASK entry */
- *p++ = htonl(ACL_MASK | nfsacl_desc->typeflag);
- *p++ = htonl(0);
- *p++ = htonl(group_obj_perm);
+ *p++ = htonl(entry->e_tag | nfsacl_desc->typeflag);
+ switch(entry->e_tag) {
+ case ACL_USER_OBJ:
+ *p++ = htonl(nfsacl_desc->uid);
+ break;
+ case ACL_GROUP_OBJ:
+ *p++ = htonl(nfsacl_desc->gid);
+ break;
+ case ACL_USER:
+ case ACL_GROUP:
+ *p++ = htonl(entry->e_id);
+ break;
+ default: /* Solaris depends on that! */
+ *p++ = 0;
+ break;
}
-
+ *p++ = htonl(entry->e_perm & S_IRWXO);
return 0;
}
@@ -105,11 +88,28 @@
.gid = inode->i_gid,
};
int err;
+ struct posix_acl *acl2 = NULL;
if (entries > NFS_ACL_MAX_ENTRIES ||
xdr_encode_word(buf, base, entries))
return -EINVAL;
+ if (encode_entries && acl && acl->a_count == 3) {
+ /* Fake up an ACL_MASK entry. */
+ acl2 = posix_acl_alloc(4, GFP_KERNEL);
+ if (!acl2)
+ return -ENOMEM;
+ /* Insert entries in canonical order: other orders seem
+ to confuse Solaris VxFS. */
+ acl2->a_entries[0] = acl->a_entries[0]; /* ACL_USER_OBJ */
+ acl2->a_entries[1] = acl->a_entries[1]; /* ACL_GROUP_OBJ */
+ acl2->a_entries[2] = acl->a_entries[1]; /* ACL_MASK */
+ acl2->a_entries[2].e_tag = ACL_MASK;
+ acl2->a_entries[3] = acl->a_entries[2]; /* ACL_OTHER */
+ nfsacl_desc.acl = acl2;
+ }
err = xdr_encode_array2(buf, base + 4, &nfsacl_desc.desc);
+ if (acl2)
+ posix_acl_release(acl2);
if (!err)
err = 8 + nfsacl_desc.desc.elem_size *
nfsacl_desc.desc.array_len;
diff --git a/mm/fremap.c b/mm/fremap.c
index 3235fb7..ab23a06 100644
--- a/mm/fremap.c
+++ b/mm/fremap.c
@@ -89,6 +89,9 @@
size = (i_size_read(inode) + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
if (!page->mapping || page->index >= size)
goto err_unlock;
+ err = -ENOMEM;
+ if (page_mapcount(page) > INT_MAX/2)
+ goto err_unlock;
zap_pte(mm, vma, addr, pte);
diff --git a/mm/madvise.c b/mm/madvise.c
index 4454936..20e075d 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -83,6 +83,9 @@
{
struct file *file = vma->vm_file;
+ if (!file)
+ return -EBADF;
+
if (file->f_mapping->a_ops->get_xip_page) {
/* no bad return value, but ignore advice */
return 0;
@@ -141,11 +144,7 @@
madvise_vma(struct vm_area_struct *vma, struct vm_area_struct **prev,
unsigned long start, unsigned long end, int behavior)
{
- struct file *filp = vma->vm_file;
- long error = -EBADF;
-
- if (!filp)
- goto out;
+ long error;
switch (behavior) {
case MADV_NORMAL:
@@ -166,8 +165,6 @@
error = -EINVAL;
break;
}
-
-out:
return error;
}