diff --git a/debian/changelog b/debian/changelog index c019277cd..c34a8c56e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -18,7 +18,7 @@ linux-2.6 (2.6.27-1~experimental.1) UNRELEASED; urgency=low EDAC_I5100, RTC_DRV_M41T94, RTC_DRV_DS1305, UBIFS. * [x86] set MOUSE_BCM5974, X86_RESERVE_LOW_64K. * [x86_64] set AMD_IOMMU, MTRR_SANITIZER. - * Add stable releases 2.6.27.1-2.6.27.7. + * Add stable releases 2.6.27.1-2.6.27.8. [ Martin Michlmayr ] * [mips/r4k-ip22, mips/sb1-bcm91250a] Don't build in ISO9660. diff --git a/debian/patches/bugfix/all/stable/patch-2.6.27.8 b/debian/patches/bugfix/all/stable/patch-2.6.27.8 new file mode 100644 index 000000000..1592997a4 --- /dev/null +++ b/debian/patches/bugfix/all/stable/patch-2.6.27.8 @@ -0,0 +1,7559 @@ +diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt +index f566ad9..23f3edc 100644 +--- a/Documentation/filesystems/proc.txt ++++ b/Documentation/filesystems/proc.txt +@@ -44,6 +44,7 @@ Table of Contents + 2.14 /proc//io - Display the IO accounting fields + 2.15 /proc//coredump_filter - Core dump filtering settings + 2.16 /proc//mountinfo - Information about mounts ++ 2.17 /proc/sys/fs/epoll - Configuration options for the epoll interface + + ------------------------------------------------------------------------------ + Preface +@@ -2471,4 +2472,30 @@ For more information on mount propagation see: + + Documentation/filesystems/sharedsubtree.txt + ++2.17 /proc/sys/fs/epoll - Configuration options for the epoll interface ++-------------------------------------------------------- ++ ++This directory contains configuration options for the epoll(7) interface. ++ ++max_user_instances ++------------------ ++ ++This is the maximum number of epoll file descriptors that a single user can ++have open at a given time. The default value is 128, and should be enough ++for normal users. ++ ++max_user_watches ++---------------- ++ ++Every epoll file descriptor can store a number of files to be monitored ++for event readiness. Each one of these monitored files constitutes a "watch". ++This configuration option sets the maximum number of "watches" that are ++allowed for each user. ++Each "watch" costs roughly 90 bytes on a 32bit kernel, and roughly 160 bytes ++on a 64bit one. ++The current default value for max_user_watches is the 1/32 of the available ++low memory, divided for the "watch" cost in bytes. ++ ++ + ------------------------------------------------------------------------------ ++ +diff --git a/arch/ia64/kernel/acpi.c b/arch/ia64/kernel/acpi.c +index 5d1eb7e..8a7e508 100644 +--- a/arch/ia64/kernel/acpi.c ++++ b/arch/ia64/kernel/acpi.c +@@ -656,6 +656,30 @@ static int __init acpi_parse_fadt(struct acpi_table_header *table) + return 0; + } + ++int __init early_acpi_boot_init(void) ++{ ++ int ret; ++ ++ /* ++ * do a partial walk of MADT to determine how many CPUs ++ * we have including offline CPUs ++ */ ++ if (acpi_table_parse(ACPI_SIG_MADT, acpi_parse_madt)) { ++ printk(KERN_ERR PREFIX "Can't find MADT\n"); ++ return 0; ++ } ++ ++ ret = acpi_table_parse_madt(ACPI_MADT_TYPE_LOCAL_SAPIC, ++ acpi_parse_lsapic, NR_CPUS); ++ if (ret < 1) ++ printk(KERN_ERR PREFIX ++ "Error parsing MADT - no LAPIC entries\n"); ++ ++ return 0; ++} ++ ++ ++ + int __init acpi_boot_init(void) + { + +@@ -679,11 +703,6 @@ int __init acpi_boot_init(void) + printk(KERN_ERR PREFIX + "Error parsing LAPIC address override entry\n"); + +- if (acpi_table_parse_madt(ACPI_MADT_TYPE_LOCAL_SAPIC, acpi_parse_lsapic, NR_CPUS) +- < 1) +- printk(KERN_ERR PREFIX +- "Error parsing MADT - no LAPIC entries\n"); +- + if (acpi_table_parse_madt(ACPI_MADT_TYPE_LOCAL_APIC_NMI, acpi_parse_lapic_nmi, 0) + < 0) + printk(KERN_ERR PREFIX "Error parsing LAPIC NMI entry\n"); +diff --git a/arch/ia64/kernel/setup.c b/arch/ia64/kernel/setup.c +index de636b2..6030236 100644 +--- a/arch/ia64/kernel/setup.c ++++ b/arch/ia64/kernel/setup.c +@@ -549,8 +549,12 @@ setup_arch (char **cmdline_p) + #ifdef CONFIG_ACPI + /* Initialize the ACPI boot-time table parser */ + acpi_table_init(); ++ early_acpi_boot_init(); + # ifdef CONFIG_ACPI_NUMA + acpi_numa_init(); ++#ifdef CONFIG_ACPI_HOTPLUG_CPU ++ prefill_possible_map(); ++#endif + per_cpu_scan_finalize((cpus_weight(early_cpu_possible_map) == 0 ? + 32 : cpus_weight(early_cpu_possible_map)), + additional_cpus > 0 ? additional_cpus : 0); +@@ -841,9 +845,6 @@ void __init + setup_per_cpu_areas (void) + { + /* start_kernel() requires this... */ +-#ifdef CONFIG_ACPI_HOTPLUG_CPU +- prefill_possible_map(); +-#endif + } + + /* +diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c +index 675f1d0..4c771cd 100644 +--- a/arch/parisc/kernel/traps.c ++++ b/arch/parisc/kernel/traps.c +@@ -24,7 +24,6 @@ + #include + #include + #include +-#include + #include + + #include +@@ -51,7 +50,7 @@ + DEFINE_SPINLOCK(pa_dbit_lock); + #endif + +-void parisc_show_stack(struct task_struct *t, unsigned long *sp, ++static void parisc_show_stack(struct task_struct *task, unsigned long *sp, + struct pt_regs *regs); + + static int printbinary(char *buf, unsigned long x, int nbits) +@@ -121,18 +120,19 @@ static void print_fr(char *level, struct pt_regs *regs) + + void show_regs(struct pt_regs *regs) + { +- int i; ++ int i, user; + char *level; + unsigned long cr30, cr31; + +- level = user_mode(regs) ? KERN_DEBUG : KERN_CRIT; ++ user = user_mode(regs); ++ level = user ? KERN_DEBUG : KERN_CRIT; + + print_gr(level, regs); + + for (i = 0; i < 8; i += 4) + PRINTREGS(level, regs->sr, "sr", RFMT, i); + +- if (user_mode(regs)) ++ if (user) + print_fr(level, regs); + + cr30 = mfctl(30); +@@ -145,14 +145,18 @@ void show_regs(struct pt_regs *regs) + printk("%s CPU: %8d CR30: " RFMT " CR31: " RFMT "\n", + level, current_thread_info()->cpu, cr30, cr31); + printk("%s ORIG_R28: " RFMT "\n", level, regs->orig_r28); +- printk(level); +- print_symbol(" IAOQ[0]: %s\n", regs->iaoq[0]); +- printk(level); +- print_symbol(" IAOQ[1]: %s\n", regs->iaoq[1]); +- printk(level); +- print_symbol(" RP(r2): %s\n", regs->gr[2]); +- +- parisc_show_stack(current, NULL, regs); ++ ++ if (user) { ++ printk("%s IAOQ[0]: " RFMT "\n", level, regs->iaoq[0]); ++ printk("%s IAOQ[1]: " RFMT "\n", level, regs->iaoq[1]); ++ printk("%s RP(r2): " RFMT "\n", level, regs->gr[2]); ++ } else { ++ printk("%s IAOQ[0]: %pS\n", level, (void *) regs->iaoq[0]); ++ printk("%s IAOQ[1]: %pS\n", level, (void *) regs->iaoq[1]); ++ printk("%s RP(r2): %pS\n", level, (void *) regs->gr[2]); ++ ++ parisc_show_stack(current, NULL, regs); ++ } + } + + +@@ -173,20 +177,15 @@ static void do_show_stack(struct unwind_frame_info *info) + break; + + if (__kernel_text_address(info->ip)) { +- printk("%s [<" RFMT ">] ", (i&0x3)==1 ? KERN_CRIT : "", info->ip); +-#ifdef CONFIG_KALLSYMS +- print_symbol("%s\n", info->ip); +-#else +- if ((i & 0x03) == 0) +- printk("\n"); +-#endif ++ printk(KERN_CRIT " [<" RFMT ">] %pS\n", ++ info->ip, (void *) info->ip); + i++; + } + } +- printk("\n"); ++ printk(KERN_CRIT "\n"); + } + +-void parisc_show_stack(struct task_struct *task, unsigned long *sp, ++static void parisc_show_stack(struct task_struct *task, unsigned long *sp, + struct pt_regs *regs) + { + struct unwind_frame_info info; +diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c +index 010a51f..d5c3b45 100644 +--- a/arch/powerpc/platforms/cell/spufs/file.c ++++ b/arch/powerpc/platforms/cell/spufs/file.c +@@ -390,6 +390,9 @@ static int spufs_ps_fault(struct vm_area_struct *vma, + if (offset >= ps_size) + return VM_FAULT_SIGBUS; + ++ if (fatal_signal_pending(current)) ++ return VM_FAULT_SIGBUS; ++ + /* + * Because we release the mmap_sem, the context may be destroyed while + * we're in spu_wait. Grab an extra reference so it isn't destroyed +diff --git a/arch/powerpc/platforms/cell/spufs/inode.c b/arch/powerpc/platforms/cell/spufs/inode.c +index 690ca7b..5c73b62 100644 +--- a/arch/powerpc/platforms/cell/spufs/inode.c ++++ b/arch/powerpc/platforms/cell/spufs/inode.c +@@ -496,6 +496,8 @@ spufs_create_context(struct inode *inode, struct dentry *dentry, + ret = spufs_context_open(dget(dentry), mntget(mnt)); + if (ret < 0) { + WARN_ON(spufs_rmdir(inode, dentry)); ++ if (affinity) ++ mutex_unlock(&gang->aff_mutex); + mutex_unlock(&inode->i_mutex); + spu_forget(SPUFS_I(dentry->d_inode)->i_ctx); + goto out; +diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c +index c102af8..7d58e7f 100644 +--- a/arch/x86/kernel/acpi/boot.c ++++ b/arch/x86/kernel/acpi/boot.c +@@ -1593,6 +1593,11 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = { + DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 360"), + }, + }, ++ {} ++}; ++ ++/* second table for DMI checks that should run after early-quirks */ ++static struct dmi_system_id __initdata acpi_dmi_table_late[] = { + /* + * HP laptops which use a DSDT reporting as HP/SB400/10000, + * which includes some code which overrides all temperature +@@ -1721,6 +1726,9 @@ int __init early_acpi_boot_init(void) + + int __init acpi_boot_init(void) + { ++ /* those are executed after early-quirks are executed */ ++ dmi_check_system(acpi_dmi_table_late); ++ + /* + * If acpi_disabled, bail out + * One exception: acpi=ht continues far enough to enumerate LAPICs +diff --git a/arch/x86/kernel/cpu/cpufreq/powernow-k8.c b/arch/x86/kernel/cpu/cpufreq/powernow-k8.c +index 84bb395..20bda8c 100644 +--- a/arch/x86/kernel/cpu/cpufreq/powernow-k8.c ++++ b/arch/x86/kernel/cpu/cpufreq/powernow-k8.c +@@ -116,9 +116,20 @@ static int query_current_values_with_pending_wait(struct powernow_k8_data *data) + u32 i = 0; + + if (cpu_family == CPU_HW_PSTATE) { +- rdmsr(MSR_PSTATE_STATUS, lo, hi); +- i = lo & HW_PSTATE_MASK; +- data->currpstate = i; ++ if (data->currpstate == HW_PSTATE_INVALID) { ++ /* read (initial) hw pstate if not yet set */ ++ rdmsr(MSR_PSTATE_STATUS, lo, hi); ++ i = lo & HW_PSTATE_MASK; ++ ++ /* ++ * a workaround for family 11h erratum 311 might cause ++ * an "out-of-range Pstate if the core is in Pstate-0 ++ */ ++ if (i >= data->numps) ++ data->currpstate = HW_PSTATE_0; ++ else ++ data->currpstate = i; ++ } + return 0; + } + do { +@@ -1117,6 +1128,7 @@ static int __cpuinit powernowk8_cpu_init(struct cpufreq_policy *pol) + } + + data->cpu = pol->cpu; ++ data->currpstate = HW_PSTATE_INVALID; + + if (powernow_k8_cpu_init_acpi(data)) { + /* +diff --git a/arch/x86/kernel/cpu/cpufreq/powernow-k8.h b/arch/x86/kernel/cpu/cpufreq/powernow-k8.h +index ab48cfe..65cfb5d 100644 +--- a/arch/x86/kernel/cpu/cpufreq/powernow-k8.h ++++ b/arch/x86/kernel/cpu/cpufreq/powernow-k8.h +@@ -5,6 +5,19 @@ + * http://www.gnu.org/licenses/gpl.html + */ + ++ ++enum pstate { ++ HW_PSTATE_INVALID = 0xff, ++ HW_PSTATE_0 = 0, ++ HW_PSTATE_1 = 1, ++ HW_PSTATE_2 = 2, ++ HW_PSTATE_3 = 3, ++ HW_PSTATE_4 = 4, ++ HW_PSTATE_5 = 5, ++ HW_PSTATE_6 = 6, ++ HW_PSTATE_7 = 7, ++}; ++ + struct powernow_k8_data { + unsigned int cpu; + +@@ -23,7 +36,9 @@ struct powernow_k8_data { + u32 exttype; /* extended interface = 1 */ + + /* keep track of the current fid / vid or pstate */ +- u32 currvid, currfid, currpstate; ++ u32 currvid; ++ u32 currfid; ++ enum pstate currpstate; + + /* the powernow_table includes all frequency and vid/fid pairings: + * fid are the lower 8 bits of the index, vid are the upper 8 bits. +diff --git a/arch/x86/kernel/early-quirks.c b/arch/x86/kernel/early-quirks.c +index 6b839b1..1b894b7 100644 +--- a/arch/x86/kernel/early-quirks.c ++++ b/arch/x86/kernel/early-quirks.c +@@ -95,7 +95,8 @@ static void __init nvidia_bugs(int num, int slot, int func) + + } + +-static u32 ati_ixp4x0_rev(int num, int slot, int func) ++#if defined(CONFIG_ACPI) && defined(CONFIG_X86_IO_APIC) ++static u32 __init ati_ixp4x0_rev(int num, int slot, int func) + { + u32 d; + u8 b; +@@ -115,7 +116,6 @@ static u32 ati_ixp4x0_rev(int num, int slot, int func) + + static void __init ati_bugs(int num, int slot, int func) + { +-#if defined(CONFIG_ACPI) && defined (CONFIG_X86_IO_APIC) + u32 d; + u8 b; + +@@ -138,9 +138,56 @@ static void __init ati_bugs(int num, int slot, int func) + printk(KERN_INFO "If you got timer trouble " + "try acpi_use_timer_override\n"); + } +-#endif + } + ++static u32 __init ati_sbx00_rev(int num, int slot, int func) ++{ ++ u32 old, d; ++ ++ d = read_pci_config(num, slot, func, 0x70); ++ old = d; ++ d &= ~(1<<8); ++ write_pci_config(num, slot, func, 0x70, d); ++ d = read_pci_config(num, slot, func, 0x8); ++ d &= 0xff; ++ write_pci_config(num, slot, func, 0x70, old); ++ ++ return d; ++} ++ ++static void __init ati_bugs_contd(int num, int slot, int func) ++{ ++ u32 d, rev; ++ ++ if (acpi_use_timer_override) ++ return; ++ ++ rev = ati_sbx00_rev(num, slot, func); ++ if (rev > 0x13) ++ return; ++ ++ /* check for IRQ0 interrupt swap */ ++ d = read_pci_config(num, slot, func, 0x64); ++ if (!(d & (1<<14))) ++ acpi_skip_timer_override = 1; ++ ++ if (acpi_skip_timer_override) { ++ printk(KERN_INFO "SB600 revision 0x%x\n", rev); ++ printk(KERN_INFO "Ignoring ACPI timer override.\n"); ++ printk(KERN_INFO "If you got timer trouble " ++ "try acpi_use_timer_override\n"); ++ } ++} ++#else ++static void __init ati_bugs(int num, int slot, int func) ++{ ++} ++ ++static void __init ati_bugs_contd(int num, int slot, int func) ++{ ++} ++#endif ++ + #define QFLAG_APPLY_ONCE 0x1 + #define QFLAG_APPLIED 0x2 + #define QFLAG_DONE (QFLAG_APPLY_ONCE|QFLAG_APPLIED) +@@ -162,6 +209,8 @@ static struct chipset early_qrk[] __initdata = { + PCI_CLASS_BRIDGE_HOST, PCI_ANY_ID, 0, fix_hypertransport_config }, + { PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_IXP400_SMBUS, + PCI_CLASS_SERIAL_SMBUS, PCI_ANY_ID, 0, ati_bugs }, ++ { PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_SBX00_SMBUS, ++ PCI_CLASS_SERIAL_SMBUS, PCI_ANY_ID, 0, ati_bugs_contd }, + {} + }; + +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c +index 64b5c42..7667443 100644 +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -604,7 +604,7 @@ static struct dmi_system_id __initdata bad_bios_dmi_table[] = { + .callback = dmi_low_memory_corruption, + .ident = "Phoenix BIOS", + .matches = { +- DMI_MATCH(DMI_BIOS_VENDOR, "Phoenix Technologies, LTD"), ++ DMI_MATCH(DMI_BIOS_VENDOR, "Phoenix Technologies"), + }, + }, + #endif +diff --git a/arch/x86/mm/discontig_32.c b/arch/x86/mm/discontig_32.c +index 62fa440..62aec7e 100644 +--- a/arch/x86/mm/discontig_32.c ++++ b/arch/x86/mm/discontig_32.c +@@ -222,6 +222,41 @@ static void __init remap_numa_kva(void) + } + } + ++#ifdef CONFIG_HIBERNATION ++/** ++ * resume_map_numa_kva - add KVA mapping to the temporary page tables created ++ * during resume from hibernation ++ * @pgd_base - temporary resume page directory ++ */ ++void resume_map_numa_kva(pgd_t *pgd_base) ++{ ++ int node; ++ ++ for_each_online_node(node) { ++ unsigned long start_va, start_pfn, size, pfn; ++ ++ start_va = (unsigned long)node_remap_start_vaddr[node]; ++ start_pfn = node_remap_start_pfn[node]; ++ size = node_remap_size[node]; ++ ++ printk(KERN_DEBUG "%s: node %d\n", __FUNCTION__, node); ++ ++ for (pfn = 0; pfn < size; pfn += PTRS_PER_PTE) { ++ unsigned long vaddr = start_va + (pfn << PAGE_SHIFT); ++ pgd_t *pgd = pgd_base + pgd_index(vaddr); ++ pud_t *pud = pud_offset(pgd, vaddr); ++ pmd_t *pmd = pmd_offset(pud, vaddr); ++ ++ set_pmd(pmd, pfn_pmd(start_pfn + pfn, ++ PAGE_KERNEL_LARGE_EXEC)); ++ ++ printk(KERN_DEBUG "%s: %08lx -> pfn %08lx\n", ++ __FUNCTION__, vaddr, start_pfn + pfn); ++ } ++ } ++} ++#endif ++ + static unsigned long calculate_numa_remap_pages(void) + { + int nid; +diff --git a/arch/x86/power/hibernate_32.c b/arch/x86/power/hibernate_32.c +index f2b6e3f..81197c6 100644 +--- a/arch/x86/power/hibernate_32.c ++++ b/arch/x86/power/hibernate_32.c +@@ -12,6 +12,7 @@ + #include + #include + #include ++#include + + /* Defined in hibernate_asm_32.S */ + extern int restore_image(void); +@@ -127,6 +128,9 @@ static int resume_physical_mapping_init(pgd_t *pgd_base) + } + } + } ++ ++ resume_map_numa_kva(pgd_base); ++ + return 0; + } + +diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c +index a4e201b..6bbcf8a 100644 +--- a/arch/x86/xen/enlighten.c ++++ b/arch/x86/xen/enlighten.c +@@ -1413,7 +1413,7 @@ static void __init xen_reserve_top(void) + if (HYPERVISOR_xen_version(XENVER_platform_parameters, &pp) == 0) + top = pp.virt_start; + +- reserve_top_address(-top + 2 * PAGE_SIZE); ++ reserve_top_address(-top); + #endif /* CONFIG_X86_32 */ + } + +diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c +index 41b8e7c..9ab3fb9 100644 +--- a/drivers/acpi/ec.c ++++ b/drivers/acpi/ec.c +@@ -219,7 +219,8 @@ static void gpe_transaction(struct acpi_ec *ec, u8 status) + goto unlock; + err: + /* false interrupt, state didn't change */ +- ++ec->curr->irq_count; ++ if (in_interrupt()) ++ ++ec->curr->irq_count; + unlock: + spin_unlock_irqrestore(&ec->curr_lock, flags); + } +diff --git a/drivers/acpi/pci_slot.c b/drivers/acpi/pci_slot.c +index d5b4ef8..8d4a568 100644 +--- a/drivers/acpi/pci_slot.c ++++ b/drivers/acpi/pci_slot.c +@@ -150,7 +150,7 @@ register_slot(acpi_handle handle, u32 lvl, void *context, void **rv) + } + + snprintf(name, sizeof(name), "%u", (u32)sun); +- pci_slot = pci_create_slot(pci_bus, device, name); ++ pci_slot = pci_create_slot(pci_bus, device, name, NULL); + if (IS_ERR(pci_slot)) { + err("pci_create_slot returned %ld\n", PTR_ERR(pci_slot)); + kfree(slot); +diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c +index 8228ae3..b551cda 100644 +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -551,7 +551,7 @@ u64 ata_tf_read_block(struct ata_taskfile *tf, struct ata_device *dev) + if (tf->flags & ATA_TFLAG_LBA48) { + block |= (u64)tf->hob_lbah << 40; + block |= (u64)tf->hob_lbam << 32; +- block |= tf->hob_lbal << 24; ++ block |= (u64)tf->hob_lbal << 24; + } else + block |= (tf->device & 0xf) << 24; + +@@ -1207,7 +1207,7 @@ u64 ata_tf_to_lba48(const struct ata_taskfile *tf) + + sectors |= ((u64)(tf->hob_lbah & 0xff)) << 40; + sectors |= ((u64)(tf->hob_lbam & 0xff)) << 32; +- sectors |= (tf->hob_lbal & 0xff) << 24; ++ sectors |= ((u64)(tf->hob_lbal & 0xff)) << 24; + sectors |= (tf->lbah & 0xff) << 16; + sectors |= (tf->lbam & 0xff) << 8; + sectors |= (tf->lbal & 0xff); +@@ -2428,6 +2428,13 @@ int ata_dev_configure(struct ata_device *dev) + } + } + ++ if ((dev->horkage & ATA_HORKAGE_FIRMWARE_WARN) && print_info) { ++ ata_dev_printk(dev, KERN_WARNING, "WARNING: device requires " ++ "firmware update to be fully functional.\n"); ++ ata_dev_printk(dev, KERN_WARNING, " contact the vendor " ++ "or visit http://ata.wiki.kernel.org.\n"); ++ } ++ + return 0; + + err_out_nosup: +@@ -3971,6 +3978,20 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = { + { "ST380817AS", "3.42", ATA_HORKAGE_NONCQ }, + { "ST3160023AS", "3.42", ATA_HORKAGE_NONCQ }, + ++ /* Seagate NCQ + FLUSH CACHE firmware bug */ ++ { "ST31500341AS", "9JU138", ATA_HORKAGE_NONCQ | ++ ATA_HORKAGE_FIRMWARE_WARN }, ++ { "ST31000333AS", "9FZ136", ATA_HORKAGE_NONCQ | ++ ATA_HORKAGE_FIRMWARE_WARN }, ++ { "ST3640623AS", "9FZ164", ATA_HORKAGE_NONCQ | ++ ATA_HORKAGE_FIRMWARE_WARN }, ++ { "ST3640323AS", "9FZ134", ATA_HORKAGE_NONCQ | ++ ATA_HORKAGE_FIRMWARE_WARN }, ++ { "ST3320813AS", "9FZ182", ATA_HORKAGE_NONCQ | ++ ATA_HORKAGE_FIRMWARE_WARN }, ++ { "ST3320613AS", "9FZ162", ATA_HORKAGE_NONCQ | ++ ATA_HORKAGE_FIRMWARE_WARN }, ++ + /* Blacklist entries taken from Silicon Image 3124/3132 + Windows driver .inf file - also several Linux problem reports */ + { "HTS541060G9SA00", "MB3OC60D", ATA_HORKAGE_NONCQ, }, +diff --git a/drivers/firewire/fw-sbp2.c b/drivers/firewire/fw-sbp2.c +index 4f73537..64142c1 100644 +--- a/drivers/firewire/fw-sbp2.c ++++ b/drivers/firewire/fw-sbp2.c +@@ -365,6 +365,11 @@ static const struct { + }, + /* iPod mini */ { + .firmware_revision = 0x0a2700, ++ .model = 0x000022, ++ .workarounds = SBP2_WORKAROUND_FIX_CAPACITY, ++ }, ++ /* iPod mini */ { ++ .firmware_revision = 0x0a2700, + .model = 0x000023, + .workarounds = SBP2_WORKAROUND_FIX_CAPACITY, + }, +diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c +index 59f6ad8..9ed5947 100644 +--- a/drivers/gpio/gpiolib.c ++++ b/drivers/gpio/gpiolib.c +@@ -1049,7 +1049,7 @@ static void gpiolib_dbg_show(struct seq_file *s, struct gpio_chip *chip) + continue; + + is_out = test_bit(FLAG_IS_OUT, &gdesc->flags); +- seq_printf(s, " gpio-%-3d (%-12s) %s %s", ++ seq_printf(s, " gpio-%-3d (%-20.20s) %s %s", + gpio, gdesc->label, + is_out ? "out" : "in ", + chip->get +diff --git a/drivers/ieee1394/sbp2.c b/drivers/ieee1394/sbp2.c +index 1d6ad34..bad46ea 100644 +--- a/drivers/ieee1394/sbp2.c ++++ b/drivers/ieee1394/sbp2.c +@@ -402,6 +402,11 @@ static const struct { + }, + /* iPod mini */ { + .firmware_revision = 0x0a2700, ++ .model_id = 0x000022, ++ .workarounds = SBP2_WORKAROUND_FIX_CAPACITY, ++ }, ++ /* iPod mini */ { ++ .firmware_revision = 0x0a2700, + .model_id = 0x000023, + .workarounds = SBP2_WORKAROUND_FIX_CAPACITY, + }, +diff --git a/drivers/infiniband/hw/mlx4/cq.c b/drivers/infiniband/hw/mlx4/cq.c +index d0866a3..1830849 100644 +--- a/drivers/infiniband/hw/mlx4/cq.c ++++ b/drivers/infiniband/hw/mlx4/cq.c +@@ -343,6 +343,7 @@ int mlx4_ib_resize_cq(struct ib_cq *ibcq, int entries, struct ib_udata *udata) + { + struct mlx4_ib_dev *dev = to_mdev(ibcq->device); + struct mlx4_ib_cq *cq = to_mcq(ibcq); ++ struct mlx4_mtt mtt; + int outst_cqe; + int err; + +@@ -376,10 +377,13 @@ int mlx4_ib_resize_cq(struct ib_cq *ibcq, int entries, struct ib_udata *udata) + goto out; + } + ++ mtt = cq->buf.mtt; ++ + err = mlx4_cq_resize(dev->dev, &cq->mcq, entries, &cq->resize_buf->buf.mtt); + if (err) + goto err_buf; + ++ mlx4_mtt_cleanup(dev->dev, &mtt); + if (ibcq->uobject) { + cq->buf = cq->resize_buf->buf; + cq->ibcq.cqe = cq->resize_buf->cqe; +@@ -406,6 +410,7 @@ int mlx4_ib_resize_cq(struct ib_cq *ibcq, int entries, struct ib_udata *udata) + goto out; + + err_buf: ++ mlx4_mtt_cleanup(dev->dev, &cq->resize_buf->buf.mtt); + if (!ibcq->uobject) + mlx4_ib_free_cq_buf(dev, &cq->resize_buf->buf, + cq->resize_buf->cqe); +diff --git a/drivers/input/keyboard/atkbd.c b/drivers/input/keyboard/atkbd.c +index e32c24d..c694eaa 100644 +--- a/drivers/input/keyboard/atkbd.c ++++ b/drivers/input/keyboard/atkbd.c +@@ -868,6 +868,22 @@ static void atkbd_hp_keymap_fixup(struct atkbd *atkbd) + } + + /* ++ * Inventec system with broken key release on volume keys ++ */ ++static void atkbd_inventec_keymap_fixup(struct atkbd *atkbd) ++{ ++ const unsigned int forced_release_keys[] = { ++ 0xae, 0xb0, ++ }; ++ int i; ++ ++ if (atkbd->set == 2) ++ for (i = 0; i < ARRAY_SIZE(forced_release_keys); i++) ++ __set_bit(forced_release_keys[i], ++ atkbd->force_release_mask); ++} ++ ++/* + * atkbd_set_keycode_table() initializes keyboard's keycode table + * according to the selected scancode set + */ +@@ -1478,6 +1494,15 @@ static struct dmi_system_id atkbd_dmi_quirk_table[] __initdata = { + .callback = atkbd_setup_fixup, + .driver_data = atkbd_hp_keymap_fixup, + }, ++ { ++ .ident = "Inventec Symphony", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "INVENTEC"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "SYMPHONY 6.0/7.0"), ++ }, ++ .callback = atkbd_setup_fixup, ++ .driver_data = atkbd_inventec_keymap_fixup, ++ }, + { } + }; + +diff --git a/drivers/media/video/compat_ioctl32.c b/drivers/media/video/compat_ioctl32.c +index bd5d9de..e6ca401 100644 +--- a/drivers/media/video/compat_ioctl32.c ++++ b/drivers/media/video/compat_ioctl32.c +@@ -867,6 +867,7 @@ long v4l_compat_ioctl32(struct file *file, unsigned int cmd, unsigned long arg) + case VIDIOC_STREAMON32: + case VIDIOC_STREAMOFF32: + case VIDIOC_G_PARM: ++ case VIDIOC_S_PARM: + case VIDIOC_G_STD: + case VIDIOC_S_STD: + case VIDIOC_G_TUNER: +@@ -885,6 +886,8 @@ long v4l_compat_ioctl32(struct file *file, unsigned int cmd, unsigned long arg) + case VIDIOC_S_INPUT32: + case VIDIOC_TRY_FMT32: + case VIDIOC_S_HW_FREQ_SEEK: ++ case VIDIOC_ENUM_FRAMESIZES: ++ case VIDIOC_ENUM_FRAMEINTERVALS: + ret = do_video_ioctl(file, cmd, arg); + break; + +diff --git a/drivers/net/atl1e/atl1e_hw.c b/drivers/net/atl1e/atl1e_hw.c +index 949e753..c0d5f7c 100644 +--- a/drivers/net/atl1e/atl1e_hw.c ++++ b/drivers/net/atl1e/atl1e_hw.c +@@ -163,9 +163,6 @@ int atl1e_read_mac_addr(struct atl1e_hw *hw) + * atl1e_hash_mc_addr + * purpose + * set hash value for a multicast address +- * hash calcu processing : +- * 1. calcu 32bit CRC for multicast address +- * 2. reverse crc with MSB to LSB + */ + u32 atl1e_hash_mc_addr(struct atl1e_hw *hw, u8 *mc_addr) + { +@@ -174,7 +171,6 @@ u32 atl1e_hash_mc_addr(struct atl1e_hw *hw, u8 *mc_addr) + int i; + + crc32 = ether_crc_le(6, mc_addr); +- crc32 = ~crc32; + for (i = 0; i < 32; i++) + value |= (((crc32 >> i) & 1) << (31 - i)); + +diff --git a/drivers/net/e1000/e1000_ethtool.c b/drivers/net/e1000/e1000_ethtool.c +index 6a3893a..c854c96 100644 +--- a/drivers/net/e1000/e1000_ethtool.c ++++ b/drivers/net/e1000/e1000_ethtool.c +@@ -1774,7 +1774,8 @@ static void e1000_get_wol(struct net_device *netdev, + + /* this function will set ->supported = 0 and return 1 if wol is not + * supported by this hardware */ +- if (e1000_wol_exclusion(adapter, wol)) ++ if (e1000_wol_exclusion(adapter, wol) || ++ !device_can_wakeup(&adapter->pdev->dev)) + return; + + /* apply any specific unsupported masks here */ +@@ -1811,7 +1812,8 @@ static int e1000_set_wol(struct net_device *netdev, struct ethtool_wolinfo *wol) + if (wol->wolopts & (WAKE_PHY | WAKE_ARP | WAKE_MAGICSECURE)) + return -EOPNOTSUPP; + +- if (e1000_wol_exclusion(adapter, wol)) ++ if (e1000_wol_exclusion(adapter, wol) || ++ !device_can_wakeup(&adapter->pdev->dev)) + return wol->wolopts ? -EOPNOTSUPP : 0; + + switch (hw->device_id) { +@@ -1838,6 +1840,8 @@ static int e1000_set_wol(struct net_device *netdev, struct ethtool_wolinfo *wol) + if (wol->wolopts & WAKE_MAGIC) + adapter->wol |= E1000_WUFC_MAG; + ++ device_set_wakeup_enable(&adapter->pdev->dev, adapter->wol); ++ + return 0; + } + +diff --git a/drivers/net/e1000/e1000_main.c b/drivers/net/e1000/e1000_main.c +index ad6da7b..872ea58 100644 +--- a/drivers/net/e1000/e1000_main.c ++++ b/drivers/net/e1000/e1000_main.c +@@ -1180,6 +1180,7 @@ static int __devinit e1000_probe(struct pci_dev *pdev, + + /* initialize the wol settings based on the eeprom settings */ + adapter->wol = adapter->eeprom_wol; ++ device_set_wakeup_enable(&adapter->pdev->dev, adapter->wol); + + /* print bus type/speed/width info */ + DPRINTK(PROBE, INFO, "(PCI%s:%s:%s) ", +diff --git a/drivers/net/e1000e/ethtool.c b/drivers/net/e1000e/ethtool.c +index 33a3ff1..e2a30dd 100644 +--- a/drivers/net/e1000e/ethtool.c ++++ b/drivers/net/e1000e/ethtool.c +@@ -1681,7 +1681,8 @@ static void e1000_get_wol(struct net_device *netdev, + wol->supported = 0; + wol->wolopts = 0; + +- if (!(adapter->flags & FLAG_HAS_WOL)) ++ if (!(adapter->flags & FLAG_HAS_WOL) || ++ !device_can_wakeup(&adapter->pdev->dev)) + return; + + wol->supported = WAKE_UCAST | WAKE_MCAST | +@@ -1719,7 +1720,8 @@ static int e1000_set_wol(struct net_device *netdev, + if (wol->wolopts & WAKE_MAGICSECURE) + return -EOPNOTSUPP; + +- if (!(adapter->flags & FLAG_HAS_WOL)) ++ if (!(adapter->flags & FLAG_HAS_WOL) || ++ !device_can_wakeup(&adapter->pdev->dev)) + return wol->wolopts ? -EOPNOTSUPP : 0; + + /* these settings will always override what we currently have */ +@@ -1738,6 +1740,8 @@ static int e1000_set_wol(struct net_device *netdev, + if (wol->wolopts & WAKE_ARP) + adapter->wol |= E1000_WUFC_ARP; + ++ device_set_wakeup_enable(&adapter->pdev->dev, adapter->wol); ++ + return 0; + } + +diff --git a/drivers/net/e1000e/netdev.c b/drivers/net/e1000e/netdev.c +index b81c423..660c85a 100644 +--- a/drivers/net/e1000e/netdev.c ++++ b/drivers/net/e1000e/netdev.c +@@ -4616,6 +4616,7 @@ static int __devinit e1000_probe(struct pci_dev *pdev, + + /* initialize the wol settings based on the eeprom settings */ + adapter->wol = adapter->eeprom_wol; ++ device_set_wakeup_enable(&adapter->pdev->dev, adapter->wol); + + /* reset the hardware with the new settings */ + e1000e_reset(adapter); +diff --git a/drivers/net/igb/igb_ethtool.c b/drivers/net/igb/igb_ethtool.c +index 58906c9..89964fa 100644 +--- a/drivers/net/igb/igb_ethtool.c ++++ b/drivers/net/igb/igb_ethtool.c +@@ -1776,7 +1776,8 @@ static void igb_get_wol(struct net_device *netdev, struct ethtool_wolinfo *wol) + + /* this function will set ->supported = 0 and return 1 if wol is not + * supported by this hardware */ +- if (igb_wol_exclusion(adapter, wol)) ++ if (igb_wol_exclusion(adapter, wol) || ++ !device_can_wakeup(&adapter->pdev->dev)) + return; + + /* apply any specific unsupported masks here */ +@@ -1805,7 +1806,8 @@ static int igb_set_wol(struct net_device *netdev, struct ethtool_wolinfo *wol) + if (wol->wolopts & (WAKE_PHY | WAKE_ARP | WAKE_MAGICSECURE)) + return -EOPNOTSUPP; + +- if (igb_wol_exclusion(adapter, wol)) ++ if (igb_wol_exclusion(adapter, wol) || ++ !device_can_wakeup(&adapter->pdev->dev)) + return wol->wolopts ? -EOPNOTSUPP : 0; + + switch (hw->device_id) { +@@ -1825,6 +1827,8 @@ static int igb_set_wol(struct net_device *netdev, struct ethtool_wolinfo *wol) + if (wol->wolopts & WAKE_MAGIC) + adapter->wol |= E1000_WUFC_MAG; + ++ device_set_wakeup_enable(&adapter->pdev->dev, adapter->wol); ++ + return 0; + } + +diff --git a/drivers/net/igb/igb_main.c b/drivers/net/igb/igb_main.c +index 634c4c9..11b5df3 100644 +--- a/drivers/net/igb/igb_main.c ++++ b/drivers/net/igb/igb_main.c +@@ -1220,6 +1220,7 @@ static int __devinit igb_probe(struct pci_dev *pdev, + + /* initialize the wol settings based on the eeprom settings */ + adapter->wol = adapter->eeprom_wol; ++ device_set_wakeup_enable(&adapter->pdev->dev, adapter->wol); + + /* reset the hardware with the new settings */ + igb_reset(adapter); +diff --git a/drivers/net/pcmcia/axnet_cs.c b/drivers/net/pcmcia/axnet_cs.c +index 52bf11b..2f68295 100644 +--- a/drivers/net/pcmcia/axnet_cs.c ++++ b/drivers/net/pcmcia/axnet_cs.c +@@ -787,6 +787,7 @@ static struct pcmcia_device_id axnet_ids[] = { + PCMCIA_DEVICE_PROD_ID12("IO DATA", "ETXPCM", 0x547e66dc, 0x233adac2), + PCMCIA_DEVICE_PROD_ID12("Linksys", "EtherFast 10/100 PC Card (PCMPC100 V3)", 0x0733cc81, 0x232019a8), + PCMCIA_DEVICE_PROD_ID12("MELCO", "LPC3-TX", 0x481e0094, 0xf91af609), ++ PCMCIA_DEVICE_PROD_ID12("NETGEAR", "FA411", 0x9aa79dc3, 0x40fad875), + PCMCIA_DEVICE_PROD_ID12("PCMCIA", "100BASE", 0x281f1c5d, 0x7c2add04), + PCMCIA_DEVICE_PROD_ID12("PCMCIA", "FastEtherCard", 0x281f1c5d, 0x7ef26116), + PCMCIA_DEVICE_PROD_ID12("PCMCIA", "FEP501", 0x281f1c5d, 0x2e272058), +diff --git a/drivers/net/pcmcia/pcnet_cs.c b/drivers/net/pcmcia/pcnet_cs.c +index ebc1ae6..7d6cf02 100644 +--- a/drivers/net/pcmcia/pcnet_cs.c ++++ b/drivers/net/pcmcia/pcnet_cs.c +@@ -1697,7 +1697,6 @@ static struct pcmcia_device_id pcnet_ids[] = { + PCMCIA_DEVICE_PROD_ID12("National Semiconductor", "InfoMover NE4100", 0x36e1191f, 0xa6617ec8), + PCMCIA_DEVICE_PROD_ID12("NEC", "PC-9801N-J12", 0x18df0ba0, 0xbc912d76), + PCMCIA_DEVICE_PROD_ID12("NETGEAR", "FA410TX", 0x9aa79dc3, 0x60e5bc0e), +- PCMCIA_DEVICE_PROD_ID12("NETGEAR", "FA411", 0x9aa79dc3, 0x40fad875), + PCMCIA_DEVICE_PROD_ID12("Network Everywhere", "Fast Ethernet 10/100 PC Card", 0x820a67b6, 0x31ed1a5f), + PCMCIA_DEVICE_PROD_ID12("NextCom K.K.", "Next Hawk", 0xaedaec74, 0xad050ef1), + PCMCIA_DEVICE_PROD_ID12("PCMCIA", "10/100Mbps Ethernet Card", 0x281f1c5d, 0x6e41773b), +diff --git a/drivers/net/wireless/ath9k/recv.c b/drivers/net/wireless/ath9k/recv.c +index 20ddb7a..0941589 100644 +--- a/drivers/net/wireless/ath9k/recv.c ++++ b/drivers/net/wireless/ath9k/recv.c +@@ -52,7 +52,7 @@ static void ath_rx_buf_link(struct ath_softc *sc, struct ath_buf *bf) + /* setup rx descriptors */ + ath9k_hw_setuprxdesc(ah, + ds, +- skb_tailroom(skb), /* buffer size */ ++ sc->sc_rxbufsize, + 0); + + if (sc->sc_rxlink == NULL) +@@ -1011,7 +1011,7 @@ int ath_rx_tasklet(struct ath_softc *sc, int flush) + + pci_dma_sync_single_for_cpu(sc->pdev, + bf->bf_buf_addr, +- skb_tailroom(skb), ++ sc->sc_rxbufsize, + PCI_DMA_FROMDEVICE); + pci_unmap_single(sc->pdev, + bf->bf_buf_addr, +@@ -1303,8 +1303,7 @@ dma_addr_t ath_skb_map_single(struct ath_softc *sc, + * NB: do NOT use skb->len, which is 0 on initialization. + * Use skb's entire data area instead. + */ +- *pa = pci_map_single(sc->pdev, skb->data, +- skb_end_pointer(skb) - skb->head, direction); ++ *pa = pci_map_single(sc->pdev, skb->data, sc->sc_rxbufsize, direction); + return *pa; + } + +@@ -1314,6 +1313,5 @@ void ath_skb_unmap_single(struct ath_softc *sc, + dma_addr_t *pa) + { + /* Unmap skb's entire data area */ +- pci_unmap_single(sc->pdev, *pa, +- skb_end_pointer(skb) - skb->head, direction); ++ pci_unmap_single(sc->pdev, *pa, sc->sc_rxbufsize, direction); + } +diff --git a/drivers/net/wireless/rtl8187_dev.c b/drivers/net/wireless/rtl8187_dev.c +index 0cebbc4..1640096 100644 +--- a/drivers/net/wireless/rtl8187_dev.c ++++ b/drivers/net/wireless/rtl8187_dev.c +@@ -33,10 +33,13 @@ MODULE_LICENSE("GPL"); + static struct usb_device_id rtl8187_table[] __devinitdata = { + /* Asus */ + {USB_DEVICE(0x0b05, 0x171d), .driver_info = DEVICE_RTL8187}, ++ /* Belkin */ ++ {USB_DEVICE(0x050d, 0x705e), .driver_info = DEVICE_RTL8187B}, + /* Realtek */ + {USB_DEVICE(0x0bda, 0x8187), .driver_info = DEVICE_RTL8187}, + {USB_DEVICE(0x0bda, 0x8189), .driver_info = DEVICE_RTL8187B}, + {USB_DEVICE(0x0bda, 0x8197), .driver_info = DEVICE_RTL8187B}, ++ {USB_DEVICE(0x0bda, 0x8198), .driver_info = DEVICE_RTL8187B}, + /* Netgear */ + {USB_DEVICE(0x0846, 0x6100), .driver_info = DEVICE_RTL8187}, + {USB_DEVICE(0x0846, 0x6a00), .driver_info = DEVICE_RTL8187}, +diff --git a/drivers/parport/parport_serial.c b/drivers/parport/parport_serial.c +index e2e95b3..101ed49 100644 +--- a/drivers/parport/parport_serial.c ++++ b/drivers/parport/parport_serial.c +@@ -70,6 +70,8 @@ static int __devinit netmos_parallel_init(struct pci_dev *dev, struct parport_pc + * parallel ports and is the number of serial ports. + */ + card->numports = (dev->subsystem_device & 0xf0) >> 4; ++ if (card->numports > ARRAY_SIZE(card->addr)) ++ card->numports = ARRAY_SIZE(card->addr); + return 0; + } + +diff --git a/drivers/pci/hotplug/acpiphp.h b/drivers/pci/hotplug/acpiphp.h +index 5a58b07..f9e244d 100644 +--- a/drivers/pci/hotplug/acpiphp.h ++++ b/drivers/pci/hotplug/acpiphp.h +@@ -50,9 +50,6 @@ + #define info(format, arg...) printk(KERN_INFO "%s: " format, MY_NAME , ## arg) + #define warn(format, arg...) printk(KERN_WARNING "%s: " format, MY_NAME , ## arg) + +-/* name size which is used for entries in pcihpfs */ +-#define SLOT_NAME_SIZE 20 /* {_SUN} */ +- + struct acpiphp_bridge; + struct acpiphp_slot; + +@@ -63,9 +60,13 @@ struct slot { + struct hotplug_slot *hotplug_slot; + struct acpiphp_slot *acpi_slot; + struct hotplug_slot_info info; +- char name[SLOT_NAME_SIZE]; + }; + ++static inline const char *slot_name(struct slot *slot) ++{ ++ return hotplug_slot_name(slot->hotplug_slot); ++} ++ + /* + * struct acpiphp_bridge - PCI bridge information + * +diff --git a/drivers/pci/hotplug/acpiphp_core.c b/drivers/pci/hotplug/acpiphp_core.c +index 0e496e8..95b536a 100644 +--- a/drivers/pci/hotplug/acpiphp_core.c ++++ b/drivers/pci/hotplug/acpiphp_core.c +@@ -44,6 +44,9 @@ + + #define MY_NAME "acpiphp" + ++/* name size which is used for entries in pcihpfs */ ++#define SLOT_NAME_SIZE 21 /* {_SUN} */ ++ + static int debug; + int acpiphp_debug; + +@@ -84,7 +87,6 @@ static struct hotplug_slot_ops acpi_hotplug_slot_ops = { + .get_adapter_status = get_adapter_status, + }; + +- + /** + * acpiphp_register_attention - set attention LED callback + * @info: must be completely filled with LED callbacks +@@ -136,7 +138,7 @@ static int enable_slot(struct hotplug_slot *hotplug_slot) + { + struct slot *slot = hotplug_slot->private; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + /* enable the specified slot */ + return acpiphp_enable_slot(slot->acpi_slot); +@@ -154,7 +156,7 @@ static int disable_slot(struct hotplug_slot *hotplug_slot) + struct slot *slot = hotplug_slot->private; + int retval; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + /* disable the specified slot */ + retval = acpiphp_disable_slot(slot->acpi_slot); +@@ -177,7 +179,7 @@ static int disable_slot(struct hotplug_slot *hotplug_slot) + { + int retval = -ENODEV; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, hotplug_slot_name(hotplug_slot)); + + if (attention_info && try_module_get(attention_info->owner)) { + retval = attention_info->set_attn(hotplug_slot, status); +@@ -200,7 +202,7 @@ static int get_power_status(struct hotplug_slot *hotplug_slot, u8 *value) + { + struct slot *slot = hotplug_slot->private; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + *value = acpiphp_get_power_status(slot->acpi_slot); + +@@ -222,7 +224,7 @@ static int get_attention_status(struct hotplug_slot *hotplug_slot, u8 *value) + { + int retval = -EINVAL; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, hotplug_slot_name(hotplug_slot)); + + if (attention_info && try_module_get(attention_info->owner)) { + retval = attention_info->get_attn(hotplug_slot, value); +@@ -245,7 +247,7 @@ static int get_latch_status(struct hotplug_slot *hotplug_slot, u8 *value) + { + struct slot *slot = hotplug_slot->private; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + *value = acpiphp_get_latch_status(slot->acpi_slot); + +@@ -265,7 +267,7 @@ static int get_adapter_status(struct hotplug_slot *hotplug_slot, u8 *value) + { + struct slot *slot = hotplug_slot->private; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + *value = acpiphp_get_adapter_status(slot->acpi_slot); + +@@ -299,7 +301,7 @@ static void release_slot(struct hotplug_slot *hotplug_slot) + { + struct slot *slot = hotplug_slot->private; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + kfree(slot->hotplug_slot); + kfree(slot); +@@ -310,6 +312,7 @@ int acpiphp_register_hotplug_slot(struct acpiphp_slot *acpiphp_slot) + { + struct slot *slot; + int retval = -ENOMEM; ++ char name[SLOT_NAME_SIZE]; + + slot = kzalloc(sizeof(*slot), GFP_KERNEL); + if (!slot) +@@ -321,8 +324,6 @@ int acpiphp_register_hotplug_slot(struct acpiphp_slot *acpiphp_slot) + + slot->hotplug_slot->info = &slot->info; + +- slot->hotplug_slot->name = slot->name; +- + slot->hotplug_slot->private = slot; + slot->hotplug_slot->release = &release_slot; + slot->hotplug_slot->ops = &acpi_hotplug_slot_ops; +@@ -336,11 +337,12 @@ int acpiphp_register_hotplug_slot(struct acpiphp_slot *acpiphp_slot) + slot->hotplug_slot->info->cur_bus_speed = PCI_SPEED_UNKNOWN; + + acpiphp_slot->slot = slot; +- snprintf(slot->name, sizeof(slot->name), "%u", slot->acpi_slot->sun); ++ snprintf(name, SLOT_NAME_SIZE, "%u", slot->acpi_slot->sun); + + retval = pci_hp_register(slot->hotplug_slot, + acpiphp_slot->bridge->pci_bus, +- acpiphp_slot->device); ++ acpiphp_slot->device, ++ name); + if (retval == -EBUSY) + goto error_hpslot; + if (retval) { +@@ -348,7 +350,7 @@ int acpiphp_register_hotplug_slot(struct acpiphp_slot *acpiphp_slot) + goto error_hpslot; + } + +- info("Slot [%s] registered\n", slot->hotplug_slot->name); ++ info("Slot [%s] registered\n", slot_name(slot)); + + return 0; + error_hpslot: +@@ -365,7 +367,7 @@ void acpiphp_unregister_hotplug_slot(struct acpiphp_slot *acpiphp_slot) + struct slot *slot = acpiphp_slot->slot; + int retval = 0; + +- info ("Slot [%s] unregistered\n", slot->hotplug_slot->name); ++ info("Slot [%s] unregistered\n", slot_name(slot)); + + retval = pci_hp_deregister(slot->hotplug_slot); + if (retval) +diff --git a/drivers/pci/hotplug/cpci_hotplug.h b/drivers/pci/hotplug/cpci_hotplug.h +index d9769b3..9fff878 100644 +--- a/drivers/pci/hotplug/cpci_hotplug.h ++++ b/drivers/pci/hotplug/cpci_hotplug.h +@@ -30,6 +30,7 @@ + + #include + #include ++#include + + /* PICMG 2.1 R2.0 HS CSR bits: */ + #define HS_CSR_INS 0x0080 +@@ -69,6 +70,11 @@ struct cpci_hp_controller { + struct cpci_hp_controller_ops *ops; + }; + ++static inline const char *slot_name(struct slot *slot) ++{ ++ return hotplug_slot_name(slot->hotplug_slot); ++} ++ + extern int cpci_hp_register_controller(struct cpci_hp_controller *controller); + extern int cpci_hp_unregister_controller(struct cpci_hp_controller *controller); + extern int cpci_hp_register_bus(struct pci_bus *bus, u8 first, u8 last); +diff --git a/drivers/pci/hotplug/cpci_hotplug_core.c b/drivers/pci/hotplug/cpci_hotplug_core.c +index 9359479..de94f4f 100644 +--- a/drivers/pci/hotplug/cpci_hotplug_core.c ++++ b/drivers/pci/hotplug/cpci_hotplug_core.c +@@ -108,7 +108,7 @@ enable_slot(struct hotplug_slot *hotplug_slot) + struct slot *slot = hotplug_slot->private; + int retval = 0; + +- dbg("%s - physical_slot = %s", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s", __func__, slot_name(slot)); + + if (controller->ops->set_power) + retval = controller->ops->set_power(slot, 1); +@@ -121,25 +121,23 @@ disable_slot(struct hotplug_slot *hotplug_slot) + struct slot *slot = hotplug_slot->private; + int retval = 0; + +- dbg("%s - physical_slot = %s", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s", __func__, slot_name(slot)); + + down_write(&list_rwsem); + + /* Unconfigure device */ +- dbg("%s - unconfiguring slot %s", +- __func__, slot->hotplug_slot->name); ++ dbg("%s - unconfiguring slot %s", __func__, slot_name(slot)); + if ((retval = cpci_unconfigure_slot(slot))) { + err("%s - could not unconfigure slot %s", +- __func__, slot->hotplug_slot->name); ++ __func__, slot_name(slot)); + goto disable_error; + } +- dbg("%s - finished unconfiguring slot %s", +- __func__, slot->hotplug_slot->name); ++ dbg("%s - finished unconfiguring slot %s", __func__, slot_name(slot)); + + /* Clear EXT (by setting it) */ + if (cpci_clear_ext(slot)) { + err("%s - could not clear EXT for slot %s", +- __func__, slot->hotplug_slot->name); ++ __func__, slot_name(slot)); + retval = -ENODEV; + goto disable_error; + } +@@ -214,7 +212,6 @@ static void release_slot(struct hotplug_slot *hotplug_slot) + struct slot *slot = hotplug_slot->private; + + kfree(slot->hotplug_slot->info); +- kfree(slot->hotplug_slot->name); + kfree(slot->hotplug_slot); + if (slot->dev) + pci_dev_put(slot->dev); +@@ -222,12 +219,6 @@ static void release_slot(struct hotplug_slot *hotplug_slot) + } + + #define SLOT_NAME_SIZE 6 +-static void +-make_slot_name(struct slot *slot) +-{ +- snprintf(slot->hotplug_slot->name, +- SLOT_NAME_SIZE, "%02x:%02x", slot->bus->number, slot->number); +-} + + int + cpci_hp_register_bus(struct pci_bus *bus, u8 first, u8 last) +@@ -235,7 +226,7 @@ cpci_hp_register_bus(struct pci_bus *bus, u8 first, u8 last) + struct slot *slot; + struct hotplug_slot *hotplug_slot; + struct hotplug_slot_info *info; +- char *name; ++ char name[SLOT_NAME_SIZE]; + int status = -ENOMEM; + int i; + +@@ -262,34 +253,31 @@ cpci_hp_register_bus(struct pci_bus *bus, u8 first, u8 last) + goto error_hpslot; + hotplug_slot->info = info; + +- name = kmalloc(SLOT_NAME_SIZE, GFP_KERNEL); +- if (!name) +- goto error_info; +- hotplug_slot->name = name; +- + slot->bus = bus; + slot->number = i; + slot->devfn = PCI_DEVFN(i, 0); + ++ snprintf(name, SLOT_NAME_SIZE, "%02x:%02x", bus->number, i); ++ + hotplug_slot->private = slot; + hotplug_slot->release = &release_slot; +- make_slot_name(slot); + hotplug_slot->ops = &cpci_hotplug_slot_ops; + + /* + * Initialize the slot info structure with some known + * good values. + */ +- dbg("initializing slot %s", slot->hotplug_slot->name); ++ dbg("initializing slot %s", name); + info->power_status = cpci_get_power_status(slot); + info->attention_status = cpci_get_attention_status(slot); + +- dbg("registering slot %s", slot->hotplug_slot->name); +- status = pci_hp_register(slot->hotplug_slot, bus, i); ++ dbg("registering slot %s", name); ++ status = pci_hp_register(slot->hotplug_slot, bus, i, name); + if (status) { + err("pci_hp_register failed with error %d", status); +- goto error_name; ++ goto error_info; + } ++ dbg("slot registered with name: %s", slot_name(slot)); + + /* Add slot to our internal list */ + down_write(&list_rwsem); +@@ -298,8 +286,6 @@ cpci_hp_register_bus(struct pci_bus *bus, u8 first, u8 last) + up_write(&list_rwsem); + } + return 0; +-error_name: +- kfree(name); + error_info: + kfree(info); + error_hpslot: +@@ -327,7 +313,7 @@ cpci_hp_unregister_bus(struct pci_bus *bus) + list_del(&slot->slot_list); + slots--; + +- dbg("deregistering slot %s", slot->hotplug_slot->name); ++ dbg("deregistering slot %s", slot_name(slot)); + status = pci_hp_deregister(slot->hotplug_slot); + if (status) { + err("pci_hp_deregister failed with error %d", +@@ -379,11 +365,10 @@ init_slots(int clear_ins) + return -1; + } + list_for_each_entry(slot, &slot_list, slot_list) { +- dbg("%s - looking at slot %s", +- __func__, slot->hotplug_slot->name); ++ dbg("%s - looking at slot %s", __func__, slot_name(slot)); + if (clear_ins && cpci_check_and_clear_ins(slot)) + dbg("%s - cleared INS for slot %s", +- __func__, slot->hotplug_slot->name); ++ __func__, slot_name(slot)); + dev = pci_get_slot(slot->bus, PCI_DEVFN(slot->number, 0)); + if (dev) { + if (update_adapter_status(slot->hotplug_slot, 1)) +@@ -414,8 +399,7 @@ check_slots(void) + } + extracted = inserted = 0; + list_for_each_entry(slot, &slot_list, slot_list) { +- dbg("%s - looking at slot %s", +- __func__, slot->hotplug_slot->name); ++ dbg("%s - looking at slot %s", __func__, slot_name(slot)); + if (cpci_check_and_clear_ins(slot)) { + /* + * Some broken hardware (e.g. PLX 9054AB) asserts +@@ -423,35 +407,34 @@ check_slots(void) + */ + if (slot->dev) { + warn("slot %s already inserted", +- slot->hotplug_slot->name); ++ slot_name(slot)); + inserted++; + continue; + } + + /* Process insertion */ +- dbg("%s - slot %s inserted", +- __func__, slot->hotplug_slot->name); ++ dbg("%s - slot %s inserted", __func__, slot_name(slot)); + + /* GSM, debug */ + hs_csr = cpci_get_hs_csr(slot); + dbg("%s - slot %s HS_CSR (1) = %04x", +- __func__, slot->hotplug_slot->name, hs_csr); ++ __func__, slot_name(slot), hs_csr); + + /* Configure device */ + dbg("%s - configuring slot %s", +- __func__, slot->hotplug_slot->name); ++ __func__, slot_name(slot)); + if (cpci_configure_slot(slot)) { + err("%s - could not configure slot %s", +- __func__, slot->hotplug_slot->name); ++ __func__, slot_name(slot)); + continue; + } + dbg("%s - finished configuring slot %s", +- __func__, slot->hotplug_slot->name); ++ __func__, slot_name(slot)); + + /* GSM, debug */ + hs_csr = cpci_get_hs_csr(slot); + dbg("%s - slot %s HS_CSR (2) = %04x", +- __func__, slot->hotplug_slot->name, hs_csr); ++ __func__, slot_name(slot), hs_csr); + + if (update_latch_status(slot->hotplug_slot, 1)) + warn("failure to update latch file"); +@@ -464,18 +447,18 @@ check_slots(void) + /* GSM, debug */ + hs_csr = cpci_get_hs_csr(slot); + dbg("%s - slot %s HS_CSR (3) = %04x", +- __func__, slot->hotplug_slot->name, hs_csr); ++ __func__, slot_name(slot), hs_csr); + + inserted++; + } else if (cpci_check_ext(slot)) { + /* Process extraction request */ + dbg("%s - slot %s extracted", +- __func__, slot->hotplug_slot->name); ++ __func__, slot_name(slot)); + + /* GSM, debug */ + hs_csr = cpci_get_hs_csr(slot); + dbg("%s - slot %s HS_CSR = %04x", +- __func__, slot->hotplug_slot->name, hs_csr); ++ __func__, slot_name(slot), hs_csr); + + if (!slot->extracting) { + if (update_latch_status(slot->hotplug_slot, 0)) { +@@ -493,7 +476,7 @@ check_slots(void) + * bother trying to tell the driver or not? + */ + err("card in slot %s was improperly removed", +- slot->hotplug_slot->name); ++ slot_name(slot)); + if (update_adapter_status(slot->hotplug_slot, 0)) + warn("failure to update adapter file"); + slot->extracting = 0; +diff --git a/drivers/pci/hotplug/cpci_hotplug_pci.c b/drivers/pci/hotplug/cpci_hotplug_pci.c +index df82b95..829c327 100644 +--- a/drivers/pci/hotplug/cpci_hotplug_pci.c ++++ b/drivers/pci/hotplug/cpci_hotplug_pci.c +@@ -209,7 +209,7 @@ int cpci_led_on(struct slot* slot) + hs_cap + 2, + hs_csr)) { + err("Could not set LOO for slot %s", +- slot->hotplug_slot->name); ++ hotplug_slot_name(slot->hotplug_slot)); + return -ENODEV; + } + } +@@ -238,7 +238,7 @@ int cpci_led_off(struct slot* slot) + hs_cap + 2, + hs_csr)) { + err("Could not clear LOO for slot %s", +- slot->hotplug_slot->name); ++ hotplug_slot_name(slot->hotplug_slot)); + return -ENODEV; + } + } +diff --git a/drivers/pci/hotplug/cpqphp.h b/drivers/pci/hotplug/cpqphp.h +index b1decfa..afaf8f6 100644 +--- a/drivers/pci/hotplug/cpqphp.h ++++ b/drivers/pci/hotplug/cpqphp.h +@@ -449,6 +449,11 @@ extern u8 cpqhp_disk_irq; + + /* inline functions */ + ++static inline char *slot_name(struct slot *slot) ++{ ++ return hotplug_slot_name(slot->hotplug_slot); ++} ++ + /* + * return_resource + * +@@ -696,14 +701,6 @@ static inline int get_presence_status(struct controller *ctrl, struct slot *slot + return presence_save; + } + +-#define SLOT_NAME_SIZE 10 +- +-static inline void make_slot_name(char *buffer, int buffer_size, struct slot *slot) +-{ +- snprintf(buffer, buffer_size, "%d", slot->number); +-} +- +- + static inline int wait_for_ctrl_irq(struct controller *ctrl) + { + DECLARE_WAITQUEUE(wait, current); +diff --git a/drivers/pci/hotplug/cpqphp_core.c b/drivers/pci/hotplug/cpqphp_core.c +index 87a68d2..8514c3a 100644 +--- a/drivers/pci/hotplug/cpqphp_core.c ++++ b/drivers/pci/hotplug/cpqphp_core.c +@@ -315,14 +315,15 @@ static void release_slot(struct hotplug_slot *hotplug_slot) + { + struct slot *slot = hotplug_slot->private; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + kfree(slot->hotplug_slot->info); +- kfree(slot->hotplug_slot->name); + kfree(slot->hotplug_slot); + kfree(slot); + } + ++#define SLOT_NAME_SIZE 10 ++ + static int ctrl_slot_setup(struct controller *ctrl, + void __iomem *smbios_start, + void __iomem *smbios_table) +@@ -335,6 +336,7 @@ static int ctrl_slot_setup(struct controller *ctrl, + u8 slot_number; + u8 ctrl_slot; + u32 tempdword; ++ char name[SLOT_NAME_SIZE]; + void __iomem *slot_entry= NULL; + int result = -ENOMEM; + +@@ -363,16 +365,12 @@ static int ctrl_slot_setup(struct controller *ctrl, + if (!hotplug_slot->info) + goto error_hpslot; + hotplug_slot_info = hotplug_slot->info; +- hotplug_slot->name = kmalloc(SLOT_NAME_SIZE, GFP_KERNEL); +- +- if (!hotplug_slot->name) +- goto error_info; + + slot->ctrl = ctrl; + slot->bus = ctrl->bus; + slot->device = slot_device; + slot->number = slot_number; +- dbg("slot->number = %d\n", slot->number); ++ dbg("slot->number = %u\n", slot->number); + + slot_entry = get_SMBIOS_entry(smbios_start, smbios_table, 9, + slot_entry); +@@ -418,9 +416,9 @@ static int ctrl_slot_setup(struct controller *ctrl, + /* register this slot with the hotplug pci core */ + hotplug_slot->release = &release_slot; + hotplug_slot->private = slot; +- make_slot_name(hotplug_slot->name, SLOT_NAME_SIZE, slot); ++ snprintf(name, SLOT_NAME_SIZE, "%u", slot->number); + hotplug_slot->ops = &cpqphp_hotplug_slot_ops; +- ++ + hotplug_slot_info->power_status = get_slot_enabled(ctrl, slot); + hotplug_slot_info->attention_status = + cpq_get_attention_status(ctrl, slot); +@@ -436,10 +434,11 @@ static int ctrl_slot_setup(struct controller *ctrl, + slot_number); + result = pci_hp_register(hotplug_slot, + ctrl->pci_dev->bus, +- slot->device); ++ slot->device, ++ name); + if (result) { + err("pci_hp_register failed with error %d\n", result); +- goto error_name; ++ goto error_info; + } + + slot->next = ctrl->slot; +@@ -451,8 +450,6 @@ static int ctrl_slot_setup(struct controller *ctrl, + } + + return 0; +-error_name: +- kfree(hotplug_slot->name); + error_info: + kfree(hotplug_slot_info); + error_hpslot: +@@ -638,7 +635,7 @@ static int set_attention_status (struct hotplug_slot *hotplug_slot, u8 status) + u8 device; + u8 function; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + if (cpqhp_get_bus_dev(ctrl, &bus, &devfn, slot->number) == -1) + return -ENODEV; +@@ -665,7 +662,7 @@ static int process_SI(struct hotplug_slot *hotplug_slot) + u8 device; + u8 function; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + if (cpqhp_get_bus_dev(ctrl, &bus, &devfn, slot->number) == -1) + return -ENODEV; +@@ -697,7 +694,7 @@ static int process_SS(struct hotplug_slot *hotplug_slot) + u8 device; + u8 function; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + if (cpqhp_get_bus_dev(ctrl, &bus, &devfn, slot->number) == -1) + return -ENODEV; +@@ -720,7 +717,7 @@ static int hardware_test(struct hotplug_slot *hotplug_slot, u32 value) + struct slot *slot = hotplug_slot->private; + struct controller *ctrl = slot->ctrl; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + return cpqhp_hardware_test(ctrl, value); + } +@@ -731,7 +728,7 @@ static int get_power_status(struct hotplug_slot *hotplug_slot, u8 *value) + struct slot *slot = hotplug_slot->private; + struct controller *ctrl = slot->ctrl; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + *value = get_slot_enabled(ctrl, slot); + return 0; +@@ -742,7 +739,7 @@ static int get_attention_status(struct hotplug_slot *hotplug_slot, u8 *value) + struct slot *slot = hotplug_slot->private; + struct controller *ctrl = slot->ctrl; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + *value = cpq_get_attention_status(ctrl, slot); + return 0; +@@ -753,7 +750,7 @@ static int get_latch_status(struct hotplug_slot *hotplug_slot, u8 *value) + struct slot *slot = hotplug_slot->private; + struct controller *ctrl = slot->ctrl; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + *value = cpq_get_latch_status(ctrl, slot); + +@@ -765,7 +762,7 @@ static int get_adapter_status(struct hotplug_slot *hotplug_slot, u8 *value) + struct slot *slot = hotplug_slot->private; + struct controller *ctrl = slot->ctrl; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + *value = get_presence_status(ctrl, slot); + +@@ -777,7 +774,7 @@ static int get_max_bus_speed (struct hotplug_slot *hotplug_slot, enum pci_bus_sp + struct slot *slot = hotplug_slot->private; + struct controller *ctrl = slot->ctrl; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + *value = ctrl->speed_capability; + +@@ -789,7 +786,7 @@ static int get_cur_bus_speed (struct hotplug_slot *hotplug_slot, enum pci_bus_sp + struct slot *slot = hotplug_slot->private; + struct controller *ctrl = slot->ctrl; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + *value = ctrl->speed; + +diff --git a/drivers/pci/hotplug/fakephp.c b/drivers/pci/hotplug/fakephp.c +index 146ca9c..24dcbf1 100644 +--- a/drivers/pci/hotplug/fakephp.c ++++ b/drivers/pci/hotplug/fakephp.c +@@ -66,7 +66,6 @@ struct dummy_slot { + struct pci_dev *dev; + struct work_struct remove_work; + unsigned long removed; +- char name[8]; + }; + + static int debug; +@@ -96,10 +95,13 @@ static void dummy_release(struct hotplug_slot *slot) + kfree(dslot); + } + ++#define SLOT_NAME_SIZE 8 ++ + static int add_slot(struct pci_dev *dev) + { + struct dummy_slot *dslot; + struct hotplug_slot *slot; ++ char name[SLOT_NAME_SIZE]; + int retval = -ENOMEM; + static int count = 1; + +@@ -119,19 +121,18 @@ static int add_slot(struct pci_dev *dev) + if (!dslot) + goto error_info; + +- slot->name = dslot->name; +- snprintf(slot->name, sizeof(dslot->name), "fake%d", count++); +- dbg("slot->name = %s\n", slot->name); ++ snprintf(name, SLOT_NAME_SIZE, "fake%d", count++); + slot->ops = &dummy_hotplug_slot_ops; + slot->release = &dummy_release; + slot->private = dslot; + +- retval = pci_hp_register(slot, dev->bus, PCI_SLOT(dev->devfn)); ++ retval = pci_hp_register(slot, dev->bus, PCI_SLOT(dev->devfn), name); + if (retval) { + err("pci_hp_register failed with error %d\n", retval); + goto error_dslot; + } + ++ dbg("slot->name = %s\n", hotplug_slot_name(slot)); + dslot->slot = slot; + dslot->dev = pci_dev_get(dev); + list_add (&dslot->node, &slot_list); +@@ -167,10 +168,11 @@ static void remove_slot(struct dummy_slot *dslot) + { + int retval; + +- dbg("removing slot %s\n", dslot->slot->name); ++ dbg("removing slot %s\n", hotplug_slot_name(dslot->slot)); + retval = pci_hp_deregister(dslot->slot); + if (retval) +- err("Problem unregistering a slot %s\n", dslot->slot->name); ++ err("Problem unregistering a slot %s\n", ++ hotplug_slot_name(dslot->slot)); + } + + /* called from the single-threaded workqueue handler to remove a slot */ +@@ -308,7 +310,7 @@ static int disable_slot(struct hotplug_slot *slot) + return -ENODEV; + dslot = slot->private; + +- dbg("%s - physical_slot = %s\n", __func__, slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, hotplug_slot_name(slot)); + + for (func = 7; func >= 0; func--) { + dev = pci_get_slot(dslot->dev->bus, dslot->dev->devfn + func); +diff --git a/drivers/pci/hotplug/ibmphp.h b/drivers/pci/hotplug/ibmphp.h +index 612d963..a8d391a 100644 +--- a/drivers/pci/hotplug/ibmphp.h ++++ b/drivers/pci/hotplug/ibmphp.h +@@ -707,17 +707,16 @@ struct slot { + u8 device; + u8 number; + u8 real_physical_slot_num; +- char name[100]; + u32 capabilities; + u8 supported_speed; + u8 supported_bus_mode; ++ u8 flag; /* this is for disable slot and polling */ ++ u8 ctlr_index; + struct hotplug_slot *hotplug_slot; + struct controller *ctrl; + struct pci_func *func; + u8 irq[4]; +- u8 flag; /* this is for disable slot and polling */ + int bit_mode; /* 0 = 32, 1 = 64 */ +- u8 ctlr_index; + struct bus_info *bus_on; + struct list_head ibm_slot_list; + u8 status; +diff --git a/drivers/pci/hotplug/ibmphp_ebda.c b/drivers/pci/hotplug/ibmphp_ebda.c +index 8467d02..8431246 100644 +--- a/drivers/pci/hotplug/ibmphp_ebda.c ++++ b/drivers/pci/hotplug/ibmphp_ebda.c +@@ -620,11 +620,14 @@ static u8 calculate_first_slot (u8 slot_num) + return first_slot + 1; + + } ++ ++#define SLOT_NAME_SIZE 30 ++ + static char *create_file_name (struct slot * slot_cur) + { + struct opt_rio *opt_vg_ptr = NULL; + struct opt_rio_lo *opt_lo_ptr = NULL; +- static char str[30]; ++ static char str[SLOT_NAME_SIZE]; + int which = 0; /* rxe = 1, chassis = 0 */ + u8 number = 1; /* either chassis or rxe # */ + u8 first_slot = 1; +@@ -736,7 +739,6 @@ static void release_slot(struct hotplug_slot *hotplug_slot) + + slot = hotplug_slot->private; + kfree(slot->hotplug_slot->info); +- kfree(slot->hotplug_slot->name); + kfree(slot->hotplug_slot); + slot->ctrl = NULL; + slot->bus_on = NULL; +@@ -768,6 +770,7 @@ static int __init ebda_rsrc_controller (void) + int rc; + struct slot *tmp_slot; + struct list_head *list; ++ char name[SLOT_NAME_SIZE]; + + addr = hpc_list_ptr->phys_addr; + for (ctlr = 0; ctlr < hpc_list_ptr->num_ctlrs; ctlr++) { +@@ -931,12 +934,6 @@ static int __init ebda_rsrc_controller (void) + goto error_no_hp_info; + } + +- hp_slot_ptr->name = kmalloc(30, GFP_KERNEL); +- if (!hp_slot_ptr->name) { +- rc = -ENOMEM; +- goto error_no_hp_name; +- } +- + tmp_slot = kzalloc(sizeof(*tmp_slot), GFP_KERNEL); + if (!tmp_slot) { + rc = -ENOMEM; +@@ -1000,9 +997,9 @@ static int __init ebda_rsrc_controller (void) + list_for_each (list, &ibmphp_slot_head) { + tmp_slot = list_entry (list, struct slot, ibm_slot_list); + +- snprintf (tmp_slot->hotplug_slot->name, 30, "%s", create_file_name (tmp_slot)); ++ snprintf(name, SLOT_NAME_SIZE, "%s", create_file_name(tmp_slot)); + pci_hp_register(tmp_slot->hotplug_slot, +- pci_find_bus(0, tmp_slot->bus), tmp_slot->device); ++ pci_find_bus(0, tmp_slot->bus), tmp_slot->device, name); + } + + print_ebda_hpc (); +@@ -1012,8 +1009,6 @@ static int __init ebda_rsrc_controller (void) + error: + kfree (hp_slot_ptr->private); + error_no_slot: +- kfree (hp_slot_ptr->name); +-error_no_hp_name: + kfree (hp_slot_ptr->info); + error_no_hp_info: + kfree (hp_slot_ptr); +diff --git a/drivers/pci/hotplug/pci_hotplug_core.c b/drivers/pci/hotplug/pci_hotplug_core.c +index 5f85b1b..4871b96 100644 +--- a/drivers/pci/hotplug/pci_hotplug_core.c ++++ b/drivers/pci/hotplug/pci_hotplug_core.c +@@ -37,6 +37,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -61,7 +62,7 @@ static int debug; + ////////////////////////////////////////////////////////////////// + + static LIST_HEAD(pci_hotplug_slot_list); +-static DEFINE_SPINLOCK(pci_hotplug_slot_list_lock); ++static DEFINE_MUTEX(pci_hp_mutex); + + /* these strings match up with the values in pci_bus_speed */ + static char *pci_bus_speed_strings[] = { +@@ -530,16 +531,12 @@ static struct hotplug_slot *get_slot_from_name (const char *name) + struct hotplug_slot *slot; + struct list_head *tmp; + +- spin_lock(&pci_hotplug_slot_list_lock); + list_for_each (tmp, &pci_hotplug_slot_list) { + slot = list_entry (tmp, struct hotplug_slot, slot_list); +- if (strcmp(slot->name, name) == 0) +- goto out; ++ if (strcmp(hotplug_slot_name(slot), name) == 0) ++ return slot; + } +- slot = NULL; +-out: +- spin_unlock(&pci_hotplug_slot_list_lock); +- return slot; ++ return NULL; + } + + /** +@@ -547,13 +544,15 @@ out: + * @bus: bus this slot is on + * @slot: pointer to the &struct hotplug_slot to register + * @slot_nr: slot number ++ * @name: name registered with kobject core + * + * Registers a hotplug slot with the pci hotplug subsystem, which will allow + * userspace interaction to the slot. + * + * Returns 0 if successful, anything else for an error. + */ +-int pci_hp_register(struct hotplug_slot *slot, struct pci_bus *bus, int slot_nr) ++int pci_hp_register(struct hotplug_slot *slot, struct pci_bus *bus, int slot_nr, ++ const char *name) + { + int result; + struct pci_slot *pci_slot; +@@ -568,48 +567,29 @@ int pci_hp_register(struct hotplug_slot *slot, struct pci_bus *bus, int slot_nr) + return -EINVAL; + } + +- /* Check if we have already registered a slot with the same name. */ +- if (get_slot_from_name(slot->name)) +- return -EEXIST; ++ mutex_lock(&pci_hp_mutex); + + /* + * No problems if we call this interface from both ACPI_PCI_SLOT + * driver and call it here again. If we've already created the + * pci_slot, the interface will simply bump the refcount. + */ +- pci_slot = pci_create_slot(bus, slot_nr, slot->name); +- if (IS_ERR(pci_slot)) +- return PTR_ERR(pci_slot); +- +- if (pci_slot->hotplug) { +- dbg("%s: already claimed\n", __func__); +- pci_destroy_slot(pci_slot); +- return -EBUSY; ++ pci_slot = pci_create_slot(bus, slot_nr, name, slot); ++ if (IS_ERR(pci_slot)) { ++ result = PTR_ERR(pci_slot); ++ goto out; + } + + slot->pci_slot = pci_slot; + pci_slot->hotplug = slot; + +- /* +- * Allow pcihp drivers to override the ACPI_PCI_SLOT name. +- */ +- if (strcmp(kobject_name(&pci_slot->kobj), slot->name)) { +- result = kobject_rename(&pci_slot->kobj, slot->name); +- if (result) { +- pci_destroy_slot(pci_slot); +- return result; +- } +- } +- +- spin_lock(&pci_hotplug_slot_list_lock); + list_add(&slot->slot_list, &pci_hotplug_slot_list); +- spin_unlock(&pci_hotplug_slot_list_lock); + + result = fs_add_slot(pci_slot); + kobject_uevent(&pci_slot->kobj, KOBJ_ADD); +- dbg("Added slot %s to the list\n", slot->name); +- +- ++ dbg("Added slot %s to the list\n", name); ++out: ++ mutex_unlock(&pci_hp_mutex); + return result; + } + +@@ -630,21 +610,23 @@ int pci_hp_deregister(struct hotplug_slot *hotplug) + if (!hotplug) + return -ENODEV; + +- temp = get_slot_from_name(hotplug->name); +- if (temp != hotplug) ++ mutex_lock(&pci_hp_mutex); ++ temp = get_slot_from_name(hotplug_slot_name(hotplug)); ++ if (temp != hotplug) { ++ mutex_unlock(&pci_hp_mutex); + return -ENODEV; ++ } + +- spin_lock(&pci_hotplug_slot_list_lock); + list_del(&hotplug->slot_list); +- spin_unlock(&pci_hotplug_slot_list_lock); + + slot = hotplug->pci_slot; + fs_remove_slot(slot); +- dbg("Removed slot %s from the list\n", hotplug->name); ++ dbg("Removed slot %s from the list\n", hotplug_slot_name(hotplug)); + + hotplug->release(hotplug); + slot->hotplug = NULL; + pci_destroy_slot(slot); ++ mutex_unlock(&pci_hp_mutex); + + return 0; + } +diff --git a/drivers/pci/hotplug/pciehp.h b/drivers/pci/hotplug/pciehp.h +index 9e6cec6..0187af7 100644 +--- a/drivers/pci/hotplug/pciehp.h ++++ b/drivers/pci/hotplug/pciehp.h +@@ -61,15 +61,13 @@ extern struct workqueue_struct *pciehp_wq; + struct slot { + u8 bus; + u8 device; +- u32 number; + u8 state; +- struct timer_list task_event; + u8 hp_slot; ++ u32 number; + struct controller *ctrl; + struct hpc_ops *hpc_ops; + struct hotplug_slot *hotplug_slot; + struct list_head slot_list; +- char name[SLOT_NAME_SIZE]; + unsigned long last_emi_toggle; + struct delayed_work work; /* work for button event */ + struct mutex lock; +@@ -161,6 +159,11 @@ int pciehp_enable_slot(struct slot *p_slot); + int pciehp_disable_slot(struct slot *p_slot); + int pcie_enable_notification(struct controller *ctrl); + ++static inline const char *slot_name(struct slot *slot) ++{ ++ return hotplug_slot_name(slot->hotplug_slot); ++} ++ + static inline struct slot *pciehp_find_slot(struct controller *ctrl, u8 device) + { + struct slot *slot; +diff --git a/drivers/pci/hotplug/pciehp_core.c b/drivers/pci/hotplug/pciehp_core.c +index 4fd5355..6e18736 100644 +--- a/drivers/pci/hotplug/pciehp_core.c ++++ b/drivers/pci/hotplug/pciehp_core.c +@@ -180,7 +180,8 @@ static struct hotplug_slot_attribute hotplug_slot_attr_lock = { + */ + static void release_slot(struct hotplug_slot *hotplug_slot) + { +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, ++ hotplug_slot_name(hotplug_slot)); + + kfree(hotplug_slot->info); + kfree(hotplug_slot); +@@ -191,7 +192,7 @@ static int init_slots(struct controller *ctrl) + struct slot *slot; + struct hotplug_slot *hotplug_slot; + struct hotplug_slot_info *info; +- int len, dup = 1; ++ char name[SLOT_NAME_SIZE]; + int retval = -ENOMEM; + + list_for_each_entry(slot, &ctrl->slot_list, slot_list) { +@@ -205,39 +206,27 @@ static int init_slots(struct controller *ctrl) + + /* register this slot with the hotplug pci core */ + hotplug_slot->info = info; +- hotplug_slot->name = slot->name; + hotplug_slot->private = slot; + hotplug_slot->release = &release_slot; + hotplug_slot->ops = &pciehp_hotplug_slot_ops; +- get_power_status(hotplug_slot, &info->power_status); +- get_attention_status(hotplug_slot, &info->attention_status); +- get_latch_status(hotplug_slot, &info->latch_status); +- get_adapter_status(hotplug_slot, &info->adapter_status); + slot->hotplug_slot = hotplug_slot; ++ snprintf(name, SLOT_NAME_SIZE, "%u", slot->number); + + dbg("Registering bus=%x dev=%x hp_slot=%x sun=%x " + "slot_device_offset=%x\n", slot->bus, slot->device, + slot->hp_slot, slot->number, ctrl->slot_device_offset); +-duplicate_name: + retval = pci_hp_register(hotplug_slot, + ctrl->pci_dev->subordinate, +- slot->device); ++ slot->device, ++ name); + if (retval) { +- /* +- * If slot N already exists, we'll try to create +- * slot N-1, N-2 ... N-M, until we overflow. +- */ +- if (retval == -EEXIST) { +- len = snprintf(slot->name, SLOT_NAME_SIZE, +- "%d-%d", slot->number, dup++); +- if (len < SLOT_NAME_SIZE) +- goto duplicate_name; +- else +- err("duplicate slot name overflow\n"); +- } + err("pci_hp_register failed with error %d\n", retval); + goto error_info; + } ++ get_power_status(hotplug_slot, &info->power_status); ++ get_attention_status(hotplug_slot, &info->attention_status); ++ get_latch_status(hotplug_slot, &info->latch_status); ++ get_adapter_status(hotplug_slot, &info->adapter_status); + /* create additional sysfs entries */ + if (EMI(ctrl)) { + retval = sysfs_create_file(&hotplug_slot->pci_slot->kobj, +@@ -278,7 +267,7 @@ static int set_attention_status(struct hotplug_slot *hotplug_slot, u8 status) + { + struct slot *slot = hotplug_slot->private; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + hotplug_slot->info->attention_status = status; + +@@ -293,7 +282,7 @@ static int enable_slot(struct hotplug_slot *hotplug_slot) + { + struct slot *slot = hotplug_slot->private; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + return pciehp_sysfs_enable_slot(slot); + } +@@ -303,7 +292,7 @@ static int disable_slot(struct hotplug_slot *hotplug_slot) + { + struct slot *slot = hotplug_slot->private; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + return pciehp_sysfs_disable_slot(slot); + } +@@ -313,7 +302,7 @@ static int get_power_status(struct hotplug_slot *hotplug_slot, u8 *value) + struct slot *slot = hotplug_slot->private; + int retval; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + retval = slot->hpc_ops->get_power_status(slot, value); + if (retval < 0) +@@ -327,7 +316,7 @@ static int get_attention_status(struct hotplug_slot *hotplug_slot, u8 *value) + struct slot *slot = hotplug_slot->private; + int retval; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + retval = slot->hpc_ops->get_attention_status(slot, value); + if (retval < 0) +@@ -341,7 +330,7 @@ static int get_latch_status(struct hotplug_slot *hotplug_slot, u8 *value) + struct slot *slot = hotplug_slot->private; + int retval; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + retval = slot->hpc_ops->get_latch_status(slot, value); + if (retval < 0) +@@ -355,7 +344,7 @@ static int get_adapter_status(struct hotplug_slot *hotplug_slot, u8 *value) + struct slot *slot = hotplug_slot->private; + int retval; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + retval = slot->hpc_ops->get_adapter_status(slot, value); + if (retval < 0) +@@ -370,7 +359,7 @@ static int get_max_bus_speed(struct hotplug_slot *hotplug_slot, + struct slot *slot = hotplug_slot->private; + int retval; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + retval = slot->hpc_ops->get_max_bus_speed(slot, value); + if (retval < 0) +@@ -384,7 +373,7 @@ static int get_cur_bus_speed(struct hotplug_slot *hotplug_slot, enum pci_bus_spe + struct slot *slot = hotplug_slot->private; + int retval; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + retval = slot->hpc_ops->get_cur_bus_speed(slot, value); + if (retval < 0) +diff --git a/drivers/pci/hotplug/pciehp_ctrl.c b/drivers/pci/hotplug/pciehp_ctrl.c +index 96a5d55..7266fbd 100644 +--- a/drivers/pci/hotplug/pciehp_ctrl.c ++++ b/drivers/pci/hotplug/pciehp_ctrl.c +@@ -65,7 +65,7 @@ u8 pciehp_handle_attention_button(struct slot *p_slot) + /* + * Button pressed - See if need to TAKE ACTION!!! + */ +- info("Button pressed on Slot(%s)\n", p_slot->name); ++ info("Button pressed on Slot(%s)\n", slot_name(p_slot)); + event_type = INT_BUTTON_PRESS; + + queue_interrupt_event(p_slot, event_type); +@@ -86,13 +86,13 @@ u8 pciehp_handle_switch_change(struct slot *p_slot) + /* + * Switch opened + */ +- info("Latch open on Slot(%s)\n", p_slot->name); ++ info("Latch open on Slot(%s)\n", slot_name(p_slot)); + event_type = INT_SWITCH_OPEN; + } else { + /* + * Switch closed + */ +- info("Latch close on Slot(%s)\n", p_slot->name); ++ info("Latch close on Slot(%s)\n", slot_name(p_slot)); + event_type = INT_SWITCH_CLOSE; + } + +@@ -117,13 +117,13 @@ u8 pciehp_handle_presence_change(struct slot *p_slot) + /* + * Card Present + */ +- info("Card present on Slot(%s)\n", p_slot->name); ++ info("Card present on Slot(%s)\n", slot_name(p_slot)); + event_type = INT_PRESENCE_ON; + } else { + /* + * Not Present + */ +- info("Card not present on Slot(%s)\n", p_slot->name); ++ info("Card not present on Slot(%s)\n", slot_name(p_slot)); + event_type = INT_PRESENCE_OFF; + } + +@@ -143,13 +143,13 @@ u8 pciehp_handle_power_fault(struct slot *p_slot) + /* + * power fault Cleared + */ +- info("Power fault cleared on Slot(%s)\n", p_slot->name); ++ info("Power fault cleared on Slot(%s)\n", slot_name(p_slot)); + event_type = INT_POWER_FAULT_CLEAR; + } else { + /* + * power fault + */ +- info("Power fault on Slot(%s)\n", p_slot->name); ++ info("Power fault on Slot(%s)\n", slot_name(p_slot)); + event_type = INT_POWER_FAULT; + info("power fault bit %x set\n", 0); + } +@@ -404,11 +404,11 @@ static void handle_button_press_event(struct slot *p_slot) + if (getstatus) { + p_slot->state = BLINKINGOFF_STATE; + info("PCI slot #%s - powering off due to button " +- "press.\n", p_slot->name); ++ "press.\n", slot_name(p_slot)); + } else { + p_slot->state = BLINKINGON_STATE; + info("PCI slot #%s - powering on due to button " +- "press.\n", p_slot->name); ++ "press.\n", slot_name(p_slot)); + } + /* blink green LED and turn off amber */ + if (PWR_LED(ctrl)) +@@ -425,7 +425,7 @@ static void handle_button_press_event(struct slot *p_slot) + * press the attention again before the 5 sec. limit + * expires to cancel hot-add or hot-remove + */ +- info("Button cancel on Slot(%s)\n", p_slot->name); ++ info("Button cancel on Slot(%s)\n", slot_name(p_slot)); + dbg("%s: button cancel\n", __func__); + cancel_delayed_work(&p_slot->work); + if (p_slot->state == BLINKINGOFF_STATE) { +@@ -438,7 +438,7 @@ static void handle_button_press_event(struct slot *p_slot) + if (ATTN_LED(ctrl)) + p_slot->hpc_ops->set_attention_status(p_slot, 0); + info("PCI slot #%s - action canceled due to button press\n", +- p_slot->name); ++ slot_name(p_slot)); + p_slot->state = STATIC_STATE; + break; + case POWEROFF_STATE: +@@ -448,7 +448,7 @@ static void handle_button_press_event(struct slot *p_slot) + * this means that the previous attention button action + * to hot-add or hot-remove is undergoing + */ +- info("Button ignore on Slot(%s)\n", p_slot->name); ++ info("Button ignore on Slot(%s)\n", slot_name(p_slot)); + update_slot_info(p_slot); + break; + default: +@@ -529,7 +529,7 @@ int pciehp_enable_slot(struct slot *p_slot) + rc = p_slot->hpc_ops->get_adapter_status(p_slot, &getstatus); + if (rc || !getstatus) { + info("%s: no adapter on slot(%s)\n", __func__, +- p_slot->name); ++ slot_name(p_slot)); + mutex_unlock(&p_slot->ctrl->crit_sect); + return -ENODEV; + } +@@ -537,7 +537,7 @@ int pciehp_enable_slot(struct slot *p_slot) + rc = p_slot->hpc_ops->get_latch_status(p_slot, &getstatus); + if (rc || getstatus) { + info("%s: latch open on slot(%s)\n", __func__, +- p_slot->name); ++ slot_name(p_slot)); + mutex_unlock(&p_slot->ctrl->crit_sect); + return -ENODEV; + } +@@ -547,7 +547,7 @@ int pciehp_enable_slot(struct slot *p_slot) + rc = p_slot->hpc_ops->get_power_status(p_slot, &getstatus); + if (rc || getstatus) { + info("%s: already enabled on slot(%s)\n", __func__, +- p_slot->name); ++ slot_name(p_slot)); + mutex_unlock(&p_slot->ctrl->crit_sect); + return -EINVAL; + } +@@ -582,7 +582,7 @@ int pciehp_disable_slot(struct slot *p_slot) + ret = p_slot->hpc_ops->get_adapter_status(p_slot, &getstatus); + if (ret || !getstatus) { + info("%s: no adapter on slot(%s)\n", __func__, +- p_slot->name); ++ slot_name(p_slot)); + mutex_unlock(&p_slot->ctrl->crit_sect); + return -ENODEV; + } +@@ -592,7 +592,7 @@ int pciehp_disable_slot(struct slot *p_slot) + ret = p_slot->hpc_ops->get_latch_status(p_slot, &getstatus); + if (ret || getstatus) { + info("%s: latch open on slot(%s)\n", __func__, +- p_slot->name); ++ slot_name(p_slot)); + mutex_unlock(&p_slot->ctrl->crit_sect); + return -ENODEV; + } +@@ -602,7 +602,7 @@ int pciehp_disable_slot(struct slot *p_slot) + ret = p_slot->hpc_ops->get_power_status(p_slot, &getstatus); + if (ret || !getstatus) { + info("%s: already disabled slot(%s)\n", __func__, +- p_slot->name); ++ slot_name(p_slot)); + mutex_unlock(&p_slot->ctrl->crit_sect); + return -EINVAL; + } +@@ -632,14 +632,14 @@ int pciehp_sysfs_enable_slot(struct slot *p_slot) + break; + case POWERON_STATE: + info("Slot %s is already in powering on state\n", +- p_slot->name); ++ slot_name(p_slot)); + break; + case BLINKINGOFF_STATE: + case POWEROFF_STATE: +- info("Already enabled on slot %s\n", p_slot->name); ++ info("Already enabled on slot %s\n", slot_name(p_slot)); + break; + default: +- err("Not a valid state on slot %s\n", p_slot->name); ++ err("Not a valid state on slot %s\n", slot_name(p_slot)); + break; + } + mutex_unlock(&p_slot->lock); +@@ -664,14 +664,14 @@ int pciehp_sysfs_disable_slot(struct slot *p_slot) + break; + case POWEROFF_STATE: + info("Slot %s is already in powering off state\n", +- p_slot->name); ++ slot_name(p_slot)); + break; + case BLINKINGON_STATE: + case POWERON_STATE: +- info("Already disabled on slot %s\n", p_slot->name); ++ info("Already disabled on slot %s\n", slot_name(p_slot)); + break; + default: +- err("Not a valid state on slot %s\n", p_slot->name); ++ err("Not a valid state on slot %s\n", slot_name(p_slot)); + break; + } + mutex_unlock(&p_slot->lock); +diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c +index 9d934dd..d3cf6f9 100644 +--- a/drivers/pci/hotplug/pciehp_hpc.c ++++ b/drivers/pci/hotplug/pciehp_hpc.c +@@ -1044,7 +1044,6 @@ static int pcie_init_slot(struct controller *ctrl) + slot->device = ctrl->slot_device_offset + slot->hp_slot; + slot->hpc_ops = ctrl->hpc_ops; + slot->number = ctrl->first_slot; +- snprintf(slot->name, SLOT_NAME_SIZE, "%d", slot->number); + mutex_init(&slot->lock); + INIT_DELAYED_WORK(&slot->work, pciehp_queue_pushbutton_work); + list_add(&slot->slot_list, &ctrl->slot_list); +diff --git a/drivers/pci/hotplug/rpaphp_slot.c b/drivers/pci/hotplug/rpaphp_slot.c +index 9b714ea..23be8a2 100644 +--- a/drivers/pci/hotplug/rpaphp_slot.c ++++ b/drivers/pci/hotplug/rpaphp_slot.c +@@ -43,7 +43,7 @@ static void rpaphp_release_slot(struct hotplug_slot *hotplug_slot) + void dealloc_slot_struct(struct slot *slot) + { + kfree(slot->hotplug_slot->info); +- kfree(slot->hotplug_slot->name); ++ kfree(slot->name); + kfree(slot->hotplug_slot); + kfree(slot); + } +@@ -63,11 +63,9 @@ struct slot *alloc_slot_struct(struct device_node *dn, + GFP_KERNEL); + if (!slot->hotplug_slot->info) + goto error_hpslot; +- slot->hotplug_slot->name = kmalloc(strlen(drc_name) + 1, GFP_KERNEL); +- if (!slot->hotplug_slot->name) ++ slot->name = kstrdup(drc_name, GFP_KERNEL); ++ if (!slot->name) + goto error_info; +- slot->name = slot->hotplug_slot->name; +- strcpy(slot->name, drc_name); + slot->dn = dn; + slot->index = drc_index; + slot->power_domain = power_domain; +@@ -137,7 +135,7 @@ int rpaphp_register_slot(struct slot *slot) + slotno = PCI_SLOT(PCI_DN(slot->dn->child)->devfn); + else + slotno = -1; +- retval = pci_hp_register(php_slot, slot->bus, slotno); ++ retval = pci_hp_register(php_slot, slot->bus, slotno, slot->name); + if (retval) { + err("pci_hp_register failed with error %d\n", retval); + return retval; +diff --git a/drivers/pci/hotplug/sgi_hotplug.c b/drivers/pci/hotplug/sgi_hotplug.c +index 410fe03..d748698 100644 +--- a/drivers/pci/hotplug/sgi_hotplug.c ++++ b/drivers/pci/hotplug/sgi_hotplug.c +@@ -161,7 +161,8 @@ static int sn_pci_bus_valid(struct pci_bus *pci_bus) + } + + static int sn_hp_slot_private_alloc(struct hotplug_slot *bss_hotplug_slot, +- struct pci_bus *pci_bus, int device) ++ struct pci_bus *pci_bus, int device, ++ char *name) + { + struct pcibus_info *pcibus_info; + struct slot *slot; +@@ -173,15 +174,9 @@ static int sn_hp_slot_private_alloc(struct hotplug_slot *bss_hotplug_slot, + return -ENOMEM; + bss_hotplug_slot->private = slot; + +- bss_hotplug_slot->name = kmalloc(SN_SLOT_NAME_SIZE, GFP_KERNEL); +- if (!bss_hotplug_slot->name) { +- kfree(bss_hotplug_slot->private); +- return -ENOMEM; +- } +- + slot->device_num = device; + slot->pci_bus = pci_bus; +- sprintf(bss_hotplug_slot->name, "%04x:%02x:%02x", ++ sprintf(name, "%04x:%02x:%02x", + pci_domain_nr(pci_bus), + ((u16)pcibus_info->pbi_buscommon.bs_persist_busnum), + device + 1); +@@ -608,7 +603,6 @@ static inline int get_power_status(struct hotplug_slot *bss_hotplug_slot, + static void sn_release_slot(struct hotplug_slot *bss_hotplug_slot) + { + kfree(bss_hotplug_slot->info); +- kfree(bss_hotplug_slot->name); + kfree(bss_hotplug_slot->private); + kfree(bss_hotplug_slot); + } +@@ -618,6 +612,7 @@ static int sn_hotplug_slot_register(struct pci_bus *pci_bus) + int device; + struct pci_slot *pci_slot; + struct hotplug_slot *bss_hotplug_slot; ++ char name[SN_SLOT_NAME_SIZE]; + int rc = 0; + + /* +@@ -645,15 +640,14 @@ static int sn_hotplug_slot_register(struct pci_bus *pci_bus) + } + + if (sn_hp_slot_private_alloc(bss_hotplug_slot, +- pci_bus, device)) { ++ pci_bus, device, name)) { + rc = -ENOMEM; + goto alloc_err; + } +- + bss_hotplug_slot->ops = &sn_hotplug_slot_ops; + bss_hotplug_slot->release = &sn_release_slot; + +- rc = pci_hp_register(bss_hotplug_slot, pci_bus, device); ++ rc = pci_hp_register(bss_hotplug_slot, pci_bus, device, name); + if (rc) + goto register_err; + +diff --git a/drivers/pci/hotplug/shpchp.h b/drivers/pci/hotplug/shpchp.h +index 8a026f7..4d9fed0 100644 +--- a/drivers/pci/hotplug/shpchp.h ++++ b/drivers/pci/hotplug/shpchp.h +@@ -69,15 +69,13 @@ struct slot { + u8 state; + u8 presence_save; + u8 pwr_save; +- struct timer_list task_event; +- u8 hp_slot; + struct controller *ctrl; + struct hpc_ops *hpc_ops; + struct hotplug_slot *hotplug_slot; + struct list_head slot_list; +- char name[SLOT_NAME_SIZE]; + struct delayed_work work; /* work for button event */ + struct mutex lock; ++ u8 hp_slot; + }; + + struct event_info { +@@ -169,6 +167,11 @@ extern void cleanup_slots(struct controller *ctrl); + extern void shpchp_queue_pushbutton_work(struct work_struct *work); + extern int shpc_init( struct controller *ctrl, struct pci_dev *pdev); + ++static inline const char *slot_name(struct slot *slot) ++{ ++ return hotplug_slot_name(slot->hotplug_slot); ++} ++ + #ifdef CONFIG_ACPI + #include + static inline int get_hp_params_from_firmware(struct pci_dev *dev, +diff --git a/drivers/pci/hotplug/shpchp_core.c b/drivers/pci/hotplug/shpchp_core.c +index cc38615..7af9191 100644 +--- a/drivers/pci/hotplug/shpchp_core.c ++++ b/drivers/pci/hotplug/shpchp_core.c +@@ -89,7 +89,7 @@ static void release_slot(struct hotplug_slot *hotplug_slot) + { + struct slot *slot = hotplug_slot->private; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + kfree(slot->hotplug_slot->info); + kfree(slot->hotplug_slot); +@@ -101,8 +101,9 @@ static int init_slots(struct controller *ctrl) + struct slot *slot; + struct hotplug_slot *hotplug_slot; + struct hotplug_slot_info *info; ++ char name[SLOT_NAME_SIZE]; + int retval = -ENOMEM; +- int i, len, dup = 1; ++ int i; + + for (i = 0; i < ctrl->num_slots; i++) { + slot = kzalloc(sizeof(*slot), GFP_KERNEL); +@@ -119,8 +120,6 @@ static int init_slots(struct controller *ctrl) + goto error_hpslot; + hotplug_slot->info = info; + +- hotplug_slot->name = slot->name; +- + slot->hp_slot = i; + slot->ctrl = ctrl; + slot->bus = ctrl->pci_dev->subordinate->number; +@@ -133,37 +132,24 @@ static int init_slots(struct controller *ctrl) + /* register this slot with the hotplug pci core */ + hotplug_slot->private = slot; + hotplug_slot->release = &release_slot; +- snprintf(slot->name, SLOT_NAME_SIZE, "%d", slot->number); ++ snprintf(name, SLOT_NAME_SIZE, "%d", slot->number); + hotplug_slot->ops = &shpchp_hotplug_slot_ops; + +- get_power_status(hotplug_slot, &info->power_status); +- get_attention_status(hotplug_slot, &info->attention_status); +- get_latch_status(hotplug_slot, &info->latch_status); +- get_adapter_status(hotplug_slot, &info->adapter_status); +- + dbg("Registering bus=%x dev=%x hp_slot=%x sun=%x " + "slot_device_offset=%x\n", slot->bus, slot->device, + slot->hp_slot, slot->number, ctrl->slot_device_offset); +-duplicate_name: + retval = pci_hp_register(slot->hotplug_slot, +- ctrl->pci_dev->subordinate, slot->device); ++ ctrl->pci_dev->subordinate, slot->device, name); + if (retval) { +- /* +- * If slot N already exists, we'll try to create +- * slot N-1, N-2 ... N-M, until we overflow. +- */ +- if (retval == -EEXIST) { +- len = snprintf(slot->name, SLOT_NAME_SIZE, +- "%d-%d", slot->number, dup++); +- if (len < SLOT_NAME_SIZE) +- goto duplicate_name; +- else +- err("duplicate slot name overflow\n"); +- } + err("pci_hp_register failed with error %d\n", retval); + goto error_info; + } + ++ get_power_status(hotplug_slot, &info->power_status); ++ get_attention_status(hotplug_slot, &info->attention_status); ++ get_latch_status(hotplug_slot, &info->latch_status); ++ get_adapter_status(hotplug_slot, &info->adapter_status); ++ + list_add(&slot->slot_list, &ctrl->slot_list); + } + +@@ -201,7 +187,7 @@ static int set_attention_status (struct hotplug_slot *hotplug_slot, u8 status) + { + struct slot *slot = get_slot(hotplug_slot); + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + hotplug_slot->info->attention_status = status; + slot->hpc_ops->set_attention_status(slot, status); +@@ -213,7 +199,7 @@ static int enable_slot (struct hotplug_slot *hotplug_slot) + { + struct slot *slot = get_slot(hotplug_slot); + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + return shpchp_sysfs_enable_slot(slot); + } +@@ -222,7 +208,7 @@ static int disable_slot (struct hotplug_slot *hotplug_slot) + { + struct slot *slot = get_slot(hotplug_slot); + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + return shpchp_sysfs_disable_slot(slot); + } +@@ -232,7 +218,7 @@ static int get_power_status (struct hotplug_slot *hotplug_slot, u8 *value) + struct slot *slot = get_slot(hotplug_slot); + int retval; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + retval = slot->hpc_ops->get_power_status(slot, value); + if (retval < 0) +@@ -246,7 +232,7 @@ static int get_attention_status (struct hotplug_slot *hotplug_slot, u8 *value) + struct slot *slot = get_slot(hotplug_slot); + int retval; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + retval = slot->hpc_ops->get_attention_status(slot, value); + if (retval < 0) +@@ -260,7 +246,7 @@ static int get_latch_status (struct hotplug_slot *hotplug_slot, u8 *value) + struct slot *slot = get_slot(hotplug_slot); + int retval; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + retval = slot->hpc_ops->get_latch_status(slot, value); + if (retval < 0) +@@ -274,7 +260,7 @@ static int get_adapter_status (struct hotplug_slot *hotplug_slot, u8 *value) + struct slot *slot = get_slot(hotplug_slot); + int retval; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + retval = slot->hpc_ops->get_adapter_status(slot, value); + if (retval < 0) +@@ -289,7 +275,7 @@ static int get_max_bus_speed(struct hotplug_slot *hotplug_slot, + struct slot *slot = get_slot(hotplug_slot); + int retval; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + retval = slot->hpc_ops->get_max_bus_speed(slot, value); + if (retval < 0) +@@ -303,7 +289,7 @@ static int get_cur_bus_speed (struct hotplug_slot *hotplug_slot, enum pci_bus_sp + struct slot *slot = get_slot(hotplug_slot); + int retval; + +- dbg("%s - physical_slot = %s\n", __func__, hotplug_slot->name); ++ dbg("%s - physical_slot = %s\n", __func__, slot_name(slot)); + + retval = slot->hpc_ops->get_cur_bus_speed(slot, value); + if (retval < 0) +diff --git a/drivers/pci/hotplug/shpchp_ctrl.c b/drivers/pci/hotplug/shpchp_ctrl.c +index dfb5393..919b1ee 100644 +--- a/drivers/pci/hotplug/shpchp_ctrl.c ++++ b/drivers/pci/hotplug/shpchp_ctrl.c +@@ -70,7 +70,7 @@ u8 shpchp_handle_attention_button(u8 hp_slot, struct controller *ctrl) + /* + * Button pressed - See if need to TAKE ACTION!!! + */ +- info("Button pressed on Slot(%s)\n", p_slot->name); ++ info("Button pressed on Slot(%s)\n", slot_name(p_slot)); + event_type = INT_BUTTON_PRESS; + + queue_interrupt_event(p_slot, event_type); +@@ -98,7 +98,7 @@ u8 shpchp_handle_switch_change(u8 hp_slot, struct controller *ctrl) + /* + * Switch opened + */ +- info("Latch open on Slot(%s)\n", p_slot->name); ++ info("Latch open on Slot(%s)\n", slot_name(p_slot)); + event_type = INT_SWITCH_OPEN; + if (p_slot->pwr_save && p_slot->presence_save) { + event_type = INT_POWER_FAULT; +@@ -108,7 +108,7 @@ u8 shpchp_handle_switch_change(u8 hp_slot, struct controller *ctrl) + /* + * Switch closed + */ +- info("Latch close on Slot(%s)\n", p_slot->name); ++ info("Latch close on Slot(%s)\n", slot_name(p_slot)); + event_type = INT_SWITCH_CLOSE; + } + +@@ -135,13 +135,13 @@ u8 shpchp_handle_presence_change(u8 hp_slot, struct controller *ctrl) + /* + * Card Present + */ +- info("Card present on Slot(%s)\n", p_slot->name); ++ info("Card present on Slot(%s)\n", slot_name(p_slot)); + event_type = INT_PRESENCE_ON; + } else { + /* + * Not Present + */ +- info("Card not present on Slot(%s)\n", p_slot->name); ++ info("Card not present on Slot(%s)\n", slot_name(p_slot)); + event_type = INT_PRESENCE_OFF; + } + +@@ -164,14 +164,14 @@ u8 shpchp_handle_power_fault(u8 hp_slot, struct controller *ctrl) + /* + * Power fault Cleared + */ +- info("Power fault cleared on Slot(%s)\n", p_slot->name); ++ info("Power fault cleared on Slot(%s)\n", slot_name(p_slot)); + p_slot->status = 0x00; + event_type = INT_POWER_FAULT_CLEAR; + } else { + /* + * Power fault + */ +- info("Power fault on Slot(%s)\n", p_slot->name); ++ info("Power fault on Slot(%s)\n", slot_name(p_slot)); + event_type = INT_POWER_FAULT; + /* set power fault status for this board */ + p_slot->status = 0xFF; +@@ -493,11 +493,11 @@ static void handle_button_press_event(struct slot *p_slot) + if (getstatus) { + p_slot->state = BLINKINGOFF_STATE; + info("PCI slot #%s - powering off due to button " +- "press.\n", p_slot->name); ++ "press.\n", slot_name(p_slot)); + } else { + p_slot->state = BLINKINGON_STATE; + info("PCI slot #%s - powering on due to button " +- "press.\n", p_slot->name); ++ "press.\n", slot_name(p_slot)); + } + /* blink green LED and turn off amber */ + p_slot->hpc_ops->green_led_blink(p_slot); +@@ -512,7 +512,7 @@ static void handle_button_press_event(struct slot *p_slot) + * press the attention again before the 5 sec. limit + * expires to cancel hot-add or hot-remove + */ +- info("Button cancel on Slot(%s)\n", p_slot->name); ++ info("Button cancel on Slot(%s)\n", slot_name(p_slot)); + dbg("%s: button cancel\n", __func__); + cancel_delayed_work(&p_slot->work); + if (p_slot->state == BLINKINGOFF_STATE) +@@ -521,7 +521,7 @@ static void handle_button_press_event(struct slot *p_slot) + p_slot->hpc_ops->green_led_off(p_slot); + p_slot->hpc_ops->set_attention_status(p_slot, 0); + info("PCI slot #%s - action canceled due to button press\n", +- p_slot->name); ++ slot_name(p_slot)); + p_slot->state = STATIC_STATE; + break; + case POWEROFF_STATE: +@@ -531,7 +531,7 @@ static void handle_button_press_event(struct slot *p_slot) + * this means that the previous attention button action + * to hot-add or hot-remove is undergoing + */ +- info("Button ignore on Slot(%s)\n", p_slot->name); ++ info("Button ignore on Slot(%s)\n", slot_name(p_slot)); + update_slot_info(p_slot); + break; + default: +@@ -574,17 +574,17 @@ static int shpchp_enable_slot (struct slot *p_slot) + mutex_lock(&p_slot->ctrl->crit_sect); + rc = p_slot->hpc_ops->get_adapter_status(p_slot, &getstatus); + if (rc || !getstatus) { +- info("No adapter on slot(%s)\n", p_slot->name); ++ info("No adapter on slot(%s)\n", slot_name(p_slot)); + goto out; + } + rc = p_slot->hpc_ops->get_latch_status(p_slot, &getstatus); + if (rc || getstatus) { +- info("Latch open on slot(%s)\n", p_slot->name); ++ info("Latch open on slot(%s)\n", slot_name(p_slot)); + goto out; + } + rc = p_slot->hpc_ops->get_power_status(p_slot, &getstatus); + if (rc || getstatus) { +- info("Already enabled on slot(%s)\n", p_slot->name); ++ info("Already enabled on slot(%s)\n", slot_name(p_slot)); + goto out; + } + +@@ -633,17 +633,17 @@ static int shpchp_disable_slot (struct slot *p_slot) + + rc = p_slot->hpc_ops->get_adapter_status(p_slot, &getstatus); + if (rc || !getstatus) { +- info("No adapter on slot(%s)\n", p_slot->name); ++ info("No adapter on slot(%s)\n", slot_name(p_slot)); + goto out; + } + rc = p_slot->hpc_ops->get_latch_status(p_slot, &getstatus); + if (rc || getstatus) { +- info("Latch open on slot(%s)\n", p_slot->name); ++ info("Latch open on slot(%s)\n", slot_name(p_slot)); + goto out; + } + rc = p_slot->hpc_ops->get_power_status(p_slot, &getstatus); + if (rc || !getstatus) { +- info("Already disabled slot(%s)\n", p_slot->name); ++ info("Already disabled slot(%s)\n", slot_name(p_slot)); + goto out; + } + +@@ -671,14 +671,14 @@ int shpchp_sysfs_enable_slot(struct slot *p_slot) + break; + case POWERON_STATE: + info("Slot %s is already in powering on state\n", +- p_slot->name); ++ slot_name(p_slot)); + break; + case BLINKINGOFF_STATE: + case POWEROFF_STATE: +- info("Already enabled on slot %s\n", p_slot->name); ++ info("Already enabled on slot %s\n", slot_name(p_slot)); + break; + default: +- err("Not a valid state on slot %s\n", p_slot->name); ++ err("Not a valid state on slot %s\n", slot_name(p_slot)); + break; + } + mutex_unlock(&p_slot->lock); +@@ -703,14 +703,14 @@ int shpchp_sysfs_disable_slot(struct slot *p_slot) + break; + case POWEROFF_STATE: + info("Slot %s is already in powering off state\n", +- p_slot->name); ++ slot_name(p_slot)); + break; + case BLINKINGON_STATE: + case POWERON_STATE: +- info("Already disabled on slot %s\n", p_slot->name); ++ info("Already disabled on slot %s\n", slot_name(p_slot)); + break; + default: +- err("Not a valid state on slot %s\n", p_slot->name); ++ err("Not a valid state on slot %s\n", slot_name(p_slot)); + break; + } + mutex_unlock(&p_slot->lock); +diff --git a/drivers/pci/slot.c b/drivers/pci/slot.c +index 7e5b85c..b703b09 100644 +--- a/drivers/pci/slot.c ++++ b/drivers/pci/slot.c +@@ -73,18 +73,100 @@ static struct kobj_type pci_slot_ktype = { + .default_attrs = pci_slot_default_attrs, + }; + ++static char *make_slot_name(const char *name) ++{ ++ char *new_name; ++ int len, max, dup; ++ ++ new_name = kstrdup(name, GFP_KERNEL); ++ if (!new_name) ++ return NULL; ++ ++ /* ++ * Make sure we hit the realloc case the first time through the ++ * loop. 'len' will be strlen(name) + 3 at that point which is ++ * enough space for "name-X" and the trailing NUL. ++ */ ++ len = strlen(name) + 2; ++ max = 1; ++ dup = 1; ++ ++ for (;;) { ++ struct kobject *dup_slot; ++ dup_slot = kset_find_obj(pci_slots_kset, new_name); ++ if (!dup_slot) ++ break; ++ kobject_put(dup_slot); ++ if (dup == max) { ++ len++; ++ max *= 10; ++ kfree(new_name); ++ new_name = kmalloc(len, GFP_KERNEL); ++ if (!new_name) ++ break; ++ } ++ sprintf(new_name, "%s-%d", name, dup++); ++ } ++ ++ return new_name; ++} ++ ++static int rename_slot(struct pci_slot *slot, const char *name) ++{ ++ int result = 0; ++ char *slot_name; ++ ++ if (strcmp(pci_slot_name(slot), name) == 0) ++ return result; ++ ++ slot_name = make_slot_name(name); ++ if (!slot_name) ++ return -ENOMEM; ++ ++ result = kobject_rename(&slot->kobj, slot_name); ++ kfree(slot_name); ++ ++ return result; ++} ++ ++static struct pci_slot *get_slot(struct pci_bus *parent, int slot_nr) ++{ ++ struct pci_slot *slot; ++ /* ++ * We already hold pci_bus_sem so don't worry ++ */ ++ list_for_each_entry(slot, &parent->slots, list) ++ if (slot->number == slot_nr) { ++ kobject_get(&slot->kobj); ++ return slot; ++ } ++ ++ return NULL; ++} ++ + /** + * pci_create_slot - create or increment refcount for physical PCI slot + * @parent: struct pci_bus of parent bridge + * @slot_nr: PCI_SLOT(pci_dev->devfn) or -1 for placeholder + * @name: user visible string presented in /sys/bus/pci/slots/ ++ * @hotplug: set if caller is hotplug driver, NULL otherwise + * + * PCI slots have first class attributes such as address, speed, width, + * and a &struct pci_slot is used to manage them. This interface will + * either return a new &struct pci_slot to the caller, or if the pci_slot + * already exists, its refcount will be incremented. + * +- * Slots are uniquely identified by a @pci_bus, @slot_nr, @name tuple. ++ * Slots are uniquely identified by a @pci_bus, @slot_nr tuple. ++ * ++ * There are known platforms with broken firmware that assign the same ++ * name to multiple slots. Workaround these broken platforms by renaming ++ * the slots on behalf of the caller. If firmware assigns name N to ++ * multiple slots: ++ * ++ * The first slot is assigned N ++ * The second slot is assigned N-1 ++ * The third slot is assigned N-2 ++ * etc. + * + * Placeholder slots: + * In most cases, @pci_bus, @slot_nr will be sufficient to uniquely identify +@@ -93,12 +175,8 @@ static struct kobj_type pci_slot_ktype = { + * the slot. In this scenario, the caller may pass -1 for @slot_nr. + * + * The following semantics are imposed when the caller passes @slot_nr == +- * -1. First, the check for existing %struct pci_slot is skipped, as the +- * caller may know about several unpopulated slots on a given %struct +- * pci_bus, and each slot would have a @slot_nr of -1. Uniqueness for +- * these slots is then determined by the @name parameter. We expect +- * kobject_init_and_add() to warn us if the caller attempts to create +- * multiple slots with the same name. The other change in semantics is ++ * -1. First, we no longer check for an existing %struct pci_slot, as there ++ * may be many slots with @slot_nr of -1. The other change in semantics is + * user-visible, which is the 'address' parameter presented in sysfs will + * consist solely of a dddd:bb tuple, where dddd is the PCI domain of the + * %struct pci_bus and bb is the bus number. In other words, the devfn of +@@ -106,47 +184,57 @@ static struct kobj_type pci_slot_ktype = { + */ + + struct pci_slot *pci_create_slot(struct pci_bus *parent, int slot_nr, +- const char *name) ++ const char *name, ++ struct hotplug_slot *hotplug) + { + struct pci_slot *slot; +- int err; ++ int err = 0; ++ char *slot_name = NULL; + + down_write(&pci_bus_sem); + + if (slot_nr == -1) + goto placeholder; + +- /* If we've already created this slot, bump refcount and return. */ +- list_for_each_entry(slot, &parent->slots, list) { +- if (slot->number == slot_nr) { +- kobject_get(&slot->kobj); +- pr_debug("%s: inc refcount to %d on %04x:%02x:%02x\n", +- __func__, +- atomic_read(&slot->kobj.kref.refcount), +- pci_domain_nr(parent), parent->number, +- slot_nr); +- goto out; ++ /* ++ * Hotplug drivers are allowed to rename an existing slot, ++ * but only if not already claimed. ++ */ ++ slot = get_slot(parent, slot_nr); ++ if (slot) { ++ if (hotplug) { ++ if ((err = slot->hotplug ? -EBUSY : 0) ++ || (err = rename_slot(slot, name))) { ++ kobject_put(&slot->kobj); ++ slot = NULL; ++ goto err; ++ } + } ++ goto out; + } + + placeholder: + slot = kzalloc(sizeof(*slot), GFP_KERNEL); + if (!slot) { +- slot = ERR_PTR(-ENOMEM); +- goto out; ++ err = -ENOMEM; ++ goto err; + } + + slot->bus = parent; + slot->number = slot_nr; + + slot->kobj.kset = pci_slots_kset; +- err = kobject_init_and_add(&slot->kobj, &pci_slot_ktype, NULL, +- "%s", name); +- if (err) { +- printk(KERN_ERR "Unable to register kobject %s\n", name); ++ slot_name = make_slot_name(name); ++ if (!slot_name) { ++ err = -ENOMEM; + goto err; + } + ++ err = kobject_init_and_add(&slot->kobj, &pci_slot_ktype, NULL, ++ "%s", slot_name); ++ if (err) ++ goto err; ++ + INIT_LIST_HEAD(&slot->list); + list_add(&slot->list, &parent->slots); + +@@ -154,10 +242,10 @@ placeholder: + pr_debug("%s: created pci_slot on %04x:%02x:%02x\n", + __func__, pci_domain_nr(parent), parent->number, slot_nr); + +- out: ++out: + up_write(&pci_bus_sem); + return slot; +- err: ++err: + kfree(slot); + slot = ERR_PTR(err); + goto out; +@@ -203,7 +291,6 @@ EXPORT_SYMBOL_GPL(pci_update_slot_number); + * just call kobject_put on its kobj and let our release methods do the + * rest. + */ +- + void pci_destroy_slot(struct pci_slot *slot) + { + pr_debug("%s: dec refcount to %d on %04x:%02x:%02x\n", __func__, +diff --git a/drivers/spi/pxa2xx_spi.c b/drivers/spi/pxa2xx_spi.c +index d47d363..b5fc978 100644 +--- a/drivers/spi/pxa2xx_spi.c ++++ b/drivers/spi/pxa2xx_spi.c +@@ -348,21 +348,21 @@ static int map_dma_buffers(struct driver_data *drv_data) + } else + drv_data->tx_map_len = drv_data->len; + +- /* Stream map the rx buffer */ +- drv_data->rx_dma = dma_map_single(dev, drv_data->rx, +- drv_data->rx_map_len, +- DMA_FROM_DEVICE); +- if (dma_mapping_error(dev, drv_data->rx_dma)) +- return 0; +- +- /* Stream map the tx buffer */ ++ /* Stream map the tx buffer. Always do DMA_TO_DEVICE first ++ * so we flush the cache *before* invalidating it, in case ++ * the tx and rx buffers overlap. ++ */ + drv_data->tx_dma = dma_map_single(dev, drv_data->tx, +- drv_data->tx_map_len, +- DMA_TO_DEVICE); ++ drv_data->tx_map_len, DMA_TO_DEVICE); ++ if (dma_mapping_error(dev, drv_data->tx_dma)) ++ return 0; + +- if (dma_mapping_error(dev, drv_data->tx_dma)) { +- dma_unmap_single(dev, drv_data->rx_dma, ++ /* Stream map the rx buffer */ ++ drv_data->rx_dma = dma_map_single(dev, drv_data->rx, + drv_data->rx_map_len, DMA_FROM_DEVICE); ++ if (dma_mapping_error(dev, drv_data->rx_dma)) { ++ dma_unmap_single(dev, drv_data->tx_dma, ++ drv_data->tx_map_len, DMA_TO_DEVICE); + return 0; + } + +diff --git a/drivers/usb/gadget/f_rndis.c b/drivers/usb/gadget/f_rndis.c +index 659b3d9..428b599 100644 +--- a/drivers/usb/gadget/f_rndis.c ++++ b/drivers/usb/gadget/f_rndis.c +@@ -172,7 +172,6 @@ static struct usb_interface_descriptor rndis_data_intf __initdata = { + .bDescriptorType = USB_DT_INTERFACE, + + /* .bInterfaceNumber = DYNAMIC */ +- .bAlternateSetting = 1, + .bNumEndpoints = 2, + .bInterfaceClass = USB_CLASS_CDC_DATA, + .bInterfaceSubClass = 0, +@@ -303,7 +302,7 @@ static void rndis_response_available(void *_rndis) + __le32 *data = req->buf; + int status; + +- if (atomic_inc_return(&rndis->notify_count)) ++ if (atomic_inc_return(&rndis->notify_count) != 1) + return; + + /* Send RNDIS RESPONSE_AVAILABLE notification; a +diff --git a/drivers/usb/host/ehci-pci.c b/drivers/usb/host/ehci-pci.c +index c46a58f..36864f9 100644 +--- a/drivers/usb/host/ehci-pci.c ++++ b/drivers/usb/host/ehci-pci.c +@@ -66,6 +66,8 @@ static int ehci_pci_setup(struct usb_hcd *hcd) + { + struct ehci_hcd *ehci = hcd_to_ehci(hcd); + struct pci_dev *pdev = to_pci_dev(hcd->self.controller); ++ struct pci_dev *p_smbus; ++ u8 rev; + u32 temp; + int retval; + +@@ -166,6 +168,28 @@ static int ehci_pci_setup(struct usb_hcd *hcd) + pci_write_config_byte(pdev, 0x4b, tmp | 0x20); + } + break; ++ case PCI_VENDOR_ID_ATI: ++ /* SB600 and old version of SB700 have a bug in EHCI controller, ++ * which causes usb devices lose response in some cases. ++ */ ++ if ((pdev->device == 0x4386) || (pdev->device == 0x4396)) { ++ p_smbus = pci_get_device(PCI_VENDOR_ID_ATI, ++ PCI_DEVICE_ID_ATI_SBX00_SMBUS, ++ NULL); ++ if (!p_smbus) ++ break; ++ rev = p_smbus->revision; ++ if ((pdev->device == 0x4386) || (rev == 0x3a) ++ || (rev == 0x3b)) { ++ u8 tmp; ++ ehci_info(ehci, "applying AMD SB600/SB700 USB " ++ "freeze workaround\n"); ++ pci_read_config_byte(pdev, 0x53, &tmp); ++ pci_write_config_byte(pdev, 0x53, tmp | (1<<3)); ++ } ++ pci_dev_put(p_smbus); ++ } ++ break; + } + + ehci_reset(ehci); +diff --git a/drivers/usb/mon/mon_bin.c b/drivers/usb/mon/mon_bin.c +index 6566fc0..0ada0fc 100644 +--- a/drivers/usb/mon/mon_bin.c ++++ b/drivers/usb/mon/mon_bin.c +@@ -687,7 +687,10 @@ static ssize_t mon_bin_read(struct file *file, char __user *buf, + } + + if (rp->b_read >= sizeof(struct mon_bin_hdr)) { +- step_len = min(nbytes, (size_t)ep->len_cap); ++ step_len = ep->len_cap; ++ step_len -= rp->b_read - sizeof(struct mon_bin_hdr); ++ if (step_len > nbytes) ++ step_len = nbytes; + offset = rp->b_out + PKT_SIZE; + offset += rp->b_read - sizeof(struct mon_bin_hdr); + if (offset >= rp->b_size) +diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c +index 98843c2..3f050e2 100644 +--- a/drivers/video/fbmem.c ++++ b/drivers/video/fbmem.c +@@ -232,7 +232,7 @@ static void fb_set_logo_directpalette(struct fb_info *info, + greenshift = info->var.green.offset; + blueshift = info->var.blue.offset; + +- for (i = 32; i < logo->clutsize; i++) ++ for (i = 32; i < 32 + logo->clutsize; i++) + palette[i] = i << redshift | i << greenshift | i << blueshift; + } + +diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c +index a3765e0..763c1ea 100644 +--- a/drivers/watchdog/hpwdt.c ++++ b/drivers/watchdog/hpwdt.c +@@ -40,6 +40,7 @@ + #include + #include + #include ++#include + + #define PCI_BIOS32_SD_VALUE 0x5F32335F /* "_32_" */ + #define CRU_BIOS_SIGNATURE_VALUE 0x55524324 +@@ -394,6 +395,8 @@ static void __devinit dmi_find_cru(const struct dmi_header *dm) + smbios_cru64_ptr->double_offset; + cru_rom_addr = ioremap(cru_physical_address, + smbios_cru64_ptr->double_length); ++ set_memory_x((unsigned long)cru_rom_addr & PAGE_MASK, ++ smbios_cru64_ptr->double_length >> PAGE_SHIFT); + } + } + } +@@ -482,7 +485,7 @@ static int hpwdt_pretimeout(struct notifier_block *nb, unsigned long ulReason, + "Management Log for details.\n"); + } + +- return NOTIFY_STOP; ++ return NOTIFY_OK; + } + + /* +diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c +index 69a12aa..490e34b 100644 +--- a/fs/cifs/cifs_debug.c ++++ b/fs/cifs/cifs_debug.c +@@ -107,12 +107,13 @@ void cifs_dump_mids(struct TCP_Server_Info *server) + #ifdef CONFIG_PROC_FS + static int cifs_debug_data_proc_show(struct seq_file *m, void *v) + { +- struct list_head *tmp; +- struct list_head *tmp1; ++ struct list_head *tmp1, *tmp2, *tmp3; + struct mid_q_entry *mid_entry; ++ struct TCP_Server_Info *server; + struct cifsSesInfo *ses; + struct cifsTconInfo *tcon; +- int i; ++ int i, j; ++ __u32 dev_type; + + seq_puts(m, + "Display Internal CIFS Data Structures for Debugging\n" +@@ -122,46 +123,78 @@ static int cifs_debug_data_proc_show(struct seq_file *m, void *v) + seq_printf(m, "Servers:"); + + i = 0; +- read_lock(&GlobalSMBSeslock); +- list_for_each(tmp, &GlobalSMBSessionList) { ++ read_lock(&cifs_tcp_ses_lock); ++ list_for_each(tmp1, &cifs_tcp_ses_list) { ++ server = list_entry(tmp1, struct TCP_Server_Info, ++ tcp_ses_list); + i++; +- ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList); +- if ((ses->serverDomain == NULL) || (ses->serverOS == NULL) || +- (ses->serverNOS == NULL)) { +- seq_printf(m, "\nentry for %s not fully " +- "displayed\n\t", ses->serverName); +- } else { +- seq_printf(m, +- "\n%d) Name: %s Domain: %s Mounts: %d OS:" +- " %s \n\tNOS: %s\tCapability: 0x%x\n\tSMB" ++ list_for_each(tmp2, &server->smb_ses_list) { ++ ses = list_entry(tmp2, struct cifsSesInfo, ++ smb_ses_list); ++ if ((ses->serverDomain == NULL) || ++ (ses->serverOS == NULL) || ++ (ses->serverNOS == NULL)) { ++ seq_printf(m, "\n%d) entry for %s not fully " ++ "displayed\n\t", i, ses->serverName); ++ } else { ++ seq_printf(m, ++ "\n%d) Name: %s Domain: %s Uses: %d OS:" ++ " %s\n\tNOS: %s\tCapability: 0x%x\n\tSMB" + " session status: %d\t", + i, ses->serverName, ses->serverDomain, +- atomic_read(&ses->inUse), +- ses->serverOS, ses->serverNOS, ++ ses->ses_count, ses->serverOS, ses->serverNOS, + ses->capabilities, ses->status); +- } +- if (ses->server) { ++ } + seq_printf(m, "TCP status: %d\n\tLocal Users To " +- "Server: %d SecMode: 0x%x Req On Wire: %d", +- ses->server->tcpStatus, +- atomic_read(&ses->server->socketUseCount), +- ses->server->secMode, +- atomic_read(&ses->server->inFlight)); ++ "Server: %d SecMode: 0x%x Req On Wire: %d", ++ server->tcpStatus, server->srv_count, ++ server->secMode, ++ atomic_read(&server->inFlight)); + + #ifdef CONFIG_CIFS_STATS2 + seq_printf(m, " In Send: %d In MaxReq Wait: %d", +- atomic_read(&ses->server->inSend), +- atomic_read(&ses->server->num_waiters)); ++ atomic_read(&server->inSend), ++ atomic_read(&server->num_waiters)); + #endif + +- seq_puts(m, "\nMIDs:\n"); ++ seq_puts(m, "\n\tShares:"); ++ j = 0; ++ list_for_each(tmp3, &ses->tcon_list) { ++ tcon = list_entry(tmp3, struct cifsTconInfo, ++ tcon_list); ++ ++j; ++ dev_type = le32_to_cpu(tcon->fsDevInfo.DeviceType); ++ seq_printf(m, "\n\t%d) %s Mounts: %d ", j, ++ tcon->treeName, tcon->tc_count); ++ if (tcon->nativeFileSystem) { ++ seq_printf(m, "Type: %s ", ++ tcon->nativeFileSystem); ++ } ++ seq_printf(m, "DevInfo: 0x%x Attributes: 0x%x" ++ "\nPathComponentMax: %d Status: 0x%d", ++ le32_to_cpu(tcon->fsDevInfo.DeviceCharacteristics), ++ le32_to_cpu(tcon->fsAttrInfo.Attributes), ++ le32_to_cpu(tcon->fsAttrInfo.MaxPathNameComponentLength), ++ tcon->tidStatus); ++ if (dev_type == FILE_DEVICE_DISK) ++ seq_puts(m, " type: DISK "); ++ else if (dev_type == FILE_DEVICE_CD_ROM) ++ seq_puts(m, " type: CDROM "); ++ else ++ seq_printf(m, " type: %d ", dev_type); ++ ++ if (tcon->need_reconnect) ++ seq_puts(m, "\tDISCONNECTED "); ++ seq_putc(m, '\n'); ++ } ++ ++ seq_puts(m, "\n\tMIDs:\n"); + + spin_lock(&GlobalMid_Lock); +- list_for_each(tmp1, &ses->server->pending_mid_q) { +- mid_entry = list_entry(tmp1, struct +- mid_q_entry, ++ list_for_each(tmp3, &server->pending_mid_q) { ++ mid_entry = list_entry(tmp3, struct mid_q_entry, + qhead); +- seq_printf(m, "State: %d com: %d pid:" ++ seq_printf(m, "\tState: %d com: %d pid:" + " %d tsk: %p mid %d\n", + mid_entry->midState, + (int)mid_entry->command, +@@ -171,44 +204,8 @@ static int cifs_debug_data_proc_show(struct seq_file *m, void *v) + } + spin_unlock(&GlobalMid_Lock); + } +- +- } +- read_unlock(&GlobalSMBSeslock); +- seq_putc(m, '\n'); +- +- seq_puts(m, "Shares:"); +- +- i = 0; +- read_lock(&GlobalSMBSeslock); +- list_for_each(tmp, &GlobalTreeConnectionList) { +- __u32 dev_type; +- i++; +- tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList); +- dev_type = le32_to_cpu(tcon->fsDevInfo.DeviceType); +- seq_printf(m, "\n%d) %s Uses: %d ", i, +- tcon->treeName, atomic_read(&tcon->useCount)); +- if (tcon->nativeFileSystem) { +- seq_printf(m, "Type: %s ", +- tcon->nativeFileSystem); +- } +- seq_printf(m, "DevInfo: 0x%x Attributes: 0x%x" +- "\nPathComponentMax: %d Status: %d", +- le32_to_cpu(tcon->fsDevInfo.DeviceCharacteristics), +- le32_to_cpu(tcon->fsAttrInfo.Attributes), +- le32_to_cpu(tcon->fsAttrInfo.MaxPathNameComponentLength), +- tcon->tidStatus); +- if (dev_type == FILE_DEVICE_DISK) +- seq_puts(m, " type: DISK "); +- else if (dev_type == FILE_DEVICE_CD_ROM) +- seq_puts(m, " type: CDROM "); +- else +- seq_printf(m, " type: %d ", dev_type); +- +- if (tcon->tidStatus == CifsNeedReconnect) +- seq_puts(m, "\tDISCONNECTED "); + } +- read_unlock(&GlobalSMBSeslock); +- ++ read_unlock(&cifs_tcp_ses_lock); + seq_putc(m, '\n'); + + /* BB add code to dump additional info such as TCP session info now */ +@@ -234,7 +231,9 @@ static ssize_t cifs_stats_proc_write(struct file *file, + { + char c; + int rc; +- struct list_head *tmp; ++ struct list_head *tmp1, *tmp2, *tmp3; ++ struct TCP_Server_Info *server; ++ struct cifsSesInfo *ses; + struct cifsTconInfo *tcon; + + rc = get_user(c, buffer); +@@ -242,33 +241,42 @@ static ssize_t cifs_stats_proc_write(struct file *file, + return rc; + + if (c == '1' || c == 'y' || c == 'Y' || c == '0') { +- read_lock(&GlobalSMBSeslock); + #ifdef CONFIG_CIFS_STATS2 + atomic_set(&totBufAllocCount, 0); + atomic_set(&totSmBufAllocCount, 0); + #endif /* CONFIG_CIFS_STATS2 */ +- list_for_each(tmp, &GlobalTreeConnectionList) { +- tcon = list_entry(tmp, struct cifsTconInfo, +- cifsConnectionList); +- atomic_set(&tcon->num_smbs_sent, 0); +- atomic_set(&tcon->num_writes, 0); +- atomic_set(&tcon->num_reads, 0); +- atomic_set(&tcon->num_oplock_brks, 0); +- atomic_set(&tcon->num_opens, 0); +- atomic_set(&tcon->num_closes, 0); +- atomic_set(&tcon->num_deletes, 0); +- atomic_set(&tcon->num_mkdirs, 0); +- atomic_set(&tcon->num_rmdirs, 0); +- atomic_set(&tcon->num_renames, 0); +- atomic_set(&tcon->num_t2renames, 0); +- atomic_set(&tcon->num_ffirst, 0); +- atomic_set(&tcon->num_fnext, 0); +- atomic_set(&tcon->num_fclose, 0); +- atomic_set(&tcon->num_hardlinks, 0); +- atomic_set(&tcon->num_symlinks, 0); +- atomic_set(&tcon->num_locks, 0); ++ read_lock(&cifs_tcp_ses_lock); ++ list_for_each(tmp1, &cifs_tcp_ses_list) { ++ server = list_entry(tmp1, struct TCP_Server_Info, ++ tcp_ses_list); ++ list_for_each(tmp2, &server->smb_ses_list) { ++ ses = list_entry(tmp2, struct cifsSesInfo, ++ smb_ses_list); ++ list_for_each(tmp3, &ses->tcon_list) { ++ tcon = list_entry(tmp3, ++ struct cifsTconInfo, ++ tcon_list); ++ atomic_set(&tcon->num_smbs_sent, 0); ++ atomic_set(&tcon->num_writes, 0); ++ atomic_set(&tcon->num_reads, 0); ++ atomic_set(&tcon->num_oplock_brks, 0); ++ atomic_set(&tcon->num_opens, 0); ++ atomic_set(&tcon->num_closes, 0); ++ atomic_set(&tcon->num_deletes, 0); ++ atomic_set(&tcon->num_mkdirs, 0); ++ atomic_set(&tcon->num_rmdirs, 0); ++ atomic_set(&tcon->num_renames, 0); ++ atomic_set(&tcon->num_t2renames, 0); ++ atomic_set(&tcon->num_ffirst, 0); ++ atomic_set(&tcon->num_fnext, 0); ++ atomic_set(&tcon->num_fclose, 0); ++ atomic_set(&tcon->num_hardlinks, 0); ++ atomic_set(&tcon->num_symlinks, 0); ++ atomic_set(&tcon->num_locks, 0); ++ } ++ } + } +- read_unlock(&GlobalSMBSeslock); ++ read_unlock(&cifs_tcp_ses_lock); + } + + return count; +@@ -277,7 +285,9 @@ static ssize_t cifs_stats_proc_write(struct file *file, + static int cifs_stats_proc_show(struct seq_file *m, void *v) + { + int i; +- struct list_head *tmp; ++ struct list_head *tmp1, *tmp2, *tmp3; ++ struct TCP_Server_Info *server; ++ struct cifsSesInfo *ses; + struct cifsTconInfo *tcon; + + seq_printf(m, +@@ -306,44 +316,55 @@ static int cifs_stats_proc_show(struct seq_file *m, void *v) + GlobalCurrentXid, GlobalMaxActiveXid); + + i = 0; +- read_lock(&GlobalSMBSeslock); +- list_for_each(tmp, &GlobalTreeConnectionList) { +- i++; +- tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList); +- seq_printf(m, "\n%d) %s", i, tcon->treeName); +- if (tcon->tidStatus == CifsNeedReconnect) +- seq_puts(m, "\tDISCONNECTED "); +- seq_printf(m, "\nSMBs: %d Oplock Breaks: %d", +- atomic_read(&tcon->num_smbs_sent), +- atomic_read(&tcon->num_oplock_brks)); +- seq_printf(m, "\nReads: %d Bytes: %lld", +- atomic_read(&tcon->num_reads), +- (long long)(tcon->bytes_read)); +- seq_printf(m, "\nWrites: %d Bytes: %lld", +- atomic_read(&tcon->num_writes), +- (long long)(tcon->bytes_written)); +- seq_printf(m, +- "\nLocks: %d HardLinks: %d Symlinks: %d", +- atomic_read(&tcon->num_locks), +- atomic_read(&tcon->num_hardlinks), +- atomic_read(&tcon->num_symlinks)); +- +- seq_printf(m, "\nOpens: %d Closes: %d Deletes: %d", +- atomic_read(&tcon->num_opens), +- atomic_read(&tcon->num_closes), +- atomic_read(&tcon->num_deletes)); +- seq_printf(m, "\nMkdirs: %d Rmdirs: %d", +- atomic_read(&tcon->num_mkdirs), +- atomic_read(&tcon->num_rmdirs)); +- seq_printf(m, "\nRenames: %d T2 Renames %d", +- atomic_read(&tcon->num_renames), +- atomic_read(&tcon->num_t2renames)); +- seq_printf(m, "\nFindFirst: %d FNext %d FClose %d", +- atomic_read(&tcon->num_ffirst), +- atomic_read(&tcon->num_fnext), +- atomic_read(&tcon->num_fclose)); ++ read_lock(&cifs_tcp_ses_lock); ++ list_for_each(tmp1, &cifs_tcp_ses_list) { ++ server = list_entry(tmp1, struct TCP_Server_Info, ++ tcp_ses_list); ++ list_for_each(tmp2, &server->smb_ses_list) { ++ ses = list_entry(tmp2, struct cifsSesInfo, ++ smb_ses_list); ++ list_for_each(tmp3, &ses->tcon_list) { ++ tcon = list_entry(tmp3, ++ struct cifsTconInfo, ++ tcon_list); ++ i++; ++ seq_printf(m, "\n%d) %s", i, tcon->treeName); ++ if (tcon->need_reconnect) ++ seq_puts(m, "\tDISCONNECTED "); ++ seq_printf(m, "\nSMBs: %d Oplock Breaks: %d", ++ atomic_read(&tcon->num_smbs_sent), ++ atomic_read(&tcon->num_oplock_brks)); ++ seq_printf(m, "\nReads: %d Bytes: %lld", ++ atomic_read(&tcon->num_reads), ++ (long long)(tcon->bytes_read)); ++ seq_printf(m, "\nWrites: %d Bytes: %lld", ++ atomic_read(&tcon->num_writes), ++ (long long)(tcon->bytes_written)); ++ seq_printf(m, "\nLocks: %d HardLinks: %d " ++ "Symlinks: %d", ++ atomic_read(&tcon->num_locks), ++ atomic_read(&tcon->num_hardlinks), ++ atomic_read(&tcon->num_symlinks)); ++ seq_printf(m, "\nOpens: %d Closes: %d" ++ "Deletes: %d", ++ atomic_read(&tcon->num_opens), ++ atomic_read(&tcon->num_closes), ++ atomic_read(&tcon->num_deletes)); ++ seq_printf(m, "\nMkdirs: %d Rmdirs: %d", ++ atomic_read(&tcon->num_mkdirs), ++ atomic_read(&tcon->num_rmdirs)); ++ seq_printf(m, "\nRenames: %d T2 Renames %d", ++ atomic_read(&tcon->num_renames), ++ atomic_read(&tcon->num_t2renames)); ++ seq_printf(m, "\nFindFirst: %d FNext %d " ++ "FClose %d", ++ atomic_read(&tcon->num_ffirst), ++ atomic_read(&tcon->num_fnext), ++ atomic_read(&tcon->num_fclose)); ++ } ++ } + } +- read_unlock(&GlobalSMBSeslock); ++ read_unlock(&cifs_tcp_ses_lock); + + seq_putc(m, '\n'); + return 0; +diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c +index 117ef4b..d0758b2 100644 +--- a/fs/cifs/cifs_spnego.c ++++ b/fs/cifs/cifs_spnego.c +@@ -70,7 +70,8 @@ struct key_type cifs_spnego_key_type = { + strlen("ver=0xFF") */ + #define MAX_MECH_STR_LEN 13 /* length of longest security mechanism name, eg + in future could have strlen(";sec=ntlmsspi") */ +-#define MAX_IPV6_ADDR_LEN 42 /* eg FEDC:BA98:7654:3210:FEDC:BA98:7654:3210/60 */ ++/* max possible addr len eg FEDC:BA98:7654:3210:FEDC:BA98:7654:3210/128 */ ++#define MAX_IPV6_ADDR_LEN 43 + /* get a key struct with a SPNEGO security blob, suitable for session setup */ + struct key * + cifs_get_spnego_key(struct cifsSesInfo *sesInfo) +diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c +index 25ecbd5..2fcc66c 100644 +--- a/fs/cifs/cifsfs.c ++++ b/fs/cifs/cifsfs.c +@@ -510,10 +510,11 @@ static void cifs_umount_begin(struct super_block *sb) + tcon = cifs_sb->tcon; + if (tcon == NULL) + return; +- down(&tcon->tconSem); +- if (atomic_read(&tcon->useCount) == 1) ++ ++ read_lock(&cifs_tcp_ses_lock); ++ if (tcon->tc_count == 1) + tcon->tidStatus = CifsExiting; +- up(&tcon->tconSem); ++ read_unlock(&cifs_tcp_ses_lock); + + /* cancel_brl_requests(tcon); */ /* BB mark all brl mids as exiting */ + /* cancel_notify_requests(tcon); */ +@@ -967,7 +968,7 @@ static int cifs_oplock_thread(void *dummyarg) + not bother sending an oplock release if session + to server still is disconnected since oplock + already released by the server in that case */ +- if (pTcon->tidStatus != CifsNeedReconnect) { ++ if (!pTcon->need_reconnect) { + rc = CIFSSMBLock(0, pTcon, netfid, + 0 /* len */ , 0 /* offset */, 0, + 0, LOCKING_ANDX_OPLOCK_RELEASE, +@@ -985,24 +986,24 @@ static int cifs_oplock_thread(void *dummyarg) + static int cifs_dnotify_thread(void *dummyarg) + { + struct list_head *tmp; +- struct cifsSesInfo *ses; ++ struct TCP_Server_Info *server; + + do { + if (try_to_freeze()) + continue; + set_current_state(TASK_INTERRUPTIBLE); + schedule_timeout(15*HZ); +- read_lock(&GlobalSMBSeslock); + /* check if any stuck requests that need + to be woken up and wakeq so the + thread can wake up and error out */ +- list_for_each(tmp, &GlobalSMBSessionList) { +- ses = list_entry(tmp, struct cifsSesInfo, +- cifsSessionList); +- if (ses->server && atomic_read(&ses->server->inFlight)) +- wake_up_all(&ses->server->response_q); ++ read_lock(&cifs_tcp_ses_lock); ++ list_for_each(tmp, &cifs_tcp_ses_list) { ++ server = list_entry(tmp, struct TCP_Server_Info, ++ tcp_ses_list); ++ if (atomic_read(&server->inFlight)) ++ wake_up_all(&server->response_q); + } +- read_unlock(&GlobalSMBSeslock); ++ read_unlock(&cifs_tcp_ses_lock); + } while (!kthread_should_stop()); + + return 0; +@@ -1013,9 +1014,7 @@ init_cifs(void) + { + int rc = 0; + cifs_proc_init(); +-/* INIT_LIST_HEAD(&GlobalServerList);*/ /* BB not implemented yet */ +- INIT_LIST_HEAD(&GlobalSMBSessionList); +- INIT_LIST_HEAD(&GlobalTreeConnectionList); ++ INIT_LIST_HEAD(&cifs_tcp_ses_list); + INIT_LIST_HEAD(&GlobalOplock_Q); + #ifdef CONFIG_CIFS_EXPERIMENTAL + INIT_LIST_HEAD(&GlobalDnotifyReqList); +@@ -1043,6 +1042,7 @@ init_cifs(void) + GlobalMaxActiveXid = 0; + memset(Local_System_Name, 0, 15); + rwlock_init(&GlobalSMBSeslock); ++ rwlock_init(&cifs_tcp_ses_lock); + spin_lock_init(&GlobalMid_Lock); + + if (cifs_max_pending < 2) { +diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h +index 0d22479..1ae6314 100644 +--- a/fs/cifs/cifsglob.h ++++ b/fs/cifs/cifsglob.h +@@ -85,8 +85,7 @@ enum securityEnum { + }; + + enum protocolEnum { +- IPV4 = 0, +- IPV6, ++ TCP = 0, + SCTP + /* Netbios frames protocol not supported at this time */ + }; +@@ -122,6 +121,9 @@ struct cifs_cred { + */ + + struct TCP_Server_Info { ++ struct list_head tcp_ses_list; ++ struct list_head smb_ses_list; ++ int srv_count; /* reference counter */ + /* 15 character server name + 0x20 16th byte indicating type = srv */ + char server_RFC1001_name[SERVER_NAME_LEN_WITH_NULL]; + char unicode_server_Name[SERVER_NAME_LEN_WITH_NULL * 2]; +@@ -141,7 +143,8 @@ struct TCP_Server_Info { + char versionMajor; + char versionMinor; + bool svlocal:1; /* local server or remote */ +- atomic_t socketUseCount; /* number of open cifs sessions on socket */ ++ bool noblocksnd; /* use blocking sendmsg */ ++ bool noautotune; /* do not autotune send buf sizes */ + atomic_t inFlight; /* number of requests on the wire to server */ + #ifdef CONFIG_CIFS_STATS2 + atomic_t inSend; /* requests trying to send */ +@@ -192,13 +195,14 @@ struct cifsUidInfo { + * Session structure. One of these for each uid session with a particular host + */ + struct cifsSesInfo { +- struct list_head cifsSessionList; ++ struct list_head smb_ses_list; ++ struct list_head tcon_list; + struct semaphore sesSem; + #if 0 + struct cifsUidInfo *uidInfo; /* pointer to user info */ + #endif + struct TCP_Server_Info *server; /* pointer to server info */ +- atomic_t inUse; /* # of mounts (tree connections) on this ses */ ++ int ses_count; /* reference counter */ + enum statusEnum status; + unsigned overrideSecFlg; /* if non-zero override global sec flags */ + __u16 ipc_tid; /* special tid for connection to IPC share */ +@@ -214,6 +218,7 @@ struct cifsSesInfo { + char userName[MAX_USERNAME_SIZE + 1]; + char *domainName; + char *password; ++ bool need_reconnect:1; /* connection reset, uid now invalid */ + }; + /* no more than one of the following three session flags may be set */ + #define CIFS_SES_NT4 1 +@@ -228,16 +233,15 @@ struct cifsSesInfo { + * session + */ + struct cifsTconInfo { +- struct list_head cifsConnectionList; ++ struct list_head tcon_list; ++ int tc_count; + struct list_head openFileList; +- struct semaphore tconSem; + struct cifsSesInfo *ses; /* pointer to session associated with */ + char treeName[MAX_TREE_SIZE + 1]; /* UNC name of resource in ASCII */ + char *nativeFileSystem; + __u16 tid; /* The 2 byte tree id */ + __u16 Flags; /* optional support bits */ + enum statusEnum tidStatus; +- atomic_t useCount; /* how many explicit/implicit mounts to share */ + #ifdef CONFIG_CIFS_STATS + atomic_t num_smbs_sent; + atomic_t num_writes; +@@ -285,6 +289,7 @@ struct cifsTconInfo { + bool seal:1; /* transport encryption for this mounted share */ + bool unix_ext:1; /* if false disable Linux extensions to CIFS protocol + for this mount even if server would support */ ++ bool need_reconnect:1; /* connection reset, tid now invalid */ + /* BB add field for back pointer to sb struct(s)? */ + }; + +@@ -584,21 +589,21 @@ require use of the stronger protocol */ + #endif + + /* +- * The list of servers that did not respond with NT LM 0.12. +- * This list helps improve performance and eliminate the messages indicating +- * that we had a communications error talking to the server in this list. ++ * the list of TCP_Server_Info structures, ie each of the sockets ++ * connecting our client to a distinct server (ip address), is ++ * chained together by cifs_tcp_ses_list. The list of all our SMB ++ * sessions (and from that the tree connections) can be found ++ * by iterating over cifs_tcp_ses_list + */ +-/* Feature not supported */ +-/* GLOBAL_EXTERN struct servers_not_supported *NotSuppList; */ ++GLOBAL_EXTERN struct list_head cifs_tcp_ses_list; + + /* +- * The following is a hash table of all the users we know about. ++ * This lock protects the cifs_tcp_ses_list, the list of smb sessions per ++ * tcp session, and the list of tcon's per smb session. It also protects ++ * the reference counters for the server, smb session, and tcon. Finally, ++ * changes to the tcon->tidStatus should be done while holding this lock. + */ +-GLOBAL_EXTERN struct smbUidInfo *GlobalUidList[UID_HASH]; +- +-/* GLOBAL_EXTERN struct list_head GlobalServerList; BB not implemented yet */ +-GLOBAL_EXTERN struct list_head GlobalSMBSessionList; +-GLOBAL_EXTERN struct list_head GlobalTreeConnectionList; ++GLOBAL_EXTERN rwlock_t cifs_tcp_ses_lock; + GLOBAL_EXTERN rwlock_t GlobalSMBSeslock; /* protects list inserts on 3 above */ + + GLOBAL_EXTERN struct list_head GlobalOplock_Q; +diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h +index a729d08..ca91f16 100644 +--- a/fs/cifs/cifsproto.h ++++ b/fs/cifs/cifsproto.h +@@ -36,7 +36,7 @@ extern void cifs_buf_release(void *); + extern struct smb_hdr *cifs_small_buf_get(void); + extern void cifs_small_buf_release(void *); + extern int smb_send(struct socket *, struct smb_hdr *, +- unsigned int /* length */ , struct sockaddr *); ++ unsigned int /* length */ , struct sockaddr *, bool); + extern unsigned int _GetXid(void); + extern void _FreeXid(unsigned int); + #define GetXid() (int)_GetXid(); cFYI(1,("CIFS VFS: in %s as Xid: %d with uid: %d",__func__, xid,current->fsuid)); +diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c +index 77a0d1f..8f0f86d 100644 +--- a/fs/cifs/cifssmb.c ++++ b/fs/cifs/cifssmb.c +@@ -190,10 +190,10 @@ small_smb_init(int smb_command, int wct, struct cifsTconInfo *tcon, + /* need to prevent multiple threads trying to + simultaneously reconnect the same SMB session */ + down(&tcon->ses->sesSem); +- if (tcon->ses->status == CifsNeedReconnect) ++ if (tcon->ses->need_reconnect) + rc = cifs_setup_session(0, tcon->ses, + nls_codepage); +- if (!rc && (tcon->tidStatus == CifsNeedReconnect)) { ++ if (!rc && (tcon->need_reconnect)) { + mark_open_files_invalid(tcon); + rc = CIFSTCon(0, tcon->ses, tcon->treeName, + tcon, nls_codepage); +@@ -337,10 +337,10 @@ smb_init(int smb_command, int wct, struct cifsTconInfo *tcon, + /* need to prevent multiple threads trying to + simultaneously reconnect the same SMB session */ + down(&tcon->ses->sesSem); +- if (tcon->ses->status == CifsNeedReconnect) ++ if (tcon->ses->need_reconnect) + rc = cifs_setup_session(0, tcon->ses, + nls_codepage); +- if (!rc && (tcon->tidStatus == CifsNeedReconnect)) { ++ if (!rc && (tcon->need_reconnect)) { + mark_open_files_invalid(tcon); + rc = CIFSTCon(0, tcon->ses, tcon->treeName, + tcon, nls_codepage); +@@ -664,8 +664,9 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) + rc = -EIO; + goto neg_err_exit; + } +- +- if (server->socketUseCount.counter > 1) { ++ read_lock(&cifs_tcp_ses_lock); ++ if (server->srv_count > 1) { ++ read_unlock(&cifs_tcp_ses_lock); + if (memcmp(server->server_GUID, + pSMBr->u.extended_response. + GUID, 16) != 0) { +@@ -674,9 +675,11 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) + pSMBr->u.extended_response.GUID, + 16); + } +- } else ++ } else { ++ read_unlock(&cifs_tcp_ses_lock); + memcpy(server->server_GUID, + pSMBr->u.extended_response.GUID, 16); ++ } + + if (count == 16) { + server->secType = RawNTLMSSP; +@@ -739,50 +742,31 @@ CIFSSMBTDis(const int xid, struct cifsTconInfo *tcon) + int rc = 0; + + cFYI(1, ("In tree disconnect")); +- /* +- * If last user of the connection and +- * connection alive - disconnect it +- * If this is the last connection on the server session disconnect it +- * (and inside session disconnect we should check if tcp socket needs +- * to be freed and kernel thread woken up). +- */ +- if (tcon) +- down(&tcon->tconSem); +- else +- return -EIO; + +- atomic_dec(&tcon->useCount); +- if (atomic_read(&tcon->useCount) > 0) { +- up(&tcon->tconSem); +- return -EBUSY; +- } ++ /* BB: do we need to check this? These should never be NULL. */ ++ if ((tcon->ses == NULL) || (tcon->ses->server == NULL)) ++ return -EIO; + +- /* No need to return error on this operation if tid invalidated and +- closed on server already e.g. due to tcp session crashing */ +- if (tcon->tidStatus == CifsNeedReconnect) { +- up(&tcon->tconSem); ++ /* ++ * No need to return error on this operation if tid invalidated and ++ * closed on server already e.g. due to tcp session crashing. Also, ++ * the tcon is no longer on the list, so no need to take lock before ++ * checking this. ++ */ ++ if (tcon->need_reconnect) + return 0; +- } + +- if ((tcon->ses == NULL) || (tcon->ses->server == NULL)) { +- up(&tcon->tconSem); +- return -EIO; +- } + rc = small_smb_init(SMB_COM_TREE_DISCONNECT, 0, tcon, + (void **)&smb_buffer); +- if (rc) { +- up(&tcon->tconSem); ++ if (rc) + return rc; +- } + + rc = SendReceiveNoRsp(xid, tcon->ses, smb_buffer, 0); + if (rc) + cFYI(1, ("Tree disconnect failed %d", rc)); + +- up(&tcon->tconSem); +- + /* No need to return error on this operation if tid invalidated and +- closed on server already e.g. due to tcp session crashing */ ++ closed on server already e.g. due to tcp session crashing */ + if (rc == -EAGAIN) + rc = 0; + +@@ -796,43 +780,36 @@ CIFSSMBLogoff(const int xid, struct cifsSesInfo *ses) + int rc = 0; + + cFYI(1, ("In SMBLogoff for session disconnect")); +- if (ses) +- down(&ses->sesSem); +- else ++ ++ /* ++ * BB: do we need to check validity of ses and server? They should ++ * always be valid since we have an active reference. If not, that ++ * should probably be a BUG() ++ */ ++ if (!ses || !ses->server) + return -EIO; + +- atomic_dec(&ses->inUse); +- if (atomic_read(&ses->inUse) > 0) { +- up(&ses->sesSem); +- return -EBUSY; +- } ++ down(&ses->sesSem); ++ if (ses->need_reconnect) ++ goto session_already_dead; /* no need to send SMBlogoff if uid ++ already closed due to reconnect */ + rc = small_smb_init(SMB_COM_LOGOFF_ANDX, 2, NULL, (void **)&pSMB); + if (rc) { + up(&ses->sesSem); + return rc; + } + +- if (ses->server) { +- pSMB->hdr.Mid = GetNextMid(ses->server); ++ pSMB->hdr.Mid = GetNextMid(ses->server); + +- if (ses->server->secMode & ++ if (ses->server->secMode & + (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) + pSMB->hdr.Flags2 |= SMBFLG2_SECURITY_SIGNATURE; +- } + + pSMB->hdr.Uid = ses->Suid; + + pSMB->AndXCommand = 0xFF; + rc = SendReceiveNoRsp(xid, ses, (struct smb_hdr *) pSMB, 0); +- if (ses->server) { +- atomic_dec(&ses->server->socketUseCount); +- if (atomic_read(&ses->server->socketUseCount) == 0) { +- spin_lock(&GlobalMid_Lock); +- ses->server->tcpStatus = CifsExiting; +- spin_unlock(&GlobalMid_Lock); +- rc = -ESHUTDOWN; +- } +- } ++session_already_dead: + up(&ses->sesSem); + + /* if session dead then we do not need to do ulogoff, +@@ -1534,7 +1511,7 @@ CIFSSMBWrite(const int xid, struct cifsTconInfo *tcon, + __u32 bytes_sent; + __u16 byte_count; + +- /* cFYI(1,("write at %lld %d bytes",offset,count));*/ ++ /* cFYI(1, ("write at %lld %d bytes",offset,count));*/ + if (tcon->ses == NULL) + return -ECONNABORTED; + +diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c +index 4c13bcd..6e2be4a 100644 +--- a/fs/cifs/connect.c ++++ b/fs/cifs/connect.c +@@ -90,6 +90,8 @@ struct smb_vol { + bool nocase:1; /* request case insensitive filenames */ + bool nobrl:1; /* disable sending byte range locks to srv */ + bool seal:1; /* request transport encryption on share */ ++ bool noblocksnd:1; ++ bool noautotune:1; + unsigned int rsize; + unsigned int wsize; + unsigned int sockopt; +@@ -100,9 +102,11 @@ struct smb_vol { + static int ipv4_connect(struct sockaddr_in *psin_server, + struct socket **csocket, + char *netb_name, +- char *server_netb_name); ++ char *server_netb_name, ++ bool noblocksnd, ++ bool nosndbuf); /* ipv6 never set sndbuf size */ + static int ipv6_connect(struct sockaddr_in6 *psin_server, +- struct socket **csocket); ++ struct socket **csocket, bool noblocksnd); + + + /* +@@ -118,7 +122,7 @@ static int + cifs_reconnect(struct TCP_Server_Info *server) + { + int rc = 0; +- struct list_head *tmp; ++ struct list_head *tmp, *tmp2; + struct cifsSesInfo *ses; + struct cifsTconInfo *tcon; + struct mid_q_entry *mid_entry; +@@ -138,23 +142,17 @@ cifs_reconnect(struct TCP_Server_Info *server) + + /* before reconnecting the tcp session, mark the smb session (uid) + and the tid bad so they are not used until reconnected */ +- read_lock(&GlobalSMBSeslock); +- list_for_each(tmp, &GlobalSMBSessionList) { +- ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList); +- if (ses->server) { +- if (ses->server == server) { +- ses->status = CifsNeedReconnect; +- ses->ipc_tid = 0; +- } ++ read_lock(&cifs_tcp_ses_lock); ++ list_for_each(tmp, &server->smb_ses_list) { ++ ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list); ++ ses->need_reconnect = true; ++ ses->ipc_tid = 0; ++ list_for_each(tmp2, &ses->tcon_list) { ++ tcon = list_entry(tmp2, struct cifsTconInfo, tcon_list); ++ tcon->need_reconnect = true; + } +- /* else tcp and smb sessions need reconnection */ +- } +- list_for_each(tmp, &GlobalTreeConnectionList) { +- tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList); +- if ((tcon->ses) && (tcon->ses->server == server)) +- tcon->tidStatus = CifsNeedReconnect; + } +- read_unlock(&GlobalSMBSeslock); ++ read_unlock(&cifs_tcp_ses_lock); + /* do not want to be sending data on a socket we are freeing */ + down(&server->tcpSem); + if (server->ssocket) { +@@ -186,14 +184,15 @@ cifs_reconnect(struct TCP_Server_Info *server) + + while ((!kthread_should_stop()) && (server->tcpStatus != CifsGood)) { + try_to_freeze(); +- if (server->protocolType == IPV6) { ++ if (server->addr.sockAddr6.sin6_family == AF_INET6) { + rc = ipv6_connect(&server->addr.sockAddr6, +- &server->ssocket); ++ &server->ssocket, server->noautotune); + } else { + rc = ipv4_connect(&server->addr.sockAddr, + &server->ssocket, + server->workstation_RFC1001_name, +- server->server_RFC1001_name); ++ server->server_RFC1001_name, ++ server->noblocksnd, server->noautotune); + } + if (rc) { + cFYI(1, ("reconnect error %d", rc)); +@@ -409,8 +408,14 @@ incomplete_rcv: + msleep(1); /* minimum sleep to prevent looping + allowing socket to clear and app threads to set + tcpStatus CifsNeedReconnect if server hung */ +- if (pdu_length < 4) ++ if (pdu_length < 4) { ++ iov.iov_base = (4 - pdu_length) + ++ (char *)smb_buffer; ++ iov.iov_len = pdu_length; ++ smb_msg.msg_control = NULL; ++ smb_msg.msg_controllen = 0; + goto incomplete_rcv; ++ } + else + continue; + } else if (length <= 0) { +@@ -646,6 +651,11 @@ multi_t2_fnd: + } + } /* end while !EXITING */ + ++ /* take it off the list, if it's not already */ ++ write_lock(&cifs_tcp_ses_lock); ++ list_del_init(&server->tcp_ses_list); ++ write_unlock(&cifs_tcp_ses_lock); ++ + spin_lock(&GlobalMid_Lock); + server->tcpStatus = CifsExiting; + spin_unlock(&GlobalMid_Lock); +@@ -686,29 +696,29 @@ multi_t2_fnd: + if (smallbuf) /* no sense logging a debug message if NULL */ + cifs_small_buf_release(smallbuf); + +- read_lock(&GlobalSMBSeslock); ++ /* ++ * BB: we shouldn't have to do any of this. It shouldn't be ++ * possible to exit from the thread with active SMB sessions ++ */ ++ read_lock(&cifs_tcp_ses_lock); + if (list_empty(&server->pending_mid_q)) { + /* loop through server session structures attached to this and + mark them dead */ +- list_for_each(tmp, &GlobalSMBSessionList) { +- ses = +- list_entry(tmp, struct cifsSesInfo, +- cifsSessionList); +- if (ses->server == server) { +- ses->status = CifsExiting; +- ses->server = NULL; +- } ++ list_for_each(tmp, &server->smb_ses_list) { ++ ses = list_entry(tmp, struct cifsSesInfo, ++ smb_ses_list); ++ ses->status = CifsExiting; ++ ses->server = NULL; + } +- read_unlock(&GlobalSMBSeslock); ++ read_unlock(&cifs_tcp_ses_lock); + } else { + /* although we can not zero the server struct pointer yet, + since there are active requests which may depnd on them, + mark the corresponding SMB sessions as exiting too */ +- list_for_each(tmp, &GlobalSMBSessionList) { ++ list_for_each(tmp, &server->smb_ses_list) { + ses = list_entry(tmp, struct cifsSesInfo, +- cifsSessionList); +- if (ses->server == server) +- ses->status = CifsExiting; ++ smb_ses_list); ++ ses->status = CifsExiting; + } + + spin_lock(&GlobalMid_Lock); +@@ -723,7 +733,7 @@ multi_t2_fnd: + } + } + spin_unlock(&GlobalMid_Lock); +- read_unlock(&GlobalSMBSeslock); ++ read_unlock(&cifs_tcp_ses_lock); + /* 1/8th of sec is more than enough time for them to exit */ + msleep(125); + } +@@ -745,14 +755,13 @@ multi_t2_fnd: + if there are any pointing to this (e.g + if a crazy root user tried to kill cifsd + kernel thread explicitly this might happen) */ +- write_lock(&GlobalSMBSeslock); +- list_for_each(tmp, &GlobalSMBSessionList) { +- ses = list_entry(tmp, struct cifsSesInfo, +- cifsSessionList); +- if (ses->server == server) +- ses->server = NULL; ++ /* BB: This shouldn't be necessary, see above */ ++ read_lock(&cifs_tcp_ses_lock); ++ list_for_each(tmp, &server->smb_ses_list) { ++ ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list); ++ ses->server = NULL; + } +- write_unlock(&GlobalSMBSeslock); ++ read_unlock(&cifs_tcp_ses_lock); + + kfree(server->hostname); + kfree(server); +@@ -1186,6 +1195,10 @@ cifs_parse_mount_options(char *options, const char *devname, + /* ignore */ + } else if (strnicmp(data, "rw", 2) == 0) { + vol->rw = true; ++ } else if (strnicmp(data, "noblocksnd", 11) == 0) { ++ vol->noblocksnd = true; ++ } else if (strnicmp(data, "noautotune", 10) == 0) { ++ vol->noautotune = true; + } else if ((strnicmp(data, "suid", 4) == 0) || + (strnicmp(data, "nosuid", 6) == 0) || + (strnicmp(data, "exec", 4) == 0) || +@@ -1331,94 +1344,158 @@ cifs_parse_mount_options(char *options, const char *devname, + return 0; + } + +-static struct cifsSesInfo * +-cifs_find_tcp_session(struct in_addr *target_ip_addr, +- struct in6_addr *target_ip6_addr, +- char *userName, struct TCP_Server_Info **psrvTcp) ++static struct TCP_Server_Info * ++cifs_find_tcp_session(struct sockaddr *addr) + { + struct list_head *tmp; +- struct cifsSesInfo *ses; +- +- *psrvTcp = NULL; ++ struct TCP_Server_Info *server; ++ struct sockaddr_in *addr4 = (struct sockaddr_in *) addr; ++ struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) addr; ++ ++ write_lock(&cifs_tcp_ses_lock); ++ list_for_each(tmp, &cifs_tcp_ses_list) { ++ server = list_entry(tmp, struct TCP_Server_Info, ++ tcp_ses_list); ++ /* ++ * the demux thread can exit on its own while still in CifsNew ++ * so don't accept any sockets in that state. Since the ++ * tcpStatus never changes back to CifsNew it's safe to check ++ * for this without a lock. ++ */ ++ if (server->tcpStatus == CifsNew) ++ continue; + +- read_lock(&GlobalSMBSeslock); +- list_for_each(tmp, &GlobalSMBSessionList) { +- ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList); +- if (!ses->server) ++ if (addr->sa_family == AF_INET && ++ (addr4->sin_addr.s_addr != ++ server->addr.sockAddr.sin_addr.s_addr)) ++ continue; ++ else if (addr->sa_family == AF_INET6 && ++ memcmp(&server->addr.sockAddr6.sin6_addr, ++ &addr6->sin6_addr, sizeof(addr6->sin6_addr))) + continue; + +- if (target_ip_addr && +- ses->server->addr.sockAddr.sin_addr.s_addr != target_ip_addr->s_addr) +- continue; +- else if (target_ip6_addr && +- memcmp(&ses->server->addr.sockAddr6.sin6_addr, +- target_ip6_addr, sizeof(*target_ip6_addr))) +- continue; +- /* BB lock server and tcp session; increment use count here?? */ ++ ++server->srv_count; ++ write_unlock(&cifs_tcp_ses_lock); ++ cFYI(1, ("Existing tcp session with server found")); ++ return server; ++ } ++ write_unlock(&cifs_tcp_ses_lock); ++ return NULL; ++} + +- /* found a match on the TCP session */ +- *psrvTcp = ses->server; ++static void ++cifs_put_tcp_session(struct TCP_Server_Info *server) ++{ ++ struct task_struct *task; + +- /* BB check if reconnection needed */ +- if (strncmp(ses->userName, userName, MAX_USERNAME_SIZE) == 0) { +- read_unlock(&GlobalSMBSeslock); +- /* Found exact match on both TCP and +- SMB sessions */ +- return ses; +- } +- /* else tcp and smb sessions need reconnection */ ++ write_lock(&cifs_tcp_ses_lock); ++ if (--server->srv_count > 0) { ++ write_unlock(&cifs_tcp_ses_lock); ++ return; + } +- read_unlock(&GlobalSMBSeslock); + +- return NULL; ++ list_del_init(&server->tcp_ses_list); ++ write_unlock(&cifs_tcp_ses_lock); ++ ++ spin_lock(&GlobalMid_Lock); ++ server->tcpStatus = CifsExiting; ++ spin_unlock(&GlobalMid_Lock); ++ ++ task = xchg(&server->tsk, NULL); ++ if (task) ++ force_sig(SIGKILL, task); + } + +-static struct cifsTconInfo * +-find_unc(__be32 new_target_ip_addr, char *uncName, char *userName) ++static struct cifsSesInfo * ++cifs_find_smb_ses(struct TCP_Server_Info *server, char *username) + { + struct list_head *tmp; +- struct cifsTconInfo *tcon; +- __be32 old_ip; +- +- read_lock(&GlobalSMBSeslock); ++ struct cifsSesInfo *ses; + +- list_for_each(tmp, &GlobalTreeConnectionList) { +- cFYI(1, ("Next tcon")); +- tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList); +- if (!tcon->ses || !tcon->ses->server) ++ write_lock(&cifs_tcp_ses_lock); ++ list_for_each(tmp, &server->smb_ses_list) { ++ ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list); ++ if (strncmp(ses->userName, username, MAX_USERNAME_SIZE)) + continue; + +- old_ip = tcon->ses->server->addr.sockAddr.sin_addr.s_addr; +- cFYI(1, ("old ip addr: %x == new ip %x ?", +- old_ip, new_target_ip_addr)); ++ ++ses->ses_count; ++ write_unlock(&cifs_tcp_ses_lock); ++ return ses; ++ } ++ write_unlock(&cifs_tcp_ses_lock); ++ return NULL; ++} + +- if (old_ip != new_target_ip_addr) +- continue; ++static void ++cifs_put_smb_ses(struct cifsSesInfo *ses) ++{ ++ int xid; ++ struct TCP_Server_Info *server = ses->server; + +- /* BB lock tcon, server, tcp session and increment use count? */ +- /* found a match on the TCP session */ +- /* BB check if reconnection needed */ +- cFYI(1, ("IP match, old UNC: %s new: %s", +- tcon->treeName, uncName)); ++ write_lock(&cifs_tcp_ses_lock); ++ if (--ses->ses_count > 0) { ++ write_unlock(&cifs_tcp_ses_lock); ++ return; ++ } + +- if (strncmp(tcon->treeName, uncName, MAX_TREE_SIZE)) +- continue; ++ list_del_init(&ses->smb_ses_list); ++ write_unlock(&cifs_tcp_ses_lock); ++ ++ if (ses->status == CifsGood) { ++ xid = GetXid(); ++ CIFSSMBLogoff(xid, ses); ++ _FreeXid(xid); ++ } ++ sesInfoFree(ses); ++ cifs_put_tcp_session(server); ++} + +- cFYI(1, ("and old usr: %s new: %s", +- tcon->treeName, uncName)); ++static struct cifsTconInfo * ++cifs_find_tcon(struct cifsSesInfo *ses, const char *unc) ++{ ++ struct list_head *tmp; ++ struct cifsTconInfo *tcon; + +- if (strncmp(tcon->ses->userName, userName, MAX_USERNAME_SIZE)) ++ write_lock(&cifs_tcp_ses_lock); ++ list_for_each(tmp, &ses->tcon_list) { ++ tcon = list_entry(tmp, struct cifsTconInfo, tcon_list); ++ if (tcon->tidStatus == CifsExiting) ++ continue; ++ if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE)) + continue; + +- /* matched smb session (user name) */ +- read_unlock(&GlobalSMBSeslock); ++ ++tcon->tc_count; ++ write_unlock(&cifs_tcp_ses_lock); + return tcon; + } +- +- read_unlock(&GlobalSMBSeslock); ++ write_unlock(&cifs_tcp_ses_lock); + return NULL; + } + ++static void ++cifs_put_tcon(struct cifsTconInfo *tcon) ++{ ++ int xid; ++ struct cifsSesInfo *ses = tcon->ses; ++ ++ write_lock(&cifs_tcp_ses_lock); ++ if (--tcon->tc_count > 0) { ++ write_unlock(&cifs_tcp_ses_lock); ++ return; ++ } ++ ++ list_del_init(&tcon->tcon_list); ++ write_unlock(&cifs_tcp_ses_lock); ++ ++ xid = GetXid(); ++ CIFSSMBTDis(xid, tcon); ++ _FreeXid(xid); ++ ++ DeleteTconOplockQEntries(tcon); ++ tconInfoFree(tcon); ++ cifs_put_smb_ses(ses); ++} ++ + int + get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path, + const struct nls_table *nls_codepage, unsigned int *pnum_referrals, +@@ -1506,7 +1583,8 @@ static void rfc1002mangle(char *target, char *source, unsigned int length) + + static int + ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket, +- char *netbios_name, char *target_name) ++ char *netbios_name, char *target_name, ++ bool noblocksnd, bool noautotune) + { + int rc = 0; + int connected = 0; +@@ -1578,11 +1656,15 @@ ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket, + (*csocket)->sk->sk_sndbuf, + (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo)); + (*csocket)->sk->sk_rcvtimeo = 7 * HZ; ++ if (!noblocksnd) ++ (*csocket)->sk->sk_sndtimeo = 3 * HZ; + /* make the bufsizes depend on wsize/rsize and max requests */ +- if ((*csocket)->sk->sk_sndbuf < (200 * 1024)) +- (*csocket)->sk->sk_sndbuf = 200 * 1024; +- if ((*csocket)->sk->sk_rcvbuf < (140 * 1024)) +- (*csocket)->sk->sk_rcvbuf = 140 * 1024; ++ if (noautotune) { ++ if ((*csocket)->sk->sk_sndbuf < (200 * 1024)) ++ (*csocket)->sk->sk_sndbuf = 200 * 1024; ++ if ((*csocket)->sk->sk_rcvbuf < (140 * 1024)) ++ (*csocket)->sk->sk_rcvbuf = 140 * 1024; ++ } + + /* send RFC1001 sessinit */ + if (psin_server->sin_port == htons(RFC1001_PORT)) { +@@ -1619,7 +1701,7 @@ ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket, + /* sizeof RFC1002_SESSION_REQUEST with no scope */ + smb_buf->smb_buf_length = 0x81000044; + rc = smb_send(*csocket, smb_buf, 0x44, +- (struct sockaddr *)psin_server); ++ (struct sockaddr *)psin_server, noblocksnd); + kfree(ses_init_buf); + msleep(1); /* RFC1001 layer in at least one server + requires very short break before negprot +@@ -1639,7 +1721,8 @@ ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket, + } + + static int +-ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket) ++ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket, ++ bool noblocksnd) + { + int rc = 0; + int connected = 0; +@@ -1708,6 +1791,8 @@ ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket) + the default. sock_setsockopt not used because it expects + user space buffer */ + (*csocket)->sk->sk_rcvtimeo = 7 * HZ; ++ if (!noblocksnd) ++ (*csocket)->sk->sk_sndtimeo = 3 * HZ; + + return rc; + } +@@ -1845,19 +1930,104 @@ convert_delimiter(char *path, char delim) + } + } + ++static void setup_cifs_sb(struct smb_vol *pvolume_info, ++ struct cifs_sb_info *cifs_sb) ++{ ++ if (pvolume_info->rsize > CIFSMaxBufSize) { ++ cERROR(1, ("rsize %d too large, using MaxBufSize", ++ pvolume_info->rsize)); ++ cifs_sb->rsize = CIFSMaxBufSize; ++ } else if ((pvolume_info->rsize) && ++ (pvolume_info->rsize <= CIFSMaxBufSize)) ++ cifs_sb->rsize = pvolume_info->rsize; ++ else /* default */ ++ cifs_sb->rsize = CIFSMaxBufSize; ++ ++ if (pvolume_info->wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) { ++ cERROR(1, ("wsize %d too large, using 4096 instead", ++ pvolume_info->wsize)); ++ cifs_sb->wsize = 4096; ++ } else if (pvolume_info->wsize) ++ cifs_sb->wsize = pvolume_info->wsize; ++ else ++ cifs_sb->wsize = min_t(const int, ++ PAGEVEC_SIZE * PAGE_CACHE_SIZE, ++ 127*1024); ++ /* old default of CIFSMaxBufSize was too small now ++ that SMB Write2 can send multiple pages in kvec. ++ RFC1001 does not describe what happens when frame ++ bigger than 128K is sent so use that as max in ++ conjunction with 52K kvec constraint on arch with 4K ++ page size */ ++ ++ if (cifs_sb->rsize < 2048) { ++ cifs_sb->rsize = 2048; ++ /* Windows ME may prefer this */ ++ cFYI(1, ("readsize set to minimum: 2048")); ++ } ++ /* calculate prepath */ ++ cifs_sb->prepath = pvolume_info->prepath; ++ if (cifs_sb->prepath) { ++ cifs_sb->prepathlen = strlen(cifs_sb->prepath); ++ /* we can not convert the / to \ in the path ++ separators in the prefixpath yet because we do not ++ know (until reset_cifs_unix_caps is called later) ++ whether POSIX PATH CAP is available. We normalize ++ the / to \ after reset_cifs_unix_caps is called */ ++ pvolume_info->prepath = NULL; ++ } else ++ cifs_sb->prepathlen = 0; ++ cifs_sb->mnt_uid = pvolume_info->linux_uid; ++ cifs_sb->mnt_gid = pvolume_info->linux_gid; ++ cifs_sb->mnt_file_mode = pvolume_info->file_mode; ++ cifs_sb->mnt_dir_mode = pvolume_info->dir_mode; ++ cFYI(1, ("file mode: 0x%x dir mode: 0x%x", ++ cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode)); ++ ++ if (pvolume_info->noperm) ++ cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM; ++ if (pvolume_info->setuids) ++ cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID; ++ if (pvolume_info->server_ino) ++ cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM; ++ if (pvolume_info->remap) ++ cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR; ++ if (pvolume_info->no_xattr) ++ cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR; ++ if (pvolume_info->sfu_emul) ++ cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL; ++ if (pvolume_info->nobrl) ++ cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL; ++ if (pvolume_info->cifs_acl) ++ cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL; ++ if (pvolume_info->override_uid) ++ cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID; ++ if (pvolume_info->override_gid) ++ cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID; ++ if (pvolume_info->dynperm) ++ cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM; ++ if (pvolume_info->direct_io) { ++ cFYI(1, ("mounting share using direct i/o")); ++ cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO; ++ } ++ ++ if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm)) ++ cERROR(1, ("mount option dynperm ignored if cifsacl " ++ "mount option supported")); ++} ++ + int + cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, + char *mount_data, const char *devname) + { + int rc = 0; + int xid; +- int address_type = AF_INET; + struct socket *csocket = NULL; +- struct sockaddr_in sin_server; +- struct sockaddr_in6 sin_server6; ++ struct sockaddr addr; ++ struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr; ++ struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr; + struct smb_vol volume_info; + struct cifsSesInfo *pSesInfo = NULL; +- struct cifsSesInfo *existingCifsSes = NULL; + struct cifsTconInfo *tcon = NULL; + struct TCP_Server_Info *srvTcp = NULL; + +@@ -1865,6 +2035,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, + + /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */ + ++ memset(&addr, 0, sizeof(struct sockaddr)); + memset(&volume_info, 0, sizeof(struct smb_vol)); + if (cifs_parse_mount_options(mount_data, devname, &volume_info)) { + rc = -EINVAL; +@@ -1887,16 +2058,16 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, + + if (volume_info.UNCip && volume_info.UNC) { + rc = cifs_inet_pton(AF_INET, volume_info.UNCip, +- &sin_server.sin_addr.s_addr); ++ &sin_server->sin_addr.s_addr); + + if (rc <= 0) { + /* not ipv4 address, try ipv6 */ + rc = cifs_inet_pton(AF_INET6, volume_info.UNCip, +- &sin_server6.sin6_addr.in6_u); ++ &sin_server6->sin6_addr.in6_u); + if (rc > 0) +- address_type = AF_INET6; ++ addr.sa_family = AF_INET6; + } else { +- address_type = AF_INET; ++ addr.sa_family = AF_INET; + } + + if (rc <= 0) { +@@ -1936,38 +2107,25 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, + } + } + +- if (address_type == AF_INET) +- existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr, +- NULL /* no ipv6 addr */, +- volume_info.username, &srvTcp); +- else if (address_type == AF_INET6) { +- cFYI(1, ("looking for ipv6 address")); +- existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */, +- &sin_server6.sin6_addr, +- volume_info.username, &srvTcp); +- } else { +- rc = -EINVAL; +- goto out; +- } +- +- if (srvTcp) { +- cFYI(1, ("Existing tcp session with server found")); +- } else { /* create socket */ +- if (volume_info.port) +- sin_server.sin_port = htons(volume_info.port); +- else +- sin_server.sin_port = 0; +- if (address_type == AF_INET6) { ++ srvTcp = cifs_find_tcp_session(&addr); ++ if (!srvTcp) { /* create socket */ ++ if (addr.sa_family == AF_INET6) { + cFYI(1, ("attempting ipv6 connect")); + /* BB should we allow ipv6 on port 139? */ + /* other OS never observed in Wild doing 139 with v6 */ +- rc = ipv6_connect(&sin_server6, &csocket); +- } else +- rc = ipv4_connect(&sin_server, &csocket, +- volume_info.source_rfc1001_name, +- volume_info.target_rfc1001_name); ++ sin_server6->sin6_port = htons(volume_info.port); ++ rc = ipv6_connect(sin_server6, &csocket, ++ volume_info.noblocksnd); ++ } else { ++ sin_server->sin_port = htons(volume_info.port); ++ rc = ipv4_connect(sin_server, &csocket, ++ volume_info.source_rfc1001_name, ++ volume_info.target_rfc1001_name, ++ volume_info.noblocksnd, ++ volume_info.noautotune); ++ } + if (rc < 0) { +- cERROR(1, ("Error connecting to IPv4 socket. " ++ cERROR(1, ("Error connecting to socket. " + "Aborting operation")); + if (csocket != NULL) + sock_release(csocket); +@@ -1980,12 +2138,17 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, + sock_release(csocket); + goto out; + } else { +- memcpy(&srvTcp->addr.sockAddr, &sin_server, +- sizeof(struct sockaddr_in)); ++ srvTcp->noblocksnd = volume_info.noblocksnd; ++ srvTcp->noautotune = volume_info.noautotune; ++ if (addr.sa_family == AF_INET6) ++ memcpy(&srvTcp->addr.sockAddr6, sin_server6, ++ sizeof(struct sockaddr_in6)); ++ else ++ memcpy(&srvTcp->addr.sockAddr, sin_server, ++ sizeof(struct sockaddr_in)); + atomic_set(&srvTcp->inFlight, 0); + /* BB Add code for ipv6 case too */ + srvTcp->ssocket = csocket; +- srvTcp->protocolType = IPV4; + srvTcp->hostname = extract_hostname(volume_info.UNC); + if (IS_ERR(srvTcp->hostname)) { + rc = PTR_ERR(srvTcp->hostname); +@@ -2015,15 +2178,28 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, + memcpy(srvTcp->server_RFC1001_name, + volume_info.target_rfc1001_name, 16); + srvTcp->sequence_number = 0; ++ INIT_LIST_HEAD(&srvTcp->tcp_ses_list); ++ INIT_LIST_HEAD(&srvTcp->smb_ses_list); ++ ++srvTcp->srv_count; ++ write_lock(&cifs_tcp_ses_lock); ++ list_add(&srvTcp->tcp_ses_list, ++ &cifs_tcp_ses_list); ++ write_unlock(&cifs_tcp_ses_lock); + } + } + +- if (existingCifsSes) { +- pSesInfo = existingCifsSes; ++ pSesInfo = cifs_find_smb_ses(srvTcp, volume_info.username); ++ if (pSesInfo) { + cFYI(1, ("Existing smb sess found (status=%d)", + pSesInfo->status)); ++ /* ++ * The existing SMB session already has a reference to srvTcp, ++ * so we can put back the extra one we got before ++ */ ++ cifs_put_tcp_session(srvTcp); ++ + down(&pSesInfo->sesSem); +- if (pSesInfo->status == CifsNeedReconnect) { ++ if (pSesInfo->need_reconnect) { + cFYI(1, ("Session needs reconnect")); + rc = cifs_setup_session(xid, pSesInfo, + cifs_sb->local_nls); +@@ -2032,180 +2208,94 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, + } else if (!rc) { + cFYI(1, ("Existing smb sess not found")); + pSesInfo = sesInfoAlloc(); +- if (pSesInfo == NULL) ++ if (pSesInfo == NULL) { + rc = -ENOMEM; +- else { +- pSesInfo->server = srvTcp; +- sprintf(pSesInfo->serverName, "%u.%u.%u.%u", +- NIPQUAD(sin_server.sin_addr.s_addr)); +- } ++ goto mount_fail_check; ++ } ++ ++ /* new SMB session uses our srvTcp ref */ ++ pSesInfo->server = srvTcp; ++ sprintf(pSesInfo->serverName, "%u.%u.%u.%u", ++ NIPQUAD(sin_server->sin_addr.s_addr)); ++ ++ write_lock(&cifs_tcp_ses_lock); ++ list_add(&pSesInfo->smb_ses_list, &srvTcp->smb_ses_list); ++ write_unlock(&cifs_tcp_ses_lock); ++ ++ /* volume_info.password freed at unmount */ ++ if (volume_info.password) { ++ pSesInfo->password = volume_info.password; ++ /* set to NULL to prevent freeing on exit */ ++ volume_info.password = NULL; ++ } ++ if (volume_info.username) ++ strncpy(pSesInfo->userName, volume_info.username, ++ MAX_USERNAME_SIZE); ++ if (volume_info.domainname) { ++ int len = strlen(volume_info.domainname); ++ pSesInfo->domainName = kmalloc(len + 1, GFP_KERNEL); ++ if (pSesInfo->domainName) ++ strcpy(pSesInfo->domainName, ++ volume_info.domainname); ++ } ++ pSesInfo->linux_uid = volume_info.linux_uid; ++ pSesInfo->overrideSecFlg = volume_info.secFlg; ++ down(&pSesInfo->sesSem); + +- if (!rc) { +- /* volume_info.password freed at unmount */ +- if (volume_info.password) { +- pSesInfo->password = volume_info.password; +- /* set to NULL to prevent freeing on exit */ +- volume_info.password = NULL; +- } +- if (volume_info.username) +- strncpy(pSesInfo->userName, +- volume_info.username, +- MAX_USERNAME_SIZE); +- if (volume_info.domainname) { +- int len = strlen(volume_info.domainname); +- pSesInfo->domainName = +- kmalloc(len + 1, GFP_KERNEL); +- if (pSesInfo->domainName) +- strcpy(pSesInfo->domainName, +- volume_info.domainname); +- } +- pSesInfo->linux_uid = volume_info.linux_uid; +- pSesInfo->overrideSecFlg = volume_info.secFlg; +- down(&pSesInfo->sesSem); +- /* BB FIXME need to pass vol->secFlgs BB */ +- rc = cifs_setup_session(xid, pSesInfo, +- cifs_sb->local_nls); +- up(&pSesInfo->sesSem); +- if (!rc) +- atomic_inc(&srvTcp->socketUseCount); +- } ++ /* BB FIXME need to pass vol->secFlgs BB */ ++ rc = cifs_setup_session(xid, pSesInfo, ++ cifs_sb->local_nls); ++ up(&pSesInfo->sesSem); + } + + /* search for existing tcon to this server share */ + if (!rc) { +- if (volume_info.rsize > CIFSMaxBufSize) { +- cERROR(1, ("rsize %d too large, using MaxBufSize", +- volume_info.rsize)); +- cifs_sb->rsize = CIFSMaxBufSize; +- } else if ((volume_info.rsize) && +- (volume_info.rsize <= CIFSMaxBufSize)) +- cifs_sb->rsize = volume_info.rsize; +- else /* default */ +- cifs_sb->rsize = CIFSMaxBufSize; +- +- if (volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) { +- cERROR(1, ("wsize %d too large, using 4096 instead", +- volume_info.wsize)); +- cifs_sb->wsize = 4096; +- } else if (volume_info.wsize) +- cifs_sb->wsize = volume_info.wsize; +- else +- cifs_sb->wsize = +- min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE, +- 127*1024); +- /* old default of CIFSMaxBufSize was too small now +- that SMB Write2 can send multiple pages in kvec. +- RFC1001 does not describe what happens when frame +- bigger than 128K is sent so use that as max in +- conjunction with 52K kvec constraint on arch with 4K +- page size */ +- +- if (cifs_sb->rsize < 2048) { +- cifs_sb->rsize = 2048; +- /* Windows ME may prefer this */ +- cFYI(1, ("readsize set to minimum: 2048")); +- } +- /* calculate prepath */ +- cifs_sb->prepath = volume_info.prepath; +- if (cifs_sb->prepath) { +- cifs_sb->prepathlen = strlen(cifs_sb->prepath); +- /* we can not convert the / to \ in the path +- separators in the prefixpath yet because we do not +- know (until reset_cifs_unix_caps is called later) +- whether POSIX PATH CAP is available. We normalize +- the / to \ after reset_cifs_unix_caps is called */ +- volume_info.prepath = NULL; +- } else +- cifs_sb->prepathlen = 0; +- cifs_sb->mnt_uid = volume_info.linux_uid; +- cifs_sb->mnt_gid = volume_info.linux_gid; +- cifs_sb->mnt_file_mode = volume_info.file_mode; +- cifs_sb->mnt_dir_mode = volume_info.dir_mode; +- cFYI(1, ("file mode: 0x%x dir mode: 0x%x", +- cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode)); +- +- if (volume_info.noperm) +- cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM; +- if (volume_info.setuids) +- cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID; +- if (volume_info.server_ino) +- cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM; +- if (volume_info.remap) +- cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR; +- if (volume_info.no_xattr) +- cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR; +- if (volume_info.sfu_emul) +- cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL; +- if (volume_info.nobrl) +- cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL; +- if (volume_info.cifs_acl) +- cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL; +- if (volume_info.override_uid) +- cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID; +- if (volume_info.override_gid) +- cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID; +- if (volume_info.dynperm) +- cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM; +- if (volume_info.direct_io) { +- cFYI(1, ("mounting share using direct i/o")); +- cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO; +- } +- +- if ((volume_info.cifs_acl) && (volume_info.dynperm)) +- cERROR(1, ("mount option dynperm ignored if cifsacl " +- "mount option supported")); +- +- tcon = +- find_unc(sin_server.sin_addr.s_addr, volume_info.UNC, +- volume_info.username); ++ setup_cifs_sb(&volume_info, cifs_sb); ++ tcon = cifs_find_tcon(pSesInfo, volume_info.UNC); + if (tcon) { + cFYI(1, ("Found match on UNC path")); +- /* we can have only one retry value for a connection +- to a share so for resources mounted more than once +- to the same server share the last value passed in +- for the retry flag is used */ +- tcon->retry = volume_info.retry; +- tcon->nocase = volume_info.nocase; ++ /* existing tcon already has a reference */ ++ cifs_put_smb_ses(pSesInfo); + if (tcon->seal != volume_info.seal) + cERROR(1, ("transport encryption setting " + "conflicts with existing tid")); + } else { + tcon = tconInfoAlloc(); +- if (tcon == NULL) ++ if (tcon == NULL) { + rc = -ENOMEM; +- else { +- /* check for null share name ie connecting to +- * dfs root */ +- +- /* BB check if this works for exactly length +- * three strings */ +- if ((strchr(volume_info.UNC + 3, '\\') == NULL) +- && (strchr(volume_info.UNC + 3, '/') == +- NULL)) { +-/* rc = connect_to_dfs_path(xid, pSesInfo, +- "", cifs_sb->local_nls, +- cifs_sb->mnt_cifs_flags & +- CIFS_MOUNT_MAP_SPECIAL_CHR);*/ +- cFYI(1, ("DFS root not supported")); +- rc = -ENODEV; +- goto out; +- } else { +- /* BB Do we need to wrap sesSem around +- * this TCon call and Unix SetFS as +- * we do on SessSetup and reconnect? */ +- rc = CIFSTCon(xid, pSesInfo, +- volume_info.UNC, +- tcon, cifs_sb->local_nls); +- cFYI(1, ("CIFS Tcon rc = %d", rc)); +- } +- if (!rc) { +- atomic_inc(&pSesInfo->inUse); +- tcon->retry = volume_info.retry; +- tcon->nocase = volume_info.nocase; +- tcon->seal = volume_info.seal; +- } ++ goto mount_fail_check; ++ } ++ tcon->ses = pSesInfo; ++ ++ /* check for null share name ie connect to dfs root */ ++ if ((strchr(volume_info.UNC + 3, '\\') == NULL) ++ && (strchr(volume_info.UNC + 3, '/') == NULL)) { ++ /* rc = connect_to_dfs_path(...) */ ++ cFYI(1, ("DFS root not supported")); ++ rc = -ENODEV; ++ goto mount_fail_check; ++ } else { ++ /* BB Do we need to wrap sesSem around ++ * this TCon call and Unix SetFS as ++ * we do on SessSetup and reconnect? */ ++ rc = CIFSTCon(xid, pSesInfo, volume_info.UNC, ++ tcon, cifs_sb->local_nls); ++ cFYI(1, ("CIFS Tcon rc = %d", rc)); + } ++ if (rc) ++ goto mount_fail_check; ++ tcon->seal = volume_info.seal; ++ write_lock(&cifs_tcp_ses_lock); ++ list_add(&tcon->tcon_list, &pSesInfo->tcon_list); ++ write_unlock(&cifs_tcp_ses_lock); + } ++ ++ /* we can have only one retry value for a connection ++ to a share so for resources mounted more than once ++ to the same server share the last value passed in ++ for the retry flag is used */ ++ tcon->retry = volume_info.retry; ++ tcon->nocase = volume_info.nocase; + } + if (pSesInfo) { + if (pSesInfo->capabilities & CAP_LARGE_FILES) { +@@ -2217,91 +2307,49 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, + /* BB FIXME fix time_gran to be larger for LANMAN sessions */ + sb->s_time_gran = 100; + +-/* on error free sesinfo and tcon struct if needed */ ++ /* on error free sesinfo and tcon struct if needed */ ++mount_fail_check: + if (rc) { +- /* if session setup failed, use count is zero but +- we still need to free cifsd thread */ +- if (atomic_read(&srvTcp->socketUseCount) == 0) { +- spin_lock(&GlobalMid_Lock); +- srvTcp->tcpStatus = CifsExiting; +- spin_unlock(&GlobalMid_Lock); +- if (srvTcp->tsk) { +- /* If we could verify that kthread_stop would +- always wake up processes blocked in +- tcp in recv_mesg then we could remove the +- send_sig call */ +- force_sig(SIGKILL, srvTcp->tsk); +- kthread_stop(srvTcp->tsk); +- } +- } + /* If find_unc succeeded then rc == 0 so we can not end */ +- if (tcon) /* up accidently freeing someone elses tcon struct */ +- tconInfoFree(tcon); +- if (existingCifsSes == NULL) { +- if (pSesInfo) { +- if ((pSesInfo->server) && +- (pSesInfo->status == CifsGood)) { +- int temp_rc; +- temp_rc = CIFSSMBLogoff(xid, pSesInfo); +- /* if the socketUseCount is now zero */ +- if ((temp_rc == -ESHUTDOWN) && +- (pSesInfo->server) && +- (pSesInfo->server->tsk)) { +- force_sig(SIGKILL, +- pSesInfo->server->tsk); +- kthread_stop(pSesInfo->server->tsk); +- } +- } else { +- cFYI(1, ("No session or bad tcon")); +- if ((pSesInfo->server) && +- (pSesInfo->server->tsk)) { +- force_sig(SIGKILL, +- pSesInfo->server->tsk); +- kthread_stop(pSesInfo->server->tsk); +- } +- } +- sesInfoFree(pSesInfo); +- /* pSesInfo = NULL; */ +- } +- } +- } else { +- atomic_inc(&tcon->useCount); +- cifs_sb->tcon = tcon; +- tcon->ses = pSesInfo; +- +- /* do not care if following two calls succeed - informational */ +- if (!tcon->ipc) { +- CIFSSMBQFSDeviceInfo(xid, tcon); +- CIFSSMBQFSAttributeInfo(xid, tcon); +- } +- +- /* tell server which Unix caps we support */ +- if (tcon->ses->capabilities & CAP_UNIX) +- /* reset of caps checks mount to see if unix extensions +- disabled for just this mount */ +- reset_cifs_unix_caps(xid, tcon, sb, &volume_info); ++ /* up accidently freeing someone elses tcon struct */ ++ if (tcon) ++ cifs_put_tcon(tcon); ++ else if (pSesInfo) ++ cifs_put_smb_ses(pSesInfo); + else +- tcon->unix_ext = 0; /* server does not support them */ ++ cifs_put_tcp_session(srvTcp); ++ goto out; ++ } ++ cifs_sb->tcon = tcon; + +- /* convert forward to back slashes in prepath here if needed */ +- if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0) +- convert_delimiter(cifs_sb->prepath, +- CIFS_DIR_SEP(cifs_sb)); ++ /* do not care if following two calls succeed - informational */ ++ if (!tcon->ipc) { ++ CIFSSMBQFSDeviceInfo(xid, tcon); ++ CIFSSMBQFSAttributeInfo(xid, tcon); ++ } + +- if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) { +- cifs_sb->rsize = 1024 * 127; +- cFYI(DBG2, +- ("no very large read support, rsize now 127K")); +- } +- if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X)) +- cifs_sb->wsize = min(cifs_sb->wsize, +- (tcon->ses->server->maxBuf - +- MAX_CIFS_HDR_SIZE)); +- if (!(tcon->ses->capabilities & CAP_LARGE_READ_X)) +- cifs_sb->rsize = min(cifs_sb->rsize, +- (tcon->ses->server->maxBuf - +- MAX_CIFS_HDR_SIZE)); ++ /* tell server which Unix caps we support */ ++ if (tcon->ses->capabilities & CAP_UNIX) ++ /* reset of caps checks mount to see if unix extensions ++ disabled for just this mount */ ++ reset_cifs_unix_caps(xid, tcon, sb, &volume_info); ++ else ++ tcon->unix_ext = 0; /* server does not support them */ ++ ++ /* convert forward to back slashes in prepath here if needed */ ++ if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0) ++ convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb)); ++ ++ if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) { ++ cifs_sb->rsize = 1024 * 127; ++ cFYI(DBG2, ("no very large read support, rsize now 127K")); + } ++ if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X)) ++ cifs_sb->wsize = min(cifs_sb->wsize, ++ (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE)); ++ if (!(tcon->ses->capabilities & CAP_LARGE_READ_X)) ++ cifs_sb->rsize = min(cifs_sb->rsize, ++ (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE)); + + /* volume_info.password is freed above when existing session found + (in which case it is not needed anymore) but when new sesion is created +@@ -3471,6 +3519,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, + /* above now done in SendReceive */ + if ((rc == 0) && (tcon != NULL)) { + tcon->tidStatus = CifsGood; ++ tcon->need_reconnect = false; + tcon->tid = smb_buffer_response->Tid; + bcc_ptr = pByteArea(smb_buffer_response); + length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2); +@@ -3542,52 +3591,17 @@ int + cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb) + { + int rc = 0; +- int xid; +- struct cifsSesInfo *ses = NULL; +- struct task_struct *cifsd_task; + char *tmp; + +- xid = GetXid(); +- +- if (cifs_sb->tcon) { +- ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/ +- rc = CIFSSMBTDis(xid, cifs_sb->tcon); +- if (rc == -EBUSY) { +- FreeXid(xid); +- return 0; +- } +- DeleteTconOplockQEntries(cifs_sb->tcon); +- tconInfoFree(cifs_sb->tcon); +- if ((ses) && (ses->server)) { +- /* save off task so we do not refer to ses later */ +- cifsd_task = ses->server->tsk; +- cFYI(1, ("About to do SMBLogoff ")); +- rc = CIFSSMBLogoff(xid, ses); +- if (rc == -EBUSY) { +- FreeXid(xid); +- return 0; +- } else if (rc == -ESHUTDOWN) { +- cFYI(1, ("Waking up socket by sending signal")); +- if (cifsd_task) { +- force_sig(SIGKILL, cifsd_task); +- kthread_stop(cifsd_task); +- } +- rc = 0; +- } /* else - we have an smb session +- left on this socket do not kill cifsd */ +- } else +- cFYI(1, ("No session or bad tcon")); +- } ++ if (cifs_sb->tcon) ++ cifs_put_tcon(cifs_sb->tcon); + + cifs_sb->tcon = NULL; + tmp = cifs_sb->prepath; + cifs_sb->prepathlen = 0; + cifs_sb->prepath = NULL; + kfree(tmp); +- if (ses) +- sesInfoFree(ses); + +- FreeXid(xid); + return rc; + } + +@@ -3702,6 +3716,7 @@ int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo, + } else { + cFYI(1, ("CIFS Session Established successfully")); + pSesInfo->status = CifsGood; ++ pSesInfo->need_reconnect = false; + } + + ss_err_exit: +diff --git a/fs/cifs/file.c b/fs/cifs/file.c +index cbefe1f..042b122 100644 +--- a/fs/cifs/file.c ++++ b/fs/cifs/file.c +@@ -493,7 +493,7 @@ int cifs_close(struct inode *inode, struct file *file) + if (pTcon) { + /* no sense reconnecting to close a file that is + already closed */ +- if (pTcon->tidStatus != CifsNeedReconnect) { ++ if (!pTcon->need_reconnect) { + timeout = 2; + while ((atomic_read(&pSMBFile->wrtPending) != 0) + && (timeout <= 2048)) { +@@ -1396,7 +1396,10 @@ retry: + if ((wbc->nr_to_write -= n_iov) <= 0) + done = 1; + index = next; +- } ++ } else ++ /* Need to re-find the pages we skipped */ ++ index = pvec.pages[0]->index + 1; ++ + pagevec_release(&pvec); + } + if (!scanned && !done) { +@@ -1813,7 +1816,7 @@ static int cifs_readpages(struct file *file, struct address_space *mapping, + pTcon = cifs_sb->tcon; + + pagevec_init(&lru_pvec, 0); +- cFYI(DBG2, ("rpages: num pages %d", num_pages)); ++ cFYI(DBG2, ("rpages: num pages %d", num_pages)); + for (i = 0; i < num_pages; ) { + unsigned contig_pages; + struct page *tmp_page; +diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c +index 4b17f8f..b891553 100644 +--- a/fs/cifs/misc.c ++++ b/fs/cifs/misc.c +@@ -75,12 +75,12 @@ sesInfoAlloc(void) + + ret_buf = kzalloc(sizeof(struct cifsSesInfo), GFP_KERNEL); + if (ret_buf) { +- write_lock(&GlobalSMBSeslock); + atomic_inc(&sesInfoAllocCount); + ret_buf->status = CifsNew; +- list_add(&ret_buf->cifsSessionList, &GlobalSMBSessionList); ++ ++ret_buf->ses_count; ++ INIT_LIST_HEAD(&ret_buf->smb_ses_list); ++ INIT_LIST_HEAD(&ret_buf->tcon_list); + init_MUTEX(&ret_buf->sesSem); +- write_unlock(&GlobalSMBSeslock); + } + return ret_buf; + } +@@ -93,10 +93,7 @@ sesInfoFree(struct cifsSesInfo *buf_to_free) + return; + } + +- write_lock(&GlobalSMBSeslock); + atomic_dec(&sesInfoAllocCount); +- list_del(&buf_to_free->cifsSessionList); +- write_unlock(&GlobalSMBSeslock); + kfree(buf_to_free->serverOS); + kfree(buf_to_free->serverDomain); + kfree(buf_to_free->serverNOS); +@@ -111,17 +108,14 @@ tconInfoAlloc(void) + struct cifsTconInfo *ret_buf; + ret_buf = kzalloc(sizeof(struct cifsTconInfo), GFP_KERNEL); + if (ret_buf) { +- write_lock(&GlobalSMBSeslock); + atomic_inc(&tconInfoAllocCount); +- list_add(&ret_buf->cifsConnectionList, +- &GlobalTreeConnectionList); + ret_buf->tidStatus = CifsNew; ++ ++ret_buf->tc_count; + INIT_LIST_HEAD(&ret_buf->openFileList); +- init_MUTEX(&ret_buf->tconSem); ++ INIT_LIST_HEAD(&ret_buf->tcon_list); + #ifdef CONFIG_CIFS_STATS + spin_lock_init(&ret_buf->stat_lock); + #endif +- write_unlock(&GlobalSMBSeslock); + } + return ret_buf; + } +@@ -133,10 +127,7 @@ tconInfoFree(struct cifsTconInfo *buf_to_free) + cFYI(1, ("Null buffer passed to tconInfoFree")); + return; + } +- write_lock(&GlobalSMBSeslock); + atomic_dec(&tconInfoAllocCount); +- list_del(&buf_to_free->cifsConnectionList); +- write_unlock(&GlobalSMBSeslock); + kfree(buf_to_free->nativeFileSystem); + kfree(buf_to_free); + } +@@ -354,9 +345,9 @@ header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , + if (current->fsuid != treeCon->ses->linux_uid) { + cFYI(1, ("Multiuser mode and UID " + "did not match tcon uid")); +- read_lock(&GlobalSMBSeslock); +- list_for_each(temp_item, &GlobalSMBSessionList) { +- ses = list_entry(temp_item, struct cifsSesInfo, cifsSessionList); ++ read_lock(&cifs_tcp_ses_lock); ++ list_for_each(temp_item, &treeCon->ses->server->smb_ses_list) { ++ ses = list_entry(temp_item, struct cifsSesInfo, smb_ses_list); + if (ses->linux_uid == current->fsuid) { + if (ses->server == treeCon->ses->server) { + cFYI(1, ("found matching uid substitute right smb_uid")); +@@ -368,7 +359,7 @@ header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , + } + } + } +- read_unlock(&GlobalSMBSeslock); ++ read_unlock(&cifs_tcp_ses_lock); + } + } + } +@@ -501,9 +492,10 @@ bool + is_valid_oplock_break(struct smb_hdr *buf, struct TCP_Server_Info *srv) + { + struct smb_com_lock_req *pSMB = (struct smb_com_lock_req *)buf; +- struct list_head *tmp; +- struct list_head *tmp1; ++ struct list_head *tmp, *tmp1, *tmp2; ++ struct cifsSesInfo *ses; + struct cifsTconInfo *tcon; ++ struct cifsInodeInfo *pCifsInode; + struct cifsFileInfo *netfile; + + cFYI(1, ("Checking for oplock break or dnotify response")); +@@ -558,42 +550,42 @@ is_valid_oplock_break(struct smb_hdr *buf, struct TCP_Server_Info *srv) + return false; + + /* look up tcon based on tid & uid */ +- read_lock(&GlobalSMBSeslock); +- list_for_each(tmp, &GlobalTreeConnectionList) { +- tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList); +- if ((tcon->tid == buf->Tid) && (srv == tcon->ses->server)) { ++ read_lock(&cifs_tcp_ses_lock); ++ list_for_each(tmp, &srv->smb_ses_list) { ++ ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list); ++ list_for_each(tmp1, &ses->tcon_list) { ++ tcon = list_entry(tmp1, struct cifsTconInfo, tcon_list); ++ if (tcon->tid != buf->Tid) ++ continue; ++ + cifs_stats_inc(&tcon->num_oplock_brks); +- list_for_each(tmp1, &tcon->openFileList) { +- netfile = list_entry(tmp1, struct cifsFileInfo, ++ list_for_each(tmp2, &tcon->openFileList) { ++ netfile = list_entry(tmp2, struct cifsFileInfo, + tlist); +- if (pSMB->Fid == netfile->netfid) { +- struct cifsInodeInfo *pCifsInode; +- read_unlock(&GlobalSMBSeslock); +- cFYI(1, +- ("file id match, oplock break")); +- pCifsInode = +- CIFS_I(netfile->pInode); +- pCifsInode->clientCanCacheAll = false; +- if (pSMB->OplockLevel == 0) +- pCifsInode->clientCanCacheRead +- = false; +- pCifsInode->oplockPending = true; +- AllocOplockQEntry(netfile->pInode, +- netfile->netfid, +- tcon); +- cFYI(1, +- ("about to wake up oplock thread")); +- if (oplockThread) +- wake_up_process(oplockThread); +- return true; +- } ++ if (pSMB->Fid != netfile->netfid) ++ continue; ++ ++ read_unlock(&cifs_tcp_ses_lock); ++ cFYI(1, ("file id match, oplock break")); ++ pCifsInode = CIFS_I(netfile->pInode); ++ pCifsInode->clientCanCacheAll = false; ++ if (pSMB->OplockLevel == 0) ++ pCifsInode->clientCanCacheRead = false; ++ pCifsInode->oplockPending = true; ++ AllocOplockQEntry(netfile->pInode, ++ netfile->netfid, tcon); ++ cFYI(1, ("about to wake up oplock thread")); ++ if (oplockThread) ++ wake_up_process(oplockThread); ++ ++ return true; + } +- read_unlock(&GlobalSMBSeslock); ++ read_unlock(&cifs_tcp_ses_lock); + cFYI(1, ("No matching file for oplock break")); + return true; + } + } +- read_unlock(&GlobalSMBSeslock); ++ read_unlock(&cifs_tcp_ses_lock); + cFYI(1, ("Can not process oplock break for non-existent connection")); + return true; + } +diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c +index e286db9..bb0f329 100644 +--- a/fs/cifs/transport.c ++++ b/fs/cifs/transport.c +@@ -162,7 +162,7 @@ void DeleteTconOplockQEntries(struct cifsTconInfo *tcon) + + int + smb_send(struct socket *ssocket, struct smb_hdr *smb_buffer, +- unsigned int smb_buf_length, struct sockaddr *sin) ++ unsigned int smb_buf_length, struct sockaddr *sin, bool noblocksnd) + { + int rc = 0; + int i = 0; +@@ -179,7 +179,10 @@ smb_send(struct socket *ssocket, struct smb_hdr *smb_buffer, + smb_msg.msg_namelen = sizeof(struct sockaddr); + smb_msg.msg_control = NULL; + smb_msg.msg_controllen = 0; +- smb_msg.msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL; /* BB add more flags?*/ ++ if (noblocksnd) ++ smb_msg.msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL; ++ else ++ smb_msg.msg_flags = MSG_NOSIGNAL; + + /* smb header is converted in header_assemble. bcc and rest of SMB word + area, and byte area if necessary, is converted to littleendian in +@@ -230,8 +233,8 @@ smb_send(struct socket *ssocket, struct smb_hdr *smb_buffer, + } + + static int +-smb_send2(struct socket *ssocket, struct kvec *iov, int n_vec, +- struct sockaddr *sin) ++smb_send2(struct TCP_Server_Info *server, struct kvec *iov, int n_vec, ++ struct sockaddr *sin, bool noblocksnd) + { + int rc = 0; + int i = 0; +@@ -241,6 +244,7 @@ smb_send2(struct socket *ssocket, struct kvec *iov, int n_vec, + unsigned int total_len; + int first_vec = 0; + unsigned int smb_buf_length = smb_buffer->smb_buf_length; ++ struct socket *ssocket = server->ssocket; + + if (ssocket == NULL) + return -ENOTSOCK; /* BB eventually add reconnect code here */ +@@ -249,7 +253,10 @@ smb_send2(struct socket *ssocket, struct kvec *iov, int n_vec, + smb_msg.msg_namelen = sizeof(struct sockaddr); + smb_msg.msg_control = NULL; + smb_msg.msg_controllen = 0; +- smb_msg.msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL; /* BB add more flags?*/ ++ if (noblocksnd) ++ smb_msg.msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL; ++ else ++ smb_msg.msg_flags = MSG_NOSIGNAL; + + /* smb header is converted in header_assemble. bcc and rest of SMB word + area, and byte area if necessary, is converted to littleendian in +@@ -284,8 +291,11 @@ smb_send2(struct socket *ssocket, struct kvec *iov, int n_vec, + if (rc < 0) + break; + +- if (rc >= total_len) { +- WARN_ON(rc > total_len); ++ if (rc == total_len) { ++ total_len = 0; ++ break; ++ } else if (rc > total_len) { ++ cERROR(1, ("sent %d requested %d", rc, total_len)); + break; + } + if (rc == 0) { +@@ -313,6 +323,16 @@ smb_send2(struct socket *ssocket, struct kvec *iov, int n_vec, + i = 0; /* in case we get ENOSPC on the next send */ + } + ++ if ((total_len > 0) && (total_len != smb_buf_length + 4)) { ++ cFYI(1, ("partial send (%d remaining), terminating session", ++ total_len)); ++ /* If we have only sent part of an SMB then the next SMB ++ could be taken as the remainder of this one. We need ++ to kill the socket so the server throws away the partial ++ SMB */ ++ server->tcpStatus = CifsNeedReconnect; ++ } ++ + if (rc < 0) { + cERROR(1, ("Error %d sending data on socket to server", rc)); + } else +@@ -519,8 +539,9 @@ SendReceive2(const unsigned int xid, struct cifsSesInfo *ses, + #ifdef CONFIG_CIFS_STATS2 + atomic_inc(&ses->server->inSend); + #endif +- rc = smb_send2(ses->server->ssocket, iov, n_vec, +- (struct sockaddr *) &(ses->server->addr.sockAddr)); ++ rc = smb_send2(ses->server, iov, n_vec, ++ (struct sockaddr *) &(ses->server->addr.sockAddr), ++ ses->server->noblocksnd); + #ifdef CONFIG_CIFS_STATS2 + atomic_dec(&ses->server->inSend); + midQ->when_sent = jiffies; +@@ -712,7 +733,8 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses, + atomic_inc(&ses->server->inSend); + #endif + rc = smb_send(ses->server->ssocket, in_buf, in_buf->smb_buf_length, +- (struct sockaddr *) &(ses->server->addr.sockAddr)); ++ (struct sockaddr *) &(ses->server->addr.sockAddr), ++ ses->server->noblocksnd); + #ifdef CONFIG_CIFS_STATS2 + atomic_dec(&ses->server->inSend); + midQ->when_sent = jiffies; +@@ -852,7 +874,8 @@ send_nt_cancel(struct cifsTconInfo *tcon, struct smb_hdr *in_buf, + return rc; + } + rc = smb_send(ses->server->ssocket, in_buf, in_buf->smb_buf_length, +- (struct sockaddr *) &(ses->server->addr.sockAddr)); ++ (struct sockaddr *) &(ses->server->addr.sockAddr), ++ ses->server->noblocksnd); + up(&ses->server->tcpSem); + return rc; + } +@@ -942,7 +965,8 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon, + atomic_inc(&ses->server->inSend); + #endif + rc = smb_send(ses->server->ssocket, in_buf, in_buf->smb_buf_length, +- (struct sockaddr *) &(ses->server->addr.sockAddr)); ++ (struct sockaddr *) &(ses->server->addr.sockAddr), ++ ses->server->noblocksnd); + #ifdef CONFIG_CIFS_STATS2 + atomic_dec(&ses->server->inSend); + midQ->when_sent = jiffies; +diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c +index f5b76a3..59b9833 100644 +--- a/fs/ecryptfs/keystore.c ++++ b/fs/ecryptfs/keystore.c +@@ -1037,17 +1037,14 @@ static int + decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, + struct ecryptfs_crypt_stat *crypt_stat) + { +- struct scatterlist dst_sg; +- struct scatterlist src_sg; ++ struct scatterlist dst_sg[2]; ++ struct scatterlist src_sg[2]; + struct mutex *tfm_mutex; + struct blkcipher_desc desc = { + .flags = CRYPTO_TFM_REQ_MAY_SLEEP + }; + int rc = 0; + +- sg_init_table(&dst_sg, 1); +- sg_init_table(&src_sg, 1); +- + if (unlikely(ecryptfs_verbosity > 0)) { + ecryptfs_printk( + KERN_DEBUG, "Session key encryption key (size [%d]):\n", +@@ -1066,8 +1063,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, + } + rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key, + auth_tok->session_key.encrypted_key_size, +- &src_sg, 1); +- if (rc != 1) { ++ src_sg, 2); ++ if (rc < 1 || rc > 2) { + printk(KERN_ERR "Internal error whilst attempting to convert " + "auth_tok->session_key.encrypted_key to scatterlist; " + "expected rc = 1; got rc = [%d]. " +@@ -1079,8 +1076,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, + auth_tok->session_key.encrypted_key_size; + rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key, + auth_tok->session_key.decrypted_key_size, +- &dst_sg, 1); +- if (rc != 1) { ++ dst_sg, 2); ++ if (rc < 1 || rc > 2) { + printk(KERN_ERR "Internal error whilst attempting to convert " + "auth_tok->session_key.decrypted_key to scatterlist; " + "expected rc = 1; got rc = [%d]\n", rc); +@@ -1096,7 +1093,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, + rc = -EINVAL; + goto out; + } +- rc = crypto_blkcipher_decrypt(&desc, &dst_sg, &src_sg, ++ rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg, + auth_tok->session_key.encrypted_key_size); + mutex_unlock(tfm_mutex); + if (unlikely(rc)) { +@@ -1541,8 +1538,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, + size_t i; + size_t encrypted_session_key_valid = 0; + char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES]; +- struct scatterlist dst_sg; +- struct scatterlist src_sg; ++ struct scatterlist dst_sg[2]; ++ struct scatterlist src_sg[2]; + struct mutex *tfm_mutex = NULL; + u8 cipher_code; + size_t packet_size_length; +@@ -1621,8 +1618,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, + ecryptfs_dump_hex(session_key_encryption_key, 16); + } + rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size, +- &src_sg, 1); +- if (rc != 1) { ++ src_sg, 2); ++ if (rc < 1 || rc > 2) { + ecryptfs_printk(KERN_ERR, "Error generating scatterlist " + "for crypt_stat session key; expected rc = 1; " + "got rc = [%d]. key_rec->enc_key_size = [%d]\n", +@@ -1631,8 +1628,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, + goto out; + } + rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size, +- &dst_sg, 1); +- if (rc != 1) { ++ dst_sg, 2); ++ if (rc < 1 || rc > 2) { + ecryptfs_printk(KERN_ERR, "Error generating scatterlist " + "for crypt_stat encrypted session key; " + "expected rc = 1; got rc = [%d]. " +@@ -1653,7 +1650,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, + rc = 0; + ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n", + crypt_stat->key_size); +- rc = crypto_blkcipher_encrypt(&desc, &dst_sg, &src_sg, ++ rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg, + (*key_rec).enc_key_size); + mutex_unlock(tfm_mutex); + if (rc) { +diff --git a/fs/eventpoll.c b/fs/eventpoll.c +index 7cc0eb7..c8cec49 100644 +--- a/fs/eventpoll.c ++++ b/fs/eventpoll.c +@@ -102,6 +102,8 @@ + + #define EP_UNACTIVE_PTR ((void *) -1L) + ++#define EP_ITEM_COST (sizeof(struct epitem) + sizeof(struct eppoll_entry)) ++ + struct epoll_filefd { + struct file *file; + int fd; +@@ -200,6 +202,9 @@ struct eventpoll { + * holding ->lock. + */ + struct epitem *ovflist; ++ ++ /* The user that created the eventpoll descriptor */ ++ struct user_struct *user; + }; + + /* Wait structure used by the poll hooks */ +@@ -227,9 +232,17 @@ struct ep_pqueue { + }; + + /* ++ * Configuration options available inside /proc/sys/fs/epoll/ ++ */ ++/* Maximum number of epoll devices, per user */ ++static int max_user_instances __read_mostly; ++/* Maximum number of epoll watched descriptors, per user */ ++static int max_user_watches __read_mostly; ++ ++/* + * This mutex is used to serialize ep_free() and eventpoll_release_file(). + */ +-static struct mutex epmutex; ++static DEFINE_MUTEX(epmutex); + + /* Safe wake up implementation */ + static struct poll_safewake psw; +@@ -240,6 +253,33 @@ static struct kmem_cache *epi_cache __read_mostly; + /* Slab cache used to allocate "struct eppoll_entry" */ + static struct kmem_cache *pwq_cache __read_mostly; + ++#ifdef CONFIG_SYSCTL ++ ++#include ++ ++static int zero; ++ ++ctl_table epoll_table[] = { ++ { ++ .procname = "max_user_instances", ++ .data = &max_user_instances, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = &proc_dointvec_minmax, ++ .extra1 = &zero, ++ }, ++ { ++ .procname = "max_user_watches", ++ .data = &max_user_watches, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = &proc_dointvec_minmax, ++ .extra1 = &zero, ++ }, ++ { .ctl_name = 0 } ++}; ++#endif /* CONFIG_SYSCTL */ ++ + + /* Setup the structure that is used as key for the RB tree */ + static inline void ep_set_ffd(struct epoll_filefd *ffd, +@@ -402,6 +442,8 @@ static int ep_remove(struct eventpoll *ep, struct epitem *epi) + /* At this point it is safe to free the eventpoll item */ + kmem_cache_free(epi_cache, epi); + ++ atomic_dec(&ep->user->epoll_watches); ++ + DNPRINTK(3, (KERN_INFO "[%p] eventpoll: ep_remove(%p, %p)\n", + current, ep, file)); + +@@ -449,6 +491,8 @@ static void ep_free(struct eventpoll *ep) + + mutex_unlock(&epmutex); + mutex_destroy(&ep->mtx); ++ atomic_dec(&ep->user->epoll_devs); ++ free_uid(ep->user); + kfree(ep); + } + +@@ -532,10 +576,19 @@ void eventpoll_release_file(struct file *file) + + static int ep_alloc(struct eventpoll **pep) + { +- struct eventpoll *ep = kzalloc(sizeof(*ep), GFP_KERNEL); ++ int error; ++ struct user_struct *user; ++ struct eventpoll *ep; + +- if (!ep) +- return -ENOMEM; ++ user = get_current_user(); ++ error = -EMFILE; ++ if (unlikely(atomic_read(&user->epoll_devs) >= ++ max_user_instances)) ++ goto free_uid; ++ error = -ENOMEM; ++ ep = kzalloc(sizeof(*ep), GFP_KERNEL); ++ if (unlikely(!ep)) ++ goto free_uid; + + spin_lock_init(&ep->lock); + mutex_init(&ep->mtx); +@@ -544,12 +597,17 @@ static int ep_alloc(struct eventpoll **pep) + INIT_LIST_HEAD(&ep->rdllist); + ep->rbr = RB_ROOT; + ep->ovflist = EP_UNACTIVE_PTR; ++ ep->user = user; + + *pep = ep; + + DNPRINTK(3, (KERN_INFO "[%p] eventpoll: ep_alloc() ep=%p\n", + current, ep)); + return 0; ++ ++free_uid: ++ free_uid(user); ++ return error; + } + + /* +@@ -703,9 +761,11 @@ static int ep_insert(struct eventpoll *ep, struct epoll_event *event, + struct epitem *epi; + struct ep_pqueue epq; + +- error = -ENOMEM; ++ if (unlikely(atomic_read(&ep->user->epoll_watches) >= ++ max_user_watches)) ++ return -ENOSPC; + if (!(epi = kmem_cache_alloc(epi_cache, GFP_KERNEL))) +- goto error_return; ++ return -ENOMEM; + + /* Item initialization follow here ... */ + INIT_LIST_HEAD(&epi->rdllink); +@@ -735,6 +795,7 @@ static int ep_insert(struct eventpoll *ep, struct epoll_event *event, + * install process. Namely an allocation for a wait queue failed due + * high memory pressure. + */ ++ error = -ENOMEM; + if (epi->nwait < 0) + goto error_unregister; + +@@ -765,6 +826,8 @@ static int ep_insert(struct eventpoll *ep, struct epoll_event *event, + + spin_unlock_irqrestore(&ep->lock, flags); + ++ atomic_inc(&ep->user->epoll_watches); ++ + /* We have to call this outside the lock */ + if (pwake) + ep_poll_safewake(&psw, &ep->poll_wait); +@@ -789,7 +852,7 @@ error_unregister: + spin_unlock_irqrestore(&ep->lock, flags); + + kmem_cache_free(epi_cache, epi); +-error_return: ++ + return error; + } + +@@ -1074,6 +1137,7 @@ asmlinkage long sys_epoll_create1(int flags) + flags & O_CLOEXEC); + if (fd < 0) + ep_free(ep); ++ atomic_inc(&ep->user->epoll_devs); + + error_return: + DNPRINTK(3, (KERN_INFO "[%p] eventpoll: sys_epoll_create(%d) = %d\n", +@@ -1295,7 +1359,12 @@ asmlinkage long sys_epoll_pwait(int epfd, struct epoll_event __user *events, + + static int __init eventpoll_init(void) + { +- mutex_init(&epmutex); ++ struct sysinfo si; ++ ++ si_meminfo(&si); ++ max_user_instances = 128; ++ max_user_watches = (((si.totalram - si.totalhigh) / 32) << PAGE_SHIFT) / ++ EP_ITEM_COST; + + /* Initialize the structure used to perform safe poll wait head wake ups */ + ep_poll_safewake_init(&psw); +diff --git a/fs/ext2/balloc.c b/fs/ext2/balloc.c +index 10bb02c..6dac7ba 100644 +--- a/fs/ext2/balloc.c ++++ b/fs/ext2/balloc.c +@@ -1295,6 +1295,7 @@ retry_alloc: + * turn off reservation for this allocation + */ + if (my_rsv && (free_blocks < windowsz) ++ && (free_blocks > 0) + && (rsv_is_empty(&my_rsv->rsv_window))) + my_rsv = NULL; + +@@ -1332,7 +1333,7 @@ retry_alloc: + * free blocks is less than half of the reservation + * window size. + */ +- if (free_blocks <= (windowsz/2)) ++ if (my_rsv && (free_blocks <= (windowsz/2))) + continue; + + brelse(bitmap_bh); +diff --git a/fs/ext3/balloc.c b/fs/ext3/balloc.c +index 92fd033..f5b57a2 100644 +--- a/fs/ext3/balloc.c ++++ b/fs/ext3/balloc.c +@@ -1547,6 +1547,7 @@ retry_alloc: + * turn off reservation for this allocation + */ + if (my_rsv && (free_blocks < windowsz) ++ && (free_blocks > 0) + && (rsv_is_empty(&my_rsv->rsv_window))) + my_rsv = NULL; + +@@ -1585,7 +1586,7 @@ retry_alloc: + * free blocks is less than half of the reservation + * window size. + */ +- if (free_blocks <= (windowsz/2)) ++ if (my_rsv && (free_blocks <= (windowsz/2))) + continue; + + brelse(bitmap_bh); +diff --git a/fs/ext3/dir.c b/fs/ext3/dir.c +index 1b80f1c..5853f44 100644 +--- a/fs/ext3/dir.c ++++ b/fs/ext3/dir.c +@@ -414,7 +414,7 @@ static int call_filldir(struct file * filp, void * dirent, + get_dtype(sb, fname->file_type)); + if (error) { + filp->f_pos = curr_pos; +- info->extra_fname = fname->next; ++ info->extra_fname = fname; + return error; + } + fname = fname->next; +@@ -453,11 +453,12 @@ static int ext3_dx_readdir(struct file * filp, + * If there are any leftover names on the hash collision + * chain, return them first. + */ +- if (info->extra_fname && +- call_filldir(filp, dirent, filldir, info->extra_fname)) +- goto finished; +- +- if (!info->curr_node) ++ if (info->extra_fname) { ++ if (call_filldir(filp, dirent, filldir, info->extra_fname)) ++ goto finished; ++ info->extra_fname = NULL; ++ goto next_node; ++ } else if (!info->curr_node) + info->curr_node = rb_first(&info->root); + + while (1) { +@@ -488,9 +489,14 @@ static int ext3_dx_readdir(struct file * filp, + info->curr_minor_hash = fname->minor_hash; + if (call_filldir(filp, dirent, filldir, fname)) + break; +- ++ next_node: + info->curr_node = rb_next(info->curr_node); +- if (!info->curr_node) { ++ if (info->curr_node) { ++ fname = rb_entry(info->curr_node, struct fname, ++ rb_hash); ++ info->curr_hash = fname->hash; ++ info->curr_minor_hash = fname->minor_hash; ++ } else { + if (info->next_hash == ~0) { + filp->f_pos = EXT3_HTREE_EOF; + break; +diff --git a/fs/ext3/resize.c b/fs/ext3/resize.c +index 77278e9..78fdf38 100644 +--- a/fs/ext3/resize.c ++++ b/fs/ext3/resize.c +@@ -790,7 +790,8 @@ int ext3_group_add(struct super_block *sb, struct ext3_new_group_data *input) + + if (reserved_gdb || gdb_off == 0) { + if (!EXT3_HAS_COMPAT_FEATURE(sb, +- EXT3_FEATURE_COMPAT_RESIZE_INODE)){ ++ EXT3_FEATURE_COMPAT_RESIZE_INODE) ++ || !le16_to_cpu(es->s_reserved_gdt_blocks)) { + ext3_warning(sb, __func__, + "No reserved GDT blocks, can't resize"); + return -EPERM; +diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c +index d1d6487..e45d086 100644 +--- a/fs/ext4/dir.c ++++ b/fs/ext4/dir.c +@@ -458,17 +458,8 @@ static int ext4_dx_readdir(struct file * filp, + if (info->extra_fname) { + if (call_filldir(filp, dirent, filldir, info->extra_fname)) + goto finished; +- + info->extra_fname = NULL; +- info->curr_node = rb_next(info->curr_node); +- if (!info->curr_node) { +- if (info->next_hash == ~0) { +- filp->f_pos = EXT4_HTREE_EOF; +- goto finished; +- } +- info->curr_hash = info->next_hash; +- info->curr_minor_hash = 0; +- } ++ goto next_node; + } else if (!info->curr_node) + info->curr_node = rb_first(&info->root); + +@@ -500,9 +491,14 @@ static int ext4_dx_readdir(struct file * filp, + info->curr_minor_hash = fname->minor_hash; + if (call_filldir(filp, dirent, filldir, fname)) + break; +- ++ next_node: + info->curr_node = rb_next(info->curr_node); +- if (!info->curr_node) { ++ if (info->curr_node) { ++ fname = rb_entry(info->curr_node, struct fname, ++ rb_hash); ++ info->curr_hash = fname->hash; ++ info->curr_minor_hash = fname->minor_hash; ++ } else { + if (info->next_hash == ~0) { + filp->f_pos = EXT4_HTREE_EOF; + break; +diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h +index 2950032..4829dac 100644 +--- a/fs/ext4/ext4.h ++++ b/fs/ext4/ext4.h +@@ -291,8 +291,6 @@ struct ext4_new_group_data { + #define EXT4_IOC_SETFLAGS FS_IOC_SETFLAGS + #define EXT4_IOC_GETVERSION _IOR('f', 3, long) + #define EXT4_IOC_SETVERSION _IOW('f', 4, long) +-#define EXT4_IOC_GROUP_EXTEND _IOW('f', 7, unsigned long) +-#define EXT4_IOC_GROUP_ADD _IOW('f', 8,struct ext4_new_group_input) + #define EXT4_IOC_GETVERSION_OLD FS_IOC_GETVERSION + #define EXT4_IOC_SETVERSION_OLD FS_IOC_SETVERSION + #ifdef CONFIG_JBD2_DEBUG +@@ -300,7 +298,10 @@ struct ext4_new_group_data { + #endif + #define EXT4_IOC_GETRSVSZ _IOR('f', 5, long) + #define EXT4_IOC_SETRSVSZ _IOW('f', 6, long) +-#define EXT4_IOC_MIGRATE _IO('f', 7) ++#define EXT4_IOC_GROUP_EXTEND _IOW('f', 7, unsigned long) ++#define EXT4_IOC_GROUP_ADD _IOW('f', 8, struct ext4_new_group_input) ++#define EXT4_IOC_MIGRATE _IO('f', 9) ++ /* note ioctl 11 reserved for filesystem-independent FIEMAP ioctl */ + + /* + * ioctl commands in 32 bit emulation +@@ -1083,8 +1084,7 @@ extern long ext4_ioctl(struct file *, unsigned int, unsigned long); + extern long ext4_compat_ioctl (struct file *, unsigned int, unsigned long); + + /* migrate.c */ +-extern int ext4_ext_migrate(struct inode *, struct file *, unsigned int, +- unsigned long); ++extern int ext4_ext_migrate(struct inode *); + /* namei.c */ + extern int ext4_orphan_add(handle_t *, struct inode *); + extern int ext4_orphan_del(handle_t *, struct inode *); +diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c +index f344834..9805924 100644 +--- a/fs/ext4/ialloc.c ++++ b/fs/ext4/ialloc.c +@@ -715,6 +715,8 @@ got: + gdp->bg_flags &= cpu_to_le16(~EXT4_BG_BLOCK_UNINIT); + free = ext4_free_blocks_after_init(sb, group, gdp); + gdp->bg_free_blocks_count = cpu_to_le16(free); ++ gdp->bg_checksum = ext4_group_desc_csum(sbi, group, ++ gdp); + } + spin_unlock(sb_bgl_lock(sbi, group)); + +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c +index 7e91913..846a790 100644 +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -2242,6 +2242,8 @@ static int ext4_da_writepage(struct page *page, + unlock_page(page); + return 0; + } ++ /* now mark the buffer_heads as dirty and uptodate */ ++ block_commit_write(page, 0, PAGE_CACHE_SIZE); + } + + if (test_opt(inode->i_sb, NOBH) && ext4_should_writeback_data(inode)) +@@ -4444,9 +4446,10 @@ static int ext4_indirect_trans_blocks(struct inode *inode, int nrblocks, + static int ext4_index_trans_blocks(struct inode *inode, int nrblocks, int chunk) + { + if (!(EXT4_I(inode)->i_flags & EXT4_EXTENTS_FL)) +- return ext4_indirect_trans_blocks(inode, nrblocks, 0); +- return ext4_ext_index_trans_blocks(inode, nrblocks, 0); ++ return ext4_indirect_trans_blocks(inode, nrblocks, chunk); ++ return ext4_ext_index_trans_blocks(inode, nrblocks, chunk); + } ++ + /* + * Account for index blocks, block groups bitmaps and block group + * descriptor blocks if modify datablocks and index blocks +diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c +index 7a6c2f1..306bfd4 100644 +--- a/fs/ext4/ioctl.c ++++ b/fs/ext4/ioctl.c +@@ -267,7 +267,26 @@ setversion_out: + } + + case EXT4_IOC_MIGRATE: +- return ext4_ext_migrate(inode, filp, cmd, arg); ++ { ++ int err; ++ if (!is_owner_or_cap(inode)) ++ return -EACCES; ++ ++ err = mnt_want_write(filp->f_path.mnt); ++ if (err) ++ return err; ++ /* ++ * inode_mutex prevent write and truncate on the file. ++ * Read still goes through. We take i_data_sem in ++ * ext4_ext_swap_inode_data before we switch the ++ * inode format to prevent read. ++ */ ++ mutex_lock(&(inode->i_mutex)); ++ err = ext4_ext_migrate(inode); ++ mutex_unlock(&(inode->i_mutex)); ++ mnt_drop_write(filp->f_path.mnt); ++ return err; ++ } + + default: + return -ENOTTY; +diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c +index e0e3a5e..ba86b56 100644 +--- a/fs/ext4/mballoc.c ++++ b/fs/ext4/mballoc.c +@@ -2575,7 +2575,7 @@ static void ext4_mb_cleanup_pa(struct ext4_group_info *grp) + pa = list_entry(cur, struct ext4_prealloc_space, pa_group_list); + list_del(&pa->pa_group_list); + count++; +- kfree(pa); ++ kmem_cache_free(ext4_pspace_cachep, pa); + } + if (count) + mb_debug("mballoc: %u PAs left\n", count); +@@ -2785,14 +2785,20 @@ static int ext4_mb_init_per_dev_proc(struct super_block *sb) + mode_t mode = S_IFREG | S_IRUGO | S_IWUSR; + struct ext4_sb_info *sbi = EXT4_SB(sb); + struct proc_dir_entry *proc; +- char devname[64]; ++ char devname[BDEVNAME_SIZE], *p; + + if (proc_root_ext4 == NULL) { + sbi->s_mb_proc = NULL; + return -EINVAL; + } + bdevname(sb->s_bdev, devname); ++ p = devname; ++ while ((p = strchr(p, '/'))) ++ *p = '!'; ++ + sbi->s_mb_proc = proc_mkdir(devname, proc_root_ext4); ++ if (!sbi->s_mb_proc) ++ goto err_create_dir; + + MB_PROC_HANDLER(EXT4_MB_STATS_NAME, stats); + MB_PROC_HANDLER(EXT4_MB_MAX_TO_SCAN_NAME, max_to_scan); +@@ -2804,7 +2810,6 @@ static int ext4_mb_init_per_dev_proc(struct super_block *sb) + return 0; + + err_out: +- printk(KERN_ERR "EXT4-fs: Unable to create %s\n", devname); + remove_proc_entry(EXT4_MB_GROUP_PREALLOC, sbi->s_mb_proc); + remove_proc_entry(EXT4_MB_STREAM_REQ, sbi->s_mb_proc); + remove_proc_entry(EXT4_MB_ORDER2_REQ, sbi->s_mb_proc); +@@ -2813,6 +2818,8 @@ err_out: + remove_proc_entry(EXT4_MB_STATS_NAME, sbi->s_mb_proc); + remove_proc_entry(devname, proc_root_ext4); + sbi->s_mb_proc = NULL; ++err_create_dir: ++ printk(KERN_ERR "EXT4-fs: Unable to create %s\n", devname); + + return -ENOMEM; + } +@@ -2820,12 +2827,15 @@ err_out: + static int ext4_mb_destroy_per_dev_proc(struct super_block *sb) + { + struct ext4_sb_info *sbi = EXT4_SB(sb); +- char devname[64]; ++ char devname[BDEVNAME_SIZE], *p; + + if (sbi->s_mb_proc == NULL) + return -EINVAL; + + bdevname(sb->s_bdev, devname); ++ p = devname; ++ while ((p = strchr(p, '/'))) ++ *p = '!'; + remove_proc_entry(EXT4_MB_GROUP_PREALLOC, sbi->s_mb_proc); + remove_proc_entry(EXT4_MB_STREAM_REQ, sbi->s_mb_proc); + remove_proc_entry(EXT4_MB_ORDER2_REQ, sbi->s_mb_proc); +diff --git a/fs/ext4/migrate.c b/fs/ext4/migrate.c +index 46fc0b5..f2a9cf4 100644 +--- a/fs/ext4/migrate.c ++++ b/fs/ext4/migrate.c +@@ -447,8 +447,7 @@ static int free_ext_block(handle_t *handle, struct inode *inode) + + } + +-int ext4_ext_migrate(struct inode *inode, struct file *filp, +- unsigned int cmd, unsigned long arg) ++int ext4_ext_migrate(struct inode *inode) + { + handle_t *handle; + int retval = 0, i; +@@ -516,12 +515,6 @@ int ext4_ext_migrate(struct inode *inode, struct file *filp, + * when we add extents we extent the journal + */ + /* +- * inode_mutex prevent write and truncate on the file. Read still goes +- * through. We take i_data_sem in ext4_ext_swap_inode_data before we +- * switch the inode format to prevent read. +- */ +- mutex_lock(&(inode->i_mutex)); +- /* + * Even though we take i_mutex we can still cause block allocation + * via mmap write to holes. If we have allocated new blocks we fail + * migrate. New block allocation will clear EXT4_EXT_MIGRATE flag. +@@ -623,7 +616,6 @@ err_out: + tmp_inode->i_nlink = 0; + + ext4_journal_stop(handle); +- mutex_unlock(&(inode->i_mutex)); + + if (tmp_inode) + iput(tmp_inode); +diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c +index b3d3560..3922a8b 100644 +--- a/fs/ext4/resize.c ++++ b/fs/ext4/resize.c +@@ -929,6 +929,15 @@ int ext4_group_add(struct super_block *sb, struct ext4_new_group_data *input) + percpu_counter_add(&sbi->s_freeinodes_counter, + EXT4_INODES_PER_GROUP(sb)); + ++ if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FLEX_BG)) { ++ ext4_group_t flex_group; ++ flex_group = ext4_flex_group(sbi, input->group); ++ sbi->s_flex_groups[flex_group].free_blocks += ++ input->free_blocks_count; ++ sbi->s_flex_groups[flex_group].free_inodes += ++ EXT4_INODES_PER_GROUP(sb); ++ } ++ + ext4_journal_dirty_metadata(handle, sbi->s_sbh); + sb->s_dirt = 1; + +diff --git a/fs/ext4/super.c b/fs/ext4/super.c +index 566344b..7726e8e 100644 +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -1504,8 +1504,10 @@ static int ext4_fill_flex_info(struct super_block *sb) + sbi->s_log_groups_per_flex = sbi->s_es->s_log_groups_per_flex; + groups_per_flex = 1 << sbi->s_log_groups_per_flex; + +- flex_group_count = (sbi->s_groups_count + groups_per_flex - 1) / +- groups_per_flex; ++ /* We allocate both existing and potentially added groups */ ++ flex_group_count = ((sbi->s_groups_count + groups_per_flex - 1) + ++ ((le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks) + 1) << ++ EXT4_DESC_PER_BLOCK_BITS(sb))) / groups_per_flex; + sbi->s_flex_groups = kzalloc(flex_group_count * + sizeof(struct flex_groups), GFP_KERNEL); + if (sbi->s_flex_groups == NULL) { +@@ -1623,8 +1625,10 @@ static int ext4_check_descriptors(struct super_block *sb) + "Checksum for group %lu failed (%u!=%u)\n", + i, le16_to_cpu(ext4_group_desc_csum(sbi, i, + gdp)), le16_to_cpu(gdp->bg_checksum)); +- if (!(sb->s_flags & MS_RDONLY)) ++ if (!(sb->s_flags & MS_RDONLY)) { ++ spin_unlock(sb_bgl_lock(sbi, i)); + return 0; ++ } + } + spin_unlock(sb_bgl_lock(sbi, i)); + if (!flexbg_flag) +@@ -2444,6 +2448,21 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) + "available.\n"); + } + ++ if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_JOURNAL_DATA) { ++ printk(KERN_WARNING "EXT4-fs: Ignoring delalloc option - " ++ "requested data journaling mode\n"); ++ clear_opt(sbi->s_mount_opt, DELALLOC); ++ } else if (test_opt(sb, DELALLOC)) ++ printk(KERN_INFO "EXT4-fs: delayed allocation enabled\n"); ++ ++ ext4_ext_init(sb); ++ err = ext4_mb_init(sb, needs_recovery); ++ if (err) { ++ printk(KERN_ERR "EXT4-fs: failed to initalize mballoc (%d)\n", ++ err); ++ goto failed_mount4; ++ } ++ + /* + * akpm: core read_super() calls in here with the superblock locked. + * That deadlocks, because orphan cleanup needs to lock the superblock +@@ -2463,16 +2482,6 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) + test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_ORDERED_DATA ? "ordered": + "writeback"); + +- if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_JOURNAL_DATA) { +- printk(KERN_WARNING "EXT4-fs: Ignoring delalloc option - " +- "requested data journaling mode\n"); +- clear_opt(sbi->s_mount_opt, DELALLOC); +- } else if (test_opt(sb, DELALLOC)) +- printk(KERN_INFO "EXT4-fs: delayed allocation enabled\n"); +- +- ext4_ext_init(sb); +- ext4_mb_init(sb, needs_recovery); +- + lock_kernel(); + return 0; + +@@ -2799,13 +2808,34 @@ static void ext4_commit_super(struct super_block *sb, + + if (!sbh) + return; ++ if (buffer_write_io_error(sbh)) { ++ /* ++ * Oh, dear. A previous attempt to write the ++ * superblock failed. This could happen because the ++ * USB device was yanked out. Or it could happen to ++ * be a transient write error and maybe the block will ++ * be remapped. Nothing we can do but to retry the ++ * write and hope for the best. ++ */ ++ printk(KERN_ERR "ext4: previous I/O error to " ++ "superblock detected for %s.\n", sb->s_id); ++ clear_buffer_write_io_error(sbh); ++ set_buffer_uptodate(sbh); ++ } + es->s_wtime = cpu_to_le32(get_seconds()); + ext4_free_blocks_count_set(es, ext4_count_free_blocks(sb)); + es->s_free_inodes_count = cpu_to_le32(ext4_count_free_inodes(sb)); + BUFFER_TRACE(sbh, "marking dirty"); + mark_buffer_dirty(sbh); +- if (sync) ++ if (sync) { + sync_dirty_buffer(sbh); ++ if (buffer_write_io_error(sbh)) { ++ printk(KERN_ERR "ext4: I/O error while writing " ++ "superblock for %s.\n", sb->s_id); ++ clear_buffer_write_io_error(sbh); ++ set_buffer_uptodate(sbh); ++ } ++ } + } + + +@@ -2890,12 +2920,9 @@ int ext4_force_commit(struct super_block *sb) + /* + * Ext4 always journals updates to the superblock itself, so we don't + * have to propagate any other updates to the superblock on disk at this +- * point. Just start an async writeback to get the buffers on their way +- * to the disk. +- * +- * This implicitly triggers the writebehind on sync(). ++ * point. (We can probably nuke this function altogether, and remove ++ * any mention to sb->s_dirt in all of fs/ext4; eventual cleanup...) + */ +- + static void ext4_write_super(struct super_block *sb) + { + if (mutex_trylock(&sb->s_lock) != 0) +@@ -2905,14 +2932,14 @@ static void ext4_write_super(struct super_block *sb) + + static int ext4_sync_fs(struct super_block *sb, int wait) + { +- tid_t target; ++ int ret = 0; + + sb->s_dirt = 0; +- if (jbd2_journal_start_commit(EXT4_SB(sb)->s_journal, &target)) { +- if (wait) +- jbd2_log_wait_commit(EXT4_SB(sb)->s_journal, target); +- } +- return 0; ++ if (wait) ++ ret = ext4_force_commit(sb); ++ else ++ jbd2_journal_start_commit(EXT4_SB(sb)->s_journal, NULL); ++ return ret; + } + + /* +diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c +index 8954208..362b0ed 100644 +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -959,6 +959,7 @@ ext4_xattr_set_handle(handle_t *handle, struct inode *inode, int name_index, + struct ext4_xattr_block_find bs = { + .s = { .not_found = -ENODATA, }, + }; ++ unsigned long no_expand; + int error; + + if (!name) +@@ -966,6 +967,9 @@ ext4_xattr_set_handle(handle_t *handle, struct inode *inode, int name_index, + if (strlen(name) > 255) + return -ERANGE; + down_write(&EXT4_I(inode)->xattr_sem); ++ no_expand = EXT4_I(inode)->i_state & EXT4_STATE_NO_EXPAND; ++ EXT4_I(inode)->i_state |= EXT4_STATE_NO_EXPAND; ++ + error = ext4_get_inode_loc(inode, &is.iloc); + if (error) + goto cleanup; +@@ -1042,6 +1046,8 @@ ext4_xattr_set_handle(handle_t *handle, struct inode *inode, int name_index, + cleanup: + brelse(is.iloc.bh); + brelse(bs.bh); ++ if (no_expand == 0) ++ EXT4_I(inode)->i_state &= ~EXT4_STATE_NO_EXPAND; + up_write(&EXT4_I(inode)->xattr_sem); + return error; + } +diff --git a/fs/inotify.c b/fs/inotify.c +index 690e725..7bbed1b 100644 +--- a/fs/inotify.c ++++ b/fs/inotify.c +@@ -106,6 +106,20 @@ void get_inotify_watch(struct inotify_watch *watch) + } + EXPORT_SYMBOL_GPL(get_inotify_watch); + ++int pin_inotify_watch(struct inotify_watch *watch) ++{ ++ struct super_block *sb = watch->inode->i_sb; ++ spin_lock(&sb_lock); ++ if (sb->s_count >= S_BIAS) { ++ atomic_inc(&sb->s_active); ++ spin_unlock(&sb_lock); ++ atomic_inc(&watch->count); ++ return 1; ++ } ++ spin_unlock(&sb_lock); ++ return 0; ++} ++ + /** + * put_inotify_watch - decrements the ref count on a given watch. cleans up + * watch references if the count reaches zero. inotify_watch is freed by +@@ -124,6 +138,13 @@ void put_inotify_watch(struct inotify_watch *watch) + } + EXPORT_SYMBOL_GPL(put_inotify_watch); + ++void unpin_inotify_watch(struct inotify_watch *watch) ++{ ++ struct super_block *sb = watch->inode->i_sb; ++ put_inotify_watch(watch); ++ deactivate_super(sb); ++} ++ + /* + * inotify_handle_get_wd - returns the next WD for use by the given handle + * +@@ -479,6 +500,112 @@ void inotify_init_watch(struct inotify_watch *watch) + } + EXPORT_SYMBOL_GPL(inotify_init_watch); + ++/* ++ * Watch removals suck violently. To kick the watch out we need (in this ++ * order) inode->inotify_mutex and ih->mutex. That's fine if we have ++ * a hold on inode; however, for all other cases we need to make damn sure ++ * we don't race with umount. We can *NOT* just grab a reference to a ++ * watch - inotify_unmount_inodes() will happily sail past it and we'll end ++ * with reference to inode potentially outliving its superblock. Ideally ++ * we just want to grab an active reference to superblock if we can; that ++ * will make sure we won't go into inotify_umount_inodes() until we are ++ * done. Cleanup is just deactivate_super(). However, that leaves a messy ++ * case - what if we *are* racing with umount() and active references to ++ * superblock can't be acquired anymore? We can bump ->s_count, grab ++ * ->s_umount, which will almost certainly wait until the superblock is shut ++ * down and the watch in question is pining for fjords. That's fine, but ++ * there is a problem - we might have hit the window between ->s_active ++ * getting to 0 / ->s_count - below S_BIAS (i.e. the moment when superblock ++ * is past the point of no return and is heading for shutdown) and the ++ * moment when deactivate_super() acquires ->s_umount. We could just do ++ * drop_super() yield() and retry, but that's rather antisocial and this ++ * stuff is luser-triggerable. OTOH, having grabbed ->s_umount and having ++ * found that we'd got there first (i.e. that ->s_root is non-NULL) we know ++ * that we won't race with inotify_umount_inodes(). So we could grab a ++ * reference to watch and do the rest as above, just with drop_super() instead ++ * of deactivate_super(), right? Wrong. We had to drop ih->mutex before we ++ * could grab ->s_umount. So the watch could've been gone already. ++ * ++ * That still can be dealt with - we need to save watch->wd, do idr_find() ++ * and compare its result with our pointer. If they match, we either have ++ * the damn thing still alive or we'd lost not one but two races at once, ++ * the watch had been killed and a new one got created with the same ->wd ++ * at the same address. That couldn't have happened in inotify_destroy(), ++ * but inotify_rm_wd() could run into that. Still, "new one got created" ++ * is not a problem - we have every right to kill it or leave it alone, ++ * whatever's more convenient. ++ * ++ * So we can use idr_find(...) == watch && watch->inode->i_sb == sb as ++ * "grab it and kill it" check. If it's been our original watch, we are ++ * fine, if it's a newcomer - nevermind, just pretend that we'd won the ++ * race and kill the fscker anyway; we are safe since we know that its ++ * superblock won't be going away. ++ * ++ * And yes, this is far beyond mere "not very pretty"; so's the entire ++ * concept of inotify to start with. ++ */ ++ ++/** ++ * pin_to_kill - pin the watch down for removal ++ * @ih: inotify handle ++ * @watch: watch to kill ++ * ++ * Called with ih->mutex held, drops it. Possible return values: ++ * 0 - nothing to do, it has died ++ * 1 - remove it, drop the reference and deactivate_super() ++ * 2 - remove it, drop the reference and drop_super(); we tried hard to avoid ++ * that variant, since it involved a lot of PITA, but that's the best that ++ * could've been done. ++ */ ++static int pin_to_kill(struct inotify_handle *ih, struct inotify_watch *watch) ++{ ++ struct super_block *sb = watch->inode->i_sb; ++ s32 wd = watch->wd; ++ ++ spin_lock(&sb_lock); ++ if (sb->s_count >= S_BIAS) { ++ atomic_inc(&sb->s_active); ++ spin_unlock(&sb_lock); ++ get_inotify_watch(watch); ++ mutex_unlock(&ih->mutex); ++ return 1; /* the best outcome */ ++ } ++ sb->s_count++; ++ spin_unlock(&sb_lock); ++ mutex_unlock(&ih->mutex); /* can't grab ->s_umount under it */ ++ down_read(&sb->s_umount); ++ if (likely(!sb->s_root)) { ++ /* fs is already shut down; the watch is dead */ ++ drop_super(sb); ++ return 0; ++ } ++ /* raced with the final deactivate_super() */ ++ mutex_lock(&ih->mutex); ++ if (idr_find(&ih->idr, wd) != watch || watch->inode->i_sb != sb) { ++ /* the watch is dead */ ++ mutex_unlock(&ih->mutex); ++ drop_super(sb); ++ return 0; ++ } ++ /* still alive or freed and reused with the same sb and wd; kill */ ++ get_inotify_watch(watch); ++ mutex_unlock(&ih->mutex); ++ return 2; ++} ++ ++static void unpin_and_kill(struct inotify_watch *watch, int how) ++{ ++ struct super_block *sb = watch->inode->i_sb; ++ put_inotify_watch(watch); ++ switch (how) { ++ case 1: ++ deactivate_super(sb); ++ break; ++ case 2: ++ drop_super(sb); ++ } ++} ++ + /** + * inotify_destroy - clean up and destroy an inotify instance + * @ih: inotify handle +@@ -490,11 +617,15 @@ void inotify_destroy(struct inotify_handle *ih) + * pretty. We cannot do a simple iteration over the list, because we + * do not know the inode until we iterate to the watch. But we need to + * hold inode->inotify_mutex before ih->mutex. The following works. ++ * ++ * AV: it had to become even uglier to start working ;-/ + */ + while (1) { + struct inotify_watch *watch; + struct list_head *watches; ++ struct super_block *sb; + struct inode *inode; ++ int how; + + mutex_lock(&ih->mutex); + watches = &ih->watches; +@@ -503,8 +634,10 @@ void inotify_destroy(struct inotify_handle *ih) + break; + } + watch = list_first_entry(watches, struct inotify_watch, h_list); +- get_inotify_watch(watch); +- mutex_unlock(&ih->mutex); ++ sb = watch->inode->i_sb; ++ how = pin_to_kill(ih, watch); ++ if (!how) ++ continue; + + inode = watch->inode; + mutex_lock(&inode->inotify_mutex); +@@ -518,7 +651,7 @@ void inotify_destroy(struct inotify_handle *ih) + + mutex_unlock(&ih->mutex); + mutex_unlock(&inode->inotify_mutex); +- put_inotify_watch(watch); ++ unpin_and_kill(watch, how); + } + + /* free this handle: the put matching the get in inotify_init() */ +@@ -719,7 +852,9 @@ void inotify_evict_watch(struct inotify_watch *watch) + int inotify_rm_wd(struct inotify_handle *ih, u32 wd) + { + struct inotify_watch *watch; ++ struct super_block *sb; + struct inode *inode; ++ int how; + + mutex_lock(&ih->mutex); + watch = idr_find(&ih->idr, wd); +@@ -727,9 +862,12 @@ int inotify_rm_wd(struct inotify_handle *ih, u32 wd) + mutex_unlock(&ih->mutex); + return -EINVAL; + } +- get_inotify_watch(watch); ++ sb = watch->inode->i_sb; ++ how = pin_to_kill(ih, watch); ++ if (!how) ++ return 0; ++ + inode = watch->inode; +- mutex_unlock(&ih->mutex); + + mutex_lock(&inode->inotify_mutex); + mutex_lock(&ih->mutex); +@@ -740,7 +878,7 @@ int inotify_rm_wd(struct inotify_handle *ih, u32 wd) + + mutex_unlock(&ih->mutex); + mutex_unlock(&inode->inotify_mutex); +- put_inotify_watch(watch); ++ unpin_and_kill(watch, how); + + return 0; + } +diff --git a/fs/jbd/transaction.c b/fs/jbd/transaction.c +index 0540ca2..d15cd6e 100644 +--- a/fs/jbd/transaction.c ++++ b/fs/jbd/transaction.c +@@ -954,9 +954,10 @@ int journal_dirty_data(handle_t *handle, struct buffer_head *bh) + journal_t *journal = handle->h_transaction->t_journal; + int need_brelse = 0; + struct journal_head *jh; ++ int ret = 0; + + if (is_handle_aborted(handle)) +- return 0; ++ return ret; + + jh = journal_add_journal_head(bh); + JBUFFER_TRACE(jh, "entry"); +@@ -1067,7 +1068,16 @@ int journal_dirty_data(handle_t *handle, struct buffer_head *bh) + time if it is redirtied */ + } + +- /* journal_clean_data_list() may have got there first */ ++ /* ++ * We cannot remove the buffer with io error from the ++ * committing transaction, because otherwise it would ++ * miss the error and the commit would not abort. ++ */ ++ if (unlikely(!buffer_uptodate(bh))) { ++ ret = -EIO; ++ goto no_journal; ++ } ++ + if (jh->b_transaction != NULL) { + JBUFFER_TRACE(jh, "unfile from commit"); + __journal_temp_unlink_buffer(jh); +@@ -1108,7 +1118,7 @@ no_journal: + } + JBUFFER_TRACE(jh, "exit"); + journal_put_journal_head(jh); +- return 0; ++ return ret; + } + + /** +diff --git a/fs/jbd2/checkpoint.c b/fs/jbd2/checkpoint.c +index 91389c8..77255a3 100644 +--- a/fs/jbd2/checkpoint.c ++++ b/fs/jbd2/checkpoint.c +@@ -114,7 +114,7 @@ static int __try_to_free_cp_buf(struct journal_head *jh) + */ + void __jbd2_log_wait_for_space(journal_t *journal) + { +- int nblocks; ++ int nblocks, space_left; + assert_spin_locked(&journal->j_state_lock); + + nblocks = jbd_space_needed(journal); +@@ -126,14 +126,47 @@ void __jbd2_log_wait_for_space(journal_t *journal) + + /* + * Test again, another process may have checkpointed while we +- * were waiting for the checkpoint lock ++ * were waiting for the checkpoint lock. If there are no ++ * transactions ready to be checkpointed, try to recover ++ * journal space by calling cleanup_journal_tail(), and if ++ * that doesn't work, by waiting for the currently committing ++ * transaction to complete. If there is absolutely no way ++ * to make progress, this is either a BUG or corrupted ++ * filesystem, so abort the journal and leave a stack ++ * trace for forensic evidence. + */ + spin_lock(&journal->j_state_lock); ++ spin_lock(&journal->j_list_lock); + nblocks = jbd_space_needed(journal); +- if (__jbd2_log_space_left(journal) < nblocks) { ++ space_left = __jbd2_log_space_left(journal); ++ if (space_left < nblocks) { ++ int chkpt = journal->j_checkpoint_transactions != NULL; ++ tid_t tid = 0; ++ ++ if (journal->j_committing_transaction) ++ tid = journal->j_committing_transaction->t_tid; ++ spin_unlock(&journal->j_list_lock); + spin_unlock(&journal->j_state_lock); +- jbd2_log_do_checkpoint(journal); ++ if (chkpt) { ++ jbd2_log_do_checkpoint(journal); ++ } else if (jbd2_cleanup_journal_tail(journal) == 0) { ++ /* We were able to recover space; yay! */ ++ ; ++ } else if (tid) { ++ jbd2_log_wait_commit(journal, tid); ++ } else { ++ printk(KERN_ERR "%s: needed %d blocks and " ++ "only had %d space available\n", ++ __func__, nblocks, space_left); ++ printk(KERN_ERR "%s: no way to get more " ++ "journal space in %s\n", __func__, ++ journal->j_devname); ++ WARN_ON(1); ++ jbd2_journal_abort(journal, 0); ++ } + spin_lock(&journal->j_state_lock); ++ } else { ++ spin_unlock(&journal->j_list_lock); + } + mutex_unlock(&journal->j_checkpoint_mutex); + } +diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c +index f2ad061..6caf22d 100644 +--- a/fs/jbd2/commit.c ++++ b/fs/jbd2/commit.c +@@ -126,8 +126,7 @@ static int journal_submit_commit_record(journal_t *journal, + + JBUFFER_TRACE(descriptor, "submit commit block"); + lock_buffer(bh); +- get_bh(bh); +- set_buffer_dirty(bh); ++ clear_buffer_dirty(bh); + set_buffer_uptodate(bh); + bh->b_end_io = journal_end_buffer_io_sync; + +@@ -160,7 +159,7 @@ static int journal_submit_commit_record(journal_t *journal, + /* And try again, without the barrier */ + lock_buffer(bh); + set_buffer_uptodate(bh); +- set_buffer_dirty(bh); ++ clear_buffer_dirty(bh); + ret = submit_bh(WRITE, bh); + } + *cbh = bh; +diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c +index 8207a01..52d2bee 100644 +--- a/fs/jbd2/journal.c ++++ b/fs/jbd2/journal.c +@@ -901,10 +901,7 @@ static struct proc_dir_entry *proc_jbd2_stats; + + static void jbd2_stats_proc_init(journal_t *journal) + { +- char name[BDEVNAME_SIZE]; +- +- bdevname(journal->j_dev, name); +- journal->j_proc_entry = proc_mkdir(name, proc_jbd2_stats); ++ journal->j_proc_entry = proc_mkdir(journal->j_devname, proc_jbd2_stats); + if (journal->j_proc_entry) { + proc_create_data("history", S_IRUGO, journal->j_proc_entry, + &jbd2_seq_history_fops, journal); +@@ -915,12 +912,9 @@ static void jbd2_stats_proc_init(journal_t *journal) + + static void jbd2_stats_proc_exit(journal_t *journal) + { +- char name[BDEVNAME_SIZE]; +- +- bdevname(journal->j_dev, name); + remove_proc_entry("info", journal->j_proc_entry); + remove_proc_entry("history", journal->j_proc_entry); +- remove_proc_entry(name, proc_jbd2_stats); ++ remove_proc_entry(journal->j_devname, proc_jbd2_stats); + } + + static void journal_init_stats(journal_t *journal) +@@ -1018,6 +1012,7 @@ journal_t * jbd2_journal_init_dev(struct block_device *bdev, + { + journal_t *journal = journal_init_common(); + struct buffer_head *bh; ++ char *p; + int n; + + if (!journal) +@@ -1039,6 +1034,10 @@ journal_t * jbd2_journal_init_dev(struct block_device *bdev, + journal->j_fs_dev = fs_dev; + journal->j_blk_offset = start; + journal->j_maxlen = len; ++ bdevname(journal->j_dev, journal->j_devname); ++ p = journal->j_devname; ++ while ((p = strchr(p, '/'))) ++ *p = '!'; + jbd2_stats_proc_init(journal); + + bh = __getblk(journal->j_dev, start, journal->j_blocksize); +@@ -1061,6 +1060,7 @@ journal_t * jbd2_journal_init_inode (struct inode *inode) + { + struct buffer_head *bh; + journal_t *journal = journal_init_common(); ++ char *p; + int err; + int n; + unsigned long long blocknr; +@@ -1070,6 +1070,12 @@ journal_t * jbd2_journal_init_inode (struct inode *inode) + + journal->j_dev = journal->j_fs_dev = inode->i_sb->s_bdev; + journal->j_inode = inode; ++ bdevname(journal->j_dev, journal->j_devname); ++ p = journal->j_devname; ++ while ((p = strchr(p, '/'))) ++ *p = '!'; ++ p = journal->j_devname + strlen(journal->j_devname); ++ sprintf(p, ":%lu", journal->j_inode->i_ino); + jbd_debug(1, + "journal %p: inode %s/%ld, size %Ld, bits %d, blksize %ld\n", + journal, inode->i_sb->s_id, inode->i_ino, +@@ -1253,6 +1259,22 @@ void jbd2_journal_update_superblock(journal_t *journal, int wait) + goto out; + } + ++ if (buffer_write_io_error(bh)) { ++ /* ++ * Oh, dear. A previous attempt to write the journal ++ * superblock failed. This could happen because the ++ * USB device was yanked out. Or it could happen to ++ * be a transient write error and maybe the block will ++ * be remapped. Nothing we can do but to retry the ++ * write and hope for the best. ++ */ ++ printk(KERN_ERR "JBD2: previous I/O error detected " ++ "for journal superblock update for %s.\n", ++ journal->j_devname); ++ clear_buffer_write_io_error(bh); ++ set_buffer_uptodate(bh); ++ } ++ + spin_lock(&journal->j_state_lock); + jbd_debug(1,"JBD: updating superblock (start %ld, seq %d, errno %d)\n", + journal->j_tail, journal->j_tail_sequence, journal->j_errno); +@@ -1264,9 +1286,16 @@ void jbd2_journal_update_superblock(journal_t *journal, int wait) + + BUFFER_TRACE(bh, "marking dirty"); + mark_buffer_dirty(bh); +- if (wait) ++ if (wait) { + sync_dirty_buffer(bh); +- else ++ if (buffer_write_io_error(bh)) { ++ printk(KERN_ERR "JBD2: I/O error detected " ++ "when updating journal superblock for %s.\n", ++ journal->j_devname); ++ clear_buffer_write_io_error(bh); ++ set_buffer_uptodate(bh); ++ } ++ } else + ll_rw_block(SWRITE, 1, &bh); + + out: +diff --git a/include/asm-x86/mmzone_32.h b/include/asm-x86/mmzone_32.h +index 5862e64..eb77583 100644 +--- a/include/asm-x86/mmzone_32.h ++++ b/include/asm-x86/mmzone_32.h +@@ -34,10 +34,14 @@ static inline void get_memcfg_numa(void) + + extern int early_pfn_to_nid(unsigned long pfn); + ++extern void resume_map_numa_kva(pgd_t *pgd); ++ + #else /* !CONFIG_NUMA */ + + #define get_memcfg_numa get_memcfg_numa_flat + ++static inline void resume_map_numa_kva(pgd_t *pgd) {} ++ + #endif /* CONFIG_NUMA */ + + #ifdef CONFIG_DISCONTIGMEM +diff --git a/include/asm-x86/pci_64.h b/include/asm-x86/pci_64.h +index f330234..50d3df5 100644 +--- a/include/asm-x86/pci_64.h ++++ b/include/asm-x86/pci_64.h +@@ -34,8 +34,6 @@ extern void pci_iommu_alloc(void); + */ + #define PCI_DMA_BUS_IS_PHYS (dma_ops->is_phys) + +-#if defined(CONFIG_GART_IOMMU) || defined(CONFIG_CALGARY_IOMMU) +- + #define DECLARE_PCI_UNMAP_ADDR(ADDR_NAME) \ + dma_addr_t ADDR_NAME; + #define DECLARE_PCI_UNMAP_LEN(LEN_NAME) \ +@@ -49,18 +47,6 @@ extern void pci_iommu_alloc(void); + #define pci_unmap_len_set(PTR, LEN_NAME, VAL) \ + (((PTR)->LEN_NAME) = (VAL)) + +-#else +-/* No IOMMU */ +- +-#define DECLARE_PCI_UNMAP_ADDR(ADDR_NAME) +-#define DECLARE_PCI_UNMAP_LEN(LEN_NAME) +-#define pci_unmap_addr(PTR, ADDR_NAME) (0) +-#define pci_unmap_addr_set(PTR, ADDR_NAME, VAL) do { } while (0) +-#define pci_unmap_len(PTR, LEN_NAME) (0) +-#define pci_unmap_len_set(PTR, LEN_NAME, VAL) do { } while (0) +- +-#endif +- + #endif /* __KERNEL__ */ + + #endif /* __x8664_PCI_H */ +diff --git a/include/linux/idr.h b/include/linux/idr.h +index fa035f9..dd846df 100644 +--- a/include/linux/idr.h ++++ b/include/linux/idr.h +@@ -52,13 +52,14 @@ struct idr_layer { + unsigned long bitmap; /* A zero bit means "space here" */ + struct idr_layer *ary[1<kobj); ++} ++ + /* File state for mmap()s on /proc/bus/pci/X/Y */ + enum pci_mmap_state { + pci_mmap_io, +@@ -509,7 +514,8 @@ struct pci_bus *pci_create_bus(struct device *parent, int bus, + struct pci_bus *pci_add_new_bus(struct pci_bus *parent, struct pci_dev *dev, + int busnr); + struct pci_slot *pci_create_slot(struct pci_bus *parent, int slot_nr, +- const char *name); ++ const char *name, ++ struct hotplug_slot *hotplug); + void pci_destroy_slot(struct pci_slot *slot); + void pci_update_slot_number(struct pci_slot *slot, int slot_nr); + int pci_scan_slot(struct pci_bus *bus, int devfn); +diff --git a/include/linux/pci_hotplug.h b/include/linux/pci_hotplug.h +index a08cd06..a00bd1a 100644 +--- a/include/linux/pci_hotplug.h ++++ b/include/linux/pci_hotplug.h +@@ -142,8 +142,6 @@ struct hotplug_slot_info { + + /** + * struct hotplug_slot - used to register a physical slot with the hotplug pci core +- * @name: the name of the slot being registered. This string must +- * be unique amoung slots registered on this system. + * @ops: pointer to the &struct hotplug_slot_ops to be used for this slot + * @info: pointer to the &struct hotplug_slot_info for the initial values for + * this slot. +@@ -153,7 +151,6 @@ struct hotplug_slot_info { + * needs. + */ + struct hotplug_slot { +- char *name; + struct hotplug_slot_ops *ops; + struct hotplug_slot_info *info; + void (*release) (struct hotplug_slot *slot); +@@ -165,7 +162,13 @@ struct hotplug_slot { + }; + #define to_hotplug_slot(n) container_of(n, struct hotplug_slot, kobj) + +-extern int pci_hp_register(struct hotplug_slot *, struct pci_bus *, int nr); ++static inline const char *hotplug_slot_name(const struct hotplug_slot *slot) ++{ ++ return pci_slot_name(slot->pci_slot); ++} ++ ++extern int pci_hp_register(struct hotplug_slot *, struct pci_bus *, int nr, ++ const char *name); + extern int pci_hp_deregister(struct hotplug_slot *slot); + extern int __must_check pci_hp_change_slot_info (struct hotplug_slot *slot, + struct hotplug_slot_info *info); +diff --git a/include/linux/sched.h b/include/linux/sched.h +index 6bfb849..086f5e1 100644 +--- a/include/linux/sched.h ++++ b/include/linux/sched.h +@@ -587,6 +587,10 @@ struct user_struct { + atomic_t inotify_watches; /* How many inotify watches does this user have? */ + atomic_t inotify_devs; /* How many inotify devs does this user have opened? */ + #endif ++#ifdef CONFIG_EPOLL ++ atomic_t epoll_devs; /* The number of epoll descriptors currently open */ ++ atomic_t epoll_watches; /* The number of file descriptors currently watched */ ++#endif + #ifdef CONFIG_POSIX_MQUEUE + /* protected by mq_lock */ + unsigned long mq_bytes; /* How many bytes can be allocated to mqueue? */ +diff --git a/include/net/af_unix.h b/include/net/af_unix.h +index c29ff1d..1614d78 100644 +--- a/include/net/af_unix.h ++++ b/include/net/af_unix.h +@@ -9,6 +9,7 @@ + extern void unix_inflight(struct file *fp); + extern void unix_notinflight(struct file *fp); + extern void unix_gc(void); ++extern void wait_for_unix_gc(void); + + #define UNIX_HASH_SIZE 256 + +diff --git a/ipc/util.c b/ipc/util.c +index 49b3ea6..361fd1c 100644 +--- a/ipc/util.c ++++ b/ipc/util.c +@@ -266,9 +266,17 @@ int ipc_addid(struct ipc_ids* ids, struct kern_ipc_perm* new, int size) + if (ids->in_use >= size) + return -ENOSPC; + ++ spin_lock_init(&new->lock); ++ new->deleted = 0; ++ rcu_read_lock(); ++ spin_lock(&new->lock); ++ + err = idr_get_new(&ids->ipcs_idr, new, &id); +- if (err) ++ if (err) { ++ spin_unlock(&new->lock); ++ rcu_read_unlock(); + return err; ++ } + + ids->in_use++; + +@@ -280,10 +288,6 @@ int ipc_addid(struct ipc_ids* ids, struct kern_ipc_perm* new, int size) + ids->seq = 0; + + new->id = ipc_buildid(id, new->seq); +- spin_lock_init(&new->lock); +- new->deleted = 0; +- rcu_read_lock(); +- spin_lock(&new->lock); + return id; + } + +diff --git a/kernel/Makefile b/kernel/Makefile +index 4e1d7df..143e8b6 100644 +--- a/kernel/Makefile ++++ b/kernel/Makefile +@@ -11,8 +11,6 @@ obj-y = sched.o fork.o exec_domain.o panic.o printk.o \ + hrtimer.o rwsem.o nsproxy.o srcu.o semaphore.o \ + notifier.o ksysfs.o pm_qos_params.o sched_clock.o + +-CFLAGS_REMOVE_sched.o = -mno-spe +- + ifdef CONFIG_FTRACE + # Do not trace debug files and internal ftrace files + CFLAGS_REMOVE_lockdep.o = -pg +@@ -21,7 +19,7 @@ CFLAGS_REMOVE_mutex-debug.o = -pg + CFLAGS_REMOVE_rtmutex-debug.o = -pg + CFLAGS_REMOVE_cgroup-debug.o = -pg + CFLAGS_REMOVE_sched_clock.o = -pg +-CFLAGS_REMOVE_sched.o = -mno-spe -pg ++CFLAGS_REMOVE_sched.o = -pg + endif + + obj-$(CONFIG_PROFILING) += profile.o +diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c +index f7921a2..894b599 100644 +--- a/kernel/audit_tree.c ++++ b/kernel/audit_tree.c +@@ -24,6 +24,7 @@ struct audit_chunk { + struct list_head trees; /* with root here */ + int dead; + int count; ++ atomic_long_t refs; + struct rcu_head head; + struct node { + struct list_head list; +@@ -56,7 +57,8 @@ static LIST_HEAD(prune_list); + * tree is refcounted; one reference for "some rules on rules_list refer to + * it", one for each chunk with pointer to it. + * +- * chunk is refcounted by embedded inotify_watch. ++ * chunk is refcounted by embedded inotify_watch + .refs (non-zero refcount ++ * of watch contributes 1 to .refs). + * + * node.index allows to get from node.list to containing chunk. + * MSB of that sucker is stolen to mark taggings that we might have to +@@ -121,6 +123,7 @@ static struct audit_chunk *alloc_chunk(int count) + INIT_LIST_HEAD(&chunk->hash); + INIT_LIST_HEAD(&chunk->trees); + chunk->count = count; ++ atomic_long_set(&chunk->refs, 1); + for (i = 0; i < count; i++) { + INIT_LIST_HEAD(&chunk->owners[i].list); + chunk->owners[i].index = i; +@@ -129,9 +132,8 @@ static struct audit_chunk *alloc_chunk(int count) + return chunk; + } + +-static void __free_chunk(struct rcu_head *rcu) ++static void free_chunk(struct audit_chunk *chunk) + { +- struct audit_chunk *chunk = container_of(rcu, struct audit_chunk, head); + int i; + + for (i = 0; i < chunk->count; i++) { +@@ -141,14 +143,16 @@ static void __free_chunk(struct rcu_head *rcu) + kfree(chunk); + } + +-static inline void free_chunk(struct audit_chunk *chunk) ++void audit_put_chunk(struct audit_chunk *chunk) + { +- call_rcu(&chunk->head, __free_chunk); ++ if (atomic_long_dec_and_test(&chunk->refs)) ++ free_chunk(chunk); + } + +-void audit_put_chunk(struct audit_chunk *chunk) ++static void __put_chunk(struct rcu_head *rcu) + { +- put_inotify_watch(&chunk->watch); ++ struct audit_chunk *chunk = container_of(rcu, struct audit_chunk, head); ++ audit_put_chunk(chunk); + } + + enum {HASH_SIZE = 128}; +@@ -176,7 +180,7 @@ struct audit_chunk *audit_tree_lookup(const struct inode *inode) + + list_for_each_entry_rcu(p, list, hash) { + if (p->watch.inode == inode) { +- get_inotify_watch(&p->watch); ++ atomic_long_inc(&p->refs); + return p; + } + } +@@ -194,17 +198,49 @@ int audit_tree_match(struct audit_chunk *chunk, struct audit_tree *tree) + + /* tagging and untagging inodes with trees */ + +-static void untag_chunk(struct audit_chunk *chunk, struct node *p) ++static struct audit_chunk *find_chunk(struct node *p) ++{ ++ int index = p->index & ~(1U<<31); ++ p -= index; ++ return container_of(p, struct audit_chunk, owners[0]); ++} ++ ++static void untag_chunk(struct node *p) + { ++ struct audit_chunk *chunk = find_chunk(p); + struct audit_chunk *new; + struct audit_tree *owner; + int size = chunk->count - 1; + int i, j; + ++ if (!pin_inotify_watch(&chunk->watch)) { ++ /* ++ * Filesystem is shutting down; all watches are getting ++ * evicted, just take it off the node list for this ++ * tree and let the eviction logics take care of the ++ * rest. ++ */ ++ owner = p->owner; ++ if (owner->root == chunk) { ++ list_del_init(&owner->same_root); ++ owner->root = NULL; ++ } ++ list_del_init(&p->list); ++ p->owner = NULL; ++ put_tree(owner); ++ return; ++ } ++ ++ spin_unlock(&hash_lock); ++ ++ /* ++ * pin_inotify_watch() succeeded, so the watch won't go away ++ * from under us. ++ */ + mutex_lock(&chunk->watch.inode->inotify_mutex); + if (chunk->dead) { + mutex_unlock(&chunk->watch.inode->inotify_mutex); +- return; ++ goto out; + } + + owner = p->owner; +@@ -221,7 +257,7 @@ static void untag_chunk(struct audit_chunk *chunk, struct node *p) + inotify_evict_watch(&chunk->watch); + mutex_unlock(&chunk->watch.inode->inotify_mutex); + put_inotify_watch(&chunk->watch); +- return; ++ goto out; + } + + new = alloc_chunk(size); +@@ -263,7 +299,7 @@ static void untag_chunk(struct audit_chunk *chunk, struct node *p) + inotify_evict_watch(&chunk->watch); + mutex_unlock(&chunk->watch.inode->inotify_mutex); + put_inotify_watch(&chunk->watch); +- return; ++ goto out; + + Fallback: + // do the best we can +@@ -277,6 +313,9 @@ Fallback: + put_tree(owner); + spin_unlock(&hash_lock); + mutex_unlock(&chunk->watch.inode->inotify_mutex); ++out: ++ unpin_inotify_watch(&chunk->watch); ++ spin_lock(&hash_lock); + } + + static int create_chunk(struct inode *inode, struct audit_tree *tree) +@@ -387,13 +426,6 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree) + return 0; + } + +-static struct audit_chunk *find_chunk(struct node *p) +-{ +- int index = p->index & ~(1U<<31); +- p -= index; +- return container_of(p, struct audit_chunk, owners[0]); +-} +- + static void kill_rules(struct audit_tree *tree) + { + struct audit_krule *rule, *next; +@@ -431,17 +463,10 @@ static void prune_one(struct audit_tree *victim) + spin_lock(&hash_lock); + while (!list_empty(&victim->chunks)) { + struct node *p; +- struct audit_chunk *chunk; + + p = list_entry(victim->chunks.next, struct node, list); +- chunk = find_chunk(p); +- get_inotify_watch(&chunk->watch); +- spin_unlock(&hash_lock); +- +- untag_chunk(chunk, p); + +- put_inotify_watch(&chunk->watch); +- spin_lock(&hash_lock); ++ untag_chunk(p); + } + spin_unlock(&hash_lock); + put_tree(victim); +@@ -469,7 +494,6 @@ static void trim_marked(struct audit_tree *tree) + + while (!list_empty(&tree->chunks)) { + struct node *node; +- struct audit_chunk *chunk; + + node = list_entry(tree->chunks.next, struct node, list); + +@@ -477,14 +501,7 @@ static void trim_marked(struct audit_tree *tree) + if (!(node->index & (1U<<31))) + break; + +- chunk = find_chunk(node); +- get_inotify_watch(&chunk->watch); +- spin_unlock(&hash_lock); +- +- untag_chunk(chunk, node); +- +- put_inotify_watch(&chunk->watch); +- spin_lock(&hash_lock); ++ untag_chunk(node); + } + if (!tree->root && !tree->goner) { + tree->goner = 1; +@@ -878,7 +895,7 @@ static void handle_event(struct inotify_watch *watch, u32 wd, u32 mask, + static void destroy_watch(struct inotify_watch *watch) + { + struct audit_chunk *chunk = container_of(watch, struct audit_chunk, watch); +- free_chunk(chunk); ++ call_rcu(&chunk->head, __put_chunk); + } + + static const struct inotify_operations rtree_inotify_ops = { +diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c +index b7d354e..9fd85a4 100644 +--- a/kernel/auditfilter.c ++++ b/kernel/auditfilter.c +@@ -1094,8 +1094,8 @@ static void audit_inotify_unregister(struct list_head *in_list) + list_for_each_entry_safe(p, n, in_list, ilist) { + list_del(&p->ilist); + inotify_rm_watch(audit_ih, &p->wdata); +- /* the put matching the get in audit_do_del_rule() */ +- put_inotify_watch(&p->wdata); ++ /* the unpin matching the pin in audit_do_del_rule() */ ++ unpin_inotify_watch(&p->wdata); + } + } + +@@ -1389,9 +1389,13 @@ static inline int audit_del_rule(struct audit_entry *entry, + /* Put parent on the inotify un-registration + * list. Grab a reference before releasing + * audit_filter_mutex, to be released in +- * audit_inotify_unregister(). */ +- list_add(&parent->ilist, &inotify_list); +- get_inotify_watch(&parent->wdata); ++ * audit_inotify_unregister(). ++ * If filesystem is going away, just leave ++ * the sucker alone, eviction will take ++ * care of it. ++ */ ++ if (pin_inotify_watch(&parent->wdata)) ++ list_add(&parent->ilist, &inotify_list); + } + } + } +diff --git a/kernel/cgroup.c b/kernel/cgroup.c +index d68bf2b..0ba3a5a 100644 +--- a/kernel/cgroup.c ++++ b/kernel/cgroup.c +@@ -2045,10 +2045,13 @@ int cgroupstats_build(struct cgroupstats *stats, struct dentry *dentry) + struct cgroup *cgrp; + struct cgroup_iter it; + struct task_struct *tsk; ++ + /* +- * Validate dentry by checking the superblock operations ++ * Validate dentry by checking the superblock operations, ++ * and make sure it's a directory. + */ +- if (dentry->d_sb->s_op != &cgroup_ops) ++ if (dentry->d_sb->s_op != &cgroup_ops || ++ !S_ISDIR(dentry->d_inode->i_mode)) + goto err; + + ret = 0; +diff --git a/kernel/cpuset.c b/kernel/cpuset.c +index 827cd9a..fbda85d 100644 +--- a/kernel/cpuset.c ++++ b/kernel/cpuset.c +@@ -587,7 +587,6 @@ static int generate_sched_domains(cpumask_t **domains, + int ndoms; /* number of sched domains in result */ + int nslot; /* next empty doms[] cpumask_t slot */ + +- ndoms = 0; + doms = NULL; + dattr = NULL; + csa = NULL; +@@ -674,10 +673,8 @@ restart: + * Convert to and populate cpu masks. + */ + doms = kmalloc(ndoms * sizeof(cpumask_t), GFP_KERNEL); +- if (!doms) { +- ndoms = 0; ++ if (!doms) + goto done; +- } + + /* + * The rest of the code, including the scheduler, can deal with +@@ -732,6 +729,13 @@ restart: + done: + kfree(csa); + ++ /* ++ * Fallback to the default domain if kmalloc() failed. ++ * See comments in partition_sched_domains(). ++ */ ++ if (doms == NULL) ++ ndoms = 1; ++ + *domains = doms; + *attributes = dattr; + return ndoms; +diff --git a/kernel/sched.c b/kernel/sched.c +index ad1962d..a992cbe 100644 +--- a/kernel/sched.c ++++ b/kernel/sched.c +@@ -7692,13 +7692,14 @@ static int dattrs_equal(struct sched_domain_attr *cur, int idx_cur, + * + * The passed in 'doms_new' should be kmalloc'd. This routine takes + * ownership of it and will kfree it when done with it. If the caller +- * failed the kmalloc call, then it can pass in doms_new == NULL, +- * and partition_sched_domains() will fallback to the single partition +- * 'fallback_doms', it also forces the domains to be rebuilt. ++ * failed the kmalloc call, then it can pass in doms_new == NULL && ++ * ndoms_new == 1, and partition_sched_domains() will fallback to ++ * the single partition 'fallback_doms', it also forces the domains ++ * to be rebuilt. + * +- * If doms_new==NULL it will be replaced with cpu_online_map. +- * ndoms_new==0 is a special case for destroying existing domains. +- * It will not create the default domain. ++ * If doms_new == NULL it will be replaced with cpu_online_map. ++ * ndoms_new == 0 is a special case for destroying existing domains, ++ * and it will not create the default domain. + * + * Call with hotplug lock held + */ +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index 50ec088..6ffbed2 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -179,6 +179,9 @@ extern struct ctl_table random_table[]; + #ifdef CONFIG_INOTIFY_USER + extern struct ctl_table inotify_table[]; + #endif ++#ifdef CONFIG_EPOLL ++extern struct ctl_table epoll_table[]; ++#endif + + #ifdef HAVE_ARCH_PICK_MMAP_LAYOUT + int sysctl_legacy_va_layout; +@@ -1313,6 +1316,13 @@ static struct ctl_table fs_table[] = { + .child = inotify_table, + }, + #endif ++#ifdef CONFIG_EPOLL ++ { ++ .procname = "epoll", ++ .mode = 0555, ++ .child = epoll_table, ++ }, ++#endif + #endif + { + .ctl_name = KERN_SETUID_DUMPABLE, +diff --git a/lib/idr.c b/lib/idr.c +index e728c7f..7a785a0 100644 +--- a/lib/idr.c ++++ b/lib/idr.c +@@ -185,6 +185,7 @@ static int sub_alloc(struct idr *idp, int *starting_id, struct idr_layer **pa) + new = get_from_free_list(idp); + if (!new) + return -1; ++ new->layer = l-1; + rcu_assign_pointer(p->ary[m], new); + p->count++; + } +@@ -210,6 +211,7 @@ build_up: + if (unlikely(!p)) { + if (!(p = get_from_free_list(idp))) + return -1; ++ p->layer = 0; + layers = 1; + } + /* +@@ -237,6 +239,7 @@ build_up: + } + new->ary[0] = p; + new->count = 1; ++ new->layer = layers-1; + if (p->bitmap == IDR_FULL) + __set_bit(0, &new->bitmap); + p = new; +@@ -493,17 +496,21 @@ void *idr_find(struct idr *idp, int id) + int n; + struct idr_layer *p; + +- n = idp->layers * IDR_BITS; + p = rcu_dereference(idp->top); ++ if (!p) ++ return NULL; ++ n = (p->layer+1) * IDR_BITS; + + /* Mask off upper bits we don't use for the search. */ + id &= MAX_ID_MASK; + + if (id >= (1 << n)) + return NULL; ++ BUG_ON(n == 0); + + while (n > 0 && p) { + n -= IDR_BITS; ++ BUG_ON(n != p->layer*IDR_BITS); + p = rcu_dereference(p->ary[(id >> n) & IDR_MASK]); + } + return((void *)p); +@@ -582,8 +589,11 @@ void *idr_replace(struct idr *idp, void *ptr, int id) + int n; + struct idr_layer *p, *old_p; + +- n = idp->layers * IDR_BITS; + p = idp->top; ++ if (!p) ++ return ERR_PTR(-EINVAL); ++ ++ n = (p->layer+1) * IDR_BITS; + + id &= MAX_ID_MASK; + +diff --git a/lib/scatterlist.c b/lib/scatterlist.c +index 8d2688f..b7b449d 100644 +--- a/lib/scatterlist.c ++++ b/lib/scatterlist.c +@@ -395,7 +395,7 @@ void sg_miter_stop(struct sg_mapping_iter *miter) + WARN_ON(!irqs_disabled()); + kunmap_atomic(miter->addr, KM_BIO_SRC_IRQ); + } else +- kunmap(miter->addr); ++ kunmap(miter->page); + + miter->page = NULL; + miter->addr = NULL; +diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c +index 8bde9bf..b0785ef 100644 +--- a/net/unix/af_unix.c ++++ b/net/unix/af_unix.c +@@ -1341,6 +1341,7 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock, + + if (NULL == siocb->scm) + siocb->scm = &tmp_scm; ++ wait_for_unix_gc(); + err = scm_send(sock, msg, siocb->scm); + if (err < 0) + return err; +@@ -1491,6 +1492,7 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock, + + if (NULL == siocb->scm) + siocb->scm = &tmp_scm; ++ wait_for_unix_gc(); + err = scm_send(sock, msg, siocb->scm); + if (err < 0) + return err; +diff --git a/net/unix/garbage.c b/net/unix/garbage.c +index 6d4a9a8..abb3ab3 100644 +--- a/net/unix/garbage.c ++++ b/net/unix/garbage.c +@@ -80,6 +80,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -91,6 +92,7 @@ + static LIST_HEAD(gc_inflight_list); + static LIST_HEAD(gc_candidates); + static DEFINE_SPINLOCK(unix_gc_lock); ++static DECLARE_WAIT_QUEUE_HEAD(unix_gc_wait); + + unsigned int unix_tot_inflight; + +@@ -266,12 +268,16 @@ static void inc_inflight_move_tail(struct unix_sock *u) + list_move_tail(&u->link, &gc_candidates); + } + +-/* The external entry point: unix_gc() */ ++static bool gc_in_progress = false; + +-void unix_gc(void) ++void wait_for_unix_gc(void) + { +- static bool gc_in_progress = false; ++ wait_event(unix_gc_wait, gc_in_progress == false); ++} + ++/* The external entry point: unix_gc() */ ++void unix_gc(void) ++{ + struct unix_sock *u; + struct unix_sock *next; + struct sk_buff_head hitlist; +@@ -376,6 +382,7 @@ void unix_gc(void) + /* All candidates should have been detached by now. */ + BUG_ON(!list_empty(&gc_candidates)); + gc_in_progress = false; ++ wake_up(&unix_gc_wait); + + out: + spin_unlock(&unix_gc_lock); diff --git a/debian/patches/series/1~experimental.1 b/debian/patches/series/1~experimental.1 index 16a97412e..a1553e04d 100644 --- a/debian/patches/series/1~experimental.1 +++ b/debian/patches/series/1~experimental.1 @@ -32,3 +32,4 @@ + bugfix/all/stable/patch-2.6.27.5 + bugfix/all/stable/patch-2.6.27.6 + bugfix/all/stable/patch-2.6.27.7 ++ bugfix/all/stable/patch-2.6.27.8