ifa_local is assumed to be unsigned long which lead to writing the address
at dev->dev_addr-2 instead of +2

noticed thanks to gcc:

drivers/isdn/hysdn/hysdn_net.c: In function `net_open':
drivers/isdn/hysdn/hysdn_net.c:91: warning: array subscript is below array bounds
Signed-off-by: Pascal Terjan <pterjan@mandriva.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

On "/etc/init.d/capiutils stop", this oops happened.

The oops happens on reading /proc/capi/controllers because
capi_ctrl->procinfo is called for the wrongly not unregistered
controller, which points to b1isa_procinfo(), which was removed on
module unload.

b1isa_exit() did not call b1isa_remove() for its controllers because
io[0] == 0 on module unload despite having been 0x340 on module load.

Besides, just removing the controllers that where added on module
load time and not those that were added later via b1isa_add_card() is
wrong too - the place where all added cards are found is isa_dev[].

relevant dmesg lines:

[    0.000000] Linux version 2.6.27.4 (w@shubashi) (gcc version 4.3.2 (Debian 4.3.2-1) ) #3 Thu Oct 30 16:49:03 CET 2008

[   67.403555] CAPI Subsystem Rev 1.1.2.8
[   68.529154] capifs: Rev 1.1.2.3
[   68.563292] capi20: Rev 1.1.2.7: started up with major 68 (middleware+capifs)
[   77.026936] b1: revision 1.1.2.2
[   77.049992] b1isa: revision 1.1.2.3
[   77.722655] kcapi: Controller [001]: b1isa-340 attached
[   77.722671] b1isa: AVM B1 ISA at i/o 0x340, irq 5, revision 255
[   81.272669] b1isa-340: card 1 "B1" ready.
[   81.272683] b1isa-340: card 1 Protocol: DSS1
[   81.272689] b1isa-340: card 1 Linetype: point to multipoint
[   81.272695] b1isa-340: B1-card (3.11-03) now active
[   81.272702] kcapi: card [001] "b1isa-340" ready.

[  153.721281] kcapi: card [001] down.
[  154.151889] BUG: unable to handle kernel paging request at e87af000
[  154.152081] IP: [<e87af000>]
[  154.153292] *pde = 2655b067 *pte = 00000000
[  154.153307] Oops: 0000 [#1]
[  154.153360] Modules linked in: rfcomm l2cap ppdev lp ipt_MASQUERADE tun capi capifs kernelcapi ac battery nfsd exportfs nfs lockd nfs_acl sunrpc sit tunnel4 bridge stp llc ipt_REJECT ipt_LOG xt_tcpudp xt_state iptable_filter iptable_mangle iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack ip_tables x_tables nls_utf8 isofs nls_base zlib_inflate loop ipv6 netconsole snd_via82xx dvb_usb_dib0700 gameport dib7000p dib7000m dvb_usb snd_ac97_codec ac97_bus dvb_core mt2266 snd_pcm tuner_xc2028 dib3000mc dibx000_common mt2060 dib0070 snd_page_alloc snd_mpu401_uart snd_seq_midi snd_seq_midi_event btusb snd_rawmidi bluetooth snd_seq snd_timer snd_seq_device snd via686a i2c_viapro soundcore i2c_core parport_pc parport button dm_mirror dm_log dm_snapshot floppy sg ohci1394 uhci_hcd ehci_hcd 8139too mii ieee1394 usbcore sr_mod cdrom sd_mod thermal processor fan [last unloaded: b1]
[  154.153360]
[  154.153360] Pid: 4132, comm: capiinit Not tainted (2.6.27.4 #3)
[  154.153360] EIP: 0060:[<e87af000>] EFLAGS: 00010286 CPU: 0
[  154.153360] EIP is at 0xe87af000
[  154.153360] EAX: e6b9ccc8 EBX: e6b9ccc8 ECX: e87a0c67 EDX: e87af000
[  154.153360] ESI: e142bbc0 EDI: e87a56e0 EBP: e0505f0c ESP: e0505ee4
[  154.153360]  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
[  154.153360] Process capiinit (pid: 4132, ti=e0504000 task=d1196cf0 task.ti=e0504000)
[  154.153360] Stack: e879f650 00000246 e0505ef4 c01472eb e0505f0c 00000246 e7001780 fffffff4
[  154.153360]        fffffff4 e142bbc0 e0505f48 c01a56c6 00000400 b805e000 d102dc80 e142bbe0
[  154.153360]        00000000 e87a56e0 00000246 e12617ac 00000000 00000000 e1261760 fffffffb
[  154.153360] Call Trace:
[  154.153360]  [<e879f650>] ? controller_show+0x20/0x90 [kernelcapi]
[  154.153360]  [<c01472eb>] ? trace_hardirqs_on+0xb/0x10
[  154.153360]  [<c01a56c6>] ? seq_read+0x126/0x2f0
[  154.153360]  [<c01a55a0>] ? seq_read+0x0/0x2f0
[  154.153360]  [<c01c033c>] ? proc_reg_read+0x5c/0x90
[  154.153360]  [<c0189919>] ? vfs_read+0x99/0x140
[  154.153360]  [<c01c02e0>] ? proc_reg_read+0x0/0x90
[  154.153360]  [<c0189a7d>] ? sys_read+0x3d/0x70
[  154.153360]  [<c0103c3d>] ? sysenter_do_call+0x12/0x35
[  154.153360]  =======================
[  154.153360] Code:  Bad EIP value.
[  154.153360] EIP: [<e87af000>] 0xe87af000 SS:ESP 0068:e0505ee4
[  154.153360] ---[ end trace 23750b6c2862de94 ]---
Signed-off-by: Wilfried Klaebe <linux-kernel@lebenslange-mailadresse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Karsten Keil <kkeil@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

Due to a wrong safety check in af_can.c it was not possible to filter
for SFF frames with a specific CAN identifier without getting the
same selected CAN identifier from a received EFF frame also.

This fix has a minimum (but user visible) impact on the CAN filter
API and therefore the CAN version is set to a new date.

Indeed the 'old' API is still working as-is. But when now setting
CAN_(EFF|RTR)_FLAG in can_filter.can_mask you might get less traffic
than before - but still the stuff that you expected to get for your
defined filter ...

Thanks to Kurt Van Dijck for pointing at this issue and for the review.
Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net>
Acked-by: Kurt Van Dijck <kurt.van.dijck@eia.be>
Signed-off-by: David S. Miller <davem@davemloft.net>

Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Fix a potential NULL pointer dereference seen when trying to remove a
static label configuration with an invalid address/mask combination.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

The bnx2 chips do not support per MSI vector masking.  On 5706/5708, new MSI
address/data are stored only when the MSI enable bit is toggled.  As a result,
SMP affinity no longer works in the latest kernel.  A more serious problem is
that the driver will no longer receive interrupts when the MSI receiving CPU
goes offline.

The workaround in this patch only addresses the problem of CPU going offline.
When that happens, the driver's timer function will detect that it is making
no forward progress on pending interrupt events and will recover from it.

Eric Dumazet reported the problem.

We also found that if an interrupt is internally asserted while MSI and INTA
are disabled, the chip will end up in the same state after MSI is re-enabled.
The same workaround is needed for this problem. 
Signed-off-by: Michael Chan <mchan@broadcom.com>
Tested-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

After flush the SPD entries, dump the SPD entries will cause kernel painc.

Used the following commands to reproduct:

- echo 'spdflush;' | setkey -c
- echo 'spdadd 3ffe:501:ffff:ff01::/64 3ffe:501:ffff:ff04::/64  any -P out ipsec \
  ah/tunnel/3ffe:501:ffff:ff00:200:ff:fe00:b0b0-3ffe:501:ffff:ff02:200:ff:fe00:a1a1/require;\
  spddump;' | setkey -c
- echo 'spdflush; spddump;' | setkey -c
- echo 'spdadd 3ffe:501:ffff:ff01::/64 3ffe:501:ffff:ff04::/64  any -P out ipsec \
  ah/tunnel/3ffe:501:ffff:ff00:200:ff:fe00:b0b0-3ffe:501:ffff:ff02:200:ff:fe00:a1a1/require;\
  spddump;' | setkey -c

This is because when flush the SPD entries, the SPD entry is not remove
from the list.

This patch fix the problem by remove the SPD entry from the list.
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

* git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog:
  [WATCHDOG] hpwdt: Fix kdump when using hpwdt
  [WATCHDOG] hpwdt: set the mapped BIOS address space as executable
  [WATCHDOG] iTCO_wdt: add PCI ID's for ICH9 & ICH10 chipsets
  [WATCHDOG] iTCO_wdt : correct status clearing
  [WATCHDOG] iTCO_wdt : problem with rebooting on new ICH9 based motherboards
  [WATCHDOG] fix mtx1_wdt compilation failure

* 'linux-next' of git://git.infradead.org/ubifs-2.6:
  UBIFS: pre-allocate bulk-read buffer
  UBIFS: do not allocate too much
  UBIFS: do not print scary memory allocation warnings
  UBIFS: allow for gaps when dirtying the LPT
  UBIFS: fix compilation warnings
  MAINTAINERS: change UBI/UBIFS git tree URLs
  UBIFS: endian handling fixes and annotations
  UBIFS: remove printk

* 'kvm-updates/2.6.28' of git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm:
  KVM: MMU: avoid creation of unreachable pages in the shadow
  KVM: ppc: stop leaking host memory on VM exit
  KVM: MMU: fix sync of ptes addressed at owner pagetable
  KVM: ia64: Fix: Use correct calling convention for PAL_VPS_RESUME_HANDLER
  KVM: ia64: Fix incorrect kbuild CFLAGS override
  KVM: VMX: Fix interrupt loss during race with NMI
  KVM: s390: Fix problem state handling in guest sigp handler

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
  sparc64: Fix offset calculation in compute_size()
  rtc: rtc-starfire fixes

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (30 commits)
  MAINTAINERS: add netdev to ATM
  ATM: horizon, fix hrz_probe fail path
  pppol2tp: Add missing sock_put() in pppol2tp_release()
  net: Fix soft lockups/OOM issues w/ unix garbage collector
  macvlan: don't broadcast PAUSE frames to macvlan devices
  Phonet: fix oops in phonet_address_del() on non-Phonet device
  netfilter: ctnetlink: fix GFP_KERNEL allocation under spinlock
  sungem: Fix PCS_MIICTRL register write in gem_init_phy().
  net: make skb_truesize_bug() call WARN()
  net: hp-plus uses eip_poll
  net/wireless/reg.c: fix bad WARN_ON in if statement
  ath5k: disable beacon filter when station is not associated
  ath5k: fix Security issue in DebugFS part of ath5k
  ath9k: correct expected max RX buffer size
  ath9k: Fix SW-IOMMU bounce buffer starvation
  mac80211 : Fix setting ad-hoc mode and non-ibss channel
  iwlagn: fix DMA sync
  phylib: Add Vitesse VSC8221 SGMII PHY
  rose: zero length frame filtering in af_rose.c
  bridge: netfilter: fix update_pmtu crash with GRE
  ...

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
  m68k: Update defconfigs for 2.6.28-rc7
  macfb: Do not overflow fb_fix_screeninfo.id

* git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6:
  alim15x3: fix sparse warning
  ide: remove dead code from drive_is_ready()
  ide: fix build for DEBUG_PM
  ide: respect current DMA setting during resume
  ide: add SAMSUNG SP0822N with firmware WA100-10 to ivb_list[]
  amd74xx: workaround unreliable AltStatus register for nVidia controllers
  ide: fix the ide_release_lock imbalance

* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
  [SCSI] stex: switch to block timeout
  [SCSI] make scsi_eh_try_stu use block timeout
  [SCSI] megaraid_sas: switch to block timeout
  [SCSI] ibmvscsi: switch to block timeout
  [SCSI] aacraid: switch to block timeout
  [SCSI] zfcp: prevent double decrement on host_busy while being busy
  [SCSI] zfcp: fix deadlock between wq triggered port scan and ERP
  [SCSI] zfcp: eliminate race between validation and locking
  [SCSI] zfcp: verify for correct rport state before scanning for SCSI devs
  [SCSI] zfcp: returning an ERR_PTR where a NULL value is expected
  [SCSI] zfcp: Fix opening of wka ports
  [SCSI] zfcp: fix remote port status check
  [SCSI] fc_transport: fix old bug on bitflag definitions
  [SCSI] Fix hang in starved list processing

This fixes the MN10300 kernel module linking to match the toolchain.  RELA
relocs don't use the value at the location being relocated.  This has been
working because the tools always leave the value at the target location
cleared.
Signed-off-by: Mark Salter <msalter@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

If xpc.ko and gru.ko are both statically linked into the kernel, then
xpc_init() can get called before gru_init() and make a call to one of the
gru's exported functions before the gru has initialized itself. The end
result is a NULL dereference.
Signed-off-by: Dean Nelson <dcn@sgi.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

In the CONFIG_SMP case the irq_choose_cpu() code was returning back
a logical cpu id not the physical id.  We were writing that directly
into the HW register.

We need to be calling get_hard_smp_processor_id() so irq_choose_cpu()
always returns a physical cpu id.
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Count the insertion of new pages in the statistics used to drive the
pageout scanning code.  This should help the kernel quickly evict
streaming file IO.

We count on the fact that new file pages start on the inactive file LRU
and new anonymous pages start on the active anon list.  This means
streaming file IO will increment the recent scanned file statistic, while
leaving the recent rotated file statistic alone, driving pageout scanning
to the file LRUs.

Pageout activity does its own list manipulation.
Signed-off-by: Rik van Riel <riel@redhat.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Tested-by: Gene Heskett <gene.heskett@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Devices which share the same queue, like floppies and mtd devices, get
registered multiple times in the bdi interface, but bdi accounts only the
last registered device of the devices sharing one queue.

On remove, all earlier registered devices leak, stay around in sysfs, and
cause "duplicate filename" errors if the devices are re-created.

This prevents the creation of multiple bdi interfaces per queue, and the
bdi device will carry the dev_t name of the block device which is the
first one registered, of the pool of devices using the same queue.

[akpm@linux-foundation.org: add a WARN_ON so we know which drivers are misbehaving]
Tested-by: Peter Korsgaard <jacmet@sunsite.dk>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Kay Sievers <kay.sievers@vrfy.org>
Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

The previous patch from Alan Cox ("nfsd: fix vm overcommit crash",
commit 731572d3) fixed the problem where
knfsd crashes on exported shmemfs objects and strict overcommit is set.

But the patch forgot supporting the case when CONFIG_SECURITY is
disabled.

This patch copies a part of his fix which is mainly for detecting a bug
earlier.
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Junjiro R. Okajima <hooanon05@yahoo.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>

Fix this sparse warning:

  drivers/ide/alim15x3.c:594:2: warning: returning void-valued expression
Signed-off-by: Hannes Eder <hannes@hanneseder.net>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>

We guarantee 400ns delay at the time of issuing the command.
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>

Also while at it:

* Drop unused arguments from ide_complete_power_step().

* Move DEBUG_PM printk() from ide_end_drive_cmd() to
  ide_complete_power_step().
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>

Respect current DMA setting during resume, otherwise PIO timings
may get destroyed if host uses shared PIO/MWDMA timings.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>

Should fix kernel.org bug #10225:
http://bugzilla.kernel.org/show_bug.cgi?id=10225Reported-by: Matthias B. <haferfrost@web.de>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Acked-by: Sergei Shtyltov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>

It seems that on some nVidia controllers using AltStatus register
can be unreliable so default to Status register if the PCI device
is in Compatibility Mode.  In order to achieve this:

* Add ide_pci_is_in_compatibility_mode() inline helper to <linux/ide.h>.

* Add IDE_HFLAG_BROKEN_ALTSTATUS host flag and set it in amd74xx host
  driver for nVidia controllers in Compatibility Mode.

* Teach actual_try_to_identify() and drive_is_ready() about the new flag.

This fixes the regression caused by removal of CONFIG_IDEPCI_SHARE_IRQ
config option in 2.6.25 and using AltStatus register unconditionally when
available (kernel.org bugs #11659 and #10216).

[ Moreover for CONFIG_IDEPCI_SHARE_IRQ=y (which is what most people
  and distributions use) it never worked correctly. ]

Thanks to Remy LABENE and Lars Winterfeld for help with debugging the problem.

More info at:
http://bugzilla.kernel.org/show_bug.cgi?id=11659
http://bugzilla.kernel.org/show_bug.cgi?id=10216Reported-by: Remy LABENE <remy.labene@free.fr>
Tested-by: Remy LABENE <remy.labene@free.fr>
Tested-by: Lars Winterfeld <lars.winterfeld@tu-ilmenau.de>
Acked-by: Borislav Petkov <petkovbb@gmail.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>

ide_release_lock() spits out lots of:

	ide_release_lock: bug

warnings on Atari Falcon.

Fix the ide_release_lock imbalance.
Signed-off-by: Michael Schmitz <schmitz@biophys.uni-duesseldorf.de>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>

Don't overflow the 16-character fb_fix_screeninfo id string (fixes some 
console erasing and blanking artifacts). Have the ID default to "Unknown" 
on machines with no built-in video and no nubus devices. Check for 
fb_alloc_cmap failure.
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>

* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6: (25 commits)
  em28xx: remove backward compat macro added on a previous fix
  V4L/DVB (9748): em28xx: fix compile warning
  V4L/DVB (9743): em28xx: fix oops audio
  V4L/DVB (9742): em28xx-alsa: implement another locking schema
  V4L/DVB (9732): sms1xxx: use new firmware for Hauppauge WinTV MiniStick
  V4L/DVB (9691): gspca: Move the video device to a separate area.
  V4L/DVB (9690): gspca: Lock the subdrivers via module_get/put.
  V4L/DVB (9689): gspca: Memory leak when disconnect while streaming.
  V4L/DVB (9668): em28xx: fix a race condition with hald
  V4L/DVB (9664): af9015: don't reconnect device in USB-bus
  V4L/DVB (9647): em28xx: void having two concurrent control URB's
  V4L/DVB (9646): em28xx: avoid allocating/dealocating memory on every control urb
  V4L/DVB (9645): em28xx: Avoid memory leaks if registration fails
  V4L/DVB (9639): Make dib0700 remote control support work with firmware v1.20
  V4L/DVB (9635): v4l: s2255drv fix firmware test on big-endian
  V4L/DVB (9634): Make sure the i2c gate is open before powering down tuner
  V4L/DVB (9632): make em28xx aux audio input work
  V4L/DVB (9631): Make s2api work for ATSC support
  V4L/DVB (9627): em28xx: Avoid i2c register error for boards without eeprom
  V4L/DVB (9608): Fix section mismatch warning for dm1105 during make
  ...

drivers/gpu/drm/i915/i915_irq.c: In function 'i915_disable_pipestat':
drivers/gpu/drm/i915/i915_irq.c:101: warning: control may reach end of non-void function 'i915_pipestat' being inlined

Cc: Dave Airlie <airlied@linux.ie>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Fix module removal bugs of i82875p_edac.  Also i82975x_edac code seems to
have the same module removal bugs as in i82875p_edac.

The problems were:

1. In module removal i82875p_remove_one() is never called.

   Variable i82875p_registered is newer changed from 1, which
   guarantees i82875p_remove_one() is not called (and even if it were
   called, it would be called in wrong order).

   As a result, the edac_mc workque is not stopped and keeps probing.
   If kernel debugging options are not enabled, user may not notice
   anything going wrong.

   if debugging options are enabled and I do "rmmod i82875p_edac", I
   get:

      edac debug: edac_pci_workq_function() checking
      BUG: unable to handle kernel paging request at f882d16f
      ...
      call trace:
       [<f8834df3>] ? edac_mc_workq_function+0x55/0x7e [edac_core]
       [<c0233974>] ? run_workqueue+0xd7/0x1a5
       [<c023392f>] ? run_workqueue+0x92/0x1a5
       [<f8834d9e>] ? edac_mc_workq_function+0x0/0x7e [edac_core]
       [<c0233af9>] ? worker_thread+0xb7/0xc3
       [<c0236a7b>] ? autoremove_wake_function+0x0/0x33
       [<c0233a42>] ? worker_thread+0x0/0xc3
       [<c0236809>] ? kthread+0x3b/0x61
       [<c02367ce>] ? kthread+0x0/0x61
       [<c0204587>] ? kernel_thread_helper+0x7/0x10

   Fix for this is to get rid of needles variable i82875p_registered
   altogether and run i82875p_remove_one() *before*
   pci_unregister_driver().

2. edac_mc_del_mc() uses mci after freeing mci

   edac_mc_del_mc() calls calls edac_remove_sysfs_mci_device().  The
   kobject refcount of mci drops to 0 and mci is freed.  After this
   mci is accessed via debug print and i82875p_remove_one() still
   uses mci->pvt and tries to free mci again with edac_mc_free().

   The fix for this is add kobject_get(&mci->edac_mci_kobj) after
   edac_mc_alloc(). Then the mci is still available after returning
   from edac_mc_del_mc() with refcount 1, and mci->pvt is still
   available. When i82875p_remove_one() finally calls edac_mc_free(),
   this will cause kobject_put() and mci is released properly.
Signed-off-by: Jarkko Lavinen <jlavi@iki.fi>
Cc: Doug Thompson <norsk5@yahoo.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

When I do "modprobe i82875p_edac" on my Asus P4C800 MB on kernels 2.6.26
or later, the module load fails due to BAR 0 collision.  On 2.6.25 the
module loads just fine.

The overflow device on the MB seems to be hidden and its resources are not
allocated at normal PCI bus init.  Log shows the missing resource problem:

  EDAC DEBUG: i82875p_probe1()
  PCI: 0000:00:06.0 reg 10 32bit mmio: [fecf0000, fecf0fff]
  pci 0000:00:06.0: device not available because of BAR 0
[0xfecf0000-0xfecf0fff] collisions
  EDAC i82875p: i82875p_setup_overfl_dev(): Failed to enable overflow
device

The patch below fixes this by calling pci_bus_assign_resources() after
the overflow device is revealed and added to the bus. With this patch
I am again able to load and use the module.
Signed-off-by: Jarkko Lavinen <jlavi@iki.fi>
Cc: Doug Thompson <norsk5@yahoo.com>
Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

The commit aef7db4b fixed the problem with
recursive locking in fb blanking code if blank is caused by user setting
the /sys/class/graphics/fb*/blank.  However this broke the fbcon timeout
blanking.

If you use a driver that defines ->fb_blank operation and at the same time
that driver relies on other driver (e.g.  backlight or lcd class) to blank
the screen, when the fbcon times out and tries to blank the fb, it will
call only fb driver blanker and won't notify the other driver.  Thus FB
output is disabled, but the screen isn't blanked.

Restore fbcon blanking and at the same time apply the proper fix for the
above problem: if fbcon_blank is called with FBINFO_FLAG_USEREVENT, we are
already called through notification from fb_blank, thus we don't have to
blank the fb again.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

kernel-doc handles macros now (it has for quite some time), so change the
ntfs_debug() macro's kernel-doc to be just before the macro instead of
before a phony function prototype.

[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Anton Altaparmakov <aia21@cantab.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

The method for listing varargs in kernel-doc notation is:
 * @...: these arguments are printed by the @fmt argument

but scripts/kernel-doc is confused:  it always lists varargs as:
	...	variable arguments
and ignores the @...: line's description, but then prints that
line after the list of function parameters as though it's
not part of the function parameters.

This patch makes kernel-doc print the supplied @...  description if it is
present; otherwise a boilerplate "variable arguments" is printed.
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

2nd part of the fixes needed for
http://bugzilla.kernel.org/show_bug.cgi?id=11796.

When the idr tree is either grown or shrunk, then the update to the number
of layers and the top pointer were not atomic.  This race caused crashes.

The attached patch fixes that by replicating the layers counter in each
layer, thus idr_find doesn't need idp->layers anymore.
Signed-off-by: Manfred Spraul <manfred@colorfullife.com>
Cc: Clement Calmels <cboulte@gmail.com>
Cc: Nadia Derbey <Nadia.Derbey@bull.net>
Cc: Pierre Peiffer <peifferp@gmail.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

- pci_map_sg/dma_map_sg are used with a scatter gather list that doesn't
  come from the block layer (e.g.  some network drivers do).

- how IOMMUs merge adjacent elements of the scatter/gather list is
  independent of how the block layer determines sees elements.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Tejun Heo <htejun@gmail.com>
Cc: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>