* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
  coda: move backing-dev.h kernel include inside __KERNEL__
  mtd: ensure that bdi entries are properly initialized and registered
  Move mtd_bdi_*mappable to mtdcore.c
  btrfs: convert to using bdi_setup_and_register()
  Catch filesystems lacking s_bdi
  drbd: Terminate a connection early if sending the protocol fails
  drbd: fix memory leak
  Fix JFFS2 sync silent failure
  smbfs: add bdi backing to mount session
  ncpfs: add bdi backing to mount session
  exofs: add bdi backing to mount session
  ecryptfs: add bdi backing to mount session
  coda: add bdi backing to mount session
  cifs: add bdi backing to mount session
  afs: add bdi backing to mount session.
  9p: add bdi backing to mount session
  bdi: add helper function for doing init and register of a bdi for a file system
  block: ensure jiffies wrap is handled correctly in blk_rq_timed_out_timer

* git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog:
  watchdog: booke_wdt: fix build - unconstify watchdog_info
  watchdog: sbc_fitpc2_wdt: fixed "scheduling while atomic" bug.
  watchdog: sbc_fitpc2_wdt: fixed I/O operations order
  Watchdog: sb_wdog.c: Fix sibyte watchdog initialization

Otherwise we must export backing-dev.h as well, which doesn't make
any sense.
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  keys: don't need to use RCU in keyring_read() as semaphore is held

* 'for-2.6.34' of git://linux-nfs.org/~bfields/linux:
  nfsd4: bug in read_buf

The request_key() system call and request_key_and_link() should make a
link from an existing key to the destination keyring (if supplied), not
just from a new key to the destination keyring.

This can be tested by:

	ring=`keyctl newring fred @s`
	keyctl request2 user debug:a a
	keyctl request user debug:a $ring
	keyctl list $ring

If it says:

	keyring is empty

then it didn't work.  If it shows something like:

	1 key in keyring:
	1070462727: --alswrv     0     0 user: debug:a

then it did.

request_key() system call is meant to recursively search all your keyrings for
the key you desire, and, optionally, if it doesn't exist, call out to userspace
to create one for you.

If request_key() finds or creates a key, it should, optionally, create a link
to that key from the destination keyring specified.

Therefore, if, after a successful call to request_key() with a desination
keyring specified, you see the destination keyring empty, the code didn't work
correctly.

If you see the found key in the keyring, then it did - which is what the patch
is required for.
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Bill Gatliff reported the following bug when using the irq_chip facility
of the pca953x driver on a PPC platform:

BUG: scheduling while atomic: insmod/1530/0x00000002

He traced it back to an i2c transaction in pca953x_irq_set_type(), which
can be called with interrupt disabled (from __setup_irq()).  As the i2c
controller can sleep while sending a message, this qualifies as a bad
idea.

This patch moves the i2c transaction to pca953x_irq_bus_sync_unlock(),
where it is actually safe to send an i2c message.

[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Marc Zyngier <maz@misterjones.org>
Reported-by: Bill Gatliff <bgat@billgatliff.com>
Cc: Eric Miao <eric.y.miao@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Correct the file_operations struct in fdinfo entry of tid_base_stuff[].

Presently /proc/*/task/*/fdinfo contains symlinks to opened files like
/proc/*/fd/.
Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Miklos Szeredi <mszeredi@suse.cz>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

This patch fixes a build failure introduced by 1d839317 ("avr32: use
generic ptrace_resume code") which had the static keyword as a leftover.

  arch/avr32/kernel/ptrace.c:32: error: static declaration of `user_enable_single_step' follows non-static declaration
  include/linux/ptrace.h:268: error: previous declaration of `user_enable_single_step' was here

References:
[1]http://kisskb.ellerman.id.au/kisskb/buildresult/2448162/Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
Cc: Haavard Skinnemoen <hskinnemoen@atmel.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

keyring_read() doesn't need to use rcu_dereference() to access the keyring
payload as the caller holds the key semaphore to prevent modifications
from happening whilst the data is read out.

This should solve the following warning:

===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
security/keys/keyring.c:204 invoked rcu_dereference_check() without protection!

other info that might help us debug this:

rcu_scheduler_active = 1, debug_locks = 0
1 lock held by keyctl/2144:
 #0:  (&key->sem){+++++.}, at: [<ffffffff81177f7c>] keyctl_read_key+0x9c/0xcf

stack backtrace:
Pid: 2144, comm: keyctl Not tainted 2.6.34-rc2-cachefs #113
Call Trace:
 [<ffffffff8105121f>] lockdep_rcu_dereference+0xaa/0xb2
 [<ffffffff811762d5>] keyring_read+0x4d/0xe7
 [<ffffffff81177f8c>] keyctl_read_key+0xac/0xcf
 [<ffffffff811788d4>] sys_keyctl+0x75/0xb9
 [<ffffffff81001eeb>] system_call_fastpath+0x16/0x1b
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Morris <jmorris@namei.org>

The checks for CONFIG_MMU at this location are duplicated as all the code is
located inside a #ifndef CONFIG_MMU block. So the first conditional block will
always be included while the second never will.
Signed-off-by: Christoph Egger <siccegge@stud.informatik.uni-erlangen.de>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

* git://git.kernel.org/pub/scm/linux/kernel/git/pkl/squashfs-linus:
  squashfs: fix potential buffer over-run on 4K block file systems
  squashfs: add missing buffer free
  squashfs: fix warn_on when root inode is corrupted
  squashfs: fix locking bug in zlib wrapper

* 'for-linus' of git://oss.sgi.com/xfs/xfs:
  xfs: more swap extent fixes for dynamic fork offsets

Merge branch 'omap-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6

* 'omap-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6: (39 commits)
  omap: delete unused bootloader tag variables
  omap: Devkit8000: Remove unused pins
  omap: Devkit8000: Change position of init calls
  omap: Devkit8000: Remove unnecessary include file
  omap: Devkit8000: Fix typo in pin name
  omap: Devkit8000: Add missing package selection
  omap: Devkit8000: Fix typo in supplies
  n8x0_defconfig: remove CONFIG_NILFS2_FS override
  omap: board-sdp-flash.c: Fix typos in debug output
  omap4: Fix McBSP4 base address
  omap: rx51_defconfig: Remove CONFIG_SYSFS_DEPRECATED*=y options
  omap: rx51_defconfig: Remove duplicate phonet
  omap: fix a gpmc nand problem
  AM3517: initialize i2c subsystem after mux subsystem
  omap: remove one of the define of INT_34XX_BENCH_MPU_EMUL
  omap: fix the compile error if CONFIG_MTD_NAND_OMAP2 is notenabled
  OMAP4: Clocks: Change SPI Instance Names
  omap: Devkit8000: Fix wrong usb port on Devkit8000
  OMAP4: Fix for CONTROL register Base
  OMAP4-HSMMC: FIX for MMC5 Controller IRQ Base
  ...

Check whether the VMA has a vm_ops before calling close, just
like we check vm_ops before calling open a few dozen lines
higher up in the function.
Signed-off-by: Rik van Riel <riel@redhat.com>
Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: authenc - Add EINPROGRESS check

* 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
  drm/radeon: Fix sparc regression in r300_scratch()
  drm: make sure vblank interrupts are disabled at DPMS time
  drm/radeon/kms/evergreen: No EnableYUV table
  drm/radeon: 9800 SE has only one quadpipe
  drm/radeon/kms: don't print error for legal crtcs.
  drm/radeon/kms/evergreen: fix LUT setup

commit 42747d71 ("[WATCHDOG] watchdog_info
constify") introduced the following build failure:

   CC      booke_wdt.o
 booke_wdt.c: In function 'booke_wdt_init':
 booke_wdt.c:220: error: assignment of read-only variable 'ident'

Fix this by removing 'const' qualifier from watchdog_info struct.
Signed-off-by: Anton Vorontsov <avorontsov@mvista.com>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Cc: Kumar Gala <galak@kernel.crashing.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

They will be holding dirty inodes and be responsible for flushing
them out, so they need to be setup properly.
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>

Removes one .h and one .c file that are never used outside of
mtdcore.c.
Signed-off-by: Joern Engel <joern@logfs.org>

Edited to remove on leftover debug define.
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>

Commit b4fe9454 ("drm/radeon: Fix
memory allocation failures in the preKMS command stream checking.")
added a regression in that it completely tossed the get_unaligned()
done by r300_scratch() which we added in commit
958a6f8c ("drm: radeon: Fix unaligned
access in r300_scratch().").

Put it back.
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>

When we call drm_vblank_off() at DPMS off time (to wake any clients so
they don't hang) we need to make sure interrupts are actually disabled.
If drm_vblank_off() gets called before the vblank usage timer expires,
it'll prevent the timer from disabling interrupts since it also clears
the vblank_enabled flag for the pipe.
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>

When read_buf is called to move over to the next page in the pagelist
of an NFSv4 request, it sets argp->end to essentially a random
number, certainly not an address within the page which argp->p now
points to.  So subsequent calls to READ_BUF will think there is much
more than a page of spare space (the cast to u32 ensures an unsigned
comparison) so we can expect to fall off the end of the second
page.

We never encountered thsi in testing because typically the only
operations which use more than two pages are write-like operations,
which have their own decoding logic.  Something like a getattr after a
write may cross a page boundary, but it would be very unusual for it to
cross another boundary after that.

Cc: stable@kernel.org
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>

spinlock need to be replaced by mutex because of sleep functions
inside wdt_send_data.
Signed-off-by: Denis Turischev <denis@compulab.co.il>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>

There are fitpc2 compatible boards that hang with existent i/o
operations order. Solution is to switch between writing to data
and command ports.
Signed-off-by: Denis Turischev <denis@compulab.co.il>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>

Watchdog configuration register and timer count register were interchanged,
causing wrong values to be written into both registers.
This caused watchdog triggered resets even if the watchdog was reset in time.
Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
Acked-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>

A new xfsqa test (226) with a prototype xfs_fsr change to try to
handle dynamic fork offsets better triggers an assertion failure
where the inode data fork is in btree format, yet there is room in
the inode for it to be in extent format. The two inodes look like:

before: ino 0x101 (target), num_extents 11, Max in-fork extents 6, broot size 40, fork offset 96
before: ino 0x115 (temp),  num_extents 5, Max in-fork extents 3, broot size 40, fork offset 56
after: ino 0x101 (target), num_extents 5, Max in-fork extents 6, broot size 40, fork offset 96
after: ino 0x115 (temp), num_extents 11, Max in-fork extents 3, broot size 40, fork offset 56

Basically the target inode ends up with 5 extents in btree format,
but it had space for 6 extents in extent format, so ends up
incorrect. Notably here the broot size is the same, and that is
where the kernel code is going wrong - the btree root will fit, so
it lets the swap go ahead.

The check should not allow the swap to take place if the number of
extents while in btree format is less than the number of extents
that can fit in the inode in extent format. Adding that check will
prevent this swap and corruption from occurring.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>

It's now a provided helper, so get rid of the internal setup
and btrfs atomic_t bdi enumerator.
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>

When Steffen originally wrote the authenc async hash patch, he
correctly had EINPROGRESS checks in place so that we did not invoke
the original completion handler with it.

Unfortuantely I told him to remove it before the patch was applied.

As only MAY_BACKLOG request completion handlers are required to
handle EINPROGRESS completions, those checks are really needed.

This patch restores them.
Reported-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
  ipv6: Fix inet6_csk_bind_conflict()
  e100: Fix the TX workqueue race

Commit fda48a0d (tcp: bind() fix when many ports are bound)
introduced a bug on IPV6 part.
We should not call ipv6_addr_any(inet6_rcv_saddr(sk2)) but
ipv6_addr_any(inet6_rcv_saddr(sk)) because sk2 can be IPV4, while sk is
IPV6.
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Tested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  ext4: Issue the discard operation *before* releasing the blocks to be reused
  ext4: Fix buffer head leaks after calls to ext4_get_inode_loc()
  ext4: Fix possible lost inode write in no journal mode

noop_backing_dev_info is used only as a flag to mark filesystems that
don't have any backing store, like tmpfs, procfs, spufs, etc.
Signed-off-by: Joern Engel <joern@logfs.org>

Changed the BUG_ON() to a WARN_ON(). Note that adding dirty inodes
to the noop_backing_dev_info is not legal and will not result in
them being flushed, but we already catch this condition in
__mark_inode_dirty() when checking for a registered bdi.
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>

Nothing stops the workqueue being left to run in parallel with close or a
few other operations. This causes double unmaps and the like.

See kerneloops.org #1041230 for an example
Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Sizing the buffer based on block size is incorrect, leading
to a potential buffer over-run on 4K block size file systems
(because the metadata block size is always 8K).  This bug
doesn't seem have triggered because 4K block size file systems
are not default, and also because metadata blocks after
compression tend to be less than 4K.
Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>

Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>

Fix warn_on triggered by mounting a fsfuzzer corrupted file system, where
the root inode has been corrupted.
Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
Reported-by: Steve Grubb <sgrubb@redhat.com>

* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/davej/cpufreq:
  [CPUFREQ] use max load in conservative governor
  [CPUFREQ] fix a lockdep warning

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (22 commits)
  gianfar: Fix potential oops during OF address translation
  fsl_pq_mdio: Fix kernel oops during OF address translation
  tcp: bind() fix when many ports are bound
  rdma: potential ERR_PTR dereference
  rtnetlink: potential ERR_PTR dereference
  net: ipv6 bind to device issue
  ipv6: allow to send packet after receiving ICMPv6 Too Big message with MTU field less than IPV6_MIN_MTU
  drivers/net/usb: Add new driver ipheth
  cxgb3: fix linkup issue
  X25 fix dead unaccepted sockets
  KS8851: NULL pointer dereference if list is empty
  net: 3c574_cs fix stats.tx_bytes counter
  xfrm6: ensure to use the same dev when building a bundle
  can: Fix possible NULL pointer dereference in ems_usb.c
  net: Fix an RCU warning in dev_pick_tx()
  ipv6: Fix tcp_v6_send_response transport header setting.
  bridge: add a missing ntohs()
  8139too: Fix a typo in the function name.
  mac80211: pass HT changes to driver when off channel
  mac80211: remove bogus TX agg state assignment
  ...

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6:
  PCI: Ensure we re-enable devices on resume
  x86/PCI: parse additional host bridge window resource types
  PCI: revert broken device warning
  PCI aerdrv: use correct bit defines and add 2ms delay to aer_root_reset
  x86/PCI: ignore Consumer/Producer bit in ACPI window descriptions