crypto: caam - ablkcipher support

caam now supports encrypt and decrypt
for aes, des and 3des

Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: caam - faster aead implementation

Job descriptors only contain header and seq pointers.

Other commands are stored in separate shared descriptors
for encrypt, decrypt and givencrypt, stored as arrays
in caam_ctx.

This requires additional macros to create math commands
to calculate assoclen and cryptlen.

Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: caam - structure renaming

caam_ctx.key_phys to key_dma

caam_alg_template supports multiple algorithm types
listed in union, which requires cases for
different types in function caam_alg_alloc

Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: caam - shorter names

"aead_authenc" and "ipsec_esp" changed to "aead,"
except for function "ipsec_esp," which is changed
to "init_aead_job."

Variable name of aead_request structures changed
to "req" and name of aead_givcrypt_request structure
changed to "areq"

Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: talitos - don't bad_key in ablkcipher setkey

crypto/ablkcipher.c's setkey() has already checked against the min, max
key sizes before it calls here, and all max_keysize assignments in the
algorithm template array do not exceed TALITOS_MAX_KEY_SIZE.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: talitos - remove unused giv from ablkcipher methods

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: talitos - don't set done notification in hot path

IRQ done notification is always set.  Remove its explicit
assignment from the hot path by including it in the
descriptor header template assignment in talitos_cra_init.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: talitos - ensure request ordering within a single tfm

Assign single target channel per tfm in talitos_cra_init instead of
performing channel scheduling dynamically during the encryption request.
This changes the talitos_submit interface to accept a new channel
number argument.  Without this, rapid bursts of misc. sized requests
could make it possible for IPsec packets to be encrypted out-of-order,
which would result in packet drops due to sequence numbers falling
outside the anti-reply window on a peer gateway.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: gf128mul - fix call to memset()

In gf128mul_lle() and gf128mul_bbe() r isn't completely initialized with
zero because the size argument passed to memset() is the size of the
pointer, not the structure it points to.

Luckily there are no in-kernel users of those functions so the ABI
change implied by this fix should break no existing code.

Based on a patch by the PaX Team.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: PaX Team <pageexec@freemail.hu>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: s390 - support hardware accelerated SHA-224

On recent s390 machines hardware acceleration is available for SHA-256.
SHA-224 is based on SHA-256 so it can also be accelerated by hardware.
Do this by adding the proper algorithm description and initialization.

Signed-off-by: Jan Glauber <jang@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: algif_hash - Handle initial af_alg_make_sg error correctly

When the first call to af_alg_make_sg fails, we may return garbage
instead of the real error.  This patch fixes it by setting the error
if "copied" is zero.

Based on a patch by Jesper Juhl.

Reported-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: sha1_generic - use SHA1_BLOCK_SIZE

Modify sha1_update to use SHA1_BLOCK_SIZE.

Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

hwrng: ppc4xx - add support for ppc4xx TRNG

Various PowerPC 4xx SoCs contain a TRNG embedded in the Security function.
This adds a device driver for that TRNG.

Signed-off-by: Josh Boyer <jwboyer@linux.vnet.ibm.com>
Acked-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: crypto4xx - Perform read/modify/write on device control register

The Security function on the AMCC SoCs has multiple engines within a
single MMIO range.  The crypto driver currently enables the 3DES
functionality by doing a blind write to the device control register.
This can unintentionally disable other functions like the PKA or TRNG
when the driver is loaded.

Perform a read/modify/write to enable the 3DES function instead.

Signed-off-by: Josh Boyer <jwboyer@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: caam - fix build warning when DEBUG_FS not configured

drivers/crypto/caam/ctrl.c: In function 'caam_probe':
drivers/crypto/caam/ctrl.c:55:23: warning: unused variable 'perfmon'

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: arc4 - Fixed coding style issues

Fixed coding style issues: unnecessary spaces, parentheses on wrong lines.

Signed-off-by: Mati Vait <mativait@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: crc32c - Fixed coding style issue

Removed coding style issue: space before tabs.

Signed-off-by: Mati Vait <mativait@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: omap-sham - do not schedule tasklet if there is no active requests

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: omap-sham - clear device flags when finishing request

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: omap-sham - irq handler must not clear error code

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: omap-sham - irq and dma handling changes

It could be a situation, that tasklet is executed twice because of
certain delay between dma callback and irq handler execution.
In that case, second tasklet execution could actually corrupt the data
of the new started dma transactions.

This patch improves tasklet logic and prevents above described cases.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: omap-sham - remove dedicated queue handling tasklet

Calling omap_sham_handle_queue from "done" tasklet should be done
after irq scheduled tasklet completes.
Having additional tasklet does not solve that issue because it might
be execute before.
So queue handling tasklet has been removed and functionality integrated
into single tasklet.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: omap-sham - remove unnecessary local variable

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: omap-sham - move some flags to device context

Couple of context flags have been moved to device flags.
IRQ and tasklet handlers does not need to access request
context anymore.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: omap-sham - replace flags operation with atomic bit operations

Some flags are changed in interrupt handlers and verified in the tasklet.
There might be a race condition when tasklet is interrupted or another
cpu/core will run IRQ handler and tasklet in parallel.
Atomic bitops functions are now used instead of bitmask operations.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: omap-sham - replace flags bit mask with bit number

Flags mask cannot be used with atomic bit operations.
This patch changes masks to bit numbers.
Atomic bit operations will be used by following patches.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: omap-sham - remove unused code

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: omap-sham - remove extra reference

Request pointer is already available in the function.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

hwrng: timeriomem - use resource_size

Signed-off-by: H Hartley Sweeten <hsweeten@visionengravers.com>
Acked-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

hwrng: nomadik - add missing clk_put

Jump to the end of the function for the clk_disable and clk_put rather than
returning directly.

A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@r exists@
expression e1,e2;
statement S;
@@

e1 = clk_get@p1(...);
... when != e1 = e2
    when != clk_put(e1)
    when any
if (...) { ... when != clk_put(e1)
               when != if (...) { ... clk_put(e1) ... }
* return@p3 ...;
 } else S
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

hwrng: omap - add missing clk_put

Convert a return to a jump to an existing label that calls clk_put.

A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@r exists@
expression e1,e2;
statement S;
@@

e1 = clk_get@p1(...);
... when != e1 = e2
    when != clk_put(e1)
    when any
if (...) { ... when != clk_put(e1)
               when != if (...) { ... clk_put(e1) ... }
* return@p3 ...;
 } else S
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: UML build fixes

CRYPTO_GHASH_CLMUL_NI_INTEL and CRYPTO_AES_NI_INTEL cannot be used
on UML.
Commit 3e02e5cb and 54b6a1b enabled them by accident.

Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: testmgr - add xts-aes-256 self-test

FIPS compliance requires a known-answer self-test for all approved
cipher and mode combinations, for all valid key sizes. Presently,
there are only self-tests for xts-aes-128. This adds a 256-bit one,
pulled from the same reference document, which should satisfy the
requirement.

Signed-off-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: ghash-intel - Fix set but not used in ghash_async_setkey()

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: caam - fix operator precedence in shared descriptor allocation

setkey allocates 16 bytes (CAAM_CMD_SZ *
DESC_AEAD_SHARED_TEXT_LEN) shy of what is needed to
store the shared descriptor, resulting in memory
corruption.  Fix this.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Merge git://git./linux/kernel/git/sfrench/cifs-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
  cifs: mark CONFIG_CIFS_NFSD_EXPORT as BROKEN
  cifs: free blkcipher in smbhash

Merge branch 'for-linus' of git://git./linux/kernel/git/viro/vfs-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:
  cifs: propagate errors from cifs_get_root() to mount(2)
  cifs: tidy cifs_do_mount() up a bit
  cifs: more breakage on mount failures
  cifs: close sget() races
  cifs: pull freeing mountdata/dropping nls/freeing cifs_sb into cifs_umount()
  cifs: move cifs_umount() call into ->kill_sb()
  cifs: pull cifs_mount() call up
  sanitize cifs_umount() prototype
  cifs: initialize ->tlink_tree in cifs_setup_cifs_sb()
  cifs: allocate mountdata earlier
  cifs: leak on mount if we share superblock
  cifs: don't pass superblock to cifs_mount()
  cifs: don't leak nls on mount failure
  cifs: double free on mount failure
  take bdi setup/destruction into cifs_mount/cifs_umount

Acked-by: Steve French <smfrench@gmail.com>

Merge branch 'master' of /linux/kernel/git/torvalds/linux-2.6

Merge branch 'timer-fixes-for-linus' of git://git./linux/kernel/git/tip/linux-2.6-tip

* 'timer-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  rtc: vt8500: Fix build error & cleanup rtc_class_ops->update_irq_enable()
  alarmtimers: Return -ENOTSUPP if no RTC device is present
  alarmtimers: Handle late rtc module loading

Merge branch 'for-linus' of git://git./linux/kernel/git/tiwai/sound-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
  ALSA: Remove unneeded version.h includes from sound/
  ASoC: pxa-ssp: Correct check for stream presence
  ASoC: imx: add missing module informations
  ASoC: imx: Remove unused Kconfig SND_MXC_SOC_SSI entry
  ALSA: HDA: Pinfix quirk for HP Z200 Workstation
  ALSA: VIA HDA: Create a master amplifier control for VT1718S.
  ALSA: VIA HDA: Mute/unmute mixer conncted to Headphone for VT1718S.
  ALSA: VIA HDA: Modify initial verbs list for VT1718S.
  ALSA: hda - Remove ALC268 model override for CPR2000
  ALSA: HDA: Remove quirk for an HP device
  ASoC: Remove unused and about to be broken SND_SOC_CUSTOM I/O bus

Merge branch 'fortglx/3.0/tip/timers/rtc' of git://git.linaro.org/people/jstultz/linux into timers/urgent

  * rtc: vt8500: Fix build error & cleanup rtc_class_ops->update_irq_enable()

Merge branch 'drm-intel-fixes' of git://git./linux/kernel/git/keithp/linux-2.6

* 'drm-intel-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/keithp/linux-2.6:
  drm/i915: save/resume forcewake lock fixes
  Revert "drm/i915: Kill GTT mappings when moving from GTT domain"
  drm/i915: Apply HWSTAM workaround for BSD ring on SandyBridge
  drm/i915: Call intel_enable_plane from i9xx_crtc_mode_set (again)

cifs: propagate errors from cifs_get_root() to mount(2)

... instead of just failing with -EINVAL

Acked-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

cifs: tidy cifs_do_mount() up a bit

Acked-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

cifs: more breakage on mount failures

if cifs_get_root() fails, we end up with ->mount() returning NULL,
which is not what callers expect.  Moreover, in case of superblock
reuse we end up leaking a superblock reference...

Acked-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

cifs: close sget() races

have ->s_fs_info set by the set() callback passed to sget()

Acked-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

cifs: pull freeing mountdata/dropping nls/freeing cifs_sb into cifs_umount()

all callers of cifs_umount() proceed to do the same thing; pull it into
cifs_umount() itself.

Acked-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

cifs: move cifs_umount() call into ->kill_sb()

instead of calling it manually in case if cifs_read_super() fails
to set ->s_root, just call it from ->kill_sb().  cifs_put_super()
is gone now *and* we have cifs_sb shutdown and destruction done
after the superblock is gone from ->s_instances.

Acked-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

cifs: pull cifs_mount() call up

... to the point prior to sget().  Now we have cifs_sb set up early
enough.

Acked-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

sanitize cifs_umount() prototype

a) superblock argument is unused
b) it always returns 0

Acked-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

cifs: initialize ->tlink_tree in cifs_setup_cifs_sb()

no need to wait until cifs_read_super() and we need it done
by the time cifs_mount() will be called.

Acked-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

cifs: allocate mountdata earlier

pull mountdata allocation up, so that it won't stand in the way when
we lift cifs_mount() to location before sget().

Acked-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

cifs: leak on mount if we share superblock

cifs_sb and nls end up leaked...

Acked-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

cifs: don't pass superblock to cifs_mount()

To close sget() races we'll need to be able to set cifs_sb up before
we get the superblock, so we'll want to be able to do cifs_mount()
earlier.  Fortunately, it's easy to do - setting ->s_maxbytes can
be done in cifs_read_super(), ditto for ->s_time_gran and as for
putting MS_POSIXACL into ->s_flags, we can mirror it in ->mnt_cifs_flags
until cifs_read_super() is called.  Kill unused 'devname' argument,
while we are at it...

Acked-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

cifs: don't leak nls on mount failure

if cifs_sb allocation fails, we still need to drop nls we'd stashed
into volume_info - the one we would've copied to cifs_sb if we could
allocate the latter.

Acked-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

cifs: double free on mount failure

if we get to out_super with ->s_root already set (e.g. with
cifs_get_root() failure), we'll end up with cifs_put_super()
called and ->mountdata freed twice.  We'll also get cifs_sb
freed twice and cifs_sb->local_nls dropped twice.  The problem
is, we can get to out_super both with and without ->s_root,
which makes ->put_super() a bad place for such work.

Switch to ->kill_sb(), have all that work done there after
kill_anon_super().  Unlike ->put_super(), ->kill_sb() is
called by deactivate_locked_super() whether we have ->s_root
or not.

Acked-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

take bdi setup/destruction into cifs_mount/cifs_umount

Acked-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

cifs: mark CONFIG_CIFS_NFSD_EXPORT as BROKEN

This does not work properly with CIFS as current servers do not
enable support for the FILE_OPEN_BY_FILE_ID on SMB NTCreateX
and not all NFS clients handle ESTALE.

For now, it just plain doesn't work. Mark it BROKEN to discourage
distros from enabling it.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

cifs: free blkcipher in smbhash

This is currently leaked in the rc == 0 case.

Reported-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

Merge branch 'for-linus' of git://git.kernel.dk/linux-block

* 'for-linus' of git://git.kernel.dk/linux-block:
  block: add REQ_SECURE to REQ_COMMON_MASK
  block: use the passed in @bdev when claiming if partno is zero
  block: Add __attribute__((format(printf...) and fix fallout
  block: make disk_block_events() properly wait for work cancellation
  block: remove non-syncing __disk_block_events() and fold it into disk_block_events()
  block: don't use non-syncing event blocking in disk_check_events()
  cfq-iosched: fix locking around ioc->ioc_data assignment

Merge branch 'upstream-linus' of git://git./linux/kernel/git/jgarzik/libata-dev

* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
  pata_marvell: Add support for 88SE91A0, 88SE91A4
  libata/sas: only set FROZEN flag if new EH is supported
  libata: apply NOSETXFER horkage to the affected Pioneer drives regardless of firmware revision
  drivers/ata/sata_dwc_460ex: Fix typo 'corrresponding'

Merge branch 'drm-fixes' of git://git./linux/kernel/git/airlied/drm-2.6

* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
  drm/radeon/kms: handle special cases for vddc
  drm/radeon/kms: fix num_banks tiling config for fusion

Merge branch 'for-linus' of git://git./linux/kernel/git/nab/scsi-post-merge-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/scsi-post-merge-2.6:
  tcm_fc: Fix conversion spec warning
  tcm_fc: Fix possible lock to unlock type deadlock
  tcm_fc: Fix ft_send_tm LUN lookup OOPs
  target: Fix incorrect strlen() NULL terminator checks
  target: Drop bogus ERR_PTR usage in target_fabric_configfs_init
  target: Fix ERR_PTR dereferencing bugs
  target: Convert transport_deregister_session_configfs nacl_sess_lock to save irq state
  target: Fix transport_get_lun_for_tmr failure cases
  [SCSI] target: Convert TASK_ATTR to scsi_tcq.h definitions
  [SCSI] target: Convert REPORT_LUNs to use int_to_scsilun
  [SCSI] target: Fix task->task_execute_queue=1 clear bug + LUN_RESET OOPs
  [SCSI] target: Fix bug with task_sg chained transport_free_dev_tasks release
  [SCSI] target: Fix interrupt context bug with stats_lock and core_tmr_alloc_req
  [SCSI] target: Fix multi task->task_sg[] chaining logic bug

Merge branch 'for-linus' of git://git./linux/kernel/git/jbarnes/pci-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6:
  x86/PCI/ACPI: fix type mismatch
  PCI: fix new kernel-doc warning
  PCI: Fix warning in drivers/pci/probe.c on sparc64

Merge git://git./linux/kernel/git/sfrench/cifs-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
  cifs: fix wsize negotiation to respect max buffer size and active signing (try #4)
  CIFS: Fix problem with 3.0-rc1 null user mount failure

Remove unneeded version.h includes from fs/

It was pointed out by 'make versioncheck' that some includes of
linux/version.h were not needed in fs/ (fs/btrfs/ctree.h and
fs/omfs/file.c).

This patch removes them.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Merge branch 'fix/asoc' into for-linus

ALSA: Remove unneeded version.h includes from sound/

In the sound/ directory there are two files (flagged by 'make
versioncheck'); sound/pci/asihpi/asihpi.c and
sound/soc/codecs/wm8991.c that include linux/version.h although they
don't need it. This patch removes the unneeded includes.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

pata_marvell: Add support for 88SE91A0, 88SE91A4

This patch enables support for Marvell IDE PATA controllers found on
Asus P8P67LE motherboard.

The formatting has been corrected and I also received a report from two
users of this motherboard that the patch works.

Signed-off-by: Paweł Drewniak <czajernia@gmail.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>

drm/radeon/kms: handle special cases for vddc

A voltage value of 0xff01 requires that the driver
look up the max voltage for the board based using the
atom SetVoltage command table.

Setting the proper voltage should fix stability on
some newer asics.

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>

drm/radeon/kms: fix num_banks tiling config for fusion

The field is encoded:
0 = 4 banks
1 = 8 banks
2 = 16 banks

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>

tcm_fc: Fix conversion spec warning

This patch fixes the following conversion specification warning for size_t

drivers/target/tcm_fc/tfc_io.c: In function ‘ft_queue_data_in’:
drivers/target/tcm_fc/tfc_io.c:209: warning: format ‘%x’ expects type ‘unsigned int’, but argument 5 has type ‘size_t’

Reported-by: Randy Dunlap <randy.dunlap@oracle.com>
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

tcm_fc: Fix possible lock to unlock type deadlock

There is a typo here, it should be an unlock instead of a lock.  The
original code will deadlock.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

tcm_fc: Fix ft_send_tm LUN lookup OOPs

This patch fixes a bug in ft_send_tm() that was incorrectly calling
ft_get_lun_for_cmd() -> transport_get_lun_for_cmd(), instead of using
transport_get_lun_for_tmr() for the proper struct se_lun lookup
that was triggering an OOPs in the se_cmd->tmr_req failure path.

This patch fixes the issue by re-arranging the codepath where
transport_get_lun_for_tmr() is called after tmr request is allocated and
made it available as part of se_cmd.

It also drops the now unnecessary ft_get_lun_for_cmd() unpacking code, and
uses scsilun_to_int() directly ahead of transport_get_lun_for_cmd() and
transport_get_lun_for_tmr() usage.

Signed-off-by: Patil, Kiran <kiran.patil@intel.com>
Signed-off-by: Robert Love <robert.w.love@intel.com>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>

target: Fix incorrect strlen() NULL terminator checks

This patch fixes a number of cases in target core using an incorrectly

if (strlen(foo) > SOME_MAX_SIZE)

As strlen() returns the number of characters in the string not counting
the NULL character at the end.  So if you do something like:

        char buf[10];

        if (strlen("0123456789") > 10)
                return -ETOOLONG;
        snprintf(buf, 10, "0123456789");
        printf("%s\n", buf);

then the last "9" gets chopped off and only "012345678" is printed.

Plus I threw in one small related cleanup.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

target: Drop bogus ERR_PTR usage in target_fabric_configfs_init

In the original code, there were several places inside the
target_fabric_configfs_init() function that returned NULL on error
and one place the returned an ERR_PTR.  There are two places that
call this function and they only check for NULL returns; they don't
check for ERR_PTRs.  So I've changed the ERR_PTR so now the function
only returns NULL on error.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

target: Fix ERR_PTR dereferencing bugs

transport_init_session() and core_tmr_alloc_req() never return NULL,
they only return ERR_PTRs on error.

v2: Fix patch to return PTR_ERR(tl_nexus->se_sess) from Ankit Jain's
feedback.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Ankit Jain <jankit@suse.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

target: Convert transport_deregister_session_configfs nacl_sess_lock to save irq state

This patch converts transport_deregister_session_configfs() to save/restore
spinlock IRQ state for struct se_node_acl->nacl_sess_lock access as tcm_qla2xxx
logic expects to call transport_deregister_session_configfs() code with
irq save already held for struct qla_hw_data.

Reported-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

target: Fix transport_get_lun_for_tmr failure cases

This patch fixes two possible NULL pointer dereferences in target v4.0
code where se_tmr release path in core_tmr_release_req() can OOPs upon
transport_get_lun_for_tmr() failure by attempting to access se_device or
se_tmr->tmr_list without a valid member of se_device->tmr_list during
transport_free_se_cmd() release.  This patch moves the se_tmr->tmr_dev
pointer assignment in transport_get_lun_for_tmr() until after possible
-ENODEV failures during unpacked_lun lookup.

This addresses an OOPs originally reported with LIO v4.1 upstream on
.39 code here:

    TARGET_CORE[qla2xxx]: Detected NON_EXISTENT_LUN Access for 0x00000000
    BUG: unable to handle kernel NULL pointer dereference at 0000000000000550
    IP: [<ffffffff81035ec4>] __ticket_spin_trylock+0x4/0x20
    PGD 0
    Oops: 0000 [#1] SMP
    last sysfs file: /sys/devices/system/cpu/cpu23/cache/index2/shared_cpu_map
    CPU 1
    Modules linked in: netconsole target_core_pscsi target_core_file
tcm_qla2xxx target_core_iblock tcm_loop target_core_mod configfs
ipmi_devintf ipmi_si ipmi_msghandler serio_raw i7core_edac ioatdma dca
edac_core ps_bdrv ses enclosure usbhid usb_storage ahci qla2xxx hid
uas e1000e mpt2sas libahci mlx4_core scsi_transport_fc
scsi_transport_sas raid_class scsi_tgt [last unloaded: netconsole]

    Pid: 0, comm: kworker/0:0 Tainted: G        W   2.6.39+ #1 Xyratex Storage Server
    RIP: 0010:[<ffffffff81035ec4>] [<ffffffff81035ec4>]__ticket_spin_trylock+0x4/0x20
    RSP: 0018:ffff88063e803c08  EFLAGS: 00010286
    RAX: ffff880619ab45e0 RBX: 0000000000000550 RCX: 0000000000000000
    RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000550
    RBP: ffff88063e803c08 R08: 0000000000000002 R09: 0000000000000000
    R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000568
    R13: 0000000000000001 R14: 0000000000000000 R15: ffff88060cd96a20
    FS:  0000000000000000(0000) GS:ffff88063e800000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
    CR2: 0000000000000550 CR3: 0000000001a03000 CR4: 00000000000006e0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
    Process kworker/0:0 (pid: 0, threadinfo ffff880619ab8000, task ffff880619ab45e0)
    Stack:
     ffff88063e803c28 ffffffff812cf039 0000000000000550 0000000000000568
     ffff88063e803c58 ffffffff8157071e ffffffffa028a1dc ffff88060f7e4600
     0000000000000550 ffff880616961480 ffff88063e803c78 ffffffffa028a1dc
    Call Trace:
<IRQ>
     [<ffffffff812cf039>] do_raw_spin_trylock+0x19/0x50
     [<ffffffff8157071e>] _raw_spin_lock+0x3e/0x70
     [<ffffffffa028a1dc>] ? core_tmr_release_req+0x2c/0x60 [target_core_mod]
     [<ffffffffa028a1dc>] core_tmr_release_req+0x2c/0x60 [target_core_mod]
     [<ffffffffa028d0d2>] transport_free_se_cmd+0x22/0x50 [target_core_mod]
     [<ffffffffa028d120>] transport_release_cmd_to_pool+0x20/0x40 [target_core_mod]
     [<ffffffffa028e525>] transport_generic_free_cmd+0xa5/0xb0 [target_core_mod]
     [<ffffffffa0147cc4>] tcm_qla2xxx_handle_tmr+0xc4/0xd0 [tcm_qla2xxx]
     [<ffffffffa0191ba3>] __qla24xx_handle_abts+0xd3/0x150 [qla2xxx]
     [<ffffffffa0197651>] qla_tgt_response_pkt+0x171/0x520 [qla2xxx]
     [<ffffffffa0197a2d>] qla_tgt_response_pkt_all_vps+0x2d/0x220 [qla2xxx]
     [<ffffffffa0171dd3>] qla24xx_process_response_queue+0x1a3/0x670 [qla2xxx]
     [<ffffffffa0196281>] ? qla24xx_atio_pkt+0x81/0x120 [qla2xxx]
     [<ffffffffa0174025>] ? qla24xx_msix_default+0x45/0x2a0 [qla2xxx]
     [<ffffffffa0174198>] qla24xx_msix_default+0x1b8/0x2a0 [qla2xxx]
     [<ffffffff810dadb4>] handle_irq_event_percpu+0x54/0x210
     [<ffffffff810dafb8>] handle_irq_event+0x48/0x70
     [<ffffffff810dd5ee>] ? handle_edge_irq+0x1e/0x110
     [<ffffffff810dd647>] handle_edge_irq+0x77/0x110
     [<ffffffff8100d362>] handle_irq+0x22/0x40
     [<ffffffff8157b28d>] do_IRQ+0x5d/0xe0
     [<ffffffff81571413>] common_interrupt+0x13/0x13
<EOI>
     [<ffffffff813003f7>] ? intel_idle+0xd7/0x130
     [<ffffffff813003f0>] ? intel_idle+0xd0/0x130
     [<ffffffff8144832b>] cpuidle_idle_call+0xab/0x1c0
     [<ffffffff8100a26b>] cpu_idle+0xab/0xf0
     [<ffffffff81566c59>] start_secondary+0x1cb/0x1d2

Reported-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

rtc: vt8500: Fix build error & cleanup rtc_class_ops->update_irq_enable()

Now that the generic code handles UIE mode irqs via periodic
alarm interrupts, no one calls the
rtc_class_ops->update_irq_enable() method anymore.

Further the rtc_class_ops doesn't have a update_irq_enable element
anymore, so this causes a build error.

This patch removes the driver hooks and implementations of
update_irq_enable and the associated setup.

[wsa: updated commit-message and removed update_irq_enable-function, too]
[jstultz: improve commit message, clarifying build issue]
Signed-off-by: Alexey Charkov <alchark@gmail.com>
Signed-off-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: John Stultz <john.stultz@linaro.org>

libata/sas: only set FROZEN flag if new EH is supported

On 16.06.2011 [08:28:39 -0500], Brian King wrote:
> On 06/16/2011 02:51 AM, Tejun Heo wrote:
> > On Wed, Jun 15, 2011 at 04:34:17PM -0700, Nishanth Aravamudan wrote:
> >>> That looks like the right thing to do. For ipr's usage of
> >>> libata, we don't have the concept of a port frozen state, so this flag
> >>> should really never get set. The alternate way to fix this would be to
> >>> only set ATA_PFLAG_FROZEN in ata_port_alloc if ap->ops->error_handler
> >>> is not NULL.
> >>
> >> It seemed like ipr is as you say, but I wasn't sure if it was
> >> appropriate to make the change above in the common libata-scis code or
> >> not. I don't want to break some other device on accident.
> >>
> >> Also, I tried your suggestion, but I don't think that can happen in
> >> ata_port_alloc? ata_port_alloc is allocated ap itself, and it seems like
> >> ap->ops typically gets set only after ata_port_alloc returns?
> >
> > Maybe we can test error_handler in ata_sas_port_start()?
>
> Good point. Since libsas is converted to the new eh now, we would need to have
> this test.

Commit 7b3a24c57d2eeda8dba9c205342b12689c4679f9 ("ahci: don't enable
port irq before handler is registered") caused a regression for CD-ROMs
attached to the IPR SATA bus on Power machines:

  ata_port_alloc: ENTER
  ata_port_probe: ata1: bus probe begin
  ata1.00: ata_dev_read_id: ENTER
  ata1.00: failed to IDENTIFY (I/O error, err_mask=0x40)
  ata1.00: ata_dev_read_id: ENTER
  ata1.00: failed to IDENTIFY (I/O error, err_mask=0x40)
  ata1.00: limiting speed to UDMA7:PIO5
  ata1.00: ata_dev_read_id: ENTER
  ata1.00: failed to IDENTIFY (I/O error, err_mask=0x40)
  ata1.00: disabled
  ata_port_probe: ata1: bus probe end
  scsi_alloc_sdev: Allocation failure during SCSI scanning, some SCSI devices might not be configured

The FROZEN flag added in that commit is only cleared by the new EH code,
which is not used by ipr. Clear this flag in the SAS code if we don't
support new EH.

Reported-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Nishanth Aravamudan <nacc@us.ibm.com>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>

libata: apply NOSETXFER horkage to the affected Pioneer drives
regardless of firmware revision

It's unlikely NOSETXFER works for a revision of drive but doesn't for
another and pioneer doesn't seem to be fixing firmwares for the
affected drives.  Apply NOSETXFER to the affected pioneer drives
regardless of firmware revision.

  http://article.gmane.org/gmane.linux.ide/49734

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: fl-00@gmx.de
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>

drivers/ata/sata_dwc_460ex: Fix typo 'corrresponding'

The patch below fixes a typo.

Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>

Merge tag 'v3.0-rc4' of /linux/kernel/git/torvalds/linux-2.6 into for-linus

ASoC: pxa-ssp: Correct check for stream presence

Don't rely on the codec's channels_min information to decide wheter or
not allocate a substream's DMA buffer. Rather check if the substream
itself was allocated previously.

Signed-off-by: Daniel Mack <zonque@gmail.com>
Acked-by: Liam Girdwood <lrg@ti.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Cc: stable@kernel.org

ASoC: imx: add missing module informations

- add some modules aliases
- add module license to avoid tainted kernel when loading the imx-pcm-audio
  driver

Signed-off-by: Arnaud Patard <arnaud.patard@rtp-net.org>
Acked-by: Sascha Hauer <s.hauer@pengutronix.de>
Acked-by: Liam Girdwood <lrg@ti.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>

ASoC: imx: Remove unused Kconfig SND_MXC_SOC_SSI entry

SND_MXC_SOC_SSI looks to be unused, so kill it.

Signed-off-by: Arnaud Patard <arnaud.patard@rtp-net.org>
Acked-by: Sascha Hauer <s.hauer@pengutronix.de>
Acked-by: Liam Girdwood <lrg@ti.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>

cifs: fix wsize negotiation to respect max buffer size and active signing (try #4)

Hopefully last version. Base signing check on CAP_UNIX instead of
tcon->unix_ext, also clean up the comments a bit more.

According to Hongwei Sun's blog posting here:

    http://blogs.msdn.com/b/openspecification/archive/2009/04/10/smb-maximum-transmit-buffer-size-and-performance-tuning.aspx

CAP_LARGE_WRITEX is ignored when signing is active. Also, the maximum
size for a write without CAP_LARGE_WRITEX should be the maxBuf that
the server sent in the NEGOTIATE request.

Fix the wsize negotiation to take this into account. While we're at it,
alter the other wsize definitions to use sizeof(WRITE_REQ) to allow for
slightly larger amounts of data to potentially be written per request.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

Fix CPU spinlock lockups on secondary CPU bringup

Secondary CPU bringup typically calls calibrate_delay() during its
initialization.  However, calibrate_delay() modifies a global variable
(loops_per_jiffy) used for udelay() and __delay().

A side effect of 71c696b1 ("calibrate: extract fall-back calculation
into own helper") introduced in the 2.6.39 merge window means that we
end up with a substantial period where loops_per_jiffy is zero.  This
causes the spinlock debugging code to malfunction:

u64 loops = loops_per_jiffy * HZ;
for (;;) {
for (i = 0; i < loops; i++) {
if (arch_spin_trylock(&lock->raw_lock))
return;
__delay(1);
}
...
}

by never calling arch_spin_trylock() - resulting in the CPU locking
up in an infinite loop inside __spin_lock_debug().

Work around this by only writing to loops_per_jiffy only once we have
completed all the calibration decisions.

Tested-by: Santosh Shilimkar <santosh.shilimkar@ti.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Cc: <stable@kernel.org> (2.6.39-stable)
--
Better solutions (such as omitting the calibration for secondary CPUs,
or arranging for calibrate_delay() to return the LPJ value and leave
it to the caller to decide where to store it) are a possibility, but
would be much more invasive into each architecture.

I think this is the best solution for -rc and stable, but it should be
revisited for the next merge window.

 init/calibrate.c |   14 ++++++++------
 1 files changed, 8 insertions(+), 6 deletions(-)
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

serial: mrst_max3110: initialize waitqueue earlier

The driver went to initialize its waitqueue at the start of the main
processing thread.  However, it is possible that this thread is not
scheduled on a CPU before the write function is called which leads to a
following error:

  BUG: spinlock bad magic on CPU#1, swapper/1
   lock: f5f3ebdc, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0
  Pid: 1, comm: swapper Not tainted 3.0.0-rc2+ #67
  Call Trace:
   [<c1289663>] spin_bug+0xa3/0xf0
   [<c12897ad>] do_raw_spin_lock+0x7d/0x150
   [<c14963de>] _raw_spin_lock_irqsave+0x4e/0x60
   [<c102f2bb>] __wake_up+0x1b/0x50
   [<c12d3715>] serial_m3110_con_write+0x55/0x60
   [<c1041575>] __call_console_drivers+0x75/0x90
   [<c10415d9>] _call_console_drivers+0x49/0x80
   [<c1041baa>] console_unlock+0xca/0x1f0
   [<c10420ef>] vprintk+0x18f/0x4f0
   [<c14928a3>] printk+0x18/0x1a
   [<c1042730>] register_console+0x2e0/0x350
   [<c12d098e>] uart_add_one_port+0x33e/0x3d0
   [<c1485ba6>] serial_m3110_probe+0x1c2/0x1df
   [<c1303db7>] spi_drv_probe+0x17/0x20
   ...

Fix this by initializing the waitqueue before the main thread is
created.

Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

mrst_max3110: Change max missing message priority.

Change print message to notice instead of error to clean up non critical
messages showing on startup.  The MAX3111 not being present is a normal
path for end user systems.

Signed-off-by: William Douglas <william.douglas@intel.com>
[rebased on 3.0, switched to dev_dbg()]
Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

ALSA: HDA: Pinfix quirk for HP Z200 Workstation

BIOS lists the internal speaker as an internal line-out. Change to
internal speaker + model=auto for better auto-mute capabilities.

BugLink: http://bugs.launchpad.net/bugs/754964
Reported-by: Marc Legris <marc.legris@canonical.com>
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

Merge branch 'for-linus' of git://git./linux/kernel/git/shaggy/jfs-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shaggy/jfs-2.6:
  jfs: agstart field must be 64 bits
  JFS: Don't save agno in the inode
  jfs: Update agstart when resizing volume
  jfs: old_agsize should be 64 bits in jfs_extendfs

Merge branch 'pm-fixes' of git://git./linux/kernel/git/rafael/suspend-2.6

* 'pm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6:
  PCI / PM: Block races between runtime PM and system sleep
  PM / Domains: Update documentation
  PM / Runtime: Handle clocks correctly if CONFIG_PM_RUNTIME is unset
  PM: Fix async resume following suspend failure
  PM: Free memory bitmaps if opening /dev/snapshot fails
  PM: Rename dev_pm_info.in_suspend to is_prepared
  PM: Update documentation regarding sysdevs
  PM / Runtime: Update doc: usage count no longer incremented across system PM

mm, hotplug: protect zonelist building with zonelists_mutex

Commit 959ecc48fc75 ("mm/memory_hotplug.c: fix building of node hotplug
zonelist") does not protect the build_all_zonelists() call with
zonelists_mutex as needed.  This can lead to races in constructing
zonelist ordering if a concurrent build is underway.  Protecting this
with lock_memory_hotplug() is insufficient since zonelists can be
rebuild though sysfs as well.

Signed-off-by: David Rientjes <rientjes@google.com>
Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

mm, hotplug: fix error handling in mem_online_node()

The error handling in mem_online_node() is incorrect: hotadd_new_pgdat()
returns NULL if the new pgdat could not have been allocated and a pointer
to it otherwise.

mem_online_node() should fail if hotadd_new_pgdat() fails, not the
inverse.  This fixes an issue when memoryless nodes are not onlined and
their sysfs interface is not registered when their first cpu is brought
up.

The bug was introduced by commit cf23422b9d76 ("cpu/mem hotplug: enable
CPUs online before local memory online") iow v2.6.35.

Signed-off-by: David Rientjes <rientjes@google.com>
Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

CIFS: Fix problem with 3.0-rc1 null user mount failure

Figured it out: it was broken by b946845a9dc523c759cae2b6a0f6827486c3221a commit - "cifs: cifs_parse_mount_options: do not tokenize mount options in-place". So, as a quick fix I suggest to apply this patch.

[PATCH] CIFS: Fix kfree() with constant string in a null user case

Signed-off-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

drm/i915: save/resume forcewake lock fixes

The lock must be held for the saving and restoring of VGA state.

Signed-off-by: Ben Widawsky <ben@bwidawsk.net>
CC: Alexander Zhaunerchyk <alex.vizor@gmail.com>
CC: Andrey Rahmatullin <wrar@wrar.name>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Keith Packard <keithp@keithp.com>

KEYS: Fix error handling in construct_key_and_link()

Fix error handling in construct_key_and_link().

If construct_alloc_key() returns an error, it shouldn't pass out through
the normal path as the key_serial() called by the kleave() statement
will oops when it gets an error code in the pointer:

  BUG: unable to handle kernel paging request at ffffffffffffff84
  IP: [<ffffffff8120b401>] request_key_and_link+0x4d7/0x52f
  ..
  Call Trace:
   [<ffffffff8120b52c>] request_key+0x41/0x75
   [<ffffffffa00ed6e8>] cifs_get_spnego_key+0x206/0x226 [cifs]
   [<ffffffffa00eb0c9>] CIFS_SessSetup+0x511/0x1234 [cifs]
   [<ffffffffa00d9799>] cifs_setup_session+0x90/0x1ae [cifs]
   [<ffffffffa00d9c02>] cifs_get_smb_ses+0x34b/0x40f [cifs]
   [<ffffffffa00d9e05>] cifs_mount+0x13f/0x504 [cifs]
   [<ffffffffa00caabb>] cifs_do_mount+0xc4/0x672 [cifs]
   [<ffffffff8113ae8c>] mount_fs+0x69/0x155
   [<ffffffff8114ff0e>] vfs_kern_mount+0x63/0xa0
   [<ffffffff81150be2>] do_kern_mount+0x4d/0xdf
   [<ffffffff81152278>] do_mount+0x63c/0x69f
   [<ffffffff8115255c>] sys_mount+0x88/0xc2
   [<ffffffff814fbdc2>] system_call_fastpath+0x16/0x1b

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

MN10300: asm/uaccess.h needs to #include linux/kernel.h for might_sleep()

MN10300's asm/uaccess.h needs to #include linux/kernel.h to get might_sleep()
otherwise it fails to build on MN10300 allyesconfig.  This fails in a few
places with messages like the following:

  In file included from security/keys/trusted.c:14:
  include/linux/uaccess.h: In function '__copy_from_user_nocache':
  include/linux/uaccess.h:52: error: implicit declaration of function 'might_sleep'

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>