Pull TTY fixes from Greg Kroah-Hartman:
 "Here are 2 tiny patches for a serial driver to resolve issues that
  people have reported with the 3.6-rc tree.

  Both of these have been in the linux-next tree for a while now.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org&gt;">

* tag 'tty-3.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  tty: serial: imx: don't reinit clock in imx_setup_ufcr()
  tty: serial: imx: console write routing is unsafe on SMP

Pull staging tree fixes from Greg Kroah-Hartman:
 "Here are a few staging tree fixes for problems that have been
  reported.

  Nothing major, just a number of tiny driver fixes.  All of these have
  been in the linux-next tree for a while.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org&gt;">

* tag 'staging-3.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  drm/omap: add more new timings fields
  drm/omap: update for interlaced
  staging: r8712u: fix bug in r8712_recv_indicatepkt()
  staging: zcache: fix cleancache race condition with shrinker
  Staging: Android alarm: IOCTL command encoding fix
  staging: vt6656: [BUG] - Failed connection, incorrect endian.
  staging: ozwpan: fix memcmp() test in oz_set_active_pd()
  staging: wlan-ng: Fix problem with wrong arguments
  staging: comedi: das08: Correct AO output for das08jr-16-ao
  staging: comedi: das08: Correct AI encoding for das08jr-16-ao
  staging: comedi: das08: Fix PCI ref count
  staging: comedi: amplc_pci230: Fix PCI ref count
  staging: comedi: amplc_pc263: Fix PCI ref count
  staging: comedi: amplc_pc236: Fix PCI ref count
  staging: comedi: amplc_dio200: Fix PCI ref count
  staging: comedi: amplc_pci224: Fix PCI ref count
  drivers/iio/adc/at91_adc.c: adjust inconsistent IS_ERR and PTR_ERR
  staging iio: fix potential memory leak in lis3l02dq_ring.c
  staging:iio: prevent divide by zero bugs

Pull driver core fix from Greg Kroah-Hartman:
 "Here is one fix for 3.6-rc6 for the kobject.h file.

  It fixes a reported oops if CONFIG_HOTPLUG is disabled.  It's been in
  the linux-next tree for a while now.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org&gt;">

* tag 'driver-core-3.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
  kobject: fix oops with "input0: bad kobj_uevent_env content in show_uevent()"

We already use them for openat() and friends, but fstat() also wants to
be able to use O_PATH file descriptors.  This should make it more
directly comparable to the O_SEARCH of Solaris.

Note that you could already do the same thing with "fstatat()" and an
empty path, but just doing "fstat()" directly is simpler and faster, so
there is no reason not to just allow it directly.

See also commit 332a2e12, which did the same thing for fchdir, for
the same reasons.

Reported-by: ольга крыжановская <olga.kryzhanovska@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: stable@kernel.org    # O_PATH introduced in 3.0+
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Pull sound fixes from Takashi Iwai:
 "Just a few small / trivial regression fixes at this time."

* tag 'sound-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: ice1724: Use linear scale for AK4396 volume control.
  ALSA: hda_intel: add position_fix quirk for Asus K53E
  ALSA: compress_core: fix open flags test in snd_compr_open()
  ALSA: hda - Fix Oops at codec reset/reconfig
  ALSA: usb-audio: Fix bogus error messages for delay accounting
  ALSA: hda - Fix missing Master volume for STAC9200/925x

Pull arm-soc bug fixes from Olof Johansson:

 - A set of OMAP fixes, about half of them PM/clock related, the rest
   scattered over the platform code but all small and targeted to real
   bugs.
 - Two small i.MX fixes for SSI device clock setup.

* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  ARM: clk-imx35: Fix SSI clock registration
  ARM: clk-imx25: Fix SSI clock registration
  ARM: OMAP4: Fix array size for irq_target_cpu
  ARM: OMAP4: hwmod data: temporarily comment out data for the sl2if IP block
  ARM: OMAP: hwmod code: Disable module when hwmod enable fails
  ARM: OMAP3: hwmod data: fix iva2 reset info
  ARM: OMAP3xxx: clockdomain: fix software supervised wakeup/sleep
  ARM: OMAP2+: am33xx: Fix the timer fck clock naming convention
  ARM: OMAP: Config fix for omap3-touchbook board
  ARM: OMAP: sram: skip the first 16K on OMAP3 HS
  ARM: OMAP: sram: fix OMAP4 errata handling
  ARM: OMAP: timer: obey the !CONFIG_OMAP_32K_TIMER

Pull additional AHCI PCI IDs from Jeff Garzik.

* tag 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
  ahci: Add identifiers for ASM106x devices
  ahci: Add alternate identifier for the 88SE9172
  ahci: Add JMicron 362 device IDs

ARM: i.MX: Fix SSI clock associations for i.MX25/i.MX35

* tag 'imx-fixes' of git://git.pengutronix.de/git/imx/linux-2.6:
  ARM: clk-imx35: Fix SSI clock registration
  ARM: clk-imx25: Fix SSI clock registration
  + Linux 3.6-rc5

They don't always appear as AHCI class devices but instead as IDE class.

Based on an initial patch by Hiroaki Nito

Resolves-bug: https://bugzilla.kernel.org/show_bug.cgi?id=42804


Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>

This can also appear as 0x9192. Reported in bugzilla and confirmed with the
board documentation for these boards.

Resolves-bug: https://bugzilla.kernel.org/show_bug.cgi?id=42970


Signed-off-by: Alan Cox <alan@linux.intel.com>
Cc: The Stables <stable@vger.kernel.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>

The JMicron JMB362 controller supports AHCI only, but some revisions
use the IDE class code.  These need to be matched by device ID.

These additions have apparently been included by QNAP in their NAS
devices using these controllers.

References: http://bugs.debian.org/634180


Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>

When pkcs_1_v1_5_decode_emsa() returns without error and hash sizes do
not match, hash comparision is not done and digsig_verify_rsa() returns
no error.  This is a bug and this patch fixes it.

The bug was introduced in v3.3 by commit b35e286a ("lib/digsig:
pkcs_1_v1_5_decode_emsa cleanup").

Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Pull ARM fixes from Russell King:
 "It's been a while...  so there's a little more here than normal.

  Mostly updates from Will for the breakpoint stuff, and plugging a few
  holes in the user access functions which crept in when domain support
  was disabled for ARMv7 CPUs."

* 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
  ARM: 7529/1: delay: set loops_per_jiffy when moving to timer-based loop
  ARM: 7528/1: uaccess: annotate [__]{get,put}_user functions with might_fault()
  ARM: 7527/1: uaccess: explicitly check __user pointer when !CPU_USE_DOMAINS
  ARM: 7526/1: traps: send SIGILL if get_user fails on undef handling path
  ARM: 7521/1: Fix semihosting Kconfig text
  ARM: 7513/1: Make sure dtc is built before running it
  ARM: 7512/1: Fix XIP build due to PHYS_OFFSET definition moving
  ARM: 7499/1: mm: Fix vmalloc overlap check for !HIGHMEM
  ARM: 7503/1: mm: only flush both pmd entries for classic MMU
  ARM: 7502/1: contextidr: avoid using bfi instruction during notifier
  ARM: 7501/1: decompressor: reset ttbcr for VMSA ARMv7 cores
  ARM: 7497/1: hw_breakpoint: allow single-byte watchpoints on all addresses
  ARM: 7496/1: hw_breakpoint: don't rely on dfsr to show watchpoint access type
  ARM: Fix ioremap() of address zero

Pull NFS client bugfixes from Trond Myklebust:

 - Final (hopefully) fix for the range checking code in NFSv4 getacl.
   This should fix the Oopses being seen when the acl size is close to
   PAGE_SIZE.
 - Fix a regression with the legacy binary mount code
 - Fix a regression in the readdir cookieverf initialisation
 - Fix an RPC over UDP regression
 - Ensure that we report all errors in the NFSv4 open code
 - Ensure that fsync() reports all relevant synchronisation errors.

* tag 'nfs-for-3.6-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
  NFS: fsync() must exit with an error if page writeback failed
  SUNRPC: Fix a UDP transport regression
  NFS: return error from decode_getfh in decode open
  NFSv4: Fix buffer overflow checking in __nfs4_get_acl_uncached
  NFSv4: Fix range checking in __nfs4_get_acl_uncached and __nfs4_proc_set_acl
  NFS: Fix a problem with the legacy binary mount code
  NFS: Fix the initialisation of the readdir 'cookieverf' array

The AK4396 DAC has a linear-scale attentuator, but
sound/pci/ice1712/prodigy_hifi.c used a log scale instead, which is
not quite right.  This patch restores the correct scale, borrowing
from the ak4396 code in sound/pci/oxygen/oxygen.c.

Signed-off-by: Matteo Frigo <athena@fftw.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

Pull workqueue fixes from Tejun Heo:
 "It's later than I'd like but well the timing just didn't work out this
  time.

  There are three bug fixes.  One from before 3.6-rc1 and two from the
  new CPU hotplug code.  Kudos to Lai for discovering all of them and
  providing fixes.

   * Atomicity bug when clearing a flag and setting another.  The two
     operation should have been atomic but wasn't.  This bug has existed
     for a long time but is unlikely to have actually happened.  Fix is
     safe.  Marked for -stable.

   * If CPU hotplug cycles happen back-to-back before workers finish the
     previous cycle, the states could get out of sync and it could get
     stuck.  Fixed by waiting for workers to complete before finishing
     hotplug cycle.

   * While CPU hotplug is in progress, idle workers could be depleted
     which can then lead to deadlock.  I think both happening together
     is highly unlikely but still better to fix it and the fix isn't too
     scary.

  There's another workqueue related regression which reported a few days
  ago:

    https://bugzilla.kernel.org/show_bug.cgi?id=47301

  It's a bit of head scratcher but there is a semi-reliable reproduce
  case, so I'm hoping to resolve it soonish."

* 'for-3.6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
  workqueue: fix possible idle worker depletion across CPU hotplug
  workqueue: restore POOL_MANAGING_WORKERS
  workqueue: fix possible deadlock in idle worker rebinding
  workqueue: move WORKER_REBIND clearing in rebind_workers() to the end of the function
  workqueue: UNBOUND -> REBIND morphing in rebind_workers() should be atomic

Pull crypto fixes from Herbert Xu:
 "This fixes the authenc self-test crash as well as a missing export of
  a symbol used by a module."

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: authenc - Fix crash with zero-length assoc data
  crypto/caam: Export gen_split_key symbol for other modules

Pull blackfin updates from Bob Liu:
 "One kbuild and a smp build fix."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lliubbo/blackfin:
  kbuild: add symbol prefix arg to kallsyms
  blackfin: smp: adapt to generic smp helpers

We need to ensure that if the call to filemap_write_and_wait_range()
fails, then we report that error back to the application.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

Commit c20c5a84 changed some chipsets to
default to POS_FIX_COMBO so they now use POS_FIX_LPIB instead of
POS_FIX_POSBUF. Since then I've been getting artifacts on playback, including
repeated sounds on my Asus laptop.

My hardware is Cougar Point which the commit log of
c20c5a84 mentions as tested so POS_FIX_COMBO
probably works in general but apparently it doesn't on Asus K53E therefore the
need for the quirk.

Signed-off-by: Catalin Iacob <iacobcatalin@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

O_RDONLY is zero so the original test (f->f_flags & O_RDONLY) is always
false and it will never do compress capture.  The test for O_WRONLY is
also slightly off.  The original test would consider "->flags =
(O_WRONLY | O_RDWR)" as write only instead of rejecting it as invalid.

I've also removed the pr_err() because that could flood dmesg.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

SSI block has two types of clock:

ipg: bus clock, the clock needed for accessing registers.
per: peripheral clock, the clock needed for generating the bit rate.

Currently SSI driver only supports slave mode and only need to handle
the ipg clock, because the peripheral clock comes from the master codec.

Only register the ipg clock and do not register the peripheral clock for ssi.

Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Tested-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Cc: stable@vger.kernel.org

SSI block has two types of clock:

ipg: bus clock, the clock needed for accessing registers.
per: peripheral clock, the clock needed for generating the bit rate.

Currently SSI driver only supports slave mode and only need to handle
the ipg clock, because the peripheral clock comes from the master codec.

Only register the ipg clock and do not register the peripheral clock for ssi.

Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Cc: stable@vger.kernel.org

The authenc code doesn't deal with zero-length associated data
correctly and ends up constructing a zero-length sg entry which
causes a crash when it's fed into the crypto system.

This patch fixes this by avoiding the code-path that triggers
the SG construction if we have no associated data.

This isn't the most optimal fix as it means that we'll end up
using the fallback code-path even when we could still execute
the digest function.  However, this isn't a big deal as nobody
but the test path would supply zero-length associated data.

Reported-by: Romain Francoise <romain@orebokech.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Romain Francoise <romain@orebokech.com>

Commit 1f2bfbd0 ("kbuild: link of
vmlinux moved to a script") introduced in v3.5-rc1 broke kallsyms on
architectures which have symbol prefixes.

The --symbol-prefix argument used to be added to the KALLSYMS command
line from the architecture Makefile, however this isn't picked up by the
new scripts/link-vmlinux.sh. This resulted in symbols like
kallsyms_addresses being added which weren't correctly overriding the
weak symbols such as _kallsyms_addresses. These could then trigger
BUG_ONs in kallsyms code.

This is fixed by removing the KALLSYMS addition from the architecture
Makefile, and using CONFIG_SYMBOL_PREFIX in the link-vmlinux.sh script
to determine whether to add the --symbol-prefix argument.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Bob Liu <lliubbo@gmail.com>

Pull SCSI fixes from James Bottomley:
 "I had actually prepared this fix set before I left for KS + Plumbers,
  so it's been incubating much longer than it should have.  I'll be
  picking up my three week backlog this week, so more fixes will then be
  forthcoming

  This set consist of three minor and one fairly major (the device not
  ready causing offlining problem which is a serious regression
  introduced by the media change update) fixes.

Signed-off-by: James Bottomley <JBottomley@Parallels.com&gt;">

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  [SCSI] Fix 'Device not ready' issue on mpt2sas
  [SCSI] scsi_lib: fix scsi_io_completion's SG_IO error propagation
  [SCSI] megaraid_sas: Move poll_aen_lock initializer
  [SCSI] mpt2sas: Fix for Driver oops, when loading driver with max_queue_depth command line option to a very small value

Pull KVM updates from Avi Kivity:
 "A trio of KVM fixes: incorrect lookup of guest cpuid, an uninitialized
  variable fix, and error path cleanup fix."

* tag 'kvm-3.6-2' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: fix error paths for failed gfn_to_page() calls
  KVM: x86: Check INVPCID feature bit in EBX of leaf 7
  KVM: PIC: fix use of uninitialised variable.

Pull FUSE fixes from Miklos Szeredi:
 "This contains bugfixes for FUSE and CUSE and a compile warning fix."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
  fuse: fix retrieve length
  fuse: mark variables uninitialized
  cuse: kill connection on initialization error
  cuse: fix fuse_conn_kill()

Without these, DVI is broken.

Signed-off-by: Rob Clark <rob@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

'struct omap_video_timings' was updated w/ a 'bool interlaced'.  Without
a matching update in omap_connector, this field could have undefined
values from the stack, which isn't quite ideal.

Update the fxns to convert omapdss<->drm timings structs, and zero-init
'struct omap_video_timings' when it is declared on stack to avoid issues
like this in the future.

Signed-off-by: Rob Clark <rob@ti.com>
Reviewed-by: Sumit Semwal <sumit.semwal@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

64bit arches have a buggy r8712u driver, let's fix it.

skb->tail must be set properly or network stack behavior is undefined.

Addresses https://bugzilla.redhat.com/show_bug.cgi?id=847525
Addresses https://bugzilla.kernel.org/show_bug.cgi?id=45071



Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Dave Jones <davej@redhat.com>
Cc: stable <stable@vger.kernel.org> [2.6.37+]
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Pull CIFS fixes from Steve French.

* 'for-linus' of git://git.samba.org/sfrench/cifs-2.6:
  CIFS: Fix endianness conversion
  CIFS: Fix error handling in cifs_push_mandatory_locks

Pull UDF and ext3 fixes from Jan Kara:
 "One UDF data corruption fix and one ext3 fix where we didn't write
  everything to disk on fsync in one corner case."

* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  udf: Fix data corruption for files in ICB
  ext3: Fix fdatasync() for files with only i_size changes

Pull i2c subsystem fixes from Jean Delvare.

* 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
  i2c-core: Fix for lockdep validator
  i2c-designware: Fix build error if CONFIG_I2C_DESIGNWARE_PLATFORM=y && CONFIG_I2C_DESIGNWARE_PCI=y
  i2c-i801: Add Device IDs for Intel Lynx Point-LP PCH

To simplify both normal and CPU hotplug paths, worker management is
prevented while CPU hoplug is in progress.  This is achieved by CPU
hotplug holding the same exclusion mechanism used by workers to ensure
there's only one manager per pool.

If someone else seems to be performing the manager role, workers
proceed to execute work items.  CPU hotplug using the same mechanism
can lead to idle worker depletion because all workers could proceed to
execute work items while CPU hotplug is in progress and CPU hotplug
itself wouldn't actually perform the worker management duty - it
doesn't guarantee that there's an idle worker left when it releases
management.

This idle worker depletion, under extreme circumstances, can break
forward-progress guarantee and thus lead to deadlock.

This patch fixes the bug by using separate mechanisms for manager
exclusion among workers and hotplug exclusion.  For manager exclusion,
POOL_MANAGING_WORKERS which was restored by the previous patch is
used.  pool->manager_mutex is now only used for exclusion between the
elected manager and CPU hotplug.  The elected manager won't proceed
without holding pool->manager_mutex.

This ensures that the worker which won the manager position can't skip
managing while CPU hotplug is in progress.  It will block on
manager_mutex and perform management after CPU hotplug is complete.

Note that hotplug may happen while waiting for manager_mutex.  A
manager isn't either on idle or busy list and thus the hoplug code
can't unbind/rebind it.  Make the manager handle its own un/rebinding.

tj: Updated comment and description.

Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
Signed-off-by: Tejun Heo <tj@kernel.org>

Pull drm fixes from Dave Airlie:
 "Just noticed I hadn't send these out, nothing majorly urgent, I know
  AMD guys have some regression fixes coming soon.

  This contains:
   2 nouveau fixes so it loads on the retina MBP systems properly,
   2 vmwgfx fixes to load the driver earlier, and allow distros config it
   1 error->debug fix in ast
  and Keith was playing with 32-on-64 and decided we may as well stick
  the compat ioctl in all the drivers.  It fixes udl for him."

* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
  drm/vmwgfx: add MODULE_DEVICE_TABLE so vmwgfx loads at boot
  drm/vmwgfx: allow a kconfig option to choose if fbcon is enabled
  drm: use drm_compat_ioctl for 32-bit apps
  drm/ast: drop debug level on error printk
  drm/nv50-/gpio: initialise to vbios defaults during init
  drm/nvd0/disp: hopefully fix selection of 6/8bpc mode on DP outputs

This patch restores POOL_MANAGING_WORKERS which was replaced by
pool->manager_mutex by 60373152 "workqueue: use mutex for global_cwq
manager exclusion".

There's a subtle idle worker depletion bug across CPU hotplug events
and we need to distinguish an actual manager and CPU hotplug
preventing management.  POOL_MANAGING_WORKERS will be used for the
former and manager_mutex the later.

This patch just lays POOL_MANAGING_WORKERS on top of the existing
manager_mutex and doesn't introduce any synchronization changes.  The
next patch will update it.

Note that this patch fixes a non-critical anomaly where
too_many_workers() may return %true spuriously while CPU hotplug is in
progress.  While the issue could schedule idle timer spuriously, it
didn't trigger any actual misbehavior.

tj: Rewrote patch description.

Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
Signed-off-by: Tejun Heo <tj@kernel.org>

This bug was triggered:
[ 4220.198458] BUG: unable to handle kernel paging request at fffffffffffffffe
[ 4220.203907] IP: [<ffffffff81104d85>] put_page+0xf/0x34
......
[ 4220.237326] Call Trace:
[ 4220.237361]  [<ffffffffa03830d0>] kvm_arch_destroy_vm+0xf9/0x101 [kvm]
[ 4220.237382]  [<ffffffffa036fe53>] kvm_put_kvm+0xcc/0x127 [kvm]
[ 4220.237401]  [<ffffffffa03702bc>] kvm_vcpu_release+0x18/0x1c [kvm]
[ 4220.237407]  [<ffffffff81145425>] __fput+0x111/0x1ed
[ 4220.237411]  [<ffffffff8114550f>] ____fput+0xe/0x10
[ 4220.237418]  [<ffffffff81063511>] task_work_run+0x5d/0x88
[ 4220.237424]  [<ffffffff8104c3f7>] do_exit+0x2bf/0x7ca

The test case:

	printf(fmt, ##args);		\
	exit(-1);} while (0)

static int create_vm(void)
{
	int sys_fd, vm_fd;

	sys_fd = open("/dev/kvm", O_RDWR);
	if (sys_fd < 0)
		die("open /dev/kvm fail.\n");

	vm_fd = ioctl(sys_fd, KVM_CREATE_VM, 0);
	if (vm_fd < 0)
		die("KVM_CREATE_VM fail.\n");

	return vm_fd;
}

static int create_vcpu(int vm_fd)
{
	int vcpu_fd;

	vcpu_fd = ioctl(vm_fd, KVM_CREATE_VCPU, 0);
	if (vcpu_fd < 0)
		die("KVM_CREATE_VCPU ioctl.\n");
	printf("Create vcpu.\n");
	return vcpu_fd;
}

static void *vcpu_thread(void *arg)
{
	int vm_fd = (int)(long)arg;

	create_vcpu(vm_fd);
	return NULL;
}

int main(int argc, char *argv[])
{
	pthread_t thread;
	int vm_fd;

	(void)argc;
	(void)argv;

	vm_fd = create_vm();
	pthread_create(&thread, NULL, vcpu_thread, (void *)(long)vm_fd);
	printf("Exit.\n");
	return 0;
}

It caused by release kvm->arch.ept_identity_map_addr which is the
error page.

The parent thread can send KILL signal to the vcpu thread when it was
exiting which stops faulting pages and potentially allocating memory.
So gfn_to_pfn/gfn_to_page may fail at this time

Fixed by checking the page before it is used

Signed-off-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

snd_hda_codec_reset() calls restore_pincfgs() where the codec is
powered up again, which eventually tries to resume and initialize via
the callbacks of the codec.  However, it's the place just after codec
free callback, thus no codec callbacks should be called after that.
On a codec like CS4206, it results in Oops due to the access in init
callback.

This patch fixes the issue by clearing the codec callbacks properly
after freeing codec.

Reported-by: Daniel J Blueman <daniel@quora.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

If kernel is compiled with CONFIG_PROVE_LOCKING the
validator raises an error when a multiplexer is removed
via sysfs and sub-clients are connected to it. This is a
false positive.
Documentation/lockdep-design.txt recommends to handle this
via calls to mutex_lock_nested().

Based on an earlier fix from Michael Lawnick.

Note that the extra code resolves to nothing unless
CONFIG_DEBUG_LOCK_ALLOC=y.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: Michael Lawnick <ml.lawnick@gmx.de>