* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
wimax/i2400m: fix missing endian correction read in fw loader
net8139: fix a race at the end of NAPI
pktgen: Fix accuracy of inter-packet delay.
pkt_sched: gen_estimator: add a new lock
net: deliver skbs on inactive slaves to exact matches
ipv6: fix ICMP6_MIB_OUTERRORS
r8169: fix mdio_read and update mdio_write according to hw specs
gianfar: Revive the driver for eTSEC devices (disable timestamping)
caif: fix a couple range checks
phylib: Add support for the LXT973 phy.
net: Print num_rx_queues imbalance warning only when there are allocated queues

* 'pm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6:
PM / x86: Save/restore MISC_ENABLE register

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable:
Btrfs: The file argument for fsync() is never null
Btrfs: handle ERR_PTR from posix_acl_from_xattr()
Btrfs: avoid BUG when dropping root and reference in same transaction
Btrfs: prohibit a operation of changing acl's mask when noacl mount option used
Btrfs: should add a permission check for setfacl
Btrfs: btrfs_lookup_dir_item() can return ERR_PTR
Btrfs: btrfs_read_fs_root_no_name() returns ERR_PTRs
Btrfs: unwind after btrfs_start_transaction() errors
Btrfs: btrfs_iget() returns ERR_PTR
Btrfs: handle kzalloc() failure in open_ctree()
Btrfs: handle error returns from btrfs_lookup_dir_item()
Btrfs: Fix BUG_ON for fs converted from extN
Btrfs: Fix null dereference in relocation.c
Btrfs: fix remap_file_pages error
Btrfs: uninitialized data is check_path_shared()
Btrfs: fix fallocate regression
Btrfs: fix loop device on top of btrfs

Save/restore MISC_ENABLE register on suspend/resume.
This fixes OOPS (invalid opcode) on resume from STR on Asus P4P800-VM,
which wakes up with MWAIT disabled.

Fixes https://bugzilla.kernel.org/show_bug.cgi?id=15385

Signed-off-by: Ondrej Zary <linux@rainbow-software.org>
Tested-by: Alan Stern <stern@rowland.harvard.edu>
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>

fix a race at the end of NAPI complete processing, it had
better do __napi_complete() first before re-enable interrupt.

Signed-off-by:Figo.zhang <figo1802@gmail.com>

Signed-off-by: David S. Miller <davem@davemloft.net>

i2400m_fw_hdr_check() was accessing hardware field
bcf_hdr->module_type (little endian 32) without converting to host
byte sex.

Reported-by: Данилин Михаил <mdanilin@nsg.net.ru>

Signed-off-by: Inaky Perez-Gonzalez <inaky@linux.intel.com>

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6:
PCI: clear bridge resource range if BIOS assigned bad one
PCI: hotplug/cpqphp, fix NULL dereference
Revert "PCI: create function symlinks in /sys/bus/pci/slots/N/"
PCI: change resource collision messages from KERN_ERR to KERN_INFO

The "file" argument for fsync is never null so we can remove this check.

What drew my attention here is that 7ea8085910e: "drop unused dentry
argument to ->fsync" introduced an unconditional dereference at the
start of the function and that generated a smatch warning.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Chris Mason <chris.mason@oracle.com>

This reverts commit 962400e8fd29981a7b166e463dd143b6ac6a3e76, which was
entirely bogus.

The code used to multiply the character offset by "vc->vc_cols", and
that's actually correct, because 'd' itself is an 'unsigned short'. So
the pointer arithmetic already takes the size of a VGA character into
account. Changing it to use vc_size_row (which is just "vc_cols"
shifted up to take the size of the character into account) ends up
multiplying with the VGA character size twice.

This got reported as bugs for various other subsystems, because what it
actually results in is writing the 16-bit vc_video_erase_char pattern
(usually 0x0720: 0x07 is the default attribute, 0x20 is ASCII space)
into some random other allocation.

So Markus ended up reporting this as a ext4 bug, while to Torsten Kaiser
it looked like a problem with KMS or libata. Jeff Chua saw it in
different places.

And finally - Justin Mattock had slab poisoning enabled, and saw it as a
slab poison overwritten. And bisected and reverted this to verify the
buggy commit.

Reported-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Reported-by: Torsten Kaiser <just.for.lkml@googlemail.com>
Reported-by: Jeff Chua <jeff.chua.linux@gmail.com>
Reported-by: Justin P. Mattock <justinmattock@gmail.com>
Reported-bisected-and-tested-by: Justin P. Mattock <justinmattock@gmail.com>
Acked-by: Dave Airlie <airlied@redhat.com>
Cc: Frank Pan <frankpzh@gmail.com>
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

This patch correct a bug in the delay of pktgen.
It makes sure the inter-packet interval is accurate.

Signed-off-by: Daniel Turull <daniel.turull@gmail.com>
Signed-off-by: Robert Olsson <robert.olsson@its.uu.se>
Signed-off-by: David S. Miller <davem@davemloft.net>

The i2400m->rx_roq data structure is protected against race conditions
with a reference count (i2400m->rx_roq_refcount); the pointer can be
read-referenced under the i2400m->rx_lock spinlock.

The code in i2400m_rx_edata() wasn't properly following access
protocol, performing an invalid check on i2400m->rx_roq (which is
cleared to NULL when the refcount drops to zero). As such, it was
missing to detect when the data structure is no longer valid and
oopsing with a NULL pointer dereference.

This commit fixes said check by verifying, under the rx_lock spinlock,
that i2400m->rx_roq is non-NULL and then increasing the reference
count before dropping the spinlock.

Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>

* 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6:
kbuild: Create output directory in Makefile.modbuiltin
kbuild: Generate modules.builtin in make modules

Yannick found that video does not work with 2.6.34. The cause of this
bug was that the BIOS had assigned the wrong range to the PCI bridge
above the video device. Before 2.6.34 the kernel would have shrunk
the size of the bridge window, but since
d65245c PCI: don't shrink bridge resources
the kernel will avoid shrinking BIOS ranges.

So zero out the old range if we fail to claim it at boot time; this will
cause us to allocate a new range at startup, restoring the 2.6.34
behavior.

Fixes regression https://bugzilla.kernel.org/show_bug.cgi?id=16009.

Reported-by: Yannick <yannick.roehlly@free.fr>
Acked-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
Signed-off-by: Yinghai Lu <yinghai@kernel.org>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>

posix_acl_from_xattr() returns both ERR_PTRs and null, but it's OK to
pass null values to set_cached_acl()

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Chris Mason <chris.mason@oracle.com>

gen_kill_estimator() / gen_new_estimator() is not always called with
RTNL held.

net/netfilter/xt_RATEEST.c is one user of these API that do not hold
RTNL, so random corruptions can occur between "tc" and "iptables".

Add a new fine grained lock instead of trying to use RTNL in netfilter.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Firmware is available in the linux-firmware package.

Signed-off-by: Inaky Perez-Gonzalez <inaky@linux.intel.com>

* 'urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia-2.6:
pcmcia: avoid validate_cis failure on CIS override
pcmcia: dev_node removal bugfix
pcmcia: yenta_socket.c Remove extra #ifdef CONFIG_YENTA_TI
pcmcia: only keep saved I365_CSCINT flag if there is no PCI irq

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Michal Marek <mmarek@suse.cz>

There are devices out there which are PCI Hot-plug controllers with
compaq PCI IDs, but are not bridges, hence have pdev->subordinate
NULL. But cpqphp expects the pointer to be non-NULL.

Add a check to the probe function to avoid oopses like:
BUG: unable to handle kernel NULL pointer dereference at 00000050
IP: [<f82e3c41>] cpqhpc_probe+0x951/0x1120 [cpqphp]
*pdpt = 0000000033779001 *pde = 0000000000000000
...

The device here was:
00:0b.0 PCI Hot-plug controller [0804]: Compaq Computer Corporation PCI Hotplug Controller [0e11:a0f7] (rev 11)
Subsystem: Compaq Computer Corporation Device [0e11:a2f8]

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>

If btrfs_ioctl_snap_destroy() deletes a snapshot but finishes
with end_transaction(), the cleaner kthread may come in and
drop the root in the same transaction. If that's the case, the
root's refs still == 1 in the tree when btrfs_del_root() deletes
the item, because commit_fs_roots() hasn't updated it yet (that
happens during the commit).

This wasn't a problem before only because
btrfs_ioctl_snap_destroy() would commit the transaction before dropping
the dentry reference, so the dead root wouldn't get queued up until
after the fs root item was updated in the btree.

Since it is not an error to drop the root reference and the root in the
same transaction, just drop the BUG_ON() in btrfs_del_root().

Signed-off-by: Sage Weil <sage@newdream.net>
Signed-off-by: Chris Mason <chris.mason@oracle.com>

Cursors need to be in the GTT domain when being accessed by the GPU.
Previously this was a fortuitous byproduct of userspace using pwrite()
to upload the image data into the cursor. The redundant clflush was
removed in commit 9b8c4a and so the image was no longer being flushed
out of the caches into main memory. One could also devise a scenario
where the cursor was rendered by the GPU, prior to being attached as the
cursor, resulting in similar corruption due to the missing MI_FLUSH.

Fixes:

Bug 28335 - Cursor corruption caused by commit 9b8c4a0b21
https://bugs.freedesktop.org/show_bug.cgi?id=28335

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reported-and-tested-by: Jeff Chua <jeff.chua.linux@gmail.com>
Tested-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Andy Isaacson <adi@hexapodia.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Currently, the accelerated receive path for VLAN's will
drop packets if the real device is an inactive slave and
is not one of the special pkts tested for in
skb_bond_should_drop(). This behavior is different then
the non-accelerated path and for pkts over a bonded vlan.

For example,

vlanx -> bond0 -> ethx

will be dropped in the vlan path and not delivered to any
packet handlers at all. However,

bond0 -> vlanx -> ethx

and

bond0 -> ethx

will be delivered to handlers that match the exact dev,
because the VLAN path checks the real_dev which is not a
slave and netif_recv_skb() doesn't drop frames but only
delivers them to exact matches.

This patch adds a sk_buff flag which is used for tagging
skbs that would previously been dropped and allows the
skb to continue to skb_netif_recv(). Here we add
logic to check for the deliver_no_wcard flag and if it
is set only deliver to handlers that match exactly. This
makes both paths above consistent and gives pkt handlers
a way to identify skbs that come from inactive slaves.
Without this patch in some configurations skbs will be
delivered to handlers with exact matches and in others
be dropped out right in the vlan path.

I have tested the following 4 configurations in failover modes
and load balancing modes.

# bond0 -> ethx

# vlanx -> bond0 -> ethx

# bond0 -> vlanx -> ethx

# bond0 -> ethx
|
vlanx -> --

Signed-off-by: John Fastabend <john.r.fastabend@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Updates the i2400m driver to default to firmware versions v1.5 for the
Intel Wireless WiMAX Connection 5150 and 5350 devices.

Firmware available in linux-firmware.

Signed-off-by: Inaky Perez-Gonzalez <inaky@linux.intel.com>

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
ceph: try to send partial cap release on cap message on missing inode
ceph: release cap on import if we don't have the inode
ceph: fix misleading/incorrect debug message
ceph: fix atomic64_t initialization on ia64
ceph: fix lease revocation when seq doesn't match
ceph: fix f_namelen reported by statfs
ceph: fix memory leak in statfs
ceph: fix d_subdirs ordering problem

Commit a8408c17 introduced a new check to pccard_validate_cis(),
which avoids any "late" calls to this function. This broke the
insertion of cards which require a CIS override which changes
the number of card functions. Fix this by asserting that this
is _not_ a late call, but a proper call early during the card
insertion process.

Fixes https://bugzilla.kernel.org/show_bug.cgi?id=16138

Reported-by: Mikulas Patocka <mpatocka@redhat.com>
CC: <stable@kernel.org>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>

Generating the file in make modules_install was broken as well, because
it didn't work in a readonly filesystem and otherwise it generated a
root-owned file which is not wanted.

Reported-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Michal Marek <mmarek@suse.cz>

This reverts commit 75568f8094eb0333e9c2109b23cbc8b82d318a3c.

Since they're just a convenience anyway, remove these symlinks since
they're causing duplicate filename errors in the wild.

Acked-by: Alex Chiang <achiang@canonical.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>

when used Posix File System Test Suite(pjd-fstest) to test btrfs,
some cases about setfacl failed when noacl mount option used.
I simplified used commands in pjd-fstest, and the following steps
can reproduce it.
------------------------
# cd btrfs-part/
# mkdir aaa
# setfacl -m m::rw aaa <- successed, but not expected by pjd-fstest.
------------------------
I checked ext3, a warning message occured, like as:
setfacl: aaa/: Operation not supported
Certainly, it's expected by pjd-fstest.

So, i compared acl.c of btrfs and ext3. Based on that, a patch created.
Fortunately, it works.

Signed-off-by: Shi Weihua <shiwh@cn.fujitsu.com>
Signed-off-by: Chris Mason <chris.mason@oracle.com>

* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
ext4: Fix remaining racy updates of EXT4_I(inode)->i_flags
ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files

In commit 1f8438a85366 (icmp: Account for ICMP out errors), I did a typo
on IPV6 side, using ICMP6_MIB_OUTMSGS instead of ICMP6_MIB_OUTERRORS

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

This patch moves the module parameters to the file where they
can be avoided to be global and allow them to be static.

The module param : idle_mode_disabled and power_save_disabled
are moved from driver.c to control.c. Also these module parameters
are declared to be static as they are not required to be global anymore.
The module param : rx_reorder_disabled is moved from driver.c file to
rx.c file. Also this parameter is declated as static as it is not
required to be global anymore.

Signed-off-by: Prasanna S Panchamukhi<prasannax.s.panchamukhi@intel.com>

The data in the cmd_block buffers may reach the main memory after the
writel() to the device ports. This patch introduces two calls to wmb()
to ensure the relative ordering.

Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Tested-by: Colin Tuckley <colin.tuckley@arm.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>

If we have enough memory to allocate a new cap release message, do so, so
that we can send a partial release message immediately. This keeps us from
making the MDS wait when the cap release it needs is in a partially full
release message.

If we fail because of ENOMEM, oh well, they'll just have to wait a bit
longer.

Signed-off-by: Sage Weil <sage@newdream.net>

Patch c7c2fa07 removed one line too much from smc91c92_cs.c.

Reported-by: Komuro <komurojun-mbn@nifty.com>
CC: netdev@vger.kernel.org
CC: linux-wireless@vger.kernel.org
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (21 commits)
mac80211: fix deauth before assoc
iwlwifi: add missing rcu_read_lock
mac80211: fix function pointer check
wireless: remove my name from the maintainer list
ath5k: fix NULL pointer in antenna configuration
p54usb: Add device ID for Dell WLA3310 USB
wl1251: fix a memory leak in probe
ipmr: dont corrupt lists
8139too: fix buffer overrun in rtl8139_init_board
asix: check packet size against mtu+ETH_HLEN instead of ETH_FRAME_LEN
r8169: fix random mdio_write failures
ip6mr: fix a typo in ip6mr_for_each_table()
iwlwifi: move sysfs_create_group to post request firmware
iwlwifi: add name to Maintainers list
iwl3945: fix internal scan
iwl3945: enable stuck queue detection on 3945
ipv6: avoid high order allocations
ath5k: retain promiscuous setting
ath5k: depend on CONFIG_PM_SLEEP for suspend/resume functions
mac80211: process station blockack action frames from work
...

We can often deal with PCI resource issues by moving devices around. In
that case, there's no point in alarming the user with messages like these.
There are many bug reports where the message itself is the only problem,
e.g., https://bugs.launchpad.net/ubuntu/+source/linux/+bug/413419 .

Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>

On btrfs, do the following
------------------
# su user1
# cd btrfs-part/
# touch aaa
# getfacl aaa
# file: aaa
# owner: user1
# group: user1
user::rw-
group::rw-
other::r--
# su user2
# cd btrfs-part/
# setfacl -m u::rwx aaa
# getfacl aaa
# file: aaa
# owner: user1
# group: user1
user::rwx <- successed to setfacl
group::rw-
other::r--
------------------
but we should prohibit it that user2 changing user1's acl.
In fact, on ext3 and other fs, a message occurs:
setfacl: aaa: Operation not permitted

This patch fixed it.
Signed-off-by: Shi Weihua <shiwh@cn.fujitsu.com>
Signed-off-by: Chris Mason <chris.mason@oracle.com>

* 'for-linus' of git://oss.sgi.com/xfs/xfs:
xfs: improve xfs_isilocked
xfs: skip writeback from reclaim context
xfs: remove done roadmap item from xfs-delayed-logging-design.txt
xfs: fix race in inode cluster freeing failing to stale inodes
xfs: fix access to upper inodes without inode64
xfs: fix might_sleep() warning when initialising per-ag tree
fs/xfs/quota: Add missing mutex_unlock
xfs: remove duplicated #include
xfs: convert more trace events to DEFINE_EVENT
xfs: xfs_trace.c: remove duplicated #include
xfs: Check new inode size is OK before preallocating
xfs: clean up xlog_align
xfs: cleanup log reservation calculactions
xfs: be more explicit if RT mount fails due to config
xfs: replace E2BIG with EFBIG where appropriate

A few functions were still modifying i_flags in a racy manner.

Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

Realtek confirmed that a 20us delay is needed after mdio_read and
mdio_write operations. Reduce the delay in mdio_write, and add it
to mdio_read too. Also add a comment that the 20us is from hw specs.

Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Acked-by: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

wimax_msg_alloc() returns an ERR_PTR and not null. I changed it to test
for ERR_PTR instead of null. I also added a check in front of the
kfree() because kfree() can handle null but not ERR_PTR.

Signed-off-by: Dan Carpenter <error27@gmail.com>

cb->atapi.cdb is an array of 16 u8 elements. The call too memset()
would set the first part of the sge array to zero as well. It's not
a packed struct.

This one has been around for five years. I found it with Smatch. I
think the reason no one has seen it before is because we normally call
sil24_fill_sg() and that overwrites sge with proper information?

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>

If we get an IMPORT that give us a cap, but we don't have the inode, queue
a release (and try to send it immediately) so that the MDS doesn't get
stuck waiting for us.

Signed-off-by: Sage Weil <sage@newdream.net>

Seems pointless to have two #ifdef's with the same
CONFIG_YENTA_TI. Remove the extra one and
move CARDBUS_TYPE_ENE with the others.

[linux@dominikbrodowski.net: spelling & whitespace fixes]
Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>

* 'for-2.6.35' of git://linux-nfs.org/~bfields/linux:
nfsd4: shut down callback queue outside state lock
nfsd: nfsd_setattr needs to call commit_metadata

* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
[IA64] Fix build breakage

btrfs_lookup_dir_item() can return either ERR_PTRs or null.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Chris Mason <chris.mason@oracle.com>

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (30 commits)
X25: remove duplicated #include
tcp: use correct net ns in cookie_v4_check()
rps: tcp: fix rps_sock_flow_table table updates
ppp_generic: fix multilink fragment sizes
syncookies: remove Kconfig text line about disabled-by-default
ixgbe: only check pfc bits in hang logic if pfc is enabled
net: check for refcount if pop a stacked dst_entry
ixgbe: return IXGBE_ERR_RAR_INDEX when out of range
act_pedit: access skb->data safely
sfc: Store port number in net_device::dev_id
epic100: Test __BIG_ENDIAN instead of (non-existent) CONFIG_BIG_ENDIAN
tehuti: return -EFAULT on copy_to_user errors
isdn/kcapi: return -EFAULT on copy_from_user errors
e1000e: change logical negate to bitwise
sfc: Get port number from CS_PORT_NUM, not PCI function number
cls_u32: use skb_header_pointer() to dereference data safely
TCP: tcp_hybla: Fix integer overflow in slow start increment
act_nat: fix the wrong checksum when addr isn't in old_addr/mask
net/fec: fix pm to survive to suspend/resume
korina: count RX DMA OVR as rx_fifo_error
...

Dan Roseberg has reported a problem with the MOVE_EXT ioctl. If the
donor file is an append-only file, we should not allow the operation
to proceed, lest we end up overwriting the contents of an append-only
file.

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: Dan Rosenberg <dan.j.rosenberg@gmail.com>

stch_skb is allocated with wimax_gnl_re_state_change_alloc(). That
function returns ERR_PTRs on failure and doesn't return NULL.

Signed-off-by: Dan Carpenter <error27@gmail.com>

* 'kvm-updates/2.6.35' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: read apic->irr with ioapic lock held
KVM: ia64: Add missing spin_unlock in kvm_arch_hardware_enable()
KVM: Fix order passed to iommu_unmap
KVM: MMU: Remove user access when allowing kernel access to gpte.w=0 page
KVM: MMU: invalidate and flush on spte small->large page size change
KVM: SVM: Implement workaround for Erratum 383
KVM: SVM: Handle MCEs early in the vmexit process
KVM: powerpc: fix init/exit annotation

Nothing is released here: the caps message is simply ignored in this case.

Signed-off-by: Sage Weil <sage@newdream.net>

Keeping the saved I365_CSCINT flag around breaks PCMCIA on some system,
and is only needed on a few systems to get PCMCIA to work. This patch
allows PCMCIA to work on both types, and it fixes
https://bugzilla.kernel.org/show_bug.cgi?id=16015

Reported-by: Justin P. Mattock <justinmattock@gmail.com>
CC: <stable@kernel.org>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>