3.0 patches

9 files changed, 630 insertions, 0 deletions

diff --git a/queue-3.0/cris-add-missing-declaration-of-kgdb_init-and.patch b/queue-3.0/cris-add-missing-declaration-of-kgdb_init-and.patch
new file mode 100644
index 0000000000..64d5f4304f
--- /dev/null
+++ b/queue-3.0/cris-add-missing-declaration-of-kgdb_init-and.patch
@@ -0,0 +1,41 @@
+From 1646ec9db75e151b0479dbfaf972f741d0476ec7 Mon Sep 17 00:00:00 2001
+From: WANG Cong <xiyou.wangcong@gmail.com>
+Date: Wed, 3 Aug 2011 16:21:15 -0700
+Subject: cris: add missing declaration of kgdb_init() and
+ breakpoint()
+
+From: WANG Cong <xiyou.wangcong@gmail.com>
+
+commit 1646ec9db75e151b0479dbfaf972f741d0476ec7 upstream.
+
+Fix:
+
+  arch/cris/arch-v10/kernel/irq.c:239: error: implicit declaration of function 'kgdb_init'
+  arch/cris/arch-v10/kernel/irq.c:240: error: implicit declaration of function 'breakpoint'
+
+Declare these two functions.
+
+Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
+Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com>
+Cc: Mikael Starvik <starvik@axis.com>
+Cc: Jesper Nilsson <jesper.nilsson@axis.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/cris/arch-v10/kernel/irq.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/arch/cris/arch-v10/kernel/irq.c
++++ b/arch/cris/arch-v10/kernel/irq.c
+@@ -20,6 +20,9 @@
+ #define crisv10_mask_irq(irq_nr) (*R_VECT_MASK_CLR = 1 << (irq_nr));
+ #define crisv10_unmask_irq(irq_nr) (*R_VECT_MASK_SET = 1 << (irq_nr));
+ 
++extern void kgdb_init(void);
++extern void breakpoint(void);
++
+ /* don't use set_int_vector, it bypasses the linux interrupt handlers. it is
+  * global just so that the kernel gdb can use it.
+  */
diff --git a/queue-3.0/cris-fix-a-build-error-in-kernel-fork.c.patch b/queue-3.0/cris-fix-a-build-error-in-kernel-fork.c.patch
new file mode 100644
index 0000000000..20ee89d793
--- /dev/null
+++ b/queue-3.0/cris-fix-a-build-error-in-kernel-fork.c.patch
@@ -0,0 +1,51 @@
+From d4969213f9e75ec1bfa6ea65c279c64cab7d1bd6 Mon Sep 17 00:00:00 2001
+From: WANG Cong <xiyou.wangcong@gmail.com>
+Date: Wed, 3 Aug 2011 16:21:12 -0700
+Subject: cris: fix a build error in kernel/fork.c
+
+From: WANG Cong <xiyou.wangcong@gmail.com>
+
+commit d4969213f9e75ec1bfa6ea65c279c64cab7d1bd6 upstream.
+
+Fix this error:
+
+  kernel/fork.c:267: error: implicit declaration of function 'alloc_thread_info_node'
+
+This is due to renaming alloc_thread_info() to alloc_thread_info_node().
+
+[akpm@linux-foundation.org: coding-style fixes]
+Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
+Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com>
+Cc: Mikael Starvik <starvik@axis.com>
+Cc: Jesper Nilsson <jesper.nilsson@axis.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/cris/include/asm/thread_info.h |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/arch/cris/include/asm/thread_info.h
++++ b/arch/cris/include/asm/thread_info.h
+@@ -11,8 +11,6 @@
+ 
+ #ifdef __KERNEL__
+ 
+-#define __HAVE_ARCH_THREAD_INFO_ALLOCATOR
+-
+ #ifndef __ASSEMBLY__
+ #include <asm/types.h>
+ #include <asm/processor.h>
+@@ -67,8 +65,10 @@ struct thread_info {
+ 
+ #define init_thread_info	(init_thread_union.thread_info)
+ 
++#define __HAVE_ARCH_THREAD_INFO_ALLOCATOR
+ /* thread information allocation */
+-#define alloc_thread_info(tsk, node) ((struct thread_info *) __get_free_pages(GFP_KERNEL,1))
++#define alloc_thread_info_node(tsk, node)	\
++	((struct thread_info *) __get_free_pages(GFP_KERNEL, 1))
+ #define free_thread_info(ti) free_pages((unsigned long) (ti), 1)
+ 
+ #endif /* !__ASSEMBLY__ */
diff --git a/queue-3.0/cris-fix-a-build-error-in-sync_serial_open.patch b/queue-3.0/cris-fix-a-build-error-in-sync_serial_open.patch
new file mode 100644
index 0000000000..1d6a4b8d6e
--- /dev/null
+++ b/queue-3.0/cris-fix-a-build-error-in-sync_serial_open.patch
@@ -0,0 +1,43 @@
+From 4b851d88192c22cf77418a0b4c45b5c789276837 Mon Sep 17 00:00:00 2001
+From: WANG Cong <xiyou.wangcong@gmail.com>
+Date: Wed, 3 Aug 2011 16:21:14 -0700
+Subject: cris: fix a build error in sync_serial_open()
+
+From: WANG Cong <xiyou.wangcong@gmail.com>
+
+commit 4b851d88192c22cf77418a0b4c45b5c789276837 upstream.
+
+Fix:
+
+  arch/cris/arch-v10/drivers/sync_serial.c:628: error: 'ret' undeclared (first use in this function)
+
+'ret' should be 'err'.
+
+Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
+Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com>
+Cc: Mikael Starvik <starvik@axis.com>
+Cc: Jesper Nilsson <jesper.nilsson@axis.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/cris/arch-v10/drivers/sync_serial.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/cris/arch-v10/drivers/sync_serial.c
++++ b/arch/cris/arch-v10/drivers/sync_serial.c
+@@ -625,11 +625,11 @@ static int sync_serial_open(struct inode
+ 			*R_IRQ_MASK1_SET = 1 << port->data_avail_bit;
+ 		DEBUG(printk(KERN_DEBUG "sser%d rec started\n", dev));
+ 	}
+-	ret = 0;
++	err = 0;
+ 	
+ out:
+ 	mutex_unlock(&sync_serial_mutex);
+-	return ret;
++	return err;
+ }
+ 
+ static int sync_serial_release(struct inode *inode, struct file *file)
diff --git a/queue-3.0/cris-fix-the-prototype-of-sync_serial_ioctl.patch b/queue-3.0/cris-fix-the-prototype-of-sync_serial_ioctl.patch
new file mode 100644
index 0000000000..fef35bc142
--- /dev/null
+++ b/queue-3.0/cris-fix-the-prototype-of-sync_serial_ioctl.patch
@@ -0,0 +1,36 @@
+From b4bc281266e84e9a432b588ebdcef5fb94dc8ecb Mon Sep 17 00:00:00 2001
+From: WANG Cong <xiyou.wangcong@gmail.com>
+Date: Wed, 3 Aug 2011 16:21:14 -0700
+Subject: cris: fix the prototype of sync_serial_ioctl()
+
+From: WANG Cong <xiyou.wangcong@gmail.com>
+
+commit b4bc281266e84e9a432b588ebdcef5fb94dc8ecb upstream.
+
+Fix:
+
+  arch/cris/arch-v10/drivers/sync_serial.c:961: error: conflicting types for 'sync_serial_ioctl'
+
+Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
+Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com>
+Cc: Mikael Starvik <starvik@axis.com>
+Cc: Jesper Nilsson <jesper.nilsson@axis.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/cris/arch-v10/drivers/sync_serial.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/cris/arch-v10/drivers/sync_serial.c
++++ b/arch/cris/arch-v10/drivers/sync_serial.c
+@@ -158,7 +158,7 @@ static int sync_serial_open(struct inode
+ static int sync_serial_release(struct inode *inode, struct file *file);
+ static unsigned int sync_serial_poll(struct file *filp, poll_table *wait);
+ 
+-static int sync_serial_ioctl(struct file *file,
++static long sync_serial_ioctl(struct file *file,
+ 	unsigned int cmd, unsigned long arg);
+ static ssize_t sync_serial_write(struct file *file, const char *buf,
+ 	size_t count, loff_t *ppos);
diff --git a/queue-3.0/fix-futex-support.patch b/queue-3.0/fix-futex-support.patch
new file mode 100644
index 0000000000..521b3e47d5
--- /dev/null
+++ b/queue-3.0/fix-futex-support.patch
@@ -0,0 +1,139 @@
+From d9ba5fe76d604514444b1ea0a19f38c6196a46e3 Mon Sep 17 00:00:00 2001
+From: Carlos O'Donell <carlos@systemhalted.org>
+Date: Fri, 8 Jul 2011 17:27:00 -0400
+Subject: [PARISC] Fix futex support
+
+From: Carlos O'Donell <carlos@systemhalted.org>
+
+commit d9ba5fe76d604514444b1ea0a19f38c6196a46e3 upstream.
+
+Implements futex op support and makes futex cmpxchg atomic.
+Tested on 64-bit SMP kernel running on 2 x PA8700s.
+
+[jejb: checkpatch fixes]
+Signed-off-by: Carlos O'Donell <carlos@systemhalted.org>
+Tested-by: John David Anglin <dave.anglin@bell.net>
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/parisc/include/asm/futex.h |   66 ++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 60 insertions(+), 6 deletions(-)
+
+--- a/arch/parisc/include/asm/futex.h
++++ b/arch/parisc/include/asm/futex.h
+@@ -5,11 +5,14 @@
+ 
+ #include <linux/futex.h>
+ #include <linux/uaccess.h>
++#include <asm/atomic.h>
+ #include <asm/errno.h>
+ 
+ static inline int
+ futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)
+ {
++	unsigned long int flags;
++	u32 val;
+ 	int op = (encoded_op >> 28) & 7;
+ 	int cmp = (encoded_op >> 24) & 15;
+ 	int oparg = (encoded_op << 8) >> 20;
+@@ -18,21 +21,58 @@ futex_atomic_op_inuser (int encoded_op,
+ 	if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28))
+ 		oparg = 1 << oparg;
+ 
+-	if (! access_ok (VERIFY_WRITE, uaddr, sizeof(u32)))
++	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(*uaddr)))
+ 		return -EFAULT;
+ 
+ 	pagefault_disable();
+ 
++	_atomic_spin_lock_irqsave(uaddr, flags);
++
+ 	switch (op) {
+ 	case FUTEX_OP_SET:
++		/* *(int *)UADDR2 = OPARG; */
++		ret = get_user(oldval, uaddr);
++		if (!ret)
++			ret = put_user(oparg, uaddr);
++		break;
+ 	case FUTEX_OP_ADD:
++		/* *(int *)UADDR2 += OPARG; */
++		ret = get_user(oldval, uaddr);
++		if (!ret) {
++			val = oldval + oparg;
++			ret = put_user(val, uaddr);
++		}
++		break;
+ 	case FUTEX_OP_OR:
++		/* *(int *)UADDR2 |= OPARG; */
++		ret = get_user(oldval, uaddr);
++		if (!ret) {
++			val = oldval | oparg;
++			ret = put_user(val, uaddr);
++		}
++		break;
+ 	case FUTEX_OP_ANDN:
++		/* *(int *)UADDR2 &= ~OPARG; */
++		ret = get_user(oldval, uaddr);
++		if (!ret) {
++			val = oldval & ~oparg;
++			ret = put_user(val, uaddr);
++		}
++		break;
+ 	case FUTEX_OP_XOR:
++		/* *(int *)UADDR2 ^= OPARG; */
++		ret = get_user(oldval, uaddr);
++		if (!ret) {
++			val = oldval ^ oparg;
++			ret = put_user(val, uaddr);
++		}
++		break;
+ 	default:
+ 		ret = -ENOSYS;
+ 	}
+ 
++	_atomic_spin_unlock_irqrestore(uaddr, flags);
++
+ 	pagefault_enable();
+ 
+ 	if (!ret) {
+@@ -54,7 +94,9 @@ static inline int
+ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
+ 			      u32 oldval, u32 newval)
+ {
++	int ret;
+ 	u32 val;
++	unsigned long flags;
+ 
+ 	/* futex.c wants to do a cmpxchg_inatomic on kernel NULL, which is
+ 	 * our gateway page, and causes no end of trouble...
+@@ -65,12 +107,24 @@ futex_atomic_cmpxchg_inatomic(u32 *uval,
+ 	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
+ 		return -EFAULT;
+ 
+-	if (get_user(val, uaddr))
+-		return -EFAULT;
+-	if (val == oldval && put_user(newval, uaddr))
+-		return -EFAULT;
++	/* HPPA has no cmpxchg in hardware and therefore the
++	 * best we can do here is use an array of locks. The
++	 * lock selected is based on a hash of the userspace
++	 * address. This should scale to a couple of CPUs.
++	 */
++
++	_atomic_spin_lock_irqsave(uaddr, flags);
++
++	ret = get_user(val, uaddr);
++
++	if (!ret && val == oldval)
++		ret = put_user(newval, uaddr);
++
+ 	*uval = val;
+-	return 0;
++
++	_atomic_spin_unlock_irqrestore(uaddr, flags);
++
++	return ret;
+ }
+ 
+ #endif /*__KERNEL__*/
diff --git a/queue-3.0/fix-return-type-of-__atomic64_add_return.patch b/queue-3.0/fix-return-type-of-__atomic64_add_return.patch
new file mode 100644
index 0000000000..3631a08bd5
--- /dev/null
+++ b/queue-3.0/fix-return-type-of-__atomic64_add_return.patch
@@ -0,0 +1,35 @@
+From 548c210fbffdb008a80fa41ff0cb3965f185583d Mon Sep 17 00:00:00 2001
+From: John David Anglin <dave@hiauly1.hia.nrc.ca>
+Date: Sat, 11 Jun 2011 14:42:06 -0400
+Subject: [PARISC] fix return type of __atomic64_add_return
+
+From: John David Anglin <dave@hiauly1.hia.nrc.ca>
+
+commit 548c210fbffdb008a80fa41ff0cb3965f185583d upstream.
+
+The return type of __atomic64_add_return of should be s64 or long, not
+int.  This fixes the atomic64 test failure that I previously reported.
+
+Signed-off-by: John David Anglin <dave.anglin@nrc-cnrc.gc.ca>
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/parisc/include/asm/atomic.h |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/parisc/include/asm/atomic.h
++++ b/arch/parisc/include/asm/atomic.h
+@@ -259,10 +259,10 @@ static __inline__ int atomic_add_unless(
+ 
+ #define ATOMIC64_INIT(i) ((atomic64_t) { (i) })
+ 
+-static __inline__ int
++static __inline__ s64
+ __atomic64_add_return(s64 i, atomic64_t *v)
+ {
+-	int ret;
++	s64 ret;
+ 	unsigned long flags;
+ 	_atomic_spin_lock_irqsave(v, flags);
+ 
diff --git a/queue-3.0/futex-fix-regression-with-read-only-mappings.patch b/queue-3.0/futex-fix-regression-with-read-only-mappings.patch
new file mode 100644
index 0000000000..87ef9fd18b
--- /dev/null
+++ b/queue-3.0/futex-fix-regression-with-read-only-mappings.patch
@@ -0,0 +1,237 @@
+From 9ea71503a8ed9184d2d0b8ccc4d269d05f7940ae Mon Sep 17 00:00:00 2001
+From: Shawn Bohrer <sbohrer@rgmadvisors.com>
+Date: Thu, 30 Jun 2011 11:21:32 -0500
+Subject: futex: Fix regression with read only mappings
+
+From: Shawn Bohrer <sbohrer@rgmadvisors.com>
+
+commit 9ea71503a8ed9184d2d0b8ccc4d269d05f7940ae upstream.
+
+commit 7485d0d3758e8e6491a5c9468114e74dc050785d (futexes: Remove rw
+parameter from get_futex_key()) in 2.6.33 fixed two problems:  First, It
+prevented a loop when encountering a ZERO_PAGE. Second, it fixed RW
+MAP_PRIVATE futex operations by forcing the COW to occur by
+unconditionally performing a write access get_user_pages_fast() to get
+the page.  The commit also introduced a user-mode regression in that it
+broke futex operations on read-only memory maps.  For example, this
+breaks workloads that have one or more reader processes doing a
+FUTEX_WAIT on a futex within a read only shared file mapping, and a
+writer processes that has a writable mapping issuing the FUTEX_WAKE.
+
+This fixes the regression for valid futex operations on RO mappings by
+trying a RO get_user_pages_fast() when the RW get_user_pages_fast()
+fails. This change makes it necessary to also check for invalid use
+cases, such as anonymous RO mappings (which can never change) and the
+ZERO_PAGE which the commit referenced above was written to address.
+
+This patch does restore the original behavior with RO MAP_PRIVATE
+mappings, which have inherent user-mode usage problems and don't really
+make sense.  With this patch performing a FUTEX_WAIT within a RO
+MAP_PRIVATE mapping will be successfully woken provided another process
+updates the region of the underlying mapped file.  However, the mmap()
+man page states that for a MAP_PRIVATE mapping:
+
+  It is unspecified whether changes made to the file after
+  the mmap() call are visible in the mapped region.
+
+So user-mode users attempting to use futex operations on RO MAP_PRIVATE
+mappings are depending on unspecified behavior.  Additionally a
+RO MAP_PRIVATE mapping could fail to wake up in the following case.
+
+  Thread-A: call futex(FUTEX_WAIT, memory-region-A).
+            get_futex_key() return inode based key.
+            sleep on the key
+  Thread-B: call mprotect(PROT_READ|PROT_WRITE, memory-region-A)
+  Thread-B: write memory-region-A.
+            COW happen. This process's memory-region-A become related
+            to new COWed private (ie PageAnon=1) page.
+  Thread-B: call futex(FUETX_WAKE, memory-region-A).
+            get_futex_key() return mm based key.
+            IOW, we fail to wake up Thread-A.
+
+Once again doing something like this is just silly and users who do
+something like this get what they deserve.
+
+While RO MAP_PRIVATE mappings are nonsensical, checking for a private
+mapping requires walking the vmas and was deemed too costly to avoid a
+userspace hang.
+
+This Patch is based on Peter Zijlstra's initial patch with modifications to
+only allow RO mappings for futex operations that need VERIFY_READ access.
+
+Reported-by: David Oliver <david@rgmadvisors.com>
+Signed-off-by: Shawn Bohrer <sbohrer@rgmadvisors.com>
+Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
+Signed-off-by: Darren Hart <dvhart@linux.intel.com>
+Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
+Cc: peterz@infradead.org
+Cc: eric.dumazet@gmail.com
+Cc: zvonler@rgmadvisors.com
+Cc: hughd@google.com
+Link: http://lkml.kernel.org/r/1309450892-30676-1-git-send-email-sbohrer@rgmadvisors.com
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/futex.c |   54 ++++++++++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 42 insertions(+), 12 deletions(-)
+
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -218,6 +218,8 @@ static void drop_futex_key_refs(union fu
+  * @uaddr:	virtual address of the futex
+  * @fshared:	0 for a PROCESS_PRIVATE futex, 1 for PROCESS_SHARED
+  * @key:	address where result is stored.
++ * @rw:		mapping needs to be read/write (values: VERIFY_READ,
++ *              VERIFY_WRITE)
+  *
+  * Returns a negative error code or 0
+  * The key words are stored in *key on success.
+@@ -229,12 +231,12 @@ static void drop_futex_key_refs(union fu
+  * lock_page() might sleep, the caller should not hold a spinlock.
+  */
+ static int
+-get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key)
++get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
+ {
+ 	unsigned long address = (unsigned long)uaddr;
+ 	struct mm_struct *mm = current->mm;
+ 	struct page *page, *page_head;
+-	int err;
++	int err, ro = 0;
+ 
+ 	/*
+ 	 * The futex address must be "naturally" aligned.
+@@ -262,8 +264,18 @@ get_futex_key(u32 __user *uaddr, int fsh
+ 
+ again:
+ 	err = get_user_pages_fast(address, 1, 1, &page);
++	/*
++	 * If write access is not required (eg. FUTEX_WAIT), try
++	 * and get read-only access.
++	 */
++	if (err == -EFAULT && rw == VERIFY_READ) {
++		err = get_user_pages_fast(address, 1, 0, &page);
++		ro = 1;
++	}
+ 	if (err < 0)
+ 		return err;
++	else
++		err = 0;
+ 
+ #ifdef CONFIG_TRANSPARENT_HUGEPAGE
+ 	page_head = page;
+@@ -305,6 +317,13 @@ again:
+ 	if (!page_head->mapping) {
+ 		unlock_page(page_head);
+ 		put_page(page_head);
++		/*
++		* ZERO_PAGE pages don't have a mapping. Avoid a busy loop
++		* trying to find one. RW mapping would have COW'd (and thus
++		* have a mapping) so this page is RO and won't ever change.
++		*/
++		if ((page_head == ZERO_PAGE(address)))
++			return -EFAULT;
+ 		goto again;
+ 	}
+ 
+@@ -316,6 +335,15 @@ again:
+ 	 * the object not the particular process.
+ 	 */
+ 	if (PageAnon(page_head)) {
++		/*
++		 * A RO anonymous page will never change and thus doesn't make
++		 * sense for futex operations.
++		 */
++		if (ro) {
++			err = -EFAULT;
++			goto out;
++		}
++
+ 		key->both.offset |= FUT_OFF_MMSHARED; /* ref taken on mm */
+ 		key->private.mm = mm;
+ 		key->private.address = address;
+@@ -327,9 +355,10 @@ again:
+ 
+ 	get_futex_key_refs(key);
+ 
++out:
+ 	unlock_page(page_head);
+ 	put_page(page_head);
+-	return 0;
++	return err;
+ }
+ 
+ static inline void put_futex_key(union futex_key *key)
+@@ -940,7 +969,7 @@ futex_wake(u32 __user *uaddr, unsigned i
+ 	if (!bitset)
+ 		return -EINVAL;
+ 
+-	ret = get_futex_key(uaddr, flags & FLAGS_SHARED, &key);
++	ret = get_futex_key(uaddr, flags & FLAGS_SHARED, &key, VERIFY_READ);
+ 	if (unlikely(ret != 0))
+ 		goto out;
+ 
+@@ -986,10 +1015,10 @@ futex_wake_op(u32 __user *uaddr1, unsign
+ 	int ret, op_ret;
+ 
+ retry:
+-	ret = get_futex_key(uaddr1, flags & FLAGS_SHARED, &key1);
++	ret = get_futex_key(uaddr1, flags & FLAGS_SHARED, &key1, VERIFY_READ);
+ 	if (unlikely(ret != 0))
+ 		goto out;
+-	ret = get_futex_key(uaddr2, flags & FLAGS_SHARED, &key2);
++	ret = get_futex_key(uaddr2, flags & FLAGS_SHARED, &key2, VERIFY_WRITE);
+ 	if (unlikely(ret != 0))
+ 		goto out_put_key1;
+ 
+@@ -1243,10 +1272,11 @@ retry:
+ 		pi_state = NULL;
+ 	}
+ 
+-	ret = get_futex_key(uaddr1, flags & FLAGS_SHARED, &key1);
++	ret = get_futex_key(uaddr1, flags & FLAGS_SHARED, &key1, VERIFY_READ);
+ 	if (unlikely(ret != 0))
+ 		goto out;
+-	ret = get_futex_key(uaddr2, flags & FLAGS_SHARED, &key2);
++	ret = get_futex_key(uaddr2, flags & FLAGS_SHARED, &key2,
++			    requeue_pi ? VERIFY_WRITE : VERIFY_READ);
+ 	if (unlikely(ret != 0))
+ 		goto out_put_key1;
+ 
+@@ -1790,7 +1820,7 @@ static int futex_wait_setup(u32 __user *
+ 	 * while the syscall executes.
+ 	 */
+ retry:
+-	ret = get_futex_key(uaddr, flags & FLAGS_SHARED, &q->key);
++	ret = get_futex_key(uaddr, flags & FLAGS_SHARED, &q->key, VERIFY_READ);
+ 	if (unlikely(ret != 0))
+ 		return ret;
+ 
+@@ -1941,7 +1971,7 @@ static int futex_lock_pi(u32 __user *uad
+ 	}
+ 
+ retry:
+-	ret = get_futex_key(uaddr, flags & FLAGS_SHARED, &q.key);
++	ret = get_futex_key(uaddr, flags & FLAGS_SHARED, &q.key, VERIFY_WRITE);
+ 	if (unlikely(ret != 0))
+ 		goto out;
+ 
+@@ -2060,7 +2090,7 @@ retry:
+ 	if ((uval & FUTEX_TID_MASK) != vpid)
+ 		return -EPERM;
+ 
+-	ret = get_futex_key(uaddr, flags & FLAGS_SHARED, &key);
++	ret = get_futex_key(uaddr, flags & FLAGS_SHARED, &key, VERIFY_WRITE);
+ 	if (unlikely(ret != 0))
+ 		goto out;
+ 
+@@ -2249,7 +2279,7 @@ static int futex_wait_requeue_pi(u32 __u
+ 	debug_rt_mutex_init_waiter(&rt_waiter);
+ 	rt_waiter.task = NULL;
+ 
+-	ret = get_futex_key(uaddr2, flags & FLAGS_SHARED, &key2);
++	ret = get_futex_key(uaddr2, flags & FLAGS_SHARED, &key2, VERIFY_WRITE);
+ 	if (unlikely(ret != 0))
+ 		goto out;
+ 
diff --git a/queue-3.0/series b/queue-3.0/series
new file mode 100644
index 0000000000..0012d6edd0
--- /dev/null
+++ b/queue-3.0/series
@@ -0,0 +1,8 @@
+cris-fix-a-build-error-in-kernel-fork.c.patch
+cris-fix-a-build-error-in-sync_serial_open.patch
+cris-fix-the-prototype-of-sync_serial_ioctl.patch
+cris-add-missing-declaration-of-kgdb_init-and.patch
+futex-fix-regression-with-read-only-mappings.patch
+wire-up-sendmmsg-syscall.patch
+fix-futex-support.patch
+fix-return-type-of-__atomic64_add_return.patch
diff --git a/queue-3.0/wire-up-sendmmsg-syscall.patch b/queue-3.0/wire-up-sendmmsg-syscall.patch
new file mode 100644
index 0000000000..6e1d997be7
--- /dev/null
+++ b/queue-3.0/wire-up-sendmmsg-syscall.patch
@@ -0,0 +1,40 @@
+From 205e9a2106b934ea39049bab28f0896c17a2cb30 Mon Sep 17 00:00:00 2001
+From: James Bottomley <James.Bottomley@HansenPartnership.com>
+Date: Fri, 29 Jul 2011 18:37:02 +0400
+Subject: [PARISC] wire up sendmmsg syscall
+
+From: James Bottomley <James.Bottomley@HansenPartnership.com>
+
+commit 205e9a2106b934ea39049bab28f0896c17a2cb30 upstream.
+
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/parisc/include/asm/unistd.h   |    3 ++-
+ arch/parisc/kernel/syscall_table.S |    1 +
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+--- a/arch/parisc/include/asm/unistd.h
++++ b/arch/parisc/include/asm/unistd.h
+@@ -821,8 +821,9 @@
+ #define __NR_open_by_handle_at	(__NR_Linux + 326)
+ #define __NR_syncfs		(__NR_Linux + 327)
+ #define __NR_setns		(__NR_Linux + 328)
++#define __NR_sendmmsg		(__NR_Linux + 329)
+ 
+-#define __NR_Linux_syscalls	(__NR_setns + 1)
++#define __NR_Linux_syscalls	(__NR_sendmmsg + 1)
+ 
+ 
+ #define __IGNORE_select		/* newselect */
+--- a/arch/parisc/kernel/syscall_table.S
++++ b/arch/parisc/kernel/syscall_table.S
+@@ -427,6 +427,7 @@
+ 	ENTRY_COMP(open_by_handle_at)
+ 	ENTRY_SAME(syncfs)
+ 	ENTRY_SAME(setns)
++	ENTRY_COMP(sendmmsg)
+ 
+ 	/* Nothing yet */
+