--- /dev/null
+From ca499fc87ed945094d952da0eb7eea7dbeb1feec Mon Sep 17 00:00:00 2001
+From: Toshi Kani <toshi.kani@hp.com>
+Date: Wed, 20 Nov 2013 14:25:34 +0100
+Subject: ACPI / hotplug: Fix conflicted PCI bridge notify handlers
+
+From: Toshi Kani <toshi.kani@hp.com>
+
+commit ca499fc87ed945094d952da0eb7eea7dbeb1feec upstream.
+
+The PCI host bridge scan handler installs its own notify handler,
+handle_hotplug_event_root(), by itself. Nevertheless, the ACPI
+hotplug framework also installs the common notify handler,
+acpi_hotplug_notify_cb(), for PCI root bridges. This causes
+acpi_hotplug_notify_cb() to call _OST method with unsupported
+error as hotplug.enabled is not set.
+
+To address this issue, introduce hotplug.ignore flag, which
+indicates that the scan handler installs its own notify handler by
+itself. The ACPI hotplug framework does not install the common
+notify handler when this flag is set.
+
+Signed-off-by: Toshi Kani <toshi.kani@hp.com>
+[rjw: Changed the name of the new flag]
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/acpi/pci_root.c | 3 +++
+ drivers/acpi/scan.c | 2 +-
+ include/acpi/acpi_bus.h | 1 +
+ 3 files changed, 5 insertions(+), 1 deletion(-)
+
+--- a/drivers/acpi/pci_root.c
++++ b/drivers/acpi/pci_root.c
+@@ -63,6 +63,9 @@ static struct acpi_scan_handler pci_root
+ .ids = root_device_ids,
+ .attach = acpi_pci_root_add,
+ .detach = acpi_pci_root_remove,
++ .hotplug = {
++ .ignore = true,
++ },
+ };
+
+ static DEFINE_MUTEX(osc_lock);
+--- a/drivers/acpi/scan.c
++++ b/drivers/acpi/scan.c
+@@ -1812,7 +1812,7 @@ static void acpi_scan_init_hotplug(acpi_
+ */
+ list_for_each_entry(hwid, &pnp.ids, list) {
+ handler = acpi_scan_match_handler(hwid->id, NULL);
+- if (handler) {
++ if (handler && !handler->hotplug.ignore) {
+ acpi_install_notify_handler(handle, ACPI_SYSTEM_NOTIFY,
+ acpi_hotplug_notify_cb, handler);
+ break;
+--- a/include/acpi/acpi_bus.h
++++ b/include/acpi/acpi_bus.h
+@@ -100,6 +100,7 @@ enum acpi_hotplug_mode {
+ struct acpi_hotplug_profile {
+ struct kobject kobj;
+ bool enabled:1;
++ bool ignore:1;
+ enum acpi_hotplug_mode mode;
+ };
+
--- /dev/null
+From 14e972b4517128ac8e30e3de2ee4fbd995084223 Mon Sep 17 00:00:00 2001
+From: Jeff Layton <jlayton@redhat.com>
+Date: Wed, 8 May 2013 10:25:58 -0400
+Subject: audit: add child record before the create to handle case where create fails
+
+From: Jeff Layton <jlayton@redhat.com>
+
+commit 14e972b4517128ac8e30e3de2ee4fbd995084223 upstream.
+
+Historically, when a syscall that creates a dentry fails, you get an audit
+record that looks something like this (when trying to create a file named
+"new" in "/tmp/tmp.SxiLnCcv63"):
+
+ type=PATH msg=audit(1366128956.279:965): item=0 name="/tmp/tmp.SxiLnCcv63/new" inode=2138308 dev=fd:02 mode=040700 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:user_tmp_t:s15:c0.c1023
+
+This record makes no sense since it's associating the inode information for
+"/tmp/tmp.SxiLnCcv63" with the path "/tmp/tmp.SxiLnCcv63/new". The recent
+patch I posted to fix the audit_inode call in do_last fixes this, by making it
+look more like this:
+
+ type=PATH msg=audit(1366128765.989:13875): item=0 name="/tmp/tmp.DJ1O8V3e4f/" inode=141 dev=fd:02 mode=040700 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:user_tmp_t:s15:c0.c1023
+
+While this is more correct, if the creation of the file fails, then we
+have no record of the filename that the user tried to create.
+
+This patch adds a call to audit_inode_child to may_create. This creates
+an AUDIT_TYPE_CHILD_CREATE record that will sit in place until the
+create succeeds. When and if the create does succeed, then this record
+will be updated with the correct inode info from the create.
+
+This fixes what was broken in commit bfcec708.
+Commit 79f6530c should also be backported to stable v3.7+.
+
+Signed-off-by: Jeff Layton <jlayton@redhat.com>
+Signed-off-by: Eric Paris <eparis@redhat.com>
+Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
+Signed-off-by: Eric Paris <eparis@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/namei.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -2468,6 +2468,7 @@ static int may_delete(struct inode *dir,
+ */
+ static inline int may_create(struct inode *dir, struct dentry *child)
+ {
++ audit_inode_child(dir, child, AUDIT_TYPE_CHILD_CREATE);
+ if (child->d_inode)
+ return -EEXIST;
+ if (IS_DEADDIR(dir))
--- /dev/null
+From 64fbff9ae0a0a843365d922e0057fc785f23f0e3 Mon Sep 17 00:00:00 2001
+From: Mathias Krause <minipli@googlemail.com>
+Date: Mon, 30 Sep 2013 22:04:24 +0200
+Subject: audit: fix info leak in AUDIT_GET requests
+
+From: Mathias Krause <minipli@googlemail.com>
+
+commit 64fbff9ae0a0a843365d922e0057fc785f23f0e3 upstream.
+
+We leak 4 bytes of kernel stack in response to an AUDIT_GET request as
+we miss to initialize the mask member of status_set. Fix that.
+
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Eric Paris <eparis@redhat.com>
+Signed-off-by: Mathias Krause <minipli@googlemail.com>
+Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
+Signed-off-by: Eric Paris <eparis@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/audit.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/kernel/audit.c
++++ b/kernel/audit.c
+@@ -659,6 +659,7 @@ static int audit_receive_msg(struct sk_b
+
+ switch (msg_type) {
+ case AUDIT_GET:
++ status_set.mask = 0;
+ status_set.enabled = audit_enabled;
+ status_set.failure = audit_failure;
+ status_set.pid = audit_pid;
--- /dev/null
+From d3aea84a4ace5ff9ce7fb7714cee07bebef681c2 Mon Sep 17 00:00:00 2001
+From: Jeff Layton <jlayton@redhat.com>
+Date: Wed, 8 May 2013 10:32:23 -0400
+Subject: audit: log the audit_names record type
+
+From: Jeff Layton <jlayton@redhat.com>
+
+commit d3aea84a4ace5ff9ce7fb7714cee07bebef681c2 upstream.
+
+...to make it clear what the intent behind each record's operation was.
+
+In many cases you can infer this, based on the context of the syscall
+and the result. In other cases it's not so obvious. For instance, in
+the case where you have a file being renamed over another, you'll have
+two different records with the same filename but different inode info.
+By logging this information we can clearly tell which one was created
+and which was deleted.
+
+This fixes what was broken in commit bfcec708.
+Commit 79f6530c should also be backported to stable v3.7+.
+
+Signed-off-by: Jeff Layton <jlayton@redhat.com>
+Signed-off-by: Eric Paris <eparis@redhat.com>
+Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
+Signed-off-by: Eric Paris <eparis@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/audit.c | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+--- a/kernel/audit.c
++++ b/kernel/audit.c
+@@ -1537,6 +1537,26 @@ void audit_log_name(struct audit_context
+ }
+ }
+
++ /* log the audit_names record type */
++ audit_log_format(ab, " nametype=");
++ switch(n->type) {
++ case AUDIT_TYPE_NORMAL:
++ audit_log_format(ab, "NORMAL");
++ break;
++ case AUDIT_TYPE_PARENT:
++ audit_log_format(ab, "PARENT");
++ break;
++ case AUDIT_TYPE_CHILD_DELETE:
++ audit_log_format(ab, "DELETE");
++ break;
++ case AUDIT_TYPE_CHILD_CREATE:
++ audit_log_format(ab, "CREATE");
++ break;
++ default:
++ audit_log_format(ab, "UNKNOWN");
++ break;
++ }
++
+ audit_log_fcaps(ab, n);
+ audit_log_end(ab);
+ }
--- /dev/null
+From 0868a5e150bc4c47e7a003367cd755811eb41e0b Mon Sep 17 00:00:00 2001
+From: Tyler Hicks <tyhicks@canonical.com>
+Date: Thu, 25 Jul 2013 18:02:55 -0700
+Subject: audit: printk USER_AVC messages when audit isn't enabled
+
+From: Tyler Hicks <tyhicks@canonical.com>
+
+commit 0868a5e150bc4c47e7a003367cd755811eb41e0b upstream.
+
+When the audit=1 kernel parameter is absent and auditd is not running,
+AUDIT_USER_AVC messages are being silently discarded.
+
+AUDIT_USER_AVC messages should be sent to userspace using printk(), as
+mentioned in the commit message of 4a4cd633 ("AUDIT: Optimise the
+audit-disabled case for discarding user messages").
+
+When audit_enabled is 0, audit_receive_msg() discards all user messages
+except for AUDIT_USER_AVC messages. However, audit_log_common_recv_msg()
+refuses to allocate an audit_buffer if audit_enabled is 0. The fix is to
+special case AUDIT_USER_AVC messages in both functions.
+
+It looks like commit 50397bd1 ("[AUDIT] clean up audit_receive_msg()")
+introduced this bug.
+
+Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Eric Paris <eparis@redhat.com>
+Cc: linux-audit@redhat.com
+Acked-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
+Signed-off-by: Eric Paris <eparis@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/audit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/audit.c
++++ b/kernel/audit.c
+@@ -613,7 +613,7 @@ static int audit_log_common_recv_msg(str
+ int rc = 0;
+ uid_t uid = from_kuid(&init_user_ns, current_uid());
+
+- if (!audit_enabled) {
++ if (!audit_enabled && msg_type != AUDIT_USER_AVC) {
+ *ab = NULL;
+ return rc;
+ }
--- /dev/null
+From 4d8fe7376a12bf4524783dd95cbc00f1fece6232 Mon Sep 17 00:00:00 2001
+From: Mathias Krause <minipli@googlemail.com>
+Date: Mon, 30 Sep 2013 22:04:25 +0200
+Subject: audit: use nlmsg_len() to get message payload length
+
+From: Mathias Krause <minipli@googlemail.com>
+
+commit 4d8fe7376a12bf4524783dd95cbc00f1fece6232 upstream.
+
+Using the nlmsg_len member of the netlink header to test if the message
+is valid is wrong as it includes the size of the netlink header itself.
+Thereby allowing to send short netlink messages that pass those checks.
+
+Use nlmsg_len() instead to test for the right message length. The result
+of nlmsg_len() is guaranteed to be non-negative as the netlink message
+already passed the checks of nlmsg_ok().
+
+Also switch to min_t() to please checkpatch.pl.
+
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Eric Paris <eparis@redhat.com>
+Signed-off-by: Mathias Krause <minipli@googlemail.com>
+Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
+Signed-off-by: Eric Paris <eparis@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/audit.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/kernel/audit.c
++++ b/kernel/audit.c
+@@ -670,7 +670,7 @@ static int audit_receive_msg(struct sk_b
+ &status_set, sizeof(status_set));
+ break;
+ case AUDIT_SET:
+- if (nlh->nlmsg_len < sizeof(struct audit_status))
++ if (nlmsg_len(nlh) < sizeof(struct audit_status))
+ return -EINVAL;
+ status_get = (struct audit_status *)data;
+ if (status_get->mask & AUDIT_STATUS_ENABLED) {
+@@ -832,7 +832,7 @@ static int audit_receive_msg(struct sk_b
+
+ memset(&s, 0, sizeof(s));
+ /* guard against past and future API changes */
+- memcpy(&s, data, min(sizeof(s), (size_t)nlh->nlmsg_len));
++ memcpy(&s, data, min_t(size_t, sizeof(s), nlmsg_len(nlh)));
+ if ((s.enabled != 0 && s.enabled != 1) ||
+ (s.log_passwd != 0 && s.log_passwd != 1))
+ return -EINVAL;
--- /dev/null
+From d617b338bbfdd77e9cbd8e7dc949cee3dd73d575 Mon Sep 17 00:00:00 2001
+From: Andreas Bießmann <andreas@biessmann.de>
+Date: Thu, 24 Oct 2013 12:31:04 +0200
+Subject: avr32: fix out-of-range jump in large kernels
+
+From: Andreas Bießmann <andreas@biessmann.de>
+
+commit d617b338bbfdd77e9cbd8e7dc949cee3dd73d575 upstream.
+
+This patch fixes following error (for big kernels):
+
+---8<---
+arch/avr32/boot/u-boot/head.o: In function `no_tag_table':
+(.init.text+0x44): relocation truncated to fit: R_AVR32_22H_PCREL against symbol `panic' defined in .text.unlikely section in kernel/built-in.o
+arch/avr32/kernel/built-in.o: In function `bad_return':
+(.ex.text+0x236): relocation truncated to fit: R_AVR32_22H_PCREL against symbol `panic' defined in .text.unlikely section in kernel/built-in.o
+--->8---
+
+It comes up when the kernel increases and 'panic()' is too far away to fit in
+the +/- 2MiB range. Which in turn issues from the 21-bit displacement in
+'br{cond4}' mnemonic which is one of the two ways to do jumps (rjmp has just
+10-bit displacement and therefore a way smaller range). This fact was stated
+before in 8d29b7b9f81d6b83d869ff054e6c189d6da73f1f.
+One solution to solve this is to add a local storage for the symbol address
+and just load the $pc with that value.
+
+Signed-off-by: Andreas Bießmann <andreas@biessmann.de>
+Acked-by: Hans-Christian Egtvedt <egtvedt@samfundet.no>
+Cc: Haavard Skinnemoen <hskinnemoen@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/avr32/boot/u-boot/head.S | 5 ++++-
+ arch/avr32/kernel/entry-avr32b.S | 3 ++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+--- a/arch/avr32/boot/u-boot/head.S
++++ b/arch/avr32/boot/u-boot/head.S
+@@ -73,8 +73,11 @@ init_sr:
+ .long 0x007f0000 /* Supervisor mode, everything masked */
+ stack_addr:
+ .long init_thread_union
++panic_addr:
++ .long panic
+
+ no_tag_table:
+ sub r12, pc, (. - 2f)
+- bral panic
++ /* branch to panic() which can be far away with that construct */
++ lddpc pc, panic_addr
+ 2: .asciz "Boot loader didn't provide correct magic number\n"
+--- a/arch/avr32/kernel/entry-avr32b.S
++++ b/arch/avr32/kernel/entry-avr32b.S
+@@ -401,9 +401,10 @@ handle_critical:
+ /* We should never get here... */
+ bad_return:
+ sub r12, pc, (. - 1f)
+- bral panic
++ lddpc pc, 2f
+ .align 2
+ 1: .asciz "Return from critical exception!"
++2: .long panic
+
+ .align 1
+ do_bus_error_write:
--- /dev/null
+From 7a2a74f4b856993218aa7cdeeb6c3103101340db Mon Sep 17 00:00:00 2001
+From: Andreas Bießmann <andreas@biessmann.de>
+Date: Thu, 24 Oct 2013 12:31:03 +0200
+Subject: avr32: setup crt for early panic()
+
+From: Andreas Bießmann <andreas@biessmann.de>
+
+commit 7a2a74f4b856993218aa7cdeeb6c3103101340db upstream.
+
+Before the CRT was (fully) set up in kernel_entry (bss cleared before in
+_start, but also not before jump to panic() in no_tag_table case).
+
+This patch fixes this up to have a fully working CRT when branching to panic()
+in no_tag_table.
+
+Signed-off-by: Andreas Bießmann <andreas@biessmann.de>
+Acked-by: Hans-Christian Egtvedt <egtvedt@samfundet.no>
+Cc: Haavard Skinnemoen <hskinnemoen@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/avr32/boot/u-boot/head.S | 30 +++++++++++++++++++++++++-----
+ arch/avr32/kernel/head.S | 20 --------------------
+ 2 files changed, 25 insertions(+), 25 deletions(-)
+
+--- a/arch/avr32/boot/u-boot/head.S
++++ b/arch/avr32/boot/u-boot/head.S
+@@ -8,6 +8,8 @@
+ * published by the Free Software Foundation.
+ */
+ #include <asm/setup.h>
++#include <asm/thread_info.h>
++#include <asm/sysreg.h>
+
+ /*
+ * The kernel is loaded where we want it to be and all caches
+@@ -20,11 +22,6 @@
+ .section .init.text,"ax"
+ .global _start
+ _start:
+- /* Check if the boot loader actually provided a tag table */
+- lddpc r0, magic_number
+- cp.w r12, r0
+- brne no_tag_table
+-
+ /* Initialize .bss */
+ lddpc r2, bss_start_addr
+ lddpc r3, end_addr
+@@ -34,6 +31,25 @@ _start:
+ cp r2, r3
+ brlo 1b
+
++ /* Initialize status register */
++ lddpc r0, init_sr
++ mtsr SYSREG_SR, r0
++
++ /* Set initial stack pointer */
++ lddpc sp, stack_addr
++ sub sp, -THREAD_SIZE
++
++#ifdef CONFIG_FRAME_POINTER
++ /* Mark last stack frame */
++ mov lr, 0
++ mov r7, 0
++#endif
++
++ /* Check if the boot loader actually provided a tag table */
++ lddpc r0, magic_number
++ cp.w r12, r0
++ brne no_tag_table
++
+ /*
+ * Save the tag table address for later use. This must be done
+ * _after_ .bss has been initialized...
+@@ -53,6 +69,10 @@ bss_start_addr:
+ .long __bss_start
+ end_addr:
+ .long _end
++init_sr:
++ .long 0x007f0000 /* Supervisor mode, everything masked */
++stack_addr:
++ .long init_thread_union
+
+ no_tag_table:
+ sub r12, pc, (. - 2f)
+--- a/arch/avr32/kernel/head.S
++++ b/arch/avr32/kernel/head.S
+@@ -10,33 +10,13 @@
+ #include <linux/linkage.h>
+
+ #include <asm/page.h>
+-#include <asm/thread_info.h>
+-#include <asm/sysreg.h>
+
+ .section .init.text,"ax"
+ .global kernel_entry
+ kernel_entry:
+- /* Initialize status register */
+- lddpc r0, init_sr
+- mtsr SYSREG_SR, r0
+-
+- /* Set initial stack pointer */
+- lddpc sp, stack_addr
+- sub sp, -THREAD_SIZE
+-
+-#ifdef CONFIG_FRAME_POINTER
+- /* Mark last stack frame */
+- mov lr, 0
+- mov r7, 0
+-#endif
+-
+ /* Start the show */
+ lddpc pc, kernel_start_addr
+
+ .align 2
+-init_sr:
+- .long 0x007f0000 /* Supervisor mode, everything masked */
+-stack_addr:
+- .long init_thread_union
+ kernel_start_addr:
+ .long start_kernel
--- /dev/null
+From 1fa8455deb92e9ec7756df23030e73b2d28eeca7 Mon Sep 17 00:00:00 2001
+From: Kent Overstreet <kmo@daterainc.com>
+Date: Sun, 10 Nov 2013 21:55:27 -0800
+Subject: bcache: Fix dirty_data accounting
+
+From: Kent Overstreet <kmo@daterainc.com>
+
+commit 1fa8455deb92e9ec7756df23030e73b2d28eeca7 upstream.
+
+Dirty data accounting wasn't quite right - firstly, we were adding the key we're
+inserting after it could have merged with another dirty key already in the
+btree, and secondly we could sometimes pass the wrong offset to
+bcache_dev_sectors_dirty_add() for dirty data we were overwriting - which is
+important when tracking dirty data by stripe.
+
+Signed-off-by: Kent Overstreet <kmo@daterainc.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/md/bcache/btree.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+--- a/drivers/md/bcache/btree.c
++++ b/drivers/md/bcache/btree.c
+@@ -1742,6 +1742,9 @@ static bool fix_overlapping_extents(stru
+ if (bkey_cmp(insert, k) < 0) {
+ bch_cut_front(insert, k);
+ } else {
++ if (bkey_cmp(&START_KEY(insert), &START_KEY(k)) > 0)
++ old_offset = KEY_START(insert);
++
+ if (bkey_written(b, k) &&
+ bkey_cmp(&START_KEY(insert), &START_KEY(k)) <= 0) {
+ /*
+@@ -1803,6 +1806,10 @@ static bool btree_insert_key(struct btre
+ if (fix_overlapping_extents(b, k, &iter, op))
+ return false;
+
++ if (KEY_DIRTY(k))
++ bcache_dev_sectors_dirty_add(b->c, KEY_INODE(k),
++ KEY_START(k), KEY_SIZE(k));
++
+ while (m != end(i) &&
+ bkey_cmp(k, &START_KEY(m)) > 0)
+ prev = m, m = bkey_next(m);
+@@ -1831,10 +1838,6 @@ static bool btree_insert_key(struct btre
+ insert: shift_keys(b, m, k);
+ copy: bkey_copy(m, k);
+ merged:
+- if (KEY_DIRTY(k))
+- bcache_dev_sectors_dirty_add(b->c, KEY_INODE(k),
+- KEY_START(k), KEY_SIZE(k));
+-
+ bch_check_keys(b, "%u for %s", status, op_type(op));
+
+ if (b->level && !KEY_OFFSET(k))
--- /dev/null
+From eb85d94bdd91fb4dbea4ee465d4349cbea4eaaca Mon Sep 17 00:00:00 2001
+From: Pavel Shilovsky <piastry@etersoft.ru>
+Date: Wed, 23 Oct 2013 17:49:47 +0400
+Subject: CIFS: Fix symbolic links usage
+
+From: Pavel Shilovsky <piastry@etersoft.ru>
+
+commit eb85d94bdd91fb4dbea4ee465d4349cbea4eaaca upstream.
+
+Now we treat any reparse point as a symbolic link and map it to a Unix
+one that is not true in a common case due to many reparse point types
+supported by SMB servers.
+
+Distinguish reparse point types into two groups:
+1) that can be accessed directly through a reparse point
+(junctions, deduplicated files, NFS symlinks);
+2) that need to be processed manually (Windows symbolic links, DFS);
+
+and map only Windows symbolic links to Unix ones.
+
+Acked-by: Jeff Layton <jlayton@redhat.com>
+Reported-and-tested-by: Joao Correia <joaomiguelcorreia@gmail.com>
+Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
+Signed-off-by: Steve French <smfrench@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/cifsglob.h | 2 +-
+ fs/cifs/inode.c | 23 +++++++++++++----------
+ fs/cifs/readdir.c | 40 ++++++++--------------------------------
+ fs/cifs/smb1ops.c | 21 ++++++++++++++++++++-
+ fs/cifs/smb2inode.c | 16 ++++++++++++----
+ fs/cifs/smb2proto.h | 2 +-
+ 6 files changed, 55 insertions(+), 49 deletions(-)
+
+--- a/fs/cifs/cifsglob.h
++++ b/fs/cifs/cifsglob.h
+@@ -261,7 +261,7 @@ struct smb_version_operations {
+ /* query path data from the server */
+ int (*query_path_info)(const unsigned int, struct cifs_tcon *,
+ struct cifs_sb_info *, const char *,
+- FILE_ALL_INFO *, bool *);
++ FILE_ALL_INFO *, bool *, bool *);
+ /* query file data from the server */
+ int (*query_file_info)(const unsigned int, struct cifs_tcon *,
+ struct cifs_fid *, FILE_ALL_INFO *);
+--- a/fs/cifs/inode.c
++++ b/fs/cifs/inode.c
+@@ -542,7 +542,8 @@ static int cifs_sfu_mode(struct cifs_fat
+ /* Fill a cifs_fattr struct with info from FILE_ALL_INFO */
+ static void
+ cifs_all_info_to_fattr(struct cifs_fattr *fattr, FILE_ALL_INFO *info,
+- struct cifs_sb_info *cifs_sb, bool adjust_tz)
++ struct cifs_sb_info *cifs_sb, bool adjust_tz,
++ bool symlink)
+ {
+ struct cifs_tcon *tcon = cifs_sb_master_tcon(cifs_sb);
+
+@@ -569,7 +570,11 @@ cifs_all_info_to_fattr(struct cifs_fattr
+ fattr->cf_createtime = le64_to_cpu(info->CreationTime);
+
+ fattr->cf_nlink = le32_to_cpu(info->NumberOfLinks);
+- if (fattr->cf_cifsattrs & ATTR_DIRECTORY) {
++
++ if (symlink) {
++ fattr->cf_mode = S_IFLNK;
++ fattr->cf_dtype = DT_LNK;
++ } else if (fattr->cf_cifsattrs & ATTR_DIRECTORY) {
+ fattr->cf_mode = S_IFDIR | cifs_sb->mnt_dir_mode;
+ fattr->cf_dtype = DT_DIR;
+ /*
+@@ -578,10 +583,6 @@ cifs_all_info_to_fattr(struct cifs_fattr
+ */
+ if (!tcon->unix_ext)
+ fattr->cf_flags |= CIFS_FATTR_UNKNOWN_NLINK;
+- } else if (fattr->cf_cifsattrs & ATTR_REPARSE) {
+- fattr->cf_mode = S_IFLNK;
+- fattr->cf_dtype = DT_LNK;
+- fattr->cf_nlink = le32_to_cpu(info->NumberOfLinks);
+ } else {
+ fattr->cf_mode = S_IFREG | cifs_sb->mnt_file_mode;
+ fattr->cf_dtype = DT_REG;
+@@ -626,7 +627,8 @@ cifs_get_file_info(struct file *filp)
+ rc = server->ops->query_file_info(xid, tcon, &cfile->fid, &find_data);
+ switch (rc) {
+ case 0:
+- cifs_all_info_to_fattr(&fattr, &find_data, cifs_sb, false);
++ cifs_all_info_to_fattr(&fattr, &find_data, cifs_sb, false,
++ false);
+ break;
+ case -EREMOTE:
+ cifs_create_dfs_fattr(&fattr, inode->i_sb);
+@@ -673,6 +675,7 @@ cifs_get_inode_info(struct inode **inode
+ bool adjust_tz = false;
+ struct cifs_fattr fattr;
+ struct cifs_search_info *srchinf = NULL;
++ bool symlink = false;
+
+ tlink = cifs_sb_tlink(cifs_sb);
+ if (IS_ERR(tlink))
+@@ -702,12 +705,12 @@ cifs_get_inode_info(struct inode **inode
+ }
+ data = (FILE_ALL_INFO *)buf;
+ rc = server->ops->query_path_info(xid, tcon, cifs_sb, full_path,
+- data, &adjust_tz);
++ data, &adjust_tz, &symlink);
+ }
+
+ if (!rc) {
+- cifs_all_info_to_fattr(&fattr, (FILE_ALL_INFO *)data, cifs_sb,
+- adjust_tz);
++ cifs_all_info_to_fattr(&fattr, data, cifs_sb, adjust_tz,
++ symlink);
+ } else if (rc == -EREMOTE) {
+ cifs_create_dfs_fattr(&fattr, sb);
+ rc = 0;
+--- a/fs/cifs/readdir.c
++++ b/fs/cifs/readdir.c
+@@ -134,22 +134,6 @@ out:
+ dput(dentry);
+ }
+
+-/*
+- * Is it possible that this directory might turn out to be a DFS referral
+- * once we go to try and use it?
+- */
+-static bool
+-cifs_dfs_is_possible(struct cifs_sb_info *cifs_sb)
+-{
+-#ifdef CONFIG_CIFS_DFS_UPCALL
+- struct cifs_tcon *tcon = cifs_sb_master_tcon(cifs_sb);
+-
+- if (tcon->Flags & SMB_SHARE_IS_IN_DFS)
+- return true;
+-#endif
+- return false;
+-}
+-
+ static void
+ cifs_fill_common_info(struct cifs_fattr *fattr, struct cifs_sb_info *cifs_sb)
+ {
+@@ -159,27 +143,19 @@ cifs_fill_common_info(struct cifs_fattr
+ if (fattr->cf_cifsattrs & ATTR_DIRECTORY) {
+ fattr->cf_mode = S_IFDIR | cifs_sb->mnt_dir_mode;
+ fattr->cf_dtype = DT_DIR;
+- /*
+- * Windows CIFS servers generally make DFS referrals look
+- * like directories in FIND_* responses with the reparse
+- * attribute flag also set (since DFS junctions are
+- * reparse points). We must revalidate at least these
+- * directory inodes before trying to use them (if
+- * they are DFS we will get PATH_NOT_COVERED back
+- * when queried directly and can then try to connect
+- * to the DFS target)
+- */
+- if (cifs_dfs_is_possible(cifs_sb) &&
+- (fattr->cf_cifsattrs & ATTR_REPARSE))
+- fattr->cf_flags |= CIFS_FATTR_NEED_REVAL;
+- } else if (fattr->cf_cifsattrs & ATTR_REPARSE) {
+- fattr->cf_mode = S_IFLNK;
+- fattr->cf_dtype = DT_LNK;
+ } else {
+ fattr->cf_mode = S_IFREG | cifs_sb->mnt_file_mode;
+ fattr->cf_dtype = DT_REG;
+ }
+
++ /*
++ * We need to revalidate it further to make a decision about whether it
++ * is a symbolic link, DFS referral or a reparse point with a direct
++ * access like junctions, deduplicated files, NFS symlinks.
++ */
++ if (fattr->cf_cifsattrs & ATTR_REPARSE)
++ fattr->cf_flags |= CIFS_FATTR_NEED_REVAL;
++
+ /* non-unix readdir doesn't provide nlink */
+ fattr->cf_flags |= CIFS_FATTR_UNKNOWN_NLINK;
+
+--- a/fs/cifs/smb1ops.c
++++ b/fs/cifs/smb1ops.c
+@@ -534,10 +534,12 @@ cifs_is_path_accessible(const unsigned i
+ static int
+ cifs_query_path_info(const unsigned int xid, struct cifs_tcon *tcon,
+ struct cifs_sb_info *cifs_sb, const char *full_path,
+- FILE_ALL_INFO *data, bool *adjustTZ)
++ FILE_ALL_INFO *data, bool *adjustTZ, bool *symlink)
+ {
+ int rc;
+
++ *symlink = false;
++
+ /* could do find first instead but this returns more info */
+ rc = CIFSSMBQPathInfo(xid, tcon, full_path, data, 0 /* not legacy */,
+ cifs_sb->local_nls, cifs_sb->mnt_cifs_flags &
+@@ -554,6 +556,23 @@ cifs_query_path_info(const unsigned int
+ CIFS_MOUNT_MAP_SPECIAL_CHR);
+ *adjustTZ = true;
+ }
++
++ if (!rc && (le32_to_cpu(data->Attributes) & ATTR_REPARSE)) {
++ int tmprc;
++ int oplock = 0;
++ __u16 netfid;
++
++ /* Need to check if this is a symbolic link or not */
++ tmprc = CIFSSMBOpen(xid, tcon, full_path, FILE_OPEN,
++ FILE_READ_ATTRIBUTES, 0, &netfid, &oplock,
++ NULL, cifs_sb->local_nls,
++ cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
++ if (tmprc == -EOPNOTSUPP)
++ *symlink = true;
++ else
++ CIFSSMBClose(xid, tcon, netfid);
++ }
++
+ return rc;
+ }
+
+--- a/fs/cifs/smb2inode.c
++++ b/fs/cifs/smb2inode.c
+@@ -123,12 +123,13 @@ move_smb2_info_to_cifs(FILE_ALL_INFO *ds
+ int
+ smb2_query_path_info(const unsigned int xid, struct cifs_tcon *tcon,
+ struct cifs_sb_info *cifs_sb, const char *full_path,
+- FILE_ALL_INFO *data, bool *adjust_tz)
++ FILE_ALL_INFO *data, bool *adjust_tz, bool *symlink)
+ {
+ int rc;
+ struct smb2_file_all_info *smb2_data;
+
+ *adjust_tz = false;
++ *symlink = false;
+
+ smb2_data = kzalloc(sizeof(struct smb2_file_all_info) + MAX_NAME * 2,
+ GFP_KERNEL);
+@@ -136,9 +137,16 @@ smb2_query_path_info(const unsigned int
+ return -ENOMEM;
+
+ rc = smb2_open_op_close(xid, tcon, cifs_sb, full_path,
+- FILE_READ_ATTRIBUTES, FILE_OPEN,
+- OPEN_REPARSE_POINT, smb2_data,
+- SMB2_OP_QUERY_INFO);
++ FILE_READ_ATTRIBUTES, FILE_OPEN, 0,
++ smb2_data, SMB2_OP_QUERY_INFO);
++ if (rc == -EOPNOTSUPP) {
++ *symlink = true;
++ /* Failed on a symbolic link - query a reparse point info */
++ rc = smb2_open_op_close(xid, tcon, cifs_sb, full_path,
++ FILE_READ_ATTRIBUTES, FILE_OPEN,
++ OPEN_REPARSE_POINT, smb2_data,
++ SMB2_OP_QUERY_INFO);
++ }
+ if (rc)
+ goto out;
+
+--- a/fs/cifs/smb2proto.h
++++ b/fs/cifs/smb2proto.h
+@@ -61,7 +61,7 @@ extern void move_smb2_info_to_cifs(FILE_
+ extern int smb2_query_path_info(const unsigned int xid, struct cifs_tcon *tcon,
+ struct cifs_sb_info *cifs_sb,
+ const char *full_path, FILE_ALL_INFO *data,
+- bool *adjust_tz);
++ bool *adjust_tz, bool *symlink);
+ extern int smb2_set_path_size(const unsigned int xid, struct cifs_tcon *tcon,
+ const char *full_path, __u64 size,
+ struct cifs_sb_info *cifs_sb, bool set_alloc);
--- /dev/null
+From 1b28c3e628315ac0d9ef2d3fac0403f05ae692db Mon Sep 17 00:00:00 2001
+From: Dave Airlie <airlied@redhat.com>
+Date: Thu, 28 Nov 2013 05:39:03 +0000
+Subject: drm/qxl: fix memory leak in release list handling
+
+From: Dave Airlie <airlied@redhat.com>
+
+commit 1b28c3e628315ac0d9ef2d3fac0403f05ae692db upstream.
+
+wow no idea how I got this far without seeing this,
+leaking the entries in the list makes kmalloc-64 slab grow.
+
+References: https://bugzilla.kernel.org/show_bug.cgi?id=65121
+Reported-by: Matthew Stapleton <matthew4196@gmail.com>
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/qxl/qxl_release.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/gpu/drm/qxl/qxl_release.c
++++ b/drivers/gpu/drm/qxl/qxl_release.c
+@@ -92,6 +92,7 @@ qxl_release_free(struct qxl_device *qdev
+ - DRM_FILE_OFFSET);
+ qxl_fence_remove_release(&bo->fence, release->id);
+ qxl_bo_unref(&bo);
++ kfree(entry);
+ }
+ spin_lock(&qdev->release_idr_lock);
+ idr_remove(&qdev->release_idr, release->id);
--- /dev/null
+From 8a56d7761d2d041ae5e8215d20b4167d8aa93f51 Mon Sep 17 00:00:00 2001
+From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
+Date: Mon, 25 Nov 2013 20:59:46 -0500
+Subject: ftrace: Fix function graph with loading of modules
+
+From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
+
+commit 8a56d7761d2d041ae5e8215d20b4167d8aa93f51 upstream.
+
+Commit 8c4f3c3fa9681 "ftrace: Check module functions being traced on reload"
+fixed module loading and unloading with respect to function tracing, but
+it missed the function graph tracer. If you perform the following
+
+ # cd /sys/kernel/debug/tracing
+ # echo function_graph > current_tracer
+ # modprobe nfsd
+ # echo nop > current_tracer
+
+You'll get the following oops message:
+
+ ------------[ cut here ]------------
+ WARNING: CPU: 2 PID: 2910 at /linux.git/kernel/trace/ftrace.c:1640 __ftrace_hash_rec_update.part.35+0x168/0x1b9()
+ Modules linked in: nfsd exportfs nfs_acl lockd ipt_MASQUERADE sunrpc ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables uinput snd_hda_codec_idt
+ CPU: 2 PID: 2910 Comm: bash Not tainted 3.13.0-rc1-test #7
+ Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./To be filled by O.E.M., BIOS SDBLI944.86P 05/08/2007
+ 0000000000000668 ffff8800787efcf8 ffffffff814fe193 ffff88007d500000
+ 0000000000000000 ffff8800787efd38 ffffffff8103b80a 0000000000000668
+ ffffffff810b2b9a ffffffff81a48370 0000000000000001 ffff880037aea000
+ Call Trace:
+ [<ffffffff814fe193>] dump_stack+0x4f/0x7c
+ [<ffffffff8103b80a>] warn_slowpath_common+0x81/0x9b
+ [<ffffffff810b2b9a>] ? __ftrace_hash_rec_update.part.35+0x168/0x1b9
+ [<ffffffff8103b83e>] warn_slowpath_null+0x1a/0x1c
+ [<ffffffff810b2b9a>] __ftrace_hash_rec_update.part.35+0x168/0x1b9
+ [<ffffffff81502f89>] ? __mutex_lock_slowpath+0x364/0x364
+ [<ffffffff810b2cc2>] ftrace_shutdown+0xd7/0x12b
+ [<ffffffff810b47f0>] unregister_ftrace_graph+0x49/0x78
+ [<ffffffff810c4b30>] graph_trace_reset+0xe/0x10
+ [<ffffffff810bf393>] tracing_set_tracer+0xa7/0x26a
+ [<ffffffff810bf5e1>] tracing_set_trace_write+0x8b/0xbd
+ [<ffffffff810c501c>] ? ftrace_return_to_handler+0xb2/0xde
+ [<ffffffff811240a8>] ? __sb_end_write+0x5e/0x5e
+ [<ffffffff81122aed>] vfs_write+0xab/0xf6
+ [<ffffffff8150a185>] ftrace_graph_caller+0x85/0x85
+ [<ffffffff81122dbd>] SyS_write+0x59/0x82
+ [<ffffffff8150a185>] ftrace_graph_caller+0x85/0x85
+ [<ffffffff8150a2d2>] system_call_fastpath+0x16/0x1b
+ ---[ end trace 940358030751eafb ]---
+
+The above mentioned commit didn't go far enough. Well, it covered the
+function tracer by adding checks in __register_ftrace_function(). The
+problem is that the function graph tracer circumvents that (for a slight
+efficiency gain when function graph trace is running with a function
+tracer. The gain was not worth this).
+
+The problem came with ftrace_startup() which should always be called after
+__register_ftrace_function(), if you want this bug to be completely fixed.
+
+Anyway, this solution moves __register_ftrace_function() inside of
+ftrace_startup() and removes the need to call them both.
+
+Reported-by: Dave Wysochanski <dwysocha@redhat.com>
+Fixes: ed926f9b35cd ("ftrace: Use counters to enable functions to trace")
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/trace/ftrace.c | 64 +++++++++++++++++++++++++++-----------------------
+ 1 file changed, 35 insertions(+), 29 deletions(-)
+
+--- a/kernel/trace/ftrace.c
++++ b/kernel/trace/ftrace.c
+@@ -367,9 +367,6 @@ static int remove_ftrace_list_ops(struct
+
+ static int __register_ftrace_function(struct ftrace_ops *ops)
+ {
+- if (unlikely(ftrace_disabled))
+- return -ENODEV;
+-
+ if (FTRACE_WARN_ON(ops == &global_ops))
+ return -EINVAL;
+
+@@ -428,9 +425,6 @@ static int __unregister_ftrace_function(
+ {
+ int ret;
+
+- if (ftrace_disabled)
+- return -ENODEV;
+-
+ if (WARN_ON(!(ops->flags & FTRACE_OPS_FL_ENABLED)))
+ return -EBUSY;
+
+@@ -2088,10 +2082,15 @@ static void ftrace_startup_enable(int co
+ static int ftrace_startup(struct ftrace_ops *ops, int command)
+ {
+ bool hash_enable = true;
++ int ret;
+
+ if (unlikely(ftrace_disabled))
+ return -ENODEV;
+
++ ret = __register_ftrace_function(ops);
++ if (ret)
++ return ret;
++
+ ftrace_start_up++;
+ command |= FTRACE_UPDATE_CALLS;
+
+@@ -2113,12 +2112,17 @@ static int ftrace_startup(struct ftrace_
+ return 0;
+ }
+
+-static void ftrace_shutdown(struct ftrace_ops *ops, int command)
++static int ftrace_shutdown(struct ftrace_ops *ops, int command)
+ {
+ bool hash_disable = true;
++ int ret;
+
+ if (unlikely(ftrace_disabled))
+- return;
++ return -ENODEV;
++
++ ret = __unregister_ftrace_function(ops);
++ if (ret)
++ return ret;
+
+ ftrace_start_up--;
+ /*
+@@ -2153,9 +2157,10 @@ static void ftrace_shutdown(struct ftrac
+ }
+
+ if (!command || !ftrace_enabled)
+- return;
++ return 0;
+
+ ftrace_run_update_code(command);
++ return 0;
+ }
+
+ static void ftrace_startup_sysctl(void)
+@@ -3060,16 +3065,13 @@ static void __enable_ftrace_function_pro
+ if (i == FTRACE_FUNC_HASHSIZE)
+ return;
+
+- ret = __register_ftrace_function(&trace_probe_ops);
+- if (!ret)
+- ret = ftrace_startup(&trace_probe_ops, 0);
++ ret = ftrace_startup(&trace_probe_ops, 0);
+
+ ftrace_probe_registered = 1;
+ }
+
+ static void __disable_ftrace_function_probe(void)
+ {
+- int ret;
+ int i;
+
+ if (!ftrace_probe_registered)
+@@ -3082,9 +3084,7 @@ static void __disable_ftrace_function_pr
+ }
+
+ /* no more funcs left */
+- ret = __unregister_ftrace_function(&trace_probe_ops);
+- if (!ret)
+- ftrace_shutdown(&trace_probe_ops, 0);
++ ftrace_shutdown(&trace_probe_ops, 0);
+
+ ftrace_probe_registered = 0;
+ }
+@@ -4290,12 +4290,15 @@ core_initcall(ftrace_nodyn_init);
+ static inline int ftrace_init_dyn_debugfs(struct dentry *d_tracer) { return 0; }
+ static inline void ftrace_startup_enable(int command) { }
+ /* Keep as macros so we do not need to define the commands */
+-# define ftrace_startup(ops, command) \
+- ({ \
+- (ops)->flags |= FTRACE_OPS_FL_ENABLED; \
+- 0; \
++# define ftrace_startup(ops, command) \
++ ({ \
++ int ___ret = __register_ftrace_function(ops); \
++ if (!___ret) \
++ (ops)->flags |= FTRACE_OPS_FL_ENABLED; \
++ ___ret; \
+ })
+-# define ftrace_shutdown(ops, command) do { } while (0)
++# define ftrace_shutdown(ops, command) __unregister_ftrace_function(ops)
++
+ # define ftrace_startup_sysctl() do { } while (0)
+ # define ftrace_shutdown_sysctl() do { } while (0)
+
+@@ -4695,9 +4698,7 @@ int register_ftrace_function(struct ftra
+
+ mutex_lock(&ftrace_lock);
+
+- ret = __register_ftrace_function(ops);
+- if (!ret)
+- ret = ftrace_startup(ops, 0);
++ ret = ftrace_startup(ops, 0);
+
+ mutex_unlock(&ftrace_lock);
+
+@@ -4716,9 +4717,7 @@ int unregister_ftrace_function(struct ft
+ int ret;
+
+ mutex_lock(&ftrace_lock);
+- ret = __unregister_ftrace_function(ops);
+- if (!ret)
+- ftrace_shutdown(ops, 0);
++ ret = ftrace_shutdown(ops, 0);
+ mutex_unlock(&ftrace_lock);
+
+ return ret;
+@@ -4912,6 +4911,13 @@ ftrace_suspend_notifier_call(struct noti
+ return NOTIFY_DONE;
+ }
+
++/* Just a place holder for function graph */
++static struct ftrace_ops fgraph_ops __read_mostly = {
++ .func = ftrace_stub,
++ .flags = FTRACE_OPS_FL_STUB | FTRACE_OPS_FL_GLOBAL |
++ FTRACE_OPS_FL_RECURSION_SAFE,
++};
++
+ int register_ftrace_graph(trace_func_graph_ret_t retfunc,
+ trace_func_graph_ent_t entryfunc)
+ {
+@@ -4938,7 +4944,7 @@ int register_ftrace_graph(trace_func_gra
+ ftrace_graph_return = retfunc;
+ ftrace_graph_entry = entryfunc;
+
+- ret = ftrace_startup(&global_ops, FTRACE_START_FUNC_RET);
++ ret = ftrace_startup(&fgraph_ops, FTRACE_START_FUNC_RET);
+
+ out:
+ mutex_unlock(&ftrace_lock);
+@@ -4955,7 +4961,7 @@ void unregister_ftrace_graph(void)
+ ftrace_graph_active--;
+ ftrace_graph_return = (trace_func_graph_ret_t)ftrace_stub;
+ ftrace_graph_entry = ftrace_graph_entry_stub;
+- ftrace_shutdown(&global_ops, FTRACE_STOP_FUNC_RET);
++ ftrace_shutdown(&fgraph_ops, FTRACE_STOP_FUNC_RET);
+ unregister_pm_notifier(&ftrace_suspend_notifier);
+ unregister_trace_sched_switch(ftrace_graph_probe_sched_switch, NULL);
+
--- /dev/null
+From d03b4aa77e1187b77dfe37d14a923547f00baa66 Mon Sep 17 00:00:00 2001
+From: Avinash Patil <patila@marvell.com>
+Date: Tue, 5 Nov 2013 15:01:44 -0800
+Subject: mwifiex: correct packet length for packets from SDIO interface
+
+From: Avinash Patil <patila@marvell.com>
+
+commit d03b4aa77e1187b77dfe37d14a923547f00baa66 upstream.
+
+While receiving a packet on SDIO interface, we allocate skb with
+size multiple of SDIO block size. We need to resize this skb
+after RX using packet length from RX header.
+
+Signed-off-by: Avinash Patil <patila@marvell.com>
+Signed-off-by: Bing Zhao <bzhao@marvell.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/mwifiex/sdio.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/net/wireless/mwifiex/sdio.c
++++ b/drivers/net/wireless/mwifiex/sdio.c
+@@ -1029,7 +1029,10 @@ static int mwifiex_decode_rx_packet(stru
+ struct sk_buff *skb, u32 upld_typ)
+ {
+ u8 *cmd_buf;
++ __le16 *curr_ptr = (__le16 *)skb->data;
++ u16 pkt_len = le16_to_cpu(*curr_ptr);
+
++ skb_trim(skb, pkt_len);
+ skb_pull(skb, INTF_HEADER_LEN);
+
+ switch (upld_typ) {
--- /dev/null
+From 8d93f1f309d38b65fce0b9f0de91ba6c96990c07 Mon Sep 17 00:00:00 2001
+From: Ujjal Roy <royujjal@gmail.com>
+Date: Tue, 5 Nov 2013 15:01:45 -0800
+Subject: mwifiex: fix wrong eth_hdr usage for bridged packets in AP mode
+
+From: Ujjal Roy <royujjal@gmail.com>
+
+commit 8d93f1f309d38b65fce0b9f0de91ba6c96990c07 upstream.
+
+The eth_hdr is never defined in this driver but it gets compiled
+without any warning/error because kernel has defined eth_hdr.
+
+Fix it by defining our own p_ethhdr and use it instead of eth_hdr.
+
+Signed-off-by: Ujjal Roy <royujjal@gmail.com>
+Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
+Signed-off-by: Bing Zhao <bzhao@marvell.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/mwifiex/uap_txrx.c | 29 ++++++++++++++++++++++++++---
+ 1 file changed, 26 insertions(+), 3 deletions(-)
+
+--- a/drivers/net/wireless/mwifiex/uap_txrx.c
++++ b/drivers/net/wireless/mwifiex/uap_txrx.c
+@@ -97,6 +97,7 @@ static void mwifiex_uap_queue_bridged_pk
+ struct mwifiex_txinfo *tx_info;
+ int hdr_chop;
+ struct timeval tv;
++ struct ethhdr *p_ethhdr;
+ u8 rfc1042_eth_hdr[ETH_ALEN] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
+
+ uap_rx_pd = (struct uap_rxpd *)(skb->data);
+@@ -112,14 +113,36 @@ static void mwifiex_uap_queue_bridged_pk
+ }
+
+ if (!memcmp(&rx_pkt_hdr->rfc1042_hdr,
+- rfc1042_eth_hdr, sizeof(rfc1042_eth_hdr)))
++ rfc1042_eth_hdr, sizeof(rfc1042_eth_hdr))) {
++ /* Replace the 803 header and rfc1042 header (llc/snap) with
++ * an Ethernet II header, keep the src/dst and snap_type
++ * (ethertype).
++ *
++ * The firmware only passes up SNAP frames converting all RX
++ * data from 802.11 to 802.2/LLC/SNAP frames.
++ *
++ * To create the Ethernet II, just move the src, dst address
++ * right before the snap_type.
++ */
++ p_ethhdr = (struct ethhdr *)
++ ((u8 *)(&rx_pkt_hdr->eth803_hdr)
++ + sizeof(rx_pkt_hdr->eth803_hdr)
++ + sizeof(rx_pkt_hdr->rfc1042_hdr)
++ - sizeof(rx_pkt_hdr->eth803_hdr.h_dest)
++ - sizeof(rx_pkt_hdr->eth803_hdr.h_source)
++ - sizeof(rx_pkt_hdr->rfc1042_hdr.snap_type));
++ memcpy(p_ethhdr->h_source, rx_pkt_hdr->eth803_hdr.h_source,
++ sizeof(p_ethhdr->h_source));
++ memcpy(p_ethhdr->h_dest, rx_pkt_hdr->eth803_hdr.h_dest,
++ sizeof(p_ethhdr->h_dest));
+ /* Chop off the rxpd + the excess memory from
+ * 802.2/llc/snap header that was removed.
+ */
+- hdr_chop = (u8 *)eth_hdr - (u8 *)uap_rx_pd;
+- else
++ hdr_chop = (u8 *)p_ethhdr - (u8 *)uap_rx_pd;
++ } else {
+ /* Chop off the rxpd */
+ hdr_chop = (u8 *)&rx_pkt_hdr->eth803_hdr - (u8 *)uap_rx_pd;
++ }
+
+ /* Chop off the leading header bytes so the it points
+ * to the start of either the reconstructed EthII frame
--- /dev/null
+From 42458f41d08f0873299e830464c1232a6839297d Mon Sep 17 00:00:00 2001
+From: Peter Hurley <peter@hurleysoftware.com>
+Date: Thu, 7 Nov 2013 13:59:46 -0500
+Subject: n_tty: Ensure reader restarts worker for next reader
+
+From: Peter Hurley <peter@hurleysoftware.com>
+
+commit 42458f41d08f0873299e830464c1232a6839297d upstream.
+
+A departing reader must restart a flush_to_ldisc() worker _before_
+the next reader enters the read loop; this is to avoid the new reader
+concluding no more i/o is available and prematurely exiting, when the
+old reader simply hasn't re-started the worker yet.
+
+Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/n_tty.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/tty/n_tty.c
++++ b/drivers/tty/n_tty.c
+@@ -2253,6 +2253,9 @@ static ssize_t n_tty_read(struct tty_str
+ if (time)
+ timeout = time;
+ }
++ n_tty_set_room(tty);
++ up_read(&tty->termios_rwsem);
++
+ mutex_unlock(&ldata->atomic_read_lock);
+ remove_wait_queue(&tty->read_wait, &wait);
+
+@@ -2263,8 +2266,6 @@ static ssize_t n_tty_read(struct tty_str
+ if (b - buf)
+ retval = b - buf;
+
+- n_tty_set_room(tty);
+- up_read(&tty->termios_rwsem);
+ return retval;
+ }
+
--- /dev/null
+From c77569d2f3ef7844ee4ac7005a57da6898b302a8 Mon Sep 17 00:00:00 2001
+From: Peter Hurley <peter@hurleysoftware.com>
+Date: Fri, 22 Nov 2013 07:16:25 -0500
+Subject: n_tty: Fix 4096-byte canonical reads
+
+From: Peter Hurley <peter@hurleysoftware.com>
+
+commit c77569d2f3ef7844ee4ac7005a57da6898b302a8 upstream.
+
+Although the maximum allowable canonical line is specified to
+be 255 bytes (MAX_CANON), the practical limit has actually been
+the size of the line discipline read buffer (N_TTY_BUF_SIZE == 4096).
+
+Commit 32f13521ca68bc624ff6effc77f308a52b038bf0,
+n_tty: Line copy to user buffer in canonical mode, limited the
+line copy to 4095 bytes. With a completely full line discipline
+read buffer and a userspace buffer > 4095, _no_ data was copied,
+and the read() syscall returned 0, indicating EOF.
+
+Fix the interval arithmetic to compute the correct number of bytes
+to copy to userspace in the range [1..4096].
+
+Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/n_tty.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/tty/n_tty.c
++++ b/drivers/tty/n_tty.c
+@@ -2005,7 +2005,10 @@ static int canon_copy_from_read_buf(stru
+ found = 1;
+
+ size = N_TTY_BUF_SIZE - tail;
+- n = (found + eol + size) & (N_TTY_BUF_SIZE - 1);
++ n = eol - tail;
++ if (n > 4096)
++ n += 4096;
++ n += found;
+ c = n;
+
+ if (found && read_buf(ldata, eol) == __DISABLED_CHAR) {
--- /dev/null
+From 6f2225363c205e186c1465c2c7c84f17c1635504 Mon Sep 17 00:00:00 2001
+From: Peter Hurley <peter@hurleysoftware.com>
+Date: Fri, 8 Nov 2013 09:42:18 -0500
+Subject: n_tty: Fix echo overrun tail computation
+
+From: Peter Hurley <peter@hurleysoftware.com>
+
+commit 6f2225363c205e186c1465c2c7c84f17c1635504 upstream.
+
+Commit cbfd0340ae1993378fd47179db949e050e16e697,
+'n_tty: Process echoes in blocks', introduced an error when
+consuming the echo buffer tail to prevent buffer overrun, where
+the incorrect operation code byte is checked to determine how
+far to advance the tail to the next echo byte.
+
+Check the correct byte for the echo operation code byte.
+
+Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/n_tty.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/tty/n_tty.c
++++ b/drivers/tty/n_tty.c
+@@ -768,7 +768,7 @@ static size_t __process_echoes(struct tt
+ * data at the tail to prevent a subsequent overrun */
+ while (ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) {
+ if (echo_buf(ldata, tail) == ECHO_OP_START) {
+- if (echo_buf(ldata, tail) == ECHO_OP_ERASE_TAB)
++ if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB)
+ tail += 3;
+ else
+ tail += 2;
--- /dev/null
+From e7cc5cf74544d97d7b69e2701595037474db1f96 Mon Sep 17 00:00:00 2001
+From: Yinghai Lu <yinghai@kernel.org>
+Date: Mon, 18 Nov 2013 17:02:45 -0700
+Subject: PCI: Remove duplicate pci_disable_device() from pcie_portdrv_remove()
+
+From: Yinghai Lu <yinghai@kernel.org>
+
+commit e7cc5cf74544d97d7b69e2701595037474db1f96 upstream.
+
+The pcie_portdrv .probe() method calls pci_enable_device() once, in
+pcie_port_device_register(), but the .remove() method calls
+pci_disable_device() twice, in pcie_port_device_remove() and in
+pcie_portdrv_remove().
+
+That causes a "disabling already-disabled device" warning when removing a
+PCIe port device. This happens all the time when removing Thunderbolt
+devices, but is also easy to reproduce with, e.g.,
+"echo 0000:00:1c.3 > /sys/bus/pci/drivers/pcieport/unbind"
+
+This patch removes the disable from pcie_portdrv_remove().
+
+[bhelgaas: changelog, tag for stable]
+Reported-by: David Bulkow <David.Bulkow@stratus.com>
+Reported-by: Mika Westerberg <mika.westerberg@linux.intel.com>
+Signed-off-by: Yinghai Lu <yinghai@kernel.org>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/pcie/portdrv_pci.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/drivers/pci/pcie/portdrv_pci.c
++++ b/drivers/pci/pcie/portdrv_pci.c
+@@ -223,7 +223,6 @@ static int pcie_portdrv_probe(struct pci
+ static void pcie_portdrv_remove(struct pci_dev *dev)
+ {
+ pcie_port_device_remove(dev);
+- pci_disable_device(dev);
+ }
+
+ static int error_detected_iter(struct device *device, void *data)
--- /dev/null
+From 8e3ffa471091c560deb6738ed9ab7445b7a5fd04 Mon Sep 17 00:00:00 2001
+From: Dan Williams <dcbw@redhat.com>
+Date: Fri, 8 Nov 2013 13:39:44 -0600
+Subject: prism54: set netdev type to "wlan"
+
+From: Dan Williams <dcbw@redhat.com>
+
+commit 8e3ffa471091c560deb6738ed9ab7445b7a5fd04 upstream.
+
+Userspace uses the netdev devtype for stuff like device naming and type
+detection. Be nice and set it. Remove the pointless #if/#endif around
+SET_NETDEV_DEV too.
+
+Signed-off-by: Dan Williams <dcbw@redhat.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/prism54/islpci_dev.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/wireless/prism54/islpci_dev.c
++++ b/drivers/net/wireless/prism54/islpci_dev.c
+@@ -811,6 +811,10 @@ static const struct net_device_ops islpc
+ .ndo_validate_addr = eth_validate_addr,
+ };
+
++static struct device_type wlan_type = {
++ .name = "wlan",
++};
++
+ struct net_device *
+ islpci_setup(struct pci_dev *pdev)
+ {
+@@ -821,9 +825,8 @@ islpci_setup(struct pci_dev *pdev)
+ return ndev;
+
+ pci_set_drvdata(pdev, ndev);
+-#if defined(SET_NETDEV_DEV)
+ SET_NETDEV_DEV(ndev, &pdev->dev);
+-#endif
++ SET_NETDEV_DEVTYPE(ndev, &wlan_type);
+
+ /* setup the structure members */
+ ndev->base_addr = pci_resource_start(pdev, 0);
--- /dev/null
+From cc87509d87696d7cd393882f5dedea01e03e41a9 Mon Sep 17 00:00:00 2001
+From: Dave Airlie <airlied@redhat.com>
+Date: Mon, 4 Nov 2013 16:38:08 +1000
+Subject: qxl: avoid an oops in the deferred io code.
+
+From: Dave Airlie <airlied@redhat.com>
+
+commit cc87509d87696d7cd393882f5dedea01e03e41a9 upstream.
+
+If we are using deferred io due to plymouth or X.org fbdev driver
+we will oops in memcpy due to this pointless multiply here,
+
+removing it fixes fbdev to start and not oops.
+
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/qxl/qxl_fb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/qxl/qxl_fb.c
++++ b/drivers/gpu/drm/qxl/qxl_fb.c
+@@ -108,7 +108,7 @@ static void qxl_fb_dirty_flush(struct fb
+ u32 x1, x2, y1, y2;
+
+ /* TODO: hard coding 32 bpp */
+- int stride = qfbdev->qfb.base.pitches[0] * 4;
++ int stride = qfbdev->qfb.base.pitches[0];
+
+ x1 = qfbdev->dirty.x1;
+ x2 = qfbdev->dirty.x2;
--- /dev/null
+From 88baf7148e899db7e0b676e4363647f50e48eaed Mon Sep 17 00:00:00 2001
+From: Tim Harvey <tharvey@gateworks.com>
+Date: Tue, 5 Nov 2013 21:17:25 -0800
+Subject: regulator: pfuze100: allow misprogrammed ID
+
+From: Tim Harvey <tharvey@gateworks.com>
+
+commit 88baf7148e899db7e0b676e4363647f50e48eaed upstream.
+
+prior to week 08 of 2013 Freescale misprogrammed between 1 and 3% of
+PFUZE1000 parts with a ID=0x8 instead of the expected ID=0x0
+
+Signed-off-by: Tim Harvey <tharvey@gateworks.com>
+Signed-off-by: Mark Brown <broonie@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/regulator/pfuze100-regulator.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+--- a/drivers/regulator/pfuze100-regulator.c
++++ b/drivers/regulator/pfuze100-regulator.c
+@@ -308,9 +308,15 @@ static int pfuze_identify(struct pfuze_c
+ if (ret)
+ return ret;
+
+- if (value & 0x0f) {
+- dev_warn(pfuze_chip->dev, "Illegal ID: %x\n", value);
+- return -ENODEV;
++ switch (value & 0x0f) {
++ /* Freescale misprogrammed 1-3% of parts prior to week 8 of 2013 as ID=8 */
++ case 0x8:
++ dev_info(pfuze_chip->dev, "Assuming misprogrammed ID=0x8");
++ case 0x0:
++ break;
++ default:
++ dev_warn(pfuze_chip->dev, "Illegal ID: %x\n", value);
++ return -ENODEV;
+ }
+
+ ret = regmap_read(pfuze_chip->regmap, PFUZE100_REVID, &value);
--- /dev/null
+From 42d64e1add3a1ce8a787116036163b8724362145 Mon Sep 17 00:00:00 2001
+From: Paul Moore <pmoore@redhat.com>
+Date: Thu, 26 Sep 2013 17:00:46 -0400
+Subject: selinux: correct locking in selinux_netlbl_socket_connect)
+
+From: Paul Moore <pmoore@redhat.com>
+
+commit 42d64e1add3a1ce8a787116036163b8724362145 upstream.
+
+The SELinux/NetLabel glue code has a locking bug that affects systems
+with NetLabel enabled, see the kernel error message below. This patch
+corrects this problem by converting the bottom half socket lock to a
+more conventional, and correct for this call-path, lock_sock() call.
+
+ ===============================
+ [ INFO: suspicious RCU usage. ]
+ 3.11.0-rc3+ #19 Not tainted
+ -------------------------------
+ net/ipv4/cipso_ipv4.c:1928 suspicious rcu_dereference_protected() usage!
+
+ other info that might help us debug this:
+
+ rcu_scheduler_active = 1, debug_locks = 0
+ 2 locks held by ping/731:
+ #0: (slock-AF_INET/1){+.-...}, at: [...] selinux_netlbl_socket_connect
+ #1: (rcu_read_lock){.+.+..}, at: [<...>] netlbl_conn_setattr
+
+ stack backtrace:
+ CPU: 1 PID: 731 Comm: ping Not tainted 3.11.0-rc3+ #19
+ Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
+ 0000000000000001 ffff88006f659d28 ffffffff81726b6a ffff88003732c500
+ ffff88006f659d58 ffffffff810e4457 ffff88006b845a00 0000000000000000
+ 000000000000000c ffff880075aa2f50 ffff88006f659d90 ffffffff8169bec7
+ Call Trace:
+ [<ffffffff81726b6a>] dump_stack+0x54/0x74
+ [<ffffffff810e4457>] lockdep_rcu_suspicious+0xe7/0x120
+ [<ffffffff8169bec7>] cipso_v4_sock_setattr+0x187/0x1a0
+ [<ffffffff8170f317>] netlbl_conn_setattr+0x187/0x190
+ [<ffffffff8170f195>] ? netlbl_conn_setattr+0x5/0x190
+ [<ffffffff8131ac9e>] selinux_netlbl_socket_connect+0xae/0xc0
+ [<ffffffff81303025>] selinux_socket_connect+0x135/0x170
+ [<ffffffff8119d127>] ? might_fault+0x57/0xb0
+ [<ffffffff812fb146>] security_socket_connect+0x16/0x20
+ [<ffffffff815d3ad3>] SYSC_connect+0x73/0x130
+ [<ffffffff81739a85>] ? sysret_check+0x22/0x5d
+ [<ffffffff810e5e2d>] ? trace_hardirqs_on_caller+0xfd/0x1c0
+ [<ffffffff81373d4e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
+ [<ffffffff815d52be>] SyS_connect+0xe/0x10
+ [<ffffffff81739a59>] system_call_fastpath+0x16/0x1b
+
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/selinux/netlabel.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+--- a/security/selinux/netlabel.c
++++ b/security/selinux/netlabel.c
+@@ -442,8 +442,7 @@ int selinux_netlbl_socket_connect(struct
+ sksec->nlbl_state != NLBL_CONNLABELED)
+ return 0;
+
+- local_bh_disable();
+- bh_lock_sock_nested(sk);
++ lock_sock(sk);
+
+ /* connected sockets are allowed to disconnect when the address family
+ * is set to AF_UNSPEC, if that is what is happening we want to reset
+@@ -464,7 +463,6 @@ int selinux_netlbl_socket_connect(struct
+ sksec->nlbl_state = NLBL_CONNLABELED;
+
+ socket_connect_return:
+- bh_unlock_sock(sk);
+- local_bh_enable();
++ release_sock(sk);
+ return rc;
+ }
pm-hibernate-avoid-overflow-in-hibernate_preallocate_memory.patch
pm-runtime-use-pm_runtime_put_sync-in-__device_release_driver.patch
pm-hibernate-do-not-crash-kernel-in-free_basic_memory_bitmaps.patch
+qxl-avoid-an-oops-in-the-deferred-io-code.patch
+drm-qxl-fix-memory-leak-in-release-list-handling.patch
+bcache-fix-dirty_data-accounting.patch
+cifs-fix-symbolic-links-usage.patch
+mwifiex-correct-packet-length-for-packets-from-sdio-interface.patch
+mwifiex-fix-wrong-eth_hdr-usage-for-bridged-packets-in-ap-mode.patch
+audit-printk-user_avc-messages-when-audit-isn-t-enabled.patch
+audit-use-nlmsg_len-to-get-message-payload-length.patch
+audit-fix-info-leak-in-audit_get-requests.patch
+audit-add-child-record-before-the-create-to-handle-case-where-create-fails.patch
+audit-log-the-audit_names-record-type.patch
+pci-remove-duplicate-pci_disable_device-from-pcie_portdrv_remove.patch
+acpi-hotplug-fix-conflicted-pci-bridge-notify-handlers.patch
+selinux-correct-locking-in-selinux_netlbl_socket_connect.patch
+avr32-setup-crt-for-early-panic.patch
+avr32-fix-out-of-range-jump-in-large-kernels.patch
+n_tty-fix-4096-byte-canonical-reads.patch
+tty-incorrect-test-of-echo_buf-result-for-echo_op_start.patch
+n_tty-fix-echo-overrun-tail-computation.patch
+tty-reset-hupped-state-on-open.patch
+n_tty-ensure-reader-restarts-worker-for-next-reader.patch
+prism54-set-netdev-type-to-wlan.patch
+regulator-pfuze100-allow-misprogrammed-id.patch
+sony-laptop-do-not-scribble-keyboard-backlight-registers-on.patch
+ftrace-fix-function-graph-with-loading-of-modules.patch
--- /dev/null
+From b975dc3689fc6a3718ad288ce080924f9cb7e176 Mon Sep 17 00:00:00 2001
+From: Mattia Dongili <malattia@linux.it>
+Date: Tue, 26 Nov 2013 07:43:50 +0900
+Subject: sony-laptop: do not scribble keyboard backlight registers on
+ resume
+
+From: Mattia Dongili <malattia@linux.it>
+
+commit b975dc3689fc6a3718ad288ce080924f9cb7e176 upstream.
+
+Follow-up to commit 294d31e8227c ("sony-laptop: don't change keyboard
+backlight settings"): avoid messing up the state on resume. Leave it to
+what was before suspending as it's anyway likely that we still don't
+know what value we should write to the EC registers. This fix is also
+required in 3.12
+
+Tested-by: Karol Babioch <karol@babioch.de>
+Signed-off-by: Mattia Dongili <malattia@linux.it>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/platform/x86/sony-laptop.c | 27 ---------------------------
+ 1 file changed, 27 deletions(-)
+
+--- a/drivers/platform/x86/sony-laptop.c
++++ b/drivers/platform/x86/sony-laptop.c
+@@ -140,7 +140,6 @@ MODULE_PARM_DESC(kbd_backlight_timeout,
+ "on the model (default: no change from current value)");
+
+ #ifdef CONFIG_PM_SLEEP
+-static void sony_nc_kbd_backlight_resume(void);
+ static void sony_nc_thermal_resume(void);
+ #endif
+ static int sony_nc_kbd_backlight_setup(struct platform_device *pd,
+@@ -1486,13 +1485,6 @@ static void sony_nc_function_resume(void
+ case 0x0135:
+ sony_nc_rfkill_update();
+ break;
+- case 0x0137:
+- case 0x0143:
+- case 0x014b:
+- case 0x014c:
+- case 0x0163:
+- sony_nc_kbd_backlight_resume();
+- break;
+ default:
+ continue;
+ }
+@@ -1894,25 +1886,6 @@ static void sony_nc_kbd_backlight_cleanu
+ }
+ }
+
+-#ifdef CONFIG_PM_SLEEP
+-static void sony_nc_kbd_backlight_resume(void)
+-{
+- int ignore = 0;
+-
+- if (!kbdbl_ctl)
+- return;
+-
+- if (kbdbl_ctl->mode == 0)
+- sony_call_snc_handle(kbdbl_ctl->handle, kbdbl_ctl->base,
+- &ignore);
+-
+- if (kbdbl_ctl->timeout != 0)
+- sony_call_snc_handle(kbdbl_ctl->handle,
+- (kbdbl_ctl->base + 0x200) |
+- (kbdbl_ctl->timeout << 0x10), &ignore);
+-}
+-#endif
+-
+ struct battery_care_control {
+ struct device_attribute attrs[2];
+ unsigned int handle;
--- /dev/null
+From c476f6584b0011741b4f0316f1ac4aa3a99403e1 Mon Sep 17 00:00:00 2001
+From: Roel Kluin <roel.kluin@gmail.com>
+Date: Fri, 11 Oct 2013 22:08:49 +0200
+Subject: tty: incorrect test of echo_buf() result for ECHO_OP_START
+
+From: Roel Kluin <roel.kluin@gmail.com>
+
+commit c476f6584b0011741b4f0316f1ac4aa3a99403e1 upstream.
+
+test echo_buf() result for ECHO_OP_START
+
+Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
+Acked-by: Peter Hurley <peter@hurleysoftware.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/n_tty.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/tty/n_tty.c
++++ b/drivers/tty/n_tty.c
+@@ -767,7 +767,7 @@ static size_t __process_echoes(struct tt
+ * of echo overrun before the next commit), then discard enough
+ * data at the tail to prevent a subsequent overrun */
+ while (ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) {
+- if (echo_buf(ldata, tail == ECHO_OP_START)) {
++ if (echo_buf(ldata, tail) == ECHO_OP_START) {
+ if (echo_buf(ldata, tail) == ECHO_OP_ERASE_TAB)
+ tail += 3;
+ else
--- /dev/null
+From d4855e1fc03c2bb32dd64badf51cec5a2a26ab2a Mon Sep 17 00:00:00 2001
+From: Peter Hurley <peter@hurleysoftware.com>
+Date: Tue, 19 Nov 2013 08:46:27 -0500
+Subject: tty: Reset hupped state on open
+
+From: Peter Hurley <peter@hurleysoftware.com>
+
+commit d4855e1fc03c2bb32dd64badf51cec5a2a26ab2a upstream.
+
+A common security idiom is to hangup the current tty (via vhangup())
+after forking but before execing a root shell. This hangs up any
+existing opens which other processes may have and ensures subsequent
+opens have the necessary permissions to open the root shell tty/pty.
+
+Reset the TTY_HUPPED state after the driver has successfully
+returned the opened tty (perform the reset while the tty is locked
+to avoid racing with concurrent hangups).
+
+Reported-by: Heorhi Valakhanovich <valahanovich@tut.by>
+Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
+Tested-by: Heorhi Valakhanovich <valahanovich@tut.by>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/tty_io.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/tty/tty_io.c
++++ b/drivers/tty/tty_io.c
+@@ -2086,6 +2086,7 @@ retry_open:
+ filp->f_op = &tty_fops;
+ goto retry_open;
+ }
++ clear_bit(TTY_HUPPED, &tty->flags);
+ tty_unlock(tty);
+
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
