--- /dev/null
+From b32bfc06aefab61acc872dec3222624e6cd867ed Mon Sep 17 00:00:00 2001
+From: Romain Degez <romain.degez@gmail.com>
+Date: Fri, 11 Jul 2014 18:08:13 +0200
+Subject: ahci: add support for the Promise FastTrak TX8660 SATA HBA (ahci mode)
+
+From: Romain Degez <romain.degez@gmail.com>
+
+commit b32bfc06aefab61acc872dec3222624e6cd867ed upstream.
+
+Add support of the Promise FastTrak TX8660 SATA HBA in ahci mode by
+registering the board in the ahci_pci_tbl[].
+
+Note: this HBA also provide a hardware RAID mode when activated in
+BIOS but specific drivers from the manufacturer are required in this
+case.
+
+Signed-off-by: Romain Degez <romain.degez@gmail.com>
+Tested-by: Romain Degez <romain.degez@gmail.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/ata/ahci.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/ata/ahci.c
++++ b/drivers/ata/ahci.c
+@@ -456,6 +456,7 @@ static const struct pci_device_id ahci_p
+
+ /* Promise */
+ { PCI_VDEVICE(PROMISE, 0x3f20), board_ahci }, /* PDC42819 */
++ { PCI_VDEVICE(PROMISE, 0x3781), board_ahci }, /* FastTrak TX8660 ahci-mode */
+
+ /* Asmedia */
+ { PCI_VDEVICE(ASMEDIA, 0x0601), board_ahci }, /* ASM1060 */
--- /dev/null
+From 0b462c89e31f7eb6789713437eb551833ee16ff3 Mon Sep 17 00:00:00 2001
+From: Tejun Heo <tj@kernel.org>
+Date: Sat, 5 Jul 2014 18:43:21 -0400
+Subject: blkcg: don't call into policy draining if root_blkg is already gone
+
+From: Tejun Heo <tj@kernel.org>
+
+commit 0b462c89e31f7eb6789713437eb551833ee16ff3 upstream.
+
+While a queue is being destroyed, all the blkgs are destroyed and its
+->root_blkg pointer is set to NULL. If someone else starts to drain
+while the queue is in this state, the following oops happens.
+
+ NULL pointer dereference at 0000000000000028
+ IP: [<ffffffff8144e944>] blk_throtl_drain+0x84/0x230
+ PGD e4a1067 PUD b773067 PMD 0
+ Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
+ Modules linked in: cfq_iosched(-) [last unloaded: cfq_iosched]
+ CPU: 1 PID: 537 Comm: bash Not tainted 3.16.0-rc3-work+ #2
+ Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
+ task: ffff88000e222250 ti: ffff88000efd4000 task.ti: ffff88000efd4000
+ RIP: 0010:[<ffffffff8144e944>] [<ffffffff8144e944>] blk_throtl_drain+0x84/0x230
+ RSP: 0018:ffff88000efd7bf0 EFLAGS: 00010046
+ RAX: 0000000000000000 RBX: ffff880015091450 RCX: 0000000000000001
+ RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
+ RBP: ffff88000efd7c10 R08: 0000000000000000 R09: 0000000000000001
+ R10: ffff88000e222250 R11: 0000000000000000 R12: ffff880015091450
+ R13: ffff880015092e00 R14: ffff880015091d70 R15: ffff88001508fc28
+ FS: 00007f1332650740(0000) GS:ffff88001fa80000(0000) knlGS:0000000000000000
+ CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
+ CR2: 0000000000000028 CR3: 0000000009446000 CR4: 00000000000006e0
+ Stack:
+ ffffffff8144e8f6 ffff880015091450 0000000000000000 ffff880015091d80
+ ffff88000efd7c28 ffffffff8144ae2f ffff880015091450 ffff88000efd7c58
+ ffffffff81427641 ffff880015091450 ffffffff82401f00 ffff880015091450
+ Call Trace:
+ [<ffffffff8144ae2f>] blkcg_drain_queue+0x1f/0x60
+ [<ffffffff81427641>] __blk_drain_queue+0x71/0x180
+ [<ffffffff81429b3e>] blk_queue_bypass_start+0x6e/0xb0
+ [<ffffffff814498b8>] blkcg_deactivate_policy+0x38/0x120
+ [<ffffffff8144ec44>] blk_throtl_exit+0x34/0x50
+ [<ffffffff8144aea5>] blkcg_exit_queue+0x35/0x40
+ [<ffffffff8142d476>] blk_release_queue+0x26/0xd0
+ [<ffffffff81454968>] kobject_cleanup+0x38/0x70
+ [<ffffffff81454848>] kobject_put+0x28/0x60
+ [<ffffffff81427505>] blk_put_queue+0x15/0x20
+ [<ffffffff817d07bb>] scsi_device_dev_release_usercontext+0x16b/0x1c0
+ [<ffffffff810bc339>] execute_in_process_context+0x89/0xa0
+ [<ffffffff817d064c>] scsi_device_dev_release+0x1c/0x20
+ [<ffffffff817930e2>] device_release+0x32/0xa0
+ [<ffffffff81454968>] kobject_cleanup+0x38/0x70
+ [<ffffffff81454848>] kobject_put+0x28/0x60
+ [<ffffffff817934d7>] put_device+0x17/0x20
+ [<ffffffff817d11b9>] __scsi_remove_device+0xa9/0xe0
+ [<ffffffff817d121b>] scsi_remove_device+0x2b/0x40
+ [<ffffffff817d1257>] sdev_store_delete+0x27/0x30
+ [<ffffffff81792ca8>] dev_attr_store+0x18/0x30
+ [<ffffffff8126f75e>] sysfs_kf_write+0x3e/0x50
+ [<ffffffff8126ea87>] kernfs_fop_write+0xe7/0x170
+ [<ffffffff811f5e9f>] vfs_write+0xaf/0x1d0
+ [<ffffffff811f69bd>] SyS_write+0x4d/0xc0
+ [<ffffffff81d24692>] system_call_fastpath+0x16/0x1b
+
+776687bce42b ("block, blk-mq: draining can't be skipped even if
+bypass_depth was non-zero") made it easier to trigger this bug by
+making blk_queue_bypass_start() drain even when it loses the first
+bypass test to blk_cleanup_queue(); however, the bug has always been
+there even before the commit as blk_queue_bypass_start() could race
+against queue destruction, win the initial bypass test but perform the
+actual draining after blk_cleanup_queue() already destroyed all blkgs.
+
+Fix it by skippping calling into policy draining if all the blkgs are
+already gone.
+
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Reported-by: Shirish Pargaonkar <spargaonkar@suse.com>
+Reported-by: Sasha Levin <sasha.levin@oracle.com>
+Reported-by: Jet Chen <jet.chen@intel.com>
+Tested-by: Shirish Pargaonkar <spargaonkar@suse.com>
+Signed-off-by: Jens Axboe <axboe@fb.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ block/blk-cgroup.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/block/blk-cgroup.c
++++ b/block/blk-cgroup.c
+@@ -872,6 +872,13 @@ void blkcg_drain_queue(struct request_qu
+ {
+ lockdep_assert_held(q->queue_lock);
+
++ /*
++ * @q could be exiting and already have destroyed all blkgs as
++ * indicated by NULL root_blkg. If so, don't confuse policies.
++ */
++ if (!q->root_blkg)
++ return;
++
+ blk_throtl_drain(q);
+ }
+
--- /dev/null
+From aed8adb7688d5744cb484226820163af31d2499a Mon Sep 17 00:00:00 2001
+From: Silesh C V <svellattu@mvista.com>
+Date: Wed, 23 Jul 2014 13:59:59 -0700
+Subject: coredump: fix the setting of PF_DUMPCORE
+
+From: Silesh C V <svellattu@mvista.com>
+
+commit aed8adb7688d5744cb484226820163af31d2499a upstream.
+
+Commit 079148b919d0 ("coredump: factor out the setting of PF_DUMPCORE")
+cleaned up the setting of PF_DUMPCORE by removing it from all the
+linux_binfmt->core_dump() and moving it to zap_threads().But this ended
+up clearing all the previously set flags. This causes issues during
+core generation when tsk->flags is checked again (eg. for PF_USED_MATH
+to dump floating point registers). Fix this.
+
+Signed-off-by: Silesh C V <svellattu@mvista.com>
+Acked-by: Oleg Nesterov <oleg@redhat.com>
+Cc: Mandeep Singh Baines <msb@chromium.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/coredump.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/coredump.c
++++ b/fs/coredump.c
+@@ -306,7 +306,7 @@ static int zap_threads(struct task_struc
+ if (unlikely(nr < 0))
+ return nr;
+
+- tsk->flags = PF_DUMPCORE;
++ tsk->flags |= PF_DUMPCORE;
+ if (atomic_read(&mm->mm_users) == nr + 1)
+ goto done;
+ /*
--- /dev/null
+From 295dc39d941dc2ae53d5c170365af4c9d5c16212 Mon Sep 17 00:00:00 2001
+From: Vasily Averin <vvs@parallels.com>
+Date: Mon, 21 Jul 2014 12:30:23 +0400
+Subject: fs: umount on symlink leaks mnt count
+
+From: Vasily Averin <vvs@parallels.com>
+
+commit 295dc39d941dc2ae53d5c170365af4c9d5c16212 upstream.
+
+Currently umount on symlink blocks following umount:
+
+/vz is separate mount
+
+# ls /vz/ -al | grep test
+drwxr-xr-x. 2 root root 4096 Jul 19 01:14 testdir
+lrwxrwxrwx. 1 root root 11 Jul 19 01:16 testlink -> /vz/testdir
+# umount -l /vz/testlink
+umount: /vz/testlink: not mounted (expected)
+
+# lsof /vz
+# umount /vz
+umount: /vz: device is busy. (unexpected)
+
+In this case mountpoint_last() gets an extra refcount on path->mnt
+
+Signed-off-by: Vasily Averin <vvs@openvz.org>
+Acked-by: Ian Kent <raven@themaw.net>
+Acked-by: Jeff Layton <jlayton@primarydata.com>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/namei.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -2256,9 +2256,10 @@ done:
+ goto out;
+ }
+ path->dentry = dentry;
+- path->mnt = mntget(nd->path.mnt);
++ path->mnt = nd->path.mnt;
+ if (should_follow_link(dentry, nd->flags & LOOKUP_FOLLOW))
+ return 1;
++ mntget(path->mnt);
+ follow_mount(path);
+ error = 0;
+ out:
--- /dev/null
+From d7afaec0b564f0609e116f562983b8e72fc3e9c9 Mon Sep 17 00:00:00 2001
+From: Andrew Gallagher <andrewjcg@fb.com>
+Date: Tue, 22 Jul 2014 16:37:43 +0200
+Subject: fuse: add FUSE_NO_OPEN_SUPPORT flag to INIT
+
+From: Andrew Gallagher <andrewjcg@fb.com>
+
+commit d7afaec0b564f0609e116f562983b8e72fc3e9c9 upstream.
+
+Here some additional changes to set a capability flag so that clients can
+detect when it's appropriate to return -ENOSYS from open.
+
+This amends the following commit introduced in 3.14:
+
+ 7678ac50615d fuse: support clients that don't implement 'open'
+
+However we can only add the flag to 3.15 and later since there was no
+protocol version update in 3.14.
+
+Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/fuse/inode.c | 2 +-
+ include/uapi/linux/fuse.h | 3 +++
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+--- a/fs/fuse/inode.c
++++ b/fs/fuse/inode.c
+@@ -935,7 +935,7 @@ static void fuse_send_init(struct fuse_c
+ FUSE_SPLICE_WRITE | FUSE_SPLICE_MOVE | FUSE_SPLICE_READ |
+ FUSE_FLOCK_LOCKS | FUSE_IOCTL_DIR | FUSE_AUTO_INVAL_DATA |
+ FUSE_DO_READDIRPLUS | FUSE_READDIRPLUS_AUTO | FUSE_ASYNC_DIO |
+- FUSE_WRITEBACK_CACHE;
++ FUSE_WRITEBACK_CACHE | FUSE_NO_OPEN_SUPPORT;
+ req->in.h.opcode = FUSE_INIT;
+ req->in.numargs = 1;
+ req->in.args[0].size = sizeof(*arg);
+--- a/include/uapi/linux/fuse.h
++++ b/include/uapi/linux/fuse.h
+@@ -101,6 +101,7 @@
+ * - add FATTR_CTIME
+ * - add ctime and ctimensec to fuse_setattr_in
+ * - add FUSE_RENAME2 request
++ * - add FUSE_NO_OPEN_SUPPORT flag
+ */
+
+ #ifndef _LINUX_FUSE_H
+@@ -229,6 +230,7 @@ struct fuse_file_lock {
+ * FUSE_READDIRPLUS_AUTO: adaptive readdirplus
+ * FUSE_ASYNC_DIO: asynchronous direct I/O submission
+ * FUSE_WRITEBACK_CACHE: use writeback cache for buffered writes
++ * FUSE_NO_OPEN_SUPPORT: kernel supports zero-message opens
+ */
+ #define FUSE_ASYNC_READ (1 << 0)
+ #define FUSE_POSIX_LOCKS (1 << 1)
+@@ -247,6 +249,7 @@ struct fuse_file_lock {
+ #define FUSE_READDIRPLUS_AUTO (1 << 14)
+ #define FUSE_ASYNC_DIO (1 << 15)
+ #define FUSE_WRITEBACK_CACHE (1 << 16)
++#define FUSE_NO_OPEN_SUPPORT (1 << 17)
+
+ /**
+ * CUSE INIT request/reply flags
--- /dev/null
+From a800bad36619ce47ac0222004635448e6c91ff72 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@suse.cz>
+Date: Tue, 22 Jul 2014 16:37:42 +0200
+Subject: fuse: s_time_gran fix
+
+From: Miklos Szeredi <mszeredi@suse.cz>
+
+commit a800bad36619ce47ac0222004635448e6c91ff72 upstream.
+
+Default s_time_gran is 1, don't overwrite that if userspace didn't
+explicitly specify one.
+
+Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/fuse/inode.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/fs/fuse/inode.c
++++ b/fs/fuse/inode.c
+@@ -907,9 +907,6 @@ static void process_init_reply(struct fu
+ fc->writeback_cache = 1;
+ if (arg->time_gran && arg->time_gran <= 1000000000)
+ fc->sb->s_time_gran = arg->time_gran;
+- else
+- fc->sb->s_time_gran = 1000000000;
+-
+ } else {
+ ra_pages = fc->max_read / PAGE_CACHE_SIZE;
+ fc->no_lock = 1;
--- /dev/null
+From 043572d5444116b9d9ad8ae763cf069e7accbc30 Mon Sep 17 00:00:00 2001
+From: Guenter Roeck <linux@roeck-us.net>
+Date: Fri, 18 Jul 2014 07:31:18 -0700
+Subject: hwmon: (smsc47m192) Fix temperature limit and vrm write operations
+
+From: Guenter Roeck <linux@roeck-us.net>
+
+commit 043572d5444116b9d9ad8ae763cf069e7accbc30 upstream.
+
+Temperature limit clamps are applied after converting the temperature
+from milli-degrees C to degrees C, so either the clamp limit needs
+to be specified in degrees C, not milli-degrees C, or clamping must
+happen before converting to degrees C. Use the latter method to avoid
+overflows.
+
+vrm is an u8, so the written value needs to be limited to [0, 255].
+
+Cc: Axel Lin <axel.lin@ingics.com>
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Reviewed-by: Jean Delvare <jdelvare@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hwmon/smsc47m192.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/hwmon/smsc47m192.c
++++ b/drivers/hwmon/smsc47m192.c
+@@ -86,7 +86,7 @@ static inline u8 IN_TO_REG(unsigned long
+ */
+ static inline s8 TEMP_TO_REG(int val)
+ {
+- return clamp_val(SCALE(val, 1, 1000), -128000, 127000);
++ return SCALE(clamp_val(val, -128000, 127000), 1, 1000);
+ }
+
+ static inline int TEMP_FROM_REG(s8 val)
+@@ -384,6 +384,8 @@ static ssize_t set_vrm(struct device *de
+ err = kstrtoul(buf, 10, &val);
+ if (err)
+ return err;
++ if (val > 255)
++ return -EINVAL;
+
+ data->vrm = val;
+ return count;
--- /dev/null
+From 50c5d36dab930b1f1b1e3348b8608aa8b9ee7610 Mon Sep 17 00:00:00 2001
+From: Dmitry Torokhov <dtor@chromium.org>
+Date: Sat, 19 Jul 2014 16:30:31 -0700
+Subject: Input: fix defuzzing logic
+
+From: Dmitry Torokhov <dtor@chromium.org>
+
+commit 50c5d36dab930b1f1b1e3348b8608aa8b9ee7610 upstream.
+
+We attempt to remove noise from coordinates reported by devices in
+input_handle_abs_event(), unfortunately, unless we were dropping the
+event altogether, we were ignoring the adjusted value and were passing
+on the original value instead.
+
+Reviewed-by: Andrew de los Reyes <adlr@chromium.org>
+Reviewed-by: Benson Leung <bleung@chromium.org>
+Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
+Reviewed-by: Henrik Rydberg <rydberg@euromail.se>
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/input/input.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/input/input.c
++++ b/drivers/input/input.c
+@@ -257,9 +257,10 @@ static int input_handle_abs_event(struct
+ }
+
+ static int input_get_disposition(struct input_dev *dev,
+- unsigned int type, unsigned int code, int value)
++ unsigned int type, unsigned int code, int *pval)
+ {
+ int disposition = INPUT_IGNORE_EVENT;
++ int value = *pval;
+
+ switch (type) {
+
+@@ -357,6 +358,7 @@ static int input_get_disposition(struct
+ break;
+ }
+
++ *pval = value;
+ return disposition;
+ }
+
+@@ -365,7 +367,7 @@ static void input_handle_event(struct in
+ {
+ int disposition;
+
+- disposition = input_get_disposition(dev, type, code, value);
++ disposition = input_get_disposition(dev, type, code, &value);
+
+ if ((disposition & INPUT_PASS_TO_DEVICE) && dev->event)
+ dev->event(dev, type, code, value);
--- /dev/null
+From e76aed9da7189eeb41b9856552ce5721181e8e8d Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Mon, 14 Jul 2014 17:12:21 -0700
+Subject: Input: synaptics - add min/max quirk for pnp-id LEN2002 (Edge E531)
+
+From: Hans de Goede <hdegoede@redhat.com>
+
+commit e76aed9da7189eeb41b9856552ce5721181e8e8d upstream.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1114768
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/input/mouse/synaptics.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/input/mouse/synaptics.c
++++ b/drivers/input/mouse/synaptics.c
+@@ -132,7 +132,8 @@ static const struct min_max_quirk min_ma
+ 1232, 5710, 1156, 4696
+ },
+ {
+- (const char * const []){"LEN0034", "LEN0036", "LEN2004", NULL},
++ (const char * const []){"LEN0034", "LEN0036", "LEN2002",
++ "LEN2004", NULL},
+ 1024, 5112, 2024, 4832
+ },
+ {
+@@ -168,7 +169,7 @@ static const char * const topbuttonpad_p
+ "LEN0049",
+ "LEN2000",
+ "LEN2001", /* Edge E431 */
+- "LEN2002",
++ "LEN2002", /* Edge E531 */
+ "LEN2003",
+ "LEN2004", /* L440 */
+ "LEN2005",
--- /dev/null
+From 20dbea494543aefaace874cc3ec93a39b94b1ec4 Mon Sep 17 00:00:00 2001
+From: John David Anglin <dave.anglin@bell.net>
+Date: Wed, 23 Jul 2014 19:44:12 -0400
+Subject: parisc: Remove SA_RESTORER define
+
+From: John David Anglin <dave.anglin@bell.net>
+
+commit 20dbea494543aefaace874cc3ec93a39b94b1ec4 upstream.
+
+The sa_restorer field in struct sigaction is obsolete and no longer in
+the parisc implementation. However, the core code assumes the field is
+present if SA_RESTORER is defined. So, the define needs to be removed.
+
+Signed-off-by: John David Anglin <dave.anglin@bell.net>
+Signed-off-by: Helge Deller <deller@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/parisc/include/uapi/asm/signal.h | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/arch/parisc/include/uapi/asm/signal.h
++++ b/arch/parisc/include/uapi/asm/signal.h
+@@ -69,8 +69,6 @@
+ #define SA_NOMASK SA_NODEFER
+ #define SA_ONESHOT SA_RESETHAND
+
+-#define SA_RESTORER 0x04000000 /* obsolete -- ignored */
+-
+ #define MINSIGSTKSZ 2048
+ #define SIGSTKSZ 8192
+
--- /dev/null
+From edffe1b626b39bd7121691dfdecb548431003bbb Mon Sep 17 00:00:00 2001
+From: Randy Dunlap <rdunlap@infradead.org>
+Date: Fri, 25 Jul 2014 17:07:47 -0700
+Subject: parport: fix menu breakage
+
+From: Randy Dunlap <rdunlap@infradead.org>
+
+commit edffe1b626b39bd7121691dfdecb548431003bbb upstream.
+
+Do not split the PARPORT-related symbols with the new kconfig
+symbol ARCH_MIGHT_HAVE_PC_PARPORT. The split was causing incorrect
+display of these symbols -- they were not being displayed together
+as they should be.
+
+Fixes: d90c3eb31535 "Kconfig cleanup (PARPORT_PC dependencies)"
+
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Cc: Mark Salter <msalter@redhat.com>
+Cc: Ingo Molnar <mingo@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/parport/Kconfig | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/drivers/parport/Kconfig
++++ b/drivers/parport/Kconfig
+@@ -5,6 +5,12 @@
+ # Parport configuration.
+ #
+
++config ARCH_MIGHT_HAVE_PC_PARPORT
++ bool
++ help
++ Select this config option from the architecture Kconfig if
++ the architecture might have PC parallel port hardware.
++
+ menuconfig PARPORT
+ tristate "Parallel port support"
+ depends on HAS_IOMEM
+@@ -31,12 +37,6 @@ menuconfig PARPORT
+
+ If unsure, say Y.
+
+-config ARCH_MIGHT_HAVE_PC_PARPORT
+- bool
+- help
+- Select this config option from the architecture Kconfig if
+- the architecture might have PC parallel port hardware.
+-
+ if PARPORT
+
+ config PARPORT_PC
--- /dev/null
+From 7a2deccf0ef12f7f6e33150d5875020c0c94fa94 Mon Sep 17 00:00:00 2001
+From: Maxime COQUELIN <maxime.coquelin@st.com>
+Date: Fri, 20 Jun 2014 13:34:54 +0200
+Subject: pinctrl: st: Fix irqmux handler
+
+From: Maxime COQUELIN <maxime.coquelin@st.com>
+
+commit 7a2deccf0ef12f7f6e33150d5875020c0c94fa94 upstream.
+
+st_gpio_irqmux_handler() reads the status register to find out
+which banks inside the controller have pending IRQs.
+For each banks having pending IRQs, it calls the corresponding handler.
+
+Problem is that current code restricts the number of possible banks inside the
+controller to ST_GPIO_PINS_PER_BANK. This define represents the number of pins
+inside a bank, so it shouldn't be used here.
+
+On STiH407, PIO_FRONT0 controller has 10 banks, so IRQs pending in the two
+last banks (PIO18 & PIO19) aren't handled.
+
+This patch replace ST_GPIO_PINS_PER_BANK by the number of banks inside the
+controller.
+
+Cc: Linus Walleij <linus.walleij@linaro.org>
+Acked-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Signed-off-by: Maxime Coquelin <maxime.coquelin@st.com>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pinctrl/pinctrl-st.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/pinctrl/pinctrl-st.c
++++ b/drivers/pinctrl/pinctrl-st.c
+@@ -1467,7 +1467,7 @@ static void st_gpio_irqmux_handler(unsig
+
+ status = readl(info->irqmux_base);
+
+- for_each_set_bit(n, &status, ST_GPIO_PINS_PER_BANK)
++ for_each_set_bit(n, &status, info->nbanks)
+ __gpio_irq_handler(&info->banks[n]);
+
+ chained_irq_exit(chip, desc);
--- /dev/null
+From 97a9a7179aad701ab676e6f29eb90766a1acfde2 Mon Sep 17 00:00:00 2001
+From: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
+Date: Thu, 10 Jul 2014 14:50:57 -0400
+Subject: powerpc/pseries: dynamically added OF nodes need to call of_node_init
+
+From: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
+
+commit 97a9a7179aad701ab676e6f29eb90766a1acfde2 upstream.
+
+Commit 75b57ecf9 refactored device tree nodes to use kobjects such that they
+can be exposed via /sysfs. A secondary commit 0829f6d1f furthered this rework
+by moving the kobect initialization logic out of of_node_add into its own
+of_node_init function. The inital commit removed the existing kref_init calls
+in the pseries dlpar code with the assumption kobject initialization would
+occur in of_node_add. The second commit had the side effect of triggering a
+BUG_ON during DLPAR, migration and suspend/resume operations as a result of
+dynamically added nodes being uninitialized.
+
+This patch fixes this by adding of_node_init calls in place of the previously
+removed kref_init calls.
+
+Fixes: 0829f6d1f69e ("of: device_node kobject lifecycle fixes")
+Signed-off-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
+Acked-by: Nathan Fontenot <nfont@linux.vnet.ibm.com>
+Acked-by: Grant Likely <grant.likely@linaro.org>
+Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/platforms/pseries/dlpar.c | 1 +
+ arch/powerpc/platforms/pseries/reconfig.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+--- a/arch/powerpc/platforms/pseries/dlpar.c
++++ b/arch/powerpc/platforms/pseries/dlpar.c
+@@ -86,6 +86,7 @@ static struct device_node *dlpar_parse_c
+ }
+
+ of_node_set_flag(dn, OF_DYNAMIC);
++ of_node_init(dn);
+
+ return dn;
+ }
+--- a/arch/powerpc/platforms/pseries/reconfig.c
++++ b/arch/powerpc/platforms/pseries/reconfig.c
+@@ -69,6 +69,7 @@ static int pSeries_reconfig_add_node(con
+
+ np->properties = proplist;
+ of_node_set_flag(np, OF_DYNAMIC);
++ of_node_init(np);
+
+ np->parent = derive_parent(path);
+ if (IS_ERR(np->parent)) {
libata-support-the-ata-host-which-implements-a-queue-depth-less-than-32.patch
libata-introduce-ata_host-n_tags-to-avoid-oops-on-sas-controllers.patch
s390-ptrace-fix-psw-mask-check.patch
+ahci-add-support-for-the-promise-fasttrak-tx8660-sata-hba-ahci-mode.patch
+blkcg-don-t-call-into-policy-draining-if-root_blkg-is-already-gone.patch
+tracing-fix-wraparound-problems-in-uptime-trace-clock.patch
+zram-avoid-lockdep-splat-by-revalidate_disk.patch
+powerpc-pseries-dynamically-added-of-nodes-need-to-call-of_node_init.patch
+slab_common-fix-the-check-for-duplicate-slab-names.patch
+input-synaptics-add-min-max-quirk-for-pnp-id-len2002-edge-e531.patch
+input-fix-defuzzing-logic.patch
+coredump-fix-the-setting-of-pf_dumpcore.patch
+fuse-s_time_gran-fix.patch
+fuse-add-fuse_no_open_support-flag-to-init.patch
+pinctrl-st-fix-irqmux-handler.patch
+parisc-remove-sa_restorer-define.patch
+hwmon-smsc47m192-fix-temperature-limit-and-vrm-write-operations.patch
+parport-fix-menu-breakage.patch
+fs-umount-on-symlink-leaks-mnt-count.patch
+x86_32-entry-store-badsys-error-code-in-eax.patch
--- /dev/null
+From 694617474e33b8603fc76e090ed7d09376514b1a Mon Sep 17 00:00:00 2001
+From: Mikulas Patocka <mpatocka@redhat.com>
+Date: Tue, 4 Mar 2014 17:13:47 -0500
+Subject: slab_common: fix the check for duplicate slab names
+
+From: Mikulas Patocka <mpatocka@redhat.com>
+
+commit 694617474e33b8603fc76e090ed7d09376514b1a upstream.
+
+The patch 3e374919b314f20e2a04f641ebc1093d758f66a4 is supposed to fix the
+problem where kmem_cache_create incorrectly reports duplicate cache name
+and fails. The problem is described in the header of that patch.
+
+However, the patch doesn't really fix the problem because of these
+reasons:
+
+* the logic to test for debugging is reversed. It was intended to perform
+ the check only if slub debugging is enabled (which implies that caches
+ with the same parameters are not merged). Therefore, there should be
+ #if !defined(CONFIG_SLUB) || defined(CONFIG_SLUB_DEBUG_ON)
+ The current code has the condition reversed and performs the test if
+ debugging is disabled.
+
+* slub debugging may be enabled or disabled based on kernel command line,
+ CONFIG_SLUB_DEBUG_ON is just the default settings. Therefore the test
+ based on definition of CONFIG_SLUB_DEBUG_ON is unreliable.
+
+This patch fixes the problem by removing the test
+"!defined(CONFIG_SLUB_DEBUG_ON)". Therefore, duplicate names are never
+checked if the SLUB allocator is used.
+
+Note to stable kernel maintainers: when backporint this patch, please
+backport also the patch 3e374919b314f20e2a04f641ebc1093d758f66a4.
+
+Acked-by: David Rientjes <rientjes@google.com>
+Acked-by: Christoph Lameter <cl@linux.com>
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Signed-off-by: Pekka Enberg <penberg@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/slab_common.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/slab_common.c
++++ b/mm/slab_common.c
+@@ -55,7 +55,7 @@ static int kmem_cache_sanity_check(const
+ continue;
+ }
+
+-#if !defined(CONFIG_SLUB) || !defined(CONFIG_SLUB_DEBUG_ON)
++#if !defined(CONFIG_SLUB)
+ if (!strcmp(s->name, name)) {
+ pr_err("%s (%s): Cache name already exists.\n",
+ __func__, name);
--- /dev/null
+From 58d4e21e50ff3cc57910a8abc20d7e14375d2f61 Mon Sep 17 00:00:00 2001
+From: Tony Luck <tony.luck@intel.com>
+Date: Fri, 18 Jul 2014 11:43:01 -0700
+Subject: tracing: Fix wraparound problems in "uptime" trace clock
+
+From: Tony Luck <tony.luck@intel.com>
+
+commit 58d4e21e50ff3cc57910a8abc20d7e14375d2f61 upstream.
+
+The "uptime" trace clock added in:
+
+ commit 8aacf017b065a805d27467843490c976835eb4a5
+ tracing: Add "uptime" trace clock that uses jiffies
+
+has wraparound problems when the system has been up more
+than 1 hour 11 minutes and 34 seconds. It converts jiffies
+to nanoseconds using:
+ (u64)jiffies_to_usecs(jiffy) * 1000ULL
+but since jiffies_to_usecs() only returns a 32-bit value, it
+truncates at 2^32 microseconds. An additional problem on 32-bit
+systems is that the argument is "unsigned long", so fixing the
+return value only helps until 2^32 jiffies (49.7 days on a HZ=1000
+system).
+
+Avoid these problems by using jiffies_64 as our basis, and
+not converting to nanoseconds (we do convert to clock_t because
+user facing API must not be dependent on internal kernel
+HZ values).
+
+Link: http://lkml.kernel.org/p/99d63c5bfe9b320a3b428d773825a37095bf6a51.1405708254.git.tony.luck@intel.com
+
+Fixes: 8aacf017b065 "tracing: Add "uptime" trace clock that uses jiffies"
+Signed-off-by: Tony Luck <tony.luck@intel.com>
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/trace/trace.c | 2 +-
+ kernel/trace/trace_clock.c | 9 +++++----
+ 2 files changed, 6 insertions(+), 5 deletions(-)
+
+--- a/kernel/trace/trace.c
++++ b/kernel/trace/trace.c
+@@ -823,7 +823,7 @@ static struct {
+ { trace_clock_local, "local", 1 },
+ { trace_clock_global, "global", 1 },
+ { trace_clock_counter, "counter", 0 },
+- { trace_clock_jiffies, "uptime", 1 },
++ { trace_clock_jiffies, "uptime", 0 },
+ { trace_clock, "perf", 1 },
+ ARCH_TRACE_CLOCKS
+ };
+--- a/kernel/trace/trace_clock.c
++++ b/kernel/trace/trace_clock.c
+@@ -59,13 +59,14 @@ u64 notrace trace_clock(void)
+
+ /*
+ * trace_jiffy_clock(): Simply use jiffies as a clock counter.
++ * Note that this use of jiffies_64 is not completely safe on
++ * 32-bit systems. But the window is tiny, and the effect if
++ * we are affected is that we will have an obviously bogus
++ * timestamp on a trace event - i.e. not life threatening.
+ */
+ u64 notrace trace_clock_jiffies(void)
+ {
+- u64 jiffy = jiffies - INITIAL_JIFFIES;
+-
+- /* Return nsecs */
+- return (u64)jiffies_to_usecs(jiffy) * 1000ULL;
++ return jiffies_64_to_clock_t(jiffies_64 - INITIAL_JIFFIES);
+ }
+
+ /*
--- /dev/null
+From 8142b215501f8b291a108a202b3a053a265b03dd Mon Sep 17 00:00:00 2001
+From: Sven Wegener <sven.wegener@stealer.net>
+Date: Tue, 22 Jul 2014 10:26:06 +0200
+Subject: x86_32, entry: Store badsys error code in %eax
+
+From: Sven Wegener <sven.wegener@stealer.net>
+
+commit 8142b215501f8b291a108a202b3a053a265b03dd upstream.
+
+Commit 554086d ("x86_32, entry: Do syscall exit work on badsys
+(CVE-2014-4508)") introduced a regression in the x86_32 syscall entry
+code, resulting in syscall() not returning proper errors for undefined
+syscalls on CPUs supporting the sysenter feature.
+
+The following code:
+
+> int result = syscall(666);
+> printf("result=%d errno=%d error=%s\n", result, errno, strerror(errno));
+
+results in:
+
+> result=666 errno=0 error=Success
+
+Obviously, the syscall return value is the called syscall number, but it
+should have been an ENOSYS error. When run under ptrace it behaves
+correctly, which makes it hard to debug in the wild:
+
+> result=-1 errno=38 error=Function not implemented
+
+The %eax register is the return value register. For debugging via ptrace
+the syscall entry code stores the complete register context on the
+stack. The badsys handlers only store the ENOSYS error code in the
+ptrace register set and do not set %eax like a regular syscall handler
+would. The old resume_userspace call chain contains code that clobbers
+%eax and it restores %eax from the ptrace registers afterwards. The same
+goes for the ptrace-enabled call chain. When ptrace is not used, the
+syscall return value is the passed-in syscall number from the untouched
+%eax register.
+
+Use %eax as the return value register in syscall_badsys and
+sysenter_badsys, like a real syscall handler does, and have the caller
+push the value onto the stack for ptrace access.
+
+Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
+Link: http://lkml.kernel.org/r/alpine.LNX.2.11.1407221022380.31021@titan.int.lan.stealer.net
+Reviewed-and-tested-by: Andy Lutomirski <luto@amacapital.net>
+Signed-off-by: H. Peter Anvin <hpa@zytor.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/entry_32.S | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/arch/x86/kernel/entry_32.S
++++ b/arch/x86/kernel/entry_32.S
+@@ -433,8 +433,8 @@ sysenter_do_call:
+ cmpl $(NR_syscalls), %eax
+ jae sysenter_badsys
+ call *sys_call_table(,%eax,4)
+- movl %eax,PT_EAX(%esp)
+ sysenter_after_call:
++ movl %eax,PT_EAX(%esp)
+ LOCKDEP_SYS_EXIT
+ DISABLE_INTERRUPTS(CLBR_ANY)
+ TRACE_IRQS_OFF
+@@ -514,6 +514,7 @@ ENTRY(system_call)
+ jae syscall_badsys
+ syscall_call:
+ call *sys_call_table(,%eax,4)
++syscall_after_call:
+ movl %eax,PT_EAX(%esp) # store the return value
+ syscall_exit:
+ LOCKDEP_SYS_EXIT
+@@ -683,12 +684,12 @@ syscall_fault:
+ END(syscall_fault)
+
+ syscall_badsys:
+- movl $-ENOSYS,PT_EAX(%esp)
+- jmp syscall_exit
++ movl $-ENOSYS,%eax
++ jmp syscall_after_call
+ END(syscall_badsys)
+
+ sysenter_badsys:
+- movl $-ENOSYS,PT_EAX(%esp)
++ movl $-ENOSYS,%eax
+ jmp sysenter_after_call
+ END(syscall_badsys)
+ CFI_ENDPROC
--- /dev/null
+From b4c5c60920e3b0c4598f43e7317559f6aec51531 Mon Sep 17 00:00:00 2001
+From: Minchan Kim <minchan@kernel.org>
+Date: Wed, 23 Jul 2014 14:00:04 -0700
+Subject: zram: avoid lockdep splat by revalidate_disk
+
+From: Minchan Kim <minchan@kernel.org>
+
+commit b4c5c60920e3b0c4598f43e7317559f6aec51531 upstream.
+
+Sasha reported lockdep warning [1] introduced by [2].
+
+It could be fixed by doing disk revalidation out of the init_lock. It's
+okay because disk capacity change is protected by init_lock so that
+revalidate_disk always sees up-to-date value so there is no race.
+
+[1] https://lkml.org/lkml/2014/7/3/735
+[2] zram: revalidate disk after capacity change
+
+Fixes 2e32baea46ce ("zram: revalidate disk after capacity change").
+
+Signed-off-by: Minchan Kim <minchan@kernel.org>
+Reported-by: Sasha Levin <sasha.levin@oracle.com>
+Cc: "Alexander E. Patrakov" <patrakov@gmail.com>
+Cc: Nitin Gupta <ngupta@vflare.org>
+Cc: Jerome Marchand <jmarchan@redhat.com>
+Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/block/zram/zram_drv.c | 22 ++++++++++++++++++----
+ 1 file changed, 18 insertions(+), 4 deletions(-)
+
+--- a/drivers/block/zram/zram_drv.c
++++ b/drivers/block/zram/zram_drv.c
+@@ -622,11 +622,18 @@ static void zram_reset_device(struct zra
+ memset(&zram->stats, 0, sizeof(zram->stats));
+
+ zram->disksize = 0;
+- if (reset_capacity) {
++ if (reset_capacity)
+ set_capacity(zram->disk, 0);
+- revalidate_disk(zram->disk);
+- }
++
+ up_write(&zram->init_lock);
++
++ /*
++ * Revalidate disk out of the init_lock to avoid lockdep splat.
++ * It's okay because disk's capacity is protected by init_lock
++ * so that revalidate_disk always sees up-to-date capacity.
++ */
++ if (reset_capacity)
++ revalidate_disk(zram->disk);
+ }
+
+ static ssize_t disksize_store(struct device *dev,
+@@ -666,8 +673,15 @@ static ssize_t disksize_store(struct dev
+ zram->comp = comp;
+ zram->disksize = disksize;
+ set_capacity(zram->disk, zram->disksize >> SECTOR_SHIFT);
+- revalidate_disk(zram->disk);
+ up_write(&zram->init_lock);
++
++ /*
++ * Revalidate disk out of the init_lock to avoid lockdep splat.
++ * It's okay because disk's capacity is protected by init_lock
++ * so that revalidate_disk always sees up-to-date capacity.
++ */
++ revalidate_disk(zram->disk);
++
+ return len;
+
+ out_destroy_comp:
projects / thirdparty / kernel / stable-queue.git / commitdiff
