--- /dev/null
+From e126a646f77fdd66978785cb0a3a5e46b07aee2e Mon Sep 17 00:00:00 2001
+From: Stephen Warren <swarren@nvidia.com>
+Date: Thu, 13 Feb 2014 16:54:24 -0700
+Subject: ASoC: max98090: make REVISION_ID readable
+
+From: Stephen Warren <swarren@nvidia.com>
+
+commit e126a646f77fdd66978785cb0a3a5e46b07aee2e upstream.
+
+The REVISION_ID register is not currently marked readable. snd_soc_read()
+refuses to read the register, and hence probe() fails.
+
+Fixes: d4807ad2c4c0 ("regmap: Check readable regs in _regmap_read")
+[exposed the bug, by checking for readability]
+Fixes: 685e42154dcf ("ASoC: Replace max98090 Device Driver")
+[left out this register from the readable list]
+Signed-off-by: Stephen Warren <swarren@nvidia.com>
+Signed-off-by: Mark Brown <broonie@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/codecs/max98090.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/soc/codecs/max98090.c
++++ b/sound/soc/codecs/max98090.c
+@@ -336,6 +336,7 @@ static bool max98090_readable_register(s
+ case M98090_REG_RECORD_TDM_SLOT:
+ case M98090_REG_SAMPLE_RATE:
+ case M98090_REG_DMIC34_BIQUAD_BASE ... M98090_REG_DMIC34_BIQUAD_BASE + 0x0E:
++ case M98090_REG_REVISION_ID:
+ return true;
+ default:
+ return false;
--- /dev/null
+From 117309c51dca42121f70cacec801511b76acf75c Mon Sep 17 00:00:00 2001
+From: Reyad Attiyat <reyad.attiyat@gmail.com>
+Date: Tue, 28 Jan 2014 16:17:57 +0100
+Subject: HID: microsoft: Add ID's for Surface Type/Touch Cover 2
+
+From: Reyad Attiyat <reyad.attiyat@gmail.com>
+
+commit 117309c51dca42121f70cacec801511b76acf75c upstream.
+
+The Microsoft Surface Type/Touch cover 2 devices have the flag HID_DG_CONTACTID
+in their reports.This causes the device to bind to the hid-multitouch driver,
+which doesn't handle generic keyboard/mouse input events. The patch adds
+the hardware id's of the device to hid-microsoft and to the HID special
+driver array, which makes the device get handled by hid-generic/hid-input
+properly.
+
+Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=64811
+
+Singed-off-by: Reyad Attiyat <reyad.attiyat@gmail.com>
+Reviewed-by: Benjamin Tissoires<benjamin.tissoires@redhat.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-core.c | 2 ++
+ drivers/hid/hid-ids.h | 2 ++
+ drivers/hid/hid-microsoft.c | 4 ++++
+ 3 files changed, 8 insertions(+)
+
+--- a/drivers/hid/hid-core.c
++++ b/drivers/hid/hid-core.c
+@@ -1727,6 +1727,8 @@ static const struct hid_device_id hid_ha
+ { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_PRESENTER_8K_USB) },
+ { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_DIGITAL_MEDIA_3K) },
+ { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_WIRELESS_OPTICAL_DESKTOP_3_0) },
++ { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_TYPE_COVER_2) },
++ { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_TOUCH_COVER_2) },
+ { HID_USB_DEVICE(USB_VENDOR_ID_MONTEREY, USB_DEVICE_ID_GENIUS_KB29E) },
+ { HID_USB_DEVICE(USB_VENDOR_ID_NTRIG, USB_DEVICE_ID_NTRIG_TOUCH_SCREEN) },
+ { HID_USB_DEVICE(USB_VENDOR_ID_NTRIG, USB_DEVICE_ID_NTRIG_TOUCH_SCREEN_1) },
+--- a/drivers/hid/hid-ids.h
++++ b/drivers/hid/hid-ids.h
+@@ -595,6 +595,8 @@
+ #define USB_DEVICE_ID_MS_PRESENTER_8K_USB 0x0713
+ #define USB_DEVICE_ID_MS_DIGITAL_MEDIA_3K 0x0730
+ #define USB_DEVICE_ID_MS_COMFORT_MOUSE_4500 0x076c
++#define USB_DEVICE_ID_MS_TOUCH_COVER_2 0x07a7
++#define USB_DEVICE_ID_MS_TYPE_COVER_2 0x07a9
+
+ #define USB_VENDOR_ID_MOJO 0x8282
+ #define USB_DEVICE_ID_RETRO_ADAPTER 0x3201
+--- a/drivers/hid/hid-microsoft.c
++++ b/drivers/hid/hid-microsoft.c
+@@ -207,6 +207,10 @@ static const struct hid_device_id ms_dev
+ .driver_data = MS_NOGET },
+ { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_COMFORT_MOUSE_4500),
+ .driver_data = MS_DUPLICATE_USAGES },
++ { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_TYPE_COVER_2),
++ .driver_data = 0 },
++ { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_TOUCH_COVER_2),
++ .driver_data = 0 },
+
+ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_PRESENTER_8K_BT),
+ .driver_data = MS_PRESENTER },
--- /dev/null
+From d29adb34a94715174c88ca93e8aba955850c9bde Mon Sep 17 00:00:00 2001
+From: Josh Durgin <josh.durgin@inktank.com>
+Date: Mon, 2 Dec 2013 19:11:48 -0800
+Subject: libceph: block I/O when PAUSE or FULL osd map flags are set
+
+From: Josh Durgin <josh.durgin@inktank.com>
+
+commit d29adb34a94715174c88ca93e8aba955850c9bde upstream.
+
+The PAUSEWR and PAUSERD flags are meant to stop the cluster from
+processing writes and reads, respectively. The FULL flag is set when
+the cluster determines that it is out of space, and will no longer
+process writes. PAUSEWR and PAUSERD are purely client-side settings
+already implemented in userspace clients. The osd does nothing special
+with these flags.
+
+When the FULL flag is set, however, the osd responds to all writes
+with -ENOSPC. For cephfs, this makes sense, but for rbd the block
+layer translates this into EIO. If a cluster goes from full to
+non-full quickly, a filesystem on top of rbd will not behave well,
+since some writes succeed while others get EIO.
+
+Fix this by blocking any writes when the FULL flag is set in the osd
+client. This is the same strategy used by userspace, so apply it by
+default. A follow-on patch makes this configurable.
+
+__map_request() is called to re-target osd requests in case the
+available osds changed. Add a paused field to a ceph_osd_request, and
+set it whenever an appropriate osd map flag is set. Avoid queueing
+paused requests in __map_request(), but force them to be resent if
+they become unpaused.
+
+Also subscribe to the next osd map from the monitor if any of these
+flags are set, so paused requests can be unblocked as soon as
+possible.
+
+Fixes: http://tracker.ceph.com/issues/6079
+
+Reviewed-by: Sage Weil <sage@inktank.com>
+Signed-off-by: Josh Durgin <josh.durgin@inktank.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/ceph/osd_client.h | 1 +
+ net/ceph/osd_client.c | 29 +++++++++++++++++++++++++++--
+ 2 files changed, 28 insertions(+), 2 deletions(-)
+
+--- a/include/linux/ceph/osd_client.h
++++ b/include/linux/ceph/osd_client.h
+@@ -138,6 +138,7 @@ struct ceph_osd_request {
+ __le64 *r_request_pool;
+ void *r_request_pgid;
+ __le32 *r_request_attempts;
++ bool r_paused;
+ struct ceph_eversion *r_request_reassert_version;
+
+ int r_result;
+--- a/net/ceph/osd_client.c
++++ b/net/ceph/osd_client.c
+@@ -1225,6 +1225,22 @@ void ceph_osdc_set_request_linger(struct
+ EXPORT_SYMBOL(ceph_osdc_set_request_linger);
+
+ /*
++ * Returns whether a request should be blocked from being sent
++ * based on the current osdmap and osd_client settings.
++ *
++ * Caller should hold map_sem for read.
++ */
++static bool __req_should_be_paused(struct ceph_osd_client *osdc,
++ struct ceph_osd_request *req)
++{
++ bool pauserd = ceph_osdmap_flag(osdc->osdmap, CEPH_OSDMAP_PAUSERD);
++ bool pausewr = ceph_osdmap_flag(osdc->osdmap, CEPH_OSDMAP_PAUSEWR) ||
++ ceph_osdmap_flag(osdc->osdmap, CEPH_OSDMAP_FULL);
++ return (req->r_flags & CEPH_OSD_FLAG_READ && pauserd) ||
++ (req->r_flags & CEPH_OSD_FLAG_WRITE && pausewr);
++}
++
++/*
+ * Pick an osd (the first 'up' osd in the pg), allocate the osd struct
+ * (as needed), and set the request r_osd appropriately. If there is
+ * no up osd, set r_osd to NULL. Move the request to the appropriate list
+@@ -1241,6 +1257,7 @@ static int __map_request(struct ceph_osd
+ int acting[CEPH_PG_MAX_SIZE];
+ int o = -1, num = 0;
+ int err;
++ bool was_paused;
+
+ dout("map_request %p tid %lld\n", req, req->r_tid);
+ err = ceph_calc_ceph_pg(&pgid, req->r_oid, osdc->osdmap,
+@@ -1257,12 +1274,18 @@ static int __map_request(struct ceph_osd
+ num = err;
+ }
+
++ was_paused = req->r_paused;
++ req->r_paused = __req_should_be_paused(osdc, req);
++ if (was_paused && !req->r_paused)
++ force_resend = 1;
++
+ if ((!force_resend &&
+ req->r_osd && req->r_osd->o_osd == o &&
+ req->r_sent >= req->r_osd->o_incarnation &&
+ req->r_num_pg_osds == num &&
+ memcmp(req->r_pg_osds, acting, sizeof(acting[0])*num) == 0) ||
+- (req->r_osd == NULL && o == -1))
++ (req->r_osd == NULL && o == -1) ||
++ req->r_paused)
+ return 0; /* no change */
+
+ dout("map_request tid %llu pgid %lld.%x osd%d (was osd%d)\n",
+@@ -1797,7 +1820,9 @@ done:
+ * we find out when we are no longer full and stop returning
+ * ENOSPC.
+ */
+- if (ceph_osdmap_flag(osdc->osdmap, CEPH_OSDMAP_FULL))
++ if (ceph_osdmap_flag(osdc->osdmap, CEPH_OSDMAP_FULL) ||
++ ceph_osdmap_flag(osdc->osdmap, CEPH_OSDMAP_PAUSERD) ||
++ ceph_osdmap_flag(osdc->osdmap, CEPH_OSDMAP_PAUSEWR))
+ ceph_monc_request_next_osdmap(&osdc->client->monc);
+
+ mutex_lock(&osdc->request_mutex);
--- /dev/null
+From 9a1ea2dbff11547a8e664f143c1ffefc586a577a Mon Sep 17 00:00:00 2001
+From: Josh Durgin <josh.durgin@inktank.com>
+Date: Tue, 10 Dec 2013 09:35:13 -0800
+Subject: libceph: resend all writes after the osdmap loses the full flag
+
+From: Josh Durgin <josh.durgin@inktank.com>
+
+commit 9a1ea2dbff11547a8e664f143c1ffefc586a577a upstream.
+
+With the current full handling, there is a race between osds and
+clients getting the first map marked full. If the osd wins, it will
+return -ENOSPC to any writes, but the client may already have writes
+in flight. This results in the client getting the error and
+propagating it up the stack. For rbd, the block layer turns this into
+EIO, which can cause corruption in filesystems above it.
+
+To avoid this race, osds are being changed to drop writes that came
+from clients with an osdmap older than the last osdmap marked full.
+In order for this to work, clients must resend all writes after they
+encounter a full -> not full transition in the osdmap. osds will wait
+for an updated map instead of processing a request from a client with
+a newer map, so resent writes will not be dropped by the osd unless
+there is another not full -> full transition.
+
+This approach requires both osds and clients to be fixed to avoid the
+race. Old clients talking to osds with this fix may hang instead of
+returning EIO and potentially corrupting an fs. New clients talking to
+old osds have the same behavior as before if they encounter this race.
+
+Fixes: http://tracker.ceph.com/issues/6938
+
+Reviewed-by: Sage Weil <sage@inktank.com>
+Signed-off-by: Josh Durgin <josh.durgin@inktank.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ceph/osd_client.c | 28 ++++++++++++++++++++++------
+ 1 file changed, 22 insertions(+), 6 deletions(-)
+
+--- a/net/ceph/osd_client.c
++++ b/net/ceph/osd_client.c
+@@ -1629,14 +1629,17 @@ static void reset_changed_osds(struct ce
+ *
+ * Caller should hold map_sem for read.
+ */
+-static void kick_requests(struct ceph_osd_client *osdc, int force_resend)
++static void kick_requests(struct ceph_osd_client *osdc, bool force_resend,
++ bool force_resend_writes)
+ {
+ struct ceph_osd_request *req, *nreq;
+ struct rb_node *p;
+ int needmap = 0;
+ int err;
++ bool force_resend_req;
+
+- dout("kick_requests %s\n", force_resend ? " (force resend)" : "");
++ dout("kick_requests %s %s\n", force_resend ? " (force resend)" : "",
++ force_resend_writes ? " (force resend writes)" : "");
+ mutex_lock(&osdc->request_mutex);
+ for (p = rb_first(&osdc->requests); p; ) {
+ req = rb_entry(p, struct ceph_osd_request, r_node);
+@@ -1661,7 +1664,10 @@ static void kick_requests(struct ceph_os
+ continue;
+ }
+
+- err = __map_request(osdc, req, force_resend);
++ force_resend_req = force_resend ||
++ (force_resend_writes &&
++ req->r_flags & CEPH_OSD_FLAG_WRITE);
++ err = __map_request(osdc, req, force_resend_req);
+ if (err < 0)
+ continue; /* error */
+ if (req->r_osd == NULL) {
+@@ -1681,7 +1687,8 @@ static void kick_requests(struct ceph_os
+ r_linger_item) {
+ dout("linger req=%p req->r_osd=%p\n", req, req->r_osd);
+
+- err = __map_request(osdc, req, force_resend);
++ err = __map_request(osdc, req,
++ force_resend || force_resend_writes);
+ dout("__map_request returned %d\n", err);
+ if (err == 0)
+ continue; /* no change and no osd was specified */
+@@ -1723,6 +1730,7 @@ void ceph_osdc_handle_map(struct ceph_os
+ struct ceph_osdmap *newmap = NULL, *oldmap;
+ int err;
+ struct ceph_fsid fsid;
++ bool was_full;
+
+ dout("handle_map have %u\n", osdc->osdmap ? osdc->osdmap->epoch : 0);
+ p = msg->front.iov_base;
+@@ -1736,6 +1744,8 @@ void ceph_osdc_handle_map(struct ceph_os
+
+ down_write(&osdc->map_sem);
+
++ was_full = ceph_osdmap_flag(osdc->osdmap, CEPH_OSDMAP_FULL);
++
+ /* incremental maps */
+ ceph_decode_32_safe(&p, end, nr_maps, bad);
+ dout(" %d inc maps\n", nr_maps);
+@@ -1760,7 +1770,10 @@ void ceph_osdc_handle_map(struct ceph_os
+ ceph_osdmap_destroy(osdc->osdmap);
+ osdc->osdmap = newmap;
+ }
+- kick_requests(osdc, 0);
++ was_full = was_full ||
++ ceph_osdmap_flag(osdc->osdmap,
++ CEPH_OSDMAP_FULL);
++ kick_requests(osdc, 0, was_full);
+ } else {
+ dout("ignoring incremental map %u len %d\n",
+ epoch, maplen);
+@@ -1803,7 +1816,10 @@ void ceph_osdc_handle_map(struct ceph_os
+ skipped_map = 1;
+ ceph_osdmap_destroy(oldmap);
+ }
+- kick_requests(osdc, skipped_map);
++ was_full = was_full ||
++ ceph_osdmap_flag(osdc->osdmap,
++ CEPH_OSDMAP_FULL);
++ kick_requests(osdc, skipped_map, was_full);
+ }
+ p += maplen;
+ nr_maps--;
--- /dev/null
+From e351bf25fa373a3de0be2141b962c5c3c27006a2 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Fri, 22 Nov 2013 04:51:47 -0300
+Subject: media: cx18: check for allocation failure in cx18_read_eeprom()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit e351bf25fa373a3de0be2141b962c5c3c27006a2 upstream.
+
+It upsets static checkers when we don't check for allocation failure. I
+moved the memset() of "tv" earlier so we don't use uninitialized data on
+error.
+Fixes: 1d212cf0c2d8 ('[media] cx18: struct i2c_client is too big for stack')
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Andy Walls <awalls@md.metrocast.net>
+Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/pci/cx18/cx18-driver.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/media/pci/cx18/cx18-driver.c
++++ b/drivers/media/pci/cx18/cx18-driver.c
+@@ -327,13 +327,16 @@ void cx18_read_eeprom(struct cx18 *cx, s
+ struct i2c_client *c;
+ u8 eedata[256];
+
++ memset(tv, 0, sizeof(*tv));
++
+ c = kzalloc(sizeof(*c), GFP_KERNEL);
++ if (!c)
++ return;
+
+ strlcpy(c->name, "cx18 tveeprom tmp", sizeof(c->name));
+ c->adapter = &cx->i2c_adap[0];
+ c->addr = 0xa0 >> 1;
+
+- memset(tv, 0, sizeof(*tv));
+ if (tveeprom_read(c, eedata, sizeof(eedata)))
+ goto ret;
+
--- /dev/null
+From 1cdbcc5db4e6d51ce9bb1313195167cada9aa6e9 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Fri, 22 Nov 2013 04:55:43 -0300
+Subject: media: cxusb: unlock on error in cxusb_i2c_xfer()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 1cdbcc5db4e6d51ce9bb1313195167cada9aa6e9 upstream.
+
+We recently introduced some new error paths which are missing their
+unlocks.
+Fixes: 64f7ef8afbf8 ('[media] cxusb: Don't use dynamic static allocation')
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/usb/dvb-usb/cxusb.c | 21 ++++++++++++++++-----
+ 1 file changed, 16 insertions(+), 5 deletions(-)
+
+--- a/drivers/media/usb/dvb-usb/cxusb.c
++++ b/drivers/media/usb/dvb-usb/cxusb.c
+@@ -149,6 +149,7 @@ static int cxusb_i2c_xfer(struct i2c_ada
+ int num)
+ {
+ struct dvb_usb_device *d = i2c_get_adapdata(adap);
++ int ret;
+ int i;
+
+ if (mutex_lock_interruptible(&d->i2c_mutex) < 0)
+@@ -173,7 +174,8 @@ static int cxusb_i2c_xfer(struct i2c_ada
+ if (1 + msg[i].len > sizeof(ibuf)) {
+ warn("i2c rd: len=%d is too big!\n",
+ msg[i].len);
+- return -EOPNOTSUPP;
++ ret = -EOPNOTSUPP;
++ goto unlock;
+ }
+ obuf[0] = 0;
+ obuf[1] = msg[i].len;
+@@ -193,12 +195,14 @@ static int cxusb_i2c_xfer(struct i2c_ada
+ if (3 + msg[i].len > sizeof(obuf)) {
+ warn("i2c wr: len=%d is too big!\n",
+ msg[i].len);
+- return -EOPNOTSUPP;
++ ret = -EOPNOTSUPP;
++ goto unlock;
+ }
+ if (1 + msg[i + 1].len > sizeof(ibuf)) {
+ warn("i2c rd: len=%d is too big!\n",
+ msg[i + 1].len);
+- return -EOPNOTSUPP;
++ ret = -EOPNOTSUPP;
++ goto unlock;
+ }
+ obuf[0] = msg[i].len;
+ obuf[1] = msg[i+1].len;
+@@ -223,7 +227,8 @@ static int cxusb_i2c_xfer(struct i2c_ada
+ if (2 + msg[i].len > sizeof(obuf)) {
+ warn("i2c wr: len=%d is too big!\n",
+ msg[i].len);
+- return -EOPNOTSUPP;
++ ret = -EOPNOTSUPP;
++ goto unlock;
+ }
+ obuf[0] = msg[i].addr;
+ obuf[1] = msg[i].len;
+@@ -237,8 +242,14 @@ static int cxusb_i2c_xfer(struct i2c_ada
+ }
+ }
+
++ if (i == num)
++ ret = num;
++ else
++ ret = -EREMOTEIO;
++
++unlock:
+ mutex_unlock(&d->i2c_mutex);
+- return i == num ? num : -EREMOTEIO;
++ return ret;
+ }
+
+ static u32 cxusb_i2c_func(struct i2c_adapter *adapter)
--- /dev/null
+From 324ed533bf0b23c309b805272c4ffcc5d51493a6 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Fri, 22 Nov 2013 04:56:33 -0300
+Subject: media: dw2102: some missing unlocks on error
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 324ed533bf0b23c309b805272c4ffcc5d51493a6 upstream.
+
+We recently introduced some new error paths but the unlocks are missing.
+Fixes: 0065a79a8698 ('[media] dw2102: Don't use dynamic static allocation')
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/usb/dvb-usb/dw2102.c | 52 +++++++++++++++++++++++++------------
+ 1 file changed, 36 insertions(+), 16 deletions(-)
+
+--- a/drivers/media/usb/dvb-usb/dw2102.c
++++ b/drivers/media/usb/dvb-usb/dw2102.c
+@@ -301,6 +301,7 @@ static int dw2102_serit_i2c_transfer(str
+ static int dw2102_earda_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[], int num)
+ {
+ struct dvb_usb_device *d = i2c_get_adapdata(adap);
++ int ret;
+
+ if (!d)
+ return -ENODEV;
+@@ -316,7 +317,8 @@ static int dw2102_earda_i2c_transfer(str
+ if (2 + msg[1].len > sizeof(ibuf)) {
+ warn("i2c rd: len=%d is too big!\n",
+ msg[1].len);
+- return -EOPNOTSUPP;
++ ret = -EOPNOTSUPP;
++ goto unlock;
+ }
+
+ obuf[0] = msg[0].addr << 1;
+@@ -340,7 +342,8 @@ static int dw2102_earda_i2c_transfer(str
+ if (2 + msg[0].len > sizeof(obuf)) {
+ warn("i2c wr: len=%d is too big!\n",
+ msg[1].len);
+- return -EOPNOTSUPP;
++ ret = -EOPNOTSUPP;
++ goto unlock;
+ }
+
+ obuf[0] = msg[0].addr << 1;
+@@ -357,7 +360,8 @@ static int dw2102_earda_i2c_transfer(str
+ if (2 + msg[0].len > sizeof(obuf)) {
+ warn("i2c wr: len=%d is too big!\n",
+ msg[1].len);
+- return -EOPNOTSUPP;
++ ret = -EOPNOTSUPP;
++ goto unlock;
+ }
+
+ obuf[0] = msg[0].addr << 1;
+@@ -386,15 +390,17 @@ static int dw2102_earda_i2c_transfer(str
+
+ break;
+ }
++ ret = num;
+
++unlock:
+ mutex_unlock(&d->i2c_mutex);
+- return num;
++ return ret;
+ }
+
+ static int dw2104_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[], int num)
+ {
+ struct dvb_usb_device *d = i2c_get_adapdata(adap);
+- int len, i, j;
++ int len, i, j, ret;
+
+ if (!d)
+ return -ENODEV;
+@@ -430,7 +436,8 @@ static int dw2104_i2c_transfer(struct i2
+ if (2 + msg[j].len > sizeof(ibuf)) {
+ warn("i2c rd: len=%d is too big!\n",
+ msg[j].len);
+- return -EOPNOTSUPP;
++ ret = -EOPNOTSUPP;
++ goto unlock;
+ }
+
+ dw210x_op_rw(d->udev, 0xc3,
+@@ -466,7 +473,8 @@ static int dw2104_i2c_transfer(struct i2
+ if (2 + msg[j].len > sizeof(obuf)) {
+ warn("i2c wr: len=%d is too big!\n",
+ msg[j].len);
+- return -EOPNOTSUPP;
++ ret = -EOPNOTSUPP;
++ goto unlock;
+ }
+
+ obuf[0] = msg[j].addr << 1;
+@@ -481,15 +489,18 @@ static int dw2104_i2c_transfer(struct i2
+ }
+
+ }
++ ret = num;
+
++unlock:
+ mutex_unlock(&d->i2c_mutex);
+- return num;
++ return ret;
+ }
+
+ static int dw3101_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[],
+ int num)
+ {
+ struct dvb_usb_device *d = i2c_get_adapdata(adap);
++ int ret;
+ int i;
+
+ if (!d)
+@@ -506,7 +517,8 @@ static int dw3101_i2c_transfer(struct i2
+ if (2 + msg[1].len > sizeof(ibuf)) {
+ warn("i2c rd: len=%d is too big!\n",
+ msg[1].len);
+- return -EOPNOTSUPP;
++ ret = -EOPNOTSUPP;
++ goto unlock;
+ }
+ obuf[0] = msg[0].addr << 1;
+ obuf[1] = msg[0].len;
+@@ -530,7 +542,8 @@ static int dw3101_i2c_transfer(struct i2
+ if (2 + msg[0].len > sizeof(obuf)) {
+ warn("i2c wr: len=%d is too big!\n",
+ msg[0].len);
+- return -EOPNOTSUPP;
++ ret = -EOPNOTSUPP;
++ goto unlock;
+ }
+ obuf[0] = msg[0].addr << 1;
+ obuf[1] = msg[0].len;
+@@ -556,9 +569,11 @@ static int dw3101_i2c_transfer(struct i2
+ msg[i].flags == 0 ? ">>>" : "<<<");
+ debug_dump(msg[i].buf, msg[i].len, deb_xfer);
+ }
++ ret = num;
+
++unlock:
+ mutex_unlock(&d->i2c_mutex);
+- return num;
++ return ret;
+ }
+
+ static int s6x0_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[],
+@@ -566,7 +581,7 @@ static int s6x0_i2c_transfer(struct i2c_
+ {
+ struct dvb_usb_device *d = i2c_get_adapdata(adap);
+ struct usb_device *udev;
+- int len, i, j;
++ int len, i, j, ret;
+
+ if (!d)
+ return -ENODEV;
+@@ -618,7 +633,8 @@ static int s6x0_i2c_transfer(struct i2c_
+ if (msg[j].len > sizeof(ibuf)) {
+ warn("i2c rd: len=%d is too big!\n",
+ msg[j].len);
+- return -EOPNOTSUPP;
++ ret = -EOPNOTSUPP;
++ goto unlock;
+ }
+
+ dw210x_op_rw(d->udev, 0x91, 0, 0,
+@@ -652,7 +668,8 @@ static int s6x0_i2c_transfer(struct i2c_
+ if (2 + msg[j].len > sizeof(obuf)) {
+ warn("i2c wr: len=%d is too big!\n",
+ msg[j].len);
+- return -EOPNOTSUPP;
++ ret = -EOPNOTSUPP;
++ goto unlock;
+ }
+
+ obuf[0] = msg[j + 1].len;
+@@ -671,7 +688,8 @@ static int s6x0_i2c_transfer(struct i2c_
+ if (2 + msg[j].len > sizeof(obuf)) {
+ warn("i2c wr: len=%d is too big!\n",
+ msg[j].len);
+- return -EOPNOTSUPP;
++ ret = -EOPNOTSUPP;
++ goto unlock;
+ }
+ obuf[0] = msg[j].len + 1;
+ obuf[1] = (msg[j].addr << 1);
+@@ -685,9 +703,11 @@ static int s6x0_i2c_transfer(struct i2c_
+ }
+ }
+ }
++ ret = num;
+
++unlock:
+ mutex_unlock(&d->i2c_mutex);
+- return num;
++ return ret;
+ }
+
+ static int su3000_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[],
alsa-compress-pass-through-return-value-of-open-ops-callback.patch
+tracing-fix-array-size-mismatch-in-format-string.patch
+hid-microsoft-add-id-s-for-surface-type-touch-cover-2.patch
+media-cxusb-unlock-on-error-in-cxusb_i2c_xfer.patch
+media-dw2102-some-missing-unlocks-on-error.patch
+media-cx18-check-for-allocation-failure-in-cx18_read_eeprom.patch
+libceph-block-i-o-when-pause-or-full-osd-map-flags-are-set.patch
+libceph-resend-all-writes-after-the-osdmap-loses-the-full-flag.patch
+asoc-max98090-make-revision_id-readable.patch
--- /dev/null
+From 87291347c49dc40aa339f587b209618201c2e527 Mon Sep 17 00:00:00 2001
+From: Vaibhav Nagarnaik <vnagarnaik@google.com>
+Date: Thu, 13 Feb 2014 19:51:48 -0800
+Subject: tracing: Fix array size mismatch in format string
+
+From: Vaibhav Nagarnaik <vnagarnaik@google.com>
+
+commit 87291347c49dc40aa339f587b209618201c2e527 upstream.
+
+In event format strings, the array size is reported in two locations.
+One in array subscript and then via the "size:" attribute. The values
+reported there have a mismatch.
+
+For e.g., in sched:sched_switch the prev_comm and next_comm character
+arrays have subscript values as [32] where as the actual field size is
+16.
+
+name: sched_switch
+ID: 301
+format:
+ field:unsigned short common_type; offset:0; size:2; signed:0;
+ field:unsigned char common_flags; offset:2; size:1; signed:0;
+ field:unsigned char common_preempt_count; offset:3; size:1;signed:0;
+ field:int common_pid; offset:4; size:4; signed:1;
+
+ field:char prev_comm[32]; offset:8; size:16; signed:1;
+ field:pid_t prev_pid; offset:24; size:4; signed:1;
+ field:int prev_prio; offset:28; size:4; signed:1;
+ field:long prev_state; offset:32; size:8; signed:1;
+ field:char next_comm[32]; offset:40; size:16; signed:1;
+ field:pid_t next_pid; offset:56; size:4; signed:1;
+ field:int next_prio; offset:60; size:4; signed:1;
+
+After bisection, the following commit was blamed:
+92edca0 tracing: Use direct field, type and system names
+
+This commit removes the duplication of strings for field->name and
+field->type assuming that all the strings passed in
+__trace_define_field() are immutable. This is not true for arrays, where
+the type string is created in event_storage variable and field->type for
+all array fields points to event_storage.
+
+Use __stringify() to create a string constant for the type string.
+
+Also, get rid of event_storage and event_storage_mutex that are not
+needed anymore.
+
+also, an added benefit is that this reduces the overhead of events a bit more:
+
+ text data bss dec hex filename
+8424787 2036472 1302528 11763787 b3804b vmlinux
+8420814 2036408 1302528 11759750 b37086 vmlinux.patched
+
+Link: http://lkml.kernel.org/r/1392349908-29685-1-git-send-email-vnagarnaik@google.com
+
+Cc: Laurent Chavey <chavey@google.com>
+Signed-off-by: Vaibhav Nagarnaik <vnagarnaik@google.com>
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/ftrace_event.h | 4 ----
+ include/trace/ftrace.h | 7 ++-----
+ kernel/trace/trace_events.c | 6 ------
+ kernel/trace/trace_export.c | 7 ++-----
+ 4 files changed, 4 insertions(+), 20 deletions(-)
+
+--- a/include/linux/ftrace_event.h
++++ b/include/linux/ftrace_event.h
+@@ -325,10 +325,6 @@ enum {
+ FILTER_TRACE_FN,
+ };
+
+-#define EVENT_STORAGE_SIZE 128
+-extern struct mutex event_storage_mutex;
+-extern char event_storage[EVENT_STORAGE_SIZE];
+-
+ extern int trace_event_raw_init(struct ftrace_event_call *call);
+ extern int trace_define_field(struct ftrace_event_call *call, const char *type,
+ const char *name, int offset, int size,
+--- a/include/trace/ftrace.h
++++ b/include/trace/ftrace.h
+@@ -299,15 +299,12 @@ static struct trace_event_functions ftra
+ #undef __array
+ #define __array(type, item, len) \
+ do { \
+- mutex_lock(&event_storage_mutex); \
++ char *type_str = #type"["__stringify(len)"]"; \
+ BUILD_BUG_ON(len > MAX_FILTER_STR_VAL); \
+- snprintf(event_storage, sizeof(event_storage), \
+- "%s[%d]", #type, len); \
+- ret = trace_define_field(event_call, event_storage, #item, \
++ ret = trace_define_field(event_call, type_str, #item, \
+ offsetof(typeof(field), item), \
+ sizeof(field.item), \
+ is_signed_type(type), FILTER_OTHER); \
+- mutex_unlock(&event_storage_mutex); \
+ if (ret) \
+ return ret; \
+ } while (0);
+--- a/kernel/trace/trace_events.c
++++ b/kernel/trace/trace_events.c
+@@ -27,12 +27,6 @@
+
+ DEFINE_MUTEX(event_mutex);
+
+-DEFINE_MUTEX(event_storage_mutex);
+-EXPORT_SYMBOL_GPL(event_storage_mutex);
+-
+-char event_storage[EVENT_STORAGE_SIZE];
+-EXPORT_SYMBOL_GPL(event_storage);
+-
+ LIST_HEAD(ftrace_events);
+ static LIST_HEAD(ftrace_common_fields);
+
+--- a/kernel/trace/trace_export.c
++++ b/kernel/trace/trace_export.c
+@@ -95,15 +95,12 @@ static void __always_unused ____ftrace_c
+ #undef __array
+ #define __array(type, item, len) \
+ do { \
++ char *type_str = #type"["__stringify(len)"]"; \
+ BUILD_BUG_ON(len > MAX_FILTER_STR_VAL); \
+- mutex_lock(&event_storage_mutex); \
+- snprintf(event_storage, sizeof(event_storage), \
+- "%s[%d]", #type, len); \
+- ret = trace_define_field(event_call, event_storage, #item, \
++ ret = trace_define_field(event_call, type_str, #item, \
+ offsetof(typeof(field), item), \
+ sizeof(field.item), \
+ is_signed_type(type), filter_type); \
+- mutex_unlock(&event_storage_mutex); \
+ if (ret) \
+ return ret; \
+ } while (0);
projects / thirdparty / kernel / stable-queue.git / commitdiff
