--- /dev/null
+From c04be18448355441a0c424362df65b6422e27bda Mon Sep 17 00:00:00 2001
+From: Lv Zheng <lv.zheng@intel.com>
+Date: Wed, 1 Jul 2015 14:43:26 +0800
+Subject: ACPICA: Tables: Fix an issue that FACS initialization is performed twice
+
+From: Lv Zheng <lv.zheng@intel.com>
+
+commit c04be18448355441a0c424362df65b6422e27bda upstream.
+
+ACPICA commit 90f5332a15e9d9ba83831ca700b2b9f708274658
+
+This patch adds a new FACS initialization flag for acpi_tb_initialize().
+acpi_enable_subsystem() might be invoked several times in OS bootup process,
+and we don't want FACS initialization to be invoked twice. Lv Zheng.
+
+Link: https://github.com/acpica/acpica/commit/90f5332a
+Signed-off-by: Lv Zheng <lv.zheng@intel.com>
+Signed-off-by: Bob Moore <robert.moore@intel.com>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/acpi/acpica/utxfinit.c | 10 ++++++----
+ include/acpi/actypes.h | 1 +
+ 2 files changed, 7 insertions(+), 4 deletions(-)
+
+--- a/drivers/acpi/acpica/utxfinit.c
++++ b/drivers/acpi/acpica/utxfinit.c
+@@ -175,10 +175,12 @@ acpi_status __init acpi_enable_subsystem
+ * Obtain a permanent mapping for the FACS. This is required for the
+ * Global Lock and the Firmware Waking Vector
+ */
+- status = acpi_tb_initialize_facs();
+- if (ACPI_FAILURE(status)) {
+- ACPI_WARNING((AE_INFO, "Could not map the FACS table"));
+- return_ACPI_STATUS(status);
++ if (!(flags & ACPI_NO_FACS_INIT)) {
++ status = acpi_tb_initialize_facs();
++ if (ACPI_FAILURE(status)) {
++ ACPI_WARNING((AE_INFO, "Could not map the FACS table"));
++ return_ACPI_STATUS(status);
++ }
+ }
+ #endif /* !ACPI_REDUCED_HARDWARE */
+
+--- a/include/acpi/actypes.h
++++ b/include/acpi/actypes.h
+@@ -561,6 +561,7 @@ typedef u64 acpi_integer;
+ #define ACPI_NO_ACPI_ENABLE 0x10
+ #define ACPI_NO_DEVICE_INIT 0x20
+ #define ACPI_NO_OBJECT_INIT 0x40
++#define ACPI_NO_FACS_INIT 0x80
+
+ /*
+ * Initialization state
--- /dev/null
+From 497b4050e0eacd4c746dd396d14916b1e669849d Mon Sep 17 00:00:00 2001
+From: Filipe Manana <fdmanana@suse.com>
+Date: Fri, 3 Jul 2015 08:36:11 +0100
+Subject: Btrfs: fix memory leak in the extent_same ioctl
+
+From: Filipe Manana <fdmanana@suse.com>
+
+commit 497b4050e0eacd4c746dd396d14916b1e669849d upstream.
+
+We were allocating memory with memdup_user() but we were never releasing
+that memory. This affected pretty much every call to the ioctl, whether
+it deduplicated extents or not.
+
+This issue was reported on IRC by Julian Taylor and on the mailing list
+by Marcel Ritter, credit goes to them for finding the issue.
+
+Reported-by: Julian Taylor <jtaylor.debian@googlemail.com>
+Reported-by: Marcel Ritter <ritter.marcel@gmail.com>
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Reviewed-by: Mark Fasheh <mfasheh@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/ioctl.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/btrfs/ioctl.c
++++ b/fs/btrfs/ioctl.c
+@@ -2743,7 +2743,7 @@ out_unlock:
+ static long btrfs_ioctl_file_extent_same(struct file *file,
+ struct btrfs_ioctl_same_args __user *argp)
+ {
+- struct btrfs_ioctl_same_args *same;
++ struct btrfs_ioctl_same_args *same = NULL;
+ struct btrfs_ioctl_same_extent_info *info;
+ struct inode *src = file_inode(file);
+ u64 off;
+@@ -2773,6 +2773,7 @@ static long btrfs_ioctl_file_extent_same
+
+ if (IS_ERR(same)) {
+ ret = PTR_ERR(same);
++ same = NULL;
+ goto out;
+ }
+
+@@ -2843,6 +2844,7 @@ static long btrfs_ioctl_file_extent_same
+
+ out:
+ mnt_drop_write_file(file);
++ kfree(same);
+ return ret;
+ }
+
--- /dev/null
+From c3f4a1685bb87e59c886ee68f7967eae07d4dffa Mon Sep 17 00:00:00 2001
+From: Filipe Manana <fdmanana@suse.com>
+Date: Sat, 13 Jun 2015 06:52:56 +0100
+Subject: Btrfs: use kmem_cache_free when freeing entry in inode cache
+
+From: Filipe Manana <fdmanana@suse.com>
+
+commit c3f4a1685bb87e59c886ee68f7967eae07d4dffa upstream.
+
+The free space entries are allocated using kmem_cache_zalloc(),
+through __btrfs_add_free_space(), therefore we should use
+kmem_cache_free() and not kfree() to avoid any confusion and
+any potential problem. Looking at the kfree() definition at
+mm/slab.c it has the following comment:
+
+ /*
+ * (...)
+ *
+ * Don't free memory not originally allocated by kmalloc()
+ * or you will run into trouble.
+ */
+
+So better be safe and use kmem_cache_free().
+
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.cz>
+Signed-off-by: Chris Mason <clm@fb.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/inode-map.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/btrfs/inode-map.c
++++ b/fs/btrfs/inode-map.c
+@@ -281,7 +281,7 @@ void btrfs_unpin_free_ino(struct btrfs_r
+ __btrfs_add_free_space(ctl, info->offset, count);
+ free:
+ rb_erase(&info->offset_index, rbroot);
+- kfree(info);
++ kmem_cache_free(btrfs_free_space_cachep, info);
+ }
+ }
+
--- /dev/null
+From 82cd003a77173c91b9acad8033fb7931dac8d751 Mon Sep 17 00:00:00 2001
+From: Ilya Dryomov <idryomov@gmail.com>
+Date: Mon, 29 Jun 2015 19:30:23 +0300
+Subject: crush: fix a bug in tree bucket decode
+
+From: Ilya Dryomov <idryomov@gmail.com>
+
+commit 82cd003a77173c91b9acad8033fb7931dac8d751 upstream.
+
+struct crush_bucket_tree::num_nodes is u8, so ceph_decode_8_safe()
+should be used. -Wconversion catches this, but I guess it went
+unnoticed in all the noise it spews. The actual problem (at least for
+common crushmaps) isn't the u32 -> u8 truncation though - it's the
+advancement by 4 bytes instead of 1 in the crushmap buffer.
+
+Fixes: http://tracker.ceph.com/issues/2759
+
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Reviewed-by: Josh Durgin <jdurgin@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ceph/osdmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ceph/osdmap.c
++++ b/net/ceph/osdmap.c
+@@ -89,7 +89,7 @@ static int crush_decode_tree_bucket(void
+ {
+ int j;
+ dout("crush_decode_tree_bucket %p to %p\n", *p, end);
+- ceph_decode_32_safe(p, end, b->num_nodes, bad);
++ ceph_decode_8_safe(p, end, b->num_nodes, bad);
+ b->node_weights = kcalloc(b->num_nodes, sizeof(u32), GFP_NOFS);
+ if (b->node_weights == NULL)
+ return -ENOMEM;
--- /dev/null
+From 0ad0b3255a08020eaf50e34ef0d6df5bdf5e09ed Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@suse.cz>
+Date: Wed, 1 Jul 2015 16:25:55 +0200
+Subject: fuse: initialize fc->release before calling it
+
+From: Miklos Szeredi <mszeredi@suse.cz>
+
+commit 0ad0b3255a08020eaf50e34ef0d6df5bdf5e09ed upstream.
+
+fc->release is called from fuse_conn_put() which was used in the error
+cleanup before fc->release was initialized.
+
+[Jeremiah Mahler <jmmahler@gmail.com>: assign fc->release after calling
+fuse_conn_init(fc) instead of before.]
+
+Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
+Fixes: a325f9b92273 ("fuse: update fuse_conn_init() and separate out fuse_conn_kill()")
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/fuse/inode.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/fuse/inode.c
++++ b/fs/fuse/inode.c
+@@ -1026,6 +1026,7 @@ static int fuse_fill_super(struct super_
+ goto err_fput;
+
+ fuse_conn_init(fc);
++ fc->release = fuse_free_conn;
+
+ fc->dev = sb->s_dev;
+ fc->sb = sb;
+@@ -1040,7 +1041,6 @@ static int fuse_fill_super(struct super_
+ fc->dont_mask = 1;
+ sb->s_flags |= MS_POSIXACL;
+
+- fc->release = fuse_free_conn;
+ fc->flags = d.flags;
+ fc->user_id = d.user_id;
+ fc->group_id = d.group_id;
dmaengine-mv_xor-bug-fix-for-racing-condition-in-descriptors-cleanup.patch
hwmon-mcp3021-fix-broken-output-scaling.patch
md-fix-a-build-warning.patch
+btrfs-use-kmem_cache_free-when-freeing-entry-in-inode-cache.patch
+btrfs-fix-memory-leak-in-the-extent_same-ioctl.patch
+fuse-initialize-fc-release-before-calling-it.patch
+crush-fix-a-bug-in-tree-bucket-decode.patch
+acpica-tables-fix-an-issue-that-facs-initialization-is-performed-twice.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
