--- /dev/null
+From 80007efeff0568375b08faf93c7aad65602cb97e Mon Sep 17 00:00:00 2001
+From: "Luis R. Rodriguez" <mcgrof@frijolero.org>
+Date: Fri, 23 Mar 2012 07:23:31 -0700
+Subject: cfg80211: warn if db.txt is empty with CONFIG_CFG80211_INTERNAL_REGDB
+
+From: "Luis R. Rodriguez" <mcgrof@frijolero.org>
+
+commit 80007efeff0568375b08faf93c7aad65602cb97e upstream.
+
+It has happened twice now where elaborate troubleshooting has
+undergone on systems where CONFIG_CFG80211_INTERNAL_REGDB [0]
+has been set but yet net/wireless/db.txt was not updated.
+
+Despite the documentation on this it seems system integrators could
+use some more help with this, so throw out a kernel warning at boot time
+when their database is empty.
+
+This does mean that the error-prone system integrator won't likely
+realize the issue until they boot the machine but -- it does not seem
+to make sense to enable a build bug breaking random build testing.
+
+[0] http://wireless.kernel.org/en/developers/Regulatory/CRDA#CONFIG_CFG80211_INTERNAL_REGDB
+
+Cc: Stephen Rothwell <sfr@canb.auug.org.au>
+Cc: Youngsin Lee <youngsin@qualcomm.com>
+Cc: Raja Mani <rmani@qca.qualcomm.com>
+Cc: Senthil Kumar Balasubramanian <senthilb@qca.qualcomm.com>
+Cc: Vipin Mehta <vipimeht@qca.qualcomm.com>
+Cc: yahuan@qca.qualcomm.com
+Cc: jjan@qca.qualcomm.com
+Cc: vthiagar@qca.qualcomm.com
+Cc: henrykim@qualcomm.com
+Cc: jouni@qca.qualcomm.com
+Cc: athiruve@qca.qualcomm.com
+Cc: cjkim@qualcomm.com
+Cc: philipk@qca.qualcomm.com
+Cc: sunnykim@qualcomm.com
+Cc: sskwak@qualcomm.com
+Cc: kkim@qualcomm.com
+Cc: mattbyun@qualcomm.com
+Cc: ryanlee@qualcomm.com
+Cc: simbap@qualcomm.com
+Cc: krislee@qualcomm.com
+Cc: conner@qualcomm.com
+Cc: hojinkim@qualcomm.com
+Cc: honglee@qualcomm.com
+Cc: johnwkim@qualcomm.com
+Cc: jinyong@qca.qualcomm.com
+Signed-off-by: Luis R. Rodriguez <mcgrof@frijolero.org>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/reg.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/net/wireless/reg.c
++++ b/net/wireless/reg.c
+@@ -388,7 +388,15 @@ static void reg_regdb_query(const char *
+
+ schedule_work(®_regdb_work);
+ }
++
++/* Feel free to add any other sanity checks here */
++static void reg_regdb_size_check(void)
++{
++ /* We should ideally BUILD_BUG_ON() but then random builds would fail */
++ WARN_ONCE(!reg_regdb_size, "db.txt is empty, you should update it...");
++}
+ #else
++static inline void reg_regdb_size_check(void) {}
+ static inline void reg_regdb_query(const char *alpha2) {}
+ #endif /* CONFIG_CFG80211_INTERNAL_REGDB */
+
+@@ -2337,6 +2345,8 @@ int __init regulatory_init(void)
+ spin_lock_init(®_requests_lock);
+ spin_lock_init(®_pending_beacons_lock);
+
++ reg_regdb_size_check();
++
+ cfg80211_regdomain = cfg80211_world_regdom;
+
+ user_alpha2[0] = '9';
--- /dev/null
+From abae41e6438b798e046d721b6ccdd55b4a398170 Mon Sep 17 00:00:00 2001
+From: Julia Lawall <Julia.Lawall@lip6.fr>
+Date: Sun, 22 Apr 2012 13:37:09 +0200
+Subject: drivers/staging/comedi/comedi_fops.c: add missing vfree
+
+From: Julia Lawall <Julia.Lawall@lip6.fr>
+
+commit abae41e6438b798e046d721b6ccdd55b4a398170 upstream.
+
+aux_free is freed on all other exits from the function. By removing the
+return, we can benefit from the vfree already at the end of the function.
+
+Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/comedi/comedi_fops.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/staging/comedi/comedi_fops.c
++++ b/drivers/staging/comedi/comedi_fops.c
+@@ -280,7 +280,7 @@ static int do_devconfig_ioctl(struct com
+ if (ret == 0) {
+ if (!try_module_get(dev->driver->module)) {
+ comedi_device_detach(dev);
+- return -ENOSYS;
++ ret = -ENOSYS;
+ }
+ }
+
--- /dev/null
+From 31a67102f4762df5544bc2dfb34a931233d2a5b2 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Mon, 21 May 2012 12:52:42 -0700
+Subject: Fix blocking allocations called very early during bootup
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit 31a67102f4762df5544bc2dfb34a931233d2a5b2 upstream.
+
+During early boot, when the scheduler hasn't really been fully set up,
+we really can't do blocking allocations because with certain (dubious)
+configurations the "might_resched()" calls can actually result in
+scheduling events.
+
+We could just make such users always use GFP_ATOMIC, but quite often the
+code that does the allocation isn't really aware of the fact that the
+scheduler isn't up yet, and forcing that kind of random knowledge on the
+initialization code is just annoying and not good for anybody.
+
+And we actually have a the 'gfp_allowed_mask' exactly for this reason:
+it's just that the kernel init sequence happens to set it to allow
+blocking allocations much too early.
+
+So move the 'gfp_allowed_mask' initialization from 'start_kernel()'
+(which is some of the earliest init code, and runs with preemption
+disabled for good reasons) into 'kernel_init()'. kernel_init() is run
+in the newly created thread that will become the 'init' process, as
+opposed to the early startup code that runs within the context of what
+will be the first idle thread.
+
+So by the time we reach 'kernel_init()', we know that the scheduler must
+be at least limping along, because we've already scheduled from the idle
+thread into the init thread.
+
+Reported-by: Steven Rostedt <rostedt@goodmis.org>
+Cc: David Rientjes <rientjes@google.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ init/main.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/init/main.c
++++ b/init/main.c
+@@ -558,9 +558,6 @@ asmlinkage void __init start_kernel(void
+ early_boot_irqs_disabled = false;
+ local_irq_enable();
+
+- /* Interrupts are enabled now so all GFP allocations are safe. */
+- gfp_allowed_mask = __GFP_BITS_MASK;
+-
+ kmem_cache_init_late();
+
+ /*
+@@ -792,6 +789,10 @@ static int __init kernel_init(void * unu
+ * Wait until kthreadd is all set-up.
+ */
+ wait_for_completion(&kthreadd_done);
++
++ /* Now the scheduler is fully set up and can do blocking allocations */
++ gfp_allowed_mask = __GFP_BITS_MASK;
++
+ /*
+ * init can allocate pages on any node
+ */
--- /dev/null
+From c4870eb874ac16dccef40e1bc7a002c7e9156adc Mon Sep 17 00:00:00 2001
+From: Yishai Hadas <yishaih@mellanox.com>
+Date: Thu, 10 May 2012 23:28:05 +0300
+Subject: IB/core: Fix mismatch between locked and pinned pages
+
+From: Yishai Hadas <yishaih@mellanox.com>
+
+commit c4870eb874ac16dccef40e1bc7a002c7e9156adc upstream.
+
+Commit bc3e53f682d9 ("mm: distinguish between mlocked and pinned
+pages") introduced a separate counter for pinned pages and used it in
+the IB stack. However, in ib_umem_get() the pinned counter is
+incremented, but ib_umem_release() wrongly decrements the locked
+counter. Fix this.
+
+Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
+Reviewed-by: Christoph Lameter <cl@linux.com>
+Signed-off-by: Roland Dreier <roland@purestorage.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/core/umem.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/infiniband/core/umem.c
++++ b/drivers/infiniband/core/umem.c
+@@ -269,7 +269,7 @@ void ib_umem_release(struct ib_umem *ume
+ } else
+ down_write(&mm->mmap_sem);
+
+- current->mm->locked_vm -= diff;
++ current->mm->pinned_vm -= diff;
+ up_write(&mm->mmap_sem);
+ mmput(mm);
+ kfree(umem);
--- /dev/null
+From fc25f79af321c01a739150ba2c09435cf977a63d Mon Sep 17 00:00:00 2001
+From: Dan Williams <dan.j.williams@intel.com>
+Date: Mon, 30 Apr 2012 11:57:44 -0700
+Subject: isci: fix oem parameter validation on single controller skus
+
+From: Dan Williams <dan.j.williams@intel.com>
+
+commit fc25f79af321c01a739150ba2c09435cf977a63d upstream.
+
+OEM parameters [1] are parsed from the platform option-rom / efi
+driver. By default the driver was validating the parameters for the
+dual-controller case, but in single-controller case only the first set
+of parameters may be valid.
+
+Limit the validation to the number of actual controllers detected
+otherwise the driver may fail to parse the valid parameters leading to
+driver-load or runtime failures.
+
+[1] the platform specific set of phy address, configuration,and analog
+ tuning values
+
+Reported-by: Dave Jiang <dave.jiang@intel.com>
+Tested-by: Dave Jiang <dave.jiang@intel.com>
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/isci/init.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/scsi/isci/init.c
++++ b/drivers/scsi/isci/init.c
+@@ -481,7 +481,7 @@ static int __devinit isci_pci_probe(stru
+ if (!orom)
+ orom = isci_request_oprom(pdev);
+
+- for (i = 0; orom && i < ARRAY_SIZE(orom->ctrl); i++) {
++ for (i = 0; orom && i < num_controllers(pdev); i++) {
+ if (sci_oem_parameters_validate(&orom->ctrl[i],
+ orom->hdr.version)) {
+ dev_warn(&pdev->dev,
--- /dev/null
+From 35e7adaaf6932c5ffb22c6ec521734434c65adc5 Mon Sep 17 00:00:00 2001
+From: Wey-Yi Guy <wey-yi.w.guy@intel.com>
+Date: Wed, 25 Apr 2012 08:10:08 -0700
+Subject: iwlwifi: use 6000G2B for 6030 device series
+
+From: Wey-Yi Guy <wey-yi.w.guy@intel.com>
+
+commit 35e7adaaf6932c5ffb22c6ec521734434c65adc5 upstream.
+
+"iwlwifi: use correct released ucode version" change
+the ucode api ok from 6000G2 to 6000G2B, but it shall belong
+to 6030 device series, not the 6005 device series. Fix it
+
+Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/iwlwifi/iwl-6000.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/iwlwifi/iwl-6000.c
++++ b/drivers/net/wireless/iwlwifi/iwl-6000.c
+@@ -391,7 +391,7 @@ struct iwl_cfg iwl6005_2agn_d_cfg = {
+ #define IWL_DEVICE_6030 \
+ .fw_name_pre = IWL6030_FW_PRE, \
+ .ucode_api_max = IWL6000G2_UCODE_API_MAX, \
+- .ucode_api_ok = IWL6000G2B_UCODE_API_OK, \
++ .ucode_api_ok = IWL6000G2_UCODE_API_OK, \
+ .ucode_api_min = IWL6000G2_UCODE_API_MIN, \
+ .eeprom_ver = EEPROM_6030_EEPROM_VERSION, \
+ .eeprom_calib_ver = EEPROM_6030_TX_POWER_VERSION, \
--- /dev/null
+From e377a4fc768d7d477e58888bdbddd0103d6238bf Mon Sep 17 00:00:00 2001
+From: Meenakshi Venkataraman <meenakshi.venkataraman@intel.com>
+Date: Sun, 22 Apr 2012 07:55:27 -0700
+Subject: iwlwifi: use correct released ucode version
+
+From: Meenakshi Venkataraman <meenakshi.venkataraman@intel.com>
+
+commit e377a4fc768d7d477e58888bdbddd0103d6238bf upstream.
+
+Report correctly the latest released version
+of the iwlwifi firmware for all
+iwlwifi-supported devices.
+
+Signed-off-by: Meenakshi Venkataraman <meenakshi.venkataraman@intel.com>
+Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/iwlwifi/iwl-6000.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/iwlwifi/iwl-6000.c
++++ b/drivers/net/wireless/iwlwifi/iwl-6000.c
+@@ -351,7 +351,7 @@ static struct iwl_bt_params iwl6000_bt_p
+ #define IWL_DEVICE_6005 \
+ .fw_name_pre = IWL6005_FW_PRE, \
+ .ucode_api_max = IWL6000G2_UCODE_API_MAX, \
+- .ucode_api_ok = IWL6000G2_UCODE_API_OK, \
++ .ucode_api_ok = IWL6000G2B_UCODE_API_OK, \
+ .ucode_api_min = IWL6000G2_UCODE_API_MIN, \
+ .eeprom_ver = EEPROM_6005_EEPROM_VERSION, \
+ .eeprom_calib_ver = EEPROM_6005_TX_POWER_VERSION, \
--- /dev/null
+From 45de6767dc51358a188f75dc4ad9dfddb7fb9480 Mon Sep 17 00:00:00 2001
+From: David Howells <dhowells@redhat.com>
+Date: Fri, 11 May 2012 10:56:56 +0100
+Subject: KEYS: Use the compat keyctl() syscall wrapper on Sparc64 for Sparc32 compat
+
+From: David Howells <dhowells@redhat.com>
+
+commit 45de6767dc51358a188f75dc4ad9dfddb7fb9480 upstream.
+
+Use the 32-bit compat keyctl() syscall wrapper on Sparc64 for Sparc32 binary
+compatibility.
+
+Without this, keyctl(KEYCTL_INSTANTIATE_IOV) is liable to malfunction as it
+uses an iovec array read from userspace - though the kernel should survive this
+as it checks pointers and sizes anyway.
+
+I think all the other keyctl() function should just work, provided (a) the top
+32-bits of each 64-bit argument register are cleared prior to invoking the
+syscall routine, and the 32-bit address space is right at the 0-end of the
+64-bit address space. Most of the arguments are 32-bit anyway, and so for
+those clearing is not required.
+
+Signed-off-by: David Howells <dhowells@redhat.com
+cc: "David S. Miller" <davem@davemloft.net>
+cc: sparclinux@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/sparc/Kconfig | 3 +++
+ arch/sparc/kernel/systbls_64.S | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+--- a/arch/sparc/Kconfig
++++ b/arch/sparc/Kconfig
+@@ -582,6 +582,9 @@ config SYSVIPC_COMPAT
+ depends on COMPAT && SYSVIPC
+ default y
+
++config KEYS_COMPAT
++ def_bool y if COMPAT && KEYS
++
+ endmenu
+
+ source "net/Kconfig"
+--- a/arch/sparc/kernel/systbls_64.S
++++ b/arch/sparc/kernel/systbls_64.S
+@@ -74,7 +74,7 @@ sys_call_table32:
+ .word sys_timer_delete, compat_sys_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy
+ /*270*/ .word sys32_io_submit, sys_io_cancel, compat_sys_io_getevents, sys32_mq_open, sys_mq_unlink
+ .word compat_sys_mq_timedsend, compat_sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid
+-/*280*/ .word sys32_tee, sys_add_key, sys_request_key, sys_keyctl, compat_sys_openat
++/*280*/ .word sys32_tee, sys_add_key, sys_request_key, compat_sys_keyctl, compat_sys_openat
+ .word sys_mkdirat, sys_mknodat, sys_fchownat, compat_sys_futimesat, compat_sys_fstatat64
+ /*290*/ .word sys_unlinkat, sys_renameat, sys_linkat, sys_symlinkat, sys_readlinkat
+ .word sys_fchmodat, sys_faccessat, compat_sys_pselect6, compat_sys_ppoll, sys_unshare
--- /dev/null
+From 7ed85b65ab611ba841d508ae4ff8c45fa0c48c80 Mon Sep 17 00:00:00 2001
+From: Stanislav Yakovlev <stas.yakovlev@gmail.com>
+Date: Mon, 16 Apr 2012 06:38:30 -0400
+Subject: net/wireless: ipw2200: Fix WARN_ON occurring in wiphy_register called by ipw_pci_probe
+
+From: Stanislav Yakovlev <stas.yakovlev@gmail.com>
+
+commit 7ed85b65ab611ba841d508ae4ff8c45fa0c48c80 upstream.
+
+The problem was found by Stefan Lippers-Hollmann
+http://marc.info/?l=linux-wireless&m=132720334512946&w=2
+
+WARNING: at /tmp/buildd/linux-aptosid-3.2/debian/build/source_i386_none/net/wireless/core.c:562 wiphy_register+0x45/0x38d [cfg80211]()
+Hardware name: TravelMate 290 \xffffffff\xffffffff\xffffffff\xffffffff\xffffffff\xffffffff\xffffffff\xffffffff\xffffffff\xffffffff\xffffffff\xffffffff\xffffffff\xffffffff\xffffffff\xffffffff\xffffffff
+Modules linked in: ipw2200(+) iTCO_wdt libipw joydev drm snd_seq snd_timer snd_seq_device iTCO_vendor_support yenta_socket snd intel_agp i2c_i801 pcmcia_rsrc cfg80211 soundcore parport_pc psmouse parport rng_core snd_page_alloc serio_raw pcspkr i2c_algo_bit intel_gtt pcmcia_core evdev irda crc_ccitt rfkill lib80211 processor container ac battery shpchp pci_hotplug button ext4 mbcache jbd2 crc16 dm_mod sd_mod sr_mod crc_t10dif cdrom ata_generic pata_acpi ata_piix libata scsi_mod firewire_ohci firewire_core crc_itu_t 8139too 8139cp mii uhci_hcd ehci_hcd usbcore usb_common [last unloaded: scsi_wait_scan]
+Pid: 328, comm: modprobe Not tainted 3.2-1.slh.4-aptosid-686 #1
+Call Trace:
+[<c012eaf4>] ? warn_slowpath_common+0x7c/0x8f
+[<e0ff0b3e>] ? wiphy_register+0x45/0x38d [cfg80211]
+[<e0ff0b3e>] ? wiphy_register+0x45/0x38d [cfg80211]
+[<c012eb22>] ? warn_slowpath_null+0x1b/0x1f
+[<e0ff0b3e>] ? wiphy_register+0x45/0x38d [cfg80211]
+[<c01f89d7>] ? internal_create_group+0xf5/0xff
+[<e0a2de1c>] ? ipw_pci_probe+0xa9a/0xbd0 [ipw2200]
+[<c01519f4>] ? arch_local_irq_save+0xf/0x14
+[<c0252986>] ? pci_device_probe+0x53/0x9a
+[<c02c2820>] ? driver_probe_device+0x94/0x124
+[<c0252871>] ? pci_match_id+0x15/0x34
+[<c02c28f0>] ? __driver_attach+0x40/0x5b
+[<c02c1d81>] ? bus_for_each_dev+0x37/0x60
+[<c02c25aa>] ? driver_attach+0x17/0x1a
+[<c02c28b0>] ? driver_probe_device+0x124/0x124
+[<c02c22c4>] ? bus_add_driver+0x92/0x1d1
+[<e099d000>] ? 0xe099cfff
+[<c02c2cb8>] ? driver_register+0x7d/0xd4
+[<c017cd50>] ? jump_label_module_notify+0xec/0x167
+[<e099d000>] ? 0xe099cfff
+[<c0253017>] ? __pci_register_driver+0x32/0x87
+[<e099d000>] ? 0xe099cfff
+[<e099d02e>] ? ipw_init+0x2e/0x72 [ipw2200]
+[<c0101173>] ? do_one_initcall+0x7d/0x132
+[<c0145016>] ? __blocking_notifier_call_chain+0x47/0x4f
+[<c0154a73>] ? sys_init_module+0x13a4/0x159c
+[<c03a639f>] ? sysenter_do_call+0x12/0x28
+
+This warning appears only if we apply Ben Hutchings' fix
+http://marc.info/?l=linux-wireless&m=132720195012653&w=2
+for the bug reported by Cesare Leonardi
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656813
+with cfg80211 warning during device registration
+("cfg80211: failed to add phy80211 symlink to netdev!").
+
+We separate device bring up and registration with network stack
+to avoid the problem.
+
+After that Ben Hutchings' fix can be applied to fix the bug.
+
+Signed-off-by: Stanislav Yakovlev <stas.yakovlev@gmail.com>
+Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/ipw2x00/ipw2200.c | 21 ++++++---------------
+ 1 file changed, 6 insertions(+), 15 deletions(-)
+
+--- a/drivers/net/wireless/ipw2x00/ipw2200.c
++++ b/drivers/net/wireless/ipw2x00/ipw2200.c
+@@ -11443,20 +11443,6 @@ static void ipw_bg_down(struct work_stru
+ mutex_unlock(&priv->mutex);
+ }
+
+-/* Called by register_netdev() */
+-static int ipw_net_init(struct net_device *dev)
+-{
+- int rc = 0;
+- struct ipw_priv *priv = libipw_priv(dev);
+-
+- mutex_lock(&priv->mutex);
+- if (ipw_up(priv))
+- rc = -EIO;
+- mutex_unlock(&priv->mutex);
+-
+- return rc;
+-}
+-
+ static int ipw_wdev_init(struct net_device *dev)
+ {
+ int i, rc = 0;
+@@ -11722,7 +11708,6 @@ static void ipw_prom_free(struct ipw_pri
+ #endif
+
+ static const struct net_device_ops ipw_netdev_ops = {
+- .ndo_init = ipw_net_init,
+ .ndo_open = ipw_net_open,
+ .ndo_stop = ipw_net_stop,
+ .ndo_set_rx_mode = ipw_net_set_multicast_list,
+@@ -11849,6 +11834,12 @@ static int __devinit ipw_pci_probe(struc
+ goto out_release_irq;
+ }
+
++ if (ipw_up(priv)) {
++ mutex_unlock(&priv->mutex);
++ err = -EIO;
++ goto out_remove_sysfs;
++ }
++
+ mutex_unlock(&priv->mutex);
+ err = register_netdev(net_dev);
+ if (err) {
--- /dev/null
+From 5bcdf5e4fee3c45e1281c25e4941f2163cb28c65 Mon Sep 17 00:00:00 2001
+From: Robert Richter <robert.richter@amd.com>
+Date: Fri, 18 May 2012 12:40:42 +0200
+Subject: perf/x86: Update event scheduling constraints for AMD family 15h models
+
+From: Robert Richter <robert.richter@amd.com>
+
+commit 5bcdf5e4fee3c45e1281c25e4941f2163cb28c65 upstream.
+
+This update is for newer family 15h cpu models from 0x02 to 0x1f.
+
+Signed-off-by: Robert Richter <robert.richter@amd.com>
+Acked-by: Peter Zijlstra <peterz@infradead.org>
+Cc: Stephane Eranian <eranian@google.com>
+Link: http://lkml.kernel.org/r/1337337642-1621-1-git-send-email-robert.richter@amd.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/perf_event_amd.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/cpu/perf_event_amd.c
++++ b/arch/x86/kernel/cpu/perf_event_amd.c
+@@ -473,6 +473,7 @@ static __initconst const struct x86_pmu
+ * 0x023 DE PERF_CTL[2:0]
+ * 0x02D LS PERF_CTL[3]
+ * 0x02E LS PERF_CTL[3,0]
++ * 0x031 LS PERF_CTL[2:0] (**)
+ * 0x043 CU PERF_CTL[2:0]
+ * 0x045 CU PERF_CTL[2:0]
+ * 0x046 CU PERF_CTL[2:0]
+@@ -486,10 +487,12 @@ static __initconst const struct x86_pmu
+ * 0x0DD LS PERF_CTL[5:0]
+ * 0x0DE LS PERF_CTL[5:0]
+ * 0x0DF LS PERF_CTL[5:0]
++ * 0x1C0 EX PERF_CTL[5:3]
+ * 0x1D6 EX PERF_CTL[5:0]
+ * 0x1D8 EX PERF_CTL[5:0]
+ *
+- * (*) depending on the umask all FPU counters may be used
++ * (*) depending on the umask all FPU counters may be used
++ * (**) only one unitmask enabled at a time
+ */
+
+ static struct event_constraint amd_f15_PMC0 = EVENT_CONSTRAINT(0, 0x01, 0);
+@@ -539,6 +542,12 @@ amd_get_event_constraints_f15h(struct cp
+ return &amd_f15_PMC3;
+ case 0x02E:
+ return &amd_f15_PMC30;
++ case 0x031:
++ if (hweight_long(hwc->config & ARCH_PERFMON_EVENTSEL_UMASK) <= 1)
++ return &amd_f15_PMC20;
++ return &emptyconstraint;
++ case 0x1C0:
++ return &amd_f15_PMC53;
+ default:
+ return &amd_f15_PMC50;
+ }
--- /dev/null
+From 9cd75e13de2dcf32ecc21c7f277cff3c0ced059e Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Mon, 7 May 2012 17:59:47 +0000
+Subject: powerpc: Fix broken cpu_idle_wait() implementation
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit 9cd75e13de2dcf32ecc21c7f277cff3c0ced059e upstream.
+
+commit 771dae818 (powerpc/cpuidle: Add cpu_idle_wait() to allow
+switching of idle routines) implemented cpu_idle_wait() for powerpc.
+
+The changelog says:
+ "The equivalent routine for x86 is in arch/x86/kernel/process.c
+ but the powerpc implementation is different.":
+
+Unfortunately the changelog is completely useless as it does not tell
+_WHY_ it is different.
+
+Aside of being different the implementation is patently wrong.
+
+The rescheduling IPI is async. That means that there is no guarantee,
+that the other cores have executed the IPI when cpu_idle_wait()
+returns. But that's the whole purpose of this function: to guarantee
+that no CPU uses the old idle handler anymore.
+
+Use the smp_functional_call() based implementation, which fulfils the
+requirements.
+
+[ This code is going to replaced by a core version to remove all the
+ pointless copies in arch/*, but this one should go to stable ]
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Peter Zijlstra <peterz@infradead.org>
+Cc: Deepthi Dharwar <deepthi@linux.vnet.ibm.com>
+Cc: Trinabh Gupta <g.trinabh@gmail.com>
+Cc: Arun R Bharadwaj <arun.r.bharadwaj@gmail.com>
+Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Link: http://lkml.kernel.org/r/20120507175651.980164748@linutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kernel/idle.c | 14 +++++---------
+ 1 file changed, 5 insertions(+), 9 deletions(-)
+
+--- a/arch/powerpc/kernel/idle.c
++++ b/arch/powerpc/kernel/idle.c
+@@ -109,6 +109,9 @@ void cpu_idle(void)
+ }
+ }
+
++static void do_nothing(void *unused)
++{
++}
+
+ /*
+ * cpu_idle_wait - Used to ensure that all the CPUs come out of the old
+@@ -119,16 +122,9 @@ void cpu_idle(void)
+ */
+ void cpu_idle_wait(void)
+ {
+- int cpu;
+ smp_mb();
+-
+- /* kick all the CPUs so that they exit out of old idle routine */
+- get_online_cpus();
+- for_each_online_cpu(cpu) {
+- if (cpu != smp_processor_id())
+- smp_send_reschedule(cpu);
+- }
+- put_online_cpus();
++ /* kick all the CPUs so that they exit out of pm_idle */
++ smp_call_function(do_nothing, NULL, 1);
+ }
+ EXPORT_SYMBOL_GPL(cpu_idle_wait);
+
--- /dev/null
+From 0f1dcfae6bc5563424346ad3a03282b8235a4c33 Mon Sep 17 00:00:00 2001
+From: Steve Wise <swise@opengridcomputing.com>
+Date: Fri, 27 Apr 2012 09:59:16 -0500
+Subject: RDMA/cxgb4: Always wake up waiters in c4iw_peer_abort_intr()
+
+From: Steve Wise <swise@opengridcomputing.com>
+
+commit 0f1dcfae6bc5563424346ad3a03282b8235a4c33 upstream.
+
+This fixes a race where an ingress abort fails to wake up the thread
+blocked in rdma_init() causing the app to hang.
+
+Signed-off-by: Steve Wise <swise@opengridcomputing.com>
+Signed-off-by: Roland Dreier <roland@purestorage.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/hw/cxgb4/cm.c | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+--- a/drivers/infiniband/hw/cxgb4/cm.c
++++ b/drivers/infiniband/hw/cxgb4/cm.c
+@@ -2665,11 +2665,8 @@ static int peer_abort_intr(struct c4iw_d
+
+ /*
+ * Wake up any threads in rdma_init() or rdma_fini().
+- * However, this is not needed if com state is just
+- * MPA_REQ_SENT
+ */
+- if (ep->com.state != MPA_REQ_SENT)
+- c4iw_wake_up(&ep->com.wr_wait, -ECONNRESET);
++ c4iw_wake_up(&ep->com.wr_wait, -ECONNRESET);
+ sched(dev, skb);
+ return 0;
+ }
--- /dev/null
+From 14b9222808bb8bfefc71f72bc0dbdcf3b2f0140f Mon Sep 17 00:00:00 2001
+From: Steve Wise <swise@opengridcomputing.com>
+Date: Mon, 30 Apr 2012 15:31:29 -0500
+Subject: RDMA/cxgb4: Drop peer_abort when no endpoint found
+
+From: Steve Wise <swise@opengridcomputing.com>
+
+commit 14b9222808bb8bfefc71f72bc0dbdcf3b2f0140f upstream.
+
+Log a warning and drop the abort message. Otherwise we will do a
+bogus wake_up() and crash.
+
+Signed-off-by: Steve Wise <swise@opengridcomputing.com>
+Signed-off-by: Roland Dreier <roland@purestorage.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/hw/cxgb4/cm.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/infiniband/hw/cxgb4/cm.c
++++ b/drivers/infiniband/hw/cxgb4/cm.c
+@@ -2654,6 +2654,12 @@ static int peer_abort_intr(struct c4iw_d
+ unsigned int tid = GET_TID(req);
+
+ ep = lookup_tid(t, tid);
++ if (!ep) {
++ printk(KERN_WARNING MOD
++ "Abort on non-existent endpoint, tid %d\n", tid);
++ kfree_skb(skb);
++ return 0;
++ }
+ if (is_neg_adv_abort(req->status)) {
+ PDBG("%s neg_adv_abort ep %p tid %u\n", __func__, ep,
+ ep->hwtid);
--- /dev/null
+From bd61baaf59669accae2720799394a51fecabe5d9 Mon Sep 17 00:00:00 2001
+From: Steve Wise <swise@opengridcomputing.com>
+Date: Fri, 27 Apr 2012 10:24:33 -0500
+Subject: RDMA/cxgb4: Use dst parameter in import_ep()
+
+From: Steve Wise <swise@opengridcomputing.com>
+
+commit bd61baaf59669accae2720799394a51fecabe5d9 upstream.
+
+Function import_ep() is incorrectly using ep->dst instead of the dst
+ptr passed in. This causes a crash when accepting new rdma connections
+becase ep->dst is not initialized yet.
+
+Signed-off-by: Steve Wise <swise@opengridcomputing.com>
+Signed-off-by: Roland Dreier <roland@purestorage.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/hw/cxgb4/cm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/infiniband/hw/cxgb4/cm.c
++++ b/drivers/infiniband/hw/cxgb4/cm.c
+@@ -1593,7 +1593,7 @@ static int import_ep(struct c4iw_ep *ep,
+ n, n->dev, 0);
+ if (!ep->l2t)
+ goto out;
+- ep->mtu = dst_mtu(ep->dst);
++ ep->mtu = dst_mtu(dst);
+ ep->tx_chan = cxgb4_port_chan(n->dev);
+ ep->smac_idx = (cxgb4_port_viid(n->dev) & 0x7F) << 1;
+ step = cdev->rdev.lldi.ntxq /
--- /dev/null
+From e81dba85c6388dfabcb76cbc2b8bd02836a53ae5 Mon Sep 17 00:00:00 2001
+From: Mark Brown <broonie@opensource.wolfsonmicro.com>
+Date: Sun, 13 May 2012 18:35:56 +0100
+Subject: regulator: core: Release regulator-regulator supplies on error
+
+From: Mark Brown <broonie@opensource.wolfsonmicro.com>
+
+commit e81dba85c6388dfabcb76cbc2b8bd02836a53ae5 upstream.
+
+If we fail while registering a regulator make sure we release the supply
+for the regulator if there is one.
+
+Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
+Acked-by: Liam Girdwood <lrg@ti.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/regulator/core.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/regulator/core.c
++++ b/drivers/regulator/core.c
+@@ -2877,6 +2877,8 @@ unset_supplies:
+ unset_regulator_supplies(rdev);
+
+ scrub:
++ if (rdev->supply)
++ regulator_put(rdev->supply);
+ kfree(rdev->constraints);
+ device_unregister(&rdev->dev);
+ /* device core frees rdev */
--- /dev/null
+From d5e50a51ccbda36b379aba9d1131a852eb908dda Mon Sep 17 00:00:00 2001
+From: Heiko Carstens <heiko.carstens@de.ibm.com>
+Date: Wed, 9 May 2012 09:37:30 +0200
+Subject: s390/pfault: fix task state race
+
+From: Heiko Carstens <heiko.carstens@de.ibm.com>
+
+commit d5e50a51ccbda36b379aba9d1131a852eb908dda upstream.
+
+When setting the current task state to TASK_UNINTERRUPTIBLE this can
+race with a different cpu. The other cpu could set the task state after
+it inspected it (while it was still TASK_RUNNING) to TASK_RUNNING which
+would change the state from TASK_UNINTERRUPTIBLE to TASK_RUNNING again.
+
+This race was always present in the pfault interrupt code but didn't
+cause anything harmful before commit f2db2e6c "[S390] pfault: cpu hotplug
+vs missing completion interrupts" which relied on the fact that after
+setting the task state to TASK_UNINTERRUPTIBLE the task would really
+sleep.
+Since this is not necessarily the case the result may be a list corruption
+of the pfault_list or, as observed, a use-after-free bug while trying to
+access the task_struct of a task which terminated itself already.
+
+To fix this, we need to get a reference of the affected task when receiving
+the initial pfault interrupt and add special handling if we receive yet
+another initial pfault interrupt when the task is already enqueued in the
+pfault list.
+
+Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
+Reviewed-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/mm/fault.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+--- a/arch/s390/mm/fault.c
++++ b/arch/s390/mm/fault.c
+@@ -574,6 +574,7 @@ static void pfault_interrupt(unsigned in
+ tsk->thread.pfault_wait = 0;
+ list_del(&tsk->thread.list);
+ wake_up_process(tsk);
++ put_task_struct(tsk);
+ } else {
+ /* Completion interrupt was faster than initial
+ * interrupt. Set pfault_wait to -1 so the initial
+@@ -588,14 +589,22 @@ static void pfault_interrupt(unsigned in
+ put_task_struct(tsk);
+ } else {
+ /* signal bit not set -> a real page is missing. */
+- if (tsk->thread.pfault_wait == -1) {
++ if (tsk->thread.pfault_wait == 1) {
++ /* Already on the list with a reference: put to sleep */
++ set_task_state(tsk, TASK_UNINTERRUPTIBLE);
++ set_tsk_need_resched(tsk);
++ } else if (tsk->thread.pfault_wait == -1) {
+ /* Completion interrupt was faster than the initial
+ * interrupt (pfault_wait == -1). Set pfault_wait
+ * back to zero and exit. */
+ tsk->thread.pfault_wait = 0;
+ } else {
+ /* Initial interrupt arrived before completion
+- * interrupt. Let the task sleep. */
++ * interrupt. Let the task sleep.
++ * An extra task reference is needed since a different
++ * cpu may set the task state to TASK_RUNNING again
++ * before the scheduler is reached. */
++ get_task_struct(tsk);
+ tsk->thread.pfault_wait = 1;
+ list_add(&tsk->thread.list, &pfault_list);
+ set_task_state(tsk, TASK_UNINTERRUPTIBLE);
+@@ -620,6 +629,7 @@ static int __cpuinit pfault_cpu_notify(s
+ list_del(&thread->list);
+ tsk = container_of(thread, struct task_struct, thread);
+ wake_up_process(tsk);
++ put_task_struct(tsk);
+ }
+ spin_unlock_irq(&pfault_lock);
+ break;
--- /dev/null
+From e42fafc25fa86c61824e8d4c5e7582316415d24f Mon Sep 17 00:00:00 2001
+From: "nagalakshmi.nandigama@lsi.com" <nagalakshmi.nandigama@lsi.com>
+Date: Tue, 20 Mar 2012 12:10:01 +0530
+Subject: SCSI: mpt2sas: Fix for panic happening because of improper memory allocation
+
+From: "nagalakshmi.nandigama@lsi.com" <nagalakshmi.nandigama@lsi.com>
+
+commit e42fafc25fa86c61824e8d4c5e7582316415d24f upstream.
+
+The ioc->pfacts member in the IOC structure is getting set to zero
+following a call to _base_get_ioc_facts due to the memset in that routine.
+So if the ioc->pfacts was read after a host reset, there would be a NULL
+pointer dereference. The routine _base_get_ioc_facts is called from context
+of host reset. The problem in _base_get_ioc_facts is the size of
+Mpi2IOCFactsReply is 64, whereas the sizeof "struct mpt2sas_facts" is 60,
+so there is a four byte overflow resulting from the memset.
+
+Also, there is memset in _base_get_port_facts using the incorrect structure,
+it should be "struct mpt2sas_port_facts" instead of Mpi2PortFactsReply.
+
+Signed-off-by: Nagalakshmi Nandigama <nagalakshmi.nandigama@lsi.com>
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/mpt2sas/mpt2sas_base.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/scsi/mpt2sas/mpt2sas_base.c
++++ b/drivers/scsi/mpt2sas/mpt2sas_base.c
+@@ -3340,7 +3340,7 @@ _base_get_port_facts(struct MPT2SAS_ADAP
+ }
+
+ pfacts = &ioc->pfacts[port];
+- memset(pfacts, 0, sizeof(Mpi2PortFactsReply_t));
++ memset(pfacts, 0, sizeof(struct mpt2sas_port_facts));
+ pfacts->PortNumber = mpi_reply.PortNumber;
+ pfacts->VP_ID = mpi_reply.VP_ID;
+ pfacts->VF_ID = mpi_reply.VF_ID;
+@@ -3382,7 +3382,7 @@ _base_get_ioc_facts(struct MPT2SAS_ADAPT
+ }
+
+ facts = &ioc->facts;
+- memset(facts, 0, sizeof(Mpi2IOCFactsReply_t));
++ memset(facts, 0, sizeof(struct mpt2sas_facts));
+ facts->MsgVersion = le16_to_cpu(mpi_reply.MsgVersion);
+ facts->HeaderVersion = le16_to_cpu(mpi_reply.HeaderVersion);
+ facts->VP_ID = mpi_reply.VP_ID;
+@@ -4259,7 +4259,7 @@ mpt2sas_base_attach(struct MPT2SAS_ADAPT
+ goto out_free_resources;
+
+ ioc->pfacts = kcalloc(ioc->facts.NumberOfPorts,
+- sizeof(Mpi2PortFactsReply_t), GFP_KERNEL);
++ sizeof(struct mpt2sas_port_facts), GFP_KERNEL);
+ if (!ioc->pfacts) {
+ r = -ENOMEM;
+ goto out_free_resources;
--- /dev/null
+From 154c50ca4eb9ae472f50b6a481213e21ead4457d Mon Sep 17 00:00:00 2001
+From: Eric Paris <eparis@redhat.com>
+Date: Wed, 4 Apr 2012 13:47:11 -0400
+Subject: SELinux: if sel_make_bools errors don't leave inconsistent state
+
+From: Eric Paris <eparis@redhat.com>
+
+commit 154c50ca4eb9ae472f50b6a481213e21ead4457d upstream.
+
+We reset the bool names and values array to NULL, but do not reset the
+number of entries in these arrays to 0. If we error out and then get back
+into this function we will walk these NULL pointers based on the belief
+that they are non-zero length.
+
+Signed-off-by: Eric Paris <eparis@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/selinux/selinuxfs.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/security/selinux/selinuxfs.c
++++ b/security/selinux/selinuxfs.c
+@@ -1232,6 +1232,7 @@ static int sel_make_bools(void)
+ kfree(bool_pending_names[i]);
+ kfree(bool_pending_names);
+ kfree(bool_pending_values);
++ bool_num = 0;
+ bool_pending_names = NULL;
+ bool_pending_values = NULL;
+
parisc-fix-panic-on-prefetch-null-on-pa7300lc.patch
isdn-gigaset-ratelimit-capi-message-dumps.patch
vfs-make-aio-use-the-proper-rw_verify_area-area-helpers.patch
+iwlwifi-use-6000g2b-for-6030-device-series.patch
+iwlwifi-use-correct-released-ucode-version.patch
+net-wireless-ipw2200-fix-warn_on-occurring-in-wiphy_register-called-by-ipw_pci_probe.patch
+cfg80211-warn-if-db.txt-is-empty-with-config_cfg80211_internal_regdb.patch
+regulator-core-release-regulator-regulator-supplies-on-error.patch
+fix-blocking-allocations-called-very-early-during-bootup.patch
+s390-pfault-fix-task-state-race.patch
+scsi-mpt2sas-fix-for-panic-happening-because-of-improper-memory-allocation.patch
+isci-fix-oem-parameter-validation-on-single-controller-skus.patch
+rdma-cxgb4-always-wake-up-waiters-in-c4iw_peer_abort_intr.patch
+rdma-cxgb4-use-dst-parameter-in-import_ep.patch
+rdma-cxgb4-drop-peer_abort-when-no-endpoint-found.patch
+powerpc-fix-broken-cpu_idle_wait-implementation.patch
+keys-use-the-compat-keyctl-syscall-wrapper-on-sparc64-for-sparc32-compat.patch
+selinux-if-sel_make_bools-errors-don-t-leave-inconsistent-state.patch
+ib-core-fix-mismatch-between-locked-and-pinned-pages.patch
+drivers-staging-comedi-comedi_fops.c-add-missing-vfree.patch
+perf-x86-update-event-scheduling-constraints-for-amd-family-15h-models.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
