--- /dev/null
+From 925396ecf251432d6d0f703a6cfd0cb9e651d936 Mon Sep 17 00:00:00 2001
+From: Josef Bacik <jbacik@fusionio.com>
+Date: Fri, 1 Feb 2013 15:57:47 -0500
+Subject: Btrfs: account for orphan inodes properly during cleanup
+
+From: Josef Bacik <jbacik@fusionio.com>
+
+commit 925396ecf251432d6d0f703a6cfd0cb9e651d936 upstream.
+
+Dave sent me a panic where we were doing the orphan cleanup and panic'ed
+trying to release our reservation from the orphan block rsv. The reason for
+this is because our orphan block rsv had been free'd out from underneath us
+because the transaction commit found that there were no orphan inodes
+according to its count and decided to free it. This is incorrect so make
+sure we inc the orphan inodes count so the accounting is all done properly.
+This would also cause the warning in the orphan commit code normally if you
+had any orphans to cleanup as they would only decrement the orphan count so
+you'd get a negative orphan count which could cause problems during runtime.
+Thanks,
+
+Signed-off-by: Josef Bacik <jbacik@fusionio.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/inode.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/btrfs/inode.c
++++ b/fs/btrfs/inode.c
+@@ -2470,6 +2470,7 @@ int btrfs_orphan_cleanup(struct btrfs_ro
+ */
+ set_bit(BTRFS_INODE_HAS_ORPHAN_ITEM,
+ &BTRFS_I(inode)->runtime_flags);
++ atomic_inc(&root->orphan_inodes);
+
+ /* if we have links, this was a truncate, lets do that */
+ if (inode->i_nlink) {
--- /dev/null
+From 4a7d0f6854c4a4ad1dba00a3b128a32d39b9a742 Mon Sep 17 00:00:00 2001
+From: Josef Bacik <jbacik@fusionio.com>
+Date: Thu, 7 Feb 2013 16:27:28 -0500
+Subject: Btrfs: cleanup orphan reservation if truncate fails
+
+From: Josef Bacik <jbacik@fusionio.com>
+
+commit 4a7d0f6854c4a4ad1dba00a3b128a32d39b9a742 upstream.
+
+I noticed we were getting lots of warnings with xfstest 83 because we have
+reservations outstanding. This is because we moved the orphan add outside
+of the truncate, but we don't actually cleanup our reservation if something
+fails. This fixes the problem and I no longer see warnings. Thanks,
+
+Signed-off-by: Josef Bacik <jbacik@fusionio.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/inode.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/btrfs/inode.c
++++ b/fs/btrfs/inode.c
+@@ -2493,6 +2493,8 @@ int btrfs_orphan_cleanup(struct btrfs_ro
+ goto out;
+
+ ret = btrfs_truncate(inode);
++ if (ret)
++ btrfs_orphan_del(NULL, inode);
+ } else {
+ nr_unlink++;
+ }
--- /dev/null
+From 9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 Mon Sep 17 00:00:00 2001
+From: Mathias Krause <minipli@googlemail.com>
+Date: Tue, 5 Feb 2013 18:19:13 +0100
+Subject: crypto: user - fix info leaks in report API
+
+From: Mathias Krause <minipli@googlemail.com>
+
+commit 9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 upstream.
+
+Three errors resulting in kernel memory disclosure:
+
+1/ The structures used for the netlink based crypto algorithm report API
+are located on the stack. As snprintf() does not fill the remainder of
+the buffer with null bytes, those stack bytes will be disclosed to users
+of the API. Switch to strncpy() to fix this.
+
+2/ crypto_report_one() does not initialize all field of struct
+crypto_user_alg. Fix this to fix the heap info leak.
+
+3/ For the module name we should copy only as many bytes as
+module_name() returns -- not as much as the destination buffer could
+hold. But the current code does not and therefore copies random data
+from behind the end of the module name, as the module name is always
+shorter than CRYPTO_MAX_ALG_NAME.
+
+Also switch to use strncpy() to copy the algorithm's name and
+driver_name. They are strings, after all.
+
+Signed-off-by: Mathias Krause <minipli@googlemail.com>
+Cc: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/ablkcipher.c | 12 ++++++------
+ crypto/aead.c | 9 ++++-----
+ crypto/ahash.c | 2 +-
+ crypto/blkcipher.c | 6 +++---
+ crypto/crypto_user.c | 20 ++++++++++----------
+ crypto/pcompress.c | 3 +--
+ crypto/rng.c | 2 +-
+ crypto/shash.c | 3 ++-
+ 8 files changed, 28 insertions(+), 29 deletions(-)
+
+--- a/crypto/ablkcipher.c
++++ b/crypto/ablkcipher.c
+@@ -388,9 +388,9 @@ static int crypto_ablkcipher_report(stru
+ {
+ struct crypto_report_blkcipher rblkcipher;
+
+- snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "ablkcipher");
+- snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s",
+- alg->cra_ablkcipher.geniv ?: "<default>");
++ strncpy(rblkcipher.type, "ablkcipher", sizeof(rblkcipher.type));
++ strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>",
++ sizeof(rblkcipher.geniv));
+
+ rblkcipher.blocksize = alg->cra_blocksize;
+ rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize;
+@@ -469,9 +469,9 @@ static int crypto_givcipher_report(struc
+ {
+ struct crypto_report_blkcipher rblkcipher;
+
+- snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "givcipher");
+- snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s",
+- alg->cra_ablkcipher.geniv ?: "<built-in>");
++ strncpy(rblkcipher.type, "givcipher", sizeof(rblkcipher.type));
++ strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<built-in>",
++ sizeof(rblkcipher.geniv));
+
+ rblkcipher.blocksize = alg->cra_blocksize;
+ rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize;
+--- a/crypto/aead.c
++++ b/crypto/aead.c
+@@ -117,9 +117,8 @@ static int crypto_aead_report(struct sk_
+ struct crypto_report_aead raead;
+ struct aead_alg *aead = &alg->cra_aead;
+
+- snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "aead");
+- snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s",
+- aead->geniv ?: "<built-in>");
++ strncpy(raead.type, "aead", sizeof(raead.type));
++ strncpy(raead.geniv, aead->geniv ?: "<built-in>", sizeof(raead.geniv));
+
+ raead.blocksize = alg->cra_blocksize;
+ raead.maxauthsize = aead->maxauthsize;
+@@ -203,8 +202,8 @@ static int crypto_nivaead_report(struct
+ struct crypto_report_aead raead;
+ struct aead_alg *aead = &alg->cra_aead;
+
+- snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "nivaead");
+- snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s", aead->geniv);
++ strncpy(raead.type, "nivaead", sizeof(raead.type));
++ strncpy(raead.geniv, aead->geniv, sizeof(raead.geniv));
+
+ raead.blocksize = alg->cra_blocksize;
+ raead.maxauthsize = aead->maxauthsize;
+--- a/crypto/ahash.c
++++ b/crypto/ahash.c
+@@ -404,7 +404,7 @@ static int crypto_ahash_report(struct sk
+ {
+ struct crypto_report_hash rhash;
+
+- snprintf(rhash.type, CRYPTO_MAX_ALG_NAME, "%s", "ahash");
++ strncpy(rhash.type, "ahash", sizeof(rhash.type));
+
+ rhash.blocksize = alg->cra_blocksize;
+ rhash.digestsize = __crypto_hash_alg_common(alg)->digestsize;
+--- a/crypto/blkcipher.c
++++ b/crypto/blkcipher.c
+@@ -499,9 +499,9 @@ static int crypto_blkcipher_report(struc
+ {
+ struct crypto_report_blkcipher rblkcipher;
+
+- snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "blkcipher");
+- snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s",
+- alg->cra_blkcipher.geniv ?: "<default>");
++ strncpy(rblkcipher.type, "blkcipher", sizeof(rblkcipher.type));
++ strncpy(rblkcipher.geniv, alg->cra_blkcipher.geniv ?: "<default>",
++ sizeof(rblkcipher.geniv));
+
+ rblkcipher.blocksize = alg->cra_blocksize;
+ rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize;
+--- a/crypto/crypto_user.c
++++ b/crypto/crypto_user.c
+@@ -75,7 +75,7 @@ static int crypto_report_cipher(struct s
+ {
+ struct crypto_report_cipher rcipher;
+
+- snprintf(rcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "cipher");
++ strncpy(rcipher.type, "cipher", sizeof(rcipher.type));
+
+ rcipher.blocksize = alg->cra_blocksize;
+ rcipher.min_keysize = alg->cra_cipher.cia_min_keysize;
+@@ -94,8 +94,7 @@ static int crypto_report_comp(struct sk_
+ {
+ struct crypto_report_comp rcomp;
+
+- snprintf(rcomp.type, CRYPTO_MAX_ALG_NAME, "%s", "compression");
+-
++ strncpy(rcomp.type, "compression", sizeof(rcomp.type));
+ if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS,
+ sizeof(struct crypto_report_comp), &rcomp))
+ goto nla_put_failure;
+@@ -108,12 +107,14 @@ nla_put_failure:
+ static int crypto_report_one(struct crypto_alg *alg,
+ struct crypto_user_alg *ualg, struct sk_buff *skb)
+ {
+- memcpy(&ualg->cru_name, &alg->cra_name, sizeof(ualg->cru_name));
+- memcpy(&ualg->cru_driver_name, &alg->cra_driver_name,
+- sizeof(ualg->cru_driver_name));
+- memcpy(&ualg->cru_module_name, module_name(alg->cra_module),
+- CRYPTO_MAX_ALG_NAME);
++ strncpy(ualg->cru_name, alg->cra_name, sizeof(ualg->cru_name));
++ strncpy(ualg->cru_driver_name, alg->cra_driver_name,
++ sizeof(ualg->cru_driver_name));
++ strncpy(ualg->cru_module_name, module_name(alg->cra_module),
++ sizeof(ualg->cru_module_name));
+
++ ualg->cru_type = 0;
++ ualg->cru_mask = 0;
+ ualg->cru_flags = alg->cra_flags;
+ ualg->cru_refcnt = atomic_read(&alg->cra_refcnt);
+
+@@ -122,8 +123,7 @@ static int crypto_report_one(struct cryp
+ if (alg->cra_flags & CRYPTO_ALG_LARVAL) {
+ struct crypto_report_larval rl;
+
+- snprintf(rl.type, CRYPTO_MAX_ALG_NAME, "%s", "larval");
+-
++ strncpy(rl.type, "larval", sizeof(rl.type));
+ if (nla_put(skb, CRYPTOCFGA_REPORT_LARVAL,
+ sizeof(struct crypto_report_larval), &rl))
+ goto nla_put_failure;
+--- a/crypto/pcompress.c
++++ b/crypto/pcompress.c
+@@ -53,8 +53,7 @@ static int crypto_pcomp_report(struct sk
+ {
+ struct crypto_report_comp rpcomp;
+
+- snprintf(rpcomp.type, CRYPTO_MAX_ALG_NAME, "%s", "pcomp");
+-
++ strncpy(rpcomp.type, "pcomp", sizeof(rpcomp.type));
+ if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS,
+ sizeof(struct crypto_report_comp), &rpcomp))
+ goto nla_put_failure;
+--- a/crypto/rng.c
++++ b/crypto/rng.c
+@@ -65,7 +65,7 @@ static int crypto_rng_report(struct sk_b
+ {
+ struct crypto_report_rng rrng;
+
+- snprintf(rrng.type, CRYPTO_MAX_ALG_NAME, "%s", "rng");
++ strncpy(rrng.type, "rng", sizeof(rrng.type));
+
+ rrng.seedsize = alg->cra_rng.seedsize;
+
+--- a/crypto/shash.c
++++ b/crypto/shash.c
+@@ -530,7 +530,8 @@ static int crypto_shash_report(struct sk
+ struct crypto_report_hash rhash;
+ struct shash_alg *salg = __crypto_shash_alg(alg);
+
+- snprintf(rhash.type, CRYPTO_MAX_ALG_NAME, "%s", "shash");
++ strncpy(rhash.type, "shash", sizeof(rhash.type));
++
+ rhash.blocksize = alg->cra_blocksize;
+ rhash.digestsize = salg->digestsize;
+
--- /dev/null
+From dcd9006b1b053c7b1cebe81333261d4fd492ffeb Mon Sep 17 00:00:00 2001
+From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Date: Tue, 5 Mar 2013 17:09:00 +0100
+Subject: HID: logitech-dj: do not directly call hid_output_raw_report() during probe
+
+From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+
+commit dcd9006b1b053c7b1cebe81333261d4fd492ffeb upstream.
+
+hid_output_raw_report() makes a direct call to usb_control_msg(). However,
+some USB3 boards have shown that the usb device is not ready during the
+.probe(). This blocks the entire usb device, and the paired mice, keyboards
+are not functional. The dmesg output is the following:
+
+[ 11.912287] logitech-djreceiver 0003:046D:C52B.0003: hiddev0,hidraw0: USB HID v1.11 Device [Logitech USB Receiver] on usb-0000:00:14.0-2/input2
+[ 11.912537] logitech-djreceiver 0003:046D:C52B.0003: logi_dj_probe:logi_dj_recv_query_paired_devices error:-32
+[ 11.912636] logitech-djreceiver: probe of 0003:046D:C52B.0003 failed with error -32
+
+Relying on the scheduled call to usbhid_submit_report() fixes the problem.
+
+related bugs:
+https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1072082
+https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1039143
+https://bugzilla.redhat.com/show_bug.cgi?id=840391
+https://bugzilla.kernel.org/show_bug.cgi?id=49781
+
+Reported-and-tested-by: Bob Bowles <bobjohnbowles@gmail.com>
+Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-logitech-dj.c | 22 ++++++++++++++--------
+ 1 file changed, 14 insertions(+), 8 deletions(-)
+
+--- a/drivers/hid/hid-logitech-dj.c
++++ b/drivers/hid/hid-logitech-dj.c
+@@ -459,19 +459,25 @@ static int logi_dj_recv_send_report(stru
+ struct dj_report *dj_report)
+ {
+ struct hid_device *hdev = djrcv_dev->hdev;
+- int sent_bytes;
++ struct hid_report *report;
++ struct hid_report_enum *output_report_enum;
++ u8 *data = (u8 *)(&dj_report->device_index);
++ int i;
+
+- if (!hdev->hid_output_raw_report) {
+- dev_err(&hdev->dev, "%s:"
+- "hid_output_raw_report is null\n", __func__);
++ output_report_enum = &hdev->report_enum[HID_OUTPUT_REPORT];
++ report = output_report_enum->report_id_hash[REPORT_ID_DJ_SHORT];
++
++ if (!report) {
++ dev_err(&hdev->dev, "%s: unable to find dj report\n", __func__);
+ return -ENODEV;
+ }
+
+- sent_bytes = hdev->hid_output_raw_report(hdev, (u8 *) dj_report,
+- sizeof(struct dj_report),
+- HID_OUTPUT_REPORT);
++ for (i = 0; i < report->field[0]->report_count; i++)
++ report->field[0]->value[i] = data[i];
++
++ usbhid_submit_report(hdev, report, USB_DIR_OUT);
+
+- return (sent_bytes < 0) ? sent_bytes : 0;
++ return 0;
+ }
+
+ static int logi_dj_recv_query_paired_devices(struct dj_receiver_dev *djrcv_dev)
--- /dev/null
+From c3481955f6c78c8dd99921759306d7469c999ec2 Mon Sep 17 00:00:00 2001
+From: Wei WANG <wei_wang@realsil.com.cn>
+Date: Fri, 8 Feb 2013 15:24:27 +0800
+Subject: mfd: rtsx: Fix issue that booting OS with SD card inserted
+
+From: Wei WANG <wei_wang@realsil.com.cn>
+
+commit c3481955f6c78c8dd99921759306d7469c999ec2 upstream.
+
+Realtek card reader supports both SD and MS card. According to the
+settings of rtsx MFD driver, SD host will be probed before MS host.
+If we boot/reboot Linux with SD card inserted, the resetting flow of SD
+card will succeed, and the following resetting flow of MS is sure to fail.
+Then MS upper-level driver will ask rtsx driver to turn power off. This
+request leads to the result that the following SD commands fail and SD card
+can't be accessed again.
+
+In this commit, Realtek's SD and MS host driver will check whether the card
+that upper driver requesting is the one existing in the slot. If not, Realtek's
+host driver will refuse the operation to make sure the exlusive accessing
+at the same time.
+
+Signed-off-by: Wei WANG <wei_wang@realsil.com.cn>
+Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
+Cc: Tim Gardner <rtg.canonical@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/memstick/host/rtsx_pci_ms.c | 7 +++++++
+ drivers/mfd/rtsx_pcr.c | 30 ++++++++++++++++++++++++++++++
+ drivers/mmc/host/rtsx_pci_sdmmc.c | 18 ++++++++++++++++++
+ include/linux/mfd/rtsx_pci.h | 2 ++
+ 4 files changed, 57 insertions(+)
+
+--- a/drivers/memstick/host/rtsx_pci_ms.c
++++ b/drivers/memstick/host/rtsx_pci_ms.c
+@@ -426,6 +426,9 @@ static void rtsx_pci_ms_request(struct m
+
+ dev_dbg(ms_dev(host), "--> %s\n", __func__);
+
++ if (rtsx_pci_card_exclusive_check(host->pcr, RTSX_MS_CARD))
++ return;
++
+ schedule_work(&host->handle_req);
+ }
+
+@@ -441,6 +444,10 @@ static int rtsx_pci_ms_set_param(struct
+ dev_dbg(ms_dev(host), "%s: param = %d, value = %d\n",
+ __func__, param, value);
+
++ err = rtsx_pci_card_exclusive_check(host->pcr, RTSX_MS_CARD);
++ if (err)
++ return err;
++
+ switch (param) {
+ case MEMSTICK_POWER:
+ if (value == MEMSTICK_POWER_ON)
+--- a/drivers/mfd/rtsx_pcr.c
++++ b/drivers/mfd/rtsx_pcr.c
+@@ -713,6 +713,25 @@ int rtsx_pci_card_power_off(struct rtsx_
+ }
+ EXPORT_SYMBOL_GPL(rtsx_pci_card_power_off);
+
++int rtsx_pci_card_exclusive_check(struct rtsx_pcr *pcr, int card)
++{
++ unsigned int cd_mask[] = {
++ [RTSX_SD_CARD] = SD_EXIST,
++ [RTSX_MS_CARD] = MS_EXIST
++ };
++
++ if (!pcr->ms_pmos) {
++ /* When using single PMOS, accessing card is not permitted
++ * if the existing card is not the designated one.
++ */
++ if (pcr->card_exist & (~cd_mask[card]))
++ return -EIO;
++ }
++
++ return 0;
++}
++EXPORT_SYMBOL_GPL(rtsx_pci_card_exclusive_check);
++
+ int rtsx_pci_switch_output_voltage(struct rtsx_pcr *pcr, u8 voltage)
+ {
+ if (pcr->ops->switch_output_voltage)
+@@ -789,6 +808,9 @@ static void rtsx_pci_card_detect(struct
+ card_inserted = pcr->ops->cd_deglitch(pcr);
+
+ card_detect = card_inserted | card_removed;
++
++ pcr->card_exist |= card_inserted;
++ pcr->card_exist &= ~card_removed;
+ }
+
+ mutex_unlock(&pcr->pcr_mutex);
+@@ -981,6 +1003,14 @@ static int rtsx_pci_init_hw(struct rtsx_
+ return err;
+ }
+
++ /* No CD interrupt if probing driver with card inserted.
++ * So we need to initialize pcr->card_exist here.
++ */
++ if (pcr->ops->cd_deglitch)
++ pcr->card_exist = pcr->ops->cd_deglitch(pcr);
++ else
++ pcr->card_exist = rtsx_pci_readl(pcr, RTSX_BIPR) & CARD_EXIST;
++
+ return 0;
+ }
+
+--- a/drivers/mmc/host/rtsx_pci_sdmmc.c
++++ b/drivers/mmc/host/rtsx_pci_sdmmc.c
+@@ -678,12 +678,19 @@ static void sdmmc_request(struct mmc_hos
+ struct mmc_command *cmd = mrq->cmd;
+ struct mmc_data *data = mrq->data;
+ unsigned int data_size = 0;
++ int err;
+
+ if (host->eject) {
+ cmd->error = -ENOMEDIUM;
+ goto finish;
+ }
+
++ err = rtsx_pci_card_exclusive_check(host->pcr, RTSX_SD_CARD);
++ if (err) {
++ cmd->error = err;
++ goto finish;
++ }
++
+ mutex_lock(&pcr->pcr_mutex);
+
+ rtsx_pci_start_run(pcr);
+@@ -901,6 +908,9 @@ static void sdmmc_set_ios(struct mmc_hos
+ if (host->eject)
+ return;
+
++ if (rtsx_pci_card_exclusive_check(host->pcr, RTSX_SD_CARD))
++ return;
++
+ mutex_lock(&pcr->pcr_mutex);
+
+ rtsx_pci_start_run(pcr);
+@@ -1073,6 +1083,10 @@ static int sdmmc_switch_voltage(struct m
+ if (host->eject)
+ return -ENOMEDIUM;
+
++ err = rtsx_pci_card_exclusive_check(host->pcr, RTSX_SD_CARD);
++ if (err)
++ return err;
++
+ mutex_lock(&pcr->pcr_mutex);
+
+ rtsx_pci_start_run(pcr);
+@@ -1122,6 +1136,10 @@ static int sdmmc_execute_tuning(struct m
+ if (host->eject)
+ return -ENOMEDIUM;
+
++ err = rtsx_pci_card_exclusive_check(host->pcr, RTSX_SD_CARD);
++ if (err)
++ return err;
++
+ mutex_lock(&pcr->pcr_mutex);
+
+ rtsx_pci_start_run(pcr);
+--- a/include/linux/mfd/rtsx_pci.h
++++ b/include/linux/mfd/rtsx_pci.h
+@@ -735,6 +735,7 @@ struct rtsx_pcr {
+
+ unsigned int card_inserted;
+ unsigned int card_removed;
++ unsigned int card_exist;
+
+ struct delayed_work carddet_work;
+ struct delayed_work idle_work;
+@@ -799,6 +800,7 @@ int rtsx_pci_switch_clock(struct rtsx_pc
+ u8 ssc_depth, bool initial_mode, bool double_clk, bool vpclk);
+ int rtsx_pci_card_power_on(struct rtsx_pcr *pcr, int card);
+ int rtsx_pci_card_power_off(struct rtsx_pcr *pcr, int card);
++int rtsx_pci_card_exclusive_check(struct rtsx_pcr *pcr, int card);
+ int rtsx_pci_switch_output_voltage(struct rtsx_pcr *pcr, u8 voltage);
+ unsigned int rtsx_pci_card_exist(struct rtsx_pcr *pcr);
+ void rtsx_pci_complete_unfinished_transfer(struct rtsx_pcr *pcr);
--- /dev/null
+From 504decc0a063e6a09a1e5b203ca68bc21dfffde9 Mon Sep 17 00:00:00 2001
+From: Wei WANG <wei_wang@realsil.com.cn>
+Date: Tue, 29 Jan 2013 15:21:37 +0800
+Subject: mfd: rtsx: Optimize card detect flow
+
+From: Wei WANG <wei_wang@realsil.com.cn>
+
+commit 504decc0a063e6a09a1e5b203ca68bc21dfffde9 upstream.
+
+1. Schedule card detect work at the end of the ISR
+2. Callback function ops->cd_deglitch may delay for a period of time.
+It is not proper to call this callback when local irq disabled.
+3. Card detect flow can't be executed in parallel with other card reader
+operations, so it's better to be protected by mutex.
+
+Signed-off-by: Wei WANG <wei_wang@realsil.com.cn>
+Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
+Cc: Tim Gardner <rtg.canonical@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mfd/rtsx_pcr.c | 31 +++++++++++++++++++------------
+ 1 file changed, 19 insertions(+), 12 deletions(-)
+
+--- a/drivers/mfd/rtsx_pcr.c
++++ b/drivers/mfd/rtsx_pcr.c
+@@ -758,7 +758,7 @@ static void rtsx_pci_card_detect(struct
+ struct delayed_work *dwork;
+ struct rtsx_pcr *pcr;
+ unsigned long flags;
+- unsigned int card_detect = 0;
++ unsigned int card_detect = 0, card_inserted, card_removed;
+ u32 irq_status;
+
+ dwork = to_delayed_work(work);
+@@ -766,25 +766,32 @@ static void rtsx_pci_card_detect(struct
+
+ dev_dbg(&(pcr->pci->dev), "--> %s\n", __func__);
+
++ mutex_lock(&pcr->pcr_mutex);
+ spin_lock_irqsave(&pcr->lock, flags);
+
+ irq_status = rtsx_pci_readl(pcr, RTSX_BIPR);
+ dev_dbg(&(pcr->pci->dev), "irq_status: 0x%08x\n", irq_status);
+
+- if (pcr->card_inserted || pcr->card_removed) {
++ irq_status &= CARD_EXIST;
++ card_inserted = pcr->card_inserted & irq_status;
++ card_removed = pcr->card_removed;
++ pcr->card_inserted = 0;
++ pcr->card_removed = 0;
++
++ spin_unlock_irqrestore(&pcr->lock, flags);
++
++ if (card_inserted || card_removed) {
+ dev_dbg(&(pcr->pci->dev),
+ "card_inserted: 0x%x, card_removed: 0x%x\n",
+- pcr->card_inserted, pcr->card_removed);
++ card_inserted, card_removed);
+
+ if (pcr->ops->cd_deglitch)
+- pcr->card_inserted = pcr->ops->cd_deglitch(pcr);
++ card_inserted = pcr->ops->cd_deglitch(pcr);
+
+- card_detect = pcr->card_inserted | pcr->card_removed;
+- pcr->card_inserted = 0;
+- pcr->card_removed = 0;
++ card_detect = card_inserted | card_removed;
+ }
+
+- spin_unlock_irqrestore(&pcr->lock, flags);
++ mutex_unlock(&pcr->pcr_mutex);
+
+ if ((card_detect & SD_EXIST) && pcr->slots[RTSX_SD_CARD].card_event)
+ pcr->slots[RTSX_SD_CARD].card_event(
+@@ -836,10 +843,6 @@ static irqreturn_t rtsx_pci_isr(int irq,
+ }
+ }
+
+- if (pcr->card_inserted || pcr->card_removed)
+- schedule_delayed_work(&pcr->carddet_work,
+- msecs_to_jiffies(200));
+-
+ if (int_reg & (NEED_COMPLETE_INT | DELINK_INT)) {
+ if (int_reg & (TRANS_FAIL_INT | DELINK_INT)) {
+ pcr->trans_result = TRANS_RESULT_FAIL;
+@@ -852,6 +855,10 @@ static irqreturn_t rtsx_pci_isr(int irq,
+ }
+ }
+
++ if (pcr->card_inserted || pcr->card_removed)
++ schedule_delayed_work(&pcr->carddet_work,
++ msecs_to_jiffies(200));
++
+ spin_unlock(&pcr->lock);
+ return IRQ_HANDLED;
+ }
efivars-efivarfs_valid_name-should-handle-pstore-syntax.patch
efivarfs-return-accurate-error-code-in-efivarfs_fill_super.patch
userns-stop-oopsing-in-key_change_session_keyring.patch
+x86-pvclock-kvm-align-allocation-size-to-page-size.patch
+hid-logitech-dj-do-not-directly-call-hid_output_raw_report-during-probe.patch
+btrfs-account-for-orphan-inodes-properly-during-cleanup.patch
+btrfs-cleanup-orphan-reservation-if-truncate-fails.patch
+x86-kvm-fix-pvclock-vsyscall-fixmap.patch
+mfd-rtsx-optimize-card-detect-flow.patch
+mfd-rtsx-fix-issue-that-booting-os-with-sd-card-inserted.patch
+crypto-user-fix-info-leaks-in-report-api.patch
--- /dev/null
+From 3d2a80a230250c2534ce5b17503670adaf1d7fff Mon Sep 17 00:00:00 2001
+From: Peter Hurley <peter@hurleysoftware.com>
+Date: Wed, 27 Feb 2013 15:28:28 -0500
+Subject: x86/kvm: Fix pvclock vsyscall fixmap
+
+From: Peter Hurley <peter@hurleysoftware.com>
+
+commit 3d2a80a230250c2534ce5b17503670adaf1d7fff upstream.
+
+The physical memory fixmapped for the pvclock clock_gettime vsyscall
+was allocated, and thus is not a kernel symbol. __pa() is the proper
+method to use in this case.
+
+Fixes the crash below when booting a next-20130204+ smp guest on a
+3.8-rc5+ KVM host.
+
+[ 0.666410] udevd[97]: starting version 175
+[ 0.674043] udevd[97]: udevd:[97]: segfault at ffffffffff5fd020
+ ip 00007fff069e277f sp 00007fff068c9ef8 error d
+
+Acked-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
+Signed-off-by: Gleb Natapov <gleb@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/pvclock.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/pvclock.c
++++ b/arch/x86/kernel/pvclock.c
+@@ -185,7 +185,7 @@ int __init pvclock_init_vsyscall(struct
+
+ for (idx = 0; idx <= (PVCLOCK_FIXMAP_END-PVCLOCK_FIXMAP_BEGIN); idx++) {
+ __set_fixmap(PVCLOCK_FIXMAP_BEGIN + idx,
+- __pa_symbol(i) + (idx*PAGE_SIZE),
++ __pa(i) + (idx*PAGE_SIZE),
+ PAGE_KERNEL_VVAR);
+ }
+
--- /dev/null
+From ed55705dd5008b408c48a8459b8b34b01f3de985 Mon Sep 17 00:00:00 2001
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Mon, 18 Feb 2013 22:58:14 -0300
+Subject: x86: pvclock kvm: align allocation size to page size
+
+From: Marcelo Tosatti <mtosatti@redhat.com>
+
+commit ed55705dd5008b408c48a8459b8b34b01f3de985 upstream.
+
+To match whats mapped via vsyscalls to userspace.
+
+Reported-by: Peter Hurley <peter@hurleysoftware.com>
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/kvmclock.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+--- a/arch/x86/kernel/kvmclock.c
++++ b/arch/x86/kernel/kvmclock.c
+@@ -218,6 +218,9 @@ static void kvm_shutdown(void)
+ void __init kvmclock_init(void)
+ {
+ unsigned long mem;
++ int size;
++
++ size = PAGE_ALIGN(sizeof(struct pvclock_vsyscall_time_info)*NR_CPUS);
+
+ if (!kvm_para_available())
+ return;
+@@ -231,16 +234,14 @@ void __init kvmclock_init(void)
+ printk(KERN_INFO "kvm-clock: Using msrs %x and %x",
+ msr_kvm_system_time, msr_kvm_wall_clock);
+
+- mem = memblock_alloc(sizeof(struct pvclock_vsyscall_time_info)*NR_CPUS,
+- PAGE_SIZE);
++ mem = memblock_alloc(size, PAGE_SIZE);
+ if (!mem)
+ return;
+ hv_clock = __va(mem);
+
+ if (kvm_register_clock("boot clock")) {
+ hv_clock = NULL;
+- memblock_free(mem,
+- sizeof(struct pvclock_vsyscall_time_info)*NR_CPUS);
++ memblock_free(mem, size);
+ return;
+ }
+ pv_time_ops.sched_clock = kvm_clock_read;
+@@ -275,7 +276,7 @@ int __init kvm_setup_vsyscall_timeinfo(v
+ struct pvclock_vcpu_time_info *vcpu_time;
+ unsigned int size;
+
+- size = sizeof(struct pvclock_vsyscall_time_info)*NR_CPUS;
++ size = PAGE_ALIGN(sizeof(struct pvclock_vsyscall_time_info)*NR_CPUS);
+
+ preempt_disable();
+ cpu = smp_processor_id();
projects / thirdparty / kernel / stable-queue.git / commitdiff
