--- /dev/null
+From 690000b930456a98663567d35dd5c54b688d1e3f Mon Sep 17 00:00:00 2001
+From: James Ralston <james.d.ralston@intel.com>
+Date: Mon, 13 Oct 2014 15:16:38 -0700
+Subject: ahci: Add Device IDs for Intel Sunrise Point PCH
+
+From: James Ralston <james.d.ralston@intel.com>
+
+commit 690000b930456a98663567d35dd5c54b688d1e3f upstream.
+
+This patch adds the AHCI-mode SATA Device IDs for the Intel Sunrise Point PCH.
+
+Signed-off-by: James Ralston <james.d.ralston@intel.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/ata/ahci.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/ata/ahci.c
++++ b/drivers/ata/ahci.c
+@@ -312,6 +312,11 @@ static const struct pci_device_id ahci_p
+ { PCI_VDEVICE(INTEL, 0x8c87), board_ahci }, /* 9 Series RAID */
+ { PCI_VDEVICE(INTEL, 0x8c8e), board_ahci }, /* 9 Series RAID */
+ { PCI_VDEVICE(INTEL, 0x8c8f), board_ahci }, /* 9 Series RAID */
++ { PCI_VDEVICE(INTEL, 0xa103), board_ahci }, /* Sunrise Point-H AHCI */
++ { PCI_VDEVICE(INTEL, 0xa103), board_ahci }, /* Sunrise Point-H RAID */
++ { PCI_VDEVICE(INTEL, 0xa105), board_ahci }, /* Sunrise Point-H RAID */
++ { PCI_VDEVICE(INTEL, 0xa107), board_ahci }, /* Sunrise Point-H RAID */
++ { PCI_VDEVICE(INTEL, 0xa10f), board_ahci }, /* Sunrise Point-H RAID */
+
+ /* JMicron 360/1/3/5/6, match class to avoid IDE function */
+ { PCI_VENDOR_ID_JMICRON, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID,
--- /dev/null
+From 66a7cbc303f4d28f201529b06061944d51ab530c Mon Sep 17 00:00:00 2001
+From: Tejun Heo <tj@kernel.org>
+Date: Mon, 27 Oct 2014 10:22:56 -0400
+Subject: ahci: disable MSI instead of NCQ on Samsung pci-e SSDs on macbooks
+
+From: Tejun Heo <tj@kernel.org>
+
+commit 66a7cbc303f4d28f201529b06061944d51ab530c upstream.
+
+Samsung pci-e SSDs on macbooks failed miserably on NCQ commands, so
+67809f85d31e ("ahci: disable NCQ on Samsung pci-e SSDs on macbooks")
+disabled NCQ on them. It turns out that NCQ is fine as long as MSI is
+not used, so let's turn off MSI and leave NCQ on.
+
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=60731
+Tested-by: <dorin@i51.org>
+Tested-by: Imre Kaloz <kaloz@openwrt.org>
+Fixes: 67809f85d31e ("ahci: disable NCQ on Samsung pci-e SSDs on macbooks")
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/ata/ahci.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+--- a/drivers/ata/ahci.c
++++ b/drivers/ata/ahci.c
+@@ -61,6 +61,7 @@ enum board_ids {
+ /* board IDs by feature in alphabetical order */
+ board_ahci,
+ board_ahci_ign_iferr,
++ board_ahci_nomsi,
+ board_ahci_noncq,
+ board_ahci_nosntf,
+ board_ahci_yes_fbs,
+@@ -120,6 +121,13 @@ static const struct ata_port_info ahci_p
+ .udma_mask = ATA_UDMA6,
+ .port_ops = &ahci_ops,
+ },
++ [board_ahci_nomsi] = {
++ AHCI_HFLAGS (AHCI_HFLAG_NO_MSI),
++ .flags = AHCI_FLAG_COMMON,
++ .pio_mask = ATA_PIO4,
++ .udma_mask = ATA_UDMA6,
++ .port_ops = &ahci_ops,
++ },
+ [board_ahci_noncq] = {
+ AHCI_HFLAGS (AHCI_HFLAG_NO_NCQ),
+ .flags = AHCI_FLAG_COMMON,
+@@ -479,10 +487,10 @@ static const struct pci_device_id ahci_p
+ { PCI_VDEVICE(ASMEDIA, 0x0612), board_ahci }, /* ASM1062 */
+
+ /*
+- * Samsung SSDs found on some macbooks. NCQ times out.
+- * https://bugzilla.kernel.org/show_bug.cgi?id=60731
++ * Samsung SSDs found on some macbooks. NCQ times out if MSI is
++ * enabled. https://bugzilla.kernel.org/show_bug.cgi?id=60731
+ */
+- { PCI_VDEVICE(SAMSUNG, 0x1600), board_ahci_noncq },
++ { PCI_VDEVICE(SAMSUNG, 0x1600), board_ahci_nomsi },
+
+ /* Enmotus */
+ { PCI_DEVICE(0x1c44, 0x8000), board_ahci },
--- /dev/null
+From 1a290581ded60e87276741f8ca97b161d2b226fc Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Tue, 11 Nov 2014 15:45:57 +0100
+Subject: ALSA: usb-audio: Fix memory leak in FTU quirk
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 1a290581ded60e87276741f8ca97b161d2b226fc upstream.
+
+M-audio FastTrack Ultra quirk doesn't release the kzalloc'ed memory.
+This patch adds the private_free callback to release it properly.
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/usb/mixer_quirks.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/sound/usb/mixer_quirks.c
++++ b/sound/usb/mixer_quirks.c
+@@ -799,6 +799,11 @@ static int snd_ftu_eff_switch_put(struct
+ return changed;
+ }
+
++static void kctl_private_value_free(struct snd_kcontrol *kctl)
++{
++ kfree((void *)kctl->private_value);
++}
++
+ static int snd_ftu_create_effect_switch(struct usb_mixer_interface *mixer,
+ int validx, int bUnitID)
+ {
+@@ -833,6 +838,7 @@ static int snd_ftu_create_effect_switch(
+ return -ENOMEM;
+ }
+
++ kctl->private_free = kctl_private_value_free;
+ err = snd_ctl_add(mixer->chip->card, kctl);
+ if (err < 0)
+ return err;
--- /dev/null
+From 799b601451b21ebe7af0e6e8f6e2ccd4683c5064 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@suse.cz>
+Date: Tue, 4 Nov 2014 11:27:12 +0100
+Subject: audit: keep inode pinned
+
+From: Miklos Szeredi <mszeredi@suse.cz>
+
+commit 799b601451b21ebe7af0e6e8f6e2ccd4683c5064 upstream.
+
+Audit rules disappear when an inode they watch is evicted from the cache.
+This is likely not what we want.
+
+The guilty commit is "fsnotify: allow marks to not pin inodes in core",
+which didn't take into account that audit_tree adds watches with a zero
+mask.
+
+Adding any mask should fix this.
+
+Fixes: 90b1e7a57880 ("fsnotify: allow marks to not pin inodes in core")
+Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/audit_tree.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/kernel/audit_tree.c
++++ b/kernel/audit_tree.c
+@@ -154,6 +154,7 @@ static struct audit_chunk *alloc_chunk(i
+ chunk->owners[i].index = i;
+ }
+ fsnotify_init_mark(&chunk->mark, audit_tree_destroy_watch);
++ chunk->mark.mask = FS_IN_IGNORED;
+ return chunk;
+ }
+
--- /dev/null
+From 9180ac50716a097a407c6d7e7e4589754a922260 Mon Sep 17 00:00:00 2001
+From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Date: Tue, 23 Sep 2014 23:02:41 +0300
+Subject: iwlwifi: configure the LTR
+
+From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+
+commit 9180ac50716a097a407c6d7e7e4589754a922260 upstream.
+
+The LTR is the handshake between the device and the root
+complex about the latency allowed when the bus exits power
+save. This configuration was missing and this led to high
+latency in the link power up. The end user could experience
+high latency in the network because of this.
+
+Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ drivers/net/wireless/iwlwifi/iwl-trans.h | 2 +
+ drivers/net/wireless/iwlwifi/mvm/fw-api-power.h | 35 +++++++++++++++++++++++-
+ drivers/net/wireless/iwlwifi/mvm/fw-api.h | 1
+ drivers/net/wireless/iwlwifi/mvm/fw.c | 9 ++++++
+ drivers/net/wireless/iwlwifi/mvm/ops.c | 1
+ drivers/net/wireless/iwlwifi/pcie/trans.c | 17 ++++++-----
+ 6 files changed, 57 insertions(+), 8 deletions(-)
+
+--- a/drivers/net/wireless/iwlwifi/iwl-trans.h
++++ b/drivers/net/wireless/iwlwifi/iwl-trans.h
+@@ -489,6 +489,7 @@ enum iwl_trans_state {
+ * Set during transport allocation.
+ * @hw_id_str: a string with info about HW ID. Set during transport allocation.
+ * @pm_support: set to true in start_hw if link pm is supported
++ * @ltr_enabled: set to true if the LTR is enabled
+ * @dev_cmd_pool: pool for Tx cmd allocation - for internal use only.
+ * The user should use iwl_trans_{alloc,free}_tx_cmd.
+ * @dev_cmd_headroom: room needed for the transport's private use before the
+@@ -513,6 +514,7 @@ struct iwl_trans {
+ u8 rx_mpdu_cmd, rx_mpdu_cmd_hdr_size;
+
+ bool pm_support;
++ bool ltr_enabled;
+
+ /* The following fields are internal only */
+ struct kmem_cache *dev_cmd_pool;
+--- a/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h
++++ b/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h
+@@ -67,7 +67,40 @@
+ /* Power Management Commands, Responses, Notifications */
+
+ /**
+- * enum iwl_scan_flags - masks for power table command flags
++ * enum iwl_ltr_config_flags - masks for LTR config command flags
++ * @LTR_CFG_FLAG_FEATURE_ENABLE: Feature operational status
++ * @LTR_CFG_FLAG_HW_DIS_ON_SHADOW_REG_ACCESS: allow LTR change on shadow
++ * memory access
++ * @LTR_CFG_FLAG_HW_EN_SHRT_WR_THROUGH: allow LTR msg send on ANY LTR
++ * reg change
++ * @LTR_CFG_FLAG_HW_DIS_ON_D0_2_D3: allow LTR msg send on transition from
++ * D0 to D3
++ * @LTR_CFG_FLAG_SW_SET_SHORT: fixed static short LTR register
++ * @LTR_CFG_FLAG_SW_SET_LONG: fixed static short LONG register
++ * @LTR_CFG_FLAG_DENIE_C10_ON_PD: allow going into C10 on PD
++ */
++enum iwl_ltr_config_flags {
++ LTR_CFG_FLAG_FEATURE_ENABLE = BIT(0),
++ LTR_CFG_FLAG_HW_DIS_ON_SHADOW_REG_ACCESS = BIT(1),
++ LTR_CFG_FLAG_HW_EN_SHRT_WR_THROUGH = BIT(2),
++ LTR_CFG_FLAG_HW_DIS_ON_D0_2_D3 = BIT(3),
++ LTR_CFG_FLAG_SW_SET_SHORT = BIT(4),
++ LTR_CFG_FLAG_SW_SET_LONG = BIT(5),
++ LTR_CFG_FLAG_DENIE_C10_ON_PD = BIT(6),
++};
++
++/**
++ * struct iwl_ltr_config_cmd - configures the LTR
++ * @flags: See %enum iwl_ltr_config_flags
++ */
++struct iwl_ltr_config_cmd {
++ __le32 flags;
++ __le32 static_long;
++ __le32 static_short;
++} __packed;
++
++/**
++ * enum iwl_power_flags - masks for power table command flags
+ * @POWER_FLAGS_POWER_SAVE_ENA_MSK: '1' Allow to save power by turning off
+ * receiver and transmitter. '0' - does not allow.
+ * @POWER_FLAGS_POWER_MANAGEMENT_ENA_MSK: '0' Driver disables power management,
+--- a/drivers/net/wireless/iwlwifi/mvm/fw-api.h
++++ b/drivers/net/wireless/iwlwifi/mvm/fw-api.h
+@@ -138,6 +138,7 @@ enum {
+
+ /* Power */
+ POWER_TABLE_CMD = 0x77,
++ LTR_CONFIG = 0xee,
+
+ /* Scanning */
+ SCAN_REQUEST_CMD = 0x80,
+--- a/drivers/net/wireless/iwlwifi/mvm/fw.c
++++ b/drivers/net/wireless/iwlwifi/mvm/fw.c
+@@ -443,6 +443,15 @@ int iwl_mvm_up(struct iwl_mvm *mvm)
+ if (ret)
+ goto error;
+
++ if (mvm->trans->ltr_enabled) {
++ struct iwl_ltr_config_cmd cmd = {
++ .flags = cpu_to_le32(LTR_CFG_FLAG_FEATURE_ENABLE),
++ };
++
++ WARN_ON(iwl_mvm_send_cmd_pdu(mvm, LTR_CONFIG, 0,
++ sizeof(cmd), &cmd));
++ }
++
+ IWL_DEBUG_INFO(mvm, "RT uCode started.\n");
+
+ return 0;
+--- a/drivers/net/wireless/iwlwifi/mvm/ops.c
++++ b/drivers/net/wireless/iwlwifi/mvm/ops.c
+@@ -293,6 +293,7 @@ static const char *iwl_mvm_cmd_strings[R
+ CMD(BT_PROFILE_NOTIFICATION),
+ CMD(BT_CONFIG),
+ CMD(MCAST_FILTER_CMD),
++ CMD(LTR_CONFIG),
+ };
+ #undef CMD
+
+--- a/drivers/net/wireless/iwlwifi/pcie/trans.c
++++ b/drivers/net/wireless/iwlwifi/pcie/trans.c
+@@ -116,11 +116,13 @@ static void iwl_pcie_set_pwr(struct iwl_
+
+ /* PCI registers */
+ #define PCI_CFG_RETRY_TIMEOUT 0x041
++#define PCI_EXP_DEVCTL2_LTR_EN 0x0400
+
+ static void iwl_pcie_apm_config(struct iwl_trans *trans)
+ {
+ struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
+ u16 lctl;
++ u16 cap;
+
+ /*
+ * HW bug W/A for instability in PCIe bus L0S->L1 transition.
+@@ -131,16 +133,17 @@ static void iwl_pcie_apm_config(struct i
+ * power savings, even without L1.
+ */
+ pcie_capability_read_word(trans_pcie->pci_dev, PCI_EXP_LNKCTL, &lctl);
+- if (lctl & PCI_EXP_LNKCTL_ASPM_L1) {
+- /* L1-ASPM enabled; disable(!) L0S */
++ if (lctl & PCI_EXP_LNKCTL_ASPM_L1)
+ iwl_set_bit(trans, CSR_GIO_REG, CSR_GIO_REG_VAL_L0S_ENABLED);
+- dev_info(trans->dev, "L1 Enabled; Disabling L0S\n");
+- } else {
+- /* L1-ASPM disabled; enable(!) L0S */
++ else
+ iwl_clear_bit(trans, CSR_GIO_REG, CSR_GIO_REG_VAL_L0S_ENABLED);
+- dev_info(trans->dev, "L1 Disabled; Enabling L0S\n");
+- }
+ trans->pm_support = !(lctl & PCI_EXP_LNKCTL_ASPM_L0S);
++
++ pcie_capability_read_word(trans_pcie->pci_dev, PCI_EXP_DEVCTL2, &cap);
++ trans->ltr_enabled = cap & PCI_EXP_DEVCTL2_LTR_EN;
++ dev_info(trans->dev, "L1 %sabled - LTR %sabled\n",
++ (lctl & PCI_EXP_LNKCTL_ASPM_L1) ? "En" : "Dis",
++ trans->ltr_enabled ? "En" : "Dis");
+ }
+
+ /*
--- /dev/null
+From aaef31703a0cf6a733e651885bfb49edc3ac6774 Mon Sep 17 00:00:00 2001
+From: Ilya Dryomov <idryomov@redhat.com>
+Date: Thu, 23 Oct 2014 00:25:22 +0400
+Subject: libceph: do not crash on large auth tickets
+
+From: Ilya Dryomov <idryomov@redhat.com>
+
+commit aaef31703a0cf6a733e651885bfb49edc3ac6774 upstream.
+
+Large (greater than 32k, the value of PAGE_ALLOC_COSTLY_ORDER) auth
+tickets will have their buffers vmalloc'ed, which leads to the
+following crash in crypto:
+
+[ 28.685082] BUG: unable to handle kernel paging request at ffffeb04000032c0
+[ 28.686032] IP: [<ffffffff81392b42>] scatterwalk_pagedone+0x22/0x80
+[ 28.686032] PGD 0
+[ 28.688088] Oops: 0000 [#1] PREEMPT SMP
+[ 28.688088] Modules linked in:
+[ 28.688088] CPU: 0 PID: 878 Comm: kworker/0:2 Not tainted 3.17.0-vm+ #305
+[ 28.688088] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
+[ 28.688088] Workqueue: ceph-msgr con_work
+[ 28.688088] task: ffff88011a7f9030 ti: ffff8800d903c000 task.ti: ffff8800d903c000
+[ 28.688088] RIP: 0010:[<ffffffff81392b42>] [<ffffffff81392b42>] scatterwalk_pagedone+0x22/0x80
+[ 28.688088] RSP: 0018:ffff8800d903f688 EFLAGS: 00010286
+[ 28.688088] RAX: ffffeb04000032c0 RBX: ffff8800d903f718 RCX: ffffeb04000032c0
+[ 28.688088] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8800d903f750
+[ 28.688088] RBP: ffff8800d903f688 R08: 00000000000007de R09: ffff8800d903f880
+[ 28.688088] R10: 18df467c72d6257b R11: 0000000000000000 R12: 0000000000000010
+[ 28.688088] R13: ffff8800d903f750 R14: ffff8800d903f8a0 R15: 0000000000000000
+[ 28.688088] FS: 00007f50a41c7700(0000) GS:ffff88011fc00000(0000) knlGS:0000000000000000
+[ 28.688088] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
+[ 28.688088] CR2: ffffeb04000032c0 CR3: 00000000da3f3000 CR4: 00000000000006b0
+[ 28.688088] Stack:
+[ 28.688088] ffff8800d903f698 ffffffff81392ca8 ffff8800d903f6e8 ffffffff81395d32
+[ 28.688088] ffff8800dac96000 ffff880000000000 ffff8800d903f980 ffff880119b7e020
+[ 28.688088] ffff880119b7e010 0000000000000000 0000000000000010 0000000000000010
+[ 28.688088] Call Trace:
+[ 28.688088] [<ffffffff81392ca8>] scatterwalk_done+0x38/0x40
+[ 28.688088] [<ffffffff81392ca8>] scatterwalk_done+0x38/0x40
+[ 28.688088] [<ffffffff81395d32>] blkcipher_walk_done+0x182/0x220
+[ 28.688088] [<ffffffff813990bf>] crypto_cbc_encrypt+0x15f/0x180
+[ 28.688088] [<ffffffff81399780>] ? crypto_aes_set_key+0x30/0x30
+[ 28.688088] [<ffffffff8156c40c>] ceph_aes_encrypt2+0x29c/0x2e0
+[ 28.688088] [<ffffffff8156d2a3>] ceph_encrypt2+0x93/0xb0
+[ 28.688088] [<ffffffff8156d7da>] ceph_x_encrypt+0x4a/0x60
+[ 28.688088] [<ffffffff8155b39d>] ? ceph_buffer_new+0x5d/0xf0
+[ 28.688088] [<ffffffff8156e837>] ceph_x_build_authorizer.isra.6+0x297/0x360
+[ 28.688088] [<ffffffff8112089b>] ? kmem_cache_alloc_trace+0x11b/0x1c0
+[ 28.688088] [<ffffffff8156b496>] ? ceph_auth_create_authorizer+0x36/0x80
+[ 28.688088] [<ffffffff8156ed83>] ceph_x_create_authorizer+0x63/0xd0
+[ 28.688088] [<ffffffff8156b4b4>] ceph_auth_create_authorizer+0x54/0x80
+[ 28.688088] [<ffffffff8155f7c0>] get_authorizer+0x80/0xd0
+[ 28.688088] [<ffffffff81555a8b>] prepare_write_connect+0x18b/0x2b0
+[ 28.688088] [<ffffffff81559289>] try_read+0x1e59/0x1f10
+
+This is because we set up crypto scatterlists as if all buffers were
+kmalloc'ed. Fix it.
+
+Signed-off-by: Ilya Dryomov <idryomov@redhat.com>
+Reviewed-by: Sage Weil <sage@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ceph/crypto.c | 169 ++++++++++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 132 insertions(+), 37 deletions(-)
+
+--- a/net/ceph/crypto.c
++++ b/net/ceph/crypto.c
+@@ -89,11 +89,82 @@ static struct crypto_blkcipher *ceph_cry
+
+ static const u8 *aes_iv = (u8 *)CEPH_AES_IV;
+
++/*
++ * Should be used for buffers allocated with ceph_kvmalloc().
++ * Currently these are encrypt out-buffer (ceph_buffer) and decrypt
++ * in-buffer (msg front).
++ *
++ * Dispose of @sgt with teardown_sgtable().
++ *
++ * @prealloc_sg is to avoid memory allocation inside sg_alloc_table()
++ * in cases where a single sg is sufficient. No attempt to reduce the
++ * number of sgs by squeezing physically contiguous pages together is
++ * made though, for simplicity.
++ */
++static int setup_sgtable(struct sg_table *sgt, struct scatterlist *prealloc_sg,
++ const void *buf, unsigned int buf_len)
++{
++ struct scatterlist *sg;
++ const bool is_vmalloc = is_vmalloc_addr(buf);
++ unsigned int off = offset_in_page(buf);
++ unsigned int chunk_cnt = 1;
++ unsigned int chunk_len = PAGE_ALIGN(off + buf_len);
++ int i;
++ int ret;
++
++ if (buf_len == 0) {
++ memset(sgt, 0, sizeof(*sgt));
++ return -EINVAL;
++ }
++
++ if (is_vmalloc) {
++ chunk_cnt = chunk_len >> PAGE_SHIFT;
++ chunk_len = PAGE_SIZE;
++ }
++
++ if (chunk_cnt > 1) {
++ ret = sg_alloc_table(sgt, chunk_cnt, GFP_NOFS);
++ if (ret)
++ return ret;
++ } else {
++ WARN_ON(chunk_cnt != 1);
++ sg_init_table(prealloc_sg, 1);
++ sgt->sgl = prealloc_sg;
++ sgt->nents = sgt->orig_nents = 1;
++ }
++
++ for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) {
++ struct page *page;
++ unsigned int len = min(chunk_len - off, buf_len);
++
++ if (is_vmalloc)
++ page = vmalloc_to_page(buf);
++ else
++ page = virt_to_page(buf);
++
++ sg_set_page(sg, page, len, off);
++
++ off = 0;
++ buf += len;
++ buf_len -= len;
++ }
++ WARN_ON(buf_len != 0);
++
++ return 0;
++}
++
++static void teardown_sgtable(struct sg_table *sgt)
++{
++ if (sgt->orig_nents > 1)
++ sg_free_table(sgt);
++}
++
+ static int ceph_aes_encrypt(const void *key, int key_len,
+ void *dst, size_t *dst_len,
+ const void *src, size_t src_len)
+ {
+- struct scatterlist sg_in[2], sg_out[1];
++ struct scatterlist sg_in[2], prealloc_sg;
++ struct sg_table sg_out;
+ struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
+ struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 };
+ int ret;
+@@ -109,16 +180,18 @@ static int ceph_aes_encrypt(const void *
+
+ *dst_len = src_len + zero_padding;
+
+- crypto_blkcipher_setkey((void *)tfm, key, key_len);
+ sg_init_table(sg_in, 2);
+ sg_set_buf(&sg_in[0], src, src_len);
+ sg_set_buf(&sg_in[1], pad, zero_padding);
+- sg_init_table(sg_out, 1);
+- sg_set_buf(sg_out, dst, *dst_len);
++ ret = setup_sgtable(&sg_out, &prealloc_sg, dst, *dst_len);
++ if (ret)
++ goto out_tfm;
++
++ crypto_blkcipher_setkey((void *)tfm, key, key_len);
+ iv = crypto_blkcipher_crt(tfm)->iv;
+ ivsize = crypto_blkcipher_ivsize(tfm);
+-
+ memcpy(iv, aes_iv, ivsize);
++
+ /*
+ print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1,
+ key, key_len, 1);
+@@ -127,16 +200,22 @@ static int ceph_aes_encrypt(const void *
+ print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1,
+ pad, zero_padding, 1);
+ */
+- ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in,
++ ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in,
+ src_len + zero_padding);
+- crypto_free_blkcipher(tfm);
+- if (ret < 0)
++ if (ret < 0) {
+ pr_err("ceph_aes_crypt failed %d\n", ret);
++ goto out_sg;
++ }
+ /*
+ print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1,
+ dst, *dst_len, 1);
+ */
+- return 0;
++
++out_sg:
++ teardown_sgtable(&sg_out);
++out_tfm:
++ crypto_free_blkcipher(tfm);
++ return ret;
+ }
+
+ static int ceph_aes_encrypt2(const void *key, int key_len, void *dst,
+@@ -144,7 +223,8 @@ static int ceph_aes_encrypt2(const void
+ const void *src1, size_t src1_len,
+ const void *src2, size_t src2_len)
+ {
+- struct scatterlist sg_in[3], sg_out[1];
++ struct scatterlist sg_in[3], prealloc_sg;
++ struct sg_table sg_out;
+ struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
+ struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 };
+ int ret;
+@@ -160,17 +240,19 @@ static int ceph_aes_encrypt2(const void
+
+ *dst_len = src1_len + src2_len + zero_padding;
+
+- crypto_blkcipher_setkey((void *)tfm, key, key_len);
+ sg_init_table(sg_in, 3);
+ sg_set_buf(&sg_in[0], src1, src1_len);
+ sg_set_buf(&sg_in[1], src2, src2_len);
+ sg_set_buf(&sg_in[2], pad, zero_padding);
+- sg_init_table(sg_out, 1);
+- sg_set_buf(sg_out, dst, *dst_len);
++ ret = setup_sgtable(&sg_out, &prealloc_sg, dst, *dst_len);
++ if (ret)
++ goto out_tfm;
++
++ crypto_blkcipher_setkey((void *)tfm, key, key_len);
+ iv = crypto_blkcipher_crt(tfm)->iv;
+ ivsize = crypto_blkcipher_ivsize(tfm);
+-
+ memcpy(iv, aes_iv, ivsize);
++
+ /*
+ print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1,
+ key, key_len, 1);
+@@ -181,23 +263,30 @@ static int ceph_aes_encrypt2(const void
+ print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1,
+ pad, zero_padding, 1);
+ */
+- ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in,
++ ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in,
+ src1_len + src2_len + zero_padding);
+- crypto_free_blkcipher(tfm);
+- if (ret < 0)
++ if (ret < 0) {
+ pr_err("ceph_aes_crypt2 failed %d\n", ret);
++ goto out_sg;
++ }
+ /*
+ print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1,
+ dst, *dst_len, 1);
+ */
+- return 0;
++
++out_sg:
++ teardown_sgtable(&sg_out);
++out_tfm:
++ crypto_free_blkcipher(tfm);
++ return ret;
+ }
+
+ static int ceph_aes_decrypt(const void *key, int key_len,
+ void *dst, size_t *dst_len,
+ const void *src, size_t src_len)
+ {
+- struct scatterlist sg_in[1], sg_out[2];
++ struct sg_table sg_in;
++ struct scatterlist sg_out[2], prealloc_sg;
+ struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
+ struct blkcipher_desc desc = { .tfm = tfm };
+ char pad[16];
+@@ -209,16 +298,16 @@ static int ceph_aes_decrypt(const void *
+ if (IS_ERR(tfm))
+ return PTR_ERR(tfm);
+
+- crypto_blkcipher_setkey((void *)tfm, key, key_len);
+- sg_init_table(sg_in, 1);
+ sg_init_table(sg_out, 2);
+- sg_set_buf(sg_in, src, src_len);
+ sg_set_buf(&sg_out[0], dst, *dst_len);
+ sg_set_buf(&sg_out[1], pad, sizeof(pad));
++ ret = setup_sgtable(&sg_in, &prealloc_sg, src, src_len);
++ if (ret)
++ goto out_tfm;
+
++ crypto_blkcipher_setkey((void *)tfm, key, key_len);
+ iv = crypto_blkcipher_crt(tfm)->iv;
+ ivsize = crypto_blkcipher_ivsize(tfm);
+-
+ memcpy(iv, aes_iv, ivsize);
+
+ /*
+@@ -227,12 +316,10 @@ static int ceph_aes_decrypt(const void *
+ print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1,
+ src, src_len, 1);
+ */
+-
+- ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len);
+- crypto_free_blkcipher(tfm);
++ ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len);
+ if (ret < 0) {
+ pr_err("ceph_aes_decrypt failed %d\n", ret);
+- return ret;
++ goto out_sg;
+ }
+
+ if (src_len <= *dst_len)
+@@ -250,7 +337,12 @@ static int ceph_aes_decrypt(const void *
+ print_hex_dump(KERN_ERR, "dec out: ", DUMP_PREFIX_NONE, 16, 1,
+ dst, *dst_len, 1);
+ */
+- return 0;
++
++out_sg:
++ teardown_sgtable(&sg_in);
++out_tfm:
++ crypto_free_blkcipher(tfm);
++ return ret;
+ }
+
+ static int ceph_aes_decrypt2(const void *key, int key_len,
+@@ -258,7 +350,8 @@ static int ceph_aes_decrypt2(const void
+ void *dst2, size_t *dst2_len,
+ const void *src, size_t src_len)
+ {
+- struct scatterlist sg_in[1], sg_out[3];
++ struct sg_table sg_in;
++ struct scatterlist sg_out[3], prealloc_sg;
+ struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
+ struct blkcipher_desc desc = { .tfm = tfm };
+ char pad[16];
+@@ -270,17 +363,17 @@ static int ceph_aes_decrypt2(const void
+ if (IS_ERR(tfm))
+ return PTR_ERR(tfm);
+
+- sg_init_table(sg_in, 1);
+- sg_set_buf(sg_in, src, src_len);
+ sg_init_table(sg_out, 3);
+ sg_set_buf(&sg_out[0], dst1, *dst1_len);
+ sg_set_buf(&sg_out[1], dst2, *dst2_len);
+ sg_set_buf(&sg_out[2], pad, sizeof(pad));
++ ret = setup_sgtable(&sg_in, &prealloc_sg, src, src_len);
++ if (ret)
++ goto out_tfm;
+
+ crypto_blkcipher_setkey((void *)tfm, key, key_len);
+ iv = crypto_blkcipher_crt(tfm)->iv;
+ ivsize = crypto_blkcipher_ivsize(tfm);
+-
+ memcpy(iv, aes_iv, ivsize);
+
+ /*
+@@ -289,12 +382,10 @@ static int ceph_aes_decrypt2(const void
+ print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1,
+ src, src_len, 1);
+ */
+-
+- ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len);
+- crypto_free_blkcipher(tfm);
++ ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len);
+ if (ret < 0) {
+ pr_err("ceph_aes_decrypt failed %d\n", ret);
+- return ret;
++ goto out_sg;
+ }
+
+ if (src_len <= *dst1_len)
+@@ -324,7 +415,11 @@ static int ceph_aes_decrypt2(const void
+ dst2, *dst2_len, 1);
+ */
+
+- return 0;
++out_sg:
++ teardown_sgtable(&sg_in);
++out_tfm:
++ crypto_free_blkcipher(tfm);
++ return ret;
+ }
+
+
--- /dev/null
+From 3ce9b20f1971690b8b3b620e735ec99431573b39 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Mon, 3 Nov 2014 14:01:25 +0800
+Subject: macvtap: Fix csum_start when VLAN tags are present
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit 3ce9b20f1971690b8b3b620e735ec99431573b39 upstream.
+
+When VLAN is in use in macvtap_put_user, we end up setting
+csum_start to the wrong place. The result is that the whoever
+ends up doing the checksum setting will corrupt the packet instead
+of writing the checksum to the expected location, usually this
+means writing the checksum with an offset of -4.
+
+This patch fixes this by adjusting csum_start when VLAN tags are
+detected.
+
+Fixes: f09e2249c4f5 ("macvtap: restore vlan header on user read")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+
+---
+ drivers/net/macvtap.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/net/macvtap.c
++++ b/drivers/net/macvtap.c
+@@ -625,6 +625,8 @@ static int macvtap_skb_to_vnet_hdr(const
+ if (skb->ip_summed == CHECKSUM_PARTIAL) {
+ vnet_hdr->flags = VIRTIO_NET_HDR_F_NEEDS_CSUM;
+ vnet_hdr->csum_start = skb_checksum_start_offset(skb);
++ if (vlan_tx_tag_present(skb))
++ vnet_hdr->csum_start += VLAN_HLEN;
+ vnet_hdr->csum_offset = skb->csum_offset;
+ } else if (skb->ip_summed == CHECKSUM_UNNECESSARY) {
+ vnet_hdr->flags = VIRTIO_NET_HDR_F_DATA_VALID;
sparc64-fix-crashes-in-schizo_pcierr_intr_other.patch
sparc64-do-irq_-enter-exit-around-generic_smp_call_function.patch
sparc32-implement-xchg-and-atomic_xchg-using-atomic_hash-locks.patch
+x86-x32-audit-fix-x32-s-audit_arch-wrt-audit.patch
+audit-keep-inode-pinned.patch
+ahci-add-device-ids-for-intel-sunrise-point-pch.patch
+ahci-disable-msi-instead-of-ncq-on-samsung-pci-e-ssds-on-macbooks.patch
+alsa-usb-audio-fix-memory-leak-in-ftu-quirk.patch
+xtensa-re-wire-umount-syscall-to-sys_oldumount.patch
+libceph-do-not-crash-on-large-auth-tickets.patch
+iwlwifi-configure-the-ltr.patch
+macvtap-fix-csum_start-when-vlan-tags-are-present.patch
--- /dev/null
+From 81f49a8fd7088cfcb588d182eeede862c0e3303e Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto@amacapital.net>
+Date: Fri, 5 Sep 2014 15:13:52 -0700
+Subject: x86, x32, audit: Fix x32's AUDIT_ARCH wrt audit
+
+From: Andy Lutomirski <luto@amacapital.net>
+
+commit 81f49a8fd7088cfcb588d182eeede862c0e3303e upstream.
+
+is_compat_task() is the wrong check for audit arch; the check should
+be is_ia32_task(): x32 syscalls should be AUDIT_ARCH_X86_64, not
+AUDIT_ARCH_I386.
+
+CONFIG_AUDITSYSCALL is currently incompatible with x32, so this has
+no visible effect.
+
+Signed-off-by: Andy Lutomirski <luto@amacapital.net>
+Link: http://lkml.kernel.org/r/a0138ed8c709882aec06e4acc30bfa9b623b8717.1409954077.git.luto@amacapital.net
+Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/ptrace.c | 11 +----------
+ 1 file changed, 1 insertion(+), 10 deletions(-)
+
+--- a/arch/x86/kernel/ptrace.c
++++ b/arch/x86/kernel/ptrace.c
+@@ -1475,15 +1475,6 @@ void send_sigtrap(struct task_struct *ts
+ force_sig_info(SIGTRAP, &info, tsk);
+ }
+
+-
+-#ifdef CONFIG_X86_32
+-# define IS_IA32 1
+-#elif defined CONFIG_IA32_EMULATION
+-# define IS_IA32 is_compat_task()
+-#else
+-# define IS_IA32 0
+-#endif
+-
+ /*
+ * We must return the syscall number to actually look up in the table.
+ * This can be -1L to skip running any syscall at all.
+@@ -1521,7 +1512,7 @@ long syscall_trace_enter(struct pt_regs
+ if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
+ trace_sys_enter(regs, regs->orig_ax);
+
+- if (IS_IA32)
++ if (is_ia32_task())
+ audit_syscall_entry(AUDIT_ARCH_I386,
+ regs->orig_ax,
+ regs->bx, regs->cx,
--- /dev/null
+From 2651cc6974d47fc43bef1cd8cd26966e4f5ba306 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Mon, 6 Oct 2014 21:01:17 +0400
+Subject: xtensa: re-wire umount syscall to sys_oldumount
+
+From: Max Filippov <jcmvbkbc@gmail.com>
+
+commit 2651cc6974d47fc43bef1cd8cd26966e4f5ba306 upstream.
+
+Userspace actually passes single parameter (path name) to the umount
+syscall, so new umount just fails. Fix it by requesting old umount
+syscall implementation and re-wiring umount to it.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/xtensa/include/uapi/asm/unistd.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/xtensa/include/uapi/asm/unistd.h
++++ b/arch/xtensa/include/uapi/asm/unistd.h
+@@ -384,7 +384,8 @@ __SYSCALL(174, sys_chroot, 1)
+ #define __NR_pivot_root 175
+ __SYSCALL(175, sys_pivot_root, 2)
+ #define __NR_umount 176
+-__SYSCALL(176, sys_umount, 2)
++__SYSCALL(176, sys_oldumount, 1)
++#define __ARCH_WANT_SYS_OLDUMOUNT
+ #define __NR_swapoff 177
+ __SYSCALL(177, sys_swapoff, 1)
+ #define __NR_sync 178
projects / thirdparty / kernel / stable-queue.git / commitdiff
