--- /dev/null
+From 888be25402021a425da3e85e2d5a954d7509286e Mon Sep 17 00:00:00 2001
+From: Ben Dooks <ben.dooks@codethink.co.uk>
+Date: Fri, 8 Nov 2013 18:29:25 +0000
+Subject: ARM: probes: fix instruction fetch order with <asm/opcodes.h>
+
+From: Ben Dooks <ben.dooks@codethink.co.uk>
+
+commit 888be25402021a425da3e85e2d5a954d7509286e upstream.
+
+If we are running BE8, the data and instruction endianness do not
+match, so use <asm/opcodes.h> to correctly translate memory accesses
+into ARM instructions.
+
+Acked-by: Jon Medhurst <tixy@linaro.org>
+Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
+[taras.kondratiuk@linaro.org: fixed Thumb instruction fetch order]
+Signed-off-by: Taras Kondratiuk <taras.kondratiuk@linaro.org>
+[wangnan: backport to 3.10 and 3.14:
+ - adjust context
+ - backport all changes on arch/arm/kernel/probes.c to
+ arch/arm/kernel/kprobes-common.c since we don't have
+ commit c18377c303787ded44b7decd7dee694db0f205e9.
+ - After the above adjustments, becomes same to Taras Kondratiuk's
+ original patch:
+ http://lists.linaro.org/pipermail/linaro-kernel/2014-January/010346.html
+]
+Signed-off-by: Wang Nan <wangnan0@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm/kernel/kprobes-common.c | 19 +++++++++++--------
+ arch/arm/kernel/kprobes-thumb.c | 21 +++++++++++++--------
+ arch/arm/kernel/kprobes.c | 9 +++++----
+ 3 files changed, 29 insertions(+), 20 deletions(-)
+
+--- a/arch/arm/kernel/kprobes-common.c
++++ b/arch/arm/kernel/kprobes-common.c
+@@ -14,6 +14,7 @@
+ #include <linux/kernel.h>
+ #include <linux/kprobes.h>
+ #include <asm/system_info.h>
++#include <asm/opcodes.h>
+
+ #include "kprobes.h"
+
+@@ -305,7 +306,8 @@ kprobe_decode_ldmstm(kprobe_opcode_t ins
+
+ if (handler) {
+ /* We can emulate the instruction in (possibly) modified form */
+- asi->insn[0] = (insn & 0xfff00000) | (rn << 16) | reglist;
++ asi->insn[0] = __opcode_to_mem_arm((insn & 0xfff00000) |
++ (rn << 16) | reglist);
+ asi->insn_handler = handler;
+ return INSN_GOOD;
+ }
+@@ -334,13 +336,14 @@ prepare_emulated_insn(kprobe_opcode_t in
+ #ifdef CONFIG_THUMB2_KERNEL
+ if (thumb) {
+ u16 *thumb_insn = (u16 *)asi->insn;
+- thumb_insn[1] = 0x4770; /* Thumb bx lr */
+- thumb_insn[2] = 0x4770; /* Thumb bx lr */
++ /* Thumb bx lr */
++ thumb_insn[1] = __opcode_to_mem_thumb16(0x4770);
++ thumb_insn[2] = __opcode_to_mem_thumb16(0x4770);
+ return insn;
+ }
+- asi->insn[1] = 0xe12fff1e; /* ARM bx lr */
++ asi->insn[1] = __opcode_to_mem_arm(0xe12fff1e); /* ARM bx lr */
+ #else
+- asi->insn[1] = 0xe1a0f00e; /* mov pc, lr */
++ asi->insn[1] = __opcode_to_mem_arm(0xe1a0f00e); /* mov pc, lr */
+ #endif
+ /* Make an ARM instruction unconditional */
+ if (insn < 0xe0000000)
+@@ -360,12 +363,12 @@ set_emulated_insn(kprobe_opcode_t insn,
+ if (thumb) {
+ u16 *ip = (u16 *)asi->insn;
+ if (is_wide_instruction(insn))
+- *ip++ = insn >> 16;
+- *ip++ = insn;
++ *ip++ = __opcode_to_mem_thumb16(insn >> 16);
++ *ip++ = __opcode_to_mem_thumb16(insn);
+ return;
+ }
+ #endif
+- asi->insn[0] = insn;
++ asi->insn[0] = __opcode_to_mem_arm(insn);
+ }
+
+ /*
+--- a/arch/arm/kernel/kprobes-thumb.c
++++ b/arch/arm/kernel/kprobes-thumb.c
+@@ -11,6 +11,7 @@
+ #include <linux/kernel.h>
+ #include <linux/kprobes.h>
+ #include <linux/module.h>
++#include <asm/opcodes.h>
+
+ #include "kprobes.h"
+
+@@ -163,9 +164,9 @@ t32_decode_ldmstm(kprobe_opcode_t insn,
+ enum kprobe_insn ret = kprobe_decode_ldmstm(insn, asi);
+
+ /* Fixup modified instruction to have halfwords in correct order...*/
+- insn = asi->insn[0];
+- ((u16 *)asi->insn)[0] = insn >> 16;
+- ((u16 *)asi->insn)[1] = insn & 0xffff;
++ insn = __mem_to_opcode_arm(asi->insn[0]);
++ ((u16 *)asi->insn)[0] = __opcode_to_mem_thumb16(insn >> 16);
++ ((u16 *)asi->insn)[1] = __opcode_to_mem_thumb16(insn & 0xffff);
+
+ return ret;
+ }
+@@ -1153,7 +1154,7 @@ t16_decode_hiregs(kprobe_opcode_t insn,
+ {
+ insn &= ~0x00ff;
+ insn |= 0x001; /* Set Rdn = R1 and Rm = R0 */
+- ((u16 *)asi->insn)[0] = insn;
++ ((u16 *)asi->insn)[0] = __opcode_to_mem_thumb16(insn);
+ asi->insn_handler = t16_emulate_hiregs;
+ return INSN_GOOD;
+ }
+@@ -1182,8 +1183,10 @@ t16_decode_push(kprobe_opcode_t insn, st
+ * and call it with R9=SP and LR in the register list represented
+ * by R8.
+ */
+- ((u16 *)asi->insn)[0] = 0xe929; /* 1st half STMDB R9!,{} */
+- ((u16 *)asi->insn)[1] = insn & 0x1ff; /* 2nd half (register list) */
++ /* 1st half STMDB R9!,{} */
++ ((u16 *)asi->insn)[0] = __opcode_to_mem_thumb16(0xe929);
++ /* 2nd half (register list) */
++ ((u16 *)asi->insn)[1] = __opcode_to_mem_thumb16(insn & 0x1ff);
+ asi->insn_handler = t16_emulate_push;
+ return INSN_GOOD;
+ }
+@@ -1232,8 +1235,10 @@ t16_decode_pop(kprobe_opcode_t insn, str
+ * and call it with R9=SP and PC in the register list represented
+ * by R8.
+ */
+- ((u16 *)asi->insn)[0] = 0xe8b9; /* 1st half LDMIA R9!,{} */
+- ((u16 *)asi->insn)[1] = insn & 0x1ff; /* 2nd half (register list) */
++ /* 1st half LDMIA R9!,{} */
++ ((u16 *)asi->insn)[0] = __opcode_to_mem_thumb16(0xe8b9);
++ /* 2nd half (register list) */
++ ((u16 *)asi->insn)[1] = __opcode_to_mem_thumb16(insn & 0x1ff);
+ asi->insn_handler = insn & 0x100 ? t16_emulate_pop_pc
+ : t16_emulate_pop_nopc;
+ return INSN_GOOD;
+--- a/arch/arm/kernel/kprobes.c
++++ b/arch/arm/kernel/kprobes.c
+@@ -26,6 +26,7 @@
+ #include <linux/stop_machine.h>
+ #include <linux/stringify.h>
+ #include <asm/traps.h>
++#include <asm/opcodes.h>
+ #include <asm/cacheflush.h>
+
+ #include "kprobes.h"
+@@ -62,10 +63,10 @@ int __kprobes arch_prepare_kprobe(struct
+ #ifdef CONFIG_THUMB2_KERNEL
+ thumb = true;
+ addr &= ~1; /* Bit 0 would normally be set to indicate Thumb code */
+- insn = ((u16 *)addr)[0];
++ insn = __mem_to_opcode_thumb16(((u16 *)addr)[0]);
+ if (is_wide_instruction(insn)) {
+- insn <<= 16;
+- insn |= ((u16 *)addr)[1];
++ u16 inst2 = __mem_to_opcode_thumb16(((u16 *)addr)[1]);
++ insn = __opcode_thumb32_compose(insn, inst2);
+ decode_insn = thumb32_kprobe_decode_insn;
+ } else
+ decode_insn = thumb16_kprobe_decode_insn;
+@@ -73,7 +74,7 @@ int __kprobes arch_prepare_kprobe(struct
+ thumb = false;
+ if (addr & 0x3)
+ return -EINVAL;
+- insn = *p->addr;
++ insn = __mem_to_opcode_arm(*p->addr);
+ decode_insn = arm_kprobe_decode_insn;
+ #endif
+
--- /dev/null
+From 96a2adbc6f501996418da9f7afe39bf0e4d006a9 Mon Sep 17 00:00:00 2001
+From: Bjorn Helgaas <bhelgaas@google.com>
+Date: Mon, 13 Oct 2014 18:59:09 -0600
+Subject: clocksource: Remove "weak" from clocksource_default_clock() declaration
+
+From: Bjorn Helgaas <bhelgaas@google.com>
+
+commit 96a2adbc6f501996418da9f7afe39bf0e4d006a9 upstream.
+
+kernel/time/jiffies.c provides a default clocksource_default_clock()
+definition explicitly marked "weak". arch/s390 provides its own definition
+intended to override the default, but the "weak" attribute on the
+declaration applied to the s390 definition as well, so the linker chose one
+based on link order (see 10629d711ed7 ("PCI: Remove __weak annotation from
+pcibios_get_phb_of_node decl")).
+
+Remove the "weak" attribute from the clocksource_default_clock()
+declaration so we always prefer a non-weak definition over the weak one,
+independent of link order.
+
+Fixes: f1b82746c1e9 ("clocksource: Cleanup clocksource selection")
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Acked-by: John Stultz <john.stultz@linaro.org>
+Acked-by: Ingo Molnar <mingo@kernel.org>
+CC: Daniel Lezcano <daniel.lezcano@linaro.org>
+CC: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/clocksource.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/linux/clocksource.h
++++ b/include/linux/clocksource.h
+@@ -289,7 +289,7 @@ extern struct clocksource* clocksource_g
+ extern void clocksource_change_rating(struct clocksource *cs, int rating);
+ extern void clocksource_suspend(void);
+ extern void clocksource_resume(void);
+-extern struct clocksource * __init __weak clocksource_default_clock(void);
++extern struct clocksource * __init clocksource_default_clock(void);
+ extern void clocksource_mark_unstable(struct clocksource *cs);
+
+ extern u64
--- /dev/null
+From a666b6ffbc9b6705a3ced704f52c3fe9ea8bf959 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pali=20Roh=C3=A1r?= <pali.rohar@gmail.com>
+Date: Mon, 29 Sep 2014 15:10:51 +0200
+Subject: dell-wmi: Fix access out of memory
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: =?UTF-8?q?Pali=20Roh=C3=A1r?= <pali.rohar@gmail.com>
+
+commit a666b6ffbc9b6705a3ced704f52c3fe9ea8bf959 upstream.
+
+Without this patch, dell-wmi is trying to access elements of dynamically
+allocated array without checking the array size. This can lead to memory
+corruption or a kernel panic. This patch adds the missing checks for
+array size.
+
+Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
+Signed-off-by: Darren Hart <dvhart@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/platform/x86/dell-wmi.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+--- a/drivers/platform/x86/dell-wmi.c
++++ b/drivers/platform/x86/dell-wmi.c
+@@ -163,18 +163,24 @@ static void dell_wmi_notify(u32 value, v
+ const struct key_entry *key;
+ int reported_key;
+ u16 *buffer_entry = (u16 *)obj->buffer.pointer;
++ int buffer_size = obj->buffer.length/2;
+
+- if (dell_new_hk_type && (buffer_entry[1] != 0x10)) {
++ if (buffer_size >= 2 && dell_new_hk_type && buffer_entry[1] != 0x10) {
+ pr_info("Received unknown WMI event (0x%x)\n",
+ buffer_entry[1]);
+ kfree(obj);
+ return;
+ }
+
+- if (dell_new_hk_type || buffer_entry[1] == 0x0)
++ if (buffer_size >= 3 && (dell_new_hk_type || buffer_entry[1] == 0x0))
+ reported_key = (int)buffer_entry[2];
+- else
++ else if (buffer_size >= 2)
+ reported_key = (int)buffer_entry[1] & 0xffff;
++ else {
++ pr_info("Received unknown WMI event\n");
++ kfree(obj);
++ return;
++ }
+
+ key = sparse_keymap_entry_from_scancode(dell_wmi_input_dev,
+ reported_key);
--- /dev/null
+From 1b2ad41214c9bf6e8befa000f0522629194bf540 Mon Sep 17 00:00:00 2001
+From: Steven Whitehouse <swhiteho@redhat.com>
+Date: Mon, 31 Mar 2014 17:48:27 +0100
+Subject: GFS2: Fix address space from page function
+
+From: Steven Whitehouse <swhiteho@redhat.com>
+
+commit 1b2ad41214c9bf6e8befa000f0522629194bf540 upstream.
+
+Now that rgrps use the address space which is part of the super
+block, we need to update gfs2_mapping2sbd() to take account of
+that. The only way to do that easily is to use a different set
+of address_space_operations for rgrps.
+
+Reported-by: Abhi Das <adas@redhat.com>
+Tested-by: Abhi Das <adas@redhat.com>
+Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/gfs2/meta_io.c | 5 +++++
+ fs/gfs2/meta_io.h | 3 +++
+ fs/gfs2/ops_fstype.c | 2 +-
+ 3 files changed, 9 insertions(+), 1 deletion(-)
+
+--- a/fs/gfs2/meta_io.c
++++ b/fs/gfs2/meta_io.c
+@@ -97,6 +97,11 @@ const struct address_space_operations gf
+ .releasepage = gfs2_releasepage,
+ };
+
++const struct address_space_operations gfs2_rgrp_aops = {
++ .writepage = gfs2_aspace_writepage,
++ .releasepage = gfs2_releasepage,
++};
++
+ /**
+ * gfs2_getbuf - Get a buffer with a given address space
+ * @gl: the glock
+--- a/fs/gfs2/meta_io.h
++++ b/fs/gfs2/meta_io.h
+@@ -38,12 +38,15 @@ static inline void gfs2_buffer_copy_tail
+ }
+
+ extern const struct address_space_operations gfs2_meta_aops;
++extern const struct address_space_operations gfs2_rgrp_aops;
+
+ static inline struct gfs2_sbd *gfs2_mapping2sbd(struct address_space *mapping)
+ {
+ struct inode *inode = mapping->host;
+ if (mapping->a_ops == &gfs2_meta_aops)
+ return (((struct gfs2_glock *)mapping) - 1)->gl_sbd;
++ else if (mapping->a_ops == &gfs2_rgrp_aops)
++ return container_of(mapping, struct gfs2_sbd, sd_aspace);
+ else
+ return inode->i_sb->s_fs_info;
+ }
+--- a/fs/gfs2/ops_fstype.c
++++ b/fs/gfs2/ops_fstype.c
+@@ -104,7 +104,7 @@ static struct gfs2_sbd *init_sbd(struct
+ mapping = &sdp->sd_aspace;
+
+ address_space_init_once(mapping);
+- mapping->a_ops = &gfs2_meta_aops;
++ mapping->a_ops = &gfs2_rgrp_aops;
+ mapping->host = sb->s_bdev->bd_inode;
+ mapping->flags = 0;
+ mapping_set_gfp_mask(mapping, GFP_NOFS);
--- /dev/null
+From 8b0f93d9490653a7b9fc91f3570089132faed1c0 Mon Sep 17 00:00:00 2001
+From: Devesh Sharma <devesh.sharma@emulex.com>
+Date: Fri, 26 Sep 2014 20:45:32 +0530
+Subject: IB/core: Clear AH attr variable to prevent garbage data
+
+From: Devesh Sharma <devesh.sharma@emulex.com>
+
+commit 8b0f93d9490653a7b9fc91f3570089132faed1c0 upstream.
+
+During create-ah from userspace, uverbs is sending garbage data in
+attr.dmac and attr.vlan_id. This patch sets attr.dmac and
+attr.vlan_id to zero.
+
+Fixes: dd5f03beb4f7 ("IB/core: Ethernet L2 attributes in verbs/cm structures")
+Signed-off-by: Devesh Sharma <devesh.sharma@emulex.com>
+Signed-off-by: Roland Dreier <roland@purestorage.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/core/uverbs_cmd.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/infiniband/core/uverbs_cmd.c
++++ b/drivers/infiniband/core/uverbs_cmd.c
+@@ -2425,6 +2425,8 @@ ssize_t ib_uverbs_create_ah(struct ib_uv
+ attr.grh.sgid_index = cmd.attr.grh.sgid_index;
+ attr.grh.hop_limit = cmd.attr.grh.hop_limit;
+ attr.grh.traffic_class = cmd.attr.grh.traffic_class;
++ attr.vlan_id = 0;
++ memset(&attr.dmac, 0, sizeof(attr.dmac));
+ memcpy(attr.grh.dgid.raw, cmd.attr.grh.dgid, 16);
+
+ ah = ib_create_ah(pd, &attr);
--- /dev/null
+From 1195d94e006b23c6292e78857e154872e33b6d7e Mon Sep 17 00:00:00 2001
+From: Andrey Vagin <avagin@openvz.org>
+Date: Mon, 13 Oct 2014 15:54:10 -0700
+Subject: ipc: always handle a new value of auto_msgmni
+
+From: Andrey Vagin <avagin@openvz.org>
+
+commit 1195d94e006b23c6292e78857e154872e33b6d7e upstream.
+
+proc_dointvec_minmax() returns zero if a new value has been set. So we
+don't need to check all charecters have been handled.
+
+Below you can find two examples. In the new value has not been handled
+properly.
+
+$ strace ./a.out
+open("/proc/sys/kernel/auto_msgmni", O_WRONLY) = 3
+write(3, "0\n\0", 3) = 2
+close(3) = 0
+exit_group(0)
+$ cat /sys/kernel/debug/tracing/trace
+
+$strace ./a.out
+open("/proc/sys/kernel/auto_msgmni", O_WRONLY) = 3
+write(3, "0\n", 2) = 2
+close(3) = 0
+
+$ cat /sys/kernel/debug/tracing/trace
+a.out-697 [000] .... 3280.998235: unregister_ipcns_notifier <-proc_ipcauto_dointvec_minmax
+
+Fixes: 9eefe520c814 ("ipc: do not use a negative value to re-enable msgmni automatic recomputin")
+Signed-off-by: Andrey Vagin <avagin@openvz.org>
+Cc: Mathias Krause <minipli@googlemail.com>
+Cc: Manfred Spraul <manfred@colorfullife.com>
+Cc: Joe Perches <joe@perches.com>
+Cc: Davidlohr Bueso <davidlohr@hp.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ ipc/ipc_sysctl.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/ipc/ipc_sysctl.c
++++ b/ipc/ipc_sysctl.c
+@@ -123,7 +123,6 @@ static int proc_ipcauto_dointvec_minmax(
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+ {
+ struct ctl_table ipc_table;
+- size_t lenp_bef = *lenp;
+ int oldval;
+ int rc;
+
+@@ -133,7 +132,7 @@ static int proc_ipcauto_dointvec_minmax(
+
+ rc = proc_dointvec_minmax(&ipc_table, write, buffer, lenp, ppos);
+
+- if (write && !rc && lenp_bef == *lenp) {
++ if (write && !rc) {
+ int newval = *((int *)(ipc_table.data));
+ /*
+ * The file "auto_msgmni" has correctly been set.
--- /dev/null
+From 107bcc6d566cb40184068d888637f9aefe6252dd Mon Sep 17 00:00:00 2001
+From: Bjorn Helgaas <bhelgaas@google.com>
+Date: Mon, 13 Oct 2014 19:00:25 -0600
+Subject: kgdb: Remove "weak" from kgdb_arch_pc() declaration
+
+From: Bjorn Helgaas <bhelgaas@google.com>
+
+commit 107bcc6d566cb40184068d888637f9aefe6252dd upstream.
+
+kernel/debug/debug_core.c provides a default kgdb_arch_pc() definition
+explicitly marked "weak". Several architectures provide their own
+definitions intended to override the default, but the "weak" attribute on
+the declaration applied to the arch definitions as well, so the linker
+chose one based on link order (see 10629d711ed7 ("PCI: Remove __weak
+annotation from pcibios_get_phb_of_node decl")).
+
+Remove the "weak" attribute from the declaration so we always prefer a
+non-weak definition over the weak one, independent of link order.
+
+Fixes: 688b744d8bc8 ("kgdb: fix signedness mixmatches, add statics, add declaration to header")
+Tested-by: Vineet Gupta <vgupta@synopsys.com> # for ARC build
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Reviewed-by: Harvey Harrison <harvey.harrison@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/kgdb.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/linux/kgdb.h
++++ b/include/linux/kgdb.h
+@@ -283,7 +283,7 @@ struct kgdb_io {
+
+ extern struct kgdb_arch arch_kgdb_ops;
+
+-extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs);
++extern unsigned long kgdb_arch_pc(int exception, struct pt_regs *regs);
+
+ #ifdef CONFIG_SERIAL_KGDB_NMI
+ extern int kgdb_register_nmi_console(void);
--- /dev/null
+From e0a8400c6923a163265d52798cdd4c33f3f8ab5a Mon Sep 17 00:00:00 2001
+From: Bjorn Helgaas <bhelgaas@google.com>
+Date: Mon, 13 Oct 2014 19:00:47 -0600
+Subject: memory-hotplug: Remove "weak" from memory_block_size_bytes() declaration
+
+From: Bjorn Helgaas <bhelgaas@google.com>
+
+commit e0a8400c6923a163265d52798cdd4c33f3f8ab5a upstream.
+
+drivers/base/memory.c provides a default memory_block_size_bytes()
+definition explicitly marked "weak". Several architectures provide their
+own definitions intended to override the default, but the "weak" attribute
+on the declaration applied to the arch definitions as well, so the linker
+chose one based on link order (see 10629d711ed7 ("PCI: Remove __weak
+annotation from pcibios_get_phb_of_node decl")).
+
+Remove the "weak" attribute from the declaration so we always prefer a
+non-weak definition over the weak one, independent of link order.
+
+Fixes: 41f107266b19 ("drivers: base: Add prototype declaration to the header file")
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Acked-by: Andrew Morton <akpm@linux-foundation.org>
+CC: Rashika Kheria <rashika.kheria@gmail.com>
+CC: Nathan Fontenot <nfont@austin.ibm.com>
+CC: Anton Blanchard <anton@au1.ibm.com>
+CC: Heiko Carstens <heiko.carstens@de.ibm.com>
+CC: Yinghai Lu <yinghai@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/memory.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/linux/memory.h
++++ b/include/linux/memory.h
+@@ -35,7 +35,7 @@ struct memory_block {
+ };
+
+ int arch_get_memory_phys_device(unsigned long start_pfn);
+-unsigned long __weak memory_block_size_bytes(void);
++unsigned long memory_block_size_bytes(void);
+
+ /* These states are exposed to userspace as text strings in sysfs */
+ #define MEM_ONLINE (1<<0) /* exposed to userspace */
--- /dev/null
+From 0f9f5e1b83abd2b37c67658e02a6fc9001831fa5 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Tue, 21 Oct 2014 11:28:12 +0300
+Subject: netfilter: ipset: off by one in ip_set_nfnl_get_byindex()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 0f9f5e1b83abd2b37c67658e02a6fc9001831fa5 upstream.
+
+The ->ip_set_list[] array is initialized in ip_set_net_init() and it
+has ->ip_set_max elements so this check should be >= instead of >
+otherwise we are off by one.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/ipset/ip_set_core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/ipset/ip_set_core.c
++++ b/net/netfilter/ipset/ip_set_core.c
+@@ -636,7 +636,7 @@ ip_set_nfnl_get_byindex(struct net *net,
+ struct ip_set *set;
+ struct ip_set_net *inst = ip_set_pernet(net);
+
+- if (index > inst->ip_set_max)
++ if (index >= inst->ip_set_max)
+ return IPSET_INVALID_ID;
+
+ nfnl_lock(NFNL_SUBSYS_IPSET);
--- /dev/null
+From 9dfa1dfe4d5e5e66a991321ab08afe69759d797a Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Thu, 23 Oct 2014 10:36:06 +0200
+Subject: netfilter: nf_log: account for size of NLMSG_DONE attribute
+
+From: Florian Westphal <fw@strlen.de>
+
+commit 9dfa1dfe4d5e5e66a991321ab08afe69759d797a upstream.
+
+We currently neither account for the nlattr size, nor do we consider
+the size of the trailing NLMSG_DONE when allocating nlmsg skb.
+
+This can result in nflog to stop working, as __nfulnl_send() re-tries
+sending forever if it failed to append NLMSG_DONE (which will never
+work if buffer is not large enough).
+
+Reported-by: Houcheng Lin <houcheng@gmail.com>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nfnetlink_log.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/net/netfilter/nfnetlink_log.c
++++ b/net/netfilter/nfnetlink_log.c
+@@ -652,7 +652,8 @@ nfulnl_log_packet(struct net *net,
+ + nla_total_size(sizeof(u_int32_t)) /* gid */
+ + nla_total_size(plen) /* prefix */
+ + nla_total_size(sizeof(struct nfulnl_msg_packet_hw))
+- + nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp));
++ + nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp))
++ + nla_total_size(sizeof(struct nfgenmsg)); /* NLMSG_DONE */
+
+ if (in && skb_mac_header_was_set(skb)) {
+ size += nla_total_size(skb->dev->hard_header_len)
+@@ -695,8 +696,7 @@ nfulnl_log_packet(struct net *net,
+ goto unlock_and_release;
+ }
+
+- if (inst->skb &&
+- size > skb_tailroom(inst->skb) - sizeof(struct nfgenmsg)) {
++ if (inst->skb && size > skb_tailroom(inst->skb)) {
+ /* either the queue len is too high or we don't have
+ * enough room in the skb left. flush to userspace. */
+ __nfulnl_flush(inst);
--- /dev/null
+From b51d3fa364885a2c1e1668f88776c67c95291820 Mon Sep 17 00:00:00 2001
+From: Houcheng Lin <houcheng@gmail.com>
+Date: Thu, 23 Oct 2014 10:36:08 +0200
+Subject: netfilter: nf_log: release skbuff on nlmsg put failure
+
+From: Houcheng Lin <houcheng@gmail.com>
+
+commit b51d3fa364885a2c1e1668f88776c67c95291820 upstream.
+
+The kernel should reserve enough room in the skb so that the DONE
+message can always be appended. However, in case of e.g. new attribute
+erronously not being size-accounted for, __nfulnl_send() will still
+try to put next nlmsg into this full skbuf, causing the skb to be stuck
+forever and blocking delivery of further messages.
+
+Fix issue by releasing skb immediately after nlmsg_put error and
+WARN() so we can track down the cause of such size mismatch.
+
+[ fw@strlen.de: add tailroom/len info to WARN ]
+
+Signed-off-by: Houcheng Lin <houcheng@gmail.com>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nfnetlink_log.c | 17 ++++++++---------
+ 1 file changed, 8 insertions(+), 9 deletions(-)
+
+--- a/net/netfilter/nfnetlink_log.c
++++ b/net/netfilter/nfnetlink_log.c
+@@ -349,26 +349,25 @@ nfulnl_alloc_skb(struct net *net, u32 pe
+ return skb;
+ }
+
+-static int
++static void
+ __nfulnl_send(struct nfulnl_instance *inst)
+ {
+- int status = -1;
+-
+ if (inst->qlen > 1) {
+ struct nlmsghdr *nlh = nlmsg_put(inst->skb, 0, 0,
+ NLMSG_DONE,
+ sizeof(struct nfgenmsg),
+ 0);
+- if (!nlh)
++ if (WARN_ONCE(!nlh, "bad nlskb size: %u, tailroom %d\n",
++ inst->skb->len, skb_tailroom(inst->skb))) {
++ kfree_skb(inst->skb);
+ goto out;
++ }
+ }
+- status = nfnetlink_unicast(inst->skb, inst->net, inst->peer_portid,
+- MSG_DONTWAIT);
+-
++ nfnetlink_unicast(inst->skb, inst->net, inst->peer_portid,
++ MSG_DONTWAIT);
++out:
+ inst->qlen = 0;
+ inst->skb = NULL;
+-out:
+- return status;
+ }
+
+ static void
--- /dev/null
+From c1e7dc91eed0ed1a51c9b814d648db18bf8fc6e9 Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Thu, 23 Oct 2014 10:36:07 +0200
+Subject: netfilter: nfnetlink_log: fix maximum packet length logged to userspace
+
+From: Florian Westphal <fw@strlen.de>
+
+commit c1e7dc91eed0ed1a51c9b814d648db18bf8fc6e9 upstream.
+
+don't try to queue payloads > 0xffff - NLA_HDRLEN, it does not work.
+The nla length includes the size of the nla struct, so anything larger
+results in u16 integer overflow.
+
+This patch is similar to
+9cefbbc9c8f9abe (netfilter: nfnetlink_queue: cleanup copy_range usage).
+
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nfnetlink_log.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/net/netfilter/nfnetlink_log.c
++++ b/net/netfilter/nfnetlink_log.c
+@@ -45,7 +45,8 @@
+ #define NFULNL_NLBUFSIZ_DEFAULT NLMSG_GOODSIZE
+ #define NFULNL_TIMEOUT_DEFAULT 100 /* every second */
+ #define NFULNL_QTHRESH_DEFAULT 100 /* 100 packets */
+-#define NFULNL_COPY_RANGE_MAX 0xFFFF /* max packet size is limited by 16-bit struct nfattr nfa_len field */
++/* max packet size is limited by 16-bit struct nfattr nfa_len field */
++#define NFULNL_COPY_RANGE_MAX (0xFFFF - NLA_HDRLEN)
+
+ #define PRINTR(x, args...) do { if (net_ratelimit()) \
+ printk(x, ## args); } while (0);
+@@ -255,6 +256,8 @@ nfulnl_set_mode(struct nfulnl_instance *
+
+ case NFULNL_COPY_PACKET:
+ inst->copy_mode = mode;
++ if (range == 0)
++ range = NFULNL_COPY_RANGE_MAX;
+ inst->copy_range = min_t(unsigned int,
+ range, NFULNL_COPY_RANGE_MAX);
+ break;
+@@ -682,8 +685,7 @@ nfulnl_log_packet(struct net *net,
+ break;
+
+ case NFULNL_COPY_PACKET:
+- if (inst->copy_range == 0
+- || inst->copy_range > skb->len)
++ if (inst->copy_range > skb->len)
+ data_len = skb->len;
+ else
+ data_len = inst->copy_range;
--- /dev/null
+From 7965ee93719921ea5978f331da653dfa2d7b99f5 Mon Sep 17 00:00:00 2001
+From: Arturo Borrero <arturo.borrero.glez@gmail.com>
+Date: Sun, 26 Oct 2014 12:22:40 +0100
+Subject: netfilter: nft_compat: fix wrong target lookup in nft_target_select_ops()
+
+From: Arturo Borrero <arturo.borrero.glez@gmail.com>
+
+commit 7965ee93719921ea5978f331da653dfa2d7b99f5 upstream.
+
+The code looks for an already loaded target, and the correct list to search
+is nft_target_list, not nft_match_list.
+
+Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nft_compat.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/nft_compat.c
++++ b/net/netfilter/nft_compat.c
+@@ -678,7 +678,7 @@ nft_target_select_ops(const struct nft_c
+ family = ctx->afi->family;
+
+ /* Re-use the existing target if it's already loaded. */
+- list_for_each_entry(nft_target, &nft_match_list, head) {
++ list_for_each_entry(nft_target, &nft_target_list, head) {
+ struct xt_target *target = nft_target->ops.data;
+
+ if (strcmp(target->name, tg_name) == 0 &&
--- /dev/null
+From e10038a8ec06ac819b7552bb67aaa6d2d6f850c1 Mon Sep 17 00:00:00 2001
+From: Pablo Neira <pablo@netfilter.org>
+Date: Tue, 29 Jul 2014 18:12:15 +0200
+Subject: netfilter: xt_bpf: add mising opaque struct sk_filter definition
+
+From: Pablo Neira <pablo@netfilter.org>
+
+commit e10038a8ec06ac819b7552bb67aaa6d2d6f850c1 upstream.
+
+This structure is not exposed to userspace, so fix this by defining
+struct sk_filter; so we skip the casting in kernelspace. This is safe
+since userspace has no way to lurk with that internal pointer.
+
+Fixes: e6f30c7 ("netfilter: x_tables: add xt_bpf match")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Acked-by: Willem de Bruijn <willemb@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/uapi/linux/netfilter/xt_bpf.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/include/uapi/linux/netfilter/xt_bpf.h
++++ b/include/uapi/linux/netfilter/xt_bpf.h
+@@ -6,6 +6,8 @@
+
+ #define XT_BPF_MAX_NUM_INSTR 64
+
++struct sk_filter;
++
+ struct xt_bpf_info {
+ __u16 bpf_program_num_elem;
+ struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR];
--- /dev/null
+From b3f207855f57b9c8f43a547a801340bb5cbc59e5 Mon Sep 17 00:00:00 2001
+From: Pawel Moll <pawel.moll@arm.com>
+Date: Fri, 13 Jun 2014 16:03:32 +0100
+Subject: perf: Handle compat ioctl
+
+From: Pawel Moll <pawel.moll@arm.com>
+
+commit b3f207855f57b9c8f43a547a801340bb5cbc59e5 upstream.
+
+When running a 32-bit userspace on a 64-bit kernel (eg. i386
+application on x86_64 kernel or 32-bit arm userspace on arm64
+kernel) some of the perf ioctls must be treated with special
+care, as they have a pointer size encoded in the command.
+
+For example, PERF_EVENT_IOC_ID in 32-bit world will be encoded
+as 0x80042407, but 64-bit kernel will expect 0x80082407. In
+result the ioctl will fail returning -ENOTTY.
+
+This patch solves the problem by adding code fixing up the
+size as compat_ioctl file operation.
+
+Reported-by: Drew Richardson <drew.richardson@arm.com>
+Signed-off-by: Pawel Moll <pawel.moll@arm.com>
+Signed-off-by: Peter Zijlstra <peterz@infradead.org>
+Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Link: http://lkml.kernel.org/r/1402671812-9078-1-git-send-email-pawel.moll@arm.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: David Ahern <daahern@cisco.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/events/core.c | 23 ++++++++++++++++++++++-
+ 1 file changed, 22 insertions(+), 1 deletion(-)
+
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -39,6 +39,7 @@
+ #include <linux/hw_breakpoint.h>
+ #include <linux/mm_types.h>
+ #include <linux/cgroup.h>
++#include <linux/compat.h>
+
+ #include "internal.h"
+
+@@ -3693,6 +3694,26 @@ static long perf_ioctl(struct file *file
+ return 0;
+ }
+
++#ifdef CONFIG_COMPAT
++static long perf_compat_ioctl(struct file *file, unsigned int cmd,
++ unsigned long arg)
++{
++ switch (_IOC_NR(cmd)) {
++ case _IOC_NR(PERF_EVENT_IOC_SET_FILTER):
++ case _IOC_NR(PERF_EVENT_IOC_ID):
++ /* Fix up pointer size (usually 4 -> 8 in 32-on-64-bit case */
++ if (_IOC_SIZE(cmd) == sizeof(compat_uptr_t)) {
++ cmd &= ~IOCSIZE_MASK;
++ cmd |= sizeof(void *) << IOCSIZE_SHIFT;
++ }
++ break;
++ }
++ return perf_ioctl(file, cmd, arg);
++}
++#else
++# define perf_compat_ioctl NULL
++#endif
++
+ int perf_event_task_enable(void)
+ {
+ struct perf_event *event;
+@@ -4185,7 +4206,7 @@ static const struct file_operations perf
+ .read = perf_read,
+ .poll = perf_poll,
+ .unlocked_ioctl = perf_ioctl,
+- .compat_ioctl = perf_ioctl,
++ .compat_ioctl = perf_compat_ioctl,
+ .mmap = perf_mmap,
+ .fasync = perf_fasync,
+ };
--- /dev/null
+From 1996388e9f4e3444db8273bc08d25164d2967c21 Mon Sep 17 00:00:00 2001
+From: Vince Weaver <vincent.weaver@maine.edu>
+Date: Mon, 14 Jul 2014 15:33:25 -0400
+Subject: perf/x86/intel: Use proper dTLB-load-misses event on IvyBridge
+
+From: Vince Weaver <vincent.weaver@maine.edu>
+
+commit 1996388e9f4e3444db8273bc08d25164d2967c21 upstream.
+
+This was discussed back in February:
+
+ https://lkml.org/lkml/2014/2/18/956
+
+But I never saw a patch come out of it.
+
+On IvyBridge we share the SandyBridge cache event tables, but the
+dTLB-load-miss event is not compatible. Patch it up after
+the fact to the proper DTLB_LOAD_MISSES.DEMAND_LD_MISS_CAUSES_A_WALK
+
+Signed-off-by: Vince Weaver <vincent.weaver@maine.edu>
+Signed-off-by: Peter Zijlstra <peterz@infradead.org>
+Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Link: http://lkml.kernel.org/r/alpine.DEB.2.11.1407141528200.17214@vincent-weaver-1.umelst.maine.edu
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Cc: Hou Pengyang <houpengyang@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/perf_event_intel.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/arch/x86/kernel/cpu/perf_event_intel.c
++++ b/arch/x86/kernel/cpu/perf_event_intel.c
+@@ -2475,6 +2475,9 @@ __init int intel_pmu_init(void)
+ case 62: /* IvyBridge EP */
+ memcpy(hw_cache_event_ids, snb_hw_cache_event_ids,
+ sizeof(hw_cache_event_ids));
++ /* dTLB-load-misses on IVB is different than SNB */
++ hw_cache_event_ids[C(DTLB)][C(OP_READ)][C(RESULT_MISS)] = 0x8108; /* DTLB_LOAD_MISSES.DEMAND_LD_MISS_CAUSES_A_WALK */
++
+ memcpy(hw_cache_extra_regs, snb_hw_cache_extra_regs,
+ sizeof(hw_cache_extra_regs));
+
--- /dev/null
+From b433a3686a2031d9de32d49249519a851688b54a Mon Sep 17 00:00:00 2001
+From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
+Date: Tue, 11 Mar 2014 13:02:16 -0700
+Subject: rcu: Make callers awaken grace-period kthread
+
+From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
+
+commit 48a7639ce80cf279834d0d44865e49ecd714f37d upstream.
+
+The rcu_start_gp_advanced() function currently uses irq_work_queue()
+to defer wakeups of the RCU grace-period kthread. This deferring
+is necessary to avoid RCU-scheduler deadlocks involving the rcu_node
+structure's lock, meaning that RCU cannot call any of the scheduler's
+wake-up functions while holding one of these locks.
+
+Unfortunately, the second and subsequent calls to irq_work_queue() are
+ignored, and the first call will be ignored (aside from queuing the work
+item) if the scheduler-clock tick is turned off. This is OK for many
+uses, especially those where irq_work_queue() is called from an interrupt
+or softirq handler, because in those cases the scheduler-clock-tick state
+will be re-evaluated, which will turn the scheduler-clock tick back on.
+On the next tick, any deferred work will then be processed.
+
+However, this strategy does not always work for RCU, which can be invoked
+at process level from idle CPUs. In this case, the tick might never
+be turned back on, indefinitely defering a grace-period start request.
+Note that the RCU CPU stall detector cannot see this condition, because
+there is no RCU grace period in progress. Therefore, we can (and do!)
+see long tens-of-seconds stalls in grace-period handling. In theory,
+we could see a full grace-period hang, but rcutorture testing to date
+has seen only the tens-of-seconds stalls. Event tracing demonstrates
+that irq_work_queue() is being called repeatedly to no effect during
+these stalls: The "newreq" event appears repeatedly from a task that is
+not one of the grace-period kthreads.
+
+In theory, irq_work_queue() might be fixed to avoid this sort of issue,
+but RCU's requirements are unusual and it is quite straightforward to pass
+wake-up responsibility up through RCU's call chain, so that the wakeup
+happens when the offending locks are released.
+
+This commit therefore makes this change. The rcu_start_gp_advanced(),
+rcu_start_future_gp(), rcu_accelerate_cbs(), rcu_advance_cbs(),
+__note_gp_changes(), and rcu_start_gp() functions now return a boolean
+which indicates when a wake-up is needed. A new rcu_gp_kthread_wake()
+does the wakeup when it is necessary and safe to do so: No self-wakes,
+no wake-ups if the ->gp_flags field indicates there is no need (as in
+someone else did the wake-up before we got around to it), and no wake-ups
+before the grace-period kthread has been created.
+
+Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Steven Rostedt <rostedt@goodmis.org>
+Cc: Frederic Weisbecker <fweisbec@gmail.com>
+Reviewed-by: Josh Triplett <josh@joshtriplett.org>
+[ Pranith: backport to 3.13-stable: just rcu_gp_kthread_wake(),
+ prereq for 2aa792e "rcu: Use rcu_gp_kthread_wake() to wake up grace
+ period kthreads" ]
+Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
+Signed-off-by: Kamal Mostafa <kamal@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/rcu/tree.c | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+--- a/kernel/rcu/tree.c
++++ b/kernel/rcu/tree.c
+@@ -1228,6 +1228,22 @@ static int rcu_future_gp_cleanup(struct
+ }
+
+ /*
++ * Awaken the grace-period kthread for the specified flavor of RCU.
++ * Don't do a self-awaken, and don't bother awakening when there is
++ * nothing for the grace-period kthread to do (as in several CPUs
++ * raced to awaken, and we lost), and finally don't try to awaken
++ * a kthread that has not yet been created.
++ */
++static void rcu_gp_kthread_wake(struct rcu_state *rsp)
++{
++ if (current == rsp->gp_kthread ||
++ !ACCESS_ONCE(rsp->gp_flags) ||
++ !rsp->gp_kthread)
++ return;
++ wake_up(&rsp->gp_wq);
++}
++
++/*
+ * If there is room, assign a ->completed number to any callbacks on
+ * this CPU that have not already been assigned. Also accelerate any
+ * callbacks that were previously assigned a ->completed number that has
+@@ -1670,7 +1686,7 @@ static void rsp_wakeup(struct irq_work *
+ struct rcu_state *rsp = container_of(work, struct rcu_state, wakeup_work);
+
+ /* Wake up rcu_gp_kthread() to start the grace period. */
+- wake_up(&rsp->gp_wq);
++ rcu_gp_kthread_wake(rsp);
+ }
+
+ /*
--- /dev/null
+From 2aa792e6faf1a00f5accf1f69e87e11a390ba2cd Mon Sep 17 00:00:00 2001
+From: Pranith Kumar <bobby.prani@gmail.com>
+Date: Tue, 12 Aug 2014 13:07:47 -0400
+Subject: rcu: Use rcu_gp_kthread_wake() to wake up grace period kthreads
+
+From: Pranith Kumar <bobby.prani@gmail.com>
+
+commit 2aa792e6faf1a00f5accf1f69e87e11a390ba2cd upstream.
+
+The rcu_gp_kthread_wake() function checks for three conditions before
+waking up grace period kthreads:
+
+* Is the thread we are trying to wake up the current thread?
+* Are the gp_flags zero? (all threads wait on non-zero gp_flags condition)
+* Is there no thread created for this flavour, hence nothing to wake up?
+
+If any one of these condition is true, we do not call wake_up().
+It was found that there are quite a few avoidable wake ups both during
+idle time and under stress induced by rcutorture.
+
+Idle:
+
+Total:66000, unnecessary:66000, case1:61827, case2:66000, case3:0
+Total:68000, unnecessary:68000, case1:63696, case2:68000, case3:0
+
+rcutorture:
+
+Total:254000, unnecessary:254000, case1:199913, case2:254000, case3:0
+Total:256000, unnecessary:256000, case1:201784, case2:256000, case3:0
+
+Here case{1-3} are the cases listed above. We can avoid these wake
+ups by using rcu_gp_kthread_wake() to conditionally wake up the grace
+period kthreads.
+
+There is a comment about an implied barrier supplied by the wake_up()
+logic. This barrier is necessary for the awakened thread to see the
+updated ->gp_flags. This flag is always being updated with the root node
+lock held. Also, the awakened thread tries to acquire the root node lock
+before reading ->gp_flags because of which there is proper ordering.
+
+Hence this commit tries to avoid calling wake_up() whenever we can by
+using rcu_gp_kthread_wake() function.
+
+Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
+CC: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+Cc: Kamal Mostafa <kamal@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/rcu/tree.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/kernel/rcu/tree.c
++++ b/kernel/rcu/tree.c
+@@ -1762,7 +1762,7 @@ static void rcu_report_qs_rsp(struct rcu
+ {
+ WARN_ON_ONCE(!rcu_gp_in_progress(rsp));
+ raw_spin_unlock_irqrestore(&rcu_get_root(rsp)->lock, flags);
+- wake_up(&rsp->gp_wq); /* Memory barrier implied by wake_up() path. */
++ rcu_gp_kthread_wake(rsp);
+ }
+
+ /*
+@@ -2338,7 +2338,7 @@ static void force_quiescent_state(struct
+ }
+ rsp->gp_flags |= RCU_GP_FLAG_FQS;
+ raw_spin_unlock_irqrestore(&rnp_old->lock, flags);
+- wake_up(&rsp->gp_wq); /* Memory barrier implied by wake_up() path. */
++ rcu_gp_kthread_wake(rsp);
+ }
+
+ /*
nfsv4-fix-races-between-nfs_remove_bad_delegation-and-delegation-return.patch
nfsv4.1-nfs41_clear_delegation_stateid-shouldn-t-trust-nfs_delegated_state.patch
media-ttusb-dec-buffer-overflow-in-ioctl.patch
+memory-hotplug-remove-weak-from-memory_block_size_bytes-declaration.patch
+vmcore-remove-weak-from-function-declarations.patch
+kgdb-remove-weak-from-kgdb_arch_pc-declaration.patch
+clocksource-remove-weak-from-clocksource_default_clock-declaration.patch
+ib-core-clear-ah-attr-variable-to-prevent-garbage-data.patch
+ipc-always-handle-a-new-value-of-auto_msgmni.patch
+netfilter-ipset-off-by-one-in-ip_set_nfnl_get_byindex.patch
+netfilter-nf_log-account-for-size-of-nlmsg_done-attribute.patch
+netfilter-nfnetlink_log-fix-maximum-packet-length-logged-to-userspace.patch
+netfilter-nf_log-release-skbuff-on-nlmsg-put-failure.patch
+netfilter-nft_compat-fix-wrong-target-lookup-in-nft_target_select_ops.patch
+netfilter-xt_bpf-add-mising-opaque-struct-sk_filter-definition.patch
+arm-probes-fix-instruction-fetch-order-with-asm-opcodes.h.patch
+gfs2-fix-address-space-from-page-function.patch
+rcu-make-callers-awaken-grace-period-kthread.patch
+rcu-use-rcu_gp_kthread_wake-to-wake-up-grace-period-kthreads.patch
+dell-wmi-fix-access-out-of-memory.patch
+perf-handle-compat-ioctl.patch
+perf-x86-intel-use-proper-dtlb-load-misses-event-on-ivybridge.patch
--- /dev/null
+From 5ab03ac5aaa1f032e071f1b3dc433b7839359c03 Mon Sep 17 00:00:00 2001
+From: Bjorn Helgaas <bhelgaas@google.com>
+Date: Mon, 13 Oct 2014 18:59:41 -0600
+Subject: vmcore: Remove "weak" from function declarations
+
+From: Bjorn Helgaas <bhelgaas@google.com>
+
+commit 5ab03ac5aaa1f032e071f1b3dc433b7839359c03 upstream.
+
+For the following functions:
+
+ elfcorehdr_alloc()
+ elfcorehdr_free()
+ elfcorehdr_read()
+ elfcorehdr_read_notes()
+ remap_oldmem_pfn_range()
+
+fs/proc/vmcore.c provides default definitions explicitly marked "weak".
+arch/s390 provides its own definitions intended to override the default
+ones, but the "weak" attribute on the declarations applied to the s390
+definitions as well, so the linker chose one based on link order (see
+10629d711ed7 ("PCI: Remove __weak annotation from pcibios_get_phb_of_node
+decl")).
+
+Remove the "weak" attribute from the declarations so we always prefer a
+non-weak definition over the weak one, independent of link order.
+
+Fixes: be8a8d069e50 ("vmcore: introduce ELF header in new memory feature")
+Fixes: 9cb218131de1 ("vmcore: introduce remap_oldmem_pfn_range()")
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Acked-by: Andrew Morton <akpm@linux-foundation.org>
+Acked-by: Vivek Goyal <vgoyal@redhat.com>
+CC: Michael Holzheu <holzheu@linux.vnet.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/crash_dump.h | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+--- a/include/linux/crash_dump.h
++++ b/include/linux/crash_dump.h
+@@ -14,14 +14,13 @@
+ extern unsigned long long elfcorehdr_addr;
+ extern unsigned long long elfcorehdr_size;
+
+-extern int __weak elfcorehdr_alloc(unsigned long long *addr,
+- unsigned long long *size);
+-extern void __weak elfcorehdr_free(unsigned long long addr);
+-extern ssize_t __weak elfcorehdr_read(char *buf, size_t count, u64 *ppos);
+-extern ssize_t __weak elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos);
+-extern int __weak remap_oldmem_pfn_range(struct vm_area_struct *vma,
+- unsigned long from, unsigned long pfn,
+- unsigned long size, pgprot_t prot);
++extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *size);
++extern void elfcorehdr_free(unsigned long long addr);
++extern ssize_t elfcorehdr_read(char *buf, size_t count, u64 *ppos);
++extern ssize_t elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos);
++extern int remap_oldmem_pfn_range(struct vm_area_struct *vma,
++ unsigned long from, unsigned long pfn,
++ unsigned long size, pgprot_t prot);
+
+ extern ssize_t copy_oldmem_page(unsigned long, char *, size_t,
+ unsigned long, int);
projects / thirdparty / kernel / stable-queue.git / commitdiff
