--- /dev/null
+From 2d0871396995139b37f9ceb153c8b07589148343 Mon Sep 17 00:00:00 2001
+From: Michal Marek <mmarek@suse.cz>
+Date: Fri, 22 Aug 2014 15:51:03 +0200
+Subject: builddeb: put the dbg files into the correct directory
+
+From: Michal Marek <mmarek@suse.cz>
+
+commit 2d0871396995139b37f9ceb153c8b07589148343 upstream.
+
+Since the conversion of objtree to use relative pathnames (commit
+7e1c04779e, "kbuild: Use relative path for $(objtree)"), the debug
+info files have been ending up in /debian/dbgtmp/ in the regular
+linux-image package instead of the debug files package. Fix up the
+paths so that the debug files end up in the -dbg package.
+
+This is based on a similar patch by Darrick.
+
+Reported-and-tested-by: "Darrick J. Wong" <darrick.wong@oracle.com>
+Signed-off-by: Michal Marek <mmarek@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ scripts/package/builddeb | 22 ++++++++++------------
+ 1 file changed, 10 insertions(+), 12 deletions(-)
+
+--- a/scripts/package/builddeb
++++ b/scripts/package/builddeb
+@@ -152,18 +152,16 @@ if grep -q '^CONFIG_MODULES=y' $KCONFIG_
+ rmdir "$tmpdir/lib/modules/$version"
+ fi
+ if [ -n "$BUILD_DEBUG" ] ; then
+- (
+- cd $tmpdir
+- for module in $(find lib/modules/ -name *.ko); do
+- mkdir -p $(dirname $dbg_dir/usr/lib/debug/$module)
+- # only keep debug symbols in the debug file
+- $OBJCOPY --only-keep-debug $module $dbg_dir/usr/lib/debug/$module
+- # strip original module from debug symbols
+- $OBJCOPY --strip-debug $module
+- # then add a link to those
+- $OBJCOPY --add-gnu-debuglink=$dbg_dir/usr/lib/debug/$module $module
+- done
+- )
++ for module in $(find $tmpdir/lib/modules/ -name *.ko -printf '%P\n'); do
++ module=lib/modules/$module
++ mkdir -p $(dirname $dbg_dir/usr/lib/debug/$module)
++ # only keep debug symbols in the debug file
++ $OBJCOPY --only-keep-debug $tmpdir/$module $dbg_dir/usr/lib/debug/$module
++ # strip original module from debug symbols
++ $OBJCOPY --strip-debug $tmpdir/$module
++ # then add a link to those
++ $OBJCOPY --add-gnu-debuglink=$dbg_dir/usr/lib/debug/$module $tmpdir/$module
++ done
+ fi
+ fi
+
--- /dev/null
+From d2207ccbc59900311c88bb9150b24253cd4ddd49 Mon Sep 17 00:00:00 2001
+From: Joe Perches <joe@perches.com>
+Date: Mon, 13 Oct 2014 15:51:53 -0700
+Subject: checkpatch: remove unnecessary + after {8,8}
+
+From: Joe Perches <joe@perches.com>
+
+commit d2207ccbc59900311c88bb9150b24253cd4ddd49 upstream.
+
+There's a useless "+" use that needs to be removed as perl 5.20 emits a
+"Useless use of greediness modifier '+'" message each time it's hit.
+
+Signed-off-by: Joe Perches <joe@perches.com>
+Reported-by: Greg KH <gregkh@linuxfoundation.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ scripts/checkpatch.pl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/scripts/checkpatch.pl
++++ b/scripts/checkpatch.pl
+@@ -2424,7 +2424,7 @@ sub process {
+ "please, no space before tabs\n" . $herevet) &&
+ $fix) {
+ while ($fixed[$fixlinenr] =~
+- s/(^\+.*) {8,8}+\t/$1\t\t/) {}
++ s/(^\+.*) {8,8}\t/$1\t\t/) {}
+ while ($fixed[$fixlinenr] =~
+ s/(^\+.*) +\t/$1\t/) {}
+ }
--- /dev/null
+From 96a2adbc6f501996418da9f7afe39bf0e4d006a9 Mon Sep 17 00:00:00 2001
+From: Bjorn Helgaas <bhelgaas@google.com>
+Date: Mon, 13 Oct 2014 18:59:09 -0600
+Subject: clocksource: Remove "weak" from clocksource_default_clock() declaration
+
+From: Bjorn Helgaas <bhelgaas@google.com>
+
+commit 96a2adbc6f501996418da9f7afe39bf0e4d006a9 upstream.
+
+kernel/time/jiffies.c provides a default clocksource_default_clock()
+definition explicitly marked "weak". arch/s390 provides its own definition
+intended to override the default, but the "weak" attribute on the
+declaration applied to the s390 definition as well, so the linker chose one
+based on link order (see 10629d711ed7 ("PCI: Remove __weak annotation from
+pcibios_get_phb_of_node decl")).
+
+Remove the "weak" attribute from the clocksource_default_clock()
+declaration so we always prefer a non-weak definition over the weak one,
+independent of link order.
+
+Fixes: f1b82746c1e9 ("clocksource: Cleanup clocksource selection")
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Acked-by: John Stultz <john.stultz@linaro.org>
+Acked-by: Ingo Molnar <mingo@kernel.org>
+CC: Daniel Lezcano <daniel.lezcano@linaro.org>
+CC: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/clocksource.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/linux/clocksource.h
++++ b/include/linux/clocksource.h
+@@ -287,7 +287,7 @@ extern struct clocksource* clocksource_g
+ extern void clocksource_change_rating(struct clocksource *cs, int rating);
+ extern void clocksource_suspend(void);
+ extern void clocksource_resume(void);
+-extern struct clocksource * __init __weak clocksource_default_clock(void);
++extern struct clocksource * __init clocksource_default_clock(void);
+ extern void clocksource_mark_unstable(struct clocksource *cs);
+
+ extern u64
--- /dev/null
+From a666b6ffbc9b6705a3ced704f52c3fe9ea8bf959 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pali=20Roh=C3=A1r?= <pali.rohar@gmail.com>
+Date: Mon, 29 Sep 2014 15:10:51 +0200
+Subject: dell-wmi: Fix access out of memory
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: =?UTF-8?q?Pali=20Roh=C3=A1r?= <pali.rohar@gmail.com>
+
+commit a666b6ffbc9b6705a3ced704f52c3fe9ea8bf959 upstream.
+
+Without this patch, dell-wmi is trying to access elements of dynamically
+allocated array without checking the array size. This can lead to memory
+corruption or a kernel panic. This patch adds the missing checks for
+array size.
+
+Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
+Signed-off-by: Darren Hart <dvhart@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/platform/x86/dell-wmi.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+--- a/drivers/platform/x86/dell-wmi.c
++++ b/drivers/platform/x86/dell-wmi.c
+@@ -163,18 +163,24 @@ static void dell_wmi_notify(u32 value, v
+ const struct key_entry *key;
+ int reported_key;
+ u16 *buffer_entry = (u16 *)obj->buffer.pointer;
++ int buffer_size = obj->buffer.length/2;
+
+- if (dell_new_hk_type && (buffer_entry[1] != 0x10)) {
++ if (buffer_size >= 2 && dell_new_hk_type && buffer_entry[1] != 0x10) {
+ pr_info("Received unknown WMI event (0x%x)\n",
+ buffer_entry[1]);
+ kfree(obj);
+ return;
+ }
+
+- if (dell_new_hk_type || buffer_entry[1] == 0x0)
++ if (buffer_size >= 3 && (dell_new_hk_type || buffer_entry[1] == 0x0))
+ reported_key = (int)buffer_entry[2];
+- else
++ else if (buffer_size >= 2)
+ reported_key = (int)buffer_entry[1] & 0xffff;
++ else {
++ pr_info("Received unknown WMI event\n");
++ kfree(obj);
++ return;
++ }
+
+ key = sparse_keymap_entry_from_scancode(dell_wmi_input_dev,
+ reported_key);
--- /dev/null
+From 19aeb5a65f1a6504fc665466c188241e7393d66f Mon Sep 17 00:00:00 2001
+From: Bob Peterson <rpeterso@redhat.com>
+Date: Mon, 29 Sep 2014 08:52:04 -0400
+Subject: GFS2: Make rename not save dirent location
+
+From: Bob Peterson <rpeterso@redhat.com>
+
+commit 19aeb5a65f1a6504fc665466c188241e7393d66f upstream.
+
+This patch fixes a regression in the patch "GFS2: Remember directory
+insert point", commit 2b47dad866d04f14c328f888ba5406057b8c7d33.
+The problem had to do with the rename function: The function found
+space for the new dirent, and remembered that location. But then the
+old dirent was removed, which often moved the eligible location for
+the renamed dirent. Putting the new dirent at the saved location
+caused file system corruption.
+
+This patch adds a new "save_loc" variable to struct gfs2_diradd.
+If 1, the dirent location is saved. If 0, the dirent location is not
+saved and the buffer_head is released as per previous behavior.
+
+Signed-off-by: Bob Peterson <rpeterso@redhat.com>
+Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/gfs2/dir.c | 9 +++++++--
+ fs/gfs2/dir.h | 1 +
+ fs/gfs2/inode.c | 6 +++---
+ 3 files changed, 11 insertions(+), 5 deletions(-)
+
+--- a/fs/gfs2/dir.c
++++ b/fs/gfs2/dir.c
+@@ -2100,8 +2100,13 @@ int gfs2_diradd_alloc_required(struct in
+ }
+ if (IS_ERR(dent))
+ return PTR_ERR(dent);
+- da->bh = bh;
+- da->dent = dent;
++
++ if (da->save_loc) {
++ da->bh = bh;
++ da->dent = dent;
++ } else {
++ brelse(bh);
++ }
+ return 0;
+ }
+
+--- a/fs/gfs2/dir.h
++++ b/fs/gfs2/dir.h
+@@ -23,6 +23,7 @@ struct gfs2_diradd {
+ unsigned nr_blocks;
+ struct gfs2_dirent *dent;
+ struct buffer_head *bh;
++ int save_loc;
+ };
+
+ extern struct inode *gfs2_dir_search(struct inode *dir,
+--- a/fs/gfs2/inode.c
++++ b/fs/gfs2/inode.c
+@@ -600,7 +600,7 @@ static int gfs2_create_inode(struct inod
+ int error, free_vfs_inode = 0;
+ u32 aflags = 0;
+ unsigned blocks = 1;
+- struct gfs2_diradd da = { .bh = NULL, };
++ struct gfs2_diradd da = { .bh = NULL, .save_loc = 1, };
+
+ if (!name->len || name->len > GFS2_FNAMESIZE)
+ return -ENAMETOOLONG;
+@@ -899,7 +899,7 @@ static int gfs2_link(struct dentry *old_
+ struct gfs2_inode *ip = GFS2_I(inode);
+ struct gfs2_holder ghs[2];
+ struct buffer_head *dibh;
+- struct gfs2_diradd da = { .bh = NULL, };
++ struct gfs2_diradd da = { .bh = NULL, .save_loc = 1, };
+ int error;
+
+ if (S_ISDIR(inode->i_mode))
+@@ -1337,7 +1337,7 @@ static int gfs2_rename(struct inode *odi
+ struct gfs2_rgrpd *nrgd;
+ unsigned int num_gh;
+ int dir_rename = 0;
+- struct gfs2_diradd da = { .nr_blocks = 0, };
++ struct gfs2_diradd da = { .nr_blocks = 0, .save_loc = 0, };
+ unsigned int x;
+ int error;
+
--- /dev/null
+From 8b0f93d9490653a7b9fc91f3570089132faed1c0 Mon Sep 17 00:00:00 2001
+From: Devesh Sharma <devesh.sharma@emulex.com>
+Date: Fri, 26 Sep 2014 20:45:32 +0530
+Subject: IB/core: Clear AH attr variable to prevent garbage data
+
+From: Devesh Sharma <devesh.sharma@emulex.com>
+
+commit 8b0f93d9490653a7b9fc91f3570089132faed1c0 upstream.
+
+During create-ah from userspace, uverbs is sending garbage data in
+attr.dmac and attr.vlan_id. This patch sets attr.dmac and
+attr.vlan_id to zero.
+
+Fixes: dd5f03beb4f7 ("IB/core: Ethernet L2 attributes in verbs/cm structures")
+Signed-off-by: Devesh Sharma <devesh.sharma@emulex.com>
+Signed-off-by: Roland Dreier <roland@purestorage.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/core/uverbs_cmd.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/infiniband/core/uverbs_cmd.c
++++ b/drivers/infiniband/core/uverbs_cmd.c
+@@ -2518,6 +2518,8 @@ ssize_t ib_uverbs_create_ah(struct ib_uv
+ attr.grh.sgid_index = cmd.attr.grh.sgid_index;
+ attr.grh.hop_limit = cmd.attr.grh.hop_limit;
+ attr.grh.traffic_class = cmd.attr.grh.traffic_class;
++ attr.vlan_id = 0;
++ memset(&attr.dmac, 0, sizeof(attr.dmac));
+ memcpy(attr.grh.dgid.raw, cmd.attr.grh.dgid, 16);
+
+ ah = ib_create_ah(pd, &attr);
--- /dev/null
+From 1195d94e006b23c6292e78857e154872e33b6d7e Mon Sep 17 00:00:00 2001
+From: Andrey Vagin <avagin@openvz.org>
+Date: Mon, 13 Oct 2014 15:54:10 -0700
+Subject: ipc: always handle a new value of auto_msgmni
+
+From: Andrey Vagin <avagin@openvz.org>
+
+commit 1195d94e006b23c6292e78857e154872e33b6d7e upstream.
+
+proc_dointvec_minmax() returns zero if a new value has been set. So we
+don't need to check all charecters have been handled.
+
+Below you can find two examples. In the new value has not been handled
+properly.
+
+$ strace ./a.out
+open("/proc/sys/kernel/auto_msgmni", O_WRONLY) = 3
+write(3, "0\n\0", 3) = 2
+close(3) = 0
+exit_group(0)
+$ cat /sys/kernel/debug/tracing/trace
+
+$strace ./a.out
+open("/proc/sys/kernel/auto_msgmni", O_WRONLY) = 3
+write(3, "0\n", 2) = 2
+close(3) = 0
+
+$ cat /sys/kernel/debug/tracing/trace
+a.out-697 [000] .... 3280.998235: unregister_ipcns_notifier <-proc_ipcauto_dointvec_minmax
+
+Fixes: 9eefe520c814 ("ipc: do not use a negative value to re-enable msgmni automatic recomputin")
+Signed-off-by: Andrey Vagin <avagin@openvz.org>
+Cc: Mathias Krause <minipli@googlemail.com>
+Cc: Manfred Spraul <manfred@colorfullife.com>
+Cc: Joe Perches <joe@perches.com>
+Cc: Davidlohr Bueso <davidlohr@hp.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ ipc/ipc_sysctl.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/ipc/ipc_sysctl.c
++++ b/ipc/ipc_sysctl.c
+@@ -123,7 +123,6 @@ static int proc_ipcauto_dointvec_minmax(
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+ {
+ struct ctl_table ipc_table;
+- size_t lenp_bef = *lenp;
+ int oldval;
+ int rc;
+
+@@ -133,7 +132,7 @@ static int proc_ipcauto_dointvec_minmax(
+
+ rc = proc_dointvec_minmax(&ipc_table, write, buffer, lenp, ppos);
+
+- if (write && !rc && lenp_bef == *lenp) {
++ if (write && !rc) {
+ int newval = *((int *)(ipc_table.data));
+ /*
+ * The file "auto_msgmni" has correctly been set.
--- /dev/null
+From 107bcc6d566cb40184068d888637f9aefe6252dd Mon Sep 17 00:00:00 2001
+From: Bjorn Helgaas <bhelgaas@google.com>
+Date: Mon, 13 Oct 2014 19:00:25 -0600
+Subject: kgdb: Remove "weak" from kgdb_arch_pc() declaration
+
+From: Bjorn Helgaas <bhelgaas@google.com>
+
+commit 107bcc6d566cb40184068d888637f9aefe6252dd upstream.
+
+kernel/debug/debug_core.c provides a default kgdb_arch_pc() definition
+explicitly marked "weak". Several architectures provide their own
+definitions intended to override the default, but the "weak" attribute on
+the declaration applied to the arch definitions as well, so the linker
+chose one based on link order (see 10629d711ed7 ("PCI: Remove __weak
+annotation from pcibios_get_phb_of_node decl")).
+
+Remove the "weak" attribute from the declaration so we always prefer a
+non-weak definition over the weak one, independent of link order.
+
+Fixes: 688b744d8bc8 ("kgdb: fix signedness mixmatches, add statics, add declaration to header")
+Tested-by: Vineet Gupta <vgupta@synopsys.com> # for ARC build
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Reviewed-by: Harvey Harrison <harvey.harrison@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/kgdb.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/linux/kgdb.h
++++ b/include/linux/kgdb.h
+@@ -283,7 +283,7 @@ struct kgdb_io {
+
+ extern struct kgdb_arch arch_kgdb_ops;
+
+-extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs);
++extern unsigned long kgdb_arch_pc(int exception, struct pt_regs *regs);
+
+ #ifdef CONFIG_SERIAL_KGDB_NMI
+ extern int kgdb_register_nmi_console(void);
--- /dev/null
+From e0a8400c6923a163265d52798cdd4c33f3f8ab5a Mon Sep 17 00:00:00 2001
+From: Bjorn Helgaas <bhelgaas@google.com>
+Date: Mon, 13 Oct 2014 19:00:47 -0600
+Subject: memory-hotplug: Remove "weak" from memory_block_size_bytes() declaration
+
+From: Bjorn Helgaas <bhelgaas@google.com>
+
+commit e0a8400c6923a163265d52798cdd4c33f3f8ab5a upstream.
+
+drivers/base/memory.c provides a default memory_block_size_bytes()
+definition explicitly marked "weak". Several architectures provide their
+own definitions intended to override the default, but the "weak" attribute
+on the declaration applied to the arch definitions as well, so the linker
+chose one based on link order (see 10629d711ed7 ("PCI: Remove __weak
+annotation from pcibios_get_phb_of_node decl")).
+
+Remove the "weak" attribute from the declaration so we always prefer a
+non-weak definition over the weak one, independent of link order.
+
+Fixes: 41f107266b19 ("drivers: base: Add prototype declaration to the header file")
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Acked-by: Andrew Morton <akpm@linux-foundation.org>
+CC: Rashika Kheria <rashika.kheria@gmail.com>
+CC: Nathan Fontenot <nfont@austin.ibm.com>
+CC: Anton Blanchard <anton@au1.ibm.com>
+CC: Heiko Carstens <heiko.carstens@de.ibm.com>
+CC: Yinghai Lu <yinghai@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/memory.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/linux/memory.h
++++ b/include/linux/memory.h
+@@ -35,7 +35,7 @@ struct memory_block {
+ };
+
+ int arch_get_memory_phys_device(unsigned long start_pfn);
+-unsigned long __weak memory_block_size_bytes(void);
++unsigned long memory_block_size_bytes(void);
+
+ /* These states are exposed to userspace as text strings in sysfs */
+ #define MEM_ONLINE (1<<0) /* exposed to userspace */
--- /dev/null
+From 6d50e60cd2edb5a57154db5a6f64eef5aa59b751 Mon Sep 17 00:00:00 2001
+From: David Rientjes <rientjes@google.com>
+Date: Wed, 29 Oct 2014 14:50:31 -0700
+Subject: mm, thp: fix collapsing of hugepages on madvise
+
+From: David Rientjes <rientjes@google.com>
+
+commit 6d50e60cd2edb5a57154db5a6f64eef5aa59b751 upstream.
+
+If an anonymous mapping is not allowed to fault thp memory and then
+madvise(MADV_HUGEPAGE) is used after fault, khugepaged will never
+collapse this memory into thp memory.
+
+This occurs because the madvise(2) handler for thp, hugepage_madvise(),
+clears VM_NOHUGEPAGE on the stack and it isn't stored in vma->vm_flags
+until the final action of madvise_behavior(). This causes the
+khugepaged_enter_vma_merge() to be a no-op in hugepage_madvise() when
+the vma had previously had VM_NOHUGEPAGE set.
+
+Fix this by passing the correct vma flags to the khugepaged mm slot
+handler. There's no chance khugepaged can run on this vma until after
+madvise_behavior() returns since we hold mm->mmap_sem.
+
+It would be possible to clear VM_NOHUGEPAGE directly from vma->vm_flags
+in hugepage_advise(), but I didn't want to introduce special case
+behavior into madvise_behavior(). I think it's best to just let it
+always set vma->vm_flags itself.
+
+Signed-off-by: David Rientjes <rientjes@google.com>
+Reported-by: Suleiman Souhlal <suleiman@google.com>
+Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
+Cc: Andrea Arcangeli <aarcange@redhat.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/khugepaged.h | 17 ++++++++++-------
+ mm/huge_memory.c | 11 ++++++-----
+ mm/mmap.c | 8 ++++----
+ 3 files changed, 20 insertions(+), 16 deletions(-)
+
+--- a/include/linux/khugepaged.h
++++ b/include/linux/khugepaged.h
+@@ -6,7 +6,8 @@
+ #ifdef CONFIG_TRANSPARENT_HUGEPAGE
+ extern int __khugepaged_enter(struct mm_struct *mm);
+ extern void __khugepaged_exit(struct mm_struct *mm);
+-extern int khugepaged_enter_vma_merge(struct vm_area_struct *vma);
++extern int khugepaged_enter_vma_merge(struct vm_area_struct *vma,
++ unsigned long vm_flags);
+
+ #define khugepaged_enabled() \
+ (transparent_hugepage_flags & \
+@@ -35,13 +36,13 @@ static inline void khugepaged_exit(struc
+ __khugepaged_exit(mm);
+ }
+
+-static inline int khugepaged_enter(struct vm_area_struct *vma)
++static inline int khugepaged_enter(struct vm_area_struct *vma,
++ unsigned long vm_flags)
+ {
+ if (!test_bit(MMF_VM_HUGEPAGE, &vma->vm_mm->flags))
+ if ((khugepaged_always() ||
+- (khugepaged_req_madv() &&
+- vma->vm_flags & VM_HUGEPAGE)) &&
+- !(vma->vm_flags & VM_NOHUGEPAGE))
++ (khugepaged_req_madv() && (vm_flags & VM_HUGEPAGE))) &&
++ !(vm_flags & VM_NOHUGEPAGE))
+ if (__khugepaged_enter(vma->vm_mm))
+ return -ENOMEM;
+ return 0;
+@@ -54,11 +55,13 @@ static inline int khugepaged_fork(struct
+ static inline void khugepaged_exit(struct mm_struct *mm)
+ {
+ }
+-static inline int khugepaged_enter(struct vm_area_struct *vma)
++static inline int khugepaged_enter(struct vm_area_struct *vma,
++ unsigned long vm_flags)
+ {
+ return 0;
+ }
+-static inline int khugepaged_enter_vma_merge(struct vm_area_struct *vma)
++static inline int khugepaged_enter_vma_merge(struct vm_area_struct *vma,
++ unsigned long vm_flags)
+ {
+ return 0;
+ }
+--- a/mm/huge_memory.c
++++ b/mm/huge_memory.c
+@@ -803,7 +803,7 @@ int do_huge_pmd_anonymous_page(struct mm
+ return VM_FAULT_FALLBACK;
+ if (unlikely(anon_vma_prepare(vma)))
+ return VM_FAULT_OOM;
+- if (unlikely(khugepaged_enter(vma)))
++ if (unlikely(khugepaged_enter(vma, vma->vm_flags)))
+ return VM_FAULT_OOM;
+ if (!(flags & FAULT_FLAG_WRITE) &&
+ transparent_hugepage_use_zero_page()) {
+@@ -1970,7 +1970,7 @@ int hugepage_madvise(struct vm_area_stru
+ * register it here without waiting a page fault that
+ * may not happen any time soon.
+ */
+- if (unlikely(khugepaged_enter_vma_merge(vma)))
++ if (unlikely(khugepaged_enter_vma_merge(vma, *vm_flags)))
+ return -ENOMEM;
+ break;
+ case MADV_NOHUGEPAGE:
+@@ -2071,7 +2071,8 @@ int __khugepaged_enter(struct mm_struct
+ return 0;
+ }
+
+-int khugepaged_enter_vma_merge(struct vm_area_struct *vma)
++int khugepaged_enter_vma_merge(struct vm_area_struct *vma,
++ unsigned long vm_flags)
+ {
+ unsigned long hstart, hend;
+ if (!vma->anon_vma)
+@@ -2083,11 +2084,11 @@ int khugepaged_enter_vma_merge(struct vm
+ if (vma->vm_ops)
+ /* khugepaged not yet working on file or special mappings */
+ return 0;
+- VM_BUG_ON(vma->vm_flags & VM_NO_THP);
++ VM_BUG_ON(vm_flags & VM_NO_THP);
+ hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
+ hend = vma->vm_end & HPAGE_PMD_MASK;
+ if (hstart < hend)
+- return khugepaged_enter(vma);
++ return khugepaged_enter(vma, vm_flags);
+ return 0;
+ }
+
+--- a/mm/mmap.c
++++ b/mm/mmap.c
+@@ -1056,7 +1056,7 @@ struct vm_area_struct *vma_merge(struct
+ end, prev->vm_pgoff, NULL);
+ if (err)
+ return NULL;
+- khugepaged_enter_vma_merge(prev);
++ khugepaged_enter_vma_merge(prev, vm_flags);
+ return prev;
+ }
+
+@@ -1075,7 +1075,7 @@ struct vm_area_struct *vma_merge(struct
+ next->vm_pgoff - pglen, NULL);
+ if (err)
+ return NULL;
+- khugepaged_enter_vma_merge(area);
++ khugepaged_enter_vma_merge(area, vm_flags);
+ return area;
+ }
+
+@@ -2192,7 +2192,7 @@ int expand_upwards(struct vm_area_struct
+ }
+ }
+ vma_unlock_anon_vma(vma);
+- khugepaged_enter_vma_merge(vma);
++ khugepaged_enter_vma_merge(vma, vma->vm_flags);
+ validate_mm(vma->vm_mm);
+ return error;
+ }
+@@ -2261,7 +2261,7 @@ int expand_downwards(struct vm_area_stru
+ }
+ }
+ vma_unlock_anon_vma(vma);
+- khugepaged_enter_vma_merge(vma);
++ khugepaged_enter_vma_merge(vma, vma->vm_flags);
+ validate_mm(vma->vm_mm);
+ return error;
+ }
--- /dev/null
+From 8edf0047f4b8e03d94ef88f5a7dec146cce03a06 Mon Sep 17 00:00:00 2001
+From: Florian Fainelli <f.fainelli@gmail.com>
+Date: Tue, 28 Oct 2014 11:12:00 -0700
+Subject: net: systemport: enable RX interrupts after NAPI
+
+From: Florian Fainelli <f.fainelli@gmail.com>
+
+commit 8edf0047f4b8e03d94ef88f5a7dec146cce03a06 upstream.
+
+There is currently a small window during which the SYSTEMPORT adapter
+enables its RX interrupts without having enabled its NAPI handler, which
+can result in packets to be discarded during interface bringup.
+
+A similar but more serious window exists in bcm_sysport_resume() during
+which we can have the RDMA engine not fully prepared to receive packets
+and yet having RX interrupts enabled.
+
+Fix this my moving the RX interrupt enable down to
+bcm_sysport_netif_start() after napi_enable() for the RX path is called,
+which fixes both call sites: bcm_sysport_open() and
+bcm_sysport_resume().
+
+Fixes: b02e6d9ba7ad ("net: systemport: add bcm_sysport_netif_{enable,stop}")
+Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/broadcom/bcmsysport.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+--- a/drivers/net/ethernet/broadcom/bcmsysport.c
++++ b/drivers/net/ethernet/broadcom/bcmsysport.c
+@@ -1384,6 +1384,9 @@ static void bcm_sysport_netif_start(stru
+ /* Enable NAPI */
+ napi_enable(&priv->napi);
+
++ /* Enable RX interrupt and TX ring full interrupt */
++ intrl2_0_mask_clear(priv, INTRL2_0_RDMA_MBDONE | INTRL2_0_TX_RING_FULL);
++
+ phy_start(priv->phydev);
+
+ /* Enable TX interrupts for the 32 TXQs */
+@@ -1486,9 +1489,6 @@ static int bcm_sysport_open(struct net_d
+ if (ret)
+ goto out_free_rx_ring;
+
+- /* Enable RX interrupt and TX ring full interrupt */
+- intrl2_0_mask_clear(priv, INTRL2_0_RDMA_MBDONE | INTRL2_0_TX_RING_FULL);
+-
+ /* Turn on TDMA */
+ ret = tdma_enable_set(priv, 1);
+ if (ret)
+@@ -1872,9 +1872,6 @@ static int bcm_sysport_resume(struct dev
+
+ netif_device_attach(dev);
+
+- /* Enable RX interrupt and TX ring full interrupt */
+- intrl2_0_mask_clear(priv, INTRL2_0_RDMA_MBDONE | INTRL2_0_TX_RING_FULL);
+-
+ /* RX pipe enable */
+ topctrl_writel(priv, 0, RX_FLUSH_CNTL);
+
--- /dev/null
+From 704d33e7006f20f9b4fa7d24a0f08c4b5919b131 Mon Sep 17 00:00:00 2001
+From: Florian Fainelli <f.fainelli@gmail.com>
+Date: Tue, 28 Oct 2014 11:12:01 -0700
+Subject: net: systemport: reset UniMAC coming out of a suspend cycle
+
+From: Florian Fainelli <f.fainelli@gmail.com>
+
+commit 704d33e7006f20f9b4fa7d24a0f08c4b5919b131 upstream.
+
+bcm_sysport_resume() was missing an UniMAC reset which can lead to
+various receive FIFO corruptions coming out of a suspend cycle. If the
+RX FIFO is stuck, it will deliver corrupted/duplicate packets towards
+the host CPU interface.
+
+This could be reproduced on crowded network and when Wake-on-LAN is
+enabled for this particular interface because the switch still forwards
+packets towards the host CPU interface (SYSTEMPORT), and we had to leave
+the UniMAC RX enable bit on to allow matching MagicPackets.
+
+Once we re-enter the resume function, there is a small window during
+which the UniMAC receive is still enabled, and we start queueing
+packets, but the RDMA and RBUF engines are not ready, which leads to
+having packets stuck in the UniMAC RX FIFO, ultimately delivered towards
+the host CPU as corrupted.
+
+Fixes: 40755a0fce17 ("net: systemport: add suspend and resume support")
+Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/broadcom/bcmsysport.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/net/ethernet/broadcom/bcmsysport.c
++++ b/drivers/net/ethernet/broadcom/bcmsysport.c
+@@ -1845,6 +1845,8 @@ static int bcm_sysport_resume(struct dev
+ if (!netif_running(dev))
+ return 0;
+
++ umac_reset(priv);
++
+ /* We may have been suspended and never received a WOL event that
+ * would turn off MPD detection, take care of that now
+ */
--- /dev/null
+From 0f9f5e1b83abd2b37c67658e02a6fc9001831fa5 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Tue, 21 Oct 2014 11:28:12 +0300
+Subject: netfilter: ipset: off by one in ip_set_nfnl_get_byindex()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 0f9f5e1b83abd2b37c67658e02a6fc9001831fa5 upstream.
+
+The ->ip_set_list[] array is initialized in ip_set_net_init() and it
+has ->ip_set_max elements so this check should be >= instead of >
+otherwise we are off by one.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/ipset/ip_set_core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/ipset/ip_set_core.c
++++ b/net/netfilter/ipset/ip_set_core.c
+@@ -635,7 +635,7 @@ ip_set_nfnl_get_byindex(struct net *net,
+ struct ip_set *set;
+ struct ip_set_net *inst = ip_set_pernet(net);
+
+- if (index > inst->ip_set_max)
++ if (index >= inst->ip_set_max)
+ return IPSET_INVALID_ID;
+
+ nfnl_lock(NFNL_SUBSYS_IPSET);
--- /dev/null
+From 9dfa1dfe4d5e5e66a991321ab08afe69759d797a Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Thu, 23 Oct 2014 10:36:06 +0200
+Subject: netfilter: nf_log: account for size of NLMSG_DONE attribute
+
+From: Florian Westphal <fw@strlen.de>
+
+commit 9dfa1dfe4d5e5e66a991321ab08afe69759d797a upstream.
+
+We currently neither account for the nlattr size, nor do we consider
+the size of the trailing NLMSG_DONE when allocating nlmsg skb.
+
+This can result in nflog to stop working, as __nfulnl_send() re-tries
+sending forever if it failed to append NLMSG_DONE (which will never
+work if buffer is not large enough).
+
+Reported-by: Houcheng Lin <houcheng@gmail.com>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nfnetlink_log.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/net/netfilter/nfnetlink_log.c
++++ b/net/netfilter/nfnetlink_log.c
+@@ -649,7 +649,8 @@ nfulnl_log_packet(struct net *net,
+ + nla_total_size(sizeof(u_int32_t)) /* gid */
+ + nla_total_size(plen) /* prefix */
+ + nla_total_size(sizeof(struct nfulnl_msg_packet_hw))
+- + nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp));
++ + nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp))
++ + nla_total_size(sizeof(struct nfgenmsg)); /* NLMSG_DONE */
+
+ if (in && skb_mac_header_was_set(skb)) {
+ size += nla_total_size(skb->dev->hard_header_len)
+@@ -692,8 +693,7 @@ nfulnl_log_packet(struct net *net,
+ goto unlock_and_release;
+ }
+
+- if (inst->skb &&
+- size > skb_tailroom(inst->skb) - sizeof(struct nfgenmsg)) {
++ if (inst->skb && size > skb_tailroom(inst->skb)) {
+ /* either the queue len is too high or we don't have
+ * enough room in the skb left. flush to userspace. */
+ __nfulnl_flush(inst);
--- /dev/null
+From b51d3fa364885a2c1e1668f88776c67c95291820 Mon Sep 17 00:00:00 2001
+From: Houcheng Lin <houcheng@gmail.com>
+Date: Thu, 23 Oct 2014 10:36:08 +0200
+Subject: netfilter: nf_log: release skbuff on nlmsg put failure
+
+From: Houcheng Lin <houcheng@gmail.com>
+
+commit b51d3fa364885a2c1e1668f88776c67c95291820 upstream.
+
+The kernel should reserve enough room in the skb so that the DONE
+message can always be appended. However, in case of e.g. new attribute
+erronously not being size-accounted for, __nfulnl_send() will still
+try to put next nlmsg into this full skbuf, causing the skb to be stuck
+forever and blocking delivery of further messages.
+
+Fix issue by releasing skb immediately after nlmsg_put error and
+WARN() so we can track down the cause of such size mismatch.
+
+[ fw@strlen.de: add tailroom/len info to WARN ]
+
+Signed-off-by: Houcheng Lin <houcheng@gmail.com>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nfnetlink_log.c | 17 ++++++++---------
+ 1 file changed, 8 insertions(+), 9 deletions(-)
+
+--- a/net/netfilter/nfnetlink_log.c
++++ b/net/netfilter/nfnetlink_log.c
+@@ -346,26 +346,25 @@ nfulnl_alloc_skb(struct net *net, u32 pe
+ return skb;
+ }
+
+-static int
++static void
+ __nfulnl_send(struct nfulnl_instance *inst)
+ {
+- int status = -1;
+-
+ if (inst->qlen > 1) {
+ struct nlmsghdr *nlh = nlmsg_put(inst->skb, 0, 0,
+ NLMSG_DONE,
+ sizeof(struct nfgenmsg),
+ 0);
+- if (!nlh)
++ if (WARN_ONCE(!nlh, "bad nlskb size: %u, tailroom %d\n",
++ inst->skb->len, skb_tailroom(inst->skb))) {
++ kfree_skb(inst->skb);
+ goto out;
++ }
+ }
+- status = nfnetlink_unicast(inst->skb, inst->net, inst->peer_portid,
+- MSG_DONTWAIT);
+-
++ nfnetlink_unicast(inst->skb, inst->net, inst->peer_portid,
++ MSG_DONTWAIT);
++out:
+ inst->qlen = 0;
+ inst->skb = NULL;
+-out:
+- return status;
+ }
+
+ static void
--- /dev/null
+From c123bb7163043bb8f33858cf8e45b01c17dbd171 Mon Sep 17 00:00:00 2001
+From: Sabrina Dubroca <sd@queasysnail.net>
+Date: Tue, 21 Oct 2014 11:08:21 +0200
+Subject: netfilter: nf_tables: check for NULL in nf_tables_newchain pcpu stats allocation
+
+From: Sabrina Dubroca <sd@queasysnail.net>
+
+commit c123bb7163043bb8f33858cf8e45b01c17dbd171 upstream.
+
+alloc_percpu returns NULL on failure, not a negative error code.
+
+Fixes: ff3cd7b3c922 ("netfilter: nf_tables: refactor chain statistic routines")
+Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nf_tables_api.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -1102,10 +1102,10 @@ static int nf_tables_newchain(struct soc
+ basechain->stats = stats;
+ } else {
+ stats = netdev_alloc_pcpu_stats(struct nft_stats);
+- if (IS_ERR(stats)) {
++ if (stats == NULL) {
+ module_put(type->owner);
+ kfree(basechain);
+- return PTR_ERR(stats);
++ return -ENOMEM;
+ }
+ rcu_assign_pointer(basechain->stats, stats);
+ }
--- /dev/null
+From c1e7dc91eed0ed1a51c9b814d648db18bf8fc6e9 Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Thu, 23 Oct 2014 10:36:07 +0200
+Subject: netfilter: nfnetlink_log: fix maximum packet length logged to userspace
+
+From: Florian Westphal <fw@strlen.de>
+
+commit c1e7dc91eed0ed1a51c9b814d648db18bf8fc6e9 upstream.
+
+don't try to queue payloads > 0xffff - NLA_HDRLEN, it does not work.
+The nla length includes the size of the nla struct, so anything larger
+results in u16 integer overflow.
+
+This patch is similar to
+9cefbbc9c8f9abe (netfilter: nfnetlink_queue: cleanup copy_range usage).
+
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nfnetlink_log.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/net/netfilter/nfnetlink_log.c
++++ b/net/netfilter/nfnetlink_log.c
+@@ -43,7 +43,8 @@
+ #define NFULNL_NLBUFSIZ_DEFAULT NLMSG_GOODSIZE
+ #define NFULNL_TIMEOUT_DEFAULT 100 /* every second */
+ #define NFULNL_QTHRESH_DEFAULT 100 /* 100 packets */
+-#define NFULNL_COPY_RANGE_MAX 0xFFFF /* max packet size is limited by 16-bit struct nfattr nfa_len field */
++/* max packet size is limited by 16-bit struct nfattr nfa_len field */
++#define NFULNL_COPY_RANGE_MAX (0xFFFF - NLA_HDRLEN)
+
+ #define PRINTR(x, args...) do { if (net_ratelimit()) \
+ printk(x, ## args); } while (0);
+@@ -252,6 +253,8 @@ nfulnl_set_mode(struct nfulnl_instance *
+
+ case NFULNL_COPY_PACKET:
+ inst->copy_mode = mode;
++ if (range == 0)
++ range = NFULNL_COPY_RANGE_MAX;
+ inst->copy_range = min_t(unsigned int,
+ range, NFULNL_COPY_RANGE_MAX);
+ break;
+@@ -679,8 +682,7 @@ nfulnl_log_packet(struct net *net,
+ break;
+
+ case NFULNL_COPY_PACKET:
+- if (inst->copy_range == 0
+- || inst->copy_range > skb->len)
++ if (inst->copy_range > skb->len)
+ data_len = skb->len;
+ else
+ data_len = inst->copy_range;
--- /dev/null
+From 7965ee93719921ea5978f331da653dfa2d7b99f5 Mon Sep 17 00:00:00 2001
+From: Arturo Borrero <arturo.borrero.glez@gmail.com>
+Date: Sun, 26 Oct 2014 12:22:40 +0100
+Subject: netfilter: nft_compat: fix wrong target lookup in nft_target_select_ops()
+
+From: Arturo Borrero <arturo.borrero.glez@gmail.com>
+
+commit 7965ee93719921ea5978f331da653dfa2d7b99f5 upstream.
+
+The code looks for an already loaded target, and the correct list to search
+is nft_target_list, not nft_match_list.
+
+Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nft_compat.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/nft_compat.c
++++ b/net/netfilter/nft_compat.c
+@@ -696,7 +696,7 @@ nft_target_select_ops(const struct nft_c
+ family = ctx->afi->family;
+
+ /* Re-use the existing target if it's already loaded. */
+- list_for_each_entry(nft_target, &nft_match_list, head) {
++ list_for_each_entry(nft_target, &nft_target_list, head) {
+ struct xt_target *target = nft_target->ops.data;
+
+ if (strcmp(target->name, tg_name) == 0 &&
--- /dev/null
+From e10038a8ec06ac819b7552bb67aaa6d2d6f850c1 Mon Sep 17 00:00:00 2001
+From: Pablo Neira <pablo@netfilter.org>
+Date: Tue, 29 Jul 2014 18:12:15 +0200
+Subject: netfilter: xt_bpf: add mising opaque struct sk_filter definition
+
+From: Pablo Neira <pablo@netfilter.org>
+
+commit e10038a8ec06ac819b7552bb67aaa6d2d6f850c1 upstream.
+
+This structure is not exposed to userspace, so fix this by defining
+struct sk_filter; so we skip the casting in kernelspace. This is safe
+since userspace has no way to lurk with that internal pointer.
+
+Fixes: e6f30c7 ("netfilter: x_tables: add xt_bpf match")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Acked-by: Willem de Bruijn <willemb@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/uapi/linux/netfilter/xt_bpf.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/include/uapi/linux/netfilter/xt_bpf.h
++++ b/include/uapi/linux/netfilter/xt_bpf.h
+@@ -8,6 +8,8 @@
+
+ struct bpf_prog;
+
++struct sk_filter;
++
+ struct xt_bpf_info {
+ __u16 bpf_program_num_elem;
+ struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR];
--- /dev/null
+From 70145f87139fbc43b726f873813cd91dce371899 Mon Sep 17 00:00:00 2001
+From: Geert Uytterhoeven <geert+renesas@glider.be>
+Date: Thu, 28 Aug 2014 11:03:14 +0200
+Subject: pwm: Fix uninitialized warnings in pwm_get()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Geert Uytterhoeven <geert+renesas@glider.be>
+
+commit 70145f87139fbc43b726f873813cd91dce371899 upstream.
+
+With some versions of gcc (e.g. 4.1.2):
+
+drivers/pwm/core.c: In function ‘pwm_get’:
+drivers/pwm/core.c:610: warning: ‘polarity’ may be used uninitialized in this function
+drivers/pwm/core.c:609: warning: ‘period’ may be used uninitialized in this function
+
+While these are false positives, we can get rid of them by refactoring
+the code to store a pointer to the best match, as suggested before by
+Thierry Reding. This does require moving the mutex_unlock() down.
+
+Fixes: d717ea73e36dd565 ("pwm: Fix period and polarity in pwm_get() for non-perfect matches")
+Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pwm/core.c | 29 ++++++++++++++---------------
+ 1 file changed, 14 insertions(+), 15 deletions(-)
+
+--- a/drivers/pwm/core.c
++++ b/drivers/pwm/core.c
+@@ -602,12 +602,9 @@ struct pwm_device *pwm_get(struct device
+ struct pwm_device *pwm = ERR_PTR(-EPROBE_DEFER);
+ const char *dev_id = dev ? dev_name(dev) : NULL;
+ struct pwm_chip *chip = NULL;
+- unsigned int index = 0;
+ unsigned int best = 0;
+- struct pwm_lookup *p;
++ struct pwm_lookup *p, *chosen = NULL;
+ unsigned int match;
+- unsigned int period;
+- enum pwm_polarity polarity;
+
+ /* look up via DT first */
+ if (IS_ENABLED(CONFIG_OF) && dev && dev->of_node)
+@@ -653,10 +650,7 @@ struct pwm_device *pwm_get(struct device
+ }
+
+ if (match > best) {
+- chip = pwmchip_find_by_name(p->provider);
+- index = p->index;
+- period = p->period;
+- polarity = p->polarity;
++ chosen = p;
+
+ if (match != 3)
+ best = match;
+@@ -665,17 +659,22 @@ struct pwm_device *pwm_get(struct device
+ }
+ }
+
+- mutex_unlock(&pwm_lookup_lock);
++ if (!chosen)
++ goto out;
+
+- if (chip)
+- pwm = pwm_request_from_chip(chip, index, con_id ?: dev_id);
+- if (IS_ERR(pwm))
+- return pwm;
++ chip = pwmchip_find_by_name(chosen->provider);
++ if (!chip)
++ goto out;
+
+- pwm_set_period(pwm, period);
+- pwm_set_polarity(pwm, polarity);
++ pwm = pwm_request_from_chip(chip, chosen->index, con_id ?: dev_id);
++ if (IS_ERR(pwm))
++ goto out;
+
++ pwm_set_period(pwm, chosen->period);
++ pwm_set_polarity(pwm, chosen->polarity);
+
++out:
++ mutex_unlock(&pwm_lookup_lock);
+ return pwm;
+ }
+ EXPORT_SYMBOL_GPL(pwm_get);
--- /dev/null
+From 2aa792e6faf1a00f5accf1f69e87e11a390ba2cd Mon Sep 17 00:00:00 2001
+From: Pranith Kumar <bobby.prani@gmail.com>
+Date: Tue, 12 Aug 2014 13:07:47 -0400
+Subject: rcu: Use rcu_gp_kthread_wake() to wake up grace period kthreads
+
+From: Pranith Kumar <bobby.prani@gmail.com>
+
+commit 2aa792e6faf1a00f5accf1f69e87e11a390ba2cd upstream.
+
+The rcu_gp_kthread_wake() function checks for three conditions before
+waking up grace period kthreads:
+
+* Is the thread we are trying to wake up the current thread?
+* Are the gp_flags zero? (all threads wait on non-zero gp_flags condition)
+* Is there no thread created for this flavour, hence nothing to wake up?
+
+If any one of these condition is true, we do not call wake_up().
+It was found that there are quite a few avoidable wake ups both during
+idle time and under stress induced by rcutorture.
+
+Idle:
+
+Total:66000, unnecessary:66000, case1:61827, case2:66000, case3:0
+Total:68000, unnecessary:68000, case1:63696, case2:68000, case3:0
+
+rcutorture:
+
+Total:254000, unnecessary:254000, case1:199913, case2:254000, case3:0
+Total:256000, unnecessary:256000, case1:201784, case2:256000, case3:0
+
+Here case{1-3} are the cases listed above. We can avoid these wake
+ups by using rcu_gp_kthread_wake() to conditionally wake up the grace
+period kthreads.
+
+There is a comment about an implied barrier supplied by the wake_up()
+logic. This barrier is necessary for the awakened thread to see the
+updated ->gp_flags. This flag is always being updated with the root node
+lock held. Also, the awakened thread tries to acquire the root node lock
+before reading ->gp_flags because of which there is proper ordering.
+
+Hence this commit tries to avoid calling wake_up() whenever we can by
+using rcu_gp_kthread_wake() function.
+
+Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
+CC: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+Cc: Kamal Mostafa <kamal@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/rcu/tree.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/kernel/rcu/tree.c
++++ b/kernel/rcu/tree.c
+@@ -1928,7 +1928,7 @@ static void rcu_report_qs_rsp(struct rcu
+ {
+ WARN_ON_ONCE(!rcu_gp_in_progress(rsp));
+ raw_spin_unlock_irqrestore(&rcu_get_root(rsp)->lock, flags);
+- wake_up(&rsp->gp_wq); /* Memory barrier implied by wake_up() path. */
++ rcu_gp_kthread_wake(rsp);
+ }
+
+ /*
+@@ -2507,7 +2507,7 @@ static void force_quiescent_state(struct
+ }
+ ACCESS_ONCE(rsp->gp_flags) |= RCU_GP_FLAG_FQS;
+ raw_spin_unlock_irqrestore(&rnp_old->lock, flags);
+- wake_up(&rsp->gp_wq); /* Memory barrier implied by wake_up() path. */
++ rcu_gp_kthread_wake(rsp);
+ }
+
+ /*
nfsv4.1-nfs41_clear_delegation_stateid-shouldn-t-trust-nfs_delegated_state.patch
media-ttusb-dec-buffer-overflow-in-ioctl.patch
cxgb4-handle-dcb-enable-correctly.patch
+net-systemport-enable-rx-interrupts-after-napi.patch
+net-systemport-reset-unimac-coming-out-of-a-suspend-cycle.patch
+memory-hotplug-remove-weak-from-memory_block_size_bytes-declaration.patch
+vmcore-remove-weak-from-function-declarations.patch
+kgdb-remove-weak-from-kgdb_arch_pc-declaration.patch
+clocksource-remove-weak-from-clocksource_default_clock-declaration.patch
+pwm-fix-uninitialized-warnings-in-pwm_get.patch
+ib-core-clear-ah-attr-variable-to-prevent-garbage-data.patch
+ipc-always-handle-a-new-value-of-auto_msgmni.patch
+netfilter-ipset-off-by-one-in-ip_set_nfnl_get_byindex.patch
+netfilter-nf_tables-check-for-null-in-nf_tables_newchain-pcpu-stats-allocation.patch
+netfilter-nf_log-account-for-size-of-nlmsg_done-attribute.patch
+netfilter-nfnetlink_log-fix-maximum-packet-length-logged-to-userspace.patch
+netfilter-nf_log-release-skbuff-on-nlmsg-put-failure.patch
+netfilter-nft_compat-fix-wrong-target-lookup-in-nft_target_select_ops.patch
+netfilter-xt_bpf-add-mising-opaque-struct-sk_filter-definition.patch
+gfs2-make-rename-not-save-dirent-location.patch
+rcu-use-rcu_gp_kthread_wake-to-wake-up-grace-period-kthreads.patch
+dell-wmi-fix-access-out-of-memory.patch
+builddeb-put-the-dbg-files-into-the-correct-directory.patch
+checkpatch-remove-unnecessary-after-8-8.patch
+mm-thp-fix-collapsing-of-hugepages-on-madvise.patch
--- /dev/null
+From 5ab03ac5aaa1f032e071f1b3dc433b7839359c03 Mon Sep 17 00:00:00 2001
+From: Bjorn Helgaas <bhelgaas@google.com>
+Date: Mon, 13 Oct 2014 18:59:41 -0600
+Subject: vmcore: Remove "weak" from function declarations
+
+From: Bjorn Helgaas <bhelgaas@google.com>
+
+commit 5ab03ac5aaa1f032e071f1b3dc433b7839359c03 upstream.
+
+For the following functions:
+
+ elfcorehdr_alloc()
+ elfcorehdr_free()
+ elfcorehdr_read()
+ elfcorehdr_read_notes()
+ remap_oldmem_pfn_range()
+
+fs/proc/vmcore.c provides default definitions explicitly marked "weak".
+arch/s390 provides its own definitions intended to override the default
+ones, but the "weak" attribute on the declarations applied to the s390
+definitions as well, so the linker chose one based on link order (see
+10629d711ed7 ("PCI: Remove __weak annotation from pcibios_get_phb_of_node
+decl")).
+
+Remove the "weak" attribute from the declarations so we always prefer a
+non-weak definition over the weak one, independent of link order.
+
+Fixes: be8a8d069e50 ("vmcore: introduce ELF header in new memory feature")
+Fixes: 9cb218131de1 ("vmcore: introduce remap_oldmem_pfn_range()")
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Acked-by: Andrew Morton <akpm@linux-foundation.org>
+Acked-by: Vivek Goyal <vgoyal@redhat.com>
+CC: Michael Holzheu <holzheu@linux.vnet.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/crash_dump.h | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+--- a/include/linux/crash_dump.h
++++ b/include/linux/crash_dump.h
+@@ -14,14 +14,13 @@
+ extern unsigned long long elfcorehdr_addr;
+ extern unsigned long long elfcorehdr_size;
+
+-extern int __weak elfcorehdr_alloc(unsigned long long *addr,
+- unsigned long long *size);
+-extern void __weak elfcorehdr_free(unsigned long long addr);
+-extern ssize_t __weak elfcorehdr_read(char *buf, size_t count, u64 *ppos);
+-extern ssize_t __weak elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos);
+-extern int __weak remap_oldmem_pfn_range(struct vm_area_struct *vma,
+- unsigned long from, unsigned long pfn,
+- unsigned long size, pgprot_t prot);
++extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *size);
++extern void elfcorehdr_free(unsigned long long addr);
++extern ssize_t elfcorehdr_read(char *buf, size_t count, u64 *ppos);
++extern ssize_t elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos);
++extern int remap_oldmem_pfn_range(struct vm_area_struct *vma,
++ unsigned long from, unsigned long pfn,
++ unsigned long size, pgprot_t prot);
+
+ extern ssize_t copy_oldmem_page(unsigned long, char *, size_t,
+ unsigned long, int);
projects / thirdparty / kernel / stable-queue.git / commitdiff
