--- /dev/null
+From e1f8859ee265fc89bd21b4dca79e8e983a044892 Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Thu, 26 Jun 2014 13:43:02 +0200
+Subject: crypto: ux500 - make interrupt mode plausible
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit e1f8859ee265fc89bd21b4dca79e8e983a044892 upstream.
+
+The interrupt handler in the ux500 crypto driver has an obviously
+incorrect way to access the data buffer, which for a while has
+caused this build warning:
+
+../ux500/cryp/cryp_core.c: In function 'cryp_interrupt_handler':
+../ux500/cryp/cryp_core.c:234:5: warning: passing argument 1 of '__fswab32' makes integer from pointer without a cast [enabled by default]
+ writel_relaxed(ctx->indata,
+ ^
+In file included from ../include/linux/swab.h:4:0,
+ from ../include/uapi/linux/byteorder/big_endian.h:12,
+ from ../include/linux/byteorder/big_endian.h:4,
+ from ../arch/arm/include/uapi/asm/byteorder.h:19,
+ from ../include/asm-generic/bitops/le.h:5,
+ from ../arch/arm/include/asm/bitops.h:340,
+ from ../include/linux/bitops.h:33,
+ from ../include/linux/kernel.h:10,
+ from ../include/linux/clk.h:16,
+ from ../drivers/crypto/ux500/cryp/cryp_core.c:12:
+../include/uapi/linux/swab.h:57:119: note: expected '__u32' but argument is of type 'const u8 *'
+ static inline __attribute_const__ __u32 __fswab32(__u32 val)
+
+There are at least two, possibly three problems here:
+a) when writing into the FIFO, we copy the pointer rather than the
+ actual data we want to give to the hardware
+b) the data pointer is an array of 8-bit values, while the FIFO
+ is 32-bit wide, so both the read and write access fail to do
+ a proper type conversion
+c) This seems incorrect for big-endian kernels, on which we need to
+ byte-swap any register access, but not normally FIFO accesses,
+ at least the DMA case doesn't do it either.
+
+This converts the bogus loop to use the same readsl/writesl pair
+that we use for the two other modes (DMA and polling). This is
+more efficient and consistent, and probably correct for endianess.
+
+The bug has existed since the driver was first merged, and was
+probably never detected because nobody tried to use interrupt mode.
+It might make sense to backport this fix to stable kernels, depending
+on how the crypto maintainers feel about that.
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Cc: linux-crypto@vger.kernel.org
+Cc: Fabio Baltieri <fabio.baltieri@linaro.org>
+Cc: Linus Walleij <linus.walleij@linaro.org>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: "David S. Miller" <davem@davemloft.net>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/ux500/cryp/cryp_core.c | 25 ++++++++++++-------------
+ 1 file changed, 12 insertions(+), 13 deletions(-)
+
+--- a/drivers/crypto/ux500/cryp/cryp_core.c
++++ b/drivers/crypto/ux500/cryp/cryp_core.c
+@@ -190,7 +190,7 @@ static void add_session_id(struct cryp_c
+ static irqreturn_t cryp_interrupt_handler(int irq, void *param)
+ {
+ struct cryp_ctx *ctx;
+- int i;
++ int count;
+ struct cryp_device_data *device_data;
+
+ if (param == NULL) {
+@@ -215,12 +215,11 @@ static irqreturn_t cryp_interrupt_handle
+ if (cryp_pending_irq_src(device_data,
+ CRYP_IRQ_SRC_OUTPUT_FIFO)) {
+ if (ctx->outlen / ctx->blocksize > 0) {
+- for (i = 0; i < ctx->blocksize / 4; i++) {
+- *(ctx->outdata) = readl_relaxed(
+- &device_data->base->dout);
+- ctx->outdata += 4;
+- ctx->outlen -= 4;
+- }
++ count = ctx->blocksize / 4;
++
++ readsl(&device_data->base->dout, ctx->outdata, count);
++ ctx->outdata += count;
++ ctx->outlen -= count;
+
+ if (ctx->outlen == 0) {
+ cryp_disable_irq_src(device_data,
+@@ -230,12 +229,12 @@ static irqreturn_t cryp_interrupt_handle
+ } else if (cryp_pending_irq_src(device_data,
+ CRYP_IRQ_SRC_INPUT_FIFO)) {
+ if (ctx->datalen / ctx->blocksize > 0) {
+- for (i = 0 ; i < ctx->blocksize / 4; i++) {
+- writel_relaxed(ctx->indata,
+- &device_data->base->din);
+- ctx->indata += 4;
+- ctx->datalen -= 4;
+- }
++ count = ctx->blocksize / 4;
++
++ writesl(&device_data->base->din, ctx->indata, count);
++
++ ctx->indata += count;
++ ctx->datalen -= count;
+
+ if (ctx->datalen == 0)
+ cryp_disable_irq_src(device_data,
--- /dev/null
+From 485d44022a152c0254dd63445fdb81c4194cbf0e Mon Sep 17 00:00:00 2001
+From: Steven Rostedt <rostedt@goodmis.org>
+Date: Mon, 9 Jun 2014 14:06:07 -0400
+Subject: debugfs: Fix corrupted loop in debugfs_remove_recursive
+
+From: Steven Rostedt <rostedt@goodmis.org>
+
+commit 485d44022a152c0254dd63445fdb81c4194cbf0e upstream.
+
+[ I'm currently running my tests on it now, and so far, after a few
+ hours it has yet to blow up. I'll run it for 24 hours which it never
+ succeeded in the past. ]
+
+The tracing code has a way to make directories within the debugfs file
+system as well as deleting them using mkdir/rmdir in the instance
+directory. This is very limited in functionality, such as there is
+no renames, and the parent directory "instance" can not be modified.
+The tracing code creates the instance directory from the debugfs code
+and then replaces the dentry->d_inode->i_op with its own to allow
+for mkdir/rmdir to work.
+
+When these are called, the d_entry and inode locks need to be released
+to call the instance creation and deletion code. That code has its own
+accounting and locking to serialize everything to prevent multiple
+users from causing harm. As the parent "instance" directory can not
+be modified this simplifies things.
+
+I created a stress test that creates several threads that randomly
+creates and deletes directories thousands of times a second. The code
+stood up to this test and I submitted it a while ago.
+
+Recently I added a new test that adds readers to the mix. While the
+instance directories were being added and deleted, readers would read
+from these directories and even enable tracing within them. This test
+was able to trigger a bug:
+
+ general protection fault: 0000 [#1] PREEMPT SMP
+ Modules linked in: ...
+ CPU: 3 PID: 17789 Comm: rmdir Tainted: G W 3.15.0-rc2-test+ #41
+ Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./To be filled by O.E.M., BIOS SDBLI944.86P 05/08/2007
+ task: ffff88003786ca60 ti: ffff880077018000 task.ti: ffff880077018000
+ RIP: 0010:[<ffffffff811ed5eb>] [<ffffffff811ed5eb>] debugfs_remove_recursive+0x1bd/0x367
+ RSP: 0018:ffff880077019df8 EFLAGS: 00010246
+ RAX: 0000000000000002 RBX: ffff88006f0fe490 RCX: 0000000000000000
+ RDX: dead000000100058 RSI: 0000000000000246 RDI: ffff88003786d454
+ RBP: ffff88006f0fe640 R08: 0000000000000628 R09: 0000000000000000
+ R10: 0000000000000628 R11: ffff8800795110a0 R12: ffff88006f0fe640
+ R13: ffff88006f0fe640 R14: ffffffff81817d0b R15: ffffffff818188b7
+ FS: 00007ff13ae24700(0000) GS:ffff88007d580000(0000) knlGS:0000000000000000
+ CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
+ CR2: 0000003054ec7be0 CR3: 0000000076d51000 CR4: 00000000000007e0
+ Stack:
+ ffff88007a41ebe0 dead000000100058 00000000fffffffe ffff88006f0fe640
+ 0000000000000000 ffff88006f0fe678 ffff88007a41ebe0 ffff88003793a000
+ 00000000fffffffe ffffffff810bde82 ffff88006f0fe640 ffff88007a41eb28
+ Call Trace:
+ [<ffffffff810bde82>] ? instance_rmdir+0x15b/0x1de
+ [<ffffffff81132e2d>] ? vfs_rmdir+0x80/0xd3
+ [<ffffffff81132f51>] ? do_rmdir+0xd1/0x139
+ [<ffffffff8124ad9e>] ? trace_hardirqs_on_thunk+0x3a/0x3c
+ [<ffffffff814fea62>] ? system_call_fastpath+0x16/0x1b
+ Code: fe ff ff 48 8d 75 30 48 89 df e8 c9 fd ff ff 85 c0 75 13 48 c7 c6 b8 cc d2 81 48 c7 c7 b0 cc d2 81 e8 8c 7a f5 ff 48 8b 54 24 08 <48> 8b 82 a8 00 00 00 48 89 d3 48 2d a8 00 00 00 48 89 44 24 08
+ RIP [<ffffffff811ed5eb>] debugfs_remove_recursive+0x1bd/0x367
+ RSP <ffff880077019df8>
+
+It took a while, but every time it triggered, it was always in the
+same place:
+
+ list_for_each_entry_safe(child, next, &parent->d_subdirs, d_u.d_child) {
+
+Where the child->d_u.d_child seemed to be corrupted. I added lots of
+trace_printk()s to see what was wrong, and sure enough, it was always
+the child's d_u.d_child field. I looked around to see what touches
+it and noticed that in __dentry_kill() which calls dentry_free():
+
+static void dentry_free(struct dentry *dentry)
+{
+ /* if dentry was never visible to RCU, immediate free is OK */
+ if (!(dentry->d_flags & DCACHE_RCUACCESS))
+ __d_free(&dentry->d_u.d_rcu);
+ else
+ call_rcu(&dentry->d_u.d_rcu, __d_free);
+}
+
+I also noticed that __dentry_kill() unlinks the child->d_u.child
+under the parent->d_lock spin_lock.
+
+Looking back at the loop in debugfs_remove_recursive() it never takes the
+parent->d_lock to do the list walk. Adding more tracing, I was able to
+prove this was the issue:
+
+ ftrace-t-15385 1.... 246662024us : dentry_kill <ffffffff81138b91>: free ffff88006d573600
+ rmdir-15409 2.... 246662024us : debugfs_remove_recursive <ffffffff811ec7e5>: child=ffff88006d573600 next=dead000000100058
+
+The dentry_kill freed ffff88006d573600 just as the remove recursive was walking
+it.
+
+In order to fix this, the list walk needs to be modified a bit to take
+the parent->d_lock. The safe version is no longer necessary, as every
+time we remove a child, the parent->d_lock must be released and the
+list walk must start over. Each time a child is removed, even though it
+may still be on the list, it should be skipped by the first check
+in the loop:
+
+ if (!debugfs_positive(child))
+ continue;
+
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/debugfs/inode.c | 33 ++++++++++++++++++++++++++-------
+ 1 file changed, 26 insertions(+), 7 deletions(-)
+
+--- a/fs/debugfs/inode.c
++++ b/fs/debugfs/inode.c
+@@ -533,7 +533,7 @@ EXPORT_SYMBOL_GPL(debugfs_remove);
+ */
+ void debugfs_remove_recursive(struct dentry *dentry)
+ {
+- struct dentry *child, *next, *parent;
++ struct dentry *child, *parent;
+
+ if (IS_ERR_OR_NULL(dentry))
+ return;
+@@ -545,30 +545,49 @@ void debugfs_remove_recursive(struct den
+ parent = dentry;
+ down:
+ mutex_lock(&parent->d_inode->i_mutex);
+- list_for_each_entry_safe(child, next, &parent->d_subdirs, d_u.d_child) {
++ loop:
++ /*
++ * The parent->d_subdirs is protected by the d_lock. Outside that
++ * lock, the child can be unlinked and set to be freed which can
++ * use the d_u.d_child as the rcu head and corrupt this list.
++ */
++ spin_lock(&parent->d_lock);
++ list_for_each_entry(child, &parent->d_subdirs, d_u.d_child) {
+ if (!debugfs_positive(child))
+ continue;
+
+ /* perhaps simple_empty(child) makes more sense */
+ if (!list_empty(&child->d_subdirs)) {
++ spin_unlock(&parent->d_lock);
+ mutex_unlock(&parent->d_inode->i_mutex);
+ parent = child;
+ goto down;
+ }
+- up:
++
++ spin_unlock(&parent->d_lock);
++
+ if (!__debugfs_remove(child, parent))
+ simple_release_fs(&debugfs_mount, &debugfs_mount_count);
++
++ /*
++ * The parent->d_lock protects agaist child from unlinking
++ * from d_subdirs. When releasing the parent->d_lock we can
++ * no longer trust that the next pointer is valid.
++ * Restart the loop. We'll skip this one with the
++ * debugfs_positive() check.
++ */
++ goto loop;
+ }
++ spin_unlock(&parent->d_lock);
+
+ mutex_unlock(&parent->d_inode->i_mutex);
+ child = parent;
+ parent = parent->d_parent;
+ mutex_lock(&parent->d_inode->i_mutex);
+
+- if (child != dentry) {
+- next = list_next_entry(child, d_u.d_child);
+- goto up;
+- }
++ if (child != dentry)
++ /* go up */
++ goto loop;
+
+ if (!__debugfs_remove(child, parent))
+ simple_release_fs(&debugfs_mount, &debugfs_mount_count);
--- /dev/null
+From 28772ac8711e4d7268c06e765887dd8cb6924f98 Mon Sep 17 00:00:00 2001
+From: Wolfram Sang <wsa@the-dreams.de>
+Date: Mon, 21 Jul 2014 11:42:03 +0200
+Subject: drivers/i2c/busses: use correct type for dma_map/unmap
+
+From: Wolfram Sang <wsa@the-dreams.de>
+
+commit 28772ac8711e4d7268c06e765887dd8cb6924f98 upstream.
+
+dma_{un}map_* uses 'enum dma_data_direction' not 'enum dma_transfer_direction'.
+
+Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
+Acked-by: Ludovic Desroches <ludovic.desroches@atmel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/i2c/busses/i2c-at91.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/i2c/busses/i2c-at91.c
++++ b/drivers/i2c/busses/i2c-at91.c
+@@ -210,7 +210,7 @@ static void at91_twi_write_data_dma_call
+ struct at91_twi_dev *dev = (struct at91_twi_dev *)data;
+
+ dma_unmap_single(dev->dev, sg_dma_address(&dev->dma.sg),
+- dev->buf_len, DMA_MEM_TO_DEV);
++ dev->buf_len, DMA_TO_DEVICE);
+
+ at91_twi_write(dev, AT91_TWI_CR, AT91_TWI_STOP);
+ }
+@@ -289,7 +289,7 @@ static void at91_twi_read_data_dma_callb
+ struct at91_twi_dev *dev = (struct at91_twi_dev *)data;
+
+ dma_unmap_single(dev->dev, sg_dma_address(&dev->dma.sg),
+- dev->buf_len, DMA_DEV_TO_MEM);
++ dev->buf_len, DMA_FROM_DEVICE);
+
+ /* The last two bytes have to be read without using dma */
+ dev->buf += dev->buf_len - 2;
--- /dev/null
+From 86f0afd463215fc3e58020493482faa4ac3a4d69 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Wed, 30 Jul 2014 22:17:17 -0400
+Subject: ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa struct
+
+From: Theodore Ts'o <tytso@mit.edu>
+
+commit 86f0afd463215fc3e58020493482faa4ac3a4d69 upstream.
+
+If there is a failure while allocating the preallocation structure, a
+number of blocks can end up getting marked in the in-memory buddy
+bitmap, and then not getting released. This can result in the
+following corruption getting reported by the kernel:
+
+EXT4-fs error (device sda3): ext4_mb_generate_buddy:758: group 1126,
+12793 clusters in bitmap, 12729 in gd
+
+In that case, we need to release the blocks using mb_free_blocks().
+
+Tested: fs smoke test; also demonstrated that with injected errors,
+ the file system is no longer getting corrupted
+
+Google-Bug-Id: 16657874
+
+Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/mballoc.c | 21 ++++++++++++++++++++-
+ 1 file changed, 20 insertions(+), 1 deletion(-)
+
+--- a/fs/ext4/mballoc.c
++++ b/fs/ext4/mballoc.c
+@@ -3196,8 +3196,27 @@ static void ext4_mb_collect_stats(struct
+ static void ext4_discard_allocated_blocks(struct ext4_allocation_context *ac)
+ {
+ struct ext4_prealloc_space *pa = ac->ac_pa;
++ struct ext4_buddy e4b;
++ int err;
+
+- if (pa && pa->pa_type == MB_INODE_PA)
++ if (pa == NULL) {
++ err = ext4_mb_load_buddy(ac->ac_sb, ac->ac_f_ex.fe_group, &e4b);
++ if (err) {
++ /*
++ * This should never happen since we pin the
++ * pages in the ext4_allocation_context so
++ * ext4_mb_load_buddy() should never fail.
++ */
++ WARN(1, "mb_load_buddy failed (%d)", err);
++ return;
++ }
++ ext4_lock_group(ac->ac_sb, ac->ac_f_ex.fe_group);
++ mb_free_blocks(ac->ac_inode, &e4b, ac->ac_f_ex.fe_start,
++ ac->ac_f_ex.fe_len);
++ ext4_unlock_group(ac->ac_sb, ac->ac_f_ex.fe_group);
++ return;
++ }
++ if (pa->pa_type == MB_INODE_PA)
+ pa->pa_free += ac->ac_b_ex.fe_len;
+ }
+
--- /dev/null
+From 0f6c0a740b7d3e1f3697395922d674000f83d060 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Wed, 30 Jul 2014 18:07:24 +0200
+Subject: KVM: x86: always exit on EOIs for interrupts listed in the IOAPIC redir table
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+commit 0f6c0a740b7d3e1f3697395922d674000f83d060 upstream.
+
+Currently, the EOI exit bitmap (used for APICv) does not include
+interrupts that are masked. However, this can cause a bug that manifests
+as an interrupt storm inside the guest. Alex Williamson reported the
+bug and is the one who really debugged this; I only wrote the patch. :)
+
+The scenario involves a multi-function PCI device with OHCI and EHCI
+USB functions and an audio function, all assigned to the guest, where
+both USB functions use legacy INTx interrupts.
+
+As soon as the guest boots, interrupts for these devices turn into an
+interrupt storm in the guest; the host does not see the interrupt storm.
+Basically the EOI path does not work, and the guest continues to see the
+interrupt over and over, even after it attempts to mask it at the APIC.
+The bug is only visible with older kernels (RHEL6.5, based on 2.6.32
+with not many changes in the area of APIC/IOAPIC handling).
+
+Alex then tried forcing bit 59 (corresponding to the USB functions' IRQ)
+on in the eoi_exit_bitmap and TMR, and things then work. What happens
+is that VFIO asserts IRQ11, then KVM recomputes the EOI exit bitmap.
+It does not have set bit 59 because the RTE was masked, so the IOAPIC
+never sees the EOI and the interrupt continues to fire in the guest.
+
+My guess was that the guest is masking the interrupt in the redirection
+table in the interrupt routine, i.e. while the interrupt is set in a
+LAPIC's ISR, The simplest fix is to ignore the masking state, we would
+rather have an unnecessary exit rather than a missed IRQ ACK and anyway
+IOAPIC interrupts are not as performance-sensitive as for example MSIs.
+Alex tested this patch and it fixed his bug.
+
+[Thanks to Alex for his precise description of the problem
+ and initial debugging effort. A lot of the text above is
+ based on emails exchanged with him.]
+
+Reported-by: Alex Williamson <alex.williamson@redhat.com>
+Tested-by: Alex Williamson <alex.williamson@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ virt/kvm/ioapic.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+--- a/virt/kvm/ioapic.c
++++ b/virt/kvm/ioapic.c
+@@ -203,10 +203,9 @@ void kvm_ioapic_scan_entry(struct kvm_vc
+ spin_lock(&ioapic->lock);
+ for (index = 0; index < IOAPIC_NUM_PINS; index++) {
+ e = &ioapic->redirtbl[index];
+- if (!e->fields.mask &&
+- (e->fields.trig_mode == IOAPIC_LEVEL_TRIG ||
+- kvm_irq_has_notifier(ioapic->kvm, KVM_IRQCHIP_IOAPIC,
+- index) || index == RTC_GSI)) {
++ if (e->fields.trig_mode == IOAPIC_LEVEL_TRIG ||
++ kvm_irq_has_notifier(ioapic->kvm, KVM_IRQCHIP_IOAPIC, index) ||
++ index == RTC_GSI) {
+ if (kvm_apic_match_dest(vcpu, NULL, 0,
+ e->fields.dest_id, e->fields.dest_mode)) {
+ __set_bit(e->fields.vector,
--- /dev/null
+From 9e8919ae793f4edfaa29694a70f71a515ae9942a Mon Sep 17 00:00:00 2001
+From: Nadav Amit <namit@cs.technion.ac.il>
+Date: Sun, 15 Jun 2014 16:12:59 +0300
+Subject: KVM: x86: Inter-privilege level ret emulation is not implemeneted
+
+From: Nadav Amit <namit@cs.technion.ac.il>
+
+commit 9e8919ae793f4edfaa29694a70f71a515ae9942a upstream.
+
+Return unhandlable error on inter-privilege level ret instruction. This is
+since the current emulation does not check the privilege level correctly when
+loading the CS, and does not pop RSP/SS as needed.
+
+Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/emulate.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/arch/x86/kvm/emulate.c
++++ b/arch/x86/kvm/emulate.c
+@@ -2006,6 +2006,7 @@ static int em_ret_far(struct x86_emulate
+ {
+ int rc;
+ unsigned long cs;
++ int cpl = ctxt->ops->cpl(ctxt);
+
+ rc = emulate_pop(ctxt, &ctxt->_eip, ctxt->op_bytes);
+ if (rc != X86EMUL_CONTINUE)
+@@ -2015,6 +2016,9 @@ static int em_ret_far(struct x86_emulate
+ rc = emulate_pop(ctxt, &cs, ctxt->op_bytes);
+ if (rc != X86EMUL_CONTINUE)
+ return rc;
++ /* Outer-privilege level return is not implemented */
++ if (ctxt->mode >= X86EMUL_MODE_PROT16 && (cs & 3) > cpl)
++ return X86EMUL_UNHANDLEABLE;
+ rc = load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS);
+ return rc;
+ }
--- /dev/null
+From ae84db9661cafc63d179e1d985a2c5b841ff0ac4 Mon Sep 17 00:00:00 2001
+From: Peter Hurley <peter@hurleysoftware.com>
+Date: Wed, 9 Jul 2014 09:21:14 -0400
+Subject: serial: core: Preserve termios c_cflag for console resume
+
+From: Peter Hurley <peter@hurleysoftware.com>
+
+commit ae84db9661cafc63d179e1d985a2c5b841ff0ac4 upstream.
+
+When a tty is opened for the serial console, the termios c_cflag
+settings are inherited from the console line settings.
+However, if the tty is subsequently closed, the termios settings
+are lost. This results in a garbled console if the console is later
+suspended and resumed.
+
+Preserve the termios c_cflag for the serial console when the tty
+is shutdown; this reflects the most recent line settings.
+
+Fixes: Bugzilla #69751, 'serial console does not wake from S3'
+Reported-by: Valerio Vanni <valerio.vanni@inwind.it>
+Acked-by: Alan Cox <alan@linux.intel.com>
+Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/serial/serial_core.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/tty/serial/serial_core.c
++++ b/drivers/tty/serial/serial_core.c
+@@ -235,6 +235,9 @@ static void uart_shutdown(struct tty_str
+ /*
+ * Turn off DTR and RTS early.
+ */
++ if (uart_console(uport) && tty)
++ uport->cons->cflag = tty->termios.c_cflag;
++
+ if (!tty || (tty->termios.c_cflag & HUPCL))
+ uart_clear_mctrl(uport, TIOCM_DTR | TIOCM_RTS);
+
hwmon-ads1015-fix-out-of-bounds-array-access.patch
hwmon-dme1737-prevent-overflow-problem-when-writing-large-limits.patch
tpm-add-missing-tpm_do_selftest-to-st33-i2c-driver.patch
+drivers-i2c-busses-use-correct-type-for-dma_map-unmap.patch
+ext4-fix-ext4_discard_allocated_blocks-if-we-can-t-allocate-the-pa-struct.patch
+serial-core-preserve-termios-c_cflag-for-console-resume.patch
+crypto-ux500-make-interrupt-mode-plausible.patch
+debugfs-fix-corrupted-loop-in-debugfs_remove_recursive.patch
+kvm-x86-inter-privilege-level-ret-emulation-is-not-implemeneted.patch
+kvm-x86-always-exit-on-eois-for-interrupts-listed-in-the-ioapic-redir-table.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
