--- /dev/null
+From 4807b51895dce8aa650ebebc51fa4a795ed6b8b8 Mon Sep 17 00:00:00 2001
+From: Loic Poulain <loic.poulain@intel.com>
+Date: Fri, 8 Aug 2014 19:07:16 +0200
+Subject: Bluetooth: Fix HCI H5 corrupted ack value
+
+From: Loic Poulain <loic.poulain@intel.com>
+
+commit 4807b51895dce8aa650ebebc51fa4a795ed6b8b8 upstream.
+
+In this expression: seq = (seq - 1) % 8
+seq (u8) is implicitly converted to an int in the arithmetic operation.
+So if seq value is 0, operation is ((0 - 1) % 8) => (-1 % 8) => -1.
+The new seq value is 0xff which is an invalid ACK value, we expect 0x07.
+It leads to frequent dropped ACK and retransmission.
+Fix this by using '&' binary operator instead of '%'.
+
+Signed-off-by: Loic Poulain <loic.poulain@intel.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/bluetooth/hci_h5.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/bluetooth/hci_h5.c
++++ b/drivers/bluetooth/hci_h5.c
+@@ -237,7 +237,7 @@ static void h5_pkt_cull(struct h5 *h5)
+ break;
+
+ to_remove--;
+- seq = (seq - 1) % 8;
++ seq = (seq - 1) & 0x07;
+ }
+
+ if (seq != h5->rx_ack)
--- /dev/null
+From 85560c4a828ec9c8573840c9b66487b6ae584768 Mon Sep 17 00:00:00 2001
+From: Champion Chen <champion_chen@realsil.com.cn>
+Date: Sat, 6 Sep 2014 14:06:08 -0500
+Subject: Bluetooth: Fix issue with USB suspend in btusb driver
+
+From: Champion Chen <champion_chen@realsil.com.cn>
+
+commit 85560c4a828ec9c8573840c9b66487b6ae584768 upstream.
+
+Suspend could fail for some platforms because
+btusb_suspend==> btusb_stop_traffic ==> usb_kill_anchored_urbs.
+
+When btusb_bulk_complete returns before system suspend and resubmits
+an URB, the system cannot enter suspend state.
+
+Signed-off-by: Champion Chen <champion_chen@realsil.com.cn>
+Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/bluetooth/btusb.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/drivers/bluetooth/btusb.c
++++ b/drivers/bluetooth/btusb.c
+@@ -302,6 +302,9 @@ static void btusb_intr_complete(struct u
+ BT_ERR("%s corrupted event packet", hdev->name);
+ hdev->stat.err_rx++;
+ }
++ } else if (urb->status == -ENOENT) {
++ /* Avoid suspend failed when usb_kill_urb */
++ return;
+ }
+
+ if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
+@@ -390,6 +393,9 @@ static void btusb_bulk_complete(struct u
+ BT_ERR("%s corrupted ACL packet", hdev->name);
+ hdev->stat.err_rx++;
+ }
++ } else if (urb->status == -ENOENT) {
++ /* Avoid suspend failed when usb_kill_urb */
++ return;
+ }
+
+ if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
+@@ -484,6 +490,9 @@ static void btusb_isoc_complete(struct u
+ hdev->stat.err_rx++;
+ }
+ }
++ } else if (urb->status == -ENOENT) {
++ /* Avoid suspend failed when usb_kill_urb */
++ return;
+ }
+
+ if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
--- /dev/null
+From 0b37e097a648aa71d4db1ad108001e95b69a2da4 Mon Sep 17 00:00:00 2001
+From: Yann Droneaud <ydroneaud@opteya.com>
+Date: Thu, 9 Oct 2014 15:24:40 -0700
+Subject: fanotify: enable close-on-exec on events' fd when requested in fanotify_init()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Yann Droneaud <ydroneaud@opteya.com>
+
+commit 0b37e097a648aa71d4db1ad108001e95b69a2da4 upstream.
+
+According to commit 80af258867648 ("fanotify: groups can specify their
+f_flags for new fd"), file descriptors created as part of file access
+notification events inherit flags from the event_f_flags argument passed
+to syscall fanotify_init(2)[1].
+
+Unfortunately O_CLOEXEC is currently silently ignored.
+
+Indeed, event_f_flags are only given to dentry_open(), which only seems to
+care about O_ACCMODE and O_PATH in do_dentry_open(), O_DIRECT in
+open_check_o_direct() and O_LARGEFILE in generic_file_open().
+
+It's a pity, since, according to some lookup on various search engines and
+http://codesearch.debian.net/, there's already some userspace code which
+use O_CLOEXEC:
+
+- in systemd's readahead[2]:
+
+ fanotify_fd = fanotify_init(FAN_CLOEXEC|FAN_NONBLOCK, O_RDONLY|O_LARGEFILE|O_CLOEXEC|O_NOATIME);
+
+- in clsync[3]:
+
+ #define FANOTIFY_EVFLAGS (O_LARGEFILE|O_RDONLY|O_CLOEXEC)
+
+ int fanotify_d = fanotify_init(FANOTIFY_FLAGS, FANOTIFY_EVFLAGS);
+
+- in examples [4] from "Filesystem monitoring in the Linux
+ kernel" article[5] by Aleksander Morgado:
+
+ if ((fanotify_fd = fanotify_init (FAN_CLOEXEC,
+ O_RDONLY | O_CLOEXEC | O_LARGEFILE)) < 0)
+
+Additionally, since commit 48149e9d3a7e ("fanotify: check file flags
+passed in fanotify_init"). having O_CLOEXEC as part of fanotify_init()
+second argument is expressly allowed.
+
+So it seems expected to set close-on-exec flag on the file descriptors if
+userspace is allowed to request it with O_CLOEXEC.
+
+But Andrew Morton raised[6] the concern that enabling now close-on-exec
+might break existing applications which ask for O_CLOEXEC but expect the
+file descriptor to be inherited across exec().
+
+In the other hand, as reported by Mihai Dontu[7] close-on-exec on the file
+descriptor returned as part of file access notify can break applications
+due to deadlock. So close-on-exec is needed for most applications.
+
+More, applications asking for close-on-exec are likely expecting it to be
+enabled, relying on O_CLOEXEC being effective. If not, it might weaken
+their security, as noted by Jan Kara[8].
+
+So this patch replaces call to macro get_unused_fd() by a call to function
+get_unused_fd_flags() with event_f_flags value as argument. This way
+O_CLOEXEC flag in the second argument of fanotify_init(2) syscall is
+interpreted and close-on-exec get enabled when requested.
+
+[1] http://man7.org/linux/man-pages/man2/fanotify_init.2.html
+[2] http://cgit.freedesktop.org/systemd/systemd/tree/src/readahead/readahead-collect.c?id=v208#n294
+[3] https://github.com/xaionaro/clsync/blob/v0.2.1/sync.c#L1631
+ https://github.com/xaionaro/clsync/blob/v0.2.1/configuration.h#L38
+[4] http://www.lanedo.com/~aleksander/fanotify/fanotify-example.c
+[5] http://www.lanedo.com/2013/filesystem-monitoring-linux-kernel/
+[6] http://lkml.kernel.org/r/20141001153621.65e9258e65a6167bf2e4cb50@linux-foundation.org
+[7] http://lkml.kernel.org/r/20141002095046.3715eb69@mdontu-l
+[8] http://lkml.kernel.org/r/20141002104410.GB19748@quack.suse.cz
+
+Link: http://lkml.kernel.org/r/cover.1411562410.git.ydroneaud@opteya.com
+Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Reviewed by: Heinrich Schuchardt <xypron.glpk@gmx.de>
+Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
+Cc: Mihai Don\u021bu <mihai.dontu@gmail.com>
+Cc: Pádraig Brady <P@draigBrady.com>
+Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
+Cc: Jan Kara <jack@suse.cz>
+Cc: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
+Cc: Michael Kerrisk-manpages <mtk.manpages@gmail.com>
+Cc: Lino Sanfilippo <LinoSanfilippo@gmx.de>
+Cc: Richard Guy Briggs <rgb@redhat.com>
+Cc: Eric Paris <eparis@redhat.com>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Michael Kerrisk <mtk.manpages@gmail.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/notify/fanotify/fanotify_user.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/notify/fanotify/fanotify_user.c
++++ b/fs/notify/fanotify/fanotify_user.c
+@@ -69,7 +69,7 @@ static int create_fd(struct fsnotify_gro
+
+ pr_debug("%s: group=%p event=%p\n", __func__, group, event);
+
+- client_fd = get_unused_fd();
++ client_fd = get_unused_fd_flags(group->fanotify_data.f_flags);
+ if (client_fd < 0)
+ return client_fd;
+
--- /dev/null
+From 4f08970f5284dce486f0e2290834aefb2a262189 Mon Sep 17 00:00:00 2001
+From: Oren Givon <oren.givon@intel.com>
+Date: Wed, 17 Sep 2014 10:31:56 +0300
+Subject: iwlwifi: Add missing PCI IDs for the 7260 series
+
+From: Oren Givon <oren.givon@intel.com>
+
+commit 4f08970f5284dce486f0e2290834aefb2a262189 upstream.
+
+Add 4 missing PCI IDs for the 7260 series.
+
+Signed-off-by: Oren Givon <oren.givon@intel.com>
+Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/iwlwifi/pcie/drv.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/net/wireless/iwlwifi/pcie/drv.c
++++ b/drivers/net/wireless/iwlwifi/pcie/drv.c
+@@ -269,6 +269,8 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_ca
+ {IWL_PCI_DEVICE(0x08B1, 0x4070, iwl7260_2ac_cfg)},
+ {IWL_PCI_DEVICE(0x08B1, 0x4072, iwl7260_2ac_cfg)},
+ {IWL_PCI_DEVICE(0x08B1, 0x4170, iwl7260_2ac_cfg)},
++ {IWL_PCI_DEVICE(0x08B1, 0x4C60, iwl7260_2ac_cfg)},
++ {IWL_PCI_DEVICE(0x08B1, 0x4C70, iwl7260_2ac_cfg)},
+ {IWL_PCI_DEVICE(0x08B1, 0x4060, iwl7260_2n_cfg)},
+ {IWL_PCI_DEVICE(0x08B1, 0x406A, iwl7260_2n_cfg)},
+ {IWL_PCI_DEVICE(0x08B1, 0x4160, iwl7260_2n_cfg)},
+@@ -306,6 +308,8 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_ca
+ {IWL_PCI_DEVICE(0x08B1, 0xC770, iwl7260_2ac_cfg)},
+ {IWL_PCI_DEVICE(0x08B1, 0xC760, iwl7260_2n_cfg)},
+ {IWL_PCI_DEVICE(0x08B2, 0xC270, iwl7260_2ac_cfg)},
++ {IWL_PCI_DEVICE(0x08B1, 0xCC70, iwl7260_2ac_cfg)},
++ {IWL_PCI_DEVICE(0x08B1, 0xCC60, iwl7260_2ac_cfg)},
+ {IWL_PCI_DEVICE(0x08B2, 0xC272, iwl7260_2ac_cfg)},
+ {IWL_PCI_DEVICE(0x08B2, 0xC260, iwl7260_2n_cfg)},
+ {IWL_PCI_DEVICE(0x08B2, 0xC26A, iwl7260_n_cfg)},
--- /dev/null
+From 71458cfc782eafe4b27656e078d379a34e472adf Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sasha.levin@oracle.com>
+Date: Mon, 13 Oct 2014 15:51:05 -0700
+Subject: kernel: add support for gcc 5
+
+From: Sasha Levin <sasha.levin@oracle.com>
+
+commit 71458cfc782eafe4b27656e078d379a34e472adf upstream.
+
+We're missing include/linux/compiler-gcc5.h which is required now
+because gcc branched off to v5 in trunk.
+
+Just copy the relevant bits out of include/linux/compiler-gcc4.h,
+no new code is added as of now.
+
+This fixes a build error when using gcc 5.
+
+Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/compiler-gcc5.h | 66 ++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 66 insertions(+)
+
+--- /dev/null
++++ b/include/linux/compiler-gcc5.h
+@@ -0,0 +1,66 @@
++#ifndef __LINUX_COMPILER_H
++#error "Please don't include <linux/compiler-gcc5.h> directly, include <linux/compiler.h> instead."
++#endif
++
++#define __used __attribute__((__used__))
++#define __must_check __attribute__((warn_unused_result))
++#define __compiler_offsetof(a, b) __builtin_offsetof(a, b)
++
++/* Mark functions as cold. gcc will assume any path leading to a call
++ to them will be unlikely. This means a lot of manual unlikely()s
++ are unnecessary now for any paths leading to the usual suspects
++ like BUG(), printk(), panic() etc. [but let's keep them for now for
++ older compilers]
++
++ Early snapshots of gcc 4.3 don't support this and we can't detect this
++ in the preprocessor, but we can live with this because they're unreleased.
++ Maketime probing would be overkill here.
++
++ gcc also has a __attribute__((__hot__)) to move hot functions into
++ a special section, but I don't see any sense in this right now in
++ the kernel context */
++#define __cold __attribute__((__cold__))
++
++#define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
++
++#ifndef __CHECKER__
++# define __compiletime_warning(message) __attribute__((warning(message)))
++# define __compiletime_error(message) __attribute__((error(message)))
++#endif /* __CHECKER__ */
++
++/*
++ * Mark a position in code as unreachable. This can be used to
++ * suppress control flow warnings after asm blocks that transfer
++ * control elsewhere.
++ *
++ * Early snapshots of gcc 4.5 don't support this and we can't detect
++ * this in the preprocessor, but we can live with this because they're
++ * unreleased. Really, we need to have autoconf for the kernel.
++ */
++#define unreachable() __builtin_unreachable()
++
++/* Mark a function definition as prohibited from being cloned. */
++#define __noclone __attribute__((__noclone__))
++
++/*
++ * Tell the optimizer that something else uses this function or variable.
++ */
++#define __visible __attribute__((externally_visible))
++
++/*
++ * GCC 'asm goto' miscompiles certain code sequences:
++ *
++ * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
++ *
++ * Work it around via a compiler barrier quirk suggested by Jakub Jelinek.
++ * Fixed in GCC 4.8.2 and later versions.
++ *
++ * (asm goto is automatically volatile - the naming reflects this.)
++ */
++#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
++
++#ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
++#define __HAVE_BUILTIN_BSWAP32__
++#define __HAVE_BUILTIN_BSWAP64__
++#define __HAVE_BUILTIN_BSWAP16__
++#endif /* CONFIG_ARCH_USE_BUILTIN_BSWAP */
--- /dev/null
+From 934f3072c17cc8886f4c043b47eeeb1b12f8de33 Mon Sep 17 00:00:00 2001
+From: Junxiao Bi <junxiao.bi@oracle.com>
+Date: Thu, 9 Oct 2014 15:28:23 -0700
+Subject: mm: clear __GFP_FS when PF_MEMALLOC_NOIO is set
+
+From: Junxiao Bi <junxiao.bi@oracle.com>
+
+commit 934f3072c17cc8886f4c043b47eeeb1b12f8de33 upstream.
+
+commit 21caf2fc1931 ("mm: teach mm by current context info to not do I/O
+during memory allocation") introduces PF_MEMALLOC_NOIO flag to avoid doing
+I/O inside memory allocation, __GFP_IO is cleared when this flag is set,
+but __GFP_FS implies __GFP_IO, it should also be cleared. Or it may still
+run into I/O, like in superblock shrinker. And this will make the kernel
+run into the deadlock case described in that commit.
+
+See Dave Chinner's comment about io in superblock shrinker:
+
+Filesystem shrinkers do indeed perform IO from the superblock shrinker and
+have for years. Even clean inodes can require IO before they can be freed
+- e.g. on an orphan list, need truncation of post-eof blocks, need to
+wait for ordered operations to complete before it can be freed, etc.
+
+IOWs, Ext4, btrfs and XFS all can issue and/or block on arbitrary amounts
+of IO in the superblock shrinker context. XFS, in particular, has been
+doing transactions and IO from the VFS inode cache shrinker since it was
+first introduced....
+
+Fix this by clearing __GFP_FS in memalloc_noio_flags(), this function has
+masked all the gfp_mask that will be passed into fs for the processes
+setting PF_MEMALLOC_NOIO in the direct reclaim path.
+
+v1 thread at: https://lkml.org/lkml/2014/9/3/32
+
+Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com>
+Cc: Dave Chinner <david@fromorbit.com>
+Cc: joyce.xue <xuejiufei@huawei.com>
+Cc: Ming Lei <ming.lei@canonical.com>
+Cc: Trond Myklebust <trond.myklebust@primarydata.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/sched.h | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/include/linux/sched.h
++++ b/include/linux/sched.h
+@@ -1670,11 +1670,13 @@ extern void thread_group_cputime_adjuste
+ #define tsk_used_math(p) ((p)->flags & PF_USED_MATH)
+ #define used_math() tsk_used_math(current)
+
+-/* __GFP_IO isn't allowed if PF_MEMALLOC_NOIO is set in current->flags */
++/* __GFP_IO isn't allowed if PF_MEMALLOC_NOIO is set in current->flags
++ * __GFP_FS is also cleared as it implies __GFP_IO.
++ */
+ static inline gfp_t memalloc_noio_flags(gfp_t flags)
+ {
+ if (unlikely(current->flags & PF_MEMALLOC_NOIO))
+- flags &= ~__GFP_IO;
++ flags &= ~(__GFP_IO | __GFP_FS);
+ return flags;
+ }
+
--- /dev/null
+From 89ec3dcf17fd3fa009ecf8faaba36828dd6bc416 Mon Sep 17 00:00:00 2001
+From: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
+Date: Wed, 27 Aug 2014 14:57:57 +0200
+Subject: PCI: Generate uppercase hex for modalias interface class
+
+From: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
+
+commit 89ec3dcf17fd3fa009ecf8faaba36828dd6bc416 upstream.
+
+Some implementations of modprobe fail to load the driver for a PCI device
+automatically because the "interface" part of the modalias from the kernel
+is lowercase, and the modalias from file2alias is uppercase.
+
+The "interface" is the low-order byte of the Class Code, defined in PCI
+r3.0, Appendix D. Most interface types defined in the spec do not use
+alpha characters, so they won't be affected. For example, 00h, 01h, 10h,
+20h, etc. are unaffected.
+
+Print the "interface" byte of the Class Code in uppercase hex, as we
+already do for the Vendor ID, Device ID, Class, etc.
+
+[bhelgaas: changelog]
+Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/pci-sysfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/pci/pci-sysfs.c
++++ b/drivers/pci/pci-sysfs.c
+@@ -175,7 +175,7 @@ static ssize_t modalias_show(struct devi
+ {
+ struct pci_dev *pci_dev = to_pci_dev(dev);
+
+- return sprintf(buf, "pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02x\n",
++ return sprintf(buf, "pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02X\n",
+ pci_dev->vendor, pci_dev->device,
+ pci_dev->subsystem_vendor, pci_dev->subsystem_device,
+ (u8)(pci_dev->class >> 16), (u8)(pci_dev->class >> 8),
--- /dev/null
+From 9fe373f9997b48fcd6222b95baf4a20c134b587a Mon Sep 17 00:00:00 2001
+From: Douglas Lehr <dllehr@us.ibm.com>
+Date: Thu, 21 Aug 2014 09:26:52 +1000
+Subject: PCI: Increase IBM ipr SAS Crocodile BARs to at least system page size
+
+From: Douglas Lehr <dllehr@us.ibm.com>
+
+commit 9fe373f9997b48fcd6222b95baf4a20c134b587a upstream.
+
+The Crocodile chip occasionally comes up with 4k and 8k BAR sizes. Due to
+an erratum, setting the SR-IOV page size causes the physical function BARs
+to expand to the system page size. Since ppc64 uses 64k pages, when Linux
+tries to assign the smaller resource sizes to the now 64k BARs the address
+will be truncated and the BARs will overlap.
+
+Force Linux to allocate the resource as a full page, which avoids the
+overlap.
+
+[bhelgaas: print expanded resource, too]
+Signed-off-by: Douglas Lehr <dllehr@us.ibm.com>
+Signed-off-by: Anton Blanchard <anton@samba.org>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Acked-by: Milton Miller <miltonm@us.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/quirks.c | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+--- a/drivers/pci/quirks.c
++++ b/drivers/pci/quirks.c
+@@ -28,6 +28,7 @@
+ #include <linux/ioport.h>
+ #include <linux/sched.h>
+ #include <linux/ktime.h>
++#include <linux/mm.h>
+ #include <asm/dma.h> /* isa_dma_bridge_buggy */
+ #include "pci.h"
+
+@@ -291,6 +292,25 @@ static void quirk_citrine(struct pci_dev
+ }
+ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_IBM, PCI_DEVICE_ID_IBM_CITRINE, quirk_citrine);
+
++/* On IBM Crocodile ipr SAS adapters, expand BAR to system page size */
++static void quirk_extend_bar_to_page(struct pci_dev *dev)
++{
++ int i;
++
++ for (i = 0; i < PCI_STD_RESOURCE_END; i++) {
++ struct resource *r = &dev->resource[i];
++
++ if (r->flags & IORESOURCE_MEM && resource_size(r) < PAGE_SIZE) {
++ r->end = PAGE_SIZE - 1;
++ r->start = 0;
++ r->flags |= IORESOURCE_UNSET;
++ dev_info(&dev->dev, "expanded BAR %d to page size: %pR\n",
++ i, r);
++ }
++ }
++}
++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_IBM, 0x034a, quirk_extend_bar_to_page);
++
+ /*
+ * S3 868 and 968 chips report region size equal to 32M, but they decode 64M.
+ * If it's needed, re-allocate the region.
--- /dev/null
+From bceee4a97eb58bd0e80e39eff11b506ddd9e7ad3 Mon Sep 17 00:00:00 2001
+From: Andreas Noever <andreas.noever@gmail.com>
+Date: Tue, 16 Sep 2014 15:16:02 -0600
+Subject: PCI: pciehp: Prevent NULL dereference during probe
+
+From: Andreas Noever <andreas.noever@gmail.com>
+
+commit bceee4a97eb58bd0e80e39eff11b506ddd9e7ad3 upstream.
+
+pciehp assumes that dev->subordinate, the struct pci_bus for a bridge's
+secondary bus, exists. But we do not create that bus if we run out of bus
+numbers during enumeration. This leads to a NULL dereference in
+init_slot() (and other places).
+
+Change pciehp_probe() to return -ENODEV when no secondary bus is present.
+
+Signed-off-by: Andreas Noever <andreas.noever@gmail.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/hotplug/pciehp_core.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/drivers/pci/hotplug/pciehp_core.c
++++ b/drivers/pci/hotplug/pciehp_core.c
+@@ -237,6 +237,13 @@ static int pciehp_probe(struct pcie_devi
+ else if (pciehp_acpi_slot_detection_check(dev->port))
+ goto err_out_none;
+
++ if (!dev->port->subordinate) {
++ /* Can happen if we run out of bus numbers during probe */
++ dev_err(&dev->device,
++ "Hotplug bridge without secondary bus, ignoring\n");
++ goto err_out_none;
++ }
++
+ ctrl = pcie_init(dev);
+ if (!ctrl) {
+ dev_err(&dev->device, "Controller initialization failed\n");
--- /dev/null
+From 01f7feeaf4528bec83798316b3c811701bac5d3e Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 24 Sep 2014 11:24:54 +0200
+Subject: rt2800: correct BBP1_TX_POWER_CTRL mask
+
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+
+commit 01f7feeaf4528bec83798316b3c811701bac5d3e upstream.
+
+Two bits control TX power on BBP_R1 register. Correct the mask,
+otherwise we clear additional bit on BBP_R1 register, what can have
+unknown, possible negative effect.
+
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/rt2x00/rt2800.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/rt2x00/rt2800.h
++++ b/drivers/net/wireless/rt2x00/rt2800.h
+@@ -1920,7 +1920,7 @@ struct mac_iveiv_entry {
+ * 2 - drop tx power by 12dBm,
+ * 3 - increase tx power by 6dBm
+ */
+-#define BBP1_TX_POWER_CTRL FIELD8(0x07)
++#define BBP1_TX_POWER_CTRL FIELD8(0x03)
+ #define BBP1_TX_ANTENNA FIELD8(0x18)
+
+ /*
nfsv4-fix-lock-recovery-when-create_session-setclientid_confirm-fails.patch
nfsv4-fix-open-lock-state-recovery-error-handling.patch
nfsv4.1-fix-an-nfsv4.1-state-renewal-regression.patch
+iwlwifi-add-missing-pci-ids-for-the-7260-series.patch
+pci-pciehp-prevent-null-dereference-during-probe.patch
+pci-increase-ibm-ipr-sas-crocodile-bars-to-at-least-system-page-size.patch
+pci-generate-uppercase-hex-for-modalias-interface-class.patch
+rt2800-correct-bbp1_tx_power_ctrl-mask.patch
+bluetooth-fix-hci-h5-corrupted-ack-value.patch
+bluetooth-fix-issue-with-usb-suspend-in-btusb-driver.patch
+mm-clear-__gfp_fs-when-pf_memalloc_noio-is-set.patch
+fanotify-enable-close-on-exec-on-events-fd-when-requested-in-fanotify_init.patch
+kernel-add-support-for-gcc-5.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
