--- /dev/null
+From 4807b51895dce8aa650ebebc51fa4a795ed6b8b8 Mon Sep 17 00:00:00 2001
+From: Loic Poulain <loic.poulain@intel.com>
+Date: Fri, 8 Aug 2014 19:07:16 +0200
+Subject: Bluetooth: Fix HCI H5 corrupted ack value
+
+From: Loic Poulain <loic.poulain@intel.com>
+
+commit 4807b51895dce8aa650ebebc51fa4a795ed6b8b8 upstream.
+
+In this expression: seq = (seq - 1) % 8
+seq (u8) is implicitly converted to an int in the arithmetic operation.
+So if seq value is 0, operation is ((0 - 1) % 8) => (-1 % 8) => -1.
+The new seq value is 0xff which is an invalid ACK value, we expect 0x07.
+It leads to frequent dropped ACK and retransmission.
+Fix this by using '&' binary operator instead of '%'.
+
+Signed-off-by: Loic Poulain <loic.poulain@intel.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/bluetooth/hci_h5.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/bluetooth/hci_h5.c
++++ b/drivers/bluetooth/hci_h5.c
+@@ -237,7 +237,7 @@ static void h5_pkt_cull(struct h5 *h5)
+ break;
+
+ to_remove--;
+- seq = (seq - 1) % 8;
++ seq = (seq - 1) & 0x07;
+ }
+
+ if (seq != h5->rx_ack)
--- /dev/null
+From 72c6fb915ff2d30ae14053edee4f0d30019bad76 Mon Sep 17 00:00:00 2001
+From: Johan Hedberg <johan.hedberg@intel.com>
+Date: Fri, 15 Aug 2014 21:06:51 +0300
+Subject: Bluetooth: Fix incorrect LE CoC PDU length restriction based on HCI MTU
+
+From: Johan Hedberg <johan.hedberg@intel.com>
+
+commit 72c6fb915ff2d30ae14053edee4f0d30019bad76 upstream.
+
+The l2cap_create_le_flowctl_pdu() function that l2cap_segment_le_sdu()
+calls is perfectly capable of doing packet fragmentation if given bigger
+PDUs than the HCI buffers allow. Forcing the PDU length based on the HCI
+MTU (conn->mtu) would therefore needlessly strict operation on hardware
+with limited LE buffers (e.g. both Intel and Broadcom seem to have this
+set to just 27 bytes).
+
+This patch removes the restriction and makes it possible to send PDUs of
+the full length that the remote MPS value allows.
+
+Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bluetooth/l2cap_core.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+--- a/net/bluetooth/l2cap_core.c
++++ b/net/bluetooth/l2cap_core.c
+@@ -2608,12 +2608,8 @@ static int l2cap_segment_le_sdu(struct l
+
+ BT_DBG("chan %p, msg %p, len %zu", chan, msg, len);
+
+- pdu_len = chan->conn->mtu - L2CAP_HDR_SIZE;
+-
+- pdu_len = min_t(size_t, pdu_len, chan->remote_mps);
+-
+ sdu_len = len;
+- pdu_len -= L2CAP_SDULEN_SIZE;
++ pdu_len = chan->remote_mps - L2CAP_SDULEN_SIZE;
+
+ while (len > 0) {
+ if (len <= pdu_len)
--- /dev/null
+From 85560c4a828ec9c8573840c9b66487b6ae584768 Mon Sep 17 00:00:00 2001
+From: Champion Chen <champion_chen@realsil.com.cn>
+Date: Sat, 6 Sep 2014 14:06:08 -0500
+Subject: Bluetooth: Fix issue with USB suspend in btusb driver
+
+From: Champion Chen <champion_chen@realsil.com.cn>
+
+commit 85560c4a828ec9c8573840c9b66487b6ae584768 upstream.
+
+Suspend could fail for some platforms because
+btusb_suspend==> btusb_stop_traffic ==> usb_kill_anchored_urbs.
+
+When btusb_bulk_complete returns before system suspend and resubmits
+an URB, the system cannot enter suspend state.
+
+Signed-off-by: Champion Chen <champion_chen@realsil.com.cn>
+Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/bluetooth/btusb.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/drivers/bluetooth/btusb.c
++++ b/drivers/bluetooth/btusb.c
+@@ -309,6 +309,9 @@ static void btusb_intr_complete(struct u
+ BT_ERR("%s corrupted event packet", hdev->name);
+ hdev->stat.err_rx++;
+ }
++ } else if (urb->status == -ENOENT) {
++ /* Avoid suspend failed when usb_kill_urb */
++ return;
+ }
+
+ if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
+@@ -397,6 +400,9 @@ static void btusb_bulk_complete(struct u
+ BT_ERR("%s corrupted ACL packet", hdev->name);
+ hdev->stat.err_rx++;
+ }
++ } else if (urb->status == -ENOENT) {
++ /* Avoid suspend failed when usb_kill_urb */
++ return;
+ }
+
+ if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
+@@ -491,6 +497,9 @@ static void btusb_isoc_complete(struct u
+ hdev->stat.err_rx++;
+ }
+ }
++ } else if (urb->status == -ENOENT) {
++ /* Avoid suspend failed when usb_kill_urb */
++ return;
+ }
+
+ if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
--- /dev/null
+From 0b37e097a648aa71d4db1ad108001e95b69a2da4 Mon Sep 17 00:00:00 2001
+From: Yann Droneaud <ydroneaud@opteya.com>
+Date: Thu, 9 Oct 2014 15:24:40 -0700
+Subject: fanotify: enable close-on-exec on events' fd when requested in fanotify_init()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Yann Droneaud <ydroneaud@opteya.com>
+
+commit 0b37e097a648aa71d4db1ad108001e95b69a2da4 upstream.
+
+According to commit 80af258867648 ("fanotify: groups can specify their
+f_flags for new fd"), file descriptors created as part of file access
+notification events inherit flags from the event_f_flags argument passed
+to syscall fanotify_init(2)[1].
+
+Unfortunately O_CLOEXEC is currently silently ignored.
+
+Indeed, event_f_flags are only given to dentry_open(), which only seems to
+care about O_ACCMODE and O_PATH in do_dentry_open(), O_DIRECT in
+open_check_o_direct() and O_LARGEFILE in generic_file_open().
+
+It's a pity, since, according to some lookup on various search engines and
+http://codesearch.debian.net/, there's already some userspace code which
+use O_CLOEXEC:
+
+- in systemd's readahead[2]:
+
+ fanotify_fd = fanotify_init(FAN_CLOEXEC|FAN_NONBLOCK, O_RDONLY|O_LARGEFILE|O_CLOEXEC|O_NOATIME);
+
+- in clsync[3]:
+
+ #define FANOTIFY_EVFLAGS (O_LARGEFILE|O_RDONLY|O_CLOEXEC)
+
+ int fanotify_d = fanotify_init(FANOTIFY_FLAGS, FANOTIFY_EVFLAGS);
+
+- in examples [4] from "Filesystem monitoring in the Linux
+ kernel" article[5] by Aleksander Morgado:
+
+ if ((fanotify_fd = fanotify_init (FAN_CLOEXEC,
+ O_RDONLY | O_CLOEXEC | O_LARGEFILE)) < 0)
+
+Additionally, since commit 48149e9d3a7e ("fanotify: check file flags
+passed in fanotify_init"). having O_CLOEXEC as part of fanotify_init()
+second argument is expressly allowed.
+
+So it seems expected to set close-on-exec flag on the file descriptors if
+userspace is allowed to request it with O_CLOEXEC.
+
+But Andrew Morton raised[6] the concern that enabling now close-on-exec
+might break existing applications which ask for O_CLOEXEC but expect the
+file descriptor to be inherited across exec().
+
+In the other hand, as reported by Mihai Dontu[7] close-on-exec on the file
+descriptor returned as part of file access notify can break applications
+due to deadlock. So close-on-exec is needed for most applications.
+
+More, applications asking for close-on-exec are likely expecting it to be
+enabled, relying on O_CLOEXEC being effective. If not, it might weaken
+their security, as noted by Jan Kara[8].
+
+So this patch replaces call to macro get_unused_fd() by a call to function
+get_unused_fd_flags() with event_f_flags value as argument. This way
+O_CLOEXEC flag in the second argument of fanotify_init(2) syscall is
+interpreted and close-on-exec get enabled when requested.
+
+[1] http://man7.org/linux/man-pages/man2/fanotify_init.2.html
+[2] http://cgit.freedesktop.org/systemd/systemd/tree/src/readahead/readahead-collect.c?id=v208#n294
+[3] https://github.com/xaionaro/clsync/blob/v0.2.1/sync.c#L1631
+ https://github.com/xaionaro/clsync/blob/v0.2.1/configuration.h#L38
+[4] http://www.lanedo.com/~aleksander/fanotify/fanotify-example.c
+[5] http://www.lanedo.com/2013/filesystem-monitoring-linux-kernel/
+[6] http://lkml.kernel.org/r/20141001153621.65e9258e65a6167bf2e4cb50@linux-foundation.org
+[7] http://lkml.kernel.org/r/20141002095046.3715eb69@mdontu-l
+[8] http://lkml.kernel.org/r/20141002104410.GB19748@quack.suse.cz
+
+Link: http://lkml.kernel.org/r/cover.1411562410.git.ydroneaud@opteya.com
+Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Reviewed by: Heinrich Schuchardt <xypron.glpk@gmx.de>
+Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
+Cc: Mihai Don\u021bu <mihai.dontu@gmail.com>
+Cc: Pádraig Brady <P@draigBrady.com>
+Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
+Cc: Jan Kara <jack@suse.cz>
+Cc: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
+Cc: Michael Kerrisk-manpages <mtk.manpages@gmail.com>
+Cc: Lino Sanfilippo <LinoSanfilippo@gmx.de>
+Cc: Richard Guy Briggs <rgb@redhat.com>
+Cc: Eric Paris <eparis@redhat.com>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Michael Kerrisk <mtk.manpages@gmail.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/notify/fanotify/fanotify_user.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/notify/fanotify/fanotify_user.c
++++ b/fs/notify/fanotify/fanotify_user.c
+@@ -71,7 +71,7 @@ static int create_fd(struct fsnotify_gro
+
+ pr_debug("%s: group=%p event=%p\n", __func__, group, event);
+
+- client_fd = get_unused_fd();
++ client_fd = get_unused_fd_flags(group->fanotify_data.f_flags);
+ if (client_fd < 0)
+ return client_fd;
+
--- /dev/null
+From 76835b0ebf8a7fe85beb03c75121419a7dec52f0 Mon Sep 17 00:00:00 2001
+From: Catalin Marinas <catalin.marinas@arm.com>
+Date: Fri, 17 Oct 2014 17:38:49 +0100
+Subject: futex: Ensure get_futex_key_refs() always implies a barrier
+
+From: Catalin Marinas <catalin.marinas@arm.com>
+
+commit 76835b0ebf8a7fe85beb03c75121419a7dec52f0 upstream.
+
+Commit b0c29f79ecea (futexes: Avoid taking the hb->lock if there's
+nothing to wake up) changes the futex code to avoid taking a lock when
+there are no waiters. This code has been subsequently fixed in commit
+11d4616bd07f (futex: revert back to the explicit waiter counting code).
+Both the original commit and the fix-up rely on get_futex_key_refs() to
+always imply a barrier.
+
+However, for private futexes, none of the cases in the switch statement
+of get_futex_key_refs() would be hit and the function completes without
+a memory barrier as required before checking the "waiters" in
+futex_wake() -> hb_waiters_pending(). The consequence is a race with a
+thread waiting on a futex on another CPU, allowing the waker thread to
+read "waiters == 0" while the waiter thread to have read "futex_val ==
+locked" (in kernel).
+
+Without this fix, the problem (user space deadlocks) can be seen with
+Android bionic's mutex implementation on an arm64 multi-cluster system.
+
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Reported-by: Matteo Franchin <Matteo.Franchin@arm.com>
+Fixes: b0c29f79ecea (futexes: Avoid taking the hb->lock if there's nothing to wake up)
+Acked-by: Davidlohr Bueso <dave@stgolabs.net>
+Tested-by: Mike Galbraith <umgwanakikbuti@gmail.com>
+Cc: Darren Hart <dvhart@linux.intel.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Ingo Molnar <mingo@kernel.org>
+Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/futex.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -329,6 +329,8 @@ static void get_futex_key_refs(union fut
+ case FUT_OFF_MMSHARED:
+ futex_get_mm(key); /* implies MB (B) */
+ break;
++ default:
++ smp_mb(); /* explicit MB (B) */
+ }
+ }
+
--- /dev/null
+From 27cd1fc3ae5374a4a86662c67033f15ef27b2461 Mon Sep 17 00:00:00 2001
+From: Dmitry Kasatkin <d.kasatkin@samsung.com>
+Date: Mon, 23 Jun 2014 20:32:56 +0300
+Subject: ima: fix fallback to use new_sync_read()
+
+From: Dmitry Kasatkin <d.kasatkin@samsung.com>
+
+commit 27cd1fc3ae5374a4a86662c67033f15ef27b2461 upstream.
+
+3.16 commit aad4f8bb42af06371aa0e85bf0cd9d52c0494985
+'switch simple generic_file_aio_read() users to ->read_iter()'
+replaced ->aio_read with ->read_iter in most of the file systems
+and introduced new_sync_read() as a replacement for do_sync_read().
+
+Most of file systems set '->read' and ima_kernel_read is not affected.
+When ->read is not set, this patch adopts fallback call changes from the
+vfs_read.
+
+Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
+Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/integrity/ima/ima_crypto.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/security/integrity/ima/ima_crypto.c
++++ b/security/integrity/ima/ima_crypto.c
+@@ -38,19 +38,19 @@ static int ima_kernel_read(struct file *
+ {
+ mm_segment_t old_fs;
+ char __user *buf = addr;
+- ssize_t ret;
++ ssize_t ret = -EINVAL;
+
+ if (!(file->f_mode & FMODE_READ))
+ return -EBADF;
+- if (!file->f_op->read && !file->f_op->aio_read)
+- return -EINVAL;
+
+ old_fs = get_fs();
+ set_fs(get_ds());
+ if (file->f_op->read)
+ ret = file->f_op->read(file, buf, count, &offset);
+- else
++ else if (file->f_op->aio_read)
+ ret = do_sync_read(file, buf, count, &offset);
++ else if (file->f_op->read_iter)
++ ret = new_sync_read(file, buf, count, &offset);
+ set_fs(old_fs);
+ return ret;
+ }
--- /dev/null
+From b151d6b00bbb798c58f2f21305e7d43fa763f34f Mon Sep 17 00:00:00 2001
+From: Dmitry Kasatkin <d.kasatkin@samsung.com>
+Date: Fri, 27 Jun 2014 18:04:27 +0300
+Subject: ima: provide flag to identify new empty files
+
+From: Dmitry Kasatkin <d.kasatkin@samsung.com>
+
+commit b151d6b00bbb798c58f2f21305e7d43fa763f34f upstream.
+
+On ima_file_free(), newly created empty files are not labeled with
+an initial security.ima value, because the iversion did not change.
+Commit dff6efc "fs: fix iversion handling" introduced a change in
+iversion behavior. To verify this change use the shell command:
+
+ $ (exec >foo)
+ $ getfattr -h -e hex -d -m security foo
+
+This patch defines the IMA_NEW_FILE flag. The flag is initially
+set, when IMA detects that a new file is created, and subsequently
+checked on the ima_file_free() hook to set the initial security.ima
+value.
+
+Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
+Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/integrity/ima/ima_appraise.c | 7 +++++--
+ security/integrity/ima/ima_main.c | 12 +++++++-----
+ security/integrity/integrity.h | 1 +
+ 3 files changed, 13 insertions(+), 7 deletions(-)
+
+--- a/security/integrity/ima/ima_appraise.c
++++ b/security/integrity/ima/ima_appraise.c
+@@ -194,8 +194,11 @@ int ima_appraise_measurement(int func, s
+ goto out;
+
+ cause = "missing-hash";
+- status =
+- (inode->i_size == 0) ? INTEGRITY_PASS : INTEGRITY_NOLABEL;
++ status = INTEGRITY_NOLABEL;
++ if (inode->i_size == 0) {
++ iint->flags |= IMA_NEW_FILE;
++ status = INTEGRITY_PASS;
++ }
+ goto out;
+ }
+
+--- a/security/integrity/ima/ima_main.c
++++ b/security/integrity/ima/ima_main.c
+@@ -131,11 +131,13 @@ static void ima_check_last_writer(struct
+ return;
+
+ mutex_lock(&inode->i_mutex);
+- if (atomic_read(&inode->i_writecount) == 1 &&
+- iint->version != inode->i_version) {
+- iint->flags &= ~IMA_DONE_MASK;
+- if (iint->flags & IMA_APPRAISE)
+- ima_update_xattr(iint, file);
++ if (atomic_read(&inode->i_writecount) == 1) {
++ if ((iint->version != inode->i_version) ||
++ (iint->flags & IMA_NEW_FILE)) {
++ iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE);
++ if (iint->flags & IMA_APPRAISE)
++ ima_update_xattr(iint, file);
++ }
+ }
+ mutex_unlock(&inode->i_mutex);
+ }
+--- a/security/integrity/integrity.h
++++ b/security/integrity/integrity.h
+@@ -31,6 +31,7 @@
+ #define IMA_DIGSIG 0x01000000
+ #define IMA_DIGSIG_REQUIRED 0x02000000
+ #define IMA_PERMIT_DIRECTIO 0x04000000
++#define IMA_NEW_FILE 0x08000000
+
+ #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \
+ IMA_APPRAISE_SUBMASK)
--- /dev/null
+From 4f08970f5284dce486f0e2290834aefb2a262189 Mon Sep 17 00:00:00 2001
+From: Oren Givon <oren.givon@intel.com>
+Date: Wed, 17 Sep 2014 10:31:56 +0300
+Subject: iwlwifi: Add missing PCI IDs for the 7260 series
+
+From: Oren Givon <oren.givon@intel.com>
+
+commit 4f08970f5284dce486f0e2290834aefb2a262189 upstream.
+
+Add 4 missing PCI IDs for the 7260 series.
+
+Signed-off-by: Oren Givon <oren.givon@intel.com>
+Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/iwlwifi/pcie/drv.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/net/wireless/iwlwifi/pcie/drv.c
++++ b/drivers/net/wireless/iwlwifi/pcie/drv.c
+@@ -272,6 +272,8 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_ca
+ {IWL_PCI_DEVICE(0x08B1, 0x4070, iwl7260_2ac_cfg)},
+ {IWL_PCI_DEVICE(0x08B1, 0x4072, iwl7260_2ac_cfg)},
+ {IWL_PCI_DEVICE(0x08B1, 0x4170, iwl7260_2ac_cfg)},
++ {IWL_PCI_DEVICE(0x08B1, 0x4C60, iwl7260_2ac_cfg)},
++ {IWL_PCI_DEVICE(0x08B1, 0x4C70, iwl7260_2ac_cfg)},
+ {IWL_PCI_DEVICE(0x08B1, 0x4060, iwl7260_2n_cfg)},
+ {IWL_PCI_DEVICE(0x08B1, 0x406A, iwl7260_2n_cfg)},
+ {IWL_PCI_DEVICE(0x08B1, 0x4160, iwl7260_2n_cfg)},
+@@ -315,6 +317,8 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_ca
+ {IWL_PCI_DEVICE(0x08B1, 0xC770, iwl7260_2ac_cfg)},
+ {IWL_PCI_DEVICE(0x08B1, 0xC760, iwl7260_2n_cfg)},
+ {IWL_PCI_DEVICE(0x08B2, 0xC270, iwl7260_2ac_cfg)},
++ {IWL_PCI_DEVICE(0x08B1, 0xCC70, iwl7260_2ac_cfg)},
++ {IWL_PCI_DEVICE(0x08B1, 0xCC60, iwl7260_2ac_cfg)},
+ {IWL_PCI_DEVICE(0x08B2, 0xC272, iwl7260_2ac_cfg)},
+ {IWL_PCI_DEVICE(0x08B2, 0xC260, iwl7260_2n_cfg)},
+ {IWL_PCI_DEVICE(0x08B2, 0xC26A, iwl7260_n_cfg)},
--- /dev/null
+From 71458cfc782eafe4b27656e078d379a34e472adf Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sasha.levin@oracle.com>
+Date: Mon, 13 Oct 2014 15:51:05 -0700
+Subject: kernel: add support for gcc 5
+
+From: Sasha Levin <sasha.levin@oracle.com>
+
+commit 71458cfc782eafe4b27656e078d379a34e472adf upstream.
+
+We're missing include/linux/compiler-gcc5.h which is required now
+because gcc branched off to v5 in trunk.
+
+Just copy the relevant bits out of include/linux/compiler-gcc4.h,
+no new code is added as of now.
+
+This fixes a build error when using gcc 5.
+
+Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/compiler-gcc5.h | 66 ++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 66 insertions(+)
+
+--- /dev/null
++++ b/include/linux/compiler-gcc5.h
+@@ -0,0 +1,66 @@
++#ifndef __LINUX_COMPILER_H
++#error "Please don't include <linux/compiler-gcc5.h> directly, include <linux/compiler.h> instead."
++#endif
++
++#define __used __attribute__((__used__))
++#define __must_check __attribute__((warn_unused_result))
++#define __compiler_offsetof(a, b) __builtin_offsetof(a, b)
++
++/* Mark functions as cold. gcc will assume any path leading to a call
++ to them will be unlikely. This means a lot of manual unlikely()s
++ are unnecessary now for any paths leading to the usual suspects
++ like BUG(), printk(), panic() etc. [but let's keep them for now for
++ older compilers]
++
++ Early snapshots of gcc 4.3 don't support this and we can't detect this
++ in the preprocessor, but we can live with this because they're unreleased.
++ Maketime probing would be overkill here.
++
++ gcc also has a __attribute__((__hot__)) to move hot functions into
++ a special section, but I don't see any sense in this right now in
++ the kernel context */
++#define __cold __attribute__((__cold__))
++
++#define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
++
++#ifndef __CHECKER__
++# define __compiletime_warning(message) __attribute__((warning(message)))
++# define __compiletime_error(message) __attribute__((error(message)))
++#endif /* __CHECKER__ */
++
++/*
++ * Mark a position in code as unreachable. This can be used to
++ * suppress control flow warnings after asm blocks that transfer
++ * control elsewhere.
++ *
++ * Early snapshots of gcc 4.5 don't support this and we can't detect
++ * this in the preprocessor, but we can live with this because they're
++ * unreleased. Really, we need to have autoconf for the kernel.
++ */
++#define unreachable() __builtin_unreachable()
++
++/* Mark a function definition as prohibited from being cloned. */
++#define __noclone __attribute__((__noclone__))
++
++/*
++ * Tell the optimizer that something else uses this function or variable.
++ */
++#define __visible __attribute__((externally_visible))
++
++/*
++ * GCC 'asm goto' miscompiles certain code sequences:
++ *
++ * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
++ *
++ * Work it around via a compiler barrier quirk suggested by Jakub Jelinek.
++ * Fixed in GCC 4.8.2 and later versions.
++ *
++ * (asm goto is automatically volatile - the naming reflects this.)
++ */
++#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
++
++#ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
++#define __HAVE_BUILTIN_BSWAP32__
++#define __HAVE_BUILTIN_BSWAP64__
++#define __HAVE_BUILTIN_BSWAP16__
++#endif /* CONFIG_ARCH_USE_BUILTIN_BSWAP */
--- /dev/null
+From 934f3072c17cc8886f4c043b47eeeb1b12f8de33 Mon Sep 17 00:00:00 2001
+From: Junxiao Bi <junxiao.bi@oracle.com>
+Date: Thu, 9 Oct 2014 15:28:23 -0700
+Subject: mm: clear __GFP_FS when PF_MEMALLOC_NOIO is set
+
+From: Junxiao Bi <junxiao.bi@oracle.com>
+
+commit 934f3072c17cc8886f4c043b47eeeb1b12f8de33 upstream.
+
+commit 21caf2fc1931 ("mm: teach mm by current context info to not do I/O
+during memory allocation") introduces PF_MEMALLOC_NOIO flag to avoid doing
+I/O inside memory allocation, __GFP_IO is cleared when this flag is set,
+but __GFP_FS implies __GFP_IO, it should also be cleared. Or it may still
+run into I/O, like in superblock shrinker. And this will make the kernel
+run into the deadlock case described in that commit.
+
+See Dave Chinner's comment about io in superblock shrinker:
+
+Filesystem shrinkers do indeed perform IO from the superblock shrinker and
+have for years. Even clean inodes can require IO before they can be freed
+- e.g. on an orphan list, need truncation of post-eof blocks, need to
+wait for ordered operations to complete before it can be freed, etc.
+
+IOWs, Ext4, btrfs and XFS all can issue and/or block on arbitrary amounts
+of IO in the superblock shrinker context. XFS, in particular, has been
+doing transactions and IO from the VFS inode cache shrinker since it was
+first introduced....
+
+Fix this by clearing __GFP_FS in memalloc_noio_flags(), this function has
+masked all the gfp_mask that will be passed into fs for the processes
+setting PF_MEMALLOC_NOIO in the direct reclaim path.
+
+v1 thread at: https://lkml.org/lkml/2014/9/3/32
+
+Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com>
+Cc: Dave Chinner <david@fromorbit.com>
+Cc: joyce.xue <xuejiufei@huawei.com>
+Cc: Ming Lei <ming.lei@canonical.com>
+Cc: Trond Myklebust <trond.myklebust@primarydata.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/sched.h | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/include/linux/sched.h
++++ b/include/linux/sched.h
+@@ -1876,11 +1876,13 @@ extern void thread_group_cputime_adjuste
+ #define tsk_used_math(p) ((p)->flags & PF_USED_MATH)
+ #define used_math() tsk_used_math(current)
+
+-/* __GFP_IO isn't allowed if PF_MEMALLOC_NOIO is set in current->flags */
++/* __GFP_IO isn't allowed if PF_MEMALLOC_NOIO is set in current->flags
++ * __GFP_FS is also cleared as it implies __GFP_IO.
++ */
+ static inline gfp_t memalloc_noio_flags(gfp_t flags)
+ {
+ if (unlikely(current->flags & PF_MEMALLOC_NOIO))
+- flags &= ~__GFP_IO;
++ flags &= ~(__GFP_IO | __GFP_FS);
+ return flags;
+ }
+
--- /dev/null
+From 89ec3dcf17fd3fa009ecf8faaba36828dd6bc416 Mon Sep 17 00:00:00 2001
+From: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
+Date: Wed, 27 Aug 2014 14:57:57 +0200
+Subject: PCI: Generate uppercase hex for modalias interface class
+
+From: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
+
+commit 89ec3dcf17fd3fa009ecf8faaba36828dd6bc416 upstream.
+
+Some implementations of modprobe fail to load the driver for a PCI device
+automatically because the "interface" part of the modalias from the kernel
+is lowercase, and the modalias from file2alias is uppercase.
+
+The "interface" is the low-order byte of the Class Code, defined in PCI
+r3.0, Appendix D. Most interface types defined in the spec do not use
+alpha characters, so they won't be affected. For example, 00h, 01h, 10h,
+20h, etc. are unaffected.
+
+Print the "interface" byte of the Class Code in uppercase hex, as we
+already do for the Vendor ID, Device ID, Class, etc.
+
+[bhelgaas: changelog]
+Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/pci-sysfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/pci/pci-sysfs.c
++++ b/drivers/pci/pci-sysfs.c
+@@ -178,7 +178,7 @@ static ssize_t modalias_show(struct devi
+ {
+ struct pci_dev *pci_dev = to_pci_dev(dev);
+
+- return sprintf(buf, "pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02x\n",
++ return sprintf(buf, "pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02X\n",
+ pci_dev->vendor, pci_dev->device,
+ pci_dev->subsystem_vendor, pci_dev->subsystem_device,
+ (u8)(pci_dev->class >> 16), (u8)(pci_dev->class >> 8),
--- /dev/null
+From 9fe373f9997b48fcd6222b95baf4a20c134b587a Mon Sep 17 00:00:00 2001
+From: Douglas Lehr <dllehr@us.ibm.com>
+Date: Thu, 21 Aug 2014 09:26:52 +1000
+Subject: PCI: Increase IBM ipr SAS Crocodile BARs to at least system page size
+
+From: Douglas Lehr <dllehr@us.ibm.com>
+
+commit 9fe373f9997b48fcd6222b95baf4a20c134b587a upstream.
+
+The Crocodile chip occasionally comes up with 4k and 8k BAR sizes. Due to
+an erratum, setting the SR-IOV page size causes the physical function BARs
+to expand to the system page size. Since ppc64 uses 64k pages, when Linux
+tries to assign the smaller resource sizes to the now 64k BARs the address
+will be truncated and the BARs will overlap.
+
+Force Linux to allocate the resource as a full page, which avoids the
+overlap.
+
+[bhelgaas: print expanded resource, too]
+Signed-off-by: Douglas Lehr <dllehr@us.ibm.com>
+Signed-off-by: Anton Blanchard <anton@samba.org>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Acked-by: Milton Miller <miltonm@us.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/quirks.c | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+--- a/drivers/pci/quirks.c
++++ b/drivers/pci/quirks.c
+@@ -24,6 +24,7 @@
+ #include <linux/ioport.h>
+ #include <linux/sched.h>
+ #include <linux/ktime.h>
++#include <linux/mm.h>
+ #include <asm/dma.h> /* isa_dma_bridge_buggy */
+ #include "pci.h"
+
+@@ -287,6 +288,25 @@ static void quirk_citrine(struct pci_dev
+ }
+ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_IBM, PCI_DEVICE_ID_IBM_CITRINE, quirk_citrine);
+
++/* On IBM Crocodile ipr SAS adapters, expand BAR to system page size */
++static void quirk_extend_bar_to_page(struct pci_dev *dev)
++{
++ int i;
++
++ for (i = 0; i < PCI_STD_RESOURCE_END; i++) {
++ struct resource *r = &dev->resource[i];
++
++ if (r->flags & IORESOURCE_MEM && resource_size(r) < PAGE_SIZE) {
++ r->end = PAGE_SIZE - 1;
++ r->start = 0;
++ r->flags |= IORESOURCE_UNSET;
++ dev_info(&dev->dev, "expanded BAR %d to page size: %pR\n",
++ i, r);
++ }
++ }
++}
++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_IBM, 0x034a, quirk_extend_bar_to_page);
++
+ /*
+ * S3 868 and 968 chips report region size equal to 32M, but they decode 64M.
+ * If it's needed, re-allocate the region.
--- /dev/null
+From 56fab6e189441d714a2bfc8a64f3df9c0749dff7 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Date: Wed, 17 Sep 2014 17:58:27 +0200
+Subject: PCI: mvebu: Fix uninitialized variable in mvebu_get_tgt_attr()
+
+From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+
+commit 56fab6e189441d714a2bfc8a64f3df9c0749dff7 upstream.
+
+Geert Uytterhoeven reported a warning when building pci-mvebu:
+
+ drivers/pci/host/pci-mvebu.c: In function 'mvebu_get_tgt_attr':
+ drivers/pci/host/pci-mvebu.c:887:39: warning: 'rtype' may be used uninitialized in this function [-Wmaybe-uninitialized]
+ if (slot == PCI_SLOT(devfn) && type == rtype) {
+ ^
+
+And indeed, the code of mvebu_get_tgt_attr() may lead to the usage of rtype
+when being uninitialized, even though it would only happen if we had
+entries other than I/O space and 32 bits memory space.
+
+This commit fixes that by simply skipping the current DT range being
+considered, if it doesn't match the resource type we're looking for.
+
+Reported-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/host/pci-mvebu.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/pci/host/pci-mvebu.c
++++ b/drivers/pci/host/pci-mvebu.c
+@@ -855,7 +855,7 @@ static int mvebu_get_tgt_attr(struct dev
+ rangesz = pna + na + ns;
+ nranges = rlen / sizeof(__be32) / rangesz;
+
+- for (i = 0; i < nranges; i++) {
++ for (i = 0; i < nranges; i++, range += rangesz) {
+ u32 flags = of_read_number(range, 1);
+ u32 slot = of_read_number(range + 1, 1);
+ u64 cpuaddr = of_read_number(range + na, pna);
+@@ -865,14 +865,14 @@ static int mvebu_get_tgt_attr(struct dev
+ rtype = IORESOURCE_IO;
+ else if (DT_FLAGS_TO_TYPE(flags) == DT_TYPE_MEM32)
+ rtype = IORESOURCE_MEM;
++ else
++ continue;
+
+ if (slot == PCI_SLOT(devfn) && type == rtype) {
+ *tgt = DT_CPUADDR_TO_TARGET(cpuaddr);
+ *attr = DT_CPUADDR_TO_ATTR(cpuaddr);
+ return 0;
+ }
+-
+- range += rangesz;
+ }
+
+ return -ENOENT;
--- /dev/null
+From bceee4a97eb58bd0e80e39eff11b506ddd9e7ad3 Mon Sep 17 00:00:00 2001
+From: Andreas Noever <andreas.noever@gmail.com>
+Date: Tue, 16 Sep 2014 15:16:02 -0600
+Subject: PCI: pciehp: Prevent NULL dereference during probe
+
+From: Andreas Noever <andreas.noever@gmail.com>
+
+commit bceee4a97eb58bd0e80e39eff11b506ddd9e7ad3 upstream.
+
+pciehp assumes that dev->subordinate, the struct pci_bus for a bridge's
+secondary bus, exists. But we do not create that bus if we run out of bus
+numbers during enumeration. This leads to a NULL dereference in
+init_slot() (and other places).
+
+Change pciehp_probe() to return -ENODEV when no secondary bus is present.
+
+Signed-off-by: Andreas Noever <andreas.noever@gmail.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/hotplug/pciehp_core.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/drivers/pci/hotplug/pciehp_core.c
++++ b/drivers/pci/hotplug/pciehp_core.c
+@@ -254,6 +254,13 @@ static int pciehp_probe(struct pcie_devi
+ else if (pciehp_acpi_slot_detection_check(dev->port))
+ goto err_out_none;
+
++ if (!dev->port->subordinate) {
++ /* Can happen if we run out of bus numbers during probe */
++ dev_err(&dev->device,
++ "Hotplug bridge without secondary bus, ignoring\n");
++ goto err_out_none;
++ }
++
+ ctrl = pcie_init(dev);
+ if (!ctrl) {
+ dev_err(&dev->device, "Controller initialization failed\n");
--- /dev/null
+From 9410e0185e65394c0c6d046033904b53b97a9423 Mon Sep 17 00:00:00 2001
+From: Alexey Kardashevskiy <aik@ozlabs.ru>
+Date: Thu, 25 Sep 2014 16:39:18 +1000
+Subject: powerpc/iommu/ddw: Fix endianness
+
+From: Alexey Kardashevskiy <aik@ozlabs.ru>
+
+commit 9410e0185e65394c0c6d046033904b53b97a9423 upstream.
+
+rtas_call() accepts and returns values in CPU endianness.
+The ddw_query_response and ddw_create_response structs members are
+defined and treated as BE but as they are passed to rtas_call() as
+(u32 *) and they get byteswapped automatically, the data is CPU-endian.
+This fixes ddw_query_response and ddw_create_response definitions and use.
+
+of_read_number() is designed to work with device tree cells - it assumes
+the input is big-endian and returns data in CPU-endian. However due
+to the ddw_create_response struct fix, create.addr_hi/lo are already
+CPU-endian so do not byteswap them.
+
+ddw_avail is a pointer to the "ibm,ddw-applicable" property which contains
+3 cells which are big-endian as it is a device tree. rtas_call() accepts
+a RTAS token in CPU-endian. This makes use of of_property_read_u32_array
+to byte swap and avoid the need for a number of be32_to_cpu calls.
+
+Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+[aik: folded Anton's patch with of_property_read_u32_array]
+Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
+Acked-by: Anton Blanchard <anton@samba.org>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/platforms/pseries/iommu.c | 51 ++++++++++++++++++---------------
+ 1 file changed, 28 insertions(+), 23 deletions(-)
+
+--- a/arch/powerpc/platforms/pseries/iommu.c
++++ b/arch/powerpc/platforms/pseries/iommu.c
+@@ -329,16 +329,16 @@ struct direct_window {
+
+ /* Dynamic DMA Window support */
+ struct ddw_query_response {
+- __be32 windows_available;
+- __be32 largest_available_block;
+- __be32 page_size;
+- __be32 migration_capable;
++ u32 windows_available;
++ u32 largest_available_block;
++ u32 page_size;
++ u32 migration_capable;
+ };
+
+ struct ddw_create_response {
+- __be32 liobn;
+- __be32 addr_hi;
+- __be32 addr_lo;
++ u32 liobn;
++ u32 addr_hi;
++ u32 addr_lo;
+ };
+
+ static LIST_HEAD(direct_window_list);
+@@ -725,16 +725,18 @@ static void remove_ddw(struct device_nod
+ {
+ struct dynamic_dma_window_prop *dwp;
+ struct property *win64;
+- const u32 *ddw_avail;
++ u32 ddw_avail[3];
+ u64 liobn;
+- int len, ret = 0;
++ int ret = 0;
++
++ ret = of_property_read_u32_array(np, "ibm,ddw-applicable",
++ &ddw_avail[0], 3);
+
+- ddw_avail = of_get_property(np, "ibm,ddw-applicable", &len);
+ win64 = of_find_property(np, DIRECT64_PROPNAME, NULL);
+ if (!win64)
+ return;
+
+- if (!ddw_avail || len < 3 * sizeof(u32) || win64->length < sizeof(*dwp))
++ if (ret || win64->length < sizeof(*dwp))
+ goto delprop;
+
+ dwp = win64->value;
+@@ -872,8 +874,9 @@ static int create_ddw(struct pci_dev *de
+
+ do {
+ /* extra outputs are LIOBN and dma-addr (hi, lo) */
+- ret = rtas_call(ddw_avail[1], 5, 4, (u32 *)create, cfg_addr,
+- BUID_HI(buid), BUID_LO(buid), page_shift, window_shift);
++ ret = rtas_call(ddw_avail[1], 5, 4, (u32 *)create,
++ cfg_addr, BUID_HI(buid), BUID_LO(buid),
++ page_shift, window_shift);
+ } while (rtas_busy_delay(ret));
+ dev_info(&dev->dev,
+ "ibm,create-pe-dma-window(%x) %x %x %x %x %x returned %d "
+@@ -910,7 +913,7 @@ static u64 enable_ddw(struct pci_dev *de
+ int page_shift;
+ u64 dma_addr, max_addr;
+ struct device_node *dn;
+- const u32 *uninitialized_var(ddw_avail);
++ u32 ddw_avail[3];
+ struct direct_window *window;
+ struct property *win64;
+ struct dynamic_dma_window_prop *ddwprop;
+@@ -942,8 +945,9 @@ static u64 enable_ddw(struct pci_dev *de
+ * for the given node in that order.
+ * the property is actually in the parent, not the PE
+ */
+- ddw_avail = of_get_property(pdn, "ibm,ddw-applicable", &len);
+- if (!ddw_avail || len < 3 * sizeof(u32))
++ ret = of_property_read_u32_array(pdn, "ibm,ddw-applicable",
++ &ddw_avail[0], 3);
++ if (ret)
+ goto out_failed;
+
+ /*
+@@ -966,11 +970,11 @@ static u64 enable_ddw(struct pci_dev *de
+ dev_dbg(&dev->dev, "no free dynamic windows");
+ goto out_failed;
+ }
+- if (be32_to_cpu(query.page_size) & 4) {
++ if (query.page_size & 4) {
+ page_shift = 24; /* 16MB */
+- } else if (be32_to_cpu(query.page_size) & 2) {
++ } else if (query.page_size & 2) {
+ page_shift = 16; /* 64kB */
+- } else if (be32_to_cpu(query.page_size) & 1) {
++ } else if (query.page_size & 1) {
+ page_shift = 12; /* 4kB */
+ } else {
+ dev_dbg(&dev->dev, "no supported direct page size in mask %x",
+@@ -980,7 +984,7 @@ static u64 enable_ddw(struct pci_dev *de
+ /* verify the window * number of ptes will map the partition */
+ /* check largest block * page size > max memory hotplug addr */
+ max_addr = memory_hotplug_max();
+- if (be32_to_cpu(query.largest_available_block) < (max_addr >> page_shift)) {
++ if (query.largest_available_block < (max_addr >> page_shift)) {
+ dev_dbg(&dev->dev, "can't map partiton max 0x%llx with %u "
+ "%llu-sized pages\n", max_addr, query.largest_available_block,
+ 1ULL << page_shift);
+@@ -1006,8 +1010,9 @@ static u64 enable_ddw(struct pci_dev *de
+ if (ret != 0)
+ goto out_free_prop;
+
+- ddwprop->liobn = create.liobn;
+- ddwprop->dma_base = cpu_to_be64(of_read_number(&create.addr_hi, 2));
++ ddwprop->liobn = cpu_to_be32(create.liobn);
++ ddwprop->dma_base = cpu_to_be64(((u64)create.addr_hi << 32) |
++ create.addr_lo);
+ ddwprop->tce_shift = cpu_to_be32(page_shift);
+ ddwprop->window_shift = cpu_to_be32(len);
+
+@@ -1039,7 +1044,7 @@ static u64 enable_ddw(struct pci_dev *de
+ list_add(&window->list, &direct_window_list);
+ spin_unlock(&direct_window_list_lock);
+
+- dma_addr = of_read_number(&create.addr_hi, 2);
++ dma_addr = be64_to_cpu(ddwprop->dma_base);
+ goto out_unlock;
+
+ out_free_window:
--- /dev/null
+From 01f7feeaf4528bec83798316b3c811701bac5d3e Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 24 Sep 2014 11:24:54 +0200
+Subject: rt2800: correct BBP1_TX_POWER_CTRL mask
+
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+
+commit 01f7feeaf4528bec83798316b3c811701bac5d3e upstream.
+
+Two bits control TX power on BBP_R1 register. Correct the mask,
+otherwise we clear additional bit on BBP_R1 register, what can have
+unknown, possible negative effect.
+
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/rt2x00/rt2800.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/rt2x00/rt2800.h
++++ b/drivers/net/wireless/rt2x00/rt2800.h
+@@ -2039,7 +2039,7 @@ struct mac_iveiv_entry {
+ * 2 - drop tx power by 12dBm,
+ * 3 - increase tx power by 6dBm
+ */
+-#define BBP1_TX_POWER_CTRL FIELD8(0x07)
++#define BBP1_TX_POWER_CTRL FIELD8(0x03)
+ #define BBP1_TX_ANTENNA FIELD8(0x18)
+
+ /*
nfsv4-fix-lock-recovery-when-create_session-setclientid_confirm-fails.patch
nfsv4-fix-open-lock-state-recovery-error-handling.patch
nfsv4.1-fix-an-nfsv4.1-state-renewal-regression.patch
+iwlwifi-add-missing-pci-ids-for-the-7260-series.patch
+pci-pciehp-prevent-null-dereference-during-probe.patch
+pci-mvebu-fix-uninitialized-variable-in-mvebu_get_tgt_attr.patch
+pci-increase-ibm-ipr-sas-crocodile-bars-to-at-least-system-page-size.patch
+pci-generate-uppercase-hex-for-modalias-interface-class.patch
+rt2800-correct-bbp1_tx_power_ctrl-mask.patch
+bluetooth-fix-hci-h5-corrupted-ack-value.patch
+bluetooth-fix-incorrect-le-coc-pdu-length-restriction-based-on-hci-mtu.patch
+bluetooth-fix-issue-with-usb-suspend-in-btusb-driver.patch
+mm-clear-__gfp_fs-when-pf_memalloc_noio-is-set.patch
+fanotify-enable-close-on-exec-on-events-fd-when-requested-in-fanotify_init.patch
+kernel-add-support-for-gcc-5.patch
+futex-ensure-get_futex_key_refs-always-implies-a-barrier.patch
+powerpc-iommu-ddw-fix-endianness.patch
+ima-fix-fallback-to-use-new_sync_read.patch
+ima-provide-flag-to-identify-new-empty-files.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
