--- /dev/null
+From f89ff6441df06abc2d95f3ef67525923032d6283 Mon Sep 17 00:00:00 2001
+From: Larry Finger <Larry.Finger@lwfinger.net>
+Date: Wed, 24 Oct 2012 08:57:16 -0500
+Subject: b43: Fix oops on unload when firmware not found
+
+From: Larry Finger <Larry.Finger@lwfinger.net>
+
+commit f89ff6441df06abc2d95f3ef67525923032d6283 upstream.
+
+When b43 fails to find firmware when loaded, a subsequent unload will
+oops due to calling ieee80211_unregister_hw() when the corresponding
+register call was never made.
+
+Commit 2d838bb608e2d1f6cb4280e76748cb812dc822e7 fixed the same problem
+for b43legacy.
+
+Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
+Tested-by: Markus Kanet <dvmailing@gmx.eu>
+Cc: Markus Kanet <dvmailing@gmx.eu>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/b43/main.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/net/wireless/b43/main.c
++++ b/drivers/net/wireless/b43/main.c
+@@ -5430,6 +5430,8 @@ static void b43_ssb_remove(struct ssb_de
+ cancel_work_sync(&wldev->restart_work);
+
+ B43_WARN_ON(!wl);
++ if (!wldev->fw.ucode.data)
++ return; /* NULL if firmware never loaded */
+ if (wl->current_dev == wldev) {
+ /* Restore the queues count before unregistering, because firmware detect
+ * might have modified it. Restoring is important, so the networking
--- /dev/null
+From 6285bc231277419255f3498d3eb5ddc9f8e7fe79 Mon Sep 17 00:00:00 2001
+From: Alex Elder <elder@inktank.com>
+Date: Tue, 2 Oct 2012 10:25:51 -0500
+Subject: ceph: avoid 32-bit page index overflow
+
+From: Alex Elder <elder@inktank.com>
+
+commit 6285bc231277419255f3498d3eb5ddc9f8e7fe79 upstream.
+
+A pgoff_t is defined (by default) to have type (unsigned long). On
+architectures such as i686 that's a 32-bit type. The ceph address
+space code was attempting to produce 64 bit offsets by shifting a
+page's index by PAGE_CACHE_SHIFT, but the result was not what was
+desired because the shift occurred before the result got promoted
+to 64 bits.
+
+Fix this by converting all uses of page->index used in this way to
+use the page_offset() macro, which ensures the 64-bit result has the
+intended value.
+
+This fixes http://tracker.newdream.net/issues/3112
+
+Reported-by: Mohamed Pakkeer <pakkeer.mohideen@realimage.com>
+Signed-off-by: Alex Elder <elder@inktank.com>
+Reviewed-by: Sage Weil <sage@inktank.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ceph/addr.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+--- a/fs/ceph/addr.c
++++ b/fs/ceph/addr.c
+@@ -202,7 +202,7 @@ static int readpage_nounlock(struct file
+ dout("readpage inode %p file %p page %p index %lu\n",
+ inode, filp, page, page->index);
+ err = ceph_osdc_readpages(osdc, ceph_vino(inode), &ci->i_layout,
+- page->index << PAGE_CACHE_SHIFT, &len,
++ (u64) page_offset(page), &len,
+ ci->i_truncate_seq, ci->i_truncate_size,
+ &page, 1, 0);
+ if (err == -ENOENT)
+@@ -283,7 +283,7 @@ static int start_read(struct inode *inod
+ int nr_pages = 0;
+ int ret;
+
+- off = page->index << PAGE_CACHE_SHIFT;
++ off = (u64) page_offset(page);
+
+ /* count pages */
+ next_index = page->index;
+@@ -423,7 +423,7 @@ static int writepage_nounlock(struct pag
+ struct ceph_inode_info *ci;
+ struct ceph_fs_client *fsc;
+ struct ceph_osd_client *osdc;
+- loff_t page_off = page->index << PAGE_CACHE_SHIFT;
++ loff_t page_off = page_offset(page);
+ int len = PAGE_CACHE_SIZE;
+ loff_t i_size;
+ int err = 0;
+@@ -814,8 +814,7 @@ get_more_pages:
+ /* ok */
+ if (locked_pages == 0) {
+ /* prepare async write request */
+- offset = (unsigned long long)page->index
+- << PAGE_CACHE_SHIFT;
++ offset = (u64) page_offset(page);
+ len = wsize;
+ req = ceph_osdc_new_request(&fsc->client->osdc,
+ &ci->i_layout,
+@@ -1177,7 +1176,7 @@ static int ceph_page_mkwrite(struct vm_a
+ struct inode *inode = vma->vm_file->f_dentry->d_inode;
+ struct page *page = vmf->page;
+ struct ceph_mds_client *mdsc = ceph_inode_to_client(inode)->mdsc;
+- loff_t off = page->index << PAGE_CACHE_SHIFT;
++ loff_t off = page_offset(page);
+ loff_t size, len;
+ int ret;
+
--- /dev/null
+From 3e8f43a089f06279c5f76a9ccd42578eebf7bfa5 Mon Sep 17 00:00:00 2001
+From: "Yan, Zheng" <zheng.z.yan@intel.com>
+Date: Thu, 20 Sep 2012 17:42:25 +0800
+Subject: ceph: Fix oops when handling mdsmap that decreases max_mds
+
+From: "Yan, Zheng" <zheng.z.yan@intel.com>
+
+commit 3e8f43a089f06279c5f76a9ccd42578eebf7bfa5 upstream.
+
+When i >= newmap->m_max_mds, ceph_mdsmap_get_addr(newmap, i) return
+NULL. Passing NULL to memcmp() triggers oops.
+
+Signed-off-by: Yan, Zheng <zheng.z.yan@intel.com>
+Signed-off-by: Sage Weil <sage@inktank.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ceph/mds_client.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/ceph/mds_client.c
++++ b/fs/ceph/mds_client.c
+@@ -2636,7 +2636,8 @@ static void check_new_map(struct ceph_md
+ ceph_mdsmap_is_laggy(newmap, i) ? " (laggy)" : "",
+ session_state_name(s->s_state));
+
+- if (memcmp(ceph_mdsmap_get_addr(oldmap, i),
++ if (i >= newmap->m_max_mds ||
++ memcmp(ceph_mdsmap_get_addr(oldmap, i),
+ ceph_mdsmap_get_addr(newmap, i),
+ sizeof(struct ceph_entity_addr))) {
+ if (s->s_state == CEPH_MDS_SESSION_OPENING) {
--- /dev/null
+From ffb5387e85d528fb6d0d924abfa3fbf0fc484071 Mon Sep 17 00:00:00 2001
+From: Eric Sandeen <sandeen@redhat.com>
+Date: Sun, 28 Oct 2012 22:24:57 -0400
+Subject: ext4: fix unjournaled inode bitmap modification
+
+From: Eric Sandeen <sandeen@redhat.com>
+
+commit ffb5387e85d528fb6d0d924abfa3fbf0fc484071 upstream.
+
+commit 119c0d4460b001e44b41dcf73dc6ee794b98bd31 changed
+ext4_new_inode() such that the inode bitmap was being modified
+outside a transaction, which could lead to corruption, and was
+discovered when journal_checksum found a bad checksum in the
+journal during log replay.
+
+Nix ran into this when using the journal_async_commit mount
+option, which enables journal checksumming. The ensuing
+journal replay failures due to the bad checksums led to
+filesystem corruption reported as the now infamous
+"Apparent serious progressive ext4 data corruption bug"
+
+[ Changed by tytso to only call ext4_journal_get_write_access() only
+ when we're fairly certain that we're going to allocate the inode. ]
+
+I've tested this by mounting with journal_checksum and
+running fsstress then dropping power; I've also tested by
+hacking DM to create snapshots w/o first quiescing, which
+allows me to test journal replay repeatedly w/o actually
+power-cycling the box. Without the patch I hit a journal
+checksum error every time. With this fix it survives
+many iterations.
+
+Reported-by: Nix <nix@esperi.org.uk>
+Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/ialloc.c | 19 +++++++++----------
+ 1 file changed, 9 insertions(+), 10 deletions(-)
+
+--- a/fs/ext4/ialloc.c
++++ b/fs/ext4/ialloc.c
+@@ -697,6 +697,10 @@ repeat_in_this_group:
+ "inode=%lu", ino + 1);
+ continue;
+ }
++ BUFFER_TRACE(inode_bitmap_bh, "get_write_access");
++ err = ext4_journal_get_write_access(handle, inode_bitmap_bh);
++ if (err)
++ goto fail;
+ ext4_lock_group(sb, group);
+ ret2 = ext4_test_and_set_bit(ino, inode_bitmap_bh->b_data);
+ ext4_unlock_group(sb, group);
+@@ -710,6 +714,11 @@ repeat_in_this_group:
+ goto out;
+
+ got:
++ BUFFER_TRACE(inode_bitmap_bh, "call ext4_handle_dirty_metadata");
++ err = ext4_handle_dirty_metadata(handle, NULL, inode_bitmap_bh);
++ if (err)
++ goto fail;
++
+ /* We may have to initialize the block bitmap if it isn't already */
+ if (EXT4_HAS_RO_COMPAT_FEATURE(sb, EXT4_FEATURE_RO_COMPAT_GDT_CSUM) &&
+ gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) {
+@@ -742,11 +751,6 @@ got:
+ goto fail;
+ }
+
+- BUFFER_TRACE(inode_bitmap_bh, "get_write_access");
+- err = ext4_journal_get_write_access(handle, inode_bitmap_bh);
+- if (err)
+- goto fail;
+-
+ BUFFER_TRACE(group_desc_bh, "get_write_access");
+ err = ext4_journal_get_write_access(handle, group_desc_bh);
+ if (err)
+@@ -789,11 +793,6 @@ got:
+ ext4_unlock_group(sb, group);
+ }
+
+- BUFFER_TRACE(inode_bitmap_bh, "call ext4_handle_dirty_metadata");
+- err = ext4_handle_dirty_metadata(handle, NULL, inode_bitmap_bh);
+- if (err)
+- goto fail;
+-
+ BUFFER_TRACE(group_desc_bh, "call ext4_handle_dirty_metadata");
+ err = ext4_handle_dirty_metadata(handle, NULL, group_desc_bh);
+ if (err)
--- /dev/null
+From 238ab78469c6ab7845b43d5061cd3c92331b2452 Mon Sep 17 00:00:00 2001
+From: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
+Date: Mon, 27 Aug 2012 20:56:52 -0300
+Subject: floppy: do put_disk on current dr if blk_init_queue fails
+
+From: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
+
+commit 238ab78469c6ab7845b43d5061cd3c92331b2452 upstream.
+
+If blk_init_queue fails, we do not call put_disk on the current dr
+(dr is decremented first in the error handling loop).
+
+Reviewed-by: Ben Hutchings <ben@decadent.org.uk>
+Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/block/floppy.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/block/floppy.c
++++ b/drivers/block/floppy.c
+@@ -4161,6 +4161,7 @@ static int __init floppy_init(void)
+
+ disks[dr]->queue = blk_init_queue(do_fd_request, &floppy_lock);
+ if (!disks[dr]->queue) {
++ put_disk(disks[dr]);
+ err = -ENOMEM;
+ goto out_put_disk;
+ }
--- /dev/null
+From d79550a7bc35c16476ebdc27c78378d8093390ec Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Thu, 11 Oct 2012 09:56:35 +0300
+Subject: gpio-timberdale: fix a potential wrapping issue
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit d79550a7bc35c16476ebdc27c78378d8093390ec upstream.
+
+->last_ier is an unsigned long but the high bits can't be used int the
+original code because the shift wraps.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpio/gpio-timberdale.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/gpio/gpio-timberdale.c
++++ b/drivers/gpio/gpio-timberdale.c
+@@ -116,7 +116,7 @@ static void timbgpio_irq_disable(struct
+ unsigned long flags;
+
+ spin_lock_irqsave(&tgpio->lock, flags);
+- tgpio->last_ier &= ~(1 << offset);
++ tgpio->last_ier &= ~(1UL << offset);
+ iowrite32(tgpio->last_ier, tgpio->membase + TGPIO_IER);
+ spin_unlock_irqrestore(&tgpio->lock, flags);
+ }
+@@ -128,7 +128,7 @@ static void timbgpio_irq_enable(struct i
+ unsigned long flags;
+
+ spin_lock_irqsave(&tgpio->lock, flags);
+- tgpio->last_ier |= 1 << offset;
++ tgpio->last_ier |= 1UL << offset;
+ iowrite32(tgpio->last_ier, tgpio->membase + TGPIO_IER);
+ spin_unlock_irqrestore(&tgpio->lock, flags);
+ }
--- /dev/null
+From ad2fab36d7922401c4576fb7ea9b21a47a29a17f Mon Sep 17 00:00:00 2001
+From: Mathias Nyman <mathias.nyman@linux.intel.com>
+Date: Thu, 25 Oct 2012 14:03:03 +0300
+Subject: gpiolib: Don't return -EPROBE_DEFER to sysfs, or for invalid gpios
+
+From: Mathias Nyman <mathias.nyman@linux.intel.com>
+
+commit ad2fab36d7922401c4576fb7ea9b21a47a29a17f upstream.
+
+gpios requested with invalid numbers, or gpios requested from userspace via sysfs
+should not try to be deferred on failure.
+
+Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpio/gpiolib.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+--- a/drivers/gpio/gpiolib.c
++++ b/drivers/gpio/gpiolib.c
+@@ -623,9 +623,11 @@ static ssize_t export_store(struct class
+ */
+
+ status = gpio_request(gpio, "sysfs");
+- if (status < 0)
++ if (status < 0) {
++ if (status == -EPROBE_DEFER)
++ status = -ENODEV;
+ goto done;
+-
++ }
+ status = gpio_export(gpio, true);
+ if (status < 0)
+ gpio_free(gpio);
+@@ -1191,8 +1193,10 @@ int gpio_request(unsigned gpio, const ch
+
+ spin_lock_irqsave(&gpio_lock, flags);
+
+- if (!gpio_is_valid(gpio))
++ if (!gpio_is_valid(gpio)) {
++ status = -EINVAL;
+ goto done;
++ }
+ desc = &gpio_desc[gpio];
+ chip = desc->chip;
+ if (chip == NULL)
--- /dev/null
+From d63b77f4c552cc3a20506871046ab0fcbc332609 Mon Sep 17 00:00:00 2001
+From: Sage Weil <sage@inktank.com>
+Date: Mon, 24 Sep 2012 20:59:48 -0700
+Subject: libceph: check for invalid mapping
+
+From: Sage Weil <sage@inktank.com>
+
+commit d63b77f4c552cc3a20506871046ab0fcbc332609 upstream.
+
+If we encounter an invalid (e.g., zeroed) mapping, return an error
+and avoid a divide by zero.
+
+Signed-off-by: Sage Weil <sage@inktank.com>
+Reviewed-by: Alex Elder <elder@inktank.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/ceph/osd_client.h | 2 +-
+ include/linux/ceph/osdmap.h | 6 +++---
+ net/ceph/osd_client.c | 32 ++++++++++++++++++++------------
+ net/ceph/osdmap.c | 18 ++++++++++++++++--
+ 4 files changed, 40 insertions(+), 18 deletions(-)
+
+--- a/include/linux/ceph/osd_client.h
++++ b/include/linux/ceph/osd_client.h
+@@ -208,7 +208,7 @@ extern void ceph_osdc_handle_reply(struc
+ extern void ceph_osdc_handle_map(struct ceph_osd_client *osdc,
+ struct ceph_msg *msg);
+
+-extern void ceph_calc_raw_layout(struct ceph_osd_client *osdc,
++extern int ceph_calc_raw_layout(struct ceph_osd_client *osdc,
+ struct ceph_file_layout *layout,
+ u64 snapid,
+ u64 off, u64 *plen, u64 *bno,
+--- a/include/linux/ceph/osdmap.h
++++ b/include/linux/ceph/osdmap.h
+@@ -111,9 +111,9 @@ extern struct ceph_osdmap *osdmap_apply_
+ extern void ceph_osdmap_destroy(struct ceph_osdmap *map);
+
+ /* calculate mapping of a file extent to an object */
+-extern void ceph_calc_file_object_mapping(struct ceph_file_layout *layout,
+- u64 off, u64 *plen,
+- u64 *bno, u64 *oxoff, u64 *oxlen);
++extern int ceph_calc_file_object_mapping(struct ceph_file_layout *layout,
++ u64 off, u64 *plen,
++ u64 *bno, u64 *oxoff, u64 *oxlen);
+
+ /* calculate mapping of object to a placement group */
+ extern int ceph_calc_object_layout(struct ceph_object_layout *ol,
+--- a/net/ceph/osd_client.c
++++ b/net/ceph/osd_client.c
+@@ -52,7 +52,7 @@ static int op_has_extent(int op)
+ op == CEPH_OSD_OP_WRITE);
+ }
+
+-void ceph_calc_raw_layout(struct ceph_osd_client *osdc,
++int ceph_calc_raw_layout(struct ceph_osd_client *osdc,
+ struct ceph_file_layout *layout,
+ u64 snapid,
+ u64 off, u64 *plen, u64 *bno,
+@@ -62,12 +62,15 @@ void ceph_calc_raw_layout(struct ceph_os
+ struct ceph_osd_request_head *reqhead = req->r_request->front.iov_base;
+ u64 orig_len = *plen;
+ u64 objoff, objlen; /* extent in object */
++ int r;
+
+ reqhead->snapid = cpu_to_le64(snapid);
+
+ /* object extent? */
+- ceph_calc_file_object_mapping(layout, off, plen, bno,
+- &objoff, &objlen);
++ r = ceph_calc_file_object_mapping(layout, off, plen, bno,
++ &objoff, &objlen);
++ if (r < 0)
++ return r;
+ if (*plen < orig_len)
+ dout(" skipping last %llu, final file extent %llu~%llu\n",
+ orig_len - *plen, off, *plen);
+@@ -83,7 +86,7 @@ void ceph_calc_raw_layout(struct ceph_os
+
+ dout("calc_layout bno=%llx %llu~%llu (%d pages)\n",
+ *bno, objoff, objlen, req->r_num_pages);
+-
++ return 0;
+ }
+ EXPORT_SYMBOL(ceph_calc_raw_layout);
+
+@@ -112,20 +115,25 @@ EXPORT_SYMBOL(ceph_calc_raw_layout);
+ *
+ * fill osd op in request message.
+ */
+-static void calc_layout(struct ceph_osd_client *osdc,
+- struct ceph_vino vino,
+- struct ceph_file_layout *layout,
+- u64 off, u64 *plen,
+- struct ceph_osd_request *req,
+- struct ceph_osd_req_op *op)
++static int calc_layout(struct ceph_osd_client *osdc,
++ struct ceph_vino vino,
++ struct ceph_file_layout *layout,
++ u64 off, u64 *plen,
++ struct ceph_osd_request *req,
++ struct ceph_osd_req_op *op)
+ {
+ u64 bno;
++ int r;
+
+- ceph_calc_raw_layout(osdc, layout, vino.snap, off,
+- plen, &bno, req, op);
++ r = ceph_calc_raw_layout(osdc, layout, vino.snap, off,
++ plen, &bno, req, op);
++ if (r < 0)
++ return r;
+
+ snprintf(req->r_oid, sizeof(req->r_oid), "%llx.%08llx", vino.ino, bno);
+ req->r_oid_len = strlen(req->r_oid);
++
++ return r;
+ }
+
+ /*
+--- a/net/ceph/osdmap.c
++++ b/net/ceph/osdmap.c
+@@ -940,7 +940,7 @@ bad:
+ * for now, we write only a single su, until we can
+ * pass a stride back to the caller.
+ */
+-void ceph_calc_file_object_mapping(struct ceph_file_layout *layout,
++int ceph_calc_file_object_mapping(struct ceph_file_layout *layout,
+ u64 off, u64 *plen,
+ u64 *ono,
+ u64 *oxoff, u64 *oxlen)
+@@ -954,11 +954,17 @@ void ceph_calc_file_object_mapping(struc
+
+ dout("mapping %llu~%llu osize %u fl_su %u\n", off, *plen,
+ osize, su);
++ if (su == 0 || sc == 0)
++ goto invalid;
+ su_per_object = osize / su;
++ if (su_per_object == 0)
++ goto invalid;
+ dout("osize %u / su %u = su_per_object %u\n", osize, su,
+ su_per_object);
+
+- BUG_ON((su & ~PAGE_MASK) != 0);
++ if ((su & ~PAGE_MASK) != 0)
++ goto invalid;
++
+ /* bl = *off / su; */
+ t = off;
+ do_div(t, su);
+@@ -986,6 +992,14 @@ void ceph_calc_file_object_mapping(struc
+ *plen = *oxlen;
+
+ dout(" obj extent %llu~%llu\n", *oxoff, *oxlen);
++ return 0;
++
++invalid:
++ dout(" invalid layout\n");
++ *ono = 0;
++ *oxoff = 0;
++ *oxlen = 0;
++ return -EINVAL;
+ }
+ EXPORT_SYMBOL(ceph_calc_file_object_mapping);
+
--- /dev/null
+From 02b898f2f04e418094f0093a3ad0b415bcdbe8eb Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Wed, 31 Oct 2012 11:42:03 +1100
+Subject: md/raid1: Fix assembling of arrays containing Replacements.
+
+From: NeilBrown <neilb@suse.de>
+
+commit 02b898f2f04e418094f0093a3ad0b415bcdbe8eb upstream.
+
+setup_conf in raid1.c uses conf->raid_disks before assigning
+a value. It is used when including 'Replacement' devices.
+
+The consequence is that assembling an array which contains a
+replacement will misbehave and either not include the replacement, or
+not include the device being replaced.
+
+Though this doesn't lead directly to data corruption, it could lead to
+reduced data safety.
+
+So use mddev->raid_disks, which is initialised, instead.
+
+Bug was introduced by commit c19d57980b38a5bb613a898937a1cf85f422fb9b
+ md/raid1: recognise replacements when assembling arrays.
+
+in 3.3, so fix is suitable for 3.3.y thru 3.6.y.
+
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/md/raid1.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/md/raid1.c
++++ b/drivers/md/raid1.c
+@@ -2564,7 +2564,7 @@ static struct r1conf *setup_conf(struct
+ || disk_idx < 0)
+ continue;
+ if (test_bit(Replacement, &rdev->flags))
+- disk = conf->mirrors + conf->raid_disks + disk_idx;
++ disk = conf->mirrors + mddev->raid_disks + disk_idx;
+ else
+ disk = conf->mirrors + disk_idx;
+
--- /dev/null
+ext4-fix-unjournaled-inode-bitmap-modification.patch
+gpio-timberdale-fix-a-potential-wrapping-issue.patch
+gpiolib-don-t-return-eprobe_defer-to-sysfs-or-for-invalid-gpios.patch
+md-raid1-fix-assembling-of-arrays-containing-replacements.patch
+floppy-do-put_disk-on-current-dr-if-blk_init_queue-fails.patch
+b43-fix-oops-on-unload-when-firmware-not-found.patch
+ceph-fix-oops-when-handling-mdsmap-that-decreases-max_mds.patch
+libceph-check-for-invalid-mapping.patch
+ceph-avoid-32-bit-page-index-overflow.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
