From: Greg Kroah-Hartman Date: Fri, 14 Aug 2015 02:24:52 +0000 (-0700) Subject: 4.1-stable patches X-Git-Tag: v3.10.87~18 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=08c4b95e886bf1d40bab8a8db7178cd285c57d94;p=thirdparty%2Fkernel%2Fstable-queue.git 4.1-stable patches added patches: alsa-fireworks-firewire-lib-add-support-for-recent-firmware-quirk.patch alsa-hda-fix-cs4210_spdif_automute.patch alsa-hda-one-dell-machine-needs-the-headphone-white-noise-fixup.patch dm-fix-dm_merge_bvec-regression-on-32-bit-systems.patch hwmon-dell-smm-blacklist-dell-studio-xps-8100.patch hwmon-nct7904-export-i2c-module-alias-information.patch input-alps-only-dell-laptops-have-separate-button-bits-for-v2-dualpoint-sticks.patch ipc-modify-message-queue-accounting-to-not-take-kernel-data-structures-into-account.patch md-raid1-extend-spinlock-to-protect-raid1_end_read_request-against-inconsistencies.patch mtd-nand-fix-nand_use_bounce_buffer-flag-conflict.patch nfsd-drop-bug_on-and-ignore-seclabel-on-absent-filesystem.patch ocfs2-fix-bug-in-ocfs2_downconvert_thread_do_work.patch ocfs2-fix-shift-left-overflow.patch pci-restore-pci_msix_flags_birmask-definition.patch staging-lustre-include-unaligned.h-instead-of-access_ok.h.patch staging-vt6655-vnt_bss_info_changed-check-conf-beacon_rate-is-not-null.patch thermal-exynos-disable-the-regulator-on-probe-failure.patch usb-gadget-f_uac2-fix-calculation-of-uac2-p_interval.patch usb-qcserial-add-support-for-dell-wireless-5809e-4g-modem.patch usb-qcserial-option-make-at-urcs-work-for-sierra-wireless-mc7305-mc7355.patch --- diff --git a/queue-4.1/alsa-fireworks-firewire-lib-add-support-for-recent-firmware-quirk.patch b/queue-4.1/alsa-fireworks-firewire-lib-add-support-for-recent-firmware-quirk.patch new file mode 100644 index 00000000000..7f83e540c4d --- /dev/null +++ b/queue-4.1/alsa-fireworks-firewire-lib-add-support-for-recent-firmware-quirk.patch @@ -0,0 +1,134 @@ +From 18f5ed365d3f188a91149d528c853000330a4a58 Mon Sep 17 00:00:00 2001 +From: Takashi Sakamoto +Date: Wed, 5 Aug 2015 09:21:05 +0900 +Subject: ALSA: fireworks/firewire-lib: add support for recent firmware quirk + +From: Takashi Sakamoto + +commit 18f5ed365d3f188a91149d528c853000330a4a58 upstream. + +Fireworks uses TSB43CB43(IceLynx-Micro) as its IEC 61883-1/6 interface. +This chip includes ARM7 core, and loads and runs program. The firmware +is stored in on-board memory and loaded every powering-on from it. + +Echo Audio ships several versions of firmwares for each model. These +firmwares have each quirk and the quirk changes a sequence of packets. + +As long as I investigated, AudioFire2/AudioFire4/AudioFirePre8 have a +quirk to transfer a first packet with 0x02 in its dbc field. This causes +ALSA Fireworks driver to detect discontinuity. In this case, firmware +version 5.7.0, 5.7.3 and 5.8.0 are used. + +Payload CIP CIP +quadlets header1 header2 +02 00050002 90ffffff <- +42 0005000a 90013000 +42 00050012 90014400 +42 0005001a 90015800 +02 0005001a 90ffffff +42 00050022 90019000 +42 0005002a 9001a400 +42 00050032 9001b800 +02 00050032 90ffffff +42 0005003a 9001d000 +42 00050042 9001e400 +42 0005004a 9001f800 +02 0005004a 90ffffff +(AudioFire2 with firmware version 5.7.) + +$ dmesg +snd-fireworks fw1.0: Detect discontinuity of CIP: 00 02 + +These models, AudioFire8 (since Jul 2009 ) and Gibson Robot Interface +Pack series uses the same ARM binary as their firmware. Thus, this +quirk may be observed among them. + +This commit adds a new member for AMDTP structure. This member represents +the value of dbc field in a first AMDTP packet. Drivers can set it with +a preferred value according to model's quirk. + +Tested-by: Johannes Oertei +Signed-off-by: Takashi Sakamoto +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/firewire/amdtp.c | 5 +++-- + sound/firewire/amdtp.h | 2 ++ + sound/firewire/fireworks/fireworks.c | 8 ++++++++ + sound/firewire/fireworks/fireworks.h | 1 + + sound/firewire/fireworks/fireworks_stream.c | 9 +++++++++ + 5 files changed, 23 insertions(+), 2 deletions(-) + +--- a/sound/firewire/amdtp.c ++++ b/sound/firewire/amdtp.c +@@ -730,8 +730,9 @@ static void handle_in_packet(struct amdt + s->data_block_counter != UINT_MAX) + data_block_counter = s->data_block_counter; + +- if (((s->flags & CIP_SKIP_DBC_ZERO_CHECK) && data_block_counter == 0) || +- (s->data_block_counter == UINT_MAX)) { ++ if (((s->flags & CIP_SKIP_DBC_ZERO_CHECK) && ++ data_block_counter == s->tx_first_dbc) || ++ s->data_block_counter == UINT_MAX) { + lost = false; + } else if (!(s->flags & CIP_DBC_IS_END_EVENT)) { + lost = data_block_counter != s->data_block_counter; +--- a/sound/firewire/amdtp.h ++++ b/sound/firewire/amdtp.h +@@ -153,6 +153,8 @@ struct amdtp_stream { + + /* quirk: fixed interval of dbc between previos/current packets. */ + unsigned int tx_dbc_interval; ++ /* quirk: indicate the value of dbc field in a first packet. */ ++ unsigned int tx_first_dbc; + + bool callbacked; + wait_queue_head_t callback_wait; +--- a/sound/firewire/fireworks/fireworks.c ++++ b/sound/firewire/fireworks/fireworks.c +@@ -248,8 +248,16 @@ efw_probe(struct fw_unit *unit, + err = get_hardware_info(efw); + if (err < 0) + goto error; ++ /* AudioFire8 (since 2009) and AudioFirePre8 */ + if (entry->model_id == MODEL_ECHO_AUDIOFIRE_9) + efw->is_af9 = true; ++ /* These models uses the same firmware. */ ++ if (entry->model_id == MODEL_ECHO_AUDIOFIRE_2 || ++ entry->model_id == MODEL_ECHO_AUDIOFIRE_4 || ++ entry->model_id == MODEL_ECHO_AUDIOFIRE_9 || ++ entry->model_id == MODEL_GIBSON_RIP || ++ entry->model_id == MODEL_GIBSON_GOLDTOP) ++ efw->is_fireworks3 = true; + + snd_efw_proc_init(efw); + +--- a/sound/firewire/fireworks/fireworks.h ++++ b/sound/firewire/fireworks/fireworks.h +@@ -71,6 +71,7 @@ struct snd_efw { + + /* for quirks */ + bool is_af9; ++ bool is_fireworks3; + u32 firmware_version; + + unsigned int midi_in_ports; +--- a/sound/firewire/fireworks/fireworks_stream.c ++++ b/sound/firewire/fireworks/fireworks_stream.c +@@ -172,6 +172,15 @@ int snd_efw_stream_init_duplex(struct sn + efw->tx_stream.flags |= CIP_DBC_IS_END_EVENT; + /* Fireworks reset dbc at bus reset. */ + efw->tx_stream.flags |= CIP_SKIP_DBC_ZERO_CHECK; ++ /* ++ * But Recent firmwares starts packets with non-zero dbc. ++ * Driver version 5.7.6 installs firmware version 5.7.3. ++ */ ++ if (efw->is_fireworks3 && ++ (efw->firmware_version == 0x5070000 || ++ efw->firmware_version == 0x5070300 || ++ efw->firmware_version == 0x5080000)) ++ efw->tx_stream.tx_first_dbc = 0x02; + /* AudioFire9 always reports wrong dbs. */ + if (efw->is_af9) + efw->tx_stream.flags |= CIP_WRONG_DBS; diff --git a/queue-4.1/alsa-hda-fix-cs4210_spdif_automute.patch b/queue-4.1/alsa-hda-fix-cs4210_spdif_automute.patch new file mode 100644 index 00000000000..b1f8a0e55e8 --- /dev/null +++ b/queue-4.1/alsa-hda-fix-cs4210_spdif_automute.patch @@ -0,0 +1,35 @@ +From 44008f0896ae205b02b0882dbf807f0de149efc4 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Sat, 25 Jul 2015 03:03:38 +0300 +Subject: ALSA: hda - fix cs4210_spdif_automute() + +From: Dan Carpenter + +commit 44008f0896ae205b02b0882dbf807f0de149efc4 upstream. + +Smatch complains that we have nested checks for "spdif_present". It +turns out the current behavior isn't correct, we should remove the first +check and keep the second. + +Fixes: 1077a024812d ('ALSA: hda - Use generic parser for Cirrus codec driver') +Signed-off-by: Dan Carpenter +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_cirrus.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/sound/pci/hda/patch_cirrus.c ++++ b/sound/pci/hda/patch_cirrus.c +@@ -1001,9 +1001,7 @@ static void cs4210_spdif_automute(struct + + spec->spdif_present = spdif_present; + /* SPDIF TX on/off */ +- if (spdif_present) +- snd_hda_set_pin_ctl(codec, spdif_pin, +- spdif_present ? PIN_OUT : 0); ++ snd_hda_set_pin_ctl(codec, spdif_pin, spdif_present ? PIN_OUT : 0); + + cs_automute(codec); + } diff --git a/queue-4.1/alsa-hda-one-dell-machine-needs-the-headphone-white-noise-fixup.patch b/queue-4.1/alsa-hda-one-dell-machine-needs-the-headphone-white-noise-fixup.patch new file mode 100644 index 00000000000..673b084433b --- /dev/null +++ b/queue-4.1/alsa-hda-one-dell-machine-needs-the-headphone-white-noise-fixup.patch @@ -0,0 +1,30 @@ +From 73851b36fe73819f8c201971e913324d4846a7ea Mon Sep 17 00:00:00 2001 +From: Hui Wang +Date: Wed, 5 Aug 2015 18:03:34 +0800 +Subject: ALSA: hda - one Dell machine needs the headphone white noise fixup + +From: Hui Wang + +commit 73851b36fe73819f8c201971e913324d4846a7ea upstream. + +The fixup ALC292_FIXUP_DISABLE_AAMIX can fix the white noise of +the headphone on this Dell machine. + +Signed-off-by: Hui Wang +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -5118,6 +5118,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x1028, 0x06c7, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1028, 0x06d9, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1028, 0x06da, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE), ++ SND_PCI_QUIRK(0x1028, 0x06de, "Dell", ALC292_FIXUP_DISABLE_AAMIX), + SND_PCI_QUIRK(0x1028, 0x164a, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1028, 0x164b, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x103c, 0x1586, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC2), diff --git a/queue-4.1/dm-fix-dm_merge_bvec-regression-on-32-bit-systems.patch b/queue-4.1/dm-fix-dm_merge_bvec-regression-on-32-bit-systems.patch new file mode 100644 index 00000000000..1cdbfc9ee18 --- /dev/null +++ b/queue-4.1/dm-fix-dm_merge_bvec-regression-on-32-bit-systems.patch @@ -0,0 +1,84 @@ +From bd4aaf8f9b85d6b2df3231fd62b219ebb75d3568 Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Mon, 3 Aug 2015 09:54:58 -0400 +Subject: dm: fix dm_merge_bvec regression on 32 bit systems + +From: Mike Snitzer + +commit bd4aaf8f9b85d6b2df3231fd62b219ebb75d3568 upstream. + +A DM regression on 32 bit systems was reported against v4.2-rc3 here: +https://lkml.org/lkml/2015/7/29/401 + +Fix this by reverting both commit 1c220c69 ("dm: fix casting bug in +dm_merge_bvec()") and 148e51ba ("dm: improve documentation and code +clarity in dm_merge_bvec"). This combined revert is done to eliminate +the possibility of a partial revert in stable@ kernels. + +In hindsight the correct fix, at the time 1c220c69 was applied to fix +the regression that 148e51ba introduced, should've been to simply revert +148e51ba. + +Reported-by: Josh Boyer +Tested-by: Adam Williamson +Acked-by: Joe Thornber +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm.c | 27 ++++++++++----------------- + 1 file changed, 10 insertions(+), 17 deletions(-) + +--- a/drivers/md/dm.c ++++ b/drivers/md/dm.c +@@ -1719,7 +1719,8 @@ static int dm_merge_bvec(struct request_ + struct mapped_device *md = q->queuedata; + struct dm_table *map = dm_get_live_table_fast(md); + struct dm_target *ti; +- sector_t max_sectors, max_size = 0; ++ sector_t max_sectors; ++ int max_size = 0; + + if (unlikely(!map)) + goto out; +@@ -1732,18 +1733,10 @@ static int dm_merge_bvec(struct request_ + * Find maximum amount of I/O that won't need splitting + */ + max_sectors = min(max_io_len(bvm->bi_sector, ti), +- (sector_t) queue_max_sectors(q)); ++ (sector_t) BIO_MAX_SECTORS); + max_size = (max_sectors << SECTOR_SHIFT) - bvm->bi_size; +- +- /* +- * FIXME: this stop-gap fix _must_ be cleaned up (by passing a sector_t +- * to the targets' merge function since it holds sectors not bytes). +- * Just doing this as an interim fix for stable@ because the more +- * comprehensive cleanup of switching to sector_t will impact every +- * DM target that implements a ->merge hook. +- */ +- if (max_size > INT_MAX) +- max_size = INT_MAX; ++ if (max_size < 0) ++ max_size = 0; + + /* + * merge_bvec_fn() returns number of bytes +@@ -1751,13 +1744,13 @@ static int dm_merge_bvec(struct request_ + * max is precomputed maximal io size + */ + if (max_size && ti->type->merge) +- max_size = ti->type->merge(ti, bvm, biovec, (int) max_size); ++ max_size = ti->type->merge(ti, bvm, biovec, max_size); + /* + * If the target doesn't support merge method and some of the devices +- * provided their merge_bvec method (we know this by looking for the +- * max_hw_sectors that dm_set_device_limits may set), then we can't +- * allow bios with multiple vector entries. So always set max_size +- * to 0, and the code below allows just one page. ++ * provided their merge_bvec method (we know this by looking at ++ * queue_max_hw_sectors), then we can't allow bios with multiple vector ++ * entries. So always set max_size to 0, and the code below allows ++ * just one page. + */ + else if (queue_max_hw_sectors(q) <= PAGE_SIZE >> 9) + max_size = 0; diff --git a/queue-4.1/hwmon-dell-smm-blacklist-dell-studio-xps-8100.patch b/queue-4.1/hwmon-dell-smm-blacklist-dell-studio-xps-8100.patch new file mode 100644 index 00000000000..75975b0275d --- /dev/null +++ b/queue-4.1/hwmon-dell-smm-blacklist-dell-studio-xps-8100.patch @@ -0,0 +1,61 @@ +From a4b45b25f18d1e798965efec429ba5fc01b9f0b6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pali=20Roh=C3=A1r?= +Date: Thu, 30 Jul 2015 20:41:57 +0200 +Subject: hwmon: (dell-smm) Blacklist Dell Studio XPS 8100 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: =?UTF-8?q?Pali=20Roh=C3=A1r?= + +commit a4b45b25f18d1e798965efec429ba5fc01b9f0b6 upstream. + +CPU fan speed going up and down on Dell Studio XPS 8100 for +unknown reasons. Without further debugging on the affected +machine, it is not possible to find the problem. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=100121 +Signed-off-by: Pali Rohár +Tested-by: Jan C Peters +[groeck: cleaned up description, comments] +Signed-off-by: Guenter Roeck +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/i8k.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +--- a/drivers/char/i8k.c ++++ b/drivers/char/i8k.c +@@ -900,6 +900,21 @@ static struct dmi_system_id i8k_dmi_tabl + + MODULE_DEVICE_TABLE(dmi, i8k_dmi_table); + ++static struct dmi_system_id i8k_blacklist_dmi_table[] __initdata = { ++ { ++ /* ++ * CPU fan speed going up and down on Dell Studio XPS 8100 ++ * for unknown reasons. ++ */ ++ .ident = "Dell Studio XPS 8100", ++ .matches = { ++ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Dell Inc."), ++ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "Studio XPS 8100"), ++ }, ++ }, ++ { } ++}; ++ + /* + * Probe for the presence of a supported laptop. + */ +@@ -911,7 +926,8 @@ static int __init i8k_probe(void) + /* + * Get DMI information + */ +- if (!dmi_check_system(i8k_dmi_table)) { ++ if (!dmi_check_system(i8k_dmi_table) || ++ dmi_check_system(i8k_blacklist_dmi_table)) { + if (!ignore_dmi && !force) + return -ENODEV; + diff --git a/queue-4.1/hwmon-nct7904-export-i2c-module-alias-information.patch b/queue-4.1/hwmon-nct7904-export-i2c-module-alias-information.patch new file mode 100644 index 00000000000..63ac8604e93 --- /dev/null +++ b/queue-4.1/hwmon-nct7904-export-i2c-module-alias-information.patch @@ -0,0 +1,33 @@ +From 1252be9ce0ab4f622b8692b648894d09c0df71ce Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 30 Jul 2015 18:18:39 +0200 +Subject: hwmon: (nct7904) Export I2C module alias information + +From: Javier Martinez Canillas + +commit 1252be9ce0ab4f622b8692b648894d09c0df71ce upstream. + +The I2C core always reports the MODALIAS uevent as "i2c: +Signed-off-by: Guenter Roeck +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/hwmon/nct7904.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/hwmon/nct7904.c ++++ b/drivers/hwmon/nct7904.c +@@ -575,6 +575,7 @@ static const struct i2c_device_id nct790 + {"nct7904", 0}, + {} + }; ++MODULE_DEVICE_TABLE(i2c, nct7904_id); + + static struct i2c_driver nct7904_driver = { + .class = I2C_CLASS_HWMON, diff --git a/queue-4.1/input-alps-only-dell-laptops-have-separate-button-bits-for-v2-dualpoint-sticks.patch b/queue-4.1/input-alps-only-dell-laptops-have-separate-button-bits-for-v2-dualpoint-sticks.patch new file mode 100644 index 00000000000..7a60ee20cb1 --- /dev/null +++ b/queue-4.1/input-alps-only-dell-laptops-have-separate-button-bits-for-v2-dualpoint-sticks.patch @@ -0,0 +1,84 @@ +From 073e570d7c2caae9910a993d56f340be4548a4a8 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Mon, 3 Aug 2015 14:06:24 -0700 +Subject: Input: alps - only Dell laptops have separate button bits for v2 dualpoint sticks + +From: Hans de Goede + +commit 073e570d7c2caae9910a993d56f340be4548a4a8 upstream. + +It turns out that only Dell laptops have the separate button bits for +v2 dualpoint sticks and that commit 92bac83dd79e ("Input: alps - non +interleaved V2 dualpoint has separate stick button bits") causes +regressions on Toshiba laptops. + +This commit adds a check for Dell laptops to the code for handling these +extra button bits, fixing this regression. + +This patch has been tested on a Dell Latitude D620 to make sure that it +does not reintroduce the original problem. + +Reported-and-tested-by: Douglas Christman +Signed-off-by: Hans de Goede +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + Documentation/input/alps.txt | 6 ++++-- + drivers/input/mouse/alps.c | 8 ++++++-- + 2 files changed, 10 insertions(+), 4 deletions(-) + +--- a/Documentation/input/alps.txt ++++ b/Documentation/input/alps.txt +@@ -119,8 +119,10 @@ ALPS Absolute Mode - Protocol Version 2 + byte 5: 0 z6 z5 z4 z3 z2 z1 z0 + + Protocol Version 2 DualPoint devices send standard PS/2 mouse packets for +-the DualPoint Stick. For non interleaved dualpoint devices the pointingstick +-buttons get reported separately in the PSM, PSR and PSL bits. ++the DualPoint Stick. The M, R and L bits signal the combined status of both ++the pointingstick and touchpad buttons, except for Dell dualpoint devices ++where the pointingstick buttons get reported separately in the PSM, PSR ++and PSL bits. + + Dualpoint device -- interleaved packet format + --------------------------------------------- +--- a/drivers/input/mouse/alps.c ++++ b/drivers/input/mouse/alps.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + + #include "psmouse.h" + #include "alps.h" +@@ -99,6 +100,7 @@ static const struct alps_nibble_commands + #define ALPS_FOUR_BUTTONS 0x40 /* 4 direction button present */ + #define ALPS_PS2_INTERLEAVED 0x80 /* 3-byte PS/2 packet interleaved with + 6-byte ALPS packet */ ++#define ALPS_DELL 0x100 /* device is a Dell laptop */ + #define ALPS_BUTTONPAD 0x200 /* device is a clickpad */ + + static const struct alps_model_info alps_model_data[] = { +@@ -251,9 +253,9 @@ static void alps_process_packet_v1_v2(st + return; + } + +- /* Non interleaved V2 dualpoint has separate stick button bits */ ++ /* Dell non interleaved V2 dualpoint has separate stick button bits */ + if (priv->proto_version == ALPS_PROTO_V2 && +- priv->flags == (ALPS_PASS | ALPS_DUALPOINT)) { ++ priv->flags == (ALPS_DELL | ALPS_PASS | ALPS_DUALPOINT)) { + left |= packet[0] & 1; + right |= packet[0] & 2; + middle |= packet[0] & 4; +@@ -2542,6 +2544,8 @@ static int alps_set_protocol(struct psmo + priv->byte0 = protocol->byte0; + priv->mask0 = protocol->mask0; + priv->flags = protocol->flags; ++ if (dmi_name_in_vendors("Dell")) ++ priv->flags |= ALPS_DELL; + + priv->x_max = 2000; + priv->y_max = 1400; diff --git a/queue-4.1/ipc-modify-message-queue-accounting-to-not-take-kernel-data-structures-into-account.patch b/queue-4.1/ipc-modify-message-queue-accounting-to-not-take-kernel-data-structures-into-account.patch new file mode 100644 index 00000000000..5871c4af14f --- /dev/null +++ b/queue-4.1/ipc-modify-message-queue-accounting-to-not-take-kernel-data-structures-into-account.patch @@ -0,0 +1,110 @@ +From de54b9ac253787c366bbfb28d901a31954eb3511 Mon Sep 17 00:00:00 2001 +From: Marcus Gelderie +Date: Thu, 6 Aug 2015 15:46:10 -0700 +Subject: ipc: modify message queue accounting to not take kernel data structures into account + +From: Marcus Gelderie + +commit de54b9ac253787c366bbfb28d901a31954eb3511 upstream. + +A while back, the message queue implementation in the kernel was +improved to use btrees to speed up retrieval of messages, in commit +d6629859b36d ("ipc/mqueue: improve performance of send/recv"). + +That patch introducing the improved kernel handling of message queues +(using btrees) has, as a by-product, changed the meaning of the QSIZE +field in the pseudo-file created for the queue. Before, this field +reflected the size of the user-data in the queue. Since, it also takes +kernel data structures into account. For example, if 13 bytes of user +data are in the queue, on my machine the file reports a size of 61 +bytes. + +There was some discussion on this topic before (for example +https://lkml.org/lkml/2014/10/1/115). Commenting on a th lkml, Michael +Kerrisk gave the following background +(https://lkml.org/lkml/2015/6/16/74): + + The pseudofiles in the mqueue filesystem (usually mounted at + /dev/mqueue) expose fields with metadata describing a message + queue. One of these fields, QSIZE, as originally implemented, + showed the total number of bytes of user data in all messages in + the message queue, and this feature was documented from the + beginning in the mq_overview(7) page. In 3.5, some other (useful) + work happened to break the user-space API in a couple of places, + including the value exposed via QSIZE, which now includes a measure + of kernel overhead bytes for the queue, a figure that renders QSIZE + useless for its original purpose, since there's no way to deduce + the number of overhead bytes consumed by the implementation. + (The other user-space breakage was subsequently fixed.) + +This patch removes the accounting of kernel data structures in the +queue. Reporting the size of these data-structures in the QSIZE field +was a breaking change (see Michael's comment above). Without the QSIZE +field reporting the total size of user-data in the queue, there is no +way to deduce this number. + +It should be noted that the resource limit RLIMIT_MSGQUEUE is counted +against the worst-case size of the queue (in both the old and the new +implementation). Therefore, the kernel overhead accounting in QSIZE is +not necessary to help the user understand the limitations RLIMIT imposes +on the processes. + +Signed-off-by: Marcus Gelderie +Acked-by: Doug Ledford +Acked-by: Michael Kerrisk +Acked-by: Davidlohr Bueso +Cc: David Howells +Cc: Alexander Viro +Cc: John Duffy +Cc: Arto Bendiken +Cc: Manfred Spraul +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + ipc/mqueue.c | 5 ----- + 1 file changed, 5 deletions(-) + +--- a/ipc/mqueue.c ++++ b/ipc/mqueue.c +@@ -143,7 +143,6 @@ static int msg_insert(struct msg_msg *ms + if (!leaf) + return -ENOMEM; + INIT_LIST_HEAD(&leaf->msg_list); +- info->qsize += sizeof(*leaf); + } + leaf->priority = msg->m_type; + rb_link_node(&leaf->rb_node, parent, p); +@@ -188,7 +187,6 @@ try_again: + "lazy leaf delete!\n"); + rb_erase(&leaf->rb_node, &info->msg_tree); + if (info->node_cache) { +- info->qsize -= sizeof(*leaf); + kfree(leaf); + } else { + info->node_cache = leaf; +@@ -201,7 +199,6 @@ try_again: + if (list_empty(&leaf->msg_list)) { + rb_erase(&leaf->rb_node, &info->msg_tree); + if (info->node_cache) { +- info->qsize -= sizeof(*leaf); + kfree(leaf); + } else { + info->node_cache = leaf; +@@ -1026,7 +1023,6 @@ SYSCALL_DEFINE5(mq_timedsend, mqd_t, mqd + /* Save our speculative allocation into the cache */ + INIT_LIST_HEAD(&new_leaf->msg_list); + info->node_cache = new_leaf; +- info->qsize += sizeof(*new_leaf); + new_leaf = NULL; + } else { + kfree(new_leaf); +@@ -1133,7 +1129,6 @@ SYSCALL_DEFINE5(mq_timedreceive, mqd_t, + /* Save our speculative allocation into the cache */ + INIT_LIST_HEAD(&new_leaf->msg_list); + info->node_cache = new_leaf; +- info->qsize += sizeof(*new_leaf); + } else { + kfree(new_leaf); + } diff --git a/queue-4.1/md-raid1-extend-spinlock-to-protect-raid1_end_read_request-against-inconsistencies.patch b/queue-4.1/md-raid1-extend-spinlock-to-protect-raid1_end_read_request-against-inconsistencies.patch new file mode 100644 index 00000000000..f0d84dbefe4 --- /dev/null +++ b/queue-4.1/md-raid1-extend-spinlock-to-protect-raid1_end_read_request-against-inconsistencies.patch @@ -0,0 +1,76 @@ +From 423f04d63cf421ea436bcc5be02543d549ce4b28 Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Mon, 27 Jul 2015 11:48:52 +1000 +Subject: md/raid1: extend spinlock to protect raid1_end_read_request against inconsistencies + +From: NeilBrown + +commit 423f04d63cf421ea436bcc5be02543d549ce4b28 upstream. + +raid1_end_read_request() assumes that the In_sync bits are consistent +with the ->degaded count. +raid1_spare_active updates the In_sync bit before the ->degraded count +and so exposes an inconsistency, as does error() +So extend the spinlock in raid1_spare_active() and error() to hide those +inconsistencies. + +This should probably be part of + Commit: 34cab6f42003 ("md/raid1: fix test for 'was read error from + last working device'.") +as it addresses the same issue. It fixes the same bug and should go +to -stable for same reasons. + +Fixes: 76073054c95b ("md/raid1: clean up read_balance.") +Signed-off-by: NeilBrown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/raid1.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/drivers/md/raid1.c ++++ b/drivers/md/raid1.c +@@ -1475,6 +1475,7 @@ static void error(struct mddev *mddev, s + { + char b[BDEVNAME_SIZE]; + struct r1conf *conf = mddev->private; ++ unsigned long flags; + + /* + * If it is not operational, then we have already marked it as dead +@@ -1494,14 +1495,13 @@ static void error(struct mddev *mddev, s + return; + } + set_bit(Blocked, &rdev->flags); ++ spin_lock_irqsave(&conf->device_lock, flags); + if (test_and_clear_bit(In_sync, &rdev->flags)) { +- unsigned long flags; +- spin_lock_irqsave(&conf->device_lock, flags); + mddev->degraded++; + set_bit(Faulty, &rdev->flags); +- spin_unlock_irqrestore(&conf->device_lock, flags); + } else + set_bit(Faulty, &rdev->flags); ++ spin_unlock_irqrestore(&conf->device_lock, flags); + /* + * if recovery is running, make sure it aborts. + */ +@@ -1567,7 +1567,10 @@ static int raid1_spare_active(struct mdd + * Find all failed disks within the RAID1 configuration + * and mark them readable. + * Called under mddev lock, so rcu protection not needed. ++ * device_lock used to avoid races with raid1_end_read_request ++ * which expects 'In_sync' flags and ->degraded to be consistent. + */ ++ spin_lock_irqsave(&conf->device_lock, flags); + for (i = 0; i < conf->raid_disks; i++) { + struct md_rdev *rdev = conf->mirrors[i].rdev; + struct md_rdev *repl = conf->mirrors[conf->raid_disks + i].rdev; +@@ -1598,7 +1601,6 @@ static int raid1_spare_active(struct mdd + sysfs_notify_dirent_safe(rdev->sysfs_state); + } + } +- spin_lock_irqsave(&conf->device_lock, flags); + mddev->degraded -= count; + spin_unlock_irqrestore(&conf->device_lock, flags); + diff --git a/queue-4.1/mtd-nand-fix-nand_use_bounce_buffer-flag-conflict.patch b/queue-4.1/mtd-nand-fix-nand_use_bounce_buffer-flag-conflict.patch new file mode 100644 index 00000000000..a312a228349 --- /dev/null +++ b/queue-4.1/mtd-nand-fix-nand_use_bounce_buffer-flag-conflict.patch @@ -0,0 +1,49 @@ +From 5f867db63473f32cce1b868e281ebd42a41f8fad Mon Sep 17 00:00:00 2001 +From: Scott Wood +Date: Fri, 26 Jun 2015 19:43:58 -0500 +Subject: mtd: nand: Fix NAND_USE_BOUNCE_BUFFER flag conflict + +From: Scott Wood + +commit 5f867db63473f32cce1b868e281ebd42a41f8fad upstream. + +Commit 66507c7bc8895f0da6b ("mtd: nand: Add support to use nand_base +poi databuf as bounce buffer") added a flag NAND_USE_BOUNCE_BUFFER +using the same bit value as the existing NAND_BUSWIDTH_AUTO. + +Cc: Kamal Dasu +Fixes: 66507c7bc8895f0da6b ("mtd: nand: Add support to use nand_base + poi databuf as bounce buffer") +Signed-off-by: Scott Wood +Signed-off-by: Brian Norris +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/mtd/nand.h | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/include/linux/mtd/nand.h ++++ b/include/linux/mtd/nand.h +@@ -176,17 +176,17 @@ typedef enum { + /* Chip may not exist, so silence any errors in scan */ + #define NAND_SCAN_SILENT_NODEV 0x00040000 + /* +- * This option could be defined by controller drivers to protect against +- * kmap'ed, vmalloc'ed highmem buffers being passed from upper layers +- */ +-#define NAND_USE_BOUNCE_BUFFER 0x00080000 +-/* + * Autodetect nand buswidth with readid/onfi. + * This suppose the driver will configure the hardware in 8 bits mode + * when calling nand_scan_ident, and update its configuration + * before calling nand_scan_tail. + */ + #define NAND_BUSWIDTH_AUTO 0x00080000 ++/* ++ * This option could be defined by controller drivers to protect against ++ * kmap'ed, vmalloc'ed highmem buffers being passed from upper layers ++ */ ++#define NAND_USE_BOUNCE_BUFFER 0x00100000 + + /* Options set by nand scan */ + /* Nand scan has allocated controller struct */ diff --git a/queue-4.1/nfsd-drop-bug_on-and-ignore-seclabel-on-absent-filesystem.patch b/queue-4.1/nfsd-drop-bug_on-and-ignore-seclabel-on-absent-filesystem.patch new file mode 100644 index 00000000000..5f82352c570 --- /dev/null +++ b/queue-4.1/nfsd-drop-bug_on-and-ignore-seclabel-on-absent-filesystem.patch @@ -0,0 +1,124 @@ +From c2227a39a078473115910512aa0f8d53bd915e60 Mon Sep 17 00:00:00 2001 +From: Kinglong Mee +Date: Tue, 7 Jul 2015 10:16:37 +0800 +Subject: nfsd: Drop BUG_ON and ignore SECLABEL on absent filesystem + +From: Kinglong Mee + +commit c2227a39a078473115910512aa0f8d53bd915e60 upstream. + +On an absent filesystem (one served by another server), we need to be +able to handle requests for certain attributest (like fs_locations, so +the client can find out which server does have the filesystem), but +others we can't. + +We forgot to take that into account when adding another attribute +bitmask work for the SECURITY_LABEL attribute. + +There an export entry with the "refer" option can result in: + +[ 88.414272] kernel BUG at fs/nfsd/nfs4xdr.c:2249! +[ 88.414828] invalid opcode: 0000 [#1] SMP +[ 88.415368] Modules linked in: rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache nfsd xfs libcrc32c iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi iosf_mbi ppdev btrfs coretemp crct10dif_pclmul crc32_pclmul crc32c_intel xor ghash_clmulni_intel raid6_pq vmw_balloon parport_pc parport i2c_piix4 shpchp vmw_vmci acpi_cpufreq auth_rpcgss nfs_acl lockd grace sunrpc vmwgfx drm_kms_helper ttm drm mptspi mptscsih serio_raw mptbase e1000 scsi_transport_spi ata_generic pata_acpi [last unloaded: nfsd] +[ 88.417827] CPU: 0 PID: 2116 Comm: nfsd Not tainted 4.0.7-300.fc22.x86_64 #1 +[ 88.418448] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014 +[ 88.419093] task: ffff880079146d50 ti: ffff8800785d8000 task.ti: ffff8800785d8000 +[ 88.419729] RIP: 0010:[] [] nfsd4_encode_fattr+0x820/0x1f00 [nfsd] +[ 88.420376] RSP: 0000:ffff8800785db998 EFLAGS: 00010206 +[ 88.421027] RAX: 0000000000000001 RBX: 000000000018091a RCX: ffff88006668b980 +[ 88.421676] RDX: 00000000fffef7fc RSI: 0000000000000000 RDI: ffff880078d05000 +[ 88.422315] RBP: ffff8800785dbb58 R08: ffff880078d043f8 R09: ffff880078d4a000 +[ 88.422968] R10: 0000000000010000 R11: 0000000000000002 R12: 0000000000b0a23a +[ 88.423612] R13: ffff880078d05000 R14: ffff880078683100 R15: ffff88006668b980 +[ 88.424295] FS: 0000000000000000(0000) GS:ffff88007c600000(0000) knlGS:0000000000000000 +[ 88.424944] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 88.425597] CR2: 00007f40bc370f90 CR3: 0000000035af5000 CR4: 00000000001407f0 +[ 88.426285] Stack: +[ 88.426921] ffff8800785dbaa8 ffffffffa049e4af ffff8800785dba08 ffffffff813298f0 +[ 88.427585] ffff880078683300 ffff8800769b0de8 0000089d00000001 0000000087f805e0 +[ 88.428228] ffff880000000000 ffff880079434a00 0000000000000000 ffff88006668b980 +[ 88.428877] Call Trace: +[ 88.429527] [] ? exp_get_by_name+0x7f/0xb0 [nfsd] +[ 88.430168] [] ? inode_doinit_with_dentry+0x210/0x6a0 +[ 88.430807] [] ? d_lookup+0x2e/0x60 +[ 88.431449] [] ? dput+0x33/0x230 +[ 88.432097] [] ? mntput+0x24/0x40 +[ 88.432719] [] ? path_put+0x22/0x30 +[ 88.433340] [] ? nfsd_cross_mnt+0xb7/0x1c0 [nfsd] +[ 88.433954] [] nfsd4_encode_dirent+0x1b0/0x3d0 [nfsd] +[ 88.434601] [] ? nfsd4_encode_getattr+0x40/0x40 [nfsd] +[ 88.435172] [] nfsd_readdir+0x1c1/0x2a0 [nfsd] +[ 88.435710] [] ? nfsd_direct_splice_actor+0x20/0x20 [nfsd] +[ 88.436447] [] nfsd4_encode_readdir+0x120/0x220 [nfsd] +[ 88.437011] [] nfsd4_encode_operation+0x7d/0x190 [nfsd] +[ 88.437566] [] nfsd4_proc_compound+0x24d/0x6f0 [nfsd] +[ 88.438157] [] nfsd_dispatch+0xc3/0x220 [nfsd] +[ 88.438680] [] svc_process_common+0x43b/0x690 [sunrpc] +[ 88.439192] [] svc_process+0x103/0x1b0 [sunrpc] +[ 88.439694] [] nfsd+0x117/0x190 [nfsd] +[ 88.440194] [] ? nfsd_destroy+0x90/0x90 [nfsd] +[ 88.440697] [] kthread+0xd8/0xf0 +[ 88.441260] [] ? kthread_worker_fn+0x180/0x180 +[ 88.441762] [] ret_from_fork+0x58/0x90 +[ 88.442322] [] ? kthread_worker_fn+0x180/0x180 +[ 88.442879] Code: 0f 84 93 05 00 00 83 f8 ea c7 85 a0 fe ff ff 00 00 27 30 0f 84 ba fe ff ff 85 c0 0f 85 a5 fe ff ff e9 e3 f9 ff ff 0f 1f 44 00 00 <0f> 0b 66 0f 1f 44 00 00 be 04 00 00 00 4c 89 ef 4c 89 8d 68 fe +[ 88.444052] RIP [] nfsd4_encode_fattr+0x820/0x1f00 [nfsd] +[ 88.444658] RSP +[ 88.445232] ---[ end trace 6cb9d0487d94a29f ]--- + +Signed-off-by: Kinglong Mee +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4xdr.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -2142,6 +2142,7 @@ nfsd4_encode_aclname(struct xdr_stream * + #define WORD0_ABSENT_FS_ATTRS (FATTR4_WORD0_FS_LOCATIONS | FATTR4_WORD0_FSID | \ + FATTR4_WORD0_RDATTR_ERROR) + #define WORD1_ABSENT_FS_ATTRS FATTR4_WORD1_MOUNTED_ON_FILEID ++#define WORD2_ABSENT_FS_ATTRS 0 + + #ifdef CONFIG_NFSD_V4_SECURITY_LABEL + static inline __be32 +@@ -2170,7 +2171,7 @@ nfsd4_encode_security_label(struct xdr_s + { return 0; } + #endif + +-static __be32 fattr_handle_absent_fs(u32 *bmval0, u32 *bmval1, u32 *rdattr_err) ++static __be32 fattr_handle_absent_fs(u32 *bmval0, u32 *bmval1, u32 *bmval2, u32 *rdattr_err) + { + /* As per referral draft: */ + if (*bmval0 & ~WORD0_ABSENT_FS_ATTRS || +@@ -2183,6 +2184,7 @@ static __be32 fattr_handle_absent_fs(u32 + } + *bmval0 &= WORD0_ABSENT_FS_ATTRS; + *bmval1 &= WORD1_ABSENT_FS_ATTRS; ++ *bmval2 &= WORD2_ABSENT_FS_ATTRS; + return 0; + } + +@@ -2246,8 +2248,7 @@ nfsd4_encode_fattr(struct xdr_stream *xd + BUG_ON(bmval2 & ~nfsd_suppattrs2(minorversion)); + + if (exp->ex_fslocs.migrated) { +- BUG_ON(bmval[2]); +- status = fattr_handle_absent_fs(&bmval0, &bmval1, &rdattr_err); ++ status = fattr_handle_absent_fs(&bmval0, &bmval1, &bmval2, &rdattr_err); + if (status) + goto out; + } +@@ -2290,8 +2291,8 @@ nfsd4_encode_fattr(struct xdr_stream *xd + } + + #ifdef CONFIG_NFSD_V4_SECURITY_LABEL +- if ((bmval[2] & FATTR4_WORD2_SECURITY_LABEL) || +- bmval[0] & FATTR4_WORD0_SUPPORTED_ATTRS) { ++ if ((bmval2 & FATTR4_WORD2_SECURITY_LABEL) || ++ bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) { + err = security_inode_getsecctx(d_inode(dentry), + &context, &contextlen); + contextsupport = (err == 0); diff --git a/queue-4.1/ocfs2-fix-bug-in-ocfs2_downconvert_thread_do_work.patch b/queue-4.1/ocfs2-fix-bug-in-ocfs2_downconvert_thread_do_work.patch new file mode 100644 index 00000000000..3b2022670e2 --- /dev/null +++ b/queue-4.1/ocfs2-fix-bug-in-ocfs2_downconvert_thread_do_work.patch @@ -0,0 +1,49 @@ +From 209f7512d007980fd111a74a064d70a3656079cf Mon Sep 17 00:00:00 2001 +From: Joseph Qi +Date: Thu, 6 Aug 2015 15:46:23 -0700 +Subject: ocfs2: fix BUG in ocfs2_downconvert_thread_do_work() + +From: Joseph Qi + +commit 209f7512d007980fd111a74a064d70a3656079cf upstream. + +The "BUG_ON(list_empty(&osb->blocked_lock_list))" in +ocfs2_downconvert_thread_do_work can be triggered in the following case: + +ocfs2dc has firstly saved osb->blocked_lock_count to local varibale +processed, and then processes the dentry lockres. During the dentry +put, it calls iput and then deletes rw, inode and open lockres from +blocked list in ocfs2_mark_lockres_freeing. And this causes the +variable `processed' to not reflect the number of blocked lockres to be +processed, which triggers the BUG. + +Signed-off-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ocfs2/dlmglue.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +--- a/fs/ocfs2/dlmglue.c ++++ b/fs/ocfs2/dlmglue.c +@@ -4025,9 +4025,13 @@ static void ocfs2_downconvert_thread_do_ + osb->dc_work_sequence = osb->dc_wake_sequence; + + processed = osb->blocked_lock_count; +- while (processed) { +- BUG_ON(list_empty(&osb->blocked_lock_list)); +- ++ /* ++ * blocked lock processing in this loop might call iput which can ++ * remove items off osb->blocked_lock_list. Downconvert up to ++ * 'processed' number of locks, but stop short if we had some ++ * removed in ocfs2_mark_lockres_freeing when downconverting. ++ */ ++ while (processed && !list_empty(&osb->blocked_lock_list)) { + lockres = list_entry(osb->blocked_lock_list.next, + struct ocfs2_lock_res, l_blocked_list); + list_del_init(&lockres->l_blocked_list); diff --git a/queue-4.1/ocfs2-fix-shift-left-overflow.patch b/queue-4.1/ocfs2-fix-shift-left-overflow.patch new file mode 100644 index 00000000000..69540d7da56 --- /dev/null +++ b/queue-4.1/ocfs2-fix-shift-left-overflow.patch @@ -0,0 +1,48 @@ +From 32e5a2a2be6b085febaac36efff495ad65a55e6c Mon Sep 17 00:00:00 2001 +From: Joseph Qi +Date: Thu, 6 Aug 2015 15:46:48 -0700 +Subject: ocfs2: fix shift left overflow + +From: Joseph Qi + +commit 32e5a2a2be6b085febaac36efff495ad65a55e6c upstream. + +When using a large volume, for example 9T volume with 2T already used, +frequent creation of small files with O_DIRECT when the IO is not +cluster aligned may clear sectors in the wrong place. This will cause +filesystem corruption. + +This is because p_cpos is a u32. When calculating the corresponding +sector it should be converted to u64 first, otherwise it may overflow. + +Signed-off-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ocfs2/aops.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/ocfs2/aops.c ++++ b/fs/ocfs2/aops.c +@@ -686,7 +686,7 @@ static int ocfs2_direct_IO_zero_extend(s + + if (p_cpos && !(ext_flags & OCFS2_EXT_UNWRITTEN)) { + u64 s = i_size_read(inode); +- sector_t sector = (p_cpos << (osb->s_clustersize_bits - 9)) + ++ sector_t sector = ((u64)p_cpos << (osb->s_clustersize_bits - 9)) + + (do_div(s, osb->s_clustersize) >> 9); + + ret = blkdev_issue_zeroout(osb->sb->s_bdev, sector, +@@ -911,7 +911,7 @@ static ssize_t ocfs2_direct_IO_write(str + BUG_ON(!p_cpos || (ext_flags & OCFS2_EXT_UNWRITTEN)); + + ret = blkdev_issue_zeroout(osb->sb->s_bdev, +- p_cpos << (osb->s_clustersize_bits - 9), ++ (u64)p_cpos << (osb->s_clustersize_bits - 9), + zero_len_head >> 9, GFP_NOFS, false); + if (ret < 0) + mlog_errno(ret); diff --git a/queue-4.1/pci-restore-pci_msix_flags_birmask-definition.patch b/queue-4.1/pci-restore-pci_msix_flags_birmask-definition.patch new file mode 100644 index 00000000000..898a828f73d --- /dev/null +++ b/queue-4.1/pci-restore-pci_msix_flags_birmask-definition.patch @@ -0,0 +1,35 @@ +From c9ddbac9c89110f77cb0fa07e634aaf1194899aa Mon Sep 17 00:00:00 2001 +From: "Michael S. Tsirkin" +Date: Tue, 14 Jul 2015 18:27:46 -0500 +Subject: PCI: Restore PCI_MSIX_FLAGS_BIRMASK definition + +From: "Michael S. Tsirkin" + +commit c9ddbac9c89110f77cb0fa07e634aaf1194899aa upstream. + +09a2c73ddfc7 ("PCI: Remove unused PCI_MSIX_FLAGS_BIRMASK definition") +removed PCI_MSIX_FLAGS_BIRMASK from an exported header because it was +unused in the kernel. But that breaks user programs that were using it +(QEMU in particular). + +Restore the PCI_MSIX_FLAGS_BIRMASK definition. + +[bhelgaas: changelog] +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Bjorn Helgaas +Signed-off-by: Greg Kroah-Hartman + +--- + include/uapi/linux/pci_regs.h | 1 + + 1 file changed, 1 insertion(+) + +--- a/include/uapi/linux/pci_regs.h ++++ b/include/uapi/linux/pci_regs.h +@@ -319,6 +319,7 @@ + #define PCI_MSIX_PBA 8 /* Pending Bit Array offset */ + #define PCI_MSIX_PBA_BIR 0x00000007 /* BAR index */ + #define PCI_MSIX_PBA_OFFSET 0xfffffff8 /* Offset into specified BAR */ ++#define PCI_MSIX_FLAGS_BIRMASK PCI_MSIX_PBA_BIR /* deprecated */ + #define PCI_CAP_MSIX_SIZEOF 12 /* size of MSIX registers */ + + /* MSI-X Table entry format */ diff --git a/queue-4.1/series b/queue-4.1/series index 88146bfbf5b..cdd3edcbef6 100644 --- a/queue-4.1/series +++ b/queue-4.1/series @@ -50,10 +50,29 @@ asoc-dapm-don-t-add-prefix-to-widget-stream-name.patch x86-xen-probe-target-addresses-in-set_aliased_prot-before-the-hypercall.patch xen-gntdevt-fix-race-condition-in-gntdev_release.patch xen-events-fifo-handle-linked-events-when-closing-a-port.patch -x86-ldt-make-modify_ldt-synchronous.patch hwrng-core-correct-error-check-of-kthread_run-call.patch crypto-qat-fix-invalid-synchronization-between-register-unregister-sym-algs.patch crypto-ixp4xx-remove-bogus-bug_on-on-scattered-dst-buffer.patch rbd-fix-copyup-completion-race.patch arm-dts-i.mx35-fix-can-support.patch arm-omap2-hwmod-fix-_wait_target_ready-for-hwmods-without-sysc.patch +alsa-hda-fix-cs4210_spdif_automute.patch +alsa-hda-one-dell-machine-needs-the-headphone-white-noise-fixup.patch +alsa-fireworks-firewire-lib-add-support-for-recent-firmware-quirk.patch +hwmon-nct7904-export-i2c-module-alias-information.patch +hwmon-dell-smm-blacklist-dell-studio-xps-8100.patch +ipc-modify-message-queue-accounting-to-not-take-kernel-data-structures-into-account.patch +ocfs2-fix-bug-in-ocfs2_downconvert_thread_do_work.patch +ocfs2-fix-shift-left-overflow.patch +nfsd-drop-bug_on-and-ignore-seclabel-on-absent-filesystem.patch +pci-restore-pci_msix_flags_birmask-definition.patch +md-raid1-extend-spinlock-to-protect-raid1_end_read_request-against-inconsistencies.patch +dm-fix-dm_merge_bvec-regression-on-32-bit-systems.patch +staging-vt6655-vnt_bss_info_changed-check-conf-beacon_rate-is-not-null.patch +staging-lustre-include-unaligned.h-instead-of-access_ok.h.patch +usb-gadget-f_uac2-fix-calculation-of-uac2-p_interval.patch +usb-qcserial-option-make-at-urcs-work-for-sierra-wireless-mc7305-mc7355.patch +usb-qcserial-add-support-for-dell-wireless-5809e-4g-modem.patch +mtd-nand-fix-nand_use_bounce_buffer-flag-conflict.patch +input-alps-only-dell-laptops-have-separate-button-bits-for-v2-dualpoint-sticks.patch +thermal-exynos-disable-the-regulator-on-probe-failure.patch diff --git a/queue-4.1/staging-lustre-include-unaligned.h-instead-of-access_ok.h.patch b/queue-4.1/staging-lustre-include-unaligned.h-instead-of-access_ok.h.patch new file mode 100644 index 00000000000..0a2034eac24 --- /dev/null +++ b/queue-4.1/staging-lustre-include-unaligned.h-instead-of-access_ok.h.patch @@ -0,0 +1,48 @@ +From fb1de5a4c825a389f054cc3803e06116d2fbdc7e Mon Sep 17 00:00:00 2001 +From: Guenter Roeck +Date: Sat, 1 Aug 2015 07:01:24 -0700 +Subject: staging: lustre: Include unaligned.h instead of access_ok.h + +From: Guenter Roeck + +commit fb1de5a4c825a389f054cc3803e06116d2fbdc7e upstream. + +Including access_ok.h causes the ia64:allmodconfig build (and maybe others) +to fail with + +include/linux/unaligned/le_struct.h:6:19: error: + redefinition of 'get_unaligned_le16' +include/linux/unaligned/access_ok.h:7:19: note: + previous definition of 'get_unaligned_le16' was here +include/linux/unaligned/le_struct.h:26:20: error: + redefinition of 'put_unaligned_le32' +include/linux/unaligned/access_ok.h:42:20: note: + previous definition of 'put_unaligned_le32' was here +include/linux/unaligned/le_struct.h:31:20: error: + redefinition of 'put_unaligned_le64' +include/linux/unaligned/access_ok.h:47:20: note: + previous definition of 'put_unaligned_le64' was here + +Include unaligned.h instead and leave it up to the architecture to decide +how to implement unaligned accesses. + +Fixes: 8c4f136497315 ("Staging: lustre: Use put_unaligned_le64") +Cc: Vaishali Thakkar +Signed-off-by: Guenter Roeck +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/staging/lustre/lustre/obdclass/debug.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/staging/lustre/lustre/obdclass/debug.c ++++ b/drivers/staging/lustre/lustre/obdclass/debug.c +@@ -40,7 +40,7 @@ + + #define DEBUG_SUBSYSTEM D_OTHER + +-#include ++#include + + #include "../include/obd_support.h" + #include "../include/lustre_debug.h" diff --git a/queue-4.1/staging-vt6655-vnt_bss_info_changed-check-conf-beacon_rate-is-not-null.patch b/queue-4.1/staging-vt6655-vnt_bss_info_changed-check-conf-beacon_rate-is-not-null.patch new file mode 100644 index 00000000000..d1a18a937a3 --- /dev/null +++ b/queue-4.1/staging-vt6655-vnt_bss_info_changed-check-conf-beacon_rate-is-not-null.patch @@ -0,0 +1,35 @@ +From 1f17124006b65482d9084c01e252b59dbca8db8f Mon Sep 17 00:00:00 2001 +From: Malcolm Priestley +Date: Sun, 2 Aug 2015 12:34:46 +0100 +Subject: staging: vt6655: vnt_bss_info_changed check conf->beacon_rate is not NULL + +From: Malcolm Priestley + +commit 1f17124006b65482d9084c01e252b59dbca8db8f upstream. + +conf->beacon_rate can be NULL on association. So check conf->beacon_rate + +BSS_CHANGED_BEACON_INFO needs to flagged in changed as the beacon_rate +will appear later. + +Signed-off-by: Malcolm Priestley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/staging/vt6655/device_main.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/staging/vt6655/device_main.c ++++ b/drivers/staging/vt6655/device_main.c +@@ -1486,8 +1486,9 @@ static void vnt_bss_info_changed(struct + } + } + +- if (changed & BSS_CHANGED_ASSOC && priv->op_mode != NL80211_IFTYPE_AP) { +- if (conf->assoc) { ++ if (changed & (BSS_CHANGED_ASSOC | BSS_CHANGED_BEACON_INFO) && ++ priv->op_mode != NL80211_IFTYPE_AP) { ++ if (conf->assoc && conf->beacon_rate) { + CARDbUpdateTSF(priv, conf->beacon_rate->hw_value, + conf->sync_tsf); + diff --git a/queue-4.1/thermal-exynos-disable-the-regulator-on-probe-failure.patch b/queue-4.1/thermal-exynos-disable-the-regulator-on-probe-failure.patch new file mode 100644 index 00000000000..646f7cd2bd0 --- /dev/null +++ b/queue-4.1/thermal-exynos-disable-the-regulator-on-probe-failure.patch @@ -0,0 +1,43 @@ +From 5f09a5cbd14ae16e93866040fa44d930ff885650 Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Mon, 8 Jun 2015 10:35:49 +0900 +Subject: thermal: exynos: Disable the regulator on probe failure + +From: Krzysztof Kozlowski + +commit 5f09a5cbd14ae16e93866040fa44d930ff885650 upstream. + +During probe the regulator (if present) was enabled but not disabled in +case of failure. So an unsuccessful probe lead to enabling the +regulator which was actually not needed because the device was not +enabled. + +Additionally each deferred probe lead to increase of regulator enable +count so it would not be effectively disabled during removal of the +device. + +Test HW: Exynos4412 - Trats2 board + +Signed-off-by: Krzysztof Kozlowski +Fixes: 498d22f616f6 ("thermal: exynos: Support for TMU regulator defined at device tree") +Reviewed-by: Javier Martinez Canillas +Signed-off-by: Lukasz Majewski +Tested-by: Lukasz Majewski +Signed-off-by: Eduardo Valentin +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/thermal/samsung/exynos_tmu.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/thermal/samsung/exynos_tmu.c ++++ b/drivers/thermal/samsung/exynos_tmu.c +@@ -1209,6 +1209,8 @@ err_clk_sec: + if (!IS_ERR(data->clk_sec)) + clk_unprepare(data->clk_sec); + err_sensor: ++ if (!IS_ERR_OR_NULL(data->regulator)) ++ regulator_disable(data->regulator); + thermal_zone_of_sensor_unregister(&pdev->dev, data->tzd); + + return ret; diff --git a/queue-4.1/usb-gadget-f_uac2-fix-calculation-of-uac2-p_interval.patch b/queue-4.1/usb-gadget-f_uac2-fix-calculation-of-uac2-p_interval.patch new file mode 100644 index 00000000000..0d6d4ac4d68 --- /dev/null +++ b/queue-4.1/usb-gadget-f_uac2-fix-calculation-of-uac2-p_interval.patch @@ -0,0 +1,45 @@ +From c41b7767673cb76adeb2b5fde220209f717ea13c Mon Sep 17 00:00:00 2001 +From: Peter Chen +Date: Mon, 27 Jul 2015 14:51:47 +0800 +Subject: usb: gadget: f_uac2: fix calculation of uac2->p_interval + +From: Peter Chen + +commit c41b7767673cb76adeb2b5fde220209f717ea13c upstream. + +The p_interval should be less if the 'bInterval' at the descriptor +is larger, eg, if 'bInterval' is 5 for HS, the p_interval should be +8000 / 16 = 500. + +It fixes the patch 9bb87f168931 ("usb: gadget: f_uac2: send +reasonably sized packets") + +Fixes: 9bb87f168931 ("usb: gadget: f_uac2: send reasonably sized packets") +Acked-by: Daniel Mack +Signed-off-by: Peter Chen +Signed-off-by: Felipe Balbi +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/gadget/function/f_uac2.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/usb/gadget/function/f_uac2.c ++++ b/drivers/usb/gadget/function/f_uac2.c +@@ -1162,14 +1162,14 @@ afunc_set_alt(struct usb_function *fn, u + factor = 1000; + } else { + ep_desc = &hs_epin_desc; +- factor = 125; ++ factor = 8000; + } + + /* pre-compute some values for iso_complete() */ + uac2->p_framesize = opts->p_ssize * + num_channels(opts->p_chmask); + rate = opts->p_srate * uac2->p_framesize; +- uac2->p_interval = (1 << (ep_desc->bInterval - 1)) * factor; ++ uac2->p_interval = factor / (1 << (ep_desc->bInterval - 1)); + uac2->p_pktsize = min_t(unsigned int, rate / uac2->p_interval, + prm->max_psize); + diff --git a/queue-4.1/usb-qcserial-add-support-for-dell-wireless-5809e-4g-modem.patch b/queue-4.1/usb-qcserial-add-support-for-dell-wireless-5809e-4g-modem.patch new file mode 100644 index 00000000000..e2442747fc9 --- /dev/null +++ b/queue-4.1/usb-qcserial-add-support-for-dell-wireless-5809e-4g-modem.patch @@ -0,0 +1,332 @@ +From 6da3700c98cdc8360f55c5510915efae1d66deea Mon Sep 17 00:00:00 2001 +From: Pieter Hollants +Date: Mon, 20 Jul 2015 11:56:17 +0200 +Subject: USB: qcserial: Add support for Dell Wireless 5809e 4G Modem +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Pieter Hollants + +commit 6da3700c98cdc8360f55c5510915efae1d66deea upstream. + +Added the USB IDs 0x413c:0x81b1 for the "Dell Wireless 5809e Gobi(TM) 4G +LTE Mobile Broadband Card", a Dell-branded Sierra Wireless EM7305 LTE +card in M.2 form factor, used eg. in Dell's Latitude E7540 Notebook +series. + +"lsusb -v" output for this device: + +Bus 002 Device 003: ID 413c:81b1 Dell Computer Corp. +Device Descriptor: + bLength 18 + bDescriptorType 1 + bcdUSB 2.00 + bDeviceClass 0 + bDeviceSubClass 0 + bDeviceProtocol 0 + bMaxPacketSize0 64 + idVendor 0x413c Dell Computer Corp. + idProduct 0x81b1 + bcdDevice 0.06 + iManufacturer 1 Sierra Wireless, Incorporated + iProduct 2 Dell Wireless 5809e Gobi™ 4G LTE Mobile Broadband Card + iSerial 3 + bNumConfigurations 2 + Configuration Descriptor: + bLength 9 + bDescriptorType 2 + wTotalLength 204 + bNumInterfaces 4 + bConfigurationValue 1 + iConfiguration 0 + bmAttributes 0xe0 + Self Powered + Remote Wakeup + MaxPower 500mA + Interface Descriptor: + bLength 9 + bDescriptorType 4 + bInterfaceNumber 0 + bAlternateSetting 0 + bNumEndpoints 2 + bInterfaceClass 255 Vendor Specific Class + bInterfaceSubClass 255 Vendor Specific Subclass + bInterfaceProtocol 255 Vendor Specific Protocol + iInterface 0 + Endpoint Descriptor: + bLength 7 + bDescriptorType 5 + bEndpointAddress 0x81 EP 1 IN + bmAttributes 2 + Transfer Type Bulk + Synch Type None + Usage Type Data + wMaxPacketSize 0x0200 1x 512 bytes + bInterval 0 + Endpoint Descriptor: + bLength 7 + bDescriptorType 5 + bEndpointAddress 0x01 EP 1 OUT + bmAttributes 2 + Transfer Type Bulk + Synch Type None + Usage Type Data + wMaxPacketSize 0x0200 1x 512 bytes + bInterval 0 + Interface Descriptor: + bLength 9 + bDescriptorType 4 + bInterfaceNumber 2 + bAlternateSetting 0 + bNumEndpoints 3 + bInterfaceClass 255 Vendor Specific Class + bInterfaceSubClass 0 + bInterfaceProtocol 0 + iInterface 0 + ** UNRECOGNIZED: 05 24 00 10 01 + ** UNRECOGNIZED: 05 24 01 00 00 + ** UNRECOGNIZED: 04 24 02 02 + ** UNRECOGNIZED: 05 24 06 00 00 + Endpoint Descriptor: + bLength 7 + bDescriptorType 5 + bEndpointAddress 0x83 EP 3 IN + bmAttributes 3 + Transfer Type Interrupt + Synch Type None + Usage Type Data + wMaxPacketSize 0x000c 1x 12 bytes + bInterval 9 + Endpoint Descriptor: + bLength 7 + bDescriptorType 5 + bEndpointAddress 0x82 EP 2 IN + bmAttributes 2 + Transfer Type Bulk + Synch Type None + Usage Type Data + wMaxPacketSize 0x0200 1x 512 bytes + bInterval 0 + Endpoint Descriptor: + bLength 7 + bDescriptorType 5 + bEndpointAddress 0x02 EP 2 OUT + bmAttributes 2 + Transfer Type Bulk + Synch Type None + Usage Type Data + wMaxPacketSize 0x0200 1x 512 bytes + bInterval 0 + Interface Descriptor: + bLength 9 + bDescriptorType 4 + bInterfaceNumber 3 + bAlternateSetting 0 + bNumEndpoints 3 + bInterfaceClass 255 Vendor Specific Class + bInterfaceSubClass 0 + bInterfaceProtocol 0 + iInterface 0 + ** UNRECOGNIZED: 05 24 00 10 01 + ** UNRECOGNIZED: 05 24 01 00 00 + ** UNRECOGNIZED: 04 24 02 02 + ** UNRECOGNIZED: 05 24 06 00 00 + Endpoint Descriptor: + bLength 7 + bDescriptorType 5 + bEndpointAddress 0x85 EP 5 IN + bmAttributes 3 + Transfer Type Interrupt + Synch Type None + Usage Type Data + wMaxPacketSize 0x000c 1x 12 bytes + bInterval 9 + Endpoint Descriptor: + bLength 7 + bDescriptorType 5 + bEndpointAddress 0x84 EP 4 IN + bmAttributes 2 + Transfer Type Bulk + Synch Type None + Usage Type Data + wMaxPacketSize 0x0200 1x 512 bytes + bInterval 0 + Endpoint Descriptor: + bLength 7 + bDescriptorType 5 + bEndpointAddress 0x03 EP 3 OUT + bmAttributes 2 + Transfer Type Bulk + Synch Type None + Usage Type Data + wMaxPacketSize 0x0200 1x 512 bytes + bInterval 0 + Interface Descriptor: + bLength 9 + bDescriptorType 4 + bInterfaceNumber 8 + bAlternateSetting 0 + bNumEndpoints 3 + bInterfaceClass 255 Vendor Specific Class + bInterfaceSubClass 255 Vendor Specific Subclass + bInterfaceProtocol 255 Vendor Specific Protocol + iInterface 0 + Endpoint Descriptor: + bLength 7 + bDescriptorType 5 + bEndpointAddress 0x87 EP 7 IN + bmAttributes 3 + Transfer Type Interrupt + Synch Type None + Usage Type Data + wMaxPacketSize 0x000a 1x 10 bytes + bInterval 9 + Endpoint Descriptor: + bLength 7 + bDescriptorType 5 + bEndpointAddress 0x86 EP 6 IN + bmAttributes 2 + Transfer Type Bulk + Synch Type None + Usage Type Data + wMaxPacketSize 0x0200 1x 512 bytes + bInterval 0 + Endpoint Descriptor: + bLength 7 + bDescriptorType 5 + bEndpointAddress 0x04 EP 4 OUT + bmAttributes 2 + Transfer Type Bulk + Synch Type None + Usage Type Data + wMaxPacketSize 0x0200 1x 512 bytes + bInterval 0 + ** UNRECOGNIZED: 2c ff 42 49 53 54 00 01 07 f5 40 f6 00 00 00 00 01 f7 c4 09 02 f8 c4 09 03 f9 88 13 04 fa 10 27 05 fb 10 27 06 fc c4 09 07 fd c4 09 + Configuration Descriptor: + bLength 9 + bDescriptorType 2 + wTotalLength 95 + bNumInterfaces 2 + bConfigurationValue 2 + iConfiguration 0 + bmAttributes 0xe0 + Self Powered + Remote Wakeup + MaxPower 500mA + Interface Association: + bLength 8 + bDescriptorType 11 + bFirstInterface 12 + bInterfaceCount 2 + bFunctionClass 2 Communications + bFunctionSubClass 14 + bFunctionProtocol 0 + iFunction 0 + Interface Descriptor: + bLength 9 + bDescriptorType 4 + bInterfaceNumber 12 + bAlternateSetting 0 + bNumEndpoints 1 + bInterfaceClass 2 Communications + bInterfaceSubClass 14 + bInterfaceProtocol 0 + iInterface 0 + CDC Header: + bcdCDC 1.10 + CDC Union: + bMasterInterface 12 + bSlaveInterface 13 + CDC MBIM: + bcdMBIMVersion 1.00 + wMaxControlMessage 4096 + bNumberFilters 32 + bMaxFilterSize 128 + wMaxSegmentSize 1500 + bmNetworkCapabilities 0x20 + 8-byte ntb input size + CDC MBIM Extended: + bcdMBIMExtendedVersion 1.00 + bMaxOutstandingCommandMessages 64 + wMTU 1500 + Endpoint Descriptor: + bLength 7 + bDescriptorType 5 + bEndpointAddress 0x82 EP 2 IN + bmAttributes 3 + Transfer Type Interrupt + Synch Type None + Usage Type Data + wMaxPacketSize 0x0040 1x 64 bytes + bInterval 9 + Interface Descriptor: + bLength 9 + bDescriptorType 4 + bInterfaceNumber 13 + bAlternateSetting 0 + bNumEndpoints 0 + bInterfaceClass 10 CDC Data + bInterfaceSubClass 0 + bInterfaceProtocol 2 + iInterface 0 + Interface Descriptor: + bLength 9 + bDescriptorType 4 + bInterfaceNumber 13 + bAlternateSetting 1 + bNumEndpoints 2 + bInterfaceClass 10 CDC Data + bInterfaceSubClass 0 + bInterfaceProtocol 2 + iInterface 0 + Endpoint Descriptor: + bLength 7 + bDescriptorType 5 + bEndpointAddress 0x81 EP 1 IN + bmAttributes 2 + Transfer Type Bulk + Synch Type None + Usage Type Data + wMaxPacketSize 0x0200 1x 512 bytes + bInterval 0 + Endpoint Descriptor: + bLength 7 + bDescriptorType 5 + bEndpointAddress 0x01 EP 1 OUT + bmAttributes 2 + Transfer Type Bulk + Synch Type None + Usage Type Data + wMaxPacketSize 0x0200 1x 512 bytes + bInterval 0 +Device Qualifier (for other device speed): + bLength 10 + bDescriptorType 6 + bcdUSB 2.00 + bDeviceClass 0 + bDeviceSubClass 0 + bDeviceProtocol 0 + bMaxPacketSize0 64 + bNumConfigurations 2 +Device Status: 0x0000 + (Bus Powered) + +Signed-off-by: Pieter Hollants +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/qcserial.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/usb/serial/qcserial.c ++++ b/drivers/usb/serial/qcserial.c +@@ -157,6 +157,7 @@ static const struct usb_device_id id_tab + {DEVICE_SWI(0x413c, 0x81a4)}, /* Dell Wireless 5570e HSPA+ (42Mbps) Mobile Broadband Card */ + {DEVICE_SWI(0x413c, 0x81a8)}, /* Dell Wireless 5808 Gobi(TM) 4G LTE Mobile Broadband Card */ + {DEVICE_SWI(0x413c, 0x81a9)}, /* Dell Wireless 5808e Gobi(TM) 4G LTE Mobile Broadband Card */ ++ {DEVICE_SWI(0x413c, 0x81b1)}, /* Dell Wireless 5809e Gobi(TM) 4G LTE Mobile Broadband Card */ + + /* Huawei devices */ + {DEVICE_HWI(0x03f0, 0x581d)}, /* HP lt4112 LTE/HSPA+ Gobi 4G Modem (Huawei me906e) */ diff --git a/queue-4.1/usb-qcserial-option-make-at-urcs-work-for-sierra-wireless-mc7305-mc7355.patch b/queue-4.1/usb-qcserial-option-make-at-urcs-work-for-sierra-wireless-mc7305-mc7355.patch new file mode 100644 index 00000000000..dd2eabf6095 --- /dev/null +++ b/queue-4.1/usb-qcserial-option-make-at-urcs-work-for-sierra-wireless-mc7305-mc7355.patch @@ -0,0 +1,47 @@ +From 653cdc13a340ad1cef29f1bab0d05d0771fa1d57 Mon Sep 17 00:00:00 2001 +From: Reinhard Speyerer +Date: Tue, 14 Jul 2015 22:55:06 +0200 +Subject: USB: qcserial/option: make AT URCs work for Sierra Wireless MC7305/MC7355 + +From: Reinhard Speyerer + +commit 653cdc13a340ad1cef29f1bab0d05d0771fa1d57 upstream. + +Tests with a Sierra Wireless MC7355 have shown that 1199:9041 devices +also require the option_send_setup() code to be used on the USB +interface for the AT port to make unsolicited response codes work +correctly. Move these devices from the qcserial driver to the option +driver like it has been done for the 1199:68c0 devices in commit +d80c0d14183516f184a5ac88e11008ee4c7d2a2e ("USB: qcserial/option: make +AT URCs work for Sierra Wireless MC73xx"). + +Signed-off-by: Reinhard Speyerer +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/option.c | 2 ++ + drivers/usb/serial/qcserial.c | 1 - + 2 files changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/usb/serial/option.c ++++ b/drivers/usb/serial/option.c +@@ -1099,6 +1099,8 @@ static const struct usb_device_id option + { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x9000)}, /* SIMCom SIM5218 */ + { USB_DEVICE_INTERFACE_CLASS(SIERRA_VENDOR_ID, 0x68c0, 0xff), + .driver_info = (kernel_ulong_t)&sierra_mc73xx_blacklist }, /* MC73xx */ ++ { USB_DEVICE_INTERFACE_CLASS(SIERRA_VENDOR_ID, 0x9041, 0xff), ++ .driver_info = (kernel_ulong_t)&sierra_mc73xx_blacklist }, /* MC7305/MC7355 */ + { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6001) }, + { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_CMU_300) }, + { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6003), +--- a/drivers/usb/serial/qcserial.c ++++ b/drivers/usb/serial/qcserial.c +@@ -145,7 +145,6 @@ static const struct usb_device_id id_tab + {DEVICE_SWI(0x1199, 0x901c)}, /* Sierra Wireless EM7700 */ + {DEVICE_SWI(0x1199, 0x901f)}, /* Sierra Wireless EM7355 */ + {DEVICE_SWI(0x1199, 0x9040)}, /* Sierra Wireless Modem */ +- {DEVICE_SWI(0x1199, 0x9041)}, /* Sierra Wireless MC7305/MC7355 */ + {DEVICE_SWI(0x1199, 0x9051)}, /* Netgear AirCard 340U */ + {DEVICE_SWI(0x1199, 0x9053)}, /* Sierra Wireless Modem */ + {DEVICE_SWI(0x1199, 0x9054)}, /* Sierra Wireless Modem */ diff --git a/queue-4.1/x86-ldt-make-modify_ldt-synchronous.patch b/queue-4.1/x86-ldt-make-modify_ldt-synchronous.patch deleted file mode 100644 index 2729cf7e62b..00000000000 --- a/queue-4.1/x86-ldt-make-modify_ldt-synchronous.patch +++ /dev/null @@ -1,628 +0,0 @@ -From 37868fe113ff2ba814b3b4eb12df214df555f8dc Mon Sep 17 00:00:00 2001 -From: Andy Lutomirski -Date: Thu, 30 Jul 2015 14:31:32 -0700 -Subject: x86/ldt: Make modify_ldt synchronous - -From: Andy Lutomirski - -commit 37868fe113ff2ba814b3b4eb12df214df555f8dc upstream. - -modify_ldt() has questionable locking and does not synchronize -threads. Improve it: redesign the locking and synchronize all -threads' LDTs using an IPI on all modifications. - -This will dramatically slow down modify_ldt in multithreaded -programs, but there shouldn't be any multithreaded programs that -care about modify_ldt's performance in the first place. - -This fixes some fallout from the CVE-2015-5157 fixes. - -Signed-off-by: Andy Lutomirski -Reviewed-by: Borislav Petkov -Cc: Andrew Cooper -Cc: Andy Lutomirski -Cc: Boris Ostrovsky -Cc: Borislav Petkov -Cc: Brian Gerst -Cc: Denys Vlasenko -Cc: H. Peter Anvin -Cc: Jan Beulich -Cc: Konrad Rzeszutek Wilk -Cc: Linus Torvalds -Cc: Peter Zijlstra -Cc: Sasha Levin -Cc: Steven Rostedt -Cc: Thomas Gleixner -Cc: security@kernel.org -Cc: xen-devel -Link: http://lkml.kernel.org/r/4c6978476782160600471bd865b318db34c7b628.1438291540.git.luto@kernel.org -Signed-off-by: Ingo Molnar -Signed-off-by: Greg Kroah-Hartman - ---- - arch/x86/include/asm/desc.h | 15 -- - arch/x86/include/asm/mmu.h | 3 - arch/x86/include/asm/mmu_context.h | 54 ++++++- - arch/x86/kernel/cpu/common.c | 4 - arch/x86/kernel/cpu/perf_event.c | 12 + - arch/x86/kernel/ldt.c | 264 ++++++++++++++++++++----------------- - arch/x86/kernel/process_64.c | 4 - arch/x86/kernel/step.c | 6 - arch/x86/power/cpu.c | 3 - 9 files changed, 211 insertions(+), 154 deletions(-) - ---- a/arch/x86/include/asm/desc.h -+++ b/arch/x86/include/asm/desc.h -@@ -280,21 +280,6 @@ static inline void clear_LDT(void) - set_ldt(NULL, 0); - } - --/* -- * load one particular LDT into the current CPU -- */ --static inline void load_LDT_nolock(mm_context_t *pc) --{ -- set_ldt(pc->ldt, pc->size); --} -- --static inline void load_LDT(mm_context_t *pc) --{ -- preempt_disable(); -- load_LDT_nolock(pc); -- preempt_enable(); --} -- - static inline unsigned long get_desc_base(const struct desc_struct *desc) - { - return (unsigned)(desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24)); ---- a/arch/x86/include/asm/mmu.h -+++ b/arch/x86/include/asm/mmu.h -@@ -9,8 +9,7 @@ - * we put the segment information here. - */ - typedef struct { -- void *ldt; -- int size; -+ struct ldt_struct *ldt; - - #ifdef CONFIG_X86_64 - /* True if mm supports a task running in 32 bit compatibility mode. */ ---- a/arch/x86/include/asm/mmu_context.h -+++ b/arch/x86/include/asm/mmu_context.h -@@ -34,6 +34,50 @@ static inline void load_mm_cr4(struct mm - #endif - - /* -+ * ldt_structs can be allocated, used, and freed, but they are never -+ * modified while live. -+ */ -+struct ldt_struct { -+ /* -+ * Xen requires page-aligned LDTs with special permissions. This is -+ * needed to prevent us from installing evil descriptors such as -+ * call gates. On native, we could merge the ldt_struct and LDT -+ * allocations, but it's not worth trying to optimize. -+ */ -+ struct desc_struct *entries; -+ int size; -+}; -+ -+static inline void load_mm_ldt(struct mm_struct *mm) -+{ -+ struct ldt_struct *ldt; -+ -+ /* lockless_dereference synchronizes with smp_store_release */ -+ ldt = lockless_dereference(mm->context.ldt); -+ -+ /* -+ * Any change to mm->context.ldt is followed by an IPI to all -+ * CPUs with the mm active. The LDT will not be freed until -+ * after the IPI is handled by all such CPUs. This means that, -+ * if the ldt_struct changes before we return, the values we see -+ * will be safe, and the new values will be loaded before we run -+ * any user code. -+ * -+ * NB: don't try to convert this to use RCU without extreme care. -+ * We would still need IRQs off, because we don't want to change -+ * the local LDT after an IPI loaded a newer value than the one -+ * that we can see. -+ */ -+ -+ if (unlikely(ldt)) -+ set_ldt(ldt->entries, ldt->size); -+ else -+ clear_LDT(); -+ -+ DEBUG_LOCKS_WARN_ON(preemptible()); -+} -+ -+/* - * Used for LDT copy/destruction. - */ - int init_new_context(struct task_struct *tsk, struct mm_struct *mm); -@@ -78,12 +122,12 @@ static inline void switch_mm(struct mm_s - * was called and then modify_ldt changed - * prev->context.ldt but suppressed an IPI to this CPU. - * In this case, prev->context.ldt != NULL, because we -- * never free an LDT while the mm still exists. That -- * means that next->context.ldt != prev->context.ldt, -- * because mms never share an LDT. -+ * never set context.ldt to NULL while the mm still -+ * exists. That means that next->context.ldt != -+ * prev->context.ldt, because mms never share an LDT. - */ - if (unlikely(prev->context.ldt != next->context.ldt)) -- load_LDT_nolock(&next->context); -+ load_mm_ldt(next); - } - #ifdef CONFIG_SMP - else { -@@ -106,7 +150,7 @@ static inline void switch_mm(struct mm_s - load_cr3(next->pgd); - trace_tlb_flush(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL); - load_mm_cr4(next); -- load_LDT_nolock(&next->context); -+ load_mm_ldt(next); - } - } - #endif ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -1434,7 +1434,7 @@ void cpu_init(void) - load_sp0(t, ¤t->thread); - set_tss_desc(cpu, t); - load_TR_desc(); -- load_LDT(&init_mm.context); -+ load_mm_ldt(&init_mm); - - clear_all_debug_regs(); - dbg_restore_debug_regs(); -@@ -1483,7 +1483,7 @@ void cpu_init(void) - load_sp0(t, thread); - set_tss_desc(cpu, t); - load_TR_desc(); -- load_LDT(&init_mm.context); -+ load_mm_ldt(&init_mm); - - t->x86_tss.io_bitmap_base = offsetof(struct tss_struct, io_bitmap); - ---- a/arch/x86/kernel/cpu/perf_event.c -+++ b/arch/x86/kernel/cpu/perf_event.c -@@ -2170,21 +2170,25 @@ static unsigned long get_segment_base(un - int idx = segment >> 3; - - if ((segment & SEGMENT_TI_MASK) == SEGMENT_LDT) { -+ struct ldt_struct *ldt; -+ - if (idx > LDT_ENTRIES) - return 0; - -- if (idx > current->active_mm->context.size) -+ /* IRQs are off, so this synchronizes with smp_store_release */ -+ ldt = lockless_dereference(current->active_mm->context.ldt); -+ if (!ldt || idx > ldt->size) - return 0; - -- desc = current->active_mm->context.ldt; -+ desc = &ldt->entries[idx]; - } else { - if (idx > GDT_ENTRIES) - return 0; - -- desc = raw_cpu_ptr(gdt_page.gdt); -+ desc = raw_cpu_ptr(gdt_page.gdt) + idx; - } - -- return get_desc_base(desc + idx); -+ return get_desc_base(desc); - } - - #ifdef CONFIG_COMPAT ---- a/arch/x86/kernel/ldt.c -+++ b/arch/x86/kernel/ldt.c -@@ -12,6 +12,7 @@ - #include - #include - #include -+#include - #include - #include - -@@ -20,82 +21,82 @@ - #include - #include - --#ifdef CONFIG_SMP -+/* context.lock is held for us, so we don't need any locking. */ - static void flush_ldt(void *current_mm) - { -- if (current->active_mm == current_mm) -- load_LDT(¤t->active_mm->context); -+ mm_context_t *pc; -+ -+ if (current->active_mm != current_mm) -+ return; -+ -+ pc = ¤t->active_mm->context; -+ set_ldt(pc->ldt->entries, pc->ldt->size); - } --#endif - --static int alloc_ldt(mm_context_t *pc, int mincount, int reload) -+/* The caller must call finalize_ldt_struct on the result. LDT starts zeroed. */ -+static struct ldt_struct *alloc_ldt_struct(int size) - { -- void *oldldt, *newldt; -- int oldsize; -+ struct ldt_struct *new_ldt; -+ int alloc_size; - -- if (mincount <= pc->size) -- return 0; -- oldsize = pc->size; -- mincount = (mincount + (PAGE_SIZE / LDT_ENTRY_SIZE - 1)) & -- (~(PAGE_SIZE / LDT_ENTRY_SIZE - 1)); -- if (mincount * LDT_ENTRY_SIZE > PAGE_SIZE) -- newldt = vmalloc(mincount * LDT_ENTRY_SIZE); -- else -- newldt = (void *)__get_free_page(GFP_KERNEL); -+ if (size > LDT_ENTRIES) -+ return NULL; - -- if (!newldt) -- return -ENOMEM; -+ new_ldt = kmalloc(sizeof(struct ldt_struct), GFP_KERNEL); -+ if (!new_ldt) -+ return NULL; -+ -+ BUILD_BUG_ON(LDT_ENTRY_SIZE != sizeof(struct desc_struct)); -+ alloc_size = size * LDT_ENTRY_SIZE; -+ -+ /* -+ * Xen is very picky: it requires a page-aligned LDT that has no -+ * trailing nonzero bytes in any page that contains LDT descriptors. -+ * Keep it simple: zero the whole allocation and never allocate less -+ * than PAGE_SIZE. -+ */ -+ if (alloc_size > PAGE_SIZE) -+ new_ldt->entries = vzalloc(alloc_size); -+ else -+ new_ldt->entries = kzalloc(PAGE_SIZE, GFP_KERNEL); - -- if (oldsize) -- memcpy(newldt, pc->ldt, oldsize * LDT_ENTRY_SIZE); -- oldldt = pc->ldt; -- memset(newldt + oldsize * LDT_ENTRY_SIZE, 0, -- (mincount - oldsize) * LDT_ENTRY_SIZE); -- -- paravirt_alloc_ldt(newldt, mincount); -- --#ifdef CONFIG_X86_64 -- /* CHECKME: Do we really need this ? */ -- wmb(); --#endif -- pc->ldt = newldt; -- wmb(); -- pc->size = mincount; -- wmb(); -- -- if (reload) { --#ifdef CONFIG_SMP -- preempt_disable(); -- load_LDT(pc); -- if (!cpumask_equal(mm_cpumask(current->mm), -- cpumask_of(smp_processor_id()))) -- smp_call_function(flush_ldt, current->mm, 1); -- preempt_enable(); --#else -- load_LDT(pc); --#endif -- } -- if (oldsize) { -- paravirt_free_ldt(oldldt, oldsize); -- if (oldsize * LDT_ENTRY_SIZE > PAGE_SIZE) -- vfree(oldldt); -- else -- put_page(virt_to_page(oldldt)); -+ if (!new_ldt->entries) { -+ kfree(new_ldt); -+ return NULL; - } -- return 0; -+ -+ new_ldt->size = size; -+ return new_ldt; - } - --static inline int copy_ldt(mm_context_t *new, mm_context_t *old) -+/* After calling this, the LDT is immutable. */ -+static void finalize_ldt_struct(struct ldt_struct *ldt) - { -- int err = alloc_ldt(new, old->size, 0); -- int i; -+ paravirt_alloc_ldt(ldt->entries, ldt->size); -+} -+ -+/* context.lock is held */ -+static void install_ldt(struct mm_struct *current_mm, -+ struct ldt_struct *ldt) -+{ -+ /* Synchronizes with lockless_dereference in load_mm_ldt. */ -+ smp_store_release(¤t_mm->context.ldt, ldt); -+ -+ /* Activate the LDT for all CPUs using current_mm. */ -+ on_each_cpu_mask(mm_cpumask(current_mm), flush_ldt, current_mm, true); -+} - -- if (err < 0) -- return err; -+static void free_ldt_struct(struct ldt_struct *ldt) -+{ -+ if (likely(!ldt)) -+ return; - -- for (i = 0; i < old->size; i++) -- write_ldt_entry(new->ldt, i, old->ldt + i * LDT_ENTRY_SIZE); -- return 0; -+ paravirt_free_ldt(ldt->entries, ldt->size); -+ if (ldt->size * LDT_ENTRY_SIZE > PAGE_SIZE) -+ vfree(ldt->entries); -+ else -+ kfree(ldt->entries); -+ kfree(ldt); - } - - /* -@@ -104,17 +105,37 @@ static inline int copy_ldt(mm_context_t - */ - int init_new_context(struct task_struct *tsk, struct mm_struct *mm) - { -+ struct ldt_struct *new_ldt; - struct mm_struct *old_mm; - int retval = 0; - - mutex_init(&mm->context.lock); -- mm->context.size = 0; - old_mm = current->mm; -- if (old_mm && old_mm->context.size > 0) { -- mutex_lock(&old_mm->context.lock); -- retval = copy_ldt(&mm->context, &old_mm->context); -- mutex_unlock(&old_mm->context.lock); -+ if (!old_mm) { -+ mm->context.ldt = NULL; -+ return 0; - } -+ -+ mutex_lock(&old_mm->context.lock); -+ if (!old_mm->context.ldt) { -+ mm->context.ldt = NULL; -+ goto out_unlock; -+ } -+ -+ new_ldt = alloc_ldt_struct(old_mm->context.ldt->size); -+ if (!new_ldt) { -+ retval = -ENOMEM; -+ goto out_unlock; -+ } -+ -+ memcpy(new_ldt->entries, old_mm->context.ldt->entries, -+ new_ldt->size * LDT_ENTRY_SIZE); -+ finalize_ldt_struct(new_ldt); -+ -+ mm->context.ldt = new_ldt; -+ -+out_unlock: -+ mutex_unlock(&old_mm->context.lock); - return retval; - } - -@@ -125,53 +146,47 @@ int init_new_context(struct task_struct - */ - void destroy_context(struct mm_struct *mm) - { -- if (mm->context.size) { --#ifdef CONFIG_X86_32 -- /* CHECKME: Can this ever happen ? */ -- if (mm == current->active_mm) -- clear_LDT(); --#endif -- paravirt_free_ldt(mm->context.ldt, mm->context.size); -- if (mm->context.size * LDT_ENTRY_SIZE > PAGE_SIZE) -- vfree(mm->context.ldt); -- else -- put_page(virt_to_page(mm->context.ldt)); -- mm->context.size = 0; -- } -+ free_ldt_struct(mm->context.ldt); -+ mm->context.ldt = NULL; - } - - static int read_ldt(void __user *ptr, unsigned long bytecount) - { -- int err; -+ int retval; - unsigned long size; - struct mm_struct *mm = current->mm; - -- if (!mm->context.size) -- return 0; -+ mutex_lock(&mm->context.lock); -+ -+ if (!mm->context.ldt) { -+ retval = 0; -+ goto out_unlock; -+ } -+ - if (bytecount > LDT_ENTRY_SIZE * LDT_ENTRIES) - bytecount = LDT_ENTRY_SIZE * LDT_ENTRIES; - -- mutex_lock(&mm->context.lock); -- size = mm->context.size * LDT_ENTRY_SIZE; -+ size = mm->context.ldt->size * LDT_ENTRY_SIZE; - if (size > bytecount) - size = bytecount; - -- err = 0; -- if (copy_to_user(ptr, mm->context.ldt, size)) -- err = -EFAULT; -- mutex_unlock(&mm->context.lock); -- if (err < 0) -- goto error_return; -+ if (copy_to_user(ptr, mm->context.ldt->entries, size)) { -+ retval = -EFAULT; -+ goto out_unlock; -+ } -+ - if (size != bytecount) { -- /* zero-fill the rest */ -- if (clear_user(ptr + size, bytecount - size) != 0) { -- err = -EFAULT; -- goto error_return; -+ /* Zero-fill the rest and pretend we read bytecount bytes. */ -+ if (clear_user(ptr + size, bytecount - size)) { -+ retval = -EFAULT; -+ goto out_unlock; - } - } -- return bytecount; --error_return: -- return err; -+ retval = bytecount; -+ -+out_unlock: -+ mutex_unlock(&mm->context.lock); -+ return retval; - } - - static int read_default_ldt(void __user *ptr, unsigned long bytecount) -@@ -195,6 +210,8 @@ static int write_ldt(void __user *ptr, u - struct desc_struct ldt; - int error; - struct user_desc ldt_info; -+ int oldsize, newsize; -+ struct ldt_struct *new_ldt, *old_ldt; - - error = -EINVAL; - if (bytecount != sizeof(ldt_info)) -@@ -213,34 +230,39 @@ static int write_ldt(void __user *ptr, u - goto out; - } - -- mutex_lock(&mm->context.lock); -- if (ldt_info.entry_number >= mm->context.size) { -- error = alloc_ldt(¤t->mm->context, -- ldt_info.entry_number + 1, 1); -- if (error < 0) -- goto out_unlock; -- } -- -- /* Allow LDTs to be cleared by the user. */ -- if (ldt_info.base_addr == 0 && ldt_info.limit == 0) { -- if (oldmode || LDT_empty(&ldt_info)) { -- memset(&ldt, 0, sizeof(ldt)); -- goto install; -+ if ((oldmode && !ldt_info.base_addr && !ldt_info.limit) || -+ LDT_empty(&ldt_info)) { -+ /* The user wants to clear the entry. */ -+ memset(&ldt, 0, sizeof(ldt)); -+ } else { -+ if (!IS_ENABLED(CONFIG_X86_16BIT) && !ldt_info.seg_32bit) { -+ error = -EINVAL; -+ goto out; - } -+ -+ fill_ldt(&ldt, &ldt_info); -+ if (oldmode) -+ ldt.avl = 0; - } - -- if (!IS_ENABLED(CONFIG_X86_16BIT) && !ldt_info.seg_32bit) { -- error = -EINVAL; -+ mutex_lock(&mm->context.lock); -+ -+ old_ldt = mm->context.ldt; -+ oldsize = old_ldt ? old_ldt->size : 0; -+ newsize = max((int)(ldt_info.entry_number + 1), oldsize); -+ -+ error = -ENOMEM; -+ new_ldt = alloc_ldt_struct(newsize); -+ if (!new_ldt) - goto out_unlock; -- } - -- fill_ldt(&ldt, &ldt_info); -- if (oldmode) -- ldt.avl = 0; -- -- /* Install the new entry ... */ --install: -- write_ldt_entry(mm->context.ldt, ldt_info.entry_number, &ldt); -+ if (old_ldt) -+ memcpy(new_ldt->entries, old_ldt->entries, oldsize * LDT_ENTRY_SIZE); -+ new_ldt->entries[ldt_info.entry_number] = ldt; -+ finalize_ldt_struct(new_ldt); -+ -+ install_ldt(mm, new_ldt); -+ free_ldt_struct(old_ldt); - error = 0; - - out_unlock: ---- a/arch/x86/kernel/process_64.c -+++ b/arch/x86/kernel/process_64.c -@@ -122,11 +122,11 @@ void __show_regs(struct pt_regs *regs, i - void release_thread(struct task_struct *dead_task) - { - if (dead_task->mm) { -- if (dead_task->mm->context.size) { -+ if (dead_task->mm->context.ldt) { - pr_warn("WARNING: dead process %s still has LDT? <%p/%d>\n", - dead_task->comm, - dead_task->mm->context.ldt, -- dead_task->mm->context.size); -+ dead_task->mm->context.ldt->size); - BUG(); - } - } ---- a/arch/x86/kernel/step.c -+++ b/arch/x86/kernel/step.c -@@ -5,6 +5,7 @@ - #include - #include - #include -+#include - - unsigned long convert_ip_to_linear(struct task_struct *child, struct pt_regs *regs) - { -@@ -30,10 +31,11 @@ unsigned long convert_ip_to_linear(struc - seg &= ~7UL; - - mutex_lock(&child->mm->context.lock); -- if (unlikely((seg >> 3) >= child->mm->context.size)) -+ if (unlikely(!child->mm->context.ldt || -+ (seg >> 3) >= child->mm->context.ldt->size)) - addr = -1L; /* bogus selector, access would fault */ - else { -- desc = child->mm->context.ldt + seg; -+ desc = &child->mm->context.ldt->entries[seg]; - base = get_desc_base(desc); - - /* 16-bit code segment? */ ---- a/arch/x86/power/cpu.c -+++ b/arch/x86/power/cpu.c -@@ -23,6 +23,7 @@ - #include - #include /* pcntxt_mask */ - #include -+#include - - #ifdef CONFIG_X86_32 - __visible unsigned long saved_context_ebx; -@@ -154,7 +155,7 @@ static void fix_processor_context(void) - syscall_init(); /* This sets MSR_*STAR and related */ - #endif - load_TR_desc(); /* This does ltr */ -- load_LDT(¤t->active_mm->context); /* This does lldt */ -+ load_mm_ldt(current->active_mm); /* This does lldt */ - } - - /**