From: Greg Kroah-Hartman Date: Fri, 24 Oct 2014 05:11:50 +0000 (+0800) Subject: 3.14-stable patches X-Git-Tag: v3.10.59~18 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eb6b272d6874869a99ca2e230c4b4f926614beca;p=thirdparty%2Fkernel%2Fstable-queue.git 3.14-stable patches added patches: bluetooth-fix-hci-h5-corrupted-ack-value.patch bluetooth-fix-incorrect-le-coc-pdu-length-restriction-based-on-hci-mtu.patch bluetooth-fix-issue-with-usb-suspend-in-btusb-driver.patch fanotify-enable-close-on-exec-on-events-fd-when-requested-in-fanotify_init.patch futex-ensure-get_futex_key_refs-always-implies-a-barrier.patch ima-fix-fallback-to-use-new_sync_read.patch ima-provide-flag-to-identify-new-empty-files.patch iwlwifi-add-missing-pci-ids-for-the-7260-series.patch kernel-add-support-for-gcc-5.patch mm-clear-__gfp_fs-when-pf_memalloc_noio-is-set.patch pci-generate-uppercase-hex-for-modalias-interface-class.patch pci-increase-ibm-ipr-sas-crocodile-bars-to-at-least-system-page-size.patch pci-mvebu-fix-uninitialized-variable-in-mvebu_get_tgt_attr.patch pci-pciehp-prevent-null-dereference-during-probe.patch powerpc-iommu-ddw-fix-endianness.patch rt2800-correct-bbp1_tx_power_ctrl-mask.patch --- diff --git a/queue-3.14/bluetooth-fix-hci-h5-corrupted-ack-value.patch b/queue-3.14/bluetooth-fix-hci-h5-corrupted-ack-value.patch new file mode 100644 index 00000000000..0c87ae5fbed --- /dev/null +++ b/queue-3.14/bluetooth-fix-hci-h5-corrupted-ack-value.patch @@ -0,0 +1,35 @@ +From 4807b51895dce8aa650ebebc51fa4a795ed6b8b8 Mon Sep 17 00:00:00 2001 +From: Loic Poulain +Date: Fri, 8 Aug 2014 19:07:16 +0200 +Subject: Bluetooth: Fix HCI H5 corrupted ack value + +From: Loic Poulain + +commit 4807b51895dce8aa650ebebc51fa4a795ed6b8b8 upstream. + +In this expression: seq = (seq - 1) % 8 +seq (u8) is implicitly converted to an int in the arithmetic operation. +So if seq value is 0, operation is ((0 - 1) % 8) => (-1 % 8) => -1. +The new seq value is 0xff which is an invalid ACK value, we expect 0x07. +It leads to frequent dropped ACK and retransmission. +Fix this by using '&' binary operator instead of '%'. + +Signed-off-by: Loic Poulain +Signed-off-by: Marcel Holtmann +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/bluetooth/hci_h5.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/bluetooth/hci_h5.c ++++ b/drivers/bluetooth/hci_h5.c +@@ -237,7 +237,7 @@ static void h5_pkt_cull(struct h5 *h5) + break; + + to_remove--; +- seq = (seq - 1) % 8; ++ seq = (seq - 1) & 0x07; + } + + if (seq != h5->rx_ack) diff --git a/queue-3.14/bluetooth-fix-incorrect-le-coc-pdu-length-restriction-based-on-hci-mtu.patch b/queue-3.14/bluetooth-fix-incorrect-le-coc-pdu-length-restriction-based-on-hci-mtu.patch new file mode 100644 index 00000000000..ece8be78238 --- /dev/null +++ b/queue-3.14/bluetooth-fix-incorrect-le-coc-pdu-length-restriction-based-on-hci-mtu.patch @@ -0,0 +1,43 @@ +From 72c6fb915ff2d30ae14053edee4f0d30019bad76 Mon Sep 17 00:00:00 2001 +From: Johan Hedberg +Date: Fri, 15 Aug 2014 21:06:51 +0300 +Subject: Bluetooth: Fix incorrect LE CoC PDU length restriction based on HCI MTU + +From: Johan Hedberg + +commit 72c6fb915ff2d30ae14053edee4f0d30019bad76 upstream. + +The l2cap_create_le_flowctl_pdu() function that l2cap_segment_le_sdu() +calls is perfectly capable of doing packet fragmentation if given bigger +PDUs than the HCI buffers allow. Forcing the PDU length based on the HCI +MTU (conn->mtu) would therefore needlessly strict operation on hardware +with limited LE buffers (e.g. both Intel and Broadcom seem to have this +set to just 27 bytes). + +This patch removes the restriction and makes it possible to send PDUs of +the full length that the remote MPS value allows. + +Signed-off-by: Johan Hedberg +Signed-off-by: Marcel Holtmann +Signed-off-by: Greg Kroah-Hartman + +--- + net/bluetooth/l2cap_core.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +--- a/net/bluetooth/l2cap_core.c ++++ b/net/bluetooth/l2cap_core.c +@@ -2608,12 +2608,8 @@ static int l2cap_segment_le_sdu(struct l + + BT_DBG("chan %p, msg %p, len %zu", chan, msg, len); + +- pdu_len = chan->conn->mtu - L2CAP_HDR_SIZE; +- +- pdu_len = min_t(size_t, pdu_len, chan->remote_mps); +- + sdu_len = len; +- pdu_len -= L2CAP_SDULEN_SIZE; ++ pdu_len = chan->remote_mps - L2CAP_SDULEN_SIZE; + + while (len > 0) { + if (len <= pdu_len) diff --git a/queue-3.14/bluetooth-fix-issue-with-usb-suspend-in-btusb-driver.patch b/queue-3.14/bluetooth-fix-issue-with-usb-suspend-in-btusb-driver.patch new file mode 100644 index 00000000000..1cb5a5a1f44 --- /dev/null +++ b/queue-3.14/bluetooth-fix-issue-with-usb-suspend-in-btusb-driver.patch @@ -0,0 +1,56 @@ +From 85560c4a828ec9c8573840c9b66487b6ae584768 Mon Sep 17 00:00:00 2001 +From: Champion Chen +Date: Sat, 6 Sep 2014 14:06:08 -0500 +Subject: Bluetooth: Fix issue with USB suspend in btusb driver + +From: Champion Chen + +commit 85560c4a828ec9c8573840c9b66487b6ae584768 upstream. + +Suspend could fail for some platforms because +btusb_suspend==> btusb_stop_traffic ==> usb_kill_anchored_urbs. + +When btusb_bulk_complete returns before system suspend and resubmits +an URB, the system cannot enter suspend state. + +Signed-off-by: Champion Chen +Signed-off-by: Larry Finger +Signed-off-by: Marcel Holtmann +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/bluetooth/btusb.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/drivers/bluetooth/btusb.c ++++ b/drivers/bluetooth/btusb.c +@@ -309,6 +309,9 @@ static void btusb_intr_complete(struct u + BT_ERR("%s corrupted event packet", hdev->name); + hdev->stat.err_rx++; + } ++ } else if (urb->status == -ENOENT) { ++ /* Avoid suspend failed when usb_kill_urb */ ++ return; + } + + if (!test_bit(BTUSB_INTR_RUNNING, &data->flags)) +@@ -397,6 +400,9 @@ static void btusb_bulk_complete(struct u + BT_ERR("%s corrupted ACL packet", hdev->name); + hdev->stat.err_rx++; + } ++ } else if (urb->status == -ENOENT) { ++ /* Avoid suspend failed when usb_kill_urb */ ++ return; + } + + if (!test_bit(BTUSB_BULK_RUNNING, &data->flags)) +@@ -491,6 +497,9 @@ static void btusb_isoc_complete(struct u + hdev->stat.err_rx++; + } + } ++ } else if (urb->status == -ENOENT) { ++ /* Avoid suspend failed when usb_kill_urb */ ++ return; + } + + if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags)) diff --git a/queue-3.14/fanotify-enable-close-on-exec-on-events-fd-when-requested-in-fanotify_init.patch b/queue-3.14/fanotify-enable-close-on-exec-on-events-fd-when-requested-in-fanotify_init.patch new file mode 100644 index 00000000000..f3627dadd98 --- /dev/null +++ b/queue-3.14/fanotify-enable-close-on-exec-on-events-fd-when-requested-in-fanotify_init.patch @@ -0,0 +1,112 @@ +From 0b37e097a648aa71d4db1ad108001e95b69a2da4 Mon Sep 17 00:00:00 2001 +From: Yann Droneaud +Date: Thu, 9 Oct 2014 15:24:40 -0700 +Subject: fanotify: enable close-on-exec on events' fd when requested in fanotify_init() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Yann Droneaud + +commit 0b37e097a648aa71d4db1ad108001e95b69a2da4 upstream. + +According to commit 80af258867648 ("fanotify: groups can specify their +f_flags for new fd"), file descriptors created as part of file access +notification events inherit flags from the event_f_flags argument passed +to syscall fanotify_init(2)[1]. + +Unfortunately O_CLOEXEC is currently silently ignored. + +Indeed, event_f_flags are only given to dentry_open(), which only seems to +care about O_ACCMODE and O_PATH in do_dentry_open(), O_DIRECT in +open_check_o_direct() and O_LARGEFILE in generic_file_open(). + +It's a pity, since, according to some lookup on various search engines and +http://codesearch.debian.net/, there's already some userspace code which +use O_CLOEXEC: + +- in systemd's readahead[2]: + + fanotify_fd = fanotify_init(FAN_CLOEXEC|FAN_NONBLOCK, O_RDONLY|O_LARGEFILE|O_CLOEXEC|O_NOATIME); + +- in clsync[3]: + + #define FANOTIFY_EVFLAGS (O_LARGEFILE|O_RDONLY|O_CLOEXEC) + + int fanotify_d = fanotify_init(FANOTIFY_FLAGS, FANOTIFY_EVFLAGS); + +- in examples [4] from "Filesystem monitoring in the Linux + kernel" article[5] by Aleksander Morgado: + + if ((fanotify_fd = fanotify_init (FAN_CLOEXEC, + O_RDONLY | O_CLOEXEC | O_LARGEFILE)) < 0) + +Additionally, since commit 48149e9d3a7e ("fanotify: check file flags +passed in fanotify_init"). having O_CLOEXEC as part of fanotify_init() +second argument is expressly allowed. + +So it seems expected to set close-on-exec flag on the file descriptors if +userspace is allowed to request it with O_CLOEXEC. + +But Andrew Morton raised[6] the concern that enabling now close-on-exec +might break existing applications which ask for O_CLOEXEC but expect the +file descriptor to be inherited across exec(). + +In the other hand, as reported by Mihai Dontu[7] close-on-exec on the file +descriptor returned as part of file access notify can break applications +due to deadlock. So close-on-exec is needed for most applications. + +More, applications asking for close-on-exec are likely expecting it to be +enabled, relying on O_CLOEXEC being effective. If not, it might weaken +their security, as noted by Jan Kara[8]. + +So this patch replaces call to macro get_unused_fd() by a call to function +get_unused_fd_flags() with event_f_flags value as argument. This way +O_CLOEXEC flag in the second argument of fanotify_init(2) syscall is +interpreted and close-on-exec get enabled when requested. + +[1] http://man7.org/linux/man-pages/man2/fanotify_init.2.html +[2] http://cgit.freedesktop.org/systemd/systemd/tree/src/readahead/readahead-collect.c?id=v208#n294 +[3] https://github.com/xaionaro/clsync/blob/v0.2.1/sync.c#L1631 + https://github.com/xaionaro/clsync/blob/v0.2.1/configuration.h#L38 +[4] http://www.lanedo.com/~aleksander/fanotify/fanotify-example.c +[5] http://www.lanedo.com/2013/filesystem-monitoring-linux-kernel/ +[6] http://lkml.kernel.org/r/20141001153621.65e9258e65a6167bf2e4cb50@linux-foundation.org +[7] http://lkml.kernel.org/r/20141002095046.3715eb69@mdontu-l +[8] http://lkml.kernel.org/r/20141002104410.GB19748@quack.suse.cz + +Link: http://lkml.kernel.org/r/cover.1411562410.git.ydroneaud@opteya.com +Signed-off-by: Yann Droneaud +Reviewed-by: Jan Kara +Reviewed by: Heinrich Schuchardt +Tested-by: Heinrich Schuchardt +Cc: Mihai Don\u021bu +Cc: Pádraig Brady +Cc: Heinrich Schuchardt +Cc: Jan Kara +Cc: Valdis Kletnieks +Cc: Michael Kerrisk-manpages +Cc: Lino Sanfilippo +Cc: Richard Guy Briggs +Cc: Eric Paris +Cc: Al Viro +Cc: Michael Kerrisk +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/notify/fanotify/fanotify_user.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/notify/fanotify/fanotify_user.c ++++ b/fs/notify/fanotify/fanotify_user.c +@@ -71,7 +71,7 @@ static int create_fd(struct fsnotify_gro + + pr_debug("%s: group=%p event=%p\n", __func__, group, event); + +- client_fd = get_unused_fd(); ++ client_fd = get_unused_fd_flags(group->fanotify_data.f_flags); + if (client_fd < 0) + return client_fd; + diff --git a/queue-3.14/futex-ensure-get_futex_key_refs-always-implies-a-barrier.patch b/queue-3.14/futex-ensure-get_futex_key_refs-always-implies-a-barrier.patch new file mode 100644 index 00000000000..968d5f268a6 --- /dev/null +++ b/queue-3.14/futex-ensure-get_futex_key_refs-always-implies-a-barrier.patch @@ -0,0 +1,55 @@ +From 76835b0ebf8a7fe85beb03c75121419a7dec52f0 Mon Sep 17 00:00:00 2001 +From: Catalin Marinas +Date: Fri, 17 Oct 2014 17:38:49 +0100 +Subject: futex: Ensure get_futex_key_refs() always implies a barrier + +From: Catalin Marinas + +commit 76835b0ebf8a7fe85beb03c75121419a7dec52f0 upstream. + +Commit b0c29f79ecea (futexes: Avoid taking the hb->lock if there's +nothing to wake up) changes the futex code to avoid taking a lock when +there are no waiters. This code has been subsequently fixed in commit +11d4616bd07f (futex: revert back to the explicit waiter counting code). +Both the original commit and the fix-up rely on get_futex_key_refs() to +always imply a barrier. + +However, for private futexes, none of the cases in the switch statement +of get_futex_key_refs() would be hit and the function completes without +a memory barrier as required before checking the "waiters" in +futex_wake() -> hb_waiters_pending(). The consequence is a race with a +thread waiting on a futex on another CPU, allowing the waker thread to +read "waiters == 0" while the waiter thread to have read "futex_val == +locked" (in kernel). + +Without this fix, the problem (user space deadlocks) can be seen with +Android bionic's mutex implementation on an arm64 multi-cluster system. + +Signed-off-by: Catalin Marinas +Reported-by: Matteo Franchin +Fixes: b0c29f79ecea (futexes: Avoid taking the hb->lock if there's nothing to wake up) +Acked-by: Davidlohr Bueso +Tested-by: Mike Galbraith +Cc: Darren Hart +Cc: Thomas Gleixner +Cc: Peter Zijlstra +Cc: Ingo Molnar +Cc: Paul E. McKenney +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/futex.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -329,6 +329,8 @@ static void get_futex_key_refs(union fut + case FUT_OFF_MMSHARED: + futex_get_mm(key); /* implies MB (B) */ + break; ++ default: ++ smp_mb(); /* explicit MB (B) */ + } + } + diff --git a/queue-3.14/ima-fix-fallback-to-use-new_sync_read.patch b/queue-3.14/ima-fix-fallback-to-use-new_sync_read.patch new file mode 100644 index 00000000000..f1a95b6815d --- /dev/null +++ b/queue-3.14/ima-fix-fallback-to-use-new_sync_read.patch @@ -0,0 +1,52 @@ +From 27cd1fc3ae5374a4a86662c67033f15ef27b2461 Mon Sep 17 00:00:00 2001 +From: Dmitry Kasatkin +Date: Mon, 23 Jun 2014 20:32:56 +0300 +Subject: ima: fix fallback to use new_sync_read() + +From: Dmitry Kasatkin + +commit 27cd1fc3ae5374a4a86662c67033f15ef27b2461 upstream. + +3.16 commit aad4f8bb42af06371aa0e85bf0cd9d52c0494985 +'switch simple generic_file_aio_read() users to ->read_iter()' +replaced ->aio_read with ->read_iter in most of the file systems +and introduced new_sync_read() as a replacement for do_sync_read(). + +Most of file systems set '->read' and ima_kernel_read is not affected. +When ->read is not set, this patch adopts fallback call changes from the +vfs_read. + +Signed-off-by: Dmitry Kasatkin +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman + +--- + security/integrity/ima/ima_crypto.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/security/integrity/ima/ima_crypto.c ++++ b/security/integrity/ima/ima_crypto.c +@@ -38,19 +38,19 @@ static int ima_kernel_read(struct file * + { + mm_segment_t old_fs; + char __user *buf = addr; +- ssize_t ret; ++ ssize_t ret = -EINVAL; + + if (!(file->f_mode & FMODE_READ)) + return -EBADF; +- if (!file->f_op->read && !file->f_op->aio_read) +- return -EINVAL; + + old_fs = get_fs(); + set_fs(get_ds()); + if (file->f_op->read) + ret = file->f_op->read(file, buf, count, &offset); +- else ++ else if (file->f_op->aio_read) + ret = do_sync_read(file, buf, count, &offset); ++ else if (file->f_op->read_iter) ++ ret = new_sync_read(file, buf, count, &offset); + set_fs(old_fs); + return ret; + } diff --git a/queue-3.14/ima-provide-flag-to-identify-new-empty-files.patch b/queue-3.14/ima-provide-flag-to-identify-new-empty-files.patch new file mode 100644 index 00000000000..b9ca2889b05 --- /dev/null +++ b/queue-3.14/ima-provide-flag-to-identify-new-empty-files.patch @@ -0,0 +1,79 @@ +From b151d6b00bbb798c58f2f21305e7d43fa763f34f Mon Sep 17 00:00:00 2001 +From: Dmitry Kasatkin +Date: Fri, 27 Jun 2014 18:04:27 +0300 +Subject: ima: provide flag to identify new empty files + +From: Dmitry Kasatkin + +commit b151d6b00bbb798c58f2f21305e7d43fa763f34f upstream. + +On ima_file_free(), newly created empty files are not labeled with +an initial security.ima value, because the iversion did not change. +Commit dff6efc "fs: fix iversion handling" introduced a change in +iversion behavior. To verify this change use the shell command: + + $ (exec >foo) + $ getfattr -h -e hex -d -m security foo + +This patch defines the IMA_NEW_FILE flag. The flag is initially +set, when IMA detects that a new file is created, and subsequently +checked on the ima_file_free() hook to set the initial security.ima +value. + +Signed-off-by: Dmitry Kasatkin +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman + +--- + security/integrity/ima/ima_appraise.c | 7 +++++-- + security/integrity/ima/ima_main.c | 12 +++++++----- + security/integrity/integrity.h | 1 + + 3 files changed, 13 insertions(+), 7 deletions(-) + +--- a/security/integrity/ima/ima_appraise.c ++++ b/security/integrity/ima/ima_appraise.c +@@ -194,8 +194,11 @@ int ima_appraise_measurement(int func, s + goto out; + + cause = "missing-hash"; +- status = +- (inode->i_size == 0) ? INTEGRITY_PASS : INTEGRITY_NOLABEL; ++ status = INTEGRITY_NOLABEL; ++ if (inode->i_size == 0) { ++ iint->flags |= IMA_NEW_FILE; ++ status = INTEGRITY_PASS; ++ } + goto out; + } + +--- a/security/integrity/ima/ima_main.c ++++ b/security/integrity/ima/ima_main.c +@@ -131,11 +131,13 @@ static void ima_check_last_writer(struct + return; + + mutex_lock(&inode->i_mutex); +- if (atomic_read(&inode->i_writecount) == 1 && +- iint->version != inode->i_version) { +- iint->flags &= ~IMA_DONE_MASK; +- if (iint->flags & IMA_APPRAISE) +- ima_update_xattr(iint, file); ++ if (atomic_read(&inode->i_writecount) == 1) { ++ if ((iint->version != inode->i_version) || ++ (iint->flags & IMA_NEW_FILE)) { ++ iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE); ++ if (iint->flags & IMA_APPRAISE) ++ ima_update_xattr(iint, file); ++ } + } + mutex_unlock(&inode->i_mutex); + } +--- a/security/integrity/integrity.h ++++ b/security/integrity/integrity.h +@@ -31,6 +31,7 @@ + #define IMA_DIGSIG 0x01000000 + #define IMA_DIGSIG_REQUIRED 0x02000000 + #define IMA_PERMIT_DIRECTIO 0x04000000 ++#define IMA_NEW_FILE 0x08000000 + + #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \ + IMA_APPRAISE_SUBMASK) diff --git a/queue-3.14/iwlwifi-add-missing-pci-ids-for-the-7260-series.patch b/queue-3.14/iwlwifi-add-missing-pci-ids-for-the-7260-series.patch new file mode 100644 index 00000000000..b212a5bdc08 --- /dev/null +++ b/queue-3.14/iwlwifi-add-missing-pci-ids-for-the-7260-series.patch @@ -0,0 +1,39 @@ +From 4f08970f5284dce486f0e2290834aefb2a262189 Mon Sep 17 00:00:00 2001 +From: Oren Givon +Date: Wed, 17 Sep 2014 10:31:56 +0300 +Subject: iwlwifi: Add missing PCI IDs for the 7260 series + +From: Oren Givon + +commit 4f08970f5284dce486f0e2290834aefb2a262189 upstream. + +Add 4 missing PCI IDs for the 7260 series. + +Signed-off-by: Oren Givon +Signed-off-by: Emmanuel Grumbach +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/iwlwifi/pcie/drv.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/net/wireless/iwlwifi/pcie/drv.c ++++ b/drivers/net/wireless/iwlwifi/pcie/drv.c +@@ -272,6 +272,8 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_ca + {IWL_PCI_DEVICE(0x08B1, 0x4070, iwl7260_2ac_cfg)}, + {IWL_PCI_DEVICE(0x08B1, 0x4072, iwl7260_2ac_cfg)}, + {IWL_PCI_DEVICE(0x08B1, 0x4170, iwl7260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x08B1, 0x4C60, iwl7260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x08B1, 0x4C70, iwl7260_2ac_cfg)}, + {IWL_PCI_DEVICE(0x08B1, 0x4060, iwl7260_2n_cfg)}, + {IWL_PCI_DEVICE(0x08B1, 0x406A, iwl7260_2n_cfg)}, + {IWL_PCI_DEVICE(0x08B1, 0x4160, iwl7260_2n_cfg)}, +@@ -315,6 +317,8 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_ca + {IWL_PCI_DEVICE(0x08B1, 0xC770, iwl7260_2ac_cfg)}, + {IWL_PCI_DEVICE(0x08B1, 0xC760, iwl7260_2n_cfg)}, + {IWL_PCI_DEVICE(0x08B2, 0xC270, iwl7260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x08B1, 0xCC70, iwl7260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x08B1, 0xCC60, iwl7260_2ac_cfg)}, + {IWL_PCI_DEVICE(0x08B2, 0xC272, iwl7260_2ac_cfg)}, + {IWL_PCI_DEVICE(0x08B2, 0xC260, iwl7260_2n_cfg)}, + {IWL_PCI_DEVICE(0x08B2, 0xC26A, iwl7260_n_cfg)}, diff --git a/queue-3.14/kernel-add-support-for-gcc-5.patch b/queue-3.14/kernel-add-support-for-gcc-5.patch new file mode 100644 index 00000000000..8e39ebce1fc --- /dev/null +++ b/queue-3.14/kernel-add-support-for-gcc-5.patch @@ -0,0 +1,95 @@ +From 71458cfc782eafe4b27656e078d379a34e472adf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 13 Oct 2014 15:51:05 -0700 +Subject: kernel: add support for gcc 5 + +From: Sasha Levin + +commit 71458cfc782eafe4b27656e078d379a34e472adf upstream. + +We're missing include/linux/compiler-gcc5.h which is required now +because gcc branched off to v5 in trunk. + +Just copy the relevant bits out of include/linux/compiler-gcc4.h, +no new code is added as of now. + +This fixes a build error when using gcc 5. + +Signed-off-by: Sasha Levin +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/compiler-gcc5.h | 66 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 66 insertions(+) + +--- /dev/null ++++ b/include/linux/compiler-gcc5.h +@@ -0,0 +1,66 @@ ++#ifndef __LINUX_COMPILER_H ++#error "Please don't include directly, include instead." ++#endif ++ ++#define __used __attribute__((__used__)) ++#define __must_check __attribute__((warn_unused_result)) ++#define __compiler_offsetof(a, b) __builtin_offsetof(a, b) ++ ++/* Mark functions as cold. gcc will assume any path leading to a call ++ to them will be unlikely. This means a lot of manual unlikely()s ++ are unnecessary now for any paths leading to the usual suspects ++ like BUG(), printk(), panic() etc. [but let's keep them for now for ++ older compilers] ++ ++ Early snapshots of gcc 4.3 don't support this and we can't detect this ++ in the preprocessor, but we can live with this because they're unreleased. ++ Maketime probing would be overkill here. ++ ++ gcc also has a __attribute__((__hot__)) to move hot functions into ++ a special section, but I don't see any sense in this right now in ++ the kernel context */ ++#define __cold __attribute__((__cold__)) ++ ++#define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__) ++ ++#ifndef __CHECKER__ ++# define __compiletime_warning(message) __attribute__((warning(message))) ++# define __compiletime_error(message) __attribute__((error(message))) ++#endif /* __CHECKER__ */ ++ ++/* ++ * Mark a position in code as unreachable. This can be used to ++ * suppress control flow warnings after asm blocks that transfer ++ * control elsewhere. ++ * ++ * Early snapshots of gcc 4.5 don't support this and we can't detect ++ * this in the preprocessor, but we can live with this because they're ++ * unreleased. Really, we need to have autoconf for the kernel. ++ */ ++#define unreachable() __builtin_unreachable() ++ ++/* Mark a function definition as prohibited from being cloned. */ ++#define __noclone __attribute__((__noclone__)) ++ ++/* ++ * Tell the optimizer that something else uses this function or variable. ++ */ ++#define __visible __attribute__((externally_visible)) ++ ++/* ++ * GCC 'asm goto' miscompiles certain code sequences: ++ * ++ * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670 ++ * ++ * Work it around via a compiler barrier quirk suggested by Jakub Jelinek. ++ * Fixed in GCC 4.8.2 and later versions. ++ * ++ * (asm goto is automatically volatile - the naming reflects this.) ++ */ ++#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0) ++ ++#ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP ++#define __HAVE_BUILTIN_BSWAP32__ ++#define __HAVE_BUILTIN_BSWAP64__ ++#define __HAVE_BUILTIN_BSWAP16__ ++#endif /* CONFIG_ARCH_USE_BUILTIN_BSWAP */ diff --git a/queue-3.14/mm-clear-__gfp_fs-when-pf_memalloc_noio-is-set.patch b/queue-3.14/mm-clear-__gfp_fs-when-pf_memalloc_noio-is-set.patch new file mode 100644 index 00000000000..ac31c90db9f --- /dev/null +++ b/queue-3.14/mm-clear-__gfp_fs-when-pf_memalloc_noio-is-set.patch @@ -0,0 +1,65 @@ +From 934f3072c17cc8886f4c043b47eeeb1b12f8de33 Mon Sep 17 00:00:00 2001 +From: Junxiao Bi +Date: Thu, 9 Oct 2014 15:28:23 -0700 +Subject: mm: clear __GFP_FS when PF_MEMALLOC_NOIO is set + +From: Junxiao Bi + +commit 934f3072c17cc8886f4c043b47eeeb1b12f8de33 upstream. + +commit 21caf2fc1931 ("mm: teach mm by current context info to not do I/O +during memory allocation") introduces PF_MEMALLOC_NOIO flag to avoid doing +I/O inside memory allocation, __GFP_IO is cleared when this flag is set, +but __GFP_FS implies __GFP_IO, it should also be cleared. Or it may still +run into I/O, like in superblock shrinker. And this will make the kernel +run into the deadlock case described in that commit. + +See Dave Chinner's comment about io in superblock shrinker: + +Filesystem shrinkers do indeed perform IO from the superblock shrinker and +have for years. Even clean inodes can require IO before they can be freed +- e.g. on an orphan list, need truncation of post-eof blocks, need to +wait for ordered operations to complete before it can be freed, etc. + +IOWs, Ext4, btrfs and XFS all can issue and/or block on arbitrary amounts +of IO in the superblock shrinker context. XFS, in particular, has been +doing transactions and IO from the VFS inode cache shrinker since it was +first introduced.... + +Fix this by clearing __GFP_FS in memalloc_noio_flags(), this function has +masked all the gfp_mask that will be passed into fs for the processes +setting PF_MEMALLOC_NOIO in the direct reclaim path. + +v1 thread at: https://lkml.org/lkml/2014/9/3/32 + +Signed-off-by: Junxiao Bi +Cc: Dave Chinner +Cc: joyce.xue +Cc: Ming Lei +Cc: Trond Myklebust +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/sched.h | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/include/linux/sched.h ++++ b/include/linux/sched.h +@@ -1876,11 +1876,13 @@ extern void thread_group_cputime_adjuste + #define tsk_used_math(p) ((p)->flags & PF_USED_MATH) + #define used_math() tsk_used_math(current) + +-/* __GFP_IO isn't allowed if PF_MEMALLOC_NOIO is set in current->flags */ ++/* __GFP_IO isn't allowed if PF_MEMALLOC_NOIO is set in current->flags ++ * __GFP_FS is also cleared as it implies __GFP_IO. ++ */ + static inline gfp_t memalloc_noio_flags(gfp_t flags) + { + if (unlikely(current->flags & PF_MEMALLOC_NOIO)) +- flags &= ~__GFP_IO; ++ flags &= ~(__GFP_IO | __GFP_FS); + return flags; + } + diff --git a/queue-3.14/pci-generate-uppercase-hex-for-modalias-interface-class.patch b/queue-3.14/pci-generate-uppercase-hex-for-modalias-interface-class.patch new file mode 100644 index 00000000000..e4be5d07f4c --- /dev/null +++ b/queue-3.14/pci-generate-uppercase-hex-for-modalias-interface-class.patch @@ -0,0 +1,42 @@ +From 89ec3dcf17fd3fa009ecf8faaba36828dd6bc416 Mon Sep 17 00:00:00 2001 +From: Ricardo Ribalda Delgado +Date: Wed, 27 Aug 2014 14:57:57 +0200 +Subject: PCI: Generate uppercase hex for modalias interface class + +From: Ricardo Ribalda Delgado + +commit 89ec3dcf17fd3fa009ecf8faaba36828dd6bc416 upstream. + +Some implementations of modprobe fail to load the driver for a PCI device +automatically because the "interface" part of the modalias from the kernel +is lowercase, and the modalias from file2alias is uppercase. + +The "interface" is the low-order byte of the Class Code, defined in PCI +r3.0, Appendix D. Most interface types defined in the spec do not use +alpha characters, so they won't be affected. For example, 00h, 01h, 10h, +20h, etc. are unaffected. + +Print the "interface" byte of the Class Code in uppercase hex, as we +already do for the Vendor ID, Device ID, Class, etc. + +[bhelgaas: changelog] +Signed-off-by: Ricardo Ribalda Delgado +Signed-off-by: Bjorn Helgaas +Acked-by: Greg Kroah-Hartman +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/pci-sysfs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/pci/pci-sysfs.c ++++ b/drivers/pci/pci-sysfs.c +@@ -178,7 +178,7 @@ static ssize_t modalias_show(struct devi + { + struct pci_dev *pci_dev = to_pci_dev(dev); + +- return sprintf(buf, "pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02x\n", ++ return sprintf(buf, "pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02X\n", + pci_dev->vendor, pci_dev->device, + pci_dev->subsystem_vendor, pci_dev->subsystem_device, + (u8)(pci_dev->class >> 16), (u8)(pci_dev->class >> 8), diff --git a/queue-3.14/pci-increase-ibm-ipr-sas-crocodile-bars-to-at-least-system-page-size.patch b/queue-3.14/pci-increase-ibm-ipr-sas-crocodile-bars-to-at-least-system-page-size.patch new file mode 100644 index 00000000000..b1cf3173c33 --- /dev/null +++ b/queue-3.14/pci-increase-ibm-ipr-sas-crocodile-bars-to-at-least-system-page-size.patch @@ -0,0 +1,65 @@ +From 9fe373f9997b48fcd6222b95baf4a20c134b587a Mon Sep 17 00:00:00 2001 +From: Douglas Lehr +Date: Thu, 21 Aug 2014 09:26:52 +1000 +Subject: PCI: Increase IBM ipr SAS Crocodile BARs to at least system page size + +From: Douglas Lehr + +commit 9fe373f9997b48fcd6222b95baf4a20c134b587a upstream. + +The Crocodile chip occasionally comes up with 4k and 8k BAR sizes. Due to +an erratum, setting the SR-IOV page size causes the physical function BARs +to expand to the system page size. Since ppc64 uses 64k pages, when Linux +tries to assign the smaller resource sizes to the now 64k BARs the address +will be truncated and the BARs will overlap. + +Force Linux to allocate the resource as a full page, which avoids the +overlap. + +[bhelgaas: print expanded resource, too] +Signed-off-by: Douglas Lehr +Signed-off-by: Anton Blanchard +Signed-off-by: Bjorn Helgaas +Acked-by: Milton Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/quirks.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +--- a/drivers/pci/quirks.c ++++ b/drivers/pci/quirks.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + #include /* isa_dma_bridge_buggy */ + #include "pci.h" + +@@ -287,6 +288,25 @@ static void quirk_citrine(struct pci_dev + } + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_IBM, PCI_DEVICE_ID_IBM_CITRINE, quirk_citrine); + ++/* On IBM Crocodile ipr SAS adapters, expand BAR to system page size */ ++static void quirk_extend_bar_to_page(struct pci_dev *dev) ++{ ++ int i; ++ ++ for (i = 0; i < PCI_STD_RESOURCE_END; i++) { ++ struct resource *r = &dev->resource[i]; ++ ++ if (r->flags & IORESOURCE_MEM && resource_size(r) < PAGE_SIZE) { ++ r->end = PAGE_SIZE - 1; ++ r->start = 0; ++ r->flags |= IORESOURCE_UNSET; ++ dev_info(&dev->dev, "expanded BAR %d to page size: %pR\n", ++ i, r); ++ } ++ } ++} ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_IBM, 0x034a, quirk_extend_bar_to_page); ++ + /* + * S3 868 and 968 chips report region size equal to 32M, but they decode 64M. + * If it's needed, re-allocate the region. diff --git a/queue-3.14/pci-mvebu-fix-uninitialized-variable-in-mvebu_get_tgt_attr.patch b/queue-3.14/pci-mvebu-fix-uninitialized-variable-in-mvebu_get_tgt_attr.patch new file mode 100644 index 00000000000..2e15251c95f --- /dev/null +++ b/queue-3.14/pci-mvebu-fix-uninitialized-variable-in-mvebu_get_tgt_attr.patch @@ -0,0 +1,60 @@ +From 56fab6e189441d714a2bfc8a64f3df9c0749dff7 Mon Sep 17 00:00:00 2001 +From: Thomas Petazzoni +Date: Wed, 17 Sep 2014 17:58:27 +0200 +Subject: PCI: mvebu: Fix uninitialized variable in mvebu_get_tgt_attr() + +From: Thomas Petazzoni + +commit 56fab6e189441d714a2bfc8a64f3df9c0749dff7 upstream. + +Geert Uytterhoeven reported a warning when building pci-mvebu: + + drivers/pci/host/pci-mvebu.c: In function 'mvebu_get_tgt_attr': + drivers/pci/host/pci-mvebu.c:887:39: warning: 'rtype' may be used uninitialized in this function [-Wmaybe-uninitialized] + if (slot == PCI_SLOT(devfn) && type == rtype) { + ^ + +And indeed, the code of mvebu_get_tgt_attr() may lead to the usage of rtype +when being uninitialized, even though it would only happen if we had +entries other than I/O space and 32 bits memory space. + +This commit fixes that by simply skipping the current DT range being +considered, if it doesn't match the resource type we're looking for. + +Reported-by: Geert Uytterhoeven +Signed-off-by: Thomas Petazzoni +Signed-off-by: Bjorn Helgaas +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/host/pci-mvebu.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/pci/host/pci-mvebu.c ++++ b/drivers/pci/host/pci-mvebu.c +@@ -855,7 +855,7 @@ static int mvebu_get_tgt_attr(struct dev + rangesz = pna + na + ns; + nranges = rlen / sizeof(__be32) / rangesz; + +- for (i = 0; i < nranges; i++) { ++ for (i = 0; i < nranges; i++, range += rangesz) { + u32 flags = of_read_number(range, 1); + u32 slot = of_read_number(range + 1, 1); + u64 cpuaddr = of_read_number(range + na, pna); +@@ -865,14 +865,14 @@ static int mvebu_get_tgt_attr(struct dev + rtype = IORESOURCE_IO; + else if (DT_FLAGS_TO_TYPE(flags) == DT_TYPE_MEM32) + rtype = IORESOURCE_MEM; ++ else ++ continue; + + if (slot == PCI_SLOT(devfn) && type == rtype) { + *tgt = DT_CPUADDR_TO_TARGET(cpuaddr); + *attr = DT_CPUADDR_TO_ATTR(cpuaddr); + return 0; + } +- +- range += rangesz; + } + + return -ENOENT; diff --git a/queue-3.14/pci-pciehp-prevent-null-dereference-during-probe.patch b/queue-3.14/pci-pciehp-prevent-null-dereference-during-probe.patch new file mode 100644 index 00000000000..d50cbdef8d3 --- /dev/null +++ b/queue-3.14/pci-pciehp-prevent-null-dereference-during-probe.patch @@ -0,0 +1,40 @@ +From bceee4a97eb58bd0e80e39eff11b506ddd9e7ad3 Mon Sep 17 00:00:00 2001 +From: Andreas Noever +Date: Tue, 16 Sep 2014 15:16:02 -0600 +Subject: PCI: pciehp: Prevent NULL dereference during probe + +From: Andreas Noever + +commit bceee4a97eb58bd0e80e39eff11b506ddd9e7ad3 upstream. + +pciehp assumes that dev->subordinate, the struct pci_bus for a bridge's +secondary bus, exists. But we do not create that bus if we run out of bus +numbers during enumeration. This leads to a NULL dereference in +init_slot() (and other places). + +Change pciehp_probe() to return -ENODEV when no secondary bus is present. + +Signed-off-by: Andreas Noever +Signed-off-by: Bjorn Helgaas +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/hotplug/pciehp_core.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/pci/hotplug/pciehp_core.c ++++ b/drivers/pci/hotplug/pciehp_core.c +@@ -254,6 +254,13 @@ static int pciehp_probe(struct pcie_devi + else if (pciehp_acpi_slot_detection_check(dev->port)) + goto err_out_none; + ++ if (!dev->port->subordinate) { ++ /* Can happen if we run out of bus numbers during probe */ ++ dev_err(&dev->device, ++ "Hotplug bridge without secondary bus, ignoring\n"); ++ goto err_out_none; ++ } ++ + ctrl = pcie_init(dev); + if (!ctrl) { + dev_err(&dev->device, "Controller initialization failed\n"); diff --git a/queue-3.14/powerpc-iommu-ddw-fix-endianness.patch b/queue-3.14/powerpc-iommu-ddw-fix-endianness.patch new file mode 100644 index 00000000000..548f3d19ade --- /dev/null +++ b/queue-3.14/powerpc-iommu-ddw-fix-endianness.patch @@ -0,0 +1,163 @@ +From 9410e0185e65394c0c6d046033904b53b97a9423 Mon Sep 17 00:00:00 2001 +From: Alexey Kardashevskiy +Date: Thu, 25 Sep 2014 16:39:18 +1000 +Subject: powerpc/iommu/ddw: Fix endianness + +From: Alexey Kardashevskiy + +commit 9410e0185e65394c0c6d046033904b53b97a9423 upstream. + +rtas_call() accepts and returns values in CPU endianness. +The ddw_query_response and ddw_create_response structs members are +defined and treated as BE but as they are passed to rtas_call() as +(u32 *) and they get byteswapped automatically, the data is CPU-endian. +This fixes ddw_query_response and ddw_create_response definitions and use. + +of_read_number() is designed to work with device tree cells - it assumes +the input is big-endian and returns data in CPU-endian. However due +to the ddw_create_response struct fix, create.addr_hi/lo are already +CPU-endian so do not byteswap them. + +ddw_avail is a pointer to the "ibm,ddw-applicable" property which contains +3 cells which are big-endian as it is a device tree. rtas_call() accepts +a RTAS token in CPU-endian. This makes use of of_property_read_u32_array +to byte swap and avoid the need for a number of be32_to_cpu calls. + +Cc: Benjamin Herrenschmidt +[aik: folded Anton's patch with of_property_read_u32_array] +Signed-off-by: Alexey Kardashevskiy +Acked-by: Anton Blanchard +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/platforms/pseries/iommu.c | 51 ++++++++++++++++++--------------- + 1 file changed, 28 insertions(+), 23 deletions(-) + +--- a/arch/powerpc/platforms/pseries/iommu.c ++++ b/arch/powerpc/platforms/pseries/iommu.c +@@ -329,16 +329,16 @@ struct direct_window { + + /* Dynamic DMA Window support */ + struct ddw_query_response { +- __be32 windows_available; +- __be32 largest_available_block; +- __be32 page_size; +- __be32 migration_capable; ++ u32 windows_available; ++ u32 largest_available_block; ++ u32 page_size; ++ u32 migration_capable; + }; + + struct ddw_create_response { +- __be32 liobn; +- __be32 addr_hi; +- __be32 addr_lo; ++ u32 liobn; ++ u32 addr_hi; ++ u32 addr_lo; + }; + + static LIST_HEAD(direct_window_list); +@@ -725,16 +725,18 @@ static void remove_ddw(struct device_nod + { + struct dynamic_dma_window_prop *dwp; + struct property *win64; +- const u32 *ddw_avail; ++ u32 ddw_avail[3]; + u64 liobn; +- int len, ret = 0; ++ int ret = 0; ++ ++ ret = of_property_read_u32_array(np, "ibm,ddw-applicable", ++ &ddw_avail[0], 3); + +- ddw_avail = of_get_property(np, "ibm,ddw-applicable", &len); + win64 = of_find_property(np, DIRECT64_PROPNAME, NULL); + if (!win64) + return; + +- if (!ddw_avail || len < 3 * sizeof(u32) || win64->length < sizeof(*dwp)) ++ if (ret || win64->length < sizeof(*dwp)) + goto delprop; + + dwp = win64->value; +@@ -872,8 +874,9 @@ static int create_ddw(struct pci_dev *de + + do { + /* extra outputs are LIOBN and dma-addr (hi, lo) */ +- ret = rtas_call(ddw_avail[1], 5, 4, (u32 *)create, cfg_addr, +- BUID_HI(buid), BUID_LO(buid), page_shift, window_shift); ++ ret = rtas_call(ddw_avail[1], 5, 4, (u32 *)create, ++ cfg_addr, BUID_HI(buid), BUID_LO(buid), ++ page_shift, window_shift); + } while (rtas_busy_delay(ret)); + dev_info(&dev->dev, + "ibm,create-pe-dma-window(%x) %x %x %x %x %x returned %d " +@@ -910,7 +913,7 @@ static u64 enable_ddw(struct pci_dev *de + int page_shift; + u64 dma_addr, max_addr; + struct device_node *dn; +- const u32 *uninitialized_var(ddw_avail); ++ u32 ddw_avail[3]; + struct direct_window *window; + struct property *win64; + struct dynamic_dma_window_prop *ddwprop; +@@ -942,8 +945,9 @@ static u64 enable_ddw(struct pci_dev *de + * for the given node in that order. + * the property is actually in the parent, not the PE + */ +- ddw_avail = of_get_property(pdn, "ibm,ddw-applicable", &len); +- if (!ddw_avail || len < 3 * sizeof(u32)) ++ ret = of_property_read_u32_array(pdn, "ibm,ddw-applicable", ++ &ddw_avail[0], 3); ++ if (ret) + goto out_failed; + + /* +@@ -966,11 +970,11 @@ static u64 enable_ddw(struct pci_dev *de + dev_dbg(&dev->dev, "no free dynamic windows"); + goto out_failed; + } +- if (be32_to_cpu(query.page_size) & 4) { ++ if (query.page_size & 4) { + page_shift = 24; /* 16MB */ +- } else if (be32_to_cpu(query.page_size) & 2) { ++ } else if (query.page_size & 2) { + page_shift = 16; /* 64kB */ +- } else if (be32_to_cpu(query.page_size) & 1) { ++ } else if (query.page_size & 1) { + page_shift = 12; /* 4kB */ + } else { + dev_dbg(&dev->dev, "no supported direct page size in mask %x", +@@ -980,7 +984,7 @@ static u64 enable_ddw(struct pci_dev *de + /* verify the window * number of ptes will map the partition */ + /* check largest block * page size > max memory hotplug addr */ + max_addr = memory_hotplug_max(); +- if (be32_to_cpu(query.largest_available_block) < (max_addr >> page_shift)) { ++ if (query.largest_available_block < (max_addr >> page_shift)) { + dev_dbg(&dev->dev, "can't map partiton max 0x%llx with %u " + "%llu-sized pages\n", max_addr, query.largest_available_block, + 1ULL << page_shift); +@@ -1006,8 +1010,9 @@ static u64 enable_ddw(struct pci_dev *de + if (ret != 0) + goto out_free_prop; + +- ddwprop->liobn = create.liobn; +- ddwprop->dma_base = cpu_to_be64(of_read_number(&create.addr_hi, 2)); ++ ddwprop->liobn = cpu_to_be32(create.liobn); ++ ddwprop->dma_base = cpu_to_be64(((u64)create.addr_hi << 32) | ++ create.addr_lo); + ddwprop->tce_shift = cpu_to_be32(page_shift); + ddwprop->window_shift = cpu_to_be32(len); + +@@ -1039,7 +1044,7 @@ static u64 enable_ddw(struct pci_dev *de + list_add(&window->list, &direct_window_list); + spin_unlock(&direct_window_list_lock); + +- dma_addr = of_read_number(&create.addr_hi, 2); ++ dma_addr = be64_to_cpu(ddwprop->dma_base); + goto out_unlock; + + out_free_window: diff --git a/queue-3.14/rt2800-correct-bbp1_tx_power_ctrl-mask.patch b/queue-3.14/rt2800-correct-bbp1_tx_power_ctrl-mask.patch new file mode 100644 index 00000000000..496841c1eca --- /dev/null +++ b/queue-3.14/rt2800-correct-bbp1_tx_power_ctrl-mask.patch @@ -0,0 +1,32 @@ +From 01f7feeaf4528bec83798316b3c811701bac5d3e Mon Sep 17 00:00:00 2001 +From: Stanislaw Gruszka +Date: Wed, 24 Sep 2014 11:24:54 +0200 +Subject: rt2800: correct BBP1_TX_POWER_CTRL mask + +From: Stanislaw Gruszka + +commit 01f7feeaf4528bec83798316b3c811701bac5d3e upstream. + +Two bits control TX power on BBP_R1 register. Correct the mask, +otherwise we clear additional bit on BBP_R1 register, what can have +unknown, possible negative effect. + +Signed-off-by: Stanislaw Gruszka +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/rt2x00/rt2800.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/wireless/rt2x00/rt2800.h ++++ b/drivers/net/wireless/rt2x00/rt2800.h +@@ -2039,7 +2039,7 @@ struct mac_iveiv_entry { + * 2 - drop tx power by 12dBm, + * 3 - increase tx power by 6dBm + */ +-#define BBP1_TX_POWER_CTRL FIELD8(0x07) ++#define BBP1_TX_POWER_CTRL FIELD8(0x03) + #define BBP1_TX_ANTENNA FIELD8(0x18) + + /* diff --git a/queue-3.14/series b/queue-3.14/series index b686923b789..cd11db5252b 100644 --- a/queue-3.14/series +++ b/queue-3.14/series @@ -42,3 +42,19 @@ tty-omap-serial-fix-division-by-zero.patch nfsv4-fix-lock-recovery-when-create_session-setclientid_confirm-fails.patch nfsv4-fix-open-lock-state-recovery-error-handling.patch nfsv4.1-fix-an-nfsv4.1-state-renewal-regression.patch +iwlwifi-add-missing-pci-ids-for-the-7260-series.patch +pci-pciehp-prevent-null-dereference-during-probe.patch +pci-mvebu-fix-uninitialized-variable-in-mvebu_get_tgt_attr.patch +pci-increase-ibm-ipr-sas-crocodile-bars-to-at-least-system-page-size.patch +pci-generate-uppercase-hex-for-modalias-interface-class.patch +rt2800-correct-bbp1_tx_power_ctrl-mask.patch +bluetooth-fix-hci-h5-corrupted-ack-value.patch +bluetooth-fix-incorrect-le-coc-pdu-length-restriction-based-on-hci-mtu.patch +bluetooth-fix-issue-with-usb-suspend-in-btusb-driver.patch +mm-clear-__gfp_fs-when-pf_memalloc_noio-is-set.patch +fanotify-enable-close-on-exec-on-events-fd-when-requested-in-fanotify_init.patch +kernel-add-support-for-gcc-5.patch +futex-ensure-get_futex_key_refs-always-implies-a-barrier.patch +powerpc-iommu-ddw-fix-endianness.patch +ima-fix-fallback-to-use-new_sync_read.patch +ima-provide-flag-to-identify-new-empty-files.patch