--- /dev/null
+From 8fad87bca7ac9737e413ba5f1656f1114a8c314d Mon Sep 17 00:00:00 2001
+From: Liu Hua <sdu.liu@huawei.com>
+Date: Thu, 27 Mar 2014 06:56:18 +0100
+Subject: ARM: 8012/1: kdump: Avoid overflow when converting pfn to physaddr
+
+From: Liu Hua <sdu.liu@huawei.com>
+
+commit 8fad87bca7ac9737e413ba5f1656f1114a8c314d upstream.
+
+When we configure CONFIG_ARM_LPAE=y, pfn << PAGE_SHIFT will
+overflow if pfn >= 0x100000 in copy_oldmem_page.
+So use __pfn_to_phys for converting.
+
+Signed-off-by: Liu Hua <sdu.liu@huawei.com>
+Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/kernel/crash_dump.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm/kernel/crash_dump.c
++++ b/arch/arm/kernel/crash_dump.c
+@@ -39,7 +39,7 @@ ssize_t copy_oldmem_page(unsigned long p
+ if (!csize)
+ return 0;
+
+- vaddr = ioremap(pfn << PAGE_SHIFT, PAGE_SIZE);
++ vaddr = ioremap(__pfn_to_phys(pfn), PAGE_SIZE);
+ if (!vaddr)
+ return -ENOMEM;
+
--- /dev/null
+From 6d66da89bf4422c0a0693627fb3e25f74af50f92 Mon Sep 17 00:00:00 2001
+From: Sascha Hauer <s.hauer@pengutronix.de>
+Date: Tue, 6 May 2014 13:01:34 +0200
+Subject: ARM: dts: i.MX53: Fix ipu register space size
+
+From: Sascha Hauer <s.hauer@pengutronix.de>
+
+commit 6d66da89bf4422c0a0693627fb3e25f74af50f92 upstream.
+
+The IPU register space is 128MB, not 2GB.
+
+Fixes: abed9a6bf2bb 'ARM i.MX53: Add IPU support'
+Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
+Acked-by: Shawn Guo <shawn.guo@freescale.com>
+Signed-off-by: Olof Johansson <olof@lixom.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/boot/dts/imx53.dtsi | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm/boot/dts/imx53.dtsi
++++ b/arch/arm/boot/dts/imx53.dtsi
+@@ -71,7 +71,7 @@
+ ipu: ipu@18000000 {
+ #crtc-cells = <1>;
+ compatible = "fsl,imx53-ipu";
+- reg = <0x18000000 0x080000000>;
++ reg = <0x18000000 0x08000000>;
+ interrupts = <11 10>;
+ clocks = <&clks 59>, <&clks 110>, <&clks 61>;
+ clock-names = "bus", "di0", "di1";
--- /dev/null
+From 1fb4e09a7e780b915dbd172592ae7e2a4c071065 Mon Sep 17 00:00:00 2001
+From: Mohammed Habibulla <moch@chromium.org>
+Date: Thu, 17 Apr 2014 11:37:13 -0700
+Subject: Bluetooth: Add support for Lite-on [04ca:3007]
+
+From: Mohammed Habibulla <moch@chromium.org>
+
+commit 1fb4e09a7e780b915dbd172592ae7e2a4c071065 upstream.
+
+Add support for the AR9462 chip
+
+T: Bus=01 Lev=01 Prnt=01 Port=03 Cnt=03 Dev#= 3 Spd=12 MxCh= 0
+D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
+P: Vendor=04ca ProdID=3007 Rev= 0.01
+C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
+I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
+E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms
+E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms
+E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms
+I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
+E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms
+E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms
+I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
+E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms
+E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms
+I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
+E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms
+E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms
+I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
+E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms
+E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms
+I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
+E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms
+E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms
+I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
+E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms
+E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms
+
+Signed-off-by: Mohammed Habibulla <moch@chromium.org>
+Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/bluetooth/ath3k.c | 2 ++
+ drivers/bluetooth/btusb.c | 1 +
+ 2 files changed, 3 insertions(+)
+
+--- a/drivers/bluetooth/ath3k.c
++++ b/drivers/bluetooth/ath3k.c
+@@ -82,6 +82,7 @@ static struct usb_device_id ath3k_table[
+ { USB_DEVICE(0x04CA, 0x3004) },
+ { USB_DEVICE(0x04CA, 0x3005) },
+ { USB_DEVICE(0x04CA, 0x3006) },
++ { USB_DEVICE(0x04CA, 0x3007) },
+ { USB_DEVICE(0x04CA, 0x3008) },
+ { USB_DEVICE(0x13d3, 0x3362) },
+ { USB_DEVICE(0x0CF3, 0xE004) },
+@@ -124,6 +125,7 @@ static struct usb_device_id ath3k_blist_
+ { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
+ { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
+ { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
++ { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
+ { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
+ { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
+ { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
+--- a/drivers/bluetooth/btusb.c
++++ b/drivers/bluetooth/btusb.c
+@@ -146,6 +146,7 @@ static struct usb_device_id blacklist_ta
+ { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
+ { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
+ { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 },
++ { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 },
+ { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 },
+ { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
+ { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
--- /dev/null
+From 09da1f3463eb81d59685df723b1c5950b7570340 Mon Sep 17 00:00:00 2001
+From: Johan Hedberg <johan.hedberg@intel.com>
+Date: Fri, 11 Apr 2014 12:02:32 -0700
+Subject: Bluetooth: Fix redundant encryption request for reauthentication
+
+From: Johan Hedberg <johan.hedberg@intel.com>
+
+commit 09da1f3463eb81d59685df723b1c5950b7570340 upstream.
+
+When we're performing reauthentication (in order to elevate the
+security level from an unauthenticated key to an authenticated one) we
+do not need to issue any encryption command once authentication
+completes. Since the trigger for the encryption HCI command is the
+ENCRYPT_PEND flag this flag should not be set in this scenario.
+Instead, the REAUTH_PEND flag takes care of all necessary steps for
+reauthentication.
+
+Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bluetooth/hci_conn.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- a/net/bluetooth/hci_conn.c
++++ b/net/bluetooth/hci_conn.c
+@@ -652,14 +652,17 @@ static int hci_conn_auth(struct hci_conn
+ if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
+ struct hci_cp_auth_requested cp;
+
+- /* encrypt must be pending if auth is also pending */
+- set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
+-
+ cp.handle = cpu_to_le16(conn->handle);
+ hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
+ sizeof(cp), &cp);
++
++ /* If we're already encrypted set the REAUTH_PEND flag,
++ * otherwise set the ENCRYPT_PEND.
++ */
+ if (conn->key_type != 0xff)
+ set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
++ else
++ set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
+ }
+
+ return 0;
--- /dev/null
+From 9eb1fbfa0a737fd4d3a6d12d71c5ea9af622b887 Mon Sep 17 00:00:00 2001
+From: Johan Hedberg <johan.hedberg@intel.com>
+Date: Fri, 11 Apr 2014 12:02:31 -0700
+Subject: Bluetooth: Fix triggering BR/EDR L2CAP Connect too early
+
+From: Johan Hedberg <johan.hedberg@intel.com>
+
+commit 9eb1fbfa0a737fd4d3a6d12d71c5ea9af622b887 upstream.
+
+Commit 1c2e004183178 introduced an event handler for the encryption key
+refresh complete event with the intent of fixing some LE/SMP cases.
+However, this event is shared with BR/EDR and there we actually want to
+act only on the auth_complete event (which comes after the key refresh).
+
+If we do not do this we may trigger an L2CAP Connect Request too early
+and cause the remote side to return a security block error.
+
+Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bluetooth/hci_event.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/net/bluetooth/hci_event.c
++++ b/net/bluetooth/hci_event.c
+@@ -3051,6 +3051,12 @@ static void hci_key_refresh_complete_evt
+ if (!conn)
+ goto unlock;
+
++ /* For BR/EDR the necessary steps are taken through the
++ * auth_complete event.
++ */
++ if (conn->type != LE_LINK)
++ goto unlock;
++
+ if (!ev->status)
+ conn->sec_level = conn->pending_sec_level;
+
--- /dev/null
+From 7c0f812a5d65e712618af880dda4a5cc7ed79463 Mon Sep 17 00:00:00 2001
+From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
+Date: Mon, 11 Mar 2013 12:02:13 -0300
+Subject: [media] omap3isp: Defer probe when the IOMMU is not available
+
+From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
+
+commit 7c0f812a5d65e712618af880dda4a5cc7ed79463 upstream.
+
+When the OMAP3 ISP driver is compiled in the kernel the device can be
+probed before the corresponding IOMMU is available. Defer the probe in
+that case, and fix a crash in the error path.
+
+Reported-by: Javier Martin <javier.martin@vista-silicon.com>
+Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/platform/omap3isp/isp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/media/platform/omap3isp/isp.c
++++ b/drivers/media/platform/omap3isp/isp.c
+@@ -2249,6 +2249,7 @@ static int isp_probe(struct platform_dev
+ ret = iommu_attach_device(isp->domain, &pdev->dev);
+ if (ret) {
+ dev_err(&pdev->dev, "can't attach iommu device: %d\n", ret);
++ ret = -EPROBE_DEFER;
+ goto free_domain;
+ }
+
+@@ -2287,6 +2288,7 @@ detach_dev:
+ iommu_detach_device(isp->domain, &pdev->dev);
+ free_domain:
+ iommu_domain_free(isp->domain);
++ isp->domain = NULL;
+ error_isp:
+ isp_xclk_cleanup(isp);
+ omap3isp_put(isp);
--- /dev/null
+From 50c6e282bdf5e8dabf8d7cf7b162545a55645fd9 Mon Sep 17 00:00:00 2001
+From: Christoph Hellwig <hch@lst.de>
+Date: Sun, 4 May 2014 13:03:32 +0200
+Subject: posix_acl: handle NULL ACL in posix_acl_equiv_mode
+
+From: Christoph Hellwig <hch@lst.de>
+
+commit 50c6e282bdf5e8dabf8d7cf7b162545a55645fd9 upstream.
+
+Various filesystems don't bother checking for a NULL ACL in
+posix_acl_equiv_mode, and thus can dereference a NULL pointer when it
+gets passed one. This usually happens from the NFS server, as the ACL tools
+never pass a NULL ACL, but instead of one representing the mode bits.
+
+Instead of adding boilerplat to all filesystems put this check into one place,
+which will allow us to remove the check from other filesystems as well later
+on.
+
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Reported-by: Ben Greear <greearb@candelatech.com>
+Reported-by: Marco Munderloh <munderl@tnt.uni-hannover.de>,
+Cc: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/posix_acl.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/fs/posix_acl.c
++++ b/fs/posix_acl.c
+@@ -158,6 +158,12 @@ posix_acl_equiv_mode(const struct posix_
+ umode_t mode = 0;
+ int not_equiv = 0;
+
++ /*
++ * A null ACL can always be presented as mode bits.
++ */
++ if (!acl)
++ return 0;
++
+ FOREACH_ACL_ENTRY(pa, acl, pe) {
+ switch (pa->e_tag) {
+ case ACL_USER_OBJ:
usb-nokia-5300-should-be-treated-as-unusual-dev.patch
rt2x00-fix-beaconing-on-usb.patch
alsa-usb-audio-work-around-corrupted-teac-ud-h01-feedback-data.patch
+bluetooth-fix-triggering-br-edr-l2cap-connect-too-early.patch
+bluetooth-fix-redundant-encryption-request-for-reauthentication.patch
+bluetooth-add-support-for-lite-on.patch
+posix_acl-handle-null-acl-in-posix_acl_equiv_mode.patch
+omap3isp-defer-probe-when-the-iommu-is-not-available.patch
+arm-dts-i.mx53-fix-ipu-register-space-size.patch
+arm-8012-1-kdump-avoid-overflow-when-converting-pfn-to-physaddr.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
