4.4-stable patches

added patches:
	am437x-vpfe-fix-an-uninitialized-variable-bug.patch
	ath9k_htc-check-for-underflow-in-ath9k_htc_rx_msg.patch
	cx23885-uninitialized-variable-in-cx23885_av_work_handler.patch
	ethernet-micrel-fix-some-error-codes.patch
	i40e-fix-an-uninitialized-variable-bug.patch
	lirc_imon-do-not-leave-imon_probe-with-mutex-held.patch
	mfd-lp8788-irq-uninitialized-variable-in-irq-handler.patch
	net-moxa-fix-an-error-code.patch
	power-ipaq-micro-battery-freeing-the-wrong-variable.patch
	qede-uninitialized-variable-in-qede_start_xmit.patch
	qlcnic-potential-null-dereference-in-qlcnic_83xx_get_minidump_template.patch
	qlcnic-use-the-correct-ring-in-qlcnic_83xx_process_rcv_ring_diag.patch
	rc-allow-rc-modules-to-be-loaded-if-rc-main-is-not-a-module.patch
	vfio-platform-reset-fix-a-warning-message-condition.patch

diff --git a/queue-4.4/am437x-vpfe-fix-an-uninitialized-variable-bug.patch b/queue-4.4/am437x-vpfe-fix-an-uninitialized-variable-bug.patch
new file mode 100644 (file)
index 0000000..a9ed4a5
--- /dev/null
+++ b/queue-4.4/am437x-vpfe-fix-an-uninitialized-variable-bug.patch
@@ -0,0 +1,34 @@
+From e4bccada44c177cde31b9a236b7dfd7f76d403ed Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Tue, 15 Mar 2016 04:04:12 -0300
+Subject: [media] am437x-vpfe: fix an uninitialized variable bug
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit e4bccada44c177cde31b9a236b7dfd7f76d403ed upstream.
+
+If we are doing V4L2_FIELD_NONE then "ret" is used uninitialized.
+
+Fixes: 417d2e507edc ('[media] media: platform: add VPFE capture driver support for AM437X')
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Lad, Prabhakar <prabhakar.csengg@gmail.com>
+Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/platform/am437x/am437x-vpfe.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/media/platform/am437x/am437x-vpfe.c
++++ b/drivers/media/platform/am437x/am437x-vpfe.c
+@@ -1047,7 +1047,7 @@ static int vpfe_get_ccdc_image_format(st
+ static int vpfe_config_ccdc_image_format(struct vpfe_device *vpfe)
+ {
+       enum ccdc_frmfmt frm_fmt = CCDC_FRMFMT_INTERLACED;
+-      int ret;
++      int ret = 0;
+ 
+       vpfe_dbg(2, vpfe, "vpfe_config_ccdc_image_format\n");
+ 

diff --git a/queue-4.4/ath9k_htc-check-for-underflow-in-ath9k_htc_rx_msg.patch b/queue-4.4/ath9k_htc-check-for-underflow-in-ath9k_htc_rx_msg.patch
new file mode 100644 (file)
index 0000000..78a2497
--- /dev/null
+++ b/queue-4.4/ath9k_htc-check-for-underflow-in-ath9k_htc_rx_msg.patch
@@ -0,0 +1,32 @@
+From 3a318426e09a9c9266fe6440842e11238f640a20 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Fri, 6 Nov 2015 13:01:20 +0300
+Subject: ath9k_htc: check for underflow in ath9k_htc_rx_msg()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 3a318426e09a9c9266fe6440842e11238f640a20 upstream.
+
+We check for overflow here, but we don't check for underflow so it
+causes a static checker warning.
+
+Fixes: fb9987d0f748 ('ath9k_htc: Support for AR9271 chipset.')
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/ath/ath9k/htc_hst.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath9k/htc_hst.c
++++ b/drivers/net/wireless/ath/ath9k/htc_hst.c
+@@ -414,7 +414,7 @@ void ath9k_htc_rx_msg(struct htc_target
+               return;
+       }
+ 
+-      if (epid >= ENDPOINT_MAX) {
++      if (epid < 0 || epid >= ENDPOINT_MAX) {
+               if (pipe_id != USB_REG_IN_PIPE)
+                       dev_kfree_skb_any(skb);
+               else

diff --git a/queue-4.4/cx23885-uninitialized-variable-in-cx23885_av_work_handler.patch b/queue-4.4/cx23885-uninitialized-variable-in-cx23885_av_work_handler.patch
new file mode 100644 (file)
index 0000000..991cdb5
--- /dev/null
+++ b/queue-4.4/cx23885-uninitialized-variable-in-cx23885_av_work_handler.patch
@@ -0,0 +1,36 @@
+From 60587bd0680507f48ae3a7360983228fd207de8a Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Tue, 15 Mar 2016 04:05:20 -0300
+Subject: [media] cx23885: uninitialized variable in cx23885_av_work_handler()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 60587bd0680507f48ae3a7360983228fd207de8a upstream.
+
+The "handled" variable could be uninitialized if the
+interrupt_service_routine() call back hasn't been implimented or if it
+has been implemented but doesn't initialize "handled" to zero at the
+start.  For example, adv76xx_isr() only sets "handled" to true.
+
+Fixes: 44b153ca639f ('[media] m5mols: Add ISO sensitivity controls')
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/pci/cx23885/cx23885-av.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/media/pci/cx23885/cx23885-av.c
++++ b/drivers/media/pci/cx23885/cx23885-av.c
+@@ -24,7 +24,7 @@ void cx23885_av_work_handler(struct work
+ {
+       struct cx23885_dev *dev =
+                          container_of(work, struct cx23885_dev, cx25840_work);
+-      bool handled;
++      bool handled = false;
+ 
+       v4l2_subdev_call(dev->sd_cx25840, core, interrupt_service_routine,
+                        PCI_MSK_AV_CORE, &handled);

diff --git a/queue-4.4/ethernet-micrel-fix-some-error-codes.patch b/queue-4.4/ethernet-micrel-fix-some-error-codes.patch
new file mode 100644 (file)
index 0000000..5aeeea3
--- /dev/null
+++ b/queue-4.4/ethernet-micrel-fix-some-error-codes.patch
@@ -0,0 +1,60 @@
+From 3af0d554c1ce11e9d0953381ff566271f9ab81a9 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Wed, 16 Mar 2016 10:45:10 +0300
+Subject: ethernet: micrel: fix some error codes
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 3af0d554c1ce11e9d0953381ff566271f9ab81a9 upstream.
+
+There were two issues here:
+1) dma_mapping_error() return true/false but we want to return -ENOMEM
+2) If dmaengine_prep_slave_sg() failed then "err" wasn't set but
+   presumably that should be -ENOMEM as well.
+
+I changed the success path to "return 0;" instead of "return ret;" for
+clarity.
+
+Fixes: 94fe8c683cea ('ks8842: Support DMA when accessed via timberdale')
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/micrel/ks8842.c |   10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/ethernet/micrel/ks8842.c
++++ b/drivers/net/ethernet/micrel/ks8842.c
+@@ -561,8 +561,8 @@ static int __ks8842_start_new_rx_dma(str
+               sg_init_table(sg, 1);
+               sg_dma_address(sg) = dma_map_single(adapter->dev,
+                       ctl->skb->data, DMA_BUFFER_SIZE, DMA_FROM_DEVICE);
+-              err = dma_mapping_error(adapter->dev, sg_dma_address(sg));
+-              if (unlikely(err)) {
++              if (dma_mapping_error(adapter->dev, sg_dma_address(sg))) {
++                      err = -ENOMEM;
+                       sg_dma_address(sg) = 0;
+                       goto out;
+               }
+@@ -572,8 +572,10 @@ static int __ks8842_start_new_rx_dma(str
+               ctl->adesc = dmaengine_prep_slave_sg(ctl->chan,
+                       sg, 1, DMA_DEV_TO_MEM, DMA_PREP_INTERRUPT);
+ 
+-              if (!ctl->adesc)
++              if (!ctl->adesc) {
++                      err = -ENOMEM;
+                       goto out;
++              }
+ 
+               ctl->adesc->callback_param = netdev;
+               ctl->adesc->callback = ks8842_dma_rx_cb;
+@@ -584,7 +586,7 @@ static int __ks8842_start_new_rx_dma(str
+               goto out;
+       }
+ 
+-      return err;
++      return 0;
+ out:
+       if (sg_dma_address(sg))
+               dma_unmap_single(adapter->dev, sg_dma_address(sg),

diff --git a/queue-4.4/i40e-fix-an-uninitialized-variable-bug.patch b/queue-4.4/i40e-fix-an-uninitialized-variable-bug.patch
new file mode 100644 (file)
index 0000000..8f16a6f
--- /dev/null
+++ b/queue-4.4/i40e-fix-an-uninitialized-variable-bug.patch
@@ -0,0 +1,32 @@
+From 1c306f7f62a38ee5f05f0ee994dfe82d654cf47c Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Thu, 5 May 2016 16:18:02 +0300
+Subject: i40e: fix an uninitialized variable bug
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 1c306f7f62a38ee5f05f0ee994dfe82d654cf47c upstream.
+
+We removed this initialization but it is required.  Let's put it back.
+
+Fixes: 895106a577c4 ('i40e: trivial fixes')
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
+Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/intel/i40e/i40e_hmc.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/intel/i40e/i40e_hmc.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_hmc.c
+@@ -49,7 +49,7 @@ i40e_status i40e_add_sd_table_entry(stru
+       struct i40e_hmc_sd_entry *sd_entry;
+       bool dma_mem_alloc_done = false;
+       struct i40e_dma_mem mem;
+-      i40e_status ret_code;
++      i40e_status ret_code = I40E_SUCCESS;
+       u64 alloc_len;
+ 
+       if (NULL == hmc_info->sd_table.sd_entry) {

diff --git a/queue-4.4/lirc_imon-do-not-leave-imon_probe-with-mutex-held.patch b/queue-4.4/lirc_imon-do-not-leave-imon_probe-with-mutex-held.patch
new file mode 100644 (file)
index 0000000..18f419f
--- /dev/null
+++ b/queue-4.4/lirc_imon-do-not-leave-imon_probe-with-mutex-held.patch
@@ -0,0 +1,44 @@
+From b833d0df943d70682e288c38c96b8e7bfff4023a Mon Sep 17 00:00:00 2001
+From: Alexey Khoroshilov <khoroshilov@ispras.ru>
+Date: Sat, 14 Nov 2015 16:17:56 -0200
+Subject: [media] lirc_imon: do not leave imon_probe() with mutex held
+
+From: Alexey Khoroshilov <khoroshilov@ispras.ru>
+
+commit b833d0df943d70682e288c38c96b8e7bfff4023a upstream.
+
+Commit af8a819a2513 ("[media] lirc_imon: simplify error handling code")
+lost mutex_unlock(&context->ctx_lock), so imon_probe() exits with
+the context->ctx_lock mutex acquired.
+
+The patch adds mutex_unlock(&context->ctx_lock) back.
+
+Found by Linux Driver Verification project (linuxtesting.org).
+
+Fixes: af8a819a2513 ("[media] lirc_imon: simplify error handling code")
+
+Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/media/lirc/lirc_imon.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/staging/media/lirc/lirc_imon.c
++++ b/drivers/staging/media/lirc/lirc_imon.c
+@@ -885,12 +885,14 @@ static int imon_probe(struct usb_interfa
+               vendor, product, ifnum, usbdev->bus->busnum, usbdev->devnum);
+ 
+       /* Everything went fine. Just unlock and return retval (with is 0) */
++      mutex_unlock(&context->ctx_lock);
+       goto driver_unlock;
+ 
+ unregister_lirc:
+       lirc_unregister_driver(driver->minor);
+ 
+ free_tx_urb:
++      mutex_unlock(&context->ctx_lock);
+       usb_free_urb(tx_urb);
+ 
+ free_rx_urb:

diff --git a/queue-4.4/mfd-lp8788-irq-uninitialized-variable-in-irq-handler.patch b/queue-4.4/mfd-lp8788-irq-uninitialized-variable-in-irq-handler.patch
new file mode 100644 (file)
index 0000000..7b011a9
--- /dev/null
+++ b/queue-4.4/mfd-lp8788-irq-uninitialized-variable-in-irq-handler.patch
@@ -0,0 +1,34 @@
+From 22aab38e7b59fd79ce1045006be69a9abab58e5a Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Fri, 11 Mar 2016 11:11:39 +0300
+Subject: mfd: lp8788-irq: Uninitialized variable in irq handler
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 22aab38e7b59fd79ce1045006be69a9abab58e5a upstream.
+
+Instead to being true/false, the "handled" is true/uninitialized.
+Presumably this doesn't cause that many problems in real life because
+normally we handle the IRQ.
+
+Fixes: eea6b7cc53aa ('mfd: Add lp8788 mfd driver')
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Milo Kim <milo.kim@ti.com>
+Signed-off-by: Lee Jones <lee.jones@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mfd/lp8788-irq.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/mfd/lp8788-irq.c
++++ b/drivers/mfd/lp8788-irq.c
+@@ -112,7 +112,7 @@ static irqreturn_t lp8788_irq_handler(in
+       struct lp8788_irq_data *irqd = ptr;
+       struct lp8788 *lp = irqd->lp;
+       u8 status[NUM_REGS], addr, mask;
+-      bool handled;
++      bool handled = false;
+       int i;
+ 
+       if (lp8788_read_multi_bytes(lp, LP8788_INT_1, status, NUM_REGS))

diff --git a/queue-4.4/net-moxa-fix-an-error-code.patch b/queue-4.4/net-moxa-fix-an-error-code.patch
new file mode 100644 (file)
index 0000000..c468396
--- /dev/null
+++ b/queue-4.4/net-moxa-fix-an-error-code.patch
@@ -0,0 +1,36 @@
+From 1d3cd1773fddfdc9ffb0c2dec9a954c7a54bc207 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Wed, 2 Mar 2016 13:11:10 +0300
+Subject: net: moxa: fix an error code
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 1d3cd1773fddfdc9ffb0c2dec9a954c7a54bc207 upstream.
+
+We accidentally return IS_ERR(priv->base) which is 1 instead of
+PTR_ERR(priv->base) which is the error code.
+
+Fixes: 6c821bd9edc9 ('net: Add MOXA ART SoCs ethernet driver')
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/moxa/moxart_ether.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/ethernet/moxa/moxart_ether.c
++++ b/drivers/net/ethernet/moxa/moxart_ether.c
+@@ -460,9 +460,9 @@ static int moxart_mac_probe(struct platf
+       res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+       ndev->base_addr = res->start;
+       priv->base = devm_ioremap_resource(p_dev, res);
+-      ret = IS_ERR(priv->base);
+-      if (ret) {
++      if (IS_ERR(priv->base)) {
+               dev_err(p_dev, "devm_ioremap_resource failed\n");
++              ret = PTR_ERR(priv->base);
+               goto init_fail;
+       }
+ 

diff --git a/queue-4.4/power-ipaq-micro-battery-freeing-the-wrong-variable.patch b/queue-4.4/power-ipaq-micro-battery-freeing-the-wrong-variable.patch
new file mode 100644 (file)
index 0000000..b0aa943
--- /dev/null
+++ b/queue-4.4/power-ipaq-micro-battery-freeing-the-wrong-variable.patch
@@ -0,0 +1,32 @@
+From b9223da41794030a5dfd5106c34ed1b98255e2ae Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Fri, 18 Mar 2016 12:00:51 +0300
+Subject: power: ipaq-micro-battery: freeing the wrong variable
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit b9223da41794030a5dfd5106c34ed1b98255e2ae upstream.
+
+We accidentally free "micro_ac_power" which is an error pointer and it
+leads to an oops.  We intended to free "micro_batt_power".
+
+Fixes: a2c1d531854c ('power_supply: ipaq_micro_battery: Check return values in probe')
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Sebastian Reichel <sre@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/power/ipaq_micro_battery.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/power/ipaq_micro_battery.c
++++ b/drivers/power/ipaq_micro_battery.c
+@@ -261,7 +261,7 @@ static int micro_batt_probe(struct platf
+       return 0;
+ 
+ ac_err:
+-      power_supply_unregister(micro_ac_power);
++      power_supply_unregister(micro_batt_power);
+ batt_err:
+       cancel_delayed_work_sync(&mb->update);
+       destroy_workqueue(mb->wq);

diff --git a/queue-4.4/qede-uninitialized-variable-in-qede_start_xmit.patch b/queue-4.4/qede-uninitialized-variable-in-qede_start_xmit.patch
new file mode 100644 (file)
index 0000000..b8459cc
--- /dev/null
+++ b/queue-4.4/qede-uninitialized-variable-in-qede_start_xmit.patch
@@ -0,0 +1,31 @@
+From 810810ffb2f6d46365d0790bbe77698a5534393a Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Thu, 5 May 2016 16:21:30 +0300
+Subject: qede: uninitialized variable in qede_start_xmit()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 810810ffb2f6d46365d0790bbe77698a5534393a upstream.
+
+"data_split" was never set to false.  It's just uninitialized.
+
+Fixes: 2950219d87b0 ('qede: Add basic network device support')
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/qlogic/qede/qede_main.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/qlogic/qede/qede_main.c
++++ b/drivers/net/ethernet/qlogic/qede/qede_main.c
+@@ -400,7 +400,7 @@ netdev_tx_t qede_start_xmit(struct sk_bu
+       u8 xmit_type;
+       u16 idx;
+       u16 hlen;
+-      bool data_split;
++      bool data_split = false;
+ 
+       /* Get tx-queue context and netdev index */
+       txq_index = skb_get_queue_mapping(skb);

diff --git a/queue-4.4/qlcnic-potential-null-dereference-in-qlcnic_83xx_get_minidump_template.patch b/queue-4.4/qlcnic-potential-null-dereference-in-qlcnic_83xx_get_minidump_template.patch
new file mode 100644 (file)
index 0000000..337ecce
--- /dev/null
+++ b/queue-4.4/qlcnic-potential-null-dereference-in-qlcnic_83xx_get_minidump_template.patch
@@ -0,0 +1,45 @@
+From 5f46feab87bb105d6a217d966b327fdc56696802 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Tue, 10 May 2016 22:20:04 +0300
+Subject: qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 5f46feab87bb105d6a217d966b327fdc56696802 upstream.
+
+If qlcnic_fw_cmd_get_minidump_temp() fails then "fw_dump->tmpl_hdr" is
+NULL or possibly freed.  It can lead to an oops later.
+
+Fixes: d01a6d3c8ae1 ('qlcnic: Add support to enable capability to extend minidump for iSCSI')
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c |    8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c
++++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c
+@@ -1419,6 +1419,7 @@ void qlcnic_83xx_get_minidump_template(s
+       struct qlcnic_fw_dump *fw_dump = &ahw->fw_dump;
+       struct pci_dev *pdev = adapter->pdev;
+       bool extended = false;
++      int ret;
+ 
+       prev_version = adapter->fw_version;
+       current_version = qlcnic_83xx_get_fw_version(adapter);
+@@ -1429,8 +1430,11 @@ void qlcnic_83xx_get_minidump_template(s
+               if (qlcnic_83xx_md_check_extended_dump_capability(adapter))
+                       extended = !qlcnic_83xx_extend_md_capab(adapter);
+ 
+-              if (!qlcnic_fw_cmd_get_minidump_temp(adapter))
+-                      dev_info(&pdev->dev, "Supports FW dump capability\n");
++              ret = qlcnic_fw_cmd_get_minidump_temp(adapter);
++              if (ret)
++                      return;
++
++              dev_info(&pdev->dev, "Supports FW dump capability\n");
+ 
+               /* Once we have minidump template with extended iSCSI dump
+                * capability, update the minidump capture mask to 0x1f as

diff --git a/queue-4.4/qlcnic-use-the-correct-ring-in-qlcnic_83xx_process_rcv_ring_diag.patch b/queue-4.4/qlcnic-use-the-correct-ring-in-qlcnic_83xx_process_rcv_ring_diag.patch
new file mode 100644 (file)
index 0000000..425f0bf
--- /dev/null
+++ b/queue-4.4/qlcnic-use-the-correct-ring-in-qlcnic_83xx_process_rcv_ring_diag.patch
@@ -0,0 +1,34 @@
+From 5b4d10f5e0369ed79434593b7cd8e85eebbe473f Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Mon, 27 Jun 2016 23:50:29 +0300
+Subject: qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 5b4d10f5e0369ed79434593b7cd8e85eebbe473f upstream.
+
+There is a static checker warning here "warn: mask and shift to zero"
+and the code sets "ring" to zero every time.  From looking at how
+QLCNIC_FETCH_RING_ID() is used in qlcnic_83xx_process_rcv_ring() the
+qlcnic_83xx_hndl() should be removed.
+
+Fixes: 4be41e92f7c6 ('qlcnic: 83xx data path routines')
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c
++++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c
+@@ -2220,7 +2220,7 @@ void qlcnic_83xx_process_rcv_ring_diag(s
+       if (!opcode)
+               return;
+ 
+-      ring = QLCNIC_FETCH_RING_ID(qlcnic_83xx_hndl(sts_data[0]));
++      ring = QLCNIC_FETCH_RING_ID(sts_data[0]);
+       qlcnic_83xx_process_rcv_diag(adapter, ring, sts_data);
+       desc = &sds_ring->desc_head[consumer];
+       desc->status_desc_data[0] = cpu_to_le64(STATUS_OWNER_PHANTOM);

diff --git a/queue-4.4/rc-allow-rc-modules-to-be-loaded-if-rc-main-is-not-a-module.patch b/queue-4.4/rc-allow-rc-modules-to-be-loaded-if-rc-main-is-not-a-module.patch
new file mode 100644 (file)
index 0000000..a98a67c
--- /dev/null
+++ b/queue-4.4/rc-allow-rc-modules-to-be-loaded-if-rc-main-is-not-a-module.patch
@@ -0,0 +1,37 @@
+From 2ff56fadd94cdaeeaeccbc0a9b703a0101ada128 Mon Sep 17 00:00:00 2001
+From: Russell King <rmk+kernel@arm.linux.org.uk>
+Date: Thu, 15 Oct 2015 13:15:24 -0300
+Subject: [media] rc: allow rc modules to be loaded if rc-main is not a module
+
+From: Russell King <rmk+kernel@arm.linux.org.uk>
+
+commit 2ff56fadd94cdaeeaeccbc0a9b703a0101ada128 upstream.
+
+rc-main mistakenly uses #ifdef MODULE to determine whether it should
+load the rc keymap modules.  This symbol is only defined if rc-main
+is being built as a module itself, and bears no relation to whether
+the rc keymaps are modules.
+
+Fix this to use CONFIG_MODULES instead.
+
+Fixes: 631493ecacd8 ("[media] rc-core: merge rc-map.c into rc-main.c")
+
+Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/rc/rc-main.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/media/rc/rc-main.c
++++ b/drivers/media/rc/rc-main.c
+@@ -61,7 +61,7 @@ struct rc_map *rc_map_get(const char *na
+       struct rc_map_list *map;
+ 
+       map = seek_rc_map(name);
+-#ifdef MODULE
++#ifdef CONFIG_MODULES
+       if (!map) {
+               int rc = request_module("%s", name);
+               if (rc < 0) {

diff --git a/queue-4.4/series b/queue-4.4/series
index da98e61e41210b294dbc42745b03036de10498ac..e2587c9a272f482242a219b0a675e85edd37f466 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -171,3 +171,17 @@ scripts-config-allow-colons-in-option-strings-for-se.patch
 lib-mpi-fix-building-for-powerpc-with-clang.patch
 net-bcmgenet-suppress-warnings-on-failed-rx-skb-allo.patch
 net-systemport-suppress-warnings-on-failed-rx-skb-al.patch
+rc-allow-rc-modules-to-be-loaded-if-rc-main-is-not-a-module.patch
+lirc_imon-do-not-leave-imon_probe-with-mutex-held.patch
+am437x-vpfe-fix-an-uninitialized-variable-bug.patch
+cx23885-uninitialized-variable-in-cx23885_av_work_handler.patch
+ath9k_htc-check-for-underflow-in-ath9k_htc_rx_msg.patch
+vfio-platform-reset-fix-a-warning-message-condition.patch
+net-moxa-fix-an-error-code.patch
+mfd-lp8788-irq-uninitialized-variable-in-irq-handler.patch
+ethernet-micrel-fix-some-error-codes.patch
+power-ipaq-micro-battery-freeing-the-wrong-variable.patch
+i40e-fix-an-uninitialized-variable-bug.patch
+qede-uninitialized-variable-in-qede_start_xmit.patch
+qlcnic-potential-null-dereference-in-qlcnic_83xx_get_minidump_template.patch
+qlcnic-use-the-correct-ring-in-qlcnic_83xx_process_rcv_ring_diag.patch

diff --git a/queue-4.4/vfio-platform-reset-fix-a-warning-message-condition.patch b/queue-4.4/vfio-platform-reset-fix-a-warning-message-condition.patch
new file mode 100644 (file)
index 0000000..17a2276
--- /dev/null
+++ b/queue-4.4/vfio-platform-reset-fix-a-warning-message-condition.patch
@@ -0,0 +1,34 @@
+From 967628827f404b3063016c138ccc7b06c54350f8 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Thu, 17 Dec 2015 15:27:07 +0300
+Subject: VFIO: platform: reset: fix a warning message condition
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 967628827f404b3063016c138ccc7b06c54350f8 upstream.
+
+This loop ends with count set to -1 and not zero so the warning message
+isn't printed when it should be.  I've fixed this by change the postop
+to a preop.
+
+Fixes: 0990822c9866 ('VFIO: platform: reset: AMD xgbe reset module')
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Reviewed-by: Eric Auger <eric.auger@linaro.org>
+Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/vfio/platform/reset/vfio_platform_amdxgbe.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/vfio/platform/reset/vfio_platform_amdxgbe.c
++++ b/drivers/vfio/platform/reset/vfio_platform_amdxgbe.c
+@@ -110,7 +110,7 @@ int vfio_platform_amdxgbe_reset(struct v
+       usleep_range(10, 15);
+ 
+       count = 2000;
+-      while (count-- && (ioread32(xgmac_regs->ioaddr + DMA_MR) & 1))
++      while (--count && (ioread32(xgmac_regs->ioaddr + DMA_MR) & 1))
+               usleep_range(500, 600);
+ 
+       if (!count)