--- /dev/null
+From fa01206912e5bc7c48e0a89d0da820062b018854 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <jhovold@gmail.com>
+Date: Tue, 12 Nov 2013 15:09:39 -0800
+Subject: backlight: atmel-pwm-bl: fix gpio polarity in remove
+
+From: Johan Hovold <jhovold@gmail.com>
+
+commit ad5066d4c2b1d696749f8d7816357c23b648c4d3 upstream.
+
+Make sure to honour gpio polarity also at remove so that the backlight is
+actually disabled on boards with active-low enable pin.
+
+Signed-off-by: Johan Hovold <jhovold@gmail.com>
+Acked-by: Jingoo Han <jg1.han@samsung.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+[bwh: Backported to 3.2: adjust context]
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Cc: Qiang Huang <h.huangqiang@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/video/backlight/atmel-pwm-bl.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/video/backlight/atmel-pwm-bl.c
++++ b/drivers/video/backlight/atmel-pwm-bl.c
+@@ -211,7 +211,8 @@ static int __exit atmel_pwm_bl_remove(st
+ struct atmel_pwm_bl *pwmbl = platform_get_drvdata(pdev);
+
+ if (pwmbl->gpio_on != -1) {
+- gpio_set_value(pwmbl->gpio_on, 0);
++ gpio_set_value(pwmbl->gpio_on,
++ 0 ^ pwmbl->pdata->on_active_low);
+ gpio_free(pwmbl->gpio_on);
+ }
+ pwm_channel_disable(&pwmbl->pwmc);
--- /dev/null
+From 6f484718617526801dcb4294c0e9a2367dfc6d7c Mon Sep 17 00:00:00 2001
+From: Oliver Hartkopp <socketcan@hartkopp.net>
+Date: Thu, 21 Nov 2013 18:03:07 +0100
+Subject: can: sja1000: fix {pre,post}_irq() handling and IRQ handler return value
+
+From: Oliver Hartkopp <socketcan@hartkopp.net>
+
+commit 2fea6cd303c0d0cd9067da31d873b6a6d5bd75e7 upstream.
+
+This patch fixes the issue that the sja1000_interrupt() function may have
+returned IRQ_NONE without processing the optional pre_irq() and post_irq()
+function before. Further the irq processing counter 'n' is moved to the end of
+the while statement to return correct IRQ_[NONE|HANDLED] values at error
+conditions.
+
+Reported-by: Wolfgang Grandegger <wg@grandegger.com>
+Acked-by: Wolfgang Grandegger <wg@grandegger.com>
+Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+[bwh: Backported to 3.2: s/SJA1000_IER/REG_IER/; s/SJA1000_IR/REG_IR/]
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Cc: Qiang Huang <h.huangqiang@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/can/sja1000/sja1000.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+--- a/drivers/net/can/sja1000/sja1000.c
++++ b/drivers/net/can/sja1000/sja1000.c
+@@ -487,19 +487,19 @@ irqreturn_t sja1000_interrupt(int irq, v
+ uint8_t isrc, status;
+ int n = 0;
+
+- /* Shared interrupts and IRQ off? */
+- if (priv->read_reg(priv, REG_IER) == IRQ_OFF)
+- return IRQ_NONE;
+-
+ if (priv->pre_irq)
+ priv->pre_irq(priv);
+
++ /* Shared interrupts and IRQ off? */
++ if (priv->read_reg(priv, REG_IER) == IRQ_OFF)
++ goto out;
++
+ while ((isrc = priv->read_reg(priv, REG_IR)) && (n < SJA1000_MAX_IRQ)) {
+- n++;
++
+ status = priv->read_reg(priv, SJA1000_REG_SR);
+ /* check for absent controller due to hw unplug */
+ if (status == 0xFF && sja1000_is_absent(priv))
+- return IRQ_NONE;
++ goto out;
+
+ if (isrc & IRQ_WUI)
+ netdev_warn(dev, "wakeup interrupt\n");
+@@ -518,7 +518,7 @@ irqreturn_t sja1000_interrupt(int irq, v
+ status = priv->read_reg(priv, SJA1000_REG_SR);
+ /* check for absent controller */
+ if (status == 0xFF && sja1000_is_absent(priv))
+- return IRQ_NONE;
++ goto out;
+ }
+ }
+ if (isrc & (IRQ_DOI | IRQ_EI | IRQ_BEI | IRQ_EPI | IRQ_ALI)) {
+@@ -526,8 +526,9 @@ irqreturn_t sja1000_interrupt(int irq, v
+ if (sja1000_err(dev, isrc, status))
+ break;
+ }
++ n++;
+ }
+-
++out:
+ if (priv->post_irq)
+ priv->post_irq(priv);
+
--- /dev/null
+From 898c8e6f438614624032f9ae887cab87f7558e45 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Tue, 5 Nov 2013 19:36:27 +0800
+Subject: crypto: s390 - Fix aes-cbc IV corruption
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit f262f0f5cad0c9eca61d1d383e3b67b57dcbe5ea upstream.
+
+The cbc-aes-s390 algorithm incorrectly places the IV in the tfm
+data structure. As the tfm is shared between multiple threads,
+this introduces a possibility of data corruption.
+
+This patch fixes this by moving the parameter block containing
+the IV and key onto the stack (the block is 48 bytes long).
+
+The same bug exists elsewhere in the s390 crypto system and they
+will be fixed in subsequent patches.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+[bwh: Backported to 3.2: adjust context]
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Cc: Qiang Huang <h.huangqiang@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/crypto/aes_s390.c | 19 ++++++++++++-------
+ 1 file changed, 12 insertions(+), 7 deletions(-)
+
+--- a/arch/s390/crypto/aes_s390.c
++++ b/arch/s390/crypto/aes_s390.c
+@@ -35,7 +35,6 @@ static u8 *ctrblk;
+ static char keylen_flag;
+
+ struct s390_aes_ctx {
+- u8 iv[AES_BLOCK_SIZE];
+ u8 key[AES_MAX_KEY_SIZE];
+ long enc;
+ long dec;
+@@ -442,29 +441,35 @@ static int cbc_aes_set_key(struct crypto
+ return aes_set_key(tfm, in_key, key_len);
+ }
+
+-static int cbc_aes_crypt(struct blkcipher_desc *desc, long func, void *param,
++static int cbc_aes_crypt(struct blkcipher_desc *desc, long func,
+ struct blkcipher_walk *walk)
+ {
++ struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm);
+ int ret = blkcipher_walk_virt(desc, walk);
+ unsigned int nbytes = walk->nbytes;
++ struct {
++ u8 iv[AES_BLOCK_SIZE];
++ u8 key[AES_MAX_KEY_SIZE];
++ } param;
+
+ if (!nbytes)
+ goto out;
+
+- memcpy(param, walk->iv, AES_BLOCK_SIZE);
++ memcpy(param.iv, walk->iv, AES_BLOCK_SIZE);
++ memcpy(param.key, sctx->key, sctx->key_len);
+ do {
+ /* only use complete blocks */
+ unsigned int n = nbytes & ~(AES_BLOCK_SIZE - 1);
+ u8 *out = walk->dst.virt.addr;
+ u8 *in = walk->src.virt.addr;
+
+- ret = crypt_s390_kmc(func, param, out, in, n);
++ ret = crypt_s390_kmc(func, ¶m, out, in, n);
+ BUG_ON((ret < 0) || (ret != n));
+
+ nbytes &= AES_BLOCK_SIZE - 1;
+ ret = blkcipher_walk_done(desc, walk, nbytes);
+ } while ((nbytes = walk->nbytes));
+- memcpy(walk->iv, param, AES_BLOCK_SIZE);
++ memcpy(walk->iv, param.iv, AES_BLOCK_SIZE);
+
+ out:
+ return ret;
+@@ -481,7 +486,7 @@ static int cbc_aes_encrypt(struct blkcip
+ return fallback_blk_enc(desc, dst, src, nbytes);
+
+ blkcipher_walk_init(&walk, dst, src, nbytes);
+- return cbc_aes_crypt(desc, sctx->enc, sctx->iv, &walk);
++ return cbc_aes_crypt(desc, sctx->enc, &walk);
+ }
+
+ static int cbc_aes_decrypt(struct blkcipher_desc *desc,
+@@ -495,7 +500,7 @@ static int cbc_aes_decrypt(struct blkcip
+ return fallback_blk_dec(desc, dst, src, nbytes);
+
+ blkcipher_walk_init(&walk, dst, src, nbytes);
+- return cbc_aes_crypt(desc, sctx->dec, sctx->iv, &walk);
++ return cbc_aes_crypt(desc, sctx->dec, &walk);
+ }
+
+ static struct crypto_alg cbc_aes_alg = {
--- /dev/null
+From 8ccf25d7c6295ab6112711419d3c056a2331e430 Mon Sep 17 00:00:00 2001
+From: Gerald Schaefer <gerald.schaefer@de.ibm.com>
+Date: Tue, 19 Nov 2013 17:12:47 +0100
+Subject: crypto: s390 - Fix aes-xts parameter corruption
+
+From: Gerald Schaefer <gerald.schaefer@de.ibm.com>
+
+commit 9dda2769af4f3f3093434648c409bb351120d9e8 upstream.
+
+Some s390 crypto algorithms incorrectly use the crypto_tfm structure to
+store private data. As the tfm can be shared among multiple threads, this
+can result in data corruption.
+
+This patch fixes aes-xts by moving the xts and pcc parameter blocks from
+the tfm onto the stack (48 + 96 bytes).
+
+Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+[bwh: Backported to 3.2: adjust context]
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Cc: Qiang Huang <h.huangqiang@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/crypto/aes_s390.c | 31 +++++++++++++++++--------------
+ 1 file changed, 17 insertions(+), 14 deletions(-)
+
+--- a/arch/s390/crypto/aes_s390.c
++++ b/arch/s390/crypto/aes_s390.c
+@@ -55,8 +55,7 @@ struct pcc_param {
+
+ struct s390_xts_ctx {
+ u8 key[32];
+- u8 xts_param[16];
+- struct pcc_param pcc;
++ u8 pcc_key[32];
+ long enc;
+ long dec;
+ int key_len;
+@@ -592,7 +591,7 @@ static int xts_aes_set_key(struct crypto
+ xts_ctx->enc = KM_XTS_128_ENCRYPT;
+ xts_ctx->dec = KM_XTS_128_DECRYPT;
+ memcpy(xts_ctx->key + 16, in_key, 16);
+- memcpy(xts_ctx->pcc.key + 16, in_key + 16, 16);
++ memcpy(xts_ctx->pcc_key + 16, in_key + 16, 16);
+ break;
+ case 48:
+ xts_ctx->enc = 0;
+@@ -603,7 +602,7 @@ static int xts_aes_set_key(struct crypto
+ xts_ctx->enc = KM_XTS_256_ENCRYPT;
+ xts_ctx->dec = KM_XTS_256_DECRYPT;
+ memcpy(xts_ctx->key, in_key, 32);
+- memcpy(xts_ctx->pcc.key, in_key + 32, 32);
++ memcpy(xts_ctx->pcc_key, in_key + 32, 32);
+ break;
+ default:
+ *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
+@@ -622,28 +621,32 @@ static int xts_aes_crypt(struct blkciphe
+ unsigned int nbytes = walk->nbytes;
+ unsigned int n;
+ u8 *in, *out;
+- void *param;
++ struct pcc_param pcc_param;
++ struct {
++ u8 key[32];
++ u8 init[16];
++ } xts_param;
+
+ if (!nbytes)
+ goto out;
+
+- memset(xts_ctx->pcc.block, 0, sizeof(xts_ctx->pcc.block));
+- memset(xts_ctx->pcc.bit, 0, sizeof(xts_ctx->pcc.bit));
+- memset(xts_ctx->pcc.xts, 0, sizeof(xts_ctx->pcc.xts));
+- memcpy(xts_ctx->pcc.tweak, walk->iv, sizeof(xts_ctx->pcc.tweak));
+- param = xts_ctx->pcc.key + offset;
+- ret = crypt_s390_pcc(func, param);
++ memset(pcc_param.block, 0, sizeof(pcc_param.block));
++ memset(pcc_param.bit, 0, sizeof(pcc_param.bit));
++ memset(pcc_param.xts, 0, sizeof(pcc_param.xts));
++ memcpy(pcc_param.tweak, walk->iv, sizeof(pcc_param.tweak));
++ memcpy(pcc_param.key, xts_ctx->pcc_key, 32);
++ ret = crypt_s390_pcc(func, &pcc_param.key[offset]);
+ BUG_ON(ret < 0);
+
+- memcpy(xts_ctx->xts_param, xts_ctx->pcc.xts, 16);
+- param = xts_ctx->key + offset;
++ memcpy(xts_param.key, xts_ctx->key, 32);
++ memcpy(xts_param.init, pcc_param.xts, 16);
+ do {
+ /* only use complete blocks */
+ n = nbytes & ~(AES_BLOCK_SIZE - 1);
+ out = walk->dst.virt.addr;
+ in = walk->src.virt.addr;
+
+- ret = crypt_s390_km(func, param, out, in, n);
++ ret = crypt_s390_km(func, &xts_param.key[offset], out, in, n);
+ BUG_ON(ret < 0 || ret != n);
+
+ nbytes &= AES_BLOCK_SIZE - 1;
--- /dev/null
+From f9ec1e9afbfea2bac94d54dd92d969755798160d Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@openwrt.org>
+Date: Tue, 17 Sep 2013 11:15:43 +0200
+Subject: mac80211: drop spoofed packets in ad-hoc mode
+
+From: Felix Fietkau <nbd@openwrt.org>
+
+commit 6329b8d917adc077caa60c2447385554130853a3 upstream.
+
+If an Ad-Hoc node receives packets with the Cell ID or its own MAC
+address as source address, it hits a WARN_ON in sta_info_insert_check()
+With many packets, this can massively spam the logs. One way that this
+can easily happen is through having Cisco APs in the area with rouge AP
+detection and countermeasures enabled.
+Such Cisco APs will regularly send fake beacons, disassoc and deauth
+packets that trigger these warnings.
+
+To fix this issue, drop such spoofed packets early in the rx path.
+
+Reported-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de>
+Signed-off-by: Felix Fietkau <nbd@openwrt.org>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+[bwh: Backported to 3.2: use compare_ether_addr() instead of ether_addr_equal()]
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Cc: Qiang Huang <h.huangqiang@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/mac80211/rx.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -2828,6 +2828,9 @@ static int prepare_for_handlers(struct i
+ case NL80211_IFTYPE_ADHOC:
+ if (!bssid)
+ return 0;
++ if (compare_ether_addr(sdata->vif.addr, hdr->addr2) == 0 ||
++ compare_ether_addr(sdata->u.ibss.bssid, hdr->addr2) == 0)
++ return 0;
+ if (ieee80211_is_beacon(hdr->frame_control)) {
+ return 1;
+ }
--- /dev/null
+From 2a4c85e77b4bd77a83382f74c99da1c388a0fab2 Mon Sep 17 00:00:00 2001
+From: Brian Norris <computersforpeace@gmail.com>
+Date: Wed, 24 Jul 2013 18:32:07 -0700
+Subject: mtd: m25p80: fix allocation size
+
+From: Brian Norris <computersforpeace@gmail.com>
+
+commit 778d226a1462572b51d6777cdb1d611543410cb4 upstream.
+
+This patch fixes two memory errors:
+
+1. During a probe failure (in mtd_device_parse_register?) the command
+ buffer would not be freed.
+
+2. The command buffer's size is determined based on the 'fast_read'
+ boolean, but the assignment of fast_read is made after this
+ allocation. Thus, the buffer may be allocated "too small".
+
+To fix the first, just switch to the devres version of kzalloc.
+
+To fix the second, increase MAX_CMD_SIZE unconditionally. It's not worth
+saving a byte to fiddle around with the conditions here.
+
+This problem was reported by Yuhang Wang a while back.
+
+Signed-off-by: Brian Norris <computersforpeace@gmail.com>
+Reported-by: Yuhang Wang <wangyuhang2014@gmail.com>
+Reviewed-by: Sourav Poddar <sourav.poddar@ti.com>
+[bwh: Backported to 3.2: adjust context]
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Cc: Qiang Huang <h.huangqiang@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mtd/devices/m25p80.c | 19 +++++++------------
+ 1 file changed, 7 insertions(+), 12 deletions(-)
+
+--- a/drivers/mtd/devices/m25p80.c
++++ b/drivers/mtd/devices/m25p80.c
+@@ -71,7 +71,7 @@
+
+ /* Define max times to check status register before we give up. */
+ #define MAX_READY_WAIT_JIFFIES (40 * HZ) /* M25P16 specs 40s max chip erase */
+-#define MAX_CMD_SIZE 5
++#define MAX_CMD_SIZE 6
+
+ #ifdef CONFIG_M25PXX_USE_FAST_READ
+ #define OPCODE_READ OPCODE_FAST_READ
+@@ -843,14 +843,13 @@ static int __devinit m25p_probe(struct s
+ }
+ }
+
+- flash = kzalloc(sizeof *flash, GFP_KERNEL);
++ flash = devm_kzalloc(&spi->dev, sizeof(*flash), GFP_KERNEL);
+ if (!flash)
+ return -ENOMEM;
+- flash->command = kmalloc(MAX_CMD_SIZE + FAST_READ_DUMMY_BYTE, GFP_KERNEL);
+- if (!flash->command) {
+- kfree(flash);
++
++ flash->command = devm_kzalloc(&spi->dev, MAX_CMD_SIZE, GFP_KERNEL);
++ if (!flash->command)
+ return -ENOMEM;
+- }
+
+ flash->spi = spi;
+ mutex_init(&flash->lock);
+@@ -947,14 +946,10 @@ static int __devinit m25p_probe(struct s
+ static int __devexit m25p_remove(struct spi_device *spi)
+ {
+ struct m25p *flash = dev_get_drvdata(&spi->dev);
+- int status;
+
+ /* Clean up MTD stuff. */
+- status = mtd_device_unregister(&flash->mtd);
+- if (status == 0) {
+- kfree(flash->command);
+- kfree(flash);
+- }
++ mtd_device_unregister(&flash->mtd);
++
+ return 0;
+ }
+
--- /dev/null
+From 3eddd6c470e225ba02d670a2c76d13cd05aabc0c Mon Sep 17 00:00:00 2001
+From: Joe Perches <joe@perches.com>
+Date: Sun, 13 May 2012 21:56:25 +0000
+Subject: net: Add net_ratelimited_function and net_<level>_ratelimited macros
+
+From: Joe Perches <joe@perches.com>
+
+commit 3a3bfb61e64476ff1e4ac3122cb6dec9c79b795c upstream.
+
+__ratelimit() can be considered an inverted bool test because
+it returns true when not ratelimited. Several tests in the
+kernel tree use this __ratelimit() function incorrectly.
+
+No net_ratelimit uses are incorrect currently though.
+
+Most uses of net_ratelimit are to log something via printk or
+pr_<level>.
+
+In order to minimize the uses of net_ratelimit, and to start
+standardizing the code style used for __ratelimit() and net_ratelimit(),
+add a net_ratelimited_function() macro and net_<level>_ratelimited()
+logging macros similar to pr_<level>_ratelimited that use the global
+net_ratelimit instead of a static per call site "struct ratelimit_state".
+
+Signed-off-by: Joe Perches <joe@perches.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Cc: Qiang Huang <h.huangqiang@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/net.h | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+--- a/include/linux/net.h
++++ b/include/linux/net.h
+@@ -282,6 +282,29 @@ do { \
+ #define net_dbg_ratelimited(fmt, ...) \
+ net_ratelimited_function(pr_debug, fmt, ##__VA_ARGS__)
+
++#define net_ratelimited_function(function, ...) \
++do { \
++ if (net_ratelimit()) \
++ function(__VA_ARGS__); \
++} while (0)
++
++#define net_emerg_ratelimited(fmt, ...) \
++ net_ratelimited_function(pr_emerg, fmt, ##__VA_ARGS__)
++#define net_alert_ratelimited(fmt, ...) \
++ net_ratelimited_function(pr_alert, fmt, ##__VA_ARGS__)
++#define net_crit_ratelimited(fmt, ...) \
++ net_ratelimited_function(pr_crit, fmt, ##__VA_ARGS__)
++#define net_err_ratelimited(fmt, ...) \
++ net_ratelimited_function(pr_err, fmt, ##__VA_ARGS__)
++#define net_notice_ratelimited(fmt, ...) \
++ net_ratelimited_function(pr_notice, fmt, ##__VA_ARGS__)
++#define net_warn_ratelimited(fmt, ...) \
++ net_ratelimited_function(pr_warn, fmt, ##__VA_ARGS__)
++#define net_info_ratelimited(fmt, ...) \
++ net_ratelimited_function(pr_info, fmt, ##__VA_ARGS__)
++#define net_dbg_ratelimited(fmt, ...) \
++ net_ratelimited_function(pr_debug, fmt, ##__VA_ARGS__)
++
+ #define net_random() random32()
+ #define net_srandom(seed) srandom32((__force u32)seed)
+
cfg80211-check-wdev-netdev-in-connection-work.patch
i2c-piix4-add-amd-cz-smbus-device-id.patch
b43-ensue-that-bcma-is-y-when-b43-is-y.patch
+vgacon.c-add-cond-reschedule-points-in-vgacon_do_font_op.patch
+mac80211-drop-spoofed-packets-in-ad-hoc-mode.patch
+crypto-s390-fix-aes-cbc-iv-corruption.patch
+mtd-m25p80-fix-allocation-size.patch
+backlight-atmel-pwm-bl-fix-gpio-polarity-in-remove.patch
+can-sja1000-fix-pre-post-_irq-handling-and-irq-handler-return-value.patch
+crypto-s390-fix-aes-xts-parameter-corruption.patch
+net-add-net_ratelimited_function-and-net_-level-_ratelimited-macros.patch
--- /dev/null
+From 809feb1735e5f4210ba455108ca91cb55b7b8610 Mon Sep 17 00:00:00 2001
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Thu, 20 Jun 2013 18:05:56 -0300
+Subject: vgacon.c: add cond reschedule points in vgacon_do_font_op
+
+From: Marcelo Tosatti <mtosatti@redhat.com>
+
+commit 7e6d72c15ff4cc0c27573901bb05f9eddbd71ed4 upstream.
+
+Booting a 64-vcpu KVM guest, with CONFIG_PREEMPT_VOLUNTARY,
+can result in a soft lockup:
+
+BUG: soft lockup - CPU#41 stuck for 67s! [setfont:1505]
+ RIP: 0010:[<ffffffff812c48da>]
+[<ffffffff812c48da>] vgacon_do_font_op.clone.0+0x1ba/0x550
+
+This is due to the 8192 (cmapsz) IO operations taking longer than expected
+due to lock contention in QEMU.
+
+Add conditional resched points in between writes allowing other tasks to
+execute.
+
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+[bwh: Backported to 3.2: add #include <linux/sched.h>, already present
+ upstream]
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Cc: Qiang Huang <h.huangqiang@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/video/console/vgacon.c | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+--- a/drivers/video/console/vgacon.c
++++ b/drivers/video/console/vgacon.c
+@@ -42,6 +42,7 @@
+ #include <linux/kd.h>
+ #include <linux/slab.h>
+ #include <linux/vt_kern.h>
++#include <linux/sched.h>
+ #include <linux/selection.h>
+ #include <linux/spinlock.h>
+ #include <linux/ioport.h>
+@@ -1124,11 +1125,15 @@ static int vgacon_do_font_op(struct vgas
+
+ if (arg) {
+ if (set)
+- for (i = 0; i < cmapsz; i++)
++ for (i = 0; i < cmapsz; i++) {
+ vga_writeb(arg[i], charmap + i);
++ cond_resched();
++ }
+ else
+- for (i = 0; i < cmapsz; i++)
++ for (i = 0; i < cmapsz; i++) {
+ arg[i] = vga_readb(charmap + i);
++ cond_resched();
++ }
+
+ /*
+ * In 512-character mode, the character map is not contiguous if
+@@ -1139,11 +1144,15 @@ static int vgacon_do_font_op(struct vgas
+ charmap += 2 * cmapsz;
+ arg += cmapsz;
+ if (set)
+- for (i = 0; i < cmapsz; i++)
++ for (i = 0; i < cmapsz; i++) {
+ vga_writeb(arg[i], charmap + i);
++ cond_resched();
++ }
+ else
+- for (i = 0; i < cmapsz; i++)
++ for (i = 0; i < cmapsz; i++) {
+ arg[i] = vga_readb(charmap + i);
++ cond_resched();
++ }
+ }
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
