commit 276f96e2708c85496fd2e8af108caf5fe8882086
Author: Jiri Slaby <jslaby@suse.cz>
Date:   Wed Jun 10 15:27:29 2015 +0200

    Linux 3.12.44

commit 18d22c77444fa5450526610f3763fec929e698b3
Author: Finn Thain <fthain@telegraphics.com.au>
Date:   Mon Mar 30 12:22:30 2015 +1100

    m68k/mac: Fix out-of-bounds array index in OSS IRQ source initialization
    
    commit b24f670b7f5b2058b95370caa9f104b3cefb9f1d upstream.
    
    Reported-by: David Binderman <dcb314@hotmail.com>
    Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
    Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 44fa042f532c7f8ac3421456eaae4255297092e0
Author: Richard Guy Briggs <rgb@redhat.com>
Date:   Tue Apr 14 11:01:02 2015 -0400

    lsm: copy comm before calling audit_log to avoid race in string printing
    
    commit 5deeb5cece3f9b30c8129786726b9d02c412c8ca upstream.
    
    When task->comm is passed directly to audit_log_untrustedstring() without
    getting a copy or using the task_lock, there is a race that could happen that
    would output a NULL (\0) in the middle of the output string that would
    effectively truncate the rest of the report text after the comm= field in the
    audit log message, losing fields.
    
    Using get_task_comm() to get a copy while acquiring the task_lock to prevent
    this and to prevent the result from being a mixture of old and new values of
    comm would incur potentially unacceptable overhead, considering that the value
    can be influenced by userspace and therefore untrusted anyways.
    
    Copy the value before passing it to audit_log_untrustedstring() ensures that a
    local copy is used to calculate the length *and* subsequently printed.  Even if
    this value contains a mix of old and new values, it will only calculate and
    copy up to the first NULL, preventing the rest of the audit log message being
    truncated.
    
    Use a second local copy of comm to avoid a race between the first and second
    calls to audit_log_untrustedstring() with comm.
    
    Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
    Signed-off-by: James Morris <james.l.morris@oracle.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 62db23cfb6e7a4860684be9d328fd8e22b4f193a
Author: Alexander Stein <alexanders83@web.de>
Date:   Sat Oct 25 14:26:13 2014 +0200

    W1: ds2490: Increase timeout when waiting for status
    
    commit d25221525e0e2cfd70e4ec7216549c06609a8bd2 upstream.
    
    Adjust the bulk message timeout to the other ones (1000ms). Otherwise the
    following dmesg errors can be seen on a Raspberry Pi:
    [   31.492386] Failed to read 1-wire data from 0x81: err=-110.
    [   31.504168] 0x81: count=-110, status:
    [   31.613404] Failed to read 1-wire data from 0x81: err=-110.
    [   31.621915] 0x81: count=-110, status:
    [   43.260968] Failed to read 1-wire data from 0x81: err=-110.
    [   43.270998] 0x81: count=-110, status:
    [   43.379959] Failed to read 1-wire data from 0x81: err=-110.
    [   43.388854] 0x81: count=-110, status:
    
    Signed-off-by: Alexander Stein <alexanders83@web.de>
    Acked-by: Evgeniy Polyakov <zbr@ioremap.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 83de5204d38767e26524ad04e76fdc94ddd61bca
Author: Nicholas Mc Guire <hofrat@osadl.org>
Date:   Thu May 7 14:47:50 2015 +0200

    MIPS: KVM: Do not sign extend on unsigned MMIO load
    
    commit ed9244e6c534612d2b5ae47feab2f55a0d4b4ced upstream.
    
    Fix possible unintended sign extension in unsigned MMIO loads by casting
    to uint16_t in the case of mmio_needed != 2.
    
    Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
    Reviewed-by: James Hogan <james.hogan@imgtec.com>
    Tested-by: James Hogan <james.hogan@imgtec.com>
    Cc: Gleb Natapov <gleb@kernel.org>
    Cc: Paolo Bonzini <pbonzini@redhat.com>
    Cc: kvm@vger.kernel.org
    Cc: linux-mips@linux-mips.org
    Cc: linux-kernel@vger.kernel.org
    Patchwork: https://patchwork.linux-mips.org/patch/9985/
    Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit c7ca19969e7a75c3c2b08b1349b2f7ae9a90a6b0
Author: Michal Hocko <mhocko@suse.cz>
Date:   Thu Apr 16 12:47:38 2015 -0700

    fork: report pid reservation failure properly
    
    commit 35f71bc0a09a45924bed268d8ccd0d3407bc476f upstream.
    
    copy_process will report any failure in alloc_pid as ENOMEM currently
    which is misleading because the pid allocation might fail not only when
    the memory is short but also when the pid space is consumed already.
    
    The current man page even mentions this case:
    
    : EAGAIN
    :
    :       A system-imposed limit on the number of threads was encountered.
    :       There are a number of limits that may trigger this error: the
    :       RLIMIT_NPROC soft resource limit (set via setrlimit(2)), which
    :       limits the number of processes and threads for a real user ID, was
    :       reached; the kernel's system-wide limit on the number of processes
    :       and threads, /proc/sys/kernel/threads-max, was reached (see
    :       proc(5)); or the maximum number of PIDs, /proc/sys/kernel/pid_max,
    :       was reached (see proc(5)).
    
    so the current behavior is also incorrect wrt.  documentation.  POSIX man
    page also suggest returing EAGAIN when the process count limit is reached.
    
    This patch simply propagates error code from alloc_pid and makes sure we
    return -EAGAIN due to reservation failure.  This will make behavior of
    fork closer to both our documentation and POSIX.
    
    alloc_pid might alsoo fail when the reaper in the pid namespace is dead
    (the namespace basically disallows all new processes) and there is no
    good error code which would match documented ones. We have traditionally
    returned ENOMEM for this case which is misleading as well but as per
    Eric W. Biederman this behavior is documented in man pid_namespaces(7)
    
    : If the "init" process of a PID namespace terminates, the kernel
    : terminates all of the processes in the namespace via a SIGKILL signal.
    : This behavior reflects the fact that the "init" process is essential for
    : the correct operation of a PID namespace.  In this case, a subsequent
    : fork(2) into this PID namespace will fail with the error ENOMEM; it is
    : not possible to create a new processes in a PID namespace whose "init"
    : process has terminated.
    
    and introducing a new error code would be too risky so let's stick to
    ENOMEM for this case.
    
    Signed-off-by: Michal Hocko <mhocko@suse.cz>
    Cc: Oleg Nesterov <oleg@redhat.com>
    Cc: "Eric W. Biederman" <ebiederm@xmission.com>
    Cc: Michael Kerrisk <mtk.manpages@gmail.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 56005f9a961016e2977e12f1c5bd69601234c77c
Author: Stephan Mueller <smueller@chronox.de>
Date:   Tue Mar 10 17:00:36 2015 +0100

    crypto: testmgr - fix RNG return code enforcement
    
    commit 19e60e1392d110be03d794e2286dd6cfd779cbe3 upstream.
    
    Due to the change to RNGs to always return zero in success case, the
    invocation of the RNGs in the test manager must be updated as otherwise
    the RNG self tests are not properly executed any more.
    
    Signed-off-by: Stephan Mueller <smueller@chronox.de>
    Signed-off-by: Alexander Bergmann <abergmann@suse.com>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit f60b0fa8bbddde66f1d197be07120264b555c84a
Author: Stephan Mueller <smueller@chronox.de>
Date:   Fri Mar 6 08:26:31 2015 +0100

    crypto: rng - RNGs must return 0 in success case
    
    commit cde001e4c3c3625c60b68a83eb1f1c2572dee07a upstream.
    
    Change the RNGs to always return 0 in success case.
    
    This patch ensures that seqiv.c works with RNGs other than krng. seqiv
    expects that any return code other than 0 is an error. Without the
    patch, rfc4106(gcm(aes)) will not work when using a DRBG or an ANSI
    X9.31 RNG.
    
    Signed-off-by: Stephan Mueller <smueller@chronox.de>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit d7ef875d4e413eaccbd550f9b638e1b9e4201dc6
Author: Julia Lawall <Julia.Lawall@lip6.fr>
Date:   Sun Apr 5 14:06:36 2015 +0200

    NFC: pn533: fix error return code
    
    commit 5df848f37b1d20e5dd64bea16ba9f69ed321e11b upstream.
    
    Return a negative error code on failure.
    
    A simplified version of the semantic match that finds this problem is as
    follows: (http://coccinelle.lip6.fr/)
    
    // <smpl>
    @@
    identifier ret; expression e1,e2;
    @@
    (
    if (\(ret < 0\|ret != 0\))
     { ... return ret; }
    |
    ret = 0
    )
    ... when != ret = e1
        when != &ret
    *if(...)
    {
      ... when != ret = e2
          when forall
     return ret;
    }
    // </smpl>
    
    Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
    Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit fd4420aba84b13da95605dfec7721d10dcdcad46
Author: Alexey Khoroshilov <khoroshilov@ispras.ru>
Date:   Thu Feb 5 22:12:42 2015 -0800

    EDAC: Properly unwind on failure path in edac_init()
    
    commit c6b97bcf8e3ee6643a7f90a54d1ef3f9e12ec245 upstream.
    
    edac_init() does not deallocate already allocated resources on failure
    path.
    
    Found by Linux Driver Verification project (linuxtesting.org).
    
     [ Boris: The unwind path functions have __exit annotation but are being
       used in an __init function, leading to section mismatches. Drop the
       section annotation and make them normal functions. ]
    
    Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
    Link: http://lkml.kernel.org/r/1423203162-26368-1-git-send-email-khoroshilov@ispras.ru
    Signed-off-by: Borislav Petkov <bp@suse.de>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 5d557c9cc29b05fd281ce704070cd487723fc07c
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date:   Sun Mar 15 13:48:03 2015 +0300

    isdn: icn: use strlcpy() when parsing setup options
    
    commit 10640d34552ccd8fabe7b15b0c4e3a102247952d upstream.
    
    If you pass an invalid string here then you probably deserve the memory
    corruption, but it annoys static analysis tools so lets fix it.
    
    Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 376ab7b755abd61296eeb1d5f46935a25e907f9f
Author: Joerg Roedel <jroedel@suse.de>
Date:   Wed Apr 1 14:58:52 2015 +0200

    iommu/amd: Correctly encode huge pages in iommu page tables
    
    commit d4b036648402bb4ef6d4a0df51375a2fb705b6cc upstream.
    
    When a default page-size for given level should be mapped,
    the level encoding must be 0 rather than 7. This fixes an
    issue seen on IOMMUv2 hardware, where this encoding is
    enforced.
    
    Tested-by: Suravee Suthikulpanit <Suravee.Suthikulpanit@amd.com>
    Signed-off-by: Joerg Roedel <jroedel@suse.de>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 253b6d09b48fb739305f0b37676f1de607558e24
Author: Joerg Roedel <jroedel@suse.de>
Date:   Wed Apr 1 14:58:51 2015 +0200

    iommu/amd: Optimize amd_iommu_iova_to_phys for new fetch_pte interface
    
    commit b24b1b63a37d05d61601d643ef30f95dd2452048 upstream.
    
    Now that fetch_pte returns the page-size of the pte, this
    function can be optimized too.
    
    Tested-by: Suravee Suthikulpanit <Suravee.Suthikulpanit@amd.com>
    Signed-off-by: Joerg Roedel <jroedel@suse.de>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit ab3a4a534cfc9c591d7708e0cc77b1db0e163631
Author: Joerg Roedel <jroedel@suse.de>
Date:   Wed Apr 1 14:58:50 2015 +0200

    iommu/amd: Optimize alloc_new_range for new fetch_pte interface
    
    commit 5d7c94c3f4f20964b217d64ee44a9a08320c315a upstream.
    
    Now that fetch_pte returns the page-size of the pte, the
    call in this function can also be optimized a little bit.
    
    Tested-by: Suravee Suthikulpanit <Suravee.Suthikulpanit@amd.com>
    Signed-off-by: Joerg Roedel <jroedel@suse.de>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit fb44979d5a19ba6c5ae86cc8922ea9e4b41bcace
Author: Joerg Roedel <jroedel@suse.de>
Date:   Wed Apr 1 14:58:49 2015 +0200

    iommu/amd: Optimize iommu_unmap_page for new fetch_pte interface
    
    commit 71b390e9bec5121d25c45326ff0b0b96a143f9a8 upstream.
    
    Now that fetch_pte returns the page-size of the pte, this
    function can be optimized a lot.
    
    Tested-by: Suravee Suthikulpanit <Suravee.Suthikulpanit@amd.com>
    Signed-off-by: Joerg Roedel <jroedel@suse.de>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 57bdeb720c85f309ffeb487963d3f46b370b551f
Author: Joerg Roedel <jroedel@suse.de>
Date:   Wed Apr 1 14:58:48 2015 +0200

    iommu/amd: Return the pte page-size in fetch_pte
    
    commit 3039ca1b1c37e61cc9239dbb3903db55141ecabd upstream.
    
    Extend the fetch_pte function to also return the page-size
    that is mapped by the returned pte.
    
    Tested-by: Suravee Suthikulpanit <Suravee.Suthikulpanit@amd.com>
    Signed-off-by: Joerg Roedel <jroedel@suse.de>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 8efd02c4eb48212294315514411a6e7a7e57e4da
Author: Ian Campbell <Ian.Campbell@citrix.com>
Date:   Mon Jun 1 11:30:24 2015 +0100

    xen: netback: read hotplug script once at start of day.
    
    [ Upstream commit 31a418986a5852034d520a5bab546821ff1ccf3d ]
    
    When we come to tear things down in netback_remove() and generate the
    uevent it is possible that the xenstore directory has already been
    removed (details below).
    
    In such cases netback_uevent() won't be able to read the hotplug
    script and will write a xenstore error node.
    
    A recent change to the hypervisor exposed this race such that we now
    sometimes lose it (where apparently we didn't ever before).
    
    Instead read the hotplug script configuration during setup and use it
    for the lifetime of the backend device.
    
    The apparently more obvious fix of moving the transition to
    state=Closed in netback_remove() to after the uevent does not work
    because it is possible that we are already in state=Closed (in
    reaction to the guest having disconnected as it shutdown). Being
    already in Closed means the toolstack is at liberty to start tearing
    down the xenstore directories. In principal it might be possible to
    arrange to unregister the device sooner (e.g on transition to Closing)
    such that xenstore would still be there but this state machine is
    fragile and prone to anger...
    
    A modern Xen system only relies on the hotplug uevent for driver
    domains, when the backend is in the same domain as the toolstack it
    will run the necessary setup/teardown directly in the correct sequence
    wrt xenstore changes.
    
    Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
    Acked-by: Wei Liu <wei.liu2@citrix.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit a97b54dd69cb05df4c57f5d5b40c761f7835ce4e
Author: Eric Dumazet <edumazet@google.com>
Date:   Sat May 30 09:16:53 2015 -0700

    udp: fix behavior of wrong checksums
    
    [ Upstream commit beb39db59d14990e401e235faf66a6b9b31240b0 ]
    
    We have two problems in UDP stack related to bogus checksums :
    
    1) We return -EAGAIN to application even if receive queue is not empty.
       This breaks applications using edge trigger epoll()
    
    2) Under UDP flood, we can loop forever without yielding to other
       processes, potentially hanging the host, especially on non SMP.
    
    This patch is an attempt to make things better.
    
    We might in the future add extra support for rt applications
    wanting to better control time spent doing a recv() in a hostile
    environment. For example we could validate checksums before queuing
    packets in socket receive queue.
    
    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Cc: Willem de Bruijn <willemb@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 5c3604e1e9d83241bd2255cfb8fac1374d26fc50
Author: WANG Cong <xiyou.wangcong@gmail.com>
Date:   Tue May 26 16:08:48 2015 -0700

    net_sched: invoke ->attach() after setting dev->qdisc
    
    [ Upstream commit 86e363dc3b50bfd50a1f315934583fbda673ab8d ]
    
    For mq qdisc, we add per tx queue qdisc to root qdisc
    for display purpose, however, that happens too early,
    before the new dev->qdisc is finally set, this causes
    q->list points to an old root qdisc which is going to be
    freed right before assigning with a new one.
    
    Fix this by moving ->attach() after setting dev->qdisc.
    
    For the record, this fixes the following crash:
    
     ------------[ cut here ]------------
     WARNING: CPU: 1 PID: 975 at lib/list_debug.c:59 __list_del_entry+0x5a/0x98()
     list_del corruption. prev->next should be ffff8800d1998ae8, but was 6b6b6b6b6b6b6b6b
     CPU: 1 PID: 975 Comm: tc Not tainted 4.1.0-rc4+ #1019
     Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
      0000000000000009 ffff8800d73fb928 ffffffff81a44e7f 0000000047574756
      ffff8800d73fb978 ffff8800d73fb968 ffffffff810790da ffff8800cfc4cd20
      ffffffff814e725b ffff8800d1998ae8 ffffffff82381250 0000000000000000
     Call Trace:
      [<ffffffff81a44e7f>] dump_stack+0x4c/0x65
      [<ffffffff810790da>] warn_slowpath_common+0x9c/0xb6
      [<ffffffff814e725b>] ? __list_del_entry+0x5a/0x98
      [<ffffffff81079162>] warn_slowpath_fmt+0x46/0x48
      [<ffffffff81820eb0>] ? dev_graft_qdisc+0x5e/0x6a
      [<ffffffff814e725b>] __list_del_entry+0x5a/0x98
      [<ffffffff814e72a7>] list_del+0xe/0x2d
      [<ffffffff81822f05>] qdisc_list_del+0x1e/0x20
      [<ffffffff81820cd1>] qdisc_destroy+0x30/0xd6
      [<ffffffff81822676>] qdisc_graft+0x11d/0x243
      [<ffffffff818233c1>] tc_get_qdisc+0x1a6/0x1d4
      [<ffffffff810b5eaf>] ? mark_lock+0x2e/0x226
      [<ffffffff817ff8f5>] rtnetlink_rcv_msg+0x181/0x194
      [<ffffffff817ff72e>] ? rtnl_lock+0x17/0x19
      [<ffffffff817ff72e>] ? rtnl_lock+0x17/0x19
      [<ffffffff817ff774>] ? __rtnl_unlock+0x17/0x17
      [<ffffffff81855dc6>] netlink_rcv_skb+0x4d/0x93
      [<ffffffff817ff756>] rtnetlink_rcv+0x26/0x2d
      [<ffffffff818544b2>] netlink_unicast+0xcb/0x150
      [<ffffffff81161db9>] ? might_fault+0x59/0xa9
      [<ffffffff81854f78>] netlink_sendmsg+0x4fa/0x51c
      [<ffffffff817d6e09>] sock_sendmsg_nosec+0x12/0x1d
      [<ffffffff817d8967>] sock_sendmsg+0x29/0x2e
      [<ffffffff817d8cf3>] ___sys_sendmsg+0x1b4/0x23a
      [<ffffffff8100a1b8>] ? native_sched_clock+0x35/0x37
      [<ffffffff810a1d83>] ? sched_clock_local+0x12/0x72
      [<ffffffff810a1fd4>] ? sched_clock_cpu+0x9e/0xb7
      [<ffffffff810def2a>] ? current_kernel_time+0xe/0x32
      [<ffffffff810b4bc5>] ? lock_release_holdtime.part.29+0x71/0x7f
      [<ffffffff810ddebf>] ? read_seqcount_begin.constprop.27+0x5f/0x76
      [<ffffffff810b6292>] ? trace_hardirqs_on_caller+0x17d/0x199
      [<ffffffff811b14d5>] ? __fget_light+0x50/0x78
      [<ffffffff817d9808>] __sys_sendmsg+0x42/0x60
      [<ffffffff817d9838>] SyS_sendmsg+0x12/0x1c
      [<ffffffff81a50e97>] system_call_fastpath+0x12/0x6f
     ---[ end trace ef29d3fb28e97ae7 ]---
    
    For long term, we probably need to clean up the qdisc_graft() code
    in case it hides other bugs like this.
    
    Fixes: 95dc19299f74 ("pkt_sched: give visibility to mq slave qdiscs")
    Cc: Jamal Hadi Salim <jhs@mojatatu.com>
    Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
    Acked-by: Eric Dumazet <edumazet@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 285826880cc0cb378a31903b863dc4cb2b4342b2
Author: Mark Salyzyn <salyzyn@android.com>
Date:   Tue May 26 08:22:19 2015 -0700

    unix/caif: sk_socket can disappear when state is unlocked
    
    [ Upstream commit b48732e4a48d80ed4a14812f0bab09560846514e ]
    
    got a rare NULL pointer dereference in clear_bit
    
    Signed-off-by: Mark Salyzyn <salyzyn@android.com>
    Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
    ----
    v2: switch to sock_flag(sk, SOCK_DEAD) and added net/caif/caif_socket.c
    v3: return -ECONNRESET in upstream caller of wait function for SOCK_DEAD
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 170ba4f7460901954e41d5915356dfb10247ff63
Author: Richard Cochran <richardcochran@gmail.com>
Date:   Mon May 25 11:55:43 2015 +0200

    net: dp83640: fix broken calibration routine.
    
    [ Upstream commit 397a253af5031de4a4612210055935309af4472c ]
    
    Currently, the calibration function that corrects the initial offsets
    among multiple devices only works the first time.  If the function is
    called more than once, the calibration fails and bogus offsets will be
    programmed into the devices.
    
    In a well hidden spot, the device documentation tells that trigger indexes
    0 and 1 are special in allowing the TRIG_IF_LATE flag to actually work.
    
    This patch fixes the issue by using one of the special triggers during the
    recalibration method.
    
    Signed-off-by: Richard Cochran <richardcochran@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 144b2988119e8b58bdb7bef0e51d07dc66b06254
Author: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Date:   Fri May 22 12:18:59 2015 -0300

    bridge: fix parsing of MLDv2 reports
    
    [ Upstream commit 47cc84ce0c2fe75c99ea5963c4b5704dd78ead54 ]
    
    When more than a multicast address is present in a MLDv2 report, all but
    the first address is ignored, because the code breaks out of the loop if
    there has not been an error adding that address.
    
    This has caused failures when two guests connected through the bridge
    tried to communicate using IPv6. Neighbor discoveries would not be
    transmitted to the other guest when both used a link-local address and a
    static address.
    
    This only happens when there is a MLDv2 querier in the network.
    
    The fix will only break out of the loop when there is a failure adding a
    multicast address.
    
    The mdb before the patch:
    
    dev ovirtmgmt port vnet0 grp ff02::1:ff7d:6603 temp
    dev ovirtmgmt port vnet1 grp ff02::1:ff7d:6604 temp
    dev ovirtmgmt port bond0.86 grp ff02::2 temp
    
    After the patch:
    
    dev ovirtmgmt port vnet0 grp ff02::1:ff7d:6603 temp
    dev ovirtmgmt port vnet1 grp ff02::1:ff7d:6604 temp
    dev ovirtmgmt port bond0.86 grp ff02::fb temp
    dev ovirtmgmt port bond0.86 grp ff02::2 temp
    dev ovirtmgmt port bond0.86 grp ff02::d temp
    dev ovirtmgmt port vnet0 grp ff02::1:ff00:76 temp
    dev ovirtmgmt port bond0.86 grp ff02::16 temp
    dev ovirtmgmt port vnet1 grp ff02::1:ff00:77 temp
    dev ovirtmgmt port bond0.86 grp ff02::1:ff00:def temp
    dev ovirtmgmt port bond0.86 grp ff02::1:ffa1:40bf temp
    
    Fixes: 08b202b67264 ("bridge br_multicast: IPv6 MLD support.")
    Reported-by: Rik Theys <Rik.Theys@esat.kuleuven.be>
    Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
    Tested-by: Rik Theys <Rik.Theys@esat.kuleuven.be>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 420431c6299144276e9098b5ea45e610c87cfa0d
Author: Eric W. Biederman <ebiederm@xmission.com>
Date:   Fri May 22 04:58:12 2015 -0500

    ipv4: Avoid crashing in ip_error
    
    [ Upstream commit 381c759d9916c42959515ad34a6d467e24a88e93 ]
    
    ip_error does not check if in_dev is NULL before dereferencing it.
    
    IThe following sequence of calls is possible:
    CPU A                          CPU B
    ip_rcv_finish
        ip_route_input_noref()
            ip_route_input_slow()
                                   inetdev_destroy()
        dst_input()
    
    With the result that a network device can be destroyed while processing
    an input packet.
    
    A crash was triggered with only unicast packets in flight, and
    forwarding enabled on the only network device.   The error condition
    was created by the removal of the network device.
    
    As such it is likely the that error code was -EHOSTUNREACH, and the
    action taken by ip_error (if in_dev had been accessible) would have
    been to not increment any counters and to have tried and likely failed
    to send an icmp error as the network device is going away.
    
    Therefore handle this weird case by just dropping the packet if
    !in_dev.  It will result in dropping the packet sooner, and will not
    result in an actual change of behavior.
    
    Fixes: 251da4130115b ("ipv4: Cache ip_error() routes even when not forwarding.")
    Reported-by: Vittorio Gambaletta <linuxbugs@vittgam.net>
    Tested-by: Vittorio Gambaletta <linuxbugs@vittgam.net>
    Signed-off-by: Vittorio Gambaletta <linuxbugs@vittgam.net>
    Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
    Acked-by: Eric Dumazet <edumazet@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 0fa9520e7b08f00138cf9a4a95d066492cbcc18d
Author: Alexei Starovoitov <ast@plumgrid.com>
Date:   Fri May 22 15:42:55 2015 -0700

    x86: bpf_jit: fix compilation of large bpf programs
    
    [ Upstream commit 3f7352bf21f8fd7ba3e2fcef9488756f188e12be ]
    
    x86 has variable length encoding. x86 JIT compiler is trying
    to pick the shortest encoding for given bpf instruction.
    While doing so the jump targets are changing, so JIT is doing
    multiple passes over the program. Typical program needs 3 passes.
    Some very short programs converge with 2 passes. Large programs
    may need 4 or 5. But specially crafted bpf programs may hit the
    pass limit and if the program converges on the last iteration
    the JIT compiler will be producing an image full of 'int 3' insns.
    Fix this corner case by doing final iteration over bpf program.
    
    Fixes: 0a14842f5a3c ("net: filter: Just In Time compiler for x86-64")
    Reported-by: Daniel Borkmann <daniel@iogearbox.net>
    Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
    Tested-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Daniel Borkmann <daniel@iogearbox.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 8c35200a686d3647b1ed44c2e803019b529a3ee2
Author: Cass May <cass@cassm.net>
Date:   Sun Feb 15 23:40:18 2015 +0000

    dgnc: Move DG_PART definition from Makefile to dgnc_driver.h
    
    commit f11cc568758f23088c1f7a8369100c59e4c07bd6 upstream.
    
    Avoid deprecated usage of EXTRA_CFLAGS by moving definition of DG_PART into dgnc_driver.h
    
    Signed-off-by: Cass May <cass@cassm.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit dba21826fae5822a8cc09e041d47f3adf96eab04
Author: Chen Gang <gang.chen@asianux.com>
Date:   Thu Oct 24 09:55:17 2013 +0800

    drivers: staging: rtl8188eu: use 'ccflags-y' instead of EXTRA_CFLAGS in Makefile
    
    commit 97b0b6ca4c0f0f964d3c6918301ca45353ef8bc5 upstream.
    
    If command line use EXTRA_CFLAGS (e.g. "EXTRA_CFLAGS=-mmedium-calls"
    for arc architecture, with allmodconfig), it can not pass compiling,
    the related error:
    
      drivers/staging/rtl8188eu/core/rtw_ap.c:22:27: fatal error: osdep_service.h: No such file or directory
    
    Signed-off-by: Chen Gang <gang.chen@asianux.com>
    Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit d5b7aee1b3f1a0263b2c9266ecf08b5293e13139
Author: Chen Gang <gang.chen@asianux.com>
Date:   Sat Sep 21 20:38:30 2013 +0800

    drivers: staging: dgap: move DG_NAME and DG_PART from "Makefile" to "dgap_driver.h"
    
    commit 6319c61aecc7acaf39a1dc0e81a8aac6a17499ee upstream.
    
    Normally, the macros from command line are system specific macros (e.g
    __linux, __KERNEL__ ...), and module own macros are usually defined in
    their header files.
    
    DG_NAME and DG_PART are driver 'dgap' owned macros which are used by
    multiple files within driver, and need be defined in the driver main
    header file.
    
    So move DG_NAME and DG_PART to "dgap_driver.h", it not only can make
    code clearer, but also can avoid compiling failure when EXTRA_CFLAGS
    appended to make command line (e.g. "EXTRA_CFLAGS=-W").
    
    Signed-off-by: Chen Gang <gang.chen@asianux.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit bab6655ecb3ff43da784f5297ac04f5d991c1e23
Author: Andrew Morton <akpm@linux-foundation.org>
Date:   Thu May 28 15:44:24 2015 -0700

    fs/binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings
    
    commit 2b1d3ae940acd11be44c6eced5873d47c2e00ffa upstream.
    
    load_elf_binary() returns `retval', not `error'.
    
    Fixes: a87938b2e246b81b4fb ("fs/binfmt_elf.c: fix bug in loading of PIE binaries")
    Reported-by: James Hogan <james.hogan@imgtec.com>
    Cc: Michael Davidson <md@google.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 330c542ff8f659055de1992935abaa18b121379e
Author: Sasha Levin <sasha.levin@oracle.com>
Date:   Wed Jan 28 15:30:43 2015 -0500

    vfs: read file_handle only once in handle_to_path
    
    commit 161f873b89136eb1e69477c847d5a5033239d9ba upstream.
    
    We used to read file_handle twice.  Once to get the amount of extra
    bytes, and once to fetch the entire structure.
    
    This may be problematic since we do size verifications only after the
    first read, so if the number of extra bytes changes in userspace between
    the first and second calls, we'll have an incoherent view of
    file_handle.
    
    Instead, read the constant size once, and copy that over to the final
    structure without having to re-read it again.
    
    Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit c58fe902f9b36ae78496b32c0d2d7c05e1c301f5
Author: Christian König <christian.koenig@amd.com>
Date:   Thu May 28 15:51:59 2015 +0200

    drm/radeon: partially revert "fix VM_CONTEXT*_PAGE_TABLE_END_ADDR handling"
    
    commit 7c0411d2fabc2e2702c9871ffb603e251158b317 upstream.
    
    We have that bug for years and some users report side effects when fixing it on older hardware.
    
    So revert it for VM_CONTEXT0_PAGE_TABLE_END_ADDR, but keep it for VM 1-15.
    
    Signed-off-by: Christian König <christian.koenig@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit f798148dddfe30f6a90ab31111f758b6f4058c9b
Author: Christian König <christian.koenig@amd.com>
Date:   Tue May 12 14:56:17 2015 +0200

    drm/radeon: fix VM_CONTEXT*_PAGE_TABLE_END_ADDR handling
    
    commit 607d48063512707a414e346972e2210dc71ab491 upstream.
    
    The mapping range is inclusive between starting and ending addresses.
    
    Signed-off-by: Christian König <christian.koenig@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 064d3446c61b615ff1efa1baf14809f5ec2bf7e6
Author: Alex Deucher <alexander.deucher@amd.com>
Date:   Tue May 12 12:51:38 2015 -0400

    drm/radeon: add new bonaire pci id
    
    commit fcf3b54282e4c5a95a1f45f67558bc105acdbc6a upstream.
    
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 2f59a647d404e4bd485bbc52ffc961938ce23e37
Author: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Date:   Thu May 7 21:19:39 2015 +0200

    ACPI / init: Fix the ordering of acpi_reserve_resources()
    
    commit b9a5e5e18fbf223502c0b2264c15024e393da928 upstream.
    
    Since acpi_reserve_resources() is defined as a device_initcall(),
    there's no guarantee that it will be executed in the right order
    with respect to the rest of the ACPI initialization code.  On some
    systems this leads to breakage if, for example, the address range
    that should be reserved for the ACPI fixed registers is given to
    the PCI host bridge instead if the race is won by the wrong code
    path.
    
    Fix this by turning acpi_reserve_resources() into a void function
    and calling it directly from within the ACPI initialization sequence.
    
    Reported-and-tested-by: George McCollister <george.mccollister@gmail.com>
    Link: http://marc.info/?t=143092384600002&r=1&w=2
    Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 98ef5398009f2c2bbd58bebfe4f11fbc17b199df
Author: Mark Hounschell <dmarkh@cfl.rr.com>
Date:   Wed May 13 10:49:09 2015 +0200

    sd: Disable support for 256 byte/sector disks
    
    commit 74856fbf441929918c49ff262ace9835048e4e6a upstream.
    
    256 bytes per sector support has been broken since 2.6.X,
    and no-one stepped up to fix this.
    So disable support for it.
    
    Signed-off-by: Mark Hounschell <dmarkh@cfl.rr.com>
    Signed-off-by: Hannes Reinecke <hare@suse.de>
    Signed-off-by: James Bottomley <JBottomley@Odin.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 46ea90bbae1e7ead36a867dfefcbb1988d305861
Author: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Date:   Thu Apr 23 09:08:43 2015 -0700

    Input: elantech - fix semi-mt protocol for v3 HW
    
    commit 3c0213d17a09601e0c6c0ae0e27caf70d988290f upstream.
    
    When the v3 hardware sees more than one finger, it uses the semi-mt
    protocol to report the touches. However, it currently works when
    num_fingers is 0, 1 or 2, but when it is 3 and above, it sends only 1
    finger as if num_fingers was 1.
    
    This confuses userspace which knows how to deal with extra fingers
    when all the slots are used, but not when some are missing.
    
    Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=90101
    
    Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
    Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 9ad2da11417ffe92aa2daba75c5d13b2481aa6c8
Author: NeilBrown <neilb@suse.de>
Date:   Fri May 8 18:19:34 2015 +1000

    md/raid5: don't record new size if resize_stripes fails.
    
    commit 6e9eac2dcee5e19f125967dd2be3e36558c42fff upstream.
    
    If any memory allocation in resize_stripes fails we will return
    -ENOMEM, but in some cases we update conf->pool_size anyway.
    
    This means that if we try again, the allocations will be assumed
    to be larger than they are, and badness results.
    
    So only update pool_size if there is no error.
    
    This bug was introduced in 2.6.17 and the patch is suitable for
    -stable.
    
    Fixes: ad01c9e3752f ("[PATCH] md: Allow stripes to be expanded in preparation for expanding an array")
    Signed-off-by: NeilBrown <neilb@suse.de>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit bca746037a308e2fbe742248d34635f07be2bfd9
Author: Jean Delvare <jdelvare@suse.de>
Date:   Mon Apr 20 11:21:13 2015 +0200

    thermal: step_wise: Revert optimization
    
    Commit 178c2490b99f898efc06d1ad75cadc84f13021a6 ("thermal: step_wise:
    cdev only needs update on a new target state") broke driver acerhdf.
    That driver abused the step_wise thermal governor until the bang_bang
    governor was available, and the optimization broke this usage model.
    
    Kernels v3.12 to v3.18 are affected. In v3.19 the acerhdf driver was
    switched to the bang_bang governor and that solved the problem.
    
    For kernels v3.12 to v3.17, the bang_bang governor isn't available
    yet so the easiest fix is to revert the optimization.
    
    Signed-off-by: Jean Delvare <jdelvare@suse.de>
    Reported-by: Dieter Jurzitza (https://bugzilla.opensuse.org/show_bug.cgi?id=925961)
    Tested-by: Peter Feuerer <peter@piie.net>
    Tested-by: Dieter Jurzitza

commit d07438719e3e56dc710695c4fe0ec93f6b8de8bc
Author: Scott Mayhew <smayhew@redhat.com>
Date:   Tue Apr 28 16:29:53 2015 -0400

    svcrpc: fix potential GSSX_ACCEPT_SEC_CONTEXT decoding failures
    
    commit 9507271d960a1911a51683888837d75c171cd91f upstream.
    
    In an environment where the KDC is running Active Directory, the
    exported composite name field returned in the context could be large
    enough to span a page boundary.  Attaching a scratch buffer to the
    decoding xdr_stream helps deal with those cases.
    
    The case where we saw this was actually due to behavior that's been
    fixed in newer gss-proxy versions, but we're fixing it here too.
    
    Signed-off-by: Scott Mayhew <smayhew@redhat.com>
    Reviewed-by: Simo Sorce <simo@redhat.com>
    Signed-off-by: J. Bruce Fields <bfields@redhat.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit caf4b0e71fe36cdfb9cafd01fd55da3a086f82cd
Author: Mel Gorman <mgorman@suse.de>
Date:   Thu May 14 15:17:09 2015 -0700

    mm, numa: really disable NUMA balancing by default on single node machines
    
    commit b0dc2b9bb4ab782115b964310518ee0b17784277 upstream.
    
    NUMA balancing is meant to be disabled by default on UMA machines but
    the check is using nr_node_ids (highest node) instead of
    num_online_nodes (online nodes).
    
    The consequences are that a UMA machine with a node ID of 1 or higher
    will enable NUMA balancing.  This will incur useless overhead due to
    minor faults with the impact depending on the workload.  These are the
    impact on the stats when running a kernel build on a single node machine
    whose node ID happened to be 1:
    
      			       vanilla     patched
      NUMA base PTE updates          5113158           0
      NUMA huge PMD updates              643           0
      NUMA page range updates        5442374           0
      NUMA hint faults               2109622           0
      NUMA hint local faults         2109622           0
      NUMA hint local percent            100         100
      NUMA pages migrated                  0           0
    
    Signed-off-by: Mel Gorman <mgorman@suse.de>
    Reviewed-by: Rik van Riel <riel@redhat.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 3968c39b59983259024faaf0746ab9a122c81e7e
Author: Philippe Reynes <tremyfr@gmail.com>
Date:   Wed May 13 00:18:26 2015 +0200

    ARM: dts: imx27: only map 4 Kbyte for fec registers
    
    commit a29ef819f3f34f89a1b9b6a939b4c1cdfe1e85ce upstream.
    
    According to the imx27 documentation, fec has a 4 Kbyte
    memory space map. Moreover, the actual 16 Kbyte mapping
    overlaps the SCC (Security Controller) memory register
    space. So, we reduce the memory register space to 4 Kbyte.
    
    Signed-off-by: Philippe Reynes <tremyfr@gmail.com>
    Acked-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
    Fixes: 9f0749e3eb88 ("ARM i.MX27: Add devicetree support")
    Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit aee7e03ec16673bbd0710144da6295ff1fec1bb9
Author: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Date:   Mon May 11 11:31:15 2015 +0200

    mac80211: move WEP tailroom size check
    
    commit 47b4e1fc4972cc43a19121bc2608a60aef3bf216 upstream.
    
    Remove checking tailroom when adding IV as it uses only
    headroom, and move the check to the ICV generation that
    actually needs the tailroom.
    
    In other case I hit such warning and datapath don't work,
    when testing:
    - IBSS + WEP
    - ath9k with hw crypt enabled
    - IPv6 data (ping6)
    
    WARNING: CPU: 3 PID: 13301 at net/mac80211/wep.c:102 ieee80211_wep_add_iv+0x129/0x190 [mac80211]()
    [...]
    Call Trace:
    [<ffffffff817bf491>] dump_stack+0x45/0x57
    [<ffffffff8107746a>] warn_slowpath_common+0x8a/0xc0
    [<ffffffff8107755a>] warn_slowpath_null+0x1a/0x20
    [<ffffffffc09ae109>] ieee80211_wep_add_iv+0x129/0x190 [mac80211]
    [<ffffffffc09ae7ab>] ieee80211_crypto_wep_encrypt+0x6b/0xd0 [mac80211]
    [<ffffffffc09d3fb1>] invoke_tx_handlers+0xc51/0xf30 [mac80211]
    [...]
    
    Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
    Signed-off-by: Johannes Berg <johannes.berg@intel.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 0f5a0fcfc6d8ca5d6ad53bbfef32f8b69db60ce9
Author: Harald Freudenberger <freude@linux.vnet.ibm.com>
Date:   Thu May 21 10:01:11 2015 +0200

    crypto: s390/ghash - Fix incorrect ghash icv buffer handling.
    
    commit a1cae34e23b1293eccbcc8ee9b39298039c3952a upstream.
    
    Multitheaded tests showed that the icv buffer in the current ghash
    implementation is not handled correctly. A move of this working ghash
    buffer value to the descriptor context fixed this. Code is tested and
    verified with an multithreaded application via af_alg interface.
    
    Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
    Signed-off-by: Gerald Schaefer <geraldsc@linux.vnet.ibm.com>
    Reported-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 9175da111a96a52fa90f7396f3fc9e0e170d85bc
Author: Michael Brunner <mibru@gmx.de>
Date:   Mon May 11 12:46:49 2015 +0200

    gpio: gpio-kempld: Fix get_direction return value
    
    commit f230e8ffc03f17bd9d6b90ea890b8252a8cc1821 upstream.
    
    This patch fixes an inverted return value of the gpio get_direction
    function.
    
    The wrong value causes the direction sysfs entry and GPIO debugfs file
    to indicate incorrect GPIO direction settings. In some cases it also
    prevents setting GPIO output values.
    
    The problem is also present in all other stable kernel versions since
    linux-3.12.
    
    Reported-by: Jochen Henneberg <jh@henneberg-systemdesign.com>
    Signed-off-by: Michael Brunner <michael.brunner@kontron.com>
    Reviewed-by: Guenter Roeck <linux@roeck-us.net>
    Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 2cf954cd3fb3047fc81e822f63d4067d4fffe01a
Author: Scott Branden <sbranden@broadcom.com>
Date:   Mon Mar 16 10:59:52 2015 -0700

    rt2x00: add new rt2800usb device DWA 130
    
    commit ea345c145ff23197eab34d0c4d0c8a93d7bea8c6 upstream.
    
    Add the USB Id to link the D-Link DWA 130 USB Wifi adapter
    to the rt2830 driver.
    
    Signed-off-by: Scott Branden <sbranden@broadcom.com>
    Signed-off-by: Pieter Truter <ptruter@broadcom.com>
    Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
    Cc: Larry Finger <Larry.Finger@lwfinger.net>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 59f43abf797e35cd4d6d4ea9768250449d505b40
Author: Gabriele Mazzotta <gabriele.mzt@gmail.com>
Date:   Sat Apr 25 19:52:37 2015 +0200

    libata: Ignore spurious PHY event on LPM policy change
    
    commit 09c5b4803a80a5451d950d6a539d2eb311dc0fb1 upstream.
    
    When the LPM policy is set to ATA_LPM_MAX_POWER, the device might
    generate a spurious PHY event that cuases errors on the link.
    Ignore this event if it occured within 10s after the policy change.
    
    The timeout was chosen observing that on a Dell XPS13 9333 these
    spurious events can occur up to roughly 6s after the policy change.
    
    Link: http://lkml.kernel.org/g/3352987.ugV1Ipy7Z5@xps13
    Signed-off-by: Gabriele Mazzotta <gabriele.mzt@gmail.com>
    Signed-off-by: Tejun Heo <tj@kernel.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 4037866e8eb01c45631a093524c37e6b913bab97
Author: Gabriele Mazzotta <gabriele.mzt@gmail.com>
Date:   Sat Apr 25 19:52:36 2015 +0200

    libata: Add helper to determine when PHY events should be ignored
    
    commit 8393b811f38acdf7fd8da2028708edad3e68ce1f upstream.
    
    This is a preparation commit that will allow to add other criteria
    according to which PHY events should be dropped.
    
    Signed-off-by: Gabriele Mazzotta <gabriele.mzt@gmail.com>
    Signed-off-by: Tejun Heo <tj@kernel.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 8755ceb161645e0c3df97203994c20ee15bd8607
Author: Darrick J. Wong <darrick.wong@oracle.com>
Date:   Thu May 14 19:11:50 2015 -0400

    jbd2: fix r_count overflows leading to buffer overflow in journal recovery
    
    commit e531d0bceb402e643a4499de40dd3fa39d8d2e43 upstream.
    
    The journal revoke block recovery code does not check r_count for
    sanity, which means that an evil value of r_count could result in
    the kernel reading off the end of the revoke table and into whatever
    garbage lies beyond.  This could crash the kernel, so fix that.
    
    However, in testing this fix, I discovered that the code to write
    out the revoke tables also was not correctly checking to see if the
    block was full -- the current offset check is fine so long as the
    revoke table space size is a multiple of the record size, but this
    is not true when either journal_csum_v[23] are set.
    
    Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
    Signed-off-by: Theodore Ts'o <tytso@mit.edu>
    Reviewed-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 4db99fb4177d49120a3515b731705449fc06c611
Author: Eryu Guan <guaneryu@gmail.com>
Date:   Thu May 14 19:00:45 2015 -0400

    ext4: check for zero length extent explicitly
    
    commit 2f974865ffdfe7b9f46a9940836c8b167342563d upstream.
    
    The following commit introduced a bug when checking for zero length extent
    
    5946d08 ext4: check for overlapping extents in ext4_valid_extent_entries()
    
    Zero length extent could pass the check if lblock is zero.
    
    Adding the explicit check for zero length back.
    
    Signed-off-by: Eryu Guan <guaneryu@gmail.com>
    Signed-off-by: Theodore Ts'o <tytso@mit.edu>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit d9923656e06dbd51ecdbca53fac8b314cce64e5a
Author: Lukas Czerner <lczerner@redhat.com>
Date:   Thu May 14 18:55:18 2015 -0400

    ext4: fix NULL pointer dereference when journal restart fails
    
    commit 9d506594069355d1fb2de3f9104667312ff08ed3 upstream.
    
    Currently when journal restart fails, we'll have the h_transaction of
    the handle set to NULL to indicate that the handle has been effectively
    aborted. We handle this situation quietly in the jbd2_journal_stop() and just
    free the handle and exit because everything else has been done before we
    attempted (and failed) to restart the journal.
    
    Unfortunately there are a number of problems with that approach
    introduced with commit
    
    41a5b913197c "jbd2: invalidate handle if jbd2_journal_restart()
    fails"
    
    First of all in ext4 jbd2_journal_stop() will be called through
    __ext4_journal_stop() where we would try to get a hold of the superblock
    by dereferencing h_transaction which in this case would lead to NULL
    pointer dereference and crash.
    
    In addition we're going to free the handle regardless of the refcount
    which is bad as well, because others up the call chain will still
    reference the handle so we might potentially reference already freed
    memory.
    
    Moreover it's expected that we'll get aborted handle as well as detached
    handle in some of the journalling function as the error propagates up
    the stack, so it's unnecessary to call WARN_ON every time we get
    detached handle.
    
    And finally we might leak some memory by forgetting to free reserved
    handle in jbd2_journal_stop() in the case where handle was detached from
    the transaction (h_transaction is NULL).
    
    Fix the NULL pointer dereference in __ext4_journal_stop() by just
    calling jbd2_journal_stop() quietly as suggested by Jan Kara. Also fix
    the potential memory leak in jbd2_journal_stop() and use proper
    handle refcounting before we attempt to free it to avoid use-after-free
    issues.
    
    And finally remove all WARN_ON(!transaction) from the code so that we do
    not get random traces when something goes wrong because when journal
    restart fails we will get to some of those functions.
    
    Signed-off-by: Lukas Czerner <lczerner@redhat.com>
    Signed-off-by: Theodore Ts'o <tytso@mit.edu>
    Reviewed-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit f52659df1a7abaddff8f86805983fd6e8a835f41
Author: Ludovic Desroches <ludovic.desroches@atmel.com>
Date:   Wed May 6 15:16:46 2015 +0200

    mmc: atmel-mci: fix bad variable type for clkdiv
    
    commit 60c8f783a18feb95ad967c87e9660caf09fb4700 upstream.
    
    clkdiv is declared as an u32 but it can be set to a negative value
    causing a huge divisor value. Change its type to int to avoid this case.
    
    Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
    Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 573993239da1d4f271f0a6f865e019c9bf525432
Author: Anton Blanchard <anton@samba.org>
Date:   Thu May 14 14:45:40 2015 +1000

    powerpc: Align TOC to 256 bytes
    
    commit 5e95235ccd5442d4a4fe11ec4eb99ba1b7959368 upstream.
    
    Recent toolchains force the TOC to be 256 byte aligned. We need
    to enforce this alignment in our linker script, otherwise pointers
    to our TOC variables (__toc_start, __prom_init_toc_start) could
    be incorrect.
    
    If they are bad, we die a few hundred instructions into boot.
    
    Signed-off-by: Anton Blanchard <anton@samba.org>
    Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 4623c6e3424e683af46569b17038feb6ef50a4ad
Author: Krzysztof Opasiak <k.opasiak@samsung.com>
Date:   Fri Mar 20 15:48:56 2015 +0100

    usb: gadget: configfs: Fix interfaces array NULL-termination
    
    commit 903124fe1aa284f61745a9dd4fbfa0184e569fff upstream.
    
    memset() to 0 interfaces array before reusing
    usb_configuration structure.
    
    This commit fix bug:
    
    ln -s functions/acm.1 configs/c.1
    ln -s functions/acm.2 configs/c.1
    ln -s functions/acm.3 configs/c.1
    echo "UDC name" > UDC
    echo "" > UDC
    rm configs/c.1/acm.*
    rmdir functions/*
    mkdir functions/ecm.usb0
    ln -s functions/ecm.usb0 configs/c.1
    echo "UDC name" > UDC
    
    [   82.220969] Unable to handle kernel NULL pointer dereference at virtual address 00000000
    [   82.229009] pgd = c0004000
    [   82.231698] [00000000] *pgd=00000000
    [   82.235260] Internal error: Oops: 17 [#1] PREEMPT SMP ARM
    [   82.240638] Modules linked in:
    [   82.243681] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.0.0-rc2 #39
    [   82.249926] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
    [   82.256003] task: c07cd2f0 ti: c07c8000 task.ti: c07c8000
    [   82.261393] PC is at composite_setup+0xe3c/0x1674
    [   82.266073] LR is at composite_setup+0xf20/0x1674
    [   82.270760] pc : [<c03510d4>]    lr : [<c03511b8>]    psr: 600001d3
    [   82.270760] sp : c07c9df0  ip : c0806448  fp : ed8c9c9c
    [   82.282216] r10: 00000001  r9 : 00000000  r8 : edaae918
    [   82.287425] r7 : ed551cc0  r6 : 00007fff  r5 : 00000000  r4 : ed799634
    [   82.293934] r3 : 00000003  r2 : 00010002  r1 : edaae918  r0 : 0000002e
    [   82.300446] Flags: nZCv  IRQs off  FIQs off  Mode SVC_32  ISA ARM  Segment kernel
    [   82.307910] Control: 10c5387d  Table: 6bc1804a  DAC: 00000015
    [   82.313638] Process swapper/0 (pid: 0, stack limit = 0xc07c8210)
    [   82.319627] Stack: (0xc07c9df0 to 0xc07ca000)
    [   82.323969] 9de0:                                     00000000 c06e65f4 00000000 c07c9f68
    [   82.332130] 9e00: 00000067 c07c59ac 000003f7 edaae918 ed8c9c98 ed799690 eca2f140 200001d3
    [   82.340289] 9e20: ee79a2d8 c07c9e88 c07c5304 ffff55db 00010002 edaae810 edaae860 eda96d50
    [   82.348448] 9e40: 00000009 ee264510 00000007 c07ca444 edaae860 c0340890 c0827a40 ffff55e0
    [   82.356607] 9e60: c0827a40 eda96e40 ee264510 edaae810 00000000 edaae860 00000007 c07ca444
    [   82.364766] 9e80: edaae860 c0354170 c03407dc c033db4c edaae810 00000000 00000000 00000010
    [   82.372925] 9ea0: 00000032 c0341670 00000000 00000000 00000001 eda96e00 00000000 00000000
    [   82.381084] 9ec0: 00000000 00000032 c0803a23 ee1aa840 00000001 c005d54c 249e2450 00000000
    [   82.389244] 9ee0: 200001d3 ee1aa840 ee1aa8a0 ed84f4c0 00000000 c07c9f68 00000067 c07c59ac
    [   82.397403] 9f00: 00000000 c005d688 ee1aa840 ee1aa8a0 c07db4b4 c006009c 00000032 00000000
    [   82.405562] 9f20: 00000001 c005ce20 c07c59ac c005cf34 f002000c c07ca780 c07c9f68 00000057
    [   82.413722] 9f40: f0020000 413fc090 00000001 c00086b4 c000f804 60000053 ffffffff c07c9f9c
    [   82.421880] 9f60: c0803a20 c0011fc0 00000000 00000000 c07c9fb8 c001bee0 c07ca4f0 c057004c
    [   82.430040] 9f80: c07ca4fc c0803a20 c0803a20 413fc090 00000001 00000000 01000000 c07c9fb0
    [   82.438199] 9fa0: c000f800 c000f804 60000053 ffffffff 00000000 c0050e70 c0803bc0 c0783bd8
    [   82.446358] 9fc0: ffffffff ffffffff c0783664 00000000 00000000 c07b13e8 00000000 c0803e54
    [   82.454517] 9fe0: c07ca480 c07b13e4 c07ce40c 4000406a 00000000 40008074 00000000 00000000
    [   82.462689] [<c03510d4>] (composite_setup) from [<c0340890>] (s3c_hsotg_complete_setup+0xb4/0x418)
    [   82.471626] [<c0340890>] (s3c_hsotg_complete_setup) from [<c0354170>] (usb_gadget_giveback_request+0xc/0x10)
    [   82.481429] [<c0354170>] (usb_gadget_giveback_request) from [<c033db4c>] (s3c_hsotg_complete_request+0xcc/0x12c)
    [   82.491583] [<c033db4c>] (s3c_hsotg_complete_request) from [<c0341670>] (s3c_hsotg_irq+0x4fc/0x558)
    [   82.500614] [<c0341670>] (s3c_hsotg_irq) from [<c005d54c>] (handle_irq_event_percpu+0x50/0x150)
    [   82.509291] [<c005d54c>] (handle_irq_event_percpu) from [<c005d688>] (handle_irq_event+0x3c/0x5c)
    [   82.518145] [<c005d688>] (handle_irq_event) from [<c006009c>] (handle_fasteoi_irq+0xd4/0x18c)
    [   82.526650] [<c006009c>] (handle_fasteoi_irq) from [<c005ce20>] (generic_handle_irq+0x20/0x30)
    [   82.535242] [<c005ce20>] (generic_handle_irq) from [<c005cf34>] (__handle_domain_irq+0x6c/0xdc)
    [   82.543923] [<c005cf34>] (__handle_domain_irq) from [<c00086b4>] (gic_handle_irq+0x2c/0x6c)
    [   82.552256] [<c00086b4>] (gic_handle_irq) from [<c0011fc0>] (__irq_svc+0x40/0x74)
    [   82.559716] Exception stack(0xc07c9f68 to 0xc07c9fb0)
    [   82.564753] 9f60:                   00000000 00000000 c07c9fb8 c001bee0 c07ca4f0 c057004c
    [   82.572913] 9f80: c07ca4fc c0803a20 c0803a20 413fc090 00000001 00000000 01000000 c07c9fb0
    [   82.581069] 9fa0: c000f800 c000f804 60000053 ffffffff
    [   82.586113] [<c0011fc0>] (__irq_svc) from [<c000f804>] (arch_cpu_idle+0x30/0x3c)
    [   82.593491] [<c000f804>] (arch_cpu_idle) from [<c0050e70>] (cpu_startup_entry+0x128/0x1a4)
    [   82.601740] [<c0050e70>] (cpu_startup_entry) from [<c0783bd8>] (start_kernel+0x350/0x3bc)
    [   82.609890] Code: 0a000002 e3530005 05975010 15975008 (e5953000)
    [   82.615965] ---[ end trace f57d5f599a5f1bfa ]---
    
    Most of kernel code assume that interface array in
    struct usb_configuration is NULL terminated.
    
    When gadget is composed with configfs configuration
    structure may be reused for different functions set.
    
    This bug happens because purge_configs_funcs() sets
    only next_interface_id to 0. Interface array still
    contains pointers to already freed interfaces. If in
    second try we add less interfaces than earlier we
    may access unallocated memory when trying to get
    interface descriptors.
    
    Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
    Signed-off-by: Felipe Balbi <balbi@ti.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 7bf8bb8bad65b8fd000f874b7fd1750fceea25d0
Author: Hans de Goede <hdegoede@redhat.com>
Date:   Thu Apr 30 11:09:44 2015 +0200

    usb-storage: Add NO_WP_DETECT quirk for Lacie 059f:0651 devices
    
    commit 172115090f5e739660b97694618a2ba86457063a upstream.
    
    Without this flag some versions of these enclosures do not work.
    
    Reported-and-tested-by: Christian Schaller <cschalle@redhat.com>
    Signed-off-by: Hans de Goede <hdegoede@redhat.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit b707e13c04b3f2323e63d2b67f666cb7c0fb1c04
Author: Mark Edwards <sonofaforester@gmail.com>
Date:   Tue Apr 14 08:52:34 2015 -0400

    USB: cp210x: add ID for KCF Technologies PRN device
    
    commit c735ed74d83f8ecb45c4c4c95a16853c9c3c8157 upstream.
    
    Added the USB serial console device ID for KCF Technologies PRN device
    which has a USB port for its serial console.
    
    Signed-off-by: Mark Edwards <sonofaforester@gmail.com>
    Signed-off-by: Johan Hovold <johan@kernel.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 65c675804e608267b58ee5e1b0a46aae9f716444
Author: Jason A. Donenfeld <Jason@zx2c4.com>
Date:   Wed Apr 22 14:35:08 2015 +0200

    USB: pl2303: Remove support for Samsung I330
    
    commit 48ef23a4f686b1e4519d4193c20d26834ff810ff upstream.
    
    This phone is already supported by the visor driver.
    
    Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
    Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
    Signed-off-by: Johan Hovold <johan@kernel.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit de7788481e8f2d7cd76f1715ead68b962d751b75
Author: Jason A. Donenfeld <Jason@zx2c4.com>
Date:   Wed Apr 22 14:35:09 2015 +0200

    USB: visor: Match I330 phone more precisely
    
    commit 82ee3aeb9295c5fc37fd2ddf20f13ac2b40ec97d upstream.
    
    Samsung has just released a portable USB3 SSD, coming in a very small
    and nice form factor. It's USB ID is 04e8:8001, which unfortunately is
    already used by the Palm Visor driver for the Samsung I330 phone cradle.
    Having pl2303 or visor pick up this device ID results in conflicts with
    the usb-storage driver, which handles the newly released portable USB3
    SSD.
    
    To work around this conflict, I've dug up a mailing list post [1] from a
    long time ago, in which a user posts the full USB descriptor
    information. The most specific value in this appears to be the interface
    class, which has value 255 (0xff). Since usb-storage requires an
    interface class of 0x8, I believe it's correct to disambiguate the two
    devices by matching on 0xff inside visor.
    
    [1] http://permalink.gmane.org/gmane.linux.usb.user/4264
    
    Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
    Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
    Signed-off-by: Johan Hovold <johan@kernel.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 245ac1a15a1b1ba5ec60ca8479b6bd5451e55c0d
Author: Joe Lawrence <joe.lawrence@stratus.com>
Date:   Thu Apr 30 17:16:04 2015 +0300

    xhci: gracefully handle xhci_irq dead device
    
    commit 948fa13504f80b9765d2b753691ab94c83a10341 upstream.
    
    If the xHCI host controller has died (ie, device removed) or suffered
    other serious fatal error (STS_FATAL), then xhci_irq should handle this
    condition with IRQ_HANDLED instead of -ESHUTDOWN.
    
    Signed-off-by: Joe Lawrence <joe.lawrence@stratus.com>
    Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit ef4a35936faac72268fe6ae7e97120ad85b7b72d
Author: Mathias Nyman <mathias.nyman@linux.intel.com>
Date:   Thu Apr 30 17:16:03 2015 +0300

    xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256
    
    commit 18cc2f4cbbaf825a4fedcf2d60fd388d291e0a38 upstream.
    
    Our event ring consists of only one segment, and we risk filling
    the event ring in case we get isoc transfers with short intervals
    such as webcams that fill a TD every microframe (125us)
    
    With 64 TRB segment size one usb camera could fill the event ring in 8ms.
    A setup with several cameras and other devices can fill up the
    event ring as it is shared between all devices.
    This has occurred when uvcvideo queues 5 * 32TD URBs which then
    get cancelled when the video mode changes. The cancelled URBs are returned
    in the xhci interrupt context and blocks the interrupt handler from
    handling the new events.
    
    A full event ring will block xhci from scheduling traffic and affect all
    devices conneted to the xhci, will see errors such as Missed Service
    Intervals for isoc devices, and  and Split transaction errors for LS/FS
    interrupt devices.
    
    Increasing the TRB_PER_SEGMENT will also increase the default endpoint ring
    size, which is welcome as for most isoc transfer we had to dynamically
    expand the endpoint ring anyway to be able to queue the 5 * 32TDs uvcvideo
    queues.
    
    The default size used to be 64 TRBs per segment
    
    Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit eb536420a4bf1dd6334867cf9c1343d105e070a8
Author: Mathias Nyman <mathias.nyman@linux.intel.com>
Date:   Thu Apr 30 17:16:02 2015 +0300

    xhci: fix isoc endpoint dequeue from advancing too far on transaction error
    
    commit d104d0152a97fade389f47635b73a9ccc7295d0b upstream.
    
    Isoc TDs usually consist of one TRB, sometimes two. When all goes well we
    receive only one success event for a TD, and move the dequeue pointer to
    the next TD.
    
    This fails if the TD consists of two TRBs and we get a transfer error
    on the first TRB, we will then see two events for that TD.
    
    Fix this by making sure the event we get is for the last TRB in that TD
    before moving the dequeue pointer to the next TD. This will resolve some
    of the uvc and dvb issues with the
    "ERROR Transfer event TRB DMA ptr not part of current TD" error message
    
    Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit c9b036ca04b6b269d23fecb100b258b7bc6d4fd2
Author: Andy Grover <agrover@redhat.com>
Date:   Fri May 22 14:07:44 2015 -0700

    target/pscsi: Don't leak scsi_host if hba is VIRTUAL_HOST
    
    commit 5a7125c64def3b21f8147eca8b54949a60963942 upstream.
    
    See https://bugzilla.redhat.com/show_bug.cgi?id=1025672
    
    We need to put() the reference to the scsi host that we got in
    pscsi_configure_device(). In VIRTUAL_HOST mode it is associated with
    the dev_virt, not the hba_virt.
    
    Signed-off-by: Andy Grover <agrover@redhat.com>
    Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 7e99e685f1e4eeddc6de8cd020eddb8deb32fcf1
Author: Zidan Wang <zidan.wang@freescale.com>
Date:   Tue May 12 14:58:50 2015 +0800

    ASoC: wm8994: correct BCLK DIV 348 to 384
    
    commit 17fc2e0a3db11889e942c5ab15a1fcb876638f25 upstream.
    
    According to the RM of wm8958, BCLK DIV 348 doesn't exist, correct it
    to 384.
    
    Signed-off-by: Zidan Wang <zidan.wang@freescale.com>
    Acked-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
    Signed-off-by: Mark Brown <broonie@kernel.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 6ed3f9d0909d1b36e7feff9ddba7ca9f6d0bd3fc
Author: Zidan Wang <zidan.wang@freescale.com>
Date:   Tue May 12 14:58:36 2015 +0800

    ASoC: wm8960: fix "RINPUT3" audio route error
    
    commit 85e36a1f4a735d991ba5106781ea48e89a0b8901 upstream.
    
    It should be "RINPUT3" instead of "LINPUT3" route to "Right Input
    Mixer".
    
    Signed-off-by: Zidan Wang <zidan.wang@freescale.com>
    Acked-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
    Signed-off-by: Mark Brown <broonie@kernel.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 3d17fe528ef422017016f9ebb2a7e896b1088bff
Author: Axel Lin <axel.lin@ingics.com>
Date:   Mon Apr 27 14:51:35 2015 +0800

    ASoC: mc13783: Fix wrong mask value used in mc13xxx_reg_rmw() calls
    
    commit 545774bd6e1427d98dde77244329d2311c5eca6f upstream.
    
    mc13xxx_reg_rmw() won't change any bit if passing 0 to the mask field.
    Pass AUDIO_SSI_SEL instead of 0 for the mask field to set AUDIO_SSI_SEL
    bit.
    
    Signed-off-by: Axel Lin <axel.lin@ingics.com>
    Signed-off-by: Mark Brown <broonie@kernel.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit e638b75d064def1c04d8b39042100192810da277
Author: Takashi Iwai <tiwai@suse.de>
Date:   Fri May 1 09:20:34 2015 +0200

    ALSA: hda - Add headphone quirk for Lifebook E752
    
    commit 88776f366ede7d9cdce60bd2c9753dd6d6fa8b77 upstream.
    
    Fujitsu Lifebook E752 laptop needs a similar quirk done for Lifebook
    T731.  Otherwise the headphone is always muted.
    
    Reported-and-tested-by: Christian Weber <we_chris@hotmail.com>
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 9bf5b2bde0405de196bee79267aed2b14deca5b6
Author: David Henningsson <david.henningsson@canonical.com>
Date:   Wed May 13 13:28:54 2015 +0200

    ALSA: hda - Add Conexant codecs CX20721, CX20722, CX20723 and CX20724
    
    commit 6ffc0898b29a2811a6c0569c5dd9b581980110df upstream.
    
    This patch adds support for Conexant HD Audio codecs
    CX20721, CX20722, CX20723 and CX20724.
    
    BugLink: https://bugs.launchpad.net/bugs/1454656
    Signed-off-by: David Henningsson <david.henningsson@canonical.com>
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 7ab65a19e352f341efaa56a4ee4c5ac34dfc29fc
Author: Al Viro <viro@zeniv.linux.org.uk>
Date:   Thu May 28 23:09:19 2015 -0400

    d_walk() might skip too much
    
    commit 2159184ea01e4ae7d15f2017e296d4bc82d5aeb0 upstream.
    
    when we find that a child has died while we'd been trying to ascend,
    we should go into the first live sibling itself, rather than its sibling.
    
    Off-by-one in question had been introduced in "deal with deadlock in
    d_walk()" and the fix needs to be backported to all branches this one
    has been backported to.
    
    Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 1a3b140801f7ad16c40c5f170a0b77b92149c269
Author: Jan Kara <jack@suse.cz>
Date:   Tue Jun 2 17:10:28 2015 +0200

    lib: Fix strnlen_user() to not touch memory after specified maximum
    
    commit f18c34e483ff6b1d9866472221e4015b3a4698e4 upstream.
    
    If the specified maximum length of the string is a multiple of unsigned
    long, we would load one long behind the specified maximum.  If that
    happens to be in a next page, we can hit a page fault although we were
    not expected to.
    
    Fix the off-by-one bug in the test whether we are at the end of the
    specified range.
    
    Signed-off-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit ddafeade843ee16b8a7c9ef9ac8b3792a0b83048
Author: Guenter Roeck <linux@roeck-us.net>
Date:   Thu May 28 09:08:09 2015 -0700

    hwmon: (nct6775) Add missing sysfs attribute initialization
    
    commit 1b63bf617206ff35b93c57c67bbe067ac735a85a upstream.
    
    The following error message is seen when loading the nct6775 driver
    with DEBUG_LOCK_ALLOC enabled.
    
    BUG: key ffff88040b2f0030 not in .data!
    ------------[ cut here ]------------
    WARNING: CPU: 0 PID: 186 at kernel/locking/lockdep.c:2988
    				lockdep_init_map+0x469/0x630()
    DEBUG_LOCKS_WARN_ON(1)
    
    Caused by a missing call to sysfs_attr_init() when initializing
    sysfs attributes.
    
    Reported-by: Alexey Orishko <alexey.orishko@gmail.com>
    Reviewed-by: Jean Delvare <jdelvare@suse.de>
    Signed-off-by: Guenter Roeck <linux@roeck-us.net>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 6ca3b824c2d270188fbaf1a402b3f39ef803aeba
Author: Chris Lesiak <chris.lesiak@licor.com>
Date:   Tue May 26 15:40:44 2015 -0500

    hwmon: (ntc_thermistor) Ensure iio channel is of type IIO_VOLTAGE
    
    commit adba657533bdd255f7b78bc8a324091f46b294cd upstream.
    
    When configured via device tree, the associated iio device needs to be
    measuring voltage for the conversion to resistance to be correct.
    Return -EINVAL if that is not the case.
    
    Signed-off-by: Chris Lesiak <chris.lesiak@licor.com>
    Signed-off-by: Guenter Roeck <linux@roeck-us.net>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit db02077307011751a0225845664bb212d76e87bc
Author: David Vrabel <david.vrabel@citrix.com>
Date:   Tue May 19 18:40:49 2015 +0100

    xen/events: don't bind non-percpu VIRQs with percpu chip
    
    commit 77bb3dfdc0d554befad58fdefbc41be5bc3ed38a upstream.
    
    A non-percpu VIRQ (e.g., VIRQ_CONSOLE) may be freed on a different
    VCPU than it is bound to.  This can result in a race between
    handle_percpu_irq() and removing the action in __free_irq() because
    handle_percpu_irq() does not take desc->lock.  The interrupt handler
    sees a NULL action and oopses.
    
    Only use the percpu chip/handler for per-CPU VIRQs (like VIRQ_TIMER).
    
      # cat /proc/interrupts | grep virq
       40:      87246          0  xen-percpu-virq      timer0
       44:          0          0  xen-percpu-virq      debug0
       47:          0      20995  xen-percpu-virq      timer1
       51:          0          0  xen-percpu-virq      debug1
       69:          0          0   xen-dyn-virq      xen-pcpu
       74:          0          0   xen-dyn-virq      mce
       75:         29          0   xen-dyn-virq      hvc_console
    
    Signed-off-by: David Vrabel <david.vrabel@citrix.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 74b65e99d99c940a7fa731a317d13bc0b3b34911
Author: Ilya Dryomov <idryomov@gmail.com>
Date:   Mon May 11 17:53:10 2015 +0300

    libceph: request a new osdmap if lingering request maps to no osd
    
    commit b0494532214bdfbf241e94fabab5dd46f7b82631 upstream.
    
    This commit does two things.  First, if there are any homeless
    lingering requests, we now request a new osdmap even if the osdmap that
    is being processed brought no changes, i.e. if a given lingering
    request turned homeless in one of the previous epochs and remained
    homeless in the current epoch.  Not doing so leaves us with a stale
    osdmap and as a result we may miss our window for reestablishing the
    watch and lose notifies.
    
    MON=1 OSD=1:
    
        # cat linger-needmap.sh
        #!/bin/bash
        rbd create --size 1 test
        DEV=$(rbd map test)
        ceph osd out 0
        rbd map dne/dne # obtain a new osdmap as a side effect (!)
        sleep 1
        ceph osd in 0
        rbd resize --size 2 test
        # rbd info test | grep size -> 2M
        # blockdev --getsize $DEV -> 1M
    
    N.B.: Not obtaining a new osdmap in between "osd out" and "osd in"
    above is enough to make it miss that resize notify, but that is a
    bug^Wlimitation of ceph watch/notify v1.
    
    Second, homeless lingering requests are now kicked just like those
    lingering requests whose mapping has changed.  This is mainly to
    recognize that a homeless lingering request makes no sense and to
    preserve the invariant that a registered lingering request is not
    sitting on any of r_req_lru_item lists.  This spares us a WARN_ON,
    which commit ba9d114ec557 ("libceph: clear r_req_lru_item in
    __unregister_linger_request()") tried to fix the _wrong_ way.
    
    Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
    Reviewed-by: Sage Weil <sage@redhat.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit cbcba3e43dc6f8b2643c4a098e55e75e4df413b8
Author: Rusty Russell <rusty@rustcorp.com.au>
Date:   Wed May 27 10:59:26 2015 +0930

    lguest: fix out-by-one error in address checking.
    
    commit 83a35114d0e4583e6b0ca39502e68b6a92e2910c upstream.
    
    This bug has been there since day 1; addresses in the top guest physical
    page weren't considered valid.  You could map that page (the check in
    check_gpte() is correct), but if a guest tried to put a pagetable there
    we'd check that address manually when walking it, and kill the guest.
    
    Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 1f6a5cfb178e69cfd86018bb9a66675f1207f84f
Author: Sasha Levin <sasha.levin@oracle.com>
Date:   Thu May 28 15:44:29 2015 -0700

    fs, omfs: add NULL terminator in the end up the token list
    
    commit dcbff39da3d815f08750552fdd04f96b51751129 upstream.
    
    match_token() expects a NULL terminator at the end of the token list so
    that it would know where to stop.  Not having one causes it to overrun
    to invalid memory.
    
    In practice, passing a mount option that omfs didn't recognize would
    sometimes panic the system.
    
    Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
    Signed-off-by: Bob Copeland <me@bobcopeland.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit af0cc4dcf7516ee72b6333a4172798e504c4ace3
Author: Junling Zheng <zhengjunling@huawei.com>
Date:   Mon Jun 1 09:28:00 2015 +0000

    net: socket: Fix the wrong returns for recvmsg and sendmsg
    
    Based on 08adb7dabd4874cc5666b4490653b26534702ce0 upstream.
    
    We found that after v3.10.73, recvmsg might return -EFAULT while -EINVAL
    was expected.
    
    We tested it through the recvmsg01 testcase come from LTP testsuit. It set
    msg->msg_namelen to -1 and the recvmsg syscall returned errno 14, which is
    unexpected (errno 22 is expected):
    
    recvmsg01    4  TFAIL  :  invalid socket length ; returned -1 (expected -1),
    errno 14 (expected 22)
    
    Linux mainline has no this bug for commit 08adb7dab fixes it accidentally.
    However, it is too large and complex to be backported to LTS 3.10.
    
    Commit 281c9c36 (net: compat: Update get_compat_msghdr() to match
    copy_msghdr_from_user() behaviour) made get_compat_msghdr() return
    error if msg_sys->msg_namelen was negative, which changed the behaviors
    of recvmsg and sendmsg syscall in a lib32 system:
    
    Before commit 281c9c36, get_compat_msghdr() wouldn't fail and it would
    return -EINVAL in move_addr_to_user() or somewhere if msg_sys->msg_namelen
    was invalid and then syscall returned -EINVAL, which is correct.
    
    And now, when msg_sys->msg_namelen is negative, get_compat_msghdr() will
    fail and wants to return -EINVAL, however, the outer syscall will return
    -EFAULT directly, which is unexpected.
    
    This patch gets the return value of get_compat_msghdr() as well as
    copy_msghdr_from_user(), then returns this expected value if
    get_compat_msghdr() fails.
    
    Fixes: 281c9c36 (net: compat: Update get_compat_msghdr() to match copy_msghdr_from_user() behaviour)
    Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
    Signed-off-by: Hanbing Xu <xuhanbing@huawei.com>
    Cc: Li Zefan <lizefan@huawei.com>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Cc: David Miller <davem@davemloft.net>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit ea294409959184a82c482ca5becd408d9fe7aeb8
Author: Paolo Bonzini <pbonzini@redhat.com>
Date:   Thu Apr 2 11:04:05 2015 +0200

    KVM: MMU: fix CR4.SMEP=1, CR0.WP=0 with shadow pages
    
    commit 898761158be7682082955e3efa4ad24725305fc7 upstream.
    
    smep_andnot_wp is initialized in kvm_init_shadow_mmu and shadow pages
    should not be reused for different values of it.  Thus, it has to be
    added to the mask in kvm_mmu_pte_write.
    
    Reviewed-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 1a6d0d9797f71212b371fe7c288d1d28131e9010
Author: Mel Gorman <mgorman@suse.de>
Date:   Wed Jan 29 14:05:42 2014 -0800

    mm: numa: initialise numa balancing after jump label initialisation
    
    commit c297663c0b3930491a3cb2aba4b6e5a7159c3503 upstream.
    
    The command line parsing takes place before jump labels are initialised
    which generates a warning if numa_balancing= is specified and
    CONFIG_JUMP_LABEL is set.
    
    On older kernels before commit c4b2c0c5f647 ("static_key: WARN on usage
    before jump_label_init was called") the kernel would have crashed.  This
    patch enables automatic numa balancing later in the initialisation
    process if numa_balancing= is specified.
    
    Signed-off-by: Mel Gorman <mgorman@suse.de>
    Acked-by: Rik van Riel <riel@redhat.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit bd7044dfd8a3bcfd386d2cd7f0c01ba884a2cc88
Author: Russell King <rmk+kernel@arm.linux.org.uk>
Date:   Fri May 15 11:02:23 2015 +0100

    ARM: fix missing syscall trace exit
    
    commit 1b97937246d8b97c0760d16d8992c7937bdf5e6a upstream.
    
    Josh Stone reports:
    
      I've discovered a case where both arm and arm64 will miss a ptrace
      syscall-exit that they should report.  If the syscall is entered
      without TIF_SYSCALL_TRACE set, then it goes on the fast path.  It's
      then possible to have TIF_SYSCALL_TRACE added in the middle of the
      syscall, but ret_fast_syscall doesn't check this flag again.
    
    Fix this by always checking for a syscall trace in the fast exit path.
    
    Reported-by: Josh Stone <jistone@redhat.com>
    Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 8657b17804d605d79cfa0d5aff080f15e787fbc1
Author: Larry Finger <Larry.Finger@lwfinger.net>
Date:   Fri Apr 24 11:03:37 2015 -0500

    rtlwifi: rtl8192cu: Fix kernel deadlock
    
    commit 414b7e3b9ce8b0577f613e656fdbc36b34b444dd upstream.
    
    The USB mini-driver in rtlwifi, which is used by rtl8192cu, issues a call to
    usb_control_msg() with a timeout value of 0. In some instances where the
    interface is shutting down, this infinite wait results in a CPU deadlock. A
    one second timeout fixes this problem without affecting any normal operations.
    
    This bug is reported at https://bugzilla.novell.com/show_bug.cgi?id=927786.
    
    Reported-by: Bernhard Wiedemann <bwiedemann@suse.com>
    Tested-by: Bernhard Wiedemann <bwiedemann@suse.com>
    Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
    Cc: Stable <stable@vger.kernel.org>
    Cc: Bernhard Wiedemann <bwiedemann@suse.com>
    Cc: Takashi Iwai<tiwai@suse.com>
    Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit a8484fc37ca4d536e5327c6fc9072e4be40ac014
Author: Steve French <smfrench@gmail.com>
Date:   Mon Oct 14 00:44:19 2013 -0500

    Fix corrupt SMB2 ioctl requests
    
    commit 7ff8d45c9dccf0744404d6fe44468ede7c1b9533 upstream.
    
    We were off by one calculating the length of ioctls in some cases
    because the protocol specification for SMB2 ioctl includes a mininum
    one byte payload but not all SMB2 ioctl requests actually have
    a data buffer to send. We were also not zeroing out the
    return buffer (in case of error this is helpful).
    
    Signed-off-by: Steve French <smfrench@gmail.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 266ed50f2a81a882d54c4ff7452bca370f396bae
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date:   Thu Feb 5 10:37:33 2015 +0300

    vhost/scsi: potential memory corruption
    
    commit 59c816c1f24df0204e01851431d3bab3eb76719c upstream.
    
    This code in vhost_scsi_make_tpg() is confusing because we limit "tpgt"
    to UINT_MAX but the data type of "tpg->tport_tpgt" and that is a u16.
    
    I looked at the context and it turns out that in
    vhost_scsi_set_endpoint(), "tpg->tport_tpgt" is used as an offset into
    the vs_tpg[] array which has VHOST_SCSI_MAX_TARGET (256) elements so
    anything higher than 255 then it is invalid.  I have made that the limit
    now.
    
    In vhost_scsi_send_evt() we mask away values higher than 255, but now
    that the limit has changed, we don't need the mask.
    
    Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
    Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit ec61e07b4192d5bbc5fb3ef80d7e6e36e09ddf57
Author: jmarchan@redhat.com <jmarchan@redhat.com>
Date:   Wed Jan 15 16:27:11 2014 +0100

    powerpc/mm: Fix mmap errno when MAP_FIXED is set and mapping exceeds the allowed address space
    
    commit 19751c07b3728748c1253627ce94e6906fa5e273 upstream.
    
    According to Posix, if MAP_FIXED is specified mmap shall set ENOMEM if
    the requested mapping exceeds the allowed range for address space of
    the process. The generic code set it right, but the specific powerpc
    slice_get_unmapped_area() function currently returns -EINVAL in that
    case.
    This patch corrects it.
    
    Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
    Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit dd1723e681b0aa529cc43d404339232a55067ad2
Author: Aravind Gopalakrishnan <Aravind.Gopalakrishnan@amd.com>
Date:   Mon Nov 10 14:24:26 2014 -0600

    perf/x86/amd/ibs: Update IBS MSRs and feature definitions
    
    commit 904cb3677f3adcd3d837be0a0d0b14251ba8d6f7 upstream.
    
    New Fam15h models carry extra feature bits and extend
    the MSR register space for IBS ops. Adding them here.
    
    While at it, add functionality to read IbsBrTarget and
    OpData4 depending on their availability if user wants a
    PERF_SAMPLE_RAW.
    
    Signed-off-by: Aravind Gopalakrishnan <Aravind.Gopalakrishnan@amd.com>
    Acked-by: Borislav Petkov <bp@suse.de>
    Cc: Paolo Bonzini <pbonzini@redhat.com>
    Cc: Jan Kiszka <jan.kiszka@siemens.com>
    Cc: Len Brown <len.brown@intel.com>
    Cc: Fenghua Yu <fenghua.yu@intel.com>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: <paulus@samba.org>
    Cc: <acme@kernel.org>
    Link: http://lkml.kernel.org/r/1415651066-13523-1-git-send-email-Aravind.Gopalakrishnan@amd.com
    Signed-off-by: Ingo Molnar <mingo@kernel.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 5ad7463fd6bf6187f15324c42337d9a5fbf2a1e9
Author: K. Y. Srinivasan <kys@microsoft.com>
Date:   Fri May 1 11:03:02 2015 -0700

    storvsc: Set the SRB flags correctly when no data transfer is needed
    
    commit dc45708ca9988656d706940df5fd102672c5de92 upstream.
    
    Set the SRB flags correctly when there is no data transfer.  Without this
    change some IHV drivers will fail valid commands such as TEST_UNIT_READY.
    
    Cc: <stable@vger.kernel.org>
    Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
    Reviewed-by: Long Li <longli@microsoft.com>
    Signed-off-by: James Bottomley <JBottomley@Odin.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 41771451c8448d5c4a7770b596c199e3ce0d5517
Author: Aravind Gopalakrishnan <Aravind.Gopalakrishnan@amd.com>
Date:   Thu Aug 14 18:15:27 2014 -0500

    hwmon: (k10temp) Add support for F15h M60h
    
    commit f89ce2706d8341c921b96e13a00b951a10eed308 upstream.
    
    This patch adds temperature monitoring support for F15h M60h processor.
     - Add new pci device id for the relevant processor
     - The functionality of REG_REPORTED_TEMPERATURE is moved to
       D0F0xBC_xD820_0CA4 [Reported Temperature Control]
       - So, use this to get CUR_TEMP value
       - Since we need an indirect register access, protect this with
         a mutex lock
     - Add Kconfig, Doc entries to indicate support for this processor.
    
    Signed-off-by: Aravind Gopalakrishnan <aravind.gopalakrishnan@amd.com>
    Acked-by: Borislav Petkov <bp@suse.de>
    Acked-by: Clemens Ladisch <clemens@ladisch.de>
    [Guenter Roeck: Declare new mutex and function static]
    Signed-off-by: Guenter Roeck <linux@roeck-us.net>
    
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 0fc90046c26f0deef817d6f25b8c32205af2b2af
Author: Aravind Gopalakrishnan <Aravind.Gopalakrishnan@amd.com>
Date:   Tue Mar 11 16:25:59 2014 -0500

    hwmon: (k10temp) Add support for AMD F16 M30h processor
    
    commit ec0159503ae74aeb834e78366bdf4b9663ca1129 upstream.
    
    Adding new PCI ID to support AMD F16 M30h processor (Mullins).
    While at it, modify Kconfig and Doc files to reflect the
    support for newer processors
    
    Note: PCI ID for this processor will make it into pci_ids.h
    as part of this patch:
    http://marc.info/?l=linux-kernel&m=139291362126057&w=2
    which should be pulled into 3.15 when merge window opens
    (It currently sits in 'for-next' branch of bp.git-
    https://git.kernel.org/cgit/linux/kernel/git/bp/bp.git/log/?h=for-next)
    
    Signed-off-by: Aravind Gopalakrishnan <Aravind.Gopalakrishnan@amd.com>
    Signed-off-by: Guenter Roeck <linux@roeck-us.net>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 2b419962df81739e1c643c37f01eea88761039b3
Author: Aravind Gopalakrishnan <Aravind.Gopalakrishnan@amd.com>
Date:   Thu Feb 20 10:28:46 2014 -0600

    amd64_edac: Add support for newer F16h models
    
    commit 85a8885bd0e00569108aa7b5e26b89c752e3cd51 upstream.
    
    Extend ECC decoding support for F16h M30h. Tested on F16h M30h with ECC
    turned on using mce_amd_inj module and the patch works fine.
    
    Signed-off-by: Aravind Gopalakrishnan <Aravind.Gopalakrishnan@amd.com>
    Link: http://lkml.kernel.org/r/1392913726-16961-1-git-send-email-Aravind.Gopalakrishnan@amd.com
    Tested-by: Arindam Nath <Arindam.Nath@amd.com>
    Acked-by: H. Peter Anvin <hpa@zytor.com>
    Signed-off-by: Borislav Petkov <bp@suse.de>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit c4f02d5466f24128c097d03752e4d1283058824b
Author: Chen Gang <gang.chen.5i5j@gmail.com>
Date:   Sat Nov 1 19:46:12 2014 +0800

    qla2xxx: remove redundant declaration in 'qla_gbl.h'
    
    commit 9493c2422cae272d6f1f567cbb424195defe4176 upstream.
    
    Remove 2 redundant extern inline functions: qla8044_set_qsnt_ready() and
    qla8044_need_reset_handler(). At present, within upstream next kernel
    source code, they are only used within "drivers/scsi/qla2xxx/qla_nx2.c".
    
    The related error and warnings (with allmodconfig under tile):
    
        CC [M]  drivers/scsi/qla2xxx/qla_nx2.o
      drivers/scsi/qla2xxx/qla_nx2.c:1633:1: error: static declaration of 'qla8044_need_reset_handler' follows non-static declaration
       qla8044_need_reset_handler(struct scsi_qla_host *vha)
       ^
      In file included from drivers/scsi/qla2xxx/qla_def.h:3706:0,
                       from drivers/scsi/qla2xxx/qla_nx2.c:11:
      drivers/scsi/qla2xxx/qla_gbl.h:756:20: note: previous declaration of 'qla8044_need_reset_handler' was here
       extern inline void qla8044_need_reset_handler(struct scsi_qla_host *vha);
                          ^
      drivers/scsi/qla2xxx/qla_gbl.h:756:20: warning: inline function 'qla8044_need_reset_handler' declared but never defined
      make[3]: *** [drivers/scsi/qla2xxx/qla_nx2.o] Error 1
      make[2]: *** [drivers/scsi/qla2xxx] Error 2
      make[1]: *** [drivers/scsi] Error 2
      make: *** [drivers] Error 2
    
        CC [M]  drivers/scsi/qla2xxx/qla_tmpl.o
      In file included from drivers/scsi/qla2xxx/qla_def.h:3706:0,
                       from drivers/scsi/qla2xxx/qla_tmpl.c:7:
      drivers/scsi/qla2xxx/qla_gbl.h:755:20: warning: inline function 'qla8044_set_qsnt_ready' declared but never defined
       extern inline void qla8044_set_qsnt_ready(struct scsi_qla_host *vha);
                        ^
    
    Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
    Acked-by: Saurav Kashyap <saurav.kashyap@qlogic.com>
    Signed-off-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit d87c448139ad3042ffdf2f30372b6e0a75c2f742
Author: Kirill A. Shutemov <kirill@shutemov.name>
Date:   Mon Oct 20 12:23:12 2014 +0300

    kernel: use the gnu89 standard explicitly
    
    commit 51b97e354ba9fce1890cf38ecc754aa49677fc89 upstream.
    
    Sasha Levin reports:
     "gcc5 changes the default standard to c11, which makes kernel build
      unhappy
    
      Explicitly define the kernel standard to be gnu89 which should keep
      everything working exactly like it was before gcc5"
    
    There are multiple small issues with the new default, but the biggest
    issue seems to be that the old - and very useful - GNU extension to
    allow a cast in front of an initializer has gone away.
    
    Patch updated by Kirill:
     "I'm pretty sure all gcc versions you can build kernel with supports
      -std=gnu89.  cc-option is redunrant.
    
      We also need to adjust HOSTCFLAGS otherwise allmodconfig fails for me"
    
    Note by Andrew Pinski:
     "Yes it was reported and both problems relating to this extension has
      been added to gnu99 and gnu11.  Though there are other issues with the
      kernel dealing with extern inline have different semantics between
      gnu89 and gnu99/11"
    
    End result: we may be able to move up to a newer stdc model eventually,
    but right now the newer models have some annoying deficiencies, so the
    traditional "gnu89" model ends up being the preferred one.
    
    Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
    Singed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 23cb03e4f0be8264f68d5d458755ee99dc8419b3
Author: Behan Webster <behanw@converseincode.com>
Date:   Wed Oct 29 15:42:21 2014 -0700

    staging, rtl8192e, LLVMLinux: Remove unused inline prototype
    
    commit 62ec95f86d2850b7ce6d73fb236a6fcf48411aea upstream.
    
    rtllib_probe_req is defined as "static inline" in rtllib_softmac.c however it
    is declared differently as "extern inline" in rtllib_softmac.h. Since it isn't
    used outside of the scope of rtllib_softmac, it makes sense to remove the
    incorrect declaration.
    
    Signed-off-by: Behan Webster <behanw@converseincode.com>
    Suggested-by: Arnd Bergmann <arnd@arndb.de>
    Cc: Arnd Bergmann <arnd@arndb.de>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 410dfdf95dcc0c6e2c8e955662db7c6beeb5bc06
Author: Arnd Bergmann <arnd@arndb.de>
Date:   Thu Jun 5 22:48:15 2014 +0200

    staging: rtl8712, rtl8712: avoid lots of build warnings
    
    commit 0c9f3a65c5eb7fe1fc611a22eb8a8b71ea865998 upstream.
    
    The rtl8712 driver has an 'extern inline' function that contains an
    'if', which causes lots of warnings with CONFIG_PROFILE_ALL_BRANCHES
    overriding the definition of 'if':
    
    drivers/staging/rtl8712/ieee80211.h:759:229: warning: '______f' is static but declared in inline function 'ieee80211_get_hdrlen' which is not static [enabled by default]
    
    This changes the driver to use 'static inline' instead, which happens
    to be the correct annotation anyway.
    
    Signed-off-by: Arnd Bergmann <arnd@arndb.de>
    Cc: Larry Finger <Larry.Finger@lwfinger.net>
    Cc: Florian Schilhabel <florian.c.schilhabel@googlemail.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 0c26d88da9ef571abb0166b30f1b31ad0d171730
Author: Behan Webster <behanw@converseincode.com>
Date:   Wed Oct 29 15:42:20 2014 -0700

    staging, rtl8192e, LLVMLinux: Change extern inline to static inline
    
    commit 6d91857d4826b382b3fd4fad95f52713be646f96 upstream.
    
    With compilers which follow the C99 standard (like modern versions of gcc and
    clang), "extern inline" does the opposite thing from older versions of gcc
    (emits code for an externally linkable version of the inline function).
    
    "static inline" does the intended behavior in all cases instead.
    
    Signed-off-by: Behan Webster <behanw@converseincode.com>
    Suggested-by: Arnd Bergmann <arnd@arndb.de>
    Cc: Arnd Bergmann <arnd@arndb.de>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 50defa03f66e012438528be00a1ccca23c4c007e
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date:   Sat May 23 13:26:23 2015 -0700

    staging: wlags49_h2: fix extern inline functions
    
    Patch not upstream as this driver is deleted there.
    
    Fix up some "extern inline" functions as they break the build when using
    a "modern" complier (i.e. gcc5).
    
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 1ac03d64ccd7923fe6eebd87908f06700dbf1e37
Author: Logan Gunthorpe <logang@deltatee.com>
Date:   Sat May 9 11:09:11 2015 -0600

    Added another USB product ID for ELAN touchscreen quirks.
    
    commit dc703ec22074d9c71a12da20670369fac3ea4296 upstream.
    
    I've had the same issue as described in commit
    
    c68929f75dfcb6354918862b91b5778585de1fa5
    
    Except my touchscreen's ID is
    
    ID 04f3:0125 Elan Microelectronics Corp.
    
    Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit fb6af6cb768a33df9ecc7ace4481da155396bd04
Author: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date:   Tue Apr 28 19:30:47 2015 +0200

    usb: chipidea: debug: avoid out of bound read
    
    commit bd5fb0aec3dd7cde7ec4c397b10e55d4c9626d8d upstream.
    
    A string written by the user may not be zero terminated.
    
    sscanf may read memory beyond the buffer if no zero byte
    is found.
    
    For testing build with CONFIG_USB_CHIPIDEA=y, CONFIG_USB_CHIPIDEA_DEBUG=y.
    
    Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
    Signed-off-by: Peter Chen <peter.chen@freescale.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit ae35eaa4844b87826202fb4ccd3483586d64c2d7
Author: Ming-ting Yao Wei <mwei@lxde.org>
Date:   Tue Apr 14 16:59:11 2015 -0700

    Input: xpad - add rumble support for Xbox One controller
    
    commit 0604949ce3b9a59cff419daf706272620a9a0df0 upstream.
    
    This adds rumble support for Xbox One controller by sending continuous
    rumble command. Trigger button rumbling is not yet implemented.
    
    Signed-off-by: Ming-ting Yao Wei <mwei@lxde.org>
    Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 5c2747507dcd611da078fdf66be467bdef3975a2
Author: Tommi Rantala <tt.rantala@gmail.com>
Date:   Thu Oct 16 14:02:07 2014 -0700

    Input: xpad - add Thrustmaster as Xbox 360 controller vendor
    
    commit 4dfb15cd5aaa6682e93854a74b394a1c95b82621 upstream.
    
    Add Thrustmaster as Xbox 360 controller vendor. This is required for
    example to make the GP XID (044f:b326) gamepad work.
    
    Signed-off-by: Tommi Rantala <tt.rantala@gmail.com>
    Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 9a30c06838feb1263b5cae05e7f871d99e7da94f
Author: Ted Mielczarek <ted@mielczarek.org>
Date:   Fri Aug 8 11:21:59 2014 -0700

    Input: xpad - add support for Xbox One controllers
    
    commit 1a48ff81b3912be5fadae3fafde6c2f632246a4c upstream.
    
    Xbox One controllers require an initialization message to start sending
    data, so xpad_init_output becomes a required function. The Xbox One
    controller does not have LEDs like the Xbox 360 controller, so that
    functionality is not implemented. The format of messages controlling rumble
    is currently undocumented, so rumble support is not yet implemented.
    
    Note that Xbox One controller advertises three interfaces with the same
    interface class, subclass and protocol, so we have to also match against
    interface number.
    
    Signed-off-by: Ted Mielczarek <ted@mielczarek.org>
    Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 8452773259cd552c289fa422209bcc12d59270e6
Author: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Date:   Mon Apr 6 09:44:59 2015 -0700

    Input: cros_ec_keyb - fix clearing keyboard state on wakeup
    
    commit ef30a406468a3eae007210ae0dc5ed8d5eb59b7d upstream.
    
    As the comment right before explains, the keyboard state is to be cleared
    only if the EC wasn't a wakeup source in the last suspend.
    
    Without this commit, there's an unneeded delay when resuming from suspend
    and we also lose the key that was pressed while suspended.
    
    Signed-off-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
    Reviewed-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
    Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 58afd668e242b6af089940d1b85eeb2be59fa691
Author: Lars Poeschel <poeschel@lemonage.de>
Date:   Tue Mar 24 09:25:10 2015 -0700

    Input: usbtouchscreen - add new model from IRTOUCHSYSTEMS
    
    commit dbea4032f8024e5ea886341f7c39cf023e30e828 upstream.
    
    This adds support for another model of IRTOUCH SYSTEMS Co.,LtD infrared
    touchscreens. The USB vendorID/deviceID is 6615/0012. It is also sold
    under the label "Elektrosil".
    
    The datasheet states that coordinates for x and y are in the range from
    0 to 32767.
    
    Signed-off-by: Lars Poeschel <poeschel@lemonage.de>
    Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 7b40fa9889ad0e2b54e5419b1e3a01ff6ab85f16
Author: Jiri Kosina <jkosina@suse.cz>
Date:   Thu Apr 9 13:32:35 2015 +0200

    HID: debug: fix error handling in hid_debug_events_read()
    
    commit 8fec02a73e31407e14986fca67dab48d4f777f0e upstream.
    
    In the unlikely case of hdev vanishing while hid_debug_events_read() was
    sleeping, we can't really break out of the case switch as with other cases,
    as on the way out we'll try to remove ourselves from the hdev waitqueue.
    
    Fix this by taking a shortcut exit path and avoiding cleanup that doesn't
    make sense in case hdev doesn't exist any more anyway.
    
    Reported-by: Jiri Slaby <jslaby@suse.cz>
    Signed-off-by: Jiri Kosina <jkosina@suse.cz>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit ef18ea6b22587c3778cc71e67a0297ebb0660f65
Author: David Fries <David@Fries.net>
Date:   Mon Nov 10 20:19:36 2014 -0600

    cn: verify msg->len before making callback
    
    commit a30cfa475d1a26c18f1998ba1e034a4e2ab4c7a8 upstream.
    
    The struct cn_msg len field comes from userspace and needs to be
    validated.  More logical to do so here where the cn_msg pointer is
    pulled out of the sk_buff than the callback which is passed cn_msg *
    and might assume no validation is needed.
    
    Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
    Acked-by: Evgeniy Polyakov <zbr@ioremap.net>
    Signed-off-by: David Fries <David@Fries.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 6ab282fe6d43027b3b1ef820b3798aae8fdb432b
Author: Eric W. Biederman <ebiederm@xmission.com>
Date:   Wed Jan 7 14:28:26 2015 -0600

    mnt: Fail collect_mounts when applied to unmounted mounts
    
    commit cd4a40174b71acd021877341684d8bb1dc8ea4ae upstream.
    
    The only users of collect_mounts are in audit_tree.c
    
    In audit_trim_trees and audit_add_tree_rule the path passed into
    collect_mounts is generated from kern_path passed an audit_tree
    pathname which is guaranteed to be an absolute path.   In those cases
    collect_mounts is obviously intended to work on mounted paths and
    if a race results in paths that are unmounted when collect_mounts
    it is reasonable to fail early.
    
    The paths passed into audit_tag_tree don't have the absolute path
    check.  But are used to play with fsnotify and otherwise interact with
    the audit_trees, so again operating only on mounted paths appears
    reasonable.
    
    Avoid having to worry about what happens when we try and audit
    unmounted filesystems by restricting collect_mounts to mounts
    that appear in the mount tree.
    
    Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 0b8b97704fbe442b3bba7a2c7eba9113122abafd
Author: Jens Axboe <axboe@fb.com>
Date:   Wed Apr 15 11:17:23 2015 -0600

    aio: fix serial draining in exit_aio()
    
    commit dc48e56d761610da4ea1088d1bea0a030b8e3e43 upstream.
    
    exit_aio() currently serializes killing io contexts. Each context
    killing ends up having to do percpu_ref_kill(), which in turns has
    to wait for an RCU grace period. This can take a long time, depending
    on the number of contexts. And there's no point in doing them serially,
    when we could be waiting for all of them in one fell swoop.
    
    This patches makes my fio thread offload test case exit 0.2s instead
    of almost 6s.
    
    Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
    Signed-off-by: Jens Axboe <axboe@fb.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit eb18d4eed036ccf29e4c979d46661c16753f940c
Author: Oleg Nesterov <oleg@redhat.com>
Date:   Wed Apr 30 19:02:48 2014 +0200

    aio: change exit_aio() to load mm->ioctx_table once and avoid rcu_read_lock()
    
    commit 4b70ac5fd9b58bfaa5f25b4ea48f528aefbf3308 upstream.
    
    On 04/30, Benjamin LaHaise wrote:
    >
    > > -		ctx->mmap_size = 0;
    > > -
    > > -		kill_ioctx(mm, ctx, NULL);
    > > +		if (ctx) {
    > > +			ctx->mmap_size = 0;
    > > +			kill_ioctx(mm, ctx, NULL);
    > > +		}
    >
    > Rather than indenting and moving the two lines changing mmap_size and the
    > kill_ioctx() call, why not just do "if (!ctx) ... continue;"?  That reduces
    > the number of lines changed and avoid excessive indentation.
    
    OK. To me the code looks better/simpler with "if (ctx)", but this is subjective
    of course, I won't argue.
    
    The patch still removes the empty line between mmap_size = 0 and kill_ioctx(),
    we reset mmap_size only for kill_ioctx(). But feel free to remove this change.
    
    -------------------------------------------------------------------------------
    Subject: [PATCH v3 1/2] aio: change exit_aio() to load mm->ioctx_table once and avoid rcu_read_lock()
    
    1. We can read ->ioctx_table only once and we do not read rcu_read_lock()
       or even rcu_dereference().
    
       This mm has no users, nobody else can play with ->ioctx_table. Otherwise
       the code is buggy anyway, if we need rcu_read_lock() in a loop because
       ->ioctx_table can be updated then kfree(table) is obviously wrong.
    
    2. Update the comment. "exit_mmap(mm) is coming" is the good reason to avoid
       munmap(), but another reason is that we simply can't do vm_munmap() unless
       current->mm == mm and this is not true in general, the caller is mmput().
    
    3. We do not really need to nullify mm->ioctx_table before return, probably
       the current code does this to catch the potential problems. But in this
       case RCU_INIT_POINTER(NULL) looks better.
    
    Signed-off-by: Oleg Nesterov <oleg@redhat.com>
    Signed-off-by: Benjamin LaHaise <bcrl@kvack.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 4e922faea3afd26f09b1c4cb82c61fe8614c672d
Author: Tomas Henzl <thenzl@redhat.com>
Date:   Fri Jan 23 16:41:20 2015 -0600

    hpsa: turn off interrupts when kdump starts
    
    commit 3b747298786355c6934b0892fc9ae4ca44105192 upstream.
    
    Sometimes when the card is restarted it may cause -
    "irq 16: nobody cared (try booting with the "irqpoll" option)"
    that is likely caused so, that the card, after the hard reset
    finishes, pulls on the irq. Disabling the ints before or after
    the hpsa_kdump_hard_reset_controller fixes it.
    
    At this point we can't know in which state the card is,
    so using SA5_INTR_OFF + SA5_REPLY_INTR_MASK_OFFSET defines directly,
    instead of the function the drivers provides, seems to be apropriate.
    
    Reviewed-by: Scott Teel <scott.teel@pmcs.com>
    Signed-off-by: Don Brace <don.brace@pmcs.com>
    Signed-off-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 8a26106c31b00766cc3671398b9bdd8d385fa817
Author: Tomas Henzl <thenzl@redhat.com>
Date:   Fri Sep 12 14:44:15 2014 +0200

    hpsa: add missing pci_set_master in kdump path
    
    commit 859c75aba20264d87dd026bab0d0ca3bff385955 upstream.
    
    Add a call to pci_set_master(...)  missing in the previous
    patch "hpsa: refine the pci enable/disable handling".
    Found thanks to Rob Elliot.
    
    Signed-off-by: Tomas Henzl <thenzl@redhat.com>
    Reviewed-by: Robert Elliott <elliott@hp.com>
    Tested-by: Robert Elliott <elliott@hp.com>
    Signed-off-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit b30e0283beda471289c36157828db98066599d3d
Author: Tomas Henzl <thenzl@redhat.com>
Date:   Thu Aug 14 16:12:39 2014 +0200

    hpsa: refine the pci enable/disable handling
    
    commit 132aa220b45d60e9b20def1e9d8be9422eed9616 upstream.
    
    When a second(kdump) kernel starts and the hard reset method is used
    the driver calls pci_disable_device without previously enabling it,
    so the kernel shows a warning -
    [   16.876248] WARNING: at drivers/pci/pci.c:1431 pci_disable_device+0x84/0x90()
    [   16.882686] Device hpsa
    disabling already-disabled device
    ...
    This patch fixes it, in addition to this I tried to balance also some other pairs
    of enable/disable device in the driver.
    Unfortunately I wasn't able to verify the functionality for the case of a sw reset,
    because of a lack of proper hw.
    
    Signed-off-by: Tomas Henzl <thenzl@redhat.com>
    Reviewed-by: Stephen M. Cameron <scameron@beardog.cce.hp.com>
    Signed-off-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 4d16cfbf033dac0876ddecf1b2947d1d7d74620c
Author: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date:   Fri Apr 17 15:04:48 2015 -0400

    config: Enable NEED_DMA_MAP_STATE by default when SWIOTLB is selected
    
    commit a6dfa128ce5c414ab46b1d690f7a1b8decb8526d upstream.
    
    A huge amount of NIC drivers use the DMA API, however if
    compiled under 32-bit an very important part of the DMA API can
    be ommitted leading to the drivers not working at all
    (especially if used with 'swiotlb=force iommu=soft').
    
    As Prashant Sreedharan explains it: "the driver [tg3] uses
    DEFINE_DMA_UNMAP_ADDR(), dma_unmap_addr_set() to keep a copy of
    the dma "mapping" and dma_unmap_addr() to get the "mapping"
    value. On most of the platforms this is a no-op, but ... with
    "iommu=soft and swiotlb=force" this house keeping is required,
    ... otherwise we pass 0 while calling pci_unmap_/pci_dma_sync_
    instead of the DMA address."
    
    As such enable this even when using 32-bit kernels.
    
    Reported-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
    Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    Acked-by: David S. Miller <davem@davemloft.net>
    Acked-by: Prashant Sreedharan <prashant@broadcom.com>
    Cc: Borislav Petkov <bp@alien8.de>
    Cc: H. Peter Anvin <hpa@zytor.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Michael Chan <mchan@broadcom.com>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: boris.ostrovsky@oracle.com
    Cc: cascardo@linux.vnet.ibm.com
    Cc: david.vrabel@citrix.com
    Cc: sanjeevb@broadcom.com
    Cc: siva.kallam@broadcom.com
    Cc: vyasevich@gmail.com
    Cc: xen-devel@lists.xensource.com
    Link: http://lkml.kernel.org/r/20150417190448.GA9462@l.oracle.com
    Signed-off-by: Ingo Molnar <mingo@kernel.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 0c716d536970efa2efd0fd50eb04bbf45c95cee7
Author: Martin K. Petersen <martin.petersen@oracle.com>
Date:   Mon May 4 12:20:29 2015 -0400

    libata: Blacklist queued TRIM on all Samsung 800-series
    
    commit 9a9324d3969678d44b330e1230ad2c8ae67acf81 upstream.
    
    The queued TRIM problems appear to be generic to Samsung's firmware and
    not tied to a particular model. A recent update to the 840 EVO firmware
    introduced the same issue as we saw on 850 Pro.
    
    Blacklist queued TRIM on all 800-series drives while we work this issue
    with Samsung.
    
    Reported-by: Günter Waller <g.wal@web.de>
    Reported-by: Sven Köhler <sven.koehler@gmail.com>
    Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
    Signed-off-by: Tejun Heo <tj@kernel.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit a48f74a6f8eb9fc39bf7139f4f9f76ba2bbf4312
Author: Martin K. Petersen <martin.petersen@oracle.com>
Date:   Fri Mar 27 15:17:20 2015 -0400

    libata: Update Crucial/Micron blacklist
    
    commit ff7f53fb82a7801a778e5902bdbbc5e195ab0de0 upstream.
    
    Micron has released an updated firmware (MU02) for M510/M550/MX100
    drives to fix the issues with queued TRIM. Queued TRIM remains broken on
    M500 but is working fine on later drives such as M600 and MX200.
    
    Tweak our blacklist to reflect the above.
    
    Link: https://bugzilla.kernel.org/show_bug.cgi?id=71371
    Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
    Signed-off-by: Tejun Heo <tj@kernel.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit d4048629324687a62b0487b1430c7a2c019f715e
Author: Martin Kaiser <lists@kaiser.cx>
Date:   Fri Jan 30 15:01:29 2015 +0100

    gpio: squelch a compiler warning
    
    drivers/gpio/gpiolib-of.c: In function 'of_gpiochip_find_and_xlate':
    drivers/gpio/gpiolib-of.c:52:21: warning: assignment makes integer from pointer without a cast [enabled by default]
       gg_data->out_gpio = ERR_PTR(ret);
                         ^
    This was introduced in 72464765733575dc89c509f16caabc2af47fda79, a
    backport of upstream commit 7b8792bbdffdff3abda704f89c6a45ea97afdc62.
    
    The upstream kernel changed the type of out_gpio from int to struct gpio_desc *
    as part of a larger refactoring that wasn't backported
    
    Signed-off-by: Martin Kaiser <martin@kaiser.cx>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>

commit 93091169a673f49c2574cddf1ef858cf0704f646
Author: Ian Wilson <iwilson@brocade.com>
Date:   Sat May 16 20:50:46 2015 +0200

    netfilter: Zero the tuple in nfnl_cthelper_parse_tuple()
    
    [ upstream commit 78146572b9cd20452da47951812f35b1ad4906be ]
    
    nfnl_cthelper_parse_tuple() is called from nfnl_cthelper_new(),
    nfnl_cthelper_get() and nfnl_cthelper_del().  In each case they pass
    a pointer to an nf_conntrack_tuple data structure local variable:
    
        struct nf_conntrack_tuple tuple;
        ...
        ret = nfnl_cthelper_parse_tuple(&tuple, tb[NFCTH_TUPLE]);
    
    The problem is that this local variable is not initialized, and
    nfnl_cthelper_parse_tuple() only initializes two fields: src.l3num and
    dst.protonum.  This leaves all other fields with undefined values
    based on whatever is on the stack:
    
        tuple->src.l3num = ntohs(nla_get_be16(tb[NFCTH_TUPLE_L3PROTONUM]));
        tuple->dst.protonum = nla_get_u8(tb[NFCTH_TUPLE_L4PROTONUM]);
    
    The symptom observed was that when the rpc and tns helpers were added
    then traffic to port 1536 was being sent to user-space.
    
    Signed-off-by: Ian Wilson <iwilson@brocade.com>
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>