)]}'
{
  "log": [
    {
      "commit": "8b378f1ff4c2aed62f6e64b8d802ca9d1f097335",
      "tree": "2e2f181714819906f0f1b7bf7a444818336fa1bf",
      "parents": [
        "16a39eddb18a2daf21142a8fd1fd0cfde76a9397"
      ],
      "author": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Thu Jan 05 19:17:33 2017 -0600"
      },
      "committer": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Thu Jan 05 19:29:20 2017 -0600"
      },
      "message": "sunrpc: Resolve uninitialized variable warnings\n\nChange-Id: Icb5134616d814da8b87ffdd199d62947da65b88b\n"
    },
    {
      "commit": "16a39eddb18a2daf21142a8fd1fd0cfde76a9397",
      "tree": "5f858f20e445c8a45078ca0ec5f61c4e088e1deb",
      "parents": [
        "e39192331424b6e0695038c1dd57f43efebe9355",
        "8d1988f838a95e836342b505398d38b223181f17"
      ],
      "author": {
        "name": "David Hays",
        "email": "dhays90@gmail.com",
        "time": "Fri Dec 30 09:42:57 2016 -0600"
      },
      "committer": {
        "name": "David Hays",
        "email": "dhays90@gmail.com",
        "time": "Fri Dec 30 10:00:46 2016 -0600"
      },
      "message": "Merge tag \u0027v3.4.113\u0027 into cm-14.1\n\nChange-Id: Ifa814958fd557299a5442731fc22fcb62139898b\n"
    },
    {
      "commit": "1fe59765f55e5f987b761e60be2277c6d21af417",
      "tree": "07e1bec075a2234d0971e79ff7b6cc446c281cfe",
      "parents": [
        "df6d5fd2a3e9dabffab716fcd3fbc4d9ba447614"
      ],
      "author": {
        "name": "fluxi",
        "email": "linflux@arcor.de",
        "time": "Fri Oct 21 22:57:35 2016 +0200"
      },
      "committer": {
        "name": "David Hays",
        "email": "dhays90@gmail.com",
        "time": "Wed Nov 30 10:28:00 2016 -0600"
      },
      "message": "sdcardfs: Flag files as non-mappable\n\nImplement Samsung\u0027s FMODE_NONMAPPABLE flag from\nsdcardfs version 2.1.4 as we hit a BUG on ext4:\n\n[   49.655037]@0 Kernel BUG at ffffffc0001deeec [verbose debug info unavailable]\n[   49.655045]@0 Internal error: Oops - BUG: 0 [#1] PREEMPT SMP\n[   49.655052]@0 Modules linked in:\n[   49.655061]@0 CPU: 0 PID: 283 Comm: kworker/u8:7 Tainted: G        W      3.18.20-perf-g3be2054-00086-ga8307fb #1\n[   49.655070]@0 Hardware name: Qualcomm Technologies, Inc. MSM 8996 v3 + PMI8996 MTP (DT)\n[   49.655077]@0 Workqueue: writeback bdi_writeback_workfn (flush-8:0)\n[   49.655096]@0 task: ffffffc174ba8b00 ti: ffffffc174bb4000 task.ti: ffffffc174bb4000\n[   49.655108]@0 PC is at mpage_prepare_extent_to_map+0x198/0x218\n[   49.655116]@0 LR is at mpage_prepare_extent_to_map+0x110/0x218\n[   49.655121]@0 pc : [\u003cffffffc0001deeec\u003e] lr : [\u003cffffffc0001dee64\u003e] pstate: 60000145\n[   49.655126]@0 sp : ffffffc174bb7800\n[   49.655130]@0 x29: ffffffc174bb7800 x28: ffffffc174bb7880\n[   49.655140]@0 x27: 000000000000000d x26: ffffffc1245505e8\n[   49.655149]@0 x25: 0000000000000000 x24: 0000000000003400\n[   49.655160]@0 x23: ffffffffffffffff x22: 0000000000000000\n[   49.655172]@0 x21: ffffffc174bb7888 x20: ffffffc174bb79e0\n[   49.655182]@0 x19: ffffffbdc4ee7b80 x18: 0000007f92872000\n[   49.655191]@0 x17: 0000007f959b6424 x16: ffffffc00016d1ac\n[   49.655201]@0 x15: 0000007f9285d158 x14: ffffffc1734796e8\n[   49.655210]@0 x13: ffffffbdc1ffa4c0 x12: ffffffbdc4ee7b80\n[   49.655220]@0 x11: 0000000000000100 x10: 0000000000000000\n[   49.655229]@0 x9 : 0000000000000000 x8 : ffffffc0b444e210\n[   49.655237]@0 x7 : 0000000000000000 x6 : ffffffc0b444e1e0\n[   49.655246]@0 x5 : 0000000000000000 x4 : 0000000000000001\n[   49.655254]@0 x3 : 0000000000000000 x2 : 400000000002003d\n[   49.655263]@0 x1 : ffffffbdc4ee7b80 x0 : 400000000002003d\n[   49.655271]@0\n[   49.656502]@0 Process kworker/u8:7 (pid: 283, stack limit \u003d 0xffffffc174bb4058)\n[   49.656509]@0 Call trace:\n[   49.656514]@0 [\u003cffffffc0001deeec\u003e] mpage_prepare_extent_to_map+0x198/0x218\n[   49.656526]@0 [\u003cffffffc0001e28d0\u003e] ext4_writepages+0x270/0xa58\n[   49.656533]@0 [\u003cffffffc00012982c\u003e] do_writepages+0x24/0x40\n[   49.656541]@0 [\u003cffffffc000180160\u003e] __writeback_single_inode+0x40/0x114\n[   49.656549]@0 [\u003cffffffc000180e50\u003e] writeback_sb_inodes+0x1dc/0x34c\n[   49.656555]@0 [\u003cffffffc00018103c\u003e] __writeback_inodes_wb+0x7c/0xc4\n[   49.656560]@0 [\u003cffffffc000181224\u003e] wb_writeback+0x110/0x1a8\n[   49.656565]@0 [\u003cffffffc000181344\u003e] wb_check_old_data_flush+0x88/0x98\n[   49.656571]@0 [\u003cffffffc00018156c\u003e] bdi_writeback_workfn+0xf4/0x1fc\n[   49.656576]@0 [\u003cffffffc0000b14f8\u003e] process_one_work+0x1e0/0x300\n[   49.656585]@0 [\u003cffffffc0000b1e14\u003e] worker_thread+0x318/0x438\n[   49.656590]@0 [\u003cffffffc0000b5da0\u003e] kthread+0xe0/0xec\n[   49.656598]@0 Code: f9400260 f9400a63 1ad92063 37580040 (e7f001f2)\n[   49.656604]@0 ---[ end trace cbed09f772fd630d ]---\n\nChange-Id: I931da7cb3841db1f130dba298a7d256b6f02d1bc\n"
    },
    {
      "commit": "03d1eccc55e86bf063bac2b8a44b11bb6148d9ee",
      "tree": "4fca3bf4f16465155706fd33641d1a411fb63eae",
      "parents": [
        "09a3900b6e6d6e180d1fb437837958ce41b1bd36"
      ],
      "author": {
        "name": "Daniel Rosenberg",
        "email": "drosen@google.com",
        "time": "Fri Apr 22 00:00:48 2016 -0700"
      },
      "committer": {
        "name": "David Hays",
        "email": "dhays90@gmail.com",
        "time": "Wed Nov 30 10:25:34 2016 -0600"
      },
      "message": "fuse: Add support for d_canonical_path\n\nAllows FUSE to report to inotify that it is acting\nas a layered filesystem. The userspace component\nreturns a string representing the location of the\nunderlying file. If the string cannot be resolved\ninto a path, the top level path is returned instead.\n\nbug: 23904372\nChange-Id: Iabdca0bbedfbff59e9c820c58636a68ef9683d9f\nSigned-off-by: Daniel Rosenberg \u003cdrosen@google.com\u003e\n"
    },
    {
      "commit": "09a3900b6e6d6e180d1fb437837958ce41b1bd36",
      "tree": "772937252491c482ecaac30e91f8835e366269cf",
      "parents": [
        "44d71eba7954a24e2ab72b7334337bfb76ab94d7"
      ],
      "author": {
        "name": "Daniel Rosenberg",
        "email": "drosen@google.com",
        "time": "Fri Apr 22 00:00:14 2016 -0700"
      },
      "committer": {
        "name": "David Hays",
        "email": "dhays90@gmail.com",
        "time": "Wed Nov 30 10:25:27 2016 -0600"
      },
      "message": "vfs: change d_canonical_path to take two paths\n\nbug: 23904372\nChange-Id: I4a686d64b6de37decf60019be1718e1d820193e6\nSigned-off-by: Daniel Rosenberg \u003cdrosen@google.com\u003e\n"
    },
    {
      "commit": "44d71eba7954a24e2ab72b7334337bfb76ab94d7",
      "tree": "2adf23ccac1ebf748d021cdcf4a1fccd23dedba7",
      "parents": [
        "00f3a5fc3108e366f48730299199390d87225bf7"
      ],
      "author": {
        "name": "Daniel Rosenberg",
        "email": "drosen@google.com",
        "time": "Thu Feb 11 16:44:15 2016 -0800"
      },
      "committer": {
        "name": "David Hays",
        "email": "dhays90@gmail.com",
        "time": "Wed Nov 30 10:24:55 2016 -0600"
      },
      "message": "vfs: add d_canonical_path for stacked filesystem support\n\nInotify does not currently know when a filesystem\nis acting as a wrapper around another fs. This means\nthat inotify watchers will miss any modifications to\nthe base file, as well as any made in a separate\nstacked fs that points to the same file.\nd_canonical_path solves this problem by allowing the fs\nto map a dentry to a path in the lower fs. Inotify\ncan use it to find the appropriate place to watch to\nbe informed of all changes to a file.\n\nChange-Id: I09563baffad1711a045e45c1bd0bd8713c2cc0b6\nSigned-off-by: Daniel Rosenberg \u003cdrosen@google.com\u003e\n"
    },
    {
      "commit": "d8554b108e421210750e7ef5ebab53f6de03fceb",
      "tree": "9cc591f4cc420ffb139f016acd0f0d8db94257a7",
      "parents": [
        "dd096bc7335a7857ee053712f64f9938d0bbdb2b"
      ],
      "author": {
        "name": "Daniel Rosenberg",
        "email": "drosen@google.com",
        "time": "Thu Feb 11 16:53:36 2016 -0800"
      },
      "committer": {
        "name": "David Hays",
        "email": "dhays90@gmail.com",
        "time": "Wed Nov 30 10:24:24 2016 -0600"
      },
      "message": "sdcardfs: Add support for d_canonicalize\n\nChange-Id: I5d6f0e71b8ca99aec4b0894412f1dfd1cfe12add\nSigned-off-by: Daniel Rosenberg \u003cdrosen@google.com\u003e\n"
    },
    {
      "commit": "b7fb16f31a39e25c73635c09997966c508ba6db0",
      "tree": "fe9e38f476e2c34e9766dec4d6173f8efa924697",
      "parents": [
        "1d930b2b94f95685b6520fb5dca522ed41c1be6f"
      ],
      "author": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Fri Jun 15 03:01:42 2012 +0400"
      },
      "committer": {
        "name": "David Hays",
        "email": "dhays90@gmail.com",
        "time": "Wed Nov 30 08:32:27 2016 -0600"
      },
      "message": "get rid of kern_path_parent()\n\nall callers want the same thing, actually - a kinda-sorta analog of\nkern_path_create().  I.e. they want parent vfsmount/dentry (with\n-\u003ei_mutex held, to make sure the child dentry is still their child)\n+ the child dentry.\n\nSigned-off-by Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n\nChange-Id: I58cc7b0a087646516db9af69962447d27fb3ee8b\n"
    },
    {
      "commit": "1d930b2b94f95685b6520fb5dca522ed41c1be6f",
      "tree": "6f8281b575ee677a2190d2a18e114a3013ae55e3",
      "parents": [
        "885fd32ea5abab0e338f2068d09ee80f659999c4"
      ],
      "author": {
        "name": "Daniel Campello",
        "email": "campello@google.com",
        "time": "Mon Jul 20 16:23:50 2015 -0700"
      },
      "committer": {
        "name": "David Hays",
        "email": "dhays90@gmail.com",
        "time": "Wed Nov 30 08:32:23 2016 -0600"
      },
      "message": "Included sdcardfs source code for kernel 3.0\n\nOnly included the source code as is for kernel 3.0. Following patches\ntake care of porting this file system to version 3.10.\n\nChange-Id: I09e76db77cd98a059053ba5b6fd88572a4b75b5b\nSigned-off-by: Daniel Campello \u003ccampello@google.com\u003e\n"
    },
    {
      "commit": "885fd32ea5abab0e338f2068d09ee80f659999c4",
      "tree": "4742569da9c4afb3e8cb4f3b14942cc72420756c",
      "parents": [
        "c97fe2418e51a47b1966fbdd60beb9d84f703bc0"
      ],
      "author": {
        "name": "Lorenzo Colitti",
        "email": "lorenzo@google.com",
        "time": "Wed Dec 16 12:30:03 2015 +0900"
      },
      "committer": {
        "name": "David Hays",
        "email": "dhays90@gmail.com",
        "time": "Wed Nov 23 09:30:01 2016 -0600"
      },
      "message": "net: diag: Add the ability to destroy a socket.\n\nThis patch adds a SOCK_DESTROY operation, a destroy function\npointer to sock_diag_handler, and a diag_destroy function\npointer.  It does not include any implementation code.\n\n[Backport of net-next 64be0aed59ad519d6f2160868734f7e278290ac1]\n\nChange-Id: I1d998e1c5f836b2f5638c0f79244c372c8d2d9d9\nSigned-off-by: Lorenzo Colitti \u003clorenzo@google.com\u003e\nAcked-by: Eric Dumazet \u003cedumazet@google.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "b62986e7bd31fbad9e01c5f6199a01413e9b164f",
      "tree": "94ae99a2a24d048956cf302861f4be1092ca9048",
      "parents": [
        "315a9ded11f15ab0e43e30683e2b62453e695d6e"
      ],
      "author": {
        "name": "Daniel Rosenberg",
        "email": "drosen@google.com",
        "time": "Tue Jul 21 15:17:26 2015 -0700"
      },
      "committer": {
        "name": "David Hays",
        "email": "dhays90@gmail.com",
        "time": "Wed Nov 23 06:52:53 2016 -0800"
      },
      "message": "Fix incorrect conflict resolution in \"vfs: Add setns support for the mount namespace\"\n\nChange-Id: Ib974a066d15036c75f13ff7845cffc5b1f66ac75\n(cherry picked from commit 831730dbc5ebebe0f7d921dafd8aa5e4ed1b4192)\n"
    },
    {
      "commit": "315a9ded11f15ab0e43e30683e2b62453e695d6e",
      "tree": "9fe4ebecf54a061ea8e01aebda02f61899e9561a",
      "parents": [
        "851c34bdf9e5002c0be2a9ac3332742f7328b87f"
      ],
      "author": {
        "name": "Naveen Kaje",
        "email": "nkaje@codeaurora.org",
        "time": "Tue Jul 29 12:54:15 2014 -0600"
      },
      "committer": {
        "name": "David Hays",
        "email": "dhays90@gmail.com",
        "time": "Mon Oct 31 12:16:52 2016 -0700"
      },
      "message": "BACKPORT: fs: Add TTY PM IOCTLs to compat table\n\nAugment the compat ioctl table with entries for\nPM control of TTY devices. These compat entries\nwere not present since other TTY/serial core drivers\nwere not using them.\n\nBackport from kernel msm-3.18\n\nChange-Id: I96a0e54c001d780a2a427380655f1fbb0091aef7\nSigned-off-by: Naveen Kaje \u003cnkaje@codeaurora.org\u003e\n"
    },
    {
      "commit": "1c8544a93151329be95f702f6f4029f860b77ee7",
      "tree": "1a1cd34ba915faa832ac83d0086e0cc9f1b1be45",
      "parents": [
        "86eecef7f9d182c759c687020a504235c6bef903"
      ],
      "author": {
        "name": "Michal Hocko",
        "email": "mhocko@suse.com",
        "time": "Sun Oct 16 11:55:00 2016 +0200"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Wed Oct 26 23:15:46 2016 +0800"
      },
      "message": "mm, gup: close FOLL MAP_PRIVATE race\n\ncommit 19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619 upstream.\n\nfaultin_page drops FOLL_WRITE after the page fault handler did the CoW\nand then we retry follow_page_mask to get our CoWed page. This is racy,\nhowever because the page might have been unmapped by that time and so\nwe would have to do a page fault again, this time without CoW. This\nwould cause the page cache corruption for FOLL_FORCE on MAP_PRIVATE\nread only mappings with obvious consequences.\n\nThis is an ancient bug that was actually already fixed once by Linus\neleven years ago in commit 4ceb5db9757a (\"Fix get_user_pages() race\nfor write access\") but that was then undone due to problems on s390\nby commit f33ea7f404e5 (\"fix get_user_pages bug\") because s390 didn\u0027t\nhave proper dirty pte tracking until abf09bed3cce (\"s390/mm: implement\nsoftware dirty bits\"). This wasn\u0027t a problem at the time as pointed out\nby Hugh Dickins because madvise relied on mmap_sem for write up until\n0a27a14a6292 (\"mm: madvise avoid exclusive mmap_sem\") but since then we\ncan race with madvise which can unmap the fresh COWed page or with KSM\nand corrupt the content of the shared page.\n\nThis patch is based on the Linus\u0027 approach to not clear FOLL_WRITE after\nthe CoW page fault (aka VM_FAULT_WRITE) but instead introduces FOLL_COW\nto note this fact. The flag is then rechecked during follow_pfn_pte to\nenforce the page fault again if we do not see the CoWed page. Linus was\nsuggesting to check pte_dirty again as s390 is OK now. But that would\nmake backporting to some old kernels harder. So instead let\u0027s just make\nsure that vm_normal_page sees a pure anonymous page.\n\nThis would guarantee we are seeing a real CoW page. Introduce\ncan_follow_write_pte which checks both pte_write and falls back to\nPageAnon on forced write faults which passed CoW already. Thanks to Hugh\nto point out that a special care has to be taken for KSM pages because\nour COWed page might have been merged with a KSM one and keep its\nPageAnon flag.\n\nFixes: 0a27a14a6292 (\"mm: madvise avoid exclusive mmap_sem\")\nReported-by: Phil \"not Paul\" Oester \u003ckernel@linuxace.com\u003e\nDisclosed-by: Andy Lutomirski \u003cluto@kernel.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Michal Hocko \u003cmhocko@suse.com\u003e\n[bwh: Backported to 3.2:\n - Adjust filename, context, indentation\n - The \u0027no_page\u0027 exit path in follow_page() is different, so open-code the\n   cleanup\n - Delete a now-unused label]\nSigned-off-by: Ben Hutchings \u003cben@decadent.org.uk\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "7862b8a351bb72b45307123993b2991374869765",
      "tree": "2e78f60d9eb52ac478e6384de8fdb4e4cd45adbb",
      "parents": [
        "d64519bf05760fc4f2d9a31e28df56af873c5b65"
      ],
      "author": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Sun Oct 09 19:20:47 2016 +0800"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Wed Oct 26 23:15:44 2016 +0800"
      },
      "message": "Revert \"USB: Add device quirk for ASUS T100 Base Station keyboard\"\n\nThis reverts commit eea5a87d270e8d6925063019c3b0f3ff61fcb49a.\n\nConflicts:\n\tdrivers/usb/core/quirks.c\n\tinclude/linux/usb/quirks.h\n\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "af706acbb5dbf492ad19fb448c2f05db8595f78e",
      "tree": "4bc5b6abd82e79329c1d5af431f2df5d71b8b077",
      "parents": [
        "a4ea6252cc4b05d002ea465ef17bd8dcdd83b6bf"
      ],
      "author": {
        "name": "Nicolas Dichtel",
        "email": "nicolas.dichtel@6wind.com",
        "time": "Wed Sep 05 02:12:42 2012 +0000"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Wed Oct 26 23:15:43 2016 +0800"
      },
      "message": "ipv6: fix handling of blackhole and prohibit routes\n\ncommit ef2c7d7b59708d54213c7556a82d14de9a7e4475 upstream.\n\nWhen adding a blackhole or a prohibit route, they were handling like classic\nroutes. Moreover, it was only possible to add this kind of routes by specifying\nan interface.\n\nBug already reported here:\n  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug\u003d498498\n\nBefore the patch:\n  $ ip route add blackhole 2001::1/128\n  RTNETLINK answers: No such device\n  $ ip route add blackhole 2001::1/128 dev eth0\n  $ ip -6 route | grep 2001\n  2001::1 dev eth0  metric 1024\n\nAfter:\n  $ ip route add blackhole 2001::1/128\n  $ ip -6 route | grep 2001\n  blackhole 2001::1 dev lo  metric 1024  error -22\n\nv2: wrong patch\nv3: add a field fc_type in struct fib6_config to store RTN_* type\n\nSigned-off-by: Nicolas Dichtel \u003cnicolas.dichtel@6wind.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "a4ea6252cc4b05d002ea465ef17bd8dcdd83b6bf",
      "tree": "f463d59ca2a976954c304276b98cea18437af699",
      "parents": [
        "3b02ae3d45ca3b0128317f38ce5e56828c67e53b"
      ],
      "author": {
        "name": "Michal Kubeček",
        "email": "mkubecek@suse.cz",
        "time": "Mon Sep 09 21:45:04 2013 +0200"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Wed Oct 26 23:15:43 2016 +0800"
      },
      "message": "ipv6: don\u0027t call fib6_run_gc() until routing is ready\n\ncommit 2c861cc65ef4604011a0082e4dcdba2819aa191a upstream.\n\nWhen loading the ipv6 module, ndisc_init() is called before\nip6_route_init(). As the former registers a handler calling\nfib6_run_gc(), this opens a window to run the garbage collector\nbefore necessary data structures are initialized. If a network\ndevice is initialized in this window, adding MAC address to it\ntriggers a NETDEV_CHANGEADDR event, leading to a crash in\nfib6_clean_all().\n\nTake the event handler registration out of ndisc_init() into a\nseparate function ndisc_late_init() and move it after\nip6_route_init().\n\nSigned-off-by: Michal Kubecek \u003cmkubecek@suse.cz\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "5781d89c5468dd7a9a17df7995541b284599e00a",
      "tree": "139ed197f24150f383414c9bf37be1fa9cf725ce",
      "parents": [
        "edd32246ed08de91f2270e7c4b0b65bbec6aba09"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "eric.dumazet@gmail.com",
        "time": "Wed May 01 05:24:03 2013 +0000"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Wed Oct 26 23:15:42 2016 +0800"
      },
      "message": "af_unix: fix a fatal race with bit fields\n\ncommit 60bc851ae59bfe99be6ee89d6bc50008c85ec75d upstream.\n\nUsing bit fields is dangerous on ppc64/sparc64, as the compiler [1]\nuses 64bit instructions to manipulate them.\nIf the 64bit word includes any atomic_t or spinlock_t, we can lose\ncritical concurrent changes.\n\nThis is happening in af_unix, where unix_sk(sk)-\u003egc_candidate/\ngc_maybe_cycle/lock share the same 64bit word.\n\nThis leads to fatal deadlock, as one/several cpus spin forever\non a spinlock that will never be available again.\n\nA safer way would be to use a long to store flags.\nThis way we are sure compiler/arch wont do bad things.\n\nAs we own unix_gc_lock spinlock when clearing or setting bits,\nwe can use the non atomic __set_bit()/__clear_bit().\n\nrecursion_level can share the same 64bit location with the spinlock,\nas it is set only with this spinlock held.\n\n[1] bug fixed in gcc-4.8.0 :\nhttp://gcc.gnu.org/bugzilla/show_bug.cgi?id\u003d52080\n\nReported-by: Ambrose Feinstein \u003cambrose@google.com\u003e\nSigned-off-by: Eric Dumazet \u003cedumazet@google.com\u003e\nCc: Benjamin Herrenschmidt \u003cbenh@kernel.crashing.org\u003e\nCc: Paul Mackerras \u003cpaulus@samba.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nCc: hejianet \u003chejianet@gmail.com\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "ffac74669117c65a25fa0a9c5194ef70fb95ee70",
      "tree": "5b90f61c4141795aab375b4d9d5aebe45b780732",
      "parents": [
        "334e907923e9cab057020a9c7ec7d9f32ead6573"
      ],
      "author": {
        "name": "David Vrabel",
        "email": "david.vrabel@citrix.com",
        "time": "Fri Oct 30 14:58:08 2015 +0000"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Wed Oct 26 23:15:39 2016 +0800"
      },
      "message": "xen: Add RING_COPY_REQUEST()\n\ncommit 454d5d882c7e412b840e3c99010fe81a9862f6fb upstream.\n\nUsing RING_GET_REQUEST() on a shared ring is easy to use incorrectly\n(i.e., by not considering that the other end may alter the data in the\nshared ring while it is being inspected).  Safe usage of a request\ngenerally requires taking a local copy.\n\nProvide a RING_COPY_REQUEST() macro to use instead of\nRING_GET_REQUEST() and an open-coded memcpy().  This takes care of\nensuring that the copy is done correctly regardless of any possible\ncompiler optimizations.\n\nUse a volatile source to prevent the compiler from reordering or\nomitting the copy.\n\nThis is part of XSA155.\n\nSigned-off-by: David Vrabel \u003cdavid.vrabel@citrix.com\u003e\nSigned-off-by: Konrad Rzeszutek Wilk \u003ckonrad.wilk@oracle.com\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "0dd69de3c4f45c6e3af43e9146ee4679dbc45a33",
      "tree": "e12fe94a12bb98f9030ff607c9ac6d9f1cc5d9d7",
      "parents": [
        "1405c2b764791b8b6328d1e39059fb6780beef9e"
      ],
      "author": {
        "name": "James Bottomley",
        "email": "James.Bottomley@HansenPartnership.com",
        "time": "Fri Dec 11 09:16:38 2015 -0800"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Wed Oct 26 23:15:37 2016 +0800"
      },
      "message": "ses: fix additional element traversal bug\n\ncommit 5e1033561da1152c57b97ee84371dba2b3d64c25 upstream.\n\nKASAN found that our additional element processing scripts drop off\nthe end of the VPD page into unallocated space.  The reason is that\nnot every element has additional information but our traversal\nroutines think they do, leading to them expecting far more additional\ninformation than is present.  Fix this by adding a gate to the\ntraversal routine so that it only processes elements that are expected\nto have additional information (list is in SES-2 section 6.1.13.1:\nAdditional Element Status diagnostic page overview)\n\nReported-by: Pavel Tikhomirov \u003cptikhomirov@virtuozzo.com\u003e\nTested-by: Pavel Tikhomirov \u003cptikhomirov@virtuozzo.com\u003e\nSigned-off-by: James Bottomley \u003cJames.Bottomley@HansenPartnership.com\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "8a26248a33600fa61516fd190ec13279d1cdedf5",
      "tree": "ca3c7fa3b80a21b3a24e7464fbcfb56779ad63b4",
      "parents": [
        "5a8fea111f5199a7c1923874ff50c76ddbcfe548"
      ],
      "author": {
        "name": "lucien",
        "email": "lucien.xin@gmail.com",
        "time": "Sat Dec 05 15:35:36 2015 +0800"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Wed Oct 26 23:15:35 2016 +0800"
      },
      "message": "sctp: start t5 timer only when peer rwnd is 0 and local state is SHUTDOWN_PENDING\n\ncommit 8a0d19c5ed417c78d03f4e0fa7215e58c40896d8 upstream.\n\nwhen A sends a data to B, then A close() and enter into SHUTDOWN_PENDING\nstate, if B neither claim his rwnd is 0 nor send SACK for this data, A\nwill keep retransmitting this data until t5 timeout, Max.Retrans times\ncan\u0027t work anymore, which is bad.\n\nif B\u0027s rwnd is not 0, it should send abort after Max.Retrans times, only\nwhen B\u0027s rwnd \u003d\u003d 0 and A\u0027s retransmitting beyonds Max.Retrans times, A\nwill start t5 timer, which is also commit f8d960524328 (\"sctp: Enforce\nretransmission limit during shutdown\") means, but it lacks the condition\npeer rwnd \u003d\u003d 0.\n\nso fix it by adding a bit (zero_window_announced) in peer to record if\nthe last rwnd is 0. If it was, zero_window_announced will be set. and use\nthis bit to decide if start t5 timer when local.state is SHUTDOWN_PENDING.\n\nFixes: commit f8d960524328 (\"sctp: Enforce retransmission limit during shutdown\")\nSigned-off-by: Xin Long \u003clucien.xin@gmail.com\u003e\nSigned-off-by: Marcelo Ricardo Leitner \u003cmarcelo.leitner@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n[bwh: Backported to 3.2: change sack_needed to bitfield as done earlier upstream]\nSigned-off-by: Ben Hutchings \u003cben@decadent.org.uk\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "1be2ead7a8f779f2595afaa5523e7f83cd0dcf2b",
      "tree": "c6bf0497e9819a794611333d238f48c46f861f14",
      "parents": [
        "ff0dd8f8f68435374713feecdf74736953fd5196"
      ],
      "author": {
        "name": "Chen Yu",
        "email": "yu.c.chen@intel.com",
        "time": "Sun Oct 25 01:02:19 2015 +0800"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Wed Oct 26 23:15:26 2016 +0800"
      },
      "message": "ACPI: Use correct IRQ when uninstalling ACPI interrupt handler\n\ncommit 49e4b84333f338d4f183f28f1f3c1131b9fb2b5a upstream.\n\nCurrently when the system is trying to uninstall the ACPI interrupt\nhandler, it uses acpi_gbl_FADT.sci_interrupt as the IRQ number.\nHowever, the IRQ number that the ACPI interrupt handled is installed\nfor comes from acpi_gsi_to_irq() and that is the number that should\nbe used for the handler removal.\n\nFix this problem by using the mapped IRQ returned from acpi_gsi_to_irq()\nas appropriate.\n\nAcked-by: Lv Zheng \u003clv.zheng@intel.com\u003e\nSigned-off-by: Chen Yu \u003cyu.c.chen@intel.com\u003e\nSigned-off-by: Rafael J. Wysocki \u003crafael.j.wysocki@intel.com\u003e\n[lizf: Backported to 3.4: adjust context]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "8fb4b054c92925545e6e12b59f0c8b6b6f514984",
      "tree": "44361522917cf85e00136eb90fcc8c7e57d692c4",
      "parents": [
        "b7d44ef53eb257900c6f0183a39e4dee6fad6072"
      ],
      "author": {
        "name": "Daeho Jeong",
        "email": "daeho.jeong@samsung.com",
        "time": "Sun Oct 18 17:02:56 2015 -0400"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Wed Oct 26 23:15:25 2016 +0800"
      },
      "message": "ext4, jbd2: ensure entering into panic after recording an error in superblock\n\ncommit 4327ba52afd03fc4b5afa0ee1d774c9c5b0e85c5 upstream.\n\nIf a EXT4 filesystem utilizes JBD2 journaling and an error occurs, the\njournaling will be aborted first and the error number will be recorded\ninto JBD2 superblock and, finally, the system will enter into the\npanic state in \"errors\u003dpanic\" option.  But, in the rare case, this\nsequence is little twisted like the below figure and it will happen\nthat the system enters into panic state, which means the system reset\nin mobile environment, before completion of recording an error in the\njournal superblock. In this case, e2fsck cannot recognize that the\nfilesystem failure occurred in the previous run and the corruption\nwouldn\u0027t be fixed.\n\nTask A                        Task B\next4_handle_error()\n-\u003e jbd2_journal_abort()\n  -\u003e __journal_abort_soft()\n    -\u003e __jbd2_journal_abort_hard()\n    | -\u003e journal-\u003ej_flags |\u003d JBD2_ABORT;\n    |\n    |                         __ext4_abort()\n    |                         -\u003e jbd2_journal_abort()\n    |                         | -\u003e __journal_abort_soft()\n    |                         |   -\u003e if (journal-\u003ej_flags \u0026 JBD2_ABORT)\n    |                         |           return;\n    |                         -\u003e panic()\n    |\n    -\u003e jbd2_journal_update_sb_errno()\n\nTested-by: Hobin Woo \u003chobin.woo@samsung.com\u003e\nSigned-off-by: Daeho Jeong \u003cdaeho.jeong@samsung.com\u003e\nSigned-off-by: Theodore Ts\u0027o \u003ctytso@mit.edu\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "4447dfca8d1f6cdafceea49b61fc4f5f8533231f",
      "tree": "845b50f3f9ae37cb6a40a9b1642fe898128b1c1b",
      "parents": [
        "4b97aa11bdea56a873def5228ea1e336f922678d"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "edumazet@google.com",
        "time": "Wed Aug 17 05:56:26 2016 -0700"
      },
      "committer": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Tue Oct 25 13:48:19 2016 -0500"
      },
      "message": "tcp: fix use after free in tcp_xmit_retransmit_queue()\n\nWhen tcp_sendmsg() allocates a fresh and empty skb, it puts it at the\ntail of the write queue using tcp_add_write_queue_tail()\n\nThen it attempts to copy user data into this fresh skb.\n\nIf the copy fails, we undo the work and remove the fresh skb.\n\nUnfortunately, this undo lacks the change done to tp-\u003ehighest_sack and\nwe can leave a dangling pointer (to a freed skb)\n\nLater, tcp_xmit_retransmit_queue() can dereference this pointer and\naccess freed memory. For regular kernels where memory is not unmapped,\nthis might cause SACK bugs because tcp_highest_sack_seq() is buggy,\nreturning garbage instead of tp-\u003esnd_nxt, but with various debug\nfeatures like CONFIG_DEBUG_PAGEALLOC, this can crash the kernel.\n\nThis bug was found by Marco Grassi thanks to syzkaller.\n\nChange-Id: I264f97d30d0a623011d9ee811c63fa0e0c2149a2\nFixes: 6859d49475d4 (\"[TCP]: Abstract tp-\u003ehighest_sack accessing \u0026 point to next skb\")\nReported-by: Marco Grassi \u003cmarco.gra@gmail.com\u003e\nSigned-off-by: Eric Dumazet \u003cedumazet@google.com\u003e\nCc: Ilpo Järvinen \u003cilpo.jarvinen@helsinki.fi\u003e\nCc: Yuchung Cheng \u003cycheng@google.com\u003e\nCc: Neal Cardwell \u003cncardwell@google.com\u003e\nAcked-by: Neal Cardwell \u003cncardwell@google.com\u003e\nReviewed-by: Cong Wang \u003cxiyou.wangcong@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "4b97aa11bdea56a873def5228ea1e336f922678d",
      "tree": "2b733861734fc64ed2013c42d7613afd7ecb2a14",
      "parents": [
        "f218884cb16105c0ee25cf0e875f7ce1ca2cac70"
      ],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Thu Oct 20 00:49:40 2016 +0200"
      },
      "committer": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Tue Oct 25 13:48:12 2016 -0500"
      },
      "message": "mm: remove gup_flags FOLL_WRITE games from __get_user_pages()\n\nThis is an ancient bug that was actually attempted to be fixed once\n(badly) by me eleven years ago in commit 4ceb5db9757a (\"Fix\nget_user_pages() race for write access\") but that was then undone due to\nproblems on s390 by commit f33ea7f404e5 (\"fix get_user_pages bug\").\n\nIn the meantime, the s390 situation has long been fixed, and we can now\nfix it by checking the pte_dirty() bit properly (and do it better).  The\ns390 dirty bit was implemented in abf09bed3cce (\"s390/mm: implement\nsoftware dirty bits\") which made it into v3.9.  Earlier kernels will\nhave to look at the page state itself.\n\nAlso, the VM has become more scalable, and what used a purely\ntheoretical race back then has become easier to trigger.\n\nTo fix it, we introduce a new internal FOLL_COW flag to mark the \"yes,\nwe already did a COW\" rather than play racy games with FOLL_WRITE that\nis very fundamental, and then use the pte dirty flag to validate that\nthe FOLL_COW flag is still valid.\n\nChange-Id: Id9bec3722797dff7d0ff0d9f6097c4229e31fd62\nReported-and-tested-by: Phil \"not Paul\" Oester \u003ckernel@linuxace.com\u003e\nAcked-by: Hugh Dickins \u003chughd@google.com\u003e\nReviewed-by: Michal Hocko \u003cmhocko@suse.com\u003e\nCc: Andy Lutomirski \u003cluto@kernel.org\u003e\nCc: Kees Cook \u003ckeescook@chromium.org\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Willy Tarreau \u003cw@1wt.eu\u003e\nCc: Nick Piggin \u003cnpiggin@gmail.com\u003e\nCc: Greg Thelen \u003cgthelen@google.com\u003e\nCc: stable@vger.kernel.org\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n[wt: s/gup.c/memory.c; s/follow_page_pte/follow_page_mask;\n     s/faultin_page/__get_user_page]\nSigned-off-by: Willy Tarreau \u003cw@1wt.eu\u003e\n"
    },
    {
      "commit": "9f8ea59bdb92e7a2282a12e1f7417edcc811b23f",
      "tree": "14a99794f4aaef1b8ad98a20501741d8924f38e7",
      "parents": [
        "b99355c6fe72634cfb7633b1c6e1129ea83926ac"
      ],
      "author": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Thu Aug 18 22:06:13 2016 -0500"
      },
      "committer": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Thu Aug 18 22:06:13 2016 -0500"
      },
      "message": "f2fs: Squashed update from f2fs-stable\n\nhttps://git.kernel.org/cgit/linux/kernel/git/jaegeuk/f2fs-stable.git\nBranch: linux-3.4.y\nUp to and including:\n  fscrypto: no support for v3.4\n  2220ac23c3c583321276c85cbfd7f6378abd8f94\n\nChange-Id: I417b0479dcd9e9c257beb45852b70bca3630c61e\n"
    },
    {
      "commit": "1a1adbf5218dd57e01dfe89be35dbdd3b41a1e3c",
      "tree": "56c0ca7838ddf3e8c3971eec3b43fa0873efd6f5",
      "parents": [
        "2b644dbc8d40a5f80f451c1c2873606b7477170f"
      ],
      "author": {
        "name": "Jeeja KP",
        "email": "jeeja.kp@intel.com",
        "time": "Thu Feb 14 16:52:51 2013 +0530"
      },
      "committer": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Sat Jun 25 21:14:27 2016 -0500"
      },
      "message": "ALSA: compress: add support for gapless playback\n\nthis add new API for sound compress to support gapless playback.\nAs noted in Documentation change, we add API to send metadata of encoder and\npadding delay to DSP. Also add API for indicating EOF and switching to\nsubsequent track\n\nAlso bump the compress API version\n\nConflicts:\n\tinclude/uapi/sound/compress_offload.h\n\nSigned-off-by: Jeeja KP \u003cjeeja.kp@intel.com\u003e\nSigned-off-by: Vinod Koul \u003cvinod.koul@intel.com\u003e\nSigned-off-by: Takashi Iwai \u003ctiwai@suse.de\u003e\n\nConflicts:\n\n\tinclude/sound/compress_offload.h\n\nChange-Id: I62de413012796d61455f0ef484703d8b096f59c5\nSigned-off-by: Krishnankutty Kolathappilly \u003ckkolat@codeaurora.org\u003e\n"
    },
    {
      "commit": "6c846329cfe0a31cf2aa5f7bb161dd7e12e9e22c",
      "tree": "00620d6638b945408bd547f2c8235a197bb70dd3",
      "parents": [
        "b23297ea412da06e84002f441f209cc5df45d0d1"
      ],
      "author": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Fri Jun 03 11:26:48 2016 -0500"
      },
      "committer": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Fri Jun 03 09:36:54 2016 -0700"
      },
      "message": "f2fs: Squashed update from f2fs-stable\n\nhttps://git.kernel.org/cgit/linux/kernel/git/jaegeuk/f2fs-stable.git\nBranch: linux-3.4.y\nUp to and including:\n  f2fs: adjust other changes\n  2ba43a590c3fd78b3d05edd49aab3d2c34ae7232\n\nChange-Id: If67141f1a9d23e42bd972ad9aaef6e6aa3ac28b8\n"
    },
    {
      "commit": "482159dc9981163724c5eb3e5fbbfc5d95e709f1",
      "tree": "50fce437e582f9eb3f9844ee22ec4415c412fe65",
      "parents": [
        "d9a1c8fd2bb7290f0f20d3919947a9dff8ec805d"
      ],
      "author": {
        "name": "Willy Tarreau",
        "email": "w@1wt.eu",
        "time": "Mon Jan 18 16:36:09 2016 +0100"
      },
      "committer": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Mon May 23 21:13:07 2016 -0500"
      },
      "message": "pipe: limit the per-user amount of pages allocated in pipes\n\nOn no-so-small systems, it is possible for a single process to cause an\nOOM condition by filling large pipes with data that are never read. A\ntypical process filling 4000 pipes with 1 MB of data will use 4 GB of\nmemory. On small systems it may be tricky to set the pipe max size to\nprevent this from happening.\n\nThis patch makes it possible to enforce a per-user soft limit above\nwhich new pipes will be limited to a single page, effectively limiting\nthem to 4 kB each, as well as a hard limit above which no new pipes may\nbe created for this user. This has the effect of protecting the system\nagainst memory abuse without hurting other users, and still allowing\npipes to work correctly though with less data at once.\n\nThe limit are controlled by two new sysctls : pipe-user-pages-soft, and\npipe-user-pages-hard. Both may be disabled by setting them to zero. The\ndefault soft limit allows the default number of FDs per process (1024)\nto create pipes of the default size (64kB), thus reaching a limit of 64MB\nbefore starting to create only smaller pipes. With 256 processes limited\nto 1024 FDs each, this results in 1024*64kB + (256*1024 - 1024) * 4kB \u003d\n1084 MB of memory allocated for a user. The hard limit is disabled by\ndefault to avoid breaking existing applications that make intensive use\nof pipes (eg: for splicing).\n\nReported-by: socketpair@gmail.com\nReported-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nMitigates: CVE-2013-4312 (Linux 2.0+)\nSuggested-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Willy Tarreau \u003cw@1wt.eu\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n\nConflicts:\n\tDocumentation/sysctl/fs.txt\n\tfs/pipe.c\n\tinclude/linux/sched.h\n\nChange-Id: Ic7c678af18129943e16715fdaa64a97a7f0854be\n"
    },
    {
      "commit": "7d1db3b4bf74cce126755dfb4475632b82fcb95c",
      "tree": "93c3d320898d4c6eb0900e629f985256761e5cfb",
      "parents": [
        "332797a68d7a269225c47de2bb4e581eea5bcb47"
      ],
      "author": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Mon May 23 11:34:02 2016 -0500"
      },
      "committer": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Mon May 23 12:01:42 2016 -0500"
      },
      "message": "f2fs: Squashed update of f2fs-stable\n\nhttps://git.kernel.org/cgit/linux/kernel/git/jaegeuk/f2fs-stable.git\nBranch: linux-3.4.y\nUp to and including:\n  Revert \"f2fs: use cryptoapi crc32 functions\"\n  5b2523fc731f68cb48ca3d82f3ef2952a61ae5ba\n\nChange-Id: I062d186a7525d6a2ac431f811e5ca550c41ecf0f\n"
    },
    {
      "commit": "b5fb46e134ce146fc20672e9b2a57da977c5f26f",
      "tree": "2c87f498527a07b551bc7985afbc145e1eb2208c",
      "parents": [
        "394d806071beb3be46d7b3922af27039f283b57f"
      ],
      "author": {
        "name": "Charles Keepax",
        "email": "ckeepax@opensource.wolfsonmicro.com",
        "time": "Tue Oct 20 10:25:58 2015 +0100"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Wed Apr 27 18:55:28 2016 +0800"
      },
      "message": "ASoC: wm8904: Correct number of EQ registers\n\ncommit 97aff2c03a1e4d343266adadb52313613efb027f upstream.\n\nThere are 24 EQ registers not 25, I suspect this bug came about because\nthe registers start at EQ1 not zero. The bug is relatively harmless as\nthe extra register written is an unused one.\n\nSigned-off-by: Charles Keepax \u003cckeepax@opensource.wolfsonmicro.com\u003e\nSigned-off-by: Mark Brown \u003cbroonie@kernel.org\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "b0cce01be5f58ed399fdfc8e1b0fbcd827a35aef",
      "tree": "cf61f307b591ed355c8a8df39d43d9649fd0ee18",
      "parents": [
        "7646c507f1ad8bd14a3196f84b0eabb229dafb75"
      ],
      "author": {
        "name": "Kees Cook",
        "email": "keescook@chromium.org",
        "time": "Fri Sep 04 15:44:57 2015 -0700"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Wed Apr 27 18:55:18 2016 +0800"
      },
      "message": "fs: create and use seq_show_option for escaping\n\ncommit a068acf2ee77693e0bf39d6e07139ba704f461c3 upstream.\n\nMany file systems that implement the show_options hook fail to correctly\nescape their output which could lead to unescaped characters (e.g.  new\nlines) leaking into /proc/mounts and /proc/[pid]/mountinfo files.  This\ncould lead to confusion, spoofed entries (resulting in things like\nsystemd issuing false d-bus \"mount\" notifications), and who knows what\nelse.  This looks like it would only be the root user stepping on\nthemselves, but it\u0027s possible weird things could happen in containers or\nin other situations with delegated mount privileges.\n\nHere\u0027s an example using overlay with setuid fusermount trusting the\ncontents of /proc/mounts (via the /etc/mtab symlink).  Imagine the use\nof \"sudo\" is something more sneaky:\n\n  $ BASE\u003d\"ovl\"\n  $ MNT\u003d\"$BASE/mnt\"\n  $ LOW\u003d\"$BASE/lower\"\n  $ UP\u003d\"$BASE/upper\"\n  $ WORK\u003d\"$BASE/work/ 0 0\n  none /proc fuse.pwn user_id\u003d1000\"\n  $ mkdir -p \"$LOW\" \"$UP\" \"$WORK\"\n  $ sudo mount -t overlay -o \"lowerdir\u003d$LOW,upperdir\u003d$UP,workdir\u003d$WORK\" none /mnt\n  $ cat /proc/mounts\n  none /root/ovl/mnt overlay rw,relatime,lowerdir\u003dovl/lower,upperdir\u003dovl/upper,workdir\u003dovl/work/ 0 0\n  none /proc fuse.pwn user_id\u003d1000 0 0\n  $ fusermount -u /proc\n  $ cat /proc/mounts\n  cat: /proc/mounts: No such file or directory\n\nThis fixes the problem by adding new seq_show_option and\nseq_show_option_n helpers, and updating the vulnerable show_option\nhandlers to use them as needed.  Some, like SELinux, need to be open\ncoded due to unusual existing escape mechanisms.\n\n[akpm@linux-foundation.org: add lost chunk, per Kees]\n[keescook@chromium.org: seq_show_option should be using const parameters]\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: Jan Kara \u003cjack@suse.com\u003e\nAcked-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nCc: J. R. Okajima \u003chooanon05g@gmail.com\u003e\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n[lizf: Backported to 3.4:\n - adjust context\n - one more place in ceph needs to be changed\n - drop changes to overlayfs\n - drop showing vers in cifs]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "dc7e2fb68c6c0c268bfb264846d54dc8bf273a56",
      "tree": "2caf7a09868edb701e481423734ade5070347231",
      "parents": [
        "c02b085fafa2f8a6a9c447c4ac472552fabf3140"
      ],
      "author": {
        "name": "Mark Rustad",
        "email": "mark.d.rustad@intel.com",
        "time": "Mon Jul 13 11:40:02 2015 -0700"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Wed Apr 27 18:55:13 2016 +0800"
      },
      "message": "PCI: Add dev_flags bit to access VPD through function 0\n\ncommit 932c435caba8a2ce473a91753bad0173269ef334 upstream.\n\nAdd a dev_flags bit, PCI_DEV_FLAGS_VPD_REF_F0, to access VPD through\nfunction 0 to provide VPD access on other functions.  This is for hardware\ndevices that provide copies of the same VPD capability registers in\nmultiple functions.  Because the kernel expects that each function has its\nown registers, both the locking and the state tracking are affected by VPD\naccesses to different functions.\n\nOn such devices for example, if a VPD write is performed on function 0,\n*any* later attempt to read VPD from any other function of that device will\nhang.  This has to do with how the kernel tracks the expected value of the\nF bit per function.\n\nConcurrent accesses to different functions of the same device can not only\nhang but also corrupt both read and write VPD data.\n\nWhen hangs occur, typically the error message:\n\n  vpd r/w failed.  This is likely a firmware bug on this device.\n\nwill be seen.\n\nNever set this bit on function 0 or there will be an infinite recursion.\n\nSigned-off-by: Mark Rustad \u003cmark.d.rustad@intel.com\u003e\nSigned-off-by: Bjorn Helgaas \u003cbhelgaas@google.com\u003e\nAcked-by: Alexander Duyck \u003calexander.h.duyck@redhat.com\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "abd7a6fdf5c96e661e4520ec1cf718b9378f1342",
      "tree": "196b1c60ccc0499fe92e3a531576e6c6c18198c0",
      "parents": [
        "86f24e99598f298b78759616dfa9e8fcca0d3688",
        "3389604d77540abf738b486d650c1745b2d663ca"
      ],
      "author": {
        "name": "David Hays",
        "email": "dhays90@gmail.com",
        "time": "Mon Apr 11 13:09:16 2016 -0700"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Mon Apr 11 13:39:17 2016 -0700"
      },
      "message": "Merge tag \u0027v3.4.111\u0027 into cm-13.0\n\nThis is the 3.4.111 stable release\n\nConflicts:\n    fs/file_table.c\n    include/net/sock.h\n\nChange-Id: Ic65a8a4450b508018d5c092b420ebb23df0daef6\n"
    },
    {
      "commit": "4954e931655bcdb49e252960a651b3fd46b558c5",
      "tree": "3c4b8a9565b992de885bf0c907338f096dcb7901",
      "parents": [
        "9935340b80c4d3316268ab03ae1d3a1b0228cacc"
      ],
      "author": {
        "name": "Vasily Kulikov",
        "email": "segoon@openwall.com",
        "time": "Wed Sep 09 15:36:00 2015 -0700"
      },
      "committer": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Tue Mar 22 12:38:28 2016 -0500"
      },
      "message": "UPSTREAM: include/linux/poison.h: fix LIST_POISON{1,2} offset\n\n(cherry pick from commit 8a5e5e02fc83aaf67053ab53b359af08c6c49aaf)\n\nPoison pointer values should be small enough to find a room in\nnon-mmap\u0027able/hardly-mmap\u0027able space.  E.g.  on x86 \"poison pointer space\"\nis located starting from 0x0.  Given unprivileged users cannot mmap\nanything below mmap_min_addr, it should be safe to use poison pointers\nlower than mmap_min_addr.\n\nThe current poison pointer values of LIST_POISON{1,2} might be too big for\nmmap_min_addr values equal or less than 1 MB (common case, e.g.  Ubuntu\nuses only 0x10000).  There is little point to use such a big value given\nthe \"poison pointer space\" below 1 MB is not yet exhausted.  Changing it\nto a smaller value solves the problem for small mmap_min_addr setups.\n\nThe values are suggested by Solar Designer:\nhttp://www.openwall.com/lists/oss-security/2015/05/02/6\n\nSigned-off-by: Vasily Kulikov \u003csegoon@openwall.com\u003e\nCc: Solar Designer \u003csolar@openwall.com\u003e\nCc: Thomas Gleixner \u003ctglx@linutronix.de\u003e\nCc: \"Kirill A. Shutemov\" \u003ckirill.shutemov@linux.intel.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nBug: 26429468\nBug: 26186802\nBug: 26429519\nChange-Id: Ic51614f6cc98e416282f19af96b9d116eff7c08b\n"
    },
    {
      "commit": "ba8a85ef4d9a31a069bf5a5264d02a0f30fdfe7c",
      "tree": "c79d211d8fb707ed0565ec3186fc616db749831c",
      "parents": [
        "320f8303347ff4d4c1de6b6d562d5030852d5507"
      ],
      "author": {
        "name": "Clemens Ladisch",
        "email": "clemens@ladisch.de",
        "time": "Sun Nov 20 17:17:35 2011 +0100"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Mon Mar 21 09:17:58 2016 +0800"
      },
      "message": "ALSA: tlv: add DECLARE_TLV_DB_RANGE()\n\ncommit bf1d1c9b6179faa3bc32cee882462bc8eebde25d upstream.\n\nAdd a DECLARE_TLV_DB_RANGE() macro so that dB range information\ncan be specified without having to count the items manually for\nTLV_DB_RANGE_HEAD().\n\nSigned-off-by: Clemens Ladisch \u003cclemens@ladisch.de\u003e\nSigned-off-by: Takashi Iwai \u003ctiwai@suse.de\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "320f8303347ff4d4c1de6b6d562d5030852d5507",
      "tree": "0e708ef795d316c653e8b412fb5c605b18129dfb",
      "parents": [
        "0a165ad225ca19a2468d8e4281cc7d75d139aa5d"
      ],
      "author": {
        "name": "Clemens Ladisch",
        "email": "clemens@ladisch.de",
        "time": "Sun Nov 20 16:22:24 2011 +0100"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Mon Mar 21 09:17:58 2016 +0800"
      },
      "message": "ALSA: tlv: compute TLV_*_ITEM lengths automatically\n\ncommit b5b9eb546762c4015c67c31364a6ec6f83fd2ada upstream.\n\nAdd helper macros with a little bit of preprocessor magic to\nautomatically compute the length of a TLV item.  This lets us avoid\nhaving to compute this by hand, and will allow to use items that do\nnot use a fixed length.\n\nSigned-off-by: Clemens Ladisch \u003cclemens@ladisch.de\u003e\nSigned-off-by: Takashi Iwai \u003ctiwai@suse.de\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "ca7d623e1e0a028bd7931d153c15c99d11a12211",
      "tree": "4b33f480871a6a6e16586b82827b209be198b048",
      "parents": [
        "40570888be8087838c543f165e0d309b9869f526"
      ],
      "author": {
        "name": "Hannes Frederic Sowa",
        "email": "hannes@stressinduktion.org",
        "time": "Mon Dec 14 23:30:43 2015 +0100"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Mon Mar 21 09:17:57 2016 +0800"
      },
      "message": "net: fix warnings in \u0027make htmldocs\u0027 by moving macro definition out of field declaration\n\ncommit 7bbadd2d1009575dad675afc16650ebb5aa10612 upstream.\n\nDocbook does not like the definition of macros inside a field declaration\nand adds a warning. Move the definition out.\n\nFixes: 79462ad02e86180 (\"net: add validation for the socket syscall protocol argument\")\nReported-by: kbuild test robot \u003clkp@intel.com\u003e\nSigned-off-by: Hannes Frederic Sowa \u003channes@stressinduktion.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n[lizf: Backported to 3.4: adjust context]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "5317d9af12a59e83a6f173eac3808cc21f6e9d2b",
      "tree": "381f3d110c4dbc457a07ca99252496b5600f673f",
      "parents": [
        "31469735a1e6618754230266fb842c3f7510cd28"
      ],
      "author": {
        "name": "Michal Kubeček",
        "email": "mkubecek@suse.cz",
        "time": "Thu Aug 01 10:04:14 2013 +0200"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Mon Mar 21 09:17:57 2016 +0800"
      },
      "message": "ipv6: prevent fib6_run_gc() contention\n\ncommit 2ac3ac8f86f2fe065d746d9a9abaca867adec577 upstream.\n\nOn a high-traffic router with many processors and many IPv6 dst\nentries, soft lockup in fib6_run_gc() can occur when number of\nentries reaches gc_thresh.\n\nThis happens because fib6_run_gc() uses fib6_gc_lock to allow\nonly one thread to run the garbage collector but ip6_dst_gc()\ndoesn\u0027t update net-\u003eipv6.ip6_rt_last_gc until fib6_run_gc()\nreturns. On a system with many entries, this can take some time\nso that in the meantime, other threads pass the tests in\nip6_dst_gc() (ip6_rt_last_gc is still not updated) and wait for\nthe lock. They then have to run the garbage collector one after\nanother which blocks them for quite long.\n\nResolve this by replacing special value ~0UL of expire parameter\nto fib6_run_gc() by explicit \"force\" parameter to choose between\nspin_lock_bh() and spin_trylock_bh() and call fib6_run_gc() with\nforce\u003dfalse if gc_thresh is reached but not max_size.\n\nSigned-off-by: Michal Kubecek \u003cmkubecek@suse.cz\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n[lizf: Backported to 3.4: adjust context]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "f074c267d478acb66379d510c3132402f5384847",
      "tree": "2851f3ce8ec60c8999393f7739c2630eb817b4f1",
      "parents": [
        "8f452aa305e1b8bec21c8ce191c4af2b0cc14067"
      ],
      "author": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Fri Oct 04 11:06:42 2013 -0400"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Mon Mar 21 09:17:55 2016 +0800"
      },
      "message": "get rid of s_files and files_lock\n\ncommit eee5cc2702929fd41cce28058dc6d6717f723f87 upstream.\n\nThe only thing we need it for is alt-sysrq-r (emergency remount r/o)\nand these days we can do just as well without going through the\nlist of files.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n[lizf: Backported to 3.4: adjust context]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "39f79797d2c47256f1cac458766748af3d968c60",
      "tree": "b42cc0cdfcb7489a66e1a47903d23dd21110db66",
      "parents": [
        "0cf0ae366ff94870075cbe0a8f3a16a2107ae853"
      ],
      "author": {
        "name": "Hannes Frederic Sowa",
        "email": "hannes@stressinduktion.org",
        "time": "Mon Dec 14 22:03:39 2015 +0100"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Mon Mar 21 09:17:53 2016 +0800"
      },
      "message": "net: add validation for the socket syscall protocol argument\n\ncommit 79462ad02e861803b3840cc782248c7359451cd9 upstream.\n\n郭永刚 reported that one could simply crash the kernel as root by\nusing a simple program:\n\n\tint socket_fd;\n\tstruct sockaddr_in addr;\n\taddr.sin_port \u003d 0;\n\taddr.sin_addr.s_addr \u003d INADDR_ANY;\n\taddr.sin_family \u003d 10;\n\n\tsocket_fd \u003d socket(10,3,0x40000000);\n\tconnect(socket_fd , \u0026addr,16);\n\nAF_INET, AF_INET6 sockets actually only support 8-bit protocol\nidentifiers. inet_sock\u0027s skc_protocol field thus is sized accordingly,\nthus larger protocol identifiers simply cut off the higher bits and\nstore a zero in the protocol fields.\n\nThis could lead to e.g. NULL function pointer because as a result of\nthe cut off inet_num is zero and we call down to inet_autobind, which\nis NULL for raw sockets.\n\nkernel: Call Trace:\nkernel:  [\u003cffffffff816db90e\u003e] ? inet_autobind+0x2e/0x70\nkernel:  [\u003cffffffff816db9a4\u003e] inet_dgram_connect+0x54/0x80\nkernel:  [\u003cffffffff81645069\u003e] SYSC_connect+0xd9/0x110\nkernel:  [\u003cffffffff810ac51b\u003e] ? ptrace_notify+0x5b/0x80\nkernel:  [\u003cffffffff810236d8\u003e] ? syscall_trace_enter_phase2+0x108/0x200\nkernel:  [\u003cffffffff81645e0e\u003e] SyS_connect+0xe/0x10\nkernel:  [\u003cffffffff81779515\u003e] tracesys_phase2+0x84/0x89\n\nI found no particular commit which introduced this problem.\n\nCVE: CVE-2015-8543\nCc: Cong Wang \u003ccwang@twopensource.com\u003e\nReported-by: 郭永刚 \u003cguoyonggang@360.cn\u003e\nSigned-off-by: Hannes Frederic Sowa \u003channes@stressinduktion.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n[lizf: Backported to 3.4: open-code U8_MAX]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "ec54d5ae9d298abf01c273233de9f2bc25d80475",
      "tree": "4293b9f7b2a8ab47f1fc7c667e84e2544a3c8969",
      "parents": [
        "44b2ffc5ed1e7c6b96f103bdbbfda23fed07b18d"
      ],
      "author": {
        "name": "Rainer Weikusat",
        "email": "rweikusat@mobileactivedefense.com",
        "time": "Fri Nov 20 22:07:23 2015 +0000"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Mon Mar 21 09:17:53 2016 +0800"
      },
      "message": "unix: avoid use-after-free in ep_remove_wait_queue\n\ncommit 7d267278a9ece963d77eefec61630223fce08c6c upstream.\n\nRainer Weikusat \u003crweikusat@mobileactivedefense.com\u003e writes:\nAn AF_UNIX datagram socket being the client in an n:1 association with\nsome server socket is only allowed to send messages to the server if the\nreceive queue of this socket contains at most sk_max_ack_backlog\ndatagrams. This implies that prospective writers might be forced to go\nto sleep despite none of the message presently enqueued on the server\nreceive queue were sent by them. In order to ensure that these will be\nwoken up once space becomes again available, the present unix_dgram_poll\nroutine does a second sock_poll_wait call with the peer_wait wait queue\nof the server socket as queue argument (unix_dgram_recvmsg does a wake\nup on this queue after a datagram was received). This is inherently\nproblematic because the server socket is only guaranteed to remain alive\nfor as long as the client still holds a reference to it. In case the\nconnection is dissolved via connect or by the dead peer detection logic\nin unix_dgram_sendmsg, the server socket may be freed despite \"the\npolling mechanism\" (in particular, epoll) still has a pointer to the\ncorresponding peer_wait queue. There\u0027s no way to forcibly deregister a\nwait queue with epoll.\n\nBased on an idea by Jason Baron, the patch below changes the code such\nthat a wait_queue_t belonging to the client socket is enqueued on the\npeer_wait queue of the server whenever the peer receive queue full\ncondition is detected by either a sendmsg or a poll. A wake up on the\npeer queue is then relayed to the ordinary wait queue of the client\nsocket via wake function. The connection to the peer wait queue is again\ndissolved if either a wake up is about to be relayed or the client\nsocket reconnects or a dead peer is detected or the client socket is\nitself closed. This enables removing the second sock_poll_wait from\nunix_dgram_poll, thus avoiding the use-after-free, while still ensuring\nthat no blocked writer sleeps forever.\n\nSigned-off-by: Rainer Weikusat \u003crweikusat@mobileactivedefense.com\u003e\nFixes: ec0d215f9420 (\"af_unix: fix \u0027poll for write\u0027/connected DGRAM sockets\")\nReviewed-by: Jason Baron \u003cjbaron@akamai.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "3330d7bdad8141a862d7d9f19423453fbd92b76a",
      "tree": "5b192b64a5586b4bbfa5662d6634f7d9babdb4b6",
      "parents": [
        "460baab8b45e6f2a92a5e583d5e1bd9dd15b0f3a"
      ],
      "author": {
        "name": "Arne Fitzenreiter",
        "email": "arne_f@ipfire.org",
        "time": "Wed Jul 15 13:54:36 2015 +0200"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Mon Mar 21 09:17:45 2016 +0800"
      },
      "message": "libata: add ATA_HORKAGE_NOTRIM\n\ncommit 71d126fd28de2d4d9b7b2088dbccd7ca62fad6e0 upstream.\n\nSome devices lose data on TRIM whether queued or not.  This patch adds\na horkage to disable TRIM.\n\ntj: Collapsed unnecessary if() nesting.\n\nSigned-off-by: Arne Fitzenreiter \u003carne_f@ipfire.org\u003e\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\n[lizf: Backported to 3.4:\n - adjust context\n - drop changes to show_ata_dev_trim()]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "e47e85894f5db4049982296a46526a2aab78fd51",
      "tree": "dda302bb17a28711cda5b14ace930aa6eaffa826",
      "parents": [
        "9810a13f3e3fe2ba25fcd1fb6a8bd06e752998c2"
      ],
      "author": {
        "name": "Nikolay Borisov",
        "email": "kernel@kyup.com",
        "time": "Thu Jul 02 01:32:44 2015 -0400"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Mon Mar 21 09:17:40 2016 +0800"
      },
      "message": "bufferhead: Add _gfp version for sb_getblk()\n\ncommit bd7ade3cd9b0850264306f5c2b79024a417b6396 upstream.\n\nsb_getblk() is used during ext4 (and possibly other FSes) writeback\npaths. Sometimes such path require allocating memory and guaranteeing\nthat such allocation won\u0027t block. Currently, however, there is no way\nto provide user flags for sb_getblk which could lead to deadlocks.\n\nThis patch implements a sb_getblk_gfp with the only difference it can\naccept user-provided GFP flags.\n\nSigned-off-by: Nikolay Borisov \u003ckernel@kyup.com\u003e\nSigned-off-by: Theodore Ts\u0027o \u003ctytso@mit.edu\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "9810a13f3e3fe2ba25fcd1fb6a8bd06e752998c2",
      "tree": "5aed0c07e063d6fda3def6f35363666d8a5b520c",
      "parents": [
        "38464cd9b38b43ef757da18bc8b9badcd2b70dfb"
      ],
      "author": {
        "name": "Gioh Kim",
        "email": "gioh.kim@lge.com",
        "time": "Thu Sep 04 22:04:42 2014 -0400"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Mon Mar 21 09:17:39 2016 +0800"
      },
      "message": "fs/buffer.c: support buffer cache allocations with gfp modifiers\n\ncommit 3b5e6454aaf6b4439b19400d8365e2ec2d24e411 upstream.\n\nA buffer cache is allocated from movable area because it is referred\nfor a while and released soon.  But some filesystems are taking buffer\ncache for a long time and it can disturb page migration.\n\nNew APIs are introduced to allocate buffer cache with user specific\nflag.  *_gfp APIs are for user want to set page allocation flag for\npage cache allocation.  And *_unmovable APIs are for the user wants to\nallocate page cache from non-movable area.\n\nSigned-off-by: Gioh Kim \u003cgioh.kim@lge.com\u003e\nSigned-off-by: Theodore Ts\u0027o \u003ctytso@mit.edu\u003e\nReviewed-by: Jan Kara \u003cjack@suse.cz\u003e\n[lizf: Backported to 3.4: adjust context]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "ad31516703a7c1210078f690ea94a8efe4d01e91",
      "tree": "ab4494f3a60980909ac339ea58ec920c363dbf18",
      "parents": [
        "e8a835b9a482c3ab97c08847361900f7ed8ab1a6",
        "3edd6224c2a677bb59efe0b083a51fc2b3b5c64d"
      ],
      "author": {
        "name": "David Hays",
        "email": "dhays90@gmail.com",
        "time": "Mon Feb 22 00:00:29 2016 -0500"
      },
      "committer": {
        "name": "David Hays",
        "email": "dhays90@gmail.com",
        "time": "Mon Feb 22 17:33:37 2016 -0500"
      },
      "message": "Merge tag v3.4.110 into cm-13.0\n\nConflicts:\n\tdrivers/bluetooth/btusb.c\n\tdrivers/cpufreq/cpufreq.c\n\tdrivers/md/dm-crypt.c\n\tdrivers/mmc/core/core.c\n\tfs/namespace.c\n\tinclude/linux/usb/quirks.h\n\tnet/bluetooth/l2cap_core.c\n\tnet/bluetooth/smp.c\n\tnet/netfilter/xt_socket.c\n\tsecurity/keys/gc.c\n\tsecurity/selinux/nlmsgtab.c\n\nChange-Id: I336fc28268bf70846a49e8f1db4899a10a4e5edb\n"
    },
    {
      "commit": "9f62ded449a12eee28b004208cc7ed4aa7e2a311",
      "tree": "3be2e5dab59557027e0dfcb574ffa84dccadf017",
      "parents": [
        "039b1209eee164ab26ea181c60e98e10175c5d89"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Fri May 11 10:56:56 2012 +0100"
      },
      "committer": {
        "name": "David Hays",
        "email": "dhays90@gmail.com",
        "time": "Wed Feb 17 10:56:16 2016 -0500"
      },
      "message": "KEYS: Perform RCU synchronisation on keys prior to key destruction\n\nMake the keys garbage collector invoke synchronize_rcu() prior to destroying\nkeys with a zero usage count.  This means that a key can be examined under the\nRCU read lock in the safe knowledge that it won\u0027t get deallocated until after\nthe lock is released - even if its usage count becomes zero whilst we\u0027re\nlooking at it.\n\nThis is useful in keyring search vs key link.  Consider a keyring containing a\nlink to a key.  That link can be replaced in-place in the keyring without\nrequiring an RCU copy-and-replace on the keyring contents without breaking a\nsearch underway on that keyring when the displaced key is released, provided\nthe key is actually destroyed only after the RCU read lock held by the search\nalgorithm is released.\n\nThis permits __key_link() to replace a key without having to reallocate the key\npayload.  A key gets replaced if a new key being linked into a keyring has the\nsame type and description.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Jeff Layton \u003cjlayton@redhat.com\u003e\n\nConflicts:\n\tsecurity/keys/gc.c\n\nChange-Id: Ifd8549b5b906c638d63c358ce1f34acd81139207\n"
    },
    {
      "commit": "f192bd55edc1a5f639c0ac9828dba91f356fb41a",
      "tree": "c8a7d223438eb961f0de6b25f55e5d666cb1cc9a",
      "parents": [
        "ff028063a496f2a1748cdbe437dfcf5ba9970c75"
      ],
      "author": {
        "name": "Shiju Mathew",
        "email": "shijum@codeaurora.org",
        "time": "Fri Nov 13 15:51:34 2015 -0500"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Tue Dec 22 10:16:52 2015 -0800"
      },
      "message": "msm: vidc: Add support for Picture Order Count Type\n\nThis patch adds POC type support for video core that\nenables low-latency encoding.\n\nChange-Id: I1fe8ea38c7ed8d203a3ef99febb4001165a856fe\nSigned-off-by: Shiju Mathew \u003cshijum@codeaurora.org\u003e\n"
    },
    {
      "commit": "e72ace45e4a755b8b05fa714f7bea1ed4b79a9a8",
      "tree": "9b49ac46e092ee3a9c5061d0d9c78a9326dde402",
      "parents": [
        "c742cd3a567c2d713b48f4cfed1b519dde1f321a"
      ],
      "author": {
        "name": "Hannes Frederic Sowa",
        "email": "hannes@stressinduktion.org",
        "time": "Mon Dec 14 21:03:39 2015 +0000"
      },
      "committer": {
        "name": "David Hays",
        "email": "dhays90@gmail.com",
        "time": "Wed Dec 16 09:29:49 2015 -0800"
      },
      "message": "net: add validation for the socket syscall protocol argument\n\n郭永刚 reported that one could simply crash the kernel as root by\nusing a simple program:\n\n\tint socket_fd;\n\tstruct sockaddr_in addr;\n\taddr.sin_port \u003d 0;\n\taddr.sin_addr.s_addr \u003d INADDR_ANY;\n\taddr.sin_family \u003d 10;\n\n\tsocket_fd \u003d socket(10,3,0x40000000);\n\tconnect(socket_fd , \u0026addr,16);\n\nAF_INET, AF_INET6 sockets actually only support 8-bit protocol\nidentifiers. inet_sock\u0027s skc_protocol field thus is sized accordingly,\nthus larger protocol identifiers simply cut off the higher bits and\nstore a zero in the protocol fields.\n\nThis could lead to e.g. NULL function pointer because as a result of\nthe cut off inet_num is zero and we call down to inet_autobind, which\nis NULL for raw sockets.\n\nkernel: Call Trace:\nkernel:  [\u003cffffffff816db90e\u003e] ? inet_autobind+0x2e/0x70\nkernel:  [\u003cffffffff816db9a4\u003e] inet_dgram_connect+0x54/0x80\nkernel:  [\u003cffffffff81645069\u003e] SYSC_connect+0xd9/0x110\nkernel:  [\u003cffffffff810ac51b\u003e] ? ptrace_notify+0x5b/0x80\nkernel:  [\u003cffffffff810236d8\u003e] ? syscall_trace_enter_phase2+0x108/0x200\nkernel:  [\u003cffffffff81645e0e\u003e] SyS_connect+0xe/0x10\nkernel:  [\u003cffffffff81779515\u003e] tracesys_phase2+0x84/0x89\n\nI found no particular commit which introduced this problem.\n\nChange-Id: I653fad90da54908144cc8916c2dccb1fa6f14eed\nCVE: CVE-2015-8543\nCc: Cong Wang \u003ccwang@twopensource.com\u003e\nReported-by: 郭永刚 \u003cguoyonggang@360.cn\u003e\nSigned-off-by: Hannes Frederic Sowa \u003channes@stressinduktion.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n(cherry picked from commit c56b239c819bc0476b0a0059d7a92a9dd12915e3)\n"
    },
    {
      "commit": "5d1694ec31f22ab352bb41ecaee86f947605a3e5",
      "tree": "11ead058f4615f20d15996de989c17373eea6072",
      "parents": [
        "1c82b8b45cb936204baaee9aec0f6813d7b8544a"
      ],
      "author": {
        "name": "Sabrina Dubroca",
        "email": "sd@queasysnail.net",
        "time": "Thu Oct 15 12:25:00 2015 -0500"
      },
      "committer": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Tue Nov 10 15:39:42 2015 -0600"
      },
      "message": "net: add length argument to skb_copy_and_csum_datagram_iovec\n\nWithout this length argument, we can read past the end of the iovec in\nmemcpy_toiovec because we have no way of knowing the total length of the\niovec\u0027s buffers.\n\nThis is needed for stable kernels where 89c22d8c3b27 (\"net: Fix skb\ncsum races when peeking\") has been backported but that don\u0027t have the\nioviter conversion, which is almost all the stable trees \u003c\u003d 3.18.\n\nThis also fixes a kernel crash for NFS servers when the client uses\n -onfsvers\u003d3,proto\u003dudp to mount the export.\n\nChange-Id: I1865e3d7a1faee42a5008a9ad58c4d3323ea4bab\nSigned-off-by: Sabrina Dubroca \u003csd@queasysnail.net\u003e\nReviewed-by: Hannes Frederic Sowa \u003channes@stressinduktion.org\u003e\n"
    },
    {
      "commit": "e1ae22abf3a99e98cc109253400662b7f00403e1",
      "tree": "d1b9c4b07d7e518270a478f6f1e994e828dc2987",
      "parents": [
        "15488de7b72b6ab8254dda07053faa4be6b9ec66"
      ],
      "author": {
        "name": "Jan Kara",
        "email": "jack@suse.com",
        "time": "Tue Jul 28 14:57:14 2015 -0400"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Thu Oct 22 09:20:08 2015 +0800"
      },
      "message": "jbd2: avoid infinite loop when destroying aborted journal\n\ncommit 841df7df196237ea63233f0f9eaa41db53afd70f upstream.\n\nCommit 6f6a6fda2945 \"jbd2: fix ocfs2 corrupt when updating journal\nsuperblock fails\" changed jbd2_cleanup_journal_tail() to return EIO\nwhen the journal is aborted. That makes logic in\njbd2_log_do_checkpoint() bail out which is fine, except that\njbd2_journal_destroy() expects jbd2_log_do_checkpoint() to always make\na progress in cleaning the journal. Without it jbd2_journal_destroy()\njust loops in an infinite loop.\n\nFix jbd2_journal_destroy() to cleanup journal checkpoint lists of\njbd2_log_do_checkpoint() fails with error.\n\nReported-by: Eryu Guan \u003cguaneryu@gmail.com\u003e\nTested-by: Eryu Guan \u003cguaneryu@gmail.com\u003e\nFixes: 6f6a6fda294506dfe0e3e0a253bb2d2923f28f0a\nSigned-off-by: Jan Kara \u003cjack@suse.com\u003e\nSigned-off-by: Theodore Ts\u0027o \u003ctytso@mit.edu\u003e\n[lizf: Backported to 3.4: adjust context]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "d4ee09b224ce7d0a815aa8a70a9a01b032358393",
      "tree": "3f43ff148cd23e2810141fbb84d28d2e251b7d20",
      "parents": [
        "61b8a506b6e3d3d391121c7b3c1c1cf29472d8e1"
      ],
      "author": {
        "name": "Lv Zheng",
        "email": "lv.zheng@intel.com",
        "time": "Wed Jul 01 14:43:26 2015 +0800"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Thu Oct 22 09:20:07 2015 +0800"
      },
      "message": "ACPICA: Tables: Fix an issue that FACS initialization is performed twice\n\ncommit c04be18448355441a0c424362df65b6422e27bda upstream.\n\nACPICA commit 90f5332a15e9d9ba83831ca700b2b9f708274658\n\nThis patch adds a new FACS initialization flag for acpi_tb_initialize().\nacpi_enable_subsystem() might be invoked several times in OS bootup process,\nand we don\u0027t want FACS initialization to be invoked twice. Lv Zheng.\n\nLink: https://github.com/acpica/acpica/commit/90f5332a\nSigned-off-by: Lv Zheng \u003clv.zheng@intel.com\u003e\nSigned-off-by: Bob Moore \u003crobert.moore@intel.com\u003e\nSigned-off-by: Rafael J. Wysocki \u003crafael.j.wysocki@intel.com\u003e\n[lizf: Backported to 3.4: adjust filename]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "aef2b5342c1c17abbcd068d25ce5c48e6b43a5f8",
      "tree": "438da77f4c6bb8c0644f66e667be2093ef31afc5",
      "parents": [
        "c4b0cf56edc955b00510b36c890ca3fd78df7d67"
      ],
      "author": {
        "name": "Jeff Layton",
        "email": "jlayton@poochiereds.net",
        "time": "Tue Jun 09 19:43:56 2015 -0400"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Thu Oct 22 09:20:05 2015 +0800"
      },
      "message": "nfs: increase size of EXCHANGE_ID name string buffer\n\ncommit 764ad8ba8cd4c6f836fca9378f8c5121aece0842 upstream.\n\nThe current buffer is much too small if you have a relatively long\nhostname. Bring it up to the size of the one that SETCLIENTID has.\n\nReported-by: Michael Skralivetsky \u003cmichael.skralivetsky@primarydata.com\u003e\nSigned-off-by: Jeff Layton \u003cjeff.layton@primarydata.com\u003e\nSigned-off-by: Trond Myklebust \u003ctrond.myklebust@primarydata.com\u003e\n[lizf: Backported to 3.4: adjust context]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "2fe77cbcdb483b9ce541c0978fb485f31213ee23",
      "tree": "ef04521ff912e7cd41eea5fc2541ee46d8cdf427",
      "parents": [
        "2cd65577af5bb06910596361166f8eb1b5bbc491"
      ],
      "author": {
        "name": "Joseph Qi",
        "email": "joseph.qi@huawei.com",
        "time": "Mon Jun 15 14:36:01 2015 -0400"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Thu Oct 22 09:20:04 2015 +0800"
      },
      "message": "jbd2: fix ocfs2 corrupt when updating journal superblock fails\n\ncommit 6f6a6fda294506dfe0e3e0a253bb2d2923f28f0a upstream.\n\nIf updating journal superblock fails after journal data has been\nflushed, the error is omitted and this will mislead the caller as a\nnormal case.  In ocfs2, the checkpoint will be treated successfully\nand the other node can get the lock to update. Since the sb_start is\nstill pointing to the old log block, it will rewrite the journal data\nduring journal recovery by the other node. Thus the new updates will\nbe overwritten and ocfs2 corrupts.  So in above case we have to return\nthe error, and ocfs2_commit_cache will take care of the error and\nprevent the other node to do update first.  And only after recovering\njournal it can do the new updates.\n\nThe issue discussion mail can be found at:\nhttps://oss.oracle.com/pipermail/ocfs2-devel/2015-June/010856.html\nhttp://comments.gmane.org/gmane.comp.file-systems.ext4/48841\n\n[ Fixed bug in patch which allowed a non-negative error return from\n  jbd2_cleanup_journal_tail() to leak out of jbd2_fjournal_flush(); this\n  was causing xfstests ext4/306 to fail. -- Ted ]\n\nReported-by: Yiwen Jiang \u003cjiangyiwen@huawei.com\u003e\nSigned-off-by: Joseph Qi \u003cjoseph.qi@huawei.com\u003e\nSigned-off-by: Theodore Ts\u0027o \u003ctytso@mit.edu\u003e\nTested-by: Yiwen Jiang \u003cjiangyiwen@huawei.com\u003e\nCc: Junxiao Bi \u003cjunxiao.bi@oracle.com\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "493d6a2da3b5206d5da2f458a5d896a6ee7ad2c5",
      "tree": "753621083e3dd8cc7f9e643fadf1e4b3a8735de9",
      "parents": [
        "c33fd0601490793b937dd27209d0ec37150e1c79"
      ],
      "author": {
        "name": "Marcelo Ricardo Leitner",
        "email": "marcelo.leitner@gmail.com",
        "time": "Fri Jun 12 10:16:41 2015 -0300"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Thu Oct 22 09:20:04 2015 +0800"
      },
      "message": "sctp: fix ASCONF list handling\n\ncommit 2d45a02d0166caf2627fe91897c6ffc3b19514c4 upstream.\n\n-\u003eauto_asconf_splist is per namespace and mangled by functions like\nsctp_setsockopt_auto_asconf() which doesn\u0027t guarantee any serialization.\n\nAlso, the call to inet_sk_copy_descendant() was backuping\n-\u003eauto_asconf_list through the copy but was not honoring\n-\u003edo_auto_asconf, which could lead to list corruption if it was\ndifferent between both sockets.\n\nThis commit thus fixes the list handling by using -\u003eaddr_wq_lock\nspinlock to protect the list. A special handling is done upon socket\ncreation and destruction for that. Error handlig on sctp_init_sock()\nwill never return an error after having initialized asconf, so\nsctp_destroy_sock() can be called without addrq_wq_lock. The lock now\nwill be take on sctp_close_sock(), before locking the socket, so we\ndon\u0027t do it in inverse order compared to sctp_addr_wq_timeout_handler().\n\nInstead of taking the lock on sctp_sock_migrate() for copying and\nrestoring the list values, it\u0027s preferred to avoid rewritting it by\nimplementing sctp_copy_descendant().\n\nIssue was found with a test application that kept flipping sysctl\ndefault_auto_asconf on and off, but one could trigger it by issuing\nsimultaneous setsockopt() calls on multiple sockets or by\ncreating/destroying sockets fast enough. This is only triggerable\nlocally.\n\nFixes: 9f7d653b67ae (\"sctp: Add Auto-ASCONF support (core).\")\nReported-by: Ji Jianwen \u003cjiji@redhat.com\u003e\nSuggested-by: Neil Horman \u003cnhorman@tuxdriver.com\u003e\nSuggested-by: Hannes Frederic Sowa \u003channes@stressinduktion.org\u003e\nAcked-by: Hannes Frederic Sowa \u003channes@stressinduktion.org\u003e\nSigned-off-by: Marcelo Ricardo Leitner \u003cmarcelo.leitner@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n[lizf: Backported to 3.4:\n - use global spinlock instead of per-namespace lock]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "aa18f6fcc491d131e2b67135622e3c089bd5d0b4",
      "tree": "40086c66ca378f8d1334fa8f2ad84243eafedc31",
      "parents": [
        "6ff9603dec2399dbe2fe9e5fe87c11fda054c668"
      ],
      "author": {
        "name": "Eric W. Biederman",
        "email": "ebiederm@xmission.com",
        "time": "Wed Jun 15 10:21:48 2011 -0700"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Sat Oct 17 16:13:18 2015 -0700"
      },
      "message": "proc: Usable inode numbers for the namespace file descriptors.\n\nAssign a unique proc inode to each namespace, and use that\ninode number to ensure we only allocate at most one proc\ninode for every namespace in proc.\n\nA single proc inode per namespace allows userspace to test\nto see if two processes are in the same namespace.\n\nThis has been a long requested feature and only blocked because\na naive implementation would put the id in a global space and\nwould ultimately require having a namespace for the names of\nnamespaces, making migration and certain virtualization tricks\nimpossible.\n\nWe still don\u0027t have per superblock inode numbers for proc, which\nappears necessary for application unaware checkpoint/restart and\nmigrations (if the application is using namespace file descriptors)\nbut that is now allowd by the design if it becomes important.\n\nI have preallocated the ipc and uts initial proc inode numbers so\ntheir structures can be statically initialized.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n(cherry picked from commit 98f842e675f96ffac96e6c50315790912b2812be)\n"
    },
    {
      "commit": "f3490a8f47a85c396e80397d1bd2df11c254b3d4",
      "tree": "6e47939aa3cc9eacbe97056478066ca9e347b1f1",
      "parents": [
        "0793d2538c2e32a60f4c0d4a796e8eca7dba9274"
      ],
      "author": {
        "name": "Eric W. Biederman",
        "email": "ebiederm@xmission.com",
        "time": "Fri Jun 17 13:33:20 2011 -0700"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Sat Oct 17 16:13:17 2015 -0700"
      },
      "message": "proc: Generalize proc inode allocation\n\nGeneralize the proc inode allocation so that it can be\nused without having to having to create a proc_dir_entry.\n\nThis will allow namespace file descriptors to remain light\nweight entitities but still have the same inode number\nwhen the backing namespace is the same.\n\nAcked-by: Serge E. Hallyn \u003cserge.hallyn@ubuntu.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n(cherry picked from commit 33d6dce607573b5fd7a43168e0d91221b3ca532b)\n"
    },
    {
      "commit": "0793d2538c2e32a60f4c0d4a796e8eca7dba9274",
      "tree": "229336e395de77c4d7d2013b0595a9e1e2269d2b",
      "parents": [
        "fbbe2736fa1f0af8d343f3ecef1181b6d50de9fe"
      ],
      "author": {
        "name": "Eric W. Biederman",
        "email": "ebiederm@xmission.com",
        "time": "Thu Jul 26 21:42:03 2012 -0700"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Sat Oct 17 16:13:17 2015 -0700"
      },
      "message": "vfs: Allow unprivileged manipulation of the mount namespace.\n\n- Add a filesystem flag to mark filesystems that are safe to mount as\n  an unprivileged user.\n\n- Add a filesystem flag to mark filesystems that don\u0027t need MNT_NODEV\n  when mounted by an unprivileged user.\n\n- Relax the permission checks to allow unprivileged users that have\n  CAP_SYS_ADMIN permissions in the user namespace referred to by the\n  current mount namespace to be allowed to mount, unmount, and move\n  filesystems.\n\nAcked-by: \"Serge E. Hallyn\" \u003cserge@hallyn.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n(cherry picked from commit 0c55cfc4166d9a0f38de779bd4d75a90afbe7734)\n"
    },
    {
      "commit": "bc1d98d9537f9cd5c6ff72bbec99c2a475219591",
      "tree": "e32cea9de3180021e271e3decc20adfd1c413996",
      "parents": [
        "c409ef81f8fb8af14a6d58bd2a639fcb0e5ca103"
      ],
      "author": {
        "name": "Eric W. Biederman",
        "email": "ebiederm@xmission.com",
        "time": "Thu Jul 26 21:08:32 2012 -0700"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Sat Oct 17 16:13:16 2015 -0700"
      },
      "message": "vfs: Add a user namespace reference from struct mnt_namespace\n\nThis will allow for support for unprivileged mounts in a new user namespace.\n\nAcked-by: \"Serge E. Hallyn\" \u003cserge@hallyn.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n(cherry picked from commit 771b1371686e0a63e938ada28de020b9a0040f55)\n"
    },
    {
      "commit": "c409ef81f8fb8af14a6d58bd2a639fcb0e5ca103",
      "tree": "9c3a869bd6e6ef17d29fa99f6454426e23b923d9",
      "parents": [
        "f3565936d74a0f04cff7a7f960ba3cd0e2beca76"
      ],
      "author": {
        "name": "Eric W. Biederman",
        "email": "ebiederm@xmission.com",
        "time": "Sun Mar 07 18:49:36 2010 -0800"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Sat Oct 17 16:13:16 2015 -0700"
      },
      "message": "vfs: Add setns support for the mount namespace\n\nsetns support for the mount namespace is a little tricky as an\narbitrary decision must be made about what to set fs-\u003eroot and\nfs-\u003epwd to, as there is no expectation of a relationship between\nthe two mount namespaces.  Therefore I arbitrarily find the root\nmount point, and follow every mount on top of it to find the top\nof the mount stack.  Then I set fs-\u003eroot and fs-\u003epwd to that\nlocation.  The topmost root of the mount stack seems like a\nreasonable place to be.\n\nBind mount support for the mount namespace inodes has the\npossibility of creating circular dependencies between mount\nnamespaces.  Circular dependencies can result in loops that\nprevent mount namespaces from every being freed.  I avoid\ncreating those circular dependencies by adding a sequence number\nto the mount namespace and require all bind mounts be of a\nyounger mount namespace into an older mount namespace.\n\nAdd a helper function proc_ns_inode so it is possible to\ndetect when we are attempting to bind mound a namespace inode.\n\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n(cherry picked from commit 8823c079ba7136dc1948d6f6dcb5f8022bde438e)\n"
    },
    {
      "commit": "f3565936d74a0f04cff7a7f960ba3cd0e2beca76",
      "tree": "0e9d36de5c89a12fdcf689efbbd295d0eafacaee",
      "parents": [
        "1b0a36cca2297351d5e889397b35df0dea590d28"
      ],
      "author": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Thu Oct 11 11:42:01 2012 -0400"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Sat Oct 17 16:13:15 2015 -0700"
      },
      "message": "consitify do_mount() arguments\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n(cherry picked from commit 808d4e3cfdcc52b19276175464f6dbca4df13b09)\n"
    },
    {
      "commit": "fe103a1d3950455b4681e883ecec60967b6daa27",
      "tree": "17cbe539a73f788eeeca46081f00190bdad4c8ce",
      "parents": [
        "9f0d2df70d2e209f7149edc804180ae7a5cf4bbc"
      ],
      "author": {
        "name": "Josef Bacik",
        "email": "josef@redhat.com",
        "time": "Mon Mar 26 09:59:21 2012 -0400"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Sat Oct 17 16:13:14 2015 -0700"
      },
      "message": "fs: introduce inode operation -\u003eupdate_time\n\nBtrfs has to make sure we have space to allocate new blocks in order to modify\nthe inode, so updating time can fail.  We\u0027ve gotten around this by having our\nown file_update_time but this is kind of a pain, and Christoph has indicated he\nwould like to make xfs do something different with atime updates.  So introduce\n-\u003eupdate_time, where we will deal with i_version an a/m/c time updates and\nindicate which changes need to be made.  The normal version just does what it\nhas always done, updates the time and marks the inode dirty, and then\nfilesystems can choose to do something different.\n\nI\u0027ve gone through all of the users of file_update_time and made them check for\nerrors with the exception of the fault code since it\u0027s complicated and I wasn\u0027t\nquite sure what to do there, also Jan is going to be pushing the file time\nupdates into page_mkwrite for those who have it so that should satisfy btrfs and\nmake it not a big deal to check the file_update_time() return code in the\ngeneric fault path. Thanks,\n\nSigned-off-by: Josef Bacik \u003cjosef@redhat.com\u003e\n(cherry picked from commit c3b2da314834499f34cba94f7053e55f6d6f92d8)\n"
    },
    {
      "commit": "0a6c3854fee6372ca2ea2f83973db0103f8e7b26",
      "tree": "c0b6cf1930d17035c70e63fa56d5e082ff81b3d5",
      "parents": [
        "33f50252ce953a70fa3129503f4d39331849a677"
      ],
      "author": {
        "name": "Andi Kleen",
        "email": "ak@linux.intel.com",
        "time": "Tue May 08 13:32:24 2012 +0930"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Sat Oct 17 15:53:55 2015 -0700"
      },
      "message": "brlocks/lglocks: turn into functions\n\nlglocks and brlocks are currently generated with some complicated macros\nin lglock.h.  But there\u0027s no reason to not just use common utility\nfunctions and put all the data into a common data structure.\n\nSince there are at least two users it makes sense to share this code in a\nlibrary.  This is also easier maintainable than a macro forest.\n\nThis will also make it later possible to dynamically allocate lglocks and\nalso use them in modules (this would both still need some additional, but\nnow straightforward, code)\n\n[akpm@linux-foundation.org: checkpatch fixes]\nSigned-off-by: Andi Kleen \u003cak@linux.intel.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Rusty Russell \u003crusty@rustcorp.com.au\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n\n(cherry picked from commit eea62f831b8030b0eeea8314eed73b6132d1de26)\n\nChange-Id: I65a14e405b6a4188b8dd301d35904e9fc8fda72f\n"
    },
    {
      "commit": "33f50252ce953a70fa3129503f4d39331849a677",
      "tree": "fe574a984ff0927c1410b3efd3d5c2736bf8e0e7",
      "parents": [
        "c12ad5a133635df7d0130709e09770c4e3e4628e"
      ],
      "author": {
        "name": "Rusty Russell",
        "email": "rusty@rustcorp.com.au",
        "time": "Tue May 08 13:29:45 2012 +0930"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Sat Oct 17 15:53:54 2015 -0700"
      },
      "message": "lglock: remove online variants of lock\n\nOptimizing the slow paths adds a lot of complexity.  If you need to\ngrab every lock often, you have other problems.\n\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\nAcked-by: Nick Piggin \u003cnpiggin@kernel.dk\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n(cherry picked from commit 9dd6fa03ab31bb57cee4623a689d058d222fbe68)\n"
    },
    {
      "commit": "69f240403baf245110eba9f1403835869f6a27a4",
      "tree": "81a3ffbff2b7453660deae421dfc438d8036344b",
      "parents": [
        "931c39db9aeac51f4572dd8096fc2a2828e64b43"
      ],
      "author": {
        "name": "Sasha Levin",
        "email": "levinsasha928@gmail.com",
        "time": "Tue Oct 30 14:45:57 2012 -0400"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Sat Oct 17 15:32:45 2015 -0700"
      },
      "message": "hashtable: introduce a small and naive hashtable\n\nThis hashtable implementation is using hlist buckets to provide a simple\nhashtable to prevent it from getting reimplemented all over the kernel.\n\nChange-Id: Ie91c0b7a0537b8863d6df1e2771f54d4b731c496\nSigned-off-by: Sasha Levin \u003clevinsasha928@gmail.com\u003e\n[ Merging this now, so that subsystems can start applying Sasha\u0027s\n  patches that use this   - Linus ]\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n"
    },
    {
      "commit": "d5c5dbff34a1b8cb1204bff4e80a23cdce900461",
      "tree": "2933bacdb57cd71b8732a43da0a3d2c9b99921e3",
      "parents": [
        "b26b27c9b907e144555719fb8bc0d2cb2728c59d"
      ],
      "author": {
        "name": "Jeff Vander Stoep",
        "email": "jeffv@google.com",
        "time": "Sat Apr 04 16:15:54 2015 -0700"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Sat Oct 17 14:58:09 2015 -0700"
      },
      "message": "security: lsm_audit: add ioctl specific auditing\n\nAdd information about ioctl calls to the LSM audit data. Log the\nfile path and command number.\n\nBug: 20350607\nBug: 18087110\nChange-Id: Idbbd106db6226683cb30022d9e8f6f3b8fab7f84\nSigned-off-by: Jeff Vander Stoep \u003cjeffv@google.com\u003e\n"
    },
    {
      "commit": "0b80fa4b24f50a87c796970661e45d6edc524a08",
      "tree": "4e9689723b9870e5cf52a2c1923ce33c0279fad8",
      "parents": [
        "c1de4ad549f4726df3844fff44049151abdd00f8"
      ],
      "author": {
        "name": "David Vrabel",
        "email": "david.vrabel@citrix.com",
        "time": "Tue May 19 18:40:49 2015 +0100"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Sep 18 09:20:42 2015 +0800"
      },
      "message": "xen/events: don\u0027t bind non-percpu VIRQs with percpu chip\n\ncommit 77bb3dfdc0d554befad58fdefbc41be5bc3ed38a upstream.\n\nA non-percpu VIRQ (e.g., VIRQ_CONSOLE) may be freed on a different\nVCPU than it is bound to.  This can result in a race between\nhandle_percpu_irq() and removing the action in __free_irq() because\nhandle_percpu_irq() does not take desc-\u003elock.  The interrupt handler\nsees a NULL action and oopses.\n\nOnly use the percpu chip/handler for per-CPU VIRQs (like VIRQ_TIMER).\n\n  # cat /proc/interrupts | grep virq\n   40:      87246          0  xen-percpu-virq      timer0\n   44:          0          0  xen-percpu-virq      debug0\n   47:          0      20995  xen-percpu-virq      timer1\n   51:          0          0  xen-percpu-virq      debug1\n   69:          0          0   xen-dyn-virq      xen-pcpu\n   74:          0          0   xen-dyn-virq      mce\n   75:         29          0   xen-dyn-virq      hvc_console\n\nSigned-off-by: David Vrabel \u003cdavid.vrabel@citrix.com\u003e\n[lizf: Backported to 3.4: adjust filename]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "017fd99beb3ccdb301009fa8f905f574e3e3ce29",
      "tree": "aedf3c10df99abe1e241568a011f5c310b4816a1",
      "parents": [
        "ba4e97b49e74a7b1c6283e3d4d6dbe0c72b991af"
      ],
      "author": {
        "name": "Gabriele Mazzotta",
        "email": "gabriele.mzt@gmail.com",
        "time": "Sat Apr 25 19:52:37 2015 +0200"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Sep 18 09:20:37 2015 +0800"
      },
      "message": "libata: Ignore spurious PHY event on LPM policy change\n\ncommit 09c5b4803a80a5451d950d6a539d2eb311dc0fb1 upstream.\n\nWhen the LPM policy is set to ATA_LPM_MAX_POWER, the device might\ngenerate a spurious PHY event that cuases errors on the link.\nIgnore this event if it occured within 10s after the policy change.\n\nThe timeout was chosen observing that on a Dell XPS13 9333 these\nspurious events can occur up to roughly 6s after the policy change.\n\nLink: http://lkml.kernel.org/g/3352987.ugV1Ipy7Z5@xps13\nSigned-off-by: Gabriele Mazzotta \u003cgabriele.mzt@gmail.com\u003e\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\n[lizf: Backported to 3.4: adjust context]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "ba4e97b49e74a7b1c6283e3d4d6dbe0c72b991af",
      "tree": "2dc648fa8cb42d140e81c72f9bdb06a3a4bdb9b1",
      "parents": [
        "d939e53d62fd55fd83d243c3831ac44cd36a743d"
      ],
      "author": {
        "name": "Gabriele Mazzotta",
        "email": "gabriele.mzt@gmail.com",
        "time": "Sat Apr 25 19:52:36 2015 +0200"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Sep 18 09:20:37 2015 +0800"
      },
      "message": "libata: Add helper to determine when PHY events should be ignored\n\ncommit 8393b811f38acdf7fd8da2028708edad3e68ce1f upstream.\n\nThis is a preparation commit that will allow to add other criteria\naccording to which PHY events should be dropped.\n\nSigned-off-by: Gabriele Mazzotta \u003cgabriele.mzt@gmail.com\u003e\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "a885169f03f6b84653b8418d2739397f0286d360",
      "tree": "a1803a328b2e17c8ab0b4ec74c03dc947cd26c96",
      "parents": [
        "350b59e331e49c018e55f9b4ab7a9638f3ca2707"
      ],
      "author": {
        "name": "Ryusuke Konishi",
        "email": "konishi.ryusuke@lab.ntt.co.jp",
        "time": "Tue May 05 16:24:00 2015 -0700"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Sep 18 09:20:36 2015 +0800"
      },
      "message": "nilfs2: fix sanity check of btree level in nilfs_btree_root_broken()\n\ncommit d8fd150fe3935e1692bf57c66691e17409ebb9c1 upstream.\n\nThe range check for b-tree level parameter in nilfs_btree_root_broken()\nis wrong; it accepts the case of \"level \u003d\u003d NILFS_BTREE_LEVEL_MAX\" even\nthough the level is limited to values in the range of 0 to\n(NILFS_BTREE_LEVEL_MAX - 1).\n\nSince the level parameter is read from storage device and used to index\nnilfs_btree_path array whose element count is NILFS_BTREE_LEVEL_MAX, it\ncan cause memory overrun during btree operations if the boundary value\nis set to the level parameter on device.\n\nThis fixes the broken sanity check and adds a comment to clarify that\nthe upper bound NILFS_BTREE_LEVEL_MAX is exclusive.\n\nSigned-off-by: Ryusuke Konishi \u003ckonishi.ryusuke@lab.ntt.co.jp\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "9ae05197286d9cb7abb25c9d397d500e5fa8a9e2",
      "tree": "95666a2fc758cf595dd3cb64e410f3cd28821b01",
      "parents": [
        "dbaa20e3925c0105df964131df9702713cb79ae2"
      ],
      "author": {
        "name": "Peter Zubaj",
        "email": "pzubaj@marticonet.sk",
        "time": "Tue Apr 28 21:57:29 2015 +0200"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Sep 18 09:20:34 2015 +0800"
      },
      "message": "ALSA: emu10k1: Emu10k2 32 bit DMA mode\n\ncommit 7241ea558c6715501e777396b5fc312c372e11d9 upstream.\n\nLooks like audigy emu10k2 (probably emu10k1 - sb live too) support two\nmodes for DMA. Second mode is useful for 64 bit os with more then 2 GB\nof ram (fixes problems with big soundfont loading)\n\n1) 32MB from 2 GB address space using 8192 pages (used now as default)\n2) 16MB from 4 GB address space using 4096 pages\n\nMode is set using HCFG_EXPANDED_MEM flag in HCFG register.\nAlso format of emu10k2 page table is then different.\n\nSigned-off-by: Peter Zubaj \u003cpzubaj@marticonet.sk\u003e\nTested-by: Takashi Iwai \u003ctiwai@suse.de\u003e\nSigned-off-by: Takashi Iwai \u003ctiwai@suse.de\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "3fe48d0393d88d12a524a928d10c61cd0d446523",
      "tree": "f8f3e2ce0fb2c1a3d9687f0ee16f97b405acf8b7",
      "parents": [
        "961bd13539b9e7ca5d2e667668141496b7a1d6bc"
      ],
      "author": {
        "name": "Mike Christie",
        "email": "michaelc@cs.wisc.edu",
        "time": "Mon Apr 20 22:42:24 2015 -0500"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Sep 18 09:20:33 2015 +0800"
      },
      "message": "SCSI: add 1024 max sectors black list flag\n\ncommit 35e9a9f93994d7f7d12afa41169c7ba05513721b upstream.\n\nThis works around a issue with qnap iscsi targets not handling large IOs\nvery well.\n\nThe target returns:\n\nVPD INQUIRY: Block limits page (SBC)\n  Maximum compare and write length: 1 blocks\n  Optimal transfer length granularity: 1 blocks\n  Maximum transfer length: 4294967295 blocks\n  Optimal transfer length: 4294967295 blocks\n  Maximum prefetch, xdread, xdwrite transfer length: 0 blocks\n  Maximum unmap LBA count: 8388607\n  Maximum unmap block descriptor count: 1\n  Optimal unmap granularity: 16383\n  Unmap granularity alignment valid: 0\n  Unmap granularity alignment: 0\n  Maximum write same length: 0xffffffff blocks\n  Maximum atomic transfer length: 0\n  Atomic alignment: 0\n  Atomic transfer length granularity: 0\n\nand it is *sometimes* able to handle at least one IO of size up to 8 MB. We\nhave seen in traces where it will sometimes work, but other times it\nlooks like it fails and it looks like it returns failures if we send\nmultiple large IOs sometimes. Also it looks like it can return 2 different\nerrors. It will sometimes send iscsi reject errors indicating out of\nresources or it will send invalid cdb illegal requests check conditions.\nAnd then when it sends iscsi rejects it does not seem to handle retries\nwhen there are command sequence holes, so I could not just add code to\ntry and gracefully handle that error code.\n\nThe problem is that we do not have a good contact for the company,\nso we are not able to determine under what conditions it returns\nwhich error and why it sometimes works.\n\nSo, this patch just adds a new black list flag to set targets like this to\nthe old max safe sectors of 1024. The max_hw_sectors changes added in 3.19\ncaused this regression, so I also ccing stable.\n\nReported-by: Christian Hesse \u003clist@eworm.de\u003e\nSigned-off-by: Mike Christie \u003cmichaelc@cs.wisc.edu\u003e\nReviewed-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: James Bottomley \u003cJBottomley@Odin.com\u003e\n[lizf: Backported to 3.4: adjust context]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "c77676b7c6667e044ef4e5cc692cdb18d69df646",
      "tree": "ba454275d5d38a9d5165b9a4eeb5e34bd0c712cf",
      "parents": [
        "3e6102f91bb7073fb07aaf11068595d1a284c7a8"
      ],
      "author": {
        "name": "Lv Zheng",
        "email": "lv.zheng@intel.com",
        "time": "Mon Apr 13 11:48:58 2015 +0800"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Sep 18 09:20:30 2015 +0800"
      },
      "message": "ACPICA: Utilities: split IO address types from data type models.\n\ncommit 2b8760100e1de69b6ff004c986328a82947db4ad upstream.\n\nACPICA commit aacf863cfffd46338e268b7415f7435cae93b451\n\nIt is reported that on a physically 64-bit addressed machine, 32-bit kernel\ncan trigger crashes in accessing the memory regions that are beyond the\n32-bit boundary. The region field\u0027s start address should still be 32-bit\ncompliant, but after a calculation (adding some offsets), it may exceed the\n32-bit boundary. This case is rare and buggy, but there are real BIOSes\nleaked with such issues (see References below).\n\nThis patch fixes this gap by always defining IO addresses as 64-bit, and\nallows OSPMs to optimize it for a real 32-bit machine to reduce the size of\nthe internal objects.\n\nInternal acpi_physical_address usages in the structures that can be fixed\nby this change include:\n 1. struct acpi_object_region:\n    acpi_physical_address\t\taddress;\n 2. struct acpi_address_range:\n    acpi_physical_address\t\tstart_address;\n    acpi_physical_address\t\tend_address;\n 3. struct acpi_mem_space_context;\n    acpi_physical_address\t\taddress;\n 4. struct acpi_table_desc\n    acpi_physical_address\t\taddress;\nSee known issues 1 for other usages.\n\nNote that acpi_io_address which is used for ACPI_PROCESSOR may also suffer\nfrom same problem, so this patch changes it accordingly.\n\nFor iasl, it will enforce acpi_physical_address as 32-bit to generate\n32-bit OSPM compatible tables on 32-bit platforms, we need to define\nACPI_32BIT_PHYSICAL_ADDRESS for it in acenv.h.\n\nKnown issues:\n 1. Cleanup of mapped virtual address\n   In struct acpi_mem_space_context, acpi_physical_address is used as a virtual\n   address:\n    acpi_physical_address                   mapped_physical_address;\n   It is better to introduce acpi_virtual_address or use acpi_size instead.\n   This patch doesn\u0027t make such a change. Because this should be done along\n   with a change to acpi_os_map_memory()/acpi_os_unmap_memory().\n   There should be no functional problem to leave this unchanged except\n   that only this structure is enlarged unexpectedly.\n\nLink: https://github.com/acpica/acpica/commit/aacf863c\nReference: https://bugzilla.kernel.org/show_bug.cgi?id\u003d87971\nReference: https://bugzilla.kernel.org/show_bug.cgi?id\u003d79501\nReported-and-tested-by: Paul Menzel \u003cpaulepanter@users.sourceforge.net\u003e\nReported-and-tested-by: Sial Nije \u003csialnije@gmail.com\u003e\nSigned-off-by: Lv Zheng \u003clv.zheng@intel.com\u003e\nSigned-off-by: Bob Moore \u003crobert.moore@intel.com\u003e\nSigned-off-by: Rafael J. Wysocki \u003crafael.j.wysocki@intel.com\u003e\n[lizf: Backported to 3.4: adjust context]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "ae3668ffeb437e04d7f085ad8f97ce383852ab7c",
      "tree": "72e138ab0ae59fdcdc4cdd67df38bb043a57456a",
      "parents": [
        "90b3fc7daf325f7d5b10301562ac2708839cacc7"
      ],
      "author": {
        "name": "Alexander Duyck",
        "email": "alexander.h.duyck@redhat.com",
        "time": "Tue Mar 31 14:19:10 2015 -0700"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Sep 18 09:20:27 2015 +0800"
      },
      "message": "jhash: Update jhash_[321]words functions to use correct initval\n\ncommit 2e7056c433216f406b90a003aa0ba42e19d3bdcf upstream.\n\nLooking over the implementation for jhash2 and comparing it to jhash_3words\nI realized that the two hashes were in fact very different.  Doing a bit of\ndigging led me to \"The new jhash implementation\" in which lookup2 was\nsupposed to have been replaced with lookup3.\n\nIn reviewing the patch I noticed that jhash2 had originally initialized a\nand b to JHASH_GOLDENRATIO and c to initval, but after the patch a, b, and\nc were initialized to initval + (length \u003c\u003c 2) + JHASH_INITVAL.  However the\nchanges in jhash_3words simply replaced the initialization of a and b with\nJHASH_INITVAL.\n\nThis change corrects what I believe was an oversight so that a, b, and c in\njhash_3words all have the same value added consisting of initval + (length\n\u003c\u003c 2) + JHASH_INITVAL so that jhash2 and jhash_3words will now produce the\nsame hash result given the same inputs.\n\nFixes: 60d509c823cca (\"The new jhash implementation\")\nSigned-off-by: Alexander Duyck \u003calexander.h.duyck@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "940f14ac4f4ccc28bdcb1e38cbec29d9a2bb25cc",
      "tree": "bae931f47f5267babf6eb182345ebe7c4e748efe",
      "parents": [
        "484f4c629d37d76fb16e39b962b584c72c5e64e3"
      ],
      "author": {
        "name": "Arianna Avanzini",
        "email": "avanzini.arianna@gmail.com",
        "time": "Mon Jan 27 23:50:08 2014 +0100"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Tue Sep 15 17:57:40 2015 -0700"
      },
      "message": "block: cgroups, kconfig, build bits for BFQ-v7r8-3.4\n\nUpdate Kconfig.iosched and do the related Makefile changes to include\nkernel configuration options for BFQ. Also add the bfqio controller\nto the cgroups subsystem.\n\nChange-Id: I233ba33f79d6885d5e8598cf4b451b6044a16aa0\nSigned-off-by: Paolo Valente \u003cpaolo.valente@unimore.it\u003e\nSigned-off-by: Arianna Avanzini \u003cavanzini.arianna@gmail.com\u003e\n"
    },
    {
      "commit": "a346a29d06777dfae7df4f3d5e9909b36a2ea253",
      "tree": "5fd7bb49ad57e76feebb6d4f0af70facf3906901",
      "parents": [
        "0783b1d64cde81b08db5a82c9f3384d118dc597e"
      ],
      "author": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Mon Aug 24 15:58:21 2015 -0700"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Tue Aug 25 00:08:57 2015 -0700"
      },
      "message": "input: ewtzmu2: Lock I2C accesses\n\n* Attempting I2C transactions while the device has been powered down\n  results in a device crash.\n* Force all functions which use the I2C bus to check device power status\n  before execution.\n* Read lock all I2C accessing functions.\n* Write lock all device power up/down function.\n\nChange-Id: I5c22b550ab03f39d2f1f3ed3901a680dbf484e30\n"
    },
    {
      "commit": "0783b1d64cde81b08db5a82c9f3384d118dc597e",
      "tree": "5fe3c185e589f9e32b80c392cf944e8de3198cdc",
      "parents": [
        "bdd68452f0b6fa383b9baee3e48b0c7a2375d044"
      ],
      "author": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Mon Aug 24 13:58:34 2015 -0700"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Mon Aug 24 20:07:29 2015 -0700"
      },
      "message": "Revert \"input: ewtzmu2: Fix gyro off status checks\"\n\nThis reverts commit e75b9c0357c3c308e908337f932ae47ce855563d.\n\nChange-Id: I656e83f047cbd1df6458c465a788ce47d5cd1aa0\n"
    },
    {
      "commit": "57f91e3057ee92e0bc207725fed0f919d522c9a1",
      "tree": "9df4ea864f270cf4215ade2cd4d4f665cb8f063d",
      "parents": [
        "3987222cedbd86ff1b3e4bb8e5ee171a7b560028"
      ],
      "author": {
        "name": "Sabrina Dubroca",
        "email": "sd@queasysnail.net",
        "time": "Wed Sep 10 23:23:02 2014 +0200"
      },
      "committer": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Thu Aug 06 19:24:11 2015 -0500"
      },
      "message": "ipv6: clean up anycast when an interface is destroyed\n\nIf we try to rmmod the driver for an interface while sockets with\nsetsockopt(JOIN_ANYCAST) are alive, some refcounts aren\u0027t cleaned up\nand we get stuck on:\n\n  unregister_netdevice: waiting for ens3 to become free. Usage count \u003d 1\n\nIf we LEAVE_ANYCAST/close everything before rmmod\u0027ing, there is no\nproblem.\n\nWe need to perform a cleanup similar to the one for multicast in\naddrconf_ifdown(how \u003d\u003d 1).\n\nBUG: 18902601\nBug: 19100303\n\nChange-Id: I6d51aed5755eb5738fcba91950e7773a1c985d2e\nSigned-off-by: Sabrina Dubroca \u003csd@queasysnail.net\u003e\nAcked-by: Hannes Frederic Sowa \u003channes@stressinduktion.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Patrick Tjin \u003cpattjin@google.com\u003e\n"
    },
    {
      "commit": "9550bd2ebb5f204de5d6cbdc9ec8366c6d56f577",
      "tree": "c0dfc7f9df3e772a07639110689b03d7dc6b7e52",
      "parents": [
        "0c44e40b89e5c3e015195b4109a45d1779cd01d2"
      ],
      "author": {
        "name": "Erik Kline",
        "email": "ek@google.com",
        "time": "Tue Oct 28 18:11:14 2014 +0900"
      },
      "committer": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Thu Aug 06 19:23:38 2015 -0500"
      },
      "message": "net: ipv6: Add a sysctl to make optimistic addresses useful candidates\n\nAdd a sysctl that causes an interface\u0027s optimistic addresses\nto be considered equivalent to other non-deprecated addresses\nfor source address selection purposes.  Preferred addresses\nwill still take precedence over optimistic addresses, subject\nto other ranking in the source address selection algorithm.\n\nThis is useful where different interfaces are connected to\ndifferent networks from different ISPs (e.g., a cell network\nand a home wifi network).\n\nThe current behaviour complies with RFC 3484/6724, and it\nmakes sense if the host has only one interface, or has\nmultiple interfaces on the same network (same or cooperating\nadministrative domain(s), but not in the multiple distinct\nnetworks case.\n\nFor example, if a mobile device has an IPv6 address on an LTE\nnetwork and then connects to IPv6-enabled wifi, while the wifi\nIPv6 address is undergoing DAD, IPv6 connections will try use\nthe wifi default route with the LTE IPv6 address, and will get\nstuck until they time out.\n\nAlso, because optimistic nodes can receive frames, issue\nan RTM_NEWADDR as soon as DAD starts (with the IFA_F_OPTIMSTIC\nflag appropriately set).  A second RTM_NEWADDR is sent if DAD\ncompletes (the address flags have changed), otherwise an\nRTM_DELADDR is sent.\n\nAlso: add an entry in ip-sysctl.txt for optimistic_dad.\n\n[backport of net-next 7fd2561e4ebdd070ebba6d3326c4c5b13942323f]\n\nSigned-off-by: Erik Kline \u003cek@google.com\u003e\nAcked-by: Lorenzo Colitti \u003clorenzo@google.com\u003e\nAcked-by: Hannes Frederic Sowa \u003channes@stressinduktion.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nBug: 17769720\nBug: 18180674\nChange-Id: I440a9b8c788db6767d191bbebfd2dff481aa9e0d\n"
    },
    {
      "commit": "0c44e40b89e5c3e015195b4109a45d1779cd01d2",
      "tree": "a605ff05a43db104894660c36d7dcb305a4d7c44",
      "parents": [
        "cf869839fec707290a57f08b71302512df024b33"
      ],
      "author": {
        "name": "Will Drewry",
        "email": "wad@chromium.org",
        "time": "Wed Feb 22 10:59:31 2012 -0600"
      },
      "committer": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Thu Aug 06 19:23:37 2015 -0500"
      },
      "message": "net/compat.c,linux/filter.h: share compat_sock_fprog\n\nAny other users of bpf_*_filter that take a struct sock_fprog from\nuserspace will need to be able to also accept a compat_sock_fprog\nif the arch supports compat calls.  This change allows the existing\ncompat_sock_fprog be shared.\n\nSigned-off-by: Will Drewry \u003cwad@chromium.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n\nv18: tasered by the apostrophe police\nv14: rebase/nochanges\nv13: rebase on to 88ebdda6159ffc15699f204c33feb3e431bf9bdc\nv12: rebase on to linux-next\nv11: introduction\n"
    },
    {
      "commit": "cf869839fec707290a57f08b71302512df024b33",
      "tree": "d8355cbe23ef19078179a9ee11d0bf619203febd",
      "parents": [
        "5f08bb6e54df5c0567a566fc5c888deb970d3116"
      ],
      "author": {
        "name": "Will Drewry",
        "email": "wad@chromium.org",
        "time": "Fri Mar 09 10:43:50 2012 -0600"
      },
      "committer": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Thu Aug 06 19:22:41 2015 -0500"
      },
      "message": "sk_run_filter: add BPF_S_ANC_SECCOMP_LD_W\n\nIntroduces a new BPF ancillary instruction that all LD calls will be\nmapped through when skb_run_filter() is being used for seccomp BPF.  The\nrewriting will be done using a secondary chk_filter function that is run\nafter skb_chk_filter.\n\nThe code change is guarded by CONFIG_SECCOMP_FILTER which is added,\nalong with the seccomp_bpf_load() function later in this series.\n\nThis is based on http://lkml.org/lkml/2012/3/2/141\n\nSuggested-by: Indan Zupancic \u003cindan@nul.nu\u003e\nSigned-off-by: Will Drewry \u003cwad@chromium.org\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n\nv18: rebase\n...\nv15: include seccomp.h explicitly for when seccomp_bpf_load exists.\nv14: First cut using a single additional instruction\n... v13: made bpf functions generic.\n"
    },
    {
      "commit": "a4a17895fb3fefe8622e0a4cdffc555cfd7e53f4",
      "tree": "9b57539fbdfa733a82f7941327564961f41d42e2",
      "parents": [
        "38468bb1a2eaf0d5a18b12291b17f4ceff3e67a2",
        "4a3ed04b969fb3e062ab11a4ce0856744be1203b"
      ],
      "author": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Mon Jul 27 12:14:22 2015 -0700"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Mon Jul 27 12:14:22 2015 -0700"
      },
      "message": "Merge remote-tracking branch \u0027caf/LA.AF.1.1_rb1.18\u0027 into HEAD\n"
    },
    {
      "commit": "bded67cc51db4e29af84f9ec1d671a86b0b6763b",
      "tree": "886108ad45fd36ac490e2e74c10d853b39e91566",
      "parents": [
        "edf76233db20b417ad0cb88cc9f4d4001fef1bd3"
      ],
      "author": {
        "name": "Yinghai Lu",
        "email": "yinghai@kernel.org",
        "time": "Mon Dec 09 22:54:40 2013 -0800"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Jun 19 11:40:34 2015 +0800"
      },
      "message": "PCI: Convert pcibios_resource_to_bus() to take a pci_bus, not a pci_dev\n\ncommit fc2798502f860b18f3c7121e4dc659d3d9d28d74 upstream.\n\nThese interfaces:\n\n  pcibios_resource_to_bus(struct pci_dev *dev, *bus_region, *resource)\n  pcibios_bus_to_resource(struct pci_dev *dev, *resource, *bus_region)\n\ntook a pci_dev, but they really depend only on the pci_bus.  And we want to\nuse them in resource allocation paths where we have the bus but not a\ndevice, so this patch converts them to take the pci_bus instead of the\npci_dev:\n\n  pcibios_resource_to_bus(struct pci_bus *bus, *bus_region, *resource)\n  pcibios_bus_to_resource(struct pci_bus *bus, *resource, *bus_region)\n\nIn fact, with standard PCI-PCI bridges, they only depend on the host\nbridge, because that\u0027s the only place address translation occurs, but\nwe aren\u0027t going that far yet.\n\n[bhelgaas: changelog]\nSigned-off-by: Yinghai Lu \u003cyinghai@kernel.org\u003e\nSigned-off-by: Bjorn Helgaas \u003cbhelgaas@google.com\u003e\nCc: Dirk Behme \u003cdirk.behme@gmail.com\u003e\n[lizf: Backported to 3.4:\n - make changes to pci_host_bridge() instead of find_pci_root_bus()\n - adjust context]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "419d4c989459c5fa2d3fa42c061c097e53dcaf19",
      "tree": "034a48251dfb4a4de07ab3e6e1e3b4bdaab67ce6",
      "parents": [
        "9796d87a38b95a9550f6a22d933f7354ab966748"
      ],
      "author": {
        "name": "Bart Van Assche",
        "email": "bart.vanassche@sandisk.com",
        "time": "Wed Mar 04 10:31:47 2015 +0100"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Jun 19 11:40:31 2015 +0800"
      },
      "message": "Defer processing of REQ_PREEMPT requests for blocked devices\n\ncommit bba0bdd7ad4713d82338bcd9b72d57e9335a664b upstream.\n\nSCSI transport drivers and SCSI LLDs block a SCSI device if the\ntransport layer is not operational. This means that in this state\nno requests should be processed, even if the REQ_PREEMPT flag has\nbeen set. This patch avoids that a rescan shortly after a cable\npull sporadically triggers the following kernel oops:\n\nBUG: unable to handle kernel paging request at ffffc9001a6bc084\nIP: [\u003cffffffffa04e08f2\u003e] mlx4_ib_post_send+0xd2/0xb30 [mlx4_ib]\nProcess rescan-scsi-bus (pid: 9241, threadinfo ffff88053484a000, task ffff880534aae100)\nCall Trace:\n [\u003cffffffffa0718135\u003e] srp_post_send+0x65/0x70 [ib_srp]\n [\u003cffffffffa071b9df\u003e] srp_queuecommand+0x1cf/0x3e0 [ib_srp]\n [\u003cffffffffa0001ff1\u003e] scsi_dispatch_cmd+0x101/0x280 [scsi_mod]\n [\u003cffffffffa0009ad1\u003e] scsi_request_fn+0x411/0x4d0 [scsi_mod]\n [\u003cffffffff81223b37\u003e] __blk_run_queue+0x27/0x30\n [\u003cffffffff8122a8d2\u003e] blk_execute_rq_nowait+0x82/0x110\n [\u003cffffffff8122a9c2\u003e] blk_execute_rq+0x62/0xf0\n [\u003cffffffffa000b0e8\u003e] scsi_execute+0xe8/0x190 [scsi_mod]\n [\u003cffffffffa000b2f3\u003e] scsi_execute_req+0xa3/0x130 [scsi_mod]\n [\u003cffffffffa000c1aa\u003e] scsi_probe_lun+0x17a/0x450 [scsi_mod]\n [\u003cffffffffa000ce86\u003e] scsi_probe_and_add_lun+0x156/0x480 [scsi_mod]\n [\u003cffffffffa000dc2f\u003e] __scsi_scan_target+0xdf/0x1f0 [scsi_mod]\n [\u003cffffffffa000dfa3\u003e] scsi_scan_host_selected+0x183/0x1c0 [scsi_mod]\n [\u003cffffffffa000edfb\u003e] scsi_scan+0xdb/0xe0 [scsi_mod]\n [\u003cffffffffa000ee13\u003e] store_scan+0x13/0x20 [scsi_mod]\n [\u003cffffffff811c8d9b\u003e] sysfs_write_file+0xcb/0x160\n [\u003cffffffff811589de\u003e] vfs_write+0xce/0x140\n [\u003cffffffff81158b53\u003e] sys_write+0x53/0xa0\n [\u003cffffffff81464592\u003e] system_call_fastpath+0x16/0x1b\n [\u003c00007f611c9d9300\u003e] 0x7f611c9d92ff\n\nReported-by: Max Gurtuvoy \u003cmaxg@mellanox.com\u003e\nSigned-off-by: Bart Van Assche \u003cbart.vanassche@sandisk.com\u003e\nReviewed-by: Mike Christie \u003cmichaelc@cs.wisc.edu\u003e\nSigned-off-by: James Bottomley \u003cJBottomley@Odin.com\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "c93fc8932e95ace45c35fe7a7220acd866bc5ae0",
      "tree": "ae9624c295ba6204b663a2b4875e13a8b5be8518",
      "parents": [
        "26ea9e4d43a01bb161276648b6e306322ed1da1c"
      ],
      "author": {
        "name": "Jan Kara",
        "email": "jack@suse.cz",
        "time": "Tue Feb 10 14:08:32 2015 -0800"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Jun 19 11:40:14 2015 +0800"
      },
      "message": "fsnotify: fix handling of renames in audit\n\ncommit 6ee8e25fc3e916193bce4ebb43d5439e1e2144ab upstream.\n\nCommit e9fd702a58c4 (\"audit: convert audit watches to use fsnotify\ninstead of inotify\") broke handling of renames in audit.  Audit code\nwants to update inode number of an inode corresponding to watched name\nin a directory.  When something gets renamed into a directory to a\nwatched name, inotify previously passed moved inode to audit code\nhowever new fsnotify code passes directory inode where the change\nhappened.  That confuses audit and it starts watching parent directory\ninstead of a file in a directory.\n\nThis can be observed for example by doing:\n\n  cd /tmp\n  touch foo bar\n  auditctl -w /tmp/foo\n  touch foo\n  mv bar foo\n  touch foo\n\nIn audit log we see events like:\n\n  type\u003dCONFIG_CHANGE msg\u003daudit(1423563584.155:90): auid\u003d1000 ses\u003d2 op\u003d\"updated rules\" path\u003d\"/tmp/foo\" key\u003d(null) list\u003d4 res\u003d1\n  ...\n  type\u003dPATH msg\u003daudit(1423563584.155:91): item\u003d2 name\u003d\"bar\" inode\u003d1046884 dev\u003d08:0 2 mode\u003d0100644 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 nametype\u003dDELETE\n  type\u003dPATH msg\u003daudit(1423563584.155:91): item\u003d3 name\u003d\"foo\" inode\u003d1046842 dev\u003d08:0 2 mode\u003d0100644 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 nametype\u003dDELETE\n  type\u003dPATH msg\u003daudit(1423563584.155:91): item\u003d4 name\u003d\"foo\" inode\u003d1046884 dev\u003d08:0 2 mode\u003d0100644 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 nametype\u003dCREATE\n  ...\n\nand that\u0027s it - we see event for the first touch after creating the\naudit rule, we see events for rename but we don\u0027t see any event for the\nlast touch.  However we start seeing events for unrelated stuff\nhappening in /tmp.\n\nFix the problem by passing moved inode as data in the FS_MOVED_FROM and\nFS_MOVED_TO events instead of the directory where the change happens.\nThis doesn\u0027t introduce any new problems because noone besides\naudit_watch.c cares about the passed value:\n\n  fs/notify/fanotify/fanotify.c cares only about FSNOTIFY_EVENT_PATH events.\n  fs/notify/dnotify/dnotify.c doesn\u0027t care about passed \u0027data\u0027 value at all.\n  fs/notify/inotify/inotify_fsnotify.c uses \u0027data\u0027 only for FSNOTIFY_EVENT_PATH.\n  kernel/audit_tree.c doesn\u0027t care about passed \u0027data\u0027 at all.\n  kernel/audit_watch.c expects moved inode as \u0027data\u0027.\n\nFixes: e9fd702a58c49db (\"audit: convert audit watches to use fsnotify instead of inotify\")\nSigned-off-by: Jan Kara \u003cjack@suse.cz\u003e\nCc: Paul Moore \u003cpaul@paul-moore.com\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "019b694fbccafebc550a7b1fcb3bb13e9b32ae03",
      "tree": "e32872c68d09000e77cebdd67dd7f27a2fd5308b",
      "parents": [
        "a54c78b91ad0058aef14fd4804e5d6f8e253cf2b"
      ],
      "author": {
        "name": "Alan Stern",
        "email": "stern@rowland.harvard.edu",
        "time": "Thu Jan 29 15:05:04 2015 -0500"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Jun 19 11:40:13 2015 +0800"
      },
      "message": "USB: add flag for HCDs that can\u0027t receive wakeup requests (isp1760-hcd)\n\ncommit 074f9dd55f9cab1b82690ed7e44bcf38b9616ce0 upstream.\n\nCurrently the USB stack assumes that all host controller drivers are\ncapable of receiving wakeup requests from downstream devices.\nHowever, this isn\u0027t true for the isp1760-hcd driver, which means that\nit isn\u0027t safe to do a runtime suspend of any device attached to a\nroot-hub port if the device requires wakeup.\n\nThis patch adds a \"cant_recv_wakeups\" flag to the usb_hcd structure\nand sets the flag in isp1760-hcd.  The core is modified to prevent a\ndirect child of the root hub from being put into runtime suspend with\nwakeup enabled if the flag is set.\n\nSigned-off-by: Alan Stern \u003cstern@rowland.harvard.edu\u003e\nTested-by: Nicolas Pitre \u003cnico@linaro.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgreg@kroah.com\u003e\n[lizf: Backported to 3.4: adjust context]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "aef29c3576fb89843193a2a026719a0fdb4145ab",
      "tree": "88ae159b31337a680d36e89041e5cbebe09fcd48",
      "parents": [
        "3274eed40faa3c0af04a78c2372ec4bd172bbe7a"
      ],
      "author": {
        "name": "Sebastian Andrzej Siewior",
        "email": "bigeasy@linutronix.de",
        "time": "Fri Dec 05 15:13:54 2014 +0100"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Jun 19 11:40:11 2015 +0800"
      },
      "message": "usb: core: buffer: smallest buffer should start at ARCH_DMA_MINALIGN\n\ncommit 5efd2ea8c9f4f12916ffc8ba636792ce052f6911 upstream.\n\nthe following error pops up during \"testusb -a -t 10\"\n| musb-hdrc musb-hdrc.1.auto: dma_pool_free buffer-128,\tf134e000/be842000 (bad dma)\nhcd_buffer_create() creates a few buffers, the smallest has 32 bytes of\nsize. ARCH_KMALLOC_MINALIGN is set to 64 bytes. This combo results in\nhcd_buffer_alloc() returning memory which is 32 bytes aligned and it\nmight by identified by buffer_offset() as another buffer. This means the\nbuffer which is on a 32 byte boundary will not get freed, instead it\ntries to free another buffer with the error message.\n\nThis patch fixes the issue by creating the smallest DMA buffer with the\nsize of ARCH_KMALLOC_MINALIGN (or 32 in case ARCH_KMALLOC_MINALIGN is\nsmaller). This might be 32, 64 or even 128 bytes. The next three pools\nwill have the size 128, 512 and 2048.\nIn case the smallest pool is 128 bytes then we have only three pools\ninstead of four (and zero the first entry in the array).\nThe last pool size is always 2048 bytes which is the assumed PAGE_SIZE /\n2 of 4096. I doubt it makes sense to continue using PAGE_SIZE / 2 where\nwe would end up with 8KiB buffer in case we have 16KiB pages.\nInstead I think it makes sense to have a common size(s) and extend them\nif there is need to.\nThere is a BUILD_BUG_ON() now in case someone has a minalign of more than\n128 bytes.\n\nSigned-off-by: Sebastian Andrzej Siewior \u003cbigeasy@linutronix.de\u003e\nAcked-by: Alan Stern \u003cstern@rowland.harvard.edu\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "35c8d87c7bb58c4a91c53c86e338914be67ca1e4",
      "tree": "fc38830faeac8df349d91a91682b06bf40d0cc38",
      "parents": [
        "c8e2629c821b79b0f4ccf8e35aa03c86b5c536c7"
      ],
      "author": {
        "name": "Hanumant Singh",
        "email": "hanumant@codeaurora.org",
        "time": "Fri Nov 01 21:46:53 2013 -0700"
      },
      "committer": {
        "name": "Sashidhar Ganiga",
        "email": "sganig@codeaurora.org",
        "time": "Wed May 20 14:09:08 2015 +0530"
      },
      "message": "esoc: Add external soc control framework\n\nExternal slave soc can be powered on/off and monitored\nfor power states and crash events.\n\nChange-Id: I9c3317f798b204b754d612a3115dcd71935b5ef2\nSigned-off-by: Hanumant Singh \u003chanumant@codeaurora.org\u003e\nsganig@codeaurora.org: Added ESOC_REQ_SHUTDOWN to header\nfile esoc.h in additon to base gerrit changes for\nenabling the mdm-detect feature in A-Family\nSigned-off-by: Sashidhar Ganiga \u003csganig@codeaurora.org\u003e\n"
    },
    {
      "commit": "a365bf34a653fae5e2323f3a0d4f97d6bc45970c",
      "tree": "e9154f14844fdbc527b08b3b39c88b1497a41208",
      "parents": [
        "a57fc79fe9cc4d10dfc12baafaa9e765eb4e4f61"
      ],
      "author": {
        "name": "Kirill A. Shutemov",
        "email": "kirill.shutemov@linux.intel.com",
        "time": "Fri Dec 20 15:10:03 2013 +0200"
      },
      "committer": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Thu Apr 16 22:45:12 2015 -0500"
      },
      "message": "mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) support\n\nSasha Levin found a NULL pointer dereference that is due to a missing\npage table lock, which in turn is due to the pmd entry in question being\na transparent huge-table entry.\n\nThe code - introduced in commit 1998cc048901 (\"mm: make\nmadvise(MADV_WILLNEED) support swap file prefetch\") - correctly checks\nfor this situation using pmd_none_or_trans_huge_or_clear_bad(), but it\nturns out that that function doesn\u0027t work correctly.\n\npmd_none_or_trans_huge_or_clear_bad() expected that pmd_bad() would\ntrigger if the transparent hugepage bit was set, but it doesn\u0027t do that\nif pmd_numa() is also set. Note that the NUMA bit only gets set on real\nNUMA machines, so people trying to reproduce this on most normal\ndevelopment systems would never actually trigger this.\n\nFix it by removing the very subtle (and subtly incorrect) expectation,\nand instead just checking pmd_trans_huge() explicitly.\n\nReported-by: Sasha Levin \u003csasha.levin@oracle.com\u003e\nAcked-by: Andrea Arcangeli \u003caarcange@redhat.com\u003e\n[ Additionally remove the now stale test for pmd_trans_huge() inside the\n  pmd_bad() case - Linus ]\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n\nChange-Id: I3f3763f236ef102de735297cd175cf514d40d28f\n"
    },
    {
      "commit": "574b59db6504ed3867c2f566f167f764e97ee402",
      "tree": "ac73d735ebf5f73944c55cda49f0970554f2349d",
      "parents": [
        "b278df5446192f83a6a371d031360c00501ab558"
      ],
      "author": {
        "name": "Takashi Iwai",
        "email": "tiwai@suse.de",
        "time": "Tue Jan 13 10:53:20 2015 +0100"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Tue Apr 14 17:33:59 2015 +0800"
      },
      "message": "ALSA: ak411x: Fix stall in work callback\n\ncommit 4161b4505f1690358ac0a9ee59845a7887336b21 upstream.\n\nWhen ak4114 work calls its callback and the callback invokes\nak4114_reinit(), it stalls due to flush_delayed_work().  For avoiding\nthis, control the reentrance by introducing a refcount.  Also\nflush_delayed_work() is replaced with cancel_delayed_work_sync().\n\nThe exactly same bug is present in ak4113.c and fixed as well.\n\nReported-by: Pavel Hofman \u003cpavel.hofman@ivitera.com\u003e\nAcked-by: Jaroslav Kysela \u003cperex@perex.cz\u003e\nTested-by: Pavel Hofman \u003cpavel.hofman@ivitera.com\u003e\nSigned-off-by: Takashi Iwai \u003ctiwai@suse.de\u003e\n[lizf: Backported to 3.4: snd_ak4113_reinit() and snd_ak4114_reinit()\nused flush_delayed_work_sync() instead of flush_delayed_work()]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "6fd17def6d964c81205230e02b4208c653106d51",
      "tree": "1253f07591fe80dc3442db927536c1b3f66b5cd7",
      "parents": [
        "a42e15a485c14f6d994192af4c16775fbd6c1126"
      ],
      "author": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Sun Oct 26 19:19:16 2014 -0400"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Tue Apr 14 17:33:58 2015 +0800"
      },
      "message": "move d_rcu from overlapping d_child to overlapping d_alias\n\ncommit 946e51f2bf37f1656916eb75bd0742ba33983c28 upstream.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n[bwh: Backported to 3.2:\n - Apply name changes in all the different places we use d_alias and d_child\n - Move the WARN_ON() in __d_free() to d_free() as we don\u0027t have dentry_free()]\nSigned-off-by: Ben Hutchings \u003cben@decadent.org.uk\u003e\n[lizf: Backported to 3.4:\n - adjust context\n - need one more name change in debugfs]\n"
    },
    {
      "commit": "b0f741c5d11b1b2bafd8392f0cb4d8ac25be9164",
      "tree": "b90bcdc903e1ea997e6a684e58bd3f4c7ac86ee8",
      "parents": [
        "d3fdf67442c2c1c97390176ce3451a6ae48450fe"
      ],
      "author": {
        "name": "Daniel Borkmann",
        "email": "dborkman@redhat.com",
        "time": "Thu Oct 09 22:55:31 2014 +0200"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Tue Apr 14 17:33:57 2015 +0800"
      },
      "message": "net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks\n\ncommit 9de7922bc709eee2f609cd01d98aaedc4cf5ea74 upstream.\n\nCommit 6f4c618ddb0 (\"SCTP : Add paramters validity check for\nASCONF chunk\") added basic verification of ASCONF chunks, however,\nit is still possible to remotely crash a server by sending a\nspecial crafted ASCONF chunk, even up to pre 2.6.12 kernels:\n\nskb_over_panic: text:ffffffffa01ea1c3 len:31056 put:30768\n head:ffff88011bd81800 data:ffff88011bd81800 tail:0x7950\n end:0x440 dev:\u003cNULL\u003e\n ------------[ cut here ]------------\nkernel BUG at net/core/skbuff.c:129!\n[...]\nCall Trace:\n \u003cIRQ\u003e\n [\u003cffffffff8144fb1c\u003e] skb_put+0x5c/0x70\n [\u003cffffffffa01ea1c3\u003e] sctp_addto_chunk+0x63/0xd0 [sctp]\n [\u003cffffffffa01eadaf\u003e] sctp_process_asconf+0x1af/0x540 [sctp]\n [\u003cffffffff8152d025\u003e] ? _read_unlock_bh+0x15/0x20\n [\u003cffffffffa01e0038\u003e] sctp_sf_do_asconf+0x168/0x240 [sctp]\n [\u003cffffffffa01e3751\u003e] sctp_do_sm+0x71/0x1210 [sctp]\n [\u003cffffffff8147645d\u003e] ? fib_rules_lookup+0xad/0xf0\n [\u003cffffffffa01e6b22\u003e] ? sctp_cmp_addr_exact+0x32/0x40 [sctp]\n [\u003cffffffffa01e8393\u003e] sctp_assoc_bh_rcv+0xd3/0x180 [sctp]\n [\u003cffffffffa01ee986\u003e] sctp_inq_push+0x56/0x80 [sctp]\n [\u003cffffffffa01fcc42\u003e] sctp_rcv+0x982/0xa10 [sctp]\n [\u003cffffffffa01d5123\u003e] ? ipt_local_in_hook+0x23/0x28 [iptable_filter]\n [\u003cffffffff8148bdc9\u003e] ? nf_iterate+0x69/0xb0\n [\u003cffffffff81496d10\u003e] ? ip_local_deliver_finish+0x0/0x2d0\n [\u003cffffffff8148bf86\u003e] ? nf_hook_slow+0x76/0x120\n [\u003cffffffff81496d10\u003e] ? ip_local_deliver_finish+0x0/0x2d0\n [\u003cffffffff81496ded\u003e] ip_local_deliver_finish+0xdd/0x2d0\n [\u003cffffffff81497078\u003e] ip_local_deliver+0x98/0xa0\n [\u003cffffffff8149653d\u003e] ip_rcv_finish+0x12d/0x440\n [\u003cffffffff81496ac5\u003e] ip_rcv+0x275/0x350\n [\u003cffffffff8145c88b\u003e] __netif_receive_skb+0x4ab/0x750\n [\u003cffffffff81460588\u003e] netif_receive_skb+0x58/0x60\n\nThis can be triggered e.g., through a simple scripted nmap\nconnection scan injecting the chunk after the handshake, for\nexample, ...\n\n  -------------- INIT[ASCONF; ASCONF_ACK] -------------\u003e\n  \u003c----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------\n  -------------------- COOKIE-ECHO --------------------\u003e\n  \u003c-------------------- COOKIE-ACK ---------------------\n  ------------------ ASCONF; UNKNOWN ------------------\u003e\n\n... where ASCONF chunk of length 280 contains 2 parameters ...\n\n  1) Add IP address parameter (param length: 16)\n  2) Add/del IP address parameter (param length: 255)\n\n... followed by an UNKNOWN chunk of e.g. 4 bytes. Here, the\nAddress Parameter in the ASCONF chunk is even missing, too.\nThis is just an example and similarly-crafted ASCONF chunks\ncould be used just as well.\n\nThe ASCONF chunk passes through sctp_verify_asconf() as all\nparameters passed sanity checks, and after walking, we ended\nup successfully at the chunk end boundary, and thus may invoke\nsctp_process_asconf(). Parameter walking is done with\nWORD_ROUND() to take padding into account.\n\nIn sctp_process_asconf()\u0027s TLV processing, we may fail in\nsctp_process_asconf_param() e.g., due to removal of the IP\naddress that is also the source address of the packet containing\nthe ASCONF chunk, and thus we need to add all TLVs after the\nfailure to our ASCONF response to remote via helper function\nsctp_add_asconf_response(), which basically invokes a\nsctp_addto_chunk() adding the error parameters to the given\nskb.\n\nWhen walking to the next parameter this time, we proceed\nwith ...\n\n  length \u003d ntohs(asconf_param-\u003eparam_hdr.length);\n  asconf_param \u003d (void *)asconf_param + length;\n\n... instead of the WORD_ROUND()\u0027ed length, thus resulting here\nin an off-by-one that leads to reading the follow-up garbage\nparameter length of 12336, and thus throwing an skb_over_panic\nfor the reply when trying to sctp_addto_chunk() next time,\nwhich implicitly calls the skb_put() with that length.\n\nFix it by using sctp_walk_params() [ which is also used in\nINIT parameter processing ] macro in the verification *and*\nin ASCONF processing: it will make sure we don\u0027t spill over,\nthat we walk parameters WORD_ROUND()\u0027ed. Moreover, we\u0027re being\nmore defensive and guard against unknown parameter types and\nmissized addresses.\n\nJoint work with Vlad Yasevich.\n\nFixes: b896b82be4ae (\"[SCTP] ADDIP: Support for processing incoming ASCONF_ACK chunks.\")\nSigned-off-by: Daniel Borkmann \u003cdborkman@redhat.com\u003e\nSigned-off-by: Vlad Yasevich \u003cvyasevich@gmail.com\u003e\nAcked-by: Neil Horman \u003cnhorman@tuxdriver.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n[lizf: Backported to 3.4: adjust context]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "d3fdf67442c2c1c97390176ce3451a6ae48450fe",
      "tree": "552e89166881eb139ded32dd20c6fdf297b40d5b",
      "parents": [
        "203ce0b2fb0cd248adfe49aa757527583aeab327"
      ],
      "author": {
        "name": "Daniel Borkmann",
        "email": "dborkman@redhat.com",
        "time": "Thu Oct 09 22:55:32 2014 +0200"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Tue Apr 14 17:33:57 2015 +0800"
      },
      "message": "net: sctp: fix panic on duplicate ASCONF chunks\n\ncommit b69040d8e39f20d5215a03502a8e8b4c6ab78395 upstream.\n\nWhen receiving a e.g. semi-good formed connection scan in the\nform of ...\n\n  -------------- INIT[ASCONF; ASCONF_ACK] -------------\u003e\n  \u003c----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------\n  -------------------- COOKIE-ECHO --------------------\u003e\n  \u003c-------------------- COOKIE-ACK ---------------------\n  ---------------- ASCONF_a; ASCONF_b -----------------\u003e\n\n... where ASCONF_a equals ASCONF_b chunk (at least both serials\nneed to be equal), we panic an SCTP server!\n\nThe problem is that good-formed ASCONF chunks that we reply with\nASCONF_ACK chunks are cached per serial. Thus, when we receive a\nsame ASCONF chunk twice (e.g. through a lost ASCONF_ACK), we do\nnot need to process them again on the server side (that was the\nidea, also proposed in the RFC). Instead, we know it was cached\nand we just resend the cached chunk instead. So far, so good.\n\nWhere things get nasty is in SCTP\u0027s side effect interpreter, that\nis, sctp_cmd_interpreter():\n\nWhile incoming ASCONF_a (chunk \u003d event_arg) is being marked\n!end_of_packet and !singleton, and we have an association context,\nwe do not flush the outqueue the first time after processing the\nASCONF_ACK singleton chunk via SCTP_CMD_REPLY. Instead, we keep it\nqueued up, although we set local_cork to 1. Commit 2e3216cd54b1\nchanged the precedence, so that as long as we get bundled, incoming\nchunks we try possible bundling on outgoing queue as well. Before\nthis commit, we would just flush the output queue.\n\nNow, while ASCONF_a\u0027s ASCONF_ACK sits in the corked outq, we\ncontinue to process the same ASCONF_b chunk from the packet. As\nwe have cached the previous ASCONF_ACK, we find it, grab it and\ndo another SCTP_CMD_REPLY command on it. So, effectively, we rip\nthe chunk-\u003elist pointers and requeue the same ASCONF_ACK chunk\nanother time. Since we process ASCONF_b, it\u0027s correctly marked\nwith end_of_packet and we enforce an uncork, and thus flush, thus\ncrashing the kernel.\n\nFix it by testing if the ASCONF_ACK is currently pending and if\nthat is the case, do not requeue it. When flushing the output\nqueue we may relink the chunk for preparing an outgoing packet,\nbut eventually unlink it when it\u0027s copied into the skb right\nbefore transmission.\n\nJoint work with Vlad Yasevich.\n\nFixes: 2e3216cd54b1 (\"sctp: Follow security requirement of responding with 1 packet\")\nSigned-off-by: Daniel Borkmann \u003cdborkman@redhat.com\u003e\nSigned-off-by: Vlad Yasevich \u003cvyasevich@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "a10ca0dbc2bcf3383fa42dcfeca055f7b5fe1106",
      "tree": "26f0801fa023eda3343cb648f996dcd55fdc4c0c",
      "parents": [
        "6c7738f3aca22188f304ec78f853a4b82ba9a679"
      ],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Thu Jan 29 10:51:32 2015 -0800"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Tue Apr 14 17:33:57 2015 +0800"
      },
      "message": "vm: add VM_FAULT_SIGSEGV handling support\n\ncommit 33692f27597fcab536d7cbbcc8f52905133e4aa7 upstream.\n\nThe core VM already knows about VM_FAULT_SIGBUS, but cannot return a\n\"you should SIGSEGV\" error, because the SIGSEGV case was generally\nhandled by the caller - usually the architecture fault handler.\n\nThat results in lots of duplication - all the architecture fault\nhandlers end up doing very similar \"look up vma, check permissions, do\nretries etc\" - but it generally works.  However, there are cases where\nthe VM actually wants to SIGSEGV, and applications _expect_ SIGSEGV.\n\nIn particular, when accessing the stack guard page, libsigsegv expects a\nSIGSEGV.  And it usually got one, because the stack growth is handled by\nthat duplicated architecture fault handler.\n\nHowever, when the generic VM layer started propagating the error return\nfrom the stack expansion in commit fee7e49d4514 (\"mm: propagate error\nfrom stack expansion even for guard page\"), that now exposed the\nexisting VM_FAULT_SIGBUS result to user space.  And user space really\nexpected SIGSEGV, not SIGBUS.\n\nTo fix that case, we need to add a VM_FAULT_SIGSEGV, and teach all those\nduplicate architecture fault handlers about it.  They all already have\nthe code to handle SIGSEGV, so it\u0027s about just tying that new return\nvalue to the existing code, but it\u0027s all a bit annoying.\n\nThis is the mindless minimal patch to do this.  A more extensive patch\nwould be to try to gather up the mostly shared fault handling logic into\none generic helper routine, and long-term we really should do that\ncleanup.\n\nJust from this patch, you can generally see that most architectures just\ncopied (directly or indirectly) the old x86 way of doing things, but in\nthe meantime that original x86 model has been improved to hold the VM\nsemaphore for shorter times etc and to handle VM_FAULT_RETRY and other\n\"newer\" things, so it would be a good idea to bring all those\nimprovements to the generic case and teach other architectures about\nthem too.\n\nReported-and-tested-by: Takashi Iwai \u003ctiwai@suse.de\u003e\nTested-by: Jan Engelhardt \u003cjengelh@inai.de\u003e\nAcked-by: Heiko Carstens \u003cheiko.carstens@de.ibm.com\u003e # \"s390 still compiles and boots\"\nCc: linux-arch@vger.kernel.org\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n[bwh: Backported to 3.2:\n - Adjust filenames, context\n - Drop arc, metag, nios2 and lustre changes\n - For sh, patch both 32-bit and 64-bit implementations to use goto bad_area\n - For s390, pass int_code and trans_exc_code as arguments to do_no_context()\n   and do_sigsegv()]\nSigned-off-by: Ben Hutchings \u003cben@decadent.org.uk\u003e\n[lizf: Backported to 3.4:\n - adjust context in arch/power/mm/fault.c\n - apply the original change in upstream commit for s390]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "7583c9fa5344a6cc217be4f6ded892648ff0e3f5",
      "tree": "9cac39e673ced34ed4b02a11c679793a3213e966",
      "parents": [
        "d6d1536d901f5805565af5dd38d2d0ae766ee875"
      ],
      "author": {
        "name": "James P Michels III",
        "email": "james.p.michels@gmail.com",
        "time": "Sun Jul 27 13:28:04 2014 -0400"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Tue Apr 14 17:33:56 2015 +0800"
      },
      "message": "usb-core bInterval quirk\n\ncommit cd83ce9e6195aa3ea15ab4db92892802c20df5d0 upstream.\n\nThis patch adds a usb quirk to support devices with interupt endpoints\nand bInterval values expressed as microframes. The quirk causes the\nparse endpoint function to modify the reported bInterval to a standards\nconforming value.\n\nThere is currently code in the endpoint parser that checks for\nbIntervals that are outside of the valid range (1-16 for USB 2+ high\nspeed and super speed interupt endpoints). In this case, the code assumes\nthe bInterval is being reported in 1ms frames. As well, the correction\nis only applied if the original bInterval value is out of the 1-16 range.\n\nWith this quirk applied to the device, the bInterval will be\naccurately adjusted from microframes to an exponent.\n\nSigned-off-by: James P Michels III \u003cjames.p.michels@gmail.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "ef978a9da7dcda0f159a9ddf9136be389333cf17",
      "tree": "997e5388a1bdf1e2866b4eb6a43f61a12e5ce6ef",
      "parents": [
        "89f1d011748d70b830f452bba6e7e83666123e90"
      ],
      "author": {
        "name": "Alan Stern",
        "email": "stern@rowland.harvard.edu",
        "time": "Mon Jun 30 11:04:21 2014 -0400"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Tue Apr 14 17:33:56 2015 +0800"
      },
      "message": "usb-storage/SCSI: Add broken_fua blacklist flag\n\ncommit b14bf2d0c0358140041d1c1805a674376964d0e0 upstream.\n\nSome buggy JMicron USB-ATA bridges don\u0027t know how to translate the FUA\nbit in READs or WRITEs.  This patch adds an entry in unusual_devs.h\nand a blacklist flag to tell the sd driver not to use FUA.\n\nSigned-off-by: Alan Stern \u003cstern@rowland.harvard.edu\u003e\nReported-by: Michael Büsch \u003cm@bues.ch\u003e\nTested-by: Michael Büsch \u003cm@bues.ch\u003e\nAcked-by: James Bottomley \u003cJames.Bottomley@HansenPartnership.com\u003e\nCC: Matthew Dharm \u003cmdharm-usb@one-eyed-alien.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "1e9ecb92905ef940531b8aa70395f532742e7099",
      "tree": "2c426d5650bbe6b9d9a4752a7f06dbdd39c7b71d",
      "parents": [
        "a6887b405068526f98c1a1f6c0368f32308712d0"
      ],
      "author": {
        "name": "Dan Williams",
        "email": "dan.j.williams@intel.com",
        "time": "Fri Jan 16 15:13:02 2015 -0800"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Tue Apr 14 17:33:54 2015 +0800"
      },
      "message": "libata: allow sata_sil24 to opt-out of tag ordered submission\n\ncommit 72dd299d5039a336493993dcc63413cf31d0e662 upstream.\n\nRonny reports: https://bugzilla.kernel.org/show_bug.cgi?id\u003d87101\n    \"Since commit 8a4aeec8d \"libata/ahci: accommodate tag ordered\n    controllers\" the access to the harddisk on the first SATA-port is\n    failing on its first access. The access to the harddisk on the\n    second port is working normal.\n\n    When reverting the above commit, access to both harddisks is working\n    fine again.\"\n\nMaintain tag ordered submission as the default, but allow sata_sil24 to\ncontinue with the old behavior.\n\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nReported-by: Ronny Hegewald \u003cRonny.Hegewald@online.de\u003e\nSigned-off-by: Dan Williams \u003cdan.j.williams@intel.com\u003e\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "4ef74f7a57f95fa31db9d415c5dee165e7c4875c",
      "tree": "5dbfd93b032ce6b3127f002eb293275468e1dc09",
      "parents": [
        "aa12b754cfbd5b5c900d43a6a215b096d8afc0ee"
      ],
      "author": {
        "name": "Guenter Roeck",
        "email": "linux@roeck-us.net",
        "time": "Sun Jul 14 16:05:57 2013 -0700"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Tue Apr 14 17:33:53 2015 +0800"
      },
      "message": "driver core: Introduce device_create_groups\n\ncommit 39ef311204941ddd01ea2950d6220c8ccc710d15 upstream.\n\ndevice_create_groups lets callers create devices as well as associated\nsysfs attributes with a single call. This avoids race conditions seen\nif sysfs attributes on new devices are created later.\n\n[fixed up comment block placement and add checks for printk buffer\nformats - gregkh]\n\nSigned-off-by: Guenter Roeck \u003clinux@roeck-us.net\u003e\nCc: Jean Delvare \u003ckhali@linux-fr.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n[lizf: Backported to 3.4: adjust context]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "aa12b754cfbd5b5c900d43a6a215b096d8afc0ee",
      "tree": "8fae2734605e868e1f0a016496dbf02156aa520b",
      "parents": [
        "5b724689fa7063c323b0dd74e78c51617349cd5f"
      ],
      "author": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sun Jul 14 16:05:52 2013 -0700"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Tue Apr 14 17:33:53 2015 +0800"
      },
      "message": "sysfs.h: add ATTRIBUTE_GROUPS() macro\n\ncommit f2f37f58b1b933b06d6d84e80a31a1b500fb0db2 upstream.\n\nTo make it easier for driver subsystems to work with attribute groups,\ncreate the ATTRIBUTE_GROUPS macro to remove some of the repetitive\ntyping for the most common use for attribute groups.\n\nReviewed-by: Guenter Roeck \u003clinux@roeck-us.net\u003e\nTested-by: Guenter Roeck \u003clinux@roeck-us.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "7f1be7c6e55b686ee22b97db779eb7ed01a2f3af",
      "tree": "9a9756e65264a0f6f830481a5cbdcf8e214cc459",
      "parents": [
        "0b4f2ae74a52418cd880d9249e65fc935f02e89a"
      ],
      "author": {
        "name": "Johannes Weiner",
        "email": "hannes@cmpxchg.org",
        "time": "Thu Jan 08 14:32:18 2015 -0800"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Tue Apr 14 17:33:51 2015 +0800"
      },
      "message": "mm: protect set_page_dirty() from ongoing truncation\n\ncommit 2d6d7f98284648c5ed113fe22a132148950b140f upstream.\n\nTejun, while reviewing the code, spotted the following race condition\nbetween the dirtying and truncation of a page:\n\n__set_page_dirty_nobuffers()       __delete_from_page_cache()\n  if (TestSetPageDirty(page))\n                                     page-\u003emapping \u003d NULL\n\t\t\t\t     if (PageDirty())\n\t\t\t\t       dec_zone_page_state(page, NR_FILE_DIRTY);\n\t\t\t\t       dec_bdi_stat(mapping-\u003ebacking_dev_info, BDI_RECLAIMABLE);\n    if (page-\u003emapping)\n      account_page_dirtied(page)\n        __inc_zone_page_state(page, NR_FILE_DIRTY);\n\t__inc_bdi_stat(mapping-\u003ebacking_dev_info, BDI_RECLAIMABLE);\n\nwhich results in an imbalance of NR_FILE_DIRTY and BDI_RECLAIMABLE.\n\nDirtiers usually lock out truncation, either by holding the page lock\ndirectly, or in case of zap_pte_range(), by pinning the mapcount with\nthe page table lock held.  The notable exception to this rule, though,\nis do_wp_page(), for which this race exists.  However, do_wp_page()\nalready waits for a locked page to unlock before setting the dirty bit,\nin order to prevent a race where clear_page_dirty() misses the page bit\nin the presence of dirty ptes.  Upgrade that wait to a fully locked\nset_page_dirty() to also cover the situation explained above.\n\nAfterwards, the code in set_page_dirty() dealing with a truncation race\nis no longer needed.  Remove it.\n\nReported-by: Tejun Heo \u003ctj@kernel.org\u003e\nSigned-off-by: Johannes Weiner \u003channes@cmpxchg.org\u003e\nAcked-by: Kirill A. Shutemov \u003ckirill.shutemov@linux.intel.com\u003e\nReviewed-by: Jan Kara \u003cjack@suse.cz\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n[lizf: Backported to 3.4:\n - adjust context\n - use VM_BUG_ON() instead of VM_BUG_ON_PAGE()]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "0b4f2ae74a52418cd880d9249e65fc935f02e89a",
      "tree": "8d6dad4b1ebffe29c82b07b7b01057a8ba0c3646",
      "parents": [
        "b26c83df4ea0b42d394db241c4f775be025171ba"
      ],
      "author": {
        "name": "Konstantin Khlebnikov",
        "email": "koct9i@gmail.com",
        "time": "Thu Jan 08 14:32:15 2015 -0800"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Tue Apr 14 17:33:51 2015 +0800"
      },
      "message": "mm: prevent endless growth of anon_vma hierarchy\n\ncommit 7a3ef208e662f4b63d43a23f61a64a129c525bbc upstream.\n\nConstantly forking task causes unlimited grow of anon_vma chain.  Each\nnext child allocates new level of anon_vmas and links vma to all\nprevious levels because pages might be inherited from any level.\n\nThis patch adds heuristic which decides to reuse existing anon_vma\ninstead of forking new one.  It adds counter anon_vma-\u003edegree which\ncounts linked vmas and directly descending anon_vmas and reuses anon_vma\nif counter is lower than two.  As a result each anon_vma has either vma\nor at least two descending anon_vmas.  In such trees half of nodes are\nleafs with alive vmas, thus count of anon_vmas is no more than two times\nbigger than count of vmas.\n\nThis heuristic reuses anon_vmas as few as possible because each reuse\nadds false aliasing among vmas and rmap walker ought to scan more ptes\nwhen it searches where page is might be mapped.\n\nLink: http://lkml.kernel.org/r/20120816024610.GA5350@evergreen.ssec.wisc.edu\nFixes: 5beb49305251 (\"mm: change anon_vma linking to fix multi-process server scalability issue\")\n[akpm@linux-foundation.org: fix typo, per Rik]\nSigned-off-by: Konstantin Khlebnikov \u003ckoct9i@gmail.com\u003e\nReported-by: Daniel Forrest \u003cdan.forrest@ssec.wisc.edu\u003e\nTested-by: Michal Hocko \u003cmhocko@suse.cz\u003e\nTested-by: Jerome Marchand \u003cjmarchan@redhat.com\u003e\nReviewed-by: Michal Hocko \u003cmhocko@suse.cz\u003e\nReviewed-by: Rik van Riel \u003criel@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n[lizf: Backported to 3.4: adjust context]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    }
  ],
  "next": "370375c0a447eefedc19e872e5137eeff47162f2"
}
